From fa18d60b9810eddd4a654bb7ee2d1f2e2086dce1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 Jul 2006 00:39:15 +0000
Subject: [PATCH 001/301] Initial 1.0.0

git-svn-id: svn://svn.code.sf.net/p/axtls/code/axTLS@2 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                                      |  135 +
 README                                        |  156 +
 bindings/Config.in                            |   90 +
 bindings/Makefile                             |   63 +
 bindings/README                               |   43 +
 bindings/csharp/Makefile                      |   23 +
 bindings/csharp/axTLS.cs                      |  466 +++
 bindings/generate_SWIG_interface.pl           |  327 ++
 bindings/generate_interface.pl                |  302 ++
 bindings/java/Makefile                        |   93 +
 bindings/java/SSL.java                        |  125 +
 bindings/java/SSLCTX.java                     |  217 +
 bindings/java/SSLClient.java                  |   66 +
 bindings/java/SSLReadHolder.java              |   49 +
 bindings/java/SSLServer.java                  |   60 +
 bindings/java/SSLUtil.java                    |   96 +
 bindings/perl/Makefile                        |   81 +
 bindings/vbnet/Makefile                       |   23 +
 bindings/vbnet/axTLSvb.vb                     |  175 +
 config/.config                                |  107 +
 config/.config.old                            |  107 +
 config/.config.tmp                            |   11 +
 config/Config.in                              |  112 +
 config/Rules.mak                              |  220 +
 config/awhttpd.aip                            |  133 +
 config/awhttpd.back.aip                       |  128 +
 config/awhttpd.msi                            |  Bin 0 -> 681472 bytes
 config/axtls.RES                              |  Bin 0 -> 22748 bytes
 config/axtls.rc                               |   32 +
 config/config.h                               |  108 +
 config/makefile.conf                          |  113 +
 config/makefile.dotnet.conf                   |   53 +
 config/makefile.java.conf                     |   56 +
 config/makefile.post                          |   19 +
 config/scripts/config/Kconfig-language.txt    |  255 ++
 config/scripts/config/Makefile                |  121 +
 config/scripts/config/a.exe                   |  Bin 0 -> 8185 bytes
 config/scripts/config/conf.c                  |  583 +++
 config/scripts/config/conf.exe                |  Bin 0 -> 91179 bytes
 config/scripts/config/confdata.c              |  458 ++
 config/scripts/config/expr.c                  | 1099 +++++
 config/scripts/config/expr.h                  |  195 +
 config/scripts/config/lex.zconf.c             | 3688 ++++++++++++++++
 config/scripts/config/lex.zconf.c_shipped     | 3688 ++++++++++++++++
 config/scripts/config/lkc.h                   |  123 +
 config/scripts/config/lkc_defs.h              |   40 +
 config/scripts/config/lkc_proto.h             |   40 +
 .../scripts/config/lxdialog/BIG.FAT.WARNING   |    4 +
 config/scripts/config/lxdialog/checklist.c    |  372 ++
 config/scripts/config/lxdialog/colors.h       |  161 +
 config/scripts/config/lxdialog/dialog.h       |  199 +
 config/scripts/config/lxdialog/inputbox.c     |  240 ++
 config/scripts/config/lxdialog/menubox.c      |  438 ++
 config/scripts/config/lxdialog/msgbox.c       |   85 +
 config/scripts/config/lxdialog/textbox.c      |  556 +++
 config/scripts/config/lxdialog/util.c         |  375 ++
 config/scripts/config/lxdialog/yesno.c        |  118 +
 config/scripts/config/mconf.c                 |  977 +++++
 config/scripts/config/mconf.exe               |  Bin 0 -> 138973 bytes
 config/scripts/config/menu.c                  |  390 ++
 config/scripts/config/mkconfigs               |   67 +
 config/scripts/config/symbol.c                |  809 ++++
 config/scripts/config/util.c                  |  109 +
 config/scripts/config/zconf.l                 |  366 ++
 config/scripts/config/zconf.tab.c             | 2130 ++++++++++
 config/scripts/config/zconf.tab.c_shipped     | 2130 ++++++++++
 config/scripts/config/zconf.tab.h             |  125 +
 config/scripts/config/zconf.tab.h_shipped     |  125 +
 config/scripts/config/zconf.y                 |  690 +++
 config/win32config                            |  115 +
 docsrc/Makefile                               |   27 +
 docsrc/axTLS.dox                              | 1237 ++++++
 docsrc/doco_footer.html                       |    3 +
 docsrc/images/axolotl.jpg                     |  Bin 0 -> 3041 bytes
 docsrc/images/tsbasbw.gif                     |  Bin 0 -> 2481 bytes
 httpd/Config.in                               |  141 +
 httpd/Makefile                                |  111 +
 httpd/awhttpd-3.0.7.tar                       |  Bin 0 -> 194560 bytes
 httpd/awhttpd.patch                           | 1768 ++++++++
 samples/Config.in                             |   56 +
 samples/Makefile                              |   46 +
 samples/c/Makefile                            |   67 +
 samples/c/axssl.c                             |  862 ++++
 samples/csharp/Makefile                       |   36 +
 samples/csharp/axssl.cs                       |  744 ++++
 samples/java/Makefile                         |   39 +
 samples/java/axssl.java                       |  760 ++++
 samples/java/manifest.mf                      |    1 +
 samples/perl/Makefile                         |   31 +
 samples/perl/axssl.pl                         |  633 +++
 samples/vbnet/Makefile                        |   36 +
 samples/vbnet/axssl.vb                        |  682 +++
 ssl/BigIntConfig.in                           |  132 +
 ssl/Config.in                                 |  250 ++
 ssl/Makefile                                  |   86 +
 ssl/aes.c                                     |  477 +++
 ssl/asn1.c                                    |  868 ++++
 ssl/bigint.c                                  | 1508 +++++++
 ssl/bigint.h                                  |   97 +
 ssl/bigint_impl.h                             |  106 +
 ssl/cert.h                                    |   37 +
 ssl/crypto.h                                  |  292 ++
 ssl/crypto_misc.c                             |  307 ++
 ssl/hmac.c                                    |   90 +
 ssl/loader.c                                  |  450 ++
 ssl/md5.c                                     |  288 ++
 ssl/os_port.c                                 |   61 +
 ssl/os_port.h                                 |  145 +
 ssl/p12.c                                     |  431 ++
 ssl/private_key.h                             |   30 +
 ssl/rc4.c                                     |   83 +
 ssl/rsa.c                                     |  337 ++
 ssl/sha1.c                                    |  244 ++
 ssl/ssl.h                                     |  416 ++
 ssl/test/Makefile                             |   65 +
 ssl/test/axTLS.ca_key.pem                     |   15 +
 ssl/test/axTLS.ca_x509.cer                    |  Bin 0 -> 483 bytes
 ssl/test/axTLS.ca_x509.pem                    |   13 +
 ssl/test/axTLS.device_key                     |  Bin 0 -> 609 bytes
 ssl/test/axTLS.device_key.pem                 |   15 +
 ssl/test/axTLS.encrypted.p8                   |  Bin 0 -> 385 bytes
 ssl/test/axTLS.encrypted_pem.p8               |   11 +
 ssl/test/axTLS.key_1024                       |  Bin 0 -> 609 bytes
 ssl/test/axTLS.key_1024.pem                   |   15 +
 ssl/test/axTLS.key_2048                       |  Bin 0 -> 1191 bytes
 ssl/test/axTLS.key_2048.pem                   |   27 +
 ssl/test/axTLS.key_4096                       |  Bin 0 -> 2349 bytes
 ssl/test/axTLS.key_4096.pem                   |   51 +
 ssl/test/axTLS.key_512                        |  Bin 0 -> 321 bytes
 ssl/test/axTLS.key_512.pem                    |    9 +
 ssl/test/axTLS.key_aes128.pem                 |   12 +
 ssl/test/axTLS.key_aes256.pem                 |   12 +
 ssl/test/axTLS.noname.p12                     |  Bin 0 -> 1483 bytes
 ssl/test/axTLS.unencrypted.p8                 |  Bin 0 -> 347 bytes
 ssl/test/axTLS.unencrypted_pem.p8             |   10 +
 ssl/test/axTLS.withCA.p12                     |  Bin 0 -> 2089 bytes
 ssl/test/axTLS.withoutCA.p12                  |  Bin 0 -> 1573 bytes
 ssl/test/axTLS.withoutCA.ya                   |  Bin 0 -> 1576 bytes
 ssl/test/axTLS.x509_1024.cer                  |  Bin 0 -> 475 bytes
 ssl/test/axTLS.x509_1024.pem                  |   12 +
 ssl/test/axTLS.x509_2048.cer                  |  Bin 0 -> 607 bytes
 ssl/test/axTLS.x509_2048.pem                  |   15 +
 ssl/test/axTLS.x509_4096.cer                  |  Bin 0 -> 863 bytes
 ssl/test/axTLS.x509_4096.pem                  |   20 +
 ssl/test/axTLS.x509_512.cer                   |  Bin 0 -> 406 bytes
 ssl/test/axTLS.x509_512.pem                   |   11 +
 ssl/test/axTLS.x509_aes128.pem                |   11 +
 ssl/test/axTLS.x509_aes256.pem                |   11 +
 ssl/test/axTLS.x509_bad_after.pem             |   11 +
 ssl/test/axTLS.x509_bad_before.pem            |   11 +
 ssl/test/axTLS.x509_device.cer                |  Bin 0 -> 401 bytes
 ssl/test/axTLS.x509_device.pem                |   24 +
 ssl/test/deutsche_telecom.x509_ca             |  Bin 0 -> 670 bytes
 ssl/test/equifax.x509_ca                      |  Bin 0 -> 646 bytes
 ssl/test/killopenssl.sh                       |    2 +
 ssl/test/make_certs.sh                        |  162 +
 ssl/test/microsoft.x509_ca                    |  Bin 0 -> 1046 bytes
 ssl/test/microsoft.x509_ca.pem                |   24 +
 ssl/test/perf_bigint.c                        |  218 +
 ssl/test/ssltest.c                            | 1714 ++++++++
 ssl/test/test_axssl.sh                        |  117 +
 ssl/test/thawte.x509_ca                       |  Bin 0 -> 811 bytes
 ssl/test/verisign.x509_ca                     |  Bin 0 -> 668 bytes
 ssl/test/verisign.x509_ca.pem                 |   16 +
 ssl/test/verisign.x509_my_cert                |  Bin 0 -> 1095 bytes
 ssl/test/verisign.x509_my_cert.pem            |   25 +
 ssl/tls1.c                                    | 2041 +++++++++
 ssl/tls1.h                                    |  249 ++
 ssl/tls1_clnt.c                               |  330 ++
 ssl/tls1_svr.c                                |  435 ++
 www/crypto_files/crypto_2600des.gif           |  Bin 0 -> 15768 bytes
 www/crypto_files/crypto_3ways.gif             |  Bin 0 -> 17993 bytes
 www/crypto_files/crypto_backrsa.jpg           |  Bin 0 -> 6750 bytes
 www/crypto_files/crypto_cert.gif              |  Bin 0 -> 17873 bytes
 www/crypto_files/crypto_des.gif               |  Bin 0 -> 7085 bytes
 www/crypto_files/crypto_ecc.gif               |  Bin 0 -> 4700 bytes
 www/crypto_files/crypto_sslv3.gif             |  Bin 0 -> 30156 bytes
 www/crypto_files/crypto_types.gif             |  Bin 0 -> 11401 bytes
 www/crypto_files/kerberos.gif                 |  Bin 0 -> 20772 bytes
 www/favicon.ico                               |  Bin 0 -> 22486 bytes
 www/index.html                                | 3718 +++++++++++++++++
 www/test_dir/some_text.txt                    |    1 +
 www/test_dir/test_cgi.php                     |    6 +
 183 files changed, 48114 insertions(+)
 create mode 100644 Makefile
 create mode 100644 README
 create mode 100644 bindings/Config.in
 create mode 100644 bindings/Makefile
 create mode 100644 bindings/README
 create mode 100644 bindings/csharp/Makefile
 create mode 100644 bindings/csharp/axTLS.cs
 create mode 100755 bindings/generate_SWIG_interface.pl
 create mode 100755 bindings/generate_interface.pl
 create mode 100644 bindings/java/Makefile
 create mode 100644 bindings/java/SSL.java
 create mode 100644 bindings/java/SSLCTX.java
 create mode 100644 bindings/java/SSLClient.java
 create mode 100644 bindings/java/SSLReadHolder.java
 create mode 100644 bindings/java/SSLServer.java
 create mode 100644 bindings/java/SSLUtil.java
 create mode 100644 bindings/perl/Makefile
 create mode 100644 bindings/vbnet/Makefile
 create mode 100644 bindings/vbnet/axTLSvb.vb
 create mode 100644 config/.config
 create mode 100644 config/.config.old
 create mode 100644 config/.config.tmp
 create mode 100644 config/Config.in
 create mode 100644 config/Rules.mak
 create mode 100755 config/awhttpd.aip
 create mode 100644 config/awhttpd.back.aip
 create mode 100755 config/awhttpd.msi
 create mode 100644 config/axtls.RES
 create mode 100644 config/axtls.rc
 create mode 100644 config/config.h
 create mode 100644 config/makefile.conf
 create mode 100644 config/makefile.dotnet.conf
 create mode 100644 config/makefile.java.conf
 create mode 100644 config/makefile.post
 create mode 100644 config/scripts/config/Kconfig-language.txt
 create mode 100644 config/scripts/config/Makefile
 create mode 100755 config/scripts/config/a.exe
 create mode 100644 config/scripts/config/conf.c
 create mode 100755 config/scripts/config/conf.exe
 create mode 100644 config/scripts/config/confdata.c
 create mode 100644 config/scripts/config/expr.c
 create mode 100644 config/scripts/config/expr.h
 create mode 100644 config/scripts/config/lex.zconf.c
 create mode 100644 config/scripts/config/lex.zconf.c_shipped
 create mode 100644 config/scripts/config/lkc.h
 create mode 100644 config/scripts/config/lkc_defs.h
 create mode 100644 config/scripts/config/lkc_proto.h
 create mode 100644 config/scripts/config/lxdialog/BIG.FAT.WARNING
 create mode 100644 config/scripts/config/lxdialog/checklist.c
 create mode 100644 config/scripts/config/lxdialog/colors.h
 create mode 100644 config/scripts/config/lxdialog/dialog.h
 create mode 100644 config/scripts/config/lxdialog/inputbox.c
 create mode 100644 config/scripts/config/lxdialog/menubox.c
 create mode 100644 config/scripts/config/lxdialog/msgbox.c
 create mode 100644 config/scripts/config/lxdialog/textbox.c
 create mode 100644 config/scripts/config/lxdialog/util.c
 create mode 100644 config/scripts/config/lxdialog/yesno.c
 create mode 100644 config/scripts/config/mconf.c
 create mode 100755 config/scripts/config/mconf.exe
 create mode 100644 config/scripts/config/menu.c
 create mode 100755 config/scripts/config/mkconfigs
 create mode 100644 config/scripts/config/symbol.c
 create mode 100644 config/scripts/config/util.c
 create mode 100644 config/scripts/config/zconf.l
 create mode 100644 config/scripts/config/zconf.tab.c
 create mode 100644 config/scripts/config/zconf.tab.c_shipped
 create mode 100644 config/scripts/config/zconf.tab.h
 create mode 100644 config/scripts/config/zconf.tab.h_shipped
 create mode 100644 config/scripts/config/zconf.y
 create mode 100644 config/win32config
 create mode 100644 docsrc/Makefile
 create mode 100644 docsrc/axTLS.dox
 create mode 100644 docsrc/doco_footer.html
 create mode 100644 docsrc/images/axolotl.jpg
 create mode 100644 docsrc/images/tsbasbw.gif
 create mode 100644 httpd/Config.in
 create mode 100644 httpd/Makefile
 create mode 100644 httpd/awhttpd-3.0.7.tar
 create mode 100644 httpd/awhttpd.patch
 create mode 100644 samples/Config.in
 create mode 100644 samples/Makefile
 create mode 100644 samples/c/Makefile
 create mode 100644 samples/c/axssl.c
 create mode 100644 samples/csharp/Makefile
 create mode 100644 samples/csharp/axssl.cs
 create mode 100644 samples/java/Makefile
 create mode 100644 samples/java/axssl.java
 create mode 100644 samples/java/manifest.mf
 create mode 100644 samples/perl/Makefile
 create mode 100755 samples/perl/axssl.pl
 create mode 100644 samples/vbnet/Makefile
 create mode 100644 samples/vbnet/axssl.vb
 create mode 100644 ssl/BigIntConfig.in
 create mode 100644 ssl/Config.in
 create mode 100644 ssl/Makefile
 create mode 100644 ssl/aes.c
 create mode 100644 ssl/asn1.c
 create mode 100644 ssl/bigint.c
 create mode 100644 ssl/bigint.h
 create mode 100644 ssl/bigint_impl.h
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/crypto.h
 create mode 100644 ssl/crypto_misc.c
 create mode 100644 ssl/hmac.c
 create mode 100644 ssl/loader.c
 create mode 100644 ssl/md5.c
 create mode 100644 ssl/os_port.c
 create mode 100644 ssl/os_port.h
 create mode 100644 ssl/p12.c
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/rc4.c
 create mode 100644 ssl/rsa.c
 create mode 100644 ssl/sha1.c
 create mode 100644 ssl/ssl.h
 create mode 100644 ssl/test/Makefile
 create mode 100644 ssl/test/axTLS.ca_key.pem
 create mode 100644 ssl/test/axTLS.ca_x509.cer
 create mode 100644 ssl/test/axTLS.ca_x509.pem
 create mode 100644 ssl/test/axTLS.device_key
 create mode 100644 ssl/test/axTLS.device_key.pem
 create mode 100644 ssl/test/axTLS.encrypted.p8
 create mode 100644 ssl/test/axTLS.encrypted_pem.p8
 create mode 100644 ssl/test/axTLS.key_1024
 create mode 100644 ssl/test/axTLS.key_1024.pem
 create mode 100644 ssl/test/axTLS.key_2048
 create mode 100644 ssl/test/axTLS.key_2048.pem
 create mode 100644 ssl/test/axTLS.key_4096
 create mode 100644 ssl/test/axTLS.key_4096.pem
 create mode 100644 ssl/test/axTLS.key_512
 create mode 100644 ssl/test/axTLS.key_512.pem
 create mode 100644 ssl/test/axTLS.key_aes128.pem
 create mode 100644 ssl/test/axTLS.key_aes256.pem
 create mode 100644 ssl/test/axTLS.noname.p12
 create mode 100644 ssl/test/axTLS.unencrypted.p8
 create mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 create mode 100644 ssl/test/axTLS.withCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.ya
 create mode 100644 ssl/test/axTLS.x509_1024.cer
 create mode 100644 ssl/test/axTLS.x509_1024.pem
 create mode 100644 ssl/test/axTLS.x509_2048.cer
 create mode 100644 ssl/test/axTLS.x509_2048.pem
 create mode 100644 ssl/test/axTLS.x509_4096.cer
 create mode 100644 ssl/test/axTLS.x509_4096.pem
 create mode 100644 ssl/test/axTLS.x509_512.cer
 create mode 100644 ssl/test/axTLS.x509_512.pem
 create mode 100644 ssl/test/axTLS.x509_aes128.pem
 create mode 100644 ssl/test/axTLS.x509_aes256.pem
 create mode 100644 ssl/test/axTLS.x509_bad_after.pem
 create mode 100644 ssl/test/axTLS.x509_bad_before.pem
 create mode 100644 ssl/test/axTLS.x509_device.cer
 create mode 100644 ssl/test/axTLS.x509_device.pem
 create mode 100644 ssl/test/deutsche_telecom.x509_ca
 create mode 100644 ssl/test/equifax.x509_ca
 create mode 100755 ssl/test/killopenssl.sh
 create mode 100755 ssl/test/make_certs.sh
 create mode 100644 ssl/test/microsoft.x509_ca
 create mode 100644 ssl/test/microsoft.x509_ca.pem
 create mode 100644 ssl/test/perf_bigint.c
 create mode 100644 ssl/test/ssltest.c
 create mode 100755 ssl/test/test_axssl.sh
 create mode 100644 ssl/test/thawte.x509_ca
 create mode 100644 ssl/test/verisign.x509_ca
 create mode 100644 ssl/test/verisign.x509_ca.pem
 create mode 100644 ssl/test/verisign.x509_my_cert
 create mode 100644 ssl/test/verisign.x509_my_cert.pem
 create mode 100644 ssl/tls1.c
 create mode 100644 ssl/tls1.h
 create mode 100644 ssl/tls1_clnt.c
 create mode 100644 ssl/tls1_svr.c
 create mode 100644 www/crypto_files/crypto_2600des.gif
 create mode 100644 www/crypto_files/crypto_3ways.gif
 create mode 100644 www/crypto_files/crypto_backrsa.jpg
 create mode 100644 www/crypto_files/crypto_cert.gif
 create mode 100644 www/crypto_files/crypto_des.gif
 create mode 100644 www/crypto_files/crypto_ecc.gif
 create mode 100644 www/crypto_files/crypto_sslv3.gif
 create mode 100644 www/crypto_files/crypto_types.gif
 create mode 100644 www/crypto_files/kerberos.gif
 create mode 100644 www/favicon.ico
 create mode 100644 www/index.html
 create mode 100644 www/test_dir/some_text.txt
 create mode 100755 www/test_dir/test_cgi.php

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..e335b82c85
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,135 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+-include config/.config
+
+ifneq ($(strip $(HAVE_DOT_CONFIG)),y)
+all: menuconfig
+else
+all: target
+endif
+
+target : $(TARGET)
+
+include config/makefile.conf
+
+# VERSION has to come from the command line
+RELEASE=axTLS-$(VERSION)
+
+# standard version
+target:
+	$(MAKE) -C ssl
+ifdef CONFIG_AWHTTPD
+	$(MAKE) -C httpd untar_web_server
+	$(MAKE) -C httpd
+endif
+ifdef CONFIG_BINDINGS
+	$(MAKE) -C bindings
+endif
+ifdef CONFIG_SAMPLES
+	$(MAKE) -C samples
+endif
+
+release:
+	$(MAKE) -C config/scripts/config clean
+	-$(MAKE) clean
+	-@rm config/.* config/config.h
+	-@rm config/*.msi config/*.back.aip
+	cd ../; tar cvfz $(RELEASE).tar.gz axTLS; cd -;
+
+docs:
+	$(MAKE) -C docsrc doco
+
+# build the Win32 demo release version
+win32_demo:
+	-@rm -fr ../axTLS.release_test > /dev/null 2>&1
+	$(MAKE) win32releaseconf
+	cd ../; zip $(RELEASE).zip \
+        ./axTLS/awhttpd.exe \
+        ./axTLS/axssl.exe \
+        ./axTLS/axtls.dll \
+        ./axTLS/axtls.lib \
+        ./axTLS/axtls.static.lib \
+        ./axTLS/axtlsj.dll \
+        ./axTLS/axssl.csharp.exe \
+        ./axTLS/axssl.vbnet.exe \
+        ./axTLS/axtls.jar \
+        ./axTLS/www/* \
+        ./axTLS/www/crypto_files/*; \
+    unzip -d axTLS.release_test $(RELEASE).zip; cd -;
+
+# tidy up things
+clean::
+	@cd ssl; $(MAKE) clean
+	@cd httpd; $(MAKE) clean
+	@cd samples; $(MAKE) clean
+	@cd docsrc; $(MAKE) clean
+	@cd bindings; $(MAKE) clean
+
+# ---------------------------------------------------------------------------
+# mconf stuff
+# ---------------------------------------------------------------------------
+
+CONFIG_CONFIG_IN = config/Config.in
+CONFIG_DEFCONFIG = config/defconfig
+
+config/scripts/config/conf: config/scripts/config/Makefile
+	$(MAKE) -C config/scripts/config conf
+	-@if [ ! -f config/.config ] ; then \
+		cp $(CONFIG_DEFCONFIG) config/.config; \
+	fi
+
+config/scripts/config/mconf: config/scripts/config/Makefile
+	$(MAKE) -C config/scripts/config ncurses conf mconf
+	-@if [ ! -f config/.config ] ; then \
+		cp $(CONFIG_DEFCONFIG) .config; \
+	fi
+
+cleanconf:
+	$(MAKE) -C config/scripts/config clean
+	@rm -f config/.config
+
+menuconfig: config/scripts/config/mconf
+	@./config/scripts/config/mconf $(CONFIG_CONFIG_IN)
+
+config: config/scripts/config/conf
+	@./config/scripts/config/conf $(CONFIG_CONFIG_IN)
+
+oldconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -o $(CONFIG_CONFIG_IN)
+
+default: config/scripts/config/conf
+	@./config/scripts/config/conf -d $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
+
+randconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -r $(CONFIG_CONFIG_IN)
+
+allnoconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -n $(CONFIG_CONFIG_IN)
+
+allyesconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -y $(CONFIG_CONFIG_IN)
+
+# The special win32 release configuration
+win32releaseconf: config/scripts/config/conf
+	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
+
+
+
diff --git a/README b/README
new file mode 100644
index 0000000000..2d6d7b990a
--- /dev/null
+++ b/README
@@ -0,0 +1,156 @@
+########################################################################
+# axTLS Quick-Start Guide
+########################################################################
+
+This is a guide to get a small SSL web-server up and running quickly.
+
+########################################################################
+# Introduction
+########################################################################
+The axTLS project is an SSL client/server library using the TLSv1 protocol. 
+It is designed to be small and fast, and is suited to embedded projects. A web
+server is included (called Anti-Web).
+
+The web server + SSL library is around 50-60kB and is configurable for
+features or size.
+
+########################################################################
+# Compilation
+########################################################################
+
+All platforms require GNU make. This means on Win32 that Cygwin needs to be
+installed with "make" and various developer options selected. 
+
+Configuration now uses a tool called "mconf" which gives a nice way to
+configure options (similar to what is used in BusyBox and the Linux kernel).
+
+You should be able to compile axTLS simply by extracting it, change into
+the extracted directory and typing:
+
+>  make
+
+Select your platform type, save the configuration, exit, and then 
+type "make" again.
+
+If all goes well, you should end up with an executable called "awhttpd" (or
+awhttpd.exe) in this directory.
+
+To play with all the various axTLS options, type:
+
+>  make menuconfig
+
+Save the new configuration and rebuild.
+
+########################################################################
+# Running it
+########################################################################
+
+To run it, type (as superuser):
+
+> awhttpd
+
+And then point your browser at:
+
+https://127.0.0.1
+
+And you should see a html page with a padlock appearing on your browser.
+
+or type:
+
+http://127.0.0.1
+
+to see the same page unencrypted.
+
+See the README in the httpd directory from more configuration information on
+Anti-Web.
+
+Note: libaxtls.so may have to in your shared library path.
+
+########################################################################
+# The axssl utilities
+########################################################################
+
+The axssl suite of tools are the SSL test tools in the various language
+bindings. They are:
+
+axssl           - C sample
+axssl.csharp    - C# sample
+axssl.vbnet     - VB.NET sample
+axtls.jar       - Java sample
+axssl.pl        - Perl sample
+
+All the tools have identical command-line parameters. e.g. to run something
+interesting:
+
+> axssl s_server -verify -CAfile ssl/test/axTLS.ca_x509
+
+and
+
+> axssl s_client -cert ssl/test/axTLS.x509_1024 -key \
+  ssl/test/axTLS.key_1024 -reconnect
+
+C#
+==
+If building under Linux or other non-Win32 platforms, Mono must be installed
+and the executable is run as:
+
+> mono axssl.csharp.exe ...
+
+Java
+====
+The java version is run as:
+
+> java -jar axtls.jar <options>
+
+Perl
+====
+> [perl] ./axssl.pl <options>
+
+If running under Win32, be sure to use the correct version of Perl (i.e.
+ActiveState's version works ok).
+
+########################################################################
+# Known Issues
+########################################################################
+
+* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile
+  the latest version of Perl on an AMD64 box (using FC3).
+
+* Java 1.4 or better is required for the Java interfaces.
+
+* Processes that fork can't use session resumption unless some form of IPC is
+  used.
+
+* Ensure libperl.so and libaxtls.so are in the shared library path when 
+  running with the perl bindings. A way to do this is with:
+
+  export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.
+
+* The default Microsoft .NET SDK is v2.0.50727. Download from:
+  http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.
+
+Win32 issues
+============
+* Be careful about doing .NET executions on network drives - .NET complains 
+  with security exceptions on the binary. TODO: Add a manifest file to prevent
+  this.
+
+* The test harness appears to be broken under VC8.0. Debugging shows a problem
+  the _close() function which is weird.
+
+Solaris issues
+==============
+* mconf doesn't work well - some manual tweaking is required for string values.
+
+* GNU make and GNU patch are required and need to be in $PATH.
+
+* To get swig's library dependencies to work (and for the C library to be
+  found), I needed to type:
+  > export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.
+
+Cygwin issues
+=============
+* The bindings all compile but don't run under cygwin with the exception of
+  Perl. This is due to win32 executables being incompatible with cygwin 
+  libraries.
+
diff --git a/bindings/Config.in b/bindings/Config.in
new file mode 100644
index 0000000000..a268f80787
--- /dev/null
+++ b/bindings/Config.in
@@ -0,0 +1,90 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Language Bindings"
+
+config CONFIG_BINDINGS
+    bool "Create language bindings"
+    default n
+    help
+        axTLS supports language bindings in C#, VB.NET, Java and Perl.
+
+        Select Y here if you want to build the various bindings.
+
+config CONFIG_CSHARP_BINDINGS
+    bool "Create C# bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build C# bindings.
+
+        This requires .NET to be installed on Win32 platforms and mono to be
+        installed on all other platforms.
+
+config CONFIG_VBNET_BINDINGS
+    bool "Create VB.NET bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build VB.NET bindings.
+
+        This requires the .NET to be installed and is only built under Win32
+        platforms.
+
+menu ".Net Framework"
+depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
+config CONFIG_DOT_NET_FRAMEWORK_BASE
+    string "Location of .NET Framework"
+    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+endmenu
+
+config CONFIG_JAVA_BINDINGS
+    bool "Create Java bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Java bindings.
+
+        Current Issues (see README): 
+        * Needs Java 1.4 or better.
+        * If building under Win32 it will use the Win32 JDK.
+
+menu "Java Home"
+depends on CONFIG_JAVA_BINDINGS
+config CONFIG_JAVA_HOME
+    string "Location of JDK"
+    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
+    default "/usr/local/jdk142" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_JAVA_BINDINGS 
+    help
+        The location of Sun's JDK.
+endmenu
+
+config CONFIG_PERL_BINDINGS
+    bool "Create Perl bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Perl bindings.
+
+        Current Issues (see README):
+        * Doesn't work under Win32 ActiveState Perl.
+        * 64 bit versions don't work at present.
+        * libperl.so needs to be in the shared library path.
+
+menu "Perl Home"
+depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
+config CONFIG_PERL_CORE
+    string "Location of Perl CORE"
+    default "c:\\perl\\lib\\CORE"
+    help:
+        I'm testing with:
+        "http://www.activestate.com/Products/ActivePerl" at the moment.
+
+config CONFIG_PERL_LIB
+    string "Name of Perl Library"
+    default "perl58.lib"
+endmenu
+
+endmenu
diff --git a/bindings/Makefile b/bindings/Makefile
new file mode 100644
index 0000000000..47b48befca
--- /dev/null
+++ b/bindings/Makefile
@@ -0,0 +1,63 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../config/.config
+include ../config/makefile.conf
+
+ifdef CONFIG_CSHARP_BINDINGS
+all: csharp/axInterface.cs
+endif
+
+ifdef CONFIG_VBNET_BINDINGS
+all: vbnet/axInterface.vb
+endif
+
+ifdef CONFIG_JAVA_BINDINGS
+all: java/axtlsj.java
+endif
+
+ifdef CONFIG_PERL_BINDINGS
+all: perl/axTLSp_wrap.c
+endif
+
+csharp/axInterface.cs: ../ssl/ssl.h
+	@perl ./generate_interface.pl -csharp
+
+vbnet/axInterface.vb: ../ssl/ssl.h
+	@perl ./generate_interface.pl -vbnet
+
+java/axTLSj.i: ../ssl/ssl.h
+	@perl ./generate_SWIG_interface.pl -java
+
+java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java)
+	@cd java; swig -java -package axTLSj -noextern axTLSj.i; $(MAKE)
+
+perl/axTLSp.i: ../ssl/ssl.h
+	@perl ./generate_SWIG_interface.pl -perl
+
+perl/axTLSp_wrap.c: perl/axTLSp.i
+	@cd perl; swig -perl5 -noextern axTLSp.i; $(MAKE)
+
+clean::
+	$(MAKE) -C csharp clean
+	$(MAKE) -C vbnet clean
+	$(MAKE) -C java clean
+	$(MAKE) -C perl clean
+
diff --git a/bindings/README b/bindings/README
new file mode 100644
index 0000000000..8bc3109c12
--- /dev/null
+++ b/bindings/README
@@ -0,0 +1,43 @@
+===============================================================================
+=                             Language Bindings                               =
+===============================================================================
+
+The tools to generate the various language bindings are done here.
+SWIG 1.3.24 or better is required for creating the Java and Perl bindings.
+
+Perl scripts are used to parse ssl.h and automagically give the appropriate 
+bindings.
+
+At present, the four languages supported are:
+
+* C#
+* VB.NET
+* Java
+* Perl
+
+To generate each binding run the following:
+
+C#:
+> generate_interface.pl -csharp
+
+VB.NET:
+> generate_interface.pl -vbnet
+
+
+Java:
+> generate_SWIG_interface.pl -java
+> cd java; swig -java -package axTLSj -noextern axTLSj.i
+
+Perl:
+> generate_SWIG_interface.pl -perl
+> cd perl; swig -noextern -perl axTLSp.i
+
+Java and Perl both create a library each called libaxtlsj.so and libaxtlsp.so 
+(or axtlsj.dll and atlsp.dll on Win32 platforms).
+
+Note: the "-noextern" is deprecated in swig 1.3.27 and newer. The "-noextern"
+option was required to get Win32 bindings to work (which is why is has probably
+been deprecated).
+
+Each binding (except for Perl) has an extra helper interface to make life 
+easier.
diff --git a/bindings/csharp/Makefile b/bindings/csharp/Makefile
new file mode 100644
index 0000000000..d7fbdb619f
--- /dev/null
+++ b/bindings/csharp/Makefile
@@ -0,0 +1,23 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+clean::
+	@rm -f axssl* axInterface.cs
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
new file mode 100644
index 0000000000..4622dc5535
--- /dev/null
+++ b/bindings/csharp/axTLS.cs
@@ -0,0 +1,466 @@
+/*
+ *  Copyright(C) 2006 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * A wrapper around the unmanaged interface to give a semi-decent C# API
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Net.Sockets;
+
+/**
+ * @defgroup csharp_api C# API.
+ *
+ * Ensure that the appropriate Dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ * @{
+ */
+namespace axTLS
+{
+    /**
+     * @class SSL
+     * @ingroup csharp_api 
+     * @brief A representation of an SSL connection.
+     */
+    public class SSL
+    {
+        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
+
+        /**
+         * @brief Store the reference to an SSL context.
+         * @param ip [in] A reference to an SSL object.
+         */
+        public SSL(IntPtr ip)
+        {
+            m_ssl = ip;
+        }
+
+        /**
+         * @brief Free any used resources on this connection. 
+         * 
+         * A "Close Notify" message is sent on this connection (if possible). 
+         * It is up to the application to close the socket.
+         */
+        public void Dispose()
+        {
+            axtls.ssl_free(m_ssl);
+        }
+
+        /**
+         * @brief Return the result of a handshake.
+         * @return SSL_OK if the handshake is complete and ok.
+         * @see ssl.h for the error code list.
+         */
+        public int HandshakeStatus()
+        {
+            return axtls.ssl_handshake_status(m_ssl);
+        }
+
+        /**
+         * @brief Return the SSL cipher id.
+         * @return The cipher id which is one of:
+         * - SSL_AES128_SHA (0x2f)
+         * - SSL_AES256_SHA (0x35)
+         * - SSL_RC4_128_SHA (0x05)
+         * - SSL_RC4_128_MD5 (0x04)
+         */
+        public byte GetCipherId()
+        {
+            return axtls.ssl_get_cipher_id(m_ssl);
+        }
+
+        /**
+         * @brief Get the session id for a handshake. 
+         * 
+         * This will be a 32 byte sequence and is availabile after the first
+         * handshaking messages are sent.
+         * @return The session id as a 32 byte sequence.
+         * @note A SSLv23 handshake may have only 16 valid bytes.
+         */
+        public byte[] GetSessionId()
+        {
+            byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
+            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
+            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE);
+            return result;
+        }
+
+        /**
+         * @brief Retrieve an X.509 distinguished name component.
+         * 
+         * When a handshake is complete and a certificate has been exchanged, 
+         * then the details of the remote certificate can be retrieved.
+         *
+         * This will usually be used by a client to check that the server's 
+         * common name matches the URL.
+         *
+         * A full handshake needs to occur for this call to work.
+         *
+         * @param component [in] one of:
+         * - SSL_X509_CERT_COMMON_NAME
+         * - SSL_X509_CERT_ORGANIZATION
+         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+         * - SSL_X509_CA_CERT_COMMON_NAME
+         * - SSL_X509_CA_CERT_ORGANIZATION
+         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+         * @return The appropriate string (or null if not defined)
+         */
+        public string GetCertificateDN(int component)
+        {
+            return axtls.ssl_get_cert_dn(m_ssl, component);
+        }
+    }
+
+    /**
+     * @class SSLUtil
+     * @ingroup csharp_api 
+     * @brief Some global helper functions.
+     */
+    public class SSLUtil
+    {
+
+        /**
+         * @brief Return the build mode of the axTLS project.
+         * @return The build mode is one of:
+         * - SSL_BUILD_SERVER_ONLY
+         * - SSL_BUILD_ENABLE_VERIFICATION
+         * - SSL_BUILD_ENABLE_CLIENT
+         * - SSL_BUILD_FULL_MODE
+         */
+        public static int BuildMode()
+        {
+            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
+        }
+
+        /**
+         * @brief Return the number of chained certificates that the 
+         * client/server supports.
+         * @return The number of supported server certificates.
+         */
+        public static int MaxCerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Return the number of CA certificates that the client/server
+         * supports.
+         * @return The number of supported CA certificates.
+         */
+        public static int MaxCACerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Indicate if PEM is supported.
+         * @return true if PEM supported.
+         */
+        public static bool HasPEM()
+        {
+            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
+        }
+
+        /**
+         * @brief Display the text string of the error.
+         * @param error_code [in] The integer error code.
+         */
+        public static void DisplayError(int error_code)
+        {
+            axtls.ssl_display_error(error_code);
+        }
+    }
+
+    /**
+     * @class SSLCTX
+     * @ingroup csharp_api 
+     * @brief A base object for SSLServer/SSLClient.
+     */
+    public class SSLCTX
+    {
+        /**
+         * @brief A reference to the real client/server context.
+         */
+        protected IntPtr m_ctx;
+
+        /**
+         * @brief Establish a new client/server context.
+         *
+         * This function is called before any client/server SSL connections are 
+         * made.  If multiple threads are used, then each thread will have its 
+         * own SSLCTX context. Any number of connections may be made with a 
+         * single context. 
+         *
+         * Each new connection will use the this context's private key and 
+         * certificate chain. If a different certificate chain is required, 
+         * then a different context needs to be be used.
+         *
+         * @param options [in]  Any particular options. At present the options
+         * supported are:
+         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
+         * the server authentication fails. The certificate can be 
+         * authenticated later with a call to VerifyCert().
+         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
+         * authentication i.e. each handshake will include a "certificate 
+         * request" message from the server.
+         * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The 
+         * user will load the key/certificate explicitly.
+         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
+         * sequences during the handshake.
+         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
+         * changes during the handshake.
+         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
+         * certificates that are passed during a handshake.
+         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
+         * details that are passed during a handshake.
+         * @param num_sessions [in] The number of sessions to be used for 
+         * session caching. If this value is 0, then there is no session 
+         * caching.
+         * @return A client/server context.
+         */
+        protected SSLCTX(uint options, int num_sessions)
+        {
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
+        }
+
+        /**
+         * @brief Remove a client/server context.
+         *
+         * Frees any used resources used by this context. Each connection will 
+         * be sent a "Close Notify" alert (if possible).
+         */
+        public void Dispose()
+        {
+            axtls.ssl_ctx_free(m_ctx);
+        }
+
+        /**
+         * @brief Read the SSL data stream.
+         * @param ssl [in] An SSL object reference.
+         * @param in_data [out] After a successful read, the decrypted data 
+         * will be here. It will be null otherwise.
+         * @return The number of decrypted bytes:
+         * - if > 0, then the handshaking is complete and we are returning the 
+         * number of decrypted bytes. 
+         * - SSL_OK if the handshaking stage is successful (but not yet 
+         * complete).  
+         * - < 0 if an error.
+         * @see ssl.h for the error code list.
+         * @note Use in_data before doing any successive ssl calls.
+         */
+        public int Read(SSL ssl, out byte[] in_data)
+        {
+            IntPtr ptr = IntPtr.Zero;
+            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
+
+            if (ret > axtls.SSL_OK)
+            {
+                in_data = new byte[ret];
+                Marshal.Copy(ptr, in_data, 0, ret);
+            }
+            else
+            {
+                in_data = null;
+            }
+
+            return ret;
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @param out_len [in] The number of bytes to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data, int out_len)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
+        }
+
+        /**
+         * @brief Find an ssl object based on a Socket reference.
+         *
+         * Goes through the list of SSL objects maintained in a client/server 
+         * context to look for a socket match.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return A reference to the SSL object. Returns null if the object 
+         * could not be found.
+         */
+        public SSL Find(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
+        }
+
+        /**
+         * @brief Authenticate a received certificate.
+         * 
+         * This call is usually made by a client after a handshake is complete 
+         * and the context is in SSL_SERVER_VERIFY_LATER mode.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if the certificate is verified.
+         */
+        public int VerifyCert(SSL ssl)
+        {
+            return axtls.ssl_verify_cert(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Force the client to perform its handshake again.
+         *
+         * For a client this involves sending another "client hello" message.
+         * For the server is means sending a "hello request" message.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if renegotiation instantiation was ok
+         */
+        public int Renegotiate(SSL ssl)
+        {
+            return axtls.ssl_renegotiate(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Load a file into memory that is in binary DER or ASCII PEM 
+         * format.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the file. Can be one of:
+         * - SSL_OBJ_X509_CERT (no password required)
+         * - SSL_OBJ_X509_CACERT (no password required)
+         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+         *
+         * PEM files are automatically detected (if supported).
+         * @param filename [in] The location of a file in DER/PEM format.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, string filename, string password)
+        {
+            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
+        }
+
+        /**
+         * @brief Transfer binary data into the object loader.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the memory data.
+         * @param data [in] The binary data to be loaded.
+         * @param len [in] The amount of data to be loaded.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, byte[] data, int len, string password)
+        {
+            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
+                                            data, len, password);
+        }
+    }
+
+    /**
+     * @class SSLServer
+     * @ingroup csharp_api 
+     * @brief The server context.
+     *
+     * All server connections are started within a server context.
+     */
+    public class SSLServer : SSLCTX
+    {
+        /**
+         * @brief Start a new server context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLServer(uint options, int num_sessions) :
+                            base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL client.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return An SSL object reference.
+         */
+        public SSL Connect(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
+        }
+    }
+
+    /**
+     * @class SSLClient
+     * @ingroup csharp_api
+     * @brief The client context.
+     *
+     * All client connections are started within a client context.
+     */
+    public class SSLClient : SSLCTX
+    {
+        /**
+         * @brief Start a new client context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLClient(uint options, int num_sessions) :
+                        base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL server.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * This is a blocking call - it will finish when the handshake is 
+         * complete (or has failed).
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @param session_id [in] A 32 byte session id for session resumption. 
+         * This can be null if no session resumption is not required.
+         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+         * if a handshake succeeded.
+         */
+        public SSL Connect(Socket s, byte[] session_id)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id));
+        }
+    }
+}
+/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
new file mode 100755
index 0000000000..7509e17cfe
--- /dev/null
+++ b/bindings/generate_SWIG_interface.pl
@@ -0,0 +1,327 @@
+#!/usr/bin/perl
+
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#===============================================================
+# Transforms function signature into SWIG format
+sub transformSignature
+{
+    foreach $item (@_)
+    { 
+        $line =~ s/STDCALL //g;
+        $line =~ s/EXP_FUNC/extern/g;
+
+        # make API Java more 'byte' friendly
+        $line =~ s/uint32_t/int/g;
+        $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        if ($ARGV[0] eq "-java")
+        {
+            $line =~ s/.*ssl_read.*//g;
+            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
+            $line =~ s/uint8_t/signed char/g;
+        }
+        else
+        {
+            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    foreach $line (@_)
+    {
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            print DATA_OUT $line;
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $module;
+my $interfaceFile;
+my $data_file;
+my $skip;
+my $splitLine;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    goto ouch;
+}
+
+if ($ARGV[0] eq "-java")
+{
+    print "Generating Java interface file\n";
+    $module = "axtlsj";
+    $interfaceFile = "java/axTLSj.i";
+}
+elsif ($ARGV[0] eq "-perl")
+{
+    print "Generating Perl interface file\n";
+    $module = "axtlsp";
+    $interfaceFile = "perl/axTLSp.i";
+}
+else
+{
+ouch:
+    die "Usage: $0 [-java | -perl]\n";
+}
+
+# Input file required to generate SWIG interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+# Open output file
+open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+
+#
+# I wish I could say it was easy to generate the Perl/Java bindings, but each
+# had their own set of challenges... :-(.
+#
+print DATA_OUT << "END";
+%module $module\n
+
+/* include our own header */
+%inline %{
+#include "ssl.h"
+%}
+
+%include "typemaps.i"
+/* Some SWIG magic to make the API a bit more Java friendly */
+#ifdef SWIGJAVA
+
+%apply long { SSL * };
+%apply long { SSLCTX * };
+%apply long { SSLObjLoader * };
+
+/* allow "unsigned char []" to become "byte[]" */
+%include "arrays_java.i"
+
+/* convert these pointers to use long */
+%apply signed char[] {unsigned char *};
+%apply signed char[] {signed char *};
+
+/* allow ssl_get_session_id() to return "byte[]" */
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, SSL_SESSION_ID_SIZE);\"
+
+/* allow ssl_client_new() to have a null session_id input */
+%typemap(in) const signed char session_id[] (jbyte *jarr) {
+    if (jarg3 == NULL)
+    {
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL);
+        return jresult;
+    }
+    
+    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
+}   
+
+/* Lot's of work required for an ssl_read() due to its various custom
+ * requirements.
+ */
+%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
+    jint jresult = 0 ;
+    SSL *arg1;
+    unsigned char *arg2;
+    jbyte *jarr;
+    int result;
+    JNIEnv e = *jenv;
+    jclass holder_class;
+    jfieldID fid;
+
+    arg1 = (SSL *)jarg1;
+    result = (int)ssl_read(arg1, &arg2);
+
+    /* find the "m_buf" entry in the SSLReadHolder class */
+    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
+            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
+        return SSL_NOT_OK;
+
+    if (result > SSL_OK)
+    {
+        int i;
+
+        /* create a new byte array to hold the read data */
+        jbyteArray jarray = e->NewByteArray(jenv, result);
+
+        /* copy the bytes across to the java byte array */
+        jarr = e->GetByteArrayElements(jenv, jarray, 0);
+        for (i = 0; i < result; i++)
+            jarr[i] = (jbyte)arg2[i];
+
+        /* clean up and set the new m_buf object */
+        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
+        e->SetObjectField(jenv, jarg2, fid, jarray);
+    }
+    else    /* set to null */
+        e->SetObjectField(jenv, jarg2, fid, NULL);
+
+    jresult = (jint)result;
+    return jresult;
+}
+%}
+
+/* Big hack to get hold of a socket's file descriptor */
+%typemap (jtype) long "Object"
+%typemap (jstype) long "Object"
+%native (getFd) int getFd(long sock);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
+{
+    JNIEnv e = *env;
+    jfieldID fid;
+    jobject impl;
+    jobject fdesc;
+
+    /* get the SocketImpl from the Socket */
+    if (!(jcls = e->GetObjectClass(env,sock)) ||
+            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
+            !(impl = e->GetObjectField(env,sock,fid))) return -1;
+
+    /* get the FileDescriptor from the SocketImpl */
+    if (!(jcls = e->GetObjectClass(env,impl)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
+            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
+
+    /* get the fd from the FileDescriptor */
+    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
+
+    /* return the descriptor */
+    return e->GetIntField(env,fdesc,fid);
+} 
+%}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Perl friendly */
+#ifdef SWIGPERL
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    SV *svs = newSVpv((const char *)\$1, SSL_SESSION_ID_SIZE);
+    \$result = newRV(svs);
+    sv_2mortal(\$result);
+    argvi++;
+}
+
+/* for ssl_write() */
+%typemap(in) const unsigned char out_data[] {
+    SV* tempsv;
+    if (!SvROK(\$input))
+        croak("Argument \$argnum is not a reference.");
+    tempsv = SvRV(\$input);
+    if (SvTYPE(tempsv) != SVt_PV)
+        croak("Argument \$argnum is not an string.");
+    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+        SV *svs = newSVpv(*\$1, result);
+        \$result = newRV(svs);
+        sv_2mortal(\$result);
+        argvi++;
+    }
+}
+
+%typemap(freearg) unsigned char *in_data {
+    free(buf\$argnum);
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    /* check for a reference */
+    if (SvOK(\$input) && SvROK(\$input)) {
+        SV* tempsv = SvRV(\$input);
+        if (SvTYPE(tempsv) != SVt_PV)
+            croak("Argument \$argnum is not an string.");
+        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
+    } 
+    else
+        \$1 = NULL;
+}
+
+#endif
+
+END
+
+# Initialise loop variables
+$skip = 1;
+$splitLine = 0;
+
+parseFile(@raw_data);
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
new file mode 100755
index 0000000000..a063ea2cc7
--- /dev/null
+++ b/bindings/generate_interface.pl
@@ -0,0 +1,302 @@
+#!/usr/bin/perl -w
+
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#===============================================================
+# This application transforms ssl.h into interfaces that can be used by 
+# other language bindings. It is "SWIG"-like in nature in that various 
+# files are generated based on the axTLS API.
+#
+# The file produced is axInterface.? (depending on the file extension).
+#
+#===============================================================
+
+use strict;
+
+my $CSHARP = 0;
+my $VBNET = 1;
+
+my $binding;
+my $skip = 0;
+my $signature_ret_type;
+
+# Transforms function signature into an Interface format
+sub transformSignature
+{
+    my $item;
+    my ($line) = @_;
+
+    foreach $item ($line)
+    { 
+        # our very basic preprocessor
+        if ($binding == $CSHARP)
+        {
+            $line =~ s/STDCALL //;
+            $line =~ s/EXP_FUNC/        [DllImport ("axtls")]\n        public static extern/;
+            $line =~ s/uint32_t/uint/g;
+            $line =~ s/uint8_t \*\*/ref IntPtr /g;
+            $line =~ s/const uint8_t \* /IntPtr /g;
+            $line =~ s/const uint8_t \*/byte[] /g;    # note: subtle diff 
+            $line =~ s/uint8_t \* ?/byte[] /g;
+            $line =~ s/uint8_t ?/byte /g;
+            $line =~ s/const char \* ?/string /g;
+            $line =~ s/SSLCTX \* ?/IntPtr /g;
+            $line =~ s/SSLObjLoader \* ?/IntPtr /g;
+            $line =~ s/SSL \* ?/IntPtr /g;
+        }
+        elsif ($binding == $VBNET)
+        {
+            if ($line =~ /EXP_FUNC/)
+            {
+                # Procedure or function?
+                my $invariant = $line =~ /void /;
+
+                my $proc = $invariant ? "Sub" : "Function";
+                ($signature_ret_type) = $line =~ /EXP_FUNC (.*) STDCALL/;
+                $line =~ s/EXP_FUNC .* STDCALL /        <DllImport("axtls")> Public Shared $proc _\n            /;
+
+                $signature_ret_type =~ s/const uint8_t \*/As IntPtr/;
+                $signature_ret_type =~ s/const char \*/As String/;
+                $signature_ret_type =~ s/SSLCTX \*/As IntPtr/;
+                $signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/;
+                $signature_ret_type =~ s/SSL \*/As IntPtr/;
+                $signature_ret_type =~ s/uint8_t/As Byte/;
+                $signature_ret_type =~ s/int/As Integer/;
+                $signature_ret_type =~ s/void//;
+                $signature_ret_type .= "\n        End $proc\n\n";
+            }
+
+            $line =~ s/uint32_t (\w+)/ByVal $1 As Integer/g;
+            $line =~ s/int (\w+)/ByVal $1 As Integer/g;
+            $line =~ s/uint8_t \*\* ?(\w+)/ByRef $1 As IntPtr/g;
+            $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
+            $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
+            $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
+            $line =~ s/SSLCTX \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
+            $line =~ s/\(void\)/()/g;
+            $line =~ s/void//g;
+            $line =~ s/;\n/ $signature_ret_type;/;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    my (@file) = @_;
+    my $line;
+    my $splitDefine = 0;
+    my $splitFunctionDeclaration;
+    my $vb_hack = " ";
+    my $vb_line_hack = 0;
+
+    $skip = 0;
+
+    foreach $line (@file)
+    {
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+
+            if ($binding == $VBNET)
+            {
+                $line =~ s/\|/Or/g;
+                $line =~ s/ 0x/ &H/;
+            }
+
+            my ($name, $value) = $line =~ /#define (\w+) +([^\\]*)[\\]?\n/;
+
+            if (defined $name && defined $value)
+            {
+                # C# constant translation
+                if ($binding == $CSHARP)
+                {
+                    $line = "        public const int $name = $value";
+                }
+                # VB.NET constant translation
+                elsif ($binding == $VBNET)
+                {
+                    $line = "        Public Const $name As Integer = $value";
+                }
+            }
+
+            next if $line =~ /#define/;  # ignore any other defines
+               
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+            print DATA_OUT ";" if $binding == $CSHARP;
+            print DATA_OUT "\n";
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            if ($line !~ /\\$/)
+            {
+                $line =~ s/$/;/ if $binding == $CSHARP;        # add the ";"
+            }
+
+            $line =~ s/ ?\| ?/ Or /g 
+                                if ($binding == $VBNET);
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+
+            # ignore trailing "\"
+            $line =~ s/\\$// if $binding == $CSHARP;
+            $line =~ s/\\$/_/ if $binding == $VBNET;
+            print DATA_OUT $line;
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~ /\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            $line =~ s/;// if ($binding == $VBNET);
+            $line =~ s/\n$/ _\n/ if ($binding == $VBNET) && 
+                                                $splitFunctionDeclaration;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            $line =~ s/;// if ($binding == $VBNET);
+            $line =~ s/\n/ _\n/ if ($binding == $VBNET) && 
+                                                $splitFunctionDeclaration == 1;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $binding_prefix;
+my $binding_suffix;
+my $data_file;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    goto ouch;
+}
+
+if ($ARGV[0] eq "-csharp")
+{
+    print "Generating C# interface file\n";
+    $binding_prefix = "csharp";
+    $binding_suffix = "cs";
+    $binding = $CSHARP;
+}
+elsif ($ARGV[0] eq "-vbnet")
+{
+    print "Generating VB.NET interface file\n";
+    $binding_prefix = "vbnet";
+    $binding_suffix = "vb";
+    $binding = $VBNET;
+}
+else
+{
+ouch:
+    die "Usage: $0 [-csharp | -vbnet]\n";
+}
+
+my $interfaceFile = "$binding_prefix/axInterface.$binding_suffix";
+
+# Input file required to generate interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+
+# Open output file
+if ($binding == $CSHARP || $binding == $VBNET)
+{
+    open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+}
+
+# SPEC interface file header
+if ($binding == $CSHARP)
+{
+    # generate the C#/C interface file
+    print DATA_OUT << "END";
+// The C# to C interface definition file for the axTLS project
+// Do not modify - this file is generated
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace axTLS
+{
+    public class axtls
+    {
+END
+}
+elsif ($binding == $VBNET)
+{
+    # generate the VB.NET/C interface file
+    print DATA_OUT << "END";
+' The VB.NET to C interface definition file for the axTLS project
+' Do not modify - this file is generated
+
+Imports System
+Imports System.Runtime.InteropServices
+
+Namespace axTLSvb
+    Public Class axtls
+END
+}
+
+parseFile(@raw_data);
+
+# finish up
+if ($binding == $CSHARP)
+{
+    print DATA_OUT "    };\n";
+    print DATA_OUT "};\n";
+}
+elsif ($binding == $VBNET)
+{
+    print DATA_OUT "    End Class\nEnd Namespace\n";
+}
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
new file mode 100644
index 0000000000..a81d8811f6
--- /dev/null
+++ b/bindings/java/Makefile
@@ -0,0 +1,93 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all: lib jar
+
+JAR=../../axtls.jar
+
+ifdef CONFIG_PLATFORM_WIN32
+TARGET=../../axtlsj.dll
+else
+TARGET=../../libaxtlsj.so
+endif
+
+lib: $(TARGET)
+axTLSj_wrap.o : axTLSj_wrap.c
+
+JAVA_FILES= \
+	axtlsjJNI.java \
+    axtlsjConstants.java \
+    axtlsj.java \
+    SSLReadHolder.java \
+    SSL.java \
+    SSLUtil.java \
+    SSLCTX.java \
+    SSLServer.java \
+    SSLClient.java
+
+OBJ=axTLSj_wrap.o
+
+AXOLOTLS_HOME=../..
+SSL_HOME=$(AXOLOTLS_HOME)/ssl
+CONFIG_HOME=$(AXOLOTLS_HOME)/config
+JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
+
+ifdef CONFIG_PLATFORM_WIN32
+CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
+CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
+LDFLAGS += axtls.lib /libpath:"../../"
+
+include ../../config/makefile.post
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+else    # Not Win32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
+CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
+endif
+
+CFLAGS += -I$(SSL_HOME)
+CFLAGS += -I$(CONFIG_HOME)
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) -L ../../ $(LDSHARED) -o $@ $(OBJ) -laxtls 
+endif
+
+jar: $(OBJ) $(JAR)
+
+# if we are doing the samples then defer creating the jar until then
+$(JAR): $(JAVA_CLASSES)
+ifndef CONFIG_JAVA_SAMPLES
+	jar cvf $@ -C classes .
+else
+	@if [ ! -f $(JAR) ]; then touch $(JAR); fi
+endif
+
+classes/axTLSj/%.class : %.java
+	javac -d classes -classpath classes $^
+
+clean::
+	@rm -f $(JAR) $(TARGET) SWIG* axtls* *.i *.c 
+	@rm -fr classes/*
+
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
new file mode 100644
index 0000000000..9d64206300
--- /dev/null
+++ b/bindings/java/SSL.java
@@ -0,0 +1,125 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @defgroup java_api Java API.
+ *
+ * Ensure that the appropriate dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ */
+
+/**
+ * @class SSL
+ * @ingroup java_api 
+ * @brief A representation of an SSL connection.
+ *
+ */
+public class SSL
+{
+    public int m_ssl;    /**< A pointer to the real SSL type */
+
+    /**
+     * @brief Store the reference to an SSL context.
+     * @param ip [in] A reference to an SSL object.
+     */
+    public SSL(int ip)
+    {
+        m_ssl = ip;
+    }
+
+    /**
+     * @brief Free any used resources on this connection. 
+     * 
+     * A "Close Notify" message is sent on this connection (if possible). It 
+     * is up to the application to close the socket.
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_free(m_ssl);
+    }
+
+    /**
+     * @brief Return the result of a handshake.
+     * @return SSL_OK if the handshake is complete and ok.
+     * @see ssl.h for the error code list.
+     */
+    public int handshakeStatus()
+    {
+        return axtlsj.ssl_handshake_status(m_ssl);
+    }
+
+    /**
+     * @brief Return the SSL cipher id.
+     * @return The cipher id which is one of:
+     * - SSL_AES128_SHA (0x2f)
+     * - SSL_AES256_SHA (0x35)
+     * - SSL_RC4_128_SHA (0x05)
+     * - SSL_RC4_128_MD5 (0x04)
+     */
+    public byte getCipherId()
+    {
+        return axtlsj.ssl_get_cipher_id(m_ssl);
+    }
+
+    /**
+     * @brief Get the session id for a handshake. 
+     * 
+     * This will be a 32 byte sequence and is availabile after the first
+     * handshaking messages are sent.
+     * @return The session id as a 32 byte sequence.
+     * @note A SSLv23 handshake may have only 16 valid bytes.
+     */
+    public byte[] getSessionId()
+    {
+        return axtlsj.ssl_get_session_id(m_ssl);
+    }
+
+    /**
+     * @brief Retrieve an X.509 distinguished name component.
+     * 
+     * When a handshake is complete and a certificate has been exchanged, 
+     * then the details of the remote certificate can be retrieved.
+     *
+     * This will usually be used by a client to check that the server's common 
+     * name matches the URL.
+     *
+     * A full handshake needs to occur for this call to work.
+     *
+     * @param component [in] one of:
+     * - SSL_X509_CERT_COMMON_NAME
+     * - SSL_X509_CERT_ORGANIZATION
+     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+     * - SSL_X509_CA_CERT_COMMON_NAME
+     * - SSL_X509_CA_CERT_ORGANIZATION
+     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+     * @return The appropriate string (or null if not defined)
+     */
+    public String getCertificateDN(int component)
+    {
+        return axtlsj.ssl_get_cert_dn(m_ssl, component);
+    }
+}
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
new file mode 100644
index 0000000000..dfd08ec950
--- /dev/null
+++ b/bindings/java/SSLCTX.java
@@ -0,0 +1,217 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLCTX
+ * @ingroup java_api 
+ * @brief A base object for SSLServer/SSLClient.
+ */
+public class SSLCTX
+{
+    /**
+     * A reference to the real client/server context.
+     */
+    protected int m_ctx;
+
+    /**
+     * @brief Establish a new client/server context.
+     *
+     * This function is called before any client/server SSL connections are 
+     * made.  If multiple threads are used, then each thread will have its 
+     * own SSLCTX context. Any number of connections may be made with a single 
+     * context. 
+     *
+     * Each new connection will use the this context's private key and 
+     * certificate chain. If a different certificate chain is required, then a 
+     * different context needs to be be used.
+     *
+     * @param options [in]  Any particular options. At present the options
+     * supported are:
+     * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the 
+     * server authentication fails. The certificate can be authenticated later 
+     * with a call to verifyCert().
+     * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+     * i.e. each handshake will include a "certificate request" message from 
+     * the server.
+     * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user 
+     * will load the key/certificate explicitly.
+     * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+     * during the handshake.
+     * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+     * during the handshake.
+     * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+     * are passed during a handshake.
+     * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details 
+     * that are passed during a handshake.
+     *
+     * @param num_sessions [in] The number of sessions to be used for session
+     * caching. If this value is 0, then there is no session caching.
+     * 
+     * If this option is null, then the default internal private key/
+     * certificate pair is used (if CONFIG_SSL_USE_DEFAULT_KEY is set). 
+     * 
+     * The resources used by this object are automatically freed.  
+     * @return A client/server context.
+     */
+    protected SSLCTX(int options, int num_sessions)
+    {
+        m_ctx = axtlsj.ssl_ctx_new(options, num_sessions);
+    }
+
+    /**
+     * @brief Remove a client/server context.
+     *
+     * Frees any used resources used by this context. Each connection will be 
+     * sent a "Close Notify" alert (if possible).
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_ctx_free(m_ctx);
+    }
+
+    /**
+     * @brief Read the SSL data stream.
+     * @param ssl [in] An SSL object reference.
+     * @param rh [out] After a successful read, the decrypted data can be 
+     * retrieved with rh.getData(). It will be null otherwise.
+     * @return The number of decrypted bytes:
+     * - if > 0, then the handshaking is complete and we are returning the 
+     * number of decrypted bytes. 
+     * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+     * - < 0 if an error.
+     * @see ssl.h for the error code list.
+     * @note Use rh before doing any successive ssl calls.
+     */
+    public int read(SSL ssl, SSLReadHolder rh)
+    {
+        return axtlsj.ssl_read(ssl.m_ssl, rh);
+    }
+
+    /**
+     * @brief Write to the SSL data stream.
+     * @param ssl [in] An SSL obect reference.
+     * @param out_data [in] The data to be written
+     * @return The number of bytes sent, or if < 0 if an error.
+     * @see ssl.h for the error code list.
+     */
+    public int write(SSL ssl, byte[] out_data)
+    {
+        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_data.length);
+    }
+
+    /**
+     * @brief Write to the SSL data stream.
+     * @param ssl [in] An SSL obect reference.
+     * @param out_data [in] The data to be written
+     * @param out_len [in] The number of bytes to be written
+     * @return The number of bytes sent, or if < 0 if an error.
+     * @see ssl.h for the error code list.
+     */
+    public int write(SSL ssl, byte[] out_data, int out_len)
+    {
+        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_len);
+    }
+
+    /**
+     * @brief Find an ssl object based on a Socket reference.
+     *
+     * Goes through the list of SSL objects maintained in a client/server 
+     * context to look for a socket match.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @return A reference to the SSL object. Returns null if the object 
+     * could not be found.
+     */
+    public SSL find(Socket s)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_find(m_ctx, client_fd));
+    }
+
+    /**
+     * @brief Authenticate a received certificate.
+     * 
+     * This call is usually made by a client after a handshake is complete 
+     * and the context is in SSL_SERVER_VERIFY_LATER mode.
+     * @param ssl [in] An SSL object reference.
+     * @return SSL_OK if the certificate is verified.
+     */
+    public int verifyCert(SSL ssl)
+    {
+        return axtlsj.ssl_verify_cert(ssl.m_ssl);
+    }
+
+    /**
+     * @brief Force the client to perform its handshake again.
+     *
+     * For a client this involves sending another "client hello" message.
+     * For the server is means sending a "hello request" message.
+     * @param ssl [in] An SSL object reference.
+     * @return SSL_OK if renegotiation instantiation was ok
+     */
+    public int renegotiate(SSL ssl)
+    {
+        return axtlsj.ssl_renegotiate(ssl.m_ssl);
+    }
+
+    /**
+     * @brief Load a file into memory that is in binary DER or ASCII PEM format.
+     *
+     * These are temporary objects that are used to load private keys,
+     * certificates etc into memory.
+     * @param obj_type [in] The format of the file. Can be one of:
+     * - SSL_OBJ_X509_CERT (no password required)
+     * - SSL_OBJ_X509_CACERT (no password required)
+     * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+     * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+     * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+     *
+     * PEM files are automatically detected (if supported).
+     * @param filename [in] The location of a file in DER/PEM format.
+     * @param password [in] The password used. Can be null if not required.
+     * @return SSL_OK if all ok
+     */
+    public int objLoad(int obj_type, String filename, String password)
+    {
+        return axtlsj.ssl_obj_load(m_ctx, obj_type, filename, password);
+    }
+
+    /**
+     * @brief Transfer binary data into the object loader.
+     *
+     * These are temporary objects that are used to load private keys,
+     * certificates etc into memory.
+     * @param obj_type [in] The format of the memory data.
+     * @param data [in] The binary data to be loaded.
+     * @param len [in] The amount of data to be loaded.
+     * @param password [in] The password used. Can be null if not required.
+     * @return SSL_OK if all ok
+     */
+
+    public int objLoad(int obj_type, byte[] data, int len, String password)
+    {
+        return axtlsj.ssl_obj_memory_load(m_ctx, obj_type, data, len, password);
+    }
+}
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
new file mode 100644
index 0000000000..ef624d60d0
--- /dev/null
+++ b/bindings/java/SSLClient.java
@@ -0,0 +1,66 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLClient
+ * @ingroup java_api 
+ * @brief The client context.
+ *
+ * All client connections are started within a client context.
+ */
+public class SSLClient extends SSLCTX
+{
+    /**
+     * @brief Start a new client context.
+     * 
+     * @see SSLCTX for details.
+     */
+    public SSLClient(int options, int num_sessions)
+    {
+        super(options, num_sessions);
+    }
+
+    /**
+     * @brief Establish a new SSL connection to an SSL server.
+     *
+     * It is up to the application to establish the initial socket connection.
+     *
+     * This is a blocking call - it will finish when the handshake is 
+     * complete (or has failed).
+     *
+     * Call dispose() when the connection is to be removed.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @param session_id [in] A 32 byte session id for session resumption. This 
+     * can be null if no session resumption is not required.
+     * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+     * if a handshake succeeded.
+     */
+    public SSL connect(Socket s, byte[] session_id)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_client_new(m_ctx, client_fd, session_id));
+    }
+}
diff --git a/bindings/java/SSLReadHolder.java b/bindings/java/SSLReadHolder.java
new file mode 100644
index 0000000000..0749ab3e85
--- /dev/null
+++ b/bindings/java/SSLReadHolder.java
@@ -0,0 +1,49 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+/**
+ * @class SSLReadHolder
+ * @ingroup java_api 
+ * @brief A holder for data read in an SSL read.
+ */
+public class SSLReadHolder
+{
+    /**
+     * @brief Contruct a new read holder object.
+     */
+    public SSLReadHolder()
+    {
+        m_buf = null;
+    }
+
+    /**
+     * @brief Retrieve the reference to the read data.
+     */
+    public byte[] getData()
+    {
+        return m_buf;
+    }
+
+    private byte[] m_buf;
+}
diff --git a/bindings/java/SSLServer.java b/bindings/java/SSLServer.java
new file mode 100644
index 0000000000..6f4cf00e8b
--- /dev/null
+++ b/bindings/java/SSLServer.java
@@ -0,0 +1,60 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLServer
+ * @ingroup java_api 
+ * @brief The server context.
+ *
+ * All server connections are started within a server context.
+ */
+public class SSLServer extends SSLCTX
+{
+    /**
+     * @brief Start a new server context.
+     * 
+     * @see SSLCTX for details.
+     */
+    public SSLServer(int options, int num_sessions)
+    {
+        super(options, num_sessions);
+    }
+
+    /**
+     * @brief Establish a new SSL connection to an SSL client.
+     *
+     * It is up to the application to establish the initial socket connection.
+     *
+     * Call dispose() when the connection is to be removed.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @return An SSL object reference.
+     */
+    public SSL connect(Socket s)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_server_new(m_ctx, client_fd));
+    }
+}
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
new file mode 100644
index 0000000000..26451b20a0
--- /dev/null
+++ b/bindings/java/SSLUtil.java
@@ -0,0 +1,96 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @class SSLUtil
+ * @ingroup java_api 
+ * @brief Some global helper functions.
+ *
+ */
+public class SSLUtil
+{
+    /**
+     * @brief Load up the ddl/shared library 
+     */
+    static
+    {
+        System.loadLibrary("axtlsj");
+    }
+
+    /**
+     * @brief Return the build mode of the axTLS project.
+     * @return The build mode is one of:
+     * - SSL_BUILD_SERVER_ONLY
+     * - SSL_BUILD_ENABLE_VERIFICATION
+     * - SSL_BUILD_ENABLE_CLIENT
+     * - SSL_BUILD_FULL_MODE
+     */
+    public static int buildMode()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_BUILD_MODE);
+    }
+
+    /**
+     * @brief Return the number of chained certificates that the client/server 
+     * supports.
+     * @return The number of supported client/server certificates.
+     */
+    public static int maxCerts()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CERT_CFG_OFFSET);
+    }
+
+    /**
+     * @brief Return the number of CA certificates that the client/server
+     * supports.
+     * @return The number of supported CA certificates.
+     */
+    public static int maxCACerts()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CA_CERT_CFG_OFFSET);
+    }
+
+    /**
+     * @brief Indicate if PEM is supported.
+     * @return true if PEM supported.
+     */
+    public static boolean hasPEM()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_HAS_PEM) > 0 ? true : false;
+    }
+
+    /**
+     * @brief Display the text string of the error.
+     * @param error_code [in] The integer error code.
+     * @see ssl.h for the error code list.
+     */
+    public static void displayError(int error_code)
+    {
+        axtlsj.ssl_display_error(error_code);
+    }
+}
+
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
new file mode 100644
index 0000000000..99b6e4d249
--- /dev/null
+++ b/bindings/perl/Makefile
@@ -0,0 +1,81 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: lib
+
+ifdef CONFIG_PLATFORM_WIN32
+TARGET=../../axtlsp.dll
+else
+TARGET=../../libaxtlsp.so
+endif
+
+ifneq ($(MAKECMDGOALS), clean)
+
+ifdef CONFIG_PLATFORM_WIN32
+PERL5_CORE:=$(shell cygpath -w "$(CONFIG_PERL_CORE)")
+else
+PERL5_CORE= $(shell perl -e 'use Config; print $$Config{archlib};')/CORE
+endif
+
+all: test_perl
+
+test_perl:
+	@if ! [ -d "$(PERL5_CORE)" ]; then \
+		echo "*** Error: Perl not installed at $(CONFIG_PERL_CORE) - go to " \
+        "http://www.cpan.org/authors/id/G/GR/GRAHAMC/SiePerl-5.8.0-bin-1.0-Win32.INSTALL.exe" && exit 1; \
+	fi
+
+endif
+
+lib: $(TARGET)
+AXOLOTLS_HOME=../..
+SSL_HOME=$(AXOLOTLS_HOME)/ssl
+CONFIG_HOME=$(AXOLOTLS_HOME)/config
+OBJ:=axTLSp_wrap.o
+include ../../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32
+
+#
+# Could have used libperl.a, but it increases the library to over 1MB, so just
+# use libperl.so. But this needs to be in the shared library path for things to
+# work.
+#
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) -L ../../ -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
+ifdef CONFIG_PLATFORM_CYGWIN
+	cd ../../; ln -sf $(notdir $@) axtlsp.dll
+endif
+	@install axtlsp.pm ../../
+
+CFLAGS += -D__USE_GNU -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
+else
+CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
+CFLAGS += /I"$(PERL5_CORE)"
+LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../"
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+	@install axtlsp.pm ../../
+endif # WIN32
+
+clean::
+	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../axtlsp.pm
diff --git a/bindings/vbnet/Makefile b/bindings/vbnet/Makefile
new file mode 100644
index 0000000000..5c7a36d6a3
--- /dev/null
+++ b/bindings/vbnet/Makefile
@@ -0,0 +1,23 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+clean::
+	@rm -f axssl* axInterface.vb
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
new file mode 100644
index 0000000000..7f08195258
--- /dev/null
+++ b/bindings/vbnet/axTLSvb.vb
@@ -0,0 +1,175 @@
+'
+'  Copyright(C) 2006
+'
+'  This program is free software you can redistribute it and/or modify
+'  it under the terms of the GNU General Public License as published by
+'  the Free Software Foundation either version 2.1 of the License, or
+'  (at your option As ) any later version.
+'
+'  This program is distributed in the hope that it will be useful,
+'  but WITHOUT ANY WARRANTY without even the implied warranty of
+'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+'  GNU Lesser General Public License for more details.
+'
+'  You should have received a copy of the GNU General Public License
+'  along with this program if not, write to the Free Software
+'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+'
+
+'
+' A wrapper around the unmanaged Integererface to give a semi-decent VB.NET API
+'
+
+Imports System
+Imports System.Runtime.InteropServices
+Imports System.Net.Sockets
+Imports axTLSvb
+
+Namespace axTLSvb
+    Public Class SSL
+        Public m_ssl As IntPtr
+
+        Public Sub New(ByRef ip As IntPtr)
+            m_ssl = ip
+        End Sub
+
+        Public Sub Dispose()
+            axtls.ssl_free(m_ssl)
+        End Sub
+
+        Public Function HandshakeStatus() As Integer
+            Return axtls.ssl_handshake_status(m_ssl)
+        End Function
+
+        Public Function GetCipherId() As Byte
+            Return axtls.ssl_get_cipher_id(m_ssl)
+        End Function
+
+        Public Function GetSessionId() As Byte()
+            Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
+            Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
+            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE)
+            Return result
+        End Function
+
+        Public Function GetCertificateDN(component As Integer) As String
+            Return axtls.ssl_get_cert_dn(m_ssl, component)
+        End Function
+    End Class
+
+    Public Class SSLUtil
+        Private dummy As Integer    ' need something here
+
+        Public Shared Function BuildMode() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_BUILD_MODE)
+        End Function
+
+        Public Shared Function MaxCerts() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET)
+        End Function
+
+        Public Shared Function MaxCACerts() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET)
+        End Function
+
+        Public Shared Function HasPEM() As Boolean
+            If axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 Then
+                Return True
+            Else
+                Return False
+            End If
+        End Function
+        
+        Public Shared Sub DisplayError(ByVal error_code As Integer)
+            axtls.ssl_display_error(error_code)
+        End Sub
+    End Class
+
+    Public Class SSLCTX
+        Protected m_ctx As IntPtr
+
+        Protected Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions)
+        End Sub
+
+        Public Sub Dispose()
+            axtls.ssl_ctx_free(m_ctx)
+        End Sub
+
+        Public Function Read(ByVal ssl As SSL, ByRef in_data As Byte()) As Integer
+            Dim ptr As IntPtr = IntPtr.Zero
+            Dim ret as Integer = axtls.ssl_read(ssl.m_ssl, ptr)
+
+            If ret > axtls.SSL_OK Then
+                ReDim in_data(ret)
+                Marshal.Copy(ptr, in_data, 0, ret)
+            Else
+                in_data = Nothing
+            End If
+
+            Return ret
+        End Function
+
+        Public Function Write(ByVal ssl As SSL, _
+                ByVal data As Byte(), len As Integer) As Integer
+            Return axtls.ssl_write(ssl.m_ssl, data, len)
+        End Function
+
+        Public Function Find(ByVal s As Socket) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL(axtls.ssl_find(m_ctx, client_fd))
+        End Function
+
+        Public Function VerifyCert(ByVal ssl As SSL) As Integer
+            Return axtls.ssl_verify_cert(ssl.m_ssl)
+        End Function
+
+        Public Function Renegotiate(ByVal ssl As SSL) As Integer
+            Return axtls.ssl_renegotiate(ssl.m_ssl)
+        End Function
+
+        Public Function ObjLoad(ByVal obj_type As Integer, _
+                ByVal filename As String, _
+                password As String) As Integer
+            Return axtls.ssl_obj_load(m_ctx, obj_type, filename, password)
+        End Function
+
+        Public Function ObjLoad(ByVal obj_type As Integer, _
+                ByVal data As Byte(), ByVal len As Integer, _
+                password As String) As Integer
+            Return axtls.ssl_obj_memory_load( _
+                    m_ctx, obj_type, data, len, password)
+        End Function
+    End Class
+
+    Public Class SSLServer 
+            Inherits SSLCTX
+
+        Public Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            MyBase.New(options, num_sessions)
+        End Sub
+
+        Public Function Connect(ByVal s As Socket) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL(axtls.ssl_server_new(m_ctx, client_fd))
+        End Function
+    End Class
+
+    Public Class SSLClient 
+            Inherits SSLCTX
+
+        Public Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            MyBase.New(options, num_sessions)
+        End Sub
+
+        Public Function Connect(ByVal s As Socket, _
+                                ByVal session_id As Byte()) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id))
+        End Function
+
+    End Class
+End Namespace
diff --git a/config/.config b/config/.config
new file mode 100644
index 0000000000..092035ebf2
--- /dev/null
+++ b/config/.config
@@ -0,0 +1,107 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+CONFIG_PLATFORM_CYGWIN=y
+# CONFIG_PLATFORM_SOLARIS is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+# CONFIG_DEBUG is not set
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+# CONFIG_SSL_FULL_MODE is not set
+CONFIG_SSL_SKELETON_MODE=y
+# CONFIG_SSL_PROT_LOW is not set
+# CONFIG_SSL_PROT_MEDIUM is not set
+# CONFIG_SSL_PROT_HIGH is not set
+# CONFIG_SSL_USE_DEFAULT_KEY is not set
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+# CONFIG_SSL_HAS_PEM is not set
+# CONFIG_SSL_USE_PKCS12 is not set
+CONFIG_SSL_EXPIRY_TIME=0
+CONFIG_X509_MAX_CA_CERTS=0
+CONFIG_SSL_MAX_CERTS=2
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AWHTTPD=y
+
+#
+# Awhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_HAS_SSL=y
+CONFIG_HTTP_HTTPS_PORT=443
+# CONFIG_STANDARD_AWHTTPD is not set
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_PORT=80
+# CONFIG_HTTP_USE_TIMEOUT is not set
+CONFIG_HTTP_TIMEOUT=0
+CONFIG_HTTP_INITIAL_SLOTS=10
+CONFIG_HTTP_MAX_USERS=100
+CONFIG_HTTP_HAS_CGI=y
+CONFIG_HTTP_CGI_EXTENSION=".php"
+CONFIG_HTTP_DIRECTORIES=y
+# CONFIG_HTTP_PERM_CHECK is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+CONFIG_CSHARP_BINDINGS=y
+CONFIG_VBNET_BINDINGS=y
+
+#
+# .Net Framework
+#
+CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+CONFIG_JAVA_BINDINGS=y
+
+#
+# Java Home
+#
+CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+CONFIG_CSHARP_SAMPLES=y
+CONFIG_VBNET_SAMPLES=y
+CONFIG_JAVA_SAMPLES=y
+# CONFIG_PERL_SAMPLES is not set
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+# CONFIG_BIGINT_BARRETT is not set
+# CONFIG_BIGINT_CRT is not set
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+# CONFIG_BIGINT_SLIDING_WINDOW is not set
+# CONFIG_BIGINT_SQUARE is not set
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/.config.old b/config/.config.old
new file mode 100644
index 0000000000..092035ebf2
--- /dev/null
+++ b/config/.config.old
@@ -0,0 +1,107 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+CONFIG_PLATFORM_CYGWIN=y
+# CONFIG_PLATFORM_SOLARIS is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+# CONFIG_DEBUG is not set
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+# CONFIG_SSL_FULL_MODE is not set
+CONFIG_SSL_SKELETON_MODE=y
+# CONFIG_SSL_PROT_LOW is not set
+# CONFIG_SSL_PROT_MEDIUM is not set
+# CONFIG_SSL_PROT_HIGH is not set
+# CONFIG_SSL_USE_DEFAULT_KEY is not set
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+# CONFIG_SSL_HAS_PEM is not set
+# CONFIG_SSL_USE_PKCS12 is not set
+CONFIG_SSL_EXPIRY_TIME=0
+CONFIG_X509_MAX_CA_CERTS=0
+CONFIG_SSL_MAX_CERTS=2
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AWHTTPD=y
+
+#
+# Awhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_HAS_SSL=y
+CONFIG_HTTP_HTTPS_PORT=443
+# CONFIG_STANDARD_AWHTTPD is not set
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_PORT=80
+# CONFIG_HTTP_USE_TIMEOUT is not set
+CONFIG_HTTP_TIMEOUT=0
+CONFIG_HTTP_INITIAL_SLOTS=10
+CONFIG_HTTP_MAX_USERS=100
+CONFIG_HTTP_HAS_CGI=y
+CONFIG_HTTP_CGI_EXTENSION=".php"
+CONFIG_HTTP_DIRECTORIES=y
+# CONFIG_HTTP_PERM_CHECK is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+CONFIG_CSHARP_BINDINGS=y
+CONFIG_VBNET_BINDINGS=y
+
+#
+# .Net Framework
+#
+CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+CONFIG_JAVA_BINDINGS=y
+
+#
+# Java Home
+#
+CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+CONFIG_CSHARP_SAMPLES=y
+CONFIG_VBNET_SAMPLES=y
+CONFIG_JAVA_SAMPLES=y
+# CONFIG_PERL_SAMPLES is not set
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+# CONFIG_BIGINT_BARRETT is not set
+# CONFIG_BIGINT_CRT is not set
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+# CONFIG_BIGINT_SLIDING_WINDOW is not set
+# CONFIG_BIGINT_SQUARE is not set
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/.config.tmp b/config/.config.tmp
new file mode 100644
index 0000000000..eae93ecacb
--- /dev/null
+++ b/config/.config.tmp
@@ -0,0 +1,11 @@
+deps_config := \
+	ssl/BigIntConfig.in \
+	samples/Config.in \
+	bindings/Config.in \
+	httpd/Config.in \
+	ssl/Config.in \
+	config/Config.in
+
+.config include/config.h: $(deps_config)
+
+$(deps_config):
diff --git a/config/Config.in b/config/Config.in
new file mode 100644
index 0000000000..fea9c0a6d6
--- /dev/null
+++ b/config/Config.in
@@ -0,0 +1,112 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+mainmenu "axTLS Configuration"
+
+config HAVE_DOT_CONFIG
+    bool
+    default y
+
+choice 
+    prompt "Platform"
+    default CONFIG_PLATFORM_LINUX
+
+config CONFIG_PLATFORM_LINUX
+    bool "Linux"
+
+config CONFIG_PLATFORM_CYGWIN
+    bool "Cygwin"
+
+config CONFIG_PLATFORM_SOLARIS
+    bool "Solaris"
+
+config CONFIG_PLATFORM_WIN32
+    bool "Win32"
+
+endchoice 
+
+menu "General Configuration"
+
+config CONFIG_DEBUG
+    bool "Build axTLS with Debugging symbols"
+    default n
+    help
+      Say Y here if you wish to compile axTLS with debugging symbols.
+      This will allow you to use a debugger to examine axTLS internals.  
+      This increases the size of the binary considerably and should only be 
+      used when doing development.
+      If you are doing development and want to debug axTLS, answer Y.
+
+      Most people should answer N.
+
+menu "Microsoft Compiler Options"
+depends on CONFIG_PLATFORM_WIN32
+
+choice 
+    prompt "Compiler"
+    depends on CONFIG_PLATFORM_WIN32
+    default CONFIG_VISUAL_STUDIO_8_0
+
+config CONFIG_VISUAL_STUDIO_6_0
+    bool "Visual Studio 6.0 (VC98)"
+    help
+        Use Microsoft's Visual Studio 6.0 platform.
+
+config CONFIG_VISUAL_STUDIO_7_0
+    bool "Visual Studio 7.0 (2003)"
+    help 
+        Use Microsoft's Visual Studio 2003 platform.
+
+config CONFIG_VISUAL_STUDIO_8_0
+    bool "Visual Studio 8.0 (2005)"
+    help 
+        Use Microsoft's Visual Studio 2005 platform.
+
+endchoice
+
+config CONFIG_VISUAL_STUDIO_6_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_6_0
+    default "c:\\Program Files\\Microsoft Visual Studio"
+
+config CONFIG_VISUAL_STUDIO_7_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_7_0
+    default "c:\\Program Files\\Microsoft Visual Studio .NET 2003"
+
+config CONFIG_VISUAL_STUDIO_8_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_8_0
+    default "c:\\Program Files\\Microsoft Visual Studio 8"
+
+endmenu
+
+config CONFIG_EXTRA_CFLAGS_OPTIONS
+    string "Any extra CFLAGS options for the compiler?"
+    help
+        Do you want to pass any extra CFLAGS options to the compiler as  
+        you build axTLS? If so, this is the option for you...  For
+        example, if you want to add some simple compiler switches (like
+        -march=i686), or check for warnings using -Werror, just those 
+        options here.
+
+config CONFIG_EXTRA_LDFLAGS_OPTIONS
+    string "Any extra LDFLAGS options for the compiler?"
+    help
+        Do you want to pass any extra LDFLAGS options to the compiler?
+
+endmenu
+
+source ssl/Config.in
+config CONFIG_AWHTTPD
+    bool "Enable HTTP/HTTPS Web Server"
+    default y
+    help
+        Build the AWHTTPD web server
+
+source httpd/Config.in
+source bindings/Config.in
+source samples/Config.in
+source ssl/BigIntConfig.in
diff --git a/config/Rules.mak b/config/Rules.mak
new file mode 100644
index 0000000000..c0308da053
--- /dev/null
+++ b/config/Rules.mak
@@ -0,0 +1,220 @@
+# Rules.make for busybox
+#
+# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
+#
+# Licensed under GPLv2, see the file LICENSE in this tarball for details.
+#
+
+# Pull in the user's busybox configuration
+ifeq ($(filter $(noconfig_targets),$(MAKECMDGOALS)),)
+-include $(top_builddir)/.config
+endif
+
+#--------------------------------------------------------
+PROG      := busybox
+MAJOR_VERSION   :=1
+MINOR_VERSION   :=1
+SUBLEVEL_VERSION:=0
+EXTRAVERSION    :=
+VERSION   :=$(MAJOR_VERSION).$(MINOR_VERSION).$(SUBLEVEL_VERSION)$(EXTRAVERSION)
+BUILDTIME := $(shell TZ=UTC date -u "+%Y.%m.%d-%H:%M%z")
+
+
+#--------------------------------------------------------
+# With a modern GNU make(1) (highly recommended, that's what all the
+# developers use), all of the following configuration values can be
+# overridden at the command line.  For example:
+#   make CROSS=powerpc-linux- top_srcdir="$HOME/busybox" PREFIX=/mnt/app
+#--------------------------------------------------------
+
+# If you are running a cross compiler, you will want to set 'CROSS'
+# to something more interesting...  Target architecture is determined
+# by asking the CC compiler what arch it compiles things for, so unless
+# your compiler is broken, you should not need to specify TARGET_ARCH
+CROSS           =$(subst ",, $(strip $(CROSS_COMPILER_PREFIX)))
+CC             = $(CROSS)gcc
+AR             = $(CROSS)ar
+AS             = $(CROSS)as
+LD             = $(CROSS)ld
+NM             = $(CROSS)nm
+STRIP          = $(CROSS)strip
+CPP            = $(CC) -E
+# MAKEFILES      = $(top_builddir)/.config
+RM             = rm
+RM_F           = $(RM) -f
+LN             = ln
+LN_S           = $(LN) -s
+MKDIR          = mkdir
+MKDIR_P        = $(MKDIR) -p
+MV             = mv
+CP             = cp
+
+
+# What OS are you compiling busybox for?  This allows you to include
+# OS specific things, syscall overrides, etc.
+TARGET_OS=linux
+
+# Select the compiler needed to build binaries for your development system
+HOSTCC    = gcc
+HOSTCFLAGS= -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
+
+# Ensure consistent sort order, 'gcc -print-search-dirs' behavior, etc.
+LC_ALL:= C
+
+# If you want to add some simple compiler switches (like -march=i686),
+# especially from the command line, use this instead of CFLAGS directly.
+# For optimization overrides, it's better still to set OPTIMIZATION.
+CFLAGS_EXTRA=$(subst ",, $(strip $(EXTRA_CFLAGS_OPTIONS)))
+
+# To compile vs some other alternative libc, you may need to use/adjust
+# the following lines to meet your needs...
+#
+# If you are using Red Hat 6.x with the compatible RPMs (for developing under
+# Red Hat 5.x and glibc 2.0) uncomment the following.  Be sure to read about
+# using the compatible RPMs (compat-*) at http://www.redhat.com !
+#LIBCDIR:=/usr/i386-glibc20-linux
+#
+# For other libraries, you are on your own.  But these may (or may not) help...
+#LDFLAGS+=-nostdlib
+#LIBRARIES:=$(LIBCDIR)/lib/libc.a -lgcc
+#CROSS_CFLAGS+=-nostdinc -I$(LIBCDIR)/include -I$(GCCINCDIR) -funsigned-char
+#GCCINCDIR:=$(shell gcc -print-search-dirs | sed -ne "s/install: \(.*\)/\1include/gp")
+
+WARNINGS=-Wall -Wstrict-prototypes -Wshadow
+CFLAGS=-I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)
+ARFLAGS=cru
+
+
+# gcc centric. Perhaps fiddle with findstring gcc,$(CC) for the rest
+# get the CC MAJOR/MINOR version
+CC_MAJOR:=$(shell printf "%02d" $(shell echo __GNUC__ | $(CC) -E -xc - | tail -n 1))
+CC_MINOR:=$(shell printf "%02d" $(shell echo __GNUC_MINOR__ | $(CC) -E -xc - | tail -n 1))
+
+#--------------------------------------------------------
+export VERSION BUILDTIME HOSTCC HOSTCFLAGS CROSS CC AR AS LD NM STRIP CPP
+ifeq ($(strip $(TARGET_ARCH)),)
+TARGET_ARCH:=$(shell $(CC) -dumpmachine | sed -e s'/-.*//' \
+		-e 's/i.86/i386/' \
+		-e 's/sparc.*/sparc/' \
+		-e 's/arm.*/arm/g' \
+		-e 's/m68k.*/m68k/' \
+		-e 's/ppc/powerpc/g' \
+		-e 's/v850.*/v850/g' \
+		-e 's/sh[234]/sh/' \
+		-e 's/mips-.*/mips/' \
+		-e 's/mipsel-.*/mipsel/' \
+		-e 's/cris.*/cris/' \
+		)
+endif
+
+# A nifty macro to make testing gcc features easier
+check_gcc=$(shell \
+	if [ "$(1)" != "" ]; then \
+		if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \
+		then echo "$(1)"; else echo "$(2)"; fi \
+	fi)
+
+# Setup some shortcuts so that silent mode is silent like it should be
+ifeq ($(subst s,,$(MAKEFLAGS)),$(MAKEFLAGS))
+export MAKE_IS_SILENT=n
+SECHO=@echo
+else
+export MAKE_IS_SILENT=y
+SECHO=-@false
+endif
+
+CFLAGS+=$(call check_gcc,-funsigned-char,)
+
+#--------------------------------------------------------
+# Arch specific compiler optimization stuff should go here.
+# Unless you want to override the defaults, do not set anything
+# for OPTIMIZATION...
+
+# use '-Os' optimization if available, else use -O2
+OPTIMIZATION:=$(call check_gcc,-Os,-O2)
+
+# Some nice architecture specific optimizations
+ifeq ($(strip $(TARGET_ARCH)),arm)
+	OPTIMIZATION+=-fstrict-aliasing
+endif
+ifeq ($(strip $(TARGET_ARCH)),i386)
+	OPTIMIZATION+=$(call check_gcc,-march=i386,)
+	OPTIMIZATION+=$(call check_gcc,-mpreferred-stack-boundary=2,)
+	OPTIMIZATION+=$(call check_gcc,-falign-functions=0 -falign-jumps=0 -falign-loops=0,\
+		-malign-functions=0 -malign-jumps=0 -malign-loops=0)
+endif
+OPTIMIZATIONS:=$(OPTIMIZATION) -fomit-frame-pointer
+
+#
+#--------------------------------------------------------
+# If you're going to do a lot of builds with a non-vanilla configuration,
+# it makes sense to adjust parameters above, so you can type "make"
+# by itself, instead of following it by the same half-dozen overrides
+# every time.  The stuff below, on the other hand, is probably less
+# prone to casual user adjustment.
+#
+
+ifeq ($(strip $(CONFIG_LFS)),y)
+    # For large file summit support
+    CFLAGS+=-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+endif
+ifeq ($(strip $(CONFIG_DMALLOC)),y)
+    # For testing mem leaks with dmalloc
+    CFLAGS+=-DDMALLOC
+    LIBRARIES:=-ldmalloc
+else
+    ifeq ($(strip $(CONFIG_EFENCE)),y)
+	LIBRARIES:=-lefence
+    endif
+endif
+ifeq ($(strip $(CONFIG_DEBUG)),y)
+    CFLAGS  +=$(WARNINGS) -g -D_GNU_SOURCE
+    LDFLAGS +=-Wl,-warn-common
+    STRIPCMD:=/bin/true -Not_stripping_since_we_are_debugging
+else
+    CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG
+    LDFLAGS += -Wl,-warn-common
+    STRIPCMD:=$(STRIP) -s --remove-section=.note --remove-section=.comment
+endif
+ifeq ($(strip $(CONFIG_STATIC)),y)
+    LDFLAGS += --static
+endif
+
+ifeq ($(strip $(CONFIG_SELINUX)),y)
+    LIBRARIES += -lselinux
+endif
+
+ifeq ($(strip $(PREFIX)),)
+    PREFIX:=`pwd`/_install
+endif
+
+# Additional complications due to support for pristine source dir.
+# Include files in the build directory should take precedence over
+# the copy in top_srcdir, both during the compilation phase and the
+# shell script that finds the list of object files.
+# Work in progress by <ldoolitt@recycle.lbl.gov>.
+
+
+OBJECTS:=$(APPLET_SOURCES:.c=.o) busybox.o usage.o applets.o
+CFLAGS    += $(CROSS_CFLAGS)
+ifdef BB_INIT_SCRIPT
+    CFLAGS += -DINIT_SCRIPT='"$(BB_INIT_SCRIPT)"'
+endif
+
+# Put user-supplied flags at the end, where they
+# have a chance of winning.
+CFLAGS += $(CFLAGS_EXTRA)
+
+#------------------------------------------------------------
+# Installation options
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_HARDLINKS)),y)
+INSTALL_OPTS=--hardlinks
+endif
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_SYMLINKS)),y)
+INSTALL_OPTS=--symlinks
+endif
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_DONT)),y)
+INSTALL_OPTS=
+endif
+
+.PHONY: dummy
diff --git a/config/awhttpd.aip b/config/awhttpd.aip
new file mode 100755
index 0000000000..3b68600ab9
--- /dev/null
+++ b/config/awhttpd.aip
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.1.1" modules="freeware" RootPath="." Language="en">
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="ALLUSERS" Value="2"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
+    <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
+    <ROW Property="ARPURLINFOABOUT" Value="http://www.leroc.com.au/axTLS"/>
+    <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
+    <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
+    <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
+    <ROW Property="ProductCode" Value="1033:{C78C84DF-8FBA-49BD-AC4B-BEEE0A3411C6} "/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
+    <ROW Property="ProductVersion" Value="1.0.0"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
+    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
+    <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="awhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="awhttpd.exe" FullKeyPath="APPDIR\awhttpd.exe"/>
+    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
+    <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
+    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
+    <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
+    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
+    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
+    <ROW Component="crypto_2600des.gif" ComponentId="{7C3C3A24-4053-4A9D-B040-FA671C2FA638}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
+    <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\awhttpd.exe" SelfReg="false" Sequence="1"/>
+    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
+    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.exe" SelfReg="false" Sequence="3"/>
+    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
+    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.dll" SelfReg="false" Sequence="5"/>
+    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.jar" SelfReg="false" Sequence="6"/>
+    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.lib" SelfReg="false" Sequence="7"/>
+    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.static.lib" SelfReg="false" Sequence="8"/>
+    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtlsj.dll" SelfReg="false" Sequence="9"/>
+    <ROW File="bigint.h" Component_="axtls.jar" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="25"/>
+    <ROW File="bigint_impl.h" Component_="axtls.jar" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="22"/>
+    <ROW File="crypto.h" Component_="axtls.jar" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="23"/>
+    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="10"/>
+    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="11"/>
+    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="12"/>
+    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="13"/>
+    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="14"/>
+    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="15"/>
+    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="16"/>
+    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="17"/>
+    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\favicon.ico" SelfReg="false" Sequence="19"/>
+    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\index.html" SelfReg="false" Sequence="20"/>
+    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="18"/>
+    <ROW File="ssl.h" Component_="axtls.jar" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="21"/>
+    <ROW File="tls1.h" Component_="axtls.jar" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="24"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;ui.ail&gt;"/>
+    <ROW Path="&lt;ui_en.ail&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="FolderDlg.aip" Path="&lt;FolderDlg.aip&gt;"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;StaticUIStrings.aip&gt;"/>
+    <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
+    <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
+    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
+    <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="3"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="2"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="Not Installed" Sequence="1545"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1300"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
+    <ATTRIBUTE name="Compress" value="1"/>
+    <ATTRIBUTE name="FirstMediaSize" value="0"/>
+    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="InstallationType" value="0"/>
+    <ATTRIBUTE name="MediaSize" value="0"/>
+    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="Package" value="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
+    <ROW Shortcut="awhttpd.exe" Directory_="SHORTCUTDIR" Name="awhttpd" Component_="awhttpd.exe" Target="[#awhttpd.exe]" Description="awhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
+    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/config/awhttpd.back.aip b/config/awhttpd.back.aip
new file mode 100644
index 0000000000..7c754f1db4
--- /dev/null
+++ b/config/awhttpd.back.aip
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.0" modules="freeware" RootPath="." Language="en">
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="ALLUSERS" Value="2"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
+    <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
+    <ROW Property="ARPURLINFOABOUT" Value="http://www.leroc.com.au/axTLS"/>
+    <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
+    <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
+    <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
+    <ROW Property="ProductCode" Value="1033:{C78C84DF-8FBA-49BD-AC4B-BEEE0A3411C6} "/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
+    <ROW Property="ProductVersion" Value="1.0.0"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
+    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
+    <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="awhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="awhttpd.exe" FullKeyPath="APPDIR\awhttpd.exe"/>
+    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
+    <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
+    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
+    <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
+    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
+    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
+    <ROW Component="crypto_2600des.gif" ComponentId="{7C3C3A24-4053-4A9D-B040-FA671C2FA638}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
+    <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\awhttpd.exe" SelfReg="false" Sequence="1"/>
+    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
+    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.exe" SelfReg="false" Sequence="3"/>
+    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
+    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.dll" SelfReg="false" Sequence="5"/>
+    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.jar" SelfReg="false" Sequence="6"/>
+    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.lib" SelfReg="false" Sequence="7"/>
+    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.static.lib" SelfReg="false" Sequence="8"/>
+    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtlsj.dll" SelfReg="false" Sequence="9"/>
+    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="10"/>
+    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="11"/>
+    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="12"/>
+    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="13"/>
+    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="14"/>
+    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="15"/>
+    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="16"/>
+    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="17"/>
+    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\favicon.ico" SelfReg="false" Sequence="19"/>
+    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\index.html" SelfReg="false" Sequence="20"/>
+    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="18"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;ui.ail&gt;"/>
+    <ROW Path="&lt;ui_en.ail&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="FolderDlg.aip" Path="&lt;FolderDlg.aip&gt;"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;StaticUIStrings.aip&gt;"/>
+    <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
+    <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
+    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
+    <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="3"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="2"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="Not Installed" Sequence="1545"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1300"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
+    <ATTRIBUTE name="Compress" value="1"/>
+    <ATTRIBUTE name="FirstMediaSize" value="0"/>
+    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="InstallationType" value="0"/>
+    <ATTRIBUTE name="MediaSize" value="0"/>
+    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="Package" value="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
+    <ROW Shortcut="awhttpd.exe" Directory_="SHORTCUTDIR" Name="awhttpd" Component_="awhttpd.exe" Target="[#awhttpd.exe]" Description="awhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
+    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/config/awhttpd.msi b/config/awhttpd.msi
new file mode 100755
index 0000000000000000000000000000000000000000..278f1046685a463327df1ed30cc988e920c6fa67
GIT binary patch
literal 681472
zcmeFa2Y4LS756<e8o)GTdNZ&XZ~<#kaYYoXB7qy0Y}4(Pw6YgVTCpox7RIn(z@{40
zA($FMHGvdrsG+w20YZQfdM}31o8I5KWp-8t3?bk9eb4jF=)W^_@45ZnbI(1u=*hor
z_{ya>ZuP3u<J!~7bAISv+gUSYzAo>s{T}2%;W$3{p}V`=8Xw6^6PN?$f&@4W%md9}
z9~^uMaPt3O|1Zda?}>v)xkx!Tf;B(|SPKjQYlAAvOUiydus#?FHULxsXG5?N*cfaA
zHU*o3&A}F6ORyE#8Vm;8fNjBcAOf}rL%<GTN3atZ3WkB<U<BA1>;guDd=Le@f&x$o
zia;?K1xAB0U@RC1#)I8J3D_O%0rmuYfeD}#l!0>404hNh*c()X8n6%87fb~8U^18j
zrh@&zG*Aobz;rMJ%mn*`1HggcAaF1^1RM%xf!QDir2WKs?npj&@*Kfa%B4TFLX!k-
z;Bb%vY0wTjz<jU(+<`w`JdXei!6G1j9>w!$kO9;1DT&JnDR1SOQZBGq&1*Ai3|^{B
z>dbM2q?S0&-Rf6mrGDeLEjoAR<rh5Q5-sO$NdVUx<Xnf-!W~m#*AR;)Vw6%Q?eLEz
zCjDQ-9WMx9BGEr()<(+ZC0Bn>s6KkH#?oEO#z<lRf@?j;bES>w99X^ZrH)8lk!wQr
zUVC*`Hdh?B=N~F|{RMFtMEH`QKPUXJaIk6%6?``Qk~b=M{AJ+>VXtofuS3vzpV;ub
z_j;rJgVHxDud68hW#PMdKQsN4pl=h#!Zo4#k<x<l8%s*chE|O&8(cQ3YHr0)VF;^v
zZ9)DEPaFVNH~qq6gm=kh!ryD7y@pqgE4#6D_|MFPO$c9js_^gC4PWY>O`<dd4@e$L
zJz4{ZUt#_)<@Mk2{|N5;;{U?;w#QDMJDBHAJck0||6<-B{};P3|CevUf5ZPP2vhjI
z_+$CMyodR})E&$Jh4)`h1`0nH{x7ta_shGWFaCc6ZY=+Az@79dLMwfMJm;9_T%HMV
z7?=l|f$;eL_`kTd{9pPJ=>vrSpALloi)<!+K$!opNon`Ix1)F7j-FWV{2q59J#HaA
zuH2)8dpG*n@LhonVei?F+>5x6?{%Nz==)0NO6NxI`?>#R?$;f;-|OdI<@CPuTz#+O
zX75d0eHXb!?ih1Va3{ENbvL<kC(WI5?R|`!y{~n{_g8NArr~(&^|}Xp_MYMOeK&bM
z?@rI&$9TE-iQb9cDLJ>B@iKWCKeI+=&CFVv0hzTk>twW9_%~}GHqE-tzG+{=-&q%7
zQyrEyk!KhZBW-6X!tq--v!1cd#w#0d>r&fU_ttmobJ+JVjm`^eBB6%g*UI@4n_OGT
zzpP32Et|J}$307#eaq%#u9@eo0Y4ppEWHkVbUkF~fyliBk$Ja=&yApkUEy5H_vJ{n
zE8s5LRR4}fGOa<38cF*qN7}4Is+<AM2-?>Zih7vy6z!`O?y$&N?3_#+^PMx0!%ufk
zgKjV_Y$QIO%gF6&MWLUsLOU2KQ2L**E1#&ks`RVM;lH2{lKv02)4e5pMV>r<@)CJD
zB>$9rT0XAgM(GrP!G-+wv*iy7<{|0ixQ3PARDR6fLrZu1nf<PIEn_0j9m0q7p{twz
z7HC%_q=$9L|5GYfRirBBR*d~cF&Ie51Mz1Au)5*Lpq0Kvt_juamya%ct1?x&`!5aO
zmHt}7mP>j16F-gEZ)<2KRBurBM&*La;Uz^Cf2=4h`=s*cN#dK4{s?|;3RXA#CTMpA
za!sf{sdQ|4s$!e6Z+}q@B>&w(_#>m9)eT?D|F_5ha!L7rQu*hK-<OOh?b__;{EGa)
z1`aj`s~f(I2agm-TtWW-qSDv(U&i&DgVhaxIkb{zauI&{u4VfDm;4SO{ZSlB*mA9o
zA6r2*H^~2&%2Jg#!~IsrWp5hcKO(D&eqwdQ7k**0dqVYkRbNyVRp?sS+y9?3k@8mw
zH$Oi`FZNTxY<c0DP(7{Ui^@03fBy?dKwFvccg3&OP5*FcZwm6?g#QaiK(zm#o&GAq
zzYNGVq57iTe`(tn_v;Y;hCF3By}Ica-t!QUYeMw_m7iA3tsE-@j$d#||FaS9wgamh
zzLeEFCalS^mUvyPzByjgnr@FZH^&<zrIRZn!zWLvi%hGmoj$2@MAl$xDxQuv#~a$?
zjbYQ$y7KA~bzN=o@?>*IOY5u|vF1c$tUZxzo!rsfES^tFv|`v1pA=i5p8LkTRG>Vy
zoAOwDd`>deRU2=wh^HG;i8kfDrZL{yo@h$MQxeZevMJIo-r0`^72W|QlS?MdoEvYS
z8&5^}iD=_UA{}Wp;U7Q*5-lAqk@*sf2<c3A#v6%EZ^No&D$<lp#S?Q{BlF^2BO^92
z6>_9K8R?vxXqX!zfw4$SN4h=IoM@e=Q<1d|`9O49TgkI@U3@`%3EsEF+R4C@x_C=l
zGs!L~PqsEDB)KJfcO)81rpDUmmduE!(qb|();gynHYZ+^&54q-L~AV7RWiM;EuJcm
zrQ;<NNsNB0N;Jn?$tmSYx}>zVOZhf4(cD-bOEm`8)8ccK1^J(iP&tW7w$vs&QVn>J
zO5%NcS4nxSKG7O)FR7iIOtm+3w3keuHnFxnm1vz4X)uK*38UbocvSwTDTP>jB$kRt
z@S`Om$qkjN(CH#7ZIEP(^NGm@D$NnpzQ%0vM;a4pvZxEwL~Eoim7GKUOJf>qPR@zM
zS{ozs?3^2Kjl`5sQsnUkabijIqS|*`e1?MZtB;#N>f?=3TMAQDg^M-grHu(?NKr-F
zO*ut6(nJLJ#@u+Q>Om^rkW4kE#mYuH(%7Lg$&i_7C0nDVjV+1RN)^j^ZT#?#cxyvY
zp|g=pw9Ze?i;s-N6RKL1eyQ2<);SbLgiz#bE?Lk_ov)ZUF&b2&AR+MuZIWGNu&J@>
zd5JbD8tT8vt)@s^3XEdJJW1BIRmGaq@n{Y0OhU{0knU=2k1de=C1TRNM~36mnP_e%
zpD5~9{2Cca#oIeltx`o2@pM_Nu~dauL5qn7Deh>gSIw0iZj5WU5(|P&Q_)CbBi1Ba
zx3+Ao)2d$SV$_*RDMlg_<FWbiNPTmxb)F<8-O;8}Z;~3V%qGPqS(RlFbR^M)AM@kQ
z5~hS!6_1gKxMnz#aC~hb$LGYO#%h*%PK!6iQ&NgT5(^x{xl&!?TaHgr70BdxXGC*S
zDIOiJ#F|Fb(}6@RDBRrgs+%^wQdg(xH8x*M8|Sz8s9a(cBB+^FQ<E-jYimx>ehGe3
ztgVfrs$9?>Z<X2-yeM`{PISiWBaO+1juuiRNu>R>;6^uwSVVJcX`T&Kw`3|>)f}6X
zRzIpeKx%_h?xb4O$LGf8C!noWtR7~g-3o&ePy*D8R9woCP))s1wAp}^@9lFb8i|gy
zc(`VLTK&M3=f!u6>|I$ma_W@Yx{-C$O3N!pR#%o*jGQ{XE*g!_jMtZDBUY+11+&^j
zd%TV`^BR$NNpGjHdlgRKNoh{D&Phkb6^u;hVI)RQG$d#YjW}-?=e8!LlAY0MH2Xvf
zJNSj|XefBX3fDZ<LynB3+u{w0rY^}gv2C*TGAYbf`dP&f61w}A>Z6;Eup*%^pIBQ{
z5ow~y)4iJF6V|TEKGqE5XlYBflF74zw;zvQKo;pcf(_O~RX(QqCJj%ZeYDZPX{HUM
z6?vn5ZYtR^XKqCLfOcdE6QAg$nn{(j<R@Thw1al?IFbm&0@zSj8x^^^xhpb+*Z8iQ
zI}hoz1cLIR!p*5^oTVRu_xiIBm#SMaMH_H1U9eP8%15;e$?cXny;CI7LYJK`F(sjd
zg!WXdVIDoE>P)pobZQDh3Pp(-t;yE>Y~Rxk^KTug<qJ9?DquFvQpUz37+)3T+|eqT
zF5F(~6zwN1?3q|2IW^OH!nNnLQq>xxrR{Xx^&K$$8nSW@EVh9>jUgRLt4y><nxye&
zTb>w;hY@5J<1jKjsL_qo%oh4g)$0qph{uSjc+-|lE0IRx+J+#|O6H{F=@G;>sPHMn
zHzkaq)QLAOUm}%CHtTjT;YWolNLMaTk#OW0kr&-9OKmqzKvitAF4iTSD#%i@s!sEY
zE}Ld5<B+t7HOiwSr5&rcAw)R=A0vobWD<cSu1SI<J@sAEUk+E~G+N2U5m76sO-vvW
zLTs~!4oL}ck(x#dg<@)n<)`ChiQ*0L_7-wP5>2~pjSB}89&8?wv=+1^b@R22E#Q(!
zq)c^oV%O2y!&Y%4l{-X5>Lom!0*RM42%ilxXw&H!&SR)546~QC*z{Dyn_?Z!?GbCI
z`a|+J9Z$_CPW7-Bg0XBfIxU%OuYkoVu2Y9i3IiBIv-Ik@ajF#`QV6w;RD^VOGTp8s
zF5+FADjPag-V<$_NzX{6+B;&+Ii3^mNSHSZ(^f*d#A&{EfLvyxL$y#WTX#{pInaw(
z#AJzo+uW|S@EOg%NI@^ko)HVRZj}IA9K9S)Z%rTth8wt)X*Rkvo)qJdwk)@ZMv&0p
zq((;9xlb!sLGWyhHz6h>qtOyg`!-F9@sLh|De)kbs3~CbRg#Mjs<_h~_4$fnceF~$
z>83m^t^9~Ws|$G6RMo_D1R=?K6?17aiW%tvRFCe=2Bdw?raBrag$s#PZ32~!B1wV}
zo0{OCn)}8gGQu<zS+0eQs4JYQX|{80PsQU=sYbP>Q)_76h@JXZlB}9{AaV#(k|Zcn
zv4a+Yp{7yBXd=(frvaC?*V3!P>noa@YdcbODi}&P)-07e(GZ^&Z%MWz<x35pEL_Wu
z{-$-bmMRuZw}4;q>9ix`hP;H5;6zBPjmJ_AbLp7WU`(PJ6nak)BZj~-2l*SJHF%j7
zyp=HIQypwFRZ`QMu&)&<`z9RNyh|{F!&$l6+Mz3}%B-{vPd89<y*aH#7%FhU=2h{B
zJRBK`WaBb2l8wwr)eD$7C@-Y|f*5K^JROyM6c%DLVq^qaKb~q}BrLKrGPJH}u%zY~
zJ)>v^s4vaQ7&SOLLlgjJ{HnVxX>8UnI*G{)0#ZtGAg&nuwRc6!%0%*@Lz0{kDZ{cb
z(@zQ8Zdcr)AxVu@qaaJ7A{S|nH%U`WwPx90eUdgM)l3=@y#$?$sjk-7Qp^AC$Wz7#
zk|%W6?F@n$av=<v22T5sewo~kDI;PV8BTt{7pXldkwr%Yc_*IOP;|GbScj5SVCtrj
z1OMt7-_<8kAdHM4J0N_tN~J&$rO%?tHmUJXI~~6vi<U-;i}FPd=#&Pmx^&&{84s!y
z1mc7dIB430t9ZC>=!#?5D3)1|X9aJSh}x-E@&MsU7=xrJu+&v$q~?bvQ?rq)rfSY@
z*S|K)f4VScCK}u4s-M+&vww9ml{i8KtY)(NSF9OQ4^@egI0{2}2$}^-k|D6oD-rv$
z3KXM_kZhtpXhlj3vVaJxQUl{KA!Nr?vW2X~rSZ}>HgOmD94&2CL!F-aZwI<+T+l~s
zkhMBR%t2PCVya;5Xoe8$<I)%mt436vA{qdUN{ukd@ZLyUs{12G2u`@m5umb>B*Rl8
zoQrZzc)3UsR`G$`E?Nsche$9gR)$MaMzm1Ve+K=k)>cI)A|NVTqo5>4ss(D56_Pzl
zDdd850u^O2PDAQyi58R;mK2qYDj8ieres{n_>w{l#*`F}Eh!vVQdCe<gl$nt(WsK5
z(IrJ=N{Wk0ii=B%N0k)wKDMNIT*)Z@#+QsPC>dQ;GP<~A^eCIvK|4x^#SP0Z%$T7|
zWQCY;sE+0s+D$Wp)ZJ^S7Y{Uwb)o7dB_DM36q-oq<RlqK>ugHQp}Pshzv(s7ZOceT
z6t8Ajpz;}+T{1;Ht7ilZtA>%ZQ)eY8+dVfc{R;tT;mvgawww&pqw-iCG=a7Da7=qB
z&?QUNS3we2DFW4>FhrV<Od?W*Z5q+KL_1=>8U=*MmTJ7+Pia<Ywd7<pBB?|}NMA))
zl+_WU4?;Pj2JaA=mZ(R5)RaJpq(!G-3@YqQ8g*8tQ8JLJo@wd(RQG1vfTg1$v?5{K
ztda2_YEjAWa5f4FC6{evT7DAQTgKjj+@vZkA~~Z|Bb`dTY;{uYNlH=?C{1`&lzUQ^
z9j)}ITEm@VFY<kj42wmePM4ye(c>h>F^%!&1WID6kw}`-KTrh%K}@B=Sg1}StwbVW
zR`k!3zyt~d#&BpsYc<nRev=^`X$A_^msk**>F1>vQbSd=cFjpCGSk(i5AP7Ib-fJM
z<5ZG^4vDB?;4DcRDTt#24b(I;95iK7r$&}C86drwa7R%>tNJIBQnb8$s+Q!+=f)f6
zl_eL@N+?QFY(;q80k$VFGrgHA0|{4)DP}0xQ|eP0AS|Z587mQ<daKcGMkx|aNdC^D
z1hf_?G`No{8FyAt9p$q^i3&zXP*FZ*5_zBtnNCNQLMT$I3)hOp$Z!+qy{FeyjEI(|
z<|q|n(rVgc#z1+YVy*?{bX4iAB<Wgtr8~JP6DzG6OSIk6ScRn3wn8OjtEh@pq|;0#
zK(I!ji;7p}b^Fg+z{OCfrj?v;sMZQ};myTClI@5jp-8Nf9m#NtbX+#}yyC-rngl~r
zrJ<Dw?O{ThIHkOF;;h=rX)`LPiQ*xvqe?c%i;JR-&CNqZyc~k&GGV@}s3;IJN0y!!
zM8@Qx2tuX+dgi@Ufa-nAr>X8#<<|(2i4=cmVZ@$jqngrwL|l^D5lUS#hc2yLqP}L^
zA0jg>E8dcz!%Mb~R6H}t-;R2`O$XiPoH(*9Jfm^9NWsX$kwxfKYl!A7`3a&=DTKxW
zreX_4Ke|H#rbbD_3RNkiZlWwz@}iNMrswWV$<$ISJV!ch$p}hThOH_D$pm?+k!Bmj
zNQIzUGU_*_1T<~}3T^yj5h#^frl;%>?3gyC{Ykf?7?<j<Z0Dm2MRapY!>XkoBo5sv
zP;&x*auxfMlwozLj`%R`yBY6?JW~Ca@E1MESAq6q?lKQE2caExVA{&8!(`~1Y&HJ&
zkx1#*tpZk$UJWyoww_c?ccf^l#KS}?T}ky=eaR#6+H^`;<#SDAFxU}pVMidU#!&Eq
z!;w}GrYon_u0;ctwe(Y}{|w12l20~7J=(!b1YFxY(2&*eT8q@3bLkNb)1`c*-I+0q
za-ljYwDJta%-o#OeZeX<kGE1L?b}q{kUoXcsdS&odhwSUU?lDw8B5|D-8Zi0ZiOqz
z*j<=)SILx$vU2HZ^(1Yjo*R_f5>gKJ)kBSxA-D3v4vmOhu4g%28LUhc6DqADV>2-<
zVxF36mEeN%P`YKiazK{}<W>rj*)`FPs|d<W4l)silk0;h_b6vQXQ*ir1H>rN9#)Y@
zvorDd7jTNG7E@%X9FMiwQHMw_nuZAy6!NW+sg;r8QDg*RyV1)1S=PXd@@06mrhLi>
z=`oO75b}Sl3l-*odd7-EEKG<7jN?~kcA5|U9Bx-fzSs!X1XCnY%z}9a-TNzXMln;>
zR$3#WzLm1=F>aFLGLg{_qwZ6|DaBu(q1K>_v5ZdjIK~qKkX0f`O4K4Ha?(GmX=-81
zZE=3!rEO$1xhx!_K8e62f!U#zlGCXlB5N_hJxAJ+;uKU15rrbQNQ{t7jntY*N?a1d
z2bxP84{Tc!c+)yZ$5M|1bdy)|c1*u3F$~SdPY7;!rz26y2uMPcFMJ3|cFI>0sF{w=
z2b!A9dh5oa2*{oKWPNgh8Y2CK3>XAjtCr_j0iBg8sQ#t5w3?$(w;Du1WgR}~1gc?o
z?=g2yo0f@wJ(yGDWyR2R%ynXoG%ekP$l}qprS#0;ot`VHhAPYe<A*9m*lb#@+L({1
zoYg~?M(UHuOUTnY`Ko^nX6(sl9i|awy9^a6i76RED@am&HCjcrnhsLB5{Z!(&_zz5
zR|sh+e|43o;jNOi=8kk#NGMv}IWU|~#c7uD%8CY&7JFHQh52&2FQc{8nIQv9<XhGA
zgv+0nB&(QgJ0c6E=fi0((+v#Oct?5JpUO}#()n?Hp{7YAo9n=4O|~+<QSnmpNt%$J
zq!fiFG6>%h)jqUqDLSGnu{SBxt(CIXV{O}}Oxy`g%3A2t$o9Gl3hUQGO-iei8oC;g
znzpY{D~)F9M`a%xM{Q&KRGY^VMH9Q~cypVCH<zb$Q8X3PJqDtIQG}>yS>B@sEoSFY
zr~E3K)F3*d`m|ZnztYo?uco@wP)|0c7D~P?*zy=%e>0LcHBXlhIwVZ8)vOv(Uib*B
zzha_ar_5P3GEcD<UFd40u6t}#4Rp97g2;Lbc!UzdlaaQLG<tBEzro66uZ@Y3_QO%3
zL8!SdQ$wN=8y6#z{4D>g5Q<sC7)q$F+e8Mf#$3~vG%>@<P|B)kvI%KGh+#|>tu7}m
zO8ps9AqSJ{rkgO%$c<Q}AiuDnfVDVeLKGEP3tW>{A+rv2s3Rj{sm)TV24HAw0m{s{
ztTh;25NS|>(#NTKXvUtp6A#v(w2QvX@NJ{if^8W6l(wu#$(R#GCJa02+*$cDBS=>;
zW%9FA)t+qYnW*|C%ET5iwE_1|m8k(d^w7=Jgc7uQB5;>fDivi(HA8w??AR&I7R@eQ
zN28VKb#K)kV{JyjimZqeRAm{+Ak#AN5~KcxiB>d%8>rE%R(S>vbR*G9c+pUIu#5vH
z4Fj2j3R)I&h`bt%t&Q|kp;tz#el2(QLsu20H-V4N>eIE!puV^n@lw5kA*mEC>aUbe
z(UvKtY@ewV{jOf8V#gF(L!ZV?iov&X+J|&yBOHPANXDs_pjHQxb4Hp_qKER9R>@l4
zBr{nE^rl(roEA2cqdZpu_MQ7boqv@o-$+v+oNKm_tqj6D!xM}uI76gsfz-YTt6~{S
z1^k0V$nqB$1~o?78sjIE16di|uF+@`4i#zdWW6VaiYhc(u9!}hTAUFUP6Ab@2rgQK
zp{iDRR3>X$Oyvw$$iQijVR%$8GA>nG2x(zfy#zm$7Hn#~WP$k1g2c2QFEf}>3zGv0
zPOKYsX0b|^l(0lXcbj@jF*lO7Yu5hLHe|4;bi>RY$5P0Wt;ooFF|LsdJ6e_EgpsvO
z^^5!))x+-aI%!FQ79*`B7mRRCe1q|BV?0`i$}`UL%myXw!nYCn=`<;~k+2#W`k<)M
zy`8NDIr$RIg`0)l61u3yts_+r(p_ma2vTwpeOJutDNyZo)GKmX0MkjWvT6<!M?DoG
zeJ=vET`8jFCFM+(R7tf$b72+NN|WA0iGEPz5M5){$b-hmI${_iOiSYXzgt+K3xb6#
zZF<QLIZD=K)2h+{r_3%53dMztVxpvjfhcQ$Wr|7GT@Yop(xzS(q3Y40_EfSpoksJl
z2A(9bAgVJ@mx!!)(`w9Mi3A=o?}Rg1B0=_sn78RWgUFb4NXTj$O({soxv5gpX7JpY
zM2-@LpUzw9k3(gqqKZ^tMxafJ1w^!wii{&u)}gAR7F62=Q_r>Nq{E9=bm-N)YQbHY
zIoSGcsZDiP%3Iw}Hd?2R(f%BU7)!5Ze}QwAlN4*ZU9%`FXTq257&@%8%PkwGfRoKy
z%9r{cRBOc$RIbs-!(!B`L5f8dsHw0d6j8oeLJD~f8A$8Yiw$~2Pe?^&msPa{BWA<x
zd(Og&mRs?y%2t+yC0j*>EY(K^Xi6!bwW71r19YJYdN3K+oBESWi-j=GbWYX>Tsf5Q
zMmegNuuEY!WSM=hGBFc}LiQsu?0Z3*WPffP=f_x<BDz@<*-BPWrD{xnAD0j59@r)T
zXV1}>&W+1j9^Jxfl&j%PKa60_XG1EPj!x3+8kB`m>#0rzwy1X8^z=@(1!?O9*lg5)
zsdQBJ)@F5lp8`|=;+D3NbrQd*tCy?_`tOc<S#D4-<ECVG{cg{iV#$LA0m1_qanKs1
zju=saFD+5<0=rX-KC%kTka9@Rw3Nf_rB>1#hbp!nuQOB+C63Utb6nDQ*>%|HDa^v@
z?4)8S9DFe==GCg=B&&-WlkFqS@`j+A=IBgREw&3Fv_KN(FUmS_X_%=r&)TY~<tT&M
zGbCSq&wXh7Eaj~1t8v?>yCytTo~p(Rb61@!)1VSs)VRbe#8G8LA4O-6J{%pt>MRUt
zB%iLF?uQzw7FFP+iZTdg{>UC(2i!;noGXM#18u^gW}V`NTIL`xioZlzbtlebT}rW3
zB`a=dA(+_6bdP4^EwnXSjG6LDG|7~YI0<+VoYBn0{jZr#v}STmhzqJu$$HH*;e)1Y
zr;lf9kW>-P(0pl5HukaJUY5d4HC;-t8YO=95N46t=z=A$#WJg8q_L?r-SJ2^hKaPy
z=t#b0&Com=@uZe%5^|iq1%Y6kC9{^<m6F0&44X8iAWgluW>op1DG>41MgXJ)GEDa|
zeXB-=3+j?rwUDt9%%XEwrekD)!4ewgJ0-5UX%QbKg{E2zrzcf=EM?RoLp&B%u$*7S
zA?dHA93>tjY>IUW8oe<Ds#FzA;G^fNj2sWDWQ&8u#q4#^;<HM*sK1o}r)VS@N}eKp
z1**hgZ88raWMU~<M8i<qV0&z#GN##GR5eHyqNoY@Oz<*`c|g10N%DiN4D8HML6qdu
zjKgcz1DaX2b72XMKju`IPQpZCqFUq%tJbOpGk>M}RXb5)7ayr!fSy8AvYH}6nTU94
z`gOe|AXd+En(&S}-KvzP*KVGZWXbk3DNH>gm-JX~uxwzbgUt6uWdp(LEO?;+Bwx^Y
z{+IJ6GUFiACcp9=hN|zT)&0~QhNO8$BHsD`++>j?dOjhV*-$mX7ZxPdM5nGdS*2Z|
zf)-mn&NEB8LQGRyMst$wNR6zs&Q4dGS=TzLXEJ9xZ>ntnRNGC{0h=tTqKyZ$*E!n*
zVsK8;?CX9@qFRw`VPL6$H9L?hrDQWL-ZNchLr_B&y<imSCK?%@UFv1W1S2F;Q|b?c
zqxRzE!DKiANECG}vMI>EMf8ptB+K+X7V=cds92;TnT*&YQZ#1VsN&J1MvsXM-@9^h
z<+PgeS*6S{?-40jfWlQ>Bc`L95vT?qPJ%8C75zTrKS{Qd31hP<g2AI!w%v^gs;ZYZ
zg1FsUCY%$AgMy5=%M>hgtZGD0#0{lT1XKD(-Jtia!FZJTZ+4Q=wpmNAz0#xKY?Y$F
zv3t-^pw6pl%;{Wh??f7dUMaLrQssq~+{7_`F3arYO_lp@iaF;@_M*1Yi#6JqL6Mb$
zCfd|xDHf&bu-XRIYY{NnhOf#mQ;F1qNUF2AinPY#Xj^n4z_(by&j?^*EZuH*(yEFP
z=!En@L`R%5VX>VV;Y%e|6Ada0qcdc3J3cXn+Cj>W(+`;C2!!%ro_f9_i%v>5b~I<V
zJf?$QK#Bi)g$SiUOA+-Xq{c;{D=<oI!m-=TDpVXbb!52N1*bPI>vg&*W(J6K%LwCF
zO@)qy4boOHIJj2&F&x$tB)#^uQK3w<(B`Wtd{f18A{!beM26R@Ik2c+5~u^t3d1HM
zDYZS;#siIuk(Et^Cz`a{r_^g5AYHg@tnI_4T_03a5sH8~)Gnw|Cd!u3dTyVrNiu2c
z&xOf?9yt+Eqpy}6GHE~u$aF5>J)&dMp*VBg(%49fh9KBzs3Y{#^eQBjZ@p5kyqD#R
zCgqmUrr16u-Tl$Zc^*1l!C4yFiqNkk4g)ccU}x%7j{Y4@O3qg!D_EIoWkIb};v5RF
zA$H005LNMw2x3@cimYo%A_0rW*D9ASqsW=Z35`i@kXk!4nXXB);J?x~37?Th9M&}j
z;{_FhW<)s}CiaeS+5>tYVc3ya6Vf*#lBAm?2@jNc@ix|#zyZk~HM^nNbT}C0*e2Qd
zPfXMlx?<;MN;0Is3$b!y4X4-pff$zt+6+-EqrA3T3W6-ti_P`=n{-Xi7^TNNV&KGV
zMrRa7MGTEJTbhzG)YLlnUs3aC%fci$C<Yyn6oxHwDX~zt3{Q_R{YCHmmuV)1D5V+~
zXTx?LCgn41uVJ$Orm=z9K=e}SL@8UeTk4y;>@(Xnq@}+J4<33+EviFOy{60-ghrm>
zHP;deQO!uVL}#g{E~wiQs7&?f_5NZxr#V?q-3r;M2uzB#CYqG0H9NaVm#eF9HU_y7
zXfcj-O%>lI4~*Ac;dD#Z)?ue=o>U;qRmC7*4^?IJwLVHE?2B@ugm6psvmKNF6*MU{
zFy*peuSxBBkXKn!$)et@p(;zs#(Hu|<t39Rve1ksm!<0MS*cyP8Z;Cw_enz7_L7Z2
z(1HJiP#hVq^g&7%w4+C4H#QYAMvFI&=pBVw;d(>4Wy1_5+IpquA%nU7-bt*ErPcOl
zhH^B{Mp?kXl#0p}y;V%~9x6*!{sg;EdkfwY6?Hg*s=>rcDwB90;x<1+xg{*oj9*}g
z60I3%las8f(360ATpI{pwmuo!s0x_sS7={~>`SqI8ATkKa%q@bt+dT){pe%0Df3F4
zdZ2aEW(SaJeae{1YR<xn($%v<l>!f?SQhx0-Ije<nW(JNEwzU)%uvTyiSJ^pr*u#w
zSZm9;`n0T&`JdD*wdz;B=2X3~6C}<om98pv(ioIvO?ROe+{rS8>^M!$E}^K;QLE*I
zAlfcXrPxG{9jwA0mlAaFI=-R2>fw1*MgnRJqB<-?wNmZBVq~?PLDZ%@BG_Cid`3?w
zCJetA)v_#DB^WlKdx4)$E~KV!$gao!nQ;wyp~{09E_?7<PUe_Qqf@um!RZ!iJBNt7
zn#PQ4mGBdOH*JEQ8hbEB!rCah*}^?!RD@y|-UPdCkJd-ob4jhzInZyF%f`CDde;|4
zHj`%Mq)k`5kPBP)Fwzmx^-t*PWaNU@Et&es;$ii=A<YR*3O;M4s$u^%Bt#h0l57-y
zURh`TQXD16aWKSG>`b<-sx|Yv$JOI<mT#}lc`{bsGJ=TIi++xD(JU+A8{y5PJz5zO
zk2;A4o)cbel$8Wl<B%Ga=I}`>I(Uk@&!bcVJ~^vK_fN9QUe37*M?iYifROH5Eh#r6
zv>uFG*B~b7VbfFD*hgNfo~UO}DGG=hS+r&S3iVg0k<pr>agk{_f>tVoP(F*9PF0%@
zK?f(>S`2$ntATGs?QRJ+H|miposx1Jo!WtvmYy4E0m5m{3SssDD5ZLnRak1kt2|cH
zdf>Z`YQRvD-nBSyM*}i8Mbv|hn=LH#Rp>}ioHTYcw98gNX|{G9i71?iol-1^bli4<
z5nEiP8LJquxKkEgg}Az^+p)-gXmMnbRby5s9<^qiJ3>bAr_@}KD9I;S;}m2{wuqo5
zAnQKlCx`8bI#YWmMPq5SG={!OHtuD8q-Ytqv`44K8WYJfwK2I4S9F)Z;;9ZP@!T#)
zRo<JO;^7sQWLeIBh8#z$qfX9o5a`nNB3SCf&)$VFhqJlbl-NC&<`-H!oZY_NDJLUX
zIo>R{mGrTv`d2;tASY=m1C=yn>VMD5rnChnHj&(I5!zG+W<O_Rgi6vcT*hq`&f<rb
zp4gtG$1yVSQTfZvnyvZjuq5fMMAB>T<tCVoO{M0^5Lr3T_4a=~6Wb#+(g%B0BZdB>
z9fb;|yma8Dt2u$08;mfAUw8ge&pr@kJ^K-i%Kle7KtxX?<*BCINlk&)*W@Ns1Z<Y$
zNLmBsgx*@0J<i8!zsQbkzeom)W<vVraL=K9V*n?eO~CUEqt;Uyx}#{4F_qRsDXkfb
zrI|erj<o{}Nkbpx*80EFl}UrJIvTwm%kq{!Lafo#wUZc}npdOw>#<Wc(V`lP&LFe+
zfde_DJ^sw452~^0rmORc?bEE_R2`086hX-bdSBIn>GiHsXo&=S&l5Txb+I|&ateC*
zP$8+_He7%WRx95}0jijwQ?~h)o&Hym&aNm>S&aA<ESJz}P*pQD^`~P=t7URArPeO|
zavt?RO=xcWp&2l;nNR<oZa1$qCA-F&#r!RtyrdLQX@oVV{`*ob>#{Z4WJ=d~r1g;I
zW8d8MeygV{4MmPhB8Phz6Jd=UYsb`-jutUU>4ZoOWy2COQMUM{F4>K@devHUmyM+!
zIsHPvB-{>GU|9W5I(OYQD>j;&s1tn_sIVTRTguT;nrRA^L*a=xU2tkcgOrvu#|EBK
zfvuGmk%RfKT1u9K)yg&F$}$`&am=HUT}MU^mbKv=w5XOg=**OvO>=VbG&M&=UN$AO
zBZ@xSUY%-tTAmHFN!EvO0%4nNWG3J;H1lc&%5Es*b-D1yJTSAtwc=tVA4TdT*(UGf
zc&|{bV`PK{lh%pM9OpREU&f7mXh-%mjdbu52n#`0AoieQmBs7G_XizyNOWc_!CDNx
zrIOUksz5k7A_fblu<Gf9n9G7$mP1PlOxBy!$zW4yUu+pjpI}HrnheP%8=-7e@i@V%
z@eUU7!-iOrh&ZIe=#i_OdWc*{S>a%2f}@IAAYi8hQD;w4u{YjJCq|>t(}j8+Jtrzl
z#F-!IkrTQ*mF+@mU_##TM|+Xe#w9(KcCTL_iBro;P5rBts3+Rhkpp_cDoxeI$1JZQ
z<|+~sIe%`7oG!JuNYqnFmYj_y$<t?~=~idmO0<Z!K5DgA5+N}eQLAft9SbZ4J#s6c
zn~pa!{g714AGDH=cu2Fh0mRaZT6|H5A8}lbw7yp9e9bVL4LRz>cgcK4b9QT*kcD(n
z*-B%`S5NfJVGmiZrdN9CDLv`Q<UmC&ok;ZxVx;1N{jRpl>pRf?*b&N1U3b;87$sIn
za|j2adQ4@l4hvb$R8|BVjkRQ%lgdDtlXhno2nH!qk)Zm9b2+f2{Mk2>9n$t*?V_at
z+}phtQfOLMR;xdVzdCwVv9oYGIb03iM;0eliWT2%ZOm6|;s{lp*khIF*#d}GC)<&l
zr7Fx-Z@u$J_B+fqbBpH4(|j2ls9ifYx5WSkAQ57<V7^{SCQ2dQK*gM{LvPE{Cled$
zxr{|a<k3hiJNC+38d=U-GFGBR-gW9;fJSbE3s01p4T(Za-VnNUG)k_M^TgHJ!J_Yu
z&YVY~S~h@cge5$*cQsNI7vW_%G-S15H7Mw4FrbiN!fi{6+mvT`SIv(fNGzW8H)5f`
zL^#ujrN^w!NmVLQD5!avVCg_wJZd(pC_=MIRt=;g$AmuGA2nImV*XEtZFQpQ3AltM
z7X6<1Yl+k5)Z})|bZYT&hMwpT)4@Q)D@U|<uz4G{St9TwVJBLHunlpqu=)2N;h+s!
zUqOp%xwgG4`#(k`{%JALL&Ubw1`ow2X>+PfOlhh@mUhU#g+`e%GZnTSf2Ec2t@Vf^
zl8U$Xp9++7<Wh=r(c}<nTBJIg+t6AO2+gE0bv=YMY7gW6w7tuumUDnfWcV~W6lia~
zskco2-HAHttRTN=^k~k3fpCw=w8$=zqS0e^-djHpE!w$kM6?QFSSos;QtT0YPW?q9
zQu9I4h?S>w{+MXlV*!XyiwJbZg_2I$o+txbNhEDUSD2i_%6hBRcgl|3)aw>VE3&9m
zZnAQC;jV>6L1w5uZ{z^6(t4^9%&f@{EuD8nLzQEQ3|~>}ONro(VuH+I9s%P~QiPOX
z&Yp5{o~4SaDuT?%Np`SISv6_b;^{&~@6NvjpmUv=sJ9s;1r(^T1A)_SWKiNJ=L)I)
z#KDZLJ*$yu!kd2jwEuRI3YrrfV24D7Bl>N#z9Pv=l3=TcE~`G{^P^oDYHD>dkK~3r
z(m<N4q)TOQIB?aQSRP}G$wW-q^=N$73bidfB*Fend(x8{H3xkJg3UOY)d)7SnYN-+
z)Dk<aPlv6vzDVI1<xo?qVFtpNopw}mpd`zTC4=%5Gf5Z`6qi&CGeID4ocYX}ECggd
z=}Zn!Ow`v@NE-Up$J>-nuMu7&q*}8s|NN#$rs&4RN@g>MAl;?v!GpPCEgOYa;ut5>
z+c>7EQ8DD~ERQY*;%zki(g5&W_4%Pg>18dkklNDI-M=~P$~cw5r*0|Ih{*H6Ts9?!
z?96}RnQA&tNiL+i6QzENYo#GkDkGV82s@UdZ<1q@8Q6+uOJ$acooN}0r>2yx_K2*~
zV<~C*Szog!+e)Hk$*4%NdR-%-3}M~wkf_PEa<oZeANthADSJufKk%sIWZQL8B+fax
z5j8yx-JN)1`$KX-NR6d!5ka<vvrNZMvPNVBGFKitU-g(NaAj((6e&XlbH1yoL_s_f
zttuX-)BC>?k9sxoQG+d&P&KzwuPav0LNZ!}-VY}G0N5!jA{cy`eS3<X8SbdKjV(Qr
zTOTksqg1yX$%wNo7dMiuWj%UPj})OHk#mPw#-w(VSXa_#W6r))S%ydFAn!H$>}|fP
z;C<SJ0bX;n`oB(Qe$kAPg@RRZ%G&x744>5z-gsjSW*GLayqOtqCK4Pg&%fo7z2f}i
z2I*fa7bI9Ft#+_6*Ve2?qEiw4&~89V$*Oamd6fa65SOc+{m8~@AeWYjQ9Z>--)NSE
z^_+7|8w1lX*-uk#Q2fyT;wg2MXbs1JT7ybkaA8CF=PluHiD6Bnm@F(Pt*ojlEkY_8
zUsakvs<>cO{<xx|vH4ZwD=P{r$CQmLEht?S>zv!(-qsl9IMs#YOAAZOMi-2gb53wD
zwxA-vw4k6Uzr12x(U_w0(oy3Jix+ivcFwA(nbyQV7h-ZY%Fn{F<HwYj6_k$8A5&B~
zDu2}I;==sW;^Kn*@nywhM->&6jU79F{G!-`_U3f-uvn^e>Qvk>tSqb?KW6OMQTb!b
zs>*RxHa@=$SNT=t1?6Lk3&$4~R#hzG9|_b}*3GJ!Tw4eCkbf(n-wKVzq|%znb-dfB
z5bJ-bhoOF%Jf+TRi{g!#R_<Rnt#a?k?t4atOim7ACyY#&@LvS92DVnzmAXi^9x|<U
zK}IW(HoRqWUCyR$78bUmV{FDF7U?S{Wb34?sxZ~h`e8OU(HivP?=;e+8r1SH+~l7e
zsD)=ewj8A=CFpJ1<EF}>SYXg@*LO;#o8H>itJ=wIylNlBN&YEGI7Cy&^qE(-hRNnd
zVx#SPR7WFeA@!gYvNX~Nbia|CAKEOm>$+CWpyN*Z7@Cbba>8a6r80f$-qT7eDtF&g
z3Pn??n44EMvNo>a4m4zD)wP{uuzs^;7`6@C<+Mq`0l`MQ%7g~1{nPR_y)_k|W520F
zx{B)GJ%$XCT2)&;Wm;YN^g60;=+#)(l}_W|U|}_@Zi;bS8*i7GnM$M-LALz)hZY=T
zsdTC7pxCly6Bt?cpkkNH5<*701hWP?Tq0|%iZ=Uc*+$lc!Z3^@YnD^ymV25~tEreN
z8$f%Pu`&({Nqyy(47JrPJk#qqY*V2dQvVlIx7)~+X`E)raNGPdOi@hIamkrhS=NnS
zAN2{`m?~6SF{x%UPbn?+K2`o{rZKSZ>KR**PB#n3V?woIZq_#$nOUiUzQLZyBFnQw
zLx1Vf%z81i5Jmr&8|e@eA-M>ph!&KdaD3-u=RJP2|1*3M{~7#4=Tm2u^Mm8M`u~Vu
z>U`&X<9r3}09XDqxjZ*;Z{_V={=2yEZ0>I57P+HbZ9d)|$$u*k{~z;3j{cA1_Sx<p
z@1E!`aTmKMyPLbaxaH2D+!5{{++pqw?)Ch4^Y7fr&NJ>0Zl33Q+Kr9hU}AQ(Gs`*9
zbqRNdw}Ss{UhZt=PVfdgv%LG92c4ML=rwu!IUQcoOM5Ne;odwi;dOcoy+vM^ceJ;}
zn}Lh{`M=pK<o~LB2fBluGre=YvoW9SEccdqk(H5^{;B?Qe|h%`@9fBmZtm)pkn<}h
zLst%6G2!Cwi*a&%^$MU&^>6n|c}`d{^wjE=)u(nZ^N*=su?cR3YUqmUQ@!Ky3xBFt
zbT7ltWkoBwG1a%fyy)Vhl|xT0!UeV`R<E2OA@lUEm~iTZi}B-Bu_;=)N!ZN_=i;Ij
zMc8Kj$y{87FGaYP5F}Rm*?ot&mw1zsD;(VD7z~9XoQ`aWCS<6+<4N_32)9ZbIY3H?
zhtT@Rc*i^E4_z@-{8q8GahY(jj#>Aql6T@Vv#k15@@7T%#kY93dv|zi=WUR;Vcy1h
zo91nv_io<%d8_h1$@@><XL(=deVzAh-uHRkdA;d2&%52*Jns&mZ~bQJKF|A5`S(%Y
zJ9+QreT;vf;@=l}U*&z1_g&r(dCuK#=DC?pX6La^#%Xgi&IF$O0LRNXgWSw{dpMbz
zDkqa)otIg;wUhaDQzvucNGG%7eop4lt(?qLl}=`hDlc>JMo#9j4soZi5Ar_9v+qCl
zJTLFOAE(RU=W5(;X5-A7nY@gb@iS{=*3PVxSvRvuW?*Km%!ZkbGV5j5&kV?HkQtQO
zjaG6fSljWOp*;D&#m*$2l!w$!ekuD?H=(9Vt=BcbdS!&N^_NS1_pYd3=`YVv-a}~@
z&|W-r<tBG*a!2<a{-xCCQwyCUXSB1MQ{l{Z7CFZ|r#M$SH#+}vUWd1=a`N1D+)dyQ
zW84XD+--7`ZpuBzz1IE8y~SI@AK(wpliT%ue=YwOYQx%jj-SU(Y4~emqH<E_hR#&=
z?q=k^)02B0(ozA|1ABq>!A!6g>72^bck-Macn-v56weu$xA9!ZU(X-t5ArwiH}N;~
zxA3>}2m9Ol+xgr3L;M~6q5g1xXMdz0^$YwWzt|t`kM+m<CH@}%Uj78X%&+jP{Azz6
zf1*FxpXyKZ>--u1{{Dgf!TzECY`@-b^qc%S{@VV!{`&p~{)Ya>{-*xs{+9mM{x*aW
zA&edTo%~_`2!9tp-`~|QB#cr17=N6<o4>oiC+RQs%l%4!Z@<Rh*PrB1@%Qs<{ptQp
z{{a6W{}6wcAM+dhIAKVcN?Ny(H1Uk^T$@~wG_Jw-BA)!ObY~7vpXaU0-gAz0u61s3
zF7__*F7+<=eoGVoop-(Wd+!GCM(+>aAH6?$fA((j9`+vb9`zpgp78$WJ?TB={oQ-U
zd)9l-`-k_u_fPKy??vw=?_b`_-oL$9yw|+fy*Io!y|=u#y?4BKz4yHLy$`*Qy;a^P
z-lyJwywAMPy)V2ky|28ly>Gm4z3;s5y&t@8FX12NH~X!m*>N7!C9cc5$L~YRPADET
zRF8R2d;Pn3HODVa_ks73GJVXme()c;bLb?{x&8;<Jio<n%sh7bXUDv=II{S-#g{C5
z==_(CUvT_c%MUwm+<6zC=bZo5@`KOV@yxr=7<fYaX-_Umo&Hc}i?gpf=cdJ{A9KTT
z&!2X{3EwQ6a6-j7e>&@#bB{c`?cC~9-#F!(<F7k)&}oBDnSJ8$lQO65f9xw~pSSd*
zW7k@|;o^zMy>L$RlHZ;%V96;bjas_ur29_1<>b1Pzgzm3W2c_=!I?|Xd^+>Sv1^~O
z$?+cb*mE|g441e&dS`lv`)R+!@ASL;h5jP{X#W_0v46b3#9!*4<ex%Ew#+}>Kf^!E
zKgU1MzrbJNU+iD%U+!PwU+G`%U+Z7zU+>@G|H1#0f0KWUf1Cdo|4#pI{~rIZ{{8*~
z{zLvF{$u_V{*(UG{xkk_{_}oCUef=K-{z<Mc7MLVz(2x2(m%@2_{aLk`6m$OiT=rc
z(m%~VFK@Yjrhm47u7AFNp?{HoiGP{@TmN_dRsJ>pnRzSy-}^WEfAs(C-|XM&-|pYx
z-{qf@cdvh+e|p}7{=@#G{^S1N{HOfC`_KCS@VBJ>Zb^EFnsjf^b348t&RYPpI#>Dp
zXMA}SH~;is@LlZsx+UMFjcjG$@T9dw2B}*14s~ECZ;^=lbgmlUI0NC+@*nHPXabP-
zBUdI=U$kpwEH>)T$z<dWaPxBa-FNd8lWz6LziXE_z%54d)91A`lViNJ^Y+_91_QqQ
za^Y>)WDS-qJNou(u51eomM-{m;WeGX_kbl!mMy%p^CN3NfPaYLT=`M<d&!ba_rQ-j
z1N+XSUg?G?_&)0G>zyS_maN5C+gZAF>41-p_~@>$lznGr*~MQuORoRuuA`S^u<Fd5
zc>Y(;Ngus`^Os+>$v>yhod5NC&VY|@zxn8+2VlP>v#k4k$60#&%_g+ArAtpd9Rr-o
zrNZQUfVkyaAU4Efz-JY5O<CYbc=G-B{HEr|_?GbG`-je^Ci#}|<ojbG5PAtu?1g}D
z9Uk^Vz&DqK_t{ZGpzL*cokAe)O?aI`z_$(0#>a%Gqf2~scoJ=OneZf-;3B;2r5vu>
ztGoN|4alvvs1bPz$l={tIC(!%4W;^t2%(VSc{hfu9QXUL95=5IxR~{6_Z{6c0e=s2
z>-hkDr~dltp?}=aJM~)r`l{!5zjU{=>XF|$&#dZpZhWoVIqjKlXWj$dPW3I_&Q8}*
z&jn|^<Tyv%>Nxf1IL<z4$0?fXJo7sA4?=$}^vj@6Lq8MR>7WMsJ)kdyekbU+gdTry
zyb=1-pq~eQHS{|{%gDuXpr@a69OxbBkpo_b{z2%kg?<_IY3OG{Kb<yM1N|P*7ec=i
z^jku|3i{Wee+K#opuYwBYoNad`ZJ(E!t|V%1$`&M<XpPf*nOGpH*zfbI5Oycukx<;
zuJNw*uJcxUcYA;J?x(kve)b*Je|mX&d28jZllNGj^pkz}kPmu!6uq{4(33vyKJNi<
z&Ab75e9@ORW^6CE$?@Gse}D8T8Rz&Pj&_k9^D+-*q`%t#Sm}peJMQ`8{LBZ(J#n1$
zH$7vV`+ciZPk!w~eie~l-Q-s{`PEH+b(3G+<X1QO^#k`y+_!R{!=2`ys_0ii{~Gkq
zK>q;rw?HqsdkxfQKz#(%^-%8vbrJr*4*i4BUkm**=+n^8gnl~oHPG(?eIfKaLBA#R
z_<Q4x(4PkVJm{;T->IM40S|s1`Uj!E7W!q-r=g#@lhZw&+Ehbr+Jo9uNNw7Q+O#F~
ztDt`k`e&ej0Qy^?zXp2v@k?hwe+2aP(C-6%k??rvyP@xfz8m^(=(~vz)%7K+>#bDR
zbEvLqs_WFLj<X8-*Pwp}`UjxD1^R2C@2B}VuS5SJ^w&ba4Ei+mGokON`QWdvX<9;C
zgBoU~u;Prmk10Mzzio`9T@3C~b?Q!UaNgDk=mYYeac(5M(+F=K;Z+mfPK4KA20zpN
zI`j`he=YROpcl!rKdCdfrsaM~yXsF8%ccDBFD?0A>4jV08p2Y0UH5vrEkAKwxb>`w
z6ta_(Po3*){B!?Lj)2^ZxYw?KY}{l=O)_S3y!E`nXgE5(V?6sc!+f9Uo#I_Z+@*K8
z4@gqp0I&?kVGd&f2ThLStO+7;^ELapw<ApwE4hcMJD(JW??PfMahAJS-J=*)>3cNe
zKz;AVcrbkL#mG$G6^zyFy|*LxKB0TIBX^^@+Z4ADj-l@(;hBrn81s0>nc@2sMxAnB
z$$hOF*WAb$^iTcX_d8NP`hJ~}>g&#1-0$^suOk0?-g&OR*I|5X?+x7z8SCnMu&eJK
zU3=%d`YuwV;W3PeWlTK5E$6OM_at|cyI+s{P&a$W89_^Jkb4eyGk4P5DaO_Mp6}ZG
z7)ILmKGl_bnYzz$?R|-xy{~0dp1p5!?fn;5?z_0}GxuX|_Wry3clUX9zvSBcP1oKZ
zx^jOS++R_L?M+4X)(GzPsM)#qre5|QOs&`VcAmY5db#&V&)&Ow_8#Yr^L7v26<&Y$
z46pCIiPn{SchdUweGIKIe4pq^8w}s)d-kR|a(lGGwHS@B%}9M+G#2YKnj46=bO$gD
z-RCg0lDlG(&+lZEj+Z)@J69OHuugTfGu9dJ?C$Id{b)3rRrG)(XmRDZ+Rv#&$FV<l
z2RVm0v*<&I(c;9nC!D98+nwFrJ>7w{InkH?(|M8h*6g$@>N!rrIh?lE;mmhBodxv3
z3u$dfgT-)>P0<Zcrq!M7oQ9};2C*7Ri#wN5(beb{t~Yc8F_l={OpkoKbBA-6bFT{N
zVMRAs`SmKk9ZhV?op%C%7a3pQL;w6Sdfv(E`%>E7S7@KVqg!!Zt9=&D^Q}e?T~4}u
z;v!n;IrtiJhoDiu-Wi5Yc^6mo!;78#Ui#_lol06<jk_-z=PCGGPOdF>_H*}l4|ET9
zeZG!H%Y3lgpu!wsN?@*g7&$kLe2^S@HF&lok$1TZ-9_%vXtWoj-(G@-`((F*a#-$4
zSuA&#yXUzVxEHz?skh7BE8HvHtBI+O=MCt;|D-hMlbu`K+f2OgcJIaK2i%9;M~LSQ
z?%&)e-KX5A-DlkA+{Mm#_eEkOX?@jwUA?{SzU#iPY*rbY*WEAN5#;6dXw<($r|x=r
zo|MlM&H!&6PfAo$qRaDDa$WLk7A6O}n|d<Zou%?Ya%UIvW=GHFl+LH2&<Op3?ntlP
zDfEiGQQjEudi3gIzJa^DH^D38U1B+bmRIfV<4yD?dsDpqyjpL%v00(&hiLI<c(Xjw
z;P2-&p|zif{yvEYKkaqU-nx_y|7cIwFUivtgtNpOOz4xz=Vjh<v>|7s%O64A*wa1V
zTfy5{YW@c5-jw<qzBk}YAh%HHUu$CR^tb&D)AcsX^(ogs>(a)+e#=we*2el0Hn;B*
zro4xLv+>YAXnX5hmfE_q&n&g2u_0&EE;jbIw)R_|)(>lEpV=_N)b?HbZ@+reX2Z|=
zXQ^_Z)+bG8zp_5tH?h&T^--H-zwDc(%Z8IR>1merHP<F<E^pZ{`yMtCGyQFUv$okc
ziG!uHzS#8G_+_azrF?6If3;6p|E!%nbr|AW-!>%eU)DZro(;j$*e4=paEao;Di3&O
z0*iiLzU%HjI%E~555EgZ&Ue^dKkqs8;z7@=NBlCz-aajP&u?qKT2D8VlfIsA`trM{
zS<mmVAJ)!3#ZKNWcnz*h@b+K6{8*Yyp7spOe)shhGi%OkaAkP22n<6nKV=sp&A#?1
z^Q=YRaR}Ro-!tKlU-`W+zXP*=>Uy71=$Y1@-{J_foGV0=$+7r#KYlI0e=UC`b*tl-
z(1hviyM1Ea>&o;nk#B`iUMmt5vteGS%q*?__-~&5_%B{&4D7o+<;tjE{S$r<8SB?@
zJqo?|>820<(I*`~i@CK6zhm65xwR8|xiacE`_uC~Ytx%n?E0i9FV!Ukk$z~z&R&#k
z=BM7pK1|p1J8Wm)?bG_**E39G-zD;4T5BFQ`#JAF=Dshxo^`+HcQ|b8J{)H;v*?R9
zY}Vhq_4k+9i`$-Yw*CcAlgILH(K9SbQ-5|s+eqCK^mHfR;<PVwWw%#9Ziq{NZhD&A
zbo4a;HNMeXW_tP)4zIuWo^IqjOxxGDGV767){T7%&98m+tRKJB|6enXs}m;)FC3<=
zXJNCRY3XTa{jkq4J-X^l_*>pL!mKazo^-48-Jd^_4!OjSaC~nM#pkE;$GTU37{C0G
z`*8fiVe||$hfX}@vVPik^PN#o%4CBc;i$Z2{@Bpv@Pe=(VjsSG#w%>Mdhhumvf1iA
zY!b3WOX)BdAhs1s`!9AC@}n-Xm20;8wQo<WuhHuFet!Ri{!*^l_@rsAJ7uhXGTB%4
zc1rLaj@fQO#miT*klA8;Nk}>zYoedo*oMtzwOjbovkBH@6>|&v(r*=^6k3`Jl{fk;
z8-{f$@!QR*qB_c@)0?HzrhWg)d`n-~m3<jvR^iAzfwt`HEnHqgrE^Z^d%`w%DIa>5
z3-g`W=(Og#aGW=dO<%5bC^}ZXfBQ;d*ev`muI;yd_MM|y+nymx`APj){maIG_K!Hx
zHT*{ia;)4;_EW!yO|o{3>7bMqllr$Ot#xIemR@|w(rWivf2^HQ*(>XVHpzZx->eTp
zVdG@oYd^!Z)}}8r<~miHERB52ZNFuGgMQa<HU-vRo?)|W7}llOW+}9NmMZK|&-bjW
zT$}z}ONiFahAy$QDbP8S^-KG2f311{F%+9DwGBz!S(~s~*1x_?v$pmv`wY{E--W_{
z+ov_jeut^De%d#Qe=e=H>F;Ujf6P_bZjdv`c%`3%nIRdB*$!YBHp7&?n8<Yzb`I~_
zF8r&_wOgT<H%;j{(|D8l3o+4l+Sfr&JCyB;R=af6*C6KS#0PON^zF*sV5iHtm+*Cr
zvSDC_sZPxx=EScvUtNk)V&9H?32$29R_MAg5r4(C*vivUCOXB|R|!cjp||14x1>bp
zgSOGX;%W=G%h|@&K57@!FqL=<jiYkd`X$e4+&VrwRntsZT`D%(t+tVJv3W1P4O5ho
z3h`N<;-3zsOXj=iW5lJ-GYNZtMZt@Cw{O~9!V*7(-o{_v2NOU2eWmeByK|Izw(NDP
zv}+x%cCF3D2k~9{VtJQbx3xgWQJ05MNtp{xm$Q|pQzmZYeS2Vi(m5shWK%5^`W9cb
z5Av)1&~-vn>s-^nQd4!Tg?5Ig!xmSPBQwM+?DeluWZ&gWha<IFxu&g1ebengLe%wF
z5%ROKePMO(k6jo1nC1Ux?C$;*W6E;p|H(D&zxKEDzxJWOgdOug^SQqe`!~Pa872#^
z{-;;{uO7mNjIK9vHe(;b7Oa)rnsxEpIuU1xvm<NZhdVnvyEsv&z&YQ!(7D9<jdQVc
zne$uccg9Xr=-)BUIH!b_mlK>ar_`x*s-1nEiR><#>P&HJS(!Q0Ilwv4Ihg%NF{i<K
z)Op-_%z4uJoAY<4#NET)%YDvy-uZ{~kn;j-IOjPnPSS}xP0n2BFelX`M~`xjagKG4
zb53xUI7^+AoD-c>on_8)=S=4;)_tDsoabD{%F&h1@1gsH^GD~;#HiA_$+^Y3&H0OS
zr*n_<SLXpjdc=9gdDeN^`M2|m^BU{p-Xu0}JMRYmzHfZ}!1>7e#QBf&ne(~x1%k?#
z&ezVj&iAZ0_1rbwHQlw`wcT~y_1yJ&8|V&lH*z<2H+462w{*95w{^F3w|94Nhq^nt
z!`+?Tk#5v2aCdbJ-C}pNI~JGY+}+$#x6G|@_jaq@ecXxeWOu4t>rQuPxOMJK_W<`G
z_YilMJKKHJiMjP|qZ`ikggeh|aa-M&*}nFQb2!hmdUm)A+#}p0-J=kDj&+Z7PjHvI
zC%LD%r@5!QXSip&XSrv)=ep;+zj0T%7rU3bm$|=nf9GE1UgKWpu5_<=fA8Mt{?Yxj
zirLNXt?upa9mMfY_a67J?)~nA?!)e*?&Izg?sQ64?q}V9xc_utaR24L?7rgu+kMS_
z!+ndlcii{f58RL3kKIq)|M2~p`?>q2`?dRx`>p$|`@P%kdY<pC>22h$<*n_l>#gq%
z^fvG|_6B(ydK-C%yPJ5Md0Tp$ds}#0do$h5ylr^jmiLG^#2e}E;O*oM_jdMn@kV$$
zpM)mr<typ}Z>3x8jrPWR<Gm7Z4{uLzFZ?L=%Dqajim$!-s`2*qCb14>syEH612et-
zy#u_1y#u|2yhFT0p_uJ8cyVuzH`hDNYxY{bHZSG1d-J^o-VxrB-cbxP9OqcC(m9Te
zj*Gn$yrter-pSsn-f7<H-WlFm-Z|cR-UZ%oyi(^v?;>wt-uij#=Jlx1|JOf%Ks&UC
z+Dnid6=ANg9DnhrUr(7k=-TB2oLz?f@t*~lU5ADA<?Di_U_Eda5ax6VSOeS*)&y^W
z^}#AI5PS!ukC)y`{9liswRvvB6CIXQ!BaA5B2S;^!8~OTLNibFfX)J*Yw^60=LDWl
zetLN%GVB32{Jt&bn*npIfj-8E!^C3sv2+}BvEMRlFaH5!Qf<x1NQgwy5QMrW@O#4<
z{;`u!d_b1g!#i{wd8jnMK}5w*kv|s}6^$8PK7JghSQHf&=Z`9?D##yKF@~Sg;&Edu
zMi-4AT~@J3yO;bDcdS(Jo{8GA?*-=1bgyE)^lPk_eunkZ53pYP7U-{m9`v!m{27#m
zH-gi^JWvgG0{ty8|MXK1E|K$Wa`%j<^>Hm6)nZNv?zO9&!>KvJuuUJ`5O36*)*I3s
z@zthI>nIyvJhpgL(YXAv<EuvJkE$3uHh<jsBF^6!S5Z`4Sw(gfRC4NuY;~Vs&wr{^
zj*1Jb3W_T@s-v=C{P_G)Wn~rl<HnVZ%^y`-R#rZ~YV6p`sxos_M`LsI!cpa8M-^6%
z9i3lVIF1uRs>;Xbj~`o9o?l*ASv7iG@z}!RN<)5FROm~~#ubbzE+-~M;|qz&_;LAV
z#iL5|M~^8iE*?F8^q7kB!bJ_KuD15%tfDam1srl2os(!XCQWjdiySVpaBO*Td2y*E
zreHLsTspoYzpP+XL4H-~n6ZWBMLdefEz;*O994K^=s<?xB!-Zg_8q!#FzkJ@NBE}X
zXaRHBf*d-rTjZd^Lq<k81=jpmL=L>btmqI^;iWLs`j|704w0i`>;WG+|NYz?@vvLu
z80z4$U@<rj91l(aOMtZR6TwN~WFWfJQ^9Fq8TbKZ@)_oNCQso5XPfVHdCK0a^MT0g
zLVF?472qOpF}MU=3N8begWrNH!0*77;3{x6psur;8{Pv}g6qNW!42R>@CWcm@F(zR
za1*#0+yZU|w*hqdNB|CNQ61y}hZU)sPu;`wUhr3NAGjYp03HO=)*l8E_eXg?1|A1b
zfWLt!!BgOA@OSVGcosYd{sEo`{{$}p@#7_){{k<Ae}h-RtKc>8I(P%T3El!i{|?W0
z!F%9+@B#P`d;~rQ!dE{5pMw8@&%oyZNyYgRd<DJ+-+*s{@Zayj4*;H^nDD30TW`JP
zyzs&c&J#~O;oN)gz0OTH-Q-+z%{9(N7hU9>amE?W2`8N39C5@EPHStcQ(s^2%$PC5
z*=L`9oIUs4(<v&l`|Y#)_iy%Y_5R}B<qgW)C~uRz&GNR)yVJW(?a|gdweR${$a6Bi
zZi!FM)!XMK8OQr3@^xsxpyL%eLx&D^w%TedXW+nr&Z=*_o!?$^30u-K_(d8eneadL
z;8$2785;^mVzvc)Sq2l!t@Cd49B1piZF%1&Z@av$@@NB@C87O-OB^;OuFCEgTqe!r
zC$5h_{`k{RrHJ~xB6&UU-s#S9IN-}n`1|9J-+c4=Kb(DHKOubl)?3>C+zb1P!pCp3
z$QW6cJ_$&_yarektOW*uwZS@IT_FAS`d}c~01N^ff{nn&K>G1b!De7{um#u>Yz4Lk
zgTXdnTd*C7fbGE$umji;>;#5_VPH5I0d@wvfRP{{M8U4002G2EPz*+a(O?W13&w%*
zU^h?#b_aWaJ;7dJ0w@J#pd5(&Q3+&rWp7XoYQR2VUm$YHBrq9F0aL+#Kt{>6pbkt2
zGr&x+KR5s!2o3@w&l~~{1+&0x5Cip~0W^X*XaaM<T#x{Vfq6jWpcc>ylAsM74pJZu
z+Cc}H4`kde@=_N#0xSeaf<@pca5Tt(W5BUsF*pt!4^99}z*2A`I0>8#P64Na)4(!t
zI#>?Q0B3@;z}es&a4t9xoDVJlzX2D572qOpF}MU=3N8begWrNH!0*77;3{x6xCUGc
zt^+H<_2Bp525=+z1NbBO6ZkW@3ET{B0k?wN!0q5K;0|ynxC`73?g96Lzk>U~{on!c
zAb1Eo3?2cGg2%w);0f?I@FaK&JPrO1o&nE-=fFR}^WdN01@Izx3H%GZ4E_yX0k4AB
z!0X@*@FsW*ybay~?}GQh```ocA@~S<3|4_pz^C9p;4|<!_yT+hz5-u^Z@{<UJMcaD
z0dxZqU`6!z0Gm=AAFKh^1Z#l-U~RAtSQo4Z)&~Q@24E1_5NrfC2AhCQ!De7{um#u>
zYz4LkgTXdnTd*C7fbGE$umji;>;#4a(WeXtBf!pJ7cdg!gDBV)6o5id1d72ZFdB>j
zW5GBu9_$86!0uoVuqW6HOaP^z43vWkPzkEQ-k=)PfPKKeU?P|VCW9$pD%cN91GS(I
zOb0W-Ot3#V02~Mo0tbUbz@cCkm<?i}9yEYP5C=_Q4wwrP;4m-`G=mn<3X-4=91c<-
z4cb8mm=8L^0?-AH01Ls9U=cV991Swy7;r3D42}cGgA>3KuoRpKP68)`Q^2X<G_VYu
z4wi#6z?tAIa5gvxoD0qa=YtEtZ@`6M1-J-Y3@!neg3G|=;J4rk@H=oNxC&eit^wDA
z>%dBIJ@`Gi0o(}w0R9O61pW+e0yl$Oz^&jma69-5xC7h??gDp%d%(Tmui!p#KX?E<
z2p$3tgGa!l;4$zxcmn(lJPDoxPlLaMXTY=IIq(ngJoqPg0lWxa0{;RpgMWipz^mXj
z@H%({yb0a{Z-aNhyWl<WKKKB92tEQIgH_-Y@G1BY_zZjwz5ri>ufW&f8}Kdo4tx)O
z0Np?a+cK#2KpybH8emPZ78n3HiN{$7h~{EFus)CzF*X2$z=mKWurb&KYzj65n*-!L
zXG<V*)Yf1y*amD1wgVBcJs1LZ06T)6z)&y@3<o2?&R`cX66Av@*cB9jLQn*X!6+~q
zi~(c8I4~aU21>y0U=Oe-*b7VmrJxLyg9=ays=(f$8q|P&z`kH2m;@$+DPStt4@?8K
zpbkt2Gr&x+KR5s!2o3@VgG0cfU>2ASVxS&0fJP7pO<)d~3liWkFb_0?7SIZkpbZ=j
zQXmc5K?j%*I>7?a1&#m<!I5AQI0_sMGT<0+ELaSV1IL3Cz!I<&oCr<=CxcVKso*rQ
z44e*@gEPRH;4E-9I0u{y&I9Lz3&3x{g<u7^2wV&<0hfZyz~$h#;0o|Na3#13Tn(-P
z*MjT7N^m{+J-7kf2>t;62>t~A3~mB9gImC@;5KkO_zSoL+zIXicY}Mtz2L9lK5##H
z06YjD0uO^nz@y+X@Hlt^{0%$_o&ryUzk_GMv*0=K5AZzrCwKw82wnpJ0xyGqgIB<-
z;5G0%cmuo%-U4rfcfh;gJ@7vG0DK5O0w04_;1lpE_z(CDd=9<<UxKf|*WerQE%*+6
z4}JjM!0~DSzyo=}2Wx;e!CGJdSR1SZ)&=W<^}#@}0T=`}1RH^k!6sl+uo>7KYyq|e
zTY;^?V6Y9?7HkJ1V0$nG>;PoUyA#i$U>Fz<b^$wsC>ROyK@r#$6o5i-CMX7@z-TZA
zj0NMsc(5BN0lR}efSjwf7nlG_K^Z6q6`&H_3-$)ppa$Fr<aCsYJSTz4U<#ND_5;&E
zEvN(2!3;1H><<nA2ZDpZ!Qc>ZD3}FigBYj>4WJRkK@*q*=7I!}^FHQ*X3zrUjI1PR
z1BZhYNP~9J0p^2FumE&{Bfvs%Bv=HF0!M=km{eO{CF98ziM8axzFmFgxh``<)NN=)
z4v@2!l)$X4Um7*?>WC9Mo|nwT;%*TtUmCTm*eTs!RwJlKD~|L!VFJ#%)T`^-q&~hh
zsvvM0s0A^{m9$~(M<{zatQU=*!{L3{tPyf)j`4LkuFu)|6K#`q!_n&whxR#x*IKiO
zZyeFg@!3%!kYVkpNdpu?z70-k5FHK$bVePrHdf1uubUTfdMgVZ&J1)OyPy|Iac8Vc
zX%ig|4|FztwHHA>$Bm}avFKrKa~#eVbkg7UB5B}1kBCCj;XFd8qI8{}(J=Z-ha(A{
zPY&*79dBq*t~ssHnUw5hjVgA2u_EA@Lubo3dlASX_&N!kf#_Ve;krTi^EiP!o=R#<
z4pnp>sMnU`n<Gx>EM|wp6rBri({?N8MH~($jxUJLZEtCI=2yP>;H8yLrhMNI#vi?4
zlge}cRWmGc#^ff?Ew7%PDSh4B{-Z&YF3fB^@z~B;cVFZm@sPLip!*K5c;l}how-N(
zdCkMlt0~#`$`5Y)^4*W}U;Dc2=G$-n;O3WFC-1Sv;G(=k@BV7t{a%{#+~c<$zj*0o
z<x5Y$^UG@%p0WKqokxA!`QEp`yY0Q{&o2D^%L_k$`PvKOdp-a7Z;RLa>pfHcvE}cU
z6rObQ*WHh9`PG|`FBq|Ge8H<<J+|#l{A_yXx7*#+@~<zRT=e2|d(D0EhNB)mXG!CW
zdwluAO(PC!{xW&vvoHUvap9^<PyO<oH{WV{anj&q*TU}a-z_<6{8`_9c-N7s>MQ>J
z@}+sJ4%zRbEsi+pi*J{F@#OgK!q4Wsux#L@OaI-u<fyW{l20XH|9<NumkxXQ^8Fty
zSbyY$%`dGw_`~7<ez$qxqs5P{k=}UfY1c1#<fQ!Pp1<SSchYZd)!JA%?}>)1UYh&h
z1>bD*^^>0-IpWc!&kwj^;w4{~4EX$@b@uwrHkWUF&exlM`{92cePiLxkFL7oliv?5
z-~54sHSd3*;QdE#YB_k<zrMUnvhd4~_IYIXpPYxLH%)AK?yMa$SDgIrmoId^`iGVc
zk}qanY#H;#W7jSI__p^y`ToN*w%GOc_+L&r_miSSA9!@ZmgeKro6j0rbM3gdSH=ck
zxnlFPi!R>(v4Z<%JXG+)8lMkX>yiU5Xx{wD<5tFYtY7@?<rRBgbZ^0X8{TvKZkNSB
z`s)=3ezfIv^FBOw?|FaTe7Cy>zO}|KgEqNt^Tun(oIj!VnR5mV`TE?4Gq>Dx=qnd*
zxBK(XSubsW^(%v3UVrO`&u472&$&1M?)|q%xBcUUtv-7Do-xsP-mJOe>}jWbc-y{r
z@4e0;b2k6nePXlOmnL`J=)LtGE!k=ISszb)=%nIn8s|N>=W!1X`|!C1Z?Ap+KL&Q5
zaQ3cuY?!~-+<%?C`&z||+h08Jj!Oo<m%4hNuVZhFI57H$Yj0iS#^pP%vqja87f)FK
z?-ge(eyMx$^lhGdbM1}3ZYwIf|LXrN-}Jey-z|RR(6X<W@BZnr3yyf_<1IQ${`OGU
z1?xW7z15(nVk-~caoMI%y}4rT{M$B&JyMh3nVI(1Rwr(^=9l$TcFcdiV)C;){H6RK
z?av>!;q|jldcR?0>XJEm1225~o8=d8|F=o;2}O$@e)^4Z`CZ5ER6S(>va_d^eL3sc
zceeSawfx(<kB>U%rLo)G`r3*OPnz;X`8r3;zu_;RZ?evd7k{|5Umn?Y^5O$x=T=wT
zwzj+36M5I1b?CRZ?s3VJcf9z%`|a}COBRj&tn9)=KD*+IW8y2$^Pm0xl6x-tJ~8^S
zJ8wRwy1Mc9uF;RpA6y%Ke9`D9|FiWL`(M&Hzav)u==~#FH~RAyPp`Af{Fb6)w_3Dt
z_IVShq&8Y{!5eSfS~lwG^&)R<{_u%||9(bk;*s_4dgsMcuB~2v>tSC$bj{;8JaY5E
zwPro>;OBSDUhmFxkLkSZ%_qmt-f5rBj=yi#Mh~yM-kT3z?0Vg^{||Nd5G2d@h5@>5
z<F?J)HmhyhxNX~g+qP}ncK_PCZQHhussCakW-*(Yn9VGnI(ag)BF-wK^84PbB%RGy
z7YPeu4>Y_Nv?U~trr(<z7*BF5Z&jS&NbtC{(8e++%LH3h=eLwb`U(f*&P%^B`m_v&
zPI-N|oo$V$rQkB5hyxM6a^#g>zc_Uc9!JTy76|;3+-VuM581k6D7Av*q38u~ACD``
zMDr+&kL|<%K^(WWpuN<MM~=j2pJayFn7PXzD@{o}@pI5w%q8eNXnxPEB?P}fXkD-A
zH@|{pqE0LPx~L6%XsOXv^eqAD4r2eJnFjHHcxYw23WhQl<F+L<k{Jc&7gFL>%+mh_
zH~fPz&gjgMQITG%(?iDED+ZtW1;#f;ob@e{#6SHFW|kMcc1A{BW2~etq3E<jKyhz-
z<`P7~y8}aS=w2FTrTK*ZHUF`&{m6Q*wKWrrv>IhNe3=xJww>ih*F2yP_+W37ln-EB
zpeav>=6z~qxz*fRNOdmI?ox9}0%wAw@-C#j)8<>DP9y*<&1_cXbh=$ka~70_t=>am
zHxsT~nDZ#;@DK*Hx;0qAm&vI}vq{0Quhv|PJLLt?No0DZOiFQftKp4JmC|Dg6SxQn
zHd2}{hv_=0^AK0Ifvu<;82z0{K5st6Ktchn8U0O4%xQs>lfpFSdY<a1jmX0DF|DS@
zc?rEKP?uZvxbeAGe<Ey<&zsf1YY09FrL((8mV!F&d<vHP4gV7}Qya_4*lTcB4nY$Z
z4myP$FfDwV(Vz%gP=;Vp3ah3LnqXvr604~$Kc6ETRIWsukOUxn|4MTu2;SO<@k)Tt
zM!sBrzrEA25r{?|m-FQgcn?Y?Wb@;>QT$KnH?7ov=sOB$R)W`gjImG*_ZL}{Nfu{Z
zQ?mw|mwyf^1*8HUQviI59g@InGSmU9#|UvBNTIi7D?M~gjLCG&@h>_81r{jwgiZc1
zu%KjpxUenRC%v&K77}%Z9wk7TwrXR3QmA!5$Cvvn_kvBRM`UgM`QW@GVYCc6CN~C*
zlFd_a0s+2I7r2iyXvanoc00xVR2-&a<xjq$wvOG?p0SICMv!0(6LVZG=oN+mS1W}3
z(tu!fuE>|jYO2Ag&OJz12335tP$dl`O@xY<#ce1t?M^oCfA&))zcP>kaP?B#h^^fy
z2B=Tvgi>H%2!UzGnYB$}(7j_f|5S{z!#v|8yoUAtBgRO`RLWOU;VOn=K?jM22&Z4A
zK#Szf3vHD?>XFI{>5HHRB;{-%su)qm|3o8>+Rp+4^X~ST=omomBqoP>ALt8+z)6rZ
z{=&-78qY>AGhn0(R_XP11U`3k>n(J#RyiNJF0I|;4(jLU(ZdrMW@r@I7&z8C5t>tb
zvn44NS>9cq+fXF6YPE#{TtcK#O;mqrPFheU@3eZ5)b9Ec_#Ez(8Y>EUiUNwkn{jm}
zN^k;@DPh$oSq-!|PT3|o75f7-<b~D`=a33%L<A({{w=6bJi8#NDI}ChkqZR50XAj~
zK1`e09b$Q%D3lWgk+>)M*{sl~g(%7(5x{@EKn=<mu%==n3P$ZkKCdZR>_IUvr;=%=
zP)0}ULcA;O{uQ(-&m*ns&E5vDTlJl&SvPdtgyxp{DY-uA31=qcdc#&$5hm3(J594o
zCvf|JbD7px1vrP^PWrd%+TBYaY>z5!PwO91Mr?{G$UJF;&fL{PW{|QH&v{Z%D;=Uw
zc@-}2e4~E*Ebs^WWl`e^ciraeDKOqjcfdpa8uRaFB}njlJ$f4Z!$>G3pOG{+RYdg{
zJ)54K8~TjC@UT*RY|i@`@AP-q9R3y>_h20HdK6)NCy9C8rDLGi&K}hGv^BXKUNj(p
zEMEgPe68iX!=5eDN)xM}{LeTGly}fsydq?NpkfQu7`A@8ZuQXJd=m+q=-@=)PsHlq
z)<Ip0B6C`AK%u=_X9i&+NmYjCR|gF0B^~Zm2fr-R5zZRdrEzZ7rv(&Wm77V?oJg-b
zqC}8oGMQs?(Nl5}urG+`B#nxST}ogIF<|+Q>q=5?3#gh*mb?;Ms8>;Ka##<y@|FdO
z``&89dGoNZ-?lpAf>T;V$$4l;umjhX6XIrfj{pdW-l^F(Oq7J(I;20-qW)kS7ssgd
z#!Fs|0Zc)tH6A>qm%;7?Fk(;?_!!SS1`Z8DM?(sP!J76&EAL0Ji|Jp>NHZoDMDc3H
z|GnfEj_Yo8S0Z%dwyX=udw6|@i`nV36$W9|1qil;!u2u<Ux6qJ({aJwLsf0wa;IQ{
zz|Z}|$V9I@lDHqN8P5Av)1qKBe$$u;@c5)-${>5^Ci*U;PoQeDsBY=t1RWK|6(NN5
zCwjm$MBg2E4#uOv{w*3|7#@-r)2?(E|BNMb2tNo#Y)6iBlWBE(&?ae;%B<vzm9bPf
zcKvnC^on<l>o;gn3VJQR%lx@FjwY6e2oa2vk1Qc()REH9Ai5jaa2yOOPO24O?tfoh
zN*AzwB)mvC%DQrLfi0qP>P+dwwmXj?oyJN3b_OTC0>?Gig?)GU_q<;yh=)`7ODTv4
zgmgz#;UfQV7eY_wrWEz>vVCFMRl@@p@|Y6}HYe{{i3HOa*iy7o<?k1Q&`;8h?x=Zh
z^s%{Y@EuAxfPv=P5{6K-Tf=m-e`_tKCTDSXzIf~iGp*08Lon?_3g7`y5w<qr{pOS(
znSd3n9h!r>hKk_^Y7yBlfMhZ!HIa7vFS@ZE;u*uQf@0*#D7qfAijOON>H>UG+O{bN
z`4WV2ntQ;SOxwN^QquX)lSNQ0gf4!s{XKd)gAU66L~^yDHI5GDM*m@)+5TYv{JDv=
zX^6p1_u{*JR9dNtH5p1PsH-$TRR144+;Jkiv@{*0P%)=^t_+G3P?z3GjkNK#csz-G
zjnYGRMsx7Ae}@mV(=fWZj6WrRdlPXiz$xVy7K4<0&5Qj}$2cc{P5p2`>2mYKwvSss
z{*D+GNj-z9l9(XdHDHOcIDx^tn{Et4iat&1g#m$rbyXqw8%;>kc4NEha+-i^rG>`*
z?Nd*8s}_T{CTfXs@TLnl5}$^)ZnscqJm^_s9bmH%x|E(9{Uf8rKH?UfGDJz=Mig!X
zr~L^}&cZYm?Mkoj>6EMm&h-f|>I8sQ--lXB&x4|29&XP^l^MNApM(50)8KL)mU?8s
zN1Ny#C9eEtPVL~ST~0qGhZHlQc37Nyb&c$;Oo*L%3uDjip~|O2_+P_^#qQ;M-w^`(
zegxKTc4nU<nv)J-%CVZ4*40##q8*L+V#*T)rwNU?oyGfALHAvWyUH4;NH5ad#oTSl
z@VxxF(3d_3NfJxDdya>#^3V$%x1QLthY&EoatOcvTf(SK{WfI@5@)xn;L7+uEuFQo
zNbqB)LjrFhu4`ODOC|nZl$>jGeI4GhGAy7a9?t0xX8SFu!<Fk>&f&>;r^~}q8Eb;~
z?Q0|_5x_S!1-NBM*)xAj>iORUhD&{J(jU(4y<0@||F&;-75e`xD6*Q*Es<B6Kb@Ek
zmZ*iXtqX_(c)WU#N%tjSzQaA-30)woEehJo#T2_M&kODe`_R^VgUy^+Ik<-7ed>-E
zqY6k&W%Xiuj8)fF;4!d$l6as=5b>EFE=2tHWlo(#?)H~3F~Y%4=bT@Lel?TQ!7gkN
zeShShX=0D&Kf!ADO<fi!c_P%lDSbL<zAkk2U#@B1mbcDW*0Jo#SmxKZFMi_Dt}A$=
z(XPvH39tLNC?RurWQ8k}b!2+Z)U~n<#;s>I&=RQTw7ADs!nKz<I-&Aud01iPUB3t=
z#mSc4aBPM%;DXnjCFbKqAA}R0Sfk*^{5lJkS}np64N6|=3pfZ6J=^P#me)JrNf2~y
zZp}6}0TqQ~%_JEsI%@ME^R2SKuwlxLkufkNXs<9d#f{iOLRiP1N8Z6^1r-@k`np8-
zcv;D5P~Xl_Lf~qfBCi_=HlXlyG|7dAe=7_<&bu>SpBqeL6&@xr0j*AHEIHEj-En{~
z`;JIKju;BvfW2-nETQrjQJ-GG%<YCuyFND965JF{jcKg65sX{X!x^b!es1XmbwY&^
za~MWOl^bGwbvrQ26@Pz0V#*xgrS-`F8lw}C;IA9b+3|w(E;GhauEE2OvM1UPsyMk3
zbzzgQ(3sIA{LuKs5~A&ZC#UzskEnzb3PjXXgBza|pPh5Lk0UL{<<UOgP-N%4=?NtC
zj#s<SJ~5TQh$-XUH5n<Z3ObXXmYxrevzjwIf;#b}*eYODGye5dhXqKKN4>D$JJRfE
zpebtZ2)%=+ce<9oZ^5%qoRaneM5(GPHS7orVDD(u#Z;5u^hcX1>xO`#D{7#CNb!QW
zu1zPXxQi6+59AQ%4#!Y7{T0Zr47Vr2*YIhSM3m0mZxX>msO~>C-?!=!5Kia@_2yLR
zJH%w#gpNJMp`o$pZic`^0pI7=rlgYvzf_urrTp)T)joK=mkhscw?y>c1pw;69{XUR
zwH+&uhHE^*Ay-jal68}VoQ~NHF4AR(U@`ksMctFk%UWZRX}bK=H-4BYrT{uk%y6xm
z`5#9aT~%eD>%AqtMzDSSXv=varjF2#Qv&jTCbJ@tbSLQ_;F_$KAo+F3)3rAs-?R?2
zmqf>Gw6x@LH@$9HBET{q2pAAJ5Cjk;5EKwJ5DXA35F8LZ5CRY)5E2kF5U^18f1CgK
zUmX_<cnli|2M8DFfBW!(BLNU05D^eD5D5?|5E&3T5Csq=5ET$L&~G3bAX*?gAbKDM
zAVwf2AZ8#IAXXqYAa)=QAWk4IAZ{QYAYLE<5FZdfkN}V%kPwhCkO+_{kQk6SkOYt<
zkQC7W)-D4aWr5^?<bf1`6oHh0lz~)$RDslh)PXdBG=a2$w1IShbb<7M^nv~W82}jq
z837psnE;srnE{ytSpZoASpiuC*#OxB*#X%DIRH5VIRQBXxd6EWxdFKYc>w)y?SFxz
z7mzoQ50EdAACN!Lc0Bg+Zk>T_6yZ8D5mza)j`EA2<;KZ*p_(L2;VBzYtK=9t<O`l(
zCXq>;q6GGpyTJNQS5$ww$G)}^ZZ(<GAGNsvJP%?`RDXN-oTm=;*GgUpaji-XHsa+E
zQE!!5+UtR7WKlK|raO7P+(Le?KD8_C)l_(n*t*Vp&mMvAh#T<Twlbm@wK(W$PX8}f
zm%LR4!dM)SS2s<Z5;n;UkZE~AtGVctYvcA>P<Jl62d3LUTqq<}SO?rjpB8_?GKv<g
zk-#+Js3pNPvw`8uE)e1f!y?**(VG!ss)V{!<AH~ns`_ocn5UxVFOZs@g0oq3wB@q=
zXV)pnVed}-7W<vBUpHdo&qXHgbVjqZyM7kuq=2Hci5!P*g-&r@5!;wOTtR7c@`UQa
z>u_qPa%w2zn!u^iCc~oy-twhE`IsVJ&y>BiviLHZc+Ww;sKc8AtVtV6_9#V`z#A~9
z2b{}cN1k@KK2&iH*SY(Hde*|#u}V0=pv91!=9n|v480&#G|3cdtv2m!$Nh#-NZMEy
z-F^47bfLb37SEr2js2HKN11rkRG~_X=CC8+PYndyaD)OYTrBc?9eiu`nMn^~-OOCf
znNytZs!*x+OWqWoh)XG<`INw7SA@i=oj`J8EOgtwmMqUvOB<+7&!u%x(^k>k=ls3U
z^J=4{+CIJ?6-8PL!TWfrDvNEVWw}3&nRb2*c7S<S7@pWmSKE>w>38^UX?5hJ5vDs?
za~Fx!Ut3{hzVhT*H*f!K_d)_9X=K`omZT`oig6`j6cEu+5Q;2<&@v6kD#!u2JfY;G
zl7VDHtK|Ylm}8P6qvvMI9nCCVlL+7cCI^rYcz7?7cn`qMRp;4~P*ihkgC?ej5|;4r
zD5{xViqF=a?Oaa+8mE1CyakAsTrc=%_+GM|XF6Us@kZR)Kkf}RkFo%|DLm*47Q^un
zQRWEY2p<_M_1od5jN+B*NoW%)u?})R<yf}gljwCp_<(pB_BZXf$K#fD3?~SO#B>MP
zv`CKwA=Ls`L*<*`{TKEpcHw|2Du*{dS%tuXV_IQ;4#{8dSvN)gBdw=syOp?<8`v<h
zv+tY064tr6ju1?yqPDFak0XN{freXic8Z|UJB=gTMpl0!cWQL!j;ofPuJKNG0Ir5l
z(+Ki0LQR4xsC4TQ_)wBTCM5&mVo(yE-HQuDTV99L8j1F3E6-6@#a|64>G`FgCRwbh
z);6~<-gU75+_c6`^NmL_)8V~jutlivreosBxm^<GDXH^Zsv0rbFv3FQPG3N7jxf(U
z!IcMs_GfW=2&GD%0}p2AnIvm#^EC)fc#02Z?t}6Ls5&ssU7V0ev9Nyanb58YP16Ne
zI$T)u)nY_)NObMGizwa*r@;tyiJQ<0&W28?Vn>=cdMiifh6P(9KB8iTM;%eCRR$SN
zA{NK^6OJN=P;1v@0y-ndnB&Db)*YyHsN_ppP!!8n5}x0YLVtWV0szlfeR(;rP1ZO@
zTgzMo4c`}9<q2vFo55&mr$<MQ_C~O_l;88F@HkX0Q91491UL`JNU5R!xv2YTBURFY
z^k8EA0x=|~EJpa{$>ct!#pD^+KQcXOX0qP{;>q5jQq`>p-ic@np&9F7Ve3HtP$EW*
z3AdGPLYB7jtUZN>7PB<h%HP;JXr-S$v%)Q`pv?qsQDA6G=@#?709Gosio3Pi*3?ed
zUW#7alCpR&osIt4-dQ>{75L)=<01PLD**pJNS#o34D+p_X;8fTgY`=i_47kZaF$;F
zh=$Shw+8obxsFT{2;az!ZF{=KHWCOwR=ZL;=zRFL>SX&RGs0lvm=#iW8TCTP_j=R}
z^rEV*#mp&5sg3%?>=K-EG{aOQT_m@MAyc(?*+4%uyP`OyfAt5&FsO~{O_^=g5LU|b
z#5E4wR6dI#+Ssz5YE9@5$g@?Don$j=k#0r0@#cS{W6H{S15`D@E7p0BxrJHk%#4go
z*m`ba1Gu5W5RmPdqC?=<OP=74ie*DerA*=E5-3y0b<oopXcjVt9mW1OM~2EE@;Hi}
zqZKpz68kt}ZiSs;6J=CQiM|)DNPjGpsVPA&F!MX91YUj{6B7)*iKNHgeJzy7$Q9*4
zc|ufl3&x6G2cbgI0obFImeq<}x}28i<kV`-q~DkVbwDTvTcZme>=dTSpVc|Pi_Rwx
zha}Hrvo#-ZS4i$YO(<DH&wKL!&X7FmPOWxoPLLSJRg@BwZ-F5r&zuLw>&pJ2A6$cG
z0TXHb{VXI%YFya!imp{+JLH%f4!^J^ji;bYiX2}r3~7l}*piQM-0t_j{S>d4S&$|8
z^G<2x#wc<lIpXVuL$k0W8htgK=XM8%l$F)17>K_HdkHbd4EOCk_SdK^`<!`USznG8
zgHf`=jt6tj#9nO}8_ku+1<5irX*98<N_C~n>Wn5lEyv`{YRR>-$K}Z_=ksVo>NrX;
zwDJNl4gdj749Yt`2&sM8o*Qx{)J#&XQ;iC{%k<#CCz+zbp@VipYuT)})zvFdb6XY_
z2RDm&!9N#4L)x)+Ke%mZF7QVrGeWDxAk9^l(b&*AqZ3rr+>s)qP<NVqNm%<XsGA|*
z*|?S2rp8P}>&={`7laP9Y%k6*6Yff5$gYmMbJOxS`d*d`ocENYZxB~bp;!hS(bo{d
z(IDar>PrmJ4#1}U=0=R>$8a`?n6>Tvh1^H5a6W*jAsqnh;spW)0R;nv0EGhmFW4Lo
z6af?o6a^Fw6a(~s=Kte?+X+C4KuJK!Kq)|}Kxsh#*ZhALaQ^?-{Qm@S?f-x#f&Sm-
z|2Kf&{eP1GKLMV93Umf^4s-!@3H1MU{=XWkELl(NkDxuMb}O1|2JOkn07lG0GgX%(
z^!%dFvu`HP4fDK@`vuF&cGW}<QmHtMknW(-xo|wMCYMYlSw4goW(C}CT})thc|%@@
zLQQl7T`;fYM0F2|SZ7gvVp>?oZ+RBkjZP`>4R<!_hs*7FDYQ)&Gg2vzvWSxcHMq*4
z0`mRQi1H-0vMDZ2F|0=MfpKQM>DOq^z-jV~2#?&*8(~W3`RWW<=Qot+YE+~C@)XY@
zWy)5J4$QL3vbua6hNictl3*#{9-8MNJy<mxWV4aZomi?AEM3{L!o${LNaVuYHLEXp
zn1j=Uwx<o7^dQ1c)&g9AOLy57DiNPwMy9kd1GK~9@@Fnc>>qG;cvjEj?v$orhtBKi
z*M3M{Yc5oQeLRs9tf@V0?Bi|KP}-}1IFuFq?ovuU@72=>?M|0wyil9`5#H%UMex5Y
zn0HZ@)T_GSQ0qxh{YKF^>gJ)ox-uCY8+;NknB9?^F-zq)@gRNRGGQ7i2W+<FxXqf~
zF|?okJy6_2C8;mRhAh?|P1~#9Ko@WP+QG0A=-4laETuA<l=qJ}NmkmDvC;cY=_x2-
zI)PJqnACKg*RJVFeuk;1r<&yI-d^5fRdaZOk9Kd%RJqLa;5_fo<PmS3PSey4YG<Zl
zaL!=bAn1DuA<j$&j?6@vU_V80>OTLpKiA?Hha#hCONTLpkLXERN8ayEzfo|-Qhvk2
z6En--)azYd);=gE98|j0Hh5rXqS^D6SMASBYV$*uz45s6_<&TUZ$H_`FSQMG=@2d?
zvhX6rFJ%<Jtnqx~RXKo_RFVGDR*!pqfgI*zV&GQ5aUc*^8Qv1!jXS+P9#UUi-+KHQ
z5A|IiD**okq97GG{IU+-84UaH;8f~SE5kJkMH8A#LrG1@{USn<;LOeYH=mMN3obsi
zb4;>0QEZWJg1T@Mn)Pyfzn*57j`YIe)+2P9p$i}GBhl2R_$Ig=*2}JJ`EqaVax2G5
zuUrczmltQ!fx$z0iKmrouQrdg9^BsV^Lb0Xm~xKAYbY@oSlILIXjiu$_&*^njN=(0
zEn$M3<ufW54`j#?V*l|{_d-Oz^8{Ucs7Li+v~@9y{qtl))q!gmsM=?UI}Tk@xHYHx
z{v`MYL<wwcH5)=U4Z5VmStE~;0Y4_RAbMpa5|lxlbsLAlgS4Zuduzl>AN@3<_>jr9
z@k`X>Xsfs4=zG&G9O0}TwGVxJhQGe(rMEA1l9qkVW$4FKOUsuQK&rIm$rv6i?+M@G
zqHTk;;gZy=v@_*I|7gWzR;I37;jYVgl94Yt-)injL0@^e%r6T7B5GpEt-uV01ILJ;
zT%X<56}=GJPmnQsd1v|i*jJ+7q_orpEX(OWj+%?PE@7~04_aeaCo$#ySdz9`fB$YH
zB@*$Q={kE;<6-}2zIMWK7$zA;#Rq(Yn=xY1hQo?^=L`61vD%>%-lX@vh)XJZczrOH
zX<VgNakY}(Kmwh_af1_6SZLBDyq%!Q8V`5M_t!x=N<7-MVS&s^0U0yKxx&fW3(?45
zuJ9|@TGjv-wbp3}Ic&1C;IPabe9G3PfD{k{4TkkTQn=2}Gvmq0b9E$wK9vp~afo5N
zwlI-|&I`w_pfPdpQH04p4E?={Wclfn7@T6&{YV<*+OB0(^+^3c5fk?gTkl+|vCfd3
z$Sk2+Kc3QTlsaL}A8Ou`U1SYg;zSHl!V3rJa>zvUkL0qwLI-Oic;;G3Qy>48ydmx^
zdsiyif1kwp6uoH_c*=g$X8K`fj#jU*=WXu5ZkN@-P(6P;_)ToDgQ@#Ka$}tz&IMdd
zpt{t?J893Skd3U_OHq9hD0dM4mSCAyOL90h)=?YbPW07`8f}Y5=`iy9w`qH=!eA}k
zW+q^1KNyl2hahg81h7NvEpB>cnebkq3Kx2_(EEZ*mml+Cjz4h!&?%8=5=gas`V-HO
zsDvkaB)I4qE*((rP9{)MwPM)Ih;+2;D(5$RI~>mwtGeEoe$01w6l<r}U9PSlKRO@L
zcKU(+NgwpW4EPmPuwKhu>rcp%bVkxP-wSIa_BDf!W{m;sYI45#9m3gVIyNmW=8)Yx
zZOqZulI+++Qj{&@SG98g8EoRLN3BQTr`od>_=9H7<j+9`!QX$ymbT=md>a>h_{+Sv
z;z_kxD|%2?o$~cg(+?;9K7qDOAA)RGCitDvv1Pur^RFZns#l<M<6oH$7E6(T%29QU
zdVe>4OY7$;`8Fq$5Xz1lrz)e{qPWoU)+3wf&gRh)=Nh@J(adt<a84*$-@6^j4%yDQ
zsY?F6(Vdt~a^pIiQ8^1UH04^eNG9h;rCK*m$xW_DW6+PL#b2B_$jr-tXV!la!0>c)
z?1f1%Puo1YK}V^y>jx>^?!-B_b0Yn^{|f`jW{K|j^a{6dMCA>@dK38Db_Dyl2MCqX
z&{v*6vz8F(QERKhKMW76;+7*ISu)kJR~Iv&#nWpJwoR@uibLUo{1j`tPn1z`A&0+*
zCG~&-c{tLe*e2W+a_$005X_=+gP-_4V%PfXAe%Yx=g*$8e5r}8Jbe!ImCKbur;dBZ
z!D>=Rzo+<4wF|coVQF(ose}m#>3uroI*14<WDEnfm55{VW=&9hxkrUiCstdJvH@L_
zk3PNL-x_-Mq;wr!?T38~8I#1p4YIQOV7`1-3qnMSK^x?UIP*FDLq<psII*l-+22f_
z<YDQqvb?5Iahzgw^y2<G%~;`lT<fcYAkQeH@R0xJfA#O&sY+X}aFpiphG_7R2BL*z
zK;iz$Yf<$Ob9mQ(NZCcBupP(L=Vs`x*f-A?nJ$L57f#*|U6@5a=8hfD=EikQM0kkU
z_M9#IRHm@9Vra9Gw;rd!nfljAnX><^ac}KpDa6L|Ini;#H}bKy+N2g&pBrGOyL-hg
z=h$DZo#X`w9jUb@#&qUjofN`4#2L?My{A<D(8Uspf94XU)gB%EJ;p<-4{;y@;}K)i
z-D%?DFj|=K;=kYMzmJPS%nhHI{iZYS-@ys4{pScTxtF<<9;rZ9%0e+@Ubze%s_Vj3
zoOVl^`Wl9hn?%#hsAWA_9Z4B)U1b3=+9=*>mPJ)G>$ebIX+Cxji7lYd!dNSj!_HQ*
zd(P!-MbWSnbet^mFd%>*Mwaxrbw7FhETKY@q2jN8$eav*L+18aedTCbBaiflr5VEf
zBy}Qca%1~8MsWt6O0Yd~{(5n0>Hw4f;rV*dI%Uw5aRoR#MH(S)8iqr&EB?Y{-T+_L
zsj+ZAD!4TRZfCyh)OKefAsbd)4Ra(^I*H#b;REvMS>xNBW02{?OmD}iE@v!k;J%~C
zOFHnLTjPfLKYrg+!Ustd%!sAc!AXMcNUtffGYR95t|j(gcwepb<~u{d{aJy{Sj%4-
z4C)$tm0AD9y8*IcWmC4XuTa~ln7M1nE{ls{i_PC=CDf6*F!N*QG)F2zZ=w!;E|d?h
zPc3=^!AhO;(`KvLifK}BQCepQD?86ejLn}!|LL5wT@qjYH>g??rDLzgGj(jN?dzY)
zg{bX&3sySVg}S2@{x3`r2Y{~7R?JowsI;nU1>uEqZp*;_+t#ckXX)F`@2VdX+*6C8
zXx>bDT`v711Qh!bAdPq2uc8va4rq^U+jWJ>4Z7`ynIZIWGZga3+#?yD(N~Ph>jJTd
zvxmEhy6uIzvGZ^r?1J9ryNw;-g}cG-HWp$St1Ud^kU)<?MdbBC&7}q`vrx^e>G?=_
zKnrtmRlo3~2KDj;F@v2-9wSP-j|67H8%GF@5n%^UTL1Ybg}SQM@xRjdBx1^G^MB&x
zru2DF$JkAmG_{dsdO#8g{u6wH0idTijws8LnVP^t@Jhpe_GK-%3Z_pmH>mFQ&$hwH
zgg)A2rY17M#cpDpoS=Zv@+gI)cC*-eyUm1}LGU>4Q$d(9@<{D}xCP_jH~?8W*yV%U
zF51mOw4bHPYw6#BvZw8?xjo*S8q5mf<aDud!GGIr!^zdV#n)uAu#uhwdCG4v*bx~u
zbl8k<z&p%SjonU!935%Z=Vrgd=H?lnt+9+XzF3edH=|-M*Y$n%^0+582zTlE;@qE6
z(AY^AC=uh_ojDGP{`DE<@_l&M1HT_TAcFOs@)^<M$LYs{Z8w$|!LvMI%?+^gnAmk3
zV1>^;yOq^?Y};3`iMCihySlv$Jn1X^A^Nm*etIy!*vGp!e>UQvO!t)F5B|5S)%ME!
zitha5`Z<37_2<sK@VW?OaO1Wce#X;-q0bpLm(W95&yV(d(J>kNKb74K$Qh%Rop6CQ
zVXyr$2h}Q2)6bhm=&4KBJu4=$rVJsTiJGI=jD^fVnwnajd;#rzwZ_g0M&7*w4!8K8
zlvQ=)0f_5=UE=GmD=kV%f;F#4t3p=8k2ZQWW8>dQEu`#O6_|N(*p=#=tj~4ow9AK^
ziZ$&RM8)dOkDNk3c0)0Xkrl@1R>O79E-S1|R%NQHYXX;;w!KzyF)mdtSWDXLy6_`g
z+_X9zfIo~S6)icog=SI3R2)B<)-CxSb8>#q@z+Ml6})=YX1(ug<zDkdKKb^3<cYsd
zrNVC6#08tj2kXK)f>@V`b>N1h&`z8!`4xltj-e?Df5ZG2y4=OqCfivhn<+au=xC}j
zK7R_2avxo7%wD;0X4*4dd%~rAbQvIAgIY!CAU<g^7P$s_H81N?+Q<4UcMr~W;>XCI
z-sK5~S4b^Re55>OPEx)L+th1C5ik+^l(Do<4f4n<QrXXRH)efGe-2}tL%T*`cos{V
zd^kTPcKS{7>W(vuh->1HVu1JBS%cRB4(4&nz`|{~B0hqJ)7PCAOezA`t<D<@6Oi=;
zCccFa2!4W!B^VJSu;dzdWXLjacQP|NqW;M!n+>SrJWO`V(&h80(M9JGbj}~lGLd%_
z>j<SK36f(m74;JFoM%d%kZ3Hh15Dz)`Sp-wB@Y<cK5n5#do5xpHsXa+By<^IqoELP
zhPMaI()Q7u+nM*)2;JeQODWYS#@{-%zOXJKIK9NAQ{}SdiX)2n^+$PVuFQsn{%uKJ
zK=>V7pZz0%QMc@)Ko-{53I4EH!cAsru|iUEy9B%eQP4Do<4#%aeOni9^qcfnwC-zs
za>dTV%4)ZlLH?C>@8j8Pw!*%XX>B^iAO}O-=_SJ7A4mJs2TOSd8z;qGVaO^fU~^~z
zt(_pT;FZ5rs%2p&#UQzLS6k}31z{X+<}q2bwWW(!R3>09);ENE@Gvqmwk8_Qk34d+
zWmA`@Mj1j&v-|OEax`!6C58x+js(&jYJ=*qhQvDa7c_b@f@Cf6xJ7Kzl61AEHG+g%
zQ8!qWSdM<63cN&T_g}GJ#v|i2amfIddHiTwgrhMz*7!e|(>xCZ*;BS~R<X&x<FQb|
zgTNnCvS&SKur2ritPH*NAn#QkX4PN>iq}7;F0t7ibEs%wzFX(6!6CL;v!<k0>+z5r
zU!iBxi=+^^4*frJ%yugi5I-ib)aYO@cnJzc+W3E>r8-BLh~Pt`pK;BE&F~Y}X*D5g
zqZ9yON`h5^KUydzgsiyD@sF=!UohB|W0TZuQq}>0V32oHHqW9oU%yr26@!_sX}tG6
zfUSW8+(vI)ufLM~D+!BD;n%#$N1z}7^<e#2*P|o|cqZH@j8JPm=F%xS09g$qjL4JC
zWYbN2!K$1h3YOZH$MQm0rx)gfCa&r>oj9t=9^`b{I&);ifY913F&D#=a5gBPiX6&6
zMuH_OO0(>byxevk@vD#GHa`8MoBbC`_$QuMdcTpeFT7tG?e&Mnh0C`%w*%<Juk*$h
z-{kX;f6I>tO;&a65BCtez!1Ne$oAobWP7ij7_^<%%s|Fnhs~C4=9N;A1;Og;Wed{Q
ztBcu-y?3oSZ!brjO5VRfqcUC?^yDxSQXR}0<ZV65?T6TQwy<7<;Rt#sY<CUbl0f0N
zZZ^VFc8FP5p|{iH76O%blA{ciM8?@7t;r$;8pg5Zo|5D!Pt0dzcxzh_qY&3q-@O^}
z$Dnr1G=-gkCw<Gn1DP?e3s=uP>@lw&5`WjK1MJCRJj3G-MFNbbxtZBe0&6VB?J$)J
zSx_NWGiXHHSVk#T+@cN!0A!|>`9pa)W|R6X{UkGp8nPg>UGRLJBbiH?>8!W~M=cuk
z{azcK;@v$4{I%G%`Vn7cw~TyCo0}90IGF?Ommw5G_UtH2==EziPq*K&C+PB%Q!b?5
z%ulhm_rp4JSv*Idh3mjoVsYjmz3E$Ntcp)Bf71EZ+~s?U$=wr<DKD(iKMnbV#zzw#
z2Jn}c0_H*282UxL3t{ASeX2An*wffcX4N@&S{$0n(`flpI+$;L44R6bVKby+L#$2(
z9I6A)M~N$f5Yv3k*N_|%PN^lc^l?*qb9W=TcFeLV{oh+BUzn1OJG<B7(+ry!I?l8C
z-2sBQ;oUlzUzOc@tEGD>aMsU*_zH(t^!s(6HNwP@X=5sv1kUpXpqm$JdQ+;k3psnE
z`7Q#AN2MLE;P|iB<rFMA;a%|Slb|-j5x60?Gg(TxXB}Nu&`z8}-Vv175~Boh6xhwe
z0Z!%1uKD<->H?IYHrmtj**Y0btIE}|rQ1Q*l?EV97hB6tZsa^MSV|~&`AVAy7U-=f
zhGpGTvtNE}<nY2@<B7I(@!Z9M@E)KcFZoKV-^{^mj%k$F5!JcI$?e>fp4GQjsb8`|
z^UyHd%F2b|A99r!AbsWP98`@MR`;NPN8y4B`bh}OQNeh%=)F+jEW4?kJ9IFS6%C2?
z<`)V`22j+gud#C1AY_4s^YOk@gmUmuA2i>HuB#rd>`HIJv@R(Y0csnaARJw2M+A7?
zuAqGxB=K;CZD|^0tNs4ey$A0<W&h4*6|+bdV9RY=_w1A01u7jc6q4+yRc2!(*I`#N
z|8x?zjIJ%VvIeXR)Yk<;?%P2JdG*Xc;kAl9(<Y(3t|`uHO05Wa-JtYcL-b+X<x6?E
zzIJ;e!hxh!gm=jzUWLjAEodnVck|+^;)Q1JOXgf`{D(fI6Xx&n&y^T%#%AcBFiSLe
z-xXG?PaJ3)Q3qHbI13_v;K(_epgdX12dH3C_l|d9fBN(;Ya7l{&@B-NTN}G4@;-U*
zx2>1Gn%Y5~0e+xRH&hV-d#Dmlcm@lfo4_?GzKf<Idm4rZZr&?t8*5&F_895i+~~I=
zt2@eIzMYh%nP(YU@6(o~_P~ZB03@$ObaQ8iU2T&L5JW{zy5JaRVcs#q6OOmH@Nv-q
zW|hni&Ge988Qu<^+(^^MAx{il42Ua1+IFIJEg_F7lLS?M68YWU;8VpAk*&F9w^Pl0
znumrX@}Ox3U{ok8&i5FG?b9W`uKXhuNS%3gvpBbtJ&O3M^lQ@}8r_LoJ{d71NOo+7
zz7y7S<eq@?Pzj!u<Y$d#G5E6Kdx?@fx3V_?_6<2mqg3W2D_@45lZ8Z}fl_u%LM4fI
z;p=5ivkIKxot{Pw^U#NBsj04+na|9*S8f`{74$y{l+m`<VrtuwV^v-La~5gHZ}l@I
zzOv7}L!U7!fpTw~RB;58Ap93<)S^%B-_vb1<yFWRv~2TZCKR1GshVwXvUQ^K=mnZL
zkvuNH>yWEDq<O<^zYlI!OPwO$Fs><xNXSw+uG4Ig-@1RI*`{`Aw_J{3;!}hg_wi0I
z$}{nBmL9QGKZuhdNx<P9pINKby=a%MTiPls{^B_?x(LJAEc%dOFG^`#!6{qAdykc#
z|NH|GcAP&s-JWR*ZrpNN5D1dfxBpiZ%ms4%y>`UBwzS_1wa4A`uWtOMx%~ho7tjS@
zP_S^cMroa5SUE%xi*^jzUVSG^@Cwn$&b*xfqgMti;0oSP;6~|$DzHxIBE|?(q+=1Y
zrzdS*%}>2t8#Kvs&ZQiIvo^k9T-Uh}f=1P6hN&yY3?}_i6H-5ZNO_(i`03{=D6i}c
z<fwn3qEK@&gZ`V%Tf4L<>4~Yf)LhKtX~olo_A{sK#x2faxiSN>T#H>DsU_6IV}@I)
zkEn2?QKx&FNR&FQQ9-IUJbg%lq}S2uU#THHTG(N8vJCYX^Q>3CX`;>`Qw@(sU3w0*
zzD6!Fq%}qgUk^`!$Ftqe7~0vy!h&YtVo48q?77F8c-93*;11XOEj6@Mq-d9Hkotrs
zj2y<)b_@)&Btuy7mAP|%PpHZ<MuB8U0Etha8=ZT_nE2oi+wK~#`@Sj&VL#qAj{HjD
z!w`v0t}R)mb5(Qp*D1+ie@`cZItcQYC_gy`hal+hJwYi-if)=*GM#F<JS!c<&~IJQ
zYt?;9v)d2F<2)*o$IfzqIe%dztJTM^15oy_bnR)DPkI`WJS)OJ|8+j`cV!0NJmQC3
z$43Yro%x^xC4xX0Jf9%3-CAyC)}G<O-}>9Esrq)KO<vqyAmKiq9utR$PC<q{zSSF@
zfP|<rdqakG-HdR_qW=bAES`p#k56KCs(*r&yfnz_WB%P%?@p#%YW6!-U(7%!IYoJT
zl(kzTBj6Ia;U9-=^qWuuq*U~7I{%$*!g8G(Hij1Z-3osDjec$sXe;*>*vO3P5S@M*
zJh*ZnbV4Wf4EFad=tjy*KP30w*!JSnedwOywa&r8$)`Kq*n}0=mtaqgRpX8}G#D_@
z)_AA4#u<)Db1&*a;b<<(jF%Jg!Oi6QRGwi8q*MVANnzvd)+3FX^xOr8Kae>E@@F6w
zws#n}Gsg0YqP&GNl1j$iX~p<KhQk4w^gG3hK_;|GuPmOTA!Sqp8Xmoo>9l|z?P*Z*
zI8|5O$R1b7u}?U+!{Bl6?mq}-<hyNuzlzBnC|3oRvNX6@v_3EooeIBZ`x@wGH`WF1
zS*2N1v@+TFKtln&yY%C&g8Nv&&ed>cVF1E-f%*Oy@cqj|t{B#SV*gp&Ga!!Q=spgA
zXM0>EUmtkMfUz6*TJB|vz@%m?+y!zn$q)vt7*Or*XhV74o`=1-k+iiI3LPFv@n)uI
zJR)V8*Y{F-p9&c)-Q92Hx=fUuN$lTx$sQ1Pd%@kbiPk0Jnh-W=dkN9*B{@@n4~Gq`
z!y7ak9Yq}IN(H&5vOD@mUj2Zf7=DC-KsV2)W^$nq`&1FwUkOmMSKgsK6HikhI3ebY
zv7QPPQ)=R{BLIxS9N|6ns1$onFs6P(oD|q`9UxYt)x-@>>R*xLM>XtrmK5nIx*bSs
z!5X-hG=^}Fg@E9HKgHpGggt=5)7fo;;HqzB3kHeR@DVYClcqPP4}1>K;2mxn<g^Ii
zu&UF<)Xef0Hp@i-M7mD|BZa_6l^>G?6?c<3#!5{ri)#d-FFj|HGiiMeO-{+8xQEg|
z0x9ijt}>%PxrUP@c<mRE%iRKHJ((;_LsW|f!YShrta%3hx*d*ha!{Eodelr=N@=Ly
zL6x||VMKmPoT@|tTjvV{<0P~Qw!;AP>QdX4^u7W1Rr_=4c4iDH6CF(~z&~7GN00NV
z&L}@R>g&(~UK7CqBS_T4PMTwDeU%{S0fzujqM(e9c*rc&&9OzHzDk8V+i7o+ENA7v
zS<X&8eR3=ff-2!pbj{y3A_XtOyZ?;{@`R*(V?miira22ugL3f(Z%fCXnxSupDWi4d
z?OhF5yw6J2=06>gNWxzmFv<2J8TP8Z_4W%s7P)<SQG|$TIz7NAU<?R*?9$}hdLqog
zK1k<Ls{QtHtmq#8EL75dBxN*DzK|K3{lw1)ZN+B}MqUFoW-l4u)Ez*K-#BvQnGF07
z9J3WoAD#DvmXuKXdh_$8Pxg-yBC8hUZx7&~Nz7!FzNR|#j{VKArkow4%iTUoa6w}j
zOu~`A&|u<cq)6*3c>|T}Z0jUy#W~-U%IqzqHm3igU6kSS1*yb@Eid*0DU{?nwpQrx
z&#lvChu<I?k$GL+wc>`pyHv9_!T#Gn=$%3g2XK1~R{F0$dcz$>;drlc_TIXkj%^rV
zp=BYUD3gL~A-;|He)lrU-x|`Sm6E62qdfRbbRz^^bk(18sn%6%*!5~L_{<)IxIv`T
z^U(oPIeT~nZm|q`tAR*7*cNpX4OJxMlkrx<ZA{pPyE@$p=}j1v<)oseh^YWM?CjA|
ze+tf9hM5L8<lcf0{`ax|z}Q}dnmQLOnQ(zGzB>QomJmJV1{#Cih=l&6JU|bAHc}GV
zC~P)e+ZipU0!t3o-puw`$nD!Yz4y(ec8RATmA5{1y;i<&Z6jtYjtjA>B?Ib9SR(7)
zqL&^<L5Qln6ycA1B=ZN+<~eTVxDx3ITD$tNh2o`tPu$jlknUF1k}SgV;$XDscT+0>
zaL8Y0lWp@rQ#F><?L(=q9pi#I%G-?K0sU)(*K?iHG?60vt$2$k>Y5*P;R}tn-1hzD
z8C~{YIvA^35K23a>8*B^6FpMXjZ3#{*j9cEmw-Y|xRh)E{wRXUUF)Twgu@XB9`iwq
z-n`_!1kabRC`4DMwe#Kbu%aP{zfk#StUaqg=@Dx^R6v3=0roF~Xr=O$!DMWC{as8;
zaKTbGO#a71<D7e2>ACX1F1qQn;r4&M?DlK1#>G>Q6z;HZR-BlGxF<v^EFV3%2fvyJ
z#H-i}l_X~VOEP}E5(Vi0l%#6ah1o9f^4O>$w5~m(e(Db;3Aoh+22Lz2xBJR-C>`kh
zXN=}fR_uBt2*Wtd<qg9~pZ=is4Ynw12Mod=2}$M*rz>aGHpdnEVW)7V8qzE6zh%vU
z{0o>bI&8`w3r?dQdtFib@kKYT9M|3bLY?@PUcyq<(zN7)ZDBcKA`&w{!a1A+FVvl5
z&V8{~gJ7Ai!qL^z1b&vcSR>iKZ_WDcuk|!u`wJ6!&_vMU_qJ1h%78aG+=vH&n=Y=f
z&8#6yz<asa@xK4UA{!+GdD@`w*EYGMfePO>j+h^BLJp>rZVKf4qsDmA&}@cNy7*n4
zB(vHPr6;b4D7!7Nl`_+@<g#tJI5zyPoZl|Wve=QZXvOn(n{SPqsIrk~ocSx%%3h>|
zeXg!Df1BB~R)}z~^z9v#%izxNF=(eq%b|^bZDlDG?+#fXQP*5?1Y&?6iLrv2WlJSv
zNMrAdCJ8~(`J?)Y8h1$+kg{dh(9f7_3Cf%iapu*qyB=%v&@krE?cC94Yx|D-Bf0X<
zR>F=)**|lui0T|g#gIEGLS<*o9)V@kNMqYDOA(OmT?}r2h+xOL52~}YB-i-sF*Lf8
zmJ(vRP!AX1oeHNw{W-oeT^olYg|9~<nkKzQ`PAC3;QpxxZ!*`5h&YOClvKZ0;f?3!
zrCsUy(8B4{hP-`sNROM>@Tg$lBNKoMlFr1#!q8sdBw+edP!x}croz+^O4g#T+@FMr
z?>IbJOZWsDtEvtAxjj>b3Fs4*N49L?sPsnYdxQx%$<GBtv1pl_RhxFMqtU@y;{I;#
z7yUMI6MIsQeaQz4_nf&4Pz_uDLC-#b)pr9v0<~?zbduOM?dy2d1B=$zwK_SDj#AD`
zW*ivBqxC7n)0{rE>l0|)a%%z_X3nD-V**;oum?Jh%1Rjh^o(t?eHXC%a#mX{bYZCs
z-r?C2t3vXE_Ik9p(h!`c(E_5JsV5A8&>WK6q@sH34iuUu9mSEK5zn7%o}-(r*YPgr
zvQ;&q`DX&&j5MJ(*#B~~`eH655X3tLHLowH6je4FzFKo945GL5LfXK5;{?IPil-Kw
zQRYvL=ZMbnm|(!r^i3#t7U^`w$CraCwU~2!yhi1?{wQkd$I4+QIWqF^_@bXB%YMN-
zD7&<Jf1gg=GjipS9kUPaqI%tnPFlwt@9&&M;21Mvc=jQ23l=^+1EE_3Kr>bEx>W9_
z=xgG@(lK?(u)iCR>xh{@>kjIGXsiMGV2KnW;cfC-OumwowE=}t{WR5_x~8?IX3fCX
zxZ|80`@~_iH;4WMP;&ZNmSzO#YUSLRyyqm$33H!7Fte8E(l$z3=hG$oF6a_JlvXU*
zmMhjg+FOUxdD`6;{}$33us+vyg)h^phgCKL7fWgm@E>_<avB-%7Q^%$P`CYIGU8~P
zMsEK5A^Do1J~H@yHZ~~uW%LNTG+rf-G<g%^6c<LOv1U46paA(mS>?-IjwC(LHE^`D
ztAKbR==h~w6K$KV5Q~+K;Hni=(&{O#rK*z2xQ~Ihi5iq<74$-Zl0L1;>D$@iMic_#
zt684|d9PE9Hb!S9l$W@xT%|oy@$kAU40C%9kk|TpFanqUT=DZw)|27<??@AHXde<_
zrO)z*ql|Bu84Nu1^Kv2s){ej7Zh|~REzQIqYE50PTm61C&?(-mqhJQY>66EDStNBN
zS)mh)i=oIFuS3gq&43amw`Pd%r(Ovr{Iuh{_dsTk8+wB*JmkF{QhKMSlD3m%*x4Sj
zTZ-?b{N(6O`j2pHj1XZI6c%2F!$!b>Z6m{`ow{&N5W4$KyL>PGQ2_@gIR4s1RhGwo
zBW5;Jr%@!Q8A|RK<i>qW05z=Trm|QUXZ!0kc4X&Y<qdRvceR?90EeOb7LJxs4J=1$
zIYEi?J$&|V-K|D0O!6_9cw$`1c-8B1NB$d_WMV34nRtV{SR*Hv#L;=1{*o0~Bmr>T
zLSUa=gyb?3GU_I>qPuey8+=XO5-}Bf>BGqCPH(Q3`*J>;p<7=MW;?*6x<x)DGYxx5
ztYKH$3qhO)<0O^(&dc!FpX*XtuMV5_oPk<2mLgFLjCiyGgDT16$HWP2C?`2_$bGrb
zq%l~I^7l@pO}Z?|4qit7)|f~QwY6!MR&2%B?I~jC-@xU6Cg_FAKAC&&sGs){T8Oim
zi71nfg4S>%wCIymNURuo!jqUR&AEcjES}xP&Wih`zRe6c!Rm9RfegGfBQEvip5`~E
z)i?V>*ctTHI?0N)_ez|yQ-WETg4v#GOWO!X!EVp+!<b8?8G<eoj#JxS&#c+`tQkXI
z0xZ$04nxchEIiD)cM{xsu;#qe6)m5C&$+1VDGnO;?f*UW=AQU?iVal)rtmcBhPbC|
zZbB2?DWyxF%FZY{3q+B8_N-AxPr!(T5p?!PWguzFA7~hE=o>4<S$0CLO@At4%>}31
zP_yn^pzg&dC^v9?$Bqex(e+?vq&#UDGEoR@O^1t_V9ir0N5<klFDca+?te>X+TVZe
z6AZiA?!$U|6dIK;CTSqEG!?PUg0i4D(p?-#{spxFq$LfVMcN7db<joq6em9j$u=fo
ztb?#K3O>z|l_$*_3d}MG9j<7>qN=rFP~VGyZ_H_D7)TZ%A!9-GkeF%BkqiBM4O?^o
zmK@J|s|~#}3>(!R9ElR*=5Y@$zcnNjbO=rT3&Jn{H-c2B?pRfP0X}Q_kvCW^PYwg?
z``JA2+{qNv7*6!9zd1t*H&lWJovpJob0vH{g|k0kAy?d%_VurGARvRm<vFU^OE4Oe
zrx<}<PY-~gMMz$-Y0Dp@i>Txds`9cc=G-qQ?pg~NVJ0-!6l|kCHpukP&YU$N5kCrg
zag;)1WUPY=L|ng6Pe3ht?Dvy-l{v3vDeB4~LwM&^x|uD0rAUQnoL8kX2RWv@pzq@)
zFpTr`lvv%?*36#qylvIsSPNj@s<2*}EMy9zl<k@P8t+DC<WGFSD>AF61@LvY<|buF
z%^XN?k|W@ejyg&e;!o+(;%esqj_y*25|2q%uC(aLVjPUiw}H^EcuYT=Lpw%LB740V
z@?4em(<%H=GNJqx1}Ts^BBx>OA-dtm7>su|<{7$U4vvp$znVWRovFR}pHJ~i=8D&p
z{M>)sEs<Bz&04)0e8}z@jHk}8ha)PA3I}TFAA_u4E6;G_7s|1|{paO{(4+o$`JyL_
zHtA|&FMC(@f4C-X2_LNA*cHF863YJs=&R9C+Hs|Y?uBv&&J}B*GOu~z#R>IBO8>2Y
z<x#YL0<1?{M`1PM&*<k37Mxf#AK@Uzc!?W@?er=LL|KOg%&ue;r?E+OluCILf`8~h
z3-t(J*{$<s>dkn%m-HU!!HcSa4=P}V^PHF9zowI&Tl~k}K`GFP$}Dg0Pg1s#*fzW-
zj-{hHkQ>&L@md%u^hXQzQ3r=Py*sl24nw4S$&_-~w)!Ps2K^cLSHlK!v2I&#c~6+>
z{{cxrw!b8v_)zbOjBU)$9dz~Mm_{yl@YRp$cz9Slr55M&xJO$T_890-m{s||Yb*Ax
zZRP*ZZD~0dA>{~XNYs`?bxIno&76*y*o1&2o670NRrY=mMne27%(RT%S9waw#1w5W
zmq^coc6*SCGFj=ae+CK$TR#tN{S}|X7z}`_iWk75Z!cMiw?m;uxCMzWU&j;~znE<q
zs@o8qtVf!B0l%@!>XvnF+whR({I+e2;Cud|R=j?vq!C(=;@X>))^+2xE;x&bR<-0&
zRCf2`xqAp}8y=-+zGoP?GztI63pIU?#=VugF0o;#PTu}X-@`mJSvLpaOFPB3F_$!E
zo7msJT026&@v5dqnq8I5J_9ku2#yWdDD?mOg3+IrV=w}imT;Py5=pC~uly^-+IykZ
zm|>oNv3M0_yXf6)!O%vx{|cv4i1+Y~PDH2mBBbJli-P|%_SZ7<^*zM3SQROmrhnDy
zUo-TtrTW(#{cE27Rjhy6^{+DhYm)x8vIs{9BeF5VlSwU?l8D{Xh<`r=K<12$euO5i
zm1VA`pZ?3B<&$c3&a%?CztH2D-}jbBq3pzJdTJV8kXFQQM96N^y4~=$D)+(^Qcb_O
zZO|Cq#I9a^4(p}W5lzDj(Eu-*^k<*5OK~7<r9Wcf>On+?e+fiRqjPYXskJ@~W*^d3
z<FZ_|^WJML!}q>vHONzqbJ)jp{bL6En87}jBFq6iiM+56$zK|&6k$e#1oC|b3$Q;g
zwiii*Rk0VjpxuH6Uw+zYP#G<-vO4<#v+P4^68vxD!ad_WH}bpSM}>pd96+kW;?#Q;
zgP4IqN*`n2tUkuCwd@<KX7ExM^RTwD#%O1R-JG(fQSv$si3)dJ)p-{{KsuGml0^K1
zt)GZz3?<?<SCd3M7KwOjOef<12Cu@1+bc={fI~~|y?uBT<<&pF@0pNIW`TeUBoH+y
z8c;MuvuuKiunDM(8<uQ{vcW!u7*|>;%mi$+d2te($+*?FwgsiOh;6a@w7$@Q?+KxK
z0h9z(g3uZ@)jJN421%0z7Up}-J+qqx>~r<^&+mI(->YbLX72a7=YBco+~<7G=pcrr
zQjR0<pT~YKTLb%MF-##9J@q=;KEzIy21PF2PVDEY+Qh}u(v4Np#~FVQJ!ldxm^N<k
zk+$2g0nUGxZn{G~q8Z#|klKyy&i0Kq4_dj9J8c>o#}%Oh8w5Mm;00PRm(hCO;0fhy
zC51qcmhQv`NKmJEtI%O8AvZ(dPHYLxq^L>;VvL#sY2<lUg+xs{r>e3K)66tAZw}a3
zm9+`i=qPNJwW0ziphRF?uH1!Ixe*F25vP1RlG7g`VH?SWlq%Nm8xV<SEhD|9OJSwi
zd*9Xhx_9u$*&z*HhH<;54AWF#nu`B5O{Nms!`w;t$~#cSsly~Fb4o?aMzSV~Lyl6$
z@;Zn69u8?DDL=>9T9-|=I|ehm%Imh+6Z9%5(y0Ffle9F)*van6PxkuQJwLEy9%&dZ
z2`ypll{3*Ng0$4?Ji9SoTEze_eSV`=*ryj-<~Tpx_&N6Oy|`L6VrP|oq4v}3s86zj
zY*MlPxLn}-Gxm8_ke^W?4G77Q^3q$$tdVY^Pp@^PoQB#BI!Tw=m21}NTGS?vo)%@c
zkR@N>>djQ_!n(fs96J9kWJvP1Anr2#KHYNM_%kMASOoJd0W((o<dHlbnSu~sJ9CgG
z(1=y?&$HSJoJ6fa@C;|bjqHJM^$r9cEWtzb173%NOOkpYJYf}Dt;Ua>2RDB8V2jnb
z&)K<&aX5IB)T)_aO@MAf7AZ2eyz^8U%FJ8wND-Pi@FfiZit+C_ewN>df(W-&Tz;Rl
z)Py!}4ST7;4k6~GTnabWV?66T7EDK&x$4!zS_cCWG&&WdZ#RAn?Q$Ni`c(2qBwg-L
zpbMqywdl@kEmA#lS?&`MM4#*Md3o+nqtD1{$%}G-9(|^&Y&YbFqR)@u^UU1Gqt6I-
zASdPi44>oRxd|7y%C!MTIa(@Kua)EQC5x1!k}F&)7ThOvDpV#%sj<9L4H<RkU9me4
zrO+sBv{jGd@VtGDE|6T&iQjp`KNNc2->+n0I*R013d_d`?+v;7J;d-kcy@MhiK_PC
z>z`>nM8BT9vZ67zM?i{6759zOOtb{^+vW9nu+r(UOxg?zhl&b>%7=JNexo)fMb}9f
zmRF1&mUY3C_zYVTqweQ;_#0EX=_9}DhcTyF^*#0qI!K%Iii&>C{fLOWC~TQ?kP04I
z@-ThQgXcBy_KLZ2Wxfu9^{je+xfd1IS3=uh$9w}BA3n`Xc1)m4p%}+c4izK^3}OKz
zT2_e#cCo-DCrY=8)r`1EEVGMcrn==;!$h493cfc_h2#^e(oH(<S_&RW;rnddG#~l%
zpB1I9+^Qf2UvAgIIw+Jgi1;_0Z_VQ@!o!S?OIMbewj@Xs8x4w{ZElgR?AtBCPVAgZ
z@rx<Go~2E(;LJiK^T}w4;bIiGmFz*zY>@)x1g*N7FUtIF!-dv7FZ#SV&MgpX7#)8D
zdXLjv<atd-1)Y~2CXdk5<V6ZUnbe<v{Mpy@HtFz7w^9F~0(v>CIf{o*p%>E`imJ9{
zEUFqps7Vc|Y2cN9jp73z&|cD8R@B!13%a!nxwnh1ZZY`2$nT~$3@swxC-VD6{w0xr
zlO#7Qii7Xw=aIM*s)mhb@<EC|rGu<CxC^0#T+a#jZMc9^)^3LCA`Istj`VXBl=7#j
z&xOtkZc+GdBG9LcrQ95R;$K1>vTjs4Qjh=1cQIatfwq(asW=8tnr+|}nw%^eSLFP0
zMP7ATk+y$XWG&lp6$0u1ovlY8i>Aq$UG+yq{*cJ`iu{X>#b2=XU&jI6Ed&qgME_p)
zu}|QsY2VzmoK>4AvTyHWn`@td2_^KgP^t--=N9(u`qq~qC=k~gHkCSCMb~5OkI|2k
zlHM@wi9DU)?o&j*k@jy3?P%!qHwQ}N(4=agK+?EH0x@#)1j2B$mM%r3MkCv>5Y2<!
zgc-O=y)g~UQE&7Ev*4!AO;E@<Fj);W3`~HV+H=?QX|OrM$CYX#&WmEOg$<pysQE|y
zEd&2R*B-8x2U{kvZy$i2u3L1q40Kzla?k*3=3oh_<4WjbLw}|v^eF?sr`h|)X73yL
zDb2QwE2uqJ!DZK;ThC3YJ-3-{KsO@LN~CoLzK3a?>v`K^46)&P<lcc*YQt;;cdIvP
z0|ju?WX!pRzoPa>`UU*N#WZ=Xn*2J5%*mutH`AzfM5$2}j7q|&wQRiwuMe>G7hx;S
zd5Ena#w*X(e}&gAZ2jkWT?M-jszdXSp~4Q^yw8Kf{;IiDsjA8KMJYE;a(9RLL*y(F
zb4|v@^({CK>i3}{nHtdt5d+)I>h}w;Wgp*&LgIRv+Rb^{$6r8Q=6eK^&)ML6<}F3d
zy`^l!-6rUTeQ6!8Mrw3h`~|#po`dfT`A<>kanXNLbZuor9n`R{4|z8#Y%Cvfk@*bI
zYrQG2*8<|S0Lk4aoK<-9Yp6L39}lB#jQR=1;7PWAHzF%t1UB(a<Rx7vCA7zS6B{w`
z6Erj-&?gS42pa0oXl3iyLP6NzXE1V1dEB+^p2CQy0vn44!)QrLjMUAW4XKe1*Gtse
zHnFKN(&#!xHBD$rsB@qQ4O~!{+S!gp-2hv@^F8ibEL_L1?;yl1H<20~MBA2P#Lx8R
z01A?J>{XlYA#JFkHh>1YLU;rF_@lJzIokE>*vDkFf(hTx{^YmRj_?5v7U=JDvxM+N
zY{Ow{4@zpGU5Mz!EyMmp$oD+yR&~si-7n&9#nyjdq)F4b_;Sg0s2n(1Gh7kamcHSD
zXrx0n4~m*VWtybCp^Ft4Q+p?=#3Xbu0}sLjpHzG9e!ft%vz8Y*Tz%C>m^F35KGaI7
zo+t5rb?tuY0j|x6yIWK77eHvg$W4Hk75S}FuN()tF>&TFb{`|UYNf)6=&GmsW_%-z
zK?N4@;QR2fHRP)GdX%g*gra`zE6UhNK_cu=sr!OjAy0?l#!tbVUf`H8Rk@m~w6r$(
z#r^y=7$(u^IT&3Si+0ZA6R^WjC;=nYJFpQII9=%55Wd}R`AUIoV(T|tphKtrGwgm`
z$L^tndH1!tSl`>IoUjWLG`V)0irQVB^BY}V9j^V<g!E+yr^e50!z&jlsgD-WQ-)jf
zaMW1XcM2o235Ve}*#?2o6`XM!5TQpP8V#!L&JSynt6-3AN*d`Ej_5`{(i%+%+7r@8
zQkXYno<P0fV0`quOcd6U5jqE>A4uv*XyZ-7y8XJ)Uu0^I)2F!m8d_>B7{jGYuHJ1c
zJl+zLj%d=Y^M$hx(Z5v+OCMDmjqcrzNz3I!p$5#E(Oy8SHi$0RVNP;)p%g-Tuhuc2
z%U9edCHKj8{ro)n=4Is&V#&*MzQ+$`xK8$j<ymyj?v2e^Ic`~PwvIDnl7B)HC{PH#
zq+=V-Q*Mmx%Hw92Kd;ks7U<J?@}ynrU53o;GH?lS2TRX>Dx>hXWcYhC{QKdHSow*t
zb%tDryuc_f9H9)N!ta-Y7#4DOk~<&_(lMp*5nRN?vnAfZe2627YGNVyCRE<b6*aU}
zyCt43VS6l!d#fj42{oKT!=RAsi2_dnIi9Jl6#OiQ>j`eU!asp^gfI>H3>}&Vx9Upy
zR(Z1EKBNFa=RWDdiaL={#r?R7wt&MHq+x_KthL}p9hZoPK6h+KR_sOKf&F`%jP)&z
zt}ozIxgV2)?>BW1%mFTl+;jwWV#c6u4_poJF^;H#nJ$HfV&I$2yHH&%Ou;up%XFWK
zdAd6q^K|RrZ#VpX1%JcvHxI&RH|0@ZKNLRmn_r<Upg}3+uXUJL11VcM%co4S0j(c;
zl;Dc21{#5e0>VZb<hv+B1?H!S7s-_UKm5!n^#8wEPHU_jD8Yt*WOAnJI<~ZwpXXST
zZsY#VqTU``RC26QA1}b-)J9=>$^UM7uSG#P2y!{;y};$5=Z1iuG@d{SgFg~5t^uOM
znTy!i!4het^>YJ-sy4Pe?A#I!8=Lizsacwr5u@Vj7nJ0xIT}E=MfEg++FlyQwT0aL
z6dE5;mmDdULiw3X#Tb3ZkjK`OjE_*trpgCarlXHdQ^OJN0Tt`AzJ;G!caEa|Bt=nw
z%md$nc9ckGg>$BjH;o(@J~49EjGm|&6F)3<w)Qc`R=n8YazOah*g9a~EN5PTf+wiy
zzQlCYo(UO4>>cJ>=pD;3RShJ35jcS#9v-7DKk!GYw(e|;*_BNvrLhDmLdVVz)sv0x
zan=P<ivyNzzAK3ul(l<EPq*6jXdh=W>A9Ow;&W#=6_rm(RwbYbQM0>##M0<TwfAWx
zjEaWtevu(3-itNwTNJ13K1BHtijjIW^)gk}b!WvrXtuHzf2Z7szp1P7H)|FC=B|X_
z^2ess(n}&oFR31SG2cZmvzOA#yd`ki{<wL|J*XC=+qs@zO*=Q-gDR@b&MJIv=!-xb
z&3jAH!<$~W10#2?FGW%2eefG^(zSG$*OsdO-zYmJHuOT49aZ%9WCQ{2Q2ll1OXy%r
zPeQP#m7*gi)P$|D+L7r-v4@b033NRA(t7~YRAAZTbYZ*NsJv>Vm0G=}H|d2|w251;
z2Jl~-b)$}IwTq;uCT^O6o6xG6w-G5n0y%H4@8{B=rv`45pGUz2XOQ0w<)bl*DWkP5
zlz%aHcOiBc(e6|=9G4XhL}0G7^`Afq*><-6I5lu!q%1oO0{&hYRvzU;XB$5`iUu;_
zT@+CbyhSxUY|ijz168fAoJ0;B8eL`wo<T9WzJy%)G%#LmsK6iL7mz<3ifSjyCouQ<
z&C|)x4^gOwn9<nZj;f>hb(jc{i{eG_krI?veCX`hI0IV8$3qD5{1V0ID`}BeVUdl{
z&MP1q$ZpC(M#wx&GLTOt6%jd+T1_%!dnR)6^ca_IMud2j4<KH6iS!<C3@tY_O{_h)
znlsm)yOFolKCFkGW|xhRuRrn*GA6wFojg=2>x&!i4&30IU8_@+L>xg0VY20xn8>-X
zVr?Sgl>aPCljUYsq}wr|E*fxEMG6hr5Dl1EkxT>DXaT%YIGiVSv=XDxmz@yCJB!d4
zm(Zc=Q3<CONN%RC^-0*{fa4d=7KnUU<cIJ$+C5ms)SbNxxR2_q$xR1ib~Chxe{@6@
z9l;8HKpDuTas$6Lv=|obgw2zLVDc54VS}|hH(P{YinH=+GI(Ho0Sm_!a9&USe(6i9
z?hcuLy?+Hvye$z)m(k&L*@A1NRy1?3eb~HI=#1p?R;e|xcH6xp=NpdjlR|Z9g1YUE
zC!hoxk_7D#&Kr2B*p><{-+W2MtvzEau2Zo$jbW`0G02RsX3dB)rkZzXH5kG`9o4Xj
zFrhm13>9ra=wT(WR_c{HFr%;Hdq~Ok!i?GmE4XoAYuFH4V*Gj=5`0qYHh~n(_;7`X
zbmZuC&;l1T`J-(<V>n=+{1K3dFGHx*DY=rRa}e4Y$eDbuq=-DNh1$o3Hee`}kRpAw
z%^05i5xLfh98}mt{^Zoanbb4qj>DQp!4OnCKI+A2RK!F2#z*~Bje-fVjkZ&C5y>@(
z^sdV~`J<&mFilTs&1BK_J~T~qbwg7`*CB2iL@E3X2Os990_o);e_yB;%t)>w+ES@Q
zI=bfGG8N@wy@G<NWc?Vy6q*|d>*{r0Ux}2Pf+T{!QEKy4m=WLMm^4^-5p@BovqJ^?
zfZhXK4*6zSRlI@0&yt5bV;a!I^5ll$4i_TU=s3o!@U@sfQ)w9HP&%-XPhp#l9`Y#d
z%2MI$JUM|ZjAa*s^+4)*$;_XjNHs*QAUae^@6a<y>7g}+rnY3KW~pvME<OuQ@iTSj
z@u0o(J5pOKVc6!*Mpr~~ooe)77+#`JHSrT`gF}>z9HeAqn|yCTuWT@d+~I(sC}0S=
zBSjUsI4B#e6jbZKsk1>m+-zr?U17G_eU?%S@>D1l@e@*QTs+%cn~G=Q2B}Re-aUvY
z-U!*EB6Syy1q%225T?XENbbZY^Fyk2+a%3E{898gS2`f6@Zipa{2Y?jF@DJnyhn#f
zwm*Vz62>>lY>_J*ek*r0dm49V2@Dl^PLqvoJ~zDN)>IRB#lnd^)8x@FEYfr6mpgkp
zmniL%O$#RitCDT!--o|swpl;CWIm)e=R+a*!|z$sq#y1@6HB!&6`Z^*`d(H_L|?19
z`BUAXA^<mMaa5(-HqRvYw<}6uY8jP)i}T4V@2W$)ec%mTgCNcHc8hLfFB&E|4|Cm)
zhm)%gdZkjE^W&;H=-lUODW7q6RHX>vD{8Kg@=b7W6T;4#1W6CKX1J}MNetsFamOk_
zWlO2ZDxA|7SA7@8L!Uv~)d|a8#x7j+oL>fSm-3U%xYkJBb)V7|3Fzd9&36a~BDeEN
zups$IF2M3*L;H?xZ_z~upRW+k>-kB-!`9RqtCVk7TVjEhZ29ZBmb4v;w&VbOwFg^_
z51ueea?_L9wbSx-jZ>SRym2es6gK)y1%hI%`n=teCbXO2SIW0;3rtueeLQmh)%gX|
z*MYT$wnmHLXhGxD_5wXbGuuWk2<?Wkp$nmVzAaR*2Kp~6BN-y3uMu#vWis5xVlk$4
z<ZNiUUfQ>9M1gR9zTs%&#P)psg!X&`x*xrlG92&JuLcs>^RaqJ#mx|^b9DTqfIcvt
zocKmPQ4kAqIHOdZgX1JHy@VXUK!*xFe(b(Fwl5|l<PRM=VlXTsI&p-bNv_{Nt~dFE
z(cWB-J76H4YSj41@EM%<R_X(eyIxuhgG5TGnN($R9^Pan|7fFyi1X!Zgm7HdoEq3>
zm51_vUOAH-Xd74llvw!*P(E3ar7h~mv$W+|^MTtnx~P9MKI&N4=%Su*%ebgFyR=2!
ziZZps(u}I_Lrc!r4jFZoYjLTEjmve)Gvj~{;Q(Q2XmP5pfmN()M=;FRZ=@oqc(qQp
z{<|t-*tY9jr!ecZ;z1v2iseFp`i_D$DhYESgYP5Xi$z|q7Ku*rUSFWLa}Fvdx+2Eb
zZLs0(6J3mC*(UX79ET-nMvquLsFfur({M;B9e_5^IDm#5Jtcvh6<%^77t0qdL95V`
zBed-oiU$?Z0&xmI=p{Fzht6K9zyujfjJ=Z&1agYJ_@?b@wgOWyaZJ7fQ#9jnj+&8)
zWwfgqLs~`#GunkVqGn`D0(P45E%dH@OzN!3p=03|slXmu!o+P0!~r>@M`J7mne*9e
zrU@;xl;z1{fwiL`Wj*aUTLOh7)Gtrbu&%XnT7t+~?o;Ha+o=mdiMJwl2xk!IJ4g7r
zWOJ*cXnqD%`lnMnj|tN~XGmSC2R@|zpUeT(mTai%g5UI-HpzX;+cXo6RIByEYpU~z
zEAY#*&20h3L%y4U8^S5oZ^lni{|F-3X4CCLAG#VhH_a-PJ8I9*17gf=H^}DN^BKGm
z0)bL!Xki~)rdI)z>htJLI{WyodTJeieeL=ATzrQs8KtE1f~L5fEnH&GDjI}>L-|U$
zL4lw=K?vLU$&j2+qNz+dt9Vl(R`GJD%JpU*8Nq$zAiKx9e7M!bG3?t1(bxO*a$uW)
zYi&A6UA|9);LS#1AWdlPa=Mc@O@kIQ4p(I3wY<rBpz=z1G*QpAR|A1__b!G{qmF2e
z5)7?%5uLnR@<-S|`;(2wfhETGer%WNZIrC@Gj{3uMM9r}i?0i!>Rs*TczDIR4n9(O
zEjj)UiplJHmHptLpCXEEYjWAs4Z~C+!q_e%wSa<hgP09T4V-br9~t-gkTJ1G)6Bo*
z%SMMvW{bm&?mIj&+!sEsqPr+xC+j`rWx5C^``hL{2YU{86}t1gLLiBpbtzSh*h}4?
z@0~<{O$d;%cOu@SQp;OZJ$SG<Qwf!&lz7S6uM|bBHsPsiwKcOPRBe0Vg%_wk8jO>S
z_9m;nF=4Tr9|`>g36!^yvS~`zH%`o7&X1^wAV3MOJ&%-N%2>R!t>_cJgnHbmG$~Wk
zsD$Ai9Tnt%O*zKKdh=Fjejc!RLrt!x`j++vd`{ysLVgM8E}-w6otvj-wB~t2PbOki
zAZ-O%M%6H_i|LsS-wRYkCD2)0p%PC?h!)_XzJg~^54v6mhfr9KOJdO_ki$!+-hyP=
z5-ov#Yyx`pK@**(UIf!KTi88!xwa0s>ba!ayDX`;rpL@!raTdyuuZ|BGz@}L8XvPz
zLXK&#r#JNVT4i_W(NroUul)@wd~{vss+EdsL-k1*YU~c(lO~*>w%J;HR}vK7Q@bxs
zW`%RpHYZ^~8U%cq)@YNB?K)k)^YF&MN+ImsHAu}~{5evy+f5X+$XYQ6WlFEWwnu`!
zC{o-(eee`+;8KN}^*ZhfX>$eD$4es-f$HOt1N%`bmPr1mBdQm-xkBXoomte8&n>Vm
zPxp;ck-Mm>$oa_rM^V~_iNwMRiKd2ZK2?D+DjT9WrazJReyCt~yCxPw`W3zmlCO{b
z3O?q=i(=|;SEJkA4l`b{*OV!9phhGaT^h+K=Li=s@RP<SN!KH`if}Q)PXcOO$}^2d
z%KOKXwo-f4L?JCYK3x&yfGO2LDo|Pw&K$;*PzE^CHgYsVMIP&@r?P&Si+cyLH||F%
zWXt^AL8xJ)jMRNebY!#j*P)^(POi}66rYFekfDepx5H3%6caSf*kolN4O3nGuV4xw
zs%wb<x+$r?i>=>Bm*N72ZSERCAI)QmxkskbHz?-8uK6P07kXLep*<~M-&BC&q&aN!
zBGgxaF6e8jJq68VmN-+PG<~5nT=}IGWC{vu7wPyO_zH@vPiSX^V4n#J*f=0{K)X5?
zBdnK>ybMz~U=bHvLyK)8aR|z}r(C)zzg(Q3pO<$Be?~e(CPA+Z`~yC0?On!HQ=YT6
zau~|4R&;E`0_eif;+d~q#1~|kyk-1ZprgoYC=`kmy^L%WH!-lh{0Ns9`4vYNekr!$
ziHp=&UUElN=Iq9wDhfrZT#5sE05(HBlO`{HfL}-qo+Ng3wz;MPz8hTyfy{6&HnH_3
z*!gKlb^RCh@&ODbTVDWyuc2i<3~A~7ncoRl>%7PxeRF|&>_dPFwjn~Tcup#n6|qr1
zQ7Wj&ZPD~bPvSfg%PPE5E{<&F*l@uH1KWT~PQzxLU3#|RZz%doB!Ao=okELEJ6~Fj
zW+Kea-SleRxpy_ShJ^tXHV19x(p`&f<)YQ~90cddgvR9JXAdSe-DOW{Z0vJm#DE%s
zV>$?{jvbea#zwLn<33mDtcx{!GM$aFhF?t^o{C{!<ycH<3@68YXzc7ZoR0ErRBcJC
zJFn*QlK*)GMQo?{Mg@DaiMrZ#^^qMduuurOo(<HWR^S5hQCIM04A84S9ASR}4$dY$
z`X)aAkMpl3+(WsYUMRUjdh{g-bN-bpbIjrIksjTvK3xG%lRacJs>3v6F0v_`B0fF3
zdt3tFXo5*JfzpiSkwv57nU7E->qlGEj7uP6p7bc1hRnN2^;IT80_jmySEXRh866&?
z)L~G!_H?=q3&Z^6^E#@78hZPE93FAG48Ft_j$PO)p7oFmurVmNl6UH`&VVIU?YXzE
zCQMNMccK&r)h9sp@DZND1dfLy+$5>cG#dP43>G?Uck*36@<V)}TdCH6CF)S~DaX`a
z146;*!H2zLA9jy@Xc>Kg)|7etbw5&D6E7LHaN$Q09XA1nX7stu=H`2)NAV5KSQv!S
zR%nh<xf*XVv;+s&|BaUT??q+t28Fv7Qf2xiAdk5@C1N%?hQ1VsOSu_7vVv+}=}K{5
zqN>-hFKxleEp?PpFfVIG1+F7I-hz?8z6aS%bwe!J07O$YY=|kO7=t&g*LKCvtJGa_
z_gktq{jnBpN{0&8OH|F9Drk*SlBE->6_UP>Cik$&jtZ4*C{%j>2`W?yE!NXnyqT3;
zM0MT9?lG;BdC||b1{nr76UoI;a1sxBI9?MFPik^80YjrJ+~_~s?mDL{l_z9&HTuKt
zuCuy)C<#SR$tZmSj<E=t%@BrpNGd&rO@mdzmhBpfNvkqj<Yab_D{{5Vda0NxdOm<#
zqUb^#^%5WKl4MRZ^zmU}QA+uV<oNFB36Rtw9h2`+_+*rKDSTK1?pHClCr2F?aq%8<
za5uV*J^Zf``=PSp2=xY(T+xW1>zg;A%J&qJKZ$Tg>fu-l*|1xMlqw!=L%a0hK=<Y7
ziv^GZ2Fl!6LY0HAd_z5E==|T&7x`<5SuH?*b$kI?Y5~FlMcOCd>mk*D!4-BCqcH`#
zV-%+G1&Z`<Lk*AOK6yI%b*wb<yH~M%!F`hMZqboM{lmLXO2vJ&CVH0k#$RGY6NAW4
zd>Flz1kw1mbs$c*gwTVzuAF_y0)NYG@Z(E^pR)PoY)u^e-3>uCB@k4z27(?c&x4=u
zd*G+?KKQBL01@{?Sj|HaR<jwxYHBuwnsIpy(M56@zf*!b;T`|s*Zk?BbcGM&Nuu8>
zwIQ?bVloe891uQX@v;plsdE|UgfCdUNIeP1_&X%tCcP(oQX{&F^E5X(<FwD~i3<H7
zx8x=bUEF5LkLJ3@qZvJ7@hM|(2C!y>5`Rhx4nl%6&mrWY*Lj%F8aXbs+C+DMv?ux@
z&dnGh0CE@i!^q8W^?Oznk-K6w$kSupCiS!q7|#4og7z9|p{P`huQ-ISD9j$hBVTe5
z=Fd*Nje=0vy}pvn69K&!DF|qo=pQ0o5nKsK6z?2b&6QGMa`<rn4RKQE)dw)@tit8f
z`fVA5GtRM%K*sB880Q(5?vqsU)r+dOyVSG8rJ6Uh2!92scsVN3CVse;bo301n!#f&
zQ}ilSR=7c_nowhMp4n)U+GK;&jt6L%;Gy3|@yoeewqfmCEHy_PhBqIU_(AF(fFTI5
z4*Mw|!BbAH324)wd4jrrBVp9C%r^50<itzZ7(~~hvvWv(%Xz-$2USq*rU$*F1OF8u
z`bII}m(YVbhV;Fx9yQN}{X{h$Sh`Jg4N{bLv3Q8Tj#R~pC-pDkS{?OX4{g1g9}+G?
zX~Qs6psG^}Pq5I!aaA3sj>QJ>g5V~_jI<9?s6L(b;E_3$+Se3EB}>R^W1I6$)DtI=
zkWKmNh8FhimJ*8J-xGFz%z5h0V<&UB!xcgMufeN9$IZm6Nyq2bE;H3iNuj$YrZ-Kj
z{j{$30Pw`}wc|q{sXbtjN$qz`HFDx;OzoAmLXgq%an!MfoPfPCTL=555dp;g<6Kx*
z{CWIw*elI+2?|VIRn{gY?uP*?GN|{At2Y9q_{jNs9F!=U+Vw~&jG$}&96Pi}H|U+p
z0744y%HtAA!k=RYsh<HywoA`V-DMNYfShiin){5<cTr3d3$QSu?`xscQ2xAC56=hz
z;*aoi$@U*=%HEunJn_S*qIV(;1Tv*wwM~UBS)LCg47ITteTjxAQou-yLQC~xlC<2O
z5nkpzFD^G#r<R~+KT@|#!-<T@ZlN;`>O(luhb6ZaXVMJB9h)k(s*1mek772OsF#SC
z`mZUCOU8LvME-bobbN5Lq1Glh)5yqEGnK-Ukc*+!O^Q|L2u8Sgt(Rmbx*My<U6gGd
zWgZd3J*yY3zLpEQ$t&}97kM)&g!kNm4@gs6$`chu-rxf^mx6{fMKJiYRZ9JSAs6!+
z_!H_77s6ZkZjqMf^99T(8AkYW2HjLI(9;=7F_{x-;m`>?eWBvP6&_4jq)eGlOXYr2
zPS?^1qHld6ARpCX#v&;{{8{wi2nCKOoM*Vn4!?~{%AN^JGsS5&mWy^6NwB)mO?{9I
z{+N29b*xI}XQ@eGLupPb7n$*=MtSl9bWqDSTRfyyr_n7zWXKy|q&}AP)w3OLTUA=-
z5j?5?#l96VbBla|cpzJ%t{WjWw8L$4(kvU(vdi?`45&t`eUa)Bu0sx8l>-cv;$G=_
z5r;1NmmJ#|9Ni14K@F{`1)WDi(E<JV+Smq6B)?8iplmVqsgKkRd%Q2+FCSHaEysQx
zlthhc%b$%C_Y!Zr+A-Zb>M`9IC{B(+J0s`$%`?bTFK9;zs`k!5UeV4A<eSjO%Xx-3
zHBOU{OX#f2aC^Z*_$YVtXPoDGTjMlRhIy|l6&dNY+@jhhAqsCQvR}Ru7=7RQ2Kp!q
zQCoo=I>RF-=KxX%Ik}v^&_{moH)vRhv*^)5I{#(BR0tH&acanR9=4EN1a0LGss$9w
zc|MW{86@JWU6fnO-5AgplcmQs#f~`c4qvf{*cHuZO4MJ_w3k)-sKaFZCk(7N6<Qd1
zih~s?6>r5^9p)u5cCi#qpxcxzteNmM5#HkD>&NvB#)B8Wq>J&1and)ixp(O4VQ@TR
z54aeUI2k5l?V_uA8>Wi9dKLR*O98GLIZ9l^5ssm~C>C3rX0pv~o&w^Uryf*HR^rf7
z12_=3waKEmtd07D`V$l>#Kzr>a3=iowdd0~bM5(f{x?vPsr`0^g67sPg0VP&urHRJ
zG|rS0&sz%QGt1@AXhb(XcV@7GF13L+MW1<Mab}lnD9Eo}w3<7Mt-S_aFU-PfI7A|;
z&Ay5^NrQ4?W(#~ySA@Daiu4QsMKoy{t=zEsc6gyK{xrUerM`tLrfp=P33ukibA=5j
zxZH*#=m3Gcn%p;6J2h&u!0V|mr^JoEshmi1wIoJ}fT&_?!2o(4gSz6{4La;G%wQWx
zqDnMO11t)h5h!m(ABC|QKk&%cilUnM_pOE?Z)0k|KVLKO-+_3-&NeZN!{HT|ZAY@k
zDDn{?`H@}mdPBh>lBBw4fx(mub>6n=4#_<P%iN~hrEu#PhLDMMwr;!yxaJR$DsY}D
z<*w7R8!wjluz+_jL<?BD6S0OxiaQM4j!{LX?P@D3+Clti*pG?{OVJeT1Z=Tw0fV2P
zhl&NTB3e7ln1n8uSB);r@zP&+Vz_LkCEy821Dch=9Anj-6fgwwE6W`-rFJgK_}6lW
zoj<EyzL9cq?S}c0(eCXD=Xrcyuec<A0c0gknY+1|3b$ZhiKwx8wbxsW7NO~oN;w8w
zMG{?_N`8Qx#_DvN1b?t8EP)pQLT{Dxubj!*#@9k?_0;g|3|qeex-fetHvv!O&*RT<
zMthz_VE%rf&2}IYlqoroVE~CU=n=9~qElH5MokI-y)k72y6Xw+!gLCFOWs-jdEOh&
zjyHe;Rk*~4HZFdodnc;T$@lrF>eiI`6wNx43H0TZ1xQH_s^;Q&&8E+|VL)9JICm)1
zHJFJeYjJPi4JFG74bY)dduyL9VNj$HjUyk5Sy(|CLYoV-2a!T=JA^7GE7R%8I;^(#
z;uW5vqKdoTjA2NsoArLg4OlDA)=(wqORFf-VdgYxgH^bAk#j;B3xsnQp&!4gydkup
zGPL?to0K3fwF*B1GVc%-#Y&4Aax-i;uTi~fcvu1t@=I$Urz(8Hemey}MqR&r6B=~v
zrR!8Cs(VUHnaobIstQTc3OfRZZLk5$P8O+)r=O;Q*ANZpi~(KU+yw#GDL+V2eqdLA
zFo#Uh67DnU;7fU>FL9m7Jc588O3%IUq1vP`rPEStKu;dO4wqGk?Sgnk`5ZnUbP~F4
zsW=1uQbgu0M0MwTk&|1W&a5b+YQDQKY85a#4cr|D#N4-0Y1ff@%8%-x!0kjtf0)A6
zp|hrn<Y_p;89ntAah{I<QtT(yI-QwDt<!;G_`*YK-h!RllpeODJvtVreCQzoHL#xs
z4r+nL5V&*5pRXR8o7Zb5h1%xw<{vfd$FPB)ThVE!Rd`6+TXgd5jQG(4zv886IP(_T
zJ%%B42mSyH;cVx==g6Yz)_KUvx2VYjv~hOGeX1w`n|&Y9X&!~9AX#rk?Zqv_E~4i%
z>1qA02gmuxyDr+KA=AeAIybO!X*zi!y)o(Jn|9!fL9KH<<nuSR+F<$P>^p|k2o{(w
z4>_R5K}?K=Lgp<C`-=Rx8cCNh<O?+I%`r4Z!On3s#ZUhjr73b_G=&{#itg;`oay$v
zdH7u1S4~Nc6M()rI7(mGsq#~lzSynO7j*ncJcD5W$tAoE3bP^X|0EjiZ-X^6P6}FS
zGv0Z2Tr(!bn(+bTg*MET4@ku}=TUmwBLtHbshww=CNwg6w?ji_LPO+fu}9`^&aAkT
z`L8guq0tU)lrRsvR<i~?jjJuns(~#qGa6?S*O-Psf|C$=r}wI63TF+~z%dy4<Q?cY
zpsbBv#6<OhBt1Kxvs(3hRMC*CuJ1xY)C12WEeYfXP*fkIgRBl<$v)T-m5r-Xp;@tv
zvRBAOcpf949WasYFRIcZFG=`sYFFRq?BEilO%dU%cs#!`N_<R+h|7~B*vH$vF<8Ah
z)RI?fC)YvwZJ8)T#B($gS&u*(uyK)v6;w9#uW^Nk%_ouk_i+eF{>>f~?7y&q!YMF;
zspQLz5TGV8u=NNs{Qo-)aj;ua;FfY<h(sK~1JWrvU0xK3cs%@Yz(|fhpeTn_kbN|v
zWa_g2_BWjlMd}LzV~!W2TuzA;wDA+2=PMIc4#t2yj$EU0JOYFAe?_UOoI#Y|(D55}
zQ+dZ9qT?616+1ElpZqY&4zUfi4<uJ|d9I?XyalEK3soePczxsrs(NW9Fa0LUpOD|d
zEwVDB%mSUwkn0ARIdez@)_hg0=I-CeH1p~-wq^j$V;e1Mt1YU3M~G+Z=PN4NgJ}@C
zHRQGyc}slAZYCFbMZc9YJx@~4ja)KJUAE!BC?~}@4{~pbdik{|ne#)oVJRBS0{wtq
zEu81sN52bKe5GEhDrg-*uLGkdD={mPCc1qjtM(K=+>H}j_&G2Sac8z>9vL|;_2MQ6
z*FmXmWG#euO6_<x_Q-{Bk5mnsVL+Omfu0jRU-tASbn!zYXQV+$l?*9>FdF&X*t0Ro
z3F$U78(Al$t&Cru0TDA+rYC2ffI9~6tRo+d^a>y8qyy4X={VL?w$G-6+1!b<`RU(L
zNqoZzie5mn*P^EQA>6hos<qWi2Jgq9J*eKIPGq*>=Xw?Ry<fQ4$Nsnp!LdxFbysw1
z&woBTwb^=9fOlpg+U@3LDBz6$Q<Oh4BQkH6k9_!&3a|kS!L`!j$WmwfMwHcg(dAta
z3`H;L+eLkOKyE!<R_u;oKfe@+BTMFRfyi5hc2@X&5N>=WV*xwWGSe<CGgwEZWqo8f
zm2o6Tmzx_Xr_!h6Z-V#M7mOC_9R)G%rRX#ABotiw8F=ZT-&3HPV1I+cHXs6<BX<r$
z$;|bUhyOy+FxUok3_*5pR}@^#)<-3H9#Xy?U)&<E!MupsKps~UaTS_zzz=9kE^k1C
z!uuR%TG0X@v8fetv*2q~zUw18d?t&xkK!hib2|~NWIhB9R3TTR@KecE+egKT9&-F?
z=wnN%)FB^1VvBAUmDdIOGLNhpISoV0wkd@SJ{{W~sPJ{+PTGMeYGeNlW4nmztv*W+
zlFQn>)SjRuQxOg-@U2qG%TJHj;yV9qY>&8oxWFoKxBAHRhoB0nmn=v_rMx9SKpcg}
z`=|(_p(SXBqU4EEK?;1=2_E8GhaFg*B34@|peP<~5ggR*STg#JXu*vdYL9MHH#|Ll
zo7ytk1S>QlkF#P~u71+>ETTD(UH7YF+DC4<1O|pGaeM&9`^X3P#}-)=9(<rg-P$@3
zSI&OjA~Tv1%M;q!Lm{3$6yn)KAs$B*;yFVho--8UIYZ%w=m|sj*y9Bo7VBchpCZ6V
z%%P%t;nNzic*uExo0M^&$U{+B5W3vONX0|Izq*VrTgE=o6^7mjhJlGZ^G6i^-!SsA
z&;bPxVlYZ_FnAELSc`4O&W!FA0icbmM~@?7&7s^ck3fC?Hd9`si$R%OyDNTSyKBPg
zc2@$7QcgYRG6P%4AIog<tLJFcKN7>;iZbfm8l?73<WJl1ldw1-p4b-C$EE`BkAAC-
zuYs@d@fp|{W%RdQLg_1R9?HfJ*32TSwvE^0em0ixFVsSpX`F?oTewk7!WKu`T^FFW
z7jJ0vD{@@BD*`tce5$PvlG#)n5xw9dwZ0B&N_M)Ks#RogYg9B01>WOy+0b6r7SIEU
zO7iZHN{x6s>DU@Opg2r#slwkJt!!JY?07T{LC|wHIt^dlijZL~l&OQ!%*=t&9LBvc
zj(lgQcIv8<!vP)neavn4rDkUnev2oyaisX!*w9Q?wc}5bc`!hvVg@Gohy0BsW$So~
zulzTct5#B%pabvfRRbC4-yz#Sel<SZjsG&+FI4ZkjtvZ-j%t_Q6=ZJ;MF_;iY&}nL
zdWWbK^8wU2dj}QG%Gu@#?4B;R`Sk6>ODw4-v6$gXYZvNxQ|7R|Ub8KTP}_n#R+Lby
zf>Rz+!cxsN9Cj#{bw%Xq=q0z|U3we{&+y~EP~O_dlp9+W7sKuugr><U?4F*G)i9i&
zYU2_iiHHg%?4HxIk=^qRJSWhW^ei4;Vn{V{#kEdsMweVMt{I^_m7-Wf-b=c)Ayd)0
z#?s3g!S3mV7A*c(P3XcV94L3b$ImTq80K=|yA6DT+sV3LMi;WnyIfA6(IWI2meLrz
z*0(ZyiB2Vz;EypkIHu~5YlDT_Qe>Wh@d8{fIky1~DhAP<VwQHE)iDFft#D~6TmPso
z_66l&)V5;(FUHTwq+e?kTzE_y<mDwz6WQi{Y;#yOsJJq}Y2w18+!VI?9Q02@hr?y%
zr-bqq6ksMg{1MrRAx6<1$zOPsZ-dg-jMX5$#Dd}`&4MB@w_*-Xq(5(0jcz+d|NB6E
zAn1g@SM>M6L^1tVH3TJtad`OEN1=wEL3cwiO*PK;?x!_9^phSkV|>(tXjCuI+~cFB
zsZqo+1q(hTroIR?lyF!Pb59|1VQwG%R#Z(xg^cOw^#DkY{Xhm+WzXcc?0Bh+QmI#Z
ze57(p)F}+A97kh-#`ly#(|zRk?TV7;AzSw0?z>ZsX6tbn`Fun~HN!mM<1w6YMD^AU
z@hG8G+xdg1XgdecsZO-?L=XAKPZg#xph8!MBuE<7Xi)X@GQ0ADcZA>_824aH4y;Ax
zj?@Bp;F6>%D>3j$j&YwF{1gUH-?2+Ae4^++nPFZT&DSei)DMEJjW=)`!Vb(YsW6qH
zrWSul6&RxQk7FJFZhiv9OS;BYx5;tpoqbHc4W@unu}aHH^Vl#?0;bF}VJ1eqwRgDQ
zr}C>{Klz%vij;yU$#LzjmwZ6)qRZ=lQLE7R*@n+hx6SAa<VnFk<yI=}Re?aXkDk6w
zr7PNvwTtHQOoyuzD=F}ir@jZ>`9O;;2?s-elO-pEV{+zKP04Z8Oe~PU&O9OU`(Zf#
z8cD;p+C>ZbY{;|@GeIZmUH!5dQpOcP#`(d2V!R#VT^N69q{H8dTGsvS+ZNGv68igU
z+F)g~i8x}-O;(%BZ&j5*%u*qA32@ZpGZS^Uybs<(6K~_rBLuB_lrRQuz_xU-4QJt{
z#+o&Xt|1_dJ7SiNvqC=}Z`sHtq72g@z0|TIUneJM509-tV%-}0F||Srtx+@+#lYG%
z1%Wu!yJ_1t0(({%l?A$`k3xl`wusWP2aceHqOslB7OFSQhK|F^fe(GKB`#y1(PeiQ
z+iNT#&T>{Z7zc%5vRMTwr@kD<Ha7LL#wMU$Ni7;R$?^2|3AAq-tX?8~6(`?zi9P3N
zK{GBZC|+9d7y8C=aD#7a<WnB($}zgr=x_Q1T?iRqbk7ljjGj*xv-)vqNF=cZLVgfw
z1~F@ph7X~})w>1_+BS*_{L(L@296K3U~zggrh9l&9lh#SUt?AhF~2-*FFrVEaFz8s
zdR5G{Xu2lFfSpHiok@maoH6ARwJrxAp<>RPaSty^1_E!fa|*VXw>qa_QL2wFM;0y-
zZ2ew(8j!UWANH7kPcMnTg^LFspVO|-;+3BQciZ94he6L^&<d|?jo$lwD|~Q|>xq~6
zVdH{_6>4#J;p)0S9jaNP73k5f%W1(^z}?bl!FOPgvN_o+Cq<upK6u8$aSa1ritdW(
z@(uL8y(_%lfT1*CT1CEyXarEej0N~Gc)}{u9l`WVr9}LKJFrikol;3kaH_MX>MCb<
z%}i%c^-O1XaJtln`>(URYS`IR^Nq8+nsN375gd+4g$&GfW1$Iu<J52I?BNqLyPRem
z5$vy9<pg}d@5XL#m0IQ90j6Rp?r`tIu8W88yAcoj`hbPZ-G<9IAJKvm$Y2;2GBZAm
z1Ij)A3nUmVBz-HDqgg8|u(;}9p!zfUVrx`|H^`9BE{xOki&C6hwE{l-6=jIWXluM4
z8c!;kelb>CBT^LA))<@T(M$4lKRGs!ZpF9dS#e38?c?%<WA*ICD%<vAA#HoZ^u7`A
zNB#fe=>xE{37zN(n2*OwMn2hR(|Jce(Zn`u)02(r-6zJQ_d?Woo7n^RYc{hemD;pY
za+9d#Q8KDD1`J+u3Xkm|e7{vrl<HKoBhxA%+i-)E>blhc`@jp7#2aT@JMf$edL!&r
z%e?7ZwI%QD(~b(F+L94qa)9a4mC94dHIGFlai}<n{7_7B(iAEV2aGF<RFhq_`Pe`k
zP0krLlU-FBhP15(ZFl7awBF5ZX<8RfXuVW{QpiPn9UZmxG=-M_MmRfd^F*PgFRB@^
z|Kg|tZ}J#31RtKW>@7nu&eMFh*NeI-6)n?{2tkTPnPOL2Oh(MbRPvP3qsa*!W(+dW
zy*j!2D#;CNqHS5Won!KVG#wVY6xbayT9-Oq$w58rS;;#vJu(XQFF@f)7VXrmx*86m
zNtr)Q^oMyyvH-;(y3(YqD(c_P;ZH}kwq*7fEy!A#(7igECZ#DKA}7e!{{*eN7ppRq
z5h#D-t)V5iF}diwee+~88=-0U!^WJ_p*wU4?PfgWH4i<w;o>`VD8dz57}!#gcO7#0
zhuHdD<c}17NL8ss#xqSt7ycASM3$W%sj3N7OiQWLc~EqR*?QDLDIalJbtdjQhd+g_
zr;6w96!!5yP@m8#3U42qaR6o0&V$u1O#+0icZ8P2YptJ3?gt7+8UjK!&|$&W3+;?N
z-9y56U-|;lAVSPT!hD4f`^MA}{e)LRd%RxW<n_uHwIP_$i|<CIw6OpC$jkve^5KWb
zlmRN;Eu}|m4nG53Bl-u`kCQCA82DJDUkVwOL&y_`QFe2R?p0UfCw8T=^(QD`3<`yz
zFY&VxLfJ<<9!L#w?@L)Jv_GM<J<)E#s4x^WJg^5b%yNZr-{x$1$!M<>p=0!j^E~&r
zjyT#Y9kf?IU4B`wgrQdyNVpqb)>}dv_iFG{;S&0BhsM{4T<>h?oRBLF{ewaTc(+sJ
zR*G&c@`KRok-yIvz8bQVGhd);@$_g{jw;_OQ&Q;h2@EAJ9{Y0Y3RKQ^4Z;|-I$U;S
zCX6(wJ+!V59R;G=6nVJ}wWgx_KMd9XL4i3x2W}NUowj9MU1T2J1=B8328yn)2o|al
zE$|Or&n(k58782!xqW)}1yj0wT7qw=G+7|bDzxj_ou>3nr$Yr;W=!pDjBPVoHLv{f
zIIH8|{3L31Y(W(4s8REkdvNqnqvj6opv1s1adwFALHOV?)8+|3j+!>NqG|Jlnw_d?
z^X8|$B^9-qpXfbB1kb#sPNB8nTaYu**4oWP@iTxC`8lj{8ND!QF9pyD<-aa{v~7il
zG@XSM9W#ywbZ^ua>2+QR+KeE@!9inqV(}1?sx|H^Q-iXp5Q?emz*Y#wL(qh}PpEyp
zi+R|*Oz4W_^NB!)mX4eSG89%lhFalodyTdZ!}5*iF`s-hO7yhM(VP?h*PL-tkayTj
zkgXaL3zAF7%g6^QVnNEbirPP2RG{7O0DYk~I-+|W31;5>It4>1NC9rqal0v)DD~z$
zQktsH(U)B&F1KZvngTjhsdQPrcsetmtipohgceijwvn@$C%hHNF+r^*qR&p8TCL2s
ziow$g*18O8_0nq5x_PLCpw~yS07<BfuvnHRF4Bxhar~9|U^`LIWP-_ssAn+JJMxjx
zt3#LqQPrMEiN@JS<5D2bp3uVEQL_T`$IfwVa6KyLOT9E^WqLA(^~gQP>AB4behANb
zfM`ge=Qj4(xlQtBW@8)**DLkQGml8^ck^-DVa>f|Yk;ay=Zm+5HrEzyl6AC6Hc>q!
zf@TFLW5uIUc8J1Lrx}O>f!S$mmq6~*(!R_icR##b_R<C?YYHRQOB&n>4YvQ3k~(T@
zZP3~zXsxx9$$+<?0lfiND_m`NKOAlN8jTt%DjMC*cf5&&x(`q3OQf^>LX?AM4j1_7
zhK{Id(Y-ti6Uqz5?BxN&s+}~@Obel#G+GJbCf%XaHfch)db_$w$I+$VKDtS#;Sz46
zo3wRwleR}UX(X_!bLx~qMXA}mVC)86A9wi%ZC`fTO5WRWf_orjy3GUgg0xWWMQe$s
z`Hfq&ojUxOh}(#luEI8TQ}dE#pQ?MA%mdBtPf;5Wn^+3G%;=lI;!5J;)lH1TM;AI_
zt)7WnmkqWqE4~bw7mqsuZeC}&lOitnW7d6Gou?$D)aHy7Mr)v%cTsDg(7IExMgGvL
z%NBXF9~b#_y2xL)!cV87=afrUc+E(Ptw%^ArP4%p-w9<@GUP>iwUX!P)ke0{YchF~
zUhU*Dyxu|@=wliQ(rY^5>2(hI9=*;b>*#ep@zd)9QcSNY#7(c+#6_<;B==5iU7k{z
zM{cG;OUU)~x|Cc+uXmB@^y(p#=yfHTK(DKafnHaWb9dnNKJpE{t|ed6YX$j~Ue}Y4
z=yd}*La!V-K(AZKK6<Spuiv3Iftrnw7csOMRS3ucc0h^04tk3^1>~3X7LWdkL~oJk
zBDM4uPtyrcZ?{rx8hVTB17r=oMa=`UlHMXeK$g+lUDW=M);+f@X0(<iS)68SatK>|
z+8xvhh{<U_q=h8WkV?jx)$LX7#Ue1wOGoopBc_A-eJ%ON%V+^Mr@2=Pc~=cdcA8IW
zA#bQ5cBi>d3wd4*NpYI{wUA$_A!)$YY9S3Yq%z%^bxLc<Cbc1C|5Io=BIU1#_do@6
zn>2;mtQBqG&E)zn^a@~V`~O5=02=_|LaUyV8Szmv<149Er7}kSBcmf$JQE$+M<MER
zB*Q{Ie*<K?X5n}A{Ok$+Txu(^EzCFY(;#r-!tWS)o6u?!_L(O1^G75lv!(5c87)11
zLW{m_WFOUnvo{%_El|uC&;ZDEa%3O!E8KJC5=3D6??Grgmj72M|1F`_AU6V6-iTZ|
zX;8f`l(TbMJ6!!#HS=l>xSqOF;3njz;ssF;H1`O?y8cnH`hN0dLsYJ3&usC+5)A|p
zE=k*0Nu61!vE}*o_IomVxLHNN&TL_y#aKTPixEPFs_{WkG2{u~JK{o9VH1}`%IJw6
zhv$Om7y)=c@-zhP46F7+D#kr^<VD_pfwHEkmL%pgT%xed%5>!0F;1Qc52jFlGDJWS
zc8ZkG2;VX3M1326)PNEGuRsWaipW(cj(!Yr3DE?gEox=pld_gTAcrP$XiE9v4x1V=
z8d5fXshhrv>a$xV_fS)Da{WquDnFA#V@w*S;eNHtrulq;p3S>d)!n3?JOp&)w~DGW
zuZ~5pucVl&8?OCF9<@(;bE1wqy2A6+%k(2}rmCAuBbl8f+e`H$ZIWls3dxhcf+SPD
zO6D^4NEFG!24Cz6T&!6Ck4tquJt1JdRZrmPp&NBQQOi@|77A7Aa~00w<kII>&I>K5
zl&r6cccoiV&9mxNla9Ya)$?5PDnpj(w3{_J+V)_xHJ9R=qGx8yT8Tc_J#4}@0LNcs
zl~!0CMGSAIuh!-*dc(dF#lG4NN>|WB<6@KeptZQjv#QizdM|pg>K^Nz{LrDI5KO*|
zPT>>Q*gB&tp|y12`tK@AEHo|}n*3eV9e@=J&3puI<}QYtj+@VoF6!uDgu1aQ6)osH
zp}<tu23^Rg;96|6CA9RN0u)Xdg_bn7c|z#ncWxIHd~8jF?`?9nav!b9XpN2=uZA@C
zNio$3^)vhp<j4=lpLnG_av7SKdLk;K`T;${<};|V(AZq6jrHZZ<YLY2BoR-iNglPR
zkQexX9%q|%XiwuI2VgWPK-dqm&2ehTUMjP(6#`XYat?AwG6tpgvay(BYgAD$x;)8j
zfhF;qKf!`Da$NXY-{i7hfTs?9b{zUllMPZwWDN>*&{hFm?V?!%(j#SU4a43Neug7!
zJ*u-85x<!N;4D>>!1l2S)tP`wy2VR$sQ(Ad?`#kGC#(X_j?&62Bui~hb}phTd&mTH
z%-5aJZbFAR{0H=`vQ4stmSpSYA@ww3l(-C7Pz$xfWTVD^Xb!AQNmqTJnNhD}0##DI
zY9-c7Nu5vbj*&VGMvFnzA-7$00iTxaMeskJkHP^`9@AwN-G{^=LXETaYp6~y0$haL
zq=>qAl2Vb_<jRB~(etZNT1H_y;Vtf@K`x0u2{TSRYeJ%|mkj?A)o)4*oFmou)?K93
zr#H0Z7LEG6kyucBe?PFP*&6jZuLQpQNyv&sC8Hdr9!+504fIfXU-cr|o#RADh*%r!
zcLe*n-jL}Q6dUxDnY%QtcD{dHanRTr$$!ZCF_(%JrQiv0KZP5mQW%K7PxSZ6_d0^_
zOQ{&bCnK*NOGVqm<@f@6vf%f$DX0R*Wk3?oXd-6^>Y4SCr}L>|O`n_~1WziQS#o!a
zdTd_SF)EYj3$1I35vMmUA0<wy5{V6=T0fwID{7T>&k99RC!u@u`04bk>VGi_x6wmC
zR3kY^A&wlp4G7JoOR}%JJiF8`-=|H*R9FS*Y@9%+nH7^Qi6XN&$Ii_8x=Ux~Or1J2
z6}OFJwCVXSPEYwYsz@AzVf1M-<;o%|Q>Iu$&cA<)P+9LKziRn*p|V~TDj$jpmH+T9
zLgnB7J3{5*uKz`-+{6D{LS<i6p#1#*(6bekUq1Bj36x{qf(tPH^7nc0jcsUD#!nt^
zf;aGnis1{R;#PkAXRWLH7o(z)X0dYb`sko=zE?S&oa4r4UZQ4}Z<Aa@j#Uh@L?}X}
zS`is^`LfBkz$;@I{4o`Jn}&Ni2urkyLJ&CHc-tj|iWOQeek&T}s4bpeiP_>66?v(5
zn_OIT(Q+ux+0Ly~Cni0WQt%|}sIwi2G;Sq=AN=N7n3U}lftXtiaeUYlP?TFS6^xEs
zLavC<LlP~jsbX-VgO6}l#11~4tDYbU9VV=V-=PgpTw8}RK{qCl2S@j7+)sR7_$moq
zoEs&1LF=CUSMO;~LpuDL3H?oR+_ga6UJWESY%dGH*l1b!*=B>`^MxI7*9Ld(3;Xy4
z#1QYv>{{5z#iMr*Wusx_xYT-Y*&1yK%pJRSC!-;{;>hg;VpIA^I!*nF^z+#P{a%zY
zz~u12qBez57cy&y852^%dHlgaXY}A8Xsgag<+?WNcYw)r9_IfE+atVmMynpSiekI-
zSoK^WrKJPklET<67Te`XKtd|P_hBR=aW9-xs)nRQtU)+yVC&D~JU-0UpQg^X^PHXh
zhmK&180>`(OOlqEM0X0b0@j9OY{OI7q+%NnQ*PA&4~03q*~h;}eKy#tO#!1kpzb*-
zQQ#%63E$v4*nA8d`w&|x<ob#`*5uLGAK|*25*9KWO$!fHzMPi_ZRd&nmLq7d&c@UT
zN0c`($)F-KVXm*$TtssBH^oCnX5j($QJ4~nn)ws?Jyq0#n}*FBh{slZDD^r&7X7eU
zDu_#R;vL-6s`J#dgfn=SupqQ#2IK75JekZysN4O}<S|l~S8i2JO2+PGeJbb<YUr}{
zyHtz!J}Qkki91+|dJyt66b-_ER9Mj;YYh+|KdQccO#QcL^-m?w{1fVrG$`CX<3#p1
zUe*LvWDf~%!Xp-1e6(Kf3JiLmHb|AUGgQXYTSC@#(}RmXvbq~tuijFslbDHAV~`nh
zY!OU}9b2SO5Q7mU4}fSWW$RxDQozZla2|ZKkP8nhPWn(RbSoz61qvL2ou0gas_2-&
z4hi~cf~g~_3k7?Ff~wrJ7osZngLr}q6C~KLzJ}U~(Ux0rj+~GNxg;<7r$bRn$kz^v
zA=DmP*BRTAw-;O{FZ$pPDld|XVL?ozQX^GlMCC=x=!t;+5}s-NTK?o6sF;Xr`O(YP
z@{ZVA{@_F7m*c-w{)@Hz$xGJq4`D68;gZZ-)XegosQS9p2AjwfT&7oO%ehGXeAwjM
zlnt;E4r1_%=!y<|_ysBi!^M0CdH?%Sg}i@bUDv2*`Kl5RUD%T~@02ZkqGV|@#pUF3
zDfKO!JxT)iO6?hD%u&`FHjMPPjeVrM0WhVCbeK1EwK?Lrc%jvlCpdKch}V}FFnP#x
z+f^*tQe4Mj5s4?sSx9BYNgv~E`znB{-%yv(W|EAhP@jCIMboBJ4`zV?pf*+|c+{3k
z$oIzg;>~<ai+Vj`5}ko+IBy`=N8ZM@io)Ixakm47vnaDGdzF3%ww-;l)oHH4-OC;3
ztx}jETG~#Gf&RP?KU}&am2wm*B;hQTE!;uA|Gj80qe&7nFAjg0ZTO{Xfl#G_?9)QH
zzl(M?KR+3wzN1Ca0^3Bp`T?+|r?}lxa3}-)07l4nFKSx6RVy4bx#gh+Z!5QuuWv!>
zGF-~ffKCz7;zYC$JVF5*O!#=JFtlK=V<taH?PhM<6bP6~Gz0Fpp4K$&xMF!ZZ7QOo
zInM_TBOiwf4bBesu}sKA4SZQ)4qQ9|la{yc>6n%ti(;GNNXWWZoG6x>BsU{Yqi>1b
zv_;}00lkm>?ipB<OY=PBFHc2Pk-61A9|>vUC8Vn565I6PM)j1;9hN#W+KsNEMtk1K
z@flqsJy&-Yp$}k{k75Ow&E%U0qvTx)If>&3-iM<e2;R$5&k+X#7gc`)Z)H&<=~6T-
z8YotgN5*i?FBH&d98vrn^3;RlM^pdCZ$shcd=fu|3aATF<W06LrTlL`+uSp}<mOZp
zH$AV(w(uyoh^p!yY5jyrIN)$w`Glo%D!Zr0QEcTB^UB#~2I9+Mns>kz<CCzOE21=e
z()da*Q764sQzuns&xL;Z&%git`_I4s{QJ+p|NQ&UzyJLEf9K!-0jA^1Zw)5^fI~~{
zT@QF1#dROaHW<YQ0d7JQw_S`K3){DMw&g!4ilei1LNbzdNM{SEi@my?yIXs2cfEgf
zC*ly<G1Q?nCB-cyAt?<`3oWH?Y8pdHN>fN2N{N%WgeGaBgruaU)J@!kw1oEeX7>I{
zI-HMuZTUX!`lq+^-kaGsZ{Ez#%&z38B2BDybrX9n*2G={z5$#7jsy1s9|HCP4xj^D
zfOcRh&;qPq*~EH*6tD|$ft!KDz}>)c;3V)Oa0Xbgs)@Z5SP%38*8{tOeZVcioxl;`
zVc-eiTfob}Yd|Y(Re&|XW*`Naz$9=OI0`%uoTk6;rZ%zjfyKZIpbOXvTnFR;7q|uZ
zC~y=w0Xzeo0bT`Kqo^a$3G@NO!1aIy+z1>7jsTwno(4`wn?y{!jWPQD{mJtH+E`f#
zKr*=iz(R8JV&Ed+4!{HGqb$mI5qvY3e6#{}08Rp*2aW-EuV|VQZ{Lk{u`f(^vDNo=
zu?vrOvA!3&%Ch6QzC-P*(H{zY#m*>sp10izq_^6>!Yw<<=0cw0+lpqIc3ShfvP@Uf
zwq^0OZ`hXNnYQm;+QPI#&i5U?Lop4{=ayk*6-XW1^*x0o9mu9xy14d`p#KcPuykHj
zbAH}rEHOOXp>*4Usawl^Weg&^Ddnddw)H2++b^d)%a?h}6~j|3*r+MG;ld7BNFr7!
z6xaxN4Lk5khI7}oT~$?ud|0!xyo0em+w(hU8+&LZMf|=*yoczO36W%dsZ=t$T3xNI
ziN%zmt6EUzICndgxaAv>Q9h<@U*@%R+ZO8SM^Y0G?@+231Ki5`Ij~H<WkB=%$e^to
z8H4LWi^?ziYMG~a95oI3#4S;;){gZ*y&bZ)WJUytk~wE-;#xJPZovHqwW5&^@=D-w
z7wwuie8uHjI>&WZ>!-D`)ykkf&UGcp-MnVu9_B>L0L2SpgbIzev~*tDGt`~BHknZR
zQiB6Za@*#C{%&PSBpU5cq<W*#o>Y&NtWjgpXkzP<O)Z_2-qcC$gG8!7HIUde?Y%mq
zQrOZN70R8PhkCB1{Hr%jqYG|JD#sPwP6v7Ll$?fu5qh0*rEfUV`|c$$dC8_6cX?+t
zzDey&QeneXz9<=GkYz13euydUv37+zPp=(VdR@!-yy!<M)>}%|3T>2@*JLeKhwSf1
zoEy|9e6mK#PbeAJK+vd4TTPzJWxYB#4{surV}y+BQ6fr8+ryPHExkwa>^xUIBk!0-
z+VCgTDU~YMXI*TaB7;szP)GXdszkZ_q3>FnSyN0+^`=vxi22!7hefpleXYQv^jm7)
zGEekDhxA2!MsF~jnshNT2G$y;j@__^bX8w-)$9#*I$6pF83Z(z<+Uu2j-y=)nxhuR
z@+6a_CSO@2Z+dChaQrmsQGzky&nXI_eCBe}!p88TzKoKrzRtyn<wYFVE>1+Wz_&4?
zXN)ZAI+`di&pnT7<Yv+v*T4&E-pF&3kGrC<ysdLHDidnKol?GI7r5)#hDG)}REt`9
z-YeKH#t{{rP}pdt>+R!yTF(esNNeSRhh|}_Bz3ZaW_S_L4&1b`x!}3!y8OE5_y}UO
zpXW?18%-NY+j+-@7vyNCiq-~o?M!BhzAw0{4|~u6hLy3WmRS)9o$2JEY?{1OMG=Qn
zWu6~oG6p$V^#lRU3B@`+!Gx@yKi-~pWgCQ-Q{|3fm*n!YPDgUpP*~TO1Xq=$M&|nP
z8U3h_9W=M<Ol@;p*O*E_ruTm&?@^q3b+Wuc1*wuupO2HAPcPFf$naxIUQ?r{QYERA
z8P+(4Nt^s_jMv7!mX2U{ljFtqnDBXS?=<b56O~tU)5U#OM1d+volGC6xKbsV(*AaO
zPeB{!k&LN%InkblDdlGZKS0zwp$c>yIfi6%gmielE~FbOV_z|naXHUnk{8O_r`mv_
zCTF_^&E@0-p{HqM4fQ;p4fVW+dU?$W_44xmS!st}bR|ts(|1bqN0J*-4>K>7JKogs
z%=63Rv1Zhjvs)Y2N>a#o*Tx`8<v0efQjAhx(F5^pP<fFHS?G_Ncu)J>NB_p8OV$ac
zj2k+)aYt9vBe)~y7Mf~;#%07}e!MLAvPJ|`8bgeK;YCT7_rw*-lW{_FqEfy$Fw%Q`
z8tv7+K4gxxFYjb4I$&l6Pc#nb+E7P4FSS57s&ukcd3BE*yU-7HqoN}c#H-{(h>9^=
zkdRl5I93F1Fhw%rm_ZiqQe8*-#mxiKN7Ly`9gW&8lNNq7<QN|6hDpJfF>h7bGp2b)
z8nPgabH|d;NkKxM!9{<Sq}(5h1uSFif@o>ASkP-^j!~qLRg1C?W&W7qOa535pH@QJ
zn8_oWH6i4VHNCu4uH#HE&$`+~sjoQM>2*prIMN2ymkyG8GC@2U>lrz|?hfN*w~Ps?
zD-+;V`6?^*vtfSS7k&}*mSQ+x38~<vJx}%>Nd*s9Vq9=E7h|s;8Q08!d%{j{yiyi4
z=tA@{zgXtGMmksGyH$L2BkF;wUzB|q^V+gZE>T&yR26ebnnmuwb+_#%iiV$b?KCF~
z^IqCUuT*u@WNLH=d(R5S+`yv#Bp0I!V+%1SO$`i<j7Sb8*+~D^E31;MXJ|0qzqOi!
z_3QfB+V+JlaZ9NhCFJ5o(>a#cist(~@A$NIHf>F(HG|Tvl<sdDW3Glpv0=eR8u(1i
zmXjveJWfk`UrUQsMs?}Su|f?Tu?+Vy3Mm;>01Iob&{PIXD$-G_?OVIBC8ESDW?=28
z436{<;07=;<Jx)L0_%4SggifHPAGcd(q@5$qQ<$@GAzS4G}E|26py7E^wE>ZB#xZQ
zSdc|pnZW$6+E!J;TFIc5oadvidpJs`>fmt}m|}+`t(hj>44xvJ#1zjkvFvM$rcL*9
zB@<Y3S3}sTRgAJQ2nY0_Q1DL(drWf>0VC>8^<G2uwkjJZ9_G<pxQn(;%o>MP`)hTb
zzshyzvhjvf(%(KFtcq==xq9~gDA^XHdr(PaU*!gRC||RY<bg$9zs`gl*Bogr>1}9G
z$AV$kwOb|M`Wf?izTP0;I?Cr@I--mlt{-5LSZ*L{Nufx3?K76Y)3z|x_M<dMGvHsU
zV!8a)SJc+qcDN<l+D2OE<3_qlH}nxNI_Niu81hVY?<AcKbvk*3o#E&39MUNY_SEao
z?3XZ;uK60&7s@8D@ANL;i*b)`M3FKac5+k%E9$&q(O#WF?M>kxSb;|lENDN&E{{6I
zu9&e7+(N6_7HzOVn{+qMsH?eIu@mE!%N6}8gF(!v4l5RtA}bARGIALkG}5l^*%@Ei
zZiw1-uUuL7!+;#@NUsIjs;aV1tatJF%cEaIA+YvXcEQ?&`-NG=-ovFWElH`?fuWiu
zEE<xMbbn40n5z=QTN49o*Qh-M17e)!wenum>&5s_bcFlc>Cr^jS5{reX(yHP_Ln<a
zw~H&p^oZP5ja&MNV_4mGK+9*ghr1RxaZh@v;AmqO3z&)XaxspyS%GQd@*Mit#8@kv
za}GPFxpi(Lk(fuvx)@6eMP+01nseu~4YAm0@?6Fgh5jBLo4+f!3kPFGr-)-dG}yUp
z{(O-6I4Q|?T^nb|0TpAWoUdx~IhoGurG4b4<~eicopbK|^IG1rVBz@}v|f18#fyIK
zt#7;J=imO0#lP^2zocBc<g%s9-nqQ(@)avrMbv0)^_sQq>(+1Bctyv%I^VtNJzeq5
z-93rkEBpGlTs1JbbtrlD@JMRg_R(vuz3!KH{L1w^cWGm3ooBK+WA`32Z`saX7i-_~
zLUH1T_wIY&jqhi0a`+q`6%(%!Uj!@hw|U$h8ru!`_E(~qzTJR~c0l848tId^6F7n=
z)3O*gDEC4(+r>EBHj)@Fwf;GilQ&Q9pM=Bb+&p>nfyqVl=E37P-E`AD#$vI_<m4fE
zuWk9p<me>)38yEM^j)#iHhE~0HumB6TrM|%{<%fRDL77zzf;#?P7qjwwv`I_DA!ZD
zpw~4<gwwZZRxckL)ZDn^4r&uy0&7cP#)Iq#cZSmbR(l*lIs5jiawt>Iw(_Z*#o31*
z)#yAp%~`9lzv^r{%d<NFfvU6lEYDJ2Wi|k&Y17>Qb_6t4&a*vgBA}^qHlO8LiGVkH
zzFz(5T!gbaRV_Q~Du?y1O`mOjEA_7Di2oXgP3}MNfrB^Q{HupPc+0Qd`s*M1joUu_
zo3|hSt>3=m&X0WbV|RW06Tfr!?|$;0BcJ-c-@o_1KlsD@|LB1~KKdu0{?lU*{@G`a
zKlJdQKl0hn{l%ky`T4(k?C~#r@x+&&`0FSC=BY2A{K{9qcIt1R{`xb2_l<9U>+k>J
z+2{W8`ES4Qo$vnBi{Ja_e|hO&U;ek#|Ni|SocWI*{^*q-|L1?b`jglG`wc%JXMO;l
z)dTYXy8dr^|G(Y@WoG&R3;*}^b>#CMavw#<u}T@lq0q$y4mLO#)%ECvm@_8_8H*2!
z`7PGzVrt7UvnXF<qG8h|<{W;Bi780nVS<9$h$sUS6R{_RX^LTr_sMRWHkC1Xaf5Jf
zj=7Auq$vx^r*f%GDvQdYGLUbA%Aov|m+~;ogaTLBL>ZVEi7U*JTrcEd%4G2{ff<yz
z!emM?Ft3snvnk}Ie56l$q(gGnJ+yUbTWYC%zxxKBJoLLs$;;x5en0!P!PvkfjG5n=
zUY9<aCVDcYrS!AQyK3a8>g3V3#`2vj8_Ta<)mZ*?q_KQB*45DdEvp;LKe@J6{%D>2
znsv4EC+p-FY^Z$C^3C;KGuo+bXk3qvZES4kaBpMzeOnvbxo2DB{4edOl|NP`zeVd}
zpU_^X9rRlHi8}cunTnr=c*Re*R_SfYb+N6v#`pPw*;syZU#<L^I{Eu<tlay9H_qH%
zEBDV_PVPV#+jn4Q`2&!B`oPTX@#?`YcJWP(+vEEmZY;n0_Qrn5e5!FgymD{j{QdVg
z&j0ZTUMC(OZ7jd+@y7RG`NhWa6JM&8AFGqU_sfmr;KyHUTz<!?ndJ|DyNi7V*jM%a
zo3gTr9l}(vr;4`%yd-#M+NyY~>AGp!F?jZy$2ZS6j~B3=o@eg##Fs-mEneu_$mU5N
zy^8K?XLG}pVd;=H$yC}emgLP9j?B(3l$?TV_`GZN8n#fTX*(9;i<#%UY0cwldU>lA
zebW=0a-$<_c9!<%_BMrkN@6>av3AyN+8*!IEZyX+wYiULj@$ygyD8kUitD;7-X6W5
zID@txn4x~0v4>do3#PY<{9=od-N_QP>sYsWh;gZTfNSG?3jgKi5$<=(4eoB=HRUZ_
z_7v-dgM^jraa@}`W#oCv9+~hkw@Zl+e;%vi(}#U#Dal62<{sA==k!%roPAZ4)@xwx
zK|1tDUz-PMCw%jSkIbWn&b#STln0xK;Z#y#>>YDp8C{k)QZrPlxCecuGs3#j0zQ`o
z9+@*r%_FiNo>M9?WtZ>5mQe0eO_PkRtxChaxMQp2<n!>sfMKE3?-6G^cRlzjQH-;D
znkxH=<a5S0kd-689yTRgN@<x0w`w1vJXIQ>k!j8K1BW&q<7_`>x+eFhG|u&NQl(w{
z^1H;%!p6XLxm9j|YtA++CrZ~7#WW`0$P7mapKT#~W)xr1-0$`9u^^k}ZW7^!LfHrA
zY?p6VL_qB?rNSNRw~JUC<}$fRq<T1dfIY!35-Hg#c%oP0mRe=2mZx^-b5d11-)TyP
zC1>cmyg#l}N?5R}S$q#jFH5-IZ>3#MZv_}@qncIqsopBjq{O?DejQrXxv`)q<sNPx
zur)n=AppBBYo2lEoo$~pVsflMUS_>!;N_?`n}bXSVZoRoVlptzq~_<sI(AiA(o^~x
z8T`3|pQJ`-KM_016o<DHcPKGP*R52igryH<WFPp5jOs8-<7{13%nk*<6Zn+to*J!D
z_CrRFOH|&qjQI3E)r+%jlz*y#{b+_9qil5g9HY2v^VI=&Cz9M1o99+q20WtbS;~_#
z(tE-l&^<L~(KJtpeo!7x;$C_5_<HlOZ*H^bO9{4E#MB5{g)v`@qT<!5>^SUsd8a(T
z&bD~fE<V<%%>&(o$SBN(W}-R`>mQcAkWzApVxO($K&OLYFmN=NmrHq9EeARm%N8s9
zXS?Pa^ztxXc`FpYp_x5qkJ)4Pm_25X*<<#YJ!X&DWA>OmW{)?|QT<&!9jzC}*<9e&
zR!Pr*z6d-AoCHn)$AP23Vc=F^5-0*Dpoeq^kOcaGPM|%ct3tXoq>F)8V17s$-R}b2
z4|oiC1ULfR1snwS0VbdWDPRED2*iM;z+#{kSO75KmGdP%4f-7LOh`|L^hw|taDPbe
z4e8y$L0})?06Aa>kP7KQNPB>dKrEzfAyt4yz=Dv@4JiXoFGL*|O8Ojd5;y@I1CECD
ze&8^08{h+GNcE8J2<bH;O#+?3Mqn{;3BZ6?7D##~q%VP<0-g-%V<CMcq{o26z^#A@
z=s*w93A6!9NG}O#Ye*M_bT07XTTn0HQQ$am1h@-01WW=ZpaXqC53mYY3bX?AfzvIp
z6F3Dt2^<HG0e1n1frG$4zyx$41q=Wiff%qDXa!z54`l(*0H=UQf#V@P3fu|Y2J8cT
zU>9%=&;_)IGzKgN7KOClzLH%FAbV+koV@^?1Wo|=14n?{fJ1--m?71HB+v)MfHvTN
z*t-(2rmk(h5|yUIYi;j+y=|Z0cL8x|tCl)7K!6~ipn_3RK@nn644@e26sMr5skJqA
zz=#L|MNidgRK%#Lu})E`MCw2lF|AU;YD=|Vape8`<WM3lx7s^>&&T@sS^MmHuf1~4
z`OmOVE8x$9egU}u4CW260ahR%*a+wW9iRqOKnNfQIshI(OF$xM0<O6@`d0?66P^>0
zD+7MfBIny=Eq}d_5I1@!tv+4cv@30rCy?;(<h!@LzAxzi`Z#{?IY)5=X(q@o<(>4a
zPQRsQf^H75?_0G1*e4g*$0OKhIG+L7H|HgSepb-W32DzerM)VYW%?zd-j+h#%fKrF
zSiGAM-%Z#K5Viw_ZG})~fDk`W&_jg!qlC7{2=VMi0#|^&jMxg8AoSHm$gdUpoGR$q
zLi!vbJx!?RQ-Hk*ktJ;B2>n?jw6{)(-y!txgpht#NPq1ahb`)C##ZmtKKGb&+(18R
zd}HZPn!mC1|D?2ZItFN74d89t7n;qXD>O5)?!N>0e9_QsZaP3Sf0ID}3A*gh0lbf|
zfqor&I`kXRLD2uh<_wzo&gDM^5L-(BAoO3MmC($$+CwwH^?W6O+@bY2Z)GoiPKRdC
z29AMd3wT7c^IGUgX!ejv2-AY>vdHOiz&^S2yf9|=-JRw_INd4yF~Sld{E1U|kyBXj
z6#mpHyx1wc#3|fN_+4v+-wF2@oWK0#U%fJE%SOeK?%Jq49Y?9gAGUU+H~uj2({rT$
z|Ly}%hbvh6;5=X4T(Sl`66Nd<X1fXTYcD!<PM$-jX4~)cykMr5*BtWiUwv+MW0RTs
z(4pmm-u{^R0|Z@w{KdJKbKjtf+{)Zxjn_XjhY$6~4!Hlhm~*ZadoJ-@=U?als<hmG
zhv?mzj*>;K0{CYM1OLUx&PqkVKXv=Jo?c`h_4_6K2KeJ&!3|w;%td^)!tsp@rrBKA
zokP|N&r?!^uvYD;pM6u6Z7Uqh<o#h$1pQ;>B?G`?2RM$$>=@5J`#MxO-YsW-1)KtI
zvhzE1+!F`~#){~dGTy@Z=Tyh>nDT+IfE#QthJ5UC#V}xulVO=1kHJT3+`+YhYTz1B
z30wy3Kq+7YtUw`P0yrQOFaS#dJ+Kha0cn61m=0)wNq`y{1B?VB0R<2u<d*|dz!UHQ
zS^+JA<^Tcr-Ow+f46p&uHm~;$Hus&_IT5ra=Jzp65avs)j!q5yjQv&^Tw5%8y@{nZ
zNs}~5lQc<_G)a>*Ns~OyBIY?GxV!d6Xr=I;R=w~`4>3;0-t%JDFxk6Y#6h!bpB89#
zpQ03+UEi;6P@a|5i%2UGHLO>}a~juQk#k49XCv|QM&cEX#48(#S2q&RUScz)iimr$
zJ|z+Z;3Q62SBOZ}qJC4Ah4eN~SI-V&+v%RF`4sXuuitk4T13uQh@PcT3IbvYJdq-(
zFMo%nUfKhmj=4cE9UXb(K8Dj+7~R+Ms}O04Df}n9-OjGqk<n-*wjPw$f^8+jTBGAe
zjjNK377NLZc2WW?(r%ZN-KgYSb!CuikzY%4lyTKskk3L|z-X@}iyazmSuCuaEApZ(
zt(+`I)L~H~4)p-8Xh$x`HZt2SC}7tj4p0JwzQ~OvXZ-@SXvc{9mFTMxuwV=|H8rHs
zXh^5iQDtQ%S*=zoEiEOE<H&3_lfhu18jN49){x0wL$>M~GMcTZk0T>zBCD+weW@f<
zX$|t#z*aS+*PBsyC0QzKNUc$$el=-PzuurjJsjHNNUt+t8})NGGFxn9DYc_rJDF^(
zu4*#dtH}y*sMm~oENHhB(5O+DR!2I$4%$F!l@aw|d?6fZ&?mKuBdvxbgOT+QVYH(|
zJ4Tb4bQrsyvtV2nGU%;jFxiN++AwCoW+RiOluXuAGBaRY7QhBu=*)KHvy&P9vjPT7
zCD|~(QrOE5n9*NrCHibbUtuFF`fEjB?SNXXLVq-{gO)Uy>kz4qR4P5fde}ivsz?K=
z)CSnhfIdOP-bSN=LOhM6!knovKDEXO8yYbe0P{CFM=Fe08Hw=%DmHFF!^RHV>I_H=
zF`*pBj`159i~#0~Gnptd(u{Iu*vm{>K&66h0F@eAYsTC_V-5`rY>td(;*4yrU`K!h
z46vt(0X|{@bUOGeY|ELTVP7+RUvIR+-hjypKL+4i2D1(6usdLa-OYdn(3?w<Rtmp_
z@4@~y*q(!r+L&L!Pfb?%6MUnxx{{2rw*~gL0hJ8Z)$kkG9==ivf3B`!b5IL^sioSQ
zT2g70^ctziRiYw=LPbiI3S$K{fKm;gQB#N<bEML+W!+#m4SWmGX_^jYzavk!TG1aC
zsZ`4TKX&#i7Z)GtbswMWd^r@qUd4-4`rDPeoXGc=$xg_8eXt?*aVeLb@Q27!_y|X)
z`pSKLTuS`p@{9~WnG3=x{(kZdZzl0_$q8Q{pDLCEJ*eV4eceSS^Ytx}czb!tOHyRW
z>@D{4^6CLmczI>``TLj1{PX?%@=JWHSf5=|{3QM-{QbN~j`WsDR<g`J6inFv9$sQJ
z6Ynh+i{t%dK2jH%{}I3V0pn66-aRB4UScuJtJn7sM6X9XD3XzpA(tFM{&GKW?@?aj
zUh@~FmCR3BJ!)isMUTa!y9_dgg;~D%!m@glzQ32Z1Ord;_4ReBl9o$Q+Doq(aAHwh
z+^imVyzboV5>^};898-o*|cfXXQat%mSr3X`8p(IMp~#&D)sgAQY=2SM6bWKHEz)`
z@jb)ch*qtpmYwf@F*<tq@Jq2*d<}_VMN!i(U78V6UMUjguUWFB*O|{pFHc`K<JwTw
z(i=;QTTSiWeeT?kdRJ6bEDVpH$8EY8JMYq^v{@lOeMF+<tqI8?QTqptRjo_hyfdrg
zO?70espnE(p8HWng;Lr3+qv_0?TI>`uzW!B<P%?MrP8Qg6G~?eJu_%<;V!e8%gb6i
z@nkBpzkIcKMc_i^_uc2tEBV6fj$S{~%R58j?^|{D%hH)=HPeEJgjtU7DIB}rXgisj
znmYID@QT2G3w!teDCWI=hQ%4_=>r~md5KpZDL);2Cirad*$ET2jsJY(n23nI!ROD-
zom<gc8Q8Dih~9x8emCpx+GV-f%hDzCf!^L3`I;f))#~w+h8)<Yj)+*7we;Au+0n2}
zU?9sM7#OqQ_|mMr#I<Xe9XcU9>L<w`GIo7L&z?OuM{M5Qb5mYo;@;EIbE1dGEF97A
zhaWzEKPEQ3WXrBy=De)L73rgUx%m1Pt2c0odB~WEBlw2GEm1RPhJQFbrr-NPKYkMQ
z@ps|#?UReTMouwr%3f#aGCB16?Aa&PW0I1RxTIZ4g<;1EdqxhO6B83Ng601tCVbxN
zj3Zxva4_nFqA7(1pLJOtdf~$C*=46DZd8vC{xW#dXWO%O4h@Qp=@%3i^hwZy@VKI%
z#Tof2<uZTyYX7J`5$U}Se;IuGLfNEK=O>=joSn3DdqLrh)3$FH1O)}f&8rz-HMqtL
zhL>lE7sr=euB!aNB{MTKVa-NW@XY9wC&#OIZ(qM}+OhM|$RD?8v|;nCqI=$-GACcW
z%+H1YK@J=kKQL2OFnHTx+r){RcdjcuQyh6QJod_!`JoAedY*|In<2@N%U9*D>xv(+
zw6CbPHa<Q+cgNVAoE4pS7bI@zy0`d3czEo*G;M%2*;qJjO3vq2S&4t)rooOM`%gdJ
zR*2Kr!NPf2S&6&$46&8XnKLvk^g4dnML9i>MegdU-nc@wDX*&|e>^%=`!~bdU0lJA
z4TA@5-1?G6b2g+>8W4a)-TuxyrX1T*P*9LJCiIuxPoK-OUds%HT~u9`rDv{5&Y%3v
z^}c<OzgpV&o0m)xV~&j-V^|jQ$R4Z8XIQV~VLmA?T5Y+n)1C=`Df^3}CQlCi)xHwj
zeSW>`s}7J>4fE+M67}s{9~r>!5*;FXbdT8wQ2|n^^s)EEtW3ba=^*h(r0EF$_r>v4
z&*SSR`RCfRz2iCp$(?y>^S{qi8*)>|6&bH&ypig7Cpf7Vn~YPs${DXz@|?AfPx3qx
zJXZ-GS;rq4x3#-kc&^HGTdkevx7r3=l5xj6F3ET$<B*I?GG55IrCH#2j5F%=dT=E0
zxJVPvFHGQ;j7u@D$@nAVn{~Xhrp9qT&+}1%SE`g6o>yr!dY%vJz@d2Fq&89{<46kd
zBZU)3V!RdHkTY@MFAkohMB5sr2|Ng#RNzRA_ZY!>j0Oj1G=bAttQMa8n!sf^##_w}
z?qU`A3*#<EtH56{PCa;|Mc|DVCmzE%uBFt$9ZNA*&R)-PtvtY4)JpV6#q&qTQyA~{
zY^mXSIO8Z9t%IXPDzpx639yxtbvi9cUt=5-TpQ460PtnTzZqxN85}%Z83OL9gw0?#
zMSBA&LJSTrsx%-!><DP}4qmDUA2l#=NLRoQBEd(&OLaOxU(ZW9&dBr9NZ4DgaBx#C
z?5$Eccsb8c8UNP^Je6Gs&^!359xwn#7KZ;sN--a7Uch0sjK>0crnQIzpXGVIo?SzL
z<^*mFm{^!`T)7!z0?%bo)bm{(IIdcQFnF$3EAU-F!#J<b!F@IGQ~sKPfn77G=f8~i
zvg-(D3-YKe=$8fkV%HL&;V10+f{t_WV1voQg*gjL1MdZNj1L1QzyMxsWB@ld104Ly
z3~&NZwgE<i4P^lMnjT=>*~GZB1svMyxOP#;p`QjG=+^8l4-XGFH-y|ggpgCJn@5}0
zkhfT%ed`u2TC{H8%uNuMKC;bQ=hJ0vquPAYPV6p|$x>wQ?Y?N=KCDIS^Ud6v#kOgk
z9u+2TEAE8EDN|A)QzpB+i`%ws+X;2HY1h`>Ju)FCp^v+-X5OmL-+VJ-(4ch9v`+2Y
zv>Ex9hg+LYDLworcS`ok_M7>R{mzIHiAhOglD94#6od201UJ#ZPP)!}1JVk|?D}BN
zmD?jmC3YM)?(GiIhvVb#*2W_JoMo8m(yn8kp22g1l*-#LB#s-`F)=azbSHP2xLxa!
zZq>tTA3l6H;_S&C+$rU#QAr)UcI()&L+6j>^7*sf#qHV*9dhc-<#z|{=2ox#AucJY
z<G60!x_0fdVNpizr+wOowQIeH3+dUjfB%s1UhD6TPI_D2ZQ_J(9lHFuv;0W@;&=Kq
zYc}FqLFk%Zz1N!G{PL=*LkIQ5?%gMJiQFGEeE9dpo`IW2-j9oW|JzgF482iws9${2
z+ugf&cYToH=iVZ!y`f#~-8}=BFW)wxFmA-1A;<d_NB<4!$pJy}pNQSXGt#m>VEhFi
zeiWeCyzeVpztF)oiCwxRj5V!`9=t3ktZ&Fgk(X37X_9P~r>9;YezauBh|#J94^hI#
z<F_spzPaPzMK-%pQRfZs^iqUoF3CF3s&*_tq3;%4DBB(!=uzhZV`IPmY2?k3v2XEy
z;Vpg7qvBHMie^Hp&u@6tdme7iR}J11xp{l})Ms?_7J0cn9p{m?4dmb59y?EIDV(d+
zou@o<U!lQy%7X_F=<eP7bpPH1x_9qB-Mf!4;vPPHNDm*>BJKh5JfsKMu6>B(e(inw
z{@OLVa<zi??JcIfl?SLG{|N1~9;GuEFY@Oe4{INg^>`T>bB>ZR^Dtfc?mF7IN7Ls`
zqUmWVH17Ru8a<k$*ufmlPTfkzJtb6Rze-ns{DE>-?;-7UGtHZ~fs#jO)5;}BXw~)t
zTCsIEEy~_US-X$Yf>rw|Ic^87-FB8Nmv2&W)en^U*+DX_*hq^$oliOIR#BF5J)J#M
zLB~&=rKNdCXzJ8_N{n4k6O%U3l*COme?cJ?p1VT3D}JV9KRuumw`*x<@oCD<*hwoE
z6p?n)7Wz>4IqlhhfHK$bqih@-R&6>&A1~cb@x#_q%CxPNb*P*&4}VWv%WqSG{Wh5|
zR8#8Ybu?VDfTpE<NST?-X$ShgJUf?iHf^P4D@~ND$)lxuEA{dDh~^rLNWZOu))n8P
zjpg@f@A;o8JN+Q#uHQ~M8@AE`YZ2YLb&E`!H_@Cqb7`h_HtjfYkoFusMv3v`X`Ffv
zEm*pVmaN)M*&7aE+*@cu;w)OrZKJ&hzoe2g=jdmYFE1~rLx&F2XP>R78PjLbmMxoU
z%^D-koH3myswdF+<Z+~#GKF$iXVX@st<76amVJBa=FOXQ=FAx?D=VWLH*V1N>(}Xg
z*?Iol@yeAe@R3@&4}Z~kzrw=;-wO1Orhb8gC^$TVTm!<%bzm?>goe|==l}|1I${7t
z^cz5(5=RjG##;4zukc_#%RWxxFZd>Vj_--;iiY1?UZhiBzsSE6@wjEB<ajnyB;1Q)
z<;KNLCbkHh>xg8O8%2{6l4&B!jb(b$1Y#fGQ~!f~mA8C_hvEs^WMyT<uTLr5y(B&^
zO;q2Pj*nU2?}<e0Sj8S9SuB=FL?X5TxQJf?98r=6tFt$Ji2T)ti@P^`h`izA<P8@u
ze{^Yck*IFra}mGtxwuu`{{Dsk61~X!BNmoP7fG5w``q)te;jadyFaqOb>PwamaYyy
z*rthB|EJ}D2LR6G??Eg!0DwbF?0pART-UYsfDl5cSYu?6OJX@MPWVln_)mG!?<9`>
zUJ@s9oLIJF%aLr!Rz-z@p$O3gh%S2Xy_cc)-n-~cQ~?4cA%q%;rtj@@X9fm@Y{f5Y
zy|@0Qt95nHJ!PN0_t|Hca}IN#cK`HxdOhkNl0OI8^m_N&^2c3|Yrh`6_27J6+2i{A
zCcK^$r+>x09!~4Mug6pJx0jy_3k#T=o8xZsqgLh1){{-I&6B;?%UfH%7S@x>f^2=3
zW;l~Sh{3@@^!N8;VqyaK?%f0VjJSUNI&R#!!KG(rX1Kbnjr3x)vOJ0vKz=1|-MWRT
zsVNQ~d$RlX?b}@2`T6-}-aL+$ughnb>^tKvyBV$w@1mk2Bqt{$Hzx<RwY8|NsX=jZ
zF)Au6aryFPT)TD+<byA_V`-Mh+P1Z|p}M*nB_$;&C@A3W{QP|GSy54erlw}}_V#l1
zrL@S7t?YQSo6#x7f4!UWjPYf1a+2fm5aCcteMd$`!OPbdzI1zdc)-og4GA%^XsD~h
z;FT-5HhF^^4>nefjg815TBD<*;pgWES65d!Iy%D6&JOnW_OP|3+r}2o&Q9?0@kT^M
z1ji%Bi?OjWjuz?oFg&hay^1T;$I#FaMn*<ByjU3<TUmM-eM}x$y*k3HuD%|ZySmUz
zaLb5SAz`7^uMG?h4Pk6-i~ypA(RQi18I?39+1c5MiHRYcd^lW9OiXb0>{;mR>qAdZ
zA3~v!yLE;7(9xl%o-UQ^!^GHxqcI^NfulPwFAt@qrQG=B=H?<PDGBlM@ra9ygGeMo
zSy>r+dU`lnl;X^INAV6uM@P}z)PzKW6%rhTjO;8F5^o9!W-N_?9q~_3SC_l(9PAMs
z9E^zYaCm!o5?^g$W@d(ShUW-p0}fX`!ckY3@YdCawvK?FIvnoWI@(;GuAUB8?=11;
z!i5XVW8~!IMC0Sky<1pV!ra^(7pyM8iSihas;g@_e3`tlF|Q&1WoBj~JtG6Lgu9cg
z3)Qzncr?if$!K_FBy6m0p{=cpFiN|*yF=f|7#3DmIB!aP*4KkJ;i1FuBb>Cf&p=Bc
zpr;U8T6)mcHil5k5JG_=bWYQF2+l%RppP@BPeCBif`J~@(WRT71_ozwp76D|w}Y#*
z3q0K2;6d{0>*a&Uun1(NrK6#t9^<4>n7p$&mYA5x)wi{Cz<En+=$+MriK!(bVv^7^
zI*yV1GpOz9Lw;!;I!7l^aj6;JKH<1v=}0(f!$4n~cr74YgwQuIhxvIwSXzd`#x5TA
z4yo{T%O@PN;Nz8x$e=7l2j?LqFcV(>kwm`@bhS=HpT>&eZewGG(6AuV7n!K3u0l)m
zCAyo?-rj-k?oRX$_F#B)h?5_Ne`{+iH;0%^o1eFUowXwj&k~=6#6ucmQ(HTv6qjRY
zdKSHt_t1Om9?F{Ap)JsX_89>T4bDOPq&5U6&%)d?7#_}fgjY2JqMP6w(|~}4CIlrl
zBOs*-;rU%itLQ~?3Eh>Kky+P^y5=zi2KwRTmn4@b9N_HeiS)EI)HSrDtiBbMjUA|O
zyNrUWcGR~Ip?~x`M#gRs?hi0W^3&elPBInE;jcw<sbh2=QSmu2Ftde@;0$!moWbEE
zrw|w}LeInuhNr1b*A<#~RycX=JPv$hk9U7<j8i({F!C;grGEwd(wh)c&;{S@E`;U{
zKvX)4v`aT3YMDf0*Cf)~rcmB_3srrSXd0VB=jC3U_?sgRzMBYlw>%_gmLsRA8|g(o
zD5@Dj`K1ZuRd=DLWdKbreWZh?K-!hlI|(Ui@DB-tp_w^%2gjyBRM-ex&jeVS`M}E3
z6{aRG5NNq0v!)xDAIzYvs|UI#L-3A<9bS;v#Jm5`4vt~<F!HQ`M@lmyi~A8&)(79h
zaRd~NBB$*hl6&tXp!qg}o2C&&&%C||DC(I&QpXrB4Gcs7gE$=jZ5~oGMo`yt11-Hb
zQPOY~<*g&A?7V`qRvN30%NV^jj)kR#Wt-;}9E*U6Bsh8o!!IlzHO)OpExH8npiDU0
zB*OZ99L>219R4&GpS~N0vj(L&aXKIG{xle`DOupVTaLigJQZ$<&9Dq@f@fMAT(i1h
z8a4`j_c3_ojv}LN4uS1=;oUKVxXu|wc0NEx?+j9^CJ<V26OBU?a1v&~$FdArMU99^
zD1^Ib7;G<kz?kNwXG|nAvx<;cScXEH6HT4%crY`|>Cd#%S_CF!AS@*hIW^75Ztg%q
z`v?-Un`l1A!^J8c?gqKIcp?WEzRJXf&$FPlHwmA<6NSBR1mKUqw1Q(u37nFfVV~3s
z_sq+%%NW85=N<@c`;po_15w8V1b06`>hLV``ezZ{Ig6~`Swv=CgLlCs8pkG3m|0Ky
zB^`!FXGwRF9P6GW-Eao_q{mDQ3}8?C)1B-@2<huwvfr04_h9PQ6h!4jZ&o34>RXWC
z(uuUXW+Ya&6J70y%&vs9UoPC7bKvEZiNL5r8k0=eT4ciLY#h!Uio~%K;c$wnhEqxl
zY_bR7Qg8(q^M~MBIffLHoAlm0h-kl!)WJEFPRyckXcnp6b4c&JkDS&Sqz}+M7#xAW
zOD2we;thQrl0_$9=o?>z?)i%_Bb#Y%YDBuph;*DGEJ(+Ak-bSz&q7N}8$xqQFJ#ms
zHn#;~+4T^WG$Aan7Rgn$2u;aBFx_4>CocM@!OBAfGrI(6ok}FTlL&3CIM{h)BRI1L
z0W?=#O9$XveigwL6NtDpg~Xm2M0MXo(!eZA#}`p_Z4No3vqaMar1i5gm_iBZlETI=
zeE3@v9Q|7uv`)Cd$S?w@4$*zw4aOFZ2n!?G4)leqy9*p_tl>a9(aqHZqNHRbR5igV
zI2*QJ*)VfUfth1E%t=qXM;F35Ae&?_6P~eYIB%Z{9pbq_I~GSjOU0jm6^=js%8Tqq
z0TK#3kyuNz(smu9=4(iAy@9muX(aW}AaVEs(uZeIIyR5;YYWI9yN^^#r;N;?fOua!
zeg`p8W%%2V?C{Z#W3lg7fjIET037>M0*<~H0ZpPOIwlu|CB>+zCEt<!zZmibf<uDI
zuN1+>F9W7V#M3Whp?4+)N4|>1fzRV{@behxoy)-S)5PbqY0y8PjDrWGvHvfb`0ziY
z@x`BF@x}Z8uqV3|R@_XoGKd_ePg<_h+?+zr@LjqeAa`N`g*WC=dwmgAbl2RNMbXU#
z<X*jlvcX#@AG(I3f@=6$CBsUP0(+ezoYySDfuD=;_g9l~;4h&#qvZ)516P<`@IrW0
zGWz<4(AC|+-Ckj3xL_-Sp=LC+KZ(PUKND_m#o&uyN8`Zn==tY3d`^5gNo9f$<DvC&
z985Hm;A)x)--~I;DQiJiYd3P+$k*<_hRlvhr1nf9d*m*PCg)IcYXOaSAEM*d5^C-&
zp=FlnAR0<X2=~DWbltpxHqwuoX%$FKC_|WkG0o!^_&L?X>PQ)m6Tgmr9){094#OvZ
zb%&XG2r_fYo(_-U_PslZZ5%^<{S|m6*TBRf4LX`JF!(9~#s}kJbRZu3`yyd_I2P6?
z6Jd5F0*>d?;pUP9XQxuK3k5iQA_2ZpZ7A&=Mt<iAiU;l>w|^SBBh$#aaUaFgWaIBH
zp@V3sr*zHqeH4t|LdnP^nun&~8yEp6H&-O4=c2T-4Hebhq(AdeM0}~PXhBM1HNw1_
z;HX~?oqhR4OB_rsBVl3fhQX0>gw^yQrtvaj>-y*(L||nrJhNM19a{pSbv({HXTTvK
z4?!ul2uLqOa8?yuV~TN%#$ey4dHC%w<8bO&CdxXlpzY=Zl80L;xH653Ycpt>UO>m4
z1;T$G^;7rJc7GmqH>XfEFowQ6vq%tCWAFRNaKYRRt}bp6rKga;*o2nWPE=JlAR~+B
zp0_9beS?sdU4XoTMmXB#L+f-T3{1Td9F>TG<Xi-06d^db3L*KI5L?@Uu<}+oMV7-i
zzXiSp9k2~AhkI%{Vk?`-7ifT6SP70EN+;hT51OCk!qy-I1;u@c%xuTS*m@+@PoR42
zE-u}=kJdZ$Xq>)>u6r}Y@9Wt2l__j|GB7-K8}9bWIDF6q#^>~5tZxi!@@GBVJ>c)}
z4^IzQn3!8Z$B_JH7YB+#N-%Y25;rNf85^5MZCxA5&<NZDyx{EbO+5C4Lr@UhqC;Wn
z7L7AULJ^T&gVgqJh)A|wk}tuH_+=ZI5B&>-w@x1Rf06<1gNX?C$VW<MH_WW7;hoxt
zthO7dxq25ZcORgM_}+VK4g=Tjz|z_W`}dI_uAhwZh9RUy*FyIM>BEZ@I~W<k=$sKu
zP0avdK%T$I_ceu)@mbP!HqboniKy5l3=Z_;!R(wgYG01Eo&3mN_}Jm1r#&3KFTyp@
zgM9N~=<Lm;I3O9`De>@5&xU(^J#52@U>i}2lln<GPBL?d=CXrH7Lr5_@QA2GP~0G5
z$oDB7okRu6f78SrwBNjq&a2lc&K!r6S2(P!qH*|89AZSBD9`J{1%qf<d-x$VDwOl}
zJw4sw<L!&U5MLM>1!4b(ku;wRF*|#IIo4lTU{B@)Es?%A!FfkhTyU|3wW}rU-0WeX
z9SFlOa$u?-1?_VI(6fxe385eM9f+j&VjMk?fqlPE#JOYfq%W#q>sAbh&>AGrT&ftF
zMDg$qRMNAN^h?9QAlmx+$md!@QcfN`0!YUl3x}x%&C#4;_&QfWTQ3wgelbWd$U!CP
z`0}z^Was6>+&BxL{UH}lWP6yuxg764T;%SDOAm2aa1h7!4nx!6D71~WaQ=b?`SgxB
z_E9{{_7~#gcS7)=Z~0;G+oAZw>!JATucGkf9}{7rT>@_hvT<G+a8Im5NLdHz{SoAK
zji9h&1P$H8=pDX_>3jE<*HrG^zlVgh0tnAV;LC$Cu(z&6QUuKzK|Q`W5DOE>Bp6%8
z<LF5roYo|r`ED*g*prTk&=T=F$s&u@SFf*K^st4SAH|zK4zPE%gQ<-n@%lK9?e~M$
z`y$w!B6<HuA`JeX0pmlNusEFrrwb{tvx%h`GY)Q%8HlMZM_g4sVk#SvR^5sUif^t@
zPGNC=f#drE;m+{q=)e+&uHHaEWIq0Jz#HdI7sB7Q7OrMZ&^c6u)BEyp=A!~={k;r-
ze@6tZBMBI$dB3towY2U!7Q5z1rY3G)LuEr9f+IyZeAo%c_Xm=Ur%@~r4n1vu*jR+)
zq^=VTE)dPZe(;HkfPZ*2qEgb4Tu_eA{yy9xSzRO_eSzT3QJ?dyUpDRwi<l+97g#{&
zl>sCamBQK~8K<>kpm~zU<6<${lw=4`#p2+nUO0U8BI;V(#Z=3zamiksJkhu;O4f{|
zQ+x9EG{$d?p}V&qp>e4c4<u5oHi*$1*HC+@4SmC-XzT4p8~L%#ZSCmk?#8`);&rUm
zYhvJJcX>UE`eO4?dd)7(Qe4#vzfg*c(@KzC-hkw+O626$5Z|v#=Ifk<|BvGT$oibj
zSYuJFs^&-z7A4K*mu4w@@v&>XYu5s?wm+<_t1Z%a%(HnxvF!D`w}@ARn7DR>%9x&9
zlFXY0nyd2?xdHcF+vk#m?~C-Dm-1~%%qJG(bL)5WbC`YbfSwDOr@VQ}WA~y=J+W?B
zT3!qNx^-G^t#WZ5_aDrXZk#7r)DPi2N4jx_=KO=%8Od6rRCbmgyFR`Owgf)7v;-f<
zSBac4o%L{0@-9>Vo7T72?Tc_*Tw;1qtXt+6*?eCV>zIe&o?@B#7JC9uRBQcxgm2Mu
zot%e{ls^u<bl$F&+i$z?@J)Lw|B8K$|6i`BJAhBGr`OZ#>EG=<{kxszb6Pu|^6}}l
z`ub;lsejhrdXjT3kAwBNc5BZ#Jn31T_0CMJSC8%AvweNG7e00KCU-_-Y<z5aZ(rJu
z#USi#11o2H|I)J`)6>(-X8_jr{dM@USc#pnn7%cQhWdK$Y(s2pEVn<On2?B$_IBK&
z*q7B|=Mfqj8o0gfsHkXezda}@2!Vlt+&(zl>+kF9<Ib2!&tI@7qk-YaV6Z$cR+Pl0
zY`>rF*;ZFqp`D%ug$3Ms3LPCCIM~^7XG5y0tC5nN0$*Q0ZeRZFSp#k_Uq`6T)zjA2
zfv&y|jEv54=M~aY)41~sg$0G&d4uqX2*NiCg@uI}9v<d+$j(kQH#c+VNupz8;Ns$r
zqS7+%Y>K711?=qXVNQKrbaaB1r6u$Y^tt}D1g9Yo2%s&{g-}3wTJ)q_M@xXyr%ys(
zPY;HM=U`%D3TtaC*xTB2=PX=ZTo6w@?ds~{c)-qNczb)p#>Ngt>}-XhAyRV+&@ncS
zlKNIO4-6wHECy!{j9{R5210ECj0|mIWfcY+hXgpeWWd!u8~y<~hz!d^V0Z@cEdcsL
z9q8-oQ-6-cgG^M{RC8l?skse3{k<5U80TW+dKznICnpGqclJ(RFf=)jQ>Qdx@9c?=
zt5dkX0Qd)n;P_z!?ElaNTDpF)^Q}NoavOqjx)G7vkHm^mBsE<_TFZ45wO>ca#2tkA
z#^KO=9taK3LRn20O6!ME)jW!l#$I&wj*$$^a&c;Ways?p0dpG%B<I(_**h6l=RI-y
zq#Z16(@@ei0jmoc_>qbse)GB|tOM&{AJd57qRVj37(saHHKg>+z`yl2!rSg5x9c|Y
zhbEB_(*W)FXzZ)UP*l?gQQjqF*L9$>xeGmmgP5Irz|Dj3<Q(|Nq#(7p8bxgb2#c?P
z{RI(hbh4oPcM){=XW+BnC*T*)S>co*4DK0Sa8BulMM5969fuHKdk0}%vxx7TLDJ<1
z5H;LJSm`9n8~PF9lS#C>(YP9O=S|Ga&%@uxAJK^kXr=iyJ3E7@+-fA1)FbCoCz5O0
zkX+sjzt}u@dS$^kI0p_k889^zL0dBlwto3=$?k$<{uQ_sjv%V>7Lt1IA!YCZN+#Ie
z@dKo_-9!HH9i-&f<J18UoIB@;vqo;vHzoPAwxqdX0yC1y0RKQ#R#YJ*vl?!p#c&AB
z!^MyScqbOZCoUWAF=;qwn+Sn05ud&vgU>$+Lx`vjv9*JUX&mRy42XK~BYtoeMPu_Q
z8J|Pi2=za754G2)VPzbH_h0kE(T_rL<h>Xi{f8IHaV&E3vyq&XK>ho3bMc}_8uU&@
z;q-wR9M~I;gCE7=_z@8_HIs1St9X3==R_R+Yb;CzafmN#MpoA_GCC%>y|~=bSrkq#
zpmuT*bvGAKHaUm<D{OuI7V^?+;cS!+hjS$mew2^>|1QGOul#A=dLuY21p_1lBUi5=
zs=OaQ33V_sPJz~eIOu#FkJBGS!r+Tom>!OYwLvo69P>#R<iItg1|>ZsC>@+e&fsn2
zUB8d&JBw()y@aOOCDcsMqWbD>q~(_)CSHV+iY8>`Hz6mt6-nWBaJDRl@QZXDI~V~c
z_h>YCbRnX$4Ka1yh_35JXjLaJCX~b4zW|OjCZX9?h%Tyyp+z>{|3e18{3Hcs&BMrQ
z8$<Txo47Rf04=xY&^9xVvi_@xuWm+j?{yqKXoPd58-qi`P*hTaT++vW!G7@e@g_ac
zh}7g3I68|ElavaN-~hOUgwlA&!7VBo=PlEa(9n*MigtKsHc);kv<!3c`G@K7xR8tJ
zxK`K(5>1_xXu35+w9lb$@-9rw{BTM;3>8&_Fw=8~rG*)c49>xnWX;sn2uDv?!Ph?$
zlQ$<M21tB1&EA`IqlXQg{p@hw!UqNi(qQisiHlKbFmlO;fqg!{_(w8?Ux^SDP!5mC
zOGv36McL>S>PBy&d2}58BV+LJkHN`PF-S=4LXc-6ES&ui86OUjC;{=J7-)VK3m>-<
zvUQ83cNe+!M`rhq=zNLedPksRd>Xn2W)OUq2(3>=`0%{|?0qW?2mUOA-WN3X*12$x
zDo1E}C-QnnP~16;uAwp9Ap6VK?0Sa!VP-?}qn(a$?^c-V6u{Ck9gZ%UxL}%&kAFit
z+OtBk_PJt{iz^CIQdxwYLMo5+h473IPV9}uxv!F-cQ6L$PKDu|i65+7Lg1H@g2;km
zWL7s}@ah;A=H|JzQR%wo-I@FFkILcB5SSYjK>t($H20@q-yfoJ{7?kO$8K=zj7wkR
zzg!s~MO94;qT+IqnOlX1mQEB`*Q2qs1+|Tr(Am|EJ7lZ5wd{v0>*H+AcZsbt(!bGb
z*AbaijF7lOq~z2fF{uPYWN+Ep?^-`dYX4>TBE&0uOJBR<C|&bj@uS4+rc(Om36GoP
zugpG}S%x7UbMd{jYK?Gt&2@2+TQ6mMU~Em9(Y3H3#!rgl*PityxZL{lf*2pJ?fk;J
z?bct@{1;wN0Cv4K(*N#x>~FqT+C7bco~|qW@A<o3@jAuZ3jaIfWZAR)vip>e+pk+M
zR%LNkXJ_Yfe8w(zX12Gl7v0_6-1%i$(;#hsk7BlgfdN!jR#8kC&)N0V)MP|PhQiF$
z1iIQnF7`1rFrYXqgkrB`L`OxSq_~KS_fnEY6th{A4{V9-@(L8z*5Twa9f~_Hz`;`l
zkDz>nkna-~lM3O<^AwAvqo|@0t(}*-c-AK*9ATm~cm<@u!Y~S+t~Ge?R~KO&+5p$|
ztB7g3kHmom6!qRih<63T<1-PKkcRS_2Co0Wc(O++H3$+_!pSoe$M#2)&zFYa$^isc
z-9XyFEV71Xk<&j73w`o;KX8Dtkv+w<KFH3@f@f4U#hV#8c`zQjrxIXrQUqIv0u)>x
zNB-4&s3RZn(kzhM)PZpST=+ROz+5jC_I61qEG<V6!SG8X|2?D_!TGgt2qM4ga5kdT
zyHGNE7fsiu5ExehU%y1SxY-gPg2;c1M_1=n)L-g?iH#mitc)P|iej<ju{iiiEcsYz
z2rX<y!w|*)x26ylQ3!LB9Ev3qpmjV10Up)M<9K6o664peqPVCDQRGKuWmKcMrWT##
z2Q&UkZEj6{A40=w5gJ%U{=!X8hUVuNzR`{>$?TCsW*>R&--mF%*TT}WO<i2G$H~f=
zX<k@ZeJ0|6UQhk^{%)0N7e(G1Z-{>#fc+9MX`9`WHzoFq$?Q8=?2Y{j@CHfE-P~^g
zD@bbY=6(Tqqon3;?)QHcpPG=T*VF6i_4Imr{SRL6|HGC0&3^@n&C8MGzx@Pl&FS9$
za^7}c#^%OXa^(Kf_{zs8G<A1t3kAo8U!K{0_)9G<f!^+~j_wxfYwgz5+Wot~eYE?G
z;K<P*Z`-E)eF=;Ye$V6mMQ#J{<l*q;Z$S_7w##jiBjd_`Y(!!xi$0Y&`-ddhv9!Dx
zZys;u$$mOs`Z4kiT=ovhM{0L0f2>w^J5!tBzQ+^8&5>W9$gSUovAcOZ+0O(h(fc1|
z-hZrj)KHI}6~C0wwTJh}N7O0%(2s?>!oxfXZigg<zPY*{apUbD3y+=_9G2i}E`jyd
zBlZ4cEt;X9il2Yvnr!5y{EWvd`8S^Q+i?H1oAL*F^$pw?YUMYW$}wzTdy^+`%u?zv
zGjOj_9hEoaxbFbVu}?Ki3dvnkRMy}r%9hK^lz)F!xdQJ8;_>D4Uf%6Qj+dOWq#mKJ
zxMh=~>dU*;6&N0hTQzt}udz1r+&706R$y*W|3520S)W^_IH{`tKw7dYU+ppZyJYj_
zxo;Y8Wckl?`KoVhP}PuA<BEU4lUM&C$A|BV8THy1D-2Umf02qz<(JvUQtB^p)fvtI
zA)XF=o*DhGth|Av;#r>hZjNTvhw`cq<+g2pU5%%(iQ~y$MTHMkH;MVc)7Z#U*twUt
zX_+4zc+W}k7ei7|aMo0RWfh+{aJ0zQ*(g(k(aOeQ6IU*vhw|2E<<*rKa$@8a)xSrz
zb>$d>8oW)ftr>eUOm+2j#$LAkwKZeEb47MoCmRSUjTQcH<h~oex_rBW`j4bFe##iV
zO)T0^M#Fbj(Xh7t2Hp?9zP*C_cUJ+Bjyy*T``)<{YpeV33_*EkO|_qXUtZN;NY%B~
zY21{5^elT-k-pLxlQ3z>scuzz{dt}uHBfzHlaQv5w#EjkDEPk|X6l<*Z_9ADh#OLq
zZ9K(I@`9gml{B_+FK=)!+}Ld72{&@zUnf~t-o2LwV#{u(hqkJ2+o__kQ)MF~Oi@Kq
zeKUJ(;ww54N^&Yn{7vG-W>pnsRh2D!9Jo){EBXt6DAT*jbNuIC{|Qf##7yn8hYH;5
zHYWCp{^~#Fa8OWG+xM!nzdB7U<t@BDzm*pQ`Q=(5gxxl!-M}CYZsqOSMb$R!5(9jb
zC++$7Ya9Jq((_N0_{x06hYG~Pbx`0_>8on{RFoySg!A^q%ZVZGT?_GNPe6;xMyB}{
zc!vnlFC~EXuLY#>B!Cond)NnZHast(R7p-k>G8GTp5d&G9M|Wdq|({1VaFE!rpK~l
zGk*(X$Ced#I5Exp;zKzpAbk$L?OOO-IV5&4BsBiUYIv<*Ly4>LI;#<}evP-e8e3%1
zdg3?2TA3qM!nET{fEi6*<xRR2$}6jE<!{w}h9$P~w+VJIMXB_nt{M~W?fmUKSBQL`
zr%sbWS(r^I3Z7;4)YMfty~^LXQ&LCBdtT)k{zl;(tFu#vjEyg-JfpFTO626$lx%pB
zT5RW2E53r@Ic6&)1+Pl_+d?g<;ScGdPUXt0`{t=CYrMtdZ&%|hDf;hR1>k!;;k&G@
z5}Sn5*6OOOS~KP-@|7i0mn{Ldi@*8X1KT16wo_%tp6@XU-7JwR;bGQLRm`((0yW0;
zXNmS_1-lr#RW#Iid=<e4aj(*j<u!H@MtqfLcL->d6kk>0OG{e${FQodvakJ0dfLg8
z=c}myf(<@P{9G&(+B^;BO{@!QoPko1zNxKXth0i##?SeDr)Qap+evKN&g1V?<nK^)
z3zCq{mykWq->JTfYoMm`oW@0-244(JnaAfd$!0T3MIg@-MELX4ntM7QGT)o&-*H7T
zhj<%a5aaX`|0VI9RP$H=83#e4nZ-I;Rb}H&6-A*Jp{lY;RYgfvWwTgED~omX7QV7r
zHE-o_5hu3Ml=>b|W&2K*XZEy7wPl=~%+#YU-?U&HUDis=NGM8?kZPqJ{2ed9DR_Ze
zavWVod5cVC{tm&53^bpw`w|=WO_B^gUu_>Hzr!UzQ~Qi7<&-}uuAj-TqsJL!8O5c<
zgqJC<NAcrt<ts78rL>~BuB@lWS<7EM389Mo?P5i)vYofbTW%e#x(2z;Y%)9sxo!N-
z47trK$o)=k9c9j1@=0oUvmMxjtmE%Us^za4FOskqR5tSVEb-PcnXFueOeP0tPz<P@
zw~j4h6*ZoO8Dxt*WXu4oX#A)dVA<Pw9N%_ueAD>o5knwTM@d}gCy$r{nL2Na>&Qyi
z>Ni=1&*b>Kr11Hhm<Ptx&9j1+Swe-cqUx_Cwg5YKslBATo26)?@^=beVe^mwoZx#b
zi}k#dCu~_(1X6XkS;8FQeHpE`T}}6SHs@6NsykO0BQ+hH<sUH}iaRBBnCVdCE3P&j
ztbk018kr8o)uw}$km*q4tMaLpjOkznt4xRDH<%7pHU3svZO;Hmwf)v_)b>geA(5C4
z)m{8;-yYcJWnj7##3^(BvI<#Eaa_X<W+YQed+gZ%MEZ05XPDw)m3DE4<JB$FUSE+6
z&}QBysoLEoR=d(p<@vkBMuG}9G9b^$_VoG>mK%^LaC&+@F=5vKRkhDlSW6DUqin~6
znFqpdrvy3PBiKFv2zIN*>NnIxRiMaPKhJ+&DkCI^?~w@cpJ%bKgoP_)u!Pvw?eSs!
zVF9(W$_xA#WF&Fp9xI0O3!KK?wU3JtRbJ%NKWEKdpS`RcC{C(<rW!~Cs>0*HsK|do
zQ9$95a%-Sul(?#rks2T}cZu5w_!0^gRus-!A~iOXt$S(Dm&7B!s$e@8*2eRMnnctF
zp}qVn*%0Q-ubFa^n01CI*uv~1XXV63Zj11h4LofH8NLYL*&uB$JiC(YUrw@kfuf<e
zc*5rtmWyL4spv@1<%I1l_lGO+hF5C6wsCpJGhdvb{ER2GS<VzrY+MC!lNjL76;}b2
zs!nSCZ#?1Kipx!mR+2f($u&H{6Y+pK5L=brEM?LloL&L@gH6jx8LX36a_2Tl*}x+6
z)x@t)+*)q^S9{kU<Ysl<&!^Q&pF}O&GMF`Zv0x$Km|gF#cd>aSMk{G|#cEfwq+LJ2
zQMJ;yyNb1v{7Gx?mX|4{fdM9gkQ4@HN+>N%lLk5^t;;x5XF_LyWLjvUP1>YG7-mSC
zOd1HKy!!Z^^F8!QUK7&xzecit_nvd_J@=e*-``_BtghlMebMIrYR1zx%(EY;r#ger
z?zdRiiS)D&Ikt-UD&Ju9d(PP(<NXcR1v%n-wrub7dbSMrt=%@HFZe8Z+oJkSO=72h
zUz7N_{%Div)}I1l$i9n*4qulrE#78c*K*M$$u&5>7QoYrUw__~Kpt$_ww<f`?m2_>
zE<bxu#B4K${@MH1_*7Z9-0R)F-_vp0Hw!ke7!ZwQt{G9xKT6KmpN<Un_4f_;?;Pao
zh}21C;A;@qa}!bO3^Sf-=%vbhopTI9VuN|p8G1ZqTnp_Pn~w9v*W<hhqoSUXa&^|c
zo(Bgid%Im{`j~i6*})fAxb`mNx`kX~yo`)%s4ztS-m=Tojq?S~(73eeH#PTAkq&}d
zt9*d?2K5(S5A6`ls|UgPj5?=!=vl#+g>#vY<MTd_f5FFP|H$`yK0h57{Faa9yez4&
z`+nfVKETiMAwTE*l%Mm=3f}4e0GtN|9~Jx)@QJKH^sdNv9i2;C;7yCVNGKP1h3Yk_
zH9`%6T1OppwosomsZBzSOU@2RV`@rTXgBpivqPxaO+Nw792-%t2hIrA1aB97Q1EMl
zCk6jj@KwPd3%(`T;bJ^na7ZvEcu4TK1s@XpGr{KtUlV*!@T?BT?Sf;1dj%_kcM3i#
zcvA2m1>Y82<7T`_aJS%;;6cGf!5am?DEJk@=LCN!_-}&lPR7lGI|U<x`vfb3w+sHh
z;9m*8Do7sDL2#$wgy6M;C16S(68fF4!_scE21Q5FLtWG`shiQgU38yGeU8on^^{3H
zNaun2kx4yHJ)qR{nfem_1zmzx4w=-qgxY0N-w`ThQvX1gf~uO-KT|)bmGdplg6I>s
z2z48%VNeg8-_+AXkDJsRbS0>FOzLflVk~aHz@if9RacqRMr9iI)=cVL<vI$`=S}Kk
zpw`lpCN-$cqL02{QzhC!Z(d+&Hq3uTy~jwq0x~zzU{5pc9J<<0(`mDL<K#=BWlvZ+
z&!%qkj42_Ty2q1H&bO(DJ!z%Krk+5~kJ;35&jICPoBF0FuWYrcZ$rwZHuaLHr1aU;
z>z<0T-KO64)Rlgl3V4^50h{Xf_S2wEZTHrd9X7Swd!sUBQ%R&<W>Y!ut;$ZDDtqr#
zuB3WTvo)`#8+weEKIZ+Ray9*i-1fSKKI45*3DaF$4eE2CB6M@VK|SDoM2XQ?P3kf4
zW6CH!IbcvHK#kLhL4$hH`^U;Pl-OZVuYj7MKiJW%Jt6bir&Pv!1s@W8OrBeLLgFV>
z7vd+)IP-tl7Vn^c5zd=7-$JiXo`3Oio=v_c=K|qe?BnCI!FSg9rn(x(#oNO+e%xoF
zi}tj|JIwqi9NL~djpj}XCr+{AT3^#MPHFc#IEDnT)Vt1Mmy>^i@Y(84Gj&$*cFA*U
z{Ga?y&Z%)rlTCD({uJYc+tVjFKzFMrmCGd_rthmbt<qcSE9g)ErEa7+_>U-isN(wx
z@CM+1dcgONlBcJ9|A8@mm=xDxpbGpOUyxSlO<%xu3w_{wM7e{4{(jm+XZts}_E5;*
z<yrxM3vyoUzYy`aX{&2JUG5Je&u;%7<QenN01wl(z>I$*JwO$I!S!Xj-d{q_!&C)c
zp{xL(_TTIZi!ChqR!Do+e+Npv=)YU)`i9i?ywtKqI4?;2d6$a4#7&sr*3qrNGwF6<
z7v0S>9^DHJ(eDB;q=$f)(3gRi(jNl*=_|k?dJ?#cz7D*Ko(5h`e+i7zGr)0r4w#_7
z2BzrmfLZ!3a3B2ucpbgU7bWO*V3B^x&v;?xRk6o<8(5QC8uUJJ8I7gV4b%xdMt<OJ
z*xRVk^-SPhv<dimIuCfC@b9M{;6ro?@L}o&K8hJv#j3Is_*J?J_@wZkl03(yt`m~y
zq~v)<@;oc4-x2-`lIJCfe^>H+U-G;na$b|1Ka$j+O6t!g^({$#2dRBHQ@rBp!>s>f
z*Ky^9@|^Ob^0M+h<u&CEWxMNM*E6oaca6i&owV%1UI{($HVLn!dnEh>JuKmFdP2f5
z9hWdd-;^*$-<EKUUXn0QuS+;V?@BmH0WXJ1>XvX1ZI>`ZyCs~aq=b7ZC*gi7BXl2Y
zzXQETZM~7MpiPO|c?YfNRg=}?Qd#>X<(KRAa$ljokk@N{+OkHOOajboBEzxiMybqU
zB)gA;jHVyabYYZB{QrjJmmB4}A%hm{g{odI%~EEi-q02)Is0j?(4fT}C-xQizb1*6
z>a}WJqw##Dh#C)RnMS^`RHrem5h>LcG(BGAct)$&OVx@&L^QoonkyCZ4J|rFBTJ=n
z5xQ$MnP29lx<tZ8bUa^A#U`bia(*SI>!@=vS7<C#TFVz{uU=|srh0u-TB9#hEgaHN
z&IoC=R4LMorkCbcSRM*hwE1eIgsRz^L=`e3)k=lUf)8?;SSAxsPUYg!Tqb@XCcH=@
z9-GSM!qeGtgz-o?iyUU|^h_+B!!JI%KbHt+V`<?}C3Df(Xm~o2%}vDi3o9DWq!Qu%
zxl9(hGA*o;{q3AcES+uTq%&cmlM`kISt}Y#r;}+^7mhl}NOEc_mq=!^4qhf1nSjRG
z=~Qks98XNAV~)i5)J!-5qsPNj(ad;wVzsnX8nsSl##Spf8IG*NhGR08uUb<~KRZ(3
zvq(HOZhFw*jfA7(i})yeeKnmd_Zr;M_*6VI9*bJZZQ>z`+a*2~YfZ`KGSjJ4GMzQ~
z`-b~3&m~7k;VhxU2`(9dKVzI5ZS7!BPsR47ViA<hO~R<~Sj>^g2Bc$=WEzR4hl~W<
z&n<1yEYxnbkrGcNVq@V%E)`CPCu3G`Gt#1{CK@wrYGtSQr?RK;S8JkhEHf~;D+j$S
za&Y)En@mTBa?WIno{SC)Ju)3npkXIsiC7jRXcF2u`NmL5P9^p`xUs45NFrtoAm_kp
zNj1iwgFiZ*NVLnh$;t3OqopIGW6nktet6ZS@o*-`lZ*^FbKGWT($Yy=n2`kL0h=q`
z#E_SqoP^0!Xq2{;WO^(-6+h6lZ1p6xX<Om&he-~9sPOQI%TJD6)6}Ak6K>&Q(y<2^
z)2WF_W>*U}Fi2PmcskBiw4-)>PS-Rc>aw~t(`1RUNjsa)Q#nVD%5*MiJaKbmUTZ*%
ztRA^ilU0z##o{bjt52?OEI)R(YGtl8FJ#eJLUNj{A<Q`<>q4%;3xiz%M6Osd)oLyl
zOjl<=ohw&ORhd}S7OVP-!JEvNDpahRCUeZNmTGzlHdkv6SWq`9(=V+|(>oT^($}!m
zCLO*om%a2-rBPbc`XbfETB)q*yrh>3TAd6=p2elLa(-E2^>Cx1mu8n>lUb0nA!)W$
zE;Uw~sm^T#m1;Dy(p+h+D&v)grdMlrjgxsD`OB!ewn7EStyb6t;&QYF)_BXh%F?1`
zinJD$D!F35k*DNRqp1Vrry4pPKqXXNY8W{<Qr6H!#0|z9kFrMDD)R0aByN_*N=>6V
zxT2C@)ToxP*N;~9B1vH>*mPmET#iFa-BG96iOFn^xgu5P=IYo><n?*%E943!%*e$n
z+To=<`;4iW6`$qpOpc!pB}1bWeB#`qP&^eb7Io-A;mQiASf!Y%q61L2P)n4Mt->3!
zMjpKqTa$XVY?qEFDXT3vWYeRI^~Q!s7>QCvqgdrgNv~EG+3T_85&#2ZZ>h1sqOjqj
zaG{{p8s_dOg0`hdnfGt;N>N)*&cTn&4C{J+MJh;Wm3fqoqLr{ZSL=;frJ=9zF0M&%
zKGP)DpUn7Zez8<uF?V8FZj+Q=ZBz@@vJke}T-@A)X+_!Ai7CQ{E_Jid$j!1k<<RaL
z>2yTU;1qC@DS@uw6oW1C+Fr_oR{*C5j<Ti~=d~rt0qTriNzpm(>!m}8uL!q>Qs|4M
zpu8cyM01=5I)W4G9OyFmEU$=g7Bc6BszX*DKcsD7YJsYBlzJfnJ82vsVu<PB>2w87
zc^QZPA?Q*Sy)~S@8lX!k!&pI%yx3JF^7cWyT|_<(2lxulxhc`_h*@vQv?D|pld|Pv
zTh0>Xu&#3=QA50slyf7d{UzZSY#AuKCJb966vHVJr;VNnC20!Z7<gHn$(afvo<J-E
zZj@*P>$4Mb`_10~TBX;ti|Z_~r_W+<Xzkn{rk7x45mGCNH*Aksd1ync4pL{EM<b5*
z|A-##jv&_}zMMA%>3PI8Nb~VigIn?_%YC6N@>^?zmj;?1&P(}L>4pw0Jum);&$T7#
z3-eM3m$KydA#WYX+HxCQOYMF925Rr)2PIz~Y4f5(pL}r=+`{dBNIZE|^s34TD4AB$
zaH|&WHJwJP7NXV>6*6=Azz=~_mEIJ>uPSNIoJP%;n7uGBt=(*uA$)h>yA{WAuBACn
zeWvs&k=d#x_Zcj#g37UbxS%zpTU9HZrlVU!xv6qdn(Y#4NQ*8xTxaBKHDasHFJQ>$
z&9c3uY-8m^(lL$hp^G~-sh<aB%`Qo6LQ)HNzB<tum$!zp(~{E-_jXH`#8t|*EXSJA
ze0D?qG8tA0jx8W}UZk=6+2y+UQ^~Vz=LBg;Z%B@c-Q;YqHN~yo3QZXn*YLJ7!8JIi
z+*V(lZu-hghggvA$Zfa61MduncQ0qT&8geh;#*_#Sd`LQdnfw@muyb+R>_Px)rTBu
zA+t7Xpw-Q;-M%ceOTg(27CR*=s|?pd%T%}Oa6R@}V?a1((U4TbqOWj_S61Mtq%=En
zYbk?!y3t!kYC&ebrgX=Mj{olmrrDjZ{OAMfA{oezM*q-xrPZCS^UB>JT5ZuXibrKZ
zsF@2u(Nw8dru;*u0SgkgmbT`TqtZhc9Qo?z5@c);xc?Y=d$H_BNtuqw98;0rU`b_n
z&C9sUpE6f*vy{!g#dR1>HfK6*N%W<&B9NY<aV&9ZyIJY1FzAeIG<Ko>4AR3`!VT^q
z4bx>!?%FgOWoQ+85?T+V)O6dD#NJaTd&&BaK<XH@m=en~*jj{SYr%1A!;ymIG=7ud
zXGPZxH6<u(ugAvY3M`;}^Xo>U3BMyX1_{ysx$IK#!19H!T`>Oj13%mNe*e?glltes
zb=}OSp;zv3dAi&oMd|8*J@~2kb-F{;4NwC7_yPZ1Zc-GrGvrcysv2^sL3Lesr&l7~
zoocAV2t6Sss0MwVAqBJtTs06-LvEGR5OHy0cc;svx<kgRKMI43!Ofr=?}xeh6$dvz
zTqtjmx%s_yH^0K}CW#^H=D)Y@exKnzhIbkMo#AbUw-|oG@CL)r8Ggn<4Ezj>n_pUS
z^IxrS^J5%tzAx$K`*?1?VdoxY7-r~XU_IROe7`)P+aV7QxVn5QyQPbxU8<KlfZd%Q
za;aVGx<IO3up2qLx&WOFs(^|D0WRQHyWk-ob*f$BqE1Nb4tU^YwL8F#5@3&mk7!V3
zhT7qkUng9puz1z$?da}A49oz2E|1sUrK&EpVwcCu?ZWE00s#=gkjm|-20A>!0j?!D
zpo-{W*cS{#zANCNjsQMv7c?L=ChOF3zIUUl`XB~v8R!NEhl7^~&t$EGKD2#@3#HW#
z?l&FYPzOq|l}d0Abf@m%fDgR&)9d%IKPVOEp`MGq5D37RY-)%4ac{Q@#RJ@DRHGVn
zmVg@EgYu}(7wm#HfdF?PD7ks_=1$nBvKS?>nT2iM?DKYZcjBMwQWf)czw`Ksk*sUu
zUOiu%s#apld~n1$EW4mrkJgp@_crfBe9d~Nah1=*c0L^P^w_c{7fR&Lf~NHq%Vp!Q
z6kJ51kMgGGNBt=BJW!YM24M@IJ7fPUeCyr8eZNU`o#PhEbuPYVK7&ai2Q;P!W9rDs
zq&12-f4<@V*Z;KSI6u1`?{&7PMuj&cE90oS^2KFZuS)ubQYtIcdqqwQ&1v5FJn25c
zw~(My!`#HouOjJw$<uFthp++S+wzxU3Q_F*QCW5hBB$0;Pe^>GI`YoQ`dxSA>35s}
z`^C2Pd|%l-iSfpe7bNSPMW>vA7Q_oR`y?dKeu{nxQ1encB1`UyXgH4&4O6#-)Ri>(
zC9^I|*UGO{=aAT$lI6XKWs(=|c5B;h-6dthB3naUv#5bL*1xRWuRs5XpOo>e-pQT6
zcE$h4&wm5)4*O;TNdSODOYA&tR1{a1RZTZE&`=FFii*mZGGRw2i)oBtqqYVNnZcdr
zs~T2?%#Lv@9XC5;swQSn<3Os(+7z9WWX+!J#GI3C5;rq(N6w7#BQet03}AGlar40$
zoe={kd8Ew*Ll(gy)ZY85i!aTbIlFuI7j;g(y6?UF?z{KC`|(~i)c@xH|H=Qs|NsA6
z;i1;PZS8%=-SPa1zAx$XP~X?^%r4*G_bIKv+1E>P!hO%s`oX>i`h2_ZWBNQ!pXCq!
zP((U6nK}K=fO*Du2IBPZ478#H=xqZlV;=|z$FyMA>o<L8pn;wEkU$(W_4@+1{?0(w
z73yjbcv+^Q=6`Nz;-wjD1AIQkelx!Doq>@TV+^&<U~J+$1N1#Vlm8bn*>fj#GVMD9
zIvSJp9ViB4iDd95ys+`z0xB#1-zt8)z|P)8Z`K26ui0z%n!RSP*=zQiy=Jf3YxbJG
z{(mmP>tjh190+|Tb&&W0P)F1v-sTbWJKPM(aKMo>3!!9$NCY4jAVF+EaCi<hRwHy3
zp&W!hM#zd#4?^#s0_a_Y4kFY6kXLL$@HjT^MCcGgr3k%>&<cc}2T18~19ujH>T1vG
z7v=W@F2?U!ZU(;(P&R%8&=!Pxv8`-^je8L~hHY!-pbV6ayC!7Fnc#BqB$sor@i`om
zh>!;%E!`0IztRmEqUn@hU5wwS8)Cdqo2|g~x^xsnY(VBt(pIxT(m(+2NLUGvDI+T%
z{VsQ;AwS*CXnYe74^cwgXLQ_XktkwSiB(sL_hVIxRc{xovHC!)I!_=+Qjv6bnOK4y
zr8*yC5mweig>27&mT<O*+zEh(yyHLwTT@u($bCjv4K&t7PN%t<H{sq7_v>)?z|FAc
zKld`xGR{~(4_OMFi6?*&b%Y#FqYOKTL$A<RLfjGCx-#)Fa``XV)yV?a%6PW_6R`yw
z1JFo*?uhaChyz*Y4A$#vf%z7rbN?J<{_ONixmx|wQ(w9nXGgGzudJw2ck-g(b!tBL
zE&TPOtB5bekL$qGf$uhgem);=H{2^oZ3<Z1pfg+%l=!^PB7PwYG_v5%CHFuV0DN3H
zF6@EDJ~y9XLbf+hqB0*#QBKT9F6{+d`JFh7d$ONpn5WdD7nru*PSC~Rar^<vd12^)
zyc{fgrxMm&JzQuAu+-8Q%u0kUBUPE8p`+(PVZlm1f8c58YwOVm#~XuJPZ=D>!9{$I
z3mD)+zlxDkEBP!S7qmUDgps$Lff6KiUMFNR2;DJ-P~#*Qjio$&9~La-^9DE^*gb=T
zB~u3GO%8+sg#*6_q_(g=Ai)@r(YT$r<ELpr?V0$FXy7QK9h;$+6n$!z8F&u6TW56V
zO_{cfp@Odf!FeupoS6_jd#d0oqUCL`&EO?TpTy2Y?{0hX)_qncx<DOl+XubJ@wZ)P
z82bK3?{hOSfeY4{Yx&l=rm22D&&T*!pNYJZjMmdM493IPuM=BfH2EZhT7O;bwk>KY
zU+FwcKA49s)e&HqDI>KvfJEgBOgX7U2yDeez6+3#4VCf>%Y0@L-`NUeV={695*2x%
zD1{rJl{-M6B_@U}!l}Vv%CVCqLTv{?n|$^V^m_zy4Wwua*E_@jGF7HC1y-zrRr@Rg
zIb-zuv47=6|3l~yAhyp^hBM)7MIr;P+S7C~xRtldi^OUiF=|JbbbCl(ju8!WVQ7;k
zZ5Jy6!Fv*4p^{!bMm2?{gp>H5H9Ai$#a_}i(P24><_WSCmV1Q?Vxo*mi@hR`^E_?L
zlSSvT!93kIK=<=G&fz9)k4x3S-?P-BHy9rSZdyUw6On+N2yw=B-T!fPky`o&Qzn{`
z+WZuQSp|vUz^(iWAarrh%4k9?UIFcF)o~PT&F*8$eI^ficnZlO|K(_+YC9S|h<IM|
z5QLU0@&Ju_)@WSlKE`<w0z#&Iw>XB;?Ep+f&Tz2+_AH0dZ6#*}<}}i3bcIvt8i4Zo
zP$lm!hlQ;6l##4NsvNsYnm*@Rz6AcN%E?DoG`twUfS3y_{x-IaG->j3fxK>|N;Eq!
zMz1tolz&GVvZ<ZK1C~a<H>zoGp-)CT_N;~Za?8XKWc80=MI_tc=d)B~^$E(A9a!aw
z#pue=S&gPOY4weYpU-6EcrVGtNi{CCQ`0oP@oupn>As9~yHjI>pP_W`Or2E0zZ+d|
zr^IsT<pfmfLLfNsOK`bz(w#ufayz;exYXkg-KA*!Z@jt_EXYU!0Up2F4_V+K@3-J)
z$f=2?U2ew61-X;CV5yM{GU3jGI~#5u?n1arNDs_O1AQJ@jnfZek|-j}6KGy2H1fjH
zIWzJ?9(iSso)`A>4Hk-=!#(MN`9sfB`@;O-?xJxh(TGF$s{x7}3wHYfTa{>x^{o*|
zK}O75xIhc^bRr(>A@kEQcXXr5AQI=2>;znPF0czndu*ynwPO1~_*O|}&GZ?+ZKB~d
z3&N|L3uT!m!fVdd@R~Is-72qqdpa%h4XGucy+w?l!N(Cjzhwg-g<R;h$^6Do<s*CG
z>aEiW%{pIe1OI{DdAgF5C%SRnF$@j-^3Tgz|H#}j7fxgN8Z$K==0}A;k$=|wiTty8
zX8z%t@CTl$IY_rBuI0_IV`(U!rlCd9s1isP0UonHJWBP4M}Ji6DqZ2((WQ4m{`kmD
z9V!<R#y;9sUbO>I1su`BSHpvxHPaMvm$(AdNK!c?MU+rq#9X%VD<hZXe`VydJHMLr
z{%johDxi~hl435tFA2RrH)+!Q4;fu;iFyFUxC_Ru#ZAjPV;H}cq*yjcoe1P_#^0QE
ze70}MI%T#QSqB!Z46{y4+_bE-(3t0d&B!|CFpqP%K;pCZ+=kf)G6ZG^NH`ukmTNl4
z(9Nw2Q2bW_g{SD*dzL`9@Ih=aRgh&d)Dsh^*?<c1!9#8XEA`T}j=N(&#3wF5w>%m~
ze`P1{U_<)CltBWxf&ST3K~9-;f(l|r$d5t!735iHq!g%QK%O{3#|^#81@LQO6{Nw0
z;q?TRF$=ng<OtY;ZXcd1at>OeO{)2*N6(y>Er!DHLu+#!E!W$-CfZk8=&YCvJcKvl
zJop)3=$U7U?J1b5GUASLZl#<{j)@`HSc?3anP%WjNMv_-D@d}Amg*4+PFJl@2ckYP
z1Qs_$e)=UmAS^56?nk)b&ch|N(#g_LT?z7gz`p%JTEyRZ%Zb;>J6r&D)^LK~jm9s}
zYYy;_0aTbInF~{7YXwoE7QF*Bf(RiG+iZo<6F4njUw#UMFLWSTPX*b^(lrP@26+#-
z22pNjb%DzW{ybVm%CX+U@3!D^ktVQqu;0cG%v+HPf)ONoZsI)Ccy%8;HJ{;c!4>L$
z{zarEcp=@}J)#NpLJE=YJ|2Ula>L|*K)uJ@wtY%s`F!Yrl-^c7y+vLJfd;Yk76>#I
z<x&DUGNNfw3ps@PY|%+}SaoilVUkAqMZO}+4R()3-C~Yf-V%UHg~;HcxD6~@Jl_t`
z8*zrqECJ}Owrnr7YRdw&Y@nr|mb+;w(eg*M+(}E3mfLB0KP|V?vYM8awDi!jgqB6L
zbknksmie^Iqh&5FSI{ztmOL%9X_<u_KMfmnP2$ajK$_K7F@w-H7j_9Eew9swqnRxt
zHh`#FMrqiM);L%E5mY@|Mu}dJ$I;sP2qp3!m_ZF~$nZe-S)Y|$&ctIY0ORuz5Y)kF
zvKkKqO+dZV3}L{!>x)`w2f!JQau^rY)TYzW|DN7&+ZC;a0|ajtoWrhn<wa!a0@&N&
z)kVLJPJT^~q7L8O>e|RlJiCE$bxOYtvd%CJE7FH`!m#N4>BIa}h83*BaneOKB^RDS
zD~?sxIu>nU7-@lsPcpO+O}$1+*5$*t8nPK0#a2+H_#A5UZghiiO^sYBc*PgiLdyl<
z_2g5~r*^jOgNLiD<`HhH{MUC~Q`TnUM0K^&LJ=XdH#U_G&RQlP=pI|0;fT*Bp1%Y{
zKZJhJXaF^;JTL~ac~ilv?I^%Q!BzLev$@#*uUp}%)Y};OUTu{PsjjDQm$X$@tlR~a
znwns7Kje?O%HQ>y3+nrKrKrXIDlY0DwDZx=#4zxC>@do;2{xiNVmH=1sGL~uD#pJe
z*2oeJ==F9+&IwW`fU|T^aE&Hg$tRGlfjjJ$tk5x<fkr_78U%=daA<lqvJ5xPU}$)<
zqzw+Efkhl*nXEzs!9P*PszA1<Vu%;WBj3VP<CED~zBm`l-4qsSS-lv`kF&5m1Eu)(
zZ6LyLXcpyPMvJdS%?_ew{R=QGK=P8U+_Pb7HitpWy2ViAA;t7a>rlG2XdU?jM)~Y5
zaS_}Ne;P-1Dvyzm@Eh(C4~YlHYSfWXvCSi(I@)6GA1;NhMsYtmq}RPv0;MC<P$@<y
zSPOC&uoEFclfFxUDL$lAL}-9ix>@Jx0*eSL=k~R$?U4#}BAdF&rgk@6iF00T7&Xc3
zcl_MSN(JgBt5;pO9F9nPR(RpSln5kiJmla?8n0YkG6%x~;m0_o_v_#$TQouWD_gd5
zMyrE?$`07V#@DKmExMOB4a<oF!N2pa0ly_r=r%7|KqIx09oIM67`NmQ$N|g{<o3Ie
z;p;sM!J*Kpd=An6JA4lb&gayE_5H#6OCZ;Ad@~oUA9D@|<zCk+227L-VUl`@*fuaB
zb8A7qRI4(>Zkr+rz`q~)uW?@37_1tjD5|+tEwK%^E7D&UR9WRT5Ak3uQbsgsu~yt4
zonKIIl^w(FCW-TqRk1EPF0uF$%t~;tuqhgFYO35z$!U450(p>55-}Dfo!YsTg@uvg
z)Z$BIUnW{HOL+Qb4ooN?B`e6Jn<d$bT1vs0qIclh|BOWu<uQa0qyK;b%v|q{NRb)}
zOG&ciEMn3yri_fsspR$yv_?I9MQCL6TV0lL@&;yC7D>#Qh;WEOenyXq4jKr%mEI)}
zg>%|REvhZl3;5iTBG#<*x~B)pPRH~h>2(;^4tQ>RZRD60947J-u2550@HuMbgk$(I
znrOVMvpzxXd>MOuW)BHDX%MS<8TBbI_Q5%gt}BtIby$20ApSZp97noQ3)OzmW>VU-
zl~d-%(Y;{k{?B~lwSbWc7+&>;^68R?v>f$R`-nv~H=!u1IRO{i3US{I`NI@k3Bxxw
zj_!s5{&(w8e$onxY*>pyk&!G!abmW^xyS)DWU2$of~$SkytN|C`lx+*J4~U3?H;lq
z9dXbHwTwzgY_SD#)F;#KKc>Y<SZAPoGsQvsB*p5RDZXc)PLZO3g;k@4eFV#_%HW5R
ztgJl&^2f>d_{>C3i=_jBxbx7~Ah?I6M8QM0Vs#>3CsRA_XXMpjY0)GY`9nIJ0O5F5
zemod|#{D$6%X7)mbd0cC##U(XkcXibjISZj0|WZ|2T03SZ-vmD2HRG9;DYq`%|B)X
z!%~%c9eNzi39uVob4r>Q2umr=@p>gG5SE8(x4^1I^rlXEAhbto{(&jbFXdp9X-$WG
zvUx)sjLK}@p(*XqAYG2W4(qt3uKCo!cVO!nx>tirMD4;76tf!@a}tczc`>-H-x&t|
zxP~x<N91gBEzJnw6?l=y(+r~?z`w?Kh6}dYD6aH=P__!>i?7i=w~Y;Nvbnh?G!TJ&
zG!_ddcS07?;c;oHK-vI?MGX~FOBBc<?5ok8EiNHyIo3MthPcK5R4x|CGgF8>F@?xK
z%pl_X1|kho7U5?I^M+j)W^=z*u&rOdO(0J#z(gM^wtFfx*#>Dai)I_aOKb}fH*03t
zIWs2~c1loiBg*>|$)Q4qapn3G$N>P<T=FVD%&jzEK8G4For6DJ)duB$fi$d**`Hc(
zg<ZwchV_iJ$V&>=K_2jejLYb6RIqsz$ivGhAEX+1*K&yp%%~$?k{Uz({xUoc(I0mN
zvXSCu8$9Ey2(mzDxSt$cOXFlxY$u_(X+Db#d<Lk%<1ys%HMHT)R;T7V_mew)z17YO
z*RQ#XZ41M0c?tQDLv7-pjC=7Sf6K)}=D-K|^Ua~nHuW0VgzLH-2m2UmT*`RwqYoO6
z_dTVPQ$86C$~Lta0`Wm;d~`Lq6iLw&8fx{4eBB!j5$aIw+xlIXr8MY<gWm9ZJq=%$
ze<1j*h7)cFpHq9Fv9w^V8(Ji%K>i7L(|G9Jg(@qyySlglCOTb&fnoqLiP?aICvB)2
z7@k7$q<9?%j*pkXf+AJw)iPWxZ>V_817?DZzJss$NAQTK$@2wO9)l2LC%;am$It}w
z3jl(-wQ5)0>4+-@w;-}<C^GOX;NF)h_Mol{)6k-<AZ)O>*Le}Vj|bn9mXL>2r(3O-
zV(5AGga^KW9{2(Ju07_vQWuW?tvU|71lY*knCh0lpl<0Njd@hAK=MXo9>ohJXLPzp
zWsXkuD0O_QW0nYHbR<S*r9eI(iIG_*kSin8$-Fl*jZFQeslK_8>`j?2rT)&{5!}{W
zu&r0xpl!BEtF`Z&cPFVFcZA&#<e~{)@{{${JbG|Lf;(_mG3-=eNHk5|+`pHF-AiGT
z+yNbXC-#SQA&YxSI`~fnxbTuEQNGC8&_-=b#CSKpod?A>Lk_7>d)j-gY9(*IehOa_
zNg2&a$|-iu8R=Z$v{a@y%F*N=uNrCZvkS>RYEqjvKE6k7SFbzI#0|!cD%Uh+P;;Jh
zc4At-!mw<koV5%e(tqNEm934R;7bL$qqc4f#CCP#*qVrRH^lHS*7QktKy3fCo!Fr%
z1DY;DQ#>@iAN}XrI-Tc@<NsaU_s2(3WQosYI+IQ^Ne_@fM1BN~ibh;;K#7yUVA3H7
z1A{RMBP4L&!)$iMTZC@FmB7TFVbdvkWpBMbykqy|!tUY8?y@Ihc6D)vXhIN?A1<P>
zZd_4nXja35$v}qm_r2;#2=0FGd*8pld`Nd!)vKykRj*#X_v%#*<b&6B^OeAtQnCTo
z>l9e8@#agWVa`cQ>ZX)j!l7udZz@3(q4#mwwX+yLn%Xdk{_*l{^-XPg5XiL3W0W=t
zzOvV4gUH-W;Zyi06q!+}8rKj<(rp3?ed`5e1OW>fzZxc=anhHZg*_nijtq>XPog;2
zhSkSpv=+{)HgZ=104$xbTxPNixOVDiNVyYc04e8G@hr&DFuY`wqv^b{*<u-j0%21b
zNRjMK@8dx<;yp{EI80TiZ3k7RkG9^6%BZQ5=1#|F$z*s^9?*c&K|Fk|knsbV4~(Nn
zQB<TmnB@{8ob-1r;(wtT4<<U@co(y2@_}1vY7gq^xeb6s>p2vHW`S7Lx*E%V){}$+
z)%`2X-&c~1NT)|J0&4veW=EFbqi<l;&N4){0v<kNMloL9Ib$Z4b>EjvQv+_GG<GvX
z7ylQa-aFu--$%rYgeU2$_XFQzDl&DnojgH__`xvv7z{Gy06t0ixLS?RLZv7Q7{@#i
zS8dGL4XlXFkZ{OO0a}xG?n3nlX7d=InP{9cjzI!Xf^oEL-P-WdaFfQ^hHW>QG%|qF
zc;lD~GY2IwSnVwI#|B#&|DWng{LQ-d{`Ykmxf>wmAZJOImMfXE*e%A4AoeL*+Wdo6
z<!(f|a0rFb5Z{bIk1;#UF(nIAjGeoa>Df?k5OOG4EO%@)ET*tZ=6wR>{~U;g!%&4W
z01>LQd|5tlH<vM2-IN2^7MMLn##gZEp>DzMWG#Zl7{l0Pb<^sOEr(!^ly+>H58=|b
z?Qtluya8$tLB4>49<~pP3Zg?TUxoC#vzY;{GS;o4zk#v!-?ZT0or$WJgW|Re3`316
zk&-yY09rt$zn>a1X0T=s>o4ONo3aZVa!e~M-nWb~e!uik^&of%d+MG6)>F{7ya4cb
zJmu_%nXwgnX(4B*b{(`h<qE{QdZE^4h+j@RQ14xj<cPK4RNHqEATU0_H_XKDbY&!E
zbRl#BnRR)AIbU$Iz)#BWHADB9q3LF5oEa)ML)m7i%nVt~P=y)#%Vic?R)V905uaj2
zAd5boI@qzB8bAgc3n*_h=|^ZXa2O<5aQ0muX1&3KxzMpQQ_U{Ntsk;!7396WhQ1EG
z!0#@>k&$wmjJ<vEb||wgG8FRrS;NL?0$YohVYze@NR>do(0ITnonv|od^_lMv|Y5<
z3?nkOWt&cm(MS|o4sz!Vq^pK*0H`reHGF{Y){V$dPBk22fuI?Put10floEu1If-+j
z70F*3t&{|rqL-zVgxCkFg#|m2G*}TkaTau@V#b5_1KBZJV0q2y2a}~0sYwVOK{F_u
zc|M%)Lg)=7$EH6c)nRtph(Ait02rq9DHdksvH4od!dNuJmwNk=CpuYWbb)E%f1;sj
zI#MJnV0*tgcL4>YQ>kK*h>Ht`h<N(VMEpemAQ9h+M0|JRn?&r2c=R;-K|l6$-SYOu
zm1J3gqq@e`3qtX@>wB>p`&`8sv+)u<1Z6#1+XFWGi+Qkg#I1fIGz~W>Y;?ywrn<|}
zuP;F+s}RDy!lwQN%F3bH$PAj_^H|=<fuXMa-8R6jirVHScO9fG(}2b^BY92(-Ux8u
zWq^Uzvm^BvDKJh(?hcb$?`&8N<uvrCAYDZ(21^iJ5g-1eZ>O*_s_B_&u-q&0V*k3C
z)$}Nuv%YlOIs&%e?BeEF8dgCeg@+dV=(}?nJQOj))oY^BWEP>PxOy8J0Isr%PM`Y?
zRBKHbWBT=de_;?KzX{<sAsU?dR!f5iim9R~djO2?3S2RAw<DQT_m|Qg%5_7^51_|F
zj!!cSG#;S0PD4YS@j#W4`vQR0F0We(`iza<UtxB=lna47D$H)5nCy0WbOZJ{oeq=F
z6owcZL&oUpeQP(gTq*u~)n$a7pmAR}z?V9+;Uxi;Eu}M$Zpt(*Fp{HO87SCz0?1=|
zUAt1iAVFr-FIAH9FQHs>0Ap&%EZ_&Dluevf%BnF=*3dPu>MM5wr|ICE2AZ#UEE~@<
z$mPtkosN*Q&1amvk^V*9QdBuWH!!BZgP^8OqZT#E7057CQY~zqX*}mTQ#2kmAUTiX
z9Tb5Hbiwt(cK-N0wiEb?Hk~0`G(qA>r~VItJo<-xW@~l#%K}A%l&S7OV-^Q8C?4BG
z)uCvDd@t*W8v0BIiX1>|V`}KXe~FyyuyrsOXnA_3It!)q?|(UrSq>`9|H9#NltJ%d
zQi0j7YRznzGRq>5^3ej*EDD@&1pV<BI6ogS4MTOc%+}KyPn`o=n6{^23AC>1BK{<b
zx$pIk8s3F;uZHobp;Qg`E!BStGPE|T@&>h0s^9ugxIbRMReOQGYFF296<5`7eWIa$
z>r*RtJRe4nGV<CU^t%Y-Qw{Gx7ZC9@UVWgxwhfa#iGWWHZ$(W(3<fMdia)jrpQ?CF
z18wAON2eGBQ7fX#TUGG`BiDj!H?s!qg)dD!2J87AbGka%GMGXS0_po3Fq4tHJHq6g
zT{r<WY>?}{I{FUCb4~B;hENxFn=u1>f&Q%5G$Gq+jczDqBbHJd>qc!9ddk)1=H5dh
zl19!^u1?u_Nvrs?a&^RdM<8oSJK^5j3Q6s$WvKCI``w3bjocnpB78eN)rY0Z_O_m{
z0f0rd4@O-vqi_@9Jg(yl3i!n;Pc<A*(nBLCU{9?BMp*^2hPi!W=|x74n<u14l?w9c
zS6`#H>>lv@*K8zzEc`@!l2fj8YgSj&_A=zu?yvo8A8EsTG~7LFQ%Hxc!`-pQ=>vf;
zhqg^HXP`VrD|bS)+l=0sjFt+c{V6`Jcsrc{mH1l`0RnZZ4=SBp4NZs0R>TBE4&YxA
z+^R(T9T&)_qbHbqBA;JjvUj+bWoFQFY9Mb3%=0@f%o6Wt2;#(3(chu+96*EEfL4Gs
z<8K?Me}+4t^nQReH~ZdzL^SO8o%UA%=V^<a^;q7*hr5&X{M9BGFc^S2gfNHxTNsz2
zy&nIXF~>>RhE7f~Ci_+U8oJ!v2CQ!?@;)xvP{*88Y>PI{WXfKTtE;|gLtduU+zUzW
zCnNokielR#;q^H=mDR%QPupE5!o4+G8K1Xq0@+xQLn<8Zt83E965jTayMK)X^kOA4
z*?nrw7uc^$QJ{MXy9s|m2z%(as9ruw*BYh@R01=<@SyKe`i~faF@?la5Tz6Qjw#*N
zWEblBsO(sX#nn{;Y%XG=2+B?}-4&sD=?Ea*kU!gFS!v8LeWePV>Z$^#27iU!mDM$j
zJxmi5u6KOu6V#C7L`)=0P{p_=_N;8heC@>Bvr^5%Pycdg0{Oglar=<Ja1O5h`Bl|q
zE$^Cv1=bL|5+CR&D;Q-N^!?GEbxK)eA!mEv<(NrF00$%s9iYXUVe6M{UQX`yaP>lX
zBJRUK=}@i@pi7PR81o<=r!FYSS1S`zomTdgg)G>T6YkQMZE+GCB<4t?$%oWailmO!
zS~r$$UH}E=02+kK?*%skDpCPMYZw|Wf4&)w@BNvfk%z<&D{wm^k8RdF0FlW}MSs8c
zsc!imrKH<|0^p<ueAD~b-XTbXk`vv#0@g>3TueZ}iUkGt(vKfD-Gz!89MY%;vwMC|
z4$-s8c(iJ(6^?J>_T@zrw`zvlL-Z32&*#a9vDJ`KdDbytn(2}yzWZA?vAz#!v0UU^
zd_x3jYyegQ`tRu6;n{#&?QBLK)6-ym9!4#+9`eyK@Y&w5-vimMp*r50!1aWg^%hst
zkN=WXPO{Oo$Jlhtiz8LNZ0D|C#G#QVhbxPUq-=8f$ukZm>acz6es|56PevTJgYH9X
z`Jy73BT?iosHMX62%mxVb9j0EI3xN~WrwnY2ae*2U0@L)6rxu&S-3*=#);RVE?hw>
zIOQrYgz+{8lC>S`CnY=ZdE9o@{b6IllU)w7X_>OJh=&B0JRXxDw*3+Ca-ZDzCsLar
zmXaU9)FGQz%ITfuD{*g7uPcFtEW*P0!)f}$k{=F+anaOgmHcQh9LDf{CE8#Zf2dra
zQ1bj>cngNJOa2kVX%KEfxqsct0B@Z1tD9EpY1qic#z`W^{c8CN<&d#-d0m&el3PGn
zY31<2<HG?DmO!$wtE-EA98lY(Cwm<>3HNgx!0&ZvvJDoUI(Kw!Dgr=1x5MfJS?NEc
zNu@oI-_VUTaRG&PbEEV$spXaa%*_j=T+$v$@fSv=+u)Cfzm<hixs0Cc!4(MrL9JrD
z8~7952N1oT_|R7v>z9#}bOqB~K{g|H{c+N+P(dnIs9h?okjBw>;%H4C%|s_t)_yFG
zb0$as<pD%*CqDGi2e7?6@u6oNz!vYsN2iFV06>&D`6aVZ`CSpEu^TAjG{hE(-Eta8
zv$@@dQ6!#2we?^xD%KHIOep=llmU&CQk8yAzLhKj>iIyOy8_~64_UNQ^&ab-yK*a|
zFkZgTq$1UOmSizP%Eh4VaFO?H<1NH{7740mnOZi2H^j608IZpL9sA(?$xW6r(OAE-
z(x~e8>$gD9lE%}xD<<&)3w;z<-FB9CGh!pqJY`~KC*m=6?n>a@Td%=XWR#FIIP|Ug
zLth2>W%`V?!L)&ia*($KavCgugwb_eOOCEF1L5eu{+S6N?moFv6VLf*>K`EN?gX)$
z?M}S+H5&@R(+V8z$a{l|G(e1O*!A9!VTqNHdSH7QZlIh&+XO>{?MI-c-#7(>qkk*8
zDyiaGSeV8PUznO2&te#aI^HyTC{J`-hHP-%^u?=#O`gn}Hv?bv4;M{2PB49f@RLK{
zg<I9Qr&LXU_^Dy|=#)=QHyP<!`V06}BKhtfnM3a%`V$uRKzKRiG*VZAeuzE=4y(Md
zvPLTo-wPEfvn_AntsioJCH*3YiA-vmJW4Ci38bjyylP*fmglMEoSsEytDAUrmRgsm
z)^SY>9VsI$7ASbB$Mi-}HWqLe=`Q9s!8{k7(k<0=-zOlX);kQeUe@PXKweVnd31Kb
z28Scn<WdKK%70J$V6>n<Qn5<SCKV0pLXKp+vzWPLB*}_g2idq{wVXzarsBRSDd*g&
zkpv`;hDGc~I!}LcKcts)5ZminodQ$0Vs#2sVbwDT4<&mzOzfyT$XR;lI6RVFd4`7t
z(wN6>$Rs10Qw*!HKcYK?0};@452MW{>D*v%H|)3~pwrbT;&rxw_T_cZ*U_J5mI387
zIxL&dgF@0f*WsxIDDsgsUD?cAV1ktuIIMPkN{h`{P~af%)8`;lDddtz(SJv=Z00?(
zlf1uoHvNw2@(v}PL>&(l8h!v3nhhz#6q+lz_JmO_t0X_cTL7zFy*1=_4)`)&Lw88c
zy94wNwebU0-lxh`l|k+3R^_)<d9NzJNuPrvi{xYS6nY0#e#1YZn(n{MrbMuDw?#@L
z;x1*y>g&k*j^U92@mQ}1_lkBgrj+wX0F4`d=>bDNM(r##;Fl(2C=O!|Z`|vd&h~of
z7Z8)&=&}3#uHIogMnYIN7&wi7GQ7xFKN()+&;F{&AN?PT3<}}f0NVYD5E={bmQk**
z&<RyOqROXLc~5iIc_H*wn#EG8G#&vhuua(dDTG=M-kV>%Wc>)?z(HYu@H9++rCWef
zIajYMA{+=s;}8`{i^e&>JF1FXh3`KLxr~DFRUd$QyA4%tX8jvs9SxoSX3P%|P@Y2b
zrCAEKNmCTcOA{+9q>&I3!Vf{R;-!3Sn)$)SCYvAD*hKhf@>0}OW24N-lvoCQ1h3sA
z=YtpzgG)9i+yiQ3M9?nT&HR0}k=W;U9ID8ZkqqI$VUWy^sbVB{3?hL9Vu$Qz3FB`n
zp<B>?#Y*TlVn1iuyN74*j{T5jn<teAuQf<BgV$C`xxs7eh43?Wh9zocv8NEmy-IeL
zVvG~@>$cbu6ESCOk@=AyD~FF3Tk!+(nBcS4>GFtD1|BrQ?}o%;7fZUIC4peR8Mp!@
zWn<DxA!Nt*cZARYi2lXj6+*rEmW9xl_}(CdzQFeqkecwkguGP~cld<;2YpEPAI@gm
zJ1ydQzXa>rF-<-~uYy3(Vk-?rkPboz(ZASC=!S&Yi>c=L#a9Z?ud$+4PDgjvc%|_C
zE4cIbxI*VhP8d%Q{P7hPLU<7ey>KwUQ*6ei8%PZr?J1JGwc3l!u}7^vtBTtNtrM*y
zVmF%OW9U9s-zU<kyeubsQ(u*gNJ~Z#Z?|&QkW+sH^t>4c50jm|IfQECSs}E~2Ac7J
z%<tTTOSyQKh-W*+H`&>PAE1elLZ1{tMSy5+VN?jMgn|&^pJL*$@}#?j*XJgD4T!8J
zUi4|=X&-%VR`TqQG`dsV%MScxwaiU4ix-&@gh4``vBl_Vp9aObJFuwxKvZ=fmF~jA
zExhm+iWt&}7Yh#_j}PKD&W6MEW(;kdJ9nF?`)K8O7^xWEou$NA3(s$1T`#e&e?r)*
zqm?lJZQ%zmq5cv7jsy()AEb#&{JTOJz0G??8U(!14NaPd{f7=!9`c|`^EB%;u9rgS
z_cjKaFQwNL@kqUD*Hht*f(>h7OtmqR^*~X0kb-z=eYi_dOOg4eks40v<YP}lK+X<c
z`?fq6Mw4~SERf7L*<jW*HFl#0xoHZKyPG;{t;k=u;K{Z~OVxS5D(;aops}jFot)Ow
zAU6WLda?U>RSc532~`Xs`5JOF(4YYfyzv7FY}dqKrO%k*?8Rf!=a{XUG*ad5aZTru
zT}Wer+~i!$S!v7|hfqH<q5S?}<N0sPw*Z+8Cg)+YG?eU~B4=WU;XV^kYGrKA0B#m`
zV^^x)eflJYt`$P7uQSpKeTLnSeC%;X%=_?XIFo(vWG3t`0B8~Saf>^|LsOf@u1*mx
z&6e1&A-=vZYH<qT{~BOMiQZ_wl-nEiAl2A~x8^2v4$1IE-3gJ<6_V{mP@YaeGK8f(
z_o>Y}8-d8yX7`;|PFVUrP9n_+Z5#QR#N`y%8Qk`4OdlMV5y}&^kIlis0V185?J}o4
z@wP>K4d*qmJ;U1_j%>DL3h2z@=@%dMRo2jRZlHwdROM=sTDzUZ$;X>)Ht)XX?1lOf
zEsQw}JIYzrDXIu7%vosxZY+_b!J?_?rf?Qy=nm^tkADBWdWf-mJnp0Nl|u3C@wh&b
z&Dq^Ub5>8A7o2I4QW4~906|ZN#=RCH+|TSrbhk&kqyA-!RkA~$PSHp1HoppWes_wL
z317f^-e%iQwUNTw(}lHf!-zQK5wLV>;*rWgK7FW<nX(M|ZPJKwn)eWW1mXaW_roBF
zl#_*;%D_}eqgf`f()cD+ep*@_j%@N0nX$0f?S^-|FJRZg7tuFW6StN7%IT7a22c4-
zEE2a#V-0y5)}bK`{R|WorE$B(FGuxJiuZ^CBBl4N4=Xx^x(lwy8yN-?Vvvssq&JDd
z9*dM^$a`qnX*90wvG_@CTZ=6eX%^4JP<gkK#t&MK#U_J#MHlJc(7Ix`LpyE~YG9@l
z4dtlib*}f8(r3@2B^CEyyV|vRmi9+HmV4%TEF%290Dni}?-cxHL44|bj|Js2dJW~W
z7gC4GWjVNfgbPxcKvwkHWL$#89jg2iOmaER6^Tg@<L;2}qLB+|5~V-CV2WRZ{-F<E
zFf|g8xY*&C*YfcMBKbu5Y~qt=CX)`3erl55GbGK{-cnJJ(sk@=@M?<MxUJdyij*3>
zYL#6?!<ze!_eQPqowVu#I*mhRMc=6GaEw(J`#mgKy&f)K63{&!x4dLG8^mgQ;sd5y
zz$(j_UT>L=3ksnaj^(^Rp<!i}tE;FYM-xM!>-b2TG2KQk8M$vWJGKzQ(}Lk%DI?hU
z3UC8FVQ%C`nEJEVqWo?$J2xeRq#A;STG)cew3H`yS#%qbx3-9{gd##1fBdn<?&>Pe
zfC@k)_o?1yD$X=FaK;9#nz*OhM}NtP&H<vM5c(CAqE98_j=~OG7^_g?R$<GFHuS7B
zp@YMqn;^d25O*P+1X4B4k;=|qYTiAIfz^gE32-xV-%R?g2%$w-60CQ7ebrhR!Odoy
z8&240Jefsc2@zj%cL-bau~Ci9(ENY13}%G#2Xl6?kF1*tIETwy<6f(<^)nRc#qEap
zlD@LoDsjar@~y(_*{&1y%2nu)gXQIlxGP2V?!irks^%m}5zdm12Z0;9#XWu@`~oZG
zCB#A+AIMtbgQbW5{6@NDrb9)9by$(OOL*=X;LEYU#}igSXFwe=>~~;D+~MlQ;RHEa
z2>%f65J@uMD{OfJ0la&03=6$GG;yDs5#rjrNY!3L+}kp8PVicWoB<VeSh76Oward^
zHZ|_T6IE-DlOD)Z*n^$)0`#u9@0(qFm@(-Wl3n`_3+*iwceokeYm^w07+{wognx1~
zYAmOBudDYa#HImainupLczxuYIrR!4m!*i?Q|db{Sr(6{yqq*{t5==))ii+Axu)~~
zisD^2p?KRjP!yg+KZjVR^#*dgge_ATa=UO=0D3^C;WntOE{Wv5q-qx+Xq9)_jxroG
z7=E@6tGpNf1A?}WrpCQ^GHlHe+>UK{1w}WF#{+(vhD8-dnat%QQD1dK>^e?EM$mEh
zfb@*n7SdVR;nPAhFqe;r+lXaYv!ryJ{DOO6^9Opm=_&#g1i`t$ONW}KiZ2Pz;fWo6
zDwODbVX?s)XvjN^sYB&BplgtK1Msk-i1-q$7uC?)=;^;l$`7R0!CTIvTRuldj$0;r
zAyV~@&)ES0lM{KcxE;ZnW0|pIEcG*B{C#oycb_AB#X}{wLUH@@r9?y4j9X^^cnTSP
zUMe#BfU_YV%|^dJk7gJij|ALG?}V&MzJ+EERgK&j$;oB7JBN-3OrqC8YEoy?&(00P
znMNfPrqI6EMGi%;rfTEZ=>XEBd@=FK-pM3W*uP*Jr+jLa-ty6(j4-`giLJM6Drc2O
z8?rO$JNmCz2YtQt(KI+z1#M=PqIdE)_mis5<4zJ}J<r_dp=};)+tn|I+BS+lcy4%`
z(B%`IN{8AsmX00*Fg-5+<1@1{$IQkQ-`p4h8k5Z$)8V7XoaUY|j*T4}GYxTh#L4#K
za}Svto0)?{eonWkwdaaz&q=q?*PssKJ*V<?`)5Pw{f!1nUnCo7Hyij^!wPI*-WR6L
zFTq6R+z-$d#mpI)9LTS$rj_j63A*;8?AMAdP-kF!wPp*Dfqr*~hqEZW(cwwWP&e=$
zo&rmU=Z=gH&z%`cWHQOZ3{6o4bw}5ntS@RjDuk{xoQ`3kc#i^^sV(6&&J7JScPQf<
zQ%Ky^TdqHfNYG<eb8}qsYL3?!0#=1}dA_!d;c(|L9MCi#Tu~4lj>L$jgA9R#YfhCH
zm0-?|KiBPqeW5KeY;1Z8Pn+?eBTCiE)d6X7iw#7>`MY^JbFq<o%$$D3pouUc!W=-G
zX-Hwm)Kq(mt+||IyZKtV!$)^tFn8cUibvypId6#FrHY70+qyUY$aRKX#u8?*0_^Ax
zmx-G=_TWM;sITcL=bFN2<kUd#5<P>oSK!8`68YMf^x%jqh9Q-P4QY1G5N^}eS$CjQ
zf)Y=Wu@sM<uEcFJ2cP^6tVSlWk{$$%^bCaSv=1<2TE9)$`fW5MvB5QRk1+GFKH}!>
z9w2;r4{o}ma|iQsUpw8r?ZPkLRg^m2KF6|dVzrTb8aL&)P*keTNE_sYW|AJci*%Y>
ztG&!mK8Ni!|KZpTXYc=EInkkVpaduW(f=I8#V=1ODl2eG|HGmVu%ckj2XRWI!aQQW
z^#LpW<tL_>cfht>ZR~cJ;F+Pu8qyd2B843evUL>YNoC2iV1keCe*j(HU^s1tcup~L
zHcn0+2(z0<XV8x&d8W%we{%%gRoNM%arU|TPro^3qaY*Vv8%;@NIG^bUJPqy!qw|j
z<%BB7sq~I%;!e8%6o10ljV8u@blc5IlRin>>Juq-a;DN4PhFD=BMVI2wxp}w6@lL3
z0v6$gNCTRl0MTwnR;|qS1$Vb;BaVLD)`}+$<bsAc^ds}MLrF4s@RYz=luqx!Z;O5y
zDW}1MzFL;yrwE|b-B^Z|?Vl@m6eF~9$F5BD`rVs}XG_&AJi5@Cx(}YH3IhdZVfs$Y
z_+(d(?T|i_JXXLJ`W#Ky@IHq%=}IIA_{#;r6#7ZI=p<gA%yCu|*-=9V3ZHQ(9f{~y
z0(t*CU1;#twpz>3In>)jvgd)EuX+<g_#_&HwQ<wPD7ESesZOX>aZ+`q_n=j+b;wfm
z8uy5DZT31_VD{r=KIfj#%MUBp^3ek?xb_xu_@u5aNa6ZUPFmJhHjpmg4hT%TMIWa<
z(mj;2qwQ^ghD19i`Z-eTAeB5>$`NnE=Dngm&XFnyf#;*VTFC=W<oHds*2b030GTU7
z_<1O&P>w@Pw4V#iR%OThI`=2*QphJZZ`{n~J_Q9p%qjQBQXTO+$kUwrX<l|K{rLwN
z&SS{CC%^1FHAw<|7uYy?5+XHCAFIvpX7T$>Y%z)9`!vT&;mJG>_ZC=*WFD_B<e`&6
z>8RzE#w!+?cYiE|g3RF4qdATfKS1+p9j5~HLU{7<bT8!P6)n&y&0b+33cc72-)rv(
zHVPIwn;d3+dQyi<({Ewltar=W%F^@nyBUxZx^)<opM&skS@?n$VtA)JiI`CBYT48T
z5qk_?2w%nnoJefQluxtG-!|mFGtQx#C*GDG{Zz13INm^OYUN_%l$p-5B+E|s@hnI@
zPBT&2)r^%{24e>*O3lv-XYiR)i=3{k;09QXvVk|`Cn{kotaccuSd_8adGjH+B#~np
z5IM<3YA-ybEf{feu~w0@*hkOY&knSp`GJADQxSF@r#!{yu(`qJ4?whHyjp@NvYp|b
zIFqW$49rvmf>@6{U5PlKjO3v2HpUI2agpucF^O=4V$MG^7n`$B_U70ae8byw@X+`0
zY3=S*%bikZfWsdUgZ_kB39A!Lra0u0#yV%s@Yd@8sx0IUb(Xq`Gg7e%QtpH`oOA#y
zX1tC~VZO4OJngJ;ozZQ!NNG6Ic$Kt&C&K1%Xe!QOpnfs_xa#3m52r-<N8~F3j`TA&
z7CkT6o^dqbcqUOn-|j(qRQqSkYFG=dsa1*frQ~qo`_Y&~o9mpTRKyLX`6Bu!YTFX<
zQl0Sr3S=u!q6dRMt}{sC0|Tj8&pi2EQUzodPeluew#cDYaOxahdjvjsbq=Sj{An3;
zCw%j#NG&bpr7edBqM-;3RP(}8*_OV6V*~~h@<QK<Nj{#mFRxqLWpXly$;qG_WM>U&
zbdV1V7XvpN6TKji!{6X$SIDA-@<q=)_a$v(QG!fVy-rxWgdbEvYHzz$2#fGx`^bG+
zc;3yFrbP5AH&3}bTlL1**#oov=p?b6b1&!RQsrurw~fU)7S|S78FSl)%<WE-xlL4}
z-NO@iZ2Ja(Tf{?YDt>TeGp|0w6R)%IsMVW*b;u(8;Ac1qL4Nl-q6W7}F=lHErX`To
zEhn{Cv~m4vtrM6d=C5_CeqNo=Avc-N!_)2O<(ifSX~0270S7UFgQRh5#|0ZlAqRPX
zI0w<nww00h^?a7*)E0e%afBGs5Is1@oydf}39an@gvzT6tO?+4RSvD(sy>`h%kGcI
zirE=4c88LneGB`s)^RtKywIx7PiV_r2^gv90Jl&Xm<=lj#9@=_dc_0`0Aq}DBALt*
zpmW@da4{JeT1<`tyOZpL{hfVdF<HnK6Z_xnY*<X7zt=NHyPk(qk=M#j8;T0fn=15P
z(Hxh^GuV~tv#fvT!;??0YS69rBx4?cZnd*+WsLdgTda$|!k#N)-Fg(emGR?+-NO=}
z8S2)B!@5;;sy4MOFTosq2gy5UC!6|S9+;6W6?uyi9ix2O14}c|W+f13esxV_rgGFc
z`K98G8+sNHopRW4^`5+d3v?FacpvE_NF_(yw^zk)AISVr&QRKO+^5xAehqb>mN%2}
zSn%J1`N)L%NM5QtlxKMhi-kD%=`}r&b6PTI`cRsgqX%;2(x2nKfp{@eEziu8>Fll@
z5Bk58`A*eJN}b9~L;74D&yXy25~p&_0DdFokgcqL$i{7Dw|fzv_vO3UNeQ#tD#}RF
zAfDNVm>@qy7a}Ff>F1Ht{PnzFu&vBx+<sIZnJgFz4dgEep4l}w+yy)nKpwlwk&Hr+
zcrFbRr#HR{>A~G6gse!$k8tisczGGjCPs*jcaryUnk2N1GlAmN+Kaa@Yc5maZ$OY;
z#Cs8z{7ISmy)bu7u&rz{G@&QmG9W+>ITM{(ycZ|U=aM2q9O~i8_c-+#4k{$yL$)A<
zG$t?%(&Zz(3IK}{KwZoy@v1ZFGINM78*dLbW?JM-MtCr1zDjowBhf_q#^y2<7XT#d
z26?7Gi_(_%W^<A}nJjej%k&3<jfK0UOf^GYFaoDMa6-Aqb{uClMBNXQ`U>6zqdj9)
zXUSvT<8g(B?)E0!OcIdOl9DXMsJ!+t$4I<wTc5|$-qziVXX-)Pt#qAnzgu0iaj82C
zwXC(3<WkZY5WR7*lcd=?dOe&~nt{|ab<oXzeBry2bDqS{lSfqsuIPMa;A`Dh8R#`~
zdr)>rQyg{!mhD`+?c|WXV>^7Rd9dQ4^XTBc4P$82Nz+JEe{z^XBYA<tZKgG2?byG*
zq`?+NwB!Oh=Oi<~-*s}xBF<`SJ27Z}uWKjfJti-qLbdPrFi#qJ(utQO^xdR9Cw;VB
zXNu~0`GG(NEjex~To@jELvi(=F%?%C4IiMp4ysD{OFC!=8P5t&UdCYF!=RPTbR@4o
zVD=9{q8;?^MjmQ0-XFZk;;&n&m02BwmmJ)Dzb%enUzD9$EoiYSQEMn7Ei@zKuTt45
z*W_W><o%V_-{QGd+c7+>dJtys%j}3MC36yx^Zw8|so-UhGAz=lm(fNbrReWzbI|>p
zD~z^la|VXKt`B`Bl3yn8tgbO+Uh`h0J!jYfY!JlJ$|j|#Q{8>?y>tt7CNrxgw=BjS
zPr9eX*-p+C+{ppHbqejNjX9D-Y0OF4*agpm&FwI0D_bU@VQ7<8`OO~4ZrwBnceI85
z?E&6L_Z1?oU&ON|PV&P;?0VsLVL$h<(#@`QYneD#?+o@&k?o2%FGWuc_7}=Fh$LbT
z2;f`iS<S75kcWK~2+u#rZts%s3HDEw(mTZ*+%(pwx1<$skg|%GuqfO|)hEFRDusH6
z5_ig@09?*yP+aj6nVXAM{Q8hd(ykMIa*nY7UEy`d!rmw+@xp<3mDp5$Y(0#cRhriF
zZZP(D!K=4G^m>~T%U7aZZg0-oTL5FeNKCA`OXl2%*G+;T$L<umorrmhcJp#RyF$nY
z(irk=eHj5E>sPfoHdq@H*zT>nxdZ5EAm6&%D$i27Q>65!Mm!`FT%Qh2ythbBth<ZS
z_i@)S&)R9Z4M__6DPic&7BR0NrI&fK+d5QW{UZ7eq^L6iG)1!Y)h2ElKG1UXyg`_$
z-xygY`va+fexJHA15b?&T1e%zhHY_>!L2^}>+6gtYTJ*1O6@@U3ZIa^W1iIxMdZ<-
zVWVw4TPfL*$?hwO8TWudO|B}}xHZ%IK2kolNshwf&1p)fRf$>UUUDef&D)~*a>DDd
z@+Vs~mLl0NzXAnkm~a;m4k}pACL!Wz9y)3DrQspt1^CRZz~}ffe9rLTv!ocF^;>fr
z*eh!pdySvTUa8aB>yD}HHRWD-?RY+QMH=cume$AEn`>PHZw>ULl^70pCxHK@z65L=
zPonI^#MZ~qb2POAp6Q$=(wVw|r6zYN)$nP^vhxM@c@{p+gD9=r0VrUlKD>JeugJnP
zDGghXqemoqCo3fg0J<^2+>0;`SoTe)Qo2m1L{!fD<ni>#dpFPA+V{-OMs~+#xns8?
zgz$j-ZjTT~|7P60Ru1KZo)u%4A0D#SzwEH0+Lc~Sp9UuB*HiJ}x7}EmXRPC^>5tp+
z;4b~%w~|*bspXt`Cn4IdHusi0o|6|<)75QBhqC*s>B_dGJK1g3bV(b#h@d*TV9|=U
zAy=|Azdz|n*5cs`o-2M%PHS4|K$Wm*QyyB7<s8JHm$K?#ws7d(oQEnD$u<^p>=uG-
zeH1fyb~`~sO)qzVddSwV_DVd8<s1)sY>k{sAIICaX5b-l=&{Q(u5mHE)U~)ovd*oh
zi}7{_kfE(D_J`W#3juC!4OMk^M5f>GS4;4Wxb&`BK$Y&Pruit#Q875H#4mj-V6CD{
z0ovUTuxZjG)m1*)<s3R}XBzj99yV9IPR{oA%n9<F1}lu7gT7G5<EJ{YGnE@}QjaU*
z$J2D}#tf{PzQus>6E|7Tp}GsIQ6<b%k*`+M$X`I?=tP;!BBi6$B=Vd(3YbA~)@`yA
zp%Sm&CcF?ShbX<+NP~IBx7eFg9#*RyEfatb`^u^FTjsTGql`54tduf9&1$h5qNCYb
z9y-Hx9H(?YDq`}>!Tx*+7<9V)Z%`7~@vy-Tmjq{7gis6>R(o+ia92<@%Js_&_0L$s
zG4lc{L{KylbQ)IInNnAmo>D$1IBS`76|ub&chM(eH4^Gj!I`(o9O==sToD*fF#(N$
zHXM(E=rwX4t2|}d!_c5E`4YCp4(ntU!;uFR<`<_+bHit(lJE)K%a(4Zh4-0_%xVEG
z$YD0lNW0NeJ&W>55E~>wQkA1TR*k3OPDp7TDHiN8%;1b=GiPF0y6TonHV}>s>!1RD
zGvR%TN7LD9(bee?RoOgV%9xWpE4mY}FL1Z3Gaf_oN}HJnZ3Br#PJqykR@ur*t?>%Y
z#-n5+8oNuN&e>}p0l`<fYOH;j#G~g^G){0w*F4~(|3c9*-hJ6G-JQ&C8>p$q0^Ykm
zSU^Q9UTvVVYYss6vzd}!SNr0{J2wDUcwmf_SfU;fut2zL52Vz}Q;ZL>RLRkqiXhCl
z=QeX=Nr`We)5$xn7_X<Y5^#wQBVT|yCYU*ys)L&v^+gj%hm>u5r@kmpzG}YyLP~IJ
z6y`@^N9FOj$5&lhi8nDrR_fNJ`>SaCc{Z<9G|%5&Sy_c=%?bd@_z+gcY-Yya`5MZA
z%L<$X{;G}K1d4F&`V#j$66bE0gGO%LbSu9sgjPcr&YU1+cxL9w{rKoD?C=l@^Y?sm
zw#yDE;tHM-!BctABXplRm6OqE`>$Q<_a_a<=52OQ#Mu<6ta)qU7oIoVop0bTcuHB}
zb}7B@SS#{>eML2niIMBX`xNDbOO6}44(#e4^RP3%c^1~h9)RNzPQ2n0dtB%cpLSpo
zl&oilp+iXrER~r(DmwzzcS@as71S+<frJr+Wx+|dyvZ&Nb-z<1eYa${;ju^!WDEY>
zB=kvL(Pa5?vZc)oje*c8AFbU7jopvAXzX6xJ|kQ9-2_m41E84!82hn2T5u!&mVNAe
z>z0U_u?#YL$QD$brVKD2=J>17$6N4J`det&DD3pn&so&5Waz_Ju`tX}kG#r`nrjC>
zz$GlLgbqL>#uV*FtYpDQ*Md-CJV<}`D%KgWYnyyan>NRH<0=0UBn_(1gzD3LG=u;}
z-%Us($z1M6^ivqEbUNqDUDb3225?jd`wwOTUiMH8WXO6AxVX)Sfwtj+eZvEh8v($k
z&R5&?tcguJu_fb`XA{U*OS!>tyVEP5CR?zDsaP1qF)WgISV@~Js{oU2|DQ0aU5a-?
zgbnFIfO1t6&=I7`HR??IAuyzHuV1>gnm)?B@hyH?Xc}NQETmP_4R{Y1>8xuvFa3<5
zO803eC|}{<A&1(@jt-QsmTprvt+Ght=s#fe>Q(F%Za%&1KiOpz^hzggW;y7xb{r^}
zTUz-l!ftb5PW!`-c%qM^9tBYULCh+jYoD?UL_;W_a?%)uW=W0;cH**)!;{Z#BiWPV
z@i_v&k?sACSu}d8T!vORuBMXae+_kP;_v{*CWkAcZF0Wy$}8+H5a0xb9W9Q$=FC#B
z+^79uJUga@j#D|-<`Hui%6)7M(PwRCKl-eV8}75V9V)D>(ZrC?Scey}M$yRpmW6rT
ze#I94=1}T(K;Pr;Tyv#GYzaj=!Whn%3bk4y>^~&zx493kA6*#r__P<YFe#A#C|zxy
zm@Q?_)$(Z&D%UwQaXVDvtI=2iK6d};<a<$ju7r4qg`TS!O0Iz%mGqve$m`0I0M_9E
z%tx64r81xbS44Pyfw&!3Y$-dqz&_sDvNaXU)JNb|mAM#|k5N!c^Hw|dlg@X9*avG~
zRQGCI#xrNu;J@KX(yqJ3AgKy!p=^w`9n&7qSNd;R?+7l)hQf~r59aHFa_yG&*%*-z
z5f}2Cow}{VVwvN9f6Y5Y!`@wv4u)g*q2CE!C)9;B*o`z;`wkF`^$le6CJoMAEsa+;
z0}YNL>l>2fxBEX#@{`{|^2?%sh$P7mKvemhdj>lL^8ifFvDL$_CmArWC#j~nzrsCQ
z1XAZV5C)C+%bAzQ3{ouW{`wDqQlWxfZzVTtVJ!j4p;Ghq(8Wh!Fb4+I@h@fI?USH#
zBv)P|*8|1OtW8KF@y3<ETYX(GRtB!iBZq^Ou{)fUfrLDgh&{x^-AL5m#=L1L44^L9
zF=$oIAEZw)QAuhY)kNlNXal?04&;CVwUL*zNjp86z~jELC(wu}p98tF?GX0Hw{h<}
zGPMMMdU%bli4<rlN!dc^ZoF3mCzn<_uG&WrU4kM`JPf2-R7KI6yw)LXi8J%zmoNoT
z8`0#iTCzi3Lg*kf5|kUl{;n9_V>qmsrc2C=1&VpHYpN=DYrj5i_OyOaOF7zECJXy#
z;lU#4g6@{!+mOhYxyM6k*17KZx(lR{FE0nVR6Y))V2IsH2d^}Cb5OvV80iGOI!n<t
z%R+w*Q#fE(OC4INQ&W#XIgi(qX>;n;sdGG@N94=oG93xM68ju)=v-hM&w1R@b-hsb
zCc`3xr$ZNNr4xRG%U_V^J@e$Nz;x*{C=`lRD|y|fuH}KfJd5l_|F5DMI8s7*+W>Q&
zAl`)OFFXI&hS7!B&sw^HkY4~khlfY#^fvRz<XM`BBHr=_7&oS$t0M0%1r4nRJ3k+9
z9N&nJ321y4Lgf(o8@!zXNSgFt{+V*Sr4k)|{(^kluZrDxMPGt#Je)PwH4IVt2vXiq
zV$!*fPT7MpS6xG;xl$S*_Li?s5yE(iwl@`L7s!EsKo`s``Y*p5oI<5s>)s5sZ1b)A
z*xS+Cmccggfq>$vjm~<qpwwBfI>cQN?a?VqDZycH%xYPXH?Fz4?V1M?VrBx;bR%$`
zJY*Nm&5?dg`@&$eZV2sBY&H%dF1><?kH<KWA#YkkrUJ6LZ{l>+@4z!?`Az+1u1Y!!
zbJ6+(gO1KRhkihKm~cT97===T^1ekL8MscX+4a(?&LK@MImIeLl3cwHT}6t<zX{D#
z#U8abq1MLP4*f5XzBisgy!V;Dg8fWz_T#c--Ym5G1iM+t-7cN?(RL77I=O-s7}tu$
z8K->omuBPw78yxKz6g=6Z)cz#BkrS5w<b?7CbiO;Zzdf*;wkdI4O7i3e01fjOzLhu
z0{NtzhP=V}1t=-C9)j4N_#kqRyF+@aXa<9O!bi8i%FZ?bj(2F@i;Dve&D*^=VD%Xc
zf<E)=;9WoVUXfa5mnL5E(VW(#?}>@h&)!I)bcI`!-sE-SZ-40zu@BCoPuqzNgIXv1
z=sknA0pF7HcD`*U2!@>S(QGpfQihCJ5O2)DzM_}@izPDM2MtPSXK$~rk$AjR!QH?9
zR{AXTOJH=JI@QD}%j_o7p_kxQ7NFH|&3XDq<k-xy68G>T8HP*xvL(AY<Kgm$-j!^N
z<jXLA&gMMo!g6l&t30`+?=vrD0CK?HSsn<XHm3%!i<F&3wGMgY{|1hK2EI)&0DwbF
z?0pSfRAtuqoeyAy!I^3_DzdvPeiTY7YQShgFe0s^10#cGXd?_VILu5l_oB9<=zuZY
z$hOtq_AT4Y-M;K=tF^6c12sT%OUiAn+@i92*l~-J6)a-jbDn#LnZYFgzwNjG|NHxU
zhr@I4^Zjw2^PKa1oQFD>?gwEjPN-GWZ1lbom5nX0gtGBh2n%@_7dRvoYxVEY*G^xp
zE-19|nx^<hRrZaLk#Ufbz-2?9szqE((5U0T#K7{#B*>$HVR(&TP*<56Z;1^q>0S%{
zp>Z6!{grUWH%F{RMAT79bmqEW4rOloP#s+cb<|0x8s=r~57*0O<cf&sTf}-9(vrV^
zobQZ$gW7jS!RvOS62;~Fso_r)KgfqKM{liny&PUh@J)CKryc2TQzVwFUd1s>C`A>j
zAE92(cK%AT<K<9C7I%@R4Mh+zhm@mcR4K_vIPK-H9WayKA5gs_UHWz|LGTXvz8r;v
zjRHoG5DA%pOAEDKyw*IlZD9@-JAs>+^eQeU1aWN(27M)Y=0$o+UQRN9OEq5}J`B`>
zUKW*?qJw%!DlRe=7FOQ5c}Sl|_@X>jxqpJBVPl%Gglc|Bzf5qefnnhE5XVg4w}T+}
zep8dyJhP_xmgluXf`7i+_e&+iAEqNHkYDoPBp3texfS?$7Cr*cmT#p?621dTp~mRT
zQR0EQKhb%mbew(_=Bv^>$g9Aj7Ymh1xHZMC4Z3yYdQr)JDfI)z@XK)@H0o(x02WsV
zZ%Yo|mK3~gG8rRz+^57FG0eh0a9$_<ZPeuz>|C}2)eHSY_*!VKl9BHwQf>Ahq#p$L
zVDNL=ZA$ROL}j`!n<*r(O~vCR&|&c6Kvhv8-5B`7pp<}$89_bK>6ky^5M|+Tac4JD
z3Nq(4Btl>@mRyf4ndn8XsYhK!|8Z?bI|(ojhB~?@85J5;A&)!;*yfNvqi8KgRSL2m
zFlpHRicn)ExT8%lYH>NORp?Z-=?806`hLyk-=XTWGjyi@s?bdR*b<BH3ytq{jec<X
z3SPB*MQQg{&<K6)bj4~+Yq#9@iNbeA<+<k6?}I7Z4>V*mcMI(=qpPo5=~4T-6pD^u
zO2e^wyf(A>D7u5W1Wf{VI(W$d7>^Vo4*0ajd|A^xImFwTFZZ=6eC;&$!$Yw*7li#%
zUou~t+}AEgUyp?IAo}sOp&wi<0N2LII9>tcF@T2v?!y28jR183YXOA3yH5D?ww?f!
zfJwkS3Fb*Kd%)}gvlq->F#Eym2Xg?-fo3HxLo<pVMZc7o5X3?s2Ot0gXk&nSJh=aE
z%wgoaSbE6@@)%VkP#qz^&D`_>+?*pdLQ1$162Cw7`vFMz);loWzW1P}wRh0+hT7ze
z*e0piCgodbo1o{rIe5Phpar05o??7wW4^-oC9S=$Xze{05jEyb@)K^WFTp2mg~kY<
zcSraGPvJKEQsMgwv#i;SGpW&W>%d3`NCB7vFcV-7KpsHJ9kgwdp{|p`Oae0rOdXgy
zFtuO;!MsZirW#BYm?|)pU@D{AMyw+@{9g;u2=Kri5p6S10lAK73;G@14v}_IZ6~T#
zz!T=GO&Na&mKSH2G&@5(aIybcNXc)JC&$|@9^1T>zm#10!q7rGURBW%?8ZYWk7aX-
zL{6P>g)i_a47rcVxUr9E{mX%wZ=i~4RKBi3|7ia_jLg^dm9IlCE#2Ur$<hIS3c2*R
zl2!^%O%i?^(nygAJP^6<K~b+82&w|!a)N3jRI(Cj1Li!HaDDT9nSZpfFe$aaK>wY8
zp>o5OC8%JV-0-G!LSi6b6jzRLuv{k?)wl=#3fu!fR%jI$b#Oyzj6%5`*LsGu1SnZf
zS0y)_3&|)LXU6aI9nj+1(F91f$*5{n1;(Za^GliyDw^Dpzl4&@tR3J+NwpMEL8a4e
z>noNmKNu34v5J8=IaMOmYWa)w-_<0dHuL?Q+@F-*64)qyD155mCfu&RvE~Z$;B%C5
zp=^tP8kzQ7h;b<j@<}LwAK8mD<~^B9beaZA)&+yEVs4PBnGMXD29ii9F<Z#MCp42}
z(R0{j*B~d72d^2Z?*~{oQ9!3WCWJ}@mT59c!IXbKl=7ZG(3DXq-y{j;-Kd?RF;>iV
zY&(@9z+F>6Ehx_7qaW1I*KAZ5noBHrdQMkp_Lss~tP~F#K|md<ByU)WL5wQ>8{DgY
zS>UD6to`kphWV(k;gqHxbwcaE(`+dN6N_}USfp+<9_Sd_Za=i`zKM>mI;rNNp|G-c
z0V}83V^9gk9>Gr+_Fq)yOu$`~b-0WZstAx@F+vr2jVc=hrpJQZPC^Sm8L!+zogJv$
zUO0wK1eiU-{=Ras?-1J1RCEUN;T>oBaoHLCbar=s(D{$fV+jZO-o8^p5BSo7kGvFZ
z-{*=>&uBgPTch%5^x(H<)WTG7xMFdNF8u>|Q^A|M@BO}GzV{j7knoQ19;UN=pO%T3
z)u;0zc(ioZ5nu(lg}%8;CWjg1W5_rb7z+GAF)_9xF&GTEEl?NqETgIrM&%Sy_*~_i
zi(%#b2jL}?BYqm6#Znc6;t!sxRGBQnF_XpBU3ye3kwy+ZYnP?DxTna39t(qGrih0(
z?gD&->K?!oR?~Lk)IfU-MoFi5J{{IAxJxoiwcO~8alBUQ3KiHf5G{ke4jb^3mqOUi
zUnP2ptI+HjUEx<n&K98>)<d{7q1h8_BHw;5$&s}<$JF>F9dBeCCS)45>)G_TGfP#P
z?falRsR}JsqbO$1q<IJ5kPo9)PlI^ajO8-!3hXg;Ptr5&Hj1(oVY-(hTm8+`q0SYV
z86=rmRQViDsRf7z(1xBWS#)Ze2J{qonPQ%H=-kKq6pgjgwqXOE@A4b^1%tN40!>cj
z!0h|p3hLXJ@)wcYo(|D!p<Vb};3isW1BF2z7jsx~zp|m9zeH?cJiTWkWl!V5xwnKi
zar096vX|z(Y05hGdnkoaJb=3`s&tjvD5kVL3rW5i^z+C4e3x{BESadD7B^n~^Qoac
zv<dHaA36JY+=oxm<8cR`ias7!{FHd2tYhTkar{KGLyW*TECQVvf$vaI*cVu4B1_&E
zC8E$Fx@4%1@Hx8OV#T7Kh2pNj<z&`SY-H|J;!(Qebm}VlE`Z}gaTifMD;+r7{yr6s
z)Rnhl#XR~9o<Bc<Dw*}O=nWM=2LWo{ZfQ=*LO%QJ4{LmU{u!LXRg&B%#IYD;1mE{v
znmh1duvxeg_n_lppiC;O3E%Tc<i^LT!q)pA4JmB>>{m#scA`A!>zDDP^<Q#I;q`z5
zx`HV%4$n&^6cZ$s`ZgHV^<VM|7{h$+8s8T^B^F5te1~eXo0u7cw_sGMS8$2Nr0I|1
zFuW-cM=pMn)_VdqP&+pYG^7%jG|B1Rq02GSTT1D9Bdn3_fD|A}Hhe(!*%4H|v$Xp#
z3U*YLsoG5Lz7MTl#GO*2Fso_!wM@FQ$~Opg(1aV|m4taBB;FoA91?Fe^$+6momkZc
z7PE=`zEf1j*}}!3YS~#9;yEf-IS9j(gxrDo`ZkYTXu}IzPLMlJ;Z2t74^tIt5PApB
zWgke&tUbZc*Z1+U>8I!UdG*l6BbJiLLjhu(?C?0#G0q_0MNBj@U8t$k=$?WuhMx}Q
zmdy)CY7QTiI7w&I0vDqkRH}kPr$0vb^3|Sb2x=N|m#1_=$rKCu=6R|YQ`7J^L{HX2
z?Vv#K2;U)e4Xv=)zzPhDTKtGv^u$$)?G(6;=H%=QGz58zhy&bA3-OByaaTcW)cnOF
z&Wn+_C&JB5dI2H!lU_i{?)BpRlw--~kK+PbC^I`AN4;=Mh4#SP;^k>2=|SHc;(nmL
zk4NtZGCn>u!Exhh;N7_EETrk4V9+8QBZGJ&A$egNDmR;Oxuj2`HU^>!TqMj(h6af@
zk-7I`$u}hXH>l}p1G-rgu`%vRoQysZq_-B~Zlus0OXlOzb1a7*8_I$jFG1nd7#DQZ
zcr2-fT(@0BMhi(Bro)vkm;6=0%Z<vnOY<c^k$ii@rRSD!f4A)%^6j5~O=YPUwu$m>
z2AUmU*9(xe?L6gMjQz*uTbhS+%C}M+_k+<0PzSIUzzt9da4W!)Z9kQKi-`$AEc9N0
z4uIp^{uA<T_Ps;$ZO`^|%C~vjX`7(uyBEXzT7ZYP|A>5xzRyp-rSbkB$+uG6y^x0i
z0402?0dxS#04V_1-TPC?w_+Wc;QtbUN`UqE{zURE<tCGW`f8hvguM6+9ebK{Wpwdn
zjYcpKp-y7@mjrl!sj9VBrNTA9kf>%NZ=RBP#fzH^sw#P-p}(>8Oq=0bW@#Wk{a|Bh
zf1BY9lLIkT$%1Yjuy1&)Qz0%_G^3q~c<D_<Eb!CX3_~w6fjuHe8qjH8Gz^S4sOxHb
zsie_^j3aQiA^piXJ*rLUfd6WK6pHG79|MnX?)z90GeBfeh;JV&-dPr6|CPw#07WsX
zTf2c3{;DOQlD25yU7^_sHXHM`_>aYZ)9_z5{xjjfTk)T}nQm|?;E&*WrO!$wfeE8E
zsD2~#r+=IJEs!EKfUwU&0@msKWTU^hSAU4RIQ3AWiRx%Z#lFDk7xy;2%^4I1ZR$SY
zG=b38_6x?|Q%`_fAg%8sUpqwHgVrd5p>+?Q0V~!jI#Q1mRWXHRgE;Goaf#XSO}Gy!
zBH1{GVRqd|&(MllOom{{4Oa~=(f9ZbC;i1I_$$b!UDE#lU6Be6s(>!j{inc&(nH{$
zNu*>K<!0vY8XA5m^Y`Y%LyC6NQPEDAFE%$Pi-#B#ingZtO5FW-DY;0DrSIWTa^3j=
zc|eB0fNc7|K`}M;U!ne-R=K9(bG&fcsMf!wsUM5mFS1kQEl2tr4TG9Lx6Iene+%K}
z^A`*I`i?v%)70Z}PTwbk{$eeje@PGwz0Gq*pUzj#=W3c3#nhdN=bRw66l=LvjVd7_
zJ80Bq6c4r=dQhfn%NrdN&n*-Znih<nfL?Ra<Mknrb+v;s@F^F4PKf7IsLzS$^D^|Q
z3;6_J3enfZcvRa#K#b6u1VwOWY;a7nq|@XWYP6{(z+&9_7d(AltJU0b0PPgA+MedT
zSmkM^PE%hbNBMeCuBrFP=|$@604M4)<N4d_RLX!$EH?i$^7>9%m%DdHkH&L$ih_Y&
z*jJ@o+DY`Sexuf-@Ed@Y*OG-TL6m;{hF(p>5#)s&J437q;pnSMLV_~LSRMPFP}>V=
zr)byr`)h&y@6q^<&=We^CfS_JHT6&9PTNFI-58gj1L<_rNpC~Xe0_)a(&ijlT}C_~
zpMx%Kaq&Pz4B9|-(4a+CDTK<$!RR{T<3qw0Z}8O;hPwg9kyvO;U0rQ3o_nb+E>Tc4
z8H0@rVq*dm^tHWwEOmION>&xD3Zj(3d_zSQYOMtS`6vM!w3^NNC^3!^6k<(h^D%WQ
zc_5}q26-3SQw_b?+E~JdBXpmYrXH!^q9#rK!L_mZ-CHR4maW-yFre}ED>q&OiF-yb
z((KV>*S*vQGCISNrb{(@4r%`E$Ipg?d?FeBP)NoN+@7QF;FXI0K(>&ec=L1)lqn_O
z*Dr4@j9EXb=~5w~aq;L0`6zmXz9#0U0(;wc>^D`iA{2wk#II?|fVE1k?d>EupH>p&
zd#e~p7mX+yLlO9yAy)EvT!!))PX?h|=nZOICtq+UZWu6}1VL2OP)il-^w4|56c{w{
zE@0efz_<z@pj-^1oZ<)3fT1C^nio|SzB8AL2dUvLk<(Q8HTn73+0fYCe-w{@`&tL}
zt=^wC&zI9!wZ0Z5xK^~s#WNIR5Oa{}_8GKt2{+_8N}LNfZl<`gID{LMDtxv5@!T^I
zVIqU*(U0hXFK6Iof}m*2i=7xBxEj$VPW0=e_%evKdgLowtD=1zjU#^uXHe~FAW2AQ
z=0+<|$0E**mIqW70#o6S%g={q0Ls;k>J!DhRmCjVw*j3S`{0mxJnlg}BGtW?s#vVn
zG*se??IhC;sRyN#86W_*(ET3|MJUkuY==mj5AFC71v-0oP(twVj%WcteaCq#(7EMM
zwCo?DK<Bkc1v)njB|-9coJ)a@?jcFse*|OQFDgr>$FRwfS17-LOOXB?6_@BMP^;Q=
z=)V8JMew0)&e4GbSRu(3a#TL6lJU!iW+hcPsg?LBos|UPptq@5SHD<xB|nZH!?`$W
zo^m|U8c|I=O7+7hES2KboK*~YC@4-DNn0~D^_x(=T8)yV_`#({MUtthCOT?riJF=^
zqNHXL8E6D^Hu)DCH7xljHB-oE)SOKIPR%Lguhg7I{zA=}<aKH$lUJ#kLH<b1IpnEE
z%ujZ(CYwA=t@6l!Q*%DKhnfpW6E#g_Gc^~J+o`#Pc&K>`siNksWF<Ar$<5TPBt_J8
zkejIKCO1-(BU#j3OJ-1WJ-J58!X9LGNHW^)!39!s5q-rKQxZ#Gabc5ucL%;=KPEl&
zbsL>xp|7|`O5UfhxHwAQqOZ8FN)FIh)PYQ1qOXtP>(h5&+EbPfZIzuR#Oh<{MrWX1
zci%y87*pzFo|J4hP#X{pXFVGfH|jaiCLDf)Fi)+Ic|r2NNQ^+MkNJ~iGgq|H>0|av
zHmRab5_B-h<}%SHSs!yivWXLISba=~Wb>~rG$SecS%;;Je7c2ZM3iSOk_JV1@DMrh
z>hgHJlW3nzvs;-G_!?L<-@zc*`&wm9vDB$errD)T@qQ_^0*k!-V8j_jRC$66@X{5T
za|C&oj8B6=6SJ%`enR{S?n=DXGDpr|29_6PSrtHYTa~_j%J>uf+X9fC{dZr{(%I!}
zk?rr>M|S}vHOcYrO&R|MWB>vk@7srcko#SQ01g=cn_%09@xKo7zv^q12O8-#Yj{R|
z=TSUrV8JanCBhj#3rTqT>3NpQ<m0%}d5lh+MpgM|p~t|?@XUF9m3+yrqvC0Uqx7_a
zT--9K-><1}XT%eN4TPTYO!AlZ^C}?@6_6W}gjqAGexl4$){L@@W_t^+UMOFu8vlcQ
zQt(~ea;2$9J;NL3Yzp=SgB#b(Y|gtuH5awzt+|8@#sRH4px@6Ww=;(iBPlYGN5n%v
z+^BX2m;QV$D%@hn*_)L&n5q~vdB1~_#S*hfDM7x$l<*?2Ag{x@EtObYVC&7~xlic=
z&(Z*&emb)>S<Jl7Z%Bs1gi8|SlgX@jdhlu~)w_|eHzaZ6%;sjJ7Pv_@7KSXt3;cR~
z2a@!sxZ{2#(YlCTP|3kDNjPtPO6W%fTv<=|Yd70Y;(aT)sz5$y#6^WDdiv^4R0y5|
zuR)&0IG`k<Sjpvd-Zyy|`8+>-7J?L!)geUwx_Mqu#ANBfe|T%E1^3P!gN82=zUDK`
zW?V6(SW}5?hB-J!9YUSC=qoTL0(IJB&`M5mL$~4Qf>8%-NkK*ur^?p9!Jmd+B^Y$6
zt@HH;U9Akb65Y;YAq?9s6ESR;bOyEI4Lkr_%8D2kOWTDFV^|7en2utYHjH6x2*d6I
ziw(I|UFmNx>Fa~|J=aBI*?lo*V_A0ha4ZAH996pYW|sD9>gVDvZD8=k=0F@{#oPWq
z!O?M+nx3x_J&4yQ2p#%2{KkGweJewC_^KHtcQs&~rk<V<F(zxaK8ibuX(LAlq+FQ(
zjSU7d_g`b~Gn?~9Nx2_O-bazF7m%*1Jr;BCYf}X-H<69xtZveSSJ#2ZoFLzCiAW>V
zgg=M;n9aP>Y!1YRu&v)>#<I~BGUzcDQrCss`1oG3rc3NPbh~6`sS2vbU)m!!4)h=u
zG*-B!km)!TEA}7|ap^Y8pJ5XlSWW#0R2d&GsiI^C$q`K)-4unJ412kw!YnPVPwc;;
zYC)%dh~{+ni%31@`ue-pWI!Q9wL*or0sVK}-`nG8t+dlxv43$^t@J~!1i|AAP*`&b
zx&MHqJGj4uHg0cpipuoUfeBDKKtQ2>OeM5qo+QgrrF@T{$Nt~<;T5OHLvT|35w1vG
zKCI)?8rRZYYJf`ID6C6!9cBD`00-5XKw4nX%BEIr&9<%~3h`3?Srp>_9Y`T2Qwovt
z14Lr#0G5UwMkK^>&ul3vrdzwTk7v_+ygq?iFBR{9I(skL47yEj{y=&MnO;x#qG<)w
z<RZb8Qbcrg51Z<&t!TKxE-yt}Y^oZpOnQ9yzB*HLUW!t@feLSj!hLnPqb|s0`PQdQ
z339P|E@ev1)aIErg8F&?f)q7wsayZNlHo5E_tfP*uObDE^n!P!2VTT%OIKM*o9fbA
z$_4tpX`K@Dz-xs<wNRwaEL8C^v}pUyg|GAgV-QG?UU23L^{(V9{j1f*g{CD-OP4Og
z3wDo)m9GMR+|T#pEI3a8Xj{AE0<q0_vX!aOxMBeoYT=)Sg@4PZNwZgraQ3PMXRlU(
zm8&8f{y9zXujW?xx4{h#t8hlkg)>@fa7JsRyP2|ip?R%c0;Cx+wUz7#8Hevjg_Nag
zVgGN04iHe%52YUReXKzvdd^GeO!ymrlK{nk)A#X4zme#_<}OM78W)=;g{P{Fq~Rd9
zMkqxEJBoKwJN?Bc6~|KFgN`lmCxzM`@NnvPI0t6dzs1k$d(YRZ^&3xwYT^XA8C43f
zfY8M!fY_%RPMC@c$%3I20+$a}o6y<XEkE^p0rIP$k>aIISj1i|qQp-XHUl%2+5tsU
zv|e#Ap>=8Z6G~M2D%r+`Y_};zP1scm_^ZUjE|u(Y+}W+dv){O~zdy8jz#`02f+dH-
z9G=8_cPAq{gl!}qwZuYJ@0E^M8-0VaohYaAv8S^a%lHJ}pqx)WojnC)vMM>r#XZL|
zp`T>!rPDY|xnv7T+e@!r9;1wsl0}MRAzSfSOn6qVAt<d^FKq)!kKxoM<nFCFMbHrx
zuk1rvv<qcX)jbii=+dpCEPDOcNLlo*vt`j~Td6EMc5AdO`siKfEsLUz7%7X6Mxyb~
zptx`p(2!T|8cDh7fBi}lKCh<R{b>c$WAfa%$5h<qD9<hUCA~+dk6t^w)E|pi^UPCH
zB_+(qP;kw!#7hS&G?QB;tt5f*(w#)~o;)so?v-fZ$umhQCaz;g+y#CS=0cobPj4{;
zg99TBa)J*m5jtk!u6NUp2X0R7<gO~*k=~+t7+p&V^a8)JhY}00Duyuq%lZs>Ttmr?
zCd=u?ogC_F#D-dSa6h>ptad#RF~_S8b5vEaxUr;Csm0M=g;VmuG1Ei@iNUsxr~C77
zu0`@s$^O0#Lu7wuI2u$XVobto;te_|#}R?CQ1$v$J%K^(Hy-xa;&lp|`W5sz1D*}S
z$xnJKv2Z0aPTX=|Es^m{a8?HgCS;O-L9Gk|e;g=ryWuF78ON++<l&cbA#~|Hecy&<
zn+7SbZf?$-EseO>k|G#tfQxG9G9)f)Y6*;v#~~=PM=D&D*Z1+zEZv=Sh2q1HXh(_S
zuuy4k?TO6V6Wp<8<!l^XPmuUmDebV}h2fFWL1s4!rHAz&aaUqO$!7FXLT{VfEAlh9
z`b)b4%Q9<^3Rj{HuS0|%@<sE*&9PL;$R)eQKI=DhajD?N6!xTV#})rB@`tq)_qzfK
zzS`qKE=DjO@yjrK?!VEYyQ|sOGBi+YYq7<K=$A6J<BFEPBjY=S0}~jiIDLmFUT9sq
zO<?@Wl>Jk2j-`PKbcfeh%|IO!4su51)N9o*<~)D%9v1odiSZ|z;<!n`xsM0V-PbP5
z`oa^N_30Y9{PV1Kc-s$eZCPDFo4RFuXZpdcE^ZXwrV{kX``!~;m*Lvd;oyV}sEiBG
zh3CR^;koc!crH8_o(s=~=fZR0x$s<g{(pLAf6g$;-3&7tV307(mjK5B4gvfb;7Nc7
z0JZ?s0F(nP1h^4kHo!FiEPkJ0n8g5<05t%20Xzb*2Vft-n*dz^Jpl607)A?_3~&v=
zOn?Odw*YtmngH$vcm!ZCz|qfe(Vk%j0FofTHv!xXPy=u$zyknJ1MCAh3h)U)FTemm
z{1*@gU?RY5fINW308W4{01pAY3~&_S1i-fdIwIDMmtpD>0A>Q<ov)Vyj6tO;0HXkK
zH(VkB-bjX9(lE?eC?5mxk53uqeSi*t7XTgtxCdY@z^wp90NDVO0ki-EpPbz`m6NiW
zfjQaC%eC1|)qUAa@zddXi@@$|=Ca9W&tvdj>nd9oYhCO0I@o326<(XC#^zb?T~X$+
z+nih}yUglY<z>^-(n?WzEkiwKu?COF<;h|vP4G@)?OxXEWbMuxtHWN-mbt2{t<Lf^
z@Xb#3R=U<q^?0qLrm|*uWsA%?te3NLHX0YW<NK(PEB#`tZC=ciHy+%}Z7caz=x*}Z
zog7>3^4M4x&$)RHBN#P`Wpg2EkIikfaxCv=ITt&joaOA*7#zaq=2X}nHWrEiapc-O
zoV~(chKX2tuF~bPbL--1KA_0<ign<J<2_E+<z(G9n};on2ta+{tKH=k!`#N(Z5-xp
zp^Fu3Eh1~+?zVcp=<N2`YcPh@wskDc4LY#yN{`iRW4$ikQ)Z)iMRzfyrr{x=SiCn>
zXP7I=V`K(H9<Al&>}0zWO*>{5?aFNxR^Gu~jqhcZR&bpf|09*hPPLYm+1#O&+%8BI
zV;3zU+R0L+*!(kRrl(&WAHt;&5=Eg7?_BM4t%16A(@ah9#*6sJPW9NzTu!I0jDuwI
zJT5mNQ#s^nYPEGW6sXe1O3oN;jh(Bcc3x|>jWq+NfbG<Ry!c`5AtG;dd;CbfNfiwK
z#N^mYmzT?;<(|r}sdUl0lbql+viJ^HnbkqPOBE6BSD}6sRTt=?SgMbyQ0M5sD0k*m
zW8N%kn&;;*IR^8LS+nUYzE7W#A-?ApnC2UbFjb&cQ}Hn@%wx^w1+3X%HWw^f$eMDB
za*T$>h9Wa{hQuaJo3R$tpx-wd@(UJ@93Xem!i9$1#pss1V3FC7hj9RL%gN0(m==S3
zMD>Lz0Plnfu{&+p@g?FAiN-(VjY)G)pMm*Gb7zFYm_^Kiiso!<Y2`|E1?$XV_i{ET
z!>qJBX`OjpWvgu*lq*DLu#A+5fJsRQm?8;aq%O{gXae@w3(-I1j@Aw01ezj-Gr2&<
z0O1w_o@I?1C8Dd8$6T>Re>jg)-O)Oe(1i)3IHnVNW0>hPu1lK+zv);O2~lXdqz;7d
zxh{`kt(`M@TxB-QaJ9D#h@dU4+~Hud00#`tGFQ3H<O1?Y1N_2Jw9v31eMVZ|f&~~p
z&lc@I&*7a1;n6hPIE&T6)A#&{_Z$ZxG=}x?PNW8`4a*H_B|@1N145WZ8~kL<1q<^d
zKAF5l#vH(}A)BJv)6!=q#^(S*a=RT80c9(#Ubfm=Zo`4Y%5k=8H|<mom$jUB?_4&N
zw!^;CWA&_qDu!}HJ#vn9Y4Ik94T&eVfEBwVgoucJl9%=JZjoZytkrA<WS)*3b|<`6
zQ$J~m68*var6<NuWpl#W08+pj%>@fstU9*B<En-vaFp|UZPhCs>)3K0hND%i6QZiI
ziN5SkptgVnw~Hgh;!27Z<+PJPNEVP0zS(s^?<4b?#uiWvss`!-WnFE9*s(Ysn-__T
ztAYj6;=sh9rZ7){Kh<tPXdv>}mN`6EvlYBkq>VJ6)^MhrUe3dpaZq^pqmFqFhY^T>
zTBu!SV7Z+xj<q>m{HjXU>$aBJXmwGF7FA)9^)-E1eGQdeq}RDci^clpDy=w}mf6zI
zzdk~Fn}%s%OqjoL0_BqXj0|+=oz|5i^^V9wrOoOVbBq428=;JA?5<($77jQ2oZ-A&
z`3T`=VK_GrrLVDjINs_AHxRZY^@#pvo-_UxE~gE8{IyU~V6Yq(aVY-jnbGBTxou9`
z)-L!ix7FCoBK%5qWLxWoeghbTH51ua(a&|m{8R(l!656gK~DrMSUueTx$8v=RBq+0
z;5|`n^5LD{W4n#Fc`+fxlp?8<LqUK#Rok67T-dR_5#4zw@5KsSWBm!cJd|Nt<~hq?
zb3&`RoYg>x!8iKNIHzA2(0TOe9g3IsrwSlq9ClbY(p(x8$(o3{3}dvHd0bvs1;<+K
zv~;<tsYCU!KqPkPFCNFov@~Xp+v8g0fg(AP<B_<i>mfZU2pyAt79VdCz2T6+6byBS
zTwrmbiX3K<f68%|o85M2u8XGw&1##+X>-6>frAM=lNl$&GY<G&P5b&}C+~2GuS_id
z$?yg=MJy95*D4JLLkvE%rZFb!nawaQiBmDxO`BF?iUUT9#p5@O>ek9z;Q>L$y%ru7
z_+a7~l?n_M{P2@0a5!wMpek0bgXZ@lh5*gLvBZu9-v!j4HULnYb<Dg_Z=!Ue+U>Am
z8`vm6u+T+O7O<|yYIk54f$<J#C9OKng|5z3*j6@??S>9xEvHCst#R4QX(UA=;ibNz
zg>7_9b5$eHOnU-;-{^6zhHmG!yKT&3@CfqGIw0Q8)m{v5EuZRgIwa2ByAF`Onzo53
z9(irH)lyzXRC3rVC_gQBUYg&?)C-(|=D-zu?ASL7u3bdCfXC&)uJ56U9nJ%#2AHn*
zhwQLhot2*u7Gs_YkT92rDjoC4MOk2;`LfDTR+)lo%o(t2SawFNYZi!>m-9x}G4&kc
zcSDtUBajLZQ9Q`hn6U3tRvvsi?X(>h4(oDEWV_+W<AR=IhiV2|7;bG^uVs~XM>&XH
zlw*RbplQ+8D7SgbJa#t}hB2(Qm9Zji7|K(QXBCS)W+bjeml=oBP_D5KLAtnB6f#1Q
z6d<4F;oV5$q9}hvTvFDCzG>bd=7_3i7KK`uBDx!Eh(k1oFhh8V7kc1DANa`R3S~@e
zoN82jf;w@uMtjl4m*~cfy)@~v%dbeja@<wy&wf5WWx~Wsldrxeb;{JVYo|@0kv?<Q
z?CUZzv-ET3UVlS&&W*WwhI#q(3vT+w0^`C(rotlg;$ln5lBG8<yQOsbid(HK%YbuV
zRcWtU?WlIT+_!nW9AC3$?Yi54xxRM8Mg|y2iAODgVcxaI%!#-O_Qk->E?QXyMJotX
zW6U+UEwFmIoHFECOfEO?rgq}D7!6|-X9I3@t<7PI&4!{7XB%5rx20}V9S|hNmbxvQ
z>vS<OK#>|68e$k`+O#@TT_aGJ$&)fnC3Qe=fGC+vc-VuTT-R8K6E8rPDl02hs<^do
z_Zqi5iXL5faAVi--{hemdmg{}Fj9>4tN(#tw2w^@KiPTyBExTv_{q=n7YfT>K!6`;
z)5`xe2FSv{^L?T)Ko<VV&+`|?fPeS*W97%64t|kek#6T*WU1WI-{)K2aJh%u(5rfw
zx=ovX^$lC@X!JJ;cQ)U(_3mHY^XqNf@BOd)e)He=Kd|G$-#)bS;a$J`{UeV)_V^RK
zpM2`+XP*7TbI-r<$2~9p>7|!n+576BUu$XIxBtNFZS5Tg54~~tFK@ner1R}}j{f!C
zza4w;{SS`+{lkyCKK|s>6Q6zl1?m1r;N(BQ{Ho{cZ%+08>vUiLnQy-v_<k_>Zx3we
z9=OhHVEeya{{Qv$|6`2Bx!wPtsQ>x%v#P7JD7(j$!!w07!o%XrI(QhP@!In8Yu8bk
z&13`~(n#mrY}G5p`MZU#nxXeaz}(@h*#_*PWSPUS;=RCq-^4p;95;b1j%E&U{KzvJ
zt)4R6o<GmF(!)!#;Z0U2eT8%|evB96#JDgXj03{0!#FTJhQ%<9*~;;rax0Bvp2tq#
z7FY5fuVhzZD|gzYkHx(BW^_5Jg_)O3D~Dk*9QsFp=m*{DsFAy9;iBTjDfkW6;0m6=
zF9gAmH1Cid$Q5J`@(5Xl97Dz-|4<Al4HgP{+ka!^!ad*59?xd*ObvSj!`!)<VUiyI
zVZXS~9nGVX8T#HfK6^y>qbbquhlja)CWhDAu7~$?#dBcd$myhCJ+iw#b!7LGKjN;K
z8tvXO%)K`)+WkO;`|j!4%xlv}j{ooJ(eB5Fxi`%U*Ui1N&RtKAtdY~P&OLWJ_g$aO
zJbC@O-QUg5X5P<^c5fLLe@5Q9+dIvW%@_>P?nj1&|3k^h?)NN-cE2;i{q>u(nS(cv
z9Nuut$n|rNePs8!YesheYTd~AzNvQP{C%`(<nW5EBd2fPI&%D_zZyCGxL=PP{+kC!
zc6U8>?)dkC+lK&qBi7`noPhD5m0=nq>}G>qGT1pj4%=OWml3vH*lY2>VXuXXS>g3M
zR;;pdE6QBX3j3<;nM_=So!wn&^Q^F!gEccMZ0{A9sYM5wXkW&yT~Xn&*}x`7w2{6P
z;#axd>vmYzt)O!~7+<_-Uukugdn>K0Z7Xn{llOvCqUeH?@7WoQM*I>N5LY;DYrrl+
zv~#VjT7gs1+0$o3JBRZjdSWgTZPs|~oGp9$jQ?rx>O$kFqVUP=+MhJlC6<z;K@;sm
zL6KT4D)eDCn=Pp%G|6tdiqIrvCrxzS#Qo7kYMP{d^rtmJDilqVRP)e>3azzbQ9)>|
zHHj2yU4zYoLX;qV5UUW2-?{h9X7aPP1&bK>z{k1&bM85J_RgMjnV~!Faii9rwgkH$
zS&kKs`C73=eK^W}Nk&s4Of?`!b{jhqk+^a$hXPybZ9nrsj`)hawj*sHmsGWdlM$-|
z^NUzsqBG<Sdmbh~`_&e>vx#bqN~`e&Yf<_0IpSOLYhT%Vqrz%zSAkFRsI(4pdbpiW
zpIE7EjpD*Tamg+##uoE;cxfnS&a=h+h%8so5if1xoJ35UIh~HGhB>D$`Jkb^g6wIw
z!aJf(F-v<~H@O1yq};BgNyeb^L{LRjc7)N&*&9zscJE<Vh)u;#S31Kz1BtL!AJNNm
z8s&P9Vne4rcw&rLiACz#?F!n_mvo%D%pr?i7<JV}ThtZ8{tk|kqcetAf#oN7E*YyI
zH+IC!IUv8sidDntJb_xH5{pqn9+2*SBV*ix`dy*cu;puMj0M}OI6_s{nXu?SZ9NtI
z@>Szm$&tt8p@&~+dn6feVI7nuo10-)qKz!6R+I!nnz<jh33j$ybXx1OF_uWSv%}I$
zyIg^Yh3D&aYUPw$@kFexlk!#02Q%?`gZ-{uI^L%&-ec!vWfZBlwU*94$`UxN^&4>~
z|6J@Tkl^@o+)H&V%i;>UmZ3+8LQD4u5e*qNNh{V_ZN-!mHrk}859?gvKEc+eXGI^r
z#kR*nJg@Yk;s?Q2tf#or7*ga`?W<W?^r!ORvNig+bf>?H)5U830a%vkl2Mz8)J0$9
zLmWvXZOvetZDLBOyH|yvwE^fYz1GFHUfSxg^iJh}=c^3OYZammtY?-oef;5+!SNY&
z%g{&K&a57`JFaqeehG9|ZdCfJAh;?+3%@gu`T%MB^N3!0gnW^<xcr9Aoy3snT9&eu
zr7UGBOaEOuD}FIr>rHbVDG>53?!zy%%K4iy4MCQ&bgRUlvVXtulX5$+J})d}udRZw
zO!Y3{nG2?R+sdcld>CsJI4{@PFHQXWCAt8f4?Y5ZH~3!g0zUr(UI<<cUc@eh^CoQo
zKMr0DegOO)jt_v}%NGUb2=eF`CY7=;Y1C97%i0Xi2eC`Q*~jhye@QuAP2!iM%$_re
zg`PQQrsqOS+&ed0o~iy;+h?l(H;H9g@A&O-33s!-0sbDtT77O!*?c9Cr+he?uNIyw
zb!!}T>!mOAyJTFCl<_*r7jSv0ly8;1SMol|S4*E-DGvw_$@ovnwIfpgoQk{?wex!8
zID*K!LfUtW%ss+;rGCHEACPel0ep1tZOI=Md4}bB?@9S-k#9`uFG+pDO05f9XIFd7
zn*zU8XpPv2UoGU8^qY?Kt4Q1DY+iGuUw5PrI?{(6={FqdK1bRmcI*(n%;27%1o(HL
zJNL%x$=<fQzc#4_s06kFB|si<bpqo7qrgdE0N4w(070MvcnsJC6a#s{?6^rYz$7pV
zi~#*W`?zk~0A9gqpak#$Zs6B3lcvUWo6m)x06zkB0}&u7<qs^F$ILhSx5Iav@7a-S
z=0BRxSwdERRjy6b7ooSyu*0_|O<#vTuIW#SG3O6p-(K=$BsnXSk(S3UoB5E0uFo9A
zUp`M7|MxYpJeC6gR^%A&Rm0dY8hSf>OQrnXE1DlYrg_ghQ~XFqW>>f3BWVBGP--ZX
zF?+6SZVEqjlkL62KS2BO!5;>T=*Pk7!KX8i-*r@_YOvAPq;{uDs6O>fYRlsG7cYN5
z^#{?zUAm`B%I)~2^S{?}q8pu)GZv6b$hpt_j6Jkq(xi2O2gn0f0d9bR-@n5?1WW^y
zzyvS~d<=XDoCHn)$AJ-G7#IMK0EdBo;2`h{Z~*84+JP2n-vB%bR0HL}HefTb5hwwQ
z0S_>nf*inV_uSsedn12xZWw##M6UOS*eAq$Esycgf_=E;j=n<Yzs$b?i&dW!*fIcs
zLrd&kX;f2J*WQVh#XEd`+y3~z{_qDlchK5mZ2|#;fPxBAMFm9&MKOS4m?VNj6vb#A
z;s8cO2qJI=g@_0NL9ZhbQ6eg!D8?!ZjyP2m^?du>fFRY@4(na-dKY`~aPB?h-uvv_
zoaf%;gvJkrLT0Mh^1u{N9uqzP)Vz5({kis^;>z0#LAu0u_hZV@Y!Fl1*NL0y>lASg
zL4SJZV>D<O!W}V(*V)FpeVra{TE{{G;w<7JeOJJGUm@HOv;UI_QjhdVkMu~7^hl5N
zNRRYLkMu~7^vGW(eA9Pq02Ci$Drx_mb*FG!Mo_LzKaWkH>Cn$&17rHkHvQPUf<C9K
z!<0VXYU$RVwpH;!Vb1H`FOR$DVet#TZOR|^j(qVu@;%;>FL_74>>c^^!{%B`9xxwv
zmUy8uOxG`!3wa>z-FYgt!}0;0=O4|$^DdvE&_!bX4?52+=JTNIoz%a9D>xzixceWT
zFphh|*eQb%!%TC7TACDj<9S#YTj=c)1^4ZE1<(ZlgVAWDceX*J(E#1YL&4&?1dkOO
z(}PM2320ar#2O<=5Hyqi=!#Jz;YPKf5G%000>s$HLcwA^78D4LkpOGN6vtv&+Rg&&
z;#dkXuo~=xm0%wBgRsDH#9}<h%0?C&7!{a@kRSkc5o<t9^+G6c91Zp_L0vTn7Hw#4
zZ3Vep4oamGnwpwGuh&CeT^%qC13H}!)M_=fqWv<N9JIz(FtoISMyJRA7|<|U&>QMd
zmnP8GwPL+i^i?aUR66Xt3D~AqkjZ7(zYG-Eze=sdei$5!0hLmV=h#1E03B-pw$6y-
z8bNEIeYJqj*aCV4gZ=8T9~Q^0L&#;=mqH0jl@e1m$fO$V2kmoVK#n@eqzowJ45&3!
zKRm{9lsJw?s{<w4u3}iUiv_hx4{EIe7`*{)Mi>mBW$QqzuLB(g+QlLa=nJLJi1m!1
zL;ds!HQNLRw66~RWkl#uUwsqmY(QPnM|#v(kGdKWGMN<hk)t0JAji3O5hy__RpGG;
z{h$J=ml~upHTq1AI$?_b)@an=GE4(foHHrfCzET?hZ>v<1dTT_15&hC;)V7iq||PN
zoZ61QRjRSfMT_mwcC=qjp+Vq$F<LEndFim74*jJA1wtxC-yoziOcgqu8%%Ky)f9A&
zG&*23bgs~k2nL}>e`+Z(Mp%SWiSdfQWwe;0e{~r9DvcifjnL{bju9AJYMlYg(eDT?
z`dx=$5h`6BmepZgV(g*+4d{CYW7I(70^?Mx$9TfnXliK!4f>l!e;W`@6fG?nH|Tqe
zl{$>)mR33k1mlGOX(b?)OW;$Gf`z#hJUpZzkxJ24gd8D}Va&+DMT~PKmDBBb&~I{#
zEre3u^H%m7^83Dx|A$2&5YYecUA@`N%tmn6#^x^94x8U?=0qTPd*^1S3+zRr(;{0N
zJQ3KKHHc2zqljX-3{$1f&TVYWs_n$$q$E3$86L;j+liB`sRWA6PutqqG}9WWK{KcH
zT{Dr$*0$Q*S|}7($B3}9HD4$cjzsYg3X|;Y?W;xh1$K4?)wa!4XR{bPbNkcwcGfdy
zSeu(~rIkl=zrsoXj}-E8m_TbjpC4!^vJsex?91%}C(Mm8w;pMpB;@mHU6pENyQow+
z4mL?jN)nrwWBmp@YwMXp{^%9!mQ}BaNuN36dykPDW?4<ry1B8353}hrRo@G(&C&1}
zTU%SRW<i5Fwic>9CY)Xu5U_aUGvTu~E4L~yFR$q6OR=#F7A_OFCM1=+TySw&xXe{4
z5ZKxYJvJQMs8T)24_G&i-===<*{4tRrTP(9e0-))zvg$-RvqkC=^cCR+CrCxCLXU~
z$HtALYj)4toS3li&Q$59hnuSUM2{G;eEE-K8XFr|yZgj5xmWz+uU%WV*u`cnj~ALB
z6zbxAXwn>MR&ZW%%8*AguRhTimwdeZ$Hqp9WXw;?<4elCPX=wC5E^y*tU@609vxn{
zXll)*$)zPa9g~r=DdNl$tp4$>F^!I^CAUW`kFP!~e5O*(5Lzdh+uJtRo~m0^E01-a
z;>MmVE1i?AF`QYlWXbYd(;FSfuO2hzN8j%bsy8GhCQf)I6!N#0H=K8_ajtc)4G-TN
zwtLrXPtOC+^%s{fZyY0W96#QFjN{51i=SsEY)?%{G#5{_woWRLPYILB!Xl>}*(>w(
z%u3l*5xdj}J>%#|>pMF7t~$9XB_lX9GvU~2(Fr^Af+=&dJx7fimFJn4H!3$HIQYPM
zpE#fCzN`Jm-@CWw2VXz;>OCbTx{Q?IEs3*6o7vh{$#R(B46GQ8@8CJ5d%PDda$h;!
zcl-}d_t!eDx#7OT7*#pkYo0DQHA`(3<$8DN(lfHzAt515NJ&VkTSe(8uc>jqzP|pn
z{#sx6`1GXm3-gb9&##<UTDa3{v+L!{OP5|c7qLqg=6uRIa_7F3;;Bx4zT=$&oYp$6
zau29{%ugzaX%N|q)9t;>JQGJBKjnP>@}<ag^$};}wUNd93QHHBH~h59$;l}ozBR0Q
za;p#>FHYib2&}%|+%(@TIXO9K$1bV!BA+v7!esmRWgm>KsQ1D80qbU|^A=aOS+A!-
zz9GTRjC(;&oESJUSz0)G?{Py!L|$=LX-$>a6?eazH&?g@O&V3>JtxULNi5#BJ!?3=
zfCb}tgaif#ZZDdXmbT@a{e{6f!w*zlc6axSU#4)-hiXb==cVn|i>mEQb0?c#><=D1
z_24IFp@%b4Qi4m$rWh{8#Z6u2dKX{Vm1(0Yyh=vNc5RX7W(+sg4@8B?&+5z)rm!ey
z@}yn)|B}mVU77?A4p^u>^i9#cilV~8!i?FjuP;AiuZu<}s7tM+Rtbs8J3<ShuHGFt
z7VEbN#$ElF)^m2noZ0FGmp86h%{J3UhfcGJF;gfSY`a{U@Gs_2rFT@6>o2aAcs}-*
zm%bJULGv`5aXj9*ah;hC+$GT@yf?3yV=>D?AP~Iwm6*11_&2>t{1NGS2mf{H_{8x0
zraki4`g5@9J_3ll^3)H0ou_u^rj#pEUP*Z)bns5(qzXKxoYF!}d8LHotQ~xk<B`a7
zCCDQ?_#@@EMhlkXsvNgf7&(5c=*A@}ckJMjlvh#?Nx3BDg_K+B+W8&jj7pUXITG?X
zFD=I}w8$+fm!e#g@<+-yJ9uSlt7$#Y@zHi(DV4}MUL}{SI6kOE4#n{%nFhQlNAf^^
z<k5vAQQnH&kkK;8Urannf@8}iTI4~<N!vLR<vkkYJQ}r$Gis63uzHr`zFOom4CSpl
z6L-<K^B2lpH2QY_f_AEqH?r-#k?q1`D92^%Ox&>!ZDov|99Pc)Ig3n!`batcNO=n7
zy~93|b3B}K6uH90QM^19CT@wKJNPM;3J`osIVN&#gj|k5zD)Ty<;+U8iHA#Ekb6qd
zXXrPN!D{euQJc7^M2+>)j|hdz#7kAkN7WPzmV00vcp)D}UaC|gRGqw(VKf{s^+JEk
zJWSkFf&P|CO}w1rr<DK8+j%Oz51=yfRTV;w(9mOyA1?vU2b~w>unNj!5h|K0Fc0}G
z$Lm$}9s;IJJGVt>=`rQFVjbFqJeR_wlkX~#<I3cCj67GNXy>~KIpw@c6Ze&4oO1UJ
z)byS~C;z3qm)=Lvu~<jSqFyZOMeikGig7~kFDMxk4_0eUT$o{L8S-9)lJa4M7NJI7
ztf4?|tV1vuS2_gK&XWxYjoN^15EyGJ1m(_J%AHx{(0bFoiw+L`-@pScdwt%&e}79$
zJhJTHe$=JZvj2d7D4)}V!Toyo?%i*2FUxkJ<ue9+UY{r$=sn=@AbwwwNE9RLJLvG>
z!EU|#)%UXO<u{;TqPH7=Ab%(p&YKs5GB2ucU;e;>1BYUt0|pK3+t(||H)w2MTY3Dp
z-JgBtIcZX&Ja*{d0Rv`y-rsV-(3p|-QA0z8sdkILGCuS74-N^L9h$#-k}s|&gDiOy
zhbq50;IOQ8cFFv>n@{~`1`nA#_lqxmjt2%lCw^Fdk)0;JR#Gu+m~)(yMDp~X!E@&h
z2@VcCKeVriKd9df%a&>6)vK>PYtIxh=Oi;{h71}0?T{f~ezQg_Ua_<<f6#!bQ_j^~
z|9ZlHCVlI@fRK<ObHDv|_;9P7bxGUTj~(nbs9zc5GHTTK-@CYv&Tg9(@`dc%i12T}
zw7Os1P+qX%tFgU$`QIsY-7$JhrtY&-x1?WwDT^2}BHYUBkni;Ax2uLZ=FWH#5b(oK
z=dMnDSb1!GV8|CEMvSm{8D!VDxA$Q6Aiw8j6E|<(JE1hd|Jjt2<Ewmr#_~`Hr@*!R
zzWjyDQv0LxSFQZf!6WbBS;KhO$*sXwRzY*LSw52!(%i<mT;T}?yvRt=;$g#7D)$rB
zQ~YO1gZlG=cAb23x%9K5qgUwcdVANazZ&h~n!GXPNFOqXo6xTdFJIc{?AX5}0_ON#
zcrfG948PC0xUd#{*T3=FH;uj8OKsi~QQ!5q?0VPWJD#Pr(5ADZr8Q4z`QNdQB;DlS
zJsw@BeAK>H=~$<{@m!(XI_2fdm+<`g3wY7?6585cK-&vE#=KXrUcsxE1oK{EomcP@
z&&ex%-zP8N_MJO$^Hw7qJWvH0TaQ3tK{*`MpMaVxSGcvuEAkTbCoh2}?F49&kHgIy
zcX5n1SP&lx3zo&e+#gb5)+`46CNr>fNj_-Gs-e<&3vS)N2WjbLpje=T`1l+Mos|k(
zH<rV;eTA?ke?P2CJqRiLPr#~ehafbd2r~E90(<=tR5jm&<ef)By=51yTfYL*vbI5r
zCL3yN8sX&WTG*6P4$;vC5bT!?5g|D+FE|%gtSW`li#K6^<723J@DffxB~V;-9=0bH
z!<JQ*porW9E0w#U?9dTN&OQjK_};KB_ZY0%v=0KOWkO7BKBOFLfaK%1A-~}%6dIp`
z?s5w(iOPcM9;+ZWW+fyiZ-ye&eRJw|NXyNKgsoawBF}(LDm{#~`4N_DDnYfk5wfbD
zz^;ZiI8gr>QWKBD_UwI-mXi-h^p)`B$rI4#<w9KCa#*BT3PnebLfMH52o4N`xw1G|
zwJ8@iZrcy3IY-d$JrEwe7&4i?aNy`EsIIvPkFkA2LjxQ;b{ux@%!Y*v7Q&uAd9Y)L
z1{N(`01>iq2n(GH@_F-MdwMG5V_9ZKI<N;1z@tZxpr)n<E?v3=4<9~+yLazG{iS+t
z?RfL%O^gu&FEC!@)}L@-F}577ePF!fBye{31Pcduu$br!p04gN(Z>PYXzDouJjYLf
zp~3z@e-EYQyH7aKn591mV&5K{^mD$yt1lmnd-g*(ci}_syNd7ImTnGY)Bds;+}>_(
zKorm&U@ZJYvE59F3<`w^Y&VCdk>No1=a&6RUBw@L!olNrj7i&yu>SwOetHR9-ZEaN
zE<@h4zuyvbzG;_M6!Q&yb8{Y#Zg9!tcDTeW^KQG3cK@=)|90QJwELGWx^KSOeRIw?
zx9;TeIyUy?aXWkR`*d9I|M@?>52-%<_H96U<{$j+@BjGi_W={P`y<y|6W)AoX<_1n
z1A2IMkMu~7{HNXLB1mdpk*>#YL-+D`$-COWt-rVR^J``A8t=FCdS9LX3cO9Hx1GPu
zr?}pJowl{Lk!R1Ialm!d8~I)9bv^E$*A;Ke>t5cyulJ3GuJ!3L)fv}=<jR#R<nraq
zq^YTiJbwI`;F^)#x^;`(zI~fJ{`u#hxw^DXhfrH-9&!bO>q>I}{(W-q-aW2Ano>M?
z@PKRk{Q2|OzIm4|zm`v>>pAr;1=W@6ec-?Wl9!i9igh}2;=~DZLa!$W4;~~(j~ycy
zFJ2_g&CLYY;IG@!W12_Xo;`b(l$VzimSst4X(@;O`}cF{(W6I6Rh5C%*Vl9PJ8bDX
zw_WF(g4)@k|Jy))M*VW<&K=IjM%3XDj=duzgCwZcM2*<EaU)s3em%*_Vn}601-Wwd
zDrvrRo0|_hSEo*$B097+Gc%KH*|LSGR4TH1^=hJ2D#^-~E6Iu#i1-y`?b<bD^X5d7
zo}SM6i2CBjjT@XT9rHu=Xl!gGS8)uZ(MYacyT<87%jn#8wTIeA<AK(zK)otXo+KA*
zYe_x!dl-F{nx?^V<B41@C$X`yWGmW2Z98o+kYhL}MMXs<D=Q0i+RW*?V8H?s9UV=g
zqM}G-WE2Sx59bgO9!0{!FpZ4B@+h((b^&K&PEHPIcS%VJIdtd{H$TP2#bo#H-6T6Z
zo9x`VljP>+lEa4&lM5FvaIx5-GxZ(v9diBpbz-QhBD=7!)Rb+cps0|Pp>ImDPX^~e
ziT;a>h~S`HwUVTyq>%LO+ezZaP3YGZWYMBUWWIbp>O7CrH4=4<h(Ns~WJDG=7t=6K
zcUhQ>%ZrE%<LX7DPvYX@UeD2*HEVEw)^g`dmMkR-g@XKld*1<8<&~|Cii&{ch(g*V
zX8xP`xgmWr6K66rNv0)}OlD%Li6$BqyBxaoCcXFG4!s@@hu(V!=}oGDh>C~}kmCEV
z{hb4XCCSXa&vWndKYl)+`}=lTd+oK?e)nE$Z_and`V3qsj>)L1s+!}M=^N|wYLZ_@
zMh4Q-(-B9!ySTeietSg3kdBa!Mnpxy*2WH+nmQ2BvxlcA^o)#QX>AR2Q<AfuE;NY`
zEyf@5q@j5V8hk#5+R)I@g^s2%v^5N%%{PG7N$L;&Y3T6vaO&g<@cA0h*QGo<bW^CW
ze;Ve*uY-d<++E$^<>>)0(pP^UKST*4kuFX{eSIA+5}q)9XJafWDT&K(XYUAeD;wyZ
z)`f|w6(VDk(LHhz!?&kU)7^`_l3H|(jG_E&6MX$5aK_4+c+!Nvo+infPrPVDPu~I-
z<^iy>62R6z0S=C-@b<_f9x~zQlY^*`OvHrdA}lxqK7moxep~2hoP-|r731C3)*9i0
z5W<TLR997^x#=w3jc99YM^{$|dIq{NG&0EP597b3rG*<qOs6f(En#ot41?1oCvB1;
z^|7g)Jw!!i7@V9&&-g9$T)TzRrZ#BuwV-*54+DKeXdc%D|M+QGScSsNHJA9RLQqU2
z{A248l-P)n<R%1(8WEA#32}K3Qi|!WIERed9@I9CA~-kz$G<1NJn9HnXK$p5#i*@s
zLup+LDjM2R*Ln{5m2IeN8${p8WeksAA>L<jhxDhdt&MalhT~s@^is>n9MK8c&^NP#
z7XK8qPMyNRLnja%Aw>7s6ow|LOy_wTch)$5*c^L5bHMw*GsX$62pIX6!YZ&F0cnj0
z%kPALRwu%9`ynhDf%xoI2%E=|)Hx1u>jcU=uA#Db9F3zB=s4GdqyKcqzW0;h>5+?+
zj51^wb|I~>8->-wC_6ib+^SAgH}|8lxtB0#0)(y{?j(xD2n-Xzz|4ZXL*qmc7Bs-l
zI}ui9ez3N3hpCAh_!^$bsP4kKnJJWZc0=cQ7~WH}$5X41;r-v(!&y)VBkyu}iJA~q
z)Q6DLUicSWL{Q-fvRiK<rRO$+nyw?XaS|aE=Jw8@uzL*2?V~u`KLou`;&J4iT!_+#
zQQLh5%{^C9Tz>&&EyJkjIFHg6>Z|s17`b#2a|?4zbDmFV9D*W~;p`oX06_w(o4S!&
zcox1P8F02uf{l4Rjk!o1{3;G#y)VFN{Sq8KnTPk^2*rzXmUvd-5KJvn;gQq?tMEp6
zi(BEI*$Gp@2=qKh;gd6h^wv8FZo3KJ_9?`7Od+ac2I)Oh5LJ#Ly!<K}2FKu{oen>%
zQe+l3ATqH4p56l3IeEdD#-w*_6f!akky}uT0vZ#I9c`GIn&$9RTvCJJ#B>NmxyY_=
zLRM2d^4o@ynAJ$*IRS3gY4Fs~fz#1!oH>wzGv8)HV^=c1dM_HgUJJqpZ&|}RtQamS
zO>ju=foH}!*ryNTsB1U0?fQ_~GzDS%3_`nRkUBJt+`ehVbW9_&XBttNm*AT}j)u`O
z6lBy9zNEpx=rmy$>9Njn!iH1OBOEi)*M|e)rzg!5VT9K?G=HBv*Nus56A+eBdov4=
zUDu4f<_?H!n~+q|M(t`tR8|FC19ITunhhVn3<O6PP@iPL&N2f=r{i&Ie-sWMjetvR
z6<kEku+8d+TmE@C<qg8SViY3Mo3x%Ah-|x#)PXxF8JkAI;51UZ?jWt>HnLl$kk(J*
zU|<-5ZW%cIr7!ffNEcoFp=ay_9djp`(VS^vYDCy%L>OlPOTri*ns3t5GSS@Jitrr5
zh4eba<upT(RR>{lBLulMNU5wrxF{Q;bo<bla0(Q|+DiyC`$TA*NTPWs37Q)5u=mPB
zXht=HXso)I^uxdG0z%8j5P5b2N!?S3?z)BK{%Mq4oJZlMJIEfHrZ&w$+{gN00>y+S
z1r43}^c@qZ|5E^sqi!%Vh{TEgbRY46v86Kv0@CeZf4F<P!O_+Rj)aLG?p_ckry#Mi
z5iX%wu=B}+nTH5w&S|h9oc4?<fNM||>0SoB<HRs`NQD;3oUa)N^{-R$;oA}T+uJ@g
zZ{#DfpaV%Yq${nLA#A#Yw3aIncTFO>Zwg66Ge{enLdobX$}Y_zZ}c`&=~*;9g?y5I
z&BYstjV{GMU$Vz%uf$>Z+rilTK@blAEfMM;MdBE>Cnh!r1;s_EuA#Lft^Z<aEf5+O
zO6y7?+yc^JYD6;qJ`TF4L^yOH4tu{%z`k!|p=+3qBPU7Dr^V1SPr<%@G1&9>41D^h
z7<~7)IDGeUARK635)?I&t_&cX;Ysra8k-Zy9=b{Q406WiP;g}yHJ9g6Nq6;?X%t?a
zL(YX8C>^+lvcXFz%&&sKbqcKcA~<Lj!u(h<_P!~^7cZn>@8835O2Zpk`tC40<AaFk
z6!i8EqO+@=yL|+uIAbS-!Lb-<ei@HL9};hWh{bomi^1MMQ}|&#z9l&vr!@Yj3DEdF
z9wx_<;cl7%e<v}rOPi6|(uJH>T5I=RLPq;IQoARRHGC6=<9ASeZ4M1L@1p(M0;+E;
zpn00wL2W1*Cf*0e(0TO=S_vOB#N|j$EQKJjh{ka<0$l1~eW(;iNM7pS3h?dc0(|)o
zPncPRAtQ(8)1gsZzjXs~4Wme?I}e|fYM3~Rp>-@4`UetWye|PpdlR6yI|`-;<6v_<
z31){P;cT7;54UW%x|GnokdK2$6X74-ijs~Y<aG?AsQ(6X`X-SxJc;Zpw^1}nbNtN(
zv{M`E=(&3GHu6WVp?G*4O@kBg4~~S3hdYwea!^vyit?&1!p~e3l3c3Fn;}Z7g21N{
z&U$6g+MP#jiHE6G6fA8#Ffe=(g6eL>Hk?CTZ7<ye2(D;>cUCiO;)<bdlK^wqbT|g(
zB1BY!ptMqiW>&&Iwg`u*4|ac*i+A3N$BDxkC~ZHF)~hq557&@?eiG%ErqDb&hxQwD
z#Q!YnCT^qk_AF|zPN1-V6umd5ktnRfu8$AnjD;E8-8>*n6VZCH5zQ?fsI00-dM1rM
zUvC8ZhafX6AG!GraJJ8b#>pt?oBAR&Itf83IS5HFL}*SW!t%}{uBIJ=vKF{RmBBx+
z8UFe0u!|^zXKESZDjI1mP!A75G1T{`(b^#w$G*&goqjs<i+T~2(FUiuIwaSPp=$Id
z&R)BXmK(EZn7oC~TT>+O%h-Lu6t;fp7@D{aPlps7+-Cw~Lp>Pl8N-IwvtFKF2n-B_
zx0gFiEUckrK<j2VN3ubRF>zxYSIM>+9i2o?Z7b=}Fg${M;2P*lG7f-aNC-S)!eQkR
zgHwmX5t&tu)V3}NNw?in&ccJ_Wfz<Wy)(qORxb8@nGVf;NeK1IgD9g5W;RvuP3=Wy
z>lIXAxQXVQGiW5a_guS!{!2GtW#flEyJ;P+mx8kTL5O2&pmUV)(1~mZBO@3Y8o|`m
zjMl!UFfu+(SZ9l4C%q9JmyCh_KFmztS+v@hY;BhSnlJq9;pFWAXJ03{2Yb=lJQP~H
zGRO`{fv+e5zG+$TOsIpMpb&PEB{;5^j3cBo`)MpYnq(qbSP!qrT7<+8AePoXB_rb~
zC;e|6yMeZ=*U@p|GTE6I;o=hkYwH*s+#iovVF$``J8?!o1~y&+2#*fu*81Mwp78Va
zM{t-wjEq9C=hG+}&jpyCzP)7Y&&{!rt$`K@?@eItY>G2(R<Lomg1v_W^fiNF@Le`c
z^`fC^7zACbSRB<3!0x?K^j-w@z3JHfmn0Y-P9VIfgq=qb9K)-TNMosda2!QLS5QG=
z1K~@3{{UKhduh$JfaL64cm)y09gcvhB>-GNqrZ*O>>>EOmP1oF9JT?mNXySg1z~(y
zX$`V+^I&0|iLd{f0~eZm*m`rx-n~1|-FFx6;vjz?j_4l5F@1Gt8f(D(j3uq<opJcH
z1eon9z~}FU;ZJ`Ez^-@0@z<Bb@sGEo@%;x$u+%JuuOrQIKI!mGszq37JK_E?ayy4n
z&_0a%t|9acUBKk6TT4EbTeoi^QJfEL!$^F;FBT3q6-bVxF~hIJcYEVt;+za)>jbDD
z_ru9!gqiQ>;FFzchzu{5_(|rOt-jK~=Hz7uj{vea{T$)oZVyvi1CsR-9NrTEjgN(}
zJwf{ZO%n9KNQd$M3|O8_hRYcd>}})7#*BwYR61g7$`D^!huDe+h^tyqPWH{^@d?b&
z&T(>|Bi<SRTsyFU!3$Rq6qSc>_WHu`WB~%*Yv69y2(A5vIJr9)r#{Pv#uugd;yocW
z4kcoU#{E4X)xtylSnRq(IyH9n5-RFz5gH}L!GkV1vL~2yTuin=1avh6VQU$I<2o+T
zKSON}4S-*CBmyI15G_hWN`4tS`g(DLbakHA=yOEx4%Io!>Sg^tH;-vr_X2b1INy)N
z!V=gxrr@MTERG$g{%|UyIVA<!C*rX0D<2$GcS3DTo21ptd|b;fPM@e>=A}NP#i2cZ
zeG(V1jH0Wj58?5tWDg{ftu}y>E0<7nwiUfYBWUgELMyFfn_An@-PMI#w<Lb7l|C_W
zy1V3$qPo~PT)d{|rpc~qK|na!#o}UQmDM99vjW*U)g<=|((!snD*p%hf51PttgkUI
zfvP*C2lLWmvkTJ{J^x4_@BO|&++QE=`PJsBKW5puAY1nG&1)p90gPR`LTL;q7o_86
zj>hV&RBynA_t&`~mHRw}vx{<DkjRPI_?-W4_70|JW+<G)EXB=I9J}Y2<&$8;!jdoa
zhy1jhuX27Cw`Zma8)u0Y)k8erA#9wYF+VdsCG{mP>dwL={o^ZWOX-7qmh!{oD%CTF
zS$F59@5}Q4n1B1BbrEm#3k(M(*fKlM#{0YkWA1_rB|7tO><Rp&To2zz_%}*EB<Ah|
z>5n46IBxIP+kbc8;m7t?{yX+H{(re1?*Kl&9$$~I$A7o;`0sX>&S`CVEXT*!%IjZQ
zOZ}_st)FtP<x#XARqp;X4nOs*&cn`3JS-pEzi0dUY%hG`>Q(NH#^}Y-rM>;da?A!{
zXB${L+xuTU`!P8=xpW5L{<?pNKV~bjGZvHACQ)Bk$DM76i;Ls-=aUkX(B9UDYh?Sf
zJnTF|eSJN*w;dfF!|k_+goGeCIGEc9XM6p<y}jHSlg0BFEM#q9{4p9Vj<Xe|b}8HM
zXM46)Rh4L?Fux$5J5Qmdr3FWOd+uyVWmOeKDI)m$2XOoHr%&s1d-+=0np{3jO)co?
zX~D?IkUOs+P8D<K7YgzVxbp@Pk&(o2Gztm|Ff=s8$&j6$XliQW&XdH%#lp?a6NM$E
z+}RW>3rpDBJHUeKa&mTowUrh0^!2#<H25dM=kuY-*MT;l;xs6vTT6qFlP8ZuPgfTP
z28J*(F@=qdH5}~hxN{cnZf-~*nRa$|ax!3NGJJh~VQXs-BX+jJzyPV)`Dh=#h~l~y
zH1!W5L=cP9`bN;#Jq2w|K8y_PU~Mgctz#lw+|uFhnT5chY(xoi5gd_Datnf<wifhs
z^r${(l0gQls;js@JKNNX?!F#e9J|Qb#&y)!t}ZU%lk6N^d|+T=juR)2!NJuV?H49+
zc@78+4#Say`q=ZS2{d#9VDDd!kd#)0WOpGlrw>WxBS>z%1ab3a6t-PP``8VH`Nw1b
zM_vez$V6#%CrauDQQ0(t;)Wh{_KcDaOmlW>LP{Fd<pm2{N2KIc!__wh*5=+gdE6dW
zc48EFj=}m&I$lyT!0%tSf=zHO9AX;~T6hkw>BER9xdc)76arhWBck;tayqXgZ*Uxm
zvGvgWi2A;26ou8j5aymmR&6^fnmW-vFo5YhGu$|cNXbTEtO%(^RVZxjhajOG4rhe0
z)yjm<7eeUlNypcJNyM+VTjK;@0MGPJxQe=9nb-?W=RqXY+<>5S8VS8qNIo|MVf}Ro
zO2$!E--k%Q3~HMP^{X*=-o(tp9D#m;h)GIB3yr7g=_y3#R3W*z4%ufrkW$@>l(HrS
z#O1=<Clmgm*>JQ?hpB-On#ZDH7mx?HtWG%Rorhb&Frpi-A-Ve&L<2J@9%FmQGZ44l
zLf+5~i1O-iVy_nr4V`h?$OC$&q<=P6G&W3NMmiZ37>tVYN`z%p!6Uo~j={Nb3d@IY
zQUUzpv)~ykhM`>&_}WSM>f=~^`=tP3!dk@D3?R1QB6ns$*mD~R1JfuRokj7*I}i_3
z{e!nqb9oZh#<BSLMIWet7LG$7#X|iXAJXGEWanieB{`Am59G$8lb0B}C!%q3Z!Gri
ziow3m;&J4V5XX)s<LH3|eEVS%)c+9&6Mj4rN}G_`IfV4~F>Ws|XJi@$<8!DPpGWQ0
zIh2myLEd@hAHRlNaSdFJ(%@)V4DHYIu;<r8s2>QVaqEjvfe8Ji1H%{2Bf6{)eu=d(
zG8RE&Z#=X<Pr%7fqM-j>983=;z(zj>9?p4$1=(;9t44A6FiHj{kv(u7xtDLF>c%|U
zt}mc*dI8mw)2O;|9pbza#3l$)T;7Pxyhdc_v>-X67OqxB(EctBhxbLo#WMy??VX6M
zXhm#o7h-CA5MJ2<r^GVY1m?q;`XoH75;27}FtE(R$A3-7_g{)o+BAgB)=^}gyNa_D
zGibhk2dz`HDDAs|gsLVq^<0MfJ|h?sHim`^P*_}y9Kz#(&;a=Q`4SE^AT^~K&aOhl
zCa1zHGze~C;nd&p@Q6-<xs@1+^=$|%Z-Z|}J;j$m!ypIWewqfaGdYNfZ-HGfwW(tq
zjn}5A?RU^SeiJ5U0XU&4KzZc=%yd0rWoZT@eM6X%u9=z|LH(#T`~#yfesxSb0ZGoL
zIrtJbdfCD?z#it7e$d}5hJ#-eoT9}ra?66gLms~SCI#9Dga`>LgICm9h^j_VIx>OU
zk!xrgxrn~uQFsN$;`oVJBqntt#Jd2Nt^tTjh=5R-hy-CQjva`DpGPsxb@PO~^PK;Y
z&3lKmzQ+;WL(nol2_1bi@V`!i##cgo`cV*e{Xu}e9}1!S9re9U4m_jF5MI`S+@4_+
zbqt|%a1>W){$)P9?!i8o*^>TfrXj+&1*Tg0uyRg=vs(tvn5N<L-xEfAmrH%0_vYlH
z@&XiB6e7ET(xd#Leaa6<cSXVQKr(dq#lrA}0EQ+3uyzYWfJlU>{32vjHDchxDCX|W
za=y_;zvj)U+X#%#=FSjU=;uT4L_Ut~5n=aVV{l}DBrc9#;rxsXKd^o|e{lqr)y;^G
z&p}2`CF+|yP*hcihK^>`G@M08XBTeJT+R8i@80u|GoSAQ^E1-FkxQ2mm0X0d_yUNs
ztC5skj6s@jneX@hb<pDczkDx3;@MmHL6762&->mwO5!(NY~L*Lah299(=$^`G#2|@
zaxbj#5ia>$=jS<pDcb{MK4sRfxj6}ci#-0|Szn^d`Jd+`{BUJw=N?+_;Xcj(#_K1L
zeVC8*zj_|~$M1XP9$P?<{R;nk{%%*|r+8QPf2W<i{4D?Seac7e*FDTuWp-9aN5_(V
z#x8bdwx_oTU0q$=`Q_zP!(#bcWV7}6_oJesl5D~RZeCAKO+i#tILu5<prfhH***sP
z`ebK?k?oa&nCM6p7Zq~$o+w2~Hk%Etfvu2LR*r(2S{y&DMRvy-IC=}=6_STATKfoM
zQ=xs_oNTc)6qYxjrQ;lD&-#T$Kp+&uCrAWKgJ^iWSL36%onRAQ5BIbSh;6)$r2aV+
z_S{04Z#g0oG9XA4qpZ4~t3Nn_<|9!xLWC7?@y@{EJu$TA6C<>uAHkJZAnu<==HN84
z`zB$jN9)~B9ARwaKsK!(vNAH^9bHBCW;%}VOMuRaMCczE!p<=t`R6Vo@4_wA(i-sW
zG?3HSj)=e<1US~iLN^r-_Q@zHDMJX+2oTfyJ*)_!c{Okhp>@^4EX1UBqIl#c8ZS*C
zIKCYI0ZDN4up>Ey(E2R_ogEiYceWEIwz@E}HUj?u*<wfHu<y$_T4RY3UeJR2L9+j^
zO+XM?01K0BvLzFtaU={uUR6u|cx8MX7cXBxQDGyZX&sfBUWKCS8g$S)n8|l>&aJNN
zMYx~_;lY)(UbxEX(CqBokIo|t%l62zY#;glzYpQoUULgebL#wkdz>tdP0e$2E6+sy
z&*Rj8?eA6@x~!9V?KR1-1F&BLCbZcheUoFqn9RNx$KKel0I!ke+`;_@u&gxa4(=C#
z*GhBl;C}yi-Qy|b@%8w6d_BG%U;l&G$KSYfzxgjKo%6D#@$deGvKDl2dM<a9O!|g~
z=d)M+z2W)Kj~>(6p{dP3qW%4;9S6VH(BSLtIH0~mTTf%hF^wI6{^w^qPVo<^zp`<o
z{C`MkeDW6=nZK`EBXi<l#L_q42W2*`QdmWk>mOy7Cd$J7(#5`olsopkTEe%C%)O9(
zgkbR_m}|J`Ez*xcZ&~^%^z!Y@qx&V_@Md&H5Bqp#xa6DJ|MIm%MrQeE0_5oZgJtip
z=&Bp&Qds`3v|WFcdEn!n6utiyZ5{1{GE&|wqz(P^%6vrP-B+~LPx22+c@3A+`rv_l
ze|(^M`z7HAT#>ah*>6x?FH3&k<uCunGUeITs#H||MG9qE7^6cZ<k^=LWOdfFC)Q^=
za_ot9kIn}6L^)+&l#x+-Z58)@cFN2%V<q_Vlq#<#v+l*EwACz)(cmjQkhX@UF{*sU
z2hwC&8mouDaar1G?px`!aO16Bqe_qRs#}**CHyEzRFJn?Rp|km)E-_F6<)2nZAF^&
z+w)Xr`-*t>9s3O|-kBQr^vm*0Qfl&Q>(pddbD0=FOgE|3yfs^8?rx`cKE2M8{m<m7
z!sN;5Fm+L2?Rk=7oYzQbQ7$zL7Qw}G^cKr3hX0U+tJi2LlaNjS$fW+pYGW3vQp{4D
z84rq#Pf5}<lqBU(lD6?)+SB*aWM$ZxrUf$Zx#wM|o>hv{JWo*`h4pgE&+Slsma3Oq
zYAcid<|SHdRCg>AljzY>dle*OmZz-xv!xu1@kE2C@{oAyN8S@F;#bRTXYHf-C%Jg#
z*Vn0V!dG5a=d(-<pDxNtmZ`%!(?3hpQ-);49+@UcWhE=~7KPhbUp&X8zJ_bbRvA`)
zouZub>&minDjl3OcCC~BL|KlLfZ7__ZM)<Y)MVB(zSb~a8E-sEY1y@^Puvp(<D2<9
zlvz5TBqXo6b+zjAtTG8V>r|g)b!}a(^B+vkjOb!NsVvb{eeV7~eBxf(^UM2?+9vZP
z*C&kl8e-<>%VfBgli^d#(>KYg{-0(2_6sJp*JM`k{`8}H-*!LmE6cBu`A;hU%p=Ro
zvJtkDzzW@wl@ZXG{~6N}CAl5DNLiE=b}(R7+MukoahsC-HYG*Xm#C=HI#mL_bsKr>
zsJn>YRZ6lOq)!UUN^6xBcfP<thbI@PO@mfbnMp-n`Ij&9<YZm5RL;GjKx|VY|4&4O
zM_sNY$6lFa<dqb54zH4y<t;0_RYhqdZ^I5?0Q;0S>@1=@Yo2%~dok;C%d-AnTFqTq
z<-4nRYkBLqhy5=-SSwGKx0Xdk@Yd4n+MUN1$*C<P_v#OGt)xh7F~r<YY^g31_|-B3
zFZ>7r`JLAp96$LE`v^Bz`n_ePH*@4yapdzCGwfQH;mzgEmD}*h#;)gTi=bykHT^YD
z|MCb&>HB4rBrVy(s#1HOOXWY1D#xY%CzopaK<c|(>hiiD{UYrG#{4_Y3xF9Zr94kT
z=LMz(>v`*Se!(6#^EUJUFH6|)w9aps>hXBIm$$3ZK#|w>p!)fw^71OGFS0C(+oasQ
zvinJ;tvp5TR+fSKQvRj2PbqCx<55)4Qq-EKDG!fF`FQgDw;05|^1OuZ1<FHNH?NY>
zWa=)ztPW+;lygekmE_cZ&Eu)?SYx(H3qPm*Diz?O?iFR@WRX2-dwJVmFISc$D#}FV
zO&;%w^~;Dn%Mn@sqcoIXuiPfTbBsay#+T)_KVo@VHj>sWOl(X{O8nn4fo)OSK`&dj
z%JAP{ubX(AlwVn`wwbqu{|i>-FITIrQF*zKV&AopklV7F(ntl@vG85iZR%><9zueO
zU81K~w{R?cy~u*vZ+V*t41UgFVVg2NpHm_@Aqv}ga@6S_s;^R}kfoNWygtg?#xP7?
z<z;_01){Z{w~6IhN43Ae0ww<IEcLfr0q}V2WobTXp!LMF4DX(Ll}$h@fqVkGbt(i~
z9C~e1R@$;nX``|dZ=2F)ZBycqVc52xhGC@6KbKKb+@_?oQ-eb@g+OhORrfSrm#467
zSSv`X<|$CK6xgehGEe!r-!g&8E2;2QlwVzuO_~2oPMcJ8-eei%r4c+8l@5CR758{f
z<s6qP!NpBGhgM0sSP6Ctj|RIHOi92_VF~QK7RjvyyB}`UW}c!H>=bu?x=3I-8ojlg
zpOt8|f*M031qmAM+^|S!CGIKiU|XsCsHQO)X@<yU@|Sx`iMR9YV#<AU#TKsg09QI;
zG0$>P{`rqIbmJmMD%_8eic*YJWEiP%KSnA_F;bCXq{96esVK!rMYZMCsy(E$7<cd3
z6D;!NRe#O;e*<p=!w7l#b;^OfO%jxpdqU+Iot;v=<jL`W!}Ml78}{-qZ_&<K9FbD&
z*g~VUZwV+ARdn8F!(cma`y!rRU$qiXH!sK2CwQAz;^`BFr<+&e=@Y!|Jj%!0_z*nZ
z`~!IUjFJN3>2`*v3J>C`!XvOyDk$DFQat?`QF)WMo$yrQ0X+RN8b5ozl1HFwsHRD<
zevZ&{I|)>Y|2rljLM{#}mA3N!A7m!x`dK>wfI~~{eSKh5)wS<FXHI4&Uo-gvf_ymY
zv<86~m>>b7GE5Q@31N~+0u*5g$pE7v6DKoDdZ~sEu}%)5*z4`9ReQDCYVU3PY)b*H
zz9xoGpRJ-+QCdZ`I*K3oQ3XHX{nk2XCNm*g?|bk5#~EgwwbovH?Y-Apd+mMB8BX%X
z78k;frrbO&Lltm_(saq7oEo!;r1MGP1-b~lLP=~if8~xXQKx26g9W3tmz&gH!jZFc
z3&xTajrrqq$0xj$8+6F9*!ZG(@lnS6L}$w6Wk0}NC@QBOOvs%OujoiC<J3Qa6VJHk
z^gVd~dAay(+g14D`5AX==(rch-Z?fd_hSBJSe%41b0_3x1}>*ouK?I_XTq+NXB@@I
z3bfjk;<Qm+nw>PNsm5`0*HdmEla$+K(Sb8EU2d=*gDScbdJVJ_FlHFfztoWxTqnoZ
zn?=U+XMypZ1Y@po0_cBD(3cp`1AT9TJ}>w?;F`9g`PA!#!SsE2rFK67`)G1yX7FIV
zt|@zL*3`mu^Q{@daR$+8+)9Qja?*twGMPDj+pd|%iWX4NUu@8;(0G0vybh!xc&i~f
z27^O}lo_gB-yDKGcI~;mN@emQl@Xkxh)!j=o531IuNk~4f&D#>8472X1t+D&`40j!
z6}brgYg$VCZzW`A8sl}x&nymZi&Mc9#$+wV(X=2<P7cmB#pOZ??6;;7qtmWYUKg~m
ze)aea=Uw?*hy~wDD6^U4*l_25Vg9cS@oNkv_@VhMg9N9h$4&E32Rbz)_;C8jLDN2k
z{=ytq@!YP<=>kl~M7lKF9L&i;?p#1Kpj00F<6vG!VyQSS;UDqrBY56v>1Ob`R?$>4
z-H4iw46{)VTtQ0BgkjzoO_wb2T(v;bU(QYUysn>FTv9x%WcEzDAQx$(o#Ne!KHezA
zR-8{-fO|qgf5*BmlGuVxR#^skO&;+`k#<k;qJ>R0bZhMi(68aT@uCIofi?PlE$o-1
zrIUU-DV_cn=%<o{F373%>DoOHz9mO<jNZvyg)hB#_!7-Vd@C+Z|4Q1uA-?99w0l-u
zZb;nzd&8oQDnq;`9tJFwJ{3k$BwZk7h#u)-;HQCG#9QglqcgiRewtwshZvsDcs&D>
znPW0D#JbG+fH!64qjx(p|3{`#yqS3r(3Ew7WE4}gNLxi#KD6DK<;^mRA29!cERq>w
z&U4K98^dGZSVUg7Dcd3@Wj~*86jQQELrM00$X91me;QG06zj7|{@dA|z;9=KKTAH5
zO+9&uHKbbzUSgsCmoaoPbc3HEZnTijJ`2^o%R>Em6i|rxtJvdSpCV?%qH$_2sC3}u
zryO`<w#Wu$5NRl0!uPDwV0WTc>XcRgTedfXGKyTLZf0tMurt-ilnZ_&>IY0!h!Uo5
z2UUc2<}h`yPR(QLSKLCSxLnYCm4ByGm12f)NjAWCX*%FGX)fUJq=jg^S>7(1d#;yn
z2kc{bAHzo&KFRPH!;csm4FtzBoW!t*;cSMB7_Miyh2g(5+{y4MhHo)E&9G1*Sj@17
zVJpLbVW=|vDZ@W9Jk0PThL$vfmoRiPT+XnI;ddF{%J3eBzhQWg;mZuaU^vD|a0<gR
zhHi$}GQ5G|R)#-i_z1)28J=P|)<m$B;c|x8GQ5f5_Zi*=XcVsW-Ehpd^xLuR-v`{y
zKOZs{ekAhYzhx=ZYNm1vFO|lD+R9YE`7&t&s0VcFYN-g+9-ZoyW`R1YQ};>>Kz+_s
zmHejE3Tom78ufv+9`RbrR74o$c2I7;EK|M?)Ox0JMS;8#)Yc2M_@62FAhI90V7Q-(
zc#tWBxk^?+{WYcRwG>Kw*fG}jOOsa`rv7B|NyY?q%yf-pN>HDfI;HdkHOB0dvJ%vV
z=8aNzf^wK|lB@};&U}rOm!OuKzb6$WsB6qyr7;O=llfL@Y=XMg{6lG6g1X;)hg6uL
z_CRucf_m0`w{%{DdKYCA6Vz$*&!tHT>YM4mmM#!)CoJ&?>6^T0)7|~r^n7u#$kD0B
z^!1>o=~P?#pmedQ)~U|)y`VPg)OXS!2lb;1hpk&A?q+JNxGnujM8$5M`Uz7{>D2v9
z#dPYo>Cb@5x=5oQO1}eC0aFTeJ}*rX(=HnB=TuRyQ%|J-O`0ltbm~z0>&Pm1>(u+{
z?@1-%S)DqW{;@PeoX{yl#>di3k!9B?YsTkT%%&wMgM68A+v6j89y#i2y=+{@ds4aB
zo>X?ZxHD0fC0{9?wGUguDgLULou4sAc8aZ2G-?hgmso$P7Rj!RiE^cQO{W?_Rf)0^
zP12Wfp}bJ6F44-mGA@>@#rzo>bqlDgMCnY;W_M*wmus1SLLxXt9)`P3w5|@A2!AmF
zW%2$9+<^TqaV96AET$&mmzznZ$~;oTWb;UPH^Ya{()L;sN7Im*PC5(H>Gs2<^pX6z
z%)c_7_6=HT4a3)x^e2z*>^{$BJy&wAkJCr?lUk9vb%U;7;|$k|_bR!Sk4NRmy7i`H
z5MG)w5>IY-w`sWaY`iohT~PeY0d&YUfD7bY=F~H^Gn~e-lwrBfr_48vVJX9MhReCM
zg`pqtLgdwxna|1N1?A%Lf^zT_F+S^6a46?)7PGQG1Wxi%K!c%zSLa)S--y+c`1dgU
z1#24=Z)Noxek0z?+KoB(QPzFH&t$C^uZX$X|I_fMsLS4Icwel_{)6El<o{?m1h@}y
z4faE)L~r&J21)vU_Jwk~^t0?cq!+}0WIt_qLHsWJdBZ93{p^<@`Ed5DhVjy~*)ebq
zrN3jCAr7PN3*xQpamowggY1cbABhV9PiJE+QnqD^a)ET7r9?r0#ASfvGF*VmEmtX|
zxlTDH)>#^XcUqPy<E3v~Rw|_VB}2WGDQ{=|-xO+noFLA9%5sTq2>5%&&$w9>iaP-(
z!WL#+SN<H(F8&j+NIVEQP5d6P1p8MryzxiCGO-7+TpR?PFa8WzA)W!O7KZ_A#oqwk
z;uv6~cmr^mcpLC)@jl&q5+4J$iO=X)b_fzPcK2z3ogxD;B&>iNMFHR@Zly<z2fjs2
z2E0XF1h^IZXS3KYrUTw4W&-|5%m%zulmp(){QHCx@BvW;_)D<}@Im1Q+##9(cZ+WU
zKEnI~mf6E?9blO!Smr5~d6r8LGyktFbCmJdSSH3YZ?m2gEcp?ap5)Tcxl~A0sz_DH
z{Sk4WT#T78q!f#(^25q}tN?ClKFtv1Q4LNI)tD&}v0ZLuyp{QWaDI=S0?9|19})k;
zco$$4rH{#XbLl<eRfb0Z?-fHL({L|q7~s+&#)sgoh~X%6ghU)65pHAL#`t{3=QF;V
z@zsp?Fua@L0P_bJACjmiM;RBg2C4LJ^F^{-+9Yq5Z<ba0i2Snrmi(T48lP^%%W~B4
zL&JOE(dUT#6L20dysXm?7#=WuXjr2}4R<KNz~|SB!oT07E3ZO{t^*E9jkF_>mIMAx
zS_OEGd>gWlf}BUce@FwwRT7{H*Ap_X5;756VSH{8tL1faha8qS7=-i<@k<jeHW!OO
z@p+0k#^<TxGd@ojW6X5ER9wjC8N$J5hp6N8EU}c&v&A)ho+CE#d7ikH&zFn)`Fy3=
z!)K>>md`HnE}tvKX+AF$-%OW;(lhdR7)LCrKPQpsR|O*VHz^tXw0ET31(J3Jt-uZn
zKY7m*7t3@W&u4m`d$BxSoWeI`;7a9-18w1U-xXp*S8E{H?q4Go`&)y7uE5$*akIZG
z+|s_FrOV$c7I!;4JKO!OEg^rP0~G$b0vkHRAzu)vI~cge*BS!0)VIdt3tsPU^>vBH
z^+8`to2O;1Z^;@ehSc@`HeYb{4AHVN)ZPWySnIidjqrGC>Dv_Yx6|3xxQtGu2il3z
z?x#QS)3ULvs~v4DZt-`F-p%5qPA0mM#DkDe6t~h}7#h8Pg-@%K7@McNE9BcCv;m+h
z*Inlec@q*F5@_luSt{9R8;BYq)6}I4GO~eBqo_%?>IQF$l}AV?H<(<j@;Z#MO9aG1
zU#PmJYrQMb<`a$GojzjlxiO&KV-YTRE#&ihYdX3@Egh}Ekl6h?Au9Y`oq?{@V(KE)
z#5w4q?)nfq(%Rh89_D5e<#4IjQ|a;4EUEL>RCql#->PJutG1@HuF>mkYOKb&#^r2;
zgf89CT-o5ox29^jx7OKM*}(j|CEkk4DrZw|qjyo|a%NT3c-*zl<z7!Cq&z9C1<OZr
zT$K%tshkFnlj$Xk^adK^Xk|mgk_I&AtVkkVOX}*pwM#sWNj%RI*CO<|vB~YNa@N!~
zHB=@Q*3>mSYcc3*XI+J-+PP@7GIs-7UF=ynTD8Sa*C=cl#uK+yYKd;=q!QT7RpYMK
zEvWGpI4jr|HC1Hw(fSlOug0yasjKl+S60M}N2rG;@=Hx!Wok*I*VE*7FKKAh`O9XN
z%<(R%s)DhYcGgl&7wlO{((rW>yQ!{nnY+@3y57YYlyhNaQXvhXq0+Ua0foASw1R}4
zQ+zR8Y2>K2lA7Au%7xBauiM$+TwEECHm$4z%~VusV@hQ=EO$4a#UIT@&PvaWnPpz|
zD^AXwby<RJaFu$Ki{td-idjrAXsW4&V;5D{RyJY=Ek<vW`Px)jQdhe?iCbCcTu@u7
zO`zn7l~StBza)NDQ*G@?{RwihbD8F8SJlE~Co<nTYEiY*<8@aq)+U@jZ#~To9Hc2s
zS1s~Dg3Do|>07dRF@{_Rr;I3B(y-83SM#mmk&RvipN^>P{3^}PuT<{*YW+(VTs7Q_
z5gca<4@oC6!H9M*a(T*9s2MW_7C&!mXrs5ocY_FYQiksm9pMe$E?-v{6LEpHL7y*9
z@VSduQm)v_OR0Bln<k)9RG@3|`n8g{4kjp<V+HWGwS-!jaYN7_@`*q=q_GHT_jPC$
z{T-SHS`<boC047yb3OW^bJn+Xv~{g-xz^{!(hv%F4T}Xj*810pz}mH4z7TWUu<*3E
zbbEclAeLZ;kZRLLisAX!c6(cW!O*Y@5Z<;9(Te3c&_NprZ7dzWb%Br{OB~aIHP?9C
z0~jA6AzBF6`Z1Q44L;G?($#fCAlR0W+u+*}2zG1YJa8H`8~`)<JL4;(sE&`xqYViw
zpNj`w(?+;Qvx!Ey&`1ATTCjZ;b)qf2VMDiA5capXEvAtzZrMlzU5q$26pJ^_pbE_z
zm28X+?CA#b(o*(}wreS_^M#5%f!1q%sHdGp6}v|?v%N?ostp?in~7Q)oGZ}LLHnJy
zfF3(y4Ry*(KLHml!F63!q6LqL`$cnXf=qIKC$<$KZ#-l*N)O3YrXG%QChzm~p}68s
zB*V0e$~HeXVhe(S8@gK7wELVPY+cr14>q!ZT;Lnl(dMfNXu9CzARN%)3qqicN``gl
z;uZdubsd2&>|nY?g>OxG-8x^e+TYgZ>lhXteHR&TAhG*GH#*u{f^FJnd$>B(`7~Y~
z0`9CHqz)RJ(=PwI4pHrE?_A{TrpP?2MnkwG<lo>sy9as!)%68ACbf;DwmH*FX&*?@
z+n(4JRs{nabdIw%<iEa!w!hj2F|nIl+`TXu2zR;y?d?zq&wXjHYC5n>4s<3ug<isJ
z{uBo$?;MA@@$n=)He6KE-d+PU1w+FuwBrs1#e#0~P)iV#u^k#ZyT!NAJnvTZF*ODt
z>X?}{Uqp?&vZKu%KsbuV*3Mc#3OeXIK-(KH>7?cZLG22mCFs-nni@CSLhEj4TU!v}
zFPt6S<a$gpOsK9vd%_?!OGKk@V~8iKw!_yZGBaxZ9f;$O>;1t%#|D~Vl^gv4NGePH
zq4lH+=>qO(^>v2yS?yZi67M2<wjM5O4{%Sa5x<okp<p+9*yh`~WG#kF!p>l@rJEbB
z^>wU+)`|`eieY)adeO!~Mi4q))w03g-mPa7zHY#!M<~!5XlEi}JM9vQvxu*aQxgx1
z*=QfO>1w5+APH!T7j4(s^&_3m*D?*h_Lhx|bq$y6Va1*Z`PcZ{{h{vRQodR&zJ5)I
zFO-ZI`!@RM$LrHYi)h6MX<mecls#QsC&I!H8dT<VE(sEzK3!Z3yqme5sD(vJNT`23
zOZdfFDg*5jPT+pg4nFB?!+8yKu4AeTx?1o>Sw2zgaV>U(m<|oN4i=KL5?BztpqMLc
z!o#|?7HsHCKy+~3jes_^(Z#R>5?F+QwFzM=M(@gmNT>4*F;j>ssXE=<+w1jS*z{4^
z#Kl57|Kfz!Ftk$7*Rp;e@M0lNaOu|YGru*V19h{V7`aPSLVu$W7rDd|QHM_@c#Wcl
zDI4%wU><NQgvh7f&4%6*{X0X5-0Au#sm)fh`xvr~ZzT63qQe+-8?<%+4<+mqml64?
zec(1n*w@8Y^RZRGrhO;5AhiJ>lC?p53veH_rPKcm8RNoO-J%+;H6%2MF;37P_C^_e
z?LoN{Bh$Du#Vm2zFxT3EUX_kQW3h*%G^PpdUdv;?fqO6=Uup4l5&tZJ)`jRr9mkIc
z7Pqm*36J~14b2VsE(X7m`|1(H8YJt#z#nsAg%b4cJ3`b9msO&E#s9tL^IM>mW==cX
zKh+zEq8Y;x*utYrwZ7&fvVIH4Ct}hU=9#mOeL%J1`ioI-4Ip`wVsr(#UVMjV)F$S%
zCdI%?mTN)TI_^U;e^v@{et3k{1Dr4XdK8FRsl6E4(wAuUk@u4Gk4=|KXRmg$Wr!OB
zW*Z@?wOpjn(iWZ#!%<s`j{~16LYhsj3}>};U3(qtOzkDjsSxxNlzMKZitz-P+O^g%
zNd)o4H{9hmc3TlUGEV!GOsC1E4q{4z---m;qSr<EOr_4-c;af|5oB}txP3}mor#(v
z+s3WX<m?h+A=Qtky5y03Svnj!k}#V}T0wf^=|4T;sDGv-UW2gpkZxgZWPUPvknJh8
zknZH=MAIH(iH?NJX}s|TVRSDH>xgqTYfClMLh=HYYKt#R?=2h<>p2|BcUb7=kf!0K
zEj`7WS~}gp^1hK_bve}>UIybeJ^E5;ODePJ-iuGIE<Kn>E}J7YP||UxXp%;mpsgv%
zf7A)u^F3_}B(EzrZiZCPO`4(9fg8AFICN8MY1}WHuk9#p<vcg6J!uZt{J&2{J%GP5
z8>E^fH5>HX#Ar*gR=tALc&DDW+w_?^ofGx7dMDQNIkk2?3*5kQwLVF%OJ7*EO%TO^
zCOaKVO@)w}T$~v?*rRc+G~{(WTUyS_Fl5?xJwB)n&FpLS+!5yf3Q6RSOx+qM*)TXB
znYZWu17ixW+WGMdp}@{(CJXbfZ(rR!zVv9+{NR<|n{xk>G1q`q*#M1-5P4Z9<Cwfc
zDKCo%vrd?a$kmBlA_{b(Kry2Z0W*PI0tJdqk|#o`S+R+{F+eQxWMRsYq{#y35=oMB
zCey<=6z2<r5l9gb*+}yIpJyck^q36)6nc!r|Fc@59~CR~KLGfbL<+s}MWL6!D1tGd
z3jL)L<ud}G5;#TR69OL-_=v!V1l}ibg21~31Oa+xrO=Ot6#9RJ{GTut`mu;Yzx+@f
z1n9?>$}9r(kWZn0DD(tNp+{AUfgfebg=W}Gk_rheG@FD0a8jC4$mYVFLXhUdNogce
zSO}0tz|4SanNiC^wG?xq*<wi-X=bWzw#df9G#e~e2z#c%P?G>8iy3XwS5C9Z&|tR7
z<~&;t<ZT8ZI2&zJo-J=Ys)9Cx3#De8VrHEXr$Tg&YEQCI19>*+l`O2!k|yHp+zZU{
zUq4cj#WGG38H>9ceH%J)z2h^L6_?OQ2t9oCz|lh{9xNsbEE5Hki2@0rAYT%e#oft|
z!Qg92WP+D?U?s97VFH66ISIW+^0OjDgfwxY!6eD}nvFur8<TrEsUHK{k_LT~g_42z
z0}ml+Q!oIFr9~2@`sFQ@700y|$FC2&iamjr&gxL8Q+u2j=jWaMyeWUQhfKOL@~P>3
zYMMe`lH@eDBYKub58f#n%qEjzQW~%{lL6ra7Z(~$<iSEC;>BW-DLyO)V_r9TDzDqj
zp7J3G^LjSZbhAK?hD0G`p=mcBm;u2gNs|m0nV@-+1wO|&&xa5|IGOYO@clG1+>fBZ
z)RW8x3M+%jW{`+QR_wVI&KHyNy0gH{?YTX-=dRqIdyLe0&(F|HnWEKVK>(srv`5`E
zOgEj68j1GC=lMvF-YVh_&6W^3Da~T$ptqz!jbxc<HYsT^1|l0ggb1X`3g*00GMm{f
z=?|1AQzSOZW0wY7I_m-*l^f~40s;qD<AEExVBGDiho3S3I{q$)(O$Q(dL+l|3Ir=R
z`uIK`KVSCwird=TwYM~VL)gB~n<~y7U++l#-|(K1e3~C6qwwSJj#!40#-tw-G|Hub
z%~*cDfZCOuc9rMltII0>Rkje1D({_+>q$PYOnR@!$kGbtHS<2EO5dl{@B$v-ay!>*
z<b}M0ujYmqbnSRh*}=aQ^nkBzIoFM%X*<i5BtE6suF}sDr(q$K67m(i!DwYYohj|u
z*k<M=*=F7pbS24@B;CO%;dgZ8&@cV;I|;OLr>#f)K7lyv3bljxVe#u!`uh#kw_4!q
zxTcFYR^8mYb=bIs^nO)yJ4<xFUvDSg&yKI%UMY{y%^SEjY=mfAHgc3B$5_U7oUGS}
zcGf^UUGV&~dgqS+hGVt%|7Qly8Tj1$pZ<&Qe>(dA;r&mCFZ;<GcP>4#BmVuvt^GTq
zeE!LfN0|5ij>mBJF8kGvJD7jhjtPA3+i@44Z{c%;zjZy;AK6Fk{ZfipmGXWm`2v2w
zR3~jrG~T|)^%q0+NZKo+ay0s^_e<r-i5Ey2MDly3Qr|B%@N0?J!?yb=JATD+LK1Ih
ze~oE+kCf^Y^s`a=a{2iCr7C=q)}c-*^~G0-_e=3JXi+djAN%}-4N~7PrHN_3)gO?w
zMP%SCxq<k5sJ@-Ajg94wO8@jdROgO!$GPL&aqc*GoIB1P=Z<s7x#Qe%?)dLL>eUK+
zK_n)cLSrH^$=Z7xF4cC^3r!xS8~evIcGDxcN9pQUZM0{3njHsw-&wjgDzA-RBlmw>
zxv>WICt7!Q%8ny_WsyNSGGOjoc53idbLLCne#S`j>hGTfaT+2UKkr-iMZEM3BlG@*
z^3ON@!MaQCS9+<Xd9nQ!cKh~-loPG6=cxa%_CHJQzuezu7wW#-Klwtf-Sv6z(_yzd
zI2g<M2K|)=$J2ceZr?2BSa<I2+fIl&$b9S09-;={EVS;7GIq?I`4swWC*+WIr+M&|
zLdWBg0SQgnBVU-q_3Cq*kC|`{+?{q+<nfaWBA+VZ%ZD4X?$p%}#tIWn##=dN-u#Lt
z#BF6hMU6bJ<~t5W3wA~JNs%FCUdWzf-Fn%XGiPAWLUhEYnxlQM!Rl(Y677pIV)jP+
z-X?5*)~e`t=_-1~%H=~((199?r+-<2b(b&<7zQFI73;P;(PUF(;PYlO*HU$!y8jzJ
zIQk2&+<fdb4)ws`o2IFQ-<W{I@tAsG^D9)W9vXbhH1+Y#uMoSxKxnd#$JIldk8$}2
zgYTNA!Wdj$n!fpUE`Lt_!10NC+Hq=de~$XDBR06#?D%5v&t}JI$ES`{j+4=O7-gj0
zUVvb_4#V`WTDd~&Iv<g@r(vLx0mWn8we0g57S*lHXjU-f8FgmWoi(F5D>9JNdn9_b
zy?{o8K;Szs)@{pSg{Gz3`z!2457855los^Yi2nN1kz)qy&WaxzbT9PRpJ7hp4`u7l
zhuK+&bcSTz`5(lH3`)#X3x2rynC7q_Fn{RGoU83w(OSDb+Gx-D&h_f!jz6h~9M7vS
zI}SUZ+HwSq+PY1KBasg$9G4A8tUHf5UUUqpe{;ON<;Yq5&$b){?_lJ8;vKZ^Jm`4b
z@upg9w>fI<IcJw49&#LqP;OVRwoe>9YR=qGU@w8kP*@O^BabQQS3!ThjHtAJm!7dB
z9tu@6G#0^bQJC{1N27fj`dJtyvz|mrNt8_cIV7`CR*G1kHxzBof=rfm>n~wT@5&XC
zJ=2DC|5Tt0)lJr2Me1J$k15UlA-P~_wB2rhm>kjX%u;Xsd`4O1T_y6C6p1OlPv7uv
z?>o_u-3C|XXs-GIu7aQDPaX82k@>snu~7deyBoyB=q9`ExT3b(i_{a5*Ws1WZ{Vh#
z+rNv+j;YbV>~!Q+gF5l{ez&AK?N$Rh2gUuJXY>k^USadAn(yu)BC_|)97G)gr_|bS
zpveO(tAmcmwhX}11CbMC=>hA`0kVy{&oMZHe^MQC?AtPc{*|QgW8gyvEKruhKcMb+
zkd<rg<s&p5Q1?3aqeiWL+K3kRpVjIC^svG{&GDqV$zH0)9PRc(&}EL}>I;sm?IrMD
zx#L}Ma~v-__CqFT@b6~FOO6*ak304|{!GMUT-TNvqeSd@9IQ+VvSrarkLOeRK~&M{
zIRei_$05l_-c$PBa_`e|cUZr-0YRXKl3cvWK3^?2Id1$MevXzUJpBeO7UVmMp}p{z
zoo1nR>v^cZ0uw#5ry^;p>+xjsAf8K_p?{isGbOsEG}g`g2zAG9+X_$BDUp3jJ#>}D
zwh-M+bOY$}SO_#ls#--ncdSjLbI_CW$h%pQ7==xt^_C~mbIgFjm_pT>RBL@~4yjtI
zMD{BU>WSD?qGIYoqTR7cL@gnlnw=QS1`Wd(I70R^Sg(+#D9m0?fenFaXs)y$I4aOw
zfNzUpGd|<#XLEB$_p0cafmRkb5+KEW?6+}Nk<KcJ{d=4>O=lIxwlYggn)8t~ooCn?
z6IWu+mo~&UP_Yp;%G@wOY?aE9ofS3K6S+j?g*m4oYK*ynd!tp#D$HivP{RHtWdAZX
zLiQ#v%qRO-ZywU@UqA{LDQKPyQ5{o=_7F|>uZ?}wr`z8}Ja_E1zJ&d2BgfhPSKEuM
zw|tUp|AHpfQXhM$FYZe9a08@lvHSbj2bwF%j<J91OLl)_thbNHLnfuzDn}YAaigtj
zNYK=#X^0e99&04y*V^a9QM8Jd!g;kk&PKZ(Gslf6Eq72pz$~Pk8`+}(tp@5w{aO-p
zgHZsYFqTe(GI`+K*y$*tO@w~PsOCP9uQ3S>ekz2Y#*?3}woh9LofY-5y;1IYb=1%R
zL&bJRbw_8Bqht3+wS-h3HN@@!?p+miDezOt$oZmX^eJ<;3~Wrt8b!$}V<>X;rsn<{
zNj(wG;D<9ej`3J`PMm{f0V0N>$h%TBBmB;aRr>y*(QZ~{a<SREGplSK+6<*d4xI50
z(H=*R-APMwQltM&z8&(C>==mGp<v2V4OAhkr@TxK8NHBRLDJ3YGZ@`GGRukHk2js)
ztj)k$WEn}#Z#F#N;EufmPGnDx<WTpm^3uKl@kv2h)^kM(t@ZTMsnEFfyRr9+?buGT
z%I;5~aTS@0=DcUAyE*p86r?FQzP=ycYiN$Gqc%_W)2ss9Uf+zgwk%dp+{67ei#Uv$
z5kRZCe^~8$X#-JW-L?R;p!bM%+gv&iShvljZ3dK-knRHL&W!7JlWtpmbBun$hQbQU
zR}I`~bL{WLtF_lst+Iw@H5Pm3G`EhRrg{~qH+Y&_F7G{K-S$VCEl9msEa{0=?>p9Q
zzZ6<W?h{%^Xj4Zy*-b&!%tMFiOKE@LX+m_*Z(7=bqGjZX#-%(*>QUHE%xbr~#lD4h
z_b~al79-`xUf2e8TkTt^;XT#$v4fzSVncwQ*rR~Wv0d9Zfb9*jUlB&*iru@79avf)
zyL}r~oVe1v!ZE<k05<HIWPC(CTOx1UslU^fswevj<{)MfFFl`*i(0I`ccC{P^|_eo
z3)sqn#eR;Y9(K?QO-Yw_D0Br-z`Ge*thA(1L<!ltQ<>AR^z?68Z~~PhCudTnn@o{`
zHbSr;oFkJygC_Id7rbGdNPMNgpoh+B{af8s7aq%MKq{CRD~@u&MJq+LNs%Ty23B~n
zq}fwO<Y`vlU#cEfjq0Ze|B`SS0$+WOvhU|-&h!p!D(ZI?y4C$Lg~Lqg9SDz&3}Fe}
zAN$~RoTGSGtr+sIqF4Qk6(j8BftgfXOhLIZTnFV%n1pXovWxY;vuSqZ3qy0bh?7Kl
zQ~z~RbY}RxKIMvXrN55SfQ8J0b$C$nMl)6nNtdiz=~ahT3~7+T$b6GY&N1uGA<yK8
zGI~BO2&MIWIyQV6G|{xqjI~i0PV`qv?pW(BNNtru&1^P2S?`XWN2#reX7xU0tk7om
z%0x5u9IQFbFd34@smPztkl7M@#a@R*>xRUsLwrUiv~E2gyyM3HJ4iw`Kz@d`mv(g6
z6Grp<l(|Tc8Ii}39uGwGkAD;SvA+QY4{>rlUwul&Cb6_^@D(%k8vcyUOVkiP-h0rx
z^^b9VCDvYgh4$CcH{nb5ZMsH%25wz+TF-YYFxPX)^}mQadeb}yws^OQ0V!wR`(aaL
zQ!kR+dC(F$Y1s6-O5!o6$}#t5fp$fh6K(7jZ<@~V;+9h%yHG2py%n<TazxEageA_f
z@=BbMKg|fq6RMGn`@hd<gZsJAj7o9&pQkjV(tDCsqgH;iR*uqsluAbC8^S@2*UdFH
zwMC4QRw2AxD_E@+EaHJSFO8iz#YwNQz8NzjcI=e4i9|js!bp&BJ(0&smNvxZR8az2
z)<;REp^wH>>Rp9VME0059>gRe!}+3#Vo~8l@uxH8hNvYx3n}8YlV{FYcO9r-8+A>K
zy#hm8cX_5oT}7&;fur!Yn>Cg+7J=w>46KBS_96^D=-UepcxdY3;|5$Ws>a>{HOmpY
zxc6Yl3A!(5Zf<z;mZw8`eQs%Py%f%i49Jl|dCSw`*Bk@K(|ZpdH%%Cb9LB)Ixsm-6
z_92lohE2P91fxviW?mT`ANO2Y5?)HF1)-irGO-I!vh^0wo<L6>R20iN$<EF)9MIBZ
z&!@Cg$qJ9B+OfAk(L#alzC@*dWv+J>JAZh8XKv<{(U(Q3i00QRV^p^G=1Y{?fAt9`
zz8qEV&no)^-O?f5|LZ}luT8o==FymsE0ICkg+)G7y58<R5?X29X|(Q~GIejbGICrZ
zU+j~>u1c_rli8Oh*yEDfh0IQ$IvBF_4m?CgK!QGa=D6%Q*n4ngcoSKoui8wPu(wnf
z(<r43RfcWS!mInMk<YZPP(JoS(77U-A<14|eay5eO4$=lO5}@-vo}Y_C3!`>BH514
zD`?xYDmn7BWAoeegOGdX4@o(WJ<%<^U}7=-5v^2B&FT*O1A?w#9<kFpea-wwX;e+L
zAi>W?^z--FQObvhp*cDkL168rw?orj0$bOD*rbm!-{{T-O?BkOSk}kd^c>KZ`<$Ng
z*(LqTY+QFtRNtkA&)WMlQcx#x71${D!aooasB550zQP`w(BGvAy-yQ?lGx6FaIAHZ
zO?%3%cZVk+q=Crc6|f6y`PYAFfn_+rd>8nM7H&u`D+ym5ujAF!j-%x)@`aw|LNhUR
z8~r8P^+##j_QlP-d$6Mr8xGpW&@CXx6EPzUvw07hcgWLE7m`oLUOE+D6Nl8HehTyF
zV?XA368>$!C#yjh+m#TzGhS2qEY6Cmt`fDgsLxegu7t0ElA`+9&!=)9CaQm#+Gw|d
zH?6^4AKN|?hP;h^Nt(;uv0?|DnA5+Ny;*;JetBBB8dfN3h?Q1rTUT}ORE!S1Y3}-l
z*cElqphW}i>dNb5Tfw=e09r`{wu?{vpUR#-I;!f<dCW_AkSA|!1_%-*ma)w?kp?EG
z4LhR-hI~{4&Sa7q++aAiGz<d*$_xoGnGhaR9PU03Zmrd`d(P_G?t0wzw6;|c4$LHh
zgrG$sEwaQSRjW6KKoCp<4b1+2_r94-0=Bz<4CH?O?!CY7k2}dU5HUwFxDEayJgO6O
zC%N<|SMj(qP&#rNT}2=g;85WPFVb<7MUoakW+uU)M6$;FV$cct1eijK3<VmzoWDVp
ziHDtZY6OpWSawkZ{DgYxh=h9SBjSO>UjW~aloxaIfK4hdB9(xZxQNPEBA%jZYF-3W
z!X+LW-^Ds32{Ih~k5%=z#_tmHJ+PzKny?PQNeVGN1=4LH<t2drG9n&?UB0DN%A}KO
z*YQSynRudv82b3oO_l-#Rm`+J6Bih0{*2fUMiPPZ<U<S$`!msLW8SjK4?*c?+Zp+C
zUW7F^Pj1VMP=>8MXS1^E5dMMU6f~R15}MHhLwQ?Z=&$KR+EP4Cf*Gs;3|>ngj0^<t
z)|TUhb8JEoCR|USfE<-WmKTvyk!;O(dg+kFkmPiGX}^Sq##4w*Ql4K8qbnA1i8ljQ
zT!44ja+=dk@6F`sru`X*P&{DqgGP?*0VVPoU}oWl5@px9n@rg9K*Q$(ixK8MNPsiS
z53}mfjr6lk^xq(8QsYz95vehhutciz4J>CG-zAv(Hme2$HeSL;gWlMSjYsuH6E>>!
z#%gRlq&J+{SfDrZv2mZ?Fk>S}Zy2zV1&t1{B{tZ69(?YFj~PCb;dA|)2Gan1&cmk%
zK1usX#C?FK94DO(x9bx38Mp=mmQ`<xp+9?R{!ZQV8GmDBML9C0?AoMfl4Rc>BA|74
z!*t*8@TcaT=;$Dpkqo|n!@jjUIVs9T-nk1qYm%M%%+=WW5byL=Vq*b<Dwnw&C1Ks2
zTxLpxB_%t}X|S%evQDiWu6cMXs0?2Tc7M={`aI7?Ut@jw*mtZIb0tM&aUN#%jd7>X
zjNPw8w@<>K{;L%;oy+HuHc%}pofOE&e{xkS1WYd9RUiZ1#kcF9?YjWYe%bd4{+HqV
z00-BwLDBafHvWk>KmdUrbQTDelm3?JbJ_O}PFR?lkVUqX0J<a3W1bjjf&4})rPgb&
z)h1d3nP?d*)0vX#D>W<$fv@?b9{~V8K*GPMi#r%7IukjjT*77b6X&;vSwAev$0Y~#
zC7<kMOHgN|mVl&4WRdg$o4-JfgZM@lNiF&8Tuw21r&?+k)Y6hfv{KyqHD3+FTgTz`
zJqPe6$`3{-GAM)@06=;S)R4p^2A1^|!!jkdOvDt4+g0t`i?HUf&c{SR6}UQ04v+UR
z{>o`mCKK@ma^e8~_UoRH=C=1xb!3XxRJ6sYHGP*>p^}Z~fvzyBj7aK5aqHUvU~Ai|
zdXDnW7Iw(G$2um;w~0qkUZ>wst8GfqXoP9UJS)<xVPTUPE^%ACwV$ykwZthC^MQky
z81MObZcoqW-~v5eGf!v&he%Sd<%P~Eu}Trtv+Y{wcwLH;V4?w=ZHY)XkQ1<31=w_n
zQIom|u(=4ZxhRFryZJ%;%3Bee+&Gv}5_8DP!*c8Paikm!b5hQN$xQi2*MYxxSRP}c
z`%}BlCCkOABy6y&<*;FSYQtaXF#ZUrhb?j@Y@zAHZ|+D!&$&Hx58UTg=*#uxjU2jV
z0`za|!z*;?p~DtZp|jt7&VChA%Qr!@L?<VKhsCWkIPlBO$?&bNZ^jPp3Ee_p#$d|6
zO3|b2drEAuod{3f&w0KXGja7DWRtAKy1itZto8}kxMqH);HEoC?*$}xrtM0j>8Y78
zsD3U+x|{p!KvL^g=|H%ro7`22Rb<)*!*h*sTW8B8(n%hX8=@7NN{p)=7yUVB&}aqh
zSs}vIyI=}AUGSdql<`!xW^VNxs%a*h1S=cG2?7QBeLLt4G8o7wlU0X35p{@ai(~+N
z{sJ-bVTj{X0xqH(!Laq``AyW+1S(N}gBPSnsL+%=1MHB=?txnYrn}g0r579}q>Eby
z<YwS`HMD2c5X>V9#AAbcO$eKT@(oco2*_jOfsZgA^e^!X)D}jQZH-5bQAY_JG3u~C
z?I?vkS+R;@eKzWlNU7Y#s^ny;L|k&$V)o5avU!|>yF<Uxcfw-|ZY<Hl?Hy^HsN>$>
z&Q}>=)d40L9tjxh_MH0&%7xdiRseHVq&W9E9mFAEGExD)SRmW!JAxzI*oZ`5!I4H0
zoVK|se(}iUo@#o08%E<twsCi)ms|;cTIZ#|+jfi1#iXOeL|loLi(Z<G-U|3mBiJNf
znR5;JlZ}ickSyak93xw0-}gk&6HG@a`zl0hZ-cE(iP09L66@1~0$qdozYsXvU(%H~
z^vd|d0E;xq<W4f#*sgYowsx&JXLj#!uWfMlso}HH`B`T%WE~KKA4F#{PhGbPC}aOu
z%i!V{rrSbHrAp(t>FfC3;P3I13lU_h^(e8;B3>{L<1gy~eGZH&aRcFHau?|+$iynh
zv4Y>*&deSd{*$e3c6|6ubZQn=+p(Nr5`zDu`~Q=o`AX~&#4JC=-H5P;2LwYn8?FSR
zDuSqz<7%iC_WwAgiWa0)Q9i2(!+mF_?%R~Q@8etfefMw&J2(Blh_~Q9fBU|Vc0fFU
zCW+r#iTOm2S1S{&32MX(Z<3iO>ylY@Ui>B26P?yxw<ikDEqyP{c?9D;^IO)qlhsyG
zpF9ud!P;%?$UaG?S$mCb**(!ro@}w*AZJ6rN2sf!_asStD~08+qVUEhe&ZLmu^Ws3
zKYekl!wvUm=Gd#mnnkyI3G}hG+e2z)zu-5xoLcb#+KrY(zlOCNlkyhK!+(KZ$R#0~
zN!qZ8Pu>o8E3sM;JO?$jchpc{7rYmIXk}j+C%2iAyG#VoO6-_^9?WTtKa*Q`V7w@i
z6{5Bx5nkfait}kUL^PneHL*YwTQ&K`dObgKXVgS`R4S@{BKRMXQ^5f?>zC}yGSx0x
z(3})xW~!L{;~r+M%=n`Ek<r-h@wSaj;_%s?u%2lF>yXDqFMuRzwJg>>6)Lp$Vlh>D
zvv4Y@kTv;B+@$9(#t!iGg?w=IgBjK#tbBehY(1^SydunE$OwKTna@eFzgcI0kc=^W
zpt>1vQPm51$W=<LRK%m_bG2hfnbL~cBOlVqs<&=TSNf0{OMqWV3$kpXCNdj@o)(1d
zg+M0@y^HC02w70F`$d3eCJHDdYi~5f>WjJ7M8Bk~*S$=4$p<i)0|v*e!vQokRc{!q
z1Hce}1We{}PLD2mg9YxLf-MB6IvY9?UHJyf0by6bl8^g^_G0B1tOE2GtM4Yh!mUxu
z?Sc?4Npou&gPiYQYGizG|7wTp*0nZ$?P|WZP>DIg=LgC>ds{7`#7;87(PyC4q{`3l
z^sQrQjP&<Etd4~&W%n>C(!_@Vlex5Qm}`(HWLClf3Np6x8$5uC5}=2jJ_AyG5Ur&q
z9|oFW=^4{%>?Hy)8s;-mv?hVrIbBZrP&1Q6hIreDm~R8=JFaNW{5e~pw*D+Wiz!0a
z9o7whodgY5%$F8h<HpO`BMX;cHPkq$zAupDt$)UEMp@%oZOQ6I0AmFca|x;}#eRc-
z63EZnz%Itl?DwN(2DL*_kBYXHV4IGIe##6S9GK<EK}QRc8Ui@T5U_b^U~*R}b1zg-
zo%lcsR%8B8?UXb}!q&y^h^6*_p2e#JOHyIbyp$@mki}wDP#1$5TnuXP;S@=In>k6J
z4eBvX?U;QjOSdm&<LpZ^b5qzcUcL(5T=yeaDzSQI`HJ^EQVIvO6#NP9RcgSr7c?<1
z%Km!K(^Z!2z&AWjI`vDI;E2S-IdE@#HH7+K@RSFuX(01x4uO0~U;k2n<y9uopJPVy
z3^FpEI)ueAB?hW-nM`V0NBsu1U8qL=OXr2y>jXTaS=aQ&ZezC#ZA^6&=VpxDMuaWj
z!3xGamROYefkDs$S<0JBEZJoJZcG22Xmnh)UOI(OA{6V?O3WjoskXHT&2Z@wZIeJ>
zy~^B|VjM@Ssy}1w&q99WeRlAfoaizYz&Ot+wvG~q40hq{69%UB@iuN5u^(t1Rbopq
z#9SEIGm1JZI2F)n$MkalKPs{9B3_oXlO_8{F<rI-ZQC(`1|1{Tgx7e?ll?xhVjfy~
zI2S&oz%wiRmT{?l6!%)vIugNBt0nNT@~Z%<$n7G+sM<e*;0sQGJ)<|kVIYIpeVo+n
zzY1dUMfNd-HN4tlx1D?{t5LLdZpi>2#x5`vR9WniZe`bBSWK+*XC{`9$|ROpMTBCl
z7%qp|v_nIzXjDkfC^1JSO8}Y1g(piP1aPE<Cz*{rG;jc>96UT(dP{h+W(&7rzy%G_
z&D`b(&?~|&d%+2ycRtX2&uE}7jZ>f>x)K`vGx6xPaMT5i1tFGd5FALG2BA#spPgJ^
zP{rZHHeCR~z?A~9g2sFxd=CUzM31MGsnb%q;B>)Bt!nS6i=J7h=e}f6`-SX1(=$iV
z4|a?fa0d#wSBz$>6(Hak46I5C`0kBdz<>Q@8sfjr*Of^v_mK*$Yo``&9E*STg^f?L
zCkds7!2Otlc6sTu7nv)L?iEHx)pYL{m?*kFq$eo3tg@F$Ub^}sOJV1Zjr2VZ)Ajs-
znMDiBnYen#<Q0qgbQ{X$N()L;ZZvRE#@LF`WOVhb4g7d#HW>`H9=9G~(I66I5KTbf
zpd~#TYtiSwx+xWnLA-|B)5kCK(1o(Y)TTn0NByW64x%ey0f-<`TFsP1H91QEon2LQ
zx@pE=`F<wYFDHFJMc=Ok_FI(<|I%C%m%Ek`fh9k@<Qh2(ict<{83$A<1g~L3cfLS1
zPFah^gCcaQ=x+xT2|W^EDh#Bs9M#2tuf=e*C_10Gi^u{vQTl0GpWvr?ZR6PO9Yw?d
zH&C&F`sUJ7QbWL3t%jcY;K3bc7UxKg?IIZoZ$y1nk<R%LkizmMzaI6%{FjF&Lb!xJ
z6r4qT9S>9Z8}&%8+B|leE9?1bayK&m#;4C+W$aL)7tn`J?p2>;@Csyb2*xpSAgB)D
z)9oof{ZAd(yBqM8+qz;_{Z7^=(EeDISR-PK)cj`jtvLq%RrVc`_ms#F;F2e)+9w1r
zt0(ZyRxYCkIm$|M4_^Wz-^>H|CHfEeMueOQ-?M*BLqo%G-^uHwy^YQ>wv%J(Q9-?y
z*YYVYVKL58(nIH9FuYMFo!}V5thSL1QWG(d&im%D_v4l7vGb*R<uiN-_h*gWjP8-+
z%C717NcCm`IFU(*0^C6*+QzCpw&Bob_TC+oh|5inGTggMN!5=5_b$Nw<`HHci<6t9
zErp;N&tPsPoj}vuonmro|3HR{&Wmk0Af8+eKIcXFvH4ky?SK|97PJFJPmU0Ar;|N#
zbkkR^PNe>2P~%!7T0T$@x&7<gKF!bq)6Vz(D`KT<JW9H5cbKWbZ)5m~Ou;8JT|z&q
zlw5#+^2>=kwlKqy180p4vFAKm81}Lz7H%&N2lV&`__cWdgk+1~&w1y^>yuf?4HEDz
z5#PGKTkOV6;W|6xKu3xLEjpBC0L6I2w!Jv?FR+`FhS&0fC%}SX9o)PWI15>dUUrhB
z$Kd^8Er)kwU26Sp7UNlNv-qd_;y7QN%ayLwfx<v%4zLPwE*WHQ(mC320XmkktW8;Z
z)~5c427}+=_0ZbuY()u<(~_^4T?DhyZD*6R^+{*gBzJ037EJQGJ@f~o?0KY<$B6Wk
z{_*Mz$hQKFAo@S6F?|K7tK^EOIHe1|h4G0J4T~|PnGj~#)vdEQ0-pDA1jK+U{TXZq
zL<)3$Un1e5Kf=S60Ze(E0WH%JT5AxtbLy^3A+%hFx6!Ycj&I8uNXq2eF=9;B*IN17
zyuZO!x2!#}hOZswT$D2*p!MM|*rJ2qXYPa)#R6H^A`v^g7O`KwMcO(h<da#tPO_DY
z;aOg7KmO(llIeBQcb?#$Q&@~<j%E1RT$1Ue`y1Ffy4W899ZLYR@0)mhIlBcD1o-r+
zCjD_kq&JvZ&t87kdi|691~;A7h!0M(!Sx~|Ui#qo8Lt#VRAg|2=Rq$qpDd5m8r<aF
zf)g&|X^?3;KLE0Xb`_M57>T!>chj;b*+DP?QD4`gKJaRfU@`>13xEU!=6ea+iRsb~
z!4!!H^Agi7@RQSb6>#ax-Hr7>b`j7Rv<9<#8Ms~;i(l?%?clVR5f0e;#B>n=q~BL!
z)sN{o4h)@`Zb%<z%Xm^0jgHytcJdk4p-6A|uDv_#4;q3p^}yD<;!leY2CkyzyAt|L
z&x@)LtT>1Fnc9`{GrSo40z=&CE5f6<gY3MF-T0E{h@_54uV5=^_7&prE2-flV*f04
z#1t~~+R>gLGL%{4Y&y9Ew@}*z+Z{FVLzFc`3ItqPe0m*B*S}8m&i?|H#FU3#O#pyH
zOU1o=d{b4n0DO{@w1I{uK!7L(ssyPNu^7~r6s^*PI`T;RI02!pGgmt?qmE)Ccx_AZ
zw9<4F$C*JtoN?xkuNh~?8J#-_bwo`XXaNy<C>HQhM@DxEND*ucl;&G&os&L*neY4W
z=Jz`}=j^@DeyqLs+H0-7*4py%(xkFWp$&2UQpp_#82ECr$N4+eq-h&av|;(Pikx({
zy<6U9akRcf`QM27*IE%A_dMOCyM<d3k<)tbt3FxDm)xgpe(_&FjvD7TE5hl9NJVfo
zw<qJaE0S2$&$jR8N2m`=W2lew=`ekqc2XIA-gXA{ZrE!!j+7JIMDJdILAc)b8esxA
z|B)XRbfEI9k&!9Iskzl=!Cm9<2HQ6L4DjFG_*!p!TA{y|+>OQN*dv4ToVraq)cCon
zE}-+RAl1Es>UfxR^KKhK1#Garp(>PQxcPNvQnN)y9zkX+E9O_4$r@&6iJQM?CTPy_
zaDDRI4eGZAZhp!{$|wtMMI|17)Pz+jK$V=5V*aF(Z5I)1234PC^S!7~gW!n`)n7U~
z3|<{7y!uplb*b>`8-Uj)6<#;oM^##HtD^u9zv?~$S%wO--3rLED;1D!R6v$dse()e
z7{Kcd6<!Zr1g|e`YMYw};dNpLHOx2!UWaE4!0Y<#B)ncpe*63&y#6+WRBse`y*y(m
zyt<Wadxyd6$$Jo9M~A~pZb``JbgLF7Y|q?(hX50v|6mq<6l1`p2`IpOE}Ia_V8GIu
zN`M5<uZ<miuCu5KM_FL<c=+ibDhllA&lL3|u7m=z;WELM4_6UfWs*H&-*4}>pFm-g
z_dSs;s2Wkk^=p-hG@CXXua&=C(-d+yYRq+K6M@RQv;Dz|H|&&8YG64$+KBw$57n(3
zz{%w?IUxqWF>T%%?LeM7EsCPn8Ei-Nthv#6C2(JILQ|WD?}p^Nwl<|vhmTO5ZXk9Y
zK<8FJ(a;_Iow6u}%&1d|<EvgfbbQrmNk4AA7WL!g_fbVCA+b}az8#$IvxT5)$7xpS
zD#}@GIdlqs0lm@tBkT>#Eaoc(a7ldMY85dAC;IX!<h^8wslH6Bl5TQjyuG{0P}i9Q
zqpR-h2x#S_qTHDp`BK-oe$EO=)?}_bMv><raz8{KOV#d5#{Ihw%m2fN<^So!ivRFo
z#ee#+@;`itaj1>iZ#Jzr12%<B&W;M`>&}i0>LGdjB&ve~EH@zZuMDr$N!dF*ZvOg(
z0WGtI8k#yV3V($JKpS*G*sWoZ6MSF4GuV^e;zpeAE#{A<!8|g+l)hi9sI}QV{N6ND
zmBa2)OdPmqr1iVuMBsiU-`jPBt~S^L+JWgjD@`fO3}q?fcUXA~p*#;Cp_I3Q%EJ$B
zZvOp9C{Jk*;(?jP{FiA|o;}iV!t_i8;;{SFk6>Ab&jN0KON=y-R|CG>M#73rre*0K
zw;K}T94h90yAUKcQkxzee2?EfIQRq{qeT^$8>6Lz$<THJ?u1ETit)U`sEhW8jEcy^
z=CvnqgTQ`*>E0=XDe9K^$>0F>6qvw_@9c$OkHp(Cn3G<ZqGOy8t9PMPtn&e65tYx`
zf$WbpXxdqAGlw7248pZlZ1)@3_kK<GX?{;7QeTo^1F5pOM7Y^ZV&+h4@OIw{Xle<+
zFR0F{K#tE%A>M(I$t1}wWAF2^eX5w&w0^XP<cQX|HM~IQmP*(Z?mRy*(oPE`zcI6z
z%!R-d)JPhOJY9x;e;#0T(=#oARpMj*p@>BPfe0?HqivFaEr(d?HvZ^2MTtHXuvr2V
z(RlCL6{s{mb%lb!Rmm`*R^4w9XlzILVGZdoH;o2Dr+z=cVUO4eqiz5$2*2!>Y{;~B
zT$5AC9~IE$j|`3k-Vv}{L-(3En^4SS%dwPqmMiU3bSMMU8oC2l(Y65E;=-76OJ%^=
zTuq93mda#J3T*?=L;K&Q(=eCLjU@G5KN6Jvh{d{M`+n#Ki#C+fT4+e1$s0>CZD{cz
z#bpI1Xgkf^jM#2Po5r31%$xcy`o)e{_zghIHkA`yE%Bd_CaD=YBwg)iEY&~KmxH5=
zTLV;D26ant0#gj*jGkgQ>*4p3If^lEB01<nKpt&egVLKW1oqau5Dc5|8US{SSs2jg
zpyJcYNj*7JV!iyoBwCg-C67Cl$|riMSX3FZg;t@Qbq?hH3M#cvK)cJkDet=|?@Y?u
zB3z{ZVh0Av5-Kvc37V<SAGa0gLVy0?WLtru|I>eLY%4H6T6)7U`dlX;FGMz1j%vd&
zUXZ8)8hTm6zQ5^V($A0Tnmm1E?+U@^=m9rgrM_T0dq~IJ23BNb0y{kQbJpMU$<(uH
z=SAGq`#fBqy831RC(%f%*gCbH^+Mb^inE5-o1`smJQ_8MJJ?wW?`Mamwo_aNI~3k9
z;mAXow&*UCxNquVb`IiuDK3*84sW{o+dc0@qkBe*-wi9zM&-S3s{a1c^0J`38LjIU
zT&}#CRNh!u&Z|_OQrgtR6qf^~X`XRipwcdC-yABhePi8ymzI|c<-Oih$Szl2K9%>k
z<%z_l?JJ=6z5B_E(53Awr1GvF{q#>REw2d5`{lzMFAS8&zJPB#r}DJV#1*!MtTVh}
z>{Ig}`@Pb_!#xK=fM2GzPd%3Q+0=8uRl3E`!kg?@88+RawDi!_&y{|H`qZcXXxij%
zG?kv(AC2g-WCd<eX2IVJBGKpwC==`1JMbM4mJ>X8Ra_HoNr&>Vo@W7i?drHV1a16N
z+vd*b9wW8!>|j4pdFAHo4^l}4nf@f)pu7@Gq4v`9E<kB(zkZ?pa;4dztR3eMd_!d^
zB@NUvmrDEkgD<aA+ohC8aSNfegQ+*iF4wwDC~w`UkI!7LygAgm6PCN2m$t5m%F}m#
z^~X!g%YgEFUpm=$x$<(LyhGZb{`hj`6+&rE3ulDY_Sw(b`)Rz_r{11-E)k9B5Q_GG
zdoR{4yw$X}`{8xbwluMqeQ4if-ytr9G51Ay!|1Dj_?ri!EoSi(`(gGzg#!d;8*~44
zA-Z#fxXXSB#*vkMXFnCL7YmQQ`!ePnwRedDgzznY{P6QTqpfLT7y7ZFvarr~-}!bo
z=6Mi8&!NW$$OC#Y?V+vjy{qJUmd0*<YHRJUvnWS)PW|2j?K(I8g=52W%?xjy(2#TT
zqiCC1>}Ln<pRmJ}D~!c7{iH@6=K7(1pI8bruwI+D_oGAX6Z<};u6rT0FudW0e?52P
z>u5`wxEEUkE%+Yl-&_6SlxV9NAee*|_Q$=_Yuhl#J=jlaX9=<vsBPiZ*Pe++QlPfb
zPiei>3T*HHlbA6-+A<PyhCWX_NBJy-cKl)LhCfGJO^`eET^hhb#YlO-`(<BrXWFp*
z3nBm5vgP+)oIj4aU+gyi4D!d^#l33&`H+9jnUe|3n#xe~M-02KyuRV${O3UaOKM;J
z>G1q<26cQrv;X4S&xG79^EEGBoIB#17e*TvU!1!Qa(|+>r03$=BR;tCySeXNoPP%7
z|Mvb*W&n0s%BG0zJ$sc>TJ0@jp)EHwC0uX#`GF_n(H&{x0vO7uuCl;@cLQ5s6k9?I
zj0(vx=q5qcpJj{9EQ+*OMwE+T<Jqv~0&NI%-0IjBT5NtqC%Y^f_F=Shl4h~xZS>Ka
z-R?MFU5Ip42@u0MRyY6o64WcV0zHX~Z(NSuigL9tY9=Bn5MFpiRO0VKj2tUKE&J^S
zjxVbJWsk(QK%qh|*%!RxG0dpU%@-^oM)p!|RibYP<wYcEv{1F}JHxIqsK2z?-QQSh
zG{8LpcVKJGa2pA)8n~yS%3ee#pEayJ2u+T5it?AY%4c(%bD>2m_06lXVNtiw5JC2@
z1IQm>6o5hk+8OPs!!E77%^F^!d6$SuF<G7`LB);6!aN!(%cI3|ptNr_K~zFAS5^Q)
zFPADD`e1uJUb53MxTS$jm=6<tb3`R?tG#|LFc=1)()SO9&4*7)ZH8ii=Rnx?ew~sH
z|L=jYi9~3X0>KhBc--Q_VxAtQxXNWQ)>cU(xV6U%^+WmT0zL85ZavwXc>zUslc~Bn
zsDJNSAl6yiP$D<GCA?73didUj$XF1UXFoAKK|`c=Mw8|GR^4RWgKM-*hE%Oc10#!e
z$58&v!K)8qGJgS@lGWQbAcLpD5H|$a6Wr`ow$(S-mSQbGl)p@E(v5Dc&)-Wd=5sy$
z#Jm(V8Lw<ypKpRR)dzqP%g`Ys_SG1Y;MChT>X6G^Z_9$ahaa~Jf)6E5knkubgcNfy
z1>bKamJpMBATpnFnREq#r%sPGvB|xf+9lzK67dm9?bZZ*o<W~KGKQo>>uvRF23eFr
zwUsQm)~l7sp-Qw_X%iI3%6r7p*69XV+CM9zw}<q~wgB>$3V%8p#obRV8Hh#lme@mk
zgikC+?ht$S;`!rA>dW`~bG(xLK_aOi!*72#$x^K^0*1?<0>u8T!LT`KDBU~K)PN#P
zHsP)HFc`#xPqP`0YlCA@pAW`*i%#xE`^`w;Ueo3q&?58upc6g5L^Z&JLGTX-f@cj4
zwhshP7#f^G!J6!@z?g<^oav;Ay(SI#-*^hX19J`xpp1Y|_2<ZukzNTng2&z&s5BZH
z`*qNedy`?+kIKD<;KR&>I7i$Q8mUPQqmv9s^TI%yVl?ux?`(*)k&EqGOLQtAl>FIj
ztauLP+B-sy>f;jEFIHt<_DK1%m~SI8@@tY|By}rCi)pr<ZYUT-{Z&#6DUnzX&U_Sh
z*pHxRh?y|&;b!Ik*s4~eW{ht)W;s*IvhzvBkkhD$EF^v^nXnd_Eo1H#L2Oh;F@IID
zO^i!q04RkaS9Dv&g?^Q#uD%7Z1v#qV3zL~t&mi%|LihqJD1IloQFU|<KYX4f8!+VD
zl&^*Ll3Nj;vM9MxQZdMdu08(zF!}FB#eVg70*%vGRclon1mQEwQc#&aQe1|bjHm;t
zdR?&czr8&Oh~o%|sY-#J*BVGdYjhK4EaUv`feueMD30Rl=8C2Ubg_>78o}A<DI*U!
z>}_(nFsGRBOQ&euPPb<7@QB-SW)&3kLl&B%FRMnDMIJtV91Nozns;UVN-8Y}OZ#0a
z&J)7BWn4R0i^f!(D<ez|Yf_0-)k$n`vkxcC2VOSYkpmOvm`+_E&f$dFj|R`PO`CJG
zdtkyG)1crws)1nFK=7=g!PgH2PZ%0(rC@XRcY*YV?q=2Cc?TLi(?mI$LfU=C5kBk=
zvZ62Jcm89b+8?IiY$54d8MhCHZ%I*`Z-(Yi91Q;-C0xlz91LHVLSRwyiN7@v{?il{
zELAB=FTE8&n0(A`aLm384grwl0R|wD48aPnf#6{{<obc&VK@XpqQT&<%Y)=o{V<Ry
zRn8r(@>czjre_X@zl`Bpwdq6BuUFD5`E)f8ga`Bl5+$GZ!SEG&6(l8k6(qj@50C&x
z%)1Oo)ZmLjq6S|K5*4jp79=}$Do9Gm-%ME;`30Ph(X#^*xtDdxRTH=6%6LjMDq~}t
z643oRnpfte_{tlelO-W8$tvdI9#wi|T7Ng5>IQ5wjUX%0Kbf=;y|o21!+mVjNNY2N
zPbm_<9Mnf4;Lh}*tHC+^JxEEtV*^^~i7lj@fm!Qy>byk4?N?g{pnU?+d9tIefc%yW
zM(r2Xjz)hzHxGuRyl^0^A?aVdC@bAy)H;!-k&@N%&4a@q!b#p1Hl}z=c*|&_W-z8q
zB#31>+7y3g6B25>5Vn6B%;CCZWh^l2elZw6PE<#cQB>S<siO$>ss8Wg)*3AhB=f-B
zvcR19^v!`<<0b>a30t{sFnoblMJw3K*9OC{*Q#?1^Vu*MK0&L_EzGBSFg!sNOPZ;n
zTcbjy?*Dpj-LFwVk~S11J2wqf8Fx(vI{t5)h7n(3)PowFjrQ(=**IRK;%&_B@l8Xf
zVxOXDZid-oBgGI{V_`bZkV@QKduCuNeynWt<=}Mm@cT}yt_=YFA^kL4t&eB0KID8N
z*+nA;!`BN#y6Dv3lcdG!fi{gwrmen*7#93~=Ri8Q+-nKmiMT^)4j>MX9I=#<i@X;H
zl3j}=oQ>KA?eSZrux<u4X!dEfLDi@iKa(7z0QE(*%3X!3j?;P~MWA^-?Gq!@#z3NS
z`))nbYW!;#63x#K-=CGd{Ei(k8)y18te4lj2%c8fg@i*Whcw05j^ednb|nPC8>-C;
zEzaacAHWBK+Z#&ZH6N2&YCf8IxIJEe9Ync9E*&q85fyQX!voddf~o$u*e5QXm(^yu
zxfDayQ5|GZjZab*Y8h*`!=uZ9cK?yUkD&cAdUt!dmy%mNd@`lB7V~iw2keAVjq>sv
z)HpBCQX{=e`o&p(jfcOqO({rQ%r|bsx)yl(>uspqls;eG)s79=|43|AR;#N(!xmtN
zE^SfNRwe%V!9)VWwQPwM8IN}U!9haOjQfQ$o&)L7&<v6mmq^^RLs83?`1GA<I|RIr
z#Pj!14jLwzQ3p@r=RX7pvIV%El?id~GKpL1!$Oi4B>hzs`f{7l{`Yo-Vy4?S6W{)c
zZ|NSN4PTzX(j{H7&x&t>76o`dBfeF&D7$uKUrh1^FF!tywjiMH*y~=mWIw_y-X~Lt
zIp}Z51GQ_cDB$PX6A5n_R4+=I<UklXF;@2@jakI-26T?L>hH398xpnC!br6P`N?l>
zR_AnJH0fPJCd&Syk+qlcXKzay^A7Q&r4q2@pNHB`uGlPC8D4OKYM0AyLRXG3kUY@Y
zf8IqS&_MD8hB`M3Z3}T|{$dx=`S*le$f4YgjwROYq6}6;Z~(pyxy<~23|dc{oAS1z
zkjnyT3-R+3<@2Q>7jFBM;^zgsl(80aW$=3<>PTE3QAc8Ngw&y7ta-V#A7jlh*u4A)
z`^in6Ix|dLVE)n|vnmQttTL0G&hC=G73FH1O=xurLcl78omwB-oV#0{8V&!(MN4aZ
zba;{0BSDasZ#zt&#q2V02D^cankBkh3ukEs{z*Q1<IE~4^YHaM6%|j+JCNq)8H$^k
zxRrUcT5m5vr=9TRaTjy#N7OSVWiT3HiXI@bi+OnOQ2!X!F=Sz@G9}b>DRL3IwLwOb
zr<h+cP-G?*`NzIwkxQ~#Z!16_qQy!XKRZB0qI<sz2UQv76xLdz!Yz~q4YuHPRU*-3
zvC{s2BB*n;R-dY?w)Q6iR@NG~B*&vQIUZYKJmPlcXyhU#F$QgX*Fk_R;aA?OIArJ!
zq$-=CG1Vp5CGrJT;oiRAzSC=ugvN&?U3{ck8K6f(rOz5*sa$&wPgSfwrCJ|lglo}l
zh#3Wotg;vR;HC_-_K+4H$k(fB^ZRVYQ-)AwFDzx&5Ik1HlFBOk{zKBfVM(X_`;=3L
z=c)S-dFqBHmD|i@JZowwQXNe%i+M<a&%oR|$=;m@=%RKRSuc8%`bp?k^DJA~Y|!ot
zk!>P6UPd>*FpV1xA&l4+LX&M6Fs98rL#54zrqV`3js+c585Om*O!i6j=F0MrTNg4^
zEW23$GP$2=tqK)o{D(cwwgPk4m-}O}i~LWa@P|h1R@({<n#G0}OtJ58dMIJq{E&v^
zr{*Si7y0yskniXrRJz`PX--4P_f76I$=L4X!&yjS#1uVE?%rhJx#YtIh&5yE`6hQ?
zGO(W><g;do1e*9U05K2@xo@M8lofT@i!97{)b6v|4R)W7xjB32xP6!X+kMe}+e1DZ
z^JUn5U7?~(yUzeMwjX2eqjq=SzU}sX_JjLc<hUl}vxeLm!A<ODhBl-IRNY@=M)d|5
zi542JsQ=#1`lD@n+#KvVF!gZSXXN?nJQ|FM)z4d_JG9}g*FX2z6L&E_^;>k>%?|eL
zpSmyYW7NHX55;qk3^9&5x<?z{FoBZxqBkoPwXkoecCu*C-l=VA+tDaD+M*Ztilxt^
z0hu{mucg$uga2)GrxtmGXhe@SWZ(51occXGJM~;zkJu^}K5s*zUU*XueQ*}Dj_%T;
z!6D|3S`Aa%qOE#%Y-(rPcCkwgJfB6H_Az~UQwn{9c|#G9H@ZHT&jZ9Y0P(jG5DEm2
z**ooAynwAn7$_}&A%5sV2I2N^lkLR>8A@9zve(|q&>^(N9v#*~C@ow+gOZezi%o1B
zJIVU(r|jP;ZGt9*H)T<hD7mGAb}$a@utQzM@39ro0?0@{pQZW)wuCp`f*$}E0ky}D
z%t|&uM7SMFYoB^p+3CeuDXw@8yAb;=yw&mP)`>r3d(#e1-N#NQKWLx&dD;Q$?NYT_
zb17Lrb>RnTXQ%dJC#GSuGm{O(-lqOis<dH(@(DYY)-|<<O2^9Eh9(DSZW^ytKmk`;
z6gy+;c53vwsb`_tBJ^=u8$c$DIxdHjD;+1F&nNTJ705o0f~LQhk7fqA=qUYm|5ht4
zL7zusdU1tP;PcrBqd(e3gLa>Nul=A{x;2BvlL@e`S7HLzZf{juYmbVBTQk|Q!8V5L
z&6MP0+#zS5Q{M%)+Mt&rdJ)=BU6?{iqU;04?Z=daYHOey@86mww?S)WVIph^P<Na_
z7sKkC){{eD1sAa?;^%CYPVB;6t>}<lEuaU*?V%~;qr+U)wje`sb+UFFBC}x#&a}mq
zQ8n*op~Oon`;Y#YX-lNFFlTaIm8LcWBj3U`=mzu<@rae|;rBMKxM4EJR^=_G6f5Hr
z|M*-Y@m8+FNnrRR3swA%2^v@A41BQi+xTqLmL08yvxgLcA7TL$Za8w;{29<tJJ{YR
zH#EAInl`(v(N1ghn7PrljJYh0i={@u&dK-{5N}c9rN+f~HA>4HUFH17b3{W_Ua~%u
z<AjDIfrUf-=8#_Fkoq^78W&;<9;E7Ie<r&uhM=f<&{{RGKnRYI_$P`#Jn=%qk>H-;
zyL1W-%AdilvjTe}?3(O#bMHJNBSN*7P%REavpq84FLAH@Pw_1jvuE!TcS4)aX_@6&
zG|@P4jMR56jitGX>h>g~BzgTgehojLtEfz=j95y~ULfxNh{t4B0TUL;e&J}8wCjBw
z@1n#v9f46as)Is3zM=@+H4^_Vgf=7s<HDAAurkGv^9#9(nSyJkACmB2BwvlBJ7f?p
zp?A<Bb(t59fUM#9)_1y~<+y$a9JD_uC$u%`a>Rf;Q@KL03*LiQ`MQwFD7{IMlOg}Z
zH@u;A7}`58iy=vnlyF;tMEv?MXmgC*?}=c6M2b+M!1)ZmbT-->pGTNxN&x8e8x%oO
z-F%%U8_gPkoHI#co4bUUBvdP6l_Q=ytiZwcpqU2@ug8q<VoQL?$zLY~4Ad36>hIvM
zcC4?6LG_=xQDH{_EX!g<poizIlT;Dsjek*@_29x1Ho3&h=e(haB@6)W2_^iM*Qxa7
z<*cnzHTi&6D_-c#*}LqKhMho%7DD62kBi;BN~!$v^2&?I9mRi9K`Cw`Va?^U`c*R$
zws8HUf|(T<p}$yxnf@*KFVLfo{tfVNkHFv4%OUX(;rcOL55Tn&uGMf2=5JP6GQ-n(
zMb^LwR*(-ZJ40Vzx<4&>eJFQ<!Bch<jnYikMUvuBZBbR5OQ#q3?{@<<457t2sMEdB
zmKBobK!rk!t!*h}9_Gpod#xd<uxWv=(KUjZ<eg}p8%megn1x_^Xq7p%%A$A@HO83N
z5|Rpl^A0_fKO}evd?XluZj#6r>6qD5Z13j!m(>1gMjgMPcEF>n>Mq$EE+19Gdf6%d
zJ*lJX<OF#G2&BmgG5i!Nu?JJaPaRKs^teNZ9vGfILkiM{kh$rpUPbg|DQhg!70VI5
zn?HO#VFAbq##2HYcCCgio+JmSk7gjhYuYU7aZ;nopvzF=P3-mZ7jB@f(E%hQAGZ$f
z|0DC6i5{`p;*7e-bb^<i3yd*sE=>hm^$vY@OLkP|ns|z7vj<*Sd&7~M36&Mi=kT-$
zqDXf0@8(eUG1?$vv1qTM@ku;NfP4&i*`CJVVmtWPXi_La1#j1r`Mxe}oPt|%D=q(L
z!bEBYbR5l^$_g|vn5H)75`0fi3z-YBeXT`24|t*=SM@F`SxP+O-eTnJ_g{x!1BSK?
zb)mHO_{L%Tc^j1dyysPOj+Ygy;xJi>N@aA!3g5AtL;)FPxKml==BuwGlRSAl8J7UN
z`Ugy)*oMg4=E%L~+U0WOWE6l%=O7tqm$L-7FSGn+H?UbesAOp)6am3ra_Limr=OsN
z13t(vqXQ!##LXA%#?hSx%$Y$G{NJP(*m3}o){Zj1je|12|FB<)?R#~geVK#pvwkq7
zeQr13I8$vO8iOo^_Vp<3JDO~trS`$FJKp>Ol-Kjm=rI^58mPSi`3u7G(A0&tnSP5$
zZnN-z>?Wa07H!8C+HBZV02?+Jf^wk-g(y*kFAB;$5L$|+jJ$qmlmDcOIjPB}8-|KC
z*B&<xv!5_1_7hgJpMVDAgQ8gzW#6G0Zac(gLg2ph@|PNK*fQBI9x4m3w`Ib3B(F+`
zFOWoNrk2EG8D0+_UoexuM4Qdl3K*-2^5wNtlJbaBo#BQJI&`YYjJ8G#ZeBXtsyXCf
zP?X*)XJdVh+GKs}hxHF`I=%2RLo2ga@qgTF4DI2bCr8QH034u_7YWF!7v6xl<RKeX
z*mdE*BUs)tC<g*fI{ixc?~x$^^ZYrdU*X~mW#iZCU-VuMd4&5A=vx^_D@T8_12SZ@
zYS{Ca9MZ)n2w$$g0KrBwdpgBNZBnYFW22gtCj%R`Re3U2u~89t^j2Y=lXV(*`W4ny
zl6=d9x2-ftap3qDx!=MX@@tf8Z4gwwDX5fnNTr7H_xYNk^~=>L_E|-A4g~@bpNRWk
zikl9bY&+1?Og1~nV%Z1KexuQ-RaAD)u-HYqK$~<sk{iqXB^2o`vam9<N7ZEc`5`iv
z$do+%ro-^Kfq+vix0<=@B-+bb*dntVRb|$b>4fL|L}Ji3?xpXQZTBOAY#4o5PWCA;
z+b6eLq+<3AcFuc7>`H>ic*PJUp8nPdVW1HJy7kmLwcEO9A%yaWa|ou*1taN10y)wr
z_s*6~>(-KbcVqq<!3>1OOt|^Zz&HHU>1d`_#=5)`zv<^Be}l>ab$sX-MBAX4ET$y=
z8z$8#Nz(?BelGF94ozy%LDDBNshLv#?KnvkDH2soVk4pKO|^pg3%I7Q!PC^m|Gz&C
z{cCakynk^0^fgH%OUmp!n|}xNsF&!~Tyx-IIbwk|XdV)&)hF#ISc=?XmTPTv4o}kK
zQ1E8cW~b=p2d_bL#b(;PNc4oC#d%T8p2gk>KSeIZ+xamPXBw00ZAdOR9AUM#z&N?u
zRxJd_#ixa5hQc%df|ZE>LJ5Rb+^Khm7q9kuc;0jx)fgi70>@#<TVbmXj)+^8q@&&8
zXK}!Ii@9kqrD=1yM(o8c?4^)JH`KC3JddZQKr#+*O-@wh6VKO20-2`G?daA!3l_!?
zDB%~V98==q?_EO+D$pd=K(^|cD=RKC*GxB0o1qXzwV6V2l;6nrPE$_qaAiWBj6xuf
zNtrLq1Tdo*KBNGkA;DUK(@->i!gxT;(|9Tf<XKFcV-S=ZpUYgCY*bDRO@Af6B>81v
z0wtmEa#<^v)Gw{13WS-lR`N^5^C@N~Ru0W>Dnk!ulrImAWs7YdUUscwV(qf2mVG{$
z1zluacz<m7(DQZX7gfotvxLA5$+YE>g~%kD6^F?%u}x|&iqGWAw)t)%-<QXR_=8^B
zq7w$`&!&Qr!`@Br6{IHvD1EQEYI?%fko$ySZq`F)5J`S8@vc+v8s!c&w+`jVW=Ly=
zD-*7)Clp$JfL<>uW$q$&yV2w3TVG0Uspzj0w3Njq`~wnv2EkOnTR9cSEHt;T*O-I)
z=Dq9Du;sNZrL(JT2BCSI64OjEzsN$=ps;YT%C9N~Jh5ITJaISNnqP)g@xtb(@iwoy
z8gDl>`|x&s^Fq93HRs^%s%9(Ru51?YHn#aFL;uOmAK^{kyp5rOIod<>tDr!>W~OSh
z{QfPdX!zq>Xe~lF;{2XuRQEhIu?9GO3b6SKu48bWf~yy<1Y9Xlzfo{m;F<{6)o=+K
z?MU?}>hvk826z~88GqjhuS_A}AobEDpuc)Kk>E$O)$((wYP;tRR&8f8YWciD>+iw*
z3WNYUZ!&uL+@p}uual|2nTHw4^Hg04$fzzEHD*{w7v*Ob0`p12T1rAVBl5LIG@fNq
z$UZ-rM<Zo#qwKAe{Z+}RzvpB21N*Td7=S+EDd>df2`lK<_M<*s&7`%hIIblA-HVBY
zV&DEaB`{RLSc62sy4G5HK9_u5VTh|7jFbEOO+Wh<SC{%jh%lcVLkbIHOzZF!=0pCI
zu-1HvUtOyd*|`TId=U(ppoZWMy>AnS=+zKBS;qG=hMZQgQYVrNz6}`i<+MRnLSG|>
ze5i!PSNT@sYeaqZ`F!~LH}!RyZw0=-sJ{NdSA?&>R9_vw9DJ=;UuXKP_!?ASC;1Hc
zTBW|G10Z0Ob7`95=$s&S2fXk<T&qI<v;#ZkXO3i_kLK%>QIj2tog{#dB|d5p%-_Ma
z9j?vl^B>^as6PKUTt4+#f~yd&8{o=R!;)91VL1Ls;sfMnea~Z;|ItP)p^@gf%d~Ez
zLK8&R(OlmMH{W_px7IcUzSIXlwI$(80KMCmgzsuh@3AG}>%-UEZAti+;;Y@3gl_@9
z+H6Vq=HTl%TN1vR_?n`=rn`LxeD9t*1iqc{!WU$zK>X!ggzxop2j|qxWYoKPD&E)u
zW3LykRA}3HxS&bqX>gwd*L=7R!+SB@g%Qc0X5dLX;?kcuLWei~h!H8Nm&O|Yjeb9K
z<u)zO_3Qn5Qg{dU-1jmxPHJ3Xv$Pi4#)<GZUej1;o6rdKI!~agsw>xxCr-GPlstZ(
zHlBeu@(Yj+YK#{1m#@S_&T7X(VmxL+vii}cmxm!(P6yVz&4nUbp~liID9#QIuu`_#
z6y^Q8^AiHNQK*EzVH>8>kL#yJk*$X3XS%}==9Gmha{0eVJJL`k*QWOeM^uzkzRS^w
z(~1uJ*&?9?aMO~>ih_H}t6EdN9<c!sUONm?E+RkEgaVHP(Q}6U@r_U7*lc_jN2(&C
z2+m+m7?K9R;6cIWG_<XBBJ!=v6(D~p7b%gGClwi>E5mEryjl+l!bYp7gj_6%=h>c6
zZ7x55g7)W|iqOYg{Z4?ZC6H~}yc6~7&t~sphk`&`p}RDvP!cXl6pL+czDl9H#Pg5=
zG{x)jH52TAic)e5$?nYIC(%$hdrzI9367MxCT!6(?5{b+9uS~3wm6Hqjoz{{Phx-5
z3R@QPR{Ru@GAQ<`tF~Fj2eXH@&xs}`4^aDR1hs)>5>Hne2w7P8|Eix~B(Ftf2@-Ny
zkbrF}7bMf>pf>uofkfeA7fVH;NBbOmV33g_a!ndA49$HgHCh%kZCL{J<pI-sJ01Iw
z{SAzT{`;ct{HWkz)0PFss(I-`a4#-8excZpHuT=ms$Bl8qV`yK-V`v^9|@#MWnTWH
zZ<D?st%6h*7)3{SdihVrqnR=}?e+4>W<@az4QWo*jK#T%u4}%RyxgvcM3r6Vi}Z)Q
zevNMfP}6>k#D9XUP`Z}XmlCH@q8obhxS)u7o<wgPNl)e~{v+a(I3VWCX%#H31sb8X
zKns^>>~;#~U<w<Bl&u`mxjkk4wNq3Lh%p4OVosHAoFK6`J4kd=<Cfd9-ZB#VRaxN&
zu=vN9@q<Lzn(=%r(jW5LkJuAcat%(7%H-teaS|TJ7Fh!+5`P%_Tv<=o+!9zCe$u4q
z_pQ3ow7Kr+dc?#HyW#dW?)b&$(avT3rng;qyZ-I#@s{=W47^>{&>a|WKcXz)rvHiI
znNeS5%CV90RQnOdlam(JHyaYgrVY`$sK!684Ca9i2E;Tz5vpEN#y>hcDBh?nH*JV4
zk3GE%O8+rj55jdfT*Yub2A81MX!RP6UKDh?q<#cTVeR%4a)&|w3V5qrvzNB-aI}r8
zd<Vx`g}M{q0`!zg00fA$1e@!~4UR$Q$q|w_o<(`%PPDg}YucQZeIe*XH~bNjAnrta
z3pIGw&|v#O@Pwhk85AsJ_Xfr^&<Rh&>@DyR;0O$MnhmFv*`RV`*1(8(Ar0ifydguc
z>)hbbt3O4X3BdR!l<}tyzLUW;iLX<XY#3*Y%^v>O3<xJ4(w-;|)tW=K7XGUYMUN}=
zE{S1ShT;=>r{fFgp-^pRWmV|Gbhf=JwAeU&LMZ;D>_@z8bxvz)T4SZAu~OGqnVP$F
z#JlLr|Iy`Ttf;V6cZ<ME59z`)4*`B{EWJh3v`B|$O0Akk<1MTVpT&d4awNyiuY40x
zs}As-+Y`3jQp}&TDw{5*%|#=`Ao|Tk=R}99|4<%Ye3tFQ440%ddi8Qtl-NGM00I8-
zjb3fz644!cD3|X%t7;A@=aE|c0&luek;184$Qh)Li6TSXtZmZ~{{|&(v&2YIi6)Uv
z@|x<uL8u+U^E*FN^lez_Z-j>Zrg}Pia3s53w>Dbm(FpQhArA&y_2e}vd4S;`9be3E
zo~ZD3g}<RA2Rg&5U*Trd%9dLU>VDn-mApH!5@8I$b+nt-Ujs<M-VG~wJ|OKJR`@0!
zSz2FDnjty|%81Qttko$FK+unv5lx2{(vhC#s?e&1s(b6|9jcN#@(9+-kfFl9GvwBl
zhl&iLqO9czTz?Ml9!J|4bE-mjEet);L8qkshS<T@EY_<cHhH9h0oWAVO89K4U&EJW
zs3P`KEcs2^L^MGDSOctZGV!JRN4RUEXuL6JE{y<Zj%o8!Sayq2B*3Ub^ecmSNdCr5
z1K9C-QnEtsz@aq2Aj$O#36omSQ2i^)t2#$x+PpAFi**BN6w9qzu@wg9HwL$OmOu9M
z<lfyqq%&-gqq$;_<21ss`aRSlK)t5wUo|8GV+luVh2Y3C{zR90)E|oJwQk>TAOXtw
z?o&y>tY}b`fZ1AE5nebVy(+ZGs5q~{%AQG9c2NHn-DnZH6tIz@h0*OFC$*yAYWTZC
z;J@rfC0mK#c}CGFbrm#3*y5sqfl2uxcRnC2SAOU=GyKEYF|fr2p`ro^lnO!~3v&VU
zz5u5!9)olXK1jA=ej`4(vfO+oMa}f^sn#SaD&`Z=au4WAe#hTXak13HJAQ%cu!#v|
z3s|8@7Lxwkhys+{{s|u5Ns>#mqqP>d*;<UkCHlTzd!jqV97vb=Uq-1qo{*bg=X)A4
z>3E6%9<xYC=ft>L50zmg*Avqgm(H|hF*GojP4=?d96uVeGM5#PJx-cdz*@s!H=(na
zh7)VX(zt<%RMqB6?@x3dLXrI9Tyb#@kYT=FBH;cCeOje?Fa>f?(L9(7<F(4+(mi5G
z9s|nKyQ3QTJ_VUr+zaYXtqbJVt<h@2mD=F-b!$X1c&%UW^&O||Dj_?+SR(PNe<9=w
z=u|VBmz~Qs$WbkTap~1onKoDIq8&Q11)jWORrH^RD)E5aJG&|*=>n6h_1#f(aDord
zK}HQ9yz^4Xx)T-Q<uCg~=~XPXDnvAL(-LjtQ{DJ5p;0n)(gx*DO?OlWiD)l2P)YRX
zOy)M1dA&e?_8ggbq)h%wTf#nJd-(dVl%02L!-<*^xJGyW4L2IRz7A?p7zoa{GLjT-
z{BjhoX|u~9M~<VA>tP^K);}XaK@xw2Mg^TQ9RDE<bfYDJPPWZBZ{uz`T?fm+l4G<k
zBFT1?mQ3_E7q=r#K&M)_>ax(!xjCL`+Pp-=qMn|1iA?8iBC5;~CkOH8mDByqgKSMY
zehv$MN}EPd&qsv5Or${77QprW2H^9aQFvl<HP~>(RR2HZ+!QjAya5w?DBsOJc;aw3
zYYm>VcUR>-lJ#g7;+Mx~4oC|BWf>|dG;Numg{Zfy`Utxd=2n{$Yfpq9vEr$yfh*no
z?+~V_1JIFzfMju}xVnRt7>oIBzaW>??$-G_fq%3YI{o#(0xiaCE$Xhva+C@bs-6*z
zKudqor+7^Ugi>>rLOKSn0NQySdT(A*#5^;-#e8I36|+~OdPj2p0yj3hL*d!l3XB>7
z{?ikQ%kB3Y*!<iw_LCgR8xE#~-yYatI{gYT7T3uAnMtuZnUX>^n|shQlnw&y4(P*+
zrsIL6Y<`hxi#yB1ie{DoC;B}y46V~c^WCP+##yG#g|jqx0C1}aH5GRN{x#NMPJPLo
z?E3-p8v*{LIdNsvFE#?^2<OjwdaflkFhh=L9ntDDs3VTf*3RiLarH-)cs6XeGCF{4
zBByf;ZN{db<HtB+Dk~aGMh-vlW1yvyKeN>-Xj`4Y9yozLaO%WXr(VMye@P_5Z$}29
z0H3!yugUBd4S|X55jUPEP%~YPQ{Nw78lM>sPKPXc-)r#s{G}AndLhM~MZ`Bh23&=S
zJr3N2fpw{0w>lRHO(i4!Kky5UWkvq+t<F1yl2)ha;*WMEm9Z~gUoX4=DHSnSZV9V^
zrSVR&jQI_~9zU)v^I3nUF~g!rb4ol5&_dI0ffvP*0?d@#`q4nG09Zh$zxOR1umK$%
zSQ-VY%2+e0QeA%scQr$nfn80%hRn&t_kn%-Y#&ur?#&6NBcCe<Q{gsF6BtcqG*<M3
zcm-L98`bmR<Nt)hQy}9E$ZMJ)Xppi%W0p#}<GdWPlrOIexr}55KF%_9CpFprtYPi9
z;l?kk%z;&8RVf|RnJGt8>?iV;<kn287;J`3X-3Of%o4MRxqUeR9xtDJ3<U<T-jMaI
z97`#2^Au`UhTLm2HEdKYos1s8;N>-65!P$Ase$lK&VM8+ugE@qIg%2CFGEsd@MTEK
z(U-S~4d~xFt!$j;pldZ`xa_;D+7=is0zWinprIG(&$aVjI%++*28MJ=U=j~?C69uA
zpoDK#UaH#WLoUl>ygF%26?FHA*js@dzrknz8LsOke9sBhWGQ$9toBAVv{?zoJklVK
zAu+!_fy?!LqZuV1B-%iHMHGNhjwFDg>>Z2CIk2_sUL_f2o$YzS?1gp52=@~9Ilogq
z%YC`2p#kSuE5BAbB9)iN!nLKaGClUavgDyVxO<riX9r36A8t~&Qi3UD)E=u0zbdGl
zYK-;s7Zh_7GOzFyqmjaz&r}%&rr>M)lI4)u6!3=xD+A+7f~Oz&wO|G=!@L8oV{m;B
zm;QO=pOZfgTv`$Sbc6Vpyy02_29M;>dC!Z1hLCh}#~PT#wPLgbHAM?;Hb3ys7u;;V
zRf>M2bBpKr?^EbROH3^?4y&}jtV|-hrzC{F#7b>h>bc4}WS08kH;Ro#Vs?NC?6V5Z
zYL1mjCH$FBlfoREpwQnW!@y|!ensQ4AyGTFsR>c*+=VHIK!zL<9c|U86@*-U1i$G{
zW{Kh{C9T|+(r}{j&XKTC7;jb=3g(_^+ES3^DJganeGRJw@kX#TT#$RsZ<&+$D8nuG
zhu2?$OOn^aPmM@=RiQJ_&7C>OcH?<ch|+=FuuLbF4h!2GJ!S>uuDKYw1KMYM8b_m+
zCOSHSS;qFlA9A>(8*kHuog>};44(G~MI<B|hOLHyiMR}eA6Ytx{^hAX%?psE839p3
zGZZf%Nz+=Gr9rI%yh9g_A~-}ejSI6hgQ4S|Q$tIKhK~BxWz+sz3B?Et+FwB_8s&!P
z(7XLY(~i1M9n7%CMIz5TmRvk8bKb48-m{V-gj!vV4kfb&)0W$_=rmen%m2HsMz0A5
zkWeCmV8~J!n8JQQ3tb6Jr!g@4!>bJx1w9BQ!fGel4BhRJ0+vMeo2Ig&i4nPDgd9o3
zy~(0VSdyzk^NkfXbW&)avV7~Pt~4fx*IGV4XHcG=Qvz5X%{E86TT{%fE{))y1>BSw
z#pt6oyzUhwi%OX%r`T6WxV_>iTIiJmZg-`)+3h*BC}lzA??uzD_VArrbm6)fUDV_>
z9q`n(XrsLbZ=)nOx^#^ddVUK|3s@0Q>gVMhTrnq;w-u1ST9BBXIkDmJ%^Iw)jV&lD
zVM`5I>k{7zs?z&kkrs&smy^~M6E=cR2Rs9-s+3afw~@Ed626U$s%8SR8ec&=j;Qfx
zgF*!=G%Ln-G`jRa7_q&LE)j*9!2g~#kZi`=xLDUHX?c!P-+bsAs_%BA^6AC;bq0yQ
z3An9oK2g_*pSAc8SePZyGx^f*2FTFr^eXxBbRo#ALXV_ZERU%~>1045-yKWtRGV>*
zBOS;eR7p@s46Gv}e8l%9MBti%z<ugtI=&{8@@DM;OO?C^2&GYj!$(dt$Z6&hUYbzU
zeer0>p)4rvVnpP#7O!dDUueY$t$2}kwF+Jo2(=oy0r14~O2pcRu)7qHj`yT;1WOF6
zVdzfHRMyPEBrgviPcC==#n)b-W%4ebg)EJpKdij}z{|az$yD>ayh(Xc@|O*nNN=YD
z9ZLad+h_n<eEYFviMS8MpX^t^c{&Gb`P&x+^Pk~LgXeeQo&ooHa0w}z6!oV~5q0#S
zzi2+gaOr|I#LZusiYyAcwFTnrzWrQOJa>@HW{8|d^_OLOH$^#4^4%$JZkUEN6z77n
zrRm_o=}qa%(Q5TO16ihb$3wDW@;{Bq4%yUXfkURvCRnoo(_}}<q7InqSYq13wHk9`
zS`qyh(tp8Pl*u2*BL$AzBzw1`H8_bMyG{@!{Iv<=ae;bVQQ)*kDt5;59@4EDTdm8>
zd1MrCfp8^B{400Z`Kg<~bS-XwEn5~mK(CA7by<8T6d)fjDnVIkuj72Eyf;+d7rdIw
z@OcUT)M6}3G4ieiYw28t<nsc{b8H7|2`xG<N8b)PyX3tIM@%xUy8|Lu8rPmh#U|4_
z2PHK-V%2)NH?7w7oZq;t=PcXxoW^-Pw8T8RtjqC!O}ZR4%Fg2n2$0LV5^NE)xeIco
zEKTcrG(&UjM2W>JGt<49zXMinzb+B%dM*(>9&#QHm2rL*OvkjAx1WYo!LfjW?ty5C
z<s&FOn8BRK*`hALpuayAS}5-m0I!|6nc_yt{hC^X>^!QG%ecUTSPNDLX_v|0Y9>ZQ
z&JOt4qt8a=xv~3--J#&8TzfP5z-kFO&#(o?=ad3F#CGO9Gqy#7P~LG9YK&nuJF+o&
zq7uB5f_>;~7ivf!KsCo=M*Kp$AgEc0<wyO(SSPQL*2cg1FZjedu@w;Ak#stIYk`3s
zeohjj{`|2A(4VUss)JBG2U7CqL+I;DXsQ~R7c_(b_GMjxHT>^40zvNVb@QTGG&TaG
zXlU^nr0HY{JNw-Hhr^>xN)&VUVHbv-$KB9}VP~_O&!4W2uOF}lnU2;qsWr3ng6*|4
znX~ueq*h28AB7?GdRMmkr5Sq%AU<MQIM{spmAILo$KrM+lu^i9Dk_)njFERA4Zj^Q
z%d(i?=-c}OZo;E|`n^Y?+YF8yH-4cpue#c=;|}QcW%9j!g2ZbI;1LE%n-f>h1Rp_%
zg&pPL`N*B=c<#-(39e`XUg$8b`ycXQKPjtDW0t)3?z|fp9t8gQLeR=T1M0;;ncw6R
z1TsJ7*F)u&EqkF6N|k#x!F0#BK!|ORi}px?J3d+N6@zJIWQyTvT^5|+_%<lo6AR=v
zll)DWS4vREi38|~ICxE--ggM7eq&`|R2kp0fZ!5b8&Bom!E_Df@;Kd4-G6y`tc*Vc
zDVFhr*Wz49skGuQ9r*R*UWo;bY>}DO7+93;6I&hqj~X1krYBy85x4d%8se^;BG0Rb
zItzjEUP=DOB!6vk^jA~{4HcE;okt<(9`b}092f1>%KsG6f8LDKuOw{GeDtbdewwwB
zS7o_Vx6&wgh~f@lH~1fD5jl$SaQET87s71tPz2Z1eN8EisZB0T;{r{SOAGlnF3_TU
zqm6RkJ&=3&4q+fIr2@37mD{wK>i2_nP|^U##To+Yh1kZSdAtv|X1Lyf>s7dZ2iHdY
z5UxhJSm9GgLxn#(3U>~74)^15KMwaUxOc(*4BXGay%+AiaPNbAUsxBWW0ktZUbQfm
zz(ya3s~0ZgA0fmEaNHSt8f!T8S!ul*g1+#ELIl8(OdAf&?h9Av^{Jg;8|;Kp7f!#@
z2jxEWCoH$;5I{QfPt@LIpPW_tBpdrA@JH$sO#E~`JiiLpUbvcE;?#YO3q-(enDt45
z-v18C8tbN}8SJZXAtm)f<B*h34@n1!2K($=Q9g-PHa#K1=pUZ94Q?~xngdrpT!nBg
zgsT*;AODH^CIeud0e36ht#G%%-2!(r+%et=cUZZfGQiyccOBey!}~^oQ62m@!nF~u
z*Zwr5Z(JhOdPrZ;`|y4k8aAx&0P}Pq=1IL(K&;cy9SF+v5C@3C`G8L%_5sv0YmS0?
zfXW*ox%m(9by*S*rD2EF92J5$CxV9fNci%vH;@jRUr<rQxS7haGvoP*X?QTAdio51
z8QwxE%Sa;-Yh!*9YV+7Fhy?&&1r4TWB1AH5nU*946ck=GO<Bu#B;u8PI(kjYTrS4k
zfKoH{ShG;DkDDPF!uUsp5W;%HPNQ3b`te>-3BMYUAGC;b<=x9~bCNdQ#n|<FtQ&6;
z6-^^3!bC;Hh}@TVXzV-l^sgPzm`xj^EQ*cD!A5LCuN#XD_JrfZM`!svmfH9CoN_pg
z6C(w|DV*Dq*v^YT{+LarfI88mjp_A8Ms_L$t3VH+*>0EpNT~d%+~2Y4zGUazDYpWu
z>k0vSbQ&CbS}Se_u%pSuvQSMQHq$+K_+n9s%_%?X_#!YGqP->jzjee`JH811Q1Tm+
z9fgYpYlpyvdGipD2ka96?l#B@-2kmbr6Q-<(PpZ5qnR=_q0@<*nhC(wP=hyfu;bzL
zQIsx_qNHIl&hr6`fYm)XpuD&)CxS+-=&t?&$3MX<0Oj|=Ff{Y+Q*q%4r1Gus5Xz}w
zZ7^OPqY&mn?de!&-y%UM3%_Pt3QOqP<5^--Hn=_1@G=l=-TESU(?|h>e<WXWD=sk;
zmr#ztC-F(}xJ*f+HPs`pA8J5Lhfo-|VnffMet)REIuu+TstHuBe+E-jtq*UYTlqs(
z>z(&kt-se-wf=#7p8pvM3fY^l;V}yh_#bLOqm?#iy9So1(3@xnzzX{O?ob1&dxxEM
z=u4wdOOLpd;@lf{w)^3Ox^aR~5DKmjIX_B_n*$vYcJ6g2#^uzZDJcKYEC{<{c)4+S
zl{s*~9L9w`0)Tg%#)%ROX7Z=5PEHgeefgBDlM|)$B+eebPlLmvysz73EHE|vp28es
zah~@k0<$E3z4F{2xLV><;W^r?59c@3eU6((V=-=-+%e@Rkt{Jau5VttOJnXXu&oI?
zCEh(|Fq30r1~d75%<xS1jJbR!b%6}N_p0Hw|KU|i?H3(Q<dq){UX@s^Tb<6*o1BJ5
zjcIcvkrGd%DScrvP5QyXZdB*)BXjWxil9;ANb)X=HM^n9V=r`^L~JDaEfvAkX4Ha>
zr#M<`Qd#Ru7~|Ku`6tB+J@?W!m|MZgew`G$5##u~!y@$lE0<Qp?EBxseB=5TFfe4)
z%F#@@MYs0s-t8K5^)Y{c1*EteQh3=p`I{*}Nn|lP;7>;&VY*ZVo59f<K+aMdnhl@d
zzV>VcKB(SP32ae}-!NJb>gILf!B+u2pHu=A_l;N<pL-4|NF*nz3XbT?3G?27QdgO?
zqfmq#0VI3&I&3;3uf(`qJd;b&UANSvQS@PoCMI@xl7FA$hcgFr%)d0pH)amcF@NYm
zU`hTRIac6P8}<k8vqzdBZ9OaxihGrn=}D?i-#NX64B6y!x|Oqg4#{7N0b}+)Aeewu
z>eK|g*$xtv;>`@VT|i&J!W~FC{b$H{q>}C!rh@{AG1tZXX5T|Ng~p&QVL2YimJXPR
zZ$AT&?A(p4S<nb{tg(cD){8+~aC25cyrza<qGyprs0Q(|X<ZXJFe5uUM7t$C^*Tbj
z9f%>(5td5F-+_M1I%cbSs{uXC+xU$V|BJe)0-l`C=JypjT32cr@J5N?QQmh3w+Oe)
z#5Jk|zHX<pldO3)M}tMME~LP^0O)^U9gw_35xA0P=EZs9dCTz7!5L*{NzRs8w0?I8
z!P(GmjcYK|lEDSM0M~`y_!uO~%MH-z_h(Qi*Bos~m>N(^M_n&wO1#CPt{3}phx_~_
zh^y%c-aokP|78+3JSAR<-=Z5_eo#pi@G0v>{9&rer4@iRLQ)uvz#NG$Qwj=9f!=uZ
z1Bu^(@4RW!ATPlmz6n?FRS?u!oj{{`ph51NG?WI(oJ2GTYm4tE8*+QMW6z`4`aA6V
zm%@@=Xfr>O!Ec^4AhN)G`HqaF$RcKX9i3(-0yZOm5!tzAic+GwA8StAfm@To5u~5}
zWs6xT>G_fl<Tmu&W3!0L)0g6b<%36usQML!HcMJ0m_<&q3T;LtAk+^}u`U*a&&|LS
zx8hyg7heF+D-?HHm}Xz+z9ajN?Q2il89dW-nss4ej1-4@z83ebOm{%KRfd%&XrJNH
z5sR}SVq&SyVm|^;26!^|9PVkC4-0G;JHQTMITgbzSb`O_LItg)i3HydRL}_b1M%Ca
zLIZXTm#L7IDr6a`kQpkJ3KcRws#$E`kNhEmi}r}T_JsU?0>=F${@O&9YEs2I^Ck|E
zg15t>CI@bo_zfe`YO$RkcH{E4!iZ|)8n<fGQKN^f;-i@>1Lnv`H}AoTAF9m=)f!n0
zmDym8eHszODIkAw>A@uy3Ar9zWZR$$*G^0>QwsU^k1GeNV8nGbV8py&`8fkQ#3Wvh
zNE+}1kkJWz8eFH)Xej<MWH0e1!sH~&LgF4}r8VY;M9A68oIoS=nd);85!F}(Q~fol
zbn<$Qg$1ouJuahB6RPQAUjz)yWeqvc#8caxXVA(HW><Y1(kzrFa2s>M0uz{PT0a54
zceJzffEs!oHGQUaNC$WmHzk5VI`;Ahyn=9Ttxj``rlvRh3jo@+HGQn6EB>gX{LIQb
z<eD=;&jm(6f1@d7c8dclx9(Ty#0)-`_z3|1GB;l+CEbM9qZ$P)af&X6#@U<Qeyy`F
zo+a_BB^0sDR39P~)F%YW*rMKqv$s(LZMieCs1MrHaKzM*N0g@}KHJ_c*BBE46QFEb
z`Zp<u%=2fiP-bYGa5d31*Ic2_Q0UQ}G5W>~-vB;=kJhLk-F*di<kf^J-1v*P$%~Dd
ztSvi+tux14;ME*I2_xbS91&jt3b%KMf=5}o+3|TGo7Gqx{Q;XjGQg^2a^n@lS(V>d
z)r#=1;p<pl5PcEsNI?Fl9leiUKfE<x_fo|$Ln~z%cs-f64OoZ33yGkWr{l5|!mhG<
zOH?9y8)>3iE*e@e2IGzR$#wWi43LyLdHECYZ{b&yc-^9mJ7WoqIfMO(<2<yZ&^lav
z`tgJTN)pe7_R>*|d6haC&V4mvs8Z+Gz%n&O>2*g8#%=Wh<~3IJv=}r&L-qn)CwjJI
zsceZsVqMv%x?99h@C*#fU>_^%lfRzwlkTkOIX$yHgG5nx;SIXFzy!9>vG<YDtgCMB
z$e=#qJYzp{yW`->Q+egRC<Z;#iKklD?_YhAKRY1_b+TdUUSQOi>i-u(;MF+}1P!6`
zGo3HtE0k8QmX;kATcYRn;f&v4i6N(fiQR=cQ0yu^m=)#%_mnBEarOqMprmq<LEI4^
zQI|V1C?=eS0-%jfSM@9~3Yqa+@q=FcW>T3t?g7sLLdYZfGS6vPWnxQ=-BCjzwW=p7
z=mH{JU>ztEULix6_SfQcKLc|>jFO-bWrH~K?!EpJp7^El!w1@&@dH?BIu40%zE2Jl
z1E17C9PcD~+Y-n&h6#+_D)s>e4A6-2RXJ$pw+)nlnO4aiC*>NmCgd^((<QzOMx4fJ
zl<zeQ%OoB_-^ngxePr2V2DzgT(!|HTstJsK)esm}^+!P$Ol@;n5fX_YPD6>KwiIBA
zlO^b>jeJuiOwUB`V9|<l5=&sCADVSZqyIW?c%yF}H_+%?0AIpv9EpB9^ysc;KQ`>k
zGYS;E>O{FhF+aErEEddCVIh34N@dM2K_%kX4RTsF2FH1Y)5_qsal?6)H!bQsk3Tk)
zCkq_3M{*}CkMHwZ3F$clWH5?<g*sybo?#H*1q@m46qs}$T9TRi`@_yIw-0$*{*ZEh
zMEoT{ux822pDm%K>@sb@Jr8O_{uydR0n#Nzn_Q=~JI4PBSO`LNJTC{i2xL+Co~5cB
zII$Pg`09R!6ju?+Yy#tb55X&t@rBBJ3Vxl~8>3A2;etj1;}$~nZoh#yU4?`pJp3_J
zF+}W&r;(nV7IJUZIRZAr%99m}fg(W5gobh~y<sQB?^EK9E8`V0Qbt8u40^qJ?C>3<
zJLvFGi+?;YUoSKRR|JUia7csX82OD+H=5R7^x2pppXJ?%-vy4aQQP1iGT^uJysgA_
zT<OC*k5?$$25CzBFl-rjLZC0OR%7<9fIof{(v&FoFO|H$Nf{8bt6UJ?ErmGN`rcBw
zIog&zVj9~1o|UKMc@ZqAvLZ0ihflmtEeh5r!ad_K)E*&e5)Q(uY&`mrU!SQ8<be9m
zyRjD=@RQJuXW-uCG{1=KAuK0Ca6#h6O_*yB9yr&VxbY2qIVPz*azi38UVh-H4p@nm
zqhQc5l!|<t*c(6QtB3kFuf}${5MlV%<9j2u6W^1gZ3->cW+9jrqDnx`-kA)!(+YM0
zHQZeo9WX$|%NP;k$7Y~_Pw)#g7^kU&5znTk0827}j;iK*^%dB5Y(ker_)p@0t;Bz)
z8UHuZb0htq&d2{#<@kRX{(a8(1T$YxnAr9b4sqb2Pve1mMV9+^UYIWmYooE>UL%Bx
zEG!!3=4pvFP`wh>-Heg#sQXg1AE`U54c=PyM}sDi$6N+4yM?^o&h)w^K0-^_D|WB4
zKC}f*g!~>e$sHFE_oX5k0c2(+`Z=!B0e^w}*GZ#XbVUY~p#ZFc#Gh0~PyknpiWrh=
zLP5YH@!xBZYMobwy@qOX6)_y5ev8kI0|HIri4P6ceCpTm@skw}6p51#2T3YSVPvdG
zA`#ZTk(V2&U_y5R(8m(g|J+IBRP6h250&*%5~h2D6~Xc(2d>X6GXzJwISTklo-;WC
zRKyi|HHM(2JE{$s-26s0DkzR{ehQ^>+_HDY>rn{ULD?ndydm*#sE}B4)Qq7~W6;2m
zgT>GJDL<G+N`-uF1|bZiZ#A~;@hqgV0Occ;&?De7WjV8+99+&e{hQ^iK1)S^^G*`_
z)9~H>N%@G}+aFBl51J6cjv$IJMtGvy;LzU<>;K9O?lBGE3rxZPnLfbfu^o!UDtcDW
zjA5h~Oq&ZeI=Q1@ILb*k4M#culb&3kAYB0rL%-R#5u3STI>bJ3f)p%TGl8Upg)Wg-
zV@&cGxDh&($B+gxiaR8p_HB}*=)R8Tc+jFQtcfy1$k_pl#3SVYDr2}rtb_k>I!VNi
zO8km%RhrPC%t{|W1(Rllq7$wVgqbDwBYEXUsLoC4!>PfxQ3KUkgfi$@;8Q8&<WO|j
zX+~*-G3@Mcw>giZ)mxkM`0e=78&oB8V$o67wK^4Q(`b!Tx)Sa{&V3p3d^=+U`W@a9
zscAH7jMVQB{Iuy|O?@}82R+DdHsOxh+?K$E`bc0@Q;PC3vOW?#U9r3pdR7T)4R(fW
z6HPzV)*lUIVUTw2w&1%>w~6qTwW%s0M<F2aMf}gu!^<n1S~@@YFF^<|NK~NGNE`kq
z<<%uX@HZR@rrIN&$mq!Db>5Z1@Z)_AiANt~i%<&RWLC~afvOhI_4EZ7HMuXqbN*b<
zh2YIi?tXZ_X0E3{cvX`-0ng^So<uNBcJ=`p?pxUsztyz40G)p&;x2gVho}B{K0IB3
zrwj2L;HeLufN4@ni<_DdD3-aSgXV(U63)K7^1hYFf!P7@nKlci%_Fj-@$azq9^4#H
zjB}&(1Zc}eeSSeN)J13b>Ym*wtlf9j;ve;U+<aCSI=wN#BCHQ-LLS}DSXuaf+xoS~
zw+VxSb>~As99Dag6Aslxf|L1GFsS_FD`<d*a`@lVlzsKqP88ztE5@UQJL0BkMBDGm
zNPc>xy8Rw0@#jCctmkZ1$Tbo-(bZa(Hv<>4)hD=OQ@tg81I%QHUib(J^fy9fn}P<%
zI32tNO2W=<@JVSM?pP-R)8$@m@QNzAra}mek!$W30>(Cd2Vj2GosFC2Y4|JvVjhJL
zz)QXXg+N&^Vb;vK=_Smx>IIDS3qJF7^o)fH$$acdwAb<BE>W?Y-}@ufc~~10{$Gbs
z^9o#10DwbF#l3%g6xFo=zCR|LNwUc-kU)R{QG%k;77ek)O>hI*Bq|FV)@+EHz<UpA
zT(Ba{@S_s4aW*uQVU@PFg_gGRz&@<JN?VHf3w8<S2cRTiF$%R&soXeJV~xo|mdy8@
zJG1#=f4qMG`F{D3otgXd+;i_e_ndprJ!cq&?;;9mT41?hN=X*U%b?R_*V^SdZ&j00
zRKI+aZ*T5-L05Te2zli%T7b?A|3#|H&<qVLm#&dg<kA{xF(aqglS|J+1INqBD?5SX
zDqSnYlls-TNd*GDJ+7t$A}7MaG7`@c_ev~>fzW=(T9c3}maa8H6-FgdW}##UgOM$G
z1BXuRbdMLOsEd%*C|FmqN3qN7AFO{sb`kLvyu)PNni_NxH%N8l=;L^ng=QR;WVybL
zYFjbO#BNkn=H&X*T0nZw|Dc`d+CBpxkIFAA)?SyJd#D2?ClQZmW!@oGvEf>l#iC&x
z&!V=^$>hhiO?7^JlauwC8lBO`s_QMzAw#8-MqW!mN{AO=bJ`oLqAkwrhC(P2IES@N
zusq^3FD(nYqGeunEd`iJ-=WJsZah4W#4KVIEZkvdL`mWfyRPPhnjVQHg>^7pz2bkY
zy-s%s3L+O_fC#u*#RN-_iB~6Y94Ce{n<;T*$(uuTF~cb(gVYl-db|}}18$_q(^kS5
zJcfru6_EIxTR%iYWe6k~KSR4z(tI^-g<m^$FbGLB6`qMIAIQZvc`L{xz<4l{(*`{V
z0(Jdm<Vc27(Hc#>rT&b;k6jVni_EJGsXM|SvF1*nQA!Iz$X?3JCb!{l!Rzo#w$Wp>
zN-nS-7l9wR@k>Y~?GW6v0)uYHvxKyVp_0A(kxe}Ggu$@a3Uh(5-@?ST@ub)VGw3w=
za4mjs$s~__hrUb#M(t!DWnQ2`aV+HN!A>Sz9;9yvGSMpJ<`rN#_cUIVQ<L#MuK@W~
zA&%HU<jkwJ2~Uy_=0UFRMeuV6z@_+bDp!){A)qGJL=94w<{=wsAE<<u;5728x&Biy
zjdNdzP9xkRWIj7!G)}7Ul6UZ{QcYWilwmOg6H-a{l5rp6UjAdKe-|+e@fF$`U{1(^
z`$NaA24Fvq;JO?I=2pHc{|)8@L?XM~FIe-^Xe$D5BJGFez}^e&+K@^3#-8oZP??CW
z@Osn^NR7wfT;Rtz7Q7zvHX1d;Lvt=5>Os;I^we1#G72z6h0F?A{Dddy(D9I8K>Apb
z77T$#^<!0L;U>(yRntT?-=I~*kNdm&_2nKnex{)&5-TUT%Sg!s^u$_zgy``(A+ih_
zinnlCBlN}9wVF^E^T<H{io+ey61(PSAK)!{uo7>aPO>dysQw#qF{+P-oKV$wN{hv?
zt_zoG`x(9?Z*%IFQy#g}X8-e++2UYQ-AuWVwYP4`5F?Z7Cdq~9PXZ{oy)H>cgL-lB
zx^+5fi5pYNvf)a~amJNd#cRg$E&nAqhr3Pken*?pmc1W!>Fl4@E|3dTsb-wqQU4JT
zZ9m%E+#GkGcrv;`Nb#-QRW)$E;Vhl!sk`1lB|G{(NgOl^<HgO^X?0e)FkOSh0+8g7
zh2(7}2FXe2(bXaI>I-IBX?k|v4(N%-iA~Rbb3eS4G<un0bVvV5izO3;KKPXjt-E}Q
z%jG{04E}yjvHZDjrK!2mVmepcII*SJ2+{1Wf$PAcj1IjU(DRQ%jap#U-<6RH5%TA#
zXcU?Nufwqz11oKCu~9z0Ye0o?W1;C><G7YWV`59836-uMS`N}k#jy;W`p)}sy1~$!
zDsIg;2;)I4n?g?HYD8Kp&IkT|Yd-Rfz9|*tJ<Vnv$|z_M9*Ut$Oe*dq>C8ezs_g@A
z6<CJP%ww?WH^;EK2JiFuvgj^^mwbS?7ptsPJ%PVfUI>FkPO2Nfg|VMmZzV5ig-COh
zo5V=`mf3Y|{Z;jG#}7A5Cr^(pKXbVJBoi8`OV*VIFUO5xNv<1pWx+l-F<8b#ePkTb
zBb+=os@147GFH62eMX+T<vRe$puf*-*sv0{3$wdWKXB?vuT*tKa`lp2fX3bmG_0Z4
zh{s(KF0c+42U3u%Q)%2;m7RUNZqbwtCzpfhtD0iDN+7ni7!6n&dh$>_^pcN;BX8A;
zM176VtQwraEcO8$=CG#b>SSfhF1aiFJ>c}Fc1q>FdRa;;4TqHSNq~9kNq|-EtnlS8
z^^hMWWBHP$)+&bb#pV;J+$sTS%2$P64{5bh)lpzAPVTBOcTG6y%P;d_ORKeP#Y}DT
zsC>mtEaTI9Ms_%3x|VU4o{`0j>0&d{GO`uEbegdoGTPsj+v@V^Sh!0rP7fBb@w<HS
z4-E_&7o+qJ*}ds?lf}>sb#W?iaIM7|YbfGuN!0nRad8H)XUnTKEzG_1V8A#33r!O5
z|L3Y9A9kxMylQ$OXo1k_2dso*iXm%J9fY1=j#UwXg#pj4fqx=Lfm^Js!Axq}8b95<
zt3fs*hz&xf^!FE`t#9s!uXdcRYA#}dv=(XO#$2U#Ln)iEl&YR?oo&r&w=-{%H<2?f
z6tCXC<%?kHU&X8AHd=kj%bI28tt$}K99M)c;8H5>ZBs)t!(xbSCJ`rPIxI)rt&o5Q
z{UsLkfEI*1J(qQZMP(98f++UOy(9!rX^u`%Y@-MYl9Ihx)5uiM)lM>Cs#}m}h*6Sf
z|BS04r6jHVDOe93KuchxNzT4udQz#C1oR|~^dzxvuSQQc{>)QR<Inlf2utY21XMv5
z!^OdRR3+I()w2f%gPT>~N+fVD7X1kCT0Wrq)S4dx%1~1}vP=BPY(5^2n1V&-&v(g@
zVBxFs`@2An_!F=r*{xI0`3$e2Sqr=obrOQ)+Fo;HTzMa!vDLY@Fb(SZ5-6s=6`>Hz
z`v8Rc59y-jWH-m%E4D`qg=ARMfVRUL2Be6kOW&?nD0CQBXdc9T%AF7w%N)y@_%CzD
z1FvAD+&hb$h|nh$r&f@6SU@h!$c$Yz{@)C#0QY!+TL(I7c$IBK=I&KojOF5toc6-J
z1waJkuEM;GrY+ZKWABv~+p?J^p8-8KIjtVx<JCFjNh~-Xgy_m$16Ok{cxr4Zcv{d`
z0kfG@>$S4GYI?s=vDV!%Nj$V#Bq@Cr#LiL)Xmuz*J0ewQO7lle^4RXoTA1RacV~>+
zsTti6mXjZDjco*v&XfPOJa0uu=UMR&^RQpbvujMAWy5)nV3o~BR?y#N^q1hT@3xvQ
zWJVuP)6O2+q^ftMs!LMUMX9Pws_OQ|ldMEdkBgkdIfC0Rm)v9%&Kr9(pR658+@$%v
zrFSL18X6Oo6pQL|la#T!sP&r@sbrxKIn~qBv@1Xx(8+H>6ag>jh2NSEU~<TFkD_K}
zuOytXf5~r|H=W<Krx(&fQ8(ZoV+}H$$ot-lmV5P>csJShN2t$Bn!ar?INaoRRGF#V
zt3`8xX}BPI$zu>%>2RyL7*6_E>8FZZfHB4nTuL=Kd;Vq^DLvUuW@G8nGz_S5yo2W$
zxJ7^pImf98StuoAgZ5w?3>M&-SLIFHhC2!=a@w;PcsAdBTnm05gQx5vTH)g)*Tw9(
zXJh%g6pPj&NP<1Sdt_&~I;Wzh2;yP3oR$lCs8@X#W#qi74j~cZWkch#dz5(XEqzqJ
zwG2>=oqA51$A)>5Fr|aROsxKz-s*gZ&dS<Lq#ebJd2;PV@_YTQi@ZeNV!M9-iF!Fz
z?{Ezt<B^it>vPDp-Rif<uUF~H5V1}ljA)lcTg?9Xw+n2mvkfaL_L9eO1NzYrPDa2<
zlO;c!XY=Q5Nz2cx8&|A+o^wGKPQY+{1CR5X{qye@=0T>rF%uxk2x3Saq>L|yjB{$g
z!uWKEpMvpUkIbuT<IMwAm$;)A$$1g*J(B{gZe+;dBQbDOHE<Vc;3{!)37|w4E|E8)
zxKxm*#%o%p;uR|jYGSR`sA*Ejy>ctpa1|OgOCy1$Vp|mCyFS4xw*nmm_5o<#jNtbu
z71XJF!&yFAZb2F2;5;B`N|OG;wBdG?HTXTc6a<&6$7p(33YHi9;!$Oz8Mth@JOUMG
zcgXJtOVr_&Kz{epvv_63++uDH228Vdt14D5J5yJO;<JyNo$2=S^g2tBw_H_B=3cQj
zHI8fW)4lUP!x&(v{T;AL$cy@s_9_YV6{)ekcWaUOS-f)3=!TCeXzJe;lpxRj18s3U
zykKk1LdNR$e6uT){$@SePPL|8vvEUTNR@K?kTfJmh6#kS8aZYu*MOKx#uCW?T+<FZ
zI9=C*e6L?yv7OOJLs*<K4%2NOUr(Qghi{5glQF+C`3QdG(cmrCTj*1bqeWAiL{&U+
zXT}Sa=JdN!`#VmrO~3OqRjVsch|)coJCV<>NcH4gSZGf}cm=CH4U6IeNKW!{uTXja
z2y%6Kxn212a@;5Mk=zXrH+){wpC92<NQ1YF@aDy!4=`w{N3q7<z22o>ct?8TAyqI%
z;o}Edaodr)p2&h~0(yZv^ykyG;7Rb-7%R95gVc?w9wjCA<@Lfh7LGK`OAK^L%Tm5U
z+wEEE@%T)YK4uxY9M#t(UmO<T#o)wcq=PO^rE)U%;2y-Oy-lvjsGVr<+;XG6qi(vr
zbL(__N9`23`5{<M?HybC?VWXhvv+J|?VYtuPDmkg2@7-GT!L$_IbQ2ad#8{L3}YOQ
z2=3=$B?&*U-?-gjIjkJ=u{9A~;esjjv?sR@fERA{S;!(Yu4_V64@x4vFxAyK{D=`X
z3tduE@bJh&icI?9QTje8Zhi{7)Fts|{hU;;Wy#0dCd}8*ik9gGm}vp0E4-c@Rnxhv
zO)WvKwSlgI_r)$WXO=2yN^BXixb%^@47Aa&tHGfI$<$#rIGe5p*F|F<(3IplmCpC5
z8r%h;5B2y4R%T^THMsO)HMmq=4bG;k!7UNub!EJVs+SKd;dv@3xV9Kb))A1<aF|uo
z&a0h(6^}%v<28AJcIp_VJxyirc+S}+n-?n{3h;>D-dKR!P;c-1RCRGgX)lE;?XlU=
z`l)~ocv|6UTe3L@_;S?b!z*aVA~@Rfzv5ve7=`IU=Bu?hi|5rm#{si9M{G?emkRa0
zU~92Bl(pq7-J)w2vuH{KjJGd5^0ZBOrR^w&RLJwuo|m|lF@jvKo~s}?zXc=uCg}eb
zwti?wJCKZvH05%72%mr{1+!Z{HxmCz^+V0tEmd{yo0wEnS*D68^Ke*QPQugH5~=o5
z&V{^bsE;b7lU+7?hwg7Fu{(6i2e?HHLP~Hh1vYOw&&aLHcYNujG>hIru@4FyQT`UY
zIRT9+^Cgl>gT~6`O&4yXh^Qccc4)klFsXu6oQ7h_ABJ<G@^F$gUx}|E`KL#n%EtzF
zT@nuLL~^UDtMov-yg{vD;(UWJ!A-KXGiQ($#}VaEsKIfUruU8J{2i#&Y#6Oh+z{IP
zENZ(OsZxeGs}y1k;;bF0!?1TZ)l`s@QPH_I?m75HGY$^mb1{AoW?bE#YHm};!;oUK
z-PZbRXytlcf*4A*hu3|Y6N)K4f(TWJLY}ok9?ITq6<ea=&pG+bqwNgJ&)bbf=()qy
zE2rGsA2v#^DA#ZfH;sZBcgPc@@;=!cm0-m!@9RHql&Y)(AHK%iCtkZ}gV}e_gYx~1
z{eD(hAYRLS4Noc7PnJ)fQ-X_3%)q%D9zIeulpxFm0B)G9WCZW)9*)_41P{O<(t?qd
zj9g`vJ*@l?BfFwzSD*ACBbQrc_+83M9u{Civx%c>t%`^r12BDD!!u}NONc;7c#!ek
zBMH{~tL-0bFv%a7T@fvp{X7%^A?NMy^VN9H_XJ~qf)(uIVCGQ@^CbDyxz7g9-@pUB
zi_DC00|Ir2G9`F_Hw{0eL5ooo-X|DZ3X5Kj7HjW}d@n04W&z2HS*~I!Pr=&X=K|E<
zhpRVe?UXAaH7iv!5~N-XzbyRP7qh~OCO}G~iyI0978~Jx{VabiXAn~4lN6`t6sR;|
zGJU7mEjm(^kgnW96WIW*qf%8e@ck<N{xle%a3|P+6Ob%Y(VVF4>{VH=0S)i&!NG<?
z1giSU$@@@OA$JQ5${GXAk?@C{xzzd^o{D(N)bm<A&7zl`;AZKk?67H(;=V?#%n%D5
zDqX0(mfHNA7aD{FaRoC(L&Qz2Dm;Q3=xeR&c^agywT->frVnzAgFz1R1AJw-1s9FG
zQWh*tEpwAuRaAfm;YFoM?QxiP10z1hrqa1V=MSXVi{VlMf=I>IJvfuRaxP}VO^;q-
zt{4KrBNb#K%vUj5FW%lN;7Ytn)aIX-i_Y2A{i$Y}zUD+Bst}Ey*0|4R<6C`9jUf|l
z#KWwtP}BT+j8zz~ZWyVC9#;KKT+FJ{d}%AA#$gq5u}x%Ev_MALuQED?S&vtK0${$N
zn9ZSu4WZhra`U4hI)?*ua1O)hcSatR9IWJE#1MO*(C1_1!5Y+94qxWXo2@n2pE@W&
z16kBLMdO~qpBUBxYjI5~k8WHjpUgfJ?y&|-Y=vTJL=_va;1Uwt5rv0jgXiZ!Fdfle
z{B$#|egZG}5r_5ME1Z(cVVFhYBIqn;iB&3Pq(U}$pB1fW7Bb?>UldV_|N1X*v@{hj
zY-$?{2SU(Mjf)ow=7dcQ9bhmaKOH!GgPWzA<L$cSp;0nGg8<7@tyO+Ey9}t=r0}Pl
zeDZ75tWRDN6+h{{*Zu`wl$B>lE*q=_+|zi>(cf(38k{I9yl4NCd&X|0M}Og~%)R2(
zdn8w6gT;4GB|PQjjD0yPEEKQmv~3E`u}E-{krKBZNZfAHh}#S?+&wyS_l~d8w<Rq4
z5ylrru4ARmtn9L7zio6yadU@z`gtmOMuC)sRc48(-V<DOM-)lja=EH6m@z0-*?>4=
z{wkYP$x8P#NKNi%;n!Zt3KdO@;(>xp01Bc41&L?YXZUL;AO$%ynt}w2b`;5HluR0D
z3oiK@;RsNmAviY2ZAgS&(O}V?QHhln8KXek%B{g-qqHC@72O%>L0>t*^`p-qF8EEv
zW0mz5D0#6_x<49xI424{6&_+1i$nLo$^l{6r0RZW)ToJGvJlmyX#^n0z62MOq2a~k
zZ6J5NC5G>mk;P;&T}&+h5ZSPp0KPX;Lc5WLQjyjQAZtaXVR*C(U42387xHFArSv4l
z@BQ%0>Z=-{)uI#TAwa8zqLmWnw~tX2eU6yRqiB5_(Msv@;_gwAn}^Z5cobTlHpwg%
zrAPH+QvG0O51slhVER+daY$Rl@FelWURau8Y<ggDW_l}Xlf<{xbDxQ>h^i#Rpc7B3
zIsNB8#RWQ<QoQ$+ak7Vz?K8_GGl!Di6%xhfRC||H#jYdvE}>4Ih6VqlH1BC?-V+{D
ztm2cbfrdhuy=z@B<h(=AnJ^ru<>-YRY2;Ve(ELxs1qh*XAnNgXh+`19oA0+tMtPx4
zoTu`Ck)}}~7usZ-cufU*!>7vIDSqTFJBnty5S}x_EmXwN&{kR`=f&VmQJqow`*>a;
zh8g8DQkuV?_ltHE<)|~?7RKuZL!rLR<v=srOB&jNW<rt&t}=3BHgG&&#0IA;vK7aJ
zeSixXaTwpn*zaS7hha9+fmnN!d<LgUG`M9Rj5w+4%FKrwizN6P;)EPDN>at%kfhuO
zb4N?Ioi2u2>Ki5xagakuf<%z?hWi<vMTkH>to&U@+RQ+O@^_IeZ~<y&d3apj$4Zc(
z3=>FYtPWSTHZGHf$7StIe{GUMNTLG|=FH~__EAGLny{s@2-yWlk~}gz6P`qFEBJb&
zK0GNebndf+Zvh!=Xy=opL}}4Dobo^kg<f+f&T0s{6DD;Z>J<k!8>RWe6#Fz>VFBH)
zsGV{GLcGq&LWsl$7cg{)*El{k*jB2!2F;nG4b7AW;V-+}<E@|vLw7i%Id8h9M~DjS
zoHMGk->{?woxLmZj)9>W7^#&~GQL(Whf?LgRF(a`J+4$VQk04I-`Jd72fZC?5hFt_
zMOhOJt!OV8oBO1VPX_kOd?v>_k6b^F27Ik@F{^$5^*BA5nceSTR&fn8a6qiKir0tG
z@_rDFM;GY^q&-o-I#~3WL0+^i6%g|9Hk*w0zf$>$^1Fn&6$LJ=*0`mpZV}3`0ESG2
zxBOcG6h4cBH42OkUjt*621a_!GBg5@ZC6^*9bkRlf31J4Tewv$*iMzJZ>Yg1d79pa
zWT@4s2eM}Sj7!xtj6l13=!WkXw`k5R^J=X8gc=P!f0WzEb9y-St6ggSI&ANUHQ2lq
zw!6tm{D$@C-JZGViseb`kal%lFY(l?RCKx@;(F5HjdC#~yGW7{A$;eUjij?5>l^10
zH`y^Z>SZkoR!UQ~kOcE4Ze1Ku&h}=Xd0BgNPACtJz8JV?LzLBVt7(mzY(?csGsr=t
zmg*~+_u^$!A*%*06_7Q5(`2=@7$+7$y_Q+{Zct7_`OW1ye~lRicmQN$<kZlu@9jvY
zx84CfB&E?UHp*6&s~e(f8Zyx8UF9*uEn-V*iM;^RZ+X93<1dHfmOnJQV(E5#uWHuZ
z2ct+2ylKYuoghZ@mJ(5&wB-x<;lzzF7|VTTvJ0;+M2wYO;11;c%%rhGGYFF`7Noyp
zv>CYo4)prLDD@|F4>~Ja`y-?6wNz-k=MDFHw8cHJICgVZ$F%Dsis>3W3^@8Ir1AO;
zEpd;%3n)?3p4GU<n`)LpIW>dS$I%~#OBmjLOwh{k64Me8SH(zv<%W4)@)aih%x-S+
znO|A?9^`-EN666wC%<tCJ?%$_x;gzC7%d-ayU?bb{u(!=^OTc$-miiB-&z`V?)Ba6
zG{wZPr|@ejYHXQCL(S|TVS^udK)djf<Lgt?cA%U=?4R+o#Oo@b=|ew-sqUawpn4Zs
zfS2Fh*qdqFan}L}P9+REGTp18o==01ab6AWGjy~I6REFXG8e|bwtI1_rr<`;#Ifbg
zYA!y=?{3l#g*olo2fi{m>SA&`E7jsW!F$2A$SsC@;$uFtS8<P9;BT=Fe!Q9RQ$1%D
zR~HX|OCYGO0)pz6L(t=^9PslUH~ef^0Y6*ULd3TrtnP6LtJ?@+b#-flhmjQv9>d>z
zg}pM=37qI(sx&Y%P{l+*(_hF|HKWFZlg&AqeNz08!^bW;l5;Klns}MRhujIv^nJi<
z$#07v)=4g6|AL>8{RLjrzFGG-?S#e<SYI{*D+}DD`CN9VRDQ+Wl@07fFIv{B?S%wi
z?n7-{kNu30JMf+uwn?r_F-%;7I2UV%0LWc_37DyD=Oy>jGO}p624%`H+T_k~kLk<j
zWq{XA3zeZI*u*|;qBzTs#FKQxz}V~8?uJm+EHBv#M9591Xr!o;f0CphgW^M(ATgp$
z$Pt!)JK%dc^qU%Y@SM@6-3S#Hdn$tY4QrsA#d{2|AypDGJ>+NOXpc+r!h~RPs?Q`9
zvyx?*RGcmqGfJ|2kF=Eq8L&ECs%GjJTTPG}3Vz6;T~H9WWHAQ*W_p!^US_cIlf7im
z+p1c>%BrI4m{sWp@g{?~ipBd6{e@NsZxJ`Mu+FIWGMkd*ag8PwjXNk-?q~?+-3`gq
zUIe{uU};t@+9kDKWdb0r$;qlND|s0aI$woyYORL4%hgrQ{Uufh$X~tkd;DCn4j932
z;9jQDqTJqOR?++08S)flS_rv>38eDRkbmB-FdEJryoWrBrJ*;(x^uWM7(9^04xwhq
zCetX*5Oj|zHyEf9;-4dD=gsM_kl#R?#p)l>baK$OTXJ?tweLv6AxR*T5R!y$NjM=1
z2PNTk(sxc(^MnrJc5?9pZC_r$)kYrsfRY1$?S869yASnfQ2_2>aVMdp-+^{J_EEK2
z@eD2(Y9)V{Ds&KmehpRfv+?WO@C8q_yfK%WnIPpDubJJjR95EnkFwvvH3%wAPUeg$
z^2RYmrv6=#rhi(bpKHLYrS=cFz!Z2kO~`2voRx&rlF%gy2O7&SbAiv}4Tgnc?P-Hl
zb%fjgA$&C*zb!L=*~W3)(c|1<e<P4Wv73WZ8CYdP+|fXIKLq*W!x5&^9+sTjx$iw0
zPaV#!7&O>KSGOt&jTFBjifBOk>phi_0?HFfCO=;!X8v}Ou>6eDQhq#qaSeCJ;~j6p
z_S~VpFg>%i7h}&1c&T?0BsV=1v_Ml&BE0yo-6~{?tqgRoTo<(uNwpy^_=QEwKTs9w
z`HKa+DzrM3$Q?ZyEMhw(XQ-zG0$~XBv{|$grj03~n+v`~OXya6enqo)kIvrR^L?7_
zUcT6Wt%jfHzqW=?^IzM@HEgy}C=D<=dLF|x_BDcSA%@s+tN2LIG7T_W&l2q=vj@E%
zG@0}75+?bdG|m;qEu_i)TJl>UGCzk#-ASW>&#eRY7NSxxY9$x2;PX)~Fcb&R$GJd1
zJ_RoD89q00flu(cj0=1ahb`V7bnbR@hmX5)*w4`{2{kz{SMrl(S4U7dO|F9U)nr~6
z2;n#g9FIe>f<|;hM9;1`t^Xn`xo1#WjteN%eUgWJ=0!9Y{Gdn*c^mYn1OC|3Qm$bM
z16Vko+3IXW4jP6UG}@6TbO)=h(7U*JXz$#~1yOyk)!B`wNmLG8HQ*$3SV7RSsjSfh
z;`IR8)h%9Cg}7JnN(*!zM%!4e3#HnNT;LF%dkqQfo(E3i@$g02d9l^`I@Q)gwM3Bs
zPV%540JJJQ%mr3LK?v|KFmhCR{LS3UB~f>cftm<H1A|>|^1GP%0)Aqv^B`5*OKvKO
zHaf3RZ8Dk?>g*{)`=9YpoV^8$`Ua{dzRll^g&SDz7>J%1`Ek3lk9S65uw|IBn_llh
zj%$xw1KmxoIH9L{3<z3eE%(eeih7=+{t<4wV#1eib5B1<6{;WQfk1zUpCLvb=NitS
z`6Vau16+77jK3H0hc<Q`^0%}xPr`?Awc-MQG}EM+e8MW(d3u#(QR3h!S@ah6NM<@@
z9Z*yv6*tMMhIUR`s9hwlV8m9oXEmD1Oz~g)won4SNf9$Y&)L1z46~-bwi^Yqt+&fU
zcYRA0)wO&h5m&dS^2?Qy^8lX+jg^F*au*s+pow$(5q+%W^vfkt$r-@ms|t-U22~*7
zweP^k&Y;upajUt{odO#8gK1RxT&^YJiH!QoNG|v(Fx-SR%;`~c4`8Y_TB^!Qf9>UO
z3zK1(#G?0Ov}-upe!Gx_2m@Fb!btV>tV3@h&TeXL*>y;{K_u(B04g%U&<T8u=tnyC
zARWwy&=R$ddmCk_+aW=d^AJ<k;%uAK=xlFwo<Ik+J->x;yoYY%8h(dmv@-qSOg^nY
z?7&fD;f|F=6$XdlF2x3cfC}Ec3mDzA5Dnjay8V1z>J}Je>r)20#IuHh_jRD@K-(d|
zFGmDZ&IPn8Q=1U$mvQ1FWI(?UuXT{zn$#>X;v**v!9OTe_qAJfbvK0SEEof#r?YF<
zQn#mq{1yEWhUbV^^Q5YsazuWAtJ&;2)R?kZIUQ`koY^hKv}%*&gcar@zX*+o$#47f
z=J188>!R$s*kYXHQ0}~U6@*wE4*T0eU$*mNXGEDn=d62p&MNWuqVK^tO!5^Zfda+a
zg9ff)P`k>q-@(sX^@733TL7oGE93WTZ`lgF-^3@u8<3t8R7IyMlwH-8U3CI_#43z~
zr8DR}?eS%jyQx<_t16t3YcVY7Y9seS7^Gu?U55uFa1|ck9Ec;yT4J&Gb*Q|HFKY;G
zb;$xHVJ}-$*G{+35^T7F+Q32Qj$(H)X<QU@UOOYtxr3jg3OlflAf_Q7qaH-<PD7;-
zRwjt9(<(4@u8VH0s0~d3;Cj4;Lck*gnHVAW>ku3;@X4xhfV}w<1Uz!UP$^d(X)*^w
zjn2!^Rj%!F?K@2!J+mWtMt@$_EuQM~R?kdm#~7vtX1W~gqi)S}-g<~+{ti`AaXX&c
zF}(FFgYElY8f*vPZxH@+`wX@M_~YSk4a5N#s4462^}mlQCR^|~Z4>@Z<MB6lE&dj)
zf!|fz({|EF@^<=|Rzn|gE9qm_3i`PHVR-C*CT_?3cphWe8=y~SZ{z!@WXtY-7QY+1
z(O!03$9s6M%xKtyk$VI0;mPMF_)TC8q1L!9?`gNrC;(ePq`$K$HFQCiJw^2OBD`t}
zynEZwMyipd;z2K7_(omc8s^6+XQMK&Sbzx(0t;z+(R^JEmOVzBSJz+OeGy7~4uAIH
z&;E<LIW9SQ?r9K=^V|$?lfPKqZ#DC1kIQOrS*NUSx0)AavDNnQ`Z!Er0&zmk#r&i>
zo$6C$)-1z=@6WEFX+L_+xC{3J2b1a+@o93i&s3Qm=5K^Q7XDUdhlL_yn}Rn{Az_0m
zP%|O_fzmmGw+DZe73#)^<#PmY9pRl<R<<Y)%FQC-_<WIA`0P?XgPb|{wP8c5&uKFD
zZ;m2(d+<k@cof^a2Y-~rquAm-_|xjVWTbpCdbR@MQkfG1`eW3N4uRqb@gN9GVPL$S
zmrxH8^{gR{<cx}gET0IC<Kx6ZMwluuSs}UJkxEuTxZseNtdv|GttBhB)0>|x$P&r3
z0kyD_%E`CEi=2j^=977@i?zViTm<aO6%R{A<5(4_$p!Ll1jiCPrccvLnW1i6=~2tO
zE0xK(;ab~8Z}hM}19{@lcyLeS#sW4@cE+HxfG8l9tjr0K9g3=I%1_kJ-Q&%;7m0fC
z`=6>5CXw2+h*8uHpjXnNTW$v=0S!wg|4E~6r1rHvITwJAP26t-p^ghs2OEo7v3p2L
zK_%T{E86~OGp%~TisnD?Y`7{a+(!QQpe}0iR<h?{Ow3G1b86CYZQCl|OMY`N3@MZa
zS!0EM&|J*Q^Mj>EDMenKo*lW@J}50_woa=+laS;))E_jOJW^a@TPD<pw~RN-E-SEK
z{8aJk5I<24Yhni;oX43NYBFY6_+T=5kXk*SGBUN)V3>KF`l(U*Sx{?}i*00;i8*RX
z1<Yw$ojNO4U0!XJPtdW1`j*=5#O0{=<a?lI6V8VZdbIfvrCdSUbN*qiB;RabX0@06
z619mcQQH)kxxLh|OfFt84>lTrlT~hMaWDpvRa+c!iP9#v#gS!bam-3=aom(BLUWQa
zLwy*N+QaM4t;(x?n+sg0>rMw2ippv7yx=k>$k-+4r6b6f+9O*`awMm}SXqidkPMTi
zJHoqy);~}Hj3T|^o*CRhVYq1&4B`sb;9rsD9}UE~`r{OU<Lk~B=M`YiEx%GMGJO*t
z={7W|TOUKa5iItH7yF~E$qb|C{{5_wRHmlw*6f7j1Jfn9pvgdLZO5$1jMU(SWNAWA
z3sl)9SZsBZ&!@$7h1<~zNiocv?uDWgjZ}1R`C-ll`AaMzmlj~b&P>8>UyFY+<5$+T
z6f^Y=7lb%p|1u>}ZZ5@}NMh(Kx4v~25ml96*r4+FR1Cv5SDH^d7jGJ3DGnt8uLUyj
z%8o!)sYAto3m{SwF<q-=i0&H<nz`-YMwyv*u9~*fk9#u8INTW<xn>6giS%BE`RT1V
zN?}J`r8|P(qunqCHzxSRV2KqVMTI74S?laLiu%a9kJP(J)&7_!6H`BgyFOcv(o0%7
z{nTj2gnei@wLz^EZqAE42n2A$46mBD4=;smqdIt6pc$Y5l*zq9J9U|h`RS$BRB8e0
z{uf5ful}3mgon$CS(76F^BWzOO5ygrqAVN#Zx(fQbWy3pK&?MG0u+{)`tO$a3M~(f
zEZ}tg<|i;+(RL54qF=s`df`=3pLscm+x7yqkx^SA4}?E4QIi$smb`SnNVk!}xk>+T
zb^8}))p<!&Q@7044P{s~qn6lXx~&Tf`TegTv1a`<!&0LB;_EtD%3oj*01!WZZ`jBi
z2trZ1^=A$D#INE$4=Jqf?Q(~{Nm_!Nq$RjXT7vtgCAcA4f*YbGxFK4yHntVoF?t`=
zhQ&JBvD=-1#eBNQD1KBYmG{|C^5e5lmbuA#RdZzIWaaX{hO@lW?6hScmz)u_brg|Z
zeP8|>cPYOy@Mp0V3ht#QkYrac2KS<tL%Ge|mff)wy?t#R**Dd|(XNhq$rnYMkvHBY
z4jK30G!QKPjt7iF5?-Or=y%)(3y;r4+Kce2uN)zvBJEBapW!8kis<Hc+J0?QKT$K<
zC`UjPQN1Ls2pvJ`w!<QE4XSQZwX&sX4rAc06=dHj>_yFSmNqbs;J}!O{$ZRf+60+O
z9)mPurhzOyHM~^9GWj(1<7;mnwhwXxDLRF^_2ky!blN?@*G_6IO1s<^z8V+Ipyok<
z#i3xyN!;N@cQE3IM*f(ac#AYUEt=IYBcFoCO3vxlOcaisIXMi1>yrBQQS|)BFp4n8
zOGTPxB|b~D)x}TW&jO>rfhD)@qZ_RQgLuccQnKLQZ84);TcVezglXhasAaSX#cS=_
zO^Pq*(hTKsflmy`BybHM;M0T_>u@3NIYW_S)cF9k(9(%JIv}>=9<jP19boVh1%$Oq
zH@VNETgL$iG$*$>o$C6FtxpL{yyVSS^{vKlc*!fT>KlzWdddI7J9MU3w-`)*{_5~1
zV|-<$zREW_n5?JrpAzEh7h6$#seUW9E+(WR{9|m6p(pYbbuq&oHWo@L$^^PPblb#`
zEde;0tqk;a?8<5ejAy)L<{MgO@1-6lF2V3v+^!9eoc7Vf!v|!V;uFRPT?5wLOtRYP
z_(*IYMlUrZ^RqVXTo7{Q#EluSo?wQyD4NYJO{E}$8-Zi{ppBMtqAgZk58nH<zYFt^
z3w+LifFCw-4WFRFHJ8<Xh6|wg&?ZNgDbx{ZbPjPxL#15c8ssY##>>YCI`#txjGA=f
zM?+G%4OI`4WM^M6Kc&BfDdjgbEs67AP2|6mb2hKs#(%q!m6IH*%QmlksMXnv{B%oE
zN?anpSWaqMlrjsGF2scMV+sAWLq<qx(o)V!6tZZ_n=s{MOqm)>38~Cls+$shhM<d-
zse;Wdn}L9;X$Sqfnjh|8)shC4+x`|3_*xtHy%QK_HrDnAi!4mP!OsPjno!$e$ixNK
znb6K95A0!|KQB>u!p}0w<65(Y8^{k@DK0m)#>5J3#wN6CGuAF2_c4{7#2%JhwsmI7
zX#<GJ&p?0$`Xf2}xP}h2V4K$()4e5y^p({I!GGb6ip)Vgq=B}z+CloUNzPtQ?4Y|<
zwkBi#6fW=^_{dM@t&Q;|g-}lqz4htrEw#6;pA;-KqB+6DLX2sNPgDc|LU~Me+5kh;
z{6^5Jj>S=o2*R6FtR)8i9;7A~=*v`pt(wTc(h{F6o10u}<04C(GRt1u2P_UoJm)j|
zRG&%>VCK_30vgOf`VxRA&uQbHDgk<<q{(It(+(ld&zh9DCL_Quw`M#0u(z>=4cJ2L
zFSG`-qzU-8O_maBdJ#Av?r^)pi4mr50#v>(WeInfbNFBJpTy&T(lm)Xe3CmV;b%j;
zkW4PTi72HG?!Q}TZxa}EL~+PT=C}I`p-ovOz@s&m#cfGwnj|MRK9Dl21Ua?X*G(na
z5oP>9*DjxNsT*7Nyq&fT$YpkIUnfBpzd{xIe1@8y>uBlX0L2_ML6{pe0PKGg*9g}Y
zSP}Z{PAiIrAO8Y1f}B@?CTW+o0Y5zgs^Vc*<vfhI6c}-<L>O{$IONR#a2Ob9P8;_!
zyGpz|MH58fEt%(5NnA;Z!vUS$^9N1yRtyh;IDSL0)I>`~b3zcisx>~*Kt~LY95f;!
zI&CI>Y?x3B;h&9-2kF>&AT~B`UM1E>68V>)z+?jsj|dJAe7OoQvt)Bik>#dD<rW++
z@mgAuj+Y_C>XN%DR<-bWT1Lt6n85=cC0$Mm@+nNe1;<Q^NnuyXhE-C0Nl7+d{qOC;
zjbaTpUtG1l1?b$z%`pN;6ck$L^lYM=$&YajHTd$#6+;iyuIl$VVd?I|rTd|aqn7U9
zHEXo_C(Wa2^Uwc&>6V%)A$Yub?9y#${<oLzpXHBTx+iJ|w-7tWuEuOiDieuyq*<x7
z(tos)U$~&J<bTQ6T=t;d%~WlD##7rz(A?To5<0G5OxB=XdR)KatT^*(ZT!SM!Mbjo
zm%_o4Q#&aTN?055Ecxkw(*R6)7*eiJAx~g&H&#ll{DtzrzKP4w&8&WkyvVLGX+Zw&
zKRybV)y);ikW+af9r&<AF^NiGwcgY{l7h69cU)(+rjA<SbcQU5c2zU4$C&d7cH|G<
zAJvgPVXY(I4*wq=84A;m{8e~tM}8~(Z+GO`yZ>oNem*p+BNq-=LGBO#vyL49zTS};
zcD*Bk1>fU<$~`$3a7RXRMy0Ag>XfWkF&6vhXY$vYEcySz=jE^CZ_D4v&mixIRCTm%
zwbdcomYh(}{U+Siw;IjVgq16b_ZpNW2uZ+$7+2Jk(_UEIWVyS!f(yI?L9e1fa10gW
z?Wec^UQPsVfS#58H$4q#LcEepE)a+LNfPfZ<x518&VN%RiTsTsVYr6xq8*8<2-k3)
za-mjOwj=Z~rW1Aa%dI`_^o#*dp$};(96g7rQ3J{?^!!qb1{UQ<6h~IEdq`|E;hvN;
zDt1ScK)#6f1n9-oh`>YsOuYtWok$+Q1HBZ!sFa_B@J$qng=@G>ZCE?4hLBK{P-|80
z%d6@W?yi3%svg6$kv^I^7XxP{)J9_gS$dXn^)4%(ZYmRKfQ@Hz+Ld?=1lEvZk85}f
zIyJAVm){ucA|K<evHlqML!G+1j<6EM@S4;g<0ZR0i*#>aR<R`xOENG9#a@#^BhyAj
zvNY0UP^Q<+rje0_dgMg0g~9+!M6Awv)A=dnt)pWHL-kQ@U{9~{Q$K6AptDyStsuS?
z##EA!W@O6FR86}B6&g#eu%<}M7%5#^#!AaFq*CpgB+S0_=b>Gx@1kf-_jW-pJ%36Q
zj>p)K43D-Sna;a4*;ptH7NfV;jpKvGuz0=)vIO0@`C%+Iwf(s3=cr8-Gc8GFYOC8z
z-l4(83W%r5e}d%gn@4U(Q;l*mm7STC5mCID?!(B`=?*!Qr0vAeXkh}1+>W1&61idd
ziOJ>jVsg2hZ-K_y2l?^Raz<Kim6o&83~70WxWuN8_FN>ll11lX7RwY9eeEcrqka1d
z{R$kqa!fB@>Mkp*S(|E%>4uIt`(#&2vvh6IIr1{9y_hpuUTYPHhIl)aF;~1c#54B4
zZTLoT?uOvQzqiRr&^zLjj6pbEL$!DpvZM(H%`5cK2tIbhhjMV`GjY_R{E2ilN{=_M
z1_~KGt)}jv`5fwDpp?yNBY)Y6nu|5*cu{4oO<kKx=4--u6-@)pkW5FA^#=O12m)?V
zpU6<3NLQbjP15v)Xc*30;gLVh3Bjm1i)wvp=R>$a$e+qz$YH?D<%QH5^M#yth*#B5
zfYy1?{VuRplhTZ~GIH|@Jj+3+Zs>t-X&K$gIW(kKz#6=2Zr~JN-#LQXhv#9~-mnL)
zc%f7{$*o1I=cyepR`w%FP^Q*6emu$)@syf5KOSw0I1x>=sU6q}*iu+q4CKf3+S~uT
zx}yKEF89B#OHF$nVgPY^X=z6^#%r>gdjwBXHX|Uhs?tK}17#S5i4Y#bL=RB=$sJ-c
zHD|UbpvR{`y(jP(D4FK&L4gG?BjU_`@EoeI4ucAd6^N{@#Sb5Zlz3%jD-wh(4O8+o
zgkC)-Z9{a@7OBD|{Kh6rTi3R1Lk50f%eMRR!1;&+&ozo`p!PQ8)U4!<R$SCk&E090
zir3(6oIPlr5Z=`dYsgP0!@L}GFV}buce<?PKnv}Lir9t?Ige>{t8F9rQah-fyu~p?
zZ_Cj|J%m(N@^_Cl@<#O&X@{lz3|{gXRaYEi<t@QWvVVw2I{i@VX+PfhY(WdV8&$1L
z5bSLvx(~?>g!|Z<Wr)tCvk;5E&$z&+bpIm@PmbNB`v;h?_%`k9toAim`#Pb0<!fJu
zwXY)WYrpnYs(t-b`+B$ldj|s~4DcnBl`S#EZmj`nVhVuVp^YD|Ud3+U<15I+KNxkt
zvjR;xSV?w^7DkE1)-{lKW(C=ar*`%NYBw^qUR~P>Ppf#30S(<9o;a$Hrc)g=2FoSh
zPF02BiyI!vBzl4x%7u3;>80;t0mVMQ2pz_<4XSX{-%qOXV|o<klN_nW8*-!iZC#Z1
zTLqB;faSv@Ji&(=&~#Q*j2g|<!%G4=7e&5*IdG@BIDl*XKgJtx=WBR;?mcu7E32uY
zA4jy074+kE`XLrz3WJ=B#qY&=28=`jCN%KLV!`Y51$`}L?ZKANBKF{PYmLK<riplH
zgQ;j<ZJq<ndl7anfaWf>DegubZ~?q}LCT)T;f>iz>L9*i0tzW%=r=8o5{ABO_>DzV
zc*!Md$V97*oTukz{3A8tNr*yPz&8gqA^{*EV)@e8Y`KFB&z8AkXG`>2Y_?3r*%BK3
z`fLF)U5O{F={{lg^5!y6Il2&{X2U}iJ~SFG_e#L_lb7(;OvFA^S-EbD{O9Zsf~y(v
zI<s!AmwZ(~?J|B<x&A)wEUI_CNp3N>*jv^Cc98y`zpNWbp9Jgz1lzUXV|p;39Ue5f
zgZVqj2OvaM?nMAVB1xA}Rj7irL*QP71g5OEg<JIy`W0k+nPl!|Y`m8|uSs7G{WLR8
zEyVfKmsK~5HyNnSY-^1lXZj6q!vuI}4~mvi>INiU{l{jc3m{=LxqA<?_Gsk(HHf6<
z?Yb&UfutP??J?Sp;g7vl?)^LC?({t4NE@bU`<H2Q)ZojFr>GA1hY_lSBdW72CCfUp
zTr+>asy@&4Adfc#<idP&xPG1+m{FlOr+roZrt~DE=5R3PPYaLyOY_Zb+{=Zj9xwOu
z6PBE_4gD3tA~t=)beO@Za;epRbzK6mDCYO<gX^r~aibWTZ9l*66Y3-d3F32zrfa7)
z4B<5}+fsT)fM;L@Agg5`cP}MBzyJ)%mK|APGGm}a>^ABsL?-l#3|w1IdjW7SAq~Va
zb|<?};{w6fgs`rs;e$Mg!^^P=RoiIKbSUv-kI~449q{u%n6YO5G}K8Sz_D@yRUNd8
zr(W`dt2&WKXI`2PMUM-aEAPX5P!R$>o5&|Ud3k(_+_n0GRSa9r@7qtU`)qZ{YCdjn
zThHd@35*=p<=I3)6J8UGjxKMI9^J<QW50sMeXgEQX@HRnd_WJ(SKwt#msMK4LM~;{
zXK2F_dTANe1LOj#D$r@ZYJayj3snTRJ}j=xV-0cvjh=?l3(S88xa{Y)e1zKHhJvR7
zh4R*wLPBftO5FQVsta~N5dE&l@5Ke*k9`NI=3BuJW8Zj&uY98*82f$-zo!>G6Z^)!
zIwhsx2lyQi-zXcZ8&>*Q^<1U2b)^!IjVx2o$<9cnRJ;Pjak>q21aI@;O%@>;86r2?
zqTL(7L5k`qZ880mz3&Xab>W-lM4^kGlRAJK^rhBx;}DQf>MAB`E~X<3`l;<V`+(q~
zHm&+lWU#l!j4m!cs9&<VWaMwCIW)X*K#K7-+ebJyT0-2>J7%EN^%Q#apkPqvm?%A|
z=Ot&i@=blXO3sTgVkeCrvGuhV@f#LIR^uk{=zG|_YBxzgiFy~o16kx6YKK1?H%dD^
z6}R~tvf`*(c-|joqav(xw<J6#2|MY%Lmm%#TZEg*7YC`?qIVCDH5gWNaQMjJUM%Ym
z=+@LDe;|H5WA%mE^i;h<KOd3f&CN}vS*G@mtNyDdsdh)B>qS1!f7K}D$U&@mpcBs(
zZX(+bqGtxE%=fj*24B*SfBuMP3#dK8p$`gNHkMIU3_##(&rx#C1^TJ#Wq*;G@pA$6
zV@`JW<Lq6N)1FtF8gvE#e{MNmooklAP}92gP5lrgZ0P3`{k1O|xWMmFkWITtQF_oI
zzA>A+DiU@}&VVFr=eDV+_4&v?gJPD2?M==X10k-#f@d6-oc8=gsDL{fa!am8lAfkr
zYMFw&<OjTNaygF*>(tlOOSow=M|SScZZS7t6=KB5ZQF(RK}}lfS4O3-hwx(6xewKj
zd~v~`6*81Tv91GUZdC|i6u_pY@w#PaF0cekG6bCm-QHjWCfAy+UBbaeqq!y7dC=&5
z&fdapr<O=-8x5KhEG;9HAIsT7Uy{cZa0!)cYY!T^?H}W{0_RTE`JA#c-^erhCSfY~
za!StGRpM1Z$noN0(YengxelO>$nr)#NgnFzsdpI+tL)ALm0ZKKw3O!%3Vxa|d6`>s
z9w2`niRZO=s7R&=%X9AIp4trKz30D7*z4wI7#+~<v+&EgJEtGJQxXnv4d2Jz9DSG{
z<hDJ630w!U53^mngU&;CIuO_2ESDctod=u77y7Ry3W-oriy_$osBN_2Z+-1P0}R1+
zopLYa$?ioYJqy@%9{M_JPttw$XLZ!RNxu$eJ9pbD-0Q?19AW^SiEH@zSkP!r*TJ0r
zF@W6xfQin7Chq0&g@vm`04`Z{?li4xH6$Axj^bjucE>8ohHv#lI6Bw0{+}S;JO;!Y
zzXl@r6bdChNyZW2_Ho;8r@-yQSpnd|Fl|7oy;=wIHo1Hs0B98Unct=`CQ|s!Ek@xW
z{09KdE%mhrm!bpB(|AR#=0#K>53&$Y77Suh*<q^r?UuuCuYMjv2Q=_@{AR5!a%*;r
zI~d5tTyEL9LpF?R7N1}ip0y9vy`v;(avh8y_$-l~`-Yn)IiKU6Lbo`|96aQEwoIiB
zRE6E@oZ)h;fEv^wg~X$ZlAX^1Q|<+9qXUowe5Nn18lFNjdHKcIUaXRhqx!8Esb3I{
z5;?HA-Trw~=+^lZ(nJ$yAZh!-i%4E^Q`(&E+`0TAIf$egEujAPd#G-j9*63tK3k39
zSFrRLPK?@-u6R+~k<Ned|JafK#*1`EI`ze|JJQep`rqD>c4Yn29qFHqK3e$guZMS}
zU-|Vv+mZG+>pRj-SyYqLR+EWs%W58O+XPbc>(OocHMZ%3y?MAzQ%K2h0?poD*9%%>
zI<&^*k8KPGjY*-6X>pVFGc{{Q*f$nv%pC~JUvJdZI4)@-Zc?nvFDYiJ>QY|SC4Msb
z1Qn57mn4?7zwocLAbxpVZ{Q0vspT&1UvPo?P_wQ;6I_{P(0s~z<gRcx?trla=)l{+
zr!^%4-+T8d{!E~qFVg}AC8?`IZVrEJ^Cor4iO1BTp{;UQ9>_Um?loT(zfi?qHRnuD
z3%d0E&|oyy3mLQU!Jos2QDEy)Tf#4#s9ydMvOx=?cQ^BQ1w#DicYn;^9Js_^4ig&$
zr9sd|2(m!XJIar%muoOD7=nE8xUM~-_&9yqqx=6%ALIX1^Zt1}=d9xXm;OG{Ojqjn
zHP@iS&OTG9vrjhW>+@@#KG8(i?fU>9^c;YnB$8y_T1uslBMgw`<|E_jFT>*RIDAK$
z@eR6z*;@|6Om#+uhh#Ovz}(8<9l@>EoKSG9?Zp>gr29%RjI&#stm%zO3thrM@M*O4
zN!?B~r5YQ@6)qMAP`aZm)yhF+sWL{hR6C(UPX#a-Zgm6jk%SJUV+MLH<#T%M+!%=4
z3E(^It?T-loK1mHO9Osq^4Y;EnLFIZ9X8wBHcreAJKVu%lQGJdxs>qVqZ4c)y@4cj
z`G5zu24Sh)z_=@dv;a3cr6Moo;w14vID`UStr(83fE*q&!HUd8k)FUfIsv`NLlb>Q
zJ)~sigt(U%Id=kE#;5ofS*F>Vw#Q+a$~bhel!if>7zCv>Znq$w6t*QmUug5fiYvHn
z8olx1|0POQ?YB7na=AYkNWoBZNAST+ad7fRtA9}n6yE7So~dx+waFV(Fd!2GKFw^j
zDdrY~q0oM2-J5a{vAZ0#@PGOglEvK&C5zS?2a=ASqcHpaa0T}O_E3)_C2RR<V%-`8
zKS|zLL-*A($-eK?eKle{hT>f^3H&~`zqPSO5-!<usoRpffD4@B9ktapq-}M1$rE+B
zosWs6k{X$&hHPGKBXW$p)Td?P5>#;i??(KkdZ1^5u3qwspF(F24N223UPQ0mt#SB7
ztf^_eP|UolDDRYA5%l??<cmYsh4G`4T*2ea3*t~z7?0|04rU}$Ie~fOK^CGn7g}Pr
zP%?*o<3v4jm6ckkCN(G_L~{D^ULPx@$j$n8R?j22=Zc=5@{X)UY<wFv3qx}XdZC7O
z3LfcK#6~t3xCJ+CadHJ0W&pE#IsiqSU4RF=<pgcOthaL8BGl-|XD|g&F)Jv1-jot(
z*9_fqhl^G2aC;AWb{$nrLx2)lC}ws097*U7{?@NyTDi5U*a!q_Hg|YF-o6DCbT|3e
zKqOmap9ZBFOYD&ipMn%!T<o835IUh3RA;x?!iu%s3>2`gM{WhUS{EYcU?9JRDeSXI
z3$4M0wxGmAIS;Oq?<ia)%_(#^?i0S0za--UD?NXKj`c4xPh%YR@P>XUd#h^T8s-8D
zgA1p>GK39eS;xJ?Re2#p9)?1pNXf&(y0M-G^715-7v*<(x!6-&!;T@UbSt}}+NF|H
zFsj<oY1#@L$eFK0tgBlkqz8LQs=Y|kufyB&8t6CjTWTkgwJ&72Km{T{6I}*8{SJ=n
zu7(R-pcn#QL0j-Jq~*acpBHDMS!|a4jk<jXaS~l#N2x4xQQc58Jj%z(#We-mICm3i
z3+_2p*LdWDHfkTZzj!UMskoESABVHc$Tj>4C4^*BcrZ4F7BYLUTts^`?A~7bwC?S@
zNX_oS0E)!b+E&Sn7TQ)xR%bT^I}}1=3b5O2lbaT$XEZjhcpD>nv<M`dwLo>!kz6!3
z)||n(PgFYVhQXddXX7y79Zyob${6NR-;K>kRQm!(FPXgl8=Q{HEWD_lSwE=d@{pfm
zE)v-j)4x&}6r)jo?s^png;;O|@3jl#eb<SXx)_YZ0Hfxg4b~T#hc#~7>-haw`<oT~
z;{^`%dRQZGJBaSp-{h<FW(yC>+m2{oli&;O8$zw>Va!G1@1%~!wjCOiz&w)RS9ef%
zF^3OQMU?Ljhj)LMT65eM(lQo7Mu)r&ZP464L~ofKg9P$6+zqCBxY@04a)1VP=wH8}
zg<*d3!|&29-r&)9aCpQQ_;I6tQr>=qO5oh&``-it^ewW6*6FhZx4IvyuZz^+HvTv{
z9;#1*>Y)?v#{_wgNBQw`2{RHr7lXxC+x<ejm)wjWbSc&GSD_6xullZrHQ>L^Zu~eh
z`s2{(kI={mKvV6ms((_0CP6mq;o_4~1D^;(GxptVa|vDYHf&+sA?gkKT?&Qn^pLOf
zlmjFk|35)e^$;HVG^qTyAXSc6o?{>2XIB8<{w@r=hW<)^s+TOKb_5KSxGvEn6j+xw
z;pCQE(YOKKNJcu+^)ih7eSg6XM{PkYUJFdqR#*@-NDzb9uF+S;r<=4@QF&QA75mNs
zeM$$5*U0p^hMF4~wFgZnR2Y)3MiB>yY_sMv4DYM6_4ED&v;lj3!KUHWFLl%!<VE|W
z8Gpj<&M$;{9uHo0soDP%w3di=)77+yCV#O~0j5&YG)7#EY!VV%<1olX6*E$|-YC0L
zWvA`ldFedsu%8n8#ddVSogFT<J5y_o4#}Ci2h)oY6Bl?96;zwKz+R)a&C+m+Dv@ML
zRS|)eE$DvCnJMQUpqqbrRaqXOo2lH7La5HbylK>2hi9ti(LyR0cp3t>F7$QhoLx3B
z0OhayR<P(EwgC4AHclWOn6L5)do!QWYB+rwnI<<$Sg)$~=1M-H)qn^RLoB*M2hpN0
zud0s=6d*gM3VoWFM4yq?g=_3bI2&^jCmxTMK-(IW+w7+#SA+|MW11%ne@k9f1{a`I
z$Cbf7gTBsGAp?DIkIG0j_3Wp%IyLCOK<M*=MF~3e6UmR}K#hI&FL__91)+!aQ<>r>
zrR%=l0J#^<%0R+GbgDk8j#wAo2=I730^{*077Y+g=)ty8p<Z%Eyd;F97xI#qah-EU
zDtjtv&#+V{saNZqR9N+(vqpLf7qu(5YYJhK^9tRuyaBt|naKq%P@ypBN~PMnP#s~Z
zTgP<t`Q69ABj@%}d;+rFF|<&3;809|54wWiS|CQcH_n4b#;{Tc<WG*;2l+p>##5}c
zQmowh#NT0sD*i*lL(o`H1v&hrev>v*K|8l^Y>iA#zcLGu6Li9=ln&e#AV;`DD$r+U
zuO##W)B_((?VkzR$&c`yQkfD%W$LgDuBP?TO+Oe)d;;RKg{R7)y)Xu?dCqiP9Dh%P
zT7r*sqq#3vH0Lei-iWM+#-Bnd$eyatpaG59@Tv+~6qYe{k=v;)?o5Ael=`NleCkLM
zRxILmD1tkTwrP50iF)FDnJJuw>P=tErMs;=rpDaXq0>K{Z!SVMK0|%}1s57AC$N!|
zokaHQr7cs0f9Ru6&^;Xw`{;`_R$XmzUNclGiRhRw(&D^2?3gbVee*e^Zt8t9h+%H>
z*lZjonZQ}t=D|RT`3TGjDXHAc&ge|1b&OL!V6oBr=rrU9ycI$m=@<a0bI~;&jDRnN
zblkc?Geh|Wys^Yf>>wOe26>ASHM)dPeN0IO8Fz{vTn++vR?vlf!zrzRa>d~#iMX*&
zoc{R*mHan-#&YuUNjlsrrFi~6Z@HWJnPE#!+AhfXpJ==Ct&I7rdDDg0RazK143k%y
zhOg3$*0=-1{7WU8Vro`%v1ampnh0NUH|i4gBj^IbC6wo6y;8jVH@V!}YNVPy33$`i
z$uiOeAnE@3Hws8JozdUl$UPe>#%q!JYJ9_4o^7%;nifdq)~4y);bwO+IeeRDscC{5
zkA`qyNpxA8EUMGmXe<s~pf)mX{GDjXQ+UBYn90Za2NQ%}LP<=^0+sr;1IC^U^q|30
zOMWKL<R=K0V&%)l%EvUKLv!GZ06H}QZK^Tn!or+(#Z+AApZ_p_6`{Qej~ixSH9Xqj
z^v}CdV1Sw>qwWwi0~!Hs=<I1|=f~emD>ps702<UTe1UDTfDBSjVPpY>`|}g{l7<U>
zLBm<x^yg=i&TQQWSCa*rr!`KEA8DzQOn##$F+&7Im0OE@yf}Ez^6@Pu17Zv_*m_dv
zNe<f(s(y$!i<t)17&G8HcHmWfrK*~#u}oO-yq?BsS@g~y8XDV!P7{IH<PscS@$=H5
zZGu@6qH=i@$39TX+CGvpM5!+frUIz*p7r<1u0HXqx_*Hi312n^8O|PFcbA*o*oG{H
z{mV-J7CpOpsKSc{ymdWRK<VDo=-n~5;~c$kXr|X!V6K#v?U{{Qr{!K?ve<fvya3Bb
zv(Ho|+zxycl!^{fF$tAtZyZ_p6XZAd&ZhTgX$f@w#=}IIW1N<gE&%P+7s7P8g-<cR
zxhgMRxT-z=ra3x+`H|h?>5MqsUXMpA%9;yViCy9EEGPH3(s_lJ>G_!+PdRD;WI-zQ
zb0VbB>x1hbN8tkZv)~Veeg^%gH!I74#bxZxf?rKD)YCJ)FS)>4K;gXUe4=Asx-f`8
z{n;%JnZW#Q(PullK~9U}i7k4g0*sK~tfuRP9*k<pRS(faOUH4mA*Qt3j0aK?IuSe-
z#}<F$c+KAW8m#gvpWM*QCk%A##asN!3hyYFx<WKZh^T3)i11!bzXG2&`W<xkLOLr#
z?(EBP_U7Q3Wc<-3P_mNL0BA*bBDSPniJE^LI4|X51=Z-pSDf`Q^o4<{0l;XqpYm4l
zES}=q2RBY7`=8bI!Zo^d_p>p*@H<d<0y>OooUFVjcTx&be0MW%ULt&H9~5kjlgXNA
zN0h)r+R4A}Z<!eg(>>CxCZia}y@179fbcn0M2u~&Y7g1?D(;h-J8*OKxEN+$pj)Cu
zE{sCXI|G;atQP=x27bZ|$SLtA<*i^LI{0F;!_C3Mq2agd!*5aj&6lXViGMJY65wX4
zX$T@ZI-^dl5Nyyu8@i<)Pr<KhhOr$l*IFrRf<GLCni)Tgq2`Z}7w|G&IVqRh?C0of
zr&yb+$}Ixdl-S5R7TkS`pALvpCJ%qIOZYg|l`4FOnN5x9fI}Jc2(V;YeeTAGE$Xr!
z^t#kIolN-Q2x6Z)jmGX#*;3zP&X-Mh8-;HqhWMNA{tu%tEAbLP4R?hLO~Pad9C!DB
zm<1bPQ9RBhUJ}mADu^39riMDZ#gMUi;5c0u(wj`UcWo3dL-#<Yiv!1zTj%$!k|6@i
ze;Yzuu>3cn{5Qm~Nof=da6vM7Wx5RE2?<C+{hkV8YF=(P(yTJ-iX3KQsg?vJwfQ&;
zf$HAnA%CIbPehsJChuRT*P=E|k}dxHc?D>p#7zos9yY8fwlJvWBK#5EP**q0mSE95
zqtZv7?1E|8CKs-;$5H(>o18|4rn0p_TVMDao*pyJr=gE4P+uOesn)V`Snf2p*oQW-
z_6YaXKC}>d6<L*aGsJ=bH6uE)!Yf|p#7{W;Q1x<wtzKT$)Ay394zyBqr-ge=;zwrj
zD!cC1FP~SlesscNwC#{vU&UClhgoM8yUpe{HLIcP9w6me!FMnop3Cq_AS@ML=E2`g
zoJ8?W#m2@GV^gsS%55w$i7jTam6m>bxb)z?hT*g{l@Z-=wwf^2uSQ_d(uggXMr<`=
zY~$!MUW3Pe_<Iiic47wjYlJ^P{B43ix#;OjQqeP);7Q;~;CTg}SK!$T&t7=;!LtvZ
z5qL)68HHyw$e_VqgSpon(JPZxZ1hF=Bk&h>P&4$^%iEiGAcUjewbtt)0OJ^p06Jo6
zgZv#)G-IxJLe@wpBwzpX`6$%8Vgc4W@E%~=wt%)b)+blBKFP*DSy@Q?1QYMz;e99k
zh2XEL*gUhdvBWHXMzQxf#oq5m6^*dzX-4|$Ge}8$p>b5o9i!4gqLDuP%q)J6AahS4
z&oH*^RCr{-Ul#n`27hzmFCYGj;ICo<?VAk1bp|}s;h7H4RCuPs(*{qBx5Cp3PZpjm
zJQ;X0WBW$K(OUT31b>b2w|l{;z9}{X)T8=>evj>k(P3lyPTRBgz=C-0EUN$KO}h>4
zLpXb-swlmp(#JLYFK!syb|QoGj&?RYNY{T99Cd9>W+&Cg1o`K(o7{v}M3}6;pP>FF
z7N?$flW|&LHw~Pl2Sz(pb?;of4TQ#XGrp_K6FPIfdAqLI6EO+5)tvYVt-?)OJ1O(9
zH~#}vZLK*F3xBB-ReI(@=pOu$g<g9L|5#owP4|eK40cilNPuxx&~>HE2hvk_8Hgb&
zO+hYp#`GgC{Z3*Oa;WduW1Dq@z8XlM$T~=U%({enm(5_vG$?n|7sjC6u?HIlwa#{v
zV5~M^|M>JhbF~Og6{2qPgcb)eBO;{`RdW$n<N+;`vT(T3gKK^Bn6>`(?PC_S#oJ>G
zTEXyIpAKt%$Gj;#vtWq;-Nk>_l+u_8>;9>cbw8c(+eenCL)yBJ>n*x0e0$4u@v3R7
zRlI5zQum~SAXD8;A5yaRLB6$ptjbWE9Meyt>XpyouGsN?n%>|lZgyBV#iPvB^{c2d
zAfH$;4Ig-<s4Mu1k6aqjsk%f??9*)7fUKGm^5E4eXCKJ%p54pjwp_%%`{%nK%<kl8
zl>Iy>#QitMRuQQjo$Jy|5fD@kc_I%DIB_4I;ZsO86<c{U#EhzafM)VD2-+LajHv48
zN4W9;=D$Qwal$zJ;D%(FF)(&a5&)vqX&+{hRqN5_N8N_0<o^MGt#sH(Gys4@OYMCN
zSX0Ng@J<L25KUB6s;IG|ViiR|1R^a6K~SQR@bHBi$OeKTp~>C|J)+QnHKg?2p0=l_
zt+l78?{|Il3DSz%htFDDZHujKH;t#&N|m<M+_h%!gaitw-+%6R|Ns6UI}Ee;yl2hK
znl)?IteNH@%|aT*9?k7;ayLs3Ea`EjKB^AubRltNsH~CP4(m{bmL$8Vs(2t*WRS(M
z0&PC`b2%YQxsy%qL$KWY@S1?)f1cGm=^YSj4s?h}?wKZRNKekme9pK(RWIyMb>dom
zdjMbRfOecXDe#vyM7#K91ct#ofST1IE3^gqDCZQqLTfJ!!K*k4_Xr|}0*NJSEW#*i
zsq%g1ExX9M*S&1GN!FN&`aOXj--z~avTem+W0kJutJJAQtvHmoS`Q-m+e8k8gbEji
zsK}lf-k7J77vw{Wb4b(J4kM+(j^y64yCne}?T$~JOI&Pdv$|)6i|rQ9A}ZUF&okP6
z>Xix7a4*@Bk#l(9Lx_-BUJp4^8d}zZJy(h+B|mc6*)w*wLlBY(=ko2m0En`;4Er4?
zJCF320GVwk5+I}Oz7ilixAQ_12L_h_VW)G>?IeMt+kF!#;uEkPayj-n*J!vfv9Fv+
zxHp@MdxiiOmDt(yI-KJ<n<q8Sv7MI|IYYL;+^pshB2aP0k=Ma3-66<S<dNIZ_+w;5
zO*z-Rm*7Oi74}pqGu)OHB5hA4dKH`_;X~4#8VVlZgv6*LRcg~oD7#2tTjv*SUd_YF
zn&YXuw+xBQws3@tjTh8XqgL@yc9M;w7&)r*WJhbuyPQ&O`Oi*2ZTV%_m@r&S1=_;{
zU?@Asa*y2NspCIyA<f0BbMRU=ZC;}sPV(0}E(-a#q6%A&^yL1_DFDm)c<)2BTRZl|
zS?@FQEJm6&Kmlwa0YITU$8eK+3ospC?P2_SoYWq>(Kt@Vmy7G#<|T8}MsAATe60YQ
z@s0z$h6@0UBZL6PuN8~MMsSC>5ed=Pws|lx$t`1BF9vo{1PgayUtahK-Xbh@v}3=&
z;-h*=K*})fuamOz<-uIX-TbLP{2t${_NeFtFW}9hY>q2K>h3SmWNQExE+lc=cat}|
zB0WPZAw)QPhj_f_Vdze=r=c8>%VT$ulO-sh-mjL;=^~7Wx2?66hm}$Pgc{uRFz(Wx
zBSOJv%7<~A?ji!{{53$Os6~DlH=UHcw#Qz3%H~RuHK!tR689D+iL#k^a|8}$331_7
zDqWD-@b2x)835I_wk=YMO@zXIj)}*fP6H?qxA0yttT`@#!QWnZ#_0!uz}bz9BwVmF
z6g#eYU5J*iGbYMR(DD_r?T>Wc?5I8EU^^fKA{Ws{B7D0ag4ssEf^!yMum{Q`S6%tV
zak%xYzh5hE<<_2au{Dc3rwjVTxD~rRJIjo&Ipi%LZC<^4x~${+X!NqRM51)_=dIuQ
z+iTD9ec`a}?BtCH-3_)sT`Cb3aQlDfVJrC~L96(`<EGUx?(7|&y{1UqVY;l6*A<lG
z;gG`fF#m2ZyxOih#otVKW<3*RFYMT_a><>+g4)mRg)Y=$%f*BXoI9S7vEM9Qq`+x7
zd8H5CW#YZ|AX~dpC1*!nQOT*4K#KKGRGnueb!t}~Oc&*TtEcXp)wUN!1eohHnV3vw
zI=90{2H^-7*I@IRpvT&HA?MpAC^pjtky@M~{7Z_{54EDGLT9xz^T9-dnE+;#jZ0yl
zi)~3%cM+y#w{yHbuiH7MUDZu?=|bG+mSLRW{Pj8&i0bC{;--eOb?fy^EX<;F35%VX
zoQy(1vIe{mJ{h&@${O(+3PEv-b1u9{@MXH7B*i%~8QYeTB~t-l>6QCrjg$EZB3`%1
z9!$6K0NHzHMmfg33K;v!v8j1s4acheVqJ?-OY69Lbr+s6u1E0@iLI6sV@r2Sh~`&D
zJggg)zK$fmQfDZnO$2NnyWA>g0*I@eE9oIxdh7v!%F=Ik19!&Fh|KVo4<~LB;O5x{
zp3XpJ#V|b!TQOt8>)rYS;vDe<P03f?nm8`kqqM*w`0t=PQR|DKu}#^=Mhp_YfY%S@
z+{3GLQ@cFs+|({<fh(S?#KR#0jw1s4`PJVMN>m1}TGa%7>7WQNv->0e=5%pHouY2L
z`u95e_ss2T7k?ep<<>e`!%IZXv0TjDSS|*71+#gPoYfBDX_9NWF;I{C1U$FFsKNLA
zt1egPBpliz+!}GkZ!hfO8g}!Cms;5Ib+tX?@gnx_2XerZyL+slJ&9@4YT;Y!PMmq=
zvdRSoh=u~}#bME?mXkC8$do!iwUzY`s+Bwaf>d~a)6`aoke-a4fSH+0rGRy9GM-2$
zUt<1C0;DE<Nho&We$`cxa~yUrR5~#Afbswv1a4xd9}IIGhS0}l4X@$tWGYvR9rXk}
zNo1S5a2&QwZB51jC2QDC`Z<owP0ChTV*{^3McF3XRzvoP#Z@D0-IA(kTerWgv4kip
zP+g66Wy%_+!$+p9F^7n^b-S(-%>qPc@p#1jVgihJekQceuzgIsmN+~Q4sK14vWD9L
zkCpooHf=mNWf!l$7Cl&^VMNSqgzmvFb?a-pe|+N|id}^@?>s|!%6XJm4=CGKL@s5K
z$Zo*_E98HJJAYY2nu{FR2gmDpM<@nlMP%YT{dva!G?xp&aTWft*FeCpP;`y^dW*2I
zbL{U##W2ZOS2kQ*E`}iVo4tj`O<d9jsU({vyqEI<01p;jz!*^MS?!wU^kh=$na6wM
z*Fk*0?!?*)TTeqL|D!oLqDdN~zFK#7YqWHr5U9;a-r6Z|IU88_)z;uc35CCJm$Fk}
z1W1_)1CC9pLbw<YNbN|R-2Z+bIfQ~jaE{tA<yG0eEz14u1ny)l0%N^Bfxi=_td?I+
zwL4eYWI$;pvQiR~Ihn|YGtkdNr)|B;AIeK%_Ss=M?L`UWu^~r0x0HxZhr&eYt$Nj=
z>VRbYAXP5^KBQ7ELpc)Jb4+9++W|ERB-E*(UDQ*3f}|F33$6$=A<7U)efDlAkc0GL
zf)>8ee6rPgo(r)+2gs8GwRe)8%U#&)yNs^iEZp_bP1GWH;lgYWE-*VkL~#vAVTkez
zh_<&+v?T*ZyO$qliIq||0w-N<4i_<o;1LWA{hypL=)y&1rvarR-oa_9M7Aqfw)>!L
z*TqGb(*q_-?0HgVRb3KA_Ro#DpDTe?SGjmaxp+xVfvYlv%;!_cy)_ZGZV?*@DX4m!
z<8iz+en@V9fp7Sy{=KBNLt5h3>QYH%yDvb|oZ+(FN1H>$ms2Oonc)z`jxuPn-4~sH
zvfV$y_b^hDqiL7Z#S<k=UY!z)anM=jQ;g=Nt`(kw+~3i+AY*YN$m~}L+3o{Sg0z8(
za1e`ds6_b@JG-RuGP4lct@A9=|MeHQ_*#FEJ0nn?oH&#CgbA>9%6tM6hPbdLA3}CE
zJ|VYshxCfCCKk#GmrW2=2}KUV5i^qVU5V?Z?DXDco}q$7CF}VSq&W$Xpi|5XcCd4}
zrki|Kh)lT2!y#}>u=2eHXL#g%C@(>*+&;0ssTm;F{bUqL0d7*4TF$pt%H{MV=r<}U
zGaG9%Qno7~_Tc68gozS%oosiDGoy)0Y9s9!5_=5#Les^jBM55<2i~$>M>0qP%p{DB
zr#QwmjfKRMjx(2HPd9aEG<_!94GW4AWh*<SMEO1w1mR?jRW8CQ@stlwG6SyR8w5Qr
zxP^VcBe0iy)Ri{yYvr~NKH#-j<PkL%9R(tyN@?9hiYnyqZR@XhBZjC1$?S<ez*XcC
zy&H0eCNjsNiOAtXiM|eLKeZdEOe8%*o~J3lTE-Rh)gb~%J3_+W9EZ2Lp$-w$9^zt>
zY?~uyyO;na6EV9gsyVL85%P*XJ0b+thirZYrt5LM{*d%nq+AvyysSr}Y&RBLxPnel
zAQIc6caZP;8VQzxl{;31IC4S~S4dfZQnfbiiZ?bK13GG$@Z!L{mP+ku68pxGycL?2
zs|r`GL4_Ab@K{ME;`0yhK*?rDp)}T|{1Q=gJ3EmJs`gd4_uwY?TGgp_-&B@RF5xyb
z@~b#4cbL2ZYHnwSIjlXlAA(RM+0Vgx<l<1pN@8sXE7y9iq*ahDVaI;1`3^+nDAIzW
z;Sw&o0nv21n3EOv%82($$>EvI`IWd8wak{>0A%x3lr90%W(R(t0Bb<WaF@$jnGd6o
z90HWCfJJI_JrRp7wIyR*F?+gq3;l?lq?eyx?vH$AB=Dq~eAk%S_2fJ%Ib$`PB>szw
z*_q#*cOgfE0av)jM3PjQ+e*lVQ$2VzX{;6{huZxyNwU89x(}C<84cZ^8IdrFl?$B7
z6690jJS(7%dpEk7kL+YV2x7(&C3dOrcu8>{!cA%zh8pgk(*i@j7Ny^}KTCFHL|djM
zs^yy%vBv<n$nM>j1LI>wet8gK6!N<CAT*RiEmx8#7Dd83SPLTqv+h}<bc!Y%L>@`4
z!lwM5b@MvC3xlisByvQY<kW)N{2=Lak#BCYMhxV9z0ZLDOc>C@>{~!2uFiAK<p>8k
z!p#MJOKgu;USVf*Wvs6P)L)qX6DlC%lZaAlLzxg;ZK!zjLHHlBwauYEuWg!yD!{jh
zY<sbaqAlZa9+K^9E0=1xJ5jBf`aDu-a>t!SsA^Z6Y?ow_twV~8=%&ewo$YnMMX>=k
zb(q-cU-#QA)(;$krh(esnk9%(Hl&c32-)omL}YvRy1L(@nV@!6DBgtPjB5&9Sj`My
zxRN-bK1$~lc)?3QoWZtkIXfDHvm;0-$-<SaWHDy((gB|R6npFn8!FrNzHE2MvdgU!
zMk;&zeOqU=b37~z{Y1>XruXYQb#=d71J0ZLY@G^Q>p`VD)Orn+SemHnvCLp4%0pFC
z;1d>=a*CbmP=zgjQpzgui}7>Rh9IlNxz+)b)C+~7exKS4d$8WOJ}G${=MZ+nlOpzd
zz|u@meJyh8>ox^J6=x^1JykQfLsq;BBTU5Wre^?7JuaubNfj0$zD%?*`0a;L49$uv
z73>KRRLuBYDeUoSJ_nEiVeT-|eOi{BWQVQ-ea*j{DDrSmuWVqM22r3$L(T(0rzqq(
z)xGFrM>@*c<l{z7f#Vl836~kMmoxH-oGlFcgnB{5c0LAl#(9a@mWx;JOy@;y(!UU7
zXK@ln+1YkVke%fSn=Oo&oed-snPI)MvkH`~loQ$6kY3r@Ft_Y1-ifqjVZG}DKzUP~
zx7_T6fc|o`M;G@KusqdxnlUs>ZqSrdTCO06&>96=9zIC*h7r9lBT>3jON1k_y0}Nf
z<sRonOr0#?*TQhV@IZctLuGnv;$p+OJNyJ?gE-SKR;t37Nhnb&UjcbwWw>2<bQ+~I
z0oR?eW5alfW3u6{F>#Qo@{*$)CA1eTB@)`r^m&i$<q35^*-Kjq%3ekg*~@-{m*WZc
z2=608DG0918tU=DdX<Fxa0#SQCFR~Db_n+tvE|%r#17@2BX$_~547XChsmdcyN}or
z+-<~;<hBueHn)Y?(Oea=<2Vzs!?_Y-CvfYCy^zaaf~8AwRi$uCiBme4M(j*ZN$hMc
zme?9@7O``=sl;B%O(6DKZZxqsaKnhL=lqCW#{HIswvoF;>`Kl_Y=--q*wx%=VsGY-
zXYoZKS1@w#q3bS`5#wGbuXreidx5;-B^lh~<P~M1xd+HAZh&#Okyj)iIU9LJek@l_
zULVER3i66~+i^wY^+|j!AbHPT=Q&6)-w~knC&xenHC$pAQLrRY`lkynGl)x-R5?HM
zI4{FL23>mNZ*gRVDE+gA;N6)d0lCs&Be;CayM!wJa|M?Zyi1tUf2H8Ek9P@I`mYsS
zUgTXAO8*Ul%frN_DndD5FBIg~Oi~b(w?dVl!W}2@;C1C$RFgQkg$c6l6Um;DL^v-x
zSgGxx3*2q3qNV`iwO=ILDT%QD;ApkIs{kC<d!O*1OV8mV35B>5y4alI;#1-UAA7M}
zc>oe9WfD1xxl2*b7w{NQ0r?{#7fd$HSD;dTe#~uH;u&*sy~*I@s}8fPPQmo1wX2Re
zsC;tE646Dj3bCs{u-D?PTC#@qM7{t|zoBMmqFTu@5wRY#&Q{Bb*p<jBMihYfXDM+~
zIoLBmC%3CkAR0vMaEgoj6lEw^Whk#~SyO+Nph0bOdc1%J=W?MUf(F}}1OW|36#%ht
z2BPw7`r|}#2vEyJ-=&6oei4y+@;O?7r<QBaCDxu}PBly7QLOwNH(M=87_#Sll7qr-
zbrgP}{F0f78HH;xL;>NAGW?e1276(Lb4_CH2>^>gbic<$bYVl0F!6*U<zW`)my5Wx
zhe=V8PG)975KV6&AiGDn*bZ)12BD}soWpFjXIzZGLw&?9!s6}zkjSieG}A2}EctvU
zwwTa=Ry1cvNM{|eot62uPB=KMbyerD0jM`Xa1C_3o&#4O#Cn~MNTi3r(zhuuv>{hC
zk)1@yfKfg&>Qhy2Rk40RcJ>ukm+))ja*BJ@<weNJwE{i+-UcM9<hY~9j`k&CJKvz(
z3*S38`YvIw-8jG!b~}j@!hD!d$Pwj7RpYtbK9RpE=XY;!0IDHzr4;81Jn}%+;KzfA
zUKD3M5T@t`Mp`Dqp@J-l3mVQs0w|PitlanDs8eQZxyn27l_$(GUs_hw3xX9ZwB%yZ
zWE9mysp3H8eum~d3NnPsU7GxSXnr7wx|v**vY+%2bdvqpNqU$x@MF6*P>}@~3Sb}K
z49g!4_gXNog|v1gP+SaDsfW9mhCPSvv9(Ju6Ltp?5jog~WBoD)ID!G37le}p`3143
z%SA|wNbQ9e?1f$2><&D~#JQQU_Pq1VD#9%Vc*#3Z1aRsh^nw*oD!KJmKI_7SUuE0(
z1F*MBm6v4Xlpnc-R*Nck^!!a%k%GSN9(Ek}lEI^g{Rso^5%4#*<2DiIGDd_a`2Z4)
zuFb()CCW<{iKERacI?-nybT0cw#UsBW#S*e+^Yk&9&fz7>9B*nK=v%891i+bs~|ky
z$t4s4FVv1bO_ZB+sRq0%)}I~5MUcYaikgTHbUEKr{<ihT&5*5iqqdh_Gv-Tg#&kNl
zW>w04ewOHl93zLMdCg*(57<=~2<zCM*Tv4{-Yat_&wW^iC{0kA5CCPJ%60+TlQmoh
zvIVj_?_xPj^yx3Wv-*^%&hA7D+RTwBb?n1k+pi{XJQhjLDhrpmIs%$Q<g#6<l4&@%
z+f~x0)Ch5l?Cq8UvZ-*i8&H>~{x<|Nvj}Y5Ntlkdm|`ZOEuq-tx-3bZV?=ZI$cUzq
zbzjxj9TIIH>73!~dUM?&v6HLQNwzwN_xjXLslzh`Y#`a~a}GmjOru&T%CDWs_Ts)V
z*(_%#axazo@<A7sk|A0?cICP@$8Zg9j!IF!74<#v7hb@^wmI{i4BIc)z&fTyA=?$)
zT=UK%n+rc%6{t8@*~)yjepc(cUW6k@gp<3L$j1@1l2q!88Qw1$0Ik@O<3R+G*;$;V
zPpo?fh~>-^7V5)^*6tK?V8<Dk4|Ak!7lj-M4VMX}ajB$^3$k5-yi5FAf+H3Kfh<v8
zV2;hY;Ml*;8?PWEj3_hmgTFG|lqt*Ifm{>Zk=u#9h&DI7Bi}I}x6c@qd%**gCwJ8G
z9=$H>d^nZ)1+s>Z$@w>eoFmtu@??aRyu`Q8JLmx*^#F3K5Kzqf1Oq3sav+S4(!SA)
z`bP&0x<P=~L})4kvUyU%;l^O;Zib)I8+<`)`hxGuY94$pHB?)G;fDxA=UxHt;mjwQ
zbpVFuk*Nn9?@ptDlu#b91Up(+-Q%F_l8Ck_L{*KHvy*^kwl~caiulo$n4FE{>odni
za^>tfHlbX!2N#JNK-54Cj0qEz;k5f_yU%6#9>_#zav-x-z9khUqua>Ul+qOCVfJUB
z4FNgNY83&Al^3S`WXo*4TkFstgz!6J&kJ*of?3&BdjfC*5wZH!wYkeN9CNV!0?W`}
z@O<B4S;IvUxxzttfIXR58*Z;X1w`WrN0!8{4o6M$QspPI#s{%Td2&_?>)B2g5>p<L
z-CjYi^^|Xsl>0e5d0H*pt<8XG!WzuP4QNXTDlBML{lI+Eq!Be7V~#WpOOje7Nr$Rl
zN=bpTvz+s-#M-be2^bpB_@{J^67y;fFxHQJEY6`m*AxU1rAdcm+ZbqHKJr=TNBmkD
zi7mOdJP1p1(s4@prM(b{Ocx&ZJ^c>Sf?HDfGn$w1j3%s<CrFj;uuSekb!P8Ek-e75
zPbcu=3Enhd2Y-?sFF2JoJjo;C4uba2Amta%A27X(==y@W1Xr8qJf(p(_FuLv^2$G6
z$bT%yVE#RgE@rjQQOFtniohR*#QVf>_njo~&X*a7PA5o#_!Ep_<Ur`D0`7%2av-#W
zdxGc#I<<;iKM{+#u2$-G9JDsva~w3BOjwu5t&LY*t7HwY<3Rv6oY9mMJ!Z%~Ig^j;
zdKU&d1<Q8SmT=GSDE@~5!XUso65xwV{Iy<TjZiQxSF41=bZ$hw3ot-X_$7>x&vHUR
z^Cb_(4s_aaff=FY)DXUaTdX7p^Y=H?2Rx+g*U9}B{CDM(1-~N?2sZ^;_Va6gvf$4m
zCoRMN@T8@i=3J4FTX#rv9`8qUwtHyKi8^1L_56kbP~JU#XwH*Bb9QX-jeH{?*|`)s
zu$giocE=z&nIq5=)x4ru=MAn(DY&C^j+^oXr1m@EVj$5uf!nsh&4T|E^rvt*#CdIj
zh7h2}pWQ+U!yN%llE8(@On5^J6XrhQamulOmOsW=*V-+<a;nYylTfWd=erz-S@FTP
z#6Vbpwn|cLi4=Q9o1aoH(Qtpc)2+1@=uJQ(L0l<e;RHIq#L?D<cXS6pUbZ%g!w;pC
zoKpfEs-AUjr7NK*aYEQ{c!YT(_uzV8D9&2%*={i6LH|pT4Wlhj&gU$6qY$3(RCO_n
z0OemFdoW?8Xa|;Ec2BF){|r*u>TaM;yE#-rvJ-s(o*S^?A`&N(12f@VaTk#(UcxEX
zyP=G7csS*fn-lIsK?Mn?y@MBBCnrz8u!r&S+0o#YAb61k+w5U{17JzdGp{;oyJn%9
z${w!xs&Jxhb57zUW?6IG+pc(SaRN@a-K*FM02Dh)`P#!eZzig%CHQ%MadX_B#7XQ0
zBCC9ZwY*$XARI!y=MG+mq>agQE+a)nRU^vZYQ<N+Y+fu@w##mfg*fDpqRbWvmZn@H
z#9ir*D{GJ;M?bHpIb@H0q<xjdp_baOA+<y>RXc!q7Ugr#90Z)aDn-NHdb|4&F0(d2
zpSxRdFW?jhg>L4S`>I;Y@A|8|Q45`)s%v{#%9T$i9K3RL>VXw7Uxo`>gKRLGxyK9L
zy9fnb+yYdKQP_>=vwOJd3;6Td<n|bJ7_)#J^jw9TB%OKS$n#4I^0hFh4m-%Gkuy>o
zvOD#a)w>kPH<=!Mt|^e25!}K|we1(#+C@p<Spt&2-Xs=(o74_(ZSb}~se>J6>lCp^
zV-F^EFhO`NyvriK@~NYB4W6|?QC4YQ?7x(s6E<gZeu0+zD>>kqk<YD+Au#zJU_y>#
zj5*)|MIJuf#x-sM2tn&{ANusw6{Jcy3fM^Q{<Xd%VCLF>NC=9+<U80dl=VzPJ}dXx
z%Y@QQmF+ruIXz~ggc+aGggdU+lP%q2t!Jgf4kfBX*kPH@iL%{C6Z1lt;VHQ53;rd5
zn%coe{}GtYI5*)nqR)ox8lQdd1^jgbZLVpGI>cH-&(JgU3_U~7&@=Q5JwwmX^S|R+
z^puF24JPy{5&70XFQOPQ+rZopCg52SRRn$(Fk8Shfq4SVyI{_M=>j8u8sdYA1QQQN
z1Ew5I9hkeoJO<`fFbBY#0doONz%wFh5}4Uw7J^v<W+fOs7zRuen1{eT4dzWS?}9l7
zh6B?DW)zf50cJLsBrxe<)`BsDX#jH%m>0pcfH?-{TQEO?=>a2sPDF))i3GC<%xW+U
znA^ZS31$zNkHCBZ<~*2gFu?$e@nE9Cq=3nJo`)9@|8=9mj6emS6!QLkpEqBi<faRh
zeDeg6JY%j%{<^Anz0g)Jl2^P)`K%v`H*fmOPaDneMT<&jUH#;lszWy)to?P>;tS86
zc<hCT9=EjY{{8Oh@i$!gAnqUET)gqryfKpYscm8R`9Byqs_rZ2jF;IU+wAcZOsgNw
zQJ#Ed=GSu@v`49bDSBR7Q~v(jiA%Cq9zOEp)4!#uV;fb!h_`AMKJw&>ohi59_4kCI
z-`w@t6uIltu@6H=pI`si^l|V0b4#+m@EYre`sHV?z3z_f89(d^{bJp)(;YEM!C3(j
zYxf<0w&>1#&((Z)U_nLm$IG5F=68Kh-}Jon_3CMJ!k>6`KleE^dFfk@rpoJIE6Mb`
zJVH0WVDGlpi4ULczJH|Q)7$R(+oW4MKgx^z^41;p;qQFAs4Vq?DA|j-Z;Z_eD*re-
z{vQeNr0jgS{?aGEZT>p(=D*E#-4b_OTKc<RbiSYamwRHK*f%x#hwOWYE&8=>nRL#M
zlE_aZUang6SXPDO=rl|BW&O6Y`^TPmeC-E?^sc*%m6@8~|F!qCbz?FL{@MKZhC5C@
zL*4r3@!%`xR{HOGMHO&l_N3bn-5?XUzVMcxXmr!Yq&r8ZE-yXv{a=4N{LzJ1zqQ`?
zEOYI5&&_ZA>X!vvIQyk(@x}2sPMrCk-MqVK#M5DKPw2_Ne(C;WHHrsMw_L6MaCO(@
z&!3Fl9@swbrBU)#GwRN-->_oqQ`fw<WO&p!H$8Iq!H0f)v_q+W{<@!EJm7p|p-uaM
zZrm)%me)6(oPO32TAVi}q*f%BNac!@x(V^dQ_rX$oV)JL;{AV}Uw-11+FyTs?@o%k
zZd>NIE5k)1mBnJVBq?&s3|0mFnaqqrr>N2y4SGeYcG;YHiV}m74yGs}T$YLVTRA^E
z(I<f0qtari(lNARBV9w~nXGJOrP;#JdWGIlN?RF<N-NVDOqi2Fh!9y^Mi*~Xm@RtR
zqA-^zifIdDok^vEg~6<}u_VfBC^gY~-mOe$RnXOy1`9agRc%5zEO-sg@I^;_q|+-f
znvP*DG<+{JD;NuF#iA4oQFK*0gHcyxL~n{z2oo`Hq)?(TpSBoEYLbG2f+$Lz9)nI`
z&nLDvGj$%m<e4mVvANV_xQW&$DW>VsO=~Ds<knQu5R=N$rYedIj1~OhllNZ+S)`UQ
zv;|$P{P!Zd#B8B?hwBuiM(GACV=$Gn25T9Vc$uyO+hDn+R0o;q7=ziQGb-{-21XIN
zJZ~oCZN;>`{lQ~qQV{Q+X0E6J7feMFnYPU14tb>xk{uP*=TRsWX{wxDMY?KH-eUOZ
z>yL4Y4C^atONGuvo0uepg)XrwHtG20nJ4(`X|E7PhEjux@r3dC2w_VsG@Yc-6*Gn^
zdVR5(#h~D;FwvztbW=nr^kx>?FbYHJh2(Asrlwhw6p;vdXqTCg82L7_Mk9Raj7D>D
zpTb24ll-7zDh$wRAXBD{w$PB91(Q&)CZ8M#{Dd)4LX%ELlJRtS^zYgxl3R)}Z$+A=
zrjjvd8;TUus;MLexJAcQgGFIWq^p)jWtmFMNs3gJHY#R*d{o+^wAoZ2_jxf1f;$1W
zYFRpIjjW8UwA5S`aihHaRLjzGR%voo=?YCwRz8GKELE-ILwUkr2kqx8q_Ie~IBQw|
z9K8Gn$-yU$Kg^}qpP#Ryw~OR*Fx)L7`3GQJfBwPCJ#UDcAHN_WF-f@)nYGC0q(ovr
ziGM(#G$?pj$nX&|`N&bDL&uCA7j_LFYy5=piIXNPrd&HUV%qc>ku$HGH9Km~+~|2R
zvBdjXD8qIzMliWx7J})61B-N4IzCRoe}bPk%B$2_t(yR^DT)o1(3d=6OxTTdz1}eR
zp|b%((x}vKbW6p}_JEhtSj@#y1gUuNb|6v>?)QM+_mE(b*z=BuA%r|DHx^qH=HmZ(
zF^USng9_G4E3VZnQbi#)i^@rh!wz;W!Eb%)S()HF74-9mBz*#CggIa-%mEr0oQ7iZ
zN~z6y*2r1`M<PPx@nO^-AQ|j1gW;HBqXBV1iNQqh6=kI@RWNyYzTFSPXzqM}JV;E<
zmCMWIp%iswF(uzHmXddjqvZ1y^6h=y{N+?8CAb|i@<t-3QjofOG^5u|fI)?>+EBq(
zC`@cck=OjC(CPKi$We;oGM%ZEChq2nN&rt3V*o5%Y&Mk`N?8k!sx9=5EY4?Mu<f5N
zpz8lHX{tg8^PdH#)M5(_Q!xc|G)|>DlNExx^HxOWnKqitn@lsQ3<02u$a(QIaUS8}
z4sEGWRSVe*USu9Nlo*P!-TAo_yynlOw0zrS(tvXn>1Gqgh@0sfJ_ia3!~yuk_DieR
zFQ%Vg<h*&r%_omYAsk;;!Ho~ce|S=iMn{;zX+ssveSnOuv`NpuL7EIs0zm>yqCDh^
z+nqJ(Y3Oh`lC6aBh=N%H`=;4sqKgUa^|Ve;Ew3c+K63-6Z!(kSbXP@4jH29~*qtGU
zb?1#VRgq5b9nm{KqZtS+OqZY=uXtA4N?O?c4Z!mGuFw^G-YYF;#$0SRDk>n7u9Wu9
zA6i^*Ez@nJiOS<_1x;Wx&AZ>i+=}!>lp>Pldl62*WIYI-4yHgp4*zY|)1FVtU^K#%
zZUn4o0qTPx<@e;LC;>{1r{l2xNOf8GVnaJX4+a1L#5^S~21t<U7<wV5or-0GvbozA
zrt_j2hPI*~#5a+WK?0jB1_tv07!*TV>%HMDl%F)7)oP3p3L*3#i0qXptl>~n4OOJ}
zrbYVWdT7G+Fmy_N@>pL*1`H`*zkn1axO)X8G@V6NZD2HfGBCESP#l_`qc<7}?$fd+
zwb_)*(gn0Ww~WoO7_>SZ^GkH547y0Iv!qs9)Vi7_tZ4~rOl3>8bmj75W|_Gvoi4`s
zxvODp0J()Ig>Pr56Et*g_HwP3cNtFT-K=Gcy*{b*<?2+J^F1y(@zJqy!-G>z3SDKT
z5n+j46^Zx?9kjm=+!=<hfS$pap$9|j0^OxZQ@Has8j37BOAQPMs2>2EG1klp));A+
zdlA(!KpK)5Ua8Npx`&#Ap>-8xeysrDKpOB`LBh=8OUsupc6e}<BDJ>|I5n!ZS=kEG
zMN2H^3Vwcu37f7cGS(>ctOfg#i6=oxC>XYk0Y(W=eFyXFDd=w4c_5~uh%JS0MU9!Y
zc$amKB8#j=Dq!qFT{qH@I#$O*TUjGRkULPTm>EC{%M>LbdqB!_i;b3<iW1hu4}Vfl
zU2maGR#@;9Gf;W>BcAC-qZ(FUbKLC`gY`ztM4QZPX_>-WsVk-lxPU%}f$R-1Z+Ok?
z120eAX}<Abi9q1ZzyMa5O~v$_KMxOg*`hHIObN@^n}J^Nk4Zp()`ZKqK1C>_b(MT+
zG2DVd>bS{Z?$d6)@!|)JXJzz*#G8-tDseebWw0<TU^GtyVM~&L7%pzW^w+~A2_t(h
z017MxgH`mTKQGa@-sVc$MB3VH#7U&eQ0x^}fRP75B4oVBDu!9mCrkx&I|EZ@fw>EN
z!N$Jf2ZoCfNv~sc5PUe_<b4Odg`a$BewgP7gB&X2S$HW7*xuOPSrcnT0B+L#Hx7BI
zLv-SRb)ZeqYGzXfU|<N1VG{-ntFx4{7|`lTmyD+pKw`L-R#cjCVT(}_t?@k<XkbIJ
z#cVZ~Fp7Kwsa@KvSsplK^T-av1w-gLbLLPBVWKF7DG|ms1P~_G>mffO3YmAO1P5#Q
zV7RoTA}JHaQbzcZsh8r{z5MtMz&{c48~p;P0I^)6QmOp$nIBDQNMJ>RW@Vt1S`Zyw
zpb4ZXg#u4gQqm1&8{na+>dI<(q!5A%q@+@?r0~N}s`^ur{0NxhVk_!8q4IJwq7npq
zUVOHSxGl>{Tb{0>R3=258iWy<>zAr>mZ`F1W9Fo1XOnq^_Vv#&S~FmNLt9HT`8p#@
z-WPklr{c06<7Rn~K^n~H&_#?|o<vGD>9v&xQyTIS2>oj@(MHJAJ!v9*>gu-D)z<-l
z{I=C?ySXmZ-ya~<*x2X~Yt-mEP2F~=ZRCsuO+g*hAAqFM;OPlPWZm{UWZD9l%F4>5
z(!lD<%1xD(KJX!Hl7UvG1FuJWm$uj6kdnG6EnStdI5TU>(ropz<(d^a+T6VSf|aXQ
zuUT8TZv6&bQ8CbxrDcZljm8R-x$;Jfm0_zkRoC3~m(8_XwvsXc&;+`n08p}d6VkLu
z4}yChtfiJ0l>@l4dPhzwA151@52=I`qcK;qmBfwz=98h+JOQ@IT%AhgX;nGBtvU24
z`u!q3KgFN;Wx|LZ?AP!IKi?4bUO&;F{CUT}+3P3%lRtM{#ZU+MgElSupY8#o-rt{n
ze0qSW_b2|7zuq43pZ@+`{qYwHKkqMZzdv1Nq29jVf4088_3rCJE;FI(>Tk9+G;X_P
zyS>SAYx8Zl-*M+%ci(gGeSf|Gfd~Kg(BB_^<k20E?R@+nPyF-Ar=EW1+2@{r;l-C;
ze&yBIcJ1D?_w_g4eCzFZT3YwDz5Cw&_5%kGz5l_7A00k&^w{weAD{f>)Tf`FKJ)n(
zUv`}R>g#jgeES{O`MvY}zkc}f!o{C1b^Uz#O7}0n{?_yRRo8z!0S!FC{HY1(|91WV
z*Tetc5dZ`G|33l$%*>>UiX<!Hz3AbYtx&_Gz?T|$D7AX7UO%^n(7+lsMWw0<El499
zlp_0QRi5|du)4)pEnUgD9aGs-7WWyKutt)`5?I?19#EylfJB~JXDP<xUm0|fg%xP+
zB{~y%Mb-zTkLhBXm=>mkX+XRhOatR%T#Q3$ao<O;BWYw<4CF1hjI~$=w*p#kqJ@uK
zmVZ;5O~gUV3bu~HxEK$^V>k?h{#4rXWy|w&$@L<D{r=A%Jc;$<4w2l?+wFUbstgrT
zT!H8h<B%;Bcuokm`}@u(csYZC{3kp!xc`s;#$Wc_;Qr6N;Ol>+kAL^egU8R_HMsxN
zdj|J^|MkKBKY3$t|G&LCxPSONzWyKd@y~4SmGcON_kq%Ruyt@ay|r)Pa_l@r$zMI>
z>;Gz>_<^7J`k(6K-*|fPdhY)>{*Qd&>)+D19k2TO-|FQ*4yNA;V$q=WkChDWUlTC6
zf7*z_{X^t~`yU%E8npfs$B71o@1Zb}r|nOAz4uM$?1X{S37aUA&z?B2|2pt1>f`U-
zAKNF3<X=o4yq*tFAKZWIjKSgXmsz4g$HVZsgU4SNGqC>*l}MhZ8a(~unS-Z)?NVR=
z1AY9t>|Qyo$=SW_)Hk04+QH#;=PHrB>&aeREqzKvrPPb4SO3}TmW#4?bt39rFSnPU
zhgDpiXh>%7e@JGpKpV5(%~5Kkh}cJJG1-GnGn*K?nn|UoM|t-gn(#CQcj`Xgbun$q
z(V6t-3ZPli^HVih?$mA+2|O4Tzh@>FXVSV#p6NA~yb}f)W%A22;m(<n)~l+EX|n&A
zVK5Rl+7dr4%?#*$Kczx$TOXzwMXeBL)4D3UpZj={YYxqq;Zc#mS4!3EEo4t>E4q+P
ze>#)on2H*jy|=9nVF+!F709<-Lj|2`g_6+tMty}o__o??qP=)gKxv^*8f&r8CMK8g
zoU`-*4dQC9sDO;J4JOE{6J7H8txi>SDz#J8%lE=^18(rkb#t9P`)G^2Qg=HhinFZg
zbP-!xN?SBgHSnVD@hdRs>9jJPCD*J*p8290hNkL)hBVSlKTz5H^7-8W(nR&{FM(qj
zO5m7ITN#VFh8jh_(x76v8Tq(h0q#m7T&TSST8y3tCPmfu!WaEfYzrV9fo;qO5g45%
z7>+=;rjn+1^Qq{d1eFNbR4U(3YovkRjib_V=Tu0Z6?^KHYj#(bdQF@I5GTc<CSXqZ
z>S5D<BF<rqd8SPUlb)jea=rMo#rP%Ew*=okTwFbV5xC42XJIn9?Lh0ZOvM%&`Rf!F
ziTQZ-{7CO`>9i+YjyT(_(+f;=fW%bsfSh3JTE4%KjgvGD&;wrI08*&k4^)PcwU%N1
z7O^EI(2;OU7ei?fY}D_B|A}$$M%U#kHNK~dv(wbNN-cvsgir>R_jdtBU8b<As@{DD
z-p86s<zXuQJ*X=K#3-N&{x}BYvQxZ*r7blY+Cm17shIBy&_rMI<EnV0&^OZh_jedh
z3lQR7JxxpT{SkqYN`;diic&lj#SpASwhQ^rL_NUwSOJ!))O;_<E@zoamO(h}^a)i!
zz0UVatN`{>NarnImjYzTYq7ri<t2RoOG3%UN}YxFKwIhS0&zz3aXc`}*I5j>d6wF{
z<KW@`uPc5m9qkui5E0p-P{DA3?-RgnJD9r1C@Ojf;P89F2KYVN0HzAcb{DLv!0xDr
z2sgw04fX{vcPytU1=Lq_AGqHQ-(YLdAHu%~X|+R|pMm)v%r9U@ya;m*nCV~=!7Kx_
z0ZbK`+rT^mW;d8NFekxqV15JhI>Zfn3Ck^}{3r?KPX*xq3>8ELQ^TkbYB)85lEI8M
zk{SgC8BOV`8Kad{y_9BfC&^rb>(TXAtI;ijV4^pr%!?76m}(-6nG)Cgjs6Mzr`}+#
zH0o;Blg&bRm=eGO?f~9#Awyo8L2q(<6DK0JvfiNg2}h)vyj=ug7O!v~F_HCF23F)&
zx4XHhd_8WxrOb=(b*P{#%$6G7JtmrW$2r7Z5*P<`sTq(4<0&sMUglk0UJQd&!X1dn
zjv%-Ii5J7HUR+T*#PS|`hMu8k=oxy3o}p*x8G44Ep=anBdj7wA{DOxOyY4?sC;Dd5
zUD5SD;vni`+bu08x(fD14-W`(pH}wwr=sKL#Y9I3_~l80N6*w%=Voga8jBev78U7c
zeQAxt`-D&`%aoa6WnL3KY25JWc=#=tH!m(OHfHs>;jyvvqGMu(&*<6n#zu$osSfu^
zb>66GIlB9e4w@IUU`{mr=0&gdE|kch@>@zpXNps)qsr*@Pl*;KZ>zAponl(inzgln
z-4PZ4O>44DG5+Y(ieH&y*H3-1vggtAFV3fKZ@8K}W~1)Cu|<3CPQAE1*)``av7d+%
z^{KF5eLWSdy57;U`seq)%Q81T^LF%>(f(VHJv=(@;}c6y>^}C&sIgtEUwG}tH(&Yr
zzWb(jb+Hlp2cpfb--lKo>TJwdIO(rPm)CtVHpt|+*8l0ltbE+-*Svbyud}{6_>bX=
zmbuOE9lkTYcxg<|8_b@k$4>tEsk^?o{obFhSmS0)Pu>37<_oTejvttKo}y5PAKoep
z?UO7PQU6_ag>>$$dG}wp&42QfGex_)Cy&k3zU^;Y@}uU<=bkzkv?VEU%z@v>zR_~-
z{-de~Hn2uLZEv46|FI84{Sy+$jNc>kzfU9*PoX&HCr^HP>W-%uPI+81ul)FwQ`7EW
zz9;hTS$jLz@7+mns)ZomTsAv3?<z%Yi)uBoHwB%Mep7Ynt?y;uTs)pUxA?0)sSxDz
z!!LI}bQ62$sjcsRu3D#QQKo)2<^HdK`fbt77xtMP);tK(R#^V=%eRbPrW{%Q@GG;=
zzGs<V`gB(Ar>5g4mPft0V*#e}u0g6*#=N>~<AjGUUA#1Y$$hTMX^QcGr}zBh_J`Ux
z=~3=@bCXDJZ1UCjw(Q%KH(t8topiU1M#q=DKiVSi?YlqF5{D{rMT3kfv0#Rtq36#&
zs&{;QnoHP+#(p-|t55j}ee1sf=zcC>{zd?RLrd&k2~<|qxBouGgq%JL5f!I$7WLk9
z?sU$%11b?FBqoMa35kY<N{WGoh(iuVisFFtoRpU2keWl9l$xk0C<G3mh?@Er)D#o-
z?F-lbzTWfITdn_lYxV#3TEDgLcgJ(~+55Nm{qAHwWNUu^*8F0w`IdI`nPl_B$u$7x
z8|vLG?QZF3tz|WzSmtSMYwEhzejV1ldVuFFnDbj$^F`}-7wdO7>vyoV&1=^D-j)uv
z_TSGsc9b=LxXo61m$Lb<tv6tl)z)XM^%Jc&Pqg$TYx!hr`4nqE=4VdLM=h3FzgJrA
zSz{e<oi%@()xM+F@?2}VSB)xLJhoY4bd}9Z%c|@j+&knijcc&qU)w(NfZdUHpz8Vj
z-}}bn>83XGN{r3c9}ovv05D&xoCCOJ_S?)OfL8&-?f=|{TH_K6FfW&E0b~PintlN5
zbp`|hqAap|%z3}(zCSzvY0Lk&>pyMz|ED;f;C|aYyTkOQoVj*~>9c8|O&@lEHrFdo
zu{%s(+ydH+uVm2AgN^`g#<UOUhM-+RHv*kG$L?qhdM;=)R-!<g;};0J8R*Ni?G7`R
z(m|VXx;@$MFh5=91={onH_+xik>#`Oj&bJtpv|wI6@xY%DF^ftXmirMDnCnn_V3TP
ze{?^(%kQL`B~QkkDXaR~9e)PE(|c=L+ctq|S8ICy6Vso-^yBB2W<D`J>xt>)C#GjV
zF+Jyr>69m?t697sXYuI&Q8YYNs+Ko@s{B2?>*+V;S1o_~P2+!`2>W;Ufxm|<_-4ZS
zkc+F^8X%IeNn<Cqu;zbyu1c?5Tcsy1FRZ9sKOwPFr@{LBR_CvN+F(w6Xzkz9TmR(x
zT`X;WqVd?O;#G}o7gt?gHQ?#{Pgq$w)e8u?SN@y%&25A7-^oY+b^YwTvxWC;Ha?+h
z%a)6)?j7y+FRnErkN@ZM(!cuK{@=9K{8r)P>E;Weo?L2ov|Vm@B%ZK4qK{X7`Nh=c
zSpT+O^^}IcKc_XfePMCcI>9ULjzB;Fzz^UHPyq^n1GEJ+2Y3M705-tw6?R7{;2PjE
zpcqgHI1R`H<N&e&nSg_U48SfxIv@?O!dgESkPMg(hzG;~A^`&deE}hW0Du5!3vhS+
zr%lX0cLJ?~O#;sTF(z1I+R)rbC(FJMAHVj>DNb>UQ=H-yr#QtaPH~D;{^ftK*lZlA
zMciR7hda+*<1nxD0eoNnC@Mr{$Q@4;J{7hL-wX5UV8d2<u_Y1I9lik$5{}8aa<N<{
zKa^`KUP>zkDTWfL1S=s*UuB>YrbH-_N|dr+IieIPca)mMi*zJiNhldXCXt0?HTi*@
zB&W#*QcCL4fpiu<M?F~wHidOm`>V^;-D-u}SnH>~t82z+<7*?!JU%qme6s!?cZDxN
z*<xMkyu6=Pu*K?Om1&2xP<@SVe(%?Oxl<w6ntz|)%x^)i*cZp+Ho_`l6ZGXf;h=Ct
zI4|53eif>Tjl>s4UVKR$C4L}I7w3p8#C76V;$HEXcv3to7K=ATSE-?-OMcQiDOavZ
zUMEo`n#7Pe5>LJ$`-x27q#x1+)I}Srjn~#{*R@C5COyM!YjD-IDM6X9Od}h}4t7{=
zs^w~J^q=*I=JK$rYj5@VP&{1d54IYkOjc$q=EW@YYENGwOc)`&FWeEfilNdJX}Xjo
zB};RqR7p_Qk!duRwNXWtsa@1J)LgYx{Z)0<>T0ptXL`EsV{nFGC`ODi)mUsE3kIze
zR86jctIyX$3R00T@<a2{Qk0Iiq2nkIok7LuD!Pg8AseoN>)`s>8^4I#;V>M5BXJat
z#xXb!?3jqB;OY2F;h1n$@D^K$7_1j64g>prBrX)w#BJgaV7p@RwrH1B$rmgaAO%Xn
zQi#-78YqQH5mKZSB}GdyQk)boB|^_uO1q^D>5x<){Vd&++~fvwYgv^2<PbSrPL-F)
zE95nDn!G_ym$%5<<z2Fe!Yc!mT+)xtVO!bD>Z@v|nx*EbdFpAkP|Y#lVwPNWEis>O
zic|3=yhA7xlEh?ju9zzJmFLN^%2Fkk>>_t)E!LWavtg{3>QFsYFV$OZt|o&uy|tD)
z)r0k+dW4Z`*jCtVS+GA3t^=3CFXBzx1)x9_j6zUf<bfOE=D0QX7hZ+_t(Ue+r=&Wv
zxBQX(t(+&HlP}5F<Wl*z+(hZ7gjdEyv=XDlDe+38GDSJ6<S2Q{X{Au{C%wSCMpyb)
zB3VfelLy3=y3tzHK|QD!^`_0~J2aZc&^Q`T57K<vj&)|f>~&U6t)n(pW7Q<}1X!V1
zjnz`Lm0E@tuD`2~)BmAYH?Z-FvCY_R<QkWaTZS#&W=l2ygW&3No?I)A=lr?1xEO8{
zH-}ryZR7H}V(vQU&in9T{BFLKZ;MjULi95#g}%!8UHl#%k2CODu~Z&Fj*xfgAXd!Y
zRu8IY)C=l0^_Kda_L26T_M>)6JFDH)9%wGQhu&0gr5k#8eULs(pR9kZr|8S|4f;tv
zU%v<u;btr|)*I$0vrT>($1Ua3fRh^WA^Z{k0nbo2+9+HT`iLXMc!<-r5ToCShs5Jz
zuK0#DL>ec3D4mdNDNPg%HXf!-fH<13EKyd0b+eT-N<Gq!h=h@eWExpTvdIlngZ8J>
zXcBl(J+%?o?2vKBjFYUYI2p%H;bwB5ap~MK?k@Knk9mLI3pc~rxQ4(4e<4tKO)%s0
zs&E@v<dM(-I3!q%6lVc{tQFUbyTpCsQSp>`QM@MJ6B|k|O1-60`GLGx`BXWtTvh6l
z`lK;w1AN$ryg}XuK8XiToDL(NP0o>P<QDmrxX@=|)SJ+DRHR*LciNi{po8gf`aYdP
z=g{Ny6m7!<)|K^SZ?TbVHj_173(!Vs3EC8Go%W@6K>JBMr(M?WYt8gc`U(BKep$bv
zSLoFYccY%sz<AMUYuE~Hrpax?_*i~CzkpxDujjY$`}j=$EMLY~@Gi&=)kdBOBLW`Z
z9rZ$?C>%wicr+Q!Knu_^v>I(dJJ7f2r%Laz16Nc)1T%=-#d4v%nd||U|B2ioJt=04
zg|HE9FY{A-0B6Oh<J3fmwMFV`b%VM`J)mYo{9aJ6ga6!9>uBAy0l=vrfhRB0R%;ia
zCk`Fyq53=EJ@fQ$^fP*~ZVr}tjXs+Dfcpmg<u3mP`X2bp3%`ZO;7_o(lq<O^?Un9I
z771e!ERsdBXcoibSUmfPCA0Z#30uX|*hcm>+s!iAVRnN3#ERGzR>mH%XVjW%J&3E8
zYG>eCUo}|mqYhBRA<h!i8R|?mMNNgaXRAeOTdgBlJ{D|08CpC`d#KgWYwI(Oc}AIG
z{?i9^WUJ1#=6twNZXLIgyTaY#8uJ1_hF{BX<K0nR#G{_*J(LVlwidX!2wg`nVjryF
z(ZIOV@d~^TAHlb=U3f<D5EOBwI2O2ehj?A|mWIe5$hDz|!6b$zP{g{h?d*GI+EvnG
zv^2;#cXd~zy`dTJ87oX5ci3%ycAKpUcY(jld%%%X(N19h%g7TrEExC2v3MF@h?n7C
z;CQt~NmRv`#oplEBg9xSL0knKzghfN%n|d&3*yg^A8Sj`OHHKq5+_MgS77?rrMH0N
z$4C<(D(3*Zr&Tgyp>$trFUztfcaw+8QSx-)^$eL)dMj@z^MH?wmAlFV#huh8O-W0l
z5PuRxdXr&LExZrWF`3LD$z(oRM%I$g$tJRs93YwGILRdiq==M2%-kk6>PcJB)|96b
z?Lz$_V#4X$G?vb#i|E%7FGVzzz02mZh3reH8SKFHt<;y*li+h*v^W^K<=O`AhUNoa
z)<f^5dl@enK89@g86l8GlVB{D80(D9#y=|SAiFIIRDJG4t`*+}?AQnmKx42M)D|}c
z7f}|2pn|9-A;<=~(j!TdedSIhl1v~a^e*L@&H{k72SMIh#y(}~>=4UlCCp7V)PCwA
zwM6ZtC2JcY195scy^kKP$LWds0?6x`z?TK!_gD0Cy_peU^fSg9=1m!po@_c7!F|cy
z<P<)hFN7AkLBuAZ#b`a`_kHLP%7Hpaz=!cTVX4p<cxjj%Cx0dHke^ZNDGiklilm$;
zzd**R1{ude$I(QZLYIQwzN1I!Nyw9LLgcIj-#Wp5VJ?twJk_RZd&s@7LqvQI43hzE
z6T!>I85@m*#xck=r;S3R*s%H9O`5UQ<}lZb>&p$~!l0#*Toe}#8D|fd!5!o>xhzfs
zI}YRr^O1ZMAI;C^ck<Wy+k82&kPW#457j~r)E|YR2;iS6bO4=&dgU&vKo0DQTj356
zD}$g$iN#a#$B^^C!LC9Rp{tND6bYBWi}#8JP+LrvljV)_0lB&&DCd-pq#I=1*vdLC
zkCc-Ds6tcdM*1wP54;-0`mlLy9dn1C`l@5p@#;=>w%*3*YV<UQ8550J#y+E{vd*)c
zrJU^th@d7ILA8-16Xhjkw~`Av-Gxvx9=vxG*-H*Wy?c{Xkm_LHR@8?g8UT#$%0{t6
zTE12WO#QsxNN=h8=tTF0QFk{ID(ghM&3u1(B0q;;1Kga=Uxd+hM~zWOl#6borZ^N2
z#odHH!bmAW3YR0HCci5CE2EX~l{sWH-9h)z3>d>R^f~Z%MfHO*>#q(0zHOr|(Z19p
z&0|E{ZEZmv<LtZx*#9J7!vDf|KqB&o8YdlHL-nBg^A*kal$Z}&hw%~CIK}gcyoc<o
z_$dKU`)B=D%cRi_G@b6Ed*RqwG>7KVVtScgGjA43wpZRK<tn*JwiWiudkU8DEBMRc
zv2CHMibT^<8afEpbi-|N0Mwo_I2otoOq_*Fu|wd5U?Eya5|V{<AxkI~93ls~HyY}K
zRB?;A9e61ZYR_`fOH!cXjDvc4i?m(JlgcG8xh2G5m<$KpYqt#q<%79O#>)~fLyfkC
ztbsax3)F=fz%4m&Zc<#yD-}?M)q-5?O<TgK2~?$iG>`_<5IUVDK^B?IQX!A5U~3?g
zY+$x5du44E$%XL;`8?=XIrPlux0*YkvTBS$aVQZ@fxadI>(2!aUV>JjHPG`7VDBwx
zJKBZzq71M@Cdz`?%|oZ*jI0=}at-qAZB!1PZ^N$G4cEdB>;W0i8*0#&U@-;GcKpC@
zfzY!M=-a@`3O*V;Pj;Q+6sI`FDNb>UQ=H-yr#QtaPH~D;{{1AlM>SWE%1<3}pPd$-
zT;gtXwFSKt(xqefSN%Ib{Ly>_D7Z(}_mEuvaAWiJi@$9g)aBLg{x9_o=@jIDD=71D
zV2_TSj@RzdvHj7^W1C;&a&Y0rQJr21^64IQe9Y&r?x{aF%xIk2F4A>DNxSl)ts7iy
z5bC*LO^IiRxRO>^hus`?ul3N9EA&!J&jth9wS3*9!KKnsWuxqsZEF(K`D62OhyMR#
z+swzO!sAAdj_NcxDtz?lPx{r24>@^!If+f#y>rLd;hQG5a`o&Ikm%}`{@n{<oBBnx
z=)Bqex#0P&c6Rrib0)p6o8IgA=Y8T0-?1+VKlYfhC~H#R;U`bMvVLoR|KY~)ch7Cj
zKXz)*+@q&IkQe)A%{g~t+31qYg&4nGVqEgsm{4{k#m3dVpP61`X2YV!Lmkn9Q%5e^
z=W<|((qjMUKss#drJ@0+KbUBAZd6pzy1dS=h^Y&T>OUXfV9$YC8*g5^?;jU5wRh&7
zYPiDj=7OTyCFQegjr_56@IUsn+Fx+`q2JWyqwdeFWn8%PM#Hlg?p#6@lL{WC6pbHY
zaNl)4!c|WgGG)-M@@{zU-jNaIUo`Y6Z_+!V^ZsUiFB&%sd!mYk1+!AGcRqbT&uw|?
zzJ2o_%qw`bps4qVM?a)YSWtvVJPMyOVNp1bAAEfMS9#>UX7kI)ggxB;VXmm=Y@@6H
zjP1vLH>CPc9Za#;k*p*%qucYN7Y@lRocO}v)>o$Wt2k8Bv(AK3L$-MFvvP}X9cVw;
zUJw)bLoa{tBOQhhEuH;^GPU5_tQs}PF8@jm&Di}O`j6V)0<5Z~iyJ?5cT0D7cXxM4
zN_WE{6=@`-yE`SML1_t*I&_BuhgOgf@Q-@$Yh1nm_x+ylJ3Q-Q@3q&=>{+wcZ>^bq
z_L*4Tg5?OT9jRj>&Z<|DR`Baow^?KDO7FBaFU*tb^ad~qN;4w8Goq&~nUd?21_(Ib
zB)Q`9!;DyFF>ewPY!B}|J%J?H9^x~RDUC+5=ujI7<zPv0t&7GR(jzyg_Ur1e(5lmL
zB1m=dtBY1_JsWI^UVO`;GookSXTT{0|7uRq6V&TVz`8CT9BoX=Ls4Xcj~Kr31ife@
z0S6vdmkM2Kum&|WxH0mLXSYq^LnAnK<m_8D{QNwi=b7(kn$OXw4_h3=cu7z~7jcgz
zG|4uez!YXaRu56{&vAE2UtVVJt^v|v#@Z?x2uO6h5Ro@L0dBmIb9-YTRR737Ms<<C
z-&k$`QX|kY6Z@eK8TKCd*!iR}q-{a}?f!<{LvQm&?;GT2%?6xwB>MOEy&6B+&ZzCv
zyT*UqYw8QGlPRGr!g*F>A)=_E#f1MP-ou1WENexMVgb_-^TBNT&2pWdEWuuBm+_pe
zy*A=wqA6zeS_Iv)%_2!U7PKyLO5=((1qYoq_8sjtgdOQYMFN2xWy%^27j9##z7ZV5
zU=hk1?eVxhY=``Q{4T4IEKcGOQ>L@#T4)&5ZZk?)90zHN(o`p<kjJhti>}1<_ZKju
z6J)|BQM#EC!?+AmMR7G<gwdjlEyT-`-|^T;>Pj;b)R@AdO({Zkdq(oW2sWxS9mY)=
zrpcB}>iJo?+j70rW$S^itT5-p&t2EP*@$`WKqhU<>J<-Bj`bdFyeLOANktsLOdKOq
zpwiA`?i?Ai*?rg|jNK64lX*>?4`{#5d(6Hf!?2f8YD$EK=(JInUuCb;`Z#mmY*{YM
zup6XqEl|aQ0fu*ZzO|P*Ei0Khcu$ajKt#Hm@q{6&h`z&?f(X7z0~KZ%yW`$7^<#sS
zv|S3-Fat^EjtE=_%LjqORbhFewOj=U@y6?Jt$T#KeEJ7_$G$MmU5<z=5xfK^_J}L5
z)lZm&in|hzu_bCMYno;b>`p<`3r5qP#@@+~o7bul1BsnAkG=LaTm<(uk5O-zhMWW;
z!*`*rl1<cj5^t^Ofq3?msR?^M-M9ib?I$EKNBy7Xde0dz0C4fGT=zf(gCLMCO3qX;
z;$c^Ik*Xrq1V(K*rRyiMm-4d{M%?>sMs|aY7wAX1Lb5S@ll%#UBswm5i%pqm4rqtP
zAzsn~f|O={)h{`BxYFS<w3a2}36djcW=y&8O;_tp9ET88TNp7)gHf&o8~I_*&CnK)
z;U9ivyr3gpG9NEBWff6*SE0YBWXA_%_S|>o)<uI?qq$*<6g7$bwNl@;qj>4^D)CW7
zb?H{zf-Y^tO@&2<iId4eTvPwPrKM$3v#QHeYuX;dp7>F-_AqU)5camBEikz~`tX4-
z;$ox?L!-BJfvca;gV{)`yfny(+#NL|KI=F8^VIO6Ud-Lf&+~X5%=XJ*y1K#lXtZY>
zw{@kEV~prmBceg?_vf=UlWWTt?6xPlye!VP3++sroVTc7G}_9wsb$=WTf{OF8jW;&
z1i3_l<_U`sO}jv#e|i&EqUH8dDq8J1sOACc-jXK`n(AEpLgB66IEiL_Dr#3vFD7#Y
zZGqWGY2By!W)ad1aNa|RAwyooZ5~EpR+XX{&T&$bC(M=}ROScw%F?+)=~V<NC)V=d
zUd?kSZQ8OzWEm0959x^vrTGHn*A(lyfQ(#C`EWJTL$y%e^N9#{&T)MkDra4a2bqhM
z729X@U{vArSh*)JB`s$uO(%78>cAg9e5MW0!cl8mkoRV)D-{dIuPBIT8BPblNZXb^
zggTfZQDS)0{hS}$S=W|**s{mHu_DD6p0h-Q8@0Lob#;D|6et&2<e@BFE8B`nNs~qv
zb%CL$QO;HIAuLa>*i-gXG7^nrw&3X2o`Y;{k!PUx=MvqN@(P!R;W9oN%;qRH{0qnB
z-Db+uh7TMkIiG`aLekB+AFs;<6(SSrZm369Xx!@VzL?Xrr+wbww`|N>=n)_-DIL>3
zvAm{DfDOEtlb@&#ceqf&x=F0_dT*v$cY<5Eg?;^q@55oyC<~pwG=BQyr4nF74QYv|
z;kX@$kksh2Q121^{Rbzew8~N!$ko&Gb6T55!J{xkBZDp+{ED5Po*`rTNXs4^o<>~2
zA~$h`%L<{DD{z!m?#S}^j<lGD+~KLWJ1Ab?>QHAVcqvH>O*?`|#;bLNGzLc4-|ybZ
zmE1;Ehq7g2Y1{C&CvTMt?*-Vdvb;(^&G`Oyr5kIxO@-4bvo}^9UH^Vfby=0yCz~Ma
z$XD9k+9?bOW9=2fhYK<$(wdtZc5vJ8HSANlv~@q(fh(4*_4MbLc0Pjd)7q{KASR~?
zC&`WH8HrztRI2P4`08?9@JU>7fYnQ<Jw200fH77fM96RtQZ*E^d+D+9(ubtaMvPW`
zuxTY<H4N|aQSQy?%3gasV<y?n5w5SC(xx9N-#h|SP{Vi2E_`N62plSyOW2IxlIDJS
z;V=NxCaOP`>~8%=w^!!eKT0QGeX8-X+?2e0xjhmB2kMIY0A4P)5yz>m7_B(F%1oB%
ze!rUVB(=&}Fh95Cwj=;Iq7e)1gRqB%Jvh*0+A&Oe{sAGis-~z=%Uw3Wq~$^m=O!S3
zMIa(K90PXyc?xPHv8PU&9eerMj%!VrQ^T{2jmn^+ke$E<quGjn9NTn^xMR&yihF0y
z6I%J_vGH2t8w{P4_)eSn4EXEF+Og4UuZu6)@YN<Pl5-q~Og*(VGi)XV)*VQv?%TDb
z;=F$ndz14h$3D1p-+g)-1e(6GL%>FO9^olxSyAy;?K~Qv?eS_YJrkiDOwrIpKcz~o
zr%yTkK~0&4Wh`_cePXb|oS(l#W;qQexwjthsn3>$WUZhSlew%03(iLZhuABoGn<?$
zkfsKsfk=fsJ>)b~OrDj<G~FuM2wRjvE8-I)O2^kQ_7F+{2){?4EdlR2lV1pPF%+ca
z6h7tg1RT?OqLbu1w<$0|VC{#?dd>usO^`l1;){3(@wB2ehie~dQLB9E!A|(|Y_^>C
zT|3@~3!udIZmAGsxdwbVF%j63Q280+JS9R!!VJIeA}<bK^1>1{j?#0<8TADfSk|gM
z-ue<H{xg6TrYEY>V;?p=+%A7Tc<oyJlx}G?D3*=$@hEB+dZtirDV*z~5>|Q@a8WlM
zpnR;Bj`tihJRhx|*fxQZI9tXe;Q>GD6#JlOT6M{G*T(DGj8=6j*^;e6hK#^^IB#WE
zhUTsEC{?n@<h5uVCAgTbfcK@&iM3_d_<F=)#>kxJLBna*E=BjJY#3c{xMQCipW=S(
zE(_4>Co0sAwXG;4VY|;+T|$oONHFu-F})1o<Hv%S)Hx7!qU_2t{Rb8Erb&@w*>@~j
zt*^3!7w3>z<9W=_yTz?oG}0UN`uMc_HkF7UhQ;dZd{86Cv7c$G5+^1Xf4}dSpQEcH
zHzcT<+?-I3r3sQ}XiO;IE-g#c2A^)BcCwLAGs}6xY3Eh@y|m#+)y$|4gP`-WA`MTl
z!j(GV8cjDJ@qyup3!ZdH7XcKHEpDZnd6FjayE)cd%80&Rf*=TB8;M^;!YxRu#BN2i
z!jg<lPIDLtOq+spKkuSSaU&wa{(z_V?yT28Q;GCRqR36{qfo^sQB~=}wR0&`aCi$G
zQN!%5Uhl^nk$jj(bLuis_-`Ob1}80<>gi1wB>BUmH*3?<SlkS%b_M4<loX{!wHE3>
zb-#Vx@OF+aq%!LgG}Nqr)xEqwSd8*fqK5e;X^PAFsk5(my&Z@JH$iwhMHGNnxms+^
ztaK!N6F<BR<?}j#-FY{k*>4D?ujRFE<GUO=cidXnR^hGP#}t{3HXoOjD_)Rdw8zw2
z`W)>V8?)SZj}zx+)a<R8`IzHH1A(v_27N|ISJ-J9A|nw(GguPctTu4p3@18hnvH}d
zc*uo62@~=)H0f(t(RC@Lbt&|U{1}~TS}?309Pv1U+0J8lL-Ey0GfIbG{3UU}{jkvx
zBHb=d7i#1#?PCf<sAoMo7Z^(bQOX*Vo|t3uC1}##(POlhWVQERNoImpUBos)?X~cS
z-5=JCnZiD~@CZFhu7yhN?rp*JTDO~v*}F^eB+zKqF!sZ4fKWm*W2weVsBxR9e2<b6
zTS!qi$@v~%kBk9``ki~GE+{%lj2{OI!Mr;5ynuayKzodLOmT}~+@rdNbIseq05Ha~
zJ%)-$5ydWC^JIruK~G#)c7^C**6C?~z<h1kw-(?kdPW+C)*pCLjsHkAB3J!$z=hs5
zi3kp9_iF#@dhUk%MRO8ru3}-ijIvY`jd`0^SUnfv=%oMar?`dEZP3*kl(7jcl9^kt
zB<MrTi&2GCqt>Ntk#bm#!ZnNTmjFmWx4(B{l`5cZaP5*aC4byN-c`?HChp>&Oyt8O
zDb?g2Ct&obSEa%byy0XJ<H_KYtJRn-eAf}=_QDv-g}9wMJX$63EoP~{n}r-|Xpm51
zkkClR5PXi~=tkK4@*q=SB_&=qF3y{WU4xt2@uhE(BdTV}ImS{_C3mOi_6HyGar+Q4
zjS{6RCnUc&3!M^@t9?f}<F>6~AJ~PS$Ik*Ea+MkfeI9Zo>Gj<5K4+6<(OMu_Zb#8Y
z&_g~}d%mP-{Jg<kH=;<K=8a|rdWiR`Vo)HeCSi*N#tq$+ZiPqU1o?T-3TK6Wjqzy2
z`M~G$;R~5E#8x})!ReES526I*i&aPsaNMRVo@VxZzQVqpt-LS^B+AHiw6b3SRBcG^
zg-;8T$C>SLJSK;I1JQDQDb8nDh#4@-<Z}SHKtTSGX!#)9fJVtTy>>xKawH^qB*fO{
z?)ZImU!P^cTO!LIE{XI((}=Ncj`(T`{}FyNkxz=lAq69P79*D$1pM1igP=#=JHhL}
zwUX@W7VbF{g57^KW!Ip=Z1YYLbBL(0yFSP)eTQ2<T%}RJoPmvAu3u&)z*j6=N8N8O
z@-%0qzy8EwVkT)P{}tDm)j{w~pp8539HMbpfrtq4Xo*)-xfo~I8}%vi8x~<ya*lui
zcTxxZN3jq)Thlk_Ua|EtzM;d|7Y>DV{8KYIPqPahPrW&qpPD;q`Gq|K$r)?g3VSpV
z7+DZX&ttS!s-Mjq$v>=&(P&Ye>IhE=JAJLeee@Rdf=st6CfM70J>&q?2_Fr8JHHcV
zXb1@dWS?`PkCsM@E`97m!V*5DheWLhH&sVswNAa(1*;cfT-HNV){Ud4Ds2u^11VY)
zgkBRGGY5IU7RRZFhk=iLE|_qQ3MUbd4f&ZFUdI#l3mlvjRTnJ(sLXXPr*5VWOr+y`
zSs}9<*h^7wfx-f=ggP6uE(9ylC_p5h_39Q}=iW1*px1`i{(zwEw9#|0Q$}a1)nV_a
zU1vCvN1t~6;7NO|U3hc4gfD~+`%~-SR`b%mkJbIrNPAZ|HZSn}AwNgK9lHxrO&-@i
zJ&}(OR*e+e#|piO#t$EhLf|7CJ|^r5deu)MM4qzt;Q{{(vW^R*^;btvbcCqejy>bM
zNFy1KUp*jvLG9Gr+<$X{b%Oqa5_R2g13QpxrN<<4b=|oL`C4qaUsQqTx`B&WGzDC?
z8uBnvXG64T<itdS@K!cz18-6XVlqZTt~rWp7d4(mm`rJs#Vq9`lC-acg}kg()9LeC
zxm8S`$>x5W-6VX*PR0TGBc%4z{4}~7eWjFJhN$At5w@_{#bFZcQ*7d|Ig~KmkyY4N
z)yQ%2QzDR1Na_a1>2L{WBAy^S7EGe!XoppncZwT2w5S4+1^eB4Nz@&8FwVkcrGwWW
z9iuXa!|n7JcXohxmZhhOOHhWw=%{<RRF39MW!QT9%Zmq<igMg=G2tKJL}PgfV%nQl
z9LLv6y69oWevk*=JLwcZbH_+k?R{#*6Mwwh%QIKiyzJW^YH(%?^}z=iDx*^KGGRu8
z!^pDLH|?qY=|=-c_D-o`pB8Oe6YnPUO0yR1>UwOB^Ruf8!c(tBeHJ}&T`BZxQ*=jD
zOmaTeDq3ELM{W}cDi}eCbr?b(+;&*55fRW1xXUgvEs#!_y4_x`+(fvu-JBb+eB@2t
z-hDA1qiyLmy3J1s<B;3xWV|=WUM|G=m(Rn&>CF;)W;;(V7QwyXSyDGyf0Oxg!Q{2q
z2>LU3zr8$C+T4-2PJ`v^D}5HDURFC-+SXGRw_V|_$xnGwLV$+8U^bI|s#FmrmSvdK
zh~=%x&aKG+mzO|juc_(}>?im{7^+<j8)QPXsNISiY+0DHgT(>InkP&hv{yro9-pRr
zKU>~}htpNM-4|U_aeW!EJ}1&*&T7GaprSoRQ?OL5d8k9rQm|C0d8kd_5aE`q(rQv1
zO}fzn_dIJsrDm!lrM?-{ZE$5<40lYj1PJlIzuBzn0yP?sRb8hO(sHBS;?ucl&V`5}
zl`&K*AIwM}+OFG~09PchSt0NV6>+G@GEHgDq<K+~ELl6-t5f(iH!Iwl&QEHwFWFuZ
z<-J*3(Rb(s!g1`B<S?#Kf~QVJCbmN8+v#7LO}GM|I?Sm{7CS5qk<g`!cp6MNY-;n*
zV@n8rTF+P1mar?sZO%o$eV4FgPt;i><}c=Ti|N+)%<S<6x|PN%c_19pZYbG>Xz^L6
z5!Xg1(vY?I?d8CGwpmNemM3uS;rz9a8YKN8Z8tRC)>gYD#-iCbI5Q4P^&y}>!+cp_
z-Atkgr^5jN#Hhb5uzvd`D3)IqSmC}duxcr3+Od9Lg=PLl2<yAh*FA0QzOBYOCf?Vb
z62lJl&QqfkZ)KFmR?CCI=xzrxKZb3M$YT}q2=$^Xr*@?lUl+a1Q}w!BLpzpjU7|%%
z%(k+u7Ea_`-RF0=dN+GSDhk20762;=%<9Gx!ttSbZ&*ZD&-7lxLfS%mt9XzRL(xKc
zt8uVxFl?}7FlCT1{(x(xq%LuwCg`JV>|Tf}^7D7^k5GzII_o)H0+(H<-<?dnc<+61
zbB~f(T#fN+n1v93SbtCZQ=+g*!}9R;OrUmhPjQE3UUfl_He_(?)(OiAT_~-zZU9Yo
z15;#%^#qiOYrfW-1gSUjTxz$pZ+VaD)GGLgQ3!*$wvTZ7$cL-h+cn#A18B7{YISRG
zA!A3Du8Ky4c8Q^5w{f%Gk`w};ndY54)Nc6;ZS`=_T)NnZg`qk&6A>+tYO%u~9P`;k
z8@RenNR0`*Fw|+zBZ$oGPZhim7_(NV9=PFyEA3Bs-^+)oyy;xGFVoog{<D@d?J03{
zJ$B&>H|>5T;`>c_)1!;eaP4!l6mmE-X?bL+mTw!%Wx<0VRL#R3w8o*a(i7%SVs8=*
zJhwPJ=4s8C%T~}Q`=pUePu}!VM`yG|GtvyOIX!^XRW?jqp(;^Q8gWMT!Q#Zs?DxcS
zZ!vp7!mDiTKU_f8T;xsYt+bT9BD}<V0zgCYSfp*=6P&&rSb+6C6&wKHgfscE#0{bN
zC<%W?sd6;He?>-`5rpLL3FXj=V3+c+&;g~%k#p6|-~3e<e4{X;SH9*)g2L2^o;dUQ
zc>#kLHV(Y{DTPB#u{y*D)WZeb^Rb}#$$9bmD#zEcx${<gHlH#bX*lp@qSQ*WBoaK^
zorD!q!f_gO$A{76tYvFv<7d`gd!{0NJa&APIO6Cxgl=h$<`q3Xz$-pIoI~=~9$v9b
z&WXlW?<UT)CGjHOzoE`6IrI&ubGCw9s4hf{V4*75_Bdsq=<mzOp0)p&#m$KRGI?jI
zQ1BW0+e-Ngy=TU-PxhCk7Dbl5g6VQiqhr}iu@_NSB3cEmJbg2{R_&Bj^I}NPC4D{k
zv|l}X^Rkeo&at~t^o#d7R(iPNLjeE~a6dlY_|>t9es!!bdv$r3IeEB$^RUnvZ&R#U
zVz}cY2(x>H4#6jVR?g<Z-41Uihj2w=b}ZnqFwKI=y`ts2&?igg{f;`%RR%|Z%8Oh^
zwwWc2M!O2SZIj6*j%}0Aj~IosJrd+TKU$T2x!QiV(*EIS8qL@rK`haAL8>D}Rkdpu
zn0|$PrVn-pZI`pEJySC&dLb2%?wfptcy{kh8*C4nEq7L1Eix{BAsvu;g?eTL_5%@u
z&dW*FM2iBYZqj@cuMo~O!PcO$auYRY^_N9~(l;4bC};P<j$m)lQMstv!=hWMPRW~e
z-_$FlGhMJV$Pcty{!s06(XI4Nrf=>Q+8M-|2{n{Ln0QQqjHY>+d08EZ&rXOtC__%U
zAgXLgi(OknIln}sSc^bgMY*s<69<G`kx)@kQGTx?rJ~SE<4g;R`$>lKX#P8m4`r7i
zNIUYz2m>YN{1lCmG8sGmX(?_^#<FBBq(-}}I^V1byS&$~`yuB1Dr}f4&^HLQEu$Q!
z&?s8<8x6rad^v3G8^jE-0ak`FoNDm`3^R`Xm|zpO@x<EE7938sVFkW~<NFW|BeAps
z)g;-caM@*!AE~lh?(O2IWn??-4UJt^=^4INsCQ?7#l@DAE>~(W3F_Y%BJIC6>wgfR
z*4DB+8<(PRL9y=A6U*lc#hqS-b>dl38sROC1;J_K-49CCwI1$vX|}DT-(~9!EbZOb
zny$FE<0`2kbz4ADVs)_@Jl#z{#RV1d52Z7yO;xV@0JsZZm_85Y%<`1V+*N&}!Pb?m
ze$LDM*<lD~u<b~UjmSfQ>7nnV?U0UW0a9I7{HAN){HaD@&u)|qWgQ>mkmdYBy}vRA
zCVZJZXv}#*Xr=Vs!Ul$&^$xu%PFv5+OxasaYq=1RdBy>_#M)xmKQHa=lRm9<PTg$!
z*2<^)l?q2eIq8D}95#zO?Y6W9R<Duuhm0~jD+4|GUncv?+;ljR&tS!rGV0@v-0$0(
z;bbl?Z{^NEWKXnl(oa^PvSxgDKiwr9$U*+_$qTRhy5l<c^QP*nTYM=c!7HcrU<GjT
zlMqMly2kVl9G*o7#xo9I6HQg&Gm*XO<O=9Ehx;a_e2L1`3AFI(_chyl@NB&C+J~#t
zF8k$~ywX%C>_U-~XiZFSgk9Rqhfr!r8L~glgBcTtb=wFTJy+!DifAaRQdCU1HJ|h?
zjJmjF1}=mZ;!T4~Rn!s*%yIc1IvUUWMe>sxct1<Hj+S0%vN)6(1JYQR)Kl+PUDXyF
zPY>-XJ)hcs4(68s>}1Eo7I^a}KWIHDJ_c5XRd3GGG}?K!CeV|?&$LC<-^JPF^DWSM
zRZUbh?i1?a>O3j_THO1UUP?(g*nm%AXwj#raYTANbADysS#>3YdiGU}J+iJc@pU;@
z_>DmVi3@Vs(vAghN_aH4)o46fre(5aFUvmAi+Vy>s^e)ufGH}n+tR>!EcuT?#UNZT
zM@3>=R(&~R8M-GmPDxDx1!!6;sVz((r7a~&eO4XSQy8bzDX*=Ju-pku1Lgx;*)e(|
zO-n8-I2Jk;#+EvjHfegR(W-fC&}w+ABY>Uk;5^Z$6_*vy)X&ug%RiMHfuOWR&&V1x
zeIphmg_W|Uge6ea;xvLm=Aa?aCJ6lux-r!^;a*8j!AEsf%~CblGR<=9vYVtlRJAb;
zN{~B99P9%|KZAUuMmoRJ>$*tb@OmByTjH|Eje3T9WE*{o^6`jBoqlYN*=+iu*8VQ3
zJodf{s7d#1!Q+NbSi$q%1!TbRsRwtnt}9aO&G7T3$A|jw-?ur_kBrj#rAF>L)LRZM
zNmYc?E7R70N<(z!s7x(C*Fikv<m{A0JmvBXm9@Cas3^>$xWsE~a+$c90w%RBZf*$~
z>f|Q6TdbH|4EI>8usnFf`Sx6>@iO)7RCv18Q}t+*rMmR9>vp*sn${6BE;!h(L(<JJ
zKYhh5D6ov@GjtBY2)|^|3%YHLj!tz?WA=8@;a1>^j7zhZS8h_ahaa`Km+*~-G0!|_
z>$z5~bH(d&t8*2U6@%{E^0u`!4>axdYO6E#;uQsk-JB{@QSI$=+?{fTNvNe4c441_
zhW4r%+!gh2w5zQ@ygL{3y!3R&;yUkzYcW#m^ft^7tju3SKYELMy~=)wv#jc>a-<!f
zJA0$6@6~_MU1DYJNve~PX>Uhjzvkf&-Q}xQAEZ%X@hK_V8VpQ{wcZ29#%_awIkDS&
zz@S(>FfcwAZx0w5n+gV|$ENN9Lt}Npz~ornJzz}iEEt#_JG%!Aj^zad6JvSzfKOtZ
z!NAPe<~?9|tTz~#8tc6WjEg-719M}~_bwjAqJb}-#-i<AM8w8{FVbS;_AWwVRlyfY
zv8sDOsaMt>*a9Mzo9+T4&o+^U$`+jD{0;l@g4F%AE!@O<(DA9+4NRl^*dfiS2N0rD
z)5zG=A0&vy_gMrzh{Oz{$JB&TpdN-ErY=EHN-aZABUh(aqgH2Dqf}>9qh;63GcFJ}
zP3dz8;>UD{c_;rGPmiol%{0F6K@c^jB20=r7a~)t4W><s9(k=sfwXCIpIwknBsZiz
z^$bE)>Ks|E`h&zSD+J9v<sRC#)LLjr%mYYbOz|LQ%xuUeDLFDG42%c`B1ZH?7w8R4
zBgkdUR|pQtI~a2`t{q)okyy|wNpkS}Pj_&366fe^6$?yEoBK$D5~*OJVX0Mc@e}44
z*_i57*RUfsVLmDnq2tH%(YeTNa0T_sCMX^woPBNwTS7&#;U-Rh?x&MRurfsiv*Ead
zo=Ma7x+R(8l$6I$O@twOlwp`PCb?>v5mwYeanHpVAeR?@G^ar=H14cH0pny98&}SQ
zwbKimJ{vX`Z<jj?m^gOA*a<Rg-M5H0xa|iLC>|rGY;ZI6?%DJaf}@-Z5S;S~oXufY
zx)nOYaXaF)2k5GJ1`4O?2JRIS*~c(caf0hs(!x;&Fdeuu>V|Ckt;{KvdgFM^k^E(_
z0}BaL>WCo<(GI{vqUAY0*dk|N)1w&=cb{o^000m7$MlHlm-Gnt*Yrq1MgFhEC}q!U
zQ40N)ZfCKw;v`LHvEu?Z-5g8?4OcOBac#=%$xJ=fbGJblJ?#7P*oN)0UaUS$BCe>U
zKmbY9)co{diUXco?1#i{(RM*W&XsA=&$nm1<QAb)Q(IK?xfF1kTjONbInvo>pO?sJ
zk@}T`vpCwT$H^LWKnMr3tmi#*Xdf3$`4{&ZEs0>6gAJKo_UM3EOwGY>y6YRfv3Wl2
zNjp8Af-`#wiK>g3cxIocNX|r`hQ3rs&8pb#on}mQ+ONgS{Kmm#GRy?VE%9p2@o8r7
z$qLN}Du1BmeFKm+Nl0=<6Xi&i1YruRy@McSQmYGd8*?ZcC3GJ@LsAp%qVl^-(_GR<
zzsL711R4dngI^;DA2*t@aI=lM3&BUHa7M~SmzXb3x`jADE$*NoYJhD&Bdn=XbK({n
zoX+k*YUVA6iLBCSXR3G(OVUj1*Fw^#g+~b6dJ;qr2EEoIXO*ZAt?7aDsM?)-mv@iG
zyRt%pl2Y+`73T<JMGyLU&sMr8hU`bJbsjuz9hK|>8r_ker3$Q;(c$!W@}4G9VS55O
z&p_g~%`+q-$tuN=@?%?(26il1c6}hZoi?R%%sR6M=G1hy%qmHS9ax7QofT=vIrEau
zpeMtp*&RY<Yqc{^HnFxicsQV%nVQ6zcQxW>(r>k+9rBS!QuPypl~iC0nh&nZ1?n&K
zD3J{^IqK@Kq$KuzHo*&<eSCv8)*=Z|v+VYr9VwCJpf%j*+A;dC!y5`vU9AnEr?<#l
z9FP#*c%QLnrZA-tVQ$LGy`klI=BUmrOAfPKZ*%vdW=Ex|oT@Hbd_6pn=i{`kC2+`=
zDWFyUl%<kz>uT*$_XkA>->dNCc_2eNZr0PtrZoE%3*u7a@S^!~*mSwDwoOO1%p+5s
z!<%L(4=s)fjg>eRy}d)J)N8lU&u0Wxe0)*alTXY%(iKn+xYXY@AQFuaow(B5d)k)(
z6UuGv?(1_8`go3Ue>$?D^+)102y*x2G?J_S<O-j<UJj|7`Zl`$W6y;$KJDScxPz=&
zX)b<=>9v#mXx`D7#VP;U1yAf%zSkV{Nxmc~=##sOaK)Oh*)u#(K@PiJwWxOLIe7-2
zLf!D%+DR=TG9#TyvvJ!q)ZkUg`8~Ls*-ojq_*o=#2m7*ce432lPCK|)9MPLj$in3g
zwYfH*^>}();&6qLUkvNWu72)FYh9NXjTL~~+qoB>eVn%#2iYi`-F&zb@8CV1DTyHy
zi$>I3=CVDN&)S>1e1UJ>l8+@|hRJPV;9>G=v=*}*FC~4==;gAYuh|E<;Y&z<X%)h)
z2gh%k`zGFtK~L?pBkEJouHnevv>pe!La!vQ*<#oLR98PI;y>(y0-@dJP7Hh)faF(v
z6XY7Cl=vY7Z%{Uab5MUvdW(9C$c@B@zz4<$#|OoSxb;y-P)B4(sG-z~%!)V*`4NSv
zOyJ{dY#+2sg7@wg5c*OpvVlR@n3p*3A>0Tq(OVxIN(aXHhZstV$OH!aKlYEh#%+!D
z54%RaB)SxS4@V`P@|31N+F}sV4N70y?Y%^U4AZDUU~^>QZo!T0hAko}U~+tkO4QaV
z-f@(8izW6G!OPDQfzwGBH@uiOhw&wcJ-FAR;yveIuyBQADRdAT0N6zOx2YofcP!M@
zRQhWHM%~DHiVa)%P<P?A(QI8z9OQj7v3sU(_fWW~!qAf|PM&rnp~Wu(s})mK>YmV?
zqyhm5eSJ`(k4QsX-bm0^Fif6|wr(4KntS>A`Wj}9oTQ~}%?`%W(A||d6Ss+pi+QQm
zWvaU=_&#!fq1qlh)E-+>PPtyXQP|^I+s;BuXH5Ap1KobNhrXc1p`e|ZNLPyDINFSg
z4(rgy{0K^6Y*Gu;kaTcTX^<k6?MKjw8cjCcTVpnt4aoAwjJ^~mVD))ljb5=*w18HC
z+15xvn5Tf0H<d`#N4>saFH=k$v>c9>Zi|f5w~Usm8mNyCV{u$vK>UVG{4JxdaN4M7
z%&4T^{D<ozuTU4ZaB1O|O+hrI2fiY=%Fa}u!tyiD`XdSUFdW62u}EkVJ{mN<WwI@6
zDEnAXXTR)4FFmIU70w`Fuii5KkU1bl@BpXWI&s!YB#Kmqy*F%DKZ!`$cN|feO*my#
zUOSQ@mSLUa=5lZXuH_bu?d1t^>$CDUnU-jwbxQ2xG%F!;FPO8}&Dko@!?(O!D)FM;
zt-BpYd_a}g3@jG0)t`w&$2eu_-<n|6m<80e@jVMvYzcbuWV)Eu9Za%LZTJQ>%H-Z(
zL0IbY?rkpov+)ecP1Y}lajT?av<LwJkU{-u7%YDdl6Qt7`E_6EZ{}g7wx|H9j%_3>
zD_eRpDcxR{e6|r2=F82532jyu9#7}{)KzFuX_H{Q?z-x+82t{^Rhdm3g3Pv=$&9gm
zZs+;z`6t>(nnd&wW=7qxJeCgq<dj%c`Y>h=BXjX}Bk01-p$EM96vbZc{v%}Eog&t9
zyG?7eiDq$e0#;+xQcXhSEpIuo72C{3(lgdxSOI4!&-c)DEtj*rJbEXPC7*H9h4B*T
zcUZzrQkf~wzUvW12w~Vzv)C^mBv%C`t4TwAVnB7lcZovY)jnv3kla86wcdaG4&?m`
zm6>BLuyX9FzRGUKgS_QaqI;djPMQI8jo0*0g?#)Z?MC(!EsPhO%<{T<MrBmVJ4AGo
z(+}W{;hFF=_wQN0^5|vrX-yaz>oTUdP#a>9g06@tkdcENDqcgzklSjQ=9h>;3prwR
zeu~)0Pr)f=a=XhK5g;#Tcj9^l_hnpwSKanncjGbz@o(dT_4BxB>HYN;R?S5fth+&x
zydT!odsFb1f+A1T3FpY*SOSNjIxh)7<{n29RQkf3v|X1EaMzGG5GDa#(2|7+aUvH`
zw=u3qQ$Z4;eO&X_-balejkl{l&gLHZ0S4Id#5p%Gkj?m_X`)?t?#bYrXHoMRZn4#D
zVCJS$g4%oLwNYpJ47Xh*`;~E;u|p7_=sRl$J)kSgu5}n`SC(F8+Ze-v)_ha1HlEhx
zz}~K-hk5w8HK{bJ%>ieXUwRm_4Z5wzP=~FobaXV-gC=#*Vsc3GQmD~7>$=`0(bWKZ
z!G$?)a8&mASxL*RhBjvlzG0n1#%g7$`@6RE+R)TNzWL@J#R0TJ9I2U5`)Y^ckiGar
z%0i$D2&YNUQ)p!CtfC=FQIN@SHs<|ShwU>OjvV{>%AtphLKG#0RNxC^s?DlaeRjta
zLTOuDyY+s2O77?6B^2dmkcsyU#w*r&4sBXS=7p7P<<?(>!KIbZ<4oKm;dl{~&&kFm
zv~i3N0zTG<Im4l=))?1{=Wb5I(tifY&fDqFE?XbfFLeKf%@dSWTaB6nU0p-*h2XZ+
z+(05NUA0%s_5H-M#uXh>E5fhwS9P^t#C!N^1E-|yXXC7ghAiC)`I#4+(~@uN5PO}8
z*i|a1Kj40t?Bp}rcz9sHT#75z?b>{ekj=FYtvez6@VV91c{~YEY(2cCqfMy-TmYfu
zBN4IQah9a~nnO&x7v#s<94f9xUb&dt1Yma6>8XgzB?ti=fxR#<bUJc9Gif!+6K<`J
zd<EJze;LwgA7da8E<YaA?j@0$-CMfM2fV)iz?ZBn4C|DB)Me8l=Ls$Yv{{tEr{{_i
zW9%1b*nX}vui~&W@SdZks_|Yzt*83q_=XI!6fA1bUPhpcs29i0B<%`?33_(aKv(<D
zTSwi{=I>QbEMmj40bS1XIuw#{JY%9$#?_QB=n=L9ddP;5CiG2cPWv8HbLnUXYIcZO
zqny6{;vhyyz<@PK03a3S-y+(*pBzNP(#%56*}=ln?VF!y$BruWieZP2DSt3G-_Lbw
zN7q_-6n6Lo3C9(KA#J1N35V@K!c!V_%w2Q(=h%i901>U-Y_i9hoaZ_GtFJHT9|l0-
zuY<y3y|7R`m^_$I;RozUbey3by=2*5x#FfahYXlrD2yL{ki%RE%o>t!M6_hbF&mC;
zOnMtk2O|qB39}$>jDvKEU%6<Ee!;3CrRsBUXoCjhs3$0t5)M|WCtXkVhV10F7@j!!
zgGM}a=QdmX6U^-;&FvLKm3Sdrp%0Q($}3C0a1P#ZZnj7V4JwOO%vM22?^yZ$`VZN&
zOlrnTH;}!d4mQ!)?LTCk72Q^Ne*Ip2_d(;s(>u-ZLj3ojuW9M#^|#*cKwqUt3|$y0
zRDv0g6$mAL8v3MeU0vNoPEPJ#03G|4)IvRZb+PioWB(Ky8g%7rfaoxvbOOy`@BZs_
zcPs0$^RZWWk9bt5Eo$k_kQOPt>e1DsqKpva_ao=<T)UpWXfkB%u#}trbTa@IJbosV
zm7iz8@-kBe`4G*cmt2ZVc=oN;pjvfhlgJcKYIxMU^f94*F0B9&HSYTpT#dbCwksfB
zpRuSApB}Emv6hDzLlzd~k$g$&GNEO4Y6BRtmRhcuu6D@%E$6(C$nhkXyUh*vK8zzc
zTn(g!cVbB1<sF6X=5JSOZBJARRd0sIk++ef-}|HU^_p@6ciyKq!hz7i7BF^Odax7n
zkE9hfm-4{T*NT(OJR`|4bA-jn9MX{yVo0`GSP7DW%r=sG2nyBIn7p}iBHXLwS}AhO
zPXljgUrHhBhG6R);XZ`;G9+=9!j!6a!|~={hXnhlA<_1*{p+0t$9N<6NipoO)#4zr
zj7hX=Is?WFbunfgV&{E63KSgL2y>fPt}>iRQpi}Cv<Rrz1kRl&11p2Tb+lty{+v)f
zL1w>`!+G}{_cw?0s}BQjA!~!f5piAlLmB7P<Z2M@H3zxL`PWBiU5&a?mXcf*2XG}H
z%z7OhBlJq-0|&{pJ8SxDs}^g{-1uzn2R>;geqXd8xwy+yqAszAJOn|i%`A$Hk8P$?
zAh|(_W^5Zn|1m}UV4<5fJdS(y+}}>E?1{+Gax50N4zlx(cU1=SLRnZoX-HGU@^)@3
zB90;lB105ic}t8S!y%&meL4L>VT&?K(omK0)VjhA5fZkd%d%p^8#k?JGwCEo!KH)b
z%!3!x2m~n<Rw;`7(3xYX;H#W@n?qaV=#?~7$XEON`ST}BXkN}<0q?D$m&!WWD;M@s
z^s5gtM-4{D4Up$I<=#5Ds6*%KBD)LZYO4!n#M+JyxNj5;@WEF@Q1g=<fxQ;DZ_~^=
z^K!)`R=xb<o`esIUw7(pq~R0VW~dN8=Umt<CN*6h%6mzztd#9jRQq@uemU!^tPA4-
z7L&gqj3@=rk%Vb9C>PV;iG(N@>LuBQ&<rJz@o{S0Q?d&ri(SSdPI*{rBQY9<;Tu0I
zFUZT!oH%`QtKvO=RIVpLhRZV92h9B9U@j9WBI@^s6oO&<CSQ!`*~rsNs5?wF`I^i@
zKw<-ae&Yr5hgW%i{`~Y}&#y&)e2oVCr((i?c&+Ex8h(6EjPz3t^FP0Q^Q9mn;Lned
zzkdX9e|V_;y|pg^;K%1;SU(jq!Ts$+=3guLapj2UrwUpK{{3Ovk2QT+Y5H;Ah5J)Y
zvlM??clz~ieoWDS-ZgTQ_Mh{$A4`AH;E##q&v$T5|EHw>*E)WTwLdE~iSf4y=&xP)
zG2q<$se(q9e+$sR-pG$A`EzGZSpO8Pey!t2C;8c$L)d?hu4;-fU$zefpxpf_-jy2q
z`pZe=LS}B}HX?|uzw9!^&d$xw#m~Xd&G$2(?eFVsJUriyOuyLqodV%kzIg>Q4*-Cf
z_KmQhzY*%dH$r##Mre882&3s6p)Y(ROqy?mq415co4yem+c!do{YE%c-w12z8=)G0
zBP_3Pgst$6P!9j1uy2GD{e?_S<dxM_HMC5mq%|cq<khrPHB7!*FTlh^MO#VfpO*m-
zzh3`#RZC7=MbSh`Tub~;-qz8@#N^KLO`IRtnK(F`S%|Uo0RGANS<cbY(b>)C+f@!W
zz#sYFOPPBBO`I&f#rOcfo_?3Hw)8MDw{-I`v2glZ?ibc~Su0y7i@$~bKK{8TcT0D7
zTW2Q|TMIERz#q83v~BBRW9jxwfuES)<!#KIEZl9(>@7|1aL2>b{qG{b<Nwl%vy+vr
z^-oRwhx1+X&Tnk3e7^SmZ_!^^-(@Xq-CZ2ad`v9e+??J1mi`Cx2i>_@TK+Be_wo0u
z-fp%YmSXH2fM3qOOSoA&Sz0@L*qV9#r<z|_Kacy5?frQEV~uA28O^_szh8C#3L`(7
z&(EA6TKkHgU-^G`;1||6**mR!*g9G|TUnU-0Dd|9t2Pfeb2E2Kb4M4zkH`Nz%JBXN
zW$^B>Wd;7*o31>_06-ch004c5;{&JwfWuux$wLDGnlJ!>g}Y;#yK4$}$4z(8$acqv
zz2i~cMee0LdBZz-ue<*Wch?S40D!PNipKd0VE~A`<N_Cf1Hc5p0#NUe7VR!vBLa}`
zQVpcLWCP|dY+&4>Ey`U0!~3u0paA~|c=KCD|8byxZ!f<^kAE@yf1<-bZT^pF^Dj{F
zC;$C7y!m&e_yg+xJIMaiUH<5jfAXC_;>+*c|DTTV^JxCb;eO-sKe+C1!RjY8|Do)k
zBEoNh`X9LZ&j|1*)c$Sk`(2Rx8L0jNga1UT-{ANU0Q+6He~8atxhxhA4y^wj-f;2#
z1vhtiqXYp3Fg7ocf`|CF_wg5aV6m`#;Au^z`FE}*c1O{_OhUu}=n^cp7G@r1R2)Cf
zcwgVq+F$2TU**`k{*vSQTkcCLb^C+dxBAGszU@7Y@NL@jpH9&Mu+ZWDs_o0?%U#kA
zU@F_1yE(f%TX~StY0#4?$*U;-_BRrc0pIsO1$>=K!F^54VZI*yrxAddxwE6o-Hp-?
z_yNA`=mzy4`M)P)kbuAYd#8`D_i6+9v1d?U=`RkK*tehN{w~A)o%7{G^20rTo9glY
z#8LS&1Ny&~!Tqlm!okJ=gM~nTwUCzYlhWT>h{c~Rg!4xWDf)*T+y9f1|8GW=_^X!x
zpi9L6S!=x9|L`l&|Bu%G#jm*k=0X4ESHEiQZ(I9OZv6kDcK;iVe%Yh?4@USu>ywL%
zjO_dD>r0DD5MOlqW#0|VyZik))O`2l|G6Fh-?u~jSO0z!#J)H7zxRsg_pROgnwdfW
zBR>AQU;iJQ^na1}A^?CxOYA*cY+T26cgYpCq9~H88QX!?MsXH3jk*$FD~XPgz3=x+
zT8fe_S=%MKq?TIlGW*cOv1=EMVagkR^{YnEq(I~Rw9ZfAxDDV^p+P5rQ5bDM+#(-E
zkrrxeps8)Rb`aP-Gjrd&T)s@pNv*}*ojY@8&dixJ=P`3Q+7wf&HKs4(nTkg>?=Hra
z8g7m0OPIgnt(E$2XgJau-`#k=;vsus7xZg`WuJ#-*R#}y`?_2#VH;<UW@>*3TfltU
z%}kwYjqeDSIPn&i+0H4M+F-tpI@_qNZN6RL+dw|uk8PazhSuaRc;#ekjQ3%OG2U#a
z?uJv^jIJk$D`Eog&3ZfJVswn_y;*O)K9-=_zDNAu=VA+a1bZ{Geiv8R*VxU-+Gyv)
zE;i4N*&D973t0gH2g%2>(;eSaqbElLJHGFL)gzNf=xKf)d$09VTmSsI15YgehW{M?
zh&=a<?d&;zvGt?>%zqxgz5D0s7s>P7&v*ZP=cPOIy#2yw?&&!GLGX!gOZhS*oz8M}
zc8FzZQ5P7K*Lb>`FU=5hi%83Kl3{2MP^3*&vUy!{0f}dDC4VD(efsho0nW~p-2$*|
zO8M!UlLZ-`Nzlr(aItWJ#jtHgu<1&EI$yY&pGl|ENlt{HsT;L?HQXtIws>AJbVH&S
zE9Gf0a5f%*LJO*(3#u7_-DnKetCe7XU3lpC)sa!R+U0z)SZ<-p9E8JyV5p3!Xmt8S
zs3)VA$k+la88jMLHBx#~;v`#=1d+~w<&;m4rcZ{;HAZCxQ-|Roj{?e5;c}g^IaOm#
znkfP)n#xb9vaM)_#Nufzl;$Gk<C4P2n#S66shmy`dpHcBs64BiqD;@^rz<xWYcNG2
zLNhccGmHd%pdBUvt23P{maDZUKvOd{S<pj(GhpjP0R>xSOo12ZDJV;!IWEi=rV)K2
zfHK323Tv5kp>#D@EC4V}3^IG000o{?E!A|$h?q<{Te?yzUjtB1je;Ap#A~u-(qyXB
zDe$uj)yvIew=7ZOOhKRtmuw7Z^NK1OoZ<J>G0?++EX^8{pj(zebAe&w{tgc}ca^0D
zP1aaeV}cXB(E?&=g%=pv;Cb5XXUgqR1XANwmD3HK=A4nqXaP7qY1I*n7X)6B1v=x<
zEKp&jxdI0x<!r^)X$S61{_FKTFb%FS)T#o{YqrgSY$_Cs`MF#%om$LQatrxdgl7R%
zQ50LY4Am#Mx4@&IKs}SwEt~csQnR^2v0iBcwG39UIm4jqrF_X<4JmB@g+Y0mV<ccV
zK|!F`7lGLk<N{22ZZ02{Y9=e`GRw*#sn(L?MVi-TUey$t&f)c*N{<tQ)g5MbX1|Gg
zBCTqMD66ojtVOc&N@b{DtuHQ?D^06ff&s`jE6OGeU?vaTg8HAUrc*caK2|YOOQt1D
zVFbYvi8u*zu-izaf+;GNsoPqVYxr`>W&5$_(I_-)>9Wk*qPL*OeNIlbmZeZjR|M5&
zI3~QfCW-za*iy~dR9e<}1B4eJt{39i;gOaVb=%UJ=xPpE9BoxmwRBTefH}ND0dv&K
z)8*m@Y^2gAV>1?Oh~A3T@-Qd?bX~4A=MwWo6EabvRhczdQB-{;vyi)9Sg0=mlhhZc
z(6p3i$$SC_<ov2CZOO8vXr{PHRgNLmy{bB`849dsL331pvu-kI7Ic6q+q_Q%P~H(3
zLDN)K<^&ov^GG@cjg>1i5g0|1byMRMznz8LbO^?zWl=CVMc0s?E6)JA@D^SKND&Pf
zEAY=W=(jvxLQ%`Z0x_jqrloSU=*id(NN>@CC9^84^E4V*3M56Y)T9(FS`<{t0D(*|
z<f=&6f$o^D<ZBTq(DT5if~%-ojliNcQ#Msw1bZW+yAaM&4qGNR&DsLT^Dqvqg&o5B
zl*{r;#@3lfvy3jBneboPM<;}g|H_35&tw??B{RWH2vjyVLkv+rmCe;_m&xm5Zu&~z
zDO#))uEP33795qG%2f-~c&7wxxcqFcUaSS>X3NZMF<<fvLd~_vB+#y+%+3_%V9lZp
z`BJ`uK*(fd$y`v`E1;De^AIa`-;fM-%guD#1(OmP*jSu9=@2~0!AscPudISTaS9@>
zxYYV}J${D%kpvQU@RgsfZt=L8V5l$75Tb2%;GB_}VOXBIB1tNxLXD)(IxU>x#<F-B
zkz_Srt9x$LNt59Pj+MYpEYH-7^{|ySZZeu+v6f6{3Qss%sCjwu9Oz0-<2Zq#L3eHT
zNuduc9#D(|dsZUvL18K|hGKynvFlUC!ZeZnVIgR;yk!|6Ol`vA0T{F_vyRvxFOGRb
zUJxgc6s(R?%}ZXzs|3%Pn?q=aUg}ekQrt0;t`_D>&iuIj8{$mcWEq*G!)nc<Wm7i=
zku`k{qj)OuR650E%=FkWGQ5lV2#vw3F=TL$Or=#_P}uD%^I(e0vaE>~>(^eqGF?5D
z9!5W?`a&Hk@p_dgSI%aEl%y<6v<P`U<-Hkv%HcXl5vGHL!*jk-#2KP0FpN&~f|edv
zO0#8zoDnkV@sZSt^f<?I>7l441(vDBSm1y*R~jBU)v}UC>&W}IBsIW;g2{uv2C1!x
z3I_r@z=fg82F)QijbVb7SwT|FEml`7mQz_UtD7eWgnRzPSnEkeI!w1&LzSYP#_PjA
zqf8>SDNT5E1Kgm$Z5Xs7DMoYGx7-NWbe6~g?PPxdXG^|44bDlmdJXGLBqxIvMR3|A
z4n`6gfM9ZG9<?U~zPSf}bqTCk5I?FQHg|r52K>q}<A%Y24<4X;DUWUYV25XsRZzQJ
zsD^|LtHPX0U=T#{2I->HmaQ5JK-r+_(&H017LgE)$RhAr4IP%)SbE6sGm%B^kqePJ
zTMkOP42DT|VJ79IK)VdP_(oLTmgve<s1qYV2ub1)_eM8OQk==FqRrcQ%VucgdZZlO
zc?GEeL)D#4ofL<pWmzvw5o79llw~bj)^yI)e5%jpLGe}cO>Wo;S0tNK7L+@vxgw|$
z@($+40*DVJW2fq~4uw!^u2Q~6Qdr(1rHhshNmW4EmKTEQtoay_DSzEDA4nQhfBrf}
zM0|FtSe~M?b)TKlZel>#*rq7RyrO^`T7+31MfTw=(BT?#5%GwIn%Aw!NxCXYJUvy&
zF2Yc9CFG{Gs5=~~3v8=Nf^I6{NI~71e5m$RVXlDO9l!pfU(=#>QM4pYu~1EqfT&&#
zY!{&aHT>;tn$%0_@mXI77_=(!yllfnLv2KFR53SQD_jL@tX#)vv9ARtNv;;;aKSRb
z4B#CG86`eIsa`B%FCc1bOB~NhJb2q7@G3GO0v^4~8_*Z9hw<-Jt^(F)4X42=DdkD3
zys((7xaq|kI1wNlc?YL!hQNU1QLd0&hp9*+yHF-*3JV@UkSXC6AhL^PAY%A!guH@D
zU05s<{9){lDFG?4tvo!{uh-pv1H%Q;R_jx>N^Y9G1Qr6~)>;`dU1E-jU<!fi5om)S
zi4b~B6ct$&6c)--k+PJ?2%2Qu3XSZ*DEBfn&zdH0fh}Po7Gv`uBZ+l)lFV7tb{J#J
z0%$i5@6%jH%n4*JRHAzzU<fL@A*i74vF@2F)T*xG*wS=_8mg(OqG@UL*%I>0=1Ndu
z#^IV~c%C+F1B5p$*N}oD9!+#NO4Kb;k_^-7IMM;td~r5Cj;yw5=LK42Y}=Muo%Ss&
z*S?H8>#PLEoMh=TqtRS>VF7JInYjgLYl1T|kB_?aJQ1y{iV{+rVxVJqwc{PB7JHZy
ztyz|0N(@X!WiAIa%8`vPgw1M;3@k5>lfa_GyY?E$cZ`xRRBMIOT;1{Nao-~~P0*62
z!D}F?%reNB3Yds_XA_(BId?TzDCVY$`6lsbbDA#jqKlH*23m_&HAWEy-3pBr?U9~^
z_3DiItTX6Tt3iWRBxz_rLe^VYWam>u<8AF_PNrqhnT#a(wI{Fz;Z0P|ohGLpzb+W)
zl5T=R0mitTE0jnjZ?^_@e)@8L`bs(l<_XzT3VKqC#ArMVt!&MYLe}Yqjudc=V(=F2
zYzmT9crs$Y=(cY0s%FrHEO>O~D-j?|l0}6D|1MLQ16mL}DB6}q8;rrT3}^}#ZL^?7
zMht_nf-p^)QCMCk(ubKv+dxs_lg(92!&uE@(dxa0Hac)_DSy3&tSINTdZn;PUMpZ#
zA=Q?{els}V*I|I+y#gnX=n0&}KEB&;ClA{pIOPa>oOXP^EO;f^>8WYo=X5hXzY}Ma
zOIOjR1MWA<K$-%*Y&+uN<ao-9c<7@jN~S5QN1&+p9;2xB8b!Skk5L~Tj!|Rx#HfqM
zW7N;|7<K#c81>@QG3w{f#i*CQ6Qf>uJ4StQyaR<x;Ha)193j*TpB@}jgFgF1ziw`i
z^NT(mp^{$b>2%(D18*H(PB)IUisSg8&Olq;PFXLMpub(|#ecbyaB@irD(i+P0e$Ml
zEueb)aogQqFZN@o-ay-K?@-Hq&c`n~fInUEK~&h^^x20$emm~S4sGMp<51Y8TZc1t
zk{`q02jPRpg#MP2z;=d4(GeMuPq}Vy^e#nXcpm*v`;CbW&wID)Y_vZg-mx*Wi3`)#
z*xBnt>Gu0)dwyiSwGFyGIoRHo4fz>32j8BX`x|_2zQwSaJw9OHqDS!=JB#1Gd$Wzx
z`|Wu`+dA#vR&3H91qXa)T(|8+DQqWB>r;zp*iuB>?!q5_ZQR>W?}Xt~iwN1#mgG*u
zNVXPQ_<7h#yRehp9X{=RgXT^hTkU3JXs7$;yWUjV#o6m8up{*e9QEzw=;f0*J>KnR
z+W+4Z$~(1<xQjEUT^y?J@_cG%F$#MTg7Qi3!tVIk?M{U<Zt-Az(;%HK1VwIbhk8qg
z@Sk3E<rX*0+e9es>|C{NpuzU`=|2w;jq1m(o?L7aM!K^j@a>(8?DDwb6N_|h8~)Wg
z<Z!b%kUJQ;w|Nld&LVqve~J~14gNe<Vv9jTdl^K%wLcVW{!_dy2VZX~;wk*+ksHK6
zwTdGP1evr7^KKXM84Rb|Vmx@;zdvj`pxvwJ@!yR5%)Ef|9YhrFC=R{(g2rt|rU$Q?
zi^kvW&1rmhxtc{tjsX#lw>wQA9vV7<?us2AJ~8Cq0o8@?fI8BN?kghyj?I9UuU*Z%
zcPf1s-B=TgT-wy#Pet#FdJf&36>D)<R1E}uAn!qRO>GB7O}Lj%!E?0V{sX5yG5Fud
zTmqO<0FLf&Zf^>n>j3l59sV6t8@1Pg#@QKe4+wFb7ewZ)KA|h@!}r(gg_&c;!qoj+
z%08DF$&QY+D1a}{n22P8`(QGLkb!LBJi5*6;gDGKbA3KKiiRaQcVp4q!xzCPn5*O#
zj*1{Ks~4wl%v~##E?zD#<S#Na3rHk@@~D+77xCT07lA!51~}vtbyq)iKZU~y&}CZW
z`^(`gwa|wALg5K;UygF1UI9;qqE`6iFP7f!w{N3<^!;!m+0)>Y_ZI&CHjuNSC*wC0
zH|_Y+YXfTs@Le|UZO9KgGt%MQZ<oNg_+-vbHfqWKzE``>HJ(h~+xP01NV}QFZT!3R
zTH>p>>kmBNyYzZ&X+8GMpVkKZUcDQ@&NPG7{;BWfzP^{cvX>tJy;~R7;AeF8!rB17
zy#)2*h?n}Rm*TvX%R%IRu!HzU>|WeQ|1Plw=PofCZ9N?u8bX{ya)N6G<#xut+jPrY
zaGi8unCF^d0z8dx>5Dz+w5ZSr{)D80H<@)(N1Z#{e#>hE<pg;?j@#*{{Mw!PPQf6q
zeHdoSftG%7>>VHahzEmO1_fHgwogl3T}`<5;kF0S?RAmMQ)ki3iLsEZtQD)n*r0Hv
z*k&>;m2z*bK{D)KEW>`)Ls1ttkYRrT&p&o<F2ioZ^Gtkm8HO%iIe@M&-?zC8`)z>v
z{eA6a*q5Q;B*2{S@-L^~sJ%Z0n3uZRxA%Q?xjevR_ix_60>IqZ-@ZMxo|nQm=5N^E
zw*c<jo3w{+SbPy+)P#StA8xOL?hEwcz5ve)iO78P57Djg{s7?qHqjn0x@+^NiLH$T
zUD^L{iOt9H-vIN+2ilM0FuGp<z}Cj`9>B%B+v6=EDFrZ3c5klp{v2TbYLoUPcwPmV
zeFy!U5;tn^ivaWB!S?O_4?Lp)lkD;TXQ_?a`&WQ@r{`1A$;`}E##VNvuA8iDte+J}
zKeId1&mrlza}8}fIx)W15mLe35xGZH@Y36fvyCf5ljr6sT<_*Ya-i|%t^d4tU7%v?
zLX27$I^c<St_%BOEA_6%-z^`8@?Z8ZpN=iviZ$MZuUo%NEFWHGVk<(oJ%7YO-}8QF
zV&z9j5B@d6^zQd+_pJ-Rdvv9Ge&wkLoUEm<{O>D>=l<&e6j84{0Lk_EAhpg9#u7`b
zG4xCIy?h8axEfp52V;Kj7h+ECL@@VIM@!gFl8Xuk22p;T6azB&vFEAhfAY+K#OLqM
zEE}Cp|NFs$0K;Of$0K6KS-}H%z4v2%_cvbZO)vHDUh1w`(7r&@ooMR=0s8_bpuwGL
zWMniA&pZ|HyvZjMeLrLeU+0rp1=XK;=Ba(LdhOZO$#XCPD?eHd(DX|U^`Vve1CyE4
zWZGA*CveeC&W0hp`@KeIGV%Uf0I~9o^G==T&&v0$F8#}arPYH=PbT~2>~f}i_9oYJ
z>8S)l`KymU{uoTUI3D~fAHo|>sZjSGZz$jQE{pB%cmG$X{nYI1bk6`ay1M4-ir~K^
z&S=N}484uM2E!c6Og63!fkoMEuXpvYi!o~c*gBu=?}V?zF+84zHPJXdbOv8Ve2(Ot
zo0z9o#4fwR4$Tj(=*dB6=#95lw2oUJCYH?($Q^qAA5K5><BnS&B+e~Qb}ozY<xBg>
z%&v81=BfF+o!0c^^`+P7OBY7paOQn%E$&z>UDQL~jGscw59fUizLPlb9DIKTr~VMW
z@5iZcc^2ij9jkYMY89#Csf|OP00aghBuX4bgzR+**%LJq9YPNJgiJOhIny|wK;+B>
zXa#f_I6Y6DTkq;a)Wv!8v6acLGxJFx`$Kld8T3QXuGa6q^vb(1+ZTW&Nsk(XYmJ{Q
zi~E*VI~s2;i=9iWaab%sWLWY*!eukQJlWwA@)6*;03inhguKtWHo6Osk&qAF8a#$m
zvPa0AN3@Lz=?5WsMC|tdYcU`Q@hln_lZi>(lh-*kdBB`pPY3$$1^)hco+3kU`~sN!
z+4rC9on87yFIB%id$Zbm>B8C{eFT>M$F<*?bP1GrcD2^u;N*t<Q0BCohkzUF0KVT@
z%>#I7X`Dg}=4&{0$@xEx20WcjbR03>9>M*E6_?0NA}^@lb~v+^Jc|3)c&j!ryY%!R
zRXgM_;-!O$rGx!$@8a1@jkOCu?!lc9JcfP5Ln?WuKe5Pof>ci?Mpu_U95~na++QMk
zzl;oD>f_`J@vbf=doY3v*)`O^6?@{0t6UP0^(2Uv{lKgLSKajoM^WAJ-Mh=>k{r3i
zTta}L0XC8r!Gu!@Vrvix5dvHik|=3%b^<b<6<TxWk1+x15(U->b~=t$WoqqIEwyTG
zqqf>!2qs!^I^(FN^%stIh$GBst&pmazVG+_*u8zXxkLYIX0myC``Pb%@B7}qAD_>@
z-4*1fkI!i1c_B@y3&SL^9s?ie@c&m@QQr~&Q2UmKj}alrU!>8J;yTUOWL~pZndrx>
zdfAW5>-JzE2j(AFVKanx7`I_aV=ad^$aNT6OO8z#YG=1)2;UkW#?bX5E<uis82T|e
zMlb|j<7x~Ih$?^{y8%->NRF)-dYK$sFa&SRUMt3sW(>jGxYuCl2sy4|Yb!dVqBA|(
z=2w1$HR^A&SflRBVvU;5EPnO+(+lZ!QCQnq)~N8!4Yu6-hHF$9L!k+OcVt7QydKWM
zv=lZ}nQ1Ak(@A}g{Y8#zW~X(mH9z=9a`jP$DKXwVVxnsWhUcf%F)g2zR<4v*9%A^2
z`s%#A5)&O0m~yOT({jFKIZv`&fS6yheEcKv{YOo7pTO`^JRo`X87U^2T2jjj2)}Tk
z7PGTc)SqrLKOXn0Wo1U=zL4r`lIrBcNm5A*q>>gQh7YFKpWgSbiLO*R#_q#_WVukX
z98B?H<%czgO!TEH$8aAus80TwjCLlov+utXxxw^LhiYO{%YKfO!=RMIBE)QFcS-<~
zKyAO|t-$9d`VN(2cn#jK+Us<`6!WZOU4*3k6iN9hM$8IUvukD@c*H~xsT_lR6X*Za
zrd1-PRV<}71u>s8FT6SDj#d->rphs3S!-BR4W9^kkzM7*7&!lwh=HGvQp!#+_+60)
ztykf9B#e}+zLb2J@3P0tcG)a1QrIlQv~#f?Q(Z+r_-4s-HT!Odh*_|J-I?eOjDf4(
z7BN<@mP%fof?iz--?y_)X8GGR?Xr_qZ?P(QLKC9`OUlbQQw5fE$mj+Xd(+OQ9VNvS
zG2N=_pWQoBqhK&`<8|>{qg`9JTz}n0rPdk+kE5{@parEoFMs34A6Ya#A-mf}(X4l=
zq?2J~InydAT7~p9s$d!o*WvY6wtpQJ$+Xg_H4>SQ?wfApVwK=|7pCWVFS(e%F&uc_
zX-Y@eFP6PQy5=qio_9Zt_nyo=?@sdjw{$$OjkkkQqb*1JUP-OQ-;&=hg4>Y=AAC2#
z?90FhA0xky5zHR1Ip1=!_XNSbn1K&|8kR!@b4zY!d-vv2ZgwJj(4#&@FhjYS`NF>w
z%&`piPQeV9U`8|W!O%n1WXYpO2=1D^%;ks?OmAN1a@<2O4`;9!CMWh2%)9wE9^Y0D
z7%R1c?8;F?aP=AZR#>++5zKo9ras|Rj-{kgH~S~HHwH5gf@zs#Ugu=*bArh!oY-D1
z@L>eAHek+c)A<GFG>-?e^UI$I?oi<Wi8r=BUx2i6JtNDOe0|!Ob*5jRH7=ynXjJ%N
zF%DX;x%P&2xeEMV;rRFgAFdiEnY?DoES>h2oY$n>GSZe7DmXBZIA1?gzH6E0A6cd$
z`L)#_?R@SOXB+!Y#&h~t&-vIDe#KZ?A9yxW*@(;wTm28u*|jth81T;z3@n?k4!-Zx
zhu!+Yp!?-Tan0WgmcHVa!msUGr}_J@RKm%=SGG>u{S&-TE}Osi(ok;v+j`Qqc(CU`
z27%}YRQ(GNfO}q#l3e*uQX<q(X<*_H|L%Jf>YZS;b7ylt#<wvygp~VON8(l95Fy@)
zQ`h)|ym99$!ZEF}^5Nx*%TBdZ{?5wvlGK1eKk4?xryJc7eb{Fb>Fod8uKF0+;8;1m
zd?}@ij4^^(RS)&3-&(1}1IBF;eZ*&c!mb`(zCzjEoF7{mQ+Br0$4Z8mU#T<?FL&2j
zsPG}E<>^?^YeeW*3jOkONQ^Fwd%=QE#e&8>NJz#?ICT^pa<i`8iw(&%P-Gji%hAC0
z<9^~kPIm6leB?i)wce<!X*N2m0t2huEk?}O78tnA)q+V49`m)5rd8_xFR8{d7~UzN
zw!B;)Iinx+FCKdyY9{U>bsBUJE+Tc@J0seGZKmD03lm^0=Jtb-_E1diC-x%lLyaxG
z5c*hEqVV<}E#yw*l0U_2d@{1pr7?xyHU9o}TBwPVkcO8SE+e)opqC;waq7tQWK=);
zrJf9Rv|qcc&L2J;PFmB1G2;Ss(mXc5_abdqiSD|E9Oq$Z4`Zf7xE7y}p+RyyA4A6l
z&S96E7<Y9H&B2<hpf%@9TXT6?)LfX=TxCklX)a(Dqg5@f#?9-Dx+<f-Tp#p?Pb^wn
z(>tTntN_hg0bpV%Vif@Ds$vRpZEX`!`8;oB`j{5zyN{CIejvShEj*{ONODb;v0!m^
z;v9X{qYrxY10H?M(|x=z8Se-TEC>uto%>m0xjqWI7U>O0be)KvZ;ifCL{G6smtyqf
zx&MwA_MLnVI?`>q`pe^_6HAh_IWGdcPD)or3e;)5)X^S3Ou18QLCspfT-00x;}N~c
zNz(eiR@C}7a$JNVU@>fUZR5&eUa}iQ)3Bav7*~FT^RwGX@6sHfVIgU65F9fQ=pm(j
z$Z|4r$_>pqUL~3eM+eE-1>)8hv0$Ts*sz^}=pdYLN6la=7NUsp)FJE#mSPANtyf^E
zPPD`|q9uM$^eY=g+)W~GYf6jl7j2c&GD`#vkIy9e_2hW?gg#bu?MNLN^8$B1hWz;L
z*bK+DK1z_kOB>{9---4>AH*5M7!&O@MmvW3x2|hrcmF6b`6m(^jR5pqSNIzvrmm3i
zMxi+jMf)F9NDINRafXX3Wn^qBZER{4k2?7&+L8{*bXla88#G2Kz?mJ-;Xf+*b-BsG
zGgFY!-(n=VSE*)W6@5%<iI6}W1qn_GZ-X_Ykn#{CtwXo~tH96;jJ^&b&D|_$?j}KV
zuN5@+Y7D(C$nv9%;P#5iC?$L8@Ny-aW&}Z~C?&PlO$GyRU|@|J7-;qAN4Jq7VXJ%a
zsLwqJ5?M^qlcyub($dz!W1fin3;F;XMZ1mBz(8G2OG_&@%jR7Tnnq><mE^h$$QS~x
zPGSBH>EqS$Nn}7oX|x?W#TKCw`Sl)6Q+n|<2uOH3{2Hh_qz@S1TC^MQzDpatzId6Q
zbT1z1`HapxdftL-PI8mR53~@)>LcF16FXPsllhQ;A)5~wkqZLP)>bw)GdYG#hDaNz
zgc;CjeJuEVkdJO<5%-z?yQad-tF6&&KOM#pr1BBw1)34o57cHSdK)O^c8t4I)aX-U
zPV=@oyHWYvXD$g{gQ3e*-d6Yv7s@L(l;gV=#1g=RQ}r^e#r5Anz}TOKfU#4?SQZ=Z
z6jC^r>$}{<d8{IbSeAIq59nGJH&now$#QmL&*5H^JewsjnF-AtiF)%$geDayj<I~~
z{pXZ?6Md1uaJqS=M5C{Flp=Da)V)&bRIYfMrT)N<w*4l0v%v7ww@dQC-Hxf}NvZp!
z)TyLV#L9B-$mwDe{WF2FllTRa<$TF96(>%y67GDs;g2TzcLKx9bx11L2U5%@jzS2P
zD@wU2(~~GR7f+`Z6GP+XsrDMIO`($Ek@xP6aR;v!N@e#;We=oy^}#=T@=SEQ$}x7Y
z1|`b@$ugBR!c4TAS1@DTL??u#!M(cMQ5vBlM~I#M{gdYwnI3yUH8H7WFOqUNS;`@m
zEBaa6YX8@7yG`_n$}v2LA4nwr=TeNv<<!E9rTm1X{7^|_jQO|s?oXdF(KB2e!>NCe
ztY2bR(NXe3Ngjak9|VTW6~9ioYKi@-FsDaN%xX!lSZ}`yKLownnihU5e4aI?dLjEr
zbP1Ots-f5VP{de0HbwGSiR3XVSHL|1J;)`M+hZnri;H7;p6_xwwXvyahd)StIyrZV
zrH#2vj0^Vfbln8IPEzi{t{>j&Q18>EQj}sT{tAN1rWAE!lMoFOxK&Etk78TLSws~3
zHWz8v3UKo_?ZqnHSfv^X%kt;6ikwh@5nCJ62{2iI<L&G;7`qT*x-{M5$We~T<}FBR
zoYf79ZSLCWxSJ~rDaHAlcIL&_Eto0q=A3YsTG~BnsrzBi@&#J?KthVGM_DL3;Y(_&
ztAwKSb5wMmyqc_iUFj7a=w?GxGb=hfU_hOoS<!);v446RhB*!Hp>()Zm~x!t`w4=(
z|6FsRu2pK2c6%^Meu7{ooo7xv2(C8W&VoLI*>hfICFy>GdHlSInRl3oJwq@TmD`y2
zbjlRL>?@zx-UujD1hZx4#7Yf3_wtvScK_9;W%7&3Ou1s##OXc)Lma`pHp`q0r%U&0
znEK4lF5OK8ck}Ft(*<f_JHfm&JM+$r*_xt+wG2Bw;F&-zyB!Ff1h+YZJz)E8A((wy
zW@YaMf;pVQ9z6H;Cc#82GAm-;1fy3>Wbc2N6jVIvF93i;OVnL^coWsOpJ^VXH6;N8
zR0SLk0Sav)eeo*ww9?k{PLnnPq4Xl9V8Iq4p{S*Rp@npaC@KfP5B>1Ly};3{SFn^L
zYN0^EPel+F1(D;CbJ5BXgacK$<gT^%%udorGG6Z=_m+>zn!SIsX3yGtul<;{*3kV+
zA7B~>M{dst0dq0}KWv_72P>1`Ex_rAMCR9Lh%$bo0GAhmA6kQ00rTUK$n_C36s8D6
z!}Bvkh8ZyV@sT|}mH=jTe0YAiVN(y7gYl8;_jADfJp#Y4aKQtZ4~9kVAI9O3H#|JQ
zOYna<VEQIR=2r}uhZDl{L-W=uz?c&w%Wn!`W+#T{_Xh4-0;YFTc>RaVulY&J-efKV
zoF^&#eV@gC1ek#%!oOL@`z{!v?7nWm)s6^%-#(DB5ir|FMjk)>fH7FY^E-!=X~5jD
z1j^eLKMyQno=FbR?@nmIF94<?HDLAC6~C>p-gqr7JU?7iGyvw~w8;AEG+-`9;D<h^
zKLaKyJu<)1fVn?CJU^Tt6r?NDSF-@ONC7{$LVl|Nw=n`g+;VwdA-`7vw<iKWbP;$D
zFxpW8Yv8W<jR8#lsPO!77`Fk&Jt}g2tOCr&QIS12p9joeM$_}bUGz)TJBeeJ%{wg$
zaM*9M6yR{`JWT-(+x-FsIP71m6yA5ULfjh)aJZp#R3Yw5g}5IS;BZ^urUD$Xj2IUg
zhx#*40S?ENfeLU~Z^OnZ)A!kcD;O8Kzs&;7E92VDvpeDU4PbtXzz<&u`~sM98Ik!d
z2TWZ?cz*b@;wiwKSHQ2|c<6KE!}Gfc8KVF*;9h!uZx{U+x2Wo~l=a_j3UIh3_@)9J
z_P4_daM+&DD!}2o^OC~n_(dTuIy*8B$C*17;K({kAud$`4xe{|0vzh0=?ZYD4;CuG
zp?-c$0S@Qi>lNToAJk_n>*t#Q_i}dlc3%Y<uK{Mz1bRM<>)HeV-5h1ldr|=oUvHdO
zfI~T7Qi$^_z~QTo9=VZm#8X`X4xb}c0S@aeD_2>)<pXX;ZuolJ2mc=g%-wn6Eh$kS
zxbu|Vw+_xW=Y_xTCdk+Zn3ViLzv{|@b638y`|bzahxy^}`#Jsx%xe=P&;QN=<{uNo
z^TTOc8(>CGio8Cb3Yg+a;rUhKya_O$Pl~+0ybYM{lf(1FmxpnH(M<`=E4myn0aG_6
zJii5y@f2WgOpUyr&YT9%JS{xGe@Bx7z-XpNmfs-2q)rdd?+RpO0%k-(WcfJ&Q&te3
zpC9)@08?pe$FCC$>_6F*wbMTX?j2kB`=amAVZc0Lk6dq;?UJocxP2cSGXXQAF!DNO
z3}EsLBe#27A%=N~TyOsdn7tAB&4z*N0ATt%gY;%6a>jB0j8oY-eL(>Z^~)8fvU*d^
zfO5?U{~T!E(jPD%&1kou(^({+nXrzZ8Nt#WWeu3BnUUrE9ALK3{QqRZ&VmMpCWpiW
z49%h;1Utfmg8+8IED%XBG_zx*z)mifA`XV;goN!2&1x6>u-yZYxQC%>a=gFL)R2gR
z9p%;;BN~v9_yXiez5tp3V_$&Z=LbMv3JUBMBYmwIIJZ2(Z?dep6&1~0X<pZK>YDSQ
zB~}|fye_})Ml8>3G@K<ZImKeps*2Pxy@rvJ3Gf`{^XIvQoXXM#j|xFwvk<b~u7#EO
z{?;;}Z>(h${2QH|oR*fF@<89%)YN24N~&~fNlflzF;T9uAzYJtT8x;k>J^=wGJ1ps
z{v}&x2N#OhaH`3iB|j>gJCR{2*~#CRS@-bL_p&Mq4oqC-bib4|>cW9cgK*c0K@b1x
zI(hG)H<#SnR(|fs?DcDJ7xrE>_i&#F8=uL(GCk8j;@v0}&++XZShZ#i7n6Ih*z~|Z
z5C7-H%KAUQXQ}C>S#|QoUTL45ntW>S$=yBsTzlY+w;$QR`=6UP54v{EZ7zM@QhDG9
z(~1wiugx1j;7=!}ul}M>bcJfRX4i4IvF~5*+_UM|gbT;E#|lj&eTR=foilH8itQa&
z<E}pUe71AbxsA{Ld}CSK&>`9D->$yw-}>p%{y)OR4ejpWKh#fV6wm!{JuC2e`q4v|
zo=o5I#n}fN+V1I7WPeZNne>zOo7Z<9i>?{ht@qLY>hn(1cUw;6KL0Q7#ijGTEd$bD
z{>Y>mGq(3#jRwtTo{t*HU2Oeg$2X^++BJUQtLo(PPY0eJyk&Z0{4)vrzAxGL%KWO8
z0J(6zvekMhgKxfXr8V`j=(D;D%dfusgW<xJPcui(`?fI~AYUJU>-(*bxt~70>d@D@
zbF57n*<TIZ^0%LF-Z$)xgB9YkB7ig(mw)!wx?a;VdaQVHcj8|UFHK*tYhvM-6`!7(
zp0xj^(a7b{Lppm#%ASTrcW=FV<?3CNHv5+h7Vdgse&hCyTU)A1gO&JqQF0)ki&1o{
zuVqSlWV(hJ2#z!w7aC2W15vtQT;D!TW90I=c4=xOzMBqBi<1UREeV(tE!pzPHq41E
z*TQnsSZ)@}&5@>fTC$NtsY0pzS`q?-rp;zlXw;}ba9u@>qA_Y5&T>n+6rrcu94B7J
za2;OljZZv>bUSgjRpzaUcO?+h|8kC6@0Y72W9V3#T0m2Inp*33_4b)?`o!5J&cMr?
zmsoBLKGm0qN9G*VkwVj;F!9W|$Re#%wdCy<wUfVBdJru!81Kal#%XRK+{_Y21)D8K
zNd`be$wL>Ah$uzQRR7q=<9rk1-o1R=@Ap=l^{$Lom2V>F@kg!f?rG9tu*xx<`!bxn
z2QFl`!{|2z@@0Z9K_7sb7}O-rmt)pj(RoC2a6)@=eeET87Mh|94zKGbjjH9%xfuuY
z7938i%rbuU1T~*<87=Ow*BBhC78cV-FJ7F3{!8s|h&$QoL=d=lmcq#qc#@f8frXQU
z8jU0r+H8&@)K2DNvX5OsKD01SkUp~@(61~Am1P2nZ7j?!EuCK~Bni~Sg{0HLCJ7^g
z2y~QoFD2iV5zt5nKZO^=j0}jSFQ+5DghoCpz_2h5r}(J;J*<G#CeQeFoD1WHdD_&~
zKf|G>*TNu+Z8bKTnaxGwVi0uNI)|^&Y_!RKJo?%u_Y}K0z%Kcgw4q79-_@6SJ<KW=
zTS{6;zXv98YXK_EnD7B{C+mT+PYYC^v9LJ$S;Zv)!`=Ts5)lt)BEFvqb_OTMg;~Ia
zxLJBf6h@pAvVXrsUttpMW|Ut`5w8cem{nNY<Vr=^dVbMV4VQudiCKE+ZDN*@98GxS
z2&pDV9UN1e;LxSFL0?V|Uz5YE`ST^~eJ!!`&!_r_qfv^ep2}l-Dwk>9+3nm6bArll
zgtGU*vOhI8Kh6~`W{rn>y+%sbnTMj4T$*~Uk-Q2wx{RJClji`RiRslpr8YJD)Lx&O
zIC&74rvao8JsCBSQL^nt@L!SSn4ot!7v3T&PF9qHcp197(dw<qFKfwDYb3>>^G>sf
zRy5d;_d3!*s@`dFEn2K6Z{8T6GtTSCslQ*nJ}+7{c#iSV%Dmk@tBjnxySK{dtukTz
zhQwykY4SR<#QRO&CF6sVW0`6j!tDBG6Au*;iiQhV;-fqrpv2Ilz$oUcMPq?2^?IPU
zkQia^DB#_URXdllOJFkAFiWRy+`fK(zu)&nD*`?M9l4t0-7%hvywAkfo?LmQS+>0h
z{wt$bn#h$`f6JANs6P{Sb)&=SD~`2`ZQ>QVD|`Grx&^xK@c31}C(+>4t@S;L9&%z2
zuTh++_QK<CzJ}l?o!40ZBwFD@Z#NaK&sW<#O&ZqAffFbkf0Qq81+b{YSY_h!e&}#v
zXmDt7L@cmb#XOze>HkFbLyIe!Q#`A=2UDuEm{P^Q^9YmUR_1nKBwcig)SBV~;oeM8
zH-g<EUJ<ADTm7h-bBe#ZdKwxEyZH?b6Ez736Apl!TD69T0yq&**PdC~w`5M^uTpR~
z6N}Im*Gzon#O4ESy7hH8=zx-FcZwgcf3b}XTMl@r`!x8}ZEBzX9#Eh9rKYfcbYl~4
zbmm8g$({JoVR9#abTFuO=0`^!1KJ-^#U(-E=HiI!SQY7&xY@LVxqmGoR6kx$lkI7=
zq_t9m-{qVfHO@%fzr;MFQ>-zmZptGqdSW?D_5#%>HgBF$b_Vj+n4k>JIRB_2yoa+|
zm91=OT~f#Rm6BT|x+w<SBGINpTx-UPFA`rfV;~`?_zP4`zXH3X$O;usM}KIF{fca$
zK=NssoOXxjun}<iMbx<mn4Bl&O7pZCYi4<xemVdZ)P${Ght+1YJK*a0a--GLVw72$
z$(RPoz|LD}&hkz%kB6i&aKZQ@8(caCQskB&?^$ft@$R?84Wzgw#mr3;ABlJ`R<TK`
zmdGK8Nu-FStz*>Nj5^K**UwjyUR7~}NH6e6lG_?0xh?dew@H%Q!6YYiAvtT1<V=8@
z5|G??vgAxP6+UZg<3}HU_~DIj5Bvbln+Lh*e5GcN%+o-KQ_P9wrUFlkNp2hQa0e8k
z8HETHf`WvkF;IdWNFEPYWEB-aY9XY|2o>fo5azZ}VQ%dx%$QDuNz*nl>L{bW4H4!g
zX$mU~b3NCkU-epZ96ITuG?BoT;}8#sKR=I(1afhY;>1nQUwNm`G{CC*vdFi=Ebt_3
ztR(6UX0+jjKGe@yP=u0_`{x{Vfh(R>bC2&;VtiO%sMe)CtJcBQqTamTgaKJITB<L0
z>VX{)hD~Y>Chj5WQB2&+A&>jIgivwAjIygIKJMC(wzFD36Jt?vh`n{hrE{x!gVdU^
zTRNN|0b|)qxGf3wYJ$g%E5l~x+l^I5{O5hu=Kfc=`*t@4C1jRcu5KsgC)4`!sqf>|
zuRuI5e&+R@XR4J}Jaw?2#U6NVXzk;Y<~dG|qWK(~fKV!vQOnrSvQc_y8mN{EhMMII
zl3BiN!Zwhoz|llZo4OPe)H})<2OP3?14*c<)PT~7u{uiW%fwg`DW?oYC5xi>)$QVC
zyL>hl&i0dji+!nls&$_wNE*+|9*SMb0tfsT*u?q;);lQmM@B7Y67Vt!ESmqQz&^dj
zjOnNZa+n7hN&tNr0}>d+({_;$zqMzuWgrC$kp1QvK=}5UvER88#Lva%gil3(y>7ie
z3fl78WA1BWv(L)c>*(2ygoD04>ZA18r7tLmQ%zzKOtF0E!z;&Z6&zG6`JN@>w|S08
z+B(-HPBmH!ARQYiT`T(5nsEZ*kX5v$_KYh5dL`Z`;fhl{;W=V**u>|s)xD3^6OcHF
zy0!a0+(nQc0xD+%dAgAHh~fyU1MGG?h(sUfXe3}0R|m&`Web_@%m?^YwpM(FP=9Cj
za!1H;jOK;YNtcZ$ZSiGN6NZMY7@W(2{BC*Lk{yP1YlzP-@#&NnC=0Lg($kbfuf6P)
z{h&=ChG_Xj4b#=)<{&8F9(t}FRHv4q#vr7TWP&0qZtl3!Q7Qf7$uSB|4H{Uhew(#w
z+J{lg@8)Fh>$jNBAIUZ@Xl@0|UCnYusdv-Zxo;BAsA%>O3hU%Q2(?3ck*8%QnRIuH
zhNpgAns_b_OgtCXJ7Vlb(z?k>Ha%eV^hoIH>5{1RoHu%E%$ywG1*dTC(T0XxmE^CS
zXEroURTcO)W2tQ7W^9|jCsBb)p$MR5%7I~U&!zT^SYvke_EejzId|{Y!M;SVFA>Yf
zwQiz`F#XNdSbfu01pJ&aMb%b&#;qGW+g$CAZjGbR9#-FG>^@FgFw)Ra%&Xe$(EDac
zEbOYAFbB$!VD-6CFovmau5EG&hKAF2oJdJ?L%Zr5xXjGr0^=4<b*<l}5%c0(RbpNu
z+kx@a2%I~%TrZz{^8_f9o^y>A9Rd-vjXCn`YyIL8S8wE8ka`AG=L|`9@vSxzSOk*B
zw2l+=1gey+1wmK3`Vt7aZj2O^0I$TICbJcpiAUbyWj)}{OT@xegTPC?75$25xq6Ay
z%<|)?Tk_1(G-n~3Z7&X*ZTDfT;RHrmSz}x(DOMAS9!hg}vuVuNjJnP!j6p=Hdl;3(
zs61X?Ejf7k9*cMykp>1qo+=L$w}Gck*u-t;Y4mX|_d3fx!g9|u>K5bNBPv)qp>6Tq
zq+@g^E%F_@P*(57n9!_lThx2WenE7|YA&vwl4xS<481rZzs$2Do^uU%81^okLSjF6
z!L+1hf|cw*&1(Kb2>T4S=%${9huIq5(=_9tI%Ee|_C5T7Vd}GDy1*P~7{mKn-6hZ+
z?LemjH)~T>4V9u|G~)6fu4s&se$~=1Pk&RJ;NY9sL4E2a6-0M$za|v!lAUE++h^D|
z(pOAr<+m%-mw`>8{6f*%KGudylZ2Z<Py!<t93Oj7J2rn~Y^X=LVJ&*Bk{&{IpIbwI
z0v)^Btm`Dl&_MTmVNp?47&>kdRBI0X$)rD{=+8*{6Hk8z(x1ENPcQnTr$5rY0=u2G
zJWT?<y)`Hpiy<^?W^*T15cZFcijn?QYK^v=4hRfG%nc(e>HfH0Bh(<a<B9W(K_m^W
z4g_AFuF_mI;ONiG+kE{9RgBKEyd1!#520{RrzfFMlXNE(I@-n%3I{zcp>RzZMJU{^
zzD-&PPK<vg6b^*f3564ptAyGq+1Y5xAV^EKTUsvBz$HHt>L7}mP#?40FVJq7>JK>H
zP40^;$i9R^5%(e#axf4I?{o*DaEGZIq1uRJFjBW9n-v;V<0hd{58faYu93bc)Zk??
zbca}oFREBnQCU?njFUe=E5s*{8pchaFK{QrY&Um>v_(uag5JB*uMR_c`Y_H;-|*(6
z8>o;|S%L7hP`Hiy&O%0NR~adx8S%-<?KsD$u(C-BfS?rPVj0G<PbLc_+&>}gE?_w>
zT6*v#LHb0oAg9X)__Cpo+!F#lSm0b47{M(>Bm9QWf^)TzB-+UU)&z#K29m@Y$XJ$p
zA8R1NYD)h0)CfMfbXlA$4NF%LrdayUiiLYu>7-bF*^LEOtRbveDJ(Z5q*&SQij@{p
zEF<Tdfcu5`!UJC<;foi&%^I$hah;VCmslCRTq0VIk*t*Itd!X-cTz|xtz2l;jw7YS
zZ8}};b;DXOoQAybS#ulXD6Q<j<_PL~Ix7kW=;na_r(bxeG2J-l=#b~RecQ0{AJ}u(
z;&|e#L;d4v>uFf`B~jqD?K!Hy|F}cS{thX-I;3prkW$w^rL`*bbYbY}%+S+Gp{E(4
zr-`Ab{X<W?hYBLnpn?suM`#vsLGg+H-!`&@|HGZrCy0*h#k4dolUDI^JF4O3Z2+2!
zubUp{<yk0AtHx~rl7>sj<%FtZxzE6HDM{PH(r^)5LDF`yw7q2Qh-v#-+A(}%LDD{E
zX*g4Pke5SP(KKw&b4c1xEbSM3?LyLSvozH84w8oP?r9p1DmIeVkEP*gJB_3zur$;K
zlStY)mX-t5{UmK7ODhB_hosG9X>)m5l4UFn=hd`Fx_G(2KE})awT|U(<mLXl6{yLC
z%Qnd%MN7U0I-O8Ea4UsSud&=W;pimP9-fAq(UQ3$&D{^jd4y`>sTHf1JH&F2!f_Fy
zK7?Z>p+14*GD4l=seQYaJI$^*%c%2=`VKcd2<5IQonQ7)1q`KgmkE!~cfnXQxRjH^
zY~$P1QVgPvc2huCRJsKAWmm4EQV5E*AV_>T*=|Z6vp9L|!cQ$fIJY$TqTm}Xu3Y9K
zJc$JyyGoAlEuX{i8gl;d+<A<~a3GcQDi;e6!$or!%x4*ah!S@D6oFW~!DGg7G4i`-
z<`F}u#FWV5+fRwFh3G0AA;?rW&#-Pw$8DPbGg{92o3-5UnmR|zfBb(FckS^_75V<0
zlQd1+Gzk)*2x5_fg`yV1BUnJNv{r@E2TedMu~Y)YQXWk}r7hJ^XnHKVE+VLiSNC3Z
zeXK8vh>sRDweA%KToLe57uKa#6t7qi)b7ljd7R0luAlwq^3ihm^*i60GiT;EznS^X
z{OFUCApS8V7~x-W2??fn@waBUZTP%QCfj4F)$t5feSbzz(EfNzCSj_WI`l`W!<(q$
z@lqLF*LxhvDya-kf*(b)8Y+W^_CrW^50$}Hzb#1iFsDH8k5Zs;1!@zL?WQsq5=TX{
zb}BnS)%wSrQq|PW32HoiO^t_c`r96AJU~_YG-9!UpHHACxEQqqJvn6U?kJO#B5NUw
zHTC)+dV<rHKcXkNRd_FYf){N5H+mWkem0;dbjLo>6X`+C90xsVq=YZL(fXF8MG?pU
zSXxoBXmMFZ>WZ>eWy=-?K;Nd_G1XVLv;u~EhI#?m!OK@^9XeRK==K#rF90n<x^g+t
z4~w7%f|tEaheg1>c8$z?I&74&F9KV{Gpo6-#(bAQ&L7tV11hzi(|Uos;pQ|)WJX#)
z7=Eq4+%O|;K*P+m6ny8ZtDr#5&D1&%_TzG=gx*f~OMqr(ni+d8)wk641z<Hl6a3mQ
z6_6X7t#W-!TQ1rUt#P2c5mE3dvYceuS9f7RKykK2N!cP3G$MD=Ddg2MY1x{rkjkL*
zz$@sfhCV$^_W)j`Ph@hzT~4^0+QQm??aMM*t#N3Pikq@i3z{l3OTr6W^lI!-t@YPn
z0=e-K-o^>6;DA+~B^A>Pv@NRXDaE!v4%(3&_RzcL){`*KpS=-o<{xT3Z=T%0VFT2s
z4O^gg)wbV*qtqOrM$LYyka)=f0hpoGxg@~vcIg%i)!e}zTl4L40MKMfDJ+KW8>xm1
z>i%%83xC1Ejd@0ZT;C49sw0qLYi?KDww?Vc<306AFwWKt-Vr1&ZYu66GPF_kXSe_e
zz^ix)bzdI2W`J@uZ9v```=eYl)MYR?H9uV~uy{&J3VRMV-i&Ui^rF<z4FX=A+&`Eh
zzTYzRe&Ew-FIYlf5KuU1ayZ**L7#RCT{YZ@b+~p7X^lkgLDqKve*`~UQ3^Qoev8^y
zxFN~fw{{>4Lt}yJM`LNEzXd%}izNcOB69wwXQH(EiRM)Gx=h^E?8p_x0av~oOC`6h
zIjFRLWk#{C4X4$3*c4iS&e{(;o*jCo)FgSyEy(ls*>=sg*qRU7-fGV}0C!gdeL<`G
zqV7U+@ThIqbr#<gs}%eYPR;yMkzWc$jGpis(kSh97i<CB`eT74cZo-LH))FGE(s*V
zeQF$Jt}6*f`zxfe5HmsAtnX|3!ci|{f1%+=w?}tvC@9rxTFZ^JmZ55S7u643M`@FZ
zRUDDY4DMs<b~XsrP=w9kJbqd819jj}ZB_iTdJa81Tf!T@!HyOi;QEQ$=3RgmST9C8
zp%1QX2U>pGLnn+A>1v*~Ncg^Hx}arpw4bErWJV-M1ei3DX$tt?VCl}0>_L-?LyZ~>
z=tbY~H|F3_H3u)&4sfeGJCL72O+lzFeYXW|n|T-b?J%e$y&k+2xzTE?&d?ih5cN=f
zoVr=QPU~kmEwI*t4$9Pz$>MPybN2W`HBiZTiIO>+gKRKZgDC-%R&&~ncHPv#+@=jS
zG+|9zGag@AjOVO-($Q+;9tT=&+>?t|8~0p=RvY(>LaUAS-GTnjW7-tjwqswYOAZ}R
z4ed+pigzA^-A3{&VAM#d?<ulvZmnyT{ryUSK1l;jc(}G1Qo`-`drNJbTju}PWyG=)
zC(CgL$!N^LR;K1F`Grh;bw5W>FVY%&6_0D$mBOFO<VxYAGPzRth)k{&J|>eZYd@p&
zu}@^OdVHELpKJAgSnIi3SbB$QQa^E?3U!!6$L*n7m)#St!2LAY`^L}ss%GfHn+pcJ
zRMZkc(@}fWtFv6ei$a}7@Gs~a^%L}sY7Z>3HD7IOPS5xym=o%R&JNJqsXcH56<?_r
zJE?epUOX6yrHpfdi|Tuzo15kzl?45xOz_|6u5qMCzSr~!-T+GpBy`O{Dj+cBH@h6%
z5AD(V9qx4B1(VqB=t(u-j(uj(ww<%5C|qj~*J4+g+|+{bn;p6hW@mfW7oeqtYg4_x
zaHUm!#~04GAXRdL_Tz8pr#(meF%0i}5XpwoZJCMmiERRr!;Lcfj04eUJVB=_#ct;@
zk9vD%BtEIZD>rzJ4c>Uy+=MsbZuaW=C2HP`h;gc<&N*Ui8hr$YF`hG3Zk%NdMP%?_
zgJr5(0-p^Z7lm3f@rHel5e$a~g-wpBMbrn|)|{7M2pU8CWKerqN2;GJZOZ>iJpc)3
zn;JZEp;m)iJ>Zv6)YJx#(lFal5MJS8;T7iZE22YMIUUlT;FQGkQTwx<*tBzy$j!jC
zgEj@c4jf(24!xGZ|MoT`+P?$kd)u)O-B67*OPbqbTMw@hb{?y5v2B7oE?{D#&e<;2
zAGEE13%**Sdad!U*1AGj3VkR|0xiFK$U4&`U_PwwPvda5&Df5L)!C#CA>&?!mS||N
zxd}xJ{C{&446H(TV(*i)KC#_10%%5OH!w~ogRwVLov{-bs<!pexkSw~W<duy`?{2B
zQx+I!tL$*J4Fef+{Ryv`30go_AT7Q6UE~t0Er_Og!{!Cf_Hco*G@NG+=cUhwmFv$W
z?q=hB;hScL?}j}=4QxkSM3Hp$93C!0iDng48yr$mvbn@XSiA2X<h&CdcQ6BfSOQpJ
z0yfd(8F$jH!29S<XuGUG#{f^&#v#kZfSSy=WHtc3T2UiNQFC0V(d1;>n&$#DFwf)$
zLz~ok+-x`!`llWBl&sImW_-9B`9P&=SDgQ>T~}_|S6kSXh`qXC6M|gTnX;{UW~KsP
z2UK8DD54l5ei)mh!0?l9a(yc_R8@1R)nz!F^#iQ->bJl*a!djvTlGWrJ%PSxtW%_5
zVhL&HcI39GXp@l=(hCP8ZByR^w2gN`)64{`FFeaqipmEIdxjJ?L>=*8!#jNrv?tn4
z2a+r0=pYJYg@zn0*8HZ2qB{A3Uyg=RRneRvkOqcI=rHK-=LR#X6dC*&NL*Fi)K?&P
zT78R}pBFHz?#bbT$v}(eP7Y7EgP))co7Mbj;k;=;=$;lXbf~$+Z74q#D`9sURztbz
z<X5Bh`WZV3<r4LkKS%p5DL@)ru^mYj%@{hi`f2N`qEFTIsh&P<qE8ReC#bl7Ml8?L
z6AmwN8`p10{OZyLqOwuoAvD)=7x)K|`I9{>QVV^~_gc^@FjI<YbO$2=?@}_$(%I8(
zvIneg79<(GDvdlr#y%Ok^|Ybi!OJ1y6|&1S5RFYExa^`WOOv8E7;L+8jkaC+;A6Se
zAs)3h(=TPTf@yP#;c!s_=t5|U4vYyJHDX;~)Ukkaf?+0p?dgPui<<8;<Y$6;lWxZ4
zlPgVt-6U7KfDZ6w<r=HZpiw(pp!s3#Zk0iL6Wp(W&OP1nbpco1Iz?{sD#5Gj))@@J
zk^VT3j?Ql=c5|%&>AFt1_-bpu4s=|P;<Gh-jjbI<!(Q;@G5A{lZuS`th0cxfh26%$
zkm|VZR(o*35*P#lyn_S&jkr4Du5IYcU&B_P8t)6ENp0h7rC}3XplKY?;5K(65Bqkx
zyVVFl=om!6izbYt)dG8o#{(veXO9g!RuVd{6sw2T{q#swO8u#t1ZaeHLSwK*|3>JX
z0h*F_#hQ}Znsd#emT#b+!b)rlmr$=R3w-&mGSF!)jzA*(B2ck)6@;utKV3M4bCDCs
zCW4YKCp7wiwhqe?W4Z*()Rk&$o-M1bg=arO(TB+TK$jUZUeJO`+1V<H6($E3ok_c8
zT$^5rTPLvd3|7dop+O34lMCo-2lT#6L9*wlteH;C;3h>sg{*{Wru8kd=Iri}?tuSB
zY1h$-@QdJQA0*o?lL;I&oHd)Qze1G5Oz>nwxB_@G5<Sg<rzO$TT=3J1p725#JV#tr
zF%~as^%5BZUL~Meas82AwJ0=@d;Kxn`W>(lWP=KHdjd9f#biyN)px6r;P=jM-=wPa
z)#-5XSv$HHCmP$X>~uJkpRPWp-Z+|iH#vKns!~)FNO7^2LObjQ5Anf48y@qh?of*@
zSj}de3nJM@-I8%Jn;_2zI%E)5W)9?CvXZX0uB6_2E2)oOnnL1+4O7U%#bpXnpiEi5
z5Tz`KDnwbLi18K@F<y&hUo#X(uOEmf@9OM4wQw|bceASzFFZn-jO*BeCa8yHvQhjF
z&377|9%<Tcr1GD~>iAKPZrNh2j`cBTh%7!Qxx?KmNCpa$QGz6klZa73$U)q1w_WrL
zTR_d#ZISb-j9jX=zL$T*QZ3h&9o_}c?yk@xe8B6XA@;_~J6Ezd-KxVV)Rld!td~UK
z#bTTUu8TiHCHfL-kwR|4&Q+e~qeEC;XCxg4&&0LzG6`G_hi9PUs06y<o#Z4_WpetM
zlm~7~+9{71GX1y1#mE1SaPhxCWcpqBDe;BOA!1C61ll(Id_;}%vWkl3<x=e2e}7o@
zHeA+iE&up{q3@OnMvEK}ofrIbj}TR23tz$&tCm&<e7&@1EtUxhIUkx=XJ;+*zhs8_
zcX11Te^~V=@b|vvxsm%A`cqw4buIs{UL$;HF-Y(&DAK`yT(Xyy`JBu!%D;(0V(ldc
z2|4NhZ0C<H4DD11Mjy)Cg;TLm-edI=)GDvgOU9E!;#4w$96O~FWI7JgOU5|yDb_wx
zbleLusC%DYg1VEVtsfXJyw1?M3c>v6;n_#vKHif4>|%y4QV1qG9?b6##vaDH;-<Ve
zf6>tTs7P8ccJIQVulG1fy@e>(=cUE-$iSHY%O3SALzmNd9;9UkdX3s5M(-FX<TVIk
z$Z^!Ik4*XtLpLe}6J2A21?E8l^CcW}d*#K?GV~J)!9+6;5tuI#m@h?`NAOqv>gBWd
zGxQq@!60o6@2rt}tDjUMuS<ozh9XQF9$~yMzqFsB_bUWLqU?O8@E0RW(&=8m&SgUG
zLxtRjA&d*NEsj4kRj1Jm1e2;ocG0Qh=)BT|yoL#R4M&)xSliS*pRirmMhyfL{k=vA
z%)<p{bb?Plg_&PTIvuYohk;<CnbQU4%LV3<2=g4aS2m6u{s8WkD^`&q24JF@M+wX$
z1?CKd`3oKg-5noA7&_BHFwtYdXq1XrdGgGIce1e{&%iMJ*SSI{PliyQD-mWhuETk^
zo?oYnUS=Q|^rpJ<T*Z|~9WeeDR-U^J48xZvQz*}sLV3m@On)4^==G$FzhLO63<N`T
z)NVtxRq(bT`B0D?6(lD(iFekF@z+-_4a9EqV}-XEBfNzZVLr#!z)Lk>>$Kl@27*b|
zqCKIJ@j;wQn^&CY%0psS-AOTI6rRnciZe#PSASy^&v?>nDbJWO_=r6!Gm^mX^emO=
z-+i3$?oQ#|$0H0pB7&|%2wtX(hd0bfFwuQyg1|gpV4f(EC~*+u7`Ug2p~o5tCYsqL
zFi#YiCm~E0#<Wz8_>!Tg83`u3C0s2qPZF53sD+Qt8AmSHX}=;P!9+7p7MQaH<|!QW
zg^u@hQNETK2_~9(s=z!&V7>-n$l;b*FW&K2hORLZOf>T}f%zJNc{;-6;TheCyH92^
z^aDnM(OaJBI2CL2sd~vcV*5<zEKj>$g4(l-<j$4(TA|F-g)(O&%rJ~e`E}t!hJMmW
zFwwO!LtxGpm~%9HRo2GHj?6O?82U9M!RTw_aeDuY*XOGURxQzME$`B*vOwSty~MY)
zVo~LCUMI90dz*3OqVkYm-&^)d7Srl~GcpXH>N;-LKXKIR#VpkiMuy>2<#8j(pXZ*x
zgr&MHj$v5ry@%<$>v^u%v<*(V)7}zcJo#}9qtMo}IVR5yl0E`u&pT^QFrJ1uhGAN?
zDJIX2h-Uz8O$X*Oo|ZU<QK;tM5R+#n_g<T)?_Z{y{lzhiLT6IzV)D%5c%I0xR4|?~
zCWb*gXdU+Um^}H2rw>l~KQ9DEF&@8(VGs`r3$QXK&uoro!h|`0V>}O;7)GHz*B_Io
zfa3`d4?n<o{%T?vg^qFMF?k9leT>8F-yN}y@%(IJ7>#EvzI7>w=$5gtX?Bplj3f{P
zy(=||KCdE9ug-h@tc&G!MLfgsJ*60>N+34kb=FO~Yn$R3hEFvIr7~mOq1>0wu~aMK
z8HP_)!u5htx#4SBs{7&@hSzm&LD%I7y3Rv2KdjWH&4(Ui=tw-l5FPbVd~dUxxk6qZ
zA+LD|Gacu(=joke8M-5$U`Sr4dd=%5A+LEtUh@&A0Oz%7d+B6`J{M0gB(HdLZ+YD;
z<TYQ&s}y0N8#)}tZ!USNQMYDcCKxhaz?KP*NR$d~et~9V<CF{MKfQ*1<#aQ{@NL7(
z>G?1Fc1~rf7MK}^Pjw4Q)sNUx*;CVWuDE7~VS0XC%rcj8dUe5$FOD;wW;4SuJwH4q
z&q7XbtXx&Flkxo1%rH#P_m9a_F6rZBmw!9tKE~50fnk`QkB`Z7D_5(J-ty7SjAwiT
z!!SL6PKw2|h~r86Y{od<*GXU)rsq3j^7uHba?6xe0p0gXU>K(7kH+L#%#~-u$@e=L
z&r=Bu!}R>SF?p77JlBn1S<ZM4Brpuq^UX1NmU7?g)#HT<<2j$eFig+?DJGAf8&7Xt
z+SI^!h9okKLf13zkI8czH}0&>zfHFyU6{x)3XKO`M|oiH9*6fhN`+CTg0rla4V)BW
z%+-ku!}rr=C>6mqp8W1SOZ8+T!)UUW#NKSkN^ab_a@owQ8P7+F48v=`<%0Gr6|~<9
zgjs{#c{cU&&S&T|i3Fp!miOXRe9f=qG|~@`HPo{b8j=`>f3H<st^Pdx<Or5(N)p2`
zJ@#_U+^Y~zGT9^hLz^!5g-Hy<^w^(b@&vf{^W@$epV9TxB!*#n?17j(L5`<%&`*;X
z&r3-R!`rJO&uYYDBkkvd%888Uvm}OLdTdQho;4DQybk|-^31k4#uH~@7^cUTP#&U@
z=IJF!x7-jjuiLqAQCcxQsI!eN48wGbi(`iWf_?-m=*kIvu}mt_=XD3yFVxqr(%H{$
z3&ZgJ;!dGotPuLeT7=n+_x0xPSvr@YS6c`Mty;q)9$b`eeF>|%k@4@B`m1#<%EB;w
z32THBt`$mHi!ks|0Hj&?<rxn{@3at1ba~csEwgs-Y28S)*TOK^inDMlc*_<ot6CK3
z#n!45%3Ldy`7VU{7_U@Zaro=u41Lx@Fl2o`E;)MTZ9sBwmfqb$?so~fqs!XliDW0<
z+V2!Yk4h$(Xy)|-b4XyWN0{Y!WqXQmzOJ=oClgFG^9F&rUSQscFsI42DBm|cs9Whu
zCK$4wIT5$_jdVmKBf~~+wP&$jGLBe_8@bh<d3wnNGK<>C_0#_)B}5VkIzc7+H*FB!
zbffU5=$=@4v8=6`uf4HjEkiFzCYb0tY!sNo0<(%R&*SetF}ql|1GOTVV4|7t5tvnh
zxd~yu$NNnaE<cl`+ka0cm}urr0&|nVd@sWE;1*>YeRMrTZ%HPY=-z!FN=2@JU(|2<
zP}aMjNoE+nJbw_%bFWaI`w`|1+zy+boAeq(A5JD1(oc`~+E4!|<aNK0*Jf=O4`ZII
zI8?^ar;-UKn)v~Nd9%R0h0_2Jzms+;LtjWH80!CH?d>fd6!O|4<h51v2T-&f^xK}S
zzE`(*XeF3booxesLbr0g65b@YmFt5My#$T;JM|JL6wSmu{8+h-n}d8lYKCrY=L##s
zXtG(>-fYo_IGg{K=R^B-YgSf<;Zr@#jXS@zWK3tNHdz@4?TwbN=EqZA%|9a4{8pjn
zw<F98csFpwxY1{HJI+>uAz%4@YxF4dsUZ2P*Ou_8P@e5Vd3GSoG~DWDy|?}=-Kb|J
zm}ut51m+!@KNK(ry-Svrm3x=nI$rV?WsmbB=SRsqJ*U`PzOdYjy&;(ZpC-h~s+N?E
zk*@hyVb_w}APhr&m>wYgc+r&wX@DjZID*DCCJ<805a{&ywQL~JW~LhkKWT(4dEte4
zPv91C69$lFQM^reJMfY$f=^rm;vooN;do5qw?h)A;I&$QJKE0{a=7%XLH2tfUUYLa
zv|aT@AQ2VZ1HJbNOQP_>&Qtghpvu!E+;eTU!nW?|E=H;0EF*({QwxA5K!~!yK6G(q
zv-VF@7`7H2@=Nn^rhAX+Y$itL@U&ql^W1HS;WyvBy73YJ<^~wXibXN(lkgZu(H<P(
zfp`{tq}vzV^X&_63c(%SzTgsWkx>qPIR^DoLUY(XWJwagAJXWbu-m|g2KHAqi7nKU
z*h&M*)q&DjHAY^WN9VReD|@c=C)Jmfg>3O{a~h?W2KW2w!a|YVDa@;rYvd@DG%eBk
zs)3|>P#IHKn!yq(wW>!0yo`BDRohD`wpjiE)RVe@hc5ttLrdIU3vg9sen0n-a7_Za
z=q+3|g*eHMDOgEz2#B!e-1qz5lLv_i8bbmmF(he7K)Y#*8*p-SxU21;qaE5=-DzjL
z-JOmz3|hsNOCS+;RY0XE%E*qL2Cx|1mA9n-?|II-_vW#*owf@je)s!+-~W8i|M&j=
z8#lL*PC?zcr9-kiHguyj6K>iD%1uklGbVXGL0=@~4oW1vvVs6;tLCv$TU_7X+4Q6u
z(-ZSMgU+y9g0RX8PWnn?vNp%_R^xY+d0RUg+lg~^S2OM+$c+!i(Fr*X2Nw&*U6-^m
z)YoAG-rGgHc4x;HRH3*okOzd3AJjq9%dKDG=GpLMYkNDce#Y{V(Mpz($vT!WiB&8i
z%^H@FZUswda0hDSuwzX_O|7HWgX+4qbA7|c-i{_#q+-nLkUdUcM5-)yc{f)sOVvSs
zkJ}ZD1*5d-R{$(P3Ch43)WKtt+Z~QYV?me1sLM!%vSn#lXHbedWJk;y@k%bL2Scb*
z8MoQwF#}RK;0ekOmqXGplT}s_?lT&%B0Zj8ih2XFXjl$OHB_NunzG6YM2<$|EzOit
ze^`!%9Wjsodz9UbMietf47nrGP}DtD#PalrPRSYZdBU;OFJgRICVb58@wfwiPioFk
zjEo<E?iX~0BVk_nng|)b;DQvn<bWKOC{CA$(zFO+DHI9Fvda^aIPn|8Y9J2;{c<1_
z@i`?**^m;x+~@MiKA*=cVLCX_y314Bfio8N``xmaH_jE66_gC8vLYoG?+Y$ZbuCr&
z__D1UQeEQ^&_AjE&Na238hSMs_3-sVCbM!pT|UX>@XJoGKPqwFAsB36z<GK@4@o5I
zY-z*23tCFZ?+HsPT~K8OA|}!Uy;3j~@%n>qk3<NIU=ZpAxty{nwblD#0f)yE^GY3^
zWPIZ7i6t(jZ3NsNhd<(WOMJe;OI3@ENKTL26ZOk(i5EK3%PHCN$U#RGfYN%%iSGNU
z`S&{<zF^3y%Rk~v(g9ca0uFyD<djKvu&PXzB)bDaZ^RW*(?u0+ns#%zy#Z$|ssbtT
zQc6YxK7TkGas^ZzjHs!dJs1l|g8`>U1u>>3fD?X~)J_!$1Z00K5>%sbRiC0+Ls5S;
zD0`tZ)P!N=<H{JCkzQw)c|4Jz!y5=mEP%9iU2EliEaV6}J<)JLo!O-H7DpI$7q#uV
z!+v)#6!1%!ABVT*0A<PHO*?I9fUXY8&?C{gGRuP&6qWp5Ps9}nha^I+lL-W+=5~ib
zwLoGh=MEG!Bi%`bhMdl*D;$$0wOlJG8;=euOHSG2a=T&Z!p)RCXv$E{pvoOS7!N%G
zNu}?}T)$B%;Elkn5ymM@>x26#8liMrF6@w9(CDKQX8Y090Md#L-Hlt>d`s=0o{%5%
z6>?}5Co1#`{N_p<JteA3ibb3r*%gUM8pe~#3Or||@zC|`C%QXf^3&X@PCW3h&0D%t
ze45%pBWk?xN6GlDT`JH3&6)uH#4QM^Rq`A+B~-Vl(M+Bidg(MR(=%R{QI8aL`oexE
zXuk|FRzlqRC&@LLtZD6k3h8z~X}0kihw3Sa-MG262~WwnmI?&j&T!Q0m-tIL`c;-5
zki4Z_WTNn5OVu}?P$(GmyF3zlUB_EvO52VGBeLx9$P#;Ym$@D2%#*_S7WFkiN7)3^
zUQ~)`xFZ>d^+V?tsJ2F2RGS5j0aF3Z>yi1<C57ZqSy@Hd(iP<^DwY-M{*;xLE?WkE
zqFA<^_&lByHslHGnqGB3k)zsm(mo?&8)CmpeMpvL)jcI+Tf;kydYB}nTj@o+JGYti
zxXG;at^!=x#2(^hw)*>#SrF=GC~uKP5FWHlE$<?_T4zy@#*I_R3jk)#ZBxrb*HW4Q
z^QHzjnY@F5`Dhw>=sL)0z^urbK7A3uJes4I_kYgH@qgU{FY5xgZh;r^mWYSregJ7e
zmcLuvZ{HaA7mNyqBF__}k~#iQ?|nTgS#Eyz=1Zee-j>>O>!@TMKXZI|n6+g=vngc}
zh%pmn&ZA~EHdnF^oZ{hxZ=ra6sB0pBZ<hg)a_qMb$>Yi2SaMH*&o|f+uia@unBRiW
zw?p#pSm-6@xC)3ogt$B;UtyltnBzMLwW84LL-Gygc@sMZu390`mcR39WZlhO{J>jQ
zOv3Sn=(i~?Uy3bu(IU2(6?shQ`bs<^UO1LKb|~Ibth5w}E#q;2q1a-96pQB+`Abp0
zaqN(IOgwSyz`%J!yu}`u3wrk`%N3tliCL8TJmoK~@xEd!dY_Ir^P7tW<)m^mIhv)M
zEgHN0VbQ0#pCis3({;q~X6oB*PrhqR>|65k(?5Jf87sPg$WxRPmyZ`6%l#NJUqD3D
zHGm<G4r}s#V`A5Q480N$Q(}+{MQ4@d<)cNTxrZRKEqNfzbktP48<~c(Cbk<fx)$M*
zhmFXPTXKIEN}=-2<r78UDp!lH<z6<8nB2RIG1=UnQXJtb5}iC^M6b+|^mtFPt!Okk
zlBJw0I-7gQG;ZqIU4pHP4re9yWaBtUHhcnP$02J2*P+A>P~w>RiIl)O@vJyz`VQq9
zl>y25E9XDyP{3cj!19X#1thOH@QOI1oW)k;lDZti*Am+oVF-BByeVHRH^qzMHzZGx
zg~Xl`3`rshC?Cog<U@qCn7&21fE<9Jf$Jrd$i|k~^AL)VztcBChz3en227~jKFK{<
z^eL)LT#+`@x}T#eMD>=~xAL=ncR!~b%{@_cO!=BcI9YT$_d{IUwKQ7~V%SYwh41BF
zExLj#F&AaKkYy0nHm)y{q+Rn#6y;*>c+qA2b(HvGEgVX7&peU<Qe3%7R2fBwaHg*n
zU4?9$ppJ7#p=3&M#g$?>sknjbt1#IVBs72LY{>dMt0?;lt+)1l$jXRKIh`ENGOZ&Y
z+`afja{Uq9Xpf0U#S^C5eFe&S20(ee3jvgq;t0vDm^8Wf6)NY{JSMhVG2~<TvQ;^a
z>#k>CG1SujEED7(S7A1WB$fA+G4UJ$(%e8bw(lz$7=_&2k3c9V6S6Xfi*6VtKY!;+
z#QjKgk+RTqTG?tgjVnHjDH-=!6knd{K-`z7_^hTw@rCiN=D5$ganx5p_z|8th?Lnd
z8)>Vtwwr5ZPgQ3L`LBBmHhzD(P*abo%C<D+zrKIOUAkb~MniuA3j7ze*<XHY<I3b_
zdm;e%ql4?p7ogCME20?DeV!6ZJV59HkpJc|CAUF<!F8oPLidI9W%;kaJK`?Wd;&#8
zADCZ$Dx-YGYggV?jwZ(}gWiYp_j>Kgv-adU>!5dy;<XJ%>jptrv+#8gZX@A!gV9F@
z>(&l>ALV=|YlnR_>o(!vxr<F4=<G;f?@6h7!yTu3!i3Bc^ANs`3QCi`q5Q!x%3udh
z?c&b|yf#a($<Sfn_<c#}RV^x+zT0uC_kC>B(xdxyJ%2Dy?y=1mR7Ms;J|c+|3Gae>
z&M_J9x5fKWbGC~6&u3HGsG|eFG2!=4i;tKNLup(yDz+C*hfRk+Jclj)+6HSMnCLs%
z@EEpCbvxk<qwghcd~%{?FDMXhoxR|%gj-=R&`y^K#{e6o=Wn~SSskj)9Fuz1WKKJ4
zGNqkj5k`TJsF3k^{Xy+(Xog9BCzPEgIV(*vd9Qzw<}i15LrD9IQ2Sp0)?Vk=Q_P<{
z``l;R_e$E=`M37+el1ON-_6fvY2T#iU*1o3YbI}!x9{lIzvg5Bxn#0bi;%UwlWgtd
zfW~I(nSQW9&J%LFo0e)9Ow+EI%F357RaZ>ec*V5eBycP8nO02Z8LXJl6`U6g)32CN
zY1oZ3TjAItT_w}3n2@`ChAXCj0Nh^F|AQ5Ti>@G6-O>tzHi=tbKrlKg@wj-nUfds_
z7q2sG`Pt&NFIol;7@oO?O0n-EOq`HS^MXV_nkie+2&pt&fpOhFRA4oJVgv`W%y}q(
z@2`|~KeEIduD~#2kAt%h5jHp6m;!o32VFQha-m+Pc?y|kEp%YiIsg+TL;emw%qs|q
z5^ErYadx&<T@6)Xf-#FCo9o0&h+(dO4JPQVr-idEX~^FT)9p7b#$zx=vghwTg1G*W
zIZGuxXo;hMBQTB0LvyeEy@%tqZ&-$E2Q8(x`;l!FLKIl2{A=IdhDYPFIc|B3q^5_q
zShJ9;nXUZK4MhVp7>bx)tB!Wh|L+}&*soX5gm<Xue9cf~oY7E(h!?a+tLlx4?#+$A
zm)2ZXRxYYq^KPs)ugxKs>n78hVe`zi=I7?=wI+IE@i=7ZK$c3nGntmV379$AQ)^B1
zRNoGmL)mKCP9|?H41iD0npz&Z)Yc0avqhaWPA0DfFi%ahZ-t(;{SYw6Qsrqb9<f1|
z?QQY$vzAJ!I5em`W`IMV3(o+D(o;JFT)E~si4K>cT%HHqkEhu$Lo^sa1I({xu>bZk
zVE%0ydFWc$*MJ$!Q73GZ$$K9#r*o#3hj^050CSLDVV^yPJa3+Qm3uOIXd?bNV0!YV
z&u>3qel(3d#N+l7U}CeU&+iL>`TN;Z%R2-A{WD;mpQE;)$>e<jnDIG(__Gh9T5o;!
zK}qM@?&F-&Xb4rt(auJ^6!Emm%DdIioEeAltv=pg5|0*APE@%*p3TTyu?c#a64T3Z
zubEjlh6SIAuQ%sV9b&^&4Y}A=DKI1GG4A&;U2@pCHYTHtQL|IZ30%?5LB(sXSNb`l
zs+lq5*OjyhjBnL~n6mfxte4quM#C4iF>Y2n!xqRqsGf(_^FS7{q|H#pKV)QteNw%S
ztJ4BSFpn;*iMh9V*tM84HxVOmB-F!0quj5ayB_DRHjeAzu72){bIH57>u+gs60X8K
z1g-IP(nSo~od-;1U#Dy>8SzR6#b=WlO}v@fumFFf60=vq)b%9i#vN;8^uG1Twvb$1
z!#O)?G$mG0rAja;b=EcmGm9ZBJ}Yx_LlSPZV__2*hw=idm5C)W;#$Q+LzIAlm|kAU
z3vB^*{TbhG=;MCdc?>qLlETQgs#_4WrS-Tq#*@5-8oNZwoGQ(aI&-xaXwexkDt>G@
zhrZOw#?ycb{Bb*FFCm6GiQo4q-wd%beLwaSDQ^xjx=Q>Ul-nm8vmX#YncOZ!RwV_w
zcYS+n6Lv;An|s@PHw!hbf4<?t+mH>ZKTZ7uDzdu9QRwzKSNp)78l1!D3))6=ub^6S
zEg5l00?gQvWteJ3E~(;Xo3T~Kdw5~rqhpLBj3Kkg(MMl#0qtTi=U2v%5~`Q$#8ZrP
zdnu@>(kf^-gO5qruYNT*tx^hpZ=ht7jj5r$5^T-A$Gmd1@0-O}c1-ktF9EBkYSSUD
zo!PmF-L*<%pXKCgm4^6HWq2*FHZO03L{F8|r}d-@yRmB%-MAnIz6nmzb-9<hJ~LYx
z%?B<$8!|xxS<554Z^$N$t%~&yq+pe0h^ibET~#&Lv=*j<Wk7_P3I<$r+?xm9k5|jw
zT*y=4-2-vsUdm~_vv?3^(jWKQ0PEI7e>m>7gI8^}Moq@O1(RyZJkW(qS6V?CGD9S*
zK>Za^txfo<Ntryzb$pQfJ<45O+!g1p-Q4w49``lwdXu|G_=s|xyVz_AKY$i)=R_BT
zmKC))3+JD07|x}A-^OP}q@iYU;s&&L?JmwEob0&8+LVSu<+qE+2QHW}Xa5K^j2?Sk
z!eeYfuTSI=kHNrN*ZH}Lh_R{;yo{_3B5~-P$}U$Y-1nR05%>K@szPEVHLJO;axA+i
zmnZhTU8ye_aYC1inZZ>h^X^u&8Wd`YtQsxA&A5WH6xc9-NgZ}=pxeOOV&BG#;BR=Z
z{YT!&+2oEiW3psl&5ARR_F<c{wXm*@nr1_GYao4fTpggC6sF`PMwCarxmufa=niA7
zBw(~r3&Vy*;LhHAFWnLtvZ3vVZPzAx%_~RxE^h0y-<;^ND<kJ^Odr^pJ{SRgFuvnb
z|6H`2QfC_06dg+wX#H6Y$_N^Rp!^2jogiZoDZnCLSRya12rsOMxxU!Qi|v=ZphtBY
z;S68RTda&q;eUI-VLe^<{`J9oznW~nL7>wM{UeW}G@m6ppLDubMpu=2Yj@^58NZ-w
z>t(Gk98l2#-A+b2IU=Jd(fc&&)4aY_6Omy$CQb9qx9gvyI_d{P$1f?3AAGB+yGOHK
z&z`C3zaCHXc`+@`jm^y|n4hF!nmW6l&YX*x9}UE4F5<86v#99T^hX1l)q0MepyFfO
zYIP#8PqXUR$I8`F)ckmVPpKN~3(ejG@iR?IUYn<T?tIB`HmJ&(ts~sk#+t2r_|>uH
z*ss-Ciw!DfI=Wv%!COv4UwP%YhBBwhpknlOkw1gO6hg0i55?TLwDW|D{yPK1q}KA>
zG|AR9$%NqcW!h@Ldj8B)D*9&zhGA{&tu#9157K--)e|Idnu@~tj<giso|ZyFl=~U2
zgTt@gSfrxQ8W<*3@*ky1wxvm)#~*_tOpE-Wh6wGtfnic5&rg#)FHJI`#eJQY>Q6@h
zBA~esWMmkwX^p9m$n{jvQy-AsnU)@VT6zd|?it$iPhaeoRdlhDVNxaEohJD%EV;}m
z(0lj2>+vfZ{PqSEPS=L+O^qEJ&|Q4^h2Gd~>TJgD)=lWHJ8^cj_Ov#(!%9Van-Kyu
zw;ZWb=Fyus=tVcTZfR{MxJ|w7J*{2sPm@pfuJ7q?Y$70t+|bpzbwjuIkpRE48Fjj2
zv54%J=#q*&XGwVz;c-L)u`popQcDBDxz!3>9(A}qE~n2S(Y2WV5`5GV^2D4mzl2t3
z<dH-ARdBaU^2I_Sm&@ajDpySVw*vizoK;rfMIHGq@tT1I6ZhuUCpy?0IdZogKV<^n
z#vWwl6y;^ZQ@nn7v6b_3+oIMo^Wm3K`O`@xw7apRxpPxP^br!q-dW~!m6c~cC#cAL
zPOyCGiZb<_V6L#X=~Z{#JVK>7**U>J<IK(pBBl)I1S$K?Xt8}X4Oc3q?pq=nikpD@
zfmxlcOtx?N3&6Z>o@O5u0!9Jz)70~Xl=Pwa56w#554UFA53dAVY?^b2Z4j^qFrQe|
zu|Lyy(JD`z;XZsb;CiOnH%BHD`q6#aoT<+z(8~PnoSA+16yVNJv%fw9`TQ0zZ{4A8
zQDpiq+G+aZc{BU&D!_&3{lV``)2@8$`_hY^^*?)gwgK^yad)=r&dV_vx!Yi<s&6Yz
zz)D`OW2VmrKA2F=mi5)Q8L`#lI*p$Tq9B9HTE8W2W+F!8cQ-mKhBcyjAZe+RO(*y=
zv0=@yG7A69qmw8b-iNbd*F)S@%|knASG94aV8H*WR#MOfU^i$7X8n14u>`-A?Zt8y
zy%l^_ytHEi-OuaIdIztGM-#GP$b#3jy_XjsNQ4C=-IG44j3RqE|Dgx$*x$cs$hKs}
zyg)!U6Kx9sHDVYzWB^zqAZU;)$NEknSepcZ#P;G{W@LB+`N-fQ^5Ru?6+etp`N6=M
zSwrTzgWFdfHKT;ReEBA_$}=Gi<=r*7b5%ZI`aVqTDlRZHGiPlQh<you%88xDCGdZe
z@)orD0KhL15D-hv%)mRq5WETkS8*v&JlnGH=IX!|Lw_vMHF5qnx*MQOK=cA0z0C#!
zwo?HmTmWEp(nOT<M4%mt3x?iz+N^-xhEsyhLfF1pR~9j1S0&5Pi0-S_*cPIp0|yJy
z{RZ*Z;(lW9^&qNQeEsbnyh6N>?md%@Te36#bGm-EVFEn52W230ESqo_cP%lH*_usQ
zV_>*09=d~vBJ&}4Viz(HWydab*OD9~oG`GRb3Uw8VGfpsRyOgSB~-E7hgaH4|C76?
z0gI~IcFvq(W@JWZz$r*6M;TN3NpMh6ED#2SBpL=7(p1tbrTB*eW%rU{2NFC?uOGVg
z-o1S<t9M^N_uhKF^7gW91`N^4OjA)S^Yv9Cp<OEkO6Kjg_c?pc%o&)e`@MVL_xL_#
zv-aL=?Y+<5`>eBm%bnZ@VAdNe5ox0%VrT_J&nk7fQwmGNNo^wyO^~^rkNGeBO?LcY
zJ|Sa9kPMTRI635u#2@@KOx{evei<gM6zrE_GLB}LjBe@&n;O4#t6*c}Mk8y2_dBnt
zO5xm*<<1t3bkGn>s7fWBNd4X1fVOTkZvg2Wd#ELn(cm<Jer+5GIb<_*@5k)GHj^h_
zYuLRYl^@Rzq0wb@wPe(PBgt%MbuVAiAyo_@*c%syy<P;afIPME3ym86o<Q%98)&IO
z_|R43e24^gnU*FpL`z^&6w*fxIdqb6k2`3}N$ear-(0=!S2gJ~;s4ZG<_&c<wdT5-
zO7j$Zc5X6Qz9l<y(vnkWrB8{ZJOD}iMRM>?SBN<(Z5C6BlTU%07?M<5Pdi(dS(4B_
z48}pewYo3bZ{9ty;^+wJ;e1)77w@(hxOmgAse_e|qX|rVov5M7?sOrns5IRt#jn2!
z-QGZ2`eYIyqa|2$V{tlr$!Uj7-)W+lJ4wWA;s-!>NyU+nV-V+`oZ`3sv+){&z;6as
zIgzzqE!^Qmy)+${9;SU?rP{f-XuJ1(dOz|c3W&R?xjNmvu%zgQR5L`#j-)IQ7R)L1
z)YJjq79bS&y)B+3*WuIT76LJO8G2V(5D3crbn?ctx*cULkPOdeNrG32B>i2G=Q9H_
zL3qRC7igLEu#D5<HPkoEXAMmtPXQGWe*F4kAWV`BBa&$}_b%u-ViUWH*>~aI%%T@C
z#1RAv`Q-M+15I*>)KY-j(;B#A@ax%c6wMmAXT}(s?$=;Bv&zXIegj`NAC&W{87b(p
zIgfKYqx)tEE}J8e&NkJsI~}L9J&&_Bdl&@Hqu?8);F%O0BL&A|urcvcuynSDri+MM
z;n2E`Sp$y)4cq8H><`s&)1WCE{TKBwYGL|Dhadc330#I}hZ--749_ODuq=0~$x|X1
z@Uf9I{LVwSXOIlP0yr?kuK*6r@XG-B+u%#`Nrc~$$cFq@MDVFU7lHGb%ckB++RO0N
zM&Kop;aL_TEJ;a3m`n1%ob=ex1o7_il9Zrnn2XEMt(N4Hq@%>sSBX4Psl_DBh#!DC
zdC}un;d5og3Kn$LmAlfWJK>6(P7??Mjyq5@rru)2J17>j$!4FH8m>MwLYT4N-~#(`
zewif&+^_KBCKW@1%rxJ*v{05g7EnWC4}30T?SAk7K6GD+4?4Ekuj&XZpo(?)!QW(q
zqk3j!R6AIFjAW=bv0zbvFuC;V;u2|18B4N&XY7Y7%Fr6)^?LDOO#ZtiSsaYXf7e~b
z3cE<p;$37Eb`fN={KuWG`;~Yj8R^+F`JagjrLax`vs|PUu9bjU&QuC#D*#W7QaD=y
zc)Xa~(;1o|FSBG-{()y}Jwuj6H^PztcNFZw1LKMo#B2|G8X@8~zPCke^eFyBSPCOL
zJr<lM8@*%EaZGTQ*riAD7*U6&z;UE$P4V>y2P{=Sp63+7A5p6!*dwanDxXvRYW!X6
z*T3G*4VdZ{!`(rqgD#F@&TWDhcbufz3}AmPcwT5eRVJrPl^~r^JtWLcg2lfbajukw
z;(_mI#jFUL-sSFz?y1ob5!(8G#04?=@b-PczDPca7E^u+)TB3I*fPp%)lyz-7yY_^
ziGC(^D8$d7V+!%}=f5ewAzGS1GhpKExe752J1L!|r9oPP47&mcs3bx!wPGKIeL_p$
zE5%X4%|KulT3X18bWgJ)f7nlJC#gjKFh?cAHmF2=zoxK9DeO-a_AV`bN^1uw%ostX
z6A>iik4fR6uqs;G5h0GxtQKMEv}C8HHMG<~OHZkZP!4g%8WFabmey*-`EIAM7d7I1
z;qeoG__RhG{dcsTPD@uvE7n>mY$+}MMl0fbLMw9Bd$i)`Z6JS*K6C;ZY>@Tglx>Q5
zqo|MmJL}+ODQ<5N<*AA6tG;$Bsh%E}t`~Kh6mpBGU7`>O+ijr`sic$W*Y6YL(oH*m
z`zL8QPO*)shkiz;b$&wz**~IQJVK@`QpvPXM0XAc5rkzEGTcsI>*KUd@I;3=IJ6AX
zCxZ;gAgoM7X$YmElsqq@%lCK45)}>CFupbfmcj(K%3;C}5G~irt4GkvHwcO9_H2)9
zkpuyjq|;?X=&FgHK2@mgU3%@CzIknAq<VVz`6DyZbJvBTy(U`u(*nk`8Kn<O5>8RA
zyg8^=Ud)tS-kA4*Z-iZbT6yVs#>vK`myL&L+~HmTx&P{@E0Tny5lXR*xLZuhk*p1f
zR(_ID`^2wX{za0MLFsD~N-J-`BfK5;$OK_c1yIP!OwG(BqMHg5Tq!GSUe-LJ1&swX
zYO{0_;&A0%Bez;rS(2aX$VtO3aQMnql@&NTQw?cSQJs#1NRATZ5<_d&t*wSopu(RU
z(Q1=FQGXh4RT7F-;!YGQ>Z70?P01;;7iBNZ&&d*0us<&nrvK!q$~8MHJ3l{vao(-j
zzK~jY?J`rzf@RJI$yw&?x*8JDFUOvpC0Pj^c#bSKSy>wJ=hm$JqQauwyzC+$<^mdN
zEIo5JdQoMjr9zb0^_4XCm)}#81X2~T+OuxSx98kkR1gd)j5Zk7$PKG!|1AA$nl(k@
z-D<%4*BxVh$=rkKU)P7Jf4vec9+1D<4JY+$km+Bu+<|&LU_RVodaa&A?FK@4!2%Pd
zRE3A{M%3<>5c*v3fhZ3X-)~X7KZL;7g<hergo$q}x|*AHqvHd1`%%=!s`qgWBl@qQ
zHtRz81%ZWb9cq&?Hncu`18Q^M*#GzXQsL<Ra(!uo;&1zrgfTLX62hoMJWmQgS9=(7
z(~-O9I9*%3o(oF&LU${<PR6j?KHOaFMZdhwQHI^d=3)Rb&BaPVAbWwSJH4VqJXF#j
zBSCuL?)jX@>-6-X9?Ek55(hrNTfGpjh~YXxt}6sBI)T7Aq|phkhiP&CR0qK(#M34H
zxr%x#aNpQKsmghju3C%f9iV8~y##P?#<)GIoy8dUQ3S@gk8&3YZoXQ@+qHbYo>%av
z;y>euFQ14X)cwffATO>)&DQ6tPI%lJwllt)A3$|OxGvV!YH<E#|2dCG&vx;H2tLf8
zjPJ&Ear{YFTg>Tdv&D1Jz<v~eiXTGt1Gvu2pK`r6_rjsKJ)T36>?J>X7EJGDL;VkO
zdeafTgw7p{g3(LD^v36<Jdf!SYVoIVT?(ScJf3$2Qwx}18m8C%WW!oHy>vwH<;ylc
z7`+9U-hbTg^~&d$h3B{T#IhFo{A`%sl&FW-$?4@IdXH^>@(QKLpFw?bd?9w3rI7D&
zwT*u$=iWb%8J@a)6vE%ccgLUCeHuT+ueaFQPhGEBCu?6TATvD~{~38sXgrOYRa39)
zhcGAc!w^oVQ(QMhGwVOI+#b&uL=(n2K>KB(85S>HalNN~9HIx~97L<vE$oYvXpS%L
z-`(Rmq{nj{^gSm`Z@F>iaZCxX%&@p_h+c`wrj*mWf~al(YFBqKY8FJR>&K&CV_Jj~
z9c4PE_SFYxCkyi;^l)7vqIO&}w<Fl>%!uBOvB$m-MlTJ|uFteIS3bLZOfRD6ix=ed
z;t;)oXD|K~j9v<&cT&0Ou3+?Rh}zD=1eY*B>yULA@ApPc_Piml$E|`@v<_PbU~I0p
z4BPuR@9^x`u><^v)<f1Vwh-;PGp@F%DJ!4a;AuCqC#<LV_b?o-K&n3d%PXD(W7vb%
zlV~5s@|UcCbv3fK^Lw8I%pU8vY%Q$tO)q@-*<w$pj{TM&whm%iFy=cJ@977e#}Rah
zKV$7iIM7qnRloJlUV?QH@7+dC=eFNX#~9IANq-ZX*U+?G=l!voU2nxSrCj{jv){-L
z^T(|x_){1w+Kak~YnxSo^+W4NY$-Z{jmmk4KR(Hyuzp0wdKf`%uC`fU{`2XtJncI6
zFw6$c;0HARf%<1Ac{+_~1;w?3=TYhW<37N62%eK}5U;EWjn+10#`hk#8jTh`C*1&^
z1<dyeZ$gfzJrZF?&s;Zz@f4zY{Cj-cOP)>x!j7Ju4y}c7Bh7pIv7bB#bbk142!F?t
z+baX{!=8Keef>Wn{D7T3EZ|>&@Zb0SMK7SnGz9!`!+x~9u_+LL8p40;w&yqb<A)RU
z`BzE9fum1C*iAXivw_&*zS$L}EegbLLD(PIR&qIT^l%@{zBK>sK>TqC|DGc!6432(
z8$XHdzI>Qa>9n@9HcNWTBv+&Mk)sdxdb)J%BD9rT7O5cSR;MK97TA_>`)nN|zZZqy
z$Hb#-g6K*Ih8uj5k@sMqI?p-Qr5|*eu3#Sf^UREcEk(u}6_;mX_zyij*D^(>J-|{Y
zc4z!pZv%6O5{Ju{5-Zr=6vYajXuVuVCb!R+appcSjf!;@UgHr|FCAIjJ{9+FR>qn7
zFRkugrL_;RBwi_J&jX?|>e7P)QTg08OR2<mBP~7d=bE{T3cZN8(InCAKvaI)ELt2z
z1<%xaz?Byb0mFd(DAj8*|52(R0~|=HJ`%GarFtC>r>NovwOfv(Rr2((+}TWSF#Qd1
zuG|vw24q)D^br3|GQldXL^tKiQ*!%aUAHoOfgkQ=MS7vw9q{t2SYdsi`bDY)5uO^m
z3K1FXdg{P>FD>mATrEwMiDt3bfc!o6?=P^Fe2%d+HwzXGy}m@?5i9HqZMK4<MT${G
zk0LucBY&EZ?+fxa;E#Gi^!Q7Kh$2rpk^ACd0dwv~{K@PSB1$o9!Vs+y@teq0?ulq0
zFJQJ+Qp{Qz<}otNS{Y^{Z0iz?daHh9%yP%8NEv3iXf1LC(b_Hn&!UX#8B$jYsc22^
zRv@J{HVm;D5v_F!&#CRjp^ts7ucd87vDq}4z;t9sFu4oNI838V*fFJBR&K1hbJLa$
zetAE9$v}RVBnXn!RBrK!L#QkyEx0TsefHdRpDbjuV(G7*u`M@|q=dm_AqU}8F(R}q
z1k9t<>d?06pz>%{hmMf~?Vb&z9bCe1hS3gm3Ll5j4kWY#VYCBf-qo7W?cl<k6-GOF
zh1?cKJ2*yL!)OP}SPr$DCb5CfQe??&{^5IkJNUwl2_2h-Lv0=lVFM4^oTpHm*TaY{
zeE_vN83G@q@%sX`c_h+zfd{i~hv)Hfm^StAMH0LE(ddpxguX;=2FCjKSunb=uYMXA
z`gwq?(QF8Bd^e+ZOAVus?*~+|8nsyx<?|~WDHhV?=<xPca&&m(OGoYUqeIII9jMJC
z(V_Rjzo9m-hrkD3r0)RT@u6etJc-&oKYnz4a2daf+GtFnV`t@{HYKM2<FdV(xwqMG
zb(GGhS<G<yveY^93jg$GSSXk$2n92Lkx<b04*KPCL0j(P<bsWNZklgim|K!OYxbPv
zoa~&W0C4K8bOOdfK5~m}W=N+~kXMkiurwFLd^Nd6IgTav(p;O_?kI4gdh_DkB>`<9
zgh=q(?A%2KMI&G*b)oQ+Rv{?JcvWxsKR2O&nQ61<%uSy+KV!j-=&xb)Pr)czRfJlj
z9TTb3j~!<)Mn#V|U3GO#>@}p<go$z2UN^}+c}l!x>h;s6&qzp2O1@!cO6n{tt{zG3
zN*n-G0&k?o$8Q2I>4lfI8e0*YaH&mD461Qn%5k{#duj{*H2r$u+P&P6>YhTc<#8Ob
zLNqhdc0gnng@Xe0a)5J$GLJ88YOsW@)jM1TL1zWynTtmfP2<^sTZ5Gbe@exrEFn06
zNl{2`dmtu761DtE#IW@=K2Eh@`>e*+Kyz>jzSB~0sa|l(Q`1+l^e4d=&WBgq{ev{E
z=olk7c$qMtc_aPKiVX;MvjAf$b6VZjBi4Rv-#nYeSpE*YJ`E2w)3`J6k!RSgpTV8I
ze<ya-Zy5B}Rx}I_*G-&tfV;@tdrg4#KN$OWa9+0VYs2mXp3l`>C!_Ol!>YOjzRNRc
zY}QZU+8NHvY}3KtTJdk?Hg&TKifB0f+`CN1dW)(4fu{btr@{8IVnvJ5>R#TFEWA+F
zI5bTzF6GnJ4X}<`wX&viPMX9t=FjvS&maj{v;CV!rPTJkL5Xe8Tb1Cc#J%UW_BDB(
z{9n<BxxQ|i-(+zl622Ap5I%#q?*n8VYy6%`le=zWAjHsEh8p51*qr-nYyVDdLr)4s
z{1`+Z_XqA~xgL%Ctg5*+4HCxgG&Y>al|!iV2&z1<Q63cQM(VhHl#a_s>$qZ+jw?p%
zSTRaRr~_5Ru+h+JME3|nGB~z2qG2$yE&?_0y$EK^Xf4}d^(VNtsGNyi#de96U=vt5
zViRd1yaAsum!09g5>GEM#W$5ZL=i`$1(dXQ>`Fl-9c>nPJm8^`B;qzV_0_KT;l*xJ
zwMu_CDMZT%Ze=9$ij-a<qE{@^Ys2)2|A*-21@kF(N&GX+R(DgM;c+*rgU2UyvKK?Q
zTA^E^WoxnM*kR_C{5bH=YQr&(95evea;tlk%@=x)A|UK>?AnD6t+Yxb#D-DhOQ@W>
ziX>8}oh39n8M(3{@O3GM-9<0&4HWhiLk^os@hU@Nl$aDp84^j~r1+Yaz*Mmqmm-y7
zJFqMvwK=p@PD^W*VvmQEB%+Z?@uZSO_A)76QIf#fCPk-G9P<$+u_{w5PAJ70_0d`_
zE0%=Iq--NiTxYIcSyOY*rY)<@BzIJ#*k)rTs$A)-MxXBH+BIuy%=X+{B-amoG3>&e
z?o@pJ+$@Uzh=9{lZuLT{0&5?ydK<s(1TkedTo|WoV|YCV3ufc|IRN+7MPc7Ww*DYO
zk<_yRjFw4v{%GPc25mgZ|KO^YxK4Jm-BnuthbkuVJHhVPS;e4Mq6d<ZLp>BNn!4;Y
zK4(A@UMxihxenx%X=VI-Qq$rn7)8A$wl~(bNM(1H@ROtm`8#5mZ{$0;bBfwY+&QLp
zJo>LL&U$2Csl{S=ydAv;dZXXO(nuYc(kpsZIGAItB?Y~Y%=~^b?r)p=A+1I2MBYG-
zOF0cyh+`e$x4r5q+_uZLnZcsXol%^JX*`0~;Sk#+bt#4QOKiuHl&;#Dt5`6$R<$6q
zE|R+dPNhx#_xJKK4ha>QAEJbozIJL;f9+)Sno1FU7wpb58XwA3A&$gmq2;RuIVXve
zM-E9cm7b<iSQ%{xVRI@mtd*8vW~*`Sv$V&{LdYMr;&lo;AZ#|0t$`fGISk<=ObT#$
zBwRufEv;h2vHY3BUZW)ld9s3VKuMI#RX{lU<kEYqE9cYiPZkT$NbKnqWVh$37(P#B
z7x@;Pm8MALupU91&ZKNnciOaGh<wSb4Q=hk*zv(3Ue$3Oz)P;fl;<kMF-TS8qHRnS
z<&cc%R3R=xv-dm1=Jl?q(pE9Trl)?7#wK^mBGtA}c}-O$-rsa+ad^kpf&U)Fkkc1C
z?EGaK{LFx(`hicixF3V=!*(NPy~ra2^YAT{c_d6Ttk-60EMA36>lEVSsiREXZ~WM~
z7AjCBOky>ea=CAYwHC8e426nLjkDM;xQL>eO^2=8a*ql%N)v}4<KVyb8@?G2--M;f
zWccvSyp>MmUiu^wXaq+xz(syTEei;Ide7e=;XfFLg#W=XOp;@Snpb|O-sLl6l$s>_
z8$YW2dZixQ-0tf&Ptx1J7m@H!5Jhf=FD^>VP9-6~{Cg3ZzeT7|n|Z<G>-CaEFA&Uh
zS2Q5~<Wrl&*Xz7OYPu`!MYI5MVgQKSCfR+xk{Mqc|6W83aJ^^(d&{gdzFzAYUz=b?
zxMrc<XG!CueZ5{_!V8wQz3Yn0*Xsf!4VEPjjrE)`j-AuiOJqA@03u>)Ua?_iwJ69D
zAge0xTD!3ZKTiQtxp6fZo<Hn^tgNi5sHxrZdkT>XkcfVvK`5>HpPjOHgU+p_<b#)q
zLeyYiwhZ1C%Y?D88f96oijN=o+$|5N4Ui%r2wjaate=NalYp+qgaO*HL#W9|S7Qnr
z;6$jYL|0=5o7sS<0g4!c`o=l1&>*mEnHR^hWeI2qJX$Vu3Zc3SW!W<3@_A&t1aK@s
zMz#yGNO>JJ=O^zxB#KZyg9)YvJY$8F#)MGv4vXa6kBF4HoC%?Z&>>)gI1T{=H5fsm
z{-Ak-GeY$PCd46NsO}L(DL3}6mfnqU&s!#h8VFO38GWOGIfjS_hDa!eNIZ%N@{A``
z1ei;J2*;vw$f0Dgg|^!k2P{XpIg1&g1|qhM89iU@WX2Wm;tUJ`5ACd0jVl0vLrc_M
zeRNbsmVcc*LYwrYgEWvpfCf4e1SCll1cIhJouorPNGBm3F_Jb39g-LlOu8XxNWeC;
zG|zT9t7rV0;~r;5_w1~?I)j75dPqW$kWu_X9TnXXhaGVkkW~@bVJ2I*>Q%k>`s=lL
z<`3hMyuA9=t*Tq~>f_#9_o})?BaX{ps{$O)cse;nLcbd?IWAN3IZfg8@2RhZ8mZ2w
z;w6l-r8AZD*pGM1%;zWZ5+<Bu$>?s%LLH!`Gu<wfFlSQovl2R!rx-l{bh~AR1(!8D
zq^$IivgTlnUtA~NoU!Fj3B8)97&;O<o40ILj-N6<QV-4zDSb{z=|+sH73U=bckm$z
zUCUEU_=_*mb;R>RN;l%t;WnETz1&t&Tv}wcmRkyo%JNr%BpPhgtwlBYt8#Kz<gc<7
z*z&W2L!K8oY?ao^wPj&4W#_C6o2krF4$*Wg?WHnbX+`S_^K)e~XqmS(d1hOYrMRf9
z#BM9749?89@A<i+6goe*tY`zITV$sFW$Vfv1r??C;Oy8PTX4oOH7KaC*dWfj)he$(
zmT<?^0K27pZDEnEw5T{VdxR!PnXMKF;@evL+KSN3u{NOGQc#NOXfL&e&>%3pWx&@;
z6zUansl+P@5#SpLx%QyAP{A%ixEj5lR@t2h{G_;wLW>f83SxO@@V$%*%i78UTWLXo
zEzA`Pk|p>~hI<RU!y=6!TV=5gjlL3zicB;DA<l{LgT%Z?RM2R4H8(X&w_)&$uFh@H
zGF*Fj0ZtR~ACh&0Wb!}@M`ORD!dg;PE^7kFT=H`p<psAu%z2QzV7GwZ?Yc~-dpmA7
zY|bQ~i6vzP73GBmmgV_b(kN37i%Lgn#ac8f;Pjin3XZ?1c2a0-=p9E<1s)7su;z{2
z(gEIc5p-`{>z2mmu#v4JSa0NH<z~s_w1M@;i<8L066q#OEOFW(zCbK-+HL?pO>na-
zUNWMIq&0mFVNR;tPyu@XgD^>x)agBfF#k5`2XMpU`$c-DL*m+1sk{I3vBKNV2O!fE
zeroy#)=c496CD4Y!hZaB9rkVZEEY^SsI#+jQ*XPdK@(mvfm^J)z{92^kWCbkp*(O_
za#GPvmU;NBR&-{zZ`Xbv-1w~6<>6cJz)>|VeP?ANcnc!-0vGJ542CI4(oMCZvz<cI
zk{Tv3UoOl0u$b54pd$TpQ%Mcg_*uZ8N=-E-dqI@cU^%!b1pk=c=GQR+4e@tZ!k!wK
z_oFTB=?RWHQvXkmI_y8po{n?WvH$NG?kr2a%$^c76bJsVqyVSzDcp?Z1xsb2<#zw&
zw4yIR75nn4*q0Z?zP!r%a=)@KA2990FIab`i{1IUvO6CQ>P{NEZa@Em*q2))_2tVU
zeW{DNFMk@;mxgG4c{xm9o{rR)W$dYu_25=TU(R5CIi2<8bk>*CSYOUyeL0==<#g7U
z(<1ccDp_9|{=qh{vBZdlIzih#uU`FAG)MW#Ay>{*x#%ZAj*~mnr>CA3-1l(<9lJAq
z+OAWUg%3;UDu$soyd$Jtn?v68M3gc_a+DA52wX5_yS8k~4ZqF#j$0K>tf#dxTm33A
z-g$MowzTz-O@!L+VMUfXE7<n)ypF_?jI?`*#r6~8#vGrdZu<#G$=hPEt%T0shH&@D
z;}wSSR}3@M{RxtP;b?K-euXfHRpK9l`<B-c=3)%=CJ;tHS=|;g4Pmk;tJBLvm@+lL
z#xUt4%zKlAY~X_U2OoTfHa1(nOoUsh5_b`n#R4s;#wF2jxN?Es>2T#X_4LT!>B5-e
z?BcS9!`1H_M30Zb<}?{$Zn!SUMl=k)!t10MjnU{qe8z1t*s$(Jn8#J<fvV&e2y-fi
z`b{8=Ud1*QaA^p$C{ewBw;)V~3cbCs2SAupiITW9T>nBjLX!IT3+)TUfP>F$Us7!2
z^d|`SjLQ9Q2(kA9!mQH;*)oTjU*6KiR_?n9cUt!YICYeXr;fsFI&}msCD(rV5N#%4
zW8>|18#}u^MkYp(%(ICFNh|!O3QVnE<2%BSS$TLlX2sKpFfy9J9AeQKUw)%Ih2D|I
zm#VaR#e9ESUEpQtVIiT8MNaeg^Zo=^1NKongArTAhV>*ShYqs4gBsz*fY{y5j%aO{
z&Ms@$IEj+k{H@%)!<*26!!p&@wa2xK78W&BQ%!z%n3lAoje3p0h+6j;g<7=Pe{=C0
zRq^k)YsfY@{sLTSyR?%Z93J?zM&<=}V?#aO2a_0kdUglvM$zuTfNc*mh`%gO?xB~Y
zx<vLGumYPnckXUd7%0Yx@doD;UH>ikrT1o3YYo&Kw|fEyS{fYo8p#v6mL|7Z(uoRe
zALhDdG)}x!PmC~E<EK<+m^q)BPiC@lvy`I_ZgWI4OA=j?7;6?VdKo=N8y?r?ZB53E
zUbdFWy&f$iZCQ%z;!S>vm=`!m<z;nCWOV}tkCiFPQn}!L4;_)<;#D9#sHzs}DXG{)
zsL)y!V=A~ZHNqWebmKr}bv0tW%-;^4?4P-B*P2^7uMRWw{^33Rt)6cnRQT6@pS#dl
z(6FMWv7#1=F1HM9St5m!`K=rmiUTi=vE3Y|Lwu%9=BQUW`svAksuhDGQKF##&9E%C
zByJNNB#&r)m$kSsuOT@32!A%scR8icps;l_4`Vnn@C9$x_`#3=?b8nq_a{m44Y=z_
zZIhVI46yl5W|u<-&U}`d#hzg3ZNyJ&7|zO4!3^zo{8Y<QT`bkj%I##F^RRaVEbsj+
zZz8wa$Yo^Z^cvY}EdQw!?a0<kS4hEb<~FATd<@GhTF}wiQ-xhBQqP9H=5KvR40%T}
z-~3q3+n)+UY16*F{H=tqIJkUk-<K}(=dh6wlSQ3u@J>;t!Gu$8a<HqR>+#jlt+-jB
z80*4Mb4B$qaY#+fdTwPbDP$~J&(Uae&CEUq^0l$as1-jAu+%-`;mv^kz7gA+jGjcc
z2f&I_j$8m~`3E1pg&2%csL{s0p4};tj8UkW6R(&FN)>NH4OV#BS}6TEl?E#zM`n|l
zYvy0uyJ##oZwroy!;Z|+BVENFH*S%Lx%$>!3ncVrhQVb;RZ_+t-7Qtbe0$9CyoA1+
zVbqNY5;=AMZ%NGf18R1>;l*D|=zAH4l-1nP)#H{6Jy7Y5n-qeP7LU85L;0r1?Y>L-
zrfaLalZ&8YC#En|Pd@9VL$Y;bP<G-{yCRzu;fidD$lvs5Cd<%|E3U{=1CbJT-NWVX
zZSyEaKv6yTNtb4^0oG;vlTs^wDKi-nqq2pFn=UBc$WNRp3U$8nN3W4#2>(R4t0^Hy
zEmI;~>kW-RM?G3TAID#n&^Ly}pIfEyuXt^d<fs8nRqhv0NNA@bk{tXrMJy}!*mAds
z?Yg+XWV39{D`Lyxpjlk(MjMf$&83L#I%@kkS!NidQ5bDpQ{1?{Vqd<n=*`z<<5@#7
z!R8>uAcKy@y=T7sKWSt>t&uRw@tm&sDo+>oz9Qv1q>(VnT*M%QipZKZe6y76Lyd$X
z@2+Ub93MJX=WyX;-O0H@%rBl4=Yqq}ebgo!0dW*V=AV`hZ%?cITXwbeG<rNc<ZnRH
z+1aHOs2Y{A0Jq7f0Aex{{6@|VBU|I(=bsz*=SkdH5+`BAwKBx0Zetu5v+>7V%%9#k
zPG%NS=_n~Hx2-Fa)Y9UyHa{1gYx8p@{W#UFx4L^>ZJnFkz2vb4&f2YE3<O}g-Q3-^
zojei!K2sKp704+qbl5H3O(N;)b#{5ML0U_zWi7<&t0*nEKoGv3{9JbA!44jad#QiP
zwk=y-F1y=P-q_>84YFj>w>XQn`EGApx7*g$34_E6>S@<zoZ{&2+J-*t&dq3{ZgDkt
zdBIC0)JGQMP)4ZQ-QjNRp@b|e<-zn6K)buM8o#w<=Y&Mu!vjNPXq!j&H*I=$5o)!y
zcx{;_DDYrTc}0cYZUb8sGw?u`lxtg8SX%5TbYNzoEjLSV?&|PvAr>C2B<eF1|J~Hl
z)daHqwyq{ui?_3xk~CKqTOCCO_6m{zE3U<#XH(l|R7Myt4(9NZ{OnaL%sEVwzn<IB
z{IkOJRcM}xBFSI=qu9JSy!s<`I{;V@%7SjaN0LA`BHZ1{Ds}*{jv&la$<c55!@M?>
z9Gm3s6NEdLtS<4tlq}uMk5n!QQErX#_I@kE^{U+7hr{H32s5fuE*w8k#aQla^v}|i
z=;eao=jN2y`mGE7GoV86AvjkeO!}1Q8VQ()JEo{hgrTXOG2mb~w{uEteDNdPV^gBH
z<6qJLKS!8?>!p)ZB)+sG%sndJ3d|_seuOzNRoWLuqIVbC$lYs*P7lt)gNE4p?L5N$
zU4<S9YqV(Ncl$JT4MHcv^iPXU4~!)CAk4*SLEaR?cy-B+F#=@?!reAKdbuF+YnmP#
zUmilZpR3RVf!T90()%3YE~(H1=_0#TqCzhV;Vd(v(}StGG)8)L2)9{<9+*bojW8`~
z(%Ci=y>}7jbXs(JAfGvpFt^Q=<P8xuX9)B7%;@wW=JYQRrhb<6-G>`jAYnQ&E4Fb3
z7X4Gwqn8WSnuRdA>FS!>e1xe~p$DS34G8mKy88F_Glcn-3cWv||6f6vCuXbj`8dLS
zGCMjwI6Z%kFu$LpKL1T1jDBu(dSAhb3}KRtLGwWvdUk}VGe)Ne`;tb4`P`_^zrP|(
z(!A*Oz`Sc3!t~5jr}s|?^N0$)r$Ka$FvauL>D`Vn?enA41LHam!te{!>7^n}=7Q+-
z_Mn6uggIym(%^@oXUO0<Q$}=p_$-Mq<_z`k;}(ReP@xAwk?Igezfh7LMxs}XFz$uw
z_3J_y&qDS3^&`xKD)g4258_dT8Cxu!og>lv+Y&TSFO5zQOvq*+jQ%ER-xJY062iQ6
zllu2IgfK5IldjoCqBkvz<1(_M)7yv=mLbdo*;2kp^p@nHeQJ)1#RA&k79)%^SGuMY
ziC*Rkv`<|To!(LKIDjzPmC|*bNc7^+x#;>;KL8E>_jAG|9U-q>c@O$)p+vj;$}ejt
z20RJA5skk@J4z3Ha>ct=(v|!AwHl8y7$^QcR;&dw4fs~~^>`7O!fZ0rm?dUYn`^7P
zdrM=dyVJAU*zIoVF>Y_{!G;6biR^GF*R}shDtmW7E+azm8mze2bJSIlffb)FFMg9-
zRsq6BRt1)ls4y9zRhdDwz2zpYVAbA&tCHgzo){eVTeSn3n4J#ZKgDNRqw!f*PWVgs
z9YJABv5s|_s8lDu0rX6v&8i3zqSeO6W>4ETHxa-Xx1&lKJKdWb;hk}*aZ{JKsl&Y#
zkekF-<R`Mjrd+v9eA4QNN>Jr=i{Bg^cLtUp97rC+=`CXxUW2$+Bh2y7^nIa$Sa?VI
z!SR7FTNd^5^~6>E${<s&g_vTk&|%UIp7Txz?e|9TbUTI^0O`1u`k@MN^PsJ%s+L%w
zAKJ+Kj_7=6HN7@x-67}~p-3n2j|y)b1U{VjY{B6ZXMC5h3-o4fix2eP%rueg629*|
zzvDGTV8@87LBZSljo1+bu_Ktp7z<PQa;ESl?^>Ak0BA9@@YDU`{yhQT#n+3f+Kisn
z#>}3!d)&s1O^d`oJG~tpqAk`#jMqe$v4olfqyTqPoOO<Nt~RiBf@)}u<_XmNmQ}rc
z|H>NkIE@GH&<Tcv{{`N-PW*Afi4%YJo!9JHf0L$H>l@Mft{D6N8+y+-rpdd~_q%%b
z#kv|cqTx3(F*uGs+ks4MfKbKzQ+!r5{H$pBS;G&%sT{q|A7BIVUs#(TX9JO*l*tZ}
z_<bO5rfO*LZSYBd$06PBdn10A*e8<zF0D{_NGHuTOIfuS2<v#iR@1r0SBz?099(0<
zxH}G|Mk#_&PYqAqi5Q|v-K0Xj?~qBbiywS8`QYu^frUab@1IPG_wzfZ2RYB$SdSTw
zy-Lqy)6!hV>V=He4Xh)YS?XOZbtlVvA4}cKQeR<tM_B4OOFhZ*e#%nMu+%gS%{xa!
zQ*YGB2Y^{aN4QqzWeZPr=;PKODB+#@1KoT}-W&asUnVo~&Pl#w6Ah!nR-JxmyiT}B
zhvpUYaKP~3;=k9>5uYQZ&&d0FdrJ2Vm~{S(W}Ka8>s<|_^)8V}y$che(hyPwBC52D
z6Pi6C??V5A_~E>x198Gpp;Fi4w<qX_hU3wHl5aV`9aY25Bj`*75#C??R{T5h?^Fj2
zyW5%jC6seJKRS<@%M^2RhZogBf>dHS<E#_z<p(E(3!Y42vd^|=!f)e!16nTJ7{dRY
zHMXY^!wua_*k)by=0WO+YLI}N4pl*;YYZFxYHTYZ;`it*QO%!#6(FRaGFdM!6)R=H
zrc=bxQW1N?y7r)@HY<_IaikLhHR^E+7xY6;Uf8A+JU_YmTNtl!=VRC41+VVyGpN73
z7jfT=d^RainD{B_q-=#bD2H80p>Z<unD4W>@rTh^;e~45$mL19Pa%4{1jBthCav|2
ze`*~Z$F1(yVRt_9!$AJZg2SU!JR{$Q+$mqle0_Vba$ch_0b{VmcSX~0K%ae!A19)L
zhtoZujZ(Rc{KqX4a`1U?_w$fvl<qXRAn^v6;y~EcB@i1GjI);1I`u<adHs-;hY027
zb9M1Y{T(KQ-(xaSe=KVR2;{Iqhkg|fjtiHC0-YZsuiAC~K2sJ1H}_l@Fa+?Z$UvZy
zy#LidP!G3A%1!C|2dYS{+VsV5$G;DQHNfwwrgwZ0dOZY)5Ab`@xP=;=)q=YzRI^MW
z301TNP0B{!DDOuv%qP)IRgUU@+>@4fX6G~vM057y3&OGZi}YJ8M3o%&@Oj5}E)ynS
z+GJW{J{LcVT{@);Q{N+xQ{NMyjlAF+;~|XBd5!Rq_f-hL>gzD2^2Ehox<7p{utNVp
z`^3ZqqPqso$*9bgzBeZ#O#Hs$H5yI-%1BdlA!1|1X<apM7IDyI!m}{cLyW}?T%zu{
zDs{diDgH$*V|KI;f^QAy7+u0qpJaR4T+q%Y%PuxqZfBF_Gc5H#Sn97?D%jN#r#o+G
zsN?((*%Ot`U5C%I^YBF5MOIp8dm;4z^nrQUAMdxVL=%nQwq}pbf@Y4F<7m76HmzXM
zkr<aknO3OMjTPX#phA!8o?RFv#-v_cn;Tf$E7(@PnoT>mEA|KNK{{9uog4d1I$?XX
z4LgpV=yz(-!WzDdD`8(yx5j5ji>p0+7u#2&fjiY9PtlT;?fl@ko&{{Vaq5IQ)k@cz
zgC~Wry??5&la_0|F`CIN2lb*s1#PaAt+VwkwOMi3tRJU(S?W%f`iN*OM7(^Fr{~xc
z+VL~h>T08>)!pqz`~7a%a~i#!iaow)_I7~HjD+p?kii1Bqj)+cOeoQT8%F<>`q3oT
zrBvK0?ppD0pOhQ#>-0m#ylADoPA6Q3KZQCSSytJS3ExWnXbK|?%aNZIk;{r8>a0EV
z<fPLdSj$6rE0~A$2kgB0WJ}(Ne(20Vyng75fLBA^v84+a>2#VZl%nE<UY#&Sm>ho?
zO+k5w1ItrqoxF51@4~EiE`8+BPWlMqSe(;%KlZ0VKxleCgYWq}p3&$Op;at2^C9rO
z%2JcT*5NGn^cWj8PqK0GjN%je16wzB_``n?v#JWZBL&u)9v*mQMC(h6`5dWS4f?ip
z!c1XwaRNF3kw9+0tqI2#AJ6+>*11cc<c-W4zVv}VG3gAP<In*_<NXjKUZbxh&Y!6t
zs)T+d?U@a{Z@ERo^-o3IK|3e3q74hb^Y!gUP5C3+?dGuEF0d{YST}>Qt~V0v(&em!
zF7VEY&bkewsf=U)&N%iw<JfN$9J?Uy33xH;%0uEht%ZXZ;hTP_m3P(!iZo{N?6p;g
zeGOK@l4%I=5T=@Qm`~O?{p+Q;;@}=vF#Og$3>LSU4!S`!kH?QreOpL2pNt=wdcvOo
zJ{phmd4Cf=>N^fpUH&<AyoC-oU5vwx|8Dyl@S2>)KE5?<k%C$3F^<L{CwzQ?@$qE^
zAHSkztsp@{KaWyA;=^m5erP9O<NFeP_>Mb;S{<1ES2+U950Wa2>@bg4f%my8>euf}
zjXyyc@q;J8*SzEUp;{iD@O^#zu5u0a-gyv>=0Fh{cm_Q1ig-j?KXgoNmrHncBeZP+
zYsYHw7;0dufjHTD<Vo>BN`w)0Fk9LAz-<%#h0eh8OuEJg_{9N!cR=@8gXjnO|7*Mc
z=%}hYKX2YdB19*Up~jM8$__S|fPo2xG_e_(nGE^;izMxlW)@9?frMZ(;l~o7IE^|y
zrh<A-@z_?o>K^M_x9X9ih=BkJvMp}ZmHMNKXIBqw7DZ|$dLr5H_x^fs=Fa5JIlKD@
zoXNYN_r3Ss`@P@${eJIzpF1<0uDuyLXA7OTg~pVDH~KCR)bGf<(Dii&BL}hD^+Gr6
zq5^{!VTEaM{Df{tu|1B6PX+f^Rfn3IkB(c}=O5TUsEb%r*OyI<%C-^n0t0XK=eh78
zo=p3Jyy@UAM$-O<rEh+$9t#aCN)8e)r?|cZ?=JLT%GS5-gUvQTk<RVAaqKGkY+_<N
z*u;i8ulFx?aSW=HAN5F23S%^zJkoE)_YFpJP4bAjLukdvBmQadkYJXNj;qX1u@8D|
zT1D(5c9TcE&|l=5M4P_bc2jYo{naBoQ$pwR$JEfdWpGQxQOKgBH_ze|TSHe;$rF#D
zao>t<M_*-uXuUhC^?P++gtY!yrqJ0qo$Z5e8#X+LE<VL*4kHB$*aN3F3|=x*mOIf3
zEC)lO?L=Dvjy7ozCUU^H%>%`Da_w*-VQKo94L{b<?9fKndr0{Tva(#0Iza+i!O~tv
zj~*-wCpFh9U$lUueUy0C+0?{@y)RmbaZ!r!1jTpzkB3*kh@NXYeQ!Sp>+9bOPqUnQ
z)&=oB>!iHn;>76~(|hwUb^`w*)W0vTfwvEi5{tzUXs)siqgF3Q?Ex{(RpCFU3jaA>
z_|GMx)GJCWqY@SOu{U{D%XMVzUm#<Dp2v?b2w+N7oJwO`RFXVYjsl#x#ZAQaMQkN7
zoLOT1=psQJsu9ubb(SU=j^&^f#RPIlA+i0d7?y#S@t81-XOWdrYE&y2%UZ^R4fd0a
ze$j`3Ob45J${yKH{hho>=erYxf!4Mk@4Gxt>$A8fq4omT5%u$oaU^#Srl=P~XB6$!
zu8%M{cO98=bObIFCmb`e=?aY&3)WfIS(!yshcnKEeU{KMC3M18v>M!`Q~kdnz7|H0
z7#zYHucQ*jVAM*e+#Q@oQp7O)uyB%t$&TTi$qWsrMm&>6Bjg$3cKaSYasVS<ksDtm
z7DA`C!WLFSD_{{^0gGUHT)iS0<3`;-@frOSUzC3mXn|z{0<}Dn8L1Z^o7^HeJg8EA
zB!2Y>1==hWXlIlHq2o-MCn=x&;b;XqEGZCAun!rmOkM+ZJ#cQ?2V02iR<OIq4L#({
z{R?!g+Y-h=d9^bS#)y0ec3-74BY0zz;R~D{nV3VUm-vsfk3~F+_8|@T(2eo&$PlM9
z<B_%x!iri2p8u|ib(YYOQjg0vzXhA<V2+0Rn)+HDcX6=kn3x||HhsUgiPxM)8w}<q
zIKzIx>&(zP?{$vNM4zXwQGm2_7+aH+5!lkAp+1L(XRdA(u6zNOqgxoU4Nw|roDlR{
zF@zYk7-8f>IsD6xK*Kdp8gnO53-D<g(s1~LyC&>|6}W>?7~DO9mb-5{bYn3dWij>x
z``|VkKCCvRc@IvAgvm*e1{cO%lg;YMri?ReE?~RDSU*Uy|DlT7t{-Dv-d*FMwQxCD
zZvU4cE)?5rD5LV=IEv3bE$CG);^kA?s)Jv^yu6fg5@lU(bru(m_RQF9D;nOE0#10b
zLb{;RSv>HX{bwJOEe|$9u7dS6>`RTTa^}<<I<&T-nREW;k<}EBUBK@^jp@#cwDzzk
zPP)^RhRZKWcUB}yccK=whkL2ZiL}SHc&Rw|G>mr+jQ8$|;B5v?f$MN-G6Mg_HocKI
z_0OS`lkJKJ$EIEJ*~aGZ`*SO)e5hsw1h5<ys6vFe;9*Shc+$|}c9TWLotFD{?r5ZP
z??fH{Vhv=%;+F@OCe!}&<KKXl@kCn~4_cUJTR0=+2MdD<gFyV1i?{w}dY><K=X}j?
zLzBpF?2daQnFqmz&~Qgxv(CB<ZH6wdkN$!#z~(Bh(rnubbzd(z&-3Vh3qNJ@29fcn
zwrsQbb+?5lj?mLRNq)U7EZu45wL2_-6~B<ciF&K`3J=L2Qn(#_M&VLE6W6>}es7JH
zMpF*UPpv!|{-l-H_O+Epr_g4VOMX!0c6GnX?doGHx2t~?rK6(s9Z@=_@+Y5A`BUNn
z_P-{-GHtvx*Tzfv%NeO8`lAc|h+#|0L2?z<#QHVs<`0yNd3URwXq>Xb!9!`76w}Vd
zOHDO4HL%PWo94Kr2M;+-(r8+5DpoHNC+A3G8lw^?n)eX;mrndH+EN=?b@gPuc7hA5
zZ4mXPLw%Wv>I?9^9XRsygjN)ZWS!e$WVoVz-7NHDy})f0xGe&w3C(+4By<k5*v3Kn
zdPM9i%}Thh#9w-`7^2HR@#vC7=({W2_5(*7aobq)hSK<=nT5%5?6=6Og_feB9diJr
zRfZt;tZU+*zo(OFlzOb0c@0fC;>5~<ovEwW2OEAwwomf3d6u?H%LJvUujPWWBij`w
zquN&VI_?DQuwme~&eGh-P-v6zquMiAy2S>A*2G7tk>?UK2aW{#?dwo)coSi17-r49
zMf6#f=-aiTZ+pd;`}eS<uY<h4Pp>^AuAQ*(nR!}Rj<e#LF`BnpvPgfw!SYCr#MY60
z*k<i3?OpIc(ss;HFW?~!U*R7t>}4KE*prVTDtma6F(RG<JW(lMm9>ie@M5hYUt5Cb
zOPI_GPrhd1oq3?b4Wj^~$p?Xa8wEXB^r<$!qZ{1<zj1-_r{eA2-%m6rlz?rqJ%^3S
zdp>kLE3`d+YiIzKKH?*d>fetU4qjIaUq}47j(BWg+|N@&9#{^x#a#{p;q?VSx$Vc~
z03*7|Rw#zHP7G~_m?9g*6xk%ENLcukj|c_%R}rZEMO?cqq)Z4YHsQE>g<D%D+}gS*
zw-(>+qG{e)L@myUX-MN>r+siU4zjlDdE;K+zu5=wfZOPP-{+yzlQ3zsh!SZhFtnll
zaU~l<yzl~;a#`Bx9di$^ZEtVCe17z6ZRqGZ-1a*eI-!KV%HH`2-a-;^C$u-|uyv<t
z!*p}-=y-~@YQUlm&&RF7ttl%*C(pVEj=V(n1+Sq=4fQpmt^=p+KbwuaV^?w^(B|<D
zgv|CZZhpHai!S%~Vx|`7dmUGq2DeuEAes=SG8jnl%E@kBIqpnqj$PU?sA9ZUOcV77
zQ$iS96<rS6Mq42+{}g_1--n4uP@#u&hd>cW$2HsC=+I;*RNBbqN$7fT9<s(dkA9L8
z30`~l{3BPuu^EZ(l970gnT{K!qCW<%2Im)gU<@6Otb{efgF#ydzQm!jM|MD6uF1k}
z1v`Q)AqLZ|;NTS7HS|4>4XH5QG}}w@QwI(BuEqLdGI2a{Cyx3}(YAvA2cWiEZlawa
z3yPVzMM9iYtH4YIpNO7BsR*au7URv>7W1340?bIS5c79Cn<Mmi6*@z|60@;G;WHG!
zgJnyh!f_YGHGIR5ZY9mP@_D(?%I9UfmCxGsqO@0(hOB&J=zzc-61Zam_g7ImE=nz`
zaqi=Lm^8sVjZBpHxvL~NXtHpxA404T=!Gh>-Q$bh?t%5NiQlmt%cn$R1|<sgX98-7
z0yQ@@agVH)CPk$c2UPV(5DxG)#}8_<lCBK}!d%~k`6@ds+k>c|$`0}_PRuEG^zDlj
zf>_5k0GoI`0FGExDB)wu(`Zq)QB7W-P<i6d0#sXmZ$ib(o?-@>-J3}=xG8M6)j?j?
ztQX81bnRKj94-f8-k_zcqgEz*ZI`$fX8PeEZXzvxUX=c)*i1MtR-w;zcTb!Mh7_6q
zKz<d7m8npyOt*@aX`?9Z6Q$cl=`*7AIZ^sj)T%bD@b}VeM6*Bof9Cy&a|n$@xyfIe
zT~_+VtDI+}BXCDI<-t_{H>8)WjuWr{caBWv$rwD=+}_<2OrC+^swl3K1<iYZr)RWg
z85rBFCP&eyBshwG0c-Q6yVlm}=xTw<j(Z3VKRV*9{k_9_ds+-{DVZ^Nq$XhSxRtf%
z0p~WSK02HpWJUs>jbbLF^Xd<}^!DukKj7KmFV*gwy=78Ij~aM3)TEA?H%g}57Z0*A
z$hhJ7B^~`A0u%eBGpArYxM0ySs8M~vJEGVgh?XdcxJoEL2LGV7?a{gA1|3s$O!QqD
zQ4AivzZy0iVzg4xG0{EmkoqTG>L1E|@hF=+pFH&R_jL4Tg=5U=YQH7bHCw8Sa$n%<
zllX-DXQs95=(`n;iItowNxn{!Ot~-kTagpK(zkW={R+p#O8&Ma`Fcq*<-VwAR`2ms
zUk7#cBZB+F{GgF6sjfLvU6lKxi&>dtm)r$xRvP4fht?%?6B)FHa$oR|BwbI<*l0Mm
zN6|56hmm|I!C@r)#m1RW?ccAX-&Z&$cAh3WXv8Ra9>MU}8!IawtJTpL6^@CO{CAS%
zd6Hx&!SMGTOBx-Fttb%e>F5%eSjqDx$xcZ!S%Vb*iezESNB0}JsH_|lEBSkp<QpZ)
zITn6w4_fLG=Xt|%P1CI$6DxUvBsoWtd=tT}W9#To-fDTmaP*CpW3o*T>B*Jqx=E@l
zk6`}5R)uH3>$sq!bFCbcfRoCg&kKp1MVzPRS09uaj;6EfnCKQRl3JK2weV&OKfaDI
zbd8QbX0U!%j){Htd`a@nlH|n%vy>@<ZN1fHuyt0BF+ZediB#8OsV*16e8|T1p*bfM
zeKlXx+R8Aok_#lsE=lrIg1N|6ht@+W1`Xe1<(OE>-<KpWl_W1Cm`lvoy>g^GpraqQ
zatyI`X#TqTI^*}xa;dImQeB0@Uq!*c{KqSuI{IlV$7HkZ@0SvC=KMgat5B+|h+tY+
zU7wb}wM0iBw{lGE%q^BA7fF%{_muJ^lbl{ssp#l`w{lEun|~-tzD1H;LNI%o<jmva
z+vLO8N+ii{NpguKnRuAWee6Bn1E(9W*3q9?IVQF@R!EX>l_YxzCWT?1ee(Ex9nDFn
zJW`vzl4Or0*+($A^^Kl=_0VTq4gRIdF|lnfl_dKl$^I$YJXhtI*fy_}B>N@FWps^W
z+e2SGvh;Nwy+Gv{?wuASJW{S)s;f+@tAb$0ng4xT^Lj)7{7~hXSjm-=<O)f0m9PmI
z!*nde{69yRs~i(6xmuE3B}uL!7|i=3?zwx9cNv)CRE~)q(^^S#jU>5_VpQr$|I-s^
z`*d`-$}zERu9qa&Ns=1~2BUiPZgV=T_vq;DD#yf1UL{FxAd>f}bUhHCa~fE_N<IF{
za=+i}HkKoE6n-F6vUKyBUPkw|Sa3T<e>7@1$g0BctE?`o@wuZBD2;uRX^^*3&{BD;
z+~t0+cV%sPrJKc|c#H9SPq+~UEhS%kLK85t5$NeyduK4vduK;`kUk#9_lfzj;;>iM
zy8Rxn$M0QP&FHHLW0t23zi_1dVXg3Ac?`o=mAl$kQ&r)s@kZZ;A3_@8*rv8ENPH$@
z>p)j`D@%iPZCumS1`a@XPaFBG*KmYhZFQ+{rMIliO}wypqmeHvY46z33L(K3tctU*
z;m_MUf`N|SK=+0=)?K7(s1!NW0<fkAJ2rN1C5<r<s|AcN-;1HGaaWd>*7z&RYTU+h
zY#4bxABU$$^w`qA4JC!`&@?0t3wDD@`pBK6E%2+i@AhC13@@uZ7~7g)ptWOD2c8xe
zSOb09x~Zp&Jws<(yK%%jx<v2x27APxJ#B0II@k0>i`D<&#l3g+ks-jl^`FsIcWk2N
zZ9y?~x3B5xX$ulgwl-{3U$8CE+X?psHbeIlR=W-a2R3#?uSEZ~#ImM$!{WGSo+aWs
zTef)lQo(grN4U<O250}9DY(vFNi*j<!|!{m;&GkDaLZukWK_Z-w@eg__)qW1xFfOL
z1!&#h2izyum~&HHyv8C<<VnPZfbymT#&NB=yt#l`WFilJxaCQ5yY&Jtlmxe11TZfo
z(Z0ig`ICt}jN#58C#c<A-VDIZG2vpv6?8sedSkiR;>g<vnBSPldjkso*{<`GITCOd
zVI=IEl^kbLC*b-`ILGjOwtE0mo?*@z(*l?c8B@!{yu}v4Je*<P&yNG<g$#4fvBQ9|
zJIwoeAz*GX;V{Fl^aJK8hk5&+2h5O(ydS~8KLW-%+q``%08?+mi57r@)qpwlEprYe
z<Pn=@!qtT@^~?m!JJ*?W__#8`x6hnf9(sjUfca&n`SZREm{XbN+-YxRCTBOU1*dMV
z36~hY5|eX%a`Ns6+@mJ)FhBZRz|8u#`Sa!j#%;n)wgL*u0kdb0`Fwi}Fu$KOwY;B$
zfR_QYa<0xn7SC>A7P9h&B<%*^`c1gHkRSaXz+Aq;Tu)t4xyOX7YabL;0p^46nsX7Y
zm<RL7gbNElR$2|1G{$k2m7rg6dOMwQ`XvU3W@>p7ILty;B!R<vdy~N7a&T`FI5Zdg
zlfdCJ`D_w6%&WhW1P)!Mcbv)T)yIJQn{(=M!@S%iV3y1`pC6@wX)@sm!<X~_9xxx?
zsE<z~uF>us^XJ9f@?A;bFn;V$61OV}9L}$MlEC3|zb6SCj@z%3l=pNJICO7bNdiaC
z_)P+bX79ZuaA@|vOae!a-Xug!{{x5P?kamY0DwbF)LjdBRK>kNXLqv+OUwod5P7-k
ziUAP=$wC6D*;h6jl5CcQBq+kVkWE+!2_(BfYLwJv)y-jPYkkySuTr$PULVz3Z@^2%
zU{Ju@s#mM%=U1Ptq7jO>RvuPz=RY%N=A1nV<kQ~!eGMPUod5jiKXc~Hd*=6>^XttT
zg&xFfAB7&QMX#JWy87`Wq_=bCKLO|1ce|@tp2~fD#<5wqdT%{>fhg)tW7*v@`05@r
zJK14MnaXA1QwM782_tHgt5+pcuc3Hb|CTYa{i3<AKVce(y}z{~Ss_X%5+*p`DBL`u
z&fGV(c>ntuNJT#oJ1!<n(PNbFYEg>O$;9YVYlftQBa<2CzRaRURe-^Y9U2M@z)4jC
z?+grBsD6%$%S<n%E4a8uV@cE%^ru>zm151x@TQrP9#by#loaVA#sI#14B2XsUQbX^
z=85=M-4{2ov(O1q8sDHlB7=4hWQzsTiz@@mF$vCO#ws(5fbZxQSdQulhhE5FBx!J<
zG#}1y7xi3|4>Vwqz{n)k@ufW{hlYk$#t!7eLB*1~M#{jEtg`09HAcBIImaouKG>fG
zOmRb^+q#V6OOQ$-TpgV6Z%ABky@6Vt9S2xkzIg`>&*JZxcPxaz{pKC>(BFDwB%fT7
zq_FJ=+m<CX_N7)g;G1f3q%1{M5UQxQK{_hO?zS$4aPB4Yq3@FTka@>*1RG)z%sb#B
z=J+x54mh$634sIikdXTbkjLsrU)|e)Umb9U00O|MWqW;NE%I6h-*0In92@llpt===
zUca=>3JVu9y1G%m8+kiUgO@;L>J|6PHOS}`D+hKl=9oemCNy<LV0l45{us!`zl_qY
zCQ~cK-`_?%dcrR>6T6l(*GA_0IdlDnxehYd+srk{TyS9txgTqdD3h~oVXm8*Ya4U*
zGS{8Vbw6`G%v|(}!li4%ot7}6KMGnl1zW>S7Dt_L&Rh%J!eC-^d3^4No+`^H)io>j
zxfMRu>_+KSZ%#4r-y9n1IWsAdWsU=%N1gO0g>;(xmKKYcsKsryp#Ojv%?79*ASU7H
zEx^hEpa95XbDyC&Y3NCAbDsESXef4S9t7H&9_w$yIMY6Nu@3C%iOye;4nDk#<c4HU
z5ByC_Zudi2R9G`>0d_3cwM3bas5gky3;LG_Rsf&P<*ZsirfNSA(3z!3sT2smTTG{u
zOz36dHA{+h(JY{bG%4DpNvd|~64l}v*$4yb8tIEh=`G19ok7h~ezXWRNYa}LBQ_K7
z@6JoQa{balImz+<=)~B7rA{R=0LMsRCFV3Cp!La&Y@~#-1C$Iy)kW?OB^T?}p;wV~
z1@E9_7^6OvjC$J0N=M_zx);R0(Kkf%aGz09pWG-W=0zv>8m=iZBz@2;WWje@xdLTD
zAYocQAkJF3A^;$C@*Dq}pvn$Dh#;k?l9ZycP=qpQ5rXnFK4R)QlM_knIWsXjADM^N
zdMs_NlOB=6G0ITL2K_5CYPcR6>lY0Z1=3)z7|3IB7qAA~scNv7F`5EXw!G7WfgzZp
z5Pc!kcbtyBJOp1!K2mRv!^tK1Vsa0H+Oq8zBbiJyAnB3*Tyq?7+eyEe7~gAHh`L-;
z?0MAX9!iWKoPqk>WG(V|26wm@ORq|Lb6;W6{ttjgK>u>=Gclo$4#p3gw?8M_%Qwg2
z_NUR<n=+!k?zPhEv=rfPZ#inbvsERndr?8Zx$kz|*MAXBk9EgUZ#5a;cdzgM7!LEZ
z@y4e)fNEZfYVp#z@M$`MIA<?Wko-Ysdo3!YD^O)ae=+XoT1+4{nPHGC8Ai{~!0uxS
zpBrnZN|{SuPQpi;DH^$+!8RJC6Os|W*nbU?90NKTb=@*=2VA{mB>uM&f9fk5v0NYR
z;4+jWO);ZL0z|J>c~s)uqbJ63XWf8mwTw>%I<Y*IJ*Zc%i#?y;SgYu!<esuHuo7hr
zoU#u9(-b)PD5I3Q>X@sQxw={Z(92v8Qg%7Q6hm_C2|<~6hv>9Wq<p2<(Pq3JDxU$j
z-@hL!(I>K^HrjHVcOP2PoN&#i4|TH>t~@ELmQ_0ti4#%H3l#LP7yynEOjtt_c{!_h
zMXGvN!{>n6oW3sp8g9)ZGvbFMmq^e5s5g7zxajn4uSG8G^@|Iah|vpU{kqtG-L}`F
ze=6u7Kw75<ru4_&8d6c>shRBR&?kAjU`RS~<y)9WPcp{)rOblJ6)3a=J)b*{!7=f}
zgXuU9)Z~sM>^89>efJ*x;duKiFViXc6V@sSzY4zUDb0^ILT`lHkxWKJg-VeVm~dz}
z0ABKlBvXHg^r$^&45$Okj9vtxW#4SfUnM3D3j-^0&0;i~Ie4%@Tz*yS%h@8y{(rk%
zaT;(h(3=VU5VUrujR~DOK3<eZPS90Lx@2b2Ug*UjG5c`EqdB?=a&6E6G*c*dzBY7z
z9)BmY!rW&x_szWWg=kr9P=tc@qKL#ECZ3}dU(Ljml;T`09&_dXNEU_oph3Xlp+Q~2
z;rQVd(Qe4PUN4Xv<=*a{1KA>)Bpu4kwCD{<FY2PmWM@2@=^&fS6DCm?z=OLCnD(e<
zJ=0k0ZPHGE21VU+IUr;<{3SG;;JTRQ@_a$QnO9yHC6$d}Ob7$q4?c$zHu4pw+wgc5
zjb-8BG$3`KwmyvEh`+VMFnO&Vql*9x3akiu0O#koDJQ0*Qe}>ROh)TD416X60|GS6
zs25}HUO#D;vU^Gv<R=Xa5)tcE={O9&%yBqOgnD!wq>2WC9#DT2a<&Ir%3BCf5UWI(
z)$TUP^PUp(&gc|WX^=w~T@E86W(7I)hp^m*<mwn?zx?PG$}q_6B-L0aG7r7F<rI2#
zK5GJa6WqSK-3qe^fPK(QSbuN;vUi{kwaq!wD~bWrfHaVVdUJ$E5`8LJmszV(yH6W3
z0T8eadA+VVC5GrV$VlE24s?0r%B5BdlFgRcYm#^3ZwZ!5NE5j>JGmWy%_W2OlC-E7
zlNxaB?F)q40Zm3I04PaH15Bz)h|RS*$SPQ%v$ce)5Di_|=0j5bjX;|r^B15m9e?vI
z8uy})MDq|t17|VoB+#810ji(KDCqz6IV6PHXdIVVC*27qSNKk5)P0j#*Fsz`GS{cf
zl_turY0NcKlu<a}6A6)?5!VPZT>?taTd}K6Bwct8KKt##uDh5FCM(yGctvvmb`Cya
zycN5Si-cM*N60`G?I!G+j$GY@zlov6>^d2H)2Nd#_g=3f{SKQ3RkV?*&oWznv1b0W
zgND-!GjLt*5*YP*{HsWFBWXKOM`PG0&nfq1(y`D%e8)5DH9nLY<PYyDBt;vIzC8Jo
zH;=JYNDcW^<>n&J$T%dOjP61${Up|#U&35A=7PgjN$i4w?RM-6s`~$pY`{y71xX6X
zD`3nU3x*1gp%<DBm{!yPTP05sssUw^VJ}MTtfV(ndXW~Y$Rv2NAw%~^&!TcPB=gQ>
z4B!?EdEE4gRI)cd6nS5IFLAxqGHApsE3jUW%@{~f^Kvf=v#4R})`{I|i#)lV=D@Rm
zhk3SaZBc`@d*W8)W!Z$hzE*lAD;23ho~M<b@ng|xNgr2;B84+b1*p`yk}qGf8>Fs0
z&Y~_;jF@*f%!WtFlUM6!R2~O%P_8UNpASWu#Q>xk($T@RXQ73vV|L=l%<)f9&J?#5
znYX=r7LSgBHfSm%ip)THc9bM0@a#9rv|TO8H#`Gn=G}~HfXLouF2I-Eg<a#A%Zglg
z650b%2EqG8xnOKWt~*$9_^~Jh;|WdM9WtkxA=W=8b}D0Y_mCCeoU7um|NnXzNLC1=
z`GFPEe%!u5_1K49Q`y1{)Y|{VvYAW<6`~Kz<}(?bkbMfvTufF;nbOEr=Y_0lJ%VK`
zm<-06|Au92nGEjh-bHAYm<(F2`vv*Zb0ULk`T&+e$Mqm~!T0+mp$<X6AH^={=bpf>
zofHdi#MBeJu?q$bd$9{vF`gs1ciNzB=m>8LMnaZ#p)R4GU%+W;3b%whBZ6y9Fx&>~
zKVhn$hwo&xw0AUxIxOwYmerw-Nasw!h5mqAXQ;LLs?KmrTd0Z1)&x5(p)DK29kPI~
zC3S@&WHm`}2AeDp0^b=b_}VRzj%X(&VKr3`ZVHB5gR5FY0&aaFbo)BC=_x3VG5(8c
zR4o~Hql%bIT9bo@-HaB;5Ibw={y<4#JB~JYIk+6~Cb57;Kt{zcu$DbD{*`$fz%g-T
zeC(kZg%~j_6>14oM7xs5Fr080O@%2>Cg~A0!Lo-F=4gdU56uUKIO(%2NtK}<Msiy8
zgdJ(Pw=(zn=1BX|03&u(7s-QPQ)5TPNcIv{bc0jy;~>eH!8Fy1w(0@(0oinxEH55p
zrYek;HWi`lj^BM2x)RJcd`6J@hDk+%?c0-BcB!f&f0<H|VF>XBmQ^wt%!-d=*$qqv
zNf^Yk^-OjXvv&)V-NEeL!(_i?_8w!hJ#4dPAAL8YFu;6&$9#c(<j>gm2=j&Z?n5j)
z&SbDA@*V-PGucFuK#`63dTt`S9J$`cvf0S>CU(IR)$7<*#PsaQ^(vN?F<Bk!4z3kR
z-9jS<kpQHPLNn7d2@Ro+aC6tfF=NIE)$VyF^vh-v>b#D*Ce)_D>Bp9~@b^Pa3oVy7
zA$hpPvb1YM2&oITbq>p_a0JfLqDS!cq1x?ej)Xekxf4G+L(T0SA@V%Sf*TQcxHA%N
zYl((C*Pw>N7hI1<Vl^EtK@?3e5^iq`wp!}j!VybeP5n$1Yp2>5iDxbx15#J}`t|4;
z3|R79J}O0#I7W`=s+1p##o{WfU21WcIqS>OL#n@t?aPz-HF3Q3e~i4|rqxmG)Dq-%
z2K5<w_2J97o<WJu7L?~V3G!M71}y*KjqU0kM5Z$g7TYA_r~dHk1tg7u)sgV}5XWNc
z*}0wJaR<gxV5rkaifjEk7FjxrYu1QyWoY6`*ThAT*Yc+4{khM)q{K4GI;nU8E%JKI
z2*~RhROjrw4}ZY5JxnJx&6%UXP+!2%;-K^TjK7}c+VxB))pC}`@&y{p1ZVA|<)+~G
zRX^t1O-zSi*-|ls=SH_>YhpKRVkcN^*oT60_};G1ALQB{OlNo$A^hB~k^D>;JtqLc
zYtzf|guRPuw{Yy?BZ3OAt$45Tn)e!~c`t&_K0s^rBMbH@kk=nGozyZmL1Q^bW0_#F
zFQGb{uDR_1*FMd3QY}x?Se~e{oXgPA_^kK6Cr>MCktpk=TE0kQIagzuV6lT#XV;Uq
z_Z8_7Wt~*ZQ#6(*Yb+Dw^)i~~b@x0rpuk3nvQDbyX&TE@HI@m^8nz{%{px!1uvLLr
zV>s(n%UYcE^bv5@hiFUWN<JRr+Epr?HT<j)M{4UvkG!s-`SZxmxzo6I+dlw#Ew9f%
z@X8cLD|)l|-I3Sw!u!8wUibvpzEk|}$m=l8jjK-XyNhf8LgdJ6-M2(u%WK2aznZs$
zYd<4$<hA}=;;eU2ex<qoil@2u%c2rz4L@&*sqNuM8p&~u<cvmQ(4|VURFVK1DOR9?
z+PN^@@`zyOJA1eDcJ(3^rdx|c$2+(>^?64D^F|F{3r3Fw-$=(Ir{+E6<l48Ykl=Xz
zME#};))e78pv7TT2F4Ia|5Bf(nE0yD;_&mZCg-2lNM6uLUKufeMvpOnlD4OtS6;2a
zv;R>iC^6=WuS_uJ^7t|QlQ(YQU-=6i*U<^qDj%kmxRJ(XRM{ao^zm}<@vHftDK2x=
za~*64-^AKBtQ~?(mycK;`1P+8JSvrXu7m9q$R`)Hb{44K>p9&kk8(S=>$wiLQz+vy
zwRQ-4ox)@U|MxF`gWK7y=Q`MqO~w#w?GS{!%(k?!=(o>vJ0I$~4z@F2-Zj<QAqaOF
z`t;7-w;ktpatvGt+gTvjQLP<<f}h3^=bMjlI|~h52iqx<dpxZjf{T}-Y$d{-i@2Rm
z1J}WJisg|Pu>&Q_Mwi12=zNEl`R|Q_{eWQS3up^-SN%Q(w)dw7StqqNm1-<sqp?h|
z^Du9OvRK`+;ZI!q-wm=(YHcED`r%oL{=>j^)S(EPek|3y>iNGd<e^?Ra2<6hj<3h#
z(cTGR9_mX2*HMRZt3s{5@48kVDm#tqs6!FNy^-oYG<WlK9%^<P*HMQeh<h16wrqWM
z8V^;G#&y)8%2g%m)jfe#JXBX2*HMS^s^WU4YuO1NYG)ePQHLU^e3|R%>YJ|r8xQqb
z8rM;W;uw59!|A>EQXXn3jq9jG5mf#Z88Pz12aoVjbBtU^9g3jxWyZ5F@A_+qhgxIg
zI_gl>s@7)uPp>)6Lp^5XI_gk9Rj3K4_srs<J~46~b*LIu3b#i8dnXTdSvuEIha$**
zdL_4T_^FO&9x9m5b<{O?iKgb-am{@kg$Q(pTLSIjCP4f)hqnlUmOxWmAkwuV)F}kW
za>x8a<RXg^;A{y+0&qM$&>CuMiL4RGLmO%Y0`05T(#Otq;SGvM2m=6i{zTXC1F(i4
zsI7Bg0X!i~n~}s<u7qyOU~RA6>+!oC<z;rf#|a>9IP6(!3(Mf~V5to+(U;mBb-vQV
zxpqaI(a7omUQ!{VO`(p?aC@8l1fjx_E`>g1%NE<be08$hBCxIxpltcogUsZH=&IK6
zYQ;-MSMhfu8N+rB$TJ1YL#BgMBNb2z@{4iYsX^H@{#;ZM$E1Ld!-}RS+!kyl&iV~a
z0Di}AJcxzSEcHh&>Mdut!(LulR^xSgt9X9XO_)*}Y;4H6Txx@zWd$2SXJ~b_1LY=q
zllFDtkYHDeU^j+(*b8a8@i-Ib8F69ZCcH+gCKUh`cypB}f#0J{g3sID+!XAh7MjAH
z8(M>1fe<90u@IEm7d!lZzt>r1XRkvGWT_2(FBK(%(`~QzS34J1R8-g%yG^AwvfZT8
zbye8Q%By@{cSWTgZ$pui8I~gfDh2%dr8c}9h5j_#70L2c)p*Lwt9^D@$t7W7cdE3Q
zY)`4v<+Rth9e!__(?!+S0EGhGxKgW@+ZTJvE4}3|kHRvpFI}OCTw|0WYV6gHYPZu-
z<F-44DB-NEsqOmg&c(iJcV$hP-Pc}fqq|_Gw$&^Wwh@*>Gg0NQs&Ox_thSS4gwxW#
zj+UQ}(E4_u#|Q@SRvrD8=i$Jh9#!_rnhIY<wY$bnmiSSjU4Z{7wF*6s>WT`Nqs(6I
zo|j^w(BrA_E-tHZB0pP-pUvYat1S2XE9_8%QasUzSnR7@?D5r9+Le0<ltjbRq#@g=
zDffCRoMjGsUAP4`WvCj{)TWp%uc)dnTkNQ^qtXwABY5{gR@EBz+kHN-qr&O-qR)ad
z7H>{)^-i^Uhu!V;`P?<W3ZhN+E=E+Zvb$Zba+k|r4HO}jr8ZKcRND@vHrRJa&7K<j
z;z~z_r>v^RuHN`4wZYB@sU9`;m}i7$S!b$^a`bu8_bqogRW@i?8g#)3LA}26nkugY
z)lIyILQ{!@x_svhTVwb5U6oa3Zjb!Zj?urk+hwmPcT~EasCg(YKF>cJ{DaLIWEpm6
zh`=tGf}u_&xdvy~m^VDThHZX+p@p$)j1!iv-sLu4NapP$vTNwh&#nO{pQ`oeXV-vp
zORsA5?DkajC#>%uPa7Q?{A;8))_86-Dcs3B0qOLopC3&>IYSU;Wt`g{oU16z7+v~4
zLwaY<V-MIh4Jc6$nE39~NcIjQog=1m+jF3N{s8G*dcpbaEk-)mU2txDUC5&e>HIN^
z?^BFq?>00ExaT~q89x^Zvxalr`R#p<JpVrKp8#FyqUg$!Z-=fVRr%Y4D_3`KzVUz7
zwZD)rwp@Ak$fKKHy5;aqXRa+j@%SHhJ#pVd9sRq%`N@p=r6+$^_=`V(vGJ|B6ATA0
z8_2yo?Puv1_Ix;a#Z%ESvDuTSv|YEecF~)^nfcMx|I6O9$3<0bedYm-GCD&JiTMa?
zEPSNs!Gb_T1EfM57?^>JKxy>h<m=i@Y9U33Nr&xd_Oi#lWzpB;=Dpbq?P1P<f_i-b
z_OPf_;@UBMpcbMM=dQKSnZt0%U-$cd-}fKq_hZjmd$0Xm>+Ewldp#<wjm)X&uJ`gC
z|NK1R&WzlH4QKv#`S#hYJN2UaQA^S*Z)H{`uYc;V@xOjn{q1O@aK353e#pt9jVVKS
zzF9WyzJg&7-cx?}ch`-3a!uOlZKfXz!<&yzxpm+jq2{?Yhc?gK@NDbKpLXA}$ou7-
zw-?%e`MLPvf9O70F=pb3H$JT6zjt1H*LG65boxj4r)xR}-#gX*@e}@$FCXiCK4QT)
z>z;XO)anxla$=6GebqB)$MKmZGhVpKuqFG`tFs0;zKp&3zvFi#SG`<*{_D%7KPEi>
z(j;MZ+`8LScK&eUpV^N*Gv$q%>!+R0cs6|IrP?{ViLc%t^Nsoahw@*$V-aZ_v#hh@
zz9&kazxs>U=k6;gu6}Ca(savjr#}9+Ffz^lruVNEPab}US^L?cffrhHL$-a88rm>n
z)cU=*8PxuFw`){GDj&FYL&S``|LeP-H=a9qp#8(+4?efqdEHNcpXzS8cnd$mb!73Z
zv)BB2<k(%FC0pkW{#(@N!@F$L@2YEB8U13juY1M*KmBs;_iwRl!s;i#ca<^k#>Y+;
z-IMv~+rvJ(bI?uydia&6_x$C|rlX0o|1s{@ExX%3P2#LC+&gr<w(OJTU)^wQfoXou
zX#FacTB|cgCqFj)=7opfnf>CV!q4W{ZJg@(;)7L}&g|My;aeH1@p0|LYc;;#jdnjs
zGz-GGT^!HkI3qb;WpLvG!#0$`?YM)r4cvws&vvb7W2m><*gfu3_WM2R`#lb|_hD_>
z9W?xJ^-?w4Tp7>#)tpaPnS0Uyqb~dh$h}Mf&)oH$fOG@NimuAs-vXrq1rql|c~|MD
zhOKHTUR)wypCY<?pgQ`$8oXa%|3_$`kGdBw{6;dicDb8e7UK8w#xVkZ-)gGdB5L{U
zs-#gtiJ#^hs!_X^@t=q?RC_4Yq6=?8rC|gb4b?jTu_$&gTEL+0^=~>?Ci$woC5%Sl
zxRcx4Ig`7jbxrH($WSdc@8_fBE(5)^=*o|YM6|E)2JB=n8NxPtOj}Wdt5%CaX$)&`
z7LAOeXk-ALr?M4eoTO_#l{^J>MV`u&2qo(aJ&&V@;QWHT+83o$_)r=*M%2jvLWWvo
z=%fs>ssJ=yhSFsyR~4++|BfmUWO;xwaPBK=O<KLVCc{<+HLJKzt!Uwz!}+>w$Q?UL
zB=ut+gUf5Wt-PfhF0$KyB5b^W%y78a8nV0m7#5R8|IcCL_m&^SY_EwCY1zG`vAl(r
zpYxv%8xLzw%i{)=AE)JCk#p<?(#>A<*Bi-cmiO<{vA_8b=-6)d5_^&D^dw?*+=XTn
z$nKx1#%_UVxKb@^z=aqCC%`o9C#*B)(^?H%bGs%FCKl~vn-*4l@*Ewp=qKCsoX_ZP
z_ROUwoW_9WrePgw66M&R^ro0&K1R)88jtY~#+%vAwP+00DbHynA@F7jG$;ExwW0bG
zDl3grhRRS)Pt`fUislj1bLB0fygWtoYlVclX1yoFZ1!ZEjjJ9ad)fV@k^Pz+VGpwn
z70sw?yfRGF%$*<Jrq(nYs+-ww*;?{Fd!(YdPyXeKJu5Me%~{ObW2oN4?qyG)x-Oex
zHufz;n>V%*&6H6~+J96RUXRHxOfYJW$)o0Kv>4~vo2iDI!tgjFQ1$yLqJtJ=VBI{h
zoWHQy<_XmL6_>RWN@6{@v>4x14`p$1t0mTYY-lN~H>}-^nsH)e&q7&jm&#DN4873H
z2<0VJz~WOhaU3BrHwDI@o@3Y=L%#I4Xl-7n+JuG#=1-7|-WhsQ)-^evJB{I#IbQ2-
zT7KGn%HuRg%Vv=4&Y@CqiaB|_--@9Mx8ZZ%TWYpYW8PA8bQ=Z?iy`gYabT(QJ>W4F
zG&CRa=5}*GYRHHeycU(n@eLY@v)-kGR6!+GDF0DpJk_x0b_od>K6b7-&frB`L23)-
zXKP>+52Kqnu*rv>4RE>ZSid5_lhm?x6+ReWY_EJC@}Uh_f%sneyGcEZEXpt^DO%c1
zcCqzPBf~sF(L;ToUU$O?Q_K_CgEZbH&n`4a0Upn`k#E?!=2&2T5_=kQjqDM&9%zjI
zf9cpC*l)wz*n0K=A~m#bbU0e%j9~XdRyay%u4hu)5ZpRJB=P4fOb&U5!UKvsqxD+U
z?xp}c467HR61p>p#iizCk`%_4bpf9}@iM1>!UrAl4h3)*jbe)tE7x8F_4CoJb7xBJ
za_K*XP^z6iK-NJPp^s!J@WvexWCt}`62WLR_ou!QCXgpuB|Y1?@;U@1`+zxUQikDf
z;w9Bp#4(OtQot}xPtq{Y(qpIwh1_X9#~W!>%ryt8ji=GiYq44mF-XQcb}d)0%_8lR
zxiguCxYX_42xGURT@CQc#9~m^4B#8c8*nNK?*+8Vg6`tH07C`5eR`s0W00$!fokwU
zYJm+HZ<U^`7%9utlQlugijuO#O*<Jj?HK~)--rT&4j;tgP#Q}U7C<%|^n_;0C`d(?
zWUpG}Nz)e6=$p}!dV?6?T!fNk$Rb0J$dE^dHp<YOGSn>XDxwyv7@e<6h776zbe#;%
zkRgi<70J*8G8FjtN{ne~G6qyWs80<Po_NBcu%HMfqwu7c*9HmCU0PT><YKyrTM<X$
z$><TD+cB?~@MLgpRCq9O^O_66!eh!IgENEVkQ~lJ!<K*miE@ZSppf0{05dF-kAo!Y
ztONa700nMkxb496A}PScWHy7o@x+1TWzczMo6Ri7g96E87t%oL6Yv3r4h>)*2halb
zGmy;ULHn-kfc%76K{6#Urw0^ePew6{JZwrJWHeOuT=Rqij8~l*7<sx!lLZUaBc*yv
z0HsFXk|lgmq33pOKDx;Gp9`5+hF+1OcV+0Xv~P&&&Z2n4%21*V-6=y0WN3v9t(Kvu
zdkNXAl6Q-MklpnEthvkm2b#O1q;E@OoT*2yq`4c=+{CWMoT9AxOBPEVY5M5tirT$_
ze{W`LbI%0FJPFV!b&o>&oQG-qoMeldyYEOI-V<AAUkKLQ3eZIVVa%k^E5u9+yraJJ
zcEP$}{geQWvgHBHA4fkD^>pd?CA6|S|Fpk{dZtXHT#fKPEf4I|vZ$wv&pm88=lQvX
z!M?)-G|HCyMo7|MAwm*viugp$9X4`P5A|G`hH4{~IF~G5m>d_RpS0Myq@-8Q|1OHs
zt5WX|{Jj0;9_mFhjk4tk=J(?dq2*@Ly~Pg}JveX43K3c$f-_RBMJvRkM+DL3GCd<i
z1mydn;$=Y@#f#@JTe;LJBKH*sA@k?W?_G)+0gBmwdXnBDTIpWi7NnE$N7qqYoohcC
z%zQXt|LAS1jQyjj51pmbm#z8tE=CKcdBxGoT#KU@ERIgO+Zw%S$$iBW2Mrn+xEp4j
z8CRrPm!c2+`O1gsRq$(0PtY6b?>K!F{k=`kP?}VIA;rh)v+3`2y_)_e(ci2E^GmRu
zz!)v5s3WRnis!$U(lc)L=y0?NKohd1VqWJciLqNG))+-xtJra<KMrHCg9D?48|8fb
zX*d9KIfP-JsTXx}u6P+$eZCX_-nC|@f+sM}B-NGa1M>RJE7E{AG4l9&G~XE6TVl)<
zY3|8E)@D7jAbYo7fl3waQd{kP=zJ5G6;t&@^I&mqVxKA{-OT^Uq_O|%zxuEKtN-f1
z`mg@0|LVW`ul}q5`aiq4iz?ga_q@*-okOS-Kex|0kfiCjI$fgQb&iCQ^c1_$NYb=q
zD7iDr0<hax=p0Nk%$SoEp9xt_wfp1?zek(g%{II1jvd%+pwVzLOUKpgxXv)wS@gd~
zLZM|Fv^+~ouEv&a*fKPHbx8wMvyhqbHlacEFNjA$#6UJ|Rx?bF75Z~9q#cH~2E#F0
z>5#}mbCf5Qao*@q+4#_b^n0wCdL{9wT*FGXK$Fy}kk<=>!0pr)h%K`|cSqS(B!{Uq
z8A-w#6T1FOtSdcTAiFfA^U1N(AwZ9tgL^cUU5jV(HnM;Gm!w_veO0L)xQ2S}JFRk^
zFT_#fX99;f?xKSHprsPm3!SW*<o10yMO^U1?q-)3>0y;0$9dWu*l`0oEOmtxVu|}y
zStQj7I57Szx!Y6FZBMT@>=lU72d&s2o{flJu8ejvoqA5o<nIcD1)FP*CiYURjqpN~
z+h?dipGhUHuy7^cQHHF>56Hk1Hy$dEa4v`L3&?spVC3UQ93(L2u+=6sq0&cLBvrr2
zHk&F<5o=61y2SmZXB-SPg`)$y2I~1O8#-RS3EeDaW>KD_|EC%wL)K#^&;w<ooGUq0
z1xS`RBXv^)(;>4;t#pKj3jF>|*5i;%Odr4;^pHq0wvuct#p4kiD6X@!M6Ty7km|JK
zyidL_*GW~@iR-B|R;t4*>O_!@PX_7~73SCIVeEA1dZvf}+wh2>MknWN!;dAsakT>1
zDsY_wH!ARG1)dy?!+?S?C`Vm|Ui1pQySq2urNA#M@JkB(q5{95z&jN9FADs;0za$3
z+ZFg}1<v%wSzoW|@1yEV!Sp5t9;3j=Dex%@oK@gy3Vf0RpQ^w^6u4S}YZbUkfopo>
z=(`yA0J!V(p(t=0?F%Z`Tlh3AqGB3Ef6MRD<NX%}dzFcvmS>oaR-haLl=(F#2KP3-
z)eAQ`^)PA4;lIC#+pp2>bA=Qj1)e427J+wgwB44O#ea=EEa^l&5gSw}y(9=W{;U=~
zB$-G(YU@BX<#^EsSRAjoUyJ?1Hih0JO_@1-v9jN6*mzRJen;4|Y!)63rqL&))s~q<
zI(aSacV(Y`gVy6V^%d67W??({8`bo=hijs9L<9L%mv9LBLKr8hD-3J`;`kYL(0T*j
zq3VsFRNyTN{IE*NFPkM322rQ#83c*2kjMW59c2m)g}A-e(UjJIJ-9wy6rG(F(5Dy~
zOg6j@mFyPW`8wT#E2OBfCW@iYtr)i1ead+aJj>T0jg>wK@W~ZckWZ=T-VSWA+OsS?
z`dgyW7)-D=W}D5>bU8B4j=Mf=se`bux1@HOa3E4E!Rw3ahf&lM8M4-xNj=-!dG`gG
zzeRa9BdFxX*w_v_yfATiHu_-2=Vw@90i}Xb#88bocnncNwq>FCz9ydb#^512l@hDP
z&Yy=KtbB=@3WU2OABJlXhl}mf;YzLU6UM~7#~6h%u{51P(-@kXX&Oz_5j2gWsfngW
zn(Aq)qp6mr3{AVXVA@I3UufD6sY74VzLPQX>5(wz**aE8JowN=$I)E2>B8B>RQ+&Y
zvg=wt5(?|-ahx45{tXkI1?xNUB_4UbJ6liAdR)513oZ@Yk;XQA3R=1Dqstd?)0T#-
zj2hQnT%CbC-tKYfNvbX}<Q~Xeev3oP&k1FiJkP2w!KLFD7!giwtxv@#g21EuR8r8I
zc*Ge2#da(Iei(ImmUzT<ug#$orpBvOMj<j9=0FZZW=6uaILL9bHhu~=i~d@d;VFEo
zF|poIVF6H_!iiJ>S%J9pFak8b&8vm#gD9OdRHPxbd@0PaHiw+d<chl(yEnDVBDnN8
z(7mYt(}_-E1=lbeado*noJRiK5PGMC@h1TA#1_IWzo&LvWD;Yn+H{UF)`z?fX#|VV
zTL2xLg3xAwG&FAuKr11y>O)Gr4bt_A2z`bSCH4VyaWX<X0a^o4E&md(6g!&62+=ZC
zI|X<T58=1NJ3(_xEwI+O3s}1dMnqibVAU01$n7xoMw~iM&c+W56W1OlFaWl)sfgwU
z7=b6X+^SZ_bqmbCZ6MU#p}|Fi7s>z=Vt@%4UV%S(6}rS1BF&It;j6Af)tWqh@(^h$
zNvfXfR9S6ygL^0{osEnKx*h1I(GHCrvPkTtw-^W)o+;Zr(}l=5+CFsX3a3=qU)v8P
z%}C1ho>bIb@}wH!zYb4oSNTuEqYNWc(H_;#(DH-m^_I-;s!E3u1Fs3H%4!-NDo>;Z
za;mZ+@eInvbXo?ayhDo&%`;Ryh>Os91NDA7kpDYmpSTCJ#>PTFk+IN8l@k_~Z=J|6
zRr`Pg{B>iIcvTp``Fe(F+s8*tr0$rb`De$AewiH%kE$KeJWMELH`F<S4)FM~P~Nr&
z?!kK3)P!l6Z&-)#FTx;%6Q)(bz+54GConu=mC^MG-wAIId>Zt^N5Z(;957c`9v^-^
zzO~}(w2IfnAV(4}<iSkdhNf)7)O{d6!qjJQlCJB3lk_EYsNKfjdOh-8h@1d(;^t@t
zPiR||jsNI3LC8CST5nvZ#uaAgxiLV-`jX+DbPsI$AZD>BW}y+#(?xQQ6zHH3rK!WE
zPl%+ms6cm+C~JxB&JeC!?V9*%{0GQWr_OG(3JpMwB4(&SH8{xO4`4776i7n_CuOaT
z#b6b%v8Y^TU`4duV&zxFQqi&UF9Us`$xzIJNp)aX8rKb2xeUsol4i8nku#!C|B|?q
z)Yi6<B=scGkpZxkcTK`2sU^j{RL=VNd9YK}!VRZW0WXk1aKb;ck~4Y!6j0^Cve@iw
z$Bv^gc`oT!eLG`Rxkh=lzv=+;#FuO`K&@D=K8kn5QaQ+T>eIMxb7>P@*ILd@DH+z+
zcGgNpCILfipJNXElj0VfL%1@n$~nj`9J2FQcL8H=fIGQPSKb|SmNAxoM=6WYN569b
zQo1x2;ZRTc@xpw(8(}LJ;&vga5Sa`e6ySzoK~5$a&<FD@&#G3oIbkH;;;tzE26!=b
zjN%`K@c=|XyT6v8CMiE@BrXkXEZ#Ue*o09|Evau??1<v$poEal#LF%N|IOgQvjZlR
z=@`i8F}T?jbR~>(O`r>5=Zono1Am6v`LxTheteZ&3!Wuy;hyPjAb8`kD6lP|Y6>um
z{{kp$q1kbenJ3N5<`pN#O=ny~EWBAj=I6O|jtG9z2$cAng~$|`a$y06iqcla!W3)&
z-PY9yMR6tZU3Y-DFtDRS)SS6M;pY)6A~C0#<XB{vtiU1!0Z~4z3tAi0D%2g72xhHe
zQ@nkQF;&UkRb47omUs70?$1k=m85cPFe;>!81DQ?u5u(-sSGYrj2tdF*}3jFi=r2*
zn2*=*qo=3)*WGVt=9%kpr~mdzenWyTysKy$jX?o!3Z(iR!fNWl6%<WXQ^lZ4T&GK|
z+L`tEr@tw3$EbPZ)%u?wCLOX!YPT`3MafXR<0%JHpx?oPcE`3s=zSwF(r$CT)gQp0
zyaB!{Iq03{;&;I4dbi0<@H9fWvMdk>6xJ8nEf~p}g<>Dt?s7b~#fFgYx}qOuQGY9_
z5`rRxW*gURgQ8=F^=y3;9H{4{00Ly4dB`wxsxdlvwl3KvXioNv@(WnM>&q6C*S}9|
z-7$Ayx(1J%=gv`}P2glt_>15xMg0-aGSUN%;`j{yq<<hwePKg7a2iY*Yd}k8)9Q?H
zpz!W>^&3Y}EV$g8h9Acsvnx~VLUfckqPUY_H>7^+h>iiS-+2!@PPgjaz<Mx1E5E4&
z0XNV7=LQNOPUK#(4<JkG^5;=Z>T<j^+vzsg7WLCij84v{1YnDg9=HcsCelw~!##u9
zjtj8`a7{u%wFnmhx9WgX?a!8@2X0sjqK-=tMzInJA_K93B?>x4^_&sC<zmCH4B|(g
zv_88B7^D6PmbG~*YNvj~6&}H;Ra;uf7Sg&&R&UU{IIEkS`ovC~MI{)W5z5t>;zN%1
z;_a+LkSmC?Nu9~X4;6<FE@49>F|Bf*aCaoH>5M1gRPup=yd|-vTKVXG$~$N9(|ABk
zMPj4CnnhMi*bV_)qQgH)w+pOJWUzgS&{_gKvC9vQ+8kH^1I$di!f!x71xg%BqW6UM
zVu<M~TI8<}&0}9X{Bf(5d<8myk}L9;!4?L=;eJ8hPZU|bm-{j2c@g_;<mTNgc|qW}
z(jh2$$W&qMajjyMm;cS;7D=4n{Q~cWu+0LkvW^9|nc#E&iWqZ%$5Fc{Z4iKd>FNm~
zF8C)j@iJ?K+Jv?U6lzz&mcUl7BFfGP2&LEWN<=}5y>NVRd8pfEQ?l3)m+43h26Zms
z$6UIeGal#S*lJ!$0<q4i)hNLE2mJho*2DRBLVRJ+RO(r4Fz<v(Tw(kM?I~0?^k?`C
zCd=Fl>crNgr3LVLmgqMwhfn+vZLqe+ykgOLlVsn{YQj&MTe67ipYV~MWWP|F@ReGJ
zJ}J~$YEzu*P9ecd)FZ@HcGZF@bcp5^USxJi4@YlFB}W=4Im<z9FSwvp&L6MQeAzYC
zdfOU=TLNLP$*amKSoe^i?jzaUHn{yjjnmKb7z$a0>}zn~6j~C%3^oGbktdXA)P8AC
ze|EJ6B@MG|Yy&nR@By%m9Z@a&vs!VR-7}T#;PnG%OTerjivQ*Fv`h+~Zx;giNKyc;
zvcb&Rnxu%z0`t&=VR-ELN41KW^f&aFV5Z;@5K5}VWaq&3a**dHj4L7S2cEx*IUN0^
z5YSDtfmiyu4fm`?8wTz7#<x>9p>9F#C*{gyyTI;o{EmL_a&(FuQ<JQKcO&Wra}3vW
z(|(VSjma~#&Ny7kh6;wGW1{w=RHFLgrrJA>!GU(tfE|@!e+x1fw=sdI)x!CZ4hMLW
zg5zvfK4W#DX7Q9bzDKe}q&|U`5Um^z2rUuRws$?;mw)swYD=W7G;$#k?dgXb)mv4n
zIGjfWu3%u0H|~CsS54RehIJN_i58N97!(LRx<z)ipa#%vQS^q34LyQplWdCtDc)xJ
zw$`=LU{6xN1U}w%q7JB219n#!vv<dJ`Ht%ie9RbNCps-`R;P=pKYl2+y|@wftW}U(
ziBhUgC$a5uw6VBWY3JZ}62WbS1#VBO(b2iYcTPTnZ(9iTM)5#kuMyfwm|rTmWcM53
zfNic5xK<16HULVZrm#gdi?zx^1EH>!HBV|w@6l!nz!BRwOSF;D3IWlig1}a8BuYc1
zG7S)9As~ne2$CioTpH?LhzK$~7eO@7Ne>&2<#L*&ZFvMZdN|WiJZs|;g0SDvJnIZf
zXr<i%Y^xKsGCSR5P|v#f7(THFi4lH{+NC{>a%>h?L(f%qT488SMF!ldXhNt`6UE>;
zpbRgmWy)*74dB427)dfGfN<n3=u8s#oyjGDyI|_9yt5uSlPc~^Qh!$1;7mZ?hdIz5
zCeSNltpX7T#7NRZ1NtX5@iyy3QPQJaz7?<~Nv{TCO-%xG0>qli#ma&C(%-p=ZlUBh
za<N`Qv2r}F8l6Mzyf4<OIb!un)ImLqjbzqhsdx4%Zu))#VB|>QVNi6D`ppEmX3))A
zP|n=?hVBgYk~wly^~cRvCMcacWEM@0+&~AN$r0~*Y(A?Mn4Di1&rf7rRnpagZ21~(
zCI@u+n(`WZ0z3Y>I@hf_*OeVHQ9Vj*ycEjhYX>HvWnr?V^FGaLF##=d^uNqNs&Xy-
z6_oH)*@*#!?#2L_RY=s%N+orJ8T^hu!I><Tn552_fH%Qx*2m?;x=woX{m9R-vKmt}
zW{J(`VH;=p%rd<OdlNs9twx2|_lPwAZ}*iaJw;~zC1pXfW9YO!w-qpR@Wt>TU?x=A
zIxVpD0*H8S&nl-sehl?NzUzXV7MLj)<Z_}kfi-bO>|Vi!(M$}jYXfK;Z642W>h)0g
zPq>sK<{t-_pO+DP3T(%!*2kTpRXcA<!UZjq45$QE^D2a7h!BTy2zynaodOKVUPV}N
z^=Ld`nAOX2LZLzpR-iQ`$ybY|ml^l<vO7Q2oncclxZ;7$+;YluRMc>G^?EQ|fGU{}
z)YEwsqb=>D-lTf+SZL&?^Va}l;lW@AO{bOf(c}RMl?lgXzB(kWTn9!y$+E(OTBn`<
zMtNL*0zE8<+i%D`5>V2Tkt~!@qHPkmiu1(AjfqX2_Sa?GApbo+z6w%?Q|?KdRP-qg
z^C?Xl#t%AE4ev31JH+#?E~*@%-ND^`Z{st+yZf}a_^!EQcb|9f?!H}t-F^Go-gzU8
zi)yg<@fS@kj9VJU7j@5jui>&d^nHA7nYoSjY8u9m25R0Au2(aD$28%PdOz2^*C3iW
z?+s<zZ2eT}quzg*IeT$Rl20K8;7Id+4vA2k<vqpl6l8Go^x{>J!3D69nX?n;narFf
zj9@gpprVT{`U<FU{8OA+<%VvqM=9u$`BpmSXf{Wom+6(zOY_*MwW5<yG$;!f*Ftt2
zTu`D;uj#t2`F>ER=N}f^Gq(*e;o>tu8c6X#2G*X{C|~$Re|{7^{(%1B0zNO4dgc#5
zLIo^>oF~xnv`uO=`4=W}J{=bj)8M~gw6?y1%fAqE$WN>3F5QGk+G`|pT8Jhz??f9e
zUSb=77`Bb_cT5^v;fAvBnrpCcfGwP9&aJCw2T9R-?5u&Ms`11*&$5NM@XKQS0Y^J3
z1v4Sqbqp7Y8}yu&_#TzW%7}HIvXb+)YRWC_c7<`xO}0l=e@Z}7v{u{7*N|OGE0^Wc
zS|iw^dG^^@<?Gp?e@(AT%)#g1A7fYb{*`#?IIO+P^I9c;tv{Y%x^gkp1*`;@akl2L
zabm^8Y#du*EnS4ajX-8RfXw6d#?ApFtB!Ac`QW}$<yYzpTQNNg<^^!C|8mvra%MQ)
zvZ~$w5`<R>-De53dP?7JUE5O|17dJtz!J|t*#*5RS<aX3@`;b~_TzGkw|dUobNaV<
z4(|Ty*aUE?9u*VT6mqi1&pzOD5NXiqSdR5pGO$$7Zl5a?ZOY5~N>DahMwo9e&0@X)
zCM{WV=C&EsFP0gc28H%@C~10nA%FR>OpsHK#DVx22<HKv=+{?cKLV6axjW`5*{ZK&
z9t>fRr85FOy9FekYxzX5S*d5esfe0?Lf?x#Da7@0YPJ5}I=F!Nu9%3623G4$h1QJ0
zZB9JFiANfhd1Ymwag2V1I_r$2Mx4D_Ws$7j)JQavRn{}8+}YqaT7qd1YN|UseoDH~
z`vc;ywh&WBNY5Z(S1^bDj(4;mvf#O)V454tmH$SFyJs-?Y%C)*y(=h&roFS2TkLaR
zXv5mz3_D?sUmIEc+>#xN-4{uBZ|WKBCCXF?;<mZtU%!b$|JUMwk4~K}dG(<w8nv6)
zOeNb?q~H=h6*F9j5D%6nQi34q6Jql<F9Bh!!>k75TuRil{{x}T&)TC*0DwbF<-HGl
z6xFo=yqn!khGfGmu)!z+A_S!dG`L_{HjzM>5S7KnkWHc_;Cqn96_th=z?Oxilh91Y
zt@J(H()Va9Mczj%wYE|~McB>a<`0MoAcjBMMN_<CC<aNB03q|8b7wby)c$$j_rCYu
z_kH>0?wz@F=gztJo_p>&_ndpKxhd$u#XL(ikl#>i4@<B{b<3T+)lEKv7qVS$Lywz0
zmP*exFV)^*$aiqzuQ+=5k#?uG5)6A)NP%{e+ej-=Vq3T4V<DX!g6Y~bb~#-il4cXv
zP5hV@D>_h5xuN4u7@u~5S=VA0%$rOAtrBDNi~bRIj#)o~d<V;zq`Xz>P1f-f<N~YB
z5Bb<%_-#$%oayXK0lC+3R1T0ih!I|^ICr{yO^6K{ru)|FMXy=6DH+(yI;M7{+zG;}
zTuIwsSEs9uwfSdr$?Qvh17|jLLX)b3Nj$15ru2^uB}{qd8#<^KDY~C3Wo+kQKqltn
zAMsIDsnuQroLLNS2*q;pLUS&5@4fOuW8U+op0-fz^jxub<;M7*dR8v)QFXC$J>19R
zeSG9zm#gnK8DsSpJ#VeFX9%pv;G3s+Eg|P7&@T>aC7XYctD6>`;DB}E7(BStYxayS
zb^Dy{OMK2#OVl++HG_C<Fjt%dFda9AWHJl5DGI!lL7Fx2<&g3ms)T~;E{MG_maI_w
zMpdywvwBZqyQT+V&bY?@0xqyvn5>t$pkL@if8>#&!O*yb{B#CI6i1LZ)=pGzM@-;O
z<-1fNS#E&wV<8{n>D)(>0W+7E+TMGDthzHYbpb93$r>g{lux%)giJ2c>Y5h8tMd)q
zWz~R-wlI_6PEqnSpoQIQ^%^9vRTj*S9zeH8uOqsZQWYLl^g?e0-3V>Sc8YGH4vT>*
z7uL1NoK^HE*f~omRtJbS>N-U<zwBk?IEm{*!>h(XhxIKy{4jrVv+bOtnXSP|zvdiE
zxe91LXga}|;8zTyzaJ}O^_9lp$#AK(8hHBB?f8B80$crKRG>TC#V6O?>ZpV3O2>4;
zh?o+J&Bzr2y*;a-W&0b`!p04?vAJ$iHA!1KXR8;XRuytUxAZqvUI<qP*3>egY=f@j
z{us>#ex<D`p^>M>$tB5HB0xD<8i*{pJ?F-q6F&`CT>$ZVGxTKeZrh23fN&>dMj<k;
z>Vm4Wx?D&yNd=dcL}>GVXe$K@oslbta_t3Hi8BkvT8qNU&hrDLbVMyP<bB|L*E5cK
zb_;IqmkPQXxL({eD0;2BO-{Mc2&}gp#~ya}P3F3)KEXH0Lomk5Oc^?MzrQTYu3Hyl
z0Op`qe5TI`fOB2!o<?J!!<ef&tz{_OLf^ngyuYD08<%{2nSTMCEX!ha>t^_J)jFo~
zdKqu3yq*h`L6?!ITybz_-ipa~A+9nwr#4v`(I2Q~6hnWuN<ke3ed)<?lku0RQG!9R
z0%5A0trKG8PV9-_&5XA08UQj5fXF3PGjPmJL428fGM&4eUp%gLgL$*j5v+&}#ir*f
z@z^~*ZDUUMoOPU(`=Q}CroBm^jUi8<;`aO{j{(I7^fqQd|2ul5f=)RgpA-^mPHdd8
z*#rco;x>=Yvl4PW5Xl8uaxo9!KjxZ<x#BC5Ay+))vJA^5m2~1wC|9o=HYV_h`_iVN
zl-w$}$!m@Bbs*@Ai5`YgjVeqhoqwUjOUkhMUHC^T|ME5TJk+t1>QkZV->dWjUz6+*
z%)%JJHwO|9L&(qoT@cFF>mWhyfewkA?pqJ?oYAH(tnqJ7ltbiM7>bC(N(>Tapy3N3
zvG_X9z{4oG{DcwE+<RBgIsB4fvX_`Q8YB?by?CJGRCu8f`>>eMKK#E)QPb}oN>M-U
z8l<Qjx}p^I@j;48$wI;qY6>J43zMB~hT}shsiDC|ilz-Eph-Xzk$@uUl;0;S`{@)t
zKs=|WM2M$&Ipa%!<BB}Yw}l$uEfK&grbhw4CX6HZ3;;fx9KNOj-q7)5DkEAPN7sEU
zbEonoE{p)SAb{d^)t8w8)oD^<(i^G7B3PFclAY;;Ku=JL@HIOZX152#-oA~~9h}uW
zb<R;fzAkQIwO_biyS$&y3oRZ!;@5GU7V7A<U{O+{Pw12p(&hv5%bwwrM#i{Ey^(JB
zuHu)Ay&V6z*jpyRjFU>|k?16H7i}_YNl@&4lAj><&f~Q#DZ_H1*C8e2YaUbq;wZO$
z&4Z1-gOd|d`;;%wUZs@mr<4TUg*Mf<9}Oea2S~L6Pj@wn>eON>wt_4#4Z6#5b8I=9
zGTOS`WX<%*p}bLD+C5ik1xmGUPX5T`0&e7^lFpAzdGvyO#F6tt=Xq!6`De&SCB0|J
z`I25_6iwgJbZ$0(Q?Q(W167|ql`i?D@}f7WEV)LzH$eqjf*sVrB0Wjd@sjV2fs0v<
z05)+LB6?7@1wadyZyj3L*z(F@g~e*R#2_uC6%~~<A!!3VKIUOa?x(1`go{<5;05rS
zN&;2i#z5&Ibm7HRd=AZmc2zdN!s03FxFP`0Teaur3Z;}PwcNm49v8-we}X2WjnzO8
zFe2AFX_I-z7L^8fpbdm0#GjS)Hh(EyDZtl4@LKwpUOPDCHTx`lk3T0TQez1Q-xaf_
zK}~i19pxC4$~!b6J3*@-rWF$w5UITAcREY?0{9^hXxi9fVX3>Y{1GRljE4R_lnKw|
z(BbUg;i`S{T6Sptdn&GqSuPX<mzVP6%JGUMMLuN)VjcsXmE@xOJ5*w?K_&KjfE-#>
zfmxSYx!AgM?XzmJ0#8e`(2$~zv;49W)gwSbg@x*@JS=r33d6nXtOa;es7JLlnjxtC
zSn-*5qutwHkqFa*jHW(U)E4DZ`3ivdz%r~?E^_?k<#@l6*0X<zwt6BZ`ap!IN)!ly
z?D;U_0gQ@^R3ga5$2<cMR^Wpmx%s)Of;0gH0lJq=p+m<U^ync;N5)2O-Q-tDnmXOY
zb^#3z(LaEj=&s;3Qe-z7M}HHh;qReD{JjE{seJid01<6f#Up7u5u*XU)LAWXA<x=~
z`rp$~#XEPPtq4$S{x+BPP(4kpMHsmf^$p6n@;yWG{*LnP!|*;HMIp6CT9Af^%QGk{
zksnh%{eSLTeP8>ngMa&5YEmUU0ns>8TGB>s9qD#;)>d2)dL99Zek!RN9tH<M7z^p!
zFw;^xSX;zIYBaN>CGvbEe76=g?TPg5j-rnN+05lz5%K!}4Cp=xDxeQY;tjdWbk|@m
zQWr{_knK&=T1p;|(5ok<E!dp2Myk+`_gH0V)0)s0Jhmz)wB-@F&pF_N`Ao_!hp+3X
z?H)1zF@oMG+vcuDCDRUEW`JvT-D>hU;N1WYqH__l>(7W)W^(f*+6{%8t(M$N@VN7+
zZO~wQMK%m9j+ztgH6XUtbQc%%bB3D|-P2E73T-|;h-6g$9cD{3!cCq!1F5!d`05L<
zqlrogu#T)p(X^AU?per-H*g6X(mhQ1>)4#Xy-b%f@DSNci0Zj``g)v;Ou(Y#+-cgK
zMZ24+-Nk5knc7`f8@*eg-Cfk~^0d1)?QU5X_6{aAV1g%+yzx=AVK<e-@V^5<-m2jb
zTcu(*@NtFY-`a)@@j`$O8umLMX=%6&CvRE}?@lfxMIf{mJF@5kkhMy!ybiHhoU21~
zs&y$t`Ut&9xXFAhm)uZP70?$d5AZy49{UTg&15dU7PDyU^NY}$l>rv?uCETN(ZhNa
z#*^Gzii+PM{Z`RO`>l}3=oxPS!$)|~28E7_!Xem9EqF(elYM9jwH#)oS%|>pmmx!;
zdb&J}@y-`e(R#Z46usH1-5jGgFVPz@>jk=8JqwH9iQ^2&YZhkI@rh#AOZ37BO`Wy_
zYeI|Ify1rAgfISEHsCh}p1!M%bAWj#!p>IX5wY43cVQc_)u>S*C-KzsS@=4!;_>G+
z1BH|r={+rv5{53C6^o|ul6Go%t$mD4Ig7IwzpA`=J~kmO;J%w0kpK{|Vfno1XxXA0
z7%el0kCwh0(a|yvM~naFmq!b*DM}m_<6)Xzjto;bod<r4_I%I@#lqco({@zBPjstE
zFX3YO78I2nTB1R0RB_#+Q)oitbNW7AnX+Oav8M)YSpUIt0t4j?td3ob!cr_uw=YPu
z@c&>@hiFlrrR8lnz>gC&$CbQ&K5jdp+$-46+Gy}h^`w@%NjB2pVl?7KGxwd@@xXk{
z%7kBEEjqwaz7fhc>O@8jWt-xq4IuZY=|b64;zQYY#f$!_aw5J^6~L?@MV>6Pdyli#
zx9Ivr3l{nXUe5Lv8GS|v5bFczD#_8iF-Go%Nm+RefgtZtY6iXK^qK!a0nm#k1R>S8
zmBMh>5E#T2jIMG;TIEn6Mpe~Q0O~7F=i0OI&5i$|#LDzaTou;UsGFWa#)1KHf_ID8
z`}rkxhTVGpk==}tutZIIS)1fCWg#qw0=*{j;>4%Bry6F~ATX38kz(r%wYf%WQRmAw
z14(2wqdK;_2}eXOqjKRKkwY#fyzyUc=j3Zx!Yo=qEDreuToRA1Tx_gVDnhx&s+x0x
z$<tk=#LL0Fp0;s*(f=3dpY4<ih^orx0BxIFH~`yB=|SqS7Hv?mlx$@L8jKp@k{N{R
zJ8>FR{5Jt2B_8uN#A0XXh&K)F3*S<4>|v{@N!y@Y;C4sh((a%ECSVZ>UxZ1_U3iGX
zjs}r4eBY<taEG{=(ed%Vg=T;httO#n4O8jqw~pS5Pe9oC>_pUD(pc4>jW%tE02lMo
z&~XtOsuT()5(3s&o`t5oHWh@zWHj5r&3TzwyndmZoI!%^<74%8v2%jLC694oA=%!C
z1Ilp|*u|`JBxpyq0t%FDH`$$np6$5G2eXR#`#kyr@+{<b1R-x6|FFBjMMjSw5OB0L
z)Q8$B+YM5Y;V-i%2nSVK7`X?4m&W6zG_k>i(CevPWpN2e>p^uEewmnPCcMN2%XVsa
z?X=|E{C19UOL6iSa)G%4m99E|1gb?j#wd*e5xMfgNrDA)^}R6(<l0<FQZm)JniD)z
z7h4-MUn(%yO<?y0UAd(AZjJXIqsAfk%*V@4b6u>;nQQgA)#s=YgN45z*Pn!6Ro+bH
zO_euC2)}@mjG_4|wF9nvP{&rIqr<w`%v9c(IYNldRjw^oKBW&@B1<FyAg2LnQT4WS
zIW~~7bLUk)xQxG!(B9P@&<hjsGdvneRL-6x7(sMOwE3Ysxjv`_)S<Nl<fPFL(T~S0
zn-3Lg60TxhVypdp0fmtP5FW`K!7r>i$7j`?U=R6S{A9x46|vu}i-qcGl~dyeYpNuY
zC6O!!cmR(I%()$Ilx|M&aiJI;wiv!(=@>~3i<ugK=@Yy`Ox3CSsD;gN#B*AK2{c02
z9C{hL&z)a8{*@RU3A+K4cc78EBPh+<fan!BI~nRG7$l)jF6cugM}EG~+eJoFJq%Lz
zEcoW!wGYeAE+8pu=gYl;&tiN=7D(U&F7g{(Eb4SzE9SoudEL-o=*9xxyA>@UZ|5=;
z^JcBkqg<sR`KD_^OP1`|4N&D5xC`a1gE&Udf$$jg#FPlr)eo^$-rQiqEQn*uB#pxq
zdp8Ip<ac*sx?-Xwh`oBY1{KdR##rr5YRiD+s?0t?4)G%m@0Qt<h3i`Mg`9N&N`mo`
z9?Ea+&33u-(Pi#Tc$GL5{{8}Tx|fbCbV12a&d)D!!8DZyxzrDVnHWjutj~@EC6|_^
zS?In`HEAyriJ(&Cc$YUif<mR5^g7*w;JC(CuYo3<J%NwUo}Db*#Gmf;P_|59{Psph
zyI_VQ_P`4rs2YYAA<NR}P>v*P8^4N?(LNA9qO%;vA4h}S`4#z=&aDRs<{^J0Ps9e9
z<a9-N=8?FxLRI7)PLy5U%XU;>Llvc$k(=}Fc7CMX_VhWk7%&^oI*wLcdD?F_)H@p2
zGIl!*mH_IK=$7pw28~JjhL(2|N8wGAV8#gzh;YXxnxJQ^KgKC@@d`BAa+;;ZE6~IB
zb%w1uKusGr!1v{>jriMYxbFDSoAz{*S>CivTxn-?au$6&9v{y){1M=CoZR?{T+%1&
zvVNe``Q=S3g%J(8E79s-Db3mnN%S5aGb@X;ei*$+yip#^`q$`v4c_0I<%`~b5AP>r
zy%@bmR!kY0^)GlI2lsV2C$3xRVbqhw(x#P499D9PdJ=HISjt_2`)qO5_W&xP(KK5~
zMETN1Hfnl3n;-tO>&+3pD_v+5SM^fbmS1>y@x|=79Sv`zOFTZYCdiNIY1z2|vM4Lu
zIM~#rV~89=pH1jhlNxahb!yBX#z$!E<2oUqpYCDlvT>cZPDhUrcj!?lSxKmYkpg@`
z*pkpGQ5%4s)6y*bK<V<R>BpWJv}vcyFfDW<&8}y39&33o@?4MqQRBJV)mfO2JkyC{
z5Pl)w$F;l2??Flgj*Cy!_Ithckv1K9+x7gN<*9q4(g5TbUEVt=hSL&EhkpL3&f+G&
z`5eliV9*_2xB#f0mbkETA8xPE0ms6fw>4$m20emm$^g#sRo?S>4^j@JiHOJ>4eZPa
zlg~iT4lY3h2s3h`Fg>T-szu2ycA===w(%<bu;P03obEBuJv%^SirMNJXsl@<pK0V;
z02!kV=1@RnG?u8kiEeh;>bWR^x4fydylutZ<?p->kQb2kNncufeC<4K3yn-SK_0h9
z7c#wvo*6Yl4W#C-@&iy#`AxL2A+rWbV56D=k5-18`~V1kw%D6lyl%FeRN=0=D-J`*
zV|eq3NpC6N3x%XNE^(3XPSJJ^`uS0|ZVimPwIX2rc9*{n`SJ@$d)k*kHE4O%nYUiJ
zMsw7EImd-_T4gM$dR=)f6jMO(ENaN3*gRbkW{)_o@KeNFDxd1n(QUXstw7+Wj*kIW
z$c1|al1||k5||*0gV566DO%I>NpQ1fiq`BCBh4<1EyoroGjUyzZY8;Ah_c)W*n-5%
zX%2M6m9d}u6~^}p_4c^6jNJ?=n-^N}Cl!A(@FyF8T==sBf7bX8qaD*jLJJyr{wbm=
zMI?kN_@}_t-$=h9e#T-1(oZJL&*&R}vsBRKXy!+!H$!``rK@WU<d+M&U^eFroF%<p
z;(Bd<*$XtU>)Nm3nR0K>AH@bJxYI_pqRviC?nI;60*j$Bz2z~FZVB0>t<+&z8aU#V
znYibHd=8b`iI+f22KP$<u!X3oK(L_90Fcm-qkkRa=w-i$yKJkj)14C&qdO<Y7P_G_
z;ziccU%FgiN|%>()IodqG~m8%At}%iBYt84;#_ghwOwl3kB%(WS+>dzZ{bt1!&qS!
z!v;g6npV@64;`B3JB807F2a~VniVc)LzvtOOkiAHuD*7mzAiTg%B@`(BZdrO11<g7
zK<U1RbOU*5F1;9v5gTGK*MAJcpyd%mm<Km+z|-2HWxNg1ZU`?!*oH4asD)4oVFLtt
z!4KM{1uwQkOduu@UxxTH#GMd#Lfi#$7sR~~_d?tUai7oVqpmkQ4ZV?%$tqU*JOl!v
z4^ud3$EM&`gmCD!R{KZ_z&NZ$pgE#>ef*3*w1SRwLfT*_B;LBVs}H`r!j0eUIRh<i
zant%n`{cUTC+XNHD+_3!VCJnnTyKNmhftSmnA}>s&>&u+t@k-?z26Th8exm%8SJYo
zkdyX8?U0;Xhvb7ygMD_zAbyS@v)@CGc6ixVh*BV=L6`<%CWK4~3m_D_Y2TzkTc<#r
z3~@5VR*0<-TOh{gW{AxYGY~Tn8zD9h?;EX+*1+!u2(=KlyNC2mt^uGP(iil8cs~qH
z8`gK?lnfj^K}RCaokGmDV8`sq=uxB)eZ5CK5hNEp=326(d|BauEuW@NJc3KiE2SwB
z>%I(NozU{kcDuaBEcW;F4)iN8-slH@@{4u%`ev^4EqlWvCrEi_@w-NyaIBmfyyh_E
z<Fv?8^?1_>H_GcPU!+HpiAR!AphJC5&pacp+fug-ybV{j<vhmLNYIOYfn1)9dpg!w
z)HPP}phjp)XdbAB6hnPC0Qtks``=K%ouYm_S^f4@k`&2^R%7nMeEAZ}OSTg@ovN*P
zGC@$jBwv*S9zAiSp?C>To8Y;sUIgj{jf5JAazl~MvV_Qm=&t+;B(kg1n8%jT)up}t
zkq<CB^cQ0+tFk*E=W!34JTKD_sG5yVb%jn_Q(4u9<OIDo`w#j*Fv@wEhDLV(JZrw2
z-T&=a+liX)Lf--=dEEqgBXmuk*>SyM1T?$hjN>MZmU_MDpXxYWagi#map5>Q1cQ0q
zX@COQF|-1=JVt3ct~+D_4y4z+9wYyvM%HxF<?OTonb^}JhV>C%LrIPBD8QhYhB7FF
zyFiyg@j;DV1EIG0#U}NO*TjIn=L`(UI?j9x?i%#7<8b$&5+gVC0p3l21$u;^BoZTk
zn@AFQa~^G#14bkC(}B_S*T~@SD7;1y>m7<Modq`4SDI3oPxdr|bic_cZDOQNW}Dx)
z$@1!}uTs4Lw0L@`&YWDEkmD43d_NeE3<^#bbyj`tsCkQp9(q&_S_7}ViPpd=rXkkA
zcmj8Rp^vL}sq27cJWm;!!}vN|{W)D^sI4|_1MssQ4HaE=TwS$4RD<`ae7dhhX7@F+
z`wWi8^<&cm*)HEpiTKEq`WWeJptz7zXUM7c3vC`?y3Iar8+^o7=%WR=P^Cp)y&JXg
z`H&8&)L%sOaUr~sPqtDPXh9@{erSerTo$C6o~D`7Y<_nCB5qrEK+lh?TogOrQul%h
z%Tz{n2V(dnOiINhD5ds=SZpVS302bzTD^ec^libr2CniK*xOCt;40;UN?-LzOf|Il
z9#0i--oD;kxo9L5-db6os<7gX+t-i8gj7hllv-<13?ZFvp5y(BcV!>8?sC-9*I~=Q
zyWNPodXKq$HX`bKCsmdF<syodJE-aB!ZrMOar0^&f1A9%oa#kV$@&XaFGBuw67@HU
zWX!u!{lxlmNoaS>qV}T?)O7QAxQD1J`ZZOBn|yv4^6$V*(!z3?=7!hYnj$HxeL&))
z{6H4k;R9!bk^Qu2^#VPER-Q>8Kxg*%OXHC}6(%&8Fs5GoliHz}*(H5Eho(tSuDPXT
ziv72Q(L=L@ap%=JvA<6kjcii3aqyvX1m7Jrl8Kt0qz+ne<jW;yV2qeTQjWqvudUnB
zFL@bZq#TT>BRW>0&P-^x`RxZPu{FM>a_yo&BMaS3S13M?04_x^o2~u^vimr=d^ss@
z7g-AJX*)3=P}N>QaBIq1GrOgi?nSr)LjaFI@d=;TjjV2BtLsr-*q5ua`<gobLpQ9L
zL?{N0*p8T=Zpx5^u<v(UwU$=yff=aU&rfCdJ;?6!E6@bty2_34kXhgu52fiBI(pY#
z0#cHjTlt_)XoX%-xv&^wL~qy#1ypp%4FFd|4nzHr{SNIuW2GFkFUR7Os-c|6%j6mJ
z%A|~W+1U>Z*W_ztG_*>`pP*wa7a7JIvmJqT-B9)>RmaxMgeLUmOn9>&E66a}4++=h
z93xo<g+h^1KBE|<wLsK--$nAG{N6qbdy1{u+D{i?2aHbM?p0MlWNUd5BC@d+o;t%S
znc9v$Bze!1WL!>KUJm_6en+?TGmac1TaB9aay-(IO#Te<x~=9MTb&DuZ&Jg-_2u%-
zYrDkBx_s1+e}N7Nia~NjmmYm|7t?ulUHJf(kCJoCvot(+k+^qoeW$cMU(Q0zRzK{{
zT@%CB;L=662}hTnt@#Kwb%~@U5FJ7}#+|23xJ`!H*+ygY&hsX^8yFC%*W|U7$%}F<
zWs;d|gyd|6&?i~g?cT(?Mae0(wQIU{@SsC`fMnAPR3{n9MQ!bd9(;CDrK4^D>@jpS
z4gkLRAOb!f)AH31qazZ%H7OaW|MTN;RHmTmRBF{t?X7&0jBgR)eROVu1{;bIC1w<r
z4?<c{%)+%roiN&Si@2#hf@#sfs&O#l$4%aXCS$fgJKinipUcX-2_=`yThNEQ<6XYg
zK2>;J-f}>@yAAHfxX3Tx2H5uDTf~q?y#Q?4J1j%hV1{36P9^qXdE}|V^wPJnSLH2!
z?ZpM~Vz#^mx5i9ItaOnq$RKY)Z61~9(i>dl9-7n=xl5si;rnFN+f+s8J4Dazi_5A-
zMeA+$-3XPyx`^*iAVA+Fm)^o}dSZQ>Tu)SO?%jZD*imvEd_Dm_51r728SKyX@uTI1
z#=+#@V={<(j|fd}vI}qMR65`XkD{7e{ZMN)U?~hPyg4xRX7A7&|KJTkQ|c<I`mP4e
z2-y%x7r)zw3+p+?=zY-Q6x!r1SVI#Q25A%uY83=@e{+5TK(h6J2$GT~P-$PI^52A9
zHn*JN=;5apO0&s_fOa+A#r!xoc?=oP2X)0bFHsdZ%u5?^aLWy)LCth$1JaR$#{l!&
z|A;G`+Ju<92AHNzFd?Rp_b_?Q>d374<XLT2eE*nc)o|;b$dLBsu9m5~ojgT1*0c{B
zPyxt#14j-J*~k<Z*~efzPOT`#1L%)MziAAv!g-8Hg@Ti`brFkP*+{Jc8FrsBPYfF)
zc9Yt)2eL(0*hGgM<zy4{00zi74>Cr#2FU8*YDaRuwu6F@H{XLVmoSuLb9}sZsq7@;
zn;H~WoVq;vd@^?uewZK_iE>pVora7>z_#Mzl3aC6OGxhcKj^&GMa?-o>5Llec$sQE
zNwj7&q!K3JWf&|PIAW@~bCH)KCe{4tI*#$g)N*~bCAUIczphwGBJ5G5GU%_))>K>4
z7vgT|=0S-by}HKeE9mtY9$Vsb_APOPFoLC$kH%4M3@6*?sOt*75X<i4dX)rrpYyuS
zU$?3^ArJx6*@>-(>V;_gp%`ZL<sBBU-@bm7=ueHd-n&EAilz=>4=8VdCZS$v&hx}`
z4ELFxcLC=Df56zbxv($E>S^dj<}zHvY<&(rCmosE&0RJK=?LGb*(GGa@YiD~Qtm@-
zX3DTsqe9>Xy>JPBV}#>FpV|BaGvkh{I5Yk|D32WddMHEbL!exL*Z*Ts-t0suhxwmF
znKOWbBcE1>J~x49S*#@ppHty9vKkkOWc^!efBz;!i`c2!>cxQZS314EiYM~CK6vx~
z>UKWuS3rAp{1`M;Q~4O>J>NVPzmgsZ`sVcyT-_SD>Wf@q1e~YisJoD7Q1Wx!TtALT
zjS(|zO;b9qF=|{q1L$C~<C<Wsy<IsYw^E&D?wlZRcvQINxG7j_ZzoQCcT%y$$X6A=
zCM}}DtkX*S1wM7HP=4MlOdx5)KeDeO@{tZyGuTVa>pqeTERK`46E+#;deot0+d1?4
zk>qm2;0KO4PKIJLe7X8fchs?Sj`FeWp{9k3!IM#3%Va<7IJvn4J`80fZya4Ych<&4
zlovAcDrejIo_<~BgEIt^I?t#i`8MebNf{u0wyV%hK2qpJM`16~d}<Y#+5Pil^W{c&
zVW7h}1ziptrZ)EPqid}BMtL;5{|w!0It5MtYtBhRA3w(NN1mw);L$S5)Whg9OG$(J
z2Zhm&lfY7QOc`o+ii}dSvZyMc&%}M9eeC}0a&w>~DG*LbXiRY8dTQX4gqq{%bHE}@
zlo{D&l+PGW1eA#hCk;(i4R|0>&1uPHlo<X36qxY-^3pOXk9p$j479Dl;al7i*HVaE
zv*<8Lp_J0copO0}o>Aguvrp)h`*!Ur+eOOnLq4!Y%3;_;+-b?c9_CI-IYt~os*vm^
zhpF*&+R#<^t|MA60`dcQUn&Q21YG~~@DWhx22tDgXIukH@OzUMa=4Vz)7EoVY{R4N
z@JKkMOeyftx)8nR4n9l4<Khzh!c<v1cFu}E^yD_&0Sa-a9PC*M>5Xy-V?(R55S~Tc
zS7M%4rS(kfrPj8Db3zy9hg>O;djWjnqM@~7qyzG;XDV0+<XtynaXLI0w=^xqb`GvA
zaAkEqAJ=oXr%gPolbhv}@)`Wpqe3*Tq;xqto2<N^y*8=xdg|I(_BSmjF9qd#+lk5x
z6HgMDfNdv&o*0sNa=?+21^Nt-rbnIJ*b@l%b@sXW8FaM+WG_C!?IvyCq!zMq<l2#8
zTiI$NP2I3u8BdM((0Lv|g6#e#?srs7<QMcso4>RqxCECuBIdV$`T)&8(D+vF#B(Rf
zsSl{8wZFKyVx#=W^pAZ{8^v43iZyPsVh(j|_Lt(d4{Ihnooi#{kRjv<Rajhf8On7o
zVrYDuFV_Oe4lUUpN#@f7H)CAB%x%Q*0cxrc03;#OH^l~HA-Qr&Rd*sJz+d19r;6O5
z+hYW_<F&KMo485yDZ02((@kHdxdoFaxu`TK-laqHXy9nJAxCowglRJ7gtj1s+(aB=
z_7Jut>dh(^8ZJn_06|JK7DpBrZEt$oit}(~>j0Lv9ZNfM8equYfY#=;&=w_bxS<TW
zU<c0l50E!lzWQl+E#(welZn+^G!3B{u6A1R$BIA6(FbxOYLMM_myx%~SD)@S8(`iQ
z{bp!F<>@A~VNn`W>IkegVFqZJpgIfRC*L?ljo4Gm+YrXy`iO>6^0uLs$<2h#i})lN
z5Ue;oz)ym}Kv<a`5EhViA86uYTa7AM(b(omT)IN=cHob)LS4U1K1o(kJ5i8`<yhr$
zIVcjA&lE{4pPmPNVMTpZ1d0xKeZ8h3d+iW{w*!Bav4^m}JMc$|KZG^jfj<o#o_7iS
z&#IHiEQX75cSl&S`RcKAVIj_AAm4`WvvchztNr*5G-E~U67eR($3x|KlX%l8jFTT-
zAvsS;3s*ooh%=9_l$<RM3s=5C73Yj_ucjQAoag04svl3nTSK$mdER@w>^zTp^1@}(
zf>DghombA0_t2ClHrk&_ky0kA>sRKh1>s`lcJy%IZKEFT7>|zJ^?U3B`fNC0qhu}$
zRjkalNDEim{N&$2{?#xcbpR)(;T2$QFZSWg03vKVTA(^+QKy}gJVx@<-$!_CH~GWC
zugBtSEE%%?_;(s9Sq=DeE6jc$&l1a*$D_|4RNvaEOCI@_kW3ms1^O|8-1$jVCD@8~
z8pS)%aT&5aBOO<Gqx`O7033HI6VR|Mp@8JWM;##;;EpST!KN-08(8tP&O&$8I~lc*
zxXW%r$Dkhbaz3$ujQzdl3$99uBM*X14aDl3G(ux!oKi^_0!=3Qqy9o|{*s`_Ql8v^
zo*n&^Nv}Ca?Ig$~9K{{SaD|q-Cot!e@9)8+{g4##y2jSvA(?b2i2cw8b*PIrl6?G%
z<n7BR+uxv#7)D#fpQA9WHT6U8d>0W8XavU3o6ry5EH|0|w$|j12L5h2r!Nl%C6GN=
zzAChnF#13zi{79(3~xX42HlTi_qGdpjvgV_)}1Q}<^f-<?!uu?l(aHazg*@ESf(n3
zNh&SO8tv+PsfkutC(M9)>vIPS%^!3uRYXk%mC>lqEMcJ1TYgK8n7!>aDqDkIF(N)&
zr@6_d*Xi;+TXO=6C$AjB?W<v7^`J9R_aUr!tg;;6Me7i<S<A$iYyG5rn?mwc0D!8v
zH5}k)x=E7uA$}tC#=7_1#Dw?6c4)A>N!1}F!m04vu~DVF`^J*dhmiP0foXaN2PVj^
z%897>$e{Sxbr@KzeYl~#tFFLWy;MJ5m_YY+jHa9Gsl>M5IBzm%i5T7>K7UDogc$}U
z9W#vQmm}NHkNubGhdptBT|eAj@mKW2z2By~$gT=aKfD2B27YEjD604e^}|^D-`5XQ
z82+k$I8w$rh#DdIAsm44I)vR2UWTx(;=f8ij31L#taKj)X06VWvi842KU~QV=!Y}-
zzp5XuUQ7D~GjDwft`9&6ul+mv;Y$7=)eqBh|5N(mNZB(X%7m~0!XgMuAuNNi62f}^
zze+!>wb54i-3DPdgoFHlk$zayJ><I!$s-`3qlsn)%!?A&2||!m(o6jy{stHRPrZc;
zx`dJ$kTKDEu^49qZC6C&TXa{1BglW|B0p~i3S&$=fN49iIQ6uPNLu16G;wAmk%z>c
zv*CvNuDH7~!mdV4gYP{MvBd(Be_DC1_6Zl6+e}R#cV@$TytRByH2v;oWco6Z)4?BE
z=yZhmXY8|RzEv)=wwZ2302rtEoR^n)%syv$32rr|ImpuH=stzmZjR^$n~&>qk>&;p
zQxv3s-yZ>~%UCg@%4xwPBa}Jx!l+Yb?7)h_SEss&Df%^Fo%rM(v$Y4TD)hNXM-zPp
zPX;!OLb^H&+ln019u9am!gYb*uyuiN9~dUG8xBO*1+oU#1(KCBa?9*Hc;oy>1?VpR
zO5MoX`1!dYn-8oJB$IC(7!=|64y+MG76|Mm)<VGog<0$+W?^(h40l`u^6fQKFfQ#M
z2FAwyQ7}G$cLm%E+)S4a=w++uwW@MRVC&**ne6!h$OHgHxqaZ4d6YM)POESQUyi9w
z1{h_0M_^^n>~YmDi&cv{HoyR^oj}&?9|Zh+16x5iP7trhY%+`24T5#YDHZqm(MU?v
zZis#V@ExDc`?St%RH^tf8`+-p{hH)b#!d}Hcx7dBL_<#X<9vM9c#I61T_j2&$T$xA
zR3_7*h{%$s&7TjQjBX0J-u&%Fa^oyS7}w9XKc3#oPh9ddo1gt9J}n_q!DY$WNo^k>
zsQ}*TeWHg$6_Al1Np}+?XM|g2U^WHJp#IQz&em+I=*Jjfu_U1vCrq@^vIIKflvwSg
zoig^hSO|+P@Z(N}pVEwof!U*IU{;6*X3HVzxw35ddDaC#>sG+erZw>3TWECl92%Xi
zN29aNYkd1qNf9+Y+bP30hghGbNZu|01IP#Z$_xG!M01X@HK#X=7g&sjo2ALE2_Fg%
z%YsEdE?(FyIf>&cKPLSuGK6;zT9Y|RO%uOfE<vY(hLh>7&{&4H^fOXPrz~8Sy`7NZ
z+AC<LmhX69nALMe41nO#9&L$sc;;jbkN|HNw1cdl&b7N9TS68Md_lQmpxNYBAp6&L
z$pEi`7K#SDSjDbL6*b>tJ6&<;MST(eCgtJp_yzboD;s~aGU2!Eg`{#CB`%}U_}Mfv
z&7{$k3>r<J2GRBxO)KJXbBk{0QW_g~7R4b^WOlB^`<iec5Kq&~=pzPro*npb=TemB
zOnLA-!l?5%m=?uq+Ag}#B-OORD?1j@%kyxl`5W804KjK3<l;Hp`lr)ekClfhX-7k7
zF$**31P1cdW1ey>dzkaFCXGfE7Esfe)bHXpPKG=?Q>QD@e0P1-mgjzIW|Y@wYb3%s
zYRhAhT~i;EU1^UIE42Y)zGBLQ21*OkECnu4fBDq!e%UU`<paW~c@IPHUTBwu7D*~U
zN8Fe;P32=9eA={i(|t47$>uktMQLU<N!s{^Q77D{*(5D^gCP&;A{Ti6g0dgMj<_L<
z7$w>KD`k3L^}G>b04!Z%mLD_QmoS2fRxOyn<n1*#bQUEca)IZGpu@);qx7`7V2P`!
zxTN?A+?d-E)EsB=qea40&Hm^k;D$iF&iTcF>4A0V+Br_dt4HW9h4NKlc78qxe1+xY
zE%cyEg_I<#wh@VuvM`sDG`RC1zQKe^F?99Tx@nT^v;xLIG&`ARvK>c-Zm|i7lr=q&
zhkhCK*%D{nf%(PW7`FOVRLBI`>YaLO)5_KyMTbl!slW&bj2w$jxVTh#Rx&lRwwI*k
zgScd6f8>W*%x8R;t}CFggwx0&u+=|+giSe~u<b-qPY;w|@lD@?xl9(G559g3nUD^x
ze*`Aulm^|gV`#DBBJXt4nVlcepu+|d{R|LC#Q;o*9r%#yEVPADg)Ys}0=kb#)wVr;
zf;~CQN_R|X88j1YxzTY{a`v*-0VIMwoEeDeH|!-TY&BK+I#bveQGcYlZy5Sw2Riq0
z9Nole&|gL9?Y;#gBG8W|EAD|WcEN1uX^2JW#SqXC7eNQM!z&<nqTMoNoTm!C?jhfZ
zcHty|CqG{>=I1N1Q9lyB?tH9U(g7;0_PUAx7TrMKMfPiZR*EU_WiMf%X@Cl9onw_a
z20Cl7r*L4tbvJe;%F&l8&xS6x99$|}eGV5W@_kP05@<{8HgfuIiuuT~bn&O;St+zV
zp|M@jX2D0jP)v8net3IRme?C!KN~6;ZIy?=0j<&p?8Zk8akNz$XscYj@|9NUg;r4^
z<6fw2ejy3`l2T&0DWsj-HT;W4TemWWx(4Zm_Hh+bha8v56m)b4l6WUT-ShFd?#b{v
z`4MjNRqptzOAa+Dh1%@{D)A$*EgSwF)uLP{;Go&gCF5$>UYZp0tqLP8bN1QZBf--H
z+O4SQdmZFxRhSBws*pCsIY{JNWICQxa3u9h!Y<v;GC0O}tbtL71KklUl&=eOkOQ`L
z=ep@IcdJR}=m?*M8I_qsMz|-YXeUiH(L(6ZMXMbgx(&L>&?S@rBx^%Ajv_?z;LuIQ
zj<wLCYaSfB$<d+vDt2#Xl?vl=^ZJ=XhwZoS{_3!e{qtA)7teir%4eMG!V@b#eVO)d
zVZPQrIB=8co^5okgljL1R$XM0$Oktx3|9nOHw+C8ctGtGsLWtZpvlP}(=^nkezX@l
zpa&-)LR$c#%~%;?LeGYX95DROONazRumSok$$}d@uF1WqoqzMER6Flmb$Ouc8&7?u
z>-%5Bu1}*~|CN5fgBpXTe5v0fMhk3pl^$*PjO0=HlDdu|3u$a7b7^cL-=wjX+(+YN
zayP~gkW_k`N|I@uMl3X*N*EeXBRU#qklt+=&m^5RP9cQGvq_l7nWSwSLYJ+s%O>y9
zqy^+%8t0LBXuOF0fyOTK8yYVqyJ%cQen#VE<VQ4KL3}h`Nor_ZPP{Z;O#~XRA<xj5
zC#z_@ft1jABPoc0Kp9A~5L5Tz?k18+FVP^1%%GRJj7;vLmq?1qIC_cRS&4;SqDNL@
zqL=83mE8CVUZUood`>T4!OM1fxf?If`~<%}t#rVMWR@K3Fi{gA82E4hggQqsI!ucq
zDZipA>lnu@*G<iS<0qIh`2Hq2*X%GYjb#6hR)ED}DvG3(YbjQTX;~!2t)(P8Oe-QO
z3$&CJhiPRb<$f(C)nO`+q@-$qq&a4-jsP-J0|XG$9nk>5A9~LQ**_*8PeQ5Jv#%P{
zl&c`g!F&(tVnAOPOCN>w>`r6a+ADGZNL1-ieITCofCkh(^>nQ!Q;wOV7w(0Z?wa$Y
zUYHW!&W{fe%ba;J!tIbaYR;1e!6F8XV!biGT{t1DAc$-o=Wh**etoc~o^pQ4buj=7
z6!RGX056^IsYk|yf2B-@2Uz}bNDX26??U<Sh=CZTcF6kQKTtner4=(rD|XeFt7<ii
zSe+nq;v{6jt8_ivm!qdPYwJO*B$|B-yWd!(2w!U?@|^BVMk2knCD%jT4PCJkkCq|5
zA@2HsWr!7xL%2TI5+vn5OmmUL)X`;XjbE_LhFJi7K!d+EYNP@L%gXNO`X+PcVOAke
zG!3`WdGXhDk(C*?q)PSPU!7dU%hLdGc7I-czI>+Y0%nq&m*u=z$r+aOV%Yt<s!vh-
zU8SgVb-F;<Qgu`BSJgt0lq8M_ciYav#IUR;EF@-&y@rilz%1-C;v%un8-DdwPt2=D
z9Y4Y|{#G$Mw@(QByr*{U+9l8021vQsw^%O+eky)4(NG`gHOZ}2pG*W0finSC;(61<
zVsm)DZ(~i^GtuTRPH)aW83wMbCNAQTn(Gpq)svs}oTyn^6IM(jWCRI>0&z`wRu28t
zGqHGbD=oR|B9{BSX|Z@boQq<5`f=Nd`6oZ|EvgC2GYnryfDbe50#h-`Uce~hKx#~<
zCQ|r#l&?bXz#J7Ov0uM7F5<W(PcC4jQ9$sYZ<U-3HfW=IGJGfWR2PEaP4pOw5%%;(
zoB!IYbgQ;LXU9uWYq>E!5o_-_<4ugT(yJYbfZvWb_C*%rbgt7UoRS;i(JrlVc7b#W
zwV<uDE7CCHsxI27;`^%HeDX5@3(q<IMnPZChlsDseioK(^6|;<<1s4DC$9jc2||}-
zlZDQc7gde{hzyd@weh6f>4^zki~(GKJpH(%Wh1nN#Qz8zbmfo2x`)LMW6cTgXMelH
z26_vcJiS?KT0jZ-bj=vH8aJB$jjk&DTV2KIY$wu>4|J6;bF8Dk!sxhx{XorpB|8Y|
z%0%e02?N~)EaDehZ=uRdnjycR_x#5=RA?6&zP^j(#O+YSdC}?(Y4QJ&2KU6+&J}e$
zj%@e%t%x-gJobg(=my5tt5wc0^{)QE1mqnWoUg#IFGY{rp>Y*y2i{k$3d4-L+0gb6
zz<L~Ey*LEc)3{%7qc1GKKl!)@DV}4H;O&wy5tniLPJR{z*W0zR<sSpr<}XEbrR{q1
zQ`vdB=ghb!^lhrEOgJMaz6{9;C1LS;wvdSD=@hg}#YSnA5-(m)6-;RRbNliq{wFEu
z>;J!`pnD<|^!5MuQP9`_KTkpT{%@tAyD4Sb`@f!oYH%L>5(Pc@znp^Z{dx*|;6Fh@
zHx741Ydhz*bxT~e%$aj-P4<$sLW$c7T_%;hAPL)~lD$&NZmHxIspMs;WV=-Ix>WL#
zFp+HiS;RAKL{W3+&#0mX=;<A?K<)}GQo)|On9Nk(oH>GLGUIt;W};x2uPAS1)Wysf
zuP3nIzYjOcrTO;$L}#gMtn8Rkd7W7w3t0ZJ@{#OJlSf2-R)Yv)@|cR12KJC&B<cM4
zygWWpBnGxd#&zQ3%4?pO;s)*ooD7s-imP7G!M*a+Xql3*d)=?TT%gfoRDP40&QHyp
z&Zo@@@^5D5us^`_j54`Rmdt-<e~^LKtJoK(qJd1TQuVMWp#yz1MoVS4;QoOx70Xtm
zhsHTUwz>=-7VPP;(oJByl{+%+o9__4dv9MGuX20u3D(9fR17NjI<&={p!bunlv4ul
z19%dES3?hYg?F(aNq9xLONmvT+M9g0k_;t(Kub=DmK=TRZCBpDCzv?`UShxhEV?i=
zcKp0wRecZlOU^w5Z64<t(eZsqjx=v7G_Qp=uLECUI=+W%CeCfDC$6|78?HTZ9nV1|
z2`?)K4T|g2W@Iw!4m_+(jTXA@)j2`s9nqVr;}>e>`W{x{qkKJ-{(HGq^zMc^ajRru
zt9Rkv%;X|Fw|AYT(%WO&Xz1s99)-4%xV>0wcFV8Pv3ap4zW8DBdOTZm@Rq77hv4(J
zCgpahed^Oq@$8{a-=Y~URo7isoo@38t@@uTrZ<;Zkwe(7BxKsz7oWfmq>rw4Jc_=(
zoO|Irk5<mr@m)Udh)Wgr`na%*{F4=D?CrKD+<@oY=8frTGjOlloi7Up1D9-fz9JaX
zxs)vY7W?8AK;x{}6==T~ZouUs(x<bCS5`Oz61Rt~{zDAz%Iax5l-G}|XM5m@-Dwq!
zWs>uV-3b|9LPzu5o`83cK@2Sw!*Ml!N!ZI)S3o+t#|g=8WmOL3GqzS(<!e6g0pLhf
z=UXzsT5<qV+5P$Pvhz3^078?UlDIaBJ1^H$GiqC4^81rNq|#_v)pd2VFEgIqud?Dz
zJto{xH?v|Vy;N@<X21U@?eg&4^@&(oqr@HQAedIuBure`!yQAaC?tvAMxDTl-Xl6;
zMA@Cr;~foXQr1-FXcg{U*ptK1T({XDF$$yY3BpLpc}#LPLUlWS0r~E9Zu1Fk4cu-M
z-L|q#F4%2osyQJQY~NJiTa<W23^I}viH+=hSuS{m-9MV$KSEqpt7CuLEW7)BDe;c8
zFr}WsDYaHl&Aw`NQfVJ=C{tra?v)tvnU`Z!=XTM%UAOsdxnyf@uF7pwox2g^Hvgci
zA;ymtQa3qzxbsLoh3T@;COc2Ht~wRym?)n%bSGSuo#z9WCK{R&nl-C&$S(<PlJorL
zX1LtEcp%lABfsBshTVVF(BI9S((^c^(c6AWn_SS=`po&jg^8^S&}ZkVz$X)1I}(}~
zOC?awDFFt+>pI?4COS{)%c{Jmbd~FYJv)V7`SoZuRjJnrHqm=p748vNorX%DRfTcl
zs<Y5P-j7uk8oq)1SXa4F8Cj-sA1jQ?oke<b8oE#245+a-rA&67MkJG+@WBuOmC!3W
zo698capjIO>OgN*qjng9Nmr?E7FQk7N!&5fyGO^?tfnfAW9)u-T?okq%>iOj?rY#)
zGEzTAw(bLnTyJS789*}K#>Bz}-OAU5w%fLD*;}2!y-+5xWzxcUnR`iEA0rjU4s7-q
zc^Fr2eGlml{7`2x|BKG@PY`|t;VgvF|Ejax1)&PUY6uF1FoYK&&^e4BwiP$UUFZ`S
zpSKf@@#TVEx%mL1{N%=}PY_VRUqGl3*K#bxwL&-n;Ut7p5I%r#8p4MV+8~^PaQ0@1
zJ2w|*6w0zWU*cm!IWf}}BmAb8)ttZsu)LkZy*1s!J?QAP>`q6Sqmlg)o-mMTOs&m{
z3FR2{p&VmID91!yRW-#$hg%KWRO0@(N=Ii|g8_QkSflc6PY5@A3vuO{N1(Dx0APMh
z6>dEA3kmQENBK-lPjqw&8E`wTd>Y*Pa*Up_F0%4Hx^i#p9`vL0)0gO63{aSqd&<)W
z^UnTi-e(5##=_j48i(sw&GMP2nk-I`pA<$81xT{bnDeyX>8obUe?E9Q&}(7$H?oJ%
zNY1@B|C>nedd`U*D;#ZQQo$ujxF~r)DU&$hr?;`yuTk>%CK5lI2@*kYsQw8ak-=?S
zDjyXu#072|YMR*U=aJwwnGMcuWmR^dch2n<W8|wo?~z@*fHnik3rXB|xsl!fe7sz6
z$>x{eKSW7f^W@W$`z7uG8bnbm4oxg9bDZ`WZ)5lSS<w)KxBaYm1BqD{k~&KDvVhXj
zZM8(=Ks*e0bR!|_hBt-r**zSgglvpmXctD>g)odcNx0N;LQe}5(&U2e**){4)UE=l
z-TgrA1R@FTk`V6r6>h^uLyK1=@4*JnPYGVZE3)7>oT%xRgx5C}`IaVyrGnj1l333G
z!vw@o7WT0F9{{o^Z|-A%ds<wzRp*;|o1+J4-WN#owrVtQt4{VFl-5(S7bkMNf$Z%8
zviCZYmCXkhE>yW!RHt9``gQQ}&9x?t>iLoC^+u>(K_?na2wknKI+56^2{&Nm1g=ap
zoJcrr(&(EX4Mhrik?Q$3KNd~&=E*HRXW9Kgv=18UySYwE_YUB=(+Yg17pdLnSYT)1
z;>6ZV38z)(L0VR)@V@9hpi#a~q<o!}@)dOANgzP^ZbT{H7nJgS0afj$l&>2p-;D_6
zgIw8^^4&nn*Nv3#i?S?rGg7^RF8~e0ashno696e8AQfB$biAablp)KEhCmwIToush
zUKoZr!Bb+MM$hMd*+~K&7Mv~TzK!_Be(zzNp@p-+U9tOH<>P>GCnsNvBH2k0@+5Be
z0P@l4wV&e1HCFt~;N*H~U~**u;W|F2Sz3hg3kMO6Lqy{!qH&ixPSPBmf)#SK(H!x1
z?v!A%b1nQk;;KD5AJ;X2R(pn^)nhQhQp^I(D>y(=?tq3<;;Mr%kDiv-z&twE@iE}k
zS;VP>8crS5NktT)U}zoygnDHFq2A8UR=GV9gxdT=Z4$Nl%N)I%GNTA}FCtXQ5QI9H
zaCQ)(A~U7~trZcYfLrL@{OCZccY)l{(*}dp&>O|4-H1;mL-0w#@}l^ZN6YCHTG2)5
z?!SXhGblPuMO2cwFN8ZZOp>_nC^9Yl3Nqm|S}_4IMxzW-QA@)az!#fed7w;&jPOv#
zj{ijFdK0co9N?Pwk`gW(6we0U(TeKklJ#-{us3_lq<H>*_HdKlX|;3K&3BiHlMu;Y
z(p84$8}x(o$^4kme3(n-n{*w&#bb|>ih+aNWRRRzSs;Nc77tT(rGGB8BVf%FGQi_)
zm!0jctHJ?-!@5`I0HY@w{0V_aa0d)WgtIl>-urt#uDXaSluc7n&7!^Y3<-pB<ia~)
z<XuQYU@;&Sz7^iwCUe&88o%#xqf`P!b1(aYKTzC*256^iWk9KS!DnS}7(ae#qR*^L
zXqF3z+!?_FIpCW)0-*AlN6Q6A0-sMzXoL?X^!PGk9KCd*1keAnop6LIOkyuCh@6-Y
z^KB=upC@yTK5K^KG|(K#*s@kX&)_^3VbXjv=K{f%g@Y1~-DE>|WgtUtfbS%9)+Xct
zldlO+?IBJ9e*F;`OOMnU9?6{L9Vt8g%7RLVT^JEEWIW<1@vr>?eq`?DwZ<G62mOY7
z+A0+Td+2Cwks-7|Zv;;Lg#iv`(LUs0DjgYu=@DQ^yB%ln#rMj@)Mz(mV>j0KH&=d=
zSXrN1>xv2KGeX(WkDv7*sp$?{czt$vkl_ttqp>?^#F*(0#$ase4(c&Z?Fs61j1Dhj
z<fCutKo*+Z>^_8EX86gPeLX+cahy+ZGz()AanpcePQ)!}iYXBd0_3BJh6WvPhRl##
zh)oD7F$wiptWj6WLoSO>7X)bPExhRfs(rib@m!s^=_g_mg5C8-UMs7+J_fHCywXSB
z?5RiasBa#~+#oj}q97jUCpz8-z>Wf7#}Tj<8erKPV5vIYn`k_}d~z!uT(8rYKEaQr
zS227%2oh`}lGmWvm>o>ardOA#kJo=cgFcs*;ciCSJ|4^CTDvtfT01ryu~i|C=?<o1
ztjG3@t!hRn+5Jc5z+r5o$qnxym|8QYQp*W`OcvIRXB-W}$b=7+_=M96z6TYX{2p(H
zT8zX}^g5afFP1?QTC}18G59pxX_+R6dRivePd=UyaMa^2Ot$*hI7r$^B1+i%{pbz$
z%<41?R)l(e{l8w3$qjs(2KjA+kdFq)5l(b4Gzh%~`W{mLb`9#KrD-XVof>TQ7TmsZ
zaiW1S$o=eV%jh1`WLtN&|9OD5wCq<p#M0voTp-lPjc|crACG|xg!{N2F7#0NaRgXy
zd<QWAK)DA%f!^m+AO>WBhJ8;M3z<;H9|^Gr_;CdMZS48UL6KzhDbxKh7vr)|Hq8yS
zpt%8sXl|&D{Ndz{X=yztCZA6D5IDFvIn;qRGGr1=>n>>aX{0b#rz^&~Oht=C+X<~M
zj~~Ww)-=$zk5s2QTAk)-b(;0m7eY-a+68hWRAy47GRZ?KgKdnJiB0$r#@XqwgTFZf
ze{%%>W(t2j;7^L&VrxwZ^wdMc>u`j@1frctYQb$^Mb!Sej`Arbj7@d?5vB>~_3=bk
z7u|8FIZ6GY6g8Yy@*{h{gxMY=dFs2-onF89Mt6Gg3G&)L@yZBv3}ldnfemyh9pb(x
zOa8##EF-ngl0!s+@`E;1*Q0|bBe8#nT1o!(!+pC={+l|B-pw<fc+&7|+~%|-L`|j{
z&sdTVm&IC^7`7U1ME={)0uFzdo&^l@k#-!g2OVxDfmjwj4S4t&z#aqn^EOpIrg_dD
z6h}R=xGACBXhEYz1`QF^Bu4YGL(goCr+XHV{VUc?m~hKiWMy{d(3M$>>`az8oOJU6
zAX(?eWgU(wgkI;&xTxX{OWsp#^>Vt!106~EoMZ_-WkMd0Mr3@c=p}lg2<;`%q6*Eq
z9-&E`ESwkn)dubqa(-xR)kc0ux0Ds<I(jxeQPoea%JO{+9*9_#-A6|0sa076KRaSo
zHodS=70$z}Xe`Fy_C`mK0P{#ktLD4|deqS{+)xzI3wQ~;x1DeE86Q9+!FKZ0cc@J2
z#*=1-76-s?mP?K~{>YEV52c`MlJ-LC5Bh*+ceg?+2`f+7y{F{ym?Bsa@dt8Ic=$}W
zM^Ah|qo5$N^XZVqHJAx$J?<wgT}y{WSV<7Q=T+V$J6j|@g4c19S|EmftNa5-XZf#1
zcj+(jElOk38^sH(Auz5fAyC}m0dyNkjf<u(#S=K<wVib2XGZF~C1U(CtjqJ=wr;y%
zE^Oe)VxT8dhP1{gtzp<L=#5IY$VEoElP+`YLe~cqeVL<u)^Q1~avmdJLmsOs;ke|z
zEcb}3F6-p80R>W!%Q`BTbQ-#W1N+dIIl<8n#k!1A9s`WjP2~SC(`B1;_L9reZ2k_a
zL5wP-&gImc0~mPYJjgHS89}b{rHrxxuS10ggRMIk_`@QgnQAub74>-xe%oiBD}RU_
zVCFcG0$mz(z7*j4n1qidM%rMMiWv6LXy43Hj;p}ON2S}#nj~@=YR;$l9z|C0eE{Wp
zlogcn0F)efS4AKA47&Sgzu(@ECsrwUA$YBUOBM;fXOV9NE?5GeTN2(6d}68MNGGtm
z)H8&A4a0x%HgXp=MU0RkXUH3jRVad?D#6eVttw>zLz!?D8}-8ohgowJJ0g$aTgpH_
zER*u$2e`o8J=EzKQ@#Od^NZC;o9!l?M0s~N$7J()cGE!>Mq@T~G5cBpqul%V_Nq+5
z{HR_!jQOKZAem?ad9Io|dyL?pF}-n|ADE6t`N$L<T4y&_#LI!=mt>t}Obbp&9<4^F
zbZ7?bXx_~DoR>*k4KDFnWWfydq=Ao-GGO#hBX5eTN+*zrTIXRga%yBRb>GvaSw?l7
zM$=}ml{brCYs|(b_)Xg!l%1FJ>n7mQDVy|BXF<35xXUhfAGD8)u;{12d0BH?^h3>G
zP>|hcoG*qM+&NP>aiP*sd2_lDD>{>76jSBRbin|LKmlv~><bS?EZ(cL=|vj*;y3m5
zxbu4|Z)O0Q;jDOom@>02E^`B)m{~-V7)-hoE-ZKvFZNo5F_2vtNpl%9iv;6B{KW4N
z93aoO6Fq{J-FKATZ(iITF!F$;N5zf|Trv$9^!$vvqm>;`R$jjylGhu=j#M$w<ZxQo
z-VP8mcCN4DZo%kiUUw(l8tDORlVvXX(cO%YO84CwWUm=j^~y52q>ue=iPdmMD(S;|
zzp&eQh|2imcI$-)#c&KiqRNX~iz?TTfGSS23w`VECgZ-Rswh7;=q90w9<)=Rs#xl{
z<g}P>>XyL}(&z{}>X&9iR$$V4O8SO%pUm|s$<aI+U+UTD;i8Dc==sPsV2vxpm9M~U
z6nYo+okve>)b{`8%T7x|6YoSzKd*WJyf+@-mx^|Pcg45Y#qoE?`}xUYNG~?%=X_QX
zJLl8&F)<hCG{995u0nIdLW0<#2SL7RPM9C@CTe9WVtUTVfhTb9<FVm?Zp{-4b!vi+
zPs{^OO_%|vCYFd(6AN`}(uh2^yfn>>d0IPK&rzo)O+r`CHR{yFN}ZZm2ArChBTh{i
z&8Z1>WkQ{rFmPr5ibs=D^kOo^J`=ad0B9iBE=n^CBXC1W&jrYn-*X`XCVbMMU0pDo
zd}8?P$9(hECxTIzMk~{FHh&%D%$M5&VcdEXvHRqc>f+I6^C<s*brZiNVhpMzv=z$1
zz^4{>LYo|a82up00lCL^)X-_TE?!m9CDQx0kXUa7fl#ln5>lp6=SU|p(hE%0MY@i2
zq;&Zc=o@!_-<%--K((L$e9ou*-PP^<XJ}a(<dY!jJS4?J(kbP~rOP##=l8>V5Z%(E
zK8(~UZLcHw`S1JtCtyr|4bs3i2wNcV5LQB14B<ft)xc?Qh43<jJrL?4oPy8}p&P=;
zqdMJP5FUiE2*TqK${}okum!@uL3j;9GXw&m55h?J<|GIi5FUi^FoYrq-+@pE;g<*#
zgo6-}aXJg(GK84-bh;D>Ga)R7uoA*12-_g+hHwZ%8-y+hI)L2_AsNCX2=^Y>>bnA9
zUIgI*2&oX_A$-xK(|ru#2!uTlUV^X%!a4}$5FUf@AcScU?tox!`f5AgpRcq0e7Vl@
zxd*t)4S&54Jx{KC^1jtiKKrfv3Z8xX+2__j%T-i7S1~kwv9Nlz>$#_%<yTd38~%CK
z8vd#0o*nx9q1CHbee229^D4e2JhSRq{%iBht9Xhpe`Xc`)ISe-JhY5wSFYOdsK7s3
zHvc){*_CSta}DNsOn8=m>X}tvF8`_L?tAFbugg!1bFO;kxr*l_b;3XDllS*Jx^-(B
z#5nLQ5Tjn~^6zvOT#P*iF>b8e4RIXAwGcCreCU#7&F{4K#Q4dIiYK2>eTIG}^~u$%
zpZn)05suWdC!bpVe*!gvlg*kw0DwbF>|F_96Lr@Aw*|xs8UZ<790UXe+os%?ZJMNQ
zAQwr><zkp7(>9PMA(=pn0_Bj^6%+)8-Bsj<by3lkLq({F2Yv`uR9I9*L_Api>a_wc
zAK&lIOxm=Vl7OGP>(?26{IB=ky!Za+{3kON+>H6)Jx(HGtkhW;E&|_eIgHVJaYZOM
zMvTbycm<shas@pB(H|U2@;#*iFNHFVPY~1Xe%E9{G$5Y{W^`gIzexts3B5BiGHR=~
za%PfMLnFfZ^LZLW$Qty!giy#I%oTVs92BfUA%yw@!AQN$tT*<}BqpsNwd@fUV(1)l
z`GbOx=JtA--skeW1*I)S@ulgEM&i{8b<1<Tp<M7%XcxrMyf-Yx^P=J!@)+?Nd>+xm
zdp*+yE!v95#e407i#)0Ex$OauPm6Xzx=t2?KEaD?l0x(yUb$6p0#z|?<Xd71;V@e4
zb~%TV%x*B}MJ1WeV$vAQ(K+Z-12X#dYniI?aeN@)^(eJi!iTt0-YsxE@<mZ74TzlR
z=e&O2&50!fr{yBo_j(G0Jeq(9J_-h*y0<(n)#?@akifb8K9P5c5=WHu9w9Ci4g~x`
zln8t&R|Eslj0DI)v{a%=i`K7i%hX#qO|2SX$TryxMvmOh6$SmJxP&Lf@u84VTIen3
z+~J_dSIqe!YN{Ypc_Mz6#HTul-s5wVN&+~!!f-LtT)96SjMg=cGl(2WOZ_1cwoVox
zoy<WS3VTJ)U&NutymT>migdcg<u47ONxQk8=`L@u7grSax#XTfdh)eO`9fka>_VI8
z@J}k#dA%myBil}PXOi7MzsLzbf4I1W3k7(WAi0aWo41a`qWz_==dT*u1-bHU4%y#g
z36%ExTtZs>{)p(7LDwKjq+jg?+)8=oASw_0_(G^zSA`OR56IdQ-M|KHoaXV@tG8Od
z0WtYPqPqdU{=^r+Fu+aq1jR7#t*s!cNr{l?`o)y*^!o&i6zOmj0!}0oYvij3*R|Up
z5PVWy`;m4FQ$4OITE#~~SpfY8ErvW3-8+e9U_F{rG&{^GK><AxtzdF}`q+L^nB2U`
zgS@3&<@Gy#P?!=HLUbW&DazDChG1kX^`Pyd(NTR<a}WE%A#&g}{%7p+upwh`OdA9r
zYR&JX`4-efJ18bCuT0FL8o5$`D#9QpQil!DcrCHguqL-$#!Mbp&>!*_iQH(9WSzEm
z?;1ZC<-v~VQbC=Tmd1t!g8t$lO!Dy{2+M1UTX8*wMVf-Uq^4SBvLT!@NhKwxG-=xG
ziso0QUe%)I)z_%5ZPmKXb#2?V@6fT+^}p$S1J~uouHCxd)T3vwn|t@UB`rNeo!Pfv
z{{aIB4IVOd*zjAkvNbtcojx}&-!NjN(PXw*N7?L-g3)8fjvIg5ZztUDoX8it+(J=t
ziD%MeZ>i58m=X+$;i=Qg%BSCP=Zu-N7$zfSt{a1H@1JHDrAnauf{+lj6iz~WGt|}&
zO{gd{@*z><q7lsM4}=3!o}8A&FcT#5#X^q1Ov4K7dRt_cq)!RZCkB4WHTA#q!Ci3n
ztU0+j&U`F=8an6w#95bOcGQ^^=NZjEC+bX&^NjFvjSb)@>a^sSZUITPXS_$97LZhX
zCdYZ!wt&k$FJ?cTZE!}XqRZkoS+TorI$nEg?XI6A{pna%F?-J3d3VkK-QD;6{@w)(
z@4J7|;s=&2eej`W%m47lKRx`&ibq$jTD@lNy7e12{`s-LY<m2OCpSO!^k1LZvUS_`
zXP<k1#|t}mRld0Ur9Cgd^6G1QU;nRtZ|px%_2yd#-+t%aLx=x%<h}PlIQrqSkB)zQ
z;**n~e)jnnr~dxsSN~o8^*7&s_x(S9IDO{qkN-UPKj$xdB8olH#5EE9tL^`f_y5Hf
z0<p{gE&QLKKcuvD2;Ffr=El*7GvVMUQjUX}OzCcSdbzabvYHsvn56q{+~-NR+RW^q
zS`)Y6Zi=FIAs|LFHR0lL2sh9p!d^+n2&|<k)C7Vax{)^VL01XgvkQg6u(Gxr!TY2r
zu0!%kF3BWWB!^^xubgBMKk*U|v(x^9o0nwd20c>DQ4$V@l)N#5+b1XqM_7)T{5~ne
z9#%qLBwpepdZHs5Drf4hqs$sJLufGPGC9;qp<T)c4M@QOM({%nNt5h>iqI4aLvN@L
zD_{(4f@!dj3{{T&%b3yVd0^EZd2cC@&e(6qFxK;qpQfb;LlnNPgpu^Nj`E&Ptn#lr
z#V&uRGgF=H+%W%quHo{$tcJ_CXzG?9u2){DWvWQr7ZqO+Md!lQRh(Z}&c3MfepaR$
zX^nlI!(*B1?_(R*^Wbf<<x6{J&W8E77B*b&m>gTb1t?ooue`Dz|IE^c<#+VeEw8Fq
z-YpQD|LioTYFpMYzkgk9{ntOnRJ(!7*J|7A^w$}y-V8af*5+-cz3k16`}sfjett{l
z428T-+OEhRgu4bQ<r2%BK4BU%a34~WQxp`0?0)PTIR`hcQ-xrJOri361fMA7sWTaC
zD(5PE*UG7BL60a<aTBE!_p*?1rJO1jL`V*Wa2M?KxWRQrZNAGBD8Ut_Y?dnLm+(G!
zsDz&^I77Ip4u??GJc`5bEAkX0FGbFCdqM#(U+$FlaY%|v&W9nMqH?E82#S>3EJ^~h
zoNgbPcy+{6KB3qzdU%nHVpqwz{=!L4+S<rg4}foL^W;r?xhOM(@nxbnByB6JlJf;V
zAa6}iNmB0im1hWTr7~$-o8?lOHXOudMTfMjWN<@oDc4_G3iFK~pP*r%Q_g51NS@P|
zY1o>i+Fb{d#&GAU6TE_0fA5=(N;V4o)C;oNa;B#}_6zdcNZRRykQnrrvsO|{3&lie
zJ2z#tywfKsKRc3AcHlcov^GIb-k#!!>~qyT3CM}EHj?Q}DezG>dj)sRBbZ!|SK9s`
zkzyCbn8kyW4I!OS7%narf{`Z?D<gi<xZOeNnzJa!<adX?LcSzNL%%wWen26lIHH~?
zxG1GqR7CNb=MHX4NtX9XHjwXV(@=05e6FBSDm@12N%}_BbkArytPCP_qf_i&0jr>H
zL@#TlJe+uzw6%+FITIRCnx5-8$^!!1CYSQ?dVn^RG;Bt#bwp+6OUb@}Fj7-ryTfM}
zX%|1FVFg5gVFCLg2FDn-G-Zs(Eoe*lpu=yX9n+k0G=(ugEeETVHOZsGLa^K_1f>lx
zpG!6k_4Og~I6SV&imloUTLT*Z>ynM-AuKx`9#|8StVfJ>O^*45hpkN+Ljw=dvO~!>
z(Ock~hLMLgk*;ASXR&kA4x84>*b>UM=uH&2B^%LumF-CQPM2)dn)rZh5Ypk~8mk@t
zh%1;rnhI7wC)W(6sHVX8LfstDh|)M9J#LUIk6kbI7(48VdJ?8Qm8yFPuGO?WWmmr?
zKYz3+IE^`@UlrDfZ(?203irU*VJ@WKD*_z-bq2r+OawBnlgk5u3aA8*0V@@{%|I3L
zx0XZ7uR{D7Pz_W9E89RWpaLrCFU12Bfz1HD30naKfMY-vun5R#BVQ*XpAmg)S$;%^
znldGi%2tA=qP1LJ8Kq~HLSIeSZwp<3YRYSeYXOx=S0StbRsvRF5uj=h8ld`G$U(?~
zt`hlG2s^;9gMkuY8Soa+@*rb+U<R-i_!h``o3Y8jpMm2*mv_*cfxCbm!1qA<yXd#T
z!@z!k9ReTV0#*PAf#k!OuYo&&zXD$XJ^qHZ4)6%@F3{=-*3iIw;Ax;5xcNQC3V?fn
z?Z8Q(-TPQC0JDH~z`MW|AHX;C?NVS1@I5g6C}ZWo7T^rf>qD$Pff>L$;2`h=(CHZN
zU4Uu8YTzv(<s+;ufC&J-O0WqyM6VPam!F6yV-9YD6+tu1=*=<Pr())8fz`*=SWl?1
zHfY6KquQ@yZCN|Gz60yXI<f27Z&+t`1LIg1b|dS`y0Px;Cf0-XWWCtUtT*e!ZeeLG
zon<gJ%Vd37Kh~cOU<278Hkb`zL)kDkoZZT@ST@tJ9HwPDrf0b<5BFULHiC_0MrLAW
zc}|`r^(yBGek$+e%N$1gB&VD|!fc?0K(3pXEV0X-YP;R&RBQBhb><)>@-<j8#6zCh
ze?a`?M!n79ROe`PPPG<ML#{!qap)6ewdu7M8$y#tn*giUXtC>^YO@8G9hU%~4p-BG
zQE#(ZY>DyN##tSSGv;f|IyiJBu9>Sb7z=EPILKf$>hm;6TQxR~N$=1na%F>gw8m(F
zXGiO8c7w&70BeC+Kh~<(I`mX8db?ed7njyK1qLHH^kz+tQBQSb(3>5XzzBuq#uTU4
z3VUvW5eXCOHvy&u$?bX@v~#L0W@B8<F2XiaZ`3<1=J>BCI}bHd;K)ZL0dMH^xtao_
z)JI5w9rc$Gn|-t`0WO2xYSfH_q2nC-#5icoNQ}c~k85D6p|?9UaVjPC>Ps8T6jrUp
zjM~Mh6jy^+m~?uLE&=jfgV|uur%tK#?F4vhMuVCG>5`b^9Hr~?jnv20Tk5k}Z5A|0
zlRfWJn5hZJ*=6dpCNN?utY%WwUSPFaY#22YVw78))Bz3V#CZ+Y{P?B?g~@KwjwI(e
z3aklDN%<N(DnxIJht{MS3(YhU%e1+97%_8manbm>FNIU81<T0zNTY_lIGd*>X9Qd@
zQj1kpLga(urp5@Dm^NekXACA+le-dSikBrWf7-PDoN8&cY0~vij3LhTW@PG>RtFf}
zjhZ;uL&`va{!OETVSHT8J>uA!mS{1VNQN2fuuI{$*zz=H!}z#o@rL+mMVO!-mt(`_
z=>Ie5ezERPo11E7uUAc*y_p#elZs_dwX_Qy`yQ&6P})5n&>&r8A6G4J<X%Low8MN6
ziScMBxk=g(R=a%{6DSkQJJxECJ3iU+c6B_Ykv;M_MAvSStCc<Si!ji>wOZb>?ssuQ
zWrtf~Xt>QtPZ=)axaj@$izuo*f{3TZC_DU8^<7M?{DdMiqw!}`jYs3rcr+f3N8{0W
zG#-sd<I#9D9{=G-csXOC<#IfU)eRX-EI(FxqV%!K|CNU-N+<fxOR|C#C2S)9OoBC)
zen&{Zn`4aLU8nciTQK_knH*lJgsDo|RZ(Sa6<!LjQRJ$WJo*_%D+QF_Mal24q%}%f
ztE8<8k4?$9E8!SL{y62@UM0VjG3o870B}7JRCH~o&{rrr&sM@YO8H!+e4Zj_G0+QG
zp`=$S`m9y1w?WC@rs%g{DL<r?x4%O6MZ{+ZJWLf2oLNkDKI*7Qjjvwmi$Yf^ar&%K
z6D9soRD2=g&6W6lQStku;)|l<i=*NXM8%gx#Z#2}FH`(UKA8Bd{N00o&&uCDXpWG|
z0^6C2+JO!s`K%2>Y6sQZn5s3xJ=>(8>#zj~J0Nr;?1-=r!cGXk+saf_r~43gMz{&#
z4G8lQQk|<1QhRE@g{kN>Ic3i<73t+hD7`a)a5`NdA$?&d8zKE@IRl~jWcKq<b=al*
zg?eGkLoVlH9>0#!I`&IVa(V2RZhk#8*8lf5@at#_*6)}qDY;4WwHOE|&MBYMMaf_P
zp&YJSCx^2iJw`(g%br;wg&RTt;+i9CVpXQ}HvouU3Ae;auTjFSpg*ws#OjXhlhvQC
zzAd)=nX9DOC`=%uj@*8PW6mR!j$~d)fAH|pV`mss&y+d8dqI9TNBe)g#wj~f_Zvi)
zn@;)(UFq-4M&i}aW6r2#s?#qr)!k>Assj8(Pa)NHgpO;vq(ig};`;_Z;r3vT0@?#@
z02R;zXbv#o^h-=t4V(ZD169Btpc2>tYzLkJHUpc0jlf!9CGaq?99Rl004jhoAfV8f
z026_+fDzCEgMdCjPoNvn9%urb-i^7rNv$u))-;+M>Cf0+nRHRiQV#MR$w;g3SCakD
z^XL03>!EDme2TpOnvHhTURf7Wd!D7NBchLrfGn^2Yx%t*tKD&V{Zw~({KsG?_fL6k
z7Rjq0r!@(EUunFu9$H5I7I+)@mez?di2k~i87NJv<r$)^W2edMHTDc}5cq~>3DBhj
zCcqo*;FZbQHSyP)*2d2^uZd?r+@dCKed(H-c(?CbMdB3?EpHo%b31l+kmF5u?d^15
zKZ>vVa^L<=yAPVPx#|^L0=+jr{_-Q9?5YXpx_{E~K1+vFbF-&Bbm&3t)lC=ndU8ef
znO!S&U(RlI|Li%>X73vI&iVuA4L6kSKA7!)<=BGHEB59+w`8Mc$6b>PdJJCpL*Uq*
zIXgbM@93FFemphvu~FJpC#QbA@0(uf^Jd?q>#1t@*y$%!AHTfktnSo?x4-@2)JG$x
zKX^bd?0a?b)$5;F+2P|gxh;iuEyA<sho|n%H;v6Xv0=&Jq5Zc%{iWTs;gbo&U!E}Z
z-W3mwKR;o8^(wB?v2MXY{>^juj=%SC_X+o$d9V1f2Ty<7W7q1}CVWugGw%J<GVb@u
zwuyVXhspFe_PwEek?+T>DZ^6_tqIV7r?bYphkj^TxXjmT?)O<Q9qc1?I6k)Bwl}}d
zs=B7@yu40%n_k}VRaW-;tsd`_O<x!||5R4r;X87sfAY@KUGILHwfo$;{rtRZr|tX8
ziL7+vZ6BHT>|FZb$-P+*?6D6G>)vRy^N&wv9W8!t>0tfiou4|eG^<<JSB~#^Zm62S
zcX}3IFz&^fPucHm^}I9d&{ydTo9%qyuIql(Wp&G1_xa#;J-(Q=@#d@<n^v9J;l4As
z>Vtw?U3WCw*VQp??)k;Dhc7-mq{DPqcdfc|)37f0yg6u2-m>lN+@YcG-#xZ@r>8#q
zc>em7p|8x-=UlP%58;9Dr48vj<@&d}zL)uxVbS=(>wmYia?Fu+bJnlkl6k!3>1#LG
z9@UN8rs~t(aN?E${Vet;_D}A9|F|Y=E06A;@#AN&bYAi4-Q&kB9=6Lm_r~_-kwW3Q
z|84I)-<nFhf4|cc5<=)LganW#;7%nyp`#Q-5kXNy5fD&9vw@n>QIH_0AdE)D3gbjT
z#YzAbP;?@q;@E;%u*c4f%AELn&N+X<d2_DoSue8R<ht(MYkj_Jt$Xe4q_pl2WaB2&
zr{0hD-548&KRh(?e@-%TLg4?+6><Rle^fgRnOXbm90VqU4d8Rok>*01qD|AR=|p-M
zT|$rJByy5D8Jsno0?tN`oKwN6;q2fvarScBImb9^&MD4$&LGE;%iwP0%DFXM63?0E
z!Sm+PdA>XW&yN?v3*$+6al9owDKC|m$y>uK;H~G?^7iu7ynlHJz7=1{U&vp{FXXrI
zPw)r%!~7fkaXuhG2uuV4f~A6V!D>Ob;EZ5gfDlrI9AS;{jF2RnBbp~l5UmttiMES&
zijIpkqAQ|5MNdTkNsPZ9pG1Pq;2H2TI0`PICQ<XLTd7LwF6tqwntFyhKpm$(q`stn
zr2b8X(J(X<nwWNgc9f>3U7%f}U8RlDCTLG-FKM1kHdDxqXD(xAGYgp|%v$C?W*74U
zbC5a0yurN7{LK7^iC`JA%vd%oCzc0GzzSq7V8ydmuu@s8SsPh$)*e;|>jZ0nHOKb?
zcZB<c>%>ds?dKH;wg@T(dj(yBg~9}3ig2^AT-Yug6}}LnMV2C(Xv?pC7~)%OxTJtt
zU>Ud<)Pr7B26a9)mO4XU#%N$X<Lu?~`4#*+{yBa>|0@3`{}UfAzzeJeB!NJ1Qt(#r
zMF0_EgbqS?p|?;ZoG+9JGld1ht-?m(ap5W9Md4N9T_GSshzN!?>7riIWzh}MxahIy
z^{<Bn{*yC7BxnL!fm~1whJlO0Y%mWj0!zSF@F3U$o&*QLVekg{7dQ>R1OEX5sxj4?
z>Ol3Ra;Rcz1a%E{J+;B$>p!WtsrRX~R5*=HW7868!?f45FEnpDlU_`(qwl2eryr)D
zqMxU0>5u5o=&$Jz29kkiSTO7v6oxy)hrwb982*d}j2OlWMk-?!BZraC*udD#C}Y$x
zni$6!XBZb5Ba9o2dyGen*Nndz|1wONUQ8M@lDUal!Q8>TY>3rgOajZ6HOCO4C{`Y8
zJ?jAL6YD#R=_~S0_m%th`+o3+u@|wIvNy3?*caH>*nhFjIrawX^EpMFS_AEYyv4i~
zyp;xi^LP(<Pk3Jp?Aq{M_#oexzlN{jkMUswJAtQQo*+^XBd8EG2<`~Xg|<SPkS#=s
zJVm~u08yAIMzlgyD%vJ$7PX5`i26mJM1PBZ4QhThwoniQT7YD5slmUe!9NXNodr=;
zyuqW3sfpAw1G(3zkEq|M7@7}_K^M_C(*K|j)BmL3r9YtS=uhd!3_2r<5zk0uNDW@f
zU}Q67i~@saE-{7~qYN#B#q?t)GE<lt29{;adgeLiTLZr{%pXjE1!tjII2M7mge5hQ
zo59Lvoo4m1CRuM;fBWuaA7EE-G@QE}A#WkCnzxIm;vMIm=JoTw@@9ExK7~KmpkOI~
zw?VxWfzYt`X#q-DEUXf?2!9t23$?-t;d=wuE+TIOWqgsJNFrJ%QW^GtQ}pZq4Sq4c
z3p@`ZsS6AW9jCHs3u#hXE6tovrpGY0Fy=5t?D^bS?p5w1E{ccaQFuALL%b8bb36_2
zGVdzywjqa@^Ox{f@Z0%E`D*@2{&|BQKmkV}5?mJiDYz?mDPRbN!WF{Z!h^z>LZT>E
z)MsG**P!cHk6;B74Roh~yTRYUqXw1jG4MJ~eQ)se4=O-|)4XXhv|QSHS}{#dE2CA>
zYG_JYBkhqPKTOl!(Dbx8dXj<TQhF7=hOVTapx-w{!h&JLATr1d7X!au43M#rAve%k
zW#IJ%W0nDDS~H1EkjY{OF~bbmWeZcu+|4}1>|pj9ICU{Fn#}s$x5xLaug<rDjptf$
z?YLyFE7yxl=W@Az+)(a9ZX9<RcO`c<w~(vgZspc-cXIb}k8r!WecVgjaqd0tW9~EV
zcP^A?!P~$q=l$ea^U3@qzKk#D*YJ1o_ZmEPkB<?k4EZNds2BE&{xjf<H(Y|ig<v|k
z23!xy!CJ5pyaX<zj#0<y&*?LCONJYR!w6$6GiXr3u=2&RE!acsqa1(3XL`lea{&Vz
zr+M-GNI{$cBYZ6^6Kxg!8jSsFh`c}==np;t{|4QtJ=8Kr3!}%k*Y~`y#`lu%u<xj^
z)_2@@!uNq;&#!&^+4tDfYzu?>nmB+80QkT9Yr2kM!(7TtV%9N#V``YoSm}lgyPMU|
z`iF(_eeOHs+ruvAR&#fAhqw`f<pSleJ*odEjRK+6aH_<RIa6ubv;spU%M4L$G%(gq
z>!f+nK{|u3<39b>Oltn~I~2b(gJ!xj1DT-)y;L!eFo&7r%r{Iu^Os7zSRhNnlChL5
zHEWcmW$9T2U(h$)SK=%4t?^a*{%XDreebVU)3Cx3!y0N@53QGWo~AKWmtk5By^-EZ
zZ>M+Cdkk6c5`C0DZqV>k`WyOZ`VTssfiv(!G_d2vU@-WM^=uhuf-}vT;h?!TT)x56
z;arJ95Aj?nH`P#a%eYmBs;lHSa+|oVTot$7z(FTh&F$g#a?f)$1|EjFqg<_liV5xm
z?yr4LbKe+Z^_e?ks7C+~&O;kiMKF+J!z1#@JQtoj&x;50#Jo^mxS?{#^5P9O>sRg0
z;AI;sx0IjC|L<Ls|Jr};zxH4Iul?8l|F)3%!E8=a50C@A_}}+K3C3_MJjMnOb23Jg
z%@NkNNE-_yTRWVc1%hIWaI(Zvh{hBvQ+uK*(ZSZi%GAlh%!y<>hm5kM7!#dPPEL3y
zCo`gl1<}QhIM?3Z$=un~a*m6g>s)&es)H?P=}L2$>tP=@*U8RjuA{4yr<b$0o4c#G
zCynl6%k;EoxXfeBrSiP!-XM(uIx=a#d^(HIVf(oH`?v=(U4l7YK`eR@pB^OO28-Ri
z{k@sNphEzIHJ`~2<gpj<S<wQHpLcK|BRG&39L5g`<)%gpLxcg61p%Ch1)SJGPFxr_
zE=G_T!&w^74+@wc9=ITUK}2M5(!%hRn4qwPz_6IG$R**Ci-J=UBGMwFq9bEd7R5v@
zjfq~A5SO@QQ9|s>B}>zi!}&?k{Io<ta(GxuY;@)#$;zd%DX}SOiD`Mu!*dg}6O&_>
zC8cF2i?UY<^3wRLQsS~R<5QC}vQpDiGqbWYGxJhn^0VSMW-ZQNnUSBBwJ|$;b)Ia^
z#x?8n5{fr0Ey&9$%Fij<n3tEPC|q5!KEJ%UsG?-eqLMYTvV!>XqL|XcHRZ+mJ2n)T
z6qJ+}S8gq?D3a$Dm29gnT~c0}zpbpGW@}+X+1kc!YisJa?AsH&t6@Xyp0x+IZ)w|6
zaA426eX0#d+BbC^+j6F>sH&`T+qUX$)dzM|Y;COBx}$P`W6h!M4RzJcO^uCpEe&-o
zE%nU}?Jcc`+IH5pw>GGDbslUv^xJ{Dy={l~9zAsUKto5z&Z7s8b#xr-I=H8+b7yz^
zf$q*@ohSAjS9hH3-g)lao|E0j&h`9$>fG@Q=T03zG|+Q=;7r$*v*#`io>mTCXc|1(
zIe7l$z=ccWeS_!wk6aw+A0BMJcC~qEuxIqzAGd~EZeBhyKKjSqdpqymI(h$I_t2#)
z*RGD-yfSp_`pr9kPTm;1c6WUI{{6f6?mT(;@X6GJ3zK(mJ$X1W`S8i3$+M3p?>&5?
zdpgzkd}`v&t2@u8p1*qe{Nt-fAKtuv|MBsA{f94~{`&mk)vqsA{0;w~nHpu*A|OY$
zA#YWBMgch?DI+I`LY}`S1@Hp?XUd!dh|#lvF&dNu3PmXj;cjt6rW;UTD73^XSzBN=
z5+57RmI9Yc5dn7NRi^txlo)TPOTFMz#cqV})z&j(<N-K4zv9w8W!mKmM`O6!1Mn*;
zfe~Ehgn}-^=F7p6=quS{7<iClkFw;-c59+3P73TmT(h3*m`q|*4z6xAfnrFt_hO&k
zJdisz=FN@K$ZI28wi<W6*zV{bpBxI#hlVaIaX?7*WQogI6K2osYVK|wq*OtnKWzTc
zJ*-%7;_5wfFtQ1ZmR;3Pww2dddCP&Ml7oIFR>H_ot@K<_jg{LH_3#fMz5jqi?bWhb
zqTeUfU2}G*{I|ghb2s6vbQm+17vARDs7?A*iGMIUciN`OzM;%Hvbn0*XKPa39|@;F
zx8ddz)j*(We4wJ-g409p#}s|`A9g(5>jz)ve*Hyj{%u?4U5L$$#y@7Ct?CjgXv55d
zW%(~tWBs71iYr?~%7^=xT`XL?1oHgCgfrCbh@#qcPwKz|N_3A@xm~rYaKx=s{1JgS
z8(&<76^ox#;>*DU;XcwwO0iMWFhIh3^@>pr!4^^d$fnO-HPq^-l7m}=n^`Lg3lnym
zZ}M^l;10y|RSl3d7u&(Mp_>qlsqZj3V0Bz7wAzy6wRNdc)n%}>eMfN85C#KEGa`){
zmF8<dzfE1@H)~&$7ltFPmqD%e&5U80_X&eI&dH~$Bq)*Z-jCd|S2=(osr3+a^8=X%
zW*n+)Hc`%KmLZ6Vdbn%c1N7iVB2fc%fqpg9dB15JKw4!y<znsqLZbq4Q<FV_>f+I}
zp3u3CdDpCb#$5+-LVbNX?o0Bd-g<K}^|D3U&T^#7`?M%4tIW@BH(V@Tl$nv?Hc@^s
z((K<4I@bPtNkfK@nuU?p&1lLDFC|xvS0{Ci&g%m{ZF35YPbx!oJaJLLZHQnHb=`w1
zg<W@Olpn$txLJ}zwD^E9B{H;PgbjN~gzJ|0zrtvz`5%WJHxaw9TUr-u{87n{D>G-)
zod3Am|M>FkGKHNNS(!3sQmpegjSf!?#FFB9A7M7`KIMbBE=l%D8(@3?`slJOZym;K
zlOpG+P||r)VdbJgH5LIgV}Ha5A;*X=KCAj2pH?l)w`|?3LDqq@)s7XzPGRK^i89Dr
z8~C4!hd%7r{x(5n0unMV)+}sZUpoz%$ocA?hdAc*^W3q5Udh>G*MC<9_x;&@gBzJz
z_mjW&H|%zZ+m;MKcXknEjyf4_YeSAaR(Mh~@^16Gen2KCdwAF={8BmFEUr40FIU0r
zrqC3Q)^B@mql`E{vy=9Z&MQ5)5`Wa)A8({Ea!S<Y+e-#8SIIT2T}o|cuewv_jFa2^
z7A-VB0$lOBs7D+Pb;90B?q7{-ubB5h%AeT(aI%R-ay3%t|NPzxybXp|ChbS>$&!9z
zYoXoi{fq*o3N#lK;|g>z$7ziNRgZ8^)#X$2o5}XFK~$)8)2XiOxHheo*Ln(0)?4cE
znOsv4|8Ymt`F8GDKR)mCepr~jiQ_vE5%Htn<ia$<boi^nc3979@Wf*yRdA-N-z5D9
zfC6QMWHkksK3d`kd?+8x9R|XAPklspiSS{-+;PHc-5$ET)tfNr(eDo)^HtX%d*9{!
z@m&l}AZ%Nju||Hbtjz0_rX;OeoJ*TN^pB?66P}&EK67?@(BU5mI-xV!tWg@|m3o4e
zFp+Hkk{s;4(b<+EJ3x8`qO9N&?{_ufMim<WyEsZk@*FX;L>@@^s6=hDY9nMz0&LI<
z)V!L>T0{c`uN?GxM?AQearGwDMRxLrgPGDyC&zImXYG>#o>vAG`(_woT|8M6EK9YS
zRv|?yf748rr-P9xHcYL87ChBB2o?{)XKS~gPjp2&tyA>vA9cSNpg~T{P=n$&LYaPW
z{<nW>i<+kJ8>)i5a7id9cR%|XF$zqkmeeo8uC$ZDTyRNf=k|98iiVGnUG7z~+9z=t
zQkb1qSxGJE#~)c#N*YsD3Xf1a!ZKzR80a&(rGqX<_>9QDzlT>)a$-y4cOsHSMo_2a
zDJ%2?sJ-IKc{K{-ED6j}t3o=Z>Q1g59<Y9+F9&NBvXiU&t-Hw3t`BSFe!l~619$nR
z%zA7dR#);f{K`=76r@q895qXZGA9BY-t?k;Tzn(osgov-8Gbfx73R3IenPy{bL&QJ
zS?Ahs*h~$C==!|8IycE^fz+m)_n_o{a*Xnlo$3wr+v!tRBQg85fs`M*N~M**$<bk$
z@x2Xn0l&>8bV6>YBoEzuu0e-_C0MQ=Mhcu<<E2v&edQrvSSm~bJN<WtI_}=cjYFnz
zKZjoBIe4$??Cml6EchdLyD5=u96Y1I+ktz@RVhScuuL$TG=K4f&_!qo#Gyb{#?z8R
zP{RW*Tfw8Q1?zFqT0dO0+U87`)F@d8y?#tqI(%J@_ha|3-YP439*%e0a)8Lq-3BqW
z@QQdJZoX&NR@Z060Dt}X%7@dTr>1{?C^%+*{}^PqLcMv-<+*zwK9&&Of9vhcvCqS+
zz7!q!_Ll_!P(ZK0RvwD5swx*bO4oCQ=u+zkZe5Sb3r$mcBerQq0nm+%?vf57T7RRI
zxv!*CJ+5Z9nwj-ARR+qT*Xw3$EsCxkTm+rJAPm0OT2u4<5hi`Be`9jPZ#|w+kNn7U
ztJ-Pe+ou+Zpl39*-p<xI%U1WGRsF7IerVLo=a|RCL-T^k^6>FN$0Hzwrl;b)(JIUX
zbqI5f(zvKM#q#~GV8Iv#sr@|S`c)`~hJO6~QBwSr_^KWf3BVsuxSAAbV5E;yG$_*m
zA5NSVL<OU~q$?kX)(=PTUH;()`U+o$irx0K%gt{7P{{9Xbw^ce^thlQ@>^2zvcNUF
z4<Eh~@~mEt8JL2Vt-6j#OSZa70$PX`?>I=ZqF9UHI&T7rR!vlRwKbnEu^D6e3@dO2
zlH-eW4<l-_A6T?W;3ie=e4~tnD_JK2<Y)*|ES8Tu$Q^9s{eYMuEOH<QqCNZu;=XwB
z)5+OeL|6uZbyRLdg)Ul+M-)H){wRhJNv+Pn&!v-X%4zMo9Jo|!6!Rs(=AwF0<%JU%
zKRLujjY5h2kUIN2^_Xm>v$Y0_9YC&7qMGDJN5tsIL9x}hp!VSAG=B%7nGLdjg}dwG
z5)e@&fg{zB1j*)OUC?kj(3w)~CPpvS0^-R{o8?IN!I<@BkOC=8_KX*=UxZR2>(r=b
zLd3xx=9TT{1-s2{$>;$xwlD}?u3u6n#db?!C<44yZd5Kqd6XkMm1vR<?07P-vlQMf
zH);r4gSB8`2u{JE7^y=Hk+GWqOtTVmT8!(`R+ei~oigkhJ!&>k2X)iIgan$;i8asD
z9WG8n<8-u%Z-@(WbdZL<I+t^9D5If^cblH&M232)AtjQ^lhJb>Ww5m}L|mHpKz?lJ
zj(JYqPFA~f9o6udAhc4BX#g>u2I=Y%8FB<oj_55z_(@|9-I<30pydQsUjrbNp?t+G
zOARy{gq?CC*(hCol!yW?)I<Z_tmb!<>4U>iD<z=#9Jf|snVb(vjalO}1x+W@8uPg+
zp8&y}LK7J@SdLslMuf$2wq+pxC`WK)P-E>Hc~54a0%?P;TlI`H6VLs95Xd?SAxfcM
za-uVal=cMLquAgrg|CpHw@l9&0cYn0sbE|QT%@7~>L8vHw3iZb?Iz%$LMDJY1$W{S
z>4LW|aY>gUhmKh8(aaqe<8G;qr^L85GWK9J;rkBro*6f!wqdv|qB9OjlMvkW%5~!r
zC4;LM3_|`IUW(GAGL(R3t+2R<sJ$gx^3?v-Ak9Px*^uf>)3Bq+uwW^o1s$HLF?O@?
z-@d{BDbV~<imwuf-04c-e1yc_hWw=G@WC<>02gZ5!7^XpOWxN$bNcop_vn1eb=Zi-
z++F<+6FrP`46%t6D3Gl1D~I?!<Ln#c+9;s~N=$|__|h0;+b2|)4i%{7r5_A&&_^!6
z!(X9+7dB))oNdg05Ic7zvhG$YAe5jA7wtWw#9dY5G=Q)hOli>@H(yGBslvZkVx#G#
zJ7dIRJtCrCz!yVSGp!<3$Y+*<3s!;$xv`5I>}l=9VTH(H$l>_6mJ5jOau>uA+48K*
z5L*>$vj%!`65=gaby27Z2a)kW{js<Zj2zLbfu2VMTWaA-GHEa_WOX5A-{czhP5Aex
zs8tP^b;?EM0Hy=P_Gys&r=YrgRPhX=ybV&IMEJ;L$tggQ3R9s&wW@G~N?3Cea!7~b
z$g=L_+lL(DoEivr<_bEd4rP^#NQKs<5=dgjQm?NqjylNLNb=85hx)3sm!CR38+P>Y
z<$=S+c5#n3w8(EkNLo>vWo+6rTE#~oLXFyZa&fs7y%lJml$g9$Bcjt+duok80VdDM
z$A}w3&)Q-O2uP(8%N+J>_Cq}ejmMQ8XBQYxN#{e>n&|cT=0>~=1Ft-UwAK?lpHLq9
z@6WVM%<)X@Waa3nm2F7)X;&Ckl6l$`9z}pBNa+cZAetPKKt_73L~Yi=M%)n@G?<qP
zNvLZ3&=Xeo>PQPcf*B1rH2G&iY*sgN^-jQ3j{71rsU%QOCm&uQMo*HFNm7&dfXU`X
zr9Rz|<>H1EIqbkcz|=5wE*bHtqAiVr5b0rQB_V`C1Y0=^^(lh-LP=2|B3h52#lVl0
zY|_CaAC!emDncF<K%HdJj2*;-(_XeZuSeC8h7#AdqYyh4T<?ikuB<s#&^n1k7RdP(
zN)%@T5(L0YWX8z^m9*^ev%A@fN^?6s=BwOfR*64Hz%ExA&&o~KUo-ip!atQ%-2(C7
zB*uZDBZsy)OEu?C7Xzb1yc;melEH#>h<mr}%A}ZN5ZMhPljg!?Ad*W!L}?I-;-Xa@
zogT2({=Zv74rbpt%k{g=(51Hg)qb{ns&lSY+>Nsgf;#hOce3y#;{gpabSQ#%EjeSU
z*QM7H_j@wWbcDaU#jysItJo2gZsGjd2J>TM0A9Ohe24Frt_$<JEH;d}Ej&!<_+afd
zrTBhj{SuU|tD9YcwfPo^MdWESf~nmWg+&XM@Tu4Q$8%e!Z)FGDIz3}@-Pe)a{c>#w
z`o7wmbx`dJb4#E1yFB0T_H*01zj^C+LrP$aa|qNvFgdS90l}-i>J%E{c{{`#MR>o<
z*R>?4`o6`7H7^v_&Zu>WNl4=^Ad`T9CB`yTkXoJbd%5vZ9qRT<fS|$*{DU%*BkoH~
zPHP|~1pJo~h*)g=9>nogc29V+fA5>)_gmPUxHzxt00nYVtOH*`))wedN5}}44J=bd
z*+l^|CFpg@z<kr{xiNjSRNSB_kI)=dSO_uydIxHY<$23dWdub02Ovg*DFXsF$e=&2
zA&!dUPbiJ%ON*f@I8cIY*5EpoFiD6td@;dv{%~~VHuq2BiPMy;-*S)|NHl;n`-EIB
zv+Ua02UV_(S!ZV=Mh)bVOq4YV1UHS`$T!-eIhPbv52Y`K(^X;N6gzshuyP=Wk{il_
z!`Vsp3qS-Ngk_yC8h8RJ6r){MqUJHFO<KEBH7Z_>TEw;9irTmiWw$Zk!ZCewc*fk3
z{lvg)UM7;I&gl+G0J<U<MFTS0PP<XXD7KhTtT(=qZ5N{OYRMyp(H)n?&4E%zn)F5|
z^s`1Q0PBhe6!PxEJN?H$W&pc9Z#+-Q_4(*zMo3;X=Cmr>-4Si}TdoDa%Y|~<iL7v-
zbauKDV2ExudKEy|A-4G)-hUX=*N$uk5f09{s4h%^yiRtz3~^;OUQ;}h>wJ8-?Ufgr
zJ43m`XwKkHq5~Z};7?j8HqH(A^U#v-Bo93%!d#X1JIs({Qmli@Df%ZSTLvW%BJ5OQ
zLuK1Yd9uEAK%mA{kP#$__lqXfT`6vbnpg*Micn$hX>k2w9Pfa+ryBLO5)-YH#!Jwb
zl(+_&Gf5M;PSU+=0J%wnjMG7}8f~i%wNdSQO<_JyA+sE^^?K5GbJhwj*8Mh721Mv!
zSu3F@2cT(6Of-Siu$#Dz7B&eXk<_Tgx|;EikZ>jBW`(De)#4ECfYBoFOPU)LoAUNU
zOSRYzJ?f$aj#4!%)u;tpbOjl`O^Jxno!qQNMJb`1fVzmPO*YCX&KO`zfH#AO;*^M`
z8#x<vuun;IJqQtDZSdu?;63!5?q+A4cFk)fWY<R2QM2T{eor?&A}bpauYyNOP!|Z;
zrRwT6ekik#>6Qmue1THaRqS+kXvicy;SSXE0C&N|@b%C^iE=@?e)6=6e*p*_2XNI=
ztCo$?P1=AHddLC^dRMupu?(Q;G37eQyqnNjMl9Uf8S?26R0Y=VoAS~+;W}iCHv<@@
zW?_ZK=+(fUkZeYJ{Y3Cvr!70A3#4e@Cs2Rz*t503J>$h@$KdUt5%$3E4N!Qi7&CZ1
z(5k&T$vbp79)i?MZ|perG>TxA{dn|Pl@~x=p~PH}W3u&_)w$)(Ahuew=!9x98)!@Z
zRP!Pq5R&6hXppyqS-xFiCMw9D0}&V%{E*scjnw7UI5z4@#g0OpQi<FQz;6#iib`*d
zUfG$U84FZ+lk^0m{ZNq>K<cXAth9Kze-B!P3YKVl`wP1?=q-VFz*_Us^zdGrhju!|
zCOCDo5|t@NU)ErXK<ub^7S|2dFw)?`s<N?b%Q0eTvD(u{^1@4xn!9hq{%6Ox48jXl
z$Qb#ESc|<vz?Mn&nz@s^#Bg2pOQTv*#dz7fa$te<$pn=}fx!=bTWS04^Y3A`JDr1~
zHOLpKb;m~F{;K7@U)*lD^={opOBkZewn4oAMto?r?K*KXNelJU?71MpZdF>{y-8eC
zZSDfrS_1G)J;YvyxvP46oy$T-!+rD+3p<Xt<WOaR#tG&JeLJrJpS{=_nju-ONvU3Z
zE5=cMB}45RyA#17^Ja&=e;a(eo|}{UA^qZ+Fyjj0vH9Kuy8$~T@vTeH@P2j-fQpvG
zzm^pL#)cWszK4vQ75kXe>;Vi%iC8CrAJt;Jb=ZA9Uyr54Zs7_>AaE;qQ<K_wT-)@@
z1M$a?d6fOY=x5+@W6*dq;4eooB08>{ZlC%q1h`oe04*`Li`B>#gXLw$qFzn18*Z10
zu}yNXMiGEzI<iA`(hvRqW$-yJN?->BT7oBvXY~C6Sdv$Ct8B8Ze7i@GP(ADvxRAEy
z{;Asg!L@&}^TJQ;_k1!igsCNwO`}v)2-Yu-maLbRlw%#Df3$D>95hmiH356{{Z0zN
zy0y{UVaO|C-dtL;IzHNCXB!dj(fjj=8qyC(QVUX>b&x5iXk_FW=Q&}Hq8Pb;)*}`j
zO~QxKm?dQx%k~Zj&s1u(-&FQ#nonZrQP6ol&cpAJ;e4Wi?DC3lRi5Y%!rOXpzN&--
zhSXaPjn&#O{(Z^v%+a2rq3w+mR<)L%E^LT<jH`%5*fA<EueLidn)lN*<x-`oDcUj_
z%%R|fsvD&!zD|SiYm~l$Oqv0bu1_xZtH`bs@c^up@d_w)9alP4nn%*AVJ3uDZ<kW^
z7~tk8S3lWif<CKJ8QF<-SSKH8=TQA<maI!xVvbk9%IG>d$&z-n)a?nilISr+b#w3-
zp&q_kaH=@H)!PohlnN?BHO_eLOevz)?Ce{Lb^NpnR!f?gl~!0q{!pE6h()K=g^;71
z>*igQz+hLLmhPC3Z@Q#|a7*M8XN+BZ?0y_~Sm%uAR=tFG`(JaxDSWEBV<V?(=9k4x
zb?UG#{u3Hl<jS45E^!<QW{W}VYw~LDyWRtJ((((Xc>f>bJ9QDK?sX-k-->$iThV3;
zlu||<cizUkAx<%0nP&ThHD3T8Pn=36w{<zy%!uK2cE>a@^0+F%NU`-zy$W`xGZq$X
zt}R8BMK3UgS+z?CO<0{WN;@c8pelLj?=%gwz1Ul-^gk96)iLjQucj0dRrBdmon%xq
zG=i5X@Vs~WQp;rd(Q?bU<oah;3I4Bxe#>o~^+1s}=;yz%P8;8F1=;9z)zD=w(Yfr5
zeWRC0lc-I87)LgHGSGM+dGaB~SRfuL#^xyxUM7<B06b|%hhf%e{7tBLlq>DC;xot;
z%KVvBd+CIG8@|SIa;kDkdINB)7CzE$!Wbv`W6mAn1e}U^5u4J$ELKk#IR>JOSPuyN
zmx{}~a6NTGqccIa$(xhrG_+PH9jwB}&kR@xsAWlYtH=L7ShrO2VG4f+w^1X{Hj!<w
zTe^hozFqc4lT6@__rhxL{?v`u`QwuMvt6%0a7Wr|r7JC+(f*C9vL7wp`;Eu-(3l{O
z)US3Pd>4>xcN;L4Qg8)?>&~-ZfodnoRx-N&7DB5*F$&(S7S2Ge#A8&~Nmn_+$t)%A
zMJboOjZhJa@N}gx<77_eBj6>+cjQv189!#jj2J6aAV^2{XTtk;mX1rSOvoDea`iwm
zfeedKJE0uwHA~ZgG7l>XclxRyzKx8SdrE3VQ;Jh<v`r(RbWU~jFp|^bUYjA$9gS)1
zuOgTG?S~jg%OK`T!fr?65SyBih^DC_pL5ZE-Ce3`SDgYgkr|raA$~mz3IlAQX6}JO
zUaxZNa?hLi=c@+qGm=aS$DLP6p_t<YZ6)7E40Y27m=a_=OyCsU3T>c+{#!ZUri8Ge
zx71EMOMnZqb8yS6{H?F3gQ!x4aWp_Gmmx%r@gOBLbt=bf6>WY{?v{zCs<=p6OH(_%
z(3RVdvKoqDM&1e;tXEjK190p0m&nEhz~N19-F$Zd;wX)W@#P4sPO<$L35w@>qUknf
z1bdVWrx*=3*_QRg9K``O=r85AqjKzW^Z+JO3!NSodxnA~7M*&SW4tN4Svf5(89Y^G
z+3CM^V|;+kvt33<d|W=ZMHYPiWM#{MV9N#uqWUEBLRMxMm7`t1J!*$r$19v_K14j0
z6p&6cGNVc1Vr-fY0_T%!poB}Vih2|!RgM>ea>#iQYcjpx@uOr&us3(MblpE1lVo(M
z>pSu-BSyaoOXg=@Kqz+)PcjNw3A4XQF7;Rs!P1lim1<QfQA|H7)+=!OlV^wH8|Ird
zHMK&Uf=dLN=D=ZvWsUxlxdj9pEMJb5OIxjKVv)jWZ)~8p#HwbFkMo6*rO^a*#1CDx
zhktz>sTr{DnM5V|Nvz2Ir%&f5@5=__tx7bPy;?PfuKbem#Shyvj+UCi5=K+w)Ky+b
zlB{%yWOJjNC5?7Uyi!$~=$cO|Cs%GS{VQM&<OJec<X3o%(jVnAXoFN!soj1zx2T_&
zdlV;OqR@jWwMvMGt{=a480PR*f+n>?%&PUJ*hV>KmZ6uLv`7OeJ||HAJ!JGcG1W!#
z0sZevKX{-F;;=CZj>}io!*6NY?ZE3Zc{VAVRHW^D2>4A+Q%L1B!fILv!2~L>H1!{j
zGwMH!9t_(0RyiWO$Otqlq!2CjrxeKU&4W|0&GF^xk8*@INr#=(4;5Zf7<nA=i!WCV
z+ID@ZAA#4`+zYS5cIgov$@@*}bfbqMJ1YYTP^>5O63M?F17CnQk<aWSZw;#C23nXa
zdtuI`{U~iQWh6u9XZu4LwIf%hJT=x>5P<IM!h6tclzs#y8R1-<WZosc>^Px2>;D5|
zwpku%)1^ObZzG+*LJ6g4!K9JdBNX!u!+x;Qw<Y9a0NslBC+yLe7bfk;6b=ubdM`!X
zwCy*_n=d!xeki|f+CC6<%97o`!vo98qf|5A&f0|BxO~vv`Q}OTRxhFQRCrpD_|hT(
z)|A)xGq|PVRc!*Z@#<}^OJ!P~TN?@PYQ%itm;U-@<C#6DiWjl#JDy3)eY`x}lZ&U|
zSzW&mzxlkTq&vDZ0&_e&)6_NMSVv7}V?y0K`v_*>o7i17@E;9kv4=9A?L5`<XZbi;
z<wiapG*Fa?AS{OA<nKeBA|HPjwmR8L-{*ee<yK6so5ZQ~Wqs$Kn391$$N3+<`p*IQ
zKQ>%-mIB)y@sCA+th-P*yZ7^q-Hks3{#<v*dO09}&zo|D_uZa!hlI58UoWg{hrHSJ
zrTz5x$$w|RjZAI&_=ltLRc+3?@fEWluPpqbf4_Z$6Lb0dqTLtX9e(`JK-S}#kg+o#
zF!N?7TaCXUM((~^oU`t7*rNv(cP~7zf4V`_&=;y2;(emz{CnQ|<(DhF`-bfMbb7(}
z7U5*k#XoQHhYp;dzJCrV6F!@3M)#K^Z4SILH@v~^{GbRf14f-iPpU5d-NM&qi9Y1>
zjg^p}O8LK^_}A(3`YPbxtUi1V|8JP!=Q;k5bApG?qOVIYJZKOO+WWyK<Zj9mKDrd#
zBbdzC`!(kLV1uUrn&_XD+4HaHrwO0WYs}Bz<sEo;PBfJT*}cJQ)pTWn3JTEzUn$50
zDa@48VKoe2DL3+0RV)Reu=O>|r^`KuOH<Vd7j54MbI}WD{EaF8;FS1gk@Cl&7^YOb
z{TnLO&*7>|+>f9kRS>4c%=xGgB7t%<<Tt;ce_y)qY0<^=4Hq3#PhI=ohsOap6)Zpw
zbEpC!@g><uDl-YC?)viA!%#D2#YV7_NszlvRBR+y64@313%rT(9ZGrtfI~~|y=7D!
zQP(b5Ex0w_c;f_z0D)kQ1(#sK9fDhc5G3iw0t62b+&yR@IHb|w5+t~La0mes$mIR*
z+?lmz&5v*9-(BlIy-rtG*RH+KQ>XT++N-<v4)DY=Q~{VApS%zcg<2suL*+NDWVS-3
zdN(DhUAqSczTlvUvra=e@<MG2AfCU$c!DU(ywEm+{PjG@>8&KYYUh)pFE^5?{mn1y
z_rTYao+qrNaYS>WE(uAxYHyt}Aw&~l0dO1^N0jj#j&~#&G6#93@|I5!^;ieT_Y@Mt
z%WfzRu&-eUUWa=RE5FI=6aq`}9`-69^q%(gKYj(GscjMzj}yd&Fu-v^TxkC#d6*&~
z$_4hYBZbnGQ>lP>D`mbulv4ER@(7Y9pO%NQC6&1*?x^-sQvf(?0QRYLhXP6|1Gr(0
z{C<IgM}o-VvTqJ$2I)|YPi6cR0NZy_XiPgRUfjQfjtBdQmj-@}0n5W5rur-Av$Zqd
z#PD7N{2Bo707McKW~vgQ?@x#0U(5FxL@$IQhe7RBux)fAq!K`#J;-}Duf{7@vQzS}
z%}F5kvQYg2Fm8UR91JRl3lS{~mDYi12tu(Z0J$}&j9{u9CQJ$eRjCE541{r<f*vD6
z$g{pwvdOvGHIYcsso@c%;}TS;M5S<bf;0f433icYNSQY%L=d2gRAxy>;R*sos4%-o
ztQOo3s3Uj=iKU-_C9jf=11kq<qMucS+BoJ~oQBfZ%7V+fw@pX%6*UVKQMg8Ucqky%
z2#-V%M2=*@b1d39<xBMbnysJ_%+_@~jA4SlFLovV;z%s~B4a`wq;Lw6zXlTz$U_jI
zd>@p_M^LI`m`7R|KI|(r4R0hmq%SFiYYiB7>BTX+FQTv-hVPAhEgakap^nd|{c?m_
zSY0!iVw|<_19T2q;4^x|O8kLW77Cv_Fcmuuotg+tAb}BNr^O{X$H8409q8g1V|ftG
zSS)Em8rM+GwXmONiBF^`U_M`N=*wv$L+G2)fl(beU1P7LzCrz`9;s>~U{y?)nCo;s
zC=l`h!K3H|;?2v!v6eqG#hWG63y$fcN&pWpR6PrZ)v<mcR{<yo!i)w$snaNn>u`%T
zs9{;S-5j=eGl6~D*rz1j_o}+tDgYTQOnoSnPRT(0=ag`YRBNw3KLrYk3ziih9q`Z4
z@I;eSd_R>$f>2?yn6dS1fOq0)Tj4P8{j@CBT-#!y4v8HhLJ+EX3K7+Thz&qx^mB~+
z06DG*m$Yz$JuE97sO4u#WEG$SgFx~^jjX~|V8Wy-0Qs7TJOs>t3zo(FV=_;k22x1C
zdZa_H@JgpQdH8-<QsiL>VlIPft@c^$M+6GWfQb^=i=yY6d~(ML=?3!*plR|T)>c^Q
zHrj{@EW<qlm{Y?~Xg4{L6q%VOp=TKTlselwaBGD{Iv|OCjofeyiT)f)wIxk95emtJ
zXmS+{BA-|xLL%q!c`;19Tu@D}FjXsK9&r*p0HRSA`UnuGPHTgO42#*vq(kRCXKHe|
zLRccfJZqt{s1gqLkbB-Ws5LTN;(f@>HcS6P!OT&Vrg*4^CW;6K&K&)aWvaOYnH$(s
zhD3(C4nPw3Ggu@5{56REX(-Jpm_$%sKqpk%AEGf4rZg7@HI3Eeq97UwJ<E*w6cWbk
zDDFtt#5<8{D`6z#31Z(@zS?Rd_Xm+!iOF_IwH8{kFrzuFOox6l?QlJyIt__set=M+
z7FC&j?);65D}<gaOf&&sS}BdC_1~FdCY!z5P7vZ~ghl1~6|NY^aSgS@jWD&sGOh(d
z)_{NWoD3%9@hSLW9z@_8jMR~rJ^d^Vu=p(k3JD?XcwjjsmQVt<7FQVYB*3HxQQ@*i
zo<)(L-h<DC!laPGRKQd=Pb5h|@4w4Qhz?i;L#miqPYw{A_@L#H;dGv#jtN5sT7dPv
zuY-l5em|A*nz^Bf2YKqOII5X!iAbn8NDG1e7_4P%h3#;SWrKM)oD4oOn~}T@!4pRl
z((2K5h3U^Nt~r8KxWeuu(+I=?#A&$XS|X8SIrb??6NXJjOk{@+Gg85};tJzU!?H>U
zmlUrEeIcf6PG+|O5uNDa;3^1u3gQ(9tvx0V`~l%hh)O$+Wa|m(Gs3;jhtP5H)F|lk
zu5Ag{ZvW%{UZusDD4%l=%b>bQ{TtMHFWeqpNwO9ieTU`x9_#TRl)!bUIyTv>`wO%w
zypl=~su9`5Q=LetGDo2*ZrL0ziwZM9L46#EG>o*!9I#X{g}J97R=)OD1>n~-dObLU
z1Ch9v&=mA8rXd|<ejP5bR#}#fegNMcEU37Ze^_k&Xi&Tv|8!3OIz$@TeEC8~ewtdZ
zPn3mgWP2;@#jGi{N~|P;o(2=bvKOkTf-V<)r1D8}JwKdIFmq-QH|!LRXvTfn3%1M)
zlNktG*bf);8IxDpFwG0&8341Kf+}t|g!>#BPr<l1A-tzf5GyeCT7UC5z;al-tp^b1
z%7p*~A;7kbI56`74~hx-ayP>F`g{3nm_&!Gvl>vH{-Mbk`V<y>Z;@9xNQ&){mTub-
zD*DeAy-FD+Q2%B!`N%C}|DDJ)y2VuVSXjcK4#-j^LIx&mUx#G~BU12u<bZ;TU?2>r
z_brB__K?St$5;lKoTA5{d91>cGa9it!19Bj4Y0?CGcgsS`bA=hzBqWp%CappWX@{g
zn#O65aUaJMb*&p>YlN*d0D*xRX&S-oa}a9)n_L(w*$iSjMYpK8^i2So@X$at6!Eoy
zXr10;H4v5{@aieVrtz81X}CcGmc|;CtRzeW6=u2?VV#x;5~5&{C@h~n#A!y>tDz{a
z!Hja5P(g^Z4wN2ol5`vL{1aH{l!;~xEHL3<mw3-C3Wr!m?orsp%3FoI8HE$m<i(4%
zEIX9Fbc><q=ZQtuciUrGu3_u1vFrbvS3<&mSH!$e`;-$%N46F^pAcJH0AWPIs06{~
z2_ce#;D|Er<4F)GEyS2>%X$FI3W%`7#WtP@!Ac<9?WgWcE>UhhWd8)l8lZ*%Aq$ss
z%0YRNiEv`^_y>U~>FY&JoDilml&W!ZvS56lc?`*|%_w#&4S;2Dg(Y9RO)m)J+zU6V
zWf6@eRk<$Kmz9V}iy`8I>b|8T20(H^xIhBA;2A)j0G>#HKM#L^NE6-yW~!Y~5H4T*
zKs^?TNQC#hS>ca3*SX~~5+qz;()-Y!2ne~EHLhbn-r{4?+&#K}2@)Qw5W2}M^aLf{
zBqiQjqVOnk!E{9V02qlTW+Z2dARwD=ja~Q|8aiP&5fXN0l~E#xOA31$e~sd*C930!
zZ`!-$^)J}#Z^N%HNt?n&I~<wSsW)4rDI36IKqDF@7Pegw5K{A3MNG^Y#Zn87-j8jn
zBTZIepLtsFgi>c0aRRzKV-qZgi$}5G6`-3*Nlh3o;M>}1P_;-$8^l|MR46HKl;Lix
z+B$0eF*Pjl0sA%7vYEg^2iv?Ea+58&*@kH)PohFXi12>WyA$9#QQ)F+A4jeS`~kD-
zyzfUjgy%7Zbi&iYu=^5qT-`UBxuNcC(&$XYhaIb-#EpVv=WjEjA-;oPA*;|odl@G&
zc<1*h{5e2o4@G1NFkwRMmJ?$T@Px8N73R{qYxLW+a0hlA8>@&CE9^hI4EW_b4>e=L
z2FycF(GSG|J#B{m2?gpsK`qwXMT~#M05dC6`!zW{gext44L7vuNW68of5M<&FfG>#
z#FPeR03xY)QHqI48=<5RBus+#mE7ngyf+8Z^>B`;^I4uu1bLmUcj3q~JoZeOSPP|n
zK*Vo`Nyr1gCE>Fhs3qHiyiKGRG;=)t7sonJC*8IFe3v0ChQr9Ff<l79rMQNMjuZOe
zS!^N=TI4;14IPG~k!f>%t~3+{HO&0fw|0ew64MJO^y;j4gNS*BvyGiTgWf`Ur}wtj
z>g5eS;PDUe&0~PYGPqHL_<DCZX{=I_)!8}wFg2^xrOIMs745@(`LA_xDq~4IEd1PM
z=?0;^4Em2u+{L}*`>9pxB86-tqGL&j`Am#JWMO03g5d$|ZDKy~Ok!biDV?4w#x_MJ
zGNjg;7{6Y#jd76hMsn3F>4bjuX5d38&N0(fz134|2mw>%M7O<g5ULA1_i_?$NUx6w
zW#T;yLz|K5h+C@~g|i#z<4Uc82!vb_3WWR(r)YaQD^e^fC9CdO#hJW*LYFF4J7Smn
zPjd-?9zV@mxIiyOcNd68#|Q*dgH94W-joWZ5PD;m7>>&lG$Dtj8N8MYA}g{7z_k9g
za`+lfurxbOgW7c?U29mFiB#*hJ|VA&k}|hV-qT1Xqh<`0>X{u{2_l>)v`uNq#k~%C
zu966ZqMZ;*IB=0UcnOD7F&v!zWM(z>A?4FBLOzOo1wthaYbg0@5$mLwsIG!->}H-H
zEsNMd3KAB+HMz?0Y5+(xqpbDBCVN?{t3p+%mN<`=7~Q7Q!pk}hXLz+`t&H-~m_(Ik
zcmGN<;*aX%VMyrnWyX#RVn&0o>5-LYj9Xv7SzfmGrQrzIdiR4)jl(hb)DkE<P7PXb
zPjom(EG54wtsjzxfFEidMv}GPr72qR^x;#*%5?HXiTyGKVmj0C?XNICtQ`pLB;zYI
ziP1I63&l_w4yebr6oDARVdq#l4}qk&1fZ8({6(5dGqYKmksu?pGzW})zmW<EN<dad
zNv#@twkJoRW|S{V0y@3~N?ruWDPp<BElwM0*q5hjYlRNxzqM$DDG)k_6>2>W|6nG*
z@s|32OyCjkPAVfm+e8=%Bhs6IG^X#f#G<D0_AGgBk!~dXiO4JlTVtuNm9`SO(Z{&i
zMLh#bHFW!s#b0h6{wmStz)HjD#ZEW{ztsZ;xNDFclz=5c<o?@hR$rJr&a>lZRAfG{
zkl%JJWb;yXiSz|`TWCcRr5JqX>RKBYZr7EW5?mF;H}=yCn+Fft72XlKn53at-4mmY
zmskwH2!@!7Tcxw0o)9@tgfjN7Vewj7<5zqe@LM?t3BqhhoUcQe4o^WPucD=-@Ch{*
zQc;ipSPAi_lVdZY(1cscCPq#msySFT&m}X-Ybywq2_`#Br6%ARw@q;;Dva3G3Zfil
zF(<QzhP;a96LwXD9n`kUc-Fxx6T*3&(fG2kZjv`v;U6^&zx1UmJld#_HiG40v%=79
zyhsRDcXu{a9D|qiar_#lz>FWf2G+8rwG&)JL!tMs?z;KUY!8)^aNsCn39H2uweuus
z8WP8HuZQ8!7L~g7H+x=;JQKbbj==RA#9$at>xnK}02dS>G(Z0OfPL^NmWLn56Xava
znPm)w!ZBPNLN;Bc+Le=bKmFf6KA4Olg$gTZIDt6|5FjeMVOfG647s><7?u<=!Cm4h
z{!1HP#5D%1(`z@dQ~6Pqpc0tW3Il;VFt_!_y8FPj!JE2hlAv{Bmw_&vy$2s^2m1sv
zhhgd&pU|3uAwpl&G5PR-austfK`Cz&J^egv$-P?GCo3#=1PD(*PoApFGh6sTF3t#6
z01HnGXR;%W3rOq1)yv;)AwxhkkSzEA`P+Rr*+hu^HHz34!ODD`AcIK5#o{<cVSj2!
zov-TyX>7t+=~yB0*H-uv;_N()>&>4Bbs!<leN>8h9}e)g)Nbl>*eLhH<s>F><@}$D
zk6BI99B+|NU-vPHbw}`K$q@}&C*ahcPY!Y*AkL>f47zwv3}Lm@y*k*UW-oPBF1um6
zd(@nVUL^UoT@X&(kzaYA-U{L7JunswJItw#RkQ+;g|9)N5?%PICGw;nC3#4bPs4@$
zyYO`p-FQKWPzwJpn4h@ZtF;~!^u9c0)D}d3SsP7EIO{?O>*Yn%VbMS}iQamHdJe<i
zKbRfHF>IFmX(kNU@~_vuZ^Q3ql7Tf*4Asi<TGNGBUN?M520ec5-^-WGOdy*FBJvTp
z<t_45L$I+@W|Arj{P7GWu|jJr85J3>730Wq$-SE%>;e%YaNL(bxFXDvBtgh97EdB2
zr8!-E+y_c6Qb;q(Jyetwey-0@aiJ=&qIGv8TKZBBb3*fsuzf9D7Fj^zJP^Y3^3z13
z3W_)(ZS;h3B1}Mq>wS7OvpN+Dz!}lRllcRo5wg}($lG{VkHDsT9rIMb2n>IJjlo8p
zf~3o=!+b*Dfv!$*c>eU0TriWsv|2OIG)wd!M4~;Q^6BKfoJhMsK0~Qm1E?Shr2RXq
zB`5+;1Td5E-S6#bDV}0!L75>-PYGX%t%XZb$P-!X^e~9H3J|AZpzdAYkjW@eQcMjS
z0}M@2(XXTRumn`-vjri}3$Y@zDSn>@<si)emY1MF6A2Gx))k82nplU1>3rpx%S??_
zZRib$^*W8d2bd1gL_%rZ6jFtvzbeqghS%V;cFa=P+jRmHo{(9Q2lK>r>;mbo393&9
z5tUZL5Zz=jr^Dns3!umMH5^MQGVz_Mlsr)&3d%z<xk@~tW5OP_m9k`3lS^*Q{jB=X
zzRgijxO1E&!ckfJTUP{CPy(^*8j1|_G`<RA3pHhc(+aPnae(|uS1%Bgj90i)b5pld
z^SvwMTwa7!5Sln>4Z=Y0cqp`YO7JjmkY#uFfd|jIJUK?2$o3mNBBzv%0$gNbw})t6
zqt#0cFUBr{cXY3DCgs#nhxf0Pcc7;UeNRItu7e0HN5GU3Y5kJNlhL35d`$rZ-C8F?
z#J}d^9$+^saPQ^e8SC_rT-w=TAt&PlYeN|hblzTAD#h6WtkiW@Sj?vYj#Mv$Dbe5V
z_%4c+w-QQwIlq2R@a0|;;&ni7jAcpbLRB9LnDW!iVNT$)H+i~LAWg2#-%IFoodkk1
zxx>3|f0UwpunM>gDYn!jU8KO|pBX`sPI)bdj{sh9%|nV%x)SnCQs9G|F6w)FQ*KIm
z779w9N(9eRHy=z{7)8ahh342oeViPf(pLdX=X5vEx9aB*^JfOV0<iON%hMwXbqq*r
z0c<Wg3YhkD6**EiG<6Uvsuy5b>J4uv3kR@`#L1S$$(kKQoLj&+2o#};oRvTFA2ad>
zh{$p%Ptn|%**pDkIf4c(20;FGEnt{Pq!~nu_8-I($?V|GggT;3{V`B~BrGBC5S82%
zo0ayNh{O0_6o#Kjq)SRGm!}G%6@P{;(nS-4Puh$kY<N%70MIrfiOrr!rsI;TJbeR2
zQ@LAj8(<kW_nMqqHjAS`B53h7g~u8pu;g$;6du8Z9C$+RUUne#@e%~wjl*t@W{c@E
ztqVES2dLok#Da1hDk%^l6L{rV`!+f?7!8?0(>fASrC~W(qqAKpgSNtzqUJmGM~{4x
z!(&L|U6sK8$YpDK1|#~}8&q9Bn(;L41r2&DEtYc2h>A@SW&|QIBf=T@=ieC%*M#>E
zjN$l85Z*3;MxL>ol&d#~M{pRs3`7FQ;5mjohM^x;K&198NOd;VgFuY6XofB8crFmb
z9Dr&7U@B+|DeJ{xIsD{N3Prhc|Am*7pt5YFo$>aeqEh(4Di_hW@u!i5UIpsVQHmfC
z^8}hY3#9`Nf%^l6XL5{rXeM!;+e0mE;C_gq3`949CUC_Nwi}Xq15{-o@}gL?8#A0N
zJn3^>M+y)vGKAJMgwJk_Mg}c@-6LL$Veo;HvH@6i7{2Q+3MoAiH7mk!EWKtFqY)ZD
z62icn=4?a6jFF?61et8THN9rVJ;e~JfT;iM5cVPo{9|#7Fn9n6^m!sh2t{J3xzX2$
z6RAp&hQc=L$8JFC6%64__fo**|7pW+2c0zo%tq8tX~47%0NbA~o<ChoMe-a)6m0Mi
zcrE6|C|EcFbUTyFKQm7~fWr3C1UDm@mH<N}Qs6pNLT8Gp2o2LHB0vozwnCuE^3qaF
zQh6cPaNYPIIcg0M)xEfhUYQ&-3_U6$M?Sz_9QDp<L=nCQLcqG=Dric7Qf>`-j&_n>
zrLHR98AF))`xzb9oH3kh<eSU4Wp0D=pa?BCOsWx{>PWBOEe21qi$eT^H$^W+WEUK6
zDi@8USVJ*ihtQTV;b@@#R?;3dqZo9^lETmx>;TLzR2CCT1fZFhP?THDuS7u7OA5q?
za<Z5n$#w;PMH`h#G*tsJX=E-4ie_d*6Pl^7{0x!a3zfZw2<3qY*fKaqz`UpOymM%Z
zLl8$VSg<#QV|ooNLdG;{3|2%<gl~`cDY^dvF~KttxZSK)UFKx+OalzGB2)wezy&=1
z->BTD)MAKZpm<qGW{E^7%=$HQH$w_FnT0u;J_sAp%=AYQoFZ`)u^GxBGL=2;a$p93
zFf&)Tco{@+U|D3Y`_Xidrc4hEj?8pL(ZE4IS<I$JXoe*eH3izBWXQV#L)d^Z?8Oiq
zcJW5aF^3G`Ay5Es(nm22(NOI809IffNZDU*rDHRBE4#NG^v_mLdOA}Wh+YLvX4TC$
zho+_oVHiM>!9!>P5OX`Y&P$&4vVzPkm1&}jV=08~5>4p?panr}X>m74q$+3wI}s&<
znC?f(J$DH`{BvDGistK5meMg0K3oWEZP!;7Ilpveu7wiNb(pynh%M$Gtz?11;gX{Q
z-g8{bF-&wZ+J!I}by0B1y&?mvOLwzIf=J<LT=71LnZaLC<M;F7Td$E+xCpvGT{M^x
zrn#;U`B2(vdaA8uYK^WKljA&b94b3GE;115H9%s8E#HDfiHz?M(fl!9sixPp<DHvi
zMz%vwNJdE8#lJlWkI42{f!m<r*JuiQB&9D7XOTRGc=^+@eq|>Vp=TF`27s+UXy1$?
z;aUjBz!<`M*e(l9tOg9lB3O>ee?PV;>8;@)v;O+TjU#*T_hetV<8(u`Cj5BhS~Jzi
zF~z9t?GU}^7TUT+3gx{mr-dD1P^6<LSQQpzjf_hn_`^>AA>fCN7IuMFIB}yuHON}E
za+QbFINa3*-_&$>`}j}B>X8{>Lw^b~jXpXoG;$a)O`zw9>Kk~V5fZy(G%aX)tr$>C
zM2}_$2?)VifY7D45p1wYU;UO!L5^*~1g#&N`^Qus6!)FE&mQ*|$LRiQI5pMZprU&c
zA(i~Q`jqBv-z!HI!-=y9)VLwYbW2W2Z%t3<fd>)*B>(eV_9JT*$QbDD|HzYhYGrk5
zb$WXGpU(-H(*!}Qgi`>MP+MDTWo3mxAdpC;r>Ez{#6&_u!rI!Jpr@dxryvG{fgxad
zd3l0JL1Zlwg+d_&5il4GfkX%*{|W0PBq0B-0STT69fZz=j-a3*G7qVPn$W@MzyuM1
z6%wdLA$5=lD};`f&OZSE^!(cefv{S$0#H^uYdQc7hV-lzL<w4<){s_t2!tTusUw&m
zi1?2#Bme{cEdU*)j*iv8rh{7hXZT-dVS+HERRR*J1N$d$rDNr3C8+bSZ~u%60(t*Q
z&1Chj_f~=k<Uewr2tg~PRV@Mr0C}hh)W4qm6HWjShy)#kl^{&V69XV%NSy>hq}6}Y
zj3!ulqELc@|12N`VgD5Az;uu>q#(u<k!OWKB_w$M<Er!T004qIo~QpC|103Xp1b~!
zFW}(b0XVqyDz$lCp}6GSW&^ePJ#S&GYFR3E1%2<}51p3=>I%QcBNU?PRX-ICzUR`b
zFdO_-Jp4h>b|_1=zGO60{Kdi2V14O$E;1CKL9L-|vQXtcxA{;*`BbS+p<1@u=Zcw+
zM)l6iL!Uo>ud(WhW>9aeoUeDBsxTjJtXgdH+#JeQZ>nBy^S?M)9&V~x{eprJFlsc{
zuJ=Te^H_{D*KK}HU{%l2X!*1~oc7RVWu&EkcRWww9iwJz!~Rs6-bahk*3Un_*V+!}
zXtp&TEjGXSu`=4$bh3&Gt@lkpbcJFQ85tRkwYR+3B8ui*i$$Y<{+O$GSsm+W`*pH*
z*Yl1^yYtUW!tSZxSvt%uSWEzy>s&31d>A$L`H$7{)z@J+bO3+>Q;DGDz{C?JC={XC
z-dZT^3D<fUg`wkmINYJkIvl@j*IE<LDi4eW*ulDkse2KaXx_%Xjdy~dxVo{f+>ixW
z>QV`LE(Bn!m3SofgRKO`2u`cFOdKsq5R%$j0H9MuhTsYrI&G&2T3GeqKYG%%5JG^u
zVoOp>mC(h)=S6nm3+O~`XL|OR+oPzgYHgjYqVa%qhpTc@D2Wk(#FcEO+0BpaRAt4Y
z<q}+WeDzwaBsbXvT82ei=_yx`<#)S7DCs(}SD34GFkh5Xa;uY<?tXB$|FPB(uc8cp
zsU^KUJHO(f8b@vd`LPb0hc_lq*Gdj6Ykerax?L<2NkBU%*i$=gIJ|+ytb+nU(;u|a
z)Q^^Aps?r?td3fCqhTN{B2Sm}rVKQldoFpx5AN1$L%N>UJp*hHhx4(_A_zC!%cB!l
zudSvr`R<)D2K@0migbs=weIsn#e^<slEg>?4P6B9`2d@#IQR)nna~VOqv&}yyql5G
zMRxpn=S&`e=3R_Q{W`oDN8<2ZPAF2liA(@_?WIGE@)O<I5#78$YsGX>m7@^D<cmqO
zmq$OpTm8+tRC@5RY7t7IFZFYwXAA}=FnX&xIcxph?bovPeZ1S#dEe}(=c_0j_j6~s
zt03QEB*|}i>_!&9dU>BszMHM&i^`WuK~q>rP}a-io87#({I`2WAKY*E%R*nja)Onu
zd2iGb@LbG9N$2QnrR-M!{{B%r`Nk}>l>g6ZFSW;?-HvzIXe{Ti$A3Nwg-xJr8d<~I
zwn(pdttJ-(mxH$ll`q@Ox|lrfZ}zB}?w=FeS#@8Wex>aq`}|zG>6pyqb;q3P8|{X_
z?@d<~`l&yh7oVVTH4wYdfpk1OgtJF9EDLJKj*pKCiR@mBhO>#%VU7f6BnR$~v60v_
zL@0R$<`wuH4BXv^!jH)(eEYR~gv|=VJ(LHnE9#=YGp>D04n@8b7ynEhR4d3VGJty&
zAy3IT8uh0q_uF*?HGJ$e+KAAcNMNdy{$N5$u`&<#5!x%@UK>OGu)sRWD1kl4^Ud;w
zWhfZ-HA_O}4aX7<g|>L#7o#&2p|1HUG)zX`!3$l8#y}*o6h(-=VuZZyVB@%|jY@fz
zq1LQ&OKFe9uj1Y33kw-`xrT7|6W?1c7RZ}jr^=QHBn;3M@q|AgP^d@}rt)WE<$2X_
z@oDd^yeka;wM@=Bdh&ye$PU)477e3tlplI>3#l_GseN!5I9ItT%F3y%qdOHCd^yZJ
zsytxA@0oQV$;P5k7_!4&k=R?wCdhQDVt4oLeM}cGYgodKx&w!^ZF<A1V&}XlrL$i0
z!tX6Hy*<qbNp4OX$<`9qj$_X%>Vc-15r`r1k&&z}?JSH<<%mW%D8ei4PNQ7SnmvRN
zs_zcz%M~S6o6_TND8U;oQTT;D*_k)xPaeB1A^ja8*Zt`Qg)}$#;VoQ=aZHcQ#OYya
ztFG1gRN}A7QbT3hN?Z+r3~&mrT#JKF_(pOGj`TKz2Y#pLtw_XYky7T(14Mz0iVsW|
zp~o;aW^{B~ai&-<P(|At#PK3`n4(-(5=#f8qKB{z-q4r|&>Kq9Ep1tJku%y)%_WPk
z_G74UjK??OqpdC2ojSDPhJ{$&sV047G&r=PCMbMGOkSs#Vpm{?ZI~8qP$JXgiZ{BT
zc{eXo@4o%+xs#Dh%aCqEp=O0sU71N=^Z4h6VrTbPQF7e}h99G_Jlr7aRnH%bRgy+k
zPDU*1H114(T5<I-Wl~e>;C<vv$#-OC{(yO^fGQ!UCBN2!NBi6`rQM9-gw;N9<b>q_
zOeJ39F~y^YOY<_bMDa%;--zLm!81gb+i>vH@2h+Ak5XU#tkJdHPw%w(m6jYMWTnb&
zi}mhNSJY^AX$(f_i<BR5u+8{3{@wc1)<>B*%eE^?rhQP|fnNCbN#yv=>SpkqAaNe1
z7B^`8i+fY<P=iof7yS<Ho!&br-}P{OXnPw$)2qSDpM~%LHd}HnrnhJv6JlHZvJujq
zsIceYW%ni2?#uBRnT<wcPsdn9*3S1V>7Qr5_1lKk+Yc50_Q)=b(Ki<R)!>8en<HV1
z4(&Uc)~%YwR{8uvRNG{L=C$Zan(J!um~dHE$tPXC$_;MQmWMLP&$Xn%{57}DlO(T1
zu2mlVF#al0fNKA_BUa^7c-y)VuubUlHugaH*}JA-FW>sF()((^^joMkANfAGK;giP
zKtVfK7sSEUJef*MTVs#BbMFj&e@iYV|C>{nq!ZZZkSn;#A4r@_s24w*M%~6Wzjex{
z*7*B-!@p_-3Kj80-_@>R;gLvu=9&<1*VkTyzOC$irX?S}*|!0Ym(Zm{G-oXS*%6PQ
z0MqL@C;pZ){7C%h6UnDD5UJTbuVqWi4^yvn$-DaA#JK5Ft)CU9cLzq}t+P#IKdS??
ze^6TKRAGBA=VoT>(K*VEeIL7OG<DoPi2Z5&zEf``yKPW={P+IhC^h!szLvCX+uCL_
z8b9dnG*Y{LgWALQiwkgQqpf47Ao0t-K4{;2wrxlG>&p%)t3&8b^F_P#^|M5?J#wwc
zRXGy7Pk!Y4)nD3&Prw(WrEM3ltgn%@o~OO9(oKjX7>@fkJZC?eed-FAK2MPeY@1%W
zI-tL|ygCd_xI6IwfcHVh$hGwMX3h85nn&mI>E>J4HjSSOMgDGOT7J-3P4W5OXs??a
zFExe>_X=+`JSD|hw=I>KuWnLQX*4WuFw9p(^%<ai6;Vq)uQR4xl=@zcQ@=^acD{V}
zCTksH!6tfnWlx->F<PX-q~h@XgW!j)Hzs;ITQBXLXF~RN9eRANUn$xpIY<!WN=?~6
zqvk?yT{=ms=x49n=v|n9p$>@@4Uw2d3-;J@`OB^-yiPXI!%GWNoV9)m5B=dAy7fLZ
zUsQnt_e~D=v+TO3t_oq|4yGd57Qa96Q(zqb?!tz|LZ5M2zWC~DbRFW)_A<F79IH1x
zTTCAv=5qI@%tdC;jE6&ovm~^5CR}BP29{^<VjB@6Y8n!5yD%enITa?<r`Q`Vxyu<|
z=l7O2RWBe-KImHhHQZc@Jrb2><Es?;UF_*GHM%UtGRN98(LcDZ&#F$;c7t7%Vj}nz
z+T-s-V+W<sL_<5?J%_@9n6+Myy@<%iD)#1OmIbMi@8(?me>#PxMZ&jfj8or9^=gF7
zzFV-5(+hPVOAT42RvL|r5l)L?h|qg6pga-zlI!Yqi&*6RK;#&^{vsS5<Ny5gHI4kW
zFawt(_l)_Hz14^2i0SSy_kp-oYNxM}b_QvN-g{AJqVbn1I%zm=H(Uw79iM+zF`+7p
ze{ye-REw+5RsJ}49l7Ce`X^bJ&^QW9EJ{!T%spXBf#;H6_L`0+UQPn_!B<*g7WK=>
z<y&(sFz6J)mGJZ?TB6y8J=G-xoAy*JZ1#h5XrmR5SQP95@52O8_nfD~cbHdG$U086
zV6!!US<F+T*I2&MRmsuXc;+E0@0R9b19w9q4`Pk+Xzg(xT0}hI{P~O}%|OuBLS{eg
zlVPY&(_8g<AI<dWyp-4s37d$$4^yIPLg^rT6^}>>U9>~6Ee-D-C%hNe$zLR0!|p?N
z_y_cS`to%WWZ&h+H<t5B5)w{3&FQ@d_vZ6Wtx8QL%n$mb7hP-oA?3!qVL!cbKItxe
z&PhKi-N!e3x=g8%Ibi-#7A`d;Mgd;c;`(qdtDG&9g(`ba<>_q62R&mnk80$7idSJi
zxWvzSB{jp999(&omKm7?rZqcw<ut+hqE(ePx=6h{HGzFkN;kn<;OBdYNj~$u2hOd>
z+qp>m4E5p<o}~El15pntO$xs2=eeAP(nMR*4dvr!fNpN`Pszb#YB{X<5*#K4)U>fY
z0Z;i33W~iFgm0zd9u#<#rAj#Gb5&4rFBAe1wABxb##zBnPIFa!3Y*>+09in$zd>3H
z1M@-dzlyC|9m~-mnp1t<R<U<_-p>Mx2Fr`VL&Xj~bdKbO&ocyhJQb%yi)S}W_U`dY
zy;|vp$w72Rr8nN7Cpv{cdrH`bN^AE^-?Y-f6U4$Y1RmCcsq#wV3QKX;i>(&Q-8f66
z`h4Q?%ebw?-#haOAVHC>aM?z9s#rx$B0zyCE3L?&!GQbI%K}&`YVpg61V4tFeDwYV
zqMEQ}C@fDrtLV6;?G*ml9l%A6tTe=@sj7evwN{SY^6&t1;|DD7Y(Z1BG&33S@6lBw
zw*Y|-|MCLMfjo%Us`7(Sb>!3P9elcR;g3rurECd&i%Gl#_%xR$HMQ#iQ62|rLQQB>
zjm!ji!iVSYEgZyCTPIhGJ)Gz82!cOcTfkiNmb8wHhYp$vl0kCe20Gt~*g$FX{@wT0
zMXc8`Nz%bk92B)2l2&zf4<RD*oN%Cq=XY(~`X>QXI*kH=Mu&w<So9$oXubf1MOH2S
zu`C7DAoq@r90eKz0WwG?U2hP3Cf7|J<gYdK>?wj0RbJNhDV+JU9zj|EB*1M2Vk2X^
zc*=DDw8_tu^`Z+goDWQP)z_gL!}1$lc<7(Lq@O_3(|R_)<ze^&Y7S*?4mIU~13=m(
za~uymfv!b$qd3pGMP?D6{;}mis0FOsa^Tg1CT%U?q0hnxvIARlhv5}%tzXa}+SC7}
z2d1@Z?MAnvgxVSw>5ex3lP$P2iLLWDHHNOeL$2N7o`8Pv2leo9d)s=uJy}PvP{(v8
z-RwuUxnb&swvMLBjsd#1>VTIUbfsHAT6E|<_cA**>N^?FI|4~NPbKNj3EGY%X|4jl
zkejxDcj=tH?Yx&1xXEO^{78LgimCR(bnsxd)G&luY~(uhaL;D^Q;4h}m`M;!JJK|9
z2K1e^<Ab{{xVy-g=qQ%}xl@P^0->q{Rl<NoG<r;RAmUj)qP19}BOpCQ4-*1GdkP84
z1YQ%+;bl=1WOXNkKzI{?^jfh55=sxl7WIVSB=niI_n9sASp)$JwLSDms44(3O+Y3S
zKb9o+`q%Ypw8P0K0F_e^Eway05PD~s^);aVtC<<t5Cc*Iu$U&mlEbvFLDcSl`op`}
z_y8;k3`krD93(ZEtTD)rg3u>Gbtb@%y&E}}>bNQgN`*lBwE&Y2mN=>}rG2P!<m)38
z#NZS}fW%Thq<QN~9mP8oBsavA0M$SYR?&}iw|`~FKvhpc`pE9H+d)3Mp;p2;qKV-z
zQX|u5qp!?HJ}vPVcaJ#z7#Xjm!JB|E369R1jqNObrBC>zwJ5km-@Ni?GzA2LpMn&v
zuy%vSuPgh+kx)o!f4tYQZ{qOj5>@9ph#nZZ$(s0O2G%<TS$-b*%|ip0o^Tc#r_US0
z&z}4h1ff3#wewUT-T!Gm(U^>}o`hFTas`hmU_gSk6<+lp*@9`vYXN%H*9XB<*JfY?
z4CM1j1#@f*E5lSc2qc#P!Hu0#2_CadfatG{yWmgBS3PC&gsPg)+>Ag4Cu(IFCI@M!
zJ<x4Aw6l*&M{+<Qc|j~rw;5-*QH2Sp-08S%cB{n^l@;HtACb7-GExEsaasQUD+nr)
z@SXg@gBQzGR(IHB33JgMb1}<vad&eG4D(6S^U3D(WB?ABWiI^;cyjbT$8C%~0b<he
z#Otmte3Z&+85Be7#h5T(N(!|(o&RJ$_Gki1l3i{_R9o6XRo=01JG%gw(aIrb>dlvC
zcyT<cKHi0me)OAM?9_C}RL!TLp}lTPvwS1U2}@7#XM)$4#+O|uvsI*ZATE3e3)hvI
zn3dPTP!-hT(kS%`15(o`CR@a5osU-9YJ8gr*d1NnKU&R+g&b)vv=G&`RZ*SAN?#l$
zYCEo0GtipAuwPfLm};zdyRHY1LZ2enPCBUZwB$FQh4XB!b=}dxF`%5-b)3A7%8?Cc
zK5YKj0EXjN;DUwf2hpte4!@3QC?}w~RT~t?2=gU`nd^$;@pr}AF-PMy*}yfYv-K>0
z!&A}KT~*~GaS6#W8W;d^s+vU}uaXw@!F1PcSH3F%5G^-qK$DuhgF?q*)zCkY@IEd1
zmC?5K`|V6LH0W-VJgHBPc<l}U&cV@!c=j@R>(ZOEopQyuv^T2f+lqQdkNk6Jq-7Q<
z&ig`%*A%Mv!{Vk?$1;km+O^`SqAfIO=A+KibdHTA-oK`SB|yYRckep()9<(K?&sM7
zNZ#01p5(#vrw80+2mZMG$sgWU-mhg&0$lF<8T@-8{9EH=h^FJi+))ry$JWCfY78Sv
zF6!-|@~*S}uGQ2*>KUkx|3~KW?zhg3(dy%LnWG$YFcXm1vhl;A?uhags;u)Mi9KCG
z;rLJttKaR%A@Rw6^)dFzcTK^C9{9mGmlJ#RiTqBSDo6Z1|Dhk`^nD`a&QkF7$l??+
zevBI1XU#ngzQdBLjf*^{CbNv85ZHzL9sGHHCRcctC<IcqT81+1Ofv3G^Di<Xmfh=i
zGA|KoYzXJ5%c<lnwOn$yY6`w_9l3hxSmN*z<JUt@7YSY)kN=*1Cf;H5SeFr4G=Ob7
zAD?={nUyRR2*JjhZzMh5kZb2sJeB<k=6da>8lBY;k`#BCb_UrBUJiLP1(ul;n7nfL
z@Q5Ul@bVyk5l`X!cRAQ{BMpQV`sRi!7@}i!%~y9F_4j5f?2-s<S8#%eTD{DPCy#$a
zktlGpdHgHx%o8gSP(s}_)=bFNL}fGmid_BetbMC$dkF*IKEA8FeKL7leIjbITF3AR
zmh$@d#G5gtysZ~<m%Svnow8zuB!A{=F6YO|`z<L3a{rjs|A~0&Gx`@WfZZK>j1tuR
z2857n$Pg?dM#V@NraOcHgzF=Y*uX?l($F?s3$8zjV~{2@1CU+HN$i?Ais@wQq2UbR
z_AnZ~9gPf8x0T*>z1=Z@k^UY^tG}mHpcKofl%c<`TY{t(cf_n?^eYUiEc!AGei&Ap
zcf7`;oBffD!#$d#l$lxx1_-7zvQ^G(dYj31S7sckxq9Du+z}H>oS#^AhvR*Mt|jf-
z^v5#DUg71*gNIW1Ec>&JFC50QrQh5W0+)N^l=S!9o`Q%9quDC+FA)r;Ja4fh+*Y3q
z&+@s)`EGtY`uL%yKPE8zLW~Z6<Gn*i%JZ7u{PwaxQSZ^$9N`mhY?hjjsobW2{Li<I
z-;d_JZgKzV-SnLP_@4RC=9kc>)iV0Oue-;~|KbQ@(keG=FcBGnz~>OgvTi9Hrm%!|
z4sOBP?)o{G@utqbk0dqMkC(>e6BNnndf)#c7gVDBXu2m!K0`qI2$#4bFABGg<>1Lj
zs&7vlS;+i_20kxz*KqyX`n|7EBtxMq%bY8MtCUS&5H&<uvlNBos(UBY294gUtDtAz
zN~{p>@i~G}HwBR?z{8y#71ko(zt5LQC;X-=c9)+lT$*clORg^G@y%O%t967JU!?T$
z!;vS{!AIC!gv;MF)y~?J*`y!x)oEve!||r&lo@K3v^*3j+L)Y;E}t@(hbN2DCy4)4
zQqOG=m@y$)@c9mw?ogcu!q|PM<%55!Kid(+9e)ZmIA3ZozFC-LepoJzFmbIJon2u3
z$VD)Z??IWw<t2IW)9feevs1n`2$$00r7hT*!{(&#`|>Nxibv{tGY0DO+Z-wdGtcY4
zT`lBMTv2g7AvvD4j%bS2(L~*_HZA4xYjK&!rQ0@f1g~#Dvq(}u{<WMO9{q?b!1zh}
zTt?g-oE`mPc%4Ax?MCBnWH5idbz~b>z`dhKROcB1qqDn!ZHe~J>-|Of>Tg^AtHC!1
zN%j3EKZ4s<Xzi=I`lB4mWm{=la7yNkxpEUD==Q@li31#)cjG*}>+4<wcqkNJ1qxOi
zeGd2${N<STtWH*%=Ij-NZ2H6-$S*FpEg5*Xv14q6zq`@C%=J?zi7$0wBwUv9D$@_K
zf_^q&<0Nk-_887@FW^1<v)#k09mJJA;&+FHJo|C>Vq&$L&idPCXW%Pb2@K+T@iuj(
zclM(;o?rEIoXoP+s+b#>w87)xph1ukd0-@W7~<`S<!4ikUFrD0);C9AnBLqm@Pe>^
z5)`hO#wez>B7Ow?<%zm#H*8+k#0$DxeMfVIP?qcmNCHz8v|^*5eYuO}e{=aeZ&~VE
z>;eW-!TqBSKpgnND_@`CDCR3uz{QS5Jvm!`Fnk~QCBAaj8#2>_@J>KMuHCe(2Y#6C
zB|Q^i+ZmTr#+4`3D|@WpG9ic+#2i)RpGxC59zn6Se#Julq%M{yXyXU7=4-AF#5p!t
zu(>NX=4(AMhnMLbZFcX$bsjUu>WQiTJN(IzK2~%jqEEukGv-ARn8Qg{5W1yi(*1r}
z)IFw=V3l2NyY0k{?7e*^J^tbV9nq5kf6~BN+#g)6>@tUrfj$X%tTZaz7L(Cu^Xk<R
zg~R5~j<y~2+m;B4VJyw_h`ZDVyF*5}oc%e!j^mcabr4()icS7#B-%jib2+6@*t<09
z3VUnpy#dMfZwe81WWnOeIo6$fpp`9c>UWd~dVYu4u6hpl23UmK)r(Ax$nHl|ECcm1
z^;$tf&n?zAhkX|I^NyT$-%-^9{*B5x7p{aN<uA0qZ<9Zgt__h@iY_t6^T}IxwXX2r
zXQoQkQ^m2*4`6XFz~c=o_}#+wgt}*N-_ysJv4aR2fT>8N`YFdQ>g2BT7%nfCtcAEO
zR-b&3mG()GjmS~W@N?@-snK-W;||@S0JYJ-Aj(GyBF-jXUqG4JeipUWY3jvK<(Kz6
z$@mt$muGM``~vL<-4%gct*}gKrg#<QES8;ZDBI?$O0<K6I*7>P@(hPsv7_CCT__E1
zbvis7v$le`-fl%_rKgrjzU?Eifw!5=HePYYb*!a^OjHidrt;WCvN)vRKl5r#uFuvi
z^77tRvD)x$D4MaUB7-g-YUF{&!`*#~CCv{EzqfwxbNBn)W`1xl6p_&3K&obCdTvn+
zl_)E7*OS*tf$P_tc&)Ppmk)GAI3~h0kIUOXTHF^nYm*OvNQX^VShuXecUYVrke6lz
zDO6n~GIajSkzo&dy)elP^5otG>p%HLyPFy;UQ0;XAS@0*f@z20u>nxHPGm2awEzZg
z#*Fi2uK%tx>C_tmgR;at>${WkfL#S{#`hYTKNQo6jcT`3+fI|f8vx<({@GL_LPM|}
zKB>lJ+51GL4O>!uc%M0iB2h^nl5Pdz$iSopspos##G;bcrJmnMwn)Gb_37h>c_KCG
zV~q3Xxu8w^hUI4yZ{t2TpPD%^ofwO;r*-4d3fd`BvrW9s+1J4?=Yc)T81T~~feN02
zSi+_!tGhs?Txw3*<XhiD;<yynyPb5JOp@u<kt8yhuqU}0JnU;IY!gp;Q_iiKH*vl(
zkIf}asDBTC?kCZgNq}1XrsZL`>c*iGbb3yr+O;gE@=4Nr_4eu<vBkmPJVW4iuYtn9
zo2qWCsml%{(LuKyPz}`WXStdTQ)@+tz4SWkaR1U02x2M&6PK8+(5>a+FO+nnagL9o
z-eyj0YBiaOtmuSsY{__6G@H)zvEWGMVd+E)69<@2ldYj3swjB^M$eOk-QS~Fa-lB1
zoiB1o?4e9vf~}j=XK^nxIu&Ye9x30m?6RywXc1tX%F|Ax6bwE+7ntH-kWQ!~wa>uJ
z1rQ4QefqF`_*^+~VW!isv1$3p<L&Q-DURKBeCkd`*<Z`#H@-Ifcd9TIBqSgY1Z*J=
ztjoH(`yPhTx}qV9DquinA{3hqH52scYLtZL<=D%Wi(H(J-QCw`@7LHX?gJjRt~`pn
z;k#YdA;%4Zy#~U=+46Cf){w_9zJ$|WuKbGqE{#*-`J04S5hAOD-0m0);B(1g$$$I$
zvRF2_1(JP<zyHl#D(=>yhVf*iro_}b7a&x829ia-xlLqR#?gt`S>sflE0=w9`(5_9
zkeX1nvMl)UWSO5%;_=_mFQ;_Kk@vE{6);c@<R2dC+iyI72{6+Nt$%rt;7Ux9Bob>H
zLlh>1EfQ4`Lf-yR`tV`3eH-$NR|ol44dE7s%15s00)x%QmTxNEl2JpUFGt?hMeoBy
z71YH9mH+fkj<FrXz$TAA??UKzQ_**`(j!@Yx{cMk*^9cd8an^ny_3HV?dDx7cu?6b
zkoARQOMYarTS$>v0NNvRh~W`YIOXXP(`ORV?~yo^5(?`{2<(weW|S!EkqMI%o9?L@
z?m?O{$Xxa)Xh=%3Df-g&DiP8vDE6vQ$RmAvqg;B`r07(VdsXxmfj`CaJ&NyJ6~#bO
zLuJ5W2H~$BMa`vNg~Q&X--<B=N@!Xof}4-$bZAl(Iy?_eeyT)`L|akxTPuR7Py5L8
zK%2vTTk5D^l5&QweKJ9P_dIOIS$&-f%ouVhMgV021ycYZ7zPYQeDxOj`a)6pg$CMl
z8bl!u5(EG^9F1KDJhzi^jOmxi>Tl1)td#Y+G~6e=aV0*t1-f5=DG(5t%GYqafd~y{
zUI1-V1ftE88rG8w8u==+q#RRQ6E_W80}q&*X5(Q{|Ll<?K{P6$w|0Z6KB`a^kT4R&
z2>^_asBMTWlSpXJ=3tH#zKBj+?BQ2BUO93?Rf;0|_k|#S04(f3SQ<8z8Z$r+0L=cV
zVFC#z4c6KXwS8EdVv*t<K^JY1z=@=q*g_^g3=DXJ7>owX!iJme1}G9h)Bu3ptOoIs
zi4<(BIvo097gM7snNP@1yVM*{K2UEL*Q-zP*-o7%VR#@}BcgJ+O``@qrG}Xv*@KPL
zvue~sC2$W_`gn!nNJVKqK?8SLBQtiRFDlh(9f3f_hLNR_g{AU5LUkR*$Gv}K3fV?8
ztVfd50OmXph5zuZqSlrMh&>O4jS%xK)Lcv+)9%uYhczwJYvPLxubK(^mZPx5K{Fa-
zXY|@Mo?xQp5yN+5`*zxa<zxIk^2-#Ohlk3?hgx>3C@fDjCu02maGb&uMC2*-+;sd(
zWWxHDc3ktAGvR2<x#sWow6)7fC>%|`rv0~9=NvkL1=snxq#m_54554q#Zv##E<+a6
zS2z9dHkSc!85h?IMXobISp4)n2uuwJ&5wKnGd$ft9O)d<ba>Z?QYeeDo$T<MOhJLp
zDknKKwO}Z;@ag@8hh8M?X!7dM<fq>wtPFK*e7HDkAcVLUC%fL3A_$IAeY`ozvpm9^
ztw<iL%^%#T-UYzZCWZU-wt7Rzamy4;^~A6=9x=4>rA*;md;`I_5d%|74BG5#pvt95
zlDns0p!(Gm`Vhpl{E>h_Hj3STT3bnr>u5sk_mtY_Y3OJ?`HVi9`ZpYLv=G*eQS1nX
zQK(FKy{@Q1cI&i;xxupcB#sWmn9^`oBUC(ApIiD7&#1xZ(hTBghVK0Y7w)WevEkq}
zx{<{|)nL~CZrCAw>iPDkwU`i*vRUs~4I0d>K#zetJEcdsw&$pDKmD^7Li`s>sBm%R
zw~o3#cUbklM{IRA&+zf7^pD^M;omih$R4E`Hq+xv^?i>BGV-2&#%TaHwHJOf%9dWI
zulAEXj)*cu30FeW2uU^o^#ljR&IM}D)0!Lm#LPvpPl>{3=z5IKt;Ykr^XS0F7D980
zKMlyeP|uW%KVYGR-R6V%Oj0yWq<lkmi;Uf7zS+_~%{ns5=9_%^)0pnJGGp^Zvy@3u
z_`LTYycfOC(y;LB7#72W=4zx(qs&bj!iOnN3*UvCFefkg3DFG56)x=O&z}|HfaezT
z7veiiu#SwI9z$~V&HC;nlFUC`x&rJ8Bem=cjlPQw1`AP?(ZhEpDFzEZOJ?Ir3(d**
zXsSF@yS_*_A}Y1*2O1mYAJ>agZi>D$%ynxT*osbrCzhADmsfr+uVSsNQLe1BuWX2}
ztVmDqpt_?f%J9U|GYw{+%omc)7Y~9>C;L{$wwHc{n>HO;oTLnwn19OnnIn8&APino
z7hV-eLi`l9JZM-B=`)8yP@A7ufA_8anX%l8W#g(WZ#?B-Y@Qm7SxKp~*vDEu!LmFW
zT}l;QD=M})4pwVnSZ!sPwx!MOV5bu{p(ie3{$-vwSGUmRGrP3BO8#V>Vr+HGe56k)
zy0i?SMrhZ&867g1?-QA0&pyMcwx&(hKv+GbW3`<1wWR;H2%}<MuFJ;DNXowZ+<ddF
zPno*$pu}dyetmla)%9&-n2YxWj>6hoIBQr5_-qaBw-%nY#(ljuL1~WdK1eYEu+VMH
zXl_(6XI)XQ6UCW7KR0^qwGjfFKdIP|<FLEyuql_Q`r&D@m$C*iG{xiJ9MiOI2sS<P
zwHx$7r-#={^e;Z{+>~-yr8mivV%+w-*(62V+*hp1J8T<LttdETY_s5ETYbxCUx0RQ
z9|v1SWZ9`1T21hoJaQl8L@wWN*d;#Luxs4ZxmpXbv5}S7mQ&yMeQ1~OxE=1fy&k@u
zK_iTdvWtja+pn_o>NGR!-&TLUMJKcCMdk2eD?}u?*0$01VG;vL#C=|B{&QWK)n8TS
zWcP+uRSquvcCKSPYs)(g$=0)M(GQ7Dh50wJUmFjJ+FGtyFy8N!DWVaKb<8Wa4BpFC
z8msZuY)|ve_2O0&q?d|J?EkRuE&E2IE%rmMmP2JSsV2}{F&1i#dtTTMLn(Wf_e)1d
z`?FAVKf6#|1Pze`2fFY1oOwxtVU{e7nXHUcPPT(()lPbx6Suol`p#;`6kzoES)kkQ
zhax9}a^u>79b~Kn8rSaWkn`5Eb6&y^@HJjb|4wy@%ZKXKw#FYHEY>q#0JQKQ-TcqD
zq(G&y&k6eVA;AYSjFc}$mp=AaR>`bX-~UKq#OI;f8(DD~zr%K&82d5axLWU!0rj`&
z5qmb`rb(?bPHE>lki!{Nt~uCg?ntzkw|2O^<1%`6w6gPKZFYHr!+n_FVyZeFZg@1q
z|DzPTK~2t<s<SLMnq3}u*m%E@Ox3q^<q{g_)L~&i!r^#Ed~zaof+23fQQ6yeI2lw#
zFNiy<c7*WPE~1Xq7E>*kEY?@A+)sDh&KZwe_&rvLJuj=9v61L2!_$Fj&{XV+4RQ62
zyX$Y6nTppocMkg({XdTHfBdC71^@B{pLnKLOAzWzV<~%;O`}OY*Qs85&9;K)OFThc
z9?2!HiSK>@k50~JJz+Sfq}1+zsg8du9mhXCp-{f}{t$G+=Wx#P@|^Qa%<;g+geR`R
z0GKA%3n=&c*zd{m_mmmuTyXcSmH2{`+8f4so}qBW_WUBk$89fFAE-Si81s%<I48i_
zyX*hKOyVZAdor?fA^YnEBv%{<fLPlfiN&j*1$)wfQM{20m`e8_#B-83c1I<B^dvsZ
z*cYiQt_&x~4+UOq@}0-G>~U0C3(5R6Dh4s!ambzT>>nF-^qt#(_R&8+|JHc8!T3Vt
z*Tv+{p$xU}2*=MNIyA^{&NFA-;IF<o)yCXd+1C;uzYbrgG2fbgzX$xjaYAR>pB)VZ
zTp60Z-mCox6#Mn~r8dErORv>q*OxEdv>z+nJ)h2%S<AXw`c%9gq2*IzaM%}dy8G@j
zo14Be|7WLp$)XcSXgo(}aE$Xy7ma7FFF*KGtoT{J;zSbL3j1#Azg=YPHxujEd;aF?
z&F(O&v<Pi^O-Qx>h4SO<9h+MBaZ`0kROu`E6R{nJNcZun*m$dlSJp4$9G_7BDrJ8K
z6Ma?ghA4Jeb*O&Ma9&_%bHHKv(ro-9qv>{&vH5RDISBVhw&hRr+3g=n&uhQx(W3O{
z_-|EXuP*F&N^*BAD2)Ph{3@=VR|X4hcHXu(*;EFcb^Z#R4Tv828IWqWS^H%@C)ZJU
z`&of9o$+(}9<RX8;F8eqbHxrD=N+TvO?Oun-+zxaZF~tipCAdIgx!4`kKs2=ctqwx
zyM1Fu9FV)a-}~|#Icirk!cX<>pDTk`N$xlC*xN}F4x?}U{l<O9AKkB~(o$({^@w}L
z%9{9CSb0YT&wIGf>VvNx{tS5qJ?6L`$UO)ue@@)_$D}4H?d^4^<o#xi|N1<+u~?)n
z4lWdoL&ocPijWTl04_7G32Ox?j9r)w*Ndeu1WxXK=no@^0kJ42@j9Ke4JC6w`{cTR
zUaW=%P&GrX)^;=jkl*>?{`=kTY`IWugo*y{c#(1nnP{s%mu{X)Hh0y($Y`t*8)!BI
zkf4!To3BZH1ms9`0~XaMrH^-4d`r#VyVbtxzmAu~J?A(2hG%%!Fam$^`IpG#)o>`J
zgx#eQs`{ennB-scw%GI!q%yoX_O}UHpD0l7Nmi|AH_Uokbt^JtcrY`gX|G*OWKiK&
z_B319o=@M!u$!kNgx&4WwPTyx;+31$vzm)N-_`RJ#%JQ^hrD$z-|qpH-BX+o&q`uy
zrIgN71q7&1Eb@}Dmv^T~Tv|(JXF5H8M8vkaxdQjQw67WxA6a?)F2<&R$wm5%DU38}
z%h1=!z>y(>My8bBht`D4I*cg9(TGB={iTg5Y3$oXg$GX}j04_h52O*w$M~~`{mM^W
zeO-0*Brm=Ot9<pTKHk9HqKgXt{H6h>e0JuUxSA7vxL^59{##>b+~sh_XmNW-%MevV
z65$d55?i{#NRCV>8q<^J6<4z9CnfxfGw0PxdR`7vBAq<BZ&0Gl$l&VplCSw}ID6s9
z)3>RGFT9+#3n^`!*5$)EN}a5vP!k+wwB>lVWqBn4#3rl4c~#>Y>pN#<9k*j%r7T~X
zW!}ewXx)_LW2Kc8j7>CGNf(*qVO<nI_cL_gJ@-zvs1gqqG$(bT<Xwh20XLPDxFBCM
z=VZ&bD#h6V{z|M2o*z|R+qB2k^xTiL>n|TKI(9IK4XsC9EPSj<36LWYsDZXY<w$bf
zC0PS9`C@j+Y3_qu1lu<&^!Zz9a@(@{U*AjAs*vc8JSZNtcwAo8xne5(rR(bB-e5#4
z;rRf|q=r{I$&dE>K<(26=g}#XEV6zEx?qvEH|{^(C%h}#c|Y|&ajvZ4l06Wf9l<yI
z+}bm?bm?dHku5ArDl=G2Uic5MUxUJhGv_z2;i|lEBJW17lC^7=T&F=yF21wZC5OJn
z-QR}USFkwUbs?NZD6uVvQb3X5-H(GSRi*I`iCxXtBMsXK`3m8+S6yc2`+sjc^6Q?}
zzxLlF@7K}=3v$s*92d)Ybwlc3M7OAByp(BQI+B_Hw%qysQS0na#@mJ&q33QjpQ<ER
zr8YWO=|!OTta%BN*RI^_Rp%LC%cRrZkE?ZOC>AFBn_+U9FKa(*s&6kt9-Xva{N^tG
zbCqF;ji10AgiT0-+YAf8POmYL44AoPDXY8UI|>f5$@2@aZ&uQD3ypxJ4IVei{_r~W
z`8&mkjkESIGF<n<39^>gMS&Sn9O2%NSHspgx)}PSL;ON>i4r%PUa=DxM}4!zd(-#j
zz#!VWXo?yLy$0ZWK!hP%B(arF1cDg<EvqUMNl$ZWD?0Ao;3OICRM``bYW8TkFcjEP
zr;mqG2V2AuG%<q9A+VtF*5(iEvdnWiX<et-2r0V=ehOqLADM?|GAqLiP6$7)wM`g3
zInx~u@C4~C{6L0xlO3z@kz!I(vYrboKHffxY66MJAG0;)17KrM3nr)eSY;#T2F(MK
zVnQ2=t)CbVSyzxcxVINUXps<VDNyQS20c-Om8#V->4&XzR)PAPK}+3-g57K!;-vE`
z{;?1JNQ^LeKBsEW$5gPjCNPlmxzPvq-tXrRx5SK-+FvCpK@M&?kr3_)G+9F)ws|CW
zoa!iE?Kdn3n^J$fH83qMGw9D@fv7;lXyC@whg;}|k^=WPf#?RXJb+SQ9)iOFG&W)6
zuF9tVc&s-?!VNvKifx6SbLx9E%pZUNYf$zjtzukE2(cM}BE|TWHc4sn-x=sl1+M6`
z|MuZF9G%mn<H!R^A<K!Qo%=Z1Qm_SekXWArdSb{ld2GeG%r?2dxAglGGWP9b%~U)i
zbWeE)D?@>w002M0T)Ea0LWuGVNq5XI4-BsOn9MOhsN47{wS(8;q2xT%&d<7>SaVAO
z2{ex5`bR5q5PoFqm{>6YeT+ntHv<417X+cY<9(7JpgDTp*wlH)=Sc%qTOxbrnqOQ3
zAw!|DV=%dZco$w4Dr7n&uXVPA-_P<Lm>T(#Sp<%zqD?@VP(5l&B;pU4`e<?K-PnFC
zdK~yP33Vfu*U8!}@cQDTCDwEk_#)+b5T5ANPqJnV_R68>9i-CAoZ)2`u{)jVs^1!(
zUNhz>STMq1W{vQLe^u*@W4HpZ&8kIn569SIlpcKpD89Lm|B2uu1K!Q;(dPa&o3nQ>
zDmU?8H`I&W*Exz2ZZW^b{wgW+DN<cyi#_oDpjK*9Vj}N0gy&|^kZ~lX-Yl0(yJh&G
z>QibDy_C@Vd2zEV;fyx~JHqdb2V6NW(x-TLN2+f|js5DgKhy6@T%>>U9lLmcM(D_M
z(lQ?5_bnHv!%mJTV=!Dsq-gp3<`b9n$z;a!Le}6tMazZ$)Z>QOhgJJBFKDNQ?;FbP
zc@LhBw@jDI2vt}HZy3}+9<5FleQO)*LOj(vYti|$`i`m6MOxmfld{Ysm@n_p{^26{
zPt^%zM{?9Ev*>$gj&N;x)tdEJ0nk@NG#0ECO%#Rz?=*H{eXBb5wY0+7iNoOcYof#L
zFkqruK9r@~kqfKD;zFE26W_1z*kN?QRvduGk3fY#Y+omSBi>8n9zu{72)Q5m=l@6x
zos-N}$*W&qmgzj}G*N4`6UY`y#<P_A_HB|!UBre~P++bNd^7gqt8|WS!rS&{R;F|a
zV;-2v4gsc4Ll3{NzAU!HU^62gV~e@(X8l;|lRA-be?wdY<wAiej6ircwU>48&G$JX
zk=Q{KAq^W+-RY1xnmz7cEmP*zj<BtwyE@_@30g=H?Hq<!QRk|Qd}Uh*(KYq`eut~Z
zrNY{Eb>`>2QB@6hI)z|2ae~G5=!@6ek-tC$MOuzcIPr3EyX;%!yf<!o4?$FUC?e?U
z&HU8Lx{$vdHr0fr^n1qO64_v7(yH4Th*UBR17L~eoi9B6as!5S;fv&<oCMO(FeIIx
zwi-b=dapHLjsO-5B5?P8?v2nK2+If=j4=IsE7m7z(UiM>tiJzyojUO5;^Yr?(VII_
z_b<Pro*p>m{=tIZE#qD*0r&e%5HY5|b(qm|IPeJ@iDhMQ8dZhKHQ3e%QCZ@%BPaQ+
zAaRI`v(@9fIjD&e);%fq-I!WDq1B2n;>QgIfh*=Z5kWj_L8yZ6&9ge$hH1{LZPu;9
zZl4eYXkGQ?5e8V@NC8;wNa82?7wG`jz}LTbYt(l+q*UvhUitU|)=wR+)XZkcZq5GG
zV(=sLD5}>F=aD28v{YA5VYdU+R8g;S2i!af8HoFm_VV2?u~GE-U)ikxq%f2B$3g4>
zicid}vpINnz+$lxzQr1>f*=Hei#P~lUs#X7X6EF_!-~!i^~_^-$Uc!mkuF)WR&VU|
zA#rO_(EfZ5CuS^no5bs{dboI8EUIr#zv`{A2wWAAMsKJlSU(7u1vw}~Dghob)}wU`
zDEAzja5x|KeWB=zwL4tZtrwf&zCa+N;FNSth{g7>76}z+ee9QmXM_~#|1J`s%kHq*
z>bMynWXn%Gfc7txu|NoAgbBqJTCf*-)nZsm3gyUF9^YD`ItpR4`EO2DIc^KYUT@0I
z7b5PTh;uU|lQuWXkaCP{DoNRRt|<9VY6U-5QSVKeg-z)VmN!sVsRA}}vJLFpx#!t(
z%iBd-$6L5u$#Z1@URaS%YBsJNQj+SsYK5JeOp#PSTS6I|hFFpA7+ZDZ=JQ}ZaeI4O
zJUc(nVryPB5n-`W-15H@CxX3LU9DJgwqFcCKM7zJ<7P*rm<g#02AtR}h~GbB{Az*S
z54lt6IxK(pjSo6ZS^~g1=9zc8>y#*xQ217GlY48KZabOkEj}9?PKO<SssVy4Th%|C
zTieBsjJlRdPn=Sfz^=g2o!++xJ3TZdF2o#w2)(VEHPi|ds<gw&sOtV_T^}3w(MG<Y
zcY&!hi+KQtDr(2VdfQQKH~)HT0103@TI{wsxKZu6R-3tUIQTK{_$66kM_Rnv-?`N&
z0$6rcxSk^)a|Q<B`RK-g50OWGJ1@UEyp%T!9@??lc@B{&2u<WXLlxLpXq(TnVLo$)
zn0$4@rkN|^xR`wI$Ian7=3pwm6t=+m#)9j$;oj@co#0e+sL{IokWCwE{S^0}Q~ik!
zI*$2)MX`nZ#6>%?1;1k&iU_NWWmnGet?*J<(%azUvX|bDy`($7He7EH_IAQcMUuGq
z$nsmvwstD_xE9!iJGo*q;$ocHW3kDbr7(C&Q0%PD(ASP`YK~znCFx+Nc<0gt6UUbY
z`@!eWze(&Qy*4r(&ByYKOQy1YXXy0c=-msmA&bbJRH`TWuS<?o6tUBg7j+y70lS6r
z2XW4hMYIo+&iB&q9e1B%o*q!5cJ?O^%Vn>e9Pb|tLl3xwc4--$-=l}2yov?HNUSi_
z1s+F<bA@lGQ;C|h3)%i#?DBZ*{VKm4BHpgZh4Qd{va$-UfC$2J{@r(X+)vjlwQ!{0
zRoLKu1ovyXe?;=3AV!$;(cK#7gQBGJ>eL_Ks>+M;9~66A5V9pp3O~r<cR3UJ0hE=R
zn12i*o@@xwA^jQK`9!%fBOH6=Ll+}&H%DbRKW~p%Wsf0Xs=)-k25z>WXPj4L99Lu!
zf2{RBj4*Uw4@a`am9}&9bYPctY`7R=RbtLH*9L|!w@8L%INxK<Tt@X)8Xh(WxVD{F
zL|7btwK-_9;q3QbA=cTq4dxatD4Rq+_!fEaT;@kWMg>kb_fIpv*$lGx(wNaWsN4bX
z<neAgF<)!yk1;B~2^-f;zZ_g0WIM}`#nB&Bh7M&Jj%6j4(>wPr4d?NfW>tAPN#a5@
zC?~)-?tvfn$EsAmT9e9_g9C5>y?HW5tmLB7)JpxI6Q()5vJOS&sozJ$zOD`t&R$l1
z#&;HSO1DY2j1b-luXbyzu6iq9J>mX5acl)Y=z-URDvgq|9UC^yPh8*RKb9M6uO?N`
zrt#AfxxzG2q%p-h?!5EMC8{RwTD1h!0R<k!gZefCOpmMZH{4FOsvdZa{wyLs=bx-_
zP7i&2A~$<{7`}Je?Y2L7MBQJ=<XvJXv+a(Jdv$;}&GCGt`fw!)hJl@u=b!95%tHiO
ze;2SGj;#=23Ib>Js3$z`I3n*YSoLRFl@2^wQ733!x0$>9*x}UU-P`a~K2M0G;N?HZ
z`0Al))<voB`O`hdGlNrc%+|Df+v8RM_se&@-%5DOqcec}`kp=h!&7{LIs$dU!6AX$
z+AjH#Q^VSEGp!QTLcV@R>7xJvy+5bs9A)sS!;~rk^4z*_N+>HY9=fJFx}F)zIllKJ
z*!Qnl{>rdZE8FM(@d&^cG{icCKQBJ#j{lIPcu*k3(zJv>m)axtiB(pZP5Bd>wr~%&
zLDyqppaEp+FGn?ScHCJ+EzIX(!iIBk4EL%=gS`+n!u8_w;9hR1Ba&s@yElrLu<!{z
z0C0XkWt80~_E^^)!&W<}BPkR<jS%GFe8|mrKmTz|@nngMPx)bw<}shgSAI+PRy%j<
zzn=sjvXitGQU6L3(taS!bHNQkLfY#d*F2Q`I|Xh)1%2`)P`~Jo0w_*Wj#tizrubx6
zYaE`~i$7lzzi_%fsFJ7`2H2?C1w<4cH7Lkl$}1eoYgmqn*=~qAZwcGfbsoJs6W(zU
z@^Y?Gd0C4hdy#WmS5MUdFkMPWrjKfA@R~NHJBX~0J|uR>xM>RhH1s+tI7G%*sQndE
zZ@NtKI%)v1^T=~)e#q90Un6YhQ<hB_yt-V<yX?5F(*vFBl%6DQFGB4w+^sc5w-vu{
zxogMVvt&FWY99K^lwx|m$su*S8DlAT#A83Q1X9JGu0_umh!td6_`F>>*o>|+`N34m
z=%RcfV)pf?wz8Yfb5Zl}qI9GJ!{Cb9Xk(@Nb<5JK*4xUKfJ0n&5gYZNrUHITMxTf9
zeN*K%Efzn2z#QhL8e6)EY3_1YziwRE5W{1<a%}sooOv}h^m+WV-$-177pHCwYzmP%
z`Rw6_L)-quf}eZa17bDM@xi6^^L#AGFGhk#Ud7xux+Ftcy8H0D9|!?FZ86_kV@PB<
zh0G)0K);|;x5*t#<NIB$K;f6U=O;<^+%;G0OWNOKs@t#C>tKnsVaG4pjj`AEaHD<4
z<3#7V`4{+q9@2oeUmMDtyhQxGe<b(e!mcn5MJ@O*;#m3P(%CTb^RO>d6N6pGjK?iH
zkl|a@S?&HK*LT<9H942qK@&7z%<zQ5zpe64#Rc_iJnFB@S+ow%7h~|mLEyNEBe__F
zccstwM>kzHanGCRwR{bxhJJ!>Yzbc3y_|@odv#gHZ5hVDYNS@NGjCbFuJq=4A_spP
z_Q(6l2X@E)C_ft@S|XCJ#VgZexJb+5<)CbezXh;B*8Gy9n?Jj>{KuG&-iKu@sU73<
zo2XC4Sm4_?ZC82k+@otWhLdz=xo<-rwidqIPGQ<AemNKMOZeor-sGVC<#PtFdeVHJ
z$7Fb|nFMF$mQe+wfK{CR(VgKf?tw&&Q)>=wslX3w#oLCr5Z^pj!Bws3Xr`N$N-?q<
z5*mm}maK=dsXs+0P}1|b{)N`xYIgD8{v^w-@4)_FYyxqMn_qpX`I0fw6xv1<!4~#D
z&{tBZ^~DXZdlS(+Z!`B7ue#fELvGK6$9)o-%2t0zw@HM&nerZ=dWOR;U1R;!;$;bW
zP}F&|7ZqniU~SbSF(AH0%ju`#ZflVbEwl_%@iGXKgi7i!7<lBA?A<E!Yh56htLMYP
zaJ+z_!yhGU47Om!=)*O_FciLzb2dj~+wiStqtzqwy$J%3NjkE=nx^vL&tS3OoBY**
z1F4w{anB5IM#DRtk9R>#^+6gfLEkeU<A0$&59gV$=j&IMetpv3^&Ov@=g*rz*R$_D
zmLG9`i>H7ZA#nxoR;X796*1t*Qnr%7aU493*5dV^V70FwUVN_KJ7H_zFu}6JY%0H=
z*Ob9p<4Ejl{Y!>75h|kc@%Oq1+i`sF{##V&$NQeT&L7X1c5*F{h3`stWzK69v3N1q
zp6w@Jmhc<y_duN=v<;3HJ9jNVFLC}A;y@B$EY>Szj_rYgFZZV}D5lf`4V>A2HGNSv
zVnkLVm{C@8p*W-*`ppT}3U9GA74tAQ-M~9)A&2SaL|f%}Cb<X-i6lGK7<_;ihKE6_
ze*nO}$rA4!?ldzWdF}M#p-Q!KWqm*SNKl{#umFlQ{nlhBy;AM`Cn=9poDDucs}l~+
z>;4)|K++XKDQOtiO9)5U8MLLksU~wP;Irc=yPLPYJo}a+IgOl5P=4P?DV64F-Sd`|
z(=dy)8$v+A62u^xE^I_D7Q^efX65yKoOQK&Yw?kX(^Tox@g?<Xu5aTt)?ZVlGp}56
z;Jm<`Rga?mYKqb!?mDYNX!Peq9%6=<A|un|`N~Z#xAs3UgLTipcV<goL5YN~=U@{3
z9v655b4GILkPv*Qwy)!@^lZMn-_CX)X?7G_CZM(nbTA-1-U&9`&Uy?EzI^REm~<@j
zFofaGZ~y=ZQvFd6Arh|9o$-fL+P$PdX{%&^Jl1&HM`_$p6@twOL4=<9HRm<qV!_tI
zWGuMWkQ`o}HT0$lFIf?Zbb&izPMYhtLC*Xb-Ju8NmEVSVO6hxgJ9R|94GVM;KCHm&
z)Wd)YUM(O;apzp8Mjr()At5<bwa9R6ZWZK+w5a?i*84_6{RufdzUc`CQt9b0@xa#9
zq%w1?2wIh{Z2FtJ(C9<ZHOtYob{wFoKmAmdZ$`h9>Sx)cma*H+%rk4Ei>X+7>6uwm
zFKN-4IK$YP@0MsHL!)trnX*~4L`}o_omTqU`RDnuh9(obWNz~=b$x!%;sUZ~?-o6}
zh`vubrw`9Ay>MIhD|GL3`@Z~gov3y$CQj-5O5jsBv6bMPqwlM|JAGvqL3mG|na9rE
zJzEc_ai1$f3D7pLMb$`)7ltv68EwW=M$EB9Js_5N_D-lfZS(z8En|~-9Kd+%gC_e8
z%X@?B`JK$K;RHnzb%*o2xoBb&M-I^m>fORbtp)Ye_!8s&()_r`k|kb#CI=tu#%P5q
zJQ_`Y)N~OCa#y=unH<(nYW-&Y<RWHz)U+;>>6Wq_w|LxEm?OE}dUm{clJWCN`pFkO
zf%bKbHsjK1AI)28uQ*B%v-81c9KU`HJQz27Vac=#zZjJxxtkmly*Im@dYUUh#ty(8
zmw$e@jyJ!WcdA*wTJ#z>|F!(;Lw4y8T@s7y$+!F~*PDsjE6>;7daT^A2<@5Q?w8lB
z-2Qm=b?xS;<z(geNf(LbpR+-M)jt=L+Lm`e=RH>Meyzt_-rwxktls}V8@K#>cXP7(
z_b&*J1Q92oute5Cq-jVj{sc6U&l-doE{CU;5JK6oh9#6HN93Lm%5b@cBM0v`#DW5n
zf9L+L0Wh^Es!sqA2mnC;UcldbKn)*XL03smUt9Mv!pIO|Xz%^P$-^D-kY7m98iCNY
z_j`;G5*84a5Rec-AfEbKyE^&2LP#SXiSi=!+&nyd9G%>s|63Qt|GNk%0JzxLIM`UY
zI5;?Xc)0k46hwps1cWqX<Rlafv`mZ)wDj}{HhxY73ok1@J=dcLyn;d^A|gzj64K(r
zQv44^g#V)igolSmNI(cDB7zGu(=!YIf5u-7K#B{*13?fF3jihsK}bP=djY0@oUuUv
z1>pY#2n>N@VdLQ9;S>B5_zVNUAP58ug<xSpq5rl9|Jx2gNwLV7h2*fwpIYOvcu@$W
z6Z3Id<?FgAbtg~R9@=<^;NeqI!)a*QIXJl<aEpkFJrb9Ate~j$L|H{uO;6vz@R^aZ
ziLITz!*fR`=NCS{elPuB1%!r$N4$-UicWf;oRaz>Ej^>4u&B7Cw5+`1Q+>nd#-`?$
z*6yC(zW%QRgG1k@re|iq&&@BaZ~P06cXs#o56;dnE`MJAy1u#n4=)e^0sT+>zw#pe
z#|sRFLZCSR;ROP}{Eq-B6pL91n@sL0j<pv#i!d6OLOwCSt_zR#q3$WAjrSxz6`RO9
z``Le}{TH+U9<h-BU(Eh5V*fX<1%MC&`ZstGQa~2?74$tJ$nrW|>;vZ?)&Tuc%3(y(
z!G?sOEl!aweTXt=DVA6EQoyq)-+>^}_2DBMAL7)>EoQg2rR<89T^bu~ua!=z8DI5L
z+ou_~w=Yw7{FcteUdi;-9^xPcaVSaQNlQM!Z~W@gKzH}h+$x3dOq*&X!*O1Q%p<=u
zr6r1f#8)AXp1JbU{!!EDH0h_leo4i431KaWkbTQWn1Ct)uKtu`APLIY4c`@0@>+eF
zGnRlk3A#9WTbd;%o`yJLZRv+ntt_D+R2yBS)Ik5KU#`H&;N}jTQ2dz0mq&xJ0TE+U
zBL4{WCUR5e^Jk9&V|5p)&7%<UP4&0$SzW!z(q&(~kD`XKw(K5Hi3*UYJ}0_db)s{7
zYKK4gIZdQMlp!E7wg2%0X+c%b2c{A-ZXeOj-Vax&4ZI#i4uTG3d{2J<1(>=El9V4%
zexnzrXWG|lm2p(vlx_kY-TUVOD{eZg%eze9+GL^EW0piNUdwpPeDJVVjV&pwi^OHr
zAWpUao{CJsZcNRxbw(XwxZUDBnrZAE`f8}Pm8bt;uZMeR9%@_dR2)CsKE4(oWodGn
zoS}a>Dw8yXj?+HQ<d6w|GHd1o@CBH1jmw!CkjGRyF=#<H;|h2?=~dnJJUd&XS7n#`
z?Qt$5N%}jjIdgFSjTFvR#FzQ}y#+tn@7nBRUMr#me}T`MLDx$m5`DgfLU@?1P1ehg
z7kjrUweQDkb2yaPQ}wx?0d-J%`f%uGwZy(Yuv^~eUOblVy?ONP<p&vkM*{<~a+P(-
zr^!Av`kI*2{IsnsY^<7Vr7GLb_QuR!TJKC_*2u#|yu>I2x6Eugd?WfKY|24acf3*~
zM@HW-i|q>RRqb`03oH>he!GLbnQyf_m<MsN$<G^~@kgi|Kd%oN?wT5WDf(^^U{5m4
zv8C&uDxj1V^i+YMYd4|pREig7^CrV2;Z+7A@f@a6obj2toI|mRzd%{(tV8_bZ_<Q%
zbcAC&a$+`AkN-Sn8A})$VEvR_uSVgD|FvF-m6KjToD<x4R1+bya^zOCGVCInIZ`(a
zp{8au)aCRPeB)0+MhzEV?qYRV_IR{n(uC@rT2dt%Vc}8aufuVWeB;xzvxIU3sVFT~
zKf)QG{^>cJ`a#HFY-ntGPLnXoy*gaKH(Z@UGP&Jd>s<Q;HTLag-b0@|*`Coi?)Cnm
z!=R!I_oUe;`rXz2Pn*1kQ>8%*?MEDqtly4&8Ccc}&XO%1)r~j;C3nTn>Q(wy*d1Q9
z7uv@U5B6hg3V;9o!sxs2;4_6!Z7mMX83(gQJ<?xJXqJ<O2IxBFl}7}z<+!!7m-}XB
z3mJOf5Mh4nsJg9(%n2u}GK(+N!Cr;9ZrN4tUL%)!9s1Vjx)(J30#b9!vW<y*KPPnd
z!^LgmKWrl|LKAx6x-%o@bIXnk#r+?G$(6hyDgKMs+UJNEm@?E`T%w9+ag|`u$DQTd
z^EhH-x2<M=yx;PTkKAz>b$rHK&l2n;8$XC8iYREg1bb*l+nhYF5N7Ka5U|F|qyto@
zcD@eDr*Q7z6Rs68iLK0!?;<@`LZpdg_WG^{M+mqv^fxw!gp05GH-N#fd6eKB)vG+^
z;y*;weII&78r^y=7l#4h5`p)KshdTX_ST^FEO)5$;pteFSonsytS&lDy5V5gssEX*
z;4S6AAD4aR;7#0QHd^0I#2Q^@;{}OqUpT95)NMxk)2nP(@u9EOzm-%N-;g}%ur&=?
zJrxjOx+QpRu-@4r&GTK>5zn~Y!=Cuf%e!p4c#WH+-P>o0@89S4m&uck;hmUxxjag}
z5^$ko>7Qtzfe?~rzNj&yPmo}hBDAR|srwV`w0rE8W&0U$RNo*nF&%dK(lkujS8E?(
z8YI6*lOBl$hz~!SpeH2eCNFnpvdft`pmtc;{xy!5eWf;!!`sqBj~={aOwohdG>QBL
z2+a<}t}cp?bIG*W7M?dRP?QM6H=TWtmEoK~If9mvKDRfA{Y>d|cvGZDL1&AwN)y@2
za1R^b1sR^iT-%H9I1Jp&s}Vm(Wfu0|G!YQ7Pk+T~sIO-gu3QVlrxhCWmjAQ2-0%GT
zZ9CHj9SPZ@YT-d6?7&m9(j)36>y4{lvi~QVM0*U+Ux0UsUJw}LlX~V++{5;GTCk5X
zm*`KW?E<B+-+BnyuIq!WwPp)Qfjcm!uKRiVlF!8DRn78l=Ey~kMB0gsg#?80&rS4;
zY4RURrSGKV?6)dSD!1gnrS%r6HjOZ~|6V(tA7sGWrP-<0E^wiZ_{<)@d^_mn5`3i`
z7=@?kmtr$uoBQEqlU$a5z^~BH=J?CU$Gt2|b)>EJuP?A9DY3N2#I1^~w(M-;b;!p1
zGnR9bd~zGuQswOR;}oG~3EQWeM1xxw(<Exel?PuIsZ!IYD&1)3r9NFHQatpzDcU-I
z5uzSA>jFtwDJY^x&L2F8tR9gY3qY%2Q^%#3B&pIcJQ)3!01iH>G5M9L9ci-tGo@qr
zE=HBt`Q#H-|Az3JchlcP1xzjl@LO6YY~<Q}h$rjDb+t~mx~qx1Ij+A4{CY#?VeN%>
zqSq;Tb)(_JA^XVrBJ0@%6ReZ?hXv<Z_;FM5s?&yKM|eTYa|Ifs8FB8aHpv$Y&2+0F
zD-w+@js@Qe+LZQ1sJ*Z}O0M*7(7F%Dg|0LF9>(mJ1{_x3lluTaK)}Cm42`*bjK!LT
z8x$pmj}RguoPY$|Z(^5>=oJ<7-a3Z;rkJ?wugk7mZ{8y*2JpW!Jdnnv^tRJ~+ERG)
z%;WTV=`R)N-J2c?WqLf<u^|q>_n|wS12_zj=Se;9<J(rH0GPR%9F59uA~jKW3xv4X
zw6r3rbef*FrU@EDa#q!H*{dyBT(bWH3>Uv!*~Uty%w_)-)TY9=b{a-W^+6M59?4uE
z{fbG)F+ut55GtPn?KL?}pWum~CFxB8NgHOxkvB*V!4*eLH?f!A{fV(KWNT|;kFO4#
z9ci^$d?$RxeRTr;cJr-qHc?@dUGaJo4rgVq4@FH+y16lCQxtGbHuCQEJ+rNb3k_>|
zdzWs1WwVW0L)*ga3w~i|jlO&S3sV)$vGUESG+N!h*`~lKRd^}<3GWvk(q&b)v)Z_a
zsvn(BP3G$&A#GTuE)Nh4r9jj2a$?pSBH+c3A6m9rDt6ZAy+=8ja<W6!i;gD6I~PP@
zi#qo2_%S#$wOkM>U&?aZDhsCsxLbDjLl4Op-+?y>o&s6iKi**x6BvoFj~f31f4r-|
zp1$m3_uhAiT{c-GlSL^1(0>ov>u|n3U@+BcjL@Thh$l4z$EwvK4v4Fonypa?aAznC
zm$TDPC?0n8qT3{@$3p!DjAT4Zee43itvWrmTsGCZ(1;+K(_ef$CN2T}37jgc`S?A1
zx~%$Ox|$>U$qtR7U|lr{u7N@8W-8~G^(?)%7R`^2@>65C5d#C!N^y2QJfFzZuEb=_
zdx*w}LA(#UM9*f+y`GDe2J`1sG3HFQG(K5R;?3n{)Moa4oLgQ~?K?_$|A4`HtanM(
z%j>!Dljqqxk_*Dv1a+7(@qJ6qeO12MLMbmxRVPv+-neKZYmn;^)Q9HJc$FU8Ah`<h
zb`o+PDriHpD?iNAZ8Na&(#{P>qW?`o_1AmS4wcNPBc>-a0C%TFpYk}H5CD*HO1#K<
zE4~qPtF${vm_yd)WD8Zf3LNlA4yWf4Sm}~h?H7KSk-{eVP?+JRZj-7mK@B@chQyXi
zp`z~oFD(E9;f%}4`=(j7x-{}_Ns3(Mcx;@nLBps~S;As5lQFvv9UCQLn#--vh&wwg
zzn=0J2t4PXJl`DZqH7s9Z>AYDO5A&x6>;j<39}Ey-Fj{vhaFT~*s|PkwYGNr5<)5}
z*<27JzNG|{KkZjkZD!r|PVHBb%q$ll?0<08T6L)F5p57VD;Pc5UxB3aA7G5e`LbzF
zZ(_1I-~IfQszvns2q$5EKgt!uCBMb6Duyfm)sQHxBj4$zp5;;Fb+DwCH>rIycl6R)
zqHsd6gm{<xZ+vPw2T!+`4^=yc>LFR}&U1ghGH9A5?F9aQll{vs4uIt5!T0Z6CVXWf
zKOTF5cZRzrS^6lfm_*gqvg~VxzoJapvWQ<vU}n}@rY-|nWv_7F^P<=?ymQ68(f2mJ
zR_Nx?5Nx$muLN_fbamCKzrZWFINL46oNxMjs#rNuCD%@H-!LSh5Fm{Y?l~>vL!2k3
zr`zHe)i;5jb!w8XD0z9;sf4-~+r%NaQU(F?e&UDwgMao)aU_gdL~)mn`GPzu)t~eJ
z@?KEq9X-eJErS7K&zE3TacOO)6!WGt{w7}2Kaq1}o=6*^!xy7=#s|Mr-?@|;J;b?q
zGaIHm^_)3i7b11BkItA)8t*4wZEMJM+yrm&lazqOZ~gWyN@prN_Sw8EvQx$)Ha9vW
z5_wG7KDEgDqA~QpkoPIMug>IOw#K?v+LNM_6s>2UNPkkRrN6T1**Dhlf8EVci8iw3
z8G9X3U6Siw(PqmKu+iRDUq8>kLmkx~xS{$-vRo?aN`(#8yRKpdeLIY$h0zbe+-*jm
zpWvI&y=&XI$2r^}ht#^229?@eESB%$(36{=^bz!ZI=!Uwij99Iqh0s}MaA@MO7RW;
zcDsZ~!k&BTo>BYAF)2g_FB}(NZb_`gJq%nZbD%jFrNn9H^3Jh1?n->y-!6$gnRl6-
zTk9p^?<=NpGN%U>a=s!>kC;P0_b68RRQe^yd_^~}1&zkr-cO8D%(ykRs=G!TO5`UN
zvWwj~)1^q@un)o)L%(WR#qDa(um(1lw1gmrWc;5XRh|y4Uxd^_ev1F9ObS+OnKkLG
zXlx>qNNikO`~;@{z~^o+bA9(q`U~lYqTBUGIz#z4brWkWNgjk`$6F*fd#rzf=Q8t^
z{#C9Gb3Y>;W>}0JeBqAtHx{1Up)tE9#L|+)&LfRt7iMxo9nsA8uRI{kvGFHVe!+R0
zUlu5ym+H+;)tc=IY|SvwT%Omb9VTuYfAKG?IS&e@_sY7gpnC7zEdjI}bo{3ARqD`Z
zJMz=Z#$eqf>`H%6?9+=_S=lg`*%w&O|9rl-!FnO`w1I7Hv;2wF6}ZB<&s`K!sq{)H
z;)=_aQmOS%vyr~g%`H>%Cd1w*hWUvDT@%w@_l4~fJQa7N#nw+kHgl3U;}5b>a+?_!
zvXM$|$CqvJ#3XUvnGivmC$3ve7T}BiV61@R>Z~twetrvf1d>Wl=ju|9y(w`TWW)xZ
zet&^gMJkCJ_Up_J8N`7j28cii4SY?0TP=MsyESZUa;zU{&@@ct`|SBRrxg0`jeuJB
zvYY$UR3#^9v|^lJ*p|0nTqw=H@qN&zf@AL|IIlZXEDkhlMFI_CR=GH39}GyqrE->b
zL;S~Z%c{+z-nV?GG>9e`4puvNNx*MPE?{SPVyM}h^P(U770nM5!!P82R7(`D^z7*u
z#YtL};r)QUIAafF@jK&~HCD<e_nuc)*@Z3iyW$5<!@=NV9X-T3t(C;BP4dCeZQBPp
zkDv5ggTUnXhu>q<Hy5P(nIz0=^}f(>Yk9r@F5N}Rf3jSy4gYy>(DH(4X+j;E^p(9m
z|Gle(GWU}$Aqny2R7D9%_}aFXZi~6ew-c4d92aBuR{dcJVrjzKAU-4e$)nIgZX7dr
zaD9yH-IRf-o3`lnXQBJq+EBkOsu252tRi1muYKCr2Dt^rt&T!%vMFqJL&ihf{;8r{
zaiLH@={s!icGC*y$Bp^W+vG%5f%z0$f5kvG4?p<%^}*LNoY~52Kfe!(9iOSX*WTWs
ziGI<jE{G+(Nc$r86I`uYTps!|Wpr>mM|C-9z=NPo_~T(hf!k~FqY><l4jgzztLspP
z;;Pe>ZFtzjfr;2XtvTHNHk5wi)N1tu(xc)w-Lqlx_Tkj^Ut&A#Ui~0}xI3I;K2+yB
z<qomd=ux&~qDFqP_%B1KE!*vJcO`k6CSNb7R~}eX^SKXoBUX;B>a+MKz4r>^R<t+U
z=Jc-uK3C`4d-+@uXa2-3vA&A=v%`@);q#l<mg(sELUBuAivVi~%`-bcT^h76#%h%#
zxCO!V;z$eqnYHMEo9*3^X`Z0<CgBUVp+CFTvym@W(PNIyhYwZSKQ~YDn)4PIRr9kA
zwO4NAHC<>+3`(Tmw^RgZUTTSaw03f=h4Z^7uzndj6C?<+%pncfEo~{g*f40<{pGer
z^R7;PE*U<(9#1l1_x$uD6}fZcuWw?7Wn1kpKC!MA)-pZs7BpW5b&b1!(IH-$ad&rH
z=bv2I7dzaBZLxi0O_f_NlGMo}yxgSRk)`wrZ=5;u72kf9bg*pu@Nu}XDgf&QIO9|3
zrgq`g3uEiDpV=NB=xUtdZaOAYbE&?B@S%h=lQ-GiMRDT!-W#6UeHUvaaC0lx21j|S
zCK|zwUy=^qxLw?zI5%)KNcjo;bPPmcJH1EQqs2nh?Z|V4-rq3Fp5#dGEQj%U`PdAC
z1c^yFv-EGbp7xZRC=pugD<lAa0mtZ%Rgq1)ZDw`PTuSjP<p^^3r!GJ4f80;(joPkH
z$fGjq$NMVnLVPRcpMv>a^!|FyfbeKjRE(g0|Az<D^-Hzzf~jhOpT<zDdQ*8nudEzE
zX^<_;R^rx>?Jq#i-|H1Cpk7<6Ks>kAnmJ+zDcBJ7n($Pq;mb6Ma3WK!(Wrtm6Oi@E
z(W7%OMh$64TWfpA<GS>is<oVhk0Te(sQVX^4sw_u*~^ceLA=5ZuoaS2@PRGTlOOMs
z-2Ju2Uq=P9((_(GcT23nx?0-5)bV$G@j55{&#OHHAm1VATl~2RDNT>!`FA`Y#Zs9h
ziiMx73a7?f-vpi|PWx6kou`|>U|{Gmk1A-6>3abzAZ6Q0*XehE4-Y8JF+ScY7oQq|
z&7CyA9bySe_yiUsQ#Saj@LiNWX2D>4T6h08V*b~Yf0uyVEw32Q(tKI2wdX&c*+=+H
z^Vud1I$&8x>ss&bFxz3F2D_62vV1FNw}l!@#^_?@43F0u5-}}e1HkYx{BHgJcD5wN
z+Ub?lJIc*62iTtpbVKFG7g;BlR$r=gv%=eA-+bECon-qIk_1T+vhrMM`8l@oXR1=v
zqi)oR&CpYst)^p9*wb@BZM*sAsiYp*MWEJV-c;Dk44S1)n_FKd@t*8*DFBO=erj7C
zx9Ib9$s^4cyIP|eeK33YcP|O?b@*A1mqA{ei#d;iIv+owwj?z^y9bxsf(rY&xQzry
z1E0m!#-nhbv{|mL@C`k;7Ih{Op<%EvwoK-D6+~b^^)yqx?VZarmz0k4tg$YPqfS3A
z0Elyz$@>4c={V|J>cpPSHEO%yRLLh(q?de><JKt7#I@JUox3qkQ)OgOFj;MJzd^@E
zcC5PnlDncJfS$N$w^Z+Iz<QAKMhA;J&oa-GkXK5pA9hzX78P6(vE?y;0o<*%)5mKD
z%n#GQsXQ+3{|bFbl-bN?cQt-9s$NC!A~y1+$1Ug0s`F@w&IeDiZ+<G(Uf&%hWb;J%
zeh#)zr*x+fcr?7o-Qc{PYHVV;HF6vJ3ls=0XSx0ON$Kl4QdjuKy8AD{1zLG2zZ87<
z0Fu*j`%^S|B&Z{OOf7!;nF4VKFHD&Xlcq?J^fim{`DOkx!Za)65~qXfc1o@or-{;r
zaW}rZaC}PSif!|Yb9^TkD3J7Kr)J?tMsbv7z2#W`>w^zVg?q$GI$vdyr=}L(tD-xl
zoHnq$zv?WhY&DQF?R<6&k~@PV3y!5;{soldbHBB?U*^U4f8aipaqwk2tqszwEjZxL
zyFj~<-n$qq_OGxd`emCKFkOz4%3i{Fa-n|348dI6@m4$b!?E(`S9<KrOTS3&_KW%7
z2y4QKzHvdaepO($UZ)fm5iMi^mxKG46)FnWwQ;)V?$DA)*0r+Z6dU>Ow3G(FGn<Hi
z+R720EuCeBNe5@-ZWsDTO-{Jtf|yQesR~`>!)jB6&c3F7xurB-@b*+;sC6DIc1^^@
zz&_$lkY?S^7CqKeg*(pWS|Gbhhcw6k&i|)OfrPakxC->^zkY)F`#;;?zyIUyU;7*Q
zzwy8EzcLyc8ag^U8af&R1A&#572v<V+}YV#*;#RRc7E~Vh4Tw%00{iAG6nzf1pxOR
zAo*{VDe%F~+X4mrx5^YePlbAVGfJ20<f_H0`BuzS7}YqB4*7okUTyUynn>NRa{iO!
zc!lP$U)5rx=ju?b`pfF&R{xWO(cxbQ-`-!|<NbHa6lleqpXha6V;5Ptk)RH~mn;82
z$`o{KYvSCO(qaxkmoZ-&l>yAj?nI$_u2x5@?+=pnB#JC^Pp9{#fA7~>CmxHw0Io*H
zU%c+<`2Fj2b2vBtH%2=6*Tv@Q8xoM-9dN$O^b$lRz9!p+ezXK!(NEBVAf(9gSK%~v
zX~@4;WoZ#_DJjw;;NH0DkxY!I@ThnBMjKY#-*z|N3HBT1%Lw1R1Y*^<jmXq+R*YB!
zSA{754<1*`;<k1GfI~~|{bO(?argI)CX<OZnV2)NZBK05ww)a(6Pr7>ZR|J`+qP|M
z=UmtQf1Xq4)Zy!M?p2MduIg9at9$*{ch&ck1AvVm#(=n2)Xa~Fh*;T6k~POMOHz^M
z){3IFA0Y#3D|7ttQ2RMl9Bm4;I<k9;G27=KJ#AZ1;coyDL8x4EO$WjwfPN=DA<b-f
zR_o!Eq^VR$Du(@ampVy_h<zbXF=RO-508lj92KXTN2bRyuZEk*xX#U!#%!mIk;dC0
zaHCoy)kx^OfFXY0DC9*UyqSel5z$Z;BxiV5*0u$W=GXKfbQIUfpm<j$_X><%)c3O3
z6c<lxTUFJq=vP*Uty!O4w%!-RFJ+8ci5+KOL}VU=9KUgw<^+{f<U4);?fAQzjzs3P
z$>^%%pyopy@1~awM#iym>4^5GyNk%Sx(}vQ^P+zi=A!l=5+mZ(5P`-pwQLS>T)C{U
zrm0Zcvt%vV5N-mU_?wurSkAvM?Ty-@=AT|=JwG(6T&6K#^=PLtEeOhIp^kOPYr5pK
z9BX(PZH$IhH8wNbbrZ(zRgZ_Xjx!Z^Ul|O8Qe5?`9vPr*rr2N+*&Emz>DgwWW$d13
zx$tEkz#C%Eglx^olyo=$WVW-L7Q-p+*M}KH2r5QPoh7U@OClpHtSTcZ9r8XQ{`3l-
z)MI<B&o0roHu&4fw(eH$^SABTLtQe>&2eCH&DD1ZcyC2MUv-%8wR5K|9ks|91{vVT
z?W|A@{^zyL`?{|<@sc>*9jx2FpsQa>t$BOeQ0aU=k!wV`d=AcC>6$xV*00{0c2~H(
zepucnEB{w|(3VM=x^a5AGrDol=RxGn1Z(i*GW{{LQ1+eYCXhODUSov4##M^R=IW<>
zCslCHK~reJ!e2wzEb?sV$eZ9N-heLkk$+e$#UV_(M(xHpA`le_?32W@iJ}%{7;iUW
z;6F$tMlTWrBtPqI#TODh(pvL=kSK;LMi*d|Qf2(Ej*irvD8Op<Oy`57pf*G*#2J<x
zV#&CTwv;WzTOJw8HAI2@3@9YnmmKC^tB>{UEF`)g8Rmbhj|=!H{0${FB81lvAI?`q
zf<8JT#?z1x?^8rZDm5yl-H@2pSwz7)Ix6SI5-W!m>z^n&rkrt?TqavgqcJ+B-hP)-
z7hOzeAvLbOb_Z;mC}!}$9ruPfiaD-;RSkZ{FrMm98zCrRi2_ZSaImINM3=A@!%tdi
zH)gE(lyH=TCT-kVGdGY*IS1jVoH81-PCiO_MnO|9Ev(rW(WShH@Y8^`#+(<hPpQBu
zXxjUUHTPpdf(r8>7l8AS2Pao1j6F6J%JY!_Bc@E0QhGL0`=J15vP_(FY&O>Gq3}0y
zxuk^jTw(@Wes_~`NARe!Max4mLkzX71<icM+(QY+B(=Op#eB})L#Y5Vjba$hLc!0+
zGI2Q?<<yFW5|+nu`4}42QkumI<;RLCj52J6L)pIw^Odll)*8b!OAVoqRfcl3TC?ry
z%^8c;w!Stx$280BLyt9%leBub?HXNci?u$VHU_Y?EB|1g>H_5GjL<qX2l1BbqkU~n
zC}~&6#Ge}C<!q(ZmKglJmU45UsVpUE*XF?YP5EN<R%$kD3+?XBwRT{7TMOFtwT7pb
z`awH&*oxAioQKw4<Qm5?nT<WX=e7~K8s}7-*~xF{W#s8rQdM}1CqypPk7*3*9u<1|
z?j9Wr(2Snd?{n9otz`#;HGn~H{j9{+E*`yWuif#jx4Gx;e+x9|h&1XX=Gao^%{9hu
z!K<fUY8{)HjwZ;Rn$U<#y}(IZ4O{}FG2<sap0{gl!U>IU7QlaSFgIBwvb%^HFV*D0
zIy3GGBh1W~L5A4+5VH@BW0)DijV6XWOJ3tr+0<N~mXd5)d{b9<&K$ub=6FcM^^FGB
z5fOpv*rco}5)tyT^5%x5lnFD^sJ1kTs|Nc_x+D5b^_~LJIj}G;U#SOSavza6RpxG1
zAtz~sKTI}5;AtlY?=x<{HOxcCHQzDMG53tql1n}^y(Kp*&y=0Geg3A8rC=jy&b@`L
z0RGZQ>^XfpPu-;e_tH`}Y;D$`;W1xj^Hk0TZ?Sxetx_+>>S#^7jYB=f-|}rsz~*K7
z-pr~FeZo}exqamnnyKE%dea0^XJA^qr771}&n&8KmAIybwf=I;7?E{#{fWcR+soF*
z=6#ui@Ts}@)5^)^ePcZKw4>+J?ll8{lRn!+?orOceEEHgAI1Z)O@BkQ{=Bm<&Lul5
ztB6*LIdFc(S<I<x+bqnrZV>VUg3`Z*Z{?}Fg{cexBg<N-RN}6nT{{(hMeqG7>=<N?
z1q|sCIoNi5R5A5%^^ziAC%3N1HTwaE$-(x2qVWD%l5@{d^WV!#;2rLwI1Z*<J)rk%
z9%;1l#N1|_m+Y)$Dxy#fG0RRep(pwC0$*ao_}rP^J6F!{9+_-V9ynfcq-?NxdrRp&
z%tJRX&5mxjy@~AU9QZOUbCb4rYhH##2-96TDRPMYEq)1h50}3=FI@W_@Kk;dM_6<m
zh4{G(C%rzH$akfujNWX)@Z=|Pa9=P^-lz0zoi?|0&087Vt<C#Ab@X&ygw?)pC=fjJ
zeSJEa82AX%vOV=!_}!PI`0Op`<ooBa-^GC)J~UO@pJz*(E0PpWbTYTw^bAhBH$Sgq
zRMxkz<35few*2PC4fbBPUOJim{J}lgU-uS{w<V6;hql3-j_26^4yg_oVg4rAde4*r
zGgtx8&;Bsj0T7b@4=o<^N9J&F0nVv`@SH*4NA#;<aXwO9*;)gFC^Vd&4Ct2iD%}HU
zQjID(Y|be>NG$$xO4=}$xnv%jONZ&%l6!n#a@D~$!7B}<*9?w+`b$aqm*^!xC6$!*
z*>a%dFA=OW3ao3uk~6<&2*Q#*thptAnRAFluo;)Da+#ZEYOn)NSX_$VNrRU=j%S%i
z*lUrQXPK98S(sm1m_Ju|sfBx>XE-<@E&R$gNY~9T_9c87HX@NLB6&o2Od}%AQ^~c>
zhHNE*{3PPw2$1&@QN$Hlq8V96<*)~gtn!SM8Vm=LhG}s|Ii7^JNJceiMzwiHwXZ~h
zUZOhTqC2>vyK$n2EEO|xWWy!H$Em`nR-$Lh!l$WXW=EnIJY$y9Vy5Aux>F*yUSf7|
zV)wXW4>V)pQlhJ0R4Y#+&rbAD24ip1Vi}ra?>to>+U%}1<8IsH-bPe5P8^Z3{@OPL
zT1%=cXa-XZ32Jk?(xe%>x;Y0zC)l*PB2z@STZST7xw^T<W2MGJ!J8nxI*Px<$C4*3
z4mqbn#}8{p4_GEJysD4BfVDh5^ul2Qk`#dT0Z)kHBxQH`u`=5|wxmO{WDO3F{Nm^p
zO$FhIWS)rR{Q*x=t)#NSB(0+)KZ&Fxj1;X^Ss6gGlvd1qS<Kr*945I>od*!r40uj#
z0dV(;JMy+Dx3C5Lb$#_&v9NMD0#>z{yF?h(g{H=q0RgM2$i=`~N^3883&&BQGk2Qb
zYnr81sv8Jc{{&221t!6#7n#Rql}Gfrnml`|<OB2$2UXCiY+p<Kiz4D)Q}uqe0n6Ys
z@6-cMpX}~W0_MyzC)_g|PBXf+96mKOZ`CpmD6-m5<GTS_rJ%?WP)6x$W@CD0Pedk5
zi0%7O=8SoEJvcq<V<o#ULe-R7i*q@F*D^$^H6aZIgaziT4(7y`X9AWCZUH$?W{Jbp
z&dVXWkic9RP|gP+w~9KGj@o3OTb=Vc0W~b=43u{{ninpW1KCb=N1gw0s{RC@`J>$S
zEyCps-Wj}_2Z4}Fvzkcznn>nVaQ`DI58A`f#hv3+zEC51bhm&-+e39VSwpI@Jh4z0
zU<QXpAPxc=9=RJ9rX0Z+iO>{jrvE1?wdf+vxDX0;xC?<Ah2O=CmD7uEB8us0GUwQm
zy4@M{%8O*Z65Wl9M8k_Txl7FOfc6ML$1!<RDWz78(gdwE6m|<2E1-{8X&4|q$g1@0
zwG@oVQ|3LEdMZ^GtX+0YSr(g~<Efn%WnGpkl@`KN9)VZ>_cbrAyetf%EN-kEktQu$
ztKvsUtW-+&04Td3H}B=hz7mi%H(EiRnsLKjiQ`qdcAB*U$gVH1n8&T$!p;6SmOW&h
z)dOGEFqZK!lGWlBNU~Njj!?C*R@w1dxrA3)_?q26R!xtYLrood6_E#%ZjHNapkSE}
zGnRj%4e*Po0hs;e#tAWB33{SVxB%u;jk=IqyGgv{;A!O^@#ON4ghayU-*EqxpbWvF
z4(*6cc=QT>&d7_CiYJLEpy0{F&5WXXE77M0${{q6oYx1RB$IhJIPo-4M>P;<f@NK3
zB8sdlSad3wc^f&r8<WE;w$3Ux*BW`>8_Ulcg%O)Xd7F-*Yw*@<aVndnI-2Cyn-n|h
zWoergWSW(Do6(l)X*-(f$D3)^n+@NajmH~I&YMj$6&Rx$tvgz5*IVr0TQG_n#XBlo
zY*g2!tHd%}<=tAnWLitKT741Q)Iypd%U$lq{vKu+pH~>;mIu2();h8m;3G7@TQ_?{
z*N55UVDZ$!;cLb4nh>XlCgSJgn>VLKHLFFnYecDQ(<<0%7i(uEapB6Vf(lwN3$5FW
zmrWal&gz@JTUgqQ>S#NgcsmqUwR<WR+GI-f+dB>hIwI0KjSxHMd4ZkakRW#N((t!3
z4^UUAcDi?YY4mALM27DcY<Z(cU1WxDfK+-EuqzyxwtB9_d|sAuR%!>|9ZB5{SWP?R
z4fc)n^#+u?fvn!&yU{Rv-gtW)$90|GRo2g{1|urHDXSocD;QI&r@g8dttvY*vg*dN
zF@35w9{oULjj-5#e&>~h6IILReODS)lc$-}uUV~Qne&nT#GU<&vj65Hvxw>10%g>K
z-wg>vUBbO<9@ERgQZ85AHRv4q#JKI>SNreF^C8zl;5#ZYc-k3Wa<VGgks{*{wc@31
z^JOP;<@tsbeTM!<8pqK_YDeee^9;Ka41VL$yj>qCUmvdI%>!5SDkzL4GiJz*M|sfk
zbZ{WZDYX~>ohVeG==>v9Vw_qiNIe?TDj%U+NcTQ6zc8}qI#P$2lC^B1`8FDIQJhoN
z5gI*eHdd0lQGzp8SVA|#LsK-T)3T`3WtG{xX4A7t+Z#+>u@TjsMC0RqG5%e)+-hQC
zDtcn9a{>uTxff|->)mHKx_fP+Y?UA#iLL^*y)37_95`0i$2W!i5raygI!4p~qqA?j
zxt}Pyk|a8?!K#0z-1gpQx_7kd-KYOIT}Bf^KLoPDrEQfD{y^>9H04FBkZqv)MBjKu
z{{r_cGIBPgUDjRJpzy}5tlB^rG{{7@#%wTw@Hyy=2b^E@ZsiJJi&6U5Icrpp%Gwww
z|CI+sggx|tU@S*F2b(bf!<$2yT?5tGM!T7|_vR{zG*1c$WtFRAt{y;JSHF1AKYbep
z(hg~3k1U*bwtp;!w2d2n%FggE8OJD?Z7y2dwUjQ72c}Q;vQIj8O}fZUx?Q%MPgK9~
z4G?WE!?iB^5w7^~uk6FjX;v@#Wi3X;tb}!~#BQ#{SFa>=CF)KtS=g<bXRq4$u4YxQ
zrgg0vA1!(CuNCR7mH4jVrYr}^8TfRp1%Ix2Bd#}GuJv25q|(Nx+YAYPuBd*jBz~?t
z*|r@?&2=EJcJZ%vPp<T4Z!oE^3axhZ(~b{<@jIzHI`e!t7hl>-={ARDHXW@ua|ySy
zV>S(_*8my7HSbCP^q!Q~-p`IYn2B-+KzG@v(qraUN=7%r#unVfR+5$F?dO)W-uCw`
zr3(6)IqfPs*;az^>K?B+w9h`mlm5obYMSW&CaJ!+<>>{4-5Q!*Ou2PThP?%|b%QDm
z!D^6abRAE1F78@BhD?4o%^*$n28Vt#wDvwE{=WETo((~PtL&n^?0ja${)q3vc+5fc
z<;G@LVHwgU_tHU|ZD%b(k?3o!K})4-#^J%`YEARlZ1&Qm_jtJMp|SPhSn#33)M3TO
zp*_Qvez*3KZ_h^bwtMW<+(&tQ#sqk}^B9^)dC~Ux@ZxxUqufjX#1m!8zx#yJZ3p*i
z3MY04t9trZO(k$@7G<guM|O|bd*-L^KQO^rs(v*T{~6xK8fng1R*njVpN2r!LOXxL
z;AI{f{$CQUcrptsk*N)7zk*u*A*ScQjom?15ecmVp?B4xl#}ODTNj*u2eRNJ5aRJ1
z(eYwU%3{vtLic4V|8W}EPBhWgEB)2MR(fnrYe4ncS@+p#_t`o4ihupAOW=BH>S9{|
z`oZt|&HnmhD{6M?atY;TO<?Pr!OeI78^~$dE&VH`?HiP@n;39<d+6Df{_Tz5EmrO=
z&R4|U*8WFT$a~K9XY4hRAh=ea?~YjEj=JZLDlYoxwVQEHu}#Jiyum$`LyVHwA&0{a
zZ`=*1zxncdI68UR4$7^E+=F=T!>->Ieby;{?X56f-zE4#74`9E>z2p<j%NFgMBy5i
zrd?<I(Ma%#PVoAR;eKOsjPL8-MlhuuX_Wuhv+ec0-LxEH?sjPTgTMWxYxT3=SBva)
zA6m?;y1`4I)gU_8V`$Hd+Vrw!&qAHwow31_>Gm)b?Oby1tFFOo(pQrO<Fgy;o2%ek
zfx(+g&%MXjb4AZvmBCKn^h@3LOTFNGgThMO_G{bpYkTc0X!^aQ=T!!Lmu>cz@BcPr
z@G+wBHmq<{zWp`@{`#1STmBcvaA6i$D;2P$@V;j7zP|m*i#V6|D}i#_nC~+*(mU$$
zZJ=0Z?)2-u3-#mX3w(DC4y5z)v~;%`>(l~{7eJ5uygWfLqxSN7-JhYch2I$Vg}~#|
z1ivU2h(sdOi&ur;?hVA?a$A3YRVtE5B$NxKi?}-&Nuk!N2!2&Ak;$O98>))9KbpvV
zL&5m|<AIX@JJc~DKORQ;T#-;Z0zuhB`Fy!}0zz<m)2VWyayri;!eYfrh1R70V8!Fv
zN|Vhxg&4lZm2SJ+<<?-P#<hO8?<W|VK=a1%UkLIqalV%=#ZtjzOnw|K+kYd{s4!i!
zm=y<OQ0H3U5~Q6*i>g9&;~YNihoc3cP+`d#Zj<R;E_ZFs1g_2HT(a*u3|Pn0aj!oH
zTf$El;CwWm%^3#P^>RI%uhtm$)AM$}TJJi4f>)*DFDQyLhsk`+TP-b_<yDJ&Xb@V~
zIUT2n$>>_F72o_Tpdj%2agJOAfoeNWvxtH5qwn#jbDa<zrB9tOJbg5i2m<4Qq6iY_
zL!HPEiH|x_G&v+@v7ZX2N@5rquJvL#7C!ajxOUOZ5^&h0we>-fc+_1hhB|V5q}L*I
zBoH`>k-v*$ks?Pw)J0-)D8qDrR;0riD;JRP)7*`RwoOD(W>2xPPO>a-M98sisy51T
zZ)bs7<$11~SQWUQFGiVvjYm~hHU6g(>#2ibXR54u(RrBpMDdNB=|m8Vs{X^CG(I=L
zaoD7yAPCK_sw6?)tlH_><lH&z$cxOmToTPFumIklY*D}Mh?CYZGK*PKH<6obUDIr4
zZ=DY=j%&FFUe;)t=eludTb8D@Xj|7dbLiNHASzVlN3Jn(z?taOb}f&X(f_&c9a~&}
zdFp4=DB0j$5SHB@ci2GqjKY?{bNH?);SY=QVi1T(@nRT)Y|gbCiWcf=6h;~ADKVr9
zov6UazSJlmEBM595F>WwX__P>j(d=#CZBE!G;rrW0<?dk>#8^maa&}29Dyuy{lPFi
zmII29PHJ{>TUb`bN#<TwrJ12`R^^2yUe=Y>g#f-k)WA05nqOBuwsphccH7!%to4hg
zS&B@%=5>8u`!-|>ynQ+|dw^M|(Nf2C=hqSbO&9DluVX(vcBkWj${1dN13M;<^C)F$
zr}H@DFyB4s%>6^cI3|<5NxSk2vwJl|pleMd1hK1ex;D1PZO$mS%YDtEmH+t)&)-Lw
zP7LZs19xz8R#$hMy^SC1G4owWgc>PFA2e?E(0RhEs=v9oWbP;QjUOq;69A8~yme_6
z97lV<b_Kq;ijY9tELkB;?Yr9?@_!59_MqF3s#r)Is(2{Mf^d}e=tzPDV`8I!b0?F=
z0PO7TCD8<n{-8ie{yEOp_~V=Q4XG+%1Ol|sM<@1!4cAu1E9*c=AUoa!U)Km4Z6v`(
zE<PB7jo9jEYk$8`u*X6DYB8BuPsPl%k_B3>MtG@cZCP#jC$VuS8GDc9Ds0597m-#4
zRSktTGu;JCLE-m9F-rB>2$jwP3|h6avt4rKpdb_cajxM%^^`GY@TB=$RKvuxW^ob|
zs`$f}gS6IH<{$UEj>42h`^ECE{pI=C*yWW|-(}oI3npv)8hQ3a?>J)k^lO8U`MuEK
z1(P?(s3b<El+2wIQ|J!QgNpH2sT0*2jmar2xMdWG5IL&)4ygmdhhsX{EWm7nO{SDW
z881lMwD!N|ZhmdeFt`eyB?pS{7yAsf&MK*}XZu>Q)W2=TB?T3Hw(g58M(-zSQ`g6H
z3VQeC^|O<Np7M{`cL55!#FqM$-xLX|Imt1trvV?@+ZIQuMUrbO!e_Q80*wHHGhYWW
zludKat{0BjBUIaP-9^}*WD)m<czu1mxdaNFKZ!ZX*|dYoVpC>wlcI@1oLxWDHCN_v
zgiq}`+$56(TvX`0T}Zi8h!FxS$OsV}WLPf>J^$eRNzF+PM#tTSYJQtnH2zUe!(Jh-
z>)Bfx$|P$VM6KaHA_D(5qo9qrhc}xx7&3;bobk4=_h=1XmVi_a_d+ryzFnp2n@WlC
zroX_$c3bHosVLJ5raK_85${k0#)q?;=u=h#yWKe&nK3VZzh-C(Hi$K4G*=PxLo1Ke
z)uh$QW|QV}PidT?x70;iQW(9CC<r&ST<w{@xsH!};WefdVjS8UJc8DYlhhk*kDSyb
zWwe&&lIjVuYLnT2Y2h}ePKlC}t{>`beN$<fU}y03h~j;cw#eA|7th`iRf`re?G5#)
z=Ljesj1*7ETV_3c#PU*<6~bVhjXL<V$}aDOVyXA^ch|Im(g6ONmF5G<LUws|oAN5k
z?;(bfADizt>?B(sy84XlJi7u?|MVcdFCF3VvjG_Ae0pf|{D+N2n>tZzN;Tq#Q~YLd
zAN#E8h`<%IXn58?LekaIKUcfn<dxbq8n`ay*$c_lRjhO!O5-{;4YBLIN0z|!37L*x
z9s~e$RvpU8buE|7Rasu@{g)xau11MlTML2f)oCvn*Bt20<3H$LGw}1b3HcwUVw^mq
zvE~nj<b+nzjB9i8FjColomTQ5YxB7<Ze<B1M`h)0z{V)n3uSr>^=Z&zt-D*5(PtG;
z7?&@zaZcc`61ks7@Bn`lwAykFOGEs%l|gZi`V`+2vtJ#nIMPkBfWf5tr=}1&yNCqJ
z>_5zUUh8Qv&#i-cr;bV9>lxzvgq5(`6kvVLA(?>!JVxG?(c}arrDTh)dpjzoA)SRU
z7|&j4eH>-f)b>_(J$D1`cI|rSESO`vw=`UJhBMCHeX}D5v#wh$myLZw*w=aMOT!=V
zO}V~@B~N8RojzVTdfU+#99p>AcliyCqvq~Y+0`yt*Bi(Duy2j{7<LWjWF?}_*6K;p
zi^VRiYW02ANz{Hzn8MkoBuy=xN?P^~nd|3zu)NEI0`@Y6@8Pceye4w?n!@hs4a}tg
z!$C<+uVvpIk74hvN21iARFA!U+oJ{Aa@`Qx`F1_z+8qse&%s*GgSaox17bnID5b^0
zj_zwm&$2`M{EK?4KGTP!eYXcDc$V%NSzYPeY|99hOHUA+XW9hSdv!VIsTI{LGMvc0
z;kY~y`{HS(hrwqHwdZ-5)9>!x{Hg1!cs$1Lf8h(x;@*t2S@8}FBWhNJG~QFb{9gJ5
z{cd@W@7i*GuVx**A6o@KuPp>WmIeJq4SM|L82rEyJ^lyhJzpOh0uT>9wI<zXti4d8
zz28-P+fR7!Tzc=kd*On6;gkQ|@b=)HrWSc7OzhW2&`>pm=lZv&S~t{wgHJ`n7xF(#
zMN$RbfSS=U`q272k*eyaGyCv#e^4R_&Ak8lhS-Hl+J~)LrjOr;Q6%{4((^J7+DwW_
zP;N+`A*O++N&1uLvkU%BGe8s4D`;EU{(Dw9??sr2yMh_5@&^x)b^xx4CZFjeH?g;e
zAs?0NpeEc=m{zDCHIbT?K!k@(gwOSNvZ4sLPyZL`00f<A8dYz5T0>bGhM;t^Xg)@3
zS)s%Lt&~rcn62oP7vdC4wbTTL3|qY9hNu*Vm{L`t{DG+40jlB!g4%?rx~rIiY`li8
zsH)FEljb1w!eGB;uNe=@4k$)Gqo11qXt+UU0$IOB1=M*HGa(pScEYsa6Ip^sHlZ6b
z4J6wMAF?VUH&Y$5qXTY9mdrs&IM}vbzKPq3N^D6|7*>hflS!Bs^#ZE?T(<qWphok9
z%yn7AcDW;j1s78N%oHa*VDdg?cPsxDb=T)ypYV8!aNL*U-;jfpkgLU33Kv!PmdLEr
zD2(h=h8<N3p2Lo#V|J7lC+8DRmi?D)B1}aFpKYAS{apm_E|Gsim<vg?&_#qXS%d=#
zp1KLXEOB&aT%>ePDwAw1pQoS3wV&!jBvp1O<Deg*JulE_lu}hXolg|<V60j;T-0>{
z^donyU2LRYOfh&+217>7R7TEqyqQ3(O%+iEX}qmSj9<E1vPh;$b-bf&Kp}aMQRWB0
zWnA57Tu*eO`$X)(aL7?t+_fpi#%IXQXV|e*eAITrwraxlKz6)pVj@}A=|gtp`<O}a
zun~qF7?6xSmMpP&Ff`#hxilbdyfLvzFu5Ep=e02DWgF|gF<kz;)T*c;2xBDayU>(Z
z9G0kL=!YZ;2_=ST--lN&Y9$EuptnVG3KxAU03+P5C=Sb~F5pgxiX|0aRx+uH6IzD(
zK1)RM`v}g35LvQ9N|pkzjg-j1G~~i`&4dDYL!tIU0U|rS^^D+;)C82+%y%`#Nv(-Z
zSH&%#8Mu%ccsIpu*-=EjQKV`G<l<?R!5L&|C83V#FQl2D<g@6H(-@eFnC!EOkmJxH
zvp6ZUxQEFw#WVORGX#UPgp0EpjfyCrim1?Y#K^P1*_BB!=SV_0-tP&p#AY!==CESG
zbCfA_G{tkWq%&Ljv-F2^43Bf2mVf;IKroZfGqcaLh|ROA&9j-!v%Af6gv@iM%ySjb
zb2rcP49@c|&hs74^FPiDKraYlF8m>15Mo~t7F!TeTM#u{5OZ4)?Fzf#>hV*Yla`y4
z;a8TKRFxH*lhZ@<eW9X2rVeX^_0^14=2uhUhfvj1Q!`uCa9h-rThy{s(+*M7Nm<lh
zT-4cI)ID4@cw96bTr|2=Glo_-!CW#{TQbpGGBsPWa9gqzTe7lKw+>OaNm;U9T(a3*
zvOQdKcwBNETym;b=LO6%iY>dUEe|x!5*^NZxGj5zECaHEzZMtd2baAUHRQpY8VZvd
ze%WDYZgYXz%0bP_f4h`})ij4jm4E-7a0^)pPg&`((eP^41Prc3Ev`fpDwdyR`#&!G
zL9ZrYt|mgS#H$Gh(yyfOYXapoQ}tGWDOz-onqk>1nS-lY$Ze6Eva3EB7uxJrxWo1v
znnSMSlLOiLcH*)0+9k!!p~V!B$y{xtBgmaULORi^iX{nl<wefdYC-Zy4-%&HYyMf1
zPeQ9r<f}=8+<}-$LP*m5(W7h|I87B}nLGamMs*-FgtO|_a}M%*FhwdZaN2xV(_>cq
z`IE3OMURU}dXdO>ObZmVN?99p8`?IsH%NDUblaE;$i_$~E;mNl$H8-n8;I|b!;3Q0
zn;V@MGGlU^({57~Xq#ONtLx3(MD_Sa54^UjYwjC0s}PgL!LpSTa(`(jN3!IcoBj<w
zbdU1M%_ob`xt6RyOpI&{%^-=d&`Ib9>0j&VU%IW8kZ;!pYrlAv?U>51LgdyzN`}$N
z`wmQ1@~=M~Ou3Ut={9YD(#OwjXdlq6KVeKIAc<WUO+M<49g^iHnoM2E4!)5~K<mq+
z`$#6K=^*Osw4<qgrH|z#BU2Mg_dVvIUahAOM5ZGdO)~AG2}o1+Vdt5SRgp=6pb-UK
zjsB%@l;%kldUL}W_v3)eG4(}y*|)ap`th;$$OLw|OpVz#z&ZmVt5hw@L&akK2QnQW
z<C;w)bS)z~!MeKNCl<41y6N=j<;OetCK@LO8w&?GC^p%z_PQ}lo(bqTn)f$++u!#$
zS4<g-VkGve<@Vk5myiss*?{A82j_CNhs9ebnA_LB67Eg<`az~<&J%Orx22yprCJVd
z9}h~J72k13RrV+o*v!yB;@-rl_5-I>y8GO}b*bp5Mmie?RbgX&bmDc&qackK{M;cv
zsDTzoRV^`m?3;SS8JWr4f$0}QayM^b*GdW5vl@~feC&#6-l#`6vH=>~mmGz0E%O2g
z{k>NhOR}7?EW!_0@9b(P3N?xshfWbd$DapYB^ut~kRzXNL*J<#Kffbin3KnNa|eo(
z0rnGnffEOD%M|!ySND^!&=WZ;#qTGuku4{YLnlym$1&y>u}>$lSCjYE^#w145I6At
zN5}r+rvd7xK>5=)+}Q%Ifb<fp4E<>8!+(_OSu_hqkc(CclF~499AqjYB<tp1AEyPX
zC&fz&b;+k0Iab4`K&LAVSw7kB-xDoG)>ZD^QXu0R7@OXavvyGv23{oBt+Q}}B4l83
zX^mBWo0VHpMt+FgrKjo4t;t26g_u`t`_lPYz;UsdTp_zD_qxp~+yy__QsGH1-94)e
zD>A8u!q87wBb0cdS?C0kbkTCBg8XQA;SZPs;b?4fYA%-3Xgy}nbgOp9mJrEKd_Z?B
zwEkO^+4n+8Oy^c)ZMvO=olQfth!6P_jCut3oxN^bF)PE<V56@fvjsmZV5n6K7;e}-
zYe-Wq#=bub$(;ZDUaXICj{6=3LqC>)F~OTr)`OH#@;YhBD37i2O}A00De{xM18&J~
zH~ZNw(dAEl<1|r+0=)cEI-cT%D;)XBD}8Bv^=m7->k#v^0jIOG5`>JLGuT)ehL$}p
z6j|kmy$0Yujo%LAUz7FAJ!RQ(?xh<fe=&?_M=Z`;W)v|L1ryv-lWM~OGzXK>1`L8Q
zr)GWn7L?f1maFtwoAZz%&m}uyAlOC@Xpu`#voJ6r@<hK&L*XF~gvyb-T09tzHtpQH
zqg5y-Lp7yPFzq>-Ahwb-bd?Yb<sy?9qA9&ofjULNwEE$6K3sAG#q?_fB~^fPWQrp}
zD`#9#V|$dt74GTkIyeU&>tWlKQk>H8lh75>fgfhdU{Bvwknuqj@@P_L+T_SJ1jD>4
zWE+2b>JxeAncvOF)#`+!DQ(E5tlR$A(UrEsjn42LA(3=-lLHLnBn<Y=Z}Yt@x|>Io
z?pAgqbe1PQ&ON5r+`KDE!{uw-Avdxs2lC2(+vDGT<WKh{kK{n3pIi2281Ci<4zP@t
z-A>jjW*(|$9>Y`<6DbAr;4KouX~%v7n_0q5!qz?ZoM-=O-KNe~na<~N_CfkNYv1Jt
z|KknnAQMgou{G%1S-XyZt{Zs6GHRWzG0(Sn(9XN@kMXq`{W&i1vbOQOfC9aX#AP{e
z-v~aNqho!m=GQgf>enZ?$8-lbGQtz*adTG%%aoVbpM+kx+6}J$j(LKuJl8KJ9&e?B
zDRCCB<p!@6rEitTK%Qkl`u1zh@muXQpf)TaN8_!C)4NFGJx{|s)y}fa<GoekIAZ7|
zs@w9S<*j4*t#kPO&gLSK!-^mKy&BcK4*TODs*g;_V?3pEhlKUr6>|=e^{1?LW^hst
zM{5DfE-mJB6QehHN-!J_6;K}PfvSL1dF5DzvKjnk-Sy|Za?7#L@^eXpu8CovKFPNY
zH6tR{Z6xQBJPfa$LBID(%i!U&r{%mG1$_Sd^&|v^Rpa8oqxW$6{giV%BSss}$u`3t
zX_P}s0ktfM$9@AS1OV81Iv+ynk1PwwD`QFQ>L13Sx+)rsP5KGxbHr?_KN!?(uE|qX
zBl|Bv!$I7i!Dqql{Dug+hruJzRQ&xf1O*MNigK1@Fa(QTIyh}+XE+3d(+{I9Azvzi
zjMO;#<VTSt5Zl7JYINpkG>gsQZXv>@bUNox7?_S`!E&ZZG>&D{^BRKR3od_31R{V)
zqzbE=hzq>3cpg})rNpt|l|m;}jXYn#AMSq1*KEE>)I^0@C;~EBUGw$EHZ=%zx&MhJ
z+s3%v=y~b4klEt2+8+ryOrPFtx<3)PPju9YbG6-`!;LS_w_2n#lv$6*;HzGzvy`F{
z=XTk~V!IM<QJc-@S${oZiwY+4eSgv4A5FM6ujzcfJDDjJtiAeZcRe3{RLaI%tQfda
zgY?Pv+JW$>+C}8Rpx*lQe!4ttO#S804}QHKT)$4+7Vri4EpPkY;I8Ng!ohg%1R)=V
z?F78zp5z687k>HSkE&dj8-QrOVkC}$@Io94@BFe8@k6?eB#OTMg(RAJjEgjeeXVUq
z1*`<%%n{>f8BhZpXHx>>zCXSsBp?xL9f;zRziLU#3czb5Qje;VB}xae{Y+6Mc|Eky
zbmk@(D`2)d)KM_UEjE+!IxWdmvW_s%(te{lPB7yMKFqdiS=GrkT?3H|D_;T1GIR?l
z4l}5V#mg+6^|{OPQ<S~Ri_?wU%S*DI-^xq#gDT9tbcDrFJp~|FQ{s=EN|SPOos#FO
zglF-TC0n+V&qeCa&Qxm14pq@~U4K@h)w@<SVF(e^JS<gHKCb0Ak=BS})GXp9FVs6M
zR$R*L>PJ-tPB%PX)Jeu@ZZ|-Uo!QlO?Jit)NSAv%s7#zi)pot!b=3AiKA)?AW0e6R
zDQd0NYiIGW3mkaXu5MUPIzRo7R;*I>Hqr+>i!s*vd#Il>EXblZZVjA;I0&pr3qL4F
zDsIJ>$9}v+-|OSvFJ_K4rHH57Qm3Y@P7AqI-A*vI;_4dz!d7pXEisbVTv$`e)?3sv
z>3Uq$)A?-HF7^tm2!T6snO?OjjNwotl|NCIwRij8nscrNHy;A^ugf6Zsd3yOg5=Ha
zdCM7HdpAr+AEzzIwb1e<kmAYrdB+8RD|f?Ra4PSRMq3_q^cXV2wR?|w^>WNv(am#S
z-2r}!hQ78;$wylE+bSzysqnt)x(9b$_dyAMlz1Ze^W7Rf+56m$@NR?o9;Rh}{ikq$
zW_ao|JwD&)+4QDm>V*mu?0()$RS<Z29`Y7=KmFC*-TP4B(Ea|fE+`1T+^+QpKR!Fu
zUZ8LgRRdxIrj77c+JL>^Xl4RXY=3{prD}#_s0;co`rEnf;Saoad=UP{Z&*PpVbnyX
zVDc>3r;&TYvA&uR1|MQ16RLjPxw=q}PGS_7vVOt}h5(v_gvScXf!{x!!o}%Ge#Vsz
zkg+&L$lH=&<a!QZ<j|;nb&z~DoCwliIYjASkl@t6h%tvIM49px;?8r4vjd%CPVb4;
ze!Bld%czU}-APJ#%Qeiu#vJE&P)PI+HzJ785Ff}#MvMl^zA^=)^6~kQk&#l5N+~xa
z0z1hlSgDD)Na$n)g#QTsp&nCAoHJ66CZSO%A5(2`PN}gar!$})*OZQnq~(iL8xu{?
z$e)d|`!Hh+933+J>5?||V8)yPkTs%dOrM}5rG!n(3So|xjAT2o%W7e^l|E*JlQJc0
zhHuF*yUhF>oM$6im|BoM&vs^O@og1X*!drN)?+6nC%v)E<z-mLF|k6qESbnm{)o8m
z--Hm&6Os^;D>0&WG!b-*nJ(_8{3M?;6w-D@Ip>GO*`m$7k5f#WJNT3d5!F=BVG1SY
z>7;I#@=|$i<-<>ul0gyuLSZwN^ncF9O-1E5wmjqc;3hCIS~dSkRgCEFW1hCNN=i8P
zu&A&4K#8b6Q6}^-u`JSDM>QM1+Vfwr9Y{<`E-1Y4VCiSGe2t=r5G`n}VbT0{tlBiB
zGAYrlvU)A0l0RX4_eNPA$XBH3#h$tse@Itn-dyd5n_aiYt`_$aqcfGUAx0ClI#w}I
z6Z})%`t1NuK(N1Q!Zda%?U&eZjZR}C8|euSOmBL}Wb&!KG8d}}p`BqSk<0<4p=R_A
zE&Eaz%#oL+Ocq3j88#8TGI9y6{QOcrw<oInW^+*2V2oQtWmbU|r!^0)x(lUq<B@A?
zXC*VErRzC!(IQ9gvQI64SBru~H)S&hn)09J!<J8H1_y9L5><$1+RPV(W>1dHj0h|r
zF|yrM57D<7e`EsUC@f7eREnEmRv*I&X3rkW5SzfC6P!qlnvUpOijg>_v#||05~Ug0
za)G8fp{ww+R3S-;t`W*+ms1LgUJJ6vsuYK>s&apdE7O<Q4unQIhPj@ole2yH1+zzo
zspV8+O%6x1y5T#6-kf8S2+9~3sVhv!&a;68rV9fIiWbOrX=Ty4jV0-&qFs%TNBB!I
zRgvW{{18<X@3eI&Yn7o4Y_)5TU0&2Y4Nf7-I!BN6Z3Jr#G1;z7WyPmIug`SZMwd#y
z-jeuL@Ptkh&p_Y8RwSUr7BjM&yakXLwfazXE5TUJ5zQ$lA_|BVLbnerQnVLW+3H4q
zErd29{j4ht_*{gUmjf%AjkeP7ZNy0vZjCXQw|Ew26j1PXm0kMj@YUoCP7G6i>lbb+
z%k8l|jGgtFed%IDtye9agAC&G1+%=_l86~|5A=>RANaX9?4CrAbi|F-a&}fWItQY#
zpuap=&Yt_3k&ot1y>bL@?)yyxry{rUDs4``ht~h{cXLHZ%OB!gzZ~wNbD?-hikSI=
zMkrC*Q2b+EVGr9zA;})nG*Fa-=Qnn>s~#}3TijbsG-*P#Rryr(yxeo%N^9(?s!h7i
zB(8W?Dr+2z9jDWS8LC(RRzEfMpkCU4f!S~%$Ddj&yO#QM-ZxM6ZG%&P{Ppp0@Igg+
zDMaqR@e7NE`C@n(ROz^h*6`WMF1#sL>AnN@@Ex(%zD_#a4SxGxzTD67Hk0J{P{PQ6
zrcmp(6~ljBW5Bz4i}Joa-u+bH!++@{_`d1jbR8SVckuVidsoo!Wr$JWF3{iSkaBw`
z>6q`Kkn!_WrRQzQqdr!E@o~Y$|8eVD;H8HVe3SI0Tz%YiWtaQ@SeW~H<{<d7&G_{&
zpG(#40KSWu{`fra`Fi~l1VjJ+g4}^npSjoj^^GF$8^doXj-4~M?8F<WZ<4>E<@2D`
zf5YhK!I=Mswa<ff{|)Dt2N(Jq9vqto5B!aglZR098?h!2vE?^XcOKHvZ{(>w<fY#z
zTX`r)zfrI9P>*)_A*Np^MFiUnJ_onargG63h<~!=|KuRXc#9Kw$T|LuCs-X^3m#mx
z+*L8n$F|?ab|=P(&Bp-}W9Jy*6cFQ9<l~m)<Jausw-6Id<r6Fs<8K)e>=6^5<r5y|
z|GL`!^+fy|rQkOf$uA<~-y|f&GzG*I1*8mnq#Pt<@&#mDe<2C;pv(&>>`5ry3l4=0
zUqkj@VhX5$B-A+t)bg`RYG~zRMnAg?(Ek<C4w2AL70?S1GyIgr9GcyQ&-;2Mfdm^v
zq7*V=nJ^KNGEtbURPE6N3c#!aq-^4aZ2x{x6%??S?6I4Za@ZGg<m~+zGiF#a=Gr3R
z0v2**kaFjkFmL{1CNbfqDP;av$UC&pyF|*rRp`S^Dkw)P_*5te-e*(ar%afmib<q)
zBjuzZ6J{t9<{%Tv$Q965k~>IbARJJMAr&t$5w9@eaX%3EDiR+f;RTP>tIZ2t{o;pT
z=AA5Tg#6h=ye~sxVm}(}60RaEk39dd2fKOTTvWsdF5>4QqL2<2{7m<H&<GYvj;_)~
zVI~)D4p-qJkCHq*r&@{r0jKt+fo!B2V@m#qA^T6_!F<S|(9mj{(Dc(}#IqBj%x3ac
zk(mz4qC9lmZC$bU9ykr%Y4xV}P=v?y!Dn9>qqq`6+dKiW3|d_z8B_05+c<mixN5P|
zELL`9Kofq=lmXY849m1-FOm4jtS?4gFV-UDsL7{f_qSGMAcZ;qk}e@ijqZ`=<(M%I
zUY)PHv9_A_=(L$HqA5V#j3eqa7^}*c%qjGsJNiI9*|d^O$BjExw+p|ES=_BTbG8l3
zNp#)bGRYM;YOphO98N;M0I5k-!nF$tU`E*rNwAoQ-MhQ)`3>7$INF(bnI{FwgJ#_h
zfNeKP=}nF8_LE3)&m`c8)P_xYm8w)JQ8F?<O`T&U<S{iIKKU=RWkep1Iu=H$6qT|)
zP7pVhYOLlYm_2PrlPVmzvMEY+>Qkm(Ko#PpsqA-1d1XwA8)=wm7K59fh_<BlPgVXD
zr)W_sM>ZwRCjtm99hX6#F0~pr8e9Zdo=9Pp-F2L4q$a~GogiS9M2wqdgqx^7T8xpN
zIa!j@u9k3GoaJ^3^vyPSGP{8|@{B$dLjd|yMQNC6gEXTmFiYA-#tV!P3(fHIuB^<T
ztnzr)YA&g(2x(04G77Fl?F1?cbFxjvu*z4<ZTGBb5zdOQaJvYWjFi@DLTK6`)~%dP
zoiZv^M#|VO#bYSehuSE85_S4chq^%c<H747qf*y&=s``3aYLlqAxhsp3m>3P>!)Q8
zVI{bs!os~=2Y6NCnO|C^Pr1jeA#(++_QP-X)0l|XnKLa_fH@3^tvnDjUFFj4ub)(E
zKbbWn@W<6VYnwD5teog0n3Ez1E7}-MkspcBovseIwAY<|J?~Xsm?gaMH;WC9+30>l
zo`kIGzykL2*dG6=>fSmZHlm6)*4NY?&}>1-3?(tBIn7uz8x5r!0~dqr72E^JDq<B%
z@Jh!EayLe+SXMVDaw_OaC_xBicV@wDFxAso1TuTM@+fw*2$%LqheI6I^8)k>#>&Gb
zbc>0$i~7}z=Ja%+@+tS~Nx#eSBf6DHyA?0`C){XEBD*;fyXl(h^%nXK8oP}KupJ4r
z-NF|A)=~A=zo`Z5>TP5C9dPvy%++Jn#YzVKDh0zH!__W_{c2=Uh5qhFclCxk!=^sN
zq4Cv$y*&tvN_lp9E41b$mf`eDV*BUSP6@+VP0g7${W4F@-am$Y0fx&V`^%}TuA8bu
zbB1f@nxm_l>nDbrvFc4=%`Fk*9eDq=h2flo@m`?zK63kftL8$T@ln6_(wy<?tm+C}
z^Neu)3{(4p;_#Bl2#e`(S5o^{;{e6r@F2|i(Ovs7bWI~y`=ovSX?*>(cMU$fMssI;
zfw_4BGD0HOy`t1XTEM<FFhX(GL0ROy&s~4W*L~Mug8miv`Q!k$uY&=5Fn#&eeHEZV
zkTSvls)NUNgfF~-C*A)hSclldgruST-JlM7nF)Ej4*5K3H<StXuOsSx9V}EmYLC)E
zg&hJV)6ZY^KWlG(Rx<r=c0`h>$55z8nsh|jXTmb5$3nM<L9NF|WXAcb!+~|$i)BL3
ztw*P1#;bI~<E$qZV#XY<Czy7+z_`WQcEUPlCaSc@4r9jsy2Xxj`VHm0lHr73TaQo4
zLc(}Q9L7j6&-`DkflfV<#vPFk3x$WlFT{pls11}JEL1KHR+!ABjrG*D&ZN1{)P*c=
zd<|qhEOZjg<OVGC77g^vEJ}7P#8Gz)&v%sfcZ}mX#Ffr8jSXPtS{4>;7sz&JI?hJc
z+H1P)2Dbe>HVv1@6K5t17pnI=4jWdcUzF6eja=xg+`sO*GFcI8FIa0?c{?20R9N|R
z8u^ABe_Y*gZnJXkH*y}c3SLh$6|(-Jbm2yH{gdmm$mGIH*(5A@$vfRBGJh|^%f{is
zDt7K7_Ixk)ej|v^CV}51f%+hU{V-Q?FPz#Wb#5mj(j+bMAYJ<)s>3F0;wpR1Du?aN
z^_NXPs!86%RsQ~gnD{{owpr1|Sh}%Esr5l=`$lG*O=bB()`Csd<3K#DNkM~M&A?5e
zkVz4hUBiR@8y35An45A`Gcsed3a6WD;iF3JBf7ksdJp(f-o#C}pB>$yS!0`B-+@Ro
zj@=;1&A^~qtMpL|wZ#ydLnjreGu>>g!>%{ZZt_*6cie2M;2w3^Y+&$YVA8S#^JIkI
zqV3ON<l&A*{$!HcVv_4_Qp#bP#AepoVq=qIX3=76^JME?$p5#+B8<a6>dC(6msR1D
zF;uHn<&$HNhG`Fnv&`Hu1E&jTtBasVWtENRA5J%oR=2of*I^Dj2M@b*6t5!M_E1jG
zxK__pPC#xe;9NwIY1*Td)2pY|dzjPb@3U9ZnB6&t-*JmytAVCyi2oO70Bl<TDpw$O
zTOfWL>8YsyFRs6wZGQ#10w`Zr|7kjDv^g4Z$$$%BEexT<9NNM>xWfJ0!o#>C;@TpT
zJbigXLsPk;a@(R>xuSbsLQA<s2t1s(Ur^||g0H#ap1DrsTgji=;!$4%zuMeAI1^o3
zldIaIhue}kxswaIycKqnGyus4prqy2I7fGfV@?O}SDaI>1lSkO(-D7z!8F9SV3**u
zd(ZSZ?hM4&j4uu+6Hmuw&@D44W%$K4Cq(rEkUY<2e8LTU2j!Z)hW_HooBx|v_`_zO
ztH?t&vlNh($(^C$l_Aj<BHRAg#Oq1#Ei;VA>EksXA4EvWT|o=@f%aD5-&TN{+V|Tl
z#RimJ$CHc?6Ndkmt1(pb1*)Ot0nWFBQM?&w-CzCi-%~q?O3}GXP_e5l+B3$d8(7;)
z3ojerc>+@5%g0~qXI``YJ3{tf*;l<Pk9orTd1}YsqBz^t<2$1Fz1mH9YkS^6souJ5
z?J*MV-QzP&sDLbkc7F};lCL(=hxfoQ-g0!<e~do84jpmp!wHq`1Ep_&+B&)lt3e&>
zgZ^!Gv=M_n-nIew?blwSp7x#NUc)ZjX|*5qjh*c{d`-hXfwkNsy`2-=oh8e`tzo=v
z>)g`{lfw?3GqCM^&|U4QpE>*Qh1b0E3W<~Zd<*Cw!hHM-+nwe9JdE<4ODcR1IQ(<J
ze3LwU;yn3R{Q09xKYUv|*C@ff>+h(G8om?rox?EP8_T{^+XGYYom)}w(=L;c7-T{)
z0z0VPJJ<rdzq)rR!Bm+1dz{^Sg5CQP;QcSzZqBa5R(Ub=?jr|*V~_4*2fq-X?vpry
z(<HxRqt9sPt}_Sz^UR#FTK<ON?(uOys$>4`Yv1YZ?kj)qLxb+?FEF3z#~G^sIkx}q
z&v*LC?z?{QU8}F<y5E(A|MoTb0pH~sO7Q8r;|5>w8NKHjf9#xB@IJ2RCG|@}*#EIq
z@TyYq(dKc^Lhxhw%iH$rdD;Kj!~bQz`<1f?{497;AoypZk~1#nPY?_uimaz1v2YkN
zF-vk={9b<q7OnV%Cs>J8JdRMv83UAXFq}Xk6DkW(CYMg7H)==*B_55ZbJz?`08}XD
zbNK`BFv_q02ti0h&51x5>i^&24$K$ZQ*1P94gQNe0NQFbTFjRG7k8jj_MAurt?0Tn
z7wCb!x0soFt>5Dd`GrZ4c4OEdg7!;2EA7^JIEGjdNRWPKI-bI8u#}a4Z$6zZ<d0<+
zU#3*_kjz53;@T{<B(F0Z%Kz?Wx7=#BJ{6P6;jr1|0Shbe;o-DB9D=V9o5kgFIGHLD
zCh!SxJ6<l<nU2lo@wnV<4TBW~djqbgb_;+q9;fopf+5|gG=c&?Z_k&<xwSoDu;14w
z<iNEcB-BA%FBGyYQ^DMk7HV_xMx^3Dc<QQ|e~8Qziv7sk7c-R)Cr)(?5aP7VP3Us6
zXoHw)wh4pSdeLY@xMo!eL-?>JGkptF=+k_^yvZ0xeuaFW8zD&`QywKw=W~{#%#>vr
zqbv@d8>1P8QW|)|pmXeHK>JXZWgJCnlx3PFn4e&u=Tn*FSoL8gBUIR*?dQFnP?_d`
zy_laCg!HAYnHO)GRU|;;SDh8b)mxYqC-zmHlT;{jsex7NPaKmgy?Bt87kpGzQ4%6#
zUr>>gYhF;3vcp_lYa+u4^nS=+T+(*xQd`yqY%VVA2Y#xp7)B5-tr#b~@T;$yrt2-O
zn&<nfuUVF7FRfYEcd4)2f;N}d?fX8}b!C!xdN*8V<uo?kR{t07AVy;ga9X{*<$XJ;
zvHibr2mX*Knmd8;3@bbCi=<6?A*jYHyP?E>ntS2YIV*dS%-x#%(cD`r`>{e`&4YL;
zqSb>$B>}C&WG(&GL!gnL)=`>O&Z>E|hp60fHsI=ia0e&(5e#c5g$eT7r^V^^YyZU^
zXrGmr*R1^)ci?3SdK1b!ukAv?zo;K%$h>Hrl*hkpUbN4=Y~75-zXBcBWL|Y#PT^m7
zJziyA_k5xd-1I>+X5I87D-hfcE&^$PL-78Op-ViZ%D4Y9bh){?`Jdzej{hD1{}%tt
z(B;3m@Lxk0sQ<TyE}Cc%5}^>nkpxl=MWadokA^O+f;10hti;nf|5rm7NWY(I?HJ|r
zrHX~p*?0-%ij^AW)|+F^mCLab^)Q(4%~h+7mSKsDAfVk^E4CQLC$)#YUdOk?jNow(
zW1U!k$Y(;N1O}nv(0d~FtYqfhVS#=UWF!#d=0Genr@k)eUT6$gDC|j==iYn(ik%fx
z?~TqTs@ACWDQksvuOpN2JO`PZLu|VTpiz_E;b}cJ9D<rUq5En$L7X6CaM|f`U(j1A
zs7BBKdUdhZ3N~=S16OaIq|ag#fb@M|n|2Tt{1kcwE^n<b&$m%I!6IK@x0E{pdXOve
zfv`Wzc7pbBLw-vliBs)rzUYO_hv1l(?S>M#pX`Qls&VB9qsD4#M^NOX?S)g-tY}3s
z{Dd)yW|<q=iRQQqF^RRj95IO#L^&~uH$#>p(-0?$C`x=IA0<<h7l2nwR+iT~^j6j9
z&ISHwQB3Y`pnhzYrj<awk!JoBY@UH%J!+om&~jv+g)=E-;pmZQZjqyQ3&_olyM#ZH
zr$nwO%;&iZq4J5!&`>Un7G5KjN^Dm@ExOXv&MOHEJUI=^x*8%4*Ed5TFB3(GB$Rtk
z*VdN<f2(-Ql*!MLs>}kGtJ=iU5^7uLcg#g7mzOqR+m^*iixt;97nE)R_%1^-?dMB|
zY#T=R7R&9X#7oOO07mZ@di!G)=FJBoX7;-C0Bm{_O(pDftA~<hqPFXtmaXo$rA&Nl
zVG8P-%ItQV_|7QE=pU}R#1`vL8*ZhVov=}O)#mk)a0~5j6c^VXn6w*AT_pJCEZrYh
zGR!^dU73u5;ykA`HKY8tPGgTXgH?L1yXGz?Xn)`9oj#q9SSFwx!mgskzjT~Dk|SxH
zW>wGM8%9JW=x@i_6*kW1%xEf`-L8yn36^vPV;cMP43Hn!;5;T9nrmY>4Fh|{rK`a+
z7Cm~p8&tfTEj<C)H7)-%QB$AQ2^@GYRNWHr?WdRYeO6nOS}o{68%N`Sl3Wdjw-dgk
zEw1S(DDHKc;T+G($ohsgFUyA33bJyJJ)(nC1OKy*(B?aV_nTKVRM4#w{C3%0C`(+~
zeSolF*@KVrb?Kvrac=38lQSdToqEu(?iaiyh5T2Pf}Y~H!N%O0cYM;%_m78Vhp&C%
ze@I`6Z^u17>Rb0RUto_;$UDk_L}A0+4~ai!)RKXa)_G9KlDP{~j&xW9bC8X0Ld}jd
z0zY&|V0puZIu<E|Nj7ld>A!OX**TiinnocA;V@x{qlV%|>me;Z{z156vIXNpjedqo
z4*dA62$z)IJ3k^9zJnhN)eDNp=zA8u|0HKpbd|@<<{Hd)OwcrVFvgB)6}#1A7V`Q>
z>@X&YkDg-{jaaA!-Luy<P>mK#I**Rr2gh4pjS^@5K2PvkCegiF9}!SB3;#Js53%SJ
z>L6M~2AwVvktWB%Hok|8{+bm+Ji}>qo<`t+F2yXLXyuIfn<|20OyK8nTxqlkUhSbo
zgO+m4H`h(G3UMi|p}Y8sf&VOsaHLf;?$XAnkDQ$W96LW6fq{EP#74NX=1<59N~VV_
z38ym5zKIFIjv^7Z*GU7I#AxepGC1jyROIdV+4i=F^t)2i9@4CQT3}b1$h%Sb^<son
z*b8DP|CR3Fcx)bUkGn*Gl$pS{q<pqL3(j9_ir7+Yagc;+Vys?@=)2Q}-!97}n1>7E
zon6Jq=*xw%ac4cnPYRB0f7WVyk|rrH6tL<2kX@#jPq%+4;h)@;$39V{D^AV}(xMiS
z@FXpfw=A32r6D_f#tq1MsG!WMkYtu7$uwWA5dTC~r9@b$?Ow>>d9+raj+|_wX->2z
zw9wdo6S;|Yvqrqk)>+h217f+w3X<w^s7L~VhpMqUZo7+32r|rAOHPKDW?JXs<%Ph8
zT+;D8to=v@Pt1xOT<g*)MObZAr<O)Rmos7zuH<41bHm?7aODvjK%xKN5__~<mAsXW
zeCHOHL(gQTtsDO0-WXM@g58;shR)*b)Lo4aIhr#f?xrq1r}zxHt>dG))VV!&aYv@T
ze}&BO`PP*b1EGV*xQ#xwS*rUb^l!`VceLBY)2_#6#^f0|?#~kV9`d4E*nRSy*nw8>
z`TN@TIebG1^acPD%x++27#(!a$iH~!8#KgDqh~9eR&)leFxtmmu;GdjagJU@T&8i1
zD2^X(w__9{s|oAX%^+J1^P6#%7~+0gjiem|iUNTM5$9>45Ktje?0ugc|9ME;jzu|U
zV}DyZJy><=FkI=_)Y40HSor(>O+ywH^Iw<ozQ6V0bV!i{y#(AgOZ~-+(y&gBM$V~K
zo6QtVP7Bs9t*L9b%R5P1i?O}e&L3AU(1?>og8kyNsHRQg+f5eF(s-TEArFG=F^d^T
zFEd6JP13oMV)7mi?Rl{!uCwIUm<o#vXKGi+1l5O*dz>?I(#^Q+_^PkX?IS?U8cG=%
z+xJb-%E;3ufAcE&d3`-6)269I+@r0l{QIbtUtO~n{yg*iY~*-}8zg75e1r2M9V?b=
zLN|RsI^%M10;wG@>+t+r=(@(8seZFwv<8?Y(MDn&AN`lNfc>)fW?>%(2;1HvBv%Ir
zfl9!Za(eTK*SWn$<lcNy)?UGuxP2OZ1_!3Tr|)puuo)LW@9&7Y;nBmBoe))w(w1}f
zWJhiYe)Ldg)W3z_LTsRam)}<(y=b9uW9MJ@G_atpE&0;5hdu{<2V9wf>wR_<B|IFZ
z*<A7?C{C($asTOaHzhTmuc=vN^@mHlSN~PXb%fm@v*R#`PpH!K4C6J|=r(%x@zw2|
z;KD<e(SMnvzf6kqm~DOJ?A4LiX-aO_o$dC#C(AMs{led?)ps<i_^=8b^!lKR<Ns3B
zy<Ga<F*wfYS@^g6C}o&z(FE0aP0KGQV)*4^)pq%!3A&2$*k^6<@;<w^dums{<&OUl
zOOfI0wWPQ+jpK8-BR1vbov#|P1H5t5^Oo}NSYTs88KZX@_p9I#+uxS-ZC+o2<NZS8
z>%j@{qU)!}J5_bh>-4sj@>j;!C#U4fqyPD{pJR%Dow>|2YyjMd$r7c1g1IT`i7)A*
z-#>H9zF}RgW`CO^|9X)C=o7yvV4%;EZkl-Dq<ByTg)hlUka)2TklD>8B#7G6Ms!e}
zZN-+g%#^DwU~Azo=SblFu&+CGFbte&17&dLqi{)Lz^IEmEYx3!qTuvoB6&~Fdk&@F
zBYKc&atwv`3+#;FCA2@-0wsoin!@?E3%g|(hH?po)ZK^ZoVW|j3QJLj$ma(!j|6*o
z2KWqfdbJsPhC6(Ega9;kz&Q`vD3WUa;hIP8jx*-r2$~{)xkC6#`2)FvE7c=3aYCjB
zjkD5Z>B%GhJOIQJBN$c!+*CasLk(j>BMY&EqoJanEUbz~BE3`jTHykBo1<7pg78J6
zC?&1_QANez7>*<wcArF0P=&8(M2@vZN2CS}u2^DH!~{G=XM4uva~ZC2*_)`x+$_d?
zHJj{FsUN)XTen2J;LvTacm%bXUc(t%F2$-Qn|hna@xu6>y2aAK_{o;WA+yCbAH}UN
znK6*ZUx>t;Vc{bH;@sS<P|Gc7zek~uQX{PzbbBWJeKI@6G5>XHp>7)A7!-4&W<kLn
zi~B0jCz417OvE1n$1n~iNHio8!6w~!Qgf8+tw<!@wDNOl+043F3u*o31px&25;M~h
zwoj5yijxx$t=0|`Ac~FDPif=<{Iy4h5GCx2<tYjGDTCO7$B^-mxQW0v9j%B&8){Dr
zxKQ~an{ACSd(Bi1CtLUQR3;|}jw4`%b8x*!GV!qEh=kW65cq@JJE+{FY&kU&koFFp
z9$)6&i1W))DlL4KqCnl`_DI{P+^aq<Dk&n}uGrzC#AE7vqA?X0I;Harm5(GhaMmoN
zt(5-G)TjJZa}9${%)_h6A~N|kb7#afPbw3O(j{L@^Tu2{-_#ig+bhm9bC@ctK`YVH
zD!SUjrxX0F$K#@E)o&QK=oX4=qolzty)4_htf$NAB?;@gc|@;;ox6SNsvwcw!<F3$
z<!*57b_z&}#`OzQ@kkGG&P!zpC3V~*%dWG^-7f^FP<oVt{`6x+<#BtML5XaS<^qN}
zzCd}U_d@s3p7o%Zq~W}RSIdqfM*@t3z(MXG^W31}{7sL7M2U<V?0h~?ycs|)9iWh>
zHACe)>0FDq_Oaw=L@Wq4w-;9s7!gGTMa+wk$Hr42`7eE$yZGl>VV|S{@sqb2Zn#Kf
z@u;V(wsb;KX{zNIPsS*{1+c_E<0o}%uz9*8H%^dCdy$`Kpof=FfK{n?MxmZ(X%ucK
z*dH$o0^oa)>gQGw5xG_tI2I6sQ06;UMn{tBSQhAST`r1Kex#KQKM?inq`aTI+*#UR
zW6fDWvizN_qA(*8z@z-rv;2jtZ0JGFPAWXhx`2fOm;$KOm8_`TuPmj)s%jS~x27G;
z5D=uPjJ2#RY^jQ>s31+#U7?PH6sh*{swzgPiXSW7@X~@S&#QT>NHz;z^{U8zE-Pp&
z97PCmT~+AhNn67UTliVair^GWUbQ&So9U8Hf>rn#DN_tn+JejTfK?YK;Q+lZxm#5C
zgy7<BYV)>M*f^MkYU4T4PC(C74~>~E-e1qKRD<yzBuo*Ync@0f&G>|-mIx6X-n3RR
zmGM{8^%r(jq3LM_8#zDwx>Mzw>{TT7cPVpT+Va)2R5f8AlJ$n(va0od@+tKa>HCIu
zgi2NIY?*a?W!?-0P=m2{vr}L5tXESGf_K$&LPQItOuv=Zc@ZZYWyYDa;d>H`mE~Du
zi$#gdchgqEs7gSGpjXFV#0a2BCAoi8v<zD78Jrn3uqin-KKk6;r9CCwrX~HY4Fe05
zBx47XE>dX$ZQ+@QtYh?Xwvlkh7bk@Qb&|gNE6Z&HbKaZNGm~q*+v<6vugdBgby}k4
z+V^-$g4H`1Pn%;hJJb+54|qD|$2*#7=!WpA#>QI>gxl4QB7@&Mx4;XXe28sM(w&i_
z)*9aNdc3LDQidxwF-k90`|F{iFX>Ait;w3*f2h0irBWTVd%zhnPnkXc`Nel2G<ZrE
z<WcpARyM1Q8!N##F0t1HQm3oG$L*)5sl)bt;J1sd_nN<@#ge#y$3Z{VOJY^yrbrz2
zADni_LuafTU&V7`v@(8cWXkntCbBhlMcKVZWYA=#S6URE0pw8H0o_(*6rEjIRZenn
z10qPhERxRS>BV0K!sewci`oU0h+TC$9ksXV%4;QBKEG*cT#pv@#a?=Qc(4z-orNt1
zYH^F6+x0I2o+NziejY9mBDwZHa{u}I8%6g?&=h{KyW3~VfX}JDO~SIN5t!X=^I&*J
z!gUK3DEdF)3E!<eOgsNU29W?RhPe?&C%8Cmj+vbPj{egD#3D60*_JU_yZB%HTRY9&
zEy(|^HKsHcojgBQCOdRdnGfI_>@xLY#!Hv&9Mjq;D&_61EiEd=7|)gI4;~wj?i}*f
z%}L6d5Tu<@;~g78VxOoQPO!|RTAS$I5DUNWAs?OGzi8Ia$ZM!FdFRdUjw&k6tQ+v@
zqpa+C*l-l|0X|%m2uGLSdQ9(C_WDIyfo&VkXsY2P$JY>NU?#h^e0slMmO1OptRu|+
zhOYRq?LhmijyY_HuP#L;Ov1RF9nS3jw$b;KJ`&0k+(W`Yx7nV2!`tvhFb`htp6Z;V
z=byjDZrNE2;O4Kz)(hnKor8Xz3mc!Mi>bm#vd8+=740e}pKKDCT+oe3k(+G5`_w%d
z@6p(-B3((Dqg&wZQYX~=_X4{#$+AS?GcTcMYHKrZ?Q3#nvxM&(8qu~?ptVT(F^h-c
zr9e2{hB(Y7w<LHOlC!w199_FvG?&!2=(9v?<{SMpYWbaS<sN%=D{*?0+tez2HI#7q
zdy=-4-h473jCf(yl}Gnzbne||ZC-QsSDULt*VODqXW-|g13;-EX6R1`Zyn7lrFEFB
zU3UqB5NIP_ZZ*nNZ{tC;y>)&W6k%T_7iJ93Y(fFpF5erBj^WwstaD~rnY=I39jvco
z^w9E--L6c{o={YAgy+XB+2JP=l_iF(CT?7Ez2n4AuWxmB*<4m^|Fer_!rjCnY)d@Z
z&R0*MvD~p0?puXxMT+h1eX{>1-<HNpkM3uXP_e_Kwd?1x3wzb3Uc9@^Z)QiaH?l5-
zV6`{vEwop*M+u5OIooUCP5ivv<;gaBwcBT@PU6{G`#G_{_i2U7u;RD0zr=lj{2BS^
z%OKMowm5$<)z&eAc=*M$mv4Shl+`vLbC5l@u`*`*;j5z#zmS7-(5-H*<$F|4m~bw4
z2=HCE9gBmrIl@Fb)@3lb{ag_qS_NB0rux*R`n(2-b~#K39;#Vv88vru`RE2joNSpl
zwbBmlbezQ1OeS583tr_@l=S_TInmX%v{_0Q3>_3jS#==lqu1@FkULe*nyk<r|MonQ
zWOvr+7tZ>YPn9)LO8?7;-l>OsrbeJoRW_@7aq|btRIXo+tPgh{)WC9Qp5^gL8D7I`
z_Bm<Q6cOLBY^sTp&&msY7vWa<n^x}f>FKK0Fp|zd9pPk-i_4vq^ey)~@x|(x?Zru!
zM5OF!6~npDhK~6?lj{fb7fN_HN;9HtPBWSoj><?{%{AYOYj3KDT-nvDJtKZa;j`b_
z+?L0hym#qD|8VSp(b3Q)7(51>;nFy9l>r4voM&998ZTp;87bOY@^fdY4RHf=un;&t
z2>67!-gEU_BTJW5pyUU}&U}SFNKsv|lsxQ5#~j%kVnekaTrAJ*O&J2$+ds?WQ9u@N
z$G%gyh7PIC@?}WKmx$HJ7P$xelPe+Cq0W=#j@M7=8TBY#PcF4Hpv-4`xlW&+eT%PW
zudb(xniJoiXLpB}V1pOC+UG{v7x&MXi0zlC>6a+qm&Be0-L9AT+Na>{SBJ^2yk9ec
zg0Bf&Pi0@!&1sb$_Js~#?bX|lAK@=K`0q80WmR7-P9RXbLp6wT|9$Mece|<i`sj=P
zc__|u5cNII;awQ~#aCWig0s3Y%Na>n(4LQnZp(nKguF?w^h%*n=bPLo2?J)-0?%z$
z_M?JN{0FuqkB<zFeu3!l0jmWrkMkoJgj=Eb%k<B=R}hd8e;@*(pa}RZnezVxBg12<
z!X@mAgu@~7bb2O`3`QbjG9<&z6%2)u3i61iD<4V&aim&;apwzUGngos1|nDshSTAh
zpB`3O_j<Fb1c{)n6|H7+`82S|(-y3x;uH(@^?2AVmn!u-NG5UB=@#pG#*g>_>h$xO
ziV7uWktvkA)pmhfk7wvr(yi3bKeMeKtG7FyTJiM4Judf3qP6DSs@U&VvURJ+s(I(A
z^@@OKGT_+uRHpSd|DK#7MC_a6$y^PQ99=B;gViL5A#vJ;^RtRp?vm`4gyxNL0Bn-q
zoAS#wDDavn7h&V^VWtiDy~Uo(`+99%>Aq&`f$Lz|M+Z9$W$tQz)^ONlYjcIn{WPR8
z=vm$c0RH!JZ1Ox+Jrx>t1p>3k$aXwznZ*4$K)I)5e~m7zY5xAXPfLbGxiP~Sp<gih
zXJ*fPhGABk*6|-YsKBuej@YM83|<IbRunAoy<P;xEgD_|dDb|*=wZR8a%3jxW0owT
zrCn}hCvsr6xRuS-nY1b|%bAKk<sh+;p<{k}m;hi4FU!)8!8*#iY}z<EIQKC#**K95
zR-xzGtzuQ+cWYOf;BPFvS3r6vTaXZ1r(>J_L@{Gk6#qr9q9jFG+%(5VJm@+l%Xzra
zDKEIWprj~4uA-`}(1oU^_RQv{rXk|PzQn4N(yU%@+03rd=z56Bsp}2BH2<G+I$6`i
zjF)3oFU727*gV(nhqjeR7I4*|GUid+R&CK;$G$71MaNMJ(_=$^oc(#jHAT#0Q+C}g
zRmpRIabCg8JNtQy2YFFr+2>u1O+LWo(_@DnnnQCb2%W)AHdIOPWfuiI<z*q9mgvDa
z`hMPXAA<L3g(rrd9AuiLAkJ-;qG1j)OZ>#=Hcc1o;yOxq7-~8aayrt|PxGj_;y&^6
zr_i=6M5E8xFASM4vkENtNu&z)UgEaOkxN48F4*9eJ*iMZZtq6FoVOb)uHHg9FdZyO
zV8;qW!nga=RTFPZZ9{Nt4H7HS>1^TFy|ui2+2S>A!K_3T8Z2Yr<7i%%R}zAS!v3%+
zj@fchIy`}z-OZ#&Rdk${vD;{wRoMRV(4=JX>AY;<!0)bUq_A$b?l8>nvFUM4csOSU
z+r2jYmr~$30OEhdI!+^>Z!q7&{%^#(y1F_?N5}a1`2Q{7{O|bxGqLW!xd03I`Ts$z
z`#<Rm|F6Wl|0nc?BpSW3rvF2%lWwk9tki7$AF;01us@Perscn4-F$`KcuVzqtK<Gy
zwhSjZ1cclD+2;83!De>=6e7{Z4dZ|53+L=r|D`Wj;ELqPf}GVxfvh%LvKXxYr7uiB
z(6u+6&XY(L>Q82rpN)I!jOS!Ou&b>%xtw=L=vZHG_Wo`BAWUhy*&h+Y^Ka(^-5+CS
za;BhkwY!BZq?-3kWxqeI)qi$G{pz{lRlYx%zZQ2$?s|K!-t<60?E$;J-d~>A#`;@+
zeL^Td87M-*Smqf+gOhgxkq}x86;L^-c8wqGFn5D-#@zDd@y$<&bqMz`_QJ?A*bC$+
zfn_9`)N>1akxbT)dzP3(mL`U*W6Aq5d_2vhvVu=k2LSdl&4YN!cFZCf8H&>)1vwOt
zgCtcT=ApEPdO3Lvojm9;RoBcaHPsLZNJ*p0w>ruoE4NC_v>iG{%d$(PKF*e&<xb4;
zeBwsSC5AjZ&O?TOOUMtV@cL0e$Xsz!2+7r+P!#`D+DbfCea)f-+o_^FD@WYoxU{Gn
zgGQ_rh+tmvv%cc90$3xAabBq~rM*(tbfj&O>c6Kwqu0A7)(i0+`A<MyJB>B1$eb@{
zfYH#mKeiB17{3)EA%4VH6?Y3a6L?4SSK2`=p)_5z<Yz|_*4#;nYqy-dmD>w<Js#V~
ztjObEXWx^Ut_SS?<5g^iNbX?l*<|rB4f4>!ukN1yR(aiL`}9s*2g8qJ+k$T3ZTk-c
z(W)MVkN(}c7D<f2Ig3=H{nh{<ymU7f6Z7F*XSGJnFln>q;}VAEK^NcqJ$l?FUEu4(
zd=%Pf{brUw*JojxRixTrj!~z&xk~x?m}N>QY|?i5yE<IUisidZOHh=0_LFx@Md<Ci
zYi1`$m<qUE&%>)~ujF}aKbz)$Gl24(+9?!G|D`hB4?lA+DplI5F-{_<rEq~626UJ~
z(!RN!rDJijmKTOXn0J(7|K{S=F0p-7Nr_<5Q9Eqkobj|||2}IB4#U0Za6sS_hpr&%
zbd+P@`ncUVYvUW8aQNK6r(neM9pTo0xq8ItS=s%!@hi(X+&Qf0I-FA3L7?nxJ;v<)
zTtZJdYG^n&bLeLN+zk8__2Khmx@Yj^smk|zRVo0gDdGCZN{cXgy!uPJ{wEO?{xY+o
zKgI#BSE5HB(o&?Y(i;#~DkYnCvYLtX1LM$hJ`1J9Q8*S|sZn2(dcV!lma}L#9ws#j
z{qwBO8*;)3K=C57)Hx(4V5^2^rctz7Y#%Y{@=GD{g^~(I+C{h%bGN}#tZg?$LG{A8
z^WTaHNu(2d8S6f-oJ$M!noW$kGy%2~7bTb9ss4{|X@r#rxReYIvEJWfHy~Cygkche
zzF3MjF#wVfi%|&%He~RtgOV)H-xCuLWRaALx?~gKOevz%DOr=b|Fk$M6eiCcA9;?c
zHq@%<HWkq(w1^S6I0K!62_R0xWEeTdLRueW7)PP%P+(Nj`X8pg7^q}SDUt-eg?E^9
z(~IB|YSR}klqO#O^VqjeGVaey^g2OAFxo0v`(($qC#3?e72lK24%B3l!#X@a3(O@3
zT}t`YaL0G$TylT0kl#GO&p?GZx_r4R39%-TujSk4e+w#t-nHTn=Yff6F0vG(kHq0A
zj?E)bL&Xt-n~R5$FI2w3l$O(OOesmWNp+@{5mUt&W4AAHOHf5b4O2lLZ3@)>pmz6q
z!;&YiDH4^FFN2|6C^{lni?gjzIo_k`8I-P2$wpTnF6q&-W3NnmqtQU5Udj(@rZpox
zADpvZYBV>~_f;*_S?^yGPM523c~sDI5M${)!lY75Dja-z(@6D&Hm4`O&=neH!^PxK
zh*YyOO@CY|ms2lJ5!*6j&eReThbhmlMnc2KFPUjaqsN(FH^;6R0)3V*HPNY#!y6##
zFpOfwHGf7MB%Lg8l$bXUL{&P_&#z0GBegx?+4HOmi?7jmXoyYXJAXcISPqdVgjLr#
zmsFx@VQF-rzFv`p!EJSidvqSqU#oz;rHH&jx{Ud*wO`-#A6pQ*FCSA}F3<lUxY_i4
z4CeWhl58Ji;gsnjGFjhxmn9M6w4gGOjh$8Q<THDAC_~kGkyf?TSZQ_;T-AvQbPi=A
zS8DdMtfZkpY4@wIkkS+`)t6w_WAv~x<99mJKyfg9<GL{6?suX$*f6B7@XUn!mKy68
zO}POcvkWwL&c={1=DJ(?J^fSL`<F<^h54NoDy!sd0a7~LC&OwIKChEdPV?qy(~Gg_
z(wXo=ry1ul!&Hx|BxDnxF?Ekio*(eQrh@&4Em~YYn6HuSuX{Y+x~6Kld{ZiFdUG>O
z)U-9God6~O;*b8s2@Lm&QbA;EzI|ji2mRFY@ic~yz*Orx4nwP{(bEyNjNYP<8q20q
z%ihEG4)_o@e1M)!Q!!pijIar~VxmJ2Mq||vzG*3zzg!vb)_czWN!~WiP98>UfwuXK
zr+D=|1#lHrbJ>EVL16t``)PR@>{37bs8&21y0%Nt*>x`0?9HmO38Jy7qP3I_V3p_n
zj78<;rg3!Lj^4Rn;QZd#D7ieuyLS&HNEp%Xn*ZE+@5a^0H%sBNRguaHc8!^;va`Cu
z^O8I4Fz5aga@MXsY`UOR0BB&R?u!?cF6o}P6ZB=^?FBoq${4%P-iJ$1l6@Y;7g$oF
zT^0a!tk=IadF5FLxzI>0WDSs;F56)0&{?gmUtSR`JCwO`*Jht+sFszJXuCK4gI)5R
z?$~;sdhUMzybeI^+<{ei`G*g_30LUc!=8Q_;sxKvqdqy1D!h*AfbY_#JC8W0U#Gmm
z_h|-*>x1^kZk3HYooMl=3e)x&*@Tzw8kn5StM08DgjY_>Zm75j?{h?*3k1&XEBQo^
z)gthx-?BlMr6c$2w7*sY#Mo(V{2who(MOIrDZAG~e0?v*c`kc~-7KWRpDXwbef!UC
z6McfWwd`n>3l984xPCU+%c{E+sO59U(l@j7+gsF}_Ob=ON#6rbJp_A2189;Ry~rgI
zhy8w-1|a<OpQ3d5F~XI?p*+PbfPo`c8mv^BBtS^T_sZczswsZJ;evZ)yB8>c;3<a7
zPC;qux^3=9@+|Yq!id|`t})CTj@9h9n*V#Coq#4Y^sxs~km)F!yE}}aEDouHq(?ia
zv=WZH%84eKCMWNUGS-|a>xzGmTCk*Y$d-mF_J~AfKa)Y4j1>p-qB9-Zi-e6O1v8fU
zHzhXH6P3i0AShC%8FWW)%fFuu&paMxTmclJcf#S0CA7avT?Mg;c>6<e!W9`uL<K46
zqb$SSS`_R&bxn$7T+(Dto9TyvVJ0}D$AzZhX(8X9B8-|NJ^oq35l7WXS_icSw2}o!
zzbMtUSyS8*mYhV@?Hc7%Me8*L4W+p(xrdJ8=%KquO-icesYc9t>cH=ZFT#;zCdcRx
z+ik$nN<7BwaM7$##TGnEc3H-n&dMH^#V(auPn^U~Gz$(=#a)x@J&j2GO^$ne@jD%f
zGZqrNgo{U155JX+KQ0T0jflUtG(uX9LwSwg47dNe8V9A7kn5I!^BT3#mH-WkC(??4
z#7WeIbRdH#4QEfJ1ao5s4eHTE#A_}vGD^kwKxxpPstiNxvckt-|BU9O#`t@XBnVGF
zN1iMa;U<Ei#XB0ObVx5zPIk~1B72v7kE1#-l(H6Xt7-L%*DP6w+n=d9+2E9~?4Q5M
zt5!jQibVv_idxOsDvo<e)qy%rnj_T)#MXP1;sNrhD@yg&vf~=z@W+i02vv43j~!&=
z{VSD*1EUaT75ngz7B%V{!<~-J2}ra`e{Eq4O-|nkw<{`5w@h(UmU1qzB0j((%Sn$R
zXv-*l4f8+Bs6FK`e$7DS2-q^o6gU1eRFvtEB9`bO)vcBI87$Bbp!i0f=?zdE0|E0F
zvP@PLRXnmjTa~1iM6>GxgXF@pyM?@!;j{mREBS#^h}d&fS9y*A$)wP{JEu`r!HOHB
ziGP+EZdbGaXt_L|(zB)Jkd0C`r{_YJX<Sk#@IXgHR4`q`xWJy_eE^LRc?gX$gHgxw
z;@R_L)78JY^Q%G~v7}So$c6Ewoqpiy6VntRjWLk7I|&38P~+v1t`*#A5fHw`Xs{RN
za%=fP6|%c&eH9ckY7p2R7P8?KE|3?QC1s0S7d)jG(P(GO@;FPr(JDwMkEAoJjJc}M
zN@#d#tF1ZdwC8JC7hatv8e3ccRV(pyFVV-7&*ozK1!ZQoTJr5S6c>}uRh&K!E623G
zgdD6C#>!E87)0;LgXR|*;Q?p*nern<+62GQ*nCXCz04-T(^Q0`)DI^inLRS$#Drxi
z_v$H=0^aAErEJ>LKTVq`-5e*`I$9Gws}?RZ#Jmjn<d_3jS%Oz&O&XCPTp{XS@)IW%
zh+y`8zib0Lq9sE&!>b$^X@z-I*@P#b3dfv^r9PVx!Tnmvpi&LZY+fZ@vVy1EXjUq$
z0ujzrnLtxItX*{ejn2cmeDb6!0ii}SnWX|QF5S8oZnma!sRB2nrrA0Qlu=gg`NJD4
zCIYj<uI0zjnnhuF1#*WujESWQ9>wQcSc5eS|4=2GP?V-S_JlP9!g+nn6U)F_<tNfn
zQ1t;DG`cz{yv}`5n)AN?15?wo!jSE~Sdu$~3$dgO)L6OPD6sC`f!pLz+9;|M_{Y1+
z6c8uf(Imd!^g7(6h~KQh+pO%Y$!=p%k<yIcVydg7uVd2;72a%&2vpN)nWa#$)cI@C
z(W1fCWFM7kir?x?+wA(@(gSGSEo$*X^ubtfU1Dzy$gFecZSzTQ3eB_#%52MAX^FP+
z4S8>?#RDZG*7@szW?I|Q#_KXVKxU(@Iq#rs{PsQ0_M(pT67P0*==O@J_Sp6IN*Pcc
zen%~D$4g{ei%dsqX2*kCN9TKO$9o4VV(UNejscxc$n%a7?@B;N=a8;U*3^5a9$pt*
zXve~Nt&vyPqIc)oc<0P|S36JF&Ux1=Z}-Z1(UEt>WM+5yc=z6U_Yz{yHf_(XOwWl;
z&v{hOb!E@TdJp)$2ZEsY8(;5t-Ch`<Ubw8@QnVlc=O8!|RL{5nP4@iX@&8jC&&mIs
zn*Pi2gvj#t{x8gvnVI?PYjSe(zk62Jf3~mxTs8i0OfoYY|DR;f|K`Gf2f_Du(Ip-8
z`hwt4X=Fzn^ZP@8{F08AbSfB(#9_3a7;!2bj{Pkdi6rG*G@3}IP$4_&Ts#hBG8l`N
zaw(AmLhKQ){D0kB(nCAo3#ipwZ8V=R(5q~rUvIVF|CdeM%COnte!sU_*~+-x;|B#r
zMAyc&+aHQfs$bQ{ygwXEDw0D7VmTZKvXWv|&Jzku=Ltrk$ayuL&Xp-t%1?SVpD)!J
zjK|7(w_L8ZIh;>TdbeJ0_4*^C%KNn4?v2FJDopu+?vG}2Wl*QmZF#@1G}>%Wb#**n
z@AQMCekpW!zTThAR~k%r{~u&eg`V!u_m}(g?dcxB)w3L<)@cYREG|@t?-X2y{zx1r
zJAZ$OQ|$(0s9Wy-cMzP|6EgPk*SGKA6n7vl!_#*7zC+aQM$)yM{Fm%WwI9vK6OIAF
zX`D*>?JEZJ_qX>SjynNV-<VJnUdlB06J<G050VtcsmYUJ2TTrAH1(;~Q?%T1<1~4^
zR>{-gT+8Oepe9^;1Ha#hLI{Z2Td2GLlD9g}_B<*-&hZ(N#M0N<OCo~^#*(&-<3Y&4
zPUm+IjSH|M`b`!K(VI@<QDF3J;*tA!dRm$nN^@2QP{&;d-nN;XR1k)q;^u?%``*eD
z&9%ceBWzIOjpJdRQ?cCL-rlIn2e51|>PIMew{xTRs4R=^g=8oi|7M7t)Jk)B^~Onl
z`)wL2{Zz4OX@)XRYS{}8uPI3{Sw96`{yUFtcv!Nz?t0O-tgtPsh{S`aCaJrw3<(uC
zueOBIGLByfsWf%BzV*x==+)<>{N@7oxE*xW=Cd6_ht0emAxpKr8{JmY(a4kPCa+GU
z(TKt-Tz<7=5U@x1Ft-$*<F4&H#QU%Z37F74bRNSHGLFe|UOvnhpj>G8K;)`FHkC)3
zm-RJGc^wS|W0jLY8lxf9xa0d%u?*w*+u9F0mdY_NxGvj0Z^{i3V1vhJY95^nEc9qy
zCLPz2sB5LYXn}2F{o_~r*Y0?R2ZH}uq|GJjfH}6ZJg#1k-!D6?7YQ?@-z+uyvzn{E
z!$#i>P(C3YwW68~J7uHw)89_^tO>a2{K$oVyBWZC_yA1A3N$wUjRm*%M$U<`2K4_-
zC%L@O8)^G1^6UEZdFL;qoAu{i<y*O)Mwoe)IM6e%b)9v@{pDfVL2wf`KCBSTbEi<h
z`==cv8;7&}9rq>xPS(&PYq%GNrOpUNcX6NZd&e5_Z$E^IJQ&Uqp-)R26+)zZI0;GN
z=S~z>s)c9-m63m#?R6ncKKV!{lKr@Ab)j6H`6w<U{e(400bp{Zf*)aA19pH(bu`(6
zpQ$4Q6g;;P|BLJ?IY^^@`#)sQkwFHp+o=DO?1^_~vw%L%yEHPy(S94_7+pwkEIG`x
zb{p$CQAqSWGA!_R8yA37^cz-cL>TWbK3ukl1bcKuoaZhf*fsgh`U%CeZZ^?oz?7VE
zbX3;eIVlH;oJyj6RM~GXxj>YhT48idwZ%E5CYqeiqI^uddk)wzKu+&4I<EWVoZ5{<
z!4y_LZVaAF`zK1l95*^)%Hfhe6-~ibT0UVdFrP6uK*3%+I;mMO>j)80#5F86<(zS!
zbs}5JvphQG-hQ8bgH%LDT_!HG=92Ubo}d(XE}!<hyUzt9QT>6XnF;#&kOw12C5&A$
z6Uy?Cj}k*AN=Y*tsr*oYHAyATSuq>y{7^`QOf4xvGnbh7P=x$>#J4{>2W)>RW{N47
zwUD0ASWC{j|2X1kT%F8*Q_cKyX{88|UdTmwEE6NFP)dqiDCSWsSG2QMO_yFQm42*H
z%cfydvleCFdZ;u+uGAcsUTVmAth$<@{;4#kp48r4?dV&nyDz;AT5GQH?5fniA6xEv
zYpxCWtmFr+5jWvI)rHGd8Do#H3<)b&^EX(l*VC+ySwA);4_=sZ+N@4^0UI+e=`00l
z*XBZ>nu^3OdEt0zhufc;>tevwwiYt$P3|c<y9>t^H=v4GEa@T;a+M=A@5bKG=e8j^
z2IthujU$$4&{Q><P1l>ah?+)x2%agI&G_b(*K@}X@--o`jFjp(2%-Q_K(N1_t^@b5
zjLqVoG|e}J)jo3g25(au%}<kze$P4v;H}mk2(SZHX~*VycVU+e-3<>K-4+b*OW%)J
zN6k?k1;3o<-s|S$5O!NCl+x6|XICNzUft2z7_P39NqhJF@x7Cl|B^kKqb=z6@#bHK
zaL64A5Tgx=-d~38d>BK0vkajT0VB4iOo`rA#?Ue^ql&Q&$)&Oq2(X;V*bL70%kR6S
zrCj5NSa*^0QKn=%Kl?0DT)>H}K8Bw#E0f<s8?!!nk2&XGr`)GpvTi$%?ay#x<<)O9
zTE};YP_@Uy<=K*Ad=8#y(#PUsn~Eqm^=P47`^hOVyxeRyfAny+8OYxQ*}JAUBi{yy
z1lVIW?Do|g-xh0P*{dw*Z8W}Cdxg~RO5>s}#nEy57m<$(T#ye~RNhub<XalXt*!1e
zG)Alh*n#=kmP)lAli@)3l73lBj_22PHyF;`ez_~BOr7aN@n_Ir^_BY8T8#WqO93GJ
zM1)c^HrAf4>(TDo?EQTk0`-L_)6U30k!K-Wy!oF{=OrVo$3&@qeY%a@d8Eq69@aG1
z5NFM;R*%m3Lw9Qz_!pt&IfvuH+tH)F5RpS*$HyU49QQBysViBQx=nTkkE!MA`<(la
zW3FewOknr@wBJS+y#r_>b?Tvnw=4d87(<!NhEuFg*O_Kd`%>f7V>RvbiKM~n{IL8}
zL#A&m8@AW%a?Mi<`sSrb9Pj$Jya%XXuh&rUe|k%tENA-H?K@BkFMaskH{pUGQTJER
z|Esqo@owj){R~>~y7QRkJL2?zozel{XAE-(_6fhuWr8VZr9NHNYu}a{!H+d@{1+CC
z?`!kmr<Un1=PIAKt@mzPexz>H5QUFj{GOK)!S1`H>5s!wvxlCz?uXKX_p^QQ+tRea
zQ!BXk^UCGxeGB#L5g_<^muWyfsnB!3I1PU6==r?y@A=qA#XiaX0>8jUzC5FX!S`QZ
zVC(=0u7Gcv0c#R|uc-mA68`tg0Z1<aC^&&XxB`D_20oPr;Ar}NZwrK32_$$4B*F>$
z%@st_=A9HKiklWRFA+$m8A$&U#DMdciR&-3XCRH|-(ra%9?c-$mA`y1e+6)Y|4<RY
zh5r?Q!DLGdW@!tSUI~_c36>wh;qVMrO~VxS3=s(r(M}7|Z41$-A{5gMF}B21f(tR%
z47KzOwN48~;tJtcqJj+|RTH9;F`^QM3^Pf?FlY<YTM6@d3G>4V*TD&OpbB&43IjXi
zgmET@3kijVrG<(2h1zgMBx*(^dqx1^aP8aB<3_?Yb|XY?!(-qg<0UcL(1h?kscJN+
zCP~9rG?>czBP;&#H0DRv;Lw&PdAGoYcX~$E2!-<nhV@ZJyTgSIorDj1MkkX*W?6=h
ztVD-dh85#r_(Rf%DU*=TaSp*kSkH0>-3tfZ$BYiguocC4I>lHjQCSJa`Vq(a_Qjrs
z#UA0{-kikTgh#xjMNEf@-eW{&pF}&gMNe|YLrPIYO2xyLhYQ}ueM^s@m5iKU!Ecg`
zTGF7-ONeSJjqJb)z)DX52_?{z(h`CqwZanynG-2aqq^D>OCX~|;NoFN!O^G@@hIux
zvv3$+lJTtR@$)C>!GW=>TwI|)xz1Mjo;9&V(qopnl0yrU<*DN;3zF~Cl3CDW&pcC>
zza?vq#z=uu>}FG{aOlNWldCOLv;aVHP^=1W@=6*|7B@v40F=Q68jhwMNdir&Q_KKV
zRc$o()TstisX?Qu`VlFjtI4YAagp$WnJ<aZfM|jGq=L4j8Lr6wvLvR_XnrfvUjQCo
zcqTk8Y7%a$YV@dF$P6sp3~dpf{D_PqsSG?RybA89QtAvfDBAi}mWK3<rq#?wtBh{$
z#5$|Y;@9+I?x-?A=9m^<Idw*DL?+>C*7RvcpH}8lL>9OqqZZ7P-9()@t_9oxWP@=2
zb7xf5e8wgy3pAQ|p%uVT9?yIl!IGXHEtw8&m7bQK%Lhv5y-ix<N>#H;y@1QxgiBcx
zj@`D*gB$|}bH|-profKnwY(-9ThSwW<wN7;|NWc%Wfem-mjAmV|0iC-X&LYlF7Jt}
zfTAM*M|(akUO_N!8q-=n8D6YkVIKV$5IYhmgbRFoDV$nPV_l6vDbG!UkLQ3-;MPid
z8_ne<PRJ?G@r%fIib!ZE<Li3OSWM3u1SM3f<P30U?Tls_(&YRD72|U!Y@cQiTjkhT
z7gthe+m2-z@s!R*lvrqIj)B;%-b&g$v#KRaCb^TrT3$IG(rJ1brI(<x_2-=Nv?8R}
z#3`s4rqPJP@aQy}n7NapPc0nn*ZixIe0KnLu2w#KWL}w9-rh+eT}H*CaNhSZER)j;
zZt3J|nnG*t!giX1x^`g8S|w#gMH5d|D*|?CdOm7<<=9y=19~B6M&+P2kn$`qN~`*8
zIjsjaAxqk~JHNyLFS|XWtdu%)yMld5Dr=!U!{RL)8&KwaR;q2yer5fC0Y3VsOaXlW
zfI~~|{nK-<&ldprW+&M(cI;%wwv8Rzwr$(CZQFWd+qP}<&3u1zrl#slo&Vs>y6CRz
z>ZiJIdUdax=TrKCUGCGFV~w5Lu2Fu6O<k%`=4_dH$yKN3S@z>uTYa9T15@s_QLCy{
zySbiIA5qpB!3A5Dh)ErM>){#OUZcr~>8_C;WD!@8nHFJ@52sv`hgGR~4ivEHsP=u#
z&&y0_hDi?dNH2#;ue&HB1XOBLR&!o7(tZ|rYBV!RHG*9<!I4xGZ7>;T<X1;F&J;Dm
zXEqCXwr~a4l#)l|d!a>VVk-gsDBoK~kXo_0Yj@3BjRCDOo`JjzE%uj5D<83X=ic5C
zE$I$%ViloofEbskHm6N*O`JB~@m2tI)DC%+S(Z<=V{7DOyH-<sVpIr@R68$pdpb^g
zW>!Zwpu>l;Jry=0l)IytyR%fQvz*#11*bE9t)up`qYej99~GBB*=gwB*`C$enFZ*I
z>a4N?7*YTRxB-J&T|=AxEwEi;Yk(;LU}m#xjyt%ws!PngYX#`lwVKtvb}2M2)y<CC
zz4zI5fYWot?Q5&Wyfc}%0qEJB?77+O@tE&E&k8u!>OJ)8eaY(W*-uQ`@Y3e)6}ayK
zh3f^=?#rbvmbmcBgzn=l=tYR`{qxoLaaj(1)w?m#2a(+m-qnu{*AC^KkyTky<dm18
znUQf34SUs%jN4DsH9)sDP$<|x$Wa`sUd&z*o)}R9<}nCojfXeYFYq-eBn|j-*AikJ
zVD`>S=@`Vz8cf5=!;tQ#=NV>@9#;JdV#3XUmxyMuj+eDAro8I@$1@_RJz^{!K%gBC
zH9q_VJtBu&!8?_q!ZWI-J?iY;tMN4gft6%CRm{U#3}k`sGqWBE<{1mU^37_mNRAvL
z)UF_!ivPwLEu+Ye`@}Zl4vzeY1W6w!q4dhejY^wpH=N9#M4A|6Y%RrY*b8g-;pleA
z_V;&4Ui!dn>hf;!ZlSqsrbwPl?VlvAoV+n>;udaB5}a~rXbUHtYK)#@3(jYt=&kei
z&5@|BPMg>=o4&3nU)!o_dmXRj@!y2QgZ{)l+```J!m*c}*l?S{J)4;K_G{QmMW3jq
zuA21aOs9{GnSg7Nkg6sePm!x=s_aZ_J&&oYELtfqqUD~G^J+q$X#Ae4rsk>=u9^bl
zEkK}c^sJgg&1nii$#+}NFVw7Nl58BAn7u3q783KO3cb%Qay8L?7gk3mQ^hpTSfn;i
z%-=v&ab3?#Z$?T%P2ckP5Ja>BnP&F5GT$s~*VmWE-|3OE>cwqpe_JgbPc5NcX1_(|
z{z#W}MYQT&*GY9R8%!@L!Y}LFtYB2kcxA3Abgzik<m|(&?n$nw%ZyuIub@e-wnZ#E
z+brvDugYF8bx|&?YpkME=LU7JdTM6RTCC{hlu7z52f;@r<Se^guc~|ZXfZ7<<6weu
z%@WYg&PZ?gS<O90PZ4gXamp<AX>Yu2ZIpgb{$wo3;%qd~&Ngmul*?>NpEDK3Y<A}?
zJY#OPZg2K%r22AhPWUwATyK=eY;FV1w`zH}S9~^GYqol6H=uJi7kD>1WVZddH@CO9
zD)2A{WSZuEwnj3y?KOf#w7GI^f<?MlygXMtdCLuWm-VIA&v{locvlc%GlRQx(|y){
z;n!clO?*zTEJ;s<Z}0tdMt#Msv)5p|eD7k>tyBr_`TOie#O&?TtVZGOJ9MuR>F!^`
ztcKaFW9F_CA?z{E?3;Y=1?DU}TjplU1m5uME?~@#M{e!Qq+LyKFK_SkWgi{MY?4-P
z5JqgzeNUdyZi{$quj_2rUst)U?<m_ImBH^E<86R+w++y4n)n{iGaaeto}Bs|>Fu0I
z`EFnG9t~8VIPvY6AuR30>;Od&w(NW6b#6|gv38pd4ms3!(Y0pq`3@mv_t0dg;b(S#
zA7&g@?mcUk|JpgL)IMa&UB~e~V7fW`F+8A+UA4>Eb%amM0`3>fo)hns`pJ}d*DOcp
z95mFPr}!>40MEd5*ZpiR+ItQx;IEMRF8dJ<is`zu@rFZfeV5If@HLN-;L~1l=RI}v
z@hq>AsPZv%wnn{=rKIL2ni`!dHsm?Ekl~k_s4%MVj@UKlbUm*3x96CAZiuhv068}r
z5j!*EbGLL&+q!eF2<h;sb1J|p@VNAA*&D}<yCTWkSKS5hn$u<5g-*Nxq3x^Ewi!aY
z@O|xRT!fkZ$(iyfU}D7Py{k5MU%5L$NYKFPHN)5xkMia<`6IaZWG?KZFYHc8HkR$1
zPFT-GN>|XoUB3jtxUS}KwRLCkg`Z5`L*=jNe0E#9-N!KRXVtvt``5=Ev?uwWXE(SP
z!`|LW1XP+j1(mpG%erUl-k0F}#}yN67gR^q<7WfESEIaF_qwaP#dW>}8=FvR-4Q9Z
z6(@_`m+;${h~BqAsWabQlvgs-=wjzn<5y3=cdxj2wXO#nQOlxMt4vcv1jr8zQNz++
zD?gXF$lj0W-H))T=k1mEhFx<J2<tvF(+0cGc6#eL<M)i8&rHOxf!-j+T~mKO)4WiL
z@;HM`7SkeNs>Pg~S>^4=((K2I-uE@gCq>z3m)>Xl?RUq|cPpYq55d<7|JND+OE#kA
z<n6n4s^R9#*B$>4mg<jEo7$q^_eb3KCt~pificKE0*JpGC^R~*`X9pnAQ*VMV2(Te
zfiMJG-Jx`aLjV{auP->3;*oeFsaWS=n4*bfDz#2)@Vla^bSAUS%8-YWnQSh%&kOj6
zlDT~0zZi58Ph|_mQmGuakPl@`<w~Wp5pI9vUm(?Q8#ZVbcYk>TZucaT&DjVwnr(j7
z+rVPbi8LF-Zm?GUxz+9Vx&1gcSNw1Jz;1loFm(sRktjU&&@XjI<B23%wGnR(C)1fM
zUN<1bw}!L%LXk|GsE?+L<w})KTj;l@tM!IXuj6ziqV-rzH)E&Gnbw>A0R}9AnC_aT
z%KtCfGtF>0a`VzQ-gx?yHxK{Yv-J|XGHh1Y*Zbq~I!Pv1&u?t~+u{@Qj{g@JiM;?A
ztni({ZxmyDK}ejhsn(jlMR@=E$j2I5IQAp^qHn&XS-_1bYJ)Jc91Eies+w|x2)f=@
z>;N<(=B&`p!w0n(uG^8+D82{yl^9_V$%0sjfbatc6oK*oezp|+AVFDF>?lcHHPk2w
z?Ep(JLEj6`EX~O4*dUEL%fc+fvZ~x9!?x@ENP#sB0NO}%-wrX$#nm1$OYwh#KgkJ#
zkvhx&gN=zF**sZlQV=7Mp_AnxPia<^q;FwSl4f^tn4u;7pX|wvEJNfC!r}5)SPCbc
zHA0B_Szbe}#6?xhYWP`orq$S4S<kP<sXRa)n@vT=M^UB1*aO>j-H0>fMZ=<~#C0Q&
zM<tm@zwOwycUD;jZrQbOI;BsQo>*<waoNO8$89sjjZN2Su~p0KmQ_OCEJg>N){W$&
zO+#7jp^elZQM5&0X_JX<Iar03O}`nAPW>Q&yp@AA7!N|A#HXf)%{X2Rz2oTitfWcT
zTg_BMVb<{ZLM8kcRGO*11)oZT)2zwWiM<lArsL$lPdd*+Y|z<tiV|WuEy}WNu`ROQ
zMmTk=c85PKYnoo{cIdPqypD^cNn4G4>3!7?{LF~5NCUXp0M^ZvEABV`m$n>+UAJ_t
zc1_=On??W`vTWl)Sg|kr<oX&$>(Ogg+LbH<1kaNK!Yr)EF#6f9v-~t**YdbauBPR9
z9zKRktjCF`)v8w5x63-lW9PuA9i*yy+t10j?QYUH=3BryaNE`_WEbZ>T1QCtw(s%A
z=XR(}E!*?5$}Q=hOGN0h=*9u^XV6Z8Am?JPif_t$Vb+ZQdtnoUm-%s=wAc653+V0o
zZFK7A_w!kuGr>cIbPG@74GD*&0Ay2RpLCG6Um#Z3N@wTT1DOgy6UMYpFJpr!lyN7(
z)g9(@<wZ8E3npjTmv1KTi~VEo4<W1%2fNq{@$1x&y_gWeCH)_ME3rS@!Okyz^8&(7
z`Ea@~U1WHuL1I_A2x0I-IKkurB=|UWiXkGjmUI!iN{bK$aA;I5cVVVPhj0^AV(hf^
z5!Ti@QE>1g)aS*2;EdK`ZpFm-&*`HA-|-~YEQdG+P{PFM^D$v8#e|a-qa-%-2|B??
z#H3gfmp=D#wy4G^31dStR7eRK&Xa^#86<o+^T{Q`$CN4=to*UU@%hn4D0=B5ppgqn
z2GPe9#3JJoFNtZrPbLhrKw}BDp1UM4R3f4{PEl4el(aGJ|86D`QgG$P%+>0XU#cC`
z%C1RSyU{w-{{n@j5gt-bvq`xa)n#2Jo%qQ%U?2cQ(w?A;xz9tVrQsg*d+m#|Qig;v
z%@tUCT@XHdUsz@c7c!wl%?0~Y=xNqr^b98pc}hG9AhaxU`Ra_ejPK@rysapw$0WtC
z!WH65ouxhxk6sw?C<2G(0^V?_EU-1v?fBSOITN=g+`lXTg=kVc3@nwCk5eF-d4R+w
zDjR_Z=|TmJww2-68N%V7Lvg0JZim>r2p?K*4#BWzsM`lPYE?)sXRe^MJeAvRqp%L2
z4P+*o8VW^e2sx1fn_s&v>r}WY^p)6KhCx&vJ$3#XMzGNh1EpQwCf8>c*w+hG*~-&O
z6czSi)Z8;s!evZWl(yM6T3q6*i(@u-#if#>Vo=H89xW{jE;bfM*jj*+*HYF0RjZQm
zHCDfG><SK7rtwuu)4#-Z*n^b%Z<aeeO{$%eAl66nOB%wVX^g!x)viQW0l^`)&Uk~&
zcYGL4r!Cf=V8!bP*ey+SPf+G|jhoaf>}?QP*FKyaT00kREzj3=wtACVplzzn&Ab&>
z@HATc5Uc(0p)d}cUh{{s!X50xTW)yNJGrTDopBbmvTarSf0SGcj=t~agum2QMA(ND
zN@)JuhAt30FSHxwg`DTG!3h6Vy@z#PAHoMx^$%OT0g5y1e0()qldpYHQH*+T@sxfu
zlSbuJ$X!rNwn?Tq=IDa<g8p7e50X~JAgkzO^m26zj-N)FmMfLbYO@y2V8*2D$YWI3
zm8ocLM!qjAYCgv0DGNsC97wcz-COn{H#^sCoU3!OTH~q6<lS88$WsYxj>S|nXO1{g
zG14=b*Z_k<X1r)iu}aPbq>^Ux-^jv>$0G6mF|KH+E$3R!8Y|t!wZ)O(XJ-B(33?4w
z>uOz>#)NKb@lMSctKe3$ZgOk#0i=zB+VU1&97&5X#QZhzHW@G88=bVQtp`b#3Cn3w
zO<*HV&!qJsriG5UD>ds*GlZVmu>`T{tJeC@%WI4L3uRKeXVQ!|)j&XuHuC|~%3JJ7
zH?v0{Ow`dpYJi6I#FtF=#nsjcgonJJjg(s$cFbXL2~%2!vIfr9_WaPc*XX#iubc9+
z3t8?o7=nGS-TY)kHb=LO#DnQX;u%!j>j0RCv)v@xF=&fb2Y2rNap=|sft*QJ0MJr4
z5P1z*ubrsvMmi0{Ct}}=zSW{u;P2;jkaSPsPVANn1-bgT{iAs@ZKzu#7gm+~Ak+FA
z9S7ic>yCHzw2$~h%yYLfyU>@iP3K0q2<JOu%a`>g7RRPst-GFAi!lP_(jbl-xMEgv
zsxI^!_H0>7b<o2{?>yth^VabDqRq^tvv<TyYm(ub{+n@AJ&JLD1HBKHuFLY5^qVOq
zX7QH@@SYr9>r3@#LQ~{xzvYL_jG*O}vAVvTzE*w$9NjeSv&z*7?qhM4ud9H+Vf0^~
z?~P(w$6Z<N^>dupYRuMWVJcCEQhUoMG#7FG&IHwI65mHB{Y4TpI8Pr~6%{yl&o3=L
zSmhq5tseNP9*OfFNwB=gLqrE+eiX27%zwRzPK@Jyy&wMs?>)PbiU{r+v5*I=E)HtX
zD+Mu*dcPk9b?*89OtnQnG!RvD=FH{yW&tj}vbq;*{!&*IaaNHr_f;nXsRq3MLO26L
z*Xt0D`si`VhOKZ3mr58=;9NMH1PGf5j0f?BoBomvjvBPY4RoMFR}4H3@PPj__~_$+
z%hCl<^Nn)|It{Y12nPrL<L6=HH6G%%9un({;8PY(<s6cv8Io!qnie0DK*bS%5*7m&
z5lt4B?Mjm#8d72zR(>Mf&Z1D{$(IivmP;Pa!4XkAO0@%Pvmz2yITBHR8g^M1);dD>
zsmkBW8a9d^HijF#`^z!H4bV^m+@grWI&r~n4rgZyJ{h6mC-$pI4t}q5pkEE^eznwc
zBP79+Siljfq4rrYi~c&Sqs74;>>oVs=;NpmqZ1zSLFF*j=1~JymOCBc8&Pv;q4xj7
z?j0Ya6SAsZhZe(ytJCrrd&U{nGlrM@>>*z$Hm_oHzG$8NY^Ik2lz5Jwa@TKS^AIZ0
zb`bYa;nY(YN%TA6r&#kfEr`)nS8_Ftr&n`RM$_zcG;RwD9QSiaYDjQhrPXPsmlp#1
zI4kNWXbBHTdA6E%PykKLqav2X^~~G?AC1#EB#IrP4$8b}TY~diGz&rEk6hKrO5I;Y
z-RsOW_}1MIjlF{h3?CUZUD^CI7J?%W)J;c|-Ahu7UW~(@)y+$SP0iveLu2Zl6Pkvd
z#nk!vL8O5^mAlM^iQY_5!8OZF42Ma5GvG3C%Jr!<48WzzJ}>3zdF6?f=uwDZ8R*36
zW$V84py{8=X%J>wsNkOU;>HS|uFBx4*0HW?meEu%&T%EN!%ES69H}V|sgFTHH0FNX
z;<5gV5nQ;b%PC6C&&g0{f>mbvSEtFFi`r1-NsQ>p5zR5QVy-WR*~`M&4{o{FsxboZ
zsQ~ZJ`mFYnPp(N^@u@C~U*N<u-V&EyJv~Z&ps=}+(lQq))Jd9Ii<LDCUoyL2bxUxv
zV99eyS5t7P)3DQXWzzDS-U2_GGCS4sCeFf=%p5g5vR<FFUY8RSN>u68wL#LgXCzX$
z(Yz}LQxC>+R||sAQL`vf-EBORuiA2-QG&N!K!S3OepKTIXG%Qk7Qrj;$>##afkwqL
z2SpOJ*^#H=1m+o6&kARjnONzvDw@I*XL=%<0etR(e1VC!!MSCL@v6iupM5Iwry9B`
zd7`F9ZkqDeexZuwaqeKMbZbf90;X`n#x^76-lQghltyadCBBdWZ|8aAs$q*KG-j3v
z*LP9p^JwK~(I;>*wP`u#Wn@)23dP|xlcImE{|4NHi>ZWh_28HFhhr65mgNcC1hiF3
zD0`!&NCk~lYaCQfVwNpx;5A9-45#t-msAaoRq2RSt$k1}(bP0Z)e@Ri?cuX*RaR|G
z)TlmGotKjwQdS*HR;#(y+)XlEmRDVY$7+clYTn%_+Ec^Um8*d{t3lmkUccA82u1e<
z=6pide78sabkrI5=XviHatoK1<ok0X`QH;(er1SLBxHmOuO*?y>sPPwSct{Dt3%@9
z$dhJs1^>-S(kN)x$j;X=_V}wCvzAu^6RERK-=W?R-FZb)u9(TCKFr|6SpK8GT*A6m
zA@e5%Z$n>#D$!jd=L*Nix(B3*3f42X_IMm-8c;q|lex6`UARQPxFp&#kk>3m#Us%T
zi=Qsd&`{F@kF3@Gd!zR^Oo0psNSCIib-cf%c)ZL)zcgO{x$K6Q;D`+GMKU&p&(^!P
zVtN1M3*6NFFKH%|sZp0@CR!yR)wd#r$odi~d=+hkI`vk+`FfoDdajSmr()l>aUaBU
zejVw2_p$ue@U$1|Jg*J|LQLP;rw-J&{Js&+o{DnB?=9czcvG5IH!qz;ijA2=^-f{M
z4_LWe(1q6|#rtciPie(F8@WfH+V||O+mQbGkje3s8M<M)%9h<{#Wi}5q6wZ(PwJJm
zm^$tp`rowkn<Djz4^vyx`U}<ye^__WmURwN`VjHv_m}6;o|m_5WFUig5cshCaQ`uk
zE0_{-8&i=W=Z;*-X#e@tZKKh^)YfE-S%5Fn1F-0<R`o9f`tMZq-mdn^w(ALV_}_!K
zh+c59zqIj{w@FLkR%n4^7Di-3Li<+F|M04m@KN-0RG6wem78+-Cb0-x@VX?s0kqN6
zgoB$j-n1LmLZr@2nOm6cq=!%g5+qsUHJKS)FMGVHJ6O;LNIfkSp{3S?s!Fubt{Q^^
zT9cn9#$>wi<hI)abOwUCoLVAmagr!v$A>bpy4ioUCCK)_Q%G0w1cF%DFPWHWY#7CC
zk5pHNzG&Hwz1xi~d91IGv`&t+eIw<1cE0qF^<0njM|QClnspJ-v_(yIR8RP1v8dQi
z(veThAx<np;l+JV+%!+DWlwBEp>=yq2l7wsQ%@XxO$=4r>_Sm(Rn2T>OzlL?lKz~!
zlbw2$;;H+Z@c=bWy-iPLT~EE(v^^orJxWcjUd#sOPJ?z%5pGTcA)o^g&cYx}15MAo
zCCr0c&0TfQBFNCfPt3zqbs|>Gi#yK}YR@9j2CpTMr*K%EpU+}lErNfaQ|=&g<_IUY
zo+rkN=#m|$K&+;|oTt&PrK@tZ7;$K(9u%62WvgCf&73FIE+73hp-jDC&OB079m*TA
z%y*Uc!fzcb;*rcfVv(^d)xBth_?M$A_J(|1Pq$L-YE{FhRGWL=jBwmpdtpIx*~Mlx
z^zTx#^jHx6xW)CPP8fd684c+&Ti~)@#T0EYaRW#w9PMS@?rY`De7X(BT6NV~VahR3
zb6%Lv1k?%1J?>Y^rWFvDiQEM3%JzxOi9xucrbbw~To;XuMjuPTBUrN1oK}cQ5Ybf6
zu-?v9q=B|gpuL%`vYv4LQ;>U^vYd9ZE!4)bL}|UWef>AS()J2M^3Q?cWvY-|O#W}h
zbO@N+>sT8BR;HfK?XKtX`%vYL&|6#Ai++5R*&7Q074x%(Br3q56bbLsVhe<Qfj&iW
z!eQ$pL276w?<GqSY}Jm`CJzPmZZ4p^Oo0FzaRF{N@95-?EcG&8H1Txg=4hO|;Antn
z<)$G9p9}w*l`a<@G8?5VAMR?s(EFaS>fVE80vfbxUNu*|`<@`~me34(Gxuz3MO_&k
zxX^)m_oGWNE5o#dU~h7r{nJBDp=Lje#WFo_KX<<X+e=W=;Mf;jGqt@BDQ0qfb2qPV
z`{x!4>GYl>Ef@0?r&!s+3%7^c?f%4L;>_c=KExIo<B0>~0o}}ji{Ocs4IhvEL39+7
z*z8PE<KM%^-P`>ZSe-p6K{Ke@)PUpNx)Gzyk257f9UbK31n0BVsQogQ%aiwA|3dAd
z>Z3;8>7=a)`%hvz9(7yOBTVPtu9Wf1SQ`WOiRtmbw<k{LJMs%%R3`k+y{xocS`N`z
zhYvs{G{4(!*QYf9r$EyKOkF2Uw?Q_y$6lLF-d$IlpEldq(<Pska->)LU4BO(<h^s7
zo69V@Yp<C{+^g>{izni_7lymHUF-YGE{BNarAP;E$?f#PYuM}S1oA~rtEG#uSV&!S
zz^Z$oUvW>WMd!=qFKhRrz_-M>x13CO3j7P^#)-d`$HBAGv1#uyvu;6<N4=t4D7seT
zxSgFl?`;E_0calu<R69XA4Osx#cH0#ZW&2#p88+*xu$RI(;oh~#+3vfyC@m%1NpVD
zA9awQ^%$QG<e!ac6q$J*sf`}rv<8uNA5xVU855q7o0(-0tM2YkU8A4ft6p4;@4XnP
zC%K+&{FW(ZR;X-WZP-|VQPt`{(O80?V`T_#WZo#M?uJ&M**_kq&KSTEdezNzIDX%c
z`PmdUH!ob9ci9EWV7t2EyibYZ_$>dg=Cm(a4KMB2#QeMpa$WaN(O6&4Z^mCfQ-6H=
z*nMe!xyQJEYcaQK!}zvCX044ztk?N$=pp&|nQfc-0$Z$x>ON3Lya#vnydQlS8sKr5
zP7l?7rXoGJc1f)&(vbKr@^*bZz^>Z-*nh=%@kV?L=Im^NK)JnvBjcLa{~ZW|L1EH9
zt0x=^Lnc<tHg6yriNa=f+&XI@9*ZOTmxyc8Xw(G;iUcAaQHM7P#$>ioZShDplg;J!
zaCQDjK9|q0his$vR6buUo<?Oe@l-LN&iqR{MWTglxr*hN{WZ|?xlg6WpvrRF65V>a
z&U_i>_XU&1YAMaGP|f92?RJ;@>&5ltYu#?2KO`)j^jrP@P&fv)?UeiNW(U>1gpJiZ
z)5%mO`y<WyyRk{V&ah*SCidlYwW?T?icQni+DcWo<4guJp?`29|0CZyfc<WFAP9xP
zwu|H8Z~|qgbnBsSa;~LJsm`{$=J3k@UzATx>y_qG!))R2Sy!9a+f|2!ZE6kfuhIL{
z$vU~8p6{=>*UQ^kmIo*5j5hp$-`M3Ej?k(QxmIU682FZrf*gCn$XsvvF4H2-n~r#7
zXN2Jdk(fjg#F^@aV$<D_C?SyllReq)A$J3j7SQpnfkh?kTAG-->^rgS$ZPmY)H7!U
ziDFb4BuP?S>m<o?pyh^9jG7+Dp5&n9c&WUu78#+)4&|hg#+e#qnP!z4WLXq4twd>h
z6P%|ea%AY_sVWN<C<$&@Sfu%`5M1T?A;_NP1%Wc}rMX^Q9~3fHiNWN>DI2JWpc$5(
z=cT_|-z$pqBeAI}iZZd0Qb062sj4D~L@BFMFF2}Veg1n86m}eRR@HW6cb5A%z+9SF
z;1d2pY#gTo&@@eRebO|~OLEh;ENf<684u@n*0gRre%7?1mB8RdEqSo+)SvGRS?OGK
z!lD9tCUEGxA2+n>bo;p2@homXw3OQSU~n0L{a`rS3<HqV+6(RTtT3q7Ka$dPJ+GSD
zj3XFU*^Hw&Ue)P6^)Re|Elwj_mn}3xTsDT5NxvQj7zcTprdSufn<U`VChcMy=OK<_
z&RVs#Mn(L*o988nyPFqee$XBUiObksG`Unco?JMrY?xQIytY}_^y12!#?psHTRe|y
zLS0;B0n;p7c9VGQ+fIv+ti5I_TSapuO}sg42C(=X`$0ImZ!5-P*C>-_UTLl#o<B0q
z+bNqioF{2kxtymz36lovf1+9&Cr(pe9?xT%csK*Y0I_eE4TF4uD-tT8;ZXHt2j^|h
z=MMK>FDwDU4&6zuS6VZ*-si(K^AGUrq3w{4<UtL>@B6<r+}r&!fT73x#>vUg_jH`(
z*Ygf4MZovT>hR<HdN)bH|K00*V{vx<6T|m&{`%AV1B#jbd|v1C$gTg49Nzbv>W*=j
z`tK(Qh2Sqm`#|*SzkE<of_IGdLGVw1q4>pnA#LkDF?a|e6v_us17(6pmvo?vD1@*U
z>_er9_hB{K2Jjl=!}zWW%C*x6dzb6O*;t5><2WdA5fW_py@~!5Pz+PRh=t4GY9cq4
z3)4C}M1>g;O~|s-T;#xcEAbGc&6kg`U=KxFc^#Udo3TAsBZTT+5#isKkMf*c`YKOI
z;2o!Df-NifS@DqIAXSV#bO0OTi*R%<Oj&UjQlt|TXmsY3M~KB`W8=KOipl>~h%uzz
zvl>ckU@5gWwp1jFl}nMH>w7SXNmi49*o&*JB~Jz)J){orN18bX#pz-Prx*3Zi-<B$
zB{&b`X$vATpioYW3{)qeYT{98QBG>qHYS(OAF*jkOs1lRQoA#jCCyc!I#()j&$3L=
zB7%Xq&p4$&8=vxCuA}-89p}7gPce&uk@|d~BtxK?jEGB23RpH3R5?>jw7-jn$2u93
zSeyvuT9C!y2N(6gB``1+D#RfK7tef|3l>J;B-1q!Q;{M`Rd7ycpigCT7?`sY!bmM=
zgr;zQSFlGw&AFl`165C=qnIK*m)ti{@-CJVlpH%|+Pj1^y5T5P>pGV_6kT$J6E4(X
zKW0l9Tq;kCFI3JuR9a>#D{Qwdd1^jpiiuJxu6ZbQkzgnkJ)5$S;LXm}GctW8Q0w`g
z6=+2qrBY&@8wjUmjHF<st8<rfK{Kl9IWraGU{IP;zpYtf*4IZ(Q_~1tE=?6G*JDSV
zThj2Zt?)iI1Le`1>wT<@skt||*qGZ`zH6kT4o4&unS|o6u*l=0#_h0O5+~rT$-}r*
zy%&<oKZ|epqp;ORRnw}Swr|w;L3K;ej{ycDX8e;ED-|0ld8WJ*I#pb{kBM!aPu+E%
zDVcKjvTnV={bg$Z#}5&Hrb@QpZ|E9N#d-L^;+oEwD>2?r{dIIDF_hGBRj<i~xgFQm
zyck+KIoN|G$=0G~8yjhxO9O;F^<g^SieOH!eJrrHk$#mKd#u&`-~2OD{-`97NQ*l+
zT+dzKEp{5ikvermSUoqxb{?bDdao0&RigM0ehptcm#Q5-PuI6fr%}hGMk!-JG<*NW
zFBVWpYUYe1MpgAe6iz)xE$np$V`dzKh19o!f^YlW&#4V$=9hlzoBGIi>kahTwYF#(
z#%Mk7O|dp*LK=wXTxc7O9aGIVHsDjtzr;hX-YR-f8!9!IrDMuPn6_(pC&e1L6{X9x
z?q;B&mD{|Rtj6bJ!=}xDDVE!+c?GRf^!mABSV~Q=>;s_jO`lm*V>)=3vUCgcEG*1(
zw%7F}Tr<MfF8E!epvA4Tcw*-}8AU>ccrm`<``VGCdhJ+7y+tBRX5U;x3LCY#^BtRk
zcAmYJ6`K_O)GFPzUvn4CoGk$}OcqBCa~kA!vJ32KA7<ub6Rn8c<Frg33XpcdqU}0@
z=kFL#8$0pYW=Y|$G1k}Pv=4~eBE#(M7;%bqQg-<A^>_BTK(JaHfWQ-Cb<>+rsC_DC
z#xtfaL*-zll+B-TydbK3oN=jru0HHa$fDs|tMHXj(d~|q;`dry%(V~k<-M@Y1D^ep
zV7qs8^0{=a<8JLnc&&`$y)h0roKJ{->96X(D+E8B&6YBg;9GSzrvLnN@B2C~g`aSQ
z@Kpp==P~Hi6ZJUqRYWECJ|Bf2nFh(5!&dh()6^51C&rs2Dfh8Hi62rH_MN6$_qp<z
z8&Eg;on|Tbxewdx*9O`1>{<7<&8!#PD+Wx7l=DUv?6q0AoxZR7DLirdVVH{$gBU~v
z-beL*9r5?RFUA3%t9rk${CYnR5r5vx@<_MKUKR=KzG-BBKK^nE@Q4#gz3rMA?*g&L
zzG(@P1x9by^FZmwAMy4A{^<X>K!L#I_o(FCKW7h$>!0xch3bR>3*FNLa_ED8h=6<k
z4Uqo}t2y)=W|WRH)e38rQANGL23*u<1jI7`+J0}Qd@nouFErN(6j`XwZ_&<ovBck5
zF0_mKf0TXG_x=b;z<?IG#6y=E6M_ne!3xd8ZX}kh>ocye7^<W*>#Shr?whx$N~S2|
z<Py@A6yT-~A-EbuzUc$i2?J=LrEqchaQjdp)RFig0GtIVGby#(N@;@o&Kg)r{TLdI
zzljG#P{|7Zc*YKXCE!C4WXeZMg)ddx2e+1_Tci+%zi)`dqZ=ncGe#KpxNO=R{}n#U
z7xpfYh(9nYD4=sq#d$FdekQ_&D1y&bg@++#ib$vN6vlhdcf{NSk}1w43_+`W74YyL
z=uv18@)2?CWavm2s*6OVx)hNr8nPoOv#KuZ!4>MG9w4z9pp2;0_Y-qr7gk>X22dW<
zR;+SdgrMpkWSSTT@Diu$6XGchlkcocL>p4|5Hf-u{$nArx!%M%&=-j}#3U1EVha|5
z38oDl3jIY)e^V&_VTgTl@Q;Z^GM7XcW|V28pnb0Z2yL8$D=B>i&wBBjuaLMAZ(oU0
zOIhSVZsU+IXSs@&h=)r{z7&IhdLy}F*^`%)Q&)|zz_5mPkxkM>MU+&joY<(Dn0Mxo
zd*;wPp-Anbs1wUj9j1hsOOzjiC{ejUx^*UEiNqPtSmXrwS2V*=DrQL>`!Fn{Ai_Xh
z)Q1EcXvlDqA@O0-mQidFYFu(|VxeQKKVV>#yJp!?@bAKq7UD0QZmGm|iK%R=iRekV
z1~x5vQP6ln<+;8nQ;{8qk+vZOfnlQR))5NRK1pN=vFtH>Ew&${0e?<PBc6)l1hE#W
zLEZI<99f3I@rgWNh{J;^7GD{gkRjIrSkINwOLGaoAyJgMp>+?Gplzb`T8W5&ro;`h
zk!h*^1G1Ma$v=)#Q&AF$1v8PrBX7wS$(d6)A#7cIGA0RA979uK=c5V=l#k|OD}+DN
zq2$q1rE%+~oDgNQi6xGOB`z1GA(}-1opRL?Vs)S)MOa`tx2JiSrcwCHs+uRMeJTZM
zE`_o^>Apjm78iszm$_CnxtBem5W*Rzs;LiIX}$}#`HVq{2c`+oTq5_tn20!@%tDXL
z6f3h(NVGV9Cm*}B%&St>mn=9SGB>cZSh$ZY7UDO-2*KYIktz$c%I{1iQ_{No;->ix
zO-(g5UQ+c03>7v~l9TfsNtK3fN<}UWULlo82+JJPa^GP!rLl6Y1#>sH;h0oP`FIIA
zWqB*1c~MhkM_hk&U#jxZ%JNvMiqy)AT&hZ6%Tl^>@p#ITkD&__Vq}X`4W{viZK~Rn
z%Gw*Mx|hm2pk>u^`QY(x6}tF+O(o1c5wNGBGJQok2>sGixUw1MviSu`pcSiGm$1p!
zs>!jcqTRCfM7Twfx+AtK2HC2;GrG-{8c=J6#%t9n8`hCZ-91AMQ)tz-A_};v0z6a+
z_*?ZX1b44c_ajuh1<Fc8TuHxK^#Tog*sOmIR1KJh_Agw%juVV5<c*lpjM`R@y3&jY
zS@t806w6)>2+>TSQ<%Z%rI%KVfLsl!UR`ifZA4r(r&f<|U=70TrgfT5K2T3lRZk^S
zPs<ie$I>Y8Rgd3P17517ruTGgD`|61{0{!ogbvMiTK@yL=|i|aL959mqtc(N^rj)y
zJUL?ZE!W4jDW<v}GAt;6pjdnX#x1^-TPC8037$~#mEzPAmeEn}S)L~#(5(<vt(e9S
zozS?>9o0xuEQsQ)mD0-N7xJjy5G9((W|}A#nkx^S8P#7O5`}D1RmbiGd(0S8C>Hx0
zstZIAQqf&XT-UU<)KZTeECWOLM{Grwu6;(xeLyKKBq@Cx%@_+aeH^J6Pip@e+W;J|
z2bpgEa?&Z&kjh>ZRgV~*6xNWq(yg<Ja_APh>e@wiE^>BKC<@;^-Dnconx6!kyqr*m
z@RgCun$=)KoP8XgL0F%^ES<NKGeh6dlp5>h9^q2miu9if<(6#|g+16(-BQ(qz|tqz
znk7Tn@1a-Rs#e%B-0lO>gC9qzgEx#bcTUzTDU@DF@*Hc!YwyAu4`s1SWIHPgMb{O{
z%v2iBvsUWlI<fN{)53`?qjKq8H^ekD&ps4uKNBfJGig!E?2xHPzC&#lkL-G4%}7$p
zwsOgJff`1lrgwCi77*p42&KkCWWK63hD3+AptS~?$G_bue;Y9bVpIBqmQK8g!ljbk
zWfo8+l38YuMcdrtKAv8?f<wApLY7%UEoMAbmaKQ0fA$zvJ7AGE-MyV;HlUe>uNZmO
zlsHUa!=s#%#yucOF)=EXk&oW0A~1G4*WC&?{84o1x+sr-y2XU8&Am5?HwE|nAO(e_
zFkqwfdw94jTm$;zTlj^l7eH4Sju_C}nYP0@e&9Mn64&}WXCDyZKJkeY+u40NE{Eb9
z{y8M$q;Eh_q9?I(jF`FAXeCY&A*X6POG0Ce0^aHPH&N~W{s{a_Bh^4tb_rYwrX4Ma
zLpR+EC1K7=79wWIt!WU9Gp0tMFB*3+M{i10qy(9?eb^|wT4=xltN+JizoO8TPUhI2
zOZgRJuTy>Agl3u0PwAO+m%T&D`Ew3igrmIBtYWDK51?#_Smy@IDiC_mjIha(eV}5`
zrygbMF>R7pr;^jJl$N+QrV1-7rBXF(QMF@L%d7lVR4rj<Rn3+|9Ys$FO08MeqFKkP
zb$T%e1Uj|jUlLMUwNBfx+U>D^W-HOxu1Y%S72#@|Rp}tU=sfDH|GU)tY%z4x)Bi_p
z!0&3{rgLz^T20q#LjH2W>e?X0W+wJ>hUeN~_+k>rwr}xL<;rI1^%4{CQWe>1mE^jS
z!B$erW>e)l(!f^I(`q}|ddkXb@(Es{9c7Qm?tszeK)~)u-sVXE|B*e}oyFRm<=9>R
zwdwx6$WKKL8nU~&z4qft33$HBg1e!wwt8&7O!~V)M!w3DNU}e&dEd5f`Lnk+vdhN5
z3Va3m-m?3>w*7y}o&+3$<n4j<|Cj6;EY=<@#}T5|9-_w)3Y2;iD1SxVc<nTI%e;8y
zgX;@Vd*cBCi70yuH{*zEYme&Xh#qZ^p5=&HZI9V?4-xzA?%6&aGeLgA9swp0f#}Z+
z|IYIV1Z1y0k)AV&y(5XAGg*u?iWoES+%4s2Fw}@S4mP)L>xh4Bknc}lMBG~fSRYUP
zJHz;(Z&inH(|cMSXLg%Mc5g@aDre4aN7m_k_GL%TBWLa{Xa1{4{!d3f23G+=XCC=S
zK6PgSGgl!!S24S1F@I;V8dr&4XOY=Qu~lb@6IZDnSNSU^$b_D>IgONhM+JEY&zZZs
zok#H-2L|Xn4{l!sN}u!}5WeINzg6MD$szu?&XC6sU>yO7KNxo?4xmA*qmiDwi5<{{
z^H#1TT+v1unEO!|l-EqonF;_4J0)}jxP||KWf1tMn~BsCzt^GwQmVWH$i3>D0D!X3
zWH7I;Teoh0?w(UX&#hMo*q$rqQ6Y9^%cocBa#Bl^rw^c0dasQe<h^}%5ah2%dR}`M
z{ad%x+whOu$iFw~YA=5~p5Cyou{fS_u}@)XFM33tRsd$3l~<}>+rT7vJI-)g5hqAE
zXCfE~=or{AfV2LTQ>OY;y4+)Q5_}$#w;RQ46cI2#=&?B2F%Ju<Xa4?$+ucduU9=d?
z^VYen$GeKyJ%{488phid<Wm;*QI^-eQ3mAQ^y=I!`rfSb*=pn6TJ7Gl<LZADsmQWJ
zsqCtu9ImM2GP!b}V(uD55lBE0C^hFEest?1=Uqeu97*vVsr9USbsaVVx~ad9F?dhC
zx{libr$#+>VSGnsz@s$aaT3pEThHa|=fpqo36$oEuzNxE&&fKssY#yj#V`K9eXi7e
z9RwlicD}<^d}nSw59IvoR=}eo-!mn?I%2>htdC!n?*g&UI?m6tmEQy8_hne`Tbv(Y
zbg=jHlUFpP^^~{rS5GT3&*XK_OzU{u513kV#|*Wv+7Zu%8~>vezrfe0+g@K^AOsQ-
z359)uKo|lJpZ1#lL4PD73KLH_Fu_PD5S`sJ848(rIFO9lRk<V4L@JHmU?iC{$y6qb
z-Qi@Z<MBAa{cY<P8g?=TC<x#EFH9=s3hp8}KZxHT0#qvbaz8pTZXkNxMFjs(*|SY&
zzcq?m%~q$=?fN7n>eheD@8Jc0O-vu(-%k|!3rzlvekkaHj*3J=K38z;H@y^}1e1};
z1Q8|uRCMCguh~)&?rIwQ7P0v{_MjbauE(?SY@8<5ZY{UltzIq2Q+V%o``wWU0{R|p
zkH@3g1TixNpHAn~l?uJO9v!dOt3IEJ94>tS?YjGol(H&(tGD8d;U;z(Il90a!QRg0
z-aJ2`-_Or0u_fg%XxzCzP$Y0m>U?lyYkv<Ylre?@D28g1dfa~!ObKuw;>3u=1Mx-m
z#*cF?hz`v2C4bnF=UdQKND_omJu2r%a2%!-M)5qZ9EQusvMkFVcVHF8%V>nD`U`26
zBB|?QLFFeXE2<YH1Memj>u6iDqv(5q&~QQ^6xwh?Bi_=`qu~qIi;V31(MmI%=haSP
zukF>h6i=PjakD)4{gpkRpfL{<|Bz&q=fP5W=H^AywC8dlMwPAc-O#fl8DO2V?`Pt#
zu27fcC1{tIloYnlLBQ2*mQ~c^JXKayld@e_$Z|CQOo(_~FR!+Nz_&^n^bVcY^@9M-
z;R!~lHj@Fj^-(Vx7TrbY8x{>UY@1ds*QuL!HSlg)4&9^}TMqNI>^ghV)~nlYWr=@w
z{{CPm&kOnePxgcke46+Bb`e{E;6#I(Rz{Ll-w(mEUE2?{ac->odaGGGpbnc>SEq{#
zSv!mqM9?@&kQkZQ{etUOKTdgv#oS9nN=7}&(5cNh$+DTjI?Zvp$vDmPLBKvM2%*b7
zD~gfDJ}*hpUFadFG}XAMm|s}Ch<UxBme=aI*|@ChN6@-z7^mC3YMPhTx^7vw-Mntw
zkJY;AIA_zkEK?}eyzL&g#5R+N$yB@Rho;}U8$^=Rz8}W2+qxemjMIJ?2U6B;Jxnr&
zVc6>wooqT))FI@o0VbWw@D>&Lb)J_r^tPW@4E%In)-3Y2Up5?ibzZkTcDG-50)BMf
z_96&&-VPG@b>ELN^mg7)3jBQE4ev)@A1^gtxXt=1EFtmTrGNOm@4CtLz8*&92)>_Z
z?RLLjm)-b%-`30YfFGx`1V7)mx4Xcf=hI#g(0D&^RQ+F&=>p(%cmD7!dthj1eNaO2
z0jSCPzsb`D;cV}`vw}1y>M;g<B4UGaiF2L`(}YlK<wIzV_hEG~|6$I^hq4y$!`q|}
zo+`x2=b-E(dX?~IIw0cjFdHHzxC@h#B}7O$8=@4v2~&zDL@G4{4bd9hMQBYEqO_h2
zG5X&`7()}HjaZESN0YIZCd61d8{ur8^+yE!33riJhQ2q)xJW?=^I6&__{J0$Kv0Yi
zAvq$1&kz@Gj17BzD8M7sASGOh_QLMkBc)B3kg`k+${so*6I>sc_f<?TAvvbx&6rTA
zTu81KKBhvW7}XI;OjVsYq<t+H*P(Mv>pnWB_ra3ZM^H-lwKm?d%#fy(K{gfkK4jj9
zlCcm?%3N$VWo__~u`x}`+I%u)@2?Qm;8V;vHlCzyFcsoOOG>{sKIPuVl5?L?%6<OY
zW~?!j^=S>s_*G?0Z2&DF(Bqh2%VI77ojDhTj#>b#Vh;RAI3XXw=j?M>e8|VBiSB&B
zm`1x4#?6PV7$2)#Oo~Uzt6(XYQkq;s?P4Ky>(Pd<%TmPpTZ;eJi8RLr7(UOlg<Qag
zQUOFt`7VnkM}ntv30X>ol#8WO!H2Sy=2EE&-lXW_c?k;BZ1Kn4g*dc6qSv3l)yCIU
z5^^7kEd$OqHYS%^+t~lS6BjG7hAE4I?-F@|&1I!ckUT?@s{IHn_}=gqdaqmxVRUST
zs4g@{Xq)O|e5#EpF;^y(S_-vC7eOx1S4s8Qow4}0)gSd?d=Q(6%ayJm!L&A-``DZ9
z6RE9DEwoyvl8dt!kF{|N=NMrhi~Y#?1Oy$UyugqBxJG3E^8T0$rxF;QbJ4WU#THwa
zhAidEo7T#L=}K);*sfK&w06FPQIErdxTDk-JaG4Gu{1LhL5OkZqYj&k=pn8LT)W=a
znrpvrt=TQdw#x39CDRzg@j*Iuf@{)C5CnNdP+W|G?|6HS{e9gbTg)DeU^SB%@Sbne
z)S)}7JRf#(d}O)Q;Z&W5D6Qyq%w0PG_)NK*2w-_X#;yKO>Yc-Jz!og*i*p_8PM7^!
z?MLis&!dozUl`;u2w3`rlJ1eejkQ`SJW>EdK)k;{h=7s(Huu)AEu%5P);s;p%dI?5
zMsYD*IS!R<9diiEh(iz4?7A#7&dZEhuNTvpCSbK3t{H1rFZH$kB_qi5191mX-i|j}
zO4SP$tA^}5Cs}25l(Y!5S6X&fS@pD5+UsN7_2j9nOwm%ls*}g{rn$<+?Sj0?bE%@#
zu3SgvVs-mtS$W>Yw+h#qdJ=sy;N&`$a{U<YCS`r_I?VHX-@NVuY+;-<Nk3zHAF9&b
z|3;FaYwVQnK1O}$mWiNE;riIV&1&nK>Tl#X<gG`}?cgQKYsY#_h1X#EF4N6x)HmK8
z80f~@1a9*(%rxL1Y%9Si{G>yHj}2&X$AbBDPPK{JtxS~W?!z`mRf_iIjf?goE<58j
z13WhcG1gJvPW$Ad&2AEG*2$o&MFVUtP#TQjtW8_lDfBn@30Spj3mB$AGb!Kw33^Ht
zajId~zM$DHC*JJ2=|Ol2z6&>T!i621;d0B(bA1|lq`n(bE}+MyN>1lmUhi`)1<IBF
zvt!n!>~nij{4RU(VNYG^?PiAR#ES>_V1=yFi<)jB>QeK#o~&cc0?%Wt46vHQpOeh!
zV;L=le_X%9Q=x|7IU2^d+%D@etzhTme&BuEyyY>K9Mf-2fPM!4hihKL%h`{_=OuLe
zCF{BDz(uZPJ0FPOH4410De}5{BLj|{f193WdHIgj^^|21@HxZ&+>g33ZRYtIDu88w
zF|+;j&eGd|oOeIFUU`iGV*$Vre)qc(-Wy&bUw7hH+s9J+j#Cl4WxCmWiaHQ}+Xwu(
zM?<<JY&j5aIS~H3C*(Ph-;lpVYNwUy!Ia{1)a$;l&YmHPPg|j;#wxpQ<IbXGUqSNm
zp8^Q9?ax=Lqo(LCBFiu4YOjZGuKVJyvJr0D5g;ROFCFc#Ms6cK?=FKGpnU8hlk9I&
z<?Vgv-e%}7?`mPLZ(wTVBi3fY{La2b&2qxSMy>0BSBO8=HTcR=1U;5Nu3@Y4HXyw4
zV3hVxP=AJx7(m4k9xvkW`D$E`>JLfc7Tsf>9^yfsr$HG-df^<vSnHACE5JJL!UW<4
z9wq|Or(VY{)=O<rx`CAhN54QGer-0>HjtcshX1*kn0`x?`;x4C8@oY0m;UUtd0Vpa
zKB0Y+p8C{u*fF0+n;%8ZKtwM={0>+6j%@gfO-N~FKyDa?1&{!3Pv`ikP>u;Vs*x5h
z1eNOH?`I-=cZPqM=s|vFf1Tdxpe7vd$uH8)!5fJkLLr@y$*-8o;&;a&UC$#SLL+A&
zd679#2+y7B%MXTH{e?t^$dHW|vW_^qyzrlccCm-Hx|@#ub7O4}wM|2qHFHg*2>m*F
zWh)PJX-$|BPe{%L+i*uBvoM?LK)^eS_3JnGG5x)$Wwm)?*OVj~8X^H+JYGfh&)q$K
zzyrB~7=gxu6YwK}g34iCRAIC06xk~db+PWtlo1Pw3bSGXvjG{aiHWLXp;5Jw;(3I$
z37iZbo_x9yCxi))H}=GviDH|H_CA54U(qgBQLqy(%a@KG5t+0~VoNbGS~8LT$C2T8
z6GO}e^(nG*4|VexGTrV2BOWso;bPhm6Jtp!-EXp&W=Cd#BXwOOGk+7a;3Bhx6AL8_
zBdwCjkYWyu2@~lfs}3`pfm1vcGph;&^G^bU%OZn^6T43ndw>&z!Xg{BDeG+^qX{#o
znG$D)6DO8LDXv6Y_#<0FO$Lh+O9L}YOA|{|5_j7o3jl?u8@ZoDjH_(XFj|Q|evvb)
ziFf@G$h+IfHtVEk|48Te$QQ)SfA7Tq+{FJA&BJZQS3$<x0t2`GD6r2gi1dVitR&!9
z!dF-5HMGc0=`2Lc!o&E)&D<=+o;(8L9E<C038ft8EG;PGEGWk!QdKSZFInv`s>Bzw
z=)04sNwcWMlW3GVhnBN~D2o-GvPb}`NC=C#N~DMzi-ImoKZo+a3}=a)C!s7<$-L%&
z7?NUfs0yB_U6Rh?9m(Q=C#gpyu7q<*YBCAD1<`p_v1JySb!VB93CZ!LRCFiVI47y@
zC)s`$x%=jjXck%03a;;SuA*c~$QJpsCHWE-1?Xjo{Uy0F5~+Iw-e+gU*JMRnR*E4Y
zOCIjC;4jv)t0o!2Wto32$|5bwljRER&-{N?6scQO=$}<0n&p(9`KM47FjN$5Sk(|+
z)ErXOjNnwvQutMuWer-?b)MA$%Bn#vCR}KBe9OuODas|RniZ@v0WKN=C1M)O>K$kr
z-DpfHXj<Easy-@eUeDTgtUA*wI+HEQwJO@HhU$LJTIbJN*D7p-Xu7Kd(nS)`z0f3O
z_L|?%kiBC>WzYImtOkH{o#z(IvnK<eW>&3JM6)p5ce^8WL^m4rP&U_iHdW9~dAz7o
zL`Vf=`Wo6>RuczmrSnPyixv$ZDf!R%>zx{OMv5=g$TxLqv#18N`<g)a)+C_&%lkmx
zllRN(5Teeii^Zmk5Y~zbD~ur_+y3ABKO(oF{Ru}5=trs5R&}Wey{%ppF9>pSR#MmS
z9j+kruBOu~E)4a?>#8>Y6?kejM#rwEq;s|^u69aPdIc*qZ>%>Us{f@oBKR~@=v8}2
z3<rK%hi*Ekv^dD|S_h+8$H^H&PDe-R7kgrM{oOeS(l-0wZcdbH#Qd*BvrCS=><(gT
z209o9b(a=Dsx(I`hTCjUGcSK!FznjcY`JX=hg<*Lu9%0ox&3M|{IOf|XLqY=Jq~4e
zKV5OpOY@L<Ic|Kh#gX%niL>j#sQq$v9SzjJC3ifRzI0C5v~S(I5(A={AURCG`aIL3
zUCRp{xA_LTV(2NLPr8|R)A*jE`yr)m?}YiS+Sne_`oz7OuR|`Ou6-uATC6_@c&WJd
z|5q%oQn<#%g|mB=uzR++dDyXgUaAHaum>^E7`i0}3#ucvu-i$Md3dN9si@m>qlfBX
zdda!F*|mFlwA*Q{@KC4Ig0hpatHBVu-7uv&MA$iKxJCR+bIO@}i^hyldbN*Gch*RA
zj%yDmcZ&jhi%?mOEL)4z!f+OG(=U^E8hvwF$8^n!3=Db;lu0%Ioe<o=65`cn6VVpS
zk7>Jz?ta}K`mP?ln`-@oxmw#6)bJ9AW$%U3p-ZSy)59Ll4;1nyelsI|OUz(PV%JC_
zY~S5$4?J!sf8<D%=?Lp~Nu+$&jb&o@NQ&6xNZoc%HPNUL!txfwN|EzObJ0ljb5GH0
zO)*JL;_pb0cu(iW%HZbAxAky!%1A5dNGr+!^TSI2Gzz!MNNwTF>hQ>_D$n?N$tdy2
zF3ZRsd@^QP&KyNEMWhi*TTf5o%-z+<*!ReVhRQBb&7Sngo6g9y5Kp1R%IfaOg7(aZ
z&y2ZWH+k;J!`jHh$@Bo>3a4GqrR>b5&CF%g%-v)yz;P|W`zRv7E_Nd?q*l*|{U}D{
zDpBwh<<!*U<tjGNEH=V+5y$o>|0rbTDx%gbbMPz!0-8$ppG!<U%gr_ltUO(1G)q!E
zOVT<kd{D}VRm!70D<ilv<38-{GRs=H$~rd6x;x9j5Gor~DyuRpr@0dAuq~4`D|<@m
zvp;GwxN0FatJ6}dAt~**j`=1$>t;WC7B)<pGO5oksr#^#9^4AgR?!icO-E}2kiDo8
zy{c%>8$QDt0UwQLT<X`F@%R>Un8U6ksfZ{@C6(;)k~1MoNQmDID*{<LlAIm_s&4BE
z<R$E_kL}j<b}LM@OBa`lKb;1v*qz?yRNezMG4(U?@t2qjFja5m3~n=DDlt}b)8*wI
zDWC1f(oVZj`h;nnNuTF4$pAFuj)Jp}Ixk?Sg?w!eMU$CJQ-YYC+9@@h2~VU~iwmF`
z<-SGD*5<GQk?|!Yj{R4SYS4RDo6~2X9>*#uPtg8nvzu457XWXSt)Ks;pYl&{JO=1{
zRx7=B^Wx#47fv5M?f^CVfDim29*>*i*ASBTAa7lt-ecP{YrWVw)umWZTwqUBmfu+#
z<fGU&k=D?ejL)Ui*kH`q;^7vYx{#Om1uC~g(TuO0^+b{Er*#85R+jGvhF{~>MAFve
zahZ7xt`ZesY<g?F7kBz_+Q%n*;uq9d1J6{|)_B0yPAtz`;n&+j*MyDh<f`{r)E8PF
z$7~kvM9^0i_u0RKBfPzRJlyVi0^s&Mmd*m9&jRuH|M)&?pGC^<MaG;({_RCpoh3n^
zrGMW`GQ7)DKFbo_%L+NmdO8bj&xS@`uJ+oamw*;x+#xraHu9A|Jnz`;mp+N?zFV9%
zG4D04nAMn^H4nVwE5It!-Ads0fFJL0#`b!__xdo~I%(G$GhG`XXGq2yNz7|qW@}Y%
zb5k&TIO}^WVS81Fxs9ZI=lXl+o_F`zXZO8(_xpSI7vJ7*-#zG_z1!`SZK#+c3VwT^
z(JHO$1wh1B3`tsCR~1Ls{O928W*28}*XZV?fbStM-@$K;gHb><tM5hS=E1BMVG9m%
z0%jLAU&r+3F~KUJ&bAZi!EopS1ZeP`F!w~YhyyGbB8hVk3u;d+)(gqH=W}|_3xMY(
zd>0kI7d1T>4Zw>QzRM2Z%kG}be&FRW-_^M9g;`E01w`=E$7Yj`(K`NM-1n-6`p&M;
zmX`L8!q;FH-ew5iZ5ZB7Qg?He&uU%HwiEl-A@HVUdtD^^j&^IU?WI*kb{i|h%@bq$
zd1vDq|85*l+iz`8kpD@<?@6NfNk(rk$&ngzvu5>m{Ly=A`)d=Vd)A=Wuj$J-MSB|h
zdmL70@>YA=D{pE)?8Ogv?izP0%<lyU@VvM+>(w>s(mVa^JyWpt9K!Dh;F*cR{Y?9r
zit(GY>Get90)80ve&yu7&i8(idikZ}uc&M<@A9u4^8?R!zpn{^w|>CKUf_N258n6H
zuK^wI0B}fbn((_lLGb%KR`0X9{ea-#zbKk1{`iZ6pmI`?v?CdDC*1I)Zkfj$PXrOl
zAS}HhlT1X@P>ys-D3Q%15a@+AuP>O5CF9tb;$|+I$t6ff>0VJTQc5I==%@-`D4Hxp
z3b7Iif6QOVq$ruu!GESukCjVX3Hex|)^4>sp9&4T<>T>%qP&8-Lvqyb^#{Y^@I`Yp
z91KU}aQnh>HXileBkVbafq-<mW^p?KuQ*xG<_o3b`24wAE|!Y5vV5<(*sj*|XgynL
zx!JFQ+nrvIz-w*}`}y`TSbkd`&WGbW7G}R%9<HbJ6#B>ERk}xR_f3G)&kZln+x@|0
z62BcE@5l4SW|QA7AK%ye!==+`6?@Zm=hy4!E#jUZXzj78KLkSfUH}Z)*xvwHzBT>e
zKU5Se!N|Ji2BB})DjD3qG7yI0M6u$A5oCO-c&7OMU~vL8oohs9j6D>@(QGT>#4%hm
zV}~)^A8SUjf<OwAcu~hz!{|&r3FD-HeB&g^BC_Yk$*PK!CMn{&6((sKzT>3n>Y?Mt
ziN>)JrD<lB8KvngrS3Yeeh!eBIor!v={cS!<K(%%JJ4sjelXbPc_9dv6a|rF6BNM0
zSbUiC!Z=Bo^Ux2IaD&ox+e(YFY~Kru^88pT%ZlP$%M1Th*SGzM+8!9I>c&v0GN*-Y
zF1*^#lZngPo)?&_x&a8OtNIc2sH=w3evO>$7hWm7<~dnvo0cVAE1TABjY^fua^Fjv
z_PtnY+m54LE8EU9s&-4gjcFLWu7?>d!y2p3h}-Uu)(-kC;K`(2-_Hx|T^}e$G($fO
zL05f00{N8v(3Iv0O$j<XHsuJ0T&2S(u3t9e7*3e<!`N13)I%p_UA5yRP4AWC6a)EM
zZP@KXl+z5??U!uL1lgvR!{WLr^&CHejq`#yeU0;?H2?LJIf_wPPOGX>6!3Xj(`@>A
z<t&Hhu}xJ43PZ(U*4uT%yspM|lX7*7YSwX9<~969^vixwk&d#+#_(Y~dnfP^-eD&g
z(boMSgg%zzFpR(UZBI$<%3(YuF8cjAGpeiOINR@rGhe@KDnUui0}VwQy&%?8qRi__
zNsVT>2W_(z5c7H6c{=kcX1}ZLb~k`%mp-e2VpioeOqs_sFKic@H8;5%O7gry5XZZ;
zVK)2yvg3xxXP2b5?eeah6$gC3Fyi%`)VL0w|CAWM{rhDrld^L2@jCMZ1it>%?0$#1
zgVX5W-Jo~)|3Yx39UqHU1s8;rthZye98Y8^BEf&Jalj4EK17BB4j@L>2N9C&L-Cpq
z5Xacb=1k(AX=8F>PSl66cpIE<l+nGbi2L%4N36pv4VEp<y8KWRfy9Il5mO=2fwJVI
z<fSto`q+8$oJT(hB=JxS)v*;79H3_ziJXVnMekA*W6he6uoN<KP)q0GtU`{mPcX)E
zXsdxmEO6nshJ=fCz-XDOakY>*#7ohT5F%!@k_kB^L<ggR%9WG$2|fgw3Kft_xsOYf
zG9+aU6_c}$kIP$D#4tA(P#UTKQ_gKnuCy-6xiF_|yq8T4uP!09vzXMD6;Ft{Dxnu7
z5xIeuiK(N+W?XfjGA44$n6M_R6XzT?A92WBs6JVJIKTkvSfZqDZI!YE#<_KYj@d`b
zQ^efR6LN)4Ifc??-0KxHt^<!b56S5!42v`mHB2ehSLFOZ9kc$S2&sEtrGl`Lb3s(j
zX=_JO(-7)2;gZS>{a^T?bdmGXx-9fFR}{?r7xVFf&c(YyWUO+Q)5(RXCE%=TrZnvd
z2(-?n&^44Yc9wq~WSz?ndCYj-k~5aeOPTmf%y_DT`{5^0f&>&V6k<Nu%R9>x<#JAy
zJA_p#WT7)bpUu>MT}ak@vR3<9o_7RNDTCk&lnQhlO5eP7+Cnq=)g2<zDv+*z&oR|G
zcToS;Vn=QtaIx{GP1F7@wVLy^Ou=wZ{O4zE?E|<^AHHu*QRP3nIK|djxb?5flBH2K
zwsRz1`^)gTQeAVwx|oH5krvY^2>CVvonvsQ(9zNgn|@{`y$N2=uBB~rPW#@oHpIqC
zs|aa7QlWjQ#l}+ab9gs*zL=`!MzSVq+v=pO9?|kjJFrr9$(p3ufwS5ejT)l{e8D%$
z2lg5?Ycz=>gv_)c@9OMw`&Fpbxk^gM`!*`|GiSK=IpkJP?EnogH<-#Ughp;E@z2IR
zJGFksrP1!F&QtBMHKuR17i_aGQSA%>))qEcrbKDFaxH>SMq9iGT(>2by;*spa+fV#
z*_Y8pig<iarQt}K;L$z62d)}C$;%l1H*nnpRoOAdAbAU&G^K(QK|6^xya*O(J}M)L
zoRnj2!qC>riKfhyqStIh`-wTuOQ)1jBYlLs&M}Ed6Ok5p)rZsOA!PwfRD3VR;$;_`
z(-lq37aUh<r1GqeMz1RBh2d&q67Q9dxQ`yc+=2PA_eH~JkY(E*?0;bFi)f)IFd*Mk
zKrwHuL?`k>lU~O=nGLii+%&ekwjjuLqb}EN2_ycpgk9}i`QdHxHHolPvfHSuDb=ep
zn!Ysmq8_HMeYxWRR2{uQ)TEU<Fgj^v75IN{?juBE7)03~aIkxp&~7}+<Di}mXtCYs
zwsk|&-q2lW?HsArwqH))E?PPOcfitK0Y#fz47KPjb-e5yX;ODvd##ZHY_xzVZre>$
z#;EI9_P!+1?aN3W00}{dYZDgRY$!Xc^)zevwWe;le<on;CR{U>*5>nIL(uDYVZ}ck
z?yNGdZn{~Id5P-Lf~dFE`juzNiw7s8tXk`Y@27fJX-jac?Xy1o!t!#P>-yQ6Vfp83
z`G}3<QeCVGXEx-t5L`3zeUDlD+Q-~qv?kaU8RpiA%o+VW#X?0`cdkIdUIWit*K7Es
zGFsQ+r>?{j5^&0D1#m!a{!TE8H5b#SkV0+e)*%OdD}nI6{~7B}_?dGn!{<YRvTZI-
z|1sZ`=5r;oItS+$MF>O+82d-|un)z)vXav?5g{gXUPnUEgG%>;7<BN2%#ZUv2K4wM
zxzazD%URK>@bwkc-m7)fd(T7QUn!^)TOP;#lq|DWPo%ecO$!;S#V0~6=@F~;gSj%i
z^+UbQz_KJ!1`}5#A=Ob*_Fr$cgC6tmbo7UR!y;63L@{?nRp(1IRl=h9+le8Ct?r_G
z8W22WEjr`}Gz+{Ja#dAPrczh28x8a;Q=x4qc2ZNJHV;BbQlWPzs~7WXI}PH63T{>7
z#0*yw!3-2L50-GJBXtjyITHtY^Cuz=`NI*SA|9e<9%4!ofHoF_z7|50;w4EDDlQ&s
zWFA^H5G-3B3Va3);c^dRgbK4&4|2i`v!e)e5f7sR_kSM}5;_ZOfehz=3u6!tHZc!3
z3l9$~53e-TxB*qLf{LgMv{7&OZ+Em$P7g^hkH{E{SZfN=g^JX}j67Ee4`*S60JV%N
zkBk_LWK9W8fQpJw2y``<NE8kdM0Rs8k8&G}YEBR9X^-lo_`|~yE{GXELJ>Zyu4;hE
zjAH7IyP{Y9=&fkLmHDEJ+a9^T7P%SDU56R9+m4wu#<H<uf4RaF>Z*zHstxk$fY}yt
zyB2W|756BPlSdKx$`ScSL0iH>B?IX!hao(nYANX!`QIyaBRu}|FlKKoet0pox!uFo
z#51!D=*d9gV;Sm!P8p5!9)*V$jlUlCw<BSwJeo8knmi)9c{DEfAP#^YuX^g#p&Ab@
zkpyXx6tNVJxE#+-86|Hnstley^IK<d*dA^))<8MpsXX~%ELrM3_9Z<|p&|~YJu#0-
z{feDmPRt-y#n3<4n;klpl`_>XDG3)D@qb!QMXJ?!s?B+-9dw!lWtx*jnu|r6TSS^i
zMk?ZaR3d6(!D~Xmds@(VLZC)^@H?58I3w6tddzux9CStkWk!-jMv6s7T0}-h2ewKD
zC2=}iE>>y*XKK;<U;9JCG7qeZh|H>r%$o7cy7SBi=&UBntQLu^HjAu|h%7)wRyS}w
ztM@$fV2uT3Ra)UJStcTTv?6<gg>!8`+w)h>EM?BTM9!i`&T>S~YDLcac+Tc|&Ng)J
zE@ke%MDC$Q?(%p>aYb(7c<$x<->O1|d&;~=iM(fvyw`}l_lmsF@x1Tzyr1>FCW=Hb
z%XIL_^xu*Bkd^t(>eLL!`G_zDNK^$Vk_Bj%1sIV9Sd|4h7y0Mwxda!ve?6173NuJ8
z3&|r3DJu)9sWJw}SzakM$0>^@C5o6Wi^deGX)24jCyID4ibyXCvK|x>HXI2pi-|mo
z+k^}GCyHe*isdp3K`&%Y+px{k80gwv!z_Y)BZSl^O29Tei~>to-%6lAlz^NRX0Vw>
z@)M;t7o~QQ*n*LS%2c}PE2?v^1i2n5fi2!lK`|KvmKcS){>x=I<i25&T-zZjktJo(
zBIwK>`ULKNi)Ha0kY#C+6&aO<bQ>(rFq-D%4zq&UDPs;(q{-&S*#ir)a}D;t+hV`j
zH0vY%$NRO0e>>D8X^jnQwNcrNoL8Q@Mi8}>W=d8MTUN(Xmc@1w?4@8IsuVM&p<kSG
zEvNfnpgV_l`tCv+=rbDXan^V&>4UHtp8QT)W%q_XDSvV+zjv#7YY`iMO>`O7y)CN|
zZ}WbIsbQ?}VjVTmMk;3<bt*flP598i;Ic{etcI?tAEqj?dN5Q#1{y&!7^!-aw2FHu
zsJd5+xobown52@%ikZi|nPW+Lgs6FniF(?&xuvC<B7qyrt*{@MCKz#<VrK>Ag&8Gb
zNGOVW`ka_rP?7klni*w!vLl<L3LEo%HfF3E1*13Cus1%lRKrTOsKAztccLnpp{7D;
zmfu$kwOQ4_)J0>f!IidvbU62fmV-jabF-uOzUVt-rO>?xFj0ylqjTG4seK<ODx}rf
zZd!(Wx?n^&9YVHAjkbbvV;JsRJAJlVR{80L)vHQ%q)ZlNduol0+vr@jFlO4;Stie;
z*-2nkH&klkoALI$*cEJ6rJZ#)XgZW^#CEfGR*Ps0W7+otsqA}QwC5I)!Pp(jH*KNK
z%xfg=S~E3^E@Gj?k}t};dNduDl`2umyCz{-l&m_|tGY8IT2KldRbafY(OTJ8YgZy`
z0;6jDqgo$X>-@QWTG89yG0L}@TAhyLyttj;w0f@qwc2F{uNdCUl$P%>t&^?gE>e10
zkT&OD?TG-LP1t@U?F{%$S?38y+!l6`PY<j~Bb=(Hw9^LuQsTH(&v>)uGPOpVlO{>-
zAgi>24vGP6&VlmL{)kgzk}J1dNO#UE680<)>S$AKm_fX1cOk1r;c8dm#6~<E)7sO1
z?2IUED|Z%}7I}((wdmpK^=|k9ubx$}eJK}4N*^GPn|G*IYmijkdzjzlq}6Dt^$A8h
z!}`c$rH}t}w2WZ6nb)YfRsDlktM{?$9)=;tuR0^?)(17VJ91}Z!TLbhit3RX_~_82
ztl<>z;q)w)1ZbMstn4n&q8#m_vE)j%@a|OWiFLrRBzWc?c!fk}x%kH4D(S#v?}--a
z4pi&>V5cb9NM+jW$zI$r;mJu;u0c&pjuPw1@$C8vxXIe9scC5?smiIv?E3Vt@dEGZ
z_2}tMZ|O1V>0P+8sjsO+xalMB;03subGWj0>8Wd;saxx*8{FADn#7&znb)b}1MQhl
z>zOa@3dHEyU*E+mZ~@u4EZvpU(9_efHNd$EgIQ4cd8*1;o5hJJ*g)XcELKhM8SXq@
zci|P>Y-_oIzr^eV+!Sfd!ejLU;`KbOPX<bj+F7L7oO-<onc)&t?MtT*=JX=AO*roL
zf?!MrI4{jnIAAI$IVd%DcDNI2bO~a64vuzN!DpI=c1bO!dg^Ur{xvQ(tKIplC*pXK
zS7xPFd{RATB_4XA#oTQR!;LPhG3gZ`MzcU(v)~%DN>;N<$t$Uvz2XO-!2s{13Eg_X
zu^eaJmZ-fF#k(R2zT^+Tj$w^gq`g$775jVC;o?kFEFyMDYFP<>BTr}97jL~J2RpF4
zeO0{1MruvCKV^ku%x_~YT4vJ*__$X3y=s*sV1k`!p1JDXz3PUy)ytb$9J84avvKgr
z-^jB$t+NSm+8m8p7M7urzt$?m+gOj;-mqR?*j^a_-kPD^+3zNpzup$C*&M9d>6_je
z*xnhkS>5*8L4w~owAnrK+5IxudAy!q;-z7z-2T<G4Jx}gLb&^dH}?#W@ef8xFKQPt
zch{_a7YbqiyoMcptK%j|0uasa1d&KbF(v*Lii@y&S+fuAyoXvl1Jlz&{i@-b*+O1A
z)=In?Sh-gI77c>qEt2*x+i-O7bi`BIkADZr1b6?#XN78Kmyc64w^B9V5-{#nDXEj)
zc)UL4ppC$OTuE9rfJy`G#!=7mIqs>_mawq@%_mA(d$h|l4<Us#MWveuGxF`#Q;}3l
zR=VhZQ#0ePXBu^SRM~!VVePs#X3pqDfbM&DF*@wplh9T3Dp})6)8<Is7qwgmgF7k)
zBtYr;Z{j{{tL7hSqau7=RM=+26IVIuRUTMRiYiYyk^v5DcLl&8sq_#g&Ve2bcioLE
zuhpOc&ME+ZP(r(@jjq)6<uV9E5T~mV4K}EXxmjB4;Fgxua_4-adNxGzk2b&&;bs{e
zt~Wlb_1SIBO)7o?!g_ve!&$12{?*bWt2dl(L<eu=2G+${daawRPc+xsF+1`PA4azC
z_3qWKU{S~ZGSEiex3gOcfZlx9FuYz0)0OXag4SE9i3&*f0d%C;we8<&)&l-%NH07B
zq^9rx<aOriJpA<&xjh;0k#tDIb6DZsBQ@CqL!774wV*ydV4(B0+`1WP?R)z4eYCxW
z&Av&h9RZ2H*`s>`R`rHmp8WH>(J=GLeW^A4?)_yoG8MB68uvKybsibCzk}{xK02uU
zb%{6m@;Cab%l4`Y<Fy^?)iLkt@6_fr-GS9?qea<kl~@y*^`&xcKSA}N4}X)lU9<h^
z3tiO(x$Qv&=eoh}JlD^O?v<C5?2Y?Wt;N(Rg6NYujh@xklQV0Dn%+?&okr!Xw-mw0
zulLaiAPrg|?&ul$QvtnY2(DkWc1>pN5s1t?sLow);keBE11rBMOWeuWt-=caSBmw!
zk@|cO!N`)`H`uS2S-S}%g7<S&kL}sj9(Z89-1XJb*M{Hlyx;dF;@wR4_gUWXVDH!C
z?AMds&!8jl4zd4Y7x+C3ynz1mhR{412GaK{7#fYvcx`U~UpNw}Y_a<Mfk-qKD_67|
zNFI04%|?F^d1CQ+BC%4ga>Rm(R631GZSlKf>2xNe)6P=FqM2MiPsk0)hg11{p<oie
zO5~D-Qn_>qUCD=Y<#MG$lkRflvXxpr4Yw~#`}~zgv&C|)iIwVK!Jup5nG~(G8yx`9
z<NjuOGwoKdH{cf{x_0`V!C(Xuz3Nu_z0qg_p<JqV#)HXZ2BY0d^}9`fkc~(jna&2w
zX2aiKeK_lx&sM7q2D7O;S!|$N9WICX;+t(Yd%Yo$<a}H14o9OY<Yqlv9!_VoC1PcK
z+nz30t1V`yJvlBHjb+1e<a)VJr|sG7IN)<T-Jh`++>>SeyS_eOug|Bay}N#XAU{rU
z-E&jScLLxj#!x&UJqMPRci0yc)iqSkb3!Q~`E!*JE(>>paB-S7rARRse}-TkJ{W}2
zmA39gPz|gVL@|tv<ppt_mhQU(1W@i8pwPG|dir)2<7;2zo#_Q8V!s;10bIahxe3?A
zU}OgJ`-z9~{_>;hZoo#;<QPK@4KqDM(bgp|-KOz^OgGe)gDlr&bGYDbrxm$)@CLWO
z(7vkG^&piFO0v8=__Wh}0_yT2rx?<;tn|ts7w1+flgXzR83Geo#ajxzC;5K{V63e#
z3@NBf;=CqLDr!dG*P`53Ez7E)eyET2jWEu)vtaegO>?XXPf;=nEY9>3CP_7of>d$A
zY%*@~Dah+WS<9Cj9bCz+>lWR{uB%2>*DLBh$)vAZj`O518kR-8s#-2hBu(_pgEFr=
zCZlkV+Wq;wYPw##ESNJvr-_fMp*SN6{n&1vah1A=A82d&veL~8Wk5;m@x$dx_>PH0
z0XmPP1QeMU;Z%hW`NK3d?fGLkE7gocIH{-fvShUfwvuF4SIT8$DLxCcyeL)d)BJ?U
zb<^}LY(|wLi7t)f3Iid|ie+Q6brN%p3r@pE3l?tCW~ahsgVs%S`qi%~)arw%0JIg2
zF0dVpy}(@;3_IIP$40w>uw^DK-{0(8w~lSU*R+R4bQkRGh)2^L-AZ_?9eXf#wRQ%l
zkGCeRTD~zH#*`3w41%>F?G4(D(tK!nOnh8B?k+|+=1e&8=u|eNz1NpSeE`Wzl2Ww3
zbH_<?$?k`Fw;Qh~uqC-{#8xOhyO*pXy7RIqI?Li0ay7}*z|#!5T@M-Z)}D`t8ZliT
z<raEhU!lh~JXPRpo6q(7Z+U-=fUL_W<N{E_U~w-gTrfOy&M_NGyX_0D9hlXQ(E@0P
zprF5JEb0A*@34UcsDzNOD*ZMR^+6~{*-&zj?Y$Z^!Nsuquxf5~OIYzP++B!Q5O4qf
zIt~$6Qfh6y75@>Ch&Cn3&{z>BX|1H3HeSwzUQTswDc7+v(#+0S@lR#RX1q6I&mfX-
zg<#8*RxlHKUq>?tWnmGriJ-YG#Edf?rHEyWl-(jm)pH!FyRJ52%Tm~gR2LWSgz^_O
zHvR)UHrVm^FaBG)F)5|QxW0}=Xi`%4`G|=ShM`ml@Fg*8Oh|%$7HcM`bgBS`o3a*T
z05&xcg|vyzOi(tqUOK62FVQrkTXp9lhyyo?Tu@yI*;O%YGPu~-drjONrr!12Yex7>
zOy*PYHgj{xls&+R&o*>1>k!q9bNoGr5T7yg(t49P<9#N0{!i|swJH3$$E@dpQeKh=
z8Ta=(LwF8t0w}L>Oz;b9AlXtp3|_f3LZ^H<n{wfA6ABSxONEva=766gidxU)T%S;u
zJYqBp2?<Zdq|#*m?<;dDHx?PEk*92?l5=SrO{MG|<ucA=N^A6U#r%V@917A($rw%L
zVtkbf2|P-vpbzCo@TWqwk_+V;uK7yC=SocAv85`YQ>88xt=e#&LU}qezkp7qMq0;8
zYyCsDEpw^DtmM*Mzf)=DO0*8@Oh)cIa<vx%y*>!d+5lQAD{n=m!A9Z|VZDhLgodHk
zzU0c7R!d`w$*DH#xLTvQQYF#`HKP01wOWPZXegg^R0$fj)#!!hTBd4i&9$W=x0hB7
z%Zkf|vOd{j%S3W#qYTB693Z!aNe&c6rg(FK!YM=JO!uWRYuLtx+)*v_!PTw5X~`f7
zrN^ojCadpo>F%tJ@22p=eN8FXZQDxyt;da{wZ+zlxNvhC^Ob%h<!WC*V?vH<#<>L?
z<?KmiN+-ou=gu<w0tAw7{5z!Y;~9w2rfJ?k@HDCM8_d?3mu4H0`l_g~#V&&2VVy`8
zj`EANMrJ^@g)DJCP8jwm`j<x&i-AL|(~~9|^m`)*lS7O)_d3Q;yQayp!YEcz;e6o=
z%ZBKCOH)o`vJouGN2dBDRKJ}mNEZhBu8lLJu|WnFyP#oBZNS)2J}m26-4C5?yUmQj
zDa&YkKQFr@s1`HDKR81HrPNL>I!0G45#57&4vsx3J-5v;zI$8C?pr4o&*@8^drv#h
z=vv*9<xPOJU)}s&lJnD_Ha^)RwVr#E=SrRJSQ?bhAssgLbk>S}ggh*#&QyH>kGmin
zU|rolwIDkLt6!OmW6j*u6_{rcF~Kj!Jtu|NTwN1oNKKs?Lw9JD6vk#`kAr2QDtwlB
zojy!+ax@Y&RMhrNA;RzJU_nStoQ#Kk#0GrZRxN!<srs_>Gh$s?X{D>#CK;E~Y)tIo
zed&CX?*GkSn_BRXp(WB|A{<sL#ZQVMgWA_XJruWN<eRB31g|DcPHTfY%&Z04SL@&C
zQf3`+x>D1}Df3YKl=GC+5d!$IiJg6XAALNh;_F;QzU@K>`C-@qf9I?8o^N#Mwp?KQ
z>@S9QsoDFX?6>nY41;%Wq~^Ik?(2%kjCbW6<1xG4<J8`(bK_9<>DAlg+8Mch<t65|
z`wo2dsl>aL_wigIY4d%n#o@cxR`Wi@`f(pJOQs>g_cnXJahn3ueatxJ@tH&Uzb)4-
zP^ACMa=p8|`>$nS==-m~1JS?h``^g_8~<<o|3mzrmh1n{!v8E+FeqH{`uzSNC=@E~
zvHF6+us_6-+2Rd_!%>*bmRn;DMWb<l|3%_TG!~C1Q7Bbvk2jV~rZE^zWJ@%aPG@mA
zU2Oe7ELR6m_00d<a#bM#0ab@)sQEuFSN*|AUJur)l`5mfN}b8pn$04U>D=FUt+m?#
z_s5HxbeD6*YV%hZeChW3{R)$B2=VIY`oqz9Vky&%^xD22a5Af%tLHkynS3c-Jl^<*
z<GFGr*ce##mdlt@DKOiw&erRUYO}na=`4e*fKD%10@*~D<C>u)*spHfJKN*AqJLji
z&(`+mgIJ5Y*64uOTPQ!^r7wc6i|xkLWK|p=7sKnt(P~hvRHw)8+r#53em8Ho?@Wpb
zS(f(Zx0$}>st&|%z$57!e!y=g3PR&^Mz#Xe6eMT-fH$2pLS3}X<^3=(6OO;ZBMIe1
z;WN+V2a#bJ<^;jCtq_MXmh)ys7Q_c{D=s4{ql7+u=<8UfWydcW32rT7X|dRa;v`AR
zd}s&pysGahu0)A#gf2*ylw|U1k{QS8%05^p(K;_7Ct182;(uava-mO^)ajm%ligk-
zHmwyF%yAukOFgo4ygD_`3Ta6x3iDsr$II3AcgoI+)6v`Zf}ASOvx_raUGdZNLoF-+
z@femClsV;msFna}KU6BKn$es0H6Z%AHp^NXOQ<WlAz+art>{KB5(h$mQ|FDddBrCN
z^Lbe}&nT)C#Sg1)R#%Tv6;rovTf(YjP5n1hWOqUAx<kyMgAQ<4$aP(PzwuP=^n60C
z&?(eYbt}7~aC+MdzUgV*FW@4HQ47VMJ=d7VRgKaHi%7%Re{EoTILt#i!Z3<awMpOo
zm)+7~{9ee5X@bRP%CVp8;PYXMW$~!^*Y$Gs<4p3jiGKshBhAy?C+MA1yD)hTi>NeV
z_tT=h*pc&+vKp<;oT^#P^NP0H_46t!JVT$bVHoYg8g3e1!UjnJUgG9QBYeV^Qyx6Z
zHp2dPJa7m5UZ#E*`d3fF9tKiv%{~O7Zu|i<BSPX~$lx~85rxuD`%#h+e%-Nw)lS<f
zg@Y{H8D@lU!?{P2Zs)~8As_oCS_i(zS-qQV%N6XtZ~RTtL$23#QEyD^n&+X+*L}ob
z&CC4+Gd<@cI8yKD-HeeW{ZkY>{hx<*yV>uj1#$xa$2COdp4UuzJ)gP@j5yBsgDg3p
zw=+MzpU0cHUOq9CK?0x0qru%DP>SA%-*Yx2|Mr0BtSv{h@_s*yyYC2Ze4q&NfiO>b
zuLtCUpJ*`r-(LA!6l>j}mUqGETl&zf92_4K41o_$f8j3K`>+b>y<n;f;A>X<aM0&M
zfiFdRf5gPuF*@Z#_?HNg_1gc5hFFDfL=hqcm<tohDn$H|K0szx>&JSSj?_#(Kz}?P
zq+xSV+)@+=b;1-S!Jm(|M<qsa6CYtByHjo)I6z*18Ky{8h!v4006E4K1A4^9)q@?P
zzn+O9RN8rZ7N(PsON>iuJ|w136_c@#kIQ-{CdR{&;(oS^Gk?G*6w;9Vtw@u^KT$|2
zl{O~6<dB>TxQ~tFCc!~s>KCnjh>rFqrjdFaH^hESACoR+O41nE{q>j-+k8w{fywa&
ztz<trRm#>jK5Z+Tm|ViLPxD(sMpqLhjo_CVA)@+>=?ZcX21{8L$-1NmvSOqQaOf`;
z=bE7FNK-DvW2pe7<XoWYLhhxs0j-jRusd)uC*z;_zm76-6;<UtP+{}(h4OhzzND0S
z=W>x>;zHq|Ndc%zr^1773XZjk#jkK?qRJOiqPYzvi1+%^3YLt6DyX6F)p)d6Wl9+z
z5r+F)W|R&Svw6VSR3x+##qIN@kQ-F*P8Jo!BrX|y2v!%k-@1_8k)p=)&SlaimNLuk
zG7Yt~Rkp!ZGFe>Wp#qD=a8ni9Rhh&26HL`YzbSS3#cP@zTXMqDOeyBi6WFO1d=B9*
z^*3L|ieRD|;A2XSOD+_fP3s#6uTY>Exu+RapUYTscJ<9PMfh9UYQph=Rp>bv+$=4r
zkr_Hv5)Du)6eDcS1rIftdN>-L2lcg1-4_=hSYxn6h^_P@Brxymvrd%G1vFRJE`-$E
zznNM)uW)c+ccFRDAesQ(#Z`v13q3PCc4=k2rw%35gJGGM-cHMu%DYlJC^HxxHZ+#@
zr>D9n2yQh2(swp>;)CUZG88R7cb4QR2GDuaHR!%oR#e&h&W7!S`YP~Yg4W{5>@R~s
zSPc;xfCJ>Vw_%3ZhG;YCL+s7B5ssOLShuOe|5>gA2#xV!(nmx%?_=V!jfrVfM`YaZ
z|Ci-@Or`Zcp+3`?+BS7e=k-3RkI<ApDt*F~^*&`T+XT#9ojPFyyieQ5Hf5hmpK@)!
z&$!Pt<-Sgx@_oL~`Xe;wL&}^9;e5=6%RUX>1(nb0UlZYZl4?XRoYC-llBA71snR}7
zkPy0X;_9fB6*ZoRifigpPmWa(>Rf~&F)z1AILG0_Tg63}FH280OHtWa>TGrzwWMyS
zc80K65?U=w^t+Ilm0U$ol&(klKH27PCqjH&uJxd|wgu`S*{+f-m%Ox=2ISZ%)KTSk
zJS=n$@iMxWWv$<cwlr`E*~n*ol8=#@HruoyTaA7a{_ME)Eq-4IXbtb3t;i2ZIkns+
zYf(+tviBhYFKkgH4=6nrT6SG5U2p)4v$5!7z(@FIHMy)6inM1ZAwI_#cG}}Y*AA0-
z+H<+ngk$R4_F)ds$F#w&)3NvFaj*%eRFv&SKK_m=8NNpuH}Cx@2lwK-mH%>C%-LBF
z>o|3fbG{4j3Gry>QW(CI{NUHwt!U@uYmQw`n9n7n#%E#4%)LS0)|Kh1`|zpGgU=<-
zt@r3lE4-;)|LOOgkC^w`F9PR;Fx<NrS)N_InYU4?o_kj@&jAHGk2*R0M`OK(1A4vl
z81|eSkwxz#!Jqd<DXZH$M4po>TU+a@o*TDauanvBJFg$@<K|V~OEftL&ws#e=b!ew
zki6pFw5{F6lkZ27-s^1Uu9H{Uu4@Az{l_ME&-;ej_kGFi`|)4Ci+a26=jUyo66UUl
z12z8F3jX`n-mTjKbicVAxyx7L-p3<Ik85_n4-CKaHs8fIKO=IVMo8aoa{mr7Pl#}w
zb4VAlQ(yN}mVGAwxl_M=4DYixe>8EwKbU@CP<~Tp0Y0k%KdXW3VF48G{spZ*KW>4H
z6an~aRxISsROLb7?e@o~Zc6{G2hD=W&4cKnf&pf}MBzcQW-fo*1Lf5NP&s_p)4Zi2
zon_M9ES3Ux&75Xit<BxsIo13b+=G)?d~w=?wai0o-JRqyf|0|6d6k`%-U3X-m<mz@
zhEHrn&BLCKT+A9>nAL+r&wPLZ=`Q$?p=x1%vh7SPm=SJJ{tl}_$sD0RW99@H1aqgZ
z*5si^Z{CvTfnjH%Ic=c|XMxJ*kp}J|j^<v@?GEngftG9GGba(b<gSa1-ht+k-5hQ?
zP=S8tp*>KpyRQ+k?LKnh0g3LR!)2BhZ~icC9+#nBmFm$PZIRkgkrr(+^kY$jW09lc
zF`A<hE8;FDXI@F^{$=WJq~);??O{Fpf#T&c%VHs#>OPt3(Z=eL+HPT!=}|otaSj|I
zza*mAIihw;qtw!a6wPBZ&m0!igSy;f(BET=D1wIEBZMgu(%wQ(ITAQH67L`rx-p^#
z+9MSI#a)iYA*M$VbO0kA$6SHpu6JiaB$SE2&wU{?;_K8CQp^*4%7edLJ^qf{(O~+D
zoF@*6`cg$C$glf|tS8XATf=+!gS{swtj2b+TP>$2BB{q+Q&@3V1Y%PJl2CXljr&7o
zP@kg5BD}{)y~iMp1%HVL>p(}Sj{5IGCDY%hT!f}3mAkq^CrO`~(_;k(oZ~>Xr(t<`
z+gJE>nuT1mI|YY%5}w&@b42x<dBncOHDRPIn@7NCL@AG_-kn+ai3P^2+6R|sCU7!{
zQlyKB+rPReF=Bb1k7blVqj-%4nY~BBdH8~R_<};a?zm?=P{!z)rAe<wiG(>Zl{uTJ
zyU4re6iZ|W1J5$?G;%c5GsxcKL9udl9TU!8v!dIB>{sIkOS9!(Gb`ME7T%+1#d4P-
zLIx_bXCh*=GV=BfvQ5HVjwCD))ld^bt$t^s%(myzMOa3dJ7lEh*E-1eoD;%!Vgtgd
zk`wchpmFBMEPlue>V8T3SriaqlebdPkF}E?uSA}7B+e#Ud8QX4511zl7C|@`^6eKc
zGP-hUhT!!VsYTEoQx*w-kPsMJFNYQ(hB|OzVPUuDK9iSlQP|2>;v#O?VN{xHZ<OeM
zl;~rZ8gi8yYnGaNmYPqP0Xk5WB})Ko#TFBERuiRrttFKZWe!wyhvK#mrTGl$Wsa6*
znIl#}Ny2h}Ny3zhJTR`jTu5ijG>_MeFfEmEiPe~Y=FWo>c?<7eDVZTR&`}>A<+1aA
zLup>UkQu@2S;vr-1RmiE?yjiN@ue^okEZS&;z5`h<sFojq=Dg&Veu>H0j-{yvCt_E
zA3-yt34RlvQ=NWm<UzG-nO~=AU0j&vXH{Gosng}*GaLbZnn}swRk)amTNpLPZ<W^W
zCCf1AB%U=kYvm@KsU(!C%3;-<6$!iNPBu_sCy{l;5_OjwRd|{4_Eg22nqEN?HCJj$
z?HhG}IqNkr>VBxIcChO`kxJG)6CT{_^Ci+=*8E>K>Vep`M<3Y;+znIZ_2`=<gq*;n
zm+;8;^#(#K&q9ydsq-{UKpk{eBhP08wG{@DTGOI?1%5}$kY*YPb?(SU;<#m1n1{oG
zdUFzcodI+$zZORId1VM?R#bWwBSkF>Y&cLeo3hNW;I&cbvo3qQKGd_N>R0XvbolB>
zj$V3p6<a>+Sh;PP+x$pd22~qdr1u49&aaD@qSMx0q+Ion;&3b8+X<XMo9(rzf$JIA
zLKjVmpJZv9`H%g@fXoi_zy_O5^uo`ge6P;(tj<b6XZ2=h?Pq5_4xo`6(5wY$^#ZhK
z0XhMIu1!GCC!i0fYk<3JNULkat7|N)YXZ<U1#A9W9>gKkFypgp3AWoB_##lR)jbOf
zGMi<31O~DIXxxzM-m>a8ed*rA0W4Ef|CaADbLH_RWZT2(S(fbC!T~wj>^2eQks<D-
zA}f8T{_}3tV?@?_PA&L&*$Kw;2Ufces3ics)d?TnyIIw1IMO?f(qGNpk9yUEzyksq
z%}3bPiL2cY4rhwVBS2i;Nvhp#9NLf7teeQ)cVaa_Z{5fE)vL?Z1KvM~(Z$Cg-Roi5
z`<t-`{mO)aMiw-*{nyr@sP~Xo>VRalUW``1$k!0vlnGEu5y&!l?KPl&HK@@#Jfos0
z{WT1ZJ0i+6@;6!+(`7_&s?YLkNKJI)Hbg<FYmlw0XN7xoNy`MN7(Ke$Qu|WX{dzg%
zByFMv*K4~q{OfZF-+MR$*F^BE@8@`|%W_D{VIZ-3B>9R*szAz4dh8Ns9D08=JKH$F
zYXG5GE-rf*Az(soq!)Wiwdkv}@oTWHy00U8z`eT1_p84)yF00R(sXJv*L!f3rhnLa
zDoA=@ym~6VtKZ<OXL4#v-FkXfdV1ZvXEA!p>S}tnWY7$I=2J`e$h!2TdfLeuP~T<B
zwAJOGJ@cSF`{F(OmOcB?HT$(S3;db|!JG3$<1sd3w+J%e${w{;W=J;TgqfCddo+Om
zp8F1Ah=1(G6`fUKng_o&K$77eaN<V2Rv`RlC%%^McmmFoD;QvJ(_s26kelc*$SmN0
zBcD$#Fze9M`xwCGEP_09lIkd173(Q1NxhjYMTK;`9oQ&)OT~)lFD$7}xh&z6EGyyB
zT&u_(ny85CEbGe1YISQLwkRs=jO+#pEiOwNz?0i@En~F^uCq?3e@(hcYjJKZtj!Y=
zDz7Mc3mf~ad>)RqH?Lf^=#QId0z%f{OvOMTw5@4NLS=L%NwibY){T<&+gT0b@CcG^
zRJu~u{DRl>csDwhL?BBQI?%LyUF6(#@OjqsgqGGCj5j(<#2i?Zl}t3UzH#NQMI4`H
zM_iP~mbEFTHN2FxEnO5poAofv<!8RP=5(a_fxIfZ%Nk|MnqfIx#35pdrs@<q+hIQ2
z0wSB_WD3Pex{M~e^D6ol7~41BJ9jdL6VFl-Hd`m%8a2Yh1!%ip+q<{$QXRZ{y~pc=
z#rj9r`j$F^4zyeCE>oZ@8+!>QkMKKGM{1_gn+&8{XgPJj?S1@O8LyJPoe=%Q<b9!>
z#T}nz@YqdLTA_uZZTKT4t7Wwn-l@&)RhjPt%@AeE8~%%JMJ$9p3j6~&+1-trP2lsQ
zSc?i1P@yH}h#lb=zI8vig@pG;_nvicd1y<(W><)B@4`m*LRr<-@%ZIQWi)1Yl=sAV
zW>eT#T{KtS(B*)%M#ElqUm*8HAyyPv=d_#qd~_|nm{D`8O{aNzux*rkOpj)`Ya)Jx
zw|8BAmgaMkT(YkIebxwn?p<<jm$O%Ca$W#9?&nn;tJxp~o}=J%C&=g>fS>dTue-w2
zS0QXT1@D8D>Qu<=DfUq0OkcbnUO2N{_Tw)YO%E?T9%@G)R{O~EO_OYv@WRUKIMIqX
z;9d9Q&qg<{>TVxU#~%CJTwm(!VEbM-;GG6PEidcpNzg5J$H-mBs;zB`LFAspxSlJ?
z-bj+3zuM~Cpq{V!a+*Wzs}SEQ2;Om+-pL2u$rjwPj@(He-iiOZXCk}*_wQcB;GRD8
zp1bHCbo(Cv=l(Cj0}=lNi5~EQ%<q9B?}4iKfoAuC?&pDl;E{>{kwx#3&F_&T?~wpU
zK)AoF_mOA!k?-eGfZ$1p|4CTyN!0I2JnspKZZ|n9c6hx_ezqfo8e4@iJf4Hm`6C*2
zBBTj2{kkJQ$g=Y{dnY?m)Ye<aT6tq07P9fK9mjaOWPjP;`TBq3i8gkYg$}QN6?L4A
zvD(~aZ4y~+Z$+MQ$eteghWrkWKS*WJ{(4wm4XLjY1a7Zw=+1hvDW45$m9+`V&zk)2
z(a;|iqc2_?$#R-+aX7{0eno|LC~0+$N0`;n?OATHd2H+Dv~4dqUM?>gF?kymL6;Sp
z9PNG+dF^uTfoGrE{Lk8QRog(U>i;Sr_s<t8zzaggXUphUR#t9sRn=QtTj*o}AUvl(
zE>9^hPMolj<+6b^qOusXMb^Vp)+%eUGV?DW(`+@Tq|^Imw#{9_69h?MPaqHk1d7F-
zL0}*V0*MP3Dq;U$2r8^(aQmErP#`wD>eSeLkx&Avgkg1g!{J0MDQ(YGyCacQCO+}V
z5EROhL?)e0k9Ik;iBvYX2hiJ{*<w11Jcg^=Be_H_fs}m2I8)_PwN|>uP(+fYWU@}a
zDEBuuGR<7Rq>ScsWJ~2nIN4>X3U@P&W{ObO4yo1Ct#ZG3PT<jInvFu2(Z9l+OZU6k
z3>yH1>y~}_TCF!27?AEOy?&=FpMHhJYs1iF9IAuK_KNN5sHA1zbtFg2O*u5n?6LL=
z>-ea<*DEsC=aa*tsW$~951yCls4%M_ZX`FS>2kOPU`02T>ghDN1AlmP?Nt0RR5u+)
zJCpk|_H4sQ-;49<{aO7w$(}aL-|I?TFYubXAzRuKjw9PXhpsHo+^|qI+xDL6N!1jJ
z2`9%tv0x?N^>gq*+t*TCDARc%dSo|ni+eQPIQdt5S{PPBy1K2+bODKfrmx9P<mw3Y
zo&oD}bE5Yx^66gW5H1*5a*D~Sar|5#SDyM0y>?A6N&xr`Jr(cM-2@bU*Nrsm>KCKP
z;|)NTFJ;OYh}09~n50yW{J0cbS@riSVVaJUXm(`ph=fH5+X*f~78i?@UQz=7$w^vp
zwODCbT;cPK7tRiqaR_twpq^Jo#JN#f_O*FVUg}c0aS=RX0(s>EeR*c$_xsS(q(GXH
ziUL6Kn{iq$U|DgDRM5pqT9-UzMe3y88(HdC8gKlRM%5RCy3#HQ6OS0-HJb8^wYJNO
z65f+5K)OE%eOBamF`JI^s?kcj(|*ay6wl8v>k8x}sq2<GqAb&v@9FamGtK^@OIfPs
z){5Tpkk;#d9a-xl7hwm0y~UEcdu=8vV|$e*tmXdz6D+}N;&1?fLrd-bb#&cM*QN=}
zP8>txm|`bR%*@Qp%*@QpjIm>8W@ct)#+VsnW@en@{GMmtw|nNB?w)T}|Iw>!<vt~;
zcG0eVBwe!Bi9DQE4078SJ$e0?fX&%De55*#eG(|~8Q`T=nLi9-=3d!1oIs&60dmv2
z?ENs#pvJ>ZG<lhhvjWRu$gmp{&8|f(v*{=95A(fY>djGqw31O~lq%HX9C*ToFVCd{
z)1#F}lWS3~jf0ILS}5(zkrfZfLIqeBan^3=nY5)-SVlC_IZ*}&E`yVe11aEC1;>;h
zqota=Ax;%`Hq_~Pr+??T*}=Yhwr5LLW31ZEt(T*t89I-xyJ}K9b-vX$?{|~ag5#CS
zE5vcUzy8Bq?si0ll%K|>R^0zmg-VFe<a$)TW^QrvHUG=gON$_<`?dXH+THb<zoyLP
z=2)A1Wp}>j^F6C6qsYZazU6}pMlNuiQIB3yE$|nl22O~fQ;8?mjD+tAOdtA6J!1}p
z?{VgHp&iD3?gH08a5C`_M^<>i@k!oE8S#9=Ad?o=O}EdH>s+WD_xq@(9c9tLi*Z5a
z_4$i79PxYu)=rq;1n(HauLizD;>bWrU!5<xO#CDY6G4hSIw-Xb{1gro!J6-Nzx6T+
z(8NuI81m_UpJ@<asGA72^wmY%W)ftXod|R6(Z#rK5ahU-2={!ihXuhb#KZH^9`g&v
zsD}~zChSBY9*NHNXJsJ~g-L&=!}WHmzzRic83jRAyaxhfVVO9apH#TmSpxfmE@0;#
zo55S~jK(4=vofCHA#3YI1_R;Vi1C9#xs*OH#-ciT2zIGSKSaEyv&Zi(1jm}yXuT7^
z8itYUyBedH8$rgdpd*Rd(5i;W-46;x74ZzvMbV`XGF$SLC!CICP5Et8tw5I<z3||3
zJUY;run0TFf=fvp++frhOQe*_pv*huiXA+KWSWa=BvsJYN_9<TF_?X8(CbH^ZP-_J
zt`5zoBcw=W57cwYoM$Jmt!l3<%o&1KbN=qq@TYZ1_J?h7B}LN|p+t@9vWRFk)rSeM
zRiSh^T4RnM+r^Q;NAhKw;}(-taDD5B^W0tM7)gg@%Sg^VCASf`29VLSOg<{B9c~Hs
z^J2%x)l!?y5ODJsQRsV=6=g3(NDZpI5ZPGN7JH7SQ^3Yew}f5ifG_FG&<K>@d)104
z^P7;`GAOp@eJVhsBO6)gQ|@q>_4&DCIDqCqUx*PVAc}9S;?Gjy%Y3NIQi>v@oxJcd
z&#neKbk2ZvOL^79A+ux@`L|HB^wf9c+N$T$HHKKyfuw5<+Ttl)-r`|V*m{MmC3DN#
zL;2Q>8HY`?VinWugawRR){ngC5(rEhjSfN-WBPJ~8$(#hf3_OQWeeBP4pucS=Gw*i
zKB;7X(CkBJ6zT{)nUP_Y$-_|6y$O=EJCCD0>_c|uPBql|s3sR?5Yrv_Y#C6vJGwYS
z7is#gfH}Qi?Cf`#`FEFXHcc}27a<OdKDsb;CgYNg=|J-2X}W_588hac6{b2IfvPX2
z$$AVFiGz|ao9da%0>qLFLoROEpURJV$;NDkHS=sfbAQ@#3PNqu6SzcGkKLgvOB}WI
zvrXA%Gh~@t`0dzdn|9q|$Z@+c=J~-c1A^U%=j-CQzkpp9a;uR5<KjfPpIr_<yRnGk
z;$(cET^@a_v4rE|RQd<|0)BQAnfS%&d;$9+`BoE!`o)=YKl>7Wc2kwP#o78k`!f4h
zQ;pljx%LkZ6~EZcbiOXl_X{{w#kQImFfJ{O`8m|&vYVSIE-lXWIn>p*np-$7Ev<cU
zZ0KdTu!&z<-W70cnrXFgc&T4nIrVdF*=DzNnOj=D?Q?9qZngBdU0Qqn;M4)ZVfFLt
z^144p2Y?uFwTzeYXI}P>3&Z2gNfJ#PWiF_j+Ji3GGG*iF<}QavB03VYWDC>sb`Un_
zBCJA9hC-0J3A4;PZoFmZv!!#7c^hKrCL8cA{cglvA|my5d54R#iOcu%Wdd&UANKHu
z$xICU!mrQ!?Cs36p=q{(lBs)Ar%hu%C)edZt@|^p&i#dDHx>Tu2e^VPbH%F;+3oH}
zn(3@7mm0U#vaBaE@vQ6398N9KDF>>QY#Y$8j=i`Zn`V-3Yw7HEorbMPap7+3Kgykk
zEL$(VHCe`vJ)H7HUpVH&HCY#~CGJM5+b&{XT?esG&ztL4uZ9iWR(?^q3^Z$8CYL{N
zz?I*x1h3xawm+Anraz`EJ>Mp3a_rl4JPmw(y(nLEyNE@19~XVSo9=I0Ox1Kc`M7qs
zHs?_-efp3oyZX>p{xaV$d3%$ec6|c(vO1M+wj;@Ytpdq$Hq7zL%UR#uUQEggeCl}C
zt$WF4&gpL7^=Z#eZa;futBh{@c*XHytK;)k2i*Hk_%EFZc%6uJok)D0U*tNG^*T}P
zI=}jMev9cu&FTDJ)A^%^Ta>5mXcGo31Q9c(27S468Q>uz?g~fh!ewg@mhBQ0?K(j1
z!Z73U3FcWTc<Cx>=n^093Q6X{IpX=b)Kv!6og7_DT>?$3*0sgUOZLP=ZPqQR+D%8-
z$QV<fo6RvT+c8(&{VLkT_QW<u+ssOe!&$?*g3G(|uAS{Y+v_14h^O~udpw$1c*Hum
zrg;VExbCZau6cWyrpx$oxNc;bW{O#4j(P<2dTKuMA8oRUJ~0*_wt|K5E0OigY_dw1
z@Ux5Jtv0vyW%s^6;+K2kWd723x5P!Y#Wye7qc+X8=h~yi*2g|v$=kwlF4}FN$FC{Y
zXI3MiaK&f)vGIwO*T79c8cp!x2S=W2ioIUHgI&L)Z@*JazjIE%%W|((3dfRZFRyPi
z44q*23$LIF8k3uEyGRJ9cS!G=ET4T%zn|TJzwbamjF7{7A%<x|>n|-HWCOl-eVk8y
zHn>8TYW(JWLL5DOS~1;h-Kjx(Fkx~69%B3<(|rkMZTdMp$t`@P$-OosgK}bnW?y>L
z-w*lZ2rT;WrEdvDqYY+03E6xUj%w*sd+N^|VM&|j&z5G6U+%xOWzL=!>~<aU?inl%
z5m{Oq{4K;%6jKer2$#kT-kJ&*>owKL4ZFLFB>E2J&<PNK5#|WasEZkTB<<&X8noEr
zX(eMaa}(A`5y>JOQ1Io07OT;t8|nKZ7I!rijK=<4Eb9Kq-$^Ij|3#cvt<~3Th>n%(
zMGdVl6s>iJPptm1x5Z7&Gr5ODPUL;fNSc{A#B!eyACrt8tL(^#Ob*}b6yK^?|0lLl
z%W7Wlqn=^C(WH{Wp=r*h6tN|~{y%2yid)>1BR%t5Vuv-NEOPbRBc16zjF)U<<u#1g
zYGc1kcrV-}Dc$(*Q^p>9#-66fp0~zcuEt*9j|0f#VEE(U^yBaN$KT73L+Foxupfu~
zH4YU!4xKv=Q#<~#cl^`LIPCWL=j(AehzWS)2?YEJMEVIN{)sR06Uh1#DE1Rye@%Rg
zoj}c<fcsTkL7nx987K2oK0-9v330BrO%5y!c3sz3gpCOddMrv??Dmba7nLmH!k46V
zmg?Cd6hik<%v5YyL>WODY-j5#RAbDeC_Do5NeWmpqT@_=;>3hbnQVmAQ)zOI4H-J*
zJOYs{s?j*oT3HBc*<NYchfWy+nn;G;97c$A?iE?-gDHBMX@sSTcU5EnO}gMH8aM2;
z+K^lbc#KP;9Nq!VQ4xtB360)Rs^J6mH>4r#>R=0#w8?t{JZ<WXLPF_MbbA^ZqeTQ5
zFrxR3<c3KzM=miz_wvK=Gt-STD!r5|*fRn$gwTjpu(GK#^c1r4lQ!Pe%C&OLrPC(*
zWsutCok2xrxrFs3W!pvH-8V=J=Mw>3%7Be8?3MYg#09M`2nEiH4)>p9Ux*98Wy>V;
z6gt9|%5^G6-xJFd&)cw*UI!t098;qhS4OY|#r~0d%%oVXg58@eu7;lXVW(UmDvwv8
zipZ58n=c4s`Mg0=$=g+wabEF6Rc?j;%@MsC<(zm6Y9V&xYoL0m9r{9ux#C9F_aVe2
zVsQkIqCA0La>37~_9;b@xn+L*R81S@a357-SCm_d;O0nDJZHXcHOy(ylnckIgn})R
zKzt@3F0-Ld>HR+6-BnuovnZZ^;eB<S2F_<+c2yLZj9}!_CK-zTB9+XQ`9DEQ-4Ipk
zVlfom)P4MvrO4^k8S$0!$(_g*xZJ98jd}al6hBuMg3T!k$(2WAWnR!BO6?&sr=S%^
zwpDx1m&)(M=R_#Bk`}u{mmW<hPZ6gwtki6ZGKX=<MrKNfvQ)bwDoUPLIPuk+5~I@1
zi_?)6N1Ik!lhmuK6t!Db`b3tP#WgSwW=Tv-gqR7ICKoQARri9F>v|WDhU9UFiKnR1
zu1Kh;5tb&s$lpz=V-zoJuTW}Nsy3>B9k(Y<wUK{0P(G5^JkBL~pVl{vK6QY<I`FI+
zmb<=3zjmFfS{6#Cg;*X9z8ZjBGzgJg(WTk7fH!AO6;4hL@1Sb;OBI$w^IHB-&Y;$J
zjitNmRR!ihUpSQFdsnUPNglJba=A5{coy$$(u?ucI1o_b1zvPGBPr2tl!9Ul7Jena
z|FDFZr&4WSo(8M9KqH6r^1Vq|ry5qb3^fUt7Mm!nkXJo24|@T#uk>RcQ8~BTdjg%O
z);K-tX<c*O*WS%ORCo^vV#Zp9peXflVP$YpZO-3w&^z<z?xa-<XaW2hCD0otG%5)&
z%PP_o!1)x>kbE-zWNb=Uj=d&ExBTt1ywdT+%r?rRcOD))qGe{#yTsY;z*#eL!i&Vd
z8fHCncS`)Y<Q{yz8f^u2d>Z4Q+sYCKhV(SzX&Ay5iPc@jh_?C07KGdPS>mBIx#E~s
z2I}-EQ?VhLT08}YNQNg5J@zjcm=GGsG=@~<nfwL}jxQ8gmLKrkZzehHm!D^_)#G-(
zB@Fc+4avH8iBx52lQX*}tME1q09+$)1|z?+dh=^J6$|oEjx_H&hLEy}2$cOug8e9l
z{b+&x7=?YL_r~PJgpv=dU!u~rk#nh8DuXum@Z}9OT-LdcCw)Dt<2W$A@}|?`j9)X2
zPr*#kXuf{Hk>#G5%<{uxeKr<FI&i`_3DlVOwa&<ilcj0eD7=|N3Nk5OHF-sl@pz$w
z;E;XSm0NscL=AJef{s-;JDvW5-#}3PHK`ID<B#c1-sms2<6o(|D|vnH2htkUw63%0
zvPZTosj~J*MtyTTxtel|`&~CHMi-mO6h!SOsV{o4249yd6iSN+2#^ibO$d+*=Fv%t
zzEc+QuP7EN`qb*#K1U?#Y_%Axcy5%~P98hA{>hCXTt}Ig2Gdz2NZoWW=etqZk{~Kk
zm~)>A_g^gCps=v{K$p_0*NL^r$FXsCVg4RT`<pWUAEok5SWD7C-L%oo7W>mBp|z~%
z#j6Wt3JcXn9Q{u>%282jCj^@a%%?o63Qs3nyYy$|VOtyGC)lgz@JmUZFvySF+WQ43
z_v{)MJAbG(w11me)fcY9ah6Grp82EH3=S^pyC1<Y?7(;~C5vy}^qvKvt{{e!Bi9#O
zUe6q(D<L(nzhWyur|G~!o~oywzx%4I>F{E0OK~PJb@YBs6M^vCp$ypv%8R?y!w+F+
z7`s-yZAD!!E6juHl40Ap;mRl!I_2a`A2n&3Z*&BUk4p#Di0dcuUn=O^t>N+}!Shxi
z9XDURkuK;pex(1Q`FcTHZcTl2F!)^=F<!Nl{19nQH}dBcsb?GvEfw1w9;4&c6S*DT
z!dZ^?A;Fv-#n*DERW0D<_?yA`;<hHNtreeXC^_cGQUo<T4a&Hr)%%k<VDpNsjwEuX
zg0iq&#nV!U+@W>C@`^&&6;}V&Z|g(7eSA_0R@yf~Oan+)J7G`F-ED+V!=FoCN`H;2
zn_$?Mnph^xqh{BhLtWY=l)`jfQv>maslMXnt?rkf9W@-WucULg0;=pLuvD#H)sFjU
zwaf|33<wG8<P9m55lu<*w~yK-?&9O*9Zd|>uT4GMXOXIR&_sXuznY@sRt;L*eegRn
zSTWvAoC#FC|Eh~TE#d5?X|6J58q<6qKI|N{bnkQM?DKg4^P|hpA1>a!&R^IbVig{8
z4IlCxAM*Vl3gRCM^B;;dYrKGeUPNZp#(JmpuNRTAu&}texU{siXlX|PFW?mbUJXXP
zyu30pGCDds*4NixUtfX$o&I<FUom0dzyF*6eIfbnJHZ9@3ZVXf`$BTk`!Eu96B^=w
zy^tK6G3E2V%7ENyCPSfE)zbrgo_<3q+fX*Hbf~U$sopA?LX4EEWUkBsHH5vn-eSH=
zC3@#rH2!eCTLNNt=JD&PW}oSgx$DE&s<j>$a>7+Nd77=^48pQd(WaXHsRG)34baK&
zaIQjkIB#F2TIaVOvSu6l_d|oey84snA;tRRv7}R$x{wIQ`L5RRwOq7sPN#hh*sPvP
zu64Jk>)nR0M-**tLKizz#hR2q*dK4R{tTx}Vp2SG^}b`(Xko4QIDY=ckYaoHysK%S
zVXwI21%45a;xo4Gk7bA7sJQm)n?XYKufy~FOcOLPtc?J?IHQd~qPzkfaI(6+jbJM9
zvp*qph`oOVAB|&lZ81pXei+QL8-5FLi=3Gag$2v#h!SJi--?zJVBUz91s~6fr7|eY
z4Ji**f)7M?R^Cjgxi45w?9q<b@>z%!T(+Or_eZnz3KhV%aT0)xOB2LyjEI6MAS%cZ
zLkz+X_BSac%BqMR@Je`}O9Y=29`vm+H##eUIR2e9NnW6yA4_5Z-9sXLhIC$0QH)5?
zH=|-Nf)7c1S*lScuZN`#QN~4LJ~s!483B_br1?3_LD9J}3PHwYBMhoDWt4#p+u%eb
zB<A3iUElYLOErj(vU*TVOR6#~Od{gbO-xR5Q-3Cw<Q$S59<^L8zCRWzD=VUmS!ioA
zk6rapHEq445IyUJYPLHSZf9W2Z7=IuG_L?RM78Mp=A*~e_swECU*a=si(XHu%@3mv
z<Yp&p(ZQj^i(yTQC7PTx98;=Mnq4uoCe|Nr`$L@d!^Wd(8*DYdtDI9Jz{I}h&~b}#
zl1oj0;%lXzk<w+ipOTOrwVxGHRj-{^bv3`?((z=!nNcZ!u9-2*U#VLbuZO)^G6`09
zSaz}%XB5!;TKh^Rbbn%cH-KwOdOrBYXZU=R7@{p=k#gZVa@%x_sF5f6qlD}q|I;PQ
z9s*1gmaT&3Y3GAKrD1V`R{avryp94xE_u||!LH3Mw;KB=9j|4qhfzzR*XNanWo$cr
zkFbsl<CN(w7Zc5)@D~`m8t&IsKXMr7jaVfaZssl99j~@Iw;p7CbaT?Z^H(Ke#v;lo
zJ<V=t?Xzz_caFi2-+o+|yikn162~*E_JMxIs^SXz5^ke%_+z?-vGEAO$|T=f9K6v7
z%O9v<PgRz%5D?<oA?u?h`0_{FsV4u+=RuYc;eb~yqEy7iZQpj`(RZ5$t>uH{ZYX?O
zH#CYI7#7C`0h2#45#tr<@l+yQCB?FCdm#Bf`JK9mv@Fe+DfLp=NC&$PuR$bE*8Cc!
z5(XE;mFp`In5>{C8e^3@2FHtpt2+;~Qv1F#|ACJ~;oNoh5O?i>fw3CF#&#_@1N+sl
zty=lq4H8Tb8*aZ}0DLk^-A&^i{zYGX$~m?JTY|sEUXtWZfLaO~CU~_&508U+a03q3
zB}0H<=&zh;m=-*K4(LcJn-X`W!dHDUJ;9NGzmgn3IAXwZnK&MjN0%QcHho5e)Al8g
zp?<$lt=F2(_6nV+Dv%mVB0Nr_=LczgLcM&MZ1|`vK3V%7Zy|Gd^80T5Lcq$)<3nCL
z09)|)jpWZUDR*+vEJ#CA9W%asA3_WG2t_!#Uo5l0p9uvRhb97WYBI54_oc3s`@@p1
za)`tWIq8cg<C?BAkb4Qq4Gn)=s@MhLjP76abdAM7e6ipNE%5j$GM$A|s}GI4&mU7X
z#Y$3}FOW(EIysJK%3K#IjUEW-E>4&2)I>|o6e)o{aDazgml%l`3$_l;`W{rta?*RL
zz?#f7E?$>8LF@_cEe*{9e)Q$&?wDGTqVruCTIKHIN4y_8=KB~JfQaJ(9^tGJcvOW7
z2lNRA{uss4?<f@k@+C$eH<Z8<Zff%Qy>t~nE&yWGiMjX1(!(aRV=&XzX~%>X%*BeU
zh;;S-*XCB4Fw3h$vvtO>$3}vxD$^`qYm3miOw~=(Hbr9UYWd3?>W5ciNb2!~kW?lt
z`e-wIhxPYizK;adQBY;tG?EyTfv1UTg7G;vRd-sbHxIA9JTMllZ5#6sA8K5pd~3a8
zJ#%$tSPe!`Xg%W(bUS=peiW!9e3+qhdL7nW->GXrJF)P>eO;EH`wRf@xB!62Or>u_
zkr}nmqLSzBm1L!IdE$5%%^R&8RPh!(f<ax#3a|HM!~hHzjV>zH3IQ()00u7|v)#Ng
z-PBNfU3n4;Mz;JX4Y^14#YVO7nl>F9*&vyQR?%k}p`XVA49x2id<)GBpY{H?OxQ(0
znVa^F5%Y-P@r8M_+A<=<Rd>sEMFyDpG(xqqhlRy)6ug!mF0Vq9qsN6^?$NR=EDXJ;
zK}~^R>VjZ3@|5&yP2g3^f!LZe&ej(>X&!Nt5)_vS2ngHKnFAx)#|MJ5pxLqs7t@Ug
zl!-oxn~Lnk!=I5xzsJMsYVyU8O;la^kWFvO6R-DQsmLFf)*TA#1b-HdCq8P*Jt%I<
z<W-r6E6i%b)N{j{FON<p6*RrvG>FTb*#3~PhEM)hH;<0%sOvj&tZs|`$JRh9&uBVm
zwKNX*x3bHjLIWbEo#Z9@j(hfddF)H%rYZMQdn7c~5B{}X2yQh<sr4-v&}Xg0i=@s=
zDGQ>BGlReM@r|#Sci%BGce1BlJQ}<1D3{)kZnNv47w4?KXvhx=^^wOMr|h}$I|)=!
zU}SABwzsRWXg8)IB88fXvV5JNey3rdS)F`jHgg_6Rk9N|%-&-38E!fHy>v38*ijQX
z%0^aNQLQZcl7-~L>YpX6S#k^l0`R9yUW@Z$4vH5X3CQhrq^~xFp%T{klFb{z9MQ33
zdlypNkz0}`4`~IWmrFP;F^K&RJ&>upuQ`g&CvJio);nZQt(dDWQt7S@Jt8;N<*hv>
zVdNWM)3w=cUj&IHpAS@DALhr}ZtBOLPh4NG8SdM<F|MC{rc-fB(`&EH6+K$()BiBA
z#y3s3xH?T}I>IOjdHZ0p{b|IDVc#+S>__~`!QceK)>hGrVM+_S-)r-|?UoFM&^5(-
zCGW7GUhnd}J_mTi*3rNxcw%38;4po`to6Vhup}hnMBYQ#7yRj|qXE~Ti2sdZAHruN
z$8!_^OXciOl3lL~1D{XPKk2GG>73{qtA9QldNBET^6$A4>~Vub`M~=*%0O}PE77qs
zI0_rlDG_-p&U>+<&`v=5Q5t%S5aAB(>G+We`q5T<vE}(0@A>Qz`aWK9v+Wt$%@a8@
zxd|j7VeO$f2zeVN_#xc+p%bx9K+>^0{POwcDPN!kKVV~_WPoBM7z(AwLL0zc9pEtM
z?HC{E{FU65=m+(+D}s|3JFc5PfoJosXXkE!{ha?su04?xRRN>7<2-(LLooHZZ_5Bp
z`?rw03r<cH{{SM|9i0#uNPmNGf#C@uPKrK#Mp`xVULyluXhf9zv0kGEew=@TyM+AL
z?|%L%K-g3Y+e-*LXb3x+4?B6i3p@K3e!&!er4(L_pnI1P{?HKqG#~zQ7Y?9CfHOyc
z8Hax$Mu8lJ?}&-`6o_m42P+aR(macxBa*<LCejWE%^@oiAu+NK3>)Ph^$TiLTO=+X
zDmvC+q#Gh8>_U{j4vLVqNV^`w$NeY<;b;Ty$mT61MjJ||7~ak;j(j^z8t7<7=NPhc
zT+TrPKkrDkDqOt8D4Q%oJ83Lzx>x}mJgg`}qQYo1oY)s?LR{sTSnn8vKt%e$Fk|O9
zvjsF5W)TNOJRR;hBj|YMg=o_SPV>h2-9NaemoYwISY8V;Dbfke*0H~we>`?Z1~8*b
z7NVn|^3dhPo>gPTp%SX36{57>na$27rY$7a-Qw&H#AijtcO}G0`MZ^5xfwdT5;7*`
z6q3^9L>cq&NbkpLIY((XCcnc$6DN*xa3<)wkI2<aqLz*>EKHKi!YSQP;+-Q}-TSpQ
z6JWjP9o(SNFz-ZukE>ruwQ?V2V~vMRLsKlD7Rryan~3uZ+#cw5vxH35gwiu5O6RNg
zhTaKP`Ih{!&%N=LCacjlq$>Rt+=R4G*kY)V#9xu+gxSR!J0OP0Z}D4b1XJMLH=il!
z%y%kw5G?LW;4F9>&TALWuZYwilgumiJuwr!)xJ^EBl-Ce`Tt7D+^*030mf2UpGGu^
z_e_u#tjhuf+0YCjiOGlaCdII7XActFrwO{|Or`z4PfJEkx3}|O4D^XtOy5ZezI!LB
zy$NrL{MDseSc645k~c3Zm$N@Ar>Z|2CdtVN(rnjJ<6BZXnM)?TK>*jcKv@6WOeH^#
zhI|zk<bW%#$Q+SGKK^wder`REY1slk--3OlLTEdoP?ADzmckFyf=ML&;Y|f7(mDP2
zQYIo!W(PT0kjdOCTr@C6ue99RJ$4k3Do%hRK4*N98Mdgw5PahzVslfm#uY!(7QZhH
z(~qs<&%G$7jY1!DwYLg>iVwIJLb<sQc)rB@hEFlO(y_DG2!_B2?`8{^Ckc(dD}2fp
zqRlOJ%;wWnDg5{)Z%4PxLRQRs8one5iB2RXX#abGNimCb`Pp9i4;gM9m;}bE@=_DD
zXIvh1?s#TlM0jS(ZWEz|p28>?(GPlsDM<z6xRvcem5EK2>biUyn+0Eb3ZnQ5@kF@?
zy18b15a#G4_7PG@zwpwsCX#RQ)D`l;eB{l!;-P=!;bM(J5a#7+{@(DN>D>>K!|x^d
zU=>E20xG&Blpm{~L~!jTeh3MZR)|E_7IoL+Sl8MzCx0^aD5;KQc&t#~H)b4QPSq>v
z6T$RZEJO;f40Yj0W39K&VGqfv#Ck0Ic%2(h!tJJ7?-E>9eO1@g^hI=-`%jMNtq*S-
z0xv#Z<FjI}D4*nkUgfnf|7uMUzjp%y4bunJ+Si;VG6w!=bUlRZL-bylCNoiGKb0mK
zusQ+NoU<uM^j~C7c4hIbl1Yyemo<$Eq>??45-pD+$2o#kqRP4-EI-#YJT=NFgQ*Ow
zw$gAn=i}(m{FKlXR3xiak9(9)36}kJAkh)rIy;P56KrRQ%&J(cDH`v5YunOGDw&|t
zzW)Q6f2b|%rnPv^s5rU3IY9I&Smq>HA>q0m8>IsrO>gfztu?=xQ)~x}n(3$Ij*}b3
z{v7o))y^o#&Tq>|_I@Ti=S4fanqQ7ONyMbF$uM(&0TcRZcqJSJYFsm4JdEWP{9>)I
zcl6nhy1CGL1{5sOZac}JFp&Cm^7Xad8S=C>SULIlRY}=;ZIL@>0-U|S{{m0y5i!$r
z%fqOO)s|!HTh_1m?V2weke-_m$}phem=rcT(<>&XK9CgN%GXDUY|R<cPY%&VZImmh
zhM-o`WBU{rN?P~il;hSifF7s2{z}*!@e2S0x}(ty-F8e!>kLD3b*|(GJd_ney9Tn<
z`sDs(xPK1{a~k?1>K~2_KvNl(mjJd5U1fPDG6XouM}wEr9gO)nu4FxZ43>d@*8Q`s
z#k>99W(cKhgOzNCRcu{i3d51|`rv@R)ND@=QM(t@(DL%Y;HR&{WTP8q!_UgUcS`J5
zQhwL{8d*!hAOWX2NHP7HXUa=9*7DST<Ytv}pZMfvJ|8!Rjb_G%Joa9_mxH=!h`Bgu
zGtXr1_vm4Zr_4CwiV?T>c#$$qnqbx^^sLXYeQigM-EP)D6i0>#CcEXW@z|YlpA{p&
zS^&>Pzi_&Xf2Hj=8WK6^1Z;Mv9n?)UFa{wNY5X+GS4-&Ku<1o0AMv4?kbRm=MJ$Gb
zq0a4QVq+(3x%)kqV4#;U^QqomXPZ>STz6V{nrw6Wi6#qdH=A>48hr&}(_yS9Zd#Mv
z;MH*YwcDAHhy2CZDZ_sjD4Ko0nUN>vSUn#IFOsj`Z;1svw|_K;QRB?`orN{X!vCua
zCrl2G(ag`(UnVUJ=47*$ozo3J+BMX5Lsmq?%qRBqvZGq(@J+Hz(SPKo=32Y|u1R&b
zf1ZaN${uE%fr$6F81Vd<5CnF|inT{kiSAoIY8jTgBsR48$$j~?(ALwEiLE2mhf(NP
zcl`1?|LhaE%kpGqT<MB5*vf^_>Zd^8N#f=6cuzfsK<cI-g+<q1@qny5!m)?`Z!j9<
z@wrc<>8$gnX{n=4x7HggYZ3##_u{2{u%(c{gY1if=Gj9~MCuHMd}oN$f31Xm$5>7<
zT8=gPqg#+K+F*cjVx#2l{rgTsNj-pXFUWkrTg`A4;st}|C5(PG?pQoku)%kxXruaW
zb0)|N?KhGFQD)+bF9HT9_h^8eN}$Q%7Tb#po$bcsC@U$`+IYfHpZiRI1M3viO8?%f
zEz{<f!nW4Sy80?Bz0(fG>iX=1RQkIRtn6lrAxn~n1-&-4Dg(52ymNn>u-*w&0=M6Y
zj2z+J=v!a|fkAg0iF-B%3Z8+hd#_*DoL$n5pnUU>HqX%KZHD%zjdsqCf2oKEnyDRl
zODw0DA7m@<oezY3D%+WO*qJ%riCbN$TMc3lTXtS8X<k+2=b$Te-1QpqNaP^i4BeOQ
zJZODE=RfgPN=UU0GN9y0Um93NRtYgJ2$3f`e4nth@Oxp)Ut<w!2U+E)wc#i*_voPD
zWN-E4<mKdS3*+>H<Mc}7^v2`#F75Q8?euB&^o8TAnREGTnG$%qKLqEQ+crjOWQ8s%
zQpTr5_{b)P$uo-Jvz9%A&oWU)S;;>K3FC-UFx$^{mM~3lBJtW25M-iQc?9DFF94eX
z7~}KifOFo%1jdhXiO?4sgR$*{vGR>EI?j>oYsn<1=ZIY~9f7f|#Fwr_wUCl2#x<mp
zV^=Kn*Mvsba+oqols{F|uRs05qk4__)`$Hi{i3-smNB@gw-8bN^!hF*h6nR1KJcm=
z^~%BXHsk3slsN@{GIbpL+<Ed=lQ|B3KZXtN%;MGa`VJ;B7Bw-bF^X(0`F`;NQs>6z
zH6a#G*QO@{*YZB8{JRTg+}-?nP4r!mXPmj^Ls!hhSpP$jr(mw#4QYDRXVshUo)wjz
zp!<4sfrp1<!5H+wauH?{<V0RfXu{4)^cH5koSHL^;rm|h2X*4aUO2pI>)6)Q$5P9I
zW==w8&MT|HXQ%QgHcqsr*XJzB7pC;fpOkR|;n!uDYry!}m8SV?$@4uuuB8kvxFrry
z`SwOK1S|$$0DK1z0FB1s3xxo@3qmH>=t+>?6bM6S_jr#gvn3RTFP_GiD6=gRN3PzM
zBLwV-CDEI&_9V*Wi2^WgFYmw0?MY?9yrO(RcD^c*_J_sg`1N3=BT*z@s?q!Rm1IIk
zhfv}5V$n)n@;Lfp#N)*()QLX54hM6!3g)T2BW1Z$jZ9H*8ofojgY^K}LkxiwrE{IW
zP~O#2qWaSLYD;q2FxFd|?K<sUf!XDS>XF}Bw5NK(=Viv@5tLP7M^3qiQO@_PvmftH
zW%8k2kTA@Y7$p3VQDMqkt?q1gMw6S<LcU*`PNq=Dr+F-1-t1Xa>tg<RCN-T;Y~}r3
z)=J~D_?x~C)A+~jQ-(<N>g~cKqgBDc$|YMFQ^<Qgu8z$RS}ErDu%c3(5X3lCJdm&1
z6+FEe(I3eMDSYAbuE>@Px+5;YbF=^?Nj`+$O^KRPJ`~T3j{>=P8{t&1Tzr8Y;DpQP
zeHi4E(ma^<Pv@P%;62pB_~nS!!i4E~g@fTjpDIL1%Rf=If2$P>>ieF3fiOhuOlH#w
z?IU;60XE|sF~YFICnLtZdnH1{dfG!P$$q<4Ey?-%o=%Dz5}%GYZY!Ho`Y}SsuKl?!
zCP+e<Ft<iVl(JW@QV@IF4twqU1)Urvb1adptmG>{y}Z04y0C~i(l7go$EGhK(=xQZ
zHq;QmK1IuGdO|qJD<bfIQE1cS4^mh&Yek+SnbRBRW*8=u5Tf-Cxmm!?-DX(QYKLG{
zyY+)0ohJR-L8HD_V@9{o5vN~AtmbTHg^RPaJTVY5-lM=o=UO@|ZVgG$uwF8-Jv6nx
zkz1wSaTTn%D!aKHH{iPF8>eAG>Q|@fP07Hd7b%zq{imc(jB)#6UVcbD0QV$TZznId
z(IDB<qPCGd6uszA9A+Ge&YBg0iu}7U0T$!jc!MV6{B%DSlfwMGCX?dwJ{Hr``n2zY
z(ZxK>`ece0bj0yKe)ko2kLc6}CJ-MAmy&H>&7n^sV2M~P<Iiqf8Y+70qRjNX%VM=_
z2TSHgKD-Nyp6eT1MjrGe&U4jlUQ3CyFfYCOrYCkk%W4<Hb=q8+>WqTcuDrGq!&zV6
z#ArQI+MBSsNd2OyxoA4Ja*;rKx?;`1&KY|Z6qW~N92}yFale^Lx$3+vj^pmqQ&Jw}
z4BuY1Z#S*2w_w)w$6mdz_WIcR?w#(b!qOG7CZ^4;>s-Ob?Y80L^TIi#!sBkD|LQ9h
z4Li8VnAayMj2n0(t~UG#?~iC&?;;hspcSZ`;nXtTQ#x_CXovqqds^pbW8y|sp!CAF
z%YYDs#6KDBab2Soxzk~4n-vzbW8{l{?TaJeK~Ji1CK=JXU?S?lbQt%AMavS9N#MqP
zDGwB`!2t7b;KRb8@*Q5n`ht+a5Bni9n50EV=t;4uyEB4_18FS;<|{E;9ksl!T$auk
zrf6mtYD=pvC=BxHu1KO|A%o@N_34I^xyEz+cv`(1#Kr-p$-r;~x5dF(Jv0Fl3!I2*
zy~pW#&d|p4sA(kOZ^BvqO%aH}SYYa3AQJe9!X{$S3vm%HzjYvs97IMeV++Y_M)G(}
zY7BJZwZYSg>Ff+AbnzL`yt*&+hbkfX!0Tlocn@?_T2L8lv>1FzzvDL_y6_(x&O$Us
z6~*YY@%@uSK!@HS0;NNn<nS~=S`Ue|*J~q*zQ0X#2r2d(-&VIb1g(xlfZE+pCZ&(}
z4->VLAcPE6rdAF<+mG+kjuO==5l=hkG)>ad3RjunPeg3&IAhKxM!Yv9dnsixlhRew
z5qS97-?WR8>Qiz(D0+<>43cDj9@~W%;Oz=>(B}S(^~YUn)Yp$Giay7)XXhm^ko0~S
znUJm_<xVY<yG%eh)<^RFTuVYBnl%H%-4||8bI|sQ0X>J}nwAhf)JWoCHgEQdju&=R
zcH5-j($2Ts3RcwgsOfcBtdS=9@Vz!`K2w*AMs#4K7#R}(K~Ja%LuFX#k#@6)e1(L9
zKcYSnbTadBMHiyHL};<lMIs5Sw?W~KwYk};$lP2Va@}s_q4|PI+@Wv3d^7#De@XUS
zl1D+sXp8~BDztQPQFYKqa%|FIqLl%an{0G-9Q)!WwlbR0<VCYG9mPOp>Y{^4Df|N!
zYPzM?o15Ara})DQT%~oMYnq<Wax>$hxrURv^65@elNH>t@hEvaD>8C)ST+?|;#1Sc
z&>xccZuQXq7M;V`l-kcp3SlL6U6?Ou0l^O13rfhX0E2}K|EKupHve{X93w~EL@hgT
z`$RmB0*B#Y3HWJkdQ$ctYjS9Z4XARZc5i+gQ-%;p{Vqf=!6O3FR#ydq8>`9@b&I&A
zd#*l;`fP`h6Bc<?J`#)B3PHD$4+yFTSe6JmYI&Q{ZY82n#j^va$CUojErwna5Rn_O
z`SRGw20eL=q2>~Q7~oh}`*0#hCfv*D3yUVmMJ1b&_;sY3iMqH{Rf24vuHI7@sWE2T
z{>BwYjFpzzy<1Mq6LcWevP`D#3%wfTHzRXwfA}qen2?q4KrcQZD*3T+5s$CVwqk7)
zTOW>aU^H*4I@RY$k9TSDb*}HG!-xzKHod2t$zDa=rgWX#aA|p$fk8!9EXuOkZpqJL
zvFr!AiZieCJX;*K!Dgu`59|5Lu0wW>PppM~vmZ7jms1y<SA$vnjn}r_5w!cfu?Hz#
zOyRO4-@f{(_&c_I@UQ3qd>hKI_~k7^&c*@R&&NWuOq)pUWPSJIMp*Gn&Gc<_dauXl
zBx?x$B!VA@esS1kCAX}weZ3itY_lu!S|;fyZko7sww$5J+2Rg&nXPTJ$#Yye>?NI>
z?d7=n_0fNw>pSb<V4FiJ=JTON*!Qy2R!hsam6On(prM7f+sgdlBa>a%^~V>(ypIpF
zvi27%$YV44A6L(z1>+VsB|ke2DyAL#);lQChiS2?xSglx+uf3l-Q<RPY$-9iAINLo
z82rF!w99AaN&Wl)$EkW+JoYf55bm;kyLt=V|3qjwrnUIBeVU~4`4qtd*iP3V8};|N
z@;-IgR7~Gh5q~*|&2t+PU3*-kbU7>K^uQIRf6Sg^zio!|xT#Oyn<n&pk|mKW{^;?z
zW*Gc<-TqoP{JQqK&DjhN&6cO#{<PWtj<4hFu^r+IH4{sFRB+3CySClv4wxFQ7$43L
z(;a-1toe~#?^-(GzjQ_ocfitd`xrBWec^8W)`?=rUB=q^tta3MsuxhvDI(k%>%?`Y
z+quTtP*Ti!`myV4O$%ZScXM_pUP&h)6bQr+7fc|ZzT?I&;Uwd3AW3Wkq?tPIJIQ=m
z$nd&`XuEKqnvl2wFfLv&F5tZs4^kyJfm>@SLNt0z3&vJE=22IbY$IDu7bzMK$0r`r
zk!~ut7HT}+Jl;q;IX-?p-Y?F)On9X>*<V=HSO>pxvpsc___A<Lcabf3iM6nk{^`NS
z>*=87OLz^a<PAi_z5062+EWDOg{0i0tjEXL(ixG-msQ;(v(>9%*CP8qLi8Z#>QBOm
za&Jf`y=YUasWW_%Gk-i4uS!m@fE%CBVDGyMB+cnQ^B6WQIets-^c7;n1?;p(WdZ9F
z`YY$YSRp=RH9iwJ-pEcQi=2KJGM*_^fe~gw8#V!4VKn;8bnByjeKo<@00GC6UVPsk
zv3sPNYQeMSD9NK9e>o1z9GDH_{-1oYK72xSzWu7p7@UPaf_yo+rklC(gfXWF?t=M|
z_J#Os_#>_Y>~%@Fg%e^*gru+dQp`Al*-}E(21Th6-UD9oa@`4PLSIN@*eWATw+8cb
zgwkQf65LW!b;OVw3q|U{UWYR50s$fsFr@%6ED^`2fnQrlTGk>3a-uFVLrn?ku{Z;m
z%4m1S!?0>R@11%8DX%y^ua=U&toK0qC(%l^0DiuqsEk2TVbOxC=1ktfTHM}Ryym9q
zpi3~J60`!dbJ~%up-8J906yTo5&!`o0BCi$T@5>Z89_!J$|4g@Q5NgN;}@ImqNo|=
zde2KW-7Ov?mYF^B`%@|?04C(T-UC5#Vxui$m@Rr<UkU{h|BSBMjSR#HA-?Blj~S4l
z6JCjtKzuJ@h9vQW517OoolpbX#D2G54bi<HaVklij~VG-9=y*PTbY(vogO@)YdRgN
zJFDS_;PUdu65kSg9czC-3`q6lY~ejxqdeP<$2^I@e3Hni=>!v!YLOfGBjyD-1;n9w
zwW;yBZSbf$k0aLhL&Zw9LQ9efk9LqrZI?8KGpFNwOCnwKoP@9()J(LAO53`2lR8ge
z$&aTbOl%iSpz{wdr3@_hOrZbj#P}uiRY$7cZn9KVW_fz_IOI181V=1Om@hCz1u?Y=
zL=%~3<FpD<Ky-1S_2NHw1;|a2rl3;fOtJJLW^zl@s>c%Zw=rE$y&I9We3!#z^KC{M
z*8p0M9r<gec0H%P9JXD!4(fEfR!pq)w+m`Ce)Bqn+W3=YnR~HD+*C32P!X8OY2ndu
zJ?NBp;UD711S|sbo%w7`WUbO<qcSSyviR;(?0E8;Vsb4J2&@n(a;;IQJjn{L_VTuu
z6@4ZBOFa^gJ!4{I&Bm?2Q_*^!%oN~_BN^ln{Pq+q?IZp6KkBl}sou-?l1`R}z$q?I
z$)O<}>P?}vD5%d&-nUGuigV!Wi=r{h%cW-0nZ!sBP7{p^dA#o*MibiW36|EM6}+Ct
zLzoT7mG$PAW6wo>LFj+_gYNK*e1|l%FNW&xK48m^7f8RrTAE3Tz0fPlzc4uDJ}s84
z-MfeMBhtQe?mVYwZ;l&6=}~LOTU<e(9q;`o<z)NzI=i{1!SH+l@CLl-eHXv$1mq=T
zRtd-HLM&#C*2z98?Y~3Ire_cPg>LwSn->A+#})rjfN);9SV*oYqpTeMusO9Apeh?V
zREED;4zWZiUnqC2SQi^BD!x#=J(lAB!|IDr&o;6<S@cit337JnR{O~&{Lk&RY7~Wt
zRbc69smLXzO6xV>8o?6#xtGHl(d}1caepljY<Ic$B9E{yjBGC#yDv!yPvoGl1lyx6
zF{?#pE?f4f@~|o2JgOr=%zgt;R}xOGLsrW~P13_(64#H_I3As^UCpr<Z3y`>->R`H
zmHN9>y=z7#hjcYPXSG$GDL_1txKS-F7CZe~ZJlWCoIL5?T+ys_#=cimwq^~Dd!_1l
zbwpodv3Hv0*Qyo|0rW(w5wp67jG$W1nm0CrC;w^({`&0x>stBLH}4C=4=2^1ch+^j
zCw>ZBFHKl)cVAPshIuCX1K$?sDYCABNATW58`0p?4~swf+3Rh0t9rx{yQA8vfvb6+
zbXYq7;LLX53T&9DZU~d9JILxp!!I@6=l*FdoC+09cG^H2+(0l+*051_z@6m$h&XSo
zBigABXQ2l1qV>~P`#XyE$nrXcN7HBBbP@pp2!WK*t<BI-W%eCi?W4_lgglR}c&{K0
zK8%6l>3%8-JvU=ao;EQkYITOX0U{1vVhZ(!#7)%C(GnIkRjGRLD1UTm{<y>RORjEm
z-=x?*36^}?R5aL@mspm=&|AIMWn|EkXcKvj&`&7UE8=_U6?4#;nn{;A(br@USX0*b
z5{8$#`6gR7vWR6MUbth*foQg)Xg+HowqqdjV9=VlA#8)f`m$jkI-#HkAF5vJ6(mQ6
zVW<&gXdIVgr67iCq2;hDCgZWg5cY@3PrF}g+b1@C(0Ys1Ld~FLo4OO7H7-S6!ElWj
z-cwC)v@-cFaXaMqw)=s8(8;EcfsSihjC9<N*YB^6d4_$kMlmnDGHu%a96OKNDGBC%
z2EXxiw(xBAFhd-6^icFh#dJ%z2<;8DG+vAa%J#)nmXlDn5(MV;c61^IHa+}Iycct#
zKC8!^?8g5x@b0TK@K9TMUV}L|D5OxfWyq;|F{piIFwLu8t0a&K#4u=@>GU<HXPHf`
z^N4a@MUj)!?d{Rc48tUg8xG6U4?{8YCNo>!-wQ)MP{BY95HMQ2-~Q!cFlb;FDzR6l
zWg5Av?-{4-Mz9;lu+11|^ot{J+}^l?yKqvY_s5`#h{ZNR^4|0+^6G-wyGYTcOtY^P
z0=f?g-Z*_ie)>ujN8t))OKtk~(}#`%+dK;TUj^`@2##S5w&n=T7t;*lzHgj(BenI#
z?!1KSpJ;h-8=yiQw$<sYuI|S4tu~-omWQ39oa~D(9tIQlD}1o5TD6=?w0tPr82G#u
z-DebzBH*l%LT_R6hvF>XV>odKGsVE*m&KW#yqsX#O-}x*8Se8b;>*@k;PKk5zEj;%
zU!UdRDms_O8G^rg2*346+u6p8QS;8(=lnI?6SKu(>mUAg=;a2OyXRP6FR%$Oa2PLe
z1uyUvFYpa72ppv@2>maJ;xCBvFG%VyNc%6y<}S#0FDPy=C?PMYzFtxjUeYjL(h6SE
zDca(Ft<W>Sq(2>DoReerzl_bXWpBM?(d=gnm*JSZ<h{DYfW6{;jptq*D7~pDH5Lu;
zv8&{!L>0(~79_Mo;=AHE3|ExBI#;3>qAU{D+z^rc_y^H`zas3(rd+!GbM67T!Xd+)
ziv5|8y&~atD^Jy7$JLz;Ws?`VOn9lHB3$a39o`3fG0kukS-3MP5z$@yyNBynobYL<
z8~w2equsEJZ)8T6<xPv9kGULbp>A+691iZv%{g!6AuHgiZw(Z0Z3!Li^KWc+$@K{x
zvkx2`)^04mhPyJN3cudGcEdj|Qt4A(H(iuUr`Jv-kS`;Kn@QfyE8UKA*>`r4f8o6g
zf~!z050l}n^BB{%`Ex5!U+2Dihw?)Hd7?V^@h%dxJ!V%Vu3XW1)7F{Q)A=DbYGcDL
zN;!0}0$RZ}BsqOB5p!)#<TlhWEJ={m)jw=OiSdr<z8`QYg|OG)wA1vz{?hDF)c@c#
z_YmTLtrvfnZQ_t-Sf0=0Xj@JhB6v3%5S0(N=m|&WHs{n}7_J=uU>EOd!D+t^?(8lI
zho9}FyX)$(mg`dg*hT4F=O|xK>EQJBDYM?Ouidpz)2+SyZm|4Tuik!W?rGTncEHoM
z+tM+U=k=+FlSGx!Z3^-^MKDx7-eJ7`c5cpj--vpF)5$;H={4zDW9)t`-`%4BaaPkI
zAJd&b)H#&w<<D)?=9=wRzwNn#$Btmrt|$M#zlT@02TjY%!B|~md~LH1^=bQM9^BpL
z*T=!N@*_{!<F8lx$&RCj?&9sx=WusD8IAx<K(oJ>kZ$UeFjtD6M!GIOkWe4MAwT13
zMF5??5O9ck4dWRdK2Z1!c0v={Ji+jo9KHdSn|ywls7}jJG&#ai-w}%R7A|tS5@-x3
zLzFHFey6ZFUL5UT5{_r^_#={=ToFy?h{V&FFP`lT#7kuhh!I!i42P2zXKfWp=?Rpe
zsViJH$(tO=mHwb_!*h+rm(OR|o-8%JrC4ooxxF|(jHgsil#|UW{nn5@S7AD4!EUNV
zqSxzRT&MnN?n1FR0h4uSKI&|8(9;;4$ozrsV7f>#ALICe{%F3+aB7G6!CEZDjCglP
z{f<U>waGgh;&@(1sZ%FB8}AbejZL5F=uYb><Mq#@#d_P*lV{hPDd;{zK<bh0;p$+n
zx_%|C_4>Aala?R$h2!PvqgeFm+FFYn7z`7ZHv}Soy0?RLjFuVHi(a}1f=C0p=Zmrt
zw$~?<25f)y-#Z!p*g;S_5+#XFI6(wqkR89sH4-udsE1yea6>sFm2ksOSDcUln7cdN
z2yPf=yhxZB1HEuT4CAdJ3Kn6E5M~i({Mhd&O89Y?*fYA3>Mq1vfgDvztI?7IiTFvz
zMf;1f0*w%hl9sC|b7HgNTgp}qwZ90}XzQ4f;x%Cwx1+d{`t+jpo1Au%LRlV&WIaDa
z?0Vx(CMFy8Ny8Xw`3NVi=0iiU5EXJ`nCwOAMim+bhe#NI=gx<KAkC>QV>T34gEgF0
z4a9etu!$~=ozWkNtyQ*3gcdE-847ipF31&eJqXV)Dk3R<X(Yif{bcuXy1p(*6u(S;
z0@|#y4JF>9eAI=3tmT;CkfIe4Hr}|PcAHhIW-{uvNG}R37+SxMvIx4kgu1ZLGAK82
zF^TJ=E2(u4e7Nhmy2EO*nf|^2fqLcLP~nM1Wa3eB+Eo(T*DC0fAC>LY??UiK1Ikp+
zJR!^Tr0Q!t9;>^N4fkxvKXnUT)qNvfk!!r67)YE-e?GWUm81MYQz<7}N}48#dQ(&N
zn?F^0?nB#AX~MgLR)!_>=Fsm;-Y6=iQLleWN`LeF4=0URqOhNjv%Y&dn{ZKWq1zBK
zHaj&^VN^;DF|>vDT8f1OxWFK!%IX5`e3ThG9eEQO|9CXR*!}TNf4N;382)0hQ7I`h
zHSak?v9wS#MdZ8~_t?g;+~I0LvKJVnfw7<a!!Fh8kO%WK(`CiS6Sku&Rm|P%g?HCB
z?bM#Ad83TMX*D<7$&y+pyGui@w^J}|v~?S6;%yJtOP-uB%XOM0Pp77?PeB)i9bkwR
zUf+W-fzh6<$rwX#-7XaHj{=<UWGa55w5+S+By@abju1m`QUE6m=tOvps_>;3(fn{r
zNOXryES$-j1_j5&KF{>Yo|+E(v+exXFSEI>BzPF3;5$5<p_GCX#TuGFXK82mD*`3-
zqP^Vic*lqfe=$s96<Zi#?GPVXeN@HqBKpAYOI+zUlRdwhaMwd$MNP<NC(^wU@SVDK
zEC}m;1_}}#J5|$(_NT)iSjmc&+nEB+qno-vkO~KqS}KV@nPK??US7fyh{3O!y70$$
zT{s5B+HN0n4kHYxGZH22bIJ6GW*P?MDXJnxopaET=^I%v4#KGDaK3dHh;SoTg{zaL
z?0*XE;XH|o?bFL9jRqfP8bXYgFWDy8?Jq?QLI^bG)5lUKWbf9l-i+^m+98RCCTEVC
zN)(>NL&$}e$ogcPdeW206iic(5=E<0J%UF!6<E#I7VYx<l#jGIDB(IZBDX__$g*88
z=|xkM`TV6oYDZbpByc~2r$q+}y=Wq|3NdRv$*7wwNlG*>FddDZSOj8EI(@`82nu$C
z`La+7x@jl6tq1xU9=a@f)<0N)x-jWegbWF^Js0V5Am2w5qR63`9D}05Kn%H&Iq_IJ
zdGy^+xGwUl$o2)y2Sr|CP0=|I!5LKiMzXXlNu~!hBJ*ajs7pyA79VUwb{6s&MwP_U
zcdnDhadQqHhF*t>y=RK)NX)!?RB(t-PSeK7(qvQLPm@z47`N4wT>1toPpjWpCOnfG
zIWx$ox?EJ}nC~jWCaYA><mJlRnTcV$4$rOAC$F&S>F=}5HEqnsxNjX%n(D}|?_89s
zvX_`x`_A{&#Z?~rkgMo7kIzp#ROr?mC)%+vt>4__rPo>*K|+i0)=4yP@lV;HYI$8(
zIb!YGQ!32`=iU@4ws8iQyKC~UHMb}V)>t3IWx7hM#?>@-&zL(SEHBX1)pmX?D|YZl
zof&bstzV8gbgG_Sd)QDUxc_Atd-Ed(j?<+3Sh_@B-DJG_GgDG2kEDXLv#PSZW3w4D
zUZ^dpQrhc_OepQm(XZCQ&HGv3o@@Dl00<t<8yNfc8+V&%gyAh*AEtIO2AY^`GELI@
z_+ftgi}>!6EppFqBf2{kagk5kB*Dt9h7Pp;++y3rgpGs*9F=BV-(^t3uL=j*4Ln1|
z^nXq}4=Q8WYL|=Y@cQ2m1++n@!lCa9(>_dKoY*Adml}y8eIE%+qseMk*=Gv>PUPq(
znU;FU4t9Ir>-n<dy1BHU5HLR#Ct;KNXURz7(1jpDf;N|)+>AIHb-w<$O(9a$kp`{n
zbUR0#q(rF6_ac=-GBHv=jn?1WBrFsBefBx6A(~{-%A*5e_LbBt`$UILOUD|Fg=5br
zl0L3G6Co(qt>@&YR!fb%L@1>}@k54Y<wjMD1erA}ACuK^@#j9pt9K!vShnIRj}hw>
z*};}|Z?@6?L5L5|PDH$L@NDtGSCnL9Bro!U+h2^Bx$6{nx=1KC+}ShMt3Nb5PvxZa
zbV*HE3lJ8eh@);9e)oW5E^&ED^vu>c+&FYtEhO_YQI}f!fcTv7hhF5zG@Ro1>EmZT
zeaA-PjJEQOY;@c&ek%-G@1{vEzuTQpq7NuR8q8d#35AP3w9)Sh&n3bdT6L=qwh;_<
zi$7hb(mn5p4l+xW_{k~^v7b8Rvra~OIFA^<dYsaoyEJ_qv!wg@aAd^s+)7C96y?8s
zl__vjkCb|2pZ$1LM);W7OKv&MnS35;3c5|RtgXL1N{H=0US_pq8o|V@Wfm*X^l3d@
zrTnpYzgl~Rd2F^c=J8nD-zs5I{&1lAI)BH&`Otkz*wo^9*AqU&Xzw=Hf$w?AKj&(|
z%)zr4%>F!j;`-+qb59%dUVpK{da2_6d!u)H&-wR!WUXxHwG!csgFk$m-Xfbq7|Y}<
zOy_aC>WfLSi&6TRg^9_3Mo}xIv2vlcqG2(>>#$<nHTInsN?K9xYLypzwXTdcTM)1S
zo<->UUytTkkTP+X`{NKOnH~_>T4YeEuN^6fG;)Xne>BB1H>p=Qs3#v=KO+ldB0K!i
zaLb(frHL~68wDl3K}}>U5UILn@W;w;h(PRb8^6#FKIX(~r>0<kFOw8H@--lmc&O2q
z{xtkDs_i|EZLZWmun>R|G}OB#qD<yn20)%uhv9LA;+y#8^#qFu^(C8yR*U^oaTCZN
z7{n~f^vBA2y-t1?_5q_WP38>q-FK`7`V8>Jj0fRCJu)3hC7nPvoJzhdOQS426kWoH
zAmOJ>D>6SSjBHvKT^fOG)G9HmC^7oay0h?!vMpJkJZ6qE(V@bU$yrcKAyks@S7S2Z
z(O|w({SKz#*kt{TIV7Y@4TD3(vq}F-p-XF$No=4){5_kE16Nx;>84P%05%CKNEw_1
z>+_8UY?|h$rgi8fR2Y<G=q}V`_KYNFC5R}D6a3ZNR1JxOEOd-tlrI|%4Vcziy0nwH
zc~IFj79xY|+0+NR;wQMGejAl;SrUlyN4e`fMeBkzIdI_kmHQfd=z0&*n2m{P&9UnO
zI12}@OC&?e<UINmQNvhic;Q5_`6XLr(_5?<x@;GC$~4*ZLEH3UxkDj3>>A<*d|B*$
zP_MbD5UcvH_<GV&>-;Qe<WX3%7`d<yxnv|uWFIn0)$w)0G9Yw>+pP2zbv{)q31GGb
zD@*8zhJ9iS^F;~^nQy=!(t@F9|4FbAK%gozcx(Qh90&h)LMu0P86d!ym(e#B$Y@*0
z6Kd12XwtZyz&JEsFn{^Z9H)DxpUe2YBcCp->)R`itxgWaZ!F<3(FJ!5bPHUQNyTKM
zT^ojcYzK79pmYfLZ0(<DkHm^m#)NZN$c{9Ic4da$=(8TiSe$jxUz+j-YV+MuAUyp3
z9G7P6u?dk{huC<*1~6&P$1b6lO?vF)OOYAj)M2}vVAG&~z{?X;0*84H-5LorWLAI|
zR!FzD!8H#saz@-mTpjZIz3ospp$L-`+=uVCp~*;+C$o{2e~ba<PUO#F7{FxoGpWGz
zj>wI#z_&~~*pGmCCsTfZ4SZ<f^X%e1tO^)%o)u0G_k}*+&Z=e>)+zQnU)9nf>JPrf
zyaHxpe;vG^2Uuo5iMy$H60cXj!t8IVXLx44>fsm<wFD4^1flFc8^MYY9}lKAAMf3p
z&F}r$*6`DXaKQ}d+o=*K+*i&4-&qe8NPYL2BzJblv=7JU3<oz02Z3bL&}2Pw74LEs
zGn|AVchN{&;NW>$AC5v_ib1~wMk}FCryTivsf0etPrMs-lUIm!vX`QYD56qSD5oa$
z0>7eym(4Up9Epv21^WHu<MliHZ<$GwCX+u}DtAI1igU`0o51oL(K9T<cBNbn%s%H@
zV&vr488k+jT2z^A4iazR7h@tCN7l)3>=5g<6-0=`*UlEiC=^w|z^}DpIr5mu%pV5)
zDVBITR4R=Q+9CD9Nb{Rjt;1OED@yhHhFwhfncrPweBnuzm-(nS3@>Sq^lP4(M^?!&
zN}_JnQCr_@$>{14lrWiO$We^S0mE$O*ha~C8{|NeL2uND5(v}og94_{rBkzLJpyE-
zWkjUcJIMza$*5RAF&2*bzjLo*$GB{z2OZCJ9Zk*tTIe#I@GD`%H}4B0PjQ&nvRO!f
zI4JsEx{P8L<FK`Wqc~PZzNAA0pml&9A&%`7Wc*ysNy}bU(a%%Hrx;oXt4lj#rq}{A
zS$iPw5-6P(=rx9?*z=><I}q>BRNW%6*i@m|nmnH8DLe2ue!pWbXK-TDt8P3$yc<+@
za#FS@p)?tYzNtdI$#JsWRodpQRXId%_nRVqlEOp+eNW{5sRZS<0_7hJi<dhyS(2Qi
zzNG_#c8Z-3CQJ_H<U!?!ET<tk$Jw7wz=X=L+bEyHEOso2A8b-@fU*Mkvd2Ek*EY%<
zn~bK}a-_m?wnV?{gSAGFFOPMn+*jrA9?Jnit4UO)AU3O07&DZ#fs>PR2*<ONm-6@i
zXV(d(V6GL=nv~W-hQ?Qvkm(g4zgjp76y1C{E{!XP+6?ceIQ!UcH9?m4xx2jer~>{g
z1ynQnB?egxgZbTR#lyfp92_+q;V4qOB|L8>GLkhy{lv;7Q4@vr;VX?b(qZoxO=?tC
zE97|U@3?1mi4<R7@qYMJJ|FFV%dWgG`}#ed8h!Wt+Ti@9wepYyKf;3=&D0cb-};GU
z5qYx`o00~l_#DYTJ>KK^Q{6dMJe=@vYFwX_*vLv8!zx10GX#!wOk8Una8vyDB3$>X
z6C4`C`U;Zviz`1H%<hxB*=@XZ8WK_@vS13=l}gf68Y<axTuTZ~J2DENR0_yyjMpj}
z#%ij|^T|6RFwAN{F>C_X>W{Rv43@TJytMS5w)R0sgtUp+jx>zv)vsw#Oy!qrqd|nx
zmo%odEMwJ>aI~yzmz(@C7}Yjxj8yEem&i-B9B@}s^UL(@RBY_G)tv9>cp>SyIqjIL
z<#^v!PKnj<t5!1dUh&2+!<<%t9og_})(G)h3z*VzKb~>7Q%)D!2!+>(!dVL^zg|(l
zqZw;B6RECYZm*F@w-OtsqkycaPdOv-sbM><k#@9_e7qv|)D?MWCxJ;Xmuw|NO3$H7
z!^vtZDp;#<dL}1(%~E~pZDXroNw0iap_pFF_RE5D>QXkoRuz|CrN4G7NJ*BIcBX}1
zBf3UyR|>eIpGPlnpP`rjYOnFN4#M$TBU^asj$YawUFz~9OSnC1Jk=A71J{omFv1%s
zWeH74E)wuMdd5q2S{i*tOJl<eW8JzFoH_%^!P5e9!^3>)cbMXYm!zUMIPn!=yB4^P
zR~YFx7TE&0K2;VU>rFhZOjY5RusTkA9BL-0P%!q)lpGi~8B84QP7LZTbz{%>9vCc5
z>mB`X*Yj?yhb?Vn;g_JiTxjc0nd*P|FxVlHg^*X-7u#4Lp1J!|nA$OVSTgFLGCIdI
zeoC(gD}@CwVEp+JaJ6O7^~7`IUGbBue;0nku*>NATIXST3vtWnuX$%;+TfK<<&7le
zLf8;U$+Xnq*fLueBE-aBUrVFP<Y&w1S$*pH$QVXR<uv6KaCjT=8hy8z&=666yJ%Nu
zXh^n86A*k^HX~LOa>-<Qd*f&5<S*+SM#(H!%@BSk2d0}akQb)*<1PY@*|nHyUHp<%
zo-yQ>DfzH6j*{4EG>8jQ(I);bA=xRCv7w>i?yR;k{oQ5q$FdOVDGcg)VlY$^?hx46
zxNqK-scX!Ua9)v`A^ME>>6$DVKN1|VAM$jSe4(3a9u(HB;<JlKy?I%F#y6%d4WSj|
z<+Zzn$XYR4f3-$^n3W!L<ewjdO?=PEQnY&?DckhYgjw>nnHI9i2>n}v&!hoyLcwlR
z_31;YU`6>_V^KLvPD4|r<zuB}eK>W(SLCMnC3!7;mTb(X(kaPiAegyG@F6EZP=x1w
zob96}r?u7CV=gYM=<!U-E0bh}Yx6tTu%2f24b~D)=a?y1eIy~)!K!vR{@U>ST1Zy^
zo@NeGx2L$9&>v65hmYMqpgOW2di;?)DM@9t-B=Wv!?W4md$v6IvgLeinTl=sO#;zh
z&)nt1G~8b`oG#fD&1{zJjKM)LTD+xl>^8L2{2TY#Bsf6)x<$I9r52LC&UJ$T#ht6J
zf0UMe?y{`^RgQw&T_%AAc+WPIPc-|3-QUc8uD&(g6)HZvc^OxR{`wV-0}=pF=mWOc
zbHbnIV%U-@T9=xi=X7JO*<CGG&^Nwv*xuML6yNTgv5$*3jZ5mJwhgTtawu*>Wrs(F
z;eY#n{n#t=02Dax7uSQYv%mYse8}1c2t^tGxZ5Ob7-^oE7P#vy?*pTJe)sW3mG&hb
zQaL4k0>M1E8_s;3^bQ=4%Yn)hkn%YE;cWcA!#KkI=VR;j-HWKH6$a#8-8;`S|HqPI
zMAb-_a>!P2s&;U_{s+!>LqX2N<PX=wZOw{plSZ#MrcNGf&Hm+VTmU@L8CR$GyN}=5
z5+byD{o$|$VwfUz_=ACOdeaS&x`N@D+<sq}qx6KM38nMo8lztIMdK;8``DPh47}cd
zv>+L1)Zzj@fO&mDhPhhjN`eBgG8SkH#PTIG4c==-n#dO`R??6)$zyl=LN$9_AJ89x
zRp^gKjW)%ZF9m+f?u%uOw@`0(Jl{cXtl1q+X8KB`<khh&)y)S9u3i*FEY%vmEn&}^
zXtQ0Til03ba#k|`E526ew^^c{aiA4;zCvq~z3E(GJoxhuEwJN7c25kHAuMX`)ym{H
z6bhRf<IR3d2Zw@`d%4>5P6vgslqT!x?n=YCwp3P)_3C$&4J%6ZQUDkLB}EzG=6Kv&
z+)v2PZg;*j*)QN(hS}!!s!(n#*#QPkCdJkE6A_^5>>HjeXvrIwwQRjaqaCk(c^QT$
zePA;+YJ$5zG^xp=BSYZ&C@m)4i@Xm`0e~4jinahoL&w}%v$$rA5qzXU{Bcxt(gWCm
zWQdJ`r<lwjexhCne})wgSIY;>Pb96Ec)sV^81*KTIar~eWJjn6eW8RYC&Xk&|D?%r
zd4s`Yg;XT@AwsdUmby_7M>Kpf65km5Bsb38&2~A)iy%%%^1j&2uAU6yTj3Z50z~w<
zDD~(xIWO|@^pvEy%LUa0T4@CyCgTQ;xF|h(RX?oiXpF3sap`NV0?Sx(3=hl?abv6v
zx#!3kCDEg3lFxz2whF3=<~L(~PW0i^GUqU}9oo^)r)>zFNRecS)%G(B)`R3<doiGU
z7?uyXV$9k{e!DoT!^S_$&bgk`E3Ua~SD~=l@779?k5U9XuK$GleAnRei`-<$A3IEG
zBM=*d$UB(QAYm<(c}KeD51=q#<-pH3y#B<4a!(QpX_v4OukE*>6Jnf~xE*HwTN&3A
zQ&f3dyz!_)E0g=jgW;4#+gV0JqJ_$ak4c!yL5_WyilJRGI}7hb)W=G_?8q6H?znUE
zrK3c!2o>|%!n(!dqROx#!^-`#r4ev2E7{Z5`;(>9cI1Ia)r^jJU)9b+<|LMP>QOD9
z<kA$AmQDtbEmUh;z{b>U+hD(vTlF9-F5C1AkKJp;;^nK^M+*9Xx*XLWQ#)%jlw<{4
z;?-=vo^)<^nWU7}RCm&GoIAXpk6d$g_zl^Qe!HB1qW-Y&eJnfqr`eD4X!~g??PMcV
zQp2q^Ua`$NB;CKw;H=Pc?Y4mx#zWl-I&9!^=!7%rxg`vf)1e!BuBF>s!d-eP{Sn@X
z-V@)<Mr}c?9)7ko+If#7BT;Mn_jda^ScK2J7Im=fcrJvn2+2M~3_~e{D$CLcqYILx
ziLR*j``kTyV0{?YI-oo248nFBR}+|k<arnM8WF(1EHh3L&-21`_KQeN6iK~-{KLzU
z*AuShXL}_t@Ok*)#_wEk(EZF<h*ANlv>T|xx1^fbkwK)szrUPc^8IY6AVZG9K39_C
zB|C}qS5y;$d)&=igs2SJ<IT=m&ljM-DGrKN!8>Sy=(PG{7)Y`e_v1L4=clu{XV;|G
z1&e>;7(!J<J!=kbxot%1Jv2!;9eS>tJ^|9ufmTe(HiV{7r?-5C$EAth9Y-MBXB3Nw
z9I`D+Nn$ib7rw}n7#On355r-dr=tBjxHlEb-}Mwo6S~OMfMiAynmFs^L9<bs&Hf?&
zGTGGMTjH$4jd?2&mNE-9h6)?T@mH}jcCW@r1II7Mth?t^F*|Cptl>~!9dvdQ3w;eY
zg9tg*ZI08BYuBP~gvSf-qq6}Bb%Bowl0JDmkws>E!qQ0+{v=;AVUFe^4U8wu>g4#n
zj|h%C?ne{dBhqou3lBN!MB>V(b57Nad5wc;Z-l3l%A@uVe&dav%wOdV4Hp8Ci&N<q
z_L`7-Bpl`Ua<iFb1-m6hM`er5x>3=^=J<-p?J#utLH1Fle6bu5&J5}hQu!w6`S9)s
z3Y`}Dk=Ch_V*4xw9XRxbkw|!4=mZf=;wU+Xo5et2qe92$xat}bv*NBKC0z0wYyH@1
zUH)odWUI`<ee_6^TWIn3ZwLBzI+~I?JN(6ynX57x?&H>sIhB!<nySv+Qm=xAsJ^g@
zlzMuEHapS8Z3eOO+a@!}Y88=%SBzUcetPq*yyOlyiHZ2e(346Me4)#I`H<S~G6UUV
z^%FP7Tw?tK>Ewl_sl+msEpuJ=vBy|G??|^9b4wM?VcFv$$D&*MA}Q<<F+&QvF1Rwv
z{<`34B%b;#REJcTk0TnzP4(pq>;yhj{Mw2vPMPB=XTj`lrAJift}f;o`GB%Ig?fF@
z87y&-;qr!@wqDbHX@v-B$nP>0p(y*}lTX&4Hd=!2{PFsV!e_qfViC#}wd#|F{83hb
z(R9*P2@{Sc&ez?Q=o?Y^lpVuOEHI~mTF1Fc1KUkH&(Qy??}x{Q?RlPF6#Tc}t2GBH
z&qeD<Ys}+6^N!P8ch>NV7JB=Tz3r~|L{oSaks|^a&J9q}O}>YTPTJ*O6-uX?9KyN`
z6=9%dA*n6*sH;rZa>TZYpsyGCF3hx+mF2Cu%~E}4oTy^JDm70v+i0m8YdTSh!s^c!
zU#pqwdATZy9W7y#gj;atqgNgATOts?mYX^;s9jUtz1B}&p%JL`NuM;OH&<Qk<REQw
zEwP}jV;v~6BTQ%=-pF)eE}+=Hje{mPbDL70IOK4OV7{=N7IKT_ExThS_plD_KK{cc
zao2izV0`EB+Pn#sdq+zfW*u5jyG^ooH^cH`VGC*dCle2MQ1`?prhGZ`hv)fk?=suW
zOUB*hQR{ME3v=(2=DkyBsZPnV%XHD_{j(jXDML|t?e6a;K(EW`o;pQ}=Zb=gq7!5w
zvt1SG%z?8SD|G*hLu0+!$wukp${LDe3$631yJFE=ZoXqjxzI-TN7l44<t}K~PwI(z
z!JFQ8PG=TNIbjMaY2>eWoxx|BL&z<=NMj?og7kxWX~RAEW4KeE&`xBuG!a*U_ntp2
zFE{XM#34>Bopw3e!EURhPF2n*^Ep;K5ZN~)TQ+jCL~cC}Cd*?utv(V~<;22q^g@_F
zFMY)*e4To2J@vNy6ZFw};J2a2j<%-jZRFAxS*X*DPuayyJLgOIrSq7ogpAk}XQt52
z%gz1iwZ`eI1k3}AB%mzu!gAV41d*B)2%wHX`3+sk9RcK4;P{{3^@fj4TRziS-65WB
zJB>cvh3}$CuB%wQDEVj?!QHRIy+aoVmo@<qDh{;HK=$B_R>1Hngki<A#kf?`*sBTE
zlbaRf1f>m2g?mH!3m^Q;G{uV?RjN(It_(bkY4NLXS!G<{hnYdhP_aiRUPxqUa9H@h
zoGbtn<^%P~ZC?1N_6n$Ui`^mk&*#Ad2b7=ssbC)Up$j3Qyu(v9q}tWQa(hN#Po>~L
zrAI8g_?0|WC~%x2yy8#b7Z4y4P7srwBhp7+Ggv3FoFm2JA#qo#2vmL%9Q`uN|3w<%
zi@N1~lvE=PJRFksy3!f)dB~l};X7Q(Iyq}(gu!Pbgx4MO1qI7@mZjHWR&a-h20ZYV
z5$9JZ<BDNN6fP5A(V>xw5$qeplKkMIrQt3d`hH{&J<SHJx{Q6}^qVu7*j6jqjTsTN
zqkL*Oh5slC?s$r3ZY^3;X_s+=@dN%_I~lwy9M&@e0(T$8==fR()%Sb7@8`vk<_N(3
z*(anZltKv<QpBzoYqS|ED9>?R<O*C|vQMZo-$4s2RsMdL@_n`h{<$TLYE%V$6eMxf
zNEB5;*a0pi`ABooE|l>k@&x>6+Y5BC3MksiZ_;H1v{8_?=XmIl5V98d&{47(QJ*WR
z2-e=+<6XScReT<kf`W`hx1DVBI{VQ`_4(@=T6n>eg(R+F1#EjT&SvG~Pn!_}DT-c7
zu*6BcRGL#?1cE=|_?j1#kW=`Vl%#MnuX|;XxaMfpkw}k|<`0oSPK!~O&L7@K!^7G3
z#q8Te6o0gyxJ0w<z=?)7#HVAgq~qSEmX}SGh^E)CqPG@fFqTa>L5j3^rDfdqtB{I*
z_gsG05gch(*^Cx-YIn&rX4aNM@$T5<0;h=az9KK8S~-v6+wl;VzcqO*0tM1UTVFT|
z^1%j^4C>$nNi!|6|0OIr1$p8Wn|%4h&?WYv&B4&rM{k6Y2%3-i)kiSJoSJ1a-@*&#
z$L`<Tkitd|!+b#>mLXoK!nm$rzomg4M8pe?BASx<5Pm_gWy?uj$^v%63-%lSkL=^5
zHJM>$ufTYBoc;(=1$1yUHTD;H?W-;{D%vGlfvKqv_7_BnRRp9FJejft3^Ba5Q|!Dn
zn<|sY!C&@@qR|I!+3Mjx8pClzPQaquK6=T3K&s&6jLW#@ex&NX<#kM(+v$B64BsFn
z_-Pd1yK`*%7@=)p(Ox9NU)DI~V^p~n<eSwb+*I9uS1M33o>r7XhDZ`{Fv7Bv66NDB
zS<^6cv}okC(yvprqk&SYmfV-WrFM@c5^La3Ev5F);X|!>KFY};$x+iIFUr`<hlk5U
zkI8G>v+B;Q7|_cXR-tCX%DK|WYs4t_mntT1Nt)KqTG(&&jmp4{$&3jrL7FR>%b(}a
zU|n9Y=FaGH$lx3!2nN#-wMyd6Rg>%6ON7gDRLjHf+ma$j5?)eYr65a~Qu9Y5J|NOz
z_DYGXPU9-uiS||=$00x-$C9GbQCd^+<QJ)D!^V=J(mq(oap%h6Le}BMN2v-=a&g<z
z30`P(+k8K^fqkykf{hbGV4!G^y80XgFIdf|{8<jwgr<2~;~M#5s773xK}^tIFBBf*
z9SSw411ChdGTd)NM};;o2Nr(@Bg|1Fb`)d#skwwY<J24DOa_x&2a{it#-%qVl?<k}
z4yKKDrmZ)ooeXBZ4rYUOW}`P|6Ab1v4(1DW<|{Ymk2F{SzzTra>H|PU^_D{c1)l-H
z;O{Rb{%ao!06xP306hFZ`$iA|Q1=!1mpv9xfDZr|=>N6{?St(4c>ZmV1sJ^t01H_F
zAbR@`;6c&?{%PkedBOarU#A26kIlCqVf6Cydb0rDGSDZmzP|qU>y1E0Mh2jzr3H9(
zfcCXO+g=%<&ff;C1!Qz|09+aCfEGw^2iMoRfb|TmzrA9;iOUOQ?*(vy>R@?wfb2Q|
zFOV|UUxAKwP!8&=qvNd}7RVOVmlqe%kpXI>Lkn~a)DB2kpnkZxK>Hx$^$t*lbuZ8{
zkhDMoKx5&`0Jz@91(Fx2pA1m@TA;CJfYbq+!`<B-;N;{41Ox;CdwYApz`y`7KR*u?
z6chjr4Glm-LIQ9Hn!lBm6Hu{!2aKQH0T~Sgp!N!YjDiYaV0<1lmOY?i{tje!2lCY&
z5E0P;YI_gp*t-L)oUB0YTLE66_9GGkK<yNO`YHe-0xCfJp!N&KfrgH8pksa=)bBb_
zG5*%p8PKqP1`L2y0BW}Z)J_Me-+7RntUzsf1pomN0iZkqurkU3wF8=;Pyyfs8k3b#
z0pR6S03>9*jSsX9>L&oyPew%p5CEEcL_r5=UL8O}!~l>`F%A?AjDzM3()c(~(J>EH
z49o)!ZvxG$1Eg_~F9I6YL3Zmv1895$ASHC{0pp<g&4c{44pIYXyaRinF^_}B3i8na
zXuJcUv95z;Wn}~!j}yobUVsy5t%aBZ03)La&~^mK4-tToQUYLPl>qWt0%%O29OUne
zj08Z4Dg!VAt(g&MepXHyARlIc)&iurc;hMnj6n0%QUc8vB%`-^gXHu!caU!b5<q1_
z6`*>cxr64P@TLrqK<iadQ2{6^HGt|hfc(_}c!6YO1o90?MpmHQs{yn&pd7S@32%B^
zql^ZiAmeSVKz;<N0Hg$vKP%n@ijfYG0s=ts3i5411t<skw*eIU5g7v@e}hyp0E%Of
zK(Uq3Fb*mQ`5mMRkl!0X>HsOCVIEXA4~k1r?1B704)T2gC`QNM;sO+>6$7An0>#GO
z*&dJq@^=Tw-{T<dz3J=>6gME>gJNYK6whaOZ)@-hikDa5_3jlga?%360Y(58lo22$
zWdvv$8G+^sk`qW;R-l-%0))6gYh>gEim$h|astH`NC8g&`&T;u8wu=xPGVwWdi(tE
zHsAm7ftBf)mG$^<Jy7-I{lAHc>Hog*55H?T+1P%wv9p49m{>oovi;@+B{rA82mUeo
zkH%S9KTL9PaU~^juzdh+yKr)FC9%9E11_lF?5wQ&Zx)~t?Ef9~@dq|GcJ@gq7G`Fy
zNf$PdF$*{|Gcyk;Nij1gad2`@vT@dMaMVn)@4t=tg9`@~=Wk997Ck){D5&H&V;-ru
z^!CZa3=ZnXfCU^J+<=3PmFWW;XFrF5jHL?{3lCHhGdTF0ZA1jmzfwd5s2@<3q@*M+
zsD6<BDhCUTJ~OzWf4J|Yze~2hp0pHClp(Erg}8V}S64^2euOkL3lwPLF6`{=ANHA6
zp+L2nBcx=0hwJKk^4v4uKhlbiDJdyAIxf4qy1Dyu-Nh#L3oQr<x%&zSFfp-nFiS=C
zMn^<kSLueUf<Goa$f2P*E-x{xsi~=}Z))zcCzyzjD7$WMx(luDfq~WJL`MtGmKw&#
z#kwD<7{y$~jG;L)F#P%zEV8}59U`ITS5UU5>9@J*>nX%43I=9TWo#j&+$nEvly6er
zm_~kSrG)0V=#B6zczat*OJw7hUsJ2{uyMSMh5hd-FD52sL7RCGm05X(mZpY=g50zi
z+X-)wIl_U+HgAa5A;T}f$u8#mhzLDqmLw=n_Wilhd5<|KSAIqDj^Wl8^P-IL32$%j
zUkB>jypkazBEcGr?Fmsyad9#)%*^1){i`$lv;1@Xb2c{B)}<w8a&m3_ON+mLZHs8}
zN=j;r@CNR9KIFw_rN_oWamli<B-J=6T3cCJ+bMQeTgl1gr^O7p{!{~bhL`uvo|ji6
zXgDS<*Ca15w)Z#NAO}>9qIr>=fPg@`TzR=bS+0pm+l-oznz}}aw&cl4sE&rF#AIbt
zQ$uc=Nn)I#;0Jd0F{|PNlU$IY3Fr!5+)}CR;UN*It|6(zcN)eQx+CGgZa+e&<j_!-
zo}WN#FMRy-=Y*A+si|p!X_IM-_)v?0l8TRphKBZ=eVB%XUv^Uef^(0u^N2%BT_J6}
z@XE^1pUcy>C05q_qx^P-wP}qie3}}Pe7byLd_fYrBUj)_H7=`coLt$Q%B^y7f_<a>
zGb_t>(@VA!PIGpRwRJ7-GvgaUe0+Smes|XU3U|yP$8#ltM;T0R?e95%NJ&XC&M7hC
z_fVUdu(oQhEoyfiT2ceq>xLU9lzWamvP8ZGc~mUNhreG)Sy=<w6r(zY>b`MX+w#Wz
zmf10-H3`k#U4LO?d4XAF^CYMwF0Rz9d^*q<m`M!m_0_<@AgkUyGc%E<xz41Ru5D~Z
zLPFEe*Nc0=BBRCCA+vOVZIZL4OyQp|`}z5;6nI=d$ium5X(mmrisQ>ZJ}SP#$Dl9v
zNT$G$Qj>sHNup6%F5N%&2A~1G-X!ET71Y%iE6A5r!8tk23GFd)bAt*4I%(=1hU)9;
z>T=D5|IgEp=oXt`Y(fjI5p8T-N{&U1{hwnoQIP!^lh_})3OTbObF+k4q5tBHwa=<5
zXrapL^1;h%mHj`RnLz(sI!Bc4?S=m@=StAN=>PT9cgD@MugWS01|}x<9|yVro)Z5_
zVE^SAQxtTFn~90(zxz!5R)_n4(naF`P5R$g@c-xZ`ZxXe=l?tXf9p>o;2)gi`p=yD
z{{NX%|7$jVW5qYFeB(yo-`ojeQZLZ%8&hI&y>X@1UuOL`PyXdd5a()vIP%~8_{O&D
zSRH>^^)K6ct^eg)um6fA-`MfrEcwQjZw&dyl5br2#+D8L;=4Cy42XyTF%pR5lq&x6
zMFog0-&pF6HQ)I0jW_?zm3Mdl+|U2z(SLEJk(Se6u5xmU_{)O<Acp$OO;#Cz(i<a5
zf%r)3KQYo9w}RNPprQc8FaL0o7N~D0tqKqaftd7PjP%Am86f7#Nce{tD?m)sG0^ds
zeJemLQ}D*E4gavqz`ywAja@PZ{>3k#c}9S^vEyId*zun@=8bVX=Ko>GdC*)7*8hWX
z2mT7gELK{e@fiK($2U%S<6bIwr@tKj#wbo+|1gS@l-ECO2~q&a4*>yQ0MoZO#ssl8
zNKQ^5fq40izu%ZSAmJYl*AfD;rxwU(AiqfwB>+-F3IDLDRszT#<VTRaBL3mh2oR4Z
zyr}?GE(MAMB@mB-xHKRDq=^6E(t?7Fzg(&W^0$@LKWyp+^0$%EKV1HoPv7|8>0g}s
z_8cJMA6|_BDFLL6w{1}TC^3Q7<856)4D0pAu^>gf<zAp;AfElp^$~B+5I}jszt|R}
zinr}I#^q`N%?ZT0Z<6{C-VFdTu9XvL8^pO@UjO1<keuF_H{c)kbppld-)9C1Z_f<=
zgMZ(+_w6}CLkGylr~@>v4$!#Xo+W^CP@KFyUkE7phl3L;{$b&Qj<+%p_ktAg#={_0
zfRq5@;*2+e*th|t0#IBvfK>1=P96s-BVim=2P9CeMS%3i&J}O$+yP?ffq$M|{F|Zw
zSKvVGcO-atc-YvWEo{7hZT+WGY&?8iP$GHTAi{-!fWReshyAbgR<4InvJ}Tgpp4%|
z2#&+X#^%C?L)b+`Bo2YQ^bY%-CO&SQvN$*aI0dNC!NCQT9PDv$zzGNlC_ruE6B6Ly
zC>d)Qi{h|5`K6W;6U)iV$2qxD5aHwNk>FwDQ@HSO+EZ9Cr*n8vuHS2Go0yuKSyY9{
zYk=-2jj_RGDFSHPxP4p9nw))hZ?*MJ$So~N$<+D`3?5!JLFJ1bsz#elLsV4!K73kQ
zx1UTbEy+zx3}z^B*uV*K^{~%WUteCR<>n^p3#PU7^-am?=*h{+XhONT{D0zr6XL5V
zPS0*p%QP2cC!gq=nvz@6)6>z>7KbNgMT!!M6XLcO2nh&COAAQ|7Cjo8l3LN*+R&5H
zo;I%b*F;f@zI&&AR41GxD3aGeJbGY6MrLKpz+gkG)TyDaemF+OTc-D<tE;my{YT|u
zq*v0wl$3#i0qfbA0|!ExD1lJ(p;b0MzFMY5SNmRZSaMA522^gr&1Vn>jsx!Qn~n!^
zeo$aAw^Vui)VQRu!kq~%t+9DUzM4X8rns2U8W=MZn4KM)Clyshgv8*aqPC%tF&>z4
z$?)|`3vqqV+S}?XD=#Hb3Q7s5M5lG5y_)}BQ0lss<ywATynjc4x#q&T-ld)<$=|qO
zVPeGF-lW-n_pegc|C@+n#KZp2PYoEsuvwT{|HBZQ1&kT{e~tUd*Z(U0&+hN-J_Y_?
z_bUIsPvHXl|9zkG{QL|&JUjtUkI%s4;}h`s1lk52dwF>QUY=h;$DTnpFTgWs|MdlQ
z-G6-o4v&t2-GgnQy=@H0P3{KjYWjipfk9w)ZSC*9$II(8FfhCfWMmEk87Y0h?#?l&
zk4M1G&kk_&bpb4O(g8!m0zgxt0Ql)$1!S~N0we1Oz`^MWkeS^Ic)2wIetyM(g<(37
z9NiD3*46=uRn0(ndOMKTJO~7(b^;c<^*~<r9MG|K35@NZ04aq%Ktf^(5FY6dWag&=
zX&FVp-0U_m{Cf_F$?XRm9cus+%_6|ov>0$ODFgh2T7Z_tU7&gU3K%+n27ceZ0*zxc
zKvq&CkQg)qc-d6~fdQpJYiBo*Qq&HlgRTv!WxYUXOf6ubng_VJRsm_ft3XQMAyBn?
z3)HRO0u3u?fVX`<pe_{zxVi)aDJk(lJ!tIl=~+N#SrrhQTmg7H<pMDg1Ar)NFz_p5
z1c<2K2J*+Qfs)lnpl#_2NRR6QvWjYf%;GAbdtd~(zP<)3%F6&BpI?B7*H56ny9a0;
z90E)XtN}|aA0Q~E42Vu`2GWbWLG!KzY)m|Xyn<?=t!EUNoLvO2K=oHwSApK%KA^C$
z2yl0E2P!Meft;KSz{A}Qu(h%QtSu}7CkF>0D?1&i0+r?EW&<7VZNTN_B``ZX3oI`$
z0~Z$;!13`hu(Z7N_ug@LcNY{RufP*1UYuAE|EdENTf8i4fF!Rxz%L;OU~x+TShD<p
zoUjBStHuq8zvXf=fSjZZKw+W{XoF(#j1lp#-eOh^B+h@uCI#?6*p?b7?mIpM(+i)0
zr~iSvOu*kib^ZNX5dEv3rLH}oZ(#>uX<LBm=>vAg7Jx0Np7~pDX9L(-+5lGne~y(4
z9`UcF{s;PetIGzm|N5_fKfLt~I_3-ZA7df^?`-eCm7u`i&Zd7qprXK`puoTagMvfA
zLc_u%B0-0sTwLAUJv_a<fBN|T^79WcF*P%{u(Yzav9+^zaCCA;QB_md(A3h_(bdy8
z09|HGM8(7<B&DQfWaZ=)6qS@!SlQS)IJvlac=`AR1cih}NXf`4D5<DvXzAz~7@3$^
z&@nKvuyJtl@CgWsh)KY};NTGuk-i|KfPMXj`uztu+P}~DpJ2g0zl{eR{M~zq50Fq`
zQ178(KK{3_1OKqy|C{seKl(5KZi)2|590sB)&B>Jid$$)H2{D^OYD7jP+V8KXVupJ
zu{B#$wN+dD&;GI1rK#OF^VXIeXU5O6W*AwPJXSIwTOP@lo2G#lO?T6Yj3h)BIcI2c
zY;w*yi<|@!2oORNLMV~(Z@+UJFp^O4ys3IqTe_;lz4zR6zVn^$eEFO%z5Vm{dV9US
z{(16TprGa_?0nv>JpcV=*US3v25&bwuln|~@m`15o8t73D7)db+xu=bC4YPSzP7f8
zm6a8)kRSC-{mynfpP#SWS$3;?{`>Q=-jo-1wr9@_XYvOzK0c1?*RNxCb{0>bJOTNP
zxO?|5?%lh`JufaUa&1|kt&7c-)lsYf@+<M+!2`_C&vWqDot1|VA98(HS68=b^Rl_T
zs-9gt-x+OLVYo89tE#Gyot=%+k`lDGwxYGA1=ZEnXlQK2wQJXK=gu9F55C=xJ+nI2
zx38}c&CSiIsi{FlMFm&N%gecYLqh|)y1FqsI?A=*n#<0$-MQYZuz7CbzguB6V|1CD
zo8xFaK{(XX*ojF=2o4KF7?r@lK=}LnBO@gh9c^tGzj+gP=I(Lp!Pcs?vlAsW*W~16
zgolU2&(9BDUS4o_cZY|E2i)AKxVpi|#~Y!cAxKC_;Aq5XF*7s6&1GwS7#_E7-NH>8
zgZ&@5Q&UqMUhErN+nw`a^JDzL+O-j0ZSC#2HZ+7$f?G$liq*u?xUR6awuYUZ9U^Hi
zY;IS(yU|E%Qe0e&l#~?0DU`$2-rgQoR#s4{R8T5akjv#<QOH%Ww4}RILElxdx3lNw
zn30je&AY6u47Ihj-1?N3mLe-F3+d_UNJ~qDR;xu_T^&Y7MmS#F!kN*I;vGy+Poul5
z3z-BfHYOSc#YLzj+EftCR9XXfqMuTs;EKDa2V!DkkPsh_kia0Ks~a309bsc_LpZBB
zT$O~QLP2;dWRO`(>2As4F0+(zbqb{=*UpM)a{2P*?KSfD_NMjm;odJ@a>B)n7jfD7
zGQ6pd(Wtq(g~ONe8(Z@hqF-TQA@U0fkV?3F`}tCPcf=<Xj}VW>Cnmzx#SJo<0vdYu
z4+wzD)()4PopHf|=&VvgMtE2<{0JwB%mNarl<sm!BuXe`c92V~A(vXiQcUY1wSq#b
zf`!-|QmF)LCACpdp}Sgbg$snQhle}-e0&iY;EzD!*RbGFBx({+ke82+j&|H8eZu&i
z$yjD)CfDB0-4hp_T%fd4!rs9N2`O0^nZAvwr;BJE8AEw(8wRIm(QvgJA))cO?Bqo_
z$)Hxrh}KfVMGlqvA}(GChm(^AuI}mZ@XSS!e>ve$gwWtpBt{n@Ii?J;QH2PONTm6@
zLLm`DMQg=ycXf3}oF<y|MIl<6o6ysJl}Z=-`v)*QJc!Zp5ll``aQwsY@9pj7WQg(f
z#S53<?&1Y&E25K}Xh>`9;O35;>UvBpEMau+2}U10L0xx0WKv7WETphj+dy_+2I+Y#
zTy%;-pidd$)r`pGE`+6YATpy1(OKPy%;`dW`4I9NMv+}ZrSTdH+eXpWJ%gyIaGd88
zUz&Ns$14c=d3k8-=to_9FB&@s(B5|q6;1tU@1MZ+>ARSkxktD!V}<yqzrUY&Dw)Gy
zLVRgydjU!5B~UxM!BT1gOA8AKjLi`huf@phA|@B8&(KYhJ7=6Xxq!0<9yq+;4(68e
zunnn$Q$z#8^ScmRF@&(<A;gv4fVOrTc~|d4+cSsEp*iIB&7*$s0h-3<&^0rU!E2*1
zJK=?Mhcgl2Uxw_$dX!WRBfn|{RV`DfzdDPu<{`B7+(1{)80nySkap$tPDV~1B4RbL
zcD%@ynA99-D?8y9lmRElP&hmJ!NJ}aQb_;`TZVCMc@cF(BT$@=h2H;l$N&6KA{_q2
z9bTGt*akHqFsB=d)z=YSH-@mv+lZ{1MoHfjWRE^YWcNeFbS)s7?qy@ks2Z6?*1!y|
z-k5~yWExEWREC^_DYT8;L(k}a)O6fJeeV<+2XCUTm)2_F8m8~u#@fc(w#^HUNkwEr
z7QBLD5Uxo_OZNzJtF9s>x)5HjnQ*y~MlzQG!MCaS_OJ$4>ROnI%W?RF82syhxrG1q
zUyb2#F&F-s-EfNQLQq~G{ECL)pqYj$U<SdZ(<ta$K~(=^gbXYqZEz8ZgUcuwT|`dP
zEaDpOqjO>w-tq#3I@O`5suKwrl?VvZ!0k#P>_{eqQW8;ERE4t2I#iNObPe`nd2xx;
zpLw;dh{`B{CZ`M~E!`;Y9zaF^6f%mtNS@Q->zt1Obt$fxmEf{bAufMk1j*M~_*O3o
zU%wZLBY$v)S8NTuv%BGuHHv`3Yj7`^fSJz-<ZjoI+r0?wz%pWnmytWUgtF^PNFH25
z(dZHqi|!z#Vh)`%v#2a=C;gHSYg;SQUBt(V^Q0RrpdvkHuU5l@^k)FsiCEItrDVUa
zT^qstgL!D{X}(33C~5COdCws7+Pab1*iZB7M`Cd!e8NlN?^A-{&_YBdRnnRi!tGKa
zY^~B@@na%P%;Mpl(hTpM9=I0YfN#Z3Tq&PGP~!}8h;Q;oA0eUtA#%r8P&>PX%84c9
z4zD18@F_}q7m<I1<Y0UX5x#{m`6dJ^OX5ZEFsSUVKyl#;9LZ*0bg(7eWJ@~E8kb1N
z1e3kV&o4qxPaon+NiP(%Bek>#n&Nh7Yr3E*YejZbE8=oW5JM%HWa3Ih9-ITUaCFar
z#5|MiP9|iMG`I&ABc`wgktC~rwKot}e+w}Uvq-o)kIa!pBn>}7){Q09-d;!5ofVW!
zFVUQqk$0V~!8~e6msEBRLH|$o5T4LLV&)55>jaqpNX672c9*=M(GYJ(g~2bt7oM&z
z@Fbn+?-vMdRyH!4y5JpC47cE7IQr+n(JLPpNlynPSHdT<n0T)cL8*DT;E@YUqPbL-
z3gLIT`0J<f`0~?WvKtl1s2oIQEAdL-U1+=SAiwt>@`e|Xb$t<;lgr4TTtw~6D(dg7
zp?u~ka_Ko|Y7rGg`_|i!kdjn~6YsdgU~ei;e;S3eM<QYJWd?*_B|t>;Nlqz6Wlc3&
zTFG}L|1X7nftc7B@+-CQ4KIL$Ezy*p3Z+F3jEz!p_WN|4`#uFqn*x}MiOyDeP+iEz
zxpT=lbF>ip2b1x`m#O&SSOh%CE@`T}iC4x^!t_bcEt1W7luSORvW(K%HB{bPMeE&l
zG*M}}w}h(uYbd?-2zBERP(N`8RTa$$bIyjdGzT7*Rk$Fk!P$?rIQ74?arS5&EF?j&
zRQtj4axmhPvN1L`fuZ36t^{l9aM?`@Yf&;}-=x9#uY}uy6#TG18D~GI`(M-WJ<;Jj
zeUs{^Lt>Z)dr=nr910P3B@ZQaJt*oOMrj}U+Sl)(a9|F(Bl9SpdW@>M71TUfL+9h4
zFz{dlEsr+PvqbZtIn+)O?&Gr<x_=LSq#q0O8jzb&2TepZ$#D<Dz1!hzTnAI4m+*TH
zzBkn1o8tj+ycmnZQnII$GkEyq5mGy6klub1!Pzaa_soN(C<SVx4A`AZhwa&Ps7@!s
zL68cU^O<loPJq{ieE9p8z{k6m>_P<uW*G=e>O<||B+3V;P<`VOO0O@VbZP-5_nxA9
zfo%Na4Ghp6+UdDv;VCMnAE0Jx4&4*;2#ZR9x4$1U^Gi|N*oTJZVbY&vs3N*FH}oJU
zvl*J;E_kWxVR^co=8^^nr$k(G@yGboZD?9XkkWY#scmCa#u3%ni=g5jxTMxV?vjoR
zJ_YcMEJJioD<bpj5L46yzm#g2&>EcnwhVvzLmJFY3Q;$36MgrWi60)I;^qPx?ku8b
zVGRS1)(HPqw9h|9-_upJ-JeI*jTwwRT0(}l8DAeW!R3pN@bmSDHa~~_#V+*p4x*{K
z0|iASdm%xH2#ZEhaRtgMI^pGB4v9DsYKIWSBxNEpyA;s{Rfs8VLTvd}q_z$~Q{M~k
z#Cn94_aLld0B-U12*|BRYGW7q0v+(z)Ij)SKKTx15Pee$H+2Cjs>hI6*pDlz?Z|4M
zMf1#KTz&8WL_oX06upmD(Yf#hLr)fo-gj}@$N{dQ1(=+Fhyagl2+rBV&PD}0l^tBj
zpA8HML_|acf&%?uf6*D1*5o()dQuEhgZW2uxKFXo%*+B>+xm!yrr;kL44;S)qH#Dp
zqod)U90w==WLOx-A)&Yhx&6b?5^wuvUxh!>%Pp!Ls>_78Wf{(VQvlhyOvD71Bd2f}
zjxNmz$sI#c-#xV4dW@dO%jhDyk3LwzjXRIv<PwTAr^ydjWuv}h0(r@;P?(WEyh5>q
ztu1VAY~kSGNWQNFZ0)Q_*SSI@4nk6D7RGN}$MVw3R@A;7YkP;2y$E&3l^_pzg<OGO
zR3Q20F|ho)km7)Bgyf_nB)=E|>FsdSRKYEw7Uxx2FeRS(k!0D^z6e>`4g@B&Av$dw
zDdhXqPS2r%_`hrR5&G{x#Ne&F6ldOscW^wMos%K>F%2o&LDZKG;j%gzE`i~QON!%s
z{h*)#gocD6DmDzZw$V7FpGfjtiKV5d+p+%I8oM(eXoK{<JuY}T;Igk1T>PBi?(YG$
zEDF{?l)yoi1er}FlujuylZWH<*+hD;hVX0wP9MsIjY&G`izc}FSHm-|1sNnu4HI*y
zp1g-fx_6R(>9{eDzOga#xi*khQii}t(s3s7aJWP=S~7_+p9aX3ac~V!L4HLE8cE03
z*R`U!tQ;5ZitybRrSK-(!~D(dc=xAuuKcv|69m$8FjWd5QVSuoli<STOXSmg!NedP
zj%O-is27Wa2g337pX2bwyKy-FX%hHHGI2>(gAh-$alr)$$ZSJw-2mzRDU=OOp>kjf
z9mA6toxFvGCr`F>Do>t1K}KE$<TeT5pG$#<OCz!pNM@w%_~C3S?7gyJ=bR4V`A~>O
zq%#kf;^ZImkq}p-%ag3LSpC`j+Lb^z_=i)x8R`iSKX*8|S`)2JVR9xMl4Dx9niIeO
zEfeZf1+e?E5SPSR@V=Y_ch^*kG1K6mSb&t)dZabABc-tudCk3Op!nwQ+&tD-*EqVb
z5$+6sZXVdc#I1XXOf1LW&W6B7T!{$3R`@w~!Scr{h)<Wn!k_|@Q*}6{r-j5g1Cu28
zKj)}6cFkk4YlV1f_Wm6-cC;ZTQ44{<8>VNXh{y9N7Kn#Z76I2w@i?#WhWawiIVK#T
zNePIEPexKsKC&z7F?f9pkBC>-$wyx!cq=sKDjS!r``S8|$nOQ#FnIF@GOB9f;+YMx
zBn6`Lv>sQg$);pOZk~#B-v&b<yn?pge%-8h<hXWT96!;ztZ(LwwnTgG;R0^oo5Aqt
zb;PCRQaq4JvD!GM@7+P`)jo_(PNQ#h7=7f&cK7vTWOx`)p6K#e&*sFy@$Pm$ipFAc
zxOFY9Em2(6i|{y#i}PwwT;GB0qDGXIwh-NKZOZG)CjDQ;|AqYAj<v?RPF1ZCAFOY7
zTisZq>h+iAc%RP&;`#CLb6#zo)?<~)1;w&=A3q>kjbrxCJ^IG<<i@7ltdXp)Zt@Md
z`}1RNY|?$5?yFmL+tAU8#rRzQZgmAq%gc0M!z$ISQXMPnJKE`V!^U<l^i_FUE?2p}
zil@s<q#IWW7L7wVuaItBB$;1cTHMSfZt>2>OY`H;z}|!p?s*d*M%PU~V>;`n_09Jk
z?O&JQ-gPX(ZGD63L7i?{U1##XuG29;fxGK?=I_`Oc%xRk?<4#jJ$I@3>4onv1HUD=
z&-3lyyYKM2y_J8&zQ+GA*V`Syx7XY2?e+F|J8yrtvwcqMzrCg7+w0lum-te@)ZcoO
zb1g4}^|F4?pK*B8vpTz-nb@rz+rMY~`fM+J{{DULjK<9EneDy(t$r*9VP_lIceeMx
zb@pRnVPX3W!1H6j3O^Pru`?D64;IkT-p-wENKH-U_UAJ*GBMEKj|UX{vNr5ILPtjj
zx3`^?l+5k7M@L5^Dk_TG2WNZzV`F378I!H^7wpdF!0=-*SREHDZpNi-zn|^dHa9n+
zpY9cv72J6WOG`_5y1R2{Lz<eKk&~T+u&{7$U*5_}&F$q|%4J+TnamOjl_hL#ZMgFa
zdAWJq`Gv}gO76Ttd_n@@n}o{BN=!~pax`RTC%U`4x$`8+sVVUF4M0_G9d|ax>Eb20
zyL;dwjdjJ#8_rHnP^neicoL}?QmGU&sRD8-)k)}1#Zn@LSbQETr4rWGHn6vMfQySW
zJlx#4a~6KSzDOsU4h;=)G+<{kLPA2|>go<#cDBOW8o4DE7?`<@n)Y6F-<U+SCIwb%
zTd0*5kjtd7wRVHEvj(o78SwTkfL}l{A|gwWs3}8Kd;!rd5-PbRR0<W1=S4IqL~~0s
zw`Nzn`!I5S6t`z@bFpzdt+kK0H>5;65AR@D+h2gWxd<LUK^V9-kGpF?L{uzH1!|np
zw}(U#4)?GIL}&LQx?~s$rPq<!FpaFPJIL#~i>m&+7?^#8*swJG_*Ed{;)_t%GKAXp
z2{d(2qo#8dL!&dq14~?-nx36cV+G=(t0%I{Ti_Ft4d)9%5TAF4lUp8YhGyY>xd89{
zcWZq1t`l6M+TfAWiI}Qu@F|!=eC-|Nj4UFe_aWl@9;0;VA<8G_kde{>*;lmo%`>QK
z8H2X$DvH|%(AYhMk@0aXtt@kL5T9Lwh?E@URyU)n?*=sK4e+?Eg{x%|6sNRMoGHL}
zhcfW-|8R!6RD*zmA^7AB<5I>LWL^_UZ+!&K&=S(e7Lj#r8QPAA(A3VMzT-L)LJMhb
z{<N-k+<6nnix&_P8iC}@4D^ybEiEk~sk9kcHSH+5I*9C+K4jN-BRsVXLBT}`iz$Jp
zYXKarwUCLD;1*sE-{K*7mEVMK<rI=SA0TVw33A4lQ8UZ-j+c?w_XOpWkC0Q|4)e2t
zu(9!im90Ni4#a;hP9z)la3r3LjEF*GLla^Po8cc<4bP}DT#2nfNM<EM(~1$0k_Q{N
zOi1OK`1V)|zW+vpSZy0pTgQ>od7C>kpdEdR^zkKB&8(v4_6qW*X#9yMXuZ1tXS);}
z``2Iy4dP(@RSJZE3no5JMM-%vva>R1{0L4KuLR~nX`Te}*%X}pIvM8-(qL+=g-DbI
zGoy5T|JO_ikEg<3nuhecZWIkoqF`W_+lwomUP9&E8d~Sp(RP0gb#p5yzsd6B4^WoZ
z3Lo2ic-quJZcvUhzt=)&6hU$uf*4H>ZV(Sl-MWdS`s)bIXoIa?4kTyOU}=~R@ySG}
ze@KOcARR91Z1{VXlP)NMUu+9%My60ZzJQYPhbX)I6wQy;(f@D*T}vBiSy)2zt%t}f
zuSH6_7BvlBC@SwlNog;#;@jZkR1NtL`7k+`0PlcgbPo(6p|KAsZNo@z8%12xAg*N8
z!zH2uUbH50#Z5@AYK8TsVjTOT0Q_%qP}e<)qP`gvU%QX1^ULUYxPrdLRn%R-h4kib
zbdTPJ@SH7dNH@mBX;4*DgHqDR;W6O|2@N4V(23ma9(eg^k&=~*z?ew*#>UZlr@=od
z8yB4NkkQeP*oJ<D6n0R3EhN^Z_+CFBftO2>oYo7sD4NsY9J(GX(%e@tHuo6zj^Qwu
zY0%I#4o77GoGv-SR&4_Z;xz{cTL{gZ5f+h%x%;!521s`{%_D?#W1uU1!rgJ<QYh4C
z^WYJhh$~5Xu=Op5+M^sl{4E=DBQ2sM>k*iE6*<k*sGFWg+w=o;Pv6G%sTl-Dq~N@H
z3NkW>5FJ#BOFrR9Opk|Fn}Kv~3PeV!2=%WaTenVncb&^WGP`GN$%m=Z7?yToDAbOS
zewPW!w_50b6^XA8XmIwgS}1>@wRb5+KvF&8>IYFaI)&=NNeoTQ;2zmuma`j~xDH2G
z;vZQ);zN4jU|9htuY7p<7UHr)J`6u29UauLnfv_NCRaC9qNcG5C6)9&F${8xP?&w4
z2pgj;D9@$9##{p%`*1k>#v(i?2Z<HcC~WS+_^lbNt*mmn(XG7Z<He_lNGjpZ5L{GO
zKxJM5(U}~a{vsKsKPKSz%snp8xbX`A<>u{aG_~{~DXkQRrA_GQ8ANq+J30q@(As$w
zgG0l3M7EmCW&iYZew^ieH&~vL{!QPxi^QyI#HLjur=$g$Sv8m-d&_da&-+1J_J8MI
zgf6qU@yd+jR?hopKT4N3-J0Jj;c=h*m8IpyZ5Uf?t}7eQ<OsKOuIuYuzLf2Ov79oS
z*V>v6zbzbJdDfTUa{1>q9X?#&)wNyw?Vi*82VQRgcDEeqzxO=$>&wsm-bO%g^9uhw
zzuVR2DgOMQ|2gC2ooD%X?o+;Ozizi!mBm?ugM-`g8N1k-+0n643=a=;=a+YyhOPcj
zC}z8H;|3ZVn<yqs=j?iJZZ;AV<KXCE4~0z5#Xi<*HN{!66nkYOIVk}()m2=)my@lf
zn9YTJU?&vUH=we$4d+cPDekxo&mb)VqstLXzK<p)7xMELC>F~{RYNCw2d{DQY-nse
zG}=4_N9N#?brOR7TJY7USKt!Y0l)lPNa=ct%o}T{8hwJ;kOsu37ebSfhx(QdZv3cp
zvPU^Bh}Jg3JE#yQXOhY1%R@}#4Ma8FL*9)g6iqCl<oW_GsmR|w=?Obq4~l6+QCwJr
zprmGsHw$q7Tsjoy8Bm|s!p*Y+71wT~{MHk+kq>xv2`KFvKzu|g!aX~1QJD)5_bgP_
z)+3r=gy)g}9$Sr=@>Y08lV2q$MsofTYNj8f>&`r)(i#vJo(W%nH=;u{`EThM8oY(}
zt3$ANRl?rc7E&XM#Y|Ii?weHdvGNdC*^7<|ivJ(XLz7U6i}ocHOJ+b~8jHxl=IwR7
zH#djdcW<G(stZZvM->$`qq?OPgX9M@`fl0Wmi95kX<88%)kOZneU67#SJz%^M>cls
zkz>a`^7FqB;e4;PjcuE{{@flX`^HT3+S;>cBL3s`)W7d{tNYEA7UBc@&4hg81N)UC
zrC4}CPr^H)7RuEkp%qVR!aFFpktwC7a=y&WX8%52lVAUe{o8LLRPuQezJ>6!J?26i
zE2-RAv4<y+N|Zv0^0Pext|L#WQcC3_zW5!UU<aff)t?_S*zu-spttjz$ize>eD{b@
zEVkfFc6|8qq(Ugz@qY5~$sKP721j?i9Xfb$#~XnX$&?}iPoR>kg)c)&?^&co=OxB`
zp?JG$&w>5>bTl)P8r$%UOa)T0RQ}nX-<WXM9-`2G6CwmpA+jave8^SoV>Ji%3y3;G
zIjb;x|HXE?*G+InVwG?Y&x9|aZ+zXjzy8%L)@OT=pGVuL8^r9xU4{}J*w5#g$%Q7L
z?XlpC#7gPEnX4=;Rea^26;c{uuSBTabKo#vZo@mcm-m%Wp%4q@`}gq)DD^aAQ#i)A
z;l2OKCx6tv{q}?3^9+PCrO?7iDCd3f-g_VaZYLtUp}_UqYGNdo3d}84Ql*eX`J)%x
z>+vj90yCb%Oe!ZD(qbBmltN=3A*&EcC5#+OGm(NP<I4yEzDy?M%N0BkF^-v#;rR*g
z5OvsWNz*^VmlzvKrRF@UIVu(K#XLQ^kk30VR1!0rE7&~W;mK4+Vv)j(hB30?>8XTr
zBR-)(K!2VpBf(ytfk+|{(olRQPbsnxzN5p1FDGUb3wdUI1y9L07fRS*e4bcjB4k*I
zlnS2IO0swF-kqf4roQi4dhFX~97Y_DZc4rpLFS7^rV^4j?(-g=5y_#DnCCr?>6DB?
zNwjtCiBy}dl~UOro|VX0Y4+Kkk3P}0-5h{1%fS=J4G$eRG~kwP$I$y#V)l27ZGIz?
zDCJVNjtAb~%lq=Uq5g@_PaQP;^2Bk%{s6}-x)t8;AXCX@QiYJ~^1)u7;gLhUlc)4g
zo-jDXJMjhYp#FC!4Nn}_*E@OSyO%*w+Q@_ouK$PB|GSeUsn7QO@*q#|=;0IkUm6}c
zX7C)8=g?P}3-%Bg!ree9kPDT><u=c0yj`ZC>qOX}WUL{0_f0y{@|&?<g!2)4<b9!%
z2pA_Sc57^9X7eFy{Lx<Cx1^Q~sanW8B;j-w<6c9dz)T{tR0$P-+O0b&W3f=e0DMdo
zBGxycB^Q~91boJz#B>bdqe6+P(u{Ryy!9Milya3q$<dflFw{R~V8}am;`2jCUqeor
zsmw}fw1+woMVU(eR%pb=Gi2a)$5hTW|A6TiIf;@~@e+y)_^jQBTQt`#l#pbLO-m^x
zIg=Rgs9;pmQz=PLkh}|b1<K7)p|Y@GfN7cr^hmmHN7Lu2!WWw|cxDzl_9NoHjO$1g
zczV0Y!7e1@D-_If?jdlDXq&IRlX4P!jzf0C-Pp{6uQX$Qh;jx}3!zT+33*?LB&3f%
zC&MffD_G@o7L<|gkhQ>!FEJJF23W4(Z$bX>HISL5{sjVHEL3bk{^)f$A2N7{_ZQN{
z<|2uy?v1T3a}>T|W>BKsol8t*3_2~#NfKqH4ezj2$_Ob^^944%-x5FmZnthC8MzXy
z<L^m>on(qYMT<-wI3MG8+)7BvAn(?fOd{*~hfOgfw`0#2d<&7-W)GVO2TDlX&zC6p
z+*)n}Q}9fra&GqDO66i>-nSxSA(NKf1`!H4^vJ>-+VWiva=y#!NX}<^^5eaq=&;i>
zRx|lG-l<3oltfrQu^XfBmY1{ZM3uB0795klM{F-r2&Dg_pzf@eUS(#Rp26;dLq4HE
ztYRjb6C5Hm*_VSyPZ^MakmY0g+u(%0p~1^kKK<2+91&Xo&=-gF4;?>9%%FGtbKV!H
z^vQ<kQ?=gbUmidFG6;<IBqUKfFnYv*CypKB9n&*B!aIJ#@X%}Ynzd9;z6X;}Mo5w$
zHW{_>-4pt}-=039|GRB%zU$CZW0hFS`hTG7PmYJKj`<h6b$vnaaEeTa`Cm?)GUTkL
z-YLT)C-k4gTi264D49QRyk+6vCj<X~Bt{C^r_X%d)fss21!v%kFAty6KlGw6Amz{$
z?{Fi3V<Iwr@BKXobQX)V)Jza|I@$lmQ*fsCU9wV}&Xs`2Ju@C;W|C*JNs_%=)`<=A
z!Z07~IbguIkTC~HCKGQd{Y{;s<Pg{~E)AmGwwj#qDRj~)kXl%%B%9q|JtEoUEh|NC
zoxn`QG&I3@b+3=ehc-OKJ7_~4Ih(^fES4IPuc<GUD&G|;6e^NQ!Oy0Q_gnHm6#{Z$
zdB^!`ktv@-j^Dj{h>y2PL2Dx?d&k_<QxcK&zM~?E%9^)jWOybbu~6}9Sij$MfGJv`
zM8HWk)4<zy@6|p3!2EM&^%cZaG$#v+82F~Iq0S$-Itg`J=}r56!kA3RGZy}mUQ7&h
zkt6dBh*n!%bA)0!vO&Zaq$pku;{7cUq(=ENg-T2ih(_CH<0RikEae-&5v&ikU@27+
z35AzT0+h^J$SA(yk&@VCRlOsxhV$VY!Z~Dc^3{NdSD6u0f5^gks!+*w^ihz+QsnZB
zIrIIGIe_~Nj~eh~o2HLsTw<&+qfqG8U5OD7JsYd@jdju6tNSrFBnBp{t}>?ajGrB5
zpH6A*&~Ao$e>wVQ%8kM;rreH+Bq9ry#SSl8M_mIO3kxBMpJ3A<zCzF#BwGA~x?BmT
zBgr{Cz4znyKH+`y;ZDc))i7w`PY@%^H(ddq-nNIz@qmGif+AE7{Bh~)VA0yMObO=+
zkZZ^JbW#f$Ib4e8NWMu!&Wh}#$ddl(qRf3<Kzd*+KBfD!A?&My{~asx3sWNdw~|ns
z!RQN-D9c!EM%F*)B6hB|>_y~0mvUN^_@1vI?V{KcZ{lJ#^VP^~m@wfYq7#Yu5~;}e
z*T0eprKE)a#5*D98MFQ`^inXlS1pv=@QnBhViei7m#@$z4y=T~{uQ6Bl7vtG1p{s*
z6pMsv;nr7zEBP1Y|Lf)If8$1y>+b^Qe_$LWk$}<2l6~u4Iq|`g?Z9`~-NVY8TObG)
zoMF!l*Bo-fCN-Y?_4nSZZhnkLw(oMuFSnLN_D6Nqt5>g!mz2(Bzfaz@f@jGLR2-5W
zFpcSNa`K*AD^bvfnSBCyB;X<Mj4~c3Xm*TkIHDW{?6uH(s%6}ed;)XK9j6OM!9R<A
z($Y97ybWtbXfq5rysH;(+HHSwGI#i`(_^*UxH79+kGJy;0SbIRQ5xiaGlv!K;KD;a
zWc%va5dr^UDOwAa%^s`R!jztabav;$`9~PF=Lmk9;J{Yg%d)OELn6R+>!oeF-zYM9
zzN{b`7<FVgi?Dcr7%L`O4?bJEfxT^Ew9Vw?80qk|t<Lv=Dot^qIkhG)PP42QtsRR_
z97P-wUp-51TG)>!9M}`fCfyBgvqst<E1h^4G_-UJW=$5oV4{zaBG}7@$B5Lx^2WPD
z`k8N0TrP6#lLO$yn38MDrIfz1`yBp3A<UK2pp226Roi@l4Nzo+`$(VbH#9k^O85qR
zc2VbZXIsx}FZ1Z60cu;UCN5qJha2PF{^au#XO3sfRtg<n^?B3Ue!j-FIu%j6-LAsS
zzhRmnUwLElwk#e`H95)L5{0aVcx0ij4oJ)j$ZZ?O&^pJ@7XBlCIypi1SXY@hCX5rT
zmP^W*$u8aV$A!??46@k+`?3Rq>lbSTm!F)#q6kd9lcjrGDeO{N5X+$lXjC)c+$YgT
z^RBU@42Sxn-QFj=szo_l<R2By9xD%rUbS$WCOSc9Ui?FNDCdSVRHa#M+L_GE5%$LQ
z!0~X%b?~~$3D*}8iXJMA!9n}(7<TKb;9<EUn;{V<jBG+5Uf94_6XFQGWsW7nHtw8;
zZm|mNDw;UXFJDfwoG0U`rbYNn5!>zDH*hkIJ)mITBxmE(;Tj|@(_-&)j0dNxl)_;X
z@F^Nu;O#tFtp$^(;!V3^5sQyB<;cw_VMm!8Sev7yipPiaQSE}(fbC`ySupND|Kqn;
zmsc;%Zecor*gtfCn5T=6tGa5-jP7J))~HwK07~%x$0@y&i@&55|1CNG_5cxSOHVj6
zm2^k#Pzf)TtO?m9VMV@{@{k37)c9Wxa0;}urH{eRt$E==NKH=S*qO9T8e0*b*NZf{
z{O;+~<Ysm|vwV(u-ma+Eq~hU(L`KTwq^!zw9|fFsj<OUPdApV;;Mu(7)6#i@-sV0b
z;u_YjtJYG(L9pA63F*!jhDu9kX_~$!evvMTv2pFYR8VuTolcdsho!h5XW1;@78RXn
z0gB-%pBQZJ()wJ3&(o$sm~IOM4H#U=IEjY`fP%VF7Ac*adUFJ@7VsOam?5au3IND}
zwu~i2z&%1@%j40(git?B?pQ#{!$~cWUEvN>;z2saadi1e$2NE#CSa;dn2*|08h{Gc
zEN?emj;BJF5xjq+L||Y9q{BN(&ZXT+P02Q4LzJC0PKKL{RBs%b$Nc@zIH7PErd!%i
zjTIjI;jx`J)%j3R8SPt#5J;C0h}4FaN}qUZ_up+Ul1J#aZNUQ9<JFnMbpQ&iE%I06
z()?PxX9`2sqJg<&B`{jGbpJvh%=mnRRCj6*=9@qZtoB(~zTvj`-y|JZ{?#F2R;Ejg
zgKymVT=XCKiQ*F=>FpO&U@p9!AfeMsnLv<yP<&a)>|FYBcBXPERFV0sphRD&w9bqi
zV%4_8x22D4p8j2NZ}8<(8NgD$2^@%GrbYdV$X#Yi6APE~%62>>H?^v}IbQp24%fZX
z)3WfJPD&B=5$98aE1JmG=rQCZifiTeI!B<V#liGHz?*8f#rY48@->F%{X_0Ik&C!~
z4W9d{MM?-fj8Y}8Ufr<?qBEHveF57ebZ{@?mVvc<i}1LOCH@K^&_;u|&k=+?gtYK1
z#jM<6HpM^c16LB!ve=jk<5#Z4K*cnOk;l}~p0x4L7^sLf6`?U*5T1DX%;h1ItST%d
z3aAuKlT&i`s5_jEs|S>Cc0CgxOdoslq4bK-b-d;#ymm!Mq~w{=3SlHx3=8?ljPf#9
z&C`~>o+l#{A!`TLRBLmr8Q~!S`&>Yz`XPXR|0e!ciSCIy#pfbq?og?U^|W=FoVLED
z_0D)qy(*{?TCaQZZn7^UB{rr?BM>ax_|~$T_C8fjFv574o6wA-)WYTrsL_63<1CD+
z-c<9K=GTFBaG<Irga9`eMM_mU_ALYgD*CFo0UC5rKGLu*0o6u*#*&=TTtz%w?z^G;
zJQS7)Q!fLQ=c>xrc`cM%R&5Pn<6|hA*}k)OM^eE4u|3|Vb!GbFoAlnz*dbDY<n3*m
z4FGRJgtQ5!$=iDusFcIwKC3G*klOt50~x;liiL!nY3tO>|KChBv>kk1&%xiqMteEK
zgQL`xLDIbeMv;OrE%!XYgOaholAa~+2KDK<73Sc~s4Ma{mN!agEV*^keYFhC2%-d6
z<N!m}K472g?+<xSA=u~|#*LSBA&g=LvD#+vb6$_`Y4{+3&Z^TfKn`~m1dOooEcd7q
zB{^YHr|&3GyX5lhdR&-3MlK%d@kmbZ{&;(Ko&4;jP)XTxLRSe3O!SX#d7!2a8xuyO
z|EV9HNj(mHFlJg>8OT2!9e><5(k+)an@+qM9;1r0E7lm3If7H|QFCOLCt=Pf$)Kd`
zRNYZZJ+NMkf^fe#ymA~zn6)Iu9wa{6cOd<1lktswvr2ruh#i8z>Qd?={2(Wot#a$3
z!xUkf_49BInOt5cf4A$!&}j7;A$!zy^$=pZ%U&~&`iY1#pYJIW7^DO1Jwn!{vGvJ*
zF&c!4aOAB_u^mDAyxY#e1*s|QSSBVhj$TiV3kMR`(!q!d9nlcucd8od7Ke654-1p%
z$u7lmJ{u?`xGsYyA*pnfHTf`Pqr!+VuV*QT$tNeAT{F7o%v9oj&d64|Lkv^hhoY}f
z_sNZ0q}UCBWo)lxY_0+MdBp0nvB)5)8s6mrb=N+<xkYEbsva|xW-vZfe@%6*=J!gO
zkt0t|xT+1SL_p%ll84BPf=YvR6k2ubz_Kqj0GTNhTm!6*iifsp$1u-VD@O%`T|+1`
zo4u9w*2%a9Zw4uxTH)N*EXrvRlf*o1FmH#K@L1=Ujd1sfr6VsU(g!A8>_@39jW-f5
z7jp6}tRcm`P5qlBHTZ+>p@zQ)HMtu-oK#z~DrfDP!A<5kg46k)zpXp1Afd{CMqQK4
zM7jtSAquFH6%;1%M3>HGl6U&5$5(y56XO;&A*Gy#TU?uLf*4JP%cd{*>O45!+*~?n
zRy5V*B>11D8G98gFcm|(DA(HhSOLcH;*Lf3^@{YzWKg?=2m8>rk(HCvLL8-ofU0{Q
zTk1nzg2<7HSxb)hxFZQl{a~1WUd=d|Dyp!}5M4Cn$PK>21;>uSt11)yjD{_X^uEIH
zSqzf((<9*m2#X*jb6;HdjGlJqisiZAmy30czx)sXcEl@jiqvr6SZ4XWiFBXD%bwS@
zTEwInQ(L5S!2z#tO#hy<hxqXASWHn&hr2xS50>?0=tI1|=yF9=T3GqQD-ny`doGKB
z;D*^HyumAs+QElG`3Ouh4E5)<wo0tA_9rd;oSW`<E3mVxGmM7pyHPDz*JQP*3(}R?
z%1hW}mDY2`K(HD~k2FQBL{3sW59|te1)6O5j!#B{hfWA3lbv4JDJ}f)*kVoJxPzmT
z*DXOVbgcmV-4cXNVjSiudmKmB>L%@BNQCjiG#ssS04%zPb{5kyfBsq5d*jt6nJxf3
z%ek?YWL7^Fbni{E=vaEG(h}Us)p?asp%~*;n23f3<WT)p;SFnUUHTQZ_0159<zo?f
z^HRvgySfm1YF!D^dWAw#9>p3p=`O;k>2>#>U#~L0E!?7^OD~dJOroy<PT$_%oM}$E
zjO9nL7(u&7?$l&49}lXT>p>zNQH!1)S(ZEmQP%ZL6zLGc42F{rfEugh$?Ur~;XM4i
zkD}HPhezHimwGtt>!Mj#?P?uvkpl_P&P;`n0eA?boEh1OZ$0J5oGhOu|K#Kzm9lH3
zmCS48$8+q6I!DtW?fC;q&^luh^MTtn_QVrCy}h{|7(UH1LEnSa*(nkO=&|G{EefMd
z4`?VMB(`f7`|}@vVzJAfO@|ELAz25ihvuS|%)7H{Fr%iT?SOVzu_;0QLD}g@rS4Wy
z(w)DQC68O`T{Ob!?Yjf#JV>1#0SQ%|(ue;-Hku_E)=r#4%`QlyYCP!(g{i)6N$B(&
z@(-!TmT_zi46mrmZSvK+32N!GEp#0%PBgk4^8An|?YM(ov{Bds+TGjLIVENM5~PcI
z)#PM{yi1M5VDs`^#4N6VYDKkOWC!&!FX7TsP1Y#~7Ksw2SVV0QCR*pq2I#c{gAJvF
zLWf&Q0u|9Fr@b;cH4N_eAJDbI-w<NQ(#!O)4&q9Bp)%5S{H0ElVM@0NPV<?YVFkP_
z=Pk~PS48*D)-iYcD!ec12fLgJAt{)oD8;h_=lZd2VAX+h{rFcpSGb%v<Oe|JMXE4K
zJFf5`gR;&0MxkbnHG<Y-%u;%M%z(rE_#irC3Z?F3-b0T$Lb;W{h<4-D9BZZ_%T%|<
zU?QA^cHxiTJ^Xb=&7rWBn#|jESj20<ugqf!=EiBhVaOiq>OXz+_U^2|K_kf9MJFHn
z<88psn5r<peT}(GrS)4EFKqn&=KKC5x))EqIbE7n@?0Yh$q(`jnEwXsA#L^jLs*AT
zPJg($J4^l(lyLMcOATw8aMnTDy&wUY{n}Mgt@e2T{oRMN|KcjJf)~R+vz)_7O)P^>
znqyHb$^fOxu_5Zrw7=fH&+VjvbP_lfR>|+aiPSW7Wf?tTS(SYATz@l=x6yb@mddOM
zkxwIir0)Xh)V8kAuXde{5eMNKRpEp%+Dq&Qp=>aGo$cf&qY$*QJ-a)6wQP2}fjoF*
z%1b*Xdn@2kZxG?ORc^w%y7IW^LfqYVUx~$AP#?Z%)IBe+LHi5yNcmY9kro(Xo194a
zvqr)c!!>Yb?L$`+9MclV4vX9;dwrjouBw@QjKT^+5tOx(#+zJTUUf&oBiE-u;qnJo
zuibATaeOlLm8p$jZxP*lfbqxBi7^<`YY<l6fak6eO&^LrB{xRp!d<BoDSlzfH!Pcb
z7w>xe5oQC{8yqc);28Tg+?CetL!}GUU!Kjry9zmg(&jstiT}RuWm<kZM1!l@ybr8*
z@BgF_AK=8Wvv=Jz+v|&qg|8PgAYn6uSuRW!H6OWH=3D!p=ii(^>;5s@X3Hn95{{nm
z=WE*D?lt;6axlqmx0~fn(a)3R_uqc^g41b+7td$wX7l8g27U4TI{Eh&W-DMG>z{rf
zy;orfTm0OWM}UvyF_imXuIk&%!K%K!)JBu<)iMuv`EeWSu;DC&Tj${cS<l9OTQGCY
z^Fm)9hVR)_=YSGb^Cp!)ba&^+*6WtbSyivN#*5fBU<&fDsNfbC81UCy5E_0T_heYg
zyu*JQUIV^k=T^7yp<k-3==wzO!}oNCO3ZZZXLqI63`}|8Ss~?osB;|FIiEUx)@Pa5
zalp834Qt?vl4z^zNptZYWqoMV{V3U&f9uKi#ZZ<2y3?RR;0=Y)%j8+abn3GG9W|@}
zzjqkWn6cL|P&{U#(1Rgfshk4{$D(BRfolfa9Xs*br?G=(h9NKTbCJS9OMbtQ`t9%Y
z?BA}go?YqVoL{(%YZD}Ti)T*VwgkYRV6C6nVMXnm0JWK0q4mx4?js7I3t?4E(@tf`
z#E#TGAfL;n6FV>VU2A-ILr}<bRH0p7J=M6Q{SSiX`%1}=t%xCL1nkd-UwZx$BW6iY
z4t<QnBkeyZy|WJb<ae{@owJ8oM|S`02au<)J12fmlJVV(X+qM$>V+*0N;B4~YJM|K
zo}XV{Tq%cjikYq^)L@2(*`#Lu)Uid)>w64=-OsbT+2bt5u0$weO&<k`&X4t(=jS#@
zt4yW#Z7iEtYTJefpa`=h9z2#7euJ_l{vSA8&h-C;p_`y|#2MrL$1(KsX*2r>{?mf#
z&(g(g?k@i6#oIdn4LiN4!&jyk<l>)*y#*p{`0XjLk;m1?kc{5AV#QX-0k0<E_(O%?
zy-68<Mo<5P+y#dHNz<B1JNhl>Qs1zJkM1lrqq(uXP&ZHZvr!1@wP0i&Su@mU*{lLC
z23q$aBC&09Qv3yVrC2)pDFA>&OTArdR~uKB{mxqahYHg(hP8x{cm<loSu(~p9g{Ey
zr>EyjRv{IrVyUFAl8ni(pR@Nl_faJYLpnVl5=*Ea_j&Gl?6Z%h2toPSJ!;9?+9m3D
z_u$aHkyzi}YhVp%UaD^1HrJ#>*$^Q$QWeNkl*kPJ+@DQs0y}&<&!~~9>}<4dTg<IT
zkaBe_&i@~gp`xSn-);GzB9s#J^5ZM0?;84af*QKGbT+8fZqj3w92amnw%vH(dPc%5
zx%uqMZ^Ag2Ihyjc%<8AZcv8~uO*yngz;Is$;d1<_a5?Q=U2jV>ccg79M%-UokDp1D
z{<r;YP?=0h9{chY|Lu17_uI2CvyGP@GGwhXg#<ZSnwhfs;mzq*f{S#2)2fj@yiM?Z
z3`XA;C1yOI8J<(&M1EXa3j^&mZnb+9XDL6$rcZnM##d~s9$;BDnU^vjJ2L+}eX#(x
zWn^?QaAf2gPt(n349H=3*9PRxX@YNf!WJW$fDnB_4wLP@F#75(YA!PM?i7Pa0=TW3
zZ0hDa?AQ+6-QACO>=px?d;>Ac>DYqEvO%$)DF5j)Jx$9|UX74@pSqO1S$cbmRNU)S
z-fJcz+W%Qrp|-*t8G1;M>`fRiS|8>i$M*feqp=%%70iT@?Lb2c`(fphZ4Uf!GS1pr
zUqtpzyPra2|5l-q1H)$Q^e3JDjw$iyaU&OWbDxKpY@WY9>up5}%aw;`B(*~ksB)P<
zi1`1RXTRlX@;=QuI)6(M2fl#z_s~)o!11oy{L^%%ID1g@RI=_)!a~JiRTC)9g@9QU
z1qxcDAN`~`_^Sp_)hn0jDXUmImwrm+7ieEEDn=Ddq4>$Kkf4|myOEV<A)u`hlxv03
z{o%B$4}9&;Lu$oHqd`DP?NaXpFmrTK|NL;e>$LTFPuGXZZHn!RK|ejp{5dQF#ME8t
zxykwLMaArhI%b&JHHN`SecWMeN98mv(EVZhS&r6R4r^$y(l`gOwZ)uMy&BB>IR0Kc
zQA)4!GepPk;ZY<y<Xcmk*9K@$2Z&abI>VD2@R4wd3=~8iWfDA5(YH`aDu-+PZZ4vd
zl2V#<y6-ng(pz7vxlLEk$BBhxklo;5!+D_&K6Q-MosVu5Bezhl@MeOdZ<rtgVyyvi
zM0jZ(1h}tSJtQF<MwlKInC*}b=Ek8mng?#V#XdJVp{977?#Vca<mI!p6k@_YV!sD`
zVjO&~+l7o^L@VW)hpvdYXrairM;6K-w&V_w`v2kdFq-xPI~QPhO-(^(WaL`%zXiDu
zWk+TIZc}R1t*r<>_(+TU@+c8{vK=$FSSH~9Hm`=Jo4>NJHKQ|to|cIamlQ;Oy_}1b
zxatp!EC&h+8t52nczq4~d{5nRkvEZ1xlvl)=}gK36^kRpAA^%}B<i_yEyAe?`-Pgy
zC45Np@y?|v=H=z-HvPgPjQYb|x=1|U$dqz<4kMVB%&@nM-M+tn<RdV)!V@<Nt>~<{
zEi-JqRCDAk6+^>rPW#H7-x9k9M`26D5Kg{vo{u^~!aen{UN&*F`$;r!*ZQqCZA%qx
z3#Tnru_*%D;lP2XKm^4wzZ=r}V74%kmHL<4QT7F~;Z|~=jYiwmocw$k1J0-j|GZyL
z!fdw^ZIGDqC1jB(MhjOcba6mB1Q}`P5RY0V%PdW1keQ=pi;hpI@1gaz#SIiGPsww2
zC*Wz@qUyDa8T8-wZ_^#vQ=?Iy?p($;lKZP^!uGAcw;}**O=31xcXtFypMQf-Ux7D2
z<sw&QRbPu~NXc)(lu<SvVgNROy1w2L^`xA(`OAf@^!bgflsr*SA|Vl_$YzW6ZC;#-
zp&^3<ds4JfYcr2}#&vykRjfiJcISnI5^yiec>Wa;l0^l)<qiR^kaz{6VbKzF`_&NU
zSXSy`jWF6S3}Qgv6;YE(;Ui#+qDMM}Ws850n!jyk?YnkM7pgo0-uG4`mB+nQn-3#;
z0EwUqZnXvMMZ-fGu{?eCWZL_-yQe2pf};svAGJs?&abZj;T1-=P~<FMHR0`+3yV2e
z!ZMYaeXE7RS`9lYoYL!S%pi^h2&T(V4(HNM+hXvFmJyInRbDw(0}uKmvjVeW3V7gZ
zS=E31^glk{k4}I2_UI5dAADQvws9yR8#5co8k<d)SyM2h_Do7&1rhoN;l9X-5(zZ}
zqrm1>@6FkVU_&JfCX{o^4dPL*k0$|*Hq`Cp7Y%2b@=aac1*&lCen+;T%(2cvH2F^#
zh?cJk9IJ?jF+IyNCi9)a<h}qw($3!7Uw`afeY`kVQK+A5g79nBn-A+FA;>95*GLiC
ze(M2r>uZ<tt9+C7K1C1>F~ekY?`}HXB4$K%<<W!TsLe0-u>i786u0DJB4Q>}VcH<=
zP;#AQ^W(+!mF#V8zY7dFb%02TINQ@_+}|ldiI?SGjybHL5h)vzUglNq*NpL0p)S&J
zrdN;I#wMqTNu6gY6rb`cmF>{}RPIz+HsJq$70K(?>e<=ruT4-*$XAQ&ClW<2Qv2fs
zq`Pq>&68>M?nKXjNH%{wzv^wNm@(7=)vUtf2)q|FPI>TS3$k9>Ov8k)S|W#^AtLrW
zo#P-P@a<V5qV7J`px*UlGWwLycB)VL^tZJC$$!wDab@3PCrWU{`*1m(gXy#qnUe*W
zpXD!lZp~Tj1_z`HiOzH!M8<k6aqpzslrG(gh3KtrUiDZO?KyY3vq}G<4+I396E)9a
z%}Qw?X;vg1O+!}AW2C!J$*TFz<!Nm%OQ@krLupv0xikE^Mv0G%0TKxA#9RV-(Ik1W
zkb&H{*XeA_LRnuU-l5Ita#<voGKm;oBaQIOQRhIFIfQWNE;NxuHYJ(zTaDUWAe|HR
zb;|CFNs#vs=D>hfz+Onp{yxlSnmnppum++zRJtB`SLi_s?@xhfteq|@>Eu4eUI6fD
ziKLKkASMwZ0hy)f`z0JgMu3ozvtk*?kUU6iIFQ#tXGBa;jwXix<^4k{3lYHf>nLLk
zu426qceeCKu}!2WM(+`FDP&Q|p4nzfd!S{`5r~?U^#nWrdz2fQR-T?m(?dcILtZLF
zMk&^w2Xf~?u7Ea>fmEMr6FsAyyqA8;=Dq_I@?kPxU&ELy5ZROUG(cjL)nMlfd3+vn
zFF(r~L=F)0Xrj#gE9m0V&~tekv|xF!_VQfS1T;ZaJ5kP#RkR-(S&?3LuSy!!W0&5b
z@LC$T^j8^?4VchH4slx*6GiUKCQ0o+E_B=|M!`M_nzem-A(NQ;mo9B<YAuy1lzX+2
z=cG;3OK}eg)3BbWX-=OKk7ams&y%r@7*256(-{+tK*>b>hLJSz4ejI~@<7c^31E2U
zkj$qZVk{@rWTeSaaMijc;`-}wF4kd?seMu=HYIL?;bSuf;uXA%BRHBAckupNA_uyr
z(u6%_*0|w9k6bU+Re`(oft7=vLIqURts56ui#|cUETK2yAq_0)*%#Sf)NlOa8cps}
zwW%8`Yhki%#b|G$4CFnBl0HN>I{Y{%NqQ$k@BBc1*ZCE*_njD%FAu-l!9U-ByL)WR
zXt%4@Nc1|n+MEQ^99}o^YlO%$fM(q4uxHH410n<PMM3KY1&N*`E@eUnLRxi$OYo0U
z@Zx3PCz{_ErV?+p>2&i3ZUq^)ieP)Uehm1>xUa4m%xl!91)S<+6-S09j;LTX{x1U+
zBe|l?Kj)SK_JDMfGMkDeCKIi~$aD!O)sUhf4T<C;{n1?iB8yLWl#i5(1Cy6=DUR!c
ziDq+SImw969oR;NW}KafhlGtm>~6HB!a8gLPBC@p6^$9kf_;5$19tEyWJdE~R;Dza
z2F&YBj&&J@NvQzo!hx-8r$#MR#>su(Ad)RA4<c7DgnL25Lk^)kJChKD$6-rxw1ReP
z*<8}#5knqrcX%sIQ{9ChcNy+e4k?a&r!Cf6<FeJsWl3tak>X9q8GZsfD6MilCrAzs
z3#BE4q(2wgiiDVD`NFlE<9p(K-zZ~((-^>P1h%fPIa&*~4rj@CH!pn;#tMN|`DQQC
zl;eR)P7rF7_XVwy`)QIXNUh8qxzWJ0w@1Jqn7e_K;MJDsSC)4yE65!&3r}j*b89`0
zEvP1ewPitHeG-w0tcX?|Jzx`Zhwx67R)cAIAzR){v~kM7P&)VwN?IfPw1ATt%VIZU
zM1dmI38~HClD8<GrhAR&Q&TGh=>h4;_(Y5nLHRx`p|O&k$OIFaf_qqe<om?xF~eC_
z4YTApt}Z*soj}ULa-SBCC{)>4z@uOcLx>3D8lOz7dor?4)&7yYUQ`jmzzLsY3)PaM
zqdWq=iHsbf{}?Zl8-e#RQB4}7jRoLYfRrKWemGG&B;V2#?Mx%@#i`@EU(oh?3azYW
z4ryq_iKgeqt+&?l`M#4x+q9CQ=A7I1(y=n0rg|>E{v^f{_MKQF52n$R7NCClCek$P
zWKmceTMHa7%M|_P=G@m)Eii1jE3<MKh<Xh2yL<**9M|l;R1V<hXJmZ1>V>om$`xa=
zoZ-BWlI=vV<7rd#)wLo_Ng%VoIKPhMcb<wSAd4aZP6m*5j=u2&PUL~d8uSKvay3lH
zxpC{f7XgmF(;LWZ)1nQ=XDGT%L8)9QIT^}M5*bzL(PVyF7pk(;wy5!9(HG!Gw6$bB
z8C;5-G<Y&n$|3|D<G1T;AfZ;^Vel*ywG-W~eu;+rnHM=^7+38!#V@5%Nrp29`wY&h
zp+++oe8O<cI~QY1gfjG=l)z(m4~T0;w21c77cF_<Y*v5-rRU58IZ^&DJSNBSZ&J0}
z>0mU*gu`N_qKG3C*jkzhV(u27%gkL|;=D$-$URx5DkZG4$Czl=W}2R_!Z`@6noM)_
zgW)AQs2niWx=bN(dY>5&T1bnxoRAWeX`cvIxs4xd2DJvo_pYyP$_tHNP?}}wa*>$Y
za*%n(Pb1X*2(5BPD6wGom^p_h&&XyTe1VnGL(8GCNmk4nxtBCa_M<G}vYdGO%USA}
zl;u$(53BSRSOu&nC9QUxu%?u1-nmyxwST(IY72*%q$J}=mi*dM7G2#P{AGR3|3t)w
zx5{lmzu8ihYZMuCP6^d!d6{d9f0o&QI_@@so_@onX-dx-x)$M@51{fXTES`E=5037
z3aQ{N&xJX6+Xl-Ro;7B2%N^bQj;&u?sz5+P4hEKVt2@+6d~S~Ed1St^baGWnJwn~{
zY)~#Re#&HNG8?3*;^$++&EzJgj-vDc`EszjLnfy}&lJ@q3rx(GytJ5Jtp;All+B<-
zlVlYQQBMUy_1VDI)^sujw<rC4SlBQx>=>Xj1Xd8w;%leAtHwm-f+kwF6fy6MI|Wed
z-m{$7kKtQx(|_*lZ69uTEm%-5JQarxJS}T|W5N~cYwfwxk6c{Ny-9?!IaR1&L8rct
z9R2O&_4d0OuTO}jH_rNE^k7N6m=j#uBnDlk4ZwHX$X!@pYn0gfYTm-IISISZo`eSe
z`d3**Fur%ho?}wRjx=3bEf*22`Pw>i<vJ1rG+$rU@R@a-ykXr{9RT)RmgwTsqJ-0{
ztF4ymtgJe)FoZHZ(^x<;9?=;2+n~!oYgF=i#q=@7)y;hR=uVVRl#T9W6O49{HuV;t
zLRdA1lU%3JlF#&F#KobdnIAk#cWz9*k=hLwbjy|9c%-5i=qOHoUe#rc5Ou75bZplP
zn#vMI6%V5NNFP6fdZ-$li>gt7&~rs`oyshq8m9xdrSwFNFTB`@>1l%1l7p43?z3nh
z@)QMb$>2czm?%}>9Uiv>O(zp+|IqS>3c(b8pYVJ6x(9Cl#q=Q8qsO)ttE7cJrTET7
ztD}&l5`KTL&Myu4u?UkioXbbkQ>Me|4_dnIdnm8+l3!V6<X3>DH(n+i*e>VhfzY^u
zG<Ji?b`(FHI%{ZE7SH4F#QS_1TKCGI3t%1|D+ZTbyE?U&`a^azs86Tvb$^D)uR$8S
zyZhc4Ti`&95>{nBT}4=io=cb}@R}(H)ZuHH;CJ;z(dlxNuT{$v!YU>#-3OD;i+<Z6
zsw)#^pV8d|2AQss|LC$eeBshgC!35nKLhErzyECrG2<Ka93r>7zIgYq2}z#&hSqYN
z7S^mb>-0XJ8T-V(9=g8nX<rwsN^bY=#7Jc*G^Cw1+PnY%*4}Sjdk?g|uB_(vE7Ezd
zm?pa=`DM4=@s7A>fQOEbV~n|cYfjt0(4!;QBgG6SXI~UxvK`fmO0FJ?S^6dFk@DkB
zhe~2TpDFv_=Lvn0EI0Le?@wyrv1{PB+Q8EqH15JYJqs;-=GNHV>mEd7EZ_dTG2ZLA
zE*#maQR|c9tOif1cjC`^dDp%CSYLkSGW&WnC05LmYZ9J5d&rKD;vti7f8vnsdLh`c
zX|I*wb%|^L^0Xfx9oG7A_$T&Z&-bCbZ0TN4P_&!*PGE-qlc(M9YfWa8MJHw~!)ft~
zb0vHKJxkAT-L8rE$5e}z(!HzV{gQR}O1VhXjh{5U8qj!Q321c>i+FlWeRKr;tKHi7
zJF0u|*t~{Oe#1`-J$z0s#qZLp{;-|js6rPgY<8R)Qcsyh<@lY`D?@{qV&InBSHsDC
z8f!=k`i>bQ9{L4!r=95SRG5BgCwvOTys`JNM*Y7Lr50C~j?K#-<McmA5aCL1)b)sy
z(4#ak4||*4!X!1E+aE+XMz&!!zv=G0|9GmFvV5o^99Io}tZ81h|0csd&Mj@+Duxuv
z`*|M~aw^C`*dBn+*S+Npe&*Oqt`Qi+97HkhNAYt@!Xt0Abcv&Uh&`v1qHa}^_IS}s
z`8tw!nD&1~@wU#9@nvj8c0d3$n=x{#W!{n_^OL@lu9JRI)@si}v8M}6*GTYeiyBd6
zOa{Ab%R(xWpC@J2A5JW~a@9_LNeeEFWb^dHDe8b%6;cY04;N!eLm3z?f2<VWz5?<=
z=RcKvyjHt%8JO_qWe*+>yoD@~e;-al?vsq|4~QlMep2Syz>(^Sy$f1AhaphB4$N;&
z)^NoAm6@`LB?Jd_@QSUkIqiF66@YNV`7JC6>M@}TfI(9Nn=+R|6@mYBrCS`t10#*#
zmBkFni&U^))`=lBm~#jaXs#gTxB+oY-pB^!U7>6SumNtbd$1ocRY?S8t)mJfc-2q~
zSLt1zf)KF7VJ5=dRcDbEPB%4vl=Fw`35S_Z<Rwl=B4l-hQLaWElqZ&$Y9gst8wDO<
zwv=pSeOG~D<EQLirmuA6K4toAHEK43^V64d`w8iQI6#5dv>KTjG&w&zJBtg;lbkF*
z%cQpxt?P)0wj+DD+9eJ1%@e(gm7VGo!Fyjv&{!&l$1Ng>!)4ypF*~x*5Xylw1CHF>
zMbY4#mNT%z(m~;p2n8EF<ceMK(3Q3iVaDN03tI*fi2)0q)e|0+ddSQqiyNVTA*-0U
z*Nxu#+C?~7ekQ;VU0-l>nv<&O;;_(1Ys2d8L^GJY$!^LyvI}JbkHQ2R65_Ou*mv2T
zrxzl<<o{ctsHR_P4eoV2Y&^i#L!=C0<>zr(5OYb)$<>(j*uelyWc(?L;-s~}=@Uq{
zSv){FAzHShkw67yKlzZ3MD$%`<)=}mo0>b$Pq3zb*x9S$d@n$fNPaYs!Xf88SI4E*
zhipi=De2r0Spim78*w@R{dZMI3G9J;lk&q*4X7~5&~!WqQC_m8Xtxqy0%1%z9{?Rd
zS~#E>KFa|%am7L8Po_G1ROTp~x!OShUf5>Ad@=#g07XE$zsy8zx>^w(g%;vK$9rS!
zj}^6gF_TB9W#I}uVMNfJ_^I$9D1>RKsr{jQy4+AGu*yP2#>K)Bu=PZ_ED*(FKQAhf
zNLk%vX4GS+xIzT~oRh`S+G-cdH?#^+PmYs}Ib-_{ya?GF%5iFBU5*2Kx2=G}EqEnD
zt=hI*Xz3Jdoq3Z4+@=A;ZDk+{ZwH7^=H=sQ@=ETLk$Er({l2B9IvEtOJX$$yn93;~
z#f8V|C%R*_s4`JX^m9r(Pm)_ur_d=zjE&CXz{Mre2(&vbSj?A~h~}z{vlfq}G_!oN
znrKOW{tO-RyfEbbsUq#GjfhKeL3EMR=JdkB9eW}HM(b;kV<#q)6Yj9~3s=gON419C
zy~CX)X#9x3aN{Fg%1Q`Yl*&shti{j(!^>a<2l+r(p22k~!1?<RUllmLBCc%ePx=<t
z$W7KV9QMT3nj@&`hxN5LuFwfE>59>%TJ+C(p3R(KQ4ypm#|HQO_@nghtta$aUu#JB
zcUd~X0%tIO^X=)o|K7p^@!1~^#6vicr7NJuBgec``64E6D_c0tmAGYXNIX?`hXEyB
zRX&DY5asdosO`XU<^$=tgZHZjHgJdJq~d#AX>o!^MQ{E+8+fQIepcZ+H1rFQ+ECe%
z!<H9wC}y&1Wj(Z$*H#=AmeG)WupCOhx(07D5R|gNz$3wseW_J(D;XOSJUi+-;#A`r
zB)*6MdU|*q(iCoZ8XvUunPQKOax(H@#(XyGMLOzFM&sn~z~HCjN*;*G!Z4dBHIk~g
z;98{OF>-uT4oT8V9#}VaJ{n+=%N3t2rlrG+2Wr{M2WpxvEof>7{7uTzYK+{-w2S}^
zawjsv4T?edW-HN{dVo^wx@4o!%h0!4pP2r6H>aI(m$_yE*P=)B*AModMYjU0X)}B8
zCnWF5>dRI0R@<Y7G}aRK4^w`LD7z}%1Nb15c&H^f9KN@hpyskC5ph*_RR?XiG4d#U
zs}Hwbu6sGyY;s+_gFAJr?`uZl>ZCQ4nsQldd+nrNz3a)zYVT@A8LjA39UtsKl+r1Y
za8;a);PC17!bC`-FS8~<vXwZR_6kfqEg~h0i57oysOD21>P)|BA*KH||B?;14Y9`J
zTA$O=oU>y`>7c2i1~BT(!?dWM0mp5*4)l#^Q6FEdws6cde3z?+5+0_;wH1JZh~v;j
zon%r&v&g2eg-(#aLo0~pdzYc?uq!c6eHV4gNOPpEX_;aXaP8H+j7pi}@){kIl@>L=
z3Z72o95$46>vIk|prk(CiB3~BF|a5O17C^n=D|u-dX~0;!SeXusl~nQ(K2D7#Fdth
z7-plXqJ~O$#`@%B-|Mdnfh7%hRii7^dp2cfG8tIX|ClLJv<6f(_`<gYw4o#%L;n8g
zCj)#~VhWuG+>dg#oP$gPAbDtW)ik53)fTa*+{{T@ul=TP^Dvc&oud8<U(nU6egHMJ
z%S0o&UQ>-iicYw-(%hp^ELjW%WFG_p-FOCY@%9*9aU20_fyYCZP8Fj2!jfk)8!ZR@
zbp^hn8)$C>SdK+^3--v^WZ~_h@;gUnap-M)Xm!K`R0BQ|KWcU(1yPtxUu;9`Uf?O;
zh!RhXZEzM4kvlY4|6pQiII~i7y=ZmWnlz6M+1D+VCK5mutC4DX6~JTT-{fGIBXL<V
z`&A2j1(w`+ME*tgeis^jP5GT{UcBClUKmgkjw=q;9k%6H^)fb_rZ#>S5hX-DSJ-nQ
z?Ux_Qw0v-)JCs*mN<4S*diOazjorO&lp>FBjMg<!R)pu7$f`kymZF5n4OFe*;ktOe
z|Gf6?cH;K!c53a5_z9fzDS~`qENGgze$=@8(J9jQM+nlGd1F=k51!fnZms>@IA)>T
z1`C}?(px3}pBZ@yN|YBFsnh7=EHfp4qXSb$^d!!pQR=N|5cW9;`0I!WFXtyvQdK#b
z@~KODgH;S}0Ru{VvqX8?(0A`$j>rqyj79%S$Ubn+Y+o%m^vCR{CeOh@7FJ<KHU{Qx
zR*suY!g5Z^`Sp5obCWT(UL$9RPa;<{+nXXIihy0c>p2)-jqO9>lw`#8w}lA#)jP0?
z$i3TLx2Z{$d)R62YGb!Tvbv7!=pnMEWoSvh+db;Ylc*TFg?6i?HM41Ro#n;0C@on<
zFjDv1{g`%0zACit4-o@PBX+|lY<o2~<#oAOhY{U6FKAK)-@>=K$k-)g^;b7kqj|-T
zByHt~gG14H@oDeKGQsiXpu21C51e&QY(__T5cPbNK8BBwxx?LcinvCG>2m^;D+sf1
zL?OsVX|_}5(`-DDnKx+lhx5y`i`R7wojV;G)_?_EJYO^+)V}rr9+Yf;=$)Ps-=JFG
zWeGV9nUS1fBshm#7$Gp{w4X!y-Jevl2Fe*ZfP1gDj}JRt_pi>ic4b@orc>Q4JyYL}
zt)wRg{{+cuIy5eQ;T2AZ%Q7pnY-Ai^o@X#wPBR!$m}-tyR&2{YWIf5cuH)5O2PggP
z*pnQX)Ovv>;y%lvV)$~`#oece-w6y&M=;sGG_lO0m8BzKL`660{nC4%Y`*JNG>Crb
zSpw91F31?v9YdS{(N6wXI(yej{?<+|^K4rF{-8Nj2xDh5(l~rgV~XJUnymqoV-Zp;
z<^|i*r#PjSwsa?fSXor<Rm{o@oTAI(+|P@0YfSrfDtdnMZZf?W3q)+VWdqIxlJ@V}
z4D4O~NqhcjXQ($g{^Lrzw=*6%&U#baOmFkDy(0K`s_N9ECF-54;C}e9=UfH*@N7R=
zh3kk6j7X9kPRt*k<~+EXpj6I-E0jos%;ku=x~a=5Xrthx=KlP^mT08lK7%$MRUf<0
zlw*RL+ixgFJSnmt>UG$c7rB?ER^4kkTMf}6?Kx-}^?hrGqN!MMm4r<Y>ebE8Mk*}p
zv<4PR<r}4y?s>F=t?Tp`auXZgBvM*}3j*coy_9WK8;$EN*N6zxXwZi=#P#U*RrC=1
z@nz{$AjS1Mt;Uwt|CC+Ix=gudyBYK5yg<6x$Vky(cZFB_%xJb(i%ZpPYHLrcIVvF9
zpj$)pvH32M&w%=BAX2%_`dRy{GryuF8dBLJ(tshe04-F@0td<<8dV|z<C)72p#f@D
zQ6YPL0nAiOr|amsgm#j{PP1~`P2Wvg<yDiDz^7NovssI~V&O*>%A?n;s7?O$(fKg~
zIyGawsnRZnrO!pU0tBCI7C<Q!o`DXulYv3NrS)O3wA@yVM{49?pMX52v8Ibafm7>w
zTr4t}`ka{;wVZc#JZS=>0bO+Z;3LP0`*|^++>?GS^p<z=kz#iktwqa9wBKY4oD+T{
z)C;3AuaUTx0qZBaa`9D@Xwly4E5fNOzl$tCb#+C2#4D$$z8Y2^3%B`QXLo~={=1tp
zlJ@F~e)-)@>z1(O+V>k>xpa0j89c~8_;G+c^6_0FdinPo+JIl_i?Q?U*FEGxw(s&=
zg*%n*HN*XvZ_eL-{BV}+idwBHhV|tarKQ)8j+sBET>9Mt)t8)#@&fcmnkfG(@jq?%
z4tvDktdC1DSLNg9p1G=bWfRa!9EJFT<8h(~atQbU0#Fnc!-tzvG=y4bl*z}+-LSGt
z7CkVFD7~tvkgs*QCcfbdFLOErA}_Ot`^7GM_hVM51y2l!52X9EE$psliRs*d1zgsV
z-@Nk6tI5sRWl=9_Ho|p4s{n<K9@9Nw!G~WW$<Vg;5M@-YD2y2wO2!nqCx;5zi}Ku+
z0u(dX3x3r0USBf^1?7;c7Z&ZYrceTTf{%tIb0tNa1Rr|XEbsi%jz`R4TpOAtULV<Z
z@)3a%&e3$%BGkcR7_LOBJun)%rCcI0jaTScJSR^+jIN`GhQ!UhQnpmpP(VjF%cgP!
zzhSuE(WY3~M@KbsQphTe=JiC*&@b?-4YS%j#NOqlWF__Sa%+E~u`NZ}#3Nbr06Wq!
zEgZsz%Li9$&f%pN$3Xe4YqTiZD&lxlmn$eMAN)H*&;_g9-5dqyIU+5O>(PRuBe9|e
zzDcZF4MWCPs`h|UMC9Bl4Lvk1W{pT3;!nZxZpdnLlg|xs>xRKjXLKiGd5PuA5S}JF
z>nxh(wS?H>bLH9bPF>YT{CAVd`#wAGeeJ<sR1Hi4w2Io!Z&+ka&Y7ny<>11kQs6^A
zqU%Jej+Hu97s2POGWMtC^fpU+ocO>a>F1@tCPfw(i@jm#$cEA>Hn=(;paK}Vg{llc
z)RWZI9xUGjx+vLcJXzifwNcT$S(B&OpAzibFjGrjN&iL<u}<rAvu&xM19R4?{hTe{
zVU3H$>o`jb4vjV?)S&kqgVA<>q6Mw>2b~RlprZQ9)3s`1E_7^ljXceQK8Lx0aRKWR
z(q>1lBn`q<Kx;iDBPG0rY}oAQWj|eCJKi}y+JXb+o<L|bBNY(r!klsOOR=jl>pl<-
zV2sDA#oQOJl7z;ZbRRzuBBgM&gP^zu+7EhN7WLCmir4OKh8ow`toipWM^d1mL)gQ1
z1RWf<<k6ukE()gnoLFvgN8@PwAp0jtYD4#Q&QMo;H20-;b@30%^xh)2&P;E<StD|{
zp#FePyh+BsIkl&)xan!X@8D4glDcBdKCC)|gPBqu;e>`|MN*ehm3^b+RLYewPJe@2
zp)5gcA2ZJpmZf8eIieH>(W91~@3VMEBnG1phl?j;x0pN~Oy>9tP*|BV>0$z){VT>X
z9SoGJ)Thma!i94<Nt1(bJ#9L~L7g_pNo_{Lqp}Mg{;BcmgKsTdoh$NI*OdKc%$r*g
zt4*35hG*Rexz+9L?%T~oakvgg&4{+hQ^K?wZ3h+<Ao3e}cu;PZlCGNbcui|SbkSxb
zLT8l_VcgILq$!Y`MQ@_l(?U?TX1@+XJTDsF4wBHYkxE6V%broL(#>5<SA-$#4L^_Y
zH;8#08Fvk9tf4fm8k$x<ok4?V+#pH@K>$J|QkdjSIx@pIoJ5R4oGM5!!gH{-l$+ET
zf+BLe8>f@rlveVl@6xqkSsRcC76Onjyxpnw0rFQRo2mj~FRMOJ#1=ew#?D_nh{cMH
z_je{+)n2EMRm;eeP+7K0unsb<;A#tw<X~#OP!HmqJC9#PGue|ZqS_VlyEOz8eBz&I
z*%Sn4-cst~{FGgvS^=O`R*xLd`M6H}XCh991&*ki-^VoDvo~*ERBps4g;f>)%A)%y
ziql9(Hy>=XoOwcDYHP`eY4jH=-NVEzMo-aVF{Ow^%Ga)kjI_h>W<I#fW}ZYTFo3Dm
zkLbWP4u%M98Z)WanL_f))n@_h&zD-_9I;j{=B;fRr6W<RO7c2}CK_sBeeLqp0jN}!
z)?9e+>sm4r?S$Z8E$kjTV(<iMk~;V*u!=|U1YqWLr-h<+$Z-kPePwFj(CK<vLJ*9{
z?9*E;hF)2w0N7o=?QQX{UU0N*Upc?GM(3#Oor;z*N2p}8cXfWcm4wicTYNeT#<2t7
z&paOu93dS&>-}Lqtpd=;oyr7on})#9mFUexb_ecZstjpzc^W~hG`dqHz3cx<$J3MR
z<mV5kJ-);Gg&9RG@-MqqkCv8FMrM3vxz?4fl1j5Nz<N!a2$P@urQ4B_k^bsq{r!00
zBM%UrEXrp=vt6=-PY`pYH+<ZF2U<n*DO+FPage;`jUzLSdY5?QShKW>9Tz0r$AQ}u
zqS%Uh5S>$BbWyAZX*w+CD`sPXsbpmwh0vKisWJK);jK!*v@ddeocB*+4nIhpKFHpS
zY^FIq#Y12Ta;*PVpeidAfUhZN=p8**V6IN1bHym(pe><C_rr<tyq3yx9bK2tzDdH^
z^+$^K)zLFx_`cWjC>sFqC@h$LKPhL!k<#x{B?j!g@;QT<5^c_lYBC+NG?f+*b3+Vv
z;)T#dtt>q<|I(aInw1kskAklwBfnol)%=DvWgr?RtjLkgFn%gW63=!58GIKd2xQe1
z;Yzr-p}qidVG%L3zu6Ems79KY<`dYcE@`yeYn-Z8xfl|MbyH4&11_;GjfqW=ae$nh
z>Z$gXJgCz(S9IM8&AXb8=%g=)_7nlx;_my6eY%(BP{F#Sr}^b|@74RWq}xs|q)X%Z
zII_*uaeU<?7FJ=kjZ|7XhQo7$w;NwTiFsd%{QZ7oS9YX<$$K{0^fwP*HZOa{vunkV
z$as%_>Q6@DC$}3<Wr@KjeJLvlo%rDV04tsuI-2}MIe?pS>|A=S41W>5@ja+VFm>)p
zbd|f#zO-tb;WaNUhQ93bL9Gp!@?KzNWk0_QgEK(Ppn-Omeijd_f4%C<35{eCG}#@&
z_&j5_;HulYqC#Y!R{wtP4Y}3V>>t!32)>_<%l^W;E2|!Y(`ogu2coZtGKT(a{-x9I
z9Br+>cJC-*zJ*?VfMev5s}DL$8~^f(S!=JLON*FUeZL%sc*7s<Sa(;>zXD#`C-tp+
z1l>n=<`X-&VrJqMc<N>1>kR3eDiHk>qe~aMzSrse_(wY~R;Sg|cv{DgMQT2*>h>dz
zJgm*{{{h*2Nc|!y0DwbF&0T9#8_AOWP6Yp<SFtxPijc&^#*ZPcCuCr3*2ZQ>c)a)1
zMk6(#i%@ITk}>n^H_yq;s_I4<Y)@?Lm+>IAs;cXem5-Ar@7<hGXzuTQt0xoR9PZZk
zw>DwAVV}e|yMG;Ck1voaD1Y8Qa{9Noj(>FapMT%v*WTuPX8-wLGy7XxyWcnc&+4b@
zz6D_EbWvF^m>;P*Qr|f0vfsZk;}5^Y*3S36#dhQQC*NA6=es`>$JJQwgD55hY0qS%
zBHdm7DW(YA{|d#r6WKP*joG1+s5I*-+dDuT)Gc>*RZwRL|I8UXxhcH-Om2BZ@Pa7{
zF|t`~jC%zuWbSNr2{J`9*<^gqBo{4CcT<G;#&KEB3!r=7=Qr6#OD{)y4`}A9KhOOU
zLBh7$=2g#w%>X)e(a<Xkyl+2Mpj;S^rsNa)8JU#n9c@Q{ttg4+aaAu7y~PJw=T_`z
zgbkJ#fU(I;CW_~tCQH8DWwO`vtyR7}Mk_*H43tQsrwP4HQdg75h+pi+R<KIo;V59(
zgC;?`+u7RQeVoBH8dt-m#uc<|jlDxK9RTBO)G}5O7|Q2qdORKNMSz;AmE}%PHk0@S
zuZm&@Zef|tgf_b7NocxGQg2k{N$a^6L$(?j7bP;r^Xzh|-a2NnYrPdRRipZR;m$%!
zn7O9NzK5QO1jzKV>icg!eUYqb@pYC*W(NyYi=Fk-Fqp`kmGi50UjY6SMV_W%x|-&0
z)%iju0LU8P*2KfLBHiZq_iPCK;&JOs>#d*%7G8PIS=Zd;vF4Av8F|b}1CA0IY0Wkx
zAyW^`K%<YLw2$SX*J{=lnz&HWOA^BBR*OJdosYkI+MN;floQq*(^|B0V*h6uzH?-`
zmyue*$zO3y2&apkt_8$cHV&<>;+P11SB<}dM+YZfK92Evgo`JWVzS4v`r2FVTpw=Y
zptA$bctEw3rd+#+cVAPrQhJb3+{~P(zYqFd(7Aika=~nlgbn58%aCuDly3qBe3yaD
zY~$%O3W|1(pd|dr1<v{!TtG><Yd9|}_1BZJZwihAg0!B}=%@newC3IGq{G*hgFo#y
zGC-g>0~HYNfEU|a+3{-y*dsg1($h4yNmmnEdQ?3gy@xObPHK~F7=inFj+-Q{#5gT(
z;9zFudRtzK-au|&tK$bJpGKf}x=%8i<BC|l&gDR&9%MoSH7z5N{A|K<B87T!;0#2-
zijW}|fuj2z4y!2g;Z@WmLk8`NnYxgg$m)OH=2n}2JiVF}J&~Ytx<4O%c=!I0dGFch
zV*IB_vndmcWso9EX(X3J#m*ig=e=laxK`gjB5w1VUvoAtG>{W2Osm71KY|a^Dck>j
zcgtLnA;~cjQF=w=vfbM1GI)BjUj+gw>K01k?|GGsp)ohVC=^_5Bml;p6;d`6{(v(r
zx1e6+xW=If5a+j-{kELLJ9QmOVx*PL9Y|mz1d5MrXSmMyJh)PqRpu0o7;9zHQG9Wz
z*5ocFb!bnDua*p~a7}b^0rlH!L8zxP-jl{RO&%;6d1W!P^a9Y@QhJi?DAP~g%RWH<
zNY@iGw=J0Ci{0s)Y-#CDvfFmIccP2T;t_Mgy^tkIZ@-?7V#KOWw(ohZL{_rOs+!dc
zr7=Ru+mJQJ$x?|dB0aCpWx!CrjRNPFZM58}`*QbhoHblbf3LE`F5(&@NkMTlt%;~!
zE87?pMfQ4*n_@7$oEBr^W>+SLAaGpF<qj`+vh?EbBCgPV`EqO5(i4=Ns{2Mh&Nhxk
zvTg5@3GXFO62%}D##*ifihH5#VO|BYHKN|>$o(EFPK+U(dCOXo33@NzF?+22u%uiB
z3g(o?Wl<)MQVkEJ0aha7FG8BRdTr~4c`H+<I$Ty=Gbmi5PR^H(ajCPbD4q~L8Lv;2
zS$?){2y_NMLXcd|ML4cZ=A3Fsk@MtfjGGF`C4o-0nNKg|)KBtF8Puf+;T=tqYMo5-
zTZR0M3M>CuTp5i&_cz~y{EBUp(U_!>E5ayNd=WWV<sHa3U^wtI#VITb!&pEwMglrx
z4Kz~f$nG$09cMHmy;Tel^QULjVU*#3r>Iuk#{<z?Mo=~6hi}i{G`q2red-N*i7#Cw
zwy41dY=B#SqSQ0<5+oTKO$SGv(n(oW<B&<J(67(sTm<iDQHPF>dYOh$75qa)x&K@Q
z4;De1`GDv{*1tyC#r$p(O=w;t<63Cpf`Bb!%`*>fQuFCXaaxz-voU#~ELNoeqOyt<
zZn7pT;~?huzs}{FSumfZqx5KiJI<ZAk>p-7_ox|RBFPGygcnvyBh2!?JyG-2K}G%=
zNWd;E(-$}s$Wqq|Er_2?y%}P#zo>N4M8PMJ$Kl;JTqy?!W{Dg>kF|=~HGwCdaa}YJ
zf??KmR$uDSq(XraS23ss)}w6|!dASZ$lli?0P-a(I%s?S(e)Vlt#*p8fdW9l2?+8P
z$NlVU-W!!eX2ZrruFZquJQw9f>1M5Gq+=(!Ue@2f?qJO)yYXTY7K^S+ZY!7+a=S%0
z$c^ZaFkw9&(lnR!%pA-Gp?4JcN%X%Oma|C8L&@~;$vj>TFC!YaZkKl~PtvyqokN<Q
z6}WOEgV|%QJcauqOHi+t7Q;yL-VcV6AZ<=8+}(E&TCxhxU8EH}L@he*Wv?gspEBOh
zJ>$*nWWV>`M`Fs?y>Mf9vQu0M<LmNzInO)UA=X7ysET(hXr+4D=P^#j!!!C((T9ps
zUX-)(u#<vFy)=80&jX_`DSY%L1xQrsB3#vyjaJm?69uqVl1B%RO=qbHfLz3iI7z)F
zoa{yoKrHQver$411DeJZ2qr}8#?tY)T39`3%lmU0!hpT9n?gZTH7cNpkFUbZ$)!Bb
z4QOiNY*)rLpiK(ID#D|i9fd(L!|jw%x|sR`qx!m7sF7td%KLFc)oTVV=B69#IMw$P
zKgIketLtBcW(cvRrLm9|A6dMg+d{+QUuTn2>yKGIL9L&o6w3!zgb#~9u%;`5T{N!>
z=cdX&VG;46(RlOeaDea#!~GlI$sh3iSwh{9zo@1>6nS2m@C4Lu<2n90Eam0@(K?$f
zixzZ#`7USqn<Rn_dd1eOr!sTDe;S--#~%+4-w)D&w*NzDaCBR*PGwwbf$PS#e;fTK
z?9Uy3>6+Km*O*R2-Y7?bdrl?fIP5MpQY(a?M|#ka)4`vFJk1W!>``Wuu#^`CiRN@9
za&8CUqYKGFnj!&KySv1xgsAa=!v{4=4_HdFM|}h=d&YMu_b+{b+DAgH7|Bjqp0Ol-
zC0v`tXa2gr_8+>x)$i&oq`4mno{ltyP>%~@h>OapzgqIMPOCYH*gITz@{wjwu*d@J
zB2gOVw{0_w@je9r@n&h9aV(F@Y7RV4(M_iq<Z3~t<B1-gl)ej0_ymZoO1`!e?kwQ+
zR@)&r>7#P*`j=)l;eB*N5Sh>-@H-AG9m|PgR^GsJV%Zb$_MN;rX=hA}@93hH6Q_lQ
zKgbF<v9Tf*UsW&RMtN7vWj;z`kdqvy8dswwXsD)~hZbcs&qr4MIcYJecvHEKtjb^B
z98+w;2!fM)t<co4(o+J-F%JToaOuVG|6b`lgke0$NN|`3g$R*^WFHu&t1<>D^RIM*
zwrrV}ir?#~I%d^_hcK@B`D1fPXBRVBb4`qR+S`^x{pN&)$z*7!7}VoZAy#gW=%?h3
zv!W)O^q$sa+cg7~In7o?oSK85?V@{)OUt%HP!5xeF;t@Kudm@%uqri8d{V;YFOSj>
zM>ffc?O6vAk9>Q0{KS~XaX_p+D;;Ya-D}ud!C9y86vYDV(E1v?b0AML^c-?-T#b3w
zO3z=f^`KliIyWh%8RyN6#7?ZSEymFm<t7chvHC`>e7enQIVZ&<eU$`%iRxz+98~>|
zvur$Jh#H2v?<5GEJ1G?ZFcf8;VzjX+Xaa0f6%>M7qFRx!;9eUHGcK8E%cAC;Cs_l{
z*9>4y_&2HKfCqA1S=g5^L|eB~CRHBta^9G#lo|q+50YwvGNx5l$3;HBm5oqML|va2
zi_NR$HSC4|mR4~;8Vd-LhrjDLTH*#iFk3z?+Ztf1X@=a2B?sbIXF(BvB3&ls(Cu$&
z>x<lSqet*DfH_ruyq}AWnX<D&$lqB4GU`xl(dP}my^v|*S&hBy?R|GIJCPQRIfpR`
z?ZZN#95mK-d~PFxkg#AFx(oH_?Sv(sDwX|ql^aSNgYsnmU$YwPNGEF@fxZnW?yA?y
z{E*pkuB?B8`}luURMdu`>OY=dxo1C;0U1v@BL3+sSvX%u4zku<sVH2p$JUb#RLqs2
zLhb*+#E9{j`J#!`F1y^3?~!xVJ7&f?iJO?icK`!NwJ5nkZpmR9r#!x$y)+&t+jXc@
zoVI;lnsWvD4wge5f2WQW=@awA-|HaR!Q;}6XXSXhsOL{X<EV8-O_<>7!jmreU|l>j
zL}5Ij$N&nP6Ou`PMdD!8RH5(C6l}!9;JGh{rI#H=XV9y8DTG4iP+*zWO~2x;y{ijb
zK1(VM)wx~TcJ43s!}O2lO{XS3vml(u!YR0+A<WAe$|$8$oA;`@QZNc#Y1RySq_S`&
zs+y|`JH5;`x5udn{<JcdgcJ^ryiwrS?)TEFoP;PyoqO^42*rj^ly)rZqlLVarQIk&
zxCL~v8lo0=fy_WgREhhy>@d@A?h5^zIUMKLw{kxqV?va!C5w#GYdFOT8fpQ8w>gZh
zjU;!;Jd5K+C!$3(+3MfgEB5&P^P_4vCuxEd&rQ2bL1;ck;ArX2&5)~%<?JrXu0L6y
z&UBEMWwpSQ__yiBi8K;aL^~1cPi#)TQN!jWdoxkqlbjQ+ilH#3OD2-(Oj*?^o-Bfr
z)nbU&<xz;s8tNb0d@7f@h-|{iMV=(hs-3E|;jxs3>30U;XOan+UyX#L6YKysfhE)7
zmR6$22HA1d5Q_pA;z4Sh?9&yHZM-|!Z+Ajgd|@7aW_Lv@cpbwAK6Kv_cS`MRi&ctw
z3+i&a4r}8H8lzkeFr%+E<1{Sb4G?WN3KT<d2bJ&W2RfT0#)(w`wxi=TJ4Gg=4~!t;
z7i92KJC|+;FsF>HkTV~Yhg6L0MVWL~MB@#*`{iwA<fq80x;59GE{Tz$Amy93lX`Vh
zf}6zGlel7L_mSK@xtm+?Skjv-JAmILym|6VlrZUm{7KT96>p4NFLX8F!QR9oX>x8!
z4LRZK4jk-H+R1ihy`cKR)uxag)>bKUIv!pX3j~6vjG+1hr*8&r!ykdj1FCdU;a$en
zrRMO|1W3Ydawgl990k)FEs%<{u*;IK;K?-^SNu|6>Y3k3<vnhT=G@ih&AN1YUF6i*
z8x(pAO{c+uVtYFLR)-|pyFUm-J~|)$0Rl^a2c_?yq;*@j=F0+UM9mi!TcPq7#CY=4
z8%<zMWU5|c(xix0hQ4&JH;ns6Rx4}p-?SB{k!K5C;R|13{TnNM+I9!Y#rR8o1T$ze
zY){k1QJKQfThf=lf;FUCr16G3;x&{o(saZ6CN#JQiM2%0=I)sxA8MqcqUW2yTso^3
z*~STZANiwFB5@fehn^6UCCQVv&rRR;!2($pC!uZbRNpl9EwgZZ*Zj*^xj}AnVpNjR
z8G(u=U1E{a;njFAuvW4nd*Ms1o;0#I;&DrcpZ-)1^SiboXp?9>S%ti6SbEyRtH=En
z4EM0%l&qa}0?KryL=Uywd#nm<8Ay!2W8qY%zRBt`M05eM_R+Jvj^+h=3M!`9d0#Yh
zb@h_+lEJ*+2Bw~HsCCD7vU_H-(_m{_F>5s?<#hD`>MLiw*pnIuUYd&8^gG%dc%u14
zi&FI$4tIhr)Jf0kkUSmW@Ld#j+7{oOb1k$i*F@2~=yhZ(7LzF^;<wY2PWJW`|Ahl2
zV35>Y)Z&3*hQdLBVbrdzwcpI;eGbo+JHhyLfux;bu@Ylhqswk^$^VBn{9`xuEyAIQ
zQ9Pa<eRn%$ci+{@)NQf?8U!qM_0;fuqS(8M$x}k~7&W&g3U7I_v7%Pr$2^3NuIq$r
z1XVB-Ah?B3)g3{VQ8tEUb$Whp4M_>;Jiskq#-gbyw%w9SuMuQ~i^fz>AnlOHsulWx
ztxbxdxh0*x?ounwiMFOxGV5!BGgDJd<M{{<6wkw!g|V`GrrlZa*#a;jp0E)n8hy|p
zA5SJRBiCHNky{u>V*Al9?W^H1cQf@#F9~60X=FfM9PtC{N$5`&<k97K(gstOzI)n5
z-NtrIc8+-sSSq}AH3JvH%E;k)?ReJif+TT3c?biH%j+E0qsMhX9E67g)RnA3u^&o{
zQaM-y#)e`w3|Jt)(hP)h%IuNRyf9p~JD{q-?9AXaPf%11<?L6B((6%w5otxov|cYX
z>&_?3u~+;U-OAd^=o9&rqVVZi>=<~-DG=#sf_sLZWm5v&4a1;O&4u}E^iJli6EvPt
zwg$fr49+~AMvGq}t}(r+qB;Q9MYd)c4@R<R?M0_&!qGUcB9kGCswJ*=n2PIb2|b8Y
zT5!)$ccYt$(M8>Ae-<NfGlS}nuVd}0=dt)Y8_x@UTLuQ$4e=FU$}1J9L#qx-TF3Gl
zR5);{msRyR24@lnxUkZw$1ph&h8kCe3xZ14b~4t=5oRl+*ik<l&Bv;zz(dEPQ&tZY
z#Xfjp4fa31?rXI`ZC&MTO7pA=!#P|{Oh3Z<Yeg9y4eJnHM#iz5qA{0><?jTJ1J0lx
zF%Y<@^bWlQb+@GJgiTWOwlH}z5s#qS)H+!cQ;ulSjTMesAv8gctnEWqI{G)D)r@ze
zIeRjtTG*Mh&jUJg=I8-SNP{FESaLGw5kjNC%u=)I`ZnlbaTe|9TT=a(;u36V&XRYe
zzRH<VFPr@r`L&KzLfjzN#7N$l(8EEKkz)eCv0k}hLC0Q{SYCwosL#1B2mvPEetr#G
zNH)wxjzcjOjX)2`k<L<z+q4<zMCyn2wSO(=<4WGt(`e{Lu`r)v=D_cFF$H<kB1D)B
z7H<vmGSw2lT*Owg6Iwni?k-j(E@A6f5U`4fSPyldZ_K@O1SgV-Zj7Uoa<D7NsS2-}
zv)bW)KFvqD+Wyy3dnbl&KGx#9o_uF?XwDGnZxW89lAws{1b7E^b`4+nzOhYaVjTnA
zGk;gTPweRRHFQ&-NAIw?l^NxVBzR|{Qe{BJ)OQ?zWk3meY5F6@+(a?6sgZW2Vo9b8
zB_!wqlzRj*i(#rTh|rO%DE;W+0}Qy7L+nV&6`{3>f-Q4i>q#{~h244CLeB+r%Ae@@
zF$=FIVXe?qeSG&JKV;z!gNf^B+e(L2RXH3}%E_C^gQ8uGtju6~O+j)`DGk1iM@ztM
zdDblNsFRSKFzn0Ekd>+dXm*%FIHV)#8Tqy0B<XnKI2k<8!-*`Y^)fh5N28}mGIO_9
zVh{oMh769q4xErWf~?YWr~o&bP$}PhLSYG`I$+}b0%t}*1Gv?GJXYk?s}gn^7paSc
z+FIZtXu_;>a`&>*+OW~(+_<Xj#A;dLq^pf4LLU*#ayg`+@tnC}n_Jt6OVF?)*^Nx4
zf}c8?Ey|KD0i6#ikW}-&G&g=S2Ce>L1C-%xf>H7AV^-stMnfm1K3!jnM7^ud3>vlq
z@-nu|eCBpc3Z!1?q<;E;=A^biFz#>qsh|Fmy*WM1_HR)bhd0WbNqHtK@OxP<x;BUD
z+sn+tnpCP5Q3^g3i%M)%lx_VozQ~b6{>Rh5(96AY${unXJO%l9WrXu*XW%-fUQ}O3
zEgVedQuB#Fb^a@y6sz%B`;p>27;`y8>RK`1bG?HCLlve(XR1%Grd!L+*0sRQ9J5TU
zaP1U@0EzZTw})rVSigQ-YvMRR@*1d3=VRcK2VM(Cj_!8;<*q6?p_sFsgn`o+H>1UR
z(ksThrE^+L_~F%^yAm*lc$l15tAP@7hw5d3q&P9MM)8@|xENk`RvbmjZH6!u`Qb{V
zzbec^ma1kRQB$aEeOXn5Lj<d3!9K-R)z0a+iLG|-A-4KaTB{v$<9WFl+?)T^+ueGZ
z{qZFAM|_*m%7g^340oETaMe?lPDV}k>etEI1t&{TtL+(;hkw^FIu~Hc$_;lO<O)IR
zBdi&`UHPPKE`94#S<oKQp7W(8TPeMQ^%<{&7sxLv6DORKnq*7R5OA!F3PvhIQ;Np}
zw3-Db?XGM*ls0JDGIz#gH@N9EE60_RH@YUL-|zPuAGki?|NI<@$~PqJY18dSoxdSf
z^;Ml8mp&g(kt+9!(D3@+r%-a!iXPdgsg|f}e7?Ts<qSPPeZYjSY~$$kQ}?t@vNU9v
zj`Uj|lO8_p*^yBx5-M!+DMggbDPhU6%)~tnj?~KJm~G7{fmScmM(GeE-o2*lXUCYN
znlx8hL2X5)I9pg>`@@dp6Q#3MHSLa37cq*blq5S3+Y_l{F;5(e&Zi$>m1C{2l2U+F
zfm`!T>saMle?97bRpX8O##o93$C^(CDwdkEjrrhZV~$=rwvm!ASK>vnDa%etrJ)-<
zSAlVW?5DY25dMYx2I(1(0H6@fu!!m0pEnFTiFA{!PyH4nQ04%&q8^yx&x)Eb$D9Id
z^XXk8{5tGX@fr3bdNV+I8wg@TMaAUT`+cKp3AN22*5*0DtX-My8;G~@dFm#_`h{{W
zN~oVse^5_sG?26C<>(xyP$#B7Bu%P2vJA-xT9x@y!w>~5u>Jn83?Kwf`<wj2YY{-h
zHoP-_{7csQr;&YXdG_@+xg9OIE}B4TqaH_>7>%;qa@lKTnm$GMz<$4q2qOpSMA{v5
zcRKBadM{^7OC0oMP`sryBobLYPg=#oNN79R>(?JT?hHA>(FW<9*ma)m`2pdvm5G~Y
z(|V4!<D@o+w;bzc>s4Jpg!<6Qj`xo`%nB|htBYh#759y{TdxkMr}3w&9+%B^vncH8
zQ~se32cHz)iaCosHJy5K*Q6!rQqTyjEfHR0)J7l(88;KXrJ1M;>RP=vA61<Phij~N
zpZua{t4W_Zj_3NCT=kSnc@}pTEyo(ez#@X|ZwXpQ@=>AWIY5t{b3n#}n#AQ>^xg#U
zd`oQpVE`<k!G~olHo3C(pBJhef$+a9uWXdki;Q?|$bV6gOmA^agIlqhjZ_Yc5zw2a
z&+9Ctb%<0MpXEjmU?;x1qeYkOw`1E`@js>N<z4~Es;D&vM4g#{RvIS+@x+i5+O0HA
zjNxYUoT-pvuvpO<S{Amvrk(F%tcLs7nu7-(sniAHIgjkb-<m5N^qOlSJ@lc83E97r
z4fY2ufLL-YI3Hx#T5$5*9Gqz^ibTZu+@ccueF)+-c#xgU;Zz!$OI*|0H}+2yEfog7
z=dJ;5+6%q9J3`jUSU%GAq^?OI6)(9Q?}}ech>M&j;g(V4^|i1}C%~Jz=4l6L41zGp
zfU6!GELG_A^7`5XreZ1&<WJclj|+klob9!SDhoz?blx)2G=vwKsui}b*-iv{qDm!h
zJDm0W)(OLJ-RxFAj-(hSLpXcNDMp-rxJKrwf~SFRXJH$Y{7ugqILvWJ&q+p552oIU
zyc$8EhOFuMT0xK?n<NG&S>6R<L$`s6=Qt}aDr5Vnz?&pi#>3L-<ju+7t9pVSMv_-N
z%APM{(bTyj0TOhso@-4RWqggS8_0AlXA?uD8SFQZd_g0jO$5uGM+*B-^JyAD^iXev
zQciA$F&W}itFuspj__AzDQN1`dEf?*b=+Dv;ACk<qAkWb@Ep)p1av{<WO=Q?npUB;
z+z##o!?tUnlhfpdG7#OxnX=HQj6%Ojj^D4A4REUjGjJp$xlZfFs<V52EeS?fVu2xB
zGt@k8)HDon??uT}diee?m=`{!w`#uVT7~mRR01`y2J~F%q_7e#w#_Z!mb*CJGA2>=
zCO5|nOJC)&fC6=LvOAcOz>P#g3`W?wE0{gTS&6yKesMIglX?jtECkskHi<$Xptenl
z(M93#Y{$wOSpc8aNxp4FNu2P6{;)B)+e1ko9IV#mc+r(N>CTtaRs%lYVC^G_XG#*P
zxQ^dte+BBlj26z&@1dZ(YQe|#wFH22G(De-?3phW#lLa#?#NNwg%Q7jQP>yL4WACf
zQFW+$a^zh#GCX`lyDOIPpv0ru2bOmmDBr-w!3Vj~z`sNG!I8V~bG;W+05^gcXSo3m
z41s141fKwD%!B$ia>GYdfpxIPxW^iC5WZ8Zqaz={+LY<Asblcbk#pIXavXw)$*H4U
zK^8h8@DDGZf@FrPmhepUvh%Sy<TwsUrE6wMl;;b&A}tbT{@N9HK&OdoR&j5wi3o&Y
zayBn>x8+=IFp-foiHuB8^V}-G7T+}OkzUzOb{Ic8K#YkqY~`sp4iApnom#!obLipn
zhRKe|Y8!$EW~oH9HMKnH8=sN_WIFQ53M9SOk58hNeZLY~7aDqyd1ytnmlBjJ*KU5J
z7i{z}p_C5ME*E7!Nm<eeJH@6+T}~@0i#+_TP9WADGx?##$|KTgN+*)-wc3--U7I;?
z$ci?#E{(yEAJV@X%*KBKfkklSR;^dNy=?#Yf1aFveDiz%<n7UZ)_?!z<L^hOZ;uDr
z(TA+Re|q%s!;f)Wtkm}?=L0b$fEEr;^rAlx)|8LKud&S08(?myihGxz#KJ$05Unf&
z-pLX8<&%i5M=10Qip42cUl5sT_Ko8e15i=@d#bX5jiI3Olw@6W)N?9#H`Se$#956Q
z(=>R^Os$x%XiPj1V$DfOMTtV`?5bb-C`IqYeTtKIYk7rjy$59IdmQ^rM3)?!QIl=i
z?1gmS-qA$wBVI}4BTrgxCTKvU&H;XJd}Ox;kMrX4AFUT#f2+kxLZsx0Xz*(ADd?~t
zHVI!~U<w1t)(|l<cQ+y@Y22h4Iblo*LtK=zFo+!tqUjwOR`X#GoL*$<f=a37J8sds
zf{6F?nP|Dw!Yw5uLSNOzGj!1h=)EhNKlYINX+F5;JTRPcr@M1pU-mTS)NOn?8l0-I
z4nK8bDkF@SX9g&&G_&-`<#c5A<6bYT%WNP9JMpg*R2!7-P@^u>YfDvppw{DQTSb`Y
z?4ID98_Jy?L1k$%8;&_#x2MnzmZGa16thK7R3M*4zY=-fQ=d>8N>N`$1{Cuy%algr
zKr2<zKLZhgzEt7fkXM_{06(au(F6!S4?&21Z49o)vw!8otM&@MtMs`8nbl66!7Baw
z-66gXlsst%Z~Kb)NcsN%s=X+$YMW7C`muZQ^s=Z=Wy*&eCR71}HbH5cvdYU|25M4T
z1cxU_`}eSt7PIk?D16;J9J7pcv-OGs(gvRG%OFUt_SyLCdU{Phde#no4<>whevm{Z
zIvlhgGcoUB^B_BUswk4&=pq@wfWA?qS2I!U7VO~N(aC@G_ut(uW}a*a#-o(||8Pof
zcusX+Em-9u-*|u6|E;Z6e90(Ca+6+$kI4mz0|I9j#f7WgdJ3IbjQs$VZ<)|u!&+^X
zSi~@t?G2>FBjs_P6c-9FrD~~>!82HeVpS&tXDn$<NZdi4_a$X~NjAiIF^RkRTu!mb
z8_=E3wqNWj`C<0k(a9i_Kg|*S7oHxKZ7S^8`Q}&z<X7YD_^lZ6Mm|bnbtjRaILhS>
zjIjM3r!A>O7_zIoR!dL$c%9LY?`~Do)Iu|%de4nPz2w0g1Io8Q;-D=y_$G+zpA%Bw
z;`}|&|7Y`Acc=Tzrx~G;KmW|L4f4>#_%-;<Daa@1`J-o6EXV!h{i8l{;j+aOmH@d1
zjg}(FGm8xQjgxAgA<BozL98ic>m3y50G_U|9rKuYqAVQ68wbY&%J!O4)RkRT41;R)
zb5kms=Q*V(X09jq&K#_Qo9v=%f7+}bokU&W#M7rXj!xvs@7bvte-RU~s^wU5H4Lv?
zZ9>vy&W!JA1xbL#Ypcv104E|hZV@f$qh@*CNNDz@lrjq7bE{H)bYmVv4zR)0bC0Z9
zod~w`bbC7{g5fU;8dEuAp9z>&u^5`y_~>4?YQ1c+mtQa!kzXOrBu@dU-_y%Zt(P74
zvc4wWG!nqy7W6-C^xw8SsmsQTPars?iyzFKz4f*J+h|Kg7@Cm^8_gh>j96DWP)Jg4
zYzN{IWI%WXbmSparg031k<E+QB)<(sSATRqp48^!iO#y;O_k?Z;mzM3_xJUrA0O-{
zcXWX6u6`Z$;P|_zRg<U6a4&O)XATD^Kl~C;YcKKiQ7<8?W_SDl*K6$7USs#3*El#F
zboXEHi$FzM;M6#Iv)8O=y^r`V&i!#YD%yOhCKaaq<Yxx?tTxDJ@c@Y`DVGIFtSR<g
zy5_eeN86B2+ex}e{S-xS!5&7Jcq9^+LQ+-LMW&H}u#F#nrRTL*dfuG(hPx62IU4le
z9iPCz{Bu3OsP+7!*|T=T`c&Y^rB@G2s@09a@e;U~qLefbEHfT|bX+fM<9ca}e46_C
z;HW=z<8I^V-C;W(rjA9bJcRr)znW<7K0^8W+2Gyb@u9LePXA?VuO~B3uBRi`a^L0U
z8I6SFlaS4t780gR!2(&rpwgTjLSV#hul|Cwn<h)+FJH-XQe7ni=)<S?@3Ym`wbmkw
zJO5h($Z2Vt=@LJAy0>fB<MvK-Lw@YPdw=-Pj>QBUjE?klCzL;~sr=|*c552J?)E+M
zaJBr~5E0pCtk%r8M1$3x(wHXcrTQMVXm`iv3jarA{665&y$w7G4b<-4V0WHemJ6iR
zsdI*jGu_6~585F1dR-PJnKG)Vz!p|Q7Ohv;RNzI1J4pH&bm1@0+R8}G&^0_4XGQe-
z2A$vO3F6N?^8a6+av&CBVqKP$QCs0~I<6Izr)CvI($i<k^{D18*lvE@#2uHt;kX)>
zicX`6EAw?Wm%C_lT;*5Sv(~F1<)Xtd3Jxwb#NTmThs1`U0NT`(@@QM4_N!1zo`}j?
zER@R}fu46`=zxlt2-Gq}(I#G5O{L0d>bG8f+eaEUc%4$>C-1tBvDp6D?S@}Z71=`4
zmFV0_s<aUHa8C>+sT1ehS_2Wb3?wnD$v9u;&X3Q-DiPb!oSW~Ese$Dg+EGwTw6a3?
zZ84e11pcfu2yZbP4SQFM%U)G%%0Jz!`PpU!S3KVFpgukduR4L_9nK?l$R(S%N&6Bw
zTCi1&VFy^1s$9+!jnI&UBaPwK7zi5;x<{{<5a3YSS*gMr3wD>32%0UC4=?uu|6n6N
zRNYIJmFP7s<mv0(UA3HCiHHqiYShWu^bXWHdC+3-E;Wgm2Fft|AS=n9vy1SR>x7el
zeI$G`C=O$cBz5MJP;D)oBHla4W0Vmr&sq8s7)WsCit>krOKEDHs8wlz5NXs@6uBwp
zw@KmFDm*E3_gRiUI8=7Fwzj;e9Ki?({Uzjc3#Qm3pO#eBGKpbWD}3-a#NM?(!%Jdh
z#b)wq_Vw3lI3E4u{BrN`L-*5Q@7?RSA3vXdlrs_FI<ND}AjTf>Z2f3AS7&?0w7abK
z{&Q#h`PR!9tyizf8Sydk359q4g#F&|VuWj{F=HHG>n|DDldWgZUbbGPt;aF#X3CqF
z{Wi%jbOVB&@8c{6(E5Y_{{8Sjjn_;6|Je4XjS^q|B_owde3?MQ8kLAvOc9dczFXmt
zTca3t-y*VQFVb9<eQ2c{a78>S%+ik-zLgBHL@%zd5!`tvm}22a4=E<!GkIqeF?Tnm
z8fO3;r}A<YZ~VcxZoh|u2>8$T%NP8&EB}*geKreZynOK^%Jg>42ehp|pr5_~i?bf0
zK3b&?`^za3H>>l?yar*B55`2!nmMv@e6as`?a%9Pi>9`+a#PjIm&2=xOiC}8x&3qV
zZ_f{B7t6)g);3~;Cr}!)H_L@cKg*(!Q-)LoTwvw2=mLeqV5_@XU`qlse@3&(YU+LG
zd>tQ&1^-dg5QEkj!-&Tp2ak&*9{62PhD5Q-aq%g*@#OH>%K!c^yzyi<`6&Q^LrcwF
z>vkK-aX$IWbNCKpM(YK%Ac(;oprwSQNQn|D(IVH@#&+TXF(hY+n=rtFTqk+9JV%}*
zfATL?UsYdb0E(d2PO?7UC4iZ}RCia`^(zR(^l@8)b(c*+^cV)@-RHkt{JEZJy2pd1
zJ=Pb30N``K9MmJBWU*qAX`O*c>jok?7-!#)a>+Pv&Tf)HGTGetr-XxPxCpGkbXUvG
z@}0;7D2uyVv|dj8Cw=qy)uFs#IFFOsv;^0yh8h=5MRo)*>Eqv~ve}3j^LTfu&RRyH
z{0f&u*y(tt0sf??ooC&kIXhRG#dzJ~-)dV$m5(xl^3JRCb3+~^L#&{Whcvzm@|1#u
zz4HsC)74mn@~Gv9PwZN9F%Hw4y=AHetB6LE`9O*d4f+?T8ug4(s$Oxb25^S_{N1c|
zRk@t29ioISt3BZXb)KJEvwq1}sq*IB9gc1oVw}jzeHVx+ti@)|jAd<gASuG}Bqz`n
zy>{WJsc7Y?6<j<;hE4Is2kO1$jvPN);`3N62d4tTfy&@SXiZ8y-vJxrcbVPsha9H+
z@!`c0IOFe0_u*ainpnt0)pL_>%-m!?4cM&JeX2JutXKU5MxVq!b;h>a<C4Ad4zpnV
z%fhE-cYT!skh-mA22u3~L8I`Z%(wTkQ?o{yukE##>9v;W^|<7P*OlO9QDDkro1g#H
z)2(MZuKOMTu9SmjG&KLHkr3);Px)9`3*ggEmez1|=@@=!#M!~cns>Qhe86ddG}PZE
zX(ZmwmB}CZYR<vA#v0Sbetv#Z3TOyMhoos{S$HWhaT2l`{)LypV}-s;2k@ZE|Eg<*
z_H3F=2JyDx<9YV|idr+Rnj6vG2PmT?Dd37Za(;O6%L7D)oPIUsSPc<9W6qdW<Rven
z{lZKA2ny8m6C@J4Bd@i<6Z^G|Uru9%iEW%8o}F<~?R=+a5^`_#ON8^uosxwa@Rz$6
zjcz6O#7|cN+s)>2WW<}z4P*!((A8LCKp7HF_D|{LfjS33I7Eo2BJs$AonKs-VQ+4D
z6!NyT33;3&)$u-SP0tQs#Wv1hIdC$dY)cqZuu~4|xt*jt&1_6x+R9cEbugrPdl?sG
zCmM1z2N6+_O1OIV;e{<1;`Sg4hSG`2cwzn);Wdj{nhUPc{qp91B2ja)N3Up^otgZ6
zo8gq#->V~s6~eRQmp#S6?lBu~$`!_KY>M4tTArF!iQkiQXVwjtA!img2`3-**jtN%
z<tTQsz)VCOWR@apeDM%B`J1glI!uP~>Qy-9BoUK}WCa^YPKVC2RuHM<DeD0##E?Bx
za?ZwwaqIvyK+L}<3pXSNKzAd8qnn&e`&8Fk%|s;eUteP_s2L+X|0Pm!)bFROf|{Ml
zR1_D*qeeQZqvl^z@4OigW3GAzb_UiTkFIypbWr1eZPWS5F7Wx7Eo^CU!ZBmCkmo0B
zuVUu1wpeBvAwVjXS%;K|%;WoBGBt2asGB);er+Ne9rG${-8U5lT!M<hr4Y3BBRb}V
zBhrJFjr&YQW5@-gJp-PKo|Bo}Gh7mm6XVgj);UWhW@mLJpu&(X7&BBfh5JY=a%7$&
zB}nRwMFW!LnNygkKazO)P94S9<5^;%>n&q4mUxSdAkH~)MLp!IQnkS`8ptlF3CPN4
zk$afi<U<RyDD-yD45PIh8Kw`Dl@3Q>eY~3|i*i#q609I7?Y(In-Ab;*m<7?RnO$n;
z3XFO^hlb{KeqzYiP*bP{xcc}uJ~?Ma@Jl)+Phf>kNhiVADO-Ov_b?={j7{0%mT<kM
zo%H(Bw=)03@v9frCcsk8u+Lu9w_ch82d^QSANY3I!ujj<&4Nzu$lQHQ67dw-SP{)Q
z@i-M?Ur@dXGJ}+&>6;o9$%qtagy?6?O5#+c{S_3#YJ0nvz*1bqZp(kgw_Bmn<Zpo3
zP;{n{0;fFFtkf$THr;z=c2gky=k<Y0jgB@qjOqRTg)I*;A0d*%a#=sn+?3xrKBmoI
zFITkshr+C(bsxSIU$Bg1b987o)v6el=~;spQpAYcP7kG8Fn4u`p0tRp=gT^cE=vsF
zbtgZCN|P1s(wzx7g1d<nWY=WftGNwn{px+2-X@bW2`=MnHCUb_lAE>0Z7)tC6F=Zd
zWABdFm&M*?EgE|1L#UM->G&+?4J|pXU@*9Mu_`4KQefj0_I^%&7L^O?9npk`7I36H
z{G^=vtwB{$4*D)1CgH0TB9{TI7>rOM%$9-6mhk^gx_tzoUBxCDqwH8b-L|!yqBOCI
z_X#A(G28SLL-Xul=$Kt1&O6D6373(p5J#ldVB%gJB>M2koTIT<PwGAZUJma!o0ZEY
z)5_8&%B90o3-ML1klf|cU>8C|)(4TYe>2f_Hpr_Fxae`ZM5M8<g#z6d>-$t7o@SKM
z!V^TqYTXZXrB9~nvM1Xj1e-B%&QHq0p%x_cg#W?=-Z(ZDvMIR0_FiVC8B<13@Kp>I
za@ay$SYfI!K4Ow3iv6!&pARhb<Tkm>tu&6|+6&5Phd@5}zz)sXlA8e;UK!*9^ZSFW
zqMR*vGK?lfONQ?*nh+Adl#<VLBveS`oosZl!W-sL=d3>ZbVGh46OY^INCw8<$enLt
zXb)p(Fz1+0C1t}QQa&YGF%#jc<$!{MkF>ZV94;+BJu1?V#->lp{hSH1Xtpwq4@#8=
zM<$>wmrc5a3Yr0iwzY9I6<pAs8YuW~vcu18<o|lePwxe<gaKSQ7<D=dhOCfdXW1k-
zRAMlpOo|Q5WgPVGQD$w1WkZ1kcn0M$MMvY2Ek#wu2FB>pq~`hk?zkwbzy?v3gZ(*+
zm#)Jp5NbwaMLsl8>vRq#Gr10L6rM|UD%xGd9GP3*%_NGH+mLu9e$mzV5}^}uKj~Ov
z!{G<hyxB~e{g;8S8wx?3!E${Fh`6>Ah<FJ*cruMS(|)fQ?8LLn9gsvkvw}Rlxd9mK
z?%Up?xxYB9e;R-PX56jN|M2yW{F@lc4&C23^z<c{bM79UHj>-kZ)f4VN~79sRI1&u
zQt3)9=~GfFuZj70VG7uh7yKqjvcBt{eBMi1r~Uiuoi~@ir50*vVUK=d5n>SE>+5*f
zf18V|caLu0ewt4{-XDGbp`Oy)A>Mw?`55n{@VdT^r~TJw<9@#z_g{bh?e}}p>z`WJ
zO?tgauZP_W`iY(6v-H;Vj;H<Ce;lVb-J|49<-_~SAJ68q@S0w4;Ptok(>%)czleKz
z5&|T8zZ@<vNl=g&vYUt`Z+Bjb*`>OBe0lD^YDw;%ybO0wC;i>i$$j^=B(5rnm7vSJ
ze(&|s;#v6YtUlkF-<-UAHmH{0oYflB!Mxe{{ov~0=g-|Rtk*k4?+*XdZFRd{OXb@i
z-$d`fsWqbZ-RWsN+Ns>04#I!9TFg%NPRsA0RNpSjt6Km)!)M{Ucf+fT`%2XM`&#+r
zq!YE@w8FvdVzg7fc~h-Mt6v6XJJFAW+tKal-P<=m-i+q0YNvfa8SNdveRuNg?M?Y+
zbi4Xx(74rUpM7}Ssm!BZvwZvPc5wFjboNa&I2}x;zyCaMKEtp()%?p?kG;k4^CX=o
z&s*)*<i}Audi(a>HxUUD(dp#3<4UXCUimVyz-ep&XIM^il?)o);9L;@W33gF08sjF
z=Oh`;?;N^`#4<gtLcwZ`8`pZSl$6HJGC0k)#9v5ULlOZyjqVY!{sL;ec|~K-GS`h@
z;Tsj1Uh)pRAf(BO*Wv|@z2a^VN2GqSggAA&HNdP)1rP&sipn1tR@`^@T**{?cNJQ2
zHH+O!{Vnz(Z3A_h`^glT+*(zMnx*@mE@aN%1iTpA<`}I&=N2>6jRt%%Y7txDyG7J2
znrX=|%*8HSVu}Muj8s_L?%mITG{TkXA&E+A2g3MR$|g|=xBfJ?VeV21JB<c2sZB$A
zR)0JMx|2lcvYj&GoG9C`t@tV)LXjkHOf4l~Cp+r7ibw#j+T7^H-aYSOl<w-=13}v3
z8drYelT^C4eFJt17+H2$Lxz8ranviFrU#qpOki3HXc`YSB`6GOME5ff2i&%I1Meb<
zG?#O6r;AWRN?ca{c%b?iu-PV)cqC<^R_s>Uhl~mbp!IDoU<h$UaNqBYtfwV7gd&%;
z?FN3T%_5F&GuSL9C)}Kz63cKTU%G>%p3I?_A;Ehfdqc{3QY;K9?w*zXAm$~4_$^zP
zqnk(Dxyf9?P_MD$%ZYtb3>}!B8GfYTzcQ%2*y#$?*ms!4A&+$houyVXtL1%D9(wEf
z77M0ZcUz8IKzuMkv1}Fxi^`KT$B0aKGEk{x$v|0N<hs~bNz~?=U746Suj^{DyassG
z!#ag$D^*@=VA<3b$9^|pin^I_KoDS8Y<7>N7l_ivextq9qOOJ_EmHGb;;;ne#kM3x
zIfZq4fTX9d>VE#GY(oLaV}7Nk;{qE;=?E4#H(ab6YDwRlLkTjEdnuc^WJxvEWyJ7I
zPK6$Fh%(cbtJDZ?pDPs%d>)A=6%!1tMl#3%Hs-=jiUxvA_n44eK;&pK=}Mh$y>#aV
zYm>Y8gemo6k5i-KmN!u%#tl8+k1vxUm;PAUOS95yg}rLE->O~K>b-tFs&+`g>0GvZ
zmCjYz*4`iIOxX(+@T|l!`x)Jg>EOUtgbA@@fkv1zwhx#v+pnaODRcBFO$6-P;J}tS
z_{Q!*1+**y?5{s&#979q_4XoaWM>8uv7>{ROI1-Qpr9_X?=d5N4aV23W_sQV52-)O
zf}^@JlZq(}Xga}H_sWrT{ZXKq$82g#Qrflv&6-bBsoZ5ibTiB+g1f?7RN*2KuCjj2
z%t}jZ(cEJOcx0}POBU>fFEq^_Dp5NQMc4p318;QB;1g`9B?+RJ9l-eN$}lQxGeDgf
zK#lUx+i?2`GDJ`?4pm(KTAh)V4f!1>OpEz(R4%?`XC5HY1u9j9IGMfkhvV9Fd|igZ
zC688RH}hhlb~W4JRT?4kUL}H2%mt3D3uiK)4#qH1W$tHzfE7DILQUu<@CS|5C4qit
z>-gl}9zee_w`@!@ngn0@(?FbSjIKf4!qqk9`JkSIW?VB#*yu7H8P=z+Thsm;5`&;D
zs@HDW0WE13!rT3&$L<}D`@FLwlfR)1&Zcp=dgqcjImPy30}P7PTL*Y%PicjEDO*59
z7@HI6Ev>5#21l=RM*t`2hB1lQzx{@~rJ>!%59T5j4&Ll36a**k@%awqcuxdAO8n>~
z8oP^bEio*e1H9Z-VfHS{hwk)9Lx=cEgp4*8DMtbWAZyE&<p*cuhMdy${4TgI$(X&F
zTqI;M#=*kYOLw6SMYqyKrpzMsH|Pf^d+*Ifytz?0iAMCHXfAUjrHtYQ4T+}0tz_#Z
z5cSf)l{=eaol%A$QU(f_dpgUPk4RiO1eYi56r>bUw98u|%e)ICc=VxlG9zKg`EOD9
z#NNNmTkaRp{jc<zHK~w12fx@uvkoyq6cg3BbRSENHp{?uj~5W!;18#$`&3_6q+C`y
z%@*aAd3-;8Z$%qf4_%Iu-@9Hnn1<nsB4*jnJWYa2GDWE1PJEvIL$SJyqCouUT9=Yh
zemKCyl0$NIIHE0@X?&~Voq04P-b9zU3UBOJgy@DdrcVIfM%q%UWaum_V|a&A8I=i5
z;|x44j~<>-))+OTbg99Tj#B8DYaui0)Yo9)qe)eH=Pyz)OVQj4jV7@ky4H(%VLg*R
zQ8LMHV~xO1%>KR8_KYg1YErJ1l09|E`t_S|`Xp3sY2|^jaBXke*&~OCeZ^&ze~zc)
zZ3gegnUe~+h4XRAa#Iy44I7hjaE%B{_k~HhT|<Jj((1}*v+|{V7H*qW&$9$tvHuuZ
zv=|(+y+Y{(F-`0VOS>Yg8pyP=o5A?e6~!zz2bf+YrkTq5Wi*<3TJnTBB6?dmwL5(G
zYI6yyb@|D(VT-hooZxQDnJIs1PN^j`VDOb=d-tK~TPuH|hGaD52xePAicKWOuwY`r
zMyM!b5#O<8Q;~umXG|Ab8PY335g}p`j<C_p$(tZQ3TA;%m4kCH3ZtaES?NKuHjEhe
zqDYNE?^by#rlX6J;{yh*XYP}|8qpiCW;$f@PxbPHP|d5srQ>k)N`d|dBwvh86{N_?
zBbQSV=(LOv!p+$01srL*vRkfSDPQ8<^gqo9JP#A584KPCTjETebJ&gMNSbxWe<qeI
zE)6&Jl@(hLXKOYleSoV_l(wuBl_C1KfbWJ}*>>PeZ{;mpQ9QkkZB-gO7+Rx+iQ}@p
zEn*Z@G9Ael(sV2?njBGIQjEltc33Kmy~;$Uhu)OycVsOZ^sIrHh^0i6E{+xNHaA$$
zp7*HbfmVl}au%N)3O5{6^+?yKKjuAzLQpac2v*F0b+P2;!DY@eyeJhSi?h8|YvZ}1
z8+1F)xMZ9n#|zr7KIrciWUlcIG3KeHslNn|9;O4Wf2u(QEE+>gF*-eCkLToo8+b@G
zWx`!(STK*!1=Q4L&6ESLJ-U#(L7T0uS4Xj%cW{0Y9=wwCQu2qsd3X?C%}5a5>$-4?
zmn(UAyYs4E-K*CR>6)ll_UNBiwf%anvEQJN^}|CQQa<EoWoM7~79Q00s{74Xomyuv
ztW?8wdRyhFU*%o5=5jSyffHFv@@Oo4?2<Ow{{@{78qH>{UaKE<nzjAIR_CC7^s3W2
zYSbEsEuupEuS@6Ve)F($v|l}ZRjoJM?Z$qm-Do!tTDASg{?UG`^$X}M)u(7<lL*5l
zcyJ<=>is0WoJ$y7wyu?2fG&vDfJ-rE7ioZq7d<`S=D&l2{_#^)!^6KS<F%Culxazz
z47*iKH(bkYm}N5y&7p*NrltbDkaJQUpyCX~kQ00jd$3XmhZ0IHk$$3>N;1c<4Yvt9
zow|mft(X95b<>%hfp773N|AAe4C0?Sb5@bCxfo541sDauFqfSSSLC9cjnkR|vmqwX
z9f>y@I*U}aD^d1K<_IbMsYNR3nm`3keoc4Cx-lR98#V%)D4i<FH(r^FBf8+G4Br$b
zgLD}jY5lrw3Yj)X3Sped&04}MUqnlpiCQ$ww^nb>rpe{)R$vyvmNxa4l`SJIF+$uj
z^~=;y%K^mWkwyBAw0gJ8D(53fTDO=@Bgtwi=fez*9f$#K752m6>%a=oOFqwOU(VBD
zkLDYTk#T?Ab5D8rLVoptU9lK*QP@o8Lkd@^?-N0u1`PWvq0CT6W)!28*d(5cbqXT8
zCr=}^h}3VA>C*mm419dur5QoT*voj`e8d!y`Q4x%ml<+&gk>cdBoMU{&IV<21%_HU
zo;V)YBpf5#62+((J0BRRu~nBj!V1a_Zy7DBCcaj#WI1Lz0-}>DQuO#WtW3sHdj0Fc
zY<G<bT-e(3)-gO1#}#S-Pnl`(D6eyI+h%v-`1WM<32#whJ*-P`02+;!c0G;m%=~UV
zbCHiYU<w&=VXoPXBeUZBv4N>UeKk5CoWky1Fud4oc$D#6^XqO9+%G$-7gCuGwq+n@
zvd@}^lVpkYn{+<m@AyBP8!v(%*|Zu+NGZ#@?h^P>w8aoTY=^YMQYptUMci3LLH3(?
zgK7D-c<Fq=0Xrd`ZHiW_UaQR#I&TFpHaGrKE!9h53IF~#)^0q^TsjZ^Qczo(_fl8j
z@UE}g%D#fX)To;#b=2Ul9^E&Ei<>xy8R16ZRY_wv&O$3Yj%CYE0jEt$9&>J5I$91I
zgx&1H<Yvmn)9C9vjP4$5RghB75xg!7;$yRT^sAzV2W&yWb|x8=3qv9jf;af2-SN4*
zw?&gfJMpj-bnu}`A8MkBw(&)qzNnOoYuNDbQI1P0IP00Gor5C}WC_|55<Q~)kZ(&;
z(qdJkG}#((a*LcLAmX^>EE|E1QJg(q;@#kWNvwS+-m#L4cMKcyMLLNtwbIZEk@ux*
zk)t4aNab=_O9z?n`Pl>EPlmDO41v6^yrS~#c`S)!G_P*(i3l!d(LRJDDW_2zmwT@p
zyrTzc82m)<CB68=BQIKkIWrCF_bVrHzdQ-hq#OL;Pvd^AY3$o+e0t=?Ulgb1bR<J3
zG45$^F1|x=@CEAseUkhB2mH*5{R4v-X5yJ_5RGC-xV&|kC`$lkoEVc)IoS7#ta5fr
zwid57xO$QL@UrnmZ7V8!ho+P}AX4aEDBRaRoJ>NeKf8C3*X=JuDe#ADY>+6@{+Zo-
zEbZ9cwzN)bIOF5#O*BDB0^7%|jTcs@n|LsR?}U%NVl3vQF11ccp=sHtvP+d`01i_a
zPASj=k$fSbH{`{cr%cc6E!`y|v$KYu9KC4C`!8zc|6g3iY}^;s2N*~VD^vAWgt@#v
zoo5=&l@Eu%gkzY)^rH44bC4m{a=kYFAv%UoUHNeMSKtQ5J!FL!zF6{S37ZGH8-%DF
zaA0Wj++4_m%&uvqDU7%r9A7Po=7m$%J2<tP<8!#aU_4S^fST7mS==ihX8hZkftCUe
zii2ekyn?qrP3Dta=s(zTvM+5ghWzELA1qBKqjXN<{3TRWRiY%U#i;tbEPNo$i<P_8
zJX9nQ(qmxNBwho>Ji3Y@E2dFmUD8%{q4qv;%Pa3b5sSw&1lt%OMqUek%?*Lab&aia
zty|~Qud<8?M%T}Cx&j_xOML#+cG*uzLlHTfgAhoV8<1`b?J*|B72Ds$hS^e$W?l;f
z7{w9_lidz(|Ei5yi_rkPemdms<Hg<d?tKeWH^*0V_PXWyWP5%Qw5lEMxl(`L3cjNg
zw7zZ>jCiLp6m2|}@)JuWaV{9OzN6-{9Izaavr%$nL5&>TB@q|oxhocW{Kw|TU6ICH
zh<f_9V%yTDjinCFWSmMVXDr&~T+4NX`m2afjb&I*G50ak!RmD@tl(Y6m0$A1)s}g}
z{>6;$dDFI6YkFHEyCOS}ZrGgm?L!G_(Iv5LSd3FCT|cA)oX#ZqYN8d`Nmqw(gpxYW
zpt)oxG1eXUMzjxW`N+r^@Rm52xMVkH0hdWLUeCHUO(WmDReQv|#Sj#d|F;dKFfZS9
zJzLlJBiJzVxLVw<9@x1l8Q>?V!YXPC(Jq4}TDdM8wJb6a7F!bTIXHo~BA1da88{77
zA;!?$k2Elu*E|$6E_j^GE#<@W8N3TyKcg6^r+pRn;^szSX&!>{@okzl<k9Zx!_z7i
z=B=0-vo6aKw?4NQX-%^TELqrrl+ZI$n8&bqm8;oa#-ZTjsT!l5)MwG3th|`5%wYOK
z_{rwR&3x1+*&WSba_Tzg>Cn>NBnnN1@M&vzge~a$X0}blT}11Iwq1;+5F<hnxj`+k
z;7j_PoL&knVmAtl1J;^kfk~R<_~XHfJ8O`<RKd%X<BDB+h5#XcE(b@t9I2!F{dkVe
zY$N@J2+Y^nKrkYXH2LgT1v!T*&nWPS12L*#?CNlP<dT8VMwL=7KypVQ0F03d5Omm6
zDRm;pMdPgP&#8;TWIHStKGVO%BBDk<NgD7JBV+sZM|ohUBjKZL@(TKHKQcd+aH+UY
z9qjzUb@r!BZ+#QxV%BS^H?uh7!Iw&3d)d|+cq8otm!L2z@p-Zv7fWO{6jXE6qPl^K
zQ{w0l<xVlzK*KA(P5Cb5_ylL|)tQSn6thWC_XHZ3^AnG_@3l6x<>rQ4l!DWei+pvH
zEt$O!caSX_S_%$IUZgy$lRSsqMxU?P=m)ePPjSu0zOw1no}Pbc8K&`NoY*)!y@=A>
z=)8$|XY{LvdrHGSz;OFd9q#+_q9k&YMA3`CJm9DxUUp8Wgz3}h8-g}$d2y-%H{x<v
zQQwBO!wwo;CqHR?tn2{p8&{9ppXqKO&>UvJXe4)7sVLVB3O06MYc7`pjf&pf5Va{*
z=mi`7gN~5mZQ6t1qiP!^F@%LkdV%8?7(|YP>5<H*sye^NHUbyk=j(6231CtRK7&6Y
z4ZN?%3FvQPI7s7>f;b_zTP|XA8;O}#bGTyke>vm&C>*@fi~4W^FhkWI)hi?M#Wy4=
zU(Ll);MaRrve2~p*i11%T!!LmAeCWFj<2kE@}ee-^P=IizzfI6m5sA>x%7y{o5a?I
zv66dR<_K}NSg7+KZLZ*q5yUSzlWaw^ecP<k+4ve(uw8*+7Cez_3BEMpY?><)hWZjl
z@FyONe$}@9WLj{yKt@l{fXM!fnoo=qn0->(R|~d5N&J@0c96WnfRw}Y!-J297p(e8
zmWKqC+1<BL0~X+JrZfL#4gS;f!huyJ4%*7&=HTs}9~>X&9PTcF$C%+<xMS~SyB0J%
zL9-RKtNcg1j=|*?gl7^@U8(}IDRJ6B9C*2ByxxUHY<z5-ujrg8W-}#7M8q*EdTi0V
z;*8K3mqx`Gv__?{Q8ep`em!Purv^sZ6aQ21<*!G*bh7(G{&VX80(QzMhx}jpokk{q
z(DugVos5Xj>FnIfRqoogW~bR|SDPInk~xWzE;VF#3Op-#xOzzs_p9w@r@E4&_A;^e
zh(}Y8F5V@g8@Ug<)RxHNBFG(8P9LPo!4g$!UqzJsJS|al3yZ3;ntr%~cpJ}$T-c?A
zT&FZ1_69E9%gt)#AzE9G+GC}(v>XmB5!u4F9pC2^*&*jfDF~yNSIZ%6sZAd>iAa6}
zyUuv9xlu2%hmbjJhhzF!bX61F!V7bc`z4$B<X=Hmai!TLAf{y--&L~)_S~JPfe@Kn
zk3~9rOQeXO%qydQc)^1{{MGd3rf8E&@FPgl2xauGW}5{M5k)UGKrmM5L*&MBB?u;_
z#&#s5WH=vs0h!u1^Nz4mt)sPFy722lidv;rl_+-cFCe^~8YL#a#=yn-9Py}1!CpTa
z2K&hKT3I;co;eR2<70#uebYLO=#8DNmtT13-|+|nj)KJ$1`^h@B&+N!o-)oWS1DwI
z*mB`KXOd24HmPA{h+6;B3oxh26AifTULg5~FqB#28Yv5xx2&~ekEJ)sM2l)62>AQ=
z$Dd5T;x7yB^MGE6c_C5p@^<Us`Bo{V12x<E<E!s>N`H>&N)NWeW^#P|eEi4n|M4%+
zc3wRDd6%yA@ubB6pO5g~8+wn!Fn)bK+uhtK{^{TTc$l81@6z{`KMdYK4+ro5(64@T
z9#wbx6@Ki~cm3ys)060*pAX)DQ~6Ur{dD);cZ1Wx`<;GziYMOEmv8STTmRa>{IiDv
z@#PS{hXSVJ)Hf;BAB&h`Sh#(Tz19>K#UeXA4}QmG=SH)1{V=LmoPFXI3~+T~0AR{d
z#633fCnIrNC5ThQO`MR_(`i*WM7%$q%v`3Dty#D~r%}#<E2+(rr2c-N+Wo_bQ_3?B
zGs0dn<2Wi7nB5BkChH*Y-yfe}klaNBJBs@ZTg0%C&U<hs$!aKeZ01sLE}z47$|2R8
z+co=#ltV%_B>pG|kq4)<-W$eKj`Vjka&vHVE9|{LKQ8j<Kh?^e>RJhOe2}R{A~2&?
z!A{MKZ4(i5Yq+_w=L6L48Ax?wf`fT)Tg$HsUy!1OF5St8yW+Z|UcwVwN>`!F%?6H|
z{p6>1r^Q4C9or!T%PH;Jq3lZ+j*5a9jKXDhw*m&UcI%_tbA7HJE1-qLgM9|;`$CD?
zk}3FfM0#ltjQHSaUs3x$Afd(nL^9$B`VHl?CJFOZx`O5KF(~RpGg_%rV>SV+vqky(
zu~_)vUz6}CGyXM}H(R^UultnR)Ca&B;-G5~B7i(#QliUyreZy7hI|_%hs~Yn#Oi~b
z68@f*aG1JM7{Uy;m)Dl4joga(&k(bU0)A=~lQXG0250or_8iS)GX?{&jtHZB+Ony7
z@ZuHs=(697U;khTNT<kD)e|@GV?luCT==^g>bXc=yn5~j5J4<}eW|<^!_3k0wmas^
zIV5z&F|yMnLQ-l^j9&(zg(NGMon`s7WONj;AD$sD!Y%(<F|FcBqlwOp*%jH|+>Ki1
z7^hdHo@6BAdE1SRw(P!d6Kd<=RER;I{=A<s`{3I=o=(S8IKVEo4vtA&%LE-Z>!!oa
z4H3h<;z(vu)OL|_rl)S;WabjR8%=2gq3H;EbD%Z|F#k>RlJmF66F6#%Pl1zbIw+3l
zWe!d*7X}g1qe~J+GQ19m_mczyU(CM%dTB>L5ECk2Cs&X~90H*ObZU0Z@xl=W-!#nj
ziSSKNp5x^4mw0TjDr&ZBmUAmpBU#x&04AfK#*ibzCRaQgi7$eV-%uBu)+=2^lhgn#
z_w*)%K`ezD1L;6<RGON9XRcmbrU?|VIRrwufwebCY#w%{*SGW;-%TPx*|vPuzY~F@
zx{GEw{0X{@wOKfGm&Mw^MX0H*;^1Ja!O6i7b$yb5+4PmCKDU_34Hko*)y<H?6;H2$
zjlo1q7(3aYFxU4kmK5tpIEwI@;rJ(YqH+)?4mg{V5-Elgm#@ph+rpIAv^r8Xutp1D
z^%>g)cp$MeTEIqSrb)H+D#wXwi#eUpI|-nTE28w!^kqt5suOXAXSgi8hZN>pb|wNa
zSX(E)z?n6ED94mpvLa(;G*vMt2o1BADsBR=PX+r$897jRB^=@eW{Zj!b@tK!<_S}F
z?y^z#4B5?UB4|#eA1g+^l8OXaW)eH};esr_2|8!Sd2O7S2ow&R0@C2+#qs4nA4F0J
z;=Zec7OQ@4#4_=b4QY~TkG4a#;9$-la}S+l9|}Hw_!wLja<7)&`EL~s<yMYjZw6os
zvHkPWvkBiKy_@(a1y~@`foSTD!hs+nu}M3+r53D5jWk8NT$IEH72-l0`DnB3od;Nz
z7Ez^eFDJ9@-aWQvd`GM+r6F$9bPF_Rm)wqSPUsk-LF=lK9BQmSR>CyO3`XT`gR6(Q
z)hpT7dM2}jcae}v(Q;78eAXiEbrA^E)J<0spK?nOJ&$_Nmn9t>dsM|FKl#6I3@n!n
z)#n+D4LAQb1&Hza<xSk54?ON#Hp@L(vDg>ZvE|MFigDD2JwV2D7s?JkW*6ExKy;Ec
zZGno;?f*qYQ#;~>pprJ`L>T^TX^K)rbepIkW+p6IQtqCy)mRIM#a+2F>9U+M=!oN|
zQX#X)S=W;|nt2-t!Wum~;X2|-NTw@SS*u<=Iw3olkJ~;1#3=ai(Fd55r%CL`{7u#v
z@3mlg4;T-)co&z1+s%z;Mwz>?QNveaEmf91f{D=H%Rzy(_TKmo_rBqx=h%<t{Flq+
zl6=!PI~Lnb`jci&=Ktn~k1b%Z#6(DdmvKIEWiDkSJJ$)CN_W-iVGbP-&2$@Sv-TLA
zZ`06)Zf0*7rp*mRQ*c>Hm&@G8ZYS`)>;q@G)6TspyhwJJmoq{nxZ&i>*Qej4LT#|L
z4P6Y|&6Zk+h9P`8Y%X16_AB$eB!=sW>zgXW${pNUyRyHrc*1#q@k3$?Z2jAz30K?P
z*qf=fnAmyA9R*EEHx!opUqa34cE<GV*&tDK>?O=YNC|Q>N)JIYne0a=-9XdlE@VBH
zr6I4YWnseKHMt2I&0i_zxsGs-%D$ZNs1G5(@?N&Pb0NFaFSn$pwMzL@8tMvJbyWaB
zzCYsOUG{&hP74n!m9P>975ujn$baZ_B@E^J(ELvS3j_Yh&sF3HI~tKCWbYs2>^pao
zxL~^C8G2|S!Rztf^>xDa<}*#2=6cqH^jJeYaGnMKfzk4$>^Bwp#{Pln;}83j%zfq5
z)RyE8=3&aB8IVkfti!0-KZL3vD@Gx7$1nO#7=}ya&><|5_rZbu_lLjxyWjk3dpoRl
zwzpsYC-aDExceXf<+YsEJVl6GX|Gw*T3`B>X|dTvkK1ilF+<p%X4Kj+SAR>>QQ6RO
zV}ihM=w7i9PT!{faajNfL$Nzh=Za1iL>j(_dQ(zVIFjztV)KCkXjuRgt&%cM)G&ro
z=5#y;?8iy8=t_xEFP?=lItCV_FXZ&K5p`D%UTdHW-_9eBNCIz_w@N$`<gfG3mvF0l
zqYV5(UeDFMt)pdGqtj~0TTGED$Ak1@SI;OjWgGvZuSdb>If{P-Y?+vI>4HdHUSF|n
zd{HH-xXw`Z#Gt+)80-OZ8~46wy5p;vlmp7dmMV-crx+q|(%unjMKY3kM*ZeY2oD~o
z6kKy0n8nHI1FZ<cQb`k3As{;Z0L?Vh!%Z7e6%!(wFlELH+1!xWC`Ge|V#C1<oJ)#3
zq^(y-q1tE`a{(ZJAnq)g<|e?qTiR&Wr4bUoI1d()Okum+pv6lVLv<jglWg0_^jMyi
z(9#3B)JI^|=3wIt2;_h>NdagGJ2ABTh@GONba!)O@;}#=T=Qcn0DwbFyj|&1BHNb!
zZ-noVZQO{mLKGEnsOodN85L1LKt=zYNFae!Adw_NeYWm*>ox5mfvU3l+<QCXMxPSM
z+{4;yui;zYlJcq3LuxV+sC5*kUA(3vDloxmj_80O0~(e$F_46eYYh^mY-hr-(M-{j
zVxXH8DR7Y~Z9hdDc`5#f)LAkO>P$(3VAMJS^=GHd+BOCq>e&X}ZZty>`2R=hC2zn4
zZ{QI5U7{_;VcZ=wLCgjSEt`y)U^Voa9%wkjxT(UVaXRh%P$nn(3l9|PFV$NLS7zbQ
z6bszMbo}%COkfILBmzA!b?Zhvb7n6>PZ=ZOTmXpdQjF-nh9#U~Uqz%EpbwZP7g-^E
zj;YY9Y+}g>UB%K!?akodBexSKHRnc{-1&1wck7R+gN!t>^bGqR&UO-zQb)0|rbNON
zdY@ndfX5i-%QBZVxgbhIrY^a0XW*8=VxLlKoY)~4&L}KfXKAPBzLQ_rIB@RK44$!n
z(FLEA*9(iQLAl_SB4BQegNLp}fAqbv)<F9+wJySLffFg0E#frfD1srT4|#l)6Tm(;
zFqbnqAh2E_4r7*@V6<SbX4CFjw9DAo6t-&RFVun+VUNTozC@g~P1S6OEfoKxNkve5
zPbXi$bGq-{k;laZW=&l7X6$uwc8Tr+ENe_)<J4A0gB-TlNNC{`DaI(k`g6r%5~C8E
zMH9^+h#tX!-j<+DRo9!!;R#J2b8-=jt+Mmqm#B4injT3A3S9Axa4s{<jm>;cHe<24
zKLCyD?cj@_;eru#_{xxVs~|doAbwpkjE>JR_|svnO+h{)4@5O7++31UM%<qcInjGQ
zCq43%ABm44MoW<#A)CSW)>VXpbebSxV&!EeUrRI0@?k<1*HXN|VyX1i>MF`4AOsDH
zx~ilE?UALcc=gz{i5USV2{j?~31~`pz+5<KxZrqzc@7U3Ja6jck%cayX!NlfjGs#D
z>zp4tva+<QbVaEJp|-Kq5XoE}|2RHAOrQ<UnF``*q0WcSt}nU)6K4|-4)=(CFFXlk
zMR1d9LBd3x(0h$g7<p8onk)!m<d5deMM%|^RB{IY^^Xj_8ic1w_-39Gy`1=GTxyD`
zP*{v(3dQ)rJmG8r=FkUkhP({k)RQ$;Y<;nXN5(#@J!lwTb-pBF$({AF9^p{&e+PEU
zPdJkrR;{;M=0LV9LY5UZonXX*4jM{!m~xYP0_94$r)ktl*130alFO(58v9{42~+%w
zL;<#J=T8ttYQOfW^T7whIvI)B{cz<@B21XVK{!va2oPr<?TR@(yijsfb!dg}1cowb
zX%*OaTss)%W)Y}3sEy#S9Yr3^fuM=&kBA+Sot$pahrfSv&emY8(m9j&MOq=x#sQFd
zteb;rdUUHI5ARtKvO4Q0bhKXN4xej|NRGys*V@%u=&NwSFZS2OpYT?!cs=YZAUmIN
zfY`;-MlXd%v$p3a(MC3*Gg3dv{h3*6Pmj_2>CJv<KsN&uz*ol!9a0QY5(NStlgYcT
z`V57ZpH3TE(Enk@rQe0<tfzS&(8%R39~hh);9<tM8?Y)Ptg(rSJ2SmQRPPpnvU==T
zqBTh?{SNm~4+;KBgj~%QB;=0f=^VRaS|j#rm?4(f$XAvvw$93Vk-IbIwCt80YA*nO
z5!mX)g6Rqg6KDdw_8CvANvD~unY6bwr}xO5rR&5@mZOx)y640T$k~pKT-gy|Ixm7n
z2FiTE;-WFC$ul|PDIDjB;9D_}yLcl4WkCjf%NsEoo16%L7z905pVAeF*)@q;${ynm
z=WW<+5qEO^DV9fgrh5vZ;L!uOw_;Cp%mZzQlSY1&JjrBIC(iEwGGzV4sxQX0EY<(_
z>|!utC^B0u{s{ZHbf6@Nx-j8tbnWT=EHddsYXJO#>&)eleM(!2IF8*OFEO2)so|#r
zxmsD%Gn>s+*ClX@Nb%q?#45gYas-g(*%vGV+uoYp+luuXVH5%-5NaYxu&`4odbZeV
zertN*cgA@wePIDdD+GfK6HjQ4Nr}}6prxS^Y!YgTr@HF+Ea1HJ(=d3fnAHf!M?9zC
z*j@(=^FW1lbV64Rcy6?dd^VU^8ST{gqwx^W#pWQhiTC(8Z4226$cLy<5*Z|!Q_yTR
zCe)VP>r{19lFq06Ia@I}KdvwK*)KP`z@aTbks#W7tR(?w&@ntZT531!aA?}VY>v$i
zuQJrx&dn)8PJ$_I`fj0EuQki9rhJc~Cm1!GGqF7dzD#66IN|X=qo9YJ8f+9Ry{|!K
zj1Uexa>2NnVkbM7I=jFW$q$i80nu_Ww1CW4r|&J*x+8#K97^W|yHuFzZ$Y(*Uh&7U
zX1irsAg`w=z__W?Y@k{wyM(<^_7%r+1(N}$7T6v?Gua5_L$@V3l}`L2;Pg+y()<LM
zm#~|9R0p!oK}W}B>Y{m%JjcvN2W|t&6xye>R2?fCO`}(gdWiH|DR%G;ohn{l1Tf;f
zB)9y+=jjL2`F6o5dk+;uq_Nl-6~(nnCIrch2JF`p6JJ54-Z8%xdmsY?Fa<Z63n4ZJ
zhft3d51gDogsT8&lLgfU|BdClLN?HM$Jm{k^1@v2wy!UII5=cR5pGaYyD&d2|7F;h
zu{)Tw6dm#ion!?P=u-Zd3|=$bxjN#ZuAP_fDwBmp9$C<hHbs7IALHt<5ZCZyc#D32
zeEK-+n*-;@orjUH8ySx1H!vl%OW*vl=5eP%eR!$~j0yhP;96|@r2IWZx`VNsLuMU~
z`{k9=tSEG-Jwr)@4glGw4%w%lMz$J+{wL6^wF%>X+0Y5-?PxLYFo(EMw$BLv#E+%r
z@Q@FTdo@jrodYHohW#lLiMsGR@zyycx3eD8{ouQXF4=#m0^V7g3AIKT3!$0OL8n8G
z;KI^yTQ3aO1tHOLq0CB_LvAtd<{}Vp*ixIhUcRfsM@%!u<n$c{an&Rt+-iYpPSl@}
zUsoC=OS=X`;EH3xsV2A~V2^{_GcMJXlWMy(I_K|G4IXt@#_T#Vdt%Q?l1@TDT1~sH
zs%MJ3t8H_+Po-FTOBJjLnRnimumB?BR2PYa(>|iZ-9Ap(JsUV8Zu+|rQqYiUa(yzH
zo*wveU@oJeQvG{7m9QHp2obkQ1@Z9|RKag^`xFUs&^~6!!LIyMP$4i%EYp=grt}|w
zDf<kAli%r|nR?Z573YrCbMX~Iu2ZX3or*KTpWD)`LhTcw_|!)EvQFqhjrmr`%_0Om
zi5^kvk-$+iwI6QLceCB@Xo&$^$*IUT+4UB`-k#rXd8s6j0_+nZBck$TX`L$QbD@f1
z$Qq*56+QOKWTom+-)8n9RcAfqz7IiX;Uh&cTtI$TvzciVY#uPpGzh(Z2eoZcFCsrf
z+6!)aA>rbW7|8>+Efq~m6CZ>G6(|S0PuDEEnCe9d=aEm=<FPdwwSR6X{zCZMM<B07
z{4stE9<5`*+4?$swGjWT5dUTV>+hY8M{_!;4lMS^yme$&PmINbv<CW3{OmkY9M!l*
zXeh1&bQ9~x?(uUyo|>Sa-5G*`oB{a5tkvn7`4TEB6;<~lIb@b&xvO<7PuW{^8|)aV
z*il{VRd5EW&AO`8mh1+rqoMN01!XJszVa>(yHILW0d`QMD`cY8vX~L(0`JX#p+&5J
zA-kI<H1>Lw<`Sp+>+cKU7bAs7ahcd4pZPCJAio%iG$P2uTbI@PmtPC#9fpVJ(S$f9
z5-`_4>R<36f`%Ir>mW$RDl$M78H1FpM5#DFrrRc>*X<*%lOV=-Zai<k?@#t&<@d*a
zuQ&2`z6ye#c2adA#K&Uk)Y>h|c&fQ{`oUeZWE++O`L85q4Reu{wSFwRx*Q0@=8ZoI
zn;D2YDj{=c)QPfPo?qwZJAdo($M)m%DpW<=kl3&$TtTkdJ?e^27uLeV^r6NO_UEdZ
z<H{iRR{x-=GBc<02V#9AZ<bmQ;WOq-Ujk@khmx<R;=Q^z8>oWVxm|MOQtb2e>p0R3
zO+);hvztO2Ke5{6kH4{218bE}wzz)sSIsZ}8O5Yvj-;r@Ptjv?xk?mb%F@^8WV|Ns
zvYiQ4<Bb|jbtMxsg&f}rUc}2F!6a+=4Z3{g9951IPUV=f7Zv0rxnL?itDklJSUA$j
zPzTE5hl=PuyOdVv1`VC}zj3WrQn9<T62E0D)-C&ccV}hO-C5aSZvNBm&b3Ri!gTAq
zNaLdHCf%%8wLUXy55x|$(Oe8f*CEx?(Ma}XMEeRhg&;P1tEou+_4*XN)kfyl#uI+m
zOv~qLfxolK=91CdSd4FSAua;>&unswJ7)3>K-QU~O8D6=%R4k}iSYCxTNJjt{fXHr
zG!&A&P>mR*uWm?;XMKu=sMjkim*g&?LLyczn{c&OQm_)0BZX_%<NA~hT=FN}KF&40
z5h+s;=qg~by0!a3uA!<x<(D7R2&f_UYPZUbL-0+hCn2mU$o3<5DB;u-!p6mU1k;Ew
zPRd5vL+VFQE{sM)N}}DxTnr52tHD&p7^9G7l(YPOzIWyU<+c^lj!MnvR(!(OEp93M
z&y~z`BS3;hVh@6{PxO1j(~mu>-<V?3h?4#q>OhNu;lCIGq*1(|X-Le$N(t_0?g!D>
z@ZW8|ns~$w%*Hoh4d5Db3UGCgf+=5DN9X4!<PWwvF31#PY;c*ZEcf4Fh@|DwNv;_b
zoR0|7uE%NJ)zoaLTQQqh4px}25CkgTIE0L0IEg0_XXw#IgKaE>kt2DMUU5xX?6_#k
zYWpO*d2aChc$hF8k4YDPq`}t1Q`Ms=D9VKC&NC8u;lag9H*-=!d}$Gf?)s^;4(0Ko
z90_qhsJ3Y6!ZYE!B)a<&*;nD%b<e%c1^~w$eZ)J{y0bvc-=|(k2pRe~45n~cRm&&Y
zj)bE+jQ8v)Gj`*Xz-cVt%tin9wi?RGvFS?=qJzAr2x>$7?2~2N)4^1cn`920Iy3cL
zV5(Dq9bhqBU`*&UtR+AEIiZIo+=(d^q=gNrfh3_T2vThEgIT!5cZDAd?Su0J*c`0&
z=mT~HJT`YSA>8B6pH3bA>Q9{~{Q=LzUkjKD5?0~lq7K0(2r-CIW~{jZwG8uN3u@u|
zBc{!v`06Mc?EBmdhvHFS1Hu;s1!wJfegrxrbc*;X@nD;NZ?$NS=!K;Gf2a6{CXUp1
z--4%#TFog&J<yt;=$`-sU7>y=>`$Os-qaWs(=r`Cp^zb19BjyovNXm4B0OOe@TSI-
zsBLwtO&z>bE+vgDqMShUGE2?t3K?cBuvmUAQemPL{_f<n%@(YSaT3TbE`z<##YI}3
zeCN8VCOx~*Y$jKTsEOvwre0>-aE)^L*K0|ANqOfbK#l5yl)cp)TpD{SK3~=+m`dT$
z8{O(_1gN}2ZV%I4KJJsjv4JA+XHpC+U4JaHI7XDtxsZTD@d6S9s}r3I?hs^k4AOto
zU1ABzK&U1L>=419o(`CgUMNg9{>*;&?~p>A?r@!nl-k8eA=bKMq*l6Pq}QpZaBb$p
zKXy(InU{*`ot%CAzg+R6T%~<#mM^Nsf^$=BHnSH+`VhW!3G(#~h4BbS?Ogg!-kk-b
z1Nzqk#d%%H7*63RfGV2>5%O5wxU)AR1@``nzMFjUFr&Hoz1h}XL%;H#563t96vej=
zf1ry}X~@jMA$%`CbZ4PA{{}Y;^6JsE{o8CZyS&R)OLx6m=AqX8$TUmys93zcdP`>W
zZg$W(Kiyj_3U?>%hvM~p@*-P(&SnR>`CWGMe361jG<*H!@zr4bRIXiDpG)59bN%q~
zEO`ST{qcO4y;CzNRtp=)uj#XxY<~Ku#kg_$&B@Y_@Fal@$thNCo{3K~T9Y3-72j2B
z*B%86g;HX!e+L(Y=q8W^)PV{xW{wY^Y>iV?Y>QtAsDa?C-z5Fm(CA_I^XpD{HBN;v
z(EY($P-z6~H)iFLSijvuh#mHL=MTR3U7VRerPQX<6(M%R?pdWamj0AX0!E2Oe6;D=
zx?z^=i$!RO$rjz!kL^f%D`-Yx>@^xp9`8y-JEBUUh5J%7Vd;If?s-r_@EyO;I8CjO
zzsKmi6(@F_PGEhzV@1hGY`;;CY*b3@rOMAR{Nvm^ESd<cbn_H^T}7}_06(oI&;Bi1
zaz$Ciwc{r>)eQ?lx$w;?WPA6y)beARo24Eb(d23QxENM4gIp!ou62@Qob+q9dfPZE
z<d%2oLb5e#ot(AXk$-oa&ldX6$3eQ2c1w@B?n5-ro(>yF4~viUS!Z#aYn(iEigzL0
zfls+|u{3{vf6e#KPhLx@vv7J|zV)xll~L7w>c1UdTsI#4m-^GPJG^VZ<@U1K%--lV
zyhs+WbBhLC!`<_?*LNSMolf@Y<m2S}rFOgL6%X6lrg!QVi}il*ZSnNfN}cxZ-~IQu
zD3@zIR<EmPx#_SsJN^J={E<A*zNC}2>&dl$)p$9~B#-Z^#mv*8yO$bu7v<K?xPRe3
zFB-#__G{2}7xh}j_a~|0;&ku+?d%NX==$0lA1C{_mruis?(O2`_38e#{dU$ISC^T=
zN3>Wz-yc0(KA(@H!bR@!@aE;&e=0Z1r|!qYB)B`@-bz*Slkv21a(G`$&kBufGZS5m
z&ij7QTzq(YuV?Mox2WS*!$Gg|5)}64xnw#@chmEa$#s8ubbY+N^_Xk!^*&04Wd_vl
zO{p22UcGqTY%^WWoj+%z^U7ZTwBE|Xk<I6-#a5x0KF_skrBdtR!Chqg#qF)Z^<%d_
z>rT>PsyOrS28-)d?W5jE*N?ixYIG91si&)#R<1Mi3qdw@Kb^c@q=s*={px#d^qPHv
zy%=9zMYow$t#jTQx~0pr$8Irs|9V&IE%!RN^I7)lq&j^rzxm0x!&1Lio(%KJPHuTR
zEnK&ArK;QB-n#6Ku5TOl+um$Ec?e%BACp=WuIJbE#q+e$x((99X})oFm2vM*=TEis
z%X;gnUAj2&8|BvF(oLUkZ)F>q$>OD03Ch{$hs>p0sQ6biKYF<C&8z8J+v`3o-b&$f
zBX#U`K2A^W&fM#1wsLlQ@l<?oedOM@w|e(`qsznL^1YROKk7c+CX1Q7rdO}0gUUlG
z9lgFrb<aDh)xFY9E=cDW(Z&1lsa;4Oot5UvOzLra>!Iv*7Ck@z8rA~0Q%OA+`@M_e
zTh}{DeH6-ve{664aWif7<;<$<Ieub)b~&G^%UN?A#qVcJU9pBlwsF2{m3tXb@=J4|
zSW0ga*M~~qIa$fkS+}~ww5#(?m%@5eyMNc6eHOd3*OrL9R_<&?7O+B}5`j0xs3of8
zjuIQ=9I9~EJej!6u)Q#&ZeZ$$ca8an=ccQWZW?XI(EF;X>@k~)!9Qz95bqlF1S+`7
z^Sj#pg;6*j)ofw<Q%%|$Ki}|dob0c<<c3q9#=(oTCQr_9ij#F^i#&Zdl*~FFsm3a%
zP$*5v6xxVFe{3z8`d!=lQa}s5_bEDzEkRWnky{y1_dhZabcT-{G$LyW*H+VPF#@NE
z#78d$^|#fs?K~(%xo)o$sxSBS5fNL@?)dG`Vh`fYoudTCMq?3)qOTv3`^NnRB>SLz
zdl7Ou4ClW^@^}6(vQ*M>e-3=J3wQROAV+AY7R^zQND)*pz+gHNj-qkxPQHW`_yzM2
z)(#C?q;-vd-$x({at-v{*^2_w9_-NL$qD?qIz9i!RfOKEGW}O8tg=DA+HKxQZ=thl
zRZCD{0wXW`Dgi%yhnu)3hgT{dcU0AxR7F{|e9cOp!3C8(tRYFOiJH;dIQGFsWH=NG
ziKreSb8r9X{0xDIm^pSQbK&1aDaIhpN<%6sqKMr}^}NP(V0EG0E)Kg6l0Rb|T}7Wt
zvG1M->PhM!nR)$<aP%-td^@%V2mLTa@_iM#0ugcXeXQ<q`YU5pM@3eJ=|rv1@h5BX
zkRR55&Z*TzUj>p-yN#kZ3<|0p6n@*|!^30P0c-KYVAP}E!2qjL)0+*$po_p1Sf}!&
zd*JL=v*oXnRXF9swxK@`y-}ZX1Or{z2j4Rl%J8xyQt4cLjqgs-H+1=^@igBVkVhUW
z-4M|fD=pQPLi``ztV_Iqv8W)jUo5D~0mGg>i^ZT5y)!C2*4znowa}bRUFr7>W7^(g
zxuWrAqX8;O9<VwO(+DO(o}iv7=w<vgAIzq(M*rz=ESR4TrV=pT@JHqzSYt!oc$O`e
zHGc{!S%ue6V9a%=slc|o<vM)$6|3{+K{ps}h_HXA6=k*7Dt;pnY%AUg)KQ7TP*}pa
zz%8_*2GY9*Lz?c`ANlUgWM6dcw;G@DUoub#)r{QZa1nW&0OKx~-4~C<VeB%`<B(s1
zA#}Wy51g9-*%IuLavf4xN2{5>Z3C7Aw`2g90tVkk-i%7)M}7wh@ssoJ)Sn`m^=Jos
zgF4xXrYFY1wes~Oyg|*z7zb*i+)LE`lLzQ*8sFmNZ;jBOE>8aP-qaxJfqbh}F|}ra
zI@T6{L;dWp`#!epZB)~hb(pGM4XL!04mI2^+gnr*&0?T&;RvCIvnsJH(qhb)!Eq8Q
zL!u-ICa#2H<Gboo=TQ@cyFxvI?*>Ix=X6Fne`AIrW%$ytUTP}N4w=K9Mx^wEl}x7k
zsh*Q<)U)8M8tS0~nI!6p5HU$Tt^3xr)IMGrT*5mctwnJ$RhpndhuC3tNd-@nfOVBH
zeQ4iBcosru_r6{YzphbBY;UzNHH#`uwji34DJ<zQz1S0vvfW6ekcd5Ed#gAZz*;i3
zamx)~u)Pr6d%NXgtMt`j8u1_2Z2R7vD}Ye?4zQLID=CwtqW0yVBAK?D(#QV+W`{4n
zV3_^?wRg2WjU-3-I}!k1K%u|?VML^pO>D1iUT*iuMe+fAps*~0Wu+*}2d{0w5^Hla
z_5mmBetW8(s_K{V7(95{<U@SA<N!}kcUN_F_0v^Pv7JIRltfKT(@~9+>-ByP{Vp(e
zCT}){^b6dhu?o4s2m3-$jYU9E(Nhj(aw;QH7>G3GoFG2zkm4C{2`Di*dd!uuB)yw*
zwDUw`LTVzs-lLZO8jVNk;BLyHp5PZWWw|BGNhg(Ji|DKJNnI%oIj}T2ZiFVn_QG9$
z=67a^mGOtQSS=U<X%%?!GzIr(u#xiOkvh0xtJ`RGySh{ux?_cQO7a)-Q=40L-K;*r
ze@EC`%}FT^u^Wlsz>f7F<Yt|}-(OI9Aie6<2mRq>oI>;HNB+0HP5#E@VL~R59!>a1
zc^e0NxV)xX;>!>qVgT7Rw>)mQR@h$|@&y>5V!%mUq7yCcg!G}+lKi(IvS%D@AEMAa
z89B@8s*;X-)2}#n1~l5kB{BoNBAC_=hKM9^u4kmQ{K7YUt?3Wz;yG)QW6B98Ttyb)
z2SMx%(xNO@S}zwg<cE1_xH=O^O_<$t;A>M^NZS;BK~8-bf326=>uYTFgd7TVNXfwS
zlc=>_f*oj|DZ`MW<TX$1HOOJy?WR`%^?-#1wNusHk<Q$dN$KpqL|X8Z;_-Km_~!WV
z;tVJ4i;k8Qz-b$y6?85f$in09L|4f}DO{ZKDUYkc@srGphhSl9inB=9*Q7$M#ZW&a
z6*{lg@5!TO#-tIMuT<PKu8(*-zDAK;>g!0IHZ9^#o6!B(cDSD0n;$c7)d#9#SC*!{
zZhkV>;GSaxpk~r8r>c>@rRh*03s;Ox_0G=;w5N{?a;TWS4&g0b9;CaG8gX}S5ZRSR
zOZ1vHM;>lPh|rOT_VCD9PYQxF(woHodobxWsvLx3cHOn2z9w{f@_5IyL`~4Cnyl<t
zBl$3^l`q43G^fFw`RSC57C(D#(ZHcKiGDS|mZqLngGJ|RJ-C-FV|6iAqz2TH-=@f^
zgC<@Ljn{UoK0y{MqkV8{##c*J50x5^wo!Le+8Edb9Mc{|igs~!jPf$dyX#(=y3kRl
zW*|qU=IMV)b_W4?+Yt;e_=1y(GlUhVG1cHL_Q+CoSLv;}HG3q-25P%ndpf}T$&IER
z+W2N$_8D*F6Yn;#X^Z^@2^QgB2_0_U66@YBM;@&kog97W?2G%%u`ZQTo!yE$D`kvo
zL5mkhoqDTeo7+*F+uA1e+&6oEe0KQZpj5kWcYX}oeapE7-BP7OTFvhh6+)k8GXH56
z{H|T_yDe*?MStERM{9>%xF3_Z$-6SYLnD8!ulNsInaNpER|o%03;z*>YbRva_-Ff^
zA6^`ue?B~j1~mJoeaV03jZqd_qujS&w=d`plYY?&=~U=b-XpZR@bl_@De=+1<bRzr
zkjRXwApV$^N_9ai->5IE&&yNTdaL=9I#|V<fFLnoBdDN6y_xf>fHtd?_6bPfpSv?`
zHG|5aif~0ogU*roNwgpG!B*>F@Da~PM=Kl##!A^aYU0*#^e^9*xwIApX&W<++iY*U
zjFw8CBW*qvmxYom_QTl+Tz!Z9smn|#`}9zb-XZ(3XGJ!+ikZ3m!sWC>`%Lp;YpZJL
zJ|8gG*WA$;Ti@@yku|!)@^ardEKo*lGh-Q;xVGstx9KC=euL(2f|fMDneWGVuf7>x
z^F(0$$iPtNL;OlWOP2@ifdoZO@lHb?O;$91sU@_GdqpZ24Dlx<?2tPrMIEk&j@jDz
zJ)#{P1#a&H!_b`?X-U*WH;Pof5ja|$mgG(Q_2lM>x2rHSEwQ8F?sO13VtJ?s2y)@1
zvK`PdWmQhL9!;}kqrK5c{)NB*O$Qh_wg%8*al**G(iP$!m;9uua7{5nGvP9jN*YH;
zopH*PA`Fh)LQznqV<06wZj{!BO!HWC=~eFjJ35BSQ6D^?JOfoy9SoTiR<5D4=@(pr
zqDGbv4b#S?i6Ce1>!7P~b3<2s3v*&=m^53sQPbiFxHdIJ>q<4=sA#y3I8-)2E^Cal
z416k%y*n?Ckn5TI9!osI6?<3?CmeD+sYt~PaA@?ist~&A2^5Tl8TGCAC~ltM*JB*4
z(ka=R#=ng;q(8XoPH!g`R{#x0GEC4_n)3&Swn(x;`k5G$h|6nz?VY4><=kbhs-BID
z1}c&j+hY`A>ucM&^>9AGQL!&80cdn<H&_g~PM5DhU{_NhLrAR}1xydP9L1#kF-XT*
z?k&%FF>V?9V!S#{TGpJGB*3hI<Jw=WgrPBHBrQn7K_}qO_b}-Ekx>@8>trW@K>UK`
zV+&_ZhzXQ=ZO+XPnE(!8aV3e-O5GCYaB(X=(+p-iKDX-aogFP7qRlC0=|EEI7BKhq
zHF3T&7`(Bf!JX4iH7B7tAw<5LPP)ysh&$j6WJ+v(K)CXRyG4%bIv0CZFNMjs20(9`
z7KS``=m)&fz=kE|!{g>NP4FZmH>{%!=%YVN)&zrQ0<j6NhmAV~Qsy$@U53%|Rn!cV
z^pCnIkX{KEXI0~D!b<dc2bV8o*p_ez3)UkiBQVLcRA1o%OKh#h8A<d=G%^W1`68m#
zN#ej3n;@BORJyz9_}HhQYgrZ;2uU{IYD=;?2us*2$Vt1vw>62Ihg&y$t}1}sRm4>d
zxVA!|3#Ny1h~EeG@Mo-m%JKf^swW{*2c_c7pW5r6lXsFisWh1M6fCiDWcLFu?byUI
zH<M-T=_2wg<D%nJfRNJi;a~>`ah&QK$wwAT&_c%U?$_?4uzKhnfnK){`i-*i%HgQj
zy~`};CNObghAWKTtOB&`MmWQ+@{>EH#RWV?;ELYA_?06xdFm}A*dm@`Nyi(}vaA_u
zo5hezP399bE5Js+jnzS!H>)BrWf~}kTK3%B4PBaa-zTuw_kY<B!}-b$c_-@ej$%fq
zmnSDLZnM>lE?b(0L*Z~kovoujbD;dCTHlGTa&}rC<?1lQ#PUsT?Y<2ZnSUw`Y_<Lm
zY<&yRq#Ts=T>zZ?Zu|P6$)diP)qV~Ga((%8MHuMMR|K}c&AiNXVkAkt(u9W!`rK+6
z8I|qZQu6|k)*W>UK-^c=mvXq_|De9SGWggs@bMWJX%Py!`<+q9)-xz1`$ZuLw!U_m
z4g6Q|cYSUN9Iy!-uw8WpTN$iNR=@$JashWjahi%0%p|L>hv4WqQcdRYLI5x20K=pR
zFQkcC3NXY~xQw9`aJX;_lcP<A!^y<qzKc%p@dUD~3%Hl*fu21fui9w1vn)7)%^$vT
zN6JAU{`jDWo;kHBnqk+uo&$b-PDLa|y^KYotow%3usQG)dx4DN7ey{4q>%T9ac?q^
z9;o+43ijv|J*-Zt7e2bKCB==~H;RP`$oMsHgIP1BZ5@122stE0iFsaznWXS=e>5^7
z2-*!wL@;5HquDiHD_<%AyPrRFqCdh2#+o|MyS$goaSOQ()!}R0GsONfik9n;m89m@
zwc}0`d_8KmtYg%C%1yj`1Tpvwm-;l_a1C<tcn~q-h9n@sVx~rh)&?AX*-Z@SMpdK~
ziOIvXU(3tejR;Xj-CHB4=IBn(93#QaSR9SyQgVX3js!?5pRcdYo%)NU9M7!kA*VOH
z++}Hy4zcZ8vQ<kOjRr^Ercxr%fJDK-qh>5Z7Yv#}?V(7Tj8@AXt~Jg}$%g1>hXVrS
zwzIqOG78lMMxx|7J(~BfP@V|!`bKX$F;?1%L%6c}h56KthVDqV59RdPELfzNduENm
zpoGaYs1lA~t^=#w=&%WL+%b_Kj%WRHLr7G?{Q&Hjnl-K~5baJrd}djI?BxdkdF1GR
zEObUl4eCg8VL+=5cZ2EmuDPx$F9>E@y&2@9$QaMm&{nPiM1uiNh_n%$`Y$@dBPwxn
zMWKB`*cO7!I36u-!z=4NET<up;ab$VII~#AcZ<f|FqS+r$2BE6{|q7<8po?$oG<O2
z40Adf4Q`hmW5CTO(RA{-&$Z-sG)Yw286_KIuGzPN*gH`!p<z=ilm%X4c<q3@kP#}?
zjGlcwe9%Io{g%t#+@d*(rsoSY_+xgWs}73~%*sG4?e7M${O!x%Kb{}|dVJbBNzOX^
z|2X`V{BrpIBOMz$XJ;q>JU;!E6kUok%LDeQKk>0|QseB%B6%m7@vS2y(NFE<Gz*VG
z{!~;!8CxiFR-LgcOW%YEnw9Cq^50$9_g(FK?zGG1m4=Z$J&YtA@odPE{fK*b>4<WJ
za{}zV|8#gB$}6dSI`5oboP9k1lzjMja9AxXz*15yBTDMqN~6!U{=@BLPyZ5{L|Tyg
z+aIncd%1VuGk8F_HK@#{vYh0E^+K(Au`1n+@5qU()BoXaVzODYN#&oOp4(Uy>3Awd
zpsv#HHTyV?MCY5Pe{;2IFE5dtI2O)#_-++efw(r4pA)}+YC&;JT=U81kH8cDFM0_Z
z<7d~%<>~3+$)W}FvU!Nt3ST0sfHqC6fzURi1r!UVaN$J1OJ<7%x{3%zfF-0?Ahb}$
z)jRVOQ3!&q()-0?C|GgcbZ^e`UCsY-HZPPwo{>Fg>4bs}|434rv5Zy{(Q^V@USh~@
za>6KFbG+K}m2}~U=~Hi<$1ko9`9_Y0cy961vv9%+p5?47shou)-0k?j@eGpLHY8I$
zPvj;=esYE}bDSchn4NxCs7d~dF_mpAx1-1+QbYON6lD?%5k7}vXx0wN2_B^%9tP_@
zZm#rW(H=EDjBRV9E?R({aiufHpAC_ekTJ#w^ouMWvn(|i?&LD{ilIhp%^{9#dKq%8
zMFCS2VI|1JT*C?H?Q;@QG#~6&YjteZV#7!nPr+9J6=cc%e*m#A#V-9M0DwbF?OkhA
z99NS4P6Yp<hKZelannFIpa&}=5Rz?;B#Z^Nc4A{=qo50D)35337RE6@e)F8n`>L*j
z#`bK?M(l?fi>|7B^S<)t^Q1ErB!QN}WSZ1pyl;xqYq<=!QI+UL)7;~kFadk*@dZ>f
ziSR1Li6FNM)?~(Gd?{iJQ>yd<dOaL-&O>t4+h*PLmMw%^=o_Z0T``7F%?WDOv&^sF
zoGG{@y*~>~oEg9ex|OUci&-qKgtbOHIuS%p|5b?qV1?ZrXM;Y##+j~$sFiX)bi}T%
zVCoi9B)xsig^@W!_>|>3SRYG9X~aAYya1Y3_g_iVdV6;I|EkviB~=U7pWj8-`c=z{
z-qTr;|KUe__{dr#@;IFz*qi{_oc#mVxZkQI)X4Ew$<OO=k+<U^wXII`t5f`HHHqI_
zkK<~@3Y_Y1|G>=SpFxIvXi;=Iz4qpnw}0SQXl_A(wAJ}t7H9cIs?qJ9xL8Z*hYzZM
zk7<80t4{snKbO$|^x!_I0RAQ+z5e_rYLGj>$)V1c+ccGvOr}?(9oBA}-+hcrozlf^
z^RR)Yp^YXx&+mTbn~%M$;a92&;%ee)=Nf*c?3q74<>d2r`wFHY`J?h%_Rl^1zt<uz
z!vZSn__SqYP*uzX9?=uKOX`WTD$R=G|903*Hwt@sR8zD_SPg}FR8w3oqT|R^D%jBO
z3e~dommGh<$J|rOTu{tnSOR=G$wapnH7V22T=F?<?y%Cf{8t7<3<ruKQQ%5Tvj*JW
zbD$)KuopScS-2wJTfT5GeEy1bfg~roe0|JN;>I){swEvQ+9n%2h0=TLZx#~T&{3Fn
z9l6W3N;SK5B#27VtSt}en7F=N8l`CMgJS7%FYN}U&YCBvgQ1MJhr)HG&(SB*gkWSr
zs$tY=853uO#pxX5M3Dr(Qh{ncY?BU0YP>8ql4fBwwzaxqjcF=Ljg_IgAuD@lb;Ylc
zo5^GqHyoHSilPPIGh-pJPep4+&6+zo8wW0MzeZUnEly95(@3B{&ydxE%12t^tTvxE
zo+>TBp=E$L2o%!5jbtP634z>zqaxjI@Dx{0h}Ae<U76-XZ^~08JK7a(c3z#$aCU>$
zYIQ|<tc6rKmuf|ax3%^2A5Tk3$LqXwg<K6Shgp9=xf<EzO>X^N<7{PMi4Z48=Nq!$
z`-e1d&{S|iU%GH^*30%d#`30FKgtjtSca19Mzb_UNs~=^yd;AlS`H*rOQaD9Wn{Tn
z2^LT_QwvZsi|%way%HHYALZADdVJ1F>ntyQ@%Tz1M43T{r+PQe7X8wV$es+HDfJT4
zaETfM46Jqz@S2z`@8Ktib1R7u=neZQUa4^-8g3K{*Rq*86WWMxgqyO|q&Ee74beiN
z1QZEj5kVTwqL6b)WW*6P0H+i<hwW(h1|!?fKH5+;_4n^{tFY#gv9-0Kkk>K>L69ln
z2g=SWMqm2V@klYVh($%5y`GlBE-#UQjHC1T0-!o$06Wfl1%ge6@!knAvY1<G8lp*y
zH^O*G3G3`=tFl&Bp`IyqHa!Sk)40C?LU)s+ZkUUTF&2gcVW+TMGF~(RYphM~Wc5#>
z@uR0P%Ew=ScXsst<LO4`DjWvvCJV?)WTY6ls)Y@3J)Qwbwx!+*gT5&S#jL1}Rxz`%
zPw&#w%7}6$vtjC`;$&&1<tmouVt|g8T94-cX(>z3l9Z)qPtVeNo;2`W(|$6Y)fk>J
zudK-837?H;mSQ@|rwB%*)Eq;H#X=F*{kx<0AKw0ri~FW<L5%1iEbo(YtrF0q9fBTh
zgy398AnE45xVOs?+%8o)Xk{*xO?t>Pu2B*%ZKV4uFO>pZY3(f^0$Lfr-}jh-x9;`z
zckkbBM6t0?+Ym33^?boOa94=sduHMIS60!xa5U>*7C$EW$V%&s2t-P-y7zC<_UX-d
zHb-r@r;xhWiI+?Mdg|WY>vWR_3^z)+n_Ffc$2fmiG^y!q6W)fN1CQTi9n=ILt$ste
zQj(}9=3+FHHgZ(6GnU}tPdP<~+=koAL^OV&ant!dd8rn_WD&kW|4Iw%E-$Nphq&J>
zic2H<OH_2I0q&ws2>D#ju+Jp*GiLbdBF-SW6w(ZC4xzT_ZK6gU!-wnf8Hs7}n=4Z9
zym-$40#H5IiqsiPQp?{2s(d2a<xY}@x}#~RB1AHG){XrpC%k&7A`r)2y7d>9cB7Gk
zqofd*t3W}gdhOJxs&EaMW4Zs?v%jUlXI58Sr9w&@Ec9vD#ps@;0pl3z++bI2iG9!_
zfZ_utxr3`F8XM&wVyHQ>R^`|Jl=b$?2>`JTi{LTT&JhRD(tYIShBK(*n@ypsh35V?
z#Lb%8vqfcu3K0ZM!xY<bIG<7Ks%$%VEWHls&L-Bz6iXm6w*!=Aa@|Jqf}_yY5z)6&
zUha1WK_$cXczotQ6*ycvD2~`mN)|n8(ffoO*<>yOlN1PHq~&Lk@r0VI!W$0Kg>9MW
zkwYABS@n8=y)by((jQ8v2!x*L-@aA=?jr4+G*aF1eXXuoXBBU(V%Hbh&OW=#)^|EA
zNUa6TQF>N?-DeS6xst64u4u}#T4h?PybW|`CX#T2=x&=On<-m=FO3K@H-o?5?4oUw
zgKE}?4ng}`PMuLx4sVKCG4ToJ4#t!j4&el%=8Bi@MV*>YDM`jb>9TY#%7f?L*sRr$
z#wuy$(L9>ZD6zz<9#ur?af2w0{DSwsdbYv!gc-?4wvD(M4l>)0#Die!4`%i~>zYrr
zta*I-A1eq%G_TGC<G-!ONf<Yj?ZQO2Z;#Htm6eM-cxeONNF*aW$!_%CG81-WRgm%p
zmRQ5i*USlAmemw6JE2Nx<4BVR4f~>8p8D$7xx-iWFdAVTfd{&3I4Bq4M+t-!Du*Jh
z0dRcg%IH{uLL!#jj%<TP=YwapQg7#BD`4%Oa*+|<NL?R5;Q}Yha^Pw{JX8LEcJ?7#
z`x-SC?$>A?P!;<;V9iH`37i@1^LQ$U<1^0P=i*|y0?g+%;O{r%VSzdXqW4Y;R<kHZ
z*IPnl7yq{@y&CMhQFS&}Jkt-f60QsF8``gziUE?<i)%5TSnJtwY&0k%D0Vs8Aysa(
zFUy81!ql_t%nh(}rg%au<r~!QD5)*`_I_dsV4Tn^`7|g_-=3cXq#Y}uH?9Z>pUgV*
zAML&E7tCT(t6ovM&>r##MvuuZ9rfg1zxDTFDj3_A1AuY1uC<=45+Tw>CWc3B`Hy@L
z=zcx-E%$VO4bUxCrwJ*J%vT}5Jm4_CbX;adnSDC$Xe*zNcl8kMZZnYyg0-`V^P?^-
zfMrszg(x)s!+do`t}FMk>i1oF#kn|k_Tz^zX_BGxsUb(>dc-oRj1|{(MmV04;UT?;
z!%7m3$GIOlc<55gBSgX;{Sql&m8K`@#87l8XDYw|0%|_$9jJ^(Yi*p7!UE(<Ms_hB
z-<9akmBiZFeG=%$?gMdBl_)9TgCsFg_@Y0Qt9E+%YE3IO{WpunZP_1kO22g5*ZnJo
zOa-4=<k8!G>897&0j>6)u)+d{UUxuG@-O{s1Osk7v2fLs%T{R-qL!nJ#iLj?Ma!vO
z$nA5>ptS7uy<WeN=M3b^ANz+(UfcjtaR90PUj1=J&&hm{B}T<vOZ33ertpo)v|r3%
z;`Ch1bi9yArVKCCtT_L01~vNEVj^{RV@xFZ%Tz9DR=sI*95Fd$0`5RZo()}nJNhAy
zcXj1K8;dmd=IpGl#(9R0Wtss627e5qVC7n#^|3n@Us|YHXDLEod_xP=jju<tt|%2|
z%h}#}((%~)jmHDN>;}jAzh4|4e|Y!y<lKR@0Q2~h#;auO>K*yv(+BVf+U7;2$I_Lu
zb}Z;*pREswmB>um5#4Lq?rwJ@tIfB_j>*5V0AnAUQ~zciiVQd#zg_Nw<8VLy<tbgf
zFYcW!ZOQMVo<0FwpqxGWp$}M!hV@32v)b8c9*It9L~-RYKg4%GvRrif^?x4olVc`=
zpNRtXUky}$4Ohxd6i>D6nl0VK;=H&%7rHtM@{q<C+9#lE;h_d=t*-nf`_3c@xP!|6
zY_0-T5U1?cEf3HgOY11;rG|wp8Ha|1<Asn9axfK^Ew*Ig8rtJEv;{^JqTrqU^iRHU
z+{L{Y#fe<xDBJ^b)@dRTQ8pAiwVhVJjKqHt?VGepVIrkjneIb*6dPoPt3cS0i-RR1
z)P@2vG;>0Yio6c4&1Ni?46RPQ*{98BI-B0BHRcwII093nIw1~vL4`@!i;RUC-io!W
zLha0#WH-?}lpDFHPNf)+Itg+Q$Ru2j<x(uBYlji*vsnYswbf*e@i@<{C}~J(Z)yC2
zNL{={OxkmBor!EV^CYVv3hqofFT7>fqt<rO8o7)Yu=_Gw?~kl}4dXO;y=*Xp1{w9H
zq1t@GU_`H(BC9Il@7}O+rU5YRf?{Q;RXf#Ux0kteNWcUNpQyq!oXoVq=w?(MhJc{`
z@x1iqTGiyCfEygEQ*>hztj1cngj?}K>psD}_eZfB9h8=|M2%Z=N5aKDZBAn@Ic$>@
z^=lVCV(_-`Y30r(KZ3DnQqTvP4761Nv5vQhi~)AAfNmS@Sj*LMHcKDnQrTtI-Q^Zg
z_YY@(L$_MUe%F>GElf?^YE_8#ocmn`TWX0u5GGJs*?I;flSlX#>RxxMqUYox$-_w2
zTojzsmZg;d=EnP$(MRpc4Y#kYg~P_yVnAio2Pzk<b{v&yjud4R6V+nM46FFt=%Wpf
z5D?d3wmZqyZ=NfhN;vdcq!_D%-AVb>kb9~kQx|jr7rDs!_d^`7#M3HLeAGK}6ExwA
z4q7>K8_}{nu!SShq%wIN5N7aR&-gHBw1!!sG;J-JoFx~>&lqia-~lcdtr$@ij$)?z
zEPIN|K?l13`Zha>ZeX0T{n&^X#Xvt~=MtFe@6nQh6Gr=kY!ao;U6H2J>ZUiENUV}?
z(R-A>im2&{OMqk2BXg50d@lkTdQ9u8M9?J@6+{+Cig_I4tHTBYtD~{d(no_9JWkSd
zNWH_3UO3vn?$G+=#bovy4l1Kz`*gL)d6R$J(uI3gr|9urQ5DfE=U`r1AX36i;)3Lf
zcdzm|QFfoQLscPI*r2|a-p>%E`z)g9L-!Q=s(#;I#oHz|7dxrXF6*Yf0WDjT{cMGF
zQz=drua_V<0(8l)J-JdWzRp5Q7cL&dqX`C#ki@FhGrc6%YG5)IEvB-93xT)pj!Ph~
zT~*5U*b!_=>>CN*RVtZz_R}maG|(3W%)aU|9#3ZRwwN(|3=vF>oz#G}ndM%SE5LLa
z{9AEo5;?gViQRw(sK;utQ9WBiMfq~UKV?;<tR0!t0;{~;4M@{-@+VD;Z$zQXuKLqq
z;Cl;3p$fybsLa9&?}qTXcsNHhyIW8tuhlf=NrX^j<<|>pUJVjiW{c3CWM-v{!!sOY
zL}6>4>vuEr8~U=97pVC$m>~GiDM-BiU?SGzzPdt7TWO-aafx1jk8025OiRFP{0X1o
zZKBX!D`+{a<0?A0e8u0WQn1xaMxS3qEE`+38+D%2@I1y5ri?x4-!jNm4#FGDBQ|l@
zPoig#+L#MJD}15ESb!~QNW_&E^D!Y_wvSt_a(p$r6FN-C4DTVDD`Hi?zvwdI<_UJh
zP-f-$$m%2a%W`fte|-Z{AMNZrp~Nigo)oQF)Spc3LNGsF{*wqa$4BL#Q@4!CsnNyP
zpGHI)av_L8z{Fh=c@n#5+F8gzkN7-AtdK9wk`K5c(g{u4oR@#d-i>61^B&VdFeEPy
zS7WDm3Ez2?GF_S}Y{s}Qd!_>%#3X3~IB^Mq@MiZC-*y%5z0#9wWsP4V-8nRFX5JB3
zvW14qaZ9ViunNzdDenDVl}i-8KV+ZbKU!V6h|84Lh;D`hSVcsWJ>4=WI^nTeG_<@Q
z%1J={&tfwygXR4~K0b!$6gS*uL7xp*M+onYQQMnmHr^|3%Xb3%_}E7*n(R1;-8Gi`
zp?glZsEhI3LO}CYd40KMfr9P4oWS>@f@k&(*YubY%k?y$+}vmDXWtxGy`=pB5E+tZ
zWI4UPhjGgmP~0mnb7CH-sD@A|$Zdl`ajo@m{oaB|1KW-Uo5->E2l9uuG|H_VN=d7T
zwHZV#BbY3P(Rc9Txodovfhnbu#+Ed)qecEnyWWjPP$&_!+&dMUP2LsxZMLpX$PMkl
zD(d!x1(pc>UO$m9Z?dBy!oc#;M%qA$qQTb;oe6EUv(J67Ph}DVgt)kgyDxHpRQULA
zi|Vpw&fXsf$ye?sIe(ZH=VHHuiyfg~Q33d<jJzzWuHwQ18nek2nK*n5Sj_%xu5L-a
z`aX+*hnG&yv*6TpVuq3_M>JZScJ_K~{D1MXWvGMqf09BA3z038k8bq^9*W$~HQq_s
zadho0IJsM~vZ@Tm38>z840o&bi=U8}Bipdj%>e;4X0b^VZeVB2aSf2f$RKGtvOJba
z39Ypf34#)bPM~vHe>(28qCa+9*&Yi+t*+3^E$i+4*YIh}t?y2LaJ_N0Rg`sW_F`}A
z#q+I`^VJpGqg3jGb5fKG;aSscx4qp8KfjA)N@E%8@7|qlpq|yX8ks(d-g=+CcpjM5
zQR&1L2;V^JRM)A-T4*h$rQ#`KvBXEMd*DVNj~lAiGa_1nhAcq;3!V1z(Itf;RHuXa
znn4-#5z^MZ1rxOQlqrkgaY3ybqwa#hvM+U%^8ZcHA=?$G5d3j-=%P62Gq{llHx55!
zPd@n5=%Sn)glC7K=M?mu<ild?#O%uM1v(t8>7EGWgQ6~6<m>a(4d<eeuPS}?4zFb3
zn-FYeW4y@zln*Bd8GhS(@nYNh>Q(#l8{?x1>_-%~L$6<UWrKV?I^BJ+>;5ojKi#H&
zKEN(`SI|26h8H#r57o}rKfF15c#MM{I@<5<H+6JkIb|n>oRQ!^4_%y`JTi@=5$0@f
zzi}+5kjlS9sq!M4r*5`>`rT>w!KNqUNf*<!*VOcRF&GuIhnkr24K&hO-d*M6G9n0_
z;_}i(f<13%ZwCW}LtbXbb72aJ01-!bO%OX_*L}-`+{FvrvarZZZ$!-7oQ*fj@c_0`
z%ik+qd=$K3KAkYa;Xc1nfeKbjxt(!|&BAkto)EmiI+}=(W<Q~>mGltOS4BU9T{g$|
zE2(>FNPj+c^`C^7wpF&o=dOl)&_NMKO5|wsb|6q${zF&T;z0DagMpN{JoU+biBBg~
zj}CY%Lrzywcs{cNm!gx*X9dzzFO}hmj&f^}g(`KNYqE%3{nS_1G|g{qb>&ZgeBRmV
z9LQ_MBw(H!Wj01LdFe!esUua@-l<Y@i5>BWC@7cVGtc*04{e%k{q6Db25$%ixQx~C
z>u&<6As5MlLH78u4|3%G8w_|az5b}t$tOTQe=i%SKl>$H|6$bUjVD(J7VxvCJj_t-
zK9f#0j3iofBt#=>m+xoThfcz9^slby0N(TwlO)o_hw*i;>vyXA6~lS+0l|77R7Fm=
zQvVmT;@I|<sln^9n7xLBu;%htJ(#}8*2P4Fssq?L@{>idc$s}84=lq0W)6`hnZTWW
z-^wfu&#eF#sRe1z1TMGG&>S^KM4g4j&u~{-#15%ARUY$7|1<i&9WC|Sr2W#WMtb0L
z>B-rTWy=>A(_CJ?E?`hlO#1@meciWulw3OESUp_#2684#<Ej^0(G3yrQU6iLVdrB|
z{JaqY?(QPBmYOIIq8drq`V~Y-pa07!&7>#-a*`9__NY3eu2QK#*(f`RT?gU<!9TaM
z`wauAmbOa|P+k08gCJhIIn~mDuhx_|L$bJM5kjj$n7zt=)}n;=_g7i|v;5yhv?k}C
z4B87FVdKHv2e!st8v;ImO2*dCj$INYQlm9CV8q0t3$--FN!22OhqA%8+bCtjUzMfi
z;SwR|uB?b+F=$Z)JXbSH#hz^Ak%^Rf^h0qwF%H+-Pr|i+uP{cr3?B|++<%#+XTe9q
zJvDSho5r|YRLFi572-=ESemz<``XjqUOb+>Z5*4Q5*+=S{8zLU%hj>c1WDT}XIFOq
zy`lA4(mP*vEY<eUc_`MY&04yR<5fG{A*UTUV`sGH%<O4)+HI*Yp0;>~-IRD6q!HOJ
zrya5nO^nLzzBY@bZ6Ud1{LGzpV<vVs&ISd{EZ1XSYcxSGa7>w8m%1zM7Fv@4qZGzY
zs=u!kJ%+s@sdB=-?5bgyY5KH<BQ>5X7ydrwwx?t|CQ&%|InxD<)3bmz*m_Wll_AEQ
z9c1`xF5EF=-gYvC?_FebFiUEtLd%_aw&dS3D>8D#qIrZo<P8>T5ry=U^IkoDe@t;q
zqvK^4nAJ!TD)e3kgy&_SbF+}-HW{PpPG1d5&KBv=L<b1yFH=AT%iEyh3Cb`}YNZLV
z7XyTlAni$$Umys<21gg2e4ibUr;~PlM(m}%L+jhxVf80h#c|}9UHKY?osp{_B*Vr{
zdo6p}f=V12LYD$vz|QP5)-X+sm`C+m%Q6W5AaawJ6`m+RZo3HYCJlC{7X0!ur=x>B
z>G1sM^@q3FZaX0XDbL58=6*>=ccHv2d|1_r-B)Ka#8~?^4AIvJti}uAg6kiVGx|5!
z$Tp&PK|oCt((+4tw24P(;S*-CL5r?lw0k>VUs`;)v&~C)S1;X%-rH|}xc73WL9MI4
z`E39BqqIDKl$P!T1KMAjmYvpiXZKNRc6J^mXMel-;j^X5>9n?YAD^7g_G9F9cD5gC
zWqEpJezvzCCFt3s%eDVdD_!oLCu{S1yV3bTbw-YdXLIJ-liLY^E6AyLhID0|WDq#6
z%*HX}by`s>^|M8n0v#f8yRd#&1!oFY9*^Y|0^krHQFFUEtRLR;DA~o(Bx+Cw$z#!#
z<2yLP3Ph_=4jL9ir*mA$|Iz41m>R=&DNHTbOna3(bvB@e-xDS3KurVhMwe~o;#(Y>
zX^%<@Crd9qV#VNAVfGckN1T_q#cQWjB00P9`*cdu#1O(e@O|(y$Jgr#oCHET;>}u)
zmXLBPcbQz6@FVv}X>B(RUebAK(bTT9(sGbdsXjj;vC{THZdXV#1_GW#mY>exm)p?9
zt-e)Z)D@E{%)>m*)$CCGJn?bF*VFMG$_w!(q!2fpm_UXv)MO*yxa;=-DjxlOSe?0u
zbZo{HIgtq-y_bO~m`^Wnw#Fmok87?VI@2Gr*&Nz=K45x_&2^nIEH6rD411xbm80I5
zd<4PaZ3qcCb4Yr;Ap1YbAH^Uwk2&=WRB4jG43Z#mlq+R;NLzFHKr*#|1yGUfXCx%4
zFZSf!**WHaG@g?HmnnS5JmK*zD~oBN!H0;%nSfhxA_vfdIN1`MQY}qcMWQhw3>153
zkR59P$}~F)#jY7q3UsvjHQYBs=ku&W+|C}P^B$cgah+_2Z?KRX!(!>w#eVz5T&tZ8
z9@`^fECV$AqQ#+C8wV?r4sP<EIUetB`m-6bqk7{z`n;}ybi(6KP2HOBY`lbETbmSR
z+os*W7^dD;IRK?1T6{eEbVi|yh0ILGw<Fi`YFaCsj%VRum-7qnW7|+A;@#_y!fkNy
zuw_I^qrbO-t}=I&==Lsw232lNFZZ`#Jp0);_^0E2N7_MCTSb}A+PCvTG5=DG+WBSs
zqS*SkXK$zdpJXF$O>OgvWE=Le4OVrZ>~%4??jwAv$cK%+Tn^fo`4G*|Z`u4$`OdCP
z=X8Q7G?%)|zg+vRC_VQlXh;Z>L3}DY($3$Gt_KVVcvnt^GQ9{+fYf(?;1rfxYGmPs
zb5HV-<`Rn<a@8+yjE-~ttBwxo|Me8;2xpf!qXHG~urt5AoQ-jEIwAqo>`ic}Qn)qU
zSuZ_5Xje=%h`OELs<(;QED9S!mg?XZ_0CI`D<Nz&VkJk>n;cG`*X>7+n_J|I-Pvnk
z^~FpL6KhH{UG`Ab5C_5NIaX&F48V{+7Z*s?fm!a$*!VaM$3BZhg#a499lR3p6=rpd
zkfO(gYi>*Ut8BGwnb+L<kPX*d0uO%7Q_|sr{}Gz#mws_4{eEZvbklSsJot^SKH2iy
zD;XDes5%#Av@#(wUjuLWvo&f({H^6;#1tn^gspe#mDZ#PWD;b!)9-cNaZ9&TGkVPq
z6TPsY^?Fv5F8|=zr(k=Xt!YQPmeCk6&!<BD;<~BgLA$wl=%QPfnX=dsGUK3hv&g6L
zU1PQ}+b1|oNF9KW9M6i<@_kG>Mb#MLm_s=p6j&8vVW7ZO<>h$lF&wog3&2}lS>Jgj
zpSH5@D`Zn_y!2U~+HfjcdnLG2>&A`Tx5(WW*70g>Z|(3Xc$yY<%bUYv9n$@x^Y_`F
zULEyMgmE`KFy>MJ)HrDULt|_8gnpyuaqnyoj>H8O<N;mkS3T-3@hBzsU6MLaXU(Hz
z?>wNI{WjVj7;H-RnTr~<ECHORW`ckB$y{azDg;B!w{X2>Nd6a?<8Ou7<>z?kpSEF_
zCio4*VzR436Wo8*e)x66SY}D;Z47oVeGYgxygDuc(_{EIyz6>;K6xQL?S=|cXBLZ{
za0@~Y>$%IB;@8*3#gwX%+>Sd>za10oy52Oun#q3%TZazxa(siIrK291WE>lH>dg?*
zWeAYF4GIrunuw>(>-`vF5i%rGim(w$2W@^8Cq;;+pgu1*5r3wqY?5E}2YmvznOcqy
zV=xkY?Sjcd#dLL)11!%<VwVHB667<72aa?gA?0$Q0wW{y2<JH-jIZz2kbwX=pcWA_
zesu-b?S7g5%1C=vkzZ_Y_E?5&s3>j4v_FP%qo=<2kMgYZqP4n$_45Ex3<P}x_|ch@
zLIBKDAkJY74+g8EiGnp|ss~07>(ZOzQq@@944i1D%je~<#4vp3Fbto?5Qe8eycS*b
zS!6HZsX!SLp=8}H)`k};VHA&jB=$nKE&`*|6>`c%Yf~i1^~Qt28eCdy(;HYQdil*@
zZ9`o+h9zg&I6ksYw3EM%b0pj2cH~U{2&13O-Y2SaF8v{irl8VJC2l@!`&~vin#Z!E
z3qJcI0vK4prrG~=S202q<=)eWFc%)w9=|7Oo$epK@#T-5_AmX(+Mx@y?YJb@_-x5(
zG3a>Ni(~`=FxI?CdMH}5c%4ngRCYAT(h|H@SBw{F=7(bKnMahR{+{zw_a#G(8Gd{~
z17YUUb5>VIST&7<2oOK$#3qPmgfr-Vn9?~}_6aCMZ(;<bSY~%q3~j``NW!QDV8yf@
zHRgq`)Uz)9u&;S03f!V*CFhhRb={7RC)o7-98<0HJB<K^JcLZhPvtRb^~PPp<0x5T
z%nXz%eX-*!rznl5K1PW*VZ`ZZ$<pXz;^tos<^|8m#l700b=Y<c9Ng)XcU$>)xjl-+
za3U&ecE+EzK1hCOUg-F&MaN8!SG(?fYwWdX&Qp4VW0G6hu*gSAs;7%(Cb*wLJ?j0S
zgT$he$6k*KqiG&xs&uLaF&xxiPg*{S*7Dx`(kbf(qnNz~$U4mga;G9a%yr|UFiJP8
zIkfn*88bNhhw(rWWnWm?jR-AKgPm*X=U%v)F^$t|y&#@lWAgLqRQ<%FWzC1)XiYeH
zeFnvQH$x_l+Q@Sz)!=2O<!gf>pV06siD6k9bXlZxS}*;P?>uV7XMN4c1*g#{oLk(2
zl~P~7MzVA4$wADBd9S-i&f2;=Z?7`N_5^)L^<?B3XJ73G4BwEe=H!COWHyMF&6R%u
zrtB&l?6$IfwL?6Y_otTa%Z#9eArj=%I3h>T0wFP?=b8H2ts<$eNrhBR^P_h*rT4ap
zUVZS}$mOb}v?5MRaa05A$E!M*>wczQ?W$aaM)5ovz`7^z)&7Pie8HSdtHhEPg}T7-
zUY+;7?zNIAmD{at#i^uRo<7-We9~!r(v6-_%E#lh%bmt9cN)9gY3y=mnJznxU3MC~
z>@;@SS*FWwW0&2=F1w9gc5Az=Q=pvYWd@p^?I;-_JYIH_+%|5K+r~|D+qg+?Yc@&x
zWVi9j-a}J<+qkiA8#mT%<HowJ*;wh5-Nq+NklAS@v(rdsr;*G~Bbl8>GCRwV*=;1V
z+el`&k<4x*ncYS*yR~H2L?%3HQAqFRiYQ|;4*BsE{CESmb|PnaFl=WJuFA#HU95M9
ze09y(Y0Ei{OwLO(_qqca*@!!96jkishbQAUC0vdL-sO{Non^VZcKDj4$H7gh;mBaQ
zwUG;m5K$16++*p($eeuW)E58nd3|WqO`yEH#w54cMr6TRY4p{CjVUJbHX*VmLgoQm
z)kAiy-CE1q!fWxA+$K}<wC;X8Daiud>H;*9vb#)okCM`K;!fZn5%G*L={XXpU8H#5
zYL~;D;X!R9-OM5Sgi;0gv{va2T0l5{r5ciGuu>!dHFRmdX`SV&tqMI9lG1|5BiLP7
zA4Ke5T@iXWsipHD(A3c}{=l@W#5oImhTv*G7T!fgnFGqphpix_S|qGvLQZB4q#y)B
z=1jDl-@-u-8`#2W6fa+QWMg^aN1c><chJd2!|%5ZzfbG=kj;1V4t`*hJ{V7^&;AF-
zHxaBzCIEm#OYL24QyWQ={!Rq{p_Yg{q#Yq7Bm}nC-V*}bj4`lCUS?ur!qJi%=s~D;
zYRRDaaKHWX$;_&*Zb=}FH*O<tCnju5>aO?7%FN1qo`uzEO51a*Ypk-X=c}W2^Ig^L
zzj$|cWdCiaPC2nlNOpvSE4G9uH$dAKN1a^sld%d^rVLfrAbMw-{l476!m7!htsY!T
zy0W*bdQ91Dv^+qYX-~TcGY*PdT3Y)ix|&>Y(!$bbK1UBNHN%%bWLv+y@i_=1(^L)}
z>GVIj56^3!{M(yk#96XGHqq;DHk+;Q(uR4ARix%}tkqYT@!E54lN1HVe1Mcdhp_<h
zlyRPBSTGc9(#b@(_;RlxlrZQEqM?N)LmY~AUBWTI5lo4nF_dibC$7fUAlA4teRGbO
zA_-+jGHcw6B6!w0dM&Pw&hn-@VlQ!4WUn{G4=Z?ZR|qWCM$I*cTbbiGQGXK7E_Qrz
ze<Q!Yzgs9(hw9~^2-q=2$D57LWON8`Kng&SagK<hv_5y)z{CuTm$1EXNZFHJ)S-<&
zlQxh}ol-@iBq~s{JW}<#nAgVjYJekc*#)N>x6b8E;&r_|PVoYIiDKM+<;G|ZO?#^w
zKd@UJtHg_s6P=tRu>>V_9E$>wYm(vu-2@2l4Qa3YiMCuivkv>6@Q6(VS;IIl<zY1i
zgbXqkx1GgJo!dZfj71bt(jLdpl8%S6giwR3mA&<~Lgk^+Ejsuc4gTyqrh=V4LyzoT
z6>Z*<^6W@~yex;fy1{p@<bAwT*)J-%)Pi#B{79`*EYGivGt%AoN+IS5v|BfLix-$=
z0pYsC*-#9cxV|QBOj7HLVeGY;(NO!4Y=UTqlpuDq#_2q%1kn{Ce%73Mha$B)Tbd=y
zNwu!IBuWxKuv4Sb?_#i$>Me6!NU}c^y<H}IhH-r~i4^Rdk!NQ{i$+G>gtLG92><OP
ze3_5%X`~T6^p^eu?E3eYT3t{oZ;yZVhU(~UF5d;4%eTSi@_n$m(ni=^z7sZ=Z-vd}
zdtq~>&9J$AH*7B74x7vO!{$mGVsrV9*j&CPHka>-&F5^2Cv7IH5-m~LAJK{MhTJN8
z+K?@0P92(4C3>^oKr!yQs8q*sx$E6{GGPrI78}=uJk?Zb68#QXH`y~WbM!1$adAn9
z0(VNLCJu@^Yc5`^2I19Yi<>6*kF9FSwA4G&s!2<8cYP(7Tl$0CqQ28%&L(a>5|Gw<
z#Oc<mt(2fw|IzVtt5w_hzo~ZrM~7mr?y#`fx}MXp$?#>kZJ&;luq0kT#hnX07auFf
z>N56jXW=(4IxfUk^(`;mw{G#it!V^F1S9&+MvObGgz)N$mbBAmm&gVaJ5}<Zp|ja!
zXszOr?C5{%bN@f}IlCa_8hFV9!TVe3e`Xl#(dB)~+7()4OIkD_wjieJNe>4(8cd;D
zG(V)M9aGr(K}FR}p|)yK-=R<DHt6QR>JEMBK3u-vm+sKjcH8&t>ZLohwsg0>bnm`c
zxm@b6Uano<MGr32%u_F2Nl)vSN^hQG$dNAS+#ygD?c)MrZ3C&mASf;vsor`SHJpr2
z(B4G(;sirvI<_x+1l62c7%6|P7qrI-!PD^;0tn409?XXET@(yBDj&e?LnPVLd$V}z
zJW2pGcH<ZLUY(L<n^D)5#=EZK&*?dTj#s#I>hu;lb>OzHfUfLq#DCT#8y_L@GE^ng
zQ<tKQoWl*m%_mTs#hHm9&T%NWn0DwqSFXIA^V+8OFiO{L^MWPMZrN4B^7RFWq!+WM
zL5Yilm8oHJ1uMO4DIdTmforf{Y7&eQ<L{<v0Vx9pqYB7#X_SSq&aSVqH<*Jptj6Vm
z<-1!9OJ6SN%Hz-mn(~bUUgj2gA)Y=t5)(q(sE#CUgJq{qHOHF7^WBrArv)K@*^>I<
zkTY2?i}_UC`3n*Oqr+<DE8^Zw*q?H2siL}PV50o!K^g*WXd33|H>&6lI`3baI}!~?
z52Ju%v=L`vvs{h;t!T_h4*u_{pdqDm!9QW=CjMPFwZ)qXji(t6rirO$h=44rlDi80
zshV8|Nf`jx9tOP<L8Z6iR1XgVr*3FXxbOFiT)xnga?zWSmLdX3ZI~MshS?YaUMa%i
zTde>`SrC)SaFO6^EN5+rTuVUiF$Yr`l^_`1UeO#=%7B2*wSR9Z--jS^s@5xNuV{2X
z^&kY21fzdHRLNMOCyLw_IPB+V5Yevn+(NC_A8I@DW;Wo~MyRf@p)P3$$Z#UYhilXy
zYf4R8vAd&{t*>!ymSH)_WJ2VMezj9sSTvGsQTDEs-Kb<bB8ygNJgD2sGX}XCC3n`d
z&lnep^0qOE!{Yo5Z&wM-3?kZP9nd)84eI|^X?+c|PVMEF{Nc_A2X_|lSt_8{n~p3p
z<5e_HCV8f%%q(ggnaA3LhKXkfN&P}5hzk&Z<jRXBc^Y|7av)QU<W-Agm)lx_c9e83
zjytbbsr%KMEc{)QAbU!ocxakgj5=mFobCP&OeHfnBnchxn+D8~P;%#1l8U57Mt6D>
zmd5iu5m{Z*3lq>2Gk**noH6O<cfmChOE@Kip4X2CyueW}krNR&>dYqdBHxrh*sqtn
zsg|^^iw0hb9&eRRw5$8h5dbZ7tvp>~^@o?Z^TSK5{qPd&KfJ`<XO<{$HRP?Q9@|^(
zvHjH^d$rnQ)yj&`Rabm&XT|4gD?V3W@wwfno-3EjPZd&Mv9kJ;mFaUU&U}5vsjsg%
z_w^Mge|N>n-_1>aHpESYI*tfm>baQ1`bNG`_k!^wc2|0#`rH?Gp8G;=)fKc_d!OCl
z>QiX@&c^W0Ue6_vnuZoS>S^DA8lYm8C34QYa!P#tG#$gd&V*Zm;K@RX)5*MbA0<pE
zP4)m(<+BUlSi1<(L?!0Ql+SRjj~Qh-+qca?F0))Z^cmT1$L5A=RPeEQy7>*3<L^wL
z1pGHi#*5f#z@UQk_p$d7X^>;Vj3qV0V%tMI0!Z#41gp5Yp2DtyI|9&37LXM*DuUwk
zC++C^nhTcehNK{}2IpY{S;(L?aWfm4Y4Q6LjB#pxrD>YK10pRjS5$;`e=G>u#0{jz
z-ta0w9AA<;8YHI;ns&~ulf@Vd6Crly6bJ#Cm)E<>_G*#VHAu>f1x;^2r2)NYY%vD)
zmQ$_$dy@%W0|hrcDQVZeYWS)#S54}+S>Dn57I!u4$nvgFbMa-qFUxA7UMm)Q(sHfx
z_9!>&m$M7&0<gIJkGmtZ-kc^czLkC&kh#zb$%Tsg*yei~Z1YET-Q66d@1h`&ztFI}
z)2a&^RrQbhpHI8Ll_bcDHjDi%tL-1B-9Hyj$3InzzZHSDca5koBM)=3>_6%ydK?Wm
znmzlLBg6378`VN0Uda2R`~<^9Tt{zBm8l2mFQoF1x2pKvxL7oKv#4L%MVk3GT~nE_
z7ghfgS4utPXTo7$Y<_%LP~oEL7M6NCmLl;01kPI-3t$ZN+3p*MOM&F~UbCbbCE>Im
z_eegif*)^T<5j9Q6UIPKgndiGq5I(-$(qSH@a<VA>D_Iu#hl+``5t)fU><vmEjjnH
zm5?G2*%K^o(0;g3zR^ni&5xJGQv1!t%vQ<tpV`oeB;}MG4FFRYK1>9ERE00T$Q${E
zxp0bX;DjJzXdp)7YGPXR-bC1d>wiuiiY}tVVqmCKOVfxo`y<21%>k{vDSory>4DkV
z>PL4%#|An=4op_q7lu8z)p(iib$f-dLa!8vmHQI8e0dVfb6MkaO}+P;Ih=2qO_OoX
zC3Sz)|6K5#dqwqRdCulS^O}k%&BuJsH9fSz29eSi+lg?EpKG+g{fdIx=pCN^S8ng>
zce?I8VNrC;&mGNX4iW%S+~1-;dtP(C%Q?|4d)o?d+IwMeXHjIUl`={Fq!)uQj(^cZ
zAP*O-Kgv><kbY7TzXe02dpP_%8Y({sb`g)r1CB8>(?7u@;;CUNOugqRRzSU!%@Vh<
zXftH>#F7EZ^XqG)AW3xc8HK@bcNxUDE*w8atiOsL1bSbdUSBH!Bl%W&*r@cM!Qg1#
z$GB8t!IO<G7eo^ayR1aQ!ZU%5K&8@$;v<8ykh8d-T=n1FUd7E)Ihuv{<J&?1=TC<p
z+g}cn>u<fF@oK+TANC&9jo=OA<qgL?+mTRgq;8l}Q_C`U54fAW-c1~{b9;SFbten?
zUlD+U-I87u0rdqqTRN8U)m6ff)v~GBKP-b;Hs`h)7aX5huig;LKy@+_wIXe;nDq+D
z?Ak}hu_ae-?mF%~^BGI-6Ms{X_Wl$VtxLuYo}}n~vdWcf0yvE<?}QcqZUi+H$UY#e
zE%QWq@r{DN3e{&>rZay8CMvl49aD;%D{$a+d!$BQ--s8KN&_Ibl?=^x>-g9oY9&a)
zZ#UtCE=E&%XjB_JjqH5|KvYfC=w&Yo7GR**D<WbcWh(;9f+!_vAuh1MBJAP@p@=8~
zA|Hy~ii(Nd{h_GX{n?F_h=C|3`_9~0b_odu-}~Qxue0~g%$ZYj=1g83xAE!yAd_~}
z5`X^a<1+Y5$%)YeMmJt})<Wmi^HZ@QntQy)o?e;y_VsA(rWba#oI2IcI?R6y|N1JQ
zygT}jnfa4jL~$;_9|<qYX)hWzBV#jf<mN!_g?&xt_}V^O_>vR3dF(Kg&UTL?3{{HG
zAN=Y&_0IO#aPDWjMEf2OF`fBiCf@pTr#QgG=+n5vH#hye`}Kcop4#6JJ6ODZ@A1Qj
z53`<qZue=b<GZ{0pME}h_?ACC?&<wUlW%Nwo1FMC^<m^rx6}b=tePG9{?%jZnF)R4
z&pEz4IH{PkZk~?D$d5lApWDUEGiY=%wrRWg@1vfKj9Ap=cwF)5^h>vjKFu1Mj-6FY
zj7!k5^Y!Y<V9lDo@b%!qe%IHu+bG&N<7Qa)dB^i@C0BQ|zxHuId-w5-CY@7<x_s^#
zH)P1CpWn>0rhnQh960=Q#~Idnl6Gwuc=&!uDHtYt(0}UrIgZ`e-0^)oG<4vEplO?L
zg&mv8+wlJU)7Z-oMiyFU`t*02cyH!0z5YF$y$hd`_-gk4zPI1(oH2ED%6Hd*&|n{v
zP8-7w?Z^GMK2vK_yQnDxm7-g=U4G-LiEoR;%U&F5)2P+(GuwB(?UwdU+<R0~Lr>nm
zEH(Xa;vV}&@X6E1K3MpS=GX2@4B(vS+NN7Ca0YhivvtVk-G@e>y=NZL@zbe&n_jLD
zoc``n>t(5{tt2VFi@D!tHO%sCELOQ4%v#n^xbbGg)TKASdEIj#`Z(+!bA4pU!@*x~
znVJsiv+Q#Ao0GhC9^zKH9`_pO`}KGf+k5h6FSGjxf(@-+XeMj+Td-e!Zcc|d$<R~(
zO><h2@Ts5g@VBvPwjT$s7r7Ul8lTr`oN4lc<sC;Rr!-hR`jxs-R*Yw6qD!ZwtA?Yr
zhiQK4WB=-M@RY@O?@h?sy1+Q=*o)qGHAj702lI<HA=ztlXYASj@Q&B1wNfqh<kVI#
zA1&m~>ptMNp_+ZN=6T}@snL1@gI-IooX<*(?exTOQ5(Ob)0>=5;y!Ud(xAbkzK?_3
zZ{D+hXw#y9RHj6#4xaqbVO{zQE5j^3e%6uU(Y+<H4s&#8M~`jTv&HRDji*E3KA-Pu
ztueIQf$3UJ#74bl-e0rm_Uz*mbO*M}NMCVvrE|cog+p&<zB|2J(_yyr^@n4RjozJk
z<htIwH;q3o)fkiOJorvRQpo5T$?Dnu)|^z;=H3HN#1D)%nC`Ch=#0-xmN-Fc?jpx2
zCkrg@Gd?Xp+xtUC<l|LOZETl!?5ox~bJNJdCz!Vd3w$#77=9mTwBqx|J<{$w+TYg?
z+|Y%8&aZ9Df98B>6=e2ttG8C-71OEdO&2`iG~dr&lG14WnGV*6Pc;l^a`koAj9Hr-
zcGwr4yR>7Tlj+su&BY6M9GX2Ka#Q}~H-f_pCJr#16WJuU!_Eo&E*UV{o+@G9Zk(>k
z-T(7#ZMf~#=MFv2eHe7Ww5#o+z)&NN4&3=!4~}N_`u5yo;wGJrYY%u#${IP(@1<~{
z`EhgOf!Sx-YCo4R?4uU-?fWFN@%_!b^omA?P4I2^ig{>rvkaw8Z5y3vH23<gABC2S
zn>I5X+Q~y#V&`si>}m46O~;i|Z?`+LT=l&)<n*pxJ+a*8NuT-Vto}Z`gZ#6u1xf-N
zbqKhxuC=X2vN&2vtIZf&?!zYE7jEj9xz??h=EQC$(?;&n?$YJWt-P-LxEi0dIa|hf
z4q0tKb-;n7*n7@b79_1t8pO(YSJ12o`<VDJvR%yW@4<8WYUwXJ=Jw>-?iFX6w#}ZA
zcPjO5`qjOjz4kd@w%ri_RDF%I>2&_=M+xR8jkL|Tx0-Gd+-0$F^iIo-?fV<H=Z)`w
zb<hLtVP+$i4sg2L-qh~joTi)FElLcXrV~5wX=jfPYYxqOxH){P|I-;qb0dZxOWwUI
zE@MmQPD9vhMDLkLj(erQ%`wW^lrcRvCh%j2?%4-<YSA_k1NMK<zdXrE?a(VfQNU?~
zhf5pm3AdYjr?=$jVXtwS%MKI|8Q`5gXGz!0NIk}9lM@5_m^vg)aoDHo`D0{ZNxwDj
z&Q2C%#JKm7H{lyjy&TTh@Bip)(fr{Ji`=7>-`vxAIY}fOc6p_B_pU+aE$*!9ndHO%
zxZZ@>r;XA<-A<k=tZpr?9WEGp_E`Is(F0G}X|N7@etZ<F@lT$?yT!wW?dQim(~b$;
z^h7(gvBq_$+-1!VEDyQyE?U~e_R{9yZ=w(Vw2s9lUpMN^!#`-f@yTCq;T`5_`eLNZ
zuyX|quRNYSI4RFEFQM?mps+b_zw8*9-*?K-A*wm~%T8W9Xl<~1TgMsQmuMeZyZf8L
ztAt|<2leheC2Ph0PXBde+`gxFtmvb~r_X0{bS1kUyo){)oNuJlPkg@X@|}!VD|9aD
zU(OyLJ;W%)KI-eRJ}dgWhpD|a9_QQ6emY}Uk6l?&zAaz%T{nM-?UeJ2J_bDN`%Sf}
zVM>=97eB2nS(*0rYbR5?le4l)lG3cb)#pFl{lpCmatl~6LC>%G!3DF==xD9@sAcxz
zq~-X>j0Gua*Ak=~I)>l@PgGNi`!qfCAe*gq`dQDuCX005vKf&J1VwX`a#LRLj~tBb
zVjg1=%NYCUQin(Dyl3Cl%}VSR_T;2b(yWjz1D{A9&J|DOpYRUje>>vZFUED1yGf^S
z13Ir>VLH!dPI|xT0e(+zNf%$4d2NXEr56pa=fqztxVA2HRhO%c`}7`f+q9L-xbrJK
zzC~&@jY~Q6af4UO-aoS)L-jB2Hodr5H;CzQ{QHV4PdEeJ-*x-h$m83Dv>P`?zWE*W
zH8}6aW*^J4JHEms{W^E-)1fiRtk7QnS?v3_zsha@=STc_Co&FfKA)ofyn$^YN1T{E
z?DnCEP;Knil3tIV7EB8s5>tF5eO$C^PPS3rB3?<{qzKJsg3}E)4Jk|?^sjR27kuRH
zK0Un`dw$EGJb(AkC$=7$nAJs<C1TGGMZ@0RIQsTff9pnX+}F&!rscbK&-21LGk5e@
zyy}?oA)$SG{Fu0-d4YzbI<M+KEFk^o-3(QhlGl+5ACEoJ$jND2aH_%F95)NM=}u}J
z3O!7E#Qn?**?7Y9!4qGR>gs!;DN5I8e_i>H-2)Gi_9vGsH|A-zF0nm4>(%Cet{yPg
zp7SYEGhx^6|1R|}x!&)GbFlG&UTch7`ELs~R~?o9eWhmMXJyHtptK1ipU3%|F<s4)
zCck|jrDS?`-lo^>64ZlS{^`Hrj80e2uQy^xCJoa$ea^qvmkvcEG&d#=p7AEK@n-kX
zFY8_PZ#Ey+>3v+2Z^>R*n@NukU4N{$CM?wP<WlyKM&ZZp;`;ZPiJM-F89D3om*l>M
z5eL^S^1Qn4?8jN39*;XQap_?H*hRZH3{O2R)X-^s()jSWm8PA$wZ7c#!TKXBhZf{I
zneW;BeV)~)!C#`!TW!93Ytl^R;M1*4Q*UMtOlx-Y-pwGN2ZgWNi%Rka1|`f89%<S8
zQO|WVQjG5PUgN#;w2g2`dfQv!zN0q2%GX=|;>eExp3|n&{LX7GU*Ftk_`lh6mTyzN
z-?yvpc*~EEx<6X8sK3qmjq|h`XZWoV<@F4E=bo49V7YYcFvFc^E_RNvd^vcjTTiEx
zdoA}fX6@#kaQ(1&-(l{OVJkl#^USpQ6670mqSXkMCyBzB9F;|DZ#HQA#eD0vpXwTi
zSe^9Rce>m9)u_}%+qwxFX!XbnfAGCH*KOh?O@4gIzri8zY_jt9ProjG7(35u+^5eI
zk2*cO7T9^jk^Q3wx+tA}J?BkAX2Qnw$Foy*ERSTFsu*^DdF1})^;+u2-X#z1V?9=$
ziR*RCyWh#q<L+o4(ChC#xJw>u$IJ<1z6|WNdg>uN@B2E!F`YU{^ykmBxBLF(Rm)X#
zc6zSbk`ZU^$TJ8JP5SK9z@uUBz4`z3`R46DZuzx_R<DQMFbOlYUElHMf+gGi_ngQ$
z7rv?A?vwrct-0E{YuhJZB}Xme#z$_w?`(NBMzwo_v)UV7Z<}3So!j!Z8657ntkca-
z#zXen<$pZSZ#pevpSfP9q^M6P+n@vX<4^VpY&|2k>Gwyi*0%U@C!zZr*OEtz@2t*y
zvT@~3zm_@6yjCqvXm9)d#cG?)af3!!F2B<~boF)jS?9vu-Yi-?;nm|w*`t5naJsnq
z--6L5d;E5VwHy~6b(in3(S4jxP)z7Xty_18yj=HC{e7do!@7L;y39*iAzEVj0ehQ#
zmVY6<S-{OHeJ8eU{-UH|pB01KDqnX>%4y?!vDMbuFNK%cMFX`ifBxr#$<0Lr4X-M#
zS<>=b+?andtgWrLFZ0?nf~&@J-4e^++^FMruUC(5EK^E7+j9As?l(-o^j<k9!7y{}
zo@KfQbNxMTA8Ky1^vTX%4rBTM+-jop=#KFq4gGX}!+zrRZ3gt1zd5tS#K-Pfn?)Xb
zr?+&_=zZ8O;N#f+PYgR}?bnw)_*O7y<23x=hps2iy7+!e9QM_{N5-@B<C2CSx;rB+
zB}ZrG$LpeK_pNcmrtZl2k@0l&yM{XM@oPl~j&7fN*XF<O9}Zq%Y`Gcn+^pd7iN2|y
z=Jwh&oY!Kr`HBP0jIfJM&s!$B+<$vjqnXi4HNm2S`5)Gtj11i5x$5%eQMWeia?jJ+
zc4(&B<0-M60Upw8sax)Ly=xFKW=gLA#|cX^KYZ%{aP0Y@zHg@<ez*JZx0_=IP7c!a
zT;-z`zLMFffm1V!c?NmP7k74<)@fOb4C^(;?A@HArTt&sWS>mwmfWF}$NWP@O*%Rx
zhs}Mu&}L1n-q=Y|t7a{A`ccw+eY?V-sF+sKvpY0z+wxIEH^(tsyWaCEoYiyV=oX&~
zmvmaUg*9sKO`W%=*Qd=tmApO7Xuz2{*YmNY(=p<#!Q+ybO?2$mmZko6a8}wAi|13X
z?R5UK>BRVOSCa-OKF=DrXvk})Qx89X&dI!PowC?+?OK=T)}Bt9{Up0|FU}mznmT&;
zhr3OBu4%e3Vok@h{}=_7*cg0dTg~hgY3^FQ=;-#e$5;PraB>INJvq+P@xSyZ$?Gid
zeSIDIHDcd|d+s+fj5V{F$J@A?zAnCWc+o0h3;u1-@rN_@N0<+f@m^S%5}7PYy-=_x
zfAxgJ-}L7eUtZYqLQn6b)48Gj_9wMA?HoFH{+<4|+MW77){kv@{@KBe#xp*OhTiGj
zaqwh^!b_)*=9=A|>fbeg>*1Bhk`_nv-i4Tb>#F)LcE)q9P96^3efII4C5F4+8m$gZ
z>G<OPH-j}v+ieq%&ig(iZ9R9lbHS*im)gwz{82sUT=#yu3x68f-&cS8{xELI*6MKg
z`kIOVxgOpoeq=b|SO=>)$KTA&iWZHzwn;sw*FT#&xkQeia&3LgRVC)eX)lc3KMicu
zo7*q7MNznhcu_%@!lAQ#itcTdhHN=@94~nkvPie<#tkP0B?a+rqn2BTo291BYx1#U
zWD}eAOTIo9HoGzUSXx%|;pU%$u8i#wV#nXHz5D1VZSDSPcSHT{VQY@<t^WBR4BCfe
z9X7g?(%x%%<V?HZWbRJKkG+q?dv|hAUD(ZYTNBTnOAizr=pM1^so5mqjC03l?3)~^
z+%u+uXw|_Mz4sO`>Sb!n-#CQVHu3y)txwS-th_WN&fy&w<Y^wYk>+)G?&Ti!b4mku
z>jcx{NvGO<QqSJtl&ji4vFl2SZPus;F+q<u&N^fIYRr8b!F-j&H+9^P^Rz8zpVroz
zG>5gk+kA|(*!OzMHhivV%DJPHn&fV5^L5ns4?lx7RDKq8y7ai^vHRV<nzlKSsoiAT
z$=2z&HV<B-5<Nt8ckSe-GrC>KxWD+L-c0e>TiKJ&I9%H7K5BCN^d(n5%r`CWbMLLS
zZiMUIpg5yPLxVc6S~_KiMvG9jaOQ%rv9Is>tkAlmG0~*kNwwxIXZs1+$`kFqPB@ME
z#P9Iz;SrtSMloZDxNMlPwY}k6%V`6;%;~?S<=_)j_Ssvs=)~IhaloJr{G-jA9@sZ=
zsO`>4#Y-%=KA#02NiRurZuZV?Z(wBNmKJl*eeK~sXH$Y%;dZm)_{WPz_Q{{zZq8k<
zg)m;PbGvJs(>@o7@_FhiO@Bsz8PR6$Wu=IJGmd=ix$H8#v(9AA&gL!PKVH{QJ@oU9
zN>h`dq9r#Te@+*?h_WAgt#A-ibD;R}ldNTF8%nwzJKq1mkKFK1OLx0Bf2;K=-F~A}
zUYyO>!N(qkEjt(BvvBN(4_&NRr>Iz*3cT@zx%RyzppD_AV8-~KEvFvnJnCD+xTL3D
zW+oUvYU{i(`n}4L3$6DzvfuEK&;A&vGg#`tZlg6_eWL1>ZZ>;(>+Zf8_OjvEeVF*!
zoYuWIg$G1j3=g~0``h}L6H~a$zV15z=K1q6uX8&#WM)3xaxP)R$@qYc|82@LYW}E8
zk=pQ9;Vp~&KLi#pI37E3d~^GLP(8goZIzT>P1-K$da>k)@4C&|QBPBrF1mH5%^Gce
zx8~U|H`-X;ShC*lW|vluGaua^zs>v9i-f1&)_o1V<vZV8{BF<FH;t!7c!X>lp0aw$
zjLsf{9m}VE_gElOz15(d$G#7{!XqQaQ^S6YdT`+SBy7Nt&hVettZiy4_%;IXFlw!T
zgwoK4`&up>A2Z`6Q~F`?BFE-?kDiL%HL(}}nd9C@MXy(7#-H5tEavFPi{HkLv_1RC
zxLFgyLpz?gy-i`)^pV2BgR<Mc*BKNsDrJPNHgoip$$ci^!(MWIH%lJg|MIEd`L#Zs
zf*wv1`{;C?qk8t~vx`B?w}<k27__~#d85Yd7kfN6bX=J#K9%8X6F2D1*qIGAPTB{l
zF3_K>%(d9F&xse%<}_>Q(gQbqj|O}wX*JI~|IL|Jk%Nxwtt=iFZaTc^g7w=Z>*fZl
zbj9EH?q2aW<%(1O<fiJao9*ASvl(w~-uljA%f9HSm?rI<a@F1TN<^mhYU?Y}T_>v^
zzVYABk=>NEFAhlPJU4S8M}6Cp_Bz_ETf6}#W)r8VYL4z=c80N(f6uC246lRJ^`75)
zr?tJA{^9cO-JkdyMmsHS{V-hV{lI2fiBZm5&jb#<s$;Bc(e}cJFDs{>_8xiswQ1{l
zomWlR5|Mf7_M&vHSBoAm`DP`W^MTpRxlnDSyK4HibIZEkDLfT^%XHzns5y?~9&Hyi
zOBr(dhG6o@!MWTAi{5KIi@m$SWN7>$rNO(#>zJ-{G*2_xlvUXC<k@BkKeib5Nm04^
zSmd1(X_*_T>v=qU>T+I^d(T}<3zA<(q_~gT_gV+HiQ5?La%%JDpx{oI`dBBhjuqPN
z%U;)XV8Q3POP@3>>0;-dlK$yn%)3GP-EK_^*|E0Sqa%Umzdks(Pc65Ivw|^(`K(Pl
zn@4RwT6+4o@B6m#_7;z$+3$vKX@B8ouP?JU9yu^xJ>_vz-?c+Wzuk7$G|TR`^RVyd
z-nCn@D1X(<(fScVymxPI>FJvcnm3^N)%inPq%^b3GhuNwbT14(>$rK3Ru{8~Tegnf
z8s2Tne3<pYZSGx5(cIp4{#fJqu%Wix(HDb8x9;V?fB!PeD^AS|Z%dN3h6|3kPFK5r
zaEp%S>}=r}=|&6dL5X?RJ^u4DR?|?s_MlJ1h@DLrEsvSE?XsW$_;2Ae*Gl#Do(+6s
z%<TN>eEPFdACBcr^ffs5Hq*i7XLn)n%V(pXZ}{xyHo0Jfduo%3(~m9q@14KTr|<2@
zj(vLJ+=$$Q<(zYjSoIO=$qOA^{5VT-=NRP$5d$@Q6+LP1(8~Ae#&x~)y9g)kY5v7%
zw72DiyG~awKMdCGcuU-MlDU})Q@zpGFDbT}4Fb9dE}LB4efFZ4@Is>>N=>z%D;tNk
zX_u@#?W4m@hoT|rp%*i`BAcEq_IKIH+wt?p2<d+l_SuaXHoWzodB<18ji0ptL`Q>V
z%x0ZeO`eS{y6Uj<N7VNwcRc#D=6Ace`ZD|<pzAKS;Wpo<byA5vkCpcC151mzep&4@
zyT^ZBz0!W_SEqT(FI>jXd-=U+wS!TBt@aIJ?-g3fgVwds+ofTakfLrgsN3Bb&g(51
zt2=eiV8z8}=v|5W@%(_hleJ&MfiB4pm2PXVT$~p+X{D3i+68B~bWE_h<Ne<WY1hIP
z`)^Im$nUghb7G6+pKoounr8Qj8uH5Y>|NFS3xdqzW=CAVIpA`U^lSGg&12uVH2k(|
z$%zS~=brbiqb{FOnKFO(b>6_8U6MOJ8j`ScmY>Gj|3-DmF#h6jz)#p?%dWNyH{H8;
z+&pxoudtQ(kt2I-x<6j!`A<>Ck4wXP-aohH4)(VB*OMb&Yp(7$H|~Dis&8tuUp=rN
z^|Jf)d4s;R?78J-GehpIudX+x7Z`$@5%UW6Y|~5nwmNLTUIT3H$EX33Pqu&SI5~Z(
zOGNW!UJqD#Y0smQZIrMmaaw%t$L$f4Ws{%bLs#y;P;jC6c+vE8(o=4k?^1^prKetL
zqWQJK4ovW&N6ta^$#q=#|1`$Mv>ZLj-(!NE%C`92&mksz|FOSq`D0wmZXxbTq8Wn5
zdHT!!GkRW$+CHy&N9`A@Hzf}=4%}xl`G(=eACunfGw)_?V)5#!j@C%EUXwgh8b1wN
z(NE>u{Wlw?Ex4}B+@_jvGCcV6Chx(W=i7c9mDAN_RmM+~)DbK5pYCkDME!m9$-$=I
z_om#_H#}$c^33{EXAg!%bFC8+cE9NV^dOvgH&?SbdL{jzPPQ3%`?%s_dz;>#qRhZ^
zktVv)LpqK3p7QqT_+1m59~<PpB{6ZZ1U5eZIklvhm0y#KsVtoqz5Cko&jlSgJ?%SV
z*^XHW*RIWftYp5B@kaI5mi4`Yv;I{{A94J^r4v3m>7&%Wat6)o)p^CpecM%9_8NNe
zL{cBMu%4%fb^Y{4{d{k`f`)^N#0G25ISc=7KftJ4-=M83qvi}=Y0K%WjA^|&aP9E?
z>xl#UXf;{h+%0n7v^}Gn?{@W?d2qzhnXKT&@dvWfIiv3W*uHUzuR&4Vkz0Gin-ruw
z&-3oH>W0^2;TX35nnnj2Nt-nJp4dQ1=^}$QD*EoA_~%`7(^`J{`g~e?{DWP|Td=vk
zKY7KtJehD~Py0Qe9F-gCEDrCIG{NSSYY30e;d#Zg4D}q%uDS0^*O+y+$!Xo>wA5D2
z7s{qPl)O{ge=lk|b)b1cyvj;tlLr0o*sW}M<aV0hcW+Av^QlT-UaI8^v0f~ew}>@K
z`1w=Q(Q#q8&YE#94SR5lTFqL&aor8(>`o_?*0jE^(s_~6u09+U-?aXrGkwi&Mk}>)
zN=a!mW~Itf>!hrC8q=1%nRIhUlO4}b?>uya*?B~W%Ffgn^@1E9?Z(f4bht70U2@kE
zjYoYPl{`!<xVifF<$+87ff7w-Y@69-K%#j;Y{(k3iF<IY9<K359yWZDm=hSt<NGoB
z+)$>7D-7Xzb49Lv_|M`4c_M$55iAt=NW8^N9{i8O!XS>AC*aHS9mzZ^ULbccbG)HP
zZzj{3>y1DlYJ{SrxZ&_>46kmSKna2}@o*RN#0ayEy$#bBii(&aC{HAZ#*!xlJOUvq
zJjla|8zg`#_G9`;f&+Qp95L62ENEwA$7Zqwd@+|VX1at2(_FB_AVoy8;mQ|s{dgiV
zSBP*BWsoo|K~S)Ok4oBD0vW{pXbC5f=gZ>?A#UX1SgHg%!w0BQr9}3eAetU68xq-^
zkRQqH8ten=0+L*Q2u~>B2O(M_G2%jG9!yF?@`z{y;vf#+hY7WT&>EFW%_)TySqTDt
z2=)w1^L>dlk+Z)*DE5|!30Y(+6H%!mSqkWq)}JdMMUdX*mCsbvKB`pSRK!z%50;Qi
ziX^KEvLfUajyNk-H<zvo!n(M^Qa(znAM_&RLEl+wjSiL;ET*?i)mBi&lvt&heIc=w
zZ3`aXhtPEx7j(e!0+FCft+{-zkmOk8E#w7@nSx*<LBJO=!Je5M(po7vt}_87vu}j3
zqN<1b=23OaBbk<ImoR8KOO{m_s?bvAgP>6Xi;AXMxvso8-jgN4q^_L=fq^K_3gmM5
zl3-`D(Gu!$7ITDz#g(>XdDAB}CaXfqY-DknrO0uwU<yQorcA-u!;vHQCL9DIu?-*E
zG-zciQW;TuK2#HiinZl=QB6!<1!8EgVC`N)4yt_l90{<ms2NIKq&GpWg=&0=CA#q$
z%N&a+92$ENlN4PTPPrF0@-n0?1ac&NZ+|c_uo>j7M6#wTvpKpn6cF&O1QKYOa_x}R
zHkTu$Q~;JF<OULsNe)V61+7IQB)x>3H=*1nlgd_*opQGT;%DPi&gLQ4Psj;k@_eAp
z5T2^EJ(X!Q<~|`@Fa{B-5ILUcWG+yErXWTh7Ae%3=f|g+HS%y)5RI~N@EUT6M3&q@
zu7a_#0y!cPvjVQk3}lng{wt_MS>vg=;uK9m(QM31eIwZsgoy_e@|cT6+#s*OaMDr~
zy*aQ+=E?PGa@9jsfqah#WGK0&O#>Gn987gK$o^bGFcD}Gb#hM5_V8xnF@3tcJ+mC_
zdZ9u@--XPLi5z`tPlDbgq$-0s-dr%HDH3QssJ|%JQP}ao00>xL(zu{U0lNclCKMo(
zFK>kMoX9#q1s4aVKy>l6Jt``^0-LiEa=A<q;+3!-^T0p>^vcN6WNnVfWeI}AQ7Rf-
z5N^Vb?8k|B<i}7Z@@2FirhS{USP&eHGRr$Mrh+vo$Wc+fDq8XsqJt-RqG}l_xRR=!
zK3!1}RaK*$-z?jMmUf^rjfg`9!pUG`#0ZS?>|F2`d^X?55?rak&ta6gPY{o9Aryp)
zxR!x_Y@tvfwDIE$gj^fq9nx4FzBe}zUYvtDp?tC&nWpC;5j*%=@<fv%3yf+Q(~xOy
zZ^<N*?FCL=+1c4y_m{*kTfKU9Vfo=^K~4_JN7<Q~<@4X=z?GeqwG49MDhKc`ivYkd
z$b`2F^0NQ}lS;At{QQdY^U#IzU%di|^5ru#SFc{O1jBNQrLUkoq6Qa+(7}bh%Y@wc
zyu7P9#o5wVugLP*Ir&(=^s7{wk74gn_O|<1a}YowS&GR2+Wsq<A0MB0|Nd1#P@G)|
zx<VI}|Jq*K{wtKn-bG-k*dA;hBbl+Dv4OFXv6-=pv751nv6r!rv7d2(agcF{aglL}
zahY+IagA}Eaf5N2afk6A<1XVK<38g7<00b_<1yn2<0<1A<2mCcBa`upk;TYn<S=p>
zd5qVL_lysWLdHi%5#tl%GozUCh4Gc~jq#oFlTpHuGP>g3@j<v1ZjbxpGw}eNg~#9_
z#2t@E;v;ZpT!{C@y>Jm8gb%~RaV|a`cfu#*L-0xXaJ(DtfrsHU@Y%R4J`tDT=D0UL
z1|N&}!VPg_+y?K5o8rE>03QHYN8#geH{21Qg<IoO@n}2_x5Y=}eeh{`FhKXfC*az+
zE<O-v<94_o9)<I83)%c-4n7#(`{Pq^eVhYtf%s6oH|~Q+;3l{O<at7x4unv6pMtx<
zn;18PUv~&SaRb~4?+K845aZ+h;ddlH5`G<^EW#Iv#{xbx0;4-X>*3?^E<{O7IUdT}
zHkm?HKh$qdF;)Fwh{!&qP{9bIpa9GR@(bmRFXt0sDI@^)8m@u@(lm%)unQ;-7l8nb
zk&My5*^p0K8pTt-R9Wtl68V&U5)hDI5)%^-*R*NVl*xR`KI!~<i)a8cUuK^O0Lm|t
z0Z`?E8IpYk*U*FM;KZ!VWjH!H*g3j5IoR4-n6pN)9GqQ-X<KRckU1D|KTh0W4o~O?
zQ!L+b@*NTlWNy$FreF5lQ20lVhY9yZ`YDzS4e6(bnlcT!-a!%=*ig>VPT<3J;)=Lp
zqLjH8Omob~az#WrCod!h(1JclRsbcj1R^mcTX6zKTs9xg2k5?~483xGQC=?wgv+c*
zeoJj<uGobm^y7+QB<ybwV|P+CAj*=6#DXB0Gr_yPK+oR6g=s_jd9DwsXex>%1IMh*
z^5^jVxY|8v{c(K4QBiIv>Ck080QEwNheU)v5{({UBu036cMcEO5K=jSgXk7eDv4>l
zCy4@jd}8qDVaMU2*)!@z(2xd7SU`8|3`09&Vnjld6>1?7iv|3eYfrBt^*L%IgF~7r
zpDR-Xnw$bh6)S5zODqgzhlquQ<%vATgG_!xu1I9$!4Bhz>1>jBP*W*@p@+Gx?RYt?
z9tw8q8tfWOj7Yhp#55)tkO4m;4|i@L%o1cBvcqHt8iF3j((5XOz1j=N+Eqm6P1Lx^
zgXrNYRvZOT7a%W<jwpvXcP2*8Oq(E%AD2W%6e9<AXf!C`Lop|=SQw7RATW`JF{!zY
zr=7Wty$fN%dUDdr*&C<~4g72@$x#IqF}Jj{u`gEy*{D1d+C8jzd{`gSbF*Q)JF%e<
zdzfJlvY4W^14=g@H`IyC@d1?y$i)#oCs%uO_`5_lEOQqd2m8v4+7k0L7@-lGgf>q+
z2|=B_h2g<sL8OtsAI~>}jCdM{a>7L@p==x$2e@I8hWh^Epa|j}y}{@cQi(SMed6YX
zi9~@R0LKmEMi3GG5HCJgjN%kMLwR~e{S6F!xN;ODP2{r`vOK96CrlhD(ua93g>Zm;
z2{gHpL+2@rPv#1}xIzJuM=<8Cz@@jypCb%bU^5`tk5&sBVGBhZeMq7dgHp);VV<mm
zp!x^YK~eo1)qhYu2$@gzWwQQFIR?s;0CMHg_y}Fl|HQ}u=>CTse__}b2D-Nq_jX1q
zV+Ug=gMp)4@oJ2tJ5laV!sYJ;_yT+hzO3Axf}?v2zEkerg_quY@$&b6y!1YdAN$4q
zFRplB!LQ(VWcPiXydUD|UWD&}`x$jFg7`BkZ4rJ$?k3^>!T*8WMfghmBCd{UV)OCU
z_y+tMo`Y}1cN2L_aryf=q|-Tw&H=cOL-}Ol{UGsv9DdPVN==^1T!21~pQP?fIC<Z~
z$$J5#^hR)qOOjKP4x)J+PsbnNPw<8KK0E_Yz+b|h0I`L{?>_tp@kXX>BVy|SG67G8
zkc_XuFTk_>jY^Yc*5RA+ZA6J}R9Y&;7UD;V-(>hb0Wp-akGkoS2tE}8O@)LwgP#LF
z_u-1q1&q>CG`59Mn#8*h|G_}m5ljNu+#UQbJ{Nz1zXI8j4Wi#;_+j{+3-=PRy{$xS
zE!f#yygh{F#C;Rb!sp?u@b&mrJR3?O=+ZK4@l8<f7^H2ba!xV!f>oYkTmh)%fNMY4
z^f7pE40gQ>xG1GI7xY0>LEJE)O`OKhg0=jMU&gQF3mCib+xUO@J^Z{}Da7>xz_kE)
z+zYL23j@))15dI}&oIdQIi88r?`Ifi8HXUY2H%b^#!tcTAzYQXOCc(Iqsy$p(VHUF
zX@VB{yNAe2gI`trG~*Helz=CxDV9Rqlue=IBo+BmBz8J~IsRD2gHjY8MFs{u>6?6K
zL@7r#g!~3nIwK0D%fr#|rB4K{0_6}~LkOkN48SBGLlAVFd_!dsO_WOKkeHRJvSptL
zu9U~pGDs#eR!S2iFTy_)4jQHzlz%QWzbHFDDV<+1VW!2z)iA`>DFzlr;jGD{qWO_*
zeu5Acl)0$+6Wu>mN{i~BD#$1LulK{H(lm9cG)e^)7;qw#U`o=`fZ-(=ro@2qAS4;0
z;F$)A?=dB%FPIWuK|tvh=Ka8MB_RA00-%#!N|+L+p`k&<^^`EIHN5FTKq*WJN|-YI
zV!u#r6qy+nMZln6c*WAv(%=a%7?490fh_TWU&H~)hQf#-(pY{N;tdPKC{B$Q=qNFC
z5y8L%MlUctLgN^;_{j4{31#Ed@TQ+UUaq&d99o4~WPf=;Gz=p+qBxMn$9Ls~`isTE
zK4`4tLA{GSy#sl$SPGeF07qt_Hy9+5!#E}hKx9+EB2Too2%A9&5QL%t<q|0X7k?hC
zu2PGwp}fFArWco9w}T~dv4AO*@X6&@u|F5qI*FA%m_nI*iGV44GOmEd7uHWjOxVzY
zrD~>t&kPqxgiIL0`7nKiyb!KF6lVGJ0)5at&YtV1P?qLE!spR*N@AxBO#uVLdm~)T
zPyxTY7_o`wy)=hBaYam0?2)`G5UPqv_)HXd7NM<5rob1ie=|iAFG^7&Sh+=WNUo1Q
z(*?95pMww+!kbhkydy^lnxmvIs{kRnIu3*@R$i_7q7b9?`${UMlrKkt2>wwE=1jUy
zN^2z4pUbD$@qO&Le2Hw|#r>BS#Ii)dEK7x&D32a&2H6@~b`O*@9GTJCqKpc0z|@sk
zEr6X7azg6^g$Quc1T1;JzFg40H`h%NC<)@CN+?Z3Ya_&NaA_u5+8$+5o)%z-wFRb}
znaa2$DcM>4S`}17Li(VLlnr}cLT)wNqFixU8=^3jrwE!Xt3^byas|RV6lzflK0u+i
zOU0yi;JD?LqflDjgRm@R#Va-fwDbT<<%Do}fv9yOaGFj9jhHqaxoW7Hw;&i|SyqOc
zs%26kmH0tQ_teAMqRMKlq)wn3iE6Qi^)~V>2i0PI<hSbd_4UbJd>cN!B2=ONDeEVF
zBH@6`+CguomqaXU+pyLKu3x5i+N%=VZi;@NV3LxyJZW;}huW^AI}SeCNsxPa<;<({
z)=p6&t(6CsLDmN>8VzPnL;ex=k0fY!aQZalrbS$|<t>`-0-#Pr`vgd`DVH{A@{O!;
zw6s}Cb;;Qv;opePu6+9{*ED3tO23p>5$d>T`&Q61**fTg6*Z6wwac<BRcv*dFPJ+`
zqdapJTRhcFSe9rtmPhPsdV}XA&X|bh1`x<Pp>u~UM=o(-rBVV=>8L9&Ym`u$sBPlM
zoYqol?a7jy$Zpc7G>cAAAW1c$N_$hpEj<*09#5fcosAGErmEEw!|<RiUscIe>k&dt
zMlQe<uvSUqDIF*%I)9=i1qN1R*_Ad5Mdu^4+~0IS)oCXb2^mQR<Dh$<Qc+2Z7FJ}^
zG8CjIlWQ=f|E;oFD|D!p`%9K(B?O>+jXQ*D3<StlTDdc+4cTAxLxdM1XtFH5!olyu
z^1D6To$UmhES9b;7b^!>I01l80qD8f*m6U-flSzL>(>LoEFIkKt)0v*+3@bfc6M=a
zVtd*;kPGzo0&(dE7UV1DLV~L!QFNHLy+E7V1&}X-@H;xO9nAqJ1qz!@aF8=_8f(Bn
z)<6?Wt3Cs*EX@0u46?B7W6m<M=wrcVvklCRO$-fL{ijpg6fD>+Lvz2uefx%nhUy2x
zdbqbfjED3&lD?cU7h7j@Cr4K&TN`^T2XhMtR~KD-0lDeo0-JN5_5#v~MAW_!72}3^
z2XcaV-fZGY?4{U1C#h=>WtgV&<sm^AwjSVwhFmI{Fl_?tzo0{k7H|}E;B<(%@Wg>!
zlrog5i+0rHilC@2xql*;N+tjS5e&NJ(#Zr}*!z%6gc$5TqO*VS!*u6Og{dR?Ya!G{
zr$wNfkpm}p@odQHBHDALv~NyMr788IBXw|wG!&g@DzmlZ!}aAz0>z$Q96p?<)b|Ps
zwjkatc;X;VFfffaf8_|02}l^OSRonW)C7cwI!ZKWC1gM<XQ3@I7>`i(Lr13#GG_Pd
zZ)D8wGr+`v)yKqS5UbCi0Rs&Bur19kER6>l4eUSAa=I?LgC$3dOptB=QCMYhvbEF3
zK*hXa<Cce5AvSPjoS|c4HYlJhifuV<(n*fxw=xY4jEyPv+JbZv*uaxxk=y`BMkNfF
zOD5tJe$WR!iZ#@w(&Rv?6p~+gmdG7wsBt6?mBAGv0SwVr7sV6oH=|S1Jkl~mG$kWK
z9Z=GV*z!cB2-i-*afM7c{L1m-h`8tor5L7pB5FG7$MYu6wxN94^cM}`sG`iF!PHqZ
zK3JQnKD1akRb|JvcX8H5yS8$om5Dlx5|SIeirc<ayBlapTBxfHYIDRcA-Umg1Y5nX
z&TJ=VLX=YLqN5~Io;PV1NKzz`P!Q<I;d28~9IYk+o0JE&VL8~-t-*&lrG;7pwM|d7
z2Er5B!O2`-I9m*dKZQ`gXyaH;G%~^1#@^Wl*t2E3v27h}Eh!4lL%>^>bJ}pM9&nNM
z4Aq1-@8QraoDd+7vO=Tu2@Hg>8o6z6$t6!aL*3fINm#k48ypBFXN@Ez8sIzdQI~;s
zk!?9%+(7cQ1X>m#LF@$xhlqwDw{R_?g2@&}v{SBZ2OS!Nmq1n)p{K11niKs>KP@;y
z87NvuK!nh<A`Q53`~^WAc|Qx*>%-x5s0VVrhQ_5E(u#Y`j;NxAT-RVYJxQD<fsYHg
zv`FO90ZtIHc}||<AWjRQy>a9fJxmM?4aUQcwWW=d2iO8#aa8w67e|A)ib~ti>vSXF
z*sd%>9JpbYJsd*x%`6uuTW8cW8&P}evIOHE%pT;XIH=Hv<<EtlMG#gaob*1u0?yJs
zdKzab71Vo{=A)Q{(2v81PDf@kNCPruF~<{*(}Oe&!la04BpkJNft5d^aUv`<*FqRu
z$UZIU>H{lGhWg$dFS!;mUaswsMhD+!i2TV^Tlijr?2XWy94e+5h*${V&`J=>886>u
zd5}GqJT$mFegvEfA>F(O!6s_|^2AZs?IE8)dT@{N@;yGB^M~_0$mvlMvf$kBWI94l
z?xCL}JSLAc4MLOpOs0)5xqQok4@J<#fExm5Czx=!+?zNq0<JY2EwvJ>74k)4VlPHV
zfkeI0LN^dYi~>HAGRY)D$ORWm&<!Pq4EoayjSQww8=x3UCyeOS78yft(<UgiwCU72
z7=#y1LCV+wIUIrWEg|S^kq<3CS7;0W*_fif$VElskSaAr4dTMdXL&uN(U^kbDb;$o
z0A+ukpMM|(^jS~{v1ln`>hXM$wt6sq1WZ1RMg2J;T=))0Ao25OA`@eZ2zsT<4CrGJ
zBnG%ywDt_kqatbnn_h1efkMZ^jNF^UXL5M}i_ZKb&(0K~H96u;bLk3u1x)oOYf>P9
zeiM{NRUi`%?8x>PM6mD-S%Jj5F0mJ&C+b0zBe?<I$>muw6ONNWl@pf3Brh6XA1P%#
zRRQGui32CJLkZgg?36JfY2my~nTnIG--EZLSp>b(b2o1o{=kBg5Qzfw2e4vfri2z0
z4S-k|BMg-;BC|(gXpQ&)Sz&pKi*Qw7qqGEy;=o=Ee1k-`FE99@hHOU)r@3gh3Ee1~
z8Z~2O$~?cEXK@(ip$pS>kc~qeSm#q~a;P$prz2{QY+b~OY$Upu><zvoBN&x4E@~M9
zzEz`aOQFd^J4Q87-pa<yk0!vGps_Xbmx_|WFdmLt!WRcbKH`lWRVWDW2%iXnv5A7Y
z-T+L<MIJks$wae8ZhJ9#=!hAyo1@^-gGu*JQb4?rR7FfKI+88|nuIJtXvGUY+=KR`
zzy`JY)(6^17_3DG@kGQ|DZsP0Kq!>JS6M{k>CKdVf<z1=W#1A2KJ<x@zT7y*sH`_q
zv_9H)z`zlAP^pLv*9Ub#NIX*OP^qFa2O^#6Q4fMt)VLE@7gYr*I?=7kdnj`Lrr@K<
zX;+!ffgHlYXOb{;qw0?GWrUGMkUA#OlliC<@{kkVko4-vcu1mXnHo-JB72lMcv=Da
z#CVKAM;4=K63rHgLsVQ@!&Fe_U+9<6aD!;(lwXxsG|YV!v`h-*QPv(nZZy4wPLYsM
zK_Z!RRIFe)+KOzWv^!GpqZK<IA=Ug~|5Luj=##@I#YFQ!utVgrVcmt=s0{-D>+MhX
z2;e)&4O^&Ms!F)R?%?pKFaDUm@Yx!2Mew1WI2`JQn3WN}ot%Kl3XyIZP9cL6S8&3B
zO(5if+k|~X;=>`-<|Kizja^EU^mfFGnylfVCXPlQ&|%2@IMf6ax>>*vos7sI(G+tg
zL*E9dgs6{&1X?6o1byT^jF4h0=pg_9=&XOyO?#uyYhm*P{1ZBwP>DP4&E$v?4B^#z
z&^edwsbn=&)1Fqoo!JZEShQ@Q^y|J17SXs|ANZ_|-j9$QW9gS!9HY7^h2}!LCSn{x
zxTflkDC&E}tmrY2lR>RQZXO}8LQ+%@`RNiHW<k1Cw+!7H)G=x;XfZ@KuouY9u28c>
z0A7MH*l~t29Np;Y)pht(7QV_9!Dx_Jp@R;U<cPqCI(ImDA%dNtvRyK`fif;@Fv}7?
z%_Mq?X#)+W!?KK{x&2ssb2~QTSy3!lukt`cVPaGb{tM2zkRFGuKwua~48(`36$}GW
z<EOhPa&$_$EkaV5D#Dk!h;s!CDK`MEsg09(X}bF6q+<m2P%oj>oC`+x@IhS};`06D
zaI{K5oUjLn4}UBHzHSzk8Jm%V2ztsxx>Istz@>E9Pt+_rSwwujPfy&mQIpk%Gc%=t
z&>lE)<9-^Rv>uqx5q42JIMpVH9oqWxRfZPRJV+LZ8g>n4I`FwnVhbR`xpev>_6OI(
zhqjEW6M6s%`V$7o!az%<Gb3Of><$`sr4vHMx}&vTrty$-S_-Yge1?=Uf@GLzGUV%E
zUGhmZn89dOfsm$hi&EsH>?Ee9Hblz-1AVAC_=lP%$tx4~xj{#Y^yo%PcgsHIRHg_|
z<A;f=4=6oY2wU`M2{AC7_(-42G-tw!ACuHUglx$T86f3SLg7mvU<E9c;7x`QP@&~7
z;8?))lfW_*^x9@4ny?Jb`&q;Jz*=36F$UHXO7?&NCkoL4!zwRhfH0t-Na`i#{uVk`
z@7OcUeJl+v4qA7!G#*hU8UmmL&~F8AIuNQ$KO9b3PH05pC+VBA_Ob`CHd`82lPXyj
z{kFguN}b@@9zu2Lj|BRMnxN7cM$(UD=UVEp`muCtMZXK+LA23DAg$u3eL4Ci!?s#g
zQK*varXW8$vDz3yb?LVT`lb-jMaqB5{7CKfk97k)?I2W_K71ftM*pT3$Ibhi8`M(&
zh%S8r>ME~C08xUD6~jf_-xLd@8rMB4uLk<3X`?4ftLnN00R5FoD3X2&OUG)jc`s;r
zIjp`l;-fXt*8@~E4^`1d`704^RAF$@_OE9twAx`_a~(kYlhLlO{HuVjV*5Kayt@8|
zU|Q}6**`6Nb?GmK@@4Jc$nqmAm)*NYx<_mv|5H=?CQwdMe%k*^&3l{gw%lGb|4YzE
z&AGbrkAnK2Gaqq}VP+%jt^6$y4|`>4%-U-~rq$$E1LQ}pv@3+_(q9M622(`LMs&3J
z&VJ1P!P2X-?h%UGw7>O0AN5!0G8=KlVypSv!G*u!e`{L*8-TtlNgkUCbukM<G=$j@
zVj#pqh=VW(LOg`I5E3B#10fN@JP7k4BtcjJVIhPPU}7;mmq1twVHt$w5LQ6g0$~+|
z)ezP|SPNktgk%WoA#8xK5kd-tO%OIiK=`)8a~p*15K<xRfUpz7E(p6J?18Ws!afN5
zAsm2k5W*n{hant+a1_EZ2*)9ufN%-|!u>Bi(;%FNkPhJ-gbWB5A)JSB3Bm;k4H}T}
zm*M>igsTv)LAVa#285dsZb7&W;SPlVAl!wJ1>rt~2M``Ycm&}wgeMT5LU;z@IfNGw
zUP8!(@CpLrEgPOW5ON{pL3j-zAHo|51rXjscn9G<gbxr3A$){T1mP2e&kztE^rgvH
zc>f0BJA@w)enKdLAccT|Y!-HOOB@La$dea?bqt1}1U3Q>Y$&wUbTu+S0aS>%067)~
zZ}fL24h+l{objK(F{zRZFyg|%9RD<S60<u4v-_i%DUK&Fun~U>FUhGV17rUYj1-4n
z49w#9@sYgwF|c93g^S`TfPoFJJsy&mAO<#|mN+Obf*F`eZ7`7ZMGVZa#-%CBAq-5v
zW@Sm5Sc~#a59*{>4RBE$U>$#11_LY9`z3@NBNT7Ca!J1^I+g*0`Rahuoc5^}G>s8+
zWnkJ>m!Nnyp^Mez30|;El@w_12UQ7K8EMRpfpz+IX-W#S%1~4{-G%{^+sc7yS^kh;
zvSwgfl~JQ48d*6rHO*l$ur`%YqviU;Jp)i|RS`u>Hm90OP&K?c18ZK6A}w7V_1ME1
z@cC*P)+h<bl}RoO_8akG46K<#aau|bh15UI05*hy!8EY+rX-ytmsFbh2j75hBN;kc
zR&QBK-H}HUHzes$vijB?F?q~`7%==q3AD7ldXSc602{=BFSQwzy#DfB)#dvTpi0s7
zt0!5pVYHO>RI8>mz5n?Va_glIvEj5ved^LSY20QswR-VA<}|hc$+E%3tgdehT92GM
zCxx+ST9fKpDodJ@XB|t0v1v;G6J?rMxAkO2>#mMRX4W(vSc<8;8}-pmX-ebkkPsSo
zQRAORG`%{N48~h3lsuR!O|ecT1d4KFS{0gR9nKnnVwqWkGEH@Coz*3bCehZ7;?1Dx
zjwzF&2=*H>pxUy6;`9i!4&@#2>v?aTNepx~E0DN!2H{>|?(bIs29#lQw4$3D&%0Ha
zSy6!+r2*Zl)->v9)(@1cTDyTo{6BvK-L{pYrER;8WbVg+o$N|QqH4NMqz1~>S(kIJ
zoV!}*U_cukys7l2<gSC&ETCM)>NG`rbmiRDG6zXry*1Z5klUDnb*_SM+S2Pla-hzv
zf;!!IIaX>ERUxP(A81#9McttiB(-G<1M1pU<D_iPzP4m4E(f%`R!v*B7WRi%s)4#r
zHK^0|{)c5Ztm#hBAC?~I>sCj4jF#WF;ySEdDp2oUJ?gUBA5~5G>M(=>{hIFZ{lQ%s
zpx&d}($HS-kILT{9crzPrU)3S_5VQ)0R7tR+uBs0=PDpE;GlOEFbevibTC38u_g%0
zzykd~Ws-i4nzjS$8kMRXC(=Oe_TjB6M_Q8{px?KKvixx!^kKk3?V2zRu#_eIAuRw0
zwLVGlr_Ra%4@NcBf=myVHB?`Pgn$F%3NwC<oVEv6Ey|X~i~$e7aUur$BYNn?!1~on
zmOrWq;G%!6xS-pHMOo$6JPthk<_Ravymm6kmBN6FfpYO0i9z`Zvl<nufEe)b8|P>!
zE{0ctxF(DtP5kz$HSD)_(Sv~v`3*_vR`T2006vEP1|M`gF|A1zl!pZ_hW!o~va$7V
zVgWu(e~S-VA4AK_Sp5{>;<xLSYAwI1kM0c2?DzB`>s^0KBf!TW@PU+0eyiO9Cl<e}
z5t&W~SKlVeLINLuWUN5x<Tv~>aANuU8j<N_U|C748wWoA(8<Q%*GV@9X7wj@^7~o=
zPX5?Di_%N2M>D|7A3kM|^{=jVD8d0Je{cp)>7|zAUEpQppRpB$h2o`_dg;o*{^;t=
z?`a0OvHf$Jk?E#Zr^SJnKfG>9>84h*Mc~H%PijV{8zaSbQk@v^^2gWmDc#g!Jps6>
zqi>I}TIi+=1FM5Qp4w{%_;LEPb|dF=460)-@-V<no$Ps1`l<1n9Ps1v=d~kiTl(^{
zSN#s$)X`2jrJowE+5$grb)lWw>ZdaUtFsd!wbKxAG^TDeB-2svs_mu}0{E%Jb3&Ak
zYP9<S9F40h4as!Wvs43By#YUUdPc4`I_k*4Ce)pdYNI9K$fGVflC9p<U@sAPnpmei
z(IaWSs%(hP2aY`JmLr*-s=eb3JWZ-&o@hPk(t7yy6F91eQ|wf`tG1rnGcd2Z)|0H|
zRZ~;IQ@wnpLFuYnwdBWuE1zmX{@M(x%%!-}sS*&F0iNpVYaNQKYMu1~u6*l5Q!=}%
zmaf_|Fu(fYO6IMqr7hsgzn=J_J(hOWwgp`A>WeFxzN&GC4)_YFH@;|nF{{!Sa5cI9
zxRU9sa}_i(;482Sn5smpQ9k7*s?=8-1{PGGd{tj#z!|?@Iiqc?)2|f`d<p88FPY9d
z{*o>RoCW_9;@5)JB3JeeN{3$+u74YoeUnp##x(2MTgbjp`lY^rt9tbKjcL38<@W)=
zQ@!=s&1jC=Rc=+lPd$ydG-z&q@zn@$Q!nG>mNYL~m1zbzsfW2uYnqR?jLI0nTGqo{
zv@OL)lX73>)d%%<6m<=`?;e3}9j{Y#q^JTV9K1c!bDgdqF)4bm2vLVCd0i<gu!CM_
zE2_E_4Ve7a(W-V2iURDX*2%6yZwfz5v+7_^r!R#a_OI#yyFn@Me|Q(un8FOUWBrH5
zKd`A!j-bKnS$_a0e8EfN`xED?hElj-A^tbc%+P=J15WDJ^3(wRHz8nCsTRAW^j}1%
z&B=B8F9N`JUyauOZ79vv<ck?wstjzsR%;c(fr2-##y5CQ6f7JE_~q!!m4fT{i?4OZ
zP%v=pLbF1P#l}()11kI*UlXWYIQ-O1p*;KrKhkywDSU13MWw<4vIYb^#-&owUpVlm
z-cu@hDgn#}DvvI|j*hF+gNoI3N+TIZ*eW`$F%8AQR?=x@IA2DmtChl{x21Htx(qJ~
zfGweOpi@`87t=Y-%Va<wyok=LU8xp|lu&FTjj?4pYCvxRom=~ot;*A6U`aIIUsL^^
zvNh%y{DW5oI;e>K-$<j@ODf<F=-12Gp5mYa>jDnybG`e2b%0^z+A;JP^=Sp={1VWw
zPa7!XFM)bJ&9<plP{xl#Us|8iH<foJK)ZfrZzAXI&==+PyMrUwtHNlbekE6-Bu9S@
zrGBMuNY*&et+!P!%F=O=8U1~qdfs^&R_~I+#~1Z1<B)n?M<weMM#J^KD+bo{7xujV
z|B)1CM1NuL4t!CNTu&h1CDqM4^*tZVAOFg}8}v4RX<rRy-}St2MxU2}-o09D3d58t
z|Et_a)%?pV2uFFtA-xui@48jX*05i30;@5))xyH~6)!N`>0Ui77^bX*{>)NsZYWv7
zOpDY8tY_&}7pbyRKg30)nuRZYYqUaDHxj{d)EfPLj;f@BRm?us)er$!M>Pejvo-vy
z8&ydLEBCcn%dDGPgH`@o{3VI1B!n~cwOsG58!4H!{`&~ZO7MR<;>ya(m@2NMtfbuP
zmn{)aeg4L3ImljaT|`;AIi%vsWm^KkR_a?|OZ&IJbyrqW!<3YP0*(V=_-`peejMah
zQdaw=^lkpY_uN2L;d~#iq@;u^m-D`eyJl!wQ+oeOBe0lgAqQGos77zfO7MS5HUK>+
zDZ_u6p#qP_ztjgfZ1(R{1q_G^Y?x6us6<h6ItSGerUt4}QlgU>ztRdULHxllGL@C!
ze{dssYlHYuMgN@_M3q&3siOvUvJVLK={_5jB~u2iLGp=Ai?l3c+Em`J^i@~i1t}{v
zBvl1}CY81?6{vK?R)b$^4|A(THbqHm9Fyq}d|qV~WZFa6fmIUj@8}O~4OfO%p#@q)
zHV6OzB922``EO|tHar;^t&{Q^L^WHQO0-*Ll<;@72mf;laxu!FJ)}JJzwCiB8!CY=
ziHyoeo^@z{aF~^$q*S5hLTB7WW|+WZW9X@nHvf|L(0@M&w$=iE8lujM&|Wj(33))o
zQ)x}pZ`8V6-L>A<NE@_Iqp32K8=*d(p^Ryu=U>$r;!Xp@RFD&f;ROc&12b^+*Yu?c
z2c1egO_|j}?I9&9w+2g8`dh6N)Pf`Zp#LBh9ETDPdV}X*(-pKeWvmVG(Lf0Uy_LC%
zvB_U*iJ&RMww0mj;i}-uKvOVY`-|<6@JniFG=$UyUKKQ>CFlBS<$*i<Yu=w2s5OTA
zM57H^KiU9U*k7|TqBB%c!g@kYk~%^bPiw2p6KWVz{*KLo@*0vp4CYD1h)oOnebkF0
ze#$Tk0@S(ZC&s;s;|t_8%5y@d5QayXX65tAx*PYB_NIj9nAE%qM!>|#?Jtje(Lkuw
z@Cct)kp|_V{)Yb0ECG0c{u9mDN!=;Ie~|K*Y)_rm5#kB;62OOc1>O$8z$Rsr*uT?q
zOKlGE0;@a?2vveD{w3|np9nys@2<2q<({Z16MYJu_IGsG492>^in2P4;E>kPsJH3g
z(p%YcG|JF*!Q@W`dRt<Qq9N-;D5d=!oi#^&E6i5V%m9seoBu6+!7^RNw+amFD$YSe
zm%riPe!cHehqF(5^{5g}{jZh?i}+tHRcRm4ZvIzG|HHKOtDWV#@=3qi6R)fB`Tuot
zrc`N2l{w~mOs8geDfLLQ)@q@7tu=yr6q4q(9!b_(Ei|vSMo^DJ(!ACq$y%$0=C#%c
z>QP9V*LoybYqik4)*3-Q3Q6-?k0fiY7Mj;uBdA9qX<qA*WUbXg^IB^J^(Z9GYdw;z
zwOVLiYmJ~Dg`|0{N0PNx3(ae-5!9oQ1h2&258D6v>(_DO+Jluofu-Xp-UO25o)`uR
z5GO$8(y8*aAOJ+aR`irgF)Ru)sue&>X)`eFIg~-=P(T;jIbbqj?-8zCIK8C{PbL$^
zFl;OA;;O+ur5?O9A(%lxo6P8n0$BPYOVhC^ilHcqFL**yT3Q-B;RQp)(L+i;;Fsiw
zVhFP2E)}U%IwM$?pi&I+;^JZ|K{a#+#HBMrL&*fyILI#vE%v=YCJ^~0aUmg80-2x7
z_w@~oLl9(scJ`dmh>XxEh!f@CX8X+uy+Fhf{*t$lP#jSvpNy0Fe!!7je)bGtD73V^
zpR`zPX(=l&jfDIwXJz@)$k5`@2r`c77nkIOhMt$pFV4;m43x{4M*8|*5to)PE)EIw
zBja(1FmcJ{OUV=@-;6NJ33K9R6r&Ur|6&a<N;BhTgsKqnB5p}Z@Q@iwb07ibzYp=u
z!4JQmHce}OFvPK$q1>YOGgSQkJ*+w(qL^yukO^H3B15Kq9H2_n(#+xu?{5gCe*1$5
z5^>cIGgPLT2tE(T?<07?@V@0q)mDO{fl)*hQ&o*Jh&HxTodeMlY=-m;rY?Pt;nL?|
zArOW`P=}xb0sm9sJ>dER;Rl2gzzvqCE{(#5E84j#hOQ`O;z9l>c$z54gk-R3;sL+#
zO4xbY<23C3rOnu#_fl-{ODQ(*jue}GUW$!4BE`CG2WluRe2igJk7AhDQVbg@!Z0I8
z>`o@YX8?REz|RMG5x~0xtSbZ?fFB0%h5+9U;M)Q`;N80y;O7DSWPl$5@ZA6wG>KsV
zj{!Ue@EE|upWx2~_zZwg1^D>@F9LXXfOmy9Xan%W0NxPby8(P#fPWA0F9H4zz@G>B
zBLKf0;I{+(LV%wN@Lm8v65x#hUJCG1fR_Ti6yT)*F9rA#xF5rP6z-*Pi{N%7;NJuM
zOMt%v@aF;k2*4xk+W~qZKu-l|FMu8i&_;ki6W}udJ{92S1H1^}-2vVe;B5eY7{D6>
zd^dn^3-Ew<?_PkP2k?^tegwdGt3*3saG3y~0r05+KOf*l0Po%nle&U7Z9tpDK%0i3
z&2FI0wgCSg;9mm#9e_U%@J9fCJHT%T_=NyJ72v%9ek8yfA(sd6Qh=8NycFQ2051i8
zpt>GIbsdH3S_;)Ag6eW~#IW}O{}SNu0Q`A?KLYUE0lpIR!7>3p1K?8uem=m90Nx$o
zD={Cydk5PK@bdtEGQf`j_-+7SnS$;}GXXvW;8Ov9KEQ*frS2eD#R|FuEqSl>CBWYS
z`11gN1mHnAl_=;AbOd`L%!4o)!Uzc6AXKKH!oor<J3AYD`0yci?b<c$%$YOTp+kqT
z?c29wYuB#D7A{<f#m2^BQ>RYF_<TO*<>iIBxw&B@M~=iyO-(T)BO^>#R~Kv7t{tYP
zriQ)$F2z!kldIcLz0S)auGg=jb(On{b22kOqwD48%$%HZAYW9nUcG!tWWUVJoRw9q
z2vJa+6F`>Ne)$;yv;(pfa1^|z%g1WJ%+$^+C@9DZki$`0J|_0Fb{t$m)A9mxir-Lt
zmX?o6(vFJ_4-X0gfSlsILJ~l(d=ilzpdBC(06-84AYVQ<HarM17$7JpF3zX&W&Fn^
zmBfa}1qEpbsN_XfSiU4Sjx3)OSwZ>PNwMKbekdPMQTe3sSkNCqKPRVx@}ILv{RK@E
zL`LS7=l^9EReqX4P!avlS+RK}{YuJzj*ZL9)7B2Cto+L?kbc@UlwBeH&lG?lG6x0{
za{9}9l}TTDaZp?(z)zn492IntCYY5K0RI%q7r)B9OI_O9pcnuT00q(YS9~|Gps?_5
z0o=$^wN+FAL{5Kq3kr)Hy@ESOqFJC>P@I*iU7QEw9J>77!h*NbS+i#4yvqyF&dkv)
zD99loDE{Bvl@ud@S44J!<gK>0W<ee@RNBA_a{>V1odim2hBpe=lxk~B3SMW@28b2p
ze-0>kSDddYc{l6TECe7457*4srpjYjLGkB+Vol9}EQ#hU;G_{?k-W`Uk>vw`re<-#
zymu}0G+#^S0TTAx;@73wfZ<I+OX<5psJw!A08!ZTO+i7~cH9yxC}^poDam~YO^nL@
ztK*a+_<soHu8PL*8X6h|gdU7nsxy9<LkF)>#J{rRnkX3DpfNl+Z{i<xT<8q~+$ahC
z(3c7^_M>AM7Fs4=CSScwT&fUPQCEnEhC-Yk@Dr%#qc}AKP{CAzlPD~dCOIFXQW#ZI
z0Av&rR0sfdA{YI<CjewoDc}r-;iy#l;|g2^K(Go?8WIo~U{I0TjZ1>_uIMBu(g21X
zp=36rp1*qBfK0W{$JDR`jjnb%qGWrui;F)`#0(Y+{Dhn!rZ<Pr7l@f&T&7UMXY%+=
zO9y9Wkidtl->g|<9SZRa<=vMzaZfL&gQwN~<y#=G8?<_PGLfFP{3JY+dFz*NCZ21S
zrx4Fo#M6oA?T^aRd^)l*%oYwiC1@sF(rM2zwJuGRR2pMykU|cMvAJ+S1RaScriJJY
zy~B(U=>c8zlbAA65i%P95iI&4p5!A*2g80s>WHprocfE)0K<|YJD7=K9ex2;E(_oT
z%O#d3=!>~wVu;>q3O|T1B&$pac!!ILVUzTQJ{&Oz!|pa96EO5OLJJ6Tml;fy^@ZF(
zfj5SoK<U6U(hd6HL;f<u;5)DXz5bupfK;rb9AGBZY{kSh(xW4ElreE*lqS{GKq(2f
zI?Bdr`M8<6xo`9!Oj4Zg?B<>jp`&4ZF-Dq@A#M`Tc*Vrx67!fe$)}i$31XdA2@k|A
z6EYy#vsfB+#=vGyE473#k^;~3%Es8l@#zVcI?DNt)lXd<VymMnZe%uBb@oNcd*d`R
zqlx-qGNY-PnQwxsZ_GtW0pvL+Owef>^T^Fz+%>^PM<eEzxP4TFjus~Nb;=zFp3EuX
zeXbKchrAy<R_tVy<_Uz<595wbxtk$%?AU}GP$btmSD%8_rC>vKjHNN3Ls}<XN=WZ@
z**BqslJ5{LiHfzE*^m<9`ynM_H6Yx|!ooLtFecfRzj=>RehSja+~#f|YEw{5Q(yH{
zw|wJUS((jkr8@hT<h^gSjukc$=}i@hYJAH#p}D)U)E5|N<CgHg*9QPrvo<#;G9Xp*
zZXy&3!#vZC)6C8^#at5ubr#QjlM7AP&HWVeR{x@A>=r+LQm$i(RO%Mb9uq%(Larse
zj~yG&c1dJUa+FHOWUxn|R`34`YE3E;$4e&VZfcBSF=^^Co1qg;WRGx6Wa~Kk-y!pJ
zXF+BndxB$P%<S({siXe|Dm{QIGzAJpPoID#^lJ(^B$RW4M?^f^M?KaMG83kU1q_i&
zd~$mNCoyTDWILaDwqv}VzgVZ&>F6)Ik~RU|M<=phIZ8D#go6F*Ji7@N&-PDXJDTM;
zPGC<+oZTP>hy%(*_G}QsKX)A=RU+FKm^E?qKS40%pTV|8vgKZYL!?Lulqc0xhD;=0
z5@eA|0A0-XUk%BQ8SF_&Yq?2K0!%YFKuIcb0WIb3`ze)1pKUrjO+3L}dKXCI8GuR^
z%0TqI^1vbIEe9$AI!hqZ%F+KHngL6K0c#Rn7ia0+M7vg_@pP&z#Lp{h^)`ba=6Opk
zB`g6%N<@n7b$SSUg8HmmAQu2de_=$bB4A6c5)84E@B=JS;*uK;&#`02drpi#7kDw<
zHQ`P4n^w@!PJ!Yux7;z13-w-<>i{na(^WxLMe*$S?zz_qX<9*4s)?!z)G-eYncQ-_
zA%ux`Z$>*FPwRqdIJ?KQRpTXZaudLyq!QKK7APOeIlJf1g`|Z0F^|+^PJ<=~vEQi2
zph19J?hD`_$o|N^4=>2pz9g~{?H}<HRsUqb>Yh6k%7T9N$&4?@=a963fHpzsi@!es
zr%S|s0JRSACWmGOk^KoyRwEW91{5NoaLNF(+}v{?K%P|c#b1Mfd_u&2K>BT>3~-Zc
z1?&Mtt|`H$RPw%58QVb+B-sXdLWX}4s_5M1P&5y%{v9ubxU)afkbCYdNOjA7^NmoP
z>S#xjb&wjE$#sTI5VZ3kwrWT_#14|wJ=Y$RohcbD;9ZV=#4oVfjx5+76>N<PBC*_a
zHBmvxZU#@p`z%Bj>LWKCUVziwDJWsA=S1VQ@fXi1V_*`aOAW#rGTjos<PIl*67DCm
ze>l3wOMWCk#UNqaayLS^9zFdBCRUC~6E|^ohZN8bSiU>0oX8IDM5A}hjR#o&=TOZ5
z4pBB7;_kWczk<o;zJ^~#HfFw2hAMPJBokwPz-lj8MAHoR59F$lW%Y&90a&gTJQChh
z5CNcAl<wvaN@pOb_7IEtEN<wQ+W_7sUQG9Y1+<~#QO#Wr3K%=qI1Qxs*U+XCqe~M(
z6%-FrO)aQDIZjU50=ygG|3B=#33wF6_C8$6q=yK|rnqut01;G(KmbFCl8^*JSt1~d
zfDn=i31k^&5)z2Ouw(&2B8Wyrj4KfkQCT9O#vK(Ey<SCe;mQ_70Tl%|`g`B1?wOt}
z2;TeC`~Mz#o-@@|b?VfqQ>Us<RaaLV{8T**D<?J12&}4r&w_15oQkOM%G(T4&-x~T
zWgI^7@{uo;AoarM*P)<4JQiO0+-GQB3!jfZ0q^RC@#|Rls)G>H!UCcsRK1Oug#*^z
zyl`&33i#d<xfYQV+l@_`w^c?i%of3lMw65`=5`}~2T^rD6M*u<x!s<TB-dFeq=SN<
zb3V`|g$`n2oCpRzjfv5psuVLUDI#Txi_AQu{~&3sFX^0DqZ6uF!A4Qu2)Wz^StL|B
zd?*Q3pCKMv#VU29!=2;&jkPXyLl%En)h!4{%W2AvqpCMNbh|Q8R=*v0V^ROUS{)L;
zD`JdPD8y8BY9pHDXcZ1P3kUpm^TLI{L5*()t<b7UOk3FhAAn8`n;2B}A^dk7?fJvJ
zoQ93(zK=jCACMD<46E8>pl)EOWbSvy7z%I_u~nN5l*K@~BmTFZue?52BU0<vC6(62
z%e9m6PHE!Zs*&vIY<pkyjX6i>oCrePuaLu(*25R})$e%erGvo>H!$tO=PAA)9=l`P
zoPXPXc=V2(hGQchIEkQ~3%t+&4mUFA+}8^jFuM2w9nM6}XfQ)e-iPST9nkS%RbRmV
zmYu;X6NPLhZ_A+)jRa#Go6Q!}PYYrJS_sCfInD(3GB2`i4zFtZldiwOVG)DDxOo`4
z1p*8kf&*?7(>l1_9B{`V(^L@+@%-yYpt7S$Myq#$Rp7G0=G^{zyjxV^yd_rhrKxeO
zD21R#=;J#tsXSR(9PeHjpUR{Vi)n1!J`W@QFKAEbqEO)pxDy9A;eXEbR8$^OUyt{Q
z*W(?q8q(j0A3=o1g?Vu9$Vs2rb6C|=;EJZly!gJ^t*(BZM#uRR+o5mTfq_{-Zm-85
z7YlQC+!5bbS{$ipA(KHC<Uk)SDPdSu2Pp(;3dIX$atwPTezY9#ha)S>Wg%kx2FD(-
zq3}B?3&Drq4)|2bmw<6c4$P6{gkjPkF>;$XJ-LdLMB+RESC1dDFg_aEJfiBcW2k;H
zY)DlTlxfbZ=g+OonGq51&c0|EiW8lX8U?{Z+EurKeMBGX>7DKo+07QlcLH|~A9vH+
z_(N#b%$c4nrZj+}kE=>!6^?{NgN9VKMQ#g2VuvME4MFITs^-c+=T&q>qNhliGcFjd
zAbsINRswC9)W)-mp<twQ@CPaMDPU)uVQ$`DHHM`@<Yq+Dpm_%Fkg7HKhqZ?e0v7q4
z*Rt8YZr9r;gE77BX!$=v{tuP^3G%<c{O>FO<K%y|{O>CN+spqB^1qY(A1D7K<bM?Y
z!O7X{v?Y*wxe%iP34l02cR+hUHh@<{!(AbS_d$RIa2EiUmG^c)Q^0h<1OO~?FM1m9
zjevfDSU_h$9{_2Ym$^2BPD3D0l(Yq0h+f?3_M~NH4#{?>Wr7}_hh^ePST;U?l8#@0
z94429`)qtlCkruH=Sj?*kdrvUiCZzKe_X=gL2<Xl4jm#A+*!#vN!h;W7_7)7h&a$2
zOjHrmZ|q>FD?KsEnLO6W(=)bznuqHry%Uor-QpSxlv`X_#Y%RLy*bC}$p%|v2WF|X
zwMJMH7_<Wuo`UX3C!UsB()%)GgeANNT_b*Qd_w=2*!Z!&@-t1s4TEFi;)RenDEU}?
zgnBUC7|3xfJ~|(d&shwC?*`nB#WKzy$Y&(WCvgWLZop}$878R;d{!Yx)>jseIgCMF
znKczBYb_Df1rCC{QaHd%Jm@DN*TKLXEOVC8$bBI4jz`!~;L$e}SPn4`)Jb<d{(A%R
z5aPhTj&Y#khTnyQZQaOmDndF){6X+1%TP09nAD^kgqa~jai51&<0MzA9Jff>kajz;
z1X&J_kBJ))KekW5{*Wj9F$oFEgPXX1P$?=#WgEpm|3lDb&`*g9OIQnpIS^KA37gHf
zg|OPLzp`Csc+$d>)6<1LXh^CvJv~0pnUs_5j1fcn#`o_Z-bKa@4DO$ml$aiqE>{JA
z47wpbYkXpQAGZ^&Z>ufclkHA-X2uAyQQjxHrs95`y3cUo{y8%oNFEXA9G^3xx7(RG
zNr;=`2M>%lvyq}O`-jlB+^wUQY|*cX3dn0G-~{0A^MrW$Vj&*5K!}yivF?fcXK-H(
zcn0^)k+u^c5^y76Bp?lt1DFj^`-XUCjfN%AdLlhBCo?J4>6V3!&B|~=0!D)~x)YD=
zA^J<a7?(>7@MH{irzNHjaC$uKgc96NSEAc#^bTS$dW|f%lTu^vA%?;~#F-6ZE)kG!
zSei3;uro1vfRkJe9uha?=q_))Hak;qEE&4G_vCpkaTtXV$&sUbyA#1;Oux}4ucHS$
z)18SP=jfEQbf;nr1#l&gC!y25FkY4cH?-3wopy9S+BvjK>n_eN4|Lhw<^3*N_+{ZS
z;cte26&}%bVApY7XLeoI^@*+@bv@kmWY>^xmv)Qj7T0ZLx5?e!@AgBt-@Ao&Kezk5
z?kl>#(EZ)+d%Cx}wqwMD5syba+@n!sWaOa8(UCckpGG$6d3Dd|p5uF#_k6SGuAaT3
zvZJO&d7}!W7DO$MDveqZ^=Q<psC7{rqqau99JMX#-Kf(o#96#QD*>2md_Y784~+7p
zYx=#pGXwlb|D2!CpCp~5E=6B@@aJ`LbDaOGC)D$)1>3hV@C3><lQ%~CqwvcFhF=z$
z2nwIkK=3^ub4kC*RRJfA$7^`rMkeIuIfWqj?9D*d^#h1}g9rd*b`o#`P$?gd^};rn
zmcL;V0@mswKih6}Bb5LzND=C|*no*+1JtWj`@vcweJ{|N33_<&X4CcEE%o+5Yyxlq
z%zcWLxUc>4s!Y9JnK%D&3pmZ^ob@EtdX1%9Pw2{zXOR>Jq$VIT%IZWtqn?h^MO{ig
z`0YIiXeN}$aJL&S66mZZgdb&XoLB@`*1~bpRkFs`8*#ERdUC)~<h$F35foDL5+qxe
zKZYTmPzl_lEiG}l#aTfZSt&KlQ(;nK0QkfGo)Q^<d>%}B;ZFte5$G9Q;o+T|`mgiC
z!@GoAuBPGPm&f_9=+5VL@%wORGyTyjIM(!sca;IAKRUdV^xMue=o#^yO}|PX-5L2S
zN-8<>SN>QtxxtVvgaJry_}g3#FOwSyB>h+<SALa0a_0rq-jb|LF8#6L;bwA~K>Ag3
zzu!pC1Tx-8Zu(X3%%Dpg^D~nx4k#<e$&1V?=KX$ua+ScJT=^}@CCk3tN#b&&?1~%{
z1fYk9w{BxbRdd-7>_)q;RPCE>+y@K;*mf&me?eg1L0~^ZV4p&m3C$z$**_o%eGY;B
z0s$@RD4{XhV@tHInL00ltG4|U4hLiYC-y&si()T%@m<BaTQ>VVusn_*&)>|2dgCfu
zG;_<UmFz3jRh)M`f0fxm1HGtdQU1!@!)A17US6J9dD!nSD)Q=$4*R<M(A*ijbs+ih
zXB=27u$#=>aS?iW+Tj;Z$oO0@`>LX~hhLmo<Si~PR{r^i4{bVrf~!Tkj1N7$Wz)==
zp@=V%eo?$-laZUNSQeE@d6{`~LkBOP{}?qmZcrY2S!jd^J$7J9O8Rz-|70#UNL&0z
zh+y%bBm(>@ztCexhycI3LXXWLf{ZVg^mB>8^bej;ej>m>?>^->`MK}sQpPKG!S5pd
zK9WR%<b|7gB@D1!0e+eAXfNn3^wbM|<+uhoDS|8@_blU#Bs2^Yys8n|jso!njytIX
zYK{91#|I%}JPVWKrvo&j0qO`hbnPMVm>0$p|K&v_eCYe7gMZwLN{k6-_djD#)Y<*d
zXZJs&fBOIN{%17)KfaC}Il^t)bzDb|?Ay2VnWgjUz&Nshzly(id2J+)9Ki1HeLI)V
zyLb8W+7P}y0EB%z8NFvuO#(*_;6euXA{JK-gd_VTf)I$rT`lqZfWhg<p+kpii$BPV
z@q70Iqh|U&dzLR>x>Se*$MwBP&)jec0fA9wNA@6g-ob<K95}vT-@8|(-+$ncILLtl
z-Xn~DV&^;9x4U2e9$DZDjGs5};Le@zfWYzn-$PcsEa}A&nH=#4jvL8Q5I=qFko^|q
z5pS)Z13$`g8O8Y;*SFs)((?aMwW>ZuX8qTG#2e*Ph=+6>Sns=Z#+&7n2#7yfP%sY{
z_E3k^8h_^!6QTC_B|e1O<L~q#81XEiSzX8<(FO$-A5cQX7x)k?=?@xMjQ1g!`QsUI
zK)ggiF^%}2Fa6mX?~_i5iof(y{nDTP>HWgRohiRde>S<~zGdqL`SS83n26O}AAxG&
zG_rC1jdqHaA<kc|`<>1CYZD+j0OmS?7x%Sa-a73VIk!EX{mv#~zP`B*p3`;BbPZ%G
z(|6h~dKTfu8bAP?3x5Lu=K9`CV2^z)#J^Xg&hVH?Kf=26yUgf+Z~pUNobLqx(mr6m
z1AoALN5)&`JMah0ci<10@4#=J?}*@E9M<^`{nq&o{U<E*9r}N^%y*=}3FZdod?#3U
z{oKSqe-NT|5d6OR4yL|AGfVvQ9U<z8rieG^JFL$l%!kbR4(E>aoAaF_tlo*E{`t<L
zqT{)X5O2<R78Rpe!*9-aiZNrshWcZ<#(c-5Z_an%56$&j`K8}K-(mc5FH`xh8h&eS
zSMO84!`x>#rZj#Kw%t%!fT#t6cH=PkqXvA3qiqRI;Kv3IoMfz^6I>l|5@9DBVlIWL
zmI+)xbO53OXXig>-~T-O{wEs3Jpepm$Ae<LFM9U<Pgp(>hX4Az<~MJ?`KCC<{ASAw
zFK<58{ASAwuWmlo{6?nVSNHrzrk8eP?eiO%zOMNVq$ktYHNTPZFK>RcuKA6T9`Uu$
zZ_M-;)-k_f{7<iLe)GbgYoFi9c;tWK&sTM<V}7&cr=PaUcu~vz2I*k}{t(3Uh_{&U
z%6@13(XW08(l7j3##f);$oK<4@N9O$^uFnfG5?YA-~S*E?Z+eq@#gGgo)LfS*fH_V
zH{TpPv>!Jzy-C5CU+n$vSk?ZjZ;l=NO2+%9FY}D}uMY0ryB`RMW_sWB#f<;y;K8r<
z;CD>rUt@lQxe0aS*gi8paDGGnc^%@M7W6HboWH18ad7`WOq%PEFL1ylC)L)u4eyQA
zoJKNz-PggdWcoT0ScF>B|J`<qmE-?C`(4PhJp4R{7Ugd#Q{JNENAYZQX6}|%Dqzt}
zmp3%;_^+E+sYd{a&kHSDl)HJQ@*}>eI4|$`W?1E<z<4}-@YbJkSo)3l#zzkyaQWhM
z4>vvv9Qqkwba>isJiw6gcwmrs=Yh3{bTeK*T2wsk@S)=;@`%m{3VC^J4{w<{lMgtg
zKR5TzLtApmH!NGk=jMjqu_f0P%I6!(-}ppv@gmNMY595)FBkjyd_(yqW&XKfDdVlt
zP-*S+`34caxmNobY3o_-eNwR6`+T?%Xzv5TV(&8>zr9Z%{dGOxFyl>o-{-g3`%G`K
z_eqas#ic}s0HeIcg3tRaPXy_eE}>UC#LP-OlLPds1LSi*#EI(QrTGmw0l+i9AUxj-
z!l)~sZSWaJt$^nkXYKd1=eL|azoqTj^IP~J^7Pm3{)7pCXrI1M%>!zGL~#hw`vjJ<
z>v%+=(jPxmmkDpAKVFv!Z>F!yg!iSd!-V&xr;Ss~BMM*oY9>6yDlci2iQ|WAeMA8a
z6@Lf_0got*)MotgL&s||;fZ9>$9W@G6P_`AeqoKbJfcv~KezyHNssA?GU3&rg?|}O
zTmkaO`Rpd(lJubxM~<j?W*TrE_|dRQB?64_zzgIJdXj>H>&soTM|y`;7Kpc)zyA4w
ziNN^U<_DxeqKr4Kd-M5-$*$x>)SMrf@zRy)O$yfh4J^c0pC43DUwwX1Bi@HlJN*JR
zf$%;5sGi;;AnW`<p-CzD#9K4ImifWoZKwFl*L%R|bCeHneaL-x$6)#N!o6Cw#NiT%
ze+8#e5Hy4nc(Ll)1986vpHt{TKO*Is{67~YI-mJboeg9zOe@YbvGAuo)1<+^wEVVV
zM?jD-<Uc9Je@bl@q%j*X2QU{<04M|$0g3_h0P_KN02Tli0`3GX0+aym0xSkB0o)B(
z3b+SwFQ61~A7B~ae!z0T1Ar9(zD!nTxV*Ol4=h*-C<i<NSOr)OSOa(xuohtAKX2SW
z3wJ$W17IV7?-5o2P|spBU<+U?z)VN??4|2Uk4?S)PqpbUriSmX*7$|k_%*NQ{N_`Q
zIA4onIq{g$uD+&)FEJTk6~vdetnIR8AO);uRr|aezBkh-Fvu#&`gj!xAH~9V-0|Hm
zezpte64ejP!P<Y-pw4d^BS$2)@?p&ZkAQID9Xu8UCFa-sLhwv2pcMW*uo`Ej#Cv{M
zOods$$ZE~Qj_r6sLCruLsC*EGf*{N)CtnUGElVz7$nf#YW#)ZAO=vO)lmcHl<NG*4
zA^fs0Tx%ZYx3VBZ3w7)uL>*}SNLvWMOkB^5vz7pqkaI(RLmpMo5cl|kpOy9{Mydcg
zv$(<hb}!UJ#Rt+v3}0Rc>4uViHJUz7nnN2+3X%@WSQ|Z1XASbJmXH}};-;DmLJdA`
z_3))XmRSV*h#64`!#9Uj23CIUtZC3i&Ec}h+A0TMJyKH*B9=PyWns}HYaY-$TzG5`
z(b@0;GwMy9x(HlJ4=H?f%{=`&gAi*DFeT0bLsIG?0viY9H$b72)>52nrDqfPZf;9o
zX;cnum1bVjwdT>l>=#f6@+*b-pk0H&9GY8mz`g25s3^^;<Tjs{n|N0GO~|$CrR10C
zngr7J)q$Dzk6kPE{~gOh@%{e-Z-0*^_=namtd&2$RtK*RUW4C4+uCZsXKgLTo{*N}
zV936ZGTR#42HR&LUxs{z-ywvkxT=sGM|P?^D`!F~Tqh3c^JFKcr^`1M!$uh|J`POG
zaE@_!oY^@phch$TnT!+uoEeGPIXEJ2DvtL{O3d*%9a$-k#7u|N?ap$CIUFOia@-Ej
zR8O`u!;zZkaj1g;otZrUFD)g_nGBqvS!RC7+j4GTVzwjE0Un%gM|N6<vxCDW-*S|v
z2v%p(kvJhSEi)`ZVdN&JWjk_H@iwHjG@z4`mYL>Bb$T4hPLR!jFLQ!pDtSy!^GtGh
zTzD7U;dV~WNkhq;nc1GOQN44rv$HaX;#57nERM2fj_K{r%0)r5vn26kz7?J+CFMxT
zN>6sW<MWcz6CoG8?deEM%F4WblqIAe0>)g?KPzhz3LTk0Ixc-epRCO6-bfiS9WR<D
zrnwyf0*_5kOPb^WDOqHs_V5Trdb07-EySLll}lcdQt=kNDsOJ$R7Z+aR*c7yo0gu=
zvlopjg~SItGqR>Y1_9aZ4f(hH?F#t<zx^R!hwKe$fs+Yahy%FWEq^V<=OLfV(7ot-
z1Fu&@4u>2K`4+z;A)($-@3~&Y`@tK8A42N9z6<$2<mKR(`7*$tygm&%5%Q^|@pABw
zAwP#4m-jz~9K+oYHTbQb$rHiqr&`bNAvz3@AZ@*kE#=pM-)|u&LkPdfpGjvW(yx+j
z@X6p{o6T0=w$N5$yUVuJcCYPG+e+J$Xq8Xfp0#bVZMMB=+iv^Nw$t{ht&8`s`?+V;
z{56^tVuVKbT@d$O{D!z|db;D<#a<ihjx$SkdhYocKdtkq(@FIxdbS7yF}m-$v3p~m
z>3ursYQw1y6NveDL?qqXaH@wrhWrN`8W-L7g5K?7FYj9&=XCvM{>+=#>7;uK`NOu5
zS9ISm;wHxLjcNZUIcSLTcK{`o`|0KXH1c<-?1dx6ot2@w!X)+9ySvtoKNp>NS|&PA
zcaAGtcHe(-7a!OmV>B8w3VrC%wCr>zJJK;%sP0YuJNj7$vfD?gK-mSG@8d^C4MkV#
z!3*?B?6BM6*xJPG)azqqZ^~YOh>VgQZkEgGR^2*=40Nm>43=3A1g2!UGs5ym;|!7H
z#LPtY<(<RPnR{|D!c34!1NvIWsNreT65YvTWY%fZ<e<qOJt@cS#;AkQR564hHVq?Z
z7*AWs^*AuRx;>}r>v8OWrJo;=lb)THo|fsvXy-|Cr@7>agz@=QSydC}01ner$*0M)
z8c?Vs=@>&LEvvP_@jtMz7`o&L>r*R-Lyc)h-N*u==F&2AAPBc37N;9H(;4c_!!S-}
z&Ah|nI7(k}3(r|loK>sf*c=?Tkb&bBa$K^OduQcY>W|~1thvO@Z2tg>i~@$o8(;>x
zkT6gZEYk!xj(F%iCa`=%vN6zl`X^!_uHE`DnU~2Vi7wSh&<3L6lL7v+6DLs}r$E!v
z9Z(+}KLH~oK*RgMu8~H-Egq-J9d<;Z?hSXQL)_9v39O8S#O$P0pFCNwuvws7Y5uXn
z91&DVqgge7Y2I7B)k6bA@ID`3)0Tiv#!E2$fo_m5yp08?9q#G3hA~}r|9MQK)%=Cl
z5*CQH#`YzCOYr*=Ht`OCrq$D)vMsRPW8?oCn_b(1u=%zSZ3}!YM6mV=-0G<ofGuk(
z(pq4fZ~MT;RQ!D+^Dy&bj{K=qOJrVV*nA_7{!f5$CRdR6d@m-&=A!zUB$c?K_>aj=
z&CYfui_36t2PEbV?LP!A{is2C@%~~!O!5@A(`2&&-XC&5Y^+Ton+!_}lXEYIRxcCP
z*S;}A>8s;{eHiSuc|*LK*Y2$c3-TOqeQyJALs*iHyp6q0yiL8$yyu~m&Ak_RFZ4RR
zt-J%~HZQoK;KG873N9|Vq~Owm76tz(xU8UMfuo>RLF<Ax1(z4JEx4kfT|xVTD+{hF
zxVoT2LC1oyf@=yo6?87>QV?FywV+!;_kwE+A_}G!Oe@GQxV>O{!Hj~L1>S;L1+xo2
zEBL(Ni-Io;VhVc~#ummE#uxS}yrHmfVZXx13Lh_ASy*29MB%E!)rD&cpDbKk_*CJ#
z!lw(LDSWnYec^_}jfI;ED+-@0++4V&aBJc7g)bDoSXf#3QsK*m=M>d1YEaa$=-i@4
zMU9IxiZY9`id;pLi`+$?qU@raqA5kWMR`S2i>4Lj7u{Yoy=X=e-a#&!RW!S3PSM<=
zf}%p~8Y(WDS2Vxqj-mxc3ybb7T2xfFXw{<ii#9CUxafWDE$vn4!1Ef<xa?u?Ztr66
zWbbId%6^5tjoo373c1+c+}_mQ(B3^H$o`x5f%dl6&R)+RZ1>rJf8PG^*&e5B|9lLs
z`0!Gt57B)G!uss?Cv%66{R#W?87TDvpZ&Ku=1gr~t0ss3iTqzc{$|5q?k@mx<G+u+
zIHq&&r=lK@d-{f|KBsFBqJKJL`P-o*9}QQffSr=)a$&A14IGbyrbLd1<_ixMg4L0V
z>3F6S4PK3xIWC+Z58rqUSsc6MvOpN;`#kU8;Y`E0?RF%kXK|*CVJ47xCdi~>6(C7Y
zZZWTRPwl|5U-|n@$i#_B4i6{T$d$>>*(*>CQ-Lh`!j)B)2(mbQi3hsLSY)l3&t+cH
z2r-r-Fpy^_x-q>sM|DSXR;JS!zhQxab)U_Wm^l^M)5Mdx#Kzs^oEo2;mK_`CxB|D4
zqZ0bX4RyjCf;`6H{-*em0}?%xoXJG$mpLUdJuTT0=T4jAjC73ZGA71Y9C2hNNpmmR
zSg6Q#r@;i8V3t&s$dWJR&P56s3$dwAED6A$A&mvBzhFH^uH9HxF;FLoQxenC6UV1x
z>4c)GE^LdTrRu}XJ8TF}z)H@6={N!M9G``cH~387NJktDV#z6G%Myh-2EgnxF~OG4
zIP|3oi|2ZfV}di=pVEWV#Zcy{kV^O%#|=)L)91;Scv4Q(BpO79Cb7n-6uxSKVT5%d
zEFER@OB2p1X<0eYLKtJxh%~jtsw8SHDa<iED<?f!8iMI*Ft$L$Al~bg<sR(JOqBM#
zS#G8T>!(xvb`VoL2daeYUx^N-6Q0y8H|$VK5tN<OMIKiuOYi8|k+hZA60<Q0fc1{*
zkjy3~tJxYGfCr0LNxpXA;71+C<0vpmBy1=U)S8r>)i@LzluaTU6xZp}4E@CFkvlO7
zA`LUFa;1MMP#{e5{(w$ymOI(#A=quOjH-lKsIp}538ZamNwUL}lY|!QNy$l1pBfh9
za6v3wJ2Pe~779iIAV-65G=_fJl&hg76w_38B+k4f^i`^lz=3oVvQr&c&&<j-dn^b}
zE=q=>IU0S7Dlt|7Ct-F0zM)+ZpG#E=_1y9yla#ESOe|dvb+h;LNncTrE0IRuX;yVo
zmJ4jDnOCjZwL@jML)kN^<8EgX`XC4906Ye>=8TF>I~|ASC9`9K%BQ1_)CwVDeA6se
zno*f(DO`L7a!yK0T2dORyU-({awo8>L{B2;c_<7hP$QN8pf1do6~MI;4p2?$;1+ca
zpPb*IR%GjCuK+ozbyBrH$w^K!RxK$vbnO9D!G_svK_M<nHql(p)evLQ;c#M5>cs+j
zT+Sr9j;s_Md}L>3InuK-C&&_1uU#_EngpI@uAKuaT+jZC_>RFinvFIyNv)Ds9|!_l
zJGxM{+G{j)*<B<hj>oiK^%Ooy8)KU4A&qg))MCgrC2c~Ev3e0u6_70@0!L0gohd0;
z2?;Z%=r}c$F(&CuEHy)d1JUcI$lAf62ktl!W#&K)r}{AEvOV<q3`&{=jW!k(lCk`r
zgzlbWLzgkJvcHx+r|c(uL~#VAYH~o5eUzb2Q1=WqBFRxcKqBLvkO_1sKp<SRQ0?2Q
zfohfFKNNwVd00rQvo{Am*~iHGRIT6PAN-(+n9yV8MKu!)dT78?pzeRzet~0*t6Z4M
zNb|4@L7SG{8PuNnRg)FF24`jxx-|6v=t)qeIhoEpv@9BUPC0TLl9fY{d`6?XNpykc
z!bMtUGL1)Adh7>abYx(q2;HviQjA`e=&)5J#Uy+HitTVzXN;iv`HV<(Psou^U1)vE
zs_(!-5Px0AOrMUntWs7poC4cRomzwpQ18f)id55FG9Iu@$w~(c#yA7THajE~!`IEL
zazR7!6a@nS%mS1aod;NT+|*lI&c-98<PMJUIWV3w(K1j5GuCI9na#{Fcu$pI7U*~q
zrzn%m$k}2YcCcD^Y>}|wU?Z~HeYqKrw;b}4qm;$w_8WtE_!VGt%O)mOW|9-dP`#&b
zjITvgrTq-ep~#Z5u%eli?Lg8n_EZ=QnDo@jY+43NcLK%;Ss*;nQcI!6h?<d@l#2ck
ztn|;Cz=047otVt0dpM3Z5&eiXf5A>B`X@{^YSM*el7fDas(40y76)O!E#@0Ip=-XO
z(P#SA7_#v|6Qe7nrCOCwzf_+l%La8dhFBDiR55OtAt)mi8VxrCOV(-7!7zVkqo!xj
z%_(W_tV}j4m}EGm7FbHTYpJ(WSBhaF)JD-0c8hES)H_aNq)pA*_m9rXh*MSt%OSfx
z=n~ru3OU|M8Q{=iEO?{$@i_C9i6G5aE>9vBf}oWc>ELr{Q0j_~p<gm?y5VLxx*rTq
z@-aXpO4xl&yXh!mtTF%Oqh$Z=R;q*4gs>q__mni)&#IQ%gPkj(vz#ALO#{}2&$LT6
z^wxa(jkSB`<Ov&|=$4P2rM6KPekt+MgTV@fl9TCcx|W(ng+uGiS+zOCgJMshw&TeG
zpJAgjLOVrg1T9M8W8%PQirnm?e3ouNJ2SP<BDJs>s2fKj4=0?wF>NzU__1Q&i|t#E
zyAT`3keGlL2-R@Q=gz9}S?O{EKpk-%WIkL_NcXqwYNS;s#yJi88L$Pr-I<h{iNPox
zthzXxa7^HuzUmDzAi^pD!+%`&$(-p*v+&FYW1}#J4d$!({CqjUt8Qlc^!&h;`RVeh
zg~KxAGR7jK$MxH*R=sdIj71CezzA~BLc?=g^hI`2KAXTYWJqxsT{=f##}KtmLk+TM
z31QQx|FO;|Dw7P=D-C+kt63jrEx;i0WMyVL)58XFR7|mMy1;yQm>hfAdNEn<=~qyx
z(P-y#c<otzJd-^ER2{9Ir;uYpjPcvD4x$!?&@vzss}XDn`VTt*EIYVde?keEu14F>
z&+mf?db%=XA{})pfjIzHn;K(`X0KG6iKB!D8N{fr)o*%nX~8#L#1l0SR=s>$gQty*
z#t7+afJWc!Uoes#Wv!M1pU+t|4XZn7aN{}F%LNT(b^c8n7FgMJ2(-4!S9-yrOimsk
zt21l-YRXZ)?VIa>=nQaFydyIwV?0{v5Vd$C2Se7ZTvo`>Z*R=+uADv{+RX*F03JB9
z$|R~b4dVtw9Q$PUl}4MaQ8`$Y!6R1I_}^MJcx>r5MmbJB%q0fc$gtS5(=dmSa}aa<
zq{(L(K}f}A5}HCNE^R>dG}>I3=J#c->k4XD7>04skjv0hrF@W3p_#T79%ebQ=H!uk
zzRWIIb=KxYkrv3HxZbgHh0R!XlU+{-6>RjHUB<|cDy;Sj;~e0RD@|o=t_MRA4ZD&{
zjWxPyXh)shbhW<OH><X^S!J#%#o$1L++>5THLtFx$jdS_t(NU+4hjEzT4C&7GzMOC
zt;*0i7@OwYFf34g>ga1!tr|-0*Csv}aQ~kw5)A<6CpY-isY)w@tv_=&T%fxOJKU^4
z?l}$oaR+K`zbAtOf5A5E58LG|SAFcA^ZyoNA6?zQ66~=H{N05;cl<4_@w*p0@v8qG
z#ooM{zm?dp7x;S;`}b=9sr`a~^#3&W{#E}yi`{^A|2AQ#AomLX@$W_KC#?S4jva>n
z--p<3Sle$W_8`{&`xJW<YyKLEhr|->XxL(FqBYZ$Zwq!rn7btzN(_eazLRzxuv+?3
z?FnIM3roo2kb@zOv?f|h?XFr<)|T52OWsya7GTfBGTWQB#n{uVX^LhqZK9T?H5Sdq
zBHMD?!?t&A2W<7U=HTEp@d$QaG{WxIhr|M;A$|*Rp+c5m56BiH)C?oOAFrQ*SzFpQ
zw)K|OiP{7oRqnoCkNwxAt@dCa3b7l!F7#n-!449Y6Z0m2b(M_en2%DJa(dqO7WSPi
z4hb=6Uaf^`-L;<DY=ib)!K@oAZEI~(7W6CbO&R*BFAfPd=nmF~YWEp5U%^h5&wVt<
zK(;MJLyf<4WnG)Tr^VB9H?ay0#8CT;RagsQrZZDE(+-B53u;y@KaPoIh6GZs&DRio
zQAhkVvn0O?m;aP2LEWnoHIw+48eEvUs!+w53agIC(CT4kPX5$dK<QLGTZ;O1HF#YV
zfaOnZa#LH$R5?@`%zTMQIh!&y^YLTVq;1OAnwM3Eex4QG;mF~ETKUZi!iE-ar&-^4
z*L$%)2>0}@_kJVq?)KhogsLzTgIH#&B8kz)n}FRwCY?42)3AG}jgOi&rHN(D&5ZZQ
zU5tH3on{^N#?QKHmhcYqCL1&__VSk;@asfeKws}%aB;p&Ns1coLnJ<FnPntr3hO9B
z{df$kJMH<9io#{;W<IKoA*(B9jgs>F7@;?L`LD|Vfe(ukHB+CuWGqJt(wQ8qJ?X-m
zX3$K-o%&G@%$;>(()QO2Llg!}exbxM`SMd2-i`*{j=1Y+NZ@hMJmjN!zPAs;e~`bg
z5$gA?@-FZa7;44v0H+UX$PAk<F=7zX*q|f49&ZPP?zLc%ib`pw3(T#i??SI#(!17s
zEz(}=eaoO3>3zpL1R81mHAde2^}z3ZZ#S7zNc?1QaUu9sw0;03#hHm^hAaTyZKq5-
z1KgOY-QF3XdaaM@Hp!{*-s;_kpBK9}RW3Kzn)j(orpjUB{NQzaAMwT@=NN<LOz%1w
zHn3LO{`yn(mSFIhE4d$I(C||i-W!atH1BNhqJUDFr5*1548I8Z%f?#_eqVj;9HdW$
z24XPWOr<b7%+etph2@^rVOI7m*Q`F!OB2ha?N4Wh1XA|<E}Et2ornF3?pfQtKY<g{
zj6zF|o~7{2|989>d0z(5f6=TPWlFc?;YOsmXjZgAD*}`h6%)%0A>NI%%+T7>-U`}g
z>d~`)^HJ@O@ZMhjyJyY8n<yW9=XjqocwOMbB4=jmQ<qGY<0AB+s&rR)`E$=oHfZkm
z?w5V&{#t1V%GY1=-ZKAaU+MjI^$#QLGjDhAFQBQUXXW?CS@^6Rc8>BV(Du*w`KTl8
zdl?#t(O!m|VV6ma%Yfb3pwj{O?CBc9HL(=!_V8OnPUT~JB3IOr4(K(=pQ2gcn`z{v
z_-+cC7kMuO(0{(Sy-e9b;^%>j#)$Xxrl^=$O+lL>3BY5yYNk~o+*@nnHUw@nP~^B|
zazM8Oc%aO>c*jbb4ZY)mVW#(|u3oZc1~w(0X_UiHTj_{jrk5cHRX4SjD^Q}u^z+yO
zT&vQX94MYuSTo=@0qx6tDU@UyqJOaon*o74)^Q%YFOECd3AO;>?sdG`CgT*Y70(*(
z&%>XWHQs-3=0QA_rx}OS3XHt0yx4qUetbXQ{(S2$o0-mZt>tEzKb-kmX`8%804KtT
zt5*%*#8C&ioAl~(gG7RnUbzZS$wHMy@t|Zvns!-!GtTdtd^hpQhiUxrCe7;f`WW<T
z;<D_go3E0YA7ABd%D~Lqbp0|i<)Y*q7+x<xA50xEX_&4`W98LfZYz$z&Kf|5c-!4q
zHj`KKf_Lky)dy)PI)1zn2vcD4%{UXxG6lLOFQ#keQ(b2M{FvUPsq!(?nyz17wet~3
zOSN6<vz4x&hT_+xZMwDd$+{7BT;GR$7g9&m-w=GM?NSuXysY<T*k9|uVC=xJnJZ($
zu}A%MuW-$ZZM{ET3a5{ED!B~<&&zA&d$e|w_7Ckst(A5G;;+)K*W%#2K)Y6A-=M|F
z&<tM~F(zv+g!)r4-C~547<8Iy_sZ0lX?JU#15)N|mj~oFPn#>_TgzN-)s`9*NHJS;
zYVF|vB;-w7Q%R4qxJ=8{(%|c__0}37_Cnx{&>Cy!Yoh?Ywf@=w?M5vgp(@QK+GScF
zEn3S1W-Q93LN7D0i0{Yit6izJ(HsG3)3veMZAjZni?F0l1qXL(Q?(w5xn0K1m$5~f
zSDU33Xk8?~m*KyycCmI5urAPA`|>_@$=uo$&7;lHI>=lv(4w@N+5)64HfUa>P1Cw*
z)3rivq&7$!sNF27o8_9MB^&7|!;V^e?F#Alb59wTY6%8bQ*DSr_ZDrLcE6US-J>nh
z#zCeHeEj0euUK1arY*5OB-9G0z<Ny({9KFUTI-is#rx96^;P0*v0aDN%O={MkTnS7
zdMj7?9uizpZ6UbYw+3sbOK=KAOT5W;Fr*Wxaixz`RLa2I=wtj2#0PTH2-KI@dSOj<
z8R)->SPg5Y3vByB7Kcof<qB*+PvNaOuCy{8IcWmimgEZSh$@8qH_`4v=oX2^HP%N!
zmus;PiGEl=GBK;C-C|2bnHPspMlDgg33yk3p=L*l#UUH8Vp;|&cv}yp{|e_WeHOAF
zIWd<*2x%m^!rB65X@XqLyz4F*S6N$#+1k~}k1M1-L8m)%|3K1gB*L^1jcc!<EX%b7
z)b9#z0xXuIx(u<h3LcsF8l+zj$|eVj`a@!{7L4+5v2m3ZsWq;uE)MzJ_6pK`B55`X
z6!ia~FH;*|i$+vu^gQ4Y{_n07P$%$8(abyL|8xI!l`JQq9Ff`#?T&zuKbPBIl}hf5
zukk4PPi-}jJC6L1l;v~Bzv-c}+EQ(7h~Ps|xe>~lET7_snR}=FuTinQYAd0~^6mt7
z%bD8%kQAE+u#pM76}Ux4?I!hY-87D&8O)t-*ydsEF;b6y<qn%a`QVp3J5Iel)7ZbG
zwkXJl%AVS{m;Bdul&IZtYP$gUsMOe+@PE34%n_q@x|xsV)uvh0RKR;EzAcI7L-~O1
zAu5gkjR0)K&0z(}E$et6FwCq+Gj+B7Sf_fV&sQSw9+A6_?IGBn<lnDYbAQ~>Q*Tzs
zE)8>cOtm+5PO%BD`s;tnk3D6U(-y+~JBW?y{U2$^K7rKsc0tV+>wDiI#u3-Qzke$s
z_Yz5o`NU^=TQOkYFSZh4cm64BiQDGP*Tt}nJ6Rrhm7gCY4-(<Ntq$0KjSfQY2<qTS
zPaE$}ls@bNnm)bmPT@aO9kX3ncG$|7znnOg3NQ5HB@*lY9AhV$+;ZvP7U)UE{!Hwr
z##S=ywU;|et^21v9Uw$(rnhL6MRDXCOX%;7j^;1!7XG}VpkJThPRx+Ui*Z{T-VZik
z*^@6fV^gWx6|N2u<4XqSOEUijO)=kPGL!{94muF-ZkNj9Z<ZeQYOYal#+EJPrDtPT
zJ@(1s9SHT}Zndq0zHvnD`?9_vWb8BJHe2Iu-5MK*)Lz6oD%845654U*I~0v=t^Y4;
zjygCFZ-o3`cQa-$Bik6d7UM;@KT;m!tq@iZwptqMB45I&rYC1mfvO*?xm&TuwpE|*
zS^FPs<MeM!RBe|hOkoqNQ@teyC6w>SBw|;82KMr!2UUEleV%xo3-9^DDueo(qjW$I
zFUR;W=&YlUJe*I8C@gTVJ6}bUlAJzWu>dpTjK>*u!qQ(m)TrZ*(4ousrP&!6Tqxn8
zDa&`~P_}Mk9Q}C`6kd$!fME?Uxn(*=UCZbQ4o3d|B_~t8DuS)G*;8FkbJUV5EjJw_
z7bwfAM@GELj*|@C(w6eQ+abkozSQhdT`L9ce=jF2td=(uF;ds{(xa(Jd<D^`MY1Bn
zA!^bzl9Zi?ozZglJjQe$H3gKq-WEgag}raF&(w<%0k4!vPK|xqN+H!NMAcrakp?NY
zgd1mR^2Hmz5{I+X<n+Pd2`|iGPcmO9XHk?LVtJo3;3Zm~<zO_9fDW2XHa4!~;6VfA
zUj5qi*R+Z#nwmC~xfwpd3{oQYvxdCo>zC#Wz<dP_rjmT2$s`F2+>@B%<U8d!c>==3
z%fjT&jPGZ>vyKS$Hm32Cpxgj1WySnXtzl9h6aDY<_!aoSp}x}Yr}mzf&KhsvKvA)Y
zT$YrtpGZBVq-Cp7%HgkW!~R6aWuBW#2}x8xl6)P26PjvzCilSqHLB7FuM5j}$=EBq
zofFkN!Q-c*y-i5tn=GER2{`<eZ-lwBaF`3<vN7MDGp3|Nc+5o-3`*H^R5ugkAsCF6
zW&h*N@x#*G*?8655of+4&ey4E?+ka2cMRdXhwKK;cP$Ni^5tGA8!8C9t;1q#yhr1&
zBXkQf{?5em3Ulr6(SVekKB4lAD)lW37=EJ@OaxK9TF>MCe8Y8EA9=in8oT6svS<Q$
z2aqSUp%7#$(h)m2RyB7u8->Oo&M#!cYC5%$Yo1Yi8m}Sv1quP5TA(!#zBAi8`cZlC
z0NywWc-^hGlJivBS__V@KoO}{cFS0mg8rIm17EzL$sz3opY35CODwO)!+J2Zm4rO(
z+@a9{mPj%VtC4F1I8~$H5DpNQ6BRIb;Jc~v{3AEIJT#6>C}~YZ^E6)L#F=FCNE8gW
z#*1crAI3aXxmE>{XNlCNAN_o1fdpuXuS4|9DB$gs(~ym++EO^`Fd->c_F3kePU=ld
z92dbMjEI(^$$nm*%7JpC=&mdr7LYjs=R?SbXPR=pvD4oL8aY?%Cj<IJih}PEVQ4Z>
zv#HTJNqYcX@IWEo!0IbP06Ab8Beb*{m3hl|4^<Dy6QIe>R1RmVGaKs0VG~$7WoI8S
zV9>@PcmCoiCBx_zIK0*I!Ya`6^NqJMeS9DzOXI<t@924rGi#7nnC}n?zQJ?qG1Pnu
zGXtxYcs<fF#5e1&Ipa6qp^`5H{#UC`>IP>4ay&r?$PtAGfHH>8ti~+THgy*3c&rB=
z6Xnw{<GnAm*8mBfZZ%+Nmus6if;7h%9@R=OdvbrLgd+4E96#ii{zD~xwK}i4=%=cf
z_V85pG-@F5P0OX(jl+)AD|1=n@hU$LUB@zv<tR2)aT(6UOsvsxeHyBVH`&dm2Rl=~
z#*cH?eFwM6Y`|(C7;5tLA?qu`=;i!ouwuxv(q&amDU<2b2T|GvA^8ruGHNWcmtF1Y
zpXC)`jT*-;IR?waz?4}pdsG_sD4Z(`79kHpsI_Lyj_^$D#aPf&N8XPbilgZHk{{2C
z7%UHj=V4cPuad1V#yI$@mH}6-3HZ%~fP$IF(L?WJOzU3S*{CSXz+>pNDmcUo1K62C
zJ>b+Aif)d9hT17TMIYkBlP5Q);D7)`@%)68oJ=`)gqNo%`0!}#Agnu&T~U)u^;)a7
z^drq@65y(?8Jc_)WQ+(r8b3_F<!3Dh`fZG~Fqq{bDvl{>n7Bwok~SU37xQqB>#n<w
z6E+O2c#5Om$p(jUcw2Og!=d<c07o^VfSHl9qh#k;$J$lEc*soUu=K~qD0_V4crx}p
z$yqRSsERTr)GXjYK@=>J=iy|@2^?R<W>HjfIh!<XrhdNp5$#o;PGJln#`2Bq(Tp~R
zo(#Pf-<UO1lXY}#7&!VQ_yz;ndGtq?><ay9ByQwr_vlP?Xw#<$iWuvkPA)*!5HU)P
zDpO;+e9;~=lw>|~QU+MybcoE#j;Pj?9%Fq^A26_BWTkW{|MBV*3(0s_8s|PRy?MTY
z#f(<xBb<@wNZVh0tH>1Z`S}UPSc-W9PfkMlxrj1oh$F!#X@3-(kX6jxAjAQ%19^ZP
zS5J_-Gf-lTbB*Bb!ZW}B`_h|$Gpxb5DL%_9)k<#Ak3T6b!@QFXf;wJfx(Yq;OH`Rf
zcyhoq2G~Jx_%`3pHq;mPCQM{3J);|ATULuJz9mx-lgseX1bIf9Z*hP+eTKEe^A);`
znVv6?k&+G$l0pRp9Ei@G&4#9?>9rgKqmE2V4m=V+u&d_LS?Zf3z9HOq>;@hnu&|H{
zWoVc@=HY-?`r({G9a0jo281E4#yXDA+^e?CgP}STJpo0^E(V=Z1`c`TJSE$WBfgo1
z>QIf<B-lRkh$vYd<_eQZ1gNz&T7PrJU?>}^(UqgN<&~fBKM6=KO3SzI<(v9AS${~s
zxDIB0JLU4O>~>fovTL-+219BZZ9t<lQAgz9k-IUz65V)8;kUO~^w>cIu6D#&mK6WU
z>XHjd)$N`z^BJCXum^YkX*Zq$@sI*c*Np=bF$f#7fEvh^=ro>O2yNz>o>=Y-7|mp^
z2EME@PMQo{-_sW!=!4@T{(Gg$&yVBz`8;QnXOB?s7=Dc7l`QM9SSU%At2od<d4exj
zsnAU1v3bxi;~}}vmWhn@nIA)pQ;r<%WleMr>vW|Y;5jP#<s*fG5>rk*#}ySVm$M8E
zW#1Uqx(7D8Y25gzL$Pt@D0CXCE``lc5d<6~%6hMnjHZU~OeMK!B#({qIJ$J|)G6$*
z+G_JZnGZfOhZFAc$u>X;!2CXDJ=})^c(QzbKm$NSz`1}%fX09(0Pcuv2H<Y4^8w8P
z+~ay7;3B}qfJ*?E0$Kq60pO0!mH-E!6@dFv+W;;Hv;|xNXa{HyxDs#`;A%hzKu16r
z;2J<DKxe?&Z+V(ue>rn^FLtPhh(<!gf3(0S2nF5>5W)CwE_k-N70xmI{B~Xg5e4k?
zg6fOq0$<Gp1$>4Pa2X&7?|e7MKcPF|a==@F#()s<p>V)uTz!NLg=>eeCEQTNPK0~D
zs3&?O^c>MjJP0=w-xAD%J3!*#JC4{@8ispK*u+h68zbaAKqL4sLg+c7iHMQ$!J?gv
zXTGgPPZ<^@u7FG2bCHJpbwGI*0P2H_b3{i`gg6cU5c~!sz8>!Fh`k2)Hv&9>`l6Yb
z0=EYsRQ?)>BzYe!+9Gu*B-9K3dcY(v7Xli9&ZThiZAWn}AVl)oRLYF<W84J@jfC4)
z#@i&X_(Gt#5>N=J58im+1hgK9%XD@C%fyni{_y2RnFsS>+H=I!kZF(%KS%P`T(pP3
zKDg`#Ix7Iz!>>V#og{v9$T3(90}KYFB5V*`p0$4tC{vECl}_-pq}RY@$OyP;xVr%0
z1h78m!)1AH1~dauUiCqRx-<#*vjCdtD(jPSCLfL9-VN7|8e;vi9$LU<>8N9C02-)J
zz6=Y6lv$puWOyT~Z`4D|h5AK4+Q_(INeADgl=7!+SkL5vvf3#9%&oDQhkMfI_pK=7
zs{vI2^272sK+5Y8_W|z7H~HHGU_OHYodGO6b)S4h0N75HT+R{2s7LBirqs1ik&pWZ
zpfnn8Ht3ONAKa7Ie@M5rxDIYI0N;FqzA`Qpv@b;+Dj6|;Ab@%r1~?BuS>6t}F<jQc
zxo~^KWnD7=QO5mbxJ^)EwoUSy0_YAL<`4n5AyP7L$}<i?{nhYW443@01yC*xLE|>K
zLjd^ZDEx{S-ct`KQ<iBRfU;nHx&f5Y`+##1LLG?(P}j%94TVej*F)N_$cM70Tv<+*
zf&6NSWg5zj{TTUR+a3&Hp6n+s0W<(89SoK<n<8aPq-ljbC@YqqIQ0?Ed!`}3Dl7<i
zly$J7d&FZrTUC$<2V4Z02<QrEg_s7QI|TSP;5gvc!`%gN>!ZX4z&Q`VbnGKY<3_**
zz-lTXSoV`wBaFIw6@c~F7cPN)3uTuNn(S{V3zk0<ZevhmpTmBYvL)U60O~K@{(ukw
zbw@+VS)b&M_0ImEe#(C?T-GmT$^MJ_-2~yS;WkE@sB>&zlojLH_Icj~ROwQt9pExg
z^1^bcv<j~=a${TR1hC?;Jv9T6rs;+v$Eom-2hF?SQfA~i9xizt1DAR|0xorgvSohM
zZMHp@xiRpg;F9m=xDSO(`7;mlcOJ^ZeuZf{-cUv+Z%TjcQuZAYeoi%D-Pl31CtSu6
z=Un(n_a6Z25$m1upgdVd>K*Hc`a<5Xg4@Wzp**OoO#!Trh5**rc}PS3ryQx54C4q+
zJ)z9m_L)|-i*v<r+_UYmU9#W30xt7n`5Gb}>zlHp?vQ8J9p%oxfjo}`uspK?4Uqd-
zxXg1J;9>xEJ`q4&q-@zAUj!a|fga^ZePlhg1k?uw>eN30Y-2aTWgSsQOivwS+0I3d
zHn@}v`Ah|<a@yq>kq$rWxF6he0W5DEfHGqJF^uJAnG)cJfEvrx2qC1&vCRdSeFN(w
z1V9-z!jJWGAwcPs>QgCahLb+!OueS=un%I~dGJ$4Z2@#cfz7tY{vro(Gk|qN*?9oW
zlXAZUE_r0zXE`|@vEI&sb~68Hd9P$bJk}juj&H0((zJ$C&&=?1AO)6@G^fL*EjIx!
z`>*HVQWsbz_BP~W5`g}hfYAV^V|nbjW1WNp>Y)Wuj?@XtfV|ov75drNaSUMoGb}DX
zuP)=SL>TpjIz^psh;Zt9DCkpu4UwMhv#E4B3O7Ot*jF|OGz2t89?gK?P~x5M!)4#C
z(y>jme`*GxtQw${N@h0P*OT|>fPx)4GMr_g9&)5$AHu$jc~Umi!KQGV%X``Z45zhB
zy(Yb2@DVJ_ay}?9U-HDXs*h)!!XZuKk{0u!T|pa*c+`K=GI1zB#uJ}1Wq!2x*dH^0
z%7|eX0_ZXwX;OyF&vY428qENtM?d4ubPCTV>$tfrZ4;EA^`i7q$%A${d){+pU2_u4
zcGyXlSCca2SVLK!1F6zwA4j(t(vWZ7Q$FV)hHbVv?%B54P8#4xouytdob8Kkk9tkH
zT!ZxNUoJ)p;#?v5XS)iPeFj~A1Bp7x^pqphQ6}uunJ?St6-ZAylo#`3Uru0MQ5Wg5
zuj1UMJ={hBwq4TTJ?n|_?5CJdV*vG)X&KHuiOaGQ-)x7>gK<p5v~0I*W4z~B$v&KN
zz7#I$kblOJSIU7hA}zK*=EZVR4kj<8b(N8Zw7US<x3mCn%$I)VO&Tl@`DS|6{*-)J
z=kzmA;wYJ_afJCYtsSw-g1HdoyGY732>FJh)aRfi4IoWBdb#n?Pqt3>2|R&~rK1i|
zH&_o$!?_y!7M6u}8~bjC+i>3qv3}j)=tS#8!<ZWieA?z+WPT0NyHe|~M#@Gg5qUTV
zE^}cUR=UmJO6hzvXn6=M4OMS;*s^R#=gT^voY>AdlVBb4o;)x=rYHC8tBA*bi2WD&
zrOedKlclUD<IhK#P1)KJe?BOxGB%cV$oix$Oup@iW&LxkV&6>Nq5iWzOqo#j%$K^t
zF!uGP{!nMAYt&s6kGjNr>JZC9T$b64H`ADYre}G~cCTto`OSOUD&(OffV4&${sOqv
zL(^@CdzOW5mt|)<(q}kb@~`><<)>t+U!=)<jy2Sgt^nfGPkE6J%fkE_&ouNW82)g$
zlsRcIEoImW_vASpK>DK%_iBWbNAkyb^29ozOPR6E%!m08HQcM<QbxpMcqag9kT;f}
zvNQQ(UZy-u_Zozm<sd%gNB3F)`5q2n{wan($?&s{P<HHR*eaMO`)~Gj?9<J0pE6;6
zGH<1~ieK_dy<#}|H(ln*d&;SLIQ@(d0WdvzARgsK9vR275|8<^k0LJ(Aw4s#DO=`E
ze9DLUu@5$JC=be?ek-4}O^8pRjQC@I<cBm!&!kU&NXL{v!&QE&j=4UhXq$K(LzTSA
zy9OXl%GJsT{fy_&<b`-F57TojC0$i+MaPsS^XHF#wga|X_9m=D>ORMA)*Jg3_Aj)H
zX*bXYst<odKqL6b1M?;y4G^aMq`^6csuS|eaM}wT*T@t3Yz3ga$S-9_K4?udx85?$
z=5uK``E935kQaF&7s`%ddtjN#2m93e(AE%WWqpifs{M3AdiM8MLH3MiZ^?RS2K)=;
zc()9G+GWg#wm~<z&5$Mpv25c_L7nAl9uy?rga0}J$1>U#z2No%Gy+x94#)i<0Pm;3
zC8uWpK#G(HdFD9EHbdYTOxZJx^};kAB`+ajHT*0G>wx;!4Z!sP+ObTdfhV>Bdr+`k
z>tOx$fuC(~6@ap4I*xJo!X;mnJ>^B0I?@9!`vTHrUexjSaMJ<Q7xKliFar0T0knCD
zMOxGW#?kJZjC;}|9_4i|WH}J`EW=;``QRD@X%aXtkWa>430MlCK2Sa^8)d<|qK+~z
z;!wWijWVSyh&vC!@-PkQ(njhGm%OzDkbm}Rlrwdb{aP^O#=2nrk`Gl5e?LM#9tDuM
zE`V$RX%L^~V7+$*Fwee#%K=${g@6HoSilMZ%g1t24$A@5l`8<O3x;n1kXA47!!*R9
zKF0y_08;@S0Sf>g0C{Hl=K|Pn)&X1qwk!6r(SQd5Ie_MXOaNs<8qAORvJ4Xelxre@
z;fn#pXMW=WcLTNnh|7F40QUf<0GJnf8w#N8lL0LOw*r{H6z~CH1Rxhs4EP8@`Ah=L
z2Ydp!4R8}+4&XQ-0nh_Ly=C721W;~afJ*@{0azDf0hAB(W*qCDJX{T6Jj>b$z%Z7R
zZIxl?0+<)a$#(&10M=a;>YruH1PlVa3Mc{$0FWl@r37#>pc^0(K)uQU+z2Qz{EOfc
zST8dHM*!3n_7}|i2Gnr`+);oF0V#lyfW`pQc^z=}3Y5U_+6nELc2xUDJD`1~eXi})
z{;6%(UejLEUeKP?)@#pb>$J7nYV8SarS_=ykhVhmhy4=!1@>n4bM2vaoBgErv-YF*
zo%XF(rR~wa&_2;V)ZWov*A8lXwJ)_#wRg2Qw3oFPwawZFEz*9iJ>0%U+o(OOJ*_>Z
zt<hF#<=SJ~!`g$|W%f($7uwIWH?p5&53%doFWOJq_u66YYi*ylTid1mOM6e-rggPn
zY!9<vZEtVC+}_Imxb}!vrnR)UuwP_9-`?0>->%t({a5X{_JejrJEZN`{;hqceWdNs
z-qc>vDz&ZJCatGE!rsl^*?x_^gZ)Z-TYGE!$J&!x6MF-@ou9rw;|tHCyM}cR>&%4a
z_p^I;?i3z=nv~uN`MY(JeR8Kx0&OEyl;ePr6mafv82(T^?Zr`GO`0e_PvqHnA)dTS
ze1|A+i&Fo?#D^bvulF|b9U>J^7c=oG@%EsJBv=Jfbl?bYef}GlMF@C?DZE}UBD`?r
zzu3KdH+XW0va&KUZrnKGt%QFZ?!9Hm9H@?QqO7t~M3?Or;{XiYy*pa$E*ppYaqt16
zy}<X1Xrys?D}h%jynwRZx~SX@*DFM2CDS>8i@dziqOuG$D#sxVbN~*=I1wEUKah7<
zBEfDi!T{p{qD+7R5k0O9JeGm?GVqIhz-t+xa`$d=;=~D&mzO7si;G27Rh8JbZJXG+
zbEhaTFBcUR6{57XRGdKhU9LQ_ZubeX<LC)dR<RBA%0*fEI<alXPViDC*6ln2yc78H
z^9fN>QUTgkqO$6QaOJr`-zB`DUs75OI_1c#T$B{AgCF$EcZiD09inpQZsfaLtlL3a
zM@7Z%qhcGN9CRx{rxN+@1mw9u%UdjpON!x^3Rh|w=%9Rk%S9e|a;26FZ(g}5EhB%p
zM?S^Kr)*t?C`Q>!$}3T>N>N&}O_Z+NA<DPyK$!tMc8GPAJH@(fJ4FQn<*EeifGmnD
zb^~v>r~rT40Hu{xVh75%6Y|;(r~tp)s=)IO@Cq4i1HaqA>u!L{l?s0HAP29=^Lj<!
zh+>hNT7vr$$e~1}jwltWu2RUX6g<I&yvxc;Mc+<kA{BL(it@Sg${@os)CHgnWsNQu
zsVMKb5hyPpmE{KHvFyc=Zz<yXu0uMM9px`2lmW`uiSl*p#E20UNLK-QRR}L2H5IY}
zq`KgGD^NFZQHP}j)=^o7C<m05LymxQKq=(8j!=QR1{4=pBCZnj;X=L@m5_DWHpm;W
zZX5I%0NpCB*nxP+9k32^uK-j6N-B0DZYT5-x(E61fb7emqdOq)ozT;D+n`U-jjE$n
zq73q`guHhEst8AqLT?~@=*mv$^HIRIDjoWw3;l#HQuD@PeJE8pLQ_RTLaG>-nu@Xl
z@&Myp&>5HL8;v?j&4YfiuJWK;fZ{xH_Byo$g8rH-A|e7A5l-uhIB2)`jQF-^&u?YA
zpooZX56Vk<tI+^)`@8FVMMb?EbzM(*B6`}th<djduBd4;fcXBD5eIwrw104Ybo8=i
z*GJiLKdsmG(aR!vr9_9mdtJ|-2Z;d=4oarKwMRu=cijh}kv)1ue=scy$dSQ4di3ax
zE1^e^W!LxW^+8mx_19m&{)6idl4tw0>qC3J+w1zs<mAZE(EEwpJAoJfd-n)NHYt(8
z!NDolNA--bNA-H+`jo+0(?TPAhc4?898BDj5)$WCQi6PtWZAN1(V=eu|BLG*Bb_~h
zZzx(c_k*Hok2sTWPUyXOLijD~1`Mct`Q^$-oFzB+hzv!+r(qAa{b0lwp-A1MBw_Ho
zi;|LN_WrrY&%cHbcyGjr5xKda<>%i%eQxxLrOV#v`$^xv)93apj)=JK`W^|3Ut3aA
z^5Zi}i$(?iTKdb-7A<l=+tvNc(WA$V*)#UQb)^#rY#*7wXV3J$UsMGJt$%dMk{dpH
za>Bj$ES>(%t*Li^fA@PWa=UjgD7fRsef#z;7&yAHeC?NG3-|1qJF{=kn}UKepGnK?
zJMyJlGE!GgeCoLs9e;3*Xp#HrtfmEb?AteP+>Kuq6mEWg<lAZY4$jPZ_n+Q~h><tA
zch0!=qg#e;-CR*o{@9AUJ@3x~deg6O+!woG+@bCTg&(}!<L8o+<Q|dBLVI0z@Z)!O
z&iFVlKYsXt%D122nz5>E$NRHp%_{hM%)Zz`3vRsej@zz%v2^jWd+r&0vPX~L```HD
zU-2Kse;og@+x_h1C)cD89r{B2u1^aJ_T4xxcF>^28)N6~pZUw<OCNr4={=#*Ln0%W
zt<M`i+2xv?J^YntT|<YiTyghX`LjnuGO@A5kBz-;{@Zu2cx>Y1k1u`g-KaOO4_!Yz
zW7W_;efm5#^r@%%tbJ_a#25ZGdd}!Ew=GB<bolVX@wbf~_`%bgH&;BiV&Z-GOt`^*
z-F5G|R+mqF42Tmkg0J5C^vD@A2F@FE+o17rNA8SUxPM^L?wsviM@*?$`{2sb@SJ|%
z&Yu0gD}B<WN#&C^Pue=*t*w1V+&bsB+ipuF{++iCEPQ0y8=p*lb>!6TQ?_n=BK+Qd
zpMO4k_Gce@*0?6ezZ0MR#D*2m-5NLcwn1@8ad*beADFcLSn#s-)4qu675zxBk<Smk
z=Z4qciT~H<pJjiz%kzHT$Jx(q*tm82zjk~zKQ1mVsqn<)gTqerfZ(H-1ustdVDG`I
zsrKc|m#00tCN+M>==a~B?Ao$n)r<LW?HUdIq(u`-pPIS-*T}o5<cpVHZ<oEnkRd5U
zmZxqU_U!9BJf5eXTe<b4_eOj<aO{BtMg7ul>GRRZjAfzAqN5*pcx6{K;E4V~x}K7f
z^6;jNhaS4G%a)B3S9g8kz0U^@99uZo8?!C5Y-|3Mho0OP^+B(#Ylo>$;=AvTCj{TK
z5)yuF#fpiWpC7*CvpI8ao!jqQ^a$G@>hso!&3#;J?n_<!SXYIg0*3UTN*~``zH!s)
zVYjS#rg2{0$9=0JVqy?q{8E=qQ{LLNapT6v()%fV{NJ=U>V~DITf<Ysm)^7d(aiNZ
z|NgfBO~5}I(f{9#*9}d7D<i#hX<r{YZw~exbwlQ;p404J?-$oudL}S6?WOG_b8`CC
z=qn*DG@t6%(U^#Xqk8ra3hECquNd}r#%1aE7=06hV;E)Po`!o<%xNI~T_~p>-Ok3U
z{hI=IJ+D7@&r0mn5;$Esns}V2IsnlC&WCw<L!_hrg8cWaATQ<^yJ0U|=cb%1a$d=K
zqY&fNyt8aKY=0r=l#Xc5E8%e<4#4@OoJR^T=6PP<{Ba!SkGma}a;_@pw%*-xe(S9a
zoJ(@<XwD@$ujCw(b4kt%Ik)6|iSs+o8H-CwFh?rIe1!88&L_6XxfJJ`oIi5DY0fK8
zz?P>yFXyAiyfSqhY<846FRuh;F9p3)HE(j2i4mM5C18F;Fy}~c%gV|zPbtUzMa`4O
zA@96#>o5<(oYa^jao$sgIZs)snlrA$oThRc=Qi6gPuzw%5auqJ!*K4x`6K5qoV%1^
z?jq+eC}&9p<YLSl<@^@)!g&nmxRpEA+;J!7FXbq!ImhL^aU13>sjhM0CsocLIZxrd
zw^I|$O)x*<93_wQ6TpZBubNw8epw7T6c>9%#6`tOTa5WkG2{ZkeA$b7;GDS_b8ybX
z$MwbBa~xy_xh1qO6$yPIH_k=Jl>#4f1b8_gC6tw74hSemd;;d5BQPJuytKF&P~xAL
zmX~9`3Ym|9yj=v$O}&tJYAWsla(?Q<{4~#)rxs%!phV4AOE70G1(X3w%0VLn^}%|{
zTL&I7j|G&_^&$-OSvjvSL0BomP-k*(3wIswImeBzK$$9pi;w^qQ6cBM#V*|E;oe&T
z`C;A)C;{XZ;~v1dZyxkit{FfFipwz91#te$c`w%yDk_1KS_!@?!B-{b$#9`3Twf^0
z9GLUqQp|%n7cR#<xVRMaUO+MD!+>>wQp}6X2$&mJ0Lr0P6@YT+7U#)30A-~+kOlx<
zD*<rsybe%~^^!8^9M>+)IW!vf-+KKw#_v|Pt1iF%@>Z>af?Bo0jlA>IMOfQ5xUS+&
z`!+c7xlMapE8_xMtK_y<?YbxGiji$!ZWr7-Dk^GPRO@yxw{Jf{YqQJN$~Lxbn|nqM
z2)-gX43Sf&Ov5!Lr*-S#E3UXA3^d!eyP|dL5ox!j-PHQJyut^byz<JSx7>11UVd2n
zwr!KIy1Z4}uxY(}<%DJSc<}le*X;f|F>&IgN$Hu-EV$)1*pq3kf`)_@cX=UZ?$-3p
zQ|BBwp6Hy|F)Qop4x?XBN%=(|i}+6~N2TuB{8pz<@pIzFjXU0OVpdkii4#-)71lZ`
zxLup%R!2waCr@@B`tkdl%0C?EbWZBnwOhxI9l9)xjxL(rI=EfiTZe!6(caF3x0F9}
z|KX%blR9Q~>(;ev`07Q=9=_|Q_5<3rdA_`FpFTI=+;`v&tA3p@>1tOukGork@FUNC
z@y7ba*W6^YC4RH9-=jC&_;|&Y?|hxwp@YlQy}LVn#7no08FT2pPO)o~e@jXl|J8^8
zzV-X<uMJ9>banUc-5tNDUEf+8*}k;h*k7I>a__y*4&IuS`1A0$2fa7?C&XvQ#HHLB
z+&Xyr+y^g*@aNCFBPQXg7yr3qP`_a(CWeQnWvp8{df3v32K4XyWl)cZpzQ3ZnVmY7
zlni|HgW-u2QqwLEN?Y^xkDqV7a?`6{vW`cN+*Nwb4GI00FIn+Q3q7M1E41^*&p+D`
z9}Dv8${72}cga5_kG-lD{gDyZUcPTnmwh%B8PwBot<JTVw}LI}3%NF^Rb-Eze#BOh
zK|O%*-?;wP#)r(6z2N`<zvjoEle(jwf~9t8tC)65w8b_NmV2ZSzyJQb_~n=1#Baa;
zE`I&>H}UIlxJTH@lPAT=-*trj4xE$Xclh;_829zx#G!A#5eL5BCtiHvJ@MH6uZWH7
z-w-cudsBS$<(G0D`=tK6*!K2kqU@nJMcMM##ex0bB9C9i?S<Lm_PNtU*7yg-gbC$h
z?67h%d)70e?D-GG_T68Lua6uS4?Xg{@ZMe_3JX_@%n1*Q`<J{S9@wx^-1p2DvFO1U
z#fmL&iun(`Br=mWiN~M)SXA!)LA-bHuvq@YtD^M2HDb|SMdG2A4~P|ItHj42?Gtam
z`?0wDu{T6+?s_qC>?+}zv|3D=xK<R+-zv6#dO&R1cTBwX-S6Vv<GOh6y?=>^mpv!$
zo4;Lnv!538ik}qEzx0Y&zUoEsAjXCV*1jed-n~JjjCx#5%YR0!c<l?Z{PjcPnJ<ou
zjk}MFiqDUVSvf1kn1uNvf7(2;eEGd%6L`P(!H2~|Yo8HI?_Vco<vk|uF4-n->UoDK
zDBCVdp4}%_zW1Y8^Tn^?g<Z$QgZI2D9$vLUJhb{5@yfRC;>RC<6ziT^E9T585Hq~9
z#imzY70<u<mYA3_S!B89i1~M~6-yr2A|71*3d;Soa8H~m9xs1ZyzuHf;)9Pq6~~bN
zi!Z(quf6uVc;bmwV*2gV#nVqeB_4gWOw5>myYRT&Vsd7d$eS`nJp9Om;u*v}{@5d;
z^2Ha#4?p}MKKke*@!4meiSNJvUVQuQw_?|4yQJ-S;J^Xsh%SDEzT`zVlTZoWij5pC
z2F2bY;s*{Dj+lYMF(h6L?Ke;i866`A&>cEh3>`FBgiTDu6L2ApUfWCpb+$jC7l2n7
z;EZUEhTc~;5+8ojNc?sNX(NE!6ToJ{w!=KLl5zx2&JcK=7yLT~UT_s2@Sj09+by!Q
z+<5Z;pYa;qq?sTjoI#$HSrqW`m`z@G{4;DWm^bCt5n-oO21TLn|4?kx2nv#ap^Jk<
zLxY0m&A($o(84<xmE08+6dF1WYmPH!dS}g^Gq<3ysCeR}^o-0b*JQURJ7-F6-qZ_5
zVR3BixWw^E$<7oEGZSy>KVaaXgqsHs8G6gG;Uh-g+B539>w87V^p1^-?{h=nem7p-
zp<~!JojP|3@7k^VwGllc|8ZGMN2}ItE^m89yY^RJ6%^FCNz-QMo!|U|pbIa$_>xP5
zTbN@-!*hcgk)PmTTZm?_7a9~Aa!&mQL9EVGUTO|~N|ah7&2-e2PJnTMAmPBj5Z<=Z
zIs1230%s*~Rs#PM5-{yU*mLGBCO9W+1rx!HH~rOJGyacUrXx=E%M3H!>hab6CLUe$
zzBU{){{Px#-X<T`yv*?GVb*Zi+cGWPUw{2o|M};iCBTjf2)E){?@60}Gt8P-ZDG~p
zO&rs;##`^nGcPmDiqCuU4SP`k^2;yv&p-cM$2y~a?AS3KHlzOa*I(<04jq#BKmGKR
z#AO=uVp*9UdtP+dmHLq*NA$yo4@-J<3EzG9ozAqs{PK%#%Esh{F6mi$GUKX;GfyiX
zWlkWk<okseUeKR<>M8xXiVFSBH{aCX+_p`B@x>SQS6_Qg|Mb&Obv&)sVS~#wOvihM
zG3`J9`A_|gH{Q@ID=YP_TenKsvSo{OUw!pe{k`{g=(~39lK5s>NW;nx?@gXqPLu!I
zT*{1c`R1E%q>OiihnJA|qmMnNFD)(AvA(M>S+YdG>#n=>)ho;O?QgxMfBEl!>j%F%
zB<q89_0Bu*=vV{RAAkID{l5F|(@RQ9^aTqR=vW`t=gpg^7Zm{ti}XA1T&UlB?>+h>
zk31q}L|N?Lzh9QctRM1$hr{~6kq6eg^*wv`NWRD;>(*KxmXW$aytlyDTW`OufBNyq
z`YzCY8M1otp)%xKsACV5o}Ztu-;c7eZ13*ap}&SY*|ceszH;SC@N}=__4eCu*K>1o
z^_-j>Jv%!`ce~vZJnkHQ@?^K}$@U;VN54J)c3H;Nt5?f%Z{ECFf9a){bk@&v&poF<
z`Q(%Os#UA>C!TmhU%Pg#{_@K&>z{n`iPS}tXX-NMJNn+ed-Wafy{E4Mtp`^;ps(Mw
zQGXu#vlTSUQ3u74U$)01p?Lm0eZ`6u`XdiNtlzWbZpgJrpD|;GJ~eMDc%CA8%?6Ji
z5BT=Dbl2o8xRWLCuE{PL=E<Hc@p2)PIdkUt>S*D@g{Yr9rGM6}**cyz=yT@I(HA0&
zGJ4~UZIWNM9o9MalIa^ZY|x)wzg{l~?+Z&70l!#(_;Kh6boAjzAJq#BigcIDqd$cE
zyB06jbEf6%v*ym#XHJKlbFy_8<U5)Cfu~GYhMt*~1=p=-W@hUiSHAAf%+uXjdHUpZ
z)JImX?#as0GtwvNSy`F-lx*O50C1;F$<=3q-+A+j^^!Xm=}Q*hr7wZLmM*<lfApb8
z^!3j?t8d@_wtfKp3H6<AY|WZA62GW;zCLqyfu5b4t=~R<w*JV<C-qPE9?<vv_>=zT
zC!gtCUV2OaXm6GN>bpDid+vQ$pEG*_cyj4ea$L}nEb!vibEbH8@67x3*|Q(g3yW9j
z^X5OT-+k8>@UT(8cj<HbqYrG<A78Oqe{lH*ed)4CQT{^RlbNpPpsvV!Vc}f8?4bwH
zUu@8~z45yK{*HG6@97_Y_%D6u&X4q6Uw)#0wRgAFAM*df2Or2bM4k4|oTV2REYS0E
zAtyIvh<cx1RIIOi@fCgd(c}8AZ;t7^jvUip-tnRC%9^aZGP3l%DN}XVM3<g5F<1A_
zUZF3!b2IpQL%;v=_w>@0+x7cbzo$R&<PQD*b?@m9Z~0h%=G9&LQ<Z?%KGiq8wM&0%
z$9{eJ^856OiO|c``TGCY&Upn_m8JK-%H;=F-AC7b@q^1ResL<7>)va-#-32Nr)Rp|
zGt-$FMAO~mBoH7q5|RKRA%t?y;V8$WqobU2mQYTh0Fn>_gb)HGAt8SEzYl#t)1Izz
zyX-2vrZ>H`_St*w6~49Bx7Pap-@k(bA}F?6>FOD#se6#t-VwToZcx)UO!x3DrsnT6
zx9~u+-{85%&+zcD##E+lPC9B_I=NjSBewz<PhXr)p1|qE3HI$jMnbBYiN!T$SM<%;
zZOuDxjvl;#!v}u6^$+Jc=9G$CR1;otEyNc0kz6xIO!*ioRnwRo=doUYh<RX%{IMmh
zL(4ReKB8@MiN1wpMsM8Y@XrI-`&K?-p;Z)?Hd9eIPI27?bscjwUtgrEeT<HQY5E2x
zrGu7bs(Q6X<XNo5C7U?sdC?Y<vMrcvd-09P!^<-oZ?6zM+=Dsk7)EKwI5#%dXd0W~
z%+X|i^ygRkqu)EiTYrC*08=+^5iNvU`bn>!BC%<bnA*F<*UeKg^pwJz&xr4TOj6$p
ziHfTxH>jIfq+n!$>(jG1|00J&Kd8b|GDp|M0|stBq@m{y&4Y8aj^3teP<=IWgZX=R
z+1lQEz2-$GWfPxPKtMziv8G%)`X?x=yG~SMDFIjV@wt$rIhV%1PqO*sEfZh5G;;WO
zHE;b*5`Xpwm-yrVwI7d*MTF+}<CW4!gms9JvN1eN^Eihs5Lr1-$<T8WhMy2MvPRD6
z8tJ1Ol-yjy(zZxS%R_o^EfRRTglMlO%IbPa%c~_U!i2AXIOjDdBeK#dEvuudwuxHJ
ziN4WcHrCc{>zcK(lZ3nyOqMF-V@P@b2sOiV<dyf~tN9n~T}+ruCH{vixco&am-m$6
z_+9~@{3wI>{yLtY{H-?u$qfV+_TyJ@ld#eoTrIi9;h+gl`%Y2RzlM2agQW2die}fT
znp!7wbe*!B>!g?6BdTVJ-i1YKOS`3CiaF=@rF56Z@tLF24JUAx9&>kb!B6@#Olx7X
z^mV1y@*6iMSbnsOxmoQktEHlQfa-x!tX=)&w+>@%945WIm7v&4LW3%Zj4mZ1qgH)V
zitnXT+`i1=#AoRoJe*2kRy%=~0j`u!6I^o}|LR*rv@T%LxGBE5O4{&aie{eExVTR3
zt#yjVpHn>gjEccEil;RXX6A?sF6H3IQ8+tkEC$BleBPfk7yR+mnt9Q~O}fcVI_?~o
zq+=qr-V_&?F)%PhN~QEdNjKS*1DMLYF*o#Ks_LY$trKBrBq>B{PWZ=J@eViRc{LBm
zWBFQl@;T+0!`1L|l1e*>*IW&0oF=CE4oNMGq+MSoe`1Y{@uw6_uhV$<1$FnHQ!&4;
zHf>;4Ka|~Era`)-ws(y8f8fr6pPO(z9E{t!G>(0ya43}XmjW=EG`16B2nh@3+7%zJ
zNhgMegkvr!B(JTHz@&0~Bg^p&wcr_0%th(xu*_P5;>$JmN{Ps}a>1_%C&~Qesca7X
zvWU08m&#AS7pZllhP>KQ@;fzFhVEnTzen-l1FUjNEtpy(e|Cf7*)<v$Hfg@MMfJin
ziga(8Tcbv@@4UN8Rz?#)|BI`9@K@RF`d$JKKZ)nyPxCnNP8vtlp3JODY8&e5=+xd(
z`@byh1(K4Jw68Q199x2in`HWVHfK***#AW~4tsLhyC;jYt|c5gE;)Z`#rZ-Zd-rCt
z`(I0W|DQ7X^rzW;`feP4T9-`q{TeGXR2ceX;Ev|zG8MB=6gH?_+@kiuCY|?R(5BGw
zV4b>$TU6dzrD^67&A0ARSJO_6cOl*<E%-Urap6b<4*$o@M}Jy~!@s6*!Z89Tmk>NJ
zN0ORR$mHZL#>Pi%A=1>uWnVMrj%0G`;~e(Ct-5_bi%<U{6Ni6R{B{m|B!{DVck=yQ
z96!v#{YU{J9;L+iTd8OoplooQ$|3Ewr|wZYvP99uGUanms9SnY!=o*FpS)z`(Ka2c
z+YGF$9cn}4oa#Qa$k@XN3`swhT3aZ}Yr+&)uX#K`Y+yIu`<pl<c^%keV$X*rKK@x4
zo)?oTt<-utyTIe8t7P{sklTHm$ifcXuUT<Al7-6`d7R&yi<?6(&b!j_*q4pZ(R@7j
zrx9?Wn9$$~f&v@0F4VB^a2_!kLo|-gQaw6H{q!o8Q!7-?tx)mc8TBh#<DYCZqBeBv
zzGLMXHS>>Xm|LR%)-o{(X#|FbkY8L$W9twt?c>s)Rn$o??JWaX^4l>*_7ULRjMJ`a
zwIv4+uXHZ?gfcUC7gNUsS-m&N?wVAXA)$4Ui1Gn^vKu(<lgovm60XHpk!a~8zPO2`
zvNl4p>N%)B*!4*jKls}mjvXweY2-FT4>vR(9#M09g_e7346JN1vbv@EZ_>T|jG<?n
zbUj?AZhC>q)phdB?Y#HyK`vkPBqTT#bFoGH#XbfGM`>&Cp`=W6FDin#m_*9TYpAN}
zCE#i`j>pq+@rWWRBcJ%fN)k)zNUCfjx%xWUog<i<2MJ7XCZ>9Tn3@rMQ=17ZY9_n2
zPkVtLLQM@E_^eoahboSIT#2ts2{rYTq?ZokpWRJC_af~JPq_Z*8H1~v^sYQ*?CF~1
zeV<)lcyJ}UgxTfCg!vV+Z?8M&U7b1ad>$X|XT!t7krOTv;UTzR^v3C&_RYc9bOvc)
zd3A}0I(sfGtkBstq%kx{XnZ6=aZ!?SEY}hf3C&EwD>Rc6`%_3O@1SUS9J9uDaN%`A
zB`@EEYMd{t-cD8Q{<wrwd-F*Ouf|e3j;BvMQALxK4LzXa&JzZnY|tmU-+c6(>3geq
z`9!mOm-gY#g*5lv!kXF1nZweD{yICjx#8yOhKGlz_P!pto&Qq0?g~eaN05<Sz|8a%
z8|%-%I%2=HAGHaL)p`+q75@l70;2p0NeI{8JPD`wN_7q>B+8OYRB<_Bx!w4h>hMi#
z<fwB2hcsqB(_FshUPghrhw!v65_4wA(%z?Weu);1|Gvdlh95p=^v->qGw%`@nToe}
zCi_0iA<H~UbJZA^T{7_rk0m7|#kSXvhzKJ(Du#sQ7~I?v+5LXH=5sCU>(5@F^|!W+
zGrzG1+Lpd|=R$x7mxI0V3Gw1;s2?t;5;*s11s={BoN|rltXCF?Psg&$Azi=gIp9#j
zu7AnL^<b{_MH{}M^;}EoAWw6t<<=7Qvkz!h+$;UkGd;u5<fQgo+Z0q(5gsoccQ6%?
zOPZq<v&00oaO!LdS7Ng$uBo6^I=;E7lk%!+E}k#rmp`r~P-~B|-+X=EeW`Q2!prTK
z>^r%aLudD){~0!?&O379@+Ix*1336WE}pw<`S3@{{L}YidGCiQ{P-_Z_}TX|`1~jN
zTsqZ2)HSVfktKxXcahvQBE3IH)z}=hBXjhO&vJA24lA-_7?)A@(`Qe~v(|9hHI2{r
zX5r`4N<o_D%*k#(b;!m&pn&t<xg0ne&G94BnQv9{i@z%-Ev3Ph$F}6Xtvc_#{KI_-
zjn#QG`Wk*ASMj)VPO?74!QHVqzH8>nF^%_M<>T^E3Fkj6<<jv20xw&*dL>(D%p5|~
zOUUYMCa0~Ntkzzv?Sr)Fd~<(knHQU~#TfPv)!nGSaY=IAy7Pee^lE<P5QXdUTH-=F
z3GwX1>9abH@2cX&2Q@f;)Wk<WGUK>Ek6F!oyG`h&Kx?}#$cT4d&o!nNAKs(2r;DU?
zGyC=ha%gvg#<*2yfmF_(isQ<qRF0kr#O1QuoD@rRMjCOcnPgasDXeK`bZU}Sjnx<0
zqi-p{=c@mv!b^qitrx6o-wRue-kv6}t`VPWg&cRx;>c0;hkw1+ltNA)%VzH<k?cF*
zPuJk^t5&Q1_ImHEv&{~qei0^bd#_<;yOtiWaQDFi<2R>B$tlu#AYW&-8Rj3{qx1R@
zle6;--5h5~``G@WVJ61MW%GJv$1*Z7@_kjFY<$K)$;t@E7%=Px_G^7>UFWJnVpDW3
zwl+}S+(ThmD;1R;lKUN7zin+jfAy`#j*-XC%bu@2-rmvI>TIKMoijDpzxr%*dtHxT
zjfI{0823gV#yGL(WyJdNYsu_wG1~V+{jsU^Pj!~P|KyQmHN)b)2Wq>aCtukk4L!5{
za#PtD@-VV{W2dy2Dc=WMJzprc^|fN7zYRGVXMCIeZu2?ovUzQ(Et`6_DSMX@jDEAH
zv-PF&H)4C<JKJKvxA)D~i%p(wtV=g;Dle6zIzN|gT+^K2SYNZ1yS=R$W0Q%!KYv{w
zUoXdKi>-VkHtJ#vlB?=u^u3|8UaB)}zinw=rMJminc3@Tk8KUv@yGt$h>g0vP%uPl
z8&{I`mQi0r$LK#JHiDAc^0n7>M|R(M`)^zMjY(g>FzWOlyZ-HW#yER(y}JLV>}};L
z$xhiAjo$hD-*a!2XHRFpe^ZB7clP)Hk@%bP{CXMxlYalV0O7u?#CH<-P6EG^5_qL6
z?S7%ZJ^q~((zj^zx0R>ir}ZZaKU8?_r)4-Bes_H*fgKVs_Df&CzG)A&Gu=0(+4+2D
z`knXoGIz#1zq3Ez`HgXJJhz__zA26Uo3H1$^E>-Hd!F{+Mr`2s2Ci>l;mh*#Fnlx?
z?#ib66}E4rF)rimWB4{0?+w2XyYI)!%F1gW0DHdnvTYxJ^~e6s9vf#R!^dLf(F#5C
z5iook#ACDJ^Z9xCj0lf>q_eM)#_&hz>FKdy+Zh>|HoQGCF;RGDf(-{ZuzvY2+k8yy
z{uf4Uw85yKk%v*9Q7_|MX#~SZ!N6?Wg<}mXuBolD`BOMKIdM%s67}`<vVFE=DYVGn
zBG!h>fBB`0u$ME!bcHJ^orvX}adwh@%hl$uU@fxR{1<9#YHj`osq(4FP`hetYnh#$
zwaL)%o#^lHxA~J~W@ix`97bJZlg&59>!NVutA1RR4}gC_pfF1>;n?zXP<f6gj|<m6
zDZKcM@GL!ZRIDJMZjK*6D%|?4d@5XVclW@@#~VNSAsBuZA;H1q%I9HhY|JJD!zUvu
zDoXhFRoo2U3i%uqRn#!DaF+(*#QnlB6HQsd7lk#QJ;CWyCxzqq%HAg&{hE9Vf=h(o
zloJ<UA$wkx@Zb{3Egt97PB@=&R(S!EK`HGW?Y2I<-ao{|)J@_1cWr0rZuNDL{2Js#
zj9*|R=iD!F?AQ_ff+85Xv&{W1h)YQ3&^{O04BdsD$8t5Mg~Y-k5-Vg=ubd*kWuAh*
zdsqkVQ#X8{5!ok`V{-WHop4f8%V_Etqp|xIZT<5!^xkCb=7Pq+y88bGxrN0lE1Zj0
zu2ERsK~R+Nk_!<WKYA4}Un>n`i+Eoy;V=I19RK*2vPC9z;g{7*Qr!)Lgz2U>-oqk1
zEN<{IsY6ew9D7W)Y>aur=uf><E?jg$SoI|4s_T?@jnLXZ#>C7F>#|K4S88Deaak6M
z>f5Osn#Ppdg5PD?*PO~Y^O2b|yG!`xzvS_M|F<{CPMQcS86(It&ZWFbP6gZ|w{sQK
z*gCnBYZTnrz})i~Q{$5C$Wx?6m#S@{>eur&e-qD(7l@0FBQrmbLCvRi*%C4;+bL-1
zrsDc2g&ji_Hun>oT}4D>88Jx}!sUcxoilUlNCv*K)dUL<45+?MaP1r!y^koEc#36a
z193%VrxgAtY_ocH6-#wD#~i|Obq(N4w@{otH2!?NG&kJw)R>HqOQ5wy*g$DJp((P{
zCRE{{TtifTEzvo$OJ`Ye_08v`@W@Zz&0^2TCX&rv!VzSP?!9aC888cb&z%wOCETvz
z?sKejD*x6~VPY$IpU>jmKa1qR2Py1-CyN8WiqtsHrlPu>!h$@NA7`73{^3^69?Rgk
zLlzG2WwQ4J;r08?91)Ik_={Zjyq(X1pUH-LGKbuze#*vXDH&O`VR4nhJZqP>=v;as
z{A7zJ;ab(gSo#(pQDyBU$gP-buEJ|RsAl*7GjrgJIL%w(BPI*e8Uu58Zj;eGMRZ=5
z?D`fQ9fawBn9K2B2uJxeTliEiJ}!lX22|s9v4W7~4jLxrXq*uSH6vex`_E`!eZlbK
zZTi-Qqsf<~{mx^o)s1B3nrUe1qpZ45HoHLzQo9K9s^|2l#T?u#Y$`01{*f`#giU32
zjgu*#k(9Pk{PUXeiK`(%eUeh%MrK_n=Ps4=?vG3O{9}uJRAz-^EKq*qA=j5T7<epS
zowZGxrtXm2-cSF{`yANohO2aAQi_Q>`EpfCAIHk38YRE7_KseP3I_-XGLuzMM0ip>
z!O1D=Z`q86L0<5(k|!UP<d$KgN_+IY5yx|t?0LVK@XM8C<_rpJQJY5PBl2iXZGX<>
z(i7Z0V>x!pL`&NYo@c}Gy5xzQd}zdb5q9Fnfy3U!$ggMV;i7Hc8OAAN4fBhVZVbO7
zJpU>eE=A+wV8t&w9sdj~Zo%ca_*L`iuVlOZ!c1a(GvVpiv9!<AG`~!j@V<WeAx+IK
z5FVGs(PLTU<&TjVQOl*ESkiM-<y)3Vu32_q;lI(L4O+uxo7^<koGsgWzTfF{;RO3}
zI)9uqE}oqHWj>Cdn0f!5c;5TI35U1MoE7E~;v?)kqnVWEQL2Oo)C-p!yS2art-prN
zZsOLId;&CnP8E|HHHe2(4PL^`1LQw&*`t^b|4}+xek{iILUum;nq1#fOG9fN6}5Vw
z9>eJq(Hwp+9oH`kI4dl{^_U4)_gK7xlZmxhNUy1<w7rj+I}2<*7hdz#p2W!a$=WmG
zGAe971Q%Uua6VSUk=+({{Wz0D!u{{cC%~{X8n#ILKEn8J=XLw;JZ&8VWaLx|&uybe
zz8CfF-SmzQ(Aj&P(Xnw>wN@LKVZ$`qZscXye76ldqyEj`yH9#SJ;^z>h|f-bL4z>8
zS>ub>?Y8eb?CbwdEW*fJwKO7KFJDDp`}@j%`KBF){n*y7uiCe%dOXyAWnF$n_B`x;
z{;KRZwqT<On|;=hrS>A5YKMV=88&63UE=52uo8P6?REc6u^|(i{dwzEeQe(v`Pgj5
zzixZ9H%U+JxBt2Ezav|t4My?5sV%?lnNeBW_g}@oE&ZGKZ@$}c6!`A;cTfUfAMpRx
zBKUfFzs}qJ6I<~={QdvxT73Kbjk#m28DGDC(=#Kjp>OPKjPcuk8Rsl<OJASQjOPZQ
zK>Skq(T>~vmv<z8trx^+WqNuV@mX~y%(boS;<F+?E8?@t7g>JFI{S#viukOE&x-i0
zh|g*}?}<yRGn<e6guH}hwjeI8{8XKE?zoJ&w1`WKxU`5%i@3CiON+R)h)Zib&x*^7
zxV(tVi@3aq%Zs?Yh|7z(yok$-xV(tVi@3aq%Zs?Yh|6m$UtD6uB}QCg#3dGvo~b>b
z6>*6Xml$!05tkToi4m6=afuO^SZCU3#3e>tX8E<3ATBfFG9xZC;xZ#HGvYEME;HgX
zBQ7)IG9xZC;xZ#HGvYEME;Zs(Yp+$0xYY7#(Y|V5IpR_yE;Zs(BQ7=KQX?+4<dCTS
zTQ1^KBQ7=Ka3c;k;&3AlH{x(>k7Y$1Zp7h69B#znMjURPCFS>aC>e3M?cI*J<A^(s
zxZ{XBj=1B9JC3;HHu)L}jWt*Nars%xM=_yI`-O+LF(eN8>wLcH##le!EMsqQWV_Bc
w#-b5ydoQhx_BGYMf3THrj9b0a5~}w``ZweD+s~N)+%N3>({G#WxBu?{1G~ub82|tP

literal 0
HcmV?d00001

diff --git a/config/axtls.RES b/config/axtls.RES
new file mode 100644
index 0000000000000000000000000000000000000000..2929b3b679fddfb78bb58ebbccc5c0c4a9eb37d8
GIT binary patch
literal 22748
zcmeHv30##&mTzG?K4*D7Jw0!hH?QA&nx&IYC+SQlopu+K7&VE;M57o{F>Z(o7g<CQ
zM0OMfWV;~3WxujsSugu#QC4M90Yw4D1$SIQQUC8>A6}*Hq&q!t=JmYaq>@9`t*@3-
zr|PS({&mh#2qDIjfMH_tcY^lE#^*1vjEVB>CqMa%9~le1&cr(;3zCT#!@okf|D_TQ
z{~4~Lq`^+y-QAgXXRQ1cJv}{Q?AWnFqtOTp3k%_H;BO12-8I7<kF^jQgF%>TdV~c@
zX7==$iXM#x(-!<iGIeKpcVWspW8DobXAtfrO%H^jhq1d527|0OmSx$OyQwf}*oMJ^
zd2EL?cC3XkHRW#>?lG`Jk2~{779^n&WI&i&Xvm|6ylcoW`ysCylA)(Z3=R$oCnqQ2
z=jSK-`uap|ZLR3&=nz`1R_OJ5p;oKKAjhv#ISF0QplI$N6dHXk+tUh-RwrtkJIG6)
z&~*&5+#qE=D1w6YY`aew`UZu{NyYY6!kz60sr}fFmVIeOke`mf*}k?}=nc)n(9y$w
zdxWl8w$(56J^iAVq-DE$wqszw9V90e+j934enEbW)k0;dVLKe(EUj=NPby2TaCg!Q
zwMO#CH2d*mKN_80_;Kt(S_8*r5bB^>q1H7EZEZ8hOlocxIzxxh)piKIB#z5KYNjmw
z^gS%sBlP62mZUcHiDr(kgYxPj>B(<xA9-#juar?O`K=|dJtURNlKePP4(`Iq-CfKY
z?<XuRgP0DY9D;<UnOaz?)RdW;JTa!cH5#>;^^QhZa?UI{K9!S(GSqM`NE(jSR4Xhw
zUJEmhmt-l&O>&ZB_oIB(d^StRdK^2)ua=}CX>~%Y(+M*(J?rTyFTHRlSz1yyBuf=z
zcRlBZG3QV%NzRc*FSI1JmU1L%NovYdCrQt_Ci(dp_{_le8B@M`17)qLrMyYHTCQUf
z*Opq}%;%IlNk_TsNd{7ozJt#?xGuT&DF0^4UduJwOnG;3o$6}2p13yp`ul{2@-|T3
z&7?j_{ry}wls(r<2iJ2yskRSXFAx}nuynEz|0FEM*fEx3-aJcTVQI;+lAK5uDy|uo
zm}Sa2vUKA5l5^$6wMFuC5<i4LECG}MH(~tv@$5*__X^`LjUGK|{IyAwt||3Q#*e>t
zNeRP0pKF7Sk3Nz+ZSv$Jlc!ALkMWa6cTGMrjbXC0k|E1Kt2zGCq)DS&r<$5ZMNOSN
znrY{0Q%$2L%CN?C%#kURCS8&x$iXFr>1(4WPo6TRb<D&G6HHs3C$sRxQ4=Oi_<&*F
zgb7hor%h{}JS}(X)ZEr7mn6@lou`hOc4XSriK|vk95ZIGEd0Sd8RXv&CX8Y?YbK5w
zHEPY&$&<#9o;<B)>Y6WYoX1T3U`*76QKMwppdi_}3_(HchgG7YqD;rsuzc6li4#{(
z7&X&3(5uzgIbrpxFXnx)XYIRR>E_HaR8|@iRtJ4CVd5AL+<D5BDWflq?;69}6N2V_
zc_eV<%55LqpKyQZ-8oHWW@ei=pK@{8>gr`W7#3AC>%^>Cu3oeK#*d#eb;7(o2Sb8_
z?q;tHTrz4%{b0e*ezy5k=lk8}=1Z6MF26WMZ8fKHu}g2S>#VLm6O-J;kdT>e8EYfL
z!(6X^Z5etiwCQJ?-+$lRd*>(T&z}#NYwn}X>|XBE+v~M$)}&8OOsuolS<hNr@zqAl
z6sxSln73}L%zn1{<o3Vy-g*AKg~caly?u&G7dNbn_|n?p$Wiz4;}_4|)ZzAZ+gA%q
ziu8JIQcS2_%XSw3+smJv|1iMf%KP3vt(6n*2L-K~FfnS(v?-U`4|lk=JGsnQG{?|T
zTCy=!)7-Ls`*!ckOV5A!dB7*1>|FNSa`m35@bE7mPna-jZ%x<n8ErG#XS8qHlw+Hb
zzG1<FvKgHxy}i$WV)5bUpRf4jL;nlg9wdjw$A*QEF`YkgVpOivB3qTp)_ze{j%vYz
zl$g+Z7Y}nv=EDzV`42x_wxc05Cdn!}Iqcw($#ql5<SyEny5QrFKh9c^mGyCEl9g52
zadS`erON_Ve184<u5XqtpWAw%s7Rj_V-*>`cIN0QQ<_w1TB{@$wBi>$t>nOBH@CU|
zOP78A%||zOf3)kuT;Cpt#`nw|^_j6L>USMxU-R&2QEgbie!X^m(fX1(^(7yheeJny
z*|HU~{O)CQeG;N-PHd@Oyrt2xB!B<A5wlO9_V74$%r0GJJLB*S`~7(_g<pTPeA(w8
zt^8>BM?2=OY`ilnD%ZJd@-)+gX^Tr2gwH&5c*gP5r|ge)+O;^f+ZX2Lm$)8pKD*<i
zk3L%IGiZBh;ot-c-ZW~|o;9uKF7<609UUFLE-~G5hMRdyi><0SFSXpIzSErLR|c+C
zXKia7niwn>`JS+;qm|uY{`@ubqb>6n<{WCav&$+>DQRmm>z=#(;zi%t>%RK9ZSlsa
zF;S+b`{GmH;|o0gGZSFVnl<qS8{^_4e_fn!mG)j))9JZ$m-~3RPp`Gsl(;y?Wz<e?
zomP^$aCnord2?XisPGg@I4LH^s;G2P^C?fyuf1kp<Brf6_i?>h(Z{OvNXyKm_lC=_
zAw#&QPA<~s7o;uxDn0veoSfQc^^KoCozML$eqG>LUyz@lpR{52aC!dy^xWi`Vd|21
zE#D0bk507CbvSeFvrk#RfBa`>{zkW8L;c1L>abZ)i_65NNlRv0FPY>#+TFct%7~qb
zOgUFHE_QI3{d;>QrN!6h`OrUo{G}z6J~J`-jARVc<!<*RjM(?&<4>7AT|P3F{T}hB
z)4xZdKUa}I{B`@`DY1`)KRnlezxW4<{b31wUpX4fX$eiovPnSV*ilO3&*ND6+?4bb
z$Nq>vjKRd1Q09>5TH-{Wr$=H}i6tfOl(<p|i(y=<=^-`{3g#SZDsd-&jO8<u#G4Av
z6z;@<?oaWh1@UFiSc8IP73}NYqu^h6!|!5Ei7ky-Q{qmEF(uZNxKUzHiKis~lbF&k
zD2NzJO}rxUi^LnX3f7WXRN_mCM~%31kY{~)-dFJI6WnQO!81L_?Bo>0v8&mhdKg!!
zG{Q_`sCmRsl8hLNu|}gMj?og|4C5#Z_U&Y$BTgb_eS)DRF47PaY1G4*Qb){VsFm2K
zmN>GO7>U@17)N3oi7zF-k=RB<Y@^^Cjx$J4xjey@3jXE1NSq@vu%TlZTXqoNXgO9R
z29~(8mbk`JWkG%{6?`dijKsz7{Djzr_(ftECy8H3X7k*Ku_y7TALZcZ=Pt(olOOB)
z5%2g>E+pb<cg};v)PBV15~o|tA~v<4%qX{cudBtpS(KZ^supUNryNP{60b_qsEH9t
zT0Wmgd}>C#O5Ez_M+$m|TeVu^S<2ju@>WSAc6Fz`EiIWQDfm@I{Oa@s$NKS}AZQrR
z1`*S$Ng7g+mTipZe8_om(ve5vTvCvX-I+(ctKj}1=Bb&-Ia9DNW1UP(3~Z|BnDjy=
zX&%W;ui#-n71K^kyXz@G;#yJ=$;pptlElVNT&K#N0@r|_hFF*+@v+3k@}5C&U>Qr^
z<v1D0mw`B%G1rN_fAAwlmN;2WoGh`jmN?l@O<YX!lX#h=BdLj-HIj&(^&~CVm7b*K
z+LAcBnWRxSvkr-CEr=wswT`6aeTs%_PTp-8F*aZ9KWq56_`Z*O;f+^bd1c%<6O(b{
zm{3yB+GXCWFEhL$6R*Gg;)^f7{Q3*yo&**fx9Zh5I>RUbeDSN5uZ?<X^5n_RlV5tR
z^7Yr}y!dkG3*%l`{_4x&i|35``KY(~(9zME!O`KRmqz{k=Rbd&ZNB>2&tH1UY~8YT
zpT0E3$!A~2FMhG$tFOYHT;6{D)mK-&@yfVY-**0Bn#0@H6Jn>j{i^5wiWOGt*Ke@S
z4)|&r&ztMUnaqFN@7HD1y-GF|ZSlM~uwu2<TQ)YoeAE2Unl%rwoX<}hmRR-{)xY!3
z49|}&EC&AC%Esm`E2}lf-+pQGsMlUzHLiaN9zXt<1??>b+G7^0SFeBTz2Cg`)|<cH
zWoqi{@zSW*Uj2H}v9@#n@@26$Vej>o>({?!^PAti_uji{fl=|npT0ilwU<k^vp)X#
zi!Wx)otZkccKt6^zp>l&n>XLRQP@?JyXRM*zVO0|tNF7NXMU2b|Ha|UmT$hPvU~si
zP4AjjEL*ztO4B<ZX0Cd;a^*K?kDdAYR^!3X*R22L`|rO$_R+ejFTJ?<b@gk@AC%6I
zh{*Y}WaWzciyA&}GQY>?*3&;)vwPG_qg=gWU!m}K`0t!PFRT1$^XIb{4qCnY?z)Y-
z6!V2)adSSK)on6iyotU2<ZbV~6BIPJu65ChwU+B%F<F=1aQAe{FAA!=<s2_w+^PQ6
z%z3k;Lt?6ahK=Log#JtZ=~H<#K4kO5VdL@>H&@+Wwfv27^7q8?zkTI=@2}6lF#OPD
z(vx^(^xId)@vQqa=eH)~CQg|2tl+qbCKFiT-y-~3Up{s|e4cpr_ureJXFUz4EMMgD
zLE%H5V_s0YfBqcv6Xwb?#&eA6h_eebp9Z!l9zA*_9z1v`9u7ScLqiY6&_kw~_xSN+
z@%Ry#_lRX4i%0y8$2=F{p}2DOs<?RhyeKbg5=ncjM1F3KD6g#(ZQb3<J@{ih615Gd
zgeI;|Xrd2^ix;l3k0G(u$6jppauzn<#EP|RwPN`~t?<~MEi|RAqOs?)xP0Tfh)XCH
z?pyW3$0to#uZ<OZLu$mnynGRvT`U4)%SB9ao!GIjLRhaX5Xm|1!f@`kXu5P=MDMQ_
z>d15v80;(JQuc`$O{!>bJ1-iJw2RQB8nJnEuCQ93D(u#$2}i3;;k%<ml$^XMiqGE>
z^*0}hBLfhHO~*xiRH2C6(J0*Q4+ww13{hH9C8ATyMJ&G^`!WxTU7>km&5~r{?2;{F
z4t9y?Lsvw0*MP|H84&u@{bIXAidZ^thj4NB7tzrXqJX?d#Kw!b%xn?1S0}bRC5h0W
zTJh<mox)qwD1vg%i<G9jBE4%!ly%+_vEkJsJ~dCorDcn%+D38r?p>kF$`qcS-onk@
zLljh1i_*G!VYS9q*r+_kj?hdIvaeXgrd4s=2gD|;Z6aBlBg(1|i`KT2;tuO~b#;k@
z2M>w;`%{JMR#$Q0K$b{M)Cf1%t-?;VN!VK32q#BJ5uXq%viU4IDM1*@%f#*5w?$i9
zn>cmql(=>4mbiB9n&>>$shlk@UcAUP0`ZXR#cASC6*6#beK^rveE#8AV#eGBV(j#}
zV(k1GV!`aWV!ruwF-OJ=z7z{S|5ChdwL+}mO6>pbPZg4D_A}D7C#&;q#(z><=0g0$
z@MCf8#E-?pKcVh;mYqbBuZ7fQ$v$mXI*8TQ_G0V`Yx2KZ*srq|cI1DfjO{lGdz(!{
z#j^i5yqf;xr$W-aKcP=4v&k&~k0cpJlVqM3nK$zC7W2N(7-aoF6vm8_yS4IX%$`wW
z#+aD+@7Nh&vTJu>P_T)~m@&@0vvk|$zTLyq%iG7-&uaaKjn+0Q+f8=%4vw3hw*12q
zUal>-Sn<uuRjb$VGi3GYXLII$KJSY!=P&qb;UcreUr(AmW$HB3=^uRf(TtC0&YJzn
zFW-FY?O(m~FTZ~Gz2Ch5+wl`7{?GsQzsHVy>E%~m{rPLJ|Kbf3lfU`N-~ROP{@dUG
zgULVs(|`Zx|1s)k#&5}A|5uYAOMXU;df`Vej{YxWOve1^FaGkcOyqR_!7z-)|6q}C
zeQ2zweN~9DEHR8Hf25Rsejk2^xfUc7rKAw<tn)+oK>|NW;0Fo(N0ET>e97~kF-d^*
z_*=<X!1&zw`}x@T{Ex-5o-FfxFy<NK=bu0S+gMJ<#`L$9F+TtIj%D9QK1TLs%zr*_
zWIoU1N?jQb4GrP`{rd{>ob@~TBg>6U%eLijW8TQVzAf+h=f*O|c;xeuY00w;#=Mc`
zWm@vh^CG&tyK(yTY4DyBckbK)&y=`)`7*9txuT@+-Mgohm353kj#bvDO$~VN#Ely_
zaQ*sqr9Bx-x_R>^WZef39>6FYBQG+R?TzHg`0V+7+2_b|Qs$B*uafVwvNB|4WuZ{7
zM_pYV>S}9IUS5vsg9mZ)<VjE)4xZ7KI<lTj%RE{4=+UF7si}d%U_ePpi9*H2#Y$XV
zU5%!uW^{ITD&>u1k!_6RN2ZND$#EL_|F&4lOv>fz)vJn(d&olt`%X+sLYP_&-VY-r
zBm}|1!AMKdqOran-Dl3=($y=<e8{;veE2YUhm7RpWJE?rA}A;b0RaKv{WARh{o(6N
z^6|y)-MbJG5srj}1Vu(t78fpDP{v}MAIS%m&p5+Acvp_z-d=?-$)lXxk>inLlxstl
zt0!Oe4GlQi-i}VTTS-~P#%b8E4`^cr7Z(@o<yhp{jx;ypAm^l@pa3Z;DdZ_a;dSfQ
zt=PPIGaMWoU~lh$O`A3;WVguywzivKXK%;n4%q6lRT*PiTADKMqM{;HR8&CDPhnvp
zGBPrdnwpCJ`}ZR=GZU4Sl{j(Ygt8WmJj=CAJcM)S&Y`)f3F&MrHfA4k3-VFQ^;5z&
zwVVS#%Fo`;P9eV?{)mZ*K|*{y!b3tSS6{ffxnYab7V_+<@M=#U?d-_6oeC;j8^*Q@
z?<!lBl4oactCZVJnRt47KAodoyLNGYb}PTPZ}$Lo74Y=(#4hGZ8P(L(D*VcKN6tBI
z)sUB$hn(D8XvzDopg@-QLwqvV2-j$QVj_IJeW6m>A&%+bJ$vBb?1JrHUfAYJIXl=x
zMfuuF{>YQHY9p*|Y#48XwY5F$R4&+L?SxG>PO#m;`LNjxI~xaV+^`-tHr8;oXBj&Z
zV@Jo$*hYT+{rwQMI}jmzf)T>?st$`lVq5}pvvbhc*no@NPvm-+?^t?zx>DZPZwIz{
zc*B0PJ+``fAR#3KC(d0&@7;T-J8=rd74>L4*N5sO%?OW(ho?sXc~ZgALB%y<LtZw)
z!O<P=+alrN5eFZ?RQT^WfY9J#@{o^+utFs6%SUod5n`kB5Ehll@%zBedIKCdSCV%h
zA1`R)_Hn<+Lv76=v@{<fHR0H?<LKyULudC1oITg0tRKmLYiq0W4#_p`zHK}FyaV90
znR41h8FJoTef^*-uR>4%06MSULFbJ-sBAt4m5nV_8*Sj^xCJUJ6>O|F!`&kWA-jvn
zR}J<iH$k1!h`nh|*q70ay}BmE7q=t3x)WIj(!rC+tM5d8^94jlN5X0a*QMnS><$P;
zPIflx8;_x~p%n)YA4kK{lPEcK3=PM6aQfV3^j^3^*$?7A*UzzI$GE1Fm3Pvb>(bVF
z8<JA>aCGy9t<6T*Zrq5KtJWhrJ`*SU?%`}d>$IQYd*=nKHQQi5-ybt4yI{R-Je<QT
z;Sp7h$ebp`mb61%&<;&e7cwi(A^XTRWVT#IdizymAH9yMwi`Hf>MEKpTu0l<PFQ{(
zfaNpOu_w3)S$S2^mvtbg>;%ecdr@_y4@EWYsBP&&Q_CstLDzYeHT;c8(`6$nHV#g1
z?h3_db;v9|4ByZ+c(_Ht%OeP`TLWQZy$5-<9XL6750&jFU}qJJ>A&>DKaX06nG^gF
z5Z3_b&}xL}nvqz38v80wL0x(gd&|y2fAkKrI`3j{^G(Dw^<y97qEmw?JJE-X;}>wG
z>nt4R?Z?__MbPE;qW;7cv~*sBq47MbT6=M@?F=egIakL|;@qW+7<x4H^qUtJqs88Y
z3<QM6ATll$waq7RpzH|3_vInLCmr6~_Vb-fz{*8hESedI&5jkY+)#{}zmCBhW47ae
z{naYCx*tGrdNVvUO$g0CilF><xW=7>!=4KWD?EqXqxTVg>^8!W-^2d4dq`{>L~iFj
z=nnNkQ+*AGd-||zQ!XMrDv@7y7zt^m*b^ED-<=_F;X4_cl8C(gG8C0oqLlAMQ`<2N
z-WyQ9YuOcbh)&BzoURD8VMIamag-eEMOr}<eEI$bdgWk`V<C20>f!lK9z2)k!}^O1
zESjE#FW%XUS-<r{K&%0~vYO$a(TP2IC*had1Iyhfu*vr{4m96G=J7$qbPVFa*#Q)t
z9zb&20P;HrkeGi7;U!mb_(C5_^BTCn<iN>!Gxsj8V>>JE4IAOWeQc|vBmB94?%}sE
zmiu)fzvU-Sp1}1R*O6Jp@#dF8-_U~MmNsP9HzWPvF=SU9Lt?=}?2ar%@NPZABJvQO
zRLVKYgYWh{IB(vMjTVVmV;PTKDK*%oYk^Ne7XnMpU}td;LJwYmj_W3;^A-}0-Nb?J
z`>5y}Kxxka4s_f{PTO7RTkj#Ki|;{qFQNkTux4R69BjE3cd6mvvJ-aOcEXL{Om|mj
z?oH0z<D9UadrTO=H#s@^XlXeLO(FM%+y-b1TM$>!fJ{RZ;)?2!b*K*1!6Ake#&=?8
zR5rXqGU4Wz2J7|d{O+VfWxXGMAq9xZtHoZvt3efAP*<HtOm!a;j$B9jiF-)uxPy$Y
z0aRRkh_Xxfp+7gkF%2S{^N`<p9R}_trH9+`<+QC>{dpX$Ed$}~lz{aXq_x3t*&cwn
zIIitzHG=j8Vuz16c5qJ&4hlhLMi$ZzHDOmw0er&>;1;ZdTR;xnxliv&F2(M>1zdZ1
z2-Rj|oBsjWQsy=)Emki+fKMjHWA>ylem6>xR@#R2I<A$Ymyy|g2|2A-kWHi4jMMj!
zes&N!XYZln!UI%Y8ba}fyEwqKuJ;~FDEqpLw~&%liO=8k!~D0kFq;$&^I3bbW_B7@
zf0}@G98YpeAxaJ9sIBAKk>|e@o&{oJV|cF2L||ktT%9S?6<XMD)M3>(T9_|Q#qy;o
zu-}r4wHqks&Dn6+mWAcZld<HpJbd|KGM3HOV%eN1`189ISKiFE(ha@bPg>6N-MkL{
z+1sQ+6!s0F^vVO&U4Do|q}nS3D7!X<!t=LK*?j|5J(o~cQUkSD7QAe9@V70)wsi)W
zzn6)xUd@8}XBup@4u!2_5ZpY&5TBHVQ>S{+-f>)^u((Qi`ewpuT{2V)_hZ#3<ZWsS
zmQ7BE`A3XD*^i}^gB73Ie3=UC1^cmeT?T?&^Pt|D4Si(`@>@Glc$8=D)0dEU{3;Hd
zxQ>F}+bFwwABG!4IDGptj^B8M+FOs%GQe?g3>CfPy}J+X*RJ3w_s6{KY8*(bL|jxk
z-{TfU?rMP7s!FV-yjCxb!_ozDSU7hN+}vZ4SIF<_*$cRN=N7bwFCewy48pQ%v2{l_
zY}cj0@tZWbEKh~Ac`6*t65+a13va7*xUEV+z_uI&2kNnVR|UTdC0J>h26fU=RJ5H%
zaa%9SyKbTIbUzAv`=P&b7v=r@#@~K~;~YZ+)3yC~QF87E482#;+;bi3=mhKv4nlfP
zAu0|YMRiRF_s=4fQ7$#rEzqUcATF#40S;BLH7n*=_QTa95!=0k(cOCyakVFqa`+^)
z^`}VPh(6eg(1I3tYYo`sor-O{bFpJ@5%%fous5d?G5LoOlv0j0oCC8(MVR*6{aC*y
z50%Hy;OMnMu7?{aIn$5oOZU*yKZN7AhRFW|G+e)nqjw*m{@QhvbzQ)zTLVbTticy^
z*1*%<4MBmy$js64yx4@6);1ifX+&;5-@WiqM5*^7zn}y~C5I8<R}AY7iEwlcM@&*W
z_GT4gUv3#<3J)Q+_z1Lh#}QZ6id~6SP#3pAU2+`0@m1J!pbFZ9O*{)UA~?=~)fPEC
zI}~Bv!b12u=Axwh6cY1}VW+kM84Z1?xo{gtZrnxdtp_;Ve+TV%?or;CVfKwHd?Ipj
z_WDii@z27_<y+yh#Q`o3F7W1gHe^o-Xyl8~kRWVz_kyhx&&`25h(Qdve(Nf(5qn;^
z(2u(Mqg+G12;Lip-BIC`aU^!^+lSy}4LpLAv2m3K2?ez{aI6EFT-$+JM-WVT`9>GR
z!IOO37GcT4T&R|(BPOI6y1Wj!dDkHPz$xS(y@J~Fx6yKY5KWYO=Z*X5x^xR3-Vs=0
z#&fts7OEP1keyryJ4^0|JBb~fo#DL28LqBwJo~!B*<~~LIv=dt5Q-#i2D-aWV{qX9
z6NvrT2(_^*lHZF6KkN+kM?m;a1VxANY#syKFY<^3vJkFIMR-mD_M|qzH?9o62^Fw%
z$iP~z84JG4JGSN{BeM}93H8{wzZ)q$`&68}ifXR^roLM^cI_tG&R-_Zyog<4@$m9W
z#!8F*NXcwNRZ%-U9h2c55(!O`Mmg(;hVDT`xEj&1YB)RZ!;&u(`97CoVBqdktUoj)
zF~2+mJ>q`9725(_;Th-w?;sEO1^dHM6%D6ldbm0yLA7Ns>^)LoxhWE6=861Wj@9P5
zFq@H%Eo)M_UmSvOa5;8pYLUiwsk-MX%FkZGLB@x<zchAr<LIeVJaaulhQ0_Pd%4H0
ziHGZUzN7lHQ17mW%3cGX$Q0z1=y8yHd{t!~3W|#1?vjti9~WX5zdiE2`4sOyCXOdP
ze)JeCZI)xL{YtEJTn&|rHMV(f=b1hLYv!lIZAmE>OpnEfQzP+(sRkdvrNP`uNmwx}
z9otm~gzw-tE-V*&((4ghd7S%xFN)fGQF^==jU8vvdG<W|d5<B3?EB8$J4nke!KN(<
zSg||>{@w?Xk-&GxrUA>$wb&Yv0T-`SthS24hIQOCXBJ}K_#7l?3`!f1DDOw)d1Tlb
z;)~!&;?0O1@DK8XtB(_9y%uYhM8bMbCVbX&y?>n!$FFkXVv&dK8#1uVQwKjEEivYP
z1SjSqrLGG54>cg=;9+Ffw4$2$=JM6+c=&*KG4lR{yi5LNpybeV{tEUc7UOI4aBSI7
zim0GE1i3ZA)}jm>%!;saehI9<s>D~*Ghw|d4QKh@8}Ec3Q>ksd3zG53aGz_c@7g6C
zY^+C2VkTCu+=aDEqPfPii3Q?euZn`t_IOy??Si8x#~c%hh@=EW#U~?4mxHX5Dzu$G
zg<D*!4|zr(Vte<={{zxv(xah=7~r`V7(&~bE~J%Jz<Wm)Hdv=%ofYR}XF0zqS=h8*
zi{*>LuyXZI)VCfR9yP~r<a;E~$~_S0g*toXIhUCduHNj&#VZ%k(Rmu0{RfB#(uvi&
zaqh|`)EzmBQ)kcNXlDnG@*LZI^cYTbbnwn=_#R6(Aln`8k9U0XKgvpyTm$mnz!(OG
z28gR#5vd_A&NiT+su5ZF2ca*lrQFXe^ENbef4DB!j%;IOFt%%qAB~u6PPXivIFs-C
zlWGqh4KRCnEsShOrezy)ofzAaF@O9{G2>X|_#SdT9<cl!V%f{LZ%|g<=(}`<W0(8n
z@O`A*XC6I%z-FX8WOL8%DUE&7HbUX^A!B8(8O!;Wa*`NdxxagG9|OGe8sb<UFz*5H
zyClhZGnP~4lI_db*!IY=7}LhN8G85tcLxW!H$Grn?1wzx=iYda@BHAvJ*D4AkNCzY
zGBM8Q@5<x(e&kq`{$(tAQHXLSPjc?%p7ofMq5M|L43}4A&Bly88e?T3BmNlkWh{An
zNRlE|))i$vB>9zl4F8w0Bo<ZLHS#*5x$jK={wTk*=+g(1r+;1e{d#hpJqyF>?`mG@
zmqkX(Mh<%9@9&eA{Ta&{)6aMqP8py7YvS)}^Z7phfBO9&MGyA_A3sRo2MPS=lfdv^
zX|yZ-<MDq!3H@m!{!`_trQzXNb}?+nMdMnA=k2)0GS8Is)Q*dFeh5EEV59`(dFuJ_
zU1zM3<-V)T$o!GzN2ZN^j*LgvGv<%1Bhxb9h#|hKjIqx1?TxHwd}eIZ_*=$Ozc2Ov
zQdfSRb|BJ*<HAMWxjxbT%Q7-ZY$R<T<a22kVzdqE@9%$VBVcUT*tb&g$sgl0V=S?h
zw87}V(T_&j5J=kx`pGH!`}DMQ9H+kW2C=a$BkdI$8ygkfcT!TaqL1IVZy)uc(Tbj2
z+5*t_S+PMe+GogEjzRJ#+mQW9z9jCHByAX^PPc}7u49Z#N=p=b3tL-T?4S)rd3ibS
zMr)wU($O9xQqkLQ-t0)-j2(5p)H|^p9ou2&V9WcjEs8xu_JM50zM-_FRIx{hr_DtY
z$5mQdinC|WDl(L|70u1fioHp)HU)u!dr($Uso1V~xKpp}=MQ(<2<!~lMV+Px_1v_B
zV1L#&8>siTp+4D;`Yz^KGbYg{92+)RQLk-Jn~N>jy44ll-d^yhor1K(2nq~DDs3X#
z+uIcxNSlrD@NnwC{opKZFKCl+KwpC67cRm;J#sU3ocrQZsDGp`%6=m@scfj{@#TFW
z_3S%na}bzI{Z0X*_Ud`xS44erF6Fit4x4P@VCTU80w{w#)YR4}b9SWpC{CR2q#eLT
z1!FgGu6NV!fi}qS-xUU@t=q7E{W|#X4#n~F*Kv6Wh>DKI+LeyHQ`}13dL;bR)!3JH
z6#MkNb1yuN^y+iSXu5>#mdhwRb{WTce;KRZ4~tJjpoz~%Wo<hu8hUW3`5X*~JJH^G
zfoouZ^ZyX3Svl-01nxdNkX2lZ-Qm=yYzxH(D?fPnX2a0l2QSZDy!m%dnDQ3yDx>S+
zpK=&6Whb$lI^Xz;OVCkY7S(za@kei?u>B^Ac?X$B9lq+*0_sgKP?voQnMFrXP=6c;
zo7-`syBh<%yO1G1OOL1&9S)S&pzLTD;!>;O@5%c&+kDu4l?l5gxmY|S4Zrz&FRZtT
z!=BuB?ACQ)d)g_e0(y{IcMEat14un}4;d#1k=b|?aTQm2&wLsQ5qTV2Fz3}pu}5)p
z--f7&C?uz+p_T8`0Ph--3Tu#IXn_7m8?tJTBCDzyk=i1JhUG&Yqo>}EdM>9-sMaOH
zH?kOk)E5R6pFv=0FOm-5K*otX&~*=jzNoy%q<)aP&*HPUpet^`dh-x$*%E-w&cSeS
z<@)pX;JdLEZd{XlqoQ%Jn!1C$8U$;2j~iWtov|edPcKEpe%@QBWMhkOI&7$~Tr?*I
zOBco=HnX032HsU4zNpv~WKuVu+D*L}^?HVj_mSPp{(J6FXVwodmlVu-BMhtOYq09m
z6s-O_jO$nneQ^P@GSb+8l=3d_49SN5`Xp>HPl5Rt$yh$0`utUySVujJ<u|EV`bj!g
z&*dGf&3>d-HY30NEOL+cDZ08s>O@Pg4x#SqL+V$CP)WU4F?BFaeK$~)U5DMyIoPp<
z`keX2Sn_@*R(})4_m=vTI32pU271q*K~mLeM5NX8-d_i6bL#vTq+-K7>RFa)slQ5v
zw__H91B&6{u18R8Eet1mQPE8uRX1%BF5gAXt%o>v^AVZ`sAr?CNzM72$S$rxN@^wy
z)lJARZsMI@D>CBivD>2@o0jEZ&2s9l_9UbEcsmlPyGp6=Kr(GgG>6)-Gp!2VQ6&iA
zoM;LTA-Sv$PTLDG=i^+gSg4~7%US9<E}-D#H5|D<h?bkQ<+=9&m8Z`mwWb-(otLqC
zxihwKZ;a8zp^Ua(h1`!LdFL8VyR(|w!#I%Df`HwbNXa;WkeIy)jMZ?yd8bSr<u;FO
zq|t^Yw)z;t^BS370c)p1Ed4SEA)bXu-rq`H49C<)8<HFMIQIKEb@ev3x<z8WDh}0$
zy5VNO2Oitq;7l7E`pr<c;*8anUQpBS=jydS<-L=aSMnR?AI`lo#E1HRKWy6`0Y~#}
z_(vpSXHqtt0}J5jUyNm6^KSQ>OzhiRg^<J}(AAtn<+<yqr#`Tmc1ovvFCZi;1y<`*
zke1$#eW9h;zB>|$sqwTuOG9cV?}@1&jtDmJ8_v7S2lAUUq<qg;*{+}-VHIp$Ho(r&
z4K|C@VZA65Uw*n5UrddI`6rpMr%oiuo4WC&Drl<OP(*z}IrWz9Jr{6=-(PvBccSMs
zZ3ei0R5^$bZ-uLE2|TD%51@U4r)v%tOyM3)I~N%q@*dFmO)jr4h2dZs^rd{BsK%y^
z5wQFs5nH~=fIW2$Th_;6%hpJE1;!#$r$b^%Ir3_n(0%>_hVE0J^W;n-+r547E~1k3
zij9H0V+kDAmtfrz9n3yX##-71T%^r_yoZ!`mBw>~tT!^8xp)qTYFm)BzmWRgLujOJ
zMtMyG4!5<S?(h+`wRhkaztu9xJ5D)v*_ON$ekAW9`QN!qmywuJj@bRBpuarQGYr)E
zos~77j@x+dFn<3>>MCU0<WfcqkB6h@{tn-7J{yO;UslHTWPA_E$2Fc;255I=Y{NL`
z!+k%yE0$d-_qS4(Jc~TwIHZnD-Z{&0(Z5g8r5JfM^8RhHl!<abJv7XZQdhR4+$I0+
z-K23y%rz$eZR79JtQ>>v{@cd#$MPhzO8qDCA1nXt`LlW>vA_@M|9ld7e!>5HOW^tb
zEa`$amYojYV@S`y-@nI@*A`<*#(NCYVYfBr{KpCM-ICvw=fk(<$+B`kGJb>PZ)1=+
zjJ~T+@te$-{s{D6r5$dEV*fm%_|tuZ{<7%m>H_^`i5XLs?>_xyk(j6f{bgy(Ogm>{
zBl^pN{<5IIEa)!_`pYVKkiNRabl$Wx@}MrX8uZnrovSTzi6`i*3;ODUzPg~VF6gTZ
z`s#wdx}dMFf_LdF4EhR#zQUldFz71``U-=-!l17(=qn8R3WL7Fpsz6KD-8MygTBH_
z|MXP`eU(99WzbiddiZ3X39~_8Wzbg{^i>9Zl|f%+&{rAsRR(>PiFqSHUuDo&ns)KI
zpszIOD-HTegTB(BuQcc@4f;xhzS5wtH0Uc0`bvYo(x9(2=qnBSYJ<MoJd2fszS^{j
z;kj#N0qCm@`f7u|+MusC=&KF-YEusTc)m*oeYHVfZO}&?^brSr#6cf%&_|qSux!vr
z9P|+feZ)Z@anMJcSd(^hYhytlapSauzUiQEI_R4Y`lf@v>7Z{q=$o#{R~D4tWcsJm
zPMbE4(T8}RxTdTj`lvr`=erW}`}*uN_e>9M{3gh?C`mb+@!M(q<{HlzO8;`*@)<v|
zd@jpBTepAiH__<d`ls??toJo5O21d&$6~hlh_qZx7iMAsy}Rc>Y4n{D|9-ICjYf-i
zSVjJ81@d1T=I%81$uIt!O`~`lJN!%j%Lgw!DLGb1|JxruDal_f^Wu||V};xc<qr6N
E0E3frQ2+n{

literal 0
HcmV?d00001

diff --git a/config/axtls.rc b/config/axtls.rc
new file mode 100644
index 0000000000..0f288aa91f
--- /dev/null
+++ b/config/axtls.rc
@@ -0,0 +1,32 @@
+//Microsoft Visual C++ generated resource script.
+//
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#define APSTUDIO_HIDDEN_SYMBOLS
+#undef APSTUDIO_HIDDEN_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE 9, 1
+#pragma code_page(1252)
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+
+IDI_AXTLS       ICON         "../www/favicon.ico"
+
+
+#endif
+/////////////////////////////////////////////////////////////////////////////
+
+
+
diff --git a/config/config.h b/config/config.h
new file mode 100644
index 0000000000..785747831b
--- /dev/null
+++ b/config/config.h
@@ -0,0 +1,108 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#undef CONFIG_PLATFORM_LINUX
+#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_SOLARIS
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#undef CONFIG_DEBUG
+#undef CONFIG_VISUAL_STUDIO_6_0
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#define CONFIG_VISUAL_STUDIO_6_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#undef CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#undef CONFIG_SSL_FULL_MODE
+#define CONFIG_SSL_SKELETON_MODE 1
+#undef CONFIG_SSL_PROT_LOW
+#undef CONFIG_SSL_PROT_MEDIUM
+#undef CONFIG_SSL_PROT_HIGH
+#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
+#undef CONFIG_SSL_HAS_PEM
+#undef CONFIG_SSL_USE_PKCS12
+#define CONFIG_SSL_EXPIRY_TIME 
+#define CONFIG_X509_MAX_CA_CERTS 
+#define CONFIG_SSL_MAX_CERTS 2
+#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_PERFORMANCE_TESTING
+#undef CONFIG_SSL_TEST
+#define CONFIG_AWHTTPD 1
+
+/*
+ * Awhttpd Configuration
+ */
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_HAS_SSL 1
+#define CONFIG_HTTP_HTTPS_PORT 443
+#undef CONFIG_STANDARD_AWHTTPD
+#define CONFIG_HTTP_WEBROOT "www"
+#define CONFIG_HTTP_PORT 80
+#undef CONFIG_HTTP_USE_TIMEOUT
+#define CONFIG_HTTP_TIMEOUT 
+#define CONFIG_HTTP_INITIAL_SLOTS 10
+#define CONFIG_HTTP_MAX_USERS 100
+#define CONFIG_HTTP_HAS_CGI 1
+#define CONFIG_HTTP_CGI_EXTENSION ".php"
+#define CONFIG_HTTP_DIRECTORIES 1
+#undef CONFIG_HTTP_PERM_CHECK
+#undef CONFIG_HTTP_HAS_IPV6
+#define CONFIG_HTTP_VERBOSE 1
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#define CONFIG_BINDINGS 1
+#define CONFIG_CSHARP_BINDINGS 1
+#define CONFIG_VBNET_BINDINGS 1
+
+/*
+ * .Net Framework
+ */
+#define CONFIG_DOT_NET_FRAMEWORK_BASE "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+#define CONFIG_JAVA_BINDINGS 1
+
+/*
+ * Java Home
+ */
+#define CONFIG_JAVA_HOME "c:\\Program Files\\Java\\jdk1.5.0_06"
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+
+/*
+ * Samples
+ */
+#define CONFIG_SAMPLES 1
+#define CONFIG_C_SAMPLES 1
+#define CONFIG_CSHARP_SAMPLES 1
+#define CONFIG_VBNET_SAMPLES 1
+#define CONFIG_JAVA_SAMPLES 1
+#undef CONFIG_PERL_SAMPLES
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#undef CONFIG_BIGINT_BARRETT
+#undef CONFIG_BIGINT_CRT
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH 
+#define SQU_KARATSUBA_THRESH 
+#undef CONFIG_BIGINT_SLIDING_WINDOW
+#undef CONFIG_BIGINT_SQUARE
+#undef CONFIG_BIGINT_CHECK_ON
diff --git a/config/makefile.conf b/config/makefile.conf
new file mode 100644
index 0000000000..744234c4c0
--- /dev/null
+++ b/config/makefile.conf
@@ -0,0 +1,113 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# A standard makefile for all makefiles
+#
+
+ifneq ($(MAKECMDGOALS), clean)
+
+# Give an initial rule
+all:
+
+# Win32 
+ifdef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_VISUAL_STUDIO_6_0
+CONFIG_VISUAL_STUDIO_6_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_6_0_BASE))
+CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include
+export LIB=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib
+PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
+else
+ifdef CONFIG_VISUAL_STUDIO_7_0
+CONFIG_VISUAL_STUDIO_7_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include
+export LIB=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib
+PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
+else 
+ifdef CONFIG_VISUAL_STUDIO_8_0
+CONFIG_VISUAL_STUDIO_8_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include
+export LIB=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib
+PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+endif
+endif
+
+CC=cl.exe
+LD=link.exe
+CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386
+LDSHARED = /dll
+AR=lib /nologo
+
+ifdef CONFIG_DEBUG
+	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
+	LDFLAGS += /debug /incremental:yes 
+else
+	CFLAGS += /O2 /D "NDEBUG"
+	LDFLAGS += /incremental:no 
+endif
+
+else    # Not Win32
+
+-include .depend
+
+CFLAGS += -I../config
+LD=$(CC)
+
+# Solaris
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -DSOLARIS
+LDFLAGS += -lsocket -lnsl -lc
+LDSHARED = -G
+# Linux/Cygwin
+else # Linux
+CFLAGS += -Wall -Wstrict-prototypes -Wshadow
+LDSHARED = -shared
+ifndef CONFIG_PLATFORM_CYGWIN
+CFLAGS += -fPIC 
+else
+CFLAGS += -DCYGWIN
+endif
+endif
+
+ifdef CONFIG_DEBUG
+CFLAGS += -g
+else
+LDFLAGS += -s
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -O 
+else
+CFLAGS += -O3
+endif
+
+endif	# CONFIG_DEBUG
+endif   # WIN32
+
+CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
+LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
+
+endif   # not 'clean'
+
+clean::
+	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
+
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
new file mode 100644
index 0000000000..7589550c74
--- /dev/null
+++ b/config/makefile.dotnet.conf
@@ -0,0 +1,53 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+ifneq ($(MAKECMDGOALS), clean)
+
+ifdef CONFIG_PLATFORM_WIN32
+GO_DOT_NET=y
+endif
+
+ifdef CONFIG_PLATFORM_CYGWIN
+GO_DOT_NET=y
+endif
+
+ifdef GO_DOT_NET
+all: test_dot_net_location
+
+# find out where the C# compiler is
+CONFIG_DOT_NET_FRAMEWORK_BASE:=$(shell cygpath -u $(CONFIG_DOT_NET_FRAMEWORK_BASE))
+
+test_dot_net_location:
+	@if ! [ -d "$(CONFIG_DOT_NET_FRAMEWORK_BASE)" ]; then \
+		echo "*** Error: .NET path of $(CONFIG_DOT_NET_FRAMEWORK_BASE) doesn't exist" && exit 1; \
+    fi
+
+PATH:=$(CONFIG_DOT_NET_FRAMEWORK_BASE):$(PATH)
+
+else        # Linux?
+all: test_mcs
+
+test_mcs:
+	@if ! mcs --about > /dev/null 2>&1; then \
+        echo "Mono not installed! - go " \
+        "to http://www.mono-project.com/Main_Page" && exit 1; \
+    fi 
+
+endif   # Linux
+
+endif   # not 'clean'
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
new file mode 100644
index 0000000000..1ecce11940
--- /dev/null
+++ b/config/makefile.java.conf
@@ -0,0 +1,56 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+ifneq ($(MAKECMDGOALS), clean)
+
+all: test_jdk_location
+
+test_jdk_location:
+	@if ! [ -d "$(CONFIG_JAVA_HOME)" ]; then \
+		echo "*** Error: JDK path of $(CONFIG_JAVA_HOME) doesn't exist" && exit 1; \
+    fi
+
+
+ifdef CONFIG_PLATFORM_CYGWIN 
+CONFIG_JAVA_HOME:=$(shell cygpath -u $(CONFIG_JAVA_HOME))
+CFLAGS += -I"$(CONFIG_JAVA_HOME)/include"
+CFLAGS += -I"$(CONFIG_JAVA_HOME)/include/win32"
+JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
+else
+
+ifdef CONFIG_PLATFORM_WIN32
+CONFIG_JAVA_HOME:=$(shell cygpath -w $(CONFIG_JAVA_HOME))
+CFLAGS += /I"$(CONFIG_JAVA_HOME)\include"
+CFLAGS += /I"$(CONFIG_JAVA_HOME)\include\win32"
+JAVA_BIN:=$(shell cygpath -u $(CONFIG_JAVA_HOME)\bin)
+else # Linux
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include
+
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include/solaris
+else
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include/linux
+endif
+
+JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
+endif
+endif
+
+PATH:=$(JAVA_BIN):$(PATH)
+
+endif   # not 'clean'                    
diff --git a/config/makefile.post b/config/makefile.post
new file mode 100644
index 0000000000..033981c4d1
--- /dev/null
+++ b/config/makefile.post
@@ -0,0 +1,19 @@
+
+ifneq ($(MAKECMDGOALS), clean)
+ifndef CONFIG_PLATFORM_WIN32
+ifndef CONFIG_PLATFORM_SOLARIS
+# do dependencies
+-include .depend
+all : .depend 
+.depend: $(wildcard *.c)
+	@$(CC) $(CFLAGS) -MM $^ > $@
+endif   # 'not' solaris
+endif   # 'not' win32
+
+ifdef CONFIG_PLATFORM_WIN32
+OBJ:=$(OBJ:.o=.obj)
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+endif   # win32
+
+endif   # end of 'not' clean
diff --git a/config/scripts/config/Kconfig-language.txt b/config/scripts/config/Kconfig-language.txt
new file mode 100644
index 0000000000..493749b32a
--- /dev/null
+++ b/config/scripts/config/Kconfig-language.txt
@@ -0,0 +1,255 @@
+Introduction
+------------
+
+The configuration database is collection of configuration options
+organized in a tree structure:
+
+	+- Code maturity level options
+	|  +- Prompt for development and/or incomplete code/drivers
+	+- General setup
+	|  +- Networking support
+	|  +- System V IPC
+	|  +- BSD Process Accounting
+	|  +- Sysctl support
+	+- Loadable module support
+	|  +- Enable loadable module support
+	|     +- Set version information on all module symbols
+	|     +- Kernel module loader
+	+- ...
+
+Every entry has its own dependencies. These dependencies are used
+to determine the visible of an entry. Any child entry is only
+visible if its parent entry is also visible.
+
+Menu entries
+------------
+
+Most entries define a config option, all other entries help to organize
+them. A single configuration option is defined like this:
+
+config MODVERSIONS
+	bool "Set version information on all module symbols"
+	depends MODULES
+	help
+	  Usually, modules have to be recompiled whenever you switch to a new
+	  kernel.  ...
+
+Every line starts with a key word and can be followed by multiple
+arguments.  "config" starts a new config entry. The following lines
+define attributes for this config option. Attributes can be the type of
+the config option, input prompt, dependencies, help text and default
+values. A config option can be defined multiple times with the same
+name, but every definition can have only a single input prompt and the
+type must not conflict.
+
+Menu attributes
+---------------
+
+A menu entry can have a number of attributes. Not all of them are
+applicable everywhere (see syntax).
+
+- type definition: "bool"/"tristate"/"string"/"hex"/"integer"
+  Every config option must have a type. There are only two basic types:
+  tristate and string, the other types base on these two. The type
+  definition optionally accepts an input prompt, so these two examples
+  are equivalent:
+
+	bool "Networking support"
+  and
+	bool
+	prompt "Networking support"
+
+- input prompt: "prompt" <prompt> ["if" <expr>]
+  Every menu entry can have at most one prompt, which is used to display
+  to the user. Optionally dependencies only for this prompt can be added
+  with "if".
+
+- default value: "default" <symbol> ["if" <expr>]
+  A config option can have any number of default values. If multiple
+  default values are visible, only the first defined one is active.
+  Default values are not limited to the menu entry, where they are
+  defined, this means the default can be defined somewhere else or be
+  overriden by an earlier definition.
+  The default value is only assigned to the config symbol if no other
+  value was set by the user (via the input prompt above). If an input
+  prompt is visible the default value is presented to the user and can
+  be overridden by him.
+  Optionally dependencies only for this default value can be added with
+  "if".
+
+- dependencies: "depends on"/"requires" <expr>
+  This defines a dependency for this menu entry. If multiple
+  dependencies are defined they are connected with '&&'. Dependencies
+  are applied to all other options within this menu entry (which also
+  accept "if" expression), so these two examples are equivalent:
+
+	bool "foo" if BAR
+	default y if BAR
+  and
+	depends on BAR
+	bool "foo"
+	default y
+
+- help text: "help"
+  This defines a help text. The end of the help text is determined by
+  the level indentation, this means it ends at the first line which has
+  a smaller indentation than the first line of the help text.
+
+
+Menu dependencies
+-----------------
+
+Dependencies define the visibility of a menu entry and can also reduce
+the input range of tristate symbols. The tristate logic used in the
+expressions uses one more state than normal boolean logic to express the
+module state. Dependency expressions have the following syntax:
+
+<expr> ::= <symbol>                             (1)
+           <symbol> '=' <symbol>                (2)
+           <symbol> '!=' <symbol>               (3)
+           '(' <expr> ')'                       (4)
+           '!' <expr>                           (5)
+           <expr> '||' <expr>                   (6)
+           <expr> '&&' <expr>                   (7)
+
+Expressions are listed in decreasing order of precedence.
+
+(1) Convert the symbol into an expression. Boolean and tristate symbols
+    are simply converted into the respective expression values. All
+    other symbol types result in 'n'.
+(2) If the values of both symbols are equal, it returns 'y',
+    otherwise 'n'.
+(3) If the values of both symbols are equal, it returns 'n',
+    otherwise 'y'.
+(4) Returns the value of the expression. Used to override precedence.
+(5) Returns the result of (2-/expr/).
+(6) Returns the result of min(/expr/, /expr/).
+(7) Returns the result of max(/expr/, /expr/).
+
+An expression can have a value of 'n', 'm' or 'y' (or 0, 1, 2
+respectively for calculations). A menu entry becomes visible when it's
+expression evaluates to 'm' or 'y'.
+
+There are two type of symbols: constant and nonconstant symbols.
+Nonconstant symbols are the most common ones and are defined with the
+'config' statement. Nonconstant symbols consist entirely of alphanumeric
+characters or underscores.
+Constant symbols are only part of expressions. Constant symbols are
+always surrounded by single or double quotes. Within the quote any
+other character is allowed and the quotes can be escaped using '\'.
+
+Menu structure
+--------------
+
+The position of a menu entry in the tree is determined in two ways. First
+it can be specified explicitely:
+
+menu "Network device support"
+	depends NET
+
+config NETDEVICES
+	...
+
+endmenu
+
+All entries within the "menu" ... "endmenu" block become a submenu of
+"Network device support". All subentries inherit the dependencies from
+the menu entry, e.g. this means the dependency "NET" is added to the
+dependency list of the config option NETDEVICES.
+
+The other way to generate the menu structure is done by analyzing the
+dependencies. If a menu entry somehow depends on the previous entry, it
+can be made a submenu of it. First the the previous (parent) symbol must
+be part of the dependency list and then one of these two condititions
+must be true:
+- the child entry must become invisible, if the parent is set to 'n'
+- the child entry must only be visible, if the parent is visible
+
+config MODULES
+	bool "Enable loadable module support"
+
+config MODVERSIONS
+	bool "Set version information on all module symbols"
+	depends MODULES
+
+comment "module support disabled"
+	depends !MODULES
+
+MODVERSIONS directly depends on MODULES, this means it's only visible if
+MODULES is different from 'n'. The comment on the other hand is always
+visible when MODULES it's visible (the (empty) dependency of MODULES is
+also part of the comment dependencies).
+
+
+Kconfig syntax
+--------------
+
+The configuration file describes a series of menu entries, where every
+line starts with a keyword (except help texts). The following keywords
+end a menu entry:
+- config
+- choice/endchoice
+- comment
+- menu/endmenu
+- if/endif
+- source
+The first four also start the definition of a menu entry.
+
+config:
+
+	"config" <symbol>
+	<config options>
+
+This defines a config symbol <symbol> and accepts any of above
+attributes as options.
+
+choices:
+
+	"choice"
+	<choice options>
+	<choice block>
+	"endchoice"
+
+This defines a choice group and accepts any of above attributes as
+options. A choice can only be of type bool or tristate, while a boolean
+choice only allows a single config entry to be selected, a tristate
+choice also allows any number of config entries to be set to 'm'. This
+can be used if multiple drivers for a single hardware exists and only a
+single driver can be compiled/loaded into the kernel, but all drivers
+can be compiled as modules.
+A choice accepts another option "optional", which allows to set the
+choice to 'n' and no entry needs to be selected.
+
+comment:
+
+	"comment" <prompt>
+	<comment options>
+
+This defines a comment which is displayed to the user during the
+configuration process and is also echoed to the output files. The only
+possible options are dependencies.
+
+menu:
+
+	"menu" <prompt>
+	<menu options>
+	<menu block>
+	"endmenu"
+
+This defines a menu block, see "Menu structure" above for more
+information. The only possible options are dependencies.
+
+if:
+
+	"if" <expr>
+	<if block>
+	"endif"
+
+This defines an if block. The dependency expression <expr> is appended
+to all enclosed menu entries.
+
+source:
+
+	"source" <prompt>
+
+This reads the specified configuration file. This file is always parsed.
diff --git a/config/scripts/config/Makefile b/config/scripts/config/Makefile
new file mode 100644
index 0000000000..739950163b
--- /dev/null
+++ b/config/scripts/config/Makefile
@@ -0,0 +1,121 @@
+# Makefile for axTLS
+#
+# Copyright (C) 2002 Erik Andersen <andersen@codepoet.org>
+
+top_srcdir=../..
+top_builddir=../..
+srcdir=$(top_srcdir)/scripts/config
+include $(top_srcdir)/Rules.mak
+
+all: ncurses conf mconf
+
+ifeq ($(shell uname),SunOS)
+LIBS = -lcurses
+else
+LIBS = -lncurses
+endif
+ifeq (/usr/include/ncurses/ncurses.h, $(wildcard /usr/include/ncurses/ncurses.h))
+	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses.h>"
+else
+ifeq (/usr/include/ncurses/curses.h, $(wildcard /usr/include/ncurses/curses.h))
+	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
+else
+ifeq (/usr/local/include/ncurses/ncurses.h, $(wildcard /usr/local/include/ncurses/ncurses.h))
+	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses.h>"
+else
+ifeq (/usr/local/include/ncurses/curses.h, $(wildcard /usr/local/include/ncurses/curses.h))
+	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
+else
+ifeq (/usr/include/ncurses.h, $(wildcard /usr/include/ncurses.h))
+	HOSTNCURSES += -DCURSES_LOC="<ncurses.h>"
+else
+	HOSTNCURSES += -DCURSES_LOC="<curses.h>"
+endif
+endif
+endif
+endif
+endif
+
+CONF_SRC     = conf.c
+MCONF_SRC    = mconf.c
+LXD_SRC      = lxdialog/checklist.c lxdialog/menubox.c lxdialog/textbox.c \
+               lxdialog/yesno.c lxdialog/inputbox.c lxdialog/util.c \
+               lxdialog/msgbox.c
+
+SHARED_SRC   = zconf.tab.c
+SHARED_DEPS := $(srcdir)/lkc.h $(srcdir)/lkc_proto.h \
+               lkc_defs.h $(srcdir)/expr.h zconf.tab.h
+CONF_OBJS    = $(patsubst %.c,%.o, $(CONF_SRC))
+MCONF_OBJS   = $(patsubst %.c,%.o, $(MCONF_SRC) $(LXD_SRC))
+SHARED_OBJS  = $(patsubst %.c,%.o, $(SHARED_SRC))
+
+conf: $(CONF_OBJS) $(SHARED_OBJS)
+	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@
+
+mconf: $(MCONF_OBJS) $(SHARED_OBJS)
+	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@ $(LIBS)
+
+$(CONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I. -c $< -o $@
+
+$(MCONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
+	@[ -d $(@D) ] || mkdir -v $(@D)
+	$(HOSTCC) $(HOSTCFLAGS) $(HOSTNCURSES) -I. -c $< -o $@
+
+lkc_defs.h: $(srcdir)/lkc_proto.h
+	@sed < $< > $@ 's/P(\([^,]*\),.*/#define \1 (\*\1_p)/'
+
+###
+# The following requires flex/bison
+# By default we use the _shipped versions, uncomment the
+# following line if you are modifying the flex/bison src.
+#LKC_GENPARSER := 1
+
+ifdef LKC_GENPARSER
+
+%.tab.c %.tab.h: $(srcdir)/%.y
+	bison -t -d -v -b $* -p $(notdir $*) $<
+
+lex.%.c: $(srcdir)/%.l
+	flex -P$(notdir $*) -o$@ $<
+else
+
+lex.zconf.o: lex.zconf.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -c $< -o $@
+
+lex.zconf.c: $(srcdir)/lex.zconf.c_shipped
+	cp $< $@
+
+zconf.tab.c: $(srcdir)/zconf.tab.c_shipped
+	cp $< $@
+
+zconf.tab.h: $(srcdir)/zconf.tab.h_shipped
+	cp $< $@
+endif
+
+zconf.tab.o: zconf.tab.c lex.zconf.c $(srcdir)/confdata.c $(srcdir)/expr.c \
+             $(srcdir)/symbol.c $(srcdir)/menu.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -I. -c $< -o $@
+
+.PHONY: ncurses
+
+ncurses:
+	@echo "main() {}" > lxtemp.c
+	@if $(HOSTCC) lxtemp.c $(LIBS) ; then \
+		rm -f lxtemp.c a.out; \
+	else \
+		rm -f lxtemp.c; \
+		echo -e "\007" ;\
+		echo ">> Unable to find the Ncurses libraries." ;\
+		echo ">>" ;\
+		echo ">> You must have Ncurses installed in order" ;\
+		echo ">> to use 'make menuconfig'" ;\
+		echo ;\
+		exit 1 ;\
+	fi
+
+clean:
+	rm -f *.o *~ ../../*~ core *.exe $(TARGETS) $(MCONF_OBJS) $(CONF_OBJS)
+	rm -f conf conf.exe mconf mconf.exe zconf.tab.c zconf.tab.h lex.zconf.c lkc_defs.h
+	rm -f ../..config.h
+
diff --git a/config/scripts/config/a.exe b/config/scripts/config/a.exe
new file mode 100755
index 0000000000000000000000000000000000000000..57824a9867c61fb2c25b1f3b4d46d09077104d98
GIT binary patch
literal 8185
zcmeHMZEPGz8J@GR;Cwha(Vzq=5?9IQL$sFdT%1%2V#)d1v~`lJ?F3X3#%tf&K73!?
ztrG`=bmdZ%)g_We0f9(WDk_0ce?+1Jr~JTaew>g}BnW>(|Co;oM=_FBRH*_h$Meq2
z-t6w#PEsWS2}YisnP=Ybd1r5SeDJwh*2)+Qqt@$;&7q}Yi0Ar`GN!kD{EaQ_^$l-5
zG8Y<n>yhEfbSYXW<|m3~HaceJa(O#CYDJ6FxoA2U?LRye&E`{9S9|-$4kbF7U~C}N
z%AT(LxSwrgY#I0h`*7=~P|IFnR0{yA5mnI$>u3y|><*z)D~f?926Gk@elZr6yd;2l
zP*fua-Ha7TzymH_wl!lz=PU)E3?c^_PN0txWo)Etv{a(LL60asnoF6n`L1-zv`ys;
zd=fEh^V1rj^CSNs{jW#hi1SWmsjc$Y<yTnLU@y$up{v)wack=@6Sq3&m+SR$Cm{yy
zpF^I~;Cl8}E!>fe7;N#Yh~00l%=$}1o_LW|=C|VS@?!Y%LfA>HR1+(Uo4~dBy$0*E
z&Yvom+dfNMpcr}n2DOz9>@jL@-uU!o^qmFgYPGFugzF1Xb);vWEZ*TvuT-booa661
z{T*Q^*0DGQk?;f_w8KCQSpB1Cx()XH(meX-k9BOX{AIaDyNx-=Buf;1usAzAZeDY}
zsCU|6nw=#&D)8s%P-Q7nJ-!+GUU+-!nLhxn#lt^E(=&gGJgLRo{tm&l_~wT(aw=td
zR?mo;N6QZznCU(%nr+(<<X2{(!HGv|@fnb?YJxeXPu1cFl7eKw5KXdMG{aHRbVR`C
zwASJ~B4WIgi6*-I5fa|NK#g>I@rQVsIq}n#rEo1CqcyF?_sV9UYzzb7;_J{n2U2$4
zdjCsbKK^DK3844I;?pGH&7S$nKkN3NYx{+x&b2w==zi(we&J}(@0}OR;HbX%DxOZ|
zHV#K_Y^tMl(xUj{TRqrzv^pIbLWpl}u09*ChL91VcS9|YUoS4hwkzj<0r~9wujzT@
z4SE+k@63@im8H$ja7P=Z0J%?oy#^KDq^x(I_UWs4&IZP31LJePG1mXMH^=XGT<<LV
z<kdSb_{Xr9{G!lM`=E=_tu-cl7_%{+^k5^vE_lY8TJ~PW+(p!R)T^iqs4J*p@I_GF
zveVPQTb>@qdDcwlNR|=e>1<)TXz_ww#Q5heV`e6kAEUXOEn}x9PNs7_owKcC&ddO-
zx1=%|K3255Ie#MA(^IgD90!y!3qPx7>v++^IpN80wjpCBT(sQ5;n0(oeK4Pz&R7S`
zTq<LI9s=RpdR1D`(*><;8)%<N3?51h?CKQ&SpOSKSQ!;!QPx85gjLFRg$Wwwo?Zwf
zhSm^;M!Z}J5~WKXNJL-Ks0mNwo^A+gL2V7WwrHZR@pJ}@#J-7o3wvZDl$o)uY@ti6
zxukQ`BZ;BkLWz*%M=?h_bh#S~BVdyjYJRted>SPSzlBPkeu$;=IRe;A4aALDSs|^V
z$I$badu0zv{Uqu|)V0>swMWuWe7*?k559uy#mChZL2yJSFnL<-*wc+6>1=h8-E=1Q
zAu%I}^wH0aq(O(pP@_Wf>e=gRmo(rEB|*J|SR3VoMLux6hBQ}K0jc8m)M)aQelGo<
zCWA=df=1N$Lb*wDtVuE*EBuoCgGe8(yN=;A7)i;i#}L!(80tl#9W)J38}@{bVxA=G
zayL<pf^Dt+<wkX($@jfYzMqC1zwZZvNZ-6hR8*InBo8!6p4D99TdN~R5%KBjqYPJw
zl1xK@XxyCd*ECYj?z2HTvEd-nx1tdxInpHgK$GNinoHU2?(&8`ec=Wdh}lWhsF1vR
zCb(-MY2a7rA!75Dd$sN)lw#9;2lhys`)|(=V2^PJ_DGuhZ_m$QPx21zku>+$9yd2e
zggwyJ$oYMZ98<escNunrOw+^$f=J(0ji{V2Xvx9T1#{05QE-VjNkjXwChZrrWVJ6Q
zgGk>_&81Et-v*65fsC6|;`beZDw8=gOOTc`Zck3<rf_-&sytO*lwB{NAz1F!-cfPx
z-R5c!xjn7XU5oEGXjVCWsraPUqfzmB4K!=T$IXog=zA=)p3Umr`=i^_>=|)0A=D0P
zfB6si)k_xm_Rj7?5Q*(;LPmnf?(YPVJ#;dXk}<`8MGq88Q`%9C{ZTySNFqxL(KP=8
za#m${3*+(=ONf;xb7I&Ca`yxx<<M@UqUC%BUH2R%X`Z0Th`gtk2p3#YadRz^Q$Q$-
z>1$dd-xV}o$v<gAE&(a~v|nkWxdz02|47MyQ#3S^$a_s(J7}U|Gq-Xl(#3p^_M+zM
zmdqaC_xlje=^K`V$LrUiqS2mC2*mLCeu9vOcH%z=#62HM0WYH&5$hFIUeGCz3OOUY
zzimR^22yUUGEv_EVkizt{+?`<9Iig%>5R12R|)6h+uJNdj@JGVrKAtp4n%9`>Iz^1
z`ecrAK2HB=AlHQl(vVMp%gu0!Jgy{DBas1gZHzSXoa)Lrb9Fr+PmFHFvY<KV<N7)f
ze;&>PnQhQ;q(VxqsrK|`(73-B*gNW4A_7$Jol6+${RM$c-fBiX>%IUQDq8ZpKnT>?
zLgt+YLa6k83y`u8=_D6Ww47cbXMkv~At3GvR?6W(h(qf-351G9&H{0NktEkkO*EI9
zkl!gp+w%_~BN%FXHmC!sr1=;|{0r&aLEIn32Zx7jvuIBjD75~ux;dhYBHT84Mtm%v
z&E|8)UdB^-UMN}9Xo?nHIdNXF(!2Kdar}SFPG>C%n|8j)TnUAuMVfX6f!-j1J1(VE
zv5*;j@W`Rzrw%4~awu`6|1cj+3>=R0fv1LskvW+5nmG!mI30?3iF}j<{lkX`HGM7%
z9?$I=Ms}v8>DRs~<Ghsqn#J?uL_9VnVv?3R{1Zj1WED?XLVMQyO1{WT)1#$RC0y9>
z6IQX5&gYcrFmWcMb;B7#(mrHzs$@?IN9CN{GCX)IXT(5*|C4!n*N$A`P`@z2HGI-C
z3toq$AqB56VOl}$SiHv4IXIRt`8-Nz%?XQ-nkDIc$r`iCSu>NK$YrgZ3>JbPSOT?#
zjT_6`t+`lX6$c*oEiXmDosmwAHH|&F;bWF&^oSptv^dIgj=-c;iirsXS=uje+whLX
z#oTHRs@E31?<oVC0)-g3m#j+Usw?VGUf*(g(@eT*d)7;*9PJWev-*W_M}cc%wGrIl
z36AwPgCGzG8`np<`rZuB<joZBn#VKdL`meE2xlfeI)$rgE3>PYn=nqMk~Y{YLC!Tx
WzI|%@wBR<JK26}GNMl>&#J>SY-4;{;

literal 0
HcmV?d00001

diff --git a/config/scripts/config/conf.c b/config/scripts/config/conf.c
new file mode 100644
index 0000000000..15244678e8
--- /dev/null
+++ b/config/scripts/config/conf.c
@@ -0,0 +1,583 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <time.h>
+#include <sys/stat.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+static void conf(struct menu *menu);
+static void check_conf(struct menu *menu);
+
+enum {
+	ask_all,
+	ask_new,
+	ask_silent,
+	set_default,
+	set_yes,
+	set_mod,
+	set_no,
+	set_random
+} input_mode = ask_all;
+char *defconfig_file;
+
+static int indent = 1;
+static int valid_stdin = 1;
+static int conf_cnt;
+static char line[128];
+static struct menu *rootEntry;
+
+static char nohelp_text[] = "Sorry, no help available for this option yet.\n";
+
+static void strip(char *str)
+{
+	char *p = str;
+	int l;
+
+	while ((isspace(*p)))
+		p++;
+	l = strlen(p);
+	if (p != str)
+		memmove(str, p, l + 1);
+	if (!l)
+		return;
+	p = str + l - 1;
+	while ((isspace(*p)))
+		*p-- = 0;
+}
+
+static void check_stdin(void)
+{
+	if (!valid_stdin && input_mode == ask_silent) {
+		printf("aborted!\n\n");
+		printf("Console input/output is redirected. ");
+		printf("Run 'make oldconfig' to update configuration.\n\n");
+		exit(1);
+	}
+}
+
+static void conf_askvalue(struct symbol *sym, const char *def)
+{
+	enum symbol_type type = sym_get_type(sym);
+	tristate val;
+
+	if (!sym_has_value(sym))
+		printf("(NEW) ");
+
+	line[0] = '\n';
+	line[1] = 0;
+
+	if (!sym_is_changable(sym)) {
+		printf("%s\n", def);
+		line[0] = '\n';
+		line[1] = 0;
+		return;
+	}
+
+	switch (input_mode) {
+	case ask_new:
+	case ask_silent:
+		if (sym_has_value(sym)) {
+			printf("%s\n", def);
+			return;
+		}
+		check_stdin();
+	case ask_all:
+		fflush(stdout);
+		fgets(line, 128, stdin);
+		return;
+	case set_default:
+		printf("%s\n", def);
+		return;
+	default:
+		break;
+	}
+
+	switch (type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		printf("%s\n", def);
+		return;
+	default:
+		;
+	}
+	switch (input_mode) {
+	case set_yes:
+		if (sym_tristate_within_range(sym, yes)) {
+			line[0] = 'y';
+			line[1] = '\n';
+			line[2] = 0;
+			break;
+		}
+	case set_mod:
+		if (type == S_TRISTATE) {
+			if (sym_tristate_within_range(sym, mod)) {
+				line[0] = 'm';
+				line[1] = '\n';
+				line[2] = 0;
+				break;
+			}
+		} else {
+			if (sym_tristate_within_range(sym, yes)) {
+				line[0] = 'y';
+				line[1] = '\n';
+				line[2] = 0;
+				break;
+			}
+		}
+	case set_no:
+		if (sym_tristate_within_range(sym, no)) {
+			line[0] = 'n';
+			line[1] = '\n';
+			line[2] = 0;
+			break;
+		}
+	case set_random:
+		do {
+			val = (tristate)(random() % 3);
+		} while (!sym_tristate_within_range(sym, val));
+		switch (val) {
+		case no: line[0] = 'n'; break;
+		case mod: line[0] = 'm'; break;
+		case yes: line[0] = 'y'; break;
+		}
+		line[1] = '\n';
+		line[2] = 0;
+		break;
+	default:
+		break;
+	}
+	printf("%s", line);
+}
+
+int conf_string(struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	const char *def, *help;
+
+	while (1) {
+		printf("%*s%s ", indent - 1, "", menu->prompt->text);
+		printf("(%s) ", sym->name);
+		def = sym_get_string_value(sym);
+		if (sym_get_string_value(sym))
+			printf("[%s] ", def);
+		conf_askvalue(sym, def);
+		switch (line[0]) {
+		case '\n':
+			break;
+		case '?':
+			/* print help */
+			if (line[1] == '\n') {
+				help = nohelp_text;
+				if (menu->sym->help)
+					help = menu->sym->help;
+				printf("\n%s\n", menu->sym->help);
+				def = NULL;
+				break;
+			}
+		default:
+			line[strlen(line)-1] = 0;
+			def = line;
+		}
+		if (def && sym_set_string_value(sym, def))
+			return 0;
+	}
+}
+
+static int conf_sym(struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	int type;
+	tristate oldval, newval;
+	const char *help;
+
+	while (1) {
+		printf("%*s%s ", indent - 1, "", menu->prompt->text);
+		if (sym->name)
+			printf("(%s) ", sym->name);
+		type = sym_get_type(sym);
+		putchar('[');
+		oldval = sym_get_tristate_value(sym);
+		switch (oldval) {
+		case no:
+			putchar('N');
+			break;
+		case mod:
+			putchar('M');
+			break;
+		case yes:
+			putchar('Y');
+			break;
+		}
+		if (oldval != no && sym_tristate_within_range(sym, no))
+			printf("/n");
+		if (oldval != mod && sym_tristate_within_range(sym, mod))
+			printf("/m");
+		if (oldval != yes && sym_tristate_within_range(sym, yes))
+			printf("/y");
+		if (sym->help)
+			printf("/?");
+		printf("] ");
+		conf_askvalue(sym, sym_get_string_value(sym));
+		strip(line);
+
+		switch (line[0]) {
+		case 'n':
+		case 'N':
+			newval = no;
+			if (!line[1] || !strcmp(&line[1], "o"))
+				break;
+			continue;
+		case 'm':
+		case 'M':
+			newval = mod;
+			if (!line[1])
+				break;
+			continue;
+		case 'y':
+		case 'Y':
+			newval = yes;
+			if (!line[1] || !strcmp(&line[1], "es"))
+				break;
+			continue;
+		case 0:
+			newval = oldval;
+			break;
+		case '?':
+			goto help;
+		default:
+			continue;
+		}
+		if (sym_set_tristate_value(sym, newval))
+			return 0;
+help:
+		help = nohelp_text;
+		if (sym->help)
+			help = sym->help;
+		printf("\n%s\n", help);
+	}
+}
+
+static int conf_choice(struct menu *menu)
+{
+	struct symbol *sym, *def_sym;
+	struct menu *child;
+	int type;
+	bool is_new;
+
+	sym = menu->sym;
+	type = sym_get_type(sym);
+	is_new = !sym_has_value(sym);
+	if (sym_is_changable(sym)) {
+		conf_sym(menu);
+		sym_calc_value(sym);
+		switch (sym_get_tristate_value(sym)) {
+		case no:
+			return 1;
+		case mod:
+			return 0;
+		case yes:
+			break;
+		}
+	} else {
+		switch (sym_get_tristate_value(sym)) {
+		case no:
+			return 1;
+		case mod:
+			printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
+			return 0;
+		case yes:
+			break;
+		}
+	}
+
+	while (1) {
+		int cnt, def;
+
+		printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
+		def_sym = sym_get_choice_value(sym);
+		cnt = def = 0;
+		line[0] = '0';
+		line[1] = 0;
+		for (child = menu->list; child; child = child->next) {
+			if (!menu_is_visible(child))
+				continue;
+			if (!child->sym) {
+				printf("%*c %s\n", indent, '*', menu_get_prompt(child));
+				continue;
+			}
+			cnt++;
+			if (child->sym == def_sym) {
+				def = cnt;
+				printf("%*c", indent, '>');
+			} else
+				printf("%*c", indent, ' ');
+			printf(" %d. %s", cnt, menu_get_prompt(child));
+			if (child->sym->name)
+				printf(" (%s)", child->sym->name);
+			if (!sym_has_value(child->sym))
+				printf(" (NEW)");
+			printf("\n");
+		}
+		printf("%*schoice", indent - 1, "");
+		if (cnt == 1) {
+			printf("[1]: 1\n");
+			goto conf_childs;
+		}
+		printf("[1-%d", cnt);
+		if (sym->help)
+			printf("?");
+		printf("]: ");
+		switch (input_mode) {
+		case ask_new:
+		case ask_silent:
+			if (!is_new) {
+				cnt = def;
+				printf("%d\n", cnt);
+				break;
+			}
+			check_stdin();
+		case ask_all:
+			fflush(stdout);
+			fgets(line, 128, stdin);
+			strip(line);
+			if (line[0] == '?') {
+				printf("\n%s\n", menu->sym->help ?
+					menu->sym->help : nohelp_text);
+				continue;
+			}
+			if (!line[0])
+				cnt = def;
+			else if (isdigit(line[0]))
+				cnt = atoi(line);
+			else
+				continue;
+			break;
+		case set_random:
+			def = (random() % cnt) + 1;
+		case set_default:
+		case set_yes:
+		case set_mod:
+		case set_no:
+			cnt = def;
+			printf("%d\n", cnt);
+			break;
+		}
+
+	conf_childs:
+		for (child = menu->list; child; child = child->next) {
+			if (!child->sym || !menu_is_visible(child))
+				continue;
+			if (!--cnt)
+				break;
+		}
+		if (!child)
+			continue;
+		if (line[strlen(line) - 1] == '?') {
+			printf("\n%s\n", child->sym->help ?
+				child->sym->help : nohelp_text);
+			continue;
+		}
+		sym_set_choice_value(sym, child->sym);
+		if (child->list) {
+			indent += 2;
+			conf(child->list);
+			indent -= 2;
+		}
+		return 1;
+	}
+}
+
+static void conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct property *prop;
+	struct menu *child;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	prop = menu->prompt;
+	if (prop) {
+		const char *prompt;
+
+		switch (prop->type) {
+		case P_MENU:
+			if (input_mode == ask_silent && rootEntry != menu) {
+				check_conf(menu);
+				return;
+			}
+		case P_COMMENT:
+			prompt = menu_get_prompt(menu);
+			if (prompt)
+				printf("%*c\n%*c %s\n%*c\n",
+					indent, '*',
+					indent, '*', prompt,
+					indent, '*');
+		default:
+			;
+		}
+	}
+
+	if (!sym)
+		goto conf_childs;
+
+	if (sym_is_choice(sym)) {
+		conf_choice(menu);
+		if (sym->curr.tri != mod)
+			return;
+		goto conf_childs;
+	}
+
+	switch (sym->type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		conf_string(menu);
+		break;
+	default:
+		conf_sym(menu);
+		break;
+	}
+
+conf_childs:
+	if (sym)
+		indent += 2;
+	for (child = menu->list; child; child = child->next)
+		conf(child);
+	if (sym)
+		indent -= 2;
+}
+
+static void check_conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct menu *child;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	if (sym) {
+		if (sym_is_changable(sym) && !sym_has_value(sym)) {
+			if (!conf_cnt++)
+				printf("*\n* Restart config...\n*\n");
+			rootEntry = menu_get_parent_menu(menu);
+			conf(rootEntry);
+		}
+		if (sym_is_choice(sym) && sym_get_tristate_value(sym) != mod)
+			return;
+	}
+
+	for (child = menu->list; child; child = child->next)
+		check_conf(child);
+}
+
+int main(int ac, char **av)
+{
+	int i = 1;
+	const char *name;
+	struct stat tmpstat;
+
+	if (ac > i && av[i][0] == '-') {
+		switch (av[i++][1]) {
+		case 'o':
+			input_mode = ask_new;
+			break;
+		case 's':
+			input_mode = ask_silent;
+			valid_stdin = isatty(0) && isatty(1) && isatty(2);
+			break;
+		case 'd':
+			input_mode = set_default;
+			break;
+		case 'D':
+			input_mode = set_default;
+			defconfig_file = av[i++];
+			if (!defconfig_file) {
+				printf("%s: No default config file specified\n",
+					av[0]);
+				exit(1);
+			}
+			break;
+		case 'n':
+			input_mode = set_no;
+			break;
+		case 'm':
+			input_mode = set_mod;
+			break;
+		case 'y':
+			input_mode = set_yes;
+			break;
+		case 'r':
+			input_mode = set_random;
+			srandom(time(NULL));
+			break;
+		case 'h':
+		case '?':
+			printf("%s [-o|-s] config\n", av[0]);
+			exit(0);
+		}
+	}
+  	name = av[i];
+	if (!name) {
+		printf("%s: configuration file missing\n", av[0]);
+	}
+	conf_parse(name);
+	//zconfdump(stdout);
+	switch (input_mode) {
+	case set_default:
+		if (!defconfig_file)
+			defconfig_file = conf_get_default_confname();
+		if (conf_read(defconfig_file)) {
+			printf("***\n"
+				"*** Can't find default configuration \"%s\"!\n"
+				"***\n", defconfig_file);
+			exit(1);
+		}
+		break;
+	case ask_silent:
+		if (stat(".config", &tmpstat)) {
+			printf("***\n"
+				"*** You have not yet configured axTLS!\n"
+				"***\n"
+				"*** Please run some configurator (e.g. \"make oldconfig\" or\n"
+				"*** \"make menuconfig\" or \"make config\").\n"
+				"***\n");
+			exit(1);
+		}
+	case ask_all:
+	case ask_new:
+		conf_read(NULL);
+		break;
+	default:
+		break;
+	}
+
+	if (input_mode != ask_silent) {
+		rootEntry = &rootmenu;
+		conf(&rootmenu);
+		if (input_mode == ask_all) {
+			input_mode = ask_silent;
+			valid_stdin = 1;
+		}
+	}
+	do {
+		conf_cnt = 0;
+		check_conf(&rootmenu);
+	} while (conf_cnt);
+	if (conf_write(NULL)) {
+		fprintf(stderr, "\n*** Error during writing of the axTLS configuration.\n\n");
+		return 1;
+	}
+	return 0;
+}
diff --git a/config/scripts/config/conf.exe b/config/scripts/config/conf.exe
new file mode 100755
index 0000000000000000000000000000000000000000..43dc07c0a6c1134803ceca594cca2bc38187cbc1
GIT binary patch
literal 91179
zcmeFa3wTu3)i-`78OT5ePJp0MgN!<8K)^%+2?iY!2vku~F5(rbpkfhtVFpkU6J|y@
z9!H}Ud($dKt!>q6t8{<@fj|OYTErVlwJ2)OVNek?2BggY_gnkSWHO|F{oeZjzUO<M
zmmzb`-h1t})?RDvwb#C!GZ$Y~r{!vz=Eh$#scCUs`7a>f-~CmC;;y~dbk$z$^x7$L
z*VxxinQ-%rdA>PwXWuk;>aD&Trp}r*JLvo2bl=?2EZ>Y-zLA%X_uV>s+Vp{4x^(tC
zsK<@cw6U%Z+T<I4HB#&D(q@90-CAC5zAI;__HzIQ@z)uD1<v2|xRN`ja}?h$+>(F!
zHx4NzUVYOg?b0-#f@KBP!9VAs5&@T1+ELy9pZp#eoW77vtN9te$Pn9_ZUpY}&!=hE
z51ckNI2HFbXqNUo{?KOam-x&07tpl&fpZn$<1<iDkH1^+_c;DC{skbofj^u#k6D3E
z_$npRWB=6<-wcIMWCIy#9>8^O3m;IFjz#c4IseZ{V50F!c%LWy@%|NB=?E=aA9TI?
z?wv>VKaD!tr+$Ajd808(5?wApzhvUwTaPxm{iVGEnl<9bnzpT>uI;}ojHXHB!}|)1
z27SF|_8dE6gqCnu>FaZwN9MRZp|6c%zqRloO)LM_Xbko+uJOBL0hck-?=dR;)}<(j
zHV1ph+~>w7C-wE?l8L;=T<s!#eUBBy)I72PI6ez+F1Y%-DGhb8;OSa;pLd1!d;pw>
zI)#T9pba@ecX+e60bFYJ;POmxiF+^a|E}%_@xF(;r$t+T!hP(;)2X!ZzG5&1_Kl#w
z(0JQe<S#PZe(UQAn$}#^$73|<QFuwMu|o++b#Cm?7Z;6<8b3$VBK3M?ElSOvWF&kz
zXa2<S;aoj(52(aO|1;c@qu;$4_u<1G^vFj5)R!)mq+5@yK{7U<tlj|j))2ih!S5FS
zO>ks_9~0b!Hy1aA54+~-WJiyjh5FVvN0Uiw$Acgo@Q~YgaBFRnv>ONo7epMd0S(C7
zZ9UAgETpkjDAkNXeyinybOTdBPD4`+0O^es;(fql?+0~AAfA)L-ZD)@5&aAq;be{;
z*~F4!|9XK4g8thM#4D<xY@0C_x%E!&J;>cKY2w6*kcYJk%%HB(Xngt27aI@t?)!4A
z@bbQILp^TmeyI@L6+Y?;-adCy_-IaWQKCy5gH((|QT?bW`%&_WCiVo@RNGRG3LoyM
zM`k6H$?)MkJvtAN_I#w2s%Ir$0v8(~Z4EZzwh9%mk@M3Kw<dn9KyORj1IA;2J_E4Y
z71A3(!e=h<CN8Zr_8ae6Klx`8)-5I!Zt1K?{sh2q%LRJm4cs^iTT8837gH5AXOMUH
z6|#QMOeI|o0_NxfGvGyyTcHhT)*BD18_x>&^8sy)DBG?BU^NXPqzWN_WD(b22FTTD
zur}i^3iG`N?I9&V-vMar8A6ihJxAK`932ZlG&8zOk5Eb}?)Lpib%P%w5B;>Po;|f@
zIJ-$_J?cZQIob;|1^(I;H)BA<E>rj>8e2qU#pYx$`?opj-)LbTTUg}=|Iv@3At=fk
zc^SIEhWn8(w62D*L>P;hHLnmBqeo85K@VK=GHSqb^hg<!@IJ?(dRe^ypY=l}>Lvkk
z1y5*W0^OX_R}=y%T@4(X81uoYs_r8wHOG6RJM`$exJA3~u7_MFfDiIHwm+_$jGb2a
z+hj5>I$wP_L(*3UhwJxK)!~+l^~iI$(eJ0Lfc+Q2TaTsLMBjm}CazTeu;n&A+Jv;@
z&y?u3ROc)Tp17X6*kFK(I0L^U#>RtB>CuN!1^k#J;qT}nHaqN>ll>~s8XwFF^m4!}
zypp3m>%RM-xhqjM+%hXT=&mK<mRt4c4~VMSvHui(prHba5)Xx2F43cX03-aC)jJR@
z)FZdS3KWC)l0iz-z6yCDcpt^qiv;5&049-1i?%$>%tI#q#VfIt&M#3U-PST>*{7;<
z)Omn)-eg`0@{sWmGa8sNUS<4*8Gm4g9~ss{+$l4<IE8XB3*SIDwysVWUYRN^V&N(j
z!dFWNxV9lJ54r<4Mi+SL5ff=4!Hdm#UYOm5?2la$wIQp-toAo=_5@E`Q3PEDR`PpH
za1`xjrm1NwpGMlM1UbMxT@cj6iwj-BP9o3AS6|m)UhPQ~IQoZW8SHc?MR$b`vJmb4
zIh)txUQJ6pTQ|`euq(*X?=i}O{2l0`knd1<7pS}&n$D3cQUikFmfYYhbF6=8bX)Ko
zbAo?pbEUsPk8;+)lv(KwTe*Oqe}U0rmBMAfpoRiTUbq7tQjR&rljsDVqG_Je00RUd
zytx7%0|Kk?TlMG&iS^E?u18LUxiWj(nRHdgCOt9_SYVEY;_TM-0~5wffAM<Wtd&#{
zBe}9@FC3J|F`7TH{ck{!_Ss}Z8as&X*P&lDV^DJ?M*2d(zI>$r9P9R*RY!gp<XLD|
z7Sd53fklteBY#A$8aZPdKvozm0fQi=oN-w*Zk0QR=r@71^2*~uA8j9G-V7(H29DCy
zC_9Cm_K)rg9$!bD7mZgOJkGvIMeYTrZNSu?xBvDYx-)pU7jnP_MoGZF!3KYX0^$D_
zPxLcAT8m;7z00B|6s?eur6o^a${9)0AN6hwXf=!c=V*GQ1%#~!n_=y@5=p?bwuViG
z#F(}wOQzcyHd4`sRfcTk(f;u@JlZN5?<z3Lm4I}l-VFNt2TS$!+tZ<)TaT<$9Z>w>
zMgue&v&M56kRxt2zH<CohDzo|-sm<xaw|Bc$UcGlXEb&#(r`DEa3SP%8R!oHeNCK0
zD_Hsm0L&`y8gM3I7u&Y+8s>Rmy*(W3wf+K&4l6^2?uLdJ7DCV`NKaR0TL&bxj%C18
zU2f?SFA&Fl#F}9R??dQFyRA#uM6lajq5vFyeMqI8jWS>}$GJInJOdQX0YrRJL<Ce^
zXI!lFLB~AFw!uO9aC!wj@*Y{-Tw%1Z8`&|8DkQL65%9+QWwBzXSZPqGeo3Ep6YhWZ
z&CyEqt^OeOC19v6iMf7(GJ8JcsMG-Jw<)21O{VW;>2<1G((;Zl^Jb#1^4b;52cG!(
zV8TwQY8S8_^OquH7D%H?4(!efF{1zwDq28v-yzN+h*AR#LkFuHY2AzF!qsf~MqG{b
z;!YQWTx&<APamU4Zvdb@ni#9RiD&3XY7w9TpI5xc8VQ^x_&w4)L4rNidX8*#N2Rp?
zo)|Bn1V51=Wsw>3V(Mh&-HkRph_CRS9@koETwCl##8oqNfF4O8WfuRE)^{^XsEnUR
z(%lViwKsD0F!~C$if_$Ycx`KW@ch;FgGOj^ei>cF@&5pBQOz)-J3_r>j9kgi8z<qF
zoD4B=a>n1XdKo>WzIE53WKxC{$n(<_wV#jEw6Yz@xjr`iD`UHOU%2_uk`)D@Nn?JR
ze4|6`Mu%YfdgxIKfucXOC8iuk^AmU0>FWcowK-rUY+Vp;8Ky7As!|f(<e^Ov=UISJ
z@#^)enm2wfKvCZ#%nPEcqVTBGzgolAIP8GVPf;N@YMDUX3<&b^DinjF$7wJlk%xO$
zvMk)29g!LeqEh2i<k+<UkGlaN(z0)2lAM+$B?ItCXx1==J-QJIV>rcWR{(TFo}?-0
z6y$#Bk#cFl)h+^z;#nqtwuk6DqE4bN-hmfGSem@aVQD<bq!68pdkMzusSuXjt<6Op
z;mfRs3tCBC=+Qr-iwK&TDKuVGwR2I+8SkyNlUNVXHsdf*5Rps=ixk<JfJ7dfZC&Q%
z9gjSj*w|fg*Jk!qS7&U*K)WiZGEyIE!PKiV+29az?9155(q*m@0QfpKBH57Tud~x;
z&+EZkd~8pc){dZO#eSqPpkOku=HF%)mY3BdzUbr>ddD=h&Zn~Rtr&OC2yJBmU*USs
z%Kf-Dv>6{(ut@UFfLq|&mP^Nwe04{3@vUG%;i`k1cMr&g48tw?3-VydL2w=)kFSRK
z)$%<%pZ8Pc{@c#HpCR`Xm|qv(*B|4e4{ncB*hT&l>qIJRq02e|^<d(4QW!>rIAzTf
zs09EOs368hN1<_@2?d+L00->HG_oYTxqm}O|7JW{Xf*;?Y>vzNrNY^?L~wdn|DHH8
zwPx@Ge6ef51#rFt&0D`B5c4O1y;gd^W7*v(QysN4EJeD|9%O|#7b1deBVVkSoHtV1
zS19c(GTs5wg5YSQ&~I%ZJA?da<x9MSC`l0Z7YAR~2nZtCAwYF+LkkOxt!QI<jU#0b
zJ*mLeG-5G_^2*}i4tnn!(zrSQ$iTgmxIbYYpoTkTpm~V-uOW@;d8>bHou32bR8XOu
zWrlxwEjn!<YDBz5Y@RGrrTrAZyB-IOzpH_O2KnQxD}uTT3PpI@5In`$*>`_%Ju*G<
zZUBXr8CJW=*F*p%R+7$IsfgIWI}KqGh(p<Gh0FdcaA)-=tapJj#~|x<Xk=v##J8Hs
zvK>a3=V|M8_%eDvj_*cl%$uz*uN8;fF)nNe2rl)wh=*FaAHFT4g2c1X?+W4q^F<<>
zYy5?-{jtfe^LmlmT^E==g<uedL^~+-ix8d!=dQu5xPry5{lXR)f}#t7N0zau2DH|_
zf{mbEegTn7i;PW*sL*h2GK5Cr=Wqis_afl%$EsYc@fvF2DmDz$Qk7xMmLCiV-bQy3
z8dY?)BL=hQcC>QEZhV>EI&(yUd6{SB9I$A*jGkH<Mdt%IE4Kmwp6yrHqbRe#3C@)T
z<&c>RQWu$JmXkl&`>4CX7Z_S|92MW%yRHSl&|eO!S|b2cH_7Zmv73WQd%W3;#1p;r
zRXbwtZD!%}nk^Xi+#_P{N>{zUVOh<#fL2w0aNY^}sveOYp`8Gd(kKxoK7f3#HnyUN
zw%WJ-3kc%7(!1K0gMSY@BPJh%L`nz@x|tUhMz@9fqCo}W&7P|hFDogQ7uSV8ZgSUw
zwwBnX+ycuRuogq*JPtcc*Lm297a<Ec{)(nb8m(qlx@i>n#vX&&g=%T4ET&|U*Hnqc
z5p<?)Mx`g%c?A_$URWD+HP}PYjU9T<dhHu9P{#vV%OF^DC_1HeA2~SL>?wGwONbZ5
z9aMvs1iLm>`<U5O?I)$C>LOmO(Li7fr5IqUX^$lHYni_@7g{VO?C-#eboWb*dEQuc
z4jcXxdL6Du1&f-h3Z*p@;NNyymyn;GSHp?Mi|IW6!jQKOME@*^X8@6SvUU7J|5wdH
zJG>$i)4c>b%9D;eU%JsykXJ?0@MwLL8?FLdX&uL`q!3Z{b*UA6+1iJ&SXpunEM1VO
zfjG5(341_OOW4%w7eg#?U`H?xxy$NTb8I;HJM=xbITFpQ^vYmsRJz4e8<oY@z!t<S
zC^ss7EA|7w(Nn$)jGp6!nrBM(cz%VV=Ow-UcebUMtLTB2;LHKlLQun{2o?g%Gq!&x
zzQ@03eB=H-d=6vEUNhTQ@UQB-*}f)?5vP(Yb~L1MMzga&VfLa)i_K$CfRhW19^7|;
z7eSDAUI*%Ve)nt>HkyrMe{8NN=6(s_YP@<6Q^b|x4^{1ox^J4?D3n<%dI-7D;>Gw1
zH@UG|xY5ojt3UWVV=!rD6R3l&u=08uy>)*Iwb5jJdBoTWV?m!1b7L1;DHy;%2P5z+
zTO0elXq5-W1soc%Fm}4-L7z|!#@feeV%f%^uvLb6P^;+zvm3Qw2Hpl`{N6B}Ru4F`
z9cEz|HvdXMs3aQnRXyp}SJ34yD=@o|w!$x2W}yjlTERiVs6<qf_;ZH;ME@gSDITqv
z=xZt7g4IH}d{8(z8DvK&vcvv&$#p`bi&CwW*`!sCiJQ@jJv6hKWJ~<DbaRRptvuan
zkNY0DpA!&B?+E6a?t8F;|2pJF_iVSIS6ZA(tl%iOS_{Au7$m}T^@7G61cKCX-;-FY
zELW{>O)T3cAyb9fbIuC^)*A{6^PoW{SL_Eu&NFsG{eqo|kC@o(l<Y^MT@TjJ@}*c>
zCoIiWEZxKDuF_G8C2I)%N*C(S5$>{X#w*5O)L5EuRq3m8V};vdg_oJ`s0^Wn<Ma*p
zcIWUJ-FDaRZ{9TqbD%Ze>wCcHS&BQ1r}~CSr}_po>D^^w9@uy^dXYr9rCMKF4TEO%
ze|+Y^pK4+BWLT(m*#fj|oLgFI^rUFf_-Fx(hOj8$SxF(-N9mq9?@0!{twDsWMW(Xt
zKByJ%1W`$V5kC&pQ!Aqx*~cS0@sIU{i=T#jV=(2PcxwflL{Gg!S_!>w!Qx#;=yDP(
zKIcqVStms}&ee#-L+gmr7{HQv7v?O%@*Vq3?4sndTw`nB{VRops6fe5U)9Z#n@eFc
zq!4Yiwt{$^3t{$9Hft<LzBiF)mqQX(=L4|q25ZlkxG*|aGlUufoi!hZbBv^fNBc8&
zJkecQbJ?!)xAoX>IzY(7rN!88OLVTTDt|+d{g}CkOlvBNI)(Nb`@_3iVsku+J#Fxk
zFg(`_B-$B^mG)ya#bc!S#aGDP4lz)%iwIJWgap#|tw_fINCbz7;5sDD0m97Az7`ji
z`a2?AmaC#C740B4^qYkbpdS^RxA%`GL&uqw1rm^oaUleP+%zKxBZ436?!~720kaET
z6D-Zx?%Jw)LHSla{Fn!DZ<!Ll2FkZ$9)^jXzT{%~Z?vBwGAb_tBSmJQgbjENj+&C`
zyYUBl^eZe?NbfC6f{f1?PG>U)yFH@CjeC2$w!hvIuCKH|XTZ>EnH{Otscd^|ULNx<
zZky*}UU}QRPR#4mHjhV4>~3xI@|pKf(A^-G-W5q>IBnCmkg3c+hnZsj_8a8zbk^C1
zJLv*Ai-3j?wbsMdR&zizB<i-~aCc(s@e^5J4Bq~6no?0KrNu<r+Qbux{ubn|6_&Wj
zV)PQ0CL&WQL0_MPsqs)f@-<{@6#AvF)6%S8gAKa^wBrm(?Ni(0E@WO;<gI7G<20&}
zj#=5$EBg9T+~_C;u0biIa+!nG7``2H!RS<MRy-`WwZM&_w0!IQS#a1;sj=Uj;tg-g
zaqWy19v7ROQ~q|sci}~t>A)<9v#tdFG7lX|gNc`qbI<+2*olzO-*-EW$h9R_>>_#7
zy~Z5pH5A%$*rs)d>vPI?>Px-oa{8*V{y`UQU<;PzV_YsZ9G?qMtK6zmq4F7a1;_GJ
z+3=neOE2E#^R89o-I@0d;m+XQXSh?s=jx0j{GG^LEgEq%Qz^LtnQJ7o12cPynw~?Z
zvK*b6%5r{|##zvcGm^&Htrh3&G|nEaIIluxtDiJp?t1{fGQ&lthMEjVnc+n<-Syo#
zdXwR<IU%x-aPjsSmvjvv?JqGL{<jIsg17XNKq4#zGI9_TBz~dR<gmRGod$i1UqZfB
zHW#Z7_4YLIm7%7d<aHeLPT?IRmpJEGb_MVH@a}Bf8H4FMQ_eIp7%eDo)bHJnqP~sc
zqn^dR;E$W&PUCQETKIF1bevgVAcQ&UxoZzBoDQ1+)|JS#KUW(7zOo%~XYi&aiB9^e
zyvotbMrotYo8T{5^yM*L*DYQ*ys&>xXp((Xj+!Q$S9oLY?r@Lyai7H)?S)N~v^iSh
zqh}#*V>DBUu5O5VOU&UCh>Mn0l!Cs4ese!~ko7wAX74xexW0gA9|vb!T!zVFFduiy
zAy+H`DsuqCjJ{jU(cD>#-iAT4X*8o~E%9)CJDd0vnh3zeea7~UR&LClWAl7PZBp}T
z+WZb1c(ERwg9$7vA-rPnk?3dLg{<&Uw;p{IVz>S)3qb!9c58P(b|WTk@J`m*C<gDI
z%vj4Tya%H}iFr92?|PXF8P<t_lL0DPzwlAzE$AsQHmR_?ur?JsE02Q~?+E$PVh%cy
zAA=Kt+W>)UYDBAT3iMB<6popo>8^F{4JWZGBcolw-RLer%hE2&bk{N1VqqhWmMNqv
zu!O$+9O^jY1>8vaR&pTLBPYSS^!tW@1s+R^uE9VJ*F-fH3nH`dPv(Vg*VdKPhc)$c
z6iWnXY&0caw6~x}{0KEt$U<4KP#nv!E2FsT@L+-CuU!knjt@fAXnph<%=8nu2&~je
zo0<Xz)Rz4gBANIEf@~njZ&Kl*d4f5vApCMp_@krIU4}T=l?;Z0!_r;wxmnaUEl>h|
zkKzSQNB2CN9IAzw(Fe)w^$ZHVe#=HBqZd>0lOYOwB^o6dWfOo^e+_uGM5dfO^lMK6
zThXK*jUooZRHHvs=X1TQ+?zE7jAx1JHo(bv?F`ieIDm;1UDyJI$ope+g<?Lu4_#_w
z%w3O_EPaDJx`aV`{au)3M(b6DP`<)#SCh8LcLc(HCFqT|j@<PA9OuVevr((KMWExu
zZa7z==I7NcI`^m+lu2<}Js{F6J19tMp?|=kltLlaPH-ekI+q)FVDvm{RC$d%JVsRk
zmTIW6CXQ-aQ<W?hHC4%SRZ|t0NRTN@Rt9$Yb}*pbDP*{i<Q(0L*A=17Zzr&-^DEBZ
z6u(?&@?%Ub0;As8tQ_=1GUqe;`>hL8+>9yPk?`oN+{Z6-_oysCu;{DCk>|LyM)x@y
z$f2^^N>WE$dhY8iDhd4psLKm%g(e7uaeOddPaZBO56{H+@xGe(ucYUb;Fm4fehUl*
zzK{14;BPp2%wDfqaWkfU8T&J0NSSF)c{0-+!7|hAnHg#L3HM5cQ_dqwn(i#Me#>%&
zQ_5G=x5Y2;Do@IJK9v0fUUwwh=Zpg0Iv!vt+lK61tOK)K<Uj_F(bLH|>zbAc@jDno
zo3MU@?y+^Rte>lHCrf5P?5vm7?qk3n?{WhA+KYaMcjk+Jp0hR{@k^9Qd17VqMaWiE
zbux7104j*u&BTz}W~({>tl;}FOdSZV*-|O^8Z4Z9IR)#5%t-7n98Y?%0${hwsW#kW
zh_o)|eM90G>HabCib-Y7STvwP_|Tst49xXadIY0;Jq$Rq%{Ux99z&<I|Dvz2uXHsc
zKE(ds!P-xg05OYS(gs7KyMjX@4=e>bUgm`vY*MHfRN$wpUjf+WDt}&RDh2PzN6xRj
zY+wsyF2Ic~Xj%o}EH@ZEVl=GQk-+J@zaRWv7!jw-_>sG*ii?5T3H9OKhdShOl2he3
zv3>;>j9f$UV(f$(Waql(E|;c9hrn9(^{>Yt$L?+T@T}m6ca_F>%RSDgoq)o`U!C@m
z!C*a3F-%8p*=OrDh{L`K_i-N#JAC-I#9y4{k2dEygV>PkH4dhm=!qjDP^d`$_cv1l
z!J*Pfx)Zt!t1lYLrXebJnnnYd2Uw%Zvw}#_4nY>)j74HJBcngG?oUx>i@_MsLI^k+
zV{HctHR2l$O#ulQQiFjLvT=u%#>~-hgls%rgQ=BlZh+76Fy=L~)WUK7R2%*Z)_o#;
z`3e~;a?R=jHBdb53Qc-CCp4|8n$vhKywzn?7sw3SsCFZGMjOC8Ik(RH2xuCtLSAU=
z&W<Ly?nM*6=0@=BY)S`kPy0c77|WPWeB|VeW6nV4Y<Co}0hHBxm*b!6Fh@$Y<$Omh
z*4mp8o{)Vd8AmR3VI$xjn*!1R483fJ45#ANxTXgTw~*-S>8&h2iu?BT?{uC9AVIao
zs1|<!Ut$ICvRRGMW|{Blk)HyF9X8&LH|(q=O-R)IF$vy04V_9^(}}bu!aV6<qp6gj
zNi?Zop_z*g_O}$wGk{6FN8GYMy7oNcb#{A!`$gjR0yl9)T4lYT`5&WUW%Z8IHXK2g
zeGZHZ`_;0(xt5^`FmvrcfLm)C>Ng^*(KsN33O9-5oc%HTlf_V=jJq6kfufLx8wELB
zVYGLEA#5KS2TXvqj*lFdGRGe|&Kv69R3&DuMqH&SnCKZ`=GYQ-{uSeYYVgFc$1xSd
z9-U!<xj;Pc;Tyn8e{M?e$6f52TvvJTxjq2;(Igos0qo;gX`&MNvVTe$qPdjgST+Q6
zfkvY@!KE7LWmlPwD#FkBc*z+M-zQT+D&ilC`!xmlqW6ZLy=KHe2uTLkFi~pWI?<tq
zqEZ&Iz0geUW+FOf{54@m2y$D`PXH56VU7v6xE7pdURW3pH^7Y@!rA4yMd3p^@hFnP
zF0K1XSZ!*E*CNvyUniAqE33!&zzE8Rh3M<`RVPPwg{DMy83%&B^;I3S^ey89&w$AI
z@Sz$XV$S$*3dRSFLeBW`0K^UR?I<p{qxi@V>9~2Opazdcgnpr~e<SU(|8bW$<+4Ld
z67Qzn@d3wiJL3sQvXPJ_)PsnWdf-8aa7za{tWj_xBI8|c4OU;}8c{J|8IF&>0>d^3
z^T85*{id>A%_BRy+`%0+hfDRyBPaskvXTB=eboei?uf{apr7^$NCo#a@hsbfUD$n@
z{%NfXHIE@!QA$j~n-wlaQ`G`KeLV<2JyMTc4mA^Nq<-0^(5Hea@uI%o6}B!8xAfPS
zo{e&>L6@LW00R`cleK623a9F_O?E%I9pS22s6Vu+VzT~FeW&eDyMmGM#vG?bb_gJ;
z^A%!0B?;Y0hZlM}1U)7d^;KDYgPeac#}#3Xzo(fKwmQ<T^07CYicbL3#y?_(2=<2)
zOQAxse=`TSoiTyLB=DfIy#XtV+Y^T}>`&l%&bR~g26~r!ojnWEn9t{XpjU4AVGG*W
z9y~F+!`K=uM2GRv)xkY+=4kc&nBghv|F7YxAnTJo4*aAx)_y7Q$<||NDzw;Ob~G>s
zy0MjuLs%HBO*B7mffqX14;`rX<)X^pkfKAk7EeJnJU+0?iV%Tg+zLfvzr>$FhaS!I
z&p?~_TPFI%UyNp^QO;<@A&V5X3-XEQ42Ev9Kc6^FiQUW(AIe+MJI+?UvHR)gL;j~b
zh6X(C33|<|-PkVsyK<UJR0Su&^S^f;ID`9Pf&KpV=mKhz_$v_M$O3vlA-xpH8i2Iw
zD@7lpk=MjYZ&$Djj(Z0e0vkdX=uaVg%i&+)Yf}89EIc$%J??@>BErM+LR&H4u06ys
zEx4%m5JRreOXQ$uD>I#O+mxG!_QB;7qN$4UkCwPs<f-VT<fZ62@>2AIHz`_rbTW~q
z>CI8}^eE3EaRKCYD9;@4Hgll#N>O?xmCmA7D6$zhV#%TQu(0c|JxpfwD0`(nrcGH-
zRTjFNO}SmrdJ?~8g6EMOA)n1~B-JjWv`+()@fei%xjD3`@g5SMn~&p|^9RDG1v}Om
zJFk@U72$>6oX~;VJ3OozvK1m@XG%8jIeK^&C}~GZE{{nHib||WowvjM6XCX+G5e@<
zj^6P5ea+)yl}A8$!JXm5Zawk@B)-5O=F@EN;x;{>z<M$&VX#O~rtxrF$Tlar!?$}~
zq21^>!^xr^c^K7(@0MFG0u2{s*Ee;{B|6CXqupQ?k116v?LOt$x9SfQ$$7POLr8J7
zq&((vWGyPXPd#sf{sYmtaNZX%<|L2OmLB;GRB8_^@?Xfk(q09?nmW?D5>c_I#cneX
zy<A^<DoW7Pe~LbXr8i+$j~oS{(+I8`tENTy{2hV=<ERz87G|0!#yVPz)!vmZ`!AG1
zyBE0OlEd|GBhTjfICF}`<r7dS@dd94R;RIAqdc$H#61@9z*tO#MNbp_I|brt%41H`
zXptG}CmNeN(jg|cJA!rl?O%~ffUdFxZ4p29_Eo4Pt!}DzQ$2Q+Ksa*a_Fta@dLa{t
z(z357Q_{{SaTGY+PC;-G6AM*lWR_9l_B$v`jW7EOVP$k-MX)-riJb~q9FH6Iq&vx5
z&=oR|g9Qg33pE5MD8LXbG?dks&vP@8Dxf%#uk1xigB{A}c|wii6cZcZ2osMn4#C!z
z@)irAS&TTxs|Bx?6rvOb!a6<XVg<QNAQNx${6!)93j;;f0-Am?xIcm1yMyEApUi$b
z2Q3N8v{(3NGlh55Z^;QI8b|u`8C|C$qhEsxp1Zk>`7V7Gz7yM=_M@$#wO~f<FPJB`
z7y7Mg*^|;(G(YhRf<5GT11StHE2~dLGFnolXsi$#iJ!Ojf1Xb*Mr%p|>;t1ip${&J
z4nk~O!jmPp!=RLIDxsU5&`mfAkH806YmZ7ViaaRys(1ZW?r9Tx<kz@&8j_m-gP1J7
z`9Q*tC|eG+g7i?{Q$LHavqX--4QzD~!Eol)-m?ofg!4@Z@Z=EpIycOm#_Z^nvlk?b
zz_mJ^p<G@uvK5!c7Clmz!P`x^4=3>;E@M4JY!1y#wle8uklM;_08+vS8B%33bUuT!
zR(c-;b?s5gBJ>a#;}OXsbTLp?{qQ<8%4o=p#~_=l-IVV`^|6I+dl5;gxhXrkb*EG?
zcG@&dMJG6__NbEl?liUZ^L(;}XdVBJFg!@w2zi3%QV};~Oxd16tgryeJO$&Z#@>aE
z`nA-u030hMyB{l$Ot+2Rhw`wNyodY-`=4w<Ytz%kH=x+&!vPs}({ia+buVLGOuCv>
z@)9IBP?)q4dk*V1BQV5KG=zwr@|S~`;}PBk=O_KkTj)U4`rn~k)gOj%_Co@}{+JG_
zyHmr5I;y*(=r(nu$AOlH=GbfYdS`gwSeZjXgaL?a99S6%lbIZCMkB{SXcHi(ieSh*
z8M?lPs^hRf2{@zmiwlejf4s0*IpO46=E>o2Jqx-d{f~}Ap5hlZJn`e0#IQ;^8W;?2
zngp2=RfQk5Ix<_Z1M?Bc1em+VOB}Qc20Vbf05}^7p2mbXkL43}tNRfMu^_NuFvZ>o
zrsP1Dd<!>g`m+$?WFaO|t%dP{4sQDn${c${t3^{|W&VpnS=#s!l?61VX*42H;P<i$
z`z51j@XY5o?ZFNzIb1D30wAd5{3Jv**rA(zOP~^e1pfH2)=XzK%)swX{4%R$@d^hX
zb<-_Fo9*9&3&5^DALW^?rJxf#vP1wtE@{@NHpWMw&f1QSr9*lc4{Q!9iZ(a#c+fmP
z${}r6A?4U3;;n5^o*!!Pt{FEC#tf08{qzk!O6TVoEM+ysS-+;c#9kt3aK!V$@CqT%
zBD2SN-SBKCb2EakIy}3+ARj#-2+|VI06_e0IzBT;xXY{PU-VV=7#v5q%XT0gydCqh
z7m%VoI4-pYElNB}1AH3?7Es_L<7Ki+xLM`+W5~hL1D-5EMWmz+pJEb4X2a*@1<Q$G
z6nCK5YBaDM_lBy{VxLE;jqsFL;mNk!alb|^YrDk4tbhqaXg$;e7DKDlDExaRN#{J8
zERf3h1w$VMSqwE7!T39t7X{BmH#YOii$axj(hRw1iyR-oQ3DBIfEitr2M{|UQZIUz
zDpa5z>oLL%2{(EYzZbD|B>T5Omk1tCHYegBZKyXYjRF;xTo0Lqzs(8uz9<-g24y`O
z#ni8}wlnK3E<IxephLCxBW3V8B}sk66prz#ddQ`xvtCWXFqL=@^IOL2*C5<hwxAB>
zV+91FSN;N_63Q7YQj`|sPY4n->`)KXX+3=Z;^`>Hz)sFjr#5rJEACI^eMeTw1aFNO
z{(buN_14w@4*jRNSLV?FIq$!VK6^su`#H?c(73N0Ph$R+4T8dP<OX-;8-oR=3lk_k
z!ZU1~rm{(G`ip^R_JHZKo}{Lw`3Y>bQ`wN8jJWx4A`P*;p$y)mRJ}z(c_DRqrUO@T
zZP%i;ST{h5?&1)*;EXrAA2+oNCDPWTd&s5GIt!->QtIFH2AiGiz^-K11H>5*D*Um_
z+*Swjcbu^kPAt61V>MH#Sxs^L3#{Dj$5Hb)2$E+Uz++J=V-qvFntAre<k4yOv&<A;
z4r04Fv)w(&58Ay;oy&9D{hES0rrn<~`ghtLJRfZimO=>f0Mms$yWoiDe2NX7ZwT|U
z_=kMh4?<0fpB?~7b%LfHsMgW`JDBD3R4P6#MQ1HxpNBng&zDQM9J8!#huJ~(=mE;P
zcdQDtSeO2jO_+Lpo2M_Yk8aYVjVuajvFg^cqpB>Zmu(9l&4qU^(xWv13xA6#@3*`;
znrmL+)+7C3OXetd*|zdcgbH0}Ug*VxZy>T@JSoUTHw<)<6KQqK;f9{%OiblS@JX0C
z%sG@3>K^_UxZjp?#H7=3gMN;15u)P*FA@*K&eI`tYJSuV2GM%h{F$(k#CAw09Y1Hl
z+dZ(Y6F!RRG9NLlz0*Tk>(OhGkfl|S^3YR3<P5B>;C6@{r0qqtJe*OXb19T10SI#=
zgo&4=EU(9dqZ?5Tvf>6Yc*UDFa<NFFN8g3A=zl3G%1QdcSp*8WW#Y>QN8blj?OhHt
zUm;=70!a912R-@<i|&;54fRF~&}p}2zX7Y^Z&8C2T_B^U4DP_qZo15;1zDX!COHoa
z@KWR?-lIe!%SF3Da1Zh@&vxeen~?3SUHk>Nse<5L&H{kxWD;rc8fPhhPZ)!1=IIeK
zgcDMOaS<;1Dg5Tep5_sL8VJ(O0p9UZ=kkquG=%G#$5GktN>PpSn3sAII~*~DeqoP8
zc?x|r2#~k{pRcl&PH#?UpP{k|qDRY^O}^y0Y9LY2ebU*7(1)Gp6*K39gV^8L*I;Eb
za?ZePg8gd;+ka+kRBIplXR3ca#iH|Lqg#uTPWQ@3_ex6l3e61v6J3ja1MvnkH^IaT
z^vIRWK}@M!E2i5xzg0+E3=M1TYG<L-1ZV#MVGK*L(v3%^qT7Sr1?OOPqa={uz;48d
z^<Q?QvLtE{K#yDmNhJ96V!QL8H?Tb#{--;1FD7T9rKuUY9+?ahjzO@~wia|_frviB
z<BTkz^!3Q65RPLlTz#rttgI!<&XL_0I{?<QUUmB7xqyJIq%RhHM_<$l2U$V}(ifkD
z9XS31f=%~FN?4CFZfBol7m-RFu+}3HhR&jVaC03kCFO%)38k5S<;>TlnpgTaafD$7
zQR!VxXqvLUE?~&^;VYd(s>&K^=*U*q_;xy*YieoH{DRp;W$#wm3i|$Z_BPzfdi)i}
zJA6b70RlonpQ)SO%HIq2Z=KIEFbtJ4z&mWnIQa@?rJF;{Ziw^B-wS<!p%Ei4M$i{n
zaslGQL>!?+cRW@DA3wia_*+-77sI?MVYTIrF~>NJ7@`*NC=Bhv0LCC%V!~&Ru(RMu
z&JLBXuz*ws+_Q0)8sI(!7e<~M{Ed?xyqRb^;N+U1F%_Dx|B*tIz?~CAB>sf`0j?i=
zxMhL^E;r%H6oeCr<5%#4p!E_12VKfR7z`E|@Zu|3V7g?x@I473H$g0D%!?3cYZ}m|
zX4PORKrjjV`p_Q?L2qmg^I(vQKPDP)Id7EVqL&XrvUy_px4{9a_|fcWddd%l&ZY+T
zQUfj4Hp&@rL(CJYf^S2+pn~uwH;SHP(XCo|izo3CM$%9RY<2{vh;&EE&glDy$`IM|
zsUHcql?Y8$xc$?VkQ#A^vxLDxIQJKN!x5J?=Vb_D6gTi`PS#W=J0@PlX4QG)+@YW0
z)ixbMPbD5mDQQF+oR*mQtJquXc{8858Tv{FHeGqX$n1@k!2wFV^9P%`<t{veM<Y6q
zdUyd$A<z{wd6M^e951t?A{rM1)F+@1L~p$lt5r^}^`PV=UTV9(hVwlz|6*q@RBGPo
zZ61xsvCH7Ry>YHfLwIdYAUuSLqV;JN92CyFV%zi#tnu~lC2QVmAL0C!>kfz(QO$a+
zIt4cWT_Rl55eU^RpZjqtYW_75E+@h%SUwD%(3ZdQ9~B2LlfB=s@hTUTpJ^Z-ym2I6
zrc+aqi+7=oq_4b!v4|)B9O(lq=v$|OHfRotcUFxkb!JNTg{TYXiq%&=!XwA}QceRH
z^F@Awq_lT+2BP;y0sbVLlTEfko?=w9PAnohA<%1px9M#~Z29eoZ6_gmrXU=i+6eYz
zLL7vWh(i_&)T#;QW{8IvXnjG5*BuBsLM_aKX=ybenhC*$3TQ@+;6%2DhcmLpu0dzk
z$(7PJc@4mOVxNuf9Euad&FLIGU_Y6n)*i>*h+@|Wku%l+<i&?$5r&&p+@Br7sD7~s
zgb|`@45LQXm||A`Wx8?!`nIK`GAgjGq-Q;**h_M<fOfRo<Wq=e67b+XEz0iP))n;_
zKITK%&Kv=85)z3g&|jSMQN8%e1`JC+E?DC+Rcy{W^IN`;CwQA!G3EyE!yUs|;4&sD
ze<desE|k5};15(o_hAn_H}omGbNd{QB!@2sz#&fK1UI*}Z=(U5uJ<?|oc(!T0d~{w
z#c~qopYySyhIdARKOC(><!Z`wl2B?-A(xQSg`floES`x>*CLK*G9}ZCDDsT-c}UAv
zWokaPBC%Tt@Ck@)`?`_@><h?_mwp9(&Dy)ZErGqDFU!ruvYI_UySLl`EQz?1C!7zb
zD}MIsI&#jDZ~`W0SOJ*;({+&x^lfV%sD|aae5EL7z12SNZy0!j>GOiJ-m$uFT7Z~%
z)PoCWj1AN4Ww-1__u%OvSub<!0mo?}pb`+XehY!{_#Fj|DHTo@8rVPLLKRNm@#LCO
z<+Gw|(da5aR8?eFm&7KOBswd6#wIxn(PEqkojQl}gpk9p?1y7`1U2>wk>EnQg$C6@
z*?i23*c)o!MmDa8u=He96@@uy*0Fxga32mrYrzhZ)!2b4m(2dC<y)wuQK(xx#?Lne
z^Q<4Au;I8RWmg8|)S-H}1jIfA<WV*k^%N2-ul?GDuuf97BUBL8&sn7K;q(v83Heqx
z7_Xeiz@X?072sq)1c&9XebUN?@a?{w&|Y=lwm)!vKE4=)ur0ixI~FFN$9;SWz7+n3
z_&vC9h(93TKa=lY$@g#h?VLX;VcQ{J97E}yg}<^G{m302Q{*zcgP|`{2U8sVV7&nH
zFGc^CH3Gy?&TK{v7GST`tn}kmVavM1G;z=$PyD`NUS3$ctp*~7L<;DKFvZ}2vP6w6
zIr>tr?3lx!M;u@dcoE;t8-04z1O^hT{ZKsI7(Wx%Vdx4yqSUyf!1z%i`^D4Z(1C6n
zut2i<Qogp#<fhDZ{^kZB))=sKW=`_q4YGRVbSy(j*(F2EUpKbS%Q3cdZK(%ANbD62
zcg;;6W3pe5Ze;Gw#pQeF=NNla;Kr8lKV6|4*;WG^?R`OhOz4Vr0M!!X1T|(`m-w5i
z<#anvc4qWHaDL3v1H*)^=I}Yv`XIh#lZVWhllfRnX>&t?aeIMrOJT56_@8J3SG@Sr
zfYR06r<Sm?G2B$Z_fGy68LU#?^Lbd59{C;9oPt&H&4#rQm(f)F4-Ia|x(pjl=H#Nb
z`lr8_a~)NlP7D3tG|@`%!U}Bpej@F?&@V45gU>h6^`67X!?JB0PnX8iw0xB42pYf#
z=GA^BQUkhZ!m6~a_be_-tw@&=&yB!ik3vtu%K%rhE2sk?w--f|!2-ms9l?dsV%~)l
z)}bFL#g-_0C%-=f-S8bAchGH~l=vKj4pHtQ^(s676x>T2iEzuS$y!I{FW^DEH-V2<
zR8?TV00pvf=2d<>#(PSBoX>t6TtW1Dw2K2^K-+h)+n{y1G%*S`P*i)7pEg6PDZ?|i
z!1V05C>|gae%{6X<f258iANt=tU+YtQXd}zo5yy`;i8YpMOl4Qr5KKV4GWy=ZXp{i
zA*wh~aq@!4!bt#iYA;N4a5YEdI|>}@x7VfGz-L7X$~OE7#37hV!Mot2-hwD1)95DV
zB}47b05=dO_6IG(jKsBkP5}VaPDiZ2W;c_RvQm3*>petgju~oiMGp7(y=6Nx?ccpz
z4m09a9xC2n=<OKHtG(WT7aI$%LZ4OE9_Fd>#cw7%)WH;1(2$WYr(?;=ZQs(P;%pkx
zVmwnjUKvaHh=P4;gPkv!+6}))PYf5n6}MKua*kV2U3%%>*`7HCc)1!7C`^3lWc?CM
z8I6vyKY&E}{&`!B{fUiE`Qps-|B~|gPojK<Q+}P43xj?4Crl?djs;Z*=d*IlC1&eE
z?o6a;MVSE8RKah+FuWxX?B}$@_ARa0rnF)knThS(3~X1Yuzj-~_!7@$oj;ZM06x9V
ziDPpL50p&68<){>t|d=jA3_sG7ntJ;qdR1n3JpP#U*0arK6fHtOxg|cnnC{zDd0Hk
z5SgZYURJMquG()xgJ`R*yJ@QT@_n}Gy~d`*V}d^Mj^n1TC`(Q<8ZpWjn3FLb3V9O4
z<tX<V7*;^{pws(h{k*EMylLKt=1E2q5AG?dn6-xT!;8H+!3ud|u6(gCm~Slhu~EBQ
z(BG>u9-nAd58{J`p_1~&LxWyp@lY0TL~$LW79PuAK_>-(dO?CoBoz2x=rYig(G=Q7
z@a_N~6I!nT{*;QJQ}K;(AM8>Gzm*s4B9i$EVFF%ni?{uV13Q&HP#oBYDBxj0+Iu_o
z-R;-^i2d)F`V-6Q5z^J}^KxK&(eJ}$S;Sw1{s#ROm=VdT8H)AI;V6p#x*@>MQ)E3f
z1P%@nV@v_#))UuGRy~V(a3PdI7rcKkeR4k|zbEqHvbIRPsz=@gJ&C1?9g6g*T`;g?
zHO#vnq%?Kz7u$@SX`t&CftGduATW&wBe526I`YOL&m8G5ULyzf)r?ua0fJq}nhNL@
z^dLlj2o%l1oYkP6i(r^eJcB?TW|PNw2(K@t-tNH$6<BQyeXQUUotYctwiO;i2nNjS
zaFkGwa7e<*>w?gSH1SWG*`@KA&TTu)JG@*2z6;^6ysUjL0C6s6!Rn-c-Pqoc7@k3^
zMia55P#paX%Nc0FhI=VW$Zr6}tY#mNu*I>#5|@HEyr1kZprKS2ZPp{5fVUPMl`4uo
z;-||D4spb}`gv4#G9|v3VANyH0y+xR0VBmTnWbJ-z2;Bk0s&^0qOEhCYOz*De+A)2
z>qVWRPG#7)SV>9OZl+y1Z<&m7P5?z@5IcId3_Q1`*gOmE68^wQB{0JODGS8$4_KWZ
ziLevU4<78>P(|`+B^n^X#{=iUh<1pHE_<k0N>GO<-}T5?)T_pvxX7-=oi!is%Kj(r
zObl0jG;ALZ*8*7DP-CwmxmK6~trQvXbQB~qk~)$%8jrY1%ihiY1=YXzS6rL)Ra!-<
z9zBTW>#Iidu=sKw7GKU&0o)<$has2H&j@tQ1>ms@vp5OEAuT*V!5;NzDuA{drKQ6#
zXu5Y&2HZ{u9Dy1fAeI|o@=Czkli4`-c0JMn9vB5jM@n8A`HmFwk__a0M@$OwP5{_*
zDPb_0D~x9F_GzlR4Jjzzg2gCbn_vNqip-^W+5#9%fLFJ$3=>Riq-Y*7OVj`X*WdAo
zT+N|t5KGh?Iu*MOa-^QWPXI~i>o-a}zfBQbm_blqpVy`^MQ{ROMz@1B^c<hW<Iqgk
zA|vqzFhD7LoQ{?R9cxf28im-LUE2%I!o4t`=u_{Y_oOD<Y^m4EK@Iyu#0+!~Tj1>Z
ze&pAkbVzOY;rA`#IqdT^Vf6dwAO$5lJ@OPmagZn8#Q{h)#Q>1K45i?KPGEyP2?eKM
z{k2ROhgB#)8hs4|zP%Let`$f9h<I=N8`PDk$$)iSgcV&$Ag+ORMCYSWBw)`Z0}x88
zS+d{=rCBBD2`Mfw=Ri!4L1U}%v*j`%Q+`%*AUG`rM5KOAF<KEC%{7S(n@QXAOW-_(
zk}*%FJ)ex4_L;E5IC0oE`_<vZOF*;wEQ*Hf6RLk$vxo+dq2mqCksF<0hg~ATiaZ8|
z_pftwE2a@QG<GQEIzVhD-jPN3E?R(Tdw>NVzR76RBfnujjdy?FoorLJk$~7)&w3qV
z&{tjRlJ{xj=|}!r3bq!1f*Sg&u1-9%EWcWnuj-0lWl=Dpy)}oX1V6zGkJNerHUH)o
zv<l1f4b~bQQa}eY4qA_MmjafNB3J{0C`t2bO@WCyj7G1Z34_rT@OS{%Ze~N{<W^Se
zK{jOAQwW(lzdb(wa6<r5@<NL{M5xRMU%^EX)iLl5W1H2}uGgrO7sP)yT3-bK=N^t+
zj>1?M3}B@-EXOYwycgcQ5U$=?D00SA^)#$IO~3Ww))Q2`eh1=x4;{>0EM`jFv#+}L
zC`YfwZ}5Hk$Hb%RStNw(aOXU@TtwT!CL~b&{&S$X$Y*RqKrkd0kTU}VFN9Mm+rd}1
zKeQ>jJ#?};9`pS9$78Jag-*i>-vbLemVY@n=Xo3qZo%_ZoCUgp)`R)97tvh<PY>+m
z4_NR-R|{SO*=9Wr@iDZ(b1!mo3>EoyQ%vd#%fAVB=i)3GtA+~7cHjtdKLiE%<$=)9
zr+rwCI+_z4XUr=GWEX1>`X%1^i9s`1Dm@S=3ykeRn2v=R@AXMycNn1ru?E=ODu3dS
z*2B=HR7z}P!BQF$`ubzIVk#w7Fx7kr{?u8&!%D6>rO@~waRPVRE)$Ed@LL1HCnEEH
z<sSr3=RRE7yxr*JD)xd{tgccX+}#>4K|;=|of6Ah3^rQg_hq{hze~->fV|CVDn#aC
z=lQW|=%-~n(9%L_Dc0<Y`NKdWvnANK(pPP7Td1$^sGinZuoY9eMRW%a_;`Seh+m)t
zp8QHpiA5;EUmAFUY-$16S+o1&nRwuGq`wDZjI1K8%wxY6|0%+I0am_WzmE?l@aeK1
z_9g624$%*`Dx!L1D04x$e<oq9fiWAz3+PtRwH)F@6!GpP-nOU>ab1WnzMO=+%X=(9
zA~pQDt^M$fkdV!zASiHf^9A+HZBV%>Z|=4>It9N)L3>o?Oe&iEvwm#yqI)2n?&uUG
zeHE&d?T{s2xL?`D5k^y0Zj>tez3%~zLX~Pg?9-6U>c6S^Mg^i(2&4q@-8kGbP8kH#
zagvmLcWg=kg3F8j%XSf93IPT^D(eN!!D_KD#OvXfj@SyE<i{^#)V{3YWMu6}cR}n3
zd5lSZJWN-OA9B&7+u%{0_m4JJ7egJ`5REp6HdNJqE6(OA(urX~WF42dFb=x0GD4ME
z+px?{^8084>k%*}!FRajs=Hnbw~WwZdx03gG8EhpZaFQq2EXV~<_rBX?gKE67@rLc
zV$DxLLY(jff7+;Nqc)WKMrcQrJU>79R47c-`4B?_CmMPr$i<+5ddL*7P!(=#Z<Kz_
zNdI!Qj`LDIGDew~^>7np1(`jEt2wC{zh8xwK`w4qfH`waarw(w)_mD<1*(DLic<~F
zZ0q}HNL!<YK+JL?{Y_uYo9LJ*#!H}svR$qHzf~U-RDWL#e_jQXw?4ATi@&+i6YAHz
z$rtKlF6MGwC+G;Plu!*-CqHJQ-_2)g)O@^o6V})MM6Riw7gE~!sRS7^r@(U;*O9Fy
zV9Vx-pB2}<5YX0Mk1t41nN#pw$B?WebeAfVmDa6OM#ZKqrw!zW8{AGgrtj*IdhKRf
zr;MP+oFa(N{xirZ{?-krVqpX#HDG*2tb-3ftVPHo$`wzu2ztjj|BMs|b5TI!;%XcB
zCzPJgV>{((T74<|3LpP~VPKf8z{Pw>x&|j;R`hf<_JDL?yl~0bTXCu${Sx#Nr`KF?
zsvda&h~TJWQ(V>^fTY=`T>8~azX!T&CHAHlZ$TCqXbLshJisF@fx^0NRxzuKd0@Q^
zwqR5j*-Jo2Uo}drxK)qvpjO3g>etjNX6aGBmCwG)0Z4p;@e_zVFl0Q_D)zw0tPD-V
zGpptpEN|l7OaXr%T0p02KTZN9KA>7w;gE&>B+%5Mw*m!wjkOVzGz>=FU_@z~vHu1j
zWY}-wYF*IBk?I7Dz<3GO`s*P!@y!f7)8gY3%cK%OgY2FVBDxd|PP3m@_h_$XKZ1Mf
zb3dAlaX0aTwFkF&$_~OQ;PwR3OEBAtbxj?qK|2om4<S~lj@Ya%sNI;S@r6E*qV?8t
zVgriRt67H;Y`Yx(5-8ff4^+h$d>V@J1((JcUlf9^B8;Ov?69DJdQhBSB!j6}22;Kg
zC;dtqSk``0mgmLkY^Gs?BE#ihRYamke+j<LA5r?&x!^W@hu4kQ1}(%k|Ibi@m5H7r
zSr|qM#O_Qvf^{%E>(|J@j+>N2&O1?^2DBU5Rz9{5Wek#6YOSH%DKqj=&qWf1nH=TW
zHnwZKiIy=8P@`Gmoz(2Yop?1f_8IvJEaqZ#nVR!ULwH?x^)XZI$PZ8&yDgUtc2o>D
zYNdfjZDGKs2UYzUO2Piy(DF*3{u9J^_1W<z-p5+D!+EF6SUl>^cPowbUk@YUMrjFF
z#;|7(YhA;$AL19d?gSxJoyOG&_>?JS&6(@n>6g14ulyzBU-iiTNVOiCihke1%2t1L
z7#;LVz$ShvW(jC0A|SBoR57Xkc=jZ<z=HS?vm}J^FJT4dGsMIQ)Wz#yRtKx`a3&^$
zn%jB^wZYuI5PHez^RQ=k=W(P1D4}H(FToj(TOp<}wuB3y6gJxrt!~^c?`yMGqJ6;M
zA4nRh?1M;y6})^){ltkACUbp~d-gcbFOMH`1^&;cz!KFw=Ly_ePoKiozp(7rl0`Ib
z6dEcSP8thNWOo;q$rFF)4%4#^ew1531)C^b&)?-*o)vGX^=k&vI4#AlEzvoLrGOrN
z5m=iyVGrtI++dBj_GOO`t(pY-f)XzBQu8`4D|b&^>DUY26QV~<!sASg)d3xFegZ4B
zR*zJTUfg;Ly@LU|AoMz-B<m0y0Nrhn&)egCAbiB%90^#@f?oJW|2H!2VDD}X_EkKs
z;CH9s?<9Zw(P`SiVpnWU7UBs2OgxF_w;*Re_DQ+>PIb118{!_^HpCC-^ZR-ERzI`R
zRr1x(Y#hgXo_3Px-P+L`wikqXjQ5H28eeQ)F2{)01OS-f2j7J{ttSAD&ca{6;K78H
zk9?M8%TNZN2|36}Nnig7vha{;d-FXSo;r&@U>pw9L5J!zI&2oFudoME-Wbe7tZ+PD
zCJ4bCvztnDdV4p9eGDrN)~me3q6JL>$F5;E9n@n){r#)Qu^k*bxj>Z*eYS@#%f4FW
z^M{jD@{yAm5Yt);hC;%i3mK$_q18~06#;ZR@`<tRW|U>gXA830m5*~C5v@TV8^k`A
z8@z5oDa>-N-|0Kpsl$vB2ad!qVM>UUr_Sj=e1`(gNx(!xU)A2>-u*nD5J;pKi=M+v
z3)oW)c<UYOxXlJw2kjDt77x3x%kXa^5Bbp;2+z-v5!InVAJwqoeV}WUQsX+WQOyvv
z1R(}4{aJn%QR3jvuAr_^jKL|(kk^>QhkK3vu#P%_t-0N?H){%l00B(=E!7_McVP1q
z+m|bZdCa+Bge7S{Fz~W;JZN#8$<n8)PiU{;fjOv=2q|g9NlraSei`rr#}!WrUsCY=
z87|Vv@P{ZW!25`3%wS{~0LYwbaX^l;-1ukYRTYZ3or=zS%EUDQPvZBnV$sRC+ptyB
zG`>@&nR_@LU{lflSjNLZ)$?&g?B;T&V$q>o+Kc-6y{?$wFAd`Nqow@r5&)#JyoC2r
zAHK~fOU)Q_%;ki?(QuhDqH^tsjqH5%yeNzGr6(cQ=__EbuM=R&57Y_`o#A7Y@72|p
zUeXQsf~oc}U(Yi?KhBF0C35po`IchWu9&+=Y@~Kdc=vv*;6xeidgI=R77$US0}z>l
z)ZwQdqVt$iDq$4_YMca^<%Ew_<%V}3F<+8~zu{^yL>%UFGG+XI<3~Ao$YOq{<_0_{
zu@+OVBgX4^`ToHtjYnBQAvI$JR#J$K9dlF>H<WB*LS$t4h>}}u<Yg(*-2E)@DLLvJ
zUetE?zyY13j|MAOP%Gh<qk80@0KhEdz6Wp}&iB|!XtW?tUsd;bcbrdpyY}cd=yrjw
zue!Uw8-AH%yE8A0Q91gm7p~X2cjZh=SKYn4E0h>55@z`=aZ}&z=5o<!#gbTcOSt9w
z1!rR%c(V@{kwH;*mduy{$gjOzfFs$eg3*N6bU>E9F!$6~t-2n_O+k*~zprB?q!N~U
zx2wLds9qt%o8E^!(*^95D;v@`baQPV&ej-WS!`2Hs!f-m{SeWRv8*6w85UGIb_l&2
zi*Dhge|9zmF!QBU#cDAMM?XRv)DIk)%S9*~UhGau$EtrgoTp0kr5_>O6p@#0Q;}!P
z3#N_b9(;??^}C-1NEtc|M7eA)?z8-XzAAE#u(}gWAV~Sv<vijv9<Wv6Z^tiwKYlO#
zk#){PkX?+3&E+Iw7RLf!@G_ymWk?22yz7LKL~LZv$u#i+$7h(h8`bp4Bp_ZRC^dlN
zcLfgp7;;V`7{6;`iqY;}QEe3j3gxuRU(g>-u6YW41v{+yBi-fJ(bfyVV-`M2uB<0<
zZ)_C)*O^fgw*CNW^3!NWlx`t0NUg6(w=Wla*CX$MV)$8h^_=jtv>UgnT)_rMwQUta
zlV6W`Rt)*2n)MW<EA$N2?JJ=5E`D5o8F*|LpjDQ%f<OJ^*kF#GfC+@xksZ8<X$l;l
zC=&th8C={?u4HerN8`@y7`wwA-s{Fgj?&x1jc$7YW^@j-$_~q=Er}kfOkurT9Om4F
z^cVato=p28=N-my!9EXIS{c^wyM-+A=Zt@Xl_s+nVK83huNJr5MY?xJOBC}i)u8Zl
zwj^of*gb&6>h{Z23%)|O<K|7bC}^~`2ggfHG1u5wk8a4FZL&+Os-c50qO>)81ajhW
z8sLEkkvtD<q})zKqmWgXvww|d#J3XeWy19UoN@4*UG^~4|K<aGEpRn=n29x%oS@Ho
z2ec6@J<khAe{8TKSo?~#kMwNafDZf&#FT%jJVI~L8#8w6Wz@2_0-yTTamT-mXd%D{
z&#+PAa4tJS)IjT|UqEzZjlh)D;X#iq1p@0*#YYJ*+~idij*^cc_^^KnAZOV0a>pKh
zK8>K72)Zf+|EO!zkS?bI!8t_0BR*h(zR-H`>kRUgt+k!i8m!;&(n`J;Ykysc+Iz6$
zgxct@_`T`O+ApKPdQjE=QQO-6S^H0{{UrCR($eE7R@vh4!iHME!pc>;H4BL`pfH}$
z7Gni5PAA6k#3;Y#W>)%u0~m|(s~A8!7BGTzIN+4awEF-WMR{nvQpp;=2M3Qr7!Vrw
zF5RSA3}R_64p6^q?iZ>2m>2Nr7)OL${JjUbcnv_n3!z|Ahd_jF`SiEwG-ELNf(>;3
ziHH+#l^~0NMAU+K7;6D(I`@#y<%-UkZRsp0odu*b9Y87hwGfqA`4zBXWl1%)JLqKF
z8Yk&uYdtf`@wL^~p8KR(f99pNSu07-LvqcqPDRd%2P?&*y=YlBm5wPYvonq2B_Ocw
zR8%IlrSd$f{Hi;s)RBtnAS2j8Jmv@*h4c{$^4d&{HxT2Q3Zokr`yF)hlt@(VwkCCH
zX6-(#{aH*}-H40*G+aSS9nk|B>i8Cxh~MuP$VYf-mCt%|ZXqbM-v*GwsWm#Y_Bz&%
zs@m7Jt^F!%|CY6Xs%m3+*Q`#NweMo>(W<tuZS8khdnRjN1)%Se+8JL7Z_>?w_hm-Q
zP9b*tUTN7TURt~PN5tNh*pI+g&@!ogYi8{|D6oE~YDaLf--g#{NB(K;J$6tqiNiQ8
z6VuO#X{y3BjF{$OoB&OMJhVT9<Jp8fS3wpK@^R2~d?229&?9-UzNUbOl1%rfVXTy+
zD(y1cH1lgV^9<}k+3XT+4P1QsnZH&i<I#Nf-mwTA(s)0DJz2jc!UijhOKV4P<cPk;
zX?{mPh-}h9<ayLUh74FMz!3V9L>u-`GEMUy;=NqqJrfuEA`bD=Eu7AW&H-lbf2s{{
z&tqgu^Hxn9T@{Xh+>@$qV%TZR+ezf@bn;fHc<axM4is&!${5RxugJy$Wk)lav4<HS
zstm{)zb6gqm}&}_=plH`qUyg#96hqvSnp@*awTe8KLT$M-$-6s`&Eo2>Ja7Givi@=
zltkngK_B)EWGYG66`AGY1?ezoI709maAh>vLkXq)ic7K8W~><ksKm|`8PuowNd1|r
zehVzusejuMdoNRJ=;C6aGjh?7OP!x$00GU-t#vYJraQx2K(*4OIs=N<y{xC^7(?y5
zkSI&q3vt=NAEvQq@s5L*J&kv6-d%+|Fb(?ny+90DWji1oF0c!aibJX)-Kt4nWLQcu
zYFi&K6E&>krBw}&Pz{|Bo!Z|V08{Obtxp4nRqV&$P(g%TDp9TBYcVjO4ux(xp#Bj!
ztXDuGZKNxhGeeQCY)g74N#BPU(_RE1r-mbzg-3AQg;fWts(GoZII`f3$DgqJrK~<2
zfMBZ`8TK*`5bd_Yi#egR;$7v5DOaZzxvCX&4b_Uz;JB;~pqOq2UtwXbTq*)w#7nCH
z13+tS%?BH+0L1mrRwHcFLqJ0r51+rX4FEd^rXtHNpJ&kf5$T<y=y}`HyOi`MlU_AZ
zC}PT4EXhPsLKOS&7M8d1(#rA_qUcE!x!GJ?kcr|GbY<&Vh2rkEC}t7G4lHik^#D@d
zS+O$Ci{C-5^w>|g`hieqs|ljDmlNN$3g3{n_-cr63Gi8u67olYjNi+=qkxk$Y<4A#
zSOWUKP&eL*aJK3aPY`M-WMqGVAP4eS>y=mwmvwEtR*z41cGM$HkpF`2e8t|avJLSM
zwc1$6g~88LJGCx-DSzUp^^AhEQ}@oVX&OX^lM`|#z$sWS1)*oLei)y8h7*Hs+Y8N{
z#8>2Tzv2>a_)rH<^AF`Z)BI4U@FA?ogy{3}7#H7YI)nG}$^uV(Ch)ZGKLay$X9WeR
zT?s%gRzCSOuA9KO?2z@w6IPfsp3a1RcQKLS1*C9X@h5;Ru{MReg{fy%8Gm42A@{_G
zmN=|;RaE}Q*%O+yD3#xAL&E$`WI1ofXQIa9<zOT6cNtfG@lIW=9_o?R5HiQ;g>Xc8
zF9qJkFbjA1QL#~APmgNwpm-WP`WYndtTql%ArF84g}8v|Ej@ZODiHup`XQD!eP*S<
zxw219sNB588~sd=TnHbFhkJCX^j~;BQjh4!O5x;tD4c3tv>MQ_<S(CbZ?>>`vn!;k
zU54K})T0AXExftE%!w6@9+^oCm;iPv3ouE>yGg)Co*CeYup+<|#rgDh8PDr_<Y$i!
zuhP(g=O8qA`MtkY*FUK99bEhkm?hvl`ZtKjevXY3Y<$$ohZ>;aw*1d>6Ge}_0T^<E
zTIxwfVBCr__}6FzWkP*}GZd-CSnk9FYA)$JOT#xhJPcGk_<^m6Fqgny0aJpFJXtWt
zRhE+HZ-mI4`}Y8Yd;Ho?uq%u+RFQfR^c-UNGcjO0>?<YYfbqF8(Je|1o@9<<gcd!S
z_BX0f9wKEG168P_7cpp~X#qUK-_39}aTcK&mwAl0)Jl(fK7#tyU})UVVx?Cp56B76
z4Z@t(GbP3(55Z!}<uk9vdb(OAG#8d&r^tCwDs|p{H2OdGc%Oh)<q_|VRPO~isPTy*
z`z<2u5wc`H=TjL;C|oDFp_Q`t-EDy*Y7563IzNfI-ohd+h7)J`b!KjCGS5<BqlL3G
zHcAC9R`+`#sa$iS*BIw%?a$^!7`Yw^kqe58=LMv5+<+Y8?L-cagm<Kru%mW~JM?AK
zC{FkQs~H`Q?Z!mS*kbQw_r!kAGwhz+%Q+XD#Sn}AEd@sjkC0ILb5;~n!vRustOyrL
zvey5gDC%f1{Rs^mhfUeYK4>KJfviX<y!3>mt@qa{IAc_yqlcGBL<HZ1{;qs>u^t(n
zlJS?SyZ;<$1LiFrD)%(-Km+<C=Mv%!z7&=(^VkPqQ&RsLHW04@e3cDk@0ia9Qj_qT
z7pTIxyRYN4u4Lf_HXlng+1CPvb|<<?uYc_T!th84-|ubjB1s5xi~TUI_s#;lnx+bY
zZ5Ts9b|f!;-)Ijqp=`JvdpWBR={S!)9+jYCZXsDA#0RttX;>wGyH2M5_pfwv*?~t4
zqF|pv7Lgg1gX{;1jFP~vk^F!$0lo#bV=VDgWZL{Ox;i{`M5yIY3FdT1j*=4e<Lo|K
zJ(+eoaQUB|`vy@_u#oS14tC|R@d4FJu!itmo{q*8oJE?T#A%J^Ru~4GMyoGzu`UVU
zyA%odC<^g;XSWPH$t-%E$?8E6eRtq+*7wx->v;G3AHk4+RRg}>S}d}g2{Aj}<BvbX
z>L5>DN!p2(;z38LkTd)wo(F;6R&EEBwTD_B9N=<fGk!c1g@CDN{buVXj{Ps5jy$dP
z{Ou{N=MV4<E>5NTf+bzF0D2jI{{_3;p^sB15nfRTKzr2zn+gjkt6yO!mD{JNn`i<p
z?&Vq%@t%~}h%{_mv)19;abN29UE*Yk8{sMc10xyEykN142gdP7b~}b|_v8jU!*57g
z$Zn`}{#|B#7~bd^&Ih&U7S!6jhC68kcum-SH{#ydZM<qS2ubcn9h^5bKH+c1hmM#b
zk8v$misUJ}@sJ<RCcwjV0khy$OZL2Z1Rh!0SC4xf-8(+KXTSPg3@R79$Cgi3LE{r|
zr1(kp8G}l7bwt2_$v$;i>H4hn=B)H&Nw?zjR<_0Ww=DQaveMUNrT?6j-kOzOn3W!x
zl@4a5XJ)12S?Q;<(k)r(C$iF!tn`bLZf*bbS?Oo8(w;2&?9amY)2y^R3tr1gAIX9*
z%qriVRlYAP{bpABtE{w@mEM_^ekdzFPSUONSd>-%YF0Xsm7bH8-kz0yJS)8{EB$d+
zx*$s)HCg5Nwn<MkKB0>%Ft7EZzcKQ76TJezEbufg_)UABv}vmHe1@)sAD+U(s%C_1
z_-!(J!_T|T`Aq<q(uHy<bi*^Om;eg$>u?JJB18SWlBTLL0Rb6XDwlCSxlAaKi(f-M
zBNsm*SN9ar74MdduSPB-H3B*71@vu3)gt^TKvUHq4P#eR)zF$3c&X4zaTc>G5WtR<
z#rd$aMbvWjb=Pk45CKCE>lPy5*5Kh}@S~<mX{hl=TpC)b8d@n0MYR0m8aCj^PvF}K
zNAUd}4KA?rG5RL^+}uXK$v%^_(l2JEpU+CG{sUU_FWE=gS1JvC;dObF%uvC2s4U?%
zFLUFao*O-`1FoF%cjw~F#kHviIySJ*#5Eem2;-CZ;~0tXFgL=F)V>UJtY^UTwzRjd
zt4sE|z70R1cWp*--T!Vn*=JfCe91n8+S(`RlTV6{*Z<r9U>q9%{?)(nv**set-o*9
zY~Rh(XU_3Woj-NP%&9+|Io)^T?76<+%`@itX3q)Em_5sP+w|Z-4zcb0t7!<Nb2IN#
znKh}Ke{rqNsGoVC0;i#V*S~N^ecrpWfR|*Yvy;(``n<<HsLj9HHmTOcQoug!)O8^{
z_16mVfB$ak4`<H}PM>xPRaZ58*1XwJ?TlG-Lcz0Uhl05Hpy9dGr_Go<{RV&y^pWGs
zL$iEm+&c9~(|xmNPP<|DtQ%+CbcQcD+ZUQMZEA43PvwN>PNiMICi=|NN-i07MPHxR
zr{BCj^MInH&pf2A?lbRNpVqn0yv`b~)8}ckwX-hJ&YGp2b(?n9ty;g%{d|{CpBJ1u
zH|U@oIB;O+en4_VXZ-n4kGBe`TyD5|_KX{*Ygd;I=rc{bb{Og1p!xcMYp~!{(fUm5
ztoei=T)+pw0b0g(4LmWRo$UObQXJ4S{|b@r*AG1P>*uSQI_r#}@5ULkrun8#zj114
zW{N?l&AwCn%scfIf_B!V!l=1((Oag4=FXUPlW)P?89`oW--!M*-8XgNgt6nZW!706
zsHB*tdFAYo@8+rVr=uqZ+1JuFrcYBS6g{#xZszo<^QQaeLQC^z-<qipFi|pn;7tR4
zr?%DJslM5Bg;AA%>-1S6MV<u?u#?djD(KfwgHng3SrA1-9x$C-XUv<2#!>0Ms|U<p
zGyp1AHDO?^bII&1nW=j7=1jj~#*H(kLphrEquv2+dat&BKW-;48|MGdw2?)>Jszh4
z=34w+oB`Vx_eW1|+m;lcUm#zbrQNFCrYRYnmD0MCgmtOA>~dP`cl{fIr8>8k3s2?O
z`e>*9%g+T`g?7Gnu6CX_Oe@z0Yo%I0?JVsa+?8m3wX^X#6ZgChcJSrEi?zj9kd;oA
zD%`_?eF$(5)%pYP>4Iwz=0gLuGuo+lvev7e+|#r&?Syvob>!x?Taw};b?ue`b!x`_
zX<BEbx}<YXN#C8O9fy0L)=BG)>xp=9i@17f-SO>_dxiTXx$lVYLam2(yrlA-@~&Dj
z?ux!kRVYi13;*iM@rJYMe^vgU<P*0We_S-<;#Ue6Pa-gU?1Vq|$y7eC`S`=mjr?Kn
z3DWyt|7F(4wqYB5|4#ky1BN_cBQ;GMb8@-ICOWjLL3<i>s6odXbgw~|n&|EXTvPOM
z<Ws}>P3TpFt!f(1J;OdU&4<5J@OLWyPQzac-k)(#`hD=n>;L@yj|^x7-{-%4^vEt+
zSA2V6=luTff4*N_1z7*;hQI7jcgg9F-q!;?uP1sP?~g~X>kg0K9bWe&d>5mqos27?
z^QFf3g{!ybL$B@qJ$&+k<NL#PD*VW4`19j0_02ne`Z(8A`n#|B0{wmAIvpeU84?@x
zLuAkwV>(Cjv+ya!7|m<j&)H7;oUHso(Bt=q>+9tA_sQ43N`7CTeC=RzFruG>$%Dyr
z<(qf^y-&V&Ao+cL@)3;<m6(jz|Ll{m?N5GRpM33$<oET-*FI0S{~0DF!w~WQd!Nsf
z`Pyg6_CLd<<X_`qT%Gy(47m0s+y4xcl1ymcSETC?Pv0q+eZZASw*MI>C9Sy5&#K#6
zqV5vFwKv)RXPA^^*GQ!=I0o}x;IfnLe}+j(s_rl?a7^viGTzz1WhLAH43m;f_z@Y{
zDl_gCj0If(NVfkOCMCnPDyP=SV`^v8A#}d>X|ny#FezyZ-!?U>4faog>yu>rpJ7tc
zw)U~9>NLJjfa~LA`=4P_GE5uoK#xh+Iu;{yJ_fEm$@V|Pq@=ap53+Dwm`-0LcYA>A
zqh$M^VN%kHtNpvNX^bBM*TwjJnB@0=`pMUJCoj=1#rJ>y$=Akde^35BIS$wV^pme$
zhR@~r`yk0X_079uQ>om4b<Nk_PkvvYeC=<^@9UGVjmKw#eDm%<`Q&TwCBLsvzV>eN
z`}*W-JCpzFGx0mh+N+bVy_5XDKKa`J*WTB_S5cjLpAb+>P-6Y8f{uy=6=Hx8a0I;p
z0s%r2LQqt6a!GFBN^<Wd_XdbXja4i4GvXIow5gx8RZIQYx~*>0R$F&#TXfysc3*${
zrd_-3+jV!@eRa2em)+U_^PF>L=G-$0Y0Gwhzuk9Ep4>D4=Q;oLIcLtyz4Odv2!HO=
z|KBx~i9hqhaJjJ;;$w@IiFf@Y70Se)`bR31iFbTEtQS`x5Kf<C3-4h5dfT^yOilRM
zc*yE)a2@cER45Za^nd7I$^R+#yM!|F1K$p^W`sxUc-5#a_XE`N`@S6{1L0AwXncdk
z`+ab|<sX@FHLhX4$Lss=`QO9(p8o&#p-lXVf26{ZUEd$cYlZLnM=F$w@A&b-Wlj7l
zA`bly#>5+bd~jJ4mr7#S1gjFc{|2~T_v3@hnvuD@BCglL^=&^sxU7liY7@yKCbBLQ
z-}2*w%bF<H#-jA?#{Rd!^-VuMxU6wS2d79G>7qI4_&32d<i`h>HQF-z*%`yT3D#xe
z8-9FnSrg?LJ^l@F{gEFZT-J=9UTQaUIsXV;ule!8WsS|1j;SG8y#}sV{rKRr#^#d9
zwHD*6;QG2BA6(Xq#1+N2Fz?sF^)){}xU7k$G2>lDCHoq<{?LyPE^Ey6;a+zU6Iqvu
zSN!<kvL;L&7t2H#Ujf%w{rKRrCXOK+VF>kK1=k<=@xf(HXggXg2lhVz*UNr<a9J}N
z1L?K~WqcW2FZuDoWsS|%6QnkEFM*4$&R#r1*J&^Cb=nL5?;hwn?JNFQj?i`5e*Z{?
z@S5+-e9b5S>#I6*PopD!mWk*6BNfWTbN+LFEB~k1?-I(yv;L6^W#UWzkqYv9=!-|_
zdgu%OkqTvEpKpgeuWSjAu6IX|@5Ax<jBf{-ity3XN43v@>uLW;g);G!ZwHwl;nAE&
zk3WTSJ?Yy)rXqaw^il1T;CjM8QlU&d?#Bn0HRjwY_X@Ey>*FZb=l%HLvc~4>jb$S1
zGBN1K2bVQA7a`kX_y)oCIX^zQtch}Mk6{S)p99xpetd9Qvjabx3GGLVJqE5v{rKRr
zCQN<ZVK^TJ*Iqw9xU3<rPacLv=C>DIpY`K|%Nl97Gs1Q~;x|P0r3G1+iAVhS;Ic+r
z#(mysFg^mVhyD2AvL=or9(x#Ed;Iv|vL-%V9J&Ww5Bc%IWldZv!upN+5%LhY9`xgb
z%bJn6O#CKrJqWG`{P^Iq#!N$dpR!6MZ5{yE{eFCKSz~h%a&rvd{ouOKj}I<uOs-pE
zIJCum;M(oS2bVS4a`ewzk;iUu-Rs8(mo*{Br$;FhS=|e+0Y5&ttO>c|W48r441nt%
zKR&puu^Dy+sZHHI;JVw74=!s=`?$T&DDJz#b(e1kd9ETnde#~}eiyjz^y7oeny@6d
zk5D&laVNO$@Z*Ea8fkgQVR*>u4shM>#|M`+I#-nPFnqUz>ob0Qa9I;_>DXN(aDE0{
zyZrdzvW6J$9wD`6zlZg^z;&A+A6(XG`_VrKz;+wBKJCW`mo+1C+-sHf)8M+*j}I<u
z;<$EOJY;n%xNh;|gUgy?uKQwn$m$kw-3-TaaRD<P@F>^)Bl3{d&EWc!A0IFqLlbg6
zFe(#Smx-JF_~5c8<T_mJCUEup@d4*8XyO?jj45M3xNh|0gUcGp^-xUO;#_V7*A0Gr
zzzPJK;uPWjo+ADmz;(SJA6(XiY3<m<2HW-E+Uds!mo*{7BSy*)*Rh@8`lKHpu!e(1
zTZW&X9f9+c;JVI_4=!sY$KDarhdGdSndtN5gUcFe{pc9D`oOirj}I<uqB%$7k6G+H
zz_s0v4=!t>=|_rxj(N9(YnvY*aCHF<u0E_1#B*)~SFax*T-Jo?K7Sa_UT_us_~5c8
z<T7KATg(M;<^A~Jvc_b1!eR*Zd2sdk@xf(HXj>e6vWT|_TwDG4fO~<^6f+d>KNT=;
z1y|0G4=!tp)6)LaLHejR2d=CiA6(XG>t|xqYb||d!IkmjgUg!Gdf#E#GT`d=<AckZ
zkgGWMg(B{5aCQ0d!DUS`!^rzx;M(HH2bVP?rTt=2smQuaT<gaNmo*{Rm#oyGj$+q>
zEA7Vzmo=t+bnn?B?libI`|-hLO*C~h{#+3gS(k}Tetd9Q6HPx-{CVcx1g=g$KDewI
zDZPz%f-B|62bVQ=8WZ_)P}dZ=I{f&6Z{?sdQ^xP@XTA<_wfphGWlfm+D?tfDEE;PE
z*G4}+xU7j<yW)jW_%?zo>Bk3`HLiGZl=RV@lHh9d<AckZsC6{{l9fXnxI8~TxU7k$
zA3g4Y>l!~kxU3mHz0|(UWxNJlSNrk7WzAT)q|Mdf+Th0rmo+1E{XtQSZ2;F*etd9Q
zV{?7Ah(lXk1+FXo_~5ceTaNbm3bS7ct}Fcb;Id{k4ypS?Rn9BGwcd{pE^7|Yr7hNj
z>vBInxUA8Z;pf*zXs^q`b(tR@T-Jmfqs6`s{>#9%&W{f+Yer&t)hgXOaJBmJ!DY=z
zT(4PNt>9Yg#|M`+_$J><70<sGTrGZla9I<dE)H!0*BU=QxU30Ned93YTLZ3UKR&pu
z3AqjzYX(=7A0J%S9F8H>H-W3sj}I<uLfgZ|8o{;Nj}I<u4#z<HA#Tal;A-&WgUgz+
za7mj6aINy=gUgz+bFBi`N<Tihtcm0LX6)!#39c1>d~jJ4$7N#QQp_vBRqw|Kmo;X(
z(e~=WwcL*n_*FVIqop==%fYqGj}I<ur2V&JTgc>E2Ch0kKDewg?MK_I1J_bNKDewI
zEp@1S9pzpMt|fkaz>^Blg!cHI+Nd>M0<Oh=d~jJ4<<jx*#BweMSFIl(T-NCHBY%EZ
zG1r1C;l~F&9Rf|r@n&pkLVW^Um-_L+Wld=N$A{s%6kM11@xf(H$Tf28PdJxLz_rMa
z4=!s$hVLDwT#LZ9(2oyzRtTDq>u|A!;JVn44=!tLhPOs2-^Ji^{SkuHjF8gK!v)tx
zetdwJ0%&5=jKF>oxEA>F!DY?ZxfXzHz8@c4*0|#PBb1{!m-*nT@#BNb8dv;aj9fL~
zn&-y{mo>$?kGww*T-APja9Lxf{oyEOtOnOyKR&puF}cFM0~YICaLw`KgUgyQ^~kZe
znRgDj@cxw8;Id|9hGNZZa8>#7!DUTxijnuLz;&S?A6(XiY2UG0DAZBxLU2|3@xf({
zX+PRt<>-E@E)XT9<0l+-^f4csSa#gxGo6{UDle>>T|IC9#fvUYEM8i-Y<W}Dl&Py%
zuXa{XnKEVS+2^fknKNgBd&$ZrE1MkJ)~s=+SDZ0pQu*;GoOsg7r=0qU(@uA$ojbRF
z#j1}3IK{bW#i|L%OrBNKIBWjG#f{FYl3DX>7dM`@W=%_rbIzJItJgH(Z%so(!<3d|
zkw-&AQ&W?(#&M2oZg%JoSv0pGf}AKj2BxJl9U?_udBn8d4BV`wGpP>I>aDI_(YU&<
zaUDhFM_uDm6<gc1u4PFbG)wB6R&WHmAikt&HSAhR-PE{j#d5_E?9|saGy|iL*1Gj%
zw_+Lofr3Am)-@xFhoQWdx;5)owA4|wskwDUQ)6udqRlN$tD7km8nkv@1I1cfR;+EU
zZKV<cjP5ROYHFyfZB&YIZ!MBEQpr|uLF?<*BYt^P%To2>ty$N^eCrxf2+p^ziA&i;
zWmwYCw6@M`u5GC!>LwI8+#zIbT|?axDp^Zy<8mriQw#ppHWIz&Yiw#2(~|A&sa!#@
zn<=reE8D&W{%yLuvl&nCkV`2ql_~V}dF%j6`M<$VcR_^ii42nn%x2Pajwjudd0pvz
zL9<9mD0flvLsBUWI~_VIx!ALm$rXjPu`GYOQ=~hY10S3opHfAI<O-<#XrC=P5>!uF
z=d-;%aA+kzBoj3h8ipGTpAsb3Y>2^AmY}HUNaaw2ysWg^5xJghcTOgtil}`-Rn2sH
z*&Z*ImF3=%>k%pXm+$M|nC%+fL&ZNIQ!D-zQu47{F$r=C<P69R$ZUuUSq5o_Tmk8X
zbVGJPu7}(Txd-wH<SEGWkXInzhP(rL5AsXM|AqV-;zN#_SSwC|Oof~SIS(=)vJ|oc
z(gL{>;z3f7Zb%;TNytr*+aUKto`Jjw`4h-rLjDdyuNEDL7miMboCcW=xd^fx(h9j8
zat)*tLa!t(KyHNWg6xJo3V9MjFD-oq@&@Dp<j){Kh5QmiuQe^fTh1mxCPPkvOo7C0
zc%>mcXN3MSs>OQtkCBFdj2f{K-jz;+1F6&T6hC>%=!KsQS9zj18@~~~5>NSGg<l8V
zBCdr$iO<6O(%hm<<nQ9L!7t=q2x3<SvFLB-@&>wF>_aZ(59bDWG<*zCqJ6XYY;pbt
z7tB=KEZ*q!Fo(9e;Z{AbX8!yIv|U7->t4KY(V|PRU7Dy}ym$$1bS9}^v2x|gRjXDt
zG^}3T*x1<A)ZDyAZY?cE^$K>!iE$+*C8ZGh#8x`46d1PB@d%}*<HwJmFm4=R27!zl
zFUFOs{Zg$cC1f1gz=9~TQ&NHm7{)<4k}ntXm&Klx$cd8p*wq_K$De%M$&)XbH{s$*
zO-qkjS>AN)@nx5<hmPDIZ`zE1Z6};malV@n4M$&!bKr@hV?IE+trH0A*1-wUDdH34
zR%+e43uji&LZs%r84EADXwiZ-&7yAk;$^k%sm_hb)lgh>4gXP0G|t7IxZ=vI>c!et
zAg5o3F>}_L4pd_HoEGowbEcdzO;lBrlOnY(#xwEL;1!I#ek_N_k57u7@cc1TtQ4!n
z4)KVnXa65{Vi|sqc^$lf+zF2$H{us}IsC?LwzyU76}O4U#OK6P@p<?%AiJmd|03}W
z#?B@1P*y4~g$Jq$@IG}kJWhQK-loX+40#nHUp9A$Jz%{7-v~^G=NC#p8y--mi<|H*
z;zNwR=J&vlz-#^lkz$5U#c+?P1;ZxsFmv4}?iUYm`s>BB;?v?Tu}geL+|CTeDeo1#
zIVJJkEi~Vk!~mmI1`;Yyhj<WeuvK(H3SxzLlu>G%WugJkKG2ip&3IzFg`acYEVkfV
z?L7K01KVwQ?)GwS#|`3Y^neHdhiziJcw9Uoo)ljYUlh-Y=kYApm&JbZ6?~)dl6V<j
z*xKQ%ExJ|BE_KFFIOFK$^%JL*AAi<yGp0<PUQxH~?8~RDT;;4jujx~3Zn@RDtzvq`
z9n&kEdj=d);sndJDN~P|JjFTtoTtyk3hcZoQycEQ0b?OzaJ6&XWM|6MROconex&)>
zmbI;CA~(6%^V*J^JmDyZ)_u;D<0el>9%ni=&T$tlxY(WKoavMwUlA<m<}YwuXTc<Q
z+PUS&)2eR4DK0I=!tJD*v!b<%#OX-=AH0=dno<ou>Dc2Y%jT1-<SA3nIMX@n>~p4_
zJH2AYd66cIMj!R7Fk?^0F;I!mO89M{|Nr3s8+_(O=k>A0r{l<+44#kUJaP%23CQ!#
zczEKt9mmoj=75YiglAU{8Qg!zdt|u`$HfZah>uW)sL0YygZ5G1W8OBD_gYnISvK+)
zG@W(DWz89AZ?N}~e-`F|n=u1#=l{D9dl<*-XR${)J?h_#*j^m9nlZ((k9?Z32>U$#
zKd!V-!1hVZUedN*ebV03D!wq2&7>|73k%sTsmvv`vcgIb|9R1ePqp9_wPz*7a>zW$
zYRFm@r~Rm0f&Ggi@SAyVhwG4|R23DXH-jY_`($-0&dpai+tYByn}LlZ7n%$LKoL4q
zJy<D9KbwWkN%(F>0)b_>^xLWYkTSRd?xiZvhqF{<B?LUcl9$qszD%+^-R^X!y0blf
z@DA%-M{8@Zy(a~CuinO9%7F%8XR?s&ayq+GJDhxbGLuR5z_^g=$pGbxty#0+M>yHe
z{(?KRxbR}1ps3sSWKRZeLtUpE&Q#O0x^Ow><O}33HO~%D^S!wo`>BOPRbgasZ4&F@
z4xwifRR+$@nH4Dpxw4fdb+X%1J)K?I?PDn~dX1Vur6ljB$jm4}t~bAV*2ZM}mXMb(
zY^a?K!%lckMq+F|l?ie8tb`bvnGi=KzIS#)JPY|&70zRG65<`m&mr@$zXEbKWGm!W
z$itA6k>)vk9)ivBa}#1Z<YLI@u)hmD%c>LNv*0IrLCH+u;~=L%z732df%u={lghCj
zpML?)4ANc+>44k-{fppy0CE=cyaS&<p?p;uomSVS8D)4L^2d<LNWTv0Z$i4)ATuDp
zhMayO#yn&LWEyNp+JWB)PLjinIT}}y5qH=zD((9UsXPYg#$<=?$zTv02Ds$uX)pAo
zQaAuEB%i_Zz(bz!_nXBvl{|>Zz3)T;kI20}`7~Ve5(oPdz7&I#yx`&}Om^Yu=;%`;
zumc*&!d`=w5ioY1tlhp=7P@nos&K)U_oT*g7daayijRR%e()-CqH+_9A=cj2+mX6Z
z8dq+1ooO>7sn44@(cE_fzrvhVQSR;C7@a>|oDiR1BITbDZ%4d2BBURSP@1vWjnzh%
z;Wx3DE#98Z^*M#U9J&SGg%foNF`y)e&weF@bwD;}x05UDP7DH_2z@8S#w<KzqnqV5
zG4(LU6g*<HAM}duic5K)_Syl0p(0c9+okK{bcy<eczZ=cJOQ~0l2StWxrh(0Oo(47
z`D=V0P(t_%kX%DT?1wn3QD4YB#7PMMH01au_$6*khz}vZgbXV=2KWrIus5?Mlii-t
zO>hZT{#OYH>r`jwPDeP?r<1S4MdGYQ!nwu~3+0*Z6139*($8s5i0dKGL*9Y>JLJ?g
z3DF4oCG^AiJiA58arhKU2>&ODWYb3n+8Q3aol7r8KRE1#o?V7JjxHl^Y~;|laAEE^
zs+%Z^(+6&e6jBtY)6k|=k0jVZAM)%%v2$d0&bDM%FB@y0-oi<DqOOj-apDMZQCmX%
z8|2JnLexUqA-6&%s&hQCsk<%kYp(9pAV%kZM_g9dvKF`VL~Cu!@;clXYgtk+P$`_r
zxv7OLksfG57hkBd<Ic_wv~O=`Lfi(q3vwUiVaQDox?$tBC%f7`t_M~NH0KEM;1;|p
z0`han(On5K6|x0F_)8Eq2b`Oy89~h>=XSt{?Zk7O+TKF88;b<ccJ(=%QaGWbJv$tB
z9xiQNrz1;~BRs?xCZ2-~FFb#ubN+}aH)Br3s(|J{Bc*fxg%fpu2eX+jTcl*0F(p^R
z={!DodR|0h;~aVamX1leL|W8mfU{}Yv<MD0Lp%7)+#oib+b%GVquA$ALX>`@EIoFp
zK)CLVB&piLc~LHKiBDeG^Qi*z;oHZYv3NI|5IcLMOu^^hZ%v3d@OgG$LNqB!;`7fT
zb09ZdhxrCV`mspUZ(utXzTYPQu<mk<^pd-G?b1Du`48<uOCQ;wdVPn3v5)L9FDBt2
zep3bwhy^STP+FM=b1KG<I^`;e$Ff}DrZd<{%lVdiLK$jU9z8OD8u!gRF+bjbu@8Ad
zNi#lcZ%T-ZAld%0$>iU_b}XE~P5w>UT>dPlUY?oSH>a@H<fHr4n-ii<Nh>}RN(irl
zpcBO9a%Fv%vy6KtT(roEDwS#Pqbm#1lgw;NVd=rIGZ6Vy7p^VPjAGyxtWP12L-s+Q
zhr9&&8stHU?1o_dF8D-?6*FId;KdR0s}-D2v)vM-QzNcFCaU|-^l}MlGZFWjGlk?1
zd8sfH(|d4*BW5}>PGd;WI|&S1DrYq9#aMmiv(C13PoWo=9_qR!wPSO#mrmKL%;`=&
zh*YihuKao+*`@b`bBe61o|v^-o*rn-sUfM}f#6gGmwXkxO5nGpRLHYU1x`SiOX*g=
z<_WAdpihI6mODtRWd8(ve5IuKaGuanoH}$Ab@YlVLK*V<Q`^vaN+K8$8jJvu9-+FW
zJ0rEAJ}A-?oncX=w^~9qpgM8t0uYUk>-S4=+fx3)TWBhb(r9}wrQVTWqj1&qtU=uB
z1vc^hC+iUAQdB2RjeMfT>`86y#T!$CHdKoOZLQY`*^EZ$TN@k^$(}sUju;uyt4X}~
zHn=(tJ17`FeC1D9O>!JkKMXyP5MPG84LJew?c3vJC3G_(&)<*r10>GwV&MOHALda=
z8gc>T?{<S9vK2BH^8I@g;u^?555V^Bgm?^}#FbN@#k^+#AHD~33M2{nSESK4UqbvJ
z9+LZSsZXt=&onT~<K;clX1Dr`+I$+=a!B2SxCT-6KmCz}D1}7rh91T`72-k&FIS%w
z_mIyz$f`&gmLfhM;y`?G{}}Q;$g_|;ASuX|kUdDxhbyfV)KH^-QS%HBT6I{d^IXNb
z6}a`0$1MuH5XPZXDy|}>4(WI<-JHzh)iGH*iQ-zO(y5ShK!uadU~wkDQgxC&n|d)2
z3wSFNZd#~ImL$%|deY*=RF>lWaSN$8pUPuVLo@$OTqpCZe`uYfc`)s28k9+Ak5ss-
z?sH-Yds4VD#4iTYU$Lt?@fiU3LFk-AZ6vGEg?lpUf(jEC&GMMaREj*8nZI(C3w7CC
z{6?Il9{O@Zk@~!Yt8=>Vg~nlebqgtM-tc%){X(mk9>*l%b)LTYq%KTives)?T|Y3=
zFA9QVle%o8SlzUAT?4+^m#_R;!gH^BWe`>Gzhp}!N`ib3)s=`uZ3*5@7h=vb>@N=Y
z17j6g2wgp7J){GYgY1Od3E2Y~gggrwg1iTLA94_K2r_<2i71CmflPzUgj7QkkOs(l
zNCzYb*$LSN*#p@Jc?I%1<SodLAj6OkARj`+(h@NVaw=pRqzbYSQV(f`v_ZNcJ0Q0}
z1|WMO`yl%vuR>^h6QA!w-iLe$8ISg%tz3Ol{C{%&PZOSpJFS^4zPq{*@l7eZcZMG)
zV4IEo?qoVc@y`gaosIwx@t+8<lkTL|R11+P@zUM7-ky|~EA&8j%sBcHLxEJ{nQ_TN
zHZ8=9<LK%$+YU(l?YQ>7P21BMk1mPnt}-xxTt`<IZbcWWJa1X^?Af_gkB1|>J(bUk
z^Gb1vfzs5JcD8qA^C{w3Qrg+sg<G~1UtZdYBIiYYDP54F8rZHb?abl6bD<OQYY^`(
zv<r_v^CDSFw}phbv9yz3;>COerJzV<wo%$=DV|H?>RE_?DNW~-g+d?2myhob>ac!1
zmZR-C#;>G!H*QD6W?+0Sn@{iXdQzLP{>h2m;eKjIs$JX{?sFj?8Xpu>{CqqYQ~V$P
z+?=Gg{D9(^H9s1US+*nFP38EP@pMm8h(q+L8g<eHOp?iNuFFFc@&W1I3Hc!56BBTC
zg>MUp<4KNhrYyu$97kcXJ;QNXuYDZP=cx0)K=F=Vw)rx}(a>c70>v|u^s5xlZS2_s
z{0}MK)6N;ZPVs{L1<KDS6w*}6laJaKbkNkJw&gRb#N#64YMe0JGP2KY8QJHyMA~57
zHI*z+6;@|Edb?8fXt=IaEeb_*<bOkvN7L*|96_ibDq18bqRy-8S{myb=FX8u)N}uT
z`|s8Q<5h)9go7Wn#MkbWsEw#Bq;~Lh0F)AxmSFVYmmJZp5-)>HDqtLGW0)&9VwzSP
zm7=snmqnv^D<e(L*gYHa@A!4mrV?6eR`MAkw8Dy1?QmWK=ZFqE6%n6ANKI!J2cm2+
zy`(WSH3Ol#$CVH&Q41M@unj&1e%FCj0O}(V{LU^zC7c1_THq6B5=a}Ggj<!7Yw>>o
z1|bi%VeaTC(huZRNXT<L_Vxt`e=&qTdO4fQU7cpDj@5bT-jVg9R{iE=A^wq41)JSF
zO@U5Fbnlb{;PRAEIn1rHC+ueG|I(6vd@M1HbPrySW|uw4Um#Z&k{gX~d;qBqK*G9z
z5qrZ1@^$PTG>|v2ho*?6dK&=sPRR2&K!#8*E}`)H`aGOcMgN2-lEH}X|5y}BXVQfn
zc+_a=>&q9id6B4(*c9m8nP|`m6@}V)aJ5E|S8h|bkfk9L<lZwIHf;tn2gq=MU`HGx
z8+1yL3eAP9LUd|?@V&sHH5#E*N1?ofEgGTR@qN1(UaJwZIRQ2fI+e!{;&Izl;0bNR
z1{FZs3}h~lW)voD=f#xDK$?LZG>|qR&hdJz67^OfZ3>~f32{A;Ap`jgki^GTnc3!H
zAoR+<@c4Qj$bJL)8X-pR-vKgUAP0a98p!_wav(swu4KO874ky?LfQWeHqMFB+&=`e
z-$3wlL2*zaNQ~`tAUT7l0!W*I%mY$&QnaQ^fixRPE0BHz*#e~e<Y;;Nfea}`=6)ZL
z{g}wZ7W*Rc7`cC!Z1BQEIk!-me*$FSv}med1F1SaiX0D)12dw?G$7^YN0IqJ5(ZKa
zq}f2$0ckUkb|5(e=>gJjAU6RSFp%9q1`XtMK=vERb3ld+<TW4%4CMPjh7II@18Ke>
zTCWd)R9&bMtR#E9Olo_1l}4xy4^b)uIR*#KfPs7*$N>X614!F!&BM&Nz!(Y;Vm==>
z&DGk5ka<7`4Wy2k4WtzaeoPn{2_BIB268Qsf%#FJPXfugQRH4ARToE*r-9&yo)PA+
z0U5$q!{Mm=KBc-eiu@SJFxrR`;{)5@Ai964w2{amLY75Sm0|uaUl~O{0ptK?<8bs|
zNC;-*F!!ZEnlaOcHdg>iV5SXix+s-_TnA(b^J-{wEAg~Oc^(BaU?4988B_=k8f@PI
zl31sC=nR9mYF9a!JHopE1#Fzlv<;>D8IU#u`4C9%s;JF`qhNzYM_8}ZfH>DgZ7Rve
zK$Zd-G>~Q>RYrL>0O?OfnX_br3Wa694#+@fG_MDM;ODno9$EJ<0%<moHz?KSsLe2t
za$E?8?fkbu61gZ+f)&%?)+llUkRby(8wh@C8)=RCK>7>ORI4bJLgW~`49IYAG*uEv
z+qP(`tw5T0M3L)(4BQ???gCQ2JBmC^$bC`dIUtUKd>hE1(aY}wIbe*RVIV_`qdflz
zWdD*VGT|8XjyiT^%bx}Wj|fCs^?b6a(TK-CA4qK-tknqY#Uj}BS4WXXAVV9XhzF$H
z7>5NQ0(Wl09=wYXgXeJ|j)A-gWN1z_)f+&{4djPF4j8lF&wvaYE%p(Rs##H<aahy!
zpBF_=1d=;Bip&5)ulx<mJQv8plcLC_K!y!uHIO0WJa`q5D&q{B1CldZ^?D%vYGlgZ
zxeLg_JED2*1%k&uBIS98QU&t{wBjp3_E$!2z6oR)7Y|`A-Ud>o&gL?&p8&}j$cI1<
zo)AqnVIsz%(S|1hIk+uqGYv?&aTLq}GF%?DsRc4*Ak9Dqj1ne+<hDms;a56h*g$Ru
zvfn^<14*dkRMzYBWMky@6(9o!@(mz41Ni|E$0*NV0Xb-#-+u|DYD%<(9|9TPq!E3!
z<uEhOUnMhc7Gfq%jlrg`w%UMDc}q)9#0(3X$fmEhhJf+BT9S~HQq)FWZS_M#%F>c!
zI>9KLK-uB$=SED{;xe9F=&j!Pi4FmxJ3w@qn-x-8g6=Nbbea26Qd#CA1MKQDQ-Nif
zZ5u)+m0|R9UQX;C23;O$L-ksZRA%*$RC#n>!@BOGGELX8)8<#<oQgl>tB`pOsJnqw
zV{u_3H63UiWuxwj*vvC6=6Z{{-eO*FF(0(bT(Fo2Eam}=xf)GtmKl%7VBUz-eg2ac
z^N__nWHG;GF_&A+`z+?yE#}uP<{w$ij%F^w5`jyP549b!(W1u2smOv`jPFoUONE;r
zEi-k0jcijrQ`dB4o0{>ueM-z3f^yWOw@TMtkJb4Hbt;X_o21L5k?Ki0ca7BS!(q$y
z3YZfX^N_{-UNKMgdnlXYku6qps>R%FG51@{doAX@7V~;*B(zz~35$7y#f*haQJMFI
zEvAm;oW(q7F~4dtziKhRZk4&;Vt&?Qe$!%p(_$XBm<KH84Hokbiy0^LqSiQMwZ@>u
zJi}tf7o{do^-_zu-eTTwF|W6n3l?+1Vm@dw4_VC37IT-yjBiBDTGYH}F(0s)_gc)a
zSj?|j%&%BIIBYTBX)*7!nD<%CJ1ype7V~=+^RF!CUs=pu*3pf}D~rw`yDa7>E#@aJ
zX1YIygme~G$6&d|yxC&D#bUn2VxD3#JDU0Ta0WSX3}=uTdW?;HcBr1AYdW$`&4;>o
zO0Xy`+H|W{{T}OHK8Cta8$;cvjiK)EkD=~~-(%e;jiK(&80zkfq3-XFq3+GP?s^R{
z{{!o2I!2dA+f*N;bJs}CUY%EPoVHoa?^?_Ui+QRKTE{8foit~FoW;D;V%}ph@3EL0
ztQnx+V*Z82Jl<-J@x^)7(D!;~nFlQ9_bq0+uu`eys;Qc$Py?yC#bO?`n1?OqL&ZGR
zhpg7vVKMKwn15w4pJ<htu4T<KziKfLS<J6n%)`Yz)x%bqr&-JgEan3i^9L652NrX^
z#XM{=zhW`JYcaoTG1H~7Y9Dn*J7_Wg$YTD`V*b!#ZnK!-kf7)+{FcT13yb*|7V|=j
zx!huY)nfjU#rz|Sd6LEKSj;;t=KC#XEM#=6sw<9!b#zy0=HJ8l{g^S#^HcP(GxE8+
zdWx>;$Tl@^>NYIFjg_KJpWhR@?s~?a-)6PyPMw#wsorU|>UgVFn=R)37V}#c^IH}(
zeRGC{k(FMX#XQYoPFTzdi+Q1L=iuCwvzS{g=A6ZxvzXtvnENf}mn`N37V`m%`9rHU
z1}x@VEapLrdC+3+u$Tue<}QnQm&LrxVy16-kucJO`z_`-E#~(v=Jze;Dm}u39vrfm
zKeU+3!`@Nn)AHiHYW7>q2Q20ei@Cp;r@G%NbGg+T!xnSSV!qR2zSCl!88Aa7K7oV&
zATy7CH&xo8cS@R($ElPw*nYeFW5)#PbtIT=u-HN-G!kUX&u_45y4kAfW~6{wn5t$d
z>_K&|Y_^yeTFmP$=JgiyofdPO#k|L2e#v5f$zt9Y^p0+goW*><#k}8Q-fuDQv6%ZU
z<^hZOS&R8ui+PvDJYX?bTg)_$0EYcl-E1-Etacu>m={>gtrl~u#k@0MhDuc7D3HwY
zM*-Q?!sY<y4x3;m3CdG)8EnuHk?l7*F3K^J;19=Fgg{00NPxqcqT^zzRrfZl?rmT(
z+PP-XsQU)gtDKqR>#lQ`HdI1lGq)pEQ)2B#d7LqnN80@7m*)nQr)mu4kv9MN<+%st
zNsOU9(&j(6JbG+2b9s<gFk{zSBeTOAnH}hDb7Vdnj7-hk7BZ_JhxUU9W|Wuu#cy!z
z1i4Sq>t~J3s}7mf*}S^AJT>KEnbq%v??Nj1E7Q*8mK2T7aNDdNbqIMn3!CA90Y6U&
z^U`<zbuEx*@phz+9d)jpb0RX}RxP1e(TpVPK97EHBW-BTF*n6iU8UQHuN{hPRQo(L
zO8e*@%>DlAUcF$nGOM~TIDFmbJ9_+-9BWn_d;bOX!Y@~fj+A)|bxrjMuU=SeQ+;Z&
z&Ad}}-F2$@hk`Lrc?@E1(RX|BB#U|kDaUsh=&a|_!$I^=(EW5KB80XtBh_G9jx~w=
z0EoV7lgM8J(RX_!^0z?lS0&`9W_sH3m`_`nmwJGxT(3?!uU{h-Z8UBrPuU~}cuyjy
z0okEO9hl{VRzj|yb(znDja~z&-0@J7ytBkL#cwa$>2ahWcY2(PsGOjLl<&ph*%Q=)
zkQG4Wy)T_tD-Z`oqa#k1upJ0(NT`q=APKd$kv4ZxDpWJ9=^h{t;((@OTJ;5DIioM0
zCgyTH%Z8^LB+oYpL0^T)kAV<th<wC0(efOPfv;DUl4puK6v8rB0@1(vkTwe}n|dH9
zPNWvCWCQa^YXIpt>fQsyK}N(XYnn%_+^Fddu+e7+*@N^5*r3rnyJ7Poc*48}fxK!U
z&jO(<MA^=sd`wT22R!;Qx<r7WDB`O~MO)ZAZveT)V15UPd0c!%se<0|)KhW&LA^M4
zRCO>Mb$A{yjYqY|2PLFjk3CL^y+&TA14$S*6+mc%8MUE$gs?fti*y&kX2{^F2hwct
ztTlKjRXY&<`vlqVSs>4ZBh#bjDCr5!=otGHY+g6=x?3^Jap<WBA?5E<94fPVlulo@
z$-JK6REfyweE~?9!Td*L6SlK_{8O|Ub$=H&`;1h74P+1r)u_YqPLKFi1^w>n$1MW{
z#^Udhs@32rnT(NXjOTJfj8>frM6Q~srnFT8F-J=SkX(?88v}MuPzz5zYMKZ}3-Mfm
zRQ)KAtOX&RK;AV<SRm$Lh9sL$0r^p2<EaN*_Xl~A&AqTm;1_-<k}C6~K=c)&ti=mJ
zXaf~&JoVtN{1p?`6eFA;iIw+B81eY|(WE((d<#6UgCorAEg*E&AJ*%~K!!OV&PzSu
z*=+RA&y4cGSo{kR{oN?agH-fL=|LmaQ5ZWrg4Uo^Cjik`wX&vDf#|zW61f0~*{UuO
z{aqy0ot{?4Y!mbsdD-FzlDRLaHE3IbRD(v#uLIH$l*f~guZpU`#`8M6vmGgJF4<yK
zFM14iz^GRTc=Q=x=CvKjlL0g3ek%~#!Z~vfkY5-!PXnnB5Kpag`;m3nUoR04G6~Nz
z-vy$7M<jFqQy}^qF|?0*l(;`=A1cRBVKW%yMaV%Q8w}(S@jw&ibv%CYI$)IN93TgR
zRJ69CN39(ruQ{+OH&QJIk~5CwH9(ezJmhg-&2<22gsX?3hl7@<zM!X&_ZxY&gGXN}
zAeDNod%&={9yZaHjC}MwXV}~U8#>-)e{o)TboxM$JGIy&uo(>M<+XRDHui4fIg|Q9
z_Qg}M$pt)=>O~+ljfSoI79;xTChcDVq4h{;^8t`w89e_F$Swmp`r|?r4CEvr`kP`|
zo^ybFVA#wCvfe=GDXumHX#}!As4123Dj+mkWKBJOTriz^6B?MQx^IC^!r-|Mi2jB}
zmghDg9fr+gKxhL99?W&@z@W|OoiD+LX07mOdJ9OifxHJ~$SCvQ0C~x<`Bxx!8pzQn
z$ehELKNARTAyNh8puv0zkXHg88Z9(5`;F1k0GlE3gza+;kTxK)4G|GtKu*M`9(8gl
zlL%)d=?*~*1PG<N38`ocOZcdTybMI&dq=CHg!GvI!GMQmi4Jfy2klJfWpaHm9N17E
zZ-8fKSX1e~K@0^paP7dp84d&prTSB(IvAuP<flN)^YZu;h0s@sa%`Li<V_>h3?Lm)
zhW%axgm%MLT|x*pBvj*YEs&w0UZlGk$gsh@1;~2_avhLz<Gg$;kb%JFKJ0myr!%YJ
zLt{xx>sorb2TpnHQzN?1PVvy-9dNbbWwQJx5T4pSemGQX=#gnJncu<=_27<!cF{|4
zG^BU>x)CGaa`FjdY0{1-sJ)(Swopg!V&Mm8r7L74hLb9<kVTR3G;I`Q0BXF9gjDUM
z^lUTKWCt6lx52;`UUT?SSsA70RuL;;l;*qOD~)#4z~WerylAi~&|WfD9)HxURf1je
z%q8SgoOmJ}uaqHgBXUkb1>mZiZwg6(9Y-rAk2P(GGX~q@a+-#qx3xEmC%1w&#1nr(
zoSGkPoxTo5<~ZlaF$s32d-#b`;U#nQqLv^fFD!yR>1Deso9u|RuWSb|gT8{dFmAxj
zaEQsfk+Sk@V9+=o`{brc4zD_*eVjs3gVeTkwl|NQxLsvN9q{}VxbxOj^njYmUAIa$
zXBVd<9hMQE$lEu2c$p8qPe!$BCQn{o%u&L*lK1QgPPLPz$xE6-*38|DIDigJ;pf+E
zG^!*$lTV&$n2rECK!P1OOpEMcvcho?DCP0PyYTU8G7%6k(T>R^PtuZ#w9$R|MaMn{
zYZl{{+128buL(SMDFXu>DzL!-B0rfj&UZs3$^%BCYA(dnrWkK>kn>|)aumUNiI9(V
z$$jd7R+B$u6_vb<@?pjv0s}KRV@zi-NaS09WMbvI&IDyza$A$^K?kZ_c+VrhKMGRE
zleX@qxrJ?0UFq(021C)qsy;tQq1R^N=_jlO?*^4Hlfc<f3=yB*$t`YZoZ4zx5+o04
zT~Y3uj$YhIlB`lo*KHmhRw><(65m9fW#Ejc%7W8Nc66XyrDIKMI6ektyU-qcMv_yI
zY`MURFS;3eTyDUrZ#tjenC?o$p-@19iE$HLC&Bx1h^c%O%G11bRRnK@(lc-+8jEpc
zhSrs!=<Mz4qB2yX^;t_tj3y&M7LdwA!x}@1W*p>?LB^F(&Xzs-9s;^cvI+gps_Z6s
zv-7m;IF+Hyg_i|vMXYE^oRG8urA@;TI%Pwi4<s9=k$ftN^^e?@XDn_v3{A|3)Eq$r
zd$QDYY<T2EQK@B=QJJ0(I_`FM!5F2M&C5-qbexWwht7-YxC<~k0&sSqeaS-g3R;Q_
z$A_aHhC6UHv=_W^Tm}H%$YmKt4hKGp;I9s6?V_RIhiZo9;g^0X0IkX6NVjD>Jep&o
zL0|GJLKRqcg58f)W$7GGjjo`n(NpxEFxihmAHok7BjoX3#)!f0V>!Ob`8F=L=^*RM
zX1CB%M^2HUgMN*$|1R^iASW_TpqiKC+Rc@u!XY46C6d^9eT8a8d80#?HW(ThRotGa
z2s{weS)F(3)F>@wOtMm(imV8^G+tplPDI>Ia-W{Zi|*?NloVV_c><RJP4N8Xjm((l
z6FDro9CCU=d+{DECn%zJNhx<D*|USOkW1$tuz?(Jii<E%TD42#S<YQScD$(4onxGK
zX$clN1gS8}m=12EpK)@Ojma74*+ef_rQ0|1@`g!WIe}xJZ{#aBn@KDXUPso;<x{=*
z=t<G-8PCh5(sLKocs)4Lz;&2}aaR#FQ4ClIk?)+j#Q@ELGDl@WQ>Fn>G2pt6Zgxs1
zX1I`SS=ZRQVl`fnxVCQH(k8sev7u>+*MN64;!cCImeZX~8M-c0N*o<@a|2A#3T{Nl
zdh{(Svci&@xxA&VO)VjHrW<J@j`Tu4@<r!a8EF@DNLA?KMWEyz*^!<+e&n)<r$U?=
zWWRc}qV=+LF+tY@)E!tbQiV+gj=faRwiIi+lh@*HgZbW#d93GC-5y@Yl22p3NU6w^
zpSPncQdw^1z@HoYZ_{S!h#97)E&0NhfFiB#@nErr@4r00)212*ea6n_ynt065b`+i
z`cgRHmlrvKOH_kd_c+~qRD0}rPd1NSM0)ssJ5nr8qPz%>Hbn69Pove~C_fi%P3BQw
z2gvN;jGxy3s>RgnADKh8nEKLBO{w(u%g|Qd{t7CDFVW=b7~LxGPm@Eyu!fWk7HH_S
zEY2X2-b!~Tu>#qc%*&4DjQN@!-48Fa)Tx*;H)SwY$U(st+UX&k9dO>jRjba+7{x*F
z$jMz_+~Fc3I2r>#kfSv%h821r{``0Wgsk{zGMYf${qwvf#(~A9)h-b|?pY&QP(nF=
zR9Cd?k;jvFczK{_MpbK+31yMvy}fwEsIM(`yU6=8xM8e3X9hjTw<y69Q*QN52<3s9
zMf&Ab>9jXaHPOuGuYPcH3p-tXY2smFi>psLAF-J(5so4Hrd1P4SDz>#oxfwcoNs=I
zrB=n3qd}dp<<Z68`p_2;G)0)BjZPVIC56Gt7Y{N?aFWO9rO63zj+H0NpnKG$!P(iZ
z5qqecGc2dnZYSm8hmzn#B1@pWi-vO^AHC5jPj)k{e)Jq3PJhAK0c}cm%`_?d@6<ce
zXKC1i<P|gA<2xa;ER+R#P*qCxT}5yNpb^!vt{3%maI2Q#TcLVae(#}aiu|r(P|>Nw
zI2uMdeW(nA;Y%xLxhj#Gpr_=aE<qKSLqX0o(Yc52i@?`wXIFAlo~AuLKghmUyz*|L
z>@k?~1vuSB*Hcdl>l|EB$zk4=-na#BWm8>q=Xgnga>@%kDw@00*`?x^3_O&o)}tbY
zlN=p7<QsLgIZK}oj3VJw7CA)a&0DbW>0kNR)%Ak2a9kj%*#(yu{B?&{TrMgJ&Hb{m
Rw7*w%Hp9|OYt)y#{{i>HgmVA@

literal 0
HcmV?d00001

diff --git a/config/scripts/config/confdata.c b/config/scripts/config/confdata.c
new file mode 100644
index 0000000000..a59e245508
--- /dev/null
+++ b/config/scripts/config/confdata.c
@@ -0,0 +1,458 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <sys/stat.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+const char conf_def_filename[] = "config/.config";
+
+const char conf_defname[] = "config/defconfig";
+
+const char *conf_confnames[] = {
+	"config/.config",
+	conf_defname,
+	NULL,
+};
+
+static char *conf_expand_value(const char *in)
+{
+	struct symbol *sym;
+	const char *src;
+	static char res_value[SYMBOL_MAXLENGTH];
+	char *dst, name[SYMBOL_MAXLENGTH];
+
+	res_value[0] = 0;
+	dst = name;
+	while ((src = strchr(in, '$'))) {
+		strncat(res_value, in, src - in);
+		src++;
+		dst = name;
+		while (isalnum(*src) || *src == '_')
+			*dst++ = *src++;
+		*dst = 0;
+		sym = sym_lookup(name, 0);
+		sym_calc_value(sym);
+		strcat(res_value, sym_get_string_value(sym));
+		in = src;
+	}
+	strcat(res_value, in);
+
+	return res_value;
+}
+
+char *conf_get_default_confname(void)
+{
+	struct stat buf;
+	static char fullname[PATH_MAX+1];
+	char *env, *name;
+
+	name = conf_expand_value(conf_defname);
+	env = getenv(SRCTREE);
+	if (env) {
+		sprintf(fullname, "%s/%s", env, name);
+		if (!stat(fullname, &buf))
+			return fullname;
+	}
+	return name;
+}
+
+int conf_read(const char *name)
+{
+	FILE *in = NULL;
+	char line[1024];
+	char *p, *p2;
+	int lineno = 0;
+	struct symbol *sym;
+	struct property *prop;
+	struct expr *e;
+	int i;
+
+	if (name) {
+		in = zconf_fopen(name);
+	} else {
+		const char **names = conf_confnames;
+		while ((name = *names++)) {
+			name = conf_expand_value(name);
+			in = zconf_fopen(name);
+			if (in) {
+				printf("#\n"
+				       "# using defaults found in %s\n"
+				       "#\n", name);
+				break;
+			}
+		}
+	}
+
+	if (!in)
+		return 1;
+
+	for_all_symbols(i, sym) {
+		sym->flags |= SYMBOL_NEW | SYMBOL_CHANGED;
+		sym->flags &= ~SYMBOL_VALID;
+		switch (sym->type) {
+		case S_INT:
+		case S_HEX:
+		case S_STRING:
+			if (sym->user.val)
+				free(sym->user.val);
+		default:
+			sym->user.val = NULL;
+			sym->user.tri = no;
+		}
+	}
+
+	while (fgets(line, sizeof(line), in)) {
+		lineno++;
+		sym = NULL;
+		switch (line[0]) {
+		case '#':
+			if (line[1]!=' ')
+				continue;
+			p = strchr(line + 2, ' ');
+			if (!p)
+				continue;
+			*p++ = 0;
+			if (strncmp(p, "is not set", 10))
+				continue;
+			sym = sym_find(line + 2);
+			if (!sym) {
+				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line + 2);
+				break;
+			}
+			switch (sym->type) {
+			case S_BOOLEAN:
+			case S_TRISTATE:
+				sym->user.tri = no;
+				sym->flags &= ~SYMBOL_NEW;
+				break;
+			default:
+				;
+			}
+			break;
+
+		case 'A' ... 'Z':
+			p = strchr(line, '=');
+			if (!p)
+				continue;
+			*p++ = 0;
+			p2 = strchr(p, '\n');
+			if (p2)
+				*p2 = 0;
+			sym = sym_find(line);
+			if (!sym) {
+				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line);
+				break;
+			}
+			switch (sym->type) {
+			case S_TRISTATE:
+				if (p[0] == 'm') {
+					sym->user.tri = mod;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+			case S_BOOLEAN:
+				if (p[0] == 'y') {
+					sym->user.tri = yes;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+				if (p[0] == 'n') {
+					sym->user.tri = no;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+				break;
+			case S_STRING:
+				if (*p++ != '"')
+					break;
+				for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
+					if (*p2 == '"') {
+						*p2 = 0;
+						break;
+					}
+					memmove(p2, p2 + 1, strlen(p2));
+				}
+				if (!p2) {
+					fprintf(stderr, "%s:%d: invalid string found\n", name, lineno);
+					exit(1);
+				}
+			case S_INT:
+			case S_HEX:
+				if (sym_string_valid(sym, p)) {
+					sym->user.val = strdup(p);
+					sym->flags &= ~SYMBOL_NEW;
+				} else {
+					fprintf(stderr, "%s:%d: symbol value '%s' invalid for %s\n", name, lineno, p, sym->name);
+					exit(1);
+				}
+				break;
+			default:
+				;
+			}
+			break;
+		case '\n':
+			break;
+		default:
+			continue;
+		}
+		if (sym && sym_is_choice_value(sym)) {
+			struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
+			switch (sym->user.tri) {
+			case no:
+				break;
+			case mod:
+				if (cs->user.tri == yes)
+					/* warn? */;
+				break;
+			case yes:
+				if (cs->user.tri != no)
+					/* warn? */;
+				cs->user.val = sym;
+				break;
+			}
+			cs->user.tri = E_OR(cs->user.tri, sym->user.tri);
+			cs->flags &= ~SYMBOL_NEW;
+		}
+	}
+	fclose(in);
+
+	if (modules_sym)
+		sym_calc_value(modules_sym);
+	for_all_symbols(i, sym) {
+		sym_calc_value(sym);
+		if (sym_has_value(sym) && !sym_is_choice_value(sym)) {
+			if (sym->visible == no)
+				sym->flags |= SYMBOL_NEW;
+			switch (sym->type) {
+			case S_STRING:
+			case S_INT:
+			case S_HEX:
+				if (!sym_string_within_range(sym, sym->user.val))
+					sym->flags |= SYMBOL_NEW;
+			default:
+				break;
+			}
+		}
+		if (!sym_is_choice(sym))
+			continue;
+		prop = sym_get_choice_prop(sym);
+		for (e = prop->expr; e; e = e->left.expr)
+			if (e->right.sym->visible != no)
+				sym->flags |= e->right.sym->flags & SYMBOL_NEW;
+	}
+
+	sym_change_count = 1;
+
+	return 0;
+}
+
+struct menu *next_menu(struct menu *menu)
+{
+	if (menu->list) return menu->list;
+	do {
+		if (menu->next) {
+			menu = menu->next;
+			break;
+		}
+	} while ((menu = menu->parent));
+	
+	return menu;
+}
+
+#define SYMBOL_FORCEWRITE (1<<31)
+
+int conf_write(const char *name)
+{
+	FILE *out, *out_h;
+	struct symbol *sym;
+	struct menu *menu;
+	const char *basename;
+	char dirname[128], tmpname[128], newname[128];
+	int type, l;
+	const char *str;
+
+	dirname[0] = 0;
+	if (name && name[0]) {
+		struct stat st;
+		char *slash;
+
+		if (!stat(name, &st) && S_ISDIR(st.st_mode)) {
+			strcpy(dirname, name);
+			strcat(dirname, "/");
+			basename = conf_def_filename;
+		} else if ((slash = strrchr(name, '/'))) {
+			int size = slash - name + 1;
+			memcpy(dirname, name, size);
+			dirname[size] = 0;
+			if (slash[1])
+				basename = slash + 1;
+			else
+				basename = conf_def_filename;
+		} else
+			basename = name;
+	} else
+		basename = conf_def_filename;
+
+	sprintf(newname, "config/%s.tmpconfig.%d", dirname, (int)getpid());
+	out = fopen(newname, "w");
+	if (!out)
+		return 1;
+	out_h = NULL;
+	if (!name) {
+		out_h = fopen("config/.tmpconfig.h", "w");
+		if (!out_h)
+			return 1;
+	}
+	fprintf(out, "#\n"
+		     "# Automatically generated make config: don't edit\n"
+		     "#\n");
+	if (out_h) {
+		fprintf(out_h, "/*\n"
+			     " * Automatically generated header file: don't edit\n"
+			     " */\n\n");
+#if 0
+			     "/* Version Number */\n"
+			     "#define BB_VER \"%s\"\n"
+			     "#define BB_BT \"%s\"\n",
+			     getenv("VERSION"),
+			     getenv("BUILDTIME"));
+		if (getenv("EXTRA_VERSION"))
+			fprintf(out_h, "#define BB_EXTRA_VERSION \"%s\"\n",
+				     getenv("EXTRA_VERSION"));
+		fprintf(out_h, "\n");
+#endif
+	}
+
+	if (!sym_change_count)
+		sym_clear_all_valid();
+
+	/* Force write of all non-duplicate symbols. */
+
+	/* Write out everything by default. */
+	for(menu = rootmenu.list; menu; menu = next_menu(menu))
+		if (menu->sym) menu->sym->flags |= SYMBOL_FORCEWRITE;
+
+	menu = rootmenu.list;
+	while (menu) {
+		sym = menu->sym;
+		if (!sym) {
+			if (!menu_is_visible(menu))
+				goto next;
+			str = menu_get_prompt(menu);
+			fprintf(out, "\n"
+				     "#\n"
+				     "# %s\n"
+				     "#\n", str);
+			if (out_h)
+				fprintf(out_h, "\n"
+					       "/*\n"
+					       " * %s\n"
+					       " */\n", str);
+		} else if (!(sym->flags & SYMBOL_CHOICE)) {
+			sym_calc_value(sym);
+			if (!(sym->flags & SYMBOL_FORCEWRITE))
+				goto next;
+
+			sym->flags &= ~SYMBOL_FORCEWRITE;
+			type = sym->type;
+			if (type == S_TRISTATE) {
+				sym_calc_value(modules_sym);
+				if (modules_sym->curr.tri == no)
+					type = S_BOOLEAN;
+			}
+			switch (type) {
+			case S_BOOLEAN:
+			case S_TRISTATE:
+				switch (sym_get_tristate_value(sym)) {
+				case no:
+					fprintf(out, "# %s is not set\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#undef %s\n", sym->name);
+					break;
+				case mod:
+#if 0
+					fprintf(out, "%s=m\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#define %s_MODULE 1\n", sym->name);
+#endif
+					break;
+				case yes:
+					fprintf(out, "%s=y\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#define %s 1\n", sym->name);
+					break;
+				}
+				break;
+			case S_STRING:
+				// fix me
+				str = sym_get_string_value(sym);
+				fprintf(out, "%s=\"", sym->name);
+				if (out_h)
+					fprintf(out_h, "#define %s \"", sym->name);
+				do {
+					l = strcspn(str, "\"\\");
+					if (l) {
+						fwrite(str, l, 1, out);
+						if (out_h)
+							fwrite(str, l, 1, out_h);
+					}
+					str += l;
+					while (*str == '\\' || *str == '"') {
+						fprintf(out, "\\%c", *str);
+						if (out_h)
+							fprintf(out_h, "\\%c", *str);
+						str++;
+					}
+				} while (*str);
+				fputs("\"\n", out);
+				if (out_h)
+					fputs("\"\n", out_h);
+				break;
+			case S_HEX:
+				str = sym_get_string_value(sym);
+				if (str[0] != '0' || (str[1] != 'x' && str[1] != 'X')) {
+					fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
+					if (out_h)
+						fprintf(out_h, "#define %s 0x%s\n", sym->name, str);
+					break;
+				}
+			case S_INT:
+				str = sym_get_string_value(sym);
+				fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
+				if (out_h)
+					fprintf(out_h, "#define %s %s\n", sym->name, str);
+				break;
+			}
+		}
+next:
+		menu = next_menu(menu);
+	}
+	fclose(out);
+	if (out_h) {
+		fclose(out_h);
+		rename("config/.tmpconfig.h", "config/config.h");
+		file_write_dep(NULL);
+	}
+	if (!name || basename != conf_def_filename) {
+		if (!name)
+			name = conf_def_filename;
+		sprintf(tmpname, "%s.old", name);
+		rename(name, tmpname);
+	}
+	sprintf(tmpname, "%s%s", dirname, basename);
+	if (rename(newname, tmpname))
+		return 1;
+
+	sym_change_count = 0;
+
+	return 0;
+}
diff --git a/config/scripts/config/expr.c b/config/scripts/config/expr.c
new file mode 100644
index 0000000000..30e4f9d69c
--- /dev/null
+++ b/config/scripts/config/expr.c
@@ -0,0 +1,1099 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define DEBUG_EXPR	0
+
+struct expr *expr_alloc_symbol(struct symbol *sym)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = E_SYMBOL;
+	e->left.sym = sym;
+	return e;
+}
+
+struct expr *expr_alloc_one(enum expr_type type, struct expr *ce)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.expr = ce;
+	return e;
+}
+
+struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.expr = e1;
+	e->right.expr = e2;
+	return e;
+}
+
+struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.sym = s1;
+	e->right.sym = s2;
+	return e;
+}
+
+struct expr *expr_alloc_and(struct expr *e1, struct expr *e2)
+{
+	if (!e1)
+		return e2;
+	return e2 ? expr_alloc_two(E_AND, e1, e2) : e1;
+}
+
+struct expr *expr_alloc_or(struct expr *e1, struct expr *e2)
+{
+	if (!e1)
+		return e2;
+	return e2 ? expr_alloc_two(E_OR, e1, e2) : e1;
+}
+
+struct expr *expr_copy(struct expr *org)
+{
+	struct expr *e;
+
+	if (!org)
+		return NULL;
+
+	e = malloc(sizeof(*org));
+	memcpy(e, org, sizeof(*org));
+	switch (org->type) {
+	case E_SYMBOL:
+		e->left = org->left;
+		break;
+	case E_NOT:
+		e->left.expr = expr_copy(org->left.expr);
+		break;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		e->left.sym = org->left.sym;
+		e->right.sym = org->right.sym;
+		break;
+	case E_AND:
+	case E_OR:
+	case E_CHOICE:
+		e->left.expr = expr_copy(org->left.expr);
+		e->right.expr = expr_copy(org->right.expr);
+		break;
+	default:
+		printf("can't copy type %d\n", e->type);
+		free(e);
+		e = NULL;
+		break;
+	}
+
+	return e;
+}
+
+void expr_free(struct expr *e)
+{
+	if (!e)
+		return;
+
+	switch (e->type) {
+	case E_SYMBOL:
+		break;
+	case E_NOT:
+		expr_free(e->left.expr);
+		return;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		break;
+	case E_OR:
+	case E_AND:
+		expr_free(e->left.expr);
+		expr_free(e->right.expr);
+		break;
+	default:
+		printf("how to free type %d?\n", e->type);
+		break;
+	}
+	free(e);
+}
+
+static int trans_count;
+
+#define e1 (*ep1)
+#define e2 (*ep2)
+
+static void __expr_eliminate_eq(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+	if (e1->type == type) {
+		__expr_eliminate_eq(type, &e1->left.expr, &e2);
+		__expr_eliminate_eq(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		__expr_eliminate_eq(type, &e1, &e2->left.expr);
+		__expr_eliminate_eq(type, &e1, &e2->right.expr);
+		return;
+	}
+	if (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
+	    e1->left.sym == e2->left.sym && (e1->left.sym->flags & (SYMBOL_YES|SYMBOL_NO)))
+		return;
+	if (!expr_eq(e1, e2))
+		return;
+	trans_count++;
+	expr_free(e1); expr_free(e2);
+	switch (type) {
+	case E_OR:
+		e1 = expr_alloc_symbol(&symbol_no);
+		e2 = expr_alloc_symbol(&symbol_no);
+		break;
+	case E_AND:
+		e1 = expr_alloc_symbol(&symbol_yes);
+		e2 = expr_alloc_symbol(&symbol_yes);
+		break;
+	default:
+		;
+	}
+}
+
+void expr_eliminate_eq(struct expr **ep1, struct expr **ep2)
+{
+	if (!e1 || !e2)
+		return;
+	switch (e1->type) {
+	case E_OR:
+	case E_AND:
+		__expr_eliminate_eq(e1->type, ep1, ep2);
+	default:
+		;
+	}
+	if (e1->type != e2->type) switch (e2->type) {
+	case E_OR:
+	case E_AND:
+		__expr_eliminate_eq(e2->type, ep1, ep2);
+	default:
+		;
+	}
+	e1 = expr_eliminate_yn(e1);
+	e2 = expr_eliminate_yn(e2);
+}
+
+#undef e1
+#undef e2
+
+int expr_eq(struct expr *e1, struct expr *e2)
+{
+	int res, old_count;
+
+	if (e1->type != e2->type)
+		return 0;
+	switch (e1->type) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+		return e1->left.sym == e2->left.sym && e1->right.sym == e2->right.sym;
+	case E_SYMBOL:
+		return e1->left.sym == e2->left.sym;
+	case E_NOT:
+		return expr_eq(e1->left.expr, e2->left.expr);
+	case E_AND:
+	case E_OR:
+		e1 = expr_copy(e1);
+		e2 = expr_copy(e2);
+		old_count = trans_count;
+		expr_eliminate_eq(&e1, &e2);
+		res = (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
+		       e1->left.sym == e2->left.sym);
+		expr_free(e1);
+		expr_free(e2);
+		trans_count = old_count;
+		return res;
+	case E_CHOICE:
+	case E_RANGE:
+	case E_NONE:
+		/* panic */;
+	}
+
+	if (DEBUG_EXPR) {
+		expr_fprint(e1, stdout);
+		printf(" = ");
+		expr_fprint(e2, stdout);
+		printf(" ?\n");
+	}
+
+	return 0;
+}
+
+struct expr *expr_eliminate_yn(struct expr *e)
+{
+	struct expr *tmp;
+
+	if (e) switch (e->type) {
+	case E_AND:
+		e->left.expr = expr_eliminate_yn(e->left.expr);
+		e->right.expr = expr_eliminate_yn(e->right.expr);
+		if (e->left.expr->type == E_SYMBOL) {
+			if (e->left.expr->left.sym == &symbol_no) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				e->right.expr = NULL;
+				return e;
+			} else if (e->left.expr->left.sym == &symbol_yes) {
+				free(e->left.expr);
+				tmp = e->right.expr;
+				*e = *(e->right.expr);
+				free(tmp);
+				return e;
+			}
+		}
+		if (e->right.expr->type == E_SYMBOL) {
+			if (e->right.expr->left.sym == &symbol_no) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				e->right.expr = NULL;
+				return e;
+			} else if (e->right.expr->left.sym == &symbol_yes) {
+				free(e->right.expr);
+				tmp = e->left.expr;
+				*e = *(e->left.expr);
+				free(tmp);
+				return e;
+			}
+		}
+		break;
+	case E_OR:
+		e->left.expr = expr_eliminate_yn(e->left.expr);
+		e->right.expr = expr_eliminate_yn(e->right.expr);
+		if (e->left.expr->type == E_SYMBOL) {
+			if (e->left.expr->left.sym == &symbol_no) {
+				free(e->left.expr);
+				tmp = e->right.expr;
+				*e = *(e->right.expr);
+				free(tmp);
+				return e;
+			} else if (e->left.expr->left.sym == &symbol_yes) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				e->right.expr = NULL;
+				return e;
+			}
+		}
+		if (e->right.expr->type == E_SYMBOL) {
+			if (e->right.expr->left.sym == &symbol_no) {
+				free(e->right.expr);
+				tmp = e->left.expr;
+				*e = *(e->left.expr);
+				free(tmp);
+				return e;
+			} else if (e->right.expr->left.sym == &symbol_yes) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				e->right.expr = NULL;
+				return e;
+			}
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+/*
+ * bool FOO!=n => FOO
+ */
+struct expr *expr_trans_bool(struct expr *e)
+{
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_AND:
+	case E_OR:
+	case E_NOT:
+		e->left.expr = expr_trans_bool(e->left.expr);
+		e->right.expr = expr_trans_bool(e->right.expr);
+		break;
+	case E_UNEQUAL:
+		// FOO!=n -> FOO
+		if (e->left.sym->type == S_TRISTATE) {
+			if (e->right.sym == &symbol_no) {
+				e->type = E_SYMBOL;
+				e->right.sym = NULL;
+			}
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+/*
+ * e1 || e2 -> ?
+ */
+struct expr *expr_join_or(struct expr *e1, struct expr *e2)
+{
+	struct expr *tmp;
+	struct symbol *sym1, *sym2;
+
+	if (expr_eq(e1, e2))
+		return expr_copy(e1);
+	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
+		return NULL;
+	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
+		return NULL;
+	if (e1->type == E_NOT) {
+		tmp = e1->left.expr;
+		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
+			return NULL;
+		sym1 = tmp->left.sym;
+	} else
+		sym1 = e1->left.sym;
+	if (e2->type == E_NOT) {
+		if (e2->left.expr->type != E_SYMBOL)
+			return NULL;
+		sym2 = e2->left.expr->left.sym;
+	} else
+		sym2 = e2->left.sym;
+	if (sym1 != sym2)
+		return NULL;
+	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
+		return NULL;
+	if (sym1->type == S_TRISTATE) {
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
+		     (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes))) {
+			// (a='y') || (a='m') -> (a!='n')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_no);
+		}
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
+		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes))) {
+			// (a='y') || (a='n') -> (a!='m')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_mod);
+		}
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
+		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod))) {
+			// (a='m') || (a='n') -> (a!='y')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_yes);
+		}
+	}
+	if (sym1->type == S_BOOLEAN && sym1 == sym2) {
+		if ((e1->type == E_NOT && e1->left.expr->type == E_SYMBOL && e2->type == E_SYMBOL) ||
+		    (e2->type == E_NOT && e2->left.expr->type == E_SYMBOL && e1->type == E_SYMBOL))
+			return expr_alloc_symbol(&symbol_yes);
+	}
+
+	if (DEBUG_EXPR) {
+		printf("optimize (");
+		expr_fprint(e1, stdout);
+		printf(") || (");
+		expr_fprint(e2, stdout);
+		printf(")?\n");
+	}
+	return NULL;
+}
+
+struct expr *expr_join_and(struct expr *e1, struct expr *e2)
+{
+	struct expr *tmp;
+	struct symbol *sym1, *sym2;
+
+	if (expr_eq(e1, e2))
+		return expr_copy(e1);
+	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
+		return NULL;
+	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
+		return NULL;
+	if (e1->type == E_NOT) {
+		tmp = e1->left.expr;
+		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
+			return NULL;
+		sym1 = tmp->left.sym;
+	} else
+		sym1 = e1->left.sym;
+	if (e2->type == E_NOT) {
+		if (e2->left.expr->type != E_SYMBOL)
+			return NULL;
+		sym2 = e2->left.expr->left.sym;
+	} else
+		sym2 = e2->left.sym;
+	if (sym1 != sym2)
+		return NULL;
+	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
+		return NULL;
+
+	if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_yes) ||
+	    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_yes))
+		// (a) && (a='y') -> (a='y')
+		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_no) ||
+	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_no))
+		// (a) && (a!='n') -> (a)
+		return expr_alloc_symbol(sym1);
+
+	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_mod) ||
+	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_mod))
+		// (a) && (a!='m') -> (a='y')
+		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+	if (sym1->type == S_TRISTATE) {
+		if (e1->type == E_EQUAL && e2->type == E_UNEQUAL) {
+			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
+			sym2 = e1->right.sym;
+			if ((e2->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
+				return sym2 != e2->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
+							     : expr_alloc_symbol(&symbol_no);
+		}
+		if (e1->type == E_UNEQUAL && e2->type == E_EQUAL) {
+			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
+			sym2 = e2->right.sym;
+			if ((e1->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
+				return sym2 != e1->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
+							     : expr_alloc_symbol(&symbol_no);
+		}
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
+			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes)))
+			// (a!='y') && (a!='n') -> (a='m')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_mod);
+
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
+			    (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes)))
+			// (a!='y') && (a!='m') -> (a='n')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_no);
+
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
+			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod)))
+			// (a!='m') && (a!='n') -> (a='m')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+		if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_mod) ||
+		    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_mod) ||
+		    (e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_yes) ||
+		    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_yes))
+			return NULL;
+	}
+
+	if (DEBUG_EXPR) {
+		printf("optimize (");
+		expr_fprint(e1, stdout);
+		printf(") && (");
+		expr_fprint(e2, stdout);
+		printf(")?\n");
+	}
+	return NULL;
+}
+
+static void expr_eliminate_dups1(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	struct expr *tmp;
+
+	if (e1->type == type) {
+		expr_eliminate_dups1(type, &e1->left.expr, &e2);
+		expr_eliminate_dups1(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_eliminate_dups1(type, &e1, &e2->left.expr);
+		expr_eliminate_dups1(type, &e1, &e2->right.expr);
+		return;
+	}
+	if (e1 == e2)
+		return;
+
+	switch (e1->type) {
+	case E_OR: case E_AND:
+		expr_eliminate_dups1(e1->type, &e1, &e1);
+	default:
+		;
+	}
+
+	switch (type) {
+	case E_OR:
+		tmp = expr_join_or(e1, e2);
+		if (tmp) {
+			expr_free(e1); expr_free(e2);
+			e1 = expr_alloc_symbol(&symbol_no);
+			e2 = tmp;
+			trans_count++;
+		}
+		break;
+	case E_AND:
+		tmp = expr_join_and(e1, e2);
+		if (tmp) {
+			expr_free(e1); expr_free(e2);
+			e1 = expr_alloc_symbol(&symbol_yes);
+			e2 = tmp;
+			trans_count++;
+		}
+		break;
+	default:
+		;
+	}
+#undef e1
+#undef e2
+}
+
+static void expr_eliminate_dups2(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	struct expr *tmp, *tmp1, *tmp2;
+
+	if (e1->type == type) {
+		expr_eliminate_dups2(type, &e1->left.expr, &e2);
+		expr_eliminate_dups2(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_eliminate_dups2(type, &e1, &e2->left.expr);
+		expr_eliminate_dups2(type, &e1, &e2->right.expr);
+	}
+	if (e1 == e2)
+		return;
+
+	switch (e1->type) {
+	case E_OR:
+		expr_eliminate_dups2(e1->type, &e1, &e1);
+		// (FOO || BAR) && (!FOO && !BAR) -> n
+		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
+		tmp2 = expr_copy(e2);
+		tmp = expr_extract_eq_and(&tmp1, &tmp2);
+		if (expr_is_yes(tmp1)) {
+			expr_free(e1);
+			e1 = expr_alloc_symbol(&symbol_no);
+			trans_count++;
+		}
+		expr_free(tmp2);
+		expr_free(tmp1);
+		expr_free(tmp);
+		break;
+	case E_AND:
+		expr_eliminate_dups2(e1->type, &e1, &e1);
+		// (FOO && BAR) || (!FOO || !BAR) -> y
+		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
+		tmp2 = expr_copy(e2);
+		tmp = expr_extract_eq_or(&tmp1, &tmp2);
+		if (expr_is_no(tmp1)) {
+			expr_free(e1);
+			e1 = expr_alloc_symbol(&symbol_yes);
+			trans_count++;
+		}
+		expr_free(tmp2);
+		expr_free(tmp1);
+		expr_free(tmp);
+		break;
+	default:
+		;
+	}
+#undef e1
+#undef e2
+}
+
+struct expr *expr_eliminate_dups(struct expr *e)
+{
+	int oldcount;
+	if (!e)
+		return e;
+
+	oldcount = trans_count;
+	while (1) {
+		trans_count = 0;
+		switch (e->type) {
+		case E_OR: case E_AND:
+			expr_eliminate_dups1(e->type, &e, &e);
+			expr_eliminate_dups2(e->type, &e, &e);
+		default:
+			;
+		}
+		if (!trans_count)
+			break;
+		e = expr_eliminate_yn(e);
+	}
+	trans_count = oldcount;
+	return e;
+}
+
+struct expr *expr_transform(struct expr *e)
+{
+	struct expr *tmp;
+
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+	case E_SYMBOL:
+	case E_CHOICE:
+		break;
+	default:
+		e->left.expr = expr_transform(e->left.expr);
+		e->right.expr = expr_transform(e->right.expr);
+	}
+
+	switch (e->type) {
+	case E_EQUAL:
+		if (e->left.sym->type != S_BOOLEAN)
+			break;
+		if (e->right.sym == &symbol_no) {
+			e->type = E_NOT;
+			e->left.expr = expr_alloc_symbol(e->left.sym);
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_mod) {
+			printf("boolean symbol %s tested for 'm'? test forced to 'n'\n", e->left.sym->name);
+			e->type = E_SYMBOL;
+			e->left.sym = &symbol_no;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_yes) {
+			e->type = E_SYMBOL;
+			e->right.sym = NULL;
+			break;
+		}
+		break;
+	case E_UNEQUAL:
+		if (e->left.sym->type != S_BOOLEAN)
+			break;
+		if (e->right.sym == &symbol_no) {
+			e->type = E_SYMBOL;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_mod) {
+			printf("boolean symbol %s tested for 'm'? test forced to 'y'\n", e->left.sym->name);
+			e->type = E_SYMBOL;
+			e->left.sym = &symbol_yes;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_yes) {
+			e->type = E_NOT;
+			e->left.expr = expr_alloc_symbol(e->left.sym);
+			e->right.sym = NULL;
+			break;
+		}
+		break;
+	case E_NOT:
+		switch (e->left.expr->type) {
+		case E_NOT:
+			// !!a -> a
+			tmp = e->left.expr->left.expr;
+			free(e->left.expr);
+			free(e);
+			e = tmp;
+			e = expr_transform(e);
+			break;
+		case E_EQUAL:
+		case E_UNEQUAL:
+			// !a='x' -> a!='x'
+			tmp = e->left.expr;
+			free(e);
+			e = tmp;
+			e->type = e->type == E_EQUAL ? E_UNEQUAL : E_EQUAL;
+			break;
+		case E_OR:
+			// !(a || b) -> !a && !b
+			tmp = e->left.expr;
+			e->type = E_AND;
+			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
+			tmp->type = E_NOT;
+			tmp->right.expr = NULL;
+			e = expr_transform(e);
+			break;
+		case E_AND:
+			// !(a && b) -> !a || !b
+			tmp = e->left.expr;
+			e->type = E_OR;
+			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
+			tmp->type = E_NOT;
+			tmp->right.expr = NULL;
+			e = expr_transform(e);
+			break;
+		case E_SYMBOL:
+			if (e->left.expr->left.sym == &symbol_yes) {
+				// !'y' -> 'n'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				break;
+			}
+			if (e->left.expr->left.sym == &symbol_mod) {
+				// !'m' -> 'm'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_mod;
+				break;
+			}
+			if (e->left.expr->left.sym == &symbol_no) {
+				// !'n' -> 'y'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				break;
+			}
+			break;
+		default:
+			;
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+int expr_contains_symbol(struct expr *dep, struct symbol *sym)
+{
+	if (!dep)
+		return 0;
+
+	switch (dep->type) {
+	case E_AND:
+	case E_OR:
+		return expr_contains_symbol(dep->left.expr, sym) ||
+		       expr_contains_symbol(dep->right.expr, sym);
+	case E_SYMBOL:
+		return dep->left.sym == sym;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		return dep->left.sym == sym ||
+		       dep->right.sym == sym;
+	case E_NOT:
+		return expr_contains_symbol(dep->left.expr, sym);
+	default:
+		;
+	}
+	return 0;
+}
+
+bool expr_depends_symbol(struct expr *dep, struct symbol *sym)
+{
+	if (!dep)
+		return false;
+
+	switch (dep->type) {
+	case E_AND:
+		return expr_depends_symbol(dep->left.expr, sym) ||
+		       expr_depends_symbol(dep->right.expr, sym);
+	case E_SYMBOL:
+		return dep->left.sym == sym;
+	case E_EQUAL:
+		if (dep->left.sym == sym) {
+			if (dep->right.sym == &symbol_yes || dep->right.sym == &symbol_mod)
+				return true;
+		}
+		break;
+	case E_UNEQUAL:
+		if (dep->left.sym == sym) {
+			if (dep->right.sym == &symbol_no)
+				return true;
+		}
+		break;
+	default:
+		;
+	}
+ 	return false;
+}
+
+struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2)
+{
+	struct expr *tmp = NULL;
+	expr_extract_eq(E_AND, &tmp, ep1, ep2);
+	if (tmp) {
+		*ep1 = expr_eliminate_yn(*ep1);
+		*ep2 = expr_eliminate_yn(*ep2);
+	}
+	return tmp;
+}
+
+struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2)
+{
+	struct expr *tmp = NULL;
+	expr_extract_eq(E_OR, &tmp, ep1, ep2);
+	if (tmp) {
+		*ep1 = expr_eliminate_yn(*ep1);
+		*ep2 = expr_eliminate_yn(*ep2);
+	}
+	return tmp;
+}
+
+void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	if (e1->type == type) {
+		expr_extract_eq(type, ep, &e1->left.expr, &e2);
+		expr_extract_eq(type, ep, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_extract_eq(type, ep, ep1, &e2->left.expr);
+		expr_extract_eq(type, ep, ep1, &e2->right.expr);
+		return;
+	}
+	if (expr_eq(e1, e2)) {
+		*ep = *ep ? expr_alloc_two(type, *ep, e1) : e1;
+		expr_free(e2);
+		if (type == E_AND) {
+			e1 = expr_alloc_symbol(&symbol_yes);
+			e2 = expr_alloc_symbol(&symbol_yes);
+		} else if (type == E_OR) {
+			e1 = expr_alloc_symbol(&symbol_no);
+			e2 = expr_alloc_symbol(&symbol_no);
+		}
+	}
+#undef e1
+#undef e2
+}
+
+struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym)
+{
+	struct expr *e1, *e2;
+
+	if (!e) {
+		e = expr_alloc_symbol(sym);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	}
+	switch (e->type) {
+	case E_AND:
+		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
+		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
+		if (sym == &symbol_yes)
+			e = expr_alloc_two(E_AND, e1, e2);
+		if (sym == &symbol_no)
+			e = expr_alloc_two(E_OR, e1, e2);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	case E_OR:
+		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
+		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
+		if (sym == &symbol_yes)
+			e = expr_alloc_two(E_OR, e1, e2);
+		if (sym == &symbol_no)
+			e = expr_alloc_two(E_AND, e1, e2);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	case E_NOT:
+		return expr_trans_compare(e->left.expr, type == E_EQUAL ? E_UNEQUAL : E_EQUAL, sym);
+	case E_UNEQUAL:
+	case E_EQUAL:
+		if (type == E_EQUAL) {
+			if (sym == &symbol_yes)
+				return expr_copy(e);
+			if (sym == &symbol_mod)
+				return expr_alloc_symbol(&symbol_no);
+			if (sym == &symbol_no)
+				return expr_alloc_one(E_NOT, expr_copy(e));
+		} else {
+			if (sym == &symbol_yes)
+				return expr_alloc_one(E_NOT, expr_copy(e));
+			if (sym == &symbol_mod)
+				return expr_alloc_symbol(&symbol_yes);
+			if (sym == &symbol_no)
+				return expr_copy(e);
+		}
+		break;
+	case E_SYMBOL:
+		return expr_alloc_comp(type, e->left.sym, sym);
+	case E_CHOICE:
+	case E_RANGE:
+	case E_NONE:
+		/* panic */;
+	}
+	return NULL;
+}
+
+tristate expr_calc_value(struct expr *e)
+{
+	tristate val1, val2;
+	const char *str1, *str2;
+
+	if (!e)
+		return yes;
+
+	switch (e->type) {
+	case E_SYMBOL:
+		sym_calc_value(e->left.sym);
+		return e->left.sym->curr.tri;
+	case E_AND:
+		val1 = expr_calc_value(e->left.expr);
+		val2 = expr_calc_value(e->right.expr);
+		return E_AND(val1, val2);
+	case E_OR:
+		val1 = expr_calc_value(e->left.expr);
+		val2 = expr_calc_value(e->right.expr);
+		return E_OR(val1, val2);
+	case E_NOT:
+		val1 = expr_calc_value(e->left.expr);
+		return E_NOT(val1);
+	case E_EQUAL:
+		sym_calc_value(e->left.sym);
+		sym_calc_value(e->right.sym);
+		str1 = sym_get_string_value(e->left.sym);
+		str2 = sym_get_string_value(e->right.sym);
+		return !strcmp(str1, str2) ? yes : no;
+	case E_UNEQUAL:
+		sym_calc_value(e->left.sym);
+		sym_calc_value(e->right.sym);
+		str1 = sym_get_string_value(e->left.sym);
+		str2 = sym_get_string_value(e->right.sym);
+		return !strcmp(str1, str2) ? no : yes;
+	default:
+		printf("expr_calc_value: %d?\n", e->type);
+		return no;
+	}
+}
+
+int expr_compare_type(enum expr_type t1, enum expr_type t2)
+{
+#if 0
+	return 1;
+#else
+	if (t1 == t2)
+		return 0;
+	switch (t1) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+		if (t2 == E_NOT)
+			return 1;
+	case E_NOT:
+		if (t2 == E_AND)
+			return 1;
+	case E_AND:
+		if (t2 == E_OR)
+			return 1;
+	case E_OR:
+		if (t2 == E_CHOICE)
+			return 1;
+	case E_CHOICE:
+		if (t2 == 0)
+			return 1;
+	default:
+		return -1;
+	}
+	printf("[%dgt%d?]", t1, t2);
+	return 0;
+#endif
+}
+
+void expr_print(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken)
+{
+	if (!e) {
+		fn(data, "y");
+		return;
+	}
+
+	if (expr_compare_type(prevtoken, e->type) > 0)
+		fn(data, "(");
+	switch (e->type) {
+	case E_SYMBOL:
+		if (e->left.sym->name)
+			fn(data, e->left.sym->name);
+		else
+			fn(data, "<choice>");
+		break;
+	case E_NOT:
+		fn(data, "!");
+		expr_print(e->left.expr, fn, data, E_NOT);
+		break;
+	case E_EQUAL:
+		fn(data, e->left.sym->name);
+		fn(data, "=");
+		fn(data, e->right.sym->name);
+		break;
+	case E_UNEQUAL:
+		fn(data, e->left.sym->name);
+		fn(data, "!=");
+		fn(data, e->right.sym->name);
+		break;
+	case E_OR:
+		expr_print(e->left.expr, fn, data, E_OR);
+		fn(data, " || ");
+		expr_print(e->right.expr, fn, data, E_OR);
+		break;
+	case E_AND:
+		expr_print(e->left.expr, fn, data, E_AND);
+		fn(data, " && ");
+		expr_print(e->right.expr, fn, data, E_AND);
+		break;
+	case E_CHOICE:
+		fn(data, e->right.sym->name);
+		if (e->left.expr) {
+			fn(data, " ^ ");
+			expr_print(e->left.expr, fn, data, E_CHOICE);
+		}
+		break;
+	case E_RANGE:
+		fn(data, "[");
+		fn(data, e->left.sym->name);
+		fn(data, " ");
+		fn(data, e->right.sym->name);
+		fn(data, "]");
+		break;
+	default:
+	  {
+		char buf[32];
+		sprintf(buf, "<unknown type %d>", e->type);
+		fn(data, buf);
+		break;
+	  }
+	}
+	if (expr_compare_type(prevtoken, e->type) > 0)
+		fn(data, ")");
+}
+
+static void expr_print_file_helper(void *data, const char *str)
+{
+	fwrite(str, strlen(str), 1, data);
+}
+
+void expr_fprint(struct expr *e, FILE *out)
+{
+	expr_print(e, expr_print_file_helper, out, E_NONE);
+}
+
+static void expr_print_gstr_helper(void *data, const char *str)
+{
+	str_append((struct gstr*)data, str);
+}
+
+void expr_gstr_print(struct expr *e, struct gstr *gs)
+{
+	expr_print(e, expr_print_gstr_helper, gs, E_NONE);
+}
diff --git a/config/scripts/config/expr.h b/config/scripts/config/expr.h
new file mode 100644
index 0000000000..7d39ff43e6
--- /dev/null
+++ b/config/scripts/config/expr.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#ifndef EXPR_H
+#define EXPR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+struct file {
+	struct file *next;
+	struct file *parent;
+	char *name;
+	int lineno;
+	int flags;
+};
+
+#define FILE_BUSY		0x0001
+#define FILE_SCANNED		0x0002
+#define FILE_PRINTED		0x0004
+
+typedef enum tristate {
+	no, mod, yes
+} tristate;
+
+enum expr_type {
+	E_NONE, E_OR, E_AND, E_NOT, E_EQUAL, E_UNEQUAL, E_CHOICE, E_SYMBOL, E_RANGE
+};
+
+union expr_data {
+	struct expr *expr;
+	struct symbol *sym;
+};
+
+struct expr {
+	enum expr_type type;
+	union expr_data left, right;
+};
+
+#define E_OR(dep1, dep2)	(((dep1)>(dep2))?(dep1):(dep2))
+#define E_AND(dep1, dep2)	(((dep1)<(dep2))?(dep1):(dep2))
+#define E_NOT(dep)		(2-(dep))
+
+struct expr_value {
+	struct expr *expr;
+	tristate tri;
+};
+
+struct symbol_value {
+	void *val;
+	tristate tri;
+};
+
+enum symbol_type {
+	S_UNKNOWN, S_BOOLEAN, S_TRISTATE, S_INT, S_HEX, S_STRING, S_OTHER
+};
+
+struct symbol {
+	struct symbol *next;
+	char *name;
+	char *help;
+	enum symbol_type type;
+	struct symbol_value curr, user;
+	tristate visible;
+	int flags;
+	struct property *prop;
+	struct expr *dep, *dep2;
+	struct expr_value rev_dep;
+};
+
+#define for_all_symbols(i, sym) for (i = 0; i < 257; i++) for (sym = symbol_hash[i]; sym; sym = sym->next) if (sym->type != S_OTHER)
+
+#define SYMBOL_YES		0x0001
+#define SYMBOL_MOD		0x0002
+#define SYMBOL_NO		0x0004
+#define SYMBOL_CONST		0x0007
+#define SYMBOL_CHECK		0x0008
+#define SYMBOL_CHOICE		0x0010
+#define SYMBOL_CHOICEVAL	0x0020
+#define SYMBOL_PRINTED		0x0040
+#define SYMBOL_VALID		0x0080
+#define SYMBOL_OPTIONAL		0x0100
+#define SYMBOL_WRITE		0x0200
+#define SYMBOL_CHANGED		0x0400
+#define SYMBOL_NEW		0x0800
+#define SYMBOL_AUTO		0x1000
+#define SYMBOL_CHECKED		0x2000
+#define SYMBOL_CHECK_DONE	0x4000
+#define SYMBOL_WARNED		0x8000
+
+#define SYMBOL_MAXLENGTH	256
+#define SYMBOL_HASHSIZE		257
+#define SYMBOL_HASHMASK		0xff
+
+enum prop_type {
+	P_UNKNOWN, P_PROMPT, P_COMMENT, P_MENU, P_DEFAULT, P_CHOICE, P_SELECT, P_RANGE
+};
+
+struct property {
+	struct property *next;
+	struct symbol *sym;
+	enum prop_type type;
+	const char *text;
+	struct expr_value visible;
+	struct expr *expr;
+	struct menu *menu;
+	struct file *file;
+	int lineno;
+};
+
+#define for_all_properties(sym, st, tok) \
+	for (st = sym->prop; st; st = st->next) \
+		if (st->type == (tok))
+#define for_all_defaults(sym, st) for_all_properties(sym, st, P_DEFAULT)
+#define for_all_choices(sym, st) for_all_properties(sym, st, P_CHOICE)
+#define for_all_prompts(sym, st) \
+	for (st = sym->prop; st; st = st->next) \
+		if (st->text)
+
+struct menu {
+	struct menu *next;
+	struct menu *parent;
+	struct menu *list;
+	struct symbol *sym;
+	struct property *prompt;
+	struct expr *dep;
+	unsigned int flags;
+	//char *help;
+	struct file *file;
+	int lineno;
+	void *data;
+};
+
+#define MENU_CHANGED		0x0001
+#define MENU_ROOT		0x0002
+
+#ifndef SWIG
+
+extern struct file *file_list;
+extern struct file *current_file;
+struct file *lookup_file(const char *name);
+
+extern struct symbol symbol_yes, symbol_no, symbol_mod;
+extern struct symbol *modules_sym;
+extern int cdebug;
+struct expr *expr_alloc_symbol(struct symbol *sym);
+struct expr *expr_alloc_one(enum expr_type type, struct expr *ce);
+struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2);
+struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2);
+struct expr *expr_alloc_and(struct expr *e1, struct expr *e2);
+struct expr *expr_alloc_or(struct expr *e1, struct expr *e2);
+struct expr *expr_copy(struct expr *org);
+void expr_free(struct expr *e);
+int expr_eq(struct expr *e1, struct expr *e2);
+void expr_eliminate_eq(struct expr **ep1, struct expr **ep2);
+tristate expr_calc_value(struct expr *e);
+struct expr *expr_eliminate_yn(struct expr *e);
+struct expr *expr_trans_bool(struct expr *e);
+struct expr *expr_eliminate_dups(struct expr *e);
+struct expr *expr_transform(struct expr *e);
+int expr_contains_symbol(struct expr *dep, struct symbol *sym);
+bool expr_depends_symbol(struct expr *dep, struct symbol *sym);
+struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2);
+struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2);
+void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2);
+struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym);
+
+void expr_fprint(struct expr *e, FILE *out);
+struct gstr; /* forward */
+void expr_gstr_print(struct expr *e, struct gstr *gs);
+
+static inline int expr_is_yes(struct expr *e)
+{
+	return !e || (e->type == E_SYMBOL && e->left.sym == &symbol_yes);
+}
+
+static inline int expr_is_no(struct expr *e)
+{
+	return e && (e->type == E_SYMBOL && e->left.sym == &symbol_no);
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* EXPR_H */
diff --git a/config/scripts/config/lex.zconf.c b/config/scripts/config/lex.zconf.c
new file mode 100644
index 0000000000..b877bb6b3c
--- /dev/null
+++ b/config/scripts/config/lex.zconf.c
@@ -0,0 +1,3688 @@
+
+#line 3 "lex.zconf.c"
+
+#define  YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 31
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with  platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN               (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN              (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN              (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX               (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX              (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX              (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX              (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX             (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX             (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else	/* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif	/* __STDC__ */
+#endif	/* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE zconfrestart(zconfin  )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int zconfleng;
+
+extern FILE *zconfin, *zconfout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+    #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		*yy_cp = (yy_hold_char); \
+		YY_RESTORE_YY_MORE_OFFSET \
+		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+		YY_DO_BEFORE_ACTION; /* set up zconftext again */ \
+		} \
+	while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr)  )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+	{
+	FILE *yy_input_file;
+
+	char *yy_ch_buf;		/* input buffer */
+	char *yy_buf_pos;		/* current position in input buffer */
+
+	/* Size of input buffer in bytes, not including room for EOB
+	 * characters.
+	 */
+	yy_size_t yy_buf_size;
+
+	/* Number of characters read into yy_ch_buf, not including EOB
+	 * characters.
+	 */
+	int yy_n_chars;
+
+	/* Whether we "own" the buffer - i.e., we know we created it,
+	 * and can realloc() it to grow it, and should free() it to
+	 * delete it.
+	 */
+	int yy_is_our_buffer;
+
+	/* Whether this is an "interactive" input source; if so, and
+	 * if we're using stdio for input, then we want to use getc()
+	 * instead of fread(), to make sure we stop fetching input after
+	 * each newline.
+	 */
+	int yy_is_interactive;
+
+	/* Whether we're considered to be at the beginning of a line.
+	 * If so, '^' rules will be active on the next match, otherwise
+	 * not.
+	 */
+	int yy_at_bol;
+
+    int yy_bs_lineno; /**< The line count. */
+    int yy_bs_column; /**< The column count. */
+
+	/* Whether to try to fill the input buffer when we reach the
+	 * end of it.
+	 */
+	int yy_fill_buffer;
+
+	int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+	/* When an EOF's been seen but there's still some text to process
+	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+	 * shouldn't try reading from the input source any more.  We might
+	 * still have a bunch of tokens to match, though, because of
+	 * possible backing-up.
+	 *
+	 * When we actually see the EOF, we change the status to "new"
+	 * (via zconfrestart()), so that the user can continue scanning by
+	 * just pointing zconfin at a new input file.
+	 */
+#define YY_BUFFER_EOF_PENDING 2
+
+	};
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                          : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when zconftext is formed. */
+static char yy_hold_char;
+static int yy_n_chars;		/* number of characters read into yy_ch_buf */
+int zconfleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 1;		/* whether we need to initialize */
+static int yy_start = 0;	/* start state number */
+
+/* Flag which is used to allow zconfwrap()'s to do buffer switches
+ * instead of setting up a fresh zconfin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void zconfrestart (FILE *input_file  );
+void zconf_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+YY_BUFFER_STATE zconf_create_buffer (FILE *file,int size  );
+void zconf_delete_buffer (YY_BUFFER_STATE b  );
+void zconf_flush_buffer (YY_BUFFER_STATE b  );
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer  );
+void zconfpop_buffer_state (void );
+
+static void zconfensure_buffer_stack (void );
+static void zconf_load_buffer_state (void );
+static void zconf_init_buffer (YY_BUFFER_STATE b,FILE *file  );
+
+#define YY_FLUSH_BUFFER zconf_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE zconf_scan_buffer (char *base,yy_size_t size  );
+YY_BUFFER_STATE zconf_scan_string (yyconst char *yy_str  );
+YY_BUFFER_STATE zconf_scan_bytes (yyconst char *bytes,int len  );
+
+void *zconfalloc (yy_size_t  );
+void *zconfrealloc (void *,yy_size_t  );
+void zconffree (void *  );
+
+#define yy_new_buffer zconf_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){ \
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+	}
+
+#define yy_set_bol(at_bol) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){\
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+	}
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+#define zconfwrap(n) 1
+#define YY_SKIP_YYWRAP
+
+typedef unsigned char YY_CHAR;
+
+FILE *zconfin = (FILE *) 0, *zconfout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int zconflineno;
+
+int zconflineno = 1;
+
+extern char *zconftext;
+#define yytext_ptr zconftext
+static yyconst flex_int16_t yy_nxt[][38] =
+    {
+    {
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+    },
+
+    {
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11
+    },
+
+    {
+       11,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12
+    },
+
+    {
+       11,  -13,   53,   54,  -13,  -13,   55,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13
+    },
+
+    {
+       11,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16
+    },
+
+    {
+       11,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17
+    },
+
+    {
+       11,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,
+      -18,  -18,  -18,   58,  -18,  -18,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -18
+    },
+
+    {
+       11,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,
+      -19,  -19,  -19,   58,  -19,  -19,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   59,
+       58,   58,   58,   58,   58,   58,   58,  -19
+
+    },
+
+    {
+       11,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,
+      -20,  -20,  -20,   58,  -20,  -20,   58,   58,   58,   58,
+       58,   58,   58,   58,   60,   58,   58,   58,   58,   61,
+       58,   58,   58,   58,   58,   58,   58,  -20
+    },
+
+    {
+       11,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,
+      -21,  -21,  -21,   58,  -21,  -21,   58,   58,   58,   58,
+       58,   62,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -21
+    },
+
+    {
+       11,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,
+      -22,  -22,  -22,   58,  -22,  -22,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   63,   58,
+       58,   58,   58,   58,   58,   58,   58,  -22
+    },
+
+    {
+       11,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,
+      -23,  -23,  -23,   58,  -23,  -23,   58,   58,   58,   58,
+       58,   64,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -23
+    },
+
+    {
+       11,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,
+      -24,  -24,  -24,   58,  -24,  -24,   58,   58,   58,   58,
+       58,   58,   65,   58,   58,   58,   58,   58,   66,   58,
+       58,   58,   58,   58,   58,   58,   58,  -24
+
+    },
+
+    {
+       11,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,
+      -25,  -25,  -25,   58,  -25,  -25,   58,   67,   58,   58,
+       58,   68,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -25
+    },
+
+    {
+       11,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,
+      -26,  -26,  -26,   58,  -26,  -26,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       69,   58,   58,   58,   58,   58,   58,  -26
+    },
+
+    {
+       11,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,
+      -27,  -27,  -27,   58,  -27,  -27,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   70,   58,   58,   58,   58,  -27
+    },
+
+    {
+       11,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,
+      -28,  -28,  -28,   58,  -28,  -28,   58,   71,   58,   58,
+       58,   72,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -28
+    },
+
+    {
+       11,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,
+      -29,  -29,  -29,   58,  -29,  -29,   58,   58,   58,   58,
+       58,   73,   58,   58,   58,   58,   58,   58,   58,   74,
+       58,   58,   58,   58,   75,   58,   58,  -29
+
+    },
+
+    {
+       11,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,
+      -30,  -30,  -30,   58,  -30,  -30,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   76,   58,   58,   58,   58,  -30
+    },
+
+    {
+       11,   77,   77,  -31,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -32,   78,   79,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32
+    },
+
+    {
+       11,   80,  -33,  -33,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -34,   81,   81,  -34,   81,
+       81,   81,   81,   81,   81,  -34,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+
+    },
+
+    {
+       11,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35
+    },
+
+    {
+       11,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36
+    },
+
+    {
+       11,   83,   83,   84,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83
+    },
+
+    {
+       11,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38
+    },
+
+    {
+       11,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39
+
+    },
+
+    {
+       11,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,   85,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40
+    },
+
+    {
+       11,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41
+    },
+
+    {
+       11,   86,   86,  -42,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -43,  -43,  -43,  -43,  -43,  -43,   87,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43
+    },
+
+    {
+       11,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44
+
+    },
+
+    {
+       11,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45
+    },
+
+    {
+       11,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,
+      -46,   88,   89,   89,  -46,  -46,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -46
+    },
+
+    {
+       11,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,
+      -47,   89,   89,   89,  -47,  -47,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -47
+    },
+
+    {
+       11,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48
+    },
+
+    {
+       11,  -49,  -49,   90,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49
+
+    },
+
+    {
+       11,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,
+      -50,   89,   89,   89,  -50,  -50,   89,   89,   89,   89,
+       89,   89,   91,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -50
+    },
+
+    {
+       11,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,
+      -51,   89,   89,   89,  -51,  -51,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   92,   89,
+       89,   89,   89,   89,   89,   89,   89,  -51
+    },
+
+    {
+       11,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,   93
+    },
+
+    {
+       11,  -53,   53,   54,  -53,  -53,   55,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53
+    },
+
+    {
+       11,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57
+    },
+
+    {
+       11,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,
+      -58,  -58,  -58,   58,  -58,  -58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -58
+    },
+
+    {
+       11,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,
+      -59,  -59,  -59,   58,  -59,  -59,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   94,
+       58,   58,   58,   58,   58,   58,   58,  -59
+
+    },
+
+    {
+       11,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,
+      -60,  -60,  -60,   58,  -60,  -60,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   95,
+       58,   58,   58,   58,   58,   58,   58,  -60
+    },
+
+    {
+       11,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,
+      -61,  -61,  -61,   58,  -61,  -61,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   96,   97,   58,
+       58,   58,   58,   58,   58,   58,   58,  -61
+    },
+
+    {
+       11,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,
+      -62,  -62,  -62,   58,  -62,  -62,   58,   58,   58,   58,
+
+       58,   58,   98,   58,   58,   58,   58,   58,   58,   58,
+       99,   58,   58,   58,   58,   58,   58,  -62
+    },
+
+    {
+       11,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,
+      -63,  -63,  -63,   58,  -63,  -63,   58,  100,   58,   58,
+      101,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -63
+    },
+
+    {
+       11,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,
+      -64,  -64,  -64,   58,  -64,  -64,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  102,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  103,  -64
+
+    },
+
+    {
+       11,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,
+      -65,  -65,  -65,   58,  -65,  -65,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -65
+    },
+
+    {
+       11,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,
+      -66,  -66,  -66,   58,  -66,  -66,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  104,   58,   58,  -66
+    },
+
+    {
+       11,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,
+      -67,  -67,  -67,   58,  -67,  -67,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -67
+    },
+
+    {
+       11,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,
+      -68,  -68,  -68,   58,  -68,  -68,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  106,   58,
+       58,   58,   58,   58,   58,   58,   58,  -68
+    },
+
+    {
+       11,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,
+      -69,  -69,  -69,   58,  -69,  -69,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  107,   58,   58,  -69
+
+    },
+
+    {
+       11,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,
+      -70,  -70,  -70,   58,  -70,  -70,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  108,
+       58,   58,   58,   58,   58,   58,   58,  -70
+    },
+
+    {
+       11,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,
+      -71,  -71,  -71,   58,  -71,  -71,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  109,   58,
+       58,   58,   58,   58,   58,   58,   58,  -71
+    },
+
+    {
+       11,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,
+      -72,  -72,  -72,   58,  -72,  -72,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,  110,   58,   58,   58,   58,   58,  -72
+    },
+
+    {
+       11,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,
+      -73,  -73,  -73,   58,  -73,  -73,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  111,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -73
+    },
+
+    {
+       11,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,
+      -74,  -74,  -74,   58,  -74,  -74,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  112,   58,  -74
+
+    },
+
+    {
+       11,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,
+      -75,  -75,  -75,   58,  -75,  -75,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  113,   58,   58,   58,   58,  -75
+    },
+
+    {
+       11,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,
+      -76,  -76,  -76,   58,  -76,  -76,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -76
+    },
+
+    {
+       11,   77,   77,  -77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -78,   78,   79,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78
+    },
+
+    {
+       11,   80,  -79,  -79,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+
+    },
+
+    {
+       11,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -81,   81,   81,  -81,   81,
+       81,   81,   81,   81,   81,  -81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+    },
+
+    {
+       11,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82
+    },
+
+    {
+       11,  -83,  -83,   84,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83
+    },
+
+    {
+       11,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84
+
+    },
+
+    {
+       11,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85
+    },
+
+    {
+       11,   86,   86,  -86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87
+    },
+
+    {
+       11,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,
+      -88,  115,   89,   89,  -88,  -88,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -88
+    },
+
+    {
+       11,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,
+      -89,   89,   89,   89,  -89,  -89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -89
+
+    },
+
+    {
+       11,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90
+    },
+
+    {
+       11,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,
+      -91,   89,   89,   89,  -91,  -91,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -91
+    },
+
+    {
+       11,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,
+      -92,   89,   89,   89,  -92,  -92,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -92
+    },
+
+    {
+       11,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93
+    },
+
+    {
+       11,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,
+      -94,  -94,  -94,   58,  -94,  -94,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  116,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -94
+
+    },
+
+    {
+       11,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,
+      -95,  -95,  -95,   58,  -95,  -95,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  117,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -95
+    },
+
+    {
+       11,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,
+      -96,  -96,  -96,   58,  -96,  -96,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  118,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -96
+    },
+
+    {
+       11,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,
+      -97,  -97,  -97,   58,  -97,  -97,   58,   58,   58,   58,
+
+       58,   58,  119,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -97
+    },
+
+    {
+       11,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,
+      -98,  -98,  -98,   58,  -98,  -98,  120,  121,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -98
+    },
+
+    {
+       11,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,
+      -99,  -99,  -99,   58,  -99,  -99,   58,   58,   58,   58,
+       58,  122,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -99
+
+    },
+
+    {
+       11, -100, -100, -100, -100, -100, -100, -100, -100, -100,
+     -100, -100, -100,   58, -100, -100,   58,   58,  123,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -100
+    },
+
+    {
+       11, -101, -101, -101, -101, -101, -101, -101, -101, -101,
+     -101, -101, -101,   58, -101, -101,   58,   58,   58,  124,
+       58,   58,   58,   58,   58,  125,   58,  126,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -101
+    },
+
+    {
+       11, -102, -102, -102, -102, -102, -102, -102, -102, -102,
+     -102, -102, -102,   58, -102, -102,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      127,   58,   58,   58,   58,   58,   58, -102
+    },
+
+    {
+       11, -103, -103, -103, -103, -103, -103, -103, -103, -103,
+     -103, -103, -103,   58, -103, -103,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -103
+    },
+
+    {
+       11, -104, -104, -104, -104, -104, -104, -104, -104, -104,
+     -104, -104, -104,   58, -104, -104,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -104
+
+    },
+
+    {
+       11, -105, -105, -105, -105, -105, -105, -105, -105, -105,
+     -105, -105, -105,   58, -105, -105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  128,   58,
+       58,   58,   58,   58,   58,   58,   58, -105
+    },
+
+    {
+       11, -106, -106, -106, -106, -106, -106, -106, -106, -106,
+     -106, -106, -106,   58, -106, -106,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  129,   58, -106
+    },
+
+    {
+       11, -107, -107, -107, -107, -107, -107, -107, -107, -107,
+     -107, -107, -107,   58, -107, -107,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -107
+    },
+
+    {
+       11, -108, -108, -108, -108, -108, -108, -108, -108, -108,
+     -108, -108, -108,   58, -108, -108,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  131,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -108
+    },
+
+    {
+       11, -109, -109, -109, -109, -109, -109, -109, -109, -109,
+     -109, -109, -109,   58, -109, -109,   58,   58,   58,   58,
+       58,   58,   58,  132,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -109
+
+    },
+
+    {
+       11, -110, -110, -110, -110, -110, -110, -110, -110, -110,
+     -110, -110, -110,   58, -110, -110,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  133,   58, -110
+    },
+
+    {
+       11, -111, -111, -111, -111, -111, -111, -111, -111, -111,
+     -111, -111, -111,   58, -111, -111,   58,   58,   58,   58,
+       58,  134,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -111
+    },
+
+    {
+       11, -112, -112, -112, -112, -112, -112, -112, -112, -112,
+     -112, -112, -112,   58, -112, -112,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  135,   58,   58,   58,   58, -112
+    },
+
+    {
+       11, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+     -113, -113, -113,   58, -113, -113,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -113
+    },
+
+    {
+       11, -114, -114, -114, -114, -114, -114, -114, -114, -114,
+     -114, -114, -114,   58, -114, -114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  137,   58,   58,   58, -114
+
+    },
+
+    {
+       11, -115, -115, -115, -115, -115, -115, -115, -115, -115,
+     -115,   89,   89,   89, -115, -115,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89, -115
+    },
+
+    {
+       11, -116, -116, -116, -116, -116, -116, -116, -116, -116,
+     -116, -116, -116,   58, -116, -116,   58,   58,   58,   58,
+       58,  138,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -116
+    },
+
+    {
+       11, -117, -117, -117, -117, -117, -117, -117, -117, -117,
+     -117, -117, -117,   58, -117, -117,   58,   58,   58,  139,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -117
+    },
+
+    {
+       11, -118, -118, -118, -118, -118, -118, -118, -118, -118,
+     -118, -118, -118,   58, -118, -118,   58,   58,   58,   58,
+       58,  140,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -118
+    },
+
+    {
+       11, -119, -119, -119, -119, -119, -119, -119, -119, -119,
+     -119, -119, -119,   58, -119, -119,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  141,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -119
+
+    },
+
+    {
+       11, -120, -120, -120, -120, -120, -120, -120, -120, -120,
+     -120, -120, -120,   58, -120, -120,   58,   58,  142,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  143,   58,   58, -120
+    },
+
+    {
+       11, -121, -121, -121, -121, -121, -121, -121, -121, -121,
+     -121, -121, -121,   58, -121, -121,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  144,   58, -121
+    },
+
+    {
+       11, -122, -122, -122, -122, -122, -122, -122, -122, -122,
+     -122, -122, -122,   58, -122, -122,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  145,   58,
+       58,   58,   58,   58,   58,   58,   58, -122
+    },
+
+    {
+       11, -123, -123, -123, -123, -123, -123, -123, -123, -123,
+     -123, -123, -123,   58, -123, -123,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  146,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -123
+    },
+
+    {
+       11, -124, -124, -124, -124, -124, -124, -124, -124, -124,
+     -124, -124, -124,   58, -124, -124,   58,   58,   58,   58,
+       58,   58,   58,   58,  147,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -124
+
+    },
+
+    {
+       11, -125, -125, -125, -125, -125, -125, -125, -125, -125,
+     -125, -125, -125,   58, -125, -125,   58,   58,   58,   58,
+       58,   58,  148,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -125
+    },
+
+    {
+       11, -126, -126, -126, -126, -126, -126, -126, -126, -126,
+     -126, -126, -126,   58, -126, -126,   58,   58,   58,   58,
+       58,  149,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -126
+    },
+
+    {
+       11, -127, -127, -127, -127, -127, -127, -127, -127, -127,
+     -127, -127, -127,   58, -127, -127,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -127
+    },
+
+    {
+       11, -128, -128, -128, -128, -128, -128, -128, -128, -128,
+     -128, -128, -128,   58, -128, -128,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  150,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -128
+    },
+
+    {
+       11, -129, -129, -129, -129, -129, -129, -129, -129, -129,
+     -129, -129, -129,   58, -129, -129,   58,   58,   58,  151,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -129
+
+    },
+
+    {
+       11, -130, -130, -130, -130, -130, -130, -130, -130, -130,
+     -130, -130, -130,   58, -130, -130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  152,
+       58,   58,   58,   58,   58,   58,   58, -130
+    },
+
+    {
+       11, -131, -131, -131, -131, -131, -131, -131, -131, -131,
+     -131, -131, -131,   58, -131, -131,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      153,   58,   58,   58,   58,   58,   58, -131
+    },
+
+    {
+       11, -132, -132, -132, -132, -132, -132, -132, -132, -132,
+     -132, -132, -132,   58, -132, -132,   58,   58,   58,   58,
+
+       58,  154,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -132
+    },
+
+    {
+       11, -133, -133, -133, -133, -133, -133, -133, -133, -133,
+     -133, -133, -133,   58, -133, -133,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -133
+    },
+
+    {
+       11, -134, -134, -134, -134, -134, -134, -134, -134, -134,
+     -134, -134, -134,   58, -134, -134,   58,   58,   58,  156,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -134
+
+    },
+
+    {
+       11, -135, -135, -135, -135, -135, -135, -135, -135, -135,
+     -135, -135, -135,   58, -135, -135,   58,   58,   58,  157,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -135
+    },
+
+    {
+       11, -136, -136, -136, -136, -136, -136, -136, -136, -136,
+     -136, -136, -136,   58, -136, -136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  158,   58,
+       58,   58,   58,   58,   58,   58,   58, -136
+    },
+
+    {
+       11, -137, -137, -137, -137, -137, -137, -137, -137, -137,
+     -137, -137, -137,   58, -137, -137,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  159,   58,   58, -137
+    },
+
+    {
+       11, -138, -138, -138, -138, -138, -138, -138, -138, -138,
+     -138, -138, -138,   58, -138, -138,   58,  160,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -138
+    },
+
+    {
+       11, -139, -139, -139, -139, -139, -139, -139, -139, -139,
+     -139, -139, -139,   58, -139, -139,   58,   58,   58,   58,
+       58,  161,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -139
+
+    },
+
+    {
+       11, -140, -140, -140, -140, -140, -140, -140, -140, -140,
+     -140, -140, -140,   58, -140, -140,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  162,   58,
+       58,   58,   58,   58,   58,   58,   58, -140
+    },
+
+    {
+       11, -141, -141, -141, -141, -141, -141, -141, -141, -141,
+     -141, -141, -141,   58, -141, -141,   58,   58,   58,   58,
+       58,   58,   58,  163,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -141
+    },
+
+    {
+       11, -142, -142, -142, -142, -142, -142, -142, -142, -142,
+     -142, -142, -142,   58, -142, -142,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  164,
+       58,   58,   58,   58,   58,   58,   58, -142
+    },
+
+    {
+       11, -143, -143, -143, -143, -143, -143, -143, -143, -143,
+     -143, -143, -143,   58, -143, -143,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  165,   58,   58,   58,   58, -143
+    },
+
+    {
+       11, -144, -144, -144, -144, -144, -144, -144, -144, -144,
+     -144, -144, -144,   58, -144, -144,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  166,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -144
+
+    },
+
+    {
+       11, -145, -145, -145, -145, -145, -145, -145, -145, -145,
+     -145, -145, -145,   58, -145, -145,   58,   58,   58,   58,
+      167,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -145
+    },
+
+    {
+       11, -146, -146, -146, -146, -146, -146, -146, -146, -146,
+     -146, -146, -146,   58, -146, -146,   58,   58,   58,   58,
+       58,  168,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -146
+    },
+
+    {
+       11, -147, -147, -147, -147, -147, -147, -147, -147, -147,
+     -147, -147, -147,   58, -147, -147,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  169,
+       58,   58,   58,   58,   58,   58,   58, -147
+    },
+
+    {
+       11, -148, -148, -148, -148, -148, -148, -148, -148, -148,
+     -148, -148, -148,   58, -148, -148,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -148
+    },
+
+    {
+       11, -149, -149, -149, -149, -149, -149, -149, -149, -149,
+     -149, -149, -149,   58, -149, -149,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  170,   58,
+       58,   58,   58,   58,   58,   58,   58, -149
+
+    },
+
+    {
+       11, -150, -150, -150, -150, -150, -150, -150, -150, -150,
+     -150, -150, -150,   58, -150, -150,   58,   58,   58,   58,
+       58,  171,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -150
+    },
+
+    {
+       11, -151, -151, -151, -151, -151, -151, -151, -151, -151,
+     -151, -151, -151,   58, -151, -151,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  172,
+       58,   58,   58,   58,   58,   58,   58, -151
+    },
+
+    {
+       11, -152, -152, -152, -152, -152, -152, -152, -152, -152,
+     -152, -152, -152,   58, -152, -152,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  173,   58,
+       58,   58,   58,   58,   58,   58,   58, -152
+    },
+
+    {
+       11, -153, -153, -153, -153, -153, -153, -153, -153, -153,
+     -153, -153, -153,   58, -153, -153,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  174,   58,   58, -153
+    },
+
+    {
+       11, -154, -154, -154, -154, -154, -154, -154, -154, -154,
+     -154, -154, -154,   58, -154, -154,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -154
+
+    },
+
+    {
+       11, -155, -155, -155, -155, -155, -155, -155, -155, -155,
+     -155, -155, -155,   58, -155, -155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  175,   58,   58,   58,   58, -155
+    },
+
+    {
+       11, -156, -156, -156, -156, -156, -156, -156, -156, -156,
+     -156, -156, -156,   58, -156, -156,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  176,   58,   58, -156
+    },
+
+    {
+       11, -157, -157, -157, -157, -157, -157, -157, -157, -157,
+     -157, -157, -157,   58, -157, -157,   58,   58,   58,   58,
+
+       58,  177,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -157
+    },
+
+    {
+       11, -158, -158, -158, -158, -158, -158, -158, -158, -158,
+     -158, -158, -158,   58, -158, -158,   58,   58,   58,   58,
+       58,   58,   58,  178,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -158
+    },
+
+    {
+       11, -159, -159, -159, -159, -159, -159, -159, -159, -159,
+     -159, -159, -159,   58, -159, -159,   58,  179,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -159
+
+    },
+
+    {
+       11, -160, -160, -160, -160, -160, -160, -160, -160, -160,
+     -160, -160, -160,   58, -160, -160,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  180,   58,
+       58,   58,   58,   58,   58,   58,   58, -160
+    },
+
+    {
+       11, -161, -161, -161, -161, -161, -161, -161, -161, -161,
+     -161, -161, -161,   58, -161, -161,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -161
+    },
+
+    {
+       11, -162, -162, -162, -162, -162, -162, -162, -162, -162,
+     -162, -162, -162,   58, -162, -162,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  181,   58,   58, -162
+    },
+
+    {
+       11, -163, -163, -163, -163, -163, -163, -163, -163, -163,
+     -163, -163, -163,   58, -163, -163,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -163
+    },
+
+    {
+       11, -164, -164, -164, -164, -164, -164, -164, -164, -164,
+     -164, -164, -164,   58, -164, -164,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  182,
+       58,   58,   58,   58,   58,   58,   58, -164
+
+    },
+
+    {
+       11, -165, -165, -165, -165, -165, -165, -165, -165, -165,
+     -165, -165, -165,   58, -165, -165,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -165
+    },
+
+    {
+       11, -166, -166, -166, -166, -166, -166, -166, -166, -166,
+     -166, -166, -166,   58, -166, -166,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  184,   58,   58, -166
+    },
+
+    {
+       11, -167, -167, -167, -167, -167, -167, -167, -167, -167,
+     -167, -167, -167,   58, -167, -167,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  185,   58,   58,   58, -167
+    },
+
+    {
+       11, -168, -168, -168, -168, -168, -168, -168, -168, -168,
+     -168, -168, -168,   58, -168, -168,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -168
+    },
+
+    {
+       11, -169, -169, -169, -169, -169, -169, -169, -169, -169,
+     -169, -169, -169,   58, -169, -169,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  186,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -169
+
+    },
+
+    {
+       11, -170, -170, -170, -170, -170, -170, -170, -170, -170,
+     -170, -170, -170,   58, -170, -170,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  187,   58, -170
+    },
+
+    {
+       11, -171, -171, -171, -171, -171, -171, -171, -171, -171,
+     -171, -171, -171,   58, -171, -171,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  188,   58,
+       58,   58,   58,   58,   58,   58,   58, -171
+    },
+
+    {
+       11, -172, -172, -172, -172, -172, -172, -172, -172, -172,
+     -172, -172, -172,   58, -172, -172,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  189,   58,
+       58,   58,   58,   58,   58,   58,   58, -172
+    },
+
+    {
+       11, -173, -173, -173, -173, -173, -173, -173, -173, -173,
+     -173, -173, -173,   58, -173, -173,   58,  190,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -173
+    },
+
+    {
+       11, -174, -174, -174, -174, -174, -174, -174, -174, -174,
+     -174, -174, -174,   58, -174, -174,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -174
+
+    },
+
+    {
+       11, -175, -175, -175, -175, -175, -175, -175, -175, -175,
+     -175, -175, -175,   58, -175, -175,   58,   58,   58,   58,
+       58,  191,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -175
+    },
+
+    {
+       11, -176, -176, -176, -176, -176, -176, -176, -176, -176,
+     -176, -176, -176,   58, -176, -176,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -176
+    },
+
+    {
+       11, -177, -177, -177, -177, -177, -177, -177, -177, -177,
+     -177, -177, -177,   58, -177, -177,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -177
+    },
+
+    {
+       11, -178, -178, -178, -178, -178, -178, -178, -178, -178,
+     -178, -178, -178,   58, -178, -178,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -178
+    },
+
+    {
+       11, -179, -179, -179, -179, -179, -179, -179, -179, -179,
+     -179, -179, -179,   58, -179, -179,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  192,   58,   58, -179
+
+    },
+
+    {
+       11, -180, -180, -180, -180, -180, -180, -180, -180, -180,
+     -180, -180, -180,   58, -180, -180,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -180
+    },
+
+    {
+       11, -181, -181, -181, -181, -181, -181, -181, -181, -181,
+     -181, -181, -181,   58, -181, -181,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -181
+    },
+
+    {
+       11, -182, -182, -182, -182, -182, -182, -182, -182, -182,
+     -182, -182, -182,   58, -182, -182,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,  193,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -182
+    },
+
+    {
+       11, -183, -183, -183, -183, -183, -183, -183, -183, -183,
+     -183, -183, -183,   58, -183, -183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  194,   58,   58,   58, -183
+    },
+
+    {
+       11, -184, -184, -184, -184, -184, -184, -184, -184, -184,
+     -184, -184, -184,   58, -184, -184,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -184
+
+    },
+
+    {
+       11, -185, -185, -185, -185, -185, -185, -185, -185, -185,
+     -185, -185, -185,   58, -185, -185,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -185
+    },
+
+    {
+       11, -186, -186, -186, -186, -186, -186, -186, -186, -186,
+     -186, -186, -186,   58, -186, -186,   58,   58,   58,  195,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -186
+    },
+
+    {
+       11, -187, -187, -187, -187, -187, -187, -187, -187, -187,
+     -187, -187, -187,   58, -187, -187,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -187
+    },
+
+    {
+       11, -188, -188, -188, -188, -188, -188, -188, -188, -188,
+     -188, -188, -188,   58, -188, -188,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  196,   58, -188
+    },
+
+    {
+       11, -189, -189, -189, -189, -189, -189, -189, -189, -189,
+     -189, -189, -189,   58, -189, -189,   58,   58,   58,   58,
+       58,   58,  197,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -189
+
+    },
+
+    {
+       11, -190, -190, -190, -190, -190, -190, -190, -190, -190,
+     -190, -190, -190,   58, -190, -190,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  198,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -190
+    },
+
+    {
+       11, -191, -191, -191, -191, -191, -191, -191, -191, -191,
+     -191, -191, -191,   58, -191, -191,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  199,   58,   58,   58, -191
+    },
+
+    {
+       11, -192, -192, -192, -192, -192, -192, -192, -192, -192,
+     -192, -192, -192,   58, -192, -192,   58,   58,   58,   58,
+
+       58,  200,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -192
+    },
+
+    {
+       11, -193, -193, -193, -193, -193, -193, -193, -193, -193,
+     -193, -193, -193,   58, -193, -193,   58,   58,   58,   58,
+       58,  201,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -193
+    },
+
+    {
+       11, -194, -194, -194, -194, -194, -194, -194, -194, -194,
+     -194, -194, -194,   58, -194, -194,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  202,   58,   58, -194
+
+    },
+
+    {
+       11, -195, -195, -195, -195, -195, -195, -195, -195, -195,
+     -195, -195, -195,   58, -195, -195,   58,   58,   58,   58,
+       58,  203,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -195
+    },
+
+    {
+       11, -196, -196, -196, -196, -196, -196, -196, -196, -196,
+     -196, -196, -196,   58, -196, -196,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -196
+    },
+
+    {
+       11, -197, -197, -197, -197, -197, -197, -197, -197, -197,
+     -197, -197, -197,   58, -197, -197,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  204,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -197
+    },
+
+    {
+       11, -198, -198, -198, -198, -198, -198, -198, -198, -198,
+     -198, -198, -198,   58, -198, -198,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -198
+    },
+
+    {
+       11, -199, -199, -199, -199, -199, -199, -199, -199, -199,
+     -199, -199, -199,   58, -199, -199,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -199
+
+    },
+
+    {
+       11, -200, -200, -200, -200, -200, -200, -200, -200, -200,
+     -200, -200, -200,   58, -200, -200,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -200
+    },
+
+    {
+       11, -201, -201, -201, -201, -201, -201, -201, -201, -201,
+     -201, -201, -201,   58, -201, -201,   58,  205,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -201
+    },
+
+    {
+       11, -202, -202, -202, -202, -202, -202, -202, -202, -202,
+     -202, -202, -202,   58, -202, -202,   58,  206,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -202
+    },
+
+    {
+       11, -203, -203, -203, -203, -203, -203, -203, -203, -203,
+     -203, -203, -203,   58, -203, -203,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -203
+    },
+
+    {
+       11, -204, -204, -204, -204, -204, -204, -204, -204, -204,
+     -204, -204, -204,   58, -204, -204,   58,   58,   58,   58,
+       58,   58,   58,  207,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -204
+
+    },
+
+    {
+       11, -205, -205, -205, -205, -205, -205, -205, -205, -205,
+     -205, -205, -205,   58, -205, -205,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  208,   58,
+       58,   58,   58,   58,   58,   58,   58, -205
+    },
+
+    {
+       11, -206, -206, -206, -206, -206, -206, -206, -206, -206,
+     -206, -206, -206,   58, -206, -206,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  209,   58,   58, -206
+    },
+
+    {
+       11, -207, -207, -207, -207, -207, -207, -207, -207, -207,
+     -207, -207, -207,   58, -207, -207,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -207
+    },
+
+    {
+       11, -208, -208, -208, -208, -208, -208, -208, -208, -208,
+     -208, -208, -208,   58, -208, -208,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -208
+    },
+
+    {
+       11, -209, -209, -209, -209, -209, -209, -209, -209, -209,
+     -209, -209, -209,   58, -209, -209,   58,   58,   58,   58,
+       58,  210,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -209
+
+    },
+
+    {
+       11, -210, -210, -210, -210, -210, -210, -210, -210, -210,
+     -210, -210, -210,   58, -210, -210,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -210
+    },
+
+    } ;
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[]  );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up zconftext.
+ */
+#define YY_DO_BEFORE_ACTION \
+	(yytext_ptr) = yy_bp; \
+	zconfleng = (size_t) (yy_cp - yy_bp); \
+	(yy_hold_char) = *yy_cp; \
+	*yy_cp = '\0'; \
+	(yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 64
+#define YY_END_OF_BUFFER 65
+/* This struct is not used in this scanner,
+   but its presence is necessary. */
+struct yy_trans_info
+	{
+	flex_int32_t yy_verify;
+	flex_int32_t yy_nxt;
+	};
+static yyconst flex_int16_t yy_accept[211] =
+    {   0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+       65,    5,    4,    3,    2,   36,   37,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       63,   60,   62,   55,   59,   58,   57,   53,   48,   42,
+       47,   51,   53,   40,   41,   50,   50,   43,   53,   50,
+       50,   53,    4,    3,    2,    2,    1,   35,   35,   35,
+       35,   35,   35,   35,   16,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   63,   60,   62,   61,
+       55,   54,   57,   56,   44,   51,   38,   50,   50,   52,
+       45,   46,   39,   35,   35,   35,   35,   35,   35,   35,
+
+       35,   35,   30,   29,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   49,   25,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   15,   35,    7,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   17,   35,   35,
+       35,   35,   35,   34,   35,   35,   35,   35,   35,   35,
+       10,   35,   13,   35,   35,   35,   35,   33,   35,   35,
+       35,   35,   35,   22,   35,   32,    9,   31,   35,   26,
+       12,   35,   35,   21,   18,   35,    8,   35,   35,   35,
+       35,   35,   27,   35,   35,    6,   35,   20,   19,   23,
+
+       35,   35,   11,   35,   35,   35,   14,   28,   35,   24
+    } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    2,    4,    5,    6,    1,    1,    7,    8,    9,
+       10,    1,    1,    1,   11,   12,   12,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,    1,    1,    1,
+       14,    1,    1,    1,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+        1,   15,    1,    1,   16,    1,   17,   18,   19,   20,
+
+       21,   22,   23,   24,   25,   13,   13,   26,   27,   28,
+       29,   30,   31,   32,   33,   34,   35,   13,   13,   36,
+       13,   13,    1,   37,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1
+    } ;
+
+extern int zconf_flex_debug;
+int zconf_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *zconftext;
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define START_STRSIZE	16
+
+char *text;
+static char *text_ptr;
+static int text_size, text_asize;
+
+struct buffer {
+        struct buffer *parent;
+        YY_BUFFER_STATE state;
+};
+
+struct buffer *current_buf;
+
+static int last_ts, first_ts;
+
+static void zconf_endhelp(void);
+static struct buffer *zconf_endfile(void);
+
+void new_string(void)
+{
+	text = malloc(START_STRSIZE);
+	text_asize = START_STRSIZE;
+	text_ptr = text;
+	text_size = 0;
+	*text_ptr = 0;
+}
+
+void append_string(const char *str, int size)
+{
+	int new_size = text_size + size + 1;
+	if (new_size > text_asize) {
+		text = realloc(text, new_size);
+		text_asize = new_size;
+		text_ptr = text + text_size;
+	}
+	memcpy(text_ptr, str, size);
+	text_ptr += size;
+	text_size += size;
+	*text_ptr = 0;
+}
+
+void alloc_string(const char *str, int size)
+{
+	text = malloc(size + 1);
+	memcpy(text, str, size);
+	text[size] = 0;
+}
+
+#define INITIAL 0
+#define COMMAND 1
+#define HELP 2
+#define STRING 3
+#define PARAM 4
+
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int zconfwrap (void );
+#else
+extern int zconfwrap (void );
+#endif
+#endif
+
+    static void yyunput (int c,char *buf_ptr  );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( zconftext, zconfleng, 1, zconfout )
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+	errno=0; \
+	while ( (result = read( fileno(zconfin), (char *) buf, max_size )) < 0 ) \
+	{ \
+		if( errno != EINTR) \
+		{ \
+			YY_FATAL_ERROR( "input in flex scanner failed" ); \
+			break; \
+		} \
+		errno=0; \
+		clearerr(zconfin); \
+	}\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int zconflex (void);
+
+#define YY_DECL int zconflex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after zconftext and zconfleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+	YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp, *yy_bp;
+	register int yy_act;
+
+	int str = 0;
+	int ts, i;
+
+	if ( (yy_init) )
+		{
+		(yy_init) = 0;
+
+#ifdef YY_USER_INIT
+		YY_USER_INIT;
+#endif
+
+		if ( ! (yy_start) )
+			(yy_start) = 1;	/* first start state */
+
+		if ( ! zconfin )
+			zconfin = stdin;
+
+		if ( ! zconfout )
+			zconfout = stdout;
+
+		if ( ! YY_CURRENT_BUFFER ) {
+			zconfensure_buffer_stack ();
+			YY_CURRENT_BUFFER_LVALUE =
+				zconf_create_buffer(zconfin,YY_BUF_SIZE );
+		}
+
+		zconf_load_buffer_state( );
+		}
+
+	while ( 1 )		/* loops until end-of-file is reached */
+		{
+		yy_cp = (yy_c_buf_p);
+
+		/* Support of zconftext. */
+		*yy_cp = (yy_hold_char);
+
+		/* yy_bp points to the position in yy_ch_buf of the start of
+		 * the current run.
+		 */
+		yy_bp = yy_cp;
+
+		yy_current_state = (yy_start);
+yy_match:
+		while ( (yy_current_state = yy_nxt[yy_current_state][ yy_ec[YY_SC_TO_UI(*yy_cp)]  ]) > 0 )
+			++yy_cp;
+
+		yy_current_state = -yy_current_state;
+
+yy_find_action:
+		yy_act = yy_accept[yy_current_state];
+
+		YY_DO_BEFORE_ACTION;
+
+do_action:	/* This label is used only to access EOF actions. */
+
+		switch ( yy_act )
+	{ /* beginning of action switch */
+case 1:
+/* rule 1 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 2:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 3:
+/* rule 3 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 4:
+YY_RULE_SETUP
+{
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+case 5:
+YY_RULE_SETUP
+{
+	unput(zconftext[0]);
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+
+case 6:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MAINMENU;
+	YY_BREAK
+case 7:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENU;
+	YY_BREAK
+case 8:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDMENU;
+	YY_BREAK
+case 9:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SOURCE;
+	YY_BREAK
+case 10:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CHOICE;
+	YY_BREAK
+case 11:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDCHOICE;
+	YY_BREAK
+case 12:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_COMMENT;
+	YY_BREAK
+case 13:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CONFIG;
+	YY_BREAK
+case 14:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENUCONFIG;
+	YY_BREAK
+case 15:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HELP;
+	YY_BREAK
+case 16:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_IF;
+	YY_BREAK
+case 17:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDIF;
+	YY_BREAK
+case 18:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEPENDS;
+	YY_BREAK
+case 19:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_REQUIRES;
+	YY_BREAK
+case 20:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_OPTIONAL;
+	YY_BREAK
+case 21:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEFAULT;
+	YY_BREAK
+case 22:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_PROMPT;
+	YY_BREAK
+case 23:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_TRISTATE;
+	YY_BREAK
+case 24:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_TRISTATE;
+	YY_BREAK
+case 25:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 26:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 27:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 28:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 29:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_INT;
+	YY_BREAK
+case 30:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HEX;
+	YY_BREAK
+case 31:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_STRING;
+	YY_BREAK
+case 32:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 33:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 34:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_RANGE;
+	YY_BREAK
+case 35:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 36:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 37:
+/* rule 37 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; BEGIN(INITIAL);
+	YY_BREAK
+
+case 38:
+YY_RULE_SETUP
+return T_AND;
+	YY_BREAK
+case 39:
+YY_RULE_SETUP
+return T_OR;
+	YY_BREAK
+case 40:
+YY_RULE_SETUP
+return T_OPEN_PAREN;
+	YY_BREAK
+case 41:
+YY_RULE_SETUP
+return T_CLOSE_PAREN;
+	YY_BREAK
+case 42:
+YY_RULE_SETUP
+return T_NOT;
+	YY_BREAK
+case 43:
+YY_RULE_SETUP
+return T_EQUAL;
+	YY_BREAK
+case 44:
+YY_RULE_SETUP
+return T_UNEQUAL;
+	YY_BREAK
+case 45:
+YY_RULE_SETUP
+return T_IF;
+	YY_BREAK
+case 46:
+YY_RULE_SETUP
+return T_ON;
+	YY_BREAK
+case 47:
+YY_RULE_SETUP
+{
+		str = zconftext[0];
+		new_string();
+		BEGIN(STRING);
+	}
+	YY_BREAK
+case 48:
+/* rule 48 can match eol */
+YY_RULE_SETUP
+BEGIN(INITIAL); current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 49:
+YY_RULE_SETUP
+/* ignore */
+	YY_BREAK
+case 50:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 51:
+YY_RULE_SETUP
+/* comment */
+	YY_BREAK
+case 52:
+/* rule 52 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 53:
+YY_RULE_SETUP
+
+	YY_BREAK
+case YY_STATE_EOF(PARAM):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 54:
+/* rule 54 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 55:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+	}
+	YY_BREAK
+case 56:
+/* rule 56 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 57:
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+	}
+	YY_BREAK
+case 58:
+YY_RULE_SETUP
+{
+		if (str == zconftext[0]) {
+			BEGIN(PARAM);
+			zconflval.string = text;
+			return T_WORD_QUOTE;
+		} else
+			append_string(zconftext, 1);
+	}
+	YY_BREAK
+case 59:
+/* rule 59 can match eol */
+YY_RULE_SETUP
+{
+		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
+		current_file->lineno++;
+		BEGIN(INITIAL);
+		return T_EOL;
+	}
+	YY_BREAK
+case YY_STATE_EOF(STRING):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 60:
+YY_RULE_SETUP
+{
+		ts = 0;
+		for (i = 0; i < zconfleng; i++) {
+			if (zconftext[i] == '\t')
+				ts = (ts & ~7) + 8;
+			else
+				ts++;
+		}
+		last_ts = ts;
+		if (first_ts) {
+			if (ts < first_ts) {
+				zconf_endhelp();
+				return T_HELPTEXT;
+			}
+			ts -= first_ts;
+			while (ts > 8) {
+				append_string("        ", 8);
+				ts -= 8;
+			}
+			append_string("        ", ts);
+		}
+	}
+	YY_BREAK
+case 61:
+/* rule 61 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+case 62:
+/* rule 62 can match eol */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		append_string("\n", 1);
+	}
+	YY_BREAK
+case 63:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		if (!first_ts)
+			first_ts = last_ts;
+	}
+	YY_BREAK
+case YY_STATE_EOF(HELP):
+{
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+
+case YY_STATE_EOF(INITIAL):
+case YY_STATE_EOF(COMMAND):
+{
+	if (current_buf) {
+		zconf_endfile();
+		return T_EOF;
+	}
+	fclose(zconfin);
+	yyterminate();
+}
+	YY_BREAK
+case 64:
+YY_RULE_SETUP
+YY_FATAL_ERROR( "flex scanner jammed" );
+	YY_BREAK
+
+	case YY_END_OF_BUFFER:
+		{
+		/* Amount of text matched not including the EOB char. */
+		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+		/* Undo the effects of YY_DO_BEFORE_ACTION. */
+		*yy_cp = (yy_hold_char);
+		YY_RESTORE_YY_MORE_OFFSET
+
+		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+			{
+			/* We're scanning a new file or input source.  It's
+			 * possible that this happened because the user
+			 * just pointed zconfin at a new source and called
+			 * zconflex().  If so, then we have to assure
+			 * consistency between YY_CURRENT_BUFFER and our
+			 * globals.  Here is the right place to do so, because
+			 * this is the first action (other than possibly a
+			 * back-up) that will match for the new input source.
+			 */
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+			YY_CURRENT_BUFFER_LVALUE->yy_input_file = zconfin;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+			}
+
+		/* Note that here we test for yy_c_buf_p "<=" to the position
+		 * of the first EOB in the buffer, since yy_c_buf_p will
+		 * already have been incremented past the NUL character
+		 * (since all states make transitions on EOB to the
+		 * end-of-buffer state).  Contrast this with the test
+		 * in input().
+		 */
+		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			{ /* This was really a NUL. */
+			yy_state_type yy_next_state;
+
+			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+			yy_current_state = yy_get_previous_state(  );
+
+			/* Okay, we're now positioned to make the NUL
+			 * transition.  We couldn't have
+			 * yy_get_previous_state() go ahead and do it
+			 * for us because it doesn't know how to deal
+			 * with the possibility of jamming (and we don't
+			 * want to build jamming into it because then it
+			 * will run more slowly).
+			 */
+
+			yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+			if ( yy_next_state )
+				{
+				/* Consume the NUL. */
+				yy_cp = ++(yy_c_buf_p);
+				yy_current_state = yy_next_state;
+				goto yy_match;
+				}
+
+			else
+				{
+				yy_cp = (yy_c_buf_p);
+				goto yy_find_action;
+				}
+			}
+
+		else switch ( yy_get_next_buffer(  ) )
+			{
+			case EOB_ACT_END_OF_FILE:
+				{
+				(yy_did_buffer_switch_on_eof) = 0;
+
+				if ( zconfwrap( ) )
+					{
+					/* Note: because we've taken care in
+					 * yy_get_next_buffer() to have set up
+					 * zconftext, we can now set up
+					 * yy_c_buf_p so that if some total
+					 * hoser (like flex itself) wants to
+					 * call the scanner after we return the
+					 * YY_NULL, it'll still work - another
+					 * YY_NULL will get returned.
+					 */
+					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+					yy_act = YY_STATE_EOF(YY_START);
+					goto do_action;
+					}
+
+				else
+					{
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+					}
+				break;
+				}
+
+			case EOB_ACT_CONTINUE_SCAN:
+				(yy_c_buf_p) =
+					(yytext_ptr) + yy_amount_of_matched_text;
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_match;
+
+			case EOB_ACT_LAST_MATCH:
+				(yy_c_buf_p) =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_find_action;
+			}
+		break;
+		}
+
+	default:
+		YY_FATAL_ERROR(
+			"fatal flex scanner internal error--no action found" );
+	} /* end of action switch */
+		} /* end of scanning one token */
+} /* end of zconflex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *	EOB_ACT_LAST_MATCH -
+ *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *	EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+	register char *source = (yytext_ptr);
+	register int number_to_move, i;
+	int ret_val;
+
+	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+		YY_FATAL_ERROR(
+		"fatal flex scanner internal error--end of buffer missed" );
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+		{ /* Don't try to fill the buffer, so this is an EOF. */
+		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+			{
+			/* We matched a single character, the EOB, so
+			 * treat this as a final EOF.
+			 */
+			return EOB_ACT_END_OF_FILE;
+			}
+
+		else
+			{
+			/* We matched some text prior to the EOB, first
+			 * process it.
+			 */
+			return EOB_ACT_LAST_MATCH;
+			}
+		}
+
+	/* Try to read more data. */
+
+	/* First move last chars to start of buffer. */
+	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+	for ( i = 0; i < number_to_move; ++i )
+		*(dest++) = *(source++);
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+		/* don't do the read, it's not guaranteed to return an EOF,
+		 * just force an EOF
+		 */
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+	else
+		{
+			size_t num_to_read =
+			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+		while ( num_to_read <= 0 )
+			{ /* Not enough room in the buffer - grow it. */
+
+			/* just a shorter name for the current buffer */
+			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+			int yy_c_buf_p_offset =
+				(int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+			if ( b->yy_is_our_buffer )
+				{
+				int new_size = b->yy_buf_size * 2;
+
+				if ( new_size <= 0 )
+					b->yy_buf_size += b->yy_buf_size / 8;
+				else
+					b->yy_buf_size *= 2;
+
+				b->yy_ch_buf = (char *)
+					/* Include room in for 2 EOB chars. */
+					zconfrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
+				}
+			else
+				/* Can't grow it, we don't own it. */
+				b->yy_ch_buf = 0;
+
+			if ( ! b->yy_ch_buf )
+				YY_FATAL_ERROR(
+				"fatal error - scanner input buffer overflow" );
+
+			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+						number_to_move - 1;
+
+			}
+
+		if ( num_to_read > YY_READ_BUF_SIZE )
+			num_to_read = YY_READ_BUF_SIZE;
+
+		/* Read in more data. */
+		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+			(yy_n_chars), num_to_read );
+
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	if ( (yy_n_chars) == 0 )
+		{
+		if ( number_to_move == YY_MORE_ADJ )
+			{
+			ret_val = EOB_ACT_END_OF_FILE;
+			zconfrestart(zconfin  );
+			}
+
+		else
+			{
+			ret_val = EOB_ACT_LAST_MATCH;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+				YY_BUFFER_EOF_PENDING;
+			}
+		}
+
+	else
+		ret_val = EOB_ACT_CONTINUE_SCAN;
+
+	(yy_n_chars) += number_to_move;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+	return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+    static yy_state_type yy_get_previous_state (void)
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp;
+
+	yy_current_state = (yy_start);
+
+	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+		{
+		yy_current_state = yy_nxt[yy_current_state][(*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1)];
+		}
+
+	return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *	next_state = yy_try_NUL_trans( current_state );
+ */
+    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+{
+	register int yy_is_jam;
+
+	yy_current_state = yy_nxt[yy_current_state][1];
+	yy_is_jam = (yy_current_state <= 0);
+
+	return yy_is_jam ? 0 : yy_current_state;
+}
+
+    static void yyunput (int c, register char * yy_bp )
+{
+	register char *yy_cp;
+
+    yy_cp = (yy_c_buf_p);
+
+	/* undo effects of setting up zconftext */
+	*yy_cp = (yy_hold_char);
+
+	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+		{ /* need to shift things up to make room */
+		/* +2 for EOB chars. */
+		register int number_to_move = (yy_n_chars) + 2;
+		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+		register char *source =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+			*--dest = *--source;
+
+		yy_cp += (int) (dest - source);
+		yy_bp += (int) (dest - source);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+		}
+
+	*--yy_cp = (char) c;
+
+	(yytext_ptr) = yy_bp;
+	(yy_hold_char) = *yy_cp;
+	(yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+    static int yyinput (void)
+#else
+    static int input  (void)
+#endif
+
+{
+	int c;
+
+	*(yy_c_buf_p) = (yy_hold_char);
+
+	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+		{
+		/* yy_c_buf_p now points to the character we want to return.
+		 * If this occurs *before* the EOB characters, then it's a
+		 * valid NUL; if not, then we've hit the end of the buffer.
+		 */
+		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			/* This was really a NUL. */
+			*(yy_c_buf_p) = '\0';
+
+		else
+			{ /* need more input */
+			int offset = (yy_c_buf_p) - (yytext_ptr);
+			++(yy_c_buf_p);
+
+			switch ( yy_get_next_buffer(  ) )
+				{
+				case EOB_ACT_LAST_MATCH:
+					/* This happens because yy_g_n_b()
+					 * sees that we've accumulated a
+					 * token and flags that we need to
+					 * try matching the token before
+					 * proceeding.  But for input(),
+					 * there's no matching to consider.
+					 * So convert the EOB_ACT_LAST_MATCH
+					 * to EOB_ACT_END_OF_FILE.
+					 */
+
+					/* Reset buffer status. */
+					zconfrestart(zconfin );
+
+					/*FALLTHROUGH*/
+
+				case EOB_ACT_END_OF_FILE:
+					{
+					if ( zconfwrap( ) )
+						return EOF;
+
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+#ifdef __cplusplus
+					return yyinput();
+#else
+					return input();
+#endif
+					}
+
+				case EOB_ACT_CONTINUE_SCAN:
+					(yy_c_buf_p) = (yytext_ptr) + offset;
+					break;
+				}
+			}
+		}
+
+	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
+	*(yy_c_buf_p) = '\0';	/* preserve zconftext */
+	(yy_hold_char) = *++(yy_c_buf_p);
+
+	return c;
+}
+#endif	/* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+    void zconfrestart  (FILE * input_file )
+{
+
+	if ( ! YY_CURRENT_BUFFER ){
+        zconfensure_buffer_stack ();
+		YY_CURRENT_BUFFER_LVALUE =
+            zconf_create_buffer(zconfin,YY_BUF_SIZE );
+	}
+
+	zconf_init_buffer(YY_CURRENT_BUFFER,input_file );
+	zconf_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+    void zconf_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
+{
+
+	/* TODO. We should be able to replace this entire function body
+	 * with
+	 *		zconfpop_buffer_state();
+	 *		zconfpush_buffer_state(new_buffer);
+     */
+	zconfensure_buffer_stack ();
+	if ( YY_CURRENT_BUFFER == new_buffer )
+		return;
+
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+	zconf_load_buffer_state( );
+
+	/* We don't actually know whether we did this switch during
+	 * EOF (zconfwrap()) processing, but the only time this flag
+	 * is looked at is after zconfwrap() is called, so it's safe
+	 * to go ahead and always set it.
+	 */
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void zconf_load_buffer_state  (void)
+{
+    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+	zconfin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+	(yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+    YY_BUFFER_STATE zconf_create_buffer  (FILE * file, int  size )
+{
+	YY_BUFFER_STATE b;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_buf_size = size;
+
+	/* yy_ch_buf has to be 2 characters longer than the size given because
+	 * we need to put in 2 end-of-buffer characters.
+	 */
+	b->yy_ch_buf = (char *) zconfalloc(b->yy_buf_size + 2  );
+	if ( ! b->yy_ch_buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_is_our_buffer = 1;
+
+	zconf_init_buffer(b,file );
+
+	return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with zconf_create_buffer()
+ *
+ */
+    void zconf_delete_buffer (YY_BUFFER_STATE  b )
+{
+
+	if ( ! b )
+		return;
+
+	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+	if ( b->yy_is_our_buffer )
+		zconffree((void *) b->yy_ch_buf  );
+
+	zconffree((void *) b  );
+}
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a zconfrestart() or at EOF.
+ */
+    static void zconf_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
+
+{
+	int oerrno = errno;
+
+	zconf_flush_buffer(b );
+
+	b->yy_input_file = file;
+	b->yy_fill_buffer = 1;
+
+    /* If b is the current buffer, then zconf_init_buffer was _probably_
+     * called from zconfrestart() or through yy_get_next_buffer.
+     * In that case, we don't want to reset the lineno or column.
+     */
+    if (b != YY_CURRENT_BUFFER){
+        b->yy_bs_lineno = 1;
+        b->yy_bs_column = 0;
+    }
+
+        b->yy_is_interactive = 0;
+
+	errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+    void zconf_flush_buffer (YY_BUFFER_STATE  b )
+{
+    	if ( ! b )
+		return;
+
+	b->yy_n_chars = 0;
+
+	/* We always need two end-of-buffer characters.  The first causes
+	 * a transition to the end-of-buffer state.  The second causes
+	 * a jam in that state.
+	 */
+	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+	b->yy_buf_pos = &b->yy_ch_buf[0];
+
+	b->yy_at_bol = 1;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	if ( b == YY_CURRENT_BUFFER )
+		zconf_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ *  the current state. This function will allocate the stack
+ *  if necessary.
+ *  @param new_buffer The new state.
+ *
+ */
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+    	if (new_buffer == NULL)
+		return;
+
+	zconfensure_buffer_stack();
+
+	/* This block is copied from zconf_switch_to_buffer. */
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	/* Only push if top exists. Otherwise, replace top. */
+	if (YY_CURRENT_BUFFER)
+		(yy_buffer_stack_top)++;
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+	/* copied from zconf_switch_to_buffer. */
+	zconf_load_buffer_state( );
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ *  The next element becomes the new top.
+ *
+ */
+void zconfpop_buffer_state (void)
+{
+    	if (!YY_CURRENT_BUFFER)
+		return;
+
+	zconf_delete_buffer(YY_CURRENT_BUFFER );
+	YY_CURRENT_BUFFER_LVALUE = NULL;
+	if ((yy_buffer_stack_top) > 0)
+		--(yy_buffer_stack_top);
+
+	if (YY_CURRENT_BUFFER) {
+		zconf_load_buffer_state( );
+		(yy_did_buffer_switch_on_eof) = 1;
+	}
+}
+
+/* Allocates the stack if it does not exist.
+ *  Guarantees space for at least one push.
+ */
+static void zconfensure_buffer_stack (void)
+{
+	int num_to_alloc;
+
+	if (!(yy_buffer_stack)) {
+
+		/* First allocation is just for 2 elements, since we don't know if this
+		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+		 * immediate realloc on the next call.
+         */
+		num_to_alloc = 1;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfalloc
+								(num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+		(yy_buffer_stack_max) = num_to_alloc;
+		(yy_buffer_stack_top) = 0;
+		return;
+	}
+
+	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+		/* Increase the buffer to prepare for a possible push. */
+		int grow_size = 8 /* arbitrary grow size */;
+
+		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfrealloc
+								((yy_buffer_stack),
+								num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		/* zero only the new slots.*/
+		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+		(yy_buffer_stack_max) = num_to_alloc;
+	}
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_buffer  (char * base, yy_size_t  size )
+{
+	YY_BUFFER_STATE b;
+
+	if ( size < 2 ||
+	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+		/* They forgot to leave room for the EOB's. */
+		return 0;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_buffer()" );
+
+	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
+	b->yy_buf_pos = b->yy_ch_buf = base;
+	b->yy_is_our_buffer = 0;
+	b->yy_input_file = 0;
+	b->yy_n_chars = b->yy_buf_size;
+	b->yy_is_interactive = 0;
+	b->yy_at_bol = 1;
+	b->yy_fill_buffer = 0;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	zconf_switch_to_buffer(b  );
+
+	return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to zconflex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ *       zconf_scan_bytes() instead.
+ */
+YY_BUFFER_STATE zconf_scan_string (yyconst char * str )
+{
+
+	return zconf_scan_bytes(str,strlen(str) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to zconflex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_bytes  (yyconst char * bytes, int  len )
+{
+	YY_BUFFER_STATE b;
+	char *buf;
+	yy_size_t n;
+	int i;
+
+	/* Get memory for full buffer, including space for trailing EOB's. */
+	n = len + 2;
+	buf = (char *) zconfalloc(n  );
+	if ( ! buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_bytes()" );
+
+	for ( i = 0; i < len; ++i )
+		buf[i] = bytes[i];
+
+	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+
+	b = zconf_scan_buffer(buf,n );
+	if ( ! b )
+		YY_FATAL_ERROR( "bad buffer in zconf_scan_bytes()" );
+
+	/* It's okay to grow etc. this buffer, and we should throw it
+	 * away when we're done.
+	 */
+	b->yy_is_our_buffer = 1;
+
+	return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+    	(void) fprintf( stderr, "%s\n", msg );
+	exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		zconftext[zconfleng] = (yy_hold_char); \
+		(yy_c_buf_p) = zconftext + yyless_macro_arg; \
+		(yy_hold_char) = *(yy_c_buf_p); \
+		*(yy_c_buf_p) = '\0'; \
+		zconfleng = yyless_macro_arg; \
+		} \
+	while ( 0 )
+
+/* Accessor  methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int zconfget_lineno  (void)
+{
+
+    return zconflineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *zconfget_in  (void)
+{
+        return zconfin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *zconfget_out  (void)
+{
+        return zconfout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int zconfget_leng  (void)
+{
+        return zconfleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *zconfget_text  (void)
+{
+        return zconftext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void zconfset_lineno (int  line_number )
+{
+
+    zconflineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see zconf_switch_to_buffer
+ */
+void zconfset_in (FILE *  in_str )
+{
+        zconfin = in_str ;
+}
+
+void zconfset_out (FILE *  out_str )
+{
+        zconfout = out_str ;
+}
+
+int zconfget_debug  (void)
+{
+        return zconf_flex_debug;
+}
+
+void zconfset_debug (int  bdebug )
+{
+        zconf_flex_debug = bdebug ;
+}
+
+/* zconflex_destroy is for both reentrant and non-reentrant scanners. */
+int zconflex_destroy  (void)
+{
+
+    /* Pop the buffer stack, destroying each element. */
+	while(YY_CURRENT_BUFFER){
+		zconf_delete_buffer(YY_CURRENT_BUFFER  );
+		YY_CURRENT_BUFFER_LVALUE = NULL;
+		zconfpop_buffer_state();
+	}
+
+	/* Destroy the stack itself. */
+	zconffree((yy_buffer_stack) );
+	(yy_buffer_stack) = NULL;
+
+    return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+	register int i;
+    	for ( i = 0; i < n; ++i )
+		s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+	register int n;
+    	for ( n = 0; s[n]; ++n )
+		;
+
+	return n;
+}
+#endif
+
+void *zconfalloc (yy_size_t  size )
+{
+	return (void *) malloc( size );
+}
+
+void *zconfrealloc  (void * ptr, yy_size_t  size )
+{
+	/* The cast to (char *) in the following accommodates both
+	 * implementations that use char* generic pointers, and those
+	 * that use void* generic pointers.  It works with the latter
+	 * because both ANSI C and C++ allow castless assignment from
+	 * any pointer type to void*, and deal with argument conversions
+	 * as though doing an assignment.
+	 */
+	return (void *) realloc( (char *) ptr, size );
+}
+
+void zconffree (void * ptr )
+{
+	free( (char *) ptr );	/* see zconfrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#undef YY_NEW_FILE
+#undef YY_FLUSH_BUFFER
+#undef yy_set_bol
+#undef yy_new_buffer
+#undef yy_set_interactive
+#undef yytext_ptr
+#undef YY_DO_BEFORE_ACTION
+
+#ifdef YY_DECL_IS_OURS
+#undef YY_DECL_IS_OURS
+#undef YY_DECL
+#endif
+
+void zconf_starthelp(void)
+{
+	new_string();
+	last_ts = first_ts = 0;
+	BEGIN(HELP);
+}
+
+static void zconf_endhelp(void)
+{
+	zconflval.string = text;
+	BEGIN(INITIAL);
+}
+
+/*
+ * Try to open specified file with following names:
+ * ./name
+ * $(srctree)/name
+ * The latter is used when srctree is separate from objtree
+ * when compiling the kernel.
+ * Return NULL if file is not found.
+ */
+FILE *zconf_fopen(const char *name)
+{
+	char *env, fullname[PATH_MAX+1];
+	FILE *f;
+
+	f = fopen(name, "r");
+	if (!f && name[0] != '/') {
+		env = getenv(SRCTREE);
+		if (env) {
+			sprintf(fullname, "%s/%s", env, name);
+			f = fopen(fullname, "r");
+		}
+	}
+	return f;
+}
+
+void zconf_initscan(const char *name)
+{
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("can't find file %s\n", name);
+		exit(1);
+	}
+
+	current_buf = malloc(sizeof(*current_buf));
+	memset(current_buf, 0, sizeof(*current_buf));
+
+	current_file = file_lookup(name);
+	current_file->lineno = 1;
+	current_file->flags = FILE_BUSY;
+}
+
+void zconf_nextfile(const char *name)
+{
+	struct file *file = file_lookup(name);
+	struct buffer *buf = malloc(sizeof(*buf));
+	memset(buf, 0, sizeof(*buf));
+
+	current_buf->state = YY_CURRENT_BUFFER;
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
+		exit(1);
+	}
+	zconf_switch_to_buffer(zconf_create_buffer(zconfin,YY_BUF_SIZE));
+	buf->parent = current_buf;
+	current_buf = buf;
+
+	if (file->flags & FILE_BUSY) {
+		printf("recursive scan (%s)?\n", name);
+		exit(1);
+	}
+	if (file->flags & FILE_SCANNED) {
+		printf("file %s already scanned?\n", name);
+		exit(1);
+	}
+	file->flags |= FILE_BUSY;
+	file->lineno = 1;
+	file->parent = current_file;
+	current_file = file;
+}
+
+static struct buffer *zconf_endfile(void)
+{
+	struct buffer *parent;
+
+	current_file->flags |= FILE_SCANNED;
+	current_file->flags &= ~FILE_BUSY;
+	current_file = current_file->parent;
+
+	parent = current_buf->parent;
+	if (parent) {
+		fclose(zconfin);
+		zconf_delete_buffer(YY_CURRENT_BUFFER);
+		zconf_switch_to_buffer(parent->state);
+	}
+	free(current_buf);
+	current_buf = parent;
+
+	return parent;
+}
+
+int zconf_lineno(void)
+{
+	if (current_buf)
+		return current_file->lineno - 1;
+	else
+		return 0;
+}
+
+char *zconf_curname(void)
+{
+	if (current_buf)
+		return current_file->name;
+	else
+		return "<none>";
+}
+
diff --git a/config/scripts/config/lex.zconf.c_shipped b/config/scripts/config/lex.zconf.c_shipped
new file mode 100644
index 0000000000..b877bb6b3c
--- /dev/null
+++ b/config/scripts/config/lex.zconf.c_shipped
@@ -0,0 +1,3688 @@
+
+#line 3 "lex.zconf.c"
+
+#define  YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 31
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with  platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN               (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN              (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN              (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX               (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX              (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX              (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX              (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX             (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX             (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else	/* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif	/* __STDC__ */
+#endif	/* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE zconfrestart(zconfin  )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int zconfleng;
+
+extern FILE *zconfin, *zconfout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+    #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		*yy_cp = (yy_hold_char); \
+		YY_RESTORE_YY_MORE_OFFSET \
+		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+		YY_DO_BEFORE_ACTION; /* set up zconftext again */ \
+		} \
+	while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr)  )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+	{
+	FILE *yy_input_file;
+
+	char *yy_ch_buf;		/* input buffer */
+	char *yy_buf_pos;		/* current position in input buffer */
+
+	/* Size of input buffer in bytes, not including room for EOB
+	 * characters.
+	 */
+	yy_size_t yy_buf_size;
+
+	/* Number of characters read into yy_ch_buf, not including EOB
+	 * characters.
+	 */
+	int yy_n_chars;
+
+	/* Whether we "own" the buffer - i.e., we know we created it,
+	 * and can realloc() it to grow it, and should free() it to
+	 * delete it.
+	 */
+	int yy_is_our_buffer;
+
+	/* Whether this is an "interactive" input source; if so, and
+	 * if we're using stdio for input, then we want to use getc()
+	 * instead of fread(), to make sure we stop fetching input after
+	 * each newline.
+	 */
+	int yy_is_interactive;
+
+	/* Whether we're considered to be at the beginning of a line.
+	 * If so, '^' rules will be active on the next match, otherwise
+	 * not.
+	 */
+	int yy_at_bol;
+
+    int yy_bs_lineno; /**< The line count. */
+    int yy_bs_column; /**< The column count. */
+
+	/* Whether to try to fill the input buffer when we reach the
+	 * end of it.
+	 */
+	int yy_fill_buffer;
+
+	int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+	/* When an EOF's been seen but there's still some text to process
+	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+	 * shouldn't try reading from the input source any more.  We might
+	 * still have a bunch of tokens to match, though, because of
+	 * possible backing-up.
+	 *
+	 * When we actually see the EOF, we change the status to "new"
+	 * (via zconfrestart()), so that the user can continue scanning by
+	 * just pointing zconfin at a new input file.
+	 */
+#define YY_BUFFER_EOF_PENDING 2
+
+	};
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                          : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when zconftext is formed. */
+static char yy_hold_char;
+static int yy_n_chars;		/* number of characters read into yy_ch_buf */
+int zconfleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 1;		/* whether we need to initialize */
+static int yy_start = 0;	/* start state number */
+
+/* Flag which is used to allow zconfwrap()'s to do buffer switches
+ * instead of setting up a fresh zconfin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void zconfrestart (FILE *input_file  );
+void zconf_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+YY_BUFFER_STATE zconf_create_buffer (FILE *file,int size  );
+void zconf_delete_buffer (YY_BUFFER_STATE b  );
+void zconf_flush_buffer (YY_BUFFER_STATE b  );
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer  );
+void zconfpop_buffer_state (void );
+
+static void zconfensure_buffer_stack (void );
+static void zconf_load_buffer_state (void );
+static void zconf_init_buffer (YY_BUFFER_STATE b,FILE *file  );
+
+#define YY_FLUSH_BUFFER zconf_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE zconf_scan_buffer (char *base,yy_size_t size  );
+YY_BUFFER_STATE zconf_scan_string (yyconst char *yy_str  );
+YY_BUFFER_STATE zconf_scan_bytes (yyconst char *bytes,int len  );
+
+void *zconfalloc (yy_size_t  );
+void *zconfrealloc (void *,yy_size_t  );
+void zconffree (void *  );
+
+#define yy_new_buffer zconf_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){ \
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+	}
+
+#define yy_set_bol(at_bol) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){\
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+	}
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+#define zconfwrap(n) 1
+#define YY_SKIP_YYWRAP
+
+typedef unsigned char YY_CHAR;
+
+FILE *zconfin = (FILE *) 0, *zconfout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int zconflineno;
+
+int zconflineno = 1;
+
+extern char *zconftext;
+#define yytext_ptr zconftext
+static yyconst flex_int16_t yy_nxt[][38] =
+    {
+    {
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+    },
+
+    {
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11
+    },
+
+    {
+       11,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12
+    },
+
+    {
+       11,  -13,   53,   54,  -13,  -13,   55,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13
+    },
+
+    {
+       11,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16
+    },
+
+    {
+       11,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17
+    },
+
+    {
+       11,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,
+      -18,  -18,  -18,   58,  -18,  -18,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -18
+    },
+
+    {
+       11,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,
+      -19,  -19,  -19,   58,  -19,  -19,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   59,
+       58,   58,   58,   58,   58,   58,   58,  -19
+
+    },
+
+    {
+       11,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,
+      -20,  -20,  -20,   58,  -20,  -20,   58,   58,   58,   58,
+       58,   58,   58,   58,   60,   58,   58,   58,   58,   61,
+       58,   58,   58,   58,   58,   58,   58,  -20
+    },
+
+    {
+       11,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,
+      -21,  -21,  -21,   58,  -21,  -21,   58,   58,   58,   58,
+       58,   62,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -21
+    },
+
+    {
+       11,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,
+      -22,  -22,  -22,   58,  -22,  -22,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   63,   58,
+       58,   58,   58,   58,   58,   58,   58,  -22
+    },
+
+    {
+       11,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,
+      -23,  -23,  -23,   58,  -23,  -23,   58,   58,   58,   58,
+       58,   64,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -23
+    },
+
+    {
+       11,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,
+      -24,  -24,  -24,   58,  -24,  -24,   58,   58,   58,   58,
+       58,   58,   65,   58,   58,   58,   58,   58,   66,   58,
+       58,   58,   58,   58,   58,   58,   58,  -24
+
+    },
+
+    {
+       11,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,
+      -25,  -25,  -25,   58,  -25,  -25,   58,   67,   58,   58,
+       58,   68,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -25
+    },
+
+    {
+       11,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,
+      -26,  -26,  -26,   58,  -26,  -26,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       69,   58,   58,   58,   58,   58,   58,  -26
+    },
+
+    {
+       11,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,
+      -27,  -27,  -27,   58,  -27,  -27,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   70,   58,   58,   58,   58,  -27
+    },
+
+    {
+       11,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,
+      -28,  -28,  -28,   58,  -28,  -28,   58,   71,   58,   58,
+       58,   72,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -28
+    },
+
+    {
+       11,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,
+      -29,  -29,  -29,   58,  -29,  -29,   58,   58,   58,   58,
+       58,   73,   58,   58,   58,   58,   58,   58,   58,   74,
+       58,   58,   58,   58,   75,   58,   58,  -29
+
+    },
+
+    {
+       11,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,
+      -30,  -30,  -30,   58,  -30,  -30,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   76,   58,   58,   58,   58,  -30
+    },
+
+    {
+       11,   77,   77,  -31,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -32,   78,   79,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32
+    },
+
+    {
+       11,   80,  -33,  -33,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -34,   81,   81,  -34,   81,
+       81,   81,   81,   81,   81,  -34,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+
+    },
+
+    {
+       11,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35
+    },
+
+    {
+       11,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36
+    },
+
+    {
+       11,   83,   83,   84,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83
+    },
+
+    {
+       11,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38
+    },
+
+    {
+       11,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39
+
+    },
+
+    {
+       11,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,   85,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40
+    },
+
+    {
+       11,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41
+    },
+
+    {
+       11,   86,   86,  -42,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -43,  -43,  -43,  -43,  -43,  -43,   87,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43
+    },
+
+    {
+       11,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44
+
+    },
+
+    {
+       11,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45
+    },
+
+    {
+       11,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,
+      -46,   88,   89,   89,  -46,  -46,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -46
+    },
+
+    {
+       11,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,
+      -47,   89,   89,   89,  -47,  -47,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -47
+    },
+
+    {
+       11,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48
+    },
+
+    {
+       11,  -49,  -49,   90,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49
+
+    },
+
+    {
+       11,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,
+      -50,   89,   89,   89,  -50,  -50,   89,   89,   89,   89,
+       89,   89,   91,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -50
+    },
+
+    {
+       11,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,
+      -51,   89,   89,   89,  -51,  -51,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   92,   89,
+       89,   89,   89,   89,   89,   89,   89,  -51
+    },
+
+    {
+       11,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,   93
+    },
+
+    {
+       11,  -53,   53,   54,  -53,  -53,   55,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53
+    },
+
+    {
+       11,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57
+    },
+
+    {
+       11,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,
+      -58,  -58,  -58,   58,  -58,  -58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -58
+    },
+
+    {
+       11,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,
+      -59,  -59,  -59,   58,  -59,  -59,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   94,
+       58,   58,   58,   58,   58,   58,   58,  -59
+
+    },
+
+    {
+       11,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,
+      -60,  -60,  -60,   58,  -60,  -60,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   95,
+       58,   58,   58,   58,   58,   58,   58,  -60
+    },
+
+    {
+       11,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,
+      -61,  -61,  -61,   58,  -61,  -61,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   96,   97,   58,
+       58,   58,   58,   58,   58,   58,   58,  -61
+    },
+
+    {
+       11,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,
+      -62,  -62,  -62,   58,  -62,  -62,   58,   58,   58,   58,
+
+       58,   58,   98,   58,   58,   58,   58,   58,   58,   58,
+       99,   58,   58,   58,   58,   58,   58,  -62
+    },
+
+    {
+       11,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,
+      -63,  -63,  -63,   58,  -63,  -63,   58,  100,   58,   58,
+      101,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -63
+    },
+
+    {
+       11,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,
+      -64,  -64,  -64,   58,  -64,  -64,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  102,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  103,  -64
+
+    },
+
+    {
+       11,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,
+      -65,  -65,  -65,   58,  -65,  -65,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -65
+    },
+
+    {
+       11,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,
+      -66,  -66,  -66,   58,  -66,  -66,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  104,   58,   58,  -66
+    },
+
+    {
+       11,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,
+      -67,  -67,  -67,   58,  -67,  -67,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -67
+    },
+
+    {
+       11,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,
+      -68,  -68,  -68,   58,  -68,  -68,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  106,   58,
+       58,   58,   58,   58,   58,   58,   58,  -68
+    },
+
+    {
+       11,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,
+      -69,  -69,  -69,   58,  -69,  -69,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  107,   58,   58,  -69
+
+    },
+
+    {
+       11,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,
+      -70,  -70,  -70,   58,  -70,  -70,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  108,
+       58,   58,   58,   58,   58,   58,   58,  -70
+    },
+
+    {
+       11,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,
+      -71,  -71,  -71,   58,  -71,  -71,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  109,   58,
+       58,   58,   58,   58,   58,   58,   58,  -71
+    },
+
+    {
+       11,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,
+      -72,  -72,  -72,   58,  -72,  -72,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,  110,   58,   58,   58,   58,   58,  -72
+    },
+
+    {
+       11,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,
+      -73,  -73,  -73,   58,  -73,  -73,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  111,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -73
+    },
+
+    {
+       11,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,
+      -74,  -74,  -74,   58,  -74,  -74,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  112,   58,  -74
+
+    },
+
+    {
+       11,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,
+      -75,  -75,  -75,   58,  -75,  -75,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  113,   58,   58,   58,   58,  -75
+    },
+
+    {
+       11,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,
+      -76,  -76,  -76,   58,  -76,  -76,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -76
+    },
+
+    {
+       11,   77,   77,  -77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -78,   78,   79,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78
+    },
+
+    {
+       11,   80,  -79,  -79,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+
+    },
+
+    {
+       11,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -81,   81,   81,  -81,   81,
+       81,   81,   81,   81,   81,  -81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+    },
+
+    {
+       11,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82
+    },
+
+    {
+       11,  -83,  -83,   84,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83
+    },
+
+    {
+       11,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84
+
+    },
+
+    {
+       11,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85
+    },
+
+    {
+       11,   86,   86,  -86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87
+    },
+
+    {
+       11,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,
+      -88,  115,   89,   89,  -88,  -88,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -88
+    },
+
+    {
+       11,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,
+      -89,   89,   89,   89,  -89,  -89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -89
+
+    },
+
+    {
+       11,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90
+    },
+
+    {
+       11,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,
+      -91,   89,   89,   89,  -91,  -91,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -91
+    },
+
+    {
+       11,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,
+      -92,   89,   89,   89,  -92,  -92,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -92
+    },
+
+    {
+       11,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93
+    },
+
+    {
+       11,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,
+      -94,  -94,  -94,   58,  -94,  -94,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  116,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -94
+
+    },
+
+    {
+       11,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,
+      -95,  -95,  -95,   58,  -95,  -95,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  117,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -95
+    },
+
+    {
+       11,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,
+      -96,  -96,  -96,   58,  -96,  -96,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  118,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -96
+    },
+
+    {
+       11,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,
+      -97,  -97,  -97,   58,  -97,  -97,   58,   58,   58,   58,
+
+       58,   58,  119,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -97
+    },
+
+    {
+       11,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,
+      -98,  -98,  -98,   58,  -98,  -98,  120,  121,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -98
+    },
+
+    {
+       11,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,
+      -99,  -99,  -99,   58,  -99,  -99,   58,   58,   58,   58,
+       58,  122,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -99
+
+    },
+
+    {
+       11, -100, -100, -100, -100, -100, -100, -100, -100, -100,
+     -100, -100, -100,   58, -100, -100,   58,   58,  123,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -100
+    },
+
+    {
+       11, -101, -101, -101, -101, -101, -101, -101, -101, -101,
+     -101, -101, -101,   58, -101, -101,   58,   58,   58,  124,
+       58,   58,   58,   58,   58,  125,   58,  126,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -101
+    },
+
+    {
+       11, -102, -102, -102, -102, -102, -102, -102, -102, -102,
+     -102, -102, -102,   58, -102, -102,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      127,   58,   58,   58,   58,   58,   58, -102
+    },
+
+    {
+       11, -103, -103, -103, -103, -103, -103, -103, -103, -103,
+     -103, -103, -103,   58, -103, -103,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -103
+    },
+
+    {
+       11, -104, -104, -104, -104, -104, -104, -104, -104, -104,
+     -104, -104, -104,   58, -104, -104,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -104
+
+    },
+
+    {
+       11, -105, -105, -105, -105, -105, -105, -105, -105, -105,
+     -105, -105, -105,   58, -105, -105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  128,   58,
+       58,   58,   58,   58,   58,   58,   58, -105
+    },
+
+    {
+       11, -106, -106, -106, -106, -106, -106, -106, -106, -106,
+     -106, -106, -106,   58, -106, -106,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  129,   58, -106
+    },
+
+    {
+       11, -107, -107, -107, -107, -107, -107, -107, -107, -107,
+     -107, -107, -107,   58, -107, -107,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -107
+    },
+
+    {
+       11, -108, -108, -108, -108, -108, -108, -108, -108, -108,
+     -108, -108, -108,   58, -108, -108,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  131,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -108
+    },
+
+    {
+       11, -109, -109, -109, -109, -109, -109, -109, -109, -109,
+     -109, -109, -109,   58, -109, -109,   58,   58,   58,   58,
+       58,   58,   58,  132,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -109
+
+    },
+
+    {
+       11, -110, -110, -110, -110, -110, -110, -110, -110, -110,
+     -110, -110, -110,   58, -110, -110,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  133,   58, -110
+    },
+
+    {
+       11, -111, -111, -111, -111, -111, -111, -111, -111, -111,
+     -111, -111, -111,   58, -111, -111,   58,   58,   58,   58,
+       58,  134,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -111
+    },
+
+    {
+       11, -112, -112, -112, -112, -112, -112, -112, -112, -112,
+     -112, -112, -112,   58, -112, -112,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  135,   58,   58,   58,   58, -112
+    },
+
+    {
+       11, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+     -113, -113, -113,   58, -113, -113,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -113
+    },
+
+    {
+       11, -114, -114, -114, -114, -114, -114, -114, -114, -114,
+     -114, -114, -114,   58, -114, -114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  137,   58,   58,   58, -114
+
+    },
+
+    {
+       11, -115, -115, -115, -115, -115, -115, -115, -115, -115,
+     -115,   89,   89,   89, -115, -115,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89, -115
+    },
+
+    {
+       11, -116, -116, -116, -116, -116, -116, -116, -116, -116,
+     -116, -116, -116,   58, -116, -116,   58,   58,   58,   58,
+       58,  138,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -116
+    },
+
+    {
+       11, -117, -117, -117, -117, -117, -117, -117, -117, -117,
+     -117, -117, -117,   58, -117, -117,   58,   58,   58,  139,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -117
+    },
+
+    {
+       11, -118, -118, -118, -118, -118, -118, -118, -118, -118,
+     -118, -118, -118,   58, -118, -118,   58,   58,   58,   58,
+       58,  140,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -118
+    },
+
+    {
+       11, -119, -119, -119, -119, -119, -119, -119, -119, -119,
+     -119, -119, -119,   58, -119, -119,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  141,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -119
+
+    },
+
+    {
+       11, -120, -120, -120, -120, -120, -120, -120, -120, -120,
+     -120, -120, -120,   58, -120, -120,   58,   58,  142,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  143,   58,   58, -120
+    },
+
+    {
+       11, -121, -121, -121, -121, -121, -121, -121, -121, -121,
+     -121, -121, -121,   58, -121, -121,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  144,   58, -121
+    },
+
+    {
+       11, -122, -122, -122, -122, -122, -122, -122, -122, -122,
+     -122, -122, -122,   58, -122, -122,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  145,   58,
+       58,   58,   58,   58,   58,   58,   58, -122
+    },
+
+    {
+       11, -123, -123, -123, -123, -123, -123, -123, -123, -123,
+     -123, -123, -123,   58, -123, -123,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  146,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -123
+    },
+
+    {
+       11, -124, -124, -124, -124, -124, -124, -124, -124, -124,
+     -124, -124, -124,   58, -124, -124,   58,   58,   58,   58,
+       58,   58,   58,   58,  147,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -124
+
+    },
+
+    {
+       11, -125, -125, -125, -125, -125, -125, -125, -125, -125,
+     -125, -125, -125,   58, -125, -125,   58,   58,   58,   58,
+       58,   58,  148,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -125
+    },
+
+    {
+       11, -126, -126, -126, -126, -126, -126, -126, -126, -126,
+     -126, -126, -126,   58, -126, -126,   58,   58,   58,   58,
+       58,  149,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -126
+    },
+
+    {
+       11, -127, -127, -127, -127, -127, -127, -127, -127, -127,
+     -127, -127, -127,   58, -127, -127,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -127
+    },
+
+    {
+       11, -128, -128, -128, -128, -128, -128, -128, -128, -128,
+     -128, -128, -128,   58, -128, -128,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  150,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -128
+    },
+
+    {
+       11, -129, -129, -129, -129, -129, -129, -129, -129, -129,
+     -129, -129, -129,   58, -129, -129,   58,   58,   58,  151,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -129
+
+    },
+
+    {
+       11, -130, -130, -130, -130, -130, -130, -130, -130, -130,
+     -130, -130, -130,   58, -130, -130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  152,
+       58,   58,   58,   58,   58,   58,   58, -130
+    },
+
+    {
+       11, -131, -131, -131, -131, -131, -131, -131, -131, -131,
+     -131, -131, -131,   58, -131, -131,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      153,   58,   58,   58,   58,   58,   58, -131
+    },
+
+    {
+       11, -132, -132, -132, -132, -132, -132, -132, -132, -132,
+     -132, -132, -132,   58, -132, -132,   58,   58,   58,   58,
+
+       58,  154,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -132
+    },
+
+    {
+       11, -133, -133, -133, -133, -133, -133, -133, -133, -133,
+     -133, -133, -133,   58, -133, -133,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -133
+    },
+
+    {
+       11, -134, -134, -134, -134, -134, -134, -134, -134, -134,
+     -134, -134, -134,   58, -134, -134,   58,   58,   58,  156,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -134
+
+    },
+
+    {
+       11, -135, -135, -135, -135, -135, -135, -135, -135, -135,
+     -135, -135, -135,   58, -135, -135,   58,   58,   58,  157,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -135
+    },
+
+    {
+       11, -136, -136, -136, -136, -136, -136, -136, -136, -136,
+     -136, -136, -136,   58, -136, -136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  158,   58,
+       58,   58,   58,   58,   58,   58,   58, -136
+    },
+
+    {
+       11, -137, -137, -137, -137, -137, -137, -137, -137, -137,
+     -137, -137, -137,   58, -137, -137,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  159,   58,   58, -137
+    },
+
+    {
+       11, -138, -138, -138, -138, -138, -138, -138, -138, -138,
+     -138, -138, -138,   58, -138, -138,   58,  160,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -138
+    },
+
+    {
+       11, -139, -139, -139, -139, -139, -139, -139, -139, -139,
+     -139, -139, -139,   58, -139, -139,   58,   58,   58,   58,
+       58,  161,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -139
+
+    },
+
+    {
+       11, -140, -140, -140, -140, -140, -140, -140, -140, -140,
+     -140, -140, -140,   58, -140, -140,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  162,   58,
+       58,   58,   58,   58,   58,   58,   58, -140
+    },
+
+    {
+       11, -141, -141, -141, -141, -141, -141, -141, -141, -141,
+     -141, -141, -141,   58, -141, -141,   58,   58,   58,   58,
+       58,   58,   58,  163,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -141
+    },
+
+    {
+       11, -142, -142, -142, -142, -142, -142, -142, -142, -142,
+     -142, -142, -142,   58, -142, -142,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  164,
+       58,   58,   58,   58,   58,   58,   58, -142
+    },
+
+    {
+       11, -143, -143, -143, -143, -143, -143, -143, -143, -143,
+     -143, -143, -143,   58, -143, -143,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  165,   58,   58,   58,   58, -143
+    },
+
+    {
+       11, -144, -144, -144, -144, -144, -144, -144, -144, -144,
+     -144, -144, -144,   58, -144, -144,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  166,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -144
+
+    },
+
+    {
+       11, -145, -145, -145, -145, -145, -145, -145, -145, -145,
+     -145, -145, -145,   58, -145, -145,   58,   58,   58,   58,
+      167,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -145
+    },
+
+    {
+       11, -146, -146, -146, -146, -146, -146, -146, -146, -146,
+     -146, -146, -146,   58, -146, -146,   58,   58,   58,   58,
+       58,  168,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -146
+    },
+
+    {
+       11, -147, -147, -147, -147, -147, -147, -147, -147, -147,
+     -147, -147, -147,   58, -147, -147,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  169,
+       58,   58,   58,   58,   58,   58,   58, -147
+    },
+
+    {
+       11, -148, -148, -148, -148, -148, -148, -148, -148, -148,
+     -148, -148, -148,   58, -148, -148,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -148
+    },
+
+    {
+       11, -149, -149, -149, -149, -149, -149, -149, -149, -149,
+     -149, -149, -149,   58, -149, -149,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  170,   58,
+       58,   58,   58,   58,   58,   58,   58, -149
+
+    },
+
+    {
+       11, -150, -150, -150, -150, -150, -150, -150, -150, -150,
+     -150, -150, -150,   58, -150, -150,   58,   58,   58,   58,
+       58,  171,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -150
+    },
+
+    {
+       11, -151, -151, -151, -151, -151, -151, -151, -151, -151,
+     -151, -151, -151,   58, -151, -151,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  172,
+       58,   58,   58,   58,   58,   58,   58, -151
+    },
+
+    {
+       11, -152, -152, -152, -152, -152, -152, -152, -152, -152,
+     -152, -152, -152,   58, -152, -152,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  173,   58,
+       58,   58,   58,   58,   58,   58,   58, -152
+    },
+
+    {
+       11, -153, -153, -153, -153, -153, -153, -153, -153, -153,
+     -153, -153, -153,   58, -153, -153,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  174,   58,   58, -153
+    },
+
+    {
+       11, -154, -154, -154, -154, -154, -154, -154, -154, -154,
+     -154, -154, -154,   58, -154, -154,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -154
+
+    },
+
+    {
+       11, -155, -155, -155, -155, -155, -155, -155, -155, -155,
+     -155, -155, -155,   58, -155, -155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  175,   58,   58,   58,   58, -155
+    },
+
+    {
+       11, -156, -156, -156, -156, -156, -156, -156, -156, -156,
+     -156, -156, -156,   58, -156, -156,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  176,   58,   58, -156
+    },
+
+    {
+       11, -157, -157, -157, -157, -157, -157, -157, -157, -157,
+     -157, -157, -157,   58, -157, -157,   58,   58,   58,   58,
+
+       58,  177,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -157
+    },
+
+    {
+       11, -158, -158, -158, -158, -158, -158, -158, -158, -158,
+     -158, -158, -158,   58, -158, -158,   58,   58,   58,   58,
+       58,   58,   58,  178,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -158
+    },
+
+    {
+       11, -159, -159, -159, -159, -159, -159, -159, -159, -159,
+     -159, -159, -159,   58, -159, -159,   58,  179,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -159
+
+    },
+
+    {
+       11, -160, -160, -160, -160, -160, -160, -160, -160, -160,
+     -160, -160, -160,   58, -160, -160,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  180,   58,
+       58,   58,   58,   58,   58,   58,   58, -160
+    },
+
+    {
+       11, -161, -161, -161, -161, -161, -161, -161, -161, -161,
+     -161, -161, -161,   58, -161, -161,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -161
+    },
+
+    {
+       11, -162, -162, -162, -162, -162, -162, -162, -162, -162,
+     -162, -162, -162,   58, -162, -162,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  181,   58,   58, -162
+    },
+
+    {
+       11, -163, -163, -163, -163, -163, -163, -163, -163, -163,
+     -163, -163, -163,   58, -163, -163,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -163
+    },
+
+    {
+       11, -164, -164, -164, -164, -164, -164, -164, -164, -164,
+     -164, -164, -164,   58, -164, -164,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  182,
+       58,   58,   58,   58,   58,   58,   58, -164
+
+    },
+
+    {
+       11, -165, -165, -165, -165, -165, -165, -165, -165, -165,
+     -165, -165, -165,   58, -165, -165,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -165
+    },
+
+    {
+       11, -166, -166, -166, -166, -166, -166, -166, -166, -166,
+     -166, -166, -166,   58, -166, -166,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  184,   58,   58, -166
+    },
+
+    {
+       11, -167, -167, -167, -167, -167, -167, -167, -167, -167,
+     -167, -167, -167,   58, -167, -167,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  185,   58,   58,   58, -167
+    },
+
+    {
+       11, -168, -168, -168, -168, -168, -168, -168, -168, -168,
+     -168, -168, -168,   58, -168, -168,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -168
+    },
+
+    {
+       11, -169, -169, -169, -169, -169, -169, -169, -169, -169,
+     -169, -169, -169,   58, -169, -169,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  186,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -169
+
+    },
+
+    {
+       11, -170, -170, -170, -170, -170, -170, -170, -170, -170,
+     -170, -170, -170,   58, -170, -170,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  187,   58, -170
+    },
+
+    {
+       11, -171, -171, -171, -171, -171, -171, -171, -171, -171,
+     -171, -171, -171,   58, -171, -171,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  188,   58,
+       58,   58,   58,   58,   58,   58,   58, -171
+    },
+
+    {
+       11, -172, -172, -172, -172, -172, -172, -172, -172, -172,
+     -172, -172, -172,   58, -172, -172,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  189,   58,
+       58,   58,   58,   58,   58,   58,   58, -172
+    },
+
+    {
+       11, -173, -173, -173, -173, -173, -173, -173, -173, -173,
+     -173, -173, -173,   58, -173, -173,   58,  190,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -173
+    },
+
+    {
+       11, -174, -174, -174, -174, -174, -174, -174, -174, -174,
+     -174, -174, -174,   58, -174, -174,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -174
+
+    },
+
+    {
+       11, -175, -175, -175, -175, -175, -175, -175, -175, -175,
+     -175, -175, -175,   58, -175, -175,   58,   58,   58,   58,
+       58,  191,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -175
+    },
+
+    {
+       11, -176, -176, -176, -176, -176, -176, -176, -176, -176,
+     -176, -176, -176,   58, -176, -176,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -176
+    },
+
+    {
+       11, -177, -177, -177, -177, -177, -177, -177, -177, -177,
+     -177, -177, -177,   58, -177, -177,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -177
+    },
+
+    {
+       11, -178, -178, -178, -178, -178, -178, -178, -178, -178,
+     -178, -178, -178,   58, -178, -178,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -178
+    },
+
+    {
+       11, -179, -179, -179, -179, -179, -179, -179, -179, -179,
+     -179, -179, -179,   58, -179, -179,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  192,   58,   58, -179
+
+    },
+
+    {
+       11, -180, -180, -180, -180, -180, -180, -180, -180, -180,
+     -180, -180, -180,   58, -180, -180,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -180
+    },
+
+    {
+       11, -181, -181, -181, -181, -181, -181, -181, -181, -181,
+     -181, -181, -181,   58, -181, -181,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -181
+    },
+
+    {
+       11, -182, -182, -182, -182, -182, -182, -182, -182, -182,
+     -182, -182, -182,   58, -182, -182,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,  193,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -182
+    },
+
+    {
+       11, -183, -183, -183, -183, -183, -183, -183, -183, -183,
+     -183, -183, -183,   58, -183, -183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  194,   58,   58,   58, -183
+    },
+
+    {
+       11, -184, -184, -184, -184, -184, -184, -184, -184, -184,
+     -184, -184, -184,   58, -184, -184,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -184
+
+    },
+
+    {
+       11, -185, -185, -185, -185, -185, -185, -185, -185, -185,
+     -185, -185, -185,   58, -185, -185,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -185
+    },
+
+    {
+       11, -186, -186, -186, -186, -186, -186, -186, -186, -186,
+     -186, -186, -186,   58, -186, -186,   58,   58,   58,  195,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -186
+    },
+
+    {
+       11, -187, -187, -187, -187, -187, -187, -187, -187, -187,
+     -187, -187, -187,   58, -187, -187,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -187
+    },
+
+    {
+       11, -188, -188, -188, -188, -188, -188, -188, -188, -188,
+     -188, -188, -188,   58, -188, -188,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  196,   58, -188
+    },
+
+    {
+       11, -189, -189, -189, -189, -189, -189, -189, -189, -189,
+     -189, -189, -189,   58, -189, -189,   58,   58,   58,   58,
+       58,   58,  197,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -189
+
+    },
+
+    {
+       11, -190, -190, -190, -190, -190, -190, -190, -190, -190,
+     -190, -190, -190,   58, -190, -190,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  198,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -190
+    },
+
+    {
+       11, -191, -191, -191, -191, -191, -191, -191, -191, -191,
+     -191, -191, -191,   58, -191, -191,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  199,   58,   58,   58, -191
+    },
+
+    {
+       11, -192, -192, -192, -192, -192, -192, -192, -192, -192,
+     -192, -192, -192,   58, -192, -192,   58,   58,   58,   58,
+
+       58,  200,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -192
+    },
+
+    {
+       11, -193, -193, -193, -193, -193, -193, -193, -193, -193,
+     -193, -193, -193,   58, -193, -193,   58,   58,   58,   58,
+       58,  201,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -193
+    },
+
+    {
+       11, -194, -194, -194, -194, -194, -194, -194, -194, -194,
+     -194, -194, -194,   58, -194, -194,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  202,   58,   58, -194
+
+    },
+
+    {
+       11, -195, -195, -195, -195, -195, -195, -195, -195, -195,
+     -195, -195, -195,   58, -195, -195,   58,   58,   58,   58,
+       58,  203,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -195
+    },
+
+    {
+       11, -196, -196, -196, -196, -196, -196, -196, -196, -196,
+     -196, -196, -196,   58, -196, -196,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -196
+    },
+
+    {
+       11, -197, -197, -197, -197, -197, -197, -197, -197, -197,
+     -197, -197, -197,   58, -197, -197,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  204,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -197
+    },
+
+    {
+       11, -198, -198, -198, -198, -198, -198, -198, -198, -198,
+     -198, -198, -198,   58, -198, -198,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -198
+    },
+
+    {
+       11, -199, -199, -199, -199, -199, -199, -199, -199, -199,
+     -199, -199, -199,   58, -199, -199,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -199
+
+    },
+
+    {
+       11, -200, -200, -200, -200, -200, -200, -200, -200, -200,
+     -200, -200, -200,   58, -200, -200,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -200
+    },
+
+    {
+       11, -201, -201, -201, -201, -201, -201, -201, -201, -201,
+     -201, -201, -201,   58, -201, -201,   58,  205,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -201
+    },
+
+    {
+       11, -202, -202, -202, -202, -202, -202, -202, -202, -202,
+     -202, -202, -202,   58, -202, -202,   58,  206,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -202
+    },
+
+    {
+       11, -203, -203, -203, -203, -203, -203, -203, -203, -203,
+     -203, -203, -203,   58, -203, -203,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -203
+    },
+
+    {
+       11, -204, -204, -204, -204, -204, -204, -204, -204, -204,
+     -204, -204, -204,   58, -204, -204,   58,   58,   58,   58,
+       58,   58,   58,  207,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -204
+
+    },
+
+    {
+       11, -205, -205, -205, -205, -205, -205, -205, -205, -205,
+     -205, -205, -205,   58, -205, -205,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  208,   58,
+       58,   58,   58,   58,   58,   58,   58, -205
+    },
+
+    {
+       11, -206, -206, -206, -206, -206, -206, -206, -206, -206,
+     -206, -206, -206,   58, -206, -206,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  209,   58,   58, -206
+    },
+
+    {
+       11, -207, -207, -207, -207, -207, -207, -207, -207, -207,
+     -207, -207, -207,   58, -207, -207,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -207
+    },
+
+    {
+       11, -208, -208, -208, -208, -208, -208, -208, -208, -208,
+     -208, -208, -208,   58, -208, -208,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -208
+    },
+
+    {
+       11, -209, -209, -209, -209, -209, -209, -209, -209, -209,
+     -209, -209, -209,   58, -209, -209,   58,   58,   58,   58,
+       58,  210,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -209
+
+    },
+
+    {
+       11, -210, -210, -210, -210, -210, -210, -210, -210, -210,
+     -210, -210, -210,   58, -210, -210,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -210
+    },
+
+    } ;
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[]  );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up zconftext.
+ */
+#define YY_DO_BEFORE_ACTION \
+	(yytext_ptr) = yy_bp; \
+	zconfleng = (size_t) (yy_cp - yy_bp); \
+	(yy_hold_char) = *yy_cp; \
+	*yy_cp = '\0'; \
+	(yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 64
+#define YY_END_OF_BUFFER 65
+/* This struct is not used in this scanner,
+   but its presence is necessary. */
+struct yy_trans_info
+	{
+	flex_int32_t yy_verify;
+	flex_int32_t yy_nxt;
+	};
+static yyconst flex_int16_t yy_accept[211] =
+    {   0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+       65,    5,    4,    3,    2,   36,   37,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       63,   60,   62,   55,   59,   58,   57,   53,   48,   42,
+       47,   51,   53,   40,   41,   50,   50,   43,   53,   50,
+       50,   53,    4,    3,    2,    2,    1,   35,   35,   35,
+       35,   35,   35,   35,   16,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   63,   60,   62,   61,
+       55,   54,   57,   56,   44,   51,   38,   50,   50,   52,
+       45,   46,   39,   35,   35,   35,   35,   35,   35,   35,
+
+       35,   35,   30,   29,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   49,   25,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   15,   35,    7,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   17,   35,   35,
+       35,   35,   35,   34,   35,   35,   35,   35,   35,   35,
+       10,   35,   13,   35,   35,   35,   35,   33,   35,   35,
+       35,   35,   35,   22,   35,   32,    9,   31,   35,   26,
+       12,   35,   35,   21,   18,   35,    8,   35,   35,   35,
+       35,   35,   27,   35,   35,    6,   35,   20,   19,   23,
+
+       35,   35,   11,   35,   35,   35,   14,   28,   35,   24
+    } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    2,    4,    5,    6,    1,    1,    7,    8,    9,
+       10,    1,    1,    1,   11,   12,   12,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,    1,    1,    1,
+       14,    1,    1,    1,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+        1,   15,    1,    1,   16,    1,   17,   18,   19,   20,
+
+       21,   22,   23,   24,   25,   13,   13,   26,   27,   28,
+       29,   30,   31,   32,   33,   34,   35,   13,   13,   36,
+       13,   13,    1,   37,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1
+    } ;
+
+extern int zconf_flex_debug;
+int zconf_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *zconftext;
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define START_STRSIZE	16
+
+char *text;
+static char *text_ptr;
+static int text_size, text_asize;
+
+struct buffer {
+        struct buffer *parent;
+        YY_BUFFER_STATE state;
+};
+
+struct buffer *current_buf;
+
+static int last_ts, first_ts;
+
+static void zconf_endhelp(void);
+static struct buffer *zconf_endfile(void);
+
+void new_string(void)
+{
+	text = malloc(START_STRSIZE);
+	text_asize = START_STRSIZE;
+	text_ptr = text;
+	text_size = 0;
+	*text_ptr = 0;
+}
+
+void append_string(const char *str, int size)
+{
+	int new_size = text_size + size + 1;
+	if (new_size > text_asize) {
+		text = realloc(text, new_size);
+		text_asize = new_size;
+		text_ptr = text + text_size;
+	}
+	memcpy(text_ptr, str, size);
+	text_ptr += size;
+	text_size += size;
+	*text_ptr = 0;
+}
+
+void alloc_string(const char *str, int size)
+{
+	text = malloc(size + 1);
+	memcpy(text, str, size);
+	text[size] = 0;
+}
+
+#define INITIAL 0
+#define COMMAND 1
+#define HELP 2
+#define STRING 3
+#define PARAM 4
+
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int zconfwrap (void );
+#else
+extern int zconfwrap (void );
+#endif
+#endif
+
+    static void yyunput (int c,char *buf_ptr  );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( zconftext, zconfleng, 1, zconfout )
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+	errno=0; \
+	while ( (result = read( fileno(zconfin), (char *) buf, max_size )) < 0 ) \
+	{ \
+		if( errno != EINTR) \
+		{ \
+			YY_FATAL_ERROR( "input in flex scanner failed" ); \
+			break; \
+		} \
+		errno=0; \
+		clearerr(zconfin); \
+	}\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int zconflex (void);
+
+#define YY_DECL int zconflex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after zconftext and zconfleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+	YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp, *yy_bp;
+	register int yy_act;
+
+	int str = 0;
+	int ts, i;
+
+	if ( (yy_init) )
+		{
+		(yy_init) = 0;
+
+#ifdef YY_USER_INIT
+		YY_USER_INIT;
+#endif
+
+		if ( ! (yy_start) )
+			(yy_start) = 1;	/* first start state */
+
+		if ( ! zconfin )
+			zconfin = stdin;
+
+		if ( ! zconfout )
+			zconfout = stdout;
+
+		if ( ! YY_CURRENT_BUFFER ) {
+			zconfensure_buffer_stack ();
+			YY_CURRENT_BUFFER_LVALUE =
+				zconf_create_buffer(zconfin,YY_BUF_SIZE );
+		}
+
+		zconf_load_buffer_state( );
+		}
+
+	while ( 1 )		/* loops until end-of-file is reached */
+		{
+		yy_cp = (yy_c_buf_p);
+
+		/* Support of zconftext. */
+		*yy_cp = (yy_hold_char);
+
+		/* yy_bp points to the position in yy_ch_buf of the start of
+		 * the current run.
+		 */
+		yy_bp = yy_cp;
+
+		yy_current_state = (yy_start);
+yy_match:
+		while ( (yy_current_state = yy_nxt[yy_current_state][ yy_ec[YY_SC_TO_UI(*yy_cp)]  ]) > 0 )
+			++yy_cp;
+
+		yy_current_state = -yy_current_state;
+
+yy_find_action:
+		yy_act = yy_accept[yy_current_state];
+
+		YY_DO_BEFORE_ACTION;
+
+do_action:	/* This label is used only to access EOF actions. */
+
+		switch ( yy_act )
+	{ /* beginning of action switch */
+case 1:
+/* rule 1 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 2:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 3:
+/* rule 3 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 4:
+YY_RULE_SETUP
+{
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+case 5:
+YY_RULE_SETUP
+{
+	unput(zconftext[0]);
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+
+case 6:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MAINMENU;
+	YY_BREAK
+case 7:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENU;
+	YY_BREAK
+case 8:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDMENU;
+	YY_BREAK
+case 9:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SOURCE;
+	YY_BREAK
+case 10:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CHOICE;
+	YY_BREAK
+case 11:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDCHOICE;
+	YY_BREAK
+case 12:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_COMMENT;
+	YY_BREAK
+case 13:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CONFIG;
+	YY_BREAK
+case 14:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENUCONFIG;
+	YY_BREAK
+case 15:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HELP;
+	YY_BREAK
+case 16:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_IF;
+	YY_BREAK
+case 17:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDIF;
+	YY_BREAK
+case 18:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEPENDS;
+	YY_BREAK
+case 19:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_REQUIRES;
+	YY_BREAK
+case 20:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_OPTIONAL;
+	YY_BREAK
+case 21:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEFAULT;
+	YY_BREAK
+case 22:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_PROMPT;
+	YY_BREAK
+case 23:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_TRISTATE;
+	YY_BREAK
+case 24:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_TRISTATE;
+	YY_BREAK
+case 25:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 26:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 27:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 28:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 29:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_INT;
+	YY_BREAK
+case 30:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HEX;
+	YY_BREAK
+case 31:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_STRING;
+	YY_BREAK
+case 32:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 33:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 34:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_RANGE;
+	YY_BREAK
+case 35:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 36:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 37:
+/* rule 37 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; BEGIN(INITIAL);
+	YY_BREAK
+
+case 38:
+YY_RULE_SETUP
+return T_AND;
+	YY_BREAK
+case 39:
+YY_RULE_SETUP
+return T_OR;
+	YY_BREAK
+case 40:
+YY_RULE_SETUP
+return T_OPEN_PAREN;
+	YY_BREAK
+case 41:
+YY_RULE_SETUP
+return T_CLOSE_PAREN;
+	YY_BREAK
+case 42:
+YY_RULE_SETUP
+return T_NOT;
+	YY_BREAK
+case 43:
+YY_RULE_SETUP
+return T_EQUAL;
+	YY_BREAK
+case 44:
+YY_RULE_SETUP
+return T_UNEQUAL;
+	YY_BREAK
+case 45:
+YY_RULE_SETUP
+return T_IF;
+	YY_BREAK
+case 46:
+YY_RULE_SETUP
+return T_ON;
+	YY_BREAK
+case 47:
+YY_RULE_SETUP
+{
+		str = zconftext[0];
+		new_string();
+		BEGIN(STRING);
+	}
+	YY_BREAK
+case 48:
+/* rule 48 can match eol */
+YY_RULE_SETUP
+BEGIN(INITIAL); current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 49:
+YY_RULE_SETUP
+/* ignore */
+	YY_BREAK
+case 50:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 51:
+YY_RULE_SETUP
+/* comment */
+	YY_BREAK
+case 52:
+/* rule 52 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 53:
+YY_RULE_SETUP
+
+	YY_BREAK
+case YY_STATE_EOF(PARAM):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 54:
+/* rule 54 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 55:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+	}
+	YY_BREAK
+case 56:
+/* rule 56 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 57:
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+	}
+	YY_BREAK
+case 58:
+YY_RULE_SETUP
+{
+		if (str == zconftext[0]) {
+			BEGIN(PARAM);
+			zconflval.string = text;
+			return T_WORD_QUOTE;
+		} else
+			append_string(zconftext, 1);
+	}
+	YY_BREAK
+case 59:
+/* rule 59 can match eol */
+YY_RULE_SETUP
+{
+		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
+		current_file->lineno++;
+		BEGIN(INITIAL);
+		return T_EOL;
+	}
+	YY_BREAK
+case YY_STATE_EOF(STRING):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 60:
+YY_RULE_SETUP
+{
+		ts = 0;
+		for (i = 0; i < zconfleng; i++) {
+			if (zconftext[i] == '\t')
+				ts = (ts & ~7) + 8;
+			else
+				ts++;
+		}
+		last_ts = ts;
+		if (first_ts) {
+			if (ts < first_ts) {
+				zconf_endhelp();
+				return T_HELPTEXT;
+			}
+			ts -= first_ts;
+			while (ts > 8) {
+				append_string("        ", 8);
+				ts -= 8;
+			}
+			append_string("        ", ts);
+		}
+	}
+	YY_BREAK
+case 61:
+/* rule 61 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+case 62:
+/* rule 62 can match eol */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		append_string("\n", 1);
+	}
+	YY_BREAK
+case 63:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		if (!first_ts)
+			first_ts = last_ts;
+	}
+	YY_BREAK
+case YY_STATE_EOF(HELP):
+{
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+
+case YY_STATE_EOF(INITIAL):
+case YY_STATE_EOF(COMMAND):
+{
+	if (current_buf) {
+		zconf_endfile();
+		return T_EOF;
+	}
+	fclose(zconfin);
+	yyterminate();
+}
+	YY_BREAK
+case 64:
+YY_RULE_SETUP
+YY_FATAL_ERROR( "flex scanner jammed" );
+	YY_BREAK
+
+	case YY_END_OF_BUFFER:
+		{
+		/* Amount of text matched not including the EOB char. */
+		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+		/* Undo the effects of YY_DO_BEFORE_ACTION. */
+		*yy_cp = (yy_hold_char);
+		YY_RESTORE_YY_MORE_OFFSET
+
+		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+			{
+			/* We're scanning a new file or input source.  It's
+			 * possible that this happened because the user
+			 * just pointed zconfin at a new source and called
+			 * zconflex().  If so, then we have to assure
+			 * consistency between YY_CURRENT_BUFFER and our
+			 * globals.  Here is the right place to do so, because
+			 * this is the first action (other than possibly a
+			 * back-up) that will match for the new input source.
+			 */
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+			YY_CURRENT_BUFFER_LVALUE->yy_input_file = zconfin;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+			}
+
+		/* Note that here we test for yy_c_buf_p "<=" to the position
+		 * of the first EOB in the buffer, since yy_c_buf_p will
+		 * already have been incremented past the NUL character
+		 * (since all states make transitions on EOB to the
+		 * end-of-buffer state).  Contrast this with the test
+		 * in input().
+		 */
+		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			{ /* This was really a NUL. */
+			yy_state_type yy_next_state;
+
+			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+			yy_current_state = yy_get_previous_state(  );
+
+			/* Okay, we're now positioned to make the NUL
+			 * transition.  We couldn't have
+			 * yy_get_previous_state() go ahead and do it
+			 * for us because it doesn't know how to deal
+			 * with the possibility of jamming (and we don't
+			 * want to build jamming into it because then it
+			 * will run more slowly).
+			 */
+
+			yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+			if ( yy_next_state )
+				{
+				/* Consume the NUL. */
+				yy_cp = ++(yy_c_buf_p);
+				yy_current_state = yy_next_state;
+				goto yy_match;
+				}
+
+			else
+				{
+				yy_cp = (yy_c_buf_p);
+				goto yy_find_action;
+				}
+			}
+
+		else switch ( yy_get_next_buffer(  ) )
+			{
+			case EOB_ACT_END_OF_FILE:
+				{
+				(yy_did_buffer_switch_on_eof) = 0;
+
+				if ( zconfwrap( ) )
+					{
+					/* Note: because we've taken care in
+					 * yy_get_next_buffer() to have set up
+					 * zconftext, we can now set up
+					 * yy_c_buf_p so that if some total
+					 * hoser (like flex itself) wants to
+					 * call the scanner after we return the
+					 * YY_NULL, it'll still work - another
+					 * YY_NULL will get returned.
+					 */
+					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+					yy_act = YY_STATE_EOF(YY_START);
+					goto do_action;
+					}
+
+				else
+					{
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+					}
+				break;
+				}
+
+			case EOB_ACT_CONTINUE_SCAN:
+				(yy_c_buf_p) =
+					(yytext_ptr) + yy_amount_of_matched_text;
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_match;
+
+			case EOB_ACT_LAST_MATCH:
+				(yy_c_buf_p) =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_find_action;
+			}
+		break;
+		}
+
+	default:
+		YY_FATAL_ERROR(
+			"fatal flex scanner internal error--no action found" );
+	} /* end of action switch */
+		} /* end of scanning one token */
+} /* end of zconflex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *	EOB_ACT_LAST_MATCH -
+ *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *	EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+	register char *source = (yytext_ptr);
+	register int number_to_move, i;
+	int ret_val;
+
+	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+		YY_FATAL_ERROR(
+		"fatal flex scanner internal error--end of buffer missed" );
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+		{ /* Don't try to fill the buffer, so this is an EOF. */
+		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+			{
+			/* We matched a single character, the EOB, so
+			 * treat this as a final EOF.
+			 */
+			return EOB_ACT_END_OF_FILE;
+			}
+
+		else
+			{
+			/* We matched some text prior to the EOB, first
+			 * process it.
+			 */
+			return EOB_ACT_LAST_MATCH;
+			}
+		}
+
+	/* Try to read more data. */
+
+	/* First move last chars to start of buffer. */
+	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+	for ( i = 0; i < number_to_move; ++i )
+		*(dest++) = *(source++);
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+		/* don't do the read, it's not guaranteed to return an EOF,
+		 * just force an EOF
+		 */
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+	else
+		{
+			size_t num_to_read =
+			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+		while ( num_to_read <= 0 )
+			{ /* Not enough room in the buffer - grow it. */
+
+			/* just a shorter name for the current buffer */
+			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+			int yy_c_buf_p_offset =
+				(int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+			if ( b->yy_is_our_buffer )
+				{
+				int new_size = b->yy_buf_size * 2;
+
+				if ( new_size <= 0 )
+					b->yy_buf_size += b->yy_buf_size / 8;
+				else
+					b->yy_buf_size *= 2;
+
+				b->yy_ch_buf = (char *)
+					/* Include room in for 2 EOB chars. */
+					zconfrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
+				}
+			else
+				/* Can't grow it, we don't own it. */
+				b->yy_ch_buf = 0;
+
+			if ( ! b->yy_ch_buf )
+				YY_FATAL_ERROR(
+				"fatal error - scanner input buffer overflow" );
+
+			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+						number_to_move - 1;
+
+			}
+
+		if ( num_to_read > YY_READ_BUF_SIZE )
+			num_to_read = YY_READ_BUF_SIZE;
+
+		/* Read in more data. */
+		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+			(yy_n_chars), num_to_read );
+
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	if ( (yy_n_chars) == 0 )
+		{
+		if ( number_to_move == YY_MORE_ADJ )
+			{
+			ret_val = EOB_ACT_END_OF_FILE;
+			zconfrestart(zconfin  );
+			}
+
+		else
+			{
+			ret_val = EOB_ACT_LAST_MATCH;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+				YY_BUFFER_EOF_PENDING;
+			}
+		}
+
+	else
+		ret_val = EOB_ACT_CONTINUE_SCAN;
+
+	(yy_n_chars) += number_to_move;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+	return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+    static yy_state_type yy_get_previous_state (void)
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp;
+
+	yy_current_state = (yy_start);
+
+	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+		{
+		yy_current_state = yy_nxt[yy_current_state][(*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1)];
+		}
+
+	return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *	next_state = yy_try_NUL_trans( current_state );
+ */
+    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+{
+	register int yy_is_jam;
+
+	yy_current_state = yy_nxt[yy_current_state][1];
+	yy_is_jam = (yy_current_state <= 0);
+
+	return yy_is_jam ? 0 : yy_current_state;
+}
+
+    static void yyunput (int c, register char * yy_bp )
+{
+	register char *yy_cp;
+
+    yy_cp = (yy_c_buf_p);
+
+	/* undo effects of setting up zconftext */
+	*yy_cp = (yy_hold_char);
+
+	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+		{ /* need to shift things up to make room */
+		/* +2 for EOB chars. */
+		register int number_to_move = (yy_n_chars) + 2;
+		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+		register char *source =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+			*--dest = *--source;
+
+		yy_cp += (int) (dest - source);
+		yy_bp += (int) (dest - source);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+		}
+
+	*--yy_cp = (char) c;
+
+	(yytext_ptr) = yy_bp;
+	(yy_hold_char) = *yy_cp;
+	(yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+    static int yyinput (void)
+#else
+    static int input  (void)
+#endif
+
+{
+	int c;
+
+	*(yy_c_buf_p) = (yy_hold_char);
+
+	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+		{
+		/* yy_c_buf_p now points to the character we want to return.
+		 * If this occurs *before* the EOB characters, then it's a
+		 * valid NUL; if not, then we've hit the end of the buffer.
+		 */
+		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			/* This was really a NUL. */
+			*(yy_c_buf_p) = '\0';
+
+		else
+			{ /* need more input */
+			int offset = (yy_c_buf_p) - (yytext_ptr);
+			++(yy_c_buf_p);
+
+			switch ( yy_get_next_buffer(  ) )
+				{
+				case EOB_ACT_LAST_MATCH:
+					/* This happens because yy_g_n_b()
+					 * sees that we've accumulated a
+					 * token and flags that we need to
+					 * try matching the token before
+					 * proceeding.  But for input(),
+					 * there's no matching to consider.
+					 * So convert the EOB_ACT_LAST_MATCH
+					 * to EOB_ACT_END_OF_FILE.
+					 */
+
+					/* Reset buffer status. */
+					zconfrestart(zconfin );
+
+					/*FALLTHROUGH*/
+
+				case EOB_ACT_END_OF_FILE:
+					{
+					if ( zconfwrap( ) )
+						return EOF;
+
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+#ifdef __cplusplus
+					return yyinput();
+#else
+					return input();
+#endif
+					}
+
+				case EOB_ACT_CONTINUE_SCAN:
+					(yy_c_buf_p) = (yytext_ptr) + offset;
+					break;
+				}
+			}
+		}
+
+	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
+	*(yy_c_buf_p) = '\0';	/* preserve zconftext */
+	(yy_hold_char) = *++(yy_c_buf_p);
+
+	return c;
+}
+#endif	/* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+    void zconfrestart  (FILE * input_file )
+{
+
+	if ( ! YY_CURRENT_BUFFER ){
+        zconfensure_buffer_stack ();
+		YY_CURRENT_BUFFER_LVALUE =
+            zconf_create_buffer(zconfin,YY_BUF_SIZE );
+	}
+
+	zconf_init_buffer(YY_CURRENT_BUFFER,input_file );
+	zconf_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+    void zconf_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
+{
+
+	/* TODO. We should be able to replace this entire function body
+	 * with
+	 *		zconfpop_buffer_state();
+	 *		zconfpush_buffer_state(new_buffer);
+     */
+	zconfensure_buffer_stack ();
+	if ( YY_CURRENT_BUFFER == new_buffer )
+		return;
+
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+	zconf_load_buffer_state( );
+
+	/* We don't actually know whether we did this switch during
+	 * EOF (zconfwrap()) processing, but the only time this flag
+	 * is looked at is after zconfwrap() is called, so it's safe
+	 * to go ahead and always set it.
+	 */
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void zconf_load_buffer_state  (void)
+{
+    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+	zconfin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+	(yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+    YY_BUFFER_STATE zconf_create_buffer  (FILE * file, int  size )
+{
+	YY_BUFFER_STATE b;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_buf_size = size;
+
+	/* yy_ch_buf has to be 2 characters longer than the size given because
+	 * we need to put in 2 end-of-buffer characters.
+	 */
+	b->yy_ch_buf = (char *) zconfalloc(b->yy_buf_size + 2  );
+	if ( ! b->yy_ch_buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_is_our_buffer = 1;
+
+	zconf_init_buffer(b,file );
+
+	return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with zconf_create_buffer()
+ *
+ */
+    void zconf_delete_buffer (YY_BUFFER_STATE  b )
+{
+
+	if ( ! b )
+		return;
+
+	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+	if ( b->yy_is_our_buffer )
+		zconffree((void *) b->yy_ch_buf  );
+
+	zconffree((void *) b  );
+}
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a zconfrestart() or at EOF.
+ */
+    static void zconf_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
+
+{
+	int oerrno = errno;
+
+	zconf_flush_buffer(b );
+
+	b->yy_input_file = file;
+	b->yy_fill_buffer = 1;
+
+    /* If b is the current buffer, then zconf_init_buffer was _probably_
+     * called from zconfrestart() or through yy_get_next_buffer.
+     * In that case, we don't want to reset the lineno or column.
+     */
+    if (b != YY_CURRENT_BUFFER){
+        b->yy_bs_lineno = 1;
+        b->yy_bs_column = 0;
+    }
+
+        b->yy_is_interactive = 0;
+
+	errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+    void zconf_flush_buffer (YY_BUFFER_STATE  b )
+{
+    	if ( ! b )
+		return;
+
+	b->yy_n_chars = 0;
+
+	/* We always need two end-of-buffer characters.  The first causes
+	 * a transition to the end-of-buffer state.  The second causes
+	 * a jam in that state.
+	 */
+	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+	b->yy_buf_pos = &b->yy_ch_buf[0];
+
+	b->yy_at_bol = 1;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	if ( b == YY_CURRENT_BUFFER )
+		zconf_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ *  the current state. This function will allocate the stack
+ *  if necessary.
+ *  @param new_buffer The new state.
+ *
+ */
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+    	if (new_buffer == NULL)
+		return;
+
+	zconfensure_buffer_stack();
+
+	/* This block is copied from zconf_switch_to_buffer. */
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	/* Only push if top exists. Otherwise, replace top. */
+	if (YY_CURRENT_BUFFER)
+		(yy_buffer_stack_top)++;
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+	/* copied from zconf_switch_to_buffer. */
+	zconf_load_buffer_state( );
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ *  The next element becomes the new top.
+ *
+ */
+void zconfpop_buffer_state (void)
+{
+    	if (!YY_CURRENT_BUFFER)
+		return;
+
+	zconf_delete_buffer(YY_CURRENT_BUFFER );
+	YY_CURRENT_BUFFER_LVALUE = NULL;
+	if ((yy_buffer_stack_top) > 0)
+		--(yy_buffer_stack_top);
+
+	if (YY_CURRENT_BUFFER) {
+		zconf_load_buffer_state( );
+		(yy_did_buffer_switch_on_eof) = 1;
+	}
+}
+
+/* Allocates the stack if it does not exist.
+ *  Guarantees space for at least one push.
+ */
+static void zconfensure_buffer_stack (void)
+{
+	int num_to_alloc;
+
+	if (!(yy_buffer_stack)) {
+
+		/* First allocation is just for 2 elements, since we don't know if this
+		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+		 * immediate realloc on the next call.
+         */
+		num_to_alloc = 1;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfalloc
+								(num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+		(yy_buffer_stack_max) = num_to_alloc;
+		(yy_buffer_stack_top) = 0;
+		return;
+	}
+
+	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+		/* Increase the buffer to prepare for a possible push. */
+		int grow_size = 8 /* arbitrary grow size */;
+
+		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfrealloc
+								((yy_buffer_stack),
+								num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		/* zero only the new slots.*/
+		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+		(yy_buffer_stack_max) = num_to_alloc;
+	}
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_buffer  (char * base, yy_size_t  size )
+{
+	YY_BUFFER_STATE b;
+
+	if ( size < 2 ||
+	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+		/* They forgot to leave room for the EOB's. */
+		return 0;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_buffer()" );
+
+	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
+	b->yy_buf_pos = b->yy_ch_buf = base;
+	b->yy_is_our_buffer = 0;
+	b->yy_input_file = 0;
+	b->yy_n_chars = b->yy_buf_size;
+	b->yy_is_interactive = 0;
+	b->yy_at_bol = 1;
+	b->yy_fill_buffer = 0;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	zconf_switch_to_buffer(b  );
+
+	return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to zconflex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ *       zconf_scan_bytes() instead.
+ */
+YY_BUFFER_STATE zconf_scan_string (yyconst char * str )
+{
+
+	return zconf_scan_bytes(str,strlen(str) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to zconflex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_bytes  (yyconst char * bytes, int  len )
+{
+	YY_BUFFER_STATE b;
+	char *buf;
+	yy_size_t n;
+	int i;
+
+	/* Get memory for full buffer, including space for trailing EOB's. */
+	n = len + 2;
+	buf = (char *) zconfalloc(n  );
+	if ( ! buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_bytes()" );
+
+	for ( i = 0; i < len; ++i )
+		buf[i] = bytes[i];
+
+	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+
+	b = zconf_scan_buffer(buf,n );
+	if ( ! b )
+		YY_FATAL_ERROR( "bad buffer in zconf_scan_bytes()" );
+
+	/* It's okay to grow etc. this buffer, and we should throw it
+	 * away when we're done.
+	 */
+	b->yy_is_our_buffer = 1;
+
+	return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+    	(void) fprintf( stderr, "%s\n", msg );
+	exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		zconftext[zconfleng] = (yy_hold_char); \
+		(yy_c_buf_p) = zconftext + yyless_macro_arg; \
+		(yy_hold_char) = *(yy_c_buf_p); \
+		*(yy_c_buf_p) = '\0'; \
+		zconfleng = yyless_macro_arg; \
+		} \
+	while ( 0 )
+
+/* Accessor  methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int zconfget_lineno  (void)
+{
+
+    return zconflineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *zconfget_in  (void)
+{
+        return zconfin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *zconfget_out  (void)
+{
+        return zconfout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int zconfget_leng  (void)
+{
+        return zconfleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *zconfget_text  (void)
+{
+        return zconftext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void zconfset_lineno (int  line_number )
+{
+
+    zconflineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see zconf_switch_to_buffer
+ */
+void zconfset_in (FILE *  in_str )
+{
+        zconfin = in_str ;
+}
+
+void zconfset_out (FILE *  out_str )
+{
+        zconfout = out_str ;
+}
+
+int zconfget_debug  (void)
+{
+        return zconf_flex_debug;
+}
+
+void zconfset_debug (int  bdebug )
+{
+        zconf_flex_debug = bdebug ;
+}
+
+/* zconflex_destroy is for both reentrant and non-reentrant scanners. */
+int zconflex_destroy  (void)
+{
+
+    /* Pop the buffer stack, destroying each element. */
+	while(YY_CURRENT_BUFFER){
+		zconf_delete_buffer(YY_CURRENT_BUFFER  );
+		YY_CURRENT_BUFFER_LVALUE = NULL;
+		zconfpop_buffer_state();
+	}
+
+	/* Destroy the stack itself. */
+	zconffree((yy_buffer_stack) );
+	(yy_buffer_stack) = NULL;
+
+    return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+	register int i;
+    	for ( i = 0; i < n; ++i )
+		s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+	register int n;
+    	for ( n = 0; s[n]; ++n )
+		;
+
+	return n;
+}
+#endif
+
+void *zconfalloc (yy_size_t  size )
+{
+	return (void *) malloc( size );
+}
+
+void *zconfrealloc  (void * ptr, yy_size_t  size )
+{
+	/* The cast to (char *) in the following accommodates both
+	 * implementations that use char* generic pointers, and those
+	 * that use void* generic pointers.  It works with the latter
+	 * because both ANSI C and C++ allow castless assignment from
+	 * any pointer type to void*, and deal with argument conversions
+	 * as though doing an assignment.
+	 */
+	return (void *) realloc( (char *) ptr, size );
+}
+
+void zconffree (void * ptr )
+{
+	free( (char *) ptr );	/* see zconfrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#undef YY_NEW_FILE
+#undef YY_FLUSH_BUFFER
+#undef yy_set_bol
+#undef yy_new_buffer
+#undef yy_set_interactive
+#undef yytext_ptr
+#undef YY_DO_BEFORE_ACTION
+
+#ifdef YY_DECL_IS_OURS
+#undef YY_DECL_IS_OURS
+#undef YY_DECL
+#endif
+
+void zconf_starthelp(void)
+{
+	new_string();
+	last_ts = first_ts = 0;
+	BEGIN(HELP);
+}
+
+static void zconf_endhelp(void)
+{
+	zconflval.string = text;
+	BEGIN(INITIAL);
+}
+
+/*
+ * Try to open specified file with following names:
+ * ./name
+ * $(srctree)/name
+ * The latter is used when srctree is separate from objtree
+ * when compiling the kernel.
+ * Return NULL if file is not found.
+ */
+FILE *zconf_fopen(const char *name)
+{
+	char *env, fullname[PATH_MAX+1];
+	FILE *f;
+
+	f = fopen(name, "r");
+	if (!f && name[0] != '/') {
+		env = getenv(SRCTREE);
+		if (env) {
+			sprintf(fullname, "%s/%s", env, name);
+			f = fopen(fullname, "r");
+		}
+	}
+	return f;
+}
+
+void zconf_initscan(const char *name)
+{
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("can't find file %s\n", name);
+		exit(1);
+	}
+
+	current_buf = malloc(sizeof(*current_buf));
+	memset(current_buf, 0, sizeof(*current_buf));
+
+	current_file = file_lookup(name);
+	current_file->lineno = 1;
+	current_file->flags = FILE_BUSY;
+}
+
+void zconf_nextfile(const char *name)
+{
+	struct file *file = file_lookup(name);
+	struct buffer *buf = malloc(sizeof(*buf));
+	memset(buf, 0, sizeof(*buf));
+
+	current_buf->state = YY_CURRENT_BUFFER;
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
+		exit(1);
+	}
+	zconf_switch_to_buffer(zconf_create_buffer(zconfin,YY_BUF_SIZE));
+	buf->parent = current_buf;
+	current_buf = buf;
+
+	if (file->flags & FILE_BUSY) {
+		printf("recursive scan (%s)?\n", name);
+		exit(1);
+	}
+	if (file->flags & FILE_SCANNED) {
+		printf("file %s already scanned?\n", name);
+		exit(1);
+	}
+	file->flags |= FILE_BUSY;
+	file->lineno = 1;
+	file->parent = current_file;
+	current_file = file;
+}
+
+static struct buffer *zconf_endfile(void)
+{
+	struct buffer *parent;
+
+	current_file->flags |= FILE_SCANNED;
+	current_file->flags &= ~FILE_BUSY;
+	current_file = current_file->parent;
+
+	parent = current_buf->parent;
+	if (parent) {
+		fclose(zconfin);
+		zconf_delete_buffer(YY_CURRENT_BUFFER);
+		zconf_switch_to_buffer(parent->state);
+	}
+	free(current_buf);
+	current_buf = parent;
+
+	return parent;
+}
+
+int zconf_lineno(void)
+{
+	if (current_buf)
+		return current_file->lineno - 1;
+	else
+		return 0;
+}
+
+char *zconf_curname(void)
+{
+	if (current_buf)
+		return current_file->name;
+	else
+		return "<none>";
+}
+
diff --git a/config/scripts/config/lkc.h b/config/scripts/config/lkc.h
new file mode 100644
index 0000000000..b8a67fc9d6
--- /dev/null
+++ b/config/scripts/config/lkc.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#ifndef LKC_H
+#define LKC_H
+
+#include "expr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef LKC_DIRECT_LINK
+#define P(name,type,arg)	extern type name arg
+#else
+#include "lkc_defs.h"
+#define P(name,type,arg)	extern type (*name ## _p) arg
+#endif
+#include "lkc_proto.h"
+#undef P
+
+#define SRCTREE "srctree"
+
+int zconfparse(void);
+void zconfdump(FILE *out);
+
+extern int zconfdebug;
+void zconf_starthelp(void);
+FILE *zconf_fopen(const char *name);
+void zconf_initscan(const char *name);
+void zconf_nextfile(const char *name);
+int zconf_lineno(void);
+char *zconf_curname(void);
+
+/* confdata.c */
+extern const char conf_def_filename[];
+extern char conf_filename[];
+
+char *conf_get_default_confname(void);
+
+/* kconfig_load.c */
+void kconfig_load(void);
+
+/* menu.c */
+void menu_init(void);
+void menu_add_menu(void);
+void menu_end_menu(void);
+void menu_add_entry(struct symbol *sym);
+void menu_end_entry(void);
+void menu_add_dep(struct expr *dep);
+struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep);
+void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep);
+void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep);
+void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep);
+void menu_finalize(struct menu *parent);
+void menu_set_type(int type);
+
+/* util.c */
+struct file *file_lookup(const char *name);
+int file_write_dep(const char *name);
+
+struct gstr {
+	size_t len;
+	char  *s;
+};
+struct gstr str_new(void);
+struct gstr str_assign(const char *s);
+void str_free(struct gstr *gs);
+void str_append(struct gstr *gs, const char *s);
+void str_printf(struct gstr *gs, const char *fmt, ...);
+const char *str_get(struct gstr *gs);
+
+/* symbol.c */
+void sym_init(void);
+void sym_clear_all_valid(void);
+void sym_set_changed(struct symbol *sym);
+struct symbol *sym_check_deps(struct symbol *sym);
+struct property *prop_alloc(enum prop_type type, struct symbol *sym);
+struct symbol *prop_get_symbol(struct property *prop);
+
+static inline tristate sym_get_tristate_value(struct symbol *sym)
+{
+	return sym->curr.tri;
+}
+
+
+static inline struct symbol *sym_get_choice_value(struct symbol *sym)
+{
+	return (struct symbol *)sym->curr.val;
+}
+
+static inline bool sym_set_choice_value(struct symbol *ch, struct symbol *chval)
+{
+	return sym_set_tristate_value(chval, yes);
+}
+
+static inline bool sym_is_choice(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_CHOICE ? true : false;
+}
+
+static inline bool sym_is_choice_value(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_CHOICEVAL ? true : false;
+}
+
+static inline bool sym_is_optional(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_OPTIONAL ? true : false;
+}
+
+static inline bool sym_has_value(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_NEW ? false : true;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LKC_H */
diff --git a/config/scripts/config/lkc_defs.h b/config/scripts/config/lkc_defs.h
new file mode 100644
index 0000000000..65240dd9fc
--- /dev/null
+++ b/config/scripts/config/lkc_defs.h
@@ -0,0 +1,40 @@
+
+/* confdata.c */
+#define conf_parse (*conf_parse_p)
+#define conf_read (*conf_read_p)
+#define conf_write (*conf_write_p)
+
+/* menu.c */
+#define rootmenu (*rootmenu_p)
+
+#define menu_is_visible (*menu_is_visible_p)
+#define menu_get_prompt (*menu_get_prompt_p)
+#define menu_get_root_menu (*menu_get_root_menu_p)
+#define menu_get_parent_menu (*menu_get_parent_menu_p)
+
+/* symbol.c */
+#define symbol_hash (*symbol_hash_p)
+#define sym_change_count (*sym_change_count_p)
+
+#define sym_lookup (*sym_lookup_p)
+#define sym_find (*sym_find_p)
+#define sym_re_search (*sym_re_search_p)
+#define sym_type_name (*sym_type_name_p)
+#define sym_calc_value (*sym_calc_value_p)
+#define sym_get_type (*sym_get_type_p)
+#define sym_tristate_within_range (*sym_tristate_within_range_p)
+#define sym_set_tristate_value (*sym_set_tristate_value_p)
+#define sym_toggle_tristate_value (*sym_toggle_tristate_value_p)
+#define sym_string_valid (*sym_string_valid_p)
+#define sym_string_within_range (*sym_string_within_range_p)
+#define sym_set_string_value (*sym_set_string_value_p)
+#define sym_is_changable (*sym_is_changable_p)
+#define sym_get_choice_prop (*sym_get_choice_prop_p)
+#define sym_get_default_prop (*sym_get_default_prop_p)
+#define sym_get_string_value (*sym_get_string_value_p)
+
+#define prop_get_type_name (*prop_get_type_name_p)
+
+/* expr.c */
+#define expr_compare_type (*expr_compare_type_p)
+#define expr_print (*expr_print_p)
diff --git a/config/scripts/config/lkc_proto.h b/config/scripts/config/lkc_proto.h
new file mode 100644
index 0000000000..6dc6d0c48e
--- /dev/null
+++ b/config/scripts/config/lkc_proto.h
@@ -0,0 +1,40 @@
+
+/* confdata.c */
+P(conf_parse,void,(const char *name));
+P(conf_read,int,(const char *name));
+P(conf_write,int,(const char *name));
+
+/* menu.c */
+P(rootmenu,struct menu,);
+
+P(menu_is_visible,bool,(struct menu *menu));
+P(menu_get_prompt,const char *,(struct menu *menu));
+P(menu_get_root_menu,struct menu *,(struct menu *menu));
+P(menu_get_parent_menu,struct menu *,(struct menu *menu));
+
+/* symbol.c */
+P(symbol_hash,struct symbol *,[SYMBOL_HASHSIZE]);
+P(sym_change_count,int,);
+
+P(sym_lookup,struct symbol *,(const char *name, int isconst));
+P(sym_find,struct symbol *,(const char *name));
+P(sym_re_search,struct symbol **,(const char *pattern));
+P(sym_type_name,const char *,(enum symbol_type type));
+P(sym_calc_value,void,(struct symbol *sym));
+P(sym_get_type,enum symbol_type,(struct symbol *sym));
+P(sym_tristate_within_range,bool,(struct symbol *sym,tristate tri));
+P(sym_set_tristate_value,bool,(struct symbol *sym,tristate tri));
+P(sym_toggle_tristate_value,tristate,(struct symbol *sym));
+P(sym_string_valid,bool,(struct symbol *sym, const char *newval));
+P(sym_string_within_range,bool,(struct symbol *sym, const char *str));
+P(sym_set_string_value,bool,(struct symbol *sym, const char *newval));
+P(sym_is_changable,bool,(struct symbol *sym));
+P(sym_get_choice_prop,struct property *,(struct symbol *sym));
+P(sym_get_default_prop,struct property *,(struct symbol *sym));
+P(sym_get_string_value,const char *,(struct symbol *sym));
+
+P(prop_get_type_name,const char *,(enum prop_type type));
+
+/* expr.c */
+P(expr_compare_type,int,(enum expr_type t1, enum expr_type t2));
+P(expr_print,void,(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken));
diff --git a/config/scripts/config/lxdialog/BIG.FAT.WARNING b/config/scripts/config/lxdialog/BIG.FAT.WARNING
new file mode 100644
index 0000000000..a8999d82bd
--- /dev/null
+++ b/config/scripts/config/lxdialog/BIG.FAT.WARNING
@@ -0,0 +1,4 @@
+This is NOT the official version of dialog.  This version has been
+significantly modified from the original.  It is for use by the Linux
+kernel configuration script.  Please do not bother Savio Lam with 
+questions about this program.
diff --git a/config/scripts/config/lxdialog/checklist.c b/config/scripts/config/lxdialog/checklist.c
new file mode 100644
index 0000000000..71de4a191d
--- /dev/null
+++ b/config/scripts/config/lxdialog/checklist.c
@@ -0,0 +1,372 @@
+/*
+ *  checklist.c -- implements the checklist box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *     Stuart Herbert - S.Herbert@sheffield.ac.uk: radiolist extension
+ *     Alessandro Rubini - rubini@ipvvis.unipv.it: merged the two
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+static int list_width, check_x, item_x, checkflag;
+
+/*
+ * Print list item
+ */
+static void
+print_item (WINDOW * win, const char *item, int status,
+	    int choice, int selected)
+{
+    int i;
+
+    /* Clear 'residue' of last item */
+    wattrset (win, menubox_attr);
+    wmove (win, choice, 0);
+    for (i = 0; i < list_width; i++)
+	waddch (win, ' ');
+
+    wmove (win, choice, check_x);
+    wattrset (win, selected ? check_selected_attr : check_attr);
+    if (checkflag == FLAG_CHECK)
+	wprintw (win, "[%c]", status ? 'X' : ' ');
+    else
+	wprintw (win, "(%c)", status ? 'X' : ' ');
+
+    wattrset (win, selected ? tag_selected_attr : tag_attr);
+    mvwaddch(win, choice, item_x, item[0]);
+    wattrset (win, selected ? item_selected_attr : item_attr);
+    waddstr (win, (char *)item+1);
+    if (selected) {
+    	wmove (win, choice, check_x+1);
+    	wrefresh (win);
+    }
+}
+
+/*
+ * Print the scroll indicators.
+ */
+static void
+print_arrows (WINDOW * win, int choice, int item_no, int scroll,
+		int y, int x, int height)
+{
+    wmove(win, y, x);
+
+    if (scroll > 0) {
+	wattrset (win, uarrow_attr);
+	waddch (win, ACS_UARROW);
+	waddstr (win, "(-)");
+    }
+    else {
+	wattrset (win, menubox_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+    }
+
+   y = y + height + 1;
+   wmove(win, y, x);
+
+   if ((height < item_no) && (scroll + choice < item_no - 1)) {
+	wattrset (win, darrow_attr);
+	waddch (win, ACS_DARROW);
+	waddstr (win, "(+)");
+    }
+    else {
+	wattrset (win, menubox_border_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+   }
+}
+
+/*
+ *  Display the termination buttons
+ */
+static void
+print_buttons( WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 11;
+    int y = height - 2;
+
+    print_button (dialog, "Select", y, x, selected == 0);
+    print_button (dialog, " Help ", y, x + 14, selected == 1);
+
+    wmove(dialog, y, x+1 + 14*selected);
+    wrefresh (dialog);
+}
+
+/*
+ * Display a dialog box with a list of options that can be turned on or off
+ * The `flag' parameter is used to select between radiolist and checklist.
+ */
+int
+dialog_checklist (const char *title, const char *prompt, int height, int width,
+	int list_height, int item_no, struct dialog_list_item ** items,
+	int flag)
+	
+{
+    int i, x, y, box_x, box_y;
+    int key = 0, button = 0, choice = 0, scroll = 0, max_choice, *status;
+    WINDOW *dialog, *list;
+
+    checkflag = flag;
+
+    /* Allocate space for storing item on/off status */
+    if ((status = malloc (sizeof (int) * item_no)) == NULL) {
+	endwin ();
+	fprintf (stderr,
+		 "\nCan't allocate memory in dialog_checklist().\n");
+	exit (-1);
+    }
+
+    /* Initializes status */
+    for (i = 0; i < item_no; i++) {
+	status[i] = (items[i]->selected == 1); /* ON */
+	if ((!choice && status[i]) || items[i]->selected == 2) /* SELECTED */
+            choice = i + 1;
+    }
+    if (choice)
+	    choice--;
+
+    max_choice = MIN (list_height, item_no);
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    list_width = width - 6;
+    box_y = height - list_height - 5;
+    box_x = (width - list_width) / 2 - 1;
+
+    /* create new window for the list */
+    list = subwin (dialog, list_height, list_width, y+box_y+1, x+box_x+1);
+
+    keypad (list, TRUE);
+
+    /* draw a box around the list items */
+    draw_box (dialog, box_y, box_x, list_height + 2, list_width + 2,
+	      menubox_border_attr, menubox_attr);
+
+    /* Find length of longest item in order to center checklist */
+    check_x = 0;
+    for (i = 0; i < item_no; i++) 
+	check_x = MAX (check_x, + strlen (items[i]->name) + 4);
+
+    check_x = (list_width - check_x) / 2;
+    item_x = check_x + 4;
+
+    if (choice >= list_height) {
+	scroll = choice - list_height + 1;
+	choice -= scroll;
+    }
+
+    /* Print the list */
+    for (i = 0; i < max_choice; i++) {
+	print_item (list, items[scroll + i]->name,
+		    status[i+scroll], i, i == choice);
+    }
+
+    print_arrows(dialog, choice, item_no, scroll,
+			box_y, box_x + check_x + 5, list_height);
+
+    print_buttons(dialog, height, width, 0);
+
+    wnoutrefresh (list);
+    wnoutrefresh (dialog);
+    doupdate ();
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+
+    	for (i = 0; i < max_choice; i++)
+            if (toupper(key) == toupper(items[scroll + i]->name[0]))
+                break;
+
+
+	if ( i < max_choice || key == KEY_UP || key == KEY_DOWN || 
+	    key == '+' || key == '-' ) {
+	    if (key == KEY_UP || key == '-') {
+		if (!choice) {
+		    if (!scroll)
+			continue;
+		    /* Scroll list down */
+		    if (list_height > 1) {
+			/* De-highlight current first item */
+			print_item (list, items[scroll]->name,
+					status[scroll], 0, FALSE);
+			scrollok (list, TRUE);
+			wscrl (list, -1);
+			scrollok (list, FALSE);
+		    }
+		    scroll--;
+		    print_item (list, items[scroll]->name,
+				status[scroll], 0, TRUE);
+		    wnoutrefresh (list);
+
+    		    print_arrows(dialog, choice, item_no, scroll,
+				box_y, box_x + check_x + 5, list_height);
+
+		    wrefresh (dialog);
+
+		    continue;	/* wait for another key press */
+		} else
+		    i = choice - 1;
+	    } else if (key == KEY_DOWN || key == '+') {
+		if (choice == max_choice - 1) {
+		    if (scroll + choice >= item_no - 1)
+			continue;
+		    /* Scroll list up */
+		    if (list_height > 1) {
+			/* De-highlight current last item before scrolling up */
+			print_item (list, items[scroll + max_choice - 1]->name,
+				    status[scroll + max_choice - 1],
+				    max_choice - 1, FALSE);
+			scrollok (list, TRUE);
+			scroll (list);
+			scrollok (list, FALSE);
+		    }
+		    scroll++;
+		    print_item (list, items[scroll + max_choice - 1]->name,
+				status[scroll + max_choice - 1],
+				max_choice - 1, TRUE);
+		    wnoutrefresh (list);
+
+    		    print_arrows(dialog, choice, item_no, scroll,
+				box_y, box_x + check_x + 5, list_height);
+
+		    wrefresh (dialog);
+
+		    continue;	/* wait for another key press */
+		} else
+		    i = choice + 1;
+	    }
+	    if (i != choice) {
+		/* De-highlight current item */
+		print_item (list, items[scroll + choice]->name,
+			    status[scroll + choice], choice, FALSE);
+		/* Highlight new item */
+		choice = i;
+		print_item (list, items[scroll + choice]->name,
+			    status[scroll + choice], choice, TRUE);
+		wnoutrefresh (list);
+		wrefresh (dialog);
+	    }
+	    continue;		/* wait for another key press */
+	}
+	switch (key) {
+	case 'H':
+	case 'h':
+	case '?':
+	    for (i = 0; i < item_no; i++)
+		items[i]->selected = 0;
+	    items[scroll + choice]->selected = 1;
+	    delwin (dialog);
+	    free (status);
+	    return 1;
+	case TAB:
+	case KEY_LEFT:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 1 : (button > 1 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (dialog);
+	    break;
+	case 'S':
+	case 's':
+	case ' ':
+	case '\n':
+	    if (!button) {
+		if (flag == FLAG_CHECK) {
+		    status[scroll + choice] = !status[scroll + choice];
+		    wmove (list, choice, check_x);
+		    wattrset (list, check_selected_attr);
+		    wprintw (list, "[%c]", status[scroll + choice] ? 'X' : ' ');
+		} else {
+		    if (!status[scroll + choice]) {
+			for (i = 0; i < item_no; i++)
+			    status[i] = 0;
+			status[scroll + choice] = 1;
+			for (i = 0; i < max_choice; i++)
+			    print_item (list, items[scroll + i]->name,
+					status[scroll + i], i, i == choice);
+		    }
+		}
+		wnoutrefresh (list);
+		wrefresh (dialog);
+            
+		for (i = 0; i < item_no; i++) {
+			items[i]->selected = status[i];
+		}
+            } else {
+		    for (i = 0; i < item_no; i++)
+			    items[i]->selected = 0;
+		    items[scroll + choice]->selected = 1;
+	    }
+	    delwin (dialog);
+	    free (status);
+	    return button;
+	case 'X':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+
+	/* Now, update everything... */
+	doupdate ();
+    }
+    
+
+    delwin (dialog);
+    free (status);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/colors.h b/config/scripts/config/lxdialog/colors.h
new file mode 100644
index 0000000000..d34dd37c6f
--- /dev/null
+++ b/config/scripts/config/lxdialog/colors.h
@@ -0,0 +1,161 @@
+/*
+ *  colors.h -- color attribute definitions
+ *
+ *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+/*
+ *   Default color definitions
+ *
+ *   *_FG = foreground
+ *   *_BG = background
+ *   *_HL = highlight?
+ */
+#define SCREEN_FG                    COLOR_CYAN
+#define SCREEN_BG                    COLOR_BLUE
+#define SCREEN_HL                    TRUE
+
+#define SHADOW_FG                    COLOR_BLACK
+#define SHADOW_BG                    COLOR_BLACK
+#define SHADOW_HL                    TRUE
+
+#define DIALOG_FG                    COLOR_BLACK
+#define DIALOG_BG                    COLOR_WHITE
+#define DIALOG_HL                    FALSE
+
+#define TITLE_FG                     COLOR_YELLOW
+#define TITLE_BG                     COLOR_WHITE
+#define TITLE_HL                     TRUE
+
+#define BORDER_FG                    COLOR_WHITE
+#define BORDER_BG                    COLOR_WHITE
+#define BORDER_HL                    TRUE
+
+#define BUTTON_ACTIVE_FG             COLOR_WHITE
+#define BUTTON_ACTIVE_BG             COLOR_BLUE
+#define BUTTON_ACTIVE_HL             TRUE
+
+#define BUTTON_INACTIVE_FG           COLOR_BLACK
+#define BUTTON_INACTIVE_BG           COLOR_WHITE
+#define BUTTON_INACTIVE_HL           FALSE
+
+#define BUTTON_KEY_ACTIVE_FG         COLOR_WHITE
+#define BUTTON_KEY_ACTIVE_BG         COLOR_BLUE
+#define BUTTON_KEY_ACTIVE_HL         TRUE
+
+#define BUTTON_KEY_INACTIVE_FG       COLOR_RED
+#define BUTTON_KEY_INACTIVE_BG       COLOR_WHITE
+#define BUTTON_KEY_INACTIVE_HL       FALSE
+
+#define BUTTON_LABEL_ACTIVE_FG       COLOR_YELLOW
+#define BUTTON_LABEL_ACTIVE_BG       COLOR_BLUE
+#define BUTTON_LABEL_ACTIVE_HL       TRUE
+
+#define BUTTON_LABEL_INACTIVE_FG     COLOR_BLACK
+#define BUTTON_LABEL_INACTIVE_BG     COLOR_WHITE
+#define BUTTON_LABEL_INACTIVE_HL     TRUE
+
+#define INPUTBOX_FG                  COLOR_BLACK
+#define INPUTBOX_BG                  COLOR_WHITE
+#define INPUTBOX_HL                  FALSE
+
+#define INPUTBOX_BORDER_FG           COLOR_BLACK
+#define INPUTBOX_BORDER_BG           COLOR_WHITE
+#define INPUTBOX_BORDER_HL           FALSE
+
+#define SEARCHBOX_FG                 COLOR_BLACK
+#define SEARCHBOX_BG                 COLOR_WHITE
+#define SEARCHBOX_HL                 FALSE
+
+#define SEARCHBOX_TITLE_FG           COLOR_YELLOW
+#define SEARCHBOX_TITLE_BG           COLOR_WHITE
+#define SEARCHBOX_TITLE_HL           TRUE
+
+#define SEARCHBOX_BORDER_FG          COLOR_WHITE
+#define SEARCHBOX_BORDER_BG          COLOR_WHITE
+#define SEARCHBOX_BORDER_HL          TRUE
+
+#define POSITION_INDICATOR_FG        COLOR_YELLOW
+#define POSITION_INDICATOR_BG        COLOR_WHITE
+#define POSITION_INDICATOR_HL        TRUE
+
+#define MENUBOX_FG                   COLOR_BLACK
+#define MENUBOX_BG                   COLOR_WHITE
+#define MENUBOX_HL                   FALSE
+
+#define MENUBOX_BORDER_FG            COLOR_WHITE
+#define MENUBOX_BORDER_BG            COLOR_WHITE
+#define MENUBOX_BORDER_HL            TRUE
+
+#define ITEM_FG                      COLOR_BLACK
+#define ITEM_BG                      COLOR_WHITE
+#define ITEM_HL                      FALSE
+
+#define ITEM_SELECTED_FG             COLOR_WHITE
+#define ITEM_SELECTED_BG             COLOR_BLUE
+#define ITEM_SELECTED_HL             TRUE
+
+#define TAG_FG                       COLOR_YELLOW
+#define TAG_BG                       COLOR_WHITE
+#define TAG_HL                       TRUE
+
+#define TAG_SELECTED_FG              COLOR_YELLOW
+#define TAG_SELECTED_BG              COLOR_BLUE
+#define TAG_SELECTED_HL              TRUE
+
+#define TAG_KEY_FG                   COLOR_YELLOW
+#define TAG_KEY_BG                   COLOR_WHITE
+#define TAG_KEY_HL                   TRUE
+
+#define TAG_KEY_SELECTED_FG          COLOR_YELLOW
+#define TAG_KEY_SELECTED_BG          COLOR_BLUE
+#define TAG_KEY_SELECTED_HL          TRUE
+
+#define CHECK_FG                     COLOR_BLACK
+#define CHECK_BG                     COLOR_WHITE
+#define CHECK_HL                     FALSE
+
+#define CHECK_SELECTED_FG            COLOR_WHITE
+#define CHECK_SELECTED_BG            COLOR_BLUE
+#define CHECK_SELECTED_HL            TRUE
+
+#define UARROW_FG                    COLOR_GREEN
+#define UARROW_BG                    COLOR_WHITE
+#define UARROW_HL                    TRUE
+
+#define DARROW_FG                    COLOR_GREEN
+#define DARROW_BG                    COLOR_WHITE
+#define DARROW_HL                    TRUE
+
+/* End of default color definitions */
+
+#define C_ATTR(x,y)                  ((x ? A_BOLD : 0) | COLOR_PAIR((y)))
+#define COLOR_NAME_LEN               10
+#define COLOR_COUNT                  8
+
+/*
+ * Global variables
+ */
+
+typedef struct {
+    char name[COLOR_NAME_LEN];
+    int value;
+} color_names_st;
+
+extern color_names_st color_names[];
+extern int color_table[][3];
diff --git a/config/scripts/config/lxdialog/dialog.h b/config/scripts/config/lxdialog/dialog.h
new file mode 100644
index 0000000000..7bab3ad0e1
--- /dev/null
+++ b/config/scripts/config/lxdialog/dialog.h
@@ -0,0 +1,199 @@
+
+/*
+ *  dialog.h -- common declarations for all dialog modules
+ *
+ *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef CURSES_LOC
+#ifdef __sun__
+#define CURS_MACROS
+#endif
+#include CURSES_LOC
+
+/*
+ * Colors in ncurses 1.9.9e do not work properly since foreground and
+ * background colors are OR'd rather than separately masked.  This version
+ * of dialog was hacked to work with ncurses 1.9.9e, making it incompatible
+ * with standard curses.  The simplest fix (to make this work with standard
+ * curses) uses the wbkgdset() function, not used in the original hack.
+ * Turn it off if we're building with 1.9.9e, since it just confuses things.
+ */
+#if defined(NCURSES_VERSION) && defined(_NEED_WRAP) && !defined(GCC_PRINTFLIKE)
+#define OLD_NCURSES 1
+#undef  wbkgdset
+#define wbkgdset(w,p) /*nothing*/
+#else
+#define OLD_NCURSES 0
+#endif
+
+#define TR(params) _tracef params
+
+#define ESC 27
+#define TAB 9
+#define MAX_LEN 2048
+#define BUF_SIZE (10*1024)
+#define MIN(x,y) (x < y ? x : y)
+#define MAX(x,y) (x > y ? x : y)
+
+
+#ifndef ACS_ULCORNER
+#define ACS_ULCORNER '+'
+#endif
+#ifndef ACS_LLCORNER
+#define ACS_LLCORNER '+'
+#endif
+#ifndef ACS_URCORNER
+#define ACS_URCORNER '+'
+#endif
+#ifndef ACS_LRCORNER
+#define ACS_LRCORNER '+'
+#endif
+#ifndef ACS_HLINE
+#define ACS_HLINE '-'
+#endif
+#ifndef ACS_VLINE
+#define ACS_VLINE '|'
+#endif
+#ifndef ACS_LTEE
+#define ACS_LTEE '+'
+#endif
+#ifndef ACS_RTEE
+#define ACS_RTEE '+'
+#endif
+#ifndef ACS_UARROW
+#define ACS_UARROW '^'
+#endif
+#ifndef ACS_DARROW
+#define ACS_DARROW 'v'
+#endif
+
+/* 
+ * Attribute names
+ */
+#define screen_attr                   attributes[0]
+#define shadow_attr                   attributes[1]
+#define dialog_attr                   attributes[2]
+#define title_attr                    attributes[3]
+#define border_attr                   attributes[4]
+#define button_active_attr            attributes[5]
+#define button_inactive_attr          attributes[6]
+#define button_key_active_attr        attributes[7]
+#define button_key_inactive_attr      attributes[8]
+#define button_label_active_attr      attributes[9]
+#define button_label_inactive_attr    attributes[10]
+#define inputbox_attr                 attributes[11]
+#define inputbox_border_attr          attributes[12]
+#define searchbox_attr                attributes[13]
+#define searchbox_title_attr          attributes[14]
+#define searchbox_border_attr         attributes[15]
+#define position_indicator_attr       attributes[16]
+#define menubox_attr                  attributes[17]
+#define menubox_border_attr           attributes[18]
+#define item_attr                     attributes[19]
+#define item_selected_attr            attributes[20]
+#define tag_attr                      attributes[21]
+#define tag_selected_attr             attributes[22]
+#define tag_key_attr                  attributes[23]
+#define tag_key_selected_attr         attributes[24]
+#define check_attr                    attributes[25]
+#define check_selected_attr           attributes[26]
+#define uarrow_attr                   attributes[27]
+#define darrow_attr                   attributes[28]
+
+/* number of attributes */
+#define ATTRIBUTE_COUNT               29
+
+/*
+ * Global variables
+ */
+extern bool use_colors;
+
+extern chtype attributes[];
+#endif
+
+extern const char *backtitle;
+
+struct dialog_list_item {
+	char *name;
+	int namelen;
+	char *tag;
+	int selected; /* Set to 1 by dialog_*() function. */
+};
+
+/*
+ * Function prototypes
+ */
+
+void init_dialog (void);
+void end_dialog (void);
+void dialog_clear (void);
+#ifdef CURSES_LOC
+void attr_clear (WINDOW * win, int height, int width, chtype attr);
+void color_setup (void);
+void print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x);
+void print_button (WINDOW * win, const char *label, int y, int x, int selected);
+void draw_box (WINDOW * win, int y, int x, int height, int width, chtype box,
+		chtype border);
+void draw_shadow (WINDOW * win, int y, int x, int height, int width);
+#endif
+
+int first_alpha (const char *string, const char *exempt);
+int dialog_yesno (const char *title, const char *prompt, int height, int width);
+int dialog_msgbox (const char *title, const char *prompt, int height,
+		int width, int pause);
+int dialog_textbox (const char *title, const char *file, int height, int width);
+int dialog_menu (const char *title, const char *prompt, int height, int width,
+		int menu_height, const char *choice, int item_no, 
+		struct dialog_list_item ** items);
+int dialog_checklist (const char *title, const char *prompt, int height,
+		int width, int list_height, int item_no,
+		struct dialog_list_item ** items, int flag);
+extern unsigned char dialog_input_result[];
+int dialog_inputbox (const char *title, const char *prompt, int height,
+		int width, const char *init);
+
+struct dialog_list_item *first_sel_item(int item_no,
+		struct dialog_list_item ** items);
+
+/*
+ * This is the base for fictitious keys, which activate
+ * the buttons.
+ *
+ * Mouse-generated keys are the following:
+ *   -- the first 32 are used as numbers, in addition to '0'-'9'
+ *   -- the lowercase are used to signal mouse-enter events (M_EVENT + 'o')
+ *   -- uppercase chars are used to invoke the button (M_EVENT + 'O')
+ */
+#ifdef CURSES_LOC
+#define M_EVENT (KEY_MAX+1)
+#endif
+
+
+/*
+ * The `flag' parameter in checklist is used to select between
+ * radiolist and checklist
+ */
+#define FLAG_CHECK 1
+#define FLAG_RADIO 0
diff --git a/config/scripts/config/lxdialog/inputbox.c b/config/scripts/config/lxdialog/inputbox.c
new file mode 100644
index 0000000000..fa7bebc693
--- /dev/null
+++ b/config/scripts/config/lxdialog/inputbox.c
@@ -0,0 +1,240 @@
+/*
+ *  inputbox.c -- implements the input box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+unsigned char dialog_input_result[MAX_LEN + 1];
+
+/*
+ *  Print the termination buttons
+ */
+static void
+print_buttons(WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 11;
+    int y = height - 2;
+
+    print_button (dialog, "  Ok  ", y, x, selected==0);
+    print_button (dialog, " Help ", y, x + 14, selected==1);
+
+    wmove(dialog, y, x+1+14*selected);
+    wrefresh(dialog);
+}
+
+/*
+ * Display a dialog box for inputing a string
+ */
+int
+dialog_inputbox (const char *title, const char *prompt, int height, int width,
+		 const char *init)
+{
+    int i, x, y, box_y, box_x, box_width;
+    int input_x = 0, scroll = 0, key = 0, button = -1;
+    unsigned char *instr = dialog_input_result;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    /* Draw the input field box */
+    box_width = width - 6;
+    getyx (dialog, y, x);
+    box_y = y + 2;
+    box_x = (width - box_width) / 2;
+    draw_box (dialog, y + 1, box_x - 1, 3, box_width + 2,
+	      border_attr, dialog_attr);
+
+    print_buttons(dialog, height, width, 0);
+
+    /* Set up the initial value */
+    wmove (dialog, box_y, box_x);
+    wattrset (dialog, inputbox_attr);
+
+    if (!init)
+	instr[0] = '\0';
+    else
+	strcpy (instr, init);
+
+    input_x = strlen (instr);
+
+    if (input_x >= box_width) {
+	scroll = input_x - box_width + 1;
+	input_x = box_width - 1;
+	for (i = 0; i < box_width - 1; i++)
+	    waddch (dialog, instr[scroll + i]);
+    } else
+	waddstr (dialog, instr);
+
+    wmove (dialog, box_y, box_x + input_x);
+
+    wrefresh (dialog);
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+
+	if (button == -1) {	/* Input box selected */
+	    switch (key) {
+	    case TAB:
+	    case KEY_UP:
+	    case KEY_DOWN:
+		break;
+	    case KEY_LEFT:
+		continue;
+	    case KEY_RIGHT:
+		continue;
+	    case KEY_BACKSPACE:
+	    case 127:
+		if (input_x || scroll) {
+		    wattrset (dialog, inputbox_attr);
+		    if (!input_x) {
+			scroll = scroll < box_width - 1 ?
+			    0 : scroll - (box_width - 1);
+			wmove (dialog, box_y, box_x);
+			for (i = 0; i < box_width; i++)
+			    waddch (dialog, instr[scroll + input_x + i] ?
+				    instr[scroll + input_x + i] : ' ');
+			input_x = strlen (instr) - scroll;
+		    } else
+			input_x--;
+		    instr[scroll + input_x] = '\0';
+		    mvwaddch (dialog, box_y, input_x + box_x, ' ');
+		    wmove (dialog, box_y, input_x + box_x);
+		    wrefresh (dialog);
+		}
+		continue;
+	    default:
+		if (key < 0x100 && isprint (key)) {
+		    if (scroll + input_x < MAX_LEN) {
+			wattrset (dialog, inputbox_attr);
+			instr[scroll + input_x] = key;
+			instr[scroll + input_x + 1] = '\0';
+			if (input_x == box_width - 1) {
+			    scroll++;
+			    wmove (dialog, box_y, box_x);
+			    for (i = 0; i < box_width - 1; i++)
+				waddch (dialog, instr[scroll + i]);
+			} else {
+			    wmove (dialog, box_y, input_x++ + box_x);
+			    waddch (dialog, key);
+			}
+			wrefresh (dialog);
+		    } else
+			flash ();	/* Alarm user about overflow */
+		    continue;
+		}
+	    }
+	}
+	switch (key) {
+	case 'O':
+	case 'o':
+	    delwin (dialog);
+	    return 0;
+	case 'H':
+	case 'h':
+	    delwin (dialog);
+	    return 1;
+	case KEY_UP:
+	case KEY_LEFT:
+	    switch (button) {
+	    case -1:
+		button = 1;	/* Indicates "Cancel" button is selected */
+		print_buttons(dialog, height, width, 1);
+		break;
+	    case 0:
+		button = -1;	/* Indicates input box is selected */
+		print_buttons(dialog, height, width, 0);
+		wmove (dialog, box_y, box_x + input_x);
+		wrefresh (dialog);
+		break;
+	    case 1:
+		button = 0;	/* Indicates "OK" button is selected */
+		print_buttons(dialog, height, width, 0);
+		break;
+	    }
+	    break;
+	case TAB:
+	case KEY_DOWN:
+	case KEY_RIGHT:
+	    switch (button) {
+	    case -1:
+		button = 0;	/* Indicates "OK" button is selected */
+		print_buttons(dialog, height, width, 0);
+		break;
+	    case 0:
+		button = 1;	/* Indicates "Cancel" button is selected */
+		print_buttons(dialog, height, width, 1);
+		break;
+	    case 1:
+		button = -1;	/* Indicates input box is selected */
+		print_buttons(dialog, height, width, 0);
+		wmove (dialog, box_y, box_x + input_x);
+		wrefresh (dialog);
+		break;
+	    }
+	    break;
+	case ' ':
+	case '\n':
+	    delwin (dialog);
+	    return (button == -1 ? 0 : button);
+	case 'X':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/menubox.c b/config/scripts/config/lxdialog/menubox.c
new file mode 100644
index 0000000000..873dc587b8
--- /dev/null
+++ b/config/scripts/config/lxdialog/menubox.c
@@ -0,0 +1,438 @@
+/*
+ *  menubox.c -- implements the menu box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*
+ *  Changes by Clifford Wolf (god@clifford.at)
+ *
+ *  [ 1998-06-13 ]
+ *
+ *    *)  A bugfix for the Page-Down problem
+ *
+ *    *)  Formerly when I used Page Down and Page Up, the cursor would be set 
+ *        to the first position in the menu box.  Now lxdialog is a bit
+ *        smarter and works more like other menu systems (just have a look at
+ *        it).
+ *
+ *    *)  Formerly if I selected something my scrolling would be broken because
+ *        lxdialog is re-invoked by the Menuconfig shell script, can't
+ *        remember the last scrolling position, and just sets it so that the
+ *        cursor is at the bottom of the box.  Now it writes the temporary file
+ *        lxdialog.scrltmp which contains this information. The file is
+ *        deleted by lxdialog if the user leaves a submenu or enters a new
+ *        one, but it would be nice if Menuconfig could make another "rm -f"
+ *        just to be sure.  Just try it out - you will recognise a difference!
+ *
+ *  [ 1998-06-14 ]
+ *
+ *    *)  Now lxdialog is crash-safe against broken "lxdialog.scrltmp" files
+ *        and menus change their size on the fly.
+ *
+ *    *)  If for some reason the last scrolling position is not saved by
+ *        lxdialog, it sets the scrolling so that the selected item is in the
+ *        middle of the menu box, not at the bottom.
+ *
+ * 02 January 1999, Michael Elizabeth Chastain (mec@shout.net)
+ * Reset 'scroll' to 0 if the value from lxdialog.scrltmp is bogus.
+ * This fixes a bug in Menuconfig where using ' ' to descend into menus
+ * would leave mis-synchronized lxdialog.scrltmp files lying around,
+ * fscanf would read in 'scroll', and eventually that value would get used.
+ */
+
+#include "dialog.h"
+
+static int menu_width, item_x;
+
+/*
+ * Print menu item
+ */
+static void
+print_item (WINDOW * win, const char *item, int choice, int selected, int hotkey)
+{
+    int j;
+    char menu_item[menu_width+1];
+
+    strncpy(menu_item, item, menu_width);
+    menu_item[menu_width] = 0;
+    j = first_alpha(menu_item, "YyNnMmHh");
+
+    /* Clear 'residue' of last item */
+    wattrset (win, menubox_attr);
+    wmove (win, choice, 0);
+#if OLD_NCURSES
+    {
+        int i;
+        for (i = 0; i < menu_width; i++)
+	    waddch (win, ' ');
+    }
+#else
+    wclrtoeol(win);
+#endif
+    wattrset (win, selected ? item_selected_attr : item_attr);
+    mvwaddstr (win, choice, item_x, menu_item);
+    if (hotkey) {
+    	wattrset (win, selected ? tag_key_selected_attr : tag_key_attr);
+    	mvwaddch(win, choice, item_x+j, menu_item[j]);
+    }
+    if (selected) {
+	wmove (win, choice, item_x+1);
+	wrefresh (win);
+    }
+}
+
+/*
+ * Print the scroll indicators.
+ */
+static void
+print_arrows (WINDOW * win, int item_no, int scroll,
+		int y, int x, int height)
+{
+    int cur_y, cur_x;
+
+    getyx(win, cur_y, cur_x);
+
+    wmove(win, y, x);
+
+    if (scroll > 0) {
+	wattrset (win, uarrow_attr);
+	waddch (win, ACS_UARROW);
+	waddstr (win, "(-)");
+    }
+    else {
+	wattrset (win, menubox_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+    }
+
+   y = y + height + 1;
+   wmove(win, y, x);
+
+   if ((height < item_no) && (scroll + height < item_no)) {
+	wattrset (win, darrow_attr);
+	waddch (win, ACS_DARROW);
+	waddstr (win, "(+)");
+    }
+    else {
+	wattrset (win, menubox_border_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+   }
+
+   wmove(win, cur_y, cur_x);
+}
+
+/*
+ * Display the termination buttons.
+ */
+static void
+print_buttons (WINDOW *win, int height, int width, int selected)
+{
+    int x = width / 2 - 16;
+    int y = height - 2;
+
+    print_button (win, "Select", y, x, selected == 0);
+    print_button (win, " Exit ", y, x + 12, selected == 1);
+    print_button (win, " Help ", y, x + 24, selected == 2);
+
+    wmove(win, y, x+1+12*selected);
+    wrefresh (win);
+}
+
+/*
+ * Display a menu for choosing among a number of options
+ */
+int
+dialog_menu (const char *title, const char *prompt, int height, int width,
+		int menu_height, const char *current, int item_no,
+		struct dialog_list_item ** items)
+{
+    int i, j, x, y, box_x, box_y;
+    int key = 0, button = 0, scroll = 0, choice = 0, first_item = 0, max_choice;
+    WINDOW *dialog, *menu;
+    FILE *f;
+
+    max_choice = MIN (menu_height, item_no);
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height - 3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    wbkgdset (dialog, dialog_attr & A_COLOR);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    menu_width = width - 6;
+    box_y = height - menu_height - 5;
+    box_x = (width - menu_width) / 2 - 1;
+
+    /* create new window for the menu */
+    menu = subwin (dialog, menu_height, menu_width,
+		y + box_y + 1, x + box_x + 1);
+    keypad (menu, TRUE);
+
+    /* draw a box around the menu items */
+    draw_box (dialog, box_y, box_x, menu_height + 2, menu_width + 2,
+	      menubox_border_attr, menubox_attr);
+
+    /*
+     * Find length of longest item in order to center menu.
+     * Set 'choice' to default item. 
+     */
+    item_x = 0;
+    for (i = 0; i < item_no; i++) {
+	item_x = MAX (item_x, MIN(menu_width, strlen (items[i]->name) + 2));
+	if (strcmp(current, items[i]->tag) == 0) choice = i;
+    }
+
+    item_x = (menu_width - item_x) / 2;
+
+    /* get the scroll info from the temp file */
+    if ( (f=fopen("lxdialog.scrltmp","r")) != NULL ) {
+	if ( (fscanf(f,"%d\n",&scroll) == 1) && (scroll <= choice) &&
+	     (scroll+max_choice > choice) && (scroll >= 0) &&
+	     (scroll+max_choice <= item_no) ) {
+	    first_item = scroll;
+	    choice = choice - scroll;
+	    fclose(f);
+	} else {
+	    scroll=0;
+	    remove("lxdialog.scrltmp");
+	    fclose(f);
+	    f=NULL;
+	}
+    }
+    if ( (choice >= max_choice) || (f==NULL && choice >= max_choice/2) ) {
+	if (choice >= item_no-max_choice/2)
+	    scroll = first_item = item_no-max_choice;
+	else
+	    scroll = first_item = choice - max_choice/2;
+	choice = choice - scroll;
+    }
+
+    /* Print the menu */
+    for (i=0; i < max_choice; i++) {
+	print_item (menu, items[first_item + i]->name, i, i == choice,
+                    (items[first_item + i]->tag[0] != ':'));
+    }
+
+    wnoutrefresh (menu);
+
+    print_arrows(dialog, item_no, scroll,
+		 box_y, box_x+item_x+1, menu_height);
+
+    print_buttons (dialog, height, width, 0);
+    wmove (menu, choice, item_x+1);
+    wrefresh (menu);
+
+    while (key != ESC) {
+	key = wgetch(menu);
+
+	if (key < 256 && isalpha(key)) key = tolower(key);
+
+	if (strchr("ynmh", key))
+		i = max_choice;
+	else {
+        for (i = choice+1; i < max_choice; i++) {
+		j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
+		if (key == tolower(items[scroll + i]->name[j]))
+                	break;
+	}
+	if (i == max_choice)
+       		for (i = 0; i < max_choice; i++) {
+			j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
+			if (key == tolower(items[scroll + i]->name[j]))
+                		break;
+		}
+	}
+
+	if (i < max_choice || 
+            key == KEY_UP || key == KEY_DOWN ||
+            key == '-' || key == '+' ||
+            key == KEY_PPAGE || key == KEY_NPAGE) {
+
+            print_item (menu, items[scroll + choice]->name, choice, FALSE,
+                       (items[scroll + choice]->tag[0] != ':'));
+
+	    if (key == KEY_UP || key == '-') {
+                if (choice < 2 && scroll) {
+	            /* Scroll menu down */
+                    scrollok (menu, TRUE);
+                    wscrl (menu, -1);
+                    scrollok (menu, FALSE);
+
+                    scroll--;
+
+                    print_item (menu, items[scroll]->name, 0, FALSE,
+                               (items[scroll]->tag[0] != ':'));
+		} else
+		    choice = MAX(choice - 1, 0);
+
+	    } else if (key == KEY_DOWN || key == '+')  {
+
+		print_item (menu, items[scroll + choice]->name, choice, FALSE,
+                                (items[scroll + choice]->tag[0] != ':'));
+
+                if ((choice > max_choice-3) &&
+                    (scroll + max_choice < item_no)
+                   ) {
+		    /* Scroll menu up */
+		    scrollok (menu, TRUE);
+                    scroll (menu);
+                    scrollok (menu, FALSE);
+
+                    scroll++;
+
+                    print_item (menu, items[scroll + max_choice - 1]->name,
+                               max_choice-1, FALSE,
+                               (items[scroll + max_choice - 1]->tag[0] != ':'));
+                } else
+                    choice = MIN(choice+1, max_choice-1);
+
+	    } else if (key == KEY_PPAGE) {
+	        scrollok (menu, TRUE);
+                for (i=0; (i < max_choice); i++) {
+                    if (scroll > 0) {
+                	wscrl (menu, -1);
+                	scroll--;
+                	print_item (menu, items[scroll]->name, 0, FALSE,
+                	(items[scroll]->tag[0] != ':'));
+                    } else {
+                        if (choice > 0)
+                            choice--;
+                    }
+                }
+                scrollok (menu, FALSE);
+
+            } else if (key == KEY_NPAGE) {
+                for (i=0; (i < max_choice); i++) {
+                    if (scroll+max_choice < item_no) {
+			scrollok (menu, TRUE);
+			scroll(menu);
+			scrollok (menu, FALSE);
+                	scroll++;
+                	print_item (menu, items[scroll + max_choice - 1]->name,
+			            max_choice-1, FALSE,
+			            (items[scroll + max_choice - 1]->tag[0] != ':'));
+		    } else {
+			if (choice+1 < max_choice)
+			    choice++;
+		    }
+                }
+
+            } else
+                choice = i;
+
+            print_item (menu, items[scroll + choice]->name, choice, TRUE,
+                       (items[scroll + choice]->tag[0] != ':'));
+
+            print_arrows(dialog, item_no, scroll,
+                         box_y, box_x+item_x+1, menu_height);
+
+            wnoutrefresh (dialog);
+            wrefresh (menu);
+
+	    continue;		/* wait for another key press */
+        }
+
+	switch (key) {
+	case KEY_LEFT:
+	case TAB:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 2 : (button > 2 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (menu);
+	    break;
+	case ' ':
+	case 's':
+	case 'y':
+	case 'n':
+	case 'm':
+	case '/':
+	    /* save scroll info */
+	    if ( (f=fopen("lxdialog.scrltmp","w")) != NULL ) {
+		fprintf(f,"%d\n",scroll);
+		fclose(f);
+	    }
+	    delwin (dialog);
+            items[scroll + choice]->selected = 1;
+            switch (key) {
+            case 's': return 3;
+            case 'y': return 3;
+            case 'n': return 4;
+            case 'm': return 5;
+            case ' ': return 6;
+            case '/': return 7;
+            }
+	    return 0;
+	case 'h':
+	case '?':
+	    button = 2;
+	case '\n':
+	    delwin (dialog);
+	    items[scroll + choice]->selected = 1;
+
+	    remove("lxdialog.scrltmp");
+	    return button;
+	case 'e':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    remove("lxdialog.scrltmp");
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/msgbox.c b/config/scripts/config/lxdialog/msgbox.c
new file mode 100644
index 0000000000..93692e1fbc
--- /dev/null
+++ b/config/scripts/config/lxdialog/msgbox.c
@@ -0,0 +1,85 @@
+/*
+ *  msgbox.c -- implements the message box and info box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+/*
+ * Display a message box. Program will pause and display an "OK" button
+ * if the parameter 'pause' is non-zero.
+ */
+int
+dialog_msgbox (const char *title, const char *prompt, int height, int width,
+		int pause)
+{
+    int i, x, y, key = 0;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 2);
+
+    if (pause) {
+	wattrset (dialog, border_attr);
+	mvwaddch (dialog, height - 3, 0, ACS_LTEE);
+	for (i = 0; i < width - 2; i++)
+	    waddch (dialog, ACS_HLINE);
+	wattrset (dialog, dialog_attr);
+	waddch (dialog, ACS_RTEE);
+
+	print_button (dialog, "  Ok  ",
+		      height - 2, width / 2 - 4, TRUE);
+
+	wrefresh (dialog);
+	while (key != ESC && key != '\n' && key != ' ' &&
+               key != 'O' && key != 'o' && key != 'X' && key != 'x')
+	    key = wgetch (dialog);
+    } else {
+	key = '\n';
+	wrefresh (dialog);
+    }
+
+    delwin (dialog);
+    return key == ESC ? -1 : 0;
+}
diff --git a/config/scripts/config/lxdialog/textbox.c b/config/scripts/config/lxdialog/textbox.c
new file mode 100644
index 0000000000..a5a460b5cc
--- /dev/null
+++ b/config/scripts/config/lxdialog/textbox.c
@@ -0,0 +1,556 @@
+/*
+ *  textbox.c -- implements the text box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+static void back_lines (int n);
+static void print_page (WINDOW * win, int height, int width);
+static void print_line (WINDOW * win, int row, int width);
+static char *get_line (void);
+static void print_position (WINDOW * win, int height, int width);
+
+static int hscroll, fd, file_size, bytes_read;
+static int begin_reached = 1, end_reached, page_length;
+static char *buf, *page;
+
+/*
+ * Display text from a file in a dialog box.
+ */
+int
+dialog_textbox (const char *title, const char *file, int height, int width)
+{
+    int i, x, y, cur_x, cur_y, fpos, key = 0;
+    int passed_end;
+    char search_term[MAX_LEN + 1];
+    WINDOW *dialog, *text;
+
+    search_term[0] = '\0';	/* no search term entered yet */
+
+    /* Open input file for reading */
+    if ((fd = open (file, O_RDONLY)) == -1) {
+	endwin ();
+	fprintf (stderr,
+		 "\nCan't open input file in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Get file size. Actually, 'file_size' is the real file size - 1,
+       since it's only the last byte offset from the beginning */
+    if ((file_size = lseek (fd, 0, SEEK_END)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError getting file size in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Restore file pointer to beginning of file after getting file size */
+    if (lseek (fd, 0, SEEK_SET) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError moving file pointer in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Allocate space for read buffer */
+    if ((buf = malloc (BUF_SIZE + 1)) == NULL) {
+	endwin ();
+	fprintf (stderr, "\nCan't allocate memory in dialog_textbox().\n");
+	exit (-1);
+    }
+    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError reading file in dialog_textbox().\n");
+	exit (-1);
+    }
+    buf[bytes_read] = '\0';	/* mark end of valid data */
+    page = buf;			/* page is pointer to start of page to be displayed */
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    /* Create window for text region, used for scrolling text */
+    text = subwin (dialog, height - 4, width - 2, y + 1, x + 1);
+    wattrset (text, dialog_attr);
+    wbkgdset (text, dialog_attr & A_COLOR);
+
+    keypad (text, TRUE);
+
+    /* register the new window, along with its borders */
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    wbkgdset (dialog, dialog_attr & A_COLOR);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+    print_button (dialog, " Exit ", height - 2, width / 2 - 4, TRUE);
+    wnoutrefresh (dialog);
+    getyx (dialog, cur_y, cur_x);	/* Save cursor position */
+
+    /* Print first page of text */
+    attr_clear (text, height - 4, width - 2, dialog_attr);
+    print_page (text, height - 4, width - 2);
+    print_position (dialog, height, width);
+    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+    wrefresh (dialog);
+
+    while ((key != ESC) && (key != '\n')) {
+	key = wgetch (dialog);
+	switch (key) {
+	case 'E':		/* Exit */
+	case 'e':
+	case 'X':
+	case 'x':
+	    delwin (dialog);
+	    free (buf);
+	    close (fd);
+	    return 0;
+	case 'g':		/* First page */
+	case KEY_HOME:
+	    if (!begin_reached) {
+		begin_reached = 1;
+		/* First page not in buffer? */
+		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		    exit (-1);
+		}
+		if (fpos > bytes_read) {	/* Yes, we have to read it in */
+		    if (lseek (fd, 0, SEEK_SET) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer in "
+				 "dialog_textbox().\n");
+			exit (-1);
+		    }
+		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+			endwin ();
+			fprintf (stderr,
+			     "\nError reading file in dialog_textbox().\n");
+			exit (-1);
+		    }
+		    buf[bytes_read] = '\0';
+		}
+		page = buf;
+		print_page (text, height - 4, width - 2);
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case 'G':		/* Last page */
+	case KEY_END:
+
+	    end_reached = 1;
+	    /* Last page not in buffer? */
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		exit (-1);
+	    }
+	    if (fpos < file_size) {	/* Yes, we have to read it in */
+		if (lseek (fd, -BUF_SIZE, SEEK_END) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		    exit (-1);
+		}
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+			     "\nError reading file in dialog_textbox().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+	    }
+	    page = buf + bytes_read;
+	    back_lines (height - 4);
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+	    wrefresh (dialog);
+	    break;
+	case 'K':		/* Previous line */
+	case 'k':
+	case KEY_UP:
+	    if (!begin_reached) {
+		back_lines (page_length + 1);
+
+		/* We don't call print_page() here but use scrolling to ensure
+		   faster screen update. However, 'end_reached' and
+		   'page_length' should still be updated, and 'page' should
+		   point to start of next page. This is done by calling
+		   get_line() in the following 'for' loop. */
+		scrollok (text, TRUE);
+		wscrl (text, -1);	/* Scroll text region down one line */
+		scrollok (text, FALSE);
+		page_length = 0;
+		passed_end = 0;
+		for (i = 0; i < height - 4; i++) {
+		    if (!i) {
+			/* print first line of page */
+			print_line (text, 0, width - 2);
+			wnoutrefresh (text);
+		    } else
+			/* Called to update 'end_reached' and 'page' */
+			get_line ();
+		    if (!passed_end)
+			page_length++;
+		    if (end_reached && !passed_end)
+			passed_end = 1;
+		}
+
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case 'B':		/* Previous page */
+	case 'b':
+	case KEY_PPAGE:
+	    if (begin_reached)
+		break;
+	    back_lines (page_length + height - 4);
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case 'J':		/* Next line */
+	case 'j':
+	case KEY_DOWN:
+	    if (!end_reached) {
+		begin_reached = 0;
+		scrollok (text, TRUE);
+		scroll (text);	/* Scroll text region up one line */
+		scrollok (text, FALSE);
+		print_line (text, height - 5, width - 2);
+		wnoutrefresh (text);
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case KEY_NPAGE:		/* Next page */
+	case ' ':
+	    if (end_reached)
+		break;
+
+	    begin_reached = 0;
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case '0':		/* Beginning of line */
+	case 'H':		/* Scroll left */
+	case 'h':
+	case KEY_LEFT:
+	    if (hscroll <= 0)
+		break;
+
+	    if (key == '0')
+		hscroll = 0;
+	    else
+		hscroll--;
+	    /* Reprint current page to scroll horizontally */
+	    back_lines (page_length);
+	    print_page (text, height - 4, width - 2);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case 'L':		/* Scroll right */
+	case 'l':
+	case KEY_RIGHT:
+	    if (hscroll >= MAX_LEN)
+		break;
+	    hscroll++;
+	    /* Reprint current page to scroll horizontally */
+	    back_lines (page_length);
+	    print_page (text, height - 4, width - 2);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    free (buf);
+    close (fd);
+    return 1;			/* ESC pressed */
+}
+
+/*
+ * Go back 'n' lines in text file. Called by dialog_textbox().
+ * 'page' will be updated to point to the desired line in 'buf'.
+ */
+static void
+back_lines (int n)
+{
+    int i, fpos;
+
+    begin_reached = 0;
+    /* We have to distinguish between end_reached and !end_reached
+       since at end of file, the line is not ended by a '\n'.
+       The code inside 'if' basically does a '--page' to move one
+       character backward so as to skip '\n' of the previous line */
+    if (!end_reached) {
+	/* Either beginning of buffer or beginning of file reached? */
+	if (page == buf) {
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr, "\nError moving file pointer in "
+			 "back_lines().\n");
+		exit (-1);
+	    }
+	    if (fpos > bytes_read) {	/* Not beginning of file yet */
+		/* We've reached beginning of buffer, but not beginning of
+		   file yet, so read previous part of file into buffer.
+		   Note that we only move backward for BUF_SIZE/2 bytes,
+		   but not BUF_SIZE bytes to avoid re-reading again in
+		   print_page() later */
+		/* Really possible to move backward BUF_SIZE/2 bytes? */
+		if (fpos < BUF_SIZE / 2 + bytes_read) {
+		    /* No, move less then */
+		    if (lseek (fd, 0, SEEK_SET) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer in "
+				 "back_lines().\n");
+			exit (-1);
+		    }
+		    page = buf + fpos - bytes_read;
+		} else {	/* Move backward BUF_SIZE/2 bytes */
+		    if (lseek (fd, -(BUF_SIZE / 2 + bytes_read), SEEK_CUR)
+			== -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer "
+				 "in back_lines().\n");
+			exit (-1);
+		    }
+		    page = buf + BUF_SIZE / 2;
+		}
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr, "\nError reading file in back_lines().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+	    } else {		/* Beginning of file reached */
+		begin_reached = 1;
+		return;
+	    }
+	}
+	if (*(--page) != '\n') {	/* '--page' here */
+	    /* Something's wrong... */
+	    endwin ();
+	    fprintf (stderr, "\nInternal error in back_lines().\n");
+	    exit (-1);
+	}
+    }
+    /* Go back 'n' lines */
+    for (i = 0; i < n; i++)
+	do {
+	    if (page == buf) {
+		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+			  "\nError moving file pointer in back_lines().\n");
+		    exit (-1);
+		}
+		if (fpos > bytes_read) {
+		    /* Really possible to move backward BUF_SIZE/2 bytes? */
+		    if (fpos < BUF_SIZE / 2 + bytes_read) {
+			/* No, move less then */
+			if (lseek (fd, 0, SEEK_SET) == -1) {
+			    endwin ();
+			    fprintf (stderr, "\nError moving file pointer "
+				     "in back_lines().\n");
+			    exit (-1);
+			}
+			page = buf + fpos - bytes_read;
+		    } else {	/* Move backward BUF_SIZE/2 bytes */
+			if (lseek (fd, -(BUF_SIZE / 2 + bytes_read),
+				   SEEK_CUR) == -1) {
+			    endwin ();
+			    fprintf (stderr, "\nError moving file pointer"
+				     " in back_lines().\n");
+			    exit (-1);
+			}
+			page = buf + BUF_SIZE / 2;
+		    }
+		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError reading file in "
+				 "back_lines().\n");
+			exit (-1);
+		    }
+		    buf[bytes_read] = '\0';
+		} else {	/* Beginning of file reached */
+		    begin_reached = 1;
+		    return;
+		}
+	    }
+	} while (*(--page) != '\n');
+    page++;
+}
+
+/*
+ * Print a new page of text. Called by dialog_textbox().
+ */
+static void
+print_page (WINDOW * win, int height, int width)
+{
+    int i, passed_end = 0;
+
+    page_length = 0;
+    for (i = 0; i < height; i++) {
+	print_line (win, i, width);
+	if (!passed_end)
+	    page_length++;
+	if (end_reached && !passed_end)
+	    passed_end = 1;
+    }
+    wnoutrefresh (win);
+}
+
+/*
+ * Print a new line of text. Called by dialog_textbox() and print_page().
+ */
+static void
+print_line (WINDOW * win, int row, int width)
+{
+    int y, x;
+    char *line;
+
+    line = get_line ();
+    line += MIN (strlen (line), hscroll);	/* Scroll horizontally */
+    wmove (win, row, 0);	/* move cursor to correct line */
+    waddch (win, ' ');
+    waddnstr (win, line, MIN (strlen (line), width - 2));
+
+    getyx (win, y, x);
+    /* Clear 'residue' of previous line */
+#if OLD_NCURSES
+    {
+        int i;
+        for (i = 0; i < width - x; i++)
+	    waddch (win, ' ');
+    }
+#else
+    wclrtoeol(win);
+#endif
+}
+
+/*
+ * Return current line of text. Called by dialog_textbox() and print_line().
+ * 'page' should point to start of current line before calling, and will be
+ * updated to point to start of next line.
+ */
+static char *
+get_line (void)
+{
+    int i = 0, fpos;
+    static char line[MAX_LEN + 1];
+
+    end_reached = 0;
+    while (*page != '\n') {
+	if (*page == '\0') {
+	    /* Either end of file or end of buffer reached */
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr, "\nError moving file pointer in "
+			 "get_line().\n");
+		exit (-1);
+	    }
+	    if (fpos < file_size) {	/* Not end of file yet */
+		/* We've reached end of buffer, but not end of file yet,
+		   so read next part of file into buffer */
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr, "\nError reading file in get_line().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+		page = buf;
+	    } else {
+		if (!end_reached)
+		    end_reached = 1;
+		break;
+	    }
+	} else if (i < MAX_LEN)
+	    line[i++] = *(page++);
+	else {
+	    /* Truncate lines longer than MAX_LEN characters */
+	    if (i == MAX_LEN)
+		line[i++] = '\0';
+	    page++;
+	}
+    }
+    if (i <= MAX_LEN)
+	line[i] = '\0';
+    if (!end_reached)
+	page++;			/* move pass '\n' */
+
+    return line;
+}
+
+/*
+ * Print current position
+ */
+static void
+print_position (WINDOW * win, int height, int width)
+{
+    int fpos, percent;
+
+    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError moving file pointer in print_position().\n");
+	exit (-1);
+    }
+    wattrset (win, position_indicator_attr);
+    wbkgdset (win, position_indicator_attr & A_COLOR);
+    percent = !file_size ?
+	100 : ((fpos - bytes_read + page - buf) * 100) / file_size;
+    wmove (win, height - 3, width - 9);
+    wprintw (win, "(%3d%%)", percent);
+}
diff --git a/config/scripts/config/lxdialog/util.c b/config/scripts/config/lxdialog/util.c
new file mode 100644
index 0000000000..6f83951b90
--- /dev/null
+++ b/config/scripts/config/lxdialog/util.c
@@ -0,0 +1,375 @@
+/*
+ *  util.c
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+
+/* use colors by default? */
+bool use_colors = 1;
+
+const char *backtitle = NULL;
+
+const char *dialog_result;
+
+/* 
+ * Attribute values, default is for mono display
+ */
+chtype attributes[] =
+{
+    A_NORMAL,			/* screen_attr */
+    A_NORMAL,			/* shadow_attr */
+    A_NORMAL,			/* dialog_attr */
+    A_BOLD,			/* title_attr */
+    A_NORMAL,			/* border_attr */
+    A_REVERSE,			/* button_active_attr */
+    A_DIM,			/* button_inactive_attr */
+    A_REVERSE,			/* button_key_active_attr */
+    A_BOLD,			/* button_key_inactive_attr */
+    A_REVERSE,			/* button_label_active_attr */
+    A_NORMAL,			/* button_label_inactive_attr */
+    A_NORMAL,			/* inputbox_attr */
+    A_NORMAL,			/* inputbox_border_attr */
+    A_NORMAL,			/* searchbox_attr */
+    A_BOLD,			/* searchbox_title_attr */
+    A_NORMAL,			/* searchbox_border_attr */
+    A_BOLD,			/* position_indicator_attr */
+    A_NORMAL,			/* menubox_attr */
+    A_NORMAL,			/* menubox_border_attr */
+    A_NORMAL,			/* item_attr */
+    A_REVERSE,			/* item_selected_attr */
+    A_BOLD,			/* tag_attr */
+    A_REVERSE,			/* tag_selected_attr */
+    A_BOLD,			/* tag_key_attr */
+    A_REVERSE,			/* tag_key_selected_attr */
+    A_BOLD,			/* check_attr */
+    A_REVERSE,			/* check_selected_attr */
+    A_BOLD,			/* uarrow_attr */
+    A_BOLD			/* darrow_attr */
+};
+
+
+#include "colors.h"
+
+/*
+ * Table of color values
+ */
+int color_table[][3] =
+{
+    {SCREEN_FG, SCREEN_BG, SCREEN_HL},
+    {SHADOW_FG, SHADOW_BG, SHADOW_HL},
+    {DIALOG_FG, DIALOG_BG, DIALOG_HL},
+    {TITLE_FG, TITLE_BG, TITLE_HL},
+    {BORDER_FG, BORDER_BG, BORDER_HL},
+    {BUTTON_ACTIVE_FG, BUTTON_ACTIVE_BG, BUTTON_ACTIVE_HL},
+    {BUTTON_INACTIVE_FG, BUTTON_INACTIVE_BG, BUTTON_INACTIVE_HL},
+    {BUTTON_KEY_ACTIVE_FG, BUTTON_KEY_ACTIVE_BG, BUTTON_KEY_ACTIVE_HL},
+    {BUTTON_KEY_INACTIVE_FG, BUTTON_KEY_INACTIVE_BG, BUTTON_KEY_INACTIVE_HL},
+    {BUTTON_LABEL_ACTIVE_FG, BUTTON_LABEL_ACTIVE_BG, BUTTON_LABEL_ACTIVE_HL},
+    {BUTTON_LABEL_INACTIVE_FG, BUTTON_LABEL_INACTIVE_BG,
+     BUTTON_LABEL_INACTIVE_HL},
+    {INPUTBOX_FG, INPUTBOX_BG, INPUTBOX_HL},
+    {INPUTBOX_BORDER_FG, INPUTBOX_BORDER_BG, INPUTBOX_BORDER_HL},
+    {SEARCHBOX_FG, SEARCHBOX_BG, SEARCHBOX_HL},
+    {SEARCHBOX_TITLE_FG, SEARCHBOX_TITLE_BG, SEARCHBOX_TITLE_HL},
+    {SEARCHBOX_BORDER_FG, SEARCHBOX_BORDER_BG, SEARCHBOX_BORDER_HL},
+    {POSITION_INDICATOR_FG, POSITION_INDICATOR_BG, POSITION_INDICATOR_HL},
+    {MENUBOX_FG, MENUBOX_BG, MENUBOX_HL},
+    {MENUBOX_BORDER_FG, MENUBOX_BORDER_BG, MENUBOX_BORDER_HL},
+    {ITEM_FG, ITEM_BG, ITEM_HL},
+    {ITEM_SELECTED_FG, ITEM_SELECTED_BG, ITEM_SELECTED_HL},
+    {TAG_FG, TAG_BG, TAG_HL},
+    {TAG_SELECTED_FG, TAG_SELECTED_BG, TAG_SELECTED_HL},
+    {TAG_KEY_FG, TAG_KEY_BG, TAG_KEY_HL},
+    {TAG_KEY_SELECTED_FG, TAG_KEY_SELECTED_BG, TAG_KEY_SELECTED_HL},
+    {CHECK_FG, CHECK_BG, CHECK_HL},
+    {CHECK_SELECTED_FG, CHECK_SELECTED_BG, CHECK_SELECTED_HL},
+    {UARROW_FG, UARROW_BG, UARROW_HL},
+    {DARROW_FG, DARROW_BG, DARROW_HL},
+};				/* color_table */
+
+/*
+ * Set window to attribute 'attr'
+ */
+void
+attr_clear (WINDOW * win, int height, int width, chtype attr)
+{
+    int i, j;
+
+    wattrset (win, attr);
+    for (i = 0; i < height; i++) {
+	wmove (win, i, 0);
+	for (j = 0; j < width; j++)
+	    waddch (win, ' ');
+    }
+    touchwin (win);
+}
+
+void dialog_clear (void)
+{
+    attr_clear (stdscr, LINES, COLS, screen_attr);
+    /* Display background title if it exists ... - SLH */
+    if (backtitle != NULL) {
+        int i;
+
+        wattrset (stdscr, screen_attr);
+        mvwaddstr (stdscr, 0, 1, (char *)backtitle);
+        wmove (stdscr, 1, 1);
+        for (i = 1; i < COLS - 1; i++)
+            waddch (stdscr, ACS_HLINE);
+    }
+    wnoutrefresh (stdscr);
+}
+
+/*
+ * Do some initialization for dialog
+ */
+void
+init_dialog (void)
+{
+    initscr ();			/* Init curses */
+    keypad (stdscr, TRUE);
+    cbreak ();
+    noecho ();
+
+
+    if (use_colors)	/* Set up colors */
+	color_setup ();
+
+
+    dialog_clear ();
+}
+
+/*
+ * Setup for color display
+ */
+void
+color_setup (void)
+{
+    int i;
+
+    if (has_colors ()) {	/* Terminal supports color? */
+	start_color ();
+
+	/* Initialize color pairs */
+	for (i = 0; i < ATTRIBUTE_COUNT; i++)
+	    init_pair (i + 1, color_table[i][0], color_table[i][1]);
+
+	/* Setup color attributes */
+	for (i = 0; i < ATTRIBUTE_COUNT; i++)
+	    attributes[i] = C_ATTR (color_table[i][2], i + 1);
+    }
+}
+
+/*
+ * End using dialog functions.
+ */
+void
+end_dialog (void)
+{
+    endwin ();
+}
+
+
+/*
+ * Print a string of text in a window, automatically wrap around to the
+ * next line if the string is too long to fit on one line. Newline
+ * characters '\n' are replaced by spaces.  We start on a new line
+ * if there is no room for at least 4 nonblanks following a double-space.
+ */
+void
+print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x)
+{
+    int newl, cur_x, cur_y;
+    int i, prompt_len, room, wlen;
+    char tempstr[MAX_LEN + 1], *word, *sp, *sp2;
+
+    strcpy (tempstr, prompt);
+
+    prompt_len = strlen(tempstr);
+	
+    /*
+     * Remove newlines
+     */
+    for(i=0; i<prompt_len; i++) {
+	if(tempstr[i] == '\n') tempstr[i] = ' ';
+    }
+
+    if (prompt_len <= width - x * 2) {	/* If prompt is short */
+	wmove (win, y, (width - prompt_len) / 2);
+	waddstr (win, tempstr);
+    } else {
+	cur_x = x;
+	cur_y = y;
+	newl = 1;
+	word = tempstr;
+	while (word && *word) {
+	    sp = index(word, ' ');
+	    if (sp)
+	        *sp++ = 0;
+
+	    /* Wrap to next line if either the word does not fit,
+	       or it is the first word of a new sentence, and it is
+	       short, and the next word does not fit. */
+	    room = width - cur_x;
+	    wlen = strlen(word);
+	    if (wlen > room ||
+	       (newl && wlen < 4 && sp && wlen+1+strlen(sp) > room
+		     && (!(sp2 = index(sp, ' ')) || wlen+1+(sp2-sp) > room))) {
+		cur_y++;
+		cur_x = x;
+	    }
+	    wmove (win, cur_y, cur_x);
+	    waddstr (win, word);
+	    getyx (win, cur_y, cur_x);
+	    cur_x++;
+	    if (sp && *sp == ' ') {
+	        cur_x++;	/* double space */
+		while (*++sp == ' ');
+		newl = 1;
+	    } else
+	        newl = 0;
+	    word = sp;
+	}
+    }
+}
+
+/*
+ * Print a button
+ */
+void
+print_button (WINDOW * win, const char *label, int y, int x, int selected)
+{
+    int i, temp;
+
+    wmove (win, y, x);
+    wattrset (win, selected ? button_active_attr : button_inactive_attr);
+    waddstr (win, "<");
+    temp = strspn (label, " ");
+    label += temp;
+    wattrset (win, selected ? button_label_active_attr
+	      : button_label_inactive_attr);
+    for (i = 0; i < temp; i++)
+	waddch (win, ' ');
+    wattrset (win, selected ? button_key_active_attr
+	      : button_key_inactive_attr);
+    waddch (win, label[0]);
+    wattrset (win, selected ? button_label_active_attr
+	      : button_label_inactive_attr);
+    waddstr (win, (char *)label + 1);
+    wattrset (win, selected ? button_active_attr : button_inactive_attr);
+    waddstr (win, ">");
+    wmove (win, y, x + temp + 1);
+}
+
+/*
+ * Draw a rectangular box with line drawing characters
+ */
+void
+draw_box (WINDOW * win, int y, int x, int height, int width,
+	  chtype box, chtype border)
+{
+    int i, j;
+
+    wattrset (win, 0);
+    for (i = 0; i < height; i++) {
+	wmove (win, y + i, x);
+	for (j = 0; j < width; j++)
+	    if (!i && !j)
+		waddch (win, border | ACS_ULCORNER);
+	    else if (i == height - 1 && !j)
+		waddch (win, border | ACS_LLCORNER);
+	    else if (!i && j == width - 1)
+		waddch (win, box | ACS_URCORNER);
+	    else if (i == height - 1 && j == width - 1)
+		waddch (win, box | ACS_LRCORNER);
+	    else if (!i)
+		waddch (win, border | ACS_HLINE);
+	    else if (i == height - 1)
+		waddch (win, box | ACS_HLINE);
+	    else if (!j)
+		waddch (win, border | ACS_VLINE);
+	    else if (j == width - 1)
+		waddch (win, box | ACS_VLINE);
+	    else
+		waddch (win, box | ' ');
+    }
+}
+
+/*
+ * Draw shadows along the right and bottom edge to give a more 3D look
+ * to the boxes
+ */
+void
+draw_shadow (WINDOW * win, int y, int x, int height, int width)
+{
+    int i;
+
+    if (has_colors ()) {	/* Whether terminal supports color? */
+	wattrset (win, shadow_attr);
+	wmove (win, y + height, x + 2);
+	for (i = 0; i < width; i++)
+	    waddch (win, winch (win) & A_CHARTEXT);
+	for (i = y + 1; i < y + height + 1; i++) {
+	    wmove (win, i, x + width);
+	    waddch (win, winch (win) & A_CHARTEXT);
+	    waddch (win, winch (win) & A_CHARTEXT);
+	}
+	wnoutrefresh (win);
+    }
+}
+
+/*
+ *  Return the position of the first alphabetic character in a string.
+ */
+int
+first_alpha(const char *string, const char *exempt)
+{
+	int i, in_paren=0, c;
+
+	for (i = 0; i < strlen(string); i++) {
+		c = tolower(string[i]);
+
+		if (strchr("<[(", c)) ++in_paren;
+		if (strchr(">])", c) && in_paren > 0) --in_paren;
+
+		if ((! in_paren) && isalpha(c) && 
+		     strchr(exempt, c) == 0)
+			return i;
+	}
+
+	return 0;
+}
+
+/*
+ * Get the first selected item in the dialog_list_item list.
+ */
+struct dialog_list_item *
+first_sel_item(int item_no, struct dialog_list_item ** items)
+{
+	int i;
+
+	for (i = 0; i < item_no; i++) {
+		if (items[i]->selected)
+			return items[i];
+	}
+
+	return NULL;
+}
diff --git a/config/scripts/config/lxdialog/yesno.c b/config/scripts/config/lxdialog/yesno.c
new file mode 100644
index 0000000000..11fcc25f51
--- /dev/null
+++ b/config/scripts/config/lxdialog/yesno.c
@@ -0,0 +1,118 @@
+/*
+ *  yesno.c -- implements the yes/no box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+/*
+ * Display termination buttons
+ */
+static void
+print_buttons(WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 10;
+    int y = height - 2;
+
+    print_button (dialog, " Yes ", y, x, selected == 0);
+    print_button (dialog, "  No  ", y, x + 13, selected == 1);
+
+    wmove(dialog, y, x+1 + 13*selected );
+    wrefresh (dialog);
+}
+
+/*
+ * Display a dialog box with two buttons - Yes and No
+ */
+int
+dialog_yesno (const char *title, const char *prompt, int height, int width)
+{
+    int i, x, y, key = 0, button = 0;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    print_buttons(dialog, height, width, 0);
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+	switch (key) {
+	case 'Y':
+	case 'y':
+	    delwin (dialog);
+	    return 0;
+	case 'N':
+	case 'n':
+	    delwin (dialog);
+	    return 1;
+
+	case TAB:
+	case KEY_LEFT:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 1 : (button > 1 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (dialog);
+	    break;
+	case ' ':
+	case '\n':
+	    delwin (dialog);
+	    return button;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/mconf.c b/config/scripts/config/mconf.c
new file mode 100644
index 0000000000..406eb29c3b
--- /dev/null
+++ b/config/scripts/config/mconf.c
@@ -0,0 +1,977 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ *
+ * Introduced single menu mode (show all sub-menus in one large tree).
+ * 2002-11-06 Petr Baudis <pasky@ucw.cz>
+ *
+ * Directly use liblxdialog library routines.
+ * 2002-11-14 Petr Baudis <pasky@ucw.cz>
+ */
+
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/termios.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include "lxdialog/dialog.h"
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+static char menu_backtitle[128];
+static const char mconf_readme[] =
+"Overview\n"
+"--------\n"
+"Some features may be built directly into axTLS.  Some features\n"
+"may be completely removed altogether.  There are also certain\n"
+"parameters which are not really features, but must be\n"
+"entered in as decimal or hexadecimal numbers or possibly text.\n"
+"\n"
+"Menu items beginning with [*] or [ ] represent features\n"
+"configured to be built in or removed respectively.\n"
+"\n"
+"To change any of these features, highlight it with the cursor\n"
+"keys and press <Y> to build it in or <N> to removed it.\n"
+"You may also press the <Space Bar> to cycle\n"
+"through the available options (ie. Y->N->Y).\n"
+"\n"
+"Some additional keyboard hints:\n"
+"\n"
+"Menus\n"
+"----------\n"
+"o  Use the Up/Down arrow keys (cursor keys) to highlight the item\n"
+"   you wish to change or submenu wish to select and press <Enter>.\n"
+"   Submenus are designated by \"--->\".\n"
+"\n"
+"   Shortcut: Press the option's highlighted letter (hotkey).\n"
+"             Pressing a hotkey more than once will sequence\n"
+"             through all visible items which use that hotkey.\n"
+"\n"
+"   You may also use the <PAGE UP> and <PAGE DOWN> keys to scroll\n"
+"   unseen options into view.\n"
+"\n"
+"o  To exit a menu use the cursor keys to highlight the <Exit> button\n"
+"   and press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <ESC><ESC> or <E> or <X> if there is no hotkey\n"
+"             using those letters.  You may press a single <ESC>, but\n"
+"             there is a delayed response which you may find annoying.\n"
+"\n"
+"   Also, the <TAB> and cursor keys will cycle between <Select>,\n"
+"   <Exit> and <Help>\n"
+"\n"
+"o  To get help with an item, use the cursor keys to highlight <Help>\n"
+"   and Press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <H> or <?>.\n"
+"\n"
+"\n"
+"Radiolists  (Choice lists)\n"
+"-----------\n"
+"o  Use the cursor keys to select the option you wish to set and press\n"
+"   <S> or the <SPACE BAR>.\n"
+"\n"
+"   Shortcut: Press the first letter of the option you wish to set then\n"
+"             press <S> or <SPACE BAR>.\n"
+"\n"
+"o  To see available help for the item, use the cursor keys to highlight\n"
+"   <Help> and Press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <H> or <?>.\n"
+"\n"
+"   Also, the <TAB> and cursor keys will cycle between <Select> and\n"
+"   <Help>\n"
+"\n"
+"\n"
+"Data Entry\n"
+"-----------\n"
+"o  Enter the requested information and press <ENTER>\n"
+"   If you are entering hexadecimal values, it is not necessary to\n"
+"   add the '0x' prefix to the entry.\n"
+"\n"
+"o  For help, use the <TAB> or cursor keys to highlight the help option\n"
+"   and press <ENTER>.  You can try <TAB><H> as well.\n"
+"\n"
+"\n"
+"Text Box    (Help Window)\n"
+"--------\n"
+"o  Use the cursor keys to scroll up/down/left/right.  The VI editor\n"
+"   keys h,j,k,l function here as do <SPACE BAR> and <B> for those\n"
+"   who are familiar with less and lynx.\n"
+"\n"
+"o  Press <E>, <X>, <Enter> or <Esc><Esc> to exit.\n"
+"\n"
+"\n"
+"Alternate Configuration Files\n"
+"-----------------------------\n"
+"Menuconfig supports the use of alternate configuration files for\n"
+"those who, for various reasons, find it necessary to switch\n"
+"between different configurations.\n"
+"\n"
+"At the end of the main menu you will find two options.  One is\n"
+"for saving the current configuration to a file of your choosing.\n"
+"The other option is for loading a previously saved alternate\n"
+"configuration.\n"
+"\n"
+"Even if you don't use alternate configuration files, but you\n"
+"find during a Menuconfig session that you have completely messed\n"
+"up your settings, you may use the \"Load Alternate...\" option to\n"
+"restore your previously saved settings from \".config\" without\n"
+"restarting Menuconfig.\n"
+"\n"
+"Other information\n"
+"-----------------\n"
+"If you use Menuconfig in an XTERM window make sure you have your\n"
+"$TERM variable set to point to a xterm definition which supports color.\n"
+"Otherwise, Menuconfig will look rather bad.  Menuconfig will not\n"
+"display correctly in a RXVT window because rxvt displays only one\n"
+"intensity of color, bright.\n"
+"\n"
+"Menuconfig will display larger menus on screens or xterms which are\n"
+"set to display more than the standard 25 row by 80 column geometry.\n"
+"In order for this to work, the \"stty size\" command must be able to\n"
+"display the screen's current row and column geometry.  I STRONGLY\n"
+"RECOMMEND that you make sure you do NOT have the shell variables\n"
+"LINES and COLUMNS exported into your environment.  Some distributions\n"
+"export those variables via /etc/profile.  Some ncurses programs can\n"
+"become confused when those variables (LINES & COLUMNS) don't reflect\n"
+"the true screen size.\n"
+"\n"
+"Optional personality available\n"
+"------------------------------\n"
+"If you prefer to have all of the options listed in a single\n"
+"menu, rather than the default multimenu hierarchy, run the menuconfig\n"
+"with MENUCONFIG_MODE environment variable set to single_menu. Example:\n"
+"\n"
+"make MENUCONFIG_MODE=single_menu menuconfig\n"
+"\n"
+"<Enter> will then unroll the appropriate category, or enfold it if it\n"
+"is already unrolled.\n"
+"\n"
+"Note that this mode can eventually be a little more CPU expensive\n"
+"(especially with a larger number of unrolled categories) than the\n"
+"default mode.\n",
+menu_instructions[] =
+	"Arrow keys navigate the menu.  "
+	"<Enter> selects submenus --->.  "
+	"Highlighted letters are hotkeys.  "
+	"Pressing <Y> selectes a feature, while <N> will exclude a feature.  "
+	"Press <Esc><Esc> to exit, <?> for Help, </> for Search.  "
+	"Legend: [*] feature is selected  [ ] feature is excluded",
+radiolist_instructions[] =
+	"Use the arrow keys to navigate this window or "
+	"press the hotkey of the item you wish to select "
+	"followed by the <SPACE BAR>. "
+	"Press <?> for additional information about this option.",
+inputbox_instructions_int[] =
+	"Please enter a decimal value. "
+	"Fractions will not be accepted.  "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+inputbox_instructions_hex[] =
+	"Please enter a hexadecimal value. "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+inputbox_instructions_string[] =
+	"Please enter a string value. "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+setmod_text[] =
+	"This feature depends on another which has been configured as a module.\n"
+	"As a result, this feature will be built as a module.",
+nohelp_text[] =
+	"There is no help available for this option.\n",
+load_config_text[] =
+	"Enter the name of the configuration file you wish to load.  "
+	"Accept the name shown to restore the configuration you "
+	"last retrieved.  Leave blank to abort.",
+load_config_help[] =
+	"\n"
+	"For various reasons, one may wish to keep several different axTLS\n"
+	"configurations available on a single machine.\n"
+	"\n"
+	"If you have saved a previous configuration in a file other than the\n"
+	"axTLS's default, entering the name of the file here will allow you\n"
+	"to modify that configuration.\n"
+	"\n"
+	"If you are uncertain, then you have probably never used alternate\n"
+	"configuration files.  You should therefor leave this blank to abort.\n",
+save_config_text[] =
+	"Enter a filename to which this configuration should be saved "
+	"as an alternate.  Leave blank to abort.",
+save_config_help[] =
+	"\n"
+	"For various reasons, one may wish to keep different axTLS\n"
+	"configurations available on a single machine.\n"
+	"\n"
+	"Entering a file name here will allow you to later retrieve, modify\n"
+	"and use the current configuration as an alternate to whatever\n"
+	"configuration options you have selected at that time.\n"
+	"\n"
+	"If you are uncertain what all this means then you should probably\n"
+	"leave this blank.\n",
+search_help[] =
+	"\n"
+	"Search for CONFIG_ symbols and display their relations.\n"
+	"Example: search for \"^FOO\"\n"
+	"Result:\n"
+	"-----------------------------------------------------------------\n"
+	"Symbol: FOO [=m]\n"
+	"Prompt: Foo bus is used to drive the bar HW\n"
+	"Defined at drivers/pci/Kconfig:47\n"
+	"Depends on: X86_LOCAL_APIC && X86_IO_APIC || IA64\n"
+	"Location:\n"
+	"  -> Bus options (PCI, PCMCIA, EISA, MCA, ISA)\n"
+	"    -> PCI support (PCI [=y])\n"
+	"      -> PCI access mode (<choice> [=y])\n"
+	"Selects: LIBCRC32\n"
+	"Selected by: BAR\n"
+	"-----------------------------------------------------------------\n"
+	"o The line 'Prompt:' shows the text used in the menu structure for\n"
+	"  this CONFIG_ symbol\n"
+	"o The 'Defined at' line tell at what file / line number the symbol\n"
+	"  is defined\n"
+	"o The 'Depends on:' line tell what symbols needs to be defined for\n"
+	"  this symbol to be visible in the menu (selectable)\n"
+	"o The 'Location:' lines tell where in the menu structure this symbol\n"
+	"  is located\n"
+	"    A location followed by a [=y] indicate that this is a selectable\n"
+	"    menu item - and current value is displayed inside brackets.\n"
+	"o The 'Selects:' line tell what symbol will be automatically\n"
+	"  selected if this symbol is selected (y or m)\n"
+	"o The 'Selected by' line tell what symbol has selected this symbol\n"
+	"\n"
+	"Only relevant lines are shown.\n"
+	"\n\n"
+	"Search examples:\n"
+	"Examples: USB	=> find all CONFIG_ symbols containing USB\n"
+	"          ^USB => find all CONFIG_ symbols starting with USB\n"
+	"          USB$ => find all CONFIG_ symbols ending with USB\n"
+	"\n";
+
+static char filename[PATH_MAX+1] = ".config";
+static int indent;
+static struct termios ios_org;
+static int rows = 0, cols = 0;
+static struct menu *current_menu;
+static int child_count;
+static int single_menu_mode;
+
+static struct dialog_list_item *items[16384]; /* FIXME: This ought to be dynamic. */
+static int item_no;
+
+static void conf(struct menu *menu);
+static void conf_choice(struct menu *menu);
+static void conf_string(struct menu *menu);
+static void conf_load(void);
+static void conf_save(void);
+static void show_textbox(const char *title, const char *text, int r, int c);
+static void show_helptext(const char *title, const char *text);
+static void show_help(struct menu *menu);
+static void show_file(const char *filename, const char *title, int r, int c);
+
+static void init_wsize(void)
+{
+	struct winsize ws;
+	char *env;
+
+	if (!ioctl(STDIN_FILENO, TIOCGWINSZ, &ws)) {
+		rows = ws.ws_row;
+		cols = ws.ws_col;
+	}
+
+	if (!rows) {
+		env = getenv("LINES");
+		if (env)
+			rows = atoi(env);
+		if (!rows)
+			rows = 24;
+	}
+	if (!cols) {
+		env = getenv("COLUMNS");
+		if (env)
+			cols = atoi(env);
+		if (!cols)
+			cols = 80;
+	}
+
+	if (rows < 19 || cols < 80) {
+		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
+		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
+		exit(1);
+	}
+
+	rows -= 4;
+	cols -= 5;
+}
+
+static void cinit(void)
+{
+	item_no = 0;
+}
+
+static void cmake(void)
+{
+	items[item_no] = malloc(sizeof(struct dialog_list_item));
+	memset(items[item_no], 0, sizeof(struct dialog_list_item));
+	items[item_no]->tag = malloc(32); items[item_no]->tag[0] = 0;
+	items[item_no]->name = malloc(512); items[item_no]->name[0] = 0;
+	items[item_no]->namelen = 0;
+	item_no++;
+}
+
+static int cprint_name(const char *fmt, ...)
+{
+	va_list ap;
+	int res;
+
+	if (!item_no)
+		cmake();
+	va_start(ap, fmt);
+	res = vsnprintf(items[item_no - 1]->name + items[item_no - 1]->namelen,
+			512 - items[item_no - 1]->namelen, fmt, ap);
+	if (res > 0)
+		items[item_no - 1]->namelen += res;
+	va_end(ap);
+
+	return res;
+}
+
+static int cprint_tag(const char *fmt, ...)
+{
+	va_list ap;
+	int res;
+
+	if (!item_no)
+		cmake();
+	va_start(ap, fmt);
+	res = vsnprintf(items[item_no - 1]->tag, 32, fmt, ap);
+	va_end(ap);
+
+	return res;
+}
+
+static void cdone(void)
+{
+	int i;
+
+	for (i = 0; i < item_no; i++) {
+		free(items[i]->tag);
+		free(items[i]->name);
+		free(items[i]);
+	}
+
+	item_no = 0;
+}
+
+static void get_prompt_str(struct gstr *r, struct property *prop)
+{
+	int i, j;
+	struct menu *submenu[8], *menu;
+
+	str_printf(r, "Prompt: %s\n", prop->text);
+	str_printf(r, "  Defined at %s:%d\n", prop->menu->file->name,
+		prop->menu->lineno);
+	if (!expr_is_yes(prop->visible.expr)) {
+		str_append(r, "  Depends on: ");
+		expr_gstr_print(prop->visible.expr, r);
+		str_append(r, "\n");
+	}
+	menu = prop->menu->parent;
+	for (i = 0; menu != &rootmenu && i < 8; menu = menu->parent)
+		submenu[i++] = menu;
+	if (i > 0) {
+		str_printf(r, "  Location:\n");
+		for (j = 4; --i >= 0; j += 2) {
+			menu = submenu[i];
+			str_printf(r, "%*c-> %s", j, ' ', menu_get_prompt(menu));
+			if (menu->sym) {
+				str_printf(r, " (%s [=%s])", menu->sym->name ?
+					menu->sym->name : "<choice>",
+					sym_get_string_value(menu->sym));
+			}
+			str_append(r, "\n");
+		}
+	}
+}
+
+static void get_symbol_str(struct gstr *r, struct symbol *sym)
+{
+	bool hit;
+	struct property *prop;
+
+	str_printf(r, "Symbol: %s [=%s]\n", sym->name,
+	                               sym_get_string_value(sym));
+	for_all_prompts(sym, prop)
+		get_prompt_str(r, prop);
+	hit = false;
+	for_all_properties(sym, prop, P_SELECT) {
+		if (!hit) {
+			str_append(r, "  Selects: ");
+			hit = true;
+		} else
+			str_printf(r, " && ");
+		expr_gstr_print(prop->expr, r);
+	}
+	if (hit)
+		str_append(r, "\n");
+	if (sym->rev_dep.expr) {
+		str_append(r, "  Selected by: ");
+		expr_gstr_print(sym->rev_dep.expr, r);
+		str_append(r, "\n");
+	}
+	str_append(r, "\n\n");
+}
+
+static struct gstr get_relations_str(struct symbol **sym_arr)
+{
+	struct symbol *sym;
+	struct gstr res = str_new();
+	int i;
+
+	for (i = 0; sym_arr && (sym = sym_arr[i]); i++)
+		get_symbol_str(&res, sym);
+	if (!i)
+		str_append(&res, "No matches found.\n");
+	return res;
+}
+
+static void search_conf(void)
+{
+	struct symbol **sym_arr;
+	struct gstr res;
+
+again:
+	switch (dialog_inputbox("Search Configuration Parameter",
+				"Enter Keyword", 10, 75,
+				NULL)) {
+	case 0:
+		break;
+	case 1:
+		show_helptext("Search Configuration", search_help);
+		goto again;
+	default:
+		return;
+	}
+
+	sym_arr = sym_re_search(dialog_input_result);
+	res = get_relations_str(sym_arr);
+	free(sym_arr);
+	show_textbox("Search Results", str_get(&res), 0, 0);
+	str_free(&res);
+}
+
+static void build_conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct property *prop;
+	struct menu *child;
+	int type, tmp, doint = 2;
+	tristate val;
+	char ch;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	prop = menu->prompt;
+	if (!sym) {
+		if (prop && menu != current_menu) {
+			const char *prompt = menu_get_prompt(menu);
+			switch (prop->type) {
+			case P_MENU:
+				child_count++;
+				cmake();
+				cprint_tag("m%p", menu);
+
+				if (single_menu_mode) {
+					cprint_name("%s%*c%s",
+						menu->data ? "-->" : "++>",
+						indent + 1, ' ', prompt);
+				} else {
+					cprint_name("   %*c%s  --->", indent + 1, ' ', prompt);
+				}
+
+				if (single_menu_mode && menu->data)
+					goto conf_childs;
+				return;
+			default:
+				if (prompt) {
+					child_count++;
+					cmake();
+					cprint_tag(":%p", menu);
+					cprint_name("---%*c%s", indent + 1, ' ', prompt);
+				}
+			}
+		} else
+			doint = 0;
+		goto conf_childs;
+	}
+
+	cmake();
+	type = sym_get_type(sym);
+	if (sym_is_choice(sym)) {
+		struct symbol *def_sym = sym_get_choice_value(sym);
+		struct menu *def_menu = NULL;
+
+		child_count++;
+		for (child = menu->list; child; child = child->next) {
+			if (menu_is_visible(child) && child->sym == def_sym)
+				def_menu = child;
+		}
+
+		val = sym_get_tristate_value(sym);
+		if (sym_is_changable(sym)) {
+			cprint_tag("t%p", menu);
+			switch (type) {
+			case S_BOOLEAN:
+				cprint_name("[%c]", val == no ? ' ' : '*');
+				break;
+			case S_TRISTATE:
+				switch (val) {
+				case yes: ch = '*'; break;
+				case mod: ch = 'M'; break;
+				default:  ch = ' '; break;
+				}
+				cprint_name("<%c>", ch);
+				break;
+			}
+		} else {
+			cprint_tag("%c%p", def_menu ? 't' : ':', menu);
+			cprint_name("   ");
+		}
+
+		cprint_name("%*c%s", indent + 1, ' ', menu_get_prompt(menu));
+		if (val == yes) {
+			if (def_menu) {
+				cprint_name(" (%s)", menu_get_prompt(def_menu));
+				cprint_name("  --->");
+				if (def_menu->list) {
+					indent += 2;
+					build_conf(def_menu);
+					indent -= 2;
+				}
+			}
+			return;
+		}
+	} else {
+		if (menu == current_menu) {
+			cprint_tag(":%p", menu);
+			cprint_name("---%*c%s", indent + 1, ' ', menu_get_prompt(menu));
+			goto conf_childs;
+		}
+		child_count++;
+		val = sym_get_tristate_value(sym);
+		if (sym_is_choice_value(sym) && val == yes) {
+			cprint_tag(":%p", menu);
+			cprint_name("   ");
+		} else {
+			switch (type) {
+			case S_BOOLEAN:
+				cprint_tag("t%p", menu);
+				if (sym_is_changable(sym))
+					cprint_name("[%c]", val == no ? ' ' : '*');
+				else
+					cprint_name("---");
+				break;
+			case S_TRISTATE:
+				cprint_tag("t%p", menu);
+				switch (val) {
+				case yes: ch = '*'; break;
+				case mod: ch = 'M'; break;
+				default:  ch = ' '; break;
+				}
+				if (sym_is_changable(sym))
+					cprint_name("<%c>", ch);
+				else
+					cprint_name("---");
+				break;
+			default:
+				cprint_tag("s%p", menu);
+				tmp = cprint_name("(%s)", sym_get_string_value(sym));
+				tmp = indent - tmp + 4;
+				if (tmp < 0)
+					tmp = 0;
+				cprint_name("%*c%s%s", tmp, ' ', menu_get_prompt(menu),
+					(sym_has_value(sym) || !sym_is_changable(sym)) ?
+					"" : " (NEW)");
+				goto conf_childs;
+			}
+		}
+		cprint_name("%*c%s%s", indent + 1, ' ', menu_get_prompt(menu),
+			(sym_has_value(sym) || !sym_is_changable(sym)) ?
+			"" : " (NEW)");
+		if (menu->prompt->type == P_MENU) {
+			cprint_name("  --->");
+			return;
+		}
+	}
+
+conf_childs:
+	indent += doint;
+	for (child = menu->list; child; child = child->next)
+		build_conf(child);
+	indent -= doint;
+}
+
+static void conf(struct menu *menu)
+{
+	struct dialog_list_item *active_item = NULL;
+	struct menu *submenu;
+	const char *prompt = menu_get_prompt(menu);
+	struct symbol *sym;
+	char active_entry[40];
+	int stat, type;
+
+	unlink("lxdialog.scrltmp");
+	active_entry[0] = 0;
+	while (1) {
+		indent = 0;
+		child_count = 0;
+		current_menu = menu;
+		cdone(); cinit();
+		build_conf(menu);
+		if (!child_count)
+			break;
+		if (menu == &rootmenu) {
+			cmake(); cprint_tag(":"); cprint_name("--- ");
+			cmake(); cprint_tag("L"); cprint_name("Load an Alternate Configuration File");
+			cmake(); cprint_tag("S"); cprint_name("Save Configuration to an Alternate File");
+		}
+		dialog_clear();
+		stat = dialog_menu(prompt ? prompt : "Main Menu",
+				menu_instructions, rows, cols, rows - 10,
+				active_entry, item_no, items);
+		if (stat < 0)
+			return;
+
+		if (stat == 1 || stat == 255)
+			break;
+
+		active_item = first_sel_item(item_no, items);
+		if (!active_item)
+			continue;
+		active_item->selected = 0;
+		strncpy(active_entry, active_item->tag, sizeof(active_entry));
+		active_entry[sizeof(active_entry)-1] = 0;
+		type = active_entry[0];
+		if (!type)
+			continue;
+
+		sym = NULL;
+		submenu = NULL;
+		if (sscanf(active_entry + 1, "%p", &submenu) == 1)
+			sym = submenu->sym;
+
+		switch (stat) {
+		case 0:
+			switch (type) {
+			case 'm':
+				if (single_menu_mode)
+					submenu->data = (void *) (long) !submenu->data;
+				else
+					conf(submenu);
+				break;
+			case 't':
+				if (sym_is_choice(sym) && sym_get_tristate_value(sym) == yes)
+					conf_choice(submenu);
+				else if (submenu->prompt->type == P_MENU)
+					conf(submenu);
+				break;
+			case 's':
+				conf_string(submenu);
+				break;
+			case 'L':
+				conf_load();
+				break;
+			case 'S':
+				conf_save();
+				break;
+			}
+			break;
+		case 2:
+			if (sym)
+				show_help(submenu);
+			else
+				show_helptext("README", mconf_readme);
+			break;
+		case 3:
+			if (type == 't') {
+				if (sym_set_tristate_value(sym, yes))
+					break;
+				if (sym_set_tristate_value(sym, mod))
+					show_textbox(NULL, setmod_text, 6, 74);
+			}
+			break;
+		case 4:
+			if (type == 't')
+				sym_set_tristate_value(sym, no);
+			break;
+		case 5:
+			if (type == 't')
+				sym_set_tristate_value(sym, mod);
+			break;
+		case 6:
+			if (type == 't')
+				sym_toggle_tristate_value(sym);
+			else if (type == 'm')
+				conf(submenu);
+			break;
+		case 7:
+			search_conf();
+			break;
+		}
+	}
+}
+
+static void show_textbox(const char *title, const char *text, int r, int c)
+{
+	int fd;
+
+	fd = creat(".help.tmp", 0777);
+	write(fd, text, strlen(text));
+	close(fd);
+	show_file(".help.tmp", title, r, c);
+	unlink(".help.tmp");
+}
+
+static void show_helptext(const char *title, const char *text)
+{
+	show_textbox(title, text, 0, 0);
+}
+
+static void show_help(struct menu *menu)
+{
+	struct gstr help = str_new();
+	struct symbol *sym = menu->sym;
+
+	if (sym->help)
+	{
+		if (sym->name) {
+			str_printf(&help, "%s:\n\n", sym->name);
+			str_append(&help, sym->help);
+			str_append(&help, "\n");
+		}
+	} else {
+		str_append(&help, nohelp_text);
+	}
+	get_symbol_str(&help, sym);
+	show_helptext(menu_get_prompt(menu), str_get(&help));
+	str_free(&help);
+}
+
+static void show_file(const char *filename, const char *title, int r, int c)
+{
+	while (dialog_textbox(title, filename, r ? r : rows, c ? c : cols) < 0)
+		;
+}
+
+static void conf_choice(struct menu *menu)
+{
+	const char *prompt = menu_get_prompt(menu);
+	struct menu *child;
+	struct symbol *active;
+
+	active = sym_get_choice_value(menu->sym);
+	while (1) {
+		current_menu = menu;
+		cdone(); cinit();
+		for (child = menu->list; child; child = child->next) {
+			if (!menu_is_visible(child))
+				continue;
+			cmake();
+			cprint_tag("%p", child);
+			cprint_name("%s", menu_get_prompt(child));
+			if (child->sym == sym_get_choice_value(menu->sym))
+				items[item_no - 1]->selected = 1; /* ON */
+			else if (child->sym == active)
+				items[item_no - 1]->selected = 2; /* SELECTED */
+			else
+				items[item_no - 1]->selected = 0; /* OFF */
+		}
+
+		switch (dialog_checklist(prompt ? prompt : "Main Menu",
+					radiolist_instructions, 15, 70, 6,
+					item_no, items, FLAG_RADIO)) {
+		case 0:
+			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) != 1)
+				break;
+			sym_set_tristate_value(child->sym, yes);
+			return;
+		case 1:
+			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) == 1) {
+				show_help(child);
+				active = child->sym;
+			} else
+				show_help(menu);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_string(struct menu *menu)
+{
+	const char *prompt = menu_get_prompt(menu);
+
+	while (1) {
+		char *heading;
+
+		switch (sym_get_type(menu->sym)) {
+		case S_INT:
+			heading = (char *) inputbox_instructions_int;
+			break;
+		case S_HEX:
+			heading = (char *) inputbox_instructions_hex;
+			break;
+		case S_STRING:
+			heading = (char *) inputbox_instructions_string;
+			break;
+		default:
+			heading = "Internal mconf error!";
+			/* panic? */;
+		}
+
+		switch (dialog_inputbox(prompt ? prompt : "Main Menu",
+					heading, 10, 75,
+					sym_get_string_value(menu->sym))) {
+		case 0:
+			if (sym_set_string_value(menu->sym, dialog_input_result))
+				return;
+			show_textbox(NULL, "You have made an invalid entry.", 5, 43);
+			break;
+		case 1:
+			show_help(menu);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_load(void)
+{
+	while (1) {
+		switch (dialog_inputbox(NULL, load_config_text, 11, 55,
+					filename)) {
+		case 0:
+			if (!dialog_input_result[0])
+				return;
+			if (!conf_read(dialog_input_result))
+				return;
+			show_textbox(NULL, "File does not exist!", 5, 38);
+			break;
+		case 1:
+			show_helptext("Load Alternate Configuration", load_config_help);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_save(void)
+{
+	while (1) {
+		switch (dialog_inputbox(NULL, save_config_text, 11, 55,
+					filename)) {
+		case 0:
+			if (!dialog_input_result[0])
+				return;
+			if (!conf_write(dialog_input_result))
+				return;
+			show_textbox(NULL, "Can't create file!  Probably a nonexistent directory.", 5, 60);
+			break;
+		case 1:
+			show_helptext("Save Alternate Configuration", save_config_help);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_cleanup(void)
+{
+	tcsetattr(1, TCSAFLUSH, &ios_org);
+	unlink(".help.tmp");
+}
+
+static void winch_handler(int sig)
+{
+	struct winsize ws;
+
+	if (ioctl(1, TIOCGWINSZ, &ws) == -1) {
+		rows = 24;
+		cols = 80;
+	} else {
+		rows = ws.ws_row;
+		cols = ws.ws_col;
+	}
+
+	if (rows < 19 || cols < 80) {
+		end_dialog();
+		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
+		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
+		exit(1);
+	}
+
+	rows -= 4;
+	cols -= 5;
+
+}
+
+int main(int ac, char **av)
+{
+	struct symbol *sym;
+	char *mode;
+	int stat;
+
+	conf_parse(av[1]);
+	conf_read(NULL);
+
+	sym = sym_lookup("VERSION", 0);
+	sym_calc_value(sym);
+	snprintf(menu_backtitle, 128, "axTLS v%s Configuration",
+		sym_get_string_value(sym));
+
+	mode = getenv("MENUCONFIG_MODE");
+	if (mode) {
+		if (!strcasecmp(mode, "single_menu"))
+			single_menu_mode = 1;
+	}
+
+	tcgetattr(1, &ios_org);
+	atexit(conf_cleanup);
+	init_wsize();
+	init_dialog();
+	signal(SIGWINCH, winch_handler);
+	conf(&rootmenu);
+	end_dialog();
+
+	/* Restart dialog to act more like when lxdialog was still separate */
+	init_dialog();
+	do {
+		stat = dialog_yesno(NULL,
+				    "Do you wish to save your new axTLS configuration?", 5, 60);
+	} while (stat < 0);
+	end_dialog();
+
+	if (stat == 0) {
+		conf_write(NULL);
+		printf("\n\n"
+			"*** End of axTLS configuration.\n"
+			"*** Check the top-level Makefile for additional configuration options.\n\n");
+	} else
+		printf("\n\nYour axTLS configuration changes were NOT saved.\n\n");
+
+	return 0;
+}
diff --git a/config/scripts/config/mconf.exe b/config/scripts/config/mconf.exe
new file mode 100755
index 0000000000000000000000000000000000000000..cb7ff192a8c975b01fa24084c87a38196aab270e
GIT binary patch
literal 138973
zcmeFa4Rlo1x&J?t3@}3Q1PwK6)Ul45Xsn4wFOi_(ovWzSSFBj|S}UzoxjIqQfW$MS
zoF0Sps(rIoBW<-Wx7w?v15^kE6VTd5d_%dd)M|UCqb)_n2%7vq-@VV|1+f2nfB&`q
zYyH>yvov$g-p_vC_OqY;>}T(D&e>mB7AcNIA~F8&>x)FP{OVt$`TNiRET($@BUbGn
zd1}AskIY7AK7Zr|bH8$9V*U-+UvtBiUrStd<#pFxpGy4O)rlLLu1kF7y2O-o&rf{q
z`Y&DmxzVFXCPUP-rbZ$&qr)QSxXY(Rz88)BU|1xwEi$5bRJ3SZ<b8mC!2cD|NTifs
z^FP<(PS-`2Z<UCD^KY9i9DY)fkt-5OSXebs8~%kq_NKciQa0LN{=fP6bE&Hrq#)S%
z9)HA;WbGG%YyKrr#pk|sW$H?<YgAW?q{I2`;r~JZ8Y7YR&)r}Fw=Jb20o*cvdj|n=
z*~ovN`?ni!RB8Jmz&yeK`}nt5_`YKC8Qq|x$o>E>9SYwF9HsyNzyA+w;6m?h_no-=
z*7ml@6B8qu_EhvYuPy9#el@lC==SY>eP8ybnw!yQ;3RbO+Shu!V##GkH%5Z!JCVqy
zj%7pt)wVBB{9;n1V_EA{$4D*iI~86kS>~UjQg2SObamnv6C+-8vK%zB`{1;9BM~q5
zWSan1%E~|X8{FFV_kIdMf?HGJ*SWzM0ZxnC`<UxD#yi7WAS0NlfZl;AZ+JgUqyXZV
zxs6?u%mDM@!Z7KJF*tEIR1D_VA1hWen^WhvPDv*HvimE<@swnVKP8#qH}0Pq%Zgsr
zM($$%q?kW4y3vazgUcbFY4_GIazX|&Y8sst^SVW&HFZoR$oKa3Sqk}wTW^wn`stl4
zdV>jNCBLB&GfW_|$n@mVYXRQ_1Nhp(cRsyYyLJ3w5@F#4Z>Jx7Pzn!Q{+yPD5|o|{
z9vmo`tov5(ZR6%=!me~T#4qjecDDZdSeS`i=sk1sMG%?eU68Ey%96nYcN!K;eC|<&
zS1k$R*>#OZXR%-u_5Kv<=2vERdfS_vTr*z8KQ*({Nnfk0X(d?Q-_>aCi!@sOhFUf!
zg(>)LMgSFlqx4>4uDFR~M+HK`PYp;ZI8JlNjd0SBgOjE!-xHdd$yl%}O~E|+X<Dfy
zT>Y4-UsW`b`U|Lkoq90W_W848ExQ{#Cq<m}Wqo~ptt%w2H|N(i{-v?$Va@&RwVU0(
z5zhD5XS$pIl<9Mpo&+fLvN7Sq9D+k&C@Vwbt}_1_)frl<yAE0|#YN{jOFmM^f!(V}
z2E&&a@KTgmS?KhV?3fTGY{sRHc5ymc>iUT!ITAufEt5<9##pAkX;}6U+ajJls?d~X
z9?f!1uxY!fvUV#r+SxQJKMQ+NN2E@27sZD+y`SFNbR~3FpQy&D_{nJSv<nTRymFCT
z^e7zAqUpEkt*J4<4yf^7AWc6v*1^i@5_^2eL~t{8?uI#+e)00lI;dEAx+>H+f1@J*
zP|Jc?_kj~5PG$-!$<61FT2C&tt}pOlEUZp^?EDdI4OZ+}!3-uD8${CfWb0b>r~6I=
z##OhL;Typ*)p(sqT8)U~C{7CZs-H(9>2@c5hm3PkiT}k?x;edsyWqs#u-1?aK12=b
zU4MG=u~H{f1+wv{Y{!2(=~wCbzF`rD++zv<^0L%^?(QNd{V=6&bFwn(q}z+_Wl`!@
z=*Mtf=ObwFeu#Re1i@4&zgXq-RNm3{1jwtlw9bxsTR!Yw*K@>?9XqEV9d|MtA-#5v
zG*yRv$RL`NrE3!sjse4s87m;WOvsJ^S?)Lu5KH-L72Zl==al48XS=(jsZz0fUwiMy
z<j&Y}ODL7NOV(SBybm#F4Ta$QifGEDpWD^fXL(so_38pIb)j(@&aK~vsYb5ip?HR)
zR$4PK-39StC!>%B)Yplt6czH9IO}TsbPayG&Zn2$4GkTctxh_J6a}6CUJ^-u4Bfpg
zUhH)_>18m(Kxwpn5j1^-8m-VxLZ1OW+9`qDE!-O}pEhcnmy9<W!FH(0PE0!KkCyuV
zFUF%AGh0(fEZ1FOe)F~jKmG(64$W+Bde5L?lqCmqUDYkVO(QXH8LDju9b_u}>r26z
z?Dwzo2IGDveW&)TzqZ6lZ$&8v``eh4dSh3+>5a?|DzK@FD00P-;|}CFxZT~>>9(hg
z0Bs0B`CXFtXbFRg9<=6FVmP&Sf{hq~0rdsCtEaC|R*;FxWz0-gWHveJCOIqE)d0C<
zz(l{H2AgO=W7BO<b1gW3Ry?!WNuN$LcbN256x{JK*C&|k+%c3F{42nR<|^bx8<K0k
zC4}Xngq0{ZcQ}7)+Yu;fJ;NZ&Z5O9@R2_i{=n}Tag6h-lc`y4N1(Mt!<#W*O_wf<w
z_SNFT$($nc$MXl_zAwJEeMmtm1%rprc-pJ!Ri<g`MSvdxn8BpZ*y*+(r_RW|g!G{;
z=63dDcvNUV0<C{oDK0~X{VTdvgV^-Y%7pG_CQH;qasQ%Z_NTPSY{u0;&V?{T?@3{q
z43;*71mD#OHGf(%!{ur&bEjG<_Q6;%N<#f{KqxajzDyyAjp_Uqc5{b-W$^f!3V`hC
z>=yXL)8w8M00XKpd&Ld^;8+cF;yxC%3DG5}VX!~G@ZyWS&TJpuM^I70NU34AEB6`g
zp>WSixD{_grUSz=v(OUVNgukeNE+m6l`(ea@H-fPrqAnX8rD{d2?AG=dDjcLP1xIb
zR@l{Evi#yyxr_zRKWz%(gcwUxR&Fjh3*+5=r=)h1<}O5|Zz92X1adc&bo9r&)u^G;
z>q1*eyj>z#b(`U~+`qX5(JK6Dadiu>il`&jIwx7qblK?bAoeQ{zAw{2ic=TTrXlHd
z1n=C=)$2h<Y752BfzSuD4+Rue>29d*kUFw26@&r9ea*rjFR14O+VqDZqVN_4dC%Lq
zdfRDefXQB*<lkO);l*B;;=5*z^y@{Ok%z3Ws~ax=V<f`RYK#y#gz=y^VLQ4cRMf!c
zM>Ah=^9Ox>!H)Nkr6=&^5l&EX=3OU!EFIm_XM?PxxDI}Eb{NC2QJA_qaWdSb(9&3S
zQEMvM2>tTbNjv!|wY^BtZUQ2D69bTriG7^3qBZe+Xu`zc9nO-~l(;=nrn8paeOx>D
zt>3Tvv8a=Igc}o}uM|ynrW$U(NDZCzaj3ehu>_dNs!INdm}1U4YiMU}(<BIEDB_xk
zqF4oTwe2hOXsGsG_-vq~8u*R#JF$R0Mza}C+6SS#dxUe>1{(DxA52f47|H%k{RRhD
z91*haO*KZ<YyzfW<qk6#d(;EZqf~lhm##n0b?`k~*{6ahY-MZ`*LAAA-Bwnq;9gr<
zt?Prh&b7b+3T*J_mgK$yy%|pCM2c1=#>3JD0+XwQ*gURl+n+v5x}X=<jO1dqPa#oL
z37us^jNs(SV!ml54HiE=DH7bc3h<8Fox!RFrd>^DE1IlJ9pN9y(&}JzQ!_32IgBv<
zjquB!#Hr;8EXS_=4wzM2(A;Ua(7qzcv|5LaR>HDeL^Z5b27ma2sSAeRY9a?1i_~tW
zHs-C*{!Ah~sPGAM|0PW1W+9K;n{v`qi|K{luQ{31DUl9>VO->D!urgyTx7A%NPd*y
zGY4^R<{+~uS@}4)Vg=aUa(oI!0f(np@Lj5jA2V-;6~bdGT5Lsn6BTG_IOW+h`LimL
zK$kSFZ4cfhF3CLxfCkIg!D+aARB_vXP}(}}DYvK6x$91@`;wU-U_I!3!r}>1dBjOy
zXHlCDnDk%Pp1)wrhKbxUBDY#yXUQ#s9IQ}E;;+;cmuCNkJL*faqwGaI+c?g)2+o;k
zhgAA{q*|1opkdXtCifxy4dLU@6ch~M%pY1lHrq1sv8sVTD3p#`)va#YX+srCBP*}K
zAw6xFnTN57nbn4o6vn3LQR{}z#*mNQR1ffRJtX|GW)dX$I4U%7R%{EB8vWj^WNs!P
zJEtZ~QzPAlWklxF5d_m}@F#^q=<xt}-NF0n2*t~I*#^xHS7Bn_GptruFFplrFkJuf
zfS8D-#@zgc)sa(~@_UL?!&VQcPk<7@;+u^kOIK>dWW(`erXYkcqb7Bp;CjvorD>Hk
z)2vqS&$YqAvegl&xjn=3KUnoJG_n<-4{k<XIW3k}ZKG$h^(wncWm(FMJIOzaE6bdN
zm8_C6NYf!xm;Tb4=VaUU#w?D9?yA{f3C-df#YAIh>}?N@7v5n85oVfQAX*=)z6b;u
ze(;6=WH@{Pls^YeG1lreU^`i;`g2RY!!$hvU;aDZ=#TFLb3Sn)+>A?AcxB1poHjAj
zbSphD&M)%TLw_8O;H}zras`BuS>vFY0gSt*q%5mp!$oO!n!PB=I`#rHt+Nt%+nsc;
z3eoL<?-%OUk;OI{-8z}8kta71o|gre!WE_}@9je!)Un{2zrm?)Kya;fUz+c4m+V_5
zh1f;DGfT$LC`~P@&pGLDLvL`>C!9fY$3RJ4@g6<1_nh;^Swt%!LnHB3V!?Ej&GKx1
zO*2Mjm9^q=T3wlm+HW+*b@ES9`yx7G52}b6$vsi9gIrI6t{*eWDEJbh+|ok%kU8+T
z=YBdrlf+M|gauEzLdMUAd<7%9ld?3AjHWOQgu?iMcq!YC382@waj8-;x)htiLtBj7
zHX&Xy=oLrhM-NFT5)?8Sl-lMOn6B?{K8q%ePWs27a()HSa>Wd~I$*itJrm`*JqIir
zg-_t#-F5EmR|jWJhwz^vj2>5>K+{!X#SBQz8~8oAn=yr+ZhIBTUt37Z7Eq?@Y_;GA
zixb=oWI?9eXy67h!%OR=-G&na$wGXXEvL1q%+mLf+<Dl?;CS`ItdgSM+k{|Ava-Rv
zS772p{`gas<&i~x<;DKVF1U=PB9wm!Z+3zTj{h3XV+tL|e4DF^<m&&FFz?@Bm@Zkl
zSm+h<;7e&)gJOaamj7o2nCF^>^ReJq^|C}pE5R!;pxEdG8V~K?P;Ar3tD|8D1>Xdo
znk$lx<QKR$0p`^0(i+7eAs#Vwnhqe<yglr=sXL6e{L$)1tvY`Ppb7d!n-tkVmpc7j
z>fDnPx-!twqhMFxtq%LBB&!}C+F8%O4EWp9C<b8qKAct5xwKb52R{UeYh$H92G*GF
za?LEck@Of<e-zjns!-Nwb;~1MTf39772L1sWmB9xgNDm!nN!R3pq6vhQZn19mxXg?
zIIshzlKW8OY6YU~Wm>`UQw*mS)UA3LeVhK;`4TKE$_}dE$MaqcOi;uhZzuGHCaW1(
z0%tV=7zJ&IEiPigEvHB*uVcZB!Qr$av2jG$Dp>TOA(otq1UEp#zwG1M_DvmBFQX`*
zU&i`@^_-S+wF>vjeWEoMb#<&$<XX$xUOE6O(@Kr8#+6yr+}gESS?3z1tgH4I|5Rra
zusGSUwzMCx`Oj+H)<_#bBtXzYrBZbt0q#z?f|_Vsk0lotHYdxXtG2<Zl%(bPMz?*o
z+KP$Kn&zpi+XCCBZI*Cb4h{Yz0ccDei1ROZ))ZN)v0(QLqMG`bwr#dqmY(YqJffEa
z)W~%#_@#kr`j>D?+0phE(E0CpJKO&IpEX-#k#8C-s}RP6`=}xI?q8!$;a>T&g5d94
zv`%IO?2s8Li>`cIf-~|53!W>Yda(a-->GJ>R+z<h4Ft5xG^tT~P>Y%}#HxdxN_w?X
zJxp0CE8aM;G0pzFyD^KI$x_De(i0g!Z6Ax1$)&-6sABO`GPiKe-cAYEtE92)Uv0OT
z>|k)GYCzhW`kc~R2Js`5jh~k+TX>)}OD~j0*K<`iqket!Ep1yuD%FO{1_&3Ze1Vc+
z>|Vu_Rosh*@fQz<R{P*D1I2T&Uui))L2|T^L~^aUb5TH-wMEEWOS~sdo9rO*{zwVB
ztT7f5A{dwb8*&Qcp4jdMnq{>eAmF=dfQL|B-=HLzxmWS6Dn4beVzmzr->X>db8Q3D
zblBgpSA)Wn<Sn+S*VhF{L_173r;>Fq?DiUxt&=}!{c0~<OZDZ9UlOIPe(!6S0c3aB
z-YelI7R+TWqUzdqw>L^tfZUE^R8g|}Bf-gHShWX@7A_`)tuf6lN_tdnZ=EtJ3Q#<F
z{I`@e(*tPV^ui$RpHCh7y0EtW;@UoCEN0R#SI}&n@hx?jMzh*3mm}aNwQgIHhns$m
zUIVI9Q_8yp<`7TS?ySEcS<_sWKWCYHYe`Y-v}o%1@ig%|7oLPIFCbg1m1o&6xTym|
zIfcw7HZ7aF@&3O7-s?2*SV;448Eth@m*uL$q7?Y&L$A8Ndr^$>Qr(t)8Gf3R^AKn*
z_~uphfPAjEe%)V>h;}nROJC>#en#7`fs@Xvwug15d<r;cfO85k@wOhp;L9YK{5$wm
zITwsmK&1r9Jg-bSlK5&f)v0@OzcCsxnG-eK#C_YtjGx-g;z#%lM+&>YtziXE<h<<I
zPjaWFi-|!`qytS$XePZ$1+Tuv4T=GeK{<E_<c+CAgZudP7k9%1G~};iUP&@oqf&I?
z{=LZUi!4fby}`8xP(u<XEFfOxeoD`2dQ)^PPm@Z6i3akeJy5E>7SFz{iRH<q*hzhl
z;~qak<*A$7zK2L5zp5Wky~Gx^s&yV?ZQ~2U3~4tEsEz|+Bb!|nb|Mn%!Enm3@YrBy
zpOh}2e-3OgY38hg4z{Qesh?ICtkEAU!^F}oi3l?u=%_Er;h_}Mip)yz3+8Cb=c1tb
zA%`=ndfZ?b5Diq!b92MJ(V8{ch+eOLF(&jv4-8C^1dXjzilfLSzg^lo<&dZmn@OL>
z^F7Q$qO5+_aFCFjt=;J%!%CGfK8-7qS|HvCY`Jx^6-lOcP3592s&0Fc2neaYED1i-
z2#UirIp>do=mJ0XU%sN!;Cc1gSXH>~vHJBl6?xsubvJE%Dw%42$ses7gIO{`cz!68
zfl?br;Bw8(%?<?Xsx~%OX+k2*sND&U>V>C4uf`161<@UT$-M|rNkyIHW7tjuH15al
zg&BVg7!tvmtY6f!xs%)ZmN^L5gfcaPAcdH*Xg8R(z;)Zz15#p=u@a}WE_jB87(^L*
zRK=*8=Rp97-~pD&lqWm}!x@{bA$XYn$y^7A^Ji#0Eq&7snEZ~7%y;nRJ+p9<KVjKR
zcnw^Uvu4hSD2Qv^KNYo>wJam6mP-}4p1sX4^2tj^c1{@)ElL%;L85+LYUDI`eay(V
zMSq>|wYPjyjQ#azLYHEGEuR#bqIUO_<HL%kTij1hNTu9Q&Uey3hyj1kyMVZ#B%Jj9
z=60?UXrJuoq{o<xkxqIc<-xhIyhr@zesZXjIhF|?9VDfLe3#KdrF3uv1H%j<cf(A(
zIlQyLAl#f#U^D$Q*hFSFmYvKca3c9}yvy;l^P|o^c~-Q2^q6sRQj+TZvKE`Dr=U^}
z(2uov^vMBKCV~seP^0RE6#Zjyq^_SJ<AYB#UMOj#sd9~RAXCvE83BDyf|1^*ArQ&n
zH)QN};bGkEAj*wG)_tfn^%<b5XE00DIq8EW12#F$lg(1_id{_C)NW<4*GYtE4+0pr
z=a>SC5E~-Ge-PPY)SBpO%sK`x7eu#n&_#oin@X9yA9G<Xl=^a-0G^;Ec(M~7!af-x
z#?KQE;5#Qb7ZKb~ZgkR*p;+f0Wlr2rX2UkO?k97d%z=Q`?#w$z*Rfwr3zHqll4{O_
z)bM23>4rYFV33N9mj3#TAzUeAko}vbRc;sgRI}g9=oJ@0r=mNE?VQ$?O10Xaeh5T;
z>Rjy#haDZ=;$P76F(q|&H7DV1m&g1mEgvImDE*Zrn*lR@{!20OzZ&j^p`IIt@a`uI
zoOB#!oV!Pe@yy36WUt|_9<r@1pTty^zQS@l&RH@Y%|UJ)Ad8C3yfO|R=b@^CzeswF
zhwEibH~<f;yb%s_KLMNj$r(;s=^FQw8M(#$0#UP;E}{#-xj@4DW#2Yf!#T^3eP=-I
zud)dsvHP<x!k*cHgKoBg^;dL_si^#GT<4yEDwyZZ07>uww!yEbXfWpeUXxVt7dv9+
zbxtYnjpTlW?|b@CdN{XR`BJ)OErLf3cQtUg!1hq>CaUU;ZSJ#s*8gK4eEz;;fX{Wh
z4*7hB>)Z}h&$u6#GiRVsul&QGA&s>(bJXHrVM8>Lr3M}p!j-t0O-<LJcN_DK%a=-h
zU9n%#Dx8G=Ccs)2%C4ly*8yAuh6O6tjIyk@U4vGf>~lWZ#j!bgTQi>|?36kUcEMvD
z;CH#sA0WLLjtDAaPfqhDm6*{JP-eP+!+K*emFj{XYpmmPFEf|e;j#+R%?PxU>mDOe
zBSfQ6x@QEogd;HjNbm`0gFyHiOV)f2`D|DiZsN$XX{kSr<^6Ijfos`W@TeMKb!)VQ
zB+QmZE1^&s&HD}ChD;sn?)%!E742T^yLL^EuLPSG!3l}*w!~o;Gz)U6oM=&2s_raH
zGAsr!N`r3!om+#clTYy8E@Tw^(ev@o-qr8;3*)U5k8rnb56+QEFyPr3I@JBsc7?7U
zR{SWuw+Xm2RvgLJAdY5b)f{#j4W@42BMqT}P?roEA*<inVs<L$teo^csHm{AZ(A(#
z7FMzarNA|&#>zAI2ZCz9ah=-hNZLgI>=F#_3vKTxj-FQPj};D|OqfMOz%N8yG-ynf
z`4?_?*2E43h1d<+C|zdwXiE53ztej4`(}<b8H3zB`bGY-Z9ACrKN!rLVzqd1Bdx{E
z@nUA6HTfB3XBf^by67FY<$SqYj;Jv8Xyz*`$WmIkC`mcaT1E7w&f3X}^-8q5D-6Yv
zB0w|Lwe*}Q>MAVw+uErZvf%$6CG>*9yRzPPi`~$<Uo{|YO`YDq;Qs|><2jzWP@!d6
zw1>H~+__tEegA6zbU=o#-{(;h9J^QXg(@!Ht61%WkJj#qMD6KS4STI<$MIXrZ(ZR)
zz(Lf9VcWp^-(VTC{-*?KZF*yZq$QL9O)Pj+HU9+vuc$BJHwiQH0p}b18&EJf4VD&4
zf`+|{zpCP+_bOKVVE?^})joFzLoKBD>G=Se30+hf?FjP$+rxZ-*{q@O@BphO+D=uE
zm7CFs27}or!88Da@&O1?+B*4TeoC@4Y@1k6GYGE83-bojSZVfLU|Q>LLTNU|FwBB7
z!$XJUMCu813@TW-22#x?K-eo|a3poh$QRVUYsSD#{Ly@n*Acfjo6NxsGlv>y54)_`
zsjW1t_DZ{IPnl(+UA40+$Mcki%M&1{m=$}~mj2Z`_@_|b2#;#g7<PY&UA4<W;uvSv
znb9)^V1=9WXrPtFTmu}!jC&fPh@J}ZjcIrwg@v{EJX$J{2-oYR#!Qe}W>>JF)2dyk
zPvRnZ3%V<`99Xp*qPSwabPwu4uXX!>|5}4%&vpB7YO#lT?%#^s-pHa#@4dqLnBb?T
zfw5D&5=x5Z%aooqbp3AEz-7s!BYj4^SkMhnaII;-=c@jGN|oD{Kc>Hf41HO@-Eq&|
z&tzY38?vgW{%Y!_PFD0om-9v$FmwS3@!hC>=vuv+aye%jTR(+b;~ufudmJahP6k0k
zrdNfac)A$AOw?nfvXd$^oL2SoOn%fJl+Y|xmJD94rkSiF#j0Z-Ml~}zrD{9a8(H1E
z?+%Bie9k=Y1T*6?bgF{EW;JdG5F9g!MrkP<W_5p1RNT?eG44yGqd%@PdQE74V#$us
zZ>XdpX&3g|c9hAO%&8_$t?5N?@AW*qXl959r`HhIZ5q!)!yB!cY~j~@!(#r7`oG<L
znLk2A{)z@cQUA=1#a^&%xtZ{$$6?N#N)%(|bPmS_v;|c&S;!VDm~Zw^F|ZBav3MRS
z;JIOWedkTfz3urYEis~!i*N^aF7<+^uaW<lmyA_)_v^?|4IaiywULp!4426+;*7Ol
z5vV$p9uEGU>KRQ(Bb=6HHMbuM6P2xH@$m$Fi}vRv*hsDxI7@4>v5+RwTq-#uIEa>@
ztlb(Mrh(9$tgOf9IISlSgCJ-4%K7CGJ^|yxbM{ydL(K?FJX+S`Pl_)dcN&<S`%Ul!
zX9SmM1y^b|Ji?XBhpY>Pt$7`^5>nv@Of;Y(T_K$zlAK0Ew7U^&RJSVdnjr_w{Q@sc
zMMQc`l42hVkKqKCCWHWgjfo#<pD;lRJzBZaSb0LG``-{AykCIM5+1{23gu>V-Rr#l
z&^Bc&IB8iEeXKY&`mw0DgA~O@3GWq8`qTdH*XW3#ozatN_YurVZ$M=dQ8|j<AvuaR
zhE_{&AxF{MpB2bxL(uIdXF-eenHLMmiyK>d&*L_At=l`-N&m+PtzlnffV#a2C;dJb
z&OPQlb}#vh&X~$aI+-Lbki{&+X8g)@>J09iqbLL&*7&h+gi&;83c&#y`%E7>t&ahj
z!Ht$X&C(%ZcYpUXkqzozIwux(Yl0+1zp$<(Yc~hf(k!nc=Q>NxgA!zPmD_NZd?+%Y
zZjIF&DrGHp)o*P`<9;xqki^qk@!OzNNkgrojg2e_ZA4o;W=4hi8D3~7Ta+9LS1Wh3
z>j*j1$J@Aed&%dF&?;2k21`7Y!h%ZrFccHq4a(;X^jv>->G-g}(mzD|wzD{`gLoz;
zLf~APqFWIEA1by>D}Cl}CNomMt&45nDl=Z$8XLo4U*O!WgZie&nv<1{=hk<jh#F_9
zR+6ZuCifo_5mvMf-OROFcA4XSia8RfDwz07!(O5gCL7mYL7|*cL1((B!3@;ZEU!Jo
zFT2YQdz2;t2ib<r&1mvDAc#o>sbW8f<Gts=Q?C|%#;rK5FNgf)50Ma!$W*ydF5EcO
zN~d)*u!H1X_?j3p31~A-iA9fLyO8}j4RhEte&sUVHzaN5EV!II!#s+keX~5n3`|@3
z7Grh;%mY@5dO&N;=m1WBPE_JSBItCXxwspqy&ml?^}L{PzQ(ynOIo!Rud2|N-hvl)
zRdw6yw`2lZeB+wU<5ty1ht0_uRrFWxTeNn2$;DiUxXwM>fY!ObyD#F_?Y(Z%es1rL
zPG$yop@}|yLpWIkE`!`m4oBjDArVdv=mHAypp0rNf(H45a4gh3$u$CT-yCI3LIJ(u
z8dim_!94cE*(35N&OOH(mvdqk{}XZ2e>G)Ql$jGu#uvRpS#5jncS^T_uIdG5?`r;^
zkvkNPxxM6lUMiBi`nHkl#9XZ@zQsv@PUGXw{-o12U}))$VdhTyR$BBa%eZ7IR|r<;
z_7sIlCv9I2O*%1vM-C(fa|er+LguGUrW{k|M@k_@5d2-n42sSv<9j3C8@W4}m)zc~
zNxG2u$^Df-%kbvb1Q(toRV@R&`Dv}dTVn^CaS^-A?gZR>oK>c`o*G}J&YH4PGjr^m
zQW}kt!(N}L-;o-j2%)n1S7vg^yvCWW!Vq{~XU?DzPDl3nH1*Be0zDaa><&xssD654
z>7UYc(l>zG(tSMlWv=^kXDBCuPJ*c<jJReOanVhh!15P|>nG?BbqJ#@q?t@Y2N2Ht
zdpm%3Os_CG6mw+mtkl5}nUQI~{V~=~m|DbnsJ)7Db5_$|kRoB@dyh{1<r7w$x!0{y
zY_`w(E01x0zv^kxFNhk=r_eY8u2TY#dqNnL8V+@vTHV)BH)r7chx$bvn9H3_|1(w9
z<yshT;u2}9HHLZ^H@R1^6>~^7cO%s+u}x)e>T-7xlrT!oPMDMKfPJ_3mfRZ{qB)wv
zaL#S!rf?{X<LR~SN?~x?YYb<+wyoq*&Gx3NI1jXHQe^zt2!EaQMVd^y&-6^;;st$7
z@Hat`ecs-MRYUB>wn!a61iC3Vt-iPUt=37=<-+Q2C?)gKVM*jy6?9l))o=dB+n#_C
zS;nOZ>-O->mXqdj_DEYd<@FuT(nZ`1i<Gf!*|MnFwApw2Lur3xccYX3A`Se}l1IjR
znDA6>G5jdVH}qCVDv^`D4H4e_Uz{Qml&G(F(wB(3ns>%Z36>>D?lbhzhg<B4w+oUb
z-;upp&cn6ggCH@~x6wZ#^>2u4tIB-(p9}v*nuo$a1cH9yTet~@cb1mJ7_0D21k=Q=
zmON1*QW-f8u`HynwB-G<k_i=5b^jCLUuKjI2%oxQPr?6=%^B8>)r1`y{GFq#!Rxa8
z#*($H$?WDV?#?E+;Epl680Qt-|M);Q^gA>No>J3?Y}1uT({x|Q2%n&7z9U#7*c(IG
zBR>Upi(tR?;TE$$Jg8%I>^bb52tu09nM^nC-8tqdrt>-N{7$(yR^!5UdhOQ5r;Thn
zHn$zZ-p)z3Bb^nICGIko4wI=&oiOk`$Kul%IH^l`VuE>V(F-lRBXL6M@nJJz`n_+E
z+nU=)bQ&}q)6+oN6?MBg1gFal<yqmsw4-y_GI$};45Iw6{<-}ej*_sSRMYrj?KE0=
zX4Y6Z6SC>h0dvLP-=s?hb@{?UT`sH7ohc<5R&%raFLkzV5_h(@Os%=hoj_sm#!u;}
zXMb+&fu8@EE|H05nL2baaDX+)(4|1os4wtn5d1(*@3Bo+9|gQk)@W=pT7?Dh%IUI)
zA^u0XSS7VmWC=R4yfW`qTyi;CfkaTFa7hzz@J+~h>)ReiC-v)ZysEY05Y5Tf^LQkA
z?}R$PD-&WAdcoBy!1Z26!`2IX>$`7YryWAdb4!vSDS(tY*i=FqqLj&@45E4#J~x}X
z){64{13F*B^WNU87uD{><(9BLsrirgwe9u0mv2`WogGem;dx&G;@<1xItUVIr%gZ{
z1Cm|nGIZF^{p*!BWW|$NpBiRtescZp=5@%Pa5t1F(VZLf6Y_P+N5Ur0h~YI%Z&<Hu
z-3Dur+CIdppk1Z+vKhIU#;Zsjx}oo?Rb8^Jn>6{_FX?7lsks?QJ6!@Df3)l^vnh3)
z^*6?xt6q$D7^|x4XpKG48e802mH`6;<U1dJ#7U_-#f>#?u%9&2I`tENI1l(^0PrB$
znRK?*HqR?i$jrKDO0pyP8Wq88_O}a%QCHW9z)-Wf08GJwbV|YE4x&M*cAbB^==_#<
z<}kYapC#w>BR2eWGR0*l=|?jwy-bVcPpB(;$f7lk1S&?9Pnr;GS#2g`Ss{)l_^v>u
z4R75<Cw&W`|75oM8o<US-D8s^(Msf*3#-dD2DO9odn&|{>993sI1@@jJvdT?x-Czd
zu<inKU=V*V*({Mx(QzqL>ffDQKuOgfjDPVDGv}kWvu5z`GZoR!s^?zl<@g#Cn?1e;
z9rPeHWUOWTB+6{^73wb@4qrIeu=O<QJcOR?g=b^dK5F!2okf?@DZ%$tr14@AhplN`
z;s!<TUv<PwM+QVoOO?3dtl4TqAWm#pS2(@2clL8LPz58`8naG1Izdgz*y(r{v?L3d
z2J*bzl);J=!=;TV7@S<kf^SryPc`(WhbOZNkPZE5-m}5qm^vu<;791%q<NucS|3FX
zA!l`D(J@$Vb$@>MIRm+Y(O7`|h?29K{%j?hUTS|Ek^=**2Y}#S(@uHaLc4X8=%m(S
zS$s9mUp__(2(>w6Kvk3as>$lYy=w2JmX@Iss@8kmLyu{>VAC<JhJg%ia5-fPaM#FB
zuTF@LY>zHES~W5WuIqITX4|8MBztK{>FJEdaX%7al67^zz)39ia!IIEx}UpvaP7ec
zTX6ml4YhGRfXWFh?Vyct)?O@_ao9(L(GmusAX&M)>d<K7g`Pi<po{uyb6=JeXmGt2
z%R>zhN81y;O1UHeFW|x-2W>34UOXV-vHa%GT4v4%_snq8=a?keB!<1)Gl{jSx!s?H
zh})BJ(!0z>4G(Klu6&Pq=><u$`+4bwlOAciFgWiAg1^S=bkbE6E&AaEleSAA0$S&u
z)6}--S|>fq+zuP2+qq8qMMLzfO^^B~Y-8wW-femiw(Zdk(j0gr?=S`S9=XPC%TWOX
z!Hz!-Dn`U=71F{QxxiLhuxe_<zG$7bTkV2}SX&5IP#r)qpY2P1-`1LG58X*^HAtx6
zfTnxtA)_a2$Y)YtPQ7ta;_oc1$xcq({1(NVG2OC34%+PB@^}OCkypw*3<gtc1uTr;
za9+1a#u{aSs#xPu&iiP(XZ$ev%|%!I6VLo2d>GICL2=04)5iI-nIPNfXYm2x27BQs
z==;5}xv>6r4^w<g&j3A+0B+Ar$2<<`-1EBW+cTYX!jzxoWY!RN4~-AnjPRV(SWcA*
z4r<@6-P#x=l`NvG`aPif?2WcCpD2#iqf+oH3I#b}09i`H_3?7W7-4|L&L)<)bR^91
z48ujVuV%h8InKHu&2m&&MCLKt+c@Quea9*9hH;9?pG~eO#gTtB6f5vapXAq>&`dkv
zzhSNF_A+=ri!x>`SHxye2a|QYWe+7jBqo%X4U_ir0l7O+%!J`l<#Jx&(z!>Q>Jwu8
zNquL+FqLPN?=ci7C`xzkxtROLL9|}w2#Ul7Z%skqlcAOS3<wA8FF~_##Q0;SxM(*%
zE%*+tb0ww=r#k7wpy>8YcQQLz-m`4mY#k)7&X|zh>N-qgnZc_F!i>@jjdQ?SZ>D(|
z%zq_|O3XBsjcj4;(5G3sQ!WOU&lNN@W_vmfjrr}{Y~Nzc4K~{|3*dIOtLVe5KBIQk
zh&F11c2X+2lcip>U69^^jLtpJ!PEq87&sXR5eororpU-^){8l1^xU3*bJA-~lVvn<
zduBVCKUl{be1_F-zX$l&N4R-H3c*@`(<a-@eGIbD|1L;9fBOu#XI`!jTvTmQpIE0p
zLoJS@xjGG7=|6OZLl17CJcP67u3pExP0+qb?&nH__FSF27Hv+LtCF+99hAaVup0&l
zE(sm)o{n3^$z)B4iPHPWTCn2bf#6c(D|q?){AssMS63nKzLqoXAY^&_W5M2MVV|xB
zwvb^q+iao;@plCKtze;G=UUiLU2#{;;4v#5LJZCkc)bM&$xJGY1Uk7Sv+0*0R}Z*y
zM4x_s!9LIM!fsYOb$IR8$vZ#gc?ROgRf|Q*hH<6Ax5q#Yzd7jqf}Up}n#|rQI7QBy
zZs%LL7+uHn3^$2L?9Nt_nPN3~^FgpEUA*@?Aa^Hq)@#{#9w}_(OUp`Zccu+@edWD7
zK|jOW&SI^RKm;aBs&+>^y)7^F>X!H>suyL<+(*c}?LatC$ZI#NX2N*f3q#$PzDHdw
zJYvvk){wtY5lbf%dy3|uz_Y|2Fc2X)(2Qb3%vf;f0a(9@Itx#E0W<?Vg_8xZgH|Eu
z9sGtNr&*K6f+tkcoSYdx4RE-(+uIpjYQRjq8G?C~^v9diN`ra>VIs>A;u=bbA8%9K
zcqt~N^Z)6nDZ9qTl)MX!x-+PQGxRZY?|||okSL%GA3#IISg=23iUs@q7PY}^4;U={
zNB)C=0u$evV*%Dfa`uZOBDB?`FUDNVVwL94mLN5H<b0%*tO$spZhLSNej$Ib+r#1N
z{owufscz4HsY~76hdSwR%KT~iJ65-D&n3z=zC_WY&2A5y1Dm+K{aCl>x~9znx)mTZ
zPV(0i|Ck7mZ8|Q_$^U`Z4lNFM5pMor%WgBte4gEd$_1Z?rOJWhs@k8KDHV9zu^2HL
z=zRpj|E!pRtISvB%PH7T1i9w5DAgw7At_vW%j1@ZCnc)!bCWb4l--a*!-J(uDHDKo
zaB^ZonEehEHdNQP8*D215hY?U|Godkc>lELmo(m&4Ib~0jW)f!ukrq^!Q*|gg$u{~
z2PjqH;-Kf3{tla;HstT6PWctytRY>QBS{T@Dme!&SNeyUr-WuEXQP}XV`5g-d)^ka
zsx_yK%;1je5ed#8wbseD=Flm#S^uU`CZn<NXiy0%4*uf62WCfNe-7?vwpj(q&?=I_
zRyLP_u_5R)@_9j4MS$C3Y+mRWt~j;Ygp>%F@T;)YJZAsGpr0C6c>NCnG0y%1LJfIs
zWQ9ZCV2uS&s|2CLgG9%B@9lA3BDmDFG2=gM<5AK-{--kj4TKs0A;dM5@J!}y^hR(g
z)~J(0N3#N<EFAw+OI3FUb@&0PWv_!m!AT&|_~+do3H7WQ|CG_8cKojni_N?FUiy~N
znR!7-z_l6wD+#^B#PC%0(FIcc8g)0ryi~4RSmlYHVRb;y%yIL>c|{QcW-8{aZ4z^>
z(~9U>sa!{bYUHP62kQ-i7j}W9j=FN&SGIp@!V^4&r;AFwZaMF`o>P+)3*>RY8Ai~7
zXGZkwK<B=#I_ltM96ahtuUJqid48=#f|2414z^y-Y^)bcz|s{4XBt(8WkDb<h2dv?
zck_APt5x0SqPFTrR(NtNJnD6E>l13f%vljTd@@80lE-mu^>5ss&)0VjQ*A%SZw|q@
z@aHt>cfnafn&z`;F8*04Fl2PhW}JO$gW7oTZ?-l#gkQv~ISbh;@^x+>OWp*F9_OBM
zxLLQ4Qy~gkT{ex<amt6TU);V!Q)fXWIRAcN$UpXZU8!^3zPUULL#stkwDg&yD(REC
z3!k0nyPmfSfywP#(6n|B`xdG#_w_r>2IJ!FO8TBzpfCa6!iVJhzw7qg?xa6YVT<0>
z9J$>KcT2}bzeS=BtD;l2c~>2Mwq=)H8E6TQu+^sfsH$Y~Qb9L*JxkIDOL3idv`EoT
zx*kZYJS`jQm;|b21onioF@qzKSjI1whv}N%=V3h;;HTZbbM1R|oO>>TLszd8>X!co
zsOR2r1~U8FEq$71oTaB3L5Ar%^CKW_{3DgZjn+KQ(ueu00^Zq_214W13)YzNlfo_H
z@GvN4aY{I!r$xMaUh;2Lj~g3SEi7CuKF^}1T|q591#}Ze7}{FI(y)3Img%G`be9Sh
z#!E=1@_xtrfCGZ3b0C(`VX;bQ>8lii86pWoR!cbcPK|}fjT`+3VzX;qv+x8dzV#PU
zx6FN&{6@MxRqU+j7NE>Ocq#;L{(WH-J%WmbofD;Smpc%8n!o#I=YB<G5bB8l20dx=
z5A`%hs|g&58QaNlgjXc<2cxYyg>X4pxQKan=##8}lGTKH*&fo&F%xu~`q)g+>hw3{
zyMlMc6qq`v9LSR&KhwHHW5CJ0h3^<lQ&?!6Zxb}fNdg5nt4-I<NhU+G!RZhMQkhXZ
zT)WkA0?kdMBSPFuz->4-`vgEFHOu9{M_f^@E}%b5@Ko)+xa96qsoCJv@b92c48Gv1
z|0uZgHPXK@1ZPktfSeZE!M}5ttAG~V)KuA_RH+wuC31S;Nxk&BZx~D9fdxc9$B3Mp
z&X47yPQZ$k#tpK9JWY_Jnr?bdxQCcRzvufUP#T)I=W;)^_=5GUGFcu5S~(8<yD)s(
zxx$E;VmZOdeN<A;eS=QRv%j%$Duz;cKO22#?AE;F;ERySyu0XdFJH*#5>2f%`atKw
ziBzA}^v-nQX@16p1eu-I(UKlZ4Rh8`i#0+_k61&RtNtVLPtjEQMYf5`+m>mrVBKd<
zO>+^q4>L3O^rzqJ<gN}&Xp>-T(*ga(hat4Pq5RSgQ(_jK{#b)<md-S5Mq<Qx#5DH;
z*_b+_e;Q~LE@%yqm<WV18ykVcM!(tj(>og&!zC;7sIxQ$S3~`Mu$3dn_7MYfBD23`
zaevGDEw{hcUpxnJBS45oM-|F~ivZ?5N5kC>WtV=jBls6?Yj@Uerkk9#ch->(Z2f{+
zByv~7o!e;w17~fAB>hMzcUO3?FWO9#*m=CkXPlbc5cS?$_b1*a=)IO2-a^!$h<GLU
zOIdDjg|}nTOP1PDdDz7ZdO*0hD%LM$t^GVzL6$#@C&YNML8QrXH<aX##r#7w!SSd_
zWf~IjpZh7z)bXLc>G_hDcN!GVq>~r$!=pI~|JO;SKfUn5h1nW*uUUWZN8NR?)@6OY
zy}ciHAGyBe&Bgpn<vv`$crnz6ulsAMyRIm**?q0J>NPeUH!eJUs630CV+kheCcI-~
z{l@0)P`yIL?@P|+C)!@MzW!OK^-ii6HzyOJ*qFEfl!3!wwEtS>q>lsydHQ2L##5QJ
z|D1-54iU#Xc?$`HyNqo%;r7asRUZT&qpSLWH_qO300?MQK^D-yCA!$WB|0^M7u?k&
zdhi0Ety9KD>w}xBxE~mHa}5b6-Hl)3CBHnuTOT<0te2P4dD%F^%!1$=c~2;mLs^C%
zENdmY3=7RW5ko*#0uwY+Ul<?dC`L$#-3|^fLuh9$M#%Osh^N8ou*KsODVtoa;NfC)
zliF|bc;@Ig>F|~f>RA(`gx%0NC6-7unwJSqlNn4_^IgWe^1nu(eV`3>ovVRY1rX4e
z0>kBtwo)Lj%{MV9o&V}?ewn#L4hu3USrJ@I-5@r?=b2E;IA1Az>k;Lo>`O%HFFb}4
z6y_1H%V@1VC&g%OKaiW6*8iAOJo~U#cOhi4cwjT>k+3ZIFS?J)(rA|uC~MgEltsXN
z%S(J0mFstiKYhbD{#5X61Vq|?X5pPRBLEYj;AtTGtA)<=Crq_Yj}GR$X)xSgeE&c^
zh8WKRQqGx)rVNenWWX3bB~T7IMfCj+`+VTq9)n^|@2_mj>Pj8d_QYOHmRsVPOI0nv
zPhqnA>qZz0XHZ{6i=pF{{xW9?%&T5`<guY^YALFTIIYj~mu_q%bZ^jdrTkpklbu<^
z36<))=ys#H`=FJ-+}m0IA-Vb5&78WwPp@R3&nqNHGLe=$={LYfZF(WUdQB%z$K0>d
z{Z{)ZiG@@RsHeCa6U&6$1Y}1+fatAp;R)XM{kAlHE7<G-wfG5*at<Btw=w^c_zPB>
z;-@Ii{{?&3iwqi^yX^}+&Ff=343UiD^I)j~eoVl}TmKi_W{R}F%|9AkXKuFX=DWd_
z{WtXEl>NGMR|v&f1Mop`y1Dt8;J1eHGnqrQ#OSHO92=xZ?#E#f35^YgpVA49q!lWu
zD+_)N24*JN?p~)8BwyQo^fxhv;tCLzMSpM7HKg;*TOZ=VC=g`&79Hj7Hu-JLFc?P>
zzej74Vmj;9B^n2BL8H8NYIHIaralU>&rE0qprX^-FwWw`4NQh>6TUn|r3eV$5CS)a
z6>IjaxQqfwLUF~XQT)kW#_{*hU%XAmo_6t1FfU!0Vo!V?h&|MIIWAN8;Q0<-6V957
zaXY6RX3ng3B;>e=;eW)K4E{hP-4k3;^b?BQKlB9~Da8-(XHLLyptBRBJyr;cQ>HaI
zlOAsHVG9>pihX~*=uKCpi<05zj@vK_=HoCq#+BDI*gta~47JBG*^>Nd?33phT-N_h
zBPP|q-n@fWdwjs75MRoQX4)Kdn0qGYNA8)dGbuna7fM3tjTtjc&M98i5$31VZXdbl
zFA-tW14DApHZBV%v-9snRjfAjKK@v6itfVPvpI|&XABsxVDcVfU`Pf!hMkoL4-qSi
zK6~+GQOtS{JZ7PK0fqpIneJbUc&?A&-f=%**pMY2k`X?^8jv9O&Il(!wr588;|%!c
z?U51gQsLmd@hcQq#+h!4?64>;gkUAGTnRV~$GMzhhRjpi8l0D$rODwK7&ZAF0(mnE
zXP_euh(b#JF3>B#b|Sw+Q|gyd!s?@vck5sVmE_Y$85omK3ulaaO8WC@<kNF$VKMo%
z5aJ*pAScz@eIT+|Qju(6&_M`{Av^_<eWEaH&gr4w8L~eBY5o*%r_wDpJUZ8$CrDl5
zk{+=ovu(+A@+7HAYV>y(x?QAPLI8UNp=q`1mQ%-ujHz=sRL>~nhS!cny}>Dv6V$?e
zK}im?!d)vXqw~z$&MG~^)8DHTf)Tg`$!Ax&+Mw%SfO+dUs<fhL5<au1>e<#weT5f0
z7S>zqRJ$ZP5r7X`C-!yhk?+~_o)e1COp0Xh{w_xXHmBlk^Lc3>Z=3G_9*sX*^>~U+
zsr|yrk{KNg<dEK;_}bckJt?yM3I4e4@#R;r79M)uuuWB_oVQ6DxS{ptt%0W8UI|@x
z225F8%g|ly1ReBndq&+nf_D%<1?Sm&`O}eo!2ErDnXcQ+^>}mrV{?6<uEYJg1g=0s
z9m@<3QH-!48fZ6`qmF0E);M6b>MdFUP-1MIMIW1(9)9mO>M`YnuM80F>3j2GolqZk
zz10b>*7?!k`xfVivId;b%D)RID_!9PA8QliXpaSFuvtJV=LA0vqCoE~Y#~@do!vy0
zb(sPBB5ho=oU;>eNT2hZ<cB0*nUSxY^PGf*sp(!>GSKcZR*96q)RiJl2r@JDz*jI4
zMf448S9j}G8KvGvWGq8Q^MRr;jPl2-1I;Kj=1@PWBDL8gmwi<~?n{Q^E`I>rZ>tQb
z31J;H>s9_d_xZ1Dq7V5u`w%(}ngHap2rE6)4YA-P221{E^@#Cctv8w#YZg;53IY5a
zVZ8PZ?(uzUYZUc5Loj^MW=qxf)EbSj?B@Yhj~E@m*AD^8FBhHFrXfT3zhnr6E2t>p
zniKfB$0^!lJh7gIvO>t<A5dN%!Bki3mg!-10`p%U;SYzN`P-=;<4yf5s4mE>^|00#
zyt=*-5PoX-F^?WBzk-aypayHzjQ(vCE|@Pjs$qc?-QGGo%2$&pzWoe;tRbjno9v*>
z#`(X5x9BNq*rw{}cEc77(a~k#v0bcqm)WmPLde!1!t9Jhoc%RK4UOn}&(O$!7dN1M
z3pm)$j;h7GEhsIf)TknfxNVFv2X!!D@OH+^5sD0pRRiz4Ldv#T{NdFm{=`!M^YP`|
zFfl*sjh#=aH}+vHa``we@obNDQ#E+J8Jx?PJ&Vp{2}Wmw>%|}T-Xy+YXw^mP_<_;&
zpOn*oMKld2a=q*#f3(!@pCa1l`-h2m{xD|+iH}WuimUxhJxMgNH8v^Q?yOzX&I`#W
z*S~k;!On^U)0>;N0Ay-2LYV&p`nlBG_{G8e<j%s<2HAUV_2QxT{?L2)S0b79U8>G#
ziHA+b_-B>zR*xzKDs}lfR{mM5#rle6O>cF@6d?}8<NA7*KiQ<L9>&i4+k7+BKf1v2
zH*`&s(MI@!mW+bGjnRldTHVq$sY05itZP!WV0iQ3q<Cs%n>wz(tR)rg$eqeCw)pIM
z@>1``0S^?+pzr;049Z}sI5^xNYw%916kdpjsOs)W?cX&mp~9|dNm1&WR<5651PHuw
zQUj*i?~zP=E`J+SDZN-D*q_3R8SdwLH<qw@C9C|Fyv}4k(~v6fnp|e2VP(pjq|XsQ
zTP`IhmYpN#@mr?ap%B%3K>Q4d{0|4_KgO>W2RTZNN_gUnJ{n;L?oDPGjf1?cGJ<E?
zyJ85$d8*+vmP?5=eZjO!JsZ43_SIVQb}Zc>dFmJe7yKjkfT)#}1dA7;7M%FUxJwT0
znb*9(_fy7R%qJS<l|E*&^(MuPr}idQ1fL@sQoT1R(RPKr$XN5Y)EldL7F)V}&-wgf
zORq%qO81~wOd<53WpEa8RR%SF%CQizdENgMUpq_V!TkR}#W(+dhA(8y+UsEXYCf%f
zO!9R_IO`U%nvI1xh$qeS6Q%xPGHGM;%$Hi;Gt7AaW-+A%Y2$~fpKm%~PZK7;#+w0d
zh_}Xm33xbPv4~hMY+>t$Wgm9Ms5F^DMu@oJJ^cJ}yJ8=E>(=FXqt|;s^-dA3JqhT2
z&uVOTE`oassCjtcA0K;L=sd=hF*gmN<pu-%Ycc{E&ti07-$)gw+PpKBkF^~W#2FJ-
zU~=b28O!$g^kMC;!KMpljZ4g+q{AA&dH2<UII_*WBMzH?uF+7*cQ`A?%B{D}hvt$}
z-oYqAj6zM3U*=;@ZJHE#Ym>K;yxu^(ApW3K;4zrTSS#?Bnq~;s*SV?Lkez7Bp7y^b
zw;w{67o;?6#$XzoeSBH~js}Y<wv4|v!(6IG%40%#VqaJ4lR$cNs@RWxop0*AfWEM!
zOLIMp%HT;HOPgl7m61j)K|vy(>oBb-twIb^FZT8PYHPW6J$_;Brts*-*hHBLF8P2#
z>PC7{w{2H|P)|W@!3GR=-Mp!ry0B(DH~aKp#|4Q3OHUh?v`~Siufz5pECr{^uZ&jz
zh00wr#(U2Dt({Br(aFw=;?}ZFt!1BQ@4!r<WwV^McORhXGqdUTZ6ChoouY}>d%bFh
zH}(mxm`|Ox>HQ-Aib$_5G3L=(%qu-b!tI&n+%*j^uIT@JME`Q=X5ueMm^mB^4O(tN
zvRN@BsW(=tMfgmqs=lnM#`tn6A=fMStaVRcW61!n+(`fyigQPElijaCC;J&lx*P0f
z`Jm#1D9-<7jo`B8eFCRQ|M{2OB$7N`n~@SFKEv{QQ0Q`~8vfj#ff=hd1;W`QRCC|c
zLg}5Ln(Szm+~KSkrZLlcR^O6hZ)4T=<%Wdm0;@}B#h6fUQH#wpmB<)ugm|_DG`VpS
z>u$|_FHx4OM-#zFPC^qg{fYC!COWn&gmwY_?p6$EFHIR9bMI>4nZ9FZX>0u}PV0|{
zq2vihV#4|S$Z3=7UvygURVk6_;)e45n%?oYyW4tN=g0GZ8iH4Z@m&89(UH6jBKMF?
zaW5_YowLtvjm%@}*k*w!cs7A_?rYp;-xGq5gy4(Z`X?A>wp5w->sE&<TvBYKCmZb$
z8z%j-Z!rEU{9CIteNCU?%Pb}!HO55<gx(^a&cx{4P6hcamdJ7h`pRl_qa6kH8y)wd
zIB+lfCVXXUh;<l2v2(}S_;2J_h)m-<khI)y)Z3sl&*P}2nW}aF>SW#@j;ht)d>51*
zU_NsNjTzp0+l%2_pWOCIxxXo37_iLY>eeeI`#_n_8RX6$S{7GX{m?QU^UEDQv}~lx
z#tbbRrLs?;yVh9x{@i*K#A_~~(3-zCI6PzixfjKua!5ISdB_X_UKESq<AOEV+Dc7m
zo{741S=^nm_3R;PZwx+nZ$G8-0ZNO6bU?&|h5oCQtu`zr1$dZY=|T!^C-BmImd4}w
ziUhj#$_5T01dqZ-t^wLvg`~O94#lm2F}FWuYZRb_LY2ueTYGxWSu<5>9J3!?Fsi73
zik-t7(F?Ovh2QW^V_P@J2ukZW-gF(A7rK;#w3nB->x-gWTFXAuI=iU;m3-pNvsme1
zmJ`(01pQ_m%HEzI%hu0|-S7u*3n5>UFFRsH(Pvuu1|#Ho4}?Ffghy|Mc2+6*6}<*&
zi*r{AL(W;j-pg5QCBc$W%*!=i=yUP3)~(tuv_2!(pt=0B5`3)GqC@z(QMwvXx%L}#
z9}4bRUFpkFR{6@#gv#GS;Y!mZI&%|tatDR0OyMvU8h>YwkXy^q>uf?Lf2SX3=>X1j
zKTaKZ3UTVmB#Tq$R6?9zpm4xXde2tvz*i1(k%g&dkfR*rMF+d<J9#8wkh|7`DEBcj
zz}_xt4v@KjFdhCM6IPblP85xK*AN&~!UUXuz~<!i1kab~Pve&;560YR4s3i0z6N#E
zSn)bbW!hoRDRRkbjg@QA)zP{-i7W3Exz2(!O`n1U^_|Y$-BeX|y1ns5hvAP$Xtu?z
zMclu|#bt0EPc%?@`=79IIcxz0m*_EvzuB+yBx*O~&hVy{`Td*~BPLB>GBq-l*IHFJ
z|6?z&8#7+lT~J-rbW!e_BD*a1FD_|~9e{gW$|f~W5|-F~pO`=01S9{6y1nVTBf7e(
zwWQLYpkZfw*+wah9mdT)@L=+Fd?x6_SEGN&v(LiW^4Vn?j^fHX<c2#y#cRI6QT2>J
zT`!e1J7-<f6-7t#-^`Xu#2+Cdfcd353|ZV7E6V*FGigg-BoT?+G;FPYg7fH(E;S;&
zQt**KE;xfCcU;WLJc!zZ+C2cAUrj1;w>|V_7H)W_ponUCj}MNu{Iahz8&vw|N%-iq
zN@N6I_;;cojd|V}_Mr6^@)XQXHta5IDTL0};~??orX&(;(n;S7CkAdU3fImey5fDU
z)rC8YgWWocqknb#$jX@6t}$jGbm@0der%b7Emd|-!TZ~WHfWW0nd&s-@d+WOxaFFN
zo%Eqtm$UR#SaAFJa_TC*_sOPJD-0sP>{op2Ji2kY`XjiKmwfmp0`%7TCSJ@vLyK&K
zdZbL1CSMT}HdDRCu>)RPTFk$>77RO^Qj0hFkXG((Tm+dqBU4wSNrB|_YNPCZ0$D4N
z9~Z(y|6qSssrzh^`(`f(6O4mhu3#v2TK^DSdcAsE7H9(fxa9@W8J;JJLz{@1u9qvB
z#Jb1H!S7s0M<2Egjbsl;6}jaIWiZ<3SZMkv@TO<OIfMSqT@G8kkuZ}X24bn9<7<iN
zYu50CQ}vOsp{lwCI5S^|Q}qd&z>F5795-Y-srDuqHSc<dA+@eG)=nnNSsTl&SCHO*
zJBv)-m1Y_=jk36N(?r|ocOv1wRrI=?Luvo_gtb0a&c<eObtWRAk8-d!x@pAX=6~sp
zq|Bn2cVG_6>`>7cY5EHe#iVq$z>!Jmoaf!f?Ahy0F7a-Q^U)JhH5y-Cn$;p*lTEUy
zYqCjKbxl@^ghG?D@;LsoSpn@9Lq>_DFs+^KevpoSB~Mo85v|`WzsfTunN!PQw50XA
zBF3T8P6>}QcxM*4nNhnrALl^jK}%u>PO9J0{C?+@lcT)t<m3qCw5=2LsgHDarz%V;
z8TzGkR|(h(?>p$oM!pXZ=ZS}(Wvg{PP1n!$uP5PG5|qxvP;k4tz5sut#p9m&nznM5
zeS`LAj3Eua*OF)Oy=J_@_Zl~Y?(q|`<rb$&Tbp~ivqJt>^%ke8Z>t%K-@w~4Q_p(c
zSTbIBisTDtfs$oxFr8exiQ;1Nz#0}s=pZzDIhio88ThC_#L%>!{0YNj<6lkw+zvaF
zG6Qj#FKc;60ekjrwCX*@%VQazPw{#@6!|^Q^@jQ+Gx`3t;V!}9^ic?CAzC&FLt&e3
z@#!a~bVT-Cb<-K9QR;atTzfgCYYdqw>@Qp_df{=is;@zYYo^Gcl@?w{{(=7SQ8<qx
zgGlHNqYBKO6+A`bWZE&{^d@gt>L8}haR0?w(>^KMNqoru-g_;7))5E4;+KnYLu5F{
zp$}4lp_i#O+%+9W7bNBC+ko9UIXR-~N+~|nkNLFsvmRR@H^{o4L9_<og5*~tk&nHO
zl@2$YwtVBgpXxAd)Vns;HCf3(^QrHThK<l7XENU1u;3MYmKUDBurJZ*SbTdl;$%+6
zTAej7WM^@v&)s!h>W{bAWS5z1K7x8MmHFR=@`=GzJ7471ClYJlT@yhaxof!2b{qIx
z^1lt!ANGA);eJty4Y|X*G2Q%Ff3miwO?Yx5LSRwjjF56Cau>nBe#MGLR2+&1d~l<B
zW^%kuNRY!IW7~)9Ft1)3$oCHHPf2HsU<|YhiM-BW``p5e?{#!Fnt-7&8H6F5c35T1
znhht$ghA(}&E^Jto{urFGN~5L>z~cxudwbz@a1iq9lT<`RBtDW$D&OaJyz88rLJiu
z=qKWCjIuFrR?yzGn0Jb1C3qL-!T2{p(-D;EN4_K6(S+;EWWpb#BCdrcXoP>+5BImK
zZX0#^H^Y);D*3HSy2B1I`%#7c3HhXDtdR<`oF1wr*m{k^6WF)0P^cGyPsBSG-f7vW
z06$`;Q{&Z?(*wg#MD&tDEItUfef57hcsf8rvo$o!zQ7-21qVwk&bXM|j{Q=m25fc=
zzyJ)K%BAItB3Sul29>p@Lu5^Yc{{`=Q&|8LGAZ7eUQDY0zY8$$0F!@RxK~P=)#F7V
z-0cPT`@;R3t0@D=m%tHfw&o$q--1bw6WC5$+dxt7WQ>dbYLnkwt<VI_%KbNT8KmK{
zlcG*<hnZBgNkmq9U*E5UjG1>e>4Kt6W|xsp8rT94R>Kh6hu#h!uz~r})h8oy6NUc8
zry%M9U6YMj+ZosP6ejvAIQFiw&l@xU7bZ`pJ<X{cE0HrS^=~#uB2SY>cmSs(s1Yl3
zilg;M+>iiJ&o-EO65s@lwBN~oS4HkI=?-zF$B%W*TA<TALg1zu^!9Ah1eoFH{A}g1
zsPF!(AeByz<9byof8@RCXT40Lj#~xRn5cR_7%BdsMpccfkXPT6Y1tq|d(FQ-V~iko
z;QR!b{7EG`-hJ~?{+VUj4jsb!D4II>hI03#qU<x=rgSi>;EyMjc4XI47|yR3@sgZ&
zIzbUsf<*Kc&Wgj+TbnLVZ{?-7M>s2n@39|k<_DbtG4sP8?flRh&JRbL^Sp)mVGM%N
zr^AiQ9d3N&ALY1pM11k0Xr$=@XU&WKF8eRHmlRxf(;fNO`rYx4q30{HS5#p33W!M6
z4?5_;2ZYUGjak?=hlmt~^&70SB090*geAOy=Q#}9KgGVgcYW>Fol}NKW2w!Hckwm@
zo_l3hj4qjy<f)YllEo9#n^U}X{TN=_xZc7&COk{lvkUvqVE<&#c<o8Bp+=Zeb1g1Q
z)3yR1FAg3aeQb)8K96n|)^z)l^-X^^nDS3KYocy&w%b$f+;tN5<e=vw6ktG!JCl3P
zT^u%DvOag5xtthnSilj{hS`pN$!;pmx$;n=ToWLL^A*N^D)UZw?=FZBOT~S4)cdvV
z9p?OtKdYP^|5(4s4Tj6EMzJ?rh);kS;vdNnVSgObZz?nP?-y}7k_9A-!1uiF4l;_}
z`Hu$KpMlr6BZkp$&^wQ#eP+)>G<g1p{<WvC*n;LwZHMqV<&7zO#u-<Kd(z4=82gqv
z6{zzz|99|a>UsN5A^b%{to>Z@DcT6`zmk#H;Sbjw7-K8fpGN#2_Yr@@%_a0f&BGJz
z`1XrwQo$W#Hx?ZJC7PKRW!DKoXxtV>e!Gc3LC1*B&;y{&|My_@`QLgwbx*ybk&rBR
z>Rrg^f9~nEWM+Rpf0R|bKg#`R#LY*Tx#q=fk3G?pd~A5r36I57CH|!`w#(kIPSdJt
z7JLS`;)>*&Rgr7Gf+1iRiH|@;GYj;-C3*#ruL3gAUj_QiMkRhR){q*_`&Ls6z((jo
z|5;=&hx}W7U6z09+;JnEG_RPA@L_ECv=L1kS#P&|q%bYj-13n^uBKm#gRuk5jO4Pb
zcm!>5`GV-09OovIzuV~3(ktl8(hK!v>7}l*w4BUrA?>F(-_mn3I)|hLNXzA7E5>)Z
zi!pF%f08;~RbQqmr?`=nL(4A1Zn9;Um~k>1mAM&1>c-l-raL9daRzNX|EO+s9w}7v
zNeV{_atUSbD3F}bq|5;WrWQNjqv0Dy@ul^fK8H_B4PWMMxx}2W;81H((~g$g;%eEH
zvxvMc1>L+J_QQXIQj%D`JY??ZsQjwJ^H8im&BIN`->c6xd*k=3{Li#b`WV7DFLZas
z_$(S4zd7mdDt6MZaoN9~AfHSl{A>R)33u19rksCKOy7-c+Qz_{AQtUI{1cX$OC^CO
zbc^x!uHnT(hmPOe2CLIzUDIsu{wTC>J030+=hMtEM2pkSUEKeSSTi3t@8^f{gKBty
z@+x5bi{iGo`1B=IT6S6Te>c~n?_?SP>l!ZW%4du{EsFUg80F4gpQVP8zJ)PE>dmlg
zKeHYRp}esbEu+sB6CCh0#|f8VrX!58PB+Gy+uC1uBz5%e88KWkU-t7x<a9pHzud&-
zF)Be3d_0F=g4HjnS!eD+e!8^B0uPGCjI!iuQg28h@vadn>6&hIM*Dnc*Kj$+e0Qi=
zKEM2ks5Ht|&Mo+<o3KeMb=S1mEEJK;2#6y$vE;)ApwABmlD2YJh$$oIg|OK#r$O)@
z3kzFUKe%q0+Pz9$VSah13@eihD`&3Os~8op>A2BYxswq$?~l%VU?GGzUpCZn07Yi_
ztg;TCin=kT8*rEksgrVRFQzs%tp3J$lYNC^el3nL{}9AtY;9R@aWg&3jB}7pc=Z$z
z6(|Tc95H8G$gKu4|B}vMlrdfuC|U_*`aCzpLq>2POU=6JaE;UXNRl$kUc<k6<D__`
zeNRzSzH>@)l%nfGWb`Oh((S3wt32wg;BS6YC_l0`t%ez6f2k41_L_cT+<pFsMp(qp
zKOnICLT_LyQ%h>w^XWm7=pCxiXfrhO-yInL)kvdfC-(gMvHAFoPL|w?LD{~UMBkLR
z5l{Bv5s27$nZ4|SXHCqt`kIfJn`_yGlYW%zP>@2r2{Ds=OQ7u}QMNhI3ZLV2t^R2q
zcu;~lwN7B1dCmQ4D>lUWCL%fW+VQ8gFwmqM_Ni7c+?Fd5CZMnbD=4;Hde1oNWrKLT
zhHJNPn2q%a5%={#$RK)yNNv<GfRy1wv}~Q3I)6sp0KK>1v87kKXu1!^bVRb8AqHg|
zFMJW9ypF-~7`nMMCjH*m-nt-`)2sODAB{^5^kAWB;BCptFfE<b)RtbW`EC8wc!paI
zE0SglF*xW$!?50RP$7N7v!0`^#C8+X?Xkj&1?av26Lw8*D;xEzyOF>E?5(8SacVrJ
zUp9Fk=_9z~b;>((pNNqG(fg~fqB<9`owk==rrEZiS6iH7m%TlQ+qF`rY$P{dZFef(
zL}xrGTmNk8Ja^adn@{gc-aif_wf?~UsMwB&Q?>e$;#1WuhwRm7-H(RbtMbeyd*Nh3
zD?<zIb<cb!-(5CqC{);px@N)36jVB!N9X79Ht~79^FpsbZ1NAMuji=iH0@smPF|g^
zmvCe+fHx_q?`8jRcX#~e(S6AWm-X{Yi+J`T-7>8Tj7|(Lz66~LRYQ_i!&PjsgIRC0
z0rURZxglB$0}pW52xn8^X@<LDW(O53zbYVNL9j5HvNyt#+_1vMs(GqJovLIJHBgzo
zF2tR?O*&_f$mAP9r1dY8vXSvkbrxvm_oFcy1%HW}SV%KQvOwle2~lN3ix`Z`oS#Hh
zO(EUBmkm_@N$_WH9ViTE!$J6C`S0%`S++TZr)|Gv$ZTHb2kh!a)DM<ciq3D|Lj?dT
zrMcM3m~ElW>fxcK_q|M$lAI<LOIw?GI%uBFgrswmxeM))cxw}#XTDIi>WbBkcI|J+
zPeQixT_#JD4GHtta+mBSLPIlN0>djqpXL66<Hw}NP%<R=TITK=aq}ofz*CSm@eBaQ
z-}c96{=``QWce39U&!P*F;=^o`_!$h%YMO~F)lkzE=HpKgEGKZIIuuPLX7hQVz}I3
zOOmaWaP)w^Ts7p*$na+tQDW8|Kf*o>JXJeTlA5OVTzj@jPj0-lHZfj5Iqqa`<=UP}
z>Nc^k8n9q!T0{51V$%vc3qNi(8J<To2~snEVd!-j{WzZoD*fU0<*DNt#{P)<@}^00
z(h9j`i<%!0sY8U%U`5vz2Vx5<En#HYN(&kf9umx{Zf89IxKYb+vHw;2lHlQR|3VJZ
zHXT8usZdeP73jp>U6eZFtW+aCXr9oanjr;25X6J)URLTEXD){tZ0F7!UbuTxcO2uj
z?I@L}3w~38(Ov#^*0+k+=MZjNTTqfpxOwh1^cRFm)GJt&w+j@1qDWTQO$X9Oaelcm
zucwZonu%SUAEVwZhF7i+(e-dO84NxUFZ|ExYh(wP{!i%tNPA@={qO4fpV8My;4NAj
z2d|isFp?fm)bjz<-$@`koFg|}@j>WP9=GQ`2Wg#Q(=t^e4H+*U(d-UC8vIZ_ZN$&B
z)vnG)e`dxV^%D1}<wa}oaog3;Sf~=TZl3Aj*SNOJkk&k1MFzx4e*_m=@n&@Bv1NgY
zw4KbK#HFEiBBu!o-T$W-C3fF14W(Q=AlAz9TCJat1;fPOXL#8&uQFaA4|Ynadx#SH
z7py#%<f!?J0vX}$;ISxMuwDiG`y+C1iN{dx|5Tyj<vq5G2g`k+_(ATi_FP^l_wyEN
zFS*}V^so2uA$RI@WKPv^V;*2SQ)d@K^_(uXG5AhZ*&h6(AB~EpF3Zn>fD{Hn*Jhdx
z&%FV&djFXMM<M_QYo*3K_MkmqrEoQ81)Fwhfbs%Q>G=r0x+oL)7VlqocaPw~y3Bef
zLnb@oH$_^f4b=78x|CD9$?Yv>ZYy^(ive?Yv*g{ai{4`Y;uvo>!j}B0vD!`b`XFL?
z(--|SOL*`NA~&Be3g&HfF6h!aQ)WuEp=U}iER>kwQ!w*Y@=;OK0q$;azhdf%Nx#Ge
z<D762)#-tky&qP#<F|Gv3?e-?e>^sl??yW{`+(0K$hMB#%X0Zjz*-i@rE4d188;@i
z3Muod5mc_gI!JY+a!BWzWqF)YQ7}?wQUWM*9m?D#h4Cc%IvgCj(grcSmPt*sAoCiX
zCI2f;Nl#`RoG75im|6Hr;LPuVYPmgR=6!B**8$@84s$ZkscNCgZ#bDQZlJSI$$kv0
z?rvIWp$js3%G72qmdRy4W{@qj$V|yM4e(u*<X@LY(!Aq`?g7EqDPx@-uJzYb9Of>5
z%VnV=b$gfq@WVnOP0a~Y0n-NvIcYJ(D{b`hC4>Jsi{C#xzH?$y2EzT$MqQP1Rlm;3
zH1WGi0_66Ws;0*MbL08Vp&FVV$jzdjJCSrUDL_oVJa@V+?l#4Glc+5|))ot&lc`m)
z8s<c--vW;AFaC%z96ql&cs*FB@usncm6@6IE376ozBWt#<6EZ=jG<2o<LgJNI=yxJ
zKviEjyhbs+`pocZn&*DP(9+mo38%vKm{_U(kPCqnH*&2kw>iI6##MRKX#+#;L<UXj
z`hO*iQ7xHn9+}E?rw%YUPth>y1Nl`NMv7QJbr{w1nek!)IO(&{L|#uX?sFaVBHN?x
zC$XlxS)4W9RalWb>DiD74MKx<pkj<FjOxuhg;gQ#JLx~8oX}d7eQH@0cBcl%o?~$s
zutD&fa4h}{5a`N`#nOK=79GK%OLSny;?L>ua2bwb`^Td+Y~ORDF{vS98fn7P$EaQU
zETacEpYDe5f=|H`YVf{=rF-u9=S{N`Gronx#R@WJbaf$`Q9x!i4CNC1=`Yc0!CIpX
zonp~&GOzR(E2q}48hxhDn)EhXY@zSzFW$tJ*>BLtJIGNJAQ0#ze8(SC|9Yx=U_Gb6
zu!$E2#=KpgnJ1r<t{neVe++S6{p(GCU}|K>Wd{9)YR(`&%x4KD4&bpGeEdyg+}+XC
zVG8puckS*ebB?!*7=pLd;fJD4e_{e7fUtqW&py^*;YiMAd*2X%)J(W1aaEY${tOr1
z2s`<Ehlh9vqZ!7@HG{^tXg>H$0ZpE(Fowwgiv0oQkM;V4QVzIW!;>k56ZwPM^ux@2
zj>kcldI-Z{sfQO|t_nYDwhLc3A>?}0f-p~^(1ClPeV+d!6<{zK^zBXm<r(zeMpp-e
zZ2WPd_cEWXQWq%cl^{s=52@dsI-w9h`osNr{YU>7dv5|?RdN1}PZlsHksxBFHR=Hq
z2+FF6a1D@!ut*?bQ(Pc~<c36&+?abW3DqK)M7&;6v{JQotxL64Th~SqMNv>|f5p93
z+q$;*8ntdkY^~@0exEt#E+;2oE5FbG^Zwu7$>hw;GxN+d&pb2p%*;76!4p^m@3RK>
zMxG&`5pQDnd#r+g246=NbUcv`&^-h-sg9>IdLG0`8tjM7jzE=gw@h|M{|K!Nnk~Qj
z5p`R$Fsy;Q|6(&~CtP@!Fo4q!Q-d#B?25EJ3r3W21E1m)siwDo&jZ-3I;Ao_c<r8&
zyneykd#<o6sW=v$Lf!K_k+=B!W`=Y#>?^6*4B-1k;bX8eI9juJ^-1Bh$tm~*k3w_`
z>)~Dy1w~h;4!6;L5XVc0Rz%^Vf_f|J1KQg$JrC=Uw20i;IH2dj<n=ZCd>}m+8W;XS
z_MVye9D6)E?`*l656nw?1K}l16eG8nq36Q8uGlsmfi=FypURr|);BnR<+=m3MI?*-
zZH66f^&g0EOMi4vdX~RPuY!SBe<i}jL|9e8h0$dCCa=m3%$L32zlW<b06#tieUSOj
zT348cldYz+6Fr@}NJjTZ%pXk&`A7W78+lIX&P1LF9B0jxqMn&ZP?~|&SAD2e&IV2c
zsPlDR4O~**FB1?Q$3h$#<z$m(kgpi^tkXJe4P`h442ZI~6}DyR9Fy2KgfR}cV^}mL
z#mHlf&rof|A&Uii)dX`h=tG=ejAe}Htr+qOwGa!UrPPQqkumhG15i&mf)m*mzMSD?
zdl8~W{!}VulVbp06Zzbko=SFtxv80fPouZlxw%n1pD2C;6vzb2szcB`Bjr%T!=>Dx
zok*>ItuTZdqAm=zMqQY*nRr<&@jxcdL1N-UNtj>ca!SRKQInGel*6^i)x`51mIH5H
zirl3~PT!8<V>L=|%@Lp{!P9dq+Kcsm)KNUL0mG8P1#5gZip^PTep{Li+SiB_V{Y(A
zbjJ`DbQ!1V{z~4cIaT&b1G9BOKfoS%TJSGu&h8X;lEOd<D8$=1fhUvYJG29vu9sLn
zINP&-Aa>I(#c~qopR2K<meYAZ=)<d3NIZi)Jxy|QtB}i>Qzmjk3@oz=Pq#vkr`P7`
zDbqFB_8$+wY*pIxshfM=?6WA>GJ`vdNlrHV6|}X;`;R7P@EYnumYa#?VYYZ@Yq<qj
zdb%|~(eZP-lE+rP8;FS#YqSRZXwum_DcW}AL;ySFyL??y)_QC7ls7Q&1Y++C%6iAc
zH*uW|+De#9NRT(S6S!rq>74h`xAW~GSueBX0gEDFNCAcJS!BdF3&~(isqkiD2>VA&
zjJNOj=31!Kh;(g5p-b~nRYSrv3O1fr(37e0g`SXiA@+v8hdQ-h&XbHRdSyQx!y|HI
zs}K&hvz_j+S3jAToUFJ06$GPIe2Jx}P$?E+FlcUK`gKz_;T=5{=qEwAKMuYWnf<Yr
zf6h88L)!JT@)TM=-}U1cHXOGEHWCGdEa|f)z;<3g3)p=~r;$Vsa!<_|k)9$+-N_1K
z^>Y>}bXe^Jt5<lRh{7xHV_;A;f&+1V2Hvp4^4AAa${iiwH&TP|Yj<*c;QD;`qsR!`
z!fk`FF!?du-A~}3#=oQcS-5v}KQI6PAphT%|L^m^_5Mi#%MSkH#gJnh_)BmAVIaL@
z){vC&AQ1F7`^6Niet5G01`D)*StEcBWzA;vU;*;Rg-h}}x942U?~CxFKfd^VF}z^#
z`e)YZ>Kw>^2vZCWC>QFHB{gRQS9ZcvmO~E+kFLf4J&zkXU14BgX6xUQ9&T11J&}K)
zuFxXJh0YroS~ZyM;tq7eg6<h$0cUeIG%+PNWtQdb*<oOfAr=19jE;Y#;xwc*3pQ`k
z<mW?A`*E=y*Om@r6lV4t1=pTk8KEV4IbAqAQibbtC%?ZsHT1q6J@iz^zfyvAENciG
z?IV%>tl;U}5LNY5O17A7&CA<0L*8!ZVSMrS2g-XbJy1<}Iy}XY(&yp7Z1Rwp@DhI3
zGH%a~fuZjY44s3c6g&QfBD{l~cxb@5hq+HJYUR$3T?0S6J*VsE2w;-QhmS*3%<23E
z{hWf8=G`$cupaCR?OOj=g>EM@9~({KB}0<ypZ&eO*HM~raC_btyC@|%umW4Y?@4)2
z&5N!^dC}*G(Dd%X$V1pOC_>JL?pR(1Ia*8s_*3|-Jk8P&>S7mGrDeTm?GSrKdK~f8
z0Z+6HEhSts_!c$={Q}7Mhv39@oHZTk4=O@?!x!KU>)>o%u?1S*N$<7Dx8uBw^gw#}
z$excd=n&;Q%)JyJ00rKsjC69#YgdFfDumnkBHl~DM=2^D7`>MT0?)!{=0!KsP0m*u
z(N{nfSfA5%h!r7(+CGoX2Bk}*h>@{HL)Op9qs%Z@Tkt|pLG+?8lRZEt^!x$tB}00K
zgz@Ra-pB+JQep5TFh9#JFBiQ_D#mZ$RU(2DJ(~b4dAej9C?KkCpyK2OpM^66q*;Gz
zjDoW`BA++VlK$v6yA1qRlu=oRUn6rcrUJAJKGs_RAQFvc5}r3Hnu+KksEMPH7voIF
zb8^c-M9@1O8%L?=9%iMbG|Ky_EjL&fo;4}@G(xz)kAv0{<v)G1yv&HBJhZ;wp4~ri
z(E8<h7qGCPD)?c^`hO@eckN4Nzk!h9n<>Z$m$zd{%9?+&N5#8sM2qoE?|3CF;X?~H
z^aeW*m@;nBN-w(b3^*gtPT{zPs*5e%TRYxEftRZRMT2|ZvVv{^QK6lduwMbs<d6MN
zg+A_i+=8!7gr6($)wcnDvjtx!a3OHy$30;yv>OYm7S6lH$tC8<mE4)I^Xj4p!w0Ki
zB;G?t_x9cG9dD+(kbO=ZTU8v}^h9hYCt!QsV`2MZH}Lh`<9Pp6?}u=K2g)C3UQjFt
zhpYHP$)a#uHX6=S()9N)QG}TT!<B=(UXWobI1!*c%z3~*h}QQo8R<C``dWznGq`})
zStrUg<)iW2b<4HRBXrEqtk#>47KhdwdZOn>LErPL)lKpE>d;P%@&m(5FdYhJ^h}Xg
zxkq4FLB5|^>1F-AbnxU|{<p$MhIaAAJ)J9Nt--90wb`kG!pGQQPhM*TvO;SO7V6Et
zXzw#H9)B-9V*)=c3>HjYI|+)w+DQaI4)7*R6TMl+>+Qkqf&`ODRN%R2GN`A}uHZ9_
zJ_ylg1s~NBer@Z|wtgej2M*bUe(RvXA;Ou@p(gM^MXLzI*aD>kdkX-*3`lu*NuTbX
z{%y9uUg_=oKC?NnJ&<SMadBtfI<z;`A8(~($ht{bI+_AU_h0cQGvshcq;oPlIB1L;
zb!0d*x{Iuq#W1jvJop!)#opXc2wyyjJx)lU369%lke}#MxmJ$sQ4hhuj@7X2M<)WA
ze(x9CjGSqp=`LZ@tpEgTCAnA&7>=+_2n$co%iSU`>gyS^J^_MFCo&YVZ)Oid<X^J8
zK8dp$l=FNDrlrq7QHR(ZM12V5X1!g44Jwej6X%Ue{GLpP2Doj7j}QVy;bnN0FsGA4
z65hNX7<`K&{@xxoX?&)$=7sQi*<1s@0O~KlitKDfM7$T%_OO|^?b2JpPJDwl{A5tm
zh=P2G<qVYIvFFH2@b3@+tl7vLEb&J04J8F_D)RjQAP-$-JdgHZ;9ZY~$|~A;T^_s4
zz(k9k4}XlrR-owjqKsxlmH{0ZYDHs?$1^CGs@0G!UyuqYn2w5$jIfezj92vMAhc_{
zOh1A+h;;l5w~*88pQK!ccFWq)M$QRP5eb=HCaD5zY%<59TtXiRIe|srX+iM%2MEgP
z>|`TgKls_m9i_}3r9=Tl`MCKc2+<27q8DG4D-fjNo9{WD<w!RJUDuFk30#rY=&qvw
zf(ykQm#?sWI7JoVjdVTsYN6jM#2_y_8_@I-vPke&Oi-#WbX_|0ioVJAg{pt;cX;l?
zh1iATa=Jc4@pB%U$(O}9^JVePd@F!EWXEC1W$e2o_PS}H@el@a5{9<}<N}k7?ypz@
zl--w+6KLgO;GI7p54fF<cx-lQ6e98!@DPZ+6LF(USU9%!oX#Dffm(3abP0<gA7rJA
zv?n0v88J5EA&3xdC5J(1nh=^m+i*Mi<XG}RF5p{_Cjdf4;%u4@M;uImAD%=QCYX^4
z;H2m*T_I$U@@IS^x9-ccp-Zg$au{|S4&Hr7N?<X^i&1$wk3KHtJjKrN=@V^c1af)y
zHJM-o?F?^4oS802gZJ=DJPyt5T4W^FZz%$a)zGFPpUCIqkq2~hHtlTGEE*ldiT+{m
zlZD8zC)+G(cH{}9h`t4#f!)JX=<G4+>3rVu2laMeMrc=eiB$}?`>#*1OOn%hJEP)7
zp6<C;1iL7IK&0r!fPw~g0*}d;P*|df<e-qq8&V;p;H?-8_|Xj@cdK;N*Gcak{Q_x4
zYYIU+=3qrvJTfrnbgc$ZI1p_l0bq(<EP3q?l@^JNi&MFP12KCH3R__wOD+R4D<Se2
zB1Xp{M(6e|XQLFsnOu`dkeQe~_e&@^b)H0dUWSy>;~|IL#1W0MUHzlyL7;iqN7itC
zLbs2|qpT%-hK_64JL@cEhtjZ)3Hch-Ca%}6{~(t_jGN<c!pvW7Y{VH^>_S1aY`9$v
zERe-ryn6OdhEsSymU~h%W`ugccBYGb0-AFksz{Mra`5%z9^Ax-t;MU6BIlt2mOgTE
z)(j1QXh5kQC;0xlFRKFY;lLxkUcj1v=_!;7%kw)TTkw(s8d&JF$W7d(08Ms=n~)(O
zF<K*k27fI=yH2MFgHSti4I;09k_GK1wbJ7v+h8bK#h82S^_1>cFg|pA&>rCq5fbym
zS5PrsPzOA$NBy<y+4{{3;@^tWp9uVx8y&g4Iv4q!Fm4Osfz;4z9Z$BStG5=4to-!Z
z*XgnR;~%$vSL^HNLEq0{2h)nhOwoHjn6dtAj$UhDT!Jr`dg-J3TO_FK=+60m@({`n
zHX(uHmmdMe93%7u6oQExi{zbwF{h$a8UF%4Qr9QCA01wZdH(7nFjgDEWATRXr)~Ww
zf6|)zE4&!I7vEEH7MKpS8Bln$q22A^+XKJv_&QbQIeT#k<O9P|<F>xQ{Ryh9XJc%m
zW^8{Kf8OB9UjzmrNF;0qs$l#Jcs=+yC<S|-%m_}p!@zRX*QtTZkUtkO4~e{kc6rKC
zoZAG(NecwZfuY?%7<;pf`d+??-C?K_EN&5tTbkE%f8<A~OG(u83;`P`NNDRf;)$u0
zB*9ekD)gt;`W=+{aMj?@pKu`{cG~8P#24Z|8qf*N{J6<~3Jm8y+<5<+XyjV=0$U;j
z1Ri)Zt}lT@)~cOm%T{)dJ-;0Pde1NH`52HVy-fwpyu<o_>{hf>IZ%AClvG}vvUzqP
z_N{QE5!jFb%z3oG{#vW;X-wrFVRvA$cp;(-i|-`|Zu?wMiG?YF8$vih)?NU%*6eN>
zBiGp<1|7oz!pc1MYw<@Go{wm_?(MR#rIjzrJ1jbn&B@C2PfzPib2=w66d8|7%ouB6
z3`XVyk(^D-%6z!ad=N8F1|?-~j%Ma-7x1&TL2`}-vapAr^vK8P8Ns0_Uj+fc!u^^R
zx<iNBy?J`%aSQNs0NiqwcT!R0kmP#)C3us45E=!uJ`+iBQ?Ibl+Qkt<?Ifp3lAKFl
zLp&rqOp+ZIJr-U^`?cpAh0s>PkOJs;m2gr|nE=tTyyW~KY)T*omlsEkf1MGk7-7Qo
zvR<$!Fhk@E`g+IS{@4mUji;Bde^%km$n|eu0JcNr37wXQkLhL%LE^4w(4$!AkM5e0
zi|W9JD9*`$taSZ9rL(!6`E103$Tlu<VH`}y$_T40@`q8Hz7Hq@k3wNIL3hXAGcWjU
z$KK+cjqd|7Zq*Dt*0J~4;1=8pGu{Z^-)$f=UNJra7^DZtJ6^i(rvlgPRI2Q;mfMQe
zSDK$6eRg}WgQD{mh6GMDaykQC3@Xwenc@glp>}<pv}0=e3s5@FOLIDBY4M8uXcu?|
zp523I__W-Pf23e#kc*pzATB&Bck;7X)_m6L3UmQ0dE=85II*lB3Yj@wgMpZEA`Kmf
zd6Qmr!6j9wgYmD&+kd=17U}lB7X5iCL_YF%l(gjS*_jbMZqE}&Fh9JO%XJ5%j<8CJ
zs$tbd@Kr}@&PDvDM$gChJc0GKUz2Lq&b@Z+Tq8<`%qj5Q#WIq0!bm6^eB<ZlY#foX
zbs+wMds>_VCtHFP`HJ184rHQj+q6(oBKTSomW6htTX4+p^-Jow4hAA1BWS2)2-p{W
z1lef%wqdo1E3AAwPCAG=AOrd0<A<$KS)_8MnVb(W#`#eK4x|A<;o@o=_a}5cpTcs=
z*R(ks*jD)Y$L;t4FFo&k$Omt$p(tVk7Rg7wL_d`Vj02ZK?-vfs>G}lu^$cG(ZCFm{
z6+ncJdSg{eWa|hxA+~mx{!b7PdJXw*72TV?_+Cx&uHcSn4HL2?sIWty)H-Vl!$A6Y
z)O%>g5V=4+=b<uH*p$=B7qtp;CoC^LDQwQ^;;DSmGx3iRdfvnM2}BtXWPH;q@<7dO
zJc@>I{lc@byos}!it_R)0SC{>!<zuOGZxkI5MHu~-Uc+A&{~0lttRp~CTSRq4uufK
zWG4CsA|W995}pws$|_vN>Az3|3m&}*Y?Hp3YG;gn{9>88Y(n(t;b0<~6a-F1@6c|P
zS4FRbJ90FchjF*(-pFBa;ww8aXCSvHh+dT0IMyw@nHy@yLO&iUP<6x>c?vqh&Vv*W
z^tm3T7e7%v{3X*+gLS3wBP2^c4^-<H{2Ge-1($Jodir3HH3Z`*Uv_946&n;+50SwX
z_j4j1kHm=`Ndw6m2g%aki?g$-#RNr$%in2@B&X{J&>dby?nm14(WRZ2osMIJ+Of^g
z^>nOE94?%NVB7&Jttm%f6T~jE3-PhzCUEfiX}~E!n-Cny!uFwzL2{(l7V@1uBMsZR
zNCGvJqr62gC`ZXUu-&Lfvz}M&*+qKKbBVgo^!Fe!bJ1khO&u4+aosa|O|d&?1G;fd
z8VMY(3EZj1741~*MN#&kx;>*(u>Uq`a*2_1HRt9|eG})gj(@?rW2hXTy7O!$-ciae
z*z&vrtc+pL9@4tyAQVjc1+F`R2`7RHczbhuuxk9C#P#mj;Vwt${*wBy{$zi;UJtdk
z-<PqnH3|(T2l*9%%u&`U(~=1?xDRDwFupyp7g(SlVwQyUs|T?H^C5I%DC*KaFstL#
zk~1+G)Y2oJNDbmHg^(2Re!jdPe24iUmgE)6y$~-FG=WVW*b*LyN@20{P^*u>nJTSw
zAuAap1d!}xW#4ivWai0o9KL0(_Go>O>yzBG$NT*9`5{-}zoI1SdCt3VMrM&!+dE{x
zmL#HZW#Fa+SbnS)klfd?Oy2Wn?l9eLso{V}t^t_<J{mqNqi3^2-_YyVS~EA;v{Aw#
zGAtG4bUgs9d!E1^)Q{l68t?jNGYpjKG~_QRv2<GzUdCnRK|N<!@`7_hayr9|k9T4s
z{m=kc_h5xKa+sasC~iFkU&R1DF!(&Qq{x@(0MOs>3h;Y-ydQ`@BKK#S1ChC?hK{<t
zFJ#)m)*V;&HUD&c!;XIx;`ja}7`tLy9Ed;9Lr-!WzTX0$`PnD=z8qL&Yj{WZEI4;`
zd#>RBk2mqZzGh>dgzIZIPNSP|nu+!vNgW0O4?sK?8q#?!%ndJ)*NC>PL&SuBa3mr|
zUK$EQIg45ZsfqWIb3s<58!+^l;Dd~m?CW1fnhrUsqF4P<@btUrqqp-UOlzkZ^_YjZ
zudoL(d1v4t=n6;RFhTSty>?S6POrR)VIRZFj>vO#VbOx3fY+`eHvRNxM5FQ^-o$cn
z=tTb<Nke_Qp>xm|=g->^9nBwk69a78O2&{$7<9n{dl)(x#g9BdLF>(*(P%}HYXEcb
z=Ru@#<&X6~B1(fcHi2y{EwHR@9K^CU&uTl^sl$vBFC0m~gef6>8Jn#3!!s1{o&-cB
z`1$(t(l=qZIoK0hEV>7W7O<tVw|-$8x7iTaLVKY`i;vy6CG>B?54ki3%**4*h~%h2
zgVpfZAAxSCKts#2Lo=v?7C^<oV-(?Ii4rgFydKEWC}!a;%V2h>g&!t|KE`UmCPdq^
z#gey36_fyp*z<;69<+C0%Okc=ZWiJ(=YkLx#OT1lOXx!6#c{?_pE^BbXA2&PgC2?C
zlQJA>rL*{#5MSbP#Z%N5JAMyZKl8ET$M$QE5@7}*9z-B<y2M5DDofoX2rC^d?6wkG
z>nV%3Ai5cP@AQpbOW=C!Y4k)qQ)UlVx%k#fsB09K@i0&wZeS@PyqUg@U6Z)9*OkZr
z+j9B;!3q3-{W$(VWIGR|+FU?)mx2G`E<(c_84}*i_;sO_@J6Cad12%9%&$-BA}D9W
zktw)!QKCJ+O(IKp(R#@vhq_c3&(+P@Fz-;f1=IR}@OYlpS>1eux`;e{z5Ew&%Ih1`
z58F6h4efaI<H+_SWk@{+?oii2BI@i1L}5W{(X$<_%Lofp)G9Fa+M^I>GvjY8P3w5`
ztMG$T@E37;udpM$nM8&D{P^3c_{d`Q!FzV#Ly4`Ja(xwg9*6ILc3bFrCeTR38yQ)1
zVPpBMuXW}j&6|yq$@Gq|G~YH(pKr6~qPu}l^D*bK2b6Iw*4)0nK2UNqYo%lF*Eya4
zLIli0F1rHHDLltcRHL?oavs|B=GDb2<(2hcKZCk$%gK4@B87m-yRCWQMpjPFL-*cv
z6(&5G4a&6ip^FT7LtR6JSpFBiY2@zkW~tG_3pdW#+p%|f+X)y42LA$!$jDK@_O?+X
z$Zapv?qyNw5ADJ+9pL3}Q3W{<J#^C#(UA#q4F4l7Az>~Z;!elCs8aP|L57pwCw_1x
z$eFBVDCe<5Q+7{bX+k1dEYmu>O!H8FuxR3?Odw*}A*fQLL9}ixx^;a0h_xYrnJ>92
zQj1Zz>ur=lUvL!OEKGUqfkEW-#u+Q790yp=hPR<^3d_eoqczWs*(}`V4Ez_S=Uj9*
zqKrp_0V^+lA8to~kn>RIi9+h{K?IbPf2LTUI4wln(vE*FT>HoF=g=QTPP_`d+epOW
z&CDd6yKx<c*Nuw?ri3H_Z@lL)j(9dsPd%C<{>LE+BA$+9Ii05g@fJa;5FPgleECE0
z*@QBF!D5@xK?9KNAutq`<4Rv3ugl!>7tj^xx8*Z-mru`(+zUM6!Pk?j$Zc?k9vAwz
zg}az><UZuq4gR8%*e&!-(CaJG>?e!7=XAabaL3(j>Zu)fQ%=&ux+{3hs@mj=pvXT8
zeO3hd!F7+4ktxBuSl!DvQ+n6l#D&$)@<V`DOVZ7}`p1&N)MyVxpko`!!9h$_==h{E
zq2P|-;=XwcTT^r<T;cv3&r9!kKOG-AN^9@fnI0XD8J$I}mcz+XmY&1xKp}mybeOF@
z(q1-tKbL7g`20d>ieUExOPt`G%g!N5B>HNsG~vc+P=N6&>tX4Z50U1bP!dgiiY`#c
zW|qVZrA7|}lE|Sq*d_QJ!B#gPPL~Rr8F>e<mxM)JH<oAQgv1pMvq?O(?oIG9)J0i~
z79*s4F9q<^E8#r_WZ2zKry`SelZ*Zg#puqs1M!|^Jh_1UvoBtcdXWB$KSj3!*Ped4
zSVKt-7?D?zH*}?6@xjp_8>~>)CNTAN--~ZR7hQ|YbpKNF6?=<gFk_EAi&W94flt1J
zN!MLMxOguk{OK+hN;;hRUlBFXVu^#=V@9MHQ&NkDoX!nE5UJ2~6!5`KUY%en=@<+;
zqAL)|8aA`JV~;i;LokB~251C--IP?2xkT{dcY%Pf_<#iVg^?@&o{&9x8`;fdJ0f@T
z5zl@pQ*UPKcd+Ax)M&3NvM4e2vj9Y{)Tvh`r*35G)0z4<?pMXQ$5E_guSE+B8u=+!
zu41KWC&nU;@w>?w&nL!y#JG?c<vzD?i2)qIn2TF6fb>$t5v1&Ibe9>;M{Ix&Lg96l
zZ0S#DN+blPaqlvndFCRs7!{wgez#mMT=^j%pwkkLCrQNxz#jcAA^|U$f=L||5tijI
zKS!gPg~=CWAoFTrCr*_hiHHfU1?L}PEg+W9CCq1m&gb~#d|qZgM=&2RBH8@Y7e1GK
z4s3h_Qt}*xe4Mg&5P_7n!xOXPvDJ}xE|X$C!biMV?=ZVNjzD&MAe}lpOCKx|iOxpJ
zoVoP3bMYk##e+Z)`GL;mwB%eqW-cYnWfODJ4WyV2Bm)fxg_1TxMlManSVN4*YmDi5
zL|;WCw^^c7CyP`?V(NUR{&1s|dM6&yJJ1!_)zS57LUsHTk{H>cV_wHcoIhWa@{7L%
z%3nbwi_*x<#MIlEx=W{CmYg~puf|7CW$J5mY7Re<gA-F<z|=E!Y9l%I5lo%U)Mp~n
zzPL8xbD>R|`7b_6DA`bAk6tP~c!H03Gap9m_Z$xFUqMz-GD+Q(nED+6BEQh7JMoCV
zf?mUg|FPP;@iW0B9mcVVn64$JYK_T5On!_L$Wvl|`EdfpKE^y*#~jF*Hz7}}55yM_
zIh_YV`gRp%kdv|Y<YA&zo#^#&QZY|rF?S6{G1(-N1zh^{<A0{#j7Ra=dds0W#PGfi
zd5Zj;2zNv}@Q61Ai;rk)oaWD9CM%f9uaE)(GGN^dg3y*k+lXGBD4LfL?*fhYcs!zW
zIK)e{uo@p42Z*`+_9WVVg^?{r+YI6upmF^55<7Vq!%i}7XOXs@hk>@inzlv;^doE2
zbikzy_?%>Xs^#b|2E4<7w{!q_ts*BNcT6>fO0*Chv#8teS5`f;)kOZ7SeLgTbz~K2
z1N)})5pP$&WftQ|)mlWdWJ)yhIjE0l0|GTCqJ@cY>GRoPP;ex}vq4p8S9B6%>3$_e
zla(~qOhl}n-`m+Bz371?xKXFy3(2+8ulXwaK7D%V;$omRa<LzmJg>n3f;^v$r%A{&
z))-n5E1oB-vq<N4DbwjW#-!*4@QgR3?RY%Ki)o_GbaBv%*3y+u*O_pEXsL!@V89yx
z0+_=Ec0HF73Rw-YQl0j<1WCz7>d3nnOEqlcBVG+}uo~{foHP2xry$C8Y~}YoOcK2j
z9V#**m6}yscq|46)JdpY4ygA7N8~riAtt0ZGo(RhU6P#jke?&#G0ggWM6yy?Y-#@r
zue&hm7@hPWJ1JgSu*TzjCjT4umZMV;5oAq7K=fh`5U!;t2Utq+2i+5suU0AK&GwW?
zYe<*kLv&n`e#kLa3Laq*xn+Ye@O(bv3|vPt>Pf~!h{W~JxDY0_5M-x?hu>dCLx^k%
znAR+x`Y0j4Rm|^1onLlxewQ=9y*bEl22tqDbZ2p4B8mc{`1m3r`58XqB;QCB4-!S1
zlZt7HDBeR;j@+$LT$GIB9-?R^itUJ`duL5bWj5|XEy;-95$^|rnUP&!ZFDp7E!FrY
zCga;qe8Ye*ay?_NLd@>x81^;d$vbS(5(sgK3jIh_H_k*jK{tta8EX=F6#W~N9PnSS
zSMtkYu5061J$~8QKc{mS_}?~&N9;ApHpE}`YU3s@41Q$q)TZQY=tsGTy&z%j)V=yM
ziUyJ4%?WuYzydrffZ*L&KkUBdE=vb}=6%%6kvt-g`xW!DJHG74Y5tdK)-*qOaL1Qe
zkqNTT$7ftT(X@eXIkF(5`!3*#?>_@G>n;)yq|p*Y<YMJ*ci{O1=$0L_WAKF)CXK`C
z$+;+($Z!BDx`pm{fvjh%je64E@ZGIp*$mXL$#%CRTyhzpb9n=^EEeezJA6+R9Oj+K
z^1d0ri7Ln8VAEmebJZ7T>SFaUr}JSjnPYT2IwG7)fwLHz;lib2Wgsu7OQ8qF*VtVj
zg5%a|<7ln&@cI|x0-~35y6TaL5m2NRSlTqgC3$;F^4A3?htJ98{qCotkHyD5Ig;pH
zd>@(9nS&r3C(og<k{zPfA^#HIe8#=m!F!%e3F>6?ao1r^*Jvc`cyg4?iFKTu&PGbW
zB9K!u5R+t_O#(6w3K#K>upx*uM9vWy&-ZmR<l5s<wyvR1?*Y@$%fJ6~{k%`V-@(P-
zqHqD|?s^04iQdD)2{wM}WFQ6dNRQ;*%}tb?&KD7flpvM<QV|%R1`PdcS0`YS`(xHn
zq!(kk6OUM}%->oXuCr(uqiM(kwjqo&5AupQ1=wSg1!FvADS7qdV43B94RPQuK(Plv
zID>`uhoC1C!z09i?Xb@^lZ!$hg%+nvr3Q`+mr+COI-2rVHdsC)Ws(q*u#O(UppBvx
z;S>HtLn*sBi%_BY8KIZ;N{{|Ng7vF7$ww1rqUXpD@Cn}yLYy9@PlQQ6g2j}}2rtEY
zx?Uv=w-;ci$of#qe&2m2+CTPqZ$+)jC*F^<dZ*z<jrT&b-y+N|mL>C+zsN{J=32@P
zrIfAjq6jErZQ=EX%-b;6YafC`=!f)VZ3?GtT*7y$u+hTV84INqm&l+?z^SzG;_Ogm
zM!Y?T7emN%I)kKw?Be?Z(m3Qzg;#n~@k)4qatS+X^U{N#>?-4g4{=qfe`t4Tu?jsE
z{XLr}_H#a9^W<L6$=ECgTcZCY<H+G+QI$VpLJ>8*K#GRd$wd;!`X4Hab#xN@6ACz9
zHf166QAmUX*$~O$!CS>2`QtVnFH|<zs)q-ei7@^!_IHzgxjCIPZ61H3oBNM}wkUi~
z1}pbi&_DsYpK}T63_cN(=VwGeg-l8MvspkK1(<yg3dq*6ngwJ{qTigRf!)&yWaXSe
z;It?|OANEE6%CFa%x*F}Z)+3d@Rbmr?;U-eS%Q&IMSn!;{lUQK42mik_SnUY$cB`i
z7m2=uKvXumo#<vJA=1i>=t3ky6>|$I5`=!h%%xx@xVuiK{+Hikg|Yz`PatFOLJ*OK
zN+v|FBr<XWyGC+>F(dpFx%HC7zaTKm%jh=Yqa()Je7j(dHRLYlg!-{|A0vm;Z#Ce_
zk67*<QbmEmJnK0yfWyY0Sgnk<qvL{%{-G+oi?m3yGqR9dVHgi~Mn)1B(=y{rH^75F
zicI{KwOfXrWP+Zjcg6&;eh_e2>w9|qwR-o<ufvdk<_`ROd9Cp7F0k2Z9`|31)j_^>
zC4Ng+>VCkgRPY)7B)$hhz1>oYSdn*F%O`Ow2i-!~`2ZqL5!3I9tmN4Lz;J}A`1`j*
z<L@8f8(h4VY6J=nQAOx;aQ_Q-xr6W8ZzB9=E94bdS`7p?trn11KgCWew@;C_XBYC~
zUT)-H9A}Q~c^rPGk?$+5?n~eA(oK@M5pMTC5Rxej3*>5jppuvD_V4(9Mp_^f{f5AT
z(H)ztpPB#k%Oz^lCLouenP2cqvj1ZTe4qpVoCBWgfPdwHzw7Wv9RA%7|8|Ez&w)SP
z;Wr$9<?s)2_%j^-Y={3PNB)By@HZUr&mI2XJNzFw{7*XkZ#w*=lJc7$daL8{j4AxE
zzIEXGD4!h%tI>S+L`Oajcj(Q~b73lt=9{QvydN5R4`&>Nf?tJ$8KI?I*^{@^PNXXG
z0gt~s1j5C-HxJ+b5<W5dU_0D+)$)jrcRtqln6NQow?D!cIr;iYZeGuearwCvi4x_<
zaL^xdz$ZB1cR1kZJK)nD{z(r1I*0!O2fpPF_$G(H+Y!IW0k3!XJ01Qv9qBK1z`t_9
zpLF;ycKGjd_&;#?_d5K_k>5)Wc)0^U%He<75&vC>|0?mv>$}pCKF{I5&Jq76hkubH
ze!$`X+>w8-1O9sle4xPN^kqBz84iED1K$#d|6>RK76&}t;cs;KpL3+YRs3=KY8~-s
zIsD@s{<9taLWh61Bfn0EzrYdy4F`OP1Aei?KRC(1IP@Ne+=1bx+2~KG3BQEy0ykaU
zfyemm5C2Gf86RRa#YJdXa8sd<b^IUh6v(J?X}l3*+$4Dn4s62*=+}TExvj7rQAG9h
z7wjsXr6fxE$Ei$E`KCM;?UqMg3(|$saHZk)e-#0mdy_njBE`7Vw=<Hpe)T%W%~0w2
zxTIoN=>#>9@JZvaFSo0-Q2mOJqV3orjc|Ciwk-FawQT7V8AL!;IC2RQaI5+sX5j5z
zB~sAPi``Pt5?#;|DJW)dKU~KG{P0%%4|VLPzyqUM&<4$XcDjlEr*3b+AU`u-x2L#Y
zx2L#Y%YWRj<v;G%@*nqWd9?kgPaN-fS~xgxA*!?|J3K!fXV5;Lk@9Iu>f}GP;vJ!-
z_6JChG0kGUsa&K&?{&Wk%?XDOKwY-?5g8J>3q^V+rd@2>Waj@WseH(9X##lDzw0;i
zA4$Sz=1)o*AIVbEX+P=yzxg+&#@Afeu=4-rBK)t?POUic#|bgi6qOimySZD*A2oft
z8O~>-J29;tpHDm7PJ<x9V~5jk<FVa*@@L~oboWI=Vt8VF;&8*yFq?+Nv~=$;+=<_g
zk9Ct+UWsnTPyQK}mnorvN{$Sp-}y7F0Q+gf8JA&wJ&mNgWUB46iusUVqT3EzXFK|M
z^7=UYm*}>`I&DWEPhL@H|L9J!J=XI=hu`Vtop$z*Zt^(sw?5I6;NFF}{MwX1=4o3A
z`0u~}UvgkkeS_bq^Hv9ftzM(n+v07m^&7rsqq^A_sQ0!SZS@T`^+tWQ-&o=GHXC}h
zK-^jbLDfc+uQu4|9g|s1Ppj7-Yz&Mt0*N@=8X6ms)>sj2XbdDJ5`I>!_O`BW@U~@+
zwtkrleNA4QBEQj8y(XTzwxQKq6KGsxG&Bc%Ms@q5@`YmzBPl_qm7vDg)Y9k;coDhP
z+vHnKf*S+Am0p$#i5B7EHL7VF{XV0{+Zw2DXwGb@Zmn)YvR1!Ua>f8FfTX$+xGYZj
zN1;3cqbcYQfVxa?Gg2Uj2Jp=fF4i<ORW};GR-@kAUTu4ugH0=l7r`w)zrSGx&;`8h
zfianxbG^+$qaomJB9~V-G&eUiuQb{k0`<mO$1P=ovy7#npal#@Rxu(n6KVteh%p&t
zAdOvYBx(WI8difB$ZHV_TVLJ05(RHwWBBS&TfiE_Im)PSSXti)8vsR`2*faIf~|gE
zYvwBN8q{=itwCD+M&TJ#4d#rxMd^`3axR=Fp*8^xDB>Bupj4$WTc;(~!i6o>HD05n
zx>Zuttf^`AW(Mk8eZiIWB+RH@UER=Fy`s@;_*w!DzGlBs(BK_ooH2UpywOw77>V*o
z?N`^<HV_Q1gTfWQ>egD6qdDOBXy*E3;x&47rq3`Iqr^nNxMl2gUmI$zwbj?gq`<FB
zDxQ%nT$~?F!CJ~R3}X!n)Yjk!l`(#T=l<Y|Cf215@p~J=`b376QB<amA&P}MGWaP?
z&)=}JxjFzTTCv6$hQ=^;7)r-z^}g0XO)%gwDuw5yLNjB8KTaIdLEM4cD5&=ZP!jM4
ziQ_*>Ou4EybOf|r<Qsr2puM9Kq@nt~=LWs-C8xD(1WmwL-9XXRjIbL?P}o@=urO=7
zld4?DK!sNp&nz<*S56h4Xy5dT(;+azd@$2r)9Pz%Wd6ZsKf4^e;-$^As{ndb;Ub^m
zZHLIA4<g6y3=(RucjXn9A;nZS-GHx|StLku*}O$%3s5l(cCx&%Y+>nC`NxJ;ST<E2
zOQsqP(tN;1bfV1=72$j`?}C0ZJy7ohk8}<B(f!!W(M_S+U?ebA@{qnI842oKXHt#c
zrLlSqYMad(?E&>BJv8N!U0+=T8fSHLvu_PB>e3XWgJY)*^oxp1H0Kl9Bo!}B4_!#0
zjXW=0D1tk66v?o-MqU-p@;0_iwfT?E6g^yHi|!>LM{FFU_Foki7K{H{stfnY|5=*j
z(^x;53#w}ye2oqMfZs3*O6z?M5MJ?)Olajv%{;NR6fxZ@;|(dPHTzMjm|RHt7fSBJ
zz=f5?rDaA*abJ?cNOcXZ7#6J7s5@9oh<oLO=pu(;h4s?{QK+*lOv+9RJ=#P<uPE%V
zgHST#Z^nKplGLLV^WSAZ==>G}#Vq3lpfaad2dWKpimhv$l_x!=l&h7UlAm2;Lo>?S
zRL!nFUPlm6X}iQbyH0q_9u*^{x0P)#aS&cz-3U~pWUOM74H(Vd8jNJstr(1b#DJkh
zG959leFR6jx`uXkB;+qJwsHtXMa%%p$@{pp>$Zhphp;6NA5vesN0ZFrBdI0-x@)LG
zV?tiK!4^XLp;okc8yhM9i=Z<YCBAkFOabfBI2~=?*A|!l#1YOxjqY8IV9QvfXdc_>
ztqY88<zTN>BIC5#h8IIAMtWeEF1dcxIipsMYBcJC%}^r1cda-<&GDg|h&2bPjzaV<
zS{TvW5kp%&)HKvZU3F7KV?#C6Nh&psR2|sF8rL+pYkt~NICYd!xP<?t_I0Z-^VgvB
z#Xr^q`+RbtxDmC>@zN-j1&m;;mWmk-z@8{dwq6;3in^s$Ck)svEf`+?QokHS&|aY@
zTBvRPN~5kLYL*Wg3VU-DZj=;vb#-flFX*R^=tq}~Kz70yn-XQq@T2TC^_g}TTiZ}q
zhfW>pTv9H66s|a6iCe9upP^@mW+mgC);ll`OCEtXpFKXJ0xOz15M{Ck{MD=Vup^pV
z?`+7*YT%$^B~1o$TkrF67#fqg2(qrVe=VsT-H5c&hn`n72(*jUEHYGB<b;M9<5^56
z6`r9mWvelsV4Ni3wZ7&N0T~}+@smq06j{nO5@bptYlG5^s|~8jcD+G_D2z~F0)o08
zWB^x8>2E>=Z*69<g;4MVx)DeRYSO`h(pDITm7`SX(yTfkGiJ;%ySGM%fKe8W!K;z<
zDz%N(sB85#8N;l#v|%FUzF<I7SGO|b1lqxq3iKweiJe(*fz7mfGLo54Zq6{8jU`Z3
z<{}q1dlY7s7jmqL#7qr*V39NPBobv)^k)uhsPq;e^eA2X?I>~+^a(IolxItmh&72C
zU!$*ej3yQet#?!+A)+)i`h2SlG(47OMRhGiFo9HwfgU!qw!z;5odvbi8k@dB_!cZV
zZINAu72cX^mbA5fb-=LVa~cZy@-=%iL9(~m-w=@bijV~zNq1XXzqh19vb3{ntZrQi
zy4Y%DMvJZws*TLQq~x~pivB6nVve0Ot{Jo2_Xp5daYk{%Nd~70(9b80Lund=P0hwi
zFQ%(9EX?NIrxrQt9uRE?>~8b5uF|^KFn<8_`y0OR9Y#5AV*h8&9}TG>NSmF%<SOJs
z#YYb=?Uz|Ikuzfqdd9*<3o7Q#EI%W2L0M_V+_`1*rpH@GvV5S|o>#F*i-}}|5eZ7Y
zB_;mM^4ass7D_&)73GWP&Rd8cmp!Bmz9^8iCU5iVhE`uQSj%xkW?&#a(Aoga8m-cw
zsndW4_LDK>m^)M(W4(czu`R7W_C0puW{y(mTM@hx^KX>7x)~iM*u*y7TnEvpg><4L
zabhgc^bR*HYDZdq490EFywFo)iqjfIB?>!*|7?IVnZ#_d1v7F^8!20{xn}Ry7#}>~
zvYRHA15`JdB8`rdqa<z5FIuTE4&tsg{7j1DD7($b<clPt5msaA1Om|*XkZjf?7Xej
ztu^&)5IM+ldqtA9pl8Z3ifUe5S}||N?3q<_E2fu0J&DyyjOXn5NTJTXim1mJW$o4M
zCowk`*>K>Qk`OmB&rEwvmR1IWnlVG;Tuq3pZb9X>ps&G*T!VireXSrJgN7F>o3%Jl
zhcPh|?V`F7BV{eRU`g(+MTN}sA)R#QvUr4LC8B9Iycj(KL0Nji@<uf{8VF#_k_K8@
zxtPMqo?*2&vp|+P8YHT)2a$CTpch_PH+F_Lg$-Umruduzqd1wdN<ijg_;w6`#qpJa
zW{jyTSw6cmAig$F^pwJHF97%r$jMZ|XW5G>5Cd!WCkm0CDRL$#nh!?^uBB)+XbBjb
z^_tu$_R5?YVu~z`_qNwG2Em<J3>yb%aVkpCqo!$%jCvw`W3_Lgm!gG)<=&N8@bkzr
zlf4Lt3bM$kHDuu_0bpfbt9ir!i_yTzkAxKzh+6`yfX*7IAPi_SQ2iL+T7$3}3}-Gf
zGCLMdAUch{Ht-I8E>k5aoMWuz5W9p4OF&7pgcTTwkrrfVWd<j?CH^WKp|n|(1-4Rj
zVyFw5CX9(K6KUNZ>M)xU7Zde>Pl_6vTY$f=!3!A&kU@HRflGOy9U||@F)??g9QpT}
ztNd>h;mF@!th5*~qqSO;e%2uxI_FDlhBY<b7K{iGAiMhi*Ep0p17g!l!G=;GN}Me&
ztGwP8NG;Zq(Wl2XYgr*q)=1H`;!BE9rmUV3*lMs~h<0!H?$W1Q$}Qzq^j#T^8dlnq
z4QgYS5{-)IB;4vsBx8)-R+lm=J{hHeG*@F>vm{?saG6pGhtYjOW-!QRilm_^6nyBo
zy5qMpj#J6W6((kS^;#5-W@$%4J$mF7P%YMA9s<r#<Ly&X*NQhP^bDxS{(4`K;!Ltc
z@Ap!vls2@YvATH`1-*I&lmhgUGEZaFq*5hOt2u-+L5TE%DJK%ht61bHo*4OJEf&aa
zt($0*Q4vdHHI`Rep>#E%Sj1B<^f^egn%Tc0Ki^VrgcIyMERm2}cBxqwuo1%uSLk&a
zMsXVjHJwTI4z(m4vDLoh@^jM#LTArbh^r0a!TL>>b9-7CmxfrU4r$UOEi{cjBuS7W
z8;<ShIh(xIP@GX4TDUCvu*EAAU1*Yg#0F2)ftC-=65)tY%snN+oLo8!F}fJ5;U$-L
zKUJOFv0A=GQUfRhmuI<H5^w%7J>41@>>)o1Po^F#MX9%xEyKU2X@#$mwAI>^6*8xR
zHHw<020SLyR<h77aj+Ex!<Nmcs2G;HK=#Qz`%yEKbWV3q=0c&wV*ssj)|95DnU$D`
zwqUDZhL5{4e$L#b*@Nq~tx%IlC#Gtx#;nsbr*r1VE&)?6!dm@fTWT7{&e3(^nQ$^<
z*!zJVW67k6Rpk|>#pPASm9tBY;lm|lc7^tyf4(uhc;bZ2avzjGFu;S=pV3o|5>CDB
zjho8S*`tig(z&Ixi$@t{vlrt3+*165Ya|zom;iC?H5sFTp0lQ`S*oEiIENo-5uzg&
z6k^!|3&2yYhzn(D*Y7dPXP1;NC_V86)E_4TqC$AMaC-o_?&IzuR8b5<BP@oGV5ixp
zRU2;VX|7{@AiqVShh`D1kzH2E9f~XBpDa;Ww<F>a@roItbHO%dBddu`UH7JAHNaAB
znTZxkAV!sA*kR4a@x`h!5usqSWx3hw#l|nh1dY#1PLZ_<)zK_?Yzru%cm=w9;Y@a<
zoo`GSbgn?pa$p{ZLCc*r!j#04G*X^W5{gGL7NE3rfwH(>SS?i#gtZNf3&u(Z2R7gj
z<Ga*9=@KMT7ou*C*0X7Ab}b5z@J_E*Kwug$v4Enz0y@wtZvai&svcX$`rxHjm8d2K
z13s=**KkgP%rzxM%v~c8XEBv7TSyDA#DO)77z=e?BE5ZO$G!Pj`UJd~<#PQ5U6OZo
zHP(D6uV4sxFXJqFe!FkOCN<}S*eta=EwrD-3rh~3g4qIBGC2+;ODbmQzGiNibG$=T
zVJ+*(FqXk<>?<XfQ}mLU%+it*!<V<u#F(ux%UIG(wb1GU^Zk&6eE-r+W%q&k{!C>U
z@y2B2`#t%!IxN;848?$$q-Lu8<7&_k<@=T0vnZp$#yt{Ib&Y^SDibNu4aUN(K1TWT
zTNILvRK%6<2dV%<3iE5GA}Z&F$^$<f0#^Ao@EL}oV@qzxr(j;$=_46Qot0m+R5eM8
zsp|OSrz)T%UZxR;g>(#uw=sdH7DT|*UNyGYVm9nsIR;A~jS}3V=5if*E*1flhqw(@
z&cRMrK%rK|7C~Ls)YU?z7IK&`O<Hb8hmn+U2Ii{D8Zwh&G9R~aqtbrk!crCHc-LUj
ztX9p#Osg6T=8)MsU$7aA1a^8oeEJph!g3EHa9)Cq0e@hqDy`-cGZuT;6;Qbz$|<&`
z2UjCzvqZ$I0)}obM`E2~jGE28BECJ)#KF(-V$$C_RP&_|rf6pL1yqW9v?$?Ccmaew
zYG_6m(@<+|BB=#s#nb1Op{l@_dyXkmMY%=l8axYO4cLLOA0G`jY^tH*jN`PI>;vYE
z`)&Ns_mR)gp+)L*z);@Sm@<SOEdT|?kGEi;K|-I$3Kpe~%xzdXl#15u*xNH4*f<Ff
z7~>~fomAoqEBak^TG@hyvn%E)nN}IA(HxUy%dvu`5>~L3wJ@k;p-`#mvV<9%iBQj^
zirk7h5|&r_Mp5#NV;X49%slS6<FH97+c7S2#t6K$-dlsI5r*P`uVpkkU2mf?7i;q}
z!=tX5utK33VNWA14N27IOuj0ExV<T{UfbbDAo_4F;);@-sBD8)=dU2YW~A;y3Pz7q
z1;>v>E22WA3@!<w6VnX_6(u7rbQP?v@dYbXCVP)6w7{BG++Huh8zqqIHS?P1HqEM6
zPIP>=0)3&z+N<wrRqT1!G&j|&wj>fW%h=YqsKS0-cqLmDUha=TQ>|H5B?Fhv9d)7O
za{)1yz%62CtVv5_c15=DyzzE}WUX`VBj2P*1^Fk|=I4*JY3!p+SR`!@RN)mc*>n-?
zSdk_3_DzpfAJi^a_}cfw57)^1t!pQ4EgL=zmf)XW=R%homknopT{qx~Y<Wp#a>JwV
z6iOLqp#R2DhVI^=U|<(>6<n4a;m~qrsHv*(tO7N4DMnNq&Zzp=teVssr5n^(`)zj1
z3q@ADoNzmFU(aHE+Mka1uTxc?%2&tsX{Ld`sp@2P3dYmP>LfKz9jC^s6X7aQBh?8o
z$HUF%Nfy3TmEyoQ(BZdp)3~Pq`$XWLq(%YnaKSYJ-{Xx@BV5uQt&VaDJywlZ-*pYo
zLFhrQ5St47d1ykcVF~VIp+6m~4vB>fjk%6h-+|ju2diW7{2nfPAg;sJApFk|x5j;>
zxclS(V0D-}LVQ^ke1OV@3#W(e^OpkXzHBPsY5R$@uk`zZ5jWo~=STMZHo%U{_vZO|
z&%v-9@9c0svtV%;p;(-x2=49QCZ@+>l1cc!N%{j3hcw_&lUUw-BcEY7^ai!6P<sk>
zs8GiWb+1sDO6m@0-Nnj?V*nM-C`G+0$f{CD!yW@`zz&5S274^5O>bU;n|bBK^7&u;
zUmj2f4&*NjE%FdG0ROWg=luVln*)n$AijP%6xL}5Nys3yzQfS+4o9n_`v|nULFn-Z
zq1QbU|8vpOj>eO*vn0iV!gY)?&}xr40457K4jisw=tqu)&4ac7(?yeSJ#GKKpIH+7
zK;asW5qyN`2FF1&7>O~RBl%dEaTufdOg1N2{u3SH6Ht!_4%gq!181_-=jMSjS?V+M
zBxpaMnV*>_%YVB5Gn1u0H4l`@f;KiubTU4_oyk%kn+M8dslS;A%4DgJOn2iEhzA<)
zH!~lZS?WX6-FO7jHy-NMiRMG#`oMHI9)Tprrn@kfeoD-x<9q;IJ*K<y2qcaROLqG-
zJ;3$8>25p%=_~!TUU=UJuBhp5JOYX1D(aOw4x=jyToKdVcm$Fdzc>L~NrGF)i2&DM
zO?TrFh)0!LsiyZzotO_}XQ{uK?#3gK<oL<HvLx((0j~E<cjFOAa_Zi`88LkC0oS{x
zyYUFbqh?yMXT?(W#>kL&f$JU9-FO5NPdD3v>(rQkj=0_duD4Bh;}J+4m%FPxhVgCS
znhW!m$^YNhWT`jJd8z{czrD#)mFmytpUp}<zpcqq^I;ai{>h|E|EH_B&kpVDnWg?{
z9w?Kg-Y^f8$-<)iLbXW#)AemkmU_)RP$o<L!8}kVOa0#L%Pigp%q>lpdeuBoCQF?L
z^NPv;-_~TQm(932J;@gj|7NZ%^^$p@OqP1lJWwV}y<qk>OVk-K4CnKknHSK1J#Y3l
zIyJ+;86L)Z9=LX!2g+or-<iKN&y@dkeH)Xd{>SWXbjcW=SjMyV$+`bQ8Gmc`HW~xN
z6LBTF&+diyx4`wBd0@;^%wc{b`u%Ur-$1|T|Nq=%sb|dtWe%)<e<0@yyUYV+veZt~
z-FO7zu0^<o?u1M{Wx5-WK-^O4uw^l=MEjott|v`*;}J;TxT+kuo&>HPrn~V7#2wdi
zRqepU*jefc)7^Lkl89@CBYjPh{|VrF+;le{fp}D{r0^!COU%J`KMq{mO?TrFh#fQW
zS?7XxC1Pi($4qzQ5lAAAeY+n6u18IG;}OWd(`#tG(D^8EZ8P1CM<Bg%HMo?Jv9<x%
zBc{9Y2&6YI9db@DjE?}<R@2>h1kx9-#PC&ucPnshG2M+vAc<*`-Hi^)wgA_|rn~V7
zBsqQD*W|#&*jcLEbT=M>#8bPuniDW~1J|!jcjFO=8wOtjhB*A!!1a*nZae~s$K98!
z1=t?~t_Mwb;}OWdFc5ZbjK&9n>jBf<cm&cLS8FVFGVB51;_U4H12j*&Pv&X&ncv=U
zo_4Q!?*W>p{mML0CO+r;rOf&Ce|uJ!?6X7rdS<D6%mZbz)ZOOY<|6q|*S9fQ>Mrv@
znJo1S^FSFrANu(Lnh)J+9w?Kg?l5~Bzi74$Pt<q!?Y;x;@n>dlqf;?_-{}*fKLf7Y
z%>!k!)NN*Oqw`~UV$S<^-v+vFHG3PKisAcCp9sAbxNb2Il*v**HQkLzAjy5F_61yf
z)}Ml|n@xA)5lC-bd|%Sd+zebdneN6T5Vuqwwb}*SO~7@d>25p%NyOFWf*}sS5x8zJ
z-Hk^e?RaS>9)Dl18-VM2)7^Lk5>Ng8{ouSFxUMtZjYlBFb>4ok==`n&uAi9h#v>3N
z@B9R8KY)8}f?vmA>@4+T)7^LkV#joQUXX<G$G~;1>25p%al_#rb}evSW4arUK-|;0
zg<b<(SDWs}BM`S#3|p5}K89QkTt711jYlAT;Yto)4_rS2uFa;q@dzY24Sg5(qDaTt
z3|v>4?#3gK-nbaj;ezif;QFEIZae}>#?|S9!;bMo;JVUuHy(l5G57uKLLOHF*A=F_
z@dzZ2<Dz}g#8_7V*Cx~5cmxv1<?h-L%V866U2eJ?k3f23xHy(N8Fo2vU1qu)k3f>+
zyZJ&E?#qB{quJZ&v5Mh|qt?FN8-eRm)7^Lk5~t*nKFVgtxD>d;rn~V7M8^#82M=R~
zf$I{}-FO6I=L#zKgYOdH3YqT4Bak>Q+qJO|oFU-4*mO4@fe^!GeWbRrUoP;Afop^5
zZaf09<L~>q3D`CO*F~ng@d%_Z99Q(B^&;TvGTn_wAa1y>?1hK1x`3<GbT=M>IC1^Z
z6%S)|0#^qvqINUr@erPf>#9ESFjfa}U1+)+^u~b1ac$lwCdSTE>rHp#5l9@@{#@&U
zYn|zCFm3_jj^RfxG_C`#3ru(85s1chwM$xOE*AjTTGQP?0|CUDBJRJ&fqyM<{lIiL
z9)ZNu_I6#HgzX2wb-w9tJOYVh_;FIoc)0C4AGppl-3@d&K<t?D=TG{;c^+_m-*h(~
zfoL4p^^rcF17l~YHKx1q2t>!e{u|(016=K<yYUDlG3P}04ZX0p16P~rZae}>Oy8IL
zM#0+#T&qoYgV_Zjn0@r3z#Zpm;0l`V#v_n;x|{cdGYDJ()7^Lk633P7`e`rB0pRkR
z?#3gKWDK|T!Vri1fveSYHy(k+<2qfpI`Fmv*SV&<!CD|7P7F@}Z841J0#}RaZae~U
zrltS(So%b03vl^NcjFO=9s6gl>1`;VKHzFL-Hk^e@z{6l2U|06HJR?lBak>Qr|V7!
z?k3=BG~JCyAWjT@`x}94mFaFg0_iL5&mB}Tc9uHFbT=M>#Bu$iSL!&7u5*B^!E`qs
zfh5OI^xfsa-2hzmrn~V7Br$cO`)&s&#?DeJO?TrFNMicF-1i9HmB3YJx*Lx``bytB
zybid$rn~V7q<5O+kYC2i>IJS^)7@ZK4v^%O?!I3MzFOd_G2M+vAo0}q#wdt~CAw;W
zYlZ1<JOW9K?NRsb1K$eZsy5w?M<5<`|31<u=2Q(_%T0IV5lCX}ME3)|a##*rRi?Y~
z2qZE6zTH*8waj!k9)avTy@oz0G%f?KrKY>_2;`gK(s7mo*V(4K@d%`ETn{-ob~bRG
zWx5-WKzif)wF8G8<1FAh({wi;f!Hzk_3RexX9Cw5rn~V7WM4Qm>|u+}Gk|M}>25p%
z**`8j#uDH<-E=n|f!HzQ&n<oM>vZ5c&2%>&fy8m_%e58wPXn&Srn~V7q%RDQ^rCJt
za4j<3jYlAT;o8;<*COCrXu2DZK(LeFE0sI`g}}AIbT=M>xTkXqT>xD3O?TrFNIcbJ
z`=M_>a8;V_#v_n8uKl?xfvduFHy(lP4?`SY0bKJ;cjFOAJnsHn^MGrv>25p%*&hbN
zw+kod0#~`|Zaf0{Cb)E*a^RX{x*Lx`zB#Trz;&wWZae~U!}YkUbesxYvrTv75r`YE
z<gh0!%(H=Omg#Oh0!dD{FW)TSnrXTlyp;~fzEUT{W&+m?)7^LkqT}yy<xn!N8NgL$
zx*Lx`lH>2oR|Z_uO?TrF$i7m?VNZhY>A+QLx*L3{07yJO-c#FWNlSsN#B?_vfh6Lx
z-8)@zmH=0=>25p%vD5ec++|@d2CgF0-FO5N$MLi)HF0<ma7{DajYlByxX<hd*EHao
zYPuVbK;pRic0DV(Oa-nfrn~V7B#z-X`=M(Ja21;F2Hy$+634YaS0QknV!9iTKzd_%
zt`GW70WOc(htZHeQufZn16-3$cY{+30C7pv2lmOpHOX{09)WywT$6z7WYgVv1maP@
z?Sl?yE++%mMAO}P1maQu^9^xL1g?`zcjFO=GxxszCjr+4)7^LklAQK;`=D_GaGhwn
z8;?Meam9VRdtp5hxK1$LjYlBy)P1|27rZ9`*Lc(2cm&cn1}9`ZaE&wFjYlBP6n*>0
z0oPd5-FO5NPy0eI4#i<~jRmeTrn~V7Bsu=Rd}HLk&_2IYKVGGzrT6Q9P{zTTSp#y8
zF-DCZGj`ng2`8O=%9LqECDY4h%&e%$J!<aUxyIbw+}xvvjhw&WgcBxtrk+}QYK6hy
z{Q1W45l0tf4?Og+!H0k6h#}wo-jPOL{)w|@&l!Y(BaF$j=k&|S89i~{=#vXe<{5KR
zMxR_<GH>Yo`3n{p$IhQWcYZnk=9ib3=Poz|d6bt|;4sPghB2VB(%>Jms9XRCa$<H8
zkcV^FlpL(1@^ChnK5kGgs+wCodmayCqEkO`6usqISh09PX&E4;vnpnb1F)D|A6vhO
zU^&v<!VvS!Dl4x<7$1wumN4Gz8Tbbj@|<2)2`4^=s#;JsfAQ=EWpq|lF2bo%#pQ5T
zE~uDW$y8uy@#1p27A=^)a8dChQiQ-nZ%IW(d0Fv13lR6=l>OQBW+Hg@JR+D?wgmrA
zuUIhMdQ{C{Tp{=t&jS&XZ&`&<SwR{~%PSU^RaF)*C?o0$5FGa~WMNr(St$`OD4sWy
zWK}G{zv6jBZ{x$UPbyEJzpUg)9<>4oH?6|?Hcd^w<|^C6W45Yr##!r{DmiY?I{yZq
zrhwuRi27KZq$ml&63vRD52wOONdAD0MF%N;@}~9BsN$Yl+o^HMA)Qr8xDtcx$eR9!
zI@M4IgtdG~dOS6VL`ngy{OFgM;)oT`itWcyS~Xs!9~u)G1;z-&@YI1kIS($JOQ`5n
z););2(3VHF$kD2jfCaJqiexr7R{2`1ygp5LdrParx%90{pYPab%NM}J%Zk-0u*I<D
zu&2W=gRO@>7xw$G7r}0Vy%zR%*t=o7VYk6P1^YYL*I?g+{Rnn1Y})0;Y7lHL>~XLs
z!cK;r20H_GA?#Av8rTNdHrP(s5bTw(KZd;#_BPnNVeg0C3i~+hF4&h~{|fsVZ04q7
z^*z|pu&2P5z*fMX30nud26hANRj^mX-T-?$>@Q&-fPD=1Y1kKF{|Ngo?8mTsVf$TC
ztOmj!4m%9?I9LyCF>D!Z1?=gtXT!SvOfv;1XT;CPn4p%(`4|m2A7i3gfzy?~hXbUJ
z#8>=0B_oJ)GCbBv6vOb2=$ZJ+|17*6)Tz$Fc@jUt=}RX%GSTnF`C@O#-4}D66>}xN
zJLgXdy;9wQTzDSNTHGjo1HMFi+&Nktcl`0AtRGHn#E-+n3H+TH|4le);>jmZ;%_p4
z9?vO-Q>IMCZ(31tNl7Vx97$%)KK0a7=ggT?UOsp3ym|8~Dk>}I>)(O}j&jAksVX%k
zB_$1(PyEtS(-4MVS~^TxT6%hVztmI&OCUm0(^YDk<xjH#X$(na9K;|>cv4c}0EScm
z`#Q^o=Vi%BN^&~$!As9hOaIP*@8leRQomEOE2j59bzsFIhi09=1aXGLuB^wu<%b<U
z;y6!{DnDo%#=ya<_GAR=-(m%`crgwkIzoMy$4V_;Ja*KW(Qr&0Sx`82@{~#QD^=Od
zk{QJ{-ntdla{*YkO#bLn^G<|MopI(_v(&;x2s!dJ$js1V41m=56BbkrJ2v;|JT-0t
z4=J*KCHN*j52u3h)Q_1s@#8#oK2H7^rA}3IRJ;1InkDCdl&KkbAM^V-1>{nk2yy}5
zxNE^XZsS##x=w9SH>excbagY%GGM&h<o^`)Gsw<VoKTjgrr`vtemH&VAe=aLFixA|
z*)u#<glE}=)iuDn7CQntIQfO?$KwQ);c7j05wDi8ZDy+~!k01qlvgm+Sr{(IUH6Bm
zmFil-^+R=)+AQgRpzcx^sg3Gl6;hW724~7E)RmHw_%2g6zF(+K5=t6qNl&f%5qNN}
zYJ?4_+3I=;C2wZnXwtcgUzS(mi|qySopZffg<Wkw>aZDcSL3_e(}j;`tEH%cD&<ql
zak}77)h+5)b*K8dx?A0YZ@GS{ex>fkj>ZG(L7c)?gR|Naf8)ld8R`9wK4|8w%-n&8
z4joXCd(`j|Wiy7Io_p#XWA4a`3+H!s85>3n9}ylt!nk~sp;C;Px|Vy?fSg=o*s-@C
z0}X6s?os8Ju7xZlL|AGJ$T4z{^46_H;vZKYvS8t&W00Fx_NtZ-$m!SLpx$TX4#*jf
zJdQCY8UrRzI>nQ19AgYTbVN*{J9(1fF(zeu^702BO090v5gw{y@!#PShbERP!OfQX
z|L`vb-IT@f>_Z0RX!dC>Irpfek1>W0J2o$W_=p0YE$H^U-W-P>dpO#_7(B<|+y?&t
zoB1!CnUmPBe>3-Rw9Fjf8H90Us*D6Yc_$qwaa@A7bQAi3X7v@mUHK{r_lM$R%o%7G
zvz4L#4jK}zrY;ZA>&+^`yBzeMV^OVX<9R{D1?Hr+B`Gu*^Znf%iawwNJ#d@+zZkA-
z(O!Q7A9K3i?11Y!v|1aZS6qKL*<&&6X8ixD1-%7vZ$<B=<JMSD`fj(}g*=@Xhdl;-
ztGvxqsaZi2#D7ux@U#?8HNU+`oeo<DyA-y@a?_t^8{nS<E9X9Y44wyVIh6|H9AI9H
zj6<78<oid+iPAXO5=YBwMN<Ohq)YpnJ~_@(ZulTf#m*wPF7lATvvIuCnB)A&hQk$a
zo&mIWO*5`PtVuXp_50MVtMnnoRV#wbfdW{EyD)LFU!%7j*Hz&TS2+XKI+$1{Tcbxe
z<Gf{k4Wk^2jPvk#rnRT7x|K(9d-MfTqvdFNeU*(q9ND_l4F{>Cb5F|PoNDO9waV^E
zEE@EgsiPCf;OU>5QUmwjwASI8l5avUYK<(gQZ_a4QodvYT7v%i(LCohj#r;G3g#zK
zT8EpUkr=-VyNc8eokePQN0B-L?z=87QjfsCu%Sr(HdLhEhW!Gz4E{4<n_$<&Zic-R
zb~w^(!!!GmA~h6tBJ3R4Un0#lz;jx-Nc{r%X`ircA;Jg2j(~j;VYHQSzlSI3*nsC>
zfpaa=o&y_zy$tXjz<C?&c;xvLJU?N+a5Iga)-KC((C{eiA7GC`dN0ynfw;egodkRE
zMMdg(*rl+IuoDo6)(_a_$e(sUGDo>ekhuNIsE)rT;Ppd5amAlqlc*dm#7Pk_<!P-6
z;F>*%<yahTZM8P!i8Hz77+GmV!}9&ZG8GQr#;tF>lY%&S$oj}>5KbQIjaF#i5k?rU
zG5|zlkpt<iNC=YyrR`&1<?!=1&fff08e({+7-wgygMm;#GATcq)-ka-msal58ml9Z
zsrMLp1qrD~W@aY)J(<c%Dp@&luW71P>eFkB)V)8}HWg1l?D7Ol_&2dk^G)J?(>OK_
z|4w|(@fu$X?jTyzf@(qcQF&dFy2-NZ@Z4lsh6P}83kFa8u7eQRiBNY+t?>D9$ak}S
z=K(4NGR5APCu5Ij8Zk}$^wl5`7)CUY_|MX<k#v<e7OA&xDpL2uUI81lEW=NN`&Ty?
zslAr{49_<$%kU>)*WFU2w!@CQ73GC3gPWG&KY|^4dyyIdn-2Sr+i+I9Wrx6DpbCS{
ztD5C9Bh9y|(EQI*2J}<|H>K!n1BR+8YUmVYEHmO)4JdUJ(wF?KNNt3D6!vY{0e1i=
z>@wJY0RAzaC)}y+(RdEDEW=ab*5jnzI?$SU#lf^`s0Tytz{%7hHjP-=XhGfLSa!p(
zs)<hAO@t+pfR}Dwz=_K=HG+0N^yos@u{t|_XBq>r94MC=DqeH}zg{>oaOV53i_{_A
zMQSYUd{{s1X4p(?jMs_v)eH*P8Ocfwj>YEqZ^RCPUsSwcW*OGS7L?9XC=^C=VYSi}
z*@C8Q^07=Nv}0wb9dg*Utw>!Bdp+zeuy?{<0m}uOD%{jjQzbWnKwDs+qtxwB6scEX
zzkoerN0Ay0dmb#qpM<sgfP6oD1gjs(uf-X*na3K%i5Gz2rcey%yv#)3*s9}ttotf?
z>2l_=$Z+g&nZ|K_rmV-Y=g<n+|0Sg~jvI>`A1qodD(Y>20%i5+lE>gWMm(f@#)TO;
zzFDu|ve%_I-#=wdQs8(A!-1OdcsMijY;|^ijY2;TvX5m#P@k!(hld1V-kFeOT)X7O
zTyQ-AZ*0KTl*mVxk0oRE?#?20=`-4n!t?8=i`2__p0K+}Ray32JpTe)0(;r>MXDW^
z@NZ(P{*Acb1mAy>f4uBkMuNPnz-}_uRTpS(7DH|Qj+cQm9<STL#m6g~lP<Eb?vWvX
zl{MsALHbr3OPAI6Pq4pbOe>;&Ero79`l=1e{qh&lKfVmvhrQpj%kiB5`yw?P_JUWx
znLXy;i2F@&{wMiY_*(o!jahnRlKTvF>n?b$NVQnD7SBq{GQ0>Dd{U=t&3Y(q)Pkhq
zHXU1O(aXZ#=9)E}S*X_P=9ONk9@6zGeIF0lsBU^4`YG&vu-&ka!afQ6EbQ&D4*gxp
zKnsmo>a5kPn;b?-UN9|T92znI$h6j<L6H?F6YI^mlc!zZUV@A1<1-wE3kYSlLm5)M
zVJIms=}b&}3bZf354ZKU^6FK4-r{Yq#~sb+zbu*?>TDshN^N`fDt~pO?T?Kqx~z7`
zY=iaiK$){dlCuO7IwCgZ8zEYP+-)>Mk2bh(i(?a)@@+h^*mi(D3~IDeK{iO&Ps|6B
znpfIBj1#sKLx=4|8LJ!xVTPiA+Hp8e=@3YS9heZ1P$Mi`LtR2CSO*R`(Iv%jz<Y7R
zVxTo}+5`}d?KTp5%lz3JXuc*<W5*XNZI9kYk)qkX260;#yt&t(E<-#QN11HY$S0A^
zR`0n%T+S2Yp|u5L$F{t<8r%-yt_@m5HExl{UGIUU*`!kO*>SvrV&Wq+f6kh;9I_sE
ze^8_zgMAD3SlAcea<^v!RtWoO5A;h|w|H|9o&x*o`$cLE>?yGSiUL3Ede~CfKSqjF
zGi-m@l)n_Id;Y3%t+Sp^ykijlG2-0^doFAitQ}|Tdqv9pNc-Qgo;HlnH3(xKPyJ2D
z`Kk3xjPoOeoesPBL(D;}@*n?6kva@EG2ZTvp{K&03d?ZAdeZGfK3>?f5@=Wi_e|Jv
zusN_%;C~(V5!j!=24T;Ey#wi`xl&WGM2+=g^)n*0R<p9kxe@sz;+Lu0SGvZw-=yE<
zHEC_Qv>bydbn-FA2;B#a(6`L%Emho(wlWAo4B*y6ELvDo7GCpccUqE|v^ev}5)v+2
zv~Oa=_4JS^Ypl2Nu&G%(wNkO{<$A^yYYZ2JvHQhiTkQ7qi6v5T9{G6D8?W%;Rmp5@
z=(yO+qbsvg_=RTKa@C5uW|!PhRc(vD?oc#5cJDke3wmn_$*8v38*eXGy-<5;HIk8t
zo)>J<H^^HP6PK)Q-PJB1Fv``Gyys2sZ$_16D%^6uxEwqC`f{XF>3gj^lvup~{{90F
z-1S0gELHg%sjBm(RQ2YI@vsjN*8Os-T8?o0m;T38HR+X9Ri6;Xc&(#VudsqCy~A!^
z&^zoWOM8c1Q{6jk**U$#(pU8ko9YsFOhBm?2hBeQ&CalL(CiG`0-Bv+cY<bT*nObc
z8MYEMJHzrpOS^-XM?s4-EC5=ZVV{5&XV|--#ToVo(Bceh0WHq34K88Vx`e&x6842l
z*m&^Xna3=bu++xh@s@)xef^3cbLFsSQ}$p3u<Kwq!CnV@2kZl|+hL!EeF^pr*mq&~
z!VZ2lRpr7Kz>b40gq;Oj3A+S#Icy_rJ8UQHCfI9WZ-TuGwj1_I*q316h5Z~>{XSJ?
zzz&AZh0TK<2U`d`3w9Cga@a=LcG!zyuY$b^_Ac0N*e79k!@dC<f&Cm-{UKFl!w!MX
zgB=H32s;aQ5$tkU{_61zz^;S66!tpUyI>!I<?m@ccf<Z3HUj%Ota=T&VTZsPu;XA0
zVQ0ZEf?W>V2-^;OG3-^aH^JTo+YS39>~7dMVBdxP0QM``jMu>j*j!lqS75nG2Y;l6
zKjO82|E<^md+YUks;UaRMa@3!zmJ6*m%m}@7cW@hHy-{b+&D^iNLAHP@v4IREmc*=
z-GGS`lqyQ8YG`T+wtA~t0<D0Zmr~W}_j*?mc0&qYw9?U3Mk-&>3NTpRnu@6(Zp?#I
z{S0njgHrdWV(|`patzy<TGQzBd)4k#*<w>YsWod>wly?YaVe13d?JpSTHDx&Ex5qA
zs;U{4<HxsnTdSba)Zk`mH8M?OpO{vs5h4D}v^o^cuV$rj@eRerZ)sYcT;^8?_cFMH
zff`jMPrs^8;}W=1-n2SyVK9oiAg!*g6?YHQy(taoyv?iWzKiabhFZGcO~Z}5SgHIZ
zt-)6lXjC)Pd5NYj*OGMH&REm3hVjm%8#fFR*`{>fCfHup>RpMsUyHgj?)SEPYt#?p
zej)1W^cdOdujxXzipsOTnsx92-Ow1nNar<+N`1wrMa04VT5&_9WUI2_#@42kXH7pY
zO9^Y$rTzTPb`Dqf^V?2!eLsJU7eDQX6{nhNzqbYi<9CbpOP$^-?s}4<ZWFhT^D}Yl
z^4}qDe+z}{PP%J@g6EfXqk@?BKDwK6DKy*<XtyN(HQg;MS}`Q4hv~-s?9A*Dx;0Am
zB;5fYMMb^dFHnOTst!Ox{{%M{F2&uyf3O)_twf`~(|>hL7>??{I>vz6{dJY6CdfS8
zF&T$DCgZ6pxgHbzQjZCKsYj%ZwTX0Ibh?mt(CLd#vsG1dO;vS`A1#oK*`{h%pcaMJ
z7ci4*M0+6JFR5Bzu%#9a3PTw;+pX|7uuEI*uUGFWOq{Tr*63@MIm9PePjA5WmDLTc
z>Qiy!dST#6OIhVz(?V%so5p3T7M|%T%|0*Y1PrfBL0sP44Jyt{0qLy)jTx}>;jh)G
z)Y=q(aD|or#+0_|TI~EY{ZGZ+jEX^<NoiZLYGo~|LaBRG+G-k6Szc7v!zpd3Djk1Y
z3Xs70bV{3u>@z8C&6rJKT7|U*V0<>EO=PnTxSvaDi-rF#rHywct5;Im0={5PeIqzk
zkuuX8nCq(zHhO1aLfGgnMxxyq!~SbyJkY)D_%Y~N5mwTt9SolRe_=siGna3@{?U^(
zkxCVSmN{h$=9QJ7c!C{9S^IzKmu?j{MHzS@)4k+JB*sx=c=Ky4gsq>=AuTEC7<4Mt
zRtR;yG#AWcR$#dOKgC@Ekd#N2{#VhghQ#qg6qVDt9G++qGKAd)4Hd^oPNF0k6Os@`
z|5<it*$KnWWOp`fyr`pc1}~V*ot&Z)Yf_>i7c93Tp6H=YPE=IXu|lp;u^dml;|!8D
zQeM2Ex$pJs*MIlCUBoNRO%?3?-~amS*RNl{?!W(k{%1d=#nZb)7eS+F5ly%_d=>uv
z?nyl3*=3S+FEUfT6{9dhM3j-z@I>)wc@rUNhu{mI!sHKW%G&neTg@IZ0>6#Y=ka+)
zt^<;t<0Bh^P@2nx=MDh10Qn@zAPr_B^B{mmfILJp_!#?`Z$HBS*|~nHM}f2hqzjhJ
zztERC4@f&e(m>L9u$XI)2PkSsc$PAXsF$bfix?}DjWHfD0=>22z((Y+MqN@WGBPkL
zv9k<LMHk{Ig@1;bfap~?syQSc7{r5J2nP-!nZL$S1`SV2T@Pdmv<b3~5XdHVRe(T1
zG^E867MqiS%-eCE^hrwHg`?WDedfD?WX|@H-9T~<F%OV{H8tCp`5a{O@C4Q{E|$me
z;Q#t&Q2SRQ(@13O0=N#}pi<P+m~|nOaiwH5aqpndx_*b@Mr}_%dNe&FI8Tx?no{^~
z+TKNd8GaUxCd1PBM%VtA(n{U`$cVcVAdfhg1UwjZM?s#0XBumCR%8jMfM=iu_XTGY
zk0-JYA+b}C$vcGoa3ab%gk;Ww;ZpGMt_a>sKy*Ht5@}=;WIm9lMV{tj6l+LUy$Xi;
zfGI2giB;3kfas<h7h+Y{imt2_cYnpIZP=2ndbK+zU&N|!1z_VCZbu-McVJUo0YI0=
zg40{I56V`YeZ*olhftklv8k8)_92U<7W&9#Bx8}pVq7~}qx;XW>XHVSzki6uoQ7TL
zfP)UiVwt}Zi>=TyHuBR24_nM89PhB$)o6w5LBsM^Ad{FdjBmi6(|vA&O#4~RGb{bL
ze+&CO+aY*p(UeP&p+N&ox>9tw2|O)_(4&`&FtqDIU%ZE8u#;!>F&ys)(sZQ=+76`l
zYLSVDd9B<CWOhO(ofR1>H3?)Ykoh8zMj-QTAkEissic?LKGe(e(96FgGWXHFOyf8F
z$hdGV?W%W&5=k%DTrWSNdPBy=dr_Es`PRbNNV%hrdAzq)*|sYdt{EHCQ5|86?3}ce
zOHoUwFgP(JypOar14a}+Z3IY*Crnej_;U>-mm|PAUM>7pT1qj9TWX$kRUv@JX%myd
z>Ad$5$kg80*-|b=t@s)GB8)+Q?3UJDOV6FLrT4j(j#rB%)uquXv|{o`+lpzdO2pkT
zXYNhXQbL{wWa`a6@|QreYklM*Dit8F2GT_EW#1s4D}hw<K5_$)R=<x70!a<{$jw07
z0rD;&d8d!e=G-poi)*m*pxBapbYDEIS})@(@w#copq<SrVnYekHFIBl7U%7}Gqzs&
zTom02f)oOrv5(RQW7)3xS%&I*K1$3_8ijAtt`yGvzR{F9gV8kU+I3b?4;{#8>V{dk
zUFM18Mb-Xwfur3GU9wV_VR-;ZE<nBlBp)E(22u%-?*pj?$O#}6PUz3mqxjZaV{EoX
z%~$xy2(FWwi+qGu;%Vq?>_er-s^zh$hD!>^Q>9(C+RcKH(!asUHugQ7Ol5t!TFzoE
z?vPPh#We!tVjyX(`&ou~W})VWLr^=+RVw7iMFxmj?BORLUa50Ys_hWSRQd<1Q5q9-
z!u%r0WY)9)Ot+4r+FuHpoX8LmT?C{OAeR7X&X!r2WN0Nk86dBRO#U2S=1o8{!~Qtk
zK+F~)EiqFAX$8o8faHo+XCw0gASv9_N}|LrAk6^T10)^P-UJc_$Tx{6KpqB?bx4fe
zwQ5`)%Q%Fp|1o4T*d0r1KLMl}Ag6%f2XjV-+jagk&^v*B{sKrVKrRB34N6@KBp)DG
z0jUQ_0Z1C2ndtL2AT5h<?e7QD#12^^vlGZvQ2T=<Q}K2FA&>?<JSp`nAX#{Lf}H(K
zwCkNd@?s$AclpR-Ah`g!3`jmet_D&GkhcJ-1xN`<JwW~jNFzYD0+|eu4+Cii$h|;X
z0rEK@?Ev{Ykf{LqK9Kyo{dWBaknDQ}!9MS3j7`<_?ShcE{F+Jy$kWb(&H*wTNIO90
z0;y~f9>a_s)0RVsc|K(FcZduj7Xg_JkXHj~2gp@GQd|8}Hv(w}$RLo$oxaRCklNq-
z$Q?kk|KKAHASo=H65rSZr1g(J@^vcpK_7VtNG=#(Z6M8$vJ89guL-%^FZGOW_}D!@
zavqTO$Nf?-CuFBDb19JgCw!S}f#g2v%M4Me0I33LVUd)y>z%}Nzt8g_AdLX|G>}P)
z&@6%$0LkqZ9-3hagNritV7B@mWHO%;87lQ-Ae8_)0i^bTFY_eH?D6%P^DOXSF_GxJ
z07xZ3E(J0fAg>3~2=uugNPVBrTqK#Z{it3g<coe?cL7O#$wzhq$p^@nsnnN!nI8a2
z|ErJu3`p+lKJo;R$pb!e4%Th00GS6Q^-Y#x|G~rYQT<zfsmrO9MOY>WWa^+_>dinZ
z-}Xyw0FwW%k8A?c_=%6)4kZ0wKJo!Ve(odp0?7o(7lBL$z5E>@?ZAJ20HpO{pXU)E
z&5!uVlR&a|?6B9(IUClv%a@rCB>R3rV)LVl!p)Q01tG6n3Yq#HKC%)>>oY!bBan39
zha*5zO<(4ALhkU99Y8Vx@+ly#_xUnk29getZvbg;@nwDtWGb-Oqd>BoeVJ20>NOuZ
zcQ(e(MjyEVNGd=s1QG?vD}hXv{8Fz2(hBCm>wsi~8TKY1wZN*IfYiU~^V|+3`l*k6
z5J+m+NA96gyM5$-AkDw^k$(X)RrZl@0m<6goIT-(KxzSU0tkMtA0<)ZNg$Jf4WDxk
zWWM9eyckG27zGP~Os)52E&<XCkk<og1RA~>NG)J45l?`;9Y`}kwgSl=^y~U4$pm%X
z52O(wp9fM4kOM$6fj)<U;OEbtHI4$I)q7%}6F{b19Fwc9jA6z)yK4c;FQm1f`{=8!
zIbHa5qdQMu<SH_`+RAcJ@}y+%qPf7X=exRxaDBpEYvn|r{Le{el3P@yo#gpTtLRrO
z-4djCFAf8wr;R!Tr0)Qttwrp0rDmQ`%=;AcQN`Rk1Li%7`EkXZhOI-Lx4^W&Pv^~w
z`G8`kU8s=xq|&*f?0i%)FTnaQ;OWUJohe3#I@c8QZpA#Mbe^l2@%xSr=DK1&sF+hq
z=VgkyrI;Ivd5dB`sB}K5>`a3rw8o@jKCGDMDV<j+osTQ#refZ!m`^F4=PTxIin*nj
z8;bd;VxFy-S1RVVV&18kk16JqVqUG7rxf#6#oSWNkE<S>t(c=nIwR6;in*znk16KE
zY7C|nb6YXbSH7`IS)*Hx!L(v-D&|>=nW8@$l0@3R-O3sn#e76Drxo)`#e7OJXBG24
z#T+T-1&X<$m~)ExkYb*zn6rxcsAA45=KYGfTQO%8^IpYVQOpMv^K8Z3qnP(A=9*%z
zE9OJWpHC@&o~xMain*nj=O~?*E1i!h=7wV4u9%M~ooO#J^yiFXo>a_}iut5so~M}c
zn?9+_t~Z*Bd7ENBte7LkoL0;&#k@-~A6LwC6mwoNw-s|uG4EH*$CYm!Q?YJJG4D{!
zZN*G`?*P4sv|Q;N9q)|K#}xBI<#nqS^SraAE<C5Zu7FyfXPKXgXBg@E5<H3G5LvIL
zr1q{0Ng(*h`kBT%Eq15dwU+gBMfQ<s@jK1undf3XZ|X`<`wW%n!!lIY8nB>ayw4v?
zAE~P$ZFg(+70!ls_1?R+)6PA6V2ZF$*CxGV$Ihf;KCGD2APIPSRw_T7)9qwrR4V3%
zVm_vHru$7nU45mq9AcSUiut%=?om3gRm>}u&TYk<SIoPV&Uo;!L+3rp&QprHXLd)a
z-rJPUJC)A!)p(D7(K#w<M<cLd?+V3SQp^*|8Y#s*rI?o~=DcEFt(en_d6}|CO)>9M
z%o$~kjAAY+o%g67#82Kri}f8+J(yL@bCu3{rSlf0b4ytxr<hkN=DK3utC;i38hOQB
zQP$Y2tkG81IHIgkQOu7k=B(0rSm|6+)~G4ww6eyqVy-LZV~V-1n3pT&&5C)qVqUK7
z+)&Khl{MPR&fSW6jf!=Xig|_7d8^WSk78b}bZ#o<JxXV~LkaR^RnRkEF*lUXEyaAB
zV&1Qqk1Ma6qnO)@IjfkrC}w)HDriODD&@~pig{2m?^ew8v(J#ZshFb^o$-06Vm_{z
z=O{Z*C~Kq?^Q2;aTrsB=^LE9YR?M`sAGEZ$u9){KYYZ!EXy(0&nJNnE>RF(4-mP@b
zD4n+|=0i$ndTuGGt8ckt&MM|vY7DMYI#-p>+f+o#DdwX}=Y@)SwPMaF=DcFADdq#p
z8dJ&|^OQ9zig|}(KB|~!E1mO-xhBkAa2vBXoh+&UXe(;F*S$u1(ELszycCcX^>(rR
z%rZSqY1hm$eZvxayI`n}kF4<P(ssAP?-mUO>CK5gg7i#C?Sk|*lqWP4^AXiw^A+<d
z#XL_jPYUx>&|hoC8Z+CucZalMW|^M-(yp0h`siLYsBmRBbAL6T!nWtnpzVz_X#0UP
zXnW1I9hd(dAMw?ev|YSz>1@$Zklxjzk03p_N$rC4?N%PuR?G_(b5$|#P|UNX74BKb
zDaE{7je?UZYRyy3brrRuM?2^DLyCEx(s_kq?pD@FDdxIjKCE=cVy$CFTd8zT3-ePj
za!b;KGmp65-D01aWqJ-tyJnW@+b#XxmFn=_<f+%pQ`q+5Gidv+GiZD34BEcq4BDQ3
z3fn$-25sMY25moh25sMZ25rwt+a>-i&4`AA^iGIAg7h?`c0u~)N?k6t<P~#DF|Sd~
zHO0JFMSzN8-lZbIl!^dz74v2l0cwhQfzr96bl$F*k)}eTjoqEAE9QMl=UIw*p<>>v
zbZ#i-`AX-KV&0~hPbxc4D(1~f=Yz`5C)H|sfzr7t%uhk2t%x;dj*z{RVxO61dJc=l
zW|ryOC;i@anstJ-UB=GRd7_~py@R5UAU#{9c0u}%sQzjz=14KGRLm8{yhSljDduC!
z6Ecc<jbdJ|nCa)Q;qx|gl+J4v^Jc}oUooc?^GT)ia>YETnDdG`t(dnc=9U^4kE?N!
zQR5<`n3pT&&5C)qV$P}^hOA<4E9M2t8aZW+`N|qO#k@^1A5l8bQp`DJjl5!RDdxFK
z=d5Cml+G2!oK;@8MKMn*=9Mzu-K<wr%m<aua}@J(#eC9PgO+UPor~uf4fE;mzOf8l
zqvbHD@Y7}Q^MBhbfay9ua=p|3W#`D9P%Uk$em|ys^>O8^Q;K<&V&0~h_bKM8V#X_7
zI-<>L#k@l??^n!q#hg;iYZP-sF&|LOI}~$TF&|LODdkbilt&$P9wj}PQOx@l^K8Z3
zqnHmV=B#3FD&}s*oKejC6?0B8uT{)Dm7NbNJMU6<&MW4eV&1Npn~J&Sm}%g=0wb51
zrysc_a|w-ZQ#)i_Bysw5T@M+U#{2vsW4U&kJNx1ZP1W{c)%Ho%c6yB;IuW|ry}`Z%
zLEEoKyIRt&a5K@gMQUdmidw`Le*Rc3CD!%Or+o(cu*{!cp9$zQbq4yd%%5JL_d%cN
zR}>+q_f_dHmig1_BXy;WKB!B4Y-v?_=04?_N0nzDb)G5A>4e$7G9&{Y6r{TBdwbm2
zakV4GU+D9_%MxbZMeoUX>eII%(b>N9VJ>9&SG_~#9W>;h@)@=-olAIzs>4VF5=CBJ
z_PR17t(b0nb+&6dna-9@C&TT!cmWhN<GpJRzI8+-mg(&gYnZDfX%YXmQKDz9*k?K!
zYo8lWV;||kr?BlkgQwHkwte~UZ~M|&;y+#Z(((C!XxGK0LJ-4yYtmBj`JP>!qv>Mm
z|FF~^90o|wk<QtC$@0!pOL7VsRLF!vwko8d5d5Ss)Mv>7g&a``me?JoW??)8?OHNd
zAqy3fRmf_E3@hX|h13<YQz3g5a!?^{g`8AKcV{mznWvD9LRKhbjY3KasdXYf`#Qa)
zcUz}NEnU@ljn=cK(^q>lG6uzammXK8hC563R1`Ad5V%D25zLITCj-^-xev(WRtE2>
z#4n8L1*g0-NvpV+UOP&!8#Oy8gwW@oQL23>$4*8b1~T8al#!nR*%}~^0eRq!eC5J2
zNU|C2b+r@oIY8uj36^;gklP#&{SJBn@BYj?ePa9K(v)0R5>2!arRW24tMjE6Ay#I-
z638+;?=Z3!$UavWl`jI}r~8aG_+_yXKM^F>s6s|o%jR95cwuTa;$19Ligd=SQTZ;g
zlzJ~p9d~unug2+Bn*7TSQwpz%rRvg;+La8c6KzAOIo3B==X-!m1vdON5Pq^q>iPnZ
zovtq8`38{1=3OX}wZ>r}{QDg#_3uFLxy<jc6F}&LL1#<-7D)aPU&FIf@C|$A%Nkw)
zq;Wp~UYL;!fqd!Dg(tSJ4$THU%ONAb<l<6S0Qome-ZWz~as!Z4u3g4gagO&}q!k6o
z&<h8j#5)PO)H?`?(jKxM2zg2(vj<4Uyv;^ReZ`a#or&RLAaY&F%s&Tm#OXsaPpDGo
zJQwO5_j#TVgg%K?Uq&)PFZTkWy(X%M>v|24Qczb8$jJa10FpH;b15|nq!sYI1Bk>8
zX1)u^`k?K10~t;Fi(fk&O`2Autv>fbMj{gPd>%+6(C4c_+5vJ1h^%0F?9hvVTaS`8
zg!vd`WChF2zok;<nJ$r`H=wNzn4bqkcGbAl1wba9AIAJ5=qTmtk{2^)9YVcwA@Kx#
z@hTwnNn*=NAcuo7s3XaBkf{b54gd+G=zD?G1DOv13BC7zLLL)uF|8QG?_sCJVlm!U
zT|@$vs=Z$3wtp6-@`F-}wBHXTZGY*{GT#N#boL>c9|ECI;+ekyBEOeGf7zE6^Y0y`
zFMbD^l|gJd=RCXu(6tNi_byiP+BE(x1C=uGRz^Mi+=W5xtA+X3dBQvoJgq>(mjS8$
zT-r{$E(SuMMCaE4kvk*Y(kp@dXAnv9KvrGoml^@mljt1Nd&pzMoJ5J+Ad_}7baD$2
z`mjuFUnJfPM#|lg*%6fbCm_3=|Ii#ag7=5l0uSE{nO|P!Yxs4l%XwzZFM^J0E{et=
zqF1r!9`j2*j8gKOHMYjjh$qT=(eES>`F$?SL|7_6&Ag`ze@Q%g4v_s$XF^^CB%Rc5
zUo_3Xf|MS7DP$6Vj`^kV5kH?PGM7MRR$!mk1Ci%9xb_=>Gy|ENfY3faorgzZ_N13_
zXWUqh?MvCyC&(I7*EmXT4_dJWNIJ0Chk&$#x;_D<9r)n`KvJ&lWQ~1<{K~KE+f?dK
zfBt#|$bScs_J4pJ3+n1VAKn`<pATfp)owZ&^)-{0(zPdEeV=wQf%LfmrJ{i6A|MN#
z&%<Ko?c2G)K9@j7_7m9hD+viSydKEyK`RO*W7^LBfxLA<mItNY4W#)(e^qcN5ZO)T
zx;_qsK0KCVo2Gz&FGD?u=!cYW)uD{jIgZU6@cY9V_A}r)8r1$EkPkbZ`91Hjv*V#!
zTaf7qBIFN%%yT1-WKIB?3;$uSBjgDn^~4V`mg)8MIoCTRa~9q%OrIo1y#UDLfrc*w
zvfCjP6U?jggFfwpjNG|qi@g?z{MMC`Yk|m}2u9ulWR+tkJvIP|f@re|h+J`Ssk?xL
zeflvVy8@n10jW42<LnWL&w*9<LT0ZkMY&ulZ9>zGI2o1uAyW@V<wHQ)frdW@^3f~B
zhH*T!u{>Ca<o92!^COU{xw@#Or+|FnGATt!XnC?Tr5tDk{q=0T=eH5)^8z4MH+G0;
z0T8*e<JvC)5(TwiK?sA!W3Xlck_%*R0<zWB72Ex>=z0D~nIIlilFUSR0Qrbpp-~;%
zfm9qbMz=9^Ht?T&A+y`nMWsFi<Wzt>2xK_n;aBuWIoHcnss$Mo^7Q!`kOjd=c?`%=
z*I!hs3pe&sLA%ZavLLAoSEDBNhV!4;CIZL=wO@cz{C)uOpA3+f3`#E}eMo_lOXLIp
zSq_;@5a-_jWJ}QYw*Wbi=!2!zpj`vlh-4FMOgV2M|Dh}uS*J6#bOU%&LG9x}WEYgZ
z<t`xUz+xYx+U=cL#5ztm5=}Yg*rxJmxzz=dNbqP1>bj5Wa?v=p$x`x;hcx^gWaRmI
z*5_+L8iAd^2ju&2bXKL7B2Pyv;Gs95r(K`ojpBuM<Lje&uqv^l6*jd<CD8B@lsXVt
z{x?AO1jsXAKzgP;9}6Q1oqdUs5e*4hOh{rM=uC-2+D>PzKui)D{%xT6&m|~@5bo7=
z1(3Y+1Y*7c$PuSu%&91%O0X6kgv>-xY81%o0I30yJAKv@fYkAoEk<>H6v(8ji;(+(
zymZiS>F0nv<YqLI`5KUn>kC320x}yswlB<!IEy38f;sM|kl7s6^%#)tfzD3?S?G}1
zrdO#4eR|Fdu?7lw<^!QmGV3h{ax{>6HIVJj$4L4OK=vnf*)&F(AdcM#nP$NAHXw3u
zovr$JK(c`~wgE{wW~%ExAnkzXvp{AA*D?<R>2~8ZwwZ!*LEFCvnM;FGKLWBWsOuL%
z$P!5mf5wZDpXg1#eVz-1K8ef)Kq^5iGC<}yW{N))fNCxxQTa<DBX1UBYvh2W+$x1+
z-U>wSj9{GF6f^uj5E>UTCsv9k1LiT5qL01a;bcfr%8f5NcUK@o$h|<Y(51=I_+k`&
z8ORpb3X=IQki!n4c2T;Ztg~}$ljG#wh@&}f5G5O~c3Sh(qPFgIM&bmM=B5=ywx6J`
zR?zQ{0y*SrCw)!<*&HCxo)<+c9D=u~nN(LTry-S^2bue>ls=7Z(wn-|nPgr8nYvrg
z6Y@$RQwg)p%v1|}{tC!soeY(_0mzyF83Hm9v}*#0{EDAFVGEFhL8<LP!t0bT0FgUB
z@B~iR6V(G7wji@3sH+WR*o_p@@C1;W^WNB|R7wT2@Dq@cw|ujP-B{PqCy5(#fm8x(
zTmWRHYej66c~zVzQ27jG>h6jowmHKxL4REWnP$+g*8w@^+I1a{;v0%1S0Z29Yp+>-
zEhR@nMk|v)%|AxMBdkYx^%k2%D8@UHgbO}7GLFd{4n00lEtW^daIxAySS*){c++f%
z%X`NIn1%xKVAFyC8*z9;ba)oYWM?{sOC_YVD)$eXtQp1iG38^%z^2PZ$`2NtGYijn
ztpAomDD5LGGg2lV+t#r{KjM#N9x$F8Gr2ve_Cs~7>|)OQORb6Gb>qbnYlS_f@lh<R
zs>V(@8s;<Oq&wvsFBRB=X1O1a4VO2Wnqdc=rz29vDldniK^9u{c%grUddoO)JZus~
zp?1?F>yVAQTC5_64HC@3QYKpiOhUb~sW@02CS3{x8?eoS2Czu~s7YUAkC02aYPxf<
z*k3BIXK^ZTYp^W#ELDnz7uF-;9Re4)2XP1`P~}JgPC<*!<ixGj!WaiQV?2`Ko`X@|
z=5%J5l{1+VkO6FcAx8hMrv}&)$U;Ys7sXZ;vX-%*JvJ})cW1@TBCM70dRsCgY$k2w
zBihlk5G&57rN;j8YI)OWKP=B0u%$pU+P?|u+R=07+t_gbV0jZYYZONBFI9&7<p5cr
zZHJf~XEDYXb)?l|qj^)hd9^pPK@1^BAa=fB$!Zxgc;B}V8o(qqGv5a2WUR$7qM;Vb
za>{A?ifqU9GH?5p-mDF<iVWCeCCbZ&13O8XZxvb`n^HW|6UT;gkK&Yhv$Xkcaw^7V
zH3pS86h?T!7ywBd%P_b3Zj5KYlY1ChvFXj@WxP$+1qa+ua^I<c<9_xN^PO@yno(n&
zhYenZ)Ad)7$uVIumlKYMH8cSvu_(7Z9)Y_fuRFCk9xl^hrn`o=QJ~~dgOfve8)1oZ
zQBt#TOrfAMTDYZH9v`D_BR;MO6Fe>eZRZJSJdJC&P^Db)I@qc+SR8a9vQr}>l}F-2
zdB~P2jEqq(%cK<p8-#6qY}msSZN`|UTDE6JAxf1v9VAiOw1pZ;V-ve_+&BVoyDvFF
z!aMJX2CR3;;mk0>@k1s891|UcOnd>x_0U=WxKx<HF%&Js9ogn4;inBOW@!rn3=YV^
zf#`aZznlA@j2eew)c7Y%JVO4)@y)zimc0nk7O`QX0w%ghMMfrjI8dgMV$LwH`Dz9h
zf&(_s_#8rb6|*j!<kpSr918W|T^%5or6imEqi`p~XOCjaZfYSro<!PAF-EpfDsC)}
zz!hWcxs6?H#cwJjR41)4hprJ}5u{X|h6s69JK@63N|GQBlhRPrHG|{0h0MkIEKS>H
zvMY!o8DCGGMZ?YE2C<C=XN*jZ=+>eB@e<9c0LUBJE_7t_zj6p-%k`HA;#>Ml<FFf@
z$Ce$Ai(|!g#Zs|~t`iD`LQFPz?Gt&7rM2}~)J(&C$%NdFOu7ihGB_%Ob!|;U<E0Ym
zun5*SXGupPBY+j8YRIkOQWSAeKb(v}tdUGG!Q5RPrYV-r*;D29w2E*NwrQpoa|vMx
zh?U2%-}WMsY*ICpje*$^MtIG`hh~ky-2~S}JS1~C1KXvLS#WIXAH`@gr}?Wvxx5*4
zrrY7cV`6t&e)xv8=S(>=&uF<U<IZ6;0^DLstmQ0aYB$4C+;9S;VW1i(e(8W@z+!k?
zA#XUCQ8ZK@-6%|M4Bd)mCi;wGRLY77)---3wlr%C)0gNIJcq&^VV1ko^dmJHDNBn3
z;&aZ_Xs3w~roCL;BOJm`8dDR4?ql|E_IESLO6BqfT5WKM<bY4>F+qk($)sU14rHc)
zHLv*&_c9xFOobsp*AGHtwkc&&vR3399KLI@R~dVvAutoI{>&jwjV#IESY7%~DqBKR
ze_Y*!iO39YKBo7w`Nv{F+hWp^CvXNRz>{Tc#S~A-_THg!V51c+C+LfJk`KM=O*&+5
z1aV32ro1IjoQ41@YYAzba_n-|*##Es8ce%%alwJZaa&<>m7t$7Ia>dt3M86Htl&h|
zl$RPo-KMQJS*p>LjpdQ-GOSI@ab>J9jz6OXy2TO4l|pgJvc7l}6HRerfnnSMMN2FL
z)<Kkqa7iaXF_3Gt5)?86fYd;OZo1{msg&&@Z^&TYx#qg7R$p=D<#F!X%dcB;b$rd`
ztFC@+yy}W;S7Srl%5v;unj|wa?yQV2UJ^t0s>`nxQQlFv<uHn9o8BHJIhawaZ<%%Q
zkC-0ig^rX`nCgvJtiJl14mE5=KF`QTh<f?QZB=$J#~$&nggt;x^dMX8x5L;+l5bP9
zF76|HnRLeJEt_81oQPwSrWv(XOJ-Hd`np`k=4pWGvy$`B<`o;6&Z{G)c1VS0y1|6T
z?r1xY^C?3JqdG1Rk);sw$)|9AMFtB`Ab=D`ae+=}Hum3C#&ys5x-ndaAVcUah0!rw
z<e775>f)qkbPJj@QS$o1n8szbHd(B#A<cT*q>-lXq;f^C9OCbWu`1Ti?i>ww=TUaM
zD;^)CO$3vh+S0;JO=fR*NFHHCFeL_A(rq+|aZ!qDV8QC}$cDrnVc{PC2zlad*Evyp
zY}!akyg_5Wb7aKmdtFD$=xmR>vNRXJ7^!1st(4>xcY2$<vi69cm9)W}7w}vU-!hA1
zJfiNI&ZuCM(c9kVn-j3*%!Bpvt5$gCHCgHtrx-5uSA1uY?B&L#Uzs?7x7A@{<Or_D
z$hh3Ul};s-tlfraX+p$$%Oj#@Bgt%-AaF_s@q{(-3|gBZhS9DJ#(=j4MMDOC7(^R;
zpDVF4DT@U<{2iHHeMdJ&HO-bzw)b~P^To?LHMb8QT4FjfS<C5|woTR{@4c}$ja$(O
zV@dIttzYvPqb)yHFk5?A%HWa-Qw<MZqn+K77XA3Hp4Gt51uuS2myB#@`k$^^&DFab
zB)rmK378mB5O%d&Xt=(`W|t&PmuQU5tpa92TvwgO(P#{#slA;hv(KqoAF(4AdvQp(
zZr1ZC<|VW@W_Kgf1pmMd?EO<y)x};_uhr9neasj9G>!rmXA53OSU(;Jh3w-<rYcNl
z5{AtHFqh11!XWiL$8uRg@UkREW1$3(m4VK&BD73qAK`^Kk9N#T<hte{=@x!Yq7Olb
z&mcC^Eo4yRL1K6kUH4%kwK>t_WoGih(vNm*VOwn~`|K0CexQV>PYQIg%+!7;j0enx
z9&tb~JZVfjtmtzX#~1Ts9>x&n5g7@l8Fmlflw9nE2A=sB2fCU9_A#s&m#DN6ZB{Wx
zOmw7XQ<GU^`^*m%qs!fJJPnN_s0G@fEZdF?o5#y6k-asZ*q9!%LoGaSP8Ub`mM)oO
zu@^jPp~%-y2w!H)fa`Kg`_O|>8sUNs>ipE7U<2zL3)vf6@z{vDX2%fb8m613_>6rl
z0)iB&Z0}98w6c#&(ft9eC+w__QI3Esj%&sP+6Vt*Zu_`^J>r`t5Vs2yGv)Zp5FQtF
zS!LIFo2upUf#DL(y2;|itq{;*m?~Xe=E>rui|EOz<cRx=y^iJ&8ZopbUBq^>Ssa*C
z_JJbPZHQjt9%v=j3DQalSm;bU3(1y(8=v+@v(#@l#-y*!qjF*sUWt2Q)vOwW5M^&j
zkycQ{A7AznTFXUGna;4T<f@ZkL09{96(brt@A78^`+aB}%TT}8WF-rYFl_yEp5O7{
z;MvfhXNSgNT3d$pgR$dI_eI8Nwv@?-FA!O4ab&(E8{&;edNM?2xdN{5Xf&FjP%5t5
zfElV#T5@rWI{<d7PrS$1gqHzYLy0ay)D%<Q;sye%H{6eHonU=R$|o}~KU!<M$Ug1h
z`K1JDiWHc|tjpPZ6S8*Xn!I(9@mBjdj7LV#r+DjJ@mMbI4JHm1$yLkmUo!?~MF`*t
zgvV2|RHO*vrUpCZ!9H~Ri!2nIM5NGA2D)|gPLrC+3loaz@e(eZBiwIOR_3k1{{=--
B3+n&?

literal 0
HcmV?d00001

diff --git a/config/scripts/config/menu.c b/config/scripts/config/menu.c
new file mode 100644
index 0000000000..0c13156f33
--- /dev/null
+++ b/config/scripts/config/menu.c
@@ -0,0 +1,390 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+struct menu rootmenu;
+static struct menu **last_entry_ptr;
+
+struct file *file_list;
+struct file *current_file;
+
+static void menu_warn(struct menu *menu, const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	fprintf(stderr, "%s:%d:warning: ", menu->file->name, menu->lineno);
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+static void prop_warn(struct property *prop, const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	fprintf(stderr, "%s:%d:warning: ", prop->file->name, prop->lineno);
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+void menu_init(void)
+{
+	current_entry = current_menu = &rootmenu;
+	last_entry_ptr = &rootmenu.list;
+}
+
+void menu_add_entry(struct symbol *sym)
+{
+	struct menu *menu;
+
+	menu = malloc(sizeof(*menu));
+	memset(menu, 0, sizeof(*menu));
+	menu->sym = sym;
+	menu->parent = current_menu;
+	menu->file = current_file;
+	menu->lineno = zconf_lineno();
+
+	*last_entry_ptr = menu;
+	last_entry_ptr = &menu->next;
+	current_entry = menu;
+}
+
+void menu_end_entry(void)
+{
+}
+
+void menu_add_menu(void)
+{
+	current_menu = current_entry;
+	last_entry_ptr = &current_entry->list;
+}
+
+void menu_end_menu(void)
+{
+	last_entry_ptr = &current_menu->next;
+	current_menu = current_menu->parent;
+}
+
+struct expr *menu_check_dep(struct expr *e)
+{
+	if (!e)
+		return e;
+
+	switch (e->type) {
+	case E_NOT:
+		e->left.expr = menu_check_dep(e->left.expr);
+		break;
+	case E_OR:
+	case E_AND:
+		e->left.expr = menu_check_dep(e->left.expr);
+		e->right.expr = menu_check_dep(e->right.expr);
+		break;
+	case E_SYMBOL:
+		/* change 'm' into 'm' && MODULES */
+		if (e->left.sym == &symbol_mod)
+			return expr_alloc_and(e, expr_alloc_symbol(modules_sym));
+		break;
+	default:
+		break;
+	}
+	return e;
+}
+
+void menu_add_dep(struct expr *dep)
+{
+	current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
+}
+
+void menu_set_type(int type)
+{
+	struct symbol *sym = current_entry->sym;
+
+	if (sym->type == type)
+		return;
+	if (sym->type == S_UNKNOWN) {
+		sym->type = type;
+		return;
+	}
+	menu_warn(current_entry, "type of '%s' redefined from '%s' to '%s'\n",
+	    sym->name ? sym->name : "<choice>",
+	    sym_type_name(sym->type), sym_type_name(type));
+}
+
+struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep)
+{
+	struct property *prop = prop_alloc(type, current_entry->sym);
+
+	prop->menu = current_entry;
+	prop->text = prompt;
+	prop->expr = expr;
+	prop->visible.expr = menu_check_dep(dep);
+
+	if (prompt) {
+		if (current_entry->prompt)
+			menu_warn(current_entry, "prompt redefined\n");
+		current_entry->prompt = prop;
+	}
+
+	return prop;
+}
+
+void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep)
+{
+	menu_add_prop(type, prompt, NULL, dep);
+}
+
+void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep)
+{
+	menu_add_prop(type, NULL, expr, dep);
+}
+
+void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep)
+{
+	menu_add_prop(type, NULL, expr_alloc_symbol(sym), dep);
+}
+
+void sym_check_prop(struct symbol *sym)
+{
+	struct property *prop;
+	struct symbol *sym2;
+	for (prop = sym->prop; prop; prop = prop->next) {
+		switch (prop->type) {
+		case P_DEFAULT:
+			if ((sym->type == S_STRING || sym->type == S_INT || sym->type == S_HEX) &&
+			    prop->expr->type != E_SYMBOL)
+				prop_warn(prop,
+				    "default for config symbol '%'"
+				    " must be a single symbol", sym->name);
+			break;
+		case P_SELECT:
+			sym2 = prop_get_symbol(prop);
+			if (sym->type != S_BOOLEAN && sym->type != S_TRISTATE)
+				prop_warn(prop,
+				    "config symbol '%s' uses select, but is "
+				    "not boolean or tristate", sym->name);
+			else if (sym2->type == S_UNKNOWN)
+				prop_warn(prop,
+				    "'select' used by config symbol '%s' "
+				    "refer to undefined symbol '%s'",
+				    sym->name, sym2->name);
+			else if (sym2->type != S_BOOLEAN && sym2->type != S_TRISTATE)
+				prop_warn(prop,
+				    "'%s' has wrong type. 'select' only "
+				    "accept arguments of boolean and "
+				    "tristate type", sym2->name);
+			break;
+		case P_RANGE:
+			if (sym->type != S_INT && sym->type != S_HEX)
+				prop_warn(prop, "range is only allowed "
+				                "for int or hex symbols");
+			if (!sym_string_valid(sym, prop->expr->left.sym->name) ||
+			    !sym_string_valid(sym, prop->expr->right.sym->name))
+				prop_warn(prop, "range is invalid");
+			break;
+		default:
+			;
+		}
+	}
+}
+
+void menu_finalize(struct menu *parent)
+{
+	struct menu *menu, *last_menu;
+	struct symbol *sym;
+	struct property *prop;
+	struct expr *parentdep, *basedep, *dep, *dep2, **ep;
+
+	sym = parent->sym;
+	if (parent->list) {
+		if (sym && sym_is_choice(sym)) {
+			/* find the first choice value and find out choice type */
+			for (menu = parent->list; menu; menu = menu->next) {
+				if (menu->sym) {
+					current_entry = parent;
+					menu_set_type(menu->sym->type);
+					current_entry = menu;
+					menu_set_type(sym->type);
+					break;
+				}
+			}
+			parentdep = expr_alloc_symbol(sym);
+		} else if (parent->prompt)
+			parentdep = parent->prompt->visible.expr;
+		else
+			parentdep = parent->dep;
+
+		for (menu = parent->list; menu; menu = menu->next) {
+			basedep = expr_transform(menu->dep);
+			basedep = expr_alloc_and(expr_copy(parentdep), basedep);
+			basedep = expr_eliminate_dups(basedep);
+			menu->dep = basedep;
+			if (menu->sym)
+				prop = menu->sym->prop;
+			else
+				prop = menu->prompt;
+			for (; prop; prop = prop->next) {
+				if (prop->menu != menu)
+					continue;
+				dep = expr_transform(prop->visible.expr);
+				dep = expr_alloc_and(expr_copy(basedep), dep);
+				dep = expr_eliminate_dups(dep);
+				if (menu->sym && menu->sym->type != S_TRISTATE)
+					dep = expr_trans_bool(dep);
+				prop->visible.expr = dep;
+				if (prop->type == P_SELECT) {
+					struct symbol *es = prop_get_symbol(prop);
+					es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
+							expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+				}
+			}
+		}
+		for (menu = parent->list; menu; menu = menu->next)
+			menu_finalize(menu);
+	} else if (sym) {
+		basedep = parent->prompt ? parent->prompt->visible.expr : NULL;
+		basedep = expr_trans_compare(basedep, E_UNEQUAL, &symbol_no);
+		basedep = expr_eliminate_dups(expr_transform(basedep));
+		last_menu = NULL;
+		for (menu = parent->next; menu; menu = menu->next) {
+			dep = menu->prompt ? menu->prompt->visible.expr : menu->dep;
+			if (!expr_contains_symbol(dep, sym))
+				break;
+			if (expr_depends_symbol(dep, sym))
+				goto next;
+			dep = expr_trans_compare(dep, E_UNEQUAL, &symbol_no);
+			dep = expr_eliminate_dups(expr_transform(dep));
+			dep2 = expr_copy(basedep);
+			expr_eliminate_eq(&dep, &dep2);
+			expr_free(dep);
+			if (!expr_is_yes(dep2)) {
+				expr_free(dep2);
+				break;
+			}
+			expr_free(dep2);
+		next:
+			menu_finalize(menu);
+			menu->parent = parent;
+			last_menu = menu;
+		}
+		if (last_menu) {
+			parent->list = parent->next;
+			parent->next = last_menu->next;
+			last_menu->next = NULL;
+		}
+	}
+	for (menu = parent->list; menu; menu = menu->next) {
+		if (sym && sym_is_choice(sym) && menu->sym) {
+			menu->sym->flags |= SYMBOL_CHOICEVAL;
+			if (!menu->prompt)
+				menu_warn(menu, "choice value must have a prompt");
+			for (prop = menu->sym->prop; prop; prop = prop->next) {
+				if (prop->type == P_PROMPT && prop->menu != menu) {
+					prop_warn(prop, "choice values "
+					    "currently only support a "
+					    "single prompt");
+				}
+				if (prop->type == P_DEFAULT)
+					prop_warn(prop, "defaults for choice "
+					    "values not supported");
+			}
+			current_entry = menu;
+			menu_set_type(sym->type);
+			menu_add_symbol(P_CHOICE, sym, NULL);
+			prop = sym_get_choice_prop(sym);
+			for (ep = &prop->expr; *ep; ep = &(*ep)->left.expr)
+				;
+			*ep = expr_alloc_one(E_CHOICE, NULL);
+			(*ep)->right.sym = menu->sym;
+		}
+		if (menu->list && (!menu->prompt || !menu->prompt->text)) {
+			for (last_menu = menu->list; ; last_menu = last_menu->next) {
+				last_menu->parent = parent;
+				if (!last_menu->next)
+					break;
+			}
+			last_menu->next = menu->next;
+			menu->next = menu->list;
+			menu->list = NULL;
+		}
+	}
+
+	if (sym && !(sym->flags & SYMBOL_WARNED)) {
+		if (sym->type == S_UNKNOWN)
+			menu_warn(parent, "config symbol defined "
+			    "without type\n");
+
+		if (sym_is_choice(sym) && !parent->prompt)
+			menu_warn(parent, "choice must have a prompt\n");
+
+		/* Check properties connected to this symbol */
+		sym_check_prop(sym);
+		sym->flags |= SYMBOL_WARNED;
+	}
+
+	if (sym && !sym_is_optional(sym) && parent->prompt) {
+		sym->rev_dep.expr = expr_alloc_or(sym->rev_dep.expr,
+				expr_alloc_and(parent->prompt->visible.expr,
+					expr_alloc_symbol(&symbol_mod)));
+	}
+}
+
+bool menu_is_visible(struct menu *menu)
+{
+	struct menu *child;
+	struct symbol *sym;
+	tristate visible;
+
+	if (!menu->prompt)
+		return false;
+	sym = menu->sym;
+	if (sym) {
+		sym_calc_value(sym);
+		visible = menu->prompt->visible.tri;
+	} else
+		visible = menu->prompt->visible.tri = expr_calc_value(menu->prompt->visible.expr);
+
+	if (visible != no)
+		return true;
+	if (!sym || sym_get_tristate_value(menu->sym) == no)
+		return false;
+
+	for (child = menu->list; child; child = child->next)
+		if (menu_is_visible(child))
+			return true;
+	return false;
+}
+
+const char *menu_get_prompt(struct menu *menu)
+{
+	if (menu->prompt)
+		return menu->prompt->text;
+	else if (menu->sym)
+		return menu->sym->name;
+	return NULL;
+}
+
+struct menu *menu_get_root_menu(struct menu *menu)
+{
+	return &rootmenu;
+}
+
+struct menu *menu_get_parent_menu(struct menu *menu)
+{
+	enum prop_type type;
+
+	for (; menu != &rootmenu; menu = menu->parent) {
+		type = menu->prompt ? menu->prompt->type : 0;
+		if (type == P_MENU)
+			break;
+	}
+	return menu;
+}
+
diff --git a/config/scripts/config/mkconfigs b/config/scripts/config/mkconfigs
new file mode 100755
index 0000000000..3cb7bb1754
--- /dev/null
+++ b/config/scripts/config/mkconfigs
@@ -0,0 +1,67 @@
+#!/bin/sh
+#
+# Copyright (C) 2002 Khalid Aziz <khalid_aziz at hp.com>
+# Copyright (C) 2002 Randy Dunlap <rddunlap at osdl.org>
+# Copyright (C) 2002 Al Stone <ahs3 at fc.hp.com>
+# Copyright (C) 2002 Hewlett-Packard Company
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#   Busybox version by Matteo Croce <3297627799 at wind.it>
+#
+# Rules to generate bbconfig.h from .config:
+#      - Retain lines that begin with "CONFIG_"
+#      - Retain lines that begin with "# CONFIG_"
+#      - lines that use double-quotes must \\-escape-quote them
+
+if [ $# -lt 1 ]
+then
+	config=.config
+else	config=$1
+fi
+
+echo "#ifndef _BBCONFIG_H"
+echo "#define _BBCONFIG_H"
+echo \
+"/*
+ * busybox configuration options.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ * NON INFRINGEMENT.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *
+ *
+ * This file is generated automatically by scripts/config/mkconfigs.
+ * Do not edit.
+ *
+ */"
+
+echo "static char const bbconfig_config[] ="
+echo "\"CONFIG_BEGIN=n\\n\\"
+echo "`sed 's/\"/\\\\\"/g' $config | grep "^#\? \?CONFIG_" | awk '{ print $0 "\\\\n\\\\" }' `"
+echo "CONFIG_END=n\\n\";"
+echo "#endif /* _BBCONFIG_H */"
diff --git a/config/scripts/config/symbol.c b/config/scripts/config/symbol.c
new file mode 100644
index 0000000000..ea629728ac
--- /dev/null
+++ b/config/scripts/config/symbol.c
@@ -0,0 +1,809 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <regex.h>
+#include <sys/utsname.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+struct symbol symbol_yes = {
+	.name = "y",
+	.curr = { "y", yes },
+	.flags = SYMBOL_YES|SYMBOL_VALID,
+}, symbol_mod = {
+	.name = "m",
+	.curr = { "m", mod },
+	.flags = SYMBOL_MOD|SYMBOL_VALID,
+}, symbol_no = {
+	.name = "n",
+	.curr = { "n", no },
+	.flags = SYMBOL_NO|SYMBOL_VALID,
+}, symbol_empty = {
+	.name = "",
+	.curr = { "", no },
+	.flags = SYMBOL_VALID,
+};
+
+int sym_change_count;
+struct symbol *modules_sym;
+tristate modules_val;
+
+void sym_add_default(struct symbol *sym, const char *def)
+{
+	struct property *prop = prop_alloc(P_DEFAULT, sym);
+
+	prop->expr = expr_alloc_symbol(sym_lookup(def, 1));
+}
+
+void sym_init(void)
+{
+	struct symbol *sym;
+	char *p;
+	static bool inited = false;
+
+	if (inited)
+		return;
+	inited = true;
+
+	sym = sym_lookup("VERSION", 0);
+	sym->type = S_STRING;
+	sym->flags |= SYMBOL_AUTO;
+	p = getenv("VERSION");
+	if (p)
+		sym_add_default(sym, p);
+
+	sym = sym_lookup("TARGET_ARCH", 0);
+	sym->type = S_STRING;
+	sym->flags |= SYMBOL_AUTO;
+	p = getenv("TARGET_ARCH");
+	if (p)
+		sym_add_default(sym, p);
+
+}
+
+enum symbol_type sym_get_type(struct symbol *sym)
+{
+	enum symbol_type type = sym->type;
+
+	if (type == S_TRISTATE) {
+		if (sym_is_choice_value(sym) && sym->visible == yes)
+			type = S_BOOLEAN;
+		else if (modules_val == no)
+			type = S_BOOLEAN;
+	}
+	return type;
+}
+
+const char *sym_type_name(enum symbol_type type)
+{
+	switch (type) {
+	case S_BOOLEAN:
+		return "boolean";
+	case S_TRISTATE:
+		return "tristate";
+	case S_INT:
+		return "integer";
+	case S_HEX:
+		return "hex";
+	case S_STRING:
+		return "string";
+	case S_UNKNOWN:
+		return "unknown";
+	case S_OTHER:
+		break;
+	}
+	return "???";
+}
+
+struct property *sym_get_choice_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_choices(sym, prop)
+		return prop;
+	return NULL;
+}
+
+struct property *sym_get_default_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_defaults(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri != no)
+			return prop;
+	}
+	return NULL;
+}
+
+struct property *sym_get_range_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_properties(sym, prop, P_RANGE) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri != no)
+			return prop;
+	}
+	return NULL;
+}
+
+static void sym_calc_visibility(struct symbol *sym)
+{
+	struct property *prop;
+	tristate tri;
+
+	/* any prompt visible? */
+	tri = no;
+	for_all_prompts(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		tri = E_OR(tri, prop->visible.tri);
+	}
+	if (tri == mod && (sym->type != S_TRISTATE || modules_val == no))
+		tri = yes;
+	if (sym->visible != tri) {
+		sym->visible = tri;
+		sym_set_changed(sym);
+	}
+	if (sym_is_choice_value(sym))
+		return;
+	tri = no;
+	if (sym->rev_dep.expr)
+		tri = expr_calc_value(sym->rev_dep.expr);
+	if (tri == mod && sym_get_type(sym) == S_BOOLEAN)
+		tri = yes;
+	if (sym->rev_dep.tri != tri) {
+		sym->rev_dep.tri = tri;
+		sym_set_changed(sym);
+	}
+}
+
+static struct symbol *sym_calc_choice(struct symbol *sym)
+{
+	struct symbol *def_sym;
+	struct property *prop;
+	struct expr *e;
+
+	/* is the user choice visible? */
+	def_sym = sym->user.val;
+	if (def_sym) {
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* any of the defaults visible? */
+	for_all_defaults(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri == no)
+			continue;
+		def_sym = prop_get_symbol(prop);
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* just get the first visible value */
+	prop = sym_get_choice_prop(sym);
+	for (e = prop->expr; e; e = e->left.expr) {
+		def_sym = e->right.sym;
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* no choice? reset tristate value */
+	sym->curr.tri = no;
+	return NULL;
+}
+
+void sym_calc_value(struct symbol *sym)
+{
+	struct symbol_value newval, oldval;
+	struct property *prop;
+	struct expr *e;
+
+	if (!sym)
+		return;
+
+	if (sym->flags & SYMBOL_VALID)
+		return;
+	sym->flags |= SYMBOL_VALID;
+
+	oldval = sym->curr;
+
+	switch (sym->type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		newval = symbol_empty.curr;
+		break;
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		newval = symbol_no.curr;
+		break;
+	default:
+		sym->curr.val = sym->name;
+		sym->curr.tri = no;
+		return;
+	}
+	if (!sym_is_choice_value(sym))
+		sym->flags &= ~SYMBOL_WRITE;
+
+	sym_calc_visibility(sym);
+
+	/* set default if recursively called */
+	sym->curr = newval;
+
+	switch (sym_get_type(sym)) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		if (sym_is_choice_value(sym) && sym->visible == yes) {
+			prop = sym_get_choice_prop(sym);
+			newval.tri = (prop_get_symbol(prop)->curr.val == sym) ? yes : no;
+		} else if (E_OR(sym->visible, sym->rev_dep.tri) != no) {
+			sym->flags |= SYMBOL_WRITE;
+			if (sym_has_value(sym))
+				newval.tri = sym->user.tri;
+			else if (!sym_is_choice(sym)) {
+				prop = sym_get_default_prop(sym);
+				if (prop)
+					newval.tri = expr_calc_value(prop->expr);
+			}
+			newval.tri = E_OR(E_AND(newval.tri, sym->visible), sym->rev_dep.tri);
+		} else if (!sym_is_choice(sym)) {
+			prop = sym_get_default_prop(sym);
+			if (prop) {
+				sym->flags |= SYMBOL_WRITE;
+				newval.tri = expr_calc_value(prop->expr);
+			}
+		}
+		if (newval.tri == mod && sym_get_type(sym) == S_BOOLEAN)
+			newval.tri = yes;
+		break;
+	case S_STRING:
+	case S_HEX:
+	case S_INT:
+		if (sym->visible != no) {
+			sym->flags |= SYMBOL_WRITE;
+			if (sym_has_value(sym)) {
+				newval.val = sym->user.val;
+				break;
+			}
+		}
+		prop = sym_get_default_prop(sym);
+		if (prop) {
+			struct symbol *ds = prop_get_symbol(prop);
+			if (ds) {
+				sym->flags |= SYMBOL_WRITE;
+				sym_calc_value(ds);
+				newval.val = ds->curr.val;
+			}
+		}
+		break;
+	default:
+		;
+	}
+
+	sym->curr = newval;
+	if (sym_is_choice(sym) && newval.tri == yes)
+		sym->curr.val = sym_calc_choice(sym);
+
+	if (memcmp(&oldval, &sym->curr, sizeof(oldval)))
+		sym_set_changed(sym);
+	if (modules_sym == sym)
+		modules_val = modules_sym->curr.tri;
+
+	if (sym_is_choice(sym)) {
+		int flags = sym->flags & (SYMBOL_CHANGED | SYMBOL_WRITE);
+		prop = sym_get_choice_prop(sym);
+		for (e = prop->expr; e; e = e->left.expr) {
+			e->right.sym->flags |= flags;
+			if (flags & SYMBOL_CHANGED)
+				sym_set_changed(e->right.sym);
+		}
+	}
+}
+
+void sym_clear_all_valid(void)
+{
+	struct symbol *sym;
+	int i;
+
+	for_all_symbols(i, sym)
+		sym->flags &= ~SYMBOL_VALID;
+	sym_change_count++;
+	if (modules_sym)
+		sym_calc_value(modules_sym);
+}
+
+void sym_set_changed(struct symbol *sym)
+{
+	struct property *prop;
+
+	sym->flags |= SYMBOL_CHANGED;
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu)
+			prop->menu->flags |= MENU_CHANGED;
+	}
+}
+
+void sym_set_all_changed(void)
+{
+	struct symbol *sym;
+	int i;
+
+	for_all_symbols(i, sym)
+		sym_set_changed(sym);
+}
+
+bool sym_tristate_within_range(struct symbol *sym, tristate val)
+{
+	int type = sym_get_type(sym);
+
+	if (sym->visible == no)
+		return false;
+
+	if (type != S_BOOLEAN && type != S_TRISTATE)
+		return false;
+
+	if (type == S_BOOLEAN && val == mod)
+		return false;
+	if (sym->visible <= sym->rev_dep.tri)
+		return false;
+	if (sym_is_choice_value(sym) && sym->visible == yes)
+		return val == yes;
+	return val >= sym->rev_dep.tri && val <= sym->visible;
+}
+
+bool sym_set_tristate_value(struct symbol *sym, tristate val)
+{
+	tristate oldval = sym_get_tristate_value(sym);
+
+	if (oldval != val && !sym_tristate_within_range(sym, val))
+		return false;
+
+	if (sym->flags & SYMBOL_NEW) {
+		sym->flags &= ~SYMBOL_NEW;
+		sym_set_changed(sym);
+	}
+	if (sym_is_choice_value(sym) && val == yes) {
+		struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
+
+		cs->user.val = sym;
+		cs->flags &= ~SYMBOL_NEW;
+	}
+
+	sym->user.tri = val;
+	if (oldval != val) {
+		sym_clear_all_valid();
+		if (sym == modules_sym)
+			sym_set_all_changed();
+	}
+
+	return true;
+}
+
+tristate sym_toggle_tristate_value(struct symbol *sym)
+{
+	tristate oldval, newval;
+
+	oldval = newval = sym_get_tristate_value(sym);
+	do {
+		switch (newval) {
+		case no:
+			newval = mod;
+			break;
+		case mod:
+			newval = yes;
+			break;
+		case yes:
+			newval = no;
+			break;
+		}
+		if (sym_set_tristate_value(sym, newval))
+			break;
+	} while (oldval != newval);
+	return newval;
+}
+
+bool sym_string_valid(struct symbol *sym, const char *str)
+{
+	signed char ch;
+
+	switch (sym->type) {
+	case S_STRING:
+		return true;
+	case S_INT:
+		ch = *str++;
+		if (ch == '-')
+			ch = *str++;
+		if (!isdigit(ch))
+			return false;
+		if (ch == '0' && *str != 0)
+			return false;
+		while ((ch = *str++)) {
+			if (!isdigit(ch))
+				return false;
+		}
+		return true;
+	case S_HEX:
+		if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
+			str += 2;
+		ch = *str++;
+		do {
+			if (!isxdigit(ch))
+				return false;
+		} while ((ch = *str++));
+		return true;
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (str[0]) {
+		case 'y': case 'Y':
+		case 'm': case 'M':
+		case 'n': case 'N':
+			return true;
+		}
+		return false;
+	default:
+		return false;
+	}
+}
+
+bool sym_string_within_range(struct symbol *sym, const char *str)
+{
+	struct property *prop;
+	int val;
+
+	switch (sym->type) {
+	case S_STRING:
+		return sym_string_valid(sym, str);
+	case S_INT:
+		if (!sym_string_valid(sym, str))
+			return false;
+		prop = sym_get_range_prop(sym);
+		if (!prop)
+			return true;
+		val = strtol(str, NULL, 10);
+		return val >= strtol(prop->expr->left.sym->name, NULL, 10) &&
+		       val <= strtol(prop->expr->right.sym->name, NULL, 10);
+	case S_HEX:
+		if (!sym_string_valid(sym, str))
+			return false;
+		prop = sym_get_range_prop(sym);
+		if (!prop)
+			return true;
+		val = strtol(str, NULL, 16);
+		return val >= strtol(prop->expr->left.sym->name, NULL, 16) &&
+		       val <= strtol(prop->expr->right.sym->name, NULL, 16);
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (str[0]) {
+		case 'y': case 'Y':
+			return sym_tristate_within_range(sym, yes);
+		case 'm': case 'M':
+			return sym_tristate_within_range(sym, mod);
+		case 'n': case 'N':
+			return sym_tristate_within_range(sym, no);
+		}
+		return false;
+	default:
+		return false;
+	}
+}
+
+bool sym_set_string_value(struct symbol *sym, const char *newval)
+{
+	const char *oldval;
+	char *val;
+	int size;
+
+	switch (sym->type) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (newval[0]) {
+		case 'y': case 'Y':
+			return sym_set_tristate_value(sym, yes);
+		case 'm': case 'M':
+			return sym_set_tristate_value(sym, mod);
+		case 'n': case 'N':
+			return sym_set_tristate_value(sym, no);
+		}
+		return false;
+	default:
+		;
+	}
+
+	if (!sym_string_within_range(sym, newval))
+		return false;
+
+	if (sym->flags & SYMBOL_NEW) {
+		sym->flags &= ~SYMBOL_NEW;
+		sym_set_changed(sym);
+	}
+
+	oldval = sym->user.val;
+	size = strlen(newval) + 1;
+	if (sym->type == S_HEX && (newval[0] != '0' || (newval[1] != 'x' && newval[1] != 'X'))) {
+		size += 2;
+		sym->user.val = val = malloc(size);
+		*val++ = '0';
+		*val++ = 'x';
+	} else if (!oldval || strcmp(oldval, newval))
+		sym->user.val = val = malloc(size);
+	else
+		return true;
+
+	strcpy(val, newval);
+	free((void *)oldval);
+	sym_clear_all_valid();
+
+	return true;
+}
+
+const char *sym_get_string_value(struct symbol *sym)
+{
+	tristate val;
+
+	switch (sym->type) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		val = sym_get_tristate_value(sym);
+		switch (val) {
+		case no:
+			return "n";
+		case mod:
+			return "m";
+		case yes:
+			return "y";
+		}
+		break;
+	default:
+		;
+	}
+	return (const char *)sym->curr.val;
+}
+
+bool sym_is_changable(struct symbol *sym)
+{
+	return sym->visible > sym->rev_dep.tri;
+}
+
+struct symbol *sym_lookup(const char *name, int isconst)
+{
+	struct symbol *symbol;
+	const char *ptr;
+	char *new_name;
+	int hash = 0;
+
+	if (name) {
+		if (name[0] && !name[1]) {
+			switch (name[0]) {
+			case 'y': return &symbol_yes;
+			case 'm': return &symbol_mod;
+			case 'n': return &symbol_no;
+			}
+		}
+		for (ptr = name; *ptr; ptr++)
+			hash += *ptr;
+		hash &= 0xff;
+
+		for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
+			if (!strcmp(symbol->name, name)) {
+				if ((isconst && symbol->flags & SYMBOL_CONST) ||
+				    (!isconst && !(symbol->flags & SYMBOL_CONST)))
+					return symbol;
+			}
+		}
+		new_name = strdup(name);
+	} else {
+		new_name = NULL;
+		hash = 256;
+	}
+
+	symbol = malloc(sizeof(*symbol));
+	memset(symbol, 0, sizeof(*symbol));
+	symbol->name = new_name;
+	symbol->type = S_UNKNOWN;
+	symbol->flags = SYMBOL_NEW;
+	if (isconst)
+		symbol->flags |= SYMBOL_CONST;
+
+	symbol->next = symbol_hash[hash];
+	symbol_hash[hash] = symbol;
+
+	return symbol;
+}
+
+struct symbol *sym_find(const char *name)
+{
+	struct symbol *symbol = NULL;
+	const char *ptr;
+	int hash = 0;
+
+	if (!name)
+		return NULL;
+
+	if (name[0] && !name[1]) {
+		switch (name[0]) {
+		case 'y': return &symbol_yes;
+		case 'm': return &symbol_mod;
+		case 'n': return &symbol_no;
+		}
+	}
+	for (ptr = name; *ptr; ptr++)
+		hash += *ptr;
+	hash &= 0xff;
+
+	for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
+		if (!strcmp(symbol->name, name) &&
+		    !(symbol->flags & SYMBOL_CONST))
+				break;
+	}
+
+	return symbol;
+}
+
+struct symbol **sym_re_search(const char *pattern)
+{
+	struct symbol *sym, **sym_arr = NULL;
+	int i, cnt, size;
+	regex_t re;
+
+	cnt = size = 0;
+	/* Skip if empty */
+	if (strlen(pattern) == 0)
+		return NULL;
+	if (regcomp(&re, pattern, REG_EXTENDED|REG_NOSUB|REG_ICASE))
+		return NULL;
+
+	for_all_symbols(i, sym) {
+		if (sym->flags & SYMBOL_CONST || !sym->name)
+			continue;
+		if (regexec(&re, sym->name, 0, NULL, 0))
+			continue;
+		if (cnt + 1 >= size) {
+			void *tmp = sym_arr;
+			size += 16;
+			sym_arr = realloc(sym_arr, size * sizeof(struct symbol *));
+			if (!sym_arr) {
+				free(tmp);
+				return NULL;
+			}
+		}
+		sym_arr[cnt++] = sym;
+	}
+	if (sym_arr)
+		sym_arr[cnt] = NULL;
+	regfree(&re);
+
+	return sym_arr;
+}
+
+
+struct symbol *sym_check_deps(struct symbol *sym);
+
+static struct symbol *sym_check_expr_deps(struct expr *e)
+{
+	struct symbol *sym;
+
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_OR:
+	case E_AND:
+		sym = sym_check_expr_deps(e->left.expr);
+		if (sym)
+			return sym;
+		return sym_check_expr_deps(e->right.expr);
+	case E_NOT:
+		return sym_check_expr_deps(e->left.expr);
+	case E_EQUAL:
+	case E_UNEQUAL:
+		sym = sym_check_deps(e->left.sym);
+		if (sym)
+			return sym;
+		return sym_check_deps(e->right.sym);
+	case E_SYMBOL:
+		return sym_check_deps(e->left.sym);
+	default:
+		break;
+	}
+	printf("Oops! How to check %d?\n", e->type);
+	return NULL;
+}
+
+struct symbol *sym_check_deps(struct symbol *sym)
+{
+	struct symbol *sym2;
+	struct property *prop;
+
+	if (sym->flags & SYMBOL_CHECK_DONE)
+		return NULL;
+	if (sym->flags & SYMBOL_CHECK) {
+		printf("Warning! Found recursive dependency: %s", sym->name);
+		return sym;
+	}
+
+	sym->flags |= (SYMBOL_CHECK | SYMBOL_CHECKED);
+	sym2 = sym_check_expr_deps(sym->rev_dep.expr);
+	if (sym2)
+		goto out;
+
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->type == P_CHOICE || prop->type == P_SELECT)
+			continue;
+		sym2 = sym_check_expr_deps(prop->visible.expr);
+		if (sym2)
+			goto out;
+		if (prop->type != P_DEFAULT || sym_is_choice(sym))
+			continue;
+		sym2 = sym_check_expr_deps(prop->expr);
+		if (sym2)
+			goto out;
+	}
+out:
+	if (sym2)
+		printf(" %s", sym->name);
+	sym->flags &= ~SYMBOL_CHECK;
+	return sym2;
+}
+
+struct property *prop_alloc(enum prop_type type, struct symbol *sym)
+{
+	struct property *prop;
+	struct property **propp;
+
+	prop = malloc(sizeof(*prop));
+	memset(prop, 0, sizeof(*prop));
+	prop->type = type;
+	prop->sym = sym;
+	prop->file = current_file;
+	prop->lineno = zconf_lineno();
+
+	/* append property to the prop list of symbol */
+	if (sym) {
+		for (propp = &sym->prop; *propp; propp = &(*propp)->next)
+			;
+		*propp = prop;
+	}
+
+	return prop;
+}
+
+struct symbol *prop_get_symbol(struct property *prop)
+{
+	if (prop->expr && (prop->expr->type == E_SYMBOL ||
+			   prop->expr->type == E_CHOICE))
+		return prop->expr->left.sym;
+	return NULL;
+}
+
+const char *prop_get_type_name(enum prop_type type)
+{
+	switch (type) {
+	case P_PROMPT:
+		return "prompt";
+	case P_COMMENT:
+		return "comment";
+	case P_MENU:
+		return "menu";
+	case P_DEFAULT:
+		return "default";
+	case P_CHOICE:
+		return "choice";
+	case P_SELECT:
+		return "select";
+	case P_RANGE:
+		return "range";
+	case P_UNKNOWN:
+		break;
+	}
+	return "unknown";
+}
diff --git a/config/scripts/config/util.c b/config/scripts/config/util.c
new file mode 100644
index 0000000000..8fc95a2a70
--- /dev/null
+++ b/config/scripts/config/util.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2002-2005 Roman Zippel <zippel@linux-m68k.org>
+ * Copyright (C) 2002-2005 Sam Ravnborg <sam@ravnborg.org>
+ *
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <string.h>
+#include "lkc.h"
+
+/* file already present in list? If not add it */
+struct file *file_lookup(const char *name)
+{
+	struct file *file;
+
+	for (file = file_list; file; file = file->next) {
+		if (!strcmp(name, file->name))
+			return file;
+	}
+
+	file = malloc(sizeof(*file));
+	memset(file, 0, sizeof(*file));
+	file->name = strdup(name);
+	file->next = file_list;
+	file_list = file;
+	return file;
+}
+
+/* write a dependency file as used by kbuild to track dependencies */
+int file_write_dep(const char *name)
+{
+	struct file *file;
+	FILE *out;
+
+	if (!name)
+		name = "config/.config.cmd";
+	out = fopen("config/.config.tmp", "w");
+	if (!out)
+		return 1;
+	fprintf(out, "deps_config := \\\n");
+	for (file = file_list; file; file = file->next) {
+		if (file->next)
+			fprintf(out, "\t%s \\\n", file->name);
+		else
+			fprintf(out, "\t%s\n", file->name);
+	}
+	fprintf(out, "\n.config include/config.h: $(deps_config)\n\n$(deps_config):\n");
+	fclose(out);
+	rename(".config.tmp", name);
+	return 0;
+}
+
+
+/* Allocate initial growable sting */
+struct gstr str_new(void)
+{
+	struct gstr gs;
+	gs.s = malloc(sizeof(char) * 64);
+	gs.len = 16;
+	strcpy(gs.s, "\0");
+	return gs;
+}
+
+/* Allocate and assign growable string */
+struct gstr str_assign(const char *s)
+{
+	struct gstr gs;
+	gs.s = strdup(s);
+	gs.len = strlen(s) + 1;
+	return gs;
+}
+
+/* Free storage for growable string */
+void str_free(struct gstr *gs)
+{
+	if (gs->s)
+		free(gs->s);
+	gs->s = NULL;
+	gs->len = 0;
+}
+
+/* Append to growable string */
+void str_append(struct gstr *gs, const char *s)
+{
+	size_t l = strlen(gs->s) + strlen(s) + 1;
+	if (l > gs->len) {
+		gs->s   = realloc(gs->s, l);
+		gs->len = l;
+	}
+	strcat(gs->s, s);
+}
+
+/* Append printf formatted string to growable string */
+void str_printf(struct gstr *gs, const char *fmt, ...)
+{
+	va_list ap;
+	char s[10000]; /* big enough... */
+	va_start(ap, fmt);
+	vsnprintf(s, sizeof(s), fmt, ap);
+	str_append(gs, s);
+	va_end(ap);
+}
+
+/* Retreive value of growable string */
+const char *str_get(struct gstr *gs)
+{
+	return gs->s;
+}
+
diff --git a/config/scripts/config/zconf.l b/config/scripts/config/zconf.l
new file mode 100644
index 0000000000..55517b2877
--- /dev/null
+++ b/config/scripts/config/zconf.l
@@ -0,0 +1,366 @@
+%option backup nostdinit noyywrap never-interactive full ecs
+%option 8bit backup nodefault perf-report perf-report
+%x COMMAND HELP STRING PARAM
+%{
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define START_STRSIZE	16
+
+char *text;
+static char *text_ptr;
+static int text_size, text_asize;
+
+struct buffer {
+        struct buffer *parent;
+        YY_BUFFER_STATE state;
+};
+
+struct buffer *current_buf;
+
+static int last_ts, first_ts;
+
+static void zconf_endhelp(void);
+static struct buffer *zconf_endfile(void);
+
+void new_string(void)
+{
+	text = malloc(START_STRSIZE);
+	text_asize = START_STRSIZE;
+	text_ptr = text;
+	text_size = 0;
+	*text_ptr = 0;
+}
+
+void append_string(const char *str, int size)
+{
+	int new_size = text_size + size + 1;
+	if (new_size > text_asize) {
+		text = realloc(text, new_size);
+		text_asize = new_size;
+		text_ptr = text + text_size;
+	}
+	memcpy(text_ptr, str, size);
+	text_ptr += size;
+	text_size += size;
+	*text_ptr = 0;
+}
+
+void alloc_string(const char *str, int size)
+{
+	text = malloc(size + 1);
+	memcpy(text, str, size);
+	text[size] = 0;
+}
+%}
+
+ws	[ \n\t]
+n	[A-Za-z0-9_]
+
+%%
+	int str = 0;
+	int ts, i;
+
+[ \t]*#.*\n	current_file->lineno++;
+[ \t]*#.*
+
+[ \t]*\n	current_file->lineno++; return T_EOL;
+
+[ \t]+	{
+	BEGIN(COMMAND);
+}
+
+.	{
+	unput(yytext[0]);
+	BEGIN(COMMAND);
+}
+
+
+<COMMAND>{
+	"mainmenu"		BEGIN(PARAM); return T_MAINMENU;
+	"menu"			BEGIN(PARAM); return T_MENU;
+	"endmenu"		BEGIN(PARAM); return T_ENDMENU;
+	"source"		BEGIN(PARAM); return T_SOURCE;
+	"choice"		BEGIN(PARAM); return T_CHOICE;
+	"endchoice"		BEGIN(PARAM); return T_ENDCHOICE;
+	"comment"		BEGIN(PARAM); return T_COMMENT;
+	"config"		BEGIN(PARAM); return T_CONFIG;
+	"menuconfig"		BEGIN(PARAM); return T_MENUCONFIG;
+	"help"			BEGIN(PARAM); return T_HELP;
+	"if"			BEGIN(PARAM); return T_IF;
+	"endif"			BEGIN(PARAM); return T_ENDIF;
+	"depends"		BEGIN(PARAM); return T_DEPENDS;
+	"requires"		BEGIN(PARAM); return T_REQUIRES;
+	"optional"		BEGIN(PARAM); return T_OPTIONAL;
+	"default"		BEGIN(PARAM); return T_DEFAULT;
+	"prompt"		BEGIN(PARAM); return T_PROMPT;
+	"tristate"		BEGIN(PARAM); return T_TRISTATE;
+	"def_tristate"		BEGIN(PARAM); return T_DEF_TRISTATE;
+	"bool"			BEGIN(PARAM); return T_BOOLEAN;
+	"boolean"		BEGIN(PARAM); return T_BOOLEAN;
+	"def_bool"		BEGIN(PARAM); return T_DEF_BOOLEAN;
+	"def_boolean"		BEGIN(PARAM); return T_DEF_BOOLEAN;
+	"int"			BEGIN(PARAM); return T_INT;
+	"hex"			BEGIN(PARAM); return T_HEX;
+	"string"		BEGIN(PARAM); return T_STRING;
+	"select"		BEGIN(PARAM); return T_SELECT;
+	"enable"		BEGIN(PARAM); return T_SELECT;
+	"range"			BEGIN(PARAM); return T_RANGE;
+	{n}+	{
+		alloc_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	.
+	\n	current_file->lineno++; BEGIN(INITIAL);
+}
+
+<PARAM>{
+	"&&"	return T_AND;
+	"||"	return T_OR;
+	"("	return T_OPEN_PAREN;
+	")"	return T_CLOSE_PAREN;
+	"!"	return T_NOT;
+	"="	return T_EQUAL;
+	"!="	return T_UNEQUAL;
+	"if"	return T_IF;
+	"on"	return T_ON;
+	\"|\'	{
+		str = yytext[0];
+		new_string();
+		BEGIN(STRING);
+	}
+	\n	BEGIN(INITIAL); current_file->lineno++; return T_EOL;
+	---	/* ignore */
+	({n}|[-/.])+	{
+		alloc_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	#.*	/* comment */
+	\\\n	current_file->lineno++;
+	.
+	<<EOF>> {
+		BEGIN(INITIAL);
+	}
+}
+
+<STRING>{
+	[^'"\\\n]+/\n	{
+		append_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	[^'"\\\n]+	{
+		append_string(yytext, yyleng);
+	}
+	\\.?/\n	{
+		append_string(yytext + 1, yyleng - 1);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	\\.?	{
+		append_string(yytext + 1, yyleng - 1);
+	}
+	\'|\"	{
+		if (str == yytext[0]) {
+			BEGIN(PARAM);
+			zconflval.string = text;
+			return T_WORD_QUOTE;
+		} else
+			append_string(yytext, 1);
+	}
+	\n	{
+		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
+		current_file->lineno++;
+		BEGIN(INITIAL);
+		return T_EOL;
+	}
+	<<EOF>>	{
+		BEGIN(INITIAL);
+	}
+}
+
+<HELP>{
+	[ \t]+	{
+		ts = 0;
+		for (i = 0; i < yyleng; i++) {
+			if (yytext[i] == '\t')
+				ts = (ts & ~7) + 8;
+			else
+				ts++;
+		}
+		last_ts = ts;
+		if (first_ts) {
+			if (ts < first_ts) {
+				zconf_endhelp();
+				return T_HELPTEXT;
+			}
+			ts -= first_ts;
+			while (ts > 8) {
+				append_string("        ", 8);
+				ts -= 8;
+			}
+			append_string("        ", ts);
+		}
+	}
+	[ \t]*\n/[^ \t\n] {
+		current_file->lineno++;
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	[ \t]*\n	{
+		current_file->lineno++;
+		append_string("\n", 1);
+	}
+	[^ \t\n].* {
+		append_string(yytext, yyleng);
+		if (!first_ts)
+			first_ts = last_ts;
+	}
+	<<EOF>>	{
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+}
+
+<<EOF>>	{
+	if (current_buf) {
+		zconf_endfile();
+		return T_EOF;
+	}
+	fclose(yyin);
+	yyterminate();
+}
+
+%%
+void zconf_starthelp(void)
+{
+	new_string();
+	last_ts = first_ts = 0;
+	BEGIN(HELP);
+}
+
+static void zconf_endhelp(void)
+{
+	zconflval.string = text;
+	BEGIN(INITIAL);
+}
+
+
+/*
+ * Try to open specified file with following names:
+ * ./name
+ * $(srctree)/name
+ * The latter is used when srctree is separate from objtree
+ * when compiling the kernel.
+ * Return NULL if file is not found.
+ */
+FILE *zconf_fopen(const char *name)
+{
+	char *env, fullname[PATH_MAX+1];
+	FILE *f;
+
+	f = fopen(name, "r");
+	if (!f && name[0] != '/') {
+		env = getenv(SRCTREE);
+		if (env) {
+			sprintf(fullname, "%s/%s", env, name);
+			f = fopen(fullname, "r");
+		}
+	}
+	return f;
+}
+
+void zconf_initscan(const char *name)
+{
+	yyin = zconf_fopen(name);
+	if (!yyin) {
+		printf("can't find file %s\n", name);
+		exit(1);
+	}
+
+	current_buf = malloc(sizeof(*current_buf));
+	memset(current_buf, 0, sizeof(*current_buf));
+
+	current_file = file_lookup(name);
+	current_file->lineno = 1;
+	current_file->flags = FILE_BUSY;
+}
+
+void zconf_nextfile(const char *name)
+{
+	struct file *file = file_lookup(name);
+	struct buffer *buf = malloc(sizeof(*buf));
+	memset(buf, 0, sizeof(*buf));
+
+	current_buf->state = YY_CURRENT_BUFFER;
+	yyin = zconf_fopen(name);
+	if (!yyin) {
+		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
+		exit(1);
+	}
+	yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
+	buf->parent = current_buf;
+	current_buf = buf;
+
+	if (file->flags & FILE_BUSY) {
+		printf("recursive scan (%s)?\n", name);
+		exit(1);
+	}
+	if (file->flags & FILE_SCANNED) {
+		printf("file %s already scanned?\n", name);
+		exit(1);
+	}
+	file->flags |= FILE_BUSY;
+	file->lineno = 1;
+	file->parent = current_file;
+	current_file = file;
+}
+
+static struct buffer *zconf_endfile(void)
+{
+	struct buffer *parent;
+
+	current_file->flags |= FILE_SCANNED;
+	current_file->flags &= ~FILE_BUSY;
+	current_file = current_file->parent;
+
+	parent = current_buf->parent;
+	if (parent) {
+		fclose(yyin);
+		yy_delete_buffer(YY_CURRENT_BUFFER);
+		yy_switch_to_buffer(parent->state);
+	}
+	free(current_buf);
+	current_buf = parent;
+
+	return parent;
+}
+
+int zconf_lineno(void)
+{
+	if (current_buf)
+		return current_file->lineno - 1;
+	else
+		return 0;
+}
+
+char *zconf_curname(void)
+{
+	if (current_buf)
+		return current_file->name;
+	else
+		return "<none>";
+}
diff --git a/config/scripts/config/zconf.tab.c b/config/scripts/config/zconf.tab.c
new file mode 100644
index 0000000000..cc68dcb9a3
--- /dev/null
+++ b/config/scripts/config/zconf.tab.c
@@ -0,0 +1,2130 @@
+/* A Bison parser, made by GNU Bison 1.875a.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+/* Written by Richard Stallman by simplifying the original so called
+   ``semantic'' parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 0
+
+/* Using locations.  */
+#define YYLSP_NEEDED 0
+
+/* If NAME_PREFIX is specified substitute the variables and functions
+   names.  */
+#define yyparse zconfparse
+#define yylex   zconflex
+#define yyerror zconferror
+#define yylval  zconflval
+#define yychar  zconfchar
+#define yydebug zconfdebug
+#define yynerrs zconfnerrs
+
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_MENUCONFIG = 266,
+     T_HELP = 267,
+     T_HELPTEXT = 268,
+     T_IF = 269,
+     T_ENDIF = 270,
+     T_DEPENDS = 271,
+     T_REQUIRES = 272,
+     T_OPTIONAL = 273,
+     T_PROMPT = 274,
+     T_DEFAULT = 275,
+     T_TRISTATE = 276,
+     T_DEF_TRISTATE = 277,
+     T_BOOLEAN = 278,
+     T_DEF_BOOLEAN = 279,
+     T_STRING = 280,
+     T_INT = 281,
+     T_HEX = 282,
+     T_WORD = 283,
+     T_WORD_QUOTE = 284,
+     T_UNEQUAL = 285,
+     T_EOF = 286,
+     T_EOL = 287,
+     T_CLOSE_PAREN = 288,
+     T_OPEN_PAREN = 289,
+     T_ON = 290,
+     T_SELECT = 291,
+     T_RANGE = 292,
+     T_OR = 293,
+     T_AND = 294,
+     T_EQUAL = 295,
+     T_NOT = 296
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_MENUCONFIG 266
+#define T_HELP 267
+#define T_HELPTEXT 268
+#define T_IF 269
+#define T_ENDIF 270
+#define T_DEPENDS 271
+#define T_REQUIRES 272
+#define T_OPTIONAL 273
+#define T_PROMPT 274
+#define T_DEFAULT 275
+#define T_TRISTATE 276
+#define T_DEF_TRISTATE 277
+#define T_BOOLEAN 278
+#define T_DEF_BOOLEAN 279
+#define T_STRING 280
+#define T_INT 281
+#define T_HEX 282
+#define T_WORD 283
+#define T_WORD_QUOTE 284
+#define T_UNEQUAL 285
+#define T_EOF 286
+#define T_EOL 287
+#define T_CLOSE_PAREN 288
+#define T_OPEN_PAREN 289
+#define T_ON 290
+#define T_SELECT 291
+#define T_RANGE 292
+#define T_OR 293
+#define T_AND 294
+#define T_EQUAL 295
+#define T_NOT 296
+
+
+
+
+/* Copy the first part of user declarations.  */
+
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
+
+#define PRINTD		0x0001
+#define DEBUG_PARSE	0x0002
+
+int cdebug = PRINTD;
+
+extern int zconflex(void);
+static void zconfprint(const char *err, ...);
+static void zconferror(const char *err);
+static bool zconf_endtoken(int token, int starttoken, int endtoken);
+
+struct symbol *symbol_hash[257];
+
+static struct menu *current_menu, *current_entry;
+
+#define YYERROR_VERBOSE
+
+
+/* Enabling traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
+
+typedef union YYSTYPE {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} YYSTYPE;
+/* Line 191 of yacc.c.  */
+
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations.  */
+
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+
+/* Line 214 of yacc.c.  */
+
+
+#if ! defined (yyoverflow) || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# if YYSTACK_USE_ALLOCA
+#  define YYSTACK_ALLOC alloca
+# else
+#  ifndef YYSTACK_USE_ALLOCA
+#   if defined (alloca) || (defined (_ALLOCA_H) && defined (__GNUC__))
+#    define YYSTACK_ALLOC alloca
+#   else
+#    ifdef __GNUC__
+#     define YYSTACK_ALLOC __builtin_alloca
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's `empty if-body' warning. */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+# else
+#  if defined (__STDC__) || defined (__cplusplus)
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   define YYSIZE_T size_t
+#  endif
+#  define YYSTACK_ALLOC malloc
+#  define YYSTACK_FREE free
+# endif
+#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
+
+
+#if (! defined (yyoverflow) \
+     && (! defined (__cplusplus) \
+	 || (YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  short yyss;
+  YYSTYPE yyvs;
+  };
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (short) + sizeof (YYSTYPE))				\
+      + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if 1 < __GNUC__
+#   define YYCOPY(To, From, Count) \
+      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+#  else
+#   define YYCOPY(To, From, Count)		\
+      do					\
+	{					\
+	  register YYSIZE_T yyi;		\
+	  for (yyi = 0; yyi < (Count); yyi++)	\
+	    (To)[yyi] = (From)[yyi];		\
+	}					\
+      while (0)
+#  endif
+# endif
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack)					\
+    do									\
+      {									\
+	YYSIZE_T yynewbytes;						\
+	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+	Stack = &yyptr->Stack;						\
+	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+	yyptr += yynewbytes / sizeof (*yyptr);				\
+      }									\
+    while (0)
+
+#endif
+
+#if defined (__STDC__) || defined (__cplusplus)
+   typedef signed char yysigned_char;
+#else
+   typedef short yysigned_char;
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL  2
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   201
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS  42
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS  41
+/* YYNRULES -- Number of rules. */
+#define YYNRULES  104
+/* YYNRULES -- Number of states. */
+#define YYNSTATES  182
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   296
+
+#define YYTRANSLATE(YYX) 						\
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+static const unsigned char yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
+      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
+      35,    36,    37,    38,    39,    40,    41
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+   YYRHS.  */
+static const unsigned short yyprhs[] =
+{
+       0,     0,     3,     4,     7,     9,    11,    13,    17,    19,
+      21,    23,    26,    28,    30,    32,    34,    36,    38,    42,
+      45,    49,    52,    53,    56,    59,    62,    65,    69,    74,
+      78,    83,    87,    91,    95,   100,   105,   110,   116,   119,
+     122,   124,   128,   131,   132,   135,   138,   141,   144,   149,
+     153,   157,   160,   165,   166,   169,   173,   175,   179,   182,
+     183,   186,   189,   192,   196,   199,   201,   205,   208,   209,
+     212,   215,   218,   222,   226,   228,   232,   235,   238,   241,
+     242,   245,   248,   253,   257,   261,   262,   265,   267,   269,
+     272,   275,   278,   280,   282,   283,   286,   288,   292,   296,
+     300,   303,   307,   311,   313
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yysigned_char yyrhs[] =
+{
+      43,     0,    -1,    -1,    43,    44,    -1,    45,    -1,    55,
+      -1,    66,    -1,     3,    77,    79,    -1,     5,    -1,    15,
+      -1,     8,    -1,     1,    79,    -1,    61,    -1,    71,    -1,
+      47,    -1,    49,    -1,    69,    -1,    79,    -1,    10,    28,
+      32,    -1,    46,    50,    -1,    11,    28,    32,    -1,    48,
+      50,    -1,    -1,    50,    51,    -1,    50,    75,    -1,    50,
+      73,    -1,    50,    32,    -1,    21,    76,    32,    -1,    22,
+      81,    80,    32,    -1,    23,    76,    32,    -1,    24,    81,
+      80,    32,    -1,    26,    76,    32,    -1,    27,    76,    32,
+      -1,    25,    76,    32,    -1,    19,    77,    80,    32,    -1,
+      20,    81,    80,    32,    -1,    36,    28,    80,    32,    -1,
+      37,    82,    82,    80,    32,    -1,     7,    32,    -1,    52,
+      56,    -1,    78,    -1,    53,    58,    54,    -1,    53,    58,
+      -1,    -1,    56,    57,    -1,    56,    75,    -1,    56,    73,
+      -1,    56,    32,    -1,    19,    77,    80,    32,    -1,    21,
+      76,    32,    -1,    23,    76,    32,    -1,    18,    32,    -1,
+      20,    28,    80,    32,    -1,    -1,    58,    45,    -1,    14,
+      81,    32,    -1,    78,    -1,    59,    62,    60,    -1,    59,
+      62,    -1,    -1,    62,    45,    -1,    62,    66,    -1,    62,
+      55,    -1,     4,    77,    32,    -1,    63,    74,    -1,    78,
+      -1,    64,    67,    65,    -1,    64,    67,    -1,    -1,    67,
+      45,    -1,    67,    66,    -1,    67,    55,    -1,    67,     1,
+      32,    -1,     6,    77,    32,    -1,    68,    -1,     9,    77,
+      32,    -1,    70,    74,    -1,    12,    32,    -1,    72,    13,
+      -1,    -1,    74,    75,    -1,    74,    32,    -1,    16,    35,
+      81,    32,    -1,    16,    81,    32,    -1,    17,    81,    32,
+      -1,    -1,    77,    80,    -1,    28,    -1,    29,    -1,     5,
+      79,    -1,     8,    79,    -1,    15,    79,    -1,    32,    -1,
+      31,    -1,    -1,    14,    81,    -1,    82,    -1,    82,    40,
+      82,    -1,    82,    30,    82,    -1,    34,    81,    33,    -1,
+      41,    81,    -1,    81,    38,    81,    -1,    81,    39,    81,
+      -1,    28,    -1,    29,    -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+static const unsigned short yyrline[] =
+{
+       0,    94,    94,    95,    98,    99,   100,   101,   102,   103,
+     104,   105,   109,   110,   111,   112,   113,   114,   120,   128,
+     134,   142,   152,   154,   155,   156,   157,   160,   166,   173,
+     179,   186,   192,   198,   204,   210,   216,   222,   230,   239,
+     245,   254,   255,   261,   263,   264,   265,   266,   269,   275,
+     281,   287,   293,   299,   301,   306,   315,   324,   325,   331,
+     333,   334,   335,   340,   347,   353,   362,   363,   369,   371,
+     372,   373,   374,   377,   383,   390,   397,   404,   410,   417,
+     418,   419,   422,   427,   432,   440,   442,   447,   448,   451,
+     452,   453,   457,   457,   459,   460,   463,   464,   465,   466,
+     467,   468,   469,   472,   473
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE
+/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "T_MAINMENU", "T_MENU", "T_ENDMENU",
+  "T_SOURCE", "T_CHOICE", "T_ENDCHOICE", "T_COMMENT", "T_CONFIG",
+  "T_MENUCONFIG", "T_HELP", "T_HELPTEXT", "T_IF", "T_ENDIF", "T_DEPENDS",
+  "T_REQUIRES", "T_OPTIONAL", "T_PROMPT", "T_DEFAULT", "T_TRISTATE",
+  "T_DEF_TRISTATE", "T_BOOLEAN", "T_DEF_BOOLEAN", "T_STRING", "T_INT",
+  "T_HEX", "T_WORD", "T_WORD_QUOTE", "T_UNEQUAL", "T_EOF", "T_EOL",
+  "T_CLOSE_PAREN", "T_OPEN_PAREN", "T_ON", "T_SELECT", "T_RANGE", "T_OR",
+  "T_AND", "T_EQUAL", "T_NOT", "$accept", "input", "block",
+  "common_block", "config_entry_start", "config_stmt",
+  "menuconfig_entry_start", "menuconfig_stmt", "config_option_list",
+  "config_option", "choice", "choice_entry", "choice_end", "choice_stmt",
+  "choice_option_list", "choice_option", "choice_block", "if", "if_end",
+  "if_stmt", "if_block", "menu", "menu_entry", "menu_end", "menu_stmt",
+  "menu_block", "source", "source_stmt", "comment", "comment_stmt",
+  "help_start", "help", "depends_list", "depends", "prompt_stmt_opt",
+  "prompt", "end", "nl_or_eof", "if_expr", "expr", "symbol", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+   token YYLEX-NUM.  */
+static const unsigned short yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+     295,   296
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const unsigned char yyr1[] =
+{
+       0,    42,    43,    43,    44,    44,    44,    44,    44,    44,
+      44,    44,    45,    45,    45,    45,    45,    45,    46,    47,
+      48,    49,    50,    50,    50,    50,    50,    51,    51,    51,
+      51,    51,    51,    51,    51,    51,    51,    51,    52,    53,
+      54,    55,    55,    56,    56,    56,    56,    56,    57,    57,
+      57,    57,    57,    58,    58,    59,    60,    61,    61,    62,
+      62,    62,    62,    63,    64,    65,    66,    66,    67,    67,
+      67,    67,    67,    68,    69,    70,    71,    72,    73,    74,
+      74,    74,    75,    75,    75,    76,    76,    77,    77,    78,
+      78,    78,    79,    79,    80,    80,    81,    81,    81,    81,
+      81,    81,    81,    82,    82
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+static const unsigned char yyr2[] =
+{
+       0,     2,     0,     2,     1,     1,     1,     3,     1,     1,
+       1,     2,     1,     1,     1,     1,     1,     1,     3,     2,
+       3,     2,     0,     2,     2,     2,     2,     3,     4,     3,
+       4,     3,     3,     3,     4,     4,     4,     5,     2,     2,
+       1,     3,     2,     0,     2,     2,     2,     2,     4,     3,
+       3,     2,     4,     0,     2,     3,     1,     3,     2,     0,
+       2,     2,     2,     3,     2,     1,     3,     2,     0,     2,
+       2,     2,     3,     3,     1,     3,     2,     2,     2,     0,
+       2,     2,     4,     3,     3,     0,     2,     1,     1,     2,
+       2,     2,     1,     1,     0,     2,     1,     3,     3,     3,
+       2,     3,     3,     1,     1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
+   means the default is an error.  */
+static const unsigned char yydefact[] =
+{
+       2,     0,     1,     0,     0,     0,     8,     0,     0,    10,
+       0,     0,     0,     0,     9,    93,    92,     3,     4,    22,
+      14,    22,    15,    43,    53,     5,    59,    12,    79,    68,
+       6,    74,    16,    79,    13,    17,    11,    87,    88,     0,
+       0,     0,    38,     0,     0,     0,   103,   104,     0,     0,
+       0,    96,    19,    21,    39,    42,    58,    64,     0,    76,
+       7,    63,    73,    75,    18,    20,     0,   100,    55,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,    85,     0,
+      85,     0,    85,    85,    85,    26,     0,     0,    23,     0,
+      25,    24,     0,     0,     0,    85,    85,    47,    44,    46,
+      45,     0,     0,     0,    54,    41,    40,    60,    62,    57,
+      61,    56,    81,    80,     0,    69,    71,    66,    70,    65,
+      99,   101,   102,    98,    97,    77,     0,     0,     0,    94,
+      94,     0,    94,    94,     0,    94,     0,     0,     0,    94,
+       0,    78,    51,    94,    94,     0,     0,    89,    90,    91,
+      72,     0,    83,    84,     0,     0,     0,    27,    86,     0,
+      29,     0,    33,    31,    32,     0,    94,     0,     0,    49,
+      50,    82,    95,    34,    35,    28,    30,    36,     0,    48,
+      52,    37
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const short yydefgoto[] =
+{
+      -1,     1,    17,    18,    19,    20,    21,    22,    52,    88,
+      23,    24,   105,    25,    54,    98,    55,    26,   109,    27,
+      56,    28,    29,   117,    30,    58,    31,    32,    33,    34,
+      89,    90,    57,    91,   131,   132,   106,    35,   155,    50,
+      51
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
+#define YYPACT_NINF -99
+static const short yypact[] =
+{
+     -99,    48,   -99,    38,    46,    46,   -99,    46,   -29,   -99,
+      46,   -17,    -3,   -11,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,    38,
+      12,    15,   -99,    18,    51,    62,   -99,   -99,   -11,   -11,
+       4,   -24,   138,   138,   160,   121,   110,    -4,    81,    -4,
+     -99,   -99,   -99,   -99,   -99,   -99,   -19,   -99,   -99,   -11,
+     -11,    70,    70,    73,    32,   -11,    46,   -11,    46,   -11,
+      46,   -11,    46,    46,    46,   -99,    36,    70,   -99,    95,
+     -99,   -99,    96,    46,   106,    46,    46,   -99,   -99,   -99,
+     -99,    38,    38,    38,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   112,   -99,   -99,   -99,   -99,   -99,
+     -99,   117,   -99,   -99,   -99,   -99,   -11,    33,    65,   131,
+       1,   119,   131,     1,   136,     1,   153,   154,   155,   131,
+      70,   -99,   -99,   131,   131,   156,   157,   -99,   -99,   -99,
+     -99,   101,   -99,   -99,   -11,   158,   159,   -99,   -99,   161,
+     -99,   162,   -99,   -99,   -99,   163,   131,   164,   165,   -99,
+     -99,   -99,    99,   -99,   -99,   -99,   -99,   -99,   166,   -99,
+     -99,   -99
+};
+
+/* YYPGOTO[NTERM-NUM].  */
+static const short yypgoto[] =
+{
+     -99,   -99,   -99,   111,   -99,   -99,   -99,   -99,   178,   -99,
+     -99,   -99,   -99,    91,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   115,   -99,   -99,   -99,   -99,   -99,
+     -99,   146,   168,    89,    27,     0,   126,    -1,   -98,   -48,
+     -63
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule which
+   number is the opposite.  If zero, do what YYDEFACT says.
+   If YYTABLE_NINF, syntax error.  */
+#define YYTABLE_NINF -68
+static const short yytable[] =
+{
+      66,    67,    36,    42,    39,    40,    71,    41,   123,   124,
+      43,    44,    74,    75,   120,   154,    72,    46,    47,    69,
+      70,   121,   122,    48,   140,    45,   127,   128,   112,   130,
+      49,   133,   156,   135,   158,   159,    68,   161,    60,    69,
+      70,   165,    69,    70,    61,   167,   168,    62,     2,     3,
+      63,     4,     5,     6,     7,     8,     9,    10,    11,    12,
+      46,    47,    13,    14,   139,   152,    48,   126,   178,    15,
+      16,    69,    70,    49,    37,    38,   129,   166,   151,    15,
+      16,   -67,   114,    64,   -67,     5,   101,     7,     8,   102,
+      10,    11,    12,   143,    65,    13,   103,   153,    46,    47,
+     147,   148,   149,    69,    70,   125,   172,   134,   141,   136,
+     137,   138,    15,    16,     5,   101,     7,     8,   102,    10,
+      11,    12,   145,   146,    13,   103,   101,     7,   142,   102,
+      10,    11,    12,   171,   144,    13,   103,    69,    70,    69,
+      70,    15,    16,   100,   150,   154,   113,   108,   113,   116,
+      73,   157,    15,    16,    74,    75,    70,    76,    77,    78,
+      79,    80,    81,    82,    83,    84,   104,   107,   160,   115,
+      85,   110,    73,   118,    86,    87,    74,    75,    92,    93,
+      94,    95,   111,    96,   119,   162,   163,   164,   169,   170,
+     173,   174,    97,   175,   176,   177,   179,   180,   181,    53,
+      99,    59
+};
+
+static const unsigned char yycheck[] =
+{
+      48,    49,     3,    32,     4,     5,    30,     7,    71,    72,
+      10,    28,    16,    17,    33,    14,    40,    28,    29,    38,
+      39,    69,    70,    34,    87,    28,    74,    75,    32,    77,
+      41,    79,   130,    81,   132,   133,    32,   135,    39,    38,
+      39,   139,    38,    39,    32,   143,   144,    32,     0,     1,
+      32,     3,     4,     5,     6,     7,     8,     9,    10,    11,
+      28,    29,    14,    15,    28,    32,    34,    35,   166,    31,
+      32,    38,    39,    41,    28,    29,    76,   140,   126,    31,
+      32,     0,     1,    32,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    93,    32,    14,    15,    32,    28,    29,
+     101,   102,   103,    38,    39,    32,   154,    80,    13,    82,
+      83,    84,    31,    32,     4,     5,     6,     7,     8,     9,
+      10,    11,    95,    96,    14,    15,     5,     6,    32,     8,
+       9,    10,    11,    32,    28,    14,    15,    38,    39,    38,
+      39,    31,    32,    54,    32,    14,    57,    56,    59,    58,
+      12,    32,    31,    32,    16,    17,    39,    19,    20,    21,
+      22,    23,    24,    25,    26,    27,    55,    56,    32,    58,
+      32,    56,    12,    58,    36,    37,    16,    17,    18,    19,
+      20,    21,    56,    23,    58,    32,    32,    32,    32,    32,
+      32,    32,    32,    32,    32,    32,    32,    32,    32,    21,
+      54,    33
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+   symbol of state STATE-NUM.  */
+static const unsigned char yystos[] =
+{
+       0,    43,     0,     1,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    14,    15,    31,    32,    44,    45,    46,
+      47,    48,    49,    52,    53,    55,    59,    61,    63,    64,
+      66,    68,    69,    70,    71,    79,    79,    28,    29,    77,
+      77,    77,    32,    77,    28,    28,    28,    29,    34,    41,
+      81,    82,    50,    50,    56,    58,    62,    74,    67,    74,
+      79,    32,    32,    32,    32,    32,    81,    81,    32,    38,
+      39,    30,    40,    12,    16,    17,    19,    20,    21,    22,
+      23,    24,    25,    26,    27,    32,    36,    37,    51,    72,
+      73,    75,    18,    19,    20,    21,    23,    32,    57,    73,
+      75,     5,     8,    15,    45,    54,    78,    45,    55,    60,
+      66,    78,    32,    75,     1,    45,    55,    65,    66,    78,
+      33,    81,    81,    82,    82,    32,    35,    81,    81,    77,
+      81,    76,    77,    81,    76,    81,    76,    76,    76,    28,
+      82,    13,    32,    77,    28,    76,    76,    79,    79,    79,
+      32,    81,    32,    32,    14,    80,    80,    32,    80,    80,
+      32,    80,    32,    32,    32,    80,    82,    80,    80,    32,
+      32,    32,    81,    32,    32,    32,    32,    32,    80,    32,
+      32,    32
+};
+
+#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
+# define YYSIZE_T __SIZE_TYPE__
+#endif
+#if ! defined (YYSIZE_T) && defined (size_t)
+# define YYSIZE_T size_t
+#endif
+#if ! defined (YYSIZE_T)
+# if defined (__STDC__) || defined (__cplusplus)
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# endif
+#endif
+#if ! defined (YYSIZE_T)
+# define YYSIZE_T unsigned int
+#endif
+
+#define yyerrok		(yyerrstatus = 0)
+#define yyclearin	(yychar = YYEMPTY)
+#define YYEMPTY		(-2)
+#define YYEOF		0
+
+#define YYACCEPT	goto yyacceptlab
+#define YYABORT		goto yyabortlab
+#define YYERROR		goto yyerrlab1
+
+
+/* Like YYERROR except do call yyerror.  This remains here temporarily
+   to ease the transition to the new meaning of YYERROR, for GCC.
+   Once GCC version 2 has supplanted version 1, this can go.  */
+
+#define YYFAIL		goto yyerrlab
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)					\
+do								\
+  if (yychar == YYEMPTY && yylen == 1)				\
+    {								\
+      yychar = (Token);						\
+      yylval = (Value);						\
+      yytoken = YYTRANSLATE (yychar);				\
+      YYPOPSTACK;						\
+      goto yybackup;						\
+    }								\
+  else								\
+    { 								\
+      yyerror ("syntax error: cannot back up");\
+      YYERROR;							\
+    }								\
+while (0)
+
+#define YYTERROR	1
+#define YYERRCODE	256
+
+/* YYLLOC_DEFAULT -- Compute the default location (before the actions
+   are run).  */
+
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N)         \
+  Current.first_line   = Rhs[1].first_line;      \
+  Current.first_column = Rhs[1].first_column;    \
+  Current.last_line    = Rhs[N].last_line;       \
+  Current.last_column  = Rhs[N].last_column;
+#endif
+
+/* YYLEX -- calling `yylex' with the right arguments.  */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)			\
+do {						\
+  if (yydebug)					\
+    YYFPRINTF Args;				\
+} while (0)
+
+# define YYDSYMPRINT(Args)			\
+do {						\
+  if (yydebug)					\
+    yysymprint Args;				\
+} while (0)
+
+# define YYDSYMPRINTF(Title, Token, Value, Location)		\
+do {								\
+  if (yydebug)							\
+    {								\
+      YYFPRINTF (stderr, "%s ", Title);				\
+      yysymprint (stderr, 					\
+                  Token, Value);	\
+      YYFPRINTF (stderr, "\n");					\
+    }								\
+} while (0)
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (cinluded).                                                   |
+`------------------------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_stack_print (short *bottom, short *top)
+#else
+static void
+yy_stack_print (bottom, top)
+    short *bottom;
+    short *top;
+#endif
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (/* Nothing. */; bottom <= top; ++bottom)
+    YYFPRINTF (stderr, " %d", *bottom);
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)				\
+do {								\
+  if (yydebug)							\
+    yy_stack_print ((Bottom), (Top));				\
+} while (0)
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_reduce_print (int yyrule)
+#else
+static void
+yy_reduce_print (yyrule)
+    int yyrule;
+#endif
+{
+  int yyi;
+  unsigned int yylineno = yyrline[yyrule];
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
+             yyrule - 1, yylineno);
+  /* Print the symbols being reduced, and their result.  */
+  for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
+    YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
+  YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
+}
+
+# define YY_REDUCE_PRINT(Rule)		\
+do {					\
+  if (yydebug)				\
+    yy_reduce_print (Rule);		\
+} while (0)
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YYDSYMPRINT(Args)
+# define YYDSYMPRINTF(Title, Token, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef	YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#if YYMAXDEPTH == 0
+# undef YYMAXDEPTH
+#endif
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined (__GLIBC__) && defined (_STRING_H)
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+static YYSIZE_T
+#   if defined (__STDC__) || defined (__cplusplus)
+yystrlen (const char *yystr)
+#   else
+yystrlen (yystr)
+     const char *yystr;
+#   endif
+{
+  register const char *yys = yystr;
+
+  while (*yys++ != '\0')
+    continue;
+
+  return yys - yystr - 1;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+static char *
+#   if defined (__STDC__) || defined (__cplusplus)
+yystpcpy (char *yydest, const char *yysrc)
+#   else
+yystpcpy (yydest, yysrc)
+     char *yydest;
+     const char *yysrc;
+#   endif
+{
+  register char *yyd = yydest;
+  register const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+#endif /* !YYERROR_VERBOSE */
+
+
+
+#if YYDEBUG
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yysymprint (yyoutput, yytype, yyvaluep)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  if (yytype < YYNTOKENS)
+    {
+      YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+# ifdef YYPRINT
+      YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# endif
+    }
+  else
+    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+  switch (yytype)
+    {
+      default:
+        break;
+    }
+  YYFPRINTF (yyoutput, ")");
+}
+
+#endif /* ! YYDEBUG */
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yydestruct (int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yytype, yyvaluep)
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  switch (yytype)
+    {
+
+      default:
+        break;
+    }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes.  */
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM);
+# else
+int yyparse ();
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The lookahead symbol.  */
+int yychar;
+
+/* The semantic value of the lookahead symbol.  */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far.  */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM)
+# else
+int yyparse (YYPARSE_PARAM)
+  void *YYPARSE_PARAM;
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+  register int yystate;
+  register int yyn;
+  int yyresult;
+  /* Number of tokens to shift before error messages enabled.  */
+  int yyerrstatus;
+  /* Lookahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+
+  /* Three stacks and their tools:
+     `yyss': related to states,
+     `yyvs': related to semantic values,
+     `yyls': related to locations.
+
+     Refer to the stacks thru separate pointers, to allow yyoverflow
+     to reallocate them elsewhere.  */
+
+  /* The state stack.  */
+  short	yyssa[YYINITDEPTH];
+  short *yyss = yyssa;
+  register short *yyssp;
+
+  /* The semantic value stack.  */
+  YYSTYPE yyvsa[YYINITDEPTH];
+  YYSTYPE *yyvs = yyvsa;
+  register YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK   (yyvsp--, yyssp--)
+
+  YYSIZE_T yystacksize = YYINITDEPTH;
+
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+
+
+  /* When reducing, the number of symbols on the RHS of the reduced
+     rule.  */
+  int yylen;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY;		/* Cause a token to be read.  */
+
+  /* Initialize stack pointers.
+     Waste one element of value and location stack
+     so that they stay on the same level as the state stack.
+     The wasted elements are never initialized.  */
+
+  yyssp = yyss;
+  yyvsp = yyvs;
+
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed. so pushing a state here evens the stacks.
+     */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+	/* Give user a chance to reallocate the stack. Use copies of
+	   these so that the &'s don't force the real ones into
+	   memory.  */
+	YYSTYPE *yyvs1 = yyvs;
+	short *yyss1 = yyss;
+
+
+	/* Each stack pointer address is followed by the size of the
+	   data in use in that stack, in bytes.  This used to be a
+	   conditional around just the two extra args, but that might
+	   be undefined if yyoverflow is a macro.  */
+	yyoverflow ("parser stack overflow",
+		    &yyss1, yysize * sizeof (*yyssp),
+		    &yyvs1, yysize * sizeof (*yyvsp),
+
+		    &yystacksize);
+
+	yyss = yyss1;
+	yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyoverflowlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+	goto yyoverflowlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+	yystacksize = YYMAXDEPTH;
+
+      {
+	short *yyss1 = yyss;
+	union yyalloc *yyptr =
+	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+	if (! yyptr)
+	  goto yyoverflowlab;
+	YYSTACK_RELOCATE (yyss);
+	YYSTACK_RELOCATE (yyvs);
+
+#  undef YYSTACK_RELOCATE
+	if (yyss1 != yyssa)
+	  YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+		  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+	YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+/* Do appropriate processing given the current state.  */
+/* Read a lookahead token if we need one and don't already have one.  */
+/* yyresume: */
+
+  /* First try to decide what to do without reference to lookahead token.  */
+
+  yyn = yypact[yystate];
+  if (yyn == YYPACT_NINF)
+    goto yydefault;
+
+  /* Not known => get a lookahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = YYLEX;
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yyn == 0 || yyn == YYTABLE_NINF)
+	goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  /* Shift the lookahead token.  */
+  YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
+
+  /* Discard the token being shifted unless it is eof.  */
+  if (yychar != YYEOF)
+    yychar = YYEMPTY;
+
+  *++yyvsp = yylval;
+
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     `$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 8:
+
+    { zconfprint("unexpected 'endmenu' statement"); ;}
+    break;
+
+  case 9:
+
+    { zconfprint("unexpected 'endif' statement"); ;}
+    break;
+
+  case 10:
+
+    { zconfprint("unexpected 'endchoice' statement"); ;}
+    break;
+
+  case 11:
+
+    { zconfprint("syntax error"); yyerrok; ;}
+    break;
+
+  case 18:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 19:
+
+    {
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 20:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 21:
+
+    {
+	if (current_entry->prompt)
+		current_entry->prompt->type = P_MENU;
+	else
+		zconfprint("warning: menuconfig statement without prompt");
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 27:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 28:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 29:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 30:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 31:
+
+    {
+	menu_set_type(S_INT);
+	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 32:
+
+    {
+	menu_set_type(S_HEX);
+	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 33:
+
+    {
+	menu_set_type(S_STRING);
+	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 34:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 35:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 36:
+
+    {
+	menu_add_symbol(P_SELECT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 37:
+
+    {
+	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,yyvsp[-3].symbol, yyvsp[-2].symbol), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 38:
+
+    {
+	struct symbol *sym = sym_lookup(NULL, 0);
+	sym->flags |= SYMBOL_CHOICE;
+	menu_add_entry(sym);
+	menu_add_expr(P_CHOICE, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 39:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 40:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_CHOICE, T_ENDCHOICE)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 42:
+
+    {
+	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 48:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 49:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 50:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 51:
+
+    {
+	current_entry->sym->flags |= SYMBOL_OPTIONAL;
+	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 52:
+
+    {
+	menu_add_symbol(P_DEFAULT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 55:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+	menu_add_entry(NULL);
+	menu_add_dep(yyvsp[-1].expr);
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 56:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_IF, T_ENDIF)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 58:
+
+    {
+	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 63:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_MENU, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 64:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 65:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_MENU, T_ENDMENU)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 67:
+
+    {
+	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 72:
+
+    { zconfprint("invalid menu option"); yyerrok; ;}
+    break;
+
+  case 73:
+
+    {
+	yyval.string = yyvsp[-1].string;
+	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 74:
+
+    {
+	zconf_nextfile(yyvsp[0].string);
+;}
+    break;
+
+  case 75:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_COMMENT, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 76:
+
+    {
+	menu_end_entry();
+;}
+    break;
+
+  case 77:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
+	zconf_starthelp();
+;}
+    break;
+
+  case 78:
+
+    {
+	current_entry->sym->help = yyvsp[0].string;
+;}
+    break;
+
+  case 82:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 83:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 84:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 86:
+
+    {
+	menu_add_prop(P_PROMPT, yyvsp[-1].string, NULL, yyvsp[0].expr);
+;}
+    break;
+
+  case 89:
+
+    { yyval.token = T_ENDMENU; ;}
+    break;
+
+  case 90:
+
+    { yyval.token = T_ENDCHOICE; ;}
+    break;
+
+  case 91:
+
+    { yyval.token = T_ENDIF; ;}
+    break;
+
+  case 94:
+
+    { yyval.expr = NULL; ;}
+    break;
+
+  case 95:
+
+    { yyval.expr = yyvsp[0].expr; ;}
+    break;
+
+  case 96:
+
+    { yyval.expr = expr_alloc_symbol(yyvsp[0].symbol); ;}
+    break;
+
+  case 97:
+
+    { yyval.expr = expr_alloc_comp(E_EQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 98:
+
+    { yyval.expr = expr_alloc_comp(E_UNEQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 99:
+
+    { yyval.expr = yyvsp[-1].expr; ;}
+    break;
+
+  case 100:
+
+    { yyval.expr = expr_alloc_one(E_NOT, yyvsp[0].expr); ;}
+    break;
+
+  case 101:
+
+    { yyval.expr = expr_alloc_two(E_OR, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 102:
+
+    { yyval.expr = expr_alloc_two(E_AND, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 103:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 0); free(yyvsp[0].string); ;}
+    break;
+
+  case 104:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 1); free(yyvsp[0].string); ;}
+    break;
+
+
+    }
+
+/* Line 999 of yacc.c.  */
+
+
+  yyvsp -= yylen;
+  yyssp -= yylen;
+
+
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+
+
+  /* Now `shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if YYERROR_VERBOSE
+      yyn = yypact[yystate];
+
+      if (YYPACT_NINF < yyn && yyn < YYLAST)
+	{
+	  YYSIZE_T yysize = 0;
+	  int yytype = YYTRANSLATE (yychar);
+	  char *yymsg;
+	  int yyx, yycount;
+
+	  yycount = 0;
+	  /* Start YYX at -YYN if negative to avoid negative indexes in
+	     YYCHECK.  */
+	  for (yyx = yyn < 0 ? -yyn : 0;
+	       yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
+	    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+	      yysize += yystrlen (yytname[yyx]) + 15, yycount++;
+	  yysize += yystrlen ("syntax error, unexpected ") + 1;
+	  yysize += yystrlen (yytname[yytype]);
+	  yymsg = (char *) YYSTACK_ALLOC (yysize);
+	  if (yymsg != 0)
+	    {
+	      char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
+	      yyp = yystpcpy (yyp, yytname[yytype]);
+
+	      if (yycount < 5)
+		{
+		  yycount = 0;
+		  for (yyx = yyn < 0 ? -yyn : 0;
+		       yyx < (int) (sizeof (yytname) / sizeof (char *));
+		       yyx++)
+		    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+		      {
+			const char *yyq = ! yycount ? ", expecting " : " or ";
+			yyp = yystpcpy (yyp, yyq);
+			yyp = yystpcpy (yyp, yytname[yyx]);
+			yycount++;
+		      }
+		}
+	      yyerror (yymsg);
+	      YYSTACK_FREE (yymsg);
+	    }
+	  else
+	    yyerror ("syntax error; also virtual memory exhausted");
+	}
+      else
+#endif /* YYERROR_VERBOSE */
+	yyerror ("syntax error");
+    }
+
+
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse lookahead token after an
+	 error, discard it.  */
+
+      /* Return failure if at end of input.  */
+      if (yychar == YYEOF)
+        {
+	  /* Pop the error token.  */
+          YYPOPSTACK;
+	  /* Pop the rest of the stack.  */
+	  while (yyss < yyssp)
+	    {
+	      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+	      yydestruct (yystos[*yyssp], yyvsp);
+	      YYPOPSTACK;
+	    }
+	  YYABORT;
+        }
+
+      YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
+      yydestruct (yytoken, &yylval);
+      yychar = YYEMPTY;
+
+    }
+
+  /* Else will try to reuse lookahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*----------------------------------------------------.
+| yyerrlab1 -- error raised explicitly by an action.  |
+`----------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (yyn != YYPACT_NINF)
+	{
+	  yyn += YYTERROR;
+	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+	    {
+	      yyn = yytable[yyn];
+	      if (0 < yyn)
+		break;
+	    }
+	}
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+	YYABORT;
+
+      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+      yydestruct (yystos[yystate], yyvsp);
+      yyvsp--;
+      yystate = *--yyssp;
+
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  YYDPRINTF ((stderr, "Shifting error token, "));
+
+  *++yyvsp = yylval;
+
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#ifndef yyoverflow
+/*----------------------------------------------.
+| yyoverflowlab -- parser overflow comes here.  |
+`----------------------------------------------*/
+yyoverflowlab:
+  yyerror ("parser stack overflow");
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+  return yyresult;
+}
+
+
+
+
+
+void conf_parse(const char *name)
+{
+	struct symbol *sym;
+	int i;
+
+	zconf_initscan(name);
+
+	sym_init();
+	menu_init();
+	modules_sym = sym_lookup("MODULES", 0);
+	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
+
+	//zconfdebug = 1;
+	zconfparse();
+	if (zconfnerrs)
+		exit(1);
+	menu_finalize(&rootmenu);
+	for_all_symbols(i, sym) {
+                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
+                        printf("\n");
+		else
+			sym->flags |= SYMBOL_CHECK_DONE;
+        }
+
+	sym_change_count = 1;
+}
+
+const char *zconf_tokenname(int token)
+{
+	switch (token) {
+	case T_MENU:		return "menu";
+	case T_ENDMENU:		return "endmenu";
+	case T_CHOICE:		return "choice";
+	case T_ENDCHOICE:	return "endchoice";
+	case T_IF:		return "if";
+	case T_ENDIF:		return "endif";
+	}
+	return "<token>";
+}
+
+static bool zconf_endtoken(int token, int starttoken, int endtoken)
+{
+	if (token != endtoken) {
+		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	if (current_menu->file != current_file) {
+		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	return true;
+}
+
+static void zconfprint(const char *err, ...)
+{
+	va_list ap;
+
+	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
+	va_start(ap, err);
+	vfprintf(stderr, err, ap);
+	va_end(ap);
+	fprintf(stderr, "\n");
+}
+
+static void zconferror(const char *err)
+{
+	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
+}
+
+void print_quoted_string(FILE *out, const char *str)
+{
+	const char *p;
+	int len;
+
+	putc('"', out);
+	while ((p = strchr(str, '"'))) {
+		len = p - str;
+		if (len)
+			fprintf(out, "%.*s", len, str);
+		fputs("\\\"", out);
+		str = p + 1;
+	}
+	fputs(str, out);
+	putc('"', out);
+}
+
+void print_symbol(FILE *out, struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	struct property *prop;
+
+	if (sym_is_choice(sym))
+		fprintf(out, "choice\n");
+	else
+		fprintf(out, "config %s\n", sym->name);
+	switch (sym->type) {
+	case S_BOOLEAN:
+		fputs("  boolean\n", out);
+		break;
+	case S_TRISTATE:
+		fputs("  tristate\n", out);
+		break;
+	case S_STRING:
+		fputs("  string\n", out);
+		break;
+	case S_INT:
+		fputs("  integer\n", out);
+		break;
+	case S_HEX:
+		fputs("  hex\n", out);
+		break;
+	default:
+		fputs("  ???\n", out);
+		break;
+	}
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu != menu)
+			continue;
+		switch (prop->type) {
+		case P_PROMPT:
+			fputs("  prompt ", out);
+			print_quoted_string(out, prop->text);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_DEFAULT:
+			fputs( "  default ", out);
+			expr_fprint(prop->expr, out);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_CHOICE:
+			fputs("  #choice value\n", out);
+			break;
+		default:
+			fprintf(out, "  unknown prop %d!\n", prop->type);
+			break;
+		}
+	}
+	if (sym->help) {
+		int len = strlen(sym->help);
+		while (sym->help[--len] == '\n')
+			sym->help[len] = 0;
+		fprintf(out, "  help\n%s\n", sym->help);
+	}
+	fputc('\n', out);
+}
+
+void zconfdump(FILE *out)
+{
+	struct property *prop;
+	struct symbol *sym;
+	struct menu *menu;
+
+	menu = rootmenu.list;
+	while (menu) {
+		if ((sym = menu->sym))
+			print_symbol(out, menu);
+		else if ((prop = menu->prompt)) {
+			switch (prop->type) {
+			case P_COMMENT:
+				fputs("\ncomment ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			case P_MENU:
+				fputs("\nmenu ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			default:
+				;
+			}
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs("  depends ", out);
+				expr_fprint(prop->visible.expr, out);
+				fputc('\n', out);
+			}
+			fputs("\n", out);
+		}
+
+		if (menu->list)
+			menu = menu->list;
+		else if (menu->next)
+			menu = menu->next;
+		else while ((menu = menu->parent)) {
+			if (menu->prompt && menu->prompt->type == P_MENU)
+				fputs("\nendmenu\n", out);
+			if (menu->next) {
+				menu = menu->next;
+				break;
+			}
+		}
+	}
+}
+
+#include "lex.zconf.c"
+#include "util.c"
+#include "confdata.c"
+#include "expr.c"
+#include "symbol.c"
+#include "menu.c"
+
+
diff --git a/config/scripts/config/zconf.tab.c_shipped b/config/scripts/config/zconf.tab.c_shipped
new file mode 100644
index 0000000000..cc68dcb9a3
--- /dev/null
+++ b/config/scripts/config/zconf.tab.c_shipped
@@ -0,0 +1,2130 @@
+/* A Bison parser, made by GNU Bison 1.875a.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+/* Written by Richard Stallman by simplifying the original so called
+   ``semantic'' parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 0
+
+/* Using locations.  */
+#define YYLSP_NEEDED 0
+
+/* If NAME_PREFIX is specified substitute the variables and functions
+   names.  */
+#define yyparse zconfparse
+#define yylex   zconflex
+#define yyerror zconferror
+#define yylval  zconflval
+#define yychar  zconfchar
+#define yydebug zconfdebug
+#define yynerrs zconfnerrs
+
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_MENUCONFIG = 266,
+     T_HELP = 267,
+     T_HELPTEXT = 268,
+     T_IF = 269,
+     T_ENDIF = 270,
+     T_DEPENDS = 271,
+     T_REQUIRES = 272,
+     T_OPTIONAL = 273,
+     T_PROMPT = 274,
+     T_DEFAULT = 275,
+     T_TRISTATE = 276,
+     T_DEF_TRISTATE = 277,
+     T_BOOLEAN = 278,
+     T_DEF_BOOLEAN = 279,
+     T_STRING = 280,
+     T_INT = 281,
+     T_HEX = 282,
+     T_WORD = 283,
+     T_WORD_QUOTE = 284,
+     T_UNEQUAL = 285,
+     T_EOF = 286,
+     T_EOL = 287,
+     T_CLOSE_PAREN = 288,
+     T_OPEN_PAREN = 289,
+     T_ON = 290,
+     T_SELECT = 291,
+     T_RANGE = 292,
+     T_OR = 293,
+     T_AND = 294,
+     T_EQUAL = 295,
+     T_NOT = 296
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_MENUCONFIG 266
+#define T_HELP 267
+#define T_HELPTEXT 268
+#define T_IF 269
+#define T_ENDIF 270
+#define T_DEPENDS 271
+#define T_REQUIRES 272
+#define T_OPTIONAL 273
+#define T_PROMPT 274
+#define T_DEFAULT 275
+#define T_TRISTATE 276
+#define T_DEF_TRISTATE 277
+#define T_BOOLEAN 278
+#define T_DEF_BOOLEAN 279
+#define T_STRING 280
+#define T_INT 281
+#define T_HEX 282
+#define T_WORD 283
+#define T_WORD_QUOTE 284
+#define T_UNEQUAL 285
+#define T_EOF 286
+#define T_EOL 287
+#define T_CLOSE_PAREN 288
+#define T_OPEN_PAREN 289
+#define T_ON 290
+#define T_SELECT 291
+#define T_RANGE 292
+#define T_OR 293
+#define T_AND 294
+#define T_EQUAL 295
+#define T_NOT 296
+
+
+
+
+/* Copy the first part of user declarations.  */
+
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
+
+#define PRINTD		0x0001
+#define DEBUG_PARSE	0x0002
+
+int cdebug = PRINTD;
+
+extern int zconflex(void);
+static void zconfprint(const char *err, ...);
+static void zconferror(const char *err);
+static bool zconf_endtoken(int token, int starttoken, int endtoken);
+
+struct symbol *symbol_hash[257];
+
+static struct menu *current_menu, *current_entry;
+
+#define YYERROR_VERBOSE
+
+
+/* Enabling traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
+
+typedef union YYSTYPE {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} YYSTYPE;
+/* Line 191 of yacc.c.  */
+
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations.  */
+
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+
+/* Line 214 of yacc.c.  */
+
+
+#if ! defined (yyoverflow) || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# if YYSTACK_USE_ALLOCA
+#  define YYSTACK_ALLOC alloca
+# else
+#  ifndef YYSTACK_USE_ALLOCA
+#   if defined (alloca) || (defined (_ALLOCA_H) && defined (__GNUC__))
+#    define YYSTACK_ALLOC alloca
+#   else
+#    ifdef __GNUC__
+#     define YYSTACK_ALLOC __builtin_alloca
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's `empty if-body' warning. */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+# else
+#  if defined (__STDC__) || defined (__cplusplus)
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   define YYSIZE_T size_t
+#  endif
+#  define YYSTACK_ALLOC malloc
+#  define YYSTACK_FREE free
+# endif
+#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
+
+
+#if (! defined (yyoverflow) \
+     && (! defined (__cplusplus) \
+	 || (YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  short yyss;
+  YYSTYPE yyvs;
+  };
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (short) + sizeof (YYSTYPE))				\
+      + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if 1 < __GNUC__
+#   define YYCOPY(To, From, Count) \
+      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+#  else
+#   define YYCOPY(To, From, Count)		\
+      do					\
+	{					\
+	  register YYSIZE_T yyi;		\
+	  for (yyi = 0; yyi < (Count); yyi++)	\
+	    (To)[yyi] = (From)[yyi];		\
+	}					\
+      while (0)
+#  endif
+# endif
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack)					\
+    do									\
+      {									\
+	YYSIZE_T yynewbytes;						\
+	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+	Stack = &yyptr->Stack;						\
+	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+	yyptr += yynewbytes / sizeof (*yyptr);				\
+      }									\
+    while (0)
+
+#endif
+
+#if defined (__STDC__) || defined (__cplusplus)
+   typedef signed char yysigned_char;
+#else
+   typedef short yysigned_char;
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL  2
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   201
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS  42
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS  41
+/* YYNRULES -- Number of rules. */
+#define YYNRULES  104
+/* YYNRULES -- Number of states. */
+#define YYNSTATES  182
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   296
+
+#define YYTRANSLATE(YYX) 						\
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+static const unsigned char yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
+      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
+      35,    36,    37,    38,    39,    40,    41
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+   YYRHS.  */
+static const unsigned short yyprhs[] =
+{
+       0,     0,     3,     4,     7,     9,    11,    13,    17,    19,
+      21,    23,    26,    28,    30,    32,    34,    36,    38,    42,
+      45,    49,    52,    53,    56,    59,    62,    65,    69,    74,
+      78,    83,    87,    91,    95,   100,   105,   110,   116,   119,
+     122,   124,   128,   131,   132,   135,   138,   141,   144,   149,
+     153,   157,   160,   165,   166,   169,   173,   175,   179,   182,
+     183,   186,   189,   192,   196,   199,   201,   205,   208,   209,
+     212,   215,   218,   222,   226,   228,   232,   235,   238,   241,
+     242,   245,   248,   253,   257,   261,   262,   265,   267,   269,
+     272,   275,   278,   280,   282,   283,   286,   288,   292,   296,
+     300,   303,   307,   311,   313
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yysigned_char yyrhs[] =
+{
+      43,     0,    -1,    -1,    43,    44,    -1,    45,    -1,    55,
+      -1,    66,    -1,     3,    77,    79,    -1,     5,    -1,    15,
+      -1,     8,    -1,     1,    79,    -1,    61,    -1,    71,    -1,
+      47,    -1,    49,    -1,    69,    -1,    79,    -1,    10,    28,
+      32,    -1,    46,    50,    -1,    11,    28,    32,    -1,    48,
+      50,    -1,    -1,    50,    51,    -1,    50,    75,    -1,    50,
+      73,    -1,    50,    32,    -1,    21,    76,    32,    -1,    22,
+      81,    80,    32,    -1,    23,    76,    32,    -1,    24,    81,
+      80,    32,    -1,    26,    76,    32,    -1,    27,    76,    32,
+      -1,    25,    76,    32,    -1,    19,    77,    80,    32,    -1,
+      20,    81,    80,    32,    -1,    36,    28,    80,    32,    -1,
+      37,    82,    82,    80,    32,    -1,     7,    32,    -1,    52,
+      56,    -1,    78,    -1,    53,    58,    54,    -1,    53,    58,
+      -1,    -1,    56,    57,    -1,    56,    75,    -1,    56,    73,
+      -1,    56,    32,    -1,    19,    77,    80,    32,    -1,    21,
+      76,    32,    -1,    23,    76,    32,    -1,    18,    32,    -1,
+      20,    28,    80,    32,    -1,    -1,    58,    45,    -1,    14,
+      81,    32,    -1,    78,    -1,    59,    62,    60,    -1,    59,
+      62,    -1,    -1,    62,    45,    -1,    62,    66,    -1,    62,
+      55,    -1,     4,    77,    32,    -1,    63,    74,    -1,    78,
+      -1,    64,    67,    65,    -1,    64,    67,    -1,    -1,    67,
+      45,    -1,    67,    66,    -1,    67,    55,    -1,    67,     1,
+      32,    -1,     6,    77,    32,    -1,    68,    -1,     9,    77,
+      32,    -1,    70,    74,    -1,    12,    32,    -1,    72,    13,
+      -1,    -1,    74,    75,    -1,    74,    32,    -1,    16,    35,
+      81,    32,    -1,    16,    81,    32,    -1,    17,    81,    32,
+      -1,    -1,    77,    80,    -1,    28,    -1,    29,    -1,     5,
+      79,    -1,     8,    79,    -1,    15,    79,    -1,    32,    -1,
+      31,    -1,    -1,    14,    81,    -1,    82,    -1,    82,    40,
+      82,    -1,    82,    30,    82,    -1,    34,    81,    33,    -1,
+      41,    81,    -1,    81,    38,    81,    -1,    81,    39,    81,
+      -1,    28,    -1,    29,    -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+static const unsigned short yyrline[] =
+{
+       0,    94,    94,    95,    98,    99,   100,   101,   102,   103,
+     104,   105,   109,   110,   111,   112,   113,   114,   120,   128,
+     134,   142,   152,   154,   155,   156,   157,   160,   166,   173,
+     179,   186,   192,   198,   204,   210,   216,   222,   230,   239,
+     245,   254,   255,   261,   263,   264,   265,   266,   269,   275,
+     281,   287,   293,   299,   301,   306,   315,   324,   325,   331,
+     333,   334,   335,   340,   347,   353,   362,   363,   369,   371,
+     372,   373,   374,   377,   383,   390,   397,   404,   410,   417,
+     418,   419,   422,   427,   432,   440,   442,   447,   448,   451,
+     452,   453,   457,   457,   459,   460,   463,   464,   465,   466,
+     467,   468,   469,   472,   473
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE
+/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "T_MAINMENU", "T_MENU", "T_ENDMENU",
+  "T_SOURCE", "T_CHOICE", "T_ENDCHOICE", "T_COMMENT", "T_CONFIG",
+  "T_MENUCONFIG", "T_HELP", "T_HELPTEXT", "T_IF", "T_ENDIF", "T_DEPENDS",
+  "T_REQUIRES", "T_OPTIONAL", "T_PROMPT", "T_DEFAULT", "T_TRISTATE",
+  "T_DEF_TRISTATE", "T_BOOLEAN", "T_DEF_BOOLEAN", "T_STRING", "T_INT",
+  "T_HEX", "T_WORD", "T_WORD_QUOTE", "T_UNEQUAL", "T_EOF", "T_EOL",
+  "T_CLOSE_PAREN", "T_OPEN_PAREN", "T_ON", "T_SELECT", "T_RANGE", "T_OR",
+  "T_AND", "T_EQUAL", "T_NOT", "$accept", "input", "block",
+  "common_block", "config_entry_start", "config_stmt",
+  "menuconfig_entry_start", "menuconfig_stmt", "config_option_list",
+  "config_option", "choice", "choice_entry", "choice_end", "choice_stmt",
+  "choice_option_list", "choice_option", "choice_block", "if", "if_end",
+  "if_stmt", "if_block", "menu", "menu_entry", "menu_end", "menu_stmt",
+  "menu_block", "source", "source_stmt", "comment", "comment_stmt",
+  "help_start", "help", "depends_list", "depends", "prompt_stmt_opt",
+  "prompt", "end", "nl_or_eof", "if_expr", "expr", "symbol", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+   token YYLEX-NUM.  */
+static const unsigned short yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+     295,   296
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const unsigned char yyr1[] =
+{
+       0,    42,    43,    43,    44,    44,    44,    44,    44,    44,
+      44,    44,    45,    45,    45,    45,    45,    45,    46,    47,
+      48,    49,    50,    50,    50,    50,    50,    51,    51,    51,
+      51,    51,    51,    51,    51,    51,    51,    51,    52,    53,
+      54,    55,    55,    56,    56,    56,    56,    56,    57,    57,
+      57,    57,    57,    58,    58,    59,    60,    61,    61,    62,
+      62,    62,    62,    63,    64,    65,    66,    66,    67,    67,
+      67,    67,    67,    68,    69,    70,    71,    72,    73,    74,
+      74,    74,    75,    75,    75,    76,    76,    77,    77,    78,
+      78,    78,    79,    79,    80,    80,    81,    81,    81,    81,
+      81,    81,    81,    82,    82
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+static const unsigned char yyr2[] =
+{
+       0,     2,     0,     2,     1,     1,     1,     3,     1,     1,
+       1,     2,     1,     1,     1,     1,     1,     1,     3,     2,
+       3,     2,     0,     2,     2,     2,     2,     3,     4,     3,
+       4,     3,     3,     3,     4,     4,     4,     5,     2,     2,
+       1,     3,     2,     0,     2,     2,     2,     2,     4,     3,
+       3,     2,     4,     0,     2,     3,     1,     3,     2,     0,
+       2,     2,     2,     3,     2,     1,     3,     2,     0,     2,
+       2,     2,     3,     3,     1,     3,     2,     2,     2,     0,
+       2,     2,     4,     3,     3,     0,     2,     1,     1,     2,
+       2,     2,     1,     1,     0,     2,     1,     3,     3,     3,
+       2,     3,     3,     1,     1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
+   means the default is an error.  */
+static const unsigned char yydefact[] =
+{
+       2,     0,     1,     0,     0,     0,     8,     0,     0,    10,
+       0,     0,     0,     0,     9,    93,    92,     3,     4,    22,
+      14,    22,    15,    43,    53,     5,    59,    12,    79,    68,
+       6,    74,    16,    79,    13,    17,    11,    87,    88,     0,
+       0,     0,    38,     0,     0,     0,   103,   104,     0,     0,
+       0,    96,    19,    21,    39,    42,    58,    64,     0,    76,
+       7,    63,    73,    75,    18,    20,     0,   100,    55,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,    85,     0,
+      85,     0,    85,    85,    85,    26,     0,     0,    23,     0,
+      25,    24,     0,     0,     0,    85,    85,    47,    44,    46,
+      45,     0,     0,     0,    54,    41,    40,    60,    62,    57,
+      61,    56,    81,    80,     0,    69,    71,    66,    70,    65,
+      99,   101,   102,    98,    97,    77,     0,     0,     0,    94,
+      94,     0,    94,    94,     0,    94,     0,     0,     0,    94,
+       0,    78,    51,    94,    94,     0,     0,    89,    90,    91,
+      72,     0,    83,    84,     0,     0,     0,    27,    86,     0,
+      29,     0,    33,    31,    32,     0,    94,     0,     0,    49,
+      50,    82,    95,    34,    35,    28,    30,    36,     0,    48,
+      52,    37
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const short yydefgoto[] =
+{
+      -1,     1,    17,    18,    19,    20,    21,    22,    52,    88,
+      23,    24,   105,    25,    54,    98,    55,    26,   109,    27,
+      56,    28,    29,   117,    30,    58,    31,    32,    33,    34,
+      89,    90,    57,    91,   131,   132,   106,    35,   155,    50,
+      51
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
+#define YYPACT_NINF -99
+static const short yypact[] =
+{
+     -99,    48,   -99,    38,    46,    46,   -99,    46,   -29,   -99,
+      46,   -17,    -3,   -11,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,    38,
+      12,    15,   -99,    18,    51,    62,   -99,   -99,   -11,   -11,
+       4,   -24,   138,   138,   160,   121,   110,    -4,    81,    -4,
+     -99,   -99,   -99,   -99,   -99,   -99,   -19,   -99,   -99,   -11,
+     -11,    70,    70,    73,    32,   -11,    46,   -11,    46,   -11,
+      46,   -11,    46,    46,    46,   -99,    36,    70,   -99,    95,
+     -99,   -99,    96,    46,   106,    46,    46,   -99,   -99,   -99,
+     -99,    38,    38,    38,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   112,   -99,   -99,   -99,   -99,   -99,
+     -99,   117,   -99,   -99,   -99,   -99,   -11,    33,    65,   131,
+       1,   119,   131,     1,   136,     1,   153,   154,   155,   131,
+      70,   -99,   -99,   131,   131,   156,   157,   -99,   -99,   -99,
+     -99,   101,   -99,   -99,   -11,   158,   159,   -99,   -99,   161,
+     -99,   162,   -99,   -99,   -99,   163,   131,   164,   165,   -99,
+     -99,   -99,    99,   -99,   -99,   -99,   -99,   -99,   166,   -99,
+     -99,   -99
+};
+
+/* YYPGOTO[NTERM-NUM].  */
+static const short yypgoto[] =
+{
+     -99,   -99,   -99,   111,   -99,   -99,   -99,   -99,   178,   -99,
+     -99,   -99,   -99,    91,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   115,   -99,   -99,   -99,   -99,   -99,
+     -99,   146,   168,    89,    27,     0,   126,    -1,   -98,   -48,
+     -63
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule which
+   number is the opposite.  If zero, do what YYDEFACT says.
+   If YYTABLE_NINF, syntax error.  */
+#define YYTABLE_NINF -68
+static const short yytable[] =
+{
+      66,    67,    36,    42,    39,    40,    71,    41,   123,   124,
+      43,    44,    74,    75,   120,   154,    72,    46,    47,    69,
+      70,   121,   122,    48,   140,    45,   127,   128,   112,   130,
+      49,   133,   156,   135,   158,   159,    68,   161,    60,    69,
+      70,   165,    69,    70,    61,   167,   168,    62,     2,     3,
+      63,     4,     5,     6,     7,     8,     9,    10,    11,    12,
+      46,    47,    13,    14,   139,   152,    48,   126,   178,    15,
+      16,    69,    70,    49,    37,    38,   129,   166,   151,    15,
+      16,   -67,   114,    64,   -67,     5,   101,     7,     8,   102,
+      10,    11,    12,   143,    65,    13,   103,   153,    46,    47,
+     147,   148,   149,    69,    70,   125,   172,   134,   141,   136,
+     137,   138,    15,    16,     5,   101,     7,     8,   102,    10,
+      11,    12,   145,   146,    13,   103,   101,     7,   142,   102,
+      10,    11,    12,   171,   144,    13,   103,    69,    70,    69,
+      70,    15,    16,   100,   150,   154,   113,   108,   113,   116,
+      73,   157,    15,    16,    74,    75,    70,    76,    77,    78,
+      79,    80,    81,    82,    83,    84,   104,   107,   160,   115,
+      85,   110,    73,   118,    86,    87,    74,    75,    92,    93,
+      94,    95,   111,    96,   119,   162,   163,   164,   169,   170,
+     173,   174,    97,   175,   176,   177,   179,   180,   181,    53,
+      99,    59
+};
+
+static const unsigned char yycheck[] =
+{
+      48,    49,     3,    32,     4,     5,    30,     7,    71,    72,
+      10,    28,    16,    17,    33,    14,    40,    28,    29,    38,
+      39,    69,    70,    34,    87,    28,    74,    75,    32,    77,
+      41,    79,   130,    81,   132,   133,    32,   135,    39,    38,
+      39,   139,    38,    39,    32,   143,   144,    32,     0,     1,
+      32,     3,     4,     5,     6,     7,     8,     9,    10,    11,
+      28,    29,    14,    15,    28,    32,    34,    35,   166,    31,
+      32,    38,    39,    41,    28,    29,    76,   140,   126,    31,
+      32,     0,     1,    32,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    93,    32,    14,    15,    32,    28,    29,
+     101,   102,   103,    38,    39,    32,   154,    80,    13,    82,
+      83,    84,    31,    32,     4,     5,     6,     7,     8,     9,
+      10,    11,    95,    96,    14,    15,     5,     6,    32,     8,
+       9,    10,    11,    32,    28,    14,    15,    38,    39,    38,
+      39,    31,    32,    54,    32,    14,    57,    56,    59,    58,
+      12,    32,    31,    32,    16,    17,    39,    19,    20,    21,
+      22,    23,    24,    25,    26,    27,    55,    56,    32,    58,
+      32,    56,    12,    58,    36,    37,    16,    17,    18,    19,
+      20,    21,    56,    23,    58,    32,    32,    32,    32,    32,
+      32,    32,    32,    32,    32,    32,    32,    32,    32,    21,
+      54,    33
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+   symbol of state STATE-NUM.  */
+static const unsigned char yystos[] =
+{
+       0,    43,     0,     1,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    14,    15,    31,    32,    44,    45,    46,
+      47,    48,    49,    52,    53,    55,    59,    61,    63,    64,
+      66,    68,    69,    70,    71,    79,    79,    28,    29,    77,
+      77,    77,    32,    77,    28,    28,    28,    29,    34,    41,
+      81,    82,    50,    50,    56,    58,    62,    74,    67,    74,
+      79,    32,    32,    32,    32,    32,    81,    81,    32,    38,
+      39,    30,    40,    12,    16,    17,    19,    20,    21,    22,
+      23,    24,    25,    26,    27,    32,    36,    37,    51,    72,
+      73,    75,    18,    19,    20,    21,    23,    32,    57,    73,
+      75,     5,     8,    15,    45,    54,    78,    45,    55,    60,
+      66,    78,    32,    75,     1,    45,    55,    65,    66,    78,
+      33,    81,    81,    82,    82,    32,    35,    81,    81,    77,
+      81,    76,    77,    81,    76,    81,    76,    76,    76,    28,
+      82,    13,    32,    77,    28,    76,    76,    79,    79,    79,
+      32,    81,    32,    32,    14,    80,    80,    32,    80,    80,
+      32,    80,    32,    32,    32,    80,    82,    80,    80,    32,
+      32,    32,    81,    32,    32,    32,    32,    32,    80,    32,
+      32,    32
+};
+
+#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
+# define YYSIZE_T __SIZE_TYPE__
+#endif
+#if ! defined (YYSIZE_T) && defined (size_t)
+# define YYSIZE_T size_t
+#endif
+#if ! defined (YYSIZE_T)
+# if defined (__STDC__) || defined (__cplusplus)
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# endif
+#endif
+#if ! defined (YYSIZE_T)
+# define YYSIZE_T unsigned int
+#endif
+
+#define yyerrok		(yyerrstatus = 0)
+#define yyclearin	(yychar = YYEMPTY)
+#define YYEMPTY		(-2)
+#define YYEOF		0
+
+#define YYACCEPT	goto yyacceptlab
+#define YYABORT		goto yyabortlab
+#define YYERROR		goto yyerrlab1
+
+
+/* Like YYERROR except do call yyerror.  This remains here temporarily
+   to ease the transition to the new meaning of YYERROR, for GCC.
+   Once GCC version 2 has supplanted version 1, this can go.  */
+
+#define YYFAIL		goto yyerrlab
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)					\
+do								\
+  if (yychar == YYEMPTY && yylen == 1)				\
+    {								\
+      yychar = (Token);						\
+      yylval = (Value);						\
+      yytoken = YYTRANSLATE (yychar);				\
+      YYPOPSTACK;						\
+      goto yybackup;						\
+    }								\
+  else								\
+    { 								\
+      yyerror ("syntax error: cannot back up");\
+      YYERROR;							\
+    }								\
+while (0)
+
+#define YYTERROR	1
+#define YYERRCODE	256
+
+/* YYLLOC_DEFAULT -- Compute the default location (before the actions
+   are run).  */
+
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N)         \
+  Current.first_line   = Rhs[1].first_line;      \
+  Current.first_column = Rhs[1].first_column;    \
+  Current.last_line    = Rhs[N].last_line;       \
+  Current.last_column  = Rhs[N].last_column;
+#endif
+
+/* YYLEX -- calling `yylex' with the right arguments.  */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)			\
+do {						\
+  if (yydebug)					\
+    YYFPRINTF Args;				\
+} while (0)
+
+# define YYDSYMPRINT(Args)			\
+do {						\
+  if (yydebug)					\
+    yysymprint Args;				\
+} while (0)
+
+# define YYDSYMPRINTF(Title, Token, Value, Location)		\
+do {								\
+  if (yydebug)							\
+    {								\
+      YYFPRINTF (stderr, "%s ", Title);				\
+      yysymprint (stderr, 					\
+                  Token, Value);	\
+      YYFPRINTF (stderr, "\n");					\
+    }								\
+} while (0)
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (cinluded).                                                   |
+`------------------------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_stack_print (short *bottom, short *top)
+#else
+static void
+yy_stack_print (bottom, top)
+    short *bottom;
+    short *top;
+#endif
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (/* Nothing. */; bottom <= top; ++bottom)
+    YYFPRINTF (stderr, " %d", *bottom);
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)				\
+do {								\
+  if (yydebug)							\
+    yy_stack_print ((Bottom), (Top));				\
+} while (0)
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_reduce_print (int yyrule)
+#else
+static void
+yy_reduce_print (yyrule)
+    int yyrule;
+#endif
+{
+  int yyi;
+  unsigned int yylineno = yyrline[yyrule];
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
+             yyrule - 1, yylineno);
+  /* Print the symbols being reduced, and their result.  */
+  for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
+    YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
+  YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
+}
+
+# define YY_REDUCE_PRINT(Rule)		\
+do {					\
+  if (yydebug)				\
+    yy_reduce_print (Rule);		\
+} while (0)
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YYDSYMPRINT(Args)
+# define YYDSYMPRINTF(Title, Token, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef	YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#if YYMAXDEPTH == 0
+# undef YYMAXDEPTH
+#endif
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined (__GLIBC__) && defined (_STRING_H)
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+static YYSIZE_T
+#   if defined (__STDC__) || defined (__cplusplus)
+yystrlen (const char *yystr)
+#   else
+yystrlen (yystr)
+     const char *yystr;
+#   endif
+{
+  register const char *yys = yystr;
+
+  while (*yys++ != '\0')
+    continue;
+
+  return yys - yystr - 1;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+static char *
+#   if defined (__STDC__) || defined (__cplusplus)
+yystpcpy (char *yydest, const char *yysrc)
+#   else
+yystpcpy (yydest, yysrc)
+     char *yydest;
+     const char *yysrc;
+#   endif
+{
+  register char *yyd = yydest;
+  register const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+#endif /* !YYERROR_VERBOSE */
+
+
+
+#if YYDEBUG
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yysymprint (yyoutput, yytype, yyvaluep)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  if (yytype < YYNTOKENS)
+    {
+      YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+# ifdef YYPRINT
+      YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# endif
+    }
+  else
+    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+  switch (yytype)
+    {
+      default:
+        break;
+    }
+  YYFPRINTF (yyoutput, ")");
+}
+
+#endif /* ! YYDEBUG */
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yydestruct (int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yytype, yyvaluep)
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  switch (yytype)
+    {
+
+      default:
+        break;
+    }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes.  */
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM);
+# else
+int yyparse ();
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The lookahead symbol.  */
+int yychar;
+
+/* The semantic value of the lookahead symbol.  */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far.  */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM)
+# else
+int yyparse (YYPARSE_PARAM)
+  void *YYPARSE_PARAM;
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+  register int yystate;
+  register int yyn;
+  int yyresult;
+  /* Number of tokens to shift before error messages enabled.  */
+  int yyerrstatus;
+  /* Lookahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+
+  /* Three stacks and their tools:
+     `yyss': related to states,
+     `yyvs': related to semantic values,
+     `yyls': related to locations.
+
+     Refer to the stacks thru separate pointers, to allow yyoverflow
+     to reallocate them elsewhere.  */
+
+  /* The state stack.  */
+  short	yyssa[YYINITDEPTH];
+  short *yyss = yyssa;
+  register short *yyssp;
+
+  /* The semantic value stack.  */
+  YYSTYPE yyvsa[YYINITDEPTH];
+  YYSTYPE *yyvs = yyvsa;
+  register YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK   (yyvsp--, yyssp--)
+
+  YYSIZE_T yystacksize = YYINITDEPTH;
+
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+
+
+  /* When reducing, the number of symbols on the RHS of the reduced
+     rule.  */
+  int yylen;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY;		/* Cause a token to be read.  */
+
+  /* Initialize stack pointers.
+     Waste one element of value and location stack
+     so that they stay on the same level as the state stack.
+     The wasted elements are never initialized.  */
+
+  yyssp = yyss;
+  yyvsp = yyvs;
+
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed. so pushing a state here evens the stacks.
+     */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+	/* Give user a chance to reallocate the stack. Use copies of
+	   these so that the &'s don't force the real ones into
+	   memory.  */
+	YYSTYPE *yyvs1 = yyvs;
+	short *yyss1 = yyss;
+
+
+	/* Each stack pointer address is followed by the size of the
+	   data in use in that stack, in bytes.  This used to be a
+	   conditional around just the two extra args, but that might
+	   be undefined if yyoverflow is a macro.  */
+	yyoverflow ("parser stack overflow",
+		    &yyss1, yysize * sizeof (*yyssp),
+		    &yyvs1, yysize * sizeof (*yyvsp),
+
+		    &yystacksize);
+
+	yyss = yyss1;
+	yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyoverflowlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+	goto yyoverflowlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+	yystacksize = YYMAXDEPTH;
+
+      {
+	short *yyss1 = yyss;
+	union yyalloc *yyptr =
+	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+	if (! yyptr)
+	  goto yyoverflowlab;
+	YYSTACK_RELOCATE (yyss);
+	YYSTACK_RELOCATE (yyvs);
+
+#  undef YYSTACK_RELOCATE
+	if (yyss1 != yyssa)
+	  YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+		  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+	YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+/* Do appropriate processing given the current state.  */
+/* Read a lookahead token if we need one and don't already have one.  */
+/* yyresume: */
+
+  /* First try to decide what to do without reference to lookahead token.  */
+
+  yyn = yypact[yystate];
+  if (yyn == YYPACT_NINF)
+    goto yydefault;
+
+  /* Not known => get a lookahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = YYLEX;
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yyn == 0 || yyn == YYTABLE_NINF)
+	goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  /* Shift the lookahead token.  */
+  YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
+
+  /* Discard the token being shifted unless it is eof.  */
+  if (yychar != YYEOF)
+    yychar = YYEMPTY;
+
+  *++yyvsp = yylval;
+
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     `$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 8:
+
+    { zconfprint("unexpected 'endmenu' statement"); ;}
+    break;
+
+  case 9:
+
+    { zconfprint("unexpected 'endif' statement"); ;}
+    break;
+
+  case 10:
+
+    { zconfprint("unexpected 'endchoice' statement"); ;}
+    break;
+
+  case 11:
+
+    { zconfprint("syntax error"); yyerrok; ;}
+    break;
+
+  case 18:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 19:
+
+    {
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 20:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 21:
+
+    {
+	if (current_entry->prompt)
+		current_entry->prompt->type = P_MENU;
+	else
+		zconfprint("warning: menuconfig statement without prompt");
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 27:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 28:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 29:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 30:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 31:
+
+    {
+	menu_set_type(S_INT);
+	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 32:
+
+    {
+	menu_set_type(S_HEX);
+	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 33:
+
+    {
+	menu_set_type(S_STRING);
+	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 34:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 35:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 36:
+
+    {
+	menu_add_symbol(P_SELECT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 37:
+
+    {
+	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,yyvsp[-3].symbol, yyvsp[-2].symbol), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 38:
+
+    {
+	struct symbol *sym = sym_lookup(NULL, 0);
+	sym->flags |= SYMBOL_CHOICE;
+	menu_add_entry(sym);
+	menu_add_expr(P_CHOICE, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 39:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 40:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_CHOICE, T_ENDCHOICE)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 42:
+
+    {
+	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 48:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 49:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 50:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 51:
+
+    {
+	current_entry->sym->flags |= SYMBOL_OPTIONAL;
+	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 52:
+
+    {
+	menu_add_symbol(P_DEFAULT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 55:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+	menu_add_entry(NULL);
+	menu_add_dep(yyvsp[-1].expr);
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 56:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_IF, T_ENDIF)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 58:
+
+    {
+	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 63:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_MENU, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 64:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 65:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_MENU, T_ENDMENU)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 67:
+
+    {
+	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 72:
+
+    { zconfprint("invalid menu option"); yyerrok; ;}
+    break;
+
+  case 73:
+
+    {
+	yyval.string = yyvsp[-1].string;
+	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 74:
+
+    {
+	zconf_nextfile(yyvsp[0].string);
+;}
+    break;
+
+  case 75:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_COMMENT, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 76:
+
+    {
+	menu_end_entry();
+;}
+    break;
+
+  case 77:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
+	zconf_starthelp();
+;}
+    break;
+
+  case 78:
+
+    {
+	current_entry->sym->help = yyvsp[0].string;
+;}
+    break;
+
+  case 82:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 83:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 84:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 86:
+
+    {
+	menu_add_prop(P_PROMPT, yyvsp[-1].string, NULL, yyvsp[0].expr);
+;}
+    break;
+
+  case 89:
+
+    { yyval.token = T_ENDMENU; ;}
+    break;
+
+  case 90:
+
+    { yyval.token = T_ENDCHOICE; ;}
+    break;
+
+  case 91:
+
+    { yyval.token = T_ENDIF; ;}
+    break;
+
+  case 94:
+
+    { yyval.expr = NULL; ;}
+    break;
+
+  case 95:
+
+    { yyval.expr = yyvsp[0].expr; ;}
+    break;
+
+  case 96:
+
+    { yyval.expr = expr_alloc_symbol(yyvsp[0].symbol); ;}
+    break;
+
+  case 97:
+
+    { yyval.expr = expr_alloc_comp(E_EQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 98:
+
+    { yyval.expr = expr_alloc_comp(E_UNEQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 99:
+
+    { yyval.expr = yyvsp[-1].expr; ;}
+    break;
+
+  case 100:
+
+    { yyval.expr = expr_alloc_one(E_NOT, yyvsp[0].expr); ;}
+    break;
+
+  case 101:
+
+    { yyval.expr = expr_alloc_two(E_OR, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 102:
+
+    { yyval.expr = expr_alloc_two(E_AND, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 103:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 0); free(yyvsp[0].string); ;}
+    break;
+
+  case 104:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 1); free(yyvsp[0].string); ;}
+    break;
+
+
+    }
+
+/* Line 999 of yacc.c.  */
+
+
+  yyvsp -= yylen;
+  yyssp -= yylen;
+
+
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+
+
+  /* Now `shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if YYERROR_VERBOSE
+      yyn = yypact[yystate];
+
+      if (YYPACT_NINF < yyn && yyn < YYLAST)
+	{
+	  YYSIZE_T yysize = 0;
+	  int yytype = YYTRANSLATE (yychar);
+	  char *yymsg;
+	  int yyx, yycount;
+
+	  yycount = 0;
+	  /* Start YYX at -YYN if negative to avoid negative indexes in
+	     YYCHECK.  */
+	  for (yyx = yyn < 0 ? -yyn : 0;
+	       yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
+	    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+	      yysize += yystrlen (yytname[yyx]) + 15, yycount++;
+	  yysize += yystrlen ("syntax error, unexpected ") + 1;
+	  yysize += yystrlen (yytname[yytype]);
+	  yymsg = (char *) YYSTACK_ALLOC (yysize);
+	  if (yymsg != 0)
+	    {
+	      char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
+	      yyp = yystpcpy (yyp, yytname[yytype]);
+
+	      if (yycount < 5)
+		{
+		  yycount = 0;
+		  for (yyx = yyn < 0 ? -yyn : 0;
+		       yyx < (int) (sizeof (yytname) / sizeof (char *));
+		       yyx++)
+		    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+		      {
+			const char *yyq = ! yycount ? ", expecting " : " or ";
+			yyp = yystpcpy (yyp, yyq);
+			yyp = yystpcpy (yyp, yytname[yyx]);
+			yycount++;
+		      }
+		}
+	      yyerror (yymsg);
+	      YYSTACK_FREE (yymsg);
+	    }
+	  else
+	    yyerror ("syntax error; also virtual memory exhausted");
+	}
+      else
+#endif /* YYERROR_VERBOSE */
+	yyerror ("syntax error");
+    }
+
+
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse lookahead token after an
+	 error, discard it.  */
+
+      /* Return failure if at end of input.  */
+      if (yychar == YYEOF)
+        {
+	  /* Pop the error token.  */
+          YYPOPSTACK;
+	  /* Pop the rest of the stack.  */
+	  while (yyss < yyssp)
+	    {
+	      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+	      yydestruct (yystos[*yyssp], yyvsp);
+	      YYPOPSTACK;
+	    }
+	  YYABORT;
+        }
+
+      YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
+      yydestruct (yytoken, &yylval);
+      yychar = YYEMPTY;
+
+    }
+
+  /* Else will try to reuse lookahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*----------------------------------------------------.
+| yyerrlab1 -- error raised explicitly by an action.  |
+`----------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (yyn != YYPACT_NINF)
+	{
+	  yyn += YYTERROR;
+	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+	    {
+	      yyn = yytable[yyn];
+	      if (0 < yyn)
+		break;
+	    }
+	}
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+	YYABORT;
+
+      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+      yydestruct (yystos[yystate], yyvsp);
+      yyvsp--;
+      yystate = *--yyssp;
+
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  YYDPRINTF ((stderr, "Shifting error token, "));
+
+  *++yyvsp = yylval;
+
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#ifndef yyoverflow
+/*----------------------------------------------.
+| yyoverflowlab -- parser overflow comes here.  |
+`----------------------------------------------*/
+yyoverflowlab:
+  yyerror ("parser stack overflow");
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+  return yyresult;
+}
+
+
+
+
+
+void conf_parse(const char *name)
+{
+	struct symbol *sym;
+	int i;
+
+	zconf_initscan(name);
+
+	sym_init();
+	menu_init();
+	modules_sym = sym_lookup("MODULES", 0);
+	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
+
+	//zconfdebug = 1;
+	zconfparse();
+	if (zconfnerrs)
+		exit(1);
+	menu_finalize(&rootmenu);
+	for_all_symbols(i, sym) {
+                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
+                        printf("\n");
+		else
+			sym->flags |= SYMBOL_CHECK_DONE;
+        }
+
+	sym_change_count = 1;
+}
+
+const char *zconf_tokenname(int token)
+{
+	switch (token) {
+	case T_MENU:		return "menu";
+	case T_ENDMENU:		return "endmenu";
+	case T_CHOICE:		return "choice";
+	case T_ENDCHOICE:	return "endchoice";
+	case T_IF:		return "if";
+	case T_ENDIF:		return "endif";
+	}
+	return "<token>";
+}
+
+static bool zconf_endtoken(int token, int starttoken, int endtoken)
+{
+	if (token != endtoken) {
+		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	if (current_menu->file != current_file) {
+		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	return true;
+}
+
+static void zconfprint(const char *err, ...)
+{
+	va_list ap;
+
+	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
+	va_start(ap, err);
+	vfprintf(stderr, err, ap);
+	va_end(ap);
+	fprintf(stderr, "\n");
+}
+
+static void zconferror(const char *err)
+{
+	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
+}
+
+void print_quoted_string(FILE *out, const char *str)
+{
+	const char *p;
+	int len;
+
+	putc('"', out);
+	while ((p = strchr(str, '"'))) {
+		len = p - str;
+		if (len)
+			fprintf(out, "%.*s", len, str);
+		fputs("\\\"", out);
+		str = p + 1;
+	}
+	fputs(str, out);
+	putc('"', out);
+}
+
+void print_symbol(FILE *out, struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	struct property *prop;
+
+	if (sym_is_choice(sym))
+		fprintf(out, "choice\n");
+	else
+		fprintf(out, "config %s\n", sym->name);
+	switch (sym->type) {
+	case S_BOOLEAN:
+		fputs("  boolean\n", out);
+		break;
+	case S_TRISTATE:
+		fputs("  tristate\n", out);
+		break;
+	case S_STRING:
+		fputs("  string\n", out);
+		break;
+	case S_INT:
+		fputs("  integer\n", out);
+		break;
+	case S_HEX:
+		fputs("  hex\n", out);
+		break;
+	default:
+		fputs("  ???\n", out);
+		break;
+	}
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu != menu)
+			continue;
+		switch (prop->type) {
+		case P_PROMPT:
+			fputs("  prompt ", out);
+			print_quoted_string(out, prop->text);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_DEFAULT:
+			fputs( "  default ", out);
+			expr_fprint(prop->expr, out);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_CHOICE:
+			fputs("  #choice value\n", out);
+			break;
+		default:
+			fprintf(out, "  unknown prop %d!\n", prop->type);
+			break;
+		}
+	}
+	if (sym->help) {
+		int len = strlen(sym->help);
+		while (sym->help[--len] == '\n')
+			sym->help[len] = 0;
+		fprintf(out, "  help\n%s\n", sym->help);
+	}
+	fputc('\n', out);
+}
+
+void zconfdump(FILE *out)
+{
+	struct property *prop;
+	struct symbol *sym;
+	struct menu *menu;
+
+	menu = rootmenu.list;
+	while (menu) {
+		if ((sym = menu->sym))
+			print_symbol(out, menu);
+		else if ((prop = menu->prompt)) {
+			switch (prop->type) {
+			case P_COMMENT:
+				fputs("\ncomment ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			case P_MENU:
+				fputs("\nmenu ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			default:
+				;
+			}
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs("  depends ", out);
+				expr_fprint(prop->visible.expr, out);
+				fputc('\n', out);
+			}
+			fputs("\n", out);
+		}
+
+		if (menu->list)
+			menu = menu->list;
+		else if (menu->next)
+			menu = menu->next;
+		else while ((menu = menu->parent)) {
+			if (menu->prompt && menu->prompt->type == P_MENU)
+				fputs("\nendmenu\n", out);
+			if (menu->next) {
+				menu = menu->next;
+				break;
+			}
+		}
+	}
+}
+
+#include "lex.zconf.c"
+#include "util.c"
+#include "confdata.c"
+#include "expr.c"
+#include "symbol.c"
+#include "menu.c"
+
+
diff --git a/config/scripts/config/zconf.tab.h b/config/scripts/config/zconf.tab.h
new file mode 100644
index 0000000000..3b191ef599
--- /dev/null
+++ b/config/scripts/config/zconf.tab.h
@@ -0,0 +1,125 @@
+/* A Bison parser, made from zconf.y, by GNU bison 1.75.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+#ifndef BISON_ZCONF_TAB_H
+# define BISON_ZCONF_TAB_H
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_HELP = 266,
+     T_HELPTEXT = 267,
+     T_IF = 268,
+     T_ENDIF = 269,
+     T_DEPENDS = 270,
+     T_REQUIRES = 271,
+     T_OPTIONAL = 272,
+     T_PROMPT = 273,
+     T_DEFAULT = 274,
+     T_TRISTATE = 275,
+     T_BOOLEAN = 276,
+     T_INT = 277,
+     T_HEX = 278,
+     T_WORD = 279,
+     T_STRING = 280,
+     T_UNEQUAL = 281,
+     T_EOF = 282,
+     T_EOL = 283,
+     T_CLOSE_PAREN = 284,
+     T_OPEN_PAREN = 285,
+     T_ON = 286,
+     T_OR = 287,
+     T_AND = 288,
+     T_EQUAL = 289,
+     T_NOT = 290
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_HELP 266
+#define T_HELPTEXT 267
+#define T_IF 268
+#define T_ENDIF 269
+#define T_DEPENDS 270
+#define T_REQUIRES 271
+#define T_OPTIONAL 272
+#define T_PROMPT 273
+#define T_DEFAULT 274
+#define T_TRISTATE 275
+#define T_BOOLEAN 276
+#define T_INT 277
+#define T_HEX 278
+#define T_WORD 279
+#define T_STRING 280
+#define T_UNEQUAL 281
+#define T_EOF 282
+#define T_EOL 283
+#define T_CLOSE_PAREN 284
+#define T_OPEN_PAREN 285
+#define T_ON 286
+#define T_OR 287
+#define T_AND 288
+#define T_EQUAL 289
+#define T_NOT 290
+
+
+
+
+#ifndef YYSTYPE
+#line 33 "zconf.y"
+typedef union {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} yystype;
+/* Line 1281 of /usr/share/bison/yacc.c.  */
+#line 118 "zconf.tab.h"
+# define YYSTYPE yystype
+#endif
+
+extern YYSTYPE zconflval;
+
+
+#endif /* not BISON_ZCONF_TAB_H */
+
diff --git a/config/scripts/config/zconf.tab.h_shipped b/config/scripts/config/zconf.tab.h_shipped
new file mode 100644
index 0000000000..3b191ef599
--- /dev/null
+++ b/config/scripts/config/zconf.tab.h_shipped
@@ -0,0 +1,125 @@
+/* A Bison parser, made from zconf.y, by GNU bison 1.75.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+#ifndef BISON_ZCONF_TAB_H
+# define BISON_ZCONF_TAB_H
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_HELP = 266,
+     T_HELPTEXT = 267,
+     T_IF = 268,
+     T_ENDIF = 269,
+     T_DEPENDS = 270,
+     T_REQUIRES = 271,
+     T_OPTIONAL = 272,
+     T_PROMPT = 273,
+     T_DEFAULT = 274,
+     T_TRISTATE = 275,
+     T_BOOLEAN = 276,
+     T_INT = 277,
+     T_HEX = 278,
+     T_WORD = 279,
+     T_STRING = 280,
+     T_UNEQUAL = 281,
+     T_EOF = 282,
+     T_EOL = 283,
+     T_CLOSE_PAREN = 284,
+     T_OPEN_PAREN = 285,
+     T_ON = 286,
+     T_OR = 287,
+     T_AND = 288,
+     T_EQUAL = 289,
+     T_NOT = 290
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_HELP 266
+#define T_HELPTEXT 267
+#define T_IF 268
+#define T_ENDIF 269
+#define T_DEPENDS 270
+#define T_REQUIRES 271
+#define T_OPTIONAL 272
+#define T_PROMPT 273
+#define T_DEFAULT 274
+#define T_TRISTATE 275
+#define T_BOOLEAN 276
+#define T_INT 277
+#define T_HEX 278
+#define T_WORD 279
+#define T_STRING 280
+#define T_UNEQUAL 281
+#define T_EOF 282
+#define T_EOL 283
+#define T_CLOSE_PAREN 284
+#define T_OPEN_PAREN 285
+#define T_ON 286
+#define T_OR 287
+#define T_AND 288
+#define T_EQUAL 289
+#define T_NOT 290
+
+
+
+
+#ifndef YYSTYPE
+#line 33 "zconf.y"
+typedef union {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} yystype;
+/* Line 1281 of /usr/share/bison/yacc.c.  */
+#line 118 "zconf.tab.h"
+# define YYSTYPE yystype
+#endif
+
+extern YYSTYPE zconflval;
+
+
+#endif /* not BISON_ZCONF_TAB_H */
+
diff --git a/config/scripts/config/zconf.y b/config/scripts/config/zconf.y
new file mode 100644
index 0000000000..cf45da0b20
--- /dev/null
+++ b/config/scripts/config/zconf.y
@@ -0,0 +1,690 @@
+%{
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
+
+#define PRINTD		0x0001
+#define DEBUG_PARSE	0x0002
+
+int cdebug = PRINTD;
+
+extern int zconflex(void);
+static void zconfprint(const char *err, ...);
+static void zconferror(const char *err);
+static bool zconf_endtoken(int token, int starttoken, int endtoken);
+
+struct symbol *symbol_hash[257];
+
+static struct menu *current_menu, *current_entry;
+
+#define YYERROR_VERBOSE
+%}
+%expect 40
+
+%union
+{
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+}
+
+%token T_MAINMENU
+%token T_MENU
+%token T_ENDMENU
+%token T_SOURCE
+%token T_CHOICE
+%token T_ENDCHOICE
+%token T_COMMENT
+%token T_CONFIG
+%token T_MENUCONFIG
+%token T_HELP
+%token <string> T_HELPTEXT
+%token T_IF
+%token T_ENDIF
+%token T_DEPENDS
+%token T_REQUIRES
+%token T_OPTIONAL
+%token T_PROMPT
+%token T_DEFAULT
+%token T_TRISTATE
+%token T_DEF_TRISTATE
+%token T_BOOLEAN
+%token T_DEF_BOOLEAN
+%token T_STRING
+%token T_INT
+%token T_HEX
+%token <string> T_WORD
+%token <string> T_WORD_QUOTE
+%token T_UNEQUAL
+%token T_EOF
+%token T_EOL
+%token T_CLOSE_PAREN
+%token T_OPEN_PAREN
+%token T_ON
+%token T_SELECT
+%token T_RANGE
+
+%left T_OR
+%left T_AND
+%left T_EQUAL T_UNEQUAL
+%nonassoc T_NOT
+
+%type <string> prompt
+%type <string> source
+%type <symbol> symbol
+%type <expr> expr
+%type <expr> if_expr
+%type <token> end
+
+%{
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+%}
+%%
+input:	  /* empty */
+	| input block
+;
+
+block:	  common_block
+	| choice_stmt
+	| menu_stmt
+	| T_MAINMENU prompt nl_or_eof
+	| T_ENDMENU		{ zconfprint("unexpected 'endmenu' statement"); }
+	| T_ENDIF		{ zconfprint("unexpected 'endif' statement"); }
+	| T_ENDCHOICE		{ zconfprint("unexpected 'endchoice' statement"); }
+	| error nl_or_eof	{ zconfprint("syntax error"); yyerrok; }
+;
+
+common_block:
+	  if_stmt
+	| comment_stmt
+	| config_stmt
+	| menuconfig_stmt
+	| source_stmt
+	| nl_or_eof
+;
+
+
+/* config/menuconfig entry */
+
+config_entry_start: T_CONFIG T_WORD T_EOL
+{
+	struct symbol *sym = sym_lookup($2, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+config_stmt: config_entry_start config_option_list
+{
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+};
+
+menuconfig_entry_start: T_MENUCONFIG T_WORD T_EOL
+{
+	struct symbol *sym = sym_lookup($2, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+menuconfig_stmt: menuconfig_entry_start config_option_list
+{
+	if (current_entry->prompt)
+		current_entry->prompt->type = P_MENU;
+	else
+		zconfprint("warning: menuconfig statement without prompt");
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+};
+
+config_option_list:
+	  /* empty */
+	| config_option_list config_option
+	| config_option_list depends
+	| config_option_list help
+	| config_option_list T_EOL
+;
+
+config_option: T_TRISTATE prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEF_TRISTATE expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_BOOLEAN prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEF_BOOLEAN expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_INT prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_INT);
+	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_HEX prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_HEX);
+	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_STRING prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_STRING);
+	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_PROMPT prompt if_expr T_EOL
+{
+	menu_add_prompt(P_PROMPT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEFAULT expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_SELECT T_WORD if_expr T_EOL
+{
+	menu_add_symbol(P_SELECT, sym_lookup($2, 0), $3);
+	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_RANGE symbol symbol if_expr T_EOL
+{
+	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,$2, $3), $4);
+	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
+};
+
+/* choice entry */
+
+choice: T_CHOICE T_EOL
+{
+	struct symbol *sym = sym_lookup(NULL, 0);
+	sym->flags |= SYMBOL_CHOICE;
+	menu_add_entry(sym);
+	menu_add_expr(P_CHOICE, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
+};
+
+choice_entry: choice choice_option_list
+{
+	menu_end_entry();
+	menu_add_menu();
+};
+
+choice_end: end
+{
+	if (zconf_endtoken($1, T_CHOICE, T_ENDCHOICE)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+choice_stmt:
+	  choice_entry choice_block choice_end
+	| choice_entry choice_block
+{
+	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+choice_option_list:
+	  /* empty */
+	| choice_option_list choice_option
+	| choice_option_list depends
+	| choice_option_list help
+	| choice_option_list T_EOL
+;
+
+choice_option: T_PROMPT prompt if_expr T_EOL
+{
+	menu_add_prompt(P_PROMPT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_TRISTATE prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_BOOLEAN prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_OPTIONAL T_EOL
+{
+	current_entry->sym->flags |= SYMBOL_OPTIONAL;
+	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_DEFAULT T_WORD if_expr T_EOL
+{
+	menu_add_symbol(P_DEFAULT, sym_lookup($2, 0), $3);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+};
+
+choice_block:
+	  /* empty */
+	| choice_block common_block
+;
+
+/* if entry */
+
+if: T_IF expr T_EOL
+{
+	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+	menu_add_entry(NULL);
+	menu_add_dep($2);
+	menu_end_entry();
+	menu_add_menu();
+};
+
+if_end: end
+{
+	if (zconf_endtoken($1, T_IF, T_ENDIF)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+if_stmt:
+	  if if_block if_end
+	| if if_block
+{
+	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+if_block:
+	  /* empty */
+	| if_block common_block
+	| if_block menu_stmt
+	| if_block choice_stmt
+;
+
+/* menu entry */
+
+menu: T_MENU prompt T_EOL
+{
+	menu_add_entry(NULL);
+	menu_add_prop(P_MENU, $2, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
+};
+
+menu_entry: menu depends_list
+{
+	menu_end_entry();
+	menu_add_menu();
+};
+
+menu_end: end
+{
+	if (zconf_endtoken($1, T_MENU, T_ENDMENU)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+menu_stmt:
+	  menu_entry menu_block menu_end
+	| menu_entry menu_block
+{
+	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+menu_block:
+	  /* empty */
+	| menu_block common_block
+	| menu_block menu_stmt
+	| menu_block choice_stmt
+	| menu_block error T_EOL		{ zconfprint("invalid menu option"); yyerrok; }
+;
+
+source: T_SOURCE prompt T_EOL
+{
+	$$ = $2;
+	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+source_stmt: source
+{
+	zconf_nextfile($1);
+};
+
+/* comment entry */
+
+comment: T_COMMENT prompt T_EOL
+{
+	menu_add_entry(NULL);
+	menu_add_prop(P_COMMENT, $2, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
+};
+
+comment_stmt: comment depends_list
+{
+	menu_end_entry();
+};
+
+/* help option */
+
+help_start: T_HELP T_EOL
+{
+	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
+	zconf_starthelp();
+};
+
+help: help_start T_HELPTEXT
+{
+	current_entry->sym->help = $2;
+};
+
+/* depends option */
+
+depends_list:	  /* empty */
+		| depends_list depends
+		| depends_list T_EOL
+;
+
+depends: T_DEPENDS T_ON expr T_EOL
+{
+	menu_add_dep($3);
+	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
+}
+	| T_DEPENDS expr T_EOL
+{
+	menu_add_dep($2);
+	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
+}
+	| T_REQUIRES expr T_EOL
+{
+	menu_add_dep($2);
+	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
+};
+
+/* prompt statement */
+
+prompt_stmt_opt:
+	  /* empty */
+	| prompt if_expr
+{
+	menu_add_prop(P_PROMPT, $1, NULL, $2);
+};
+
+prompt:	  T_WORD
+	| T_WORD_QUOTE
+;
+
+end:	  T_ENDMENU nl_or_eof	{ $$ = T_ENDMENU; }
+	| T_ENDCHOICE nl_or_eof	{ $$ = T_ENDCHOICE; }
+	| T_ENDIF nl_or_eof	{ $$ = T_ENDIF; }
+;
+
+nl_or_eof:
+	T_EOL | T_EOF;
+
+if_expr:  /* empty */			{ $$ = NULL; }
+	| T_IF expr			{ $$ = $2; }
+;
+
+expr:	  symbol				{ $$ = expr_alloc_symbol($1); }
+	| symbol T_EQUAL symbol			{ $$ = expr_alloc_comp(E_EQUAL, $1, $3); }
+	| symbol T_UNEQUAL symbol		{ $$ = expr_alloc_comp(E_UNEQUAL, $1, $3); }
+	| T_OPEN_PAREN expr T_CLOSE_PAREN	{ $$ = $2; }
+	| T_NOT expr				{ $$ = expr_alloc_one(E_NOT, $2); }
+	| expr T_OR expr			{ $$ = expr_alloc_two(E_OR, $1, $3); }
+	| expr T_AND expr			{ $$ = expr_alloc_two(E_AND, $1, $3); }
+;
+
+symbol:	  T_WORD	{ $$ = sym_lookup($1, 0); free($1); }
+	| T_WORD_QUOTE	{ $$ = sym_lookup($1, 1); free($1); }
+;
+
+%%
+
+void conf_parse(const char *name)
+{
+	struct symbol *sym;
+	int i;
+
+	zconf_initscan(name);
+
+	sym_init();
+	menu_init();
+	modules_sym = sym_lookup("MODULES", 0);
+	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
+
+	//zconfdebug = 1;
+	zconfparse();
+	if (zconfnerrs)
+		exit(1);
+	menu_finalize(&rootmenu);
+	for_all_symbols(i, sym) {
+                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
+                        printf("\n");
+		else
+			sym->flags |= SYMBOL_CHECK_DONE;
+        }
+
+	sym_change_count = 1;
+}
+
+const char *zconf_tokenname(int token)
+{
+	switch (token) {
+	case T_MENU:		return "menu";
+	case T_ENDMENU:		return "endmenu";
+	case T_CHOICE:		return "choice";
+	case T_ENDCHOICE:	return "endchoice";
+	case T_IF:		return "if";
+	case T_ENDIF:		return "endif";
+	}
+	return "<token>";
+}
+
+static bool zconf_endtoken(int token, int starttoken, int endtoken)
+{
+	if (token != endtoken) {
+		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	if (current_menu->file != current_file) {
+		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	return true;
+}
+
+static void zconfprint(const char *err, ...)
+{
+	va_list ap;
+
+	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
+	va_start(ap, err);
+	vfprintf(stderr, err, ap);
+	va_end(ap);
+	fprintf(stderr, "\n");
+}
+
+static void zconferror(const char *err)
+{
+	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
+}
+
+void print_quoted_string(FILE *out, const char *str)
+{
+	const char *p;
+	int len;
+
+	putc('"', out);
+	while ((p = strchr(str, '"'))) {
+		len = p - str;
+		if (len)
+			fprintf(out, "%.*s", len, str);
+		fputs("\\\"", out);
+		str = p + 1;
+	}
+	fputs(str, out);
+	putc('"', out);
+}
+
+void print_symbol(FILE *out, struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	struct property *prop;
+
+	if (sym_is_choice(sym))
+		fprintf(out, "choice\n");
+	else
+		fprintf(out, "config %s\n", sym->name);
+	switch (sym->type) {
+	case S_BOOLEAN:
+		fputs("  boolean\n", out);
+		break;
+	case S_TRISTATE:
+		fputs("  tristate\n", out);
+		break;
+	case S_STRING:
+		fputs("  string\n", out);
+		break;
+	case S_INT:
+		fputs("  integer\n", out);
+		break;
+	case S_HEX:
+		fputs("  hex\n", out);
+		break;
+	default:
+		fputs("  ???\n", out);
+		break;
+	}
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu != menu)
+			continue;
+		switch (prop->type) {
+		case P_PROMPT:
+			fputs("  prompt ", out);
+			print_quoted_string(out, prop->text);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_DEFAULT:
+			fputs( "  default ", out);
+			expr_fprint(prop->expr, out);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_CHOICE:
+			fputs("  #choice value\n", out);
+			break;
+		default:
+			fprintf(out, "  unknown prop %d!\n", prop->type);
+			break;
+		}
+	}
+	if (sym->help) {
+		int len = strlen(sym->help);
+		while (sym->help[--len] == '\n')
+			sym->help[len] = 0;
+		fprintf(out, "  help\n%s\n", sym->help);
+	}
+	fputc('\n', out);
+}
+
+void zconfdump(FILE *out)
+{
+	struct property *prop;
+	struct symbol *sym;
+	struct menu *menu;
+
+	menu = rootmenu.list;
+	while (menu) {
+		if ((sym = menu->sym))
+			print_symbol(out, menu);
+		else if ((prop = menu->prompt)) {
+			switch (prop->type) {
+			case P_COMMENT:
+				fputs("\ncomment ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			case P_MENU:
+				fputs("\nmenu ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			default:
+				;
+			}
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs("  depends ", out);
+				expr_fprint(prop->visible.expr, out);
+				fputc('\n', out);
+			}
+			fputs("\n", out);
+		}
+
+		if (menu->list)
+			menu = menu->list;
+		else if (menu->next)
+			menu = menu->next;
+		else while ((menu = menu->parent)) {
+			if (menu->prompt && menu->prompt->type == P_MENU)
+				fputs("\nendmenu\n", out);
+			if (menu->next) {
+				menu = menu->next;
+				break;
+			}
+		}
+	}
+}
+
+#include "lex.zconf.c"
+#include "util.c"
+#include "confdata.c"
+#include "expr.c"
+#include "symbol.c"
+#include "menu.c"
diff --git a/config/win32config b/config/win32config
new file mode 100644
index 0000000000..5740814929
--- /dev/null
+++ b/config/win32config
@@ -0,0 +1,115 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+CONFIG_PLATFORM_WIN32=y
+
+#
+# General Configuration
+#
+# CONFIG_DEBUG is not set
+
+#
+# Microsoft Compiler Options
+#
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+CONFIG_VISUAL_STUDIO_8_0=y
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_USE_DEV_URANDOM is not set
+CONFIG_WIN32_USE_CRYPTO_LIB=y
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AWHTTPD=y
+
+#
+# Awhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_HAS_SSL=y
+CONFIG_HTTP_HTTPS_PORT=443
+# CONFIG_STANDARD_AWHTTPD is not set
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_PORT=80
+# CONFIG_HTTP_USE_TIMEOUT is not set
+CONFIG_HTTP_TIMEOUT=0
+CONFIG_HTTP_INITIAL_SLOTS=10
+CONFIG_HTTP_MAX_USERS=100
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSION=""
+# CONFIG_HTTP_DIRECTORIES is not set
+# CONFIG_HTTP_PERM_CHECK is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+CONFIG_CSHARP_BINDINGS=y
+CONFIG_VBNET_BINDINGS=y
+
+#
+# .Net Framework
+#
+CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+CONFIG_JAVA_BINDINGS=y
+
+#
+# Java Home
+#
+CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+CONFIG_CSHARP_SAMPLES=y
+CONFIG_VBNET_SAMPLES=y
+CONFIG_JAVA_SAMPLES=y
+# CONFIG_PERL_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/docsrc/Makefile b/docsrc/Makefile
new file mode 100644
index 0000000000..574d5ebda9
--- /dev/null
+++ b/docsrc/Makefile
@@ -0,0 +1,27 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../config/makefile.conf
+
+all:
+
+doco:
+	doxygen ./axTLS.dox
+
+clean::
+	@-rm -fr html *~
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
new file mode 100644
index 0000000000..e4763d6f34
--- /dev/null
+++ b/docsrc/axTLS.dox
@@ -0,0 +1,1237 @@
+# Doxyfile 1.4.5
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = axTLS
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = 
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of 
+# source files, where putting all generated files in the same directory would 
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, 
+# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, 
+# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian, 
+# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, 
+# Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# This tag can be used to specify the encoding used in the generated output. 
+# The encoding is not always determined by the language that is chosen, 
+# but also whether or not the output is meant for Windows or non-Windows users. 
+# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
+# forces the Windows encoding (this is the default for the Windows binary), 
+# whereas setting the tag to NO uses a Unix-style encoding (the default for 
+# all platforms other than Windows).
+
+USE_WINDOWS_ENCODING   = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is 
+# used as the annotated text. Otherwise, the brief description is used as-is. 
+# If left blank, the following values are used ("$name" is automatically 
+# replaced with the name of the entity): "The $name class" "The $name widget" 
+# "The $name file" "is" "provides" "specifies" "contains" 
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = 
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
+# inherited members of a class in the documentation of that class as if those 
+# members were ordinary class members. Constructors, destructors and assignment 
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip.
+
+STRIP_FROM_PATH        = 
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = 
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful is your file systems 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like the Qt-style comments (thus requiring an 
+# explicit @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF      = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member 
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
+# a new page for each member. If set to NO, the documentation of a member will 
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
+# sources only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
+# sources only. Doxygen will then generate output that is more tailored for Java. 
+# For instance, namespaces will be presented as packages, qualified scopes 
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
+# include (a tag file for) the STL sources as input, then you should 
+# set this tag to YES in order to let doxygen match functions declarations and 
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
+# func(std::string) {}). This also make the inheritance and collaboration 
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = NO
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or define consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and defines in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = NO
+
+# If the sources in your project are distributed over multiple directories 
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
+# in the documentation. The default is YES.
+
+SHOW_DIRECTORIES       = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
+# doxygen should invoke to get the current version for each file (typically from the 
+# version control system). Doxygen will invoke the program by executing (via 
+# popen()) the command <command> <input-file>, where <command> is the value of 
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
+# provided by doxygen. Whatever the program writes to standard output 
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for 
+# functions that are documented, but have no documentation for their parameters 
+# or return value. If set to NO (the default) doxygen will only warn about 
+# wrong or incomplete parameter documentation, but not about the absence of 
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text. Optionally the format may contain 
+# $version, which will be replaced by the version of the file (if it could 
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../ssl/bigint.c ../ssl/bigint.h 
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
+
+FILE_PATTERNS          = 
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
+# directories that are symbolic links (a Unix filesystem feature) are excluded 
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories. Note that the wildcards are matched 
+# against the file with absolute path, so to exclude all test directories 
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = 
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = images
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
+# is applied to all files.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default) 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code 
+# will point to the HTML generated by the htags(1) tool instead of doxygen 
+# built-in source browser. The htags tool is part of GNU's global source 
+# tagging system (see http://www.gnu.org/software/global/global.html). You 
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header.
+
+HTML_HEADER            = 
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = doco_footer.html 
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If the tag is left blank doxygen 
+# will generate a default style sheet. Note that doxygen will try to copy 
+# the style sheet file to the HTML output directory, so don't put your own 
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        = 
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = YES
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
+# top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it.
+
+DISABLE_INDEX          = YES
+
+# This tag can be used to set the number of enum values (range [1..20]) 
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, a4wide, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = YES
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = 
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL=""
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all function-like macros that are alone 
+# on a line, have an all uppercase name, and do not end with a semicolon. Such 
+# function macros are typically used for boiler-plate code, and will confuse 
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. 
+# Optionally an initial location of the external documentation 
+# can be added for each tagfile. The format of a tag file without 
+# this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths or 
+# URLs. If a location is present for each tag, the installdox tool 
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen 
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = NO
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
+# or super classes. Setting the tag to NO turns the diagrams off. Note that 
+# this option is superseded by the HAVE_DOT option below. This is only a 
+# fallback. It is recommended to install and use dot, since it yields more 
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = NO
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = NO
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = NO
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = NO
+
+# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
+# generate a call dependency graph for every global function or class method. 
+# Note that enabling this option will significantly increase the time of a run. 
+# So in most cases it will be better to enable call graphs for selected 
+# functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = NO
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
+# then doxygen will show the dependencies a directory has on other directories 
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = NO
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_WIDTH    = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT   = 1024
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes 
+# that lay further from the root node will be omitted. Note that setting this 
+# option to 1 or 2 may greatly reduce the computation time needed for large 
+# code bases. Also note that a graph may be further truncated if the graph's 
+# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH 
+# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default), 
+# the graph is not depth-constrained.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
+# background. This is disabled by default, which results in a white background. 
+# Warning: Depending on the platform used, enabling this option may lead to 
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
+# read).
+
+DOT_TRANSPARENT        = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
+# files in one run (i.e. multiple -o and -T options on the command line). This 
+# makes dot run faster, but since only newer versions of dot (>1.8.10) 
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be 
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html
new file mode 100644
index 0000000000..84c2b81e54
--- /dev/null
+++ b/docsrc/doco_footer.html
@@ -0,0 +1,3 @@
+<p></p>
+<p align="center"><img src="../images/tsbasbw.gif" width="1000" height="7"></p>
+<CITE>Copyright <sup>�</sup> 2006</CITE>
diff --git a/docsrc/images/axolotl.jpg b/docsrc/images/axolotl.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..7352bbae836739e469c837a7fdb8114f786b2130
GIT binary patch
literal 3041
zcmbW3cTm%58pnSjB!MU;N>O@=NRbjk3lRun2%sWhXhPVfgr;<mzS7stQlv`}6{IUw
z1*9BBLX#RgoC^d3NSBT%$L`+j+|1n{clZ6y`#$r|cjlSTAMZT#oQ$8$0GtN8`nmw<
z)IXjYIQb3;-^6QQ7a@}Eo!vd|dpNm}eMI!#?d3$wP;v?=;A9Gj0$89>7!<++gTdge
zEO0g+cDA!;+4#?Maq@@=h=~dd2n&fzqGiM-6eNU%uV~0BD63%9F=8@WI+|)aXf=!~
zh!qZJJHy7u&d#Tb6h^B4&pP=4$^`%r1oVf1e+t9|W`;mvEUfS|AOQSlc6$Gr{!7RS
zFoD2eCT1`M!pwZyCiFA|m=Tb3q9|?Xd1G6cm=~8~c;X8d@oSYW+$MvYNVJ`I1S_0}
z_rgWKOA?nQrKFXVRaDh5>N?l)x&%FagF8f1Gjj{eyY>!bM<-_&S07)$2mS$pL6K3>
zF+V^0g_4w<lA4zOBqK97?`3{LVNr2ORrQ;<?`mr6-nX`WXs32`c6ATYhDS!n#wR9c
z=jihbjK!tp&s$%%cXs#o4-StIr^rmq%wT5N@5mq~|I-6TFhfL9&~w_xFk7$lVv6A`
zT-Op`RJO2+qfIus?Ysx!JV>S4OIyEF{{j8qF-QDg(0?)ig?!QsAXoq*;06Yr(j!1%
z1n6WEI12`yKEMb-3)nvbB!TBlVeo%1%vVZSkpMPR1+2MGqWR7gFczIJUnDw#SKbKt
z35Mb&hWO0KGyJeTHI!NRIcFpiNog)_MsCx>3cuve&<vX=3!YsREq^^68F97*bu{QJ
zW))l-T(m#cFVL0k9v8_m^yIt|2*;X;<9f?xM!RLv`=O*j7yi8VhYn;I44PlhCb5IJ
zIL6yAr03vk4mV4B(`2X@!n37zmuWf9COQkDY<hB{b<yMqVw%d*QcL(T-YC;KDI5X>
zY8_v>&G~*t+o4e7x?2ZhL>0|&)UBM;us1U2y+hqnr1zl8MlP&TeKtmuu@xzyFTbtD
z5^IB{EM;G3EEpmmqXCXWW)tsNQi5e`*4;)8rcd85vLma>Z~`hhbuC-<;K-!GCL)Jh
zEBdKs`V}XSz67XOgOjI5xZvM}`wGkrmbP7O4@qf@mW70RxAxL?nSpqg6F{rH(V+zU
zM9oUqH*GSU1=8P5FsH)k%e%`v%Opgmb1$`hxlFVsx*(Gne`&s60CX^#buRD(cy!fq
z?6)oX!6DzotoaO!ym?jfI*Z`9ATNt<^MRGTpBejEn0uX3a@0k?UfR=k;!}#J8a-_l
zYnQAqQ#}w7Wjgvx=tA&otci52@7iF4ZCmTl>vRq6omFR>h`1mj@&@FdKc8HKED|SM
zMlufH?L)6>f8(HW^EzHJ<I64%wh-#So1<U^iz~~J5fal%wPQR^Rnd9)k|Y&F)D`sU
zz+sTzQ&RCh1FbhENJ<{>67AiY3`3|uBIluZaA@EwfvIt-w0T`>aDlYNwO<imnw*ja
zt#e@8%|`>}bt8u5jd?o?J5z}+0Ypf^v>Um<d)gsBXuoCe^~^>dw)Bp7T;JrUnMvzb
zZOxlA>YX1AXRzSoc6;S+PfG*!b-#Bl4mf(`WIk3P$!y@`mh#*FWASuji|hQ)P;;gW
zG2T;z@(}-{Z7ZsN>A9r3jsTJsG4rcg>g4S#r;PZ;G_CH;QGx>_55i?%RwguO_13z+
zW_|k@&LP~Rb$2XP)hDyznX0_qa8N;BwM;!XL9;zrDz-^9hOzR%4DZcR)Nugs`?NJ)
z`ek5Vqo8}i-7O6lL>Zu8*3W(XI7x>4GpJ9JEdf0oLb&Guzvkar$Q<hiI~wD1(a(vJ
z!f3F&uTXit*Y!1L)x>+6#c3DYor~H^)#;IDGE?``QB?^dO#pSy8^8!k*Ga`&_)QNa
zd`O!9nKGw)*tOuPfQqDD*w|RUMN81N+nj!%%TIzR%cOi&$>-ANhu*)g4IW^RJZ9t?
zdyO*sxmQQBAD$mtqqMtL0=c65+TcSo6Q?I{$zT1|X3m;j?Y+;&qbDFRb2ReXjbyv5
z=Evx0in1l^6>c2+ZR?|C(~C;&ZtTDTMydE?%q+56E~IgSy<ySiLWi(T(3k_+?|FV;
zSGAtaL>p&3zw^6TUVk6j)frH~&<POD_Qr*eZPnJ5?;T~#spr~|JeG4)vmon%IuF#?
znl{KytuFffB|q+cC%3lrBh3&{a`;M^D}NI;{wbgIirIsogf<s?-=G_N>EfNuGP*;$
zePNy!P@BM|KyH1D?Ls+6J8Ng-er#uAZZxR`Xzp*)D9u^#AiCC;TK^J)_TXojbr~7r
zzJ53XaB6v0adVg4SjZJMkqk01C3f9|c6g^!bJSy?wUNeDGJ8W0tp0rFd>HTL&#=W?
zg2Sba=GQu6X735!iW;+VyyLo^WL5W#WAS=UX7Z!V%=d)nIspX=waeB?NroL_;V&T6
zt!D-?8x@E5ttq#9vJ+afZK9NI6E54I04sS`(->d16F~S|nFhN|DTc&{2}^ceoc}R!
zuLb-pXgyDMkQiusJ5=Z)OJi;LaZeo?Z|Z1f->*4R>XawF8Fgq<>7-Xt6JfiTasm*H
zwELMiamTvad2>z@@;r>b2-zDqtH~;6deu_QT9?9i_g08WSI49@db4D8jO*gE*Qo)0
zF3EPW@7pY<S>aXKSv`#odI#O&OD2ggeKJWdn_LsHS22g5=g22W-yDJod-*G7Q)e(2
zuS{1eSM5I_kT5M+#i1ol@%o{rNd{MJ+0I$Rxu)7>qtCv2zfIZBtvPz4P6x>kkJk8B
z-J&J<CxYx>XuVb`d*wGA<;3B+TOS--izD3pYJMiZFzd|?)a!ZP%3gtkIATQPdUnp=
ztj%21s>#ysY|6z=NnA!V084S|9F2h0Uy@t<N?8;!ZTWO9Nc_BYeJHwh`<AF;gB9*_
z#D`kI+(yu~1#kK)#ka1vWp-y|t!b=a`jw2t?W8t9h%R2ZKw>w0pjfVJlx*VQb)aQ}
zUQ3)CSFf=1I<QMuw-SHalIPym>RJ_s$hqkb59mKI_4&c>Zsqi(i^3F+Q{Lc(5P7cD
z^3w1Wivc4HCGht^u~tb6^&>m$qLxjV&m9NTPn}CUx1m#ktVOOhiD&L_^577Szxwac
zw~JGr$g)>$5UXkj%QbuaJ;X{<r~8<SugZl&T}@n4Cg}TV7Y^MK{NfQ8)C7(wqh0BI
zw8Cm7rC!3S7g9c3q_tvgS12{57+;@BKs<c3l()rJ2i`A1Z6qvOs_RmWmwE;R;<=g?
z+iJ=c2bNV-EKh)_%s~vg6^i;^t<_y@>^0ui$nMi_gG{ijvO44YZFF;e-rh?P*gO4<
zKVe(17IiCQB=Qkgm4nhcD;idd*ge(qQn}3$(n$;_d$y4#R^AfOs=3x^;Y8w^rT36?
zDm)H9yeKmt7WNZN<h#=F-Ai2$)YS^lNz4wtib$m<xXJK3Fb}|Fivw)k<+Lp}bHij@
zN7DwaqBB0m|N2&2%QuKaTesQE`{f*gBD-?-rMr<QKTKQ+G&p`hl9vU8V#MOY@`7j2
zl!m10P=MAf!`kRa&b<Kc#}wgOXTT~@zgY)|zH@89U0#@<g$vZk5wVV@;sF&8_-DjB
z?kp})u))B_>=WM0;7?)L70FDjXJOIvGbtc}M5qZ0C-AL5W|Tn>-g(X{+`5+quqaA0
zeJe;yqcG7a!21E+l^7#uuzDzTD1?DJG=lJKre<KqB|(D+hJ7l1EjYfkNm66^G)|If
e94`m~AY8k~I3SLI=K@yk{?qpK$4Ui0nfM1W@MwPk

literal 0
HcmV?d00001

diff --git a/docsrc/images/tsbasbw.gif b/docsrc/images/tsbasbw.gif
new file mode 100644
index 0000000000000000000000000000000000000000..cf03b121bf9662b954351cf22aff54b305d0cba4
GIT binary patch
literal 2481
zcmb`Gc~leE9>?z_0YgBWum)r&vMBn1K~d@wkSz!lB1iz2C}aQ?8-W%|T>|<raiPIb
zVFYc}uoM*#H>6kzOH~{(BAYt}7wXaX0*FwLb>5w{=e+0tZ_b>1=H7ho@Av)uz9*rA
zki|<jUO{GpDL_3;CX>tMdU<)FD9Y#aMIsS~VQFb;GMP-NRN^>ZQ&ZE_)I<=3R;wKx
z92^=N8XX<g>2xGX;!ujB1Qfv)!w6Uc01N;e00ICKz9>p!7>VN~L69gQP(Wf(iQ@1B
z$4Cs|a0{!zpD=iWk_1lTfWT24ZV8OQ;R+7{uJ1(XI}z|)-wA`)p_l+9315^XG3bb-
zIsu#jupdsK7!;5gP67<pgpDzP!D=K*Q0?J2isEn!O#qDY3T03Ol~9dhP!An{iiDCV
z^bK7S(3Tzv5<(;Z_0T%}hE}0(Jrb%Xr@-I|Jcn0cW$Ge<!I@zg4oM&zTp<P=-v1!|
zmj~kMk)UbljIu~=p${D12YMt_Z-`=mc+dd^hSnh=HGUWl>_(yLBZA3%g7j%b6cVOK
zLaC|4h$tl3Qg2T0o{ES<g3JWP4Bb;muq&J$p`V>TB5HPU-jJM1<CBOeq`z{Y_@Qq-
zl78ec`M=Wm8%dubG(@3Nvxh6Z{eOC#{$S`Uc~UF&p8!k}AWT~kUra-2bf&qOFGdRK
z2qT*7y|MFvl?Th$3naHG=+^G;a&Y4Me!Bgv-loQpHU!~10xkdK&4QUOu1Zny^P4II
zL*}3n-@TxaY2zgo#K-^xwL8A|%D7u3vcUW31)IBS+VPn`1a2Kw4GGS0J$%?dN>6tv
zA{FDFEOC{rAdb$PesyU<-@(sjE;ewyyd~7o!eAs$syx?qz{uCoJ=#%5s|mPb=p}PZ
zyWNd!#(IB}@}pEn{)Hcnnw=Bt_N<E!zIn+d31Kt#cjukkh%o3UY17ROZyqC6#k1u=
zc4d9#5(`7|d$TWNG&}zx3~@wWbPRHSVUc!ai5K|4akIMDZHVz0m;wyXLy_8aWYQ}2
z!DE}DfBpH<K3K>9n&xdN+-Qu5`2l&>+GwePMT06Oqw=Cvey~$$G0jZ0PaAI}@>3=;
zV=z(L7N^4g+yzdIwL-T0_a)yjoCa3YS>n)Wx}CLSq97Q#ypF-?kjrQxN8)<v&I^@*
zZoKWnkE_{H)!LZP@L%tO4GYDsSim`6ZyEdb_etyIlYS+%gWmjnm65LuY~q*z%`w_?
zfNYXWzH(UqcA3t8y~(CYbwow5B_?%M@DK^zOE$Q(C9(vBvS{f&DGnAgZY;~wVnev8
z<OL_#Y^jpZcxT-TRL%-AB{^>7xx7jp<qYy^Y+<@fPNs9i{p~q(bglGwS~S=$3f^x;
zKNHemS&CX~PZX5LBt?fiS?WO6x$Unu7u7Bc&X*pi@ijraJFPgWS!>>=FigX2R2k9M
zUcz#tM@E&Gw>3VGrq|{LX*5i?GrBetzt_5UcBtoAhk5+gu}*I4nXzAOb6$^Kcii{E
zJC75|N3Oc9lzK5Z(YiOs%)-1h1Usy?kzihr`1i5gD4-!`-0?imFfUsgP`uP?en7G5
z;K3|yuuzQN37gpQvTMaeM0Verfr|5eu5PxIbo1=9nRi8gt&R7?gc*~)V$$=%!1AZ}
z>$~EUGaBz>rDSBvfTX=e*S*x?c1}-_Lq+c6#Cdg#2x+@X_B}~`i!UJ=R=g!#A8z&S
z_nF$UkkQ;_mo-!nZ=XH7ChP3Nu46y%n(SpcJjoq0NwfR9>+HN;c?|wM+lhPT73Rr7
zOJ<48A_R(OV#zg)d4*V&P&K%c_U+u?CAhbmPuJ!=lcYuqo`NC{(E-ZZ{j*EK3D#zQ
z^0DnN?yjNv%8oD!LU{QN0uP}oXdKwbs1rx-79BP{RgbWLN{_0&acNi$s(H_szfJGL
zEPKwBJS*}dhfT^u0+k-P+>f3staI*MQ7m!;0)<>|+Ez9Lq|%!5WnVI5t*5^#6dtcV
z!6*BDI1zo7u|nhiN}J)itfsK|k;6raC5K%IH9LIq`&n!FrZNNp;W3S@53Mhi`$k_O
zTid=XsOg-;34Ff5_$G&LD)q3r80zbtV2p83nO}?)BuuO{4xXiw9k!J$Ta-df82Y%`
z{!vrFZ0enTZhV=MuOscfvxy`(Mfs|jy=(dYl-*%RlvAD8!G~l)I!~zz6c!_lc8kL1
zam#8?sf&vT?-uKR-Cp%xwB!mAuzAFM?+!QTaz%>M?$!8oEEW*WVP@)5o%6$tL+1pV
zUftws=D+B?d+E6Ra=0@Bbl>@{OVDoHHc@`^k=ydpd?(4=l*Z(Z=qfu8K0ZE0*4|Qv
zCoKG?x`3N$wa8mco54A_#k0Ng(xc2EgL0yDm{(md|J~{5=91O#e69<&-3jQ>$m>{I
zP<s20Xl7YLaml!PkFQ72Jx)*U<`ABL&zQSWm_>Mo&CQZU^J&soR+>?6?ZlrZM-1J~
zF36HS{Vk>b>|E=*KnwE<(@9}=1;}xg3d-$yl?IHbJ<KYwjH3|zGpN$XMG;W5SmEtt
z%CcKB;&^naAg*P{@etly_0hgnU(D|_OUz)Y=3ktPm<}4Rof3xmcaN!y;w(!0t4nn5
z_v!;rJL%Z|=5CeG&Tl<ItdCuY&|A{ot2~U793M9BA^PUXZ?DZA4tiKnq@G*5B6!4B
zvA_3Jf=}$X$UKKV;k=<Gkyy`zH#<jfTsxh4pr}gmWYwnrL9XWT>3v6k@OgOyd=wlw
zm3HV0D>N}|x@@XtG_pQ#;MS9O%~Mx(hw68{T=n$*gQ;JpZ`bddy7lzq`>AVSR)cIt
p#1L)vbSpEep}>k5GW>j6!!Byr>lX1FD`~oo+ucz3cs3h+{vVmAG${Z8

literal 0
HcmV?d00001

diff --git a/httpd/Config.in b/httpd/Config.in
new file mode 100644
index 0000000000..6b450f2bee
--- /dev/null
+++ b/httpd/Config.in
@@ -0,0 +1,141 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "Awhttpd Configuration"
+depends on CONFIG_AWHTTPD
+
+config CONFIG_HTTP_STATIC_BUILD
+    bool "Static Build"
+    default n
+    help
+        Select y if you want awhttp to be a static build (i.e. don't use the
+        axtls shared library or dll).
+        
+config CONFIG_HTTP_HAS_SSL
+    bool "Use SSL"
+    default y
+    help
+        Build the HTTP server with SSL capability
+
+config CONFIG_HTTP_HTTPS_PORT
+    int "HTTPS port"
+    default 443
+    depends on CONFIG_HTTP_HAS_SSL
+    help
+        The port number of the HTTPS server.
+
+        You must be a root user in order to use the default port.
+
+config CONFIG_STANDARD_AWHTTPD
+    bool "Use Standard AWHTTPD Configuration"
+    default n
+    help
+        Use the configuration file that awhttpd normally uses.
+        
+config CONFIG_HTTP_WEBROOT
+    string "Web root location"
+    default "www"
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        The location of the web root. This is the directory where 
+        index.html lives.
+
+config CONFIG_HTTP_PORT
+    int "HTTP port"
+    default 80
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        The port number of the normal HTTP server. 
+
+        You must be a root user in order to use the default port.
+
+config CONFIG_HTTP_USE_TIMEOUT
+    bool "Use Timeout"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Enable timeouts to be used.
+
+config CONFIG_HTTP_TIMEOUT
+    int "Timeout"
+    default 5
+    depends on CONFIG_HTTP_USE_TIMEOUT
+    help
+        Set the timeout in seconds.
+
+config CONFIG_HTTP_INITIAL_SLOTS
+    int "Initial Slots"
+    default 10
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Determine the number of slots.
+
+        This is just an initial value to allocate memory. This will go all the
+        way up to max usrs.
+
+config CONFIG_HTTP_MAX_USERS
+    int "Max Users"
+    default 100
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Determine the maximum number of simultaneous users at any time
+
+config CONFIG_HTTP_HAS_CGI
+    bool "Enable CGI"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Enable the CGI capability.
+
+config CONFIG_HTTP_CGI_EXTENSION
+    string "CGI File Extension"
+    default ".php"
+    depends on CONFIG_HTTP_HAS_CGI
+    help
+        Tell awhhtp what file extension is used for CGI
+
+config CONFIG_HTTP_DIRECTORIES
+    bool "Enable Directory Listing"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Enable directory listing.
+    
+config CONFIG_HTTP_PERM_CHECK
+    bool "Permissions Check"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Enable permissions checking on the directories before reading the
+        files in them.
+
+config CONFIG_HTTP_HAS_IPV6
+    bool "Enable IPv6"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD && !CONFIG_PLATFORM_WIN32
+    help
+        Use IPv6 instead of IPv4.
+    
+        Does not work under Win32
+
+config CONFIG_HTTP_VERBOSE
+    bool "Verbose Mode"
+    default y if CONFIG_SSL_FULL_MODE
+    default n if !CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_STANDARD_AWHTTPD
+    help
+        Enable extra statements used when using awhttpd.
+
+config CONFIG_HTTP_IS_DAEMON
+    bool "Run as a daemon"
+    default n
+    depends on !CONFIG_STANDARD_AWHTTPD && !CONFIG_PLATFORM_WIN32
+    help 
+        Run awhttpd as a background process.
+
+        Does not work under Win32
+
+endmenu
+
diff --git a/httpd/Makefile b/httpd/Makefile
new file mode 100644
index 0000000000..66e2908bd9
--- /dev/null
+++ b/httpd/Makefile
@@ -0,0 +1,111 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all : web_server
+
+include ../config/.config
+include ../config/makefile.conf
+
+ifndef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET=../awhttpd.exe
+else
+TARGET=../awhttpd
+endif
+
+ifdef CONFIG_HTTP_STATIC_BUILD
+LIBS=../libaxtls.a
+else
+LIBS=-L../ -laxtls
+endif
+
+CFLAGS += -I../ssl
+
+else # win32 build
+TARGET=../awhttpd.exe
+
+ifdef CONFIG_HTTP_STATIC_BUILD
+LIBS=../axtls.static.lib ..\config\axtls.res
+else
+LIBS=../axtls.lib ..\config\axtls.res
+endif
+endif
+
+ifndef CONFIG_AWHTTPD
+web_server:
+else
+
+untar_web_server: awhttpd/Makefile
+
+awhttpd/Makefile:
+	tar xvf awhttpd-3.0.7.tar
+	cat awhttpd.patch | patch -p0
+
+web_server : $(TARGET)
+
+OBJ= \
+    cgi.o \
+	conn.o \
+	main.o \
+	net.o \
+	proc.o \
+	socket.o \
+	errors.o \
+	misc.o \
+	urldecode.o \
+	mime_types.o \
+	index.o \
+	urlencode.o \
+    permcheck.o \
+	conf.o
+
+%.o : awhttpd/%.c ../config/.config
+	$(CC) -c $(CFLAGS) $< 
+
+ifndef CONFIG_PLATFORM_WIN32
+
+$(TARGET): $(OBJ)
+ifdef CONFIG_HTTP_NO_SSL
+	$(LD) $(LDFLAGS) -o $@ $(OBJ)
+endif
+	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
+ifndef CONFIG_DEBUG
+ifndef CONFIG_PLATFORM_SOLARIS
+	strip --remove-section=.comment $(TARGET)
+endif
+endif
+else    # Win32
+
+OBJ:=$(OBJ:.o=.obj)
+%.obj : awhttpd/%.c
+	$(CC) $(CFLAGS) $< 
+
+$(TARGET): $(OBJ)
+ifdef CONFIG_HTTP_NO_SSL
+	$(LD) $(LDFLAGS) /out:$@ $(OBJ)
+endif
+	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
+endif
+
+endif       # CONFIG_AWHTTPD
+
+clean::
+	-@rm -f $(TARGET)*
+	-@rm -fr awhttpd
+
diff --git a/httpd/awhttpd-3.0.7.tar b/httpd/awhttpd-3.0.7.tar
new file mode 100644
index 0000000000000000000000000000000000000000..79105fbe196f7f57ab442485351d5b69b4d87e2f
GIT binary patch
literal 194560
zcmeFaYkM2Vk-wd{!S(+TV>*dQnP=*d$g*}JijtU6BtueGyml__5Ezh%Kmfsk2Rqr1
z{k(qeUsd-U0FaawX*atOuf!r}daApttLxm=>BZ@2)Nii*;uHR?^7HWi{a^6U+Qa*+
z<$v``KfhR8-FWce{=>D6^#{LLU0c8RVD%Tt{ZBZi9Q1fNN(V{ui)L?pl0TgB%Wdy{
z9yU3f&<qg&jE~Z={`J>KFZT`(Kgke<j|cbemDfGefxTMYxEI#{!NWDRTidw5@!%K9
z>L(e^1kiu+^{;nF?WH%_aZ(?TPJ4r4?Y|~|YPF-&_Audpqth&D^v?R7Y?LLP_HdN+
zTJ|u9@$%?s|5?%>^!}1HMoBX}&pN$+HW)4^+pXI6o%1Yd^#&)s(J1RCSG{p^nhmnW
zq&>PbOpdcgIv!>Md3KfbF1ks(tIp`F+sKxa{Z5wh`YdgCYG+xJcALreolYldwJ#Y1
zqpKg*_m`8UXKdqIt)_pHm%S@SI{$o-Hb!X&fXT4Ox5M6e(6FhTW!=$mQ3F0sk2_Zj
zQ<I;-#WjD{UZubW%E=%-JIe+(I!4+Z@&9bFoYcElNjJMlT3I?84>GzuW_S!e8?Fqp
zes7>rFk2f>ZFt%ncbZ@%88W_P)Jsm=XS5y+N6WR^L6(BjFw)xopm*MGX3gY0?Tnd2
zmW;CDsNFrWF+`Bb#VHuCzez4qRua^X^iM18Hm-p9AE~W+ZL`-M4cf=!5#Z9KJ3c#R
zDy&C89W_of`w$T6C^=_I+r4hGzP!fVN-eX?M%L*t=vtg9bn=cdK{>CsUu`9$tG;Hh
z)q8!g1BEntO&jchB^~9x`;=+d>2*(P7wyq$bwJqwIyz(cP6%-D<94S#x{5<(QhTpA
zg`?WuyR@60q}}9ow{7F5)n<=Do<PIdD1jbCc8st+NDjx{y~E_V2TAo3EsJo*uW7eO
zgF$WFh1!N!!%=od7ccgnKHb?mj6_p=I)La-?HiW9XR{t=jqyMu8}@snPFt@TI<sj(
z4rlEy$Oa!5r|rh6El$=IjGDR!$>X%i46UsVptPkltn4xcgrgTk+U{c5?3hs-dOz)T
zvf*;=b(bDT<8C_YWLJwx7<H01&)dV^;L5s<+q!d=w9*dv&<c&akZP6=Sp4R4a+qbc
z!>!HN2ir&AG5J>+?4sFjB&|X33<5tHT=mn&J1}|}rX2Bd&8E@g+99KLa?>8{WM_#j
zc4R2<g~QE*?fs+e-4{vLJ<((#Uu}0b&}fkUHJ?TeLS?bmm)9BGMt#4&QIC7%+icKo
zwIS*_X29m_64Bs9IqouFmRcJ?E96)YV;edpikRt12p64o(pGZVI2~uuV|QZCY}UVy
z*^j`}SFd-s_xHAUk0Ku^FML~kRr{Z|Oi}aDOrEF5gEnOTDjl@5D)ic+nAzDF%IRjA
zc!05-tZVxsZdxs5n!Ia6@dF`E{L+>zK(1Bxvv>LmYD}|E@^m~nfu*&o{c7FboVH;#
z?AYwAZ`?)%TkMyY`>+4Bm_#tm_OQ`o@8wvH__W2Y#l>c}e@NTOZaaejE0`?E#P^|b
zPmol9qm^t7+CGLrAfr>J)G!w6B1NcgrrBAqt9{iNq{CDCs&`-tuf~G`9IG<H+D@<c
zPE5%*@&3zw+p(olZZ$8`K{I*N8+6mihy#(=p7+Lv@G3cLoSQG}2ZvinNsqz8JB=fc
zhsOLmqYO}pD$qU{W(b4YJkv9=){xZuecDgE>_wRS<!FJyAC9vADUU=K;?3;}zT#kB
zW}Ut|VAky9UI+Pm4juKzLl$c|Y)f1eyt6$VLaV||_XN3}JRP**o1+P;D{tCvlARr=
z0}yKSC_q7Hz}ZK350br8C=Y_F;20?TJ@5-j^u~xdEg8#%6p)1K_Sm0rvGe%_?FFsh
zVXwo;hlrEofwscXIMgW<%$l`0IZ>b?)OFfqLo+ul<~;lNS*w+7vDL~8S9?~b(3~}h
zf2w~8Jr>nFOHKv|arh)Jgi<3E$z`AI=5q34kfQf=rtl`rjZaRT9Uxz`i$zJ&E6JbM
z7){2NgGb36^BJFIa{x6pW)mW9qbH^B(qt~1n?R&5c5PF`vK?jvWNUSsy$dZgQp|ay
zOBs-uo})#XvH&3pyUcLd9*LbDo%YUHffqkqwjPXrT%PQ!b|{U6si!V#ZEJuATN`y1
z1Tm0arC=UVTWAqe$SA=XwfjkWEGm!?LX1PO3`;CzIXPl*YQUfaA+*GJ_V*5s>QA?K
zTonDD=Fd@G>F6Y2>Bk?l=4?a>T}AIua8y~sgp3qX3{WWFuxt9h(#`e&jaJf9dM`r^
zvY^p}e>6l6Qb<5Q;!#`Z4I3KTuXoNe8&-wf!uI^Hn)WB(MDjJ|v@sYrB)p5w<ohxR
z#y0@pZ8yO9FnNly&>l@JQFU&k0WyWr1rjr%z>2fm(xxPaby*f6n=iJL;kd7*T&_)6
zN}vDyKZt>7|0AAuUu^wP*#B$mYik?W|LgZx*YW$T<3d^6xVN$P+5Z3UAh(U>)#V4t
z(vw8LJe*`EcawU*-;wT&vNXvmO^vKFqcU%SooBU#uh7#I@s-xN+mP;)%2dOk=w}V|
z@<!Sbk2Q`oO!n(XFW+wOKHrnb<!e{}-|p65ZJ8lvfL!H6r$R+&4|-jx&5{)oZJmy!
z9=sdT57z@kBSS19J&d)PvM5&uEU=mNGvvC<K$I)#Mv{udWXa9e^LBR8IESC#O%6~W
z&q2fC*1@-12X7Deo*%ubA8ffQT|lmmDR*j|T`>-`KIsf$ETyv9%ZA-Mqi7&A_SnBn
zZ04bE4{?HIsKmzb?*tKrmWYPtCIw>W-TZ=N=9w8}uJK?N^aeKfUiVzqppc%VeYDcF
zak`jnM~eX@AqZRy{Mb7?Zf8iN)RacIZxW;oeV~1q!g^sgCOwKG45NT-WJ7FN=@AXg
zf@X3N+!rDMJ!bC1Y{2wQjZ(XQI*=ZrUxm8>LrciiFH-zJn)bwNz+{(bDNQ^^UFgNT
zNyj5JmQf(1i?lsLX&m=`Q6uEovEd{RPim&m8UNI7?;^3uiGHkSVGxyM2L2u~5{)fP
z3Q2th;kkb-%*^yf{v%>K+<vk7a_1Qu)(NX%iYoxH7RN^UKICCBW<#P4X_P&hY!|d6
zx(7zUo3tYvtt(*YNAuF25^V9bv%pYo@3M^>ZBtxNy1jwmgn<Dl4s9rPIh8x^!d3#i
zspr&xF~F_hbOQZWH$BZqgR90#`>l+3bc|DcOFfn$fMavh#|4ziEW1tUV2EdM07W+2
ztrki@q`-y+*RA%+c)()zy3D`c8TLe0%x;if;6yP(Dtu#5myOb<j#|(31c`+J>qEfx
zuQW?OZ}z%)5XB!DM{a0aKj8NrYa|yC^GcaWyYWuC<|$+_1ZN^A8#+GBM7+vpGw#|;
zI#^B~Er>z1`_kp4$Ep$jrL=*k3F<b_j4>RiJb9hu{On^kS%Y+Ng1V0<Qlmq)X29}`
z0j<Q}a_#_TjMJUc?l{A(hj}fo#V$5xAwG`hAW2^Ln`RM+RGYm9izG9!)sbsfSVfb>
zQ$p+ek^MiIX8(m*F&quLjsBI;F@Te>ieet;y>_$Ya_aWFOWiT^$MVB9WhmCH%(QeB
z77MNc#T4M!s&c}x;Z2}StIndpdh;(h>W%B<rmI19ptc>uYH9C@mg4F~u_N@pS6`c_
z8ICOHuX3x3C*rp4^2kPLv<MzpEA2p>6-`+sJc(Qv_J&2*LCC>Z#I8VimO%8z^u*pl
zA_Ohs>~#@;unoEF_$_+knu`oKC}+$Ol;ZnHnu8wJ65eE%HeF8M$TMo|o3+w$XM|%!
z8wyJJ(Jf?P;2vn0J45Z})NQcQ=A7b(J@eWf8=LoGxj<og+ary_wqS5dceQhqQxQOy
z-bUD4!(@8NAc@?%&p|NR;|!P40JPzeZ?osJp_BmUgK|+5iaVi+_H7DbOJs@(V@;dp
zpcQPvL-1j}lZDkW+58+ox``uKVc9jXBeP63Wh|u;3uxhk<>b{Biv-(2UYHx^3=b<%
zF(IKzH;=>%;F!5!2}oVE1xRI>A#K7#_K<eay|{z!Pw$}H6sWTGn#{{^HI|KH;6^B;
zyTJ@~@}F&nx;Sm)O@bL<mwMZ|ad(Vkxie?pCe{HQ<J-6dZO(M&?<99LpI@)9E*ciw
zUFM8H#_@zkVoq!b)zJvz%eaH%BbmXV#M~4L*$C|66fW6fNG$MG7YBC4rS%p0c;iYu
z0^Y1XU&##)+$c|s;wLR~@xgvaqFApLT`-<&L<c?5;qd^~Q0fCB249ojcN4J{`yw~-
z)uWS?M~nJ6b3~BYV1Sb$Ze}>DF>NCw=TNyp&8$Fxxer5F)yIMgY~e5CoTy!aFH|Vh
z32Gw})V&!5h08O=ed7@i{JD>k%}!4!FXKfnGTL>;wZy34$HocZQo|m|K-oboqJO^2
zvOd8jw1#HpinV4**sjY)>t<5!(2K>(<gSorz#HTjFivrFCDNDX#+~*V3$)aoGyR6O
z#U(_9B}XcPHM6xW4YeZhZ3wJ+F$l2KGn(kbeu<!%n}R9Q@el;FE7GC(IXxbun@=oT
z$r%;J4~?T6QA>|D0*i|dum4ZpF3B0KBF=vaF=S;^iuRj!cVoTmNduB_eUTl@ZKlO_
zXbf$Z$F2f+!hhwI;j=zw&1Q{TyCwRc4I`;(0~ttx9V)^K6+)rz<uslc=OO2r39YI-
z?mCZ~Fybh-aOK2U1Gig`#JMqxI7@L(HwvOVGdeiU#cS@TpvlPPJBWc2rh0spOgU3g
z2j9Se(aGF7#iH};F>Yd^K#Q?S^b*d$bRgphD5o$Q#a_4J8}S?4>>gr^pCQ3VJtT}~
zE?rQ3CTbW!;i-FL*)12{PA~OvrBUnDvfeqvkGwKAz3Z)%ui^6W^bR{l(LGl*fezVT
z0T<xj(nc?B6@NS7LHo{Dxh`j)#LHSl`1&k_htU#YM$!>zj1fnLn1$L>_yx=s4shv+
z+tPVEJ@|>3wgfvH+%%K4p`EY!qpS1=n04&8ra6tJtT+o7-i>uQ<!O!Jw*&Zw$g$U5
zWED`FyUB?R@B*ZhnDy8nw9g?k+~U3y0KxYxuT09Tez5D*(OkE8+-qLV*+_+Zy!Nj6
z&Qg<6H8h4k`nWM-H%)`ZL}$k`$qU0Bt@<$d21I4X*=+5RbYZunnPIdwG1z5I%-3;N
z1T$XxzX#)FGt!45nIKZ}4169T_7%8&WI@{KK8k9bBq3Ve?!s-^*QP|8<a4t}%Axio
zL!`@z@7NCTVAqkg3130Ywm43IxxIju&>6$!m_Mr>TP=I+dkMp*)UPR?BqFd>3Q>R&
zZ>FU)P7e@GM1S$Ju;*qnrLsj5{EbdNrQ{FyNVkXRYqr&7N)qaqvgVs%HExEr>CF%{
z!4Q|46_#=$t8NSCz{Z%2dPP|v(qj`UekTX157<--gy0=kSo=bx=8JN`UlJkuEDC?E
z0_zp0Uxc)=H`69>aw`k(kcS6%wqI=@Z9Nl#T3^~kN(gbEnagx_kuM*UFtd>T$3mb)
zCn@O&kgHm?Q1cv4q`v5VGD3%yhHx8DqPb+=m>?u4D2)|i)!9~>wpj<5y`RGc{~hky
zkKRY_|KHpHjx39h4qpIo&i}*Jzoz`p)zy0>i9USz(DMJ*?tk|Gf0D(R0Q$>cCj7kE
zeVx46+TA*+?<D)LpYCjLCj5VE_i(G`4QTT%Odc+rtS=_NCr>6>``z!>YBlt(sJYB<
zF7WWTzgx6d$#XP*#A0hiwnRpN7G`8@9QSj#A?1Ug`@c($NFhO_?RU}!UgpEG6zYu)
zOwXsi;YcdPt9p{G5+hn$TH9ECh$(wmuO(Z!2Ci`HN#Brd<AM*)Cq>HKy{J7QpG=<j
zW4b=mOYEYW>wbKROEl|Z?nh%zd3nU4QRhiD!gYx5plk$l>Gdwif~tWIL)boC{|qq?
z0^qw!hcrk-Q{2uNIaXGfxn_@kkM~z%0sUH9W-2c?0%TBYfu<%YRJ<9I{^6-t?&4<v
z%Q)cW6vCx}cIOJUEmlT+8Le%9d`#E1oiGuGE58d)R_p3yoDP)2ky%$50@rt?ceOa?
zr6ooqg%#DA5lMu^SHg(ex*dX%q+CK%2N<d(Q0+x!Xh|FzE+Ya-CY=mFL2Z97SdmIR
zea5In=6{Ysi7^yW{9buNmQpRztg(CLW>DrTSUQstifZk7HHN);Q_TFcN?#?4EP7&c
zQC&kp)Vzi49ZNd7O0Jn%@M<hCB*}O9btS4bSqo}07_G9DLXB8TZ4Z|^RP#o5G*&nw
zJ$)yNG_1xs6K`Q+;2uvRjt3L8Si`=6=8CGJIV&+X*#rFSk)feY&|Y~>aYHh+nyb1}
z5*)ZNUD`XoWv0fL%$u7Pg2l>59{^Y2P7x6Xm9$#|jlXGlx*(eMu9!<B!>0$jLjo>t
z9aIT35KveM6T}Z8TK+73sy1O$RH%{9A-;rdjk%&x3P{(JZADoT?_V2F$Vc){O1_3D
zxJ|Qpfx;Zf?6B22BA-nm5A-HmKeNr0sfqH<CK8eiml%f%8Cb}|Ckir-+szupD)uB~
zX3(wrV&HV*kTh@JrNejrip{T7G>eXCg5GMGd>s3x(hFO9*ulCKfEe6l9K^gx>5^AS
z+e|u|I(3ZJX0B)%lZzTrK)<>6M81ZK=e$s+DO?&?wy*3=a6_dck{INqZV^Lz7}Owq
zoV|jtK`F5kKpNYbd~YYB2%9pVVAhd1h(%EBkt||247H8SEQ8{|i{DO=GoO&)$_B&5
z7f6i`BYE)_2A5MFaO&`td>lBqE${~?Hk>PhAs(bZuM#5|erpeEacQ)Njld?U#Qm(J
z3)Yl0z2T!|er-XbCm8rZ$r%prbHd#7>kE*s9QPWH?W7=2g6}{$8rn<6l{zl*NV=0{
z>LPEkyu!d-Vd7yK%l+AcdSFd!kr53J>{IS<CwM{C<_1+x@E6*R^kdi#1jl}7Q!5x?
zWNu+Sd5N38T0$DEhgB!Yiu{)piY|E`iq+)8hK1O67fxh;`Yv}bW17h()Mip*s0~e_
zGd7{LgNv+Y<C7R-(IW*h+^}Q})53&|=*sPS8<jhK34|i))6OD&_>?4MK!jWH$kIWt
zId0Gw!!RKtFFI0BN<j>!1^+;VRSWXy4h?WWm^5>y@?2eYAW?N<>^|%jO?Y&QN`dI6
zFT}lYsbH<m-W7=&;R)>y@CDt8w`x&50;e@@%JF4hZ4E8oq2|q%o5zqIJG4oVB8c;)
z>2c`Zv1LhkC%Haj!7H5dVuY-}8+;kE$HbX1g&4{R+u$Egj>I%$l#957xTT2~MOk1c
zNdv1sj1Uxr2{{|UxD7N<lue`=NDI0&Oo_|$Sa{Fdv9#dR`85cj?}ma(zH>#wAhHQN
z1f2#`dyp9{7V<67dd;aV#DrSJn|c?^wf`4%-y4);RM?}fgI9-1efL?ixwrdl`)GS_
z_b_?Bcfg-!Q7tCVwhxaEwx7P%D{J^_@7ebA?ajI#NEKKOj?fvZQXoguc9_2FF^WeA
z&LGVYchRs$LTQh<6j+cVZS*RlDA*3!tQLAtJu0r{guLXUk9u;G^9^dE?;MAwqd}Xq
z)eEgSP3QKV80OHP$s4{{Bp(-EW}2RcZ(<=540F)vjqgE|b2gP@a-6lBt>*}hQ$EPK
zBqPKb#uVO&3<Q^<w$IsJh!2C}gD)oBNiQDxp4RSy8K>HL-Zr2ukaJRoZ2m0Kg((w@
zwJ?C(hR_TYb}f^Pxx&P9(b8QuE9j!#$)ZREl537Gej;^k{w16dM$iJq2&?dcI%Js9
zH)mZam%!pG#zJ_<Y<y*sxpMDw(mc1s%EQhu#)}&Yr9g<q%QuH$Q9f}UP37Db1Scif
zIEvME`=T;QQzn^Dt<aEJFa{mS_G>L4wikS#kq<eQ#FkeO3SVF#6}h2^{Y3|{rV~*Q
z9PRC>Pbo~N9jqomlN;B<7^P2Yd=iIZL3DHzb*Qy9ErMUj)g5ufCN6uK&~$XlwiT)N
zo(aZBT68#;=)!U<jB&w(XN;I=C@MVT2@H+Vj0WTiI4s5WbGegGQeHP>SDc$NC5A01
z<l9t>jW}trYE-3(-x-$m7%i{VhN$sKZI-j09YR8Kdwgc++x(DN)PGq*@>kl8F-HLq
zGD0*Ki}7+~3{UzpD-keE!gPc%$Z{)SM2#kJ9)V#JjZWIuAvgvdCI8nRWn@c;0^r%2
zPR&1)<b#nL&(Jn4la!NysbEB`NVI^z0akO%L8ECmU5V6Vr|Oa-P(>YtU{kTD1?kr8
zpqcOM5~5kEe3jhNG3C`{iJJ9KuZ9Xx5ZUlBls0oT*SsgAV$)s4ZkZ=b1!~;M>pEYY
ziG-<CNn-_;Z7DxQFtnvK8|ADQlw&-=y$E4eD7)t2m>`(QG3BWTx{gY@am7IpWG#t0
zO1HR{75h#MB+x7?n#S78tjM(d5;qo>a#6y;Fq_<3%>uSF=n~RE;Xcdcy@p79?U3k@
zYmnoQBrgeEEEGmSamdF<0>_iX-FSWj)zkDjos(mG2a+=wmdIfaY+sgOUpmim2$2IR
zCKn0Mtx#JF;s#UWFxr%Sj(e>nV6_fmX9d$1p04TO$G`=~TQ;sm*Tlml*6o>s;)puU
zOK0s$1R56BVAyxO8)Utfj3CMOLQ_IQg<hB}IytkD<t`CryRkh`JcwY95|O~&b(%on
z^<nyrg{ZpcsE3G+tCC}Q2549(0TK7jfK7K#S@sWSWE6ta<Z*<+U`sZkFR5tMUb0ez
zn211zz@qd+k)C}ne^&r#u7D6`b05=y$PBtE+`<e)wiwNYHTaa0MPMZcgggoSlMOq7
z7lg2F3iISdzG$1wtiPyhi9S*T5Llosx-G(_?K4lOvR|+?Tm#GL1B{6~`#5sGw&1)^
ztkHvQ;vXfop0yJP3fQ*gG6+1aY?vTMLk^3+5jab4Wbu{ZJi!wUN?c~tl`Rg)7`u8T
z<6i*wL#GJatOF~lEUG-H212sVM0!pMj(qnLNI(@Rx21Q@Fo`lc&Zg)tY6yQFllx;X
z7>6i-TM5|m0-F0#@S9j$ORfw)Ig>ETk5&>GP>fk2Lc{hzQQ@dM%Rz9fW!c~gsJjVa
z?1=U7Pf&AM^lP`~qRA!s9@vNM0a8^6R+}qVs*xs8);mN=!;IZ0PNNQlROx$X;27gy
z{DN&#7LLBM(s+!+V%79)MDBaEdEy<d<-@nFBu$~DXs81z5Y?_h!c!Ek_(7TD^MPmI
z<Y4*QSP$5VET%YURuU>TbP0VOsK+K$3?(SsYT(S!d_$lvd=-TVC@I9Y*n=Fv7634J
zh}(It1O(;>6><bYiT=LyH7zZRXWfL|af%@1t-C{LX~w5dYk<RLpgeAPF$&Eo?hJ`(
z1SmZ4h!4@W@-TshFMi~TqzyITN#IQ}D*6A!<Z<k|gV?=FYG&l6Bn;pvmyy9jHz=X3
z-Pa*^&9N7{lIGc~WtZ8&&0hxLTuOb?$3WRFJj~ZUAiHEh;lPbqmcg7NLt=(i#+<j=
zZB3WPi->A4nQ}-NESYQ<6|gO&727<tMP>mij#5W%A_i%O)eV{mZZdjL&U+nl?^qA4
zUSdQ846DG?J>sMJx$euJ2waF`)F$g`S&Yuvrf_3ciYpuieVLToC={-!0u`8aE?l0%
z<meG%!K^+E>JQF7WK{3iYGhb)xJ1JxX**=*q6SDKn<0NW*cbTFnu&&WPkWOHs4Dla
zM8OQ?GBchfm~v@=fkJ<(H<V2xbp`r0#0w94M&hY{!5uB1vgJ0MVO^p@ElHSbkj9)#
z&Q$G0OLCG&x9U`wF%^{vFqUdys?)Ir4vW_S8izZSeJH8rj-kRyD8cXA*w-xoqHBg|
zWYaTaQNn&Qm78<7oI!GM@N=aG%N;1Eq!f}XoK#}Cq*2JZAQZ8cIq@w%haMsI1MS{5
zD0C@1fPgr+w8(*hXea^*?xTgk1YlB8*A9p)??)I>j(dYJiE-XyCx+#$E>2|~81=DF
zBL@%SW~g&<4U%i|?=$&;H9#$#UIS5ADVe8ivzm*7fvbrvkoC-iVhR)VSemk2Dn}9u
zX*fo&HM5f*m<ghKrf=>6EgR<(6eSd=#B9sKi(yCtM>hhT)`k#lYBvekXr|fTzIkmo
z<q9fv5vYzY$${%ZN!H>}`HOB69fus&1<90ZfXu1Qn5lcjge6>^vNL^4oJF#*MzpU5
zPi@sQ1D_TVeJ=8qeVKC{eP{J&eCs=M5eRs2yi2zcW{eBlflkJ<w&dOoRtuJ02Z_qY
zso|*afoo~+rl^yNBo|3bC%A-lv$H~bP0TZpEut)eEk}jPFYzVLtlKwQDaBkFRW5Y&
zZ80Ng;w1}@&yIb?Kx*Nb0ZoE3>jJbyMg=i2R15J*bOnE$qIs}@Xe>f(xl)_c5TD^m
zivG#~8B`ye1yW;K&Nw;~4{V&Jf8m{G1(#OHYu;z55&O{wS4}X7dtF6`v^i>%S#`V%
zjJG;}OQBq3*PGsAmPX!HEvW6HMDc%%$yc$5kZ%?E2--q{UCG+A_yQf#PiBM;o@zi3
z>7&NC%y1>)-_jtA8q7^?s}Qz_uuBp!E?p}iGy%Y9qX^y=mawIQ8!)grw&3BgP*}s*
zC%#^^qc~txwRTFpU8s=zl9h+>s6EBG6H^;)4kaKH?xGSh6g5badxg#*D$?iZN-{b4
zmpsj&np(`YARyy^L6<<C6QzoJvrBgSP=2~x)JJw+QdJbql!M7CveZn+Aw*;r{&n3~
zbf&5%1OL>?E~i0@73Ifa%&3<-4qc-sm_I8huQP^K%lBdQEJ%g6pis_S86TK8WH=y1
ztQ;M(RicJg%#=L@*AZG{<^qMA0z%ysvVrMPE1As@mCPGC3*rDMiGXW`t?fzvTIfz&
z=UYtOyYEXE$N<Z&ur@`KEQzW0!9Zp;VG)J}AC5>Tr1}`M&8N=`V;~m8M2?73HNnDm
zk;36L!on0JTwNHpo-DqS>MrK3nBb9Fym%s^c_U*5=}t)q5bwo$ARLlM?}MQ@Js*dI
zaIqu5q`>%qv^VKFCspT!xh<DScbA%E0;sI+M<+X3AeyWKjs)2P)i^$_T9NU$(i%(l
z6R{zX53|QR+p$@@5h(VLShyvy=OfOCZ=sX0w=@;QT49-lREG!49!DWp%-3|v;Sxc-
z&y2+|a!+(|7|J$KAbu7q(r(VuYB7);-Y{Cw;hQ*L0W)|4wWyysE|`ni6^KqAYyVps
zLltMN@^`F;JWAR}oQSnFDi*LcR`n}#9LfnN2${-MhIb@t-PjBYX<z_G*N~gMkmRtN
z_q^CiAw$JY94uRitRYG&cA)5#Z4y*%lT4aNK^V40AF7<73w9C0P)A2%WPk@ufm2=0
z6M22K)Zn{hoqBwm9HEvBLU;Jlh_M(2yK(6Lnq*$su?U=tfe;(_)2s`NQcfZjYL<>i
z3uKDe=kcEinVOW33eC?n63pe;alxs>sXtSANGK<wAf%VNnAjsGJBfnYUY58}gk1gR
zPU7pog#eK7YK((QEUQFUuuV876gNb<8n%evw$C_PO0g*q7V(wDKgR$~`6^t+$c(@h
zwP{P(gvF65ZmUsz7DT_av&td@9`)4;votE<BGNb}8*9oOp0jA>%p@yHL_f744%p=?
zq^MOiHcOPLcZHd7wPYy;rOjQ^6JjqgKk*%u1n?@M6}Bv+mAHZ#@<1sX3_^S@{Dm25
zS_Sj)DH`W7!y=@7iWnGGMDH;qC*@f<E0cN{JjOJ88IC-V&|-4#4zfkg@iRSqIchvm
z7J@#mLb8*h$-%Eww2~(6#xT<$tJgMVW_}14y<+PoIU8e+^d*h<fOC(^PEoe5R^^zp
zh++5X&k}fZPkAP4&7G1y$D)y~zB%He7dd9Gh6GA<LxAF(Ds`&}>UPED)*laygT);Z
z#{dztGNkVqsoP(^>qVR~okr{DyS|U3A5z85ZU?c<U1t#(W54FBbH{<|IntMam^a&7
zD*j!<ug=>TLKNC5jgVd}$_L})HH>JKo#33vZF?il+{sZ{Vn1aSeJ$*_yq1BBc#ADH
za)IKftkJ{SDz9uEvz}6|^OT(0iBfe{4$ioaN`IR2z<f3G3x)8}RODT2A&f&lb3P=F
z5JhS?6C)e~gG}*Qnnor21kgiLOtk&AsPW*ntyPM$WYsjk)(!x9<GwhLI`<^170#%#
zK0Ko&f`&r~f|ooR@(&+K8HA6kuwOB*Vytm|n!PV_7^HEih$+~tv%w$<-C#QHDZe(9
zzl|hCmnE`RN|f}op6z*ffhRawz8Nh^hiPMknjy<Rt};49fD{Dx6qUEW8xg;im@{1D
zGt)k2<jOP=w+|p9$D+q5x9OAcK}-%c!^n!}g=7{aQb;BfDos9xSiXIT&LBJ8gARo{
zA{E59M#v=+S2WYhDLsy3+6*v`j@OvM%bbA-SniWd{**p`!%0_6Dd`2d#$h#EVPnMk
zRFts?a*zcT?0^Gj_0oFXodXX+wp0D_1c8l(Xo!$Z7|HGL9jL%*vQ0%lrLd~xqIesy
zqCi8*@4;gfof#TKFAb4>4pl}6Bh)YQ)k(#i<pwCGy!=kNUL1!|a`Iu^QpMp2Q_5oY
z1-W#XaKf4`xeoQ=(oovxP%(V<GdnXY=m64UwVn8v=^birWf-=3Y7iz89^Z;ZpUDb=
z8O2Q~!&4hK^y<eWB%S@BA2i0kBv6f*?A1cTk#zx+^9)K*4+DS@spwLxS&~u!rrj(5
zsvP=SLe_Xp$_f9(?m}T<txP5G=-wQnchVgqw4z*bW#QZ{ZH$NJAcM(i@6U;O<32(?
z3lK<OlR^}Y$|6UjaGo2+XDQS%Nh~n62+~B0OW{gaF$sXBHHFv7fqJe}XJw}5UIaA!
zC?F<(-dm1>ipm_q>MUC0v={aKh&8#$W{)N(&eE9-Bj7c%6<H7AD(0Y;c8BQ-7Ag~U
zMvef>#E-=j6m5CgArHAyVc)i?D?7NPwMwbZkCY<zpiC!dK)ZYp-&YR3)OXwW76k-r
zQVny7mB%A<4t6`{C%U_CzkaP8SLG*blMUr~l^-%V89f>)dSpa<sLc{$mbGm@40awQ
zF9j)3fl|g#dgQ=pciZ0MIECv8hBvD{0?*>DRMWx<V2`AiSCt0{-68eP$PEpEbjV1*
zYZnZ%AVzXjnMMF`)ddenop$$<H}!*q`tH$p3bCw_yY_Tzv;O*UD>-_(mFyqvy*Q}9
zO12N<k+EmV^MkFeWbe7vynV5?sCEZiYEg!z9N7{8TJ722TYoy*+C574$*bKy;tXu^
z^t+_Kzt4HJI_0*Lo%$QFx%H>bt^K3q&C9Lb+Md9_*=9V4M|FL$y_>wDOtp$es{<wC
z9&EpOd6c}|+j+KiVA;AW^ll$ga_-=0n=;-^<lF6M)k)3O4;l7c@@AXc5nj_@K!he&
z-~BH6!}jj8#bk@OTL+A3|6uFzaO+tO*xRod@fI()cQ<!lKVvMMXamCT-Vu1R!@W${
zP!rom=nMw<wO3mQI&&Ngom%Gb^X;Quy0HA>x{rMG^-leOLwg7Ndxu+KMl%L~+aUa4
z`|uCc#jgd#{_%BP6;llm*aiQu>bsk^Q2MB}keY7t-QH`!9Wrl<m(f57vXvI1wvuOC
z&$l*@w!dY0X-PMSuU|RxHunyX3_&|P$?n!B<E<Zjm#A{y_NMSqJJ{N<Z-aj2NFN*s
z%HFQ?7P8w|Jg8*rThYMlUFxeJCI?%8e9e4jP=a98UqEe)aIduPwKv;zt`(YG{6+hO
z7scX#2N~^g%<#L!60;3KkO#xeGq<Z$0Z|mxS$_&PSX(G_+X$3_2q7ZxXZ2Tg&WtbC
zaw4!Xg_D+?cHH0E+^+8!kwAK^^^RkOgO`7NtySbf0Fu;MPS8hXd&91lOnXqYwi}A!
z3JH_@a=z$$g8oDoJA2?4Vt!UXstc6;`*cfN=U{7>&0^cBzDeD8ww7Ax3kdY^HJfdF
z*A}Iw`SR-M<@Uj|xS#Z(o;<H_@4SW->7q<y^t=ZO1=46uD`g83iR=)Mp=co4eoj}L
zFT>Uq(DK5)WGS9*(X9ULTNuEz&`*uMaJcOSg7wHC1UwpJQ<#@s;_YW7@GJLUO>o~z
zX{g(AKJ+$}?jv)k@$fq_++B3CAmxVQjzKbpt1l4FQn-S+b8or{&J?A})hvWSQ01&{
zv+_Y=`4Q9c=}3~)O}k)m%Vdx<LBfx?JVKl{s8jrpM<#<f23M5@E(0a+?ZA!_lS=*%
zMY-{+dctYc-*fk&?aiaYB|9RG*Xxeuc?EK^U@qAJY`iYvVIbRP*bUQ`rlt|+U)z~i
zHMaadp}`VxLg-A9L7R?3>3#wQZIPTo6ohl~%=Muu?<P?BIOfs%Q9lD^Fhb=rQ|w~2
z-*ou7TpgIh5+qqdIKYQwrOV9d#Dj+lqMocCkk3(QZed91G_YvovGOeJduErPW(#Z1
z@fB5r3ZO|s$w-)MW~pZDW+DcRvcjJjtj*lS(qZby%0zfV4+erST<Lk@{T^w_LpL@i
znG{iwe;vJh)m3)ww>TVTo$@eW@*-PTv$m5j*Bs}iZ%-08{lx(3lj{|w;vj{s*m|V<
zU>zy`V^HQ<BsK|N8B04<BBY`hB~?8jei8w>8p())8Kz<;tRE1WWK_D)d00+WMI(Wi
zJhv#^#e|}ON3SDPs}mS(88_+VY_W{Nc%03unBiKPkke?M?;)nSPD6xcgSY|BQfw{1
z#O*9UJ>c&9GF=DXq{vr99Z`EdVC%OM#w>^lXG}}``6d<EzJIP=U|wK9)4%w^=lOLV
zgB;IItsHaqf-iC(ojM0*)7#kraZj{m%K0_O3+PfjPMfx`D{)|aZ5;*+#$st_$YT>y
zgbBk+MTZ)~sS+~CaNoqtaQ3k|bnvZN_9N|#ImzooPy9EBq*z@R(y3l_(Xg@A<)4YB
z)q~$HPSi%wZcdyX<a^oIzw|l55V)x23Dln+?(Muj+S>W9tT%sc#!esyyHF?jPdmGM
zamR})*tQUlD)WOv_Q<HZ$U5pr?6o2UtWYa;sq7e7;XR5`4m_OP-xIoP+$j$PydSaq
zPp`Ppg|LVDbm&3_lZN^DY^{8-d>!c5#xBl*ksdRxEmoUbk+Xdqh?cz;)XphY^VV4I
zn)fFnkzs?ULhcRxOI99LR+{-2+!BQ?bY~AOoMZwv{&Cy?q*R^ZC(V``_^!y!)vnCC
z1T+b^50{q2$t7CxA1OL(+$+!@i207;gvr|Z1{LSACaQeVyW+EXHk<}+@l$h(hp)+0
zBKgD41rKUN8Sorcr7<iKU4R%3RVCQ-g(Q<JB^<z+v-J^X12BDAixvHJUh}1-8<fHx
zu;blGPUTRUz_S{LM&94`u5e~`LGm_rJ5<tZkg)}0M|_Sgnu}83BGOO-3l5z_=>J*T
zCU+DbE6SqTfnFdfSHenM4Th>S>p8G=_Is<S_)-@P4UGFgwvxrVOiR4(NOwB*x=*M)
zg04ospw%Iv%kW|m9gWlzWp%6hw`eNCuREKz3NMR06PZi&|H*VNudn9YlS6}U?Hp{x
zwrqY_QMIk%dQ2foJng16=r$9UQj0HYh0R%ZxEPeNeV0{Q>M#-%4LgNf?y=-o53GY#
zCkST1eHakF>4&Cs7^z7G1#FWTyY`CcMB-wi)<tdKvQ<is&{)BfF94alHYdu;eE#!)
z2?k>QC$6R1I@qo6e2N<&Zm$2ddhY>uf==B3@NoU%=lW0o9VAqLvw{C0ti8Nb#f5h9
zo*KI{r?&JFerjGI5_tm~Rai7$9-zA6#OlZ{M|W2hnNYbC&ZO89jK)(35$Aq33_u>p
zfrS-SjwC!RdmZ)2GSn1TpuTX1@yE4S1C@r6w6g3`q7u64fk&<nAbgvIypT49Ra@?w
zWAaG(6DkG1VKnh-OBkrC=z7?|&RaMGH@Rz<Y=w#}^2DNqR#Q4~2~)^BR>p+;x6m&r
z@$hl5{c)g(LTnw@rD1nv>Z&@rE<$n#H#(67E2Brbun00<Jk=LKH1dCBUbl9K4*_z=
zJ~KTqP3}lT^(Xd$oz*amv#3Q~3zg4QF;^i_M+$oluTSp2m7-TPb?#0wl|Z@}9s<R^
zxQj^#r?87Eqhz5qFDr>`PKzP-7>X6khDsqFSyrb8Sj)kR65W!N_e4UINok!;(-uCM
zMzEYDzr$Enn<0l`Qx8;~>Ie~tQb91mmLnw0098#1(rL#Ex$7V#rV#=>kIYr@=|`Y-
z(nZRM)VYp|I%ByIFPSGL&?|iK-0UVwKuaaoJ#vN{^;|+Do6R>5Uz5{JNR*A@l}OP<
zZLcV^6bBs`tTnv!w04yjG4699hb1razVn>tQXewfyr{m1Q%kRM97sFS(8^@;aVYxZ
zKoR}u2%qJ$bG2r23~9<XaH6Q-+Enqo^_`u&$@a?LvK1><K{t=oG12;)^^nO8ap*<`
zuQ?8Z<z^UBX>`gXF~fKefcy!VQJxShk`%@^_g_nu)|vz>R&FRF-dH?Mwl67nz8N%@
zkAsYl14Sqerhw)#M`9oQn3KwWKgL`#@99|ilTtxcE2zOvuq-C8WPj)1?$|LMb^ull
zxJ*?So<uwCk<!I8dIkEa9go4ohAa(1DNzp0#{zW<e}Od1FhaVIUDJymU(^cD$M1^~
z4>8+9`Q<l?g*q$v2YTjQV}2P@epyID6ye~zx2iw0`{JK$sj-R2BURO&UvTax@sDOe
zmJgg>=qYmrzokO?FHp6gz91{kZda9nv8+oiNB+$GHf$whKPlBMk7P){+^Ro|Z9w^+
zXhNS6FgS|O#n|}WQ~GWlnta+C>~KVyN*sBKFg_C2Kb0;R^?yQvga<!OFSqIc_q_h=
z{f+hYjfW5H{`U<`g3tHAf12f}K&_KeYWKfyC`S-QVWO(GuFI@_fA`Ngf4ml&6uhZ6
zx->SxK|Cp^ox*)f7n%OCGZJX~OS83oU83N(gGsxp;S(cs($pT(k~~!m2T5@+h<h^0
z$FqC2*~4sB1aaJ_LtTRd|47-vo-h)aN!|~#5H(3R?)qh1Gz@u8<ZmcPN`8MEH=W`d
z_715eVkOYs4v85X^v#7PV&2~=ViD5d;RuLg4&<W}`i1HaBjoGzkrYhOp+rzv6eb58
zq-Ngw{T+~JwPf=<@1>fG!&o#cR24IYVj?i$>$HgxVNI)x<o;O+Sh%V;h)zj&jY$Zq
zmq8CjA>fRW7B_f^$>!eF+FW29%K|rN`g<%+?l;+mw9?{AFSJj)*+(mdc0%3^HElXV
z1y&vY!cNvgXR+%8?EHlQ=l6kOsPU@D#iUY?Krjju3mLqHrs~_o@();&!o4ZoJkBYP
zt}0|FQm|R)NI?To>#V!t|2#+@D}&m?bFWNM2Pyt4*YxtD>}ts!Ly%xwiMDg0o%O_h
zJ6>!A9D3dxv#?-91)y^6?PI}0-;1Mwz|DUt&$@yJo@6A8z+0H!sR%{?{DGA)Gp913
zRqH;WDF{O~k@8Qr(j|0?w*J^t$83^^VK%;@XhQlwH6n0-yYsYs96%_KHlJx#I&Z7d
z<vOrg@^qzsw5p1zUEf=t!KO5F4p-Pkj=^=Vd-9+^b|kxjghjM4fT=UhnhFitb8-%2
z<eTX<?DQ~DXLqKk60ri#zI)r!L@=K89gBme!Oa+$P-k5Jh#pGU7GV)mbq1|^B#yjR
z?GX9@L;LYig$V>mM=g6;`aVWoL>4lg;|gflkMpgj6=i;Z<4V0J3NQbSW0ezYgI>>O
z<%Z!f7H)l4?Eo|!n2!CLLo)&aoT*9b8n7yms_m-kd6w%{;~`}-lE+pnLxHS`4)f=3
z^V_*y%?)biY9BKdAvEbd;RvsxD&Gpe*>G{|gUBc>OlyZ?1j$?|Ir%Hn1WoJen<~_r
z5=~`yT_%q;iivURk;N{Anm{_b4vY?<4>1w{)+Z2lzhXR2N=8Ka042(DJeD^0Ewj;>
z>94~*^3JE@o-TDQOD;?9?$i&D?y_AfNU^OaAa|c{ALQ?e9^$UBss$n!#RJTJ@tzdo
zZN=eV9=+PpqQQWnm!Ynax8Q<TP*J};#$2SAq^29^n9E~rE<-gQj>tkyQMRpM_tFso
z$**z=I&sb!<KF!1SjAK39^1c9=F}NkLJi_tiNA6ei;mY=fhOk58s)dvtG1<L;QUA@
z@he-P?MYd;Z`ZxSMM{!$F28rfBV$$RSy77qh5pF(e`K5X#HX10E&Bh)>Vy0E|JNSg
zd$6|pU`_Ww+*@0F@LB)=6l*aFb93{XlSZSq`FyAT;_#bfX^*St-pIyY+FltC2P<|t
z)C%!W-5HcDk>vJe@*0;2MKlyZlv)~V%OGfAB`}Mqm7xXLbwRZ+-y3|gL>`D;NV(LZ
zl4`Q_Y$v}7=hm*p&YBtbUg`FRQl~e}=cHEK*?y{t@06xX=(JXQy1lDwr@sk1q;|OX
z`haBCZ=~}qH&7oq;o2a-Z^VCP+VGDLonQQ}Kz`AUVEi-Y0xi4K)gGN?Z%w@M2Vz(M
zMb+h>oTc--i3<MZOZPx6H;{at&ZF8dDG#*NN`5sT2DniAb(w>?wO{^fev|Am{%ec6
zkSz5|P53p;L`^jLh1xIwJtMau{FB@%2Y%l7_dEI5;^@&Be0g-V|18jh*XocuiX+;b
z%EK?j{`FJ&+8_Ol|5m;>2Px|zr<%;dYD(Su>gw7O|G6il%YQ0gzogg~q5jg@9P=$n
z*NV>9m|`d36C*DSzL_O=v|ECaM^s)vmA+>Qt+KfnQ^5Sw$*=RL@B7QFzRd-vVIJTo
zd$kqyZNE<=uBwf_^0gViUg$(v2?;lI1&LxHR(>j9SKhqO9}{1HOX8KPB+BP~IvVvK
zt*l&JTr8h9h8N4+x49BUTmU`s_4{;KYBTxub9jyrhPLV1nWk>z^FZ~8_kR_iPkvpz
zd7s~kuitl9mfPK_5v-x6_ACx^ce$6`#gvEe`4t<jSURy3b}(=BpXIyB-T$gh3X#u$
z|F6YB+#K?4NdNPD06*?@Zqfhl-FvXE`@in3KUlxNabN!5`)lj>KI?xUcNJzs`_dzd
zarw<%R7$+7-u$<W@<)6O79UJ_ae7ta4<&D;fSJa(NJFJon{kLRKE@?sroRQ|F$TkJ
zlDJ^7eQB(t#Jb1B94~Tx#k<cj_P&fd>gG3Ssya&}eQlO{TGbFWn!Q5{0Ewl=I}Tyc
z<oJe*5Yhf#;j{o=NzvpFGH-R>CaFRcqkkWD*9>c^)w2}eA=A~+8Yp*`XdC(}>EJ=n
z_FO!jb5(o08I$?Ut2&wc0pctcq7qwGo^Ktzz~&0GN6M<BzEN|&#SoYQyn>Ng3%G<n
z{v}C;-FK}{dIF|)o<+lCQa}H)ICg32lYT7|3&hEGyBS4`g(7ci0YO)JAC)uPy8&pj
zbTDZJe2J$uFO+BJFnrPOcJE$JnFy7}-j2JYo4p?)@d<OnH1*p5j8ReBd;0re$H)bZ
z9YYZr>=?WAs=+_Oj-ev1-FeOvvtw|f<#vo7<#r4vA9jpoKeYrUx~BNu?U-JzwhZ7$
zm?qKqh-S)C17$;dx@@t?Fwwr`*}u8j!<QO0w#s{&Ka)m}eJzW}DeANFV;X0nQu60#
z<3}ZUJ{v#R+9DNdq1AKb$7kbbwqo_a<Z0CZ_xBFsN%N0B@>}%(HEsZo`u~G_YwPC!
zefT;5<D;*`EP&CelkB5(r*?hhl}<Fv7F0SMy4d*A!z;DgrXSA1!y`w6YM*tJXW22e
zo-76HAZrrYUry?{k6Xk9Ih~{0n*{B3eTRi@_WD`(>EW}L=Y*g1?`}5YpGVdBP2she
z-6bq%NJX0)x-lbUCFuB*&}+5VL;|D5;|4D&nS?HtBk7s0)lt9PfBmNbW!A@}r(8Dr
zoazb(s4a(C&hXs1?7r-vo!3YitGub@Y3=IB4j<(?<;tZw4lZ$i({Uk%4pYCGz4i)a
zw~b46>o~(vY<7YeGARV4k3_pmiPbqk%}<l1beS!TEel%e#`;aG+_*ZSe7qL`lKH0$
zYt_3Nv^g5DwcYIrD3x0|?;ewLaw5=$wG@hLygT9KlTv^EA{V-@7e%{uF`~R?&&a+>
zHn|P8osr@3s@;9@#uFN3P}JWn*Xl%8!||w`%9K!(ubB}eE<p@WRe!?*s8Op{b-`_(
zp(HZ|bk2!U3zp+K4023qLY(URm$}V8@_%>u&f*aN__Le&Kc1fl55@n>_rGu4`+WZA
zA4mLqK*;(3AIF?*T{_fNOUVnBCAy9$!=1z7Nf<%uC5#mH)3MeZ8io86IEl&56j5%x
zBhe&ykHlw{!)^s3NC;77a4!kZ9wje_G{ohgT&Bt&EQj$uQB_=PDl1VBTtr!{$x{TZ
zMxqk#i)1o;p@tojNUCpUfi1+5|MofA@r}yZ>n^;DWFBMxH0>i2IEu`bNhhr8LdZ^2
zp*qVE*@&4qthJ?zs5l|`XPK0><fq-=Bvk)7@-!WjprNIO57kl!sgMzN^??Wuj$NBO
zoUy)hl0eE+wevXT)2?_P-H%3sBN3Yo1dP%^NGUp35mS<Dg4$B;CYhT_Ek!^7RQaFz
zO$n1bxN;O-+fK+Y#p{(ZC3M<tLnM4z%>?r7bpFUx8^Y>1bkJTTEJFj3mZwPBo+q@e
z@H?qJ%5JoJ40wqtY=$7F@BjzcwIU%kOZPItD?CZRaw$a&A_f7a+e=A35~Tc2pA&q>
z2C&F&8uj`y(Nh|1uI0JM)znw#4PIP?m@ctPx(95$*PV*WMt)K^Qg>&UBiMfbOFThn
z+SB!nW|DQpziYKuDr@7|4qHTr%2*UwrhBM|J=E_o`=m$?BqLDzG(}*@0YvL5kWUtY
zpSJ_QoOH;uyu^sjr4GN=!rAYZXGKH5J)4z>4nn%BCJwATv6Fq|lw)^tSqTHJEczDR
z8ythG1DD|vE>gCtW2l*ahJawLc}W6*vd-Z2)SqRROQy?*q~jtx&}@*EI6?Wr1J!^g
zPHR$}LGfx)F)+w$JSE8z7jBY%HAq&-8CyY_>yv}I0$2AgG|-#i2?MSWg0pM8NWZ#F
z{u6oCtoD*DS$T}+e_D6jRQXYGL=<ZiDGi=OFKin!5R_i1i{F(?qZB!zvn$R-0g}W>
zA%%ldmBFv70IA9%#_R%cq*G2U>ba#)TJpAEouT~8`E6x4v+Sx>Qe^9i#IPA&Z$C>m
z)*n82$gMNA=iHjWa4VZrx9$pKkqBdiUkezq$Q-~!$PePAW6S}v<2N>wKnwPO<&Wv1
z+}Z=9@Bq?EHfpR48h06pTuPy)w=HVPA3vo37|gF=KKbn`Gtf`e0Hy_d+<8;~h64mb
ztC9BmY{BdIo)fdD>Q__beWyg?hLlx+g}V|spG<vi>RWIm0d^$Q6r8ho0SgW*AlR}Y
zwIq;8o@`=*?mI{z542tAOfn!MOXDn)RuV!mrl`nVpc<8b5WE~d8$TQ$NEGJ_X}`)6
z786v`ms#>`rxFQ7UX2!)lIuF>bItjYItZ@{w#4uv53<M~Q3I<^4Ik32l(3woWX~!<
zrJYB~w-l}Hk>cS;wIlI~C6JY%T;_05nSDLbfmbRAaX?wSKqM9UbttuA1-=z;6x*|%
zQ|!Z>aa!1o?~7N#IAoc&w;m;PVTH(>I9uUtqMrnZdrA`q?(pi2-S7?wbIM1lw&wlB
z_r4;7<QezJgL%T0o+QrqOt8l-kW>{OoqoY4vC1OCYB<N4OGGCx@fFSj=2%cZuUeO%
z0VC2PMCHdrTQbg_9s*z!jO>VTU;!B7r{Ya;ae<r*>&pD&qNsFev2<c7a;@aszE0MC
z-qcCJ*<+A@a6w9D(}POfqx%z8Vry1Fh}KOO2}c@5o}3<sB`OvOsQ}_nCa=`8fD_nz
z5#3u(4$F2%o-HgmAh4P){DA_|wykao;5@<4k%@L;vQ20Bzf~UAk%MssCgq_^+F~h0
zgLaF83`H$6q6(^tB3|;hBHz!h-V%U(>om69KkXw5mXiN@3CuA5`{im?g1(RZl;kw8
z+sodSDh524;-7XFYAQl#$&xQO58o`hXU^Ju&H#H4*UJBjCei<wv%60)>YM$4c>mTm
z@c*sfUtM1(6>OFG&&I=z&-q`UU?rwOB9S(hSBsN0H~Rj9uB@v~5Tr|%Naajdo&k>@
zSy}$*Schp-WQ00ydVi>B!Du+`l_-RA*}^NtfeSv#b_|`eWh(`ex(DH0qfSu;8!}f2
z0GOXa!rt;zZg%QZprUzghge-(n3odZK1LJ!A?aG@CByjr@Gb>TFyWNno)=p{U(~gA
z5^|Md5sZ5sGux_5tSu0{p;m|;0CpIb5HG`1gP;42oJukX(6bdb=`Q)f0ck|s40-hp
zxAlyrhP64j8I&-qIbrHKx(=%X9%6+IFBqb4(edn-M!CS~2xRQP+@Er0a5?eEAK!aa
zrZC@5P!cuNP{siin`=lowGs^~;n)j0s#6{}NuybK{Uutt;)-97lt0<8X(UC(Ds?y$
zJCvfOTrt+}@_xB?R};pO5zZ#2<Soj{#WFIC*0^hqL<;eYa_{vqcblEq=|0m_<q$JE
zf8pnwh1cW_xAMsgHf3(gdA>bjeDM&SECsEJz6y@ejo=S62P?WihseFIl5|<s2rOLL
zOegE>L>!ZVfCq9a@kA&Du30@`CpGAV?5skmJg+Fm6pNMrUYig10C%`91BCDRpJi#{
z2~<e9OF&l&x3uu+XCqvu;nFf#DOjHPf!%S~q<%6N@&F2B7@XLKu%tZ5&NeU#8bib0
z<=j30H9Oy&SpYQUP5O3Wv0=NOnZbr3V(N_i0M<?(1ePN7g~`k*mgH{}jSf*IaTVEV
zOdM`@(+Ri<A2rc4|DC(I#)Iyo|N7NT2!C1<v)kuFS&D)zJ-vFQ$*;gQm)CwvNSuju
zN9Ou@L@|KN(aP!QtOMJtLgoSP%Okt*V%@wX-1*8h<A`8hl)Qv3C{W8uO4-?Fx_G`R
zl*W!-r^XPGU;mt<mc9me(UR}RwdO0ch;=pDBe#3xr_&|#zDYv86Mb5`LstYW66!L6
zG6iMb!pjHq)ROyAWAjAVY6cC$cxX+Uz0*r@)hTupyh3?xT^3xhs3Sqy2;I*X@G;e(
z)w*_A=A{!Mxh)Z8!_;8ttFH6Hq7pCDZJleHZYV$sQ`2x!Fv7QNC(uPLI^$gO<so!L
z<#a13wvx+Q4pwxz|FWOp&|)?HK(vkUIs``_o2LtW`9+n$>%Mz}S6i+`8>{tMop|oG
zh#ldd#0gSj24(~2APUqKa#rhNK2#Z4*i^Qdw$WIID8)6)C<(Ps>u+W;xxn|_pC`<p
z$=|Ju<eY2+bzu0tOYVZF_VBJJ7qG`uD!KcWZTzd!s(!z{F-P-!3SQQ2pHl$ZP9f@e
zu;@W2@5%FJD@8w9Ed+v+xvf%lBsr73{eA$B_XgGqMFJyww5?`Au0H52Iy+0%hNTM#
z3*l~9zsD6C5f}f}+fZoeS5gi1$J=k~2ZwyY?$;iSPA4_SOA|&Ck4&+>PpdMSHTjjE
zCf_*h@8|T_+@HTj9|`V?979@D7mDV(iXOypVESeZ+^~pR%Nn;~yrMYd+xoL-2Tb4b
z=JAB>eO0GJP8p80I4*>jNw<JvgBvip^QcsfixqEi9LWj?!c%Bt;Rd$pc{@$E_s<`Q
zj_YsU?!JD-jTQ%ofjy1SNOaLsfIk!<ionQsj^GKZ5V#=WBP^B`gVfeXbZI$a!Kgx~
zFlUn$ji9S<>4uv~yr<~%4ni|{{EX?(`N;nG8hm(TKe`@2DF($Lqp$F}ihqm7Iz0kV
zj471Jc=P6s;JNwrRtHXvVL`$0``vb<*I{=&&AL6LpthSvzy+u#sb}g{0o|%P82x<`
zzKg1z7LwytsXT=K^bD_NLP_EakYTma^epIBuIf04@C>f~`q9g`+q=*A-fNg;%|7_|
zti+k++1f3$T1zX-<^lhb)GviKh!>gdP^-!NwQ_dle=Z|MYBf9lCuThTaz#$|mEmYC
zLGs4b0L4Da-`kq_J)vU7bEQw_B2j_oe5clO1c*S(<<&$AkTU;++<sGN@d!89?I*PN
zm<(a))*TUETMo?$NduIKDAl@=C{eqLrf*WS(DXmdCliQv<!JBO-n4c2ah}{_|F6o}
zpRoVeKHL8v2lux@S>m#aKe=sn_<CPiz+cF9dM2R~*?`zpv&X%!uv(9v)8dt11H~;s
z2S=~>6K*Bie|_|YK29$hr|;OO%R`bx;CShUR1bf^>sN{$#~nRfQ82)oY5Q5}9XLW)
z+LrBG?LltmUS_x1usVKo@<}>4R&^ctqppHL=EEXRc}J^521%$W|9lpk<TdA1`bZ}>
zt7%5oCH!g#ga()R%Jb|QlF9tPEhM}A{cDoc#J9tp6jn{sLJE1+^)}Jki|h_k551Sl
zf4EE!r8UUdA>m27G!+!|xP;9|nCC15rHDY7yB^9<a?hMSJlx_cCT{VvKeSxB5{hUX
zmt>Ck*Nz)q$hsVi-isl`{hwZJET7&+EFbv(mi_<m;XV2Pto{dif6D*f*w|SAeE#zT
z(fzYNTe({#?Rm9^yDK#wPM-zx=Pu;RH4v^Vu<-P11`zmxUwMvRbR<0^-g$|@%LCdd
zKYn;lB2POfS1hf1f?r59aWlb0^zKe5oZy#~RAYBcgj0sGq{(9y?(8j}J}EtdCBf>d
z&$u{vMfn}W>BqQ~CK`{~%cG`Rsw+!w%#x?|%|Gnyy-3#X=Z}KQnar75H<v$uS^swH
z?e_k+4~nl})&KN-dxx9zxS9`Pc`t9vi|zd#?m)X&z~z}P&D%OW;>C*@U%=?<2QLnR
zw3-8Yy0f?Whr{jv*h=oL{;t&X_AYlR)_2}+?(K4&pDycrd$_ZAq>qc?+0~10-*8{y
z+oQd=$|inmwN{h09DcRQA=j^kChONUF({gJl5AYl#GrVS0wdnhvprbj+h<%fnE%`_
z#(VVL{+8Kl#r*A&4Z0Y!Ju}baIxC5WMul;+R>H48!H1`x-jy2#3r%5i$uXR{Uxz<1
z8bw9<OU_-&2v+Uv*hFS`{9D7n3pw`l4?-0^`<tXZ9A*9QBMHbVRFG7rhE@F*D7~!^
z1Fb?My=Fi+v_Qkgl{~z;g=^!wxasD0vO{iZ6-*Z8Zd^04fJc=IBv?7rTsqwCj2+R!
z8JSN_b@h+Ot?zT97H<B||KlRM={LQMmFHn0!#Xy<u0Q}cEb}yk%JUq8t;$`ai}En+
zeC#xg^5Y2*I)oesQd?O`UUWEJ-%;+*sAv4CR-+Tjn?|~<PAL5K^+Y2X;9(SZv0ABt
z!{0YGQqB9>jmlWL8*niRsWLtLLq?KThZ$`u1?lA4X=zI_#1f?x19c>0&`N*HJJlCB
zzIqqp>y~?=-q32NTQJ_r!~7_7<!LP2Sa~RqM7}x05~$~LIm-M4AE@~a@@LbH<09z|
z1g{>Lt0C#N*HAc18-pI_<b#OOw9Ya-&!hQKf3ZO(_WZp5`vmL1zp(TqjBg?TVBA+(
z%J8`Orra3MlVE&Rnx7H|wNfGg)vYRM@4VMW;cpuKxL!W5!4C=9_>|lIg|BPYYCu)Z
zbEBcqFwmb-l{4DAjV`UND>-(mT?ww9>TU?`H8`7}`F-pcUJyIhM^Hkbf!Uu`+V*ID
zdo$&tYAm<6<WBYXY$=#x((ecJ#+HV~yjof06>+^r)YVn3)?rw#IDfyzfY?cYKCVPw
z<gB#pwicLT{w`l~W6WctNk}rnbi0X*QMJ+~BGH0m-By!!f=5KD>yNU5L6l81<K2Vu
zOPgh0eXTS?o2U?ffAxMoJ|{_#JnV_k@;3KY@7;`X0oqtyyS9-HBh-GI97LCtWg*jg
zYqqoecg6v`$^V3$+x^C%)0+2TYUB8CxaN7;ZS=3gE3^fr=yTk{&L9qwyTd_)+&Ri<
zzlC$~;g{`}uBu4hzBSdd&ehVo6<`<juojvLB(>&}`3fLOksK0yPb~yb0g#rh6BX`G
z+F>9q^<^8L%H5;z5Ka^}|FHl4pLMl~E=RdU?a_TZHl<-Be8(JG6#jg#Z(~=fYWV(W
z)r&%pzS(UY;iVLc%1guk@wnY-7Mjwv%PC0Ywo{nUN{TCX5NIfjp*<9f@YRug=CKo#
zxgxZr0zn;GQ1w=UjHn7-+hw4jyu?O@%X&wonW_edgnsDS&~INBg*qx9+Mx1x6@<jk
zVzt33uAWySoF8*Z-HC!MJ`NUf;)%AY!DG5rrfma|d@wB`3;<~p@FmtPYJ%t{6m3L-
zQx3@|ZzJ~dZlIbO{e;|9(G*z|!+d91FFcG`gTaPHvq9%Fe+Ec>n!gX<YcwOtp~ky7
zAX8~(e9p}6Re9o~41x6**UUUTmMOvJHiX$&LlsKCuW)qf9O9ie=NtV2h5tvT^O_dL
zz43z&czKKeXM<ZG@c*pp{)c<3>koAP|KaEJ{~v(p5BTIu3r|d!yZ;iSS)N)8fV&uu
zA*&*zN)owL7JEj$dx0tP$3M8>y}*2giuYk292fc0e|=y_N4}IeGUd7`7q1=<|KU>j
zf)WCKu3zEC&ij(@g=$wNz51r^KcF_gddIz8E{<RBOx}=+b#h(zA6_kABOrQZDOw+1
zE?-bMIYfv(;tn*H%_{dql@7^ib+PXzD(DMNv8EqfLSJAIQd2ebC#_3X-t$}(ef%=y
z9#$&sR|h1U5y^@cXOUiM^F;k_EU_;DAECy+z?4F@VE0QG&>=_WOPO>gpJL7Z>c}-z
zNzn3r4ewcWUw~5E1Eo}p(($qqdr^vvk{GYKLjV+ijI#TJazowy91$+!E!XSIiHDXl
z^JP&6t*FpnMcX6=#`L;dOY{p2xd7ySu~fM_B6<S})r$RUO6p0>HY^SSzHiC?0Iu6R
z<`!td_hg5ngui<DkQ)90P9-toRH4RlX2b_bw9lXX91KMLkNv*f_&Fc`jJCJvfA_fn
z82zu3|G)9zbN#2Ef#DBt`ZMEy|M$XwMX0VE64Wh^6M?=FS7#niJR>F;++hm!<p4PO
zOEg`1UG4@zKDazB?7rkDg=(U;SMix=msrozcjbAV*<t}HXcytib<=CjYP5hUO4y>6
z%nQyp$?oeNZod49XB=m={9=99#8tMK%pGQax;9)~Wd1W!E`I3F85E5LkIbt5@pm8F
z(i7Ab2FUoD<G#GhMStPlr|8u3lfQ}QI4s)ZxML^*Z+@>VC}gAo|0n2GSNQDCb4-=O
z9r&1iF`|#GeB(q2lqr&=psRvNtQuMCz?v(iM9$&J>MlKL<LX)i6Kd2ASms-Ips`SL
zOo8uTH)$Uo`i8g&vXt>i6Z<s63!N5;iZlrE<D%1|k)<cn#Kdf9z-FhAi67#&1bCg2
zz&`UkwJimf2%Y7y4cg6iW8C4)^@8%uMK`gG7^y9sa-sHyl6S-L3_i+pS#$famRQa}
z2^lySXP~1VuZ#Hh*CfUNdbm)YnX3sEB#{rw#NQt7JwJL=KiDcGO0oT7fl67GG|~dG
z4U1^y6x#CKzM^$>HBGfGr~Vbq6)er0=9HKu!CzXUNpnK|3|E)asJRjQ?SA(CI-b<l
zx$OYOd+(lIS)g_U5-kz!jM#5!IYf_>w5cSJm9^zH9sEr8{_sN==0ITJQIRGRSLuiD
zuZMGsfV<%*66npX0*%gVg+hQ_JSz{#FC_n#%)yNk4&6ITGC!=fF9p!UhJhtvj@VxF
zttc*dJ?NioY*W!F3q5IOaTSxqSf7At0bqIjcR}M^;#Akqgwi^PVUf@KPEJV%AgFp)
z24+`ldpF;&{@Hc_E35mq!^5@s@MjI4Zoc>?S&c(hz*R6UztqsGdhV8P+Zz~aW_Brj
z%Is5Hreerolp;O`$xF+6;7v8_BTwn@h7-7DEJ_MuYv5r&!@Z1q-ctXPgjai<{X=BI
zvPkKb<no$Aa3bXixg4f@#L;?=Am58q57!;*0NrkpUT9VCIV4rN1XwYi668b~1!8+T
zf=K_Au<~V_MOlKh;3LuN3XMvP@~I}oxCgpRot!~SM2t5gTeph+5yC01L)HxWFzfI^
zY&pFJ0{HTx1>z|`GSUH9;2NucW~DUJA{e3t3UAl+HVAq(f{BXP7)6FA>uMq$Bd6vs
zDvo-9C1H;UY!Sb5a0Qp0TY;HQa;-r7v%V~IbB#?j2@AOvhV9`(AMgOP6r8MaZpbV!
zuo&j=>y@iO@bC{;xBuzB%<Vr5p?sR*-E9An?D=pi|NH*Ewa@vVpJp|xQ2*uaKe6(O
z^iNpbl=;_Cn6+yC^)D>LGq?I4UzZ{}!*VRF&Y4yt!hvkd=gEtmy{Gk^Lk@vS@xysv
z&3f|qYo6|;HrM1i<*(q~9*oZ2hW=;ttovW3Fo8cPd)s3gf@y8=d%=#z41WfjYbyBa
z3hcxjkQ%F!G&6@?dC9=z-}%tvgE)BpzQ1blN)ymSby1!I&(^G+TNmFXb2qvnqrlc7
z0K~G&x+$oPOyp#d()Z)^eLy^jij67!7W6iKe@4*R(PAmAcUz=+-mJWbw|9pbNttV|
zZwdd(u|OmGW|i{?>7e@!lLOK;ve)c+tIt4NO0b!au6wM~fmCb0GF_Awx7hDn2M2ox
zkGKrdj^au&0-obVK$APa9^OG`$4Uv&fgr_Akjkhvg_{3fpyp9^rbRx(aE3+F>MuxP
zEjuu@K|M7_2DJ?u#DH8+9dWA$459r6b;xIBSd*?3!SM}oqOqsrmfA?;iEVyji29lG
znt%XJ|6P}Ie)N7uIYT>ls);|Eo<4?_7A@E0Q91^Luf7r<^ivE)f5~^Df3+6Owvlp>
z^{hW1Ah1{-znnAsBiH4<y^>K*@Ye()`SU_l^&>#E<8Lb2Rq3cl&V`W_ttV_6eRbXJ
zH+7~?C)PQVZ`ZObBAooXN#())^Lq=n{8iv_x`J7mzaCU^peLrT=@(c;vsq-R1%H#j
znf&bUhPv?SEf{<-g+kmw%9JWn@V%4wz^yl##O{OnDh6hv_k$4p;5G!$K=CXjSI~SD
zqGx^V$d-o#yCl%^b+b_@n3Ifo0SY;f<bl$8-+0>Ui^A(D#81%3<WdK}idx>b-cd+Q
zEqHtZPaKIcR+cN$tH_AAk8$ticFc9te2U@bWm<G%H-f)mUJ-{yC#%Wd{-)79frIgL
zW1slIc2yx!bz#aK;!0~S=p-p|Li5upxF%DXBxv&j>K3s<+C9l^pH{Y%gh;`g;`plA
zzYXCf89asa(z{QD_EHb;k9kA)&q8*ooBwHimld2TgqL4_B8->2cn_5SJYt$mu9%+S
z3`x0$k94j_6hqRSO>~`>iB=>I0=JQGWtPNnNUhebpiHaGLH%?KL)_&mKgGLY6P#bM
z-8(takB&(c>3kM(eAiET0(q{5e<;36I{ZI^BEWnKtPs$eiI}^&Y9u}M&hnk)H@`{p
zhhHHO^!SI>J2x^8(-xIvQ%dvkBBplbg2ho%<&3l`Vl7Qll~6blO>+8(!ap+ghIZ2F
zhN(}>=g7H>2xL_ABFX=}Z5T6MZbKCN4Mg3JkZrQkFGCF<j$)%p;x|Tx4CrX~Mjtv|
z%g@PI?!#uA8=5nxJE@mXa+~~X`0WSmnDXcUFjvWe-GI(WD?g7SJU?g(K_EvN+$v&m
z(M;|hcY>7`bmZd>NWtLiUywJJuafcUvY{s~ah=^2%}y)qMS7qlu~}Vm(obYJG3#J{
z<uMauKxG5$@6P=rOZ0&fmpy4W=Z`x}Px=>c`PDXiMIW0nLf6O&%h*Qqf^zGO?AJ{j
zObKG7O^v9kcS)($Q~el=&PLqK5=X<YA3hotf1etSAimFN;;4QerI@c}icq2l27*x{
z!L97c5aP(dnpWK5pTbZthjVb(X~nK1+z)jaluV%l@$`fq&VPlHvId6f5G{|$hG!3`
z@)6d;2_7!ak76lUX$(({E?H&yFp7Rfwbyo1Cm=KWLQVlS!v+}&nER=s7s!VX<ZGc6
zo5=*kBf+D6ZxEpATPNMBe~D%AxEF3DV?ia)T-6i)ulZLg{=-quPlJP-<3Fn#5AUy%
z|F?Gk{`$Rp_aEr|$Hsk90+ZEGGn^_^jwg~nk^DmC8mn)rf8F+8ljP?Y{?C8Q(5nOd
zu)jXXf8H<tQv_^^c#n=vS3^PslR}c<%&<;=`mK8KwQ@Szyh}lQg3afr@<+r5VDrcs
z)l{`Ygj@-s3a&+~AO`ZY`IEBI+*`A9;I2z3%=`CrLTA&0GAVQ8$y!ZiZV#6pMVvgF
zFs2aN(5Dhr7D~6`punjZ=s>xRS4>4e&bx<&S`yi}UP=wAXl*vXeD*F5@;}Y%p<E1=
z<}j&gL#mHPY2#E$AgDv~j@dBeUZ>Hh?;r539vi0hasGz^wT1Dfc`*-O45=64AQS-!
zi84!O38*oKzPycj(!^c-i{%6ilwq?f1;pP847m-{FEEHLA!F)`Qn;}4VHnp9IXbF?
z5{I9sWO+swMJ;W{r8EwWT)B_>e=J7g;#P0GGzWvz<moy_%j96>&#4*&Twi*Y&6^!C
zC9~0W*a8PuJAjOpqU3h5Y`mwY*(+{nv4VVi^ScX*O;J)?Wx}Y&MKxd<*V>Ix9Eua^
zH~L(V!w=m4m?)p_Z=s2(VW>nT+rU#qJY%=!Nu@L1X(zLjh}wA-R7g6+>x_PL+A`!w
ztt&R1yuwU6-+l!EBdgqf<zHwJIW*9(wTR?zO@Cq>A^xULCZcR{x5q7@456r>>AMIH
z$VR#XO^u1zgPM?vY1Nm*6#Wq=0#PyF2?_d%#)M5i!i+DA&w~YRdp_#B`P+pe;A)$C
z+t#$%h8y9rC~a<W16xiy_slHIV$PX_`py4fVvVk?0)(+?Npi3WxD%<c7v=P?Qht|^
zsC+<YT;4^_6ih?aipESOV+vDWM0QbWZtNmoAp_4NgQQo!QR2>8TC!nBW_d%(Qq=!k
zm;N*wpj4s<_wGqGT9d9<`d6>kACl~2_22GqJXqr{aL)gJuK)O9>fF!%>a+egt^du^
z_2A<nCuo*tXL8}@q9C5<VHrE*Cw#xYdhfU4G{FrA1@dHUij5?%D3{Yr_Nj-*<%ueK
z{6lxA*D$GuIXqnXq5DJk@fXkbHkCK+7p?8Te!8>0nfx%fw6e0jb@Y5?<=N3Qf3?26
zy0Wsh`@`H5zEbt@Cyyob_1DohW#gXA?DFx7zogZQHGlkc@7Z?-V(rP)0BN(vyCbx!
zSU;2^^tz5vGkIK3ULI^c|K^7|4Sw#4u3>n*Qh&1ic;5gX=)WrlA3z$R`3)lPv@Flk
zAI<@PR$_RGKgP5rE#md%UnUl@bR^{VMO>w<-aV@$`ds&{{m|VER|g!CSys9_z?RV$
zB;wX_UimyO#A7hLjZkXKcdmS5O08cZ!l<m>Tu$aI-z<dnc>MI>iT<CTyYRw~OUaQ+
zv+AC9vZ+;&SeL=J8@l>p#!7rVd|z9V=O05iV7bywhZmA9d5V5M#sy(pwOdt6zYMB^
z{aFpPAwMd%b=o|XDMCeYDwnb4xlWTO9!i9Li$sX>-;XnY8V8Vs{7v$ooIT`!<^1Qv
zwa@22Z&|sI^ZK*=pO*iHtS@{$*X8!=1n3RrUrPXPbPYw%kVh>&ua|@zXMn+mw0Gfm
z3Q3xVUpXXNX>g58r_|;X91+daI!UFt#1vFn`~2ugNHCK9Q@pG?lBOaQFkQR%_2!eQ
zligy7(ydKZrn`)~{10BtJSb{j1ziI)OjhL+;8q&@#xmCIW>kyH$3u`@nbdBP23$Ea
z<E{w@vL+y^zG4w>rM(qED0S}j{QV^*&ZptHaUA}ud;t3>++d}uk}VAopB2@hECpK$
z#s+VegHP470_licy@nLjg%zyRgCnV=lc#R%FxM>F3$92r*sVuLvgDFdd1ts1^24y|
zC_iziKkPW{PzMPoaKIg)a#wgUH9)&JLW7?VK(s%C?W~FDr{t2VViaiB^W+@O#MYNC
zF=L!Qq_$1DB<y);N=*I+yZYmB=T8qM%6~5;_G$XNMgHHPasR{T^FN<vDW;%)mjC~l
z{HG9N+NlPCX1fn=3Jf88!bzW*)u~D3x7w^<$G1hqCn;BJ4!pYjHuq%~-&Sf(5II0t
zQdD>rpD*+FaH>bi0_F{$cTcdq*lo$z8GQ#a5eARk^-xDOdJ>=I11+@+gDXABN0dLK
zYjU3F+j!8E_T%eH)${JFucGhTxO(2724D60&XS+kXj28M%K@?+cHyXx0%}UZ(UBr<
zcN(9ZhIpC6P|8!qv6CsuL0x!}++?WhQ7m~Ph&zp3Ki5q=mu{t;i0E+72N~V_$Xns!
z@5Pa&@sKN4LdlYb?y~2&yCyO<iQJK((f~=gHF|Byu8!s!tCw82$)$u@au{!WkUqm*
z_S74ew*%Q9>IAq?VG6z#k(1+SU3v9Xn2x7yyd)S&Ls_De<*&9pg*F?d?aq+X5x~9{
zBtw0S=ln_XScg`EZ^>sVJj@sbnD#FW>81b3!DTnb5cRYR`tsZOd;r%%vz|+U>{mgv
zb2Lx_;hXoHg}cVyYxpZc=KHO;bh)XsYzjKuGFoA4C7kQaBW2IBRyyvC+^HxeybqA<
zGS%g5jNr@w{YN(7{1|5?L?t0;$u&D<zS1Yu-@~5;sf5MMsaY9F;y_YftROE@Q0gAL
z`NZ$%-~Tz7P`TfAQUNq2S1|et76q17;&NtX$z%~|shjJ{{*8ZZD8QyoVx8I1E=VUF
z$b?716_wOxZ{v}BV?Vr5jf&9H_Nh7ve}9ka>qpS;tdK-I@iat*=}4b=>EQ@S94F6C
zoFZYJOp6CXN;US3b|M7PzN|M6kd@4;sneWQywEE*2a7k{Qut<AAwFe+d9D7ysq#aT
zvJ5nmN_bz>#kiPpcFhpHKI`n-6b?KO`+d)?<$xV66~u^F+KgjT^!%L3r)3odjA;+N
zn{jF_q?K;0KYZ{oOr1x{?JOP{a7{VS-PPg}S`?D<XOU!p!dM_;sIF31gkmL4ashLq
zkOeiiy1@B5>x^WM>UPV%psS*+$pjMTBENqGM;{EX?8eG>NeiaSC4tM_>|^qb0zw&%
z<A{k#l48PCw+Qu5P(u&5U+i+$Sv7+oBGaqpdA7ZKv<MeaN$v9EKfd0c`TS_>;MJ`5
zn=f~snGY4rIj&;4r^CIS`oZ>L1^WK>{uULQsMK!V#_Bzsa`VH1#W$3TSRSTty{7#D
z<m;m_)a<N3qU_XY{x_l3SvpjSXpY$VSFKKZGUS`XIydG}DCNKtE0{bDNLJANZ72e;
zXbBPex){zxdH&pteSh0DxBp1Fcx(5EeEb;j&Gz5g`udvHe_p-!@c#XW4<8c$#UuPV
z|8L4x`xFoUMeV<pyPG{K>$C>FGcFhJw%=OybFSeVD*McCi{-estghPKyZjFwsed)F
zTgW$)wcq{jcZ(>utGc80_nZ~p?+xFj-5&`wJ^oA9`uDU!ULdN?6K<EM9vLVub<t42
z@QA)H_||dF$V>(7$8`AbWWfEn+#8&D@ieQfI!0GYxasdZsWzO~9IEZ}0Zf6oly#w$
zD1e=%qX?D~gvnCN+gQ$2$cfr+dI19~^k#$c+fUIn$tC0*cRILY>gj-_I7XK$V0)Ty
znG))nZec9K-`t#*$He_+3SCF=HmC~Ut0K^xU5MWApr6elpn{S36Fkgyw2+JEe~9~V
zu@T4;D^iCB<0l_IAya&TTtL|w)_zLnT*#7am|wX*m;8M(zCp2=@nXaQulT~pq)+6u
zwMtA5cQCrl8x7ixQ^C(cXQh{yOR)Cx%hB*W|B~VJn)|M?;+ji#7<iaNX$<A=^a1Mk
zIPgo<hWK2+$LGzF>IHiH^7E5+OV8V9XrL?lBYyCg{z>uTFa7MK^oBq3Zzf+|_oh|u
zsPfUM{Dwb@G1wn@PnB2w<Flft%O%-5TJ5Fd_UJ6_=VR@k%x-ovNUtjG`m@{h+n1GQ
z-Pz63ZUx$9b#RvxgSxDCb~(|><%KPkFUjT7<pmlc_fCz^ifOg8(yHl?xN7}wX=(IF
ze36cYu5?VHnw8^p*ly%+hF$A!)~nQ4#$R17@n_MK{gH#5e%UDcn|L`$%dh&~C6z<5
zKJqaQQp0oXcy^ojXyS;T1!k$=8K1yWB7QDX+j!nof5aDO?Gk$Uqg{T}E@o1B^)4M;
z^X9C7Qkwo*d0(CN*GnH&-)vm_#`mJGx9_b?fHP8<`6d&%8E^h-%*|i?b=+>eQx<J8
z;hy2>y4UHsp~GKaE}aeSxANERQopdillBr>JUq;CU4lRB{kgH#*ufxeE>XHI%epY)
zs~m`<mwS2Jp4YU}Yj8W+5^^Jhs$y3NDMRUP?I`N@UhQmqYCGHpu=ifz8eG|K489ES
zFX?%jPv9?8uP>L>z>C@C%~B`P(x@ooKALEh^{0T%X!Tx=@U=`%@Ny|SVDeEl8}HTX
z@_kyhPJDxwrZ}U=G;owkE3T6`?F~3mmMxXJe40+70~S`a<$Pg2lQcb^o^PqG=q%D)
z>-3)5M#e7hscgQ|`-iu@zkkbnW4brMzwvVlAL)IW;#y+@(HSq$-|}G&FHHE9+p$?s
zb+c7^o-JXJmKrymDO4NlVMNLaN2eycy<D=VvB_z3Mu&QsH~6bDhH@udYKSh-J<Trf
zt>*38&f_aI(C(h25%vaoqYmoU6u8SJe;j)xeR6uxqXDNBprm5OVV)Bhy<7^dN?b2U
z*~+lac$jxKgB$~tLh<W0rx_oQB8>ht4)rL$9*m|?tVi+naiia!VqBL?{x~+8-Nv5A
zCd2c4vs=X%<%R=SAu4E5JD%swPN(rZJcXc&2D7NE+N5nluS`6Uv#PT3BEp$Tq<WY)
zm_;)pq*8+^Rtz!V(IN|@(n^0%Q_W<<8JosvA_pa6oB_uk$3cBmGJYQ_{juGj9up6j
zFm?NI8cxvU6BrGr+BS!H!}`V6x!{h%X?PcDd$=^@cw3`rX-71toBHF3j>hyRxm@C4
zhMvbZ-5DKDG$BuUvZu45t}4ud^!rmZ*Y90qgMN=NLf-0PU<{cwp{%oVJ}6mp_6IaF
z<CQF5_0CN?iYlxOT8-bXujerP>D1Vm;&2Iv@a2_+T#sO3t6d1Vi;_WkPCoEO+F#bQ
zh!1|Bf>>%->{S{Xg~;ArDYcl;MbzvjfZn_W_87Z}`MT80;p%A|;^^eZ$@M_Oh!pb{
z>0tTRM#n#{PlGuIOo81Q<n7&rd!yY+F@5Qxr6^hKLt!NSMP!F+jF%((w{4F3@EDg!
zi2M|ZP4WT7_;t9?q40n#tb|8*OV29NZ11N4T(tYX{pV%gy0_bdMWOK%xv6cO98{W7
z0<kDKsAgZyhsI0(IVoGyop|60$BuqNhE%ncyLUp+q}(DnjKI_XsmjWq!dv_CVHW=X
zA@?hPeE5QRi~pZP|MLH@J-qi|ZH;08e*XW#=kx!cW;Lo%|3&@(v+}Yl&n9a^&#3=g
zxW7wZk`F$kEP$S(`wXjzV#+C>P9E1&v?)`8rrV<*jjB(JbhE-WU%G(E&n)|;)5%W?
zS^E>adD_I51!ffk&fno}Axs)lywu}{oyJ~#v%B}QzWX9ZBJ=jbMD?m_03!=RW#7IP
zOtWluNe9KW@Akj>hU&m~bfDRPAC#(v@kI616zkNF3k(0tPYd_GHYEel7@*-d18e}|
zFRgLcBBvHvVOVxa_JV5JjFOWv?syLCWJAGCIfmZppu`Ud&d5tI$*d!OerlXTI7-Cw
zy!`G}eu17o<tpegF_<RxHZA`;^m2!=3{HV_64nQTl6Kz-h`xBk5h6xc@1WToXM+=s
z6tQnAqpEVM2&x5S`aP}|8nx3--p_KPB7s~5X#*OjMBC4FOlyd7Png{9f8rSNXhA`K
zn;5xO)#ph2WxI>#L+=kaGKtt!XQXiJf^psU&D|P2_`YiiD|x|!Am8=M>54TH08}C+
zprpx*-Pg%hyzo*ntQd~}I5(8neyaTv%_hGOoz%A4FHO@*`rj~+uT>n0!7ME~ZGPbd
zmwfeAU)P)0ei<e(pY#<J91ZmJ@A2Am&pMj8_}odJrgn36CCkz?>!cpGgn_6W(hr$o
zhLc<`v@5)IwjPZxPtK%S*h)Ol&wwk8ri2vfnT7tRta+Yk5_+x8#+YIO=~nlvdF!#z
z<>CjkG&rx<5Qby<_<+`$v+d%(Q~`I}hL(!;zL&R$EG;g6cf1KXO5)7f2H8hOcAV!Y
zH{@NruTqHIx^f~^jPPrvjm&dJ;<1CfLK=t!<j5FAj)3r{TBDK6=-Y}>#tc+pt5lf4
z8I91_{^lEq#jdMg%CnrvMd^QEJiZZ-jU#p!Qq0POW<|L~M@1!ld3~Hdhq#8N$?@w~
zUor54MUvcVh%2v3ySys03*UET$_rvpiH{oom2?Sn68E%~DiNhH$t*M?&0}P!)q^kL
z>NYyjkmK8jJptr{SNl#v5C4SAZ9>io^3GgIw3UV$B;kxkLRL|InP7Qtqlp~yyfdRg
zqv4#WCdi7eZ=kE`0Zfw?Z31!S8Dh?N-lOy6{X5qxUfX#-<(c&D%y^iRnT|A68f!>d
zRt{moT*P;^C#*imv!0Gir;SF|=b!EsvKPjpI@#!B16>^*E08J~&DIiVM&e4y48p;=
zRfYS;yhTJ!wCQ<YG1%Eoo2MCPtR;@-R+e?E*)}DBl@6^t^_pB;(6sT{4OE)YaB5h{
zbAA9t{y1rNi^+?<r%!jb4oP8^s$;rDyW8lDk-#KNEYDecO@tBJK4f#Q*!tLmuR^-1
zYPMEpXPvxgpOccD^^}H^CUd9lW)qQv&#%?SNve79NJ!(#!*k`W`=B}3#-uzmm<XO%
zhu0VoNL^iLK-XV!kM<l%p>J`|+>3RZixE^Mjl_`@K9@9M#g!&Jwc>sd?JgZez7$Bo
z=JS%s4O7wJlzfom#@Zu7?mQ~(SbtdJwz=TTOVY%}*uwpb<I+#hTckdDeXx@Z#w?+d
zXS8OTe|wmADAh7A&<o#uvub-Zj&;d*P5iUEA`wD9(pZg{=Bh-j!T<a(mMW`0)kheS
zE!VYuXaIJZMR}9v3ub!s@tFJENLm`F9owc+SIVo5C3o|>N#<=E^?^F;Tq2kh9?4lM
zRk-4&N@q=ab=NB6l-_#%E6}4t&9)L##|5jcq08Wzf;1=7#-n;w9BkB3i<6D|%a1m$
z*xAOA=In<YtNj2fV%&4NZPsxsL}oj2vat%{wxJ5X6;3LbxV;8LIicG+=JT68PC1DX
zhCmgMU)xE}fL-+(^Sdk8L<-i#1j?W2wdg}DW(?ceLD>7IC=PWOo)tk*;*h2OQzOoq
zeXIGF#H{3^)#O+cQpy!_8Rev5B_poP<mu>qd2~)Y-CYP9j}IWI@PtRtpS}H$t%JS!
z-w2eg5>F1dj^<T&AwE<OID8wUd4GAh{U2lwOQ#HN@;^rB<=F`O_TdyXaW|hKargYT
zU=fo~PVRzsBTh<x@w?5)`KnIGIwk%_CSl0pF8C?KRYN%N@^JK4A&BHR$>H1W=dZZ0
zkk<P3+4ey$1dPR%J~!@**a^vm^})#(ZZGGCH`X0-`9Yg?`GTZGzfrP1a;Jj^tmN}T
zEVpg&r37<K;l;V+`@28)=g%?Id>WP!B4>z-Yi5@oSPJFKse?&sDoBgPfuzdeoli14
z5Wcl}w0H1b^3$(}f1g_{pNSwH9|}f?$P@h^Z`^nO<vPaN*X_sOY}{9lOu5z9cHnIa
z7oLni`S=Fh{oG}^8(_Jd#&kQ<g~B;?=o~zUdC1;Ukw>dzg2O}Uth?<-kL-iwDW~Be
z7uMleH^baP^B5QvshyRjA*+((^BlGEnvHf1G1;M{>hci~2#gl~nuI%NWc{>H#$Esr
z=fg1f=8(_IHwPTO@N@q<m!@+Gb`~A;+XGg1)?Tl~nRps+tJJsbrZiDmf2&v@-xNgy
z7G1HkTRwds4LMlh-WYB4(clV*Z}oNjSPO1Ggd60d_~ZZ2-kZQvwe^kT$B>Xpn&*>b
z$~+}wq%wpO$rLhY%rVbI(V(Kp+(2EGN>bOXiHZmz3YCzAN|O2iU3;H%9Hs8?+~@hd
z|Mz`-?yc;-_8Puxt?xWcMHtDBwbrhv!sag;@Iwn%5^4Z*SJK(C!$cNwlVr3DvaN$1
z@+5{8k_B^EhqX0;2D`2_#0Vb=r)%V|r=*rhT!21#DebZGv6kcs2q1nG$B<-Q2R=ny
zvczH^$mE?$liXa;h%`hO{Ys^}e?)g7Y6XK5J|>PAag`3<FCXH{kcdDc0Zzq7+GVP(
zfm3Gml0vSrVG;JE2H60Y2|7tDba?Ts51<mnP6=wdilVmofdQG|jZi2WKIHd=7N!fw
z4t{7hfqX6}PAg??Q*H(Mdumorv?p*D0MKg@VL@1g@&syu36jC|^I<9HcG4kOi+BI4
z2~3a`v>c4xK$%V{W3T;jE||=MPlT*gz`g=lQwxz<gTpP7=n%9?L>XQj);O;-=|aOc
zQdu49Ysyk+Uy`SZa+m%uv`<p(f8Yl3?=t`Wf&EWp9i;vKKL3-1$baj<PBzs2n|_14
zL*<L`G;pAchlfA1M%Z&!jGU7waoj-KCjw(8$9*gRB<`CPkNZXj5+o>FyCD}&WD~H2
zOg+Fhx+7BzM$R$$9NA|uVvmG%WHi`f1(p=Bk8Fbky}$`?1?`6u$w~;)v*7|g!kR>$
zjoRA`)U>wnV9E(Bs@M__3dcioCM;zT#PVbP*S})Kn=rpkSOKT708&F`CR+VLvT&SZ
zo)kZdXfZD5P~{qOb_JYc01X;0-5~1$g^ifp;wOm=Xd6xBg~C;nw6vFobA*hsAoT6{
zs|lJYRs@(Kc~DIJ0;>fH#jc{H*+8JkuiycBNjMh9ZAoNV0u#HS`il$MP)Qd2TtQlc
zxZ=s;AFzNlnbZY9*XWFfg%gK3E!x#XY9s(6&iA;2k_NiM{sh_#S}@8R3wKvg6FTCB
zLvdvjvR42d11?HaNllBmW7Ae(>WN#mwYOmemnu!7`H_h@^%+&d1l<yh2Fpf+!e8W!
z*;uzqkjWU`0+fHl3Ki0T>tkUL+$z>T3GF!zL@AnJc>bNm2$O6v$rA%Q$f-0_!ucQ)
zz8wnKY(N;qCxbslAV5F(fY5Lv;WL?r0|+Q{1^XXJ=yoJqWM8G3Ejn2fxvB9kDKLdM
z2()+taQqbxVfct<DdcG&aTWjqA3)A-B>e&#Lf)K7g-^j!iytO@_DIE!J)oUGdi6tg
zZ#QQu%k>LQJemeN+DO8MoM#|O>niDPGSyeo(lyo9hVWh`6;qTj6^Xu-8Q>ZN>@y(0
zNR9z*Etpj&?+3mk__d)n0%I@Q6zbM|_nNXtxDjijho8)D$0n`6Fgu#VidI5dIn5Ga
zcIf;<<^ufS{A;trV227M{{(gj<Nq3PlonG#jq>jAfb18OqJhSQvWT+r|2B}RXamtR
z#S}Py;+Xy88#%?5qM`&Gf5Md`tIH(F=bQ{3ikb`~HuzqA{{?oK@N-X8#E#ZlQLvq$
zd$3k?l7f)}XB=?>&JYxZFR*I`A7IKk>LsMMg@0fpP@5z0{IWUL5!M|=h6Kz<V_W!Z
zh?=}y@ZvzS<y2@J9h(WY;Uwfudo@s83J7slo`~q-se^cN)J=oP@X=77cpLx}Oz}&s
zPP4Xu6tPcU`eZbZPwzYI{oO&MAq8&Ee*y<nH-8dD(WjHIEk+k<LHk3o3TGN>Ljfh4
z@%P|G&rseD@T{`5h5vacQ5ApUpIgBMp8m5dz^?c|x&maB{QE1Iz~w(*0R<yd2;o0E
zeY62+fPY~FFs%Rc=}$gF|DFw)Vg<iGK@)`G|J}qbA!VxTcW}pM12h8u_Me(}{@<u{
z`8Ub(f2UiD{)d`S=-;3P`nCVJh?uCj*!T56BqhcF>;L_C_VcfP^M79dGnM`ZDWbp=
z*j9li+X>aB8gpfsoP!Gw4MNIe2*E<WJ&0rhN&`k5c{KsrL%ac5*?<D7L65_4iK!WI
zKL=Y#72;+)mAwYO!#co{o+126I|`;M!G#HUB`;5_sR36UCpT+ePE?B)gaR2Ns`$#g
z2CU?uYjbx(c5~#tjOZcMD!@{}L2MIBK?W9-$%7!~g`$5UE9%K68eU5mdDH`%7&c8l
zOy-73ll2JTc?y0$mcXl8nmR!&5onCS843Bk&_*8pviT3KvEC<)Ksf9stU&nhR5K7b
zZ_um;T&t*ap)l<TfMin+`P&JOWAZ+O_67AtWuqti<&i}l)E&iaM46ioW;X)KLWJUa
z@-J=A<atarpgz@5_5FZ5Hf_|?QPVY;d?1v-d5oy5P1J{1*gt+a5))$r{IR7{Yf#}k
zj~zzJG5Igm{;P=i|51A?{RiRX-$44YRsEX&L)_Oo3jJRvPLBVQ`fvWX|IC5-KTrRs
zvj0#^bxas*ri%aiD^Xq67ErP4XMtN2!~Du}G-0%&@**HOfyzmT?7xDQoB*o`7|ig>
zh*ZaM2uwou0z|3>K)-~U;E+oS=4*y%9FpkKmlUHBt-S=*j=(vb2|qOacg$PaNK}Me
z$P9Dvz}z6oZp@-0;MD=H-BdmW|3HMMXgf|Yuo#j_ECZz_Fbq&{6ypIPRtzKk7$=3;
z3Ys=Zwf={VwrTIcd!o>Hd=*&9c?o<C_#F5tJtIXvk1BY_A`gr2%Alelag`6X?B?X}
zwoUyVngs?BWI{nMG5BDjCcwg2*?{Q^G^0F<WT25@0?&<p3N=tlxjI-{p<I5D2^(uk
z%i2uxjHkT+&Rd02^$gr^DO#)_>>!igA%`j4agyq}@tr>kQc++f+Q>ux+!F-xFIXe+
zL8sbxzUvKKHy{-+0EgW0XT6d01!G;}yeDNV;UKAkr??E6o%F>#zcAwk1^x&oI0rrH
zP?EQR*4v!&1?~z&IZd#i<l=FYK!u9k(P&~Pz58P@e&;8P2M8FU!!o5~&@b1ogK|fH
z2LN=ish&VoYa<1Iwyrd%lLxtpe-9(%;Z4iFPyRw4zMyWYFZuT3#ys*}!S|d8HKagw
zBJ$<?Co~*3V%Tlq@=&{>>;-x6DD#@MK65u`JL-b)JA!pd^9}q?4v<A?5#$=A#0T6t
zHDV;oc^Do6#P<^c4r9<ErN1Y1hb1%jCU-jN7XEN}etrY-`J$VOO&|3?2|>x@g_>#Y
zjZ}FF!_VaSP=wFXz0lR&CM+r>N`#!IL~V^<*2$w}bN)+p7N@YPQm?^xYeDM(Fd^G4
z)NFP_f+czc`gC&C0EVC_E5=(=t}TAR{yrRml%m?|u8=Sryi1X(of8Y3p-8xtx#1@V
zTC3r$_P9EGg5@2ecC1J!u88DfWr2!AnNLb(k3w^-pe`^}W(4naI|mfv3w@y41)M1R
ztc<WQIo?1R8p6tiIl=i7O#L9B!*nQZ;2ny1!BXc_+TlHIgm_m-B?#4=kjt$LQf%0w
zfIZ9y#+`&Y47fv9S13y5j7nhRvlfDn|Ea@4t|L0RY^4h2(1WiIc9kf_6QQQ0s+hvW
zYs#g7#ggHH!U>>?q8L`K5>rv2E%+WKqGx1kgB^~)bTrY&WUDyYWKUI<W0;L{JjsDa
zROJt@%qFXJCUZ+<r0{cf&rdJ~*>~5<$pST?gm6!&EBM7BN()_j<OYPQfuUq=*d#5T
zaeWg`szBWWx95jLOM|;9nD|%wPAL+)3H&KxN2pF>a4>NkhWVi&HQ5g}TCrU~MB&fx
z1Zw>&EJ3S)qH-J*EI{6TGKWMCYoj?8KrRucB}b<M0P!E#pedD8WULIE3W(nwck%i4
z9l^t1ekfozN!5hLq-+{&53X=R2$)Pjfro>gM?BobXAmfk9R@N$f4N;W#dJY;!>NGZ
z9VP13VP(Nqjdut-G4lBVyErEx8W|!dD9UI@o}vMH8h?IQ0o4AK$aP4XFezpS?GKHq
z3^|=abINtY$T05bh3GIk%$U*fR~PQ5RG41^*d@@z!XFf0C3J;c@lYUF5Aton2o24Y
zD8*Ir91Ccxpdtcx|A5}2uRxuL@>k&hoT!%Yr|CAj=B^$nbetL!jphfxWA<%$jll$n
z#114V5ZxgL9*Xcl1OpbP0Dpi2carpmlzn9O3hN1YFD%}Tf*x?1<!J>;y}>md(tSHX
zk_xO-0mw=2VeSOMi_j<bEnr0(t5w)-K^F}J9e#~m@w6TIT+s+lz`ap$%J)Hj7@@~{
z0sQs@vZeS(Q7zjDzUYT?5YWFdCTEI;!92iI0-qSRQphJV`2mFbVT+-#ls_zFV&3HS
zk+%X3OT<5w7sKa-dq_;kdXtxreNGdWPlem0{XwF%8ze$OM~4z)MZW*omZLt=XlN|>
zj{*d0Fb%{BW5j(To(6UivXMZUO>*2X9(#*b+1>-$bwO|ka|E7g9)eCFHU<@Rc6KMh
zF(MIpkun~HD#((@haD<ZV+s2V7bhY91H68zG!JoBfBqJdi(>=kBs*E+!D^IKjkW?2
z-tX8uF#40Qx{wG)6L$)=MpdyqK@da|1x=&{dNoxP4IDf&oP80Wr4JeOA+x=%GjTHt
z5l}(_0@x;@jYgXUJ;PiC@GFiUPQV}k4L<<n!}#~POf+9|>JYdNG>k3fETa1kY$)7z
zm?C6`fZRG0A<9%Bkg*SS31pK4x?&T33J~##6$G&f^$D;EAU*xSSX0LTn{q7WmS8iY
z0VrNwh8CCzxszEHY_I<y6ww#!5rK`Cro*X1kt#Hg06pVbC{Tz#{t><usALcA$kYo>
z<c~!1NlSt4z~l7+F(PIiCW75TfFO3ws5M>@8$z8b0svMG2%Ra~Gfi`Hacm4(2T&O#
zkRAXb|G-@#-U|<hgF}cqg%%W%bkdrTD&hNitKsqqHV<U>!z0zuJOyCtSPVRn6$d*=
zCxk*~@Dv1;d+~?o6cb;jKB@Tb{`9OO|0pc3>d&3lKRmBfp4eY+H0^mr*PDE;C!qq$
z$(`I5M+5lYA&HIxT`Z#ny0X}AQn*K=vlAW~IMEb4CvZ@(At}e2qJzPF6@jThkRd;V
zY>m`wf}{e<;ihRq<0$?sCh-SBe+O3LL}r4!M+N+N*PzmQAWfoFRD!yYw+vOYpLnv>
z%E`vf7M?j+8ar(@C%Fk~qGHH)R+e}>&L4a+$-%TgJm2RI>8^fwIw{5GBy`62Lt9=4
zXD1uJ$?*B15qR!{J2^Ly8z4RyvOy2PRE@<v;&1uzyG%3&;TTU_0mKe%5^c!*pM<Rx
zrbPK$u*Fq$2(*Imzc2=3%1-=Gg8RhT`vKZhZHeHI{<%{%`%`^EMB*<-|Cja}k)^*R
z-B4~X)if}L=I!U?hQi*_oHC4lpyeSXft=bw7(jY3jLy;0bqFa?(bn2(K&EPxiA;P(
z%RNnrAAdft@9`ZrDar_Bqy!wr1b0RxIsj#~rxIh_8=q#EAR1<q2Fjg4o-P^Nq85{t
zFBExz>L-emG#W^KuZTgSAzJk>6|_GU_bBkfV^=NBAzB5c@lf8Xy-@?Da)9~5>e1T&
z34sr-7rfQ?ctid&By@rR`iDXh@;3cZG@ith|K;WX<cy=~Q9(dE*YBYKJCB`-pB*8p
zkc0zmQdiiA=*geh`0x55JI??+&rehVDHZq?q}1dW#^fceu`kxWqm?6K@v!qaX+h*)
zAkf*>1K)D$b_l{F^68|VFHw-PPuQ8I9K`=M{w);$4?H;Q-{S%DYyS@sDRD^=@c$H%
z5R(#<6qOW({J#>SBLDUO{Es+*{MY~E$M|2+0b1^v?5ly2@=oEKF|`K>d=F|mH(@)c
zA3Gu6GjJ`PaQZ-<|Cra;+||V#x`4R+NsWJ;#UFUEPUXXjCmF(YLy*G~vL3mTCMQus
z6p!+TC`Y5MBI1Ts^d3+r_9YPn6iQo)Y=YDyk|L5=sw7TLb1yqb2xmpDLE3Z#nG>is
zjBZJ>CW18e11$lr-WHYV1%(tADGK-=>Kj7V7@UGQIFo?pTjHdN!m;2k2{f1*O&5N}
z{al<K9B}ZH*D63n(gSpkU<$#bX!6iGO&l?z&t&x#YV)TPNKw1QC^t3Cml|hFj{L+D
zNs%9-k$y}hg~hDV#>NSttY_r;BEW+>0V3PnJjj7+I5==B^<9c7$~XudDBCU=8;Pn)
zJ2#oCZQChDws}t#I)->Bq;arvvIgg23_=u*9w_v|_t(|b&PfV%B35>;rs!7$H1rXs
z(IlI(Cf;H+7QF@u8G6JxAgKC6w8L_}0U5v@aqzdmBq2?KiyJRx2C)9`Mkn&~aZhv)
zx)xBdVqnKOR%{T8E|E&Tah48E5M*myzyDpYXie1kVRQ>kq0o>EuhM2yHLXp$QfL_J
zf`!1gDupdw0AB{x85vs?9#2o>nehkX{(M*%l^5mi!h_Z)pg$P|e85}TIbrkpL14xv
z^o!}?{1ZRc41kZ@C1_O@NS#c%?7a9U!F*xc(Z9*ThWKMLEND+8Yzv&e)reF3R}b7D
zoVOog^grm_O~$(vAi}Kyz1Y-%B%eQX-pPj!-{Z*;#sCa{6V~XOV|WkAkNEY0obKr6
zp`4fGn~dL6c@Y7WcY%uQ5SAogY?NjQztref1J(ze3kQRYN6FVgfVczXCDR?cAhtpE
zZ4o#TWbHi}6OkQ@g!$1T$vMHSyezC7K!xiDiN0(gktkX_7%EU@Tk}0odDV)jY3^!=
z*`uh&XE7m^0SsgNv7WF};gA6V=Iabd0^w6A&25Tivq=~I8v^h3c7UUviVlVts3#wA
z1UeAV33+|!4x3t=JK8~3GI=6-U9xCPupb~$$m;@T2hshIqZLawM*As(DSQY4AWkG+
z48W9+;Zq=FuAt<FT?CIN`=57$04+qq;0=ALX`y+WDrp&DdMZ@k2kQGmWki%Y4P-tC
zT(RirO;p>4=oUylkf00nT(t9oqQuVN;{%SE(xC2wAD9k$hVBp0Tv!q)n9;xS8$*$H
zq5PU92F~xX4MH{K{;9zH?y^nnK8{VWI02kgqY2O)2^z$LA5d&aWu=W8TeY`P&(NRj
zh1@SX$Uh-*=&;jX2C1oT1Dqk0a%8HzAVoPWRPqAz{oyhIZTQ)3z*jOg0ATC>-Z7?J
zHPksQeBvBXw+S|%OytOqaEe58Or(A|`ceo4lUhu1!vEH3q0WJJ;(z;C{0K~%bAVGD
z3>p4MgsJ}@4nmRtsV>C-1{J^`$p2yzQkeWNBC$?V3fdz1|G)8{|Dm(=e_sBl26jvc
z<kavA;8%2!FC}uzLiW=ibDa?(&6y!MP4E(Z;7`cL3qq=okh7}|kq<uoR}!2N@dRhA
ze=orqY^xenX|u6)LpdlR&o5@5140k0AUUAt4p2x2WmvUygSs^!3)(^cd<QFRH9SH@
z!OgB<ZGe2q;QxU_OeVlUbrHcj1%?e=Rv-f#<i<i=38aEY%!HD@xR3}?dMMdJ0^70!
zl<IZ2u@yi)ncJA#fkhk}76e(~VgP<T7>IFp70SMXUpMB=g%t-uJOg4pi55uS<-sdV
zSRkbY&w3sJGkTAH$avoZ>_gB9k*`VLnPa{|_;=Pn`wkkdC5npt@Uarj$D4olF*KU^
zm^>Tk3Na%{VT}c7AT|r>tk-yX5d{_Suo~b(h)|{10t~wpZyPE$o}Abo76dE|ZZ$wM
zGe2@^1OFX<PmCk+ly{NG+-u0bQsA`ZLQ%+gkZY^pFu_VLt)X?3kjHo)1Tzw~-UHs&
zj^u^A+9PfWlrrFEiKRyU;khV0rwoTW@{q^368nN*RBA2dS7?Ys7_~xM>j9r3r9QYo
zpc)Lg^AT|kc%vg{G$_+Vjz2=|KIMnsQyv2j9|jJ}Qx|z|61aO#bdOu>$(#}OFEr>X
z7!^9<Codco+#q`5j$-H|ct!Qf!#5L?UjIXA`9C%c4gJU6PyZj#e-TL(|0yB~H2@{V
z#Km#?zwW>JAN~`E;QuE5hgD+~4OvdHT;0eb3S<mvAJoDBW3#g>R;P`~>*HeuT2CzZ
zDNs}j>71abcn)&VY=d(ZvS>m|Qb57hpy(#YZXlEeBDOhly>xK4fLxVGfX5SnPnZCx
zT*$<uU#AC!6>P%X#Zhi`@ZCc65;BV`V3Y+23Z(x6dW;Q8E^g=S3jVz0mGGi^&B*tM
zgjIoAg{=@#DNSl=IX6&vI6wk4;As#QM|B1;hdUA<ibH@!390~1$M^%x7(L;??hf35
zjT3MN7!61C>ANSG@(H3AC$~eijGXKflHP+dWpY^0KaqJ<9&@fmdGnzNoGg$}St6i)
z3eAF1fncICdR{<zkR!1RQI5zX0A!LHd5TCXv_PB(wSm%94Gd`-m`>Hel%|3CR1JJ4
z8i;r)iBh$~h}4nD=_8O&JLj4;Yed9$f%`sC`w7AaO6IllL~&V4YB8!K6AM5Ylop8Y
zvCx*8LPQVKAHe$`N#Fm%)YtzB^!h)33<~{s1eavtf75J{{J%~T>iUX6kzcU&)BKHI
zp&y|C;!;wQ>qOUK^1rx*2+)7Yf75&>b&FMzClU#eJ=SK@i|>B<qxbkau*G2u`tI}p
zslQIzf6Opp?kPmF{YR&Z;PH$77hNYMiTFQE|06Dj>OV`0OZ_+h`#-t|KkIDuDq+y|
z3zKZYE;r!@tb@{f;&t$L*n*XYxC4tqAVQnTS>At06OX#VSSv{R4Bz3=3rKeYK7lw_
z03sb&^j+OCX3HBD#;|Y&mdnx{-141(-GB~2&;;hh+yP7cjyJJ&c197bLPTYA5^e%P
zIs`0^7WfQQPLJxIPrDGL?!c4`Fdj;oEreor;X6CvN+_S>Qm5_2TQma{$UD&lG#Tbl
zS=g2eAt9*ciz_wo5;aa%9>DThc|jUIi0`$4$|<WcmwNEnheTVDkOM0ZgKE*ZLeM4*
zMb?0rJ9wIVqnI1uK3$0<b89S+2Nk+;b@hhoG|<g9T#17G93e;xLRZW!_X5&Ff-@Lg
zA&ke|6;wIE=@C7^UWW2|q5dFLW>O322q|YUV4?y#b{6gqpg{oR<3wp37!Pe8u(Eqd
z&JK`>AN(UMfTe|PAsdOv*n$X021XTPRnk{h(*j>fd0|_y%LyYK2|>)D3WAD$;_yF;
z<3*rAoubTHXp@kB$kiFdeCQLK4wO4`0oD}t1_{%q?g|_x-9Qt?%Bp0#O<PA--pt0;
z%7w_Y8#f#A5V^2#DI-E~w39W_kBEYmh=NW;QTVsHr#+F!7vr0VTw?w_W}t0C5OhOa
zJ5dm#IQ)oMr(F0DlwY^1?a<w%1w0>Gm@raC$f6}U0k>pjVe35U1uN!*2ydWgm=O*e
z^4w?}62+$K4!mfcZBS`wK{rsK;l&up7ZI3giVYNTc$fhl@qs^nphuJ04ZFkC4_Bct
zt?gLhKN@5(3IBt6(N@UC)`jN%Kk?5$!2e=W>(&uO)~%Bek(82@09pX}U-ZBEpZ*ER
z|8XCH|J_Nh!swzqV3Yv1pOsb4*3HpDfmO~8>4X(*El8e7rwxkYZK~Ul{ECo=o3pDN
z_{5<G@WCEuOK<eIt>~|s!&}tWRRR4E|5Ah_$>jyo2$9Pa()<{4dU0a9J1%5|r#$l}
zKLgV(l<)#1CQo@od4d`!qW%EIIf5M=FtepRmNy7X#O&-O&q+DjoC+}HCPZIAvFHf3
z*eTJpsD>Z14r4<=8#y~C2!STLLHLWj8;Z(B=?mq(0LePITgh|EDdN{3X0NCKouV&r
z|1G>BrKgGZ7`EV|JjXslS6B`l7Z8Sp4gqWMQX3%omvb#AA3h8x-Zyy6!Eg#|VYEN^
zQgG@o1t)z;UJF0x)T8rH-3K>vKf`J(PRxPa6GW0vxeno<^kix00U0Y0Vv-ZaSBOJ$
zO4xf(z>*Am?+Mt`d_i*GgIo;BQ`$&AtyZ8~_Cy;cCyY)B`UmYf#NdLUN&-r4VLP!8
z69xufY8%uJ{h+GqXp@LCKfJ;lz!`>Vpabg#wgE10w9=`6VBb+l0Ce{AHZ;}AX*<DZ
zA^7KJA^4|eA^3M^0Y~Z2z=Hoz&7%JA&H^Pg_&KDhJ0kq2W-;*RXF)MG;8u-^s|>+1
zoSYK}2?ZGfiwntF<v<Uoum&YyCBmQb@Q0i*dc-Nf<t2cQgaDVf06IdT*g*&m4lj;q
z<%Dqz{l^IY4_Zv3|1Nt#_;Ydkr5yYR{Y~{6(SIqZ@dbbVDF2H}0pZ8!znG{PN(Bk+
zL?uPmN&Hv;KNT$h>1Pq!w6@G-U4mG`nQE#kIs^h88p4H{9{vp2v|a`NVsTM5AQ1>N
zIMDxe)lC5-@Nl}Dn&zhIHB1ZXn7C7{7IYB^M1q=%lCD>xT)s`Bsb03?h)G`J=gT$K
z-1F(xn9qg=oeT;(6hd^Nn?G&4u8Q-#)ES4orZJu>+PyvBtuvh0SjKo|=+lj=s>Gu)
z>fF&=hx=>3Hg|dNW9sPkv({>`zt-<K{Ip_SY-V<Vr?#Bfl|ySx1TKj%er!K9f871S
z{H~T4#Kp7BHqb|~PZyLidla>D1?etJKu%)z3zd^n2?m$@TT@2fW|pqhH!EW<YYQCf
zOUW8|DQ+(nrc*uOp8odAe8Y=JWr8<w?Ju^9V-2aeY9gdrp#I=~W~W<dUGA=%z%&Qx
z3kBZX*Xmg~+*GfBRhLnO&E?tIg9<}$qfO-H?FxkU7nfvea_DeGDiKz{>ne-aeC^G}
zn6;Y2>;St%_W}2=LbsRuWIem181I=C^L#FAJ3m|g?ZH^%T$g6K#owe3xu;v!=q^00
zY|ox{G*|!XbrQiio;zD~{sP_1-#c56Efn4@CnLcX(cXKz#i*>Aus@XDkjKK}Zl7Bw
zb1^pyA=XMN(mm(HjjdiX8SC=ZA6PZ`Ue-@>dlO-iZFo1aWp?PdC+_u01(p#SJ3JyA
zrpXtSnFb7|?$A=(vSqPIkois(ww?ud>0-?3mLDhu=yaHRG#nWVNZ=CEe4ev8BjAgT
z;tR1jiw^}I$+uqyj(>@m8>Vx2AUu?HqmDZ7gSs0e<*tzfn)A|?7tKEARr~(nQYnG;
z<0JYpf@^1d>K6_iTvs%lq`7DQg00WCKREY=A@)MWBF@J$jvP8+N_BhJTZ~@aD<?Me
zF{{$pr|Q9pY({n>%f-a8Y{k)`dXdFyZ8wgj5?8sUJ4A<unswapc;VJa&^>E=epV>E
z&hmi=!U4Zqk%Ax6sl4gvNb$VOck%d1gDf@WOM8NkithWMpLfgg#ZX38Q9)M2k>^i3
zQ-<EyUn@CpG01R3Qc6v4(TyzFJBRp8l9Z+@-_k8onvDz$YK{(fZrY7|eGDESYpX4g
zZ#uBvJTfkubgd|7M7Cw9?!(xae|!00cYpotz>!Ri=>Da3MPEkxmL!TAmUnv$*PdES
z$DDS0v5HzjPqoD2rP0aP4sGfjmQs7(n7VWID&4b$5LS8*t%ZjNO%`x#RzKim**ENX
zJ7agY`W%6Ka|8`<zH685{qVk%uDD#N%#!_`tHHFhLZ?*uP54Sz-{X!<66Fd#u5RlX
z%~)>6eQuUGL-|t`QBt|Fy~Nn34<u9Rp5N~slYVnfL->V^^y%yuxw>LWkrABI3%`6}
z%`l126<|1XXwzaweztMH)}tFYZd}l+$i+plVIvgf8BJ4av?Uxb)K;nPQ&o?O%9zIf
z<%?>|xNU1mR)xH0*K^y)<w0BS2XQOM+z`Fn=dg@HwX0uo<kPXd0|!^PZ|^w$+oA&x
zbnHT^*$BrOSzP9gwzM8g@o%(q7BVU+VNMIHwpSebE!k=XFT?oTp)Sva^*g+hv+AyS
zuw<-yn3k@w!<s3p)9tw-Cx>D5aV2NrIio%GMFDNu^@*a}V=|2MN-o&#9u*Q7dQ$Dv
z<R%l4&ALJLlzx#=4B`Ij^Zabbt*0rmx&&>R$1XnvpN*ZiSmE=ncaAvAjeUDsxiadF
zW30P9<YeeK#6A{!5*qbjEIn7(wT_u@O*q|b3Fo?UhDd4Ug&O>9`;&KH)7fXYVCKxW
z{=VX-0f`ra$F>obDlYWPoNic>z(v#vqc2wOJab$7IMF&aTgK=zYnYc8m%Zc*1_oum
zn$BhJ-(Gt*xt67MjM^TH6K7b(wT+u&!&<ciw;T#P*A*G$+g4pXCini_O4I9?8$L+i
zdUYhnjxF@#Wxd4*0z7YTQ|H~J{F{iSeT|Qat)PEO(wa5y>5SHAZ$`){X&+<Vm~dZ7
z+u871*Pc&d`nz+w3WxV}Fop+joGtUN@P%`W|NCdQw!DrKs>})Z2@cC%NFN{)>@s>h
z-DjjZaFniItyU0oB(hynMMta2@%H$)>R27(G!E-yycRJ*T<SGn?rA3U<PTr%t56(&
zD_-&Y*t#OSTQ8LDUwa$mJ*i-6sd>N|%IxC<=(74tTde8VZ~}YPi7hMQj>&S~*ynKW
z;e~YlbZLuoXU}>$2z0r9&e@`#Q=WQsbDdL5e=&peHIuI3t-DJ%=x2I8j@6R3{Pem!
zG24(}Y`wE^=zU+MT<hF9BALbkt+o1!D;Dh<t~1gf9U5X#aCdQ6FRIy{&_Fk*?^bZ|
zHNXDLJSiTHpKC9#YFm9w(WzL|<81Zx!1p^U3|FP`hjOhs?KtnUvXWOaVD1jJmP$iG
zCXI|5AHl}#!*QnGU4qk8IR$NxHQD3|XzZ1|wbN_2;k9V?-D!8r;ri*c*QU5PRu42Z
zR=j$3XU4*0m%Fi-l%B2)Wt7_%Y+E*c<;aK6WdrfD10SyWk3Q%~KD^X@?gN9oXl;!e
zJ5LX`<0tJ3PCVNSr%ShF$#m{BtJ}1%jtqWDuOa*{VbPH&$)!3J+^NESsCoF6{~ksa
zx)UNLi_0p~MRd(iOD_3v<!SO4d7GJz-b0;ccNr77s%w;er6L`oth=R7hwaSO{hXU?
zY^}>K*LQ#Jy74yQF1Sk37ox%m1p23p^mMk;v0}1jCFODB10S;TDiitq6&)o;t_l$h
zvL01<*YXoY7(}+;uLzDisa{f|%6!dmnz$^Fyl{GLjIeL(Qkwt^n=C#8{ULvUVa4&0
z4-HwG%hb9X1m>&nUvGcg>Xk-!y7H=wdaFh41yU=Pn_I*g#Hve0s`AfgyxUhX@?L-C
zaH%4jS=`1|yB<Hwd1iR*p~%A2t#SS?k9oh1olM`MJ>I^qQnoi=J^f_%3&Q6@p_@)O
z4SjpFw9oH69LIC2OjyuV!KTOfmPh{e8xnzgW36}V$7<{#d`K)4GZA9==2COPC}4az
zueZQcK#l8F(77{eqoc<ZKidXoKdxi$&dk0Os=)c_sB_}r^O{O&>y&p_vI;-7tQ*S|
zmu7Ci`}R?VrI|xxZvQw?lkpbu%F|jG?+Fl&F)NoROOoop21{#}Bqk`>eSYlT^~zWw
zw4pISJV{hYQ|-}}+K^U1h3WqO7izYLDa*;Y76%OXE?cB}Cz}7%@Jb)sJ0bp-uP*j8
zsjbS6m0A+^C|Yyb#q4-CKLXb&jhdTP*Z18o=V#V0$R6?S7?&>7p}Ws^Pk@=;^0eff
zIeK?pUN`#&b_}<q)GKbX6@J$#nsiI(lpA7LTzU!wjS9ck)|hY@m8|gn@adW2xSh;$
zoyTsC23eg))~t%k+-|~e(_QC0=2nwcspx!%O*Orzps%7}fq+?uaZHphKU=l+j%jB*
zZ-!+Z$e5!Z5_)vCO_F#Vo1cl0Z!N$0b3^IUie$Hv#pA;RMMa|}OZAO?I?D~Ra_<!{
zv<$vrL6=%SCu^GAxjT+86h_ncM~+s<?l#PoNI5coV5Z&q6VCex>mPd5<qGTw3(-#}
zJX~d>b2-EKcFz^(fXmH$r>W3yQ)!VKd>gl8IBREFNrWcHQXZ+uu#QZUj;|P7gW=ii
z<56)nK25#vcRt`eomMBt3<%|jcmIQhDLzA;;p?rgE;wA7|53T1#-PBbKWdGJM~bXx
zMZWiRf!!a%IS$a@kZ8DN*E+N4+k+!~(Z>`%KlJS>Dyni&W`6B0#<s%m-L;Lt@mygJ
zD=d_^u4FQkS#HA?ZX9)?pXmgV&oN5c-Yw_K;Z4_cM3cUDX~eD=2ooOZjFc^jO63gY
zieL1tG{x(U|LrEJtfCg~%%{n0^hFmB9`*Me9ZC}}U@WFH&va=HTi7OU5?cmnLR4+N
z{m_@C&iS7@J5o|^+n!j^I+||L-L9D+V^?j?{WSRCipLcpyr%R~uK9~a_dm4ae%E=*
z{Ipa;s;+{FNlfs1&b?v`+tNOdtS3EhywYH4@%(w}&S>+ei<fP+mn2m8g?*LTzuzt^
z?%7^$t<;qdiQl?fwNvf(E{?xnb$GVy+aQLakn0-TV%h1o(_P<w)AfPTLjUoX;*}#M
z4T|5!X0CgA-QR_WFX>3Faa25S?(l_##|D>_^j1Ya4;*ig5#&AuWVD3EXx*%3LqnlD
zO}<YQTVJ#Yc^if-+kd5C_|9}y*3Mz#D*wvG=kIQ_?e-jCE^6GQoO+b$`Fe{2SA*aD
zw4=T-bPg-?c|?Y8O#p7!WG+wgZOcaqWibVVja>sxq{^}3-j%E;JZ<Tii^bNqSMBue
z?5kW!Di;;MxV6EiIX|m#tiQg+>mG32_m&+@J9^+ahsy380fv^6eTLU~&Y!nCfA-KO
zozLwpW7hf^F$~5G<%tTTvKleRk8{6Qtt=Cj5YHk3QT!->_T)!76QLJebJQOZ%{o%+
zl-DM3>DWsT+{txsksWqey5-Qrg>Q~zRmj+mkJ7=d@0wjS9N1NV%{0%azx#Gez<V{G
z{*xL+4&pTR(?;9#ztrki4pxpQW_Ki)!u?x&t$=A&Z|*o<5^3ktIfoZ!Wf3eFwLej?
zi3!lwmfpuXXV9dHD>S0@O0D5o-63cH;TPu_7zhluGV9WB51gGo?o(;vS(zffaKk?J
zqA&i}fr|2ZkGj{#X}z7JuDq--uChE)uE8qqOTmadGv8>BlZgP6ynNOL?ZD6J7gzXw
zd+k49dYa|++&%4)t&tYf1KRrQivpVmjhLn<J^HLxRuOFLr(l#IwZ!|uegj)anWUQy
zUY<`HUz_Af92X7MAx0IZ^lDqr8X5{$dHQ1Mm#^<#*LS%Y$E&vNC#Bid+%4SAv8VQu
zo^bv*Wu<MZD&}4d^Yvf)cV%eH4Lyt^RVFF=8~*05%Ehweent0^r7v>!wPwwhcYE#K
zk>S^`S7XPM9j{q^v^PImlweyaJ9u+P-=oS3mdfbh$`5xV=IZU@{W8#{Y@V`zmf=X}
zYSP^%^WE8dv!Cu3le%<xQ|#iR%L(C$k5u^@KYyvo)r|r&xK!CrPavMR`oXzvI!tGe
zp1)beo-8ac+<V3$qou~8l{dZiwqw)h6pa{%=L%<-7q5OApX%@+(}J7GKu9f*e@O42
z_GWv^@JsK7#@D}vYiE%jJ^!txDf$?_jacX4qvxkJcbM?HF-_Mm7_QJS3OFFyaNV8J
zZ9Z$I{J_iI;x_O0Ji4E`P2Kj%2Zu!F4860*vkvFeiDzx&PvJMnYm0hjonCh2>H823
zVc(J7*+!eAy-S{r@g)20y`8?JFDEr5=p_9sJ^oMcn4`V=O~-RT9Sb!6)P5sVT9iP?
zdc9cMs9$d8eY^K_B1DXH{03K$+E07PZrN9{sE_5%!er~N=Z%R{SB(0<@?A{KC6&%9
z+ZwuOm-NuL*1+E_ADun8ysja0wY_A)-q<hses&G<^SkO&Twd-oUuNXudDg4U#IsvA
zu&|{zt;|ZgwA|r{&?$$QJL}K7+jJ1s9@OQ3sV-Y+;#c+RV>q|;=DWu1Zx_wIs9iJ~
zJbjk&bwZHPsdGuP?m1U9(g67srgZ7=PK%OE;EvQ=lsH^K8XtRiUSWHQ-;mwKrf(M&
z*IT%rj@>cOL}*6FR-VW6Q!O0?oa4C<>9QYZkA)$2Xe)LHpLTiQX`1&TWQIfhY2FG$
z!CTzw)fbcf+v6^#q}P^kv5U_=vtjY?8ePdObFItcNFyvf#{T`as{w7l>+T$EnZA-;
zCu}ay@#8t_o4GceJiI+8{D!|vhiB2?ld~Qg`-gJ#l8uI<G&vSC4vObW%r|V{ny+M<
z^6_SwPC}{}n@P-px!lL+ap^VMUboOupRat@y~5Oro$LI0DXpy+{Y$%V2j*K$4?0rS
zQq%Wpxu@TC^U>+{^}F{Cw(a27b`4@=Rq^h0YwYG3AIPjJ8aZ`vY)F4;DVLs{T;j8m
zHz(%Y63VC#(@~jsEHXdKyU#P=+db=e>m$d1<GddhYn(r@!uNQ&&54J4%VVvjA~l~q
z>QpIo{q)W@QlYh~YF}0QHejDe_qx|Mx@#*8T0XYDUZdnv-!xF3q^P*CDYZjX+CJM=
zo-y)XPtW<nZx0Tx^mlu3NpIcQ*W1$t4Cf6Ma?`VOums(>l5~MhrMy<h?(55(^~n{D
z-B+5Vk|MwO!#o*T)Rf=GM`=bG^%OXp!7&nu$mP)t`1bnXxND8(jE?fm?Wr1RXPlKQ
zIE`Z(czx_^-|x^`pH}5`Y<<0l-_whV1>*t3YAvzJ)2$P@#6G&Gams1$oq6s`6TSFz
zI^F@dV>e}4NN;zsOUz-Qt9n}cqC&bewavLmQ{~e~m*!5B_;%$@b+(N1@?4>sJLWU0
z>}mMirm+2>!L&QmVvRX(!dW;wKgi4S`GttG8<v(QGafCO8EeJ=F-dg&V)kSnxzVu$
zGX+a6Dh87ShhnuYtk23{(_!(+P3u_5`ub7I_+9ydCf}-Q3oAe!#5b2`T5@mksuSWK
zeZ|FP!i8R)4`SJB-_z?7<Dcp2nJ@bCHTCF$h}Ogz*`92v{f36uY@S@OyRCL<vAB(g
zcJeaz2j#0XzP``4H;zdcxxOz^GC?Y$kB%3~OeX@4udVYwwf|0qddo25UY<wKZ5tg}
zGi3M6zIpxH%gwSISjmz487Erlx36Iv^Q%euYI>75qh4>Bsn^(G?^Od*Z;G?b(3$<#
zT1kfd^THpB&D&10eU}Jy`Q?c%g<q>RQd2usxWYPb)@;6KZ3n!Q$?bqgvjeWXyYLWZ
z%nEPsE*S9C9yb(P5PXJpnn*`Noyu|(Uhea&r6Nq?)msKG&9|;-d%G-hMkUGM)}ANv
zYZOOTm7dVnC4Q=n)-t?lrlfPZjnH&iH(y;ZRvm=@eQZj0=grSEZ%AwGuic^TJ(gKo
zcg@(lGcEQ*&T!9WKK3=`9L(Xs?VUZ#uu#zFm2;rQUFq3XhD=IV5528EuF2ui(<Eu%
zQ#9O@D7>9r&ZWhF%Q9bwr}Z6rmvgSFhqz_FyTPWy)uws7IoIB67d!Lm8^b+{zmI%=
zbCU1Uwx?-PWnxj)Ytrp*XIV$z;abDOcMq7xtHy(0A1KNQALZOc5OJ(r-`7#m54!DH
z;U$~51iI82^k(c{BUgD}l%;CL%R6<s5>M1FmWkcszV^yG%F-<5w>;x!(wN`eO+fsG
zPTla3eb>FioUZ)tKw@V3R^{s!^O;msLY^;5NZr`2rJBkTkS1o|er1{23oh=okz}W$
z%d#K3<|hY!o3mwP=yp*-YvhY-IqmORPO%agW<~gMrfefhU)Pq%b`Bv4tys=Lnsxil
ziS0`t5SLthrF>n|OkqSk<<XqvvK!NTf8W8R5bl=F$oYDZi%X3!^kRcSEVn^k_l<cV
z<mIc!g%Z;VvwVC*b(DRpYxvpp&Mw+|TI9J?N?@(t>ZHgmsS$<W28BQ5nFSxUczaHv
zxFp%@bD-R}SNoj>OoqxWjwQK$$TUfdvhXnLdU@&8T5Z|3ljo1g_zYgstGasjX4Td%
z$)yk8dXM*CHue8~-}&kD7&R~HRusHDm$%aI`o$tePf_Few0^_7POjB}`aoay2Cz$(
zwYa0CV-%M~_LbVtkF7Z0u5AR#=xCaT_W0-6=~B+K)OgM6zSu1sc{Lqm{*t$Eu6)eD
zQuUC|Nlc1gJ|%TtVan1u0ovEL?S12vXEG99rhmnF{dNCglXWe|{c@X5(lLtk#n)c0
zR2criFk9hm)y0&Gdg78Ldpc5kJ4CdH#%`=@mhLPwU12XZGm9Zo_S5})3ZtFNLT2!V
z)m0eIU*MLmqO4kJ^r<Hg&||8$<s$P{`F$4>W*O!0VhVmH<0z58x3;%ufuV2hr7!-m
zsh>VxKWY(cwbJRiOT#JstIhfAEn?2F6cmj6cV`1h|6n@)NmW~0yWE&_$<pTmpZP8-
zxV98H-0-qg@d?mbs<Agab*H^^OY)0_%Jv>t-+P<wYG09YK1nvMH%?lsWUumCkp!(5
zi=(p*y#?EkIh;G4#IP||UAD11GqWm}#In&lnSa5(h`DNyUGA!Y{v&Dz=t@J9ovvLr
z@*3L>3e?Y8YiG-Tei*mo;@6YvY#bYcRe~9V^mktQ{p}l#y8MCUh&Ntt&+ccI=@jLy
z&8Vk)T)Q_)-D~LWTrK9iPkHuc`L?&kws?0mU1=z9bnNstxP0nai33O3j3W12cAl!?
zFE{pI(o4_Q<S^k^%K(ukBnVET<vCTa70goN^~U2}+0I4XGd@RL_@X`dKseAq*Kpxs
z;^QqYLYluR+sY)VMRO+)wOw20{qAhSEr*7D{|$5scf@Y>Hueu3T)Dfby{YNKmx10w
zU!BXNeUEs?UF%I&Y!Ch|?^<u2;`rc|tfD48{!B@O%WYy7Z%$`C;mePZF$;q8zD6@I
zT9%J6CpaU^jx*Ib+oS1N;rM99!*JpyW>LGwn=PY*l_bv>nm#L7=&m0Zv%ej#5-C4&
z)hU*1cMe;-m)B{eUjmJGhbmvE_u1ac6xjjcftO8A65`gJH-Z?7^GO{QTUL0#&E!cw
zt?1m`L+WT}+7zkTvg_7|FV_P7y-H^t3uh6(pjFV*Xm3-IoV4z9V!>}BT<5OTvikV8
zm}a#f5wBdfd@<h)osdHJx^+eUNxdUR3M*0$w$?7lB&lVTe0XjkGX5sE$ZxbQcK%aq
zA^pp<n@N?y(^se}Yw^a;2GzHItl(jzCnsN@dl%O+=G<AGmRH$8a`l|8X4kkpN{5%v
zzvX75a=M<gkngKx-$sM>x!qF!LvbC67Of8#TeM1NtaD4ZJ-?_tm;Lc|Gho(titoGP
z*TNm~wDCfxB*?VB_VtEmRNcN*ZCM`pINdIbFV)gMLPbblI=a(!&5Gsjc6UpTpPb91
zz5Z?S{z&8eZ{Ox>zx1p+r@z}L-7#Yt$7W_fIgyXoY*M`K+Yb2;yr}dP3OuOHFSXfL
z@Fe4LsrWS+2^%+dH3zm#e^7E-Kz8q^*Mu9^_ZHu)vwCvjVZ5dZe~z~8xuX_mPnGG!
zUa&hKC%NR&F2R9u_Z$KFjKdEWCI^l+*d(taT6{b8ShC(&Hs^AD&6czCj9SH_rQRnk
zmvu-CV&-y)?<p|rEt3ECYVI+GT(dDhhA3~-n_qJl#s&<8%!nx({hHUcZsbd&J(qZ~
z*3(Mi9LuUZ({JAjOa#@L`1(?vun=+X#Y;6dZ*fac?7MDj8>>;h?9?UYs>`~n{GG!(
zzP&<$T?bpn#~waCPGlxt*?DdFiSsPu-$mZ_Fv%ux3yBk>0?w3K%|9@B_j<NLUQ(Vr
zS6BpR>;<VZSIu(nN3!<ybz4exu5-p`4);u7;dLfThknHgv*wQ#vOEEw4yVWuy}Ov=
z7v*Ql+h6jz?P8MO=cliT45ED}$I{2W-k!L(KzK#{R=R`>7iu0c5V_XK4(#u%Y{_?A
zN|^aRp?bVv<><r9x~>+|Es3pSR`IMEaRv(y?@oKKpV!=QbMORDN_qbp?eHwE@%MNA
z7o3)^Xv=1pCG&1<`ijI_MLjw;-uBwd`u?N#ro$!mT7iLW>Ss^d-F8g8fA8L<T}QTT
zaV{8a*IMSzLT6TWan@eP7co*xxZg8p++~?t?E_M@(0mhX*ZaS*PD{A2=2*_nC%g8f
zVZj^0>0Y5v2P*SM4jEhRX}`I<tWnT<f%>KEuWslr)KK<K)orwOWAc=?Z&+`_ukUAi
zf;pU@D>s#yd6SaWxs0xQQ_^7DN{2=jop=w~UP-C<Z@)Cgm0NYHT};~fReqE1{F_!y
zG9E%J7C+juv*L_xP3y7X@X(Wmv1MX*=U2%u|Dvh7^yt3z%9j%#Wo8-Oa#rjs7f)Ed
zdRDm7?Pk|98--Cj4tkZ{*-=N1GzzTYj9sjw6Bf4b;HpEa>3;T&(guZogThzyoJNQG
zBS=giBaX1IX<4_Oi-pDF)7`MyqpiIc=AK{|W4p0a!zbYB3wxO)TdzgsLK<l+xw7M*
z9$K!^Qvcu_e`rQkX1A<|Lvyx$X>sv;cl+_d=dI!AZ&`4<O?!QJ|E%}jUFY}Q;kMh%
z6}Ex>G}j#Nxk~SXGcv`>c-dC3`mKrS#6@@Iw@1t~<SWZ=lpE#^)#}$dHwpxW4wmoG
z9=w-vyWo~vr?b=Vuluda60;BSTJ2<HvTI3^-nZv`)o-<X8Ewz;Me`_r94K1(IbFML
zx9?ShIVYZo#a<}aQtcmld}>SJ*Q_PmHjKYj^BnCzdvBKFORI*W)m+{;HtO>Wl|5g?
zu2wlW`L<L4CE>)6X-O|`cZAeloF)D0s%&rKHlYrut&Mwq(p-UuG$?pKwA5+WXdSDC
zV~^!p<=&Hg`r~guhaFrI&qK0gza(Pp_wbJFbPsm+Z)2^M^0NNwfpT(O`$hEaT3^pu
zd?0rh<07JUX<eiAD!u~sO+(3@DoFb9w_O<2{3zPgG*fK0F$m7lhJpjTlO8=61!GZ}
z+c`_O(36kjH9M!9RWxQKIOTPxrD-s5mgWx>4olf*YZ~3AyAq*e?bR$=>NgfTH!`KM
zC1tJQheXXNP|8Yag}+N^8S}7rcqYRA^=q?7>2j`30oywVbB%YFFZ<emg8kD+)vGJj
zTA~A<Hr}e`wsU%UNyN?I(%le?v8HQR?IVv6T#jgW7xjv!jOW|k4vXTlGQ9jk;8gPL
zpt#YiPElfumrEu^w$wyRChSg2eD=P2VBvC?;w){&{<n}9X1H(d^etQHY&#m0wA8{w
zz4v$ySn2O(;bf1Kjw$3xeQW>+xajiU*3d%_yxh1zDw}>Z^l93glK!PJR}Hg2oYHR|
zes}(;k<{=$`ZEtIMC6{jEK?l)Tz3CT@PgktPq|-hb0DTNFp^4)kL%FIk%&4fkvW~l
zPKQ-0SghHnDNA>VS<|ssX_U1Lz3ET@HIe5rgRD#P@@1yJj+Sn^a}BIFg|~Wj)n(9a
zSDh!iaP6t#p1j_m98&dW`Pfqh>T6<G>n>VCv?*WL>}3IZk7V}S&3<KceeII#oWJJf
zo->iv+x0Ow_jzOBjJiR;TLuee&Tbh}T-W=&(1f1jw5Uaiqi6H_Y~T>j^hw8*u_YS)
z{_SJl!0ziK+4TYL_h!Cm4orz-c`kXq^-_wdclS!Cmp0c5@{`pom^MX)s<4op)1}i4
zj~+bey0OV1x~_{*92qLIT}AnAP)-)<;`2n?`4nFOq1ZmIvi2tlj^~qo`O@}8gsN`d
zY`N&24&TZQDb28XcXxQ}OLa@h#^^LiSGC>fbPH*2mRu^esC^Od-rfXLMT<SAy~A(_
zYsO#7NlPu@aF2SMb}_|pY^ZDDn9HNYg0EuR8Le;C-F&fLfi3%zIN^xI5(b7BHcwJ!
zZ&+mYMztZNI!&j}q1{g|<LC)pWxhHs+heKpXAW<&Inq*_l>I_j!2i>!`rXlI7UW%Z
z9ei_GXs5YZqod98iw0NkUsevz*k`ch7+Y3mt}g44Pg3TEnp<|4SkG$iILjrT;xh87
zZ{TI$7R8~e_XEvkHPZCkLa#$@!2;J!VbeIcPD*Wmd*fuB?34Do*^1Be?fR~sJ)2oo
zRr1lr@@Vv-xaqeXjfzHFy{^=ii)~U}HeDI6Dg7Sn(!^_4F^97%IL>dlE6u~qF^^e2
z@sx@;w=(_m4s{hKhvni~#6899>&;7e*5$i*)tz;G@g{L*$H+!z5sh<4ayC3OzqKL2
zeQs&d*k~`0?pj9vF!OEcC-d@#hlZ@(JT*V`3h%sBo18q*4En@M#g(FS**!d0?kgAN
zQrT_kkfB*qSC?^V+e1S^X3^v%2Z_Y&%Tia0hMRr+zMR!(b}s6xuxn~!w`^7MSuy9t
z$?6&~!<I2tDIHw)`J?>66~EE!@!a<K#)r17E7I$)jdW@U4wj8K+VoE2y8rd{Yma$z
zkB6jv4G#|`<lWp}-*%{_sit{Ml+P}j>o&dX{1?5KZdepuUb|wk_p4^#8ZJpQ`t}c5
z+I4msEhIbZ8m@PpnoEx+7F#}H5+AM=(&IgTTq=SzBjqR^i<A`cM$lE=3q4XAv1NUS
zAIu1FZRovLaI0bODb>{S&UX*p>rDfn-kF}_`k1fa!MTqkH+NUo<oR}I*T1`JGDrNz
zht~&J<bM3T7Gy{sjq2IDa&qT1)~t78y5}L&>b<o?cNN#FERPqxJ%<h)s4Ez6uGKe9
zT5>-8lDetSov>kHV_TW!1cxKyajY|13Awem)c8-jRjkQwl)kx!JxfEJBP642$xM&(
zy3H9e+|1humS(dhMn09=`1P-~N$e|_5%}f&)k1~W-Y=bIbo+n&`a)RP=<C;|&VKoJ
zH4iK981hsz1~pb}`XKjIn~r_M{c?7dhw=eFr@ewiH`q#F3|}T~L6|2}x#m!C)*@oD
zXn66rrKf{unx&}D6)TA=E({^$uFRkH)}JF}udKo}X;w3{H6QE!co|k~e{9Tj)jBe0
z`1I{LNwdneIeb2=u~+ddWhy^l%kXhsMy%H9>qgGKAp^~MGROGY&E3Al=$u%5<=MLx
zSuaeQk~(W1pW5r`>DhZfLfpF22_%$KZTU?h#cWR{%h?&3&Uy8BDAY@Tx^K}_w6eT1
za9B1W#fx+Hj1bYWN=0vz*np0_z;7>FnBr&BGbxUJt6n+&?Ock<V8gwIE#t5DtIeD9
zYCmg}3HKpY)z@|+H>??mdc4~rXCKY13t2C`DC$tSl=H~D2%hAJ#Y^7Ok0;n9Dk;l!
zeU?)dlVZ9qzL;Rb&ye`cUP{aIRaR^M*U+!kK1YL2zMjj>uAbl_n<%m`@@s(KqqIu-
z{%42uoG+?zg6S`|==0t?$okx+yf&J<dbR_{cxh&-P+)hzgr=nVlcAa3{WH?6UfE>C
zeC9uOrIu@Z#bJeaJ&#s51?b1}&pU0vAf$17cF(s5dPS;+f}A4Xb{t-i<aPH`PU8JR
zt?GEjINnS(uyXI#zpb%@y+Oj=?vloXM3(DWV$5MXg`PBfcO)IYn(sPX{PpE4kz{>0
zsYgeqC2-}mX$ShWe<}^|sCtkh-%et?0v;HvXUlyYDH^MNo?R9+*P4#C^l;+-Pmfo-
z6c!TM#rGGNUlct?H+z3wh-P#CG|qNXP+YkRVSn6-arr9!MTF#OF>@DN%N8blo~IzN
z&&jzoGB4;nVNXT4VflEZ#Knq!j^!*8L9yXXK|(~c1v%U@0ir{1&#6XuST}quCd_2}
zP{u|GS!Q9Zx0=&p2&4xd!-A0~vsLdae+#?&*0uArwLORV$odG;6`Ios+#Ja~H$(a&
z!s&(vF4KuFV&kMMiInY;wjXGUnN!f{Kv?7`G2X=!+mzKZmSlMJ4na+6`brmq?8P#G
zFMZyb+rmp4rxjn`*|&S~u_NzY4ZIr{+qZ_VN;V#<R?QP6%ouxP6FK(G{9xLX3tuF}
zZH_XjJu1)LrkbE>lXazub5-b0DXr)0Ik^1V^!V+v?5=!b=G$l#edMT*Nt0B>9j9J~
zg-?=->T}!5oO4?%PP{&Q{9#aR;pflhTb5-G-%JnCK6aF|bNY@8+Pw*K=>_fyjBBzp
z2NXxlns@uMWJH7~?U2$8?N}e(z+2sRNOSJeQhw&7?2PV}zHNtC_n*3!?+S*UnLW$O
zGgA0!-+LB%M(WDcXN>eD1E-YwSdSD$xSnNjxzpV}ljQvr^cj|~WG!5$S#%H0>@e{#
zaC8vh;(VIQx8rKj>)Q?=gs<fcbq_ROV~#o^Xmm>`=T*pHUq{N&%JIxM8Mk8!zvxsu
z%^)(!9$=6Sp+BW2?Gnt}p~E<mq)ON-F<*KS+c~H9pa%N*hYTDgHWAis(;hxozbSES
z4gEp78ak#0>&L=Hm<hWo@;9&tg`F9o3;U##9B&%Fo_<NnJh#UJL2Bisa0RA1v19ak
za}N=MjuyYzpkf&`62N$z{zcF%(#o^U>{UCT?tQbsEGVZqScTwMnm2dmb^Bdi>k<sI
z=7=)9WB$ZM5^PCRnZDfh<Cn$ac|Ja0f~QCJEE4GNzrj9OvCE|=$A7p-Lx;68YrCaP
zlD=@k$%aiU9gUyW$m^zG`K^}4*6_AZ+v9n^ajYqi&dn?Gd!JrC`?&$=xF1?Amc4j*
zO@g(O_Bx}r{*`GFtn^Y5n&PV-^a&T9?p^6Mv=qec=v}Jj(eq9=NYG_{@#B7M?opwr
z_-Uma;ckt?75;gNI(+AORn_@O+Y5J{OkR16E&62N*B8B?4-4mhsx$I*XneMB8F%N=
z@zLQv;e6W|l9F>u)`3uIm+`QTD+2|BB+8NlhT;ZiEVwRu(#Qz3Ypco)yZvI?N?oe0
zYgA4=eXLRyKeH=vurFnHZ5Qi2(aL1G&d(`h4r7Vy!Q1Sn*uE>(^N35gcn_^fd>SjY
zROrd)-&M!F><W53Jumj>e(@9Ob;u4JJAC;-X$j-2AiL2WV<R2oaSD#{ns0o2at10|
zMvHvM2SiU;tys0MXH?QYAloB@<D}t?Z5vLO@vT4fF+$Ac?uU|68Sy^DBjX;^`h?nr
z>Db1YS~WM&5oU49Bo`lfQanyr!mhHsoukU9M56r~dq2IY)!5RHbjRt<-c~!78_zk{
zZoJN%PJHf(GdEfl&aF5@x9d!Tt#kVdvzbpBABR|rTrwl{a>Ovq$>J2-K&MJr=@1-b
zyWr_2LY2=)BepH7K}_3Op6_p9*b+o1YF50dbQ&kShjd<q?dmK>WwX&6>mIzgtezG%
z@G{FkaHRF5i1F|HEW#f04i@$1&pmonFE=-rXY1+bHRASl<-!@p4ZCyR98DR!l11vU
z30_QUmn+(5VX0ZV?*x&VL%K&iC9b;3qJ~S@__)aSw|e|a&Zc#HAFMu~bMJ8-cYpkG
zbswLy3!1XGoVK5dI`cj>!nZR1RCc4XJ;z<{h@*R6ciyZb@}+f@6%T|X&kCU#X??BM
zA9fuu7yJDl-7GmvgE@muO+rsxkAgnk`_i70m);r`3d2Q#<G$iD@gZH=L(bO<zJ9zn
zYji}7XF$8##{QT>&-07PzEWy6C%wB$j;X3Mo410=gHt(RHzOgdY~!umT@p!=mv+|W
z5BKQln`EEg$wMTTC&&$U=o^c=m$1byzEx*1qusXSjDALLxk%P^?iDLmt-7;Sr|rX&
zv<Pt!t@8IuI!e?Pj*rb(9BzmSUOp(tlAC*Va8NI=JBP=}zEM#7_m#$8Rd3Em7LGRi
z#ug1;aM7BxY@>*{DhC(c)&<KrSdP;zJ;3lLKS7+qfo{ewm-255UG7T1AwEb9z9>4&
z-1^+HAm2FoRi7=`;>`$}&!_p^$(c)+V#|G<<uq$hT+r-bx$AoDZp;?u0URN#B5sMT
zBd{}CXusO_YGeEDFk5kLI?dHWL7PwC7H!-h^vrStt7Uo29Cp2+0OjEA(>;Py7mat^
zEBAI<QM_Ptf>}_gx6Jm4#i7fO%(}Chc^lKtiZ$EkmF~0m`dw=tL!PL9gkfF5=aR18
zf-#xkX%S9*Nu;gM^!U4LU-a402e<ouyc4-`w!vT>t5(#=5M9+l@Dl2-Ez(WXaZan2
zw|acPC%Iv`N7ldY%9UEqRp8Sw=x`*9X+z<=z_Buu#8mo^8xDTBowCi)R`4eHNwzed
zXI&*LwY_w0Y>jmdcY2wao<MFn;p1Z~X1Wd;Sti0F3xX<9EG9KXMEUZ~=EaI<_s*Q7
znIzhmNUF%`j4^8Lmmx%RR~CMIb3o8Yc-QBYXzPkZv3)w*1mfIuL*8!(AKz)KZq~Hj
z5ZjliugLPcTGwmE(z)G@k{nycfA6mYKbuAePyP_GlGMFzAuCf9y+3oA@UM?<<6NtD
zrw%+MSe4UH2`$Ld+7h;EY1a+iA$he7Zh6xor8=iB4#!2$GvD4lyu`v{fiZU#EFF1(
zjE@a>%-uHsP{pG8Ov4|FT2{{5_3dSib_=Oe-sqN7mYKE4Hllg)f)8`j*fc-P-SlDE
z#-QgpiH5g|XFWVkce3=L;^NX-#FF6RtwaV7f)?}iML~3Tjx(0ohG;0WZ)4Qh9A`Uk
zk#&z%GLz~#DH3x$%SnY*H{4edV$Otm^H({vi@us^R=j@tR`;tj2-jCEs@T}N;r=oX
zgAD|Q6NIm;-di($r0dfvo+G*3-fWi0iSXbjDi#~)zcSB1Gn<#4&EojB=|%@QnYZ0H
zUNEoEOTTM1D;@I^_X@(a<Jy*SvL&j-JqwPO9I$S6IY2NvcWk$Bfqdjlr44%Fv+J(~
z`ZoEnM4r}TuXvwwWBAMB;bpE5=WJP~U@^p2)A^Q%!{p?kiC*mDxmzwb8&+&EVD}x8
z?MR&ar9TJU0xcXI>YQFkSEoe@&AZ`IdQ%o$yAm^nG)-dSr9bh{za^!AD6C_;&P-AJ
z;}=sk_kiE*Q1DZk70bgc7TQQ1dY;peWh1<P;H8mso}-JKga!NSR?Ve>zI{((N55RG
zxu98Z_@I2&Z}m&}%X;<?XoEkrhWII-q6S0jonawQeM*ZXZBhcq!eV10pLKEYvg|pN
zcX5~p5QEKaun^}+WZK0<+gg6)uf5Vh<g}6G%g{($HvVo8Ut_j-eWyeGZz9HnjrOsl
zA8gbz+UJCwxjHt6eCIlAF0MJhn)^^{FW634@7a1uE6(@+u&>lR*|YV@y52^GS3#H9
z2XBeqKX8_L!AsXG8<;+Pj36kxlsE9~EuXWV$5JJT;1jeuoOuy_GhvUlW-5W<WZ1)*
z0(;bhrATzARi5oxutAuV$l$+${eq}|uwxM81;VuUC94@2q&cJsUbA;GNCyQ?D`q6F
zZY-9gA2H&7eBO@HvYf7}r`&%7)0JsVbZyea_ZAAQFFU+~-kF}EBd%NX)$%GU-MNfV
zsaM6bRO8mH8d#>zC9tTN@r)|t=A_>`pD$crdf<r_!<o*+EjMFqR~Ba)JzO;Q_I}Fr
zy|P+&6qtj|ZptR<tql16&HmXd0|(n!Za3X3Enn>0lh^Y0QS>mkW~1XV`F7pQZF_6G
z-oN2uVHPaS^K^f5dVQ9>2xtjnQ&YJ*d`{@*eApc?dM^zW^x)pFbBnt%NBmvaDJ9;U
zvDt=^8-k|EZU~zu9ed<xx(K_Dj7@4soX3l<_cyl7*^D)V&&8uBx0`a^`>Y9$rLu}6
zA3qKEj`z$SBQ-bA@c8g@F?*aqUhmn1LPaB=Us~vad#A<L7?#RD{`qq^9UE(1Sy?!8
zLz|a_WkU$}*7z^?4htu*^VCu}dqb;qt$u1R-NPj_mzIKEsAHGw>|I02nmQg@UWK5y
zPjhI>>n-wqQmgN|d9xqqjGn6=qwg<WzM$E?E=hI%;SY_2CkccOS2~TbuoIc0d!-JC
zFpC^H#~wL{!@Zcpw$CdpOl9%^N7GqGRn>M~_#8mGQ#z%jLAs?S1nKVX4(X7tL${=K
zNjLZa(%mVYhi(qvet&#_ag03}a_@bwHP@WiO5kSm+?h9`Y8Y#D)xh=+-U{{=OEPT+
znF+L#q{|Erlo4kH33uRvJ2K$+m!&|qQmc{p9GRCoA@on#ZeJpM*GyoE!<>^~Ow$c?
z;k*-$v1ib$lyLy*5={QqPn?2iGJ_Qx_Y6r94635F1yeU7lyXoG>s#0(8NzD{{dnOf
z>=l*rN8m`njV?GskEM)bkgyJw=@tE@cxZ-?g0S)*8JGkgn<O4his>`1@K-r}@YqCR
zWYl#Lo#-$KeW4&S6D&U^4gyP>jtyU2Ol<!Q>}sO9=#2VSHj&9`*4G~{OX;ayqD@w{
z_^y!#7401{0&i5f<_5zLvl3{w^3ch#r;g>$a0zi_MlM^bppcjAc>@lR5Qs8SgpH%w
z#D2kR=Cy0F#|_<9w1m**aBw>CUV9(?>E57(Jq)$HY-8E+I;Moh@08`e5xwhkVF<7}
z8f8!TAkSz$ztY63B)&T%)i$>4SQu5vYPSg6d4oa2wTwK*l852Q_m5t`v30&g6GIpT
z%-rlW-vx8)sF4CkA~_jBz$~YUD{+Fvm6w8eAsmj|Z?6FmJ~i$5>>vKKNdH8N0e)|+
zs{&Q2Y5flMadX4|yMSDx1Q;4d60`<%=@Sb|J%n`6`WePQHRxlfaDj@^F>wE&9F%Fe
z76oI}VJAvSZ%NVo<rve8+%Pc@%aoEr*pCzM2ThqQh$jtml7YojryR)f=EIlZ-iyOW
z{8F4VjqgK~_!ev-E|!Eq^#|2*+&*Xr^iEiTCnGQnjvqS%fx{$lA3ictC(iD23H*Y}
zh#lU$Ax^1^SUfhHVTHp=!z|Q-=#Arz@ryelkOMAbeC-Pz89aZY3sqbZIW}0a;Q4(=
zP^>rZw<O|TDz{MNu-IjW<gnPED5&_@O#5)5a&%+lBnMBtVu!LjB9b`C`tGJ|xIR({
z+7T-DjqWF<N@jY^osSE8CyQ0(x;x1{fbXeeGTRE05ow={3V6Z|yaj<$s;1_5QVb0Z
z35A-81Y&U1PC;2VIfTlJCBq>{yM*Q9jr+FL#8boK>Hf8<>CU~h;@fAnOe87<+~6?k
z*pTSx!pLaUm3a4iBXI|81Sw)EaXkb**o0~2D>LeE@fa>9ZZ16JZ<2DuIdkq66Rkr{
z3)cbK8n4}LS4>(4@_Ta|b|M4*Z;tr|sR#GB%Z0;P@9fSrDjka|ApF1XvsoIXsY9KU
zps)GYlW#Drz*ei11@W);WBKRZq+?C6Zu9T@a48mo@g)Zk^^xKz=2RJ3S!nl8d|;JP
zf^aQJ_iIAi!s2}}@Pjv5Q7$eXpg5LZbNjblxTsN*j4lb;t59$7`B@kl=aFX4OCpI6
z#APaVDjk{v9CijPYdcK~=kJgaGa8LyB?m@zrjG&5Q_Rsh1tWjIbgD5qwP-ML=}^oe
zg+T{a$WDX5?PmafR^2;^5bPjS{zOdB13E`!!TWr|e%&u&pgH&j_ykTBaF!3)GQhz+
zO*vYT10BiYP=^#(BZxo}`}!BB6R!L|^A<`yJWC`Y*zWzeu!9UNBy=1y?ubL4eUmLu
zW4^|3J7lmoyMoZnbvzw$ZqhAGn!X$^O02Qa+2*Uh-ac^<-55LSWn$A#2C?|~M8+eB
zF&j6Y1CmVenC>2(NRTW~Unc=RF1|H&E0*zSN2IRtn7TzVNFs+zGQ=V*mKr1u=Pv$e
zKbgyw9*M3U+NaJTNt2*G3Dclf9c0WPm}=xzNG_uc>|_i7csA1gR-X`{KEx?s5^4S(
zS)~Mm!EkahLJ&G;*``&4-^C`c>MqC}t(e!QsqNjZ49T!8hEQaLA=qdz`=kQ)1&9R~
zGeK_rx1Dme<$awETQ=>6-4M6Qu7B+(f^iWlj2V=jP?&8KZW6Zm%Gv31lU>pQ_-lp!
zM$=>5Tj%4x(rPoYWxgC7x}Y)aC5Eld92NqYP$s!B)!*wFV55*TNOa}#()TGU2y)9#
zpEOL5jY*r#q%>KMb~HP6oUd-?*(-v_6!*HjN7*}_|GRo!>#)1(C)o)Hla4QZ-TE=`
z8C1BvO%v~sr&ah%x8~6ChdA}PJwk{5C^osaK;tzy=y=TX8(mmSm4+mTcgiIRhs2z_
zB;x)n7(`w`brq?*kR~oVu762QZRPoDfwUw^hw>wlk(+e?Y%Jm;z!>!KsYpa`@brVd
zNe-eYdMlPUDmNo17JsreCI`k^UuR|;h*?rmhZIML%8cF^rw;Xy_86`f%vvZgR+;g+
z0LxjWhi1fE2IfICEo_NmZy69|UAgK6!o7I^=M?9Af!QNfaQhzeaF9W-;b<_`z;Na#
z?cifLfzRO2lIZpCrar{BXL4<&p{Id+FUB;Cd*9JgEoF-3B)!_~Cl1r5#5&rh1;K^y
z%}9*i!*8X2@hST(*}kL3z-b3B?kfsfk9pM{H}{#^v}#zZRA16Y{;8lEDe=u3J}AlN
zn|p_#e28z)I9erIa=*yU(Ok+WnTX)OjmAKmquuVhS3+cT^-2jFTFMilR;?YrKB5nG
z>)rp4HbL~MTso#`n_5B&3z(djI;`SjW9!J^Ae<-*UM7F6&FFD9nKEi=|5}nP-&jz~
z4s{QsOvIKlpOIozDT|8VvHqWT;uyZ>CcT?oc=HqJUi3n|ayk(q!P?q+t7Gx|b3y7y
z@{IrXb*62AK*L+UOW038&LqZv@5i{%5705j^SK#vU*)}dzJ0#WaFdzP4-&Fxox-BQ
z1vLjjsoQfOdH07<R)gXPU>u8UYY~sE1(Lg`Wh8QIIXF~Ppt@+{-uKsp1;*|f;E9Y%
zDOqkP)*3wj=Vu`hS}Z4mGlCh?1qoHun#r4Ip)@FHD6?f|j2$f{5-3g>LsZ<8GaeiK
zGNEv=zA7*Vqj9v)aCK;K5Tg|Zq9$hoHrN|wX@G_N6%jd#rPU1Bp0}clNXU(a%X!Uf
zjH@U`>?SwYuz<uA0x2J-X0facqPV~vMxAC41Ah#8K5Hg?*HM!xNmCZlAU;wT%Y}o(
z@)fbokA;pI?Mh_RChl7KM_km<U^G9kk7E-~o+}k$tvd5$KGa)-3wTYVZ{UB@k<z}1
zr_vlTA(DzSF$wQ^zU#k#vDJ|NKoCKv;RE|#tEQp4yJ%}zjxPSx*XN|?e_4{g@FN1D
zH^@Snc#JV4-_N8AHMDA3T`+#AtgO!-gm|add<wLSnLY01M%AcdR1$_IrpZzaE`slH
zX`FapVFB7`)b7b)@S*gROYet%T|GY=DE+sP#k1b&u=*PK)}eQ%6?)O|g-yVCyYM%s
zMI2kZLC?a$jT<lfSLWqT<H>vz50HHoYxIX0LN=oYb6||<sN5f<=Lh)w)M;D^9LC5@
zWR|(!DfE%=2T3I?GvEsk^y<PXa$(_E1R<cevi!2LDy2q@tQHBk{*d&J7nRetn(iut
zwh*}!^5|Yjae?1Rql>XCHI@U;$DK132Ax{o1&8=xZX542*QHw1PGweanOVXyOW_{2
zXR-{y8-km`S--~C-eoW{jJ13RU63$ZdP=XT_I?k_G@@Ub&>!ozf9KYh69V21GTBJ5
z4r@b2tRt`vUbFATg+JuNqou8Zv&&4!`_PLx$e09D+mFS;hAWI!CB)aef2Fk`6z{<n
zaI=x2?k9GmjFL-~Rp*eU1O2WNG3|qsO>zdHb_CKjPUa5U+0ND+Q1=m9e@&w8-U3!s
z2DJN;fl|g07_4(0^ZmPlAhg721#FsM_hk@_WUgQ8ORoH1`FwEZPPk&%u+t)QIDG#5
z_hGZ^ynXZKDm|g=BBY6zY8M@RN=)g*qxb2<f0RyL9z*fu3d7=&0=G}ko6j5D!NHx&
zr)R6_u?axyt~^t?N?q7FKUP{6?Z`*5p5ByY>?w)TquaECylG|@?I<g)I(?Fq=w$DA
z5<%*O?~})YwiW3iOJ4WA4Nu^CzQX9l%uc<$7?P2KuaJZ<sN|kp95)zSG?$UIE%2k-
z@RO7GQfe_`6)`Fg&0c{X6rOyPP~QVeT(@|{n5!DIoXt7cro-rqfT$4Ur>QoojLnWh
zd<}Aj;|8n1PjYwo&!QS*TjNwCusk^SmgoKm61B{KG_FJP#a{x0oWE4=NPLMDzhSAf
zBSbm8n?gO*9u+6oMjHeBN}U9+iw_DTng<!*v9eP!!;2OKCmw#4K!WoZC-RPOlUC<w
zsrGnZ1viB*!3Z29iv`SJ@f-RnD%-Jm{p;mgl;FMC*+@*_h*4T>$fa<UjYV&*=xecq
z8Bx>_;4qL?3ICvD75BZ<4ju^+E?l~bmsEMbTF;C0r7$TRZJ<v=gZXj3qEWVyQz9^5
zt30|_s{~ivu<i5)F!wDAqHZ#j^x9wNM6RrKJ(Jn7!fjTnhh23lNJpsR3@zXM{+5c{
zx4(>DpzNcJ&-&d7wwB~%=ypaxWTeleg+34$;gJ>aI`f6WSLAlMC?Tsb5d>dtdCk!C
zvIoNwdkMbpw3<JjrwhCIUiX2inwJY*DUFkxXeBOcoem#Fx-+GJzKh5qDDwJxQnM<`
ztBF@gBd1we)(!Qyj}_xUwoGm~^Z?8j-rdoX&4g6VWOL8!=ySFX4LJ_~z$Xjjug9d>
zepq5Wxd$Lg8irZ|ggR0fXbVS+G3XwQ(s+PBErqF{&M7O!x=)C5_RA@ja8jH2U2iPT
z7Cxxgaf^ZqiKdX*l1KPe>Q#y~BOl&%pW676g}ZgcJN5#33mzv4k&vqvyWc7x&xae-
zt8o#re74R4+S1;C1O=5vd4fI^!XamVN(52&jtz*rd9pSU^5lc|(<4d5vvoi?suR2j
z8kT+*@MB16Xwz7|SDyX9-6S}y#>VtNJZTkd>hdL$*YQw1{l6E$tW)lWh95yFS~j~H
z6!|wULMW{=MEI-t?h~QwwI-DbTkjwI#!trg?*w`YqdAfQKj5FiVUDVs`G57CKh>vC
z1adoBQ7fC!;cy<#T|tRTDjft6qv{Z3gl!*II}zaX{Ij#5w)W7|d<&x9o`gI(J6j*C
z(0{F%HrnfT8;P#azIgq7BB`)l?iH{FA4+@8)^XZUwWyRS(hp36H@jb4KLn?Mod=Pl
zVmY0<>mM2PnpyOJAJSUoH9c*GMj1CKrvC2{wx6`^VkA>X=qDSF^3VsIorj5!V+>WK
zKY*Oh)_iW~wV-6A*Wx0hG5eDp7nMc^x6PlU4JUVr<!zcgOY#~^>Meet%yem|e$i>P
zK|AQJ0`UZHhtPZxlE!H#e8(aYVFF&nM-37OXbS?~Yp#rPAk6Gj^WR|A1RXpjcqvn2
zZ_M5hwM6jug2C@3b#p6Hk<S?zUxVPkqG^B7$A}sq+z=B=(pGeTzqD;__)ZK{JrbP?
zY$~c6`6v$Vl$t|e77xxOHjR^mBj!kWq$*^tgB&W=fo&`iS*9rpFhPu9YK}j`^4e&5
zL&zZPTu=^3d}^$T?>eLa<>lS)q`GKpY;NQcFK*=sywEXbX_Pco?7`sNUb|lYN#TD6
z%{WO|3K{-z<DSQ9R(T#+>Or5sj%fz3g{g;r*eb>g*+SNgux?+@sqacxpjR5bCR!?-
za#4{^iubF~M>+O@lyV`1mkOQfG&PtzptF_g#ZW78`9#ZIDysmRa`BYdgvL+I6{$ol
z?iqgyiHf!g3|pAl+eI|kWCuP=52fbwznn4XdkoyOi{9&-wOM5L9-WIEFF`h6uLc))
zJoWDW(R|sCX0_W~>wbL-e7lEFV|`v?m|O|GG$kJbLP^(ayKU%jl`(~j1dZ-=G`Im&
zFXG{ScjMVTE_)hg&v%6A(id=V|3+*1o&TEt7$z8T(`zhTy;ZPip@jrHHQ*cfETp&S
zfl$PN7J&S||L4!~lSQ%1)5bOnB@T4(Ls-i4_|MT0SIhDDh@e;;jbh_EEYr!xK{>lG
zz&|xPG9@7{2CICz^ctOnQ*_65=GoE_V*XQY@5O<igv8a`Ck0~>J@Y6mHT!}?j;x)C
z5PGN_k(C<4^<Z51ZVZ7Z7!u^wP8cG9Ktp2*BflVXj)mlMiK#68cUTt}32OD3)9ZDm
z`rs;5E@&+#4p$@&eqWfADUro*rA;$9)^4T{DY4IcP5RbB<mT|(LZDJ2TJ99oGiVKF
zYL(*Vx=LAQV#?tfxkX33K(6t?p~@dt{kI0!msF499G#V-6QZ_6QB-Aq=%Z|@A}t~L
z=lO0z_+)VSSFu7#=Q=79q5%N{l~WV&&1I+$ohHgv#u-v0LP&{{Qsp;C3@ThidwLFs
z9-O7278S1U34c>%OgU%<kDY4SNw=K9q_-cX+;^#eXzs@=p0AHOmY(_@H@@94CC`|*
zjW-_fId%eLyOy(+aeLy#Er->Oc3As~3?bW7S>uGh%T{o}{I*&#D{8Girw{$WaJ4`V
zfy1nxUXS0rMp03b^EZJ)$Oi0gAYO20`%5@f;5Pp`BHAzkL7=Fv1KT4RSqwWbIUvzX
zkax1h!FQ*@$%uTY{v_zt)~9dkYwf&Ru5wiz`!8c;25Lmm1_pDuM3)-tylsr^{sd*_
z{qa5@ufy6du>&zd;qBId1dfEZD22AHd7ppK<XRqgr^Wg3?n&*B1#6k&-7MO8{SGg7
z==ztjjz~}3Bu-Ikcp7nSyP$MrDln6Am1Pa84;_aoYmmT}$td>*9*reiM*h2IxQ|h;
z`$R#kQrQyZ94JW~9n97r>*6xQK?Pt_@7{b+U^Cn$SlS#6KV$6mS))WT14EDU26x)c
zQGJpnDnr18u%Nvlr41_woIIR+So4Fv_3S-7qqk-3$y{)nDvd%0M(e0OvA|LjkHA21
zt7PGyiQgunl9pqi_eTEtT!%r0He;1ddusEmEew7!nwu$Q1ub9xs$QtTFK2Af{W9tG
zHM5{rg;B?w0$!jM2oWrs7XkJt#NhcA9X+7_AtM>dR{FLZ@1Dz-4U}U=LfJeJRqfxa
zI*tFe^SjPhAl;qaN)TV;{Gcc`e=jgaB=2&w{e#l&hBHCzaX0_G)6M=MzJ}8RS76n@
z!!zLE>Ezk2$=UgWT$a**Mrd<c%&Vq|jR9|G=3ZV-?JBNXueSTR!m{J6c=&a11_kPU
zFf{pKJ$=@mfdZjlxv5%^XsS`zv-fT1@lxJ!MB7VJt7`h@2f@~9EZ^~-?C#Ps^jwZN
z=%Aq)XAIwdG<s@aN^kD!b}`-D&}>{Dy_(a-9&ai|@m5QwBvY*<|LuOHIz;An@$-jf
z(Nv{6U(eHVZNS~Em63n-vdxJjRG^t)P&KTZ_!kxuQk8bQ<NE%8F@}$SRZLj9nI&_c
zHon0gV~kGMTt}N%9d~>UD7;QP`mHNgrSsDNd2hQ-s;Ua32IOp~f4S}MZs07QGi3^g
zI$^-khTZv-Mvzx$&(1#UjvK6RsJEOf^s-7iZ5Q_GDoIT<mn_|fQZc3~{8VdOxV-rt
zzvGxzvhKKWc5csuumvB2jdFyU&en*9De-uk*4u@G%T0=Cb$Szt|I-*1Szt^3H`8b1
zed^}e992A;{4=i)Kc!MQk)+<~p={5NDff;SVH8Q36FXQ6bj+V~{E#Bn<E~`OJoFsc
zHql_-8>dI19_X!|C+mbq-}YI)!IvjaIRCcCl{B@USCLXexm%q^8+~xbOG@ia|M({k
zyNXvZDtB+HSZBi#5IM))zU>-MtX3C@Qhis6FxhYvNDALv)WUxB_s?vi6y1qMqVT7i
zaLc#;?i%6=m>2(|5rj8SNw?4r$ld$)U0i%*uX(#=52$w-!n~($w<&t}J@IaCWN&m6
zR^vtP^>UfV2@2_x;4pd~pcM7od==0RP8-Yh8;|1~BPD5;t{EY~rF-oqsrIYKgEa7R
zMXTe}@9YE^^+ZdOGthq_-yjJ>?+3)PtMlh`H)TqB_Z8X6){BPG(z`PUC8gU~hvrq6
zN)78c4t!}G1POm{Z)0aF5OY(vZgpu2t^$Dzi@!=LP^oyNiQM$Q_P~x*j8<FgO<8&!
zL%Px2msU5L-Jp5Xf8|^3^tils_r+i)zjRk`#<(FuUUvWsXlkZJh6(MV`)y=a#prh2
zDSn6(Z1O(uEwxr1u<P<P4TkNx8nxkT+EJ^1h*nU2F9q1o>!YH+bYI44@i{e%i~rvL
zRWu=TkW&HGI=Qv&GA!5pZ1)@y0cTmR-ZGzKuNapQceYf&<JAMZeZnC9P9y(5N62+5
znjoChCa<i^Fzt^E8DBQ5>TX05R|j!C0)ncX6ax5g`Ll@CT@+l1O0hVO>KGX|mrVbu
zqBLhCoIDj0X~e2lE5>iUi?&amaw)-XGO3L4&lx&$`^G3&C?g(Zd0q=;q8<}k-7{iV
z@$owaJw1oFooauRK9i?T@3v{N2?UpYWrn&JLp$`}K}rRcw8#Uz{l2d;kdTo0KDAlN
z%jE*e#cNN!CkdRPnfqCp(Bk3J?CFcI{5+>HX1(41>u~4?Gc!7KeqnX@4xdVoV<gc!
zyUC46Mr62^+ZLoM&Kaznus%y4ock~}=ID&arbWZIv&n#`g&KpgDodjLkY8ri2q>Fk
zy9KF~uS-LiI)1H2O!+SRnPz@>)-t=#Z<nvoTG3tXT76!f<90$wiSoa}6~+T{+L6-I
z42P-3{H82S7q;TxKmfyUFZ`hADbDGbg?mf90<!5cbI^U|bd7|xOj4`AU{hK+g~P9p
z3!r&wRh|qt&Kh``(W@8O0){Hp^;sF=dk+6IY`YnQs2F(N&Xe*vrEP^w*QW&~Q!Nf+
zU}C);B8h1?TE;O;W2$Ufc4!jC|M8z#wt72*J^PK3@ZYXOVULr68!g7cv{!^(d8nUr
z=_Hvz@jMw`g6V-LdScK2v8&k;|4JR5tThVkjV5SjRLp~5ODcTBrwcp3m5cm64O0CI
z-R#`n146$d=eKk}@nyuiANNBsmo~pq%;4u`t?>y8iY{2U7zJLI^sIS7mv-rbvldVb
zRyN<Jf!4`-L)Z@JVQ1q8yJd<5co!U-)YC{DP^;sb2D1`>@qMJcK}K<tAC9fI@CJce
zzNi+sdtPAm(l%_RSgqkG3&=`QY<XWQ6SJYb17iJYM*j0H@xm}~jp!@O(brCQ+#m3v
zAUP)fWXEzqo~a==Zf0g~6VCgrRegNAss*~<k6R0TKC4i_tI*i?SvL?0eG&&gEP8nz
zoN{tMTHO&qxy5v0=-+dT4NFcFJvKXclL6<=5Du>O;^rG-P<3j+7DC36`T$0;Vwz5M
zxEj0Y_1NayT}yR`mzN%^2zN^O03m+t*AaoyG>U*jlb)U(l{%InvxVyC^OhRdt{%J}
z4V;4U7V62}?4jaABFQrz!hg*NKBiZ*b-HF2=g2=Sy$pU@G!$BQv>FpV6oGmVNv9jo
z3;#Dr=%VrzjE33Jj{GBH?KfJ`*O8CujhY{SErOSX0eR4*7!sCQ0`*I6$o{5d7VY_*
z2fVmeK*RdPw}E{cjbtq@@3Rj0y!Ws3y{epv2<e3r;^?Urv(A>fo*|S^Q`WUwAPJ_Y
z(YF_$vuRnh%^yW-x@dM_<V|)#awO#CPL~}NsE<m=Y<&>b)0mDG?0B)qr0xbj`v9B9
zfk!b7(f_rXG1_s6<Rtzt8h{a65IRRjPP^=zRqi-K;+s%>de3b*%Qz>mAmx(xb}0LH
z-_rByAT&yb(=5vI(DC+E+w_C%pZASKV4$#QTIurc;o;$(!?<ThD&6e3rPcSBb3Z7#
zL(@8f)!DXe%E%tgq`>4qLnn7z-*$mq%S`ZNn6u>qx@)G3F-r7u@~SHb!cVI<mSL>^
zBf4$kO)Mmdi%gZk{g}5W_Ed#WcFJES89sC=%omqyF=g|7!&I_!_*%OvY-LwWDUQ7G
zw4_lvI4Hwv_IG$VaMSe*kMM34_t7qbUS(nOmvWq7EXzuz4SPg*4~9{qZdu8oW$4M5
zveGC<sQcaNy4%8msMB>PbL2+*i865nUDyqLb3~@Wer)!_Dh(DQq5)NiGUPX7UclWl
zkU=tDy*raUY2J&~!PaLwk})Ped|ov0TI<-%RZ@WffI7u20e4~)lQ>TKfA{xC{A|7=
zvfqCD0P_VvAzZPx_FkMICo+1v-G9i)=7<HZuKEAcS@fF~y%kbF&fI4@Ogna5rxtU`
z_m9yl_4iT#kcUWYN!Hq{J~U;;s9sghXJUNL>u`$5q~0qp%X^x0n@j~#8`A3ZB=0F;
z38YT?UTgJi#xmhQX)}}5`>$)Bo=O6{PHJlQVjp+!yP$kMuqHR{Q4aUCp29_1YO<8U
zkEvA)M0s8t<2~(db^<hl#<$17i1W=*FtA&zytSzK(47pLl^LGGW<;BvcUL)2o4{XK
z@8>m07T$N(veE3?^J=-lL$l399Ci+Obhdov&6^;6zgD7Uu)NYT+0>l6y>0aJAp3*N
zJu#GuA3cv1m6sm+TPYdw_UQ`{`vlUCneIv4gcI3b_pkRh4!+~1cj_ISO?C$pN_x%q
zzOT2et1U{gaaJxYRwBM^Ttx^|r?NyK!qed2DPj*B_jx|sk7Dbv&35O12FQiokJs$&
z7lk{EHQ}7wQw4v~0OCoxyKe=Lm9i6bW2W;lpc=K8aD~%LDU00YVP)`-RH~G}^TlM#
z#<2#oecay|`-<)R+ffe26$cGAqV<}Km(2J5!d~A^Ar=x{VuvT}z9L9mrp@g{fp^^b
z8$!GkxPNP3^Vt<Pk+h|$^*k?JYV}c%J$OrbtT20}=u!?+M++I#Saq)QzHN9NKW{)G
z){3!1Hph-4i0zmKThC>I|8{8I4pxL2nB0?f4O%al_!Q@C6x5Qj>#AnwN}1j}rtGGU
z)^@#I?QM3Ka*MKw!|{}9KCf7$vu--|5U1CEqPbXpAEcOv^!n-u`VUAc;&o2~=(b+X
zAx^uqueRqHUMi`hyNy1GG(YFiCdC4G5(1=T;OQda_-f^o#Wp<-Uhg+r>|rnAqiLBu
z7IuI>M}F^lzT$D_u^Dx}MtfCw7;#dQ3&1K+KOY=qM7=pP)(dNyAQv(Kkb_aS9%0t#
zpkM0DuP^}rMeZC#YcQ~s`4lI|SfcPjO(EQ5`UHh3-{<9040i4{UdV`6|8})!^mvsn
z&*W8&GU-)Jb>t&mdoW1OJDJXE`1|}~fYSfsC!G>&!Op|w5QW&&k{QzT$+A178b>XY
zj#FoUBGMt7*TDIaZ`N~&7B>vYD?Tk1CEShdxpq;=>3mEln#lLs0)NzGGyLs4e+-Ys
z50E84e0JMUv1{sfEhmdef-+5_DNGk8wSBzbbh7nbv2_S42@O5)zYY0>MDD(;dSd9m
z6X)H|Bu-c*wEhDIYsp=02F$$f#^!&_Gv)sgGgNX)GFQg9H&72uJ^DMOC8_akzEl>j
zzWb?G>3@f2WL#9e(7x(1`FX`!+svH|-n?PVU`~?B^<Lg6F75-;Hn*T1FL}e>GDF@H
zCvPe8)jxI^<^6H1M{SINi!^uDEwcqtE6w*!&M@+@sp~lj00{}ZOi29^k?(saVCIm$
z9K>BWzt8UV_Lw9~Y0zvv{qkRoj@>pAThhp`&h*(7;N$Elk(n|=l0f`<6AH{6jeP$j
z$d&mFPe6^hk8bo*U8zOsii})^f#NzLcOa;tYVBdtq|Csul;Lb#aOjyc{QJ<|;b#f7
z(PAN-_RB$aDYJAt(I|(rOZ=qR>&-#WMYv`MMgd6KXGp$cDp#2SN%(8W^h3TM)aNMt
zb~KHpe9;yGpqG3(2t4YXmKk`2st7!;=Zik0N&3{?1@2H9K(`kJXRbHA&ze-eUsd_z
zK}Z;b5^@5b1g!F_`@c#jB}P~0Znw3EQdV_{SbBC1r7jx1y^ONs^-56+U61V~h$(w3
zFj~ya^`&>JA<&TDhh3TDmvb1K$;!xJ8hOppCJ5`&)vKi3`C^H@T$tD`VBX&&z24ea
zQ2VnxC}#0!l*~8<Jg?recT%Ci@o;fn&DXx@`A_ICkQiGfX-Hs)NmT3R^6~t(KhL3!
z7xEmJ__#=M)%+PtuhDb8ofcEXe%<5;xz|$Gj<VoUYm;4`_r6Uw9Zr;QoBOd1WrH;5
z*XnNQ-2JNX=EZ*Ypf(NeSgnKKNj*cp?`qa3G(uLzva)4eBw0?I<K`NA`DjBeM4&lB
zD{<_2+%I=rgmYuwO9(i0r?%K|<mNsJVfCAj9(St+CjJx{SZ%-Y_3(j7h<MkbdziX(
zi(L#^BUS>dYszSX2&~nlR3t&z^ooUqB+cZICEGL2bq|itAhNc@-I!I+&I3$y^yuWc
z@qL;g-HV?7n`J&WH&Q{002OM~Zz`Sgv{clT8{!3P#t+0I)S6^<Zw!;d*HiOOki6*q
zF(%)x7DJy~zMi+&P%M!Yt4!HloHPIe^Pg8Yci@IFWN-QcXhg5%mPl%KzmP(>kpHX7
z4-RuK2FW&l6eK4O=R#g@JH$rhE@ur^ksPM_{&>4M`8H^=Bjo8>MG*E1NI$nKfpEB+
zt^ckLjC`4zxSI*&wY#0S*#j;|HS+>5uk)RhRD|&Q`@>@b?naGjL?4VH78QW=Dg+jQ
zUC*g$SF5f-ilKI#gT~f+mZs-w36G9}v3^@7Mh-;fl`&G4RAQ(Y+YRnTGlaeBr7;&_
z2}6`(ul~@JKQ2*>zfve4PDEl3#@!Sp^{kKl?5pP^BEum6A@wOv8I%=4Zf;vPo}L~L
zTId;a`>J{PZ$e3(giq@}FYD$OFW;nm-8k>^gFSX$C(;qSeL(NI2l@!ZE?w_#bogu{
z08c2DYarBjI+t!^rhwR8S(eMkk()!choa(B;yQg6aDJV?D)i|Lhj8vhtm9FuW`aj&
zWU#y5Vsz4}`!SA>_rqZOQlY@-fz7t#ih%?HdZ@cP{$Gx%uDp1>T>9-^kX%sp#rNDl
zl&=>*hRRCmtS7`@(>C7>pMoz^l-0I<1kc-qzLk{^sMXcSJD`d)Fp-WA*6n4Ybg1!8
zh8;ZLKCP<oi$XnZZZgZl)$QZ7%2x`hB(Q1h6qAw#<#Y5`NoZ4MTvYydKplW9_!$7T
zHL>c^(+>*S?Bft$3~z0fiQbk2wQ8+X_pPR-k7wBc2;nO|4z@?tS>3n3DP!!;6Mv`>
zbhDdF{baS<W_B;#-+yPqKtqD55vk(t*1+vQ0wfl_EWT{Eg~8fefjR|#o(yFrAuZkM
zvt)I9j3npsIY4y3jx9#OX<Pr+LV9yM+RLzqlN58gTxT*s#NOup-F{7H|Ksaz{@ecI
zj~f234|(G;2Zr9T5xZJH0J;UPNxVSjMaD3m<)P!+YP%+S*}w0})~o)oa5wXN@vKmv
zP)*a{>6a+BRFb7*(`qe1r8u_|6Jl3_mvDOOg93bw&zjW=dP=ow1Y_M$TBTVYYOxCu
z_KL;u6h|x5CfK6e<m+s8i*5nkAF*8jyCyBeqnWn8(~XwSd3OV;>6rCds9ZT0x<{>D
zoIe1`1c+UBcsqDN4Rw6dv)yi|b>5PH15f-w&+gcMRN8Ug&fUU-0u_UWp|Q0`76YoZ
z26H(4ZPh%l4elJ$TKJCXphJ?7&1bKBw(UpzYAv>;#B=o5T^*p~R>9^FwtBb|f@b~o
zo_~j8axEz{&CTBRux?kAY1@>W7mhLtP%KVoYAM?s4Hj$x6U)vKJXN`R`JeW>!GOCR
z%1sf@pUCsu0xg@aF|)`3vAHQr`BO0^eiucgzA}Z~PO__h&xuy0Psf=?MgP4yHtGkD
z9MFYbQ$h~xr$Ld~@B1i*{=PnY-{U~p{N^e9>Uc9q$qZH%+uGY##?+QoyxjA>bi?*q
z&Lc+aPt?9?C!aqrem`j63k{VBeBHw!g`M2@1RjSInVQj2<v`Q6wj98!lM~)&wrXRf
z#E)}UV)yAn=iX-5q;Sfu5kCdox;^`}u=HJm5)~qXN$-8<ZTb0u`4ZaXs1SL&19d32
z)HJ|0a?I>>p6AXmP>Y-&{M&5eU<3OO`9sgHJ!PgM0?01ki)PPTf8MTr_~O_O0~ii9
z7A47+qY66a#LqAzX!rAv&1b`oc~h$VPr2F!WD)rfe;5!WB79whf&Z#%;FDUi%gBrd
z-fZ!443aUsdX%LQ`MIbE5=Nz~)XeqR&s@0QDKGb|%_a)h!dETPtz5JNz`d`pXoPI~
zo$m5)Yd9^l0!P0*R$H8qs6w{7{h$Us!sbm2^0+s*9j>Dvc8_>cB?|mRh{L%N9vR^p
z|6X^_`#z>>v9&+^`#tU4S04KL^Je$yiCw%PvmGxVbnS7z*6?tz4G~GgdAw<n0`S<M
zvo-l_&)eFV&D3hHPZ&l}pY)siEZFw16fRy@%-j2}n2eL>g+)#PluvKl3L6K1?}s$8
z7fz^qj%#1;td#oAKh~n>n%9MSAsN|RhDK&NRG;2HB>$_OeEz3Dcmk6a@0VD-Z0pTU
zX~@X<cZw(-VpZfMfrl*UIl&uW1JgIdrmRn;=J;*=XneZAeI!C=WIiK;nMw))i4Pdi
zf6i}Ntx#tcB-daz@Oa$A61ky@6M3%s>vr^9q0hYHu#F^LwzFufQ)vM_>tp<Kbw7tw
zlTsS&z$xHb?0y5ud4j{3lE=#WVs+7|$G)%M-gl%{Q=_~%=HE}N{Eq7y0QtIB5+lj{
z4y60B1iy9p?1KwSAA)P!5P~bbW%9oaV9vD6J(;7IFVF7*a^a)CWhS_{gaajgO%8MR
zDp}?5PF0wWG58aV4m??qgu+$mQ?gpw-zSE=hdpQj5Q3RZ;&jx~B_?^=#^57!d2#W{
zI^XE_AI;XgQ&v7FrOdZ&iIya)UJ#@3Q#8-Ch)1RvU^vDhC{df!;$Epzf_&=ou3bp*
z+wgv$BD^W5$}!{El3QvQ{4EG&-!I%+V?>^vEvQ{B9Eu^ANhtj@u1fRd_0_*=<==lX
z|Ep^Tw5nGE_eRKpd*ZK3Km+*@$x`6s)sORzNs+zg;c!a+?keQ(M~^ygS#g)PpEv-2
z#87KXyR$bKV#(ff^RFabUvS#q7Xd}B+iUQMGT=aH(`P(Y>-0Toqj>5cPKI3fzgp~6
z)avD@^fW$|dx=hTC0{Az%OTo`)Oy*m3E9GEC-9}i2GjqXRVvg4p{I?0XK9Eb-Q905
zlST(;&01_e^I7uW81#$*S5Tiwhv(~71XS$)N#<P`0^EQ0;VH6|UN7&Ao@P4#i)lP!
zBC0$12Pb+xop73)g~-AG^=*I>c1WV$Q#*NVN>4wv<m?RGn(lv%&XcX|EZ)}x^9q74
zpw*HGiolQQF^-G)j|;4NlRbx$sk|hHO{g@Bs6@G#K~>8+tRJ~8(}1X0{0N7y*=(sF
zg>PhEgldwj^F}AZN356Lzfi-aMW-1aGP0{mjY_o5Yh}^nUswSbp;c%QBKzNsnDA6g
z*?4#@>z=FmfK8Z2312FqjhV6e6p!3xS5?dZL{FM*KsP;<Rakn&Ej0?QhDL&(Jxq<4
z-5nQgl1L#b5x|J-iy3RG{?+;6p5?RGfc$+uhOhJLSbFopvUc9x)o1kA-Tm9v(+QSN
zm*CNVfFeBt0XRzk1{d#v$=IPsjO54aYR<Qu15y6s%(%dqM}mFU_48)OMZkgS(Q8^b
z;NcQj_MQP(obH#yDV)T~d(mrAYWj>uM?M6&uiTRZh1MWtPbZQ%Q{Q&#KMP9Pu*-)X
z+UGN`5fldDr<>U`y1$vU)R;PrGKgTk&k9VNS|!P=KQeg0N%Jd}>e0n)ssHZ<nEe|e
zgl~>*SzQVUM??YDGLjSlYnN{U0~lKVJER>lvIIX<Eqc1n7J4@PRLW+PsNiIqj*lpT
zwF5^;^h$DH1qI~Q-rWXNDlHjJ>M3nM#^)Gw(T0jY<k|fK{PUZ$E|Y{l(@j<8t6cCF
z<@QOkZV?`2Kv|u4Wv8*IlEq?B=M21Mubb(7oi|0mR)Dx_Cm&@K+p$p<;ehAfULT?y
zEShZ}N9!1x7PU49o)ps^`nI;eYRSnd2jRgNFW&ZwjG117(-&l*{%>r;lhBh{mw#H7
zf=aKy%&*6!kMMIRU>`Meyw@(T?B1@}+gB~@W@KoAO#=s+JZ9Av_yp^iAOe~A`;Mb|
zt-uFJewJr8vgq{X5cxB7vj_GEPlZIM;XOjF8u0s$SR6gm%jeK%$9cr%%Hu)~jI+Jk
zqpjz!_I?20<h=EctauXygb;LZS6gNqFHL}zpk9ri8_%3x0t{3=H*80!IOI)ZBqM$*
zn<C{v0ywha*yZIao8%$J1&%XgKP@|5mpQ2nHyZZ79OMa!%rm|h&}Q-&n?C9Gnb-J1
z?)i%)m9OgwXnRF&9*Po9ml`~tm$YY&O66yiXUm136D>Y<93b%{?Bi$zxmY5vjCNA0
z<_^=^!m)z5m31n>PDmMtE(NmqxL|eTL66)z$i%={KapCskWGV|yZ!Y^ZBM&Jj5(oH
zs_Ua3kb*ORd(Gw0_RdS}w;hnCPD%fieeQN)_bJGu_8@h{{`a^Wb@*R5Y`Ms!$Lj=v
zyCtRCZZ1Jin?7pQtOI4Y<9B`c-S^N+&FW^KbG3+>awa`|i7vM9lT7n33aQ1;<0vSZ
zUMn-#N&vW?3pvJf)I9UzJMqICV7QeB7@8&OuwkA2uuseY)rvV*4i!?$Q-l_##g;IZ
z?X_Z4#%j>&?7n#3x_%`tYVzECHt_2IC5_$6%;J4J*6XC#MhWB(Zbiw}53#H5&Uu;-
zU21<T)q5FzMYe&zp2r&eu#cnt&+r2YWL`EjVtOT|<oz?=Uiwj`<T|!ARy}6+ha0gZ
z{5sz3EWqlg#LF$u;j=GU7FB1pSd$OiPJ27x>p5%ETL`wOm=6>^SlizI3G|=BljQTf
z?236E$KNAzwec4+HuBbiO%_?mlSqwdSPqJxD86qw#qqn4Ab>=1es5fid_1A_b2s1a
z-}cRInph<#Mg;BU0`tYCLMocvQnqRIAfsxXqDD)+g$lLhxQHC(Rl>H5SB%>3yC$@W
ze3JEp*c6E-&)3_<e7C#hm^7do*mzGF`0p<RrT4?nmS%e!ul7H@AcC>_CW=ETaqvzr
zcQ0XKIC{b~60$Kv0T@}gpAioOZbw`}9RxN(;Yetc{~bC7=jt3424-2pQ6>)?Wk9uL
zeKfF45Rk_mUqD$|AorLHCkh<@sO6p|Cx+eablv|)q*jx*cU)TznVKLeBPkY4uT;e=
z$-I72Uterqt?x4=v}qBy{5rU=P6`h)?;A)RVSw!!*_8l9CIdwT5C`C)1Bk^)Y}sXp
zp5f}3hwn3%t<%A51B|&j=qK=02iHX%Z?0ZBr3jK+`2iz-R;<Q?(BI@joOa5PMEdv`
zWd^9b`FjA(y$LW{ubxIpb@A}Ps-`zZKm|B+J;|=y>U<vZjtg0?ViorAgGULz&~>Zl
ztqV$!$DT5l#kzhHyq&5*Kk1-~TrLOnxb&U+_#oh*;wCS*cV>33!vO_atr~qH>?ieO
z$*h=^8a)KUg&w0kG~W2X>7@Gm_@*qex61@47*L$8x2o#Gf5oIACT=^dBx1|w!`kYc
zRV_)@VmjgfyUKd7Iicr}ti~X}VS8+d1=1s8(9U3Kl7{UAUMJv<{;SzY_lsFdoq2I&
zk8U()sZL1bHQn#r|E`>Yh}A%FZWBvp!?v7}M@Lz0znT}pr=&rPNzWlHg-t;6NmO3v
ze;o46mQ_LJ7h7pY=sciU{S!Dir6B+CRjSa*`(Z!ZN%U@*c0IGWVxEuBq4R#@*-*cy
z8&XV&9hN~%l^)fl9@!>E;Y>7zeS;br^w^6%oh_cgh$w8#rkY<MI%pa40eMhzpCAl#
z`rCw<^lq>#6&-F^kQ}yY1Xz;OjetK{ftPfbI{ZBa39d=2=b0{F5d`3s5=i^F=?+E3
z`_YeE@=w|@`%mtNU#p>&D5jx`VJl?PfmJQ6t;Z`uwYtt6uwKr<e~l0BCue?820SEc
zR04XB{!=cxWRE7d&GBM|Pe)Pz6k+(^tKZX8T{V6)>%E2y<;>EOOh?cCSaKE5u&Z>(
z9BbziU6B(sBWF_#y~Bc@{IKEDGLM#z!nKiR4CStzc?fwe-hU&~`4m0cF<rSim$l#i
zJ$+uND!;$QyEqU!m;1*LFPnN?4i#J`arl=3Y&dbqd#nAhPRyc#zX#x4g=H^s@}O*F
z*;dkJMTKg-pY}XUxeJ5Q#O{550-hFLLMiE%ox-ibm1?66_t}Ji7f7{Uvw65C6}@?E
zxZ8pL!)<Ntl9SI@=no6rkeGgyn>odsI64~gA^NCw<r?c23+%ckDLRqBol*8p=UJud
zawe-m^7H@osoghy+!Kd`m%Di)BP(G#!7JnYn-t%j2R_!KqhqkIIJL=tBSxTCQq1x#
zY1nz#uTGoSmHRL-C0$$3%Z02%TC0y36({7W|KwzpnUw`62R9Hyw0W~bN!jjNqF0*5
z!VRccn*nd3SdNtB^9!~G#`xlLyDUj*hhHth!YaSh+ms?vzM#Ao$Q!e(jtMK92L*9r
zY5x(%P~^e{EQs})_2EhI2+@6TyKt3OAJU|F1`eXboM*5wI8^14`-B&)?blje>^Hmd
zHZL)cd?sk&dI7Kgq7~Yi#>hE0lb{3nQ2QdS3d)`UD~7yH!`z-B+-d5^ll+&VqPGWG
zdvY>lQN|<pynvT_4WybJZZ9cdy$wHn0XiHx1K>$;m-NnKbtRCdmp9*Hz{BHZZygSY
z4m4y7{tqHQ!@m%#(Dr?hL3DcqBgmcXgl-xb*xa79YEfh|q~PX-Sme^vD?NWH3DvB6
zPfiKtC28AB{6#P{DRw(IGO&QI{xPuox`sa<to~&WD_~1~{Y2pBua6%)0ozPBDlKlm
zZFL9v_A};=V;ncA=+OPjbEu0M;H3)#2E*Q&>s@K9z`kifZ0)FOn!b$Mgl%Jqy-g<=
z`CTi$$Dn$LH=IxiQ5JoyBr@>s4Mqa4AUlji?gsPOZ*<{1dIG4)i8CM5`|O)Ak3EuS
zKBk7HWb-<7!UjpRA&>}gzj4#k-u0wWx4AriDyCkS?_M;4)7i$lO_Tm)`7$p(Jw?FH
z^g+Ilr8(>cpdw`P+&<gVA&`DX&|q$yW)uILDo$5&k)l`XxZJSUU+eE+Z`u#fRM_YH
zItWA|w(S=9!R228*8b?r*!85?)y2S>vMeqEcQU_a5Lh|`t_zR5dwX08JdJNHU>&Ig
z?*yje>ZRZB>SeybHlxPDaX?zY#X#}RppN3&kEW9NN;M$Y$MhM80G%Omf$j5OVo@uj
z&_5Z5mA6m(<F&Pc+rPOdKzi9kGxr+!<M_WM&BxP7litC@_g_1tEf-!?rdBP_xl980
z4lY``d)kWd+oh7&T9a44rMDW(uiO88EWwaH_L{)$jGY81<*yU|;3nlaEq5Vab~#jS
zv+Fh1)J}!@|H8@{$2trMQvWB)f=T^H$-NW@>*=CHwyGxmDX3_e1q~|Enq?RTAhPV?
zqo3SK@Om__6{ar={~Mz0a@-C^a$KtWnO-`ZCM5sz=bH*;gX<o5f@qe7ja1?BGef?6
zVfGpS(NFmQIQ8`Kx$krxmRKXn5G9Bt0dGx8G)=Yzpgii{`!+MG;~(*B+Q)t(G$xLK
zjPDz?ti!e-ZyE7BT&iRGh_@L(zLXTH@WUDbxbm=gZn3M|%rXZq>Ir<auG?S$FQSy=
zDTKGwJ_&*yP@Sf%q^D=UQNI&yR|}BUK57C+H<5d{e7$aWCOd~2De38vP|T<EmRcXT
z`}6#_e?+S=qtXqbwTTMFx4=A&jppa0gWckLLu3?eDjtdGpZrUfbJI9hGW9|6Pp@%>
zA%gg_stBr9gAo|1muL!5B{?bqc{!}3zemrfux21O_iT3d@cf$oaWOUL^dmH2(f9nI
zTkL*&fGh}Jp|Az3`*pl_GrHRd84eCq{e1#VwXour(?`tB2Hbb4F@#CHh`6gbJyx6D
zdQQ(W{-$fP_9P^S=iMg&9$_LAGIy*@oiKcQrD2l`CnYsPq83R<gM=R`uFkhhB`kBJ
z9K;<3L&gSU_c{J?459~NOW$e2JCkkoAaBGheXhgY#_w09u`w3?H_fY6hmqE>&(ZO1
z)}fWeB`AZDzV3TX1U1za@$6s<10dZWAKBG(Kdo-Q?4P!|dEg)OKW2ZKREFzk=VGcR
zpDC7K+43}@RE~vk-i@$@8sE&-*>x4Ry=Xag+*Y=%acP#jhSAa%<+ol!@?ZZjOo~DE
z_3~2ZY-Ma9e;gJKa=dd5G*f0(>9~PSP9usD9c&O92i`8VAL8yf_+M#?!(~6*T6S#f
zGsSenQQ0Y}*nT?q1-1^w<DL5rw?Zb3rWW}e_NyiXk7CXryroi77y#l>?Ncmu5M0By
z1mw>`VN6b?<|tj%usK8*11DD!OdR6yxv|oP&7EwyvvceKVmsd~p+{OWCisG<Wf&F7
z-U)kB3B1`sdVBa`@O;k);SpCyke+Bg>E0<s>$wSM?>5^R{4Q#R^z|GG*ky*lZL^s8
zZTN(rrW%wPWm>1X%cD{KRraSmZqeNE(h@Ko7Ub061!0=jt3RDuiHbOF2>V^}hld!P
zAJUz(;BUIXd>Ro;f#L2viAUWp?msfgQq>%odH|muUqg=-Z^#62`^;V70sKRr-~KCG
z#!i8OEB0K}ZwIjF1Pb9^5KTz;M&2s4)9&oagDV>^@4(#6oaf%3?ZcnT`cR~nvo)Pu
z=AyF%iQPyHGkdg7Fn_!^6Ag_g+^MuX_I2bnh#n`NDxMe**9AfPE13V?7CbukEp{r%
z;o*d?AUsJ50d?gX1d5zx_rpvytD47jHjyj<UBz++5hj5W<y~FP&E3CO)mFM0uK<V%
z^~$?f$w7_@jirVV5ic@wAh_9f;yUTopp*HRq$Jm#w`LJ`5^VJ8pEf-3&hz<Se)&Sk
zy7IWc;99gzQ^6Pj1Ngyf%?=B(#6SQ66ol+pZ=Ff5OkKP4hgY(AJi<0y95@}Wm@*LF
zft?*J*d>-{@A>hO&;5M1dSiHG#WDy~+c;Xx<W(F`(^Izi$Hj7m3Qik7GM*Ly74ufi
zGZUbG)T~+pHhnP1(-kOugU}O#4-xtZ(v2pH2gqbUWiQxe@RA717ei0zG);!d7Z-|4
zo3fC(1ntW$A+Zu{ttWq}w({6Rdg-DtY3V=oJPuH*sXm-R1ECL5c&YsLHZlo6ox9u?
zt2=;`-U%Cc%V6JC%Ho*tNah-n7-VVUu2D?l9L|WRfiR!9^UmZgoD?@jnSES1<`8ZT
zeDmtL&fUJe1SQe#yS1@zT&4POTRJb^3JQ9VQ3u7FlJ2UGBNB6SOa=C}9Vnli*C;E7
zja%Bsf>V%13&)LC!*s1r2V@}-h>FPdSelk$=E9~?UIoDBh8FT*M17xp?eo89HE18R
zj*Hd%{@Wm@TyylVB}2vhqM^Tsx&7Kg@=6vu{1)v~Y+Izy;2@X~j7~*?5Q$@jeG5hi
z5{kr?8gebdM%cpd1%p6`R99!~h}L3BCQDp@aNN-KqyWZ}6sWl`nZ+MtYX9|9P^dL&
ziqdKksyuE&E<dsK<=W#lnuN39WzmeTQaI~whybR|2jTo!u=yRM<Fg4lp94>x&s`=%
zo<C-!WPwMemXYgrc$dHb$)s-2UTvTQ4+%~Z2&g|+@Ak7lrn8-7e~RgF)Gr@ajBu$b
z${0S>w4Rson*&L#{G#1au7B8~gw^?5>nZl)@aELt<up#v)11p?j=L_-%8$K=Jbv#`
z_=0Tyi-qSuY?~5YR&r^2rQm|Y_Ly|m)eeVM^(EZMnz&F}l0l%8BsqU9_=MV5tjJ8T
zyB6TNZi}+0WUE0C5vgd|Sgb}PIe1oVE|P0gv~A8UwTq8djBm8C?&0ojelpQgF`gFw
z*&@*c6aD*+-e&v1k&n-ola~6$x4yy}V6HWf8JYEwv*u02Sa~}SVuayLgM4rjrXKIv
zAlZ+Zo3jB~K!)?9FD<o4@w8I8KM;Lhwy0dx&Q(XuEY@xOYu#~Z5&uP3FV%P=`2#6?
zyY<HD@;FDb4K70P$+OPTZ3FT4bH58$4IX_I=og7AHa&AHgVFb+sDnJaL3z{^I7j}2
zoSwH~F&ZmnHg-3id3zm)#Tt%TUy;q}`unp`q&w(+EN9th49lq|4RayBF}g9EDULC#
zDps#zq4FODm-oFKis0(EgcTLxQ!t4oI(8Y32iP6Xo*Fw6Yzi5c{t7}iw&_E62&Jbg
z6t6=@B}$@QdFjBQL6uTJ-hJTbpUAA#dVUn9`eLV%TihHgYtGg07Pm0w(wagam6<4r
z3KqBI=E{D&^Xe9IIW`ZKbA_d{2l@==2$(bGPXe2p949aF%9L{z{<aSPA5CW!5LNqi
z@iXMm-60GJC?F{%F?1s!0us{QEj^@kONaDJN{2K^H`0xCmz30Z{ukfX+@JHDXZBuu
z?e&w%7)@E5uW{}j8q*tNCw;#Z91X7Apa?|)1cJ4z4jbM|m<qpNtoi#lt4jxGZu(q&
z;CJ_MAF}PUL`KoW1d{Gr9YyGfz76Xs=(^-+l+8AD23PTW6Wq#_jKxf)*N$gXQj|nR
zzwE<DK&ExFJoXD|Ay$$)Eg`~*F;Juy6FvosLN>KX#ghC1(HtcOv!(FTkETkpxe+kV
zzM=CkGECqrU_ha_r2psbHCv(YJ@YaJdo1&=vGAw7I$VwlXXzm(YX4d%<x_FeTSg?r
zXhSZ(l3c#})W5UyO|gfkoA)1I^NFmi%{)37{QGmX&HBe0l>kz0w+^ZL6x|S<!stGp
zmmeosDR0cG=F;yJDNWKVWJ_U}sTYI43dZDj(B95uOMd08hdfhrqAG-;wX~dq5l-My
zny|9ZlqX^;7%&aqeOXU=Bb@ll-|H#F!Dj<&+gXsl#*W~PvBFj+?$S%CSDhXZm6Qw}
zOjJ!s42)KaoXHYN8(g=Wwu<T|{B=X{>E^i&QOvfJ0Y`=cD3%1<<cn(%L^>CB7pcus
znm7T5?P0MppfxmeIM%v7Z1Ab}OS}mMk2oTe`CCN2C-Y3iWM4tah^Yp-^Ej%Bt>1bU
znZB#FsQ}XeN#u{Vzc6GCqrGGWrL+IkeRn2hPoKv8XNz7F5I|hr-Bz6D^oLW}HnMGS
zOs(>}1Y*lbHax+vF<IzONzDfqPWt%TSiPGQlWlIvfo}?UqG#Y=nUYMsj=OA8{`_ax
ziVRk}>5%_LFMq4bln@VzPaH44qP#&){N?xFK`$+0Xge1~L_FT#pum&;H4jeyZFM{h
zN8s!tQ2^8O<vQ$4FDZhe`nLyvvnm?K^a!B;YVbfq2*$`05}*`BkC?L;26)V$;7Gbv
zd@N;&n(}HhQ}WPCku}^9bI&)5UStYyK3t4JrjdS)?MA%MNi04w#v9)7xxr(14E=@A
z*@oC-$&9Uzj<eRAo5A<~)??ivutd;KM;ZZVN@ruRxPC&Gvd{gVA1051(8EmBrs5Ca
z>UN6;;bgYXgae%Y@`uqUW0lIM&3>ab+h4Cwf6Ul4Fk?X?qUL(eI<rL{_4QY1Xk=bB
zYV-Ol4mMRr3z1h?uxmT|xc<G$&HY9G{5Nt<QYn1OorM&q(;a~m25_RC5%wHI&3=jJ
zeGFp_s|hn(nn5M!lz~!LMVzs%vmszzLcbP(AB0w5`-^l&p@VB5xv2c(6~dt(pp%Si
z=yEVsxgjS9n9K|uPP<<!M(XP;DHLmSIvs6YDk)?!D#_j3E0%stEGkG!9H#n~pzz{$
zVO-^H#w+;yH#gP(PZmst@`N<~ud&-=rj8a|#<cxsT{wha)awui<eh~V=e$W)098Jd
zFsnBEKTtL@L6xRW?pMu+^V%+YCBlDyZC02^GTb&VzfIBa)8j9hDd$S8LqnmFfkESV
zq&VgCbaJzdfV2UW?wg}cQw{4G67ZH65D>Wi^WlB3d>{hbC~tDU-EJwcH&O^odd6C3
zDk=KgepN5c*C=tI<=R-i)SO5V&&&JxF|dU;F;E_3K&}w}OY41xrXBASldq%6(9F<v
z<Eq#8zQxe?pjGW|)9dY+-}W<#L{jFDv)z|*PFvVO$Zp})&$*ex9(;kdMvL(_kF`fI
zEkBc-mZ>5`3OezT&F`QngOuIigj7*8IHK$$Q9oj!khtC9YjfQyr&R=EcG&QL@mv&}
z#F*SEE|D*{^kkhTmNtnaz(+dDImcC!o|*auoT8RS7a`T0*u)^<ABc!zg|Fu$Ia&p5
z_NPuH0*>UR(Lf=fgoUs@g`K!8ACw9&qcjy@7Y%QbYoZqV=xfaI!}=kb^yYxE={O`4
z@X6TV6esI6Mr=cA5MO}<DP_r5suFO(0XUM@M%PC2Lhp19y$8;DXWuXl(ILT+;>?s_
zLeN(Tv;i(9z}B;^nvSkdNJwaBB&`<Y6GkPeys=1NwBvInE-@cwI#0uQY97&-HRqmH
zvH3#|_@8I2F;-}Ha<XiRdG+)!K8^z2Hy`sM@HS**#gsSR*M%vYRo@8V=^&w#)xmCI
z`NP590gK?Bk9tK()%KPP-?d@>Dx$OCGUe+FHMLYESCp=qIlV}1Fggu0M&{Lu^@4wD
zmTuGLkZmZ&zNrget<BW0L9(Mj%`c)Z1@eTAsz9HC?@6<HzI~cBCY^GE*5@x9Th%7D
zJEM37!~qTo)9s5D9zpj3IMsBU1@&{2R_Y<Z^(nu6cW~V}Kot0V<MG5}%~#y5`ZAo3
zh=@g3Fn8u82%W#<R>DD6_IcfvNV*%3O)uDqUYIPTfLEEy4Tbl0y~?x+bIh9mnlGNn
zg<QSPOGMIt@&&*<^nYSErv{&ETuVrbP5JVF69<$-4G)!%X=PE`V_-jOf3NzRGMUs7
zq(y;Dz?QF34XtuC{ifJfl8bvRi!B!8D;~>SZ{M2jtEBm~*XIAOlaM~nclqLc5e_Ph
z|MrW0Wyi?(b|p$VB~UidUq>{wUN2TOE~{sxW3stnhXEproaiH5k@ToYEXbLRI^pw@
z)96hhEJ!R2w#ej?deP-C_JqO2*3DvFB-_Dj#;(gSW(-Y;D^X^w0Qx$RCoToJr~hHX
zC;T4VX#qu0(_4|15+WzXe0crM90z+OP0W9=#!O^oMJen*J@Xion{Am_oTeHI3W9fm
ziQ^@jEIgk~j|P?;o_88Mq)niP?pinX{x|mALKQP=jvLJbOXjy-g0(3e`qvl39Q^5{
zC<8CaX=wefXF4hcUF;kjIO4dR$`hr&vM2sRz;zNqGW7Gq#EUYcJ(%;H@0#orSIJDs
z=>lhjKDtwX^^@svq-MoLvc!Nbn&6!LYu_A=A!=s3>F8Od0ZSih>}V}k@Pcg|&8dDF
zLQ#9VH>tnWP@&y0@{+Csd;uR|1#ih$aK9Ia*Q23|tO&`QGDSuO(Qh<c)eaUg)Kd8M
zYuO7v2VzyWTnt^#R@%LEdWrpskjg|Ifo;qX1H$9HZr1}Sf`TZ<zlnF!$kwMXUux81
zgeeIvySXLMzH_^<00Acs{?GSd?m)tK=_EpEXqxTGa=pd!+4ysf<+(B3*5Y_`zTg$P
zZeaw-RZ40o!$~XxK}5KcX@idYj&s#w#DcL*%yC%x>NA)W7JRKmI-}=0k7G*?FS1`Z
zO8ymT^H_G9yV5eKy^VV7jYmV7^BVb6c5T}06a&w@Z@UIQuc&Toi|`g3O0rtqS3pGb
z%()X5eN>_3;)8PZU{!<q0*o*Wx10D6ecnf4B}@@;=k5cL`-Y$#M6N`x^p$AjQuE^z
z4dQ)Lnj^HRUm#9MMz2%@_NWnQP)YYKR8z|tbtVFn7ExqkiGnD>C@MtfCFw|NwQbjf
znPRfa>FM~F&t5-OzebU^Tl~@P4?pwa4u*my{lY5CBM87<zS^NeS!dAoo&7|X>CqlS
ziWGn=+1D&@ym1fA&n<bM2<~PIyOsJ}B*B6Z^3-^C3(kEJBmq~bg19$68TMu|l6|SX
zzPIPhd75%Sn(g(e=vhFWm5~F4+^**dHc)T{7IJpm;=l>IT}}0D6i>c7;28N*v1L+C
zPA9VSl$P4(Xy1bH8xmkc770%_s`wn6F*-Ax;xz7ZfqL(|S!v?X3~Z4`%(BZYYWu)8
zM@~;vsBoB5>MvNIkM7qjl6IyB(Yo$Z^!}IA%bp=7roMkR0G*?RAok|Z&J;O1)a`k_
zgoLnqVfY1C>1#6;o2gFO)8I1V(cNIIU)^CR<X#q^ZrygZwV8kQwj|d7A@pk3c0iDj
zg4xbB!FkR^4~Tc00s+=33GZ;N7-|Kj`U>hqEe!wb4wIh@<q9=Y|1qd!m}bPJyej(k
z;RUDxO;&T=qp^eA7|$aX#Wy!CA>Ezpf0eZi+MFl<#BcV?6cu5|fBkPzqiE<y>sj~C
zZqDi95q8<k^Db-SG!rukqNhrL({Z?>@ufl*IW3ohcNj+9-G1rHuQ2*alum+QJb-i9
zE>{C89jaUaZzr(?X*JPztm+`k)bFU4DzT%<+Xj-?*novC6C9Nbi!%Tp2}<wDgdCQp
zWG>_HZ}9$owd&c$9m#OY51neC(KL%nQ2Lz#fAn1XmiK?ZLlXPIQmTnXL6kjA^ED}9
zA@kTUskuA`wiSqlVJdfc`af%I$t&b_p|RcP@#p>5q?xv3IvS}oja=>j?*(80n-dqS
ze5<QQV^RN;i*1*k@wJOS(!?Tm*o^g~+vQF#7Mc6j#Xwx$RCQba>y3LQp>ffNs)+nl
z7AUutzWb}q<$oWVHd6%}$h_VqV6IULve)M0Yq1JNnDO-&Y-N+!(acyM2vqx)6poEK
zH@Dt&LeS`df8O4|S*)!Y2xMjYliBrW#k?Cx44XFpV`-qHW1`7d_eO%QS*UBz(Gg_|
zCM*$9Kx0LpQa@_BChT!0EtIS2+&)$6xA@(4a@^QbsTbRz>V+1n_k*idYdd49_6dx8
zhja2u3a2ZLry!@JT(jt?e6}lfWLNCpAk`eZURWjsp+ac7%ueD)%th};*wUL9Lv*-9
z7VusnP2*GVpr1Kw^#aRlkG29G5^?;P*kM~ubMA&54!Z_iYLSZyP(E+faUo#s8#y_A
z{6p3*;IM-|wTOGa96u}3__*Hn;_<eh8SjX{k90#^0-qC`0&IGKx2o-`tspIYY`JP<
zuf46q|2F>XGniE;D>Gn;HzA%n-S;_yH@<%YLJfZin;{GHi*3r0qmv7)2dKix)rRJ2
z^T;5pOf?F8=!6J$%uw>eA>{ukHnYcuKx)17cG_XYonGAVJwUN`n$6`qJMyUw%(+xj
znwF78-4z@kw&1bnE6$I*hj52t+gXmiwt^QVk`n}QvC8cUaJ>cv+OlHsEQ|YF^goOK
zOI?{=n&PKnUUo^eR=#bYTx672|FKkT+}}{~?6hP@WMXptPH(`}p>-qlqhg9SgOHV(
z3FETc({|3YV7aDbo_h6dkM~J@voIawO!|mvg3dRvi69}$tULGq89u;g&LGKMunDcE
z*|Lj{61ZzsG2W7Ro8jK<{pa?4e8u$xF*Bv*_22zkQnoL53l?^j48JGOw>f;Ru8$VD
zGZZtFfs2-wkK_wmjEUVk|MD&hW;mte<f+_X>oG*{zuk?#c=-N!pgY+6CIa$bt!k^|
zW?zht-&*!cG_M_jQ)js5;Z=$OB`sA3m#<g51`47Lv@?N7$~o(qi8!gFzmFs~vp##s
zFSPwnJOR^PCnf=+Obn|8@&P*IMauzO8QFML!#&PFl|6+@r5~9yB>SSLKv_>?D0te5
zk(=T~?&L1a5QEh!pX+nk+Q0fAD#^oKaY(5%b2rfrelDwd(uM=ad#a<PM48xvcfuZ-
zCwkXl;<XN^gP*5uIp14UAOcPx$4$uzd+nNJ-*MHjJ)BZ}<@F{*x6Qb>wBCZ;?lsY-
zQzkhQZl@g<zR9Zqcsa7Iw6;7WK?+j2lpb;ufsuR0G!_x?6~b%6PJf}VAN0F;Je$Wt
z)Bm}%vu?X=F0<ZGpD*WynBOu?9x1e6M&`Hq<$-d>m~O54%BRB=w$I%2Gg)p0hhBxo
z)wTIaH?2Ne%)3Y->+LBTubGsOH?ya0-1WDKF_+!gOI}jGkbGl`&pGDz)QN1x`j;H7
zdD(mI8Ny_yUJ{`+%W~}IS}@Awp?~tTfY|vB4+RB^RsQPCr034TN68HS#&mWR!`CYp
zeaVT;Dq}ffVj1I3`+JOqyaesf;0j1`279RLkm(!W{&yN>-)0Z5pDD?CoJI=rd*a?D
zglW{4bjyXXZ`_qmPB<0x#0hej%w_6n)~CA<zC0Qkl75rneN^3_Zo~o%#`F6g{QhCL
zs^`G>0icm~0HfRTzLouKX*m*AxD9aBCkb`mUH9-9rpr&9ZvW^;{qC-{H|cg|<>8Wl
z+0cmADnBOkT}YmtRef6rcr_XbID9UjE}5K^DoG8C67|^{m}tla<7SyF&aPWdN|TC#
zPP2La*S;rfPscTp949o?QA1{FgW2YO(5zpx<;989EXTxH$;mNcLJ`vVd*FQ1c(f6K
z>+JJxS2Fm#h|k3b<ylQ=7*ouqb?@M=|Lx|B(}m_*`!EKSkUw)^p6&HWS}BRpLb-_1
z$1=0Jnk`N`!%V!f^m?bB(3h9HFT}jcKb3I-F_zv-^eSNXqD<{->N|@DVhI5i2d$fC
zD*o*1ohZFreEtlzwiwg$Aa=+^*zDpNWsMmC`HsGh3>Y&crXB31lJCWukK>ZEk8tQV
z97OTF`FYk2B0g`^4=cUb?$^Nn^<Qx$IQl5B9rv_3Y{+U^g#i%DPnlPPgUqzvu1C`)
zo-RA2Sf0!VRZ$g=u1R$b=l%d)p>1RO<j`tr^R7-TqK$enwTzufq7V0l@NLW5Q$zOa
zn7Gq@-<ywGu-z_r$C*!J5vdYmQ0FVs=EGD0dXsX-ANl`*;q*2;BmDdwD)NMcR+2>d
z4ADc=r60?F>wJ^{TDQ~w{FlLB(<vAsxaPlGq%0I+D^CqT=jw~}hh3`~&;h7e)n^C+
z3Je;hpqvi=afThKEA>~$z)b&3AJxkCl=+&AL|3@#c}HRc1{hyP^XG9&b#h`Gtkrm~
zMx{OSSS(6n#P73AI~@^YGQ~*ab9My`P}Z8^7gQvVn5S)?Wr+RlvNWb9w>fS6@Qp8H
z`SQ=8yzbJ9n9I%`nL&;7M&9u|kKj>Kz|~pP=53DW^#WP854Tl4%6FuJT^Ep=Jc>oe
zjwA^h&h%oUR1V#^7Ykldz<$eU3f{G<Q6l81NJ0x{tgy6(f>HXW%q4Fj9*nR>5y2Gj
z@Fxm{=Lx7Opmep<yraGC<tX4n>D0dwJN;>M_46vqg;gby3kC(${)y{VILcBM%CknE
z>>r$Dx7jYZaI}ZLuD3N^qMEU7Se<XU(!zUsx*E-JBOm=#-CFDay`$FUsyn3D_<V3T
z2i=Ysv0;1O>goIV7?Qo()xP=(8Ts3%+C!IJrLi=g8fUYg*CXqBkw5wDGrji<%Q#wW
zH%YYgTt?q&b=<G)X8K;Yc69};W~*C}x#-i=ggf3hcF-t)(?yBMh5RMJpyS#(Tl$&}
zk_ITii_6VjC?s&D%n`(a@Z)ps*9D1#w+S^?Qllr(s9~HLL|+y^tQRA{OD6W*d(FRA
z^`*)Uq^13|O4NP5Se5PZvlgAe41fMYX2!ZGy6CM(yt=-~N~BgLB?YbETOmw1;o0q3
zNx;cTfYt9NV)wP@d4s2fzG|cknwx}3j)qJQI=TwPg8P>q-|;8ad}0q%ogeXhhIJ$_
z?U2FFS+V1{Q&c9_9Eo`70JX65*2H9f1l{D%8QafJ`|mW_^&5N-Gb%Wxf;Gw8&mLSH
z+MgB^3KeU!-^=I<&X{+F!DR_3vNTE&hIr^Cp;0cvXG?3&<1=b(NI8PI9@L3NYR%XP
zKP_g8{Ja5h0F=4$q1f*_W6gG@RZ!BjOtsuM1o1PX*Z*<47<3CsNGS=OYb;dK$6?Wg
z%wih*qaS^Ym1C~P;TTp5jgl|@*r-uc`X6Rb$GI{E8H?2PfA5or89sc-N5@l<o}Axc
z$awxYCqoQ_E4W@SSb)p}gAsT4KrWTs|MCYC*w}{p(jgVhlYd^^(271(aQK^9TPq+h
z6qN8WO{F)o#;QUJQL>Z#s#8aIi{EE7JXbU_4Q&U@F|-~=u!=rR#s==@A3B>*SNP5i
z-ikNGrNo%1zjP6#k>yUT$Cd#bH0uRCaBu`dKVo26zhqT1eQpX<G&kpEGX*Wiv`(8g
zub1q-P5N<F`XrU0dauN8yYN=eHt;-fRlq_(s;;%Jz<RA^s3^yk@Es^8PBC%;Rqnlc
z)dim;8T@a&SG_NegOZOPd+z<~%vXd+LO)x4RZ+*HuRqc_+^IoE$bXYhD9|*Ua#ED0
zvy6%P-!=5O6M(MbvDx)-cPaKX=?|jmHY+bns2psQhutKR^|L(Id>bQRidYRF5(Z51
z&!0^w0d3i0{o+NEY>|bd_J+1G={j=qzPo|j+Z55~I~ihTI0YCS>wBY;BWSZrrQ3dU
z{4D%d^oieKu#oKY-|E;kL>LPrk%W1zP<X{==)GtOF`z0(X98(@aCyFsm3gJBhSry9
zk0iq+y=ZyBVje{>S;8Ru!s~WpZuN`gYcl``-zLS6P?m8{#O8Q0##ml9{t;NdQX*Um
z8sWBqR8^=KhRYKX2Tl<SHhPfI)dX@;NdEM7LZXBJ_mTA;kNV+|m80X|2oJc;pxb~$
zv(WgyBq<A5VK=fc{`_2q7@5L4WXdfqP9DrMrBdNL1chrk^%BQ6eXwdeV-~vuF;hAf
zb5v5mI!Q$1+I6(zn>JgY8oi8E)x|o3TX<ipLM=G3eIe>xM-jpm07+k1x`|#o)vj|?
zGw_%jxx@PB<?W4*ei?$qzc{#K$`llZH8*2rY{psz)g8B?()Y=6Qjvn*CVHRxf)U<$
z;slwXSarHqxBo))y4oy~ROEhYm?;7Sk?85&f4%$J$I9GbZM}S9!cRt|uNkL2op&SV
za0_epDkgK-RwV>9;ZDii(o&2TGVr9mcv@feDzgHFA__Tt?uJ={_4|?P`CpeVRK3$@
zqUj?i;-;pmO``7uU8-fb?4PR)Z%#yHL%+VHlTFRc6!!YNcek50OtZVuA)FqZ8<cwf
z5Xmub*%5JV3o!vE7u}i;onD!}Dc%fzmrx%+(%yEMsHr4JaI2(n@-r+7!ze+@+@-g2
ztcUqMt*DP2U|smS!m;Py70um4y4xWxt(Uj0aUeZQ-g*3FEx-N9F4nSJ@a{fK9p}r$
zUj@9*Xi@_qb2GgnWbx-2AbYwG6-Z|!Xm^N3V?8@$;dK%g;yUl-0NE!7kJhJ4=xMXv
z*TW6>XyM36aMqa5UU%E0OAVu`JdOF<jD_X6CJfvIaZyHrJpI+erY%yn%rsVZW-ovV
zr(eO06-wzsA;O$|PDk@&kLcOH59jO-?M{2Q=ip$Lyq~X$1%d%!#Hd8Q5W2m-rg?Ww
z17hL?DVQ)eqZs7o>Q`+|qmqQ0{MY6>{0;-!yfsQ;d8w8<T64!9Yi$Qn^=&KqT6%6X
zMP;jRIc+pGDx$PXOEldiAtv(gEU=()_(?y1nvbP{*~dP8ae^v3Kb*$VVWuoR6iiYX
zC#0sPOvAn$+37WkX<!aUzH+HjI$h0|QlH%{kD1~jYSniahoD!%_k{XHpcV}s9K8Ci
zO*C9gCmp+%zE^&{D=D^)?i>18=IrY`t3OhR0@(DJg4>KHRxb*YLICX<>5$wj;-{^Y
z4%=xeuDA~@t7qp_i^$|;?h>2|@tOt1arAlr>1kGwQXtFdhJe~xnkx|2a?;%!>2WN^
zDJUufaEZHEm--ui?<n4_?x$7UoX2m9aoMh)17L+E(XhDL>jCErPxyLFzD_RGXG=Ky
z^}B^~dBPe4LX&0VLDAq@S=&!J@K6jvm&H1=9A8bV3Pj)gETP@Z+DQEseI9c?*HzE2
zc(lS^7mUcZrPII8f7XuYX{7OfThP-hX$lF1B5gEg`CLz#)q$x4VwdeV3;N}w)AJOH
z=G;-W@f#a!qGz44FTSkbZuBS@GUhRHLMxM+jjhfPW<V3!&Uqs9rhq&YJD~ETf!}`b
zhyIw+RQ@0HGtyGm&`WQxikl|8K)d?jQ{8kn59<8-#Nqf^yUHKxv+JdaUoLLLAMdZ*
zZ@aP3*A_qhnDH@T%oEk;jfPHLUy~=6*6EbJ5b<=rKUo1;s(ms1jkJQEHIyML)!GO9
zAp(owj6lo2+04fnhH6bfus%Y;)9$oO!>Uyd@5<7nB`DZ@qsRFSYM}nlVh=&5cSdb0
zVNT@MfNotWq;v*M;1PNJoA{nop>W~xQH9=Njb@-Z#sq84EmE4ZuiM7#4PGDb*RP;E
z{GWveF(fT9ar^mS7hcpX=6}UMo)0}%F%UvAakX7(JRCwd!W#QKZQg2!KXc_uXuzVx
zZzBX1i%f-zJWky39r%6g7zlaj-xEcvH&_u-Q1($-y#}JV@E-p9AB>Ws4>X;mdtS=M
z(9(!FH|dr9lxRv*s?f8aJ{)nQ=@$p47TLdL`m`&58`+k#nz4l$FWT;4g|NP9v8`(K
zI6VBp3PWphSZjaFs`+qrHJ8t68+TsQtenBOu=3JFKe1@pslt1Da9cj3p-#U{r=J#Z
z6myJ}enZ0~;6Vcej}=qFh$+G3=`oRbsN$!+10mO=z4k^tdWpPgaCo}rIT^yF9P$Et
zEaN7nKPOD%fPspFcD2gM<V^-ic5z;uyg15od;y77;{IW+OGk|HhWD4f_s@ztk#v%M
z|7j))j-8ck?B@9H)aT}2oH=F|x&3Y@+={<z_qblHpL<%lLjH|5kXkoM{zJph=Q-B>
zg}^$DTz43G0_=(&44&OKYRuekAYrp9krJuAGe#^fg6~cSY-ec$!~RQ5YKZ|?4H*Yg
zcOJm0y}_6B-s7c)m!n0fj>ri12va*L5yCj6|0qqCYydcNQy9(|_4w)DQRZ9Ue^Fgs
z%sF53_&&M=Hm1RcpR1nAsq7!NBI<1*@R0bmnQwelR{5`x#NNCQrvnfb8T`-p?2XjI
ze&CvLabwm#A*Z2$nPqQY$TR4+s(9zZ?xJ_^<VtOUhL&kePff#+&u$SB_Q!eQ6)FBF
z^$M`u*JWGzn>H?dJ0aQN@vm*JV>jFT1OjYDIT`UhF)4q3KD04tK5kgKzYzq|0f3sG
zltcgDB-k{St+{<m9Ob5u=0Xn*RiPF#)u}ME$e9syXm3;Ee+_0ouQr0)2F>d?9XX-`
zw}+mWNAmNP>iO>3r<pA$nIJdu{li}ihMN`HY;<u%z&Q6pm)jw!{=b;YE^*y`6&+-8
zUco_qW;@;iRlSnsySCG|_A6x@z2oCUo6rrZLJ5E-D{HOeQsqY(7IyA>0}25U#!@kt
z7MHyJ;=S^x=2=UyXHU@N3u5A-fN@*p>9C)88bSq;e|>L^trKna7#}rw_%l6ViOq=L
z;W3V<S@FqaDj3`MSa;3qVvrdEhbf(&b{u=J=?Yl9p~z26ZOOKN+ZLm;q-2tyy>qE2
zwCr-%;rp;@DtDW$LMXM|;qdIg?9`u}o9k6L6m3PG00rW%f^f+6&i3*A_Y%rLv0%+1
zpOM9s?+olUTelTSbA&xh)he_PR79|EPL>5No&wWYwc^z$f1%t6A8K$pVN0pxf=(y)
zMdBB6lbW0SB}hocs!7dy6_fML4$rf>cCxav$Wlm2Q0z{$Ass0$1pGfL!mv;T#F`Ez
z37SqfQ$*5Vq2qQtf8N&OA#F5_suU2husoV`_t#C!;P;1vvkOlWnJ5>m<$6OwDMLN%
z<N2o_{A<Eo!q^BdH4oW-<(wziW*v&GRHdl!fUxhMvwi-?i)mTcg95H%-;~!1cSfGG
zV2Nft)`<X^OrHQyNP#XhzG`XHr$?$axx@OTPN(IZhZ}znSGV48m?gy6kUX_l_&C_u
zdLAooi%#ygRMxLw;=4$V#>aon@wphyJ-*x>&ERt}cd@o!B5QX%@?PWdzHvABqSjuf
zD4T1|S2nYldw+VGDd;lhHs`5+(zKiHE^ghzN)mtw+xhIGY;L$dF_u-qoZaa~Q#>Rf
z6v3=AvG?Db6szwY(`z{zAi(b%-+^XRVzcd{rE2<^PMzb@tliHASg>=OXo*`nFZxIe
zxC?Bs+NbW=B@!#oT&eU)3aqncFryWkH!;UuFr`5qjWH11Rwv4Q7jx!A)UO0(PDyMo
z-xgUkZnec{(`k5k7QKL?TM}AT@Y@UYvnQJ}@!0kKO)>B_E7!E6D4nLN*Zi_wq}*^n
ze9VGDb)ob@ku^cQZ!G7b_Qfq?MI}eT=holvs?6Z|05W6SC$*^Z9ZCTnmu{?fpTmk%
z0Sn3gzv9DbMiQXZ_?D4pteE4I^HVcbk(<Zqa@#u<LTNz$p)bQ>B<<ag^=4A5|MH<x
z1mf$Yir2|z>`zf#Fo4^t4HwEJ&-P&A>SGLMd3)a+LB3u5-pVBJ)a1I4!a$_L=^Da1
z38?|<;G|9+0e0eKWNxGk-XD|-Q47_+Aiu7o)ujJAA00RN^>!3`NM5BTs6ChmwXDuo
z=sNt{VlLa3M}i{+c`STxDqH?X8MNWI)2Vk|n4h2D+arfy{3=rSZoq51{rkJtV)Wo}
z-^p2U##&yis<=a0K>O!+NBv@LB`RepVfTw^j?)gYNgcYsH&?#bL^+)DQDF`LGT*7_
zlzC@mb>Flp?JU=W%Er6Pvr7Fr6_s`(C)`Q%?>%2*TiZPqb$*=s{|Ucfh~)&Yq_2(U
zqrbMcCLhsbVq%XM>RZkyB=-e(lae{aoNp)Q9sIwBc@xMg7GjD0&8_@c_A{B|RM13u
zEz~7smu9}^<zg!ZfrY;3NBbS@tb!|(eoAH)=o_JAHu}Qj$B4Q=F+|^%J}8gHTU35}
z1P$jQB~w7|)Egw^q=loRvPxsHTA$@!W6zRC5nr^OKap*mrssiRV#s6&RDU)+5m>&=
z();|D$`q7R0h83YWhXOy$GH!qMI)yFyuAD_m)4Sd2Bgbp4qrU}wTR>Tp>Z&<&7bKu
zyBRA?SX=@p7j^RK>AU1n2v?GMo8GY1t6qI{%v+)fApH0AwI27!{o9}0?`fabzJlfK
z9;HG6EU=ux`=`*jUgMKXPK)R7t2vMBD}s1k7R>RNlGn63eCbM#@G7Uo?8=kg;gr+m
zpKqh`iQ&xqth#*OF+7~ULVeZJ|1ClbX*_J>li7uT8$l78h0YhKI|55<i+6jH{^f5o
zCf@wAKh)!UZT3S5smo#y#%Wvp@~vSfKI8*ZxEun-G`|tYgj&i@NhGH1+fcYkzrhPi
zul;6==ZD+P_agsNv_RM6@N9+TJ9pvd+fA{i`<88;kJ+mZ4?W(iOAB*z*7eJ_?yKD)
zr|n+97pTS-+Ab>`OaA~rp~XzYcw*;Y3O^qjwx$>L<F)x-Ob;e*5*5qHmd%ugn{Xsr
zy*-!-A8cCq&ifeq?qs?8kR3e^VlTXVgc?bTBXT!AX}6T5N#pBV@UeD*n*BZPa-+j;
z3{6I(y-2HrfxpB1wOKoWGyDs*3RN{bbGhBq#rL_r`AP^0m%-b}bZay>cMcp0Km0q)
z|Is?-^5<7WS68Bm37*JVSu^u{q|RaNl{6l2GL90L+4a_KuTd5up^u{frW7xZ8!`U7
z{CBvr|C`z7%F-1@hyK61%@McC!^LG0BJPrp6{S$9p;CMP=Iy}1AcJiAWKR*3LV*8v
z%WALw-0>a?aB`>F2U->Li8q%IkHC?VyfG)5Aki^K`y1gk7PHfy*%%;<JB6rnm|Cl!
zOO=Z3=0K4n1`m%2P97RLSDrmN_a3e^WL)BUG+!;!;^Bgl@9JCXyy3YE`F^IiW#{sr
z{D-P-4V@AhB8U4u*{8EZgG8>`;u+2Y#LnOA)rSy{a#0IO^|De<!uEcValdfT%uVsZ
z$dtr>slrq~zI29L=TyvRj|yyIK9()O!=;ENh=2ZEb2<rSU3>IsR+oR9!JT2p@4zZ8
zqkE<;{85HpnUJU7$@%WR&koNA=9ne)6#xnxra|C1TXd920pAzpIaJ}e#-rp^-!<Wy
zom|Bk_C()<2V~w8*As=$MyJB>oeRSl5s#<Sa49<K;=P~Cmzhd^<EAwWwz6+hM$KMD
ztSvTzR)Bodx<VRm_?*k7NL%G*fhpXkP$RWeCt-x;8>uoCc_yE>b7qyE-_>MCQWC9{
z&xZ&+zpea4|655RE_zaS>-Nj6+(Q*yJS`^X45N9aKjv+dwtPLBiVf*h*7ee%DnRSN
z89AaY>oZVAfFG8GkLT3R3c`^gP0OhvQfs5zQg7x&g#M{<!_P>5%|w#zUJ6#e<&kmj
zB9El8n9LUO-5yMKb+;8>Goc2|PgeDXoP<yIpmP;OkB{ndvS)CG@yph+H(IQ7SK5T=
zArch}4`cdkv@|c60i+B3$lgC~H_JUD9D9e6tR#`lHR?+0KU~JmB!rqXF?C62JE^Vy
z1bfrQLrhfVm|hZ5<Lfdoe3mV?6Z#WVM@n?^)BoSXxP9|x%ujVfr_JWwr?YnNc&80-
znf;#oo3>rwQ#@T|VBp`Auh_ry(vPeacM{AciNl{Rb4JX2Ce>(|Z@X&8{XoeXMZ(%@
zyxku>O1|rhHoN88@}_b&X@g8xLPUDzwb!7iGG*Rl{SJtmJ%kr*{<3`OBbHry^zO@g
z%ky0p5kpV<`rk+j7_1*ev0e-vzG-m<Ew!a2&g065ZuxJ?r>rD&G8pTBmHFOZ`(DPp
zBaR2K#;fZHIRP9=&rr0^e^bFTMT^oX^Njh>B%Be5DS(cjf=?0-7=`V9L_)8&kAf%7
z)1uq;ejw$<Q-#|Sga8B*o!UKdLGHRr*y1o}Q^N0ZTljDBSxtq(MU4f379qI~X#zyy
zXoyd)0+OJ0F6_&{&R?&B$#~N4d><8Ysp*1E7LE*@@2VCut@*n42Jq1VVEj)H@J2#g
z!I5x7trO#WaxQhJEaK-PmvSrW<Z9G7ys3LaGfxbV`^5^p5l6}U!DTuijAFks2j_~H
zx+chjO{gKnxS0f)$9`y9YnH~ejH$kPUzuU_Ux91kUqSwuO@T@*MzAVRJ(Zm~C|hd0
zmr92t-z_XZKRoQl><%f(gv5_*Ck!R2>6q6lInppIVJ4O~Y(_gx4P`d4JI}>0*s517
zzMb9A`<WEAQCZfVe1?4T)2Yq<+$@ErOoMT~uDyLX=L@xp)(_;#M*EJ(T(QR=RZ=<X
z``KVHh>%0}@xGyYLA1=o8V66Bqb)XY`;Cep_jrjFaAop7e|g$;+@SlzckQ01k~t8F
z=NelX!(}Q2eRSQVH^Lh~VMLDm(DB-TB_TXS6kAA;&eZJoc2rg^ns;8V1$wyAP5_DO
zZ`IPNjkf#j=fkqg`+q|3gpP5w>vfov(_E*#?8<d~|4z#K-y9k|-whUP`wuewzZam>
z(mROE(q@)j4IKjlK}ABw54#?<dlZa7sJtH}eOUS06fuI0049+qP<~Y*8Tw|C`UC=$
z2*?;p6S)y`r}M8gz^#uL328AqH4YBrgyRyE`$E>yf+;(R4bco={h<hJLu5fw5o`oN
zp%kv<JI@nlp$JEmbzt4^7yWno&U40B%E=aVd<1I>Qx#WUnT#b|%63n)?>Auz2;oVg
zU%&=qm(4V8dR9<X(xQnSvLTil()X}rDxKh4UgKY><7Zg|&OkA~2iF!*j3={ni$&Wl
z0|NvQXASzYuj`jnfpzF)rDoZJC2xAPSG|zt8*u%$y1M$}>}>Eu&-P^eWPJQaA~WlU
z515>jrP4`A!B*;f2S<lTgrQBF0wLfGCdyn7A7S+svw20D{9C$4b8jG~<U6Abjph)T
z)u;$Z$xLd}veoYJW2OBeIjV`@UBB3`=uor?D=)B(_rOt-4CQNj=W+gLH^<+;RdXEH
zkat#3W}yA^i<*Z88Tf8Jlg|nhr}>7?PQm=w%bhV@|MQppE3UuY=JZp>caLmR>zoy7
z>`P2jW|)-0(S|_*SoE0xHt%5!A3-TlRxc4~ZXG}oijihIOpeg+{Zn+)z8m`9*ZOLR
zr2p&J*yva*J2rSkx8r?7?wum32Qe1kWUIqzyTS7XS;zh6i|5lGywmx%7R@p%6J7)g
zabR)ZbQm_gbAmL>rED7#Olpa0$nl6N2Y6xI^`_FL<8YG2<;;o@1{(!p_G~@(`<Xz|
zIN{``0_b!>Q4pt46wc6jBwYk9B_fBZ5eFENnwD}Pkcuh<2F{?9?vnSA8~P*hWt>#$
zBLM!32#5t}QH7z7#Onf`oL%H<=v_JpSSL%DdvN;W4e%u_4`)F-)(GhrKnj=#Nc?(b
zN<tUlh$@ceL`V-82>F6pjm_J6W{i0Ci(V?^J4PiM@as5CR>j{Gy-GY3iWCaz)RCfF
zMEWvK4x}P;zHlTr<bX#3Ky_{^6oTl4)O}wghlc4W6u(xkg9Rob0KHCr_mhFU)j*!H
zvrE(rU08mz3C2)3&L(A{EA_A~Zd3zFR5!Riwh+ln!N5a7(*UUMTtr<i|D|ZS3ve0>
z_OW>mXmmey$FJA?rt|m*hl(wC((+rp@%Fzf4&h5%9!#ErDb9z(iEA?~(!bX?iL)xA
z%n#r7^QC^B{+s0|W7n&*9LpTbriDpJZFm}n3C390HytL}p|}*V>-@<E!?QqZ?TBg9
zA-SFHMw?yipY~HX_XRN(9l?d8&h_=TAYkFN`RUZ_=g(_woVSU;q@(gIhi!haYu6Mo
zq`Y%Hn%C-ZTG|Lg&zGsKBu1Lg{318;>9xCu+glxW-q59bGPp5^gcQ`!_X{NN(Q95n
z5UC+d;165i9o(~%*b%b}8R#UH!1*ptSA}C-wH6Hf!`8Q><Bduu%LciQTllT=Cmv@X
z2?5WP=S9v96d2)@!iF$GWT2stB7E8K^e`Mmv=lA?5yo?+c8p*_xrpmEP1&m=b`r@G
z7l^s#4(Nq&Ns&#86GOvDGeUj?q{t{??+9=qND>$m<{WR02^=vEu@I4te1F(}(L~Xp
z8X|b`wHRQXwNMg7a2Vt#wxA&jBP4}0(+-<XRB4Md6St1C3ga(kC)fA50W@Y}cuejL
zJtG`D311$LCr-o?$R?@#)Js4q4<<~nEcn=;M5TRCIuj;9iNex-weIFtJQ{i?0uO~R
zU)e52pCNPaJewV~^&FQE{e8awba>p7+4i18umldZVoU%6fLv@OZUr^fzG`gJh=>R`
zw)uXw2?7%75(8;N8Mbw877S@Q3Cx$M^z`(D;Ktd|$$f>5NQc-gZpR(-T(4UQt3}Su
zijBy2`)RB`8>YB@vu$UrlqtYcUa#he7`O=9BxAeHx%Z<nry!^?zZB8Z6Ibv1O=5|5
zx!$>6LzE(Vbz@Ohp&8^>@p<ib*+nshor*FG0vD<b9|YoUl~kU#n8jA>%!bSFF29<O
z4Cp8uEzuzs4)^)^<5dXb=w1bzWsv)s)SwwUJASe`Adg-MqugVO)%>ZlXx&`dV)%5<
zoLRM=hI8mfTo|Q8EY{)1%66#bv8JDsj++*p(?|bWNF}%NCMr?o=f&e`F>gkCdPFyL
zgx!2|;q5==*a4;~1S1l?Nx^zuZ9R$L&PORTL$OO-iLC!(3GkiaB$oK{Fi3(FQ&a^O
zxjF4iBsEOJ5k7i)1^8FTzmOo}b>v}G9Q?L!AD|$NyAzEojh7WS?X4qh5(x=GdWj6j
zB)9v}Q&54AL%@!HLqs##3P}}6PlbgmHK|JS1SuVMMBHiT#qD`^Gfwn>VRcNc%Bt!P
zPDE<y4EjDJrJUE_g<(jbNfa7A8O%i`5Ne5Q6h<Gwhw-&4b5c<?>Xjj1Rn&jba%37V
zQ&1Kl=wTQ_6nt=3A7X*#b`4H$2QnJd$-+!=gXQWLpQeVfNU6oRg%rS;tPj0TAkA1D
zsIqGnsI-_aQpq(;3KWtLekrf>i5%0aiqh6qis^kXxg}iV@8k2`=;M_p4;|*ideEGH
zPQ5OEH!f2Cc3PX`#vhZIg(^22y&sKf#XV>HyV<(c&f6m<F=}e2yI6g0uUK0?XHbjP
zY}U`6c%OBNJwJIQ{{FV$vYYJXEw95Ek~NI6RO8~w$z!wcxe?Fs8uJq?vagy^2E4l_
zdPmADI|4RV<LEqv>7yATmpZDlX#4l(hU0VHUP*C|%BBE>`S|)$w?Ttyl&O|^puQXo
zL1|<&xbDL9y*<EtS{h`1PrG+`i5X%|9;5vJP~aR89{`FkXM!Y&xv|4OA)t)nuMBNO
zzgZ&g-gYzf8HvA9HQox>>lV-BQ_G;oK=~r&Nsl>liJ>1Q*=d0A3mj$v-rz$%2BH;?
zP-??@(Sb>oi6+6?$yd?pC*@2ij-sl7_Mw{;IuIL%0i=(J#v_lQjv)nj@}Hpqu#|z@
zwc30t5hA)dMRL?=0B4<K0_6+Nq>~g?*gphCFyG`bT<Q->Uh~LdI4%;?r#*d{Iw<AK
z5hQcW^uav_AwY?scRf-(kRE#3<q|-+iIMk+f-waIF^WT!*7I9<7fPrIxQGn{Suw&O
z0GEeX729y%^{KA!K?yOHix;U@X?H_sX1z`p8lAj6=I~VwCvh@y13OJhFdhA|&u5{^
zs-q_LYL~n6m6PvoILELUTEE-)!NHO^LG^>E5AP|mdFFnFeGzF3#pUAmzE0?keER!q
zF<f()xwIkOCP%x)XCp6u!9}~IK$9q$y@icc?X~f&LbS57-Ez$*qAcH?H1L2mXYaRs
zB>rUowW93LJhTIQZFx^?|34S9&WsxCL{XarZGjI~Z4lM>)qCEnMeMr9g`-%x0hx5b
z@Ov<EtmRbDvo~VH(<Qfl8??#~x3#UTtPl$8|ByA(wK~S{mA$k~gCaOsAWAGb(p!j7
z@R3ICp~^@@VU(uWSQ`Y!^n`ulFxV~Q$YvdRParA6R$LcOgq`CVO2>&Mk;MWdKx(JU
zu_X9{@)xZtRuy@1<d5Zh<4y;HOISB15T!ctWAara%>2VkWO90;@aCL7&ML?}I!Yk7
z43YrKAPXVIR1{+bVi*!RVg7_=grY5P{Gtk-g(#ZS){uWvsT<SqD=`NbIWgBbS~5N)
z)pR;6Jve<wHOwjRI2eDqR~v$lPgTH7kVq#XVN4nKJpq4ql0z~(c(4>qNBKl3FY#G*
zfM&BpF^RK0Mut34HLY@lf+DT)OSNm3rFBFtuT8yBTD_WWXu^&v|0RV<%-iL?@)ag9
z?OCorKIS-SNX9j_zQ@ul;@hJ4-g->R=LEWMX2<524_F+WQ)>G^U)$<7Q)6(=uXP->
zUefv>Rm+quOi_n!7=Tz)XVZt<mx|74srT6)9rxQSE%8O>ga-tC_6z^^@?%G7XlVBK
ztMxtz5`7}Iq0uUnVk{`ERcfltrJcWPt+F-gpnH|2o>FIvA9b-5tl3fR@SNrGa8dj}
zKfT}8AsG02S~4{|d8Bx0@!|5RI>_6=-`CZ(E{P-6E{tT0ZH{%@8CgU`zbH&8(LDjb
zRxo))-o#lJE=NIXnR*4IqgyPztNI?*2@kQvRm(QyDnhiGx}#QMyiwzrRGNUQVG3iI
z2Bsq<_aFo;C@)|vNQksfB*HgF3{4W<oc>`GQ(65EysuM`AwZsNfaJ92zVdB?AR8IJ
zCXpFP-I+x)w{U(v`D%ojQw5O0NDRi5gbX7D4blG!sJ)o<jEcMC%7Y3=av{&F2y|=X
z5F@^Z!(`Ch!^fCka}{^S253QbQyYoeu#cFeuo20SS_r-$b~$=9!A}a`V3;aBCjkNP
zIzh7(pEweiz?MoxRWl4*ql>739HUlwn*06*K4PxH;hoc9!bw+G`9e~=!$o-XJx3(W
zXaTS|R#7%$3zkaaO}8%@mZB@FNdDAqe%vsY6y7wImhQ4#9sBTv=ag=~?u*_xCUk$a
z3eJg$YdCpV(da||KIE>hezci=IEk0-c3&b2OfWr+<oKV;sG@!2?gpkec^^%Aw3P|H
z^|U-Pr0(Y<K<p2Oqx(I7)iUtA3zo);3~+F*RUNXu9ktX1`KRp5V@9WL9#~865z<*j
zR<$LG(_>`d(OUy8YQx2q%{ysVhs;IAHb&$&S%K`Z{u<l<YDCc#w)Xm*f&b&(E`NoP
z-A64g`Ja^-xcJFOw6qj#9^)d{skxJB0WX>mumlC03UcBgeOMw}UY7;Ix3E>iRYgM>
z`WAs8oInE!Wr9@0Yz$>VilFD^0oqRBrPL232mC^~(lkyIN;4g#DNvmd!-#<MzdJWW
zvB`oiTQv)Evmp<8fq2hX1mv4icwEkbP}7FVBGqhZ*9Lq~L+rYkX62+nEi56NROM+!
z4Ukq&O`10faAIjoO&f|r*-(ADKLj%biyPL{q1UAZ<5A1jNrz?WWKfF8x{AU(W%7EY
z(nsCLqr#PEVj2T|=!*~)bh@fY2L!wlNyrBh)8R_5voRFi!qjC3pkYYjvy)iDNV_N)
zoxCTQRpC)bV=yHtCtqXZ-l@XmUBx+)hKi5o5>ME{TJsGgTiUGeQs%78P08#_lK3b;
zwTxOFxTQoZkL-n1bXpYV*0fXPd*jhAH~6*~Hz_F3*pRgy8ykIMjMhMiOK2y@Isf<L
zw2p*z)?r@thh{WkyG~if<9%)7H><m5n;)+PPEg78ZfCJLe4LgV`1|^7CA#r-Ud*@L
zaQHtS)|d^;$jG>+BZ5h8Ut{8Qj>HAAuknvotFi6#nwbyZ9O>Er-Wh%N9L8(Ee>`3D
zyjd}7qjj<9V}?`KSq>(=c)Fd9UHh{6%4Y2I%~9=Fo41KiAnh_%?EKfnvS9znyS}I%
zZB``P{*!|PN*YS9;gaI99RBgc1F!vhEh?uGl<_c?aJD|SbpZe_HLW<^PfmwT7>)Re
z;mO1EQbUfHya=rpp_X?i1@Ix#&F?w~h(-+sf)NA(MHrraP6(_;OiE<+%K>pa^Atm(
z-Vw-#2pt4*2IPb7mzo7sVqp1w9k~Ex+O)Ovfsg=Mzf%~Ws4o={;2>y|(byh~I5f?p
zpD==<3#V9$O?ttoQc=?f%c05NO~S5up3p2^p}ZDQN(iuwPF<m7_@61jE%W312l$8=
ztECQpkT5-x;hS2fQbHOOMOZI1Ei0b^9cN3r*wr*|WWtr4GD}e%nMr*LhM9&T;A84@
zQr#aN6BYNe&@M5~9lvSYp0D{GW9Q=7ZlZb6C*5{twhSO>l^cz}MOCSkq$hQgmuKHz
zVyKx%284=uFnLw$JLo;0$5O<{j3s@;>co#3wK7NTGBj9=m?`6TSO)Dd8>+IpX9raG
zTV$eF^2Ko}l}lnKeIy`GWWPAud278ZJO~{%zr=0cR<zcBB|$ne)FNvB&PQ0EAh}l|
zG0CcSJ9*fu_7x~vpYZV`W6%fVH?(au?^c2sRQAKU7ungfIy?eq^ObWV0s=QpCStxl
z%%V<@S0X`@h9bfqtDh`>Sk<mJ+IX<a!*)0$W<}0#4ZxJ3jl7V2mtE-6J_@?$=ZQIv
zR6NZhfA{<2Xq{1dXK}%C{Z`BPjBz~E{ce^T3KZgi8hjBro*G_0HcHkvV)b=E6{0he
z{oOv#6E1%V*}*}8ES!D>4$8>N2+9RQ|GP;S!*_qg4Z+8*^mwlH@|XXO+Ir2p1P}o0
zWE8q1@)!vyL|W;bVALJLZr$z7AOOv9sM+^>MW;&M=sG`~YaLn>Hq?naLgA9pjF*Zu
z%WX^;;gs;*sFQvJu@q&2u!0BRxb27l<lf=#sX;mL@2%g7ZTtHBdB)KI9mP~*^G;^s
zuFK%MFn1($p;axyK5tjovvpeiUa1lDXiFlLu3y6G1~nWb#}FL3oeGW)pMPl<q*&6d
z&`b$>yZTt2wu|Ib=4f-BAE5Dj`~DNTe80KOqV>!AbXPr+-ac&$wr45Ry!znHzt}j>
z9p0yQ!MRBDPNL3NU(4yLT<&64CNH(k+;j1@%2cWaT&|C5!IYln-Pu#YFB1c-`W4&C
z{3`{2g2SS;{l7S#9jE9`@e9|0)=QVywPEQM*NL%W?WRxXK|#owuNX9@oM3iKC_$L7
z;NT4;-*)}5Giva>IM?p<TkG`pZv61~Z)`c3$;($B9&2t(b~zpAeTp1@ORdc=?Bn&9
zo`_&O50c2|x}BrTF#(gu-|uIrqNnMIii>FPm)1V}UDbDGXH&TBmhx5yWvV2k82D^l
z8aye~t3%|F+a!bdeNHYdvb@Jy0|L6cf;380ZvGyfoUF<l$7-S@=F;$pXc#phDFcvt
z-dG-7s!_cEayWA~@a>3P<8t41ZEHYC0Z}<X*^$2q+qj#L@GHP0F%yhCHgJRv-R&vB
zT2~<tr+xd08T$h#Hexl;6GcFxPUZ3q9WzP*c@j4k?CUy$ksz&-SQ{gX5EV|gP9y@Q
zWRUCD6KA%3g9+J5+T%Ja!$xIXPpwAL24L$(h9JA8&@jbP!G?z=F}ODE5-#@_MTln`
zQANxW6n;kD!!(4I3&{w>;EOj4&Hj$9B!zZj%6+MXTYyA<7F+7UE`bt5p+>yz<Ir3B
zv5)3`V1l`%+$(D4l9}KnKZ76Q_u9>!7sxcS?xGHc`+Zz&A{;i2nZ^W+!5i<3C=g-~
z=dsa4b;?Pv+zt+Yqu>9_-?uVamTS%&OnwVzpy@C4dFpQL5V8Be_P#1AuAu9((ctbu
zg9UeYcM`0T;L^CeLuj1f4Z(v4CqP4h;0ci65Zpb4;O=wt&6>6Tm-**q9%ijcKeXNI
z>f5`k>Yj7zoV{CwI?hwgYh+F_3$CH-Vf*}WV|{~+*=5h(PXo0^tsV!2jyW~WAPTJ}
z`-j`Y_4QWI-Bf1;?gnfE?ExO;KMS1?i$cri1*^9+9lk5@;KiX4RYovH7~)%6G72gQ
z+lxK3FDLzJni4SfAw1jC11~b|nli6kJCBC;I@fRZ<y696A3fH>K;;RF*<U&Xug;ze
z<$7F-M9|asHeAwBwgWs=Rj)L8>1?(F1G-L2xj2G{Jh%oAg8zIvE+vgG=2NWu;xUok
zcpDvkpk1-?8J~OfHcT7aJS@d359t-5M$QKDd!%f19P%V2ie%(8T+Z(7j|DH4i11)&
zBE2}{)NaVivZ!AZV({_i<<YMRJ`933$GT<G{8Z~>U+h3F5C(WO=~ZKzd7ciQUh-}{
zA${XUV$78Oz`HJ71gHx=$3+T^(T+mS!=jW!mQ`)i+aHn6$wG%v0HcPsi42!w6InEs
zS;mg1e0caCj3~{8*p4Qs1rkkhqg3X`344@z?WF9?owuF?Pop0^mUVs&)pRw-CyOBi
zoB(JF=}*YDESZOF&2-!KeM@R`#y+`?H;Dr3?s|rr^}Ogv4D?)F&Nrb-uMY(<4|hE>
zjw)WFDvRQvTSPVZNctXkhuaFdenPL%P6Be!M9OPeeXrg#Ehd|P)dGiAyjERaCN*~J
zc^&$sw%F`T8h_e2Yb+<<ucfMuh?YcYQK|?T7Iwcm1;i86Hw}>B;QiRHN9Vg8jmDkP
zeGXqon2hIwQ-Fj-j*#o)HGH;qwW(tA<3JWKr7#}5Y(@K>KJL;})_$#+?T8^#M{xE0
zTtUyUQPvF$zh?%y$?H(F)zVBe$*a$sg3c>TE^rXTuvXPWd)K|q$}hVb)2>4+npH7D
z5}xw4aF3gIV12pw_blC~4tTtgxLP9AuQKu6NvJmDyMji_MMMlx2M!lSV(tPZJHq0*
zT$yw=B;0&)WV%*gdf8)CyLqHz>(#~)UTlV(E5E0M;cj({Bx8qZ(FLFzGZR|8NZ6+3
zdI>>(OTq)j!=FH&C`c47Cp<L9rx4a0w@;wF#_li3lDmE4kgW7<coCTe_4$1v(=Q@V
z@}7JO+Jzq1qd=$HZM-810a;ZSpbCs+VwZ$lm<#YZuAs~f7k8s^BcJmsN+WQOeo6f$
zj7ZiVb1ILrX3&d~3@VHCBe0`hPRW_n4C_r)L*DVaLeA3ZMwI6MQ-Gzer2hv$qDS$(
z4ix_@FVoEBL)0XHXI5&hn(SPp?2JP=xh&cGhuCU9Sc1vmbJMm~o|S}I6lKxF@#=XX
z&$b|Eq)g#`^>mKK`77IkgRL{exfvA)_65*nfJB8J$E+H~yQT>P@z6)OzFF|H_v{a@
zkl$$xH6^B*wK+d4d)-Tp%4;&ba>*NQx!!!S+l<172P`w;S)H!UJ-@p$JHKqfq|+m6
z-99}7${Ws7k|;%aL%dLBkv&X&t#^j`#)LQ7R<HY2)L#8mRT;3TDcLuw&1p6=Y_~ya
z^$Um-SiH%-S&1-Yj@3-{_uQ=&ze$$^1S)YT>tPsKIW;qVp*KT-5XjHk*%7!HKpwg%
z6zshh2V+fy+UWWIA$!w;qssL#+7i7xa;D0trmC8jzrOysva*@U@y25#mYLniu0`%s
zpuVauQhydKeMrf6*rmB-@=np#&&0%kASI(T_64NpBO&eAPf;Q2ez30yMdP$3F+@G#
zh6+gC+qBULYZkIO9}C|t#h?@M;^J{Uqr&`2_9kp33{e{upFD$^>VU#~x0|W-Le`wb
zoQDSa5zV2HFRCt#i;h5E;P@<oN*WFIB`V)9%MYX=Et)e~8D?%0JgQd)%3k92G=5Z{
z-+x371H1`PF0CCZJ&HrOX)gkA4wu1Ce5P<wsd^R6!#@!{I9iCp+yzAu(l}7=aenMA
zjK~18Z|30JT+dO?i%ZopdV73)bULS@(e2!zm2r9RY~@A#X6K@jKS3)oyI8n7Idifv
z>=(xuPQ_CjmZsre>%GyB*UxI2P=D9VOw-(l^{ipAjI5cKSDYJzjlS{Vt1S8q*>IP?
zYg3SAf@kZnL;gnaPR`TosYWNOm&;xnwb`Bcy0il9GB>BAd3AVAGv~um7omY$DUD;I
zY(nB+)+?C1uCvAjt6+048L0vvs|{_dMeb6EIP)Y#r}p<Cr3iB}A7CEUvNJfv6)Jne
zKAh#L1_7N@dJOg{<DlHyBI2#0@3AEl25w94El*p_Pks*<xR3i?hoWAC%ml+EA9|=K
zl+9L?Tpvyb*Ffm&89yekF2(O-G#k?Zv9XnP3pO<6WY|#ab^{f%X=`=k&&Go=5lM?4
zsr--yhn6;jyY5&veN%DXFRrU{_P$qL!539@R`=cEebG2zVC(;#;!h_*7^fcF{PkzO
zy6EOj9NZBW5-Oc0JH^zdRKKEWRf-Wtm0TSPK-yZ;>o^I&QDc0VL@Udmjw~Ufo2i>o
z+Z=({q!@(=s@#(*#>Pi#Ui9Mg$a};PS5^OR=IogO^j~;|{r8A|&x=QlNqXnXvgQ#@
zc@_kuc}s|l8nb>79;faZghhmzqe<hbF<FKX&uOHC1RzM~g2-wJyj5XnShPyk+1RAk
zz3IcujASE}^Gfh2Ow!!(<;A<<saJ*{z^O}D?W@7-d<E0?va%$QQ7mRAbz*a@$4U2G
z%Lz9lL&vVJf*5G}0liYmK1EslsCHhjIkW+&93#NO&I{@%??Z~HJ6g<q%QjMW95m#f
zF!uFSqEB^bAsasFzVR+Wern1`5|>U{wX*Zp;hFKKFvH-Mk3nZaBv8LD_N{1k>bXAa
zmBjU$Z`Z{LgAVdJ3Fd6j24RxK-BOut{)|cy8OP4b;h~sIyYqZ3bN_VZ>S7-jp^lTf
z1Z$#K_Pk7Tvk?>QO?m9<VmZvR#=u_ZQ-yG|M{Co>Yj<n6(5}ak;J=z)eGDk(NM)U;
zm^We}C-IB}G&K5^A)#F=-~={+O(ts3o-|%Gb_xj7Rd|`y&lqO>{B1=@C}bRJLZlFv
z5^yLXbz@%vQ2G4y&dXm}DVZMCErZ6ePBUN#B!A-(bJ4BgZFHk#LAI$F-iFdxYmo_M
ze`0j3xjZ~rWWMTfcY6x&|C+K~<HI;4Tf<RQY)XYkmTdx(=fOi@G8}%vkdQwA;W}Z1
z7ZEKc@r47T%qK{}OR;Q`4?T$1ikzqrtH(m3YI3G;f=Udrzm0ZdgJgE7yrrWwGJFKd
zthHlLd$Ii02g7(Wd8I{Opp2@+gZarnq`k*h?cr%eZbg>-VMk9(8%HjG+!iPa$Z)0)
zZ9lJVZ6=69evNm3+0vCK5!mcS)w1NgF{w-BoBfj?B`XHoqSA)GHnzMxa{m{Dp8J;9
zj73G3it6me-R-2$e#cSZs$A0jcSZu)`}M+TO)+Pf*HX#ExJqthVVtE{L6Rff{KF~-
zOziPJfB4Ml8O@ymzkq`F`{57*S>>#6_~`a{xtbMf3KJWQYRxVSO}<Yd*!hVY13<0Z
zTE4{VA1_kn8zG60zoZ_m_9huw6Nb}&?EU7o^Ls(iT$9G{C^)6qC+{6GKf2u)i=OwD
zfkRGFmExVIa)y8I$joyf732i7KuWu!O9-?2f8_!g&??#v{lbH9T<`796nOTNmwL?a
zu|jH?QexPMhptr6_F4@aZEnKr*^4zA&iwNjG(YXzO5LyTxBHMEj7#OgckTroJ(jm?
zJ?1BkL=)>va)#phy`9;P@3lii3k}%4y<w^*5uT8%^9$drOA?HmN5jTD+l2I?<={TK
z2)RC_?MWU?QtWpL=OcOhSlF1WV`?l;YDnX46#@uvV`3{o=!G$eMepYc-^OS|^wChP
zhsp7f1o7GJ)l@QU)Uv{j>7eeDcs7t8xxBYiVE~XLh~dfvS$aSat7s~(s{&k)&O(oJ
z$Dj@ABcw}S+zTDlwJHmUeIHC9KaM4{g`wJ`Zmx&{9mY36LQL;AzaJ)wA^N;D<#_{$
zYpk^HVvl6Q&!%U6j#hx~8BAJSmVW@0%}4u<5z@>RCNIh0Hn#EEUgjlb%=~*{KtSGY
zu(uhFmJTgF(z&Z^b*prtHAuhWd<_Y=A23!=6RBvfGp{ffXAH{-(@r63vpng_5t?fI
z-eLt~3x(f|`lOHE8}65wws`sz&cK?pd%DfVO~Ua4eGZ4WJ>GsG$J&Y=j#TSj8((Yb
zIvFWd%lusGp<R`2aAoH(iKTuJBvTH|(X`eVR7&5p7918^b5~dErgRnPq=Ai~$*avh
zmOlT>fB-#$)yqDbgm>?Fl6kL4<6Ya&Qvsd7tD^aIc^xY&n%iGWU3c$XbNwdYc%_z&
zl+7;Em%y5hGH47!k_B@>UfH51jP+pm(|*VH{E)*|fVWy=EcEDZ^(eh<Lsfu`vgyp9
zin;$dE3$Aq5IkWENz^5Y2B~Lbqa)CD8!@stGD3-(ov$u-VZUjpBnp=`)3dYRlZo+$
ztaZ<&sM@rF+W{G$Y%PZFtb_Y~o6PLIQiiyg4@7sJebwm>Gy9<?Eu0Q;^|oQ4+{Sld
zuUu&1pdvQb&7;AjM)3Isgs3!|uf7jpy>m>{{@PZ--{ceHL~FtH!c&AlE0{ZR0px_o
zH_WyO;l#ive~Y7~IId0`mnA@tx8r&WlnBx}y&&wy$15Gy7<rty(*UIzp(m$c>A`)Z
zF-bXt?xga3M-@mB>OF37jREbHgT*WAxuY<jgVm=qny2e>-xYlQDlp#rCS*1=b<=n{
z(tzdVC<1e$AqYU^nN!9m$TDLmD~j_hJO!QycbIM<X3Jl#r$h2_T5Jy4?AI&LgOI@8
zYan4O)lKyWZXSqXvx~s`53)NgB^9%9%IXDj=r+I7$!Jy(QD@EZNj^?<1wGQ-;qt>T
zW6|vR)VfJ6FDmuS?iXfvhI4G8ezb8+%m=bE%7s(x&MlFQdPHe9pR`S1358WtQGnCm
za3YNxGC7Gk^AAT}mtp*l9C;%dunfQ8);9O(cy`pfn=W8m6MBDA7joM#ghL~!UMQ=-
zcL!8v-ltdqqxIdeIZR=SxT_@-K50*)p`kk4=mD6a*(LYCg*qPxqG`Tks*<~Q9KQ{H
zI)B%js#0^9p{A+Ng4tIBPRn<+WYi<86xLSx!FqOgr$>ajXgLDO%%CCHTyzFSDLKk&
z0>oAvnW>68JV4%IM#uT@sv|&T1x&=_x05hYlOwn%%qudjL=*c~duQuSmwVshN`Or9
za&s*7NDA0N8A>WB2z&fwHIQ%8&NR@^3U>$&5})~F$KlL2DJ~$wBO<X}J%c0g{6djW
zCkq!Ni?9YA>orCUgT13OG$IkNLK|xf89f=LDb~po1)rghmsu1YH`k#V>J|f#`>4GB
zsy@sai>ICd1R{`AtPas+OGF?zZ`XE?g6_@*0HNgoiRH;NJ)*<qyM7c`i7xzaasF<0
z$J<n5jR7MZu*l8ibRg3_tjCA5AhM7go4hgIi!#q<7^`L^Jry>o`soK&(Bc>I$+LWb
z&FXAaVwPW5jg-Ua>Zgtm9ze4Y!6C(sVbh|E*j=4wlm~APD(Ei=m2~F+6C_y+PB`eU
zzxxwpT0S3+bQc;t*6~XGOq~%!pl=YwLEv12JzG;%cQgZt|4xlc0L3F-Wum$+bW4XW
z#fCODdPGQWaSD5))${e_bWntn-wYYGnazu`7_bsB9@@~tZSPEyv8QvDwn{hoW~y)J
z*?`n-%DU0vLi2+h&BL#h2rEUyJ^#ZSAm{18dv+{GiY5%*2aYIJGwYp=KI@Kwl2=jl
zrp5T7^Qu&<x?5qj>+W*VHendFc5zX`&7UZi+CXShn67gA+P$R6AfR?MUDJ{vm0eBL
z$Hfm?qW&Cv@6OzL7t_9Rk0{>0iV+yMf-1?xTYuxDPmcvpJU$~sT&-J)?MDC&5yVH0
zF#?_cmV~b$v8-ImYuWqi=_)jbHK_mBFPf+OUH`M4(wZ_rjn9SwS*2oQP`s>q89W@#
z%yfCU8VWf0d$F;5Mm6Nk8qx+1hCJrwdk=u$<Rp-#HN0KxcLZz&2p`|;yqc!KM%jvO
zaxU=y@m+$RkH3-jG`4|X&q!=|OPCeoKsfveeTes?v6_*nif%?}?Y;rYhB6ytsoo%v
zGCD|q0T#2QKG+Mf>_f#<(3#pX8U?ho=F00#9~Q!SK(%;JK;fTR=U$mrlElpDu3k0;
ze}+mgZ<!}j8-GDIoQWl&X@DcsaNo^Rb}nO-2;Z<Z*Nd`GNO<q3j#=<tY4UvLY2oT4
zKq5PKc%G}8l8!3p@Y*g)E03Ro|8gr0aQY7F!DUeH<DwIXi%zjagS$VTIu?uJ^L^bf
zvICdyt5%*KT^|NQb=inf?A)-bh3$bV^tETjNJy-SONZ1EcZ`U9e~dN1X-(P*N6PXG
z9Avb;w?HGE^p-B^{bgqvhmoZICr|iv$n4(oAqrc`=l~0^dx@OyFnH}zq;dBngP_}d
z4c8a9J|!um8t`KEh?`aa;NV{>VZzM3_i(uec6w1Eo{j2h%s0&|ZhhEFti;&OGMRay
zkC~m17bO$*fZU9aH>H&Hg2Q~P@dBWrft;eLo%SgoZq(Zh-NaY~TP*JH!Ow2k<BBR+
z>dFUnKeA$!eqYEWFskBDscqS*ZWQc1jg!;;vHf@stQW6DW1%r+WdNDxoM21>ru=Ou
zdSbB4avK{!nq?QTpc`DwXZv_MDwfG*Y_}F&tw*BBni%mIl2-<-)|N+xe70HV;(0bq
z_T#^NIL0DAC@^!11+7VA<?~pb(=0acu`gdQ-6oj?U*ywo`V(;MbT@zjaTk5p+lA^v
zIzBA*eeb+d@Hh*7>1IDXdmSf>$o>68*JcwAWpchFip+w8iQBvlVKi=_e8&S)s9`&}
zRAmOIBcFP&4OFskeD^6y>bM(;dfd_{RxvsXP@qoKv(1OWja*vnV`Sue-E|3UYkZhR
znyS9C0%bbRyw(xY-`x2{EHn|;=j3}?NYWJhFz(A|C2qz@O@0pZ=KOLdH47R`ay@WM
zkHmM!05AO5R#!|O)h1?^HJCg_+7orrk1ffqoep`(Sq<7+*k8E{$GyLZg}W1>C!-?2
z#(Im%`M6sbdQr8T=RH%i`t&$>T#sU>h;zQMqtWv8tE*%efk>Zq()~|RK6?%tYhp*f
zX<hm3wWN2M@KDqDu)*|oD~QD}qWDR7-@}!QJ+7ejSmuIicwYk^f>x;S6^GPko9?qs
z2fYPNaS081W=_-l2!J?QoZtFhmG11h)iamdD=wGiruqGYl*HviWp3sRBkj7U-;a0Y
zRm9jh$_a^BT~7;+dIW%VG*SDTf4b7Mvwu3S@O!rBAV!c_=FqzYv;pt-HV}}RVMv4s
zWKMO}=^OCozE}S39k#Kz_t|KV(n{Vu-$BqEOX%Ci#?6@?S@yUYp?hu7VDbn+%bx2~
zo)>tC<hvqbYyGu4xBu#>Ya@=W`Ebd;lATb1nVnppjY+J}oJsu_C<i4|^P6$8wXj2x
z<V#C-&u)H?qFe%)aC9{==7OO811Xwchk&VCq;B)-;b6koEMO0_-6zE+%RSfRW!bwZ
zfZf@n1vYfkAz>~UdsYpv&jT0{*ofN=_*e1hH~_~Z2Ax$SX3)Ce7rUNTdgMg8)Z@tz
zR~t8RZ;43)mFPK)D_A5un^*8T*r=@*%<2sH%Fen3qTfj7`u3GYgQMHSp{dD+bExJC
z0_$I)7{Ik#%D(4q&q{unGU8&hGtwZ3Z;oURl-53lF*1E80KXYv@I;h{{3e>Me1=Q&
zcqr6$vi5X;b=?`9TY}*f<-RQA2G~yz8!LfQS6R=MY)2S|jG8^Zy>e~!-)pe(XHjn(
zJ)*gpGNTR{+~51;iF!wuYso`KEvSxTp;D86{$Ot2&5?=yeE<iMn3+`*n6BmD0bM7T
z>r;Iot2)zOa6OtHn5g&7i<<8xqM>W-BSnLFUqQK_gKkW^K0n<1exctDRFJ`<q<nsN
zUM>l@*~ct<#rwsM_#2n={Oy(ZK7;bxwYJsPo1K(LNw84>r*bl5am9B(2hr?&-uWnb
zYqa*833AO(@p?=qEl9ZyCEy<%Fwt-gnNc8r#m#l#Q$!dHgPCa(d<S=4+}N|9;w7eB
z9NoqO@n^puHsV0FwGb2cV5pcb*@svR8rf)hP5yvg0kVL<stpm9vx@ija668IpZqKw
z7n~H+(nN>4opv!9O6aU?Ez<cZsvAlslpUs<=DDv;?ZtrI36xH&MM&YHK}JPojq%~u
zwCxf=D_k{GjUH>1Ew>XKjq|Xtr!Voe5$`%_S+c7Jl>H~g3_s8M>G;H~(}wi39#a9v
zq*?LRJ(suANXdNz*8b2L(*Al78^`-?aFN~RuU|<aUi%z?oF+>q{fCN+otifV0XyW4
zM7(LfeNj9V)GbwN0r|7b&by}|-PERm0S#zl?C8jX^Im{T2dBg<TYK%gDh79nRmLCa
z6jFX}1Bc7BlkUB$Hd^U|Ip#B}=zn8lVg<f|Z3-k&hGdCUl<hYF=g@exR8!!U3#1th
zc}p1!wWrlp;>osUHDrqPDR^htu-8XfnXe^F#1YsRS#k&V^Atc4Q`}#6bP59QZg!>4
zyO9i2vrlwp9OTgQY@*62&aar?p(3LXXu0PK=E$c%rw*~WyWDrV9}avxSanDvT(Fk7
zew-&YJ$`t)9zES2iga#WUfz+kfHbfZD^xcCOZ&=w$I-(^qFA(T!U8R56ZXTlwiR;L
z|E^lsxCZo9d+B1|EM8cU;|@?tZMf%P1}?-p?1<domwh;CuyBDjW_Ie};`|l~3CxMh
z%a)>hD^vdbOuVjKh>TKKg_T{+R#m~mxaK#zGnM$<{5s(tzqcAA+i~b^<DysYwLGG*
z{q}dNdzG?D2w%K9)mX-E=?G+hoDR(D7@cd=+q^^NIcx&t{g}Ucg+&7WJvTQE=)0X%
zltY~v;gy<vAa{7>6n`z)fQ>k+?2K;yrb6Afa7uR|_M5u2A=-dj<&>_niac}2Hb+<M
zZhlVaaYU!3OaxNVkLzndM|I_0j*wWS?1BSoM1-ckzHv>q&+5@W+i2GQ#kuIWB2B{b
zsv#DbE@hT)3T!gp7W(lW#B*$=0~O1uNTXz*>{C6hvH#7s)a~9YgBVUaf>IY?Vtt<9
z8fLEv0=8glIbmPj;n~ebAkjq67kh1*pX_!$n6zj1_YhLztn!#x;|y5x7+5jJ3>xNu
zoL`l+H=UOPd1X5@y!`%oz!6c6DX>leXZRK|KsU5V<-2rS{KmKAGFzQbGCLkTy!%Qr
z_`+85s<p)=$ek{eFwrXNHN*}HVqw_ZY>R{CwAkcd1lBk25$2YBob`4zo4f7J-AtmP
zrf3K<3&{UI2v(WQI$?88)Z4qO{+U7A{5UkN-__(@RjNCf%Nuojcht6<k86B$__#t{
z`~VQ5Bccz0RV-U;c}Q#yGPdvNff)aLsVCQ0;`j;{7)^@@<@pBfevkJPn>%khpQ4{0
zrh=~?n0`_~J$$b+J5OOA6$~W|Lz60&9@>D{d9rGdpUM9lb;!nU(+3Z206&r5M2Qi-
zykg>`@)%&JjqZ-PaX9nGAWMVse(}%W-RA!-B)DKWiSdv*o@zfDRZG#WVu&dr((Z@F
z(M7Ay3Mi4XePeBm$c-zSKijPnzxWB%hepEN6udr~nzi^G#OY{~Q;;F2SlDOB;1?6m
zsyO*~ez#{#Ye{490lwj(j^^Q|JzTo}Va=-GzT|sRTov)&os8Kky5~-A!)*dQNm6v)
zX+eH!`iC5@q@T5=<%tS2?8mm9!w+%EQQjKfRPch+Lgbh4RjJKZaUNm?jh?N$Lay^C
zKiCil(<}KY0I4K8+bq}^ek^-}G8!<t1yo`T<>a0hJly@|fp@bGx<B_E%M<V{Q|V)*
zn*_&~Fc3_7N2Y`EpqtT=&d*!3>kpbtTQE_G2PT^%fozIzMxGg2x(7FEuY#@t7IL^8
zUVneTrlhl8=qI(d+E_6j0xj?lfWZilRbyL9(8(|OuKDE%#@m=Re37?`J5*;EPxmW;
zD`WP1Z^FLUkX51}W)jjjih}x+lj=?RUiaYf+fp^NmCj;GlUTS5PvcDcir;48)5Gd?
zl|JsJR~0uu%?jlrQ_bxDKB2bi>~eeP)AUj3YGL0dqz|R2r?7A_<gpRpaZ?-9)3Uyi
zWIG^=FVnYx&9{DulLcpO-~9Cr4|*OSVdVvnyUf&e0&j4%#NzV(A8#hs*8@_6*89i4
zs^lW15UoDUv}AA?_EtxxXB?&3%(v3k>Vi-|H2(a7BC3%WlwZP4_WDeKd$}?>L+2$~
zKCUe}f_>w(jK;hVGxBV6qfb2a9-tzA_%XyKCePxw{>}9+6E{e@oCUoh!kGD5n{7|n
zzLAk?K;92?h?lYMTs+mo+U@vlOXmgG(_PmTJX>S1=w&sS>&y9M({$6B$l<R|6Ye)M
zwCrz6D>Mlj*oV9|lDl9-Dzkvb=o{wW-UvT3hlG~=ioKQ+Nk(uJt}45#9D!~4F^RiB
zbLUN{73_hKGYDum*PjV=hJmrj>&k#$xbby#mt)Kp$c9?>`0gPA`wGzW0jkzrlZIts
zipB0D7qgg)B-#{$+*Rz3aH!2bKP*E+JP<G>Zu7|NHEBf8$4HIM5!V~Ib={qIPkr#-
z->D9Ks(0$+n_=a<$z^~hTJ5zNR-wH0GR8}&XkaU#+1m?&EH5O`y=P8THxAf_^)@JD
ztb0u^d1XUtGQOYUzpJQt-3WRC8ERHij9T@Xw=uh)%v7`;*<#ml5D3Hai_cp2Xz3|P
z#uFV$a1Gtt_!fHIM-y^6WX5US_A_&meUX`&x$evFN{+hwzWu!eVP=V04%o=KbY!7h
zt}T!!D3NLA<K{HXh=J_ic@^&4vH!GuGDHX&oiwcEv+?g-)Z<N=kILbonw7^*!Ru`n
zGn|rFOO&|0ELag-T6Pw%zBoB~6?B^R<gpDKflU3v9F=k$$>tkN4H*w_Dy>+YR+v1!
zyM-QHBRyo$2uBtzPH$gb7|PI6=D>KL<hi-c{qyZhN_G*)Re9#1ATk^ZHb#?7w8=B?
z4Cm$g!VyZo5-YR29$diuJW;O_j>79dWOo`UnQUKPo^+4g2i1FsSQs+#cqsbbluO+i
ze!m*o*j{HYSZZ>of1fq~5)&AxyA{HTtW!I-jfkt1uO6kP*h+g}6P|0uw2+I60M{Fr
zeFl{rjXWF83a`lqo0jEZ{nnP*ITzy{v(?}$U^y86`r4M9&3Q*{Cz&L}nU&-$t^A-l
zZ-~pJ$?lS8fIo|V=hMl_Md*_l-#&ljOmDLuQG02s%n5?9=f&?2?TcY`1^%~t&SF0G
zGd_jpMV=Zt&!pRGd-&ZmQivEz>JN&Y-3ewL?Aw8OdUm$@8;-pIb5ysJ_EjpPI2KRD
zmCqIr`LkxTs^~+gp4xS3HY#IN_LkBD4Gd6_hb*O(>!AkVcT1UhO#no2o-&$kiLjvv
zIGs156H~*a`=nw7`w#}=-W+RUo+T+-v0R_NX~<1csT$yZS+gage-z5u&kypr+4x3J
zPaoxT3+W$n6!TrVA8`#i$XTt{e3g^1*xJ`8^?5tPxASgU0x1H#_8eTW9q7|(o>f8`
zF@>~v^F;;w*H#jM5Tlc$wU^h83Nx@>bgNoJ!HeVu7ksRH?0n1t)H3r|O!@A4x|q6J
zgq#Hp99wjGnIvBDwv$1~I3u>(%CLa6BEY{beZkJ=EC@|!O*CW)Q%??$lN~zy-fU12
ze0Q~aGh~)QhINj09tzZTTe!7CD$oU|yVjwEJuF1n3n|F%89a`oMDM2pto+=}gB)%F
zZp7rU*Ym6S#=fVOQ;Ld8u~2k~z!Za60bji?H~Sc01bgGm{d$d5tx(R}wVNIwz@+8*
zF-I^HE@;wz{$>6wQN($=^5T_Luyuea5)f(`b`2a5OIQakhu)NFHX`4O)-|%Q%eL=O
zzt|6VKD#_zZVHh=aL=$YGV@#UXMm~_(4&kS{`P@&8!h0VpDZ}mIWKlD(=|0X9bI1&
zXPPjv4;_xzIK#fm8lC+7nPWz0m5PN+Bgl<lA!c8EvU3kOM#RkrL7H=kc|%=Ip1Y$|
zVg&W04Yyv~y}n;em{}ZccF%U6JcgDH$=XU&4Md+lGXm<6J|~MVfC&9928x~Ywug}o
ztBML5--d<*98kQpx7_t8L!DOn<K?}_@2R%Ujx}OPaDHhT^qui)HE^uD2Z6qO;p%oj
z(<ESzh9<<o#xPoNuQjLHsdZ!dsPkbZFvsFOFWP$v-pz8~<=_o~+_S+)Z9oOM*0$!x
zSt7xX0|M?JL;A99N`-a)?g;*7(6X@GM${pwHfTM)6Iu=GJ;9XS$(X_S{A%aetY%VT
zXj`H4GP!B6;me^5k`;DTl(I5l<o(zNthMqvV*M(n=I{H5JZauyXkHlraY>9WkzCB>
zwcmnMD&rKSIQW_y9r*cpZ=pmP_an=`?%58~h|FB3sc<=B1y_oj1b)U^@BuBe(;|zH
z$^gJv$o>4JI+4&*{qwd5$+x56E0`y0v?U}AhmyK$XTj0;&yu|h_2yOMTM+GDYxVr_
zEA{Lc%_)h%%YKy&Jp7O5hOCK`U^T|rdS?ivMvwBj&WkX;@`8{%i7RB8*F<l_pB;8w
zMUt9X_az|x0enRk+bm*aA4wW4EWd4!1*iV0DHV9OAVu}XU2W%rw~3W=;K?^q4N#lt
z?NaG}=}6i3Gb0<(A<4T^u8Z^YpZw*3nIm<%)c+15kpFXk;yk@6uLR5&^C_`b9gTS4
zu{%uXPaGS}EoiBlWvQ04tIkXmPz88C=fW>=@d-D0kkS-;WXx&BX)^jtzN!6UPj{G#
zx0_mN({#~8l0<f7Au%!}*3ldSOk{rRNzX=ZUIazcS4rD}_Eie9Xag5*Lm+h`RqZPD
z*-zrDlxlBUoV#{z_sy0Ym3T0_@nuCv|E#a4y%IZEOQ9c=ywGKfGk%Ltl5l>$1f+U#
zWQFG9gD4<X=SxlVyhdQpxkfN*f(^Cvq#YUjgGf%~Cc{OxS4Wd+W<D@8^#Hyx{&|5o
zLp%~rgX4nLyT{4Rq|C%kAK#oDT{6N(iwpY^!wmlCE)~N@m@L4)aA~Z!S4U|Y)UXAY
zs=?z1r(Z;)0sMwhg<JSNpjlHW{r2)p=Wek6mnyv)NWz!hWuGe(OcM5Sd&mn>^)C_z
z?aLCmHtz5ZqW0n1k<nfFj}6u7An8!^?hgYX@u%Ub+0c!sPxML&i;kCTYaA_04VKdt
z_Kh~L*#M8>#bC#wOCPg<++<Sd7QOFEun?%=qpjcdw~-tTfEQ6gmO?RhRGV)|s0(@p
zP|!tOt>SjmHJsg4)wcb<#SOi_M!{5f1u881i|uyL+~E$jGW4e0#VL%gh9PU?7ML%+
zy(Jn$9?Z>L7o0?I-jZA7gnX}Wt2RDtxdP%^xS?dj6u+n_?~m>d-?Umr`r|%4KKcb1
z2`AQ9H%)t}F#>}=E;7=Y8D0qn5{=*0bz||p3&E*I$o21uZ1+8M;%iSl8+^E`6FvHZ
zLnD@{qf%WohgQG+j^<v-;?3ms0lfLlpEwc_1|n*2c)69R&4_(_xA$=@Re&(zJVWdU
z!;2RdrliCJeGy1QBwROVR!Q?()`U0m+EtL6+fy~Jr%;JJ|76%UtbeRM=%{76^ynap
zq)^712kqs@Kj5#d>WnTQ4K_%Y6xI0pW499^l}tRME*0`>Y?{OA?Ff{yg9-iQG7P*g
z@#Qdoe5Pe>P^Mqj@Ldh;IxyKy@;s5scKFyHw0f6!mb>boFJTs<(v*lkfnz{s8nDvp
zyXtww!klM)YOGu3EVM>z7e6mE7||VXRc8#zSBf03$<SwAZ;fQENJ)(@bbxOibJOXj
z4+VDJo}Mrl{4^p&`~{}X69Z~zAj@qJW+6O~$r7Go#jF=sReC=}ZVR%-eMfoMY2tsT
zi)x^kHYZ<CXBU}U*uf_K!&A|OquFFa;FfW~SI6*6x&hTN!N=k5<_Ju$vc1k$S1Z#p
z_-3kfxvPKJD@f2ODe7i#9N0Eca<L%3#==Dso_7jE`t3e%hbOD#JF^?~RNeA;N}9)j
zZ2ocj_ACnf``{q7LPxApPo1(PSF9%2d(DZv5_2e_9bn+~vwK<Av`6`_NbK-4QndSA
zmxz_R7Wd)$G_8`N9~t%Re5?Itf1!_V{X%o_9p;#nl>6z{9`h@t{V&2h7HBh;l(fRT
z-*||rRjJmNDtGgrlab>?m01+XMsq~c(8EhQri^r1%LaSGKZ11|{eLXAy1LHQALY1G
zeg-#Q-0s(n<?vYPDm}AN7gQXd$Eg0srUN%JuW=Gg9wgZIcwJRU6uVG6mHkXItaz!o
zSIX=9IOA$%6V!PtcajML;b^PK%jm*uiiD4%rM`mS@s2`Yi6}jW{pN?gL)8up=}1H8
zq88))^&8PGok!M?$19zeNlEdv2O*7=RU=OT%$8?E28p^nP>!fz_@tfv<-LgakN8(o
z4-pFSva7bB(QtQZkm$<`v=j7-yT>{p6-`R~;d}|@OacCT)?t*4<QlA+wp%&96`nNG
z?jY!XKhckxN1sdQ@->KN%G-}<<1^Ibaqy_1-hULKBto@=TALNk0$O6<=CK@_@B4VO
z%lYOqC-m+ie@sfK!ES(e^96K<>}f)BYva287xn#f7{h0)p8K!?E#UxuT)7D?!fBk|
z_hxkm3!ki(9qTL>ozaGKr3wbL=9V=il3vHz!elLSCN5K>y}@kk>5btCZW$P>b<+qR
zghi2Ob|NA`)-zX~EvNIguf%H?2ap);YeG)HR{=tNHzxxJ6~-((?y*XAxb(}ashyo$
z<AvZV1q5DO3B<fytLafhpri4m47{Q<<Mbg=n5$1uZ=~aFEtQy0HEQx`By`I^WKlyX
z7=GpG^rB`)8XXrAbgaq<V;D8SGAzj*GyTl{AsykR<I_HT_TFK-ZraT}TFzIi)^EGP
zg;6|FZ!+NiWZ)I`Dt(yOYf*mT>#0ST#k+6RtjKr{ak7aC9~pXv1(={IkuPBrbS8p|
zM$d3b<dkY=K3lvc!B%9=?K2HI`34hCe2EbD?zy1TYU>nRCb|tkxtN5rL2n|E^M}Uu
zbNFU;G!OMPd&2n5d|_jpw`oNJ2aAivDQ)_@vX}Y`3HXJIs#>fSkSTkG$iXC>BBj?R
zF_@g4ewP*HPD@QHY~Rs1zlg?}TJ{64>^B#4NOO7036$0-&rmMDTq<f3ZR$^E7*`i2
z6jwt^y=Gz@VA^p(F)699i&BxNsGhb-yM#q~Um#ennzg%_P)5-ltZ0<#g6J3{XI6tA
zE;3qHP47;J;xlvkn#-R>7<y-am<hinFg-M_Kwi_WQV<z1lfGf2=8JNRdiimRqUO*$
zWBG1ejwbY8Mg1efaqvlZ$JI=G8=i}Rzozi4O1#GyTV~dAO{!_@Ms<o@ADMF8hv(bX
zBWH~0gp!YFIKQWVpR1%byDS0$Ltk11#YyY4r!VdcMG6vx%+0eRZmtqTy|tY6mn}(B
z`3$j0ACNW4q}B&!tLwG3M*S&^mlAnQH60U3`rn*i=jY#??S{@RE<PQ!e4e0#n_et6
z7W`R}@SLfxJ#+y$+rq0#w)MrvGrq^a=mo5L&7hEr_*QKMx*B$qfF6`>TJ!v9+bpw#
zdZQK@Awz@G{fpb-J-(H>&sq?2JTfx-FK`>6!UXb8Q7;US9#a<GvQRvs-dKqpk#Ot8
z<c%Ts`ZE&~s1`L8R7((rB-a;uw}yn8Y(K3!SqjuIEi1%7{wdNfgz~V8Q%A|@Gvmd1
zGdrMF&g<H5H2p}V?AfGoSEG)cmkyO2ca8gkEv}{#+_Rbb-BYU~TU>vHiO}?DXT*2a
zpLA?8`Sk%U>$j;g_3Z@o$ughS)#d{wwT#^M^P={nyV<LiU{Z_C502?m*#n>SFmSy=
z-5AJwhSfuQskF%bedDZDKlh=@2OS;3N{O_DZ)gM@9{<dDh5VV|crLi)25`3!89rMO
zkw?0`x-bctP-yo(=*>V29!f}Wm=Hz{M+b<gW#7VQ$h0bMsi@Tb#E<jfn$KyGF{gs;
z(AFEB-?Uh^dG9#YfTh-<v1_?}{qaRUoDDQ<G}Sz&6}h-LA0dQ{Qq)oDf$3VZEX^3D
z?wfCGIhlfF$&;+8Q2{lr;H?QIz1Cp_Sy|*{q<8(rT@M-_zh3i*%S+TY4lD2Zdc7~=
z)^6jsK~_ztcm`1V(L;gL2<fP$z}~ql8>~q;Q23A^<qQI`8-G6TsChGH_~o;krl=A^
z1OLNRJeR5GvUfq~EsJa&Fj=5Z0w)Dxj{bP+1zqNruaaKHAPSAEQu|+9beV3t55EnI
z#`mBZH2g%%kl??4TI4xu2&9~Rbl=q8$JmuzY&ja3HEs8t<s?Cdo_$!^gAIKivV>d8
z{^DnZl9hIgz?jhF6|54kHr{Up^@)ID6n$5{hB#y>ZAaZ{T{}+tXEbuuGqlDCsi?>l
zu%NGZFq!V%&OiQ9mQs}<(?x|EI45^nTl~^vP4}e7lt=6_qRxD|Dbu0Z(QK09#1BZD
zQaBDXi}@~{G%h~vjfy>sjwak^|EyK4^fcf(_H+bjxfr(l+<#||PA?l}af>i)23AN?
zv+GS5TW#xB9NX&rr#>x;L~7@TbZ*r2>kCnjw}ZqRCKj+$RmM7Fri7xCc!B=9>HL88
zNd7SnX$)@P9z<HGhwJYqdt8a@?gC&Rt;lAmtq3jc@@02V#4|2H_JB+BiLzYFkNCwv
z29*dRly*Qy*w@JR;Q_5La(STei0cxSRps@|rFPfV75WEMN~D*BqJSte3Gl7~9wME1
zA}9=_j*NoW|4<<%WisB9T2UNBi~h<{K<nUmg8(N&UWr)8|7`$Ou6KW&gZE{%AzOie
z+0W(WdT@9=x_{{YOdidlSAS74?~2D~$rtIBI*Op6QLu3^G0tX6NQ<h7^B*2fvUap8
zq89;v%;NXQeY0F<rW`Og!vv(Dw&1%9AntE_<pN^>JLcJlqj_grDs1KIsCXPkl9GTT
zBM2BnmzzgaOVf~HFC4ujxw|*#97cj@Y%xX0NH|QtxQt{2qMA^sJTyp5_}W*hb-T{B
zQ-zEpD*7~BMuhh*Yp%Q+#PKyzgZBDK_z#3$3~4mYb|&i3`{|*~=ydHc{vklbWQObN
zPY*K#F5*4SV2_3?0v@#z6p!|&p$-;ytj9d7^E*NR9_X$fE0~oQd6^Q_O&&4L5b~yS
z`t*lQ`Sk6@b8xNU)Svx*v4EdMk%-J;)}!Cx3p!7a(esV3&Nj&IW;t9ty!UHbLfqHF
zp3y2V)>gYE^7`B+kUs?-NdW6d8ZHhmogZbOd-YVhQi_A1KjkJLDa?DvUv#VnTsd#u
z`_wZZ|8#jn4T>rHHFB{(X3&J@8(+<1Q2OQSP;7{^?K7;5qFeMCvZlnrxn31m<M&<<
z1_nr7YmGUE9!-{IJ%P9OY>7NVw%tjP#j5$BVFYbcs`cSg-_##PCN=ES#r|y4KDBdc
zuU5pg5!@)GrYu{d3*2|Yx1H}K=nv=*h2c@JnIiX94wFZ$^s%GqRz(icfK}^^4<FVd
zo@bb45D~}`mlX(~TwuEfloAv&h)o{BR4b>EX#qCKUTiXjz3{$Z_3MKkPc8E|8@YT6
z>)$?o_as_dl=jHq7q^w&ia>f69aY!ycq<|1qwEIi4pYyPe3-u2-?x}!nycQ{f({^C
z{OJxyT9rB*?(B<}0I_}z?YjM)%ctoYt;-xMfGQ=#R{9Z)Pwvq#?6|txdIkir?w+Am
zrW=J#3{bTMT>Ms9UM|hgx7ti3I1BFe54f)XsC#U(7Qd?nMM1Q|(qoa|@0@G*ou4ed
z!=*Y!vo{J{<Y*DUt}>&Wh`>N*Oh?JfW8zY$%bQ>tiU=t845RA|sVVMgT+~9@t@r8+
zh~<Wy8Z&a}5Q!%Sw77PipAH?}-;4zY2I8Jy>=h-Ct|MMtpGdrtJo&okxl<I*nJ;IX
zAAC6kR4QHAWD)}lg+)Ui!g2M(adA>@oAvy>Z5}*$mUBYu+tf#ApWV9{HcOa?)341y
zca?NDb~GFz3IsZ=58$f2Pi}M$bE0D>GT-}-hZ%PPSxKu>hiR%t$47vq`Fkqk(a};Y
z-G%VRr+&Wyuoe&JJMMn*B)qr923i$le;)Jb6GVzzIvN#_J~%r0>d*en;_J|6`BhEW
z4;aVykH^y+bEyNL9N_Y;lwLm6nBhb3kE-~4oS#>fc+PD3&xC$ewYLc$RFo9vw%S0K
zdWbHVx61!R6AEwP5wD(Npds^`VOXW)k4%4u|14QJ)AA(^9xW83uyL3|gG|TXvSC=2
zB?mi*zH+)Gzq}DEobk8+Pr@|jSEdh3p3GzU&Xmf}7Fq$`!mF#RyJ=R<;&41Hd>fgy
z1acvtKQJ~hw=92H#%b>m=iO$3>5O5N>L;@rf>EvczAXoOMuP0WIgdA`nF0L?GPDg(
z$LqxUrZ=H?SB9nXr379+%}M3ra-3*l2(}!rdyCON@dP!47>BPaj$Y*ppX^On4Z&2W
zjGooIK80x2@aFD&YLXYfzf?f$;lOjcdw=Xlrrqz47qH!+&ndS5{)n)j<q8CPqxVCC
zO>gtp#Hz&YoHro+HgDSw^OWp~(Pl<Ne|xMHPb%d$)={omp!xEf;d@P;-uI&oEK_9?
ztw5+--<Zxl4aVC~Mv~XRkQ5L&CiQgxEq?6rcAQR!s9{1ne(ea7{F&!nHVfTX5wV}4
zz&^%H?LD{=HnFyDTxXR#g8BUEHc)q!&*xi<DBUs}@eFsxb4;RJWaUyE3tvL%6dB~U
zhyU{8ht0hfGx{Wi9ZQ4mc^|!;TpthJ3<6Sv`J;H=uKG3j`91eyOD%lHjw|t9x~Pg<
zj=U|4MA<-25#Dy(sJ3klO9`oh!8d$Wf8$BRIBJFTKz);toAeWj+%Q~uywk5buh#3Q
zh*Bd{Mkg=TP(A>>dRnUG6)7l5MLt60P{90xl73^y0);8L^YBBlUnm0VQ`veBy<6YM
zs!f9*MuhYo1cv4S_0?){)!+$D&Q}Dm{9L0+;IemdqLis<rkId8ug6ma?kTtY3=*2m
zGKs&cEjAr8H=EYJLOf|*(E3dxj}_>H+hO;5=X2LD_D7Eo>7IGJimI|K;G373o5g)c
z9}6>~Famp|Dt;p%qxWoQxE09PElZ%0vgn0+W^y{~BmvGW1<Mo7xI?7X^Vl*Q5O7mb
z(3G#0HGli}`Tv(U3tu}gFE?v0XM0a8E^jw$3oje9zjvOTo_7DY0O1C1LIMIH;DJX-
zfcw8b{yoIa&&vbi`THm&Ajror2;$}u<mVOu(Q^OaI)VSLA8$`D3lCaakhQC~?SI$q
z|8)F6zl8fgKko0-|E{b5myXfXaar2CaCzEcV9?XbxOmxf=-XJ*YTNup#mnBsmR85k
z#>t6R$I8Rr&5IUj^HPq5mKXRVIe<HUT4f6lYb#d|8(JM#h?lR0ht1z^bnWatX+8h*
zInV$3IpDRorwzp0i5BAOLHnO!_P1{@I~!UnS2uqTds{m%;Di4ec>if4qfcw$V$DwL
z3w${{@YJ8y6=>{1>*nF=U}NRQiGhLfw<q1#wDvBv=1!jGv|_Z@t{Akmo;KFB%${7p
z$?^TY<L6?gWdK@9(wdoh**LqILF}Du#DI3rKL7Qdziq@YtX*AfF#ccqbN-#nKLq|E
z@DG812>e6f9|Hdn_=mth1pXoL4}pIO{6pX$0{;;BhrmAs{vq%Wfqw}6L*O3*{}A|x
oz&`~3A@C1@e+c|T;2#425cr3{KLq|E@DG812>e6fe}lmP03`SL<^TWy

literal 0
HcmV?d00001

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
new file mode 100644
index 0000000000..932c0583ec
--- /dev/null
+++ b/httpd/awhttpd.patch
@@ -0,0 +1,1768 @@
+diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
+--- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-06-28 20:38:44.921875000 +1000
+@@ -7,17 +7,16 @@
+ */
+ 
+ 
+-#include <stdio.h>
+-#include <dirent.h>
+-#include <sys/types.h>
+-#include <sys/stat.h>
+-#include <unistd.h>
++#include "os_port.h"
++#include "ssl.h"
+ 
+ 
+ 
+ #define BACKLOG 15
+ #define VERSION "3.0.7"
++#ifdef CONFIG_HTTP_HAS_IPV6
+ #define HAVE_IPV6
++#endif
+ 
+ #define MAXFILEPATH 1024
+ #define MAXIPLEN 45
+@@ -26,6 +25,7 @@
+ #define BLOCKSIZE 4096
+ 
+ #define INITIAL_CONNECTION_SLOTS 10
++#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
+ 
+ #define STATE_WANT_TO_READ_HEAD  1
+ #define STATE_WANT_TO_SEND_HEAD  2
+@@ -37,7 +37,6 @@
+ #define TYPE_HEAD 1
+ #define TYPE_POST 2
+ 
+-
+ struct connstruct {
+   struct connstruct *next;
+ 
+@@ -46,29 +45,46 @@
+ 
+   int networkdesc;
+   int filedesc;
++
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#ifdef WIN32
++  HANDLE dirp;
++  WIN32_FIND_DATA file_data;
++#else
+   DIR *dirp;
++#endif
++#endif
+ 
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+   int timeout;
++#endif
+ 
+   char ip[MAXIPLEN];
+ 
+   char actualfile[MAXREQUESTLENGTH];
+   char filereq[MAXREQUESTLENGTH];
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+   char cgiargs[MAXREQUESTLENGTH];
+   char cgiscriptinfo[MAXREQUESTLENGTH];
+   char cgipathinfo[MAXREQUESTLENGTH];
++#endif
+   char virtualhostreq[MAXREQUESTLENGTH];
+ 
+   int numbytes;
+   long offset;
+   char databuf[BLOCKSIZE];
+ 
++  int is_ssl;
+ };
+ 
+ 
+ struct serverstruct {
+   struct serverstruct *next;
+   int sd;
++  int is_ssl;
++#ifdef CONFIG_HTTP_HAS_SSL
++  SSLCTX *ssl_ctx;
++#endif
+ };
+ 
+ 
+@@ -111,13 +127,20 @@
+ 
+ 
+ // Useful macros
++#ifdef CONFIG_STANDARD_AWHTTPD
+ #define istimedout(tp,ct) ((ct) > (tp)->timeout)
+ #define updatetimeout(tp,ct) ((tp)->timeout = (ct)+usertimeout)
++#elif CONFIG_HTTP_USE_TIMEOUT
++#define istimedout(tp,ct) ((ct) > (tp)->timeout)
++#define updatetimeout(tp,ct) ((tp)->timeout = (ct)+CONFIG_HTTP_TIMEOUT)
++#else
++#define updatetimeout(tp,ct)    /* empty macro */
++#endif
+ 
+ 
+ 
+ // conn.c prototypes
+-void addconnection(int sd, char *ip);
++void addconnection(int sd, char *ip, int is_ssl);
+ void removeconnection(struct connstruct *cn);
+ 
+ 
+@@ -129,16 +152,17 @@
+ void procsendhead(struct connstruct *cn);
+ void procreadfile(struct connstruct *cn);
+ void procsendfile(struct connstruct *cn);
++int special_write(struct connstruct *cn, const uint8_t *buf, size_t count);
+ 
+ 
+ // net.c prototypes
+ void addtoservers(int sd);
+-void selectloop();
++void selectloop(void);
+ 
+ 
+ // socket.c prototypes
+ int pollsocket(int sd, long ustimeout);
+-void handlenewconnection(int listenfd);
++void handlenewconnection(int listenfd, int is_ssl);
+ int openlistener(int port);
+ int openlistener6(int port);
+ 
+@@ -150,9 +174,9 @@
+ 
+ 
+ // misc.c prototypes
+-void nada();
+-void die();
+-void reaper();
++void nada(int sigtype);
++void die(int sigtype);
++void reaper(int sigtype);
+ void stripcrlf(char *p);
+ char *my_strncpy(char *dest, const char *src, size_t n);
+ #ifndef __HAVE_ARCH_STRNLEN
+@@ -166,12 +190,12 @@
+ void buildactualfile(struct connstruct *cn);
+ int issockwriteable(int sd);
+ int isdir(char *name);
+-void status();
++void status(void);
+ int trycgi_withpathinfo(struct connstruct *cn);
+ 
+ 
+ // mime_types.c prototypes
+-char *getmimetype(char *fn);
++const char *getmimetype(char *fn);
+ 
+ 
+ // urldecode.c prototypes
+@@ -188,7 +212,7 @@
+ 
+ 
+ // conf.c prototypes
+-void defaultconfvals();
++void defaultconfvals(void);
+ void procconf(char *filename);
+ 
+ 
+@@ -202,4 +226,4 @@
+ 
+ 
+ // main.c prototypes
+-void initlists();
++void initlists(void);
+diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
+--- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-06-28 20:38:44.921875000 +1000
+@@ -7,29 +7,33 @@
+ */
+ 
+ 
+-#include <unistd.h>
+ #include <string.h>
+ #include <stdlib.h>
+-#include <sys/socket.h>
++#include <stdio.h>
+ 
+ #include "aw3.h"
+ 
+ 
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+ void addcgiext(char *tp) {
+ 
+   struct cgiextstruct *ex;
+ 
+   ex = (struct cgiextstruct *) malloc(sizeof(struct cgiextstruct));
+   if (ex == NULL) {
++#ifdef CONFIG_HTTP_VERBOSE
+     fprintf(stderr, "Serious memory error...\n");
+-    exit(0);
++#endif
++    exit(1);
+   }
+ 
+   ex->ext = strdup(tp);
+   if (ex->ext == NULL) {
++#ifdef CONFIG_HTTP_VERBOSE
+     fprintf(stderr, "Serious memory error...\n");
+-    exit(0);
++#endif
++    exit(1);
+   }
+ 
+   ex->next = cgiexts;
+@@ -43,7 +47,7 @@
+ 
+ void gensysenv(struct connstruct *cn) {
+ 
+-  #ifndef LIMITEDCGI
++#if !defined (LIMITEDCGI) && !defined(WIN32)
+ 
+   char buf[1024];
+ 
+@@ -54,7 +58,9 @@
+ 
+   setenv("AW_VERSION", VERSION, 1);
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   setenv("AW_QUOTE", quote, 1);
++#endif
+ 
+ /* Commented this out because (and this is ridiculous) PHP
+    doesn't seem to work with this variable specified
+@@ -70,30 +76,39 @@
+ 
+   setenv("QUERY_STRING", cn->cgiargs, 1);
+ 
+-  return;
+-
+-  #endif
+-
++#endif
+ }
+ 
+ 
+ 
+ void proccgi(struct connstruct *cn, int has_pathinfo) {
+ 
+-  int tpipe[2], fv;
+-  char *myargs[3];
++  int tpipe[2];
++  char *myargs[5];
+   char buf[MAXREQUESTLENGTH];
++#ifdef WIN32
++  int tmp_stdout;
++#else
++  int fv;
++#endif
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\n%s",
+                              VERSION,
+                              quote, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+-  write(cn->networkdesc, buf, strlen(buf));
++#else
++  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\n%s",
++                             VERSION,
++                             (cn->reqtype == TYPE_HEAD) ? "\n" : "");
++#endif
++  special_write(cn, buf, strlen(buf));
+ 
+   if (cn->reqtype == TYPE_HEAD) {
+     removeconnection(cn);
+     return;
+   }
+ 
++#ifndef WIN32
+   if (pipe(tpipe) == -1) {
+     removeconnection(cn);
+     return;
+@@ -108,7 +123,8 @@
+     return;
+   }
+ 
+-  if (fv != 0) {
++  if (fv != 0) 
++  {
+     // Close the write descriptor
+     close(tpipe[1]);
+     cn->filedesc = tpipe[0];
+@@ -132,19 +148,64 @@
+   close(tpipe[1]);
+ 
+   myargs[0] = cn->actualfile;
+-  myargs[1] = strdup(cn->cgiargs);
++  myargs[1] = cn->cgiargs;
+   myargs[2] = NULL;
+ 
+-  if (!has_pathinfo)
+-    {
+-      my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
+-      my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
+-    }
++  if (!has_pathinfo) {
++    my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
++    my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
++  }
+ 
+   gensysenv(cn);
+ 
+   execv(cn->actualfile, myargs);
++#else /* WIN32 */
++  if (_pipe(tpipe, 4096, O_BINARY| O_NOINHERIT) == -1) {
++    removeconnection(cn);
++    return;
++  }
++
++  myargs[0] = "sh";
++  myargs[1] = "-c";
++  myargs[2] = cn->actualfile;
++  myargs[3] = cn->cgiargs;
++  myargs[4] = NULL;
++
++  /* convert all the forward slashes to back slashes */
++  {
++      char *t = myargs[2];
++      while ((t = strchr(t, '\\')))
++      {
++          *t++ = '/';
++      }
++  }
+ 
+-  exit(0);
++  tmp_stdout = _dup(_fileno(stdout));
++  _dup2(tpipe[1], _fileno(stdout));
++  close(tpipe[1]);
+ 
++  /* change to suit execution method */
++  if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
++            myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) {
++    removeconnection(cn);
++    return;
++  }
++
++  _dup2(tmp_stdout, _fileno(stdout));
++  close(tmp_stdout);
++  cn->filedesc = tpipe[0];
++  cn->state = STATE_WANT_TO_READ_FILE;
++
++  for (;;)
++  {
++    procreadfile(cn);
++
++    if (cn->filedesc == -1)
++        break;
++
++    procsendfile(cn);
++    usleep(200000); /* don't know why this delay makes it work (yet) */
++  }
++#endif
+ }
++#endif  /* CONFIG_HTTP_HAS_CGI */
+diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
+--- awhttpd/conf.c	2005-06-04 14:09:52.000000000 +1000
++++ axTLS/httpd/awhttpd/conf.c	2006-06-28 20:38:44.921875000 +1000
+@@ -10,11 +10,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <ctype.h>
+-#include <pwd.h>
+-#include <sys/types.h>
+ #include <stdlib.h>
+-#include <unistd.h>
+-
+ #include "aw3.h"
+ 
+ 
+@@ -23,21 +19,29 @@
+ 
+ int usevirtualhosts;
+ char *webroot;
++int initialslots;
++int maxusers;
++
++#ifdef CONFIG_STANDARD_AWHTTPD
++
+ int allowdirectorylisting;
+ int allowcgi;
+ int permcheck;
+-int maxusers;
+ int usertimeout;
+-int initialslots;
+ char *quote;
+ 
++#endif  /* CONFIG_STANDARD_AWHTTPD */
++
++
+ int numusers;
+ 
+ 
+ 
+ void defaultconfvals() {
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   usevirtualhosts = 0;
++  maxusers = 500;
+   allowdirectorylisting = 0;
+   allowcgi = 0;
+   permcheck = 0;
+@@ -45,6 +49,13 @@
+   usertimeout = 5;
+   initialslots = 10;
+   quote = "Fear and loathing on the WWW";
++#else
++  maxusers = 500;
++  initialslots = CONFIG_HTTP_INITIAL_SLOTS;
++  maxusers = CONFIG_HTTP_MAX_USERS;
++  usevirtualhosts = 1;
++#endif
++
+ 
+   // Not really conf stuff:
+   numusers = 0;
+@@ -54,6 +65,7 @@
+ }
+ 
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+ void procconf(char *filename) {
+ 
+   FILE *fp;
+@@ -210,11 +222,11 @@
+         err++;
+       } else {
+         if (setgid(bl->pw_gid) != 0) {
+-          fprintf(stderr, "WARN: Unable to drop GID to %d\n", bl->pw_gid);
++          fprintf(stderr, "WARN: Unable to drop GID to %ld\n", bl->pw_gid);
+           warn++;
+         }
+         if (setuid(bl->pw_uid) != 0) {
+-          fprintf(stderr, "WARN: Unable to drop UID to %d\n", bl->pw_uid);
++          fprintf(stderr, "WARN: Unable to drop UID to %ld\n", bl->pw_uid);
+           warn++;
+         }
+       }
+@@ -263,3 +275,4 @@
+   return;
+ 
+ }
++#endif  /* CONFIG_STANDARD_AWHTTPD */
+diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
+--- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-06-28 20:38:44.921875000 +1000
+@@ -9,15 +9,11 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
+-#include <unistd.h>
+-#include <time.h>
+ #include <stdlib.h>
+-
+ #include "aw3.h"
+ 
+ 
+-
+-void addconnection(int sd, char *ip) {
++void addconnection(int sd, char *ip, int is_ssl) {
+   struct connstruct *tp;
+ 
+   // Get ourselves a connstruct
+@@ -39,12 +35,21 @@
+   usedconns = tp;
+ 
+   tp->networkdesc = sd;
++#ifdef CONFIG_HTTP_HAS_SSL
++  if (is_ssl)
++    ssl_server_new(servers->ssl_ctx, sd);
++#endif
+   tp->filedesc = -1;
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_DIRECTORIES)
+   tp->dirp = NULL;
++#endif
++  tp->is_ssl = is_ssl;
+ 
+   *(tp->actualfile) = '\0';
+   *(tp->filereq) = '\0';
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_CGI)
+   *(tp->cgiargs) = '\0';
++#endif
+   *(tp->virtualhostreq) = '\0';
+ 
+   tp->state = STATE_WANT_TO_READ_HEAD;
+@@ -57,7 +62,6 @@
+   numusers++;
+ 
+   updatetimeout(tp, time(NULL));
+-
+   return;
+ 
+ }
+@@ -95,10 +99,22 @@
+   freeconns = cn;
+ 
+   // Close it all down
+-  if (cn->networkdesc != -1) close(cn->networkdesc);
++  if (cn->networkdesc != -1) {
++#ifdef CONFIG_HTTP_HAS_SSL
++      if (cn->is_ssl) {
++        ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
++  }
++#endif
++      SOCKET_CLOSE(cn->networkdesc);
++  }
+   if (cn->filedesc != -1) close(cn->filedesc);
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_DIRECTORIES)
++#ifdef WIN32
++  if (cn->dirp != NULL) FindClose(cn->dirp);
++#else
+   if (cn->dirp != NULL) closedir(cn->dirp);
+-
++#endif
++#endif
+   numusers--;
+ 
+   return;
+diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
+--- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-06-28 20:38:44.937500000 +1000
+@@ -8,7 +8,6 @@
+ 
+ 
+ #include <stdio.h>
+-#include <unistd.h>
+ #include <string.h>
+ 
+ #include "aw3.h"
+@@ -20,7 +19,7 @@
+ 
+   snprintf(buf, sizeof(buf), "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
+ 
+-  write(cn->networkdesc, buf, strlen(buf));
++  special_write(cn, buf, strlen(buf));
+ 
+   return;
+ 
+@@ -34,7 +33,7 @@
+ 
+   snprintf(buf, sizeof(buf), "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n<BR><BR>Anti-Web HTTPD - Take back some simplicity.\n</BODY></HTML>\n");
+ 
+-  write(cn->networkdesc, buf, strlen(buf));
++  special_write(cn, buf, strlen(buf));
+ 
+   return;
+ 
+@@ -42,6 +41,7 @@
+ 
+ 
+ 
++/* TODO: this really needs to use the connstruct object */
+ void send505(int sd, char *reason) {
+ 
+   char buf[1024];
+diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
+--- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-06-28 20:38:44.937500000 +1000
+@@ -11,7 +11,6 @@
+ #include <string.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+-#include <unistd.h>
+ #include <stdlib.h>
+ 
+ #include "aw3.h"
+@@ -52,7 +51,13 @@
+   tp = indexlist;
+ 
+   while(tp != NULL) {
+-    snprintf(tbuf, sizeof(tbuf), "%s%s", cn->actualfile, tp->name);
++    sprintf(tbuf, "%s%s%s", cn->actualfile, 
++#ifdef WIN32
++            "\\",
++#else
++            "/",
++#endif
++            tp->name);
+ 
+     if (stat(tbuf, stp) != -1) {
+       my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
+diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
+--- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-06-28 20:38:44.937500000 +1000
+@@ -11,7 +11,6 @@
+ #include <string.h>
+ #include <sys/types.h>
+ #include <signal.h>
+-#include <unistd.h>
+ #include <stdlib.h>
+ 
+ #include "aw3.h"
+@@ -21,10 +20,40 @@
+ struct serverstruct *servers;
+ struct connstruct *usedconns;
+ struct connstruct *freeconns;
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+ struct cgiextstruct *cgiexts;
++#endif
+ struct indexstruct *indexlist;
+ 
++/* clean up memory for valgrind */
++static void sigint_cleanup(int sig)
++{
++    struct serverstruct *sp;
++    struct connstruct *tp;
++    int i;
++
++    while(servers != NULL) {
++#ifdef CONFIG_HTTP_HAS_SSL
++        if (servers->is_ssl)
++            ssl_ctx_free(servers->ssl_ctx);
++#endif
++      sp = servers->next;
++      free(servers);
++      servers = sp;
++    }
++    free(indexlist->name);
++    free(indexlist);
++    for(i=0; i< INITIAL_CONNECTION_SLOTS; i++) {
++        if (freeconns == NULL)
++            break;
++
++        tp = freeconns->next;
++        free(freeconns);
++        freeconns = tp;
++    }
+ 
++    exit(0);
++}
+ 
+ void initlists() {
+   int i;
+@@ -33,15 +62,19 @@
+   servers = NULL;
+   usedconns = NULL;
+   freeconns = NULL;
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+   cgiexts = NULL;
++#endif
+   indexlist = NULL;
+ 
+   for(i=0; i<INITIAL_CONNECTION_SLOTS; i++) {
+     tp = freeconns;
+-    freeconns = (struct connstruct *) malloc(sizeof(struct connstruct));
++    freeconns = (struct connstruct *) calloc(1, sizeof(struct connstruct));
+     if (freeconns == NULL) {
++#ifdef CONFIG_HTTP_VERBOSE
+       fprintf(stderr, "Not enough memory to allocate %d connection slots!\n",
+               INITIAL_CONNECTION_SLOTS);
++#endif
+       exit(1);
+     }
+     freeconns->next = tp;
+@@ -49,6 +82,7 @@
+ }
+ 
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+ void usage(char *cmline) {
+   fprintf(stderr, "Anti-Web V%s  (C) 2001-2004 by Hardcore Software and others\n\n", VERSION);
+ 
+@@ -65,76 +99,138 @@
+ 
+   exit(1);
+ }
++#endif
+ 
+ 
+ int main(int argc, char *argv[]) {
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   char buf[MAXREQUESTLENGTH];
+-  int pid, tp;
+-
++#endif
++  int tp;
++#if defined(CONFIG_HTTP_IS_DAEMON) || defined(CONFIG_STANDARD_AWHTTPD)
++  int pid;
++#endif
++
++#ifdef WIN32
++  WORD wVersionRequested = MAKEWORD(2,2);
++  WSADATA wsaData;
++  WSAStartup(wVersionRequested,&wsaData);
++#endif
++  
+   initlists();
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   if (argc != 2 && argc != 3) usage(argv[0]);
+ 
+   webroot = strdup(argv[1]);
++#else
++  webroot = CONFIG_HTTP_WEBROOT;
++#endif
+ 
+   tp = strlen(webroot);
+   if (webroot[tp-1] == '/') webroot[tp-1] = '\0';
+ 
+   if (isdir(webroot) == 0) {
++#ifdef CONFIG_HTTP_VERBOSE
+     fprintf(stderr, "'%s' is not a directory\n", webroot);
++#endif
+     exit(1);
+   }
+ 
+   defaultconfvals();
+ 
++#ifdef CONFIG_STANDARD_AWHTTPD
+   if (argc == 2) {
+     snprintf(buf, sizeof(buf), "%s/awhttpd.conf", webroot);
+     procconf(buf);
+   } else {
+     if ((tp=openlistener(atoi(argv[2]))) == -1) {
++#ifdef CONFIG_HTTP_VERBOSE
+       fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(argv[2]));
++#endif
+       exit(1);
+     }
++  }
++#else   /* not command line */
++  if ((tp=openlistener(CONFIG_HTTP_PORT)) == -1) {
++#ifdef CONFIG_HTTP_VERBOSE
++    fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
++              CONFIG_HTTP_PORT);
++#endif
++      exit(1);
++  }
++#endif /* CONFIG_STANDARD_AWHTTPD */
+ 
+     addindex("index.html");
+     addtoservers(tp);
+-    setgid(32767);
+-    setuid(32767);
+-  }
+ 
++#ifndef WIN32
++    if (getuid() == 0)
++    {
++        setgid(32767);
++        setuid(32767);
++    }
++#endif
++
++#ifdef CONFIG_HTTP_HAS_SSL
++    if ((tp=openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) {
++#ifdef CONFIG_HTTP_VERBOSE
++      fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", 
++              CONFIG_HTTP_HTTPS_PORT);
++#endif
++      exit(1);
++    }
++
++    addtoservers(tp);
++    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
++            SSL_DEFAULT_SVR_SESS);
++    servers->is_ssl = 1;
++#endif /* CONFIG_HTTP_HAS_SSL */
++
++#if defined (CONFIG_STANDARD_AWHTTPD)
+   if (permcheck == 1) procpermcheck(webroot);
++#elif defined(CONFIG_HTTP_PERM_CHECK) 
++  procpermcheck(webroot);
++#endif
++#if defined(CONFIG_HTTP_HAS_CGI)
++    addcgiext(CONFIG_HTTP_CGI_EXTENSION);
++#endif
++#if defined(CONFIG_HTTP_VERBOSE)
++  printf("awhttpd: listening on ports http:%d and https:%d\n", 
++          CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
++  TTY_FLUSH();
++#endif
+ 
++#if defined(CONFIG_HTTP_IS_DAEMON) || defined(CONFIG_STANDARD_AWHTTPD)
+   pid = fork();
+ 
+   if(pid > 0) {
+     status();
+     exit(0);
+   } else if(pid == -1) {
++#ifdef CONFIG_HTTP_VERBOSE
+     fprintf(stderr,"Anti-Web: Sorry, fork failed... Tough dice.\n");
++#endif
+     exit(1);
+   }
+ 
+   setsid();
++#endif
+ 
+   /* SIGNALS */
+-  signal(SIGINT, die);
+-  signal(SIGQUIT, die);
++  signal(SIGINT, sigint_cleanup);
+   signal(SIGTERM, die);
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#ifndef WIN32
+   signal(SIGCHLD, reaper);
+-
+-  #ifndef SOLARIS
+-  signal(SIGPIPE, nada);
+-  #endif
+-
+-  #ifdef SOLARIS
+-  act.sa_handler = nada;
+-  sigemptyset(&act.sa_mask);
+-  act.sa_flags = SA_RESTART;
+-
+-  sigaction(SIGPIPE,&act,NULL);
+-  #endif
+-
++#endif
++#endif
++#ifndef WIN32
++  signal(SIGQUIT, die);
++  signal(SIGPIPE, SIG_IGN);
++#endif
++  
+   selectloop();
+ 
+   return 0;
+diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
+--- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-06-28 20:38:44.937500000 +1000
+@@ -21,13 +21,14 @@
+ 
+ 
+ #include <string.h>
++#include "os_port.h"
+ 
+ 
+ char mime_default[] = "text/plain";
+ 
+ struct {
+-  char *ext;
+-  char *type;
++  const char *ext;
++  const char *type;
+ } mime_table[] = {
+ 
+ // Fundamentals
+@@ -161,7 +162,7 @@
+ };
+ 
+ 
+-char *getmimetype(char *name) {
++const char *getmimetype(char *name) {
+   int namelen, extlen, i;
+ 
+   namelen = strlen(name);
+@@ -178,3 +179,4 @@
+   return mime_default;
+ 
+ }
++
+diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
+--- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-06-28 20:38:44.937500000 +1000
+@@ -7,33 +7,33 @@
+ */
+ 
+ 
+-#include <stdlib.h>
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <string.h>
+-#include <sys/time.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+-#include <sys/resource.h>
+-#include <sys/wait.h>
+-#include <unistd.h>
+ 
+ #include "aw3.h"
+ 
+ 
+ 
+ 
+-void nada() { }
++void nada(int sigtype) { }
+ 
+ 
+-void die() {
++void die(int sigtype) {
+   exit(0);
+ }
+ 
+ 
+-void reaper() {
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#ifndef WIN32
++void reaper(int sigtype) {
+   wait3(NULL,WNOHANG,NULL);
+ }
++#endif
++#endif
+ 
+ 
+ void stripcrlf(char *p) {
+@@ -77,6 +77,7 @@
+ #endif
+ 
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+ int iscgi(char *fn) {
+ 
+   struct cgiextstruct *tp;
+@@ -97,6 +98,7 @@
+   return 0;
+ 
+ }
++#endif
+ 
+ 
+ 
+@@ -235,6 +237,7 @@
+ 
+ void buildactualfile(struct connstruct *cn) {
+ 
++#if 0
+   char tpbuf[MAXREQUESTLENGTH];
+ 
+   if (usevirtualhosts) {
+@@ -253,6 +256,26 @@
+            webroot,
+            cn->virtualhostreq,
+            cn->filereq);
++#endif
++  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
++           webroot,
++           cn->filereq);
++
++  /* Add directory slash if not there */
++  if (isdir(cn->actualfile) && 
++          cn->actualfile[strlen(cn->actualfile)-1] != '/')
++      strcat(cn->actualfile, "/");
++
++#ifdef WIN32
++  /* convert all the forward slashes to back slashes */
++  {
++      char *t = cn->actualfile;
++      while ((t = strchr(t, '/')))
++      {
++          *t++ = '\\';
++      }
++  }
++#endif
+ 
+   return;
+ 
+@@ -279,7 +302,7 @@
+ 
+ int isdir(char *tpbuf) {
+ 
+-  static struct stat st;
++  struct stat st;
+ 
+   if (stat(tpbuf, &st) == -1) return 0;
+ 
+@@ -292,6 +315,7 @@
+ 
+ // FIXME: Arg! This function is horrible! Rewrite it
+ void status() {
++#if defined(CONFIG_STANDARD_AWHTTPD)
+ 
+   int i;
+ 
+@@ -300,14 +324,16 @@
+   fprintf(stdout," [*************************************************]\n");
+   fprintf(stdout," [  DIRECTORY {%s}",webroot);
+   if(strlen(webroot)<35)
+-    for(i=1;i<=35-strlen(webroot);i++) fprintf(stdout," ");
++    for(i=1;i<=35-(int)strlen(webroot);i++) fprintf(stdout," ");
+   fprintf(stdout,"]\n");
+   fprintf(stdout," [*************************************************]\n");
+ 
++#endif
+ }
+ 
+ 
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+ /* This function was originally written by Nicolas Benoit
+    but I've rewritten some parts of it to work under
+    as many possible AW configurations as possible.
+@@ -329,7 +355,8 @@
+   while (fr_rs[i] != NULL) {
+     snprintf(tpfile, sizeof(tpfile), "%s/%s%s", webroot, cn->virtualhostreq, fr_str);
+ 
+-    if (iscgi(tpfile) && access(tpfile, X_OK) == 0 && isdir(tpfile) == 0) {
++    //if (iscgi(tpfile) && access(tpfile, X_OK) == 0 && isdir(tpfile) == 0) {
++    if (iscgi(tpfile) && isdir(tpfile) == 0) {
+       /* We've found our CGI file! */
+       my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
+       my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
+@@ -349,3 +376,4 @@
+   *(cn->cgipathinfo) = '\0';
+   return -1;
+ }
++#endif
+diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
+--- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-06-28 20:38:44.937500000 +1000
+@@ -8,9 +8,7 @@
+ 
+ 
+ #include <stdio.h>
+-#include <sys/time.h>
+ #include <sys/types.h>
+-#include <unistd.h>
+ #include <time.h>
+ #include <string.h>
+ #include <stdlib.h>
+@@ -23,9 +21,11 @@
+ void addtoservers(int sd) {
+   struct serverstruct *tp;
+ 
+-  tp = (struct serverstruct *) malloc(sizeof(struct serverstruct));
++  tp = (struct serverstruct *) calloc(1, sizeof(struct serverstruct));
+   if (tp == NULL) {
++#ifdef CONFIG_HTTP_VERBOSE
+     fprintf(stderr, "Serious memory error...\n");
++#endif
+     exit(1);
+   }
+ 
+@@ -44,7 +44,9 @@
+   struct connstruct *tp, *to;
+   struct serverstruct *sp;
+   int rnum, wnum, active;
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+   int currtime;
++#endif
+ 
+   while(1) {   // MAIN SELECT LOOP
+     FD_ZERO(&rfds);
+@@ -61,15 +63,19 @@
+ 
+     // Add the established sockets
+     tp = usedconns;
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+     currtime = time(NULL);
++#endif
+     while(tp != NULL) {
+ 
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+       if (istimedout(tp, currtime)) {
+         to = tp;
+         tp = tp->next;
+         removeconnection(to);
+         continue;
+       }
++#endif
+ 
+       if (tp->state == STATE_WANT_TO_READ_HEAD) {
+         FD_SET(tp->networkdesc, &rfds);
+@@ -87,10 +93,12 @@
+         FD_SET(tp->networkdesc, &wfds);
+         if (tp->networkdesc > wnum) wnum = tp->networkdesc;
+       }
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
+       if (tp->state == STATE_DOING_DIR) {
+         FD_SET(tp->networkdesc, &wfds);
+         if (tp->networkdesc > wnum) wnum = tp->networkdesc;
+       }
++#endif
+       tp = tp->next;
+     }
+ 
+@@ -104,7 +112,7 @@
+     sp = servers;
+     while(active > 0 && sp != NULL) {
+       if (FD_ISSET(sp->sd, &rfds)) {
+-        handlenewconnection(sp->sd);
++        handlenewconnection(sp->sd, sp->is_ssl);
+         active--;
+       }
+       sp = sp->next;
+@@ -112,7 +120,9 @@
+ 
+     // Handle the established sockets
+     tp = usedconns;
++#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+     currtime = time(NULL);
++#endif
+     while(active > 0 && tp != NULL) {
+       to = tp;
+       tp = tp->next;
+@@ -141,12 +151,14 @@
+           active--;
+           procsendfile(to);
+         }
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
+       if (to->state == STATE_DOING_DIR)
+         if (FD_ISSET(to->networkdesc, &wfds)) {
+           updatetimeout(to, currtime);
+           active--;
+           procdodir(to);
+         }
++#endif
+     }
+ 
+ 
+diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
+--- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-06-28 20:38:44.937500000 +1000
+@@ -7,21 +7,23 @@
+ */
+ 
+ 
+-#include <unistd.h>
+ #include <string.h>
++#include <stdio.h>
++#include <sys/stat.h>
+ 
+ #include "aw3.h"
+ 
++#if defined(CONFIG_HTTP_PERM_CHECK) || defined (CONFIG_STANDARD_AWHTTPD)
+ void procpermcheck(char *pathtocheck) {
+-
++  char thepath[MAXREQUESTLENGTH];
++#ifndef WIN32
+   DIR *tpdir;
+   struct dirent *dp;
+-  char thepath[MAXREQUESTLENGTH];
+ 
+   tpdir=opendir(pathtocheck);
+ 
+   if (tpdir==NULL) {
+-    printf("WARNING: UID (%d) is unable to read %s\n", getuid(), pathtocheck);
++    printf("WARNING: UID (%d) is unable to read %s\n", (int)getuid(), pathtocheck);
+     return;
+   }
+ 
+@@ -38,14 +40,56 @@
+     }
+ 
+     if (access(thepath, R_OK) != 0)
+-      printf("WARNING: UID (%d) is unable to read %s\n", getuid(), thepath);
++      printf("WARNING: UID (%d) is unable to read %s\n", (int)getuid(), thepath);
+     if (access(thepath, W_OK) == 0)
+-      printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", getuid(), thepath);
++      printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", (int)getuid(), thepath);
+ 
+   }
+ 
+   closedir(tpdir);
++#else   /* Win32 */
++  HANDLE tpdir;
++  WIN32_FIND_DATA file_data;
++  struct stat st;
++  char buf2[1024];
++
++  strcpy(buf2, pathtocheck);
++  strcat(buf2, "\\*");
++  tpdir = FindFirstFile(buf2, &file_data);
++
++  if (tpdir == INVALID_HANDLE_VALUE) {
++    printf("WARNING: unable to read %s\n", buf2);
++    TTY_FLUSH();
++    return;
++  }
++
++  while (FindNextFile(tpdir, &file_data)) {
++
++    if (strcmp(file_data.cFileName, "..")==0) continue;
++    if (strcmp(file_data.cFileName, ".")==0) continue;
++
++    snprintf(thepath, sizeof(thepath), "%s\\%s", 
++                    pathtocheck, file_data.cFileName);
+ 
+-  return;
++    if (isdir(thepath)) {
++      procpermcheck(thepath);
++      continue;
++    }
++
++    if (stat(thepath, &st) >= 0) {
++      if ((st.st_mode & _S_IREAD) == 0) {
++        printf("WARNING: unable to read %s\n", thepath);
++        TTY_FLUSH();
++      }
++
++      if (st.st_mode & _S_IWRITE) {
++        printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
++        TTY_FLUSH();
++      }
++    }
++  }
+ 
++  FindClose(tpdir);
++#endif
+ }
++#endif  /* CONFIG_HTTP_PERM_CHECK */
+diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
+--- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-06-28 20:47:25.109375000 +1000
+@@ -13,14 +13,12 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+-#include <unistd.h>
+ #include <time.h>
+ #include <string.h>
+ 
+ #include "aw3.h"
+ 
+-
+-
++static int special_read(struct connstruct *cn, void *buf, size_t count);
+ 
+ // Returns 1 if elems should continue being read, 0 otherwise
+ int procheadelem(struct connstruct *cn, char *buf) {
+@@ -53,7 +51,9 @@
+ 
+     my_strncpy(cn->filereq, segs[0], MAXREQUESTLENGTH);
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+     if (segs[1] != NULL) my_strncpy(cn->cgiargs, segs[1], MAXREQUESTLENGTH);
++#endif
+ 
+   } else if (strcmp(words[0], "Host:")==0) {
+ 
+@@ -85,19 +85,22 @@
+ 
+   return 1;
+ 
+-}
+-
+ 
++}
+ 
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
+ void procdirlisting(struct connstruct *cn) {
+ 
+   char buf[MAXREQUESTLENGTH];
++  char actualfile[1024];
+ 
++#ifndef CONFIG_HTTP_DIRECTORIES
+   if (allowdirectorylisting == 0) {
+     send404(cn);
+     removeconnection(cn);
+     return;
+   }
++#endif
+ 
+   if (cn->reqtype == TYPE_HEAD) {
+     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
+@@ -107,7 +110,17 @@
+     return;
+   }
+ 
+-  cn->dirp = opendir(cn->actualfile);
++  strcpy(actualfile, cn->actualfile);
++#ifdef WIN32
++  strcat(actualfile, "*");
++  cn->dirp = FindFirstFile(actualfile, &cn->file_data);
++  if (cn->dirp == INVALID_HANDLE_VALUE) {
++    send404(cn);
++    removeconnection(cn);
++    return;
++  }
++#else
++  cn->dirp = opendir(actualfile);
+   if (cn->dirp == NULL) {
+     send404(cn);
+     removeconnection(cn);
+@@ -116,12 +129,13 @@
+ 
+   // Get rid of the "."
+   readdir(cn->dirp);
++#endif
+ 
+   // If the browser doesn't specify a virtual host, the client will
+   // see "http://default/thedir/" instead of "http://thehost.com/thedir/"
+   // Consider this punishment for using such an old browser.
+   snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of http://%s%s</H2><BR>\n", cn->virtualhostreq, cn->filereq);
+-  write(cn->networkdesc, buf, strlen(buf));
++  special_write(cn, buf, strlen(buf));
+ 
+   cn->state = STATE_DOING_DIR;
+ 
+@@ -134,36 +148,48 @@
+ 
+ void procdodir(struct connstruct *cn) {
+ 
++#ifndef WIN32
+   struct dirent *dp;
++#endif
+   char buf[MAXREQUESTLENGTH];
+-  char encbuf[sizeof(dp->d_name)*3+1];
++  char encbuf[1024];
+   int putslash;
++  char *file;
+ 
+   do {
+ 
+-    if ((dp = readdir(cn->dirp)) == NULL) {
++#ifdef WIN32
++    if (!FindNextFile(cn->dirp, &cn->file_data)) {
++#else
++    if ((dp = readdir(cn->dirp)) == NULL)  {
++#endif
+       snprintf(buf, sizeof(buf), "<BR><BR>End of Anti-Web directory listing.</BODY></HTML>\n");
+-      write(cn->networkdesc, buf, strlen(buf));
++      special_write(cn, buf, strlen(buf));
+       removeconnection(cn);
+       return;
+     }
+ 
++#ifdef WIN32
++    file = cn->file_data.cFileName;
++#else
++    file = dp->d_name;
++#endif
+     if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
+-        strcmp(dp->d_name, "..") == 0) continue;
++        strcmp(file, "..") == 0) continue;
+ 
+-    snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, dp->d_name);
++    snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
+     putslash = isdir(buf);
+ 
+-    urlencode(dp->d_name, encbuf);
++    urlencode(file, encbuf);
+     snprintf(buf, sizeof(buf), "<A HREF=\"%s%s\">%s%s</A><BR>\n",
+-	     encbuf, putslash ? "/" : "", dp->d_name, putslash ? "/" : "");
+-    write(cn->networkdesc, buf, strlen(buf));
++	     encbuf, putslash ? "/" : "", file, putslash ? "/" : "");
++    special_write(cn, buf, strlen(buf));
+ 
+   } while (issockwriteable(cn->networkdesc));
+ 
+   return;
+ }
+-
++#endif
+ 
+ 
+ 
+@@ -172,9 +198,10 @@
+   char buf[MAXREQUESTLENGTH*4], *tp, *next;
+   int rv;
+ 
+-  rv = read(cn->networkdesc, buf, sizeof(buf)-1);
+-  if (rv == 0 || rv == -1) {
+-    removeconnection(cn);
++  rv = special_read(cn, buf, sizeof(buf)-1);
++  if (rv <= 0) {
++      if (rv < 0)
++        removeconnection(cn);
+     return;
+   }
+ 
+@@ -217,36 +244,97 @@
+ void procsendhead(struct connstruct *cn) {
+ 
+   char buf[1024];
++  char actualfile[1024];
+   struct stat stbuf;
+ 
+-  if (stat(cn->actualfile, &stbuf) == -1) {
++  strcpy(actualfile, cn->actualfile);
++
++#ifdef WIN32
++  /* stat() under win32 can't deal with trail slash */
++  if (actualfile[strlen(actualfile)-1] == '\\')
++    actualfile[strlen(actualfile)-1] = 0;
++#endif
++
++  if (stat(actualfile, &stbuf) == -1) {
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#ifndef CONFIG_HTTP_HAS_CGI
+     if (allowcgi != 0) {
++#endif
+       if (trycgi_withpathinfo(cn) == 0) { // We Try To Find A CGI
+         proccgi(cn,1);
+         return;
+       }
++#ifndef CONFIG_HTTP_HAS_CGI
+     }
++#endif
++#endif
+ 
+     send404(cn);
+     removeconnection(cn);
+     return;
+   }
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+   if (iscgi(cn->actualfile)) {
++#ifndef WIN32
+     // Set up CGI script
+-    if (allowcgi == 0 ||
+-        access(cn->actualfile, X_OK) != 0 ||
+-        isdir(cn->actualfile)) {
++    if (
++#ifndef CONFIG_HTTP_HAS_CGI
++        allowcgi == 0 ||
++#endif
++                (stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
++          send404(cn);
++          removeconnection(cn);
++          return;
++        }
++#endif
++
++    proccgi(cn,0);
++    return;
++  }
++#endif
++
++  if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
++    if (cn->filereq[strlen(cn->filereq)-1] != '/') {
++      send301(cn);
++      removeconnection(cn);
++      return;
++    }
++
++    // Check to see if this dir has an index file
++    if (procindex(cn, &stbuf) == 0) {
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++      // If not, we do a directory listing of it
++      procdirlisting(cn);
++#else
+       send404(cn);
+       removeconnection(cn);
++#endif
+       return;
+     }
+ 
+-    proccgi(cn,0);
+-    return;
+-  }
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++    // If the index is a CGI file, handle it like any other CGI
++    if (iscgi(cn->actualfile)) {
++      // Set up CGI script
++#ifndef CONFIG_HTTP_HAS_CGI
++      if (allowcgi == 0 ||
++          (stbuf.st_mode & S_IEXEC) == 0 != 0 || isdir(cn->actualfile)) {
++#else
++      if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
++#endif
++        send404(cn);
++        removeconnection(cn);
++        return;
++      }
+ 
++      proccgi(cn,0);
++      return;
++    }
++#endif
++    // If the index isn't a CGI, we continue on with the index file
+ 
++  }
+   if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
+     if (cn->filereq[strlen(cn->filereq)-1] != '/') {
+       send301(cn);
+@@ -256,16 +344,24 @@
+ 
+     // Check to see if this dir has an index file
+     if (procindex(cn, &stbuf) == 0) {
++#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
+       // If not, we do a directory listing of it
+       procdirlisting(cn);
++#endif
+       return;
+     }
+ 
++#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+     // If the index is a CGI file, handle it like any other CGI
+     if (iscgi(cn->actualfile)) {
+       // Set up CGI script
+-      if (allowcgi == 0 ||
+-          access(cn->actualfile, X_OK) != 0 ||
++      if (
++#ifdef CONFIG_HTTP_HAS_CGI
++          (stbuf.st_mode & S_IEXEC) == 0 ||
++#else
++          allowcgi == 0 ||
++          (stbuf.st_mode & S_IEXEC) == 0 ||
++#endif
+           isdir(cn->actualfile)) {
+         send404(cn);
+         removeconnection(cn);
+@@ -275,6 +371,7 @@
+       proccgi(cn,0);
+       return;
+     }
++#endif
+     // If the index isn't a CGI, we continue on with the index file
+ 
+   }
+@@ -282,6 +379,7 @@
+   if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
+     cn->offset = -1;
+ 
++#if defined (CONFIG_STANDARD_AWHTTPD)
+     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
+                VERSION,
+                quote,
+@@ -299,15 +397,41 @@
+                (long) stbuf.st_size - cn->offset,
+                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+   }
++#else
++#ifdef CONFIG_HTTP_VERBOSE
++    printf("awhttpd: %s send %s\n", 
++            cn->is_ssl ? "https" : "http", cn->actualfile);
++    TTY_FLUSH();
++#endif
++    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
++               VERSION,
++               getmimetype(cn->actualfile),
++               (long) stbuf.st_size,
++               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
++  } else {
++    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
++               VERSION,
++               getmimetype(cn->actualfile),
++               cn->offset,
++               (long) stbuf.st_size-1,
++               (long) stbuf.st_size,
++               (long) stbuf.st_size - cn->offset,
++               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
++  }
++#endif  /* CONFIG_HTTP_USE_QUOTE */
+ 
+-  write(cn->networkdesc, buf, strlen(buf));
++  special_write(cn, buf, strlen(buf));
+ 
+   if (cn->reqtype == TYPE_HEAD) {
+     removeconnection(cn);
+     return;
+   } else {
++    int flags = O_RDONLY;
++#ifdef WIN32
++    flags |= O_BINARY;
++#endif
+ 
+-    cn->filedesc = open(cn->actualfile, O_RDONLY);
++    cn->filedesc = open(cn->actualfile, flags);
+     if (cn->filedesc == -1) {
+       send404(cn);
+       removeconnection(cn);
+@@ -318,7 +442,23 @@
+       lseek(cn->filedesc, cn->offset, SEEK_SET);
+     }
+ 
++#ifdef WIN32
++    for (;;)
++    {
++        procreadfile(cn);
++        if (cn->filedesc == -1)
++        {
++           break;
++        }
++       
++        do 
++        {
++            procsendfile(cn);
++        } while (cn->state != STATE_WANT_TO_READ_FILE);
++    }
++#else
+     cn->state = STATE_WANT_TO_READ_FILE;
++#endif
+     return;
+   }
+ 
+@@ -328,13 +468,13 @@
+ 
+ void procreadfile(struct connstruct *cn) {
+ 
+-  int rv;
+-
+-  rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
++  int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
+ 
+   if (rv == 0 || rv == -1) {
+-    removeconnection(cn);
+-    return;
++      close(cn->filedesc);
++      cn->filedesc = -1;
++      removeconnection(cn);
++      return;
+   }
+ 
+   cn->numbytes = rv;
+@@ -347,11 +487,9 @@
+ 
+ void procsendfile(struct connstruct *cn) {
+ 
+-  int rv;
++  int rv = special_write(cn, cn->databuf, cn->numbytes);
+ 
+-  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
+-
+-  if (rv == -1)
++  if (rv < 0)
+     removeconnection(cn);
+   else if (rv == cn->numbytes)
+     cn->state = STATE_WANT_TO_READ_FILE;
+@@ -361,7 +499,47 @@
+     memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
+     cn->numbytes -= rv;
+   }
++}
+ 
+-  return;
++int special_write(struct connstruct *cn, 
++        const uint8_t *buf, size_t count)
++{
++    int res;
++
++#ifdef CONFIG_HTTP_HAS_SSL
++    if (cn->is_ssl)
++    {
++        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
++        if (ssl)
++        {
++            res = ssl_write(ssl, (unsigned char *)buf, count);
++        }
++        else
++            return -1;
++    }
++    else
++#endif
++        res = SOCKET_WRITE(cn->networkdesc, buf, count);
++
++    return res;
++}
++
++static int special_read(struct connstruct *cn, void *buf, size_t count)
++{
++    int res;
++
++#ifdef CONFIG_HTTP_HAS_SSL
++    if (cn->is_ssl)
++    {
++        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
++        unsigned char *read_buf;
++
++        if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
++            memcpy(buf, read_buf, res > (int)count ? count : res);
++    }
++    else
++#endif
++        res = SOCKET_READ(cn->networkdesc, buf, count);
+ 
++    return res;
+ }
+diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
+--- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-06-28 20:38:44.953125000 +1000
+@@ -8,19 +8,11 @@
+ 
+ 
+ #include <stdio.h>
+-#include <netdb.h>
+-#include <sys/time.h>
+ #include <sys/types.h>
+-#include <netinet/in.h>
+-#include <sys/socket.h>
+-#include <sys/wait.h>
+-#include <arpa/inet.h>
+ #include <time.h>
+-#include <unistd.h>
+ #include <string.h>
+ 
+ 
+-
+ #include "aw3.h"
+ 
+ 
+@@ -62,7 +54,7 @@
+ 
+ #ifdef HAVE_IPV6
+ 
+-void handlenewconnection(int listenfd) {
++void handlenewconnection(int listenfd, int is_ssl) {
+ 
+   struct sockaddr_in6 their_addr;
+   int tp = sizeof(their_addr);
+@@ -82,7 +74,7 @@
+     *ipbuf = '\0';
+   }
+ 
+-  if (checkmaxusers(connfd)) addconnection(connfd, ipbuf);
++  if (checkmaxusers(connfd)) addconnection(connfd, ipbuf, is_ssl);
+ 
+   return;
+ 
+@@ -90,19 +82,18 @@
+ 
+ #else
+ 
+-void handlenewconnection(int listenfd) {
++void handlenewconnection(int listenfd, int is_ssl) {
+ 
+   struct sockaddr_in their_addr;
+   int tp = sizeof(struct sockaddr_in);
+   int connfd;
+-  char ipbuf[100];
+ 
+   connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+ 
+   if (connfd == -1) return;
+ 
+   if (checkmaxusers(connfd))
+-    addconnection(connfd, inet_ntoa(their_addr.sin_addr));
++    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
+ 
+   return;
+ }
+@@ -113,8 +104,12 @@
+ 
+ 
+ int openlistener(int port) {
+-
+-  int tp=0,sd;
++  int sd;
++#ifdef WIN32
++  char tp=1;
++#else
++  int tp=1;
++#endif
+   struct sockaddr_in my_addr;
+ 
+   if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return -1;
+@@ -125,7 +120,7 @@
+   setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+  
+   my_addr.sin_family = AF_INET;         // host byte order
+-  my_addr.sin_port = htons(port);       // short, network byte order
++  my_addr.sin_port = htons((short)port);       // short, network byte order
+   my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
+ 
+   memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
+diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
+--- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-06-28 20:38:44.953125000 +1000
+@@ -13,7 +13,7 @@
+ 
+ #include <ctype.h>
+ #include <stdlib.h>
+-
++#include <stdio.h>
+ #include "aw3.h"
+ 
+ 
+@@ -37,7 +37,7 @@
+        (*p > 'Z' && *p < '_') ||
+        (*p > '_' && *p < 'a') ||
+        (*p > 'z' && *p < 0xA1)) {
+-        sprintf(tp, "%%%02X", *p);
++        sprintf((char *)tp, "%%%02X", *p);
+         tp += 3; 
+       } else {
+ 	*tp = *p;
diff --git a/samples/Config.in b/samples/Config.in
new file mode 100644
index 0000000000..a17f252f9d
--- /dev/null
+++ b/samples/Config.in
@@ -0,0 +1,56 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Samples"
+
+config CONFIG_SAMPLES
+    bool "Create Samples"
+    default y
+    help
+        axTLS contains various sample code.
+
+        Select Y here if you want to build the various samples.
+
+config CONFIG_C_SAMPLES
+    bool "axssl - C version"
+    default y
+    depends on CONFIG_SAMPLES
+    help
+        Build the "C" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_CSHARP_SAMPLES
+    bool "axssl - C# version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS
+    help
+        Build the "C#" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_VBNET_SAMPLES
+    bool "axssl - VB.NET version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS
+    help
+        Build the "VB.NET" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_JAVA_SAMPLES
+    bool "axssl - Java version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS
+    help
+        Build the "Java" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_PERL_SAMPLES
+    bool "axssl - Perl version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS
+    help
+        Build the "Perl" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+endmenu
+
diff --git a/samples/Makefile b/samples/Makefile
new file mode 100644
index 0000000000..4a7acd7861
--- /dev/null
+++ b/samples/Makefile
@@ -0,0 +1,46 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../config/.config
+include ../config/makefile.conf
+
+all:
+ifdef CONFIG_C_SAMPLES
+	$(MAKE) -C c
+endif
+ifdef CONFIG_CSHARP_SAMPLES
+	$(MAKE) -C csharp
+endif
+ifdef CONFIG_VBNET_SAMPLES
+	$(MAKE) -C vbnet
+endif
+ifdef CONFIG_JAVA_SAMPLES
+	$(MAKE) -C java
+endif
+ifdef CONFIG_PERL_SAMPLES
+	$(MAKE) -C perl
+endif
+
+clean::
+	$(MAKE) -C c clean
+	$(MAKE) -C csharp clean
+	$(MAKE) -C vbnet clean
+	$(MAKE) -C java clean
+	$(MAKE) -C perl clean
diff --git a/samples/c/Makefile b/samples/c/Makefile
new file mode 100644
index 0000000000..656b8cb6cd
--- /dev/null
+++ b/samples/c/Makefile
@@ -0,0 +1,67 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all : sample
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+ifndef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET=../../axssl.exe
+else
+TARGET=../../axssl
+endif   # cygwin
+
+LIBS=../../libaxtls.a
+CFLAGS += -I../../ssl -I../../config
+else
+TARGET=../../axssl.exe
+LIBS=../../axtls.lib
+CFLAGS += /I"..\..\ssl" /I"..\..\config"
+endif
+
+ifndef CONFIG_C_SAMPLES
+sample:
+
+else
+sample : $(TARGET)
+OBJ= axssl.o
+include ../../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32
+
+$(TARGET): $(OBJ) $(LIBS)
+	$(LD) $(LDFLAGS) -o $@ $^
+ifndef CONFIG_DEBUG
+ifndef CONFIG_PLATFORM_SOLARIS
+	strip --remove-section=.comment $(TARGET)
+endif   # SOLARIS
+endif   # CONFIG_DEBUG
+else    # Win32
+
+$(TARGET): $(OBJ) $(LIBS)
+	$(LD) $(LDFLAGS) ..\..\config\axtls.res /out:$@ $^
+endif
+
+endif    # CONFIG_C_SAMPLES
+
+clean::
+	-@rm -f ../../axssl*
+
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
new file mode 100644
index 0000000000..955340ca82
--- /dev/null
+++ b/samples/c/axssl.c
@@ -0,0 +1,862 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file axssl.c
+ *
+ * Demonstrate the use of the axTLS library in C with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl s_server -?
+ * > axssl s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl.h"
+
+/* define standard input */
+#ifndef STDIN_FILENO
+#define STDIN_FILENO        0
+#endif
+
+static void do_server(int argc, char *argv[]);
+static void print_options(char *option);
+static void print_server_options(char *option);
+static void do_client(int argc, char *argv[]);
+static void print_client_options(char *option);
+static void display_cipher(SSL *ssl);
+static void display_session_id(SSL *ssl);
+
+/**
+ * Main entry point. Doesn't do much except works out whether we are a client
+ * or a server.
+ */
+int main(int argc, char *argv[])
+{
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+#elif !defined(SOLARIS)
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+#endif
+
+    if (argc < 2 || (
+                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
+    {
+        print_options(argc > 1 ? argv[1] : "");
+    }
+
+    strcmp(argv[1], "s_server") ? 
+        do_client(argc, argv) : do_server(argc, argv);
+    return 0;
+}
+
+/**
+ * Implement the SSL server logic. 
+ */
+static void do_server(int argc, char *argv[])
+{
+    int i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_DISPLAY_CERTS;
+    int client_fd;
+    SSLCTX *ssl_ctx;
+    int server_fd, client_len, res = 0;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    char *private_key_file = NULL;
+    const char *password = NULL;
+    char **cert;
+    int cert_index = 0;
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef WIN32
+    char yes = 1;
+#else
+    int yes = 1;
+#endif
+    struct sockaddr_in serv_addr;
+    struct sockaddr_in client_addr;
+    int quiet = 0;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_index = 0;
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+#endif
+    fd_set read_set;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+#endif
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-accept") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            port = atoi(argv[++i]);
+        }
+#ifndef CONFIG_SSL_SKELETON_MODE
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#endif
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options |= SSL_CLIENT_AUTHENTICATION;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_server_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Server context is invalid\n");
+        exit(1);
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(ca_cert);
+#endif
+#ifndef CONFIG_SSL_SKELETON_MODE
+    free(cert);
+#endif
+
+    for (;;)
+    {
+        SSL *ssl;
+        int reconnected = 0;
+
+        if (!quiet)
+        {
+            printf("ACCEPT\n");
+            TTY_FLUSH();
+        }
+
+        if ((client_fd = accept(server_fd, 
+                (struct sockaddr *)&client_addr, &client_len)) < 0)
+        {
+            res = 1;
+            break;
+        }
+
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+
+        /* now read (and display) whatever the client sends us */
+        for (;;)
+        {
+            /* allow parallel reading of client and standard input */
+            FD_ZERO(&read_set);
+            FD_SET(client_fd, &read_set);
+
+#ifndef WIN32
+            /* win32 doesn't like mixing up stdin and sockets */
+            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
+            {
+                FD_SET(STDIN_FILENO, &read_set);
+            }
+
+            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+            {
+               uint8_t buf[1024];
+
+                /* read standard input? */
+                if (FD_ISSET(STDIN_FILENO, &read_set))
+                {
+                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                    {
+                        res = SSL_ERROR_CONN_LOST;
+                    }
+                    else
+                    {
+                        /* small hack to check renegotiation */
+                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
+                        {
+                            res = ssl_renegotiate(ssl);
+                        }
+                        else    /* write our ramblings to the client */
+                        {
+                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        }
+                    }
+                }
+                else    /* a socket read */
+#endif
+                {
+                    /* keep reading until we get something interesting */
+                    uint8_t *read_buf;
+
+                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
+                    {
+                        /* are we in the middle of doing a handshake? */
+                        if (ssl_handshake_status(ssl) != SSL_OK)
+                        {
+                            reconnected = 0;
+                        }
+                        else if (!reconnected)
+                        {
+                            /* we are connected/reconnected */
+                            if (!quiet)
+                            {
+                                display_session_id(ssl);
+                                display_cipher(ssl);
+                            }
+
+                            reconnected = 1;
+                        }
+                    }
+
+                    if (res > 0)    /* display our interesting output */
+                    {
+                        printf("%s", read_buf);
+                        TTY_FLUSH();
+                    }
+                    else if (res < 0 && !quiet)
+                    {
+                        ssl_display_error(res);
+                    }
+                }
+#ifndef WIN32
+            }
+#endif
+
+            if (res < SSL_OK)
+            {
+                if (!quiet)
+                {
+                    printf("CONNECTION CLOSED\n");
+                    TTY_FLUSH();
+                }
+
+                break;
+            }
+        }
+
+        /* client was disconnected or the handshake failed. */
+        ssl_free(ssl);
+        SOCKET_CLOSE(client_fd);
+    }
+
+    ssl_ctx_free(ssl_ctx);
+}
+
+/**
+ * Implement the SSL client logic.
+ */
+static void do_client(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int res, i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
+    int client_fd;
+    char *private_key_file = NULL;
+    struct sockaddr_in client_addr;
+    struct hostent *hostent;
+    int reconnect = 0;
+    uint32_t sin_addr;
+    SSLCTX *ssl_ctx;
+    SSL *ssl = NULL;
+    int quiet = 0;
+    int cert_index = 0, ca_cert_index = 0;
+    int cert_size, ca_cert_size;
+    char **ca_cert, **cert;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    fd_set read_set;
+    const char *password = NULL;
+
+    FD_ZERO(&read_set);
+    sin_addr = inet_addr("127.0.0.1");
+    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-connect") == 0)
+        {
+            char *host, *ptr;
+
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            host = argv[++i];
+            if ((ptr = strchr(host, ':')) == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            *ptr++ = 0;
+            port = atoi(ptr);
+            hostent = gethostbyname(host);
+
+            if (hostent == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
+        }
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options &= ~SSL_SERVER_VERIFY_LATER;
+        }
+        else if (strcmp(argv[i], "-reconnect") == 0)
+        {
+            reconnect = 4;
+        }
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_client_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Client context is invalid\n");
+        exit(1);
+    }
+
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(cert);
+    free(ca_cert);
+
+    /* Try session resumption? */
+    if (reconnect)
+    {
+        while (reconnect--)
+        {
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
+            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+            {
+                if (!quiet)
+                {
+                    ssl_display_error(res);
+                }
+
+                ssl_free(ssl);
+                exit(1);
+            }
+
+            display_session_id(ssl);
+            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+
+            if (reconnect)
+            {
+                ssl_free(ssl);
+                SOCKET_CLOSE(client_fd);
+
+                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+                connect(client_fd, (struct sockaddr *)&client_addr, 
+                        sizeof(client_addr));
+            }
+        }
+    }
+    else
+    {
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
+    }
+
+    /* check the return status */
+    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+    {
+        if (!quiet)
+        {
+            ssl_display_error(res);
+        }
+
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        const char *common_name = ssl_get_cert_dn(ssl,
+                SSL_X509_CERT_COMMON_NAME);
+        if (common_name)
+        {
+            printf("Common Name:\t\t%s\n", common_name);
+        }
+
+        display_session_id(ssl);
+        display_cipher(ssl);
+    }
+
+    for (;;)
+    {
+        uint8_t buf[1024];
+        res = SSL_OK;
+
+        /* allow parallel reading of server and standard input */
+        FD_SET(client_fd, &read_set);
+#ifndef WIN32
+        /* win32 doesn't like mixing up stdin and sockets */
+        FD_SET(STDIN_FILENO, &read_set);
+
+        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+        {
+            /* read standard input? */
+            if (FD_ISSET(STDIN_FILENO, &read_set))
+#endif
+            {
+                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                {
+                    /* bomb out of here */
+                    ssl_free(ssl);
+                    break;
+                }
+                else
+                {
+                    /* small hack to check renegotiation */
+                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
+                    {
+                        res = ssl_renegotiate(ssl);
+                    }
+                    else
+                    {
+                        res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                    }
+                }
+            }
+#ifndef WIN32
+            else    /* a socket read */
+            {
+                uint8_t *read_buf;
+
+                res = ssl_read(ssl, &read_buf);
+
+                if (res > 0)    /* display our interesting output */
+                {
+                    printf("%s", read_buf);
+                    TTY_FLUSH();
+                }
+            }
+        }
+#endif
+
+        if (res < 0)
+        {
+            if (!quiet)
+            {
+                ssl_display_error(res);
+            }
+
+            break;      /* get outta here */
+        }
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    SOCKET_CLOSE(client_fd);
+#else
+    print_client_options(argv[1]);
+#endif
+}
+
+/**
+ * We've had some sort of command-line error. Print out the basic options.
+ */
+static void print_options(char *option)
+{
+    printf("axssl: Error: '%s' is an invalid command.\n", option);
+    printf("usage: axssl [s_server|s_client] [args ...]\n");
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the server options.
+ */
+static void print_server_options(char *option)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+#ifndef CONFIG_SSL_SKELETON_MODE
+    printf(" -cert arg\t- certificate file to add (in addition to default)"
+                                    " to chain -\n"
+          "\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#endif
+    printf(" -quiet\t\t- No server output\n");
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the client options.
+ */
+static void print_client_options(char *option)
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    printf("usage: s_client [args ...]\n");
+    printf(" -connect host:port - who to connect to (default "
+            "is localhost:4433)\n");
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -cert arg\t- certificate file to use\n");
+    printf("\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+    printf(" -quiet\t\t- No client output\n");
+    printf(" -reconnect\t- Drop and re-make the connection "
+            "with the same Session-ID\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+#else
+    printf("Change configuration to allow this feature\n");
+#endif
+    exit(1);
+}
+
+/**
+ * Display what cipher we are using 
+ */
+static void display_cipher(SSL *ssl)
+{
+    printf("CIPHER is ");
+    switch (ssl_get_cipher_id(ssl))
+    {
+        case SSL_AES128_SHA:
+            printf("AES128-SHA");
+            break;
+
+        case SSL_AES256_SHA:
+            printf("AES256-SHA");
+            break;
+
+        case SSL_RC4_128_SHA:
+            printf("RC4-SHA");
+            break;
+
+        case SSL_RC4_128_MD5:
+            printf("RC4-MD5");
+            break;
+
+        default:
+            printf("Unknown - %d", ssl_get_cipher_id(ssl));
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Display what session id we have.
+ */
+static void display_session_id(SSL *ssl)
+{    
+    int i;
+    const uint8_t *session_id = ssl_get_session_id(ssl);
+
+    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+    for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+    {
+        printf("%02x", session_id[i]);
+    }
+    printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    TTY_FLUSH();
+}
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
new file mode 100644
index 0000000000..8e299fd749
--- /dev/null
+++ b/samples/csharp/Makefile
@@ -0,0 +1,36 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.dotnet.conf
+
+all : sample
+TARGET=../../axssl.csharp.exe
+sample : $(TARGET)
+
+$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs 
+ifdef GO_DOT_NET
+	csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
+else    # use mono to build
+	mcs -out:$@ $^
+
+endif    # ARCH
+
+clean::
+	-@rm -f $(TARGET)
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
new file mode 100644
index 0000000000..ca8281d654
--- /dev/null
+++ b/samples/csharp/axssl.cs
@@ -0,0 +1,744 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * axssl.cs
+ *
+ * Demonstrate the use of the axTLS library in C# with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl.csharp.exe s_server -?
+ * > axssl.csharp.exe s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+
+using System;
+using System.Net;
+using System.Net.Sockets;
+using axTLS;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void Main(string[] args)
+    {
+        axssl runner = new axssl();
+
+        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
+        {
+            runner.print_options(args.Length > 0 ? args[0] : "");
+        }
+
+        int build_mode = SSLUtil.BuildMode();
+
+        if (args[0] == "s_server")
+        {
+            runner.do_server(build_mode, args);
+        }
+        else 
+        {
+            runner.do_client(build_mode, args);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, string[] args)
+    {
+        int i = 1;
+        int port = 4433;
+        uint options = axtls.SSL_DISPLAY_CERTS;
+        bool quiet = false;
+        string password = null;
+        string private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-accept")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Int32.Parse(args[++i]);
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i] == "-cert")
+                {
+                    if (i >= args.Length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i] == "-key")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtls.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i] == "-pass")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i] == "-verify")
+                    {
+                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i] == "-CAfile")
+                    {
+                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i] == "-debug")
+                        {
+                            options |= axtls.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i] == "-state")
+                        {
+                            options |= axtls.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i] == "-show-rsa")
+                        {
+                            options |= axtls.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
+        TcpListener server_sock = new TcpListener(ep);
+        server_sock.Start();      
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(
+                                options, axtls.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Server context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        byte[] buf = null;
+        int res;
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                Console.WriteLine("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.AcceptSocket();
+
+            SSL ssl = ssl_ctx.Connect(client_sock);
+
+            /* do the actual SSL handshake */
+            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.HandshakeStatus() == axtls.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtls.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtls.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            Console.WriteLine("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to string */
+                    char[] str = new char[res];
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    Console.Write(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.Dispose();
+            client_sock.Close();
+        }
+
+        /* ssl_ctx.Dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, string[] args)
+    {
+        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        bool quiet = false;
+        string password = null;
+        int reconnect = 0;
+        string private_key_file = null;
+        string hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+
+        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-connect")
+            {
+                string host_port;
+
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.IndexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new string(host_port.ToCharArray(), 
+                        0, index_colon);
+                port = Int32.Parse(new String(host_port.ToCharArray(), 
+                            index_colon+1, host_port.Length-index_colon-1));
+            }
+            else if (args[i] == "-cert")
+            {
+                if (i >= args.Length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i] == "-key")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtls.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i] == "-CAfile")
+            {
+                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i] == "-verify")
+            {
+                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i] == "-reconnect")
+            {
+                reconnect = 4;
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i] == "-pass")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i] == "-debug")
+                {
+                    options |= axtls.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i] == "-state")
+                {
+                    options |= axtls.SSL_DISPLAY_STATES;
+                }
+                else if (args[i] == "-show-rsa")
+                {
+                    options |= axtls.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
+        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
+        IPAddress[] addresses = hostInfo.AddressList;
+        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
+        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
+                SocketType.Stream, ProtocolType.Tcp);
+        client_sock.Connect(ep);
+
+        if (!client_sock.Connected)
+        {
+            Console.WriteLine("could not connect");
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            Console.WriteLine("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options,
+                                    axtls.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Client context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.Connect(client_sock, session_id);
+
+                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.DisplayError(res);
+                    }
+
+                    ssl.Dispose();
+                    Environment.Exit(1);
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.GetSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.Dispose();
+                    client_sock.Close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(AddressFamily.InterNetwork, 
+                        SocketType.Stream, ProtocolType.Tcp);
+                    client_sock.Connect(ep);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.Connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            string common_name =
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                Console.WriteLine("Common Name:\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        for (;;)
+        {
+            string user_input = Console.ReadLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.Length+2];
+            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.Length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.Length-2; i++)
+            {
+                buf[i] = (byte)user_input[i];
+            }
+
+            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.DisplayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.Dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(string option)
+    {
+        Console.WriteLine("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        Console.WriteLine("usage: axssl.cs.exe [s_server|s_client] [args ...]");
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+        Console.WriteLine("usage: s_server [args ...]");
+        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        Console.WriteLine(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+        {
+          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
+                  "addition to default) to chain -");
+          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
+          Console.WriteLine(" -key arg\t- Private key file to use");
+          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            Console.WriteLine(" -verify\t- turn on peer certificate " +
+                    "verification");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + 
+                    ca_cert_size + "times");
+        }
+
+        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+        {
+            Console.WriteLine(" -debug\t\t- Print more output");
+            Console.WriteLine(" -state\t\t- Show state messages");
+            Console.WriteLine(" -show-rsa\t- Show RSA state");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            Console.WriteLine("usage: s_client [args ...]");
+            Console.WriteLine(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            Console.WriteLine(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            Console.WriteLine(" -cert arg\t- certificate file to use");
+            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
+            Console.WriteLine(" -key arg\t- Private key file to use");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            Console.WriteLine(" -quiet\t\t- No client output");
+            Console.WriteLine(" -pass\t\t- private key file pass " + 
+                    "phrase source");
+            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                Console.WriteLine(" -debug\t\t- Print more output");
+                Console.WriteLine(" -state\t\t- Show state messages");
+                Console.WriteLine(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            Console.WriteLine("Change configuration to allow this feature");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        Console.Write("CIPHER is ");
+
+        switch (ssl.GetCipherId())
+        {
+            case axtls.SSL_AES128_SHA:
+                Console.WriteLine("AES128-SHA");
+                break;
+
+            case axtls.SSL_AES256_SHA:
+                Console.WriteLine("AES256-SHA");
+                break;
+
+            case axtls.SSL_RC4_128_SHA:
+                Console.WriteLine("RC4-SHA");
+                break;
+
+            case axtls.SSL_RC4_128_MD5:
+                Console.WriteLine("RC4-MD5");
+                break;
+
+            default:
+                Console.WriteLine("Unknown - " + ssl.GetCipherId());
+                break;
+        }
+    }
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.GetSessionId();
+
+        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+        foreach (byte b in session_id)
+        {
+            Console.Write("{0:x02}", b);
+        }
+
+        Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+    }
+}
diff --git a/samples/java/Makefile b/samples/java/Makefile
new file mode 100644
index 0000000000..0bedf52218
--- /dev/null
+++ b/samples/java/Makefile
@@ -0,0 +1,39 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all : sample
+JAR=../../axtls.jar
+CLASSES=../../bindings/java/classes
+sample : $(JAR)
+
+$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
+	jar mcvf manifest.mf $@ -C $(CLASSES) .
+
+JAVA_FILES= axssl.java
+JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
+
+$(CLASSES)/%.class : %.java
+	javac -d $(CLASSES) -classpath $(CLASSES) $^
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
new file mode 100644
index 0000000000..b193725ef0
--- /dev/null
+++ b/samples/java/axssl.java
@@ -0,0 +1,760 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * axssl.java
+ *
+ * Demonstrate the use of the axTLS library in Java with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.  *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > java -jar axtls.jar s_server -?
+ * > java -jar axtls.jar s_client -?
+ *
+ * The axtls/axtlsj shared libraries must be in the same directory or be found 
+ * by the OS.
+ */
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import axTLSj.*;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void main(String[] args)
+    {
+        axssl runner = new axssl();
+
+        try
+        {
+            if (args.length < 1 || 
+                    (!args[0].equals("s_server") &&
+                     !args[0].equals("s_client")))
+            {
+                runner.print_options(args.length > 0 ? args[0] : "");
+            }
+
+            int build_mode = SSLUtil.buildMode();
+
+            if (args[0].equals("s_server"))
+            {
+                runner.do_server(build_mode, args);
+            }
+            else 
+            {
+                runner.do_client(build_mode, args);
+            }
+        }
+        catch (Exception e) 
+        {
+            System.out.println(e);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, String[] args)
+                    throws Exception
+    {
+        int i = 1;
+        int port = 4433;
+        int options = axtlsj.SSL_DISPLAY_CERTS;
+        boolean quiet = false;
+        String password = null;
+        String private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-accept"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Integer.parseInt(args[++i]);
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i].equals("-cert"))
+                {
+                    if (i >= args.length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i].equals("-key"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i].equals("-pass"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i].equals("-verify"))
+                    {
+                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i].equals("-CAfile"))
+                    {
+                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i].equals("-debug"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i].equals("-state"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i].equals("-show-rsa"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else 
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        ServerSocket server_sock = new ServerSocket(port);
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(options, 
+                                    axtlsj.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Server context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        int res;
+        SSLReadHolder rh = new SSLReadHolder();
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                System.out.println("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.accept();
+
+            SSL ssl = ssl_ctx.connect(client_sock);
+
+            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtlsj.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtlsj.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            System.out.println("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to String */
+                    byte[] buf = rh.getData();
+                    char[] str = new char[res];
+
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    System.out.print(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.dispose();
+            client_sock.close();
+        }
+
+        /* ssl_ctx.dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, String[] args)
+                    throws Exception
+    {
+        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        boolean quiet = false;
+        String password = null;
+        int reconnect = 0;
+        String private_key_file = null;
+        String hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+
+        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-connect"))
+            {
+                String host_port;
+
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.indexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new String(host_port.toCharArray(), 
+                        0, index_colon);
+                port = Integer.parseInt(new String(host_port.toCharArray(), 
+                            index_colon+1, host_port.length()-index_colon-1));
+            }
+            else if (args[i].equals("-cert"))
+            {
+                if (i >= args.length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-CAfile"))
+            {
+                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-key"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtlsj.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i].equals("-verify"))
+            {
+                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i].equals("-reconnect"))
+            {
+                reconnect = 4;
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i].equals("-pass"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i].equals("-debug"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i].equals("-state"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_STATES;
+                }
+                else if (args[i].equals("-show-rsa"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        Socket client_sock = new Socket(hostname, port);
+
+        if (!client_sock.isConnected())
+        {
+            System.out.println("could not connect");
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            System.out.println("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options, 
+                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Client context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        SSL ssl = null;
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.connect(client_sock, session_id);
+
+                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.displayError(res);
+                    }
+
+                    ssl.dispose();
+                    throw new Exception();
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.getSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.dispose();
+                    client_sock.close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(hostname, port);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            String common_name =
+                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                System.out.println("Common Name:\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        BufferedReader in = new BufferedReader(
+                new InputStreamReader(System.in));
+
+        for (;;)
+        {
+            String user_input = in.readLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.length()+2];
+            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.length-2; i++)
+            {
+                buf[i] = (byte)user_input.charAt(i);
+            }
+
+            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.displayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(String option)
+    {
+        System.out.println("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        System.out.println("usage: axtlsj.jar [s_server|s_client] " + 
+                "[args ...]");
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+        System.out.println("usage: s_server [args ...]");
+        System.out.println(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        System.out.println(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+        {
+            System.out.println(" -cert arg\t- certificate file to add (in " + 
+                    "addition to default) to chain -");
+            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            System.out.println(" -verify\t- turn on peer certificate " +
+                    "verification");
+            System.out.println(" -CAfile arg\t- Certificate authority. ");
+            System.out.println("\t\t  Can repeat up to " + 
+                    ca_cert_size + " times");
+        }
+
+        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+        {
+            System.out.println(" -debug\t\t- Print more output");
+            System.out.println(" -state\t\t- Show state messages");
+            System.out.println(" -show-rsa\t- Show RSA state");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            System.out.println("usage: s_client [args ...]");
+            System.out.println(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            System.out.println(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            System.out.println(" -cert arg\t- certificate file to use");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println("\t\t  Can repeat up to " + cert_size + 
+                    " times");
+            System.out.println(" -CAfile arg\t- Certificate authority.");
+            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            System.out.println(" -quiet\t\t- No client output");
+            System.out.println(" -pass\t\t- private key file pass " + 
+                        "phrase source");
+            System.out.println(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                System.out.println(" -debug\t\t- Print more output");
+                System.out.println(" -state\t\t- Show state messages");
+                System.out.println(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            System.out.println("Change configuration to allow this feature");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        System.out.print("CIPHER is ");
+
+        byte ciph_id = ssl.getCipherId();
+
+        if (ciph_id == axtlsj.SSL_AES128_SHA)
+        {
+            System.out.println("AES128-SHA");
+        }
+        else if (ciph_id == axtlsj.SSL_AES256_SHA)
+        {
+            System.out.println("AES256-SHA");
+        }
+        else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
+        {
+            System.out.println("RC4-SHA");
+        }
+        else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
+        {
+            System.out.println("RC4-MD5");
+        }
+        else
+        {
+            System.out.println("Unknown - " + ssl.getCipherId());
+        }
+    }
+
+    public char toHexChar(int i)
+    {
+        if ((0 <= i) && (i <= 9 ))
+            return (char)('0' + i);
+        else
+            return (char)('a' + (i-10));
+    }
+
+    public void bytesToHex(byte[] data) 
+    {
+        StringBuffer buf = new StringBuffer();
+        for (int i = 0; i < data.length; i++ ) 
+        {
+            buf.append(toHexChar((data[i]>>>4)&0x0F));
+            buf.append(toHexChar(data[i]&0x0F));
+        }
+
+        System.out.println(buf);
+    }
+
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.getSessionId();
+        int i;
+
+        System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+        bytesToHex(session_id);
+        System.out.println("-----END SSL SESSION PARAMETERS-----");
+    }
+}
diff --git a/samples/java/manifest.mf b/samples/java/manifest.mf
new file mode 100644
index 0000000000..b906ed29ed
--- /dev/null
+++ b/samples/java/manifest.mf
@@ -0,0 +1 @@
+Main-Class: axssl
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
new file mode 100644
index 0000000000..da910f9b76
--- /dev/null
+++ b/samples/perl/Makefile
@@ -0,0 +1,31 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: samples
+TARGET=../../axssl.pl
+samples: $(TARGET)
+
+$(TARGET): axssl.pl
+	@cd ../../; ln -sf samples/perl/axssl.pl axssl.pl
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
new file mode 100755
index 0000000000..ce0266b02b
--- /dev/null
+++ b/samples/perl/axssl.pl
@@ -0,0 +1,633 @@
+#!/usr/bin/perl -w
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# axssl.pl
+#
+# Demonstrate the use of the axTLS library in Perl with a set of 
+# command-line parameters similar to openssl. In fact, openssl clients 
+# should be able to communicate with axTLS servers and visa-versa.
+#
+# This code has various bits enabled depending on the configuration. To enable
+# the most interesting version, compile with the 'full mode' enabled.
+#
+# To see what options you have, run the following:
+# > [perl] axssl s_server -?
+# > [perl] axssl s_client -?
+#
+# The axtls/axtlsp shared libraries must be in the same directory or be found 
+# by the OS. axtlsp.pm must be in this directory or be in @INC.
+#
+# Under Win32, ActivePerl was used (see
+# http://www.activestate.com/Products/ActivePerl/?mp=1)
+#
+use axtlsp;
+use IO::Socket;
+
+# To get access to Win32 file descriptor stuff
+my $is_win32 = 0;
+
+if ($^O eq "MSWin32")
+{
+    eval("use Win32API::File 0.08 qw( :ALL )");
+    $is_win32 = 1;
+}
+
+use strict;
+
+#
+# Win32 has some problems with socket handles
+#
+sub get_native_sock
+{
+    my ($sock) = @_;
+    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
+}
+
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
+print_options($#ARGV > -1 ? $ARGV[0] : "")
+        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
+
+
+# Cygwin/Win32 issue - flush our output continuously
+select STDOUT;
+local $|=1;
+
+my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
+$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
+
+#
+# Implement the SSL server logic. 
+#
+sub do_server
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_DISPLAY_CERTS;
+    my $quiet = 0;
+    my $password = undef;
+    my $private_key_file = undef;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+    my @cert;
+    my @ca_cert;
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq  "-accept")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $port = $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+        {
+            if ($ARGV[$i] eq "-cert")
+            {
+                print_server_options($build_mode, $ARGV[$i]) 
+                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+                push @cert,  $ARGV[++$i];
+            }
+            elsif ($ARGV[$i] eq "-key")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $private_key_file = $ARGV[++$i];
+                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+            }
+            elsif ($ARGV[$i] eq "-pass")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $password = $ARGV[++$i];
+            }
+            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+            {
+                if ($ARGV[$i] eq "-verify")
+                {
+                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
+                }
+                elsif ($ARGV[$i] eq "-CAfile")
+                {
+                    print_server_options($build_mode, $ARGV[$i])  
+                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+                    push @ca_cert, $ARGV[++$i];
+                }
+                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+                {
+                    if ($ARGV[$i] eq "-debug")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
+                    }
+                    elsif ($ARGV[$i] eq "-state")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_STATES;
+                    }
+                    elsif ($ARGV[$i] eq "-show-rsa")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_RSA;
+                    }
+                    else
+                    {
+                        print_server_options($build_mode, $ARGV[$i]);
+                    }
+                }
+                else
+                {
+                    print_server_options($build_mode, $ARGV[$i]);
+                }
+            }
+            else 
+            {
+                print_server_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else 
+        {
+            print_server_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    # Create socket for incoming connections
+    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => $port,
+                              Listen => 1,
+                              Reuse => 1) or die $!;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
+    die "Error: Server context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    for (;;)
+    {
+        printf("ACCEPT\n") if not $quiet;
+        my $client_sock = $server_sock->accept;
+        my $native_sock = get_native_sock($client_sock->fileno);
+
+        # This doesn't work in Win32 - need to get file descriptor from socket.
+        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
+
+        # do the actual SSL handshake
+        my $res;
+        my $buf;
+
+        while (1)
+        {
+            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+            last if $res != $axtlsp::SSL_OK;
+
+            # check when the connection has been established
+            last if axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK;
+
+            # could do something else here
+        }
+
+        if ($res == $axtlsp::SSL_OK) # connection established and ok
+        {
+            if (!$quiet)
+            {
+                display_session_id($ssl);
+                display_cipher($ssl);
+            }
+
+            # now read (and display) whatever the client sends us
+            for (;;)
+            {
+                # keep reading until we get something interesting
+                while (1)
+                {
+                    ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+                    last if $res != $axtlsp::SSL_OK;
+
+                    # could do something else here
+                }
+
+                if ($res < $axtlsp::SSL_OK)
+                {
+                    printf("CONNECTION CLOSED\n") if not $quiet;
+                    last;
+                }
+
+                printf($$buf);
+            }
+        }
+        elsif (!$quiet)
+        {
+            axtlsp::ssl_display_error($res);
+        }
+
+        # client was disconnected or the handshake failed.
+        axtlsp::ssl_free($ssl);
+        $client_sock->close;
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+}
+
+#
+# Implement the SSL client logic.
+#
+sub do_client
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
+    my $private_key_file = undef;
+    my $reconnect = 0;
+    my $quiet = 0;
+    my $password = undef;
+    my @session_id;
+    my $host = "127.0.0.1";
+    my @cert;
+    my @ca_cert;
+    my $cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq "-connect")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            ($host, $port) = split(':', $ARGV[++$i]);
+        }
+        elsif ($ARGV[$i] eq "-cert")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+            push @cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-key")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $private_key_file = $ARGV[++$i];
+            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+        }
+        elsif ($ARGV[$i] eq "-CAfile")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+
+            push @ca_cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-verify")
+        {
+            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
+        }
+        elsif ($ARGV[$i] eq "-reconnect")
+        {
+            $reconnect = 4;
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($ARGV[$i] eq "-pass")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $password = $ARGV[++$i];
+        }
+        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            if ($ARGV[$i] eq "-debug")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_BYTES;
+            }
+            elsif ($ARGV[$i] eq "-state")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_STATES;
+            }
+            elsif ($ARGV[$i] eq "-show-rsa")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_RSA;
+            }
+            else    # don't know what this is
+            {
+                print_client_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else    # don't know what this is
+        {
+            print_client_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    my $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+    my $ssl;
+    my $res;
+    my $native_sock = get_native_sock($client_sock->fileno);
+
+    printf("CONNECTED\n") if not $quiet;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
+    die "Error: Client context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    # Try session resumption?
+    if ($reconnect)
+    {
+        my $session_id = undef;
+        while ($reconnect--)
+        {
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
+
+            $res = axtlsp::ssl_handshake_status($ssl);
+            if ($res != $axtlsp::SSL_OK)
+            {
+                if (!$quiet)
+                {
+                    axtlsp::ssl_display_error($res);
+                }
+
+                axtlsp::ssl_free($ssl);
+                exit 1;
+            }
+
+            display_session_id($ssl);
+            $session_id = axtlsp::ssl_get_session_id($ssl);
+
+            if ($reconnect)
+            {
+                axtlsp::ssl_free($ssl);
+                $client_sock->close;
+                $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+
+            }
+        }
+    }
+    else
+    {
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
+    }
+
+    # check the return status
+    $res = axtlsp::ssl_handshake_status($ssl);
+    if ($res != $axtlsp::SSL_OK)
+    {
+        if (!$quiet)
+        {
+            axtlsp::ssl_display_error($res);
+        }
+
+        exit 1;
+    }
+
+    if (!$quiet)
+    {
+        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
+                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
+
+        printf("Common Name:\t\t%s\n", $common_name) if defined $common_name;
+        display_session_id($ssl);
+        display_cipher($ssl);
+    }
+
+    while (<STDIN>)
+    {
+        my $cstring = pack("a*x", $_);   # add null terminator
+        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
+        if ($res < $axtlsp::SSL_OK)
+        {
+            axtlsp::ssl_display_error($res) if not $quiet;
+            last;
+        }
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+    $client_sock->close;
+}
+
+#
+# We've had some sort of command-line error. Print out the basic options.
+#
+sub print_options
+{
+    my ($option) = @_;
+    printf("axssl: Error: '%s' is an invalid command.\n", $option);
+    printf("usage: axssl [s_server|s_client] [args ...]\n");
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the server options.
+#
+sub print_server_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+    printf(" -quiet\t\t- No server output\n");
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+    {
+        printf(" -cert arg\t- certificate file to add (in addition to default)".
+                                        " to chain -\n".
+          "\t\t  default DER format. Can repeat up to %d times\n", $cert_size);
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+    }
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+    {
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+    }
+
+    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+    {
+        printf(" -debug\t\t- Print more output\n");
+        printf(" -state\t\t- Show state messages\n");
+        printf(" -show-rsa\t- Show RSA state\n");
+    }
+
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the client options.
+#
+sub print_client_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
+    {
+        printf("usage: s_client [args ...]\n");
+        printf(" -connect host:port - who to connect to (default ".
+                "is localhost:4433)\n");
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -cert arg\t- certificate file to use - default DER format\n");
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+        printf(" -quiet\t\t- No client output\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+        printf(" -reconnect\t- Drop and re-make the connection ".
+                "with the same Session-ID\n");
+
+        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            printf(" -debug\t\t- Print more output\n");
+            printf(" -state\t\t- Show state messages\n");
+            printf(" -show-rsa\t- Show RSA state\n");
+        }
+    }
+    else
+    {
+        printf("Change configuration to allow this feature\n");
+    }
+
+    exit 1;
+}
+
+#
+# Display what cipher we are using 
+#
+sub display_cipher
+{
+    my ($ssl) = @_;
+    printf("CIPHER is ");
+    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
+
+    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
+    {
+        printf("AES128-SHA");
+    }
+    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
+    {
+        printf("AES256-SHA");
+    }
+    elsif ($axtlsp::SSL_RC4_128_SHA)
+    {
+        printf("RC4-SHA");
+    }
+    elsif ($axtlsp::SSL_RC4_128_MD5)
+    {
+        printf("RC4-MD5");
+    }
+    else 
+    {
+        printf("Unknown - %d", $cipher_id);
+    }
+
+    printf("\n");
+}
+
+#
+# Display what session id we have.
+#
+sub display_session_id
+{    
+    my ($ssl) = @_;
+    my $session_id = axtlsp::ssl_get_session_id($ssl);
+
+    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+    printf(unpack("H*", $$session_id));
+    printf("\n-----END SSL SESSION PARAMETERS-----\n");
+}
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
new file mode 100644
index 0000000000..dab5f9599c
--- /dev/null
+++ b/samples/vbnet/Makefile
@@ -0,0 +1,36 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.dotnet.conf
+
+# only build on Win32 platforms
+ifdef GO_DOT_NET
+all : sample
+TARGET=../../axssl.vbnet.exe
+sample : $(TARGET)
+
+$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
+	vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
+
+endif   # ARCH
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
new file mode 100644
index 0000000000..4eb210a3f9
--- /dev/null
+++ b/samples/vbnet/axssl.vb
@@ -0,0 +1,682 @@
+'
+'  Copyright(C) 2006
+'
+'  This program is free software you can redistribute it and/or modify
+'  it under the terms of the GNU General Public License as published by
+'  the Free Software Foundation either version 2.1 of the License, or
+'  (at your option) any later version.
+'
+'  This program is distributed in the hope that it will be useful,
+'  but WITHOUT ANY WARRANTY without even the implied warranty of
+'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+'  GNU Lesser General Public License for more details.
+'
+'  You should have received a copy of the GNU General Public License
+'  along with this program if not, write to the Free Software
+'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+'
+
+'
+' @file axssl.vb
+'
+' Demonstrate the use of the axTLS library in VB.NET with a set of 
+' command-line parameters similar to openssl. In fact, openssl clients 
+' should be able to communicate with axTLS servers and visa-versa.
+'
+' This code has various bits enabled depending on the configuration. To enable
+' the most interesting version, compile with the 'full mode' enabled.
+'
+' To see what options you have, run the following:
+' > axssl.vbnet.exe s_server -?
+' > axssl.vbnet.exe s_client -?
+'
+' The axtls shared library must be in the same directory or be found 
+' by the OS.
+'
+
+Imports System
+Imports System.Net
+Imports System.Net.Sockets
+Imports Microsoft.VisualBasic
+Imports axTLSvb
+
+Public Class axssl
+    ' 
+    ' do_server()
+    '
+    Public Sub do_server(ByVal build_mode As Integer, _
+                                        ByVal args() As String)
+        Dim i As Integer = 1
+        Dim port As Integer = 4433
+        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim private_key_file As String = Nothing
+
+        ' organise the cert/ca_cert lists 
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        While i < args.Length
+            If args(i) = "-accept" Then
+                If i >= args.Length-1
+                    print_server_options(build_mode, args(i))
+                End If
+
+                i += 1
+                port = Int32.Parse(args(i))
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And Not axtls.SSL_DISPLAY_CERTS
+            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
+                If args(i) = "-cert"
+                    If i >= args.Length-1 Or cert_index >= cert_size
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    cert(cert_index) = args(i)
+                    cert_index += 1
+                ElseIf args(i) = "-key"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    private_key_file = args(i)
+                    options = options Or axtls.SSL_NO_DEFAULT_KEY
+                ElseIf args(i) = "-pass"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    password = args(i)
+                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+                    If args(i) = "-verify" Then
+                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
+                    ElseIf args(i) = "-CAfile"
+                        If i >= args.Length-1 Or ca_cert_index >= ca_cert_size Then
+                            print_server_options(build_mode, args(i))
+                        End If
+
+                        i += 1
+                        ca_cert(ca_cert_index) = args(i)
+                        ca_cert_index += 1
+                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                        If args(i) = "-debug" Then
+                            options = options Or axtls.SSL_DISPLAY_BYTES
+                        ElseIf args(i) = "-state"
+                            options = options Or axtls.SSL_DISPLAY_STATES
+                        ElseIf args(i) = "-show-rsa"
+                            options = options Or axtls.SSL_DISPLAY_RSA
+                        Else
+                            print_server_options(build_mode, args(i))
+                        End If
+                    Else
+                        print_server_options(build_mode, args(i))
+                    End If
+                Else
+                    print_server_options(build_mode, args(i))
+                End If
+            End If
+
+            i += 1
+        End While
+
+        ' Create socket for incoming connections
+        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
+        Dim server_sock As TcpListener = New TcpListener(ep)
+        server_sock.Start()      
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLServer = New SSLServer(options, _
+                axtls.SSL_DEFAULT_SVR_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Server context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        Dim buf As Byte() = Nothing
+        Dim res As Integer
+        Dim ssl As SSL
+
+        While 1
+            If Not quiet Then
+                Console.WriteLine("ACCEPT")
+            End If
+
+            Dim client_sock As Socket = server_sock.AcceptSocket()
+
+            ssl = ssl_ctx.Connect(client_sock)
+
+            ' do the actual SSL handshake 
+            While 1
+                res = ssl_ctx.Read(ssl, buf)
+                If  res <> axtls.SSL_OK Then
+                    Exit While
+                End If
+
+                ' check when the connection has been established 
+                If ssl.HandshakeStatus() = axtls.SSL_OK
+                    Exit While
+                End If
+
+                ' could do something else here 
+            End While
+
+            If res = axtls.SSL_OK Then  ' connection established and ok
+                If Not quiet
+                    display_session_id(ssl)
+                    display_cipher(ssl)
+                End If
+
+                ' now read (and display) whatever the client sends us
+                While 1
+                    ' keep reading until we get something interesting 
+                    While 1
+                        res = ssl_ctx.Read(ssl, buf)
+                        If res <> axtls.SSL_OK Then
+                            Exit While
+                        End If
+
+                        ' could do something else here
+                    End While
+
+                    If res < axtls.SSL_OK
+                        If Not quiet
+                            Console.WriteLine("CONNECTION CLOSED")
+                        End If
+
+                        Exit While
+                    End If
+
+                    ' convert to String 
+                    Dim str(res) As Char
+                    For i = 0 To res-1
+                        str(i) = Chr(buf(i))
+                    Next
+
+                    Console.Write(str)
+                End While
+            ElseIf Not quiet
+                SSLUtil.DisplayError(res)
+            End If
+
+            ' client was disconnected or the handshake failed. */
+            ssl.Dispose()
+            client_sock.Close()
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    ' 
+    ' do_client()
+    '
+    Public Sub do_client(ByVal build_mode As Integer, _
+                                    ByVal args() As String)
+
+        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
+            print_client_options(build_mode, args(1))
+        End If
+
+        Dim i As Integer = 1
+        Dim res As Integer
+        Dim port As Integer = 4433
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim reconnect As Integer = 0
+        Dim private_key_file As String = Nothing
+        Dim hostname As String = "127.0.0.1"
+
+        ' organise the cert/ca_cert lists
+        Dim ssl As SSL = Nothing
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        Dim options As Integer = _
+                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
+        Dim session_id As Byte() = Nothing
+
+        While i < args.Length
+            If args(i) = "-connect" Then
+                Dim host_port As String
+
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                host_port = args(i)
+
+                Dim index_colon As Integer = host_port.IndexOf(":"C)
+                If index_colon < 0 Then 
+                    print_client_options(build_mode, args(i))
+                End If
+
+                hostname = New String(host_port.ToCharArray(), _
+                        0, index_colon)
+                port = Int32.Parse(New String(host_port.ToCharArray(), _
+                            index_colon+1, host_port.Length-index_colon-1))
+            ElseIf args(i) = "-cert"
+                If i >= args.Length-1 Or cert_index >= cert_size Then
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                cert(cert_index) = args(i)
+                cert_index += 1
+            ElseIf args(i) = "-key"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                private_key_file = args(i)
+                options = options Or axtls.SSL_NO_DEFAULT_KEY
+            ElseIf args(i) = "-CAfile"
+                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                ca_cert(ca_cert_index) = args(i)
+                ca_cert_index += 1
+            ElseIf args(i) = "-verify"
+                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
+            ElseIf args(i) = "-reconnect"
+                reconnect = 4
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And  Not axtls.SSL_DISPLAY_CERTS
+            ElseIf args(i) = "-pass"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                password = args(i)
+            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                If args(i) = "-debug" Then
+                    options = options Or axtls.SSL_DISPLAY_BYTES
+                ElseIf args(i) = "-state"
+                    options = options Or axtls.SSL_DISPLAY_STATES
+                ElseIf args(i) = "-show-rsa"
+                    options = options Or axtls.SSL_DISPLAY_RSA
+                Else
+                    print_client_options(build_mode, args(i))
+                End If
+            Else    ' don't know what this is 
+                print_client_options(build_mode, args(i))
+            End If
+
+            i += 1
+        End While
+
+        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
+        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
+        Dim  addresses As IPAddress() = hostInfo.AddressList
+        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
+        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
+                SocketType.Stream, ProtocolType.Tcp)
+        client_sock.Connect(ep)
+
+        If Not client_sock.Connected Then
+            Console.WriteLine("could not connect")
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Console.WriteLine("CONNECTED")
+        End If
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLClient = New SSLClient(options, _
+                axtls.SSL_DEFAULT_CLNT_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Client context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        ' Try session resumption?
+        If reconnect > 0 Then
+            While reconnect > 0
+                reconnect -= 1
+                ssl = ssl_ctx.Connect(client_sock, session_id)
+
+                res = ssl.HandshakeStatus()
+                If res <> axtls.SSL_OK Then
+                    If Not quiet Then
+                        SSLUtil.DisplayError(res)
+                    End If
+
+                    ssl.Dispose()
+                    Environment.Exit(1)
+                End If
+
+                display_session_id(ssl)
+                session_id = ssl.GetSessionId()
+
+                If reconnect > 0 Then
+                    ssl.Dispose()
+                    client_sock.Close()
+                    
+                    ' and reconnect
+                    client_sock = New Socket(AddressFamily.InterNetwork, _
+                        SocketType.Stream, ProtocolType.Tcp)
+                    client_sock.Connect(ep)
+                End If
+            End While
+        Else
+            ssl = ssl_ctx.Connect(client_sock, Nothing)
+        End If
+
+        ' check the return status 
+        res = ssl.HandshakeStatus()
+        If res <> axtls.SSL_OK Then
+            If Not quiet Then
+                SSLUtil.DisplayError(res)
+            End If
+
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Dim common_name As String = _
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
+
+            If common_name <> Nothing
+                Console.WriteLine("Common Name:" & _
+                        ControlChars.Tab & ControlChars.Tab & common_name)
+            End If
+
+            display_session_id(ssl)
+            display_cipher(ssl)
+        End If
+
+        While (1)
+            Dim user_input As String = Console.ReadLine()
+
+            If user_input = Nothing Then
+                Exit While
+            End If
+
+            Dim buf(user_input.Length+1) As Byte
+            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
+            buf(buf.Length-1) = 0                    ' null terminate 
+
+            For i = 0 To user_input.Length-1
+                buf(i) = Asc(user_input.Chars(i))
+            Next
+
+            res = ssl_ctx.Write(ssl, buf, buf.Length)
+            If res < axtls.SSL_OK Then
+                If Not quiet Then
+                    SSLUtil.DisplayError(res)
+                End If
+
+                Exit While
+            End If
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    '
+    ' Display what cipher we are using
+    '
+    Private Sub display_cipher(ByVal ssl As SSL)
+        Console.Write("CIPHER is ")
+
+        Select ssl.GetCipherId()
+            Case axtls.SSL_AES128_SHA
+                Console.WriteLine("AES128-SHA")
+
+            Case axtls.SSL_AES256_SHA
+                Console.WriteLine("AES256-SHA")
+
+            Case axtls.SSL_RC4_128_SHA
+                Console.WriteLine("RC4-SHA")
+
+            Case axtls.SSL_RC4_128_MD5
+                Console.WriteLine("RC4-MD5")
+
+            Case Else
+                Console.WriteLine("Unknown - " & ssl.GetCipherId())
+        End Select
+    End Sub
+
+    '
+    ' Display what session id we have.
+    '
+    Private Sub display_session_id(ByVal ssl As SSL)
+        Dim session_id As Byte() = ssl.GetSessionId()
+
+        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+        Dim b As Byte
+        For Each b In session_id
+            Console.Write("{0:x02}", b)
+        Next
+
+        Console.WriteLine()
+        Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the basic options.
+    '
+    Public Sub print_options(ByVal options As String)
+        Console.WriteLine("axssl: Error: '" & options & _
+                "' is an invalid command.")
+        Console.WriteLine("usage: axssl.vb.exe [s_server|s_client] [args ...]")
+        Environment.Exit(1)
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the server options.
+    '
+    Private Sub print_server_options(ByVal build_mode As Integer, _
+                                    ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+        Console.WriteLine("usage: s_server [args ...]")
+        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
+                "- port to accept on (default is 4433)")
+        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
+                "- No server output")
+        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+               "- certificate file to add (in addition to default) to chain -")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                        "- Private key file to use")
+            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
+                    "- private key file pass phrase source")
+        End If
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+        End If
+
+        If build_mode = axtls.SSL_BUILD_FULL_MODE
+            Console.WriteLine(" -debug" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Print more output")
+            Console.WriteLine(" -state" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Show state messages")
+            Console.WriteLine(" -show-rsa" & _
+                    ControlChars.Tab & "- Show RSA state")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+    '
+    ' We've had some sort of command-line error. Print out the client options.
+    '
+    Private Sub print_client_options(ByVal build_mode As Integer, _
+                                                ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
+            Console.WriteLine("usage: s_client [args ...]")
+            Console.WriteLine(" -connect host:port - who to connect to " & _
+                    "(default is localhost:4433)")
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+                    "- certificate file to use")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                    "- Private key file to use")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+            Console.WriteLine(" -quiet" & _
+                    ControlChars.Tab & ControlChars.Tab & "- No client output")
+            Console.WriteLine(" -pass" & ControlChars.Tab & _
+                    ControlChars.Tab & _
+                    "- private key file pass phrase source")
+            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
+                    "- Drop and re-make the " & _
+                    "connection with the same Session-ID")
+
+            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
+                Console.WriteLine(" -debug" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Print more output")
+                Console.WriteLine(" -state" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Show state messages")
+                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
+                        "- Show RSA state")
+            End If
+        Else 
+            Console.WriteLine("Change configuration to allow this feature")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+End Class
+
+Public Module MyMain
+    Function Main(ByVal args() As String) As Integer
+        Dim runner As axssl = New axssl()
+
+        If args.Length < 1 
+            runner.print_options("")
+        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
+            runner.print_options(args(0))
+        End If
+
+        Dim build_mode As Integer = SSLUtil.BuildMode()
+
+        If args(0) = "s_server" Then
+            runner.do_server(build_mode, args)
+        Else
+            runner.do_client(build_mode, args)
+        End If
+    End Function
+End Module
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
new file mode 100644
index 0000000000..04c7438c07
--- /dev/null
+++ b/ssl/BigIntConfig.in
@@ -0,0 +1,132 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "BigInt Options"
+    depends on !CONFIG_SSL_SKELETON_MODE
+
+choice
+    prompt "Reduction Algorithm"
+    default CONFIG_BIGINT_BARRETT 
+
+config CONFIG_BIGINT_CLASSICAL
+    bool "Classical"
+    help
+        Classical uses standard division. It has no limitations and is
+        theoretically the slowest due to the divisions used. For this particular
+        implementation it is surprisingly quite fast.
+
+config CONFIG_BIGINT_MONTGOMERY
+    bool "Montgomery"
+    help
+        Montgomery uses simple addition and multiplication to achieve its
+        performance. In this implementation it is slower than classical, 
+        and it has the limitation that 0 <= x, y < m, and so is not used 
+        when CRT is active.
+
+        This option will not be normally selected.
+
+config CONFIG_BIGINT_BARRETT
+    bool "Barrett"
+    help
+        Barrett performs expensive precomputation before reduction and partial
+        multiplies for computational speed. It can't be used with some of the
+        calculations when CRT is used, and so defaults to classical when this
+        occurs.
+
+        It is about 40% faster than Classical/Montgomery with the expense of
+        about 2kB, and so this option is normally selected.
+
+endchoice
+
+config CONFIG_BIGINT_CRT
+    bool "Chinese Remainder Theorem (CRT)"
+    default y
+    help 
+        Allow the Chinese Remainder Theorem (CRT) to be used.
+
+        Uses a number of extra coefficients from the private key to improve the
+        performance of a decryption. This feature is one of the most 
+        significant performance improvements (it reduces a decryption time by 
+        over 3 times).
+
+        This option should be selected.
+
+config CONFIG_BIGINT_KARATSUBA
+    bool "Karatsuba Multiplication"
+    default n
+    help
+        Allow Karasuba multiplication to be used.
+ 
+        Uses 3 multiplications (plus a number of additions/subtractions) 
+        instead of 4. Multiplications are O(N^2) but addition/subtraction 
+        is O(N) hence for large numbers is beneficial. For this project, the 
+        effect was only useful for 4096 bit keys. As these aren't likely to 
+        be used, the feature is disabled by default. 
+        
+        It costs about 2kB to enable it.
+
+config MUL_KARATSUBA_THRESH
+    int "Karatsuba Multiplication Theshold"
+    default 20
+    depends on CONFIG_BIGINT_KARATSUBA
+    help
+        The minimum number of components needed before Karasuba muliplication
+        is used.
+ 
+        This is very dependent on the speed/implementation of bi_add()/
+        bi_subtract(). There is a bit of trial and error here and will be
+        at a different point for different architectures.
+
+config SQU_KARATSUBA_THRESH
+    int "Karatsuba Square Threshold"
+    default 40
+    depends on CONFIG_BIGINT_KARATSUBA && CONFIG_BIGINT_SQUARE
+    help    
+        The minimum number of components needed before Karatsuba squaring
+        is used.
+ 
+        This is very dependent on the speed/implementation of bi_add()/
+        bi_subtract(). There is a bit of trial and error here and will be
+        at a different point for different architectures.
+
+config CONFIG_BIGINT_SLIDING_WINDOW
+    bool "Sliding Window Exponentiation"
+    default y
+    help
+        Allow Sliding-Window Exponentiation to be used.
+ 
+        Potentially processes more than 1 bit at a time when doing 
+        exponentiation. The sliding-window technique reduces the number of 
+        precomputations compared to other precomputed techniques.
+
+        It results in a considerable performance improvement with it enabled
+        (it halves the decryption time) and so should be selected.
+
+config CONFIG_BIGINT_SQUARE
+    bool "Square Algorithm"
+    default y
+    help
+        Allow squaring to be used instead of a multiplication.
+ 
+        Squaring is theoretically 50% faster than a standard multiply 
+        (but is actually about 25% faster). 
+
+        It gives a 20% speed improvement and so should be selected.
+
+config CONFIG_BIGINT_CHECK_ON
+    bool "BigInt Integrity Checking"
+    default n if !CONFIG_DEBUG
+    default y if CONFIG_DEBUG
+    help
+        This is used when developing bigint algorithms. It performs a sanity
+        check on all operations at the expense of speed.
+        
+        This option is only selected when developing and should normally be
+        turned off.
+
+endmenu
+
+
+
diff --git a/ssl/Config.in b/ssl/Config.in
new file mode 100644
index 0000000000..ff3aba5975
--- /dev/null
+++ b/ssl/Config.in
@@ -0,0 +1,250 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "SSL Library"
+
+choice
+    prompt "Mode"
+    default CONFIG_SSL_FULL_MODE
+
+config CONFIG_SSL_SERVER_ONLY
+    bool "Server only - no verification"
+    help
+        Enable server functionality (no client functionality). 
+        This mode still supports sessions and chaining (which can be turned
+        off in configuration).
+
+        The axssl sample runs with the minimum of features.
+                
+        This is the most space efficient of the modes with the library 
+        about 45kB in size. Use this mode if you are doing standard SSL server
+        work.
+
+config CONFIG_SSL_CERT_VERIFICATION
+    bool "Server only - with verification"
+    help
+        Enable server functionality with client authentication (no client
+        functionality). 
+
+        The axssl sample runs with the "-verify" and "-CAfile" options.
+
+        This mode produces a library about 49kB in size. Use this mode if you
+        have an SSL server which requires client authentication (which is 
+        uncommon in browser applications).
+
+config CONFIG_SSL_ENABLE_CLIENT
+    bool "Client/Server enabled"
+    help
+        Enable client/server functionality (including peer authentication).
+
+        The axssl sample runs with the "s_client" option enabled.
+
+        This mode produces a library about 51kB in size. Use this mode if you
+        require axTLS to use SSL client functionality (the SSL server code
+        is always enabled).
+
+config CONFIG_SSL_FULL_MODE
+    bool "Client/Server enabled with diagnostics"
+    help
+        Enable client/server functionality including diagnostics. Most of the
+        extra size in this mode is due to the storage of various strings that
+        are used.
+
+        The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
+
+        This mode produces a library about 58kB in size. It is suggested that 
+        this mode is used only during development.
+
+        It is the default to demonstrate the features of axTLS.
+
+config CONFIG_SSL_SKELETON_MODE
+    bool "Skeleton mode - the smallest server mode"
+    help
+        This is an experiment to build the smallest library at the expense of
+        features and speed.
+
+        * Server mode only.
+        * The AES cipher is disabled.
+        * No session resumption.
+        * No external keys/certificates are supported.
+        * The bigint library has most of the performance features disabled.
+        * Some other features/API calls may not work.
+
+        This mode produces a library about 37kB in size. The main
+        disadvantage of this mode is speed - it may be several times slower
+        than the other build modes.
+
+endchoice
+
+choice
+    prompt "Protocol Preference"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default CONFIG_SSL_PROT_MEDIUM
+
+config CONFIG_SSL_PROT_LOW
+    bool "Low"
+    help
+        Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
+      
+        This will use the fastest cipher(s) but at the expense of security.
+
+config CONFIG_SSL_PROT_MEDIUM
+    bool "Medium"
+    help
+        Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
+       
+        This mode is a balance between speed and security and is the default.
+
+config CONFIG_SSL_PROT_HIGH
+    bool "High"
+    help
+        Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
+        
+        This will use the strongest cipher(s) at the cost of speed.
+
+endchoice
+
+config CONFIG_SSL_USE_DEFAULT_KEY
+    bool "Enable default key"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default y 
+    help
+        Some applications will not require the default private key/certificate
+        that is built in. This is one way to save on a couple of kB's if an
+        external private key/certificate is used.
+
+        The advantage of a built-in private key/certificate is that no file
+        system is required for access. 
+        
+        However this private key/certificate can never be changed (without a
+        code update).
+
+        This mode is enabled by default. Disable this mode if the 
+        built-in key/certificate is not used.
+
+config CONFIG_SSL_ENABLE_V23_HANDSHAKE
+    bool "Enable v23 Handshake"
+    default y
+    help
+        Some browsers use the v23 handshake client hello message 
+        (an SSL2 format message which all SSL servers can understand). 
+        It may be used if SSL2 is enabled in the browser.
+
+        Since this feature takes a kB or so, this feature may be disabled - at
+        the risk of making it incompatible with some browsers (IE6 is ok,
+        Firefox/Opera may be a problem - see Mozilla bug report 148876).
+
+        Disable if backwards compatibility is not an issue (i.e. the client is
+        always using TLS1.0)
+
+config CONFIG_SSL_HAS_PEM
+    bool "Enable PEM"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SKELETON_MODE
+    help
+        Enable the use of PEM format for certificates and private keys.
+
+        PEM is not normally needed - PEM files can be converted into DER files
+        quite easily. However they have the convenience of allowing multiple
+        certificates/keys in the same file.
+        
+        This feature will add a couple of kB to the library. 
+
+        Disable if PEM is not used (which will be in most cases).
+
+config CONFIG_SSL_USE_PKCS12
+    bool "Use PKCS8/PKCS12"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        PKCS12 certificates combine private keys and certificates together in
+        one file.
+
+        PKCS8 private keys are also suppported (as it is a subset of PKCS12).
+
+        The decryption of these certificates uses RC4-128 (and these
+        certificates must be encrypted using this cipher). The actual
+        algorithm is "PBE-SHA1-RC4-128".
+
+        Disable if PKCS12 is not used (which will be in most cases).
+
+config CONFIG_SSL_EXPIRY_TIME
+    int "Session expiry time (in hours)"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default 24 
+    help
+        The time (in hours) before a session expires. 
+        
+        A longer time means that the expensive parts of a handshake don't 
+        need to be run when a client reconnects later.
+
+        The default is 1 day.
+
+config CONFIG_X509_MAX_CA_CERTS
+    int "Maximum number of certificate authorites"
+    default 4
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        Determines the number of CA's allowed. 
+
+        Increase this figure if more trusted sites are allowed. Each
+        certificate adds about 300 bytes (when added).
+
+        The default is to allow four certification authorities.
+
+config CONFIG_SSL_MAX_CERTS
+    int "Maximum number of chained certificates"
+    default 2
+    help
+        Determines the number of certificates used in a certificate
+        chain. The chain length must be at least 1.
+
+        Increase this figure if more certificates are to be added to the 
+        chain. Each certificate adds about 300 bytes (when added).
+
+        The default is to allow one certificate + 1 certificate in the chain
+        (which may be the certificate authority certificate).
+
+config CONFIG_USE_DEV_URANDOM
+    bool "Use /dev/urandom"
+    default y
+    depends on !CONFIG_PLATFORM_WIN32
+    help 
+        Use /dev/urandom. Otherwise a custom RNG is used.
+
+        This will be the default on most Linux systems.
+
+config CONFIG_WIN32_USE_CRYPTO_LIB
+    bool "Use Win32 Crypto Library"
+    default y if !CONFIG_VISUAL_STUDIO_6_0
+    default n if CONFIG_VISUAL_STUDIO_6_0
+    depends on CONFIG_PLATFORM_WIN32
+    help 
+        Microsoft produce a Crypto API which requires the Platform SDK to be
+        installed. It's used for the RNG.
+
+        This will be the default on most Win32 systems. If using Visual Studio
+        6.0, then the SDK containing the crypto libraries must be used.
+
+config CONFIG_PERFORMANCE_TESTING
+    bool "Build the bigint performance test tool"
+    default n
+    help
+        Used for performance testing of bigint.
+
+        This is a testing tool and is normally disabled.
+
+config CONFIG_SSL_TEST
+    bool "Build the SSL testing tool"
+    default n
+    depends on CONFIG_SSL_FULL_MODE
+    help
+        Used for sanity checking the SSL handshaking.
+
+        This is a testing tool and is normally disabled.
+
+endmenu
diff --git a/ssl/Makefile b/ssl/Makefile
new file mode 100644
index 0000000000..2b0b6aa65f
--- /dev/null
+++ b/ssl/Makefile
@@ -0,0 +1,86 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../config/.config
+include ../config/makefile.conf
+
+all: libs
+ifdef CONFIG_PERFORMANCE_TESTING
+	$(MAKE) -C test
+else
+ifdef CONFIG_SSL_TEST
+	$(MAKE) -C test
+endif
+endif
+
+ifndef CONFIG_PLATFORM_WIN32
+TARGET1=../libaxtls.a
+TARGET2=../libaxtls.so
+else
+TARGET1=../axtls.lib
+TARGET2=../axtls.dll
+STATIC_LIB=../axtls.static.lib
+endif
+
+libs: $(TARGET1) $(TARGET2)
+
+OBJ=\
+    aes.o \
+	asn1.o \
+	bigint.o \
+	crypto_misc.o \
+	hmac.o \
+	loader.o \
+	md5.o \
+	p12.o \
+	rsa.o \
+	rc4.o \
+	sha1.o \
+	tls1.o \
+	tls1_svr.o \
+	tls1_clnt.o
+
+ifdef CONFIG_PLATFORM_WIN32
+OBJ+=os_port.o
+endif
+
+include ../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32
+
+$(TARGET1) : $(OBJ)
+	$(AR) -r $@ $(OBJ)
+
+$(TARGET2) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $(OBJ)
+
+else  # Win32
+
+$(TARGET1) : $(OBJ)
+	$(AR) /out:$@ $(OBJ)
+
+$(TARGET2) : $(OBJ)
+	cp $(TARGET1) $(STATIC_LIB)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+
+endif    
+
+clean::
+	$(MAKE) -C test clean
+	-@rm -f *.pch ../*.so ../*.a ../*.dll ../*.lib ../*.exp ../*.pdb ../*.ilk
+
diff --git a/ssl/aes.c b/ssl/aes.c
new file mode 100644
index 0000000000..7c41c753fe
--- /dev/null
+++ b/ssl/aes.c
@@ -0,0 +1,477 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file aes.c
+ *
+ * AES implementation - this is a small code version. There are much faster
+ * versions around but they are much larger in size (i.e. they use large 
+ * submix tables).
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/* all commented out in skeleton mode */
+#ifndef CONFIG_SSL_SKELETON_MODE
+
+#define rot1(x) (((x) << 24) | ((x) >> 8))
+#define rot2(x) (((x) << 16) | ((x) >> 16))
+#define rot3(x) (((x) <<  8) | ((x) >> 24))
+
+/* This cute trick does 4 'mul by two' at once.  Stolen from
+ * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
+ * a standard graphics trick
+ * The key to this is that we need to xor with 0x1b if the top bit is set.
+ * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 puting the 7bit in 0bit,
+ * c 0000 0001   0000 0000 we then subtract (c) from (b)
+ * d 0111 1111   0000 0000 and now we and with our mask
+ * e 0001 1011   0000 0000
+ */
+#define mt  0x80808080
+#define ml  0x7f7f7f7f
+#define mh  0xfefefefe
+#define mm  0x1b1b1b1b
+#define mul2(x,t)	((t)=((x)&mt), \
+			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
+
+#define inv_mix_col(x,f2,f4,f8,f9) (\
+			(f2)=mul2(x,f2), \
+			(f4)=mul2(f2,f4), \
+			(f8)=mul2(f4,f8), \
+			(f9)=(x)^(f8), \
+			(f8)=((f2)^(f4)^(f8)), \
+			(f2)^=(f9), \
+			(f4)^=(f9), \
+			(f8)^=rot3(f2), \
+			(f8)^=rot2(f4), \
+			(f8)^rot1(f9))
+
+/* some macros to do endian independent byte extraction */
+#define n2l(c,l) l=ntohl(*c); c++
+#define l2n(l,c) *c++=htonl(l)
+
+/*
+ * AES S-box
+ */
+static const uint8_t aes_sbox[256] =
+{
+	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
+	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
+	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
+	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
+	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
+	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
+	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
+	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
+	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
+	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
+	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
+	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
+	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
+	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
+	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
+	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
+	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
+	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
+	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
+	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
+	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
+	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
+	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
+	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
+	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
+	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
+	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
+	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
+	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
+	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
+	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
+	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
+};
+
+/*
+ * AES is-box
+ */
+static const uint8_t aes_isbox[256] = 
+{
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const unsigned char Rcon[30]=
+{
+	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
+	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
+	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
+	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
+};
+
+/* ----- static functions ----- */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
+
+/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
+   x^8+x^4+x^3+x+1 */
+static unsigned char AES_xtime(uint32_t x)
+{
+	return x = (x&0x80) ? (x<<1)^0x1b : x<<1;
+}
+
+/**
+ * Set up AES with the key/iv and cipher size.
+ */
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode)
+{
+    int i, ii;
+    uint32_t *W, tmp, tmp2;
+    const unsigned char *ip;
+    int words;
+
+    switch (mode)
+    {
+        case AES_MODE_128:
+            i = 10;
+            words = 4;
+            break;
+
+        case AES_MODE_256:
+            i = 14;
+            words = 8;
+            break;
+
+        default:        /* fail silently */
+            return;
+    }
+
+    ctx->rounds = i;
+    ctx->key_size = words;
+    W = ctx->ks;
+    for (i=0; i<words; i+=2)
+    {
+        W[i+0]=	((uint32_t)key[ 0]<<24)|
+            ((uint32_t)key[ 1]<<16)|
+            ((uint32_t)key[ 2]<< 8)|
+            ((uint32_t)key[ 3]    );
+        W[i+1]=	((uint32_t)key[ 4]<<24)|
+            ((uint32_t)key[ 5]<<16)|
+            ((uint32_t)key[ 6]<< 8)|
+            ((uint32_t)key[ 7]    );
+        key += 8;
+    }
+
+    ip = Rcon;
+    ii = 4 * (ctx->rounds+1);
+    for (i = words; i<ii; i++)
+    {
+        tmp = W[i-1];
+        if ((i % words) == 0)
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
+            tmp=tmp2^(((unsigned int)*ip)<<24);
+            ip++;
+        }
+        if ((words == 8) && ((i % words) == 4))
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
+            tmp=tmp2;
+        }
+
+        W[i]=W[i-words]^tmp;
+    }
+
+    /* copy the iv across */
+    memcpy(ctx->iv, iv, 16);
+}
+
+/**
+ * Change a key for decryption.
+ */
+void AES_convert_key(AES_CTX *ctx)
+{
+    int i;
+    uint32_t *k,w,t1,t2,t3,t4;
+
+    k = ctx->ks;
+    k += 4;
+    for (i=ctx->rounds*4; i>4; i--)
+    {
+        w= *k;
+        w = inv_mix_col(w,t1,t2,t3,t4);
+        *k++ =w;
+    }
+}
+
+/**
+ * Encrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    uint32_t tin0, tin1, tin2, tin3;
+    uint32_t tout0, tout1, tout2, tout3;
+    uint32_t tin[4];
+    uint32_t *iv = (uint32_t *)ctx->iv;
+    uint32_t *msg_32 = (uint32_t *)msg;
+    uint32_t *out_32 = (uint32_t *)out;
+
+    n2l(iv, tout0);
+    n2l(iv, tout1);
+    n2l(iv, tout2);
+    n2l(iv, tout3);
+    iv -= 4;
+
+    for (length -= 16; length >= 0; length -= 16)
+    {
+        n2l(msg_32, tin0);
+        n2l(msg_32, tin1);
+        n2l(msg_32, tin2);
+        n2l(msg_32, tin3);
+        tin[0] = tin0^tout0;
+        tin[1] = tin1^tout1;
+        tin[2] = tin2^tout2;
+        tin[3] = tin3^tout3;
+
+        AES_encrypt(ctx, tin);
+
+        tout0 = tin[0]; 
+        l2n(tout0, out_32);
+        tout1 = tin[1]; 
+        l2n(tout1, out_32);
+        tout2 = tin[2]; 
+        l2n(tout2, out_32);
+        tout3 = tin[3]; 
+        l2n(tout3, out_32);
+    }
+
+    l2n(tout0, iv);
+    l2n(tout1, iv);
+    l2n(tout2, iv);
+    l2n(tout3, iv);
+}
+
+/**
+ * Decrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    uint32_t tin0, tin1, tin2, tin3;
+    uint32_t xor0,xor1,xor2,xor3;
+    uint32_t tout0,tout1,tout2,tout3;
+    uint32_t data[4];
+    uint32_t *iv = (uint32_t *)ctx->iv;
+    uint32_t *msg_32 = (uint32_t *)msg;
+    uint32_t *out_32 = (uint32_t *)out;
+
+    n2l(iv ,xor0);
+    n2l(iv, xor1);
+    n2l(iv, xor2);
+    n2l(iv, xor3);
+    iv -= 4;
+
+    for (length-=16; length >= 0; length -= 16)
+    {
+        n2l(msg_32, tin0);
+        n2l(msg_32, tin1);
+        n2l(msg_32, tin2);
+        n2l(msg_32, tin3);
+
+        data[0] = tin0;
+        data[1] = tin1;
+        data[2] = tin2;
+        data[3] = tin3;
+
+        AES_decrypt(ctx, data);
+
+        tout0 = data[0]^xor0;
+        tout1 = data[1]^xor1;
+        tout2 = data[2]^xor2;
+        tout3 = data[3]^xor3;
+
+        xor0 = tin0;
+        xor1 = tin1;
+        xor2 = tin2;
+        xor3 = tin3;
+
+        l2n(tout0, out_32);
+        l2n(tout1, out_32);
+        l2n(tout2, out_32);
+        l2n(tout3, out_32);
+    }
+
+    l2n(xor0, iv);
+    l2n(xor1, iv);
+    l2n(xor2, iv);
+    l2n(xor3, iv);
+}
+
+/**
+ * Encrypt a single block (16 bytes) of data
+ */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+{
+    /* To make this code smaller, generate the sbox entries on the fly.
+     * This will have a really heavy effect upon performance.
+     */
+    uint32_t tmp[4];
+    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds; 
+    const uint32_t *k = ctx->ks;
+
+    /* Pre-round key addition */
+    for (row = 0; row < 4; row++)
+    {
+        data[row] ^= *(k++);
+    }
+
+    /* Encrypt one block. */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 0; row < 4; row++)
+        {
+            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
+            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
+            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
+            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd < (rounds - 1))
+            {
+                tmp1 = a0 ^ a1 ^ a2 ^ a3;
+                old_a0 = a0;
+
+                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
+                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
+                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
+                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
+
+            }
+
+            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
+        }
+
+        /* KeyAddition - note that it is vital that this loop is separate from
+           the MixColumn operation, which must be atomic...*/ 
+        for (row = 0; row < 4; row++)
+        {
+            data[row] = tmp[row] ^ *(k++);
+        }
+    }
+}
+
+/**
+ * Decrypt a single block (16 bytes) of data
+ */
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+{ 
+    uint32_t tmp[4];
+    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
+    uint32_t a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds;
+    uint32_t *k = (uint32_t*)ctx->ks + ((rounds+1)*4);
+
+    /* pre-round key addition */
+    for (row=4; row > 0;row--)
+    {
+        data[row-1] ^= *(--k);
+    }
+
+    /* Decrypt one block */
+    for (curr_rnd=0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 4; row > 0; row--)
+        {
+            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
+            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
+            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
+            a3 = aes_isbox[(data[row%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd<(rounds-1))
+            {
+                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
+                   are quite large compared to encryption; this 
+                   operation slows decryption down noticeably. */
+                xt0 = AES_xtime(a0^a1);
+                xt1 = AES_xtime(a1^a2);
+                xt2 = AES_xtime(a2^a3);
+                xt3 = AES_xtime(a3^a0);
+                xt4 = AES_xtime(xt0^xt1);
+                xt5 = AES_xtime(xt1^xt2);
+                xt6 = AES_xtime(xt4^xt5);
+
+                xt0 ^= a1^a2^a3^xt4^xt6;
+                xt1 ^= a0^a2^a3^xt5^xt6;
+                xt2 ^= a0^a1^a3^xt4^xt6;
+                xt3 ^= a0^a1^a2^xt5^xt6;
+                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
+            }
+            else
+                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
+        }
+
+        for (row = 4; row > 0; row--)
+        {
+            data[row-1] = tmp[row-1] ^ *(--k);
+        }
+    }
+}
+
+#endif
+
diff --git a/ssl/asn1.c b/ssl/asn1.c
new file mode 100644
index 0000000000..fa44dfbe63
--- /dev/null
+++ b/ssl/asn1.c
@@ -0,0 +1,868 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file asn1.c
+ * 
+ * Some primitive asn methods for extraction rsa modulus information. It also
+ * is used for retrieving information from X.509 certificates.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "crypto.h"
+
+#define SIG_OID_PREFIX_SIZE     8
+
+#define SIG_TYPE_MD2            0x02
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+
+/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
+static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
+};
+
+/* CN, O, OU */
+static uint8_t g_dn_types[] = { 3, 10, 11 };
+
+static int get_asn1_length(const uint8_t *buf, int *offset)
+{
+    int len, i;
+
+    if (!(buf[*offset] & 0x80)) /* short form */
+    {
+        len = buf[(*offset)++];
+    }
+    else    /* long form */
+    {
+        int length_bytes = buf[(*offset)++]&0x7f;
+        len = 0;
+        for (i = 0; i < length_bytes; i++)
+        {
+            len <<= 8;
+            len += buf[(*offset)++];
+        }
+    }
+
+    return len;
+}
+
+/**
+ * Skip the ASN1.1 object type and its length. Get ready to read the object's
+ * data.
+ */
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    return get_asn1_length(buf, offset);
+}
+
+/**
+ * Skip over an ASN.1 object type completely. Get ready to read the next
+ * object.
+ */
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    int len;
+
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *offset += len;
+    return 0;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ * Note: This function allocates memory which must be freed by the user.
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
+{
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
+        goto end_int_array;
+
+    *object = (uint8_t *)malloc(len);
+    memcpy(*object, &buf[*offset], len);
+    *offset += len;
+
+end_int_array:
+    return len;
+}
+
+/**
+ * Get all the RSA private key specifics from an ASN.1 encoded file 
+ */
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
+{
+    int offset = 7;
+    uint8_t *modulus, *priv_exp, *pub_exp;
+    int mod_len, priv_len, pub_len;
+#ifdef CONFIG_BIGINT_CRT
+    uint8_t *p, *q, *dP, *dQ, *qInv;
+    int p_len, q_len, dP_len, dQ_len, qInv_len;
+#endif
+
+    /* not in der format */
+    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: This is not a valid ASN.1 file\n");
+#endif
+        return X509_INVALID_PRIV_KEY;
+    }
+
+    /* initialise the RNG */
+    RNG_initialize(buf, len);
+
+    mod_len = asn1_get_int(buf, &offset, &modulus);
+    pub_len = asn1_get_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_int(buf, &offset, &priv_exp);
+
+    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+#ifdef CONFIG_BIGINT_CRT
+    p_len = asn1_get_int(buf, &offset, &p);
+    q_len = asn1_get_int(buf, &offset, &q);
+    dP_len = asn1_get_int(buf, &offset, &dP);
+    dQ_len = asn1_get_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_int(buf, &offset, &qInv);
+
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || 
+                                dQ_len <= 0 || qInv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
+            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
+
+    free(p);
+    free(q);
+    free(dP);
+    free(dQ);
+    free(qInv);
+#else
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
+#endif
+
+    free(modulus);
+    free(priv_exp);
+    free(pub_exp);
+    return X509_OK;
+}
+
+/**
+ * Get the time of a certificate. Ignore hours/minutes/seconds.
+ */
+static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
+{
+    int ret = X509_NOT_OK, len, t_offset;
+    struct tm tm;
+
+    if (buf[(*offset)++] != ASN1_UTC_TIME)
+        goto end_utc_time;
+    len = get_asn1_length(buf, offset);
+    t_offset = *offset;
+
+    memset(&tm, 0, sizeof(struct tm));
+    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+    if (tm.tm_year <= 50)    /* 1951-2050 thing */
+    {
+        tm.tm_year += 100;
+    }
+
+    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+    *t = mktime(&tm);
+    *offset += len;
+    ret = X509_OK;
+
+end_utc_time:
+    return ret;
+}
+
+/**
+ * Get the version type of a certificate (which we don't actually care about)
+ */
+static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    (*offset) += 2;        /* get past explicit tag */
+    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
+        goto end_version;
+
+    ret = X509_OK;
+end_version:
+    return ret;
+}
+
+/**
+ * Retrieve the notbefore and notafter certificate times.
+ */
+static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+        asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+        asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+}
+
+/**
+ * Get the components of a distinguished name 
+ */
+static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
+{
+    int dn_type = 0;
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto end_oid;
+
+    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
+       components we are interested in. */
+    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
+        dn_type = buf[(*offset)++];
+    else
+    {
+        *offset += len;     /* skip over it */
+    }
+
+end_oid:
+    return dn_type;
+}
+
+/**
+ * Obtain an ASN.1 printable string type.
+ */
+static int asn1_get_printable_str(const uint8_t *buf,
+        int *offset, char **str)
+{
+    int len = X509_NOT_OK;
+
+    /* some certs have this awful crud in them for some reason */
+    if (buf[*offset] != ASN1_PRINTABLE_STR && 
+            buf[*offset] != ASN1_TELETEX_STR &&
+            buf[*offset] != ASN1_IA5_STR)
+        goto end_pnt_str;
+
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *str = (char *)malloc(len+1);       /* allow for null */
+    memcpy(*str, &buf[*offset], len);
+    (*str)[len] = 0;                    /* null terminate */
+    *offset += len;
+end_pnt_str:
+    return len;
+}
+
+/**
+ * Get the subject name (or the issuer) of a certificate.
+ */
+static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+{
+    int ret = X509_NOT_OK;
+    int dn_type;
+    char *tmp = NULL;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_name;
+
+    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
+    {
+        int i, found = 0;
+
+        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
+            goto end_name;
+
+        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
+        {
+            free(tmp);
+            goto end_name;
+        }
+
+        /* find the distinguished named type */
+        for (i = 0; i < X509_NUM_DN_TYPES; i++)
+        {
+            if (dn_type == g_dn_types[i])
+            {
+                if (dn[i] == NULL)
+                {
+                    dn[i] = tmp;
+                    found = 1;
+                    break;
+                }
+            }
+        }
+
+        if (found == 0) /* not found so get rid of it */
+        {
+            free(tmp);
+        }
+    }
+
+    ret = X509_OK;
+end_name:
+    return ret;
+}
+
+/**
+ * Read the modulus and public exponent of a certificate.
+ */
+static int asn1_public_key(const uint8_t *cert, int *offset,
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, mod_len, pub_len;
+    uint8_t *modulus, *pub_exp;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
+            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
+        goto end_pub_key;
+
+    (*offset)++;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_pub_key;
+
+    mod_len = asn1_get_int(cert, offset, &modulus);
+    pub_len = asn1_get_int(cert, offset, &pub_exp);
+
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len);
+
+    free(modulus);
+    free(pub_exp);
+    ret = X509_OK;
+
+end_pub_key:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Read the signature of the certificate.
+ */
+static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    if (cert[(*offset)++] != ASN1_BIT_STRING)
+        goto end_sig;
+
+    x509_ctx->sig_len = get_asn1_length(cert, offset);
+    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
+    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
+    *offset += x509_ctx->sig_len;
+    ret = X509_OK;
+
+end_sig:
+    return ret;
+}
+
+/*
+ * Compare 2 distinguished name components for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
+{
+    int ret = 1;
+
+    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
+
+    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
+
+err_no_match:
+    return ret;
+}
+
+/**
+ * Clean up all of the CA certificates.
+ */
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
+{
+    int i = 0;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+    {
+        x509_free(ca_cert_ctx->cert[i]);
+        ca_cert_ctx->cert[i++] = NULL;
+    }
+
+    free(ca_cert_ctx);
+}
+
+/*
+ * Compare 2 distinguished names for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn(char * const dn1[], char * const dn2[])
+{
+    int i;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
+        {
+            return 1;
+        }
+    }
+
+    return 0;       /* all good */
+}
+
+/**
+ * Retrieve the signature from a certificate.
+ */
+const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Read the signature type of the certificate. We only support RSA-MD5 and
+ * RSA-SHA1 signature types.
+ */
+static int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, len;
+
+    if (cert[(*offset)++] != ASN1_OID)
+        goto end_check_sig;
+
+    len = get_asn1_length(cert, offset);
+
+    if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
+        goto end_check_sig;     /* unrecognised cert type */
+
+    x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+
+    *offset += len;
+    if (asn1_skip_obj(cert, offset, ASN1_NULL))
+        goto end_check_sig;
+    ret = X509_OK;
+
+end_check_sig:
+    return ret;
+}
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    X509_CTX *x509_ctx;
+    BI_CTX *bi_ctx;
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
+    {
+        if (asn1_version(cert, &offset, x509_ctx))
+            goto end_cert;
+    }
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
+            asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    /* use the appropriate signature algorithm (either SHA1 or MD5) */
+    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    {
+        MD5_CTX md5_ctx;
+        uint8_t md5_dgst[MD5_SIZE];
+        MD5Init(&md5_ctx);
+        MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD5Final(&md5_ctx, md5_dgst);
+        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+    }
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
+    {
+        SHA1_CTX sha_ctx;
+        uint8_t sha_dgst[SHA1_SIZE];
+        SHA1Init(&sha_ctx);
+        SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA1Final(&sha_ctx, sha_dgst);
+        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+    }
+
+    offset = end_tbs;   /* skip the v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    ret = X509_OK;
+end_cert:
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Invalid X509 ASN.1 file\n");
+    }
+#endif
+
+    return ret;
+}
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - A root certificate exists in the certificate store.
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - The certificate chain is valid.
+ * - That the certificate(s) are not self-signed.
+ * - The signature of the certificate is valid.
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx;
+    bigint *mod, *expn;
+    struct timeval tv;
+    int match_ca_cert = 0;
+
+    if (cert == NULL || ca_cert_ctx == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* last cert in the chain - look for a trusted cert */
+    if (cert->next == NULL)
+    {
+        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            if (asn1_compare_dn(cert->ca_cert_dn,
+                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
+            {
+                match_ca_cert = 1;
+                break;
+            }
+
+            i++;
+        }
+
+        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            next_cert = ca_cert_ctx->cert[i];
+        }
+        else    /* trusted cert not found */
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else
+    {
+        next_cert = cert->next;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    /* check the chain integrity */
+    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
+    {
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+
+    /* check for self-signing */
+    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    ctx = cert->rsa_ctx->bi_ctx;
+    mod = next_cert->rsa_ctx->m;
+    expn = next_cert->rsa_ctx->e;
+    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
+            bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig)
+    {
+        ret = cert->digest ?    /* check the signature */
+            bi_compare(cert_sig, cert->digest) :
+            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        bi_free(ctx, cert_sig);
+
+        if (ret)
+            goto end_verify;
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+        goto end_verify;
+    }
+
+    /* go down the certificate chain using recursion. */
+    if (ret == 0 && cert->next)
+    {
+        ret = x509_verify(ca_cert_ctx, next_cert);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("----------------   CERT DEBUG   ----------------\n");
+    printf("* CA Cert Distinguished Name\n");
+    if (cert->ca_cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("* Cert Distinguished Name\n");
+    if (cert->cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("Not Before:\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    printf("Verify:\t\t\t");
+
+    if (ca_cert_ctx)
+    {
+        x509_display_error(x509_verify(ca_cert_ctx, cert));
+    }
+
+    printf("\n");
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(ca_cert_ctx, cert->next);
+    }
+}
+
+void x509_display_error(int error)
+{
+    switch (error)
+    {
+        case X509_NOT_OK:
+            printf("X509 not ok");
+            break;
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            printf("No trusted cert is available");
+            break;
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            printf("Bad signature");
+            break;
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            printf("Cert is not yet valid");
+            break;
+
+        case X509_VFY_ERROR_EXPIRED:
+            printf("Cert has expired");
+            break;
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            printf("Cert is self-signed");
+            break;
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            printf("Chain is invalid (check order of certs)");
+            break;
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            printf("Unsupported digest");
+            break;
+
+        case X509_INVALID_PRIV_KEY:
+            printf("Invalid private key");
+            break;
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+
diff --git a/ssl/bigint.c b/ssl/bigint.c
new file mode 100644
index 0000000000..9702dc4fcc
--- /dev/null
+++ b/ssl/bigint.c
@@ -0,0 +1,1508 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @defgroup bigint_api Big Integer API
+ * @brief The bigint implementation as used by the axTLS project.
+ *
+ * The bigint library is for RSA encryption/decryption as well as signing.
+ * This code tries to minimise use of malloc/free by maintaining a small 
+ * cache. A bigint context may maintain state by being made "permanent". 
+ * It be be later released with a bi_depermanent() and bi_free() call.
+ *
+ * It supports the following reduction techniques:
+ * - Classical
+ * - Barrett
+ * - Montgomery
+ *
+ * It also implements the following:
+ * - Karatsuba multiplication
+ * - Squaring
+ * - Sliding window exponentiation
+ * - Chinese Remainder Theorem (implemented in rsa.c).
+ *
+ * All the algorithms used are pretty standard, and designed for different
+ * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
+ * may need to be tested for negativity.
+ *
+ * This library steals some ideas from Jef Poskanzer
+ * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
+ * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
+ * detail from "The Handbook of Applied Cryptography"
+ * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
+ * @{
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "bigint.h"
+#include "crypto.h"
+
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
+static bigint *alloc(BI_CTX *ctx, int size);
+static bigint *trim(bigint *bi);
+static void more_comps(bigint *bi, int n);
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+static bigint *comp_right_shift(bigint *biR, int num_shifts);
+static bigint *comp_left_shift(bigint *biR, int num_shifts);
+#endif
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+static void check(const bigint *bi);
+#endif
+
+/**
+ * @brief Start a new bigint context.
+ * @return A bigint context.
+ */
+BI_CTX *bi_initialize(void)
+{
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
+
+    ctx->active_list = NULL;
+    ctx->active_count = 0;
+    ctx->free_list = NULL;
+    ctx->free_count = 0;
+    ctx->mod_offset = 0;
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    ctx->use_classical = 0;
+#endif
+
+    /* the radix */
+    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix->comps[0] = 0;
+    ctx->bi_radix->comps[1] = 1;
+    bi_permanent(ctx->bi_radix);
+
+    return ctx;
+}
+
+/**
+ * @brief Close the bigint context and free any resources.
+ *
+ * Free up any used memory - a check is done if all objects were not 
+ * properly freed.
+ * @param ctx [in]   The bigint session context.
+ */
+void bi_terminate(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    bi_depermanent(ctx->bi_radix); 
+    bi_free(ctx, ctx->bi_radix);
+
+    if (ctx->active_count != 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_terminate: there were %d un-freed bigints\n",
+                       ctx->active_count);
+#endif
+        abort();
+    }
+
+    for (p = ctx->free_list; p != NULL; p = pn)
+    {
+        pn = p->next;
+        free(p->comps);
+        free(p);
+    }
+
+    free(ctx);
+}
+
+/**
+ * @brief Increment the number of references to this object. 
+ * It does not do a full copy.
+ * @param bi [in]   The bigint to copy.
+ * @return A referent to the same bigint.
+ */
+bigint *bi_copy(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+        bi->refs++;
+    return bi;
+}
+
+/**
+ * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
+ *
+ * For this object to be freed, bi_depermanent() must be called.
+ * @param bi [in]   The bigint to be made permanent.
+ */
+void bi_permanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != 1)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_permanent: refs was not 1\n");
+#endif
+        abort();
+    }
+
+    bi->refs = PERMANENT;
+}
+
+/**
+ * @brief Take a permanent object and make it elligible for freedom.
+ * @param bi [in]   The bigint to be made back to temporary.
+ */
+void bi_depermanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_depermanent: bigint was not permanent\n");
+#endif
+        abort();
+    }
+
+    bi->refs = 1;
+}
+
+/**
+ * @brief Free a bigint object so it can be used again. 
+ *
+ * The memory itself it not actually freed, just tagged as being available 
+ * @param ctx [in]   The bigint session context.
+ * @param bi [in]    The bigint to be freed.
+ */
+void bi_free(BI_CTX *ctx, bigint *bi)
+{
+    check(bi);
+    if (bi->refs == PERMANENT)
+    {
+        return;
+    }
+
+    if (--bi->refs > 0)
+    {
+        return;
+    }
+
+    bi->next = ctx->free_list;
+    ctx->free_list = bi;
+    ctx->free_count++;
+
+    if (--ctx->active_count < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_free: active_count went negative "
+                "- double-freed bigint?\n");
+#endif
+        abort();
+    }
+}
+
+/**
+ * @brief Convert an (unsigned) integer into a bigint.
+ * @param ctx [in]   The bigint session context.
+ * @param i [in]     The (unsigned) integer to be converted.
+ * 
+ */
+bigint *int_to_bi(BI_CTX *ctx, comp i)
+{
+    bigint *biR = alloc(ctx, 1);
+    biR->comps[0] = i;
+    return biR;
+}
+
+/**
+ * @brief Do a full copy of the bigint object.
+ * @param ctx [in]   The bigint session context.
+ * @param bi  [in]   The bigint object to be copied.
+ */
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
+{
+    bigint *biR = alloc(ctx, bi->size);
+    check(bi);
+    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
+    return biR;
+}
+
+/**
+ * @brief Perform an additon operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the addition.
+ */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int n;
+    comp carry = 0;
+    comp *pa, *pb;
+
+    check(bia);
+    check(bib);
+
+    n = max(bia->size, bib->size);
+    more_comps(bia, n+1);
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do
+    {
+        comp  sl, rl, cy1;
+        sl = *pa + *pb++;
+        rl = sl + carry;
+        cy1 = sl < *pa;
+        carry = cy1 | (rl < sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    *pa = carry;                  /* do overflow */
+    bi_free(ctx, bib);
+    return trim(bia);
+}
+
+/**
+ * @brief Perform a subtraction operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @param is_negative [out] If defined, indicates that the result was negative.
+ * is_negative may be NULL.
+ * @return The result of the subtraction. The result is always positive.
+ */
+bigint *bi_subtract(BI_CTX *ctx, 
+        bigint *bia, bigint *bib, int *is_negative)
+{
+    int n = bia->size;
+    comp *pa, *pb, carry = 0;
+
+    check(bia);
+    check(bib);
+
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do 
+    {
+        comp sl, rl, cy1;
+        sl = *pa - *pb++;
+        rl = sl - carry;
+        cy1 = sl > *pa;
+        carry = cy1 | (rl > sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    if (is_negative)    /* indicate a negative result */
+    {
+        *is_negative = carry;
+    }
+
+    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
+    return trim(bia);
+}
+
+/**
+ * Perform a multiply between a bigint an an (unsigned) integer
+ */
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
+{
+    int j = 0, n = bia->size;
+    bigint *biR = alloc(ctx, n + 1);
+    comp carry = 0;
+    comp *r = biR->comps;
+    comp *a = bia->comps;
+
+    check(bia);
+
+    /* clear things to start with */
+    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
+
+    do
+    {
+        long_comp tmp = *r + (long_comp)a[j]*b + carry;
+        *r++ = (comp)tmp;              /* downsize */
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+    } while (++j < n);
+
+    *r = carry;
+    bi_free(ctx, bia);
+    return trim(biR);
+}
+
+/**
+ * @brief Does both division and modulo calculations. 
+ *
+ * Used extensively when doing classical reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param u [in]    A bigint which is the numerator.
+ * @param v [in]    Either the denominator or the modulus depending on the mode.
+ * @param is_mod [n] Determines if this is a normal division (0) or a reduction
+ * (1).
+ * @return  The result of the division/reduction.
+ */
+bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
+{
+    int n = v->size, m = u->size-n;
+    int j = 0, orig_u_size = u->size;
+    uint8_t mod_offset = ctx->mod_offset;
+    comp d;
+    bigint *quotient, *tmp_u;
+    comp q_dash;
+
+    check(u);
+    check(v);
+
+    /* if doing reduction and we are < mod, then return mod */
+    if (is_mod && bi_compare(v, u) > 0)
+    {
+        bi_free(ctx, v);
+        return u;
+    }
+
+    quotient = alloc(ctx, m+1);
+    tmp_u = alloc(ctx, n+1);
+    v = trim(v);        /* make sure we have no leading 0's */
+    d = (comp)((long_comp)COMP_RADIX/(V1+1));
+
+    /* clear things to start with */
+    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
+
+    /* normalise */
+    if (d > 1)
+    {
+        u = bi_int_multiply(ctx, u, d);
+
+        if (is_mod)
+        {
+            v = ctx->bi_normalised_mod[mod_offset];
+        }
+        else
+        {
+            v = bi_int_multiply(ctx, v, d);
+        }
+    }
+
+    if (orig_u_size == u->size)  /* new digit position u0 */
+    {
+        more_comps(u, orig_u_size + 1);
+    }
+
+    do
+    {
+        /* get a temporary short version of u */
+        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
+
+        /* calculate q' */
+        if (U(0) == V1)
+        {
+            q_dash = COMP_RADIX-1;
+        }
+        else
+        {
+            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
+        }
+
+        if (v->size > 1 && V2)
+        {
+            /* we are implementing the following
+            if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                    q_dash*V1)*COMP_RADIX) + U(2))) ... */
+            comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                        (long_comp)q_dash*V1);
+            if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+            {
+                q_dash--;
+            }
+        }
+
+        /* multiply and subtract */
+        if (q_dash)
+        {
+            int is_negative;
+            tmp_u = bi_subtract(ctx, tmp_u, 
+                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
+            more_comps(tmp_u, n+1);
+
+            Q(j) = q_dash; 
+
+            /* add back */
+            if (is_negative)
+            {
+                Q(j)--;
+                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+                /* lop off the carry */
+                tmp_u->size--;
+                v->size--;
+            }
+        }
+        else
+        {
+            Q(j) = 0; 
+        }
+
+        /* copy back to u */
+        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
+    } while (++j <= m);
+
+    bi_free(ctx, tmp_u);
+    bi_free(ctx, v);
+
+    if (is_mod)     /* get the remainder */
+    {
+        bi_free(ctx, quotient);
+        return bi_int_divide(ctx, trim(u), d);
+    }
+    else            /* get the quotient */
+    {
+        bi_free(ctx, u);
+        return trim(quotient);
+    }
+}
+
+/**
+ * Perform an integer divide on a bigint.
+ */
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
+{
+    int i = biR->size - 1;
+    long_comp r = 0;
+
+    check(biR);
+
+    do
+    {
+        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
+        biR->comps[i] = (comp)(r / denom);
+        r %= denom;
+    } while (--i != 0);
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+/**
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
+ * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * find N0' from N0 and b */
+static comp modular_inverse(bigint *bim)
+{
+    int i;
+    comp t = 1;
+    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    long_comp two_2_i = 4;      /* 2^i */
+    comp N = bim->comps[0];
+
+    for (i = 2; i <= COMP_BIT_SIZE; i++)
+    {
+        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
+        {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (comp)(COMP_RADIX-t);
+}
+#endif
+
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * Take each component and shift down (in terms of components) 
+ */
+static bigint *comp_right_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-num_shifts;
+    comp *x = biR->comps;
+    comp *y = &biR->comps[num_shifts];
+
+    check(biR);
+
+    if (i <= 0)     /* have we completely right shifted? */
+    {
+        biR->comps[0] = 0;  /* return 0 */
+        biR->size = 1;
+        return biR;
+    }
+
+    do
+    {
+        *x++ = *y++;
+    } while (--i > 0);
+
+    biR->size -= num_shifts;
+    return biR;
+}
+
+/**
+ * Take each component and shift it up (in terms of components) 
+ */
+static bigint *comp_left_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-1;
+    comp *x, *y;
+
+    check(biR);
+
+    if (num_shifts <= 0)
+    {
+        return biR;
+    }
+
+    more_comps(biR, biR->size + num_shifts);
+
+    x = &biR->comps[i+num_shifts];
+    y = &biR->comps[i];
+
+    do
+    {
+        *x-- = *y--;
+    } while (i--);
+
+    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
+    return biR;
+}
+#endif
+
+/**
+ * @brief Allow a binary sequence to be imported as a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] The data to be converted.
+ * @param size [in] The number of bytes of data.
+ * @return A bigint representing this data.
+ */
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
+{
+    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
+    int i, j = 0, offset = 0;
+
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        biR->comps[offset] += data[i] << (j*8);
+
+        if (++j == COMP_BYTE_SIZE)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * @brief The testharness uses this code to import text hex-streams and 
+ * convert them into bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] A string consisting of hex characters. The characters must
+ * be in upper case.
+ * @return A bigint representing this data.
+ */
+bigint *bi_str_import(BI_CTX *ctx, const char *data)
+{
+    int size = strlen(data);
+    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
+    int i, j = 0, offset = 0;
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
+        biR->comps[offset] += num << (j*4);
+
+        if (++j == COMP_NUM_NIBBLES)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return biR;
+}
+
+void bi_print(const char *label, bigint *x)
+{
+    int i, j;
+
+    if (x == NULL)
+    {
+        printf("%s: (null)\n", label);
+        return;
+    }
+
+    printf("%s: (size %d)\n", label, x->size);
+    for (i = x->size-1; i >= 0; i--)
+    {
+        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
+        {
+            comp mask = 0x0f << (j*4);
+            comp num = (x->comps[i] & mask) >> (j*4);
+            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
+        }
+    }  
+
+    printf("\n");
+}
+#endif
+
+/**
+ * @brief Take a bigint and convert it into a byte sequence. 
+ *
+ * This is useful after a decrypt operation.
+ * @param ctx [in]  The bigint session context.
+ * @param x [in]  The bigint to be converted.
+ * @param data [out] The converted data as a byte stream.
+ * @param size [in] The maximum size of the byte stream. Unused bytes will be
+ * zeroed.
+ */
+void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
+{
+    int i, j, k = size-1;
+
+    check(x);
+    memset(data, 0, size);  /* ensure all leading 0's are cleared */
+
+    for (i = 0; i < x->size; i++)
+    {
+        for (j = 0; j < COMP_BYTE_SIZE; j++)
+        {
+            comp mask = 0xff << (j*8);
+            int num = (x->comps[i] & mask) >> (j*8);
+            data[k--] = num;
+
+            if (k < 0)
+            {
+                break;
+            }
+        }
+    }
+
+    bi_free(ctx, x);
+}
+
+/**
+ * @brief Pre-calculate some of the expensive steps in reduction. 
+ *
+ * This function should only be called once (normally when a session starts).
+ * When the session is over, bi_free_mod() should be called. bi_mod_power()
+ * relies on this function being called.
+ * @param ctx [in]  The bigint session context.
+ * @param bim [in]  The bigint modulus that will be used.
+ * @param mod_offset [in] There are three moduluii that can be stored - the
+ * standard modulus, and it's two primes p and q. This offset refers to which
+ * modulus we are referring to.
+ * @see bi_free_mod(), bi_mod_power().
+ */
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
+{
+    int k = bim->size;
+    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    bigint *R, *R2;
+#endif
+
+    ctx->bi_mod[mod_offset] = bim;
+    bi_permanent(ctx->bi_mod[mod_offset]);
+    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
+    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    /* set montgomery variables */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);        /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);     /* R^2 */
+    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
+    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
+
+    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
+
+    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+#elif defined (CONFIG_BIGINT_BARRETT)
+    ctx->bi_mu[mod_offset] = 
+        bi_divide(ctx, comp_left_shift(
+               bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+    bi_permanent(ctx->bi_mu[mod_offset]);
+#endif
+}
+
+/**
+ * @brief Used when cleaning various bigints at the end of a session.
+ * @param ctx [in]  The bigint session context.
+ * @param mod_offset [in] The offset to use.
+ * @see bi_set_mod().
+ */
+void bi_free_mod(BI_CTX *ctx, int mod_offset)
+{
+    bi_depermanent(ctx->bi_mod[mod_offset]);
+    bi_free(ctx, ctx->bi_mod[mod_offset]);
+#if defined (CONFIG_BIGINT_MONTGOMERY)
+    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_free(ctx, ctx->bi_mu[mod_offset]);
+#endif
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
+}
+
+/** 
+ * Perform a standard multiplication between two bigints.
+ */
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int i, j, i_plus_j, n = bia->size, t = bib->size;
+    bigint *biR = alloc(ctx, n + t);
+    comp *sr = biR->comps;
+    comp *sa = bia->comps;
+    comp *sb = bib->comps;
+
+    check(bia);
+    check(bib);
+
+    /* clear things to start with */
+    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
+    i = 0;
+
+    do 
+    {
+        comp carry = 0;
+        comp b = *sb++;
+        i_plus_j = i;
+        j = 0;
+
+        do
+        {
+            long_comp tmp = sr[i_plus_j] + (long_comp)sa[j]*b + carry;
+            sr[i_plus_j++] = (comp)tmp;              /* downsize */
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        } while (++j < n);
+
+        sr[i_plus_j] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+/*
+ * Karatsuba improves on regular multiplication due to only 3 multiplications 
+ * being done instead of 4. The additional additions/subtractions are O(N) 
+ * rather than O(N^2) and so for big numbers it saves on a few operations 
+ */
+static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
+{
+    bigint *x0, *x1;
+    bigint *p0, *p1, *p2;
+    int m;
+
+    if (is_square)
+    {
+        m = (bia->size + 1)/2;
+    }
+    else
+    {
+        m = (max(bia->size, bib->size) + 1)/2;
+    }
+
+    x0 = bi_clone(ctx, bia);
+    x0->size = m;
+    x1 = bi_clone(ctx, bia);
+    comp_right_shift(x1, m);
+    bi_free(ctx, bia);
+
+    /* work out the 3 partial products */
+    if (is_square)
+    {
+        p0 = bi_square(ctx, bi_copy(x0));
+        p2 = bi_square(ctx, bi_copy(x1));
+        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
+    }
+    else /* normal multiply */
+    {
+        bigint *y0, *y1;
+        y0 = bi_clone(ctx, bib);
+        y0->size = m;
+        y1 = bi_clone(ctx, bib);
+        comp_right_shift(y1, m);
+        bi_free(ctx, bib);
+
+        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
+        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
+        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
+    }
+
+    p1 = bi_subtract(ctx, 
+            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
+
+    comp_left_shift(p1, m);
+    comp_left_shift(p2, 2*m);
+    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
+}
+#endif
+
+/**
+ * @brief Perform a multiplication operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    check(bia);
+    check(bib);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    {
+        return regular_multiply(ctx, bia, bib);
+    }
+
+    return karatsuba(ctx, bia, bib, 0);
+#else
+    return regular_multiply(ctx, bia, bib);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_SQUARE
+/*
+ * Perform the actual square operion. It takes into account overflow 
+ */
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+{
+    int t = bi->size;
+    int i = 0, j;
+    bigint *biR = alloc(ctx, t*2);
+    comp *w = biR->comps;
+    comp *x = bi->comps;
+    comp carry;
+
+    memset(w, 0, biR->size*COMP_BYTE_SIZE);
+
+    do
+    {
+        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
+        comp u = 0;
+        w[2*i] = (comp)tmp;
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+
+        for (j = i+1; j < t; j++)
+        {
+            long_comp xx = (long_comp)x[i]*x[j];
+            long_comp blob = (long_comp)w[i+j]+carry;
+
+            if (u)                  /* previous overflow */
+            {
+                blob += COMP_RADIX;
+            }
+
+            u = 0;
+            if (xx & COMP_BIG_MSB)  /* check for overflow */
+            {
+                u = 1;
+            }
+
+            tmp = 2*xx + blob;
+            w[i+j] = (comp)tmp;
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        }
+
+        w[i+t] += carry;
+        if (u)
+        {
+            w[i+t+1] = 1;   /* add carry */
+        }
+    } while (++i < t);
+
+    bi_free(ctx, bi);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a square operation on a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_square(BI_CTX *ctx, bigint *bia)
+{
+    check(bia);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (bia->size < SQU_KARATSUBA_THRESH) 
+    {
+        return regular_square(ctx, bia);
+    }
+
+    return karatsuba(ctx, bia, NULL, 1);
+#else
+    return regular_square(ctx, bia);
+#endif
+}
+#endif
+
+/**
+ * @brief Compare two bigints.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return -1 if smaller, 1 if larger and 0 if equal.
+ */
+int bi_compare(bigint *bia, bigint *bib)
+{
+    int r, i;
+
+    check(bia);
+    check(bib);
+
+    if (bia->size > bib->size)
+        r = 1;
+    else if (bia->size < bib->size)
+        r = -1;
+    else
+    {
+        comp *a = bia->comps; 
+        comp *b = bib->comps; 
+
+        /* Same number of components.  Compare starting from the high end
+         * and working down. */
+        r = 0;
+        i = bia->size - 1;
+
+        do 
+        {
+            if (a[i] > b[i])
+            { 
+                r = 1;
+                break; 
+            }
+            else if (a[i] < b[i])
+            { 
+                r = -1;
+                break; 
+            }
+        } while (--i >= 0);
+    }
+
+    return r;
+}
+
+/**
+ * Allocate and zero more components.  Does not consume bi. 
+ */
+static void more_comps(bigint *bi, int n)
+{
+    if (n > bi->max_comps)
+    {
+        bi->max_comps = max(bi->max_comps * 2, n);
+        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
+    }
+
+    if (n > bi->size)
+    {
+        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
+    }
+
+    bi->size = n;
+}
+
+/*
+ * Make a new empty bigint. It may just use an old one if one is available.
+ * Otherwise get one of the heap.
+ */
+static bigint *alloc(BI_CTX *ctx, int size)
+{
+    bigint *biR;
+
+    /* Can we recycle an old bigint? */
+    if (ctx->free_list != NULL)
+    {
+        biR = ctx->free_list;
+        ctx->free_list = biR->next;
+        ctx->free_count--;
+        if (biR->refs != 0)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("alloc: refs was not 0\n");
+#endif
+            abort();
+        }
+
+        more_comps(biR, size);
+    }
+    else
+    {
+        /* No free bigints available - create a new one. */
+        biR = (bigint *)malloc(sizeof(bigint));
+        biR->comps = (comp*) malloc(size * COMP_BYTE_SIZE);
+        biR->max_comps = size;  /* give some space to spare */
+    }
+
+    biR->size = size;
+    biR->refs = 1;
+    biR->next = NULL;
+    ctx->active_count++;
+    return biR;
+}
+
+/*
+ * Work out the highest '1' bit in an exponent. Used when doing sliding-window
+ * exponentiation.
+ */
+static int find_max_exp_index(bigint *biexp)
+{
+    int i = COMP_BIT_SIZE-1;
+    comp shift = COMP_RADIX/2;
+    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
+
+    check(biexp);
+
+    do
+    {
+        if (test & shift)
+        {
+            return i+(biexp->size-1)*COMP_BIT_SIZE;
+        }
+
+        shift >>= 1;
+    } while (--i != 0);
+
+    return -1;      /* error - must have been a leading 0 */
+}
+
+/*
+ * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
+ * exponentiation.
+ */
+static int exp_bit_is_one(bigint *biexp, int offset)
+{
+    comp test = biexp->comps[offset / COMP_BIT_SIZE];
+    int num_shifts = offset % COMP_BIT_SIZE;
+    comp shift = 1;
+    int i;
+
+    check(biexp);
+
+    for (i = 0; i < num_shifts; i++)
+    {
+        shift <<= 1;
+    }
+
+    return test & shift;
+}
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+/*
+ * Perform a sanity check on bi.
+ */
+static void check(const bigint *bi)
+{
+    if (bi->refs <= 0)
+    {
+        printf("check: zero or negative refs in bigint\n");
+        abort();
+    }
+
+    if (bi->next != NULL)
+    {
+        printf("check: attempt to use a bigint from "
+                "the free list\n");
+        abort();
+    }
+}
+#endif
+
+/*
+ * Delete any leading 0's (and allow for 0).
+ */
+static bigint *trim(bigint *bi)
+{
+    check(bi);
+
+    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
+    {
+        bi->size--;
+    }
+
+    return bi;
+}
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * @brief Perform a single montgomery reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bixy [in]  A bigint.
+ * @return The result of the montgomery reduction.
+ */
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
+{
+    int i = 0, n;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    comp mod_inv = ctx->N0_dash[mod_offset];
+
+    check(bixy);
+
+    if (ctx->use_classical)     /* just use classical instead */
+    {
+        return bi_mod(ctx, bixy);
+    }
+
+    n = bim->size;
+
+    do
+    {
+        bixy = bi_add(ctx, bixy, comp_left_shift(
+                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
+    } while (++i < n);
+
+    comp_right_shift(bixy, n);
+
+    if (bi_compare(bixy, bim) >= 0)
+    {
+        bixy = bi_subtract(ctx, bixy, bim, NULL);
+    }
+
+    return bixy;
+}
+
+#elif defined(CONFIG_BIGINT_BARRETT)
+/*
+ * Stomp on the most significant components to give the illusion of a "mod base
+ * radix" operation 
+ */
+static bigint *comp_mod(bigint *bi, int mod)
+{
+    check(bi);
+
+    if (bi->size > mod)
+    {
+        bi->size = mod;
+    }
+
+    return bi;
+}
+
+/*
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over classical/Montgomery reduction methods. 
+ */
+static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
+{
+    int i = 0, j, n = bia->size, t = bib->size;
+    bigint *biR;
+    comp carry;
+    comp *sr, *sa, *sb;
+
+    check(bia);
+    check(bib);
+
+    biR = alloc(ctx, n + t);
+    sa = bia->comps;
+    sb = bib->comps;
+    sr = biR->comps;
+
+    if (inner_partial)
+    {
+        memset(sr, 0, inner_partial*COMP_BYTE_SIZE); 
+    }
+    else    /* outer partial */
+    {
+        if (n < outer_partial || t < outer_partial) /* should we bother? */
+        {
+            bi_free(ctx, bia);
+            bi_free(ctx, bib);
+            biR->comps[0] = 0;      /* return 0 */
+            biR->size = 1;
+            return biR;
+        }
+
+        memset(&sr[outer_partial], 0, (n+t-outer_partial)*COMP_BYTE_SIZE);
+    }
+
+    do 
+    {
+        comp *a = sa;
+        comp b = *sb++;
+        long_comp tmp;
+        int i_plus_j = i;
+        carry = 0;
+        j = n;
+
+        if (outer_partial && i_plus_j < outer_partial)
+        {
+            i_plus_j = outer_partial;
+            a = &sa[outer_partial-i];
+            j = n-(outer_partial-i);
+        }
+
+        do
+        {
+            if (inner_partial && i_plus_j >= inner_partial) 
+            {
+                break;
+            }
+
+            tmp = sr[i_plus_j] + ((long_comp)*a++)*b + carry;
+            sr[i_plus_j++] = (comp)tmp;              /* downsize */
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        } while (--j != 0);
+
+        sr[i_plus_j] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a single barrett reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bi [in]  A bigint.
+ * @return The result of the barrett reduction.
+ */
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
+{
+    bigint *q1, *q2, *q3, *r1, *r2, *r;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    int k = bim->size;
+
+    check(bi);
+    check(bim);
+
+    /* use classical method instead  - Barrett cannot help here */
+    if (bi->size > k*2)
+    {
+        return bi_mod(ctx, bi);
+    }
+
+    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
+
+    /* do outer partial multiply */
+    q2 = partial_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q3 = comp_right_shift(q2, k+1);
+    r1 = comp_mod(bi, k+1);
+
+    /* do inner partial multiply */
+    r2 = comp_mod(partial_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r = bi_subtract(ctx, r1, r2, NULL);
+
+    /* if (r >= m) r = r - m; */
+    if (bi_compare(r, bim) >= 0)
+    {
+        r = bi_subtract(ctx, r, bim, NULL);
+    }
+
+    return r;
+}
+#endif /* CONFIG_BIGINT_BARRETT */
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+/*
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ */
+static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
+{
+    int k = 1;
+    int i;
+    bigint *g2;
+
+    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
+    {
+        k <<= 1;
+    }
+
+    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, g1);
+    bi_permanent(ctx->g[0]);
+    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
+
+    for (i = 1; i < k; i++)
+    {
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], 
+                    bi_copy(g2)));
+        bi_permanent(ctx->g[i]);
+    }
+
+    bi_free(ctx, g2);
+    ctx->window = k;
+}
+#endif
+
+/**
+ * @brief Perform a modular exponentiation.
+ *
+ * This function requires bi_set_mod() to have been called previously. This is 
+ * one of the optimisations used for performance.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint on which to perform the mod power operation.
+ * @param biexp [in] The bigint exponent.
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
+{
+    int i = find_max_exp_index(biexp), j, window_size = 1;
+    bigint *biR = int_to_bi(ctx, 1);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    uint8_t mod_offset = ctx->mod_offset;
+    if (!ctx->use_classical)
+    {
+        /* preconvert */
+        bi = bi_residue(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset])); /* x' */
+        bi_free(ctx, biR);
+        biR = ctx->bi_R_mod_m[mod_offset];
+    }
+#endif
+
+    check(bi);
+    check(biexp);
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+    for (j = i; j > 32; j /= 5) /* work out an optimum size */
+    {
+        window_size++;
+    }
+
+    /* work out the slide constants */
+    precompute_slide_window(ctx, window_size, bi);
+#else   /* just one constant */
+    ctx->g = (bigint **)malloc(sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, bi);
+    ctx->window = 1;
+    bi_permanent(ctx->g[0]);
+#endif
+
+    /* if sliding-window is off, then only one bit will be done at a time and
+     * will reduce to standard left-to-right exponentiation */
+    do
+    {
+        if (exp_bit_is_one(biexp, i))
+        {
+            int l = i-window_size+1;
+            int part_exp = 0;
+
+            if (l < 0)  /* LSB of exponent will always be 1 */
+            {
+                l = 0;
+            }
+            else
+            {
+                while (exp_bit_is_one(biexp, l) == 0)
+                {
+                    l++;    /* go back up */
+                }
+            }
+
+            /* build up the section of the exponent */
+            for (j = i; j >= l; j--)
+            {
+                biR = bi_residue(ctx, bi_square(ctx, biR));
+                if (exp_bit_is_one(biexp, j))
+                    part_exp++;
+
+                if (j != l)
+                    part_exp <<= 1;
+            }
+
+            part_exp = (part_exp-1)/2;  /* adjust for array */
+            biR = bi_residue(ctx, 
+                    bi_multiply(ctx, biR, ctx->g[part_exp]));
+            i = l-1;
+        }
+        else    /* square it */
+        {
+            biR = bi_residue(ctx, bi_square(ctx, biR));
+            i--;
+        }
+    } while (i >= 0);
+     
+    /* cleanup */
+    for (i = 0; i < ctx->window; i++)
+    {
+        bi_depermanent(ctx->g[i]);
+        bi_free(ctx, ctx->g[i]);
+    }
+
+    free(ctx->g);
+    bi_free(ctx, bi);
+    bi_free(ctx, biexp);
+#if defined CONFIG_BIGINT_MONTGOMERY
+    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
+#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
+    return biR;
+#endif
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * @brief Perform a modular exponentiation using a temporary modulus.
+ *
+ * We need this function to check the signatures of certificates. The modulus
+ * of this function is temporary as it's just used for authentication.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param bim [in]  The temporary modulus.
+ * @param biexp [in] The bigint exponent.
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
+{
+    bigint *biR, *tmp_biR;
+
+    /* Set up a temporary bigint context and transfer what we need between
+     * them. We need to do this since we want to keep the original modulus
+     * which is already in this context. This operation is only called when
+     * doing peer verification, and so is not expensive :-) */
+    BI_CTX *tmp_ctx = bi_initialize();
+    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
+    tmp_biR = bi_mod_power(tmp_ctx, 
+                bi_clone(tmp_ctx, bi), 
+                bi_clone(tmp_ctx, biexp));
+    biR = bi_clone(ctx, tmp_biR);
+    bi_free(tmp_ctx, tmp_biR);
+    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
+    bi_terminate(tmp_ctx);
+
+    bi_free(ctx, bi);
+    bi_free(ctx, bim);
+    bi_free(ctx, biexp);
+    return biR;
+}
+#endif
+/** @} */
diff --git a/ssl/bigint.h b/ssl/bigint.h
new file mode 100644
index 0000000000..c98b3837d0
--- /dev/null
+++ b/ssl/bigint.h
@@ -0,0 +1,97 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef BIGINT_HEADER
+#define BIGINT_HEADER
+
+#include "config.h"
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
+
+#if !defined(CONFIG_BIGINT_MONTGOMERY) || !defined(CONFIG_BIGINT_BARRETT)
+#define CONFIG_BIGINT_CLASSICAL 1
+#endif
+
+#include "os_port.h"
+#include "bigint_impl.h"
+
+#ifndef CONFIG_BIGINT_CHECK_ON
+#define check(A)                /**< disappears in normal production mode */
+#endif
+BI_CTX *bi_initialize(void);
+void bi_terminate(BI_CTX *ctx);
+void bi_permanent(bigint *bi);
+void bi_depermanent(bigint *bi);
+void bi_free(BI_CTX *ctx, bigint *bi);
+bigint *bi_copy(bigint *bi);
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
+void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
+bigint *int_to_bi(BI_CTX *ctx, comp i);
+
+/* the functions that actually do something interesting */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
+        bigint *bib, int *is_negative);
+bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
+int bi_compare(bigint *bia, bigint *bib);
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
+void bi_free_mod(BI_CTX *ctx, int mod_offset);
+
+#ifdef CONFIG_SSL_FULL_MODE
+void bi_print(const char *label, bigint *bi);
+bigint *bi_str_import(BI_CTX *ctx, const char *data);
+#endif
+
+/**
+ * @def bi_mod
+ * Find the residue of B. bi_set_mod() must be called before hand.
+ */
+#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
+
+/**
+ * bi_residue() is technically the same as bi_mod(), but it uses the
+ * appropriate reduction technique (which is bi_mod() when doing classical
+ * reduction).
+ */
+#if defined(CONFIG_BIGINT_CLASSICAL)
+#define bi_residue(A, B)         bi_mod(A, B)
+#elif defined(CONFIG_BIGINT_BARRETT)
+#define bi_residue(A, B)         bi_barrett(A, B)
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
+#else   /* CONFIG_BIGINT_MONTGOMERY */
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#endif
+
+#ifdef CONFIG_BIGINT_SQUARE
+bigint *bi_square(BI_CTX *ctx, bigint *bi);
+#else
+#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
+#endif
+
+#endif
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
new file mode 100644
index 0000000000..1897fec16d
--- /dev/null
+++ b/ssl/bigint_impl.h
@@ -0,0 +1,106 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef BIGINT_IMPL_HEADER
+#define BIGINT_IMPL_HEADER
+
+/* Maintain a number of precomputed variables when doing reduction */
+#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
+#ifdef CONFIG_BIGINT_CRT
+#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
+#define BIGINT_Q_OFFSET     2    /**< q module offset. */
+#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
+#else
+#define BIGINT_NUM_MODS     1    
+#endif
+
+/* Architecture specific functions for big ints */
+#ifdef WIN32
+#define COMP_RADIX          4294967296i64         
+#define COMP_BIG_MSB        0x8000000000000000i64 
+#else
+#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
+#define COMP_BIG_MSB        0x8000000000000000ULL /**< (Max dbl comp + 1)/ 2 */
+#endif
+#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
+
+typedef uint32_t comp;	        /**< A single precision component. */
+typedef uint64_t long_comp;     /**< A double precision component. */
+typedef int64_t slong_comp;     /**< A signed double precision component. */
+
+/**
+ * @struct  _bigint
+ * @brief A big integer basic object
+ */
+struct _bigint
+{
+    struct _bigint* next;       /**< The next bigint in the cache. */
+    short size;                 /**< The number of components in this bigint. */
+    short max_comps;            /**< The heapsize allocated for this bigint */
+    int refs;                   /**< An internal reference count. */
+    comp* comps;                /**< A ptr to the actual component data */
+};
+
+typedef struct _bigint bigint;  /**< An alias for _bigint */
+
+/**
+ * Maintains the state of the cache, and a number of variables used in 
+ * reduction.
+ */
+typedef struct /**< A big integer "session" context. */
+{
+    bigint *active_list;                    /**< Bigints currently used. */
+    bigint *free_list;                      /**< Bigints not used. */
+    bigint *bi_radix;                       /**< The radix used. */
+    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
+    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
+    comp N0_dash[BIGINT_NUM_MODS];
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
+#endif
+    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
+    bigint **g;                 /**< Used by sliding-window. */
+    int window;                 /**< The size of the sliding window */
+
+    int active_count;           /**< Number of active bigints. */
+    int free_count;             /**< Number of free bigints. */
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    uint8_t use_classical;      /**< Use classical reduction. */
+#endif
+    uint8_t mod_offset;         /**< The mod offset we are using */
+} BI_CTX;
+
+#ifndef WIN32
+#define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
+#endif
+
+#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
+
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
+#endif
diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..21697abaa6
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,37 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x01, 0x92, 0x30, 0x81, 0xfc, 0x02, 0x09, 0x00, 0xf1, 0xc3,
+  0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc2, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
+  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34, 0x31,
+  0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61, 0x78,
+  0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x20,
+  0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+  0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
+  0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x30,
+  0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x33,
+  0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x30,
+  0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d,
+  0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63,
+  0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09,
+  0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x5c, 0x30,
+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+  0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xd1, 0x3b,
+  0x30, 0x5f, 0xa9, 0x01, 0x42, 0x3d, 0x86, 0x6d, 0x72, 0xbe, 0x40, 0x6e,
+  0x51, 0xc1, 0x49, 0x7f, 0x57, 0x75, 0xa1, 0x2d, 0x36, 0xe5, 0xc1, 0x3d,
+  0x0f, 0x20, 0x1a, 0xd1, 0x23, 0x6d, 0xfa, 0x74, 0xd2, 0x3e, 0x23, 0xb0,
+  0x70, 0xfc, 0xa0, 0x6a, 0xde, 0xec, 0x41, 0x88, 0x84, 0xfe, 0x54, 0x15,
+  0x6b, 0x61, 0xc5, 0x16, 0x62, 0xb8, 0x93, 0x41, 0xf1, 0x4f, 0x3d, 0xff,
+  0x2e, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
+  0x81, 0x00, 0x0a, 0x45, 0x3e, 0x8b, 0xc0, 0x5a, 0xf5, 0xc5, 0xe7, 0x49,
+  0x6f, 0x8a, 0xab, 0xbe, 0x30, 0x7e, 0x13, 0x05, 0x7f, 0xd2, 0x9e, 0x13,
+  0x34, 0xd5, 0xd4, 0x4b, 0xd4, 0xb7, 0xd2, 0xb3, 0x12, 0x16, 0xf4, 0x5a,
+  0xaf, 0xb5, 0x71, 0xbc, 0xb3, 0xf5, 0x96, 0x96, 0x23, 0xf4, 0xf4, 0x75,
+  0x24, 0x64, 0x99, 0x30, 0x6f, 0xc1, 0xea, 0x14, 0x78, 0xca, 0xe9, 0x85,
+  0x46, 0x3c, 0x1e, 0x97, 0xd1, 0x4f, 0x80, 0xd7, 0x16, 0x09, 0x6e, 0x03,
+  0x5c, 0x05, 0xaa, 0xcf, 0x75, 0x10, 0x17, 0xba, 0x19, 0xb4, 0x92, 0xfa,
+  0x2b, 0xe5, 0xc9, 0xa5, 0x0d, 0x20, 0xc0, 0x2f, 0x8d, 0xc5, 0xcf, 0x91,
+  0x44, 0x63, 0x4b, 0x32, 0x52, 0xbb, 0x74, 0xb8, 0xaa, 0x16, 0x1f, 0xd5,
+  0xa9, 0x92, 0xde, 0x8f, 0x95, 0xf2, 0xf7, 0x73, 0x34, 0x27, 0x26, 0x41,
+  0x88, 0xb5, 0x7c, 0xf0, 0xff, 0x9c, 0xd3, 0xc8, 0x1d, 0xec
+};
+unsigned int default_certificate_len = 406;
diff --git a/ssl/crypto.h b/ssl/crypto.h
new file mode 100644
index 0000000000..df25e64029
--- /dev/null
+++ b/ssl/crypto.h
@@ -0,0 +1,292 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bigint.h"
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[16];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    int x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
+    uint32_t Length_Low;            /* Message length in bits      */
+    uint32_t Length_High;           /* Message length in bits      */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks      */
+} SHA1_CTX;
+
+void SHA1Init(SHA1_CTX *);
+void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1Final(SHA1_CTX *, uint8_t *digest);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+/* MD5 context. */
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+void MD5Init(MD5_CTX *);
+void MD5Update(MD5_CTX *, const uint8_t *msg, int len);
+void MD5Final(MD5_CTX *, uint8_t *digest);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+void RNG_initialize(const uint8_t *seed_buf, int size);
+void RNG_terminate(void);
+void get_random(int num_rand_bytes, uint8_t *rand_data);
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    bigint *sig_m;         /* signature modulus */
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption);
+bigint *RSA_private(RSA_CTX *c, bigint *bi_msg);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+bigint *RSA_raw_sign_verify(RSA_CTX *c, bigint *bi_msg);
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(RSA_CTX *c, bigint *bi_msg);
+int RSA_encrypt(RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   3
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_TYPE            2
+
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_SEQUENCE           0x30
+#define ASN1_SET                0x31
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_EXPLICIT_TAG       0xa0
+
+#define SALT_SIZE               8
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+#if defined(_WIN32_WCE)
+    long not_before;
+    long not_after;
+#else
+    time_t not_before;
+    time_t not_after;
+#endif
+    uint8_t *signature;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+void x509_display_error(int error);
+#endif
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+typedef struct
+{
+    uint8_t *data;
+    int max_len;
+    int index;
+} BUF_MEM;
+
+BUF_MEM buf_new(void);
+void buf_grow(BUF_MEM *bm, int len);
+void buf_free(BUF_MEM *bm);
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+void print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
new file mode 100644
index 0000000000..b98181f025
--- /dev/null
+++ b/ssl/crypto_misc.c
@@ -0,0 +1,307 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file misc.c
+ *
+ * Some misc. routines to help things out
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "crypto.h"
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#include "wincrypt.h"
+#endif
+
+#ifndef WIN32
+static int rng_fd = -1;
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+static HCRYPTPROV gCryptProv;
+#endif
+
+#if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+static uint64_t rng_num;
+#endif
+
+static int rng_ref_count;
+const char * const unsupported_str = "Error: feature not supported\n";
+
+/**
+ * Allocate a new memory buffer 
+ */
+BUF_MEM buf_new()
+{
+    BUF_MEM bm;
+    bm.data = (uint8_t *)malloc(2048); /* should be enough to start with */
+    bm.max_len = 2048;
+    bm.index = 0;
+    return bm;
+}
+
+/**
+ * Grow a buffer if necessary
+ */
+void buf_grow(BUF_MEM *bm, int len)
+{
+    if (len <= bm->max_len)
+    {
+        return;
+    }
+
+    bm->data = (uint8_t *)realloc(bm->data, len+1024); /* just to be sure */
+    bm->max_len = len+1024;
+}
+
+/**
+ * Free a buffer
+ */
+void buf_free(BUF_MEM *bm)
+{
+    free(bm->data);
+    bm->data = NULL;
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+/** 
+ * Retrieve a file and put it into memory
+ * @return The size of the file, or -1 on failure.
+ */
+int get_file(const char *filename, uint8_t **buf)
+{
+    int total_bytes = 0;
+    int bytes_read = 0; 
+    int filesize;
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+        return -1;
+    }
+    
+    /* Win CE doesn't support stat() */
+    fseek(stream, 0, SEEK_END);
+    filesize = ftell(stream);
+    *buf = (uint8_t *)malloc(filesize);
+    fseek(stream, 0, SEEK_SET);
+
+    do
+    {
+        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
+        total_bytes += bytes_read;
+    } while (total_bytes < filesize && bytes_read > 0);
+    
+    fclose(stream);
+    return filesize;
+}
+#endif
+
+/**
+ * Initialise the Random Number Generator engine.
+ * - On Win32 use the platform SDK's crypto engine.
+ * - On Linux use /dev/urandom
+ * - If none of these work then use a custom RNG.
+ */
+void RNG_initialize(const uint8_t *seed_buf, int size)
+{
+    if (rng_ref_count == 0)
+    {
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+        if ((rng_fd = open("/dev/urandom", O_RDONLY)) < 0)
+        {
+            printf(unsupported_str);
+            exit(1);
+        }
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+        if (!CryptAcquireContext(&gCryptProv, 
+                          NULL, NULL, PROV_RSA_FULL, 0))
+        {
+            printf("%s CryptoLib %x", unsupported_str, GetLastError());
+            exit(1);
+        }
+#else   
+        /* help seed with the user's private key - this is a number that 
+           should be hard to find, due to the fact that it relies on knowing 
+           the private key */
+        int i;  
+
+        for (i = 0; i < size/(int)sizeof(uint64_t); i++)
+        {
+            rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
+        }
+
+        srand((long)seed_buf);  /* use the stack ptr as another rnd seed */
+#endif
+    }
+
+    rng_ref_count++;
+}
+
+/**
+ * Terminate the RNG engine.
+ */
+void RNG_terminate(void)
+{
+    if (--rng_ref_count == 0)
+    {
+#ifndef WIN32
+        close(rng_fd);
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+        CryptReleaseContext(gCryptProv, 0);
+#endif
+    }
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes can be 0
+ */
+void get_random(int num_rand_bytes, uint8_t *rand_data)
+{   
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    /* use the Linux default */
+    read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    /* use Microsoft Crypto Libraries */
+    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#else   /* nothing else to use, so use a custom RNG */
+    /* The method we use when we've got nothing better. Use RC4, time 
+       and a couple of random seeds to generate a random sequence */
+    RC4_CTX rng_ctx;
+    struct timeval tv;
+    uint64_t big_num1, big_num2;
+
+    gettimeofday(&tv, NULL);    /* yes I know we shouldn't do this */
+
+    /* all numbers by themselves are pretty simple, but combined should 
+     * be a challenge */
+    big_num1 = (uint64_t)tv.tv_sec*(tv.tv_usec+1); 
+    big_num2 = (uint64_t)rand()*big_num1;
+    big_num1 ^= rng_num;
+
+    memcpy(rand_data, &big_num1, sizeof(uint64_t));
+    if (num_rand_bytes > sizeof(uint64_t))
+    {
+        memcpy(&rand_data[8], &big_num2, sizeof(uint64_t));
+    }
+
+    if (num_rand_bytes > 16)
+    {
+        /* clear rest of data */
+        memset(&rand_data[16], 0, num_rand_bytes-16); 
+    }
+
+    RC4_setup(&rng_ctx, rand_data, 16); /* use as a key */
+    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+    
+    /* use last 8 bytes for next time */
+    memcpy(&rng_num, &rand_data[num_rand_bytes-8], sizeof(uint64_t));    
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes are not zero.
+ */
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+{
+    int i;
+    get_random(num_rand_bytes, rand_data);
+
+    for (i = 0; i < num_rand_bytes; i++)
+    {
+        while (rand_data[i] == 0)  /* can't be 0 */
+        {
+            rand_data[i] = (uint8_t)(rand());
+        }
+    }
+}
+
+/**
+ * Some useful diagnostic routines
+ */
+#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
+int hex_finish;
+int hex_index;
+
+static void print_hex_init(int finish)
+{
+    hex_finish = finish;
+    hex_index = 0;
+}
+
+static void print_hex(uint8_t hex)
+{
+    static int column;
+
+    if (hex_index == 0)
+    {
+        column = 0;
+    }
+
+    printf("%02x ", hex);
+    if (++column == 8)
+    {
+        printf(": ");
+    }
+    else if (column >= 16)
+    {
+        printf("\n");
+        column = 0;
+    }
+
+    if (++hex_index >= hex_finish && column > 0)
+    {
+        printf("\n");
+    }
+}
+
+/**
+ * Spit out a blob of data for diagnostics. The data is is a nice column format
+ * for easy reading.
+ *
+ * @param format   [in]    The string (with possible embedded format characters)
+ * @param size     [in]    The number of numbers to print
+ * @param data     [in]    The start of data to use
+ * @param ...      [in]    Any additional arguments
+ */
+void print_blob(const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    int i;
+    char tmp[80];
+    va_list(ap);
+
+    va_start(ap, size);
+    sprintf(tmp, "%s\n", format);
+    vprintf(tmp, ap);
+    print_hex_init(size);
+    for (i = 0; i < size; i++)
+    {
+        print_hex(data[i]);
+    }
+
+    va_end(ap);
+    TTY_FLUSH();
+}
+#elif defined(WIN32)
+/* VC6.0 doesn't handle variadic macros */
+void print_blob(const char *format, const unsigned char *data,
+        int size, ...) {}
+#endif
+
diff --git a/ssl/hmac.c b/ssl/hmac.c
new file mode 100644
index 0000000000..289892a48f
--- /dev/null
+++ b/ssl/hmac.c
@@ -0,0 +1,90 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file hmac.c
+ *
+ * HMAC implementation - This code was originally taken from RFC2104
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/**
+ * Perform HMAC-MD5
+ */
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    MD5_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5Init(&context);
+    MD5Update(&context, k_ipad, 64);
+    MD5Update(&context, msg, length);
+    MD5Final(&context, digest);
+    MD5Init(&context);
+    MD5Update(&context, k_opad, 64);
+    MD5Update(&context, digest, MD5_SIZE);
+    MD5Final(&context, digest);
+}
+
+/**
+ * Perform HMAC-SHA1
+ */
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA1_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA1Init(&context);
+    SHA1Update(&context, k_ipad, 64);
+    SHA1Update(&context, msg, length);
+    SHA1Final(&context, digest);
+    SHA1Init(&context);
+    SHA1Update(&context, k_opad, 64);
+    SHA1Update(&context, digest, SHA1_SIZE);
+    SHA1Final(&context, digest);
+}
diff --git a/ssl/loader.c b/ssl/loader.c
new file mode 100644
index 0000000000..5f43d4982c
--- /dev/null
+++ b/ssl/loader.c
@@ -0,0 +1,450 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Load certificates/keys into memory. These can be in many different formats.
+ * PEM support and other formats can be processed here.
+ *
+ * The PEM private keys may be optionally encrypted with AES128 or AES256. 
+ * The encrypted PEM keys were generated with something like:
+ *
+ * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+static int do_obj(SSLCTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_HAS_PEM
+static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password);
+#endif
+
+/*
+ * Load a file into memory that is in binary DER (or ascii PEM) format.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, 
+                            const char *filename, const char *password)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    static const char * const begin = "-----BEGIN";
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+
+    if (filename == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->len = get_file(filename, &ssl_obj->buf);
+
+    if (ssl_obj->len <= 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    /* is the file a PEM file? */
+    if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0)
+    {
+#ifdef CONFIG_SSL_HAS_PEM
+        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
+#else
+        printf(unsupported_str);
+        ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    else
+    {
+        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
+    }
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+#else
+    printf(unsupported_str);
+    return SSL_ERROR_NOT_SUPPORTED;
+#endif /* CONFIG_SSL_SKELETON_MODE */
+}
+
+/*
+ * Transfer binary data into the object loader.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type, 
+        const uint8_t *data, int len, const char *password)
+{
+    int ret;
+
+    SSLObjLoader *ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_obj->buf, data, len);
+    ssl_obj->len = len;
+    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Actually work out what we are doing 
+ */
+static int do_obj(SSLCTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password)
+{
+    int ret = SSL_OK;
+
+    switch (obj_type)
+    {
+        case SSL_OBJ_RSA_KEY:
+            ret = add_private_key(ssl_ctx, ssl_obj);
+            break;
+
+        case SSL_OBJ_X509_CERT:
+            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_OBJ_X509_CACERT:
+            ret = add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+#endif
+
+#ifdef CONFIG_SSL_USE_PKCS12
+        case SSL_OBJ_PKCS8:
+            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
+            break;
+
+        case SSL_OBJ_PKCS12:
+            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
+            break;
+#endif
+        default:
+            printf(unsupported_str);
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Release things.
+ */
+void ssl_obj_free(SSLObjLoader *ssl_obj)
+{
+    free(ssl_obj->buf);
+    free(ssl_obj);
+}
+
+/**
+ * Support for PEM encoded keys/certificates.
+ */
+#ifdef CONFIG_SSL_HAS_PEM
+
+#define NUM_PEM_TYPES               3
+#define IV_SIZE                     16
+#define IS_RSA_PRIVATE_KEY          0
+#define IS_ENCRYPTED_PRIVATE_KEY    1
+#define IS_CERTIFICATE              2
+
+/* base64 to binary lookup table */
+static const uint8_t map[128] = 
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+static const char * const begins[NUM_PEM_TYPES] =
+{
+    "-----BEGIN RSA PRIVATE KEY-----",
+    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN CERTIFICATE-----",
+};
+
+static const char * const ends[NUM_PEM_TYPES] =
+{
+    "-----END RSA PRIVATE KEY-----",
+    "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END CERTIFICATE-----",
+};
+
+static const char * const aes_str[2] =
+{
+    "DEK-Info: AES-128-CBC,",
+    "DEK-Info: AES-256-CBC," 
+};
+
+static int base64_decode(const uint8_t *in,  int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++) 
+    {
+        if ((c = map[in[x]&0x7F]) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0) 
+                goto error;
+        } 
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4) 
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1) 
+            {
+                out[z++] = (uint8_t)((t>>8)&255);
+            }
+
+            if (g > 2) 
+            {
+                out[z++] = (uint8_t)(t&255);
+            }
+
+            y = t = 0;
+        }
+    }
+
+    if (y != 0) 
+        goto error;
+
+    *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+    {
+        printf("Error: Invalid base64 file\n");
+    }
+#endif
+    return ret;
+}
+
+/**
+ * Take a base64 blob of data and decrypt it (using AES) into its 
+ * proper ASN.1 form.
+ */
+static int pem_decrypt(const uint8_t *where, const uint8_t *end,
+                        const char *password, SSLObjLoader *ssl_obj)
+{
+    int ret = -1;
+    int is_aes_256 = 0;
+    uint8_t *start = NULL;
+    uint8_t iv[IV_SIZE];
+    int i, pem_size;
+    MD5_CTX md5_ctx;
+    AES_CTX aes_ctx;
+    uint8_t key[32];        /* AES256 size */
+
+    if (password == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: need a password for this PEM file\n");
+#endif
+        goto error;
+    }
+
+    if ((start = (uint8_t *)strstr(
+                    (const char *)where, aes_str[0])))          /* AES128? */
+    {
+        start += strlen(aes_str[0]);
+    }
+    else if ((start = (uint8_t *)strstr(
+                    (const char *)where, aes_str[1])))          /* AES256? */
+    {
+        is_aes_256 = 1;
+        start += strlen(aes_str[1]);
+    }
+    else 
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Unsupported password cipher\n");
+#endif
+        goto error;
+    }
+
+    /* convert from hex to binary - assumes uppercase hex */
+    for (i = 0; i < IV_SIZE; i++)
+    {
+        uint8_t c = *start++ - '0';
+        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
+        c = *start++ - '0';
+        iv[i] +=(c > 9 ? c + '0' - 'A' + 10 : c);
+    }
+
+    while (*start == '\r' || *start == '\n')
+        start++;
+
+    /* turn base64 into binary */
+    pem_size = (int)(end-start);
+    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
+        goto error;
+
+    /* work out the key */
+    MD5Init(&md5_ctx);
+    MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5Update(&md5_ctx, iv, SALT_SIZE);
+    MD5Final(&md5_ctx, key);
+
+    if (is_aes_256)
+    {
+        MD5Init(&md5_ctx);
+        MD5Update(&md5_ctx, key, MD5_SIZE);
+        MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5Update(&md5_ctx, iv, SALT_SIZE);
+        MD5Final(&md5_ctx, &key[MD5_SIZE]);
+    }
+
+    /* decrypt using the key/iv */
+    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
+    AES_convert_key(&aes_ctx);
+    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
+    ret = 0;
+
+error:
+    return ret; 
+}
+
+/**
+ * Take a base64 blob of data and turn it into its proper ASN.1 form.
+ */
+static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where, 
+        int remain, const char *password)
+{
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+    int i, pem_size, obj_type;
+    uint8_t *start = NULL, *end = NULL;
+
+    for (i = 0; i < NUM_PEM_TYPES; i++)
+    {
+        if ((start = (uint8_t *)strstr((const char *)where, begins[i])) &&
+                (end = (uint8_t *)strstr((const char *)where, ends[i])))
+        {
+            remain -= (int)(end-start);
+            start += strlen(begins[i]);
+            pem_size = (int)(end-start);
+            ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+            /* 4/3 bigger than what we need but so what */
+            ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+
+            if (i == IS_RSA_PRIVATE_KEY && 
+                        strstr((const char *)start, "Proc-Type:") && 
+                        strstr((const char *)start, "4,ENCRYPTED"))
+            {
+                /* check for encrypted PEM file */
+                if ((pem_size = pem_decrypt(start, end, password, ssl_obj)) < 0)
+                    goto error;
+            }
+            else if (base64_decode(start, pem_size, 
+                        ssl_obj->buf, &ssl_obj->len) != 0)
+                goto error;
+
+            switch (i)
+            {
+                case IS_RSA_PRIVATE_KEY:
+                    obj_type = SSL_OBJ_RSA_KEY;
+                    break;
+
+                case IS_ENCRYPTED_PRIVATE_KEY:
+                    obj_type = SSL_OBJ_PKCS8;
+                    break;
+
+                case IS_CERTIFICATE:
+                    obj_type = is_cacert ?  
+                                    SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                    break;
+            }
+
+            /* In a format we can now understand - so process it */
+            if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
+            {
+                ssl_obj_free(ssl_obj);
+                goto error;
+            }
+
+            end += strlen(ends[i]);
+            remain -= strlen(ends[i]);
+            while (remain > 0 && (*end == '\r' || *end == '\n'))
+            {
+                end++;
+                remain--;
+            }
+
+            ssl_obj_free(ssl_obj);
+            break;
+        }
+    }
+
+    if (i == NUM_PEM_TYPES)
+        goto error;
+
+    /* more PEM stuff to process? */
+    if (remain)
+        ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
+
+error:
+    return ret;
+}
+
+/*
+ * Load a file into memory that is in ASCII PEM format.
+ */
+static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *start;
+
+    /* add a null terminator */
+    ssl_obj->len++;
+    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
+    ssl_obj->buf[ssl_obj->len-1] = 0;
+    start = ssl_obj->buf;
+    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
+                                start, ssl_obj->len, password);
+}
+#endif /* CONFIG_SSL_HAS_PEM */
diff --git a/ssl/md5.c b/ssl/md5.c
new file mode 100644
index 0000000000..95adab8648
--- /dev/null
+++ b/ssl/md5.c
@@ -0,0 +1,288 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file md5.c
+ *
+ * This file implements the MD5 algorithm as defined in RFC1321
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+/* ----- static functions ----- */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
+
+static uint8_t PADDING[64] = {
+  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.
+ */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.
+ */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/**
+ * MD5 initialization - begins an MD5 operation, writing a new ctx.
+ */
+void MD5Init(MD5_CTX *ctx)
+{
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Load magic initialization constants.
+     */
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xefcdab89;
+    ctx->state[2] = 0x98badcfe;
+    ctx->state[3] = 0x10325476;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t x;
+    int i, partLen;
+
+    /* Compute number of bytes mod 64 */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
+
+    /* Update number of bits */
+    if ((ctx->count[0] += ((uint32_t)len << 3))
+            < ((uint32_t)len << 3))
+        ctx->count[1]++;
+    ctx->count[1] += ((uint32_t)len >> 29);
+
+    partLen = 64 - x;
+
+    /* Transform as many times as possible.  */
+    if (len >= partLen) 
+    {
+        memcpy(&ctx->buffer[x], msg, partLen);
+        MD5Transform(ctx->state, ctx->buffer);
+
+        for (i = partLen; i + 63 < len; i += 64)
+            MD5Transform(ctx->state, &msg[i]);
+
+        x = 0;
+    }
+    else
+        i = 0;
+
+    /* Buffer remaining input */
+    memcpy(&ctx->buffer[x], &msg[i], len-i);
+}
+
+/**
+ * Return the 128-bit message digest into the user's array
+ */
+void MD5Final(MD5_CTX *ctx, uint8_t *digest)
+{
+  uint8_t bits[8];
+  uint32_t x, padLen;
+
+  /* Save number of bits */
+  Encode(bits, ctx->count, 8);
+
+  /* Pad out to 56 mod 64.
+   */
+  x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+  padLen = (x < 56) ? (56 - x) : (120 - x);
+  MD5Update(ctx, PADDING, padLen);
+  
+  /* Append length (before padding) */
+  MD5Update(ctx, bits, 8);
+
+  /* Store state in digest */
+  Encode(digest, ctx->state, MD5_SIZE);
+}
+
+/**
+ * MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+{
+  uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[MD5_SIZE];
+  
+  Decode(x, block, 64);
+
+  /* Round 1 */
+  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+  /* Round 2 */
+  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+  /* Round 3 */
+  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+  /* Round 4 */
+  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+  
+  /* Zeroize sensitive information.
+   */
+  memset(x, 0, sizeof(x));
+}
+
+/**
+ * Encodes input (uint32_t) into output (uint8_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
+{
+  uint32_t i, j;
+
+  for (i = 0, j = 0; j < len; i++, j += 4) 
+  {
+      output[j] = (uint8_t)(input[i] & 0xff);
+      output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+      output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+      output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+  }
+}
+
+/**
+ *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
+{
+  uint32_t i, j;
+
+  for (i = 0, j = 0; j < len; i++, j += 4)
+      output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+          (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+}
diff --git a/ssl/os_port.c b/ssl/os_port.c
new file mode 100644
index 0000000000..b278c4a291
--- /dev/null
+++ b/ssl/os_port.c
@@ -0,0 +1,61 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file os_port.c
+ *
+ * OS specific functions.
+ */
+#ifdef WIN32
+
+#include <time.h>
+#include "os_port.h"
+
+/**
+ * gettimeofday() not in Win32 
+ */
+EXP_FUNC void gettimeofday(struct timeval* t, void* timezone)
+{       
+#if defined(_WIN32_WCE)
+    t->tv_sec = time(NULL);
+    t->tv_usec = 0;                         /* 1sec precision only */ 
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    t->tv_sec = (long)timebuffer.time;
+    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
+#endif
+}
+
+/**
+ * strcasecmp() not in Win32
+ */
+EXP_FUNC int strcasecmp(const char *s1, const char *s2)
+{
+    while (tolower(*s1) == tolower(*s2++))
+    {
+        if (*s1++ == '\0')
+        {
+            return 0;
+        }
+    }
+
+    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
+}
+
+#endif
diff --git a/ssl/os_port.h b/ssl/os_port.h
new file mode 100644
index 0000000000..73f4d9be28
--- /dev/null
+++ b/ssl/os_port.h
@@ -0,0 +1,145 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file os_port.h
+ *
+ * Some stuff to minimise the differences between windows and linux/unix
+ */
+
+#ifndef HEADER_OS_PORT_H
+#define HEADER_OS_PORT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(WIN32) || defined(CYGWIN)
+#define STDCALL                 __stdcall
+#define EXP_FUNC                __declspec(dllexport)
+#else
+#define STDCALL
+#define EXP_FUNC
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WIN32
+#define WIN32
+#endif
+
+#ifdef WIN32
+
+/* Windows CE stuff */
+#if defined(_WIN32_WCE)
+#include <basetsd.h>
+#define abort()                 exit(1)
+#else
+#include <io.h>
+#include <process.h>
+#include <sys/timeb.h>
+#include <fcntl.h>
+#endif      /* _WIN32_WCE */
+
+#include <winsock.h>
+#undef getpid
+#undef open
+#undef close
+#undef sleep
+#undef gettimeofday
+#undef dup2
+#undef unlink
+
+#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
+#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
+#define SOCKET_CLOSE(A)         closesocket(A)
+#define srandom(A)              srand(A)
+#define random()                rand()
+#define getpid()                _getpid()
+#define snprintf                _snprintf
+#define open(A,B)               _open(A,B)
+#define dup2(A,B)               _dup2(A,B)
+#define unlink(A)               _unlink(A)
+#define close(A)                _close(A)
+#define read(A,B,C)             _read(A,B,C)
+#define write(A,B,C)            _write(A,B,C)
+#define sleep(A)                Sleep(A*1000)
+#define usleep(A)               Sleep(A/1000)
+#define lseek(A,B,C)            _lseek(A,B,C)
+#define strdup(A)               _strdup(A)
+
+/* This fix gets around a problem where a win32 application on a cygwin xterm
+   doesn't display regular output (until a certain buffer limit) - but it works
+   fine under a normal DOS window. This is a hack to get around the issue - 
+   see http://www.khngai.com/emacs/tty.php  */
+#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
+
+/*
+ * automatically build some library dependencies.
+ */
+#pragma comment(lib, "WS2_32.lib")
+
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#pragma comment(lib, "AdvAPI32.lib")
+#endif
+
+#define uint8_t unsigned char
+#define uint16_t unsigned short
+#ifndef INT16
+typedef signed short INT16;
+#endif
+
+#define int16_t INT16
+#define uint32_t UINT32
+#define uint64_t UINT64
+#define int64_t INT64
+
+extern EXP_FUNC void gettimeofday(struct timeval* t,void* timezone);
+extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
+
+#else   /* Not Win32 */
+
+#ifdef SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#include <unistd.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#define SOCKET_READ(A,B,C)      read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     write(A,B,C)
+#define SOCKET_CLOSE(A)         close(A)
+#define TTY_FLUSH()
+
+#endif  /* Not Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/p12.c b/ssl/p12.c
new file mode 100644
index 0000000000..ec84b8b14d
--- /dev/null
+++ b/ssl/p12.c
@@ -0,0 +1,431 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Process PKCS#8/PKCS#12 keys.
+ *
+ * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
+ * key generated with:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
+ * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
+ *
+ * or with a certificate chain:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
+ * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
+ *
+ * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
+ * private/public keys/certs have to use RSA encryption. Both the integrity
+ * and privacy passwords are the same.
+ *
+ * The PKCS#8 files were generated with something like:
+ *
+ * PEM format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
+ * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+ *
+ * DER format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
+ * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+/* all commented out if not used */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+#define BLOCK_SIZE          64
+
+static int p8_decrypt(const char *password, const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len);
+static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key);
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations);
+
+/*
+ * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
+ */
+int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, offset = 0;
+    int iterations;
+    int ret = SSL_NOT_OK;
+    uint8_t *version = NULL;
+    const uint8_t *salt;
+    uint8_t *priv_key;
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p8 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    /* unencrypted key? */
+    if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
+    {
+        ret = p8_add_key(ssl_ctx, buf);
+        goto error;
+    }
+
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
+        goto error;
+
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    priv_key = &buf[offset];
+
+    p8_decrypt(password, salt, iterations, priv_key, len);
+    ret = p8_add_key(ssl_ctx, priv_key);
+
+error:
+    free(version);
+    return ret;
+}
+
+/*
+ * Take the unencrypted pkcs8 and turn it into a private key 
+ */
+static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key)
+{
+    uint8_t *buf = priv_key;
+    int len, offset = 0;
+    int ret = SSL_NOT_OK;
+
+    /* Skip the preamble and go straight to the private key.
+       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
+
+error:
+    return ret;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *password, const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    uint8_t *uni_pass = NULL;
+    int i;
+    int uni_pass_len = 0;
+    int id = 1;         /* key id */
+
+    if (password == NULL)
+    {
+        password = "";
+    }
+
+    uni_pass = (uint8_t *)malloc((strlen(password)+1)*2);
+
+    /* modify the password into a unicode version */
+    for (i = 0; i < (int)strlen(password); i++)
+    {
+        uni_pass[uni_pass_len++] = 0;
+        uni_pass[uni_pass_len++] = password[i];
+    }
+
+    uni_pass[uni_pass_len++] = 0;       /* null terminate */
+    uni_pass[uni_pass_len++] = 0;
+
+    for (i = 0; i < BLOCK_SIZE; i++)
+    {
+        p[i] = salt[i % SALT_SIZE];
+        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
+        d[i] = id;
+    }
+
+    /* get the key - no IV since we are using RC4 */
+    SHA1Init(&sha_ctx);
+    SHA1Update(&sha_ctx, d, sizeof(d));
+    SHA1Update(&sha_ctx, p, sizeof(p));
+    SHA1Final(&sha_ctx, Ai);
+
+    for (i = 1; i < iter; i++)
+    {
+        SHA1Init(&sha_ctx);
+        SHA1Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1Final(&sha_ctx, Ai);
+    }
+
+    /* do the decryption */
+    RC4_setup(&rc4_ctx, Ai, 16);
+    RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    free(uni_pass);
+    return 0;
+}
+
+/*
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificates
+ * and keys.
+ */
+int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int all_ok = 0, len, iterations, key_offset, offset = 0;
+    int all_certs = 0;
+    uint8_t *version = NULL, *cert, *mac;
+    SHA1_CTX sha_ctx;
+    char sha[SHA1_SIZE];
+    const uint8_t *salt;
+    int ret;
+    static const uint8_t pkcs_data[] = /* pkc7 data */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
+    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
+    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p12 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
+        goto error;
+
+    /* work out the MAC of this bit */
+    key_offset = offset;
+    asn1_skip_obj(buf, &key_offset, ASN1_SEQUENCE);
+    SHA1Init(&sha_ctx);
+    SHA1Update(&sha_ctx, &buf[offset], key_offset-offset);
+    SHA1Final(&sha_ctx, sha);
+
+    /* remove all the boring pcks7 bits */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
+                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+                len != sizeof(pkcs_data) || 
+                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs_encrypted) || 
+            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the certificate */
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
+        goto error;
+
+    /* decrypt the certificate */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the certificate */
+    key_offset = 0;
+    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
+
+    /* keep going until all certs are loaded */
+    while (key_offset < all_certs)
+    {
+        int cert_offset = key_offset;
+
+        asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE);
+
+        if (asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
+            goto error;
+
+        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
+            goto error;
+
+        key_offset = cert_offset;
+    }
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs8_key_bag)) || 
+            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the private key */
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    /* decrypt the private key */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the private key */
+    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
+        goto error;
+
+    /* miss out on friendly name, local key id etc */
+    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
+        goto error;
+
+    /* work out the MAC */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != SHA1_SIZE)
+        goto error;
+
+    mac = &buf[offset];
+    offset += len;
+
+    /* get the salt */
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != 8)
+        goto error;
+    salt = &buf[offset];
+
+    /* work out what the mac should be */
+    if ((ret = p8_decrypt(password, salt, iterations, mac, SHA1_SIZE)) < 0)
+        goto error;
+
+    /* TODO: actually memcmp the MAC - there is something wrong at the moment */
+    /* print_blob("MAC orig", sha, SHA1_SIZE); */
+    /* print_blob("MAC calc", mac, SHA1_SIZE); */
+
+    all_ok = 1;
+
+error:
+    free(version);
+    return all_ok ? SSL_OK : SSL_ERROR_NOT_SUPPORTED;
+}
+
+/*
+ * Retrieve the salt/iteration details from a PBE block.
+ */
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations)
+{
+    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
+            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
+
+    int i, len, ret = SSL_NOT_OK;
+    uint8_t *iter = NULL;
+
+    /* Get the PBE type */
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto error;
+
+    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
+       which is the only agorithm we support */
+    if (len != sizeof(pbeSH1RC4) || 
+                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
+#endif
+        ret = SSL_ERROR_NOT_SUPPORTED;
+        goto error;
+    }
+
+    *offset += len;
+
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
+            len != 8)
+        goto error;
+
+    *salt = &buf[*offset];
+    *offset += len;
+
+    if ((len = asn1_get_int(buf, offset, &iter)) < 0)
+        goto error;
+
+    *iterations = 0;
+    for (i = 0; i < len; i++)
+    {
+        (*iterations) <<= 8;
+        (*iterations) += iter[i];
+    }
+
+    free(iter);
+    ret = SSL_OK;       /* got here - we are ok */
+
+error:
+    return ret;
+}
+
+#endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..180d5722db
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,30 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x01, 0x3d, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xd1, 0x3b,
+  0x30, 0x5f, 0xa9, 0x01, 0x42, 0x3d, 0x86, 0x6d, 0x72, 0xbe, 0x40, 0x6e,
+  0x51, 0xc1, 0x49, 0x7f, 0x57, 0x75, 0xa1, 0x2d, 0x36, 0xe5, 0xc1, 0x3d,
+  0x0f, 0x20, 0x1a, 0xd1, 0x23, 0x6d, 0xfa, 0x74, 0xd2, 0x3e, 0x23, 0xb0,
+  0x70, 0xfc, 0xa0, 0x6a, 0xde, 0xec, 0x41, 0x88, 0x84, 0xfe, 0x54, 0x15,
+  0x6b, 0x61, 0xc5, 0x16, 0x62, 0xb8, 0x93, 0x41, 0xf1, 0x4f, 0x3d, 0xff,
+  0x2e, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 0x91, 0x79,
+  0xc4, 0xed, 0x8e, 0x35, 0xa8, 0xd7, 0xdc, 0x62, 0xb6, 0xf8, 0x1f, 0x16,
+  0x55, 0x53, 0xbe, 0x05, 0x83, 0x4a, 0xef, 0x50, 0xdf, 0xad, 0xa9, 0xc9,
+  0x09, 0x7e, 0x3a, 0x07, 0x15, 0xc8, 0xfd, 0x16, 0xbb, 0xc0, 0xe4, 0x98,
+  0xd1, 0x45, 0x99, 0x60, 0x75, 0x6c, 0x64, 0x65, 0x89, 0xc7, 0x1e, 0x35,
+  0xa2, 0xcd, 0x14, 0x05, 0x38, 0x39, 0x15, 0x1a, 0xb8, 0x0f, 0x05, 0x96,
+  0x01, 0x01, 0x02, 0x21, 0x00, 0xe8, 0xeb, 0xd7, 0xa8, 0xdf, 0xd8, 0x90,
+  0xaa, 0x3c, 0x21, 0xa4, 0x04, 0x31, 0x6a, 0xd3, 0x21, 0xd8, 0x25, 0x98,
+  0x4f, 0xb8, 0x28, 0x93, 0x2b, 0xb9, 0xe9, 0x5f, 0xb9, 0xa3, 0x65, 0x77,
+  0x7d, 0x02, 0x21, 0x00, 0xe5, 0xf6, 0x6f, 0xeb, 0x50, 0xc4, 0x3b, 0x01,
+  0xc3, 0x42, 0x7d, 0x50, 0x33, 0x7a, 0x09, 0xdc, 0x08, 0xe5, 0x76, 0xf3,
+  0xbd, 0xea, 0x0f, 0xe5, 0xf1, 0xd3, 0x3d, 0x2f, 0x63, 0xe2, 0xb8, 0x41,
+  0x02, 0x21, 0x00, 0xdd, 0xcf, 0xb2, 0xe9, 0x9c, 0x7a, 0x75, 0x91, 0xd8,
+  0x7f, 0xc4, 0xdd, 0x45, 0x5e, 0x50, 0xc0, 0x3b, 0x41, 0xda, 0x21, 0x98,
+  0xe3, 0xf2, 0xfb, 0x42, 0x29, 0xaf, 0xc2, 0x6e, 0x8b, 0x73, 0x55, 0x02,
+  0x21, 0x00, 0xc3, 0x5d, 0x6a, 0xd5, 0xb2, 0x87, 0x13, 0x4e, 0x3b, 0x11,
+  0x78, 0x9e, 0xb3, 0x2c, 0xe1, 0xc5, 0x72, 0x35, 0x67, 0xaa, 0x49, 0x54,
+  0xd9, 0x6e, 0xd3, 0xd4, 0x4f, 0x2d, 0xbc, 0xa1, 0x37, 0x41, 0x02, 0x21,
+  0x00, 0xc4, 0x69, 0x08, 0x53, 0x3b, 0x32, 0xb4, 0xb6, 0x6b, 0x1b, 0x9c,
+  0xf3, 0xf1, 0xf3, 0x1a, 0x4a, 0x96, 0xff, 0x70, 0x25, 0x20, 0x1a, 0x9d,
+  0x65, 0xb8, 0xa5, 0x8f, 0x9c, 0xc7, 0x77, 0x64, 0x74
+};
+unsigned int default_private_key_len = 321;
diff --git a/ssl/rc4.c b/ssl/rc4.c
new file mode 100644
index 0000000000..a9ce82ccbb
--- /dev/null
+++ b/ssl/rc4.c
@@ -0,0 +1,83 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file rc4.c
+ *
+ * An implementation of the RC4/ARC4 algorithm
+ *
+ * Originally written by Christophe Devine
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/**
+ * Get ready for an encrypt/decrypt operation
+ */
+void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
+{
+    int i, j = 0, k = 0, *m, a;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for (i = 0; i < 256; i++)
+    {
+        m[i] = i;
+    }
+
+    for (i = 0; i < 256; i++)
+    {
+        a = m[i];
+        j = (uint8_t)(j + a + key[k]);
+        m[i] = m[j]; m[j] = a;
+
+        if (++k >= length) 
+        {
+            k = 0;
+        }
+    }
+}
+
+/**
+ * Perform the encrypt/decrypt operation (can use it for either since
+ * this is a stream cipher).
+ */
+void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{ 
+    int i, x, y, *m, a, b;
+    out = (uint8_t *)msg; 
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for (i = 0; i < length; i++)
+    {
+        x =(uint8_t)(x + 1); a = m[x];
+        y =(uint8_t)(y + a);
+        m[x] = b = m[y];
+        m[y] = a;
+        out[i] ^= m[(uint8_t)(a + b)];
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+}
diff --git a/ssl/rsa.c b/ssl/rsa.c
new file mode 100644
index 0000000000..c6fe654cbf
--- /dev/null
+++ b/ssl/rsa.c
@@ -0,0 +1,337 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file rsa.c
+ *
+ * Implements the RSA public encryption algorithm. Uses the bigint library to
+ * perform its calculations.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <stdlib.h>
+#include "crypto.h"
+
+#ifdef CONFIG_BIGINT_CRT
+static bigint *bi_crt(RSA_CTX *rsa, bigint *bi);
+#endif
+
+void RSA_priv_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#if CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+    )
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
+    rsa_ctx = *ctx;
+    bi_ctx = rsa_ctx->bi_ctx;
+    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
+    bi_permanent(rsa_ctx->d);
+
+#ifdef CONFIG_BIGINT_CRT
+    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
+    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
+    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
+    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
+    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
+    bi_permanent(rsa_ctx->dP);
+    bi_permanent(rsa_ctx->dQ);
+    bi_permanent(rsa_ctx->qInv);
+    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
+    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
+#endif
+}
+
+/**
+ */
+void RSA_pub_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len)
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx = bi_initialize();
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));   /* reset to all 0 */
+    rsa_ctx = *ctx;
+    rsa_ctx->bi_ctx = bi_ctx;
+    rsa_ctx->num_octets = (mod_len & 0xFFF0);
+    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
+    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
+    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
+    bi_permanent(rsa_ctx->e);
+}
+
+/**
+ * Free up any RSA context resources.
+ */
+void RSA_free(RSA_CTX *rsa_ctx)
+{
+    BI_CTX *bi_ctx;
+    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
+        return;
+
+    bi_ctx = rsa_ctx->bi_ctx;
+
+    bi_depermanent(rsa_ctx->e);
+    bi_free(bi_ctx, rsa_ctx->e);
+    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
+
+    if (rsa_ctx->d)
+    {
+        bi_depermanent(rsa_ctx->d);
+        bi_free(bi_ctx, rsa_ctx->d);
+#ifdef CONFIG_BIGINT_CRT
+        bi_depermanent(rsa_ctx->dP);
+        bi_depermanent(rsa_ctx->dQ);
+        bi_depermanent(rsa_ctx->qInv);
+        bi_free(bi_ctx, rsa_ctx->dP);
+        bi_free(bi_ctx, rsa_ctx->dQ);
+        bi_free(bi_ctx, rsa_ctx->qInv);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
+#endif
+    }
+
+    bi_terminate(bi_ctx);
+    free(rsa_ctx);
+}
+
+/**
+ * @fn int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data)
+ * @brief Use PKCS1.5 for decryption/verification.
+ * @param ctx [in] The context
+ * @param in_data [in] The data to encrypt (must be < modulus size-11)
+ * @param out_data [out] The encrypted data.
+ * @param is_decryption [in] Decryption or verify operation.
+ * @return  The number of bytes that were originally encrypted. -1 on error.
+ * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption)
+{
+    int byte_size = ctx->num_octets;
+    uint8_t *block;
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+
+    memset(out_data, 0, byte_size); /* initialise */
+
+    /* decrypt */
+    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    decrypted_bi = is_decryption ?  /* decrypt or verify? */
+        RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+#else   /* always a decryption */
+    decrypted_bi = RSA_private(ctx, dat_bi);
+#endif
+
+    /* convert to a normal block */
+    block = (uint8_t *)malloc(byte_size);
+    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
+
+    i = 10; /* start at the first possible non-padded byte */
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
+    {
+        while (block[i++] == 0xff && i < byte_size);
+        if (block[i-2] != 0xff)
+        {
+            i = byte_size;     /*ensure size is 0 */   
+        }
+    }
+    else                    /* PKCS1.5 encryption padding is random */
+#endif
+    {
+        while (block[i++] && i < byte_size);
+    }
+    size = byte_size - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        memcpy(out_data, &block[i], size);
+    }
+    
+    free(block);
+    return size ? size : -1;
+}
+
+/**
+ * @fn bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
+ * Performs m = c^d mod n
+ */
+bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
+{
+#ifdef CONFIG_BIGINT_CRT
+    return bi_crt(c, bi_msg);
+#else
+    BI_CTX *ctx = c->bi_ctx;
+    ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(ctx, bi_msg, c->d);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ * This should really be in bigint.c (and was at one stage), but needs 
+ * access to the RSA_CTX context...
+ */
+static bigint *bi_crt(RSA_CTX *rsa, bigint *bi)
+{
+    BI_CTX *ctx = rsa->bi_ctx;
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, rsa->dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, rsa->qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
+}
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Used for diagnostics.
+ */
+void RSA_print(const RSA_CTX *rsa_ctx) 
+{
+    if (rsa_ctx == NULL)
+        return;
+
+    printf("-----------------   RSA DEBUG   ----------------\n");
+    printf("Size:\t%d\n", rsa_ctx->num_octets);
+    bi_print("Modulus", rsa_ctx->m);
+    bi_print("Public Key", rsa_ctx->e);
+    bi_print("Private Key", rsa_ctx->d);
+}
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Performs c = m^e mod n
+ */
+bigint *RSA_public(RSA_CTX *c, bigint *bi_msg)
+{
+    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
+}
+
+/**
+ * Use PKCS1.5 for encryption/signing.
+ * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_encrypt(RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing)
+{
+    int byte_size = ctx->num_octets;
+    int num_pads_needed = byte_size-in_len-3;
+    bigint *dat_bi, *encrypt_bi;
+
+    /* note: in_len+11 must be > byte_size */
+    out_data[0] = 0;     /* ensure encryption block is < modulus */
+
+    if (is_signing)
+    {
+        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
+        memset(&out_data[2], 0xff, num_pads_needed);
+    }
+    else /* randomize the encryption padding with non-zero bytes */   
+    {
+        out_data[1] = 2;
+        get_random_NZ(num_pads_needed, &out_data[2]);
+    }
+
+    out_data[2+num_pads_needed] = 0;
+    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
+
+    /* now encrypt it */
+    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
+    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
+        RSA_public(ctx, dat_bi);
+    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+    return byte_size;
+}
+
+/**
+ * Take a signature and decrypt it.
+ */
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    uint8_t *block = (uint8_t *)malloc(sig_len);
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+
+    free(block);
+    return bir;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/sha1.c b/ssl/sha1.c
new file mode 100644
index 0000000000..e1d259c6eb
--- /dev/null
+++ b/ssl/sha1.c
@@ -0,0 +1,244 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file sha1.c
+ * 
+ * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
+ * This code was originally taken from RFC3174
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/*
+ *  Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* ----- static functions ----- */
+static void SHA1PadMessage(SHA1_CTX *ctx);
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
+
+/**
+ * Initialize the SHA1 context 
+ */
+void SHA1Init(SHA1_CTX *ctx)
+{
+    ctx->Length_Low             = 0;
+    ctx->Length_High            = 0;
+    ctx->Message_Block_Index    = 0;
+    ctx->Intermediate_Hash[0]   = 0x67452301;
+    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
+    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
+    ctx->Intermediate_Hash[3]   = 0x10325476;
+    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+{
+    while (len--)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
+
+        ctx->Length_Low += 8;
+        if (ctx->Length_Low == 0)
+        {
+            ctx->Length_High++;
+        }
+
+        if (ctx->Message_Block_Index == 64)
+        {
+            SHA1ProcessMessageBlock(ctx);
+        }
+
+        msg++;
+    }
+}
+
+/**
+ * Return the 160-bit message digest into the user's array
+ */
+void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
+{
+    int i;
+
+    SHA1PadMessage(ctx);
+    memset(ctx->Message_Block, 0, 64);
+    ctx->Length_Low = 0;    /* and clear length */
+    ctx->Length_High = 0;
+
+    for  (i = 0; i < SHA1_SIZE; i++)
+    {
+        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
+    }
+}
+
+/**
+ * Process the next 512 bits of the message stored in the array.
+ */
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
+{
+    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
+                            0x5A827999,
+                            0x6ED9EBA1,
+                            0x8F1BBCDC,
+                            0xCA62C1D6
+                            };
+    int        t;                 /* Loop counter                */
+    uint32_t      temp;              /* Temporary word value        */
+    uint32_t      W[80];             /* Word sequence               */
+    uint32_t      A, B, C, D, E;     /* Word buffers                */
+
+    /*
+     *  Initialize the first 16 words in the array W
+     */
+    for  (t = 0; t < 16; t++)
+    {
+        W[t] = ctx->Message_Block[t * 4] << 24;
+        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
+        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
+        W[t] |= ctx->Message_Block[t * 4 + 3];
+    }
+
+    for (t = 16; t < 80; t++)
+    {
+       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->Intermediate_Hash[0];
+    B = ctx->Intermediate_Hash[1];
+    C = ctx->Intermediate_Hash[2];
+    D = ctx->Intermediate_Hash[3];
+    E = ctx->Intermediate_Hash[4];
+
+    for (t = 0; t < 20; t++)
+    {
+        temp =  SHA1CircularShift(5,A) +
+                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+
+        B = A;
+        A = temp;
+    }
+
+    for (t = 20; t < 40; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 40; t < 60; t++)
+    {
+        temp = SHA1CircularShift(5,A) +
+               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 60; t < 80; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    ctx->Intermediate_Hash[0] += A;
+    ctx->Intermediate_Hash[1] += B;
+    ctx->Intermediate_Hash[2] += C;
+    ctx->Intermediate_Hash[3] += D;
+    ctx->Intermediate_Hash[4] += E;
+
+    ctx->Message_Block_Index = 0;
+}
+
+/*
+ * According to the standard, the message must be padded to an even
+ * 512 bits.  The first padding bit must be a '1'.  The last 64
+ * bits represent the length of the original message.  All bits in
+ * between should be 0.  This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly.  It will also call the ProcessMessageBlock function
+ * provided appropriately.  When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * @param ctx [in, out] The SHA1 context
+ */
+static void SHA1PadMessage(SHA1_CTX *ctx)
+{
+    /*
+     *  Check to see if the current message block is too small to hold
+     *  the initial padding bits and length.  If so, we will pad the
+     *  block, process it, and then continue padding into a second
+     *  block.
+     */
+    if (ctx->Message_Block_Index > 55)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 64)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+
+        SHA1ProcessMessageBlock(ctx);
+
+        while (ctx->Message_Block_Index < 56)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+    else
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 56)
+        {
+
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+
+    /*
+     *  Store the message length as the last 8 octets
+     */
+    ctx->Message_Block[56] = ctx->Length_High >> 24;
+    ctx->Message_Block[57] = ctx->Length_High >> 16;
+    ctx->Message_Block[58] = ctx->Length_High >> 8;
+    ctx->Message_Block[59] = ctx->Length_High;
+    ctx->Message_Block[60] = ctx->Length_Low >> 24;
+    ctx->Message_Block[61] = ctx->Length_Low >> 16;
+    ctx->Message_Block[62] = ctx->Length_Low >> 8;
+    ctx->Message_Block[63] = ctx->Length_Low;
+
+    SHA1ProcessMessageBlock(ctx);
+}
diff --git a/ssl/ssl.h b/ssl/ssl.h
new file mode 100644
index 0000000000..687104e629
--- /dev/null
+++ b/ssl/ssl.h
@@ -0,0 +1,416 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @mainpage axTLS API
+ *
+ * @image html axolotl.jpg
+ *
+ * The axTLS library has features such as:
+ * - The TLSv1 SSL client/server protocol
+ * - No requirement to use any openssl libraries.
+ * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
+ * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
+ * - Certificate chaining and peer authentication.
+ * - Session resumption, session renegotiation.
+ * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
+ * - Highly configurable compile time options.
+ * - Portable across many platforms (written in ANSI C), and has language
+ * bindings in C, C#, VB.NET, Java and Perl.
+ * - A very small footprint for a HTTPS server (around 50-60kB in 'server-only'
+ * mode).
+ * - No dependencies on sockets - can use serial connections for example.
+ * - A very simple API - ~ 20 functions/methods.
+ *
+ * A list of these functions/methods are described below.
+ *
+ *  @ref c_api 
+ *
+ *  @ref bigint_api 
+ *
+ *  @ref csharp_api 
+ *
+ *  @ref java_api 
+ */
+#ifndef HEADER_SSL_H
+#define HEADER_SSL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <time.h>
+#include "crypto.h"
+
+/* need to predefine before ssl_lib.h gets to it */
+#define SSL_SESSION_ID_SIZE                     32
+
+#include "tls1.h"
+
+/* The optional parameters that can be given to the client/server SSL engine */
+#define SSL_CLIENT_AUTHENTICATION               0x00010000
+#define SSL_SERVER_VERIFY_LATER                 0x00020000
+#define SSL_NO_DEFAULT_KEY                      0x00040000
+#define SSL_DISPLAY_STATES                      0x00080000
+#define SSL_DISPLAY_BYTES                       0x00100000
+#define SSL_DISPLAY_CERTS                       0x00200000
+#define SSL_DISPLAY_RSA                         0x00400000
+
+/* errors that can be generated */
+#define SSL_OK                                  0
+#define SSL_NOT_OK                              -1
+#define SSL_ERROR_DEAD                          -2
+#define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
+#define SSL_ERROR_INVALID_HANDSHAKE             -260
+#define SSL_ERROR_INVALID_PROT_MSG              -261
+#define SSL_ERROR_INVALID_HMAC                  -262
+#define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_INVALID_SESSION               -265
+#define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_BAD_CERTIFICATE               -268
+#define SSL_ERROR_INVALID_KEY                   -269
+#define SSL_ERROR_FINISHED_INVALID              -271
+#define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NOT_SUPPORTED                 -274
+#define SSL_X509_OFFSET                         -512
+#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
+
+/* these are all the alerts that are recognized */
+#define SSL_ALERT_CLOSE_NOTIFY                  0
+#define SSL_ALERT_UNEXPECTED_MESSAGE            10
+#define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_HANDSHAKE_FAILURE             40
+#define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_DECODE_ERROR                  50
+#define SSL_ALERT_DECRYPT_ERROR                 51
+#define SSL_ALERT_INVALID_VERSION               70
+
+/* The ciphers that are supported */
+#define SSL_AES128_SHA                          0x2f
+#define SSL_AES256_SHA                          0x35
+#define SSL_RC4_128_SHA                         0x05
+#define SSL_RC4_128_MD5                         0x04
+
+/* build mode ids' */
+#define SSL_BUILD_SKELETON_MODE                 0x01
+#define SSL_BUILD_SERVER_ONLY                   0x02
+#define SSL_BUILD_ENABLE_VERIFICATION           0x03
+#define SSL_BUILD_ENABLE_CLIENT                 0x04
+#define SSL_BUILD_FULL_MODE                     0x05
+
+/* offsets to retrieve configuration information */
+#define SSL_BUILD_MODE                          0
+#define SSL_MAX_CERT_CFG_OFFSET                 1
+#define SSL_MAX_CA_CERT_CFG_OFFSET              2
+#define SSL_HAS_PEM                             3
+
+/* default session sizes */
+#define SSL_DEFAULT_SVR_SESS                    5
+#define SSL_DEFAULT_CLNT_SESS                   1
+
+/* X.509/X.520 distinguished name types */
+#define SSL_X509_CERT_COMMON_NAME               0
+#define SSL_X509_CERT_ORGANIZATION              1
+#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
+#define SSL_X509_CA_CERT_COMMON_NAME            3
+#define SSL_X509_CA_CERT_ORGANIZATION           4
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5
+
+/* SSL object loader types */
+#define SSL_OBJ_X509_CERT                       1
+#define SSL_OBJ_X509_CACERT                     2
+#define SSL_OBJ_RSA_KEY                         3
+#define SSL_OBJ_PKCS8                           4
+#define SSL_OBJ_PKCS12                          5
+
+/**
+ * @defgroup c_api Standard C API
+ * @brief The standard interface in C.
+ * @{
+ */
+
+/**
+ * @brief Establish a new client/server context.
+ *
+ * This function is called before any client/server SSL connections are made. 
+ * If multiple threads are used, then each thread will have its own SSLCTX
+ * context. Any number of connections may be made with a single 
+ * context. 
+ *
+ * Each new connection will use the this context's private key and 
+ * certificate chain. If a different certificate chain is required, then a 
+ * different context needs to be be used.
+ *
+ * @param options [in]  Any particular options. At present the options
+ * supported are:
+ * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
+ * authentication fails. The certificate can be authenticated later with a
+ * call to ssl_verify_cert().
+ * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+ * i.e. each handshake will include a "certificate request" message from the
+ * server. Only availabile if verification has been enabled.
+ * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user will
+ * load the key/certificate explicitly.
+ * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+ * during the handshake.
+ * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+ * during the handshake.
+ * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+ * are passed during a handshake.
+ * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
+ * are passed during a handshake.
+ *
+ * @param num_sessions [in] The number of sessions to be used for session
+ * caching. If this value is 0, then there is no session caching. This option
+ * is not used in skeleton mode.
+ * @return A client/server context.
+ */
+EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+
+/**
+ * @brief Remove a client/server context.
+ *
+ * Frees any used resources used by this context. Each connection will be 
+ * sent a "Close Notify" alert (if possible).
+ * @param ssl_ctx [in] The client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx);
+
+/**
+ * @brief (server only) Establish a new SSL connection to an SSL client.
+ *
+ * It is up to the application to establish the logical connection (whether it
+ * is  a socket, serial connection etc).
+ * @param ssl_ctx [in] The server context.
+ * @param client_fd [in] The client's file descriptor. 
+ * @return An SSL object reference.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief (client only) Establish a new SSL connection to an SSL server.
+ *
+ * It is up to the application to establish the initial logical connection 
+ * (whether it is  a socket, serial connection etc).
+ *
+ * This is a blocking call - it will finish when the handshake is complete (or
+ * has failed).
+ * @param ssl_ctx [in] The client context.
+ * @param client_fd [in] The client's file descriptor.
+ * @param session_id [in] A 32 byte session id for session resumption. This 
+ * can be null if no session resumption is being used or required. This option
+ * is not used in skeleton mode.
+ * @return An SSL object reference. Use ssl_handshake_status() to check 
+ * if a handshake succeeded.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id);
+
+/**
+ * @brief Free any used resources on this connection. 
+ 
+ * A "Close Notify" message is sent on this connection (if possible). It is up 
+ * to the application to close the socket or file descriptor.
+ * @param ssl [in] The ssl object reference.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl);
+
+/**
+ * @brief Read the SSL data stream.
+ * @param ssl [in] An SSL object reference.
+ * @param in_data [out] If the read was successful, a pointer to the read
+ * buffer will be here. Do NOT ever free this memory as this buffer is used in
+ * sucessive calls. If the call was unsuccessful, this value will be null.
+ * @return The number of decrypted bytes:
+ * - if > 0, then the handshaking is complete and we are returning the number 
+ *   of decrypted bytes. 
+ * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+ * - < 0 if an error.
+ * @see ssl.h for the error code list.
+ * @note Use in_data before doing any successive ssl calls.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
+
+/**
+ * @brief Write to the SSL data stream.
+ * @param ssl [in] An SSL obect reference.
+ * @param out_data [in] The data to be written
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
+
+/**
+ * @brief Find an ssl object based on a file descriptor.
+ *
+ * Goes through the list of SSL objects maintained in a client/server context
+ * to look for a file descriptor match.
+ * @param ssl_ctx [in] The client/server context.
+ * @param client_fd [in]  The file descriptor.
+ * @return A reference to the SSL object. Returns null if the object could not 
+ * be found.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief Get the session id for a handshake. 
+ * 
+ * This will be a 32 byte sequence and is availabile after the first
+ * handshaking messages are sent.
+ * @param ssl [in] An SSL object reference.
+ * @return The session id as a 32 byte sequence.
+ * @note A SSLv23 handshake may have only 16 valid bytes.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
+
+/**
+ * @brief Return the cipher id (in the SSL form).
+ * @param ssl [in] An SSL object reference.
+ * @return The cipher id. This will be one of the following:
+ * - SSL_AES128_SHA (0x2f)
+ * - SSL_AES256_SHA (0x35)
+ * - SSL_RC4_128_SHA (0x05)
+ * - SSL_RC4_128_MD5 (0x04)
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
+
+/**
+ * @brief Return the status of the handshake.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the handshake is complete and ok. 
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl);
+
+/**
+ * @brief Retrieve various parameters about the TLS engine.
+ * @param offset [in] The configuration offset. It will be one of the following:
+ * - SSL_BUILD_MODE The build mode. This will be one of the following:
+ *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
+ *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
+ *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
+ *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
+ *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
+ * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
+ * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
+ * - SSL_HAS_PEM                        1 if supported
+ * @return The value of the requested parameter.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset);
+
+/**
+ * @brief Display why the handshake failed.
+ *
+ * This call is only useful in a 'full mode' build. The output is to stdout.
+ * @param error_code [in] An error code.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code);
+
+/**
+ * @brief Authenticate a received certificate.
+ * 
+ * This call is usually made by a client after a handshake is complete and the
+ * context is in SSL_SERVER_VERIFY_LATER mode.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
+
+/**
+ * @brief Retrieve an X.509 distinguished name component.
+ * 
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * A full handshake needs to occur for this call to work properly.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param component [in] one of:
+ * - SSL_X509_CERT_COMMON_NAME
+ * - SSL_X509_CERT_ORGANIZATION
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_COMMON_NAME
+ * - SSL_X509_CA_CERT_ORGANIZATION
+ * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * @return The appropriate string (or null if not defined)
+ * @note Verification mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component);
+
+/**
+ * @brief Force the client to perform its handshake again.
+ *
+ * For a client this involves sending another "client hello" message.
+ * For the server is means sending a "hello request" message.
+ *
+ * This is a blocking call on the client (until the handshake completes).
+ *
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if renegotiation instantiation was ok
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
+
+/**
+ * @brief Process a file that is in binary DER or ASCII PEM format.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the file. Can be one of:
+ * - SSL_OBJ_X509_CERT (no password required)
+ * - SSL_OBJ_X509_CACERT (no password required)
+ * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+ * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
+ * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
+ *
+ * PEM files are automatically detected (if supported).
+ * @param filename [in] The location of a file in DER/PEM format.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @note Not available in skeleton mode.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+
+/**
+ * @brief Process binary data.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the memory data.
+ * @param data [in] The binary data to be loaded.
+ * @param len [in] The amount of data to be loaded.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @see ssl_obj_load for more details on obj_type.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
new file mode 100644
index 0000000000..ddf3526b95
--- /dev/null
+++ b/ssl/test/Makefile
@@ -0,0 +1,65 @@
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+ifdef CONFIG_PERFORMANCE_TESTING
+all: performance
+endif
+
+ifdef CONFIG_SSL_TEST
+all: ssltesting
+endif
+
+ifndef CONFIG_PLATFORM_WIN32
+performance: ../../perf_bigint
+ssltesting: ../../ssltest
+LIBS=../../libaxtls.a
+CFLAGS += -I../../ssl -I../../config
+
+../../perf_bigint: perf_bigint.o $(LIBS)
+	$(CC) $(LDFLAGS) -o $@ $^
+
+../../ssltest: ssltest.o $(LIBS)
+	$(CC) $(LDFLAGS) -o $@ -lpthread $^
+else
+performance: ../../perf_bigint.exe
+ssltesting: ../../ssltest.exe
+CFLAGS += /I".." /I"../../config"
+
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+
+OBJLIST=..\aes.obj ..\asn1.obj ..\bigint.obj ..\crypto_misc.obj ..\hmac.obj \
+        ..\md5.obj ..\loader.obj ..\p12.obj ..\os_port.obj ..\rc4.obj \
+        ..\rsa.obj ..\sha1.obj ..\tls1.obj ..\tls1_clnt.obj ..\tls1_svr.obj
+
+../../perf_bigint.exe: perf_bigint.obj $(OBJLIST)
+	$(LD) $(LDFLAGS) /out:$@ $^
+
+../../ssltest.exe: ssltest.obj $(OBJLIST)
+	$(LD) $(LDFLAGS) /out:$@ $^
+endif
+
+clean::
+	-@rm -f ../../perf_bigint* ../../ssltest*
+
+include ../../config/makefile.post
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
new file mode 100644
index 0000000000..7c8ac8af28
--- /dev/null
+++ b/ssl/test/axTLS.ca_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+AoGAd4Ia5SxYiBU9A0BYyT8yPUm8sYELIaAL4YYk+F6Xwhh/Whnb8MyzquzaGFP4
+Ee30jYYNHlvX5VheDDtvy8OTN5FgKNNdzvW15iA4Hxje04ZI7W87G7OIxm7aYRid
+sG4XqZBtsOdj33IRd9hgozywGJ2qRqS6nn2KxRv1w07RniECQQDZAlKxijdn+vQ7
+8/8mXzC+FwQtzeTUCuLrBJcos9I/591ABoxYkWcYLxpFqgCEVwb1qfPBJkL07JPt
+Fu6CTnBFAkEAxXmUBs47x5QM99qyBO5UwW0Ksrm/WD4guaaxzQShMt/HzgJl613z
+/x4FtxiQJHAr6r2K0t5xTJx89LVKuouYYwJAImue6DAvJ5wDfzrtXo28snn+HLHK
+uONdKL/apgcXszE4w74GJsoxWwGlniUf3d3b6b1iP2GtPyIDOJjpjduZLQJAE4jS
+VtYB3d1MZxxQLeKxqayyuTlcr0r+C79sqT5C//hZGIzuLhlOMLd0k0cvwxsBjSgQ
+2ok8pfp49fAVI1z5xwJAVmJgLc/mSti5A2q3c8HW8qvMJEDPWbpb7p8pg4ePtpa8
+EE3TO4O4J2H+k40C397km4yZXdkNQsiT1zVljJZpiw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
new file mode 100644
index 0000000000000000000000000000000000000000..9c9936b8e98d0b7475e522377e64ee5cb7d9858c
GIT binary patch
literal 483
zcmXqLV!UtA#OT4q$uKvs*kYO0(kKI7HcqWJkGAi;jEt<T3<f5KMg|6K%%Ln?!kUQ{
zAwIzh0Y&*)smUb@F8L|xl?u+OMJ1VOnaPPIsS1vzB^mienI)A5a^k!OW<Y3eXlP<$
zY!oHVYiw+2U}OyCl4)w=d}P-#vNA9?_A(eWb}}_KGAvKMX?F3OSo`5!6HMM-;O>mp
zDoN<N{Wdqm<T8IuUjcJd<(JlEvrNlF?P}j2zB;?Zdd(9D^PlZD62&?k59j5&TUeXF
z65aa5I-1Xu{V_w&Uu&cN`_tz8WL=G0S+Vx*w;$X1yXqAsj!$eU>&tJf@_eyO<6*KV
zyX-GFpR#RyrAh0Vm>C%uk(~z&JZ7M~WVst|nJiE@P*UHyEW+SG%xvc~wa?bgyU%&o
z__O9cjynut$9A5`TwES67IMd>m+OQ}^u4t{;lgJg9l!sr<hS6(t0&gyeEuXn;qTl+
zqd9e9cYNGWhP3y5*xUak&Q$K_U#W+44D(rL9oX`UJ$iZ2>3OSV*OvR3NHYY8-f#GI
I<)^zO0PSqO5dZ)H

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
new file mode 100644
index 0000000000..86f659710c
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
+3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
+flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
++UcZ
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.device_key b/ssl/test/axTLS.device_key
new file mode 100644
index 0000000000000000000000000000000000000000..4e981d143e1383828b8a76e18c57e0b0f59b202f
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdJGZ4h<43zjh$NmAe*gFd;CkIEWYaUz#Bpms2~d;TZ=+
zk`Pe_4BeOCv@NwmC65?N)gXrn?#|TyB9lU`OINiLyb68LKj!YuC$?l`)u2L1ZuNgc
z=Sux+ln*4$Nfhl{gttWP`YNkiPpo0p0h3)_$nwg2s|lRS$t9_kyc+@o0RRC4fq?*^
zL=H=j!{3Frp6Ni0WB0Agp#h-CLCM~qOnu)|K)UjF%r<fVRLj|liDwP<SptGae;VJ_
zMhe!}k{!Dh@96KmOI`q<?WRqvvfO61H={0;KF%Ej{gR}3kHpi(rVmH`Y?3%o`Hd9A
zgG6g{q(Yvh0YNF%rC0uB-yx7-xur1zK>+-Ic-(fn!L=2LAE_OnV2@ezYPqfv?7EVw
ztnGa>p_(hpRr+n(N$Ooc;-Ug;rmFgzfA1^_2-*k;^0%11vl#+G0M`^95MJ-`(OR-i
zBA|9yFh78sA*+l|0wMujX*I%@o4%O>ok-BGDtQP3_l0oh2@5c16ixpA!QhEf#zLZF
zQvyK%tS>_pbrT+q^2G&mI(6scS|AxC&V>TLsLms2K>j$f{xgTlW2bz`iWbV^SZp~M
zSQa|OOK(li0kpVqV}#k^0zZ3z5inI#a)-o>oxVh6us#Gh)Z2ij5G5&LpFzr;@!ous
zU+nPW;~#)v8B_>M%wA;<W+FnTDWWP&usbLS7Xm>5u?2*padHnE!MbMQTY+(0Wgg|0
v3cKQF;e2bA5N6M*E~R!7Tl|5&J97n<934}R7|5Rx8jwm@UwAr_9k^bwbVnG3

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.device_key.pem b/ssl/test/axTLS.device_key.pem
new file mode 100644
index 0000000000..2bcf5e37b3
--- /dev/null
+++ b/ssl/test/axTLS.device_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDUIg4NEiu/diDAlbsWbTAhMKw4iBf2X5ohGJdTO6vhGQdEkhBR
+Bgzdl9+0LbVDJY8YStUghwnuztT+IpNCrUtXtRK8Cn3QP+buzSe2ZGPVoEJIbvV/
+QudK/WuUDyTNSRTtW4S3RO36KqtbT6xh1QGTXV3I8sp7qwmcysklqZW8GwIDAQAB
+AoGBAKBEDkuPw9+Ftp7pQIxj963LoQGgyEHJ3p9Mfd9TQLrydsw2cf9Uy9mKiWcN
+9VkCgkZ/Gt/VRgrW1pIduxXv6O+8S14An+2mTayy3Ga1N6MulD7OHQP9kqR4j8TT
+xaYPR/1skjhQ+Y0Uw4NEa3OkQp6lAUEp1aVX/mTfIZBguaUxAkEA/H543Ha6wbUV
+iB+pHaBgj1nzarmuEey6kqqs7X0zoZory1X6bdpJ6l0/4qICa6aq+pt/7ywJCNoI
+CPK3mL2zGQJBANcUHRBe7/HRWrJNIqB2WDA/gJshq4xOAiIBXWk1wpabvpkCnUjQ
+rip5CAL3hXDnCQswZxRN/v7B4IlSxkKiY1MCQQCsL0MUdRMejfLFBXI6defjWiAZ
+I86FAr6oziNnQP44sf4zh8pjp3zIihbK4lhsORhYFjrES29NzgG0uHBjhNnhAj97
+gBEwVVNyh8SMnb5EZbA+BDjU24CmECUpYZ9Bypzx3nyTX+zw4uMfgGAZVAhLzF5l
+DmYiQqcpoipMsDsoCBcCQQCxBYSicXIPG8G6ZuFbgXFcZR7llgq74mbhfGuVEGbP
+qS6ldhJb/IG9O3MFlRwdU44YyJ8QGpBKWF94OpIduF6w
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..8b0a7eb4117de421cfb917de7f03055fdfe2c28f
GIT binary patch
literal 385
zcmV-{0e=24f&qOn90m$1hDe6@4FL=R0Wb~(2zv&jLbrq;i2?!$00e>oTecB0S5Ch{
zHl7H=qA4HIOB;)ah$8h!;8it(u3j>D`liQs0*+k*%XW@PAMoO|ZVtaORrZR~IdUoh
zNf*1NZ0jCJOsIuor2Ouh<c)ot>Y5SBS)gmT$Plt&Ub|ujkSvY}HF3T6ZV$+;=Cj1_
zqiV0Xy#~l}wq>xTcs~vcY@+sZ^yo(jDeDIm8}2%S8s3H&bnWkZz@9kPK8*&28D$i9
z3|2M?_7i99)`(fX3rvXr@m91pnk>4N^QQR5XPP=(qj)V!5qKV+KU4NR01UFqcL=0O
z<WqeKmP8KC*)QM=McME}H<QCTa_BX@namc)CF_|xU$3*#>)<VdUvKAmO0=-igR~fl
z-mO`%dym`o6F9p4n$=wvn!II#&PnKR3lXVbV;jds=xH2us6!2fitgX)P5>N0{uLA$
f>0oNt1g(0Zzb?&!uhc`Lu&kDME*dK^i&ZfFoN%%v

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
new file mode 100644
index 0000000000..19ca3c5eae
--- /dev/null
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBfTAcBgoqhkiG9w0BDAEBMA4ECN+YmhCv0ILdAgIIAASCAVu0QEfMkp0xUsNq
+0Ek4Nsa/uxcs8N/2P7Ae7qCakkvsdRvvPPH0y+wuj5NgrG6WpPeeEx9fI2oNNTfC
+pwncH0Xm99ofVrgMX6XC45LDZtzXNSZd4TdBP6xvlYXbuGegp5GPJ8emzscHCFhC
+JfPHemRAcB7DhiWukPosuSUr5R8OluEMJrQLHuQtlDAvMjLEI98lSchPxF8LKCk3
+SS2uCcmc+4WiR0nHG9BOaGi38+PytHAnbfo1mfVSQzLfgLicMAVGysfQ9QOgpQOO
+ygYfM/s7Duwbl0rshyXVJP+7BpYJnPtHvO4BTiizU7ZEr4WBiEnnANDrupSdsxeH
++cxZo70YJVdoPdgMd2ke6EIkUhp7HughFg+okldlEtJA4muKeEzwAxZu0TqxOtZ8
+UYRS4Ygk+rN7Y0qTKSYwSkrFBwUDkpctYjRUOeAZ/mYMKWmMn1ejAb5Is7bjEIxl
+tw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
new file mode 100644
index 0000000000000000000000000000000000000000..5b6ba1d037b002b0d62c9903a3582daac05f77e2
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdJUxzZKr<ujtkN3#h2G*G65ZCTt9~*}TU1z<AL1R%Q4p
zNDg}orX_ypdwFj-<+Zo;;GB_Q^ak@l9{G_OsV_%EwVNK?_Np97c_Apvs!4O%2?b07
z@=Q%^9Dt`3kwp9wv*G9CPei(m!*n_5OwiO!Bw@5bm5jg&w*omag_8mU0RRC4fq?*&
z2Xf`Ut$925Gc1k;_!?`_=#ljn2ibyLT-73>o<ahDi_O0Dg;Mq`)d|up^epxVg@F0o
z(9Ay~F%|Pk^0ne=nFIt$A={s!R9gDv+4%<r|C(i_>+(m=R>yKlNL=U?*N-L4Nht<u
zRC^cPp43zD^`3<#q3b>AFS(rd;edexK>+Roc*l5!1eeS<z19)p$2r+FQF3pJ56y@&
zGn>b!19#biHMZR!!od?jgH`Kb>w%687GkutJnIO6oO#nY%JBk00O>_vE*8v_P(ZeM
zyg1-iXi(EHbBv5C4uMLFyUg%pG)A8XeImB`MyyvOj2`RL1x=`fYG?MQv8#^3@9%x^
z!va7r##ufX=mK*A@81nDOXwG=jKS!Mks0{(q_+)5_cTxgUJ9@&6s`anfHIu5fuH0;
zf)t=Vi;POuOB0>6lS<J7KxB-AcVSv{5kI4-8;ZoBT0EqiDvD){XHGG!RY3$vodW0I
znSatS=GM4`*$gKLft$3<Se#LW4##aYiBQQ8a{@sC+TLCotQ{TKxn(8*_0;4jgoZBw
voIwCm;YX3cQUy*AFAd6@J&8fT?w_INouunUf8)!fYYO6iu!megu~88nIFuu9

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
new file mode 100644
index 0000000000..4f5ad4ece6
--- /dev/null
+++ b/ssl/test/axTLS.key_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDY4L8V3uqv6NX9C6ios9dGXacmbAy12bzG+MB40PZWZfgpSA57
+C6Ylfuh7eW845bW39OCckWD0BvNAHvmRGakvR0O1mx7c9qocSXkhKMuqSXPZCQVM
+AvJMTWwcgKcUkUT8ErPh5+NPRLqMw3Q56EzQ1EwkYbRAlYzACrcCOTGFkwIDAQAB
+AoGBAJQHcuW+rXk79zMsjgX4GmvQ6JH1FgfZglxc1SKhnkICf4vNvvSFUvYs1QnS
+LPQs9geFgPnc0Mw/IjEV80nyteJpmQQESSHbn6FUWvrk2fkHBf+aZaTr8kfOVsdy
+SUhc6BTXjyXMSSkGalR7F9ye1FPw9Z6FJaHrPekvuZz24YCBAkEA7gJ4x3iFBJfM
+Nr3WEeLHOdk0UXJvig/NiDIzm8enA3fZgjW23R/CwRNAg1XrYOuBjgwWYrS0POsI
+gJx50zjK8QJBAOlFXy4WzJNQQLZ5vDjgVmhQ0y9zjIwqDoFKirvM8GQ0Rp8HfSK2
++UasVyOMHuvTBU2og2pn9qaxq47B7+998MMCQC/GWT4Y6AJzAe/fDTBL6BepjMHo
+iZEZ+PSktw1G9zRQA14KsCkUrgAZgDKctYGf5EKCFKA9i4xK1UsTnbSTStECQGSM
+g3dhWnMRP6OoG4rEoFo8pJsqimWMZ04xrFVBBEmdAuffmX/SMObWuITZDCcIgZu0
+zFicUYQOx200iVDJD3MCQQDa3l4arB0d17llJgD11OQohIYvAJxBAFLhR5HAUgVO
+Dy8Nyps9iUG/7p+h5p2k60V/48ukawrifrCHXECxUREd
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
new file mode 100644
index 0000000000000000000000000000000000000000..0af642de231ac7143db034bbf595842a2c7c9f85
GIT binary patch
literal 1191
zcmV;Y1X%kpf&`-i0RRGm0RaHQpugMt&u|7rv!C9LJ=rhBH$C@fYh{Ath`JqsrwVq?
zA;rGwdz;vW#=#sA1YEwE5j|QuiSkR15=5=(@4UbWOLeF_S#o-F8XALLbhnX29W0$0
z`^6U}4UEEJE#HKhq!Uh&FZ9AsCOsK;yP?!b@<$f99GRjI+k0MRvI+F2GfIq-0(2*<
zI@+{M1%IXd(F9**b0+8=WCc3!R90Z=+`AS3+BF!K@+u=)cS!#laK$+W*UPbkBh$%E
z9O&R=BhkV~W3pb9<VuK(GMUN@H5A*RR6xg^y^H~c@T)cVq-y`~U}DSScugVtmfbA2
z%+ls>0gAIAV!eeFdnK&`0|5X50)hbn0KrYIAk0gtB;cu1_*7~DLp$s41j1L{dy$8u
z>Q{6SrHuFJ5=4!AZ6f&-rB0VNk}EF%GnIau0>!zBGX8BCm(}Gomw{5otF4q+j_!<A
zA=h{AZk~4g`j6L?T^{Yz**r_c%{<Uom4VGA)ElHC2iWJK351mkRrSyH2>p^p<y5Eb
zOBjO$UMpQTviHZfS$yQJ6M%Cfuhel4SaiLNcOaOyoHLWio(XzMG7twCcX0Y8M|39W
z+&6JA+(WFM&PHD|dMS(Io@O6sR>1sm3^l)5OV-`8fG^47KzM3=dOYqWQN}Mx08R?P
zYG(QI^V0Ya2D(mOH<Fm=JM%WORRV#50QFY9`olPt_GFIfpq;w+5p8)jmLY&XujUa(
zNK6FB1Jl9zg3g{m#gz9CDvkuEY}qmL$s~q<;8&D)3AI>Z6n3J@*&>6Q$zUudW;ASZ
zQzH5(Vi)P&Q`Izs^HP*fY*{R7YiqEtv!@<vIoO~!5U81Q>=|O8tlwC^M*Cwj0|J48
z0LvBOMMw2v^dO~mza7xFv4n50Qe?_on9muo``SJVw9twDxz;$tm3C(+A5JQ?3KbZA
zjJgHmx*IBX4Ilw`JwQ-@w86>Eta4z4TXD9^xK10mFm*b9*FGd6pGoDEYM0?EA=1$?
zAh{7-VIk);QUektIB7B1=h0D7V+h(3j{<>!Ay@B-IXxJRi!d!JY9)Q_y>BYaL$g&;
zytn>PR~(ZYzYOl@OGA*<38Cgn$53>6_^#wDST1{Xw-R%AJ5f%kWK&JFV-I!P2AUax
z?0^i4+Xou6@<J21TN1ArL(%FosgLr?w6Q0^2j_=UV^ON-YO<(4)L3Q_Ev>fpn6>Md
z0)c=X@A}4A#y*Q%XsE;Fq)6I8SgLZZ^7^m458-?+{^(mFM#e>F<Mc@jEJw)Qpabk&
zk-(@&AL%0<FcdiX7v4DpOBt9>-0j)c{*7c|js3Dusa$NJOJF%*s<_@CX`P5&9Zxl{
zJ26krm{pSK35pUk>#y4J{_H2XK9P;o*ErV#fq*qDV<*E0RC9D5w-*D^YaVVcH?W@L
z7s;4%??z;ZXmnf~khf-nE#R3RkTMy<Ys(iy6@Wfd0%%ES+FRK!(pr8S74;YA5qiqe
z9XPww4_waym1wD)8+izPSjO)UCz32VC$bSAw6U1h<^ul<(2Tl{`W7ruei79MT3KX_
FDTxquHyr=~

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
new file mode 100644
index 0000000000..beddb721bf
--- /dev/null
+++ b/ssl/test/axTLS.key_2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwqC/2/rPcAZEs5/ejT3ZL8Q3Pfdna2WC44i6HYCnCnbOIcW+
+6Xub2IXGwRwQBFy+mRE9WjqJ8kuOEkSt6e+8wAhLdag7WXJ6cxoag110t5FEHSyd
+GfvFFyUNjMJhLd+EmaQTTpEv9MJPJj0Zdruh1EjyRxa4HJmiD9t7XmWyCfSmM0qM
+kgJ0J6s62rRMBX+l/NEEX2VzJugdZAU671RWYOncuxX/2jUYlvIqI1l3SP8acMU5
+BtfLsYMj08lNHOjgZCPRwkdjsl6U5EqIizKZygw1FNugVEDHnL2MAYXwqzX3pGr/
+72Biy+J4TSH6lt0stszS5m8BirMgYr2FFHslrQIDAQABAoIBAQDBTa0gzEupJOCp
+UvhUagBDO+vuBMJX3XuRh6PqV3QQpYz36BJEjXttIvkTpU6XNpIrLv8zlX6bAsW5
+iTL+bRiX1eU0l4FSxqutlFiO7oxVIdd37m6edvv6j9eUXR7t09k8S8TNPNBXlYHN
+JdQbpCIH2OehCYSVC1X1z/UI/ZJF5VSn7UsYgwReK102svfHtll85K0TgHMir9Rx
+Dlh0vYx3IJi2nDOTyJ4JekkyEAcYd3D6JUd0JujcN3Ev3EOsns5GXzN6KYvinmYf
+Z1bA/HEMNb9ZS9bdsoAvyeJAeGp8ejzuJVHGL0kATgrAamb58fPS+A8Guk5eN5KY
+5zvzNrJVAoGBAPVWvPrDOJX2ZI7poJ269xFteTWWIYA+r+YRRkhMBMcD08H5gs6e
+QMWU9w8qjgSmbNkx8skkhn/gV5R3CbVYYRR2osrZIoOayWAsJmY0bHFTIvooYhfp
+3lPVNIPzUpRObFksamtrsK+zpx5qOdigNhComXLsGWKfrN9Yvkb7YzIDAoGBAMsV
+4UVH9WH0IKV1vx3QtrGEb69SZMpbmM8ZsPvaPgq00In9udY4w5V2ZygfTiq0ChUY
+fYy6BeO6Gyp2DSABdz1AUH+0wcnNrHJghFtxtsq4Thu4MHU6ftc+JCGfSeWUapfh
+KiHS0TEguRFcYSHnM1IDEiU4aTHY59FRUWMI2hKPAoGAIVfviTk9GIyLMC0qaiV9
+7L1vKsxDs1VRvLf+UFcckxu/DO7nS0OQ1Amh5krHUHR5+K7kK1gue3S3EnN3O1FO
+qGRTTbRjD3XbBpoZgeyADIrbBxqz8kITuFsSrxhD0eoyqY/yyrSxJ8AH54dSY1Gq
+52qyqD7UWGYRLa229pi165cCgYAd7/rGWMY+i1toqMPkpEjaQFiqcq3y+q+7D+F8
+Lv7oWyFGxkVn4/RJCyxHyN2gA+xckcCoRx/pIx0wFDj5F945BEsZmE7c7dnW/o1k
+YY39sk+pXGygS2A5YKq43h9pnYhdHU81rzsxT86YVZLoCYoSM+uv2vH+7Ce4PpGN
+1Nc41wKBgDUrYyfDB1RzdB63FwPRax5uLjewnuMXyZhy70ZkiGh0XBuQt2aCLeCZ
+HpAyGcJryxdDFYA+UwJoSWjaW9ku0lp+GxX1F+cResrRHTi70w9czwGVaKmcG3kI
+fFjG7w8nkiw5J7IRH7SxmNbmAv8L0Iy6jvoWLFB+EdUGWllkjCmJ
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
new file mode 100644
index 0000000000000000000000000000000000000000..c205382ab7aff86732f3dfe2ed465797770e4de7
GIT binary patch
literal 2349
zcmV+|3DWj3f(a=C0RRGm0s#R0C$yPeD$39>4Ep0;5M@#wpmeJ?wh-{#-F%}3)vYB3
ztJJUoqYbWSsq{2`FhC1&(<a<tgeSWWIw25pr1RUCV&A2S4ez6)T=|?mmuADrvY&pF
zomJ1}w+D;tT#z8mUzcUMuk^h+_r*lQN?s#%9QEsbW)ZIp`UhtqP#aQ!kEnM5rgiw+
zVXhXV##-lf26+ze(d0CgK;T>maox?BB8At*_qHegN_Cm(UerlhGFqSp+Cz&}#6X`{
z2H3(|N2wGExlD97fXsOeCn^W`4Pn++s+M#D>;O(~wfl~y;qgj?b^u`WqW``cC|ig?
z96y!M7XS2>*B=ru_+Qy_9la*KLK^5a-5uR~wh=@#U7Tn=6AH}gihl`NTe>q(s6__@
z%!kaMhJ)^ct&_f>W0CD_-U+Y4I0SM3pkv<ZUM50cmf`*AW}TkzA-Px;K=#PVY$>J2
zC5#@2b&4ibCx^XoK}a?;7P^WLB95^r%-L{Z^TI${%`T)LB<vl>-5txgX;UR9*9tfG
zp0JoMr}gZ3&ElIoiQP({zW|?|<qCYxgEPW+m{-!lKyNF{i?GZ&5?H4HS_o_rv^_g}
z1|s4$-6>Q29=N}D%WseeY63jXE#yASA&jVGam|+W!jT0{up!{AH7z;XMwF|1&oLlT
zI<O0vxi@-$!>f-10|5X50)heo0Ic&e?J7A6sOJ1oEf|dfVdPFl7nV#Utbk!IcE+x|
zwzL2mzN#?8R)=NF$soY8eCHCB3H|LyF9zTm1EmhU@HP^xA!jo7)<0XT9bP4MXZ}Tg
z9vpLn130B*c(tPYd~`tvpU+SK#<q6ah=JDbVAYrknEh8M^Y1I8UO9}IVCyR#x|!&b
z>>$+(${mFip2Fs^tL+p5xrw4e0R9cryNig*Qm99AT2>K`J_ZtV`sYF+WVfz|JC5a<
z32|_d#wA0pmA>Jqt>Mq+?{md{55I*UK^tnI4QyYb3M%J`W?RySWV>v6a0W~ptFc#8
z2+k-`_?PuZljI(Z0ycu)f%7=#+3so6_4~q}&izudsVk7dFnzrcH(x^A=H{OU7it9{
zgYY)1WTAuDc>i}P!P>*jVZ-o?Z5mw5N5SWmc^m+(>O|VI_8zn(F&6&QuB}9w1$fl;
zoTz0hq;ReN$w<NtWWC!14hB^a8Xi9!BaVwUp?j%epJ~(jIRU<1{B!Qc1f+CVAfm8X
zzW7_DFc$Jt_)RoWa%U5x(ZBv-RtVCp4Ca9IE)qxU-_?f`G1C=o_xTPu?ec}uqbMeG
zwDwt>nV{J0^Im88if^GkC^Y=)-Cng#lZ*eux-L-x(rbUK01LbXkwx0H)&siZdBsGY
zPMq(uI&?)?UC^J;$pV4_0RaDqB(do1D>>Gq+(e`t>wW2jmbau)pXl!~H>zdxJy}70
zFQJ@~IHF5WD^efq<~`Y<fk&Y1BxqN_N@I^$i0n?-tb7Fb-?WQT_bb5M?{l@sb3v~5
zor|n7Y%h;Yg;T)WVfpdNj5+jQ^`+Cw6yG;WJ`5xSo8oXW1pP*do9sLY98Q=2*WS%6
z(eO|=Wc@Y6wKCe59xhIQ(j+u4zQBSk60*m!T{n|YMBStyr50qjdmS6L5*HGb1n_@^
z)IFU0YSN9^Q1r6#E2Q&)vXf7?b7S2Y9=dUrsV%6B_3nD>-ZapdE=Lvf^%`bxIV>8_
zpi17`dW!e<P0=9v--`l*0RaH~o%(S5)|8yA%@ZSn+}<+{P^X!XdlTllVU|Uu0T@tN
z@fKl-Ilj&F4kT$Ch4S8iUd!V;PV7GYdR!%(VXU?VI;vW)70*A4ocnPvw>m{S$qPsQ
zzinB>N&dd23n`lgx*LKC_VcD7mz0m(-cw6)yAq_15GEpUr!x{xm4s%+;_{m6IW3%P
zUSyYXejLf2KjE=<FLDIt@%w%ER$XQ@Tig%q&MX$6w1}w3x)8O19*~1WDbY1eQr#I5
z=|wC;T?1)bZJu%-6IZ$uv0M3f0VJOG*wd#j@&zmbI*~?~v<4w3$y7mKk16}fU|5fm
z!y0(4l>QU6-!scDoFt6`f&l<M92oL<Dyz4=P8q69xgpd|*+`ZMbpX;E3E?ju42rs9
zzy^61(O?4T5xL=g0}+_-2gHLF$OCxvt7hKfbRgoYgoM*?_`8M}-?4tgGtvwZ2kzHl
zc~<%bCm5kq8ql-T=3`3x_~20|(H|8SPB^KZHe(u6E{?<-VvV=xdzMdYm*Dj#!l$Hv
z+TA83c<SuuL$iFs>+0&(85wU;4{*%q6qPV8GmC(8`8*ZrUuiq8z;<uqrK>aBT#Uur
zDKGrMBOFWEVn`AV4MGdUv>t%IN_x}+7WbM=`KGAls{0t4O86`nN}ZmdaAZh%0M=q=
z(+Zh=EN$fYA?`prE2p~xf&l<!N?Pv@tG%xb!nN1gQvz*i`&$@+rIHszVbjH3A`wHj
zMg;j<i~Q@$cXBog=`6PPPiAFUE$JX&w!K&XT2jn0P?DMj_A<eNtn5uV8oBJGW0ZJn
zP-J3A2zzp=?#<!w>+H9=lOdxG5_)MY;GlVN!q)iERlQWT;`HHkO%rFj6$8Eo2%|Sb
z{rF3nAU+<!M5+{I6($_L6>bOCGW7&gx08o=COjKnG9OXBv*(*XA_7DIoHpF9f_YHl
z6Rf__Wk*KocnrQNJq$tmKXqr5#tV-L-)jzV4sP&t6|KgmadNx7o=1RY_L`XR=my%F
zxJ*{_68OcU5|vB!271W?f&l>lq7j)r+-H%^f<*}JSZVtPV&|7V_uzNj4B0wPZU%(I
z!-#xJMnItAM}A*#OO?#rh~@QE<UVabM)xiI?Ll>Q+PsjlRKVqeTyM#dxk0l02_r9_
zBsL~(g-PWYbR%PVYD*$Dua&VxhCu}x`T7lBNtJ2|fQF1p@+xlc!^9lFEq)(oD{-AG
zM<Ua4@j|awSC=6fyN?oZ>v3>^$8)&&Cqm9W>bB2ITLy^6lMzc_-U;tIQITU0U)4vV
zu^PNP`(&Igf`#YYx+c>R;XC3`YZg5g(tGs#J^3oGTnXfccDQZ1E2^{1-{SxQU()Tj
Tbx&XXcZMQG44N=;lHrQ{Y;S%h

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
new file mode 100644
index 0000000000..9929467f45
--- /dev/null
+++ b/ssl/test/axTLS.key_4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA/Ce0mV0qytAwDPrjXRBlUh2gdKs2thDw3N18owXVrSUFq9Sw
+AaMNrmep9DR9MEALcdMm3GCEJ7sOOiEQcqTz25di36WJDe+jo1z5nD2XZsPIsp9+
+k51Vz+W3B4vsXJAgzV+XZbmv9L0598VEwkpeI3Uc9et8ZhGvDPoHZyBQG1KAj6h3
+AKZ1+NthrhajxlrndQZ5Du/R5DSUQOBcCHHdzZgihdfF97Yn/kp1mele1ElZMlqg
+BtpDi1TEQJ9XBtjCW0epFAm5THQ3gMx5DCcqB/cNYdZWqpZ0AuwATm61+46m4fFK
+g3YAYPOi/74aKFuIQBw/lc8W//SV1x8SL/hf2XIdvSa9QhroNN0d3Xu2EUQzXZxo
+PRMKzOqKfwlZW7ozT6hFBwPMh8yfhoPugq2TvqBjke1s3gmvwTgEcf+gY97qXiZC
+X5bh/ehmnZ7vIblYFUD2yMlsKaXGJYweh3WKJlQnh71wQUg2Mxa6ig8ijrEozNlw
+YfPCQFrNLqQfJOwdx90dy7hpUyUn1wo39p6wmC6n9ex4zeKbO4ndSp+/AJ+d5Qp8
+zoMzwneYV9LBQG8ry4uwzDkSWKb/WghsEbQ9O3sGIuI13SlT/B64v3bLb5AHagI8
+zS3kPsshjKhkcc2W9MKRBU2wIeCsNS052kaUq3rPMSBROrALmLk3en/Dq48CAwEA
+AQKCAgEArPMy7So5Cqjm/FAtGI0BYeRORReWTCSsgGEudsauu7a0ABq+qjDDVodl
+y8kgwLJ85xKUCf3tRy8G4BoDpQ688DYSrCFnMvbWP1urHV4ldWf+RX4eHHODAzil
+ZHi1ovt8dEEHn89P/8a2dtqIgdbuYNWYCpj9Vyjz7yujXjmMmGDrKx26meiS7CDV
+C8odhRSewuawq+0UArmJokIA/g3Tu4uIylKoR3JaVhGOPgYSc/rnQiFkt66HO47l
+mQlxcJHGJUOulb7hqK3hz+bvc8V9D7+FH0EbaqANbF+hCirniWZb0odku2x5cAZM
+G6uxV1MIzihR+Jf1R5PkHowCNoLegfM45tnuadP1+8Kezv1SsqkrkMEwfb0QN19C
+2+bmnwYXagUgg/A2q2Shg9h4/3cpwdrDzGHD8IttGlzLR8HnlHkcAK3qRNqy9h60
+JDEW/tOurUSZBXjU9ZyoZSukcK3+yUjCDWS92wMOBlUQGh4/HCOOizahe6lhn2nT
++jkBvl38c+7GBKR0VyCisFi++FukMBbyU/hNNFByZxOj0b/+YVYI0qwM5oDzLhJH
+69/VhxMx0xVt9/kOOO3yhdGjKCZztPZZm5mg2OzzXmf4im+hPSg0/OrdXrVNk4v/
+w7ouUQHSa3+rAAu8BJFF2rTWA7rjecVEnk6c77I6dEVYXdCfz8kCggEBAP+IJLHo
+7Cs51qPcRKQc633phJa3pFGf6O8xN6pl8z1ZQX0voZyROKJLTytSH+zmPdmggUeg
+7CRoV8BKY49YiOxO2Kx8BPfftItS9yvA3O9ztcdzQa72nYusMWwvj0yFU8DbYfnx
+yYw59F/1pdPKFN83Sj4MJAOb4nAxBP1GiZvsPAgcTpf/197NLNHwUDdk/TXDtTLa
+lx4uTn/SJDQuvsCCLBKyx7FdN5NPRN2kIKUWZLd7HRu2EhcSlATwf4TUPZz7atKN
+2FD0svErpPOAspNPtnNj3RgeunGVqS2oi/XueuveNNCYLkcV8/UaZm85LBrPoEre
+23qK9/ZN0SD534sCggEBAPyd+nD71pScrM0TI4Lc3jMNUKeZj3sT5rlhlkWlARhQ
+WPEWYYg5vs3zDiRpG4Xy3n9ey+M6Tuw+/XpcJZxhrLYFOqparxXPP4qc+3EvtzpF
+OskLR/2/bVnESf6+pQspmwW6G4IJ9vOmIJeUj9zeU0txuxKkjhAmInCnMxJOlYRm
+xeLymuo5LZxrXmSXcX4cyZ0/4bF2L3IE5vH7ffdWXWYzW9wP7M4sFp+0iKjHuhC1
+gB6Qg0Mp0TVNUt0ZEelFLEJdA2lbbZ5yHhNXuhOxW/l3ASSe9tjTpy7yBSwBOpFG
+l7QGISfJVEFfjyn7yWBYj5LDGnitlP4TtN8zyy6cJI0CggEAPRwY8ncqq7e8Thmq
+TLkh1E3ZSJYIdQDSGwnhLx4MirpiwAZ5FtFgAugRueF9AxGY7wfEgxXIA3j0q2be
+4nQg4qqEhNNv+LuGGN+xfsQz0gwRB+7XYXlW+gUnGKFTGtCz0+ZjSvv44FEn0R8V
+Fk44qZ02YxpSLo7EG2KNt+h7lk9rl+D1JsKnpH/a3SYkeOrs50OzfMLr6urWGRlv
+UQ9wzOcUlTAuM4uAc/k8FelfaTuuwHZv4qWrM9tcjMXbKS/8wCMcS9hiSBINDUIL
+w7QegL5KetQCFveaTPmmqOWq+xiaSvgsF0qdnqBwZEh5ANZiZtMKmX0sbeT4Ie5A
+OiunuwKCAQBlSlrvDqu9rwzCtdfZUwJtaftbGIGlkhdDYdPFXSIRQ7ZGBPlai/zr
+y3dyNgrpLLb2T2ZlWC3pIGC2vVf/WlLMMVCSmgX2MsGBrOxNOBq57KRjlHhrUGRi
+SAh7cqnuzeHw6+y3uZMhow0Semks4KB5ccLW+NBVvVS14vThdE0TZ7oVA74GCKM3
+Qv34S5kgPh7BRKoUZBUmHL0VbgfWMvUEU7eTh3cmPBteMh9RvbPnmz8iAkP/nDbc
+roJ5UOITrL7QZUdG6XgMvik9DEH6P3Vnk8YLjwnfaw5wDm7wdBWtxqZxcru8nkeA
+ZvaamPDoBtqauExW8xL4xaISlUv1BnrJAoIBAQCiEZk93GeRzYJFCO1YafsGYueX
+Pffgd9wM2TpObgaEw8OIfEpGQKDiR35fb0uVzNyI5fVU5D5tP0b3LfvtQXV12ryQ
+sVTA5YJcb8mRuUGy/AkjL54kNiZthUnlGHQjY3lqSyI1r5WxRIZBBRn5+g1eSZVq
+CYCGjEryKm7vw8Qcvy1+H2crcZ0rRyLTcfFCr1ZXlyEZu48ScOtxcIDHc7j4J0LO
+Peq2z0tbBojGkxFLX94J7zpRkWMPX9VHorEavDv7ZJwtgoXn3Lom0xHhO+JQaxY9
+FtJ79Ps9+SquXAnkhna4bbkrqrPM3+MAAV/S7bd1T1/8d4YiRQyaMHGS4Yr8
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_512 b/ssl/test/axTLS.key_512
new file mode 100644
index 0000000000000000000000000000000000000000..7ae50f23bdc90e48f165aff330220508a99699f5
GIT binary patch
literal 321
zcmV-H0lxk)f&o1O0RRF)0MR=zU#S5?J%(*^zCdnK!AXBtb)hXb<-t7<AR5slZTfW5
zJ|nPj{Ge*y>_Lcx{!|rfVZ|0=xRXKgPd)!Gy#fOP009C)0Fimb?T$65*W6;Z_#YNk
zQ@#a*O7BqLt*OZgemVyg$o&?(z~q?GMVVlAY-DAL#~wAJ%@hSVITaeX4+WM10RkZa
z=<C<0-`J3<JRzh6F>2Ex*d>@xxG0k=x#?fIqh)t}0wDn9_HXM@#5)1QLVZv(dI{VJ
z<#zME>JR1d(>*U^;<!NqApqUavgw?9b&=SA#N9<+P{2Du+98<Z^7}$5uflGNb5#N%
z0K;8s)v|{ZPCF5Jp0h0B#d0-gs!3GYZqw9HExe&OK>{HF#AygqJ2JGkYa5*N@$(u=
Tmj7@iAR3)zxTTMr$9H6O@syE#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_512.pem b/ssl/test/axTLS.key_512.pem
new file mode 100644
index 0000000000..1e2fb41f87
--- /dev/null
+++ b/ssl/test/axTLS.key_512.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPQIBAAJBANE7MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOw
+cPygat7sQYiE/lQVa2HFFmK4k0HxTz3/Lr0CAwEAAQJBAJF5xO2ONajX3GK2+B8W
+VVO+BYNK71DfranJCX46BxXI/Ra7wOSY0UWZYHVsZGWJxx41os0UBTg5FRq4DwWW
+AQECIQDo69eo39iQqjwhpAQxatMh2CWYT7gokyu56V+5o2V3fQIhAOX2b+tQxDsB
+w0J9UDN6CdwI5XbzveoP5fHTPS9j4rhBAiEA3c+y6Zx6dZHYf8TdRV5QwDtB2iGY
+4/L7Qimvwm6Lc1UCIQDDXWrVsocTTjsReJ6zLOHFcjVnqklU2W7T1E8tvKE3QQIh
+AMRpCFM7MrS2axuc8/HzGkqW/3AlIBqdZbilj5zHd2R0
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
new file mode 100644
index 0000000000..8961bd9a59
--- /dev/null
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,B3A0D2BCEF4DE916D0BBA30A6885251B
+
+v8y74AGReaPLmDt6O8wir6hX1Ze8K4fVNkrLqfDMdW5E7jBXKO8riCMNmSjQ9fyh
+eTicej93+8krcIvSXKW18TdO+EWezQevgnLrAZQWaNPH2j4B+K5gm701uiiKFKVa
+1zngAOByePYlN6z4JLbiCyJRhxSo5zCaUYkKC2eGh8mlE64QmokPSCAj0wcCDzGh
+hdhBg1vm0GmaQwIDVn+8zMfahscXVMtBmyQf5YP4PQW2nqOt7aZHjBNdg9qnBpGw
+b6YuY7eZ4FgQvYcsNCi34NroJb9pkTrrF2F9Meb6+3So7jtMFG/YaJdCuXtf01g/
+Qm+XA5pJUtIUr/hLQjhkaOVUtXv/k0o/MR4k5CbAmboLt6YHf5V8+01vk0bvv5dI
+70pVdXMmx26xDZOGmjYzd93PWc+75jak3GN2fbWryQs=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
new file mode 100644
index 0000000000..7671a302fb
--- /dev/null
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,F076229CDC2BCB3B8722E3865855B45C
+
+WFV9QWzr4tNmD+1OeQ7BceQg5LVQHp20Jo1Ax29lq8JTPzeObhtaU2MUHlcPKHUS
+vK4FyQxJ25CyMubbnaZqCCz9pNbseFuJ1tob9UqRmXkZ8HV3snRjJRbcctD+V9x+
+Ymi1GreXoDQtMp0FtMiFjPvIYciBQnaRv2ChMAnGXNbZXCxWWA9E5S3a+yWzo+gd
+wEcowL+SUac1PEDGHokhKn7nctvI9cC4hE6JmKM1sD68/U3rRPXMGqmC7umqyT5P
+gjWBb1uu0iRjFC9eQUsaKPxey5Be710GFlyf/Ff/tep7RhkryIWEPvIzYCBf6rhk
+3pysFgTjfiUuBYUNumjXr/q5hgdtb75788XUDxKwAoUx+m8gi0nJg35CN2nmQ054
+VJxcZlNv0wqnJ+GTTZeN6fiAhTpVtHsqHQomRSfaBiw=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9d27999fa053e524fa4ca893c2d13ce9ed49bb7c
GIT binary patch
literal 1483
zcmXqLVm;2p$ZXKW+RMhN)#lOmotKfFaX}Mn9ZM5y6;Qa$poyspA;q?!i76W>l+MJ+
z0HhKSGK>Z?Y+O(ico-QC_*gicZ@+tPGI5?Z6B7qRLlcv+>xsu7BXuG}7WFyS3yN1O
zJiB%z_haDaFJk>AMt=^4KDj&FlSO0x2d<QxS86g>f3KgsbB{=vL6^R#b?e&OS-QcS
zGCN$<U)|R-j!7>J5|-cmTV%e54S!<I%v}PPV|KXlHLx*$yLR({dh!!ry@wxHbn`4(
zrtp2X+e+Js(du58+nw_ke0kN+V{!Xvi_Fs7aa@776~ZoOpZC!@dwTJu`zsGbFtTzU
zV+vj++iuruakX9a|Bea!8F%F+h9C6ZcjM}8$+$o7GhC~-@P|jAoLB4`x8g`>)2?UI
zWu*`8Kl-TagceQVV7aLOe%rD0rav=xK9;Py<7Mxpy7}0RueYwx?_+3MS>c%f$vi$Y
z>qPY0e-jNE!}i!EIz_nZJDZx%Fa4AynB5}RZoGR%m9)iXor<N;f=u>?9S-~7oa}kp
z&%|qA>g?W->CVE3V>Q*gZY<JRHEFfbz3(d?tL<){;r=Jb)zq$UYu|_DE{+Rn%agu3
z3%yNqDAxJ&KPvBHYVlpK^9Np3U%31K+EVcXONOeVXMz#IUMYO>|2(~y2WNWEVzf?I
z<(U-KKKn^n)b)LfN?Z=|E{NH6jr(|qli}4W=1uv^j~B=u=E~*SW5W}$okLAO`S{IP
zm&N{b_Df#*<hYK*$5%h?%<kN2Ykj=tWHF{M&i$wP)aNUE=q~qX4iZd{IXV|SGrD-v
zIiS8g&5U6OdnH3-iVSmG`@wrZzP^$SjQCnA|78E~>e&uoyfd~wEuSU-w(_`~mv6zJ
zXND(%Y3vJ98Uv=jrz}lO4}rpWf%qmHH!Q_*F){%q7Xk(6VkShcPs!1(#%Z>ogb37L
z{j#quvpMaUTGqUyQ-7E)zkJ$hUr<88Ndd{X+aJDG=s(t#T=rr1MYoSPrQV;Yy}z+m
zy?`~c?A~9^kPHi*)!q-?Fa37Dv_6naZgJ(Ox~e3WYP$wqCBy$MnR+L9v<?`a5ep4p
zld((SiSlf=yCE(gW-`xKRMt!}E(zZ|gL(1NxWndoJkcy0{rF>^ugY2xd#-gtrp&?V
z<qeLLc76U^Q!xA5inNBn{EAOMlBSfKT}l^~i<*1fHfT>%1b_dxY9+VRUwb~ASsUAx
z{&$<{bAPTu(cML_!?$=aJkI&ra-Px8)p5DT#2>Fzt$sAlbPs*aYTIDLJE^z&&fe?l
z^Sk%Vzox!;X90tFQ`-xh6V7XQZrpS%wK>%Iy6xiU|AVYWX5_w_yT7M+A7@N?Xa9pO
zC+yntHF^4$pPv6HK!{B^ccmIv%Zd0HP5-EE{lWK-zxlMywZ@@flle{ob(fXKCWfJZ
z_vby)@(Da^SW$QG_ddtyKiO82(qFgbfBia<K{WUK@v0@8%M9km7`g9Ml!=JFY;&07
z;BMK#GCA+R%hYCcIoDjVkM?JaDL&9)b2@egzt_?YS=tt76H~+8`^8zdojJWSHhA^%
z%R#?3RVlUWC2Fm&Okh&DaIf!hu=-Tp`d@1<h2LteH&Eqmuql|-$1K0EC+O?j|I-Sl
zo!#B%5qNOD*)pRK5gQ#jCfw?r^|sf%cEZyiQ?*+jpV3SZ{+~MIyXvK$Be(3gd@WZ|
zFD@!s%%x_{^-aOxVSa|#GK(|ZzovbydogRlJK+t2D+C@|{!TM|Xc^|NYQ$^#)>rGH
zyBpJ1of*Za&nY)6zS(c*82^(q&7^aotL?qtXSb}Jp<BOf^9f^a&mD!Q4OI=4;R%{k
z)KH8?#Bf{p!<{BM|00^2HDfq4lGuA!Sr`}^C>n6Gv1;=%GfA;Bu!uO$<hdKxZPoGP
cR^P@Mi2?_#oJ#kwaA*sLUsS1SO#mfq04q$GivR!s

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..d04694b1fdfe85f10841cadc6681a121a4c3c7eb
GIT binary patch
literal 347
zcmV-h0i^ygf&o_o0RS)!1_>&LNQU<f0RaI800e>oK`?>=Jpus$0zm-LJ1}3V0YW{7
zZF0UqZc)KWe^+&(EjH!BJr5un(Iaj8bkaT}uyFjKYToQYh=l%B6>DL|7Gk)QLGe#L
z|1P}(0|5X50zm+gdBp9GHK^CzVz&4n7FAQe1%pcOP~WYo$q9Zs2NlTu7Q4XYn9)U<
zV0CO{Wr@cgHKNTF1vohs8n_PymH`0*Apq#>*Qnpvkg7Z(qy#Z)(;?U;m`}JUlPkID
zU%8`YcYOjO0Oj^?>rliy0mDLlP&0Z7+z91%^S$a1<?+)!FJt1kK>{HF-OsY=oO*SU
z*nh;`MP5+AJ3-nZnB(&MLMgApZi{nO0wDmyU24^`hZ9aa5qO@nEaAm+HD{_xRM~FR
t)K4wEp*KMSAppc_2va*Uw6<#-ob&PX8cLS`a3vrbon^SCkDSMMWONLcmL~uJ

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
new file mode 100644
index 0000000000..e07375a848
--- /dev/null
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEA0TswX6kBQj2GbXK+
+QG5RwUl/V3WhLTblwT0PIBrRI236dNI+I7Bw/KBq3uxBiIT+VBVrYcUWYriTQfFP
+Pf8uvQIDAQABAkEAkXnE7Y41qNfcYrb4HxZVU74Fg0rvUN+tqckJfjoHFcj9FrvA
+5JjRRZlgdWxkZYnHHjWizRQFODkVGrgPBZYBAQIhAOjr16jf2JCqPCGkBDFq0yHY
+JZhPuCiTK7npX7mjZXd9AiEA5fZv61DEOwHDQn1QM3oJ3AjldvO96g/l8dM9L2Pi
+uEECIQDdz7LpnHp1kdh/xN1FXlDAO0HaIZjj8vtCKa/CbotzVQIhAMNdatWyhxNO
+OxF4nrMs4cVyNWeqSVTZbtPUTy28oTdBAiEAxGkIUzsytLZrG5zz8fMaSpb/cCUg
+Gp1luKWPnMd3ZHQ=
+-----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ae029dee0fd45e90460d0eacd15f9be1882756ea
GIT binary patch
literal 2089
zcmZXUc{J3G8pmh(F~%Ok8&kYBg)D;*2FVg;ghXY@z7*Bimm!Rd?1M5&G+}5ak!8F_
zUL~QSNLh=qC5Eh7vS05x_ulR~_mAg%pY#1b=lSb<J}3eY5(0*z2(VdhxB}6PxGn&O
zfhh#o5I}$p?Atvk0#Nxo;-(OQ!hNd%0tW31`F8?FNpti5`vX51j1mNRU`q0v_oM3`
zLLfY#SOReU#>aa*<b&boMl-v45~;e*m)|5biB@)h30n6OJX#S)!Bgw3TCJy(pdUw?
zVM`g2w!@~{P2J<(fWkB|L?cATFVb==7Qr5v-51+f1@?0fPE5|9KWyV}_!$Snt{=m3
zgwb$?PfVQ=-c;7Zs;{vfHf}wiNpL@m-ava>^%q)Nk&KD<${~X$Bs$!?=aX(DX0b)`
z2=?1scbxjAy)u@r^s~g4M|A&HpVVc(WGVgvy{ikEfZFkPEVjjJr^EF8KrD`+uRA1g
zxA*y2re}A&5n``vH!1gLMon>80@oAn!BCe`J5Om7!JOHvY0haYo0>t2ZHWFv)gCwC
zcHV-}4cAM&Biz&hD-yA&@oQG74hLy%SFU#=+jVtu(u<Qf!Kaoa&$k(EC3IMsCw(rE
zPr;KtE(JZF5b&zusi5a@E;B`@T-&ALYzZ6VRa9Dk5Q^ujm5)jsH$Yj`y32if$=%Rg
z<0-|8lGI>IS_TQ<xCz;U%l9AnWR|~Fi+k^9C*&m#zTQlI-bWz44L3-MWLP4F9;DV1
zuT7>#f3c@C?6i}42hDFampl%liFBWzzf&J5c<bU0qQKpe-*mZUDNzzOKugV&-SH8P
zrbj7B^hp^%(liuyV_ym-<*#opYp}x|^mUy5ZB>(=<<RHFuqrmn6$QRHSMTAe(8$v7
z-@LjokSJo?<;J=srD`+HJ6KL<@H;0oBW<HOE&)fZnV}l*5>%^P?;lZI3p1Tu!DplU
zM4rNsQuFrc3#-z1@qd+dl9MV4j%g2~-kl!f*tk(>xkQmBR(tPOebymRY#7>NILs^G
zFd-|{;yz<Rqk?jVZDxu%H*vV0kJ!1@av<albh{+R(|842^$fgxoQHiw{6r~tVbQ~K
z<ItD)+zq%YGe24x`rw@d%Hv8>g(q7!s)AB_98U&M**RwaoN8`WRQk2%$o_`8gBYUQ
z>bS?Db1c-A-gmLeY}Ob?-;`}5!ofJtZS#IT860`^oOnbUrpyHd)iXTzc}Xntnd_EA
zzU5U9JWN7Dz-4^pns>eM`I0*SCMnzRuH}%O#6|~pMIl&Wfp@gn^DiZ-!c)6CxQYd)
zJzRNAA*1aW$MR0a5w!1vE6WIu=xKqx@7iUvpuMMs?kTPnQE%qQsw%behcY@}vw**a
z`foo$)*9kjLz9hUoP?ua1DZUDNPw}ee-$X+4*&5eOHBzATjgjS_UgHl-aJqGr={t~
zYP=pu70=og;9j?fi#@8a{zI!-#dZ+&97Xd$&R6z4v+AAQY_#P33i_0F5*2yVfg%t)
z)_nArmLs4ZQR5YVHQ7*<cfyH@^478&QGt9&>}S#SyVn-<_%!7>aQ8Hs*0VQ%t)J|~
zYM9nX7;4R-{w|0$=MJHW5-(c4O~%Dbulq%Bh;Hx)GamO2{@G~$sth9yaULz2oIPXT
z*t$vbEzQ*7lpg)IE#F_XlK&DPd@_c%yi{D8JaGDnF6iLnVfoM?n#C;?0V?%BXrd6H
z`~U&Uvu^|Y1LEfU52$#-5DEeE1Vw=4|3AO()}EQTmcLW}55E8c1n=|Zf<}W~uH4Uo
z9{nEovqoI>)r^n1_hv@)AJ%vEGgA<XL-|Th78#gJxU8P)N}7v=G-04Ulk!SY&^jvL
zW@r2lv6JwhgDup$KIY9$uhXw9);_B=bznQ(hCqQNq&?bY@YlNCt8J~7<=OYeQ)bC8
z*Usm}DMl2jt0{~AjP4K*>*~_PT3j&lA-c@fq-U_6%f2mPey71uU%KCBI%+J9&Aro_
z4B*w4n26|vcZcX8WE&_U0XIty?`^rvdtAi@Fvsm3>>P4m&}3uLbn;s5sM`=7JqPui
zS-mGzw#%6jhKm(xmU1~$5cQrmU6oQZ#>yC1FgAuU7n|qQG0mBRX7WF+kR-PoWkF*G
zVix7BqulQN2=t*;OR02T=~bpiO{+|*TjoSY-+EVCvq$Ws9yukLrI|yP?b$NA9TaX(
zmbgo4-r8v49<fi9r_Qfv{h(EM2>N~hEIpNWB_$2(I=#r?vK^#tNN~s`2UnH##Vi#=
z28)5ZrRXj+K7Q=MqC{}ba_eQ8>4@qxCdKNYjPd0UVU7lN5u5{4j0>Enr6=OGdfOFV
z>N9e~d`$HD0NLT=7J8*SA!dGDkUWFi#F{?9Y8wC8TceHzQzwxlwzkp*b1v>aNi7NU
zm2IUX6$AY*UB|5NmMy1GMaFk9O<wfwjSV)FdX+-nv;J_2=M}M%6UpN8B1y_wCL=>R
z2C*z%H2Xs#Oysq(Q-;Fo{qQzK5D)pTIX)d&`0O7%Z@aDrz)WltjghNu3G$S60F?&5
zkQBF9=)*zbx2k7asM)2?BaI8GmP?=+iOW@e;q>b=$=Su$@b>}_0*>HTII*M%RV?c0
ze+vyis45PKsn({9F;DsLUM9rLJHdV3VQKW!DCF-WF;&UK;vgJI6{H4o0fm9Cfr3H4
z`<oHS5T%NeMZvkbP6|RHhqyq1m|EG{iDfV*GP^eMwK-|VZ?BCK3h?;(36|unm8<{L
G|9=4=O4!W+

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..c4eb54c444ca361efa2c3b4e4d5082607b2bb693
GIT binary patch
literal 1573
zcmZXTc{G#@7{<T(W{jD^5R)Pl-K-<u$TG5)rEFQtB(jZVG>k0G5y$e$Zjfb?Mzm60
zsjiZwDdM^^5@TPYX|cPNopg21y|;VL{o_5)InVQ)_pjdr!DvMgfrMb8PiU-q%HfnH
zF@!Lp3>NA`!9x5^y90v3@}Cj93<irftpX4MYzpgVf`H`ExW7M$A`lQBg}EKq92wQ%
zRS$v~AOQxwsWnbuHnE!~2n^^^tELifPhZ?7B0fA$KYos%egcv9DeU@KN5A~k-oUYf
zyUT%HSry031dhxnC09jT9+co)M$#>iD+9nZxp(!m{a{!^3zqnH?H3?JvYK&a%YB09
zJ2xN64qd9L{rE_p$ONMps@`pG@6EKNnLn~iR>6LRDy*IxtM>K<((D-bE7=NFnBwZm
zVDTkVmMC}syBOh=Jkx0xrI)=3*Ky}{1WKVFJ<xG~E?94}w5Hx5yID`gV=FCtcSgyP
zMz5$5%|Yuz#}0a&Pd%yWOW{hm-9oPG=fDr46Op%}ilB!ZrTa?cc*)V!bI@8a8^<5H
z<3{ryBc$=&p%r0UraO0*#9QZiNh|p>zh8-1K9d~&$_HC({W0Pt@N_i9?)3x-Cqr3T
zePAM(ichfVdaPV7<C!LzTF`gg>n;Cu0cwFN=i_M+Czg!NZ=B0Lz{jy3Y3K9F+L*^p
zHpP`Lof=}%FOqs<b@6i_XKgNp<{5YAADGhZ=$ttg(cnZrFC5<PIrK5X-HMUpP{BA)
z*2<KWzAr4rL=4}_TycIa-N0>{X_La@CG5<S2+Yjd;sCApgxU2Xt)cc|Ow+SusUB8?
zQECkX@CcCKFIGe?%)OQ#!LCWtN|jAZAI!8~#BUL>ckFU13_MfOQ*`js^lXj{zgSo8
zpvvyhZz0}5*o2+_@ZA>_+oOj88U4s=;$?^F*ci`49CnGbkk*(B?PcZZ=S>SPk@3ok
zHW3DNLRD|`myKc0^uUeAjmqung+^{+3d{tGYU^W{TUf3p?UXw03Irn+{{v(hjFd#d
zNc^Ua+dMQ{<R3h72ym0*%|2N2e`>XehcPNg=u$tZMZsW9R|};@aWS!k*BfVEX;Lt;
zHwbaQChOXxWnQcvd&tJ}o4rk5=geN#4DcKsZ(P$Uf9(}#!!S$J_s?VzH-9;@1v}xc
zUqgD9c3ha#A1AHv?NVY#m96HANF?^*G&yWD{q2GmcMsfa{LNbS^SV5igD{Z&Dx$B&
z?{%8u%3LI7ASp-pTao)4cVMLNg%y+2csd-s?%}d4`+cXH&-CM4bxkl%+;P(h+vu6r
z{vMBIBfcqkqD@*{Zdrmeo#r1MQq`(-v;A?#&AeL7!TDihKUhUbdC^4Ug3s4ohYm*6
zy6b@c=5^0<Pt~}q1-`p!@S3qm6FAgZ%n<t{D7KD~^io;0eNr+>()bcf`szv4@9yKC
zxN5m4Qj4KC&t`J`pr#;YGsh~~RY{EiFS$GKk*s2u`sy`QPFeMd5AuLp>V=#eYf|a!
zMt>T)w&M~9LewX345k?d$7SS;>X02`zQ1_yaA;27pcoS{8KQa?2@dfFVp=DbyxP$Z
zy@ShpXm-Z>TlR?dt0i{L`d<&*&dZT?TKZ%|ZsxQQxEgWP_tr8b4IRflERA)mm&3ZA
zqw}F{Ls$bchIiGF()LDiRUGD;5|77bcQ;p!2twN}XQGY1@j!dS6xXL#YfY1tITuQ7
zT?4)x-`W{_OS-hKMK@rylf^LPET?D**hk-8FA{YOZQJ*C$2##>vAjy(joiHwm*>m*
z^mewy#f3g$JhJN>vzJZ@4z@L3lCV1#cs^7<ajL#<44hx_J+X5e)1u8yFcc1#?xZ&i
zFrT|2y6sm?pGsP`O(}hkLe_C%rm9Zqok6`i^?2n5Brz(eRTPf(8x=qM#-8L1?fw^N
z>{gOAia>glIaaGf-=M%rY981iUt!j5GNkddL?9_B$N^yh3D5?-046{KB7q=)0Yq)8
z7hnz?fJl%cghdN!;E|xL5P%|3Be^CIZ5L9{tv0y}@`==V{HJadhB5C~zBA{V$Bz~K
E1>TCewg3PC

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.ya b/ssl/test/axTLS.withoutCA.ya
new file mode 100644
index 0000000000000000000000000000000000000000..9e1bd632a2f3b9e584064412f92364fb120cfe70
GIT binary patch
literal 1576
zcmY+@c|6k%90%~<W}9P-$|g6@EHuZqEb&4@lq5vXIU_vDG2~8Ti{|WL!d#;z6&*^B
zDCO>QKFm2}9Vo{<5szN4=XrXbKfbT;>-G75U*EspUmOLd0tN}-DA12E;k~pYG`<)}
z5L8TojzB2T!R@#gM*-jbHG&mWz>Mwa8W;p@xAb2V5Kayz^7jQ%5DbTa2)PYU5o{IT
zWr4v$Kq3X~iH*)GB%Pgim!ERFOj$QSunT!1Ud2@Hc2dQxKLZhqBuT-h6@^?~_f#Wp
zE4O-^ajUJ*?=w(N|HP(t4J;~F1q;`TrIX^0z3*F{fUO1Vs_6P*?9Awvc^Hkn4R^WM
zp+uZ$#+agM)Kc!^j8RsQ@~*O}sL+Je5OW8=^fsmT(z`xjcQ0!pJ7Wv~vL1<p@O`%)
z%U?|r@*CLLkLpB@WEW(FrF(WS(7_gF=vAWXU9rPY<c==A%&fEkXAZ>fBW88MFENX!
zTHA(;&e6FBA|<wKey+RYv8{8m(Vux=>lFJ(ACwsCVl@^etkfR$g=SW-psrMC3Qx7D
z4Kwq7e5+Msl_z$8OglI0b8iN;)3H>l-;~^skn@H+*hTk^ltp>u)p}_?DKC0$e{$T#
z+HmvFY<>|*smJi!{bAyYNuqgh4BfDLj_d*<g$((onjju_6eDvVHiiu)Ik>U%>Kznh
z3Fc`d-z~zQ8w3%J1YYWpYf<Z*`}3~`SHq4Ns82obnAzZn1eef>E$J(_-gqfIpkb7H
z*>)q4gN~+pg)hns3(+}z7DwM_a&KYkXo)wgaMHU*C&kJzU+--$w@J0wkb#iniVmU4
zwmO-|k;Q92q;)ZaK|C5Z*m*CtEgr_3qQt_N?s!Hz`_dv0Eo-I3jy3BpU5IKd$HVz*
zy>cHvhCR`e5ETz$2SC5Xe2ToAJCFbVZ2v4j!o+FeOI_%J+w0<8S%LQZb#EsJ9#rV3
z{SMJn<95baDG=`kk1Z<|U`bV$f@`a>s<nhbuyF=k6`QCZ5pp$f?*%H3BB1ggki`@M
zB!nWcV>=exE@2q_AD$v0@V4WMZNR1fQ!DUOt=6kM9=rif^`B}X6mVi5d6V&+Vv|#?
z&CPlw{&++2#%pXBWNi3bV_9sHY-hf_{5ZntvpI`7)JNWMh9F6opZ4cA*mwMS)z;IJ
z6);N<V)~9Rift(w+b&nQF#C;PCu4j`nSKLEhk+(q!0A{<&2VJ*22Y=ZCRaUw*tWwW
z?JKFit9fG0(Q@@=utpuQ&O9w!kc>t;<(FG(MIL?<ieKM@nF(x1eff~nOa7kM+XJeP
zt10koc4%tQy|Q!c%<*y|>NVqKTX85=%20BhInebK;6nzqw2p>K&J&|YMMAGJANg?t
z-_+K#6h_EHThXAd0!?cBb&Fex-)WdJ#S?<e@mYqTohTtD>&0RAGv0#J_}wL<h90&i
z!_A9Lr7b)@ZRwJYf;ZUsFTM}bv<+8=O(b_KIbYWiER>mBQ0mqKhOmUelk1UPleJ17
z9P1ShrXjWbLss<x{!76^ZLUt>2bRio{E0c<bjy%*N{`O+C-}Q40y46gV}cGpdd6zq
zYYSSrbmm<nEiSWO-c6$~R5KuM=;nP0FTOWTvzDzZlW<Yn@|0<%ocp;$3ixJ?g_9qC
zix6bA)d;&+k>iYV_Jkv<{%|fr<&0}vd2caL*l~4E{IV!K!SkYyD+4XR=#?O${%KQv
z)@q9zR1WHXn`eA{`c&mH%rln<Y=j1kelrK^#x+Z@+O&UPg`hjiUtzVeY0UH%%^iq-
zpHz1c!luH7Z+6U)wTaCX^75gVOzR)1%FCxV?rSnZdrRL5BeeR?{}}67^Xf1vxGpuK
z4~){^j@tj|r2AjePq}1*i~GuJDJ{_Bx8C4a!2=%0<;=qusW1AjuZf9;?=o)UAuuy2
zayZ@whyGW!FcOb~NaAbhlXW_0H=QU+>TbgR-h%0s2XN}YmL&0V3Nk<lfCmVG2XGz;
z0Kx%(AQ*_)?xw&Y93H2P6NW*t2m!DR6o5!Z<e2ZKy9NReJAkl_4pA3^sI)djsQtKq
MwzR5a>d!~`3!L7-C;$Ke

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
new file mode 100644
index 0000000000000000000000000000000000000000..fc92d056429c92b14fdc609505a5528a38ddd3da
GIT binary patch
literal 475
zcmXqLV!Uq9#OT1p$?)-T`++N8!VeqpvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#G-#ZU>?%f92Ij_I
z27|^<rp88w8xQu2-g~wF#nr#uD^_g2?iRaTEr)08%{|9{9H_YPEiCnirUzd&_cGPG
z7uA*d7EiZs|MFnY#Dp(wpB?0WPLy1!@9w;Hw%na>t7JSY6*W$;@+`i|$?C)O$;UTG
zreV3rM3+B8n;$-Z?C-Lx=WvPT3!e*Dd{h#*I85z1z_p#p(y(<h6Eh<NBeL^=fyNAU
z7q`1gQ0=zliaiZ?+jA!P7$1&VKAlsB(|>l}<|sS2Nm9q#MI#?}#GK1|G;Nj9n?r9a
zx*tqPn=Ep8#%g2J%eAqATyu5`M7USYn40q6C$>rQ=PUlWS*MNEQ%>babX_=L_GM?X
j$<kY90cM_;wp%G0N84SC=b72Oebe`Dmm_h-jw_h};#;++

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
new file mode 100644
index 0000000000..81f3eaf1c4
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAUACCQDxw4fA1PRXwzANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA2OC/Fd7qr+jV/QuoqLPXRl2nJmwMtdm8xvjAeND2VmX4KUgOewumJX7oe3lv
+OOW1t/TgnJFg9AbzQB75kRmpL0dDtZse3PaqHEl5ISjLqklz2QkFTALyTE1sHICn
+FJFE/BKz4efjT0S6jMN0OehM0NRMJGG0QJWMwAq3AjkxhZMCAwEAATANBgkqhkiG
+9w0BAQUFAAOBgQALRyRSfbZjeLyA3YdskEwzw1ynlwkcCU+bbrNaPkaSGseHFVnh
+iFzOauKWqjLswu14i+CQZpMUw5irMzXTfV1RCpy5EFhHepiVZP9MXYIZ+eoPXprL
+Midkym9YitDANvS5YzSl2jZQNknStzohM1s+1l8MmYO3sveLRMRec0GpAg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c0badf7288617f5d618a62e1ad4a1343697a98ca
GIT binary patch
literal 607
zcmXqLVv06sVm!jc$?)-T`++N8!jBm6vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rc8
z{0u;GE~X|%MutNR_TT<>zJSeT^Za|gwm0>UnA?6&&rWT6+_6ixVL4aXImM&<URKY(
z(R%Eli~vi_zL|oyQC6Lwy!(V)*1mkd=KzOy=?d$}qN-vkspi;{?Gs&Ob>>R`J}R!t
z+jA&U_kPRFCBl9a^}ihQSF@EY+r99L$0v8O9WpZ)@!zhFOWnlzWtp*8&m^W2_0?9l
zw)n8tFa2|oB|f!S?S*U#tJV9Eu!NU)c8mVMWhyc4la_L1xyOI0f}@sf*H3S3R=#}F
zSLVfo6y=MD+><xOO?l$g(QP#I6pyLM?FAtY$LH+rVQl@d+VuO9tpD#5l1@LW@KyXZ
z?XJ$YGnby_Gj?rONZQ*fQmwj{iJ6gs5jli_5y#xv$Y7%%R{UjM&z~<$iCOpOTHLl-
zX13O#)auLBi#|qA7WF%dZ2i@=w_J|vQpWV(Vfo5oFY5Py%?LfWG579L8;L-TlY5Po
zy_rL7Ry6)w|M38C+PPyV(vCfEX%Y^;mu4~dqnLzDLb&InW8Lp&W%`?+J34>iH`Cet
R9GogVhX2<0z0YoW4gkCo^O*nu

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
new file mode 100644
index 0000000000..1ed0141afb
--- /dev/null
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWzCCAcQCCQDxw4fA1PRXxDANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMKgv9v6z3AGRLOf3o092S/ENz33Z2tlguOIuh2Apwp2ziHFvul7m9iF
+xsEcEARcvpkRPVo6ifJLjhJErenvvMAIS3WoO1lyenMaGoNddLeRRB0snRn7xRcl
+DYzCYS3fhJmkE06RL/TCTyY9GXa7odRI8kcWuByZog/be15lsgn0pjNKjJICdCer
+Otq0TAV/pfzRBF9lcyboHWQFOu9UVmDp3LsV/9o1GJbyKiNZd0j/GnDFOQbXy7GD
+I9PJTRzo4GQj0cJHY7JelORKiIsymcoMNRTboFRAx5y9jAGF8Ks196Rq/+9gYsvi
+eE0h+pbdLLbM0uZvAYqzIGK9hRR7Ja0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQA8
+L1Zz9K6M/PQCYWrfnTjbPKY2rTB1OvSV0Uwy5KKPQRS1+oK9dx4K0miX+1ZvI1bo
+f7/1aFXOsW3dpTwYUSjJvTMjSwNUPKiB/q/xwA1mzsbIZsbnhIITU95mOJ3xFhgc
+YFdJ4saL7pppTzfOxZ+h9jWbDwgJJAwx/q+O72uE5w==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
new file mode 100644
index 0000000000000000000000000000000000000000..40bbe94fdd8d5fc57dd7463e4e9530b9d661e7c6
GIT binary patch
literal 863
zcmXqLVvaUwVmiXa$?)-T`++N8!jBs8vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rbT
z{0u;GE~X|XMutD?TV}>;ow{Ja^XqY}Kx&Zef|Au{+XOz`xm&ZC_3Bzx*40-wFfQg@
zm%j3gNv(kccj0BVI|(i7yZNjX1&Wq@zCAtZ{?bm~_lp<D{G4MuJ?-#`P4nv}&ka5Q
zbUS<Zo0tg-XXB@*?p*(6ujTinE{DA0luKp4zOG3VT+j21JzXI{I;f$4MLEN=(jT`I
z*NH7Y7WKT8t&;Ek#V00H93I4Q6y7~ML#g%p(eK;T|9O?pd>MDeGtww(0oyI-?vNu6
z^TXM09Ex^dDZ;tar^LMBOeK%H7W;SJ#A{)zrj;<gVere_`nzx0!;fCgWef?Q7yaKS
zr4ilXAY(uEyx9LQQ?JVl>HmnoStPqxZLgEm3zNIDcdNGvx){gK$*>jXI`gWlo-;Cf
zm$Cl}S9azz?Pun<HNR_GJ9*!N<cV){?s2X^Xu(qWe?juSS8-}i@zWmueUUbI-h0KJ
z5uy&?PMplqTzX8kN3OlJOD#mbeQ$xIhncb1t}cG1zKt4ZZWbhdKI9N}R&R;C${X3^
zcV$oS$P89hzs_a;ZQh0%ddt7QsW|&+wsq%Sulf5K=Ffe~RdcS{_)z(b@Jk0B^0iNQ
zZ#ZKq6tV1o6i1HW7F+9THl;_VcQu3m$nDr)b~=9odlr+;S=}dgrxklvq!gZ=_T|t-
zR^JVZ57wCKTHbP-vbyTLp+cb52JRU<&8zAUukL4JW@KPQP9eaA%iP$=P_$vKZRN}p
zU%y;??9-n5HOxaTsQ$C=%SBbY^xh`?Z{Oox^0K1x(P9y)jt<@0`)8M3G1}1{SYvp6
zRmKV7oew&fY_?`jH!!b``uxkyKBpy2JhMHPf8rH?@ed*&W^SAl*1&h%>i3$k++BCg
c{uLH|{+cssT4etA3m$>ump}GawD^_-0G~{BVE_OC

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
new file mode 100644
index 0000000000..b7aed1caba
--- /dev/null
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAsQCCQDxw4fA1PRXxTANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAPwntJldKsrQMAz6410QZVIdoHSrNrYQ8NzdfKMF1a0lBavUsAGjDa5n
+qfQ0fTBAC3HTJtxghCe7DjohEHKk89uXYt+liQ3vo6Nc+Zw9l2bDyLKffpOdVc/l
+tweL7FyQIM1fl2W5r/S9OffFRMJKXiN1HPXrfGYRrwz6B2cgUBtSgI+odwCmdfjb
+Ya4Wo8Za53UGeQ7v0eQ0lEDgXAhx3c2YIoXXxfe2J/5KdZnpXtRJWTJaoAbaQ4tU
+xECfVwbYwltHqRQJuUx0N4DMeQwnKgf3DWHWVqqWdALsAE5utfuOpuHxSoN2AGDz
+ov++GihbiEAcP5XPFv/0ldcfEi/4X9lyHb0mvUIa6DTdHd17thFEM12caD0TCszq
+in8JWVu6M0+oRQcDzIfMn4aD7oKtk76gY5HtbN4Jr8E4BHH/oGPe6l4mQl+W4f3o
+Zp2e7yG5WBVA9sjJbCmlxiWMHod1iiZUJ4e9cEFINjMWuooPIo6xKMzZcGHzwkBa
+zS6kHyTsHcfdHcu4aVMlJ9cKN/aesJgup/XseM3imzuJ3UqfvwCfneUKfM6DM8J3
+mFfSwUBvK8uLsMw5Elim/1oIbBG0PTt7BiLiNd0pU/weuL92y2+QB2oCPM0t5D7L
+IYyoZHHNlvTCkQVNsCHgrDUtOdpGlKt6zzEgUTqwC5i5N3p/w6uPAgMBAAEwDQYJ
+KoZIhvcNAQEEBQADgYEAcrCtPXmZyPX01uNMh2X1VkgmUn/zLemierou7WD/h7xL
+dOl4eeKjFBqIiC19382m1DK4h1F8MceqaMgTueCJpLM7A2cwN3ta8/pGP2yEVhdp
+h10PkdRPF/AU8JmxnFaADsc6+6xWbbrdNv5xcvP1bJKWWW+30EhRF9PxjXiETXc=
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_512.cer b/ssl/test/axTLS.x509_512.cer
new file mode 100644
index 0000000000000000000000000000000000000000..48c6e13aa0af5678668c7d4a3245a3304030f01e
GIT binary patch
literal 406
zcmXqLVw_~q_=ky;;p5@<16RI;A2Q%&<J4;NX#38~$jHjdU|?csWMII?9LmBateIF5
z;uEY8P?VpQnp~pblAn@Zso<PiRFavNnVeXXs^C~!l96AOSyE{rC(dhN288B@h9)M)
zMp5Ft#>R#QM#fOCfsUb=fe6G@UKCReg$x8h;>^OFhDPRk20&<N5QFR}Mpg!9Zw3Po
zCP#*g)&}t_8J%p~a*Osk<OLq|tPd|;sB8B0pe?_G)J5goUnQ69ls6RoS&((_jblg4
zzYx*v#G_(KJ0?4R^tb)5x0i{Tk%1A}Y@mmk8ygw8T<y9KM14K_+%vyx^*)0-Vb=Of
z^Mp;VUh%%N{nBP3u`f~Uw-)Z%{B_zi<u6}KRZ?ae<R5$`QgP~KtDBA7^o#xt*Tp#V
zm}6L1oi7y--zB+a(l70&CztXn9MJDQdVZoyvbRyt?vfp=#N@B8oOG{$>Zk9;ChBUA
P9b0QY{GW6AgzOst>~fQg

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_512.pem b/ssl/test/axTLS.x509_512.pem
new file mode 100644
index 0000000000..8191e489f3
--- /dev/null
+++ b/ssl/test/axTLS.x509_512.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAKRT6LwFr1xedJ
+b4qrvjB+EwV/0p4TNNXUS9S30rMSFvRar7VxvLP1lpYj9PR1JGSZMG/B6hR4yumF
+Rjwel9FPgNcWCW4DXAWqz3UQF7oZtJL6K+XJpQ0gwC+Nxc+RRGNLMlK7dLiqFh/V
+qZLej5Xy93M0JyZBiLV88P+c08gd7A==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
new file mode 100644
index 0000000000..9a75fe960e
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfHMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDo
+g6K2iXFftW+Qk+rrzkMGWrtfY6YSxPstPRrI7akluUEoyWGITXbK6L3QfERrf2eu
+CnWyciQiHVRoHC0EgZUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBT6YhR8x/bBteK
+lr8E0l4mATOnYlsmge+z/SFYs4bDBofqlwQCVJXNSBA4ZsEjgP9qIWTu/85QrVGq
+LrkewSM6Oeh95LGnE+uhJVtIX++O+Hsex3H1UL067dCG99XmDhqbEU9AI6YSZu2p
+cjoSowFELtOoG667+id9QObfV3EQoQ==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
new file mode 100644
index 0000000000..4f3074e011
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfIMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAW
+9PdXa5u4gWi5VB5p/eQmOtteRq9/54JkiEs8cVNrTQgZsjjU1LGedE3JwBqZ1EIW
+HGPjcGg5dVxFjkn7RekCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBmJMt0Crdd/BPn
+EdmzsVXou0zTizTC8wyUPMVpg/KzzP7fhZux/ZIrH9/RVcJd9y+B2/mXc3C+K99+
+TXQoYKsLGArfDPzmpy1wPrdEcB1A9gkWDl1Uq6xRyvrVm3gX8NTITRuGKL9njgWx
+2SrApIBtOOUOinYtfH3745cVVl5HOA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
new file mode 100644
index 0000000000..79eb9ccd68
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfKMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTA1MDYwNzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCmPSs9EceViMZD
+ZTXDZpQWJFcXaeInrXWgYWyVgnHBY/eSuqNCxkV/ehv/Wc5pWBGnrX+4cSvQ+TpQ
+FdZegeOjvgipjtJb/0TJCcvgcdHTntEM0h7VXjfbsJXAHwJPFzWIKxV4jeFXnaaw
+W+YHrj9GQ8PnFmapPuh4h/y6LyHAcg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
new file mode 100644
index 0000000000..fe72b541b2
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfJMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
+MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQApbldYefE8A0ez
+SYvAuCtYxx/2KHwBRD/cR0q7widl9WGjVC/dsnbFo109vHEr3FP1HVYSI0aweiaK
+XZmpUyJ9DprbbWQqaLuDnqIH8X7kfiMuO7/LGQc812iDJI2Akxp9cIlPBFBD8GVx
++0EphzSodDDlLD8bPqLaWTE+8Ydtjw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.cer b/ssl/test/axTLS.x509_device.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c966743c9ca724ecb81928d0f6ad7e62b29eab92
GIT binary patch
literal 401
zcmXqLV(c|&Vl-#sWcYZv{lJwk;l~Vk**LY@JlekVGBUEVG8pI>iW!KoF^95n3G*ga
zg!lw21Qg|Gr6!jc3K<B1#F>RT4UNq841mzkKu(<3zzhh@4Gm39jE$nid5w(?4UCMT
zTmx-GO#^j^X$mN&DY&GTWhSR8IHwksWTs^%CzhldG|oqM3?nN8b7L=qL1QOVV<W>A
zB|csu?fqp62d3^8%Qa9mSYy#4{w;o%qQvxI>(vh>*<B_H1hVnmoqm6d?p9~jehIIu
z3hkWl&RzMZG}&pbclcJJJzTXH?4P|mtG+EI`RW2EkG!w-PS3smW>4W)IqNC%Ho9fI
z%iCXCtE2tbBwl5l92<M$)2Zs!oO4c{R9!iBk2DiABLgF{^MGN+?8qRnJ@DK*r6kRQ
zou!f8d$dn2ktz*-u-<dx)#DCf4@GC2zl%QMx4GT9;@g7M%efZ}Rf5VD`U~Sc_su=`
KLZ@nBTsQzLwv8$P

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
new file mode 100644
index 0000000000..e9cbaaf314
--- /dev/null
+++ b/ssl/test/axTLS.x509_device.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIBjTCCATcCCQDxw4fA1PRXxjANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMDYwNjA3MTE0NDMy
+WhcNMzMxMDIzMTE0NDMyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CIODRIr
+v3YgwJW7Fm0wITCsOIgX9l+aIRiXUzur4RkHRJIQUQYM3ZfftC21QyWPGErVIIcJ
+7s7U/iKTQq1LV7USvAp90D/m7s0ntmRj1aBCSG71f0LnSv1rlA8kzUkU7VuEt0Tt
++iqrW0+sYdUBk11dyPLKe6sJnMrJJamVvBsCAwEAATANBgkqhkiG9w0BAQUFAANB
+ABC3Uc6uImIpcLl1WYu8K8qkGnVT4K9JkdXHQFbhFZs37lvITrOHQ3j2oGXTbdAx
+JFJ3II9xXkm+nc7oLHqhXlc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
+3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
+flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
++UcZ
+-----END CERTIFICATE-----
diff --git a/ssl/test/deutsche_telecom.x509_ca b/ssl/test/deutsche_telecom.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..0f4b96a0d5b66ac34b258e34a8943630d55feacc
GIT binary patch
literal 670
zcmXqLVwz>p#KgRSnTe5!iBZLXmyJ`a&7<u*FC!xhD}zCyA-4f18*?ZNn=q4$tD%g6
z6o|tmEbNk6T2h>xk*W}qnv<HHpR3^LZYXac3zFp)77Nh@2?wVpD})r47MCbEr{<NU
z78xoVD1sC)3rk^W56aI6DsxmYG>{YLwX`%aH?TA`G&V6Xh!W>D1apmyO)Y`kfpAje
zeB^LpWMyD(>}4=$>||<eWVmp5HqQca7Z?8ZiVnr;VIS-=GX!_tH2>7N?y$<5%!OzF
zERzTg``<m^=-}<=6*`u;6B-?tzQ267p;yA@Q4kOJ{O>9Ao-X*XBQfdA{s)V1MQHyO
zWy#)aHLqswC)*oOrXGIdcj#m4Y98-5?oH8;9tM=&_?EauBId2}0&ltI-~KIoDw&uW
z85kEk890CgUzU$Wj73Dm@KODoQ$kaJe=JbA?W-YN=#+TOfFBt2vcfDJ25gLs|CtzB
z4fsF;{6G#13o!QCki7_udS;;C=E@5EntVbwMZq<0PCjey;-LEFE80^xr_VBLt0)o^
z{eRuHSc9>xWA4OP_pWJj^Vlt(S>nKR=8eFEls^UAc3BFke~M!W*vfs)>;B68FPk|v
z8vb08JMyN$t<~qA>juWD7Hh=jyLr9SJ-zpI>PD-l%e+~<`HcU|RG(;Raeo+<;^qYa
DuXy4z

literal 0
HcmV?d00001

diff --git a/ssl/test/equifax.x509_ca b/ssl/test/equifax.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..79b0a3f98764a07fdf6cae1a80eebf704d1f8796
GIT binary patch
literal 646
zcmXqLVrnvIVtl=TnTe5!iIK&CmyJ`a&7<u*FC!xhD}zC>A-4f18*?ZNn=n&ou%V2B
z6o|tmEbLlXnwgeZp%9#!Tw0W>;F*`KXQ*bN0+MAGmPM0Ibt)~+%u6jUR&aLIH8hYD
z=e4vnFf%eVFfjmvC~;mR10*hOENz^R>^DYM2Ij_I27|^<rp88wbNZ5d#J88<o4hhU
zidWp<M2cs|7p0q#SB_-3eb{1pw3S)m*m~Ecih-_<uf-zFjPf4^B&GcP8#rf`%FQox
zo3+}x6fX-|nB?>_<V7vG>GV!Yaq7<?pU|kI{1*OhzjA-*nO>8vdHv|ahSG);D}~qW
z>v(UKw>n<SB8h2(Q1!q5Wz0;>j0}v6(+pA!1lc$f+B_KBemDWcpM{x;f!%-~7^bqq
zjEw(TSPhtglz}`*K$%6tK&(N;tHLNq@OGq_S={}DB4!R*?lnFO4P-$I_*lePuuG#x
zF*DHrrO_*9GYdX@8Rm2L=SrUgyt6)^NzHtwT6QLK`?Zk6vS(+mk-WR5_38uLKS>J9
zTf8GuKR)_7Rnh+ImAVKy_x2FGh=p6X{?K|~_<YadZyP<`9$jCM{WPp<mimkuw<MA0
oC;#Lz3sp8)$a*yO{t^GDHBEbK(z0c?d+R4fo{iFK+GJh{0RBANs{jB1

literal 0
HcmV?d00001

diff --git a/ssl/test/killopenssl.sh b/ssl/test/killopenssl.sh
new file mode 100755
index 0000000000..17950fbaef
--- /dev/null
+++ b/ssl/test/killopenssl.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
new file mode 100755
index 0000000000..57d2a10f8a
--- /dev/null
+++ b/ssl/test/make_certs.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# Generate the certificates and keys for testing.
+#
+
+PROJECT_NAME="axTLS Project"
+
+# Generate the openssl configuration files.
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Dodgy Certificate Authority
+EOF
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME
+ CN                     = 127.0.0.1
+EOF
+
+cat > device_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Device Certificate
+EOF
+
+# private key generation
+openssl genrsa -out axTLS.ca_key.pem 1024
+openssl genrsa -out axTLS.key_512.pem 512
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_2048.pem 2048
+openssl genrsa -out axTLS.key_4096.pem 4096
+openssl genrsa -out axTLS.device_key.pem 1024
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
+
+# convert private keys into DER format
+openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
+openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
+openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
+openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
+
+# cert requests
+openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
+            -config ./ca_cert.conf 
+openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
+            -config ./device_cert.conf
+openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
+            -new -config ./certs.conf -passin pass:abcd
+openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
+            -new -config ./certs.conf -passin pass:abcd
+
+# generate the actual certs.
+openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
+            -sha1 -days 10000 -signkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
+            -md5 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
+            -md5 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
+openssl x509 -req -in axTLS.x509_aes128.req \
+            -out axTLS.x509_aes128.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_aes256.req \
+            -out axTLS.x509_aes256.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# note: must be root to do this
+DATE_NOW=`date`
+if date -s "Jan 1 2025"; then
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
+            -sha1 -CAcreateserial -days 365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+date -s "$DATE_NOW"
+touch axTLS.x509_bad_before.pem
+fi
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
+            -sha1 -CAcreateserial -days -365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# some cleanup
+rm axTLS*.req
+rm axTLS.srl
+rm *.conf
+
+# need this for the client tests
+openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
+openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
+openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
+openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
+openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
+
+# generate pkcs8 files (use RC4-128 for encryption)
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+
+# generate pkcs12 files (use RC4-128 for encryption)
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
+
+# PEM certificate chain
+cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
+
+# set default key/cert for use in the server
+xxd -i axTLS.x509_512.cer | sed -e \
+        "s/axTLS_x509_512_cer/default_certificate/" > ../../ssl/cert.h
+xxd -i axTLS.key_512 | sed -e \
+        "s/axTLS_key_512/default_private_key/" > ../../ssl/private_key.h
diff --git a/ssl/test/microsoft.x509_ca b/ssl/test/microsoft.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..b90803452b6cd92749d3e34c60420fd20e5b1c4f
GIT binary patch
literal 1046
zcmXqLVi7WEV*0g!nTe5!iJ##hL${4hhu}rKZ^>`&I~ee?acZ@Bw0-AgWMpAwFeot8
zHqc~a4rSpMR&vfSs4U7%&nQvQNY+#^w6ru=@Xbsv$}i4OD^YOHFDlS8lrxZlC>BMP
z$uCMQ$;{6)R5XwW$ukQ}AmoGc^Gg&QOG`5Hi!w_p4dldmEzJ!K4Gj#;4S*m@oY%;}
z(8$;j${hd~H8Cn72MZ%B19KB2KZ8LNBNtN>BO}8~ro9IXo>_nLlh&9&y&}%w)uNTX
zs_{SmP4!v4{omY03U)Pti)JtCPcX{9=#*0VZcW+AkXxT#&uNqCpWl+U`Dk`klJYfK
zn|u6>lU__avR^lC)~pP*nHQ{d_Va9wP&?@MoXgH)n$AiM%N1`to1GrF@b8|L6PmcD
zsb*n<Zn@9PnOjn<X9dU@a;S*RU-^8Zw!|~r8Ob6E5v-~6WzB=yzb}73h3S~|<^7?q
zn>!o!TfGUH;<xVa@~Yetzx5Jlrg3U0GK5b^$TZ*WEyQjU_CNafk~A)kWtSSm!ryPR
zjuUGvXSwxl-@1mW|2CYhzqVYeD8}a0o(~+0l?*nswVvFpP%hkhpNW}~fpKx;3WLU_
z291k=@hi*7(m2bYae9M5^o4@=nML!I1M5UK`S$%ky|9S>@z+EkjRPZ-kzwi!?gPD_
zr%RZ=-NC4Gqg?QFOoGw;dEBS%SSNP$pR{_W_~}FVWSy-G+)pIE|8xC}wRO}=vyjYx
zD!KM2&#bz~T65R1*LJ=@LDuenLjDq&2mV}eek>TJ;QuPAdi^TN6WZpgy8BWW3U#US
zColdUBJ)%6<TcUHL2L4yjoAM-iT`+-p2HjXZSTjR<9nYUG5Dik$k`z~Ra46Msw~se
zj|~r)w?u#0c=ts3yHwBPK_T0=Flz|?pK$F1M}OUp=|@+a>pZD?vZDNP*#d?OS@s7n
znRPvI6k1`LC7pHK^x+j5mM1G*Sx!V5Tjcr5@Fs2NTGVs-YKXntS((sf1-FH)+9#LJ
IUw&x;05YnPSO5S3

literal 0
HcmV?d00001

diff --git a/ssl/test/microsoft.x509_ca.pem b/ssl/test/microsoft.x509_ca.pem
new file mode 100644
index 0000000000..478e60b070
--- /dev/null
+++ b/ssl/test/microsoft.x509_ca.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
+KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
+BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
+IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
+cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
+MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
+ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
+7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
+RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
+GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
+IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
+PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
+72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
+aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
+MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
+30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
+kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
+/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
+VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
+BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
+-----END CERTIFICATE-----
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
new file mode 100644
index 0000000000..116a1ba013
--- /dev/null
+++ b/ssl/test/perf_bigint.c
@@ -0,0 +1,218 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file perf_bigint.c
+ *
+ * Some performance testing of bigint.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ssl.h"
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+
+int main(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    RSA_CTX *rsa_ctx;
+    BI_CTX *ctx;
+    bigint *bi_data, *bi_res;
+    int diff, res = 1;
+    struct timeval tv_old, tv_new;
+    const char *plaintext;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+    int i, max_biggie = 10;    /* really crank performance */
+    int len; 
+    uint8_t *buf;
+
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("ssl/test/axTLS.key_512", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("512 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 64);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+
+    /**
+     * 1024 bit key
+     */
+    plaintext = /* 128 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("ssl/test/axTLS.key_1024", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("1024 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 128);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 128) != 0)
+        goto end;
+
+    /**
+     * 2048 bit key
+     */
+    plaintext = /* 256 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("ssl/test/axTLS.key_2048", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("2048 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 256);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 256) != 0)
+        goto end;
+
+    /**
+     * 4096 bit key
+     */
+    plaintext = /* 512 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("ssl/test/axTLS.key_4096", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    gettimeofday(&tv_old, NULL);
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    gettimeofday(&tv_new, NULL);
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("4096 bit encrypt time: %dms\n", diff);
+    TTY_FLUSH();
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("4096 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 512);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 512) != 0)
+        goto end;
+
+    /* done */
+    printf("Bigint performance testing complete\n");
+    res = 0;
+
+end:
+    return res;
+#else
+    return 0;
+#endif
+}
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
new file mode 100644
index 0000000000..7c547ef222
--- /dev/null
+++ b/ssl/test/ssltest.c
@@ -0,0 +1,1714 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * ssltest.c
+ *
+ * The testing of the crypto and ssl stuff goes here. Keeps the individual code
+ * modules from being uncluttered with test code.
+ *
+ * This is test code - I make no apologies for the quality!
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifndef WIN32
+#include <pthread.h>
+#endif
+
+#include "ssl.h"
+
+#define DEFAULT_CERT            "ssl/test/axTLS.x509_512.cer"
+#define DEFAULT_KEY             "ssl/test/axTLS.key_512"     
+//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_SVR_OPTION      0
+#define DEFAULT_CLNT_OPTION     0
+//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+
+static int g_port = 19001;
+
+/**************************************************************************
+ * AES tests 
+ * 
+ * Run through a couple of the RFC3602 tests to verify that AES is correct.
+ **************************************************************************/
+#define TEST1_SIZE  16
+#define TEST2_SIZE  32
+
+static int AES_test(BI_CTX *bi_ctx)
+{
+    AES_CTX aes_key;
+    int res = 1;
+    uint8_t key[TEST1_SIZE];
+    uint8_t iv[TEST1_SIZE];
+
+    {
+        /*
+            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
+            Key       : 0x06a9214036b8a15b512e03d534120006
+            IV        : 0x3dafba429d9eb430b422da802c9fac41
+            Plaintext : "Single block msg"
+            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
+
+        */
+        char *in_str =  "Single block msg";
+        uint8_t ct[TEST1_SIZE];
+        uint8_t enc_data[TEST1_SIZE];
+        uint8_t dec_data[TEST1_SIZE];
+
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "06A9214036B8A15B512E03D534120006");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "E353779C1079AEB82708942DBE77181A");
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
+                enc_data, sizeof(enc_data));
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: AES ENCRYPT #1 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+
+        if (memcmp(dec_data, in_str, sizeof(dec_data)))
+        {
+            fprintf(stderr, "Error: AES DECRYPT #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        /*
+            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
+            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
+            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
+            Plaintext : 0x000102030405060708090a0b0c0d0e0f
+                          101112131415161718191a1b1c1d1e1f
+            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
+                          7586602d253cfff91b8266bea6d61ab1
+        */
+        uint8_t in_data[TEST2_SIZE];
+        uint8_t ct[TEST2_SIZE];
+        uint8_t enc_data[TEST2_SIZE];
+        uint8_t dec_data[TEST2_SIZE];
+
+        bigint *in_bi = bi_str_import(bi_ctx,
+            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
+        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
+                enc_data, sizeof(enc_data));
+
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: ENCRYPT #2 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+        if (memcmp(dec_data, in_data, sizeof(dec_data)))
+        {
+            fprintf(stderr, "Error: DECRYPT #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All AES tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RC4 tests 
+ *
+ * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
+ **************************************************************************/
+static const uint8_t keys[7][30]=
+{
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+    {4,0xef,0x01,0x23,0x45},
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {4,0xef,0x01,0x23,0x45},
+};
+
+static const uint8_t data_len[7]={8,8,8,20,28,10};
+static uint8_t data[7][30]=
+{
+    {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0xff},
+            {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+            {0},
+};
+
+static const uint8_t output[7][30]=
+{
+    {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+    {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+    {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+    {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+        0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+        0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+            0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+            0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+            0x40,0x01,0x1e,0xcf,0x00},
+            {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+            {0},
+};
+
+static int RC4_test(BI_CTX *bi_ctx)
+{
+    int i, res = 1;
+    RC4_CTX s;
+
+    for (i = 0; i < 6; i++)
+    {
+        RC4_setup(&s, &keys[i][1], keys[i][0]);
+        RC4_crypt(&s, data[i], data[i], data_len[i]);
+
+        if (memcmp(data[i], output[i], data_len[i]))
+        {
+            fprintf(stderr, "Error: RC4 CRYPT #%d failed\n", i);
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All RC4 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA1 tests 
+ *
+ * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
+ **************************************************************************/
+static int SHA1_test(BI_CTX *bi_ctx)
+{
+    SHA1_CTX ctx;
+    uint8_t ct[SHA1_SIZE];
+    uint8_t digest[SHA1_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "A9993E364706816ABA3E25717850C26C9CD0D89D");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1Init(&ctx);
+        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: SHA1 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1Init(&ctx);
+        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: SHA1 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA1 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * MD5 tests 
+ *
+ * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
+ **************************************************************************/
+static int MD5_test(BI_CTX *bi_ctx)
+{
+    MD5_CTX ctx;
+    uint8_t ct[MD5_SIZE];
+    uint8_t digest[MD5_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str =  "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx, 
+                "900150983CD24FB0D6963F7D28E17F72");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5Init(&ctx);
+        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: MD5 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5Init(&ctx);
+        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: MD5 #2 failed\n");
+            goto end;
+        }
+    }
+    res = 0;
+    printf("All MD5 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * HMAC tests 
+ *
+ * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
+ **************************************************************************/
+static int HMAC_test(BI_CTX *bi_ctx)
+{
+    uint8_t key[SHA1_SIZE];
+    uint8_t ct[SHA1_SIZE];
+    uint8_t dgst[SHA1_SIZE];
+    int res = 1;
+    const char *key_str;
+
+    const char *data_str = "Hi There";
+    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
+    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #2 failed\n");
+        goto end;
+    }
+   
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
+    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, SHA1_SIZE, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 failed\n");
+        exit(1);
+    }
+
+    res = 0;
+    printf("All HMAC tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+static int BIGINT_test(BI_CTX *ctx)
+{
+    int res = 1;
+    bigint *bi_data, *bi_exp, *bi_res;
+    const char *expnt, *plaintext, *mod;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
+
+    mod = "C30773C8ABE09FCC279EE0E5343370DE"
+          "8B2FFDB6059271E3005A7CEEF0D35E0A"
+          "1F9915D95E63560836CC2EB2C289270D"
+          "BCAE8CAF6F5E907FC2759EE220071E1B";
+
+    expnt = "A1E556CD1738E10DF539E35101334E97"
+          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
+          "F3140F5091CC535CBAA47CEC4159EE1F"
+          "B6A3661AFF1AB758426EAB158452A9B9";
+
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_exp = int_to_bi(ctx, 0x10001);
+    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+
+    bi_data = bi_res;   /* resuse again - see if we get the original */
+
+    bi_exp = bi_str_import(ctx, expnt);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+    bi_free_mod(ctx, 0);
+
+    bi_export(ctx, bi_res, compare, 64);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+
+    printf("All BIGINT tests passed\n");
+    res = 0;
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RSA tests 
+ *
+ * Use the results from openssl to verify PKCS1 etc 
+ **************************************************************************/
+static int RSA_test(void)
+{
+    int res = 1;
+    const char *plaintext = /* 128 byte hex number */
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
+    uint8_t enc_data[128], dec_data[128];
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    bigint *plaintext_bi;
+    bigint *enc_data_bi, *dec_data_bi;
+    uint8_t enc_data2[128], dec_data2[128];
+    int size;
+    int len; 
+    uint8_t *buf;
+
+    /* extract the private key elements */
+    len = get_file("ssl/test/axTLS.key_1024", &buf);
+    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
+    {
+        goto end;
+    }
+
+    free(buf);
+    bi_ctx = rsa_ctx->bi_ctx;
+    plaintext_bi = bi_import(bi_ctx, 
+            (const uint8_t *)plaintext, strlen(plaintext));
+
+    /* basic rsa encrypt */
+    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
+    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
+
+    /* basic rsa decrypt */
+    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
+    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
+
+    if (memcmp(dec_data, plaintext, strlen(plaintext)))
+    {
+        fprintf(stderr, "Error: DECRYPT #1 failed\n");
+        goto end;
+    }
+
+    RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
+    size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
+    if (memcmp("abc", dec_data2, 3))
+    {
+        fprintf(stderr, "Error: ENCRYPT/DECRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_free(rsa_ctx);
+    res = 0;
+    printf("All RSA tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * Cert Testing
+ *
+ **************************************************************************/
+static int cert_tests(void)
+{
+    int res = -1, len;
+    X509_CTX *x509_ctx;
+    SSLCTX *ssl_ctx;
+    uint8_t *buf;
+
+    /* check a bunch of 3rd party certificates */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("ssl/test/microsoft.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #1\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("ssl/test/thawte.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #2\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("ssl/test/deutsche_telecom.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #3\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("ssl/test/equifax.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #4\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    /* Verisign use MD2 which is not supported */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("ssl/test/verisign.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
+                                    X509_VFY_ERROR_UNSUPPORTED_DIGEST)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    if (get_file("ssl/test/verisign.x509_my_cert", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    x509_free(x509_ctx);
+    free(buf);
+    res = 0;        /* all ok */
+    printf("All Certificate tests passed\n");
+
+bad_cert:
+    return res;
+}
+
+/**
+ * init a server socket.
+ */
+static int server_socket_init(int *port)
+{
+    struct sockaddr_in serv_addr;
+    int server_fd;
+    char yes = 1;
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        return -1;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+go_again:
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(*port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        (*port)++;
+        goto go_again;
+    }
+    /* Mark the socket so it will listen for incoming connections */
+    if (listen(server_fd, 3000) < 0)
+    {
+        return -1;
+    }
+
+    return server_fd;
+}
+
+/**
+ * init a client socket.
+ */
+static int client_socket_init(uint16_t port)
+{
+    struct sockaddr_in address;
+    int client_fd;
+
+    address.sin_family = AF_INET;
+    address.sin_port = htons(port);
+    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
+    client_fd = socket(AF_INET, SOCK_STREAM, 0);
+    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
+    {
+        perror("socket");
+        close(client_fd);
+        client_fd = -1;
+    }
+
+    return client_fd;
+}
+
+/**************************************************************************
+ * SSL Server Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    /* not used as yet */
+    int dummy;
+} SVR_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} client_t;
+
+static void do_client(client_t *clnt)
+{
+    char openssl_buf[2048];
+
+    /* make sure the main thread goes first */
+    sleep(0);
+
+    /* show the session ids in the reconnect test */
+    if (strcmp(clnt->testname, "Session Reuse") == 0)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
+            g_port, clnt->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+#ifdef WIN32
+            "-connect localhost:%d -quiet %s",
+#else
+            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
+
+    system(openssl_buf);
+}
+
+static int SSL_server_test(
+        SVR_CTX *svr_test_ctx,
+        const char *testname, 
+        const char *openssl_option, 
+        const char *device_cert, 
+        const char *product_cert, 
+        const char *private_key,
+        const char *ca_cert,
+        const char *password,
+        int axolotls_option)
+{
+    int server_fd, ret = 0;
+    SSLCTX *ssl_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    int clnt_len = sizeof(client_addr);
+    client_t client_data;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    g_port++;
+
+    client_data.testname = testname;
+    client_data.openssl_option = openssl_option;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    if (private_key)
+    {
+        axolotls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    if (private_key)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+
+        if (strstr(private_key, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+
+    if (device_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (product_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (ca_cert)                  /* test adding certificate authorities */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_client, (void *)&client_data);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
+            (LPVOID)&client_data, 0, NULL);
+#endif
+
+    for (;;)
+    {
+        int client_fd, size = 0; 
+        SSL *ssl;
+
+        /* Wait for a client to connect */
+        if ((client_fd = accept(server_fd, 
+                        (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+        {
+            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+            goto error;
+        }
+        
+        /* we are ready to go */
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
+        close(client_fd);
+        
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ret = size;
+
+            if (ret == SSL_ERROR_CONN_LOST)
+            {
+                ret = SSL_OK;
+                continue;
+            }
+
+            break;  /* we've got a problem */
+        }
+        else /* looks more promising */
+        {
+            if (strstr("hello client", read_buf) == NULL)
+            {
+                printf("SSL server test \"%s\" passed\n", testname);
+                TTY_FLUSH();
+                ret = 0;
+                break;
+            }
+        }
+
+        ssl_free(ssl);
+    }
+
+    close(server_fd);
+
+error:
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+int SSL_server_tests(void)
+{
+    int ret = -1;
+    struct stat stat_buf;
+    SVR_CTX svr_test_ctx;
+    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
+
+    printf("### starting server tests\n");
+
+    /* Go through the algorithms */
+
+    /* 
+     * TLS1 client hello 
+     */
+    if ((ret = SSL_server_test(NULL, "TLSv1", "-cipher RC4-SHA -tls1", 
+                    NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES256-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * RC4-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "RC4-SHA", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * RC4-MD5
+     */
+    if ((ret = SSL_server_test(NULL, "RC4-MD5", "-cipher RC4-MD5", 
+                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * Session Reuse
+     * all the session id's should match for session resumption.
+     */
+    if ((ret = SSL_server_test(NULL, "Session Reuse", 
+                    "-cipher RC4-SHA -reconnect", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 512 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "512 bit key", "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_512.cer", NULL, 
+                    "ssl/test/axTLS.key_512",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 1024 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test(NULL, "1024 bit key", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_device.cer", 
+                    "ssl/test/axTLS.x509_512.cer", 
+                    "ssl/test/axTLS.device_key",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 2048 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "2048 bit key", 
+                    "-cipher RC4-SHA",
+                    "ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "ssl/test/axTLS.key_2048",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 4096 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "4096 bit key", 
+                    "-cipher RC4-SHA",
+                    "ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "ssl/test/axTLS.key_4096",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Client Verification
+     */
+    if ((ret = SSL_server_test(NULL, "Client Verification", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ssl/test/axTLS.x509_2048.pem "
+                    "-key ssl/test/axTLS.key_2048.pem ",
+                    NULL, NULL, NULL, 
+                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* this test should fail */
+    if (stat("ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    {
+        if ((ret = SSL_server_test(NULL, "Bad Before Cert", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
+            goto cleanup;
+
+        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
+        TTY_FLUSH();
+        ret = 0;    /* is ok */
+    }
+
+    /* this test should fail */
+    if ((ret = SSL_server_test(NULL, "Bad After Cert", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
+    TTY_FLUSH();
+
+    /* this test should fail */
+    if ((ret = SSL_server_test(NULL, "Bogus cert", "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_crud.cer", NULL,
+                    "ssl/test/axTLS.key_512", NULL,
+                    NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bogus cert");
+    TTY_FLUSH();
+
+    /* this test should fail */
+    if ((ret = SSL_server_test(NULL, "Bogus private key",
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_device.cer", NULL,
+                    "ssl/test/axTLS.crud", NULL,
+                    NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bogus private key");
+    TTY_FLUSH();
+
+    /* 
+     * Key in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Key in PEM format",
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_512.cer", NULL, 
+                    "ssl/test/axTLS.key_512.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Cert in PEM format", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_512.pem", NULL, 
+                    "ssl/test/axTLS.key_512.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert chain in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Cert chain in PEM format", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_device.pem", 
+                    NULL, "ssl/test/axTLS.device_key.pem",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES128 encrypted key", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "ssl/test/axTLS.key_aes128.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES256 Encrypted key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES256 encrypted key", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "ssl/test/axTLS.key_aes256.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted invalid key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES128 encrypted invalid key", 
+                    "-cipher RC4-SHA", 
+                    "ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "ssl/test/axTLS.key_aes128.pem",
+                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
+    TTY_FLUSH();
+
+    /*
+     * PKCS 8 key (encrypted)
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs 8 encrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "ssl/test/axTLS.encrypted.p8", NULL, "abcd",
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS 8 key (unencrypted)
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs 8 unencrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "ssl/test/axTLS.unencrypted.p8", NULL, NULL,
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS 12 key/certificate
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs 12 no CA", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "ssl/test/axTLS.withoutCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test(NULL, "pkcs 12 with CA", "-cipher RC4-SHA", 
+                NULL, NULL, "ssl/test/axTLS.withCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        fprintf(stderr, "Error: A server test failed\n");
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Client Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+#ifndef WIN32
+    pthread_t server_thread;
+#endif
+    int start_server;
+    int stop_server;
+    int do_reneg;
+} CLNT_SESSION_RESUME_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} server_t;
+
+static void do_server(server_t *svr)
+{
+    char openssl_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    sprintf(openssl_buf, "openssl s_server -tls1 " 
+            "-accept %d -quiet %s ", g_port, svr->openssl_option);
+    system(openssl_buf);
+}
+
+static int SSL_client_test(
+        const char *test,
+        SSLCTX **ssl_ctx,
+        const char *openssl_option, 
+        CLNT_SESSION_RESUME_CTX *sess_resume,
+        uint32_t client_options,
+        const char *private_key,
+        const char *password,
+        const char *cert)
+{
+    server_t server_data;
+    SSL *ssl = NULL;
+    int client_fd = -1;
+    uint8_t *session_id = NULL;
+    int ret = 1;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    if (sess_resume == NULL || sess_resume->start_server)
+    {
+        g_port++;
+        server_data.openssl_option = openssl_option;
+
+#ifndef WIN32
+        pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_server, (void *)&server_data);
+        pthread_detach(thread);
+#else
+        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
+            (LPVOID)&server_data, 0, NULL);
+#endif
+    }
+    
+    usleep(200000);           /* allow server to start */
+
+    if (*ssl_ctx == NULL)
+    {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
+        if ((*ssl_ctx = ssl_ctx_new(
+                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto client_test_exit;
+        }
+
+        if (private_key)
+        {
+            int obj_type = SSL_OBJ_RSA_KEY;
+
+            if (strstr(private_key, ".p8"))
+                obj_type = SSL_OBJ_PKCS8;
+            else if (strstr(private_key, ".p12"))
+                obj_type = SSL_OBJ_PKCS12;
+
+            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
+            {
+                ret = SSL_ERROR_INVALID_KEY;
+                goto client_test_exit;
+            }
+        }
+
+        if (cert)                  
+        {
+            if ((ret = ssl_obj_load(*ssl_ctx, 
+                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
+            {
+                printf("could not add cert %s (%d)\n", cert, ret);
+                TTY_FLUSH();
+                goto client_test_exit;
+            }
+        }
+    }
+    
+    if (sess_resume && !sess_resume->start_server) 
+    {
+        session_id = sess_resume->session_id;
+    }
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+    {
+        printf("could not start socket on %d\n", g_port);
+        TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                                        "ssl/test/axTLS.ca_x509.cer", NULL))
+    {
+        printf("could not add cert auth\n");
+        TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id);
+
+    /* check the return status */
+    if ((ret = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    /* renegotiate client */
+    if (sess_resume && sess_resume->do_reneg) 
+    {
+        if (ssl_renegotiate(ssl) < 0)
+            goto client_test_exit;
+    }
+
+    if (sess_resume)
+    {
+        memcpy(sess_resume->session_id, 
+                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
+                                            (ret = ssl_verify_cert(ssl)))
+    {
+        goto client_test_exit;
+    }
+
+    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
+    if (sess_resume)
+    {
+        const uint8_t *sess_id = ssl_get_session_id(ssl);
+        int i;
+
+        printf("    Session-ID: ");
+        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+        {
+            printf("%02X", sess_id[i]);
+        }
+        printf("\n");
+        TTY_FLUSH();
+    }
+
+    ret = 0;
+
+client_test_exit:
+    ssl_free(ssl);
+    close(client_fd);
+    usleep(200000);           /* allow openssl to say something */
+
+    if (sess_resume)
+    {
+        if (sess_resume->stop_server)
+        {
+            ssl_ctx_free(*ssl_ctx);
+            *ssl_ctx = NULL;
+#ifndef WIN32
+            pthread_cancel(sess_resume->server_thread);
+#endif
+        }
+        else if (sess_resume->start_server)
+        {
+#ifndef WIN32
+           sess_resume->server_thread = thread;
+#endif
+        }
+    }
+    else
+    {
+        ssl_ctx_free(*ssl_ctx);
+        *ssl_ctx = NULL;
+#ifndef WIN32
+        pthread_cancel(thread);
+#endif
+    }
+
+    if (ret == 0)
+    {
+        printf("SSL client test \"%s\" passed\n", test);
+        TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+int SSL_client_tests(void)
+{
+    int ret =  -1;
+    SSLCTX *ssl_ctx = NULL;
+    CLNT_SESSION_RESUME_CTX sess_resume;
+    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
+
+    sess_resume.start_server = 1;
+    printf("### starting client tests\n");
+   
+    if ((ret = SSL_client_test("512 bit key", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_512.pem "
+                    "-key ssl/test/axTLS.key_512.pem", &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* all the session id's should match for session resumption */
+    sess_resume.start_server = 0;
+    if ((ret = SSL_client_test("Client session resumption #1", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    sess_resume.do_reneg = 1;
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
+
+    sess_resume.stop_server = 1;
+    if ((ret = SSL_client_test("Client session resumption #2", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_1024.pem "
+                    "-key ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("2048 bit key", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_2048.pem "
+                    "-key ssl/test/axTLS.key_2048.pem",  NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("4096 bit key", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_4096.pem "
+                    "-key ssl/test/axTLS.key_4096.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Server cert chaining", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_device.pem "
+                    "-key ssl/test/axTLS.device_key.pem "
+                    "-CAfile ssl/test/axTLS.x509_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication",
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_2048.pem "
+                    "-key ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "ssl/test/axTLS.key_1024", NULL,
+                    "ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
+     * the certificate verification fails) */
+    if ((ret = SSL_client_test("Expired cert (verify now) should fail!",
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ssl/test/axTLS.key_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify now)\" passed\n");
+    ret = 0;
+
+    /* There is no "ERROR" from openssl */
+    if ((ret = SSL_client_test("Expired cert (verify later) should fail!", 
+                    &ssl_ctx,
+                    "-cert ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ssl/test/axTLS.key_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
+                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        fprintf(stderr, "Error: A client test failed\n");
+
+    return ret;
+}
+
+#if 0
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         1
+#define NUM_THREADS_STR     "1"
+
+static SSL *my_ssls[NUM_THREADS*3];      /* enough for all client fds */
+
+typedef struct
+{
+    SSLCTX *ssl_ctx;
+    int port;
+    int thread_id;
+} multi_t;
+
+int do_connect(multi_t *multi_data)
+{
+    int res = 1, client_fd, i;
+    SSL *ssl = NULL;
+    char tmp[5];
+
+    /* make sure other threads work before this one */
+    if (multi_data->thread_id == NUM_THREADS)
+    {
+        sleep(2);      /* sets the maximum time this test will run */
+    }
+
+    if ((client_fd = client_socket_init(multi_data->port)) < 0)
+        goto client_test_exit;
+    sleep(0);
+
+    ssl = ssl_client_new(multi_data->ssl_ctx, client_fd, NULL);
+
+    if ((res = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    sprintf(tmp, "%d\n", multi_data->thread_id);
+    for (i = 0; i < 100; i++)
+    {
+        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
+    }
+
+    res = 0;
+client_test_exit:
+    ssl_free(ssl);
+    close(client_fd);
+    free(multi_data);
+    return 0;
+}
+
+int multi_thread_test(void)
+{
+    int server_fd;
+    SSLCTX *ssl_server_ctx = NULL;
+    uint8_t buf[1024];
+    pthread_t threads[NUM_THREADS];
+    int i, res = 1;
+    struct sockaddr_in client_addr;
+    int clnt_len = sizeof(client_addr);
+    fd_set read_set;
+    int max_fd;
+    int death_total = 0;
+    SSLCTX *ssl_client_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, 
+            SSL_DEFAULT_CLNT_SESS, NULL);
+
+    printf("Do multi-threading test (takes a minute)\n");
+
+    FD_ZERO(&read_set);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    FD_SET(server_fd, &read_set);
+    max_fd = server_fd;
+
+    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION|SSL_SERVER_VERIFY_LATER, 
+                                    SSL_DEFAULT_SVR_SESS, NULL);
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
+        multi_data->ssl_ctx = ssl_server_ctx;
+        multi_data->port = g_port;
+        multi_data->thread_id = i+1;
+        if (pthread_create(&threads[i], NULL, 
+                (void *(*)(void *))do_connect, (void *)multi_data) < 0)
+            goto error;
+    }
+
+    sleep(1);
+
+    for (;;)
+    {
+        fd_set rdfs = read_set;
+        int n;
+
+        if ((n = select(max_fd+1, &rdfs, NULL, NULL, 0)) > 0)
+        {
+            while (n)
+            {
+                /* check for server */
+                if (FD_ISSET(server_fd, &rdfs))
+                {
+                    int client_fd = accept(server_fd, 
+                                  (struct sockaddr *)&client_addr, &clnt_len);
+
+                    if (client_fd < 0)
+                        goto error;
+
+                    if (client_fd > max_fd)     /* set max fd */
+                    {
+                        max_fd = client_fd;
+                    }
+
+                    my_ssls[client_fd] = ssl_server_new(
+                                    ssl_server_ctx, client_fd);
+                    FD_SET(client_fd, &read_set);
+
+                    if (--n == 0)
+                        continue;
+                }
+
+                i = server_fd;
+
+                while (++i <= max_fd && n)
+                {
+                    if (FD_ISSET(i, &rdfs))
+                    {
+                        SSL *ssl;
+                        ssl = my_ssls[i];
+                        res = ssl_read(ssl, &read_buf);
+                        n--;
+
+                        /* kill the client */
+                        if (res != SSL_OK)
+                        {
+                            if (res == SSL_ERROR_CONN_LOST)
+                            {
+                                ssl_free(ssl);
+                                my_ssls[i] = NULL;
+                                close(i);
+                                FD_CLR(i, &read_set);
+                                death_total++;
+                            }
+                            else if (res > 0)
+                            {
+                                if (strcmp(NUM_THREADS_STR "\n", 
+                                            (const char *)buf) == 0)
+                                {
+                                    sleep(1);   /* allow rest of data */
+                                    goto all_ok;
+                                }
+                            }
+                            else /* some problem */
+                            {
+                                printf("Got some problem %d\n", res);
+                                goto error;
+                            }
+                        } /* if */
+                    } /* if */
+                } /* for */
+            }
+        }
+    }
+
+all_ok:
+    printf("Multi-thread test passed (%d)\n", death_total);
+    res = 0;
+error:
+    ssl_ctx_free(ssl_server_ctx);
+    ssl_ctx_free(ssl_client_ctx);
+    close(server_fd);
+    return res;
+}
+#endif
+
+/**************************************************************************
+ * main()
+ *
+ **************************************************************************/
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    BI_CTX *bi_ctx;
+    int fd;
+
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
+    dup2(fd, 2);                        /* write stderr to this file */
+#else
+    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+    dup2(fd, 2);
+#endif
+    
+    bi_ctx = bi_initialize();
+
+    if (AES_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (RC4_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (MD5_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (SHA1_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (HMAC_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (BIGINT_test(bi_ctx))
+        goto cleanup;
+    TTY_FLUSH();
+
+    bi_terminate(bi_ctx);
+
+    if (RSA_test())
+        goto cleanup;
+    TTY_FLUSH();
+
+    if (cert_tests())
+        goto cleanup;
+    TTY_FLUSH();
+
+    system("sh ssl/test/killopenssl.sh");
+
+    if (SSL_client_tests())
+        goto cleanup;
+
+    system("sh ssl/test/killopenssl.sh");
+
+    if (SSL_server_tests())
+        goto cleanup;
+
+    system("sh ssl/test/killopenssl.sh");
+
+#if 0
+    if (multi_thread_test())
+        goto cleanup;
+
+#endif
+
+    ret = 0;        /* all ok */
+cleanup:
+
+    if (ret)
+    {
+        fprintf(stderr, "Error: Some tests failed!\n");
+    }
+
+    close(fd);
+    return ret;
+}
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
new file mode 100755
index 0000000000..4a22985fde
--- /dev/null
+++ b/ssl/test/test_axssl.sh
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+#
+#  Copyright(C) 2006
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# Test the various axssl bindings
+#
+
+if  [ `uname -s` == "Linux" ]; then
+#    JAVA_BIN=/usr/local/jdk142/bin
+    JAVA_BIN=/usr/lib/java/bin
+    KILL_AXSSL="killall axssl"
+    KILL_CSHARP="killall mono"
+    KILL_PERL="killall /usr/bin/perl"
+    RUN_CSHARP="mono"
+    KILL_JAVA="killall $JAVA_BIN/java"
+else
+    JAVA_BIN="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin"
+    KILL_AXSSL="kill %1"
+    KILL_CSHARP="kill %1"
+    KILL_PERL="kill %1"
+    KILL_JAVA="kill %1"
+fi
+
+SERVER_ARGS="s_server -accept 15001 -verify -CAfile ./ssl/test/axTLS.ca_x509.cer"
+CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile ./ssl/test/axTLS.ca_x509.cer -key ./ssl/test/axTLS.key_1024 -cert ./ssl/test/axTLS.x509_1024.cer"
+
+# check pem arguments
+SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key ./ssl/test/axTLS.key_aes128.pem -cert ./ssl/test/axTLS.x509_aes128.pem"
+CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile ./ssl/test/axTLS.ca_x509.pem -key ./ssl/test/axTLS.key_1024.pem -cert ./ssl/test/axTLS.x509_1024.pem"
+
+export LD_LIBRARY_PATH=.:`perl -e 'use Config; print $Config{archlib};'`/CORE
+
+if [ -x ./axssl ]; then
+echo "############################# C SAMPLE ###########################"
+./axssl $SERVER_ARGS &
+echo "C Test passed" | ./axssl $CLIENT_ARGS
+$KILL_AXSSL
+sleep 1
+
+./axssl $SERVER_PEM_ARGS &
+echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS
+$KILL_AXSSL
+sleep 1
+fi
+
+if [ -f ./axtls.jar ]; then
+echo "########################## JAVA SAMPLE ###########################"
+"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_ARGS &
+echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_ARGS
+$KILL_JAVA
+sleep 1
+
+"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_PEM_ARGS &
+echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
+$KILL_JAVA
+sleep 1
+fi
+
+if [ -x ./axssl.csharp.exe ]; then
+echo "############################ C# SAMPLE ###########################"
+$RUN_CSHARP ./axssl.csharp.exe $SERVER_ARGS &
+echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_ARGS
+sleep 1
+$KILL_CSHARP
+sleep 1
+
+$RUN_CSHARP ./axssl.csharp.exe $SERVER_PEM_ARGS &
+echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS
+sleep 1
+$KILL_CSHARP
+sleep 1
+fi
+
+if [ -x ./axssl.vbnet.exe ]; then
+echo "######################## VB.NET SAMPLE ###########################"
+./axssl.vbnet $SERVER_ARGS &
+sleep 1
+echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS
+kill %1
+sleep 1
+
+./axssl.vbnet $SERVER_PEM_ARGS &
+sleep 1
+echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS
+kill %1
+sleep 1
+fi
+
+if [ -f ./axssl.pl ]; then
+echo "########################## PERL SAMPLE ###########################"
+./axssl.pl $SERVER_ARGS &
+echo "Perl Test passed" | ./axssl.pl $CLIENT_ARGS
+$KILL_PERL
+sleep 1
+
+./axssl.pl $SERVER_PEM_ARGS &
+echo "Perl Test passed" | ./axssl.pl $CLIENT_PEM_ARGS
+$KILL_PERL
+sleep 1
+fi
diff --git a/ssl/test/thawte.x509_ca b/ssl/test/thawte.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..59b1059f84086fa580dc1001303c4db4e070e572
GIT binary patch
literal 811
zcmXqLVpcb3Vw$jknTe5!iILHOmyJ`a&7<u*FC!xhD}zDfIYVv(PB!LH7B*p~C`Ut4
z17Q${LzpK#wYVg;C{MvTu^`n@$Up!j%r49c;wpsXm**ME8c2i0xP(PQG7`&6QWc!@
z^NLGzN;31(6_S$;H4M~1(%i!G&Z$KunQ58Hi6xo&c?!X)MP-@Esl^H|nPr*9KoLVl
z19^~2W?>1aK><anxtXQ8V5O-=3eJvT!(i^_WE7JufT++d1{#)H<WK^3fL?Nbu7R95
zuceuRg@K^~7(|Kl8W|WG83U22rKx4q@bhrveB?M~WMyD(>;=YaCsSi1!zDAbtnTZF
zqUYUebWG~Ec<0FydhNn{8R@BF?(Zc$Os#^xXlJqYTkF3Hd%V7_cb@q7d0SFTnS9@$
z=3Jy0cw_d3^b5OqC$WhXUzvP*x)#Hn7(bppzeI!nd~(UVCFqsMF<)Qz@y}IOZN=N%
zf+J3JvhHmb+)-@5ioN%XlkanfxiaQV%!~|-i-ipY4fugEEGx{&_@9N<fEh?3yBU}c
znSqW~^Ux7H6!GhYSP9RnRq-MApRS**NQjHeGf!43H>=wue#B(wSB};{CmAjN`|kTB
z=H&c*ca+=jgU1BrKYDG@a65VUh*RyJU#lbYu5J(P5PZC(RWiHDX9<tc+Lue#*?&Cj
nnL4ZI=m|U3?Nes%o@7+W{-G`IZGieR-et-^cb{IyF5(0LRxS$7

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_ca b/ssl/test/verisign.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..d2ea1289d6f43b837eb685446af97d942a8d98e6
GIT binary patch
literal 668
zcmXqLVwz#l#Kg!Xps-^4y4y`m_YRsZ@Kf8{UTnb2#;Mij(e|B}k&%g&!Jx6nklTQh
zjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG%(NuNpK6RyX6-tgrpXiC<K%i
z733GE7AyGY<y7h^DEQ?oBo-H!7A58-rxxoO8W|XXbTA8R!i-V~DauUDQ3y^=E-gw0
zQblE{P@{tK^Gg(*9S!8fc@0brj0`Ldz#vMT*9gS5Fful^G_{NxY|d?*j~t$itPISJ
zy}&T-WNK_=n6LQ#sP&|<nex+F<}a8eu(B;OAjhBaM8*Mzu!XBQJ%2l2*m~(8pF%<L
ze5Fs73XhG>`CKd5-@#z5p&(TMr~SNx>{S1)iXw~p883_fotvm7>@WOHLUXNt;H*b_
z|IQe^xO{Hv`^QNljGg@tW>o80?|dhoUHjsH8z1xKWBTV_tO(!D#LURRi0nLIbTb3p
zWwp-Y-R7SHR;@y@?^|{x`0o6ab&@xk`Ta5fEloQwoG`H15dW%Sy}DTBd%Xlc@q%Y{
zucp0BS^d~*a<WyyjF~y}`}t=7nbx)GkJQtNbvM@D_`K2g<0bZ^Y3`429?vv;=phz3
lXGM?UMztI5<<-fYw^|!5);_qj<Mwqi%VXK?eIF|x0RUHq@TmX*

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_ca.pem b/ssl/test/verisign.x509_ca.pem
new file mode 100644
index 0000000000..d5ef5d241b
--- /dev/null
+++ b/ssl/test/verisign.x509_ca.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmDCCAgECECCol67bggLewTagTia9h3MwDQYJKoZIhvcNAQECBQAwgYwxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9y
+IFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylW
+ZXJpU2lnbiBUcmlhbCBTZWN1cmUgU2VydmVyIFRlc3QgUm9vdCBDQTAeFw0wNTAy
+MDkwMDAwMDBaFw0yNTAyMDgyMzU5NTlaMIGMMQswCQYDVQQGEwJVUzEXMBUGA1UE
+ChMOVmVyaVNpZ24sIEluYy4xMDAuBgNVBAsTJ0ZvciBUZXN0IFB1cnBvc2VzIE9u
+bHkuICBObyBhc3N1cmFuY2VzLjEyMDAGA1UEAxMpVmVyaVNpZ24gVHJpYWwgU2Vj
+dXJlIFNlcnZlciBUZXN0IFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAJ8h98U7klaZH5cEn6CSEKmGWVBsTwHIaMAAVqGqCUn7Q9C10sEOIHBznyLy
+eSDjMs5M1nC/iAA7KCASf/yHz0AdlU+1IRSijwHTF/2dYSoTTxP2GCmtL1Ga4i7+
+zDDo086V7+NiFAGJj+CYey47ue4Xa33o/4YOA9PGL87oqFe7AgMBAAEwDQYJKoZI
+hvcNAQECBQADgYEAOq447rP5EDqFEl3vhLhgTbnyaskNYwPvxk+0grnQyDA4sF/q
+gK8nFlnvLmAOF3DmfuqW6WSr4zqTYzpwmJlsn48Om/yWirL8GuWRftit2POxTfHS
+B8VmR+PZx2k24UgWUZyojDGxJtiHd3tjCdqFgTit4NK429cWOcZrh47xeOI=
+-----END CERTIFICATE-----
diff --git a/ssl/test/verisign.x509_my_cert b/ssl/test/verisign.x509_my_cert
new file mode 100644
index 0000000000000000000000000000000000000000..426c9ff7f1c0af7c2376af6a0868cc1429f06347
GIT binary patch
literal 1095
zcmXqLVsSQTVqUX=nTe5!Nx=PkIJd$6<5O-ul|KDSsAZ7>FB_*;n@8JsUPeY%RtAH{
z9z$*ePB!LH7B*p~&|pJx15pr%OPDV#wJ0+<Gd)j7!80#e&(Od?4<x}YtnQXyq!5x?
zT%r(AT2zo<oLa2lpO;gqr=Z}MuaH<=Tw0Wvmz-LxXJ}+#0MfxMtO+wpA*3iXF-IXd
zHMz7X6-X78r9zDg%Fi!RaCS716X!KBGcYtXGXR4q2-n!a$k^1<)H2GTaVL^<9YYOy
z47fmca0oL8=A;-38t{X7>>?aaMVZA(iFv7pk_O@+AubVt#ESf!{1BgDg@B^`tkmQZ
zLs0`^kQBEFkD-B)i9%9li9&X2rJ<F91w_~|B(*5FSRp@6p|m(vA+bcEyu4fw=;F*`
zV5sON=jZAt7ZmH407D`<Q9&bF)4<eF+CUPdmsvyzq!w&rNlr0PtzKS{LF0Vnz-MG-
zU~cRMMnET1V<W@1JCC30y{dWUu};3Q`PhSA<E~sKX&vdF`2q$tDKSA?_-?rH$=+LH
zWO}h}nSDWShjil}##eL0E00fE_ByBRVs@l!!@t=VM3{t+d^(o=Z%c#L{7Jw5lsx<4
zsKj{J|CsrT$;)?(FBO*;O5Lj1KI4T$eZkHNzxIprO-OyX<AnXYGe4P_85tNCH!+qP
zG%*%}(}S!q3zGqZ0XNV;vivM8%uK8c4BSB+c@_r)I|G{qRtqfJ%rZ(!3as??gTsO#
zk*b?ql!F>ZKq+vngJKw%B24vwDh#|p1}Oj&s-uBD8&^V`2V>h0S4MVG149FSHV$nz
zVA5n~ViZ#b8D9)EA5X{|$b!sLWf3zFf$3ysgtM3oOkiwAMivbNH3JnG-+-}A0_yzy
z<l+JpR~zKQR59|fBpSpoj9n0I5NQx@5Gux*nVXoNs-K>jW}s*wZ@|vRs?EpDB*h}q
z|Map{+nV0K?8E09vaWbY=u}JU8K^@10Q5pmetJHN9r|U(U@?$MsF{)(m>{%MIgMNe
zF3gcp;g*^HXwj|JH%sakW^XY%?K}Ip+slNyvt8M1?Uz`5cz$g&-`l2-@0b62`(fXd
z*3a*ARU9g<^p4fEd<fXn`n;x_tFOZPj(O`D$;k#WznmrR{_tfDP+B={)!l=hYVMuv
dFWzaEBw8?qo-|YCxP90BWP6ZnFyD^d69G?mT9W_(

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_my_cert.pem b/ssl/test/verisign.x509_my_cert.pem
new file mode 100644
index 0000000000..5b6c1ffedd
--- /dev/null
+++ b/ssl/test/verisign.x509_my_cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQzCCA6ygAwIBAgIQR/dXCzC/x5Ta5RvL6hKEojANBgkqhkiG9w0BAQUFADCB
+jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
+EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV
+BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgVGVzdCBSb290IENBMB4X
+DTA2MDExNjAwMDAwMFoXDTA2MDEzMDIzNTk1OVowgbkxCzAJBgNVBAYTAkFVMQww
+CgYDVQQIEwNRbGQxETAPBgNVBAcUCEJyaXNiYW5lMRkwFwYDVQQKFBBheG9sb1RM
+UyBQcm9qZWN0MRUwEwYDVQQLFAwxMDI0IGJpdCBrZXkxOjA4BgNVBAsUMVRlcm1z
+IG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUxGzAZ
+BgNVBAMUEnd3dy5heG9sb3Rscy5jby5ucjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAttzj5S7qfOZIrh9xg8bgjTOKbSIbLBuMnxAwfGRcUrQO2EQOHd6kMjXR
+hqY/cG2IG4G8AeqdV3nHlKbrbHbRa1lFgP6b0BQCE8TyxmP+tIAqn5L6/HTm+EEi
+Ad1Pxjeok6e7F6UXHxJltSGHmOhAf3C5kPq/FQ6QZeG4yD/uzPkCAwEAAaOCAXUw
+ggFxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEcGA1UdHwRAMD4wPKA6oDiGNmh0
+dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9TVlJUcmlhbFJvb3QyMDA1
+LmNybDBKBgNVHSAEQzBBMD8GCmCGSAGG+EUBBxUwMTAvBggrBgEFBQcCARYjaHR0
+cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUW
+CWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUW
+I2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEB
+BQUAA4GBACtlCTJFENCcHCQLHJfiotqr2XR+oWu0MstNm8dG6WB+zYprrT+kOPDn
+1rMO7YLx76f67fC+lIXz720kQHk6LsZ8hPBQvIXnfIsKjng73DeFzBmTMFz6Qxjd
++E0FUCKplqrdwUkmR4kH6O4pdGE4AlXJNiUI2903yYdSRVMOuLuR
+-----END CERTIFICATE-----
diff --git a/ssl/tls1.c b/ssl/tls1.c
new file mode 100644
index 0000000000..f3a4a1c5dc
--- /dev/null
+++ b/ssl/tls1.c
@@ -0,0 +1,2041 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Common ssl/tlsv1 code to both the client and server implementations.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "ssl.h"
+
+/* Don't import the default key/certificate if not used */
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+#include "cert.h"
+#include "private_key.h"
+#endif
+         
+/* The session expiry time */
+#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
+
+static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
+static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
+static const char * server_finished = "server finished";
+static const char * client_finished = "client finished";
+
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
+static void set_key_block(SSL *ssl, int is_write);
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
+static int send_raw_packet(SSL *ssl, uint8_t protocol);
+
+/**
+ * The server will pick the cipher based on the order that the order that the
+ * ciphers are listed. This order is defined at compile time.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+{ SSL_RC4_128_SHA };
+#else
+static void session_free(SSL_SESS *ssl_sessions[], int sess_index);
+
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
+#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
+{ SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };    
+#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
+{ SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
+#endif
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/**
+ * The cipher map containing all the essentials for each cipher.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#else
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* AES128-SHA */
+        SSL_AES128_SHA,                 /* AES128-SHA */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+16+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },
+    {   /* AES256-SHA */
+        SSL_AES256_SHA,                 /* AES256-SHA */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+32+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+    /*
+     * This protocol is from SSLv2 days and is unlikely to be used - but was
+     * useful for testing different possible digest algorithms.
+     */
+    {   /* RC4-MD5 */
+        SSL_RC4_128_MD5,                /* RC4-MD5 */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(MD5_SIZE+16),                /* key block size */
+        0,                              /* no padding */
+        MD5_SIZE,                       /* digest size */
+        hmac_md5,                       /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#endif
+
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen);
+static const cipher_info_t *get_cipher_info(uint8_t cipher);
+static void increment_read_sequence(SSL *ssl);
+static void increment_write_sequence(SSL *ssl);
+static void add_hmac_digest(SSL *ssl, int snd,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
+
+/* win32 VC6.0 doesn't have variadic macros */
+#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...) {}
+#endif
+
+/**
+ * Establish a new client/server context.
+ */
+EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+{
+    SSLCTX *ssl_ctx = (SSLCTX *)calloc(1, sizeof (SSLCTX));
+    ssl_ctx->options = options;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl_ctx->num_sessions = num_sessions;
+#endif
+
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+    if (~options & SSL_NO_DEFAULT_KEY)
+    {
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key, 
+                default_private_key_len, NULL);
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                    default_certificate, default_certificate_len, NULL);
+    }
+#endif
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (num_sessions)
+    {
+        ssl_ctx->ssl_sessions = (SSL_SESS **)
+                        calloc(1, num_sessions*sizeof(SSL_SESS *));
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+#endif
+
+    return ssl_ctx;
+}
+
+/*
+ * Remove a client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
+{
+    SSL *ssl;
+    int i;
+
+    if (ssl_ctx == NULL)
+        return;
+
+    ssl = ssl_ctx->sess_head;
+
+    /* clear out all the ssl entries */
+    while (ssl)
+    {
+        SSL *next = ssl->next;
+        ssl_free(ssl);
+        ssl = next;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* clear out all the sessions */
+    for (i = 0; i < ssl_ctx->num_sessions; i++)
+    {
+        session_free(ssl_ctx->ssl_sessions, i);
+    }
+
+    free(ssl_ctx->ssl_sessions);
+#endif
+
+    i = 0;
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
+    {
+        free(ssl_ctx->certs[i].buf);
+        ssl_ctx->certs[i++].buf = NULL;
+    }
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    remove_ca_certs(ssl_ctx->ca_cert_ctx);
+#endif
+    ssl_ctx->chain_length = 0;
+    RSA_free(ssl_ctx->rsa_ctx);
+    RNG_terminate();
+    free(ssl_ctx);
+}
+
+/*
+ * Free any used resources used by this connection.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl)
+{
+    SSLCTX *ssl_ctx;
+
+    if (ssl == NULL)        /* just ignore null pointers */
+        return;
+
+    /* spec says we must notify when we are dying */
+    send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+
+    ssl_ctx = ssl->ssl_ctx;
+
+    /* adjust the server SSL list */
+    if (ssl->prev)
+    {
+        ssl->prev->next = ssl->next;
+    }
+    else
+    {
+        ssl_ctx->sess_head = ssl->next;
+    }
+
+    if (ssl->next)
+    {
+        ssl->next->prev = ssl->prev;
+    }
+    else
+    {
+        ssl_ctx->sess_tail = ssl->prev;
+    }
+
+    /* may already be free - but be sure */
+    free(ssl->all_pkts);
+    free(ssl->final_finish_mac);
+    free(ssl->key_block);
+    free(ssl->encrypt_ctx);
+    free(ssl->decrypt_ctx);
+    free(ssl->master_secret);
+    buf_free(&ssl->bm_buf);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    x509_free(ssl->x509_ctx);
+#endif
+
+    free(ssl);
+}
+
+/*
+ * Read the SSL connection and send any alerts for various errors.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = basic_read(ssl, in_data);
+
+    /* check for return code so we can send an alert */
+    if (ret < SSL_OK)
+    {
+        if (ret != SSL_ERROR_CONN_LOST)
+        {
+            send_alert(ssl, ret);
+#ifndef CONFIG_SSL_SKELETON_MODE
+            /* something nasty happened, so get rid of this session */
+            kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+#endif
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Write application data to the client
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
+{
+
+    int ret = send_packet(ssl, PT_APP_PROTOCOL_DATA, out_data, out_len);
+
+    /* make sure there is no problem with overflow due to padding etc */
+    if (ret > out_len)
+    {
+        ret = out_len;
+    }
+
+    return ret;
+}
+
+/**
+ * Add a certificate to the certificate chain.
+ */
+int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
+    SSL_CERT *ssl_cert;
+    X509_CTX *cert = NULL;
+    int offset;
+
+    while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS) 
+        i++;
+
+    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of certs added - change of "
+                "compile-time configuration required\n");
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &cert)))
+        goto error;
+
+    ssl_cert = &ssl_ctx->certs[i];
+    ssl_cert->size = len;
+    ssl_cert->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_cert->buf, buf, len);
+    ssl_ctx->chain_length++;
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    x509_free(cert);        /* don't need anymore */
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Add a certificate authority.
+ */
+int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED;
+    int i = 0;
+    int offset;
+    X509_CTX *cert = NULL;
+    CA_CERT_CTX *ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
+        i++;
+
+    if (i > CONFIG_X509_MAX_CA_CERTS)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of CA certs added - change of "
+                "compile-time configuration required\n");
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
+        goto error;
+
+    /* make sure the cert is valid */
+    cert = ca_cert_ctx->cert[i];
+    if ((ret = x509_verify(ca_cert_ctx, cert)))
+    {
+        x509_free(cert);        /* get rid of it */
+        ca_cert_ctx->cert[i] = NULL;
+        goto error;
+    }
+
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert_auth(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    return ret;
+}
+
+/*
+ * Retrieve an X.509 distinguished name component
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
+{
+    if (ssl->x509_ctx == NULL)
+        return NULL;
+
+    switch (component)
+    {
+        case SSL_X509_CERT_COMMON_NAME:
+            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CERT_ORGANIZATION:
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_TYPE];
+
+        case SSL_X509_CA_CERT_COMMON_NAME:
+            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CA_CERT_ORGANIZATION:
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_TYPE];
+
+        default:
+            return NULL;
+    }
+}
+
+#endif
+
+/*
+ * Find an ssl object based on the client's file descriptor.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = ssl_ctx->sess_head;
+
+    /* search through all the ssl entries */
+    while (ssl)
+    {
+        if (ssl->client_fd == client_fd)
+            return ssl;
+
+        ssl = ssl->next;
+    }
+
+    return NULL;
+}
+
+/*
+ * Force the client to perform its handshake again.
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+    {
+        ret = do_client_connect(ssl);
+    }
+    else
+#endif
+    {
+        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                g_hello_request, sizeof(g_hello_request));
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Get what we need for key info.
+ * @param cipher    [in]    The cipher information we are after
+ * @param key_size  [out]   The key size for the cipher
+ * @param iv_size   [out]   The iv size for the cipher
+ * @return  The amount of key information we need.
+ */
+static const cipher_info_t *get_cipher_info(uint8_t cipher)
+{
+    int i;
+
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        if (cipher_info[i].cipher == cipher)
+        {
+            return &cipher_info[i];
+        }
+    }
+
+    return NULL;  /* error */
+}
+
+/*
+ * Get a new ssl context for a new connection.
+ */
+SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
+    ssl->ssl_ctx = ssl_ctx;
+    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
+    ssl->bm_buf = buf_new();
+    ssl->client_fd = client_fd;
+    ssl->flag = SSL_NEED_RECORD;
+    ssl->certs = ssl_ctx->certs;
+    ssl->chain_length = ssl_ctx->chain_length;
+#ifdef CONFIG_ENABLE_VERIFICATION
+    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+#endif
+
+    /* a bit hacky but saves a few bytes of memory */
+    ssl->flag |= ssl_ctx->options;
+
+    /* build up a linked list, so we can remove it all later */
+    if (ssl_ctx->sess_head == NULL)
+    {
+        ssl_ctx->sess_head = ssl;
+        ssl_ctx->sess_tail = ssl;
+    }
+    else
+    {
+        ssl->prev = ssl_ctx->sess_tail;
+        ssl_ctx->sess_tail->next = ssl;
+        ssl_ctx->sess_tail = ssl;
+    }
+
+    return ssl;
+}
+
+/*
+ * Add a private key to a context.
+ */
+int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj)
+{
+    int ret = SSL_OK;
+
+    /* get the private key details */
+    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+error:
+    return ret;
+}
+
+/** 
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */     
+static void increment_read_sequence(SSL *ssl)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) 
+    {       
+        if (++ssl->read_sequence[i])
+            break;
+    }
+}
+            
+/**
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */      
+static void increment_write_sequence(SSL *ssl)
+{        
+    int i;                  
+         
+    for (i = 7; i >= 0; i--)
+    {                       
+        if (++ssl->write_sequence[i])
+            break;
+    }                       
+}                           
+/**
+ * Work out the HMAC digest in a packet.
+ */
+static void add_hmac_digest(SSL *ssl, int mode,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
+{
+    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
+    uint8_t *t_ptr = t_buf;
+
+    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence, 8);
+    t_buf += 8;
+
+    memcpy(t_buf, ssl->record_buf, SSL_RECORD_SIZE);
+    t_buf += SSL_RECORD_SIZE;
+
+    memcpy(t_buf, buf, buf_len);
+
+    ssl->cipher_info->hmac(t_ptr, hmac_len, 
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
+            ssl->cipher_info->digest_size, hmac_buf);
+
+#if 0
+    print_blob("record", ssl->record_buf, SSL_RECORD_SIZE);
+    print_blob("buf", buf, buf_len);
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
+    {
+        print_blob("write seq", ssl->write_sequence, 8);
+    }
+    else
+    {
+        print_blob("read seq", ssl->read_sequence, 8);
+    }
+
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
+    {
+        print_blob("server mac", 
+                ssl->server_mac, ssl->cipher_info->digest_size);
+    }
+    else
+    {
+        print_blob("client mac", 
+                ssl->client_mac, ssl->cipher_info->digest_size);
+    }
+    print_blob("hmac", hmac_buf, SHA1_SIZE);
+#endif
+
+    free(t_ptr);
+}
+
+/**
+ * Verify that the digest of a packet is correct.
+ */
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
+{   
+    unsigned char hmac_buf[SHA1_SIZE];
+    int hmac_offset;
+   
+    if (ssl->cipher_info->padding_size)
+    {
+        hmac_offset = read_len-buf[read_len-1]-ssl->cipher_info->digest_size-1;
+    }
+    else
+    {
+        hmac_offset = read_len - ssl->cipher_info->digest_size;
+    }
+
+    /* sanity check the offset */
+    if (hmac_offset < 0)
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    ssl->record_buf[3] = hmac_offset >> 8;      /* insert size */
+    ssl->record_buf[4] = hmac_offset & 0xff;
+
+    add_hmac_digest(ssl, mode, buf, hmac_offset, hmac_buf);
+
+    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    return hmac_offset;
+}
+
+/**
+ * Add a packet to the end of our sent and received packets, so that we may use
+ * it to calculate the hash at the end.
+ */
+void add_packet(SSL *ssl, const uint8_t *pkt, int len)
+{
+    int new_len = ssl->all_pkts_len + len;
+    ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len);
+    memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
+    ssl->all_pkts_len = new_len;
+}
+
+/**
+ * Work out the MD5 PRF.
+ */
+static void p_hash_md5(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_md5(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[MD5_SIZE], seed, seed_len);
+    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > MD5_SIZE)
+    {
+        uint8_t a2[MD5_SIZE];
+        out += MD5_SIZE;
+        olen -= MD5_SIZE;
+
+        /* A(N) */
+        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, MD5_SIZE);
+
+        /* work out the actual hash */
+        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA1 PRF.
+ */
+static void p_hash_sha1(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_sha1(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA1_SIZE], seed, seed_len);
+    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA1_SIZE)
+    {
+        uint8_t a2[SHA1_SIZE];
+        out += SHA1_SIZE;
+        olen -= SHA1_SIZE;
+
+        /* A(N) */
+        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA1_SIZE);
+
+        /* work out the actual hash */
+        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the PRF.
+ */
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen)
+{
+    int len, i;
+    const uint8_t *S1, *S2;
+    uint8_t xbuf[256]; /* needs to be > the amount of key data */
+    uint8_t ybuf[256]; /* needs to be > the amount of key data */
+
+    len = sec_len/2;
+    S1 = sec;
+    S2 = &sec[len];
+    len += (sec_len&1); /* add for odd, make longer */
+
+    p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+    p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+
+    for (i=0; i < olen; i++)
+        out[i] = xbuf[i] ^ ybuf[i];
+}
+
+/**
+ * Generate a master secret based on the client/server random data and the
+ * premaster secret.
+ */
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
+{
+    uint8_t buf[128];   /* needs to be > 13+32+32 in size */
+    strcpy((char *)buf, "master secret");
+    memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE);
+    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
+    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
+            SSL_SECRET_SIZE);
+}
+
+/**
+ * Generate a 'random' blob of data used for the generation of keys.
+ */
+static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
+        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
+{
+    uint8_t buf[128];
+    strcpy((char *)buf, "key expansion");
+    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
+    prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
+}
+
+/** 
+ * Calculate the digest used in the finished message. This function also
+ * doubles up as a certificate verify function.
+ */
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+{
+    unsigned char mac_buf[128]; 
+    unsigned char *q = mac_buf;
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+
+    if (label)
+    {
+        strcpy((char *)q, label);
+        q += strlen(label);
+    }
+
+    MD5Init(&md5_ctx);
+    MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    MD5Final(&md5_ctx, q);
+    q += MD5_SIZE;
+    
+    SHA1Init(&sha1_ctx);
+    SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    SHA1Final(&sha1_ctx, q);
+    q += SHA1_SIZE;
+
+    if (label)
+    {
+        prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
+            digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
+    }
+#if 0
+    printf("label: %s\n", label);
+    print_blob("master secret", ssl->master_secret, 48);
+    print_blob("mac_buf", mac_buf, q-mac_buf);
+    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
+#endif
+}   
+    
+/**
+ * Retrieve (and initialise) the context of a cipher.
+ */
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
+{
+    switch (ssl->cipher)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        case SSL_AES128_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_AES256_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+            break;
+
+        case SSL_RC4_128_MD5:
+#endif
+        case SSL_RC4_128_SHA:
+            {
+                RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
+                RC4_setup(rc4_ctx, key, 16);
+                return (void *)rc4_ctx;
+            }
+            break;
+    }
+
+    return NULL;    /* its all gone wrong */
+}
+
+/**
+ * Send a packet over the socket.
+ */
+static int send_raw_packet(SSL *ssl, uint8_t protocol)
+{
+    uint8_t rec_buf[SSL_RECORD_SIZE];
+    int ret;
+
+    rec_buf[0] = protocol;
+    rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
+    rec_buf[2] = 0x01;
+    rec_buf[3] = ssl->bm_buf.index >> 8;
+    rec_buf[4] = ssl->bm_buf.index & 0xff;
+
+    DISPLAY_BYTES(ssl, "sending %d bytes", rec_buf, 5, 5);
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_buf.data,  
+            ssl->bm_buf.index, ssl->bm_buf.index);
+
+    /* 2 system calls, but what the hell it makes life a lot simpler */
+    ret = SOCKET_WRITE(ssl->client_fd, rec_buf, SSL_RECORD_SIZE);
+
+    if (ret > 0)
+    {
+        ret = SOCKET_WRITE(ssl->client_fd, ssl->bm_buf.data, ssl->bm_buf.index);
+    }
+
+    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
+    ssl->bm_buf.index = 0;
+
+    if (ret < 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+    }
+    else if (protocol != PT_APP_PROTOCOL_DATA)  
+    {
+        /* always return SSL_OK during handshake */   
+        return ret = SSL_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Send an encrypted packet with padding bytes if necessary.
+ */
+int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
+{
+    int msg_length = length;
+    ssl->bm_buf.index = msg_length;
+    buf_grow(&ssl->bm_buf, msg_length+32);
+
+    /* if our state is bad, don't bother */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+    if (in) /* has the buffer already been initialised? */
+    {
+        memcpy(ssl->bm_buf.data, in, length);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
+    {
+        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
+        ssl->record_buf[0] = protocol;
+        ssl->record_buf[3] = length >> 8; 
+        ssl->record_buf[4] = length & 0xff;
+
+        if (protocol == PT_HANDSHAKE_PROTOCOL)
+        {
+            DISPLAY_STATE(ssl, 1, ssl->bm_buf.data[0], 0);
+
+            if (ssl->bm_buf.data[0] != HS_HELLO_REQUEST)
+            {
+                add_packet(ssl, ssl->bm_buf.data, ssl->bm_buf.index);
+            }
+        }
+
+        /* add the packet digest */
+        msg_length += ssl->cipher_info->digest_size;
+        ssl->bm_buf.index = msg_length;
+
+        add_hmac_digest(ssl, mode, ssl->bm_buf.data, length, 
+                                                &ssl->bm_buf.data[length]);
+
+        /* add padding? */
+        if (ssl->cipher_info->padding_size)
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+
+            /* ensure we always have at least 1 padding byte */
+            if (pad_bytes == 0)
+            {
+                pad_bytes += ssl->cipher_info->padding_size;
+            }
+
+            memset(&ssl->bm_buf.data[msg_length], pad_bytes-1, pad_bytes);
+            msg_length += pad_bytes;
+            ssl->bm_buf.index = msg_length;
+        }
+
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_buf.data, msg_length);
+        increment_write_sequence(ssl);
+
+        /* now encrypt the packet */
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_buf.data, 
+                                            ssl->bm_buf.data, msg_length);
+    }
+    else if (protocol == PT_HANDSHAKE_PROTOCOL)
+    {
+        DISPLAY_STATE(ssl, 1, ssl->bm_buf.data[0], 0);
+
+        if (ssl->bm_buf.data[0] != HS_HELLO_REQUEST)
+        {
+            add_packet(ssl, ssl->bm_buf.data, ssl->bm_buf.index);
+        }
+    }
+
+    return send_raw_packet(ssl, protocol);
+}
+
+/**
+ * Work out the cipher keys we are going to use for this session based on the
+ * master secret.
+ */
+static void set_key_block(SSL *ssl, int is_write)
+{
+    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
+    uint8_t *q;
+    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
+    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int key_block_existed = 1;
+
+    /* only do once in a handshake */
+    if (ssl->key_block == NULL)
+    {
+        ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
+
+#if 0
+        print_blob("client", ssl->client_random, 32);
+        print_blob("server", ssl->server_random, 32);
+        print_blob("master", ssl->master_secret, SSL_SECRET_SIZE);
+#endif
+        generate_key_block(ssl->client_random, ssl->server_random,
+            ssl->master_secret, ssl->key_block, ciph_info->key_block_size);
+#if 0
+        print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
+#endif
+        key_block_existed = 0;
+    }
+
+    q = ssl->key_block;
+
+    if ((is_client && is_write) || (!is_client && !is_write))
+    {
+        memcpy(ssl->client_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+
+    if ((!is_client && is_write) || (is_client && !is_write))
+    {
+        memcpy(ssl->server_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+    memcpy(client_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+    memcpy(server_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+
+#ifndef CONFIG_SSL_SKELETON_MODE /* RC4 has no IV */
+    if (ciph_info->iv_size)    
+    {
+        memcpy(client_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+        memcpy(server_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+    }
+#endif
+
+    free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+
+    if (ssl->final_finish_mac == NULL)
+    {
+        ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
+    }
+
+    /* now initialise the ciphers */
+    if (is_client)
+    {
+        finished_digest(ssl, server_finished, ssl->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
+    }
+    else
+    {
+        finished_digest(ssl, client_finished, ssl->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
+    }
+
+    ssl->cipher_info = ciph_info;
+
+    /* clean up if possible */
+    if (key_block_existed)
+    {
+        free(ssl->key_block);
+        ssl->key_block = NULL;
+    }
+}
+
+/**
+ * Read the SSL connection.
+ */
+int basic_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK, version = -1;
+    int read_len, is_record;
+    uint8_t *buf = ssl->bm_buf.data;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_buf.index], 
+                            ssl->need_bytes-ssl->got_bytes);
+
+    /* connection has gone, so die */
+    if (read_len <= 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
+        goto error;
+    }
+
+    DISPLAY_BYTES(ssl, "received %d bytes", 
+            &ssl->bm_buf.data[ssl->bm_buf.index], read_len, read_len);
+
+    ssl->got_bytes += read_len;
+    ssl->bm_buf.index += read_len;
+
+    /* haven't quite got what we want, so try again later */
+    if (ssl->got_bytes < ssl->need_bytes)
+    {
+        return SSL_OK;
+    }
+
+    ssl->got_bytes = 0;
+
+    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
+    {
+        /* check for sslv2 "client hello" TODO: this shouldn't be here. */
+        if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
+        {
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+            DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
+            add_packet(ssl, &buf[2], 3);
+            ret = process_sslv23_client_hello(ssl); 
+#else
+            printf("Error: no SSLv23 handshaking allowed\n");
+            TTY_FLUSH();
+            ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+            goto error; /* not an error - just get out of here */
+        }
+
+        version = (buf[1] << 4) + buf[2];
+        ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* should be 3.1 (TLSv1) */
+        if (version != 0x31) 
+        {
+            /* if we are talking to a client that talks v3.2, then we'll wear
+             * it - we'll respond in v3.1 mode anyway. */
+            if (version < 0x31 || !IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+            {
+                ret = SSL_ERROR_INVALID_VERSION;
+                ssl_display_error(ret);
+                goto error;
+            }
+        }
+
+        CLR_SSL_FLAG(SSL_NEED_RECORD);
+        memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
+        is_record = 1;
+    }
+    else
+    {
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+        ssl->need_bytes = SSL_RECORD_SIZE;
+        is_record = 0;
+    }
+
+    if (is_record)
+    {
+        ssl->record_type = buf[0];
+    }
+    else if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    {
+        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+        read_len = verify_digest(ssl, 
+                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
+
+        /* does the hmac work? */
+        if (read_len < 0)
+        {
+            ret = read_len;
+            goto error;
+        }
+
+        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
+        increment_read_sequence(ssl);
+    }
+
+    /* The main part of the SSL packet */
+    if (!is_record)
+    {
+        switch (ssl->record_type)
+        {
+            case PT_HANDSHAKE_PROTOCOL:
+                ret = do_handshake(ssl, buf, read_len);
+                break;
+
+            case PT_CHANGE_CIPHER_SPEC:
+                if (ssl->next_state != HS_FINISHED)
+                {
+                    ret = SSL_ERROR_INVALID_HANDSHAKE;
+                    goto error;
+                }
+
+                SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+                set_key_block(ssl, 0);
+                memset(ssl->read_sequence, 0, 8);
+                break;
+
+            case PT_APP_PROTOCOL_DATA:
+                *in_data = ssl->bm_buf.data;  /* point to the work buffer */
+                (*in_data)[read_len] = 0;     /* null terminate just in case */
+                ret = read_len;
+                break;
+
+            case PT_ALERT_PROTOCOL:
+                /* return the alert # with alert bit set */
+                ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+                break;
+
+            default:
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+                break;
+        }
+    }
+
+error:
+    ssl->bm_buf.index = 0;        /* reset to go again */
+
+    if (ret < SSL_OK && in_data)  /* if all wrong, then clear this buffer ptr */
+    {
+        *in_data = NULL;
+    }
+
+    return ret;
+}
+
+/**
+ * Do some basic checking of data and then perform the appropriate handshaking.
+ */
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
+{
+    int hs_len = (buf[2]<<8) + buf[3];
+    uint8_t handshake_type = buf[0];
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    /* some integrity checking on the handshake */
+    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
+
+    if (handshake_type != ssl->next_state)
+    {
+        /* handle a special case on the client */
+        if (!is_client || handshake_type != HS_CERT_REQ ||
+                        ssl->next_state != HS_SERVER_HELLO_DONE)
+        {
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            goto error;
+        }
+    }
+
+    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
+    ssl->bm_buf.index = hs_len; /* store the size and check later */
+    DISPLAY_STATE(ssl, 0, handshake_type, 0);
+
+    if (handshake_type != HS_CERT_VERIFY &&
+            handshake_type != HS_HELLO_REQUEST)
+    {
+        add_packet(ssl, buf, hs_len); 
+    }
+
+#if defined(CONFIG_SSL_ENABLE_CLIENT)
+    ret = is_client ? 
+        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
+        do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#else
+    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#endif
+
+    /* just use recursion to get the rest */
+    if (hs_len < read_len && ret == SSL_OK)
+    {
+        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
+    }
+
+error:
+    return ret;
+}
+
+/**
+ * Sends the change cipher spec message. We have just read a finished message
+ * from the client.
+ */
+int send_change_cipher_spec(SSL *ssl)
+{
+    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
+            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
+    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+    set_key_block(ssl, 1);
+    memset(ssl->write_sequence, 0, 8);
+    return ret;
+}
+
+/**
+ * Send a "finished" message
+ */
+int send_finished(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+
+    buf[0] = HS_FINISHED;
+    buf[1] = 0;
+    buf[2] = 0;
+    buf[3] = SSL_FINISHED_HASH_SIZE;
+
+    /* now add the finished digest mac (12 bytes) */
+    finished_digest(ssl, 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                    client_finished : server_finished, &buf[4]);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* store in the session cache */
+    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session->master_secret, 
+                ssl->master_secret, SSL_SECRET_SIZE);
+    }
+#endif
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                                NULL, SSL_FINISHED_HASH_SIZE+4);
+}
+
+/**
+ * Send an alert message.
+ * Return 1 if the alert was an "error".
+ */
+int send_alert(SSL *ssl, int error_code)
+{
+    int alert_num = 0;
+    int is_warning = 0;
+    uint8_t buf[2];
+
+    /* Don't bother we're already dead */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+    {
+        ssl_display_error(error_code);
+    }
+#endif
+
+    switch (error_code)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            is_warning = 1;
+            alert_num = SSL_ALERT_CLOSE_NOTIFY;
+            break;
+
+        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
+            is_warning = 1;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
+            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+        case SSL_ERROR_FINISHED_INVALID:
+            alert_num = SSL_ALERT_BAD_RECORD_MAC;
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            alert_num = SSL_ALERT_INVALID_VERSION;
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+        case SSL_ERROR_NO_CIPHER:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        default:
+            /* a catch-all for any badly verified certificates */
+            alert_num = (error_code <= SSL_X509_OFFSET) ?  
+                SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
+            break;
+    }
+
+    buf[0] = is_warning ? 1 : 2;
+    buf[1] = alert_num;
+
+    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
+    DISPLAY_ALERT(ssl, alert_num);
+    return is_warning ? 0 : 1;
+}
+
+/**
+ * Process a client finished message.
+ */
+int process_finished(SSL *ssl, int hs_len)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
+
+    PARANOIA_CHECK(ssl->bm_buf.index, SSL_FINISHED_HASH_SIZE+4);
+
+    /* check that we all work before we continue */
+    if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+    {
+        return SSL_ERROR_FINISHED_INVALID;
+    }
+
+    if ((!is_client && !resume) || (is_client && resume))
+    {
+        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+        {
+            ret = send_finished(ssl);
+        }
+    }
+
+    /* Don't need this stuff anymore */
+    free(ssl->all_pkts);
+    ssl->all_pkts = NULL;
+    ssl->all_pkts_len = 0;
+
+    free(ssl->master_secret);
+    ssl->master_secret = NULL;
+
+    free(ssl->final_finish_mac);
+    ssl->final_finish_mac = NULL;
+
+    /* if we ever renegotiate */
+    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
+    ssl->hs_status = ret;  /* set the final handshake status */
+
+error:
+    return ret;
+}
+
+/**
+ * Send a certificate.
+ */
+int send_certificate(SSL *ssl)
+{
+    int i = 0;
+    uint8_t *buf = ssl->bm_buf.data;
+    int offset = 7;
+    int chain_length;
+
+    buf[0] = HS_CERTIFICATE;
+    buf[1] = 0;
+    buf[4] = 0;
+    buf[7] = 0;
+
+    while (i < ssl->chain_length)
+    {
+        SSL_CERT *cert = &ssl->certs[i];
+        buf[offset++] = 0;        
+        buf[offset++] = cert->size >> 8;        /* cert 1 length */
+        buf[offset++] = cert->size & 0xff;
+        buf_grow(&ssl->bm_buf, offset + cert->size);
+        memcpy(&buf[offset], cert->buf, cert->size);
+        offset += cert->size;
+        i++;
+    }
+
+    chain_length = offset - 7;
+    buf[5] = chain_length >> 8;        /* cert chain length */
+    buf[6] = chain_length & 0xff;
+    chain_length += 3;
+    buf[2] = chain_length >> 8;        /* handshake length */
+    buf[3] = chain_length & 0xff;
+
+    ssl->bm_buf.index = offset;
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
+/**
+ * Find if an existing session has the same session id. If so, use the
+ * master secret from this session for session resumption.
+ */
+SSL_SESS *ssl_session_update(int max_sessions, 
+        SSL_SESS *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id)
+{
+    time_t tm = time(NULL);
+    time_t oldest_sess_time = tm;
+    SSL_SESS *oldest_sess = NULL;
+    int i;
+
+    /* no sessions? Then bail */
+    if (max_sessions == 0)
+    {
+        return NULL;
+    }
+
+    if (session_id)
+    {
+        for (i = 0; i < max_sessions; i++)
+        {
+            if (ssl_sessions[i])
+            {
+                /* kill off any expired sessions */
+                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
+                {
+                    session_free(ssl_sessions, i);
+                    continue;
+                }
+
+                /* if the session id matches, it must still be less than 
+                   the expiry time */
+                if (memcmp(ssl_sessions[i]->session_id, session_id,
+                                                SSL_SESSION_ID_SIZE) == 0)
+                {
+                    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
+                    ssl->session_index = i;
+                    memcpy(ssl->master_secret, 
+                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
+                    SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    return ssl_sessions[i];  /* a session was found */
+                }
+            }
+        }
+    }
+
+    /* If we've got here, no matching session was found - so create one */
+    for (i = 0; i < max_sessions; i++)
+    {
+        if (ssl_sessions[i] == NULL)
+        {
+            /* perfect, this will do */
+            ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
+            ssl_sessions[i]->conn_time = tm;
+            ssl->session_index = i;
+            return ssl_sessions[i]; /* return the session object */
+        }
+        else if (ssl_sessions[i]->conn_time < oldest_sess_time)
+        {
+            /* find the oldest session */
+            oldest_sess_time = ssl_sessions[i]->conn_time;
+            oldest_sess = ssl_sessions[i];
+            ssl->session_index = i;
+        }
+    }
+
+    /* ok, we've used up all of our sessions. So blow the oldest session away */
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    return oldest_sess;
+}
+
+/**
+ * Free an existing session.
+ */
+static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
+{
+    if (ssl_sessions[sess_index])
+    {
+        free(ssl_sessions[sess_index]);
+        ssl_sessions[sess_index] = NULL;
+    }
+}
+
+/**
+ * This ssl object doesn't want this session anymore.
+ */
+void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
+{
+    if (ssl->ssl_ctx->num_sessions)
+    {
+        session_free(ssl_sessions, ssl->session_index);
+        ssl->session = NULL;
+    }
+}
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/*
+ * Get the session id for a handshake. This will be a 32 byte sequence.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
+{
+    return ssl->session_id;
+}
+
+/*
+ * Return the cipher id (in the SSL form).
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
+{
+    return ssl->cipher;
+}
+
+/*
+ * Return the status of the handshake.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl)
+{
+    return ssl->hs_status;
+}
+
+/*
+ * Retrieve various parameters about the SSL engine.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset)
+{
+    switch (offset)
+    {
+        /* return the appropriate build mode */
+        case SSL_BUILD_MODE:
+#if defined(CONFIG_SSL_FULL_MODE)
+            return SSL_BUILD_FULL_MODE;
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+            return SSL_BUILD_ENABLE_CLIENT;
+#elif defined(CONFIG_ENABLE_VERIFICATION)
+            return SSL_BUILD_ENABLE_VERIFICATION;
+#elif defined(CONFIG_SSL_SERVER_ONLY )
+            return SSL_BUILD_SERVER_ONLY;
+#else 
+            return SSL_BUILD_SKELETON_MODE;
+#endif
+
+        case SSL_MAX_CERT_CFG_OFFSET:
+            return CONFIG_SSL_MAX_CERTS;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_MAX_CA_CERT_CFG_OFFSET:
+            return CONFIG_X509_MAX_CA_CERTS;
+#endif
+#ifdef CONFIG_SSL_HAS_PEM
+        case SSL_HAS_PEM:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Authenticate a received certificate.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
+{
+    int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+
+    if (ret)        /* modify into an SSL error type */
+    {
+        ret = SSL_X509_ERROR(ret);
+    }
+
+    return ret;
+}
+
+/**
+ * Process a certificate message.
+ */
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
+{
+    int ret = SSL_OK;
+    int pkt_size = ssl->bm_buf.index;
+    int cert_size, offset = 5;
+    int total_cert_size = (ssl->bm_buf.data[offset]<<8) + 
+                ssl->bm_buf.data[offset+1];
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    X509_CTX **chain = x509_ctx;
+    offset += 2;
+
+    PARANOIA_CHECK(total_cert_size, offset);
+
+    while (offset < total_cert_size)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (ssl->bm_buf.data[offset]<<8) + ssl->bm_buf.data[offset+1];
+        offset += 2;
+        
+        if (x509_new(&ssl->bm_buf.data[offset], NULL, chain))
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+
+        chain = &((*chain)->next);
+        offset += cert_size;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* if we are client we can do the verify now or later */
+    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
+    {
+        ret = ssl_verify_cert(ssl);
+    }
+
+    DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
+    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+error:
+    return ret;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Debugging routine to display SSL handshaking stuff.
+ */
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Debugging routine to display SSL states.
+ */
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
+{
+    const char *str;
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
+    printf(is_send ? "sending " : "receiving ");
+
+    switch (state)
+    {
+        case HS_HELLO_REQUEST:
+            str = "Hello Request (0)";
+            break;
+
+        case HS_CLIENT_HELLO:
+            str = "Client Hello (1)";
+            break;
+
+        case HS_SERVER_HELLO:
+            str = "Server Hello (2)";
+            break;
+
+        case HS_CERTIFICATE:
+            str = "Certificate (11)";
+            break;
+
+        case HS_SERVER_KEY_XCHG:
+            str = "Certificate Request (12)";
+            break;
+
+        case HS_CERT_REQ:
+            str = "Certificate Request (13)";
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            str = "Server Hello Done (14)";
+            break;
+
+        case HS_CERT_VERIFY:
+            str = "Certificate Verify (15)";
+            break;
+
+        case HS_CLIENT_KEY_XCHG:
+            str = "Client Key Exchange (16)";
+            break;
+
+        case HS_FINISHED:
+            str = "Finished (16)";
+            break;
+
+        default:
+            str = "Error (Unknown)";
+            
+            break;
+    }
+
+    printf("%s\n", str);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display X509 certificates.
+ */
+void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
+        return;
+
+    x509_print(ssl->ssl_ctx->ca_cert_ctx, x509_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display RSA objects
+ */
+void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
+        return;
+
+    RSA_print(rsa_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking bytes.
+ */
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    va_list(ap);
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
+        return;
+
+    va_start(ap, size);
+    print_blob(format, data, size, va_arg(ap, char *));
+    va_end(ap);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking errors.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code)
+{
+    if (error_code == SSL_OK)
+        return;
+
+    printf("Error: ");
+
+    /* X509 error? */
+    if (error_code < SSL_X509_OFFSET)
+    {
+        x509_display_error(error_code - SSL_X509_OFFSET);
+        printf("\n");
+        return;
+    }
+
+    /* SSL alert error code */
+    if (error_code > SSL_ERROR_CONN_LOST)
+    {
+        printf("SSL error %d\n", -error_code);
+        return;
+    }
+
+    switch (error_code)
+    {
+        case SSL_ERROR_DEAD:
+            printf("connection dead");
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+            printf("invalid handshake");
+            break;
+
+        case SSL_ERROR_INVALID_PROT_MSG:
+            printf("invalid protocol message");
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            printf("invalid mac");
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            printf("invalid session");
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            printf("no cipher");
+            break;
+
+        case SSL_ERROR_CONN_LOST:
+            printf("connection lost");
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ERROR_INVALID_KEY:
+            printf("invalid key");
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+            printf("finished invalid");
+            break;
+
+        case SSL_ERROR_NO_CERT_DEFINED:
+            printf("no certificate defined");
+            break;
+
+        case SSL_ERROR_NOT_SUPPORTED:
+            printf("Option not supported");
+            break;
+
+        default:
+            printf("undefined as yet - %d", error_code);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display alerts.
+ */
+void DISPLAY_ALERT(SSL *ssl, int alert)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf("Alert: ");
+
+    switch (alert)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            printf("close notify");
+            break;
+
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNEXPECTED_MESSAGE:
+            printf("unexpected message");
+            break;
+
+        case SSL_ALERT_BAD_RECORD_MAC:
+            printf("bad record mac");
+            break;
+
+        case SSL_ALERT_HANDSHAKE_FAILURE:
+            printf("handshake failure");
+            break;
+
+        case SSL_ALERT_ILLEGAL_PARAMETER:
+            printf("illegal parameter");
+            break;
+
+        case SSL_ALERT_DECODE_ERROR:
+            printf("decode error");
+            break;
+
+        case SSL_ALERT_DECRYPT_ERROR:
+            printf("decrypt error");
+            break;
+
+        default:
+            printf("alert - (unknown %d)", alert);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+#endif /* CONFIG_SSL_FULL_MODE */
+
+/**
+ * Enable the various language bindings to work regardless of the
+ * configuration - they just return an error statement and a bad return code.
+ */
+#if !defined(CONFIG_SSL_FULL_MODE)
+EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
+#endif
+
+#ifdef CONFIG_BINDINGS
+#if !defined(CONFIG_SSL_ENABLE_CLIENT)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, 
+                        int client_fd, const uint8_t *session_id)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+#endif
+
+#if !defined(CONFIG_SSL_CERT_VERIFICATION)
+EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
+{
+    printf(unsupported_str);
+    return -1;
+}
+
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
+
+#endif /* CONFIG_BINDINGS */
+
diff --git a/ssl/tls1.h b/ssl/tls1.h
new file mode 100644
index 0000000000..be8cc1f957
--- /dev/null
+++ b/ssl/tls1.h
@@ -0,0 +1,249 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file tls1.h
+ *
+ * @brief The definitions for the TLS library.
+ */
+#ifndef HEADER_SSL_LIB_H
+#define HEADER_SSL_LIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SSL_RANDOM_SIZE             32
+#define SSL_SECRET_SIZE             48
+#define SSL_FINISHED_HASH_SIZE      12
+#define SSL_RECORD_SIZE             5
+#define SSL_SERVER_READ             0
+#define SSL_SERVER_WRITE            1
+#define SSL_CLIENT_READ             2
+#define SSL_CLIENT_WRITE            3
+#define SSL_HS_HDR_SIZE             4
+
+/* the flags we use while establishing a connection */
+#define SSL_NEED_RECORD             0x0001
+#define SSL_TX_ENCRYPTED            0x0002 
+#define SSL_RX_ENCRYPTED            0x0004
+#define SSL_SESSION_RESUME          0x0008
+#define SSL_IS_CLIENT               0x0010
+#define SSL_HAS_CERT_REQ            0x0020
+
+/* some macros to muck around with flag bits */
+#define SET_SSL_FLAG(A)             (ssl->flag |= A)
+#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
+#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
+
+#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+
+#ifdef CONFIG_SSL_SKELETON_MODE
+#define NUM_PROTOCOLS               1
+#else
+#define NUM_PROTOCOLS               4
+#endif
+
+#define PARANOIA_CHECK(A, B)        if (A < B) { \
+    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
+
+/* protocol types */
+enum
+{
+    PT_CHANGE_CIPHER_SPEC = 20,
+    PT_ALERT_PROTOCOL,
+    PT_HANDSHAKE_PROTOCOL,
+    PT_APP_PROTOCOL_DATA
+};
+
+/* handshaking types */
+enum
+{
+    HS_HELLO_REQUEST,
+    HS_CLIENT_HELLO,
+    HS_SERVER_HELLO,
+    HS_CERTIFICATE = 11,
+    HS_SERVER_KEY_XCHG,
+    HS_CERT_REQ,
+    HS_SERVER_HELLO_DONE,
+    HS_CERT_VERIFY,
+    HS_CLIENT_KEY_XCHG,
+    HS_FINISHED = 20
+};
+
+typedef struct 
+{
+    uint8_t cipher;
+    uint8_t key_size;
+    uint8_t iv_size;
+    uint8_t key_block_size;
+    uint8_t padding_size;
+    uint8_t digest_size;
+    hmac_func hmac;
+    crypt_func encrypt;
+    crypt_func decrypt;
+} cipher_info_t;
+
+struct _SSLObjLoader 
+{
+    uint8_t *buf;
+    int len;
+};
+
+typedef struct _SSLObjLoader SSLObjLoader;
+
+typedef struct 
+{
+    time_t conn_time;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+} SSL_SESS;
+
+typedef struct
+{
+    uint8_t *buf;
+    int size;
+} SSL_CERT;
+
+struct _SSL
+{
+    uint32_t flag;
+    uint16_t need_bytes;
+    uint16_t got_bytes;
+    uint8_t record_type;
+    uint8_t chain_length;
+    uint8_t cipher;
+    int16_t next_state;
+    int16_t hs_status;
+    uint8_t *all_pkts; 
+    int all_pkts_len;
+    int client_fd;
+    const cipher_info_t *cipher_info;
+    uint8_t *final_finish_mac;
+    uint8_t *key_block;
+    void *encrypt_ctx;
+    void *decrypt_ctx;
+    BUF_MEM bm_buf;
+    struct _SSL *next;                  /* doubly linked list */
+    struct _SSL *prev;
+    SSL_CERT *certs;
+    struct _SSLCTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t session_index;
+    SSL_SESS *session;
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    X509_CTX *x509_ctx;
+#endif
+
+    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
+    uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint8_t *master_secret;
+    uint8_t read_sequence[8];       /* 64 bit sequence number */
+    uint8_t write_sequence[8];      /* 64 bit sequence number */
+    uint8_t record_buf[SSL_RECORD_SIZE];    /* storage for hmac calls later */
+};
+
+typedef struct _SSL SSL;
+
+struct _SSLCTX
+{
+    uint32_t options;
+    uint8_t chain_length;
+    RSA_CTX *rsa_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    CA_CERT_CTX *ca_cert_ctx;
+#endif
+    SSL *sess_head;
+    SSL *sess_tail;
+    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t num_sessions;
+    SSL_SESS **ssl_sessions;
+#endif
+};
+
+typedef struct _SSLCTX SSLCTX;
+
+extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
+
+SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd);
+int send_packet(SSL *ssl, uint8_t protocol, 
+        const uint8_t *in, int length);
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int process_finished(SSL *ssl, int hs_len);
+int process_sslv23_client_hello(SSL *ssl);
+int send_alert(SSL *ssl, int error_code);
+int send_finished(SSL *ssl);
+int send_certificate(SSL *ssl);
+int basic_read(SSL *ssl, uint8_t **in_data);
+int send_change_cipher_spec(SSL *ssl);
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
+void add_packet(SSL *ssl, const uint8_t *pkt, int len);
+int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj);
+void ssl_obj_free(SSLObjLoader *ssl_obj);
+int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
+#endif
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int do_client_connect(SSL *ssl);
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...);
+void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx);
+void DISPLAY_ALERT(SSL *ssl, int alert);
+#else
+#define DISPLAY_STATE(A,B,C,D)
+#define DISPLAY_CERT(A,B,C)
+#define DISPLAY_RSA(A,B,C)
+#define DISPLAY_ALERT(A, B)
+#ifdef WIN32
+void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
+        const uint8_t *data, int size, ...);
+#else
+#define DISPLAY_BYTES(A,B,C,D,...)
+#endif
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
+#endif
+
+SSL_SESS *ssl_session_update(int max_sessions, 
+        SSL_SESS *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id);
+void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
new file mode 100644
index 0000000000..7043876429
--- /dev/null
+++ b/ssl/tls1_clnt.c
@@ -0,0 +1,330 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
+
+static int send_client_hello(SSL *ssl);
+static int process_server_hello(SSL *ssl);
+static int process_server_hello_done(SSL *ssl);
+static int send_client_key_xchg(SSL *ssl);
+static int process_cert_req(SSL *ssl);
+static int send_cert_verify(SSL *ssl);
+
+/*
+ * Establish a new SSL connection to an SSL server.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id)
+{
+    int ret;
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+
+    if (session_id && ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE);
+        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
+    }
+
+    SET_SSL_FLAG(SSL_IS_CLIENT);
+    ret = do_client_connect(ssl);
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_SERVER_HELLO:
+            ret = process_server_hello(ssl);
+            break;
+
+        case HS_CERTIFICATE:
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
+            {
+                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
+                {
+                    if ((ret = send_certificate(ssl)) == SSL_OK &&
+                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
+                    {
+                        ret = send_cert_verify(ssl);
+                    }
+                }
+                else
+                {
+                    ret = send_client_key_xchg(ssl);
+                }
+
+                if (ret == SSL_OK && 
+                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
+                {
+                    ret = send_finished(ssl);
+                }
+            }
+            break;
+
+        case HS_CERT_REQ:
+            ret = process_cert_req(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, hs_len);
+            break;
+
+        case HS_HELLO_REQUEST:
+            ret = do_client_connect(ssl);
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Do the handshaking from the beginning.
+ */
+int do_client_connect(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    send_client_hello(ssl);                 /* send the client hello */
+    ssl->bm_buf.index = 0;
+    ssl->next_state = HS_SERVER_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* sit in a loop until it all looks good */
+    while (ssl->hs_status != SSL_OK)
+    {
+        ret = basic_read(ssl, NULL);
+        
+        if (ret < SSL_OK)
+        { 
+            if (ret != SSL_ERROR_CONN_LOST)
+            {
+                /* let the server know we are dying and why */
+                if (send_alert(ssl, ret))
+                {
+                    /* something nasty happened, so get rid of it */
+                    kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+                }
+            }
+
+            break;
+        }
+    }
+
+    ssl->hs_status = ret;            /* connected? */
+    return ret;
+}
+
+/*
+ * Send the initial client hello.
+ */
+static int send_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    time_t tm = time(NULL);
+    uint8_t *tm_ptr = &buf[6]; /* time will go here */
+    int i, offset;
+
+    buf[0] = HS_CLIENT_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = 0x01;
+
+    /* client random value - spec says that 1st 4 bytes are big endian time */
+    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
+    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
+    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* give session resumption a go */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially bu user */
+    {
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE);
+        offset += SSL_SESSION_ID_SIZE;
+        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
+    }
+    else
+    {
+        /* no session id - because no session resumption just yet */
+        buf[offset++] = 0;
+    }
+
+    buf[offset++] = 0;   /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;   /* number of ciphers */
+
+    /* put all our supported protocols in our request */
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        buf[offset++] = 0;      /* cipher we are using */
+        buf[offset++] = ssl_prot_prefs[i];
+    }
+
+    buf[offset++] = 1;      /* no compression */
+    buf[offset++] = 0;
+    buf[3] = offset - 4;    /* handshake size */
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Process the server hello.
+ */
+static int process_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int pkt_size = ssl->bm_buf.index;
+    int offset;
+    int ret = SSL_OK;
+    int num_sessions = ssl->ssl_ctx->num_sessions;
+
+    /* check that we are talking to a TLSv1 server */
+    if (buf[4] != 0x03 || buf[5] != 0x01)
+    {
+        return SSL_ERROR_INVALID_VERSION;
+    }
+
+    /* get the server random value */
+    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
+
+    if (num_sessions)
+    {
+        ssl->session = ssl_session_update(num_sessions,
+                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
+        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+    }
+
+    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+    offset += SSL_SESSION_ID_SIZE;
+
+    /* get the real cipher we are using */
+    ssl->cipher = buf[++offset];
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
+                                        HS_FINISHED : HS_CERTIFICATE;
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+error:
+    return ret;
+}
+
+/**
+ * Process the server hello done message.
+ */
+static int process_server_hello_done(SSL *ssl)
+{
+    ssl->next_state = HS_FINISHED;
+    return SSL_OK;
+}
+
+/*
+ * Send a client key exchange message.
+ */
+static int send_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t premaster_secret[SSL_SECRET_SIZE];
+    int enc_secret_size = -1;
+
+    buf[0] = HS_CLIENT_KEY_XCHG;
+    buf[1] = 0;
+
+    premaster_secret[0] = 0x03; /* encode the version number */
+    premaster_secret[1] = 0x01;
+    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
+    DISPLAY_RSA(ssl, "send_client_key_xchg", ssl->x509_ctx->rsa_ctx);
+    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
+            SSL_SECRET_SIZE, &buf[6], 0);
+    buf[2] = (enc_secret_size + 2) >> 8;
+    buf[3] = (enc_secret_size + 2) & 0xff;
+    buf[4] = enc_secret_size >> 8;
+    buf[5] = enc_secret_size & 0xff;
+
+    generate_master_secret(ssl, premaster_secret);
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
+}
+
+/*
+ * Process the certificate request.
+ */
+static int process_cert_req(SSL *ssl)
+{
+    /* don't do any processing - we will send back an RSA certificate anyway */
+    ssl->next_state = HS_SERVER_HELLO_DONE;
+    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
+    return SSL_OK;
+}
+
+/*
+ * Send a certificate verify message.
+ */
+static int send_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int n, ret;
+
+    DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
+
+    buf[0] = HS_CERT_VERIFY;
+    buf[1] = 0;
+
+    finished_digest(ssl, NULL, dgst);   /* calculate the digest */
+    n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+
+    if (n == 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+    
+    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
+    buf[5] = n & 0xff;
+    n += 2;
+    buf[2] = n >> 8;
+    buf[3] = n & 0xff;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
+
+error:
+    return ret;
+}
+
+#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
new file mode 100644
index 0000000000..ff0eb62a52
--- /dev/null
+++ b/ssl/tls1_svr.c
@@ -0,0 +1,435 @@
+/*
+ *  Copyright(C) 2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+
+static int process_client_hello(SSL *ssl);
+static int send_server_hello_sequence(SSL *ssl);
+static int send_server_hello(SSL *ssl);
+static int send_server_hello_done(SSL *ssl);
+static int process_client_key_xchg(SSL *ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int send_certificate_request(SSL *ssl);
+static int process_cert_verify(SSL *ssl);
+#endif
+
+/*
+ * Establish a new SSL connection to an SSL client.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->next_state = HS_CLIENT_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_CLIENT_HELLO:
+            if ((ret = process_client_hello(ssl)) == SSL_OK)
+            {
+                ret = send_server_hello_sequence(ssl);
+            }
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case HS_CERTIFICATE:/* the client sends its cert */
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+
+            if (ret == SSL_OK)    /* verify the cert */
+            { 
+                int cert_res;
+                cert_res = x509_verify(
+                        ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
+            }
+            break;
+
+        case HS_CERT_VERIFY:    
+            ret = process_cert_verify(ssl);
+            add_packet(ssl, buf, hs_len);   /* needs to be done after */
+            break;
+#endif
+        case HS_CLIENT_KEY_XCHG:
+            ret = process_client_key_xchg(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, hs_len);
+            break;
+    }
+
+    return ret;
+}
+
+/* 
+ * Process a client hello message.
+ */
+static int process_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int pkt_size = ssl->bm_buf.index;
+    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int ret = SSL_OK;
+    
+    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+
+    /* process the session id */
+    id_len = buf[offset++];
+    if (id_len > SSL_SESSION_ID_SIZE)
+    {
+        return SSL_ERROR_INVALID_SESSION;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    offset += id_len;
+    cs_len = (buf[offset]<<8) + buf[offset+1];
+    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* work out what cipher suite we are going to use */
+    for (j = 0; j < NUM_PROTOCOLS; j++)
+    {
+        for (i = 0; i < cs_len; i += 2)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto do_state;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+
+do_state:
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+/*
+ * Some browsers use a hybrid SSLv2 "client hello" 
+ */
+int process_sslv23_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
+    int version = (buf[3] << 4) + buf[4];
+    int ret = SSL_OK;
+
+    /* we have already read 3 extra bytes so far */
+    int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
+    int cs_len = buf[1];
+    int id_len = buf[3];
+    int ch_len = buf[5];
+    int i, j, offset = 8;   /* start at first cipher */
+    int random_offset = 0;
+
+    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
+    
+    /* must be 3.1 (TLSv1) */
+    if (version != 0x31)
+    {
+        return SSL_ERROR_INVALID_VERSION;
+    }
+
+    add_packet(ssl, buf, read_len);
+
+    /* connection has gone, so die */
+    if (bytes_needed < 0)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+    /* now work out what cipher suite we are going to use */
+    for (j = 0; j < NUM_PROTOCOLS; j++)
+    {
+        for (i = 0; i < cs_len; i += 3)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto server_hello;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+    goto error;
+
+server_hello:
+    /* get the session id */
+    offset += cs_len - 2;   /* we've gone 2 bytes past the end */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    /* get the client random data */
+    offset += id_len;
+
+    /* random can be anywhere between 16 and 32 bytes long - so it is padded
+     * with 0's to the left */
+    if (ch_len == 0x10)
+    {
+        random_offset += 0x10;
+    }
+
+    memcpy(&ssl->client_random[random_offset], &buf[offset], ch_len);
+    ret = send_server_hello_sequence(ssl);
+
+error:
+    return ret;
+}
+#endif
+
+/*
+ * Send the entire server hello sequence
+ */
+static int send_server_hello_sequence(SSL *ssl)
+{
+    int ret;
+
+    if ((ret = send_server_hello(ssl)) == SSL_OK)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* resume handshake? */
+        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+        {
+            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            {
+                ret = send_finished(ssl);
+                ssl->next_state = HS_FINISHED;
+            }
+        }
+        else 
+#endif
+        if ((ret = send_certificate(ssl)) == SSL_OK)
+        {
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+            /* ask the client for its certificate */
+            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
+            {
+                if ((ret = send_certificate_request(ssl)) == SSL_OK)
+                {
+                    ret = send_server_hello_done(ssl);
+                    ssl->next_state = HS_CERTIFICATE;
+                }
+            }
+            else
+#endif
+            {
+                ret = send_server_hello_done(ssl);
+                ssl->next_state = HS_CLIENT_KEY_XCHG;
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Send a server hello message.
+ */
+static int send_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int offset = 0;
+
+    buf[0] = HS_SERVER_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = 0x01;
+
+    /* server random value */
+    get_random(SSL_RANDOM_SIZE, &buf[6]);
+    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* send a session id - and put it into the cache */
+    buf[offset++] = SSL_SESSION_ID_SIZE;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+    {
+        /* retrieve id from session cache */
+        memcpy(&buf[offset], ssl->session->session_id, 
+                SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+    }
+    else    /* generate our own session id */
+#endif
+    {
+        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
+        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* store id in session cache */
+        if (ssl->ssl_ctx->num_sessions)
+        {
+            memcpy(ssl->session->session_id, 
+                    ssl->session_id, SSL_SESSION_ID_SIZE);
+        }
+#endif
+    }
+
+    offset += SSL_SESSION_ID_SIZE;
+
+    buf[offset++] = 0;      /* cipher we are using */
+    buf[offset++] = ssl->cipher;
+    buf[offset++] = 0;      /* no compression */
+    buf[3] = offset - 4;    /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Send the server hello done message.
+ */
+static int send_server_hello_done(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                            g_hello_done, sizeof(g_hello_done));
+}
+
+/*
+ * Pull apart a client key exchange message. Decrypt the pre-master key (using
+ * our RSA private key) and then work out the master key. Initialise the
+ * ciphers.
+ */
+static int process_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int pkt_size = ssl->bm_buf.index;
+    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
+    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int offset = 4;
+    int ret = SSL_OK;
+    
+    DISPLAY_RSA(ssl, "process_client_key_xchg", rsa_ctx);
+
+    /* is there an extra size field? */
+    if ((secret_length - 2) == rsa_ctx->num_octets)
+    {
+        offset += 2;
+    }
+
+    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
+
+    if (premaster_size != SSL_SECRET_SIZE || 
+            premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
+            premaster_secret[1] != 0x01)
+    {
+        /* guard against a Bleichenbacher attack */
+        memset(premaster_secret, 0, SSL_SECRET_SIZE);
+        /* and continue - will die eventually when checking the mac */
+    }
+
+#if 0
+    print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
+#endif
+
+    generate_master_secret(ssl, premaster_secret);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
+                                            HS_CERT_VERIFY : HS_FINISHED;
+#else
+    ssl->next_state = HS_FINISHED; 
+#endif
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
+/*
+ * Send the certificate request message.
+ */
+static int send_certificate_request(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request, sizeof(g_cert_request));
+}
+
+/*
+ * Ensure the client has the private key by first decrypting the packet and
+ * then checking the packet digests.
+ */
+static int process_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_buf.data;
+    int pkt_size = ssl->bm_buf.index;
+    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    X509_CTX *x509_ctx = ssl->x509_ctx;
+    int ret = SSL_OK;
+    int n;
+
+    PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
+
+    DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
+
+    if (n != SHA1_SIZE + MD5_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto end_cert_vfy;
+    }
+
+    finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+    if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+    }
+
+end_cert_vfy:
+    ssl->next_state = HS_FINISHED;
+error:
+    return ret;
+}
+
+#endif
diff --git a/www/crypto_files/crypto_2600des.gif b/www/crypto_files/crypto_2600des.gif
new file mode 100644
index 0000000000000000000000000000000000000000..10610c126672508362a8a2b4e97fff49f4d2bf21
GIT binary patch
literal 15768
zcmWk#cUV)&*S`0rlS&JrCZP!uAXMojp-V9o5roxHL`2kpsGz7fjiMl-s352TQBhep
zA}aRKgQ6P{U0iVuf{Lysc662B=Qn@MKQqtFb7sza=A8GOiHHjK@y+N4HUTey|8FRO
zLPSzYI2s9IO~f(`Q6{EnnvtHV8Ntj5#WY1(8xxooL?%_=+(O^N($tcwZ*6H{ZDnf5
zz!)=$7S<SRYm&9KfrX=yg{_%|lexLIq0M4rJ6kh*Cv!(POH;P7y}PB8qj|KGwV8_(
z-QIdJ%f@+;gT3=&cMn@ruf^t`wyvH|ZvHF}XSTa1o9^YlB*4Qvz}Lscp6B8a>SY`5
z%L?=M2n+BC3-k-;EOO>Kdxf(tLp;5synI6aeU=7zCj|O(ox?*t!$bYUqXQx${jw8+
zB7#ErOGA8Pm-;4!`X)#FB_{@^C;FzP1cZe|#e^=6SsEJ`p0O+@D={oOH8eUgI&Ni5
z-16|O)YzQZ_=LEmtmTREX^9ETQ<KwIE>BHbvob9wGbSJ-As{C`Ff%4PD=8swIe$%B
zQdUw{PI^w^s+fZG{PfJk-!gLYGlTQj1s3K6tjkKy&r8Y9%w3<oHal;9eqLT-R^sOM
zDcjet*t{lp^ZNDM^Yb?p3O8=wSX`J|T9Q^&xM|1cO*^(17UqbyY$z+<EGyknCf>MQ
zyiq7EN|EhIlx*23E8SdIQYtPIOG?Z4l$Py)3wMb3R!UaNB%Ak2i>mf)sh4hT*t@l=
zcK6XkNeAjnS`KYJwr_V^UD2^a+m0$qI@))hIlcRG*NzHl`QE*idn=FCmF;P$+EZ8F
z+E8_3UwutwQ)5FzO>=!sb8~G|eS34uiMIVU?Jf0+1D(g4PaHm0bENIWky9s59;-id
zX8);Ur_Y=@-F5s>SLgoo?Z?h{p6)z%=&bV0h4cHbUOjZ-{OPORzhAt1_WIR}XHWEX
zpY6NcHFV|bK>sCq|MkZH3!VMfF7#a=n7G-0t+(SwU$45q>GrLr;r{N?+kf0sH;)aT
zn;8A$uZR2px_9Bx!}G%fL$_~@j13LnyEFFS&*{74xBr@$c=YJ6hYy}Ue*AQ1>iYCw
z_ntnUoPPZDpXn?AOh0`5R69F!^ZCr=>sJq+%{+hg^7)5X|Ga<w@4F9A-s#?d{`mK&
z_pg2_Kl2+B{C^NI7mPwS2}=sst<5cBq-Nx9+Qei;ZOj5#|3CQuSm9t703wzR10s<G
zgK{wH5Ni8GIHr4gg|IEO5=}~q@eu%n5>$xUM1_89gdFE=J<!9R6&*w^xz%!coY9B$
z*<3d8P@XebMkgYbjsRCIMo?_+BH6ZT!&U5&grWR#95RgFEf){%GqKPo2!J}&Z4)PY
zrj-x#_=W~DgtMxCm^3?ftYBu`*)LHASI0H)A$GmkN9UzvMzW)z$lt`4D1nZ_w;gZ9
z9a`AncTfvTL`;vzP4CaEMa5)$=lSDtjqC*BE!}jRtcvOk0~zAuTro8$E>a`78dgPJ
zv{I@50j%vkW?6kpx?sWmi22LVClWr~UuL){XhERHjTgqW**9o1K9-ZFMxEwpjpp@I
zo4BTmQkOj$HGiaD`qV~nvQPq{`YE9znUQZdqZha16HiUQ)Wb#o=5Xgl%jWy0UVnkK
zc@;15sHtKA6IL=m_1or`*-2a|TQsyMLZ<Hh?Z%d^E5Ya2CvBib9imG6L)m>xnF-wj
z`98(EEhCFMIUi6YgNYRtcn;@jIZ4Jo7ULrLN6yj9Py<$YRu2bb8EzEci*EeXRpnMW
z%Rjy+yvcj@mMy6V4R^Ba0i>nHwTgN$$JVsJZFmgC=`T?;LN+94LzTw9tUYOZ6@zR^
zdtG?OFb>BS<i-&_%MG`FdXv49yI@{b7)`J$7DCjc^W%80N0feo?}b@K24oT7(2K4+
zBJaalDRm&WX-cR<5F_PHWcj@6H<U%X4r!k}h3(&NVWEO-p)Uqn=htn0Xlm}PAKsiB
z86QfRneGM@H%?ty3^_Fv-ln=t*!L5HbhR?V=geuH$*xkjL8F}gGPLcxoOmiV?^D}d
zTVq>!UR(?<o{O+r_%?NB>(7_&=$KK1Xsd1WD(SCIe2cgtqifXlCh&2ub!bY46m#aO
ztq4i8V28PFo2n3*osW#?qD+A?@g@tS_b7b}PYnk}^Qnuq-<|SzwELxi4{G{Oi}QDk
zO-fZfOeTFz-a?MeAGdm+3@-d8GGj61S>xnVEl)ooCOs5ymE!*aL341C^%J`I`4?!w
zzTV;l>3U}^j<r*?=~NKE^MZ(KE5bDF0OrU4NDKl`TiCj+>!r_D{I=P+<%kMh!(OPQ
zm#M9zWtQne@C^<5r|7YZ&%Zocm^9D|ot$J4?RvA_9i8s`#i0;&+U4if(?vb}E2r=L
zt_Z*R=lQ#SaoIIL1GXN<?*kX@&IPnrmV<W6Ospx55qEma1=YygUE6vAA<S@eq=~rM
zzI%;sS<6-_5N0!2rmu#(ub@F_F)_d2{kxX6wxFDJ%7I7H6X{u}Yd4$o`*61yRU2$2
zw1ry^OuGq28+Z9KVh1q9x}igzinPW*$n4!fXfJb}5(G@PKAvv$wzAh#ZvOdS3-Bf!
zS)S2~J+xl%(MJQFFXrln3Pe~xHiuB8MbPI|mTo$fO}2J3b8{2JT-c9^6zsg%b%)TV
zp|XmZ1YwWF@)M(~DCI+4<F$6b@m^Blr&dI?Ihp>Jjf(xzOTIpb(pP^GnW}Z(^@~aP
zI0e#6(Mw+Y1HiC_{R}0Ouy#~T2j0v23)Dc2|Ex>!UlvF;U`U^&Zad`RKz$tzo%(O;
zNr2)uc;xM-KmOxDsg%8Gxf|iDQYq`AN}N;4DR7@V@m*E97@5DeIB#LD-|{;jo7$Oa
z&>#q7WuNm-oy;_U$q0AeZe!{xJZANZjiDm>&Tp$?^vYDczX;5-Ogj!*42M!a$T2&q
zZIpa|2n{R3xK>S9qv}DDyr1>f;`mn2TVs%|@WNe71G#|~CiwBMm}dh1tXv5HS`C_%
zPFIBsvuSe*bg+V_pQl)Csi%*RRw|&PS(RnriecnJ^}cKA_89AJqMNOw4mUzn=s6*#
zpVLN>>iVO;ey`rqI72F_2xAd4FxC!S^LY-2o#`g7U5;O4#z)u^GO#x7Z;$OzcQ9-p
zmV38P6LJLzGmX65t*DpOv0P#`t|$-cV4jK2T@c}*XRxuQc2m$Z3!g`a{ENirb~pTI
zf%ayg+~(k{)w({+5l*>lm58{WkDzN5XzOh4g{|s7lh-;KyGkUyu&&pnive}L-wJbo
z2i}ApSdz8ixJ#`p56I<8F%C?$UL=fJU_f4zA(pRuFfO)BVv*U?WO^=_)>dXnkoHni
zte=}SXr!H6zvA;$poRT&S!F?n-ckWg=07EVl$j_WFjKsSzFxX`D-L&56UzLdEtgYy
z<Wp({@nMNaU_cu=auPO^Gls{WtFV!5G2TyyunL{t$kK`|mcS98y%o43pS8bxDw7|M
z+&!U><XZN~uOfRCSMHC)3+x{S`}8ds#PE3$$&7u3QITaqWJ?1_Gon^ZMJ~tkLCYeA
z)L+Ahz^MCd_pndd7Zno{G+aW0l6JXEpqHtI?wl4%)OTPK*Qa;G9-;Vo3~ABsV-|h|
zdqI68R_wbN!$Sx5*gq=;0*WWrJf4fZIQR2?(P_g+r@@0F<*to`PDdU;;afNy?&;iQ
zUPw}W-f`^f-$r;i5=E_$1=9t^zCl=t$<(5*CyZtKSv|3PRiglV5d+&L=ts32W=b8_
zc(^&<%4;z&xY<}93PX2l7OIVQ+&;b>idq_tJYu4%dj1b??H*o3X8qyr#gOCXxU1{h
z-8uI!E)Rw-s}`JXObEs;4q@wh?WJ5S=H+wT6ZNobI0KHE=%;tEL3f=S$r-D_O(`S1
zHp+=Rda{h)9S9E`XQDNqM(n=?aiGW#pFZ$QXDwdUf^h)y$)r8GNQJQaAi%PPD&YOO
zD}nLh7?xnolgL_i!jV<)?_!4ngqWngvt5hKqJ|@WZ>u?_*r+3f4Kv<YmHrmG@!-jm
zLlMtvVO-w~Lb~n_DkqbA%L-_=Fna5YW{65Pq&=>aXslwgjMdh3NlY8}c2SE6Mf|fX
z3QnS`@~4d2_(*a^dw^bU>d^WN0D3e6&EdckmawI13KvKm#-sZZLCwk6pu>v(j~5p1
zSs-!&JYBvW6S;f?303;!zkd=bac-5lBqt9BP3GRN-Gmef^b$XZ&~7M~mtQ}J<HDe=
z5`*Dz(OUBdwYYq_jfo1v_n}wIF^#ZZ2M7BkEUEGyWX|4|!?O%BprLD5JJ_!fvr#+v
zNVF16<?lM(1;xNXXIAMV4mM2#aHe<eg3%8BiN#W|NPrMN^H0$&$0*P>N=y?a_IRCP
zdAniJK|@mpwvU0|5{8xOR!Rl<^8y5hf^32HWI~Li4Am*eT4~v5p1O8Qkmq5&`ml|7
zBX1nVI-JcxYf-}t{7wMZB*$Ii5V|zwG7Y9vh`+4EEQD&IMOs7<#oguH#^-A-Z%jkU
zTKCDXsOvB`Oy#qo!1wBKZhe>keUJ6l42Y!!#r*OM2~Kn&Vyh69oa5ZLIjOVG)%v_O
z^<V*AiA)T`%3)kR8`t>@x;j)YjB<xjJyH}`ka*&OD-M8U6z`k$K#&l#gyU_jf)dz>
zi`G^&xxI@VRiuH)DrlE7;5@^lUky>^fap{5R*`Y$W-vQ(qst7mmf_y8*)QuO5NNlB
zEQG>g^lAnwI@xz`F6s{%%2x;xH5=jXyqh944O_GBneTjx-|zjv`U{|i0Aj%wHaM%C
zr%<=3#94q`&ByMZvm0SAxP~bZetcxG!Yxz_F6Luda@6fHz*2!uWp65akeu!j_{KIl
zV-P&iVSGsCG{GU<Qxa!5gpER<{shW@b%x#Zi_n^SwKTRf8ST!eEYiuhO~i`(H!ST3
z|5m4AbeLQ@pxPQ#+HIk^7rb)T{8hg@Sq_$DFL77-#4`}#0#q|LCQn6NWW?K7!kYz}
zUJ6JRoQMZqslFe;r2F7ck4*t=X)u5cQu%}nmn<1@zWvGfW-I!T)<vep$FA@@&}%u_
z?RnLcLlyu<{MB3;$bIH}wBL^=hl=F5TzUAwIJoyCrb~+n)%dSH9$~4ATlFAdwF<eV
ze*NQxhWx1{r#0xBd)Yt`AG2lokq$ZGmYkphg3hzEnsvmcfweCcq<3<Bf``?Eaf?zN
zDz-N;fCFyuqQ)uE&x`}FQv;_8l2+84ySH1YMZuQCmS?{<Uq|hOZBZS<RqF>qQw3(1
z3c4{3I>U-Crd#T9bP7;=IynLdqgqtZHB`8<1}SG)^(RMc*a9A%-sm%i{BIVst{%5d
zzFY?2&am+}Rp{0kNV^$RI**dIfkkqZi%^)E1?*7Z%Cwjk1)*P#Xv#njYcamU^$#|i
zN1X7z*cWc&7kFmo#Cln<)fN*gF_>PK#`@As*Mj3CnLj_CxLKLM>f*_T=u;;L`%adc
zCI3^>4BrE-G{HH>NjcBl%RT_HO3d~PD`W!f9-w`iPySblN?5yLv4;2&AU|iEwkV0b
zVu~-KpyhJBmwIs%7xRQooRFWnvXnR@hyu5gbvja01IgBtBtL;R(OGmpWj^M$<{77N
zTAbeLy-Dj<-iAhAvPZb_^DgNl<0;5gfk!Go%pC?(8ED5fm|a@LhyyCu9l=tdDHUz+
zyQ6Dfbu@d#dL<x#Ir&%E`1R+}8}<W>VZvu2xt!v5Df8q~4tAP>&Jd8_0pwlFB`)W|
zRh;@P7;)@7Fr$W?7^r{B+H#nvU>zby96{+v`N$U_mmSa&$SR(VO3<O)6OkR_omynv
zlr&;m6fso<Sqq`uI*a3TEK@D(pGvS^Y~OYYG*cjTi&3lORTqm|rqSpkIG{|9@tp+2
z0Hjz*%%ms;(v#2r$`_Rzn(1&~VDf^Tbd`c%r64ZA<l@`puL{yEzv3R7^p#HxWz&7#
zSFBgqJ?QepX;E+c^wtXzVOrF~duCDrE|ZNu&qilBA%twS9|aY!LZx$dtUJ@`h-m5k
z)*Nv>|Lzq(?x3eOyZP_-E9YlAov6uouXs|Fc|Xr*23_!+atDV`#QNXP%uQnr{2TkI
zJMZ$Dm{<3FO#t~ipIGMkps0m<!_(scNwaaHZprSh>#ki!CF6^hour(3Z^D`p{Wny+
z5@Tw=$gIf3a5rcacgcXFZ?;=x)a*w2*kkzPxvBM6>G8JC#fb$D+pHY81*UyBznB}G
zaWmUeAbH+v`@D70&%N8e`ENT2iV-U|QQU5_GYgwVAW6xp5veS$nW0{bVtQ@AY_+nk
zy}9C~>V?R}2D1${4K^GA@+hQN9K5Fjtkx3W!NgNq%>6Y0MS<)4j?sfrkND(EDo{)z
zeI5Zh9O64RAwXgF)L;0&M~0+UBigweu3g8N;02DB{R-S#q{DPDP~J2|o`QLR3FPsy
z+cJSD{Yt0An+tA){@_ANQ~Z`Kpy8JXkSX5Z8OBH{sFe3WA|EFOLP~_tkK3qIoRo8N
zy(mE`q(A~<bd!qEDM#=lOpq%m`cdkH^1TipIg^)|x4v#dtH1;RZSWDjN@(1*|0X2g
znz+r3%)#^(T9M^dsgy-3SZ_&!QB#3cSS{p{hV)QG$1u%2@`K9zHZcn#eUV6?4D+RI
zlm{EJ{@RYdr{ES2)^-iX)yu6>V<u5zQk0nGekOY`+qYrNwr@6~uiX`s>on485qg_N
z=BL@LwafspWd#^_Ah+$(A~z1kheIjV5%1=kMTl6<g%;5s^xu;0Am&J;PVby<L2or+
zQZ~h89NhAt_w0vU;K1U$&$9|#K3E%2GMA5AuS;;CV+{@$7zK3MGA~&(M3&6XPJ0Rh
zb>0WN4)D;T_Hs|Qp2Xd3M>nximNta=E?fv)BfKv~4Q(K)N=FK8&K@)!dZBtSTo9Dt
z+rQt!(gWYevs%U>7Q}EJHH-(D!%r*__Hy$&1N686Z>g|O_=(FGLKI4@nId{vy4R{u
zcylcfsKk{qP*!~B7mb*|1ccQ}iyF{6R)Kq{BJ^?y{>Ka#D=}ZnaS2*M3LiTlC)5jV
ztW=@f_~#Gwp?9j#$yx}n(zIwX+m-gWMTV{-q4BUO>*>w01uBxGJv=D|Vzr3%YoH5#
zP>vjzK(VSnXtCEldK$E{QeswUt0q2xF>-LMY_Y(**)qWrr$ImBH`R-F7PdkX4gQP{
zbAyk>D4OI-%u)@ujDg)NM<r@6?9yQ3<<L%`CbnWHO&;$%4wzDqP3#lNa#Y%O-x4k2
zV}_F>B{sSZxk?y*$Yay_CL4lg<G*O|z;?_jgUrI-#fx;P_4%k21u~wGxlX~SDJwT}
zF$N#j8Xs?70!Z}N`K)z-BBqh451_@z{FXkBDTey_@})A}^d&{Wbs%&CAXEyd&D#?i
zH6iD8;8H&JfNU{Q2)OHTGA-yj1}%6dA#H5Hk0&4nyZY!1OJhwqBV4fyz{yq1%2ax<
z`VK|pd#<gW41Z(2yH2oFfL-zw;;~OZ+X_4+t}r-_Y-j7?kNsW`AzL`O{yU-6_NENy
zNOcN`)(P&`U7U@lQ1hRRo~~d4ZmZ?E>o6`~hucsfYhvRoRm;yQR`>vInIEfOYzBfD
zDd$w^`{CY8x}wPn@X)bXoC0}5skc#J`)UFo|Fo=b3qdYN?*fqb`@tQOd!s}9b5-M^
zB4;ZdMXwbK)&OX2#p^Xjk6RC66_{|orl)sHmkPT(^Z~otaCB`<5ACs;7PS-Uwo8u5
z<6s9>xE*Z#C})9io?YdcgA7+l$8WE~aiCJ=VjBMiONVhfTGIOL?CyT#76m#H9^q*4
zLlnG}f5gCn(ZxY(D_`nW2bWDq-^zfcf~S*i-b@7Y#Md>ZUqAgGUA^BXEJ1~SkzI3o
z1j$pZ>iN9rep}C;z3!>Q%!M}4`5WqegK5{f3mF=St2%U@kKZGw{xxQ?vC`0%U2O~?
z^K_uO5cikj%^g2)bOO>v2O63AI`dDIhp4O(T<DE!5h;I#4V25@pvtOTaW9ds9LiPN
zC+$c1GW-|R&WHQo6#H$;e!up{<!EAA(CH}WzJq|7+~SRGn7Y*`5x^wC$S>m3!#)V&
z!aH!}3dhCJ-5kLA%2C_+$Wt2pc`g2E_m|UINxS_5M?fSM+1RKgPG}lmIimjf;mT|U
zMn3^h8p0+r0UnI<j6HKlf8WgC5x+R55J*fkOH#q2ewmaQ+@s1|L^wbu(lUEgq7b|n
z-6v8jc;CyDBJFJDKphB)Nfw-WU2h29ij~kJ{6$sna|{bos;xtpxo>=QvHDSX_1`{)
zG3QzrKkXaFRa-Ii;}vcoo}28RsS}E2c*}$z?b|<vjg;fb>~3AJwFoe2X>hh2W~I71
zxo0X<5*+upSs)#Ies(CqUL@MBD7#4u&R8d)<1X9SMbm>5Vcmjb5;nn#6z%RMmg0=t
z&sZ+bc1z&S<X>`kNsm0mwuvG*a!>q<PekAWR!WQfTyGf3)Opt}IT#vIOC27sHed1k
z%2j!z-8+W&HB3^gjThVcfDVcF!B&*IQCL=Kc5Jlpr+(HzxxPNuIFr4JNeEKhm0$w2
zDipUt@EV*p0Qg-WZOzv)>?czIgv9d|AhDm2TbCQgxmO~{lon@O33eP<M2D46_mZ(!
zR0=&ajuvn2BIq2h9bGT%(uxg9B81dK3tJhxk4Y9ibt|`U9Clk|={Vwc@>bEs(zPwl
zW&lnSSQe?WA!+6%sA_{NZ<r=2a|%SY)#QSpj2ibtaj8BDn^hCRh_|V6y}?HyhOE=-
zqDYMcTF_4n^KEcuDM_saKeg6|<X7<$d7gLMmLPJeIG+?ZQxzpmoaxl!ZF!R_MBJMF
z_Xd3F6oVCPliP5m-`k#JH3Hdn35oZE^Pnd7;=``gwfEv*9Nw{u2{EM>6E=JO?{cyX
z*W{Q!^^OW;pG}|1X0&x#SIu*fHD;$(2*!jWL{GHmb*%#Npfd>(Zm5x<qzOy)5!7};
zKiRue$ZTf^FI9*i^Q`9(rZ;*da^C6K_%p6&dsGrIzUt#Z4S!TMJVN4&Nd9ki65~wx
zl*~9ev-TM^mG^Jh;ev(*M~qd8F6xCz&P2%&x`B1;mzTLxYr8+`wGK|Oa%<$`=srHv
zp~Sw->Bl%?AZMf$UnoC5Xu&81NLKS&oL7~KM|OK4Ut_*LC6~cuM$KoN3nm@fNLBRd
znevru>w$aK$dPuk=LCg^yV~I!axwNrQdYfJsd7?}9*W)JJw*w4DH=RL=&lLUyBubk
zxhuo2zNIqbcm+OXzRx5?Da@$ZF!AkpO&b6G4Cyjqy9&-H3-{Hetz<at6TVhuQv4=*
z5Y>PE)Q;Bh2pPTk_IIWn(54!}8e<zQuR$UG(d^txoX|muVZH)xwJY)fkZE=wAPSg-
zBFY_`g)cy*HGdBSTYC?sQDHobUT+ARhp3!!H~VROm||^^mHa~D$Jk3Li$pE9XL=<I
ztqn)m1N65HiS<0!tA3t?4-%oQI$HCPz568-f(kN2g<PfV%cL+6u}W(Uy;hZ$14tdI
zOuxBXTv8hY<#bV?=Pu`D(=?4EY=K>6f*S4H?NFTy7mOx0^j0ur+*Xj7AOsENl!J7O
zVIQ~Dbga7){8WJDp6^mr+G|C)$-Kz5XE^^Zu!BNqkby&J80%F*O~ExXZ?mHRk!J>Z
z%Y@B30fakC(Ub?!IM5<ph(1MFM@BLUt2LpPy05YTnwV13BQet~P>_N7n+U5acqT*2
zFgJmSm;hMGgs9+#6gD$2duEftI`^osg58s|isU%==Eip97JI*540SlxEAC!If33)*
z9YC5C4={)n!18rLO_T!w(gi7q02oE><d}cvWBl#UHQvXK;7>7-Ouha_Q)w@P&Izf)
zewLYz!uVC#K3tpznp1NY|Dx%PI&}zoiaxeUKF1OFU#u|h<n7s>5<+`+K(E8a_Cs4-
z(Wj48Q%?{t?dyxb$#;!dlfOfTwg380JJKXYWL@<>_6fhp>XK((f>jI$pQ8nl0gNh$
zGGH&N#W1sBQV<&kud(suxmNlI{&3)tf(6O8?<#U8R$~8_aZk^)m+UR%8WvGx4lx;e
z5o-|UHy9GfVi4~x?<-d-Bo-WxQyiU$pu2EIol+k~ZftCU8pFkbs-{r2$hb;3U}yy5
z!{JqUSkOYPN<s(CIpae$VrrG0i_P_sv;+z^_J=mXkyo2+)dZMyPh&E;d@7^&(xrmT
zqxnDzRje9hwWxl1<pabU@Au`Nk{BRTN3)Za6|9a7suq=Ls5d5VFq4zy3Q4;CW-A$^
ze4pg+5IgW3>UP{0WTKphvF)d!m2Ph5xnsMP&t;CK8Mt_Ce^#{|bkz2ewyF`9U-($7
zcF>?wC&4$sxCKw0fZQwyVY-~d@VXh;Z5%gS{(J2I)^L%bLeO%129mH@QH#8%YByuw
znJ=Ve?NnIpJ47MvY@9*M=TOu+Er<&h;oX&g(C3wZ?wIN~T~a|ucQH^{OvDzffX6Hn
zK6FJg@l7c*<p&t0$<X4bb;DbRM0$=L+!UFj-?Zy<?Fh2A>S0U;zDtKXli5nH(T<)3
z_m_uKApByl0V`fD4!M*>hUbqm_Jo!Dg&G;kdk{8Otr$%yb0k;DHT@xvuPac<FOD}9
zg<x-XksRG=axO*AK-rXL7<LH;>66+kydOA&U2rI^OLx+oCWu-shnO06#>hek)38L%
zMU1`?GfDw$3yDWLq?2vQXvJ+&_g{P`K#iI9>J>)827d2l_x0QR;x8Ke^wv4zy$hL@
zo^KXt5qAfVJJ^g}VC-Q9$uGv_gmDIz1Bk}Ln?J*w%U)HddNtg-?`K<{Q@E(j3TdzB
zHN{=~?^wg-Ll;Yz`_!I!CXl(X933)CXOQc=epkQ#v{8IMp)(eDHa}0_KKAsPs=S8O
znz!b$UZJm(4pbq3)Egw7$bGi|V)vi235H@3<7`;pj&u}d1%d#-i?oh=@?TJkwW;7;
z!Ds)1vYBnu1cgp|^XgN525^%e^?}uU6(Idla?3^l?4y&O1pl$^dd<R-PxEGX{|xza
z+XItT0Q}B>hK{^>f7$_zXbbpvSxr0mdgtf%OaD#(Z{h36%+3#g(1Tu8Z`wAodf~&+
zvLCv4`%0|6R=wMC@cP@6Prmo9e=;92e)&Dlbz!=N_!%|w*Q*tqwhc!AGgbE2_2;#-
zC93+Hk&0pekIYT~yJqt8^U%SY!{#@&y1@UMgQj=f`14-C@Ud%ikFEmJpl4179y}OL
zJNC-(*Mvpa`h$@|VALk~X~m6i%>kPA!S6Q*5ar-cIsCtm0e3v$+6v%*>u-{(0=^*v
ze_jpvaW(L<P4Jhr>r?eX{pMW6B)mv24!}y-hXSW_k9<kI)?cscy&e2LYvI}}k4uzK
z*Hnhr{_;Qe_G<9VdhlQgYu#LVkpcoWz!xSuRe;cEo}sFdYhXQ|qAZOKA&RS3&B+$4
zCD}@pt>)%?!{8S-q`NZ#{WF}g9r7Rj9E4o-<{K2Gv-4Am9XhaJ1?a^$usIb3@*%%m
zc<jGx?<7ZOcigyEe}kTV@%Dc=Nd$nPK!m^u%L)KY5$AW5=TRgMI@!N!$Ut7Uon7ul
zf$b;Dwlm5te9E>9G0BktJvV%_j|3^;%t&}o1wpftfPoo*ll(rl`X&Y@wdln53Q1-g
zLiitqW5dP@$yI#ov;v{~?r#@$BfS0QH-Gr$%+2WqVEA2sxQ+fk;-qA~ye?sBd7es4
z)JV6}FxI(n>LjMH0zyn8N+Qdh*|6U)GEj%8V%a780CrmRj(J((?TFniH{75A*6V?Y
zR|C5KA-@vPRC$T*vyY8MSkkbdgQ$3lM+pVI9H33v`bg7L)JTxk88qw>5L(o`sWi}V
zf=98f>&UNt9yMTM1YooPS{Had1P(g{e6y+e>my9701auuyI%*5n8Q}_L0dzBti6>Y
z)ioR3zF&uqqnyDtLVhZUNAoyP9MNifjrpyLH4nJN04z1aUnNb8EK4dj#}q4_{Xh#h
z*pPzEjznkj%L3%!jegF8ZNbGaHU>Jw;hs9su0xWfhOn&?E(OWOBD^{zfqX;^8;RBc
zTrDz)eSoWy1~8D3N+?n-wby}u46$L$%}!hHhU`n^0Q03dd=nObI<j)V!woP7AZqM9
zdk`IkpqLF%D<Z6$U@RLT!qV&t)Me~-WG-}{gG!R4c#(%Olv7}=XvJwsX715dI*Elc
z80zSImNuFc8rv2MV^eTA7&wrEBeOw6jwLR){khJ$ws81xNX$;#-tV_nbY%VUeA3Na
zlKbXEnrJXYhv3aaBsCAg09%XTm1n>MxzbIIQa#ErvJp4BM?6?3cF+R1*AHM)7TS#j
zw`p^u!^iGE`!`z8dD*s66Zh!YokoA!3?4*Ia@vaSe6t}PWCbH>_g<xW>m>IyJLF^v
z{&3^Iy1ad~e5)MueOA>@j2@JAqg%{8GFB`7oL(CqU_>dp`OV^#X@%ILN3^5zI;Qt-
zNx(R=_}-GJSO(>H`X|+VQ{pe)$dTa`x(;M1j$kr)@6&J(2#GtZdZ}{g_TRs+*hx8O
zbI>pnFjh-b)Zl>$c-6dYl@^)YA<Ldb7xv)SG~Vs1OQ?@ZI2;KWP^8hfB<5kueLmlF
z-yd*gAj!oDMq;60pF8T}Loq^;q0wJDe+~#sgH?B@=K+=`{_3&Ytc8hS)a2Di$N1!I
z0)vf=)giq22yZnqDCtP*Ai#AfTi+;KK8F(Uk*hEGbAAURDF}o@k|K~rQrz_;0Yj}P
z4*|J+hk{kVBzb7q2!_Z}OZbK%CH#Sg+Y7h-Jw3#X$wO4Faz*tS28^^+Rl3eqS~!e_
z|6GLVgPhbNQw1VJfNIKI#?YXW=kSzu-Jg+thQt7a^jLyWYIiT%b{hCD_?7kcN6&Mf
z=8E@RkWgm>4Kxyj0uk%bHo^%PFvJxP^;jx8%K;hdAdM2FI{A=s03xPCvIOukX}n4i
z-}YWp)r6cB-v8r>gV?$Pa?(nI;S=_D;sur#nZc3y){E~yvmW}p?f#p}SRYADEKH<8
z&36vAq{Ti*OseN15EYVqHKO+AA!}biPm5TilbGrtGMnehmjo6gVl>jQNhva|I@ZC6
zsFu8MuIds?S-C#B=9gHS16jT)K|;{(WyF`+tA@oOS>PRfJ>bf*)z(ary&&z@XZmvo
zN2*R-&2(f$ns`M%SerNQ;2^eekb24W0>c`uul&-K^x(r!uHnVGDJZINm=?Ovejb^P
zElU%iQk5V=3;eQkK`ODI4)RbST<0MUpBJpV5C~XreFTKa#dbJ|%R#xxP2wD+q%nY=
zh=_E^;JmLi)Ga{o-J}5=cPeo2uu}zj`@pZ~M9hagRr;Z|=M4e;yCM;fBQqCvy(Ng%
zmx1ZI;gMsKt)C-sJ&TbHM@6&^CaT%CmV@*G;}~c^C@xii&Y4GLs`lP)fZnCw_n#Nz
zd_)AZMDt#0(&Qs;E*R+`U8rcp`v44`%wJne%sqwHfw2^{0g0F`lBPtW1rAbHBT68b
z`TLxfZ1zt0%^>?J!b{U{@6c8n53+nftsiN}zX)e}WuvabwqHD$f}L+gm^(QA5t6{t
z&a#!ye#u@Rc{!EXx@Zoy{A_#lI5KrkwuaV8)=KvLMCI3`{C>c$^O9(^LCL~LQ5vn2
z%0|XiTyi>FONg8_it<_ABMXM5%VA_u4lyPr&L9UBsXBI42iiDayAlF?oe)j$JY>(P
z)yglG?yc%>0)LyAxoSH*4vQRVFGku<f9H7|&sZ|z)1#-GOqv%5a(X^(4&qIiBo2C6
zJB&V?m2Q5JW)fNL&#*96iLK`(p^>6f>?M(1{?n~8b9VFn5v)`vV)S6Q4M3|E(jc|;
z@0T*~qPx7vr)dhQlNz$tfv3Mebsx;N(m~j7VwP?lLI9a)hkC|=)wh>j?FZZ)jv@fO
z7<d-s1KfASAywj=KS!N+{dH;=#rJxC-csOf)4@x5zfvpJ3#$~zM)c7+jZInCC0@Uv
zSa8zH7yf0*conm$#m_6=n?E`rx+|5B@WIuQWxq0^YtEsPDZ~)rk{lT6sX|!7^_P?H
ztU>tszeO!q9clNw;3SYX9J+|Ihj=64Q)tuEJQ9_0c5|&b$p?BWSbeowJSq5l-gMoZ
z)k};Jo=*^GrJ%#q2nuLrdJ(dlL}UPHLwBTq4@lREE=OM;)Bv$G$&RHkY2MZAT%zAn
z5XA;c;t`n_SMYVR<#JSv7HM!o8Ustyv}GBMwV<1kwePW04_;$>IOmtbM)Qyrw;9Ps
z<nfUfjCXb4#cR7DHyz#dF664o$*x^sdeIQ8E9Q(ct9b(1h7=jeR8ix7`EgFiwhdJl
zE>6{)^L=YjtF`DPtzFVDyCRnUce<*+vFpeVa|5m9p}bnzhOmMuR5o-<F7{_bWgUy(
zj)7pKIMrb`LyZyuW!YGCsz!{G6J89N+-NuvapkpL7lcxqAOP{-pSTgFii%nq$*0C~
z2OK#6C>A58cfe7p4Grv?!QZOL-!t!^ub2X;H3Ae*`OJb%Su`h0QCfRd=ts^UPYU)e
zYpfzVAQQ^XNdU+NWUg{U_ItoY4r!X|AJQBdjqbC+{j=*}gu@oS9f{Vy6^z2Y58TgS
z=8v8V@+CV!`U{f&GK67z1~zvH_sGxd=$!eGFWE^THXmydX^hRsjB(mp_dA@w(?%m+
z0i%0JR)+L4yurkk>c2lrB${lESo&UY=mZz5Pl>OYhaHr}a}G6^=035C+vbL@>YY8&
zcn>Sed6RxFx+g<q+zojH7e%nQ^jX_>@gM(-^!Cn!t(DN8m(`cf={H2$-H&ezH|D=!
zyaRu}w`HHA`BYlt+C)A2`YSCz(w;4AL@uq!&195^96;)0E0bSbSvn0*`<YN`9qs0k
zt9$S{eDrTUh;N7eXRfNQ7}ila2qNyY#YQ}Koe}m|^;O06_8*W9zkUeLktyin8?+{f
zvT!0Ao3Ok2sAQvUps1N~@VVet?bEh~yz%>9;w>YPn?Uko?$Em`+=m5NZxRTagNdsF
zx=Nh=xVDNxlXuicGEbhH7nL{4a_lgfg0d3=^p6Bfy;FRT*ea>|H?dCS;R7TtvmDZd
zn9Q-`Y`#BI6_=@*Hk@U<3~6GAMwu2Xx%9^8%8Mb*@*#HPQ2|JAge-vyDhm#+t$Qlb
zcl2FZ`Z8>Txo_c&x+xL!#-!CcTvJ-`e!3SEZ0RSIYqSzGN1{u*O0Iy)$<EnorNJzs
zyw-x9o~!#6$L3Ac{k-yd?;&?@jFoL9%z>bj*yQ9~O%n6~O^h+)EFf$}QcO&9=KP1S
zTb0P<=B`2Q7ZH+V;VvKGPxpZ&miyt<br-;LBx_=BR(qbe{2<On?fg&$JnEpObo)&A
z$@Htk+6C`F*xfd<3HTKG=;H5Y9<99LbNeFi);+g&S=`aIT*9(UTC#GZPXTYpB=TH^
zTUObgYBI@rWeR8@y?dA~+irK&yNK3Ia`y?~_y2BnHI#0^iPL(!B=%&cmbyP}_`M`h
zJ`~*p9F$<*(!ZP+#AhJz^a@Si8uwDT7k%{87%kZ%i6No0UQ0#k27I54s1%vq@+544
z7R0;dGeQV1-8#`4u0S6}4HNWLhu&8V5!U}6l}%c|&^0Ls5?xHSGS>m4zFyFjp8`^r
zBFFH4GXWAKx82#bGOTr}hKq{bsXYoBw66gmvtlJzFJ>L3F*|m-aylg;gCboSaOGJN
zf#n$%u{cu^UqMglQ6Z@-vPEGCcZJ(C<79`$)8N|3T0kON#|XpFJSS-<?AINqL5IWd
zKRMuG94{p}8?}ZI!eTOzhELjU#=N}}Lb9r76kE-#z190U6xr<96U!1c(3ozl6rv5b
zDH9^8$ClPU6#3qHMvcR@=wy~9vl$U^QOp>8@^IhRx)hhnK_^T3;1(u&Unx@rqAfU`
z=~lDD<EuYi8EnM3D+`A}U8+pAVB!m#FN!fM6pCc_)y6JqW?MO?co$@bl-%;NH`eQP
zyhnU!XOm&A@5_!5l6ji!*)YW!^&DX~W>q30r_93zuw|zVh_1fe4qD16A5a(%pspMb
zZgX&Hj}5#3pe42fOi6FdQSpXSB0(hHpu^ZCs`~vL7r!*6)r$<i{REuYyqz10+OY4@
zL`uw>QwNsCNk&@BS6!rp5OSr*;{0R>(|w+nn=IUQUBY^Pz{<r|BPCmL3i0|?gBN@s
z#il-cV0g4Wp@J6f`9Ot^nL2mHtdsL}&}ydF<UV*HdBedLms1(ClG@Byf|!)e&t*m~
z0>=<qekm7;x0ZV@jPJ79Lg8Unyj?*xC@SHMKVKEB*#Cl<#C~zv%(FJYvS{+$m5YCW
zpN^o*^Fw@|zHB_!GxF+M$X??5m5s2?#@aopQ`X5h+2S-GL6bEcPR!FttOm3wmLNm#
z^tgKKKOaCgC6k;tFQ&iNfhS7#1O(_2V*Wk=`~48Ov6>9gR<MXL8?iEF9Y~#|9CrG|
zB<~U+s4G>6TO$A1zG89a@f)y|lrKO;NLNh;X+?;VYG?QSrIc67D?!3@luo&fl_$~*
zru30_3uI?vl5Y++g)Dh`eoqQTfwrNDY*`!xwXg3m(np1>JM-r}C4{NBQwzmqnPs!J
zA|!Gle`7-HimcaRbr>2<@)bOKxAa3DvXO&X{j1#b$1F8EV|)!u#iQ#LU|i?5h~>9&
zap4IfS1h>Q?ctxhUfGSjsdjR~2*IM{MJ=g-gr;(^cgyTOxvX<6`*U%*->b1IeWZIx
z%sR-vjR8`#ZwKT1RfawpQd9s(zR@>cZ(AmdF|R`1D0s2sM#Pfe*<p~rK!u>?Fs}|&
zZ!DrMgJu#$<kD%<dUY>m&hemfWYD$wHYNH{mnfDkcDos^YNc&I75SS3JD_l7Vv+*w
zKc}R02~c(n5SOIjQG11l-CuF{rBK=^vPKy_TYum7#(r#K>x;_<3`7jadg1@e?)wZh
zV%|JV%3|0s-^zm+jaZbu4n}u%A9#3f5R93j*qGZOYUTxczCLzN7pHqJjPMcSo<VA;
z;@~UX?9y-Nj@TN{$+*56EVnq`=dNJP^zE$S#QdP8cV8K+g-aaCkYkh|#zyQJh&)}t
zWdbfdnW8iq;G@0Lw<Sb=>Z2sgnJju;KyFp`A{Jpszbd-Q-LMMBRJQc>5oL9#05p(k
z5lG)&y#ptB`e*!|^c!?Cx8h#C1V$gOlp!%H?xk$?;g)FoVdTQ8{dclJ!%xaRB*KIB
z=9B>z;~dHq8A~iL1p8mh>Kz~4#w7P}Kc~CX;)>5FEL_#=qX$tg8QoHHSsCWC&iU?x
z4WQqy;sNIdCO%jJ5{rDYSna~43|kxHX8lmtA3_OPAX*ld(w?k6jtO?)?wuIv1qlqy
z#wif%$*drka-`NmVp!N@f*#f}>~a7n-FObJ4A47TbnE!BC{}1j-$ha2C$8$9=?cO%
ztt^<+M$S`<owjvpY9nEiyz$OED~;4O(xJX-4>Oty1DMfRT+k1Msar;3h~nwq^9;24
zuB!N?c8FF#uR_B*Ft8&-S|r&Ee)*M_{V_!T$RtzZt~9@oJ(1*CA=-rGH5sxNak6(f
zCkH5(BY!d7%l>P*Tv|pW0!*^=!rWY3s16l}WFn^G2_@cIS%49bn8EM2^vri9HL8#s
zd&fBqFj!ahhpi<=gg-sRkMlSI9xIwfkQ8EpLFV!LMx;HVbzC72F|D9Um<euW4w`AC
zlt1h=*?gcPs(V028CZ9x9-zM#5#1X5i~^2%eLXEACC@|euc@Y_<<t0;PT~iijt@!a
z>|C4j<x$}yj81_&BB23Vlry$>70|zB7Y*fBQM)%SfJfW`Bb|)Ko{%*Bm3Ec0`=`?X
zIBJ->c*WV*Yp&)dy5IPdT$URVINn=EEtQk<wXlIIzUFsC7BbC}X68OE!T_yf`2`?7
zs6ZChbE$7#&qBV{q@paKR75J(A}lR(U%Soe@E(d0>lY6kH#vRa8LE~Mv&Ly<M^4%r
zLG3HE=NLU&v&352adbQFdY^Vt-H|^`WJCX)x-Oa^Y|%+H^QHLJqmXe~<B<Q`u{{@l
z4DW}4zPNX8q_30v9ML@?i{})$RDM7CQ+76rGgh-hDY1OTFaNkYY+p8DV{%S_V(I`)
zz<^~M@qc|ay+-@XeZ%ICeEqC(J~~gpT}OON4c0f8L@jYmb1|J%y`w$&rbwWIu?{o;
zO^H76<@gTn>z{qaa42tQB-Fw2p6U;551|(~ml-t~&vW${z-EVsh;}%^mq!nPUVZB|
zS+Gc3Y|OJZGIr`@I8F6AQzG19s`aeMeilA6cIRGFBouh0ujk>Fq$4Dk=F$=Xt-zjY
zsvz)}>nj1Y1J{VMY;7c0-&SN&3ReyQmQw?=YX&j^o#JEg*vFtJSDbel!Z2V$Bv(+(
z`6ZcQH^TF=#HoGqZu;IN85iG;vIKa$lt6MVF}Bo9R6K(7Y`)HFM&`n4#VTYmhay+J
zh8r$bw=`ZL+Nb`C!t`p13HoMSMHFb}vjXkeYg(nJ-vbl6>&e}K*+mX1J>0(us~;J^
z8!4i0%y_mOmE1G1Qn$Lt2L?SwKH3n!7%`<mMu2g64HwdI7lPFizbORNhq22L*;e(Y
zofE%K0;n_|iOsc-+>dZuN$b3O?V0GnP7&h1$SjvgZA9f{hz{o)m(I$<Dj(iRy7Q)}
zK~_bs$q$2yIgc|eEK@8Ve1p%mimY^vn@vTtjn&4pDOB4~N(zWiCt}pU@O|j-dBTEY
zDot++!RiG}c~*V;4g*J=*tgLgAepAZ<%<0%B9GIEfVoxr{F&%d&`K$?oXx0l04*m0
zxEr8Eii`p>9_{4nHQX@@<(?}3dz&%XahQ{x`s{URm`we|fjItWd<CJPEgE^ps1#&s
zL?$gT9}?4wfn)EvRtgc_hyVR`92!`-W!V9mYee{b72#U4ejz~Z01ex#)4!!-T5y3M
zu(?K{8Aog;6gy|%H4PH^%=h~!RhC6aeOmx^PUSq`YZQ>^xl}-qp%Qyws}vD!RBXv=
z%*!M)Rb10CaOG@y+Pn=`ry@jxCO@7N1~~ZQYD~Kd2Y}!O&3-qSoE-afa1c`wg>Qt>
zDMRRPPGZ|F%*22Zh4*VU^fmB(55P<@i8qDJx&hlCy-q)R>FqrGb|YJwn5I;1z5}_-
z!SDBvy4-(gqK45$u}}|(J_RImIKK!DU;aIMyND9gj)!kEX2r+`USI${Kq1bcCDfF1
zO=3Xmg3rpt4la`-y5q?;RNEb|+?z5QO4EW2N*^s!WL&JjIEH6`jXV(6`}>yr$&}yf
z@AGYr+{Mguc7H1G*f7Ea%i?TRzgXC)(SfbsRk+YzBcFqXMgv9_y);@HcMr!%3p3}%
zW+&*F82EpkW^a06OTIy!RCL-7pkzyeRT3f~Vot%vv&<4tFmNh_^qL#2>i54E;u4w}
zIVPfZlk_W&f=Ch5RzygT{^zqea843Dk8o3fc-uqvqYz8SV@-;TUW4`n5PLvuKcR&@
z4d`R3P$;aCJ^OPoY~v4*PHX;E3~nRn{mp<!S6iBSQt@iwBdzAwtt{+Usz_BxTnmTk
zTZ^P*?BcvQ6abI4sNPJxl8(kU7sGfR2NR06>_7zl`lHB&EQ=wgL!VCvf~|h+IoY>l
zqCYmMpF-m_=fkEnu&9NZmLjs8f=!G>%TL@Y>{b!FRmlS?{Oev;1(zvS;}|f&sypMY
zBHpV0Q;phj4vZ+~{&Rh%VfOIADe%``{Y_1DDQFQXG7$9HPKr#7#FlE<fF?ErK;|{*
zTmjGK(`keB19VNV{gl}DlgPLT5V1kq#(m%3=tqi{XM2X>tNNBS^#7FiyG-`Fh5j}j
zusW~`;fzJtD0_z^xm%ke9R5B5&P#s_0Bx%lL}9C7j02Yn)Z5Q<Ej7JX*<#C-ULyx?
zi2)QH*k@A#>eED6pFu?W^8b0I)<2ZZ?&46f4D%norm9i;WbeUNq}hZ8b@s7IOmEf7
zw+bH&HJj^T0P4>JWC5CYnFD+N`J8C_BlVxN775v`$uTD98uA@^RR5aKxTCD>aB(Cp
zQ$(8=8Ch_Qw_p~v^Nf5>#orx@SO*h?y+$zrI%#B04@`FWd#8$GDebrY)V5NfPWCRd
zerx!j->MS>f7lyj42N&9KRoi^*q|(TqI*v)?d|A%?17Zr{V5&gw=9ISqKwM{aN#p<
z9J*|IJ3o>AyR<Zevu{8Chn?ZU?f+)Rq1)nQq>HX+!HlTRCr<jQvi$XWX=yK>z5Q|M
z$(wW_(?SQP?RoS1SW1pMO>SXdIjDAw5m!&8Ot91DL$@o579u9->PE8$Bva*Owv@3g
zNtZj>_RrYzxPNC}zNKz5TDWm^h2PNes)VoIy0oOHRP*q%fQJ9h>P*WAOL8NVHSf#d
VKa;_<S#DUOHj(eRi30%s{|EYJPNo0=

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_3ways.gif b/www/crypto_files/crypto_3ways.gif
new file mode 100644
index 0000000000000000000000000000000000000000..5da7683ebe26ff97c634e8a91b088cfff76d6df1
GIT binary patch
literal 17993
zcmeEs^;Z<m_xBb{3M(KTOCz~7yg^(_0YO$unx#7hM9QT*L_k2gyQRS;MH=bu?i3L4
z>*v3Cet7OVb7tn8JGai<IrqNKyi|H2E@q+#9tMU2{zoS#X!HsC<mBXk>p1L590DD8
z0>H*qRaK$UXgC~>L?WG?okvGU<Kp60R#p(s2xn&m7K??!VOd#O2qXeog~VVma0DC%
zgTaw-1o9s<DlQKBZwH8ThNIx9Q4|7!KxQFPm{AlK1w+6AXe6KtgG3?WXgCUu`bU6&
za{e8G!_g~f00xa(K>=Veq;nMlgFs_ekmxKp9071fA>t75|H(oEV1R!U0EI-M(EkPs
zv+_^zKVxAC7!n<aM518-_|Yh|Ga7;VXWKue2tbxI002Y(vmT9rBmX()3`d}m=qfl2
z0La3OV*Xk3k2wwihsUAdXao%9j0M19NK_mGiT=j|h(kMLFbKpy4R8ePpCA+rg@hpy
zSZ8<^8jgvJbN=Tm>R$i=2$b``c>aI-e?I~||I2{?<pM6=JpdPvPO&PhBM^^_%b>3+
zyDJpNqMW8!ozoLZC1ktMSDpJK7A_Y-r&N>o^E0PLiNVjB{DChBv;H)t+Jd34;_vnr
ze%2O_WFi9z=#}e=#&Q)ua~by66^|F9a+TASzm-gu>eSjU_J1p#u0(f5(7&oLo2|7T
zFEJdbFQ0F4UhhwT)ljk6;(5NeIM7hJ{2c=(WKe0WTI~uW<2D*>tX}^S$MPyerKx6f
zAX&(6X|Snwdn8LPl0mh(Zg;#$qts}q`P=?<mDxasYD@j$eB-<QrJ<IF<7I4Mt$Q52
zBM|yXM@MJ4wdvi)qX>?bXn+69{h3<3<>9uL-^VNWU6G7x?RW2qI>-N{p_rO*7y+F2
zGgZv8L6nqd`^zKCenB_1000(5A&ij$5swyNFhrs|D}k^VoU1|P+SaSVRF*|1!30Iy
zCaU=8ED#RB9M<Ve*$u}=@YL_DMIvfAJ8`ZYkU2Q7q~fyd2tnwjSS0l6Mx1;I2Rf9I
zy(u0{QdI>2(8?nN@C3ANHWLv>=q>`W7Y%a(gqSPVc;zGsbsPd7WCsC1Dtz;+b8oQ)
zh5}t>W`mBv2c%eD6+ecM=m3y-l8w~c*<tNUEI2frh(+rUexe1L33`ws9GWs`nVd9_
z+btqV`_Y};OohGKyu^ZAR91@P-u-TAl{S7!5y3)JN^yF2$zBDn%qX(78p_QRm8FiB
z!AV=~PpN1X{fZ={nL%__O=u6S;V_{vKuF5d7V6ref>aC+Z5;ZrX*&W2#Chawm(q~x
zPwSXT7PrsUe63B})x4txb+SAg{+b8oqH=L+$J1!3tWUU))Ww2Ir!kMW*zK#o3CYKG
zK;k6^<EUvvc+UD*^~FIiU@wUbK-BWirvuxmaUG;b|81Sh0w7uE!&1Kw&PR~AyceVL
zln%n9fUMTSeg@gmPH0Fc&t;V;3R5-&)=oGdGkAY^IgS3CcA@Z8sC*tmt|@gn*EI|S
z5$c30jZK+MJN#ZWd5Cp*GwYuI=4=^*>v(2MWsl&U4<q>_3$17NsFihF=e^lTI4^sz
z;4_Yc1g5<|y4lVO<-6U<`{H=JTNLQ`!3I{e;<{Ev$bCK;{wxEvk+@y)XS!4^;l|)=
zA>Z9eH>K0vc3ULWAIJ8`(Os!P&?v^Vo+YSd<M9;_dTic%(RcIb%ZnC+4o0Vkn;lBV
z2P<N8bm#fW51J0rZ&uG5j!5<V+Gg}Ws@47dtiLSROZnw2{}_X(0^f%8rQn;xZJi=u
zX%KTZ0s?G6Sm#Ov6{`p>_7E{C+4pb+MM5VZVPxf)mZ)Z6pw1o)K~y$T=#S1pRy3Ha
zKMPWw*Fkx&TNO$MK}L#;f1~uNLNE#U;T?v^K4BONzw65UbzMhEHGC4GLuB}ff4rS;
zZ&X3PEDKf&>E?H=ilP+CF^SiSW6N;<xOi?H2!j1clTiG~zCcZ`Cf@U1=M+PvZg>I-
zl9sh}@z3?gf+ca}g^69F1YFHwBX~;n3R%X1CM+@w$ztMHv5vF3x%Atd{kXfIKBMPz
zWDTy9o)_@P_0i^W2V3>YmBb5DcrvnZf9N%;*$I`khf)0~k}-)G`yws8h4Z0FMJE{J
z;Xk&4ME#Uh+dJ@{DO(p|;dqHsANTgX7~mOt*{8?noVF*)$}E=~u*FvLsk@97!FZu)
ze*f!pR0j`BP~6QcOLkkcl)7d4_F0i9wi*d@e>Oxlc2u9nJJ_rxm`Ipd55Fy`1vEqr
zg0%sq45Zb`r$MZWht%pmAuh@HD#gksYym_NO-FD~rpROEaSgt@0{o!@x!=&S_N;MF
zvgl2TXVY+*&YE}R&$vKBw^RxY!y2S|HbRBX>gcoaPru6wwO`Vd;i>Saf)ep$nk-Sl
zYY7Fo&o=3u2-=-*g+smx7c#By!E>Y)-C*i)4f^q6ox_uoQ~6^4a++=*_IH^B<i*b=
zaZp%A4Y--_n##DBMt{6|Vbi>wjLvRSCTVPi2YrckEP);`O;yhJ_<<=GEC7A46kp1q
zb%3TM%>6)2R;`g}o?{NxPL9wjknXa_ADUCWpB1ik+>Erc(UETISFg)eEwQOC((7p)
z`Bs;2>-ZsDrgKlbG#tmt0sN}m>Oax4$KhpTA@ivEt+ARVdnbKHWra2#G506DhX#gE
znZ|P{;xd}DtBknS&a@L-4d{<qEW8JgnfE{x;+0P0+!}b)@4ptv?|btOYWHisg{L_T
z_`aE5-jNkc`fypPZoHe)Zu&bpAxZ$P#ASvPDb^7_R8bg(75FaY0odDQ2#t+gebX%V
z6?f5WDPF$^qTbg{wRs#ia<jbdJA)w3!dBt=jC^-&$n38ZNbaE9qPf?Igz#Pu#0Ivu
z5H@`Hd2yNh`ER2!=X^@j>mwql(Qi`$_0bXwb{;l&BDJ0jx523hf9OP%QCQV%*MjER
z*HDj5Sgl2W{vW6G+$c?5(cg7$Q1=W8GylMz;|cZhDX8MNFCuDsebjy;$I14~`NM)m
zX$3Xv8f9x-`b|R8$Zu7TefcVH8^=gK2wy8c-Pipgk%MWy+!8If%e`%$^V%e`3yt0r
zd>h%|>*8Mf<JqqAZ_Or3RWbLc=NMe7JfP3k)j6?m1@~8lg^gh`*UWou_dk;J3IE>I
zg=cYWGsq>pmtRP13n=Hm>4)FOG=|!wQ>y&^v*uYo2!RMY``=fs;NX);eB&GyZ`D*=
zfrOTIzkMwmvEH*r6)T}m3vW!FzuOXz9R<;$Y(M>x(k>+yt0Ad51wJ;I<uPt*+ShkU
zk-V?%{uDD&`1-O$|9($rq<N}g__D$~eg6p>RStDt%>0_JL2E5DJUx6>uW!A*7k#Pw
zxm{y0z2&Fc$e-PVAxh}M?(1jITUOQ+{0V&SPr}q%*C?IbzuN&0Ow~~4auUBSYJGNH
zr&_jN{&?Reg+74XG@iFUyMFu0V2A8=*s=_Xd5s6zZpHW3fn(75P+`mY2a{_gjq^$O
zhZH^H5c;E@HRq{PgPM-uXJ?7h-YpYLS9^31##aa4arb+kU+}+3>)03mS+AUqt`s|y
zO)=cKHm$G875=;N)%Xi)Iniyp-a<VyR%#fJ$|bm7`{Xh1s#&4*Y(;~-V!d{Lop!c7
zrbi3oE{|F0@=G1JQ|S3HLisTTYJ2haW7;a%h*jj`%7QpvWhhUDQPFbx3*yVhM?DSH
z#(Q(y$$*`0%Px155Ax>mmJ-BxQsWkHDLMT&E^H(fHPcs3HO>vcQwD^I1V~KzBf88u
zJ)bYh`6Xy+;3xaYPno=-3fy-O-1r=rEh0yb_b~(dHof|dy<CvErM@uK=+75Ea;){=
zZCJl(;9E}PcR%cPt^+(--zO9V<8%k7i)#7@+1-CEvXkC1;AU6kC<x4-3|5?^hGkjU
znS}(1=m!Lw%}vT&j0Xwy$ae=zZgT`zdxX*?X?P{e`drKUQ5h<*g<+CS-4(*7Mc*7z
z`WGb{XP7vD^7O6lL05~It+9!akNSS_cls-&YpD?UN!y%f$1=AsYNgw0CnW4YMGM0s
z<D8_h$Qe7&OPj#tFse;z-K0pVZk2$k$T^D`jX+D%q=02gg`u!0!Q?3V5RG?zFGs`P
zb6)v1iH6Pgg$=W5&QtkEd0KtDrk1@Hr02BenlxOnK!0frndl61?2B2ZwD}Qcu9d9q
zx)XjX5__SDO2&1#;f(uZZS_r2kD@5{#e-IS72Ye(;{P&Nk!zm%cM0l5y5TsY;Rrbp
z*Qh=@zFl^aA1!sPj0EP3`!l&I%x@jLUyad#pEe<!ac^!SBpOZGlI&8UG$*1#Q(tTY
z>(RKP;jpJXLUF*(8E3g^m`g*zDsBX#(S)xk>Wz*cj(bFTLWCN=VSr-f!c4UHb|Cm^
zv@Sl41+I`$$P13kx6H{}2s0z;-JlxnK(~g_SF>)aDG^zT(Ww%qAv<5jMUn+lfEJ2Q
zVG`>8mcC}xJog+_-FP;h!YL}|U($oW_|K*+UdMxX?QYzoIbOsgsc0rRTz9BkdEJxB
zlah$CeeN_Os&v03-niE7rqs{I-v`gwXojb_xu;JQDdaMF&5EVrQG%o7sLGq{g=W%<
zS-&z<q|Ye6nJW0Aq3h4B6!wtllA8@G@UUG<O0_2gm0cx&4a)%080>wp8RdA_tV9!$
z_o_1~j%`OuJ<gT?@-tX3n`zbw_tq(NCX68URsI*}#{{x{;X+UJa;7!2>`nuzBaCVL
zvk6jxH#gZQWFS)I3>E?jcD)=*nrLpXH@tf}`7UvSw^A`rbDWBjBy6)eODMSJaseSU
z6+(F<ET9)BnTl??4WIMC&AHy$K*!(t=w|C;e<1aVrh2nzq=xHTue_hd`Jn!M%Pv}L
zvRtcF1h=#NL}32Zdcn>EexXY<?Eo2&R;TdB75D;`d)ZaM+Fw|;Tlle=mMTs(D3xER
z3Ph1r5R+SoyPA)lD|X;0km_-ZB`D%Ti+{G|<wpX;nyH@GQzeO(RDJ@G!;1<_QmL_^
z-jpIQ=8`IcqDP3*K)q7e8X(1}8GUZ?r_++QTbg#k(oQc<N@STf0d;u^Rey8Y;4L>d
zKxSl*InoR`PD4GJN;Mr(K6nctMDZ=oG4II&dC+BF1S-PbRBRE@jtG`6=oPZY@y^Hd
z^bt^B=v7v&0v=_tKaQ&mY^anT1&z9K|GlLGa#vN$R6z%_EXBYC164Upm7$NTNx5ku
zUxCs{PCRehdtp-uP1e7<uR3J4no*J#hG8eKVwXf$R||oKWjUw-mE3=-VpePT^=Vad
z0MsaEPC*eNQs8V35QntlS!q!suudkDmJ9>z2Lhy#jOwmHwy&Hw)!@G-kkdEtCz#@*
zj+$VmZyJO}y<-3_G?0~)@%#<r!<z;VeU|eM_&_#btfRKtzdk6t-j18@&3n30e>xiH
z#!znh@4&`Drp7>hb}9fM`GP5in<|dBNog%V%eF~+o+_oZX-}XDq~5gW(&YcRIft7r
zjR27D-JCf<RnpS@-5*GE@(;fO(4d<;{hKiYEp_v>hid@93ZOlnwfzqzmbSG`rq%L+
zknZO`<-kB|%WA6yX`8P=+r(GesZ!RN0m`|SwuZ5`KH8QFulH-Tg&X@#C|c*8uk9+e
z?F?sa-jCZ)Bx%nGTMi|uue`sL>9<bXwNKr)KS=W5d}X*OrM%b2R=8l>xUn0`SfVsm
zG87$^b0fhC_&EZ^hyc+HHjJJEdQMvjKpp2?9b^l%PZj_&CtwsDu7rXpV1dFaUHT}n
zcv_c86^_UtPy^n@2#3?0fPKCK{0M3B(<lkkIzIt{_@jVlEBO*g2ptS6;ta-(>(OiN
zF<9s^@&U+Ib<rUqN&o=kD0u8sX~Cy%&+2ZKRw}YlfZ_>|2HB&HfZQ9W{qSo2VPF8#
z#sU=pIE<qp$pIRBA4<o&-rx>aUI2~+7ATGa`AGdtQ2EJ*0n^1nP@|y#T<h5vsyWO0
z3I%|gRRBg5jyR?#v9-T!@P`-%taSn;MB=<WpboXC4Cm?hk?CiQgQ&oNmeUP(w*Fwl
zLX=K`n#j)6+n>C&{mn!%k46W+OASsK41F*dtXbg8?;Nz*9~>#8#vcVUB8H|6hPM`e
z(8blfo<}UuH7?x^B?5s|CqQ{L&bH6Uby<%%5&|yljddAt|1@y2K+%2%qyr4zq>cVI
z0BM{6jlT{4;id*X8?_Y}q08zgNFV#{1ExCxwsKb-KHN1PtBggNj8T=3arzF+VS$LM
z5|`RiR$pqeDgYhk$5Y?&YXguL7W{3ngekg-g?>C32$YEf<3*1v`VJe%fi+h~><GqX
z%il0MLzE0BZw4WV(JE>Bv7a;(PW~+!G*e=QgBd`eECPqaVba!NNNyA&b29Qgz1irH
z0?j++@krc!5h;NI+bvH2_JK&mO_M!+`fiZ|eGes#n~7+fiCUbAxu1!npN)Sun_xIg
z3cv+1&!n6JUK~zmI1IDJf%V#6xZJk{4^f~Ofl)Lr3~{rCk0GWfvo(gpVxtg}^kRcY
zRfTO7#cgx9Q*!_V8X4qdt>MBX53W;r>3z^psmIuSyQ(9$d^XV^((SM?#XI;iZs7&N
zr0?p&$fEsNy5chw*p3%&WWO{SwdCguQN+wI3{fu8BURm^(uHkSd1;=ZM>Zb;wuhE?
z50^8d!H24IO^>Qu$|+8xpPe6mQnOyJpr_G;LH){?^i@_n?N@z=Aa9T>$8D7OuVvTX
z26Jz$blg)@VSyRZtGHQfWrJ(ByimSqFZ!bopq#mirx7d<mcI|FpNv8>%h$+{;D!ru
z1N$ZUqiOl7VQbx$=iVzer>kk6+9x8*+e$C<#3dw$sbK)HP5Bh^X!&tY4@`a4Y-w5!
z0DkR22~edZYa>S)Eo*yzB6>(p_@J|C@_F;CKg8#Loh-gbhIr*8-`3vYnt1vmS@Xij
z)2(9pP?{U1vrTyo9Wl=g>SxmP<YzsB#4B<YyFoGIO2eu7<*lz{C?bqhsb|AalTk-H
z5}*C3VR2y5q3!#&-IRw-^M_eB061%SBTI76>dhWk(Vi#XZo-$)vWJzgV*pOa-BiAv
z0KScpVR*yQLFN#Uv28;rgA&VtkqHm|`EuLVVjDfamvjoO=G*^zwEe4nZK&cXMfxzq
z5X1<`YFgX3tUi450aMhz7tfX=CwFupiqq?`e?WY^TX6(Eo>oQ7by4m8vOBi$KbGB!
zQDTpM;5+aDpM3rVzBfjk92%X#M~*PVyDXU}zV|p%RWV^ll%&Q{<ow%I9(#9wr!u*x
zp9FwP=tT(Q))>Ri1m8R(e9^Ib>+1zvnH6puelebqrkqLUP(jW+f|99y7EK&HsO#5n
za~|ii_TS&rZ^T=yPOH-V^IEWV+oKa_DkcSEIU<m*>PJbZk7R0@<Zqr|f;jyglp@mV
z0^(y1l25@KzKa1L$3fCF{9{*+PEKJY5-v_;?_$Z_|1SC(uO$O<0zckx`hrpDYu@VX
z@V__XK^Koe<~hgk@a2n)ShCoU<e&I&){lP2oI2xt0w`c^>MKWOD#Ozme}^squ~oZO
zGP{6*ZvVTlzI`!vTX8I+w_Hsx221q&Gx~8@A#3BE%tbfJZToZ4T#~z)%8S_%vR-5I
zzRWv=+Pjc9ZbN?oTCn>Ary;`1KL7#b3Nira5rcdf4BHt%2*h&}hp%D7pHS1(T_aXs
z#Lzz@H2@$xUdFSjX2_?It_B9vgIa^AHMUezMI4s8Q#7`R0St5x5E{)LRE|P4gF>q2
zu6hBIQrsH5iq$O9DmUs$)!NstFl_U~p`F@Kz~vgsQ23gZ3jz>Mq^2vLnszsmZZAz*
zQ*w4kI^7c!Nt_*{JA?6SAS?0ProGYh&#&;aWI_FjyvDt0y62X|>CZks5CJZBMxM|;
za5*F3B|1~(hTlWz^|?c#Ar8wg2Bvr&W8Bw&9hQEn?2YmcJ{P5>x^dm2ea!7gXLx(j
z`$<FWM~2|BE0npiG>J?9&hu<j_w!JOUz6jdYl9Wt(F4=n`uD(w<s!Pjew`!5e{m7m
z<g)cjY)Gm%;9CGgQKu9xV^CZxI~Ss=vv$UAq@jJMl%(?dzlCAhIC;|Q?$38*2!$u5
z`a6<jlZ21O@Q6#Y!ttt^_g<7z{CZQ*OzJ7n_ie7TlJob*pIx~;X>#@FOqs%X3h8t?
z;r&l47s8R8)sX@%kcge?5;~@hPbGp~ZiisX1|L#6s$g4dxs|ZbpR*-Wh<+)F-e)HW
z7G|2?lD(2~`sJ#&(L6{@AYAyL(BKP7-$N)T(c&*v<<r&#)@MSz)oN*=VEhT0m-JN%
zubt$`TNrJ1F5b`^1}BKn#fe`kyvnTOpVT9nbDIV|Yg3v41hKhK$ogKsdb@?d8+ik$
zv%OGZ_&7JlBvkwiu4i94G&RRi%1Jm&;PfP((?xRc(%=&F%_iFfi1)<ky&1@s-SoI;
zdhvsCiP$TRNv&72o9v1?lUB9AuI94HuP8WQkQ_~!gfv8>R53R!4GUR(uQ?54Qp_6I
zeOEW%8pXdl`n{MC93jT(rTZdfCN<`sip~Gaz$&3|=vw`Dm@i+gNmvVx*MqfFc>5_K
zgRLXKS%KQ+_3pfE#jg#|W#5~<_}X5*eczTP8jJFd-f+v}=grhjxCJx1oSC0OXm^9w
ziM^~Fw_}_;YpdURImzW-c_T^=zj^KZem|l)t$zND`t$?+^OVt#;NP4M8`4yry4KMl
zo{l=Z(${ZnB)(S%k#HKvDozOD_*~XOaT7K^b!pFT&f&kk+w5Xd^WjV%^teZY-|nBj
z8(prTHTkvP?)?Ez0t>&MzfD@|o+?$t_o%SK{aTb%9(7}v{PW1y=O<8y%sY%L2p&3U
z{7qkF`&sN?lbgfuj34jmd4SMM!rUeODEZ`O_`cU)?(nNt?Z!n_e4qQ}Na{oQOUYgU
ziFcCR>*$EL-|wUOK3@FET9mpLJ%<4m@$Oy$z?OWVr5|r`<+ERsQ;8mlICC`Z(@*#P
z7GFB;4w&qMyT)O_*AA~u`t}WW;@=9hZjH#i#FHh`DEd#cX%vCu!xWz9nMCa|5<<SQ
zdc{onqB{DK&)Pndsvl<?{0s_0G<HNs{ir2ochR4rN$=jf&SJu%U+8N_5{w1(u=t0;
zdnC-Aqu%9#*lnI8AREehou3y)9HZ(9m)T@CTaFz_KU;jIBbe`_ee|Nw^Rf37-acnD
zoAiOTw_6-O3$-Gb(OAUk?5m29+yO&dYqK`GO=Gyk0FLTe$bC|s`2ho!jKvur%6h}-
z+J{OR0woh0jL;JOR{TUDC^DI{#KHu+(<iz5OD@Em)K@$q!=!x&xU`{08TkZG$7dPc
zQOoXF2MckydiPZ&tW#{9xvw^=_O*|ImC?%jfZN<|)}hUIBt;d#v;Jkqxjm6^@jJEY
zO){}(RRPZxA_{cz-Lh8gO-ej>nJAJplyEJwy_jut@OgrA{xosEpzQj&>+I&v(Dn%8
zg)R9+aVf(lV&jPVk4jcF;Whj=|JB&jwB#BM)<@RL+TWTd3w0)v|7%n4_fj7E3w$Cb
zCv2<t;~j*F^)j!eT2&)<JiEBpM%q2+vn;)>_IF4x@IDV{kH*ob9_NvlF<P`WebO>h
zUZCdd)AoooCQG}&85-f}YxhL!7S-llpSIz{8M+aXmXcH?8QMc)O4Xt_Re!}1)3%Zn
zFk03>mBeit#%!5L@Ybb1p*CGL&&7395xwSKmp5rzP70YnP{{(01UtIrOB(KJPd88Z
zIC^|*G2D9)2#IU6e5{PtKQqdQNE8)0YRIAzsWdB(T~?WWi~HI_tUtk2kBVDMjUIAr
z)yVpQj|cRZST@k0dmIiY@OuNoM2Zd)X<E<4u%M^iF4zQmSu$6`)k{8+&W1W8KM5&Q
zxX~UEk$eyw?FFGig>`e9@MEbAm~g+(^xn6}pSZ$d5ay`2J@-;huq*HN*lry|AyHIx
zc&oYcX0il+9}t)4Ze8J#KNxCRqZE~9;TE1eU`+Al^Ve|<iDF9svt}T!H0&9Ia<<Ds
zG(3J)%IYDkNdgA1O&K}J60S@cW|%$81g=}uExsKMjVWzBF|cGj))i$-?!=`*n9EbL
zj)rFJqM*gxu(zpw9<NCth!Y@l(8O3p2k<ecvW*(q#;<@FPPx@i8&rc{0^KVli8MCo
zMP@2D+X@D%=Pawwu`&5E#y#pkLkT^~KLg)-Ni?P7AVz;^xY^L1xD*H*D-xxSMN!2X
zN!R7ut26ipJ741@p~Hg;hTwj@qQ0^^J%|M5-?T^3SG}8NuQx#XIz;rn%W0eA_a<*3
zV-bkBz+j1XC5vFLpwl1s=rBC=>*)IH1_R+GR1o`yv};MD{wyyuu2dEdDol{r%W#5p
z1p`*X$PzL*AIEL~8N!hXv~zENmqB6yVRS(>uTPxDyiaYHtGp3=`M|u*yb7j)gK*1E
z+I14K1azDr@_$V_k)qTtJrgH@2;oulW%0o3rT5%qyGMP);-ORMpSf}N?NtKGcKPSO
z7s+niP5JJXV2VhvR~8Vk0pBwz>gend3Zk+12g@sh0Mes@P*%*OkJ!}^3HAHo_e<xQ
zxNY0pey5*T*h(I}#G04HVs3bE7g1z*J}^H(a4>5&p27<9=-u~Vnv131(bLax3!MLu
z@W_LoqmY|z!(P008O+(Cei!-AeVf4P7X-V%45eajEh`z02P+HoO)>#Q@^699ksohA
zF)rewLbg^olxB*bf4rT3ew0f|q*PYqdvLtSM=SB)-@xxDw8+8F&;Q6_Au7l_?q|2Z
zxc?GjC*+#{aw9=y*gQ!j&II;RkTg^{yd;3ERp{A)P=!Sc^1DkL*+wPN2A0B2rr{h5
zWo6CQf7X;*Nv<hF*3m)d#!cbV!3dG9iIibz#nQ9N`k!^cH9INjI$7wDEN-2;%AIU^
zoj7&vclVL9*MXfp3pr2AI{DMSvv0@_&UXsPGx0;Zgb%RX!g43vU80(d!kS$Y2T}q-
zU2)!Bk_ikFd0o;$GNKb*l>=Q!1A6I;E;$uRNmhAx+HM6RIyw1nMRHlBTX(o!x3Uzi
zVnVl~raa&-U$#sBbF;iCP^!NOaF9y$yGvemp<C{t`|yu^6rqAYjRN6K=^3s6V~l@r
zmOt5v0wvNPP2OuF52QTlA<F`;5A<xj!u*z$(YEiA_UU=xX4OsWX_sTdl1VWDFh&p%
zIRFU5f*|l8uEIaw$-jK3;_o~GBo_xF001f~e`pcF%3Rtys#hYdxAiM_si?=U?ji1@
zJ@J_tpz|Gw91eyl{s=bj3sHH=1MoM^1JYzk4QR;t4E_*aco|hy88ZP}0rlzYr{iNW
z|MZa|fz*n?Q1hQjZb}eEpdb>+0RS*qV>ZFh8HEEg)_-P55eTDNq7Q!1^2m@8DUs*V
zea;2)0YHMDKMRBUlcM^_001UW%mASTqY6van({8JMLtjdp0I<)hyPeoS#<6z0Sp9i
z2GZ;NED9QEH18vi15yG2&_-pjn{*hWrTn1(yLnWlyks^JAI(BzELmTzc}%w^;WzVF
z)NuoS2`V9F11&0*{^QEniNPJ%U@ePEEkpwEK(U8MAm*_MjWe+CK5cN)eCS=-D;jHn
zw|w2;!r<IOaTd`ll>C3)chb46L#ZZ%3CRGaEFih(z?A&!4HY0;77z*-b<b6uPZ(C~
zP>qE(EYhhG2oEe9Al!>FIO4!bmElu5HEL(jqsBq)$l+acHSgkKzAo8Ca@B)_mq!P$
z&6O}X&i)+mk%xm3a%bQpX8|kykt^X*lMiY!jl;G?LrrI@e_E4QF2W#G{$wj^f4fm<
zkWm~e)aAmf@SOqhlQ$5YSNpBfq)|Q96aUIwdi+H^JT!(3)kl>7=FA5~Nd=r8tO3!#
z**zF+A5^uB?7_$tMVXDYxr`-ZfTv|+?5eL}7=OW&hfybuFxcVP)!kUlpFtM-YF1u6
z+!Y{P{51!g#)dqQ3aj+r`WW}(AWynHS+p9TZ~dzd09EpsV2{Q|cK{h)k(|DUD2|F4
zeG6~mIPUo`AdCy%H?Bah#<l`1TNop`fAbxpSwXG|hEK>I^7E%-*eoX06kc;4j*9*n
zSN=8u8Hy#F)FgfN3s>A<0B2GsdXQWvP&&9)T|_Irc|yfdYteNK7X{XRqCKS&C?2iJ
z^-PR=NNZ?e5`H*I`+1ZTZ^|TJ`{#szJ+qdQ)|AElfMxKw)n?5~RDf{NlxwsKHFk=>
zOUse%iBqte^N?UK-P<N2f_Dm-VDXos*6MEeIJNGFtktG(2?!`O52>_*r&S-3iY03|
z(h*4YOo#aBxK6y~&;sdO2!0%5O{vyYz9frz^dvw5PeM`$N!kZ-26;u#c&pCR80xx3
z&4ja!i%?C{cIlj%jCi?b(Smf11ZF;6YLU5M-YV#R!NCYR%=+-^C93L4xd&|L={ijQ
zGNXBucBqriJNEukm-f#~hQ`rGDZRYlS=T%KcinH3aR{pE=YxG_Dxc|x8|u{s50Iba
zMh5FKCCqsUQ1{8?&h2K;p620#X6Cc!V%zj^4s{#;17~U)^xR9t8-BU42e8ErR<X_1
zyU*8Y&4oXS7`WF<)S7c!Fc?voYfO0Xr^wPb?+J5wM4`O-RAsHWbTu#WCU2U4rc+hR
zOk@Hyy12NxxOBO=jI*@zWNDRcX-#Bl>Dj~<rZc>x2w&WPvd*B!a4x}ce$Q8btY>L>
zb74PNzv0m6IB}rBuqO2~L+~s|5VY`0aG5_Ieko$SSGO3@V+a9b*1s+P=~=#;G~S42
z<t!_%KVfHR9RC@$lvr-Gi?e);V|+NYkR-B_mv40BtK3At+)O`VMw8jbMk}aCM_j=4
z+c0aUdalE5YGHAi?8Pei@bZS?V2?sXVG)25u2$=yb3kvn`^XSF^%l3ngeFM^juxV2
zF`jZaru#JyqhMLAPRCD;Prv`xc(bVaBx&twf$5UP>gFh><JZ~%C(khz24`pPv~J1k
zn+c@XL~zOk&u?Y)i6PYSC;2FVnRabbb*+Rc?dr+uqZmW0GaWydwE)=camkttyZL>a
zX|Y84zO&Iz;tE(>AD?f1Sk<h~SO3u6{HL3LN^q4#@BDx5>r$4>bb4u044WP|>yQ0S
zA4-;GEjP6(mgFo`H<|IE=wI1vbCCAUBVTk#nz^zzdX!gB%<(4&a`9o!{L|Al^ZIqv
z)ryy?>2rxqnOB?cLgv}lo59YTtHGP8)Pi^z^N{G3-Ewo6b_0Xn%~yUKw9?xy6qa8$
z0)&05%<9dA;^|339<q|Mt<<HLf0rAQK4_PhTiWrN+YfK8EN;~$m`t%o2odWG@~uPt
zbo)ijjF*fU9=3|){oxGNOiO0;u8ZX=%dr)#Z?X+FVwU5cE#&E0+_CK}x`+82?FL*e
z21<XW81>(XGE%PJae-R)C+-+OEF2#0PC@*8*#u%js2^Ff`}bJQ7#757r#+`OcrI;|
zk#1>RzLgSV!{um`vbCH#4$%4b*4ttGOP&p3v2K;u7Bbq>AJ6<vzwO4NZC2bq=o-JN
zcdMen?n}jTOa1;Aqt(=R02-?OPCly*DPUo=6=AO?*mqBw;mLcEh0@-#a_Oathy6qb
z0&a?(!6mzqd#L^B@cu~sa;;@5#M7ut^zER7Dy8Dc6Lb5%3=W@S)t~K#){l0wRt^@o
z?1rumm$vp-rWQxp9S8V~#w${&v=1lw_6s3vlw_<)s72AC^x~L<`iHdyik^ilyTBNm
zHY1BccI#8(<73fdEO8UA;?Ab!@lSdGIdNO1wgA4WdCZ~me3J2k(dzP*<H?r88N*Q%
zpVJbt^F>7?6zPAZebP4p9FIOWC9b$}wErVLS>k7UZ@GKkyMOes|Cizf^xGM9?3`2~
zL4=yXdFfI#;s4lqmEyh2R5NI{z!})#lu%&*DRLhmc6>VJ48uKnOzHTS;^>dUQS6&z
z@|O>;Uwn>vEzj8BpK*MTI_g^+b;jfG15szX0E%5od!3p8o-pB_A+}GOiO(NXy23cl
zQsoX=t<FQ-9Cng40aa&&!>&<tXN0&r_r3c}Bn|@G$Aeqv&wsxIXNuzjz$O-lqOq?|
zeVwU67@n{>Y?<Re@r)#{`C&m19f{i_^gL<Fp8ohqi2vO>?^$fq4tu$Yfb^wKK9K&N
zUFK|S_eiI$=gi`po95Bkulj>EhIhih&&Re7q$%A8*)Q{G{ed1c&Kav(e>KG^)@Fu_
zeiXQQw7J_1yI1ylJmqtb5ja)*X063<Pv7YBS$W@E^!I=7)d;^|xGW#pzklzb_MhCn
z)kLQBO4`*zP5x@gYqtWegPxF+?Z}ICF1oVp%XY(pc^me?SoU_`DBJgTDsP+LfAJ(=
z@-Y6ufh0B)bYIsDooDDZ5bf2l`grwmdjM0I=Wl#XM6vt*N$J!*t8(X2Lq$P&;Ro4c
z(JlHg$C2^qShUcU$-5Zq7f*f{vVDMwd?<E+=UXmYR#?%W<(Ql9v1`9K7&%XExLs#x
z{M%Lx#M@6dzBHWL+*h!w`k_IC(VXGCRf@hkx7aGk+%9>d<DKDAa%ENKE3n>v+uC4S
z=5^Zs+k46@qVLix$zZ+e`)Wp}wczI4oR_q^R&-r1-tE2xfzvbjmTPBiL&XjES0&Sb
zh8xzt2b_(P_>RHue~m=(X~&6?+R<#@7!Z49Ztr%#|3!w`Rt@n`3cb71`VjAU6ARsp
z53wBj=;<-yHX`=0nnXkKdZSC+CHlFZn-SVI#CO)oaY_?(ZF$%4;`1N-bzkP5Pq7to
z`<-58d~)b@yX3=qrRVA_nXYJ<87>|KgiFd}eFB#a1OPY<I7dz7ATTyTRy-Hxo&YK`
z*8@)&VHA-0Wjv3~8Ebz6*V`KV-LrgU8~{Zl1iiAQ3IKYX9qfMI?o5{ngu?YSw@30`
zCX$LYYjUb*DW-Fk|Lcr~%b<Y9e+VmZu*&pDJTD;`(!UOeqDG<g{)%^@(RI7R{nhWI
z#bD>zwVr`Vo)s+rUjn`bQdwnOaw$Paskri<a9T!LKb|Jj-o7OIcSoM40jr}qFS`<y
zYT2~Y-jv@8_iOJ>PO4g{<v-FYaVUC|u5Q7rX{X)E-4?*+aCdFp;xK>Z@cM1#`HuVY
zSt7$*@v{S-YP;zNfa3NE?w7X(QB_h3XG#40l*dL{@zBNXaT2@cf~m=Nr~Q!V76*I4
z!#2%_x=&(gr$6~ny7!!q-!cY0j^EIBx6!hu522PWq;sRu<1`6+6kx4GuH5?GRR3{w
z=qI_SFG6&^KBxC36Ujz-vIPCkPFnUWKYWoDTZvP={6-VM?|$A+kzjUR3tK!j`Bq%n
zhA!BncrrUw*A{Ovm?1*k!rC}MNt;A)(6hjd_GcLTSBO8hE7>KcVBJGX@B>H2hozLP
z45UN~SwhcGi6R}Xt8WYLhEu_8xr1*)lXBm=*lgxLF|}Eh4Pq~}K}%sq*^6k3@y&{|
z3IJf!v=ZB8m1~@7j<RYl>#VZpyvfE{rF#+Ti3vvvONm(12+o2IQptnra6YcL{yh&|
zTNNS-+!T<Eq`88~R6{~83Mp{}ZzIQ8)30**DKEY<oK)`p@{UcKqY65%|I%wO{+qXM
zqZjR84LP4HtxWWiA>^-wv_ND?G94vZyuR{AZIMww_}C#@*Gn|{nyE8e(t7<KB&rli
z)CZsD|1|oqIIn$4U+{a!Rq4*pkY=K@KISnMmlTry)>?11lQ`R<alJIsUV2(z;g*k%
zmyV;ZC9OO)-7jp*DmkC;2~G_X7<_B)8eX{YK$o%xg-d<)6_pjd<MF7IJGbTd<uXv7
z^-DN%@G3#Aa>0HA$Y|$2bzN}ap5OUvfNcqf!%-c~k%tl8uq*_~6GrauT`4Jyv`K8M
z`VH1?!evVYS3YzY81DYPZOg8HTkGe!L)QCR9faVdlQ_zkcIgDyzKdv5N_{Wgx^O5x
z`)jd%TC92MlHs;)QozcgvZh>eS!%6)nNAq;z>*awd2P?NT7H%aGLAp#E?urZ#V|8k
z+zgOOe_y$*thl`h5Ib%@|HD;yca^FQC5U74ffAA6HNt|gQ!2G2y(Vv&i>j}94}Akn
zvpl>k8WmI>0z<(6;MRuc`z|MLf5#c1xGVoU!&Mht9}`)142S{49_;$xa?lEU2Yqiu
zfJb2FqfhG%AJ_<W!+#m$f9(0brxjtFH%<u%yarJ107A4`!-&zS5I8YGD2oy!NmpZG
zvwuwF&oNS(@uC;(6>JeQK^TxVs)w5a1r@dijt=6n^UtY-n%=Q2N?XZ1Q@4o@kuneA
zBS!}Ek~%pju+YEb0Q2FQm<G|2G2Y_>ULaispGxzrv*F~5$;ZbhXxOn3;O}B6Mv?e@
zQ5(Z<04Q_<k&x_$PKVF@H1vv(3araFd7;~HQu5f+u{94&g9KAb0h8ua=^oXgmC#3z
zzigbb@Ymk_G*%Zvbh5IGKb}?ej27}B(ZS-oohVxkD?(q7V!>xKLr*PSKhGX)i0a0-
zeu!59@7;1B!Ca&Mq;*+P!!T%!(hz>tFC0tLLQnG*5Dgv^@a`Z-gg<1+du{y7Eo4nW
zj_VhHL>)*LfRSVBr-A|ep+sTZitCyq(XQliH*~~`W+fW7NuT{;o&Ydl1;V!QIv)=k
zKx_cOJjS{eHb|-R-D_!#doO9S{c+>c9-7ghWzPaiA&ZG4Y<oCZ6QKwc5~s$iD~eQ=
z+f1C(V4Z8asn?x|p=TFovg9q1V`3z%2m^Wn0Pq2r%2v7ph%n9pDc0G=-o7QJ3GA~!
z)$41L+ITF5Bxf17E~_)54UPFF{Bf;UOVQ#$g0SXc(R={pKcqid<3AJv4+y5X=XsIs
zr8;z0-_U-~>r4$%ULbvIpPgR-CdK$eqp+C(@ecenOu$4yR`XOFpNDZIh!XjpNtnu?
zf+h~5M<Lem=@FmTc&X8aYkljH$dUJ(c+8DxRy#{0zu$SOG0sE-=seNN2VZ3TlC%*E
zT{>{S2bZA@>ECw{JJRYed#vDVG-3~Z5g}TWD@5-+%bO>ygXMTkmyH^`*oWuCHR$Sq
zv5h@^FA!o{JnNf7jlC<Tr;+c<)(QOTYDFKatwo78m_ngHB&BP@Ua4%bd4K--Iw}6s
zC!S3(_svgjhQY*IgG^4frh&cknxrl|DS^+k;s#fOsUHcq1S56(?Agy##(A~}D{h8#
zJ!;dx(QQkdr_{I)pMO3jvgST+8VT|E^$(mgm*GzR87wWFw>Z82!Y*Yjf#EEd#dk;E
zc&<0;s4iNld{_D%&4l1XU9knv-kXu8iDGGi5@X*rt=j*FDw0G(&7$py$D5~&+Ak~a
z8O!XR$)ekz6gm0wW*t}v&4cdBkHK4#L+G!0)9o38RmJ5iCO`OrKeYXEV9oxIg5aR7
z`VO35<wx$uXxyzBEJ3fTf3P_g^r(s#W9)Ef$09L57sKDc`+FK1L<`u60pRn&F~LHu
ztHdA0yQv)m2$Q|R4}<^mA8CX-{<<uA_51rGt#h?1W`$-H+4O|rG_kgIlSHh8SQ`xi
z%(Q@RhTr{omSGkb+S<s%m;z?V0x_DyL6ph<1D`7{@{O@jCis6)QOE7H{e>Q>V+qHP
z#FY?E42WC@h;LeTQT^F)mpu##^%)JQTa)Tc0mo49aQ$u?H>|LRZRFio6Ys~pMgnPO
zu*CAHs}8cIO#yhv`1HdTXQf?<iT(2A<%3RnC07bLqLVnz=z8d#-)7ivAYtBX>jvCd
znV4<14Kkh^2Mr-0MHc1}Wcg-xd}&p{QwB;gD*5a)gKxoe-<OZeZzsW02{0@GM>Okf
zPU!m$2-ZO$oQ1LBPdUYsv^$%r_~2^zslcoOILvVG?a!Gv0y97y9i%T@|L?76kEBsU
z=IYU_-9M|8-Z$sRca(V_??oKH{|SGyXOnq{Lv_E1cdY<;*kuHZGXAZ`4i!@YYM@9Q
zwAM*@IW|*kQxiyGOu&X5<3)pG;OD2yNB1)jJq4VH$I$y><ya#0k~@6=hMdqId;JMc
zJY__r=--`%KHh|>&ML20ufT3!5PH47>d7MVLf=RMa9WYXFS5^5062X={@$-p-e)|f
zSY3C?Ch#(OV~tiem?XV5xU0evgk_OetRBoFNlIuauHL|I`zR^G{qXu6oQdd(d*XMp
z9WS65y6hjUCU=QUWW6z9a{ze_6U$TvzByn%Ux&bG1y({B0LO#x1+mSo#$GdV@ZsY`
zWCuEDF<GV`OJN=_pjj%`wtA3wRTxNbHoFZIj-%<P>mM3;_?*m2A5VU0tT6Lm<vfm9
zQ;IWr>NN$ld<iZCaEr1Wt{OqOW>^J-d7%%vB1<NYR7wurQ2K`){*auL$14KNW(QSB
zh&aoC9vS#LNa5aTVJ~$y%k^gK^;jP>KAJv%&s=FExIk)<KuoR?TdqqLmboBThIHw_
zTVqUHE^I3M<B1acZH}nl`t#Xb_`?fvE+%CB`dSfEhJjTvJ{{j4Bil|X=fNW4x-LDp
z{%no;BZNgNhgF<(4SG9cl`gZmnfLl=1CKLdrU-x^l!r=6$1_JtQcNqAm@7-?N%gYE
z6|t&_=BW>}R)nov`D%z;SkT~`dpPHt@c2I>%GZfm{C9Ce*z#W~=gUv^iV|eU16V}4
z*!(d}L=-uFHf%=3pWib4FoO1i?-e@^iX(sVLIxfe0I1k!nYKEs70BZ;1ZXO~2NUT|
zbLol=UQ<&J%Pl^NKEf+ArMvZw&3tPHb>sLKHc1K~d%)qn#;>PaUDO43#OwfJIx}Sx
z2pSuxu*Jck<aoEL3B?mz%SO27=-V<Ida)~Ewv0?Rtwp!9uQ&RT032(h?IueHiY@yJ
z1ABH$4~8v|cr-N3=)>;Ttx6t%d0Uaw3i%(0w->&fdKBmYdDye{{+H!@Sp(nxEz>P4
zuyjt~CyrB0jzx)@;S?+O8%KcN4;v`;Odk9Bn3V??yZx}GzW74W9LGl^PCxA(zxFNP
zBtwYKs%*b$3ug5M?}6jh3zUBh(^I2-BgfJ6R$?PQ>txI$oFe9J8S7BNg`oIQ-=m`U
zuGZa;x7<xRL-%&Jf(wP?IeAI5n+!I#%62&CSOwcTqf%p{Y}ulrWQ|f-{CEg7Z9UM>
z+CkYmh`AsIWD{#!7^i3bK4;hW%<7lKR=l5%{!liKM@#~RS){hj)5FMj2K`21TS*iz
zvi%B<66K-E$n$FUIIrzo*}WKB>pYsL@n<_J57ygnuy6LBV77M04vL>&*;qe39f0g{
z3T)HR+kW;RfbhuY5F>GdFz5K}1-2#b?KTC<wsxeuq0r)3=x(`3#v`7Nu({%(UDBcw
zPOlK6V!rLjd#*RDWv_9cMV6T2m4bR-JC-7OF<>3++0b^S?OtAdaYfSpukzx2f~Wbe
zMntR$l7de&`0P%F_W?zPdWNL|#A9^<sK=Ml?Jr)|rv^g@zjQG0bh4Lq^6_+umUU?Z
z^i>!k*MOT%tJJfS)T5F#;?gSDgAi@o)nFuROkpb*cN?^*ZOu*_rwn_hy3#jru|YB*
z&G8v$@*=#uO#7hG%f98TB*f_8hv{CEDMzpC5;1Dm%$G|fr)UiM^jFxPmGr(>Y6)&S
z*QEjPR4VD`XV{?_h|C_(*wJ<hF>iCy{xAjasHy!|j|@B%vXyy%erTUU+p;Ltx~QOR
zV(Y=K?kx7gpgb!hUR;10V*_xHdFlZzEl=XD(kpA)+jI5YnI&bwNysZqD$~3i)z9F0
zZkcD8G(9N#W4WJb>Z1G`fvtc|ifMvzh~QRmg+oh4d8ll~sH4@V;Uxl}r!G&+RSJr>
zOj%WHIDg5O7Hg|5$5%`x^U*xAhpA#7N9Cg&d1e<2l=K{5R}oTr<v0=l)HLO1{I8r~
z&Ee#A`BRsn%RJ&UzOfS9l)(RvWu}e}f_E-D9d>^nQugLDx)zvAZ#qKpuJ-UJ*sYc-
z4wm9!Sl9_!_VKReEEvJ^Cx_)=c!?03<2|WCIqG!J9`<0wqB+H)u;<i_Irdj~n7n_8
z9!NUcz70;|bp}f!F8(FP4<}WFjwhPVmyS`+sT}gdX8N6*PPhDc->32aDB!;wnglqm
z?pP2Aoe=O>6TU+H?B~C&>X02g(XJXXcwK;*%hpUS6!YTOxH~aqFQOVhNG#_k%dGyT
zfI+)((>7Goc1=E+;r%=aeeh%cE6qmv(jxQD$qS0m#yO?3%0J_Z{Sq&~mm|R3us|@A
z)FoQO@?4PhWeuyEU>8)Y<3B+_9Z=s>hNAEEs6CHTkk?6%75Dsz%B8{|<N~i0tQDUH
zb#p<ik<25m-Qhe$xi9Dd0FLPshUdG)POIv}Q02X9l3c-)5Ck`e5Et*mZ0WH4@d79B
zOQ9~+BVMN;e8!H==8lwqYY;+gBrSQAzvBheo(giGbAgfI*6RN%g(UxugX%CoHO_>u
z&O5^a<j09eOQ(;<d7m#=TE4Ilw^|WDx4GUcm#7s4uu`(|3(JYs$vwZ2l{=7CF&-8*
zTNAb25HziBKm2eixMeBeVq2;Bz6wM7F5{%SmZA>8cp)K~GW1%7N53w`Qh0Sph}aS9
zpo+NEb~(;DK*p9R{}p)Ea1rlvSO;X|mgQ9alCB!NLe$9n@_F3PtBZxKi?-Wp4d5B7
z@Hl>R9%7E=YOc(?E%|fHRW<CGChZJXcG7(LL{!5)A)tCYbvW^!cz8dJKS}h>O2llA
zXil1uTj<>0dPKS2K4T$+-OF=fgCCb_FC9=;B8Jl<w2%1*KqXTVx(c<c#)ak0w`EOU
z2Y8Ocrmrsb`8^hNzV#EhC&{WB&42rXJ;+SbHMSE~-R7$BtDjpF#b>y(Zu$1|>(zMw
zw~=oigE4U~9O{*@aroD<w?b={ExV(09*!+fiIsszdl%2FvT?w_83@H(^0{u*N&3^&
zcd4rP;r#e&qV83?;ILwHX)$+i51&GZu`OfWhwazig6}iWj^k^&Dz8=-)TW~<TCZPK
z!#-679ldMSg|6)2MYxZ|h|F^F&GB6xPy;vpw55;V!!IAiWWJo6=f+?t5&t@lr8~R!
zy1~nXp0BD{Xb}@Wmq=f#dtQ5m<9??5wxu5#r|4b-BwJMbnB23a>|W6h^Lr%xuia?`
ziu=1RXmrneMA({4G{m*cZCdQ6qcX;-f$p`t)_DIV@WzbrgZcZ>Fxn3nMO?-~e9Jn@
zC0nz`6{`v#tv<2ywLnWB#-5rVd15?F0TB{mv`sEwod)t=8@>PeJkiq#Fh|<>p1hMU
zy|8$H*iGZhB97FS?%7RvO+F6j_G8OcR-|J@rOH4&YKrSNK&Ux4ax;-}BmezO$Zx^p
z+giQ7;`dhcF13%dx&I@@Z~jVnT5KGiBLYCjSRCGK-{S2_RN6FW&=m6To5<hRg@WC)
zSP;vvBO(}YmdZp)Z%C-YdTGy{boD*S+W`e#|JA;G{kMWm{EsKeVsj+O^Sh}xUVh_;
zFO}a@M;iiL9)++5efD;j6li{T!{gZSDALuy@!f~cmdt?LQ^66pxQ3$TKM^ew|2}5A
zj*P#>WqVd>^2X?W0hv$uS)&UDN1b<7xtJ&*w&}IarS^7no*NCM2wU>r2ON)y@6G8G
zvq^Ammj1oUpUK(vWp5ysU)%Cd!2}CMlne>25Cvff+-%d?>stnHo$JwJWILmTPGhvB
zJ(Uf`zTZHizBk#+eS1=q=i<((t_<4uxTW_#jI};0O+M3K|0DQLa~8}!Tg%(4^vv(L
zwPTuqlKbxC-St$Y)1ny1uUK-34iXP>zeKr2B##A!6|xq1kKp37H|MW*`6~bT^6p#h
z&hh^RO9Zt0B)sBU1!TbEM}FB&J_X<=k;S_I5(&_QG)Sxa;cq1FkHqPRfP<_4!?C{W
zS0Cn|UO=OZr{_NMuS5kbzy@%<@4ws%wEpM;zL!r`?c2WRU$xvP|1l;&3&39Csy^;z
z0LZ`o@N*Q?N_$mmB=@(!Nmw30tRNwPU_pZi5hhf)kYPiI1x-Ytz+%Dxix)9w)VPsj
zM~@#th7>uHWJ!z)04xv*z(7lv00P96Ig@7nO`A7y=EMnrr%s<gb+U9h6oAMD02G*1
zx|C^Cr%$0ql{%GbRjXIAGJT-J$BGLN!G;w(R)oY17$9U-yOwQ9lqy3CB?^>oUAuSj
z(v>^ZK+%v#leQH+m~dgkhY=@MoDsqU3lt)J9XpvaSQ9pkENI|hac9pX->&4_H*aav
zr%}(`OVlXR&#z&}mOY#HYzG)D0N7x|L}lNVMeGRSBSV9VwUH|h9d|U$)X$+ux4HUd
z>%hseXV<=+JN5((GWggKImU1E2`|`KL4ksT3TeB?&$=8Wb?4IY=QmBgrC*SM<qJ^2
z0SPS7BnZB<zy}IKu;Bs`&YSFl9sO3w000Y?cz`nlIc$o)kL=S=#1Zuxtv~BJOi{%Z
zS+uQ!1|9<-gYkB_ptlGG5a9w6A_!pvo-9z{f#X^%5~L43qHYYHm~7I?C!vf|$|<R=
z(#k8R9K*!EP&CrZFTo5mstLYRzyb?-+Ca?+*lg3yH+|ed1D+PJK!pY>NI=XzHA1o@
z{<aKM&_M|;)X+l_J=DLC0OZrrM<I<gfk_*v)Y3~a%`*Y`BJI>qjsQ(m)KN(-)l|L~
z^{CNKS#8zTS78nF(~Uws)z({aJvG&iR*luyUx5u)SkGqFsMcJOO;*|Fx*XQoXQ7Q&
zTF_DwZP{zF#dcSYdY#t&+i$@Q*VAg5%hud;ZQXXGZpCfa-FM*)u-J@_Mc3YYQEfKf
zefjOz-^Av{s9t;tMps>p*!@@Gg&A(xq<}9PxZsJeJvgI;9nM(ejTMI2B8e#uIaiA@
z!kFWeQBGM}j|Tu*<d;n)`6825uG!|B$At@|IkD{7=bwQNT4*LU&==>Ukxtr6mXD@c
z>8GKNIy<Iuc3SGIvCbMXs&BSh>#xBMdn&GN_FC+-(N6m#vTHV5?YH4Rn{Acdj@$0L
zqn<nEy7BJY@0#^SneV>|FTCNvPafRx#TkbeagG&lT=L0RCim;eDbHMUUmxEX^UXmI
z{n5@f{#^9aQJ*goB>)&`-SyXDk6rfJX|LV(+i}lb_uYAyou}(k4_^4uhc4du<B?C^
zXW)l#-uWUi=w15hsjuGp>v_lE`R%#y-uv&t4`2N8$uHmh^U+UV{q@;z-~IRDk6-@z
z>961Z`|;0T|NZ&z-~ays7(f9Ikbng=-~kbsKm{(4fem!v10fhe2~LoL6|~?5F_=LO
SZjgf=^xy|U7{XQs1OPjGKI}*U

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_backrsa.jpg b/www/crypto_files/crypto_backrsa.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..53fafd777c8aa476f699b746c94ca6488a6c1cb5
GIT binary patch
literal 6750
zcmbW&XHe78*C+5F1PC1g!61Q9g7n@JY0?u=P`V&0O?nBvN)r@BI;d2oDgx3WbSa@1
z=`FN`s&u4@vi_fEXLn{_?e6!^y)$?2nKSd5^Wt93TrC6FbhOY~00{{Iko;S~)n7n|
znp)jJQ`Jb{;5L_;373hTr<bF<8<(`0q=Xe0mw}z{Z7xYEaVexYQihA`fsd7oqjvz8
z5|_NJ2$!L&ySul8qnrJ|y9D*sJfIFxQc!>?$SJ{KFclRgHSKjeS{fQ!HYR3<>l`;>
zoE$fyP%gL_KNpV(FBB>uFDN1*DI+5T<3}nXq!h)ZWu*SogoKKUik5~JLPrOY;)Zfd
z{Xgfb9blvc5`bV32@gQZNCILcx#|L7|IFkh{}teWhJ+MEMos~yq@t$zS5SKmASD5T
zNXbCt<YZ+3szd(017wWkOx%*H6wD8-z&x1iQsGG-DS6c@zp)s6--k<Edqz-Ev)+KP
z-Q>H)FCZu+BP%D5K;Bl@(A3gKp>+(6j7?0<9-7<O+C8&(aCGwW_VM-e4+xBW5f%ON
zRZMJhN@`mA+js9X^70D`i;6#eE~%=nsjaJTz&3Vtc6H-=di(mv#wRAHre|j7R#pkb
zwe^k7t?h%uqvKyEr)TFE|8bE3p#Nt5JO3N@f4CU`xk$;#KxE+mxJXF-{%sH=89BEk
z1(WInuoZ@xM=G51x?0l5%5PM>(gyo1)}G&~S>ZA(d<Xxb{g>?j4i@qMCHr5n|LvLs
zXh9_Zh6iE<RDjdq>BQhCXHjx*`7e0`jfPkTxRSS5krFoG0vl+AHh(cWCVL^!G{&bl
zSaxM#$J(1d{X3D{wP_){1iQgzO@Uc#Rh;zE9kO|ladF|7zV5qlC>NmIS@9EmM*_^k
z2uWV>27XhQ7YDhyMdp^NPs0d03<L2P6Yjy^nM%ll9|>h#JEkroH!pSWwwmK^ocXcB
zk3qb7(JC+Dw25Iwz{%z3c2J@=Ma{HE+J{CT?u-Rs2FV_;X2Z4s6RwG;*H@BOY~+a~
z32S11rPzzx_sta_>?5p0Xc4;%KEiitYq;X9i`3-9LSGS-Yir%}9_l(P5_TdG1l^Y@
zye=4~_bOf~F*iWG*p1zBS#bumJ>Bt=BfIMZTk5{rcQSdh9DzycxZ8qC5@-)W3#78^
zm+%Hp>7@x{jNq$2l5J(5y<b-VtRpX3TaaZ8Dg}jY=`|`lpb1L#Bs+ioKLCra_m}V+
zu(2i;va{hQbj}z&6<!qbqVX<K@##?#KCBO1?!Spr4%~?Qinq$Bq>ZwjpACl%zYag?
zZ)_CCZEto8_0N*olsgtCOf`=zC&WB4-%rgj`Z=VW+#epVznghWIYevfkvAY3Xdy77
z`pB3$uGEo34@8L16KRE_-3&ci8)KJL@Hjj0(JKaAs}+9^_}`?!C(&)QA2;WGRi^d%
zhB1q>G*>|Fz2LKj2xPZUz9dyUk-&TW<!JLFts-TlBIlMSU%HWiDNsoUg+`GP%8^?}
zz{clpx5D9UPr{C=-&<uP2V-No&!`oJ2dUm{M)%tHKfWVoQILN<(=4-TZLZ7gy6Ktu
zkoVQkB&wtsW7o`VRcbS6G6hQ?uNzgdnFFU!+kCS+Us-b{{~S*=*mt8(B=e<y3wIxw
zg88t{R4iKep?!74z_;-}KiSvw0AI36jtx6*JdZ_1!UF{guON`Qv1%MWnl&F_h$=Id
zNw{SZ!=I3u%isSd>69evJ#W7lBJ`bP=Y6R+Eje+k=-tZ)Jj02Dy}VVa)jHQ*sC%j<
zdHJE@2!7J;ov+c#i#x7g7YCeWGY2aNKsRo1ni%kVNQC-dXSxAF;J@)c!@J8bn%9SQ
zjW3|-26==v#45qh6hgf_*B8QENl=;#<?`T>iC-R5>2D?d<@$&5Gxum?+{&Yjx}tQi
zE2K8N=^g6tg$<ASeUSG4qtZDP>Q?O^IY3fy<d!_8Wz<oQdr*%VNLM16Yu>q4$2+#;
z!@;wXcaZwTLD%e7kiv%CK{cv-k?)yTbG}`|Kp&3cp49YjFSBW%K2!CoChW6@jO{72
zPNlXzHhijNFMF$+_MilXs*qkbzI$>ipQ9_3uKo9YwChU5j8rO`8!=aTEg-^$Xj{5*
zc4wjMS@$w~$J|}t!1UZt*$?TvY7<*=5QI&_+cmDE$iz;F!Q`Oj4Bla`5cf8OSrY?F
z^PfM{KjezLrcLIFK$Z#5FVXaQyYY<K$J0M_B{qmr{Z^}!cLQ_Y_a13HNVHX`dn=bD
zqps&1;;tWSy=Pw{1;>etTajn71E}%!o_@77{&i~F<pP-8;_S%A9rwiuB|7EJ?vuVj
z8liURxwQ%Hd;o40=<E5wLYjj<`Ji2RNjK5`wo9hYwd=|J0010wQOUzPcvNm)7&ji|
z_P0v!50}YBty-!Wguhd&+1_x(nW{)!u=HL!Z*hkZC{y7#eKNV0*)!{o7*x8WcvWI9
zGTuKp$#y~X_uTlciQ)`p&}y-<h*;Ve7l&QYJU3oxZBY`QR&k(u*z9gcAL{ofn?2#~
zdGf}EX;Ml`F7A^W<1p2pImTH&{Y2cEod-8s!v>;d%=G&D2%3oGRiw49W~jUjaopI&
zWZBdL4!Wy!<`x6aZS?~z-4%Ax7Qt$pZ0}!@1Be0nQ7A3F5c6jzm~GDJ_KjzAYo{Yr
z*(W-)U=eI5G`#PaGtH39x?biApnbG0cXCv?o6DpJpR;e6yIv#(AvpQ$YD4&e&s;Y-
zp}Ac-d<UAfQT4Cf^IEY|sCuTwflj#S5fc@1rpap>%prtdivBgEJhv5EPeaEy(L-KS
zUCk?1y8MFrrsS}v+T|u5=QRDY8MeyKz%-A}->$p1?V(WW9^=P*?&6#3U&WSW*Dibo
zh%7)QfMHQZQ}@D7`0WXaZq8h~%Tk*;7AfDA2&N4e!K~$m$DlknU|83ncH&sn+&SPY
zej{`6C<pm&&-yVE#Cdrh>ovjrL$mm`qN*LS)V!3aHukQo09`)_YyQ2wKikJawZXPt
zuAk?8GrE>93V+duaSl1r4vL}D@J+MswaI<!SFf676nGk0Ye|jY-R<I8sAO!cettx*
zz(TG+jCfk`lxS<6aGz-emx0eo_Rg(=r>oi-#cPm#N?h9~(Df0ICKz-IOSjwRS<~N-
zm%84ZRjfKmx-RW~UO?RSiqH+3at0+X<`qEi%x(+5Dj!rG4h%<8+=zc)l#FKM5F8py
zBn{d7YJQrj|H^#rS6a)!pE$IL(_R%TZdEGu^~7|fxcRX-H5NN+t=i;G|Gjd=KyQ!O
zQBL1+>ufskG?dBR3KQ-Ky<Ze?e%JYyioDZNmgy+$S}XmJ$NUFTyY+=jj;jhSQF&N<
zbvCm}giu+Ng4bLF`%=UrvJUHzH<s6=xg~Q0L+)O5Vt5{IAUz^^mf<TMw^1DUv-~f!
z|7!oR^OrZ|QxM~Vq^LpKJ0N}l3I9#+oDsW-vh1ql*s70<&+fsy5JOY$T<@js;Sf}!
zWbw2$dVtM8H+A2)FFr+){R!>7t_`Jf8ScO3n-aOs-wWmd*(Z0VBs4840@o}bsj{Iq
zl5Ws-U_tbS7R4pW#S_q*U+c-@7!Jy?$6fjog+*Ilq!7fP#WnI&mR!Em;3gD&dH)3q
z>)U%_man+0V*_CK9TK%)_J@7E9*+4w08R9u&QkEa4th7h3sy5uji5wuP1N%h|GA8N
zYyxkp=SwILni_1ho_{TMB6PAxHg-N%H<hGL;L|uGKp?!_)sbNn-(6ifv#;j~e6JJP
z>^8M2he!_Sd3qMF^}uc7mcwnX+2x&5WDUKxKW#4yxwSavSRAWs*I=DzmM*mrr6tlP
z%!o(B4=UoN(O(?*&1WlLfttuIoCUc!ih+7OJ}E1d4)FT%L(fJJWovcVwUd*ns?uLR
z?_gfIenj_T{=VI7v3Breg#bv=hvl<P*<;5<h--F-w7Y`WG!V)qoToy0>G>jhv>n+a
zUv~vudY1R>`*rhqZasU0H(zE_;nMzLlmgmpak|*%u+XcEHiSx3DNaJjEAG<=#+Qvx
zeN_*1<H(OvwKYmC9B{#~6X>eR!>#}`WshQS+n})}#|KaF7J5f_qv>Xh=3fpYkYvAr
zeQh0YU(*M8wBSVftyryfHWP`;at2Cc<3>U{f7?oyVH5V=7YDWR;fv_r-dN3e+fLys
z=65G@%9fpU!}KH~(%)ncraoir<%&bZa>_V!#<6u;E6F0cBAoi%9=CHpe=YYJV*e}1
z;WXT}fW~0#rL^p`*A?cZC}=9%hY?#(__xraQ~8RRCum1TI+6HTGb<989WrmW%aJle
zcpo#0el7XVESZEg!-m=bPlt8yoS&^L7>Nr_EbsZt*n-N8*@0<I0z$2iyR}E)k^sQK
zkMzoUiCB%h(A?;w&0%VCv>`*C1ogV7MnQ$e7r!Z?aZ=J5X>bK;DGon_db9z}SH4>r
zNFpj<!(i)F4*-Gq<8wZY-78yK7#v$rWJc`{kBHXXHLKG`KAz9y%&rW76C-1hD`dn;
zIW?uWl6D0I9g2NFB=mn{$BtMwunn6fZAxcF@B6l1vx}r8+FQj_1Xtu^@iiyQ%e#Ic
zMp=c1ya)tQ^P1W|P6OS*yWyFRLn&l_M)ctXPa4a98o0+AznPMV{f;ZS!|vb984GSB
zSVGOs=Vv?Y_gS&B(}Vo9)wnR1b^$da$C4Z+qQ`{pMaxG=Kf@<Gb!Q<8dY+7S4MMRC
z%Slp+AxOkGx8Kw^RG)dc`bnc(`l~@%%}z6yJskHQC9enl4$VHbjR!!vA0S(QoJW0B
zKtFC{NY@9xedp=E{uCywvz%pDA=MLR0nefjK(<dVW5<t!cvVioDI#I;49{FS&+xz2
zT~EUsA|oht_A!Z;<nMLS<5xfc1OdMQS&B|fr^|h&D-~D|=^g+j<^zlgA)Wi5M7a)=
z-oLk@E~u_2F>SraxTuNotVBh+6k5mMA*S^K%s6`Kt-j06VldJSD@(bsD;n%xs%tND
z>N%$?GIZE3iYEo=J^V<~2qk@3nq~cgSiOkF<*OMck2}_qKfQ)*A8wzfzjiJ*lLjA!
zPQ5S~x91Mr04W}Ag=b79kKpK+nrbo~2&6<Yh9VNgh40qm;>psMEx2b%cG_?>VYM|n
zN!S8jg;nthZ-<`V`J0v-aG>Vb_{OEwjxju0!)i)PsY<5;dh)n)>*0O>=N%lS;bu0%
z!_TA3i*nscnrt`%SDTxvt7pa5Z^SeQt)ed#J}btYpx|L$E2yVrF9*o=+KnRG{}5si
z_o&U;UpH;pfq$+tgDPB$gNv<?=09(Mq0E+h-89`*`^T)9HwgjC`uSR6tgzE@jZo^f
zW~5Bwrd#@^S@Ym7BS@JlijrD&K@RKof;3-w``%29CcmxoYlp)46U3UoZ8Be~2%cF;
z&yV)^32cPPQLseSN2Xq$JF>P@qs+V1H#M#&ykR+bD8c6M=+N~^*ZM|Xmsk_z$E18d
zxpOD>G$fd>4>BLwbN6ZdhW;dPP(u+mf~#NIU+WI)LGQ{@L?!4K;<Pk5L<c)%-da*u
zPlrsZo1d>Dz42Dm%})93&#6)y<J*FZl{$74wb07ZWu9brTBcnh!}%uf6=1JCTk2ot
zQZw`G)w4;ShtGT<4$$+*9zv0E8%6X=3iM8cb#h0KR3%$tx$OenLELW=_E>#GJ`mdG
zuG<$I&Wu+)+7u^Fa!(!~R=@k1wDz#g|I^pQ;7BMY>$rq9#i;`cG#j`4X7kZ(F@o>-
z8fLeXpC@i8O(%65MlUX|S}Jde<3H9OF0b+)$vmimFB3j%DV~s)JnVLp1(j+BNJgIs
zxUgt8UN)E+NuFQ8QVATJRUEUU+Xm(qU2b!0dsHYlv-!p<N$VMf^AW+UFjYdvk;*Gg
z*WKeLNK!IFWHLg6P0NJ{drW$S3n33IEYE72@%5dvrBTpyJk(Wm=t_&f%S3PN;d=!v
zX|N){@||V2D06K)v;)yxlD$2tFUys-r-%bK=DS8g#`OcNKBo2~{EFd!LdA7D@UCtT
z(ls5)Vm0D@Ul2Wg<0IL&9{vrk%G>qS0zYp}d%S(GLMF&KZb^V&MX(nMQOsG`i0~h#
z{8VlklY*UQF^;7f2+=uoPNc3+&Ew<HGP&24<AtLLVEbWi(#Cv=E>b@+w1dtg7_iz9
z9AJmw>;%nEa}HaPr&YOi20YEq$3iy{+l~Vvq`UVGxejkWMP68^Zueg_y@d$-D!nug
zN=^AW{pLMkP7wz~KB_QmV-wQDq)aP)V-efKm+M1*{WZpV(JhSXk|p=>HGfQTL23(W
z5halbe7Xiw0kXWNXMnXdAKOFK<v2g&Ycv`FaV?Bm87E|9Ysp9U34tHEkygjK{24cv
zb=8+WtCjpaRT1e+WR0*pCNJ=D!ED`pZk(G}*yteHq>=`&?0?w5=ASN0jE^MqRr*8W
z*=$kbbi3{&*+ps+T6{Lm#$O{y$K4llc(&d12|QJL=Ii@bqotO$WBKKIINd25dQL9U
z>s_1NFVb>!;pa%dw4uJW95g<-*PW(G>dVi>JlE%>@`DtsEnrAVqf38=#**W>P1FnN
z-qAOkdNY(;O<_h!<4fg&j5~!*1_uMo%>(Hxr*i9j7#xXs{2y?kXjtoO?H0Ml*dh2X
zU7eU*LR)_r(PnMLO;e4n-Us6t;7&e1n=5S)y}0|dI!o-k=VpHVqCTN%#^@xlw)~?V
z#`}am^A}~2)k)mt`mNki@82ReupRrkLTnILoHv5a)YjL4E!?O5>C&wbEEmjcM=!jV
zw_sZc{(8sagM<}<)(hT$xlum#%4;cn*rDO4G^)9_VO+#gB+sl|4Bp>dx<*xhq>t=F
zzW<9Y3A}f#C-cS1(V+q&=9b9Y)_)*D6Y(U6F>s?8`{`)axY^*;mB{wGQg<d5GO?1t
zFluYR|Am#=sqS=4F8>p;*{h0oDZc_{-yva%C;2ww)^?wManjArbw%v^+?L$WwQEH9
z7;m~NzChuA7VR;CWnG2EJF0GS#|N<%ki3nzk-i-zg$Ay*0{jVS?Bg4d^10y^m0Gy;
zw!z&4N`gb`4FR+tNHk0;GnD{$lLaS;rkL#8PRrHNxVjeVlg4<UlguCw{TTbsU620m
zIn~^%QS=r6<q#A`;g}L;7cLi}Ys;J?nR3plvX`T<j(;JH@wV<Gk)UVb&oa6oKIr^x
zu1RZUq@D;|0S>WW%3jqQG(D;`buOkZRi(+@8bAKB^<^umD`u@a@dK+Fj;cq=nf^k~
zKdt?DLCV>(G3^dPR*t56>xVn+%ugpOZ@gUm*F&<W)fQ^Ln5-N?vk#tSgS;?-UjfWw
zU6?oGx)l}b^fSc9%t2dF-l_y<)C2WZG}AoVkqQ0vZW)A|hN)W>8lHPJWO8$;v7&1v
z{+l7JT+b<F_to6N4cuJvb`H0^o!amL2oq&Yp`MJQ28fJ%KT?w2{Pjkj#{}_0MUKce
zimXTt^z=`4sn>m|TEF`rmU{$(ra|Es)H9=s_uLC-UkiVcONSu~rL>l$(i5!CgAS4=
zd`cV--&=ZdaCBP6<Tb=~djWHIRGJxApc}sjdevt*Z?Atwj1OL$*=u;&&l8+jMJmUn
zZQP?iEz1`-XS_CHuyqkVd#d&C3&<s6;yj8!st7FG|1h<S_MQ;6N$z__ZWU`_wXx1^
zOCHwOksO%iQ#!RKSywd7{zlbgcey619V^!h4D3Swto*&0DoV3*3{ZT{LiqIT+U00?
zP3ae}ti9u>ZDj^oQB7|`s|W_);Z+gIpft&+9*fvt!;6>WrLyjoLymA04{i9@mU$@;
zk6xX%hVusshNRBo6^~~vq#ivY%hJD@Tm1={!gRb4NX`o#U(=;5sGTU1zlXK0Fq<?Y
z<%^oeAQ3B&gB*<UhbCuBVRc<mF<O0v8`OO60<Lo?zC(mH@>Y%L<C9hSDDQVu0>r3Q
zLszUWOh$5mREk15bEFI;zLmb8soV70+0;3$<uGgbTf4)393=oC_&=%m|F&+~>0W51
zn94P4I^sutWYT~tXyv%pAz%WVT|&95BWz`6#(Ce%AOBrt7hu{&ulWg;lmtTQ3pR=k
zdjeO2wO3nsbcON4S`h)7OK&$8@6M~caJ~5)cLh)qm-lZk8*@v)A4A<P#PyI#(`7cm
zZBItdhjh!J&T@loovt~dOHM-(_uqQRjrpR=G1Cr6l@GF_zxtXd(mK*;+-tmYSNSi-
z>*{$f%v}4gfIJC&mg|pSEIuxSmHDAo9an$=$)cayLdZ`+P)^ImFWJ<=;FkBpItde|
z>hvul*R+}1-)Yb!_hix9AAiJiS!87#gIfeH##IZ!^(@w$8wnlxBjYkBa6+3?LaP8t
z5aap!*SQ}Vg)vX6pA3I|zWsI~f0JJGevfkM`1o83I=ofUah2S&=l%kUSi=ZguXPAk
zJ%HTF+g0?t0<;ry$FOe49};kHg?=hO^MUPG1mCO3+ZOt86z<CS*V%X;w+K)2%{DiN
z9S<?89A6X8CG#!h2oYFIc)D&k@J8+M#E=iaaLVv!t57Ud>fSZFF#%B4X-PZrd0Kt}
z-CP!M+_!aHf>O7th&MQNBP)`(s!$oZzWUMaCX4a!%zFA?HmbA-3kO**ltMCc*Yf>i
zzK^<4lEC(FvgSLhy{Jf&Jm`7XcER#+&eH?MQQ<UP=#tbPckK(+C}Y;eRKaaSG{j*h
P_wk)?#r^k2u4exSDsj5h

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_cert.gif b/www/crypto_files/crypto_cert.gif
new file mode 100644
index 0000000000000000000000000000000000000000..ec3d191688f269c7f22a08b92d73df232a1b1fdd
GIT binary patch
literal 17873
zcmeEtWltOo&@HqDiWhf^yB2r%MT)z-yGtqVzWCzqzBm+jcXxNU<v#CC?vJ?1JIPGu
z>rCb(Co^-TWF)zHj7+~&K|ewLkA40>|NJle{4f0HpFaO<|J#B8pF7al*x1?G+1T0W
z;{&z1xe4`uYdJhT+&tX0wzhV0aj|x>hJx~8_#XuP4;G-lL!eN<6H3?S_6B{&pwk_$
z&Fc&MK`xsmU6(%)h0A8WK3rEY6h|T!>H0l)AKIHnrCfKUzGy6!#bh)~rlEKuliTHV
zeWameDn~d7fk?Kobf!Ss0{G3*nOLAiDMvO&)~$S@T(ib{V$`i-soJnR5?Ri@a;4sK
zs$71|y=tx5aceY2&ZByx&GYJXV(jU3Ht8M$PYeLp?(~IY(Cd$b>-L7?$>l(R*7}37
zG&Y;f@z#c;sa&xrh3MNWmELFALVY{bKc`D&Qez<b_U4N<u*=!zM0?BCKSg;sNC|$=
zDfE4Gce4~!&(+a%fn1J4XPes@YI-7OmY$<kQpqP|hkTls!v*Sbe9FbYv-9ogdT%Tz
z?yX0_@9A!DD*zQ*<pb*W=%)uXHuttrZy?t?)Fa_EKJ-^K;VG{WJkvDcPs7r*&@e2_
z^iW*q@9E(`iLY@ZqVhC%4e4f&cB5DZHS+|2y?8*y$Q@{+%ffAHlKX72Vu8Hi;)gJy
z?vyn1A|fJ|cas3-xMoQzvOHQ*^!CFPKy78tA0BGxgGJG%K&wN$#~8CcfsqsNyox}5
zD>0PH1@}}SJVGl;!Xwi3x@VOhZgHAQxwKMPkh{!rN<{24Ws2diQ_Ap|Sg*sPH1o*x
zIM$VL6FJw}Ir5mTlu`0{I|Lq7Youx^eHRE6$+co`6vC@nI1Mo!O@4BQXGIP8??_&C
zH$r<+wH%61Wpa<;=y_ewFPoyGDQ&CD+GYKUs<2h-(~Fk7BKXCO5i5zK?DL4sqgKZ+
zJSCvNWmI`i-$)!usu;-RP8y9a+xM&ACGoF&C}8Cr8x{}gue&;lZL4}=OEk~>W?;{2
z{vk0VUJep!4ABBWz%k|0g6hTsS<m9tWW(>{7^Gh$lqEp_KDF0t2Aj~mOS^w)RJu%I
z!s*dZVObEC&3rx5p{(vy$a1XaW419GQq|bVY|~8`vsXPD)H=#k+Ie9z{F~ycU-`fU
zV>8JPhsaUS-oVH{4I^jwG{a3GcMn;Ycp_qNLZ)W8{wKGU-MA1=ZNE0e970$=QsOLS
zomm_iS#DJkN$rsP0VUicbX<qyu{N{F*is*018CW)*b@M6+kd@anVsdt=ANx<7xdYT
ze7bBm-)-YbSv+i(GyH2n5VyTdGw|Qo=6>FlAA3uk><rXyoio%erdGc`uB&uB9m_YM
zTs#HmEO*YHE$LTnPPr>yT-`5iQI!2F*#~D*r>>tIY>%wp@p};au)rBSx=g)K&zFAV
zy$+;JoYNTQsCJcMvAIN7=%5J(?Kg)0nGZ5_&7#bPiM$Se<ona9KKu{+S5XLyu2GvY
zt{7A~0>=a?AW__c0`v7c3?hs~X7nu8PljG+D><Lwk=By?gG?!0DLNmsgeHTeDmqeg
zJRiHoGo2rriq;UR0Cz}w@K?r7v?ZVbe`$Cy#}Ebj<4*zMp7apUYF(^nM*;EO@Q}c3
zUEH7d0+O#X!y@?g@!|Z1WEdmE61?>Z@xFx=<T4{N+VzQP9feeEBO~(OzhdRlVgnMT
zN0l>flS=_bbQ&Y0>TS0vwb4Zk7BXYntG7V#coCBa-k1;6Va!oEoNDk3rtxH7+Av}9
zuc+2>6Hd1D@#tc<BKQd_?S_nH-(t?P)(IPTw#;>;60QOGNvDj4tmF4$-jUWxmu9x?
z^XL-31NbSg)dtWr#J5E7q;<;YkuB$aUWx{5KgSFAKKHwPsVL6qbSUqA-jA44acbF_
zNbUQ4+=)_2uF;uT@B0E0<T7a~+1bPl_Pnk}<M!YYWsBzfBBmHxfCb%L#_WAD=LD^S
zNBJD+_P#_AnNBH;ZayFVp;S_yPC2!FzWCQenL-SmY6;y!x$;B#BxWg&;sGECVXgx1
z!&+mAZm~Y}q0&&EUTdaJy(wd%%GS?D=ZJ2pZSbMmae`j&rcI-Bb)m-h!^QxPe)%8l
zW9=V#1|zg~%>n$yx@bRJ6KeXEQOU>pczIh{wM8a>@5P)P7#d3{`qf#;U1OdEqm`P?
z>U^7fQ;i*j(bj@~ZMFWfxo*Ht9j?6OFX+Cd2f5lYOm2M_{|P)SU+tV~Gc)l8qm(k;
zN~RKj;h5Nk_92Z)-J@JD&)uVa9){Vo>TUKaw54=^pxSG|M?WjErIT0h%6n&Q^L6&A
z>)$*b1|pq0nK_P(c~iBqTky(>w_5uKmZJ%Bhb9c-Vh?b_Rs)aFXw>*okN5RTn`m6)
ziv{rCci8JJGQbX^#&Z=Vu-1%c+z2c4d4MUlF2w9z;|O+IXuXl?){@V-1dy7;+gzLt
zATV`x=K={Gvc^LjuC3Rz4T}j@#U^D<l8I4{mNnHUrHq@AM}gC%F6-?x84ejU)w}b>
zXCb0^{3RYl$-TsqG?_bD1zhA20kGLjfhQf9d{20N*0A>(SNuo3M?BL`i!OP{jFvoX
zypwj4_IVq=mO>4!v+m98`S2G;5>M$<x#}+Yco&v{u+^CWriVP0jT3nr{Drbf_6ofi
ztHV`oFsFJ-faU9^pw08rotafF#<;1-Q`_<h3`?Dn^@a(ePXCl-b7PL5o>>%lg|xbv
zt?pve7?Evd?UB>p$J^G%=52|S=&`Bj!^+9!ZG9~Eq`mvX?j?g@gE8Af{z2ZseCcgd
z0M^56i}9Lx?P+^Yk{d7sP(mxg>OZ^WD&o?$Z4%{PGYENZ{i=Th-@;pY16%P2f()=w
zslZ!CyK*Z0jNTP4XdhsU^%~S8cCc-KuVm@w?jc9MN^V(}Z}RsVqJ-EBN8$goq~w{U
z6}SUP;UDavI1Z#--edG>9%{7k#@u9_6>l$RDxpvfvH~VpFp>iJfX}gE{O&Ao9m{98
z4=gq)_na@dGB!ATJtYht=Aj!GW`{RhKE(D64*VIGIZ0bP)z5=sMCq<vR3Op-i=RSW
zLuIed^H=`+ycHiq5f<%-A^z^7NiX*%3Z3aGBiEa-ym?8SJm<_4cPZVQCr!<rb5;ho
zt8@O3?cJT{VKr~-iiA)6pC3*p2EIb{?2p|R{&!_4zPn4HyZ{i#Z5+hmT~np)X{My9
zJW26bCvyv|XK>QB@o^QSvbJ><_kI|$=|4MWu=~9E+`;M}0O`j0yt8n;DR$&Junp#N
zJi`faNOd?53oyaad!qg`jr|AaDF7Dd50rGkeY3~hq51dkf1FbT;ko{P8`iIa!+lS2
zWpDZOmrBFw(STt|ufqKgU8+$9r_C9a2bo0>m$VH_sY~XOxonu8Ev3h|MOPgh6a11u
zM$O>p#~^CzAmZmgDyigbPnP|~LBw#*C~&TS7M%q=Ll742;mj=wN}WTbg3Y*Hl}p_;
zQ-d9F!{So>kL$hNaXm{t!d?o^JWIX(O2hoq!UDL%ODx<2J;Nb?(!wuY|LVH=$3BNI
z!9^r;M<fsHj%q}tdH!|<+fXb=P##C@AA03JM-*~L7HdY9(m3n_BP%^4Wd_25<Y8J|
zQI5x<&C*fzno(fSsJ7*(*5{~>@6qkt(OtOFgO*B}xPWl!@G+Y3$>r$j((oyon3>_|
zdC!=|w3w;yQC%q!o6j-ZxUsw3vHO~_-&3Nio>eQ3BTtX@j|XC}(_)#LVsAZF@4<Fg
znsGPaxYuEo^<zh5>>&I4Kx=7rMa^KUK_P7}SGqJqS2yQCm;@WJD>7Adn`J11m8+Xu
zJa%gQS9lYo7e~qG_*lw>g+b?3nD`;h=zhxtrWf^*XNZ=khh8|Gmo$~vTE8b$QIfK|
z!f2`OE_>1eMY0B`M_y6%vZkVFL^5wg@?O8ExK>i>K$6yBlD|~aA!dr!3P8>)Sw<^n
zt~BQLJ`Ri0x7GuQY6d(bweWKHjXU(QD6_Ej3UYn%UAC}tI0RNUo4Z69)rO|VmIA$2
zQjv>*HPqJL@D`3EKxdvb|CcmNt5mmEVBI4yaRrzJpI&Gln^hLk?P~JmsgmcVcQBxW
zL1X(;98ee$_mZmj6AUbc&%9OtbMk0+cl>A8EOXpFv;HKbQ_JB)GxJ6*W1lLk?Iga-
zE32e6a=104WF@m9J+nI^^H+%N+hFFjd3GHnJ?niryEj7BlvaytDS^*2M5ZMntrZ9d
z1g#8!V#_kU77cE^Ku%_fL$uCIAvw^%9N1RSyH`#nZ6*V)$sUh7*HZ#&80fS$_hKYB
zTm}T)Mtn<~cYmV(2%q_*%=R_H<rCf+vXTphkVChUNdJ;Z;hlf?BPkcg!_dW@^F*OQ
zBY9*e|ChFh>PoVPOhH*<fv%U?cWgq*R-oabyJ11fA$*}2U7=?Bf1uQ2h&1CyDA3_4
z0BRI`lPpqBFT9Q@Vx-HQWl!pIXVNPx1b8R98yAX)7i#hpo8bfP5rB@P3Z^o@TQo`%
zw9-&GEL^OBzTPEaUg>|WN={!&Ac(xBKBK88GNr-VrAO4IvFRXB?X)QC(o~tW5Z<x~
z{IZ~z+_bXNFoe>$(K1B3v}~>NA0e?aDcSw4*?oAq&xiIEURkpv<+Q08*E|)t-W97S
zS<7D8b!Fvqcomy?+5bkf2d%TZ;VbJ$Gwz48n!N+bR?Ei_D(6=#+FvRb@hb{mvinA>
z7_mUKw2_w)xv=ThcuNL~mg%sgdB@sb{t?w)W<fl-A?C|}A88ZLfq66|E|k`8QqLfK
zt(-&N9D(7GNcg;Ko**ge5KP+8_Q-?>@8GA5+&GzdvWR>t-dw!QD7x2TeOjPALOt18
zUGQ--g-^W`Z#`{PJ!vKc;6fKsXkGqGr<|3qfzziUIlO%Hw0vW=f$y!M?6g4?u~D3_
z@d&0Gf2{_$qEV*3QDLo7sl5(B-=rwl^qa2<ZLyBNy@_$GiEgdQ@U6*stls3T$uv`u
zIjX_Bz1eoH+5W8=v#3F`z1+n{bxpQXBC|!ot;JierC6)Q4-u>u(g<DVayuGykYRjQ
zZj4tJ?EX;W$dONg(DY{A<O5R|W&^_Jt^H1*6~kvjnjV@+kVjzNloHjX7S*N^rLIk{
zXscbMosq<ir=Z%J-;7mY-Bz?@S}$^1*W}autF5q>zN3+^U2#RbyFw8xSFGRGzTe*-
zk=9{^*fGZk?0|&)<?ty9e=YTB?F`jU_bDrhKB<n#@Y{qdYw)Oz%<%golO6@^3<svI
zoc(4!E6q49v4ii5r0w!rNju;R_KWoM@hWp`wR(H&Lc{8Q<?D7F({+ARSv##9h^X+P
zu7nyYXHKn}@~&F2s%X#1svXV7@~vEd@NXS$fWztaKdT@buUs<kz0|0jILVxP$!ZzR
zoQv!u?dW3${F{x;B4q#v%Bcmv84`uMg!@!Kq?bWtTrPR4F*x%`@!Gzv^xc)^L9d3u
zw^v~DwlO_}vdY_#BI6IV;$>~~0OL6d{DVrqgF%tTarBYe(Rl>CL+*qFUwAcd*80oV
zhAQ}SAys^eilfQQ8S-OM9t^zgoCxy2+lqq53lyn3gk_42QwxM>M?zW@B6JHF-iGJq
zhgV&PYY|hjmMk=1M?%hvK$Y#G(IaM~#i{GXxT6Kd48y#1g|j-%3p$-vnLVpE-5c~h
z!L;S;QC&%NzCPz;-vDJ+<KvUj<D(tpNJz>(NaLGtzC+PntK+3Bgy~2O<*03?ptdsL
zXlXD1B=UO<DxvBqUEhz6-mRuS;^+#p=)iibzUeaCJKw3Ek;*sUJ`#qEMua{nWP=Oa
zN?(Hhn%61n^A-`?K=tw7v5dZXo*881Y-qcz+pGc6^%;O#e;7=w3830+Ac5%V?<p@N
zukg*v6}|?uB*-~yM32VW7&q^Qx0M)Y@E*Zfo_-cCqaT(JM4eszwF6AQk+%ElDvdNp
z?iI==U&~t6kG7_M{+4(0Is~L2)W#W}KkI0FUkCw@8GZn!`4)|16wNjktnHdh7RCb8
zCwn+196Kjm<R{!Nn$O0op85NUH<rG)Ecp{H`wA@Y!Om({E%;|GM8qtIbuPzlEXP+Z
zCv+z2PApp3t(a%8*!ZnvRjs6Tt{5LKdI+o*>a7<0t>UFD{gpTHZC?%kSoJ|%tG`(7
zvtCZ6k59K56!}<IeP2%eSaY%kAIi+OBd>G{taME*_hhfLsIQ2uwD-}E4L}GwXxck+
z{Wcb!+e#QVhU7LJtv7OrHnU?k3}{!qGJvZ-69MVnDJ?x8?X|GuWe#3lr60c^GB;B)
zx)9bkzmIPwSy|qEY&z?0ecSw9&Nw}*UC97wAq=nT_KrjQ=p{PtYq+SQi|%Wb>3v<A
znn&2FrrW`iU&CVBoi|%EsMHXuYW0k+<*mxWTg}6i%gd%4psQNv)Ng{(-h(FClibL)
zA<TCLEZ76)GRyad{r1OV_M<P>H#!SSkv4c1_rbOuHH3xYFEs|u6{;Br`xh(KO`|i}
zixWO$;eZ2U>x0qY1I5XM^7R9IrcM1W?L)ur_2@14*vZ-VviOW~$W+G>46*Wp?a{&c
z(b#&KxBjsw%49&-F}2$^-sL22>^64Q)X(Y);N%R-WCbo@m(OP!UH2b^@HADw>Z`yh
z{`x98=rjwYLglX^*g4-OkT7tOi$)McrWH?NVI?-XF6*CPqd&;<6x7i5mnI^iMKJWX
zDwKNSOlI?(%YPpLIc!Bdnk7D3s7_e`UCeh~qzW9Rac@TxU%oJ2?r)~YR=51AIz8<=
zJ?T0<gIo%%opuUdO-`Oq>0jOZU%lF2y>CX%OkOOaT(1glelfWI7H|zc1=!TTMB2JW
z`Mi#Sq_>5hUh3am``=*a+~9sj+-~l@SBAWSu0CR~h=m|E`uw+~inp}gw={9l=vQvW
zpdy=$LwJL`uMRQ4y$?7YuKD7wxdP0W*1|C;OSe&OJml{sbMANiFB!8=2x@Lb8G0`u
z_o}E5*PA!I_P2Cfw`7V}aCB`tTMtG;j|@UrpG<e_6Qlf}cQ!&PWk@3eKc8%`?(C-I
z5p%Xe%kBg0CtRzZ{6CukQ@v<0GwKG<y;cJl+z+AM&uUXkn%(oY{<p>kkEUBgU+HI)
zb6#`}UXnf=EtsF&P+whzUh@rJUApf)KA+0FUn>o^1E-#Ax1Q^S-s%;X<F;PFQ!i~b
zFRfE=?cFbOklSpt*Svt&L4)^U#n&Ol>$0uaNyz8>bllRvIHq&6z#5r9i;8cn25)Oy
zAAE?jX+IOFr;PbOLL+^m9$x#4bY@RJ-#Ss>uRkHTSCBvkZ%<2itI-ZE;8;G)nD6r=
z6f0^EzxUlK8hiM)VQ&aL9$oOWQodLuGNWW=_|0yA3?7g5x0m0AQi(+Jp$rkX`@<=;
zTIInn%EfXSjCO;S5qF2<nXf3A-+tUv3w--}L?nQZSvFfJl8!)FdS5nICYgW`+}3!a
zT%erJdw{S|zFe*~p+8XmaJt-RvqmLBpmC|&=610;kg0K{-{toKfg#kqHvAWY{8N(u
zc~hxG=m<*ySIhR_uq-NUCjhH_fAs5_7Ni(yyTPKe0K*u>uYG?w4-_dVKE-P^oz3B?
zsUF9(xtLA%JA;MjcslO(#o$Q!>v}mKj%9O&L3F)cPv@#MhWzz>+%MNU&mQ4bX$0~M
z<IG_*UvgJUif8!L;_mB3mUK?WsA4iY7iuIof&>)>U*6A<tD#VB$LJO?F@N+vpgY%!
ze5dxU6@_PvW)VYR-d7Ss;<~RD`yusSD~=|Q#43TVX!=_MQ^U1R0@uQ~P7=>9npNsM
z4tY)8-$;Dg&SgU#d4BRMu~{-G+{8$dqFAKJk#}{m7!Y-sE_!)7tg&)FnE>7GSSWZr
zf;xMWoo(XR(t3nE`-W<RJkM4ZgiV3>s*z2R`{{gy_2*brMP<W(Osu;WmV>3D`dR0G
z`UAx;a=HUSBC1N5BWY~5pYxzmMNtTbL-n^5Ws_=$XQOk+kRu;5*HUpbv*0{rZ=zZK
zraewp!^kXVQQbs-wq;ebiKAsMxG1jq3V2biWuD{4scl)3(yVP=)5NJ`8-l1<nHRar
z!uj1qr>1jh*o;y5u4i;%>G`pbU88uNZ(bCzHRiC6@DYV0h41i9Qz`%s<=G$*k?Pqn
z1lgQ>CloEz(<qEO)>CRw6(&)UpJTB>Ay(*-dp}0v($h3aP7-fFNlhW$6lmbibLiFf
zfuXD7Fvw$(?Qz&@krM!c<+bcrdT>&+i`&GuDoQf<wkpXCeYGkpDE79ls4DQ{7p4V*
zjjMlN^4iu8LE3C<rm)w}8)v98?V8r~`Ru{SRQP)gX7*lY9Y%}oR~?^+1lOH#PkfGj
z@Hicg{VJpQe;hclc%4V6OFEp#n1}f9T2I~IrHo@TIU2PqF0r~+G6XwUH9`<O8>VVv
ztKDXeays2t9a;pQF7X3=MHwW%UTfeDOw8!&ZgGGGupcttM8s&3K>Dp?X7?S(e5(2z
z3ybFdB3}fMK%QRkm`j@%R>5)fcdM6>^UDY+w2k6rqSW5ojlqD|KRg}`dr{@{iG$_$
zg;`LJ0FU-0Xb2V##us-ASxm3(-Q6U*VDTSR2+8PU><vG@XkU}7dJRLh&i67%{9wnk
zRq@W+7ZJ>kHzCk9f<YTjaFLG>hGHkRLT~Bo6AAX%uUjdikmxR-p89QpmZK3~B3@Hk
z6aGPJ+(E(7ExiI4apO&_RZde)WzEWP{wu%W+kphN`b>mMM?NOKTIuNyrSjjuCIn;L
zL&9~`F=p`Od7Cstq%&r5Qsb%wLzV;d)|ck*ce;+E)P;LR3a))+c{n&_6_elO+{N=J
zs{I>ycg1fxWBB!Jf{z5e(cp!W*C}YEMr3}QJ13?v9Gv|vB3PkKRBJG%q_W_VQzS;@
ztn59Y4TKzw>RA5*W)p6(q!h?`L(`|V1)00~gPUOS6g`XgmEO+xnCP8VQsGYbv|?#V
zY$c_I6n!`E3N1$NCg@Yw#z6T!y9)Z*Ng|JVM;tp|iaVs1`qW>P2&=d#v8<=O-nF+Z
z4pR%IS5-t$ZI1;TyaZ4E93)US%(*(BIb#n|ZNqgJ;JTB=-0S1@_3>vDsBnc7LCM+l
z1IiMUX0sFGiGR5|(bF}TXK_VO>^a?}lLTE<7`t4^c~VFb0?R3g5FF&#&I>$+afMSs
z$-x+SJ71e#=ah_pl+kgNOX_;|l!USXO#jkq_za7|zfLP^BktnQqz#0OVku|5?&&>P
zLzbkVmBYP}Oi6E6XnH48Vtg3S@p0UiyUEH+wSpP;32h|Xm4NZ#947kI6~Hcc&IVSj
zbCQ<~O`&>;#*C&)QUMs{;o9o7T0k~=4$q{<DMoW`q$QQn%dnzoee>n6>8tD5m^Xey
zN&)79t-(X<s&SHfz3risnzWqO;%rhK5q3>7$4@Q1hSW)MO7gV>oy{*Q&Ep(Qo*q$r
zkFpjS+yCM@+M{aFBBp%4KIl1m6%9m6Cgd)$9Xw!rD*;3>*=C~lg;zKfoKP(F9)osF
z>!}Ukuh{6`kt_g9D_hi;QU3Qa%mO(4Bybb#y%_4#fH@9Dq`s*Ecs~ZBp(g_f?%CAf
z#MuuU3$QwIOG*{uyHor|a4*M<>agG?t9W?UKO*v#5#h@nAIb`CIt@IRvh4Zfs!BG7
z_TOVV)%CG!e2136^l`cNpB{u>=4?9D6Kh&7nJWN3+P&vNqRs}X8(Ry(tCcBlSXU6t
z#*r|F_cZ+6O+wzgsRS4ANUZsN0VR=@Ec5DYJgiK1Z-<qF$Ld@TtXpXU*<ooJ7}yZS
zcCO55p+42RP~+}aY4lOa8^-O&Y77eeSuBrk1n(7qf>u+eVQEOPx;!AsS(oB>Z1%H#
z1y{Ba;5Cp`_t+RBZx@k3oh{6&=e?E&`_wX^cjB1jvz8&bM^pi)O$E`{9F*(N$7kkS
z9!XC4{X5yB^UjWjWl(4S6V|f_MjuxhHMOmUL(knnyG^^!IScm4?llcho#~WoXV2`A
z$*l86%Vm9!2<~Oh`oi!B{C|tugW|{1za75bxO!XB=bT!2+P8W24I}36li5`+Sy$^v
z0&uSl1ekX9<`l)^P1fp3vI|8nY-)AA)=9Mfi&&!BCuEJyT)(yK9WvL>^x*iG1_bTp
z3f{t91^7(l?KMT+)9YDFybK4VHNBVowmpV?HXn#n|E7BE=Gh+3)0gRn(9gB$A=hkc
zz<UnVaP7x^dhU}7d5ut8>~HJ7w0AE#q|ZI8x9GFHOWSvOU_oXWo{-glpP6kMp>pd9
z;qXqGp!%#VfgW2>y(7bk-RqCa0&&hCm%EvKH&MHvhPeE1-^?F7Ka0j<?ELSGg#1q9
zUX8Qa@DB<is+UDH-cmmOpL>P;Z}^UG!8v}HGY&ovEkYkx7DDe!LIL6i-2w7U{*Z|7
zfc>-X&vy+$sQd03lde;?p0DCP-&A|rj`?m~dTxDsz6bZfCktQmb>p9;7J4R(@6|-m
z(bR|M1hl1E*VlZ3PemgT2{=tfQf<9%ZNk9pMeFN8s;ryJ?8VppL5(0X{U-bcu@jZN
z7e}>JpP(1BQ0T>_`+2N&BPk+5xjuQCln$OQNjTSc2SP&EPZ!c7WLwcjG9#M%EXu-D
z&Wcv?gBM8O|GkkekL5ilv8S6U50!hrI^0o|UZf8-k(P~6jF&=;-<2d;NsPz0?~}YA
zia|V$rl&2fzO)omNH$qK53{ATK&qc!#y3jBR(#SMaq?G{%s8eTd%X0zxD2Mm@5%y&
zeR27HRHbtSwQ+HER|!QxyoRl~s&9Xz<^at6K%Zrg886CqYm7oh9}gkWaGk;gx^9yO
zsPigeLO8hOgk`}mwg``G!Z2tWNU<G0XjMpQraEZH0Nj)=o`sTfumxYdO4^A_ZAw!a
zR!Z7aNSPM)cvT8tfQ8R#(fpxvTvl;hZi(O^1vKcHlH~g=J|`S*Wj~{Cd!6eN9!?OB
zdO-p8Af$vGE%uV{QMIp$tU3*%$iAgGQ6-RBoHzznM_EZqe$iyWzibmx8VdMq<6NF^
zV)(a-0^_3GNa6)9V$8{6oJjDrjqs(3BimzQC9^V_6r*{(eRQsUH0NTefWeIYK7_X1
zK;IE+RoQfYap?WgDnPinYk%vHoY6Lk;W`PW-~l;IISEradDpQfLJ6=cq6*R&xKKhs
zwo1BCu2FTYy|iC3d4O5&hnLHky6>2t_;}Z`#J=I6qpqZDV~UOMpquZIV~6C3?YM2_
zxa&S(ta5xj8Q}B|82&bD5<FytDG%{VMjlO;TG$^Pcb!=5mo#1<Um%=VikA1DpYXPg
z^;sV(BPp>e%>Royob*j((mM`YTsrh!nv9GZQ@r=xI|sF*6?MO-S$Yx=WAYDXxPM_B
zwr}m9TM?RHsRRJ&q(&|nIo7)@G3jr^xaT4i$%-jiihMRQV*OLl^HbI1ijZ~1nsY^{
z?DUpXLSdQluM*SW)RZQ)#y4D*HhrhRhfKq}DQy8p5cNiosuYonrcef^kzsy|v`>8^
zO`}uJU_4A=Vku#9%p^jO!Gz4<rp(|SB*PX>6QoQN4$KfO%xE+yp?oNz!pxE)&ya8^
zlVQ!0g>b&z5n@ZsV1>+L$3SMOQ)cOkW&z~Wn|U*g2eV8MvmKVg{=!hKlyj^cbH60!
z*wp6O&E`1V<~T#<xKif0i{^Nm=6DC@_!j2)59S0O<^*Bpg|Oy@Dd$Bv=0zpu#nk4-
z&E_TC=EXb1&bhn&m1bq-XXONx<t9`C60`DpXnxN$RLHbpU^qX`Xk`I46#*z!JvBA6
z1r4_aP5A{aJ2mYPHJy|N?S%!MjRoC<1%rnL!+`~(3pHaHbrY;bW3@#Sy+u>AMGLn@
zONm7*J9X<2b(@q$>xD&|jYZpoMTdt)$ALwsDs?`u8D@zkSGA@7#u?&+84tH5&yXdr
zY~as@d4+)`p9KvC$cBdEgob~17@FH`V7Bt#Cgq?`<zO|<!4YK=^l`V4<?xi{b{h@v
zCQYw_<*0?_Xd<Pu)9iqUC4ZQe1gw=rnB{mi(Ll!K6ah`3yk@H2GB8Dp;XyMjdpUDp
zB?}oGxdB-5%{bTQu)-U%U)LOTrJU%`&a;z@Wz;S%Y6>l)dPwF5j|?Ms{0Qklt1OZx
z+))raTdiqTK)RPQom&mal719fX{2098sG`UN)kbm6^I^TU&n1MAI;qU*FT~Iogtc4
zy9V0N>&6l*KgR|8t)$1S^a&*4T!<ePlJy`_Y@6mQWtFhi>(+zUwb#kFeRaVs`4pq%
z;}`409Al8##C62C$e{(fsg3oHbGcFZjVZTDDzuHx`IWV%F5)@@qkBGE)m8WP>J_Mo
zqF_M9xO@=(#Bi3pbK}3k`>qjw`MG4tS=ZvV`|;uR!D%GPWd<qTzxr2t`WJ4i#gtn$
z!P?K>rQ4<oD^NLg57J=_3V!{Q6#{FI`;+cuGP;dhAB^#{>)QJaYmb<d2}lxGg%b~Y
zqX!f@i6)bmfPq&^DHweP3}5LaH628Koi;SJ&-77HGBPcxZ0`dI^>Qt}KQbN3Xo6)2
zO;DD)7bn+rw30%q6$Vkr)#zUeXGyM1fe+7j<33zS8J50S569+aZ65*lE`{I@x2ZAv
zIz*>GWQC?#d9X;LZ(pwceN3})n4x)CCs<ea+xSAZTo;2LqrzA_|9HdrKtn-4C)EbW
z<!%?I$rB;tdeh#zU)$T>#<D3>VT{ynmHeKY{vwirH9K&OVgF3N=AdZv7;EdwPs+Vf
zU;nSEne+JUw=LPn4VmWsn}_}4CZ#vL5tUu)1a>ow_qbOHn!UhDm9Ad*FP$p-sgcfx
ze=BjY-#hR-6i|?c4bZnq_p4zfQB{i#A9^QWafhcfw_*E4klf9iIkZwjcC7|w2Oc`(
zS=Z|@jBJ3$_Qi)`+)I4GfdHRn=He`8Y>V)Nm0P=-@dAyag~1bq)}xPo?_v!fNXVgY
zm!aR}w!i<OAMEi%ytxC_aX-hgz2LEfq-6^Hk*oW0Sm?35mD0CkxX9+?$id^UwMQ}L
z7O{`Vv6mBfRdxB#L{Qi80f$Eck|%%EPk;(1V7!@p?my|pRvG%yv<LsF)wAg4ji48-
z5~O8eXE`ZU#K_jnKi^OCRga4n6>F1EGC)>CCqSo5OaMQii)6gH(7MvSOQzMh8rG&~
z__R&jgozKyb@Mb_un-woR8nn~2exu6%*YFozwk7jzA-t^wUF?RZCgA${c}_#Az#2@
z%Cly3^8H)@VyXBjpYEPjiXE9$O=ak>s}V{%-z0JjO}=2cT~2wpGcOFGLO2|qn4FE}
zGFpq-HQlV)wk1NclkC?W4XyhUW%jK=8q2u_S({-yVSB^SEaF|^7_$z+eS5ddR>I2g
zB-rTlui3o66)@DQ8S;I|J!?=?Eylht3&~vI+it9{G01(Fim4A<(3tSmDC=HEBzcXz
zc!by1_`1ue#1#3_-2tz7r;FqChWG+q-#AU&As;`lgn_qc{t{PV;!<ChK>f;!;VQ)Z
zwBPCUv=|`+bP5+M$JD&bjRH`<->nDk(fMyP2brv0>?#Ascowgb0wge>9I?4>SWzTU
z6ix6-OsWj~(Hu-h>M;q!oSO6*n^9s*nlIC1ZO%dlJs0gnfe;&cphXTN-F*MJ*dyZ(
z9hHY9@GD6Ea$$cc+O%WymR_-l0@ajC(X{(;oYYF*&{awzl$%0okgnub<?9IomemiZ
zv!UYauPi^;QBnoDh9@}_v_NA*8e1cruHPRouYy7F*!Nqm)RNSOA4IN*4g#=~2D|#M
zLd^H#(1#N`QznP5A(-ZsAzK7nlOM?2PXcbfu2#pKjcJ1}rCs(v4==S9uXToQiHK#Z
z8XaJnCtz`|Nz8Y%7_J{sx>`7lFn&GiaqY6a<m6sT8!lbp4Z2ZWI#5>h*&dPfQa;`l
zKTraV&^PT%G2P7#9N?HOyPT|5%sf=hJcek-$5Zm>Ae&@FQ;vOvHZw#UL@m1<pr?Q-
z-Nud<xsInXjseD5Yrm!XfTMNVzb0Hv600ybGj{F&T-Wi3<kUJ^VxDgBVVrm3AL45=
z`amx50NZ#zuYA4p#3gwjzX*Pt!y|pGrk7Q}s+UK%hja%w3Zi4@F>_Z%%arFAbRus&
z?RwV$$6TQn-mB+gkJl2RlsJo*GJ}`$lGlnOAn%e_`qoSJ(QD0=S4~&~NaMAT%coH4
zEmy-Q)y}fi<E=&UC}Qw9s>|}c`L%uMwPWb**5*8s(@Fs6tqRqr7U%sRs;^wgLp-%}
zyOj0qB`b*7`U7B{8Jq;-Y{^I2p~re^WcGnf3Wa}1^(qVXKvhJlxOA*U*$Do$?i4<&
z*mUf*{8-drXk^-BO!5PxW<<og4TByi!|>af^m{I~4DLU=o6ovXAZH{m#~~<e8t3~S
zJqJr~CtO<@G1}jqY%}bUMmS{@QA_{w+OGpeyu9o@oe!Y(hnEBul(D6D^bcZCU6l+*
zC;Ub9Ib$}|?+vOqRuyQfkOSsnzC+!e!e_y4lR*8wgT*J*R3iBof`W!!Nj*b05Q5Di
z8=N-1Jrsh;<&OzY$dgH+AUBRa{!u6m#IbO$9GN~G$zpf7osV!SnF0xiK^W-fEvE~`
z<9=;;UO@?Xf6to~gZe`(R*79j%neyyI14P%`pr4-ox&heg*=xp5bl1#-(<c(+(?5}
zAl7QKvg+r9V`>oSa)*u$05fkjcwYF=XEr;n^hH7sF{U?}?u`fT5g&HoUT(F4cnBo<
zR|<6oGwbk~{M2i87E?6h+%CYsY?s3=YO?t~>#l}vQ6a>BZ_oOBBMDdL)g3Rl$I~T3
zHJ9&gu4f|;zq9cd%KNX?pnbEwx1l^LcMv%-X*WN79xo0WQhx>rKwho})~?dF1pOer
zOIv=|c+2{M-(fws{~{lTZU1@0JI)RMCi?s%09Cm(=MSR!vXLYL!ZT?oyz}#R#1C08
zSrlX2Gg&n2C^vZw$0~SQ1@haA3nU@%t6$CQD4QA>_wC_1Apwa<YhN6X@<mG)APBFK
zNIRlRktq9@9X&;r?B&2h)0u}-BA?ajKu6IWugFZ!`=mJYw{?Vhmi8;nQGyw7@Ikg!
z^NLQ6>1r#bsPd&(X@+h-)j<YLkz}c*vp!F0UW&4JSy8%iTUl|o^J`g2-rsUFZyiwy
zR8K+Zm6Z4+r;;R4j#Kh%rRWU4vUKxi@|jre>8VOJ#epiCt}A*4TAgcoBc=!`-Th(}
z^}}jjBYCwrX7vJo@_e1cLivT<j(${S;8gw7d98Ge=2rdJ(NnwH&Yk&-cG)r?2bJ;D
zsG81~+xD7n=%+IkNUX9~NQzoZ)#_<H+&m|~wW}MplMZ^o;j&e#-g^2#M-k>~UpMVz
zh6P2``i+6J2q&QxdBHpNaQTho(&&#jm^*#EyM@fr#uUkPTiVo=l_?RI%A0YP7Cc?!
zpE&CEGsQ+y8}qBbv-K9VOgbMH^mIO&w2QpM%0s>%yG*TE6~u6=kt-Z41MJ<twSdmF
zzR!hx{nu#_?$j`55JC28_q6GZp}iBPqmK*z>sny>97y%(_q6Rou$i+SAT*hKK&P$H
zdiW4B%)N7mb@_b6Ro=yWR@Dx9jfT0hOvyu9^WQAZ|5fgD*?9+Pzv}%e^j_?V5Ws(9
z^l0yUJIuEQ;lH1f`}rSne`0#<H9b08@80mCXX*JGCe-z`o2n@I{50qz_;&KMsjKHc
z-=XX6eoaUSa<Nqt0C{+Fs5wXBB(Cy``7>pNzYGTUe4(5EgJMha4UeYjJ5%l7Z{j4*
z;Co?s?fAb0=Ol1KG@_`9EWwmnaF4@xM5DdcAxyrcNG3FWc(b*koE@YnE~R}$<xGF*
z_7fh;sryOLox&v<$k5|T`zd}oMJU*kVdi-DV}j_^KHJGY>yL#PFCC)v&&hD>o+VgA
z6QWG{3-IQ+B{_gjF(-GVYUu9&&@yUcNjk`hZn%d8R$1fx_X~*Mz7Go_)W-+%Q;?#y
zW?z~@Q2F_NDJaNkM`V=i6M-ERRBW`w+++-Lf}+Ag!nC7GiL*w^(PVUrWuvO~&MDQl
zlne&6W16yYk@WnLYNO%_8hJA@cJF4)fg^*4=q_o4_hzgKUH~JyhV*d;a%#A=tPs{{
z=}7i{yR2qbTiGM_?=q&uP4LYbW*3=3!MQf#1*!SjbL^+K7GGBIM4kU(WIc3Hb1@pr
zU0j4^9FZ!P0Vu?#^M)n;f)YYBkI6#FE+vTD(8Mq-raO5W^OAf^QOMhr<el#mX9_oR
z-%qe?ZsAkL#Z*&0hp2wDP9=4@l$9uGD<6EI6c32$7l@jvr2lg+YAh_fw&fkmgET^b
z(W-fmsuIMv?{oAWl`^8S2Zg;=`@f0n66Hb<5=$e^byTzAt33Y|*|kdimj4@Gu)m1j
zq)@FSCPLr3TEAd^Gg@UDQjwHsR#CN@QX!DAwR5ek4&*OX^5#h0jXz+hHE*hN!^^H+
z<xq=zj?tOSSeKytyE0ndUmc9DZvFZ=ZW_Co_EUmHqr;fkMs}PN%ZJf1nR0Ts)WvFC
zWP6B3EVCbJunA*b%f7?~YxsFF^A{r1G`kpnDW#NFUS0{m+apb0lX+|BK#W^NMOMBQ
zmo+cFx(l^)!=Y<SM+GahrRy1M;R0vQl5dSbXS1SI7j+XRnzHcHLGy<*lLI6ni6%rd
zZTb^Rvl}EgEe6L=iflL8P5fm#0GW_93R_bGmFhZ}&DU_8)wA0&#3m4ZoC}Fr(-C7+
zDH6A2Cbk||sw5*@KF|~tx&jZN2}w$HjZikbm{e5qo(CMMQXRag$_p1&q%X4Xi;Qp%
zaX-=~XZ!96WseNe%B#eh9E@aj!FT+9b&g3QEM;P*EjJxK%LWpf&i5lISs>e`l}6(=
z6sMPncQ!m65-i44MwUGbKvhz`(buA^R)jLK*Q`EtdeidOJB29g96m6D30Lc5vRxZX
zi%!t5PIcKw7K=Y$lLS=oMUE3sTfc-YOMR7C$jEN=5kz9v>P6M9fM7R8G^HGiDI%7O
z+}!_?p+CRORyXo*Cb9|XV_Rk-;3mqv=wHrku$6rSlO~P3HN;%p;9HnceTBEH=+sY#
zucDlHVw&_{J9krAYK!G%?x@S`O_vyKxoqYdV3JhGpW(}vM*Q!`nbC3jogn9$!;|=d
zfwZAY-p<NKXI~tyHHa76*>f*5^1<AxN1o8leXp_qMC>MB1?)sJxE3VP#T_B5aDaRD
ze6Wkbjp89KX6DyAOpO9Y35a!tI{=SBQ{1O%peP5=t?y`8-eYAqySJEV(uHWN@~h~1
zyMta!s_kj2Ogc}cE_s(LsvV0Qr_zI&s#b!k9viz+FYG@d?6}Zlk1Z9Qi+!NCjT3#_
z;M5;Mz8(&~s3^|`$X(a|VX?5EOwR)<?bp#7zT4Ra*F`E_x4>@xL$;ci35VN(FW<_R
z`j}p)ll<?CnFUT2YrHpO1g@$L_%?1(-j>F?9_zXVE}VqkHXNL;V&nMtgFbzBg#4ce
znFVhH1AGstx3-gx`0optKTcG-Ul%><Vg;EW=3N3FHm?MqyO|-^NuSD9N1c~;Id2aI
zIUlDELhoD5pZ9Y)G+hpm+lZ<6kN<Y2FP}mX7?MxuZ7B8WJH4M@sB*tBk$mOcK4s5N
zy#D${ngm867e<`~RzDZkoCMB37tWpJyMONYP!f1ZY%V;I1Ob$bP)veYor~B^g4C6Z
zG)RIxnTxzgg0h*5a!7)DnTvY3EdVw3G9e}eHuxCWLYvG%V<JWWm50triuoERcn>=I
zh$mbbSPdRnvD{HH&BL+Z!Eq<Wjm^UalH!1jaPvv=%JcAw^9ZVU2%1R=C-VpwNeMQM
z2zN<|PV<Nk^L}3L{Cp%OLCGh<Ci_WjOhQIRN|#Scl~2yJOU_9~p^#6p83av~`_(+3
z%ASncJ^w(&@FisTIVPV5NJb0Fr&XBwt%g=6VT9h5kMS>`evpiDGM`b9lnEVxH8`^a
zpZobj1`RQWMk!#yHen$qXQ47#uH0qx%7?HClCw(|u>bo(lb_E~yvt!u&S_u33EKTJ
zYRt4~%)Lp*4J_c!Am;&@ux|WhB{SipD`5Rsz&E(Zw@5CqS>Ve`E+kJb^jIJS*<)AV
zqfVHmiAkh&Bj=)`5M?S9<)jeH$Pv{3Ex(`0MAWYmLoS(bB3W+2>%K4PT_`z9#s?X$
zQ=1dH{3!sx#5YmU0FB;Ax+h0vVm}h>60QPJK%Tqbh1=M7E-d7S6bkSXQ^^JkeWZKe
zYXplVM^|d1uu_UPg{$yVMoAx>(JV**_^$S<fo!B2V@fH^lr5aNKNm6}GPsf^GW9qS
z@#I7#w~>5VXr_a*pa2thQ(L6H3rWLpTDk5y5aTty_uUi4EUJLgHcvn-g;5tv#?t%H
zHqKr+s$8friv=wAYr?OZGT~WMV4F7YCXybS^~R{{#ae_MHu@ItkZ4r|Qke@Z>Jp(;
z>mF)ej2hG7*ZQd&YpZFGOquy1ntG|5aYmg4V^{i7IEC(aMenO8n^sWhxbdXwb`o^5
zO1d>=&VaF<#MkUClU(tl20B8=zDp_OBQ=UkxppFXnNhbu6E5W9^z5v8e!+1Ujdmto
z;!Q#Fpj)%^!m*p6_MydbLnl_+HTiQ$Zo{s;LR0cPQ93d{O`UT&<RLX2J~@chG9njO
z9UHSmhDO;Q_b(5PYOLl2gd=TRlO`Ovydh3=;#;boPZQ#;sqBA1eQ8XM7ipMi7K4|b
zh_<NpPgUUrw{SrQ1V~BqjR3;P#$`~Z%dEtW1Q&iUOQf>O?mWsgQj=qqO%Sw7BE`!x
z!b?;iDZ)(8oG4CdQ%g80%5pma`ehqDnq5O3dPW~eAOHhsqBP93TQ#G~v5LXNWBEpi
z1!nlUmsaMFR=K>Z)fcptM06(j8Tpsuc7o*vplnkK?6Q?I+g&Sqgwvu+yiUSJqu;C5
zA#`A<H7jRRr;Kuy;ZpVs$r!4&K`^y%qE7G0U}r1ASnyh_QHg6h%z&oFm?2WlAhqAF
zg)dO2<-@X@r~*=7ZsA_01H3Hv%qywXr`~1Nkh=s{`4cqxYm7(h%$k-c!XEsIt=N|^
zUE$X4tDE@Uc06N77=WjD3Z5_@s2J}hoRuLAD_kE*Q5cTUovI4AwAY<^IqOlLpCLLA
zFpCY2S?_v9o`9}w#|HNB+8+I=?AkmVGNOq#*4NbT*K9_}3?(zDKFL@$8wq6?g%q{g
zE4u%oD34Vv#xEJm&siU-{I#+%4k~9Pqi#hgy)_F4!&XgU6Uy!8D4^KQAY9lZ9Sm|-
z%?UEj8!HbLGb|+9F6dV+m@_i8mQA`>P557o9WpFO+AVuCKH^1V5!=m@*-cgdryyip
zr?XqHhuD#^+Rbk=ZXQ-`{+pb)uG%tY+=f(b!(KjAo-b!Gu23=UGF|R)+OI?wmh11V
zcU7&cGi~TI9T;Ek+uOHd(<sj@ZH87K$1<H<N^PNEZWlA1R#%^DGcNH~@BU-j6J)v=
zw7;0V?7Xf#FlV}Qu0Fi1zItT39<AB{R^Jda-$M3InwicxnePN^?jpC&HmlFonIH6P
zF3g!PPb)7W)lUdlPp~!5C=Snw%y3u^x5YKD)ec{o9PUM#-@9tw2e0VlYaX?)K8&v(
zcdsC)S7`3c&#>3eKxSyf+82~sXbZU4dgiZOwO=hj|4DA%6>7g}u)zF``*?JK*w?~B
zJXk*cYd`bRpvYO^f7Zg|IKmfP!;|lQ5voP(W<k<W{$@}Mv&4eDRf~L<v=hn#7vzX~
zR}1&G4z>IDez_e2H4FOBI`o=r^a>V|CPyTxI!whnqzOlqJr-<(I&2JkSkyWkL{{9-
zT3k4%-B=ckoH`6@R{RPle6BiD5mv0BI>ITZbIcp;Ehp?FR^keKoG@0r&l{XLCz7wu
z%Nb4tHFX5kzsQ(xNyC^4=U6GE>M3;Uh&67Bb$(HK82m)6|A|^p?eUAorQQmQmAs*j
zmfo2>$C<X^mm7aQMfWcTDOO5@UyK&@j7z_M+x;Sqx@CI0rM|mm9s`k9IMX%MLs)Bm
z{lam9ZgXbfYGA9mV%Vx@-@9ekaCta(X0dRgdAsGbVPpA8O-tXvjlstA^Nu@{4YB5&
zt%i-S-H}~|jbEpMf2iTd<u%t98`oX~*Abi0)f7tsn=rKt52CAZj>`gz3m<i(sL%!9
zRD;;uofscGrw5zFnTy2Joy6O<5C*#xL8BDvy%f&<Z26sNYNO1VotRjotkk`1&Aqq|
zJHW&haK$E%<IEkzt`OCz;NhxpcTY-sF9X-4<YFw_(D=LM{`c0k+!(vc(mlX}UDab>
zGOSTigG0^0O|gJQ36(>`gX0S}hjN&ka#RyCbCU{}n`*&>O3ed?f}46b<Uzs2O}CE&
z!=XuIi$mXmSTl~pAj!?Zph~OcK?}9n5QkGI6{s`SWURxXH^yP|S*Ul^WUA;Mb<t#C
z@MvJtya@YfM9{1qz-i>+j!pS!lG<#N<8D&IX_~}t*3xWa12VH{wzYY*^(hbtYPJaD
zw2ykU@BV33@M!$C#j4`bv0KBmo6}itc8H0~g{#Fy$fKgt##5NfO{2vvuE=$W)6T)e
z?hM7dkiIRH%QLRUGnLCLr^V|`Oo(O5qlC-5yTxaS%QxuBJ89JJjMM+9*}ug=Q#>T#
zlj{#0_zx;~APzW?08D-&9`KVphzlGf#Qlf*dF7v`lLpw)fLjid4`*Qr6XpO8^WY8-
z0EdThN5p|6l05zRLPJxzqjJDeE!@%F&!HvUVuT*fThAzr+`(7eaZlXG3N4h6;CR%R
zz)!Hd2Uns?OL8SRdI+4v#gkmX?W4Gpq~Vop(3-T=66fgdaKz={^MZTAodEaDbut`a
zFp!1_4t5DnyYozs<H<mL$@t`SGVyd=YQ14?O&NN21%;@ddnM0t8z1uk-&%7_UP6EJ
z=FSD>7W}Z;<1X}2%`EZC%H+w=@Xn9|hXC4wOuQfUUNggZo!(#K30jG$dCKX%exSYP
z2Y~ZYQ+r9gQ*2tZYk89iV8aMrb2J94KU=Hmd4Y3n5ELIKdiNK9g16Lm;t~v=VpN<;
zi?)ohsd_eWNx?<K8}FY~__DE=y6KnffcB8R7mgM0iX-0eKHi$K*C?(w_4xMaJ?}OX
zzMAgW)>I!|_O=+Qwyv@1MpUmXgSG$-pW;uj`2AbpCtn!`+&^aD9*6e0wV{NHw*Hb=
zVQ_nAK~-z}+CTufmOf&j+sF0~LEDwLxTk%`nD>wiPg>1;T|-A3E`Q^YZ(t3NSWn0J
zR!8wta7!2;c#UUDabn1!V;ZiFAEvVn^#io`R&d2Pr<gdg$3KtpF3K-3ztvF|z{{-A
zv8cj-k1H_y(=W-xH_lUFIY1z~<lV2OW0e}hxAum*py4+@*D(akv%cgvxz#`U*0CA&
zHsvw_jY%N_E4Yo?wT&aV^RsJ*8bX65u*=o8E7Y|o1=;%qba8bav?xfJcO5zi9(i;f
zIrxY8b{)qFo+SAn8GS@Mcb+;3oMnPWYXs_ty2i%*X^sT`yZTIRbzKJd92j(6eM0!f
z-%n8k{u6}lpuaIrblvtrZd?2;*ZeP~0=BLo_XI9iUxgm8+OG+Oo-n$f2u9ENgzn<H
zpHn}jL<1g5gf1(D9&8?F|NEX8`t-5=d|C>4@(6gI>w4kphCB(K=L-psS8&CFg#W@K
zq5wRVNJYbtNq;4S<9GWau<0eoJt4ozCF6)hoH1Jy_J<Ov<U#>n%9OJIC*uMf{g*9a
zvXr@!=F6EjYsSoZQzuTJJ%RERsqa8R07r|`LjYi2Q>Ra%MwL31YE`ROv1Zk}m1|e8
zU%`eIJC<x&vuDw!RlAmLTd4Pv9tBWz-qL}04dT_Cm+xM`eF6U!9GLK6!-WwaR-Bme
zV#kdkKb9Ps@?^`EF<;i4ne%4Pok4#VZIGx@r1X?B9oTfWLDo)N$A&%ob#2$TW!uh;
zn>KIVy>|x(KKyra-^Ya;PmY{8bLGvKM~6QBd3ER4rCZOAojP~z-M5DaKmL1p@6O?(
zmP>c(PWL~Bz7HxtK79K3?dPAbzyAJy|NQ~P?>_+p<d47u4NNei(&kwYwWZvOP{Ii*
ztkA*>G0afI4LR)4tMuq`ur2^bD>1YaO-vER6;*7J#TQ+S5yly1tdYhW2V>B|)Xo#n
zJRf@`FUTK-1k%VNkt9;dA(=dKNhh03GRh~Vgwo0?$pcZu_7p5|z%CK|QcN$&46{ry
z(HzsvHPbv(%{JM5Gb9~P<I%%A@yt`tJ^Ad@&p!cuE3VT<w9!x;5j|AVL>XPw(MBPC
zRMJRKq;swZRl}0XO{eViN=`rZR8vtw9W~TbO-;4bRY`3X)!MWq6oGs6q1Dz}alKX7
zTzTEq*It4BRoGyO9oE=lk@!7U*<_hr*4bvEeOB6Nsh!r^YO%dm+ibbr*4u8u{Z?E{
zlRCiMbJ0y#-F4Y**WGvFjaS}z>8;n^d-2Uz-+lS**WZ5u4p`uU2`<>+cGV-apoI@&
z*x`mDepup&DW2HkiZQ-e<BU1p*yD~t{#fLYNgmncl2JZc<&;@o+2xjDep%+2X`b0;
zjCVv$=bd@(+2@~u4qE7;i7wjcqmfQp>7|)&+UcjEj#}!esjk}UtFg{{Xu0}9pzE)_
z4jb&T#V(udv&~K$?X}fzo9(yVjvMZ|<*u9VyY0>!@4fZzoA1B<4jk~o1uvZN!wpXy
L@x|4aD<A+nNtk3{

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_des.gif b/www/crypto_files/crypto_des.gif
new file mode 100644
index 0000000000000000000000000000000000000000..8588179efcdcfe7d95f5ae609395d4daa84ad7da
GIT binary patch
literal 7085
zcmeHJ<yRAcqeT&EP*EBS=}@{sK)O|W1C;J&8;ov7j_!srN@Bohq*GvYN;iTulktAP
z^ZtzY?uUEs=X=f#B^5<cv2XDYzC66b`!7yTPX3qwBmN)%@4){l2e|*6fd6Izj|hi{
zPsFJFBd;r%h>8<1@FTxF{0XyamU2x&FN{{eZpq*&o>CZ|Toj{9ZP8#N`xhi&u(o(O
z^@I6PmP%d8Xr_P+=Q%>)&99t~!6Zzo^@xeW2Y%0Vo1d3qO0^4Bv*{Dcw9EC&?3Ra6
z<+HI$HIH9lQ5ExbHsSDTbc*9bBaH&<9S6t>*z#~IBV-u#-8k0&!4(r(0<Uaw*x5_H
ztR%j*e(CPF<Yegg%RRAtA|?Rznd}gqZ1|<R_?cA?zL3BR;4Qa3tomEyW!4<?dP^qL
zK@Pc?u)=BwM87J#1#CCgA4-`z0=O|7d6S@KdejO!E9fkj(dCi4IX+xy#F;wN<0@Bn
z(<f*c(I&n(^}k8A{Ioixk52854pu2eaPs%}r)<9ifDh*40|}oYeh017g}zoMQ)FK=
zxCVw|LTRlKYhjFDyKCVhx}y0Zl(7azk*qms>k;f#bA~Y9XOGRJ`6mZ{M+^TAHIKD9
z8ZeKOq1ZK#w<K42r?2=jvIu_5GWbqcQ<_*e>9eNcmd{rcvD}me%Rv?|Q@tI_G{Xdr
zr8KL{5UUJ^%0a74=Z0;oEZR{OYZnmQ$~s5)6q1`8cSO9a$wrPW%ojfnWrxBt^gkCy
z%Plagz?=2<ijILsc_rb2yL;hT$9>EZCYB^Dh)*O@Od8m9BNGkWL*#9yT7Hg7c~(l<
zSNm8lCL_E2mdVJ^Wu>(=4v08ah2k2wg3=X;<WXp*6Q-okp>}Y6y3BD*u@nJ<e8V0B
zH-?Z_sLfDICjbUQ!((osLz8ZMUNZZ#=}%6>O8f0hCWD<EE5}KBcC&qaE9^n^6OY_C
z){Cx7o}~t@gfRL_tC}dHsb){s!#|)GTuUF?-ZEJ6xBoj<<Ll6C%X}ZGD89#8H7Moa
zI&@LhTLElbvvN0o8jP)Ry>r{<AHjDHKZYsZ8@qy%qBvbAz8+v}2R<qBoDK_VE$vTQ
za+ae!kH0%G&H!X$>biiY<QEG>pwU`Xb?mZPV5g#LC2rih0|;1RmsoD-2%xEI_-R0y
zdZowcEOGeNGl9YB*Nh2tzA>@Unj5{eJq#(y)#tt4l}ua_{RP7pTU6`M0hdSB)Gm12
z)HWjDl?kuE+}tzu-){*+{guX^+&ra3pXv~=BL0T)$05!F<YW-%(9eHLFF@aOOD|pB
z-gE!e3wqUlO`oWhe?w8wQGDB5ms^EpV7|ltJD+vF-;n!Bb`QVZ>FCf~Ia9mGfm$E@
zWeb4IndSad`e@0a9QeR451(8)cS^;Do4RN6L7k^8%4J;o31EOwB0{!hnl0q*5*;zm
zBjF%N7b`9c7>O+Hhv$lvVf4{JvgwPDB*z~daCG>CcVWssPwtQr%IfO}+bnW_iHE{~
zLGjPKu0EaJv3$_>(0q|C+MDf?U|@RwohGJH;S|Ux>;3bM^N=zFRgP^mX`vxO$9h{&
z<<nSZ3>A47kwjS~MVuWL!+3*GYG1C245*kOzMJI1n|2Lz{#5jiAYDE(O+#34c%6>w
zCM)#KxQOjR8ly9n3ZEw2){XQvdnD_S^s}9~(r9z~>Mf;O!_P4fJ(ewziYkVEf8&uo
znBY8G)vp<U(}p;<-P|C;zn|2l1g;mo`9`O1bxE$JW3k1bu&2i73r|RCDUuhw88v+j
zkG6ZLMw_n8&eD9A?c}h<v!?P3q$(h3i1Sd3`a7t(SWJ>ic=!h2f3E#Cy&#C_V(ld)
zc|7noF<)@qTIAJ&HjRp4+yf?E1p#kus<mH*504N^eEkLSZXOEnc*^8x=qA95y9GNA
z&#H~U%!!|;3Iu^q)Mr^S=}zY*Qlrb7G`rf|#YuTVh8)sLVCE7{8w3Wx`EKiqE+FR|
z$(Dsw=2Lx}X*G>hyrcZeMlx01K9wPUVW;;iYP6mc1-E0e)?dAqKZ*9VBR$GCo;K7?
zq4tcGVFn6+QBFzO`WkEOxi(!-qQ*x(<7#$fX?UPmR+v(o%RHP%y%D7aeu2!Pvnw6b
zCN!dSZK#uR-+zOqQ=V?%s|}vUm2V3|w7P%J2t{jDXxiFqwysb+cZ`-hcrr|{53x6D
zIqrYcH=dpt`&$KNdFn<=w+!GBQ5<J+aJjHjIdGyWZpn1=N2>K7tQ@QGGC6~W?M*l=
zQ@xG|UfZ-|pPs_^+AdJ<lg5d}?n;O|Sc<9%H&}kh_B8rn&Z?Uy8O-pgY9VBg*8(%c
zxd}Q3e#X0<JSA=Yc4bT3NX1JX&ULYdGn<orlLL&5%lsbmiPn#+-33M}U@mZc(kocS
zcl*6Ufpnv(O4*T@LW@!UrN~~PY>F0K0lUG%aMfqz$p1NJX=7D2J>=`mR)o%ug^jmC
zzucp<liDnHzF_y^uHYJ6`UCk*U;<r}jmdOIX?Uw}oygd{{c`dP5o>`q!?8b}M}L(a
ztcTWbTAv)d6OfJ;$#g4DP+HV0uGU*$snWMzg`Ud@#Y|^xUypx7)~n`5DQJS6oAY8z
zJSJG|UT95E?du-zFjj84tc#4tsiNqF7{1=1ng>!|RI#b4IbfI3a|4&lQmA>BgPIzV
z56c$LaTg9An%F^GzaJ<=1`Ho&B5JtA^MMFTv({~zTY%alp`E9j>iuj;0<)upKtJX-
zY*GKOg$W86t&e*Pw^v$ZpnBya?KJDNT-YUyrg3r(%{5NJqhu6J-aEOVZ(Ut@>4iE(
zG$RG!t9#M=L^zH!o)*_7`(ed{?v|JnaUi|=$R}->k%k*sh`cuB0`&R4$tm#)X)O;{
zb3<?Nuz}T6NNN#mYRy$$au0AKIDkBY99!aQpue@1KrX6+?)j0dyA=SspC)4UiFF4H
zy4G3U5vpF5!C!J+2$$YD3Y*3!Q~<%@5?1={->#s(fYuRFdU7?B>q(xYL>OqI@j|52
zSkt&ZsTnZQ4nBLAW&Y`&VZGYK<s0&!ZD6nWKlV7Odu_nc%%hgxVG(d)aQk+0|GQ~(
z%I^z?emRl-*N5{CvxoHr74LVT3%y5Y+12f1YnlyzrM9TGdGBvZid)l!@77vkldrLo
zm831WrIU`^WUNbpy)|15@F?z8!4{3b1M@A$L`xWZsDFR%N`Kh)41{H`?6~>0YWw*<
z<Ni)WdG5mh;L6V>+5d-?+7)2{(SZ33n}33p1?8?U^R(YjE1Rx<05!_rzR15uK7e4?
z50(-LodKjN297EQAz6Lj&IKtJ+o$k(x`zgFfbBo^>Iu#{2p}v(n*vs*f<*=b&-#76
z2tpncS=6$HWM0UXzyk)|y$JDx@rpvylU{0qMb3nEUJn2tq-pRLI!y_^f23sePcTra
z@0kUWZ?l|dc43&PZ0L`(P~%-M=?OU%wouLdAijYR5I6wZFXG)~299vP1BF5ijBz>V
zMik1r{t*V-UM}NS5hMok!J?s(rBZ>SA?13J2DG7Lz2CFa)OlDUKb}Jr;E}v@0iIvM
zE@5UdVNr!NA<_7-OKaPrfheC;$ws2UH5810Ac#R8#-?ohlN}aAYc>EkYu}AzWsjKC
zj~Z%<j!X^cowIqt8WV6Coehr37d2ZDbu!nBIhl^RN13m)>up|3*)>GF({iuQfr6SW
z{t$h)nTh?HWZ`2KC-K;C&oh?uv7dTr9Jyc|YCCRm#*&vM{!l*NlA3`866fh@OIc>k
z^$12a$U!!5+73<#zO>w<wR*K@t!EKm7ZkIrYt1SaOLrsPB@bs$fin!?V&3;ADAmGW
z5+<I2IfToAb4rOPjZ&h9_7m=QvWCGDXo$=@JTom}bvJRhI0?RGyRemjSNu(Hk5dyO
zRlRM7S0bccmYi^w+)ER<^C12K9XzGU*f0`q&jGe33e)VfU)2wHGDsD6b?{10{ov{>
zyqyy17E%LBdeiSRpya)klJZ2%C#VdBm`#m>q+tot;}Je}w69!L(jw+r3-ruSw~fA)
zdDo=D5+l<ci=7WkKx2>K-`Pc}*xbh1p~_+@6P6iGr96Kvpk;do3(o}=K;HG%QAszM
zzXvSxR5GdA-17|$POMb(E!=2nyyL)`{p?w_hHx9(=t^s7EA9#??*7%b+bn$AGmOq&
zM_){JR=sf+2oUjBCiGa|<}swnUETB0Qp)ZS&2Gi_GTrgqgCs`N`2~FerH8uZrSgX{
zyR5&<{$ZQDQ3(0M1}a5=?0yc*69ZY|%dZaRLi&a8(Rrn3vS$R~8gxuze_p|jO-qpr
z<MV>RUa=<_F?4_aGN=Hqlu<>KFA1g}hvafY3dI{UzC2={Z16GKQND|eMHA+B(#fPm
z!d~LPks!$v6faQznLaC4{A|ClOWE|zrH?LMgnU%-AlSo5HKC|9)n-UMW01!>rNk-Y
z8AoG?Rl189ZIF9&ksmk^<P8n5E%nJL1cFOpbYVDu`Yb$%?`Eo>Co(c>0TDP95K4mZ
z9YS!wO?5#8`rDO#qAlAtOd{@qz1l777Atd8_19l;lU6RnzC#vfL_x$qKLeLtiz52Y
zbsbeAvg``@SyPfB<p5=5`9^suJ9R~~beSDjZ-%rCXL+nmd0|5Z42fh;1I%&6J&>=2
zdRG*aRKyPzE_oXgmE~34B9kmb=Dm^GSBQe9!a<Tyk9n<D@w5f{@Tq6j0wk`nEEUrj
ziA?wOx73AqQEJ7HOB?9K&#8aJDLE4?Dz6p&xFm7+v9P~gD6H#Eq_hW*G&Ayu*ATqO
zR_w0fovC_`4U%IGFv#$Dr2BoBv-%||E~0(`IhGM@;PHwER%o$@6l9SST68VHRX>j6
zc%)(_!BsZDpQ<YdeY;rOiKtlYW*O5fQ9Y||CMo}Fl&!Yt^jRW93tju&2<6&^n((gA
zA@Ql0O^9q@Q|q=hJSY+oWXsrhGs7nG+uH2cHCUIZJ+f$&ft5pAWV~B~Nh4F_%US$k
z(P~c{_lYbCQtFe!;-e3&+?$gl>>JW=o1Rmn6V)8iszqNK&@1#7p^MMEM4H};#TO@r
zrx+*RcbAvh2j*Z=>6uB@K20?e(Z`4%b;b>_$>w$Ok`TR?_j{<A%obge)=lwN&EXal
zCwCtM`_OQssa&(}c2o$qbp<!oDoNVps@fX$$xh!V9w?D&r(!l|AER?!v9TET={kL;
zr7_8%{Ub+PzDlaIQ3oy~<}$P6KNH_VQVUis$YbyLRF3*G{9T8*ZbqmokRx3W8@G|3
zrbpQIkD*y%vD4}{E%vQDZW#S!u_X3u+}K;^jdRzv;jnSLx*Nru7{iR$`k5NtnQ+0n
zHkjj0WCmwedbxGcK173}8PaZxU~O%qu5i^L>X9ew<X3hZPA|SMkh3b~pEfFBBW?R(
z+){m-{&}Iq5c-;n(_?$uMB%!#L!4$y%uUX^r<$(ls@dcS0)8tg<Og!clh1X6YW%1D
zzeRT`aTfj)@^Z>l!yRz=n1^R`knnjq<UJN2hyWC7v3B1PGhuB(7Og)Y1ighE_KT4W
zj);ob?|g6#9{gzxi6yIdbwKdix%(gfT-eK9E69IsIHWTaorD=esP`R~=R+iW+bq2K
z=+o6(hYXjBN+mk0ON&aM59g|NhYSrzxAyr0auTyfWVl9jC58sbghnd*6Kpcs7e+dl
z6e7+#SO!No4pAl<d9@YhSc&X*SW#)_j~-|jTY1O%l8X#9<@~TjF1qX#^lQDm(=W;v
z=TN)PSxKZkyg)ksc(iQ=+WF`R;buI(NHX!70Qt|M<>_5z%vLjTWho_7;`5`4{>=7=
zOI^=+qVU1Ej<-^i%gsqA61De?7~E|8SnDK@6y}ts;rBv-m{c_lFi^^OlHg`Ce0YL8
zrh<XYiTV!ksjZl0v|f623J{sBF<MK12iP6%&|j`#o=cwOo|0(OV*>uXCY%}NpJ9Yz
zlz<iv_82=~^JDuN2H&vArkMi6X|{h8^v}Jun0_^p_6usv$Q*^{OwWFfu3j#hOl+El
z&Tv`!Mn8kiVkPI!Xy#Yozm~-;Y$N8wm}Va(8mRy=Ns#b2Q}Z6;fbGFato;JUVB%Gi
zhjZK5#9?dT-KaA}r#7bVV~fNO&UrSwaCOJ_5)xVTQoP1I3=CX4H)w9e%%UTmDm22s
z<1*_hAP%!<rh`NDPR5HOS+?fbY3|L%#pfMd5<{nRV-vfq6~YnuF*A+~@Rta9=sbMs
zNEAyO`)hHfwaxwrx%$&F_5<BAEmISGcQs!xfz#%<gIw1<Q6pJwXXmBUL(Qf%2_7mx
z(*)#ial<t~&>G=!lV0)KtdylA>-xZ=EQ#&<gpcexVx0{gySu+$D*?YdS`*LycH_9g
zUzsSrvhZwVWBtySl6TH;W@AQdll(5~!k1UAJ$xFoIo8xNLb`P?zMgNjS(Md;iP_8^
zTACZO_~&b^M?957yV<U1XXv|K#*}cNu?6v6bQp>wvfq9|wgccbJ-wTg>zl{fMx{cl
zQlU3NpW2*%1#anDuY5zbib4Sak-IBa^^IJ8zgu?Wszwu!hh>iQSxdTt)ph{@8~d4b
znXukZ6!Xq6yLbSdtQvctvqq7C;fGfviH`eqeh~t<`RrLer97{oJgyyL<5kjKU)8fJ
zr<b2ljOF^}s6)l_@Ox%k^K5o@5%jh5*$2!OV=pE9)l<!NpmW#6ZA>d=w}!d1dwcVS
z{ba^HKbS^y+};1GsGf=~zB!y9ayZ=0Qi@U^tl&L>E*V>$een3lcTW+~PJtp-&p|yk
zr2R6GR`o}6&Z9FGq=7iTaeB{yEWGmDpIiYgX!?|nboa;heB16j!r_JpGu-P&jx+Ef
zaLoIuieZG{_(0LhjGq^Ob*Lv!n4i(*TpAkcaVFaFhg`J;Ns%8IJANN_uEKuEUvj<?
z9kcCZMuXqDc{n@1K4zA(*nC$OPl2|+-SHheHFHiyX(GtTk4P(btaCRvM(0B9!rVs7
zT>f09XVg%%UAk9~qcg9ZG+Ln@8`k$%-ffr2s$JiXD=+8k5YubN>Z>}gYp=WO$kl7u
zuWOj^HN0aA&~_bPeHpTP<2>4y_i8*)<|aY(5^>LgN-GCB6*}KHSFT?Ci@45Vz*fCS
zRNObXqS4LHmFV{y*dc7^YCY=D_C3#4Uz|-ZB{t3(D~G$6EUPY|onM*|iDD{f&Znnx
z;HA<bU*^%dVb%KKo7AQJ828=~H@RHiO^Ms}?^#ja**4vNh2~~}%on&{U<MAER>Bx&
zd9HGg@gCrP#0$j7XOy)0kpD4+oS6D6QNo&h1QDrtD>&h8Zxs0p-Xx;Qg1&HO8Szi)
zpSM&~XjK|Q=r9H986VhYdLji1`qPQ|F3;x$);qJ=WnL24Y1@wHO6pUyq)pkX#Az3r
z0L6uDX3BvrZ%66$xTkBxhqommdOVm+ZLJc^sAM)krDNdA#XePqY9q(hvuxXo%GFla
zMtWcb=xDtp+HlgdLg?>YHlT8-Qeu(=Sd{Wq4Hw&-`eCujzayuQl;&h-G*@3f2SDw$
zIiKj<r^q#Ru#apME6JWqKrIbJ2owEoKVSbr2mX1POR{uvKHfx!ZEzCx`LnR7b5^x-
zF1k4jHKqxtm^{WznDv{lEYH33+6%1<y3%xq;C}wwF~1tC91DXTqjCId>MiFh=5Zf4
zDbBcsZlVjTP>=35xZaVmEsejAG$|PUIKJ*P&O4#X<?@pXUEtD0^alDvfmoJG{S!|5
zQH?x>XEd=A`Na2#qVp;H@`3T7e-rN#8k#i*en<686gLWbxG`7cWx28QByYkCd0Q~Q
z`WYb(#OnOr&jkhrW-aPQdnf;mkJgPO;lA*Qu2l$VNqIJZ8Ih_hJkuh>zME2#UE~&=
zxTCNX&{llK^F>F6t+;+t@J+ABn7YW;RI8@U@|2FY63dsbpS9Ya>grwzdg|)SLxpAp
zjFVA%H8v<A{W_1W7a{;3f*H(z?sSrYxut~gJTTd^q2DUk@rjWwC@W>&v^?g*$U%47
z%h;(cw87X#<ppR-b6DtV$s<_-w5-19nW_Wcn8s*%`($6Oh?7t2&qA>Zf|>#Dcc9-w
z1i}V0K~%h+>R~#->op3R<m;&ju9xTEqt7tl4Lpg<Iq?`C7PLj8mZF$tvc47C5`M=Z
zW|1z_Cc2&O+*iLX>$+`dk_JK^i|u;*vl`hHKIO^SC=A6QYy-=naP|<N88O=&jYN|6
zf+Y#{UE~+?=60$hjALJM<qE~7MQ=%h5Op{igX71xs(1$ud&W~cv_gq-Yl9fz)aK}V
zMZ%)tMLDHxFM?N67&WV@BTI-+^UuCGX2n@&YZrfFEt7{*+hsz{aj9WKYxT)_y^i&r
o+pMXxl$XIbtwqa4=YA>BGH8csYtoXieW5>?O?oE)4^QHM08k;X6aWAK

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_ecc.gif b/www/crypto_files/crypto_ecc.gif
new file mode 100644
index 0000000000000000000000000000000000000000..be218e25a04a20f2ef95a1060c63967b3b4c9afe
GIT binary patch
literal 4700
zcmeH``9Bkm<HzM{sE{Lfhnpz(86nqPxo^t3%}ve~QW$g0Im6^w!{*F3wqeTKT_kd=
z962jW<eI+k_uujTync8+9<N`YugBBW+(c93;bTTt#&m}Nvb($cZ@09xgolSC5Qu;0
z|MEWq|4#_q{Lg^@TsRM)GcW-}%vvg6KLhZ{c?`Bx^`>))1Ix`?tNY*rDv*W2)|!Fb
zYetzO=C3eA1v2(HkD*sDN07IDhs({|u<yz=qqY`?+G@vM+<nF_3MABx*O(Q^c@7im
zCu;B40MS4q?jzo%4YD{)#7{Rr=*<+hAT`XkfhKUCBc#Up_VATqw1tKw14H!Q*5b&Y
z)y3{)CJwQ0ySJ8lVLaPv4IQm31A&4@6_(^k$Dv}Cpih>(D(hpFMq|HkQV5$9H_U6i
z-j&vGjl{W+RG@#WInEQJw!1UjAv=pb&)QB!i#m2!1`ULgD7xgmb-pr<qDx(r=+sGM
z0Bsa~axm9Qr^2t&c6IFbRws5$!V0^N|1>VfUgD&kMIY^b-)_!H0{x{k*d2J^XJQ3a
z`mmf8etCL<o%FzlQ(b1s=XVI-(sO~~=qhXBfQ{?!qRYI?=@O-C)mGBQbvImOKTIxX
z-iGWigZTPEz7JG}3s<srwTa@E`Uf(r@oK{^s|Yg+AI8E$Y7=8)bt!hWz@eD$E6~}g
zUNZZpHTf&j!yk-9J}8baDv_xIua!#FgY(OR`!~7EL-J+U(ZF%7{ED~(E$$cB&uy(&
zUSvDYt9mY#z*Q}(gxjb&r%B1fAT9&JCP=5bK<t$WTzz?kN#J@drkhvJxVD%*0C%|+
zN5>U68S-x9ZART@>IiFYfyks~xA&espNxALm@nQ<ZlTCQ<c&T&(MW#S&v-YOfr<Cp
z{c{Xlh=!NlhC~r))*XBZ!_+0hH&PWEF52|V+{BHvaa<p2*tNeNnmuDJyo27m;WwYW
z^hW1Ck)e=!i?*m7>z5MiD%{vT#)#i}9ei*i-@<xFAehAC4Gn(7%K>gB3-d5XHeWCn
zi7Xd4rTp|3KAZYAoSl6d*#e%EReTpT_c$t@JN71`hdFB`3Z?h=G+>D3;r#CSofnTM
z$5f0Oy+7P?ZzML@t*<MOx~IPjo@RCekY+$97Niuo6Z!y3!lnJ3e^l0~o^F3e@r+Gq
zSjPVOw1Sq~TTGVTmW@c`_BzC)5{1i_;Yc93E!VVyR5Pi>O8#1UgR=O!+&yq(t}^|S
zXysZ_=y6m6#q{$UUYb3S+B^_SEIpVCJsI~oOBeh`4P)0eVZn)YhFd9Wp8j0e>d+l}
z8%AH*le#7JWKhfN@W(zcZD#4s!qsvgSY$eF2PSP7rdPK$pY4CLZR%+U?;m(k*1tQk
z?SFOvKYe`Qx9t5l&O!Iuta&mMA#aCkhGZy-a5_YJ(Zythr<Lv}@vaIc<j20gFqIi>
zdt7|pya+A-uJN|`Deu>~iSkR>aKjuP+cqy3*_Dp)U=7R?f)!c7L*HtFo_qT+Uh2?j
zs<YopFW8aW-x)LeGBo2|)K#1OLur{yz$n8`zNJ?n<Bp|N8;5T`oo{B0Ze&KN)v2rq
zT1Am$=Yp~WfFf5SG^I5YH@&zROGNRjg3^j%IZ)=D1%_F5L)LtQzsi_J-gq;HkMKP2
zAPKhFJ~QP==KTCs%L}%cF3Ws?pHvn~TBT6yE-AvMrttmxTHLV1t7dx-0!BWMWPF_z
zSsd|Pgkdw?;+FbwYWr`CTSH7OmsssfdVi1pRg|&tlPb`M8h%lFfx-atno*PAY~LRK
zd;6!2(!Fi0XD3;V)y=+qMPfa8qgL+`j=5lK)zP9bof=244lwPDs=ebVII?6F_2R0s
z<nC{__e`nbQGXxV8mJUV&Q*n0F{WTxmcVyl+N>Ew49Hj^Q$YJ=PNj$=r+@+A1A^7M
z#_k&*(8{f?2wND0jFh!7cHkXW3&lp~IdE{M+g}_aJas#jjY&A>x4zzlxo2fv$0|LE
zS(9|k4aV88FU!&TfH-?JkJA8_<{F}gFFBTT=8&DLN+HVoi*EOQfK0Uo_<KEZsBxd~
zoiapOHAU^)c!n7(cdqftI2P3O9UMC&pRfcdh=21i7*G}DQ@6=<1pA@(XX>q-UKSaD
z@>eQzH85eVM>k&J78b_7r*JC>Ow0#d!S$2r^;3kK4kK*d9PWxk{JBJWmUqF%^a3`3
z_zxT(rZ6#Y7I2~Cw@|3|yrIdQT&%P4JK;$B{sO39GB3TcDH4n4cI9`bavuG-kq-FO
z4U6quRoJm7L(Rn!QoDR~cifJSz4l4$-QV|%qP}n6WseS`o%U5GiQo9V&M#2s!Eqb%
z6IxdwDnQ~?lo;N^f2mT6quMdGB#1YVn!qkpksmF_dY%1c7x6AV$}=UGnB01uX2j)c
zrdqLlt-Lf9CE?C+IVN>QM$K=&TD=hp-U|<8adBk;Mr2NOmh{5eFzBgIB%0UMNAuUr
zwXw@?(5pt&Zvnr+oGNDH)fZ3zy5eksuug<Q1#xkRaOiVyYRho4(_dp<ag^p@c8;Ly
zBTI{_Oe|gv!l`iubLUo_>9$Eci$Ms@yEwqC2}n*9k;n=kgYbpuN#FU%)tmp8HwIU$
ze-Wa)a#1zR3t2x>qImig329M(03IFM9CR%0!K5~U2(_S|uM{d<s;Y3jXAt3~5H{P;
z_YC)z>dERno5)6(%DGc-C-f8gA@smHxFp1y)pb&yxTXDacDpG42fXP!>4LKe<eJ;T
z^z>O&>-fIo%ki|iB?XPHZ7U*F#eR`27t|mRvP@R7)}iNc>S)P@Kl+^YWp7f0`E{Gw
zbidB>Ua?5tpj+1j{mV(WpmUXfk!G;HdHM54*`p01;9a2vtFP1mt-GmP6sG~dN%!jb
zS8B4a5&A%E_e6;P6Gfe#voIA4pP2DI81S70eHBp+lIH$iUF;5-XCx$4LQ<mS%qPqL
zk@TAm;&Z<Vo}2&vLu5LvE?TP@z2WRoSAWAThVbV6RNNT#)1T2l-6!;&WX{en=WPz(
z2%qi3Y&w^(j2-stoc%;_9)yY891Xjl{VEyjT+<jk8ik(im3VW^_l2%U<J-P;aw9fv
z#zJ|~qTgej`81SfW7?fXe?&}2a|*Jbd=TrL6p5tFREh038nJCMqRHQD2lwXXug)YJ
ztH}o??FZ6%2G=yCyXR7$Joz@F{hc-t9SA(5&j>5NUis7U_O<@cW;Jg7WZ0d4!Ni~|
z(+*2gob?}kfV<-ppFhcJgj!ZVDPT_CjMeYCmn>Hpo*-$)F_6gRm&|@SX;eClYf!UD
z-ELG#k5|CB_PK3sfu5+0?veUqaTk+S^(eu$;N_=!>~Y3|YEsgmN1p={Z~U>i8u(Bv
zE~G6T3Q+OC=9qNyG(^uuiDf-jEX8j~H715t-%>!_#w?bi0kjo}vEOi!aM92?wB!Ha
zr!td7b9`=Qm-@-s@5-PlzW26wi3M0)>0{(g?nBcckdzXC0Hdv{--dlYHib$2_IsXi
zDCime)gSFxf6Zj6v|om>aIE~*+DH0V#B_R71z`7Y4c^n2Qh<YC(IlIYI1gWpMO2B!
zCQ)IaINev^-g=E6tR$83Ambr1GxiM#a2?)c21)5iZkKqTb!gkt0g?J8irs*>EIq7}
z$?|-a(q9ra6_Yk3;K>sMe`n@c>5wrV=gzhQ`v|yER+#NI5V8P}H{H+vqA52clT-c2
ztP7OmH*Wd0E@!F^@^&NVEm6NuCU-~D^I*{QSz+$+VdCasu8)E7cL0LJ3HH+rv0eu|
zpMlr`J-jfRd+7+V2n)SDo6F>y_aZt^;0Qk1k;g(th`A#61@c|ag-Ni9!_@Mn&$Reb
z`aI<_5H6FqZkZ!!OwRI~_5&;)Dr|_I%UK$-yw6q(^w}goNERApL>uwC>I~)DepN87
zmssscwft4MC*Uw)P&5Y%b^%}2@h^1OO1e!f^xo91dz0jQ<XT;AADB@LmUZ+2=W0zk
zgvsUt)saDD)t<GYSn}f*3=--ZqB*FZB#1~(vx}+E=~LBtW?mw|YLgDm`Te^DKJ+A8
z3w1>!J|B!aBB`boq84Bwm|7I5DB8|EvKoASm0zL)l`YayT6>h9v{u@@dFSO(DTjLU
zC*Lv?pS%5-vallK{8;mD*L?bOz20~!M#(a0{QY5aan)qG@9cg1*m8Qit@+eFbj#Be
zt8{d?0o0BS{RU>6NG=jnt8kdrUW+djXVLkx2?syFzc7@4cUtl1Ec&i%)c&S|DzZXi
zNQQ`dajwq!yKJ5|OBMs}_6}>*`7NQ-;)fjCqCR}jIfp9|YL%8Kr@vZN4Qb*0KxDL}
zp%5^FOUUcGT=j)vMM+A8UP`sBP^I`>^)FWu(c^4qwVD@Nu8B-FYSFHLt7~pKi-dfw
zQ5C3}l*ITKpiLmv2Pll38`@Gk((G8?23R<VQnDX@<TP&ToZ#j-7vWB+a)s3V*v$8V
zK%O~b<6^L0Le^-_+gF+V{b#X^Khp&HZay+m$mOr_qhKY^Y|~ZLYrm!_gllsrW@f|!
z{OCnosX$-h8lQk+FG^idUYwtidTpXWUZGlM-iEJo|BD|7Wm0U9ca-bKKuINTVyFOt
zLP(YiPkA$-EH$96_#nIjfX519AmSN$hPZn%*vkTG#q9pfD|HK3GDxK!r3v-LnP9#(
zJVD4B2~a}vJB^oSXdU4d?HgH?0vdqW86l50|5`(P2ADQJPp)>r4YSR7GZs?+ZlfWO
zy~(9e83)KkL7D;MP53FCU}+N(0w<T&HO6s4`Li?la3LhF{<**!815o9fYle|D<nmq
zOMeAXzSEEAHh{atTzLyoWZ!PhK2ZK=4o|<ZmeRPY%EIGBhPA|e1ZwQHp7ObXa1T^Z
zUYco@YI0!f$Zh!PHobW$Rge%?+jh_W>0KznFFqGYC78?;js^(#g^4ygM7u~AwIFX?
z5mA`r=i%<<9z<k<5q&s{9o<ReQZ^v>XMt3bvnC-Fj`S05kCZ1qIw8^G+m|q;1dhkN
z^X*e=?a5^=F*+TOQG~Rzz?8C%vKdlV(38}Yj%FcpK1WNEJNbQkN6AP_DV6L$)LwBy
zMhjDxH7FP=3JayguuyPtO3pk5Z$WMmrZ($P4>LPR7F1*z^|vFn^Q4)2LgnOWe*>ld
z<KB60n>q-^$5T7|JuJ#cPdYt?x&Ud^$?fKc30)tdopU3d@8`QH+Ff6^yJmH|XSOkG
zP~5w+?)s7L<?Ze%4%%mV+D{AGMi6ZqPTRrLPUmT7Co~3;9!A|BW{)1$$31}Zo?31$
H2A%%{IZk-d

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_sslv3.gif b/www/crypto_files/crypto_sslv3.gif
new file mode 100644
index 0000000000000000000000000000000000000000..872cbc0b3bbb280e5a46f55ef55d0275d3dabc5c
GIT binary patch
literal 30156
zcmeErWltT>6D|b`6m4;*xO;JThZc8tcXxMpcRRS-!TsRw?(WXv{{AoShq%doGSALt
zlgUmdnc3Z02`O<-E(1iU9>`~i|KaQZ^6S6Z*MGx*{POz$`2P|3e<uP>O-(=`uxau?
z)wH#>1p$%m<puGd`^?PDUtg1xlmBCO_J8vA->TvNFv-kp2m#?m_rDDIUoJqvfg$#H
z(IoBj`vT!mXk<t23kE`e5=lo(Ius5?Vl!G!j5-vJ#QqkDM3izY9!sQBsFWRZECHo5
z>5WHAIhD$#LhKQ&j5U@`=LrVE6G%6e&lX80(ddjfRm_+DEt1ZWZmwJes5e?}jyD6A
zYju7d@cP&4tTvj?7wQ07=+|3q_xp2bTNySxUGMic0j-SNJ-$#-gmi68y91$Uq`FmY
z%=;s;q$0U=?JS3&R8~?<z&ru}biP0ovYcnr>0G%2Kz`D*`FyEP4-_ls)pEJkW_La{
z>D79@)$50VBJbUHyEhs~t1#u=et$HRCxbGTVa)@*(rC3k1?+sj-WdQ#5h-+cz22Y9
z1N5f5f$z^Z`=C69p6<{0m;3YW=^o$Jvs{DLX$UAxP80}e3Qm1LMD~-Npr7JYyTRzH
z=DQ)-rsc%$-(nw$AfX}u?m%3Ir|<AWL)7g?(zTrIMKKLi?MMIN4o8RJFiazb{EET&
z4f+1le#f5*k_jc@rCfbKQI`GmAnC6-HF+}ZpwVH9x-PY9iiRsroI1DXDtS7bbNPH2
z)Pz%S0Q8M01izTAnW`(1yv1>j`%%SluJ^Dcrmogr5*b7=rnGq+H+&{m2A^waoWBL(
zZ?ag3-V74ALW5@`x4g&G)3W?fnzM2bRh;$I+cu+<N`lZ+oC0t`-&=X2sb<(_gcWkU
zVLYs38m6nu+Z$EIAg0wt{U`;`c3#vTm3fJ+kPJm*P^Q>Ptu(u5Z=59LZ{tYmr^-!p
z6J!vnc`rD;rZl5;{j~kE|2($gVae(m_@ZfEX<c3!i3?FpQg;mq2^BZ3HiywLj9&=>
z7`s~Dy5|h`>T*y*I)UA8hnzKet%uQIv#v+U(yZ^sw*P6V<x6#wS0~b_MPU{#znU}f
z+rodCnhVcy)%G3Ye%QA28__&;9m5bXj>~dfKFk*)UugC~<f%S3RYaPW_ccv<9t{R#
zR*-x%`~_d*iswhgGJ@@AZ98ONCda(sylnHlDL0Id1qRL3JUSMd>Cie&+OH#0*GhZR
zrnZR<fUfqhU2*jf1W<Um<`T8Q>|5DxSFgwKmz|c21ewxr=4u1k%~jB_(KmyXPl!jY
zC`Ka=Ill(zZzp@!_?@(V=6!#=8N{;t@R*3@Z)^;T1-JG_&WW-551?j{T;Au8wgrh0
zU4K6B1Tnf;e%=AzDs<GsOtZyP-Sb=5Sw~%89+vF{Heut#ioo1=3iZ2!9q2jO92M_4
zH~w(4`fk}Hy)Z0w2FTir`@GPdYs9~O;V1H8I7Wp&&8?IO5DVZWB!!>5kXfk~qT!WB
z`!PD|LYTY@5RD`UaMtQVIlBswokj-;Y7qUw<cNho!#D?RJSJ6t$rhrfjSf<9-$wk6
zE<`Vr9HP;@jZ~i~#B3cMV(`3;(nl=99+4bo!9BBDKm+kCjSjPS+{V~P7vUdEj&QHt
z#=1`w5k8NO@W0*0`6CwphLsu>#=VOVmn|m28XFbozDo#pPJXj|LUym4O|%*`CTAQQ
zlXZ1W%0(onlBgI{^qosC6eXut7#mk^aZIU+CZ{v27}xBcOKlh=r?(peX+Jrpbt6(R
zg;jtI!E@>Tq7=+=V-v>gP8n0t6o1MpCM@~qGv@{=*lNcn)eC3sA^eLuN2I14Gw-uc
zWXrgh$EI96?sIMsi^-_V#bwr<lAgg6l>E;X)4q52d0<2;L0FoZK-7nP7&$6otjd{C
zmWKl57%EXpn%PLjheFIrDshg=*;vPiB0?l;NeP;{#KebUq|YPX{js^!j)xMam<m}l
z>G{mH<m~&8BlgDC$(%RkEWt~QzaG*HdGL?rVg!}{k|GyMxK%3t+E^-QNH3O2KUS*b
z(EL%c6lL3b0O%tD)JLS38ZsZNt|q8a|Bb6Abu?Go`vA1}rI*{+nrqyF0NwlXW#C(L
zt^X&0uYHZU3HPZkT&~Ix3$!vUtXR$0V5wS9vpR11*pNJQVa#E*I^mhxn0ZNOE<n3B
z7y8sxEOyBQ$3r{P@zh)w1Fp6<lUZ+aP08I|IIg^DuZ+c%E^bGvvj5Jrv4{HHHY~^B
zm<HH5VtH<#swT4nzKM&dsKtli8gp8KHm^LNJ9m(-35aE+lp!Gqdw>V7VVRpHs5H$t
z1l8VhczSPBYRylRjK0rWdf=_r9tf}<Raxied3O=eitdK{7u^;N&r9FWSbOy`Ed}4)
z=ick);}AA$D&(@XfM;hyJ09(^*%(gX$)v4o0ch`}<z<K=mO0vtZXb94Wf+^>9v>lE
zpYZ)<#KxO3)F)g2JA%ikwJ}qoSC!#+nU}G@u?@*(vJ&vH9LZP=j<(D1yQF2DAbrfc
z$oVK^GA-0TGh`=lBCEIlC(OzuWN2gdC(kj*{OgqKlvDO?*RkyxcC5VWZDuQIhY&>*
z6fXZKDaQNYi6&z_KDMcta#M#E%6WjC0^QTaYV&6gN1LAfeJUGpdNcBEkdU7(R?TK#
zwefASCYG(rjNVG^YqeKM^{y-~+FTqBXJ8TOxX=mdfJNzTWmLYU0c2@$pQ$!#!Oxaj
zkYoO@)@?F8)wOg$)|~zMb=?JqBX2<N${|Z@`cVA2eW?0Mb!#m~ez>L3Bj-efQav`-
z_7CvU=Gx@_eH#Mhg*(f}z%P+|AxFHqU#RPn5!P*@Ot(J6O71*T>0=Lbnsb<==2oLe
z3-r+43Ir1on4h!TAG{qs+6occ1$2HKGR1Kb{g}FvWvSa_Q*fJFuD;K`|2XD+_LvFi
zzMuBp$fmbzpGcc}DCGghLx(Yx%WOErY5~vGdpedHryi?mpHC$9Ugt;TpBl1!V*g-y
z&MwzHwV-WYip24(Z_B&259svj3v_NhPd#^Yu$<{$ckDnZy!7F9--HW%MBQIK5A%R;
z<0am0Tr{8C*MWC#)4WF<ey>wn;QP!Gu7Ez_x4A4Z<*d}Fvuf?zQX}}WCXVmIjPZSK
z9{kiY4RoyXe%pHQrsYHIMhQ{)*v0F485QWhOPc;TEHioNiR*qSD||oO2fr;%^FOtM
zYd^1?zTUS`z8*aUKJT*hs3#SA?iZ)QkDWcAH-0@I`zTl^d0*fc*vOY>6fpSy>kEwK
z55egVsqVif;rp8A|0>~kzwD3r;*X3S@RKtDRXyOT%pY6b7rHF~W+edsC4dk+@Hb~5
zNt;(vm?%zq;Jictoq7QMOCSSw5EEw*vwHxIdr*l)Ah&uT&q@&QOAtSHupkvaTzHW9
z3&x-HV3xLE>6KvFmtgr(Y<Blx<#Y^T_Yjfr5Y6-u?Y0nIDgrU}5JPi}e{dnD>Y?WD
zp_b{Ph@2sO|EOU7NmYcXWDKZ8zl9m4qwBSW>8yl#zl8Z>hihSn+EIl$bB2K(vBNkL
z!-a&x!qUUU`$DZaBNEjklHDUx;c#r*(BekJ)pjF9Zo^~XBI6~|+kOe*xl`4sQB9JD
zuc$GV4@6e>b2k=5)?m|?C3&^Lg?G6})d+?2288udMZ3a<4WEP$xko3HL}r_ZkFG?A
znTM5Nqx*fM4^t!|pW_&Yg|M9E2)q{#ypI_hiTP6;<L(e+{*TH+DAt!a)~7G_EG+g2
z8|UUE<|aJiB|Ty~O!OW-GUp`Pp)GonGya<t^*5<_*ott0+c?OK_*u!w`4zk-$*3hY
z>imSLrn1ORY=6v*gm$3>dQw_~_DGHJgdyfciqj}yTVm<A=n%Mg*fDT4N<=(zM))io
z`j=!pYexM130iPK>?$W`C@SaK3h%QzrbtH2GG}sVVX{1R9H21yK0TQQE%wYkWf?MA
zeJn<*J;i1=r3#x~Y&E&sJVnDJRlGe`2`70aJyjMbMcgA*1}9a2EagZt)tEZP#Dl7;
zjmDNbO;0K<a4bzXB1LpHSveyv@<%|{OX7ErX#V=7!nULt&d7oCB&M-wJ_}JI4{o0y
zOt>1<BwSS0Xi<6JGBI&7HAT1!A~K7mGI6DFE4iY|s54cdXzN#58Zt7QR<jx{GP}7F
z>nyTLUNcI#qRKt8#x-y&s55ILvIthQr%yBcG_sZ=vcV0RwP2Q<ChA0xM(Tz~PCNF0
zmQhvnnVap|?PG}-8vYCw@yw?YEEyTmk{RDEGSV~hc-u30Zj;tH(^M?dF5vPv;Zl}_
zW4F!ozm2B`bH$ySr@)Tqx4b4BTF@hS7JSDo2ntI6vWOuZFZf+qfQnmqTAum{m;c0B
zNKskvv!j3(w=ftdooTIr3^&%dD4%{j6)Q4T2q*RJrD$q7opm(=xgsy=M?CwF1TKxF
zx3N4P;)L9aT;GTshlqrRa$ewT=3++fP<ukPQtlvE_Rd(gK22_adkG#_!uDy-h()fI
zWeI>f$9g=|fV*riqSQ<?YrLJ!;;ppJJ-b@6bdoC>tl^pKCY`R6S$5f8zW$sGN-suy
zO`L*?VH%4l3Xe{wiJ3bo{?x$Md@Z;dEpYX~%F`%di_9<g%-=gHqRXsY6wZep$22;v
z<dROVrYW-ID(avqtm{Z^Sp!g3RyJ{0wZdbCW)z@w0LIUf8PJM2G66%Dsg!5=Q5w}}
z%jrF^3E9#<-36t3xH%mW<z>`a+m&ofQrQa?nPzV}SRUn$XJwj}Y*&`0cev#~9XZyx
zxosNdH@LK=|H_;#Gtaqe)jZ3-JZq{>vvlCgoz`kpm1@>kbLt|>IwH6c0EyVN!Pg$1
zv2E3w%-HT4=|L881(|6P7Ws(EC3!fNil<;fi}ott`~1AjbXNG}Fpu<d`1IPdBI3?U
zP3kJHvj+P20#A)57MTX9vqnU+Dv~u8!;Ji@$cCw+2Bgd;LC<FH;ObJ!XhJWH=uBLt
zPCx3`=HXv0I6O7mW-Z2@Eis;fd~?nA=SfR%v3jT8-Vx2|4sj9{p>CZqE>W#c>)x7p
zt$brGoj;<sD5K1>e5xE<B0+6hjctihA$T%vd_UUK@!B%8+Os>`eVE%)5h6l)+KYKQ
zO0_!5X}wbLI^tK_YtGwi@jC0G;_^WqhVC70Ssfi&on28K0IN<zs?L6%&H=5i!FB&;
zgf5Ad&WX;>sr9ZIp5PupmxOuO64<M2ISaUQE<7d!<iG~*ym#&4bszBf+G??Gf%4Wm
zyVpV8SL@v#v%u4=fJ3dGeXpLUte)=O#H2MZZJr*%+ipn29w_bJT-su(Gq21ay?g~d
z$k9DNKYHKJ%YR(-tc~}=WcNXL_2DA6!Fgw7RaO)^<z;AQWSm7KTmVt=`{=s*88-S0
zh580Ki$m3mIV!>vBPyUg1`w?Y2qyXjKL&(lJ3rjDgqizUz4KDq2MDqT(s1&yWPyyl
zLrk(msvkit_!&r2(SNMt<*kdUFMuMv!$R7_#<BrK+Tn0xLk~ZO74R$gCNflbN7S@O
zoV|NAK89g%l58i6dAW+ge}43uSq}&Ej)q?NX0=r$M-CEeSCCA^f8vdlQDw)y;~Mb<
zN4`Zuq>qtNdu8KCrA@RMg0exs#s`>NO7ZJ=!rFW|fezXJ{tn3tZ`h4p-p$_4bmvV}
z$)MCe5P2o&%B+z`v?)nw!lk}7oOq%kdV)PTpNXoc*4sBns-`M!e8X(=vZ8!tqq_BZ
ztdiG%9g*P2JO2I#?p7C`z4Z8++Z6uE_^h{I{YEP0coi)G<ja-L7#TB;*eoSeMLd?G
zP|;Y~k=Ak=Q(IZIR9-~SGo#?uh&kTyIZ;K+4G;xPK=BnI(>HhmX3%pQ1JLr_R`Uxr
zt5~EPhR3JR%fW@De5t~(GxOYy44;Knk;ybMO;Z-B4db&{Z~*ShS=seS8Mw)7ULT@}
z7BI`y4tM5@WzFj9!q_Y0udF&ro0{)d3x^X680Xn9k-1;8C0!9MdY82_z(s?}1x2Jq
zeVZk$iYc$mrGLOB@#>si_~jkxC3U$m%gZGUndR1qMQ58u-OXkB%Y`oLxmAs2OxoNa
z;IgM?_O!*4UQU^`&tec#R6@?8+vT#lcefVH!Xh3v6!$a{{q&UVnxECoee?wJW*V2=
ze6RM})5coqC+I6<P9ATqo_@MvbFEx%UG|ivC}tg)GxvzS(XzSTy_V|BwLb3Cgm<}C
z9<#m)Hs7e>+g$QlZ>iqsp<nxvvp&bS)-Jc{$Fsh<xluuY)i2jL>$5SOxoNKvB&N-s
zYZEL6T=Mc<^5iQw;9Jy}Sv}=l_TXDWLC6dS=BE3sd?TzoLmYpfTw0JF58vGR>WKP?
zS>>q4b@|-JVORnP?fCobM8xcD(=A64>^cBfNOX74;g`c~R<UzeNsxD#r*=&~cLH-3
zoh@@S<pQsGx96~?$09d&<<c%DHy1azdb1A><krb6*N7uFXFfqk^qXQHo2xpTb(a9Q
z)h%V)gEFM8LxMF3U~519x{2@MEX#p<?$NQ&f!@}UjPK?--$8%XkrV%x8S=tb%obP-
zdBeVYR_E#{8fUw4Z=X|r8&hkFkbfUmeg{K-5@~At`+mlL<<6sK`M0f;O6`4?+*Lf^
zJ(jDJFT*|h*k!w%ZAYZUEbwlz{3+>Hsh?blclBa)&R%`ZX^QVcJ@^Dlch%44tgU;`
z0_g&k|GW=*ub2UtO)wN{>$_;)NT_-E3n}dxf7VkspTP3+7fn8v&c=xMp^VJTcw>W8
z#oAvkZd9a&Mj9*t!2yTnjIPJ!?&b`O&lTzAOlQuOM#R?C*vvIU<EHM+Gjci-`iu$~
z03DZpDSzddaZ@CH{j56&U46W0JJ&%FAiQ}|+B!wd5WcHDiH|(B3z{mA0w+eS-@0n!
z_LjR7g#`5<UowqO@G7rgQr<&*gK`n>eG#@ovT<x*bi%sFQ@Vmgw*3-1$8<G^s;oPL
z&-~=_?kc}U=X2OHY~P1@KdR<E-ag-NVLbf(dUQj4GVJLAA*0jP{!@v2w5)x!?s*En
zy<al1c0qS!JA5?odp62@cCWptonPfou(1i1)g6{mTXM44ehR;Sis*R>lsWO;Mti0(
zjV^XRHh%W>d-aNYRqML55w|RAvC1?xM23CC5;rXEvGQ|yiR^ic-hK<4c-&lit=~2m
zgR$<VFs-+HZ)3EMGk(qZde21p=<f+q+&1;sGtCQ?DvvYB{9{@KPPLd(Fsr<NTbO=Z
z()+xGc&93R@6vm3yZ&td`fNdw>L&U)68Ja~c*;hx1YN&cry8z5ecT9q;i!HowW`hg
zeZIwgzM~Yc5g9|=B18DQLH@wRSN}=e7X**Q5X^a_-yeoduRECjZ@&|YfX^2iNAW;1
zkzAr<AWYFjI+a$ZCHPg*R5p{<W@*qv$xJ?%$L9(9P09Rkp-2p-n5VLZVyR3Hd&rxz
zrE;ZG*)Wek>Nkk0mo*y<i<{rP0oOZH$>!|D8cjCe>TD3O7{r>45!ToMKd*IxKG$!D
z=8FGq9|$D04O4e89F8L32>noZG#*c)R~z=$a5A0B;&TJTd}=tG&lSm~iTh}}SS|r{
zT0=iIU9H!2dK@PsQLIN}fXp2>Ct5G|dsqlW61ppvDo3Ckjxeycr}No-wc3cUj+g7z
zdYa*4<oda7yz%5QUmoG7XUqAI%CKo&U+=g3%Ots6J-^Y_Pm6ch8-Z_7WcGqk2%<NF
z-_eZig<$bMCR(a{=aKyDBJZo|5jhU*i$3`mraQ01(d$J~75*@bp{ps^i(%?*#P<I{
z!JZc0x_hIQz;`>486ot5zK|deBAb&45fr`Sgd;L`l%mWEzLTOZDt45n1q?O_{cu2F
zlw$0GW|d{;bF7!ep8mrs_h(tTQI37v`JM`As1s}>%X2-*st{Lmz$zo~4*j4Y1V!%r
zR|Fv@et7+8q4A#tksO0OCuK^LqBLXkA0=517l$c&;_qzA|9DX4NW399U4Dzo;DxhA
z2(v!^)le&OQPr{<dQ_ciF?Lqg^J{i05BQ7At|I57s8V6<f$O?z#1-<SVNq1#x|YYQ
zlFX~$dg$6Stt^MQ=-NA((yPiys<!O7XyT^hwjScfuIn`4qUCkXCZ%o`qk~EBM)uaK
zp{#b-O74#$-mI^*&cePJtU}MO--O7Zz865*!bu)X03%r9Q(et&94~>{esFzK(x~gL
zW~%XT+VJsACHxy)nyI}7ze>H+w8_Phy%M;({pdfFj*}1@Ob(r*gjg<%vMgI%i)^=H
zE?vO((3@p-<CEPMgBFa}VUa9(i;*v*ulk;!8A%p-01tbobrbcH`<4H>EvI4EHA9PC
z<0r$qQKuY5w($Uh#D{%yT{W}y$R!*7QWg=i=TQN17S4Sb<8;?aej2!Iam*!G({e12
z5X&Xj<H*x$Su5<*WfkkbqkqH>R#m<A>*&*VJLwbqCEygiX=@g;jrSU@BdmMfdw=C~
zJy@oe?RgGxOS<J26Fx7xa)A9Bu=_`pb2bCupYWcWHWT=qTgT#Ky&og*@qP9Jd%J!b
z9sBuxy;tRo^OF3!Mk4cuMf~*-%&x`(a*(y3BURT*=iuCdm<YfS#kNl`V}~h}b0@;r
z9pZQ8Lp7`oru?(}w~4Yh_NTo+jHo^$!h8?Rw_`t!Vq#>MbP>W9Qh)Znt#A6~1;ibH
z!x=twQIX&VNL>{oM4<~2g_8S!A;qav4U%9qr;9OET7>+A{(-LLF3OVV5N?7_ikp@`
z%+@j^4h>y|{x~lJ&1@a!R!mCxm_8!-8Bb>YXCJQsPLvdLHYV&(F)@g0gv@3(K_~ct
zlpIIu+~+pV7Tp*vVRTTA=2t?7Gl&=`gN*-bHn~LfkXj{!O(0e@K0n$BO)q^IGIB1-
zAo`GsRBTM@DKV|*!GviVY%HbLeUk)*PC^pLCC)~HmNu&W-^nCK4y`<&xm<PhO|^Ye
z*)=I^J6eZUBv4cq`7Y%+o1B|jUEWpNNq}Mv9;TB-))R6*_i^yJG~9!6r)^$d#*jFs
zsRC!G3&v;X1IG;cOfHn9sbF^kGtD}Tk?CkIPl-1Hg8q*}zB;ol^Q$>OUklptAzAUW
zXoaLwN2$-<y%!b|n&7^<pf@7=AB5`YHbPvSobhWDp6`_+A)2%f{R`!kV^qJ)JRo8d
zm5rc-bm0O<TFVG)4H5BA;keRUHbd-PME5P%2jMv~)a?TtwJM|+GndesAIj}E(b$Gg
z`ZE(v4TYmLgq<kBP0v8fS`{8DeI<_OAqZ7RPo3X}5$p^@U|E+J(CXA2$7+EpdwE)k
z;=f&ZHTO)ka5<ADrA_v=W|#P?;+XYqNtvXm7<3B6drOOgv$eTl_GYm3rA*a-uT|;z
zYOC*8b_M%OlY}az=^v6h96?HbSBveQCRI*JFssA)CH3Jy=#0HG)h@)BJA*@NoCyY4
zZ}_nqkDIMMp^8`caGM)v9^lOF8rEr-I9g${E`7K-wYJXOnjbG~ZS_D}kgcjsO?(wr
zNOW4eFw1>Nq3{mtUbFkLqU{_*8*T)&Te+!j9dQ;l@~wc~pGvL;2cI`Hq91BYVjM#W
zC3OF}p$o>%3k9M*QS$EB8xcOMceBmv!}!3e{$!6gKyyZzjjv*F^tBHvic#+=p3rY%
z(Wra~xe02{Hp!I49+}gg)87f{{-sqhz$Shly;#+Z=ckdT<w|3-+@wV}kO6WXzK`m<
zFcq)K$oFMK&&N7H{)3e{0}*Xr`;xuS!@)fr=jvRn)^IEax|s<bekftfv6yJ$%8?`~
z{`CkY(a-cRGhV#8SS9BSR!KAYcVuD3eUW6}D0ej6hI0*9wUzGt%KUKfBdfrm6r%>Z
zb(OA5LjurRvO_b*D!7FLNNG*k|7)$Fro5RCPue03C4U9FRnCj=N+&IA<4*d|xaFj{
zCb$8w8)UtYZJ{ISO3Sv@1fyqmC`D@ethM^}^xXXSi8?9WGigejravG?n{|(6=_U3E
z$m-DxA9c{58lYi4{vnrrcCm2;<MG$eM#e1+H)cP$ge9$ASp#olb9QjkYh+B>*G+lR
zg(7zn3fVr_ZWa`g%?Y%Tx-%V5Jb{aQ?uYVlwgX`tLN;5q^W^RxhHjh@DVSshfGy<%
zQCCp)+DKZjWYe&GB6htPTP$h>f4@%#$#xfR#crrjQL2yG-<v1Xhq^Uz;{e<TSXN&c
zI6JR5Zupjudr99UJhvON3w^0ub*@B<@IE6peA%vI@odV~fOULY%n@kk25~&#C9{%a
zb>Z&_CyO$w10Ftlrx{P4*M^^Gt!5@2J;P>NAf`*kPv&*?DCXHU%w7bBF3WGSFQ(Mk
z#UEneTS`o=57n=6O|g&N<}V5}qULAjs=9K<n!n@Fn5Jp(09PZ#xA|rMt^$Gj5s^IK
zE5)?-o3fhA$2hO$n2q<sRFVv(w&wRA+@y6|<21)f{BIqMXGyHkyuDBW8fc#GZ(95a
z%H41q-AEJNQm5V0P<fI2C=R3oXiz|GkscH$=CR(MHxZ#*PvEa2qMHUB)B(WRUd?Hx
z5Y|D@=e>~5t-#NT*66!>k}9s8nf#ut&U3FU;C%IO+KM7B00nDrRU(+C-|IJwb7$yk
zE%HGxBR<8D6+ZDo2@@Kk3s<8caU+rO0HJ8(Z?b_AgXXyYcJv<={rCO6&>{wJy_|?y
zx}CKAW1K=x1MGi9g9Akbc-i@k2l=cACAuQ`l|@sz2Bql+Wts*jB?qO@@gyHaC7{K`
zlSSpb(qsn*mHrGVKM-$bQ7Q7~{|z2eNFK_;6H_}#wS#K4A`wzK5L12_a#<DCI>7V+
z<nLq+8AT5nBM#jB<{akf)KKcYMiWPH;zn2>%FYyeFv1{A>{F2*_*~`0ycp8`Xs+Qw
zPC_8FKqOH^@3mkR|F&OCkB2|dH*nnE%UL18AUf=W&S|R6s|KztcRC<6qUF>=?-Rl8
z85?B~wyIhEA%TxrtK~8Jh&Q5VjHK}1O*vO=4q$gaYXQACG0Jq7c#a(N)UD(45-ZWS
zlXlbK)lnHq^*IrySo1f|NzheQayO2pSMg9s(`~gkYzhe;_VGk&NO51J)oP}f7k2h?
zRn(2s6Yr1kZZvM8bvCk&h*^@>vGNGMHB91>DYlC{DDz=#2+eBI%>_x`b624%0Y8d>
ztE_Z{*1)@lo`F54w+y<jY=J2Yq2W8)#sd&=L1x~IdC0S>X+fy5Nm6BSRJ~(d)3BqM
zHa|azJdn3?o3${}n*}bodXa@`KdE;LS`JaUE|rc6yinQer93&SJiZh?0uwCvBXM%k
zy7x3_@~d(Zf|VXFxO=s@p@O%oGI*k8w5#gRNU9gtn3BYPrT8tL%mk;*+kg-TYaf2`
zXy4f|KH|jr1U2?MDAbu~nU(R`33PQ<6RHftiUtj9j$#yZfBc(1FPwhkQFsQ75_wMq
zcz4ugwUxYcgYYFMx~RTElTLX{oqKh6EA>Jm<ig6zouSbtX=cq=R?mINZGY4*Aj(4}
z&m>(;AfitqOwN?a{$2ML{L+-$s`_i<EGo^)S<Nf&^*-%&K0dBQlTKR`BwKSrCUYIl
zw`4GJXRL5BC-fLKjTQxL<pn)!E4)VuU3Y<r$~F4Xjq9DM322*zF1$gH1&aL*ie(Op
zWEj)K4?_v8Q?8yB&VQz2Wy=6`g-6beBy|0RJpK8C<E;ZTi&A5N#4Mj(8p?-ihKau<
zjSW0><t=@}70F{f!8GaC(!K>O;lvHCM#?=&je;o+w4w|AA^qOYv&MiSiw6wWKM}64
z;?Aeh%8%j?&=P8s3apE$s)$sILun>OA}u2Q?!m=0qWF6MwM~X%|1~fEC2keeRw<$G
ziIyQ3GE%K}P&J8Jw5UeXB%d*yB-mY0H8@mdAW^mULAS(E(;!z%XjHXF%Cc2iwlPto
zc~f;>OmawBb}U)0;!$%q$#7X*b_E}*C3>iN1JSf6hO8@>19O&xfTLdDSG<VDcLZmA
zLRNe?NBnfunRjRTZvW*LE-d`*%ZU_tO<4MtAxV{x5iYutgb}Y_wZdy55$~=JOMv&6
zJexcCcTSQ<L7PT)zJ{^KZ{3)cyb}0GomIwm_4??J3$k*>Om6idCMV|dFa5<5wv`IG
zpD6@u`cgEB?ix84cs|zM5REhlp1C!LWAKxm<%89k3-h0a3zYK<|9#u#HA&F$N&yiF
z(`A|JtGkg<wSeE(dcMOK$Z<k+X<Ayx`%6p4%gy!466BxCuXza#%kiBh<5Kx-ylN|!
z_ko@eCuYCNvY1SaxGb{JD}iY~6{*Bl7s!zS^bzW`8-3=haqg?RK63Ahy_?3pFpv4Q
z<g>uTzZ*l7Ug)!YI!wqhy(jNFaG!s7jqr9<lq0@x_*TW6(zUpG=_FFEP3^09h$_Az
zDC9!UJtryNUdp`7D&E*A-22qLW^Y`F^v#BV#!{vjh7>BBw;vT(7(I%{c{@C5msVnG
zd2$%P)6cGp)g|6dY{=@*S^xXVwuP~%vzO9~LNL3#ID_%HxM3p)8@z?gkK>0g!Zh~J
zl!V8ah72`#_(D$m=euqzod&kHCUeXjQjuQgADv}D-(qLqjf&pO#V*BW9dVApYw!li
z6F%;THlgw+c`4!&J$Tf@h(cI+*XmJ(0H8#Ork|t2Qq`f{n8OdkA#Nt<k_L9tM^6$D
ztkZeZuUQL|JF{eNV7HO)!}Uv%WsOy5W^h04@TG3y{4n^{-Aol)YCWK;ME}E8V?a;~
z^loBIp^HRmyD7+EAe76cCB_~njV5upFBhwu{Zm_tV)rwJe3?Kn=nuy^3oD%svxMz|
z>eAo`J^P_|o3SOY_2q%q(Sf#aq(b-BhyJ0S>!JSeHtxSBU1SVxaZ?@DBYt@t8up`f
z)FX44Ba2WZN#7$k%_D31Bb(44y4|Mz`A7DtM-ILwhN`W0q3E`%W;Ro%cH(A9Kabrh
zjy*~V)P2o(!5YWjrpNNG$6oB(o-pPfrKVO-X8kkAL0iYjSI2=cKLU_X!eC4TO;5a~
z%!6CZU3E?(C@{j0%)?Z5B9_dHJ5Ca6P9iV{E~QW>@YtLmPhwpyg1?_qZ=rDIh$gn2
zCdP{CQXHnhET=x5rZKFft8z9QacZXS6`D$9tDa>|ohH>R9{e_;PCaAIJWx~}%p11M
zca`-bY#A-$mCil*BWGEvd)5FWlA|l}f_hlTuvF!0Rn4zdlY82PeArQQW<hq|#cnky
zaxPtZD1>>~?0QryinQU3@#{QW@VrjN6k{N94NNQ=?PcBOYvs&(ya~kyxag=b<?OFM
zElg(t>xASU_9<o43yR7`u0wWZ`$Xo%AYahZA}^h<ibqCcj;0V0Em&zz{)<Tv(^Su}
z-po~``(c|ve>DxT9(Vm&kb9o8n0B-&+{(E?ZN0F0`8&SS_5w!w=bqtts<1*#{&&T6
z82IbUSQ|k$mhSb<uE(+4Q02AIYg^Z|K0>tVD~nDV)<+F#^iG4)Uj*+K8xS0Gj449n
z4jXR?GJ{ijPg#mk%XZ{8d1&Z2GXcP|e?&h}<`Adz4vuapQqSYX6OV_l4#s#24*GeQ
zuIgh5xd|`X7;-UTv(d`(5ieE?y>E#Dw;q4Se?S6eRdXeQw?uK*#AZL%b5Ayw)Ri&8
zbM5FiU%Euoax7cO_9mCvU){7+YWCAOe<o+`XKv>ZdWcHu9eabTCpLFsB}@*lZf5mu
ze_q4=I=<yh%f&v%D^_;!!tdsByFKz4Kk>M(3$aDTdf>#m!!&c?CVF6FCnTV}6CZ&k
zH9Jw%5V>2sdAZ$ys<nqCYJyao=y$wXHDZ?ga;7G#Wq`dO=X#VGv0ub-dGNmJo2%JZ
zz1OHc2HA>nd?lt6(6%<-!*~4dN*OzkwK3orpB(#redKhy^>?m|#zermhmD?F%OM(P
z{|>B#;dc#meMs|v2sGWp)^*Z!8(??4@3C3u+jh12YPEenUhr8e|MhIYE#L@-y>)JN
zbD5@e?J@I+d-mP_<B4+Wh2`#T*Ydiw%_(MiF4m4;ay_~C9QOP?j(V2UV(B6(5mMU}
zu<Rb_SKOUy(eZTt&Dy;v@Fg+sB`4FJitvoJVf=UHVeqtUY}#wgv|AADL60~$ny%Ft
zen-dFYioaI0LEJZ<y#@gTam<Dv6^SGTSk(br~Ze1uIUTMq=!GgaV3$*Hd=;ze}2vL
zTP^H+9oBn2<$FUKRc4+?YJ<loy+LH{n@r_d#<*wXdS)5Svb+03*T_3?*^8U`wFe9R
zDA%)9z%s?m3Z4C<6&I&-M78Q?G>*{wXc@8_g*Te2yP?&4_Ls-8GZuK5QFT2XQNZ_Y
zb~=UK%?sb=Renx7*sgXc?_H`mKFj~3DeXgE!%O=)F+Z<@QrG=mJl5Cqllhy^#801I
z4qv)&?lG>PTC6SF@V;%ZSt}zEtF=CBdcS=9%r?z@!Od2KwQp#{-UHiu-uFIC^+<Ru
z$NOqu6Oo=9+vHXiX}|c-^0s|Epe|bdIKIVr@kM+J<!o(0z`4CZqvD&_{q7HfM`O`G
zsUsc?LnT$rHm@fcj>2Vi+&HNx9gQOqNyN8kFzSMW`~@KyQA+@VVlkVmvbd+1%I0>v
zyEwh4oXHo^L$y(RD4#8sOrx<Gf2f#EXZ<FdBGpW>2>A2O{t|5Y*sD@)0I=M&#I#<l
zHD84Pe#T<4TuQesTz&pfv)SeTe0B+XuHEkShecqJeW}|W49B9iop8TiZ>PDHvaxz)
zIhx4ixTiaPH8!c!8FI|g#66#^Qk7^_v1z<mSponZr!r89{eu$)?)gtUIc~Q5gV2a<
zyEyOm$I-S*H|}~tGtFg6wYI?O{R@AQD4*(<3(bZ4>B8^Rt~Srt%MNp!v>H4gBe%z(
zT7|Ff&ySbq^Xut9cTTh!t%L#JamzIvf2hLbTAk!z5n46~aqa}8a=+xeOo}zFI}%Ww
z5Qh^*Vv|IWW~vuTOafuiLSQ>yNTS(qVYdT+&0!K+gNsTyv^24EIksXsP*(_*Xs1qy
z5+!Id$dY8ZSILqUAj=J-m^D2PJt-k62~zo7Eiyt;9m>fgjWabUGR-P8D6**JT1e9L
z#<`A76eut$Q&r|F&=TBmaLDsrVYtilLr^`-3j*a{OLM)r->BrQ5`!s=Q`XQ?ATumG
zPD{VFyjB$FN8-{{6lLQ6N`cVqpaDdXh*JYn&o}|GKL1?^3fuQO05w3|j&lEc_;d3L
zeBz%d4P!K&bd8hT?{rPG(meFdi<(&%#zVOs)h(Nj@71jsCGZ4M3m$A+b*Ec{Ryt=L
z2<V;N<9Lj~`!%gv-Ck}E0*mW6Ev2>{czh;s9~7Q8Q$H-N_FUU68$7!8m$WQH_p_!p
z^DvfGHuDIcS5<m<9X#7_i{r?aMGK7(m$kt~@{hZI<^kTu3ATCfMk%B;kX>xUEX+a7
zNsG4Dh?t*u)2tLJuxU>23*&Bpw2Z?=lUtSZ!G+VxhILuXYm;q7FRr|CG<`_C+4G<}
z)Wt=<bMnuI9f*Kq(`g=-t;Z~7qiBY#kuPV(0D+KmHwaJnWyx6L5)EYLmFDW<`6cJP
znX+!fb(Ch6%XR#f05Vwp8P(D-ew_Mre;U)s%M}>b8T)cxKfvF4K}G{M9IOJhb6w}W
zZ}HspAP^C4F&x!+r8Uv&z28l;et|#kTK5^q?$luXKL0DjJ;0}aEIqy#E-nH7hr=Yl
z?pH_|BK~(ahcDmf8xWDeXOHid#mVJY4FA{Z^H<LoBzE@WX|2yakNziWc<*<b8|H1=
z-|rAqLf;ha12L<9^TWXj-7wb$AwB$t6OinIwXO5S;w6UpSKf~vC>KP&paW+_C5$s?
zA1Xt-i=ffkPtXt_#(z;zuAM&6vsf3-{)YrLj*|)>Il)H2o8)H!)esfDM7SKjCTe53
zD7~XYRG0zDxI72lSq`GN5-%ynZ29mX+`&jIuYD6tGxqx`<WSuU62j~95#FP7U*&Nr
zg2VJosKtMNR=i|*zbZ!W+QIelMR+=Arfhg~DYA(PbUHK2!=#e(v2k7>#grly5=^PL
zY=*KLI7%%I%@v6f<uc@_`W`G2(p6*-_L6EV$)MnayVRlGNHfQvI9=S}^rAi_F>%(3
z1m__FZJ}RGXw;Kp{Z$F*ngldj)F6$ThUC)O19mMbP%1_!tvhpB(o6-qbEOi`^q+Bh
z6etMyDW~*D<72+_RdgSc!<;AW304Uxa-TP}WEc#SVM!^Fpk-qLz?o{i?NvNH*2$2}
z;z&5xf+B`6xTqU3fr+{BUmS99@zjU8P+<gKGD9ON4f!vb3a-fv%!y1+19J{yc$vkF
z&=juE3XTZ48CUdVu<B8C6ibBXg8Ld;-q}Kel4JW+TbF1C5Rpo?wqwCV(IrPT;Y<zT
zZMuZXrSiD=Oy#s)rFp8d!gkY=xB6|Wm?Wj*l9x*N7d(}sXJghcB(qcXj7(oC^g8~>
zfAnIGGAXgn^~95MMl$fSRk;hfkQr5sT$ze-@Mw*xpVoh3R#!(%Q`3lD&Q1SSuEq{K
zH>VL?S`oZ!2L8ots`IfjrsY}RU}tUp^I0t$wLdJS$RZqnfkPP=HD-tFk~ofJO&P|m
z>OGfK{$6|~5QVEYqMBCaw0Whz3#nUzdDv+XVkQ7OTdG(~$us2}*8y<r-Y2$pJOFDw
zQ!*89<=uL~yNk5`_ithXES2oRpFgTS6=#tGi>o_gE+qKg^;a>KB+ydBRlPuSGh41L
zc`@`13J7}((k(?zHa4<0=LX1m>O%~^6~SCyyEss-!+k1K_BhM=-vy>*{L#r^f6Z@Q
zaX)r_Hrr_oMe5X&;B;RN*?El6>OGG?1H=jM{OUip&Q;sHA1<$zj-w9AjZ#Lz820}2
zAAcZWX<0K4m{rvW(75!NwQyINj9Kvv=2Bn!3qI|0-zU~kS)cl7uj(RSt=BN8S6ZXx
zn4|T)*Ckq&iRoaPa(~!pY?*4dvV$LDL=yM8djO1(HZ*E33y0M6@U53fPKwotOG@Wy
zz$UPvmD{YByvF-{{kqM6C6>pkX$hlJ{PMAWNJdSs?5$JdlQFZX+H~M1W#JnBQB;)o
zWT)#vw0fAmP3W`wpB9hK{E?k6D2j{*<!o%u_qjbs_0qA7c7sfw!oI1R93g6b>oYb3
z<1~9CD>f<mp+&Z9xB4cSHCqaPh$4;_{y50(XdB$!HpI%$E?yD2!)2K~7$EC_L*I3P
zB+x#VHhSc<`6q>^+E`zY%RV4(g95v!eb_11N!j7U*WcOW4B2X>ABI4f%}sCoU(G`?
zD}ga>89FB$wS4}#;~7cq{gg}1W7U3FLKYqON`<eKiY_ohM!;)+KG#0Pm+#Cr4}2mb
z#eVDP<a6#?%hLixey)t-yD|>gpG}B;>H`383ZeI>vt`Vr_?MlH8Q*{2`aX}z5GEWT
ze-y#hdJH&qN8Jy96wxTW&PEYNror;%u-Cp#HFk&QN$}-JE4;0O2t&%kKGRfd-<R%l
z18PS;(<~L<cM*F0T4B2%J!?NUS@nW@B)}<=3f|~KJvMXKled7c!Xu|IrkMx{m;n^<
zZB)<4fk4med>r@@(DQlW*Ym!Q^7UGlN4{D1G*4XnNhkO9_M2OfSCUBPW!ubn8;mph
zNl%n4IC8a`2gxvYPp}j4Q~%2a4gx;ETP5HAF?&E#|A_B5Tn9W<=#CzkQy=n84BGQ|
zz~A2pnuFirM;NG6t#C$|Rn!Y?pv8TLAuRJR?RTcice1m8|KJ{mqX^acF5dAfk@!8!
zg??WDr?PMQ&QD<}c*p{m_#b7)#E^m#2*R@nYl$VR`pm0KhAQc-I!oBOyXMWR(kaS#
zxx@@51^B6h$gT#FFZy70;sClIGWdA>_`T>b>c9A5I=Kqarc!D)mC}TEoi%Wh`mi*Z
zzmxWhp;Hw6^o$+&NFanE%KRHC6TVPoAKX%sZjnM9{<<a>k7=CngE_*m+hyI}__ydm
zzNmMBRQ#S%K>>qnD&CV}@FNL6Oc7G9DiS;?OGG-IrzpXlz9aSym_l(XVep5_M*%P2
zo*tD3F+T~9PKJ(bp}JT^s!I{Mq9F&eGMnn69%7+B`ra>g1GHh4x;|2F+``Js@14|p
zH5JR8XCdgidzmJN0eqyX`oskPhA6jIrJ@aKx`~+~_eK7Y*<7yU?dglf8)8#Pvakn>
z!3Wca4u*asWxOhsd^5y7+7n?Rlg=d*g&$#AD`?v(0RJ$~!Izf3Kw>-l&R<B{K(MPs
zt)(osr?9rqpR)*{C*kGR`df-6Fu9govFOQ1&ZVoyUtm~GKhG|0q9RVNR8DHtM9Md{
z&oi~}olvB9R@8xGs19F3$}KJcLz1XmAlot(u|VcbU@Ue7{w<ziC=;_FiMt<`Q4nFE
zF788y3pQjr%8+_9Y0W4$2sJJ_HL=h!*6%kk%3ZOnFAzC1q=)&9s9P#^Sz;=mY9f9V
zu7OLBSrjx@P<g5^&QfH@X{2okLu8n!x^aNUvP%|OLMngAQG@HpY#@-6(m<f1I8LfX
zZcux9q(G4&czE=eKg8kA6o<czUD%L&532jZ=&7khz>p-$+|arkPRKS<cBMp2P*ds(
z)yT9|{|?nlo=k+Z)Kr{IYR*h7@W5MoNqXuSQ5aX3kb*_Z6wlC9)cK%-3hk|_*b4cl
zY$#>)L}}crDHlwcd}4`XVTsFGX^3V~r%t)*FsVA&kSZ*&oX68VOw%ZQX<5ya+&-0x
zJeNw@o_yD#Op6;vo7-F~n$pXjSQz;PTh-KuqBP$H*L=#L!~@#|Y%Z0%XG}sGPhp|Q
zZHkjwC@fwazm<>MQRY>t>PrzE5Sbg;Q7qa^5exI3Xqf2tkr==Nqw+IT$&|eIwzzS2
zO;b}%jgMSC0ZWCQob2c{M_Q#GNUg}N!6&Q|31gXKTJAffrZifvHD~U|J`|Hm{Wo4p
zLHVzh@T|D0vLn7frY}u-Xk~dUO+{*DMJ`RHuVpDixnw+b$=l$W2`Q?@u?EXn{U%M#
zQDw~)P3==<E!YyUSUzyL4ZxJVt*(ThB>{KWSEes12VtIjidHtkpEo`I5^TX~(j{)R
zwQ6((RJ2*P9Emn7(zeF}Vo<HxI-*-$X*+AIF!-!G<ipxiX@OI;@P$@gOX8hZfX+LB
zpubi3TrhBnwhy_=El^$-=0f(xst0V)&2IgzAJA_a+BbLpJVrD;mp5!mH)2~g;z~Cx
zY}toATr7XlFHAR%No5AFmtI;W25~W{dU3`@vlemDlv*{mhBE-aoz`Irx}%+-shUWn
zos=(_jHOfFsT#Yg>U^q_ncUH_t)$O6^4t4O7dklIVJ!k}(~Eq0gi)PIL8CuY=}kwh
zd33<$Tdt39Q%rL?Xjo8wM>YQhj+=ifw@gG26FQ>dFU6}NE@PnHu{=#cW>_KtESbg+
z9?`kZ98^nF&57f!l+yntEaX+aB1trn&oogiG*|9FF{-=VCka`nsfyhS_LwrHQY`j2
zR2PgOreQdjx~y((uAv>?TLg#h4%><?T>1=C`an`!NK^YZm@yY-`Z&@sAJvE$+jKf!
z4zOJP=3-E$BbPrbsv0&rDy$}RWmshw=hQ87)wPT4nCI%CQWU*<xY8uCH9rb8c{-vF
z;V&bXH><{lIeFVZfw4Y)S~zW?Wc_hPS8A-6dw@@KE!KA|oLja@5_V@xb4^nRfxwtt
zW0nkKzk^wEty*EnbiE74489+x4PG<O+&WsVq*8h!%X6#=uek|p*q6sGk?*J|6kk=O
zFjHwb&04Be=)lc$ObaKmjLKznU6atrJb6>Bc~7JY&7?;wvqPmF{tUHMJh1DIH6u$Y
z+sLKV1#1|Io8B;FTELWxBbOQrQ~0V@8<Ol_L)I8*9)5SD{%*t+h)eAcSvvkCj+jbu
zlUYEMNMV^l5p8pee}8=G3JvRa4qIjgH=prPS+d$;{@!g=<$y!pc=K|US&v~BzGUQC
zUE(l~i-dMe9(VUkhK2cG8Rf{eDl#+Bx%OJL{->ft*I9Y|!!<TSP42BpyeYKj8#yE_
zl>s}o-`(9!;R@K7(84cNz2HZM;jjUtooO4Q;~TysENP9ubM_ty{sX@xsh!=2<6<bG
z;m>^vF2;IfB}OtU$B3zGjTX`rF-n@&lOzo0DDaJre<RKI_qV{`bTajHW#{0fVEU1Q
zI84)>P%_r6WMNXK-0FIvIAdC5#-cF?bIis>MQR9;?cG}0#auleRGkQ~{nEe2bPC6|
zT<VV)d!4G&Mhwe@K5EaLo9r!WuCG&sB0S}}CKXFHq)zJkh*ch_tODUX%?O(u`8yhp
zeA*F~ZqvrU>NE=am9kQo#x!ANr8KH$&8l{6YI&94imIf{tg6^^Xrma3A!#+snl)?L
zw2seaz+k5~!gFG3tCmR{HoG0R_iQD`nq_GRy&`;VGk^}tlg_=qy2!cSd$XaNp1ugJ
zfq<)lo6g=9TNOi#3FXrnn`^x=yP3q(34v?9;gd-m`>w?kz?I$7>nSGS2@u(0mE^jX
z!Cq3zZUb-~u4galZm}I`Ic8%sd55mhj<QGLaKLJHAmVVOY;|PhaN=ln65w!_XmwWL
za1m+M{d)R45j9}Q;pX<-M<65U`796ZhPmA0vHk?|cY}?5mM4?uxM%miZrSkXXldY(
zkAD{Y2=cw=@Oy6c`{MA2ZSzOr48Up&AmR+9Yzt)M4B}`D65tG$XbV>03{h(f(c=sS
z%e)AdKclQYcbL0no;~v;_J*gu@IpXDl)Z$TaYnVaMfGq-kF-TkbH*&U#caEWNPKtq
zY@3W3r#$0`fD(*A@n=PP<^2f(vD22w$d$y=o+QAPEWs5;iXC|Bmhv?aYQ!3ckXyTP
zATT<>|FbtD?j-@LmpA^EX>7n3(C*v#npVq|-RhCu)1JM|m9yQRb^Mxr-kx*Mm3z&V
z|Ll?f)t-;VT|m^4NBNdd+fl&EUC78?%;8xq&{3?$U82`fWcF5U)luTaU24Z&{>%k2
zt|x0wC!^k8LD|lG;_hzeQT)P*1^LR0-y4C}EBh0IKe^p+Su_wdDDct|a{mUdC4%sW
z;t9p;te0tTVB~4!=xoG$DOVD$Xr&I!eX9-1Yog>z?Su+DCU)y|3;%-3Ao5Q)6RRP8
ztwHNd0eA&adet>{c9y*-LwR*wy8#7wx{o`%uf0N`c3iO!3UMo&-@Q^7lbRbneL6d2
zcUpNMUfZSzAbxwK=e2b)z5r!jhQ8c}MP6j9y!`EWd&0U#<9Np;-bH1-7*TjzI<Z@=
zyi)aA`$5occtdGLToB=0iBJ%bqfkSgTy@7>a#ioL<sKs-=vi1kAez?*O6Tl=$2_Qg
z7NN6__46A(u!9j;G#||S(y^$=w~PXuLGxM;<Le6YDGPfm%LA^Jf%(?GI@XIm*K2(?
zTKP7Xfg5(*efMG&S$1fZUDeb>6}8+Z7w!|RT?1%>321_)<~&39Ze5go^C+DMGW-W>
z-OFBG`;DDI+RsBQzGJVh!`9AYqwd-;{sS}cK^piliTAv<`~3NRTm*U?t!X^$R!IFF
zRO>bY;tikw5cu8eO3U9)6q0V|I|SfAaqGUL6j-$a9~AkXDDl^lcHSfS_yK(9NPSlE
zz8<ao?qEO9!+Kug{5nSldfwmp#6wz+`6|D4w~+FJF1x2%#^S!9)RNn$XnoZVc+cDf
z?qvi7Ki=JTdV2$5evyz-*%t_gA>;9Duh{SPMWUdw@P>mEjD!O*IV_XmP)Yw!0O&Fo
z&BcNyGj>$Dl4VPmFJZ=%Ig@5hn>TUh)VcHJfq3}b0TmjQC;|XJ@c|erRH-|o41Wd%
z06;2Lpilo@jduWFJEI@Lh7~)OY+18s(WX_qmTg<NUE#KiJ6CR9x_9m7g^TZi+<)@+
z4cJFu9)N#F3H$?4_%FnR@-8YQNl>0a$OSJ;K1niTWy&HcFU*XR^a0PNMLVo4aJ5I#
zuQ!9<d^+>!$($RrR=rzy@7%vz2j>lZxNzUbi61Y%TzT{4&yh!G4t=_G=hmrTufAP-
z_w2xZ%AGnMfZeb0+LfoP9&7ld>cz7+EKe?itwF!K)xV#A{(t}f_aka40SO$?zyc8j
zYAc`w5^R8Z2ouOK!U!;|B(NMqNivZP`bZ-WBf^lQuw?VlwGVMK(WMYK64A95RV0x_
z6nU!A#v5_WQO6y5>~Y1Y$eU`Y^WF<mNT)1BD#4;G)QT&wjsj51DXFZ|N`mmpQm-ww
zoQp5N{s|0104Q7xLdJYd3CD=iY|}9};fzzxIq9r(NB6j_?<n-TY>&@8@xiLT`vQ&f
z%0m%NRM7*LJkZfbmt4@D2FFxv9(NX-iZBavobk?(?CccOP)RM-)KgL2=>P;+ZPis*
zk9t+sR+F4{)+U`=5Xwb)?bX+}01dWFVZX%ZufYKRXbm66D%+I1@34#ZS!una7TRgC
ztv1_hwe6PMZ><e?TXDT57u<2tEjL}@jBMB4cc+pN-XQ-Pl+i+e%~#)j34-*|fBkhw
z(gryd2+dRxPFUfE8E)9&hi!DStNi$_*y1aP%~)72i-p+Zk3kMu<dI3n(O&!vy;$Xy
z`3o4}ml2c{=9yitndX~q&Kc*Ob?%wxpM4G*=%Ix!n&_jAP8#W@m0r@mCn;uG>Z#Gv
z*y@e<>MKxNx$fHQufYym?6Ju%+w8N^PFwA@*>2nIx8aUk?z!nUTkEG$rdsd4#cCR7
zNsXFU@WBZ$-0;H@Ph9cE8E@S2$03hg^2z=wuiWy>F^3m$U8CmPbE&Tmo!Gm}bEh5C
zQ9oVv)LCEM_10m3UG~^%pWXJ_alc*n+<D*K_uhg3UHIUMAKv)lkw0Gf<e6XI`R1X2
ze)(eY#`p8<S@t_;z^Q5n9(YXuK78=KCtv*X$4?*q_0MnL{P)#&KYsYxr(gd1=g%Mi
z{qOJJ{{QvozW@S|e*_d@0SA~s1TOG^4K&~b73jbSLXd$JlwbuXm_ZC~@O+ztTFS5&
z!hMO3gd8KC^rDwS6s}N(Eo9*fT^K_c&QOLmq~Q&1n8W8$k5HWx;SYPIJ(_V39^Nxz
z5s`RAB_@%HOLSrrq4-28Mv;nBwEkihv3Nx-W|50q^kNsm_(d^>k&I(BV;RwSMm469
zjcasc8{6o?iGdJ^bxc$V@n{$7l@5n})Zrif7)U@4Qjmot<RJ~2NJO%ZhxhWK9U)mI
zA=Zq08ob~oEtpA5YLbJT#N;MH*~w6TQk116<taUx%2BG)l&nPMDitWlT}6_XR?6co
z_ozr+E^?Q><mE4Y8BAafQ<#2iWZr6-OeswgW<-4BGvNqLX-1Qp)3jzav3X5xW|N!S
z^kz4~sYY2oQkmss%Pp~HLOm6enC)ceJKY&ic+OLv_59s2t!GYswuPAit7I!-2~dH)
za-gm>Xg~>?(1R8fp$k=L{zD<kP>DWtedDC#J~3JrbmB3WE!2lQJ{nSxj#Q*29VtCg
zYEPA>l%*?mX-n^Uw;o<JqcsIfKLO@UIO+o)JoRZ$f%;RS29>DaG-^1JdQ_z*m8na0
zYEz;5RBKw)rd1uwM$_q~6Ee@F`ta&V31AO<5Fo5%?J7x6`ck#RbggY=>s#F#Lwu6c
zsu{&8r2hFypMtcfrn3h;#7b7d4%Qxg4QXHZI#Gu%Hlh@DEMpbhSjawBvXzbOWhq-x
zuH@>2b@l9%uo}9K9`CIBu!lYd+Yi;Mb^wGeZCc?P+qlY>wzIV@TjxsC&+7B8kJ9NE
zhx*gO5}+R+xyL>J`r(hV5`d_|jp}oy3SH?&m%7unZgsJnRI2W_s-exQTt*AL*Dja1
zK9R?H<Drk_mbD!Oc<o1*XCy%e$#mqoZR(7~I`SNEzxS=}fBjp}+;X?7y^Yjnjbh2e
zE?6J!CF=kVP!9qe7sCCJa9QEuUc_z~z88d7WsL;B{brWL@G75uH%J~5PnN}&U9pQ>
zjM*69Z@UD}sCPxX)!~hIun?B;api&B3k&viuQlGhaM-T;j_1DfLS27{2ju_*n95UL
z<bZ8#SEdaS!2m#GaNRrH0o-HALALN<+w0t)dND{x98Wk^oLy)JDT(8GW}L5^XF2Pc
z&wKV}jkEr&PaJ18yuT~$aO*Ju_3|UR{!ni{luK576dA21{hgFm$Hyh37{5$T&s0|D
zu1tIS$#&-Sr>9bCP^-E;cJ8#Rb$99~vwGC2rf;ZSP3qU(`qfm?b$+WHY%9wa%Yo+Y
zmMPig4DOZL!|jK9{o!b@>I2frC6i#8&EW{Dc!2IoAH2xtF7b_6#P2d6w^8loaJOsR
z?J6LO{Ri)Po$tfz6Zg5<jj4OXnBOw)_lx}<@B;$c*vcHV)e6nKLkqSa#|_JIp?z%v
zq`A^)^_{F`SMN=WTHo^BIIERh>+W@2(;PQ3?Jx~HC?gr<z}~pa({10A3!CP{c4@H-
zuKr8|ALzGSRC9&}JLUtdcC`Z-K(r-3@#YqlizAj|o8duc?>QaM>1N`Hr5<%VBa!NF
zHe%Ja?)9*jCyHQqBA&axb*oQZ?NDF)*p&!&FZ;RAb*KB?(@5}~)AHb0OZe{2D&~7U
z9OBj{vU@8o(u?a_<*+8X$Y~vU$fvv4l|P-7F@0)`OCII0);y_K4tmFjKGnERdCgI8
zb9mx>@3h=`%#@A6Y#$cr1Q0sWS$lMUBz^XV-S(UHr{Z-_rQM+Z9=yl??X9DG?D!`B
z#_9cL=bL+e$gjSqn;$-O3;*%QcQV_be_~MsocuF3|G&>KaQf-J^>*xg#{Q1G{)Iny
z@WwsvJtBU1Blm9erZ2hYMQ_zE&+#a)06%W>9*^^4F60_d06R|rKd<x>&;SJo0Y$FO
zR4)TlkDXYr{p{%V2Bhb<2+YW;y>5@_j869epdR#rA6#(h)~t)nF6xS?>d>z3#P03D
zkL;Wd?zj#IiSO%jaO}qKiF)wsgfIwwa0ioc?v_w+e$e>NF6;2F3hnL+tx$>B&jWwx
z{YGb<h=<2)um0>0|E#SZREr<JYX5eJ*HCQ$Jq-gXaP$Ze#pEyoM-KDqknujPcI2?*
zB#+a0jr8)60QJoRF-5-&aRW855e=yWx$uWTkU;Xvf)>p8$m-dqZ4<rzsvqP50P+Fb
zv@NkD==+Ee>dMXdl280fulUIB6zNR+z-{={ZG7e}_)N_ET5;ZJ(G}6h6qyeer4Rjx
zQT>Xs{Em^8wlEU0#|yh8{%+^cJ}MLCA=<1F(&|A|unqCfiof2)|1vKC|IY#E@Ld#<
z<KR%!F3=5QN8<<)<|a_qW=<ZxjS=n95f2FxnGt&?aVSL4=U`C7hHD@P5(b%0j6!UQ
z<m>8y&<S;L32X4pju7r_a0uNjA)C(aB2o$W%j|AY3hQhknUEnTG7GWrBu&!KmT@0F
z#~A?y8s#tXMry2RlDy1HCKV4K9grQVtpD)w9)a>FVMiZX(sTa$ktiy0*+x;@yyp^o
zj}+6d{AMv35h@s|(ipK48M87fxze&$vMBY&C9?!34GkyFvKxgm9X*cbd@?BAGA;3u
zD8W*1j#5Fo44Zx~FAowWt4Z8al8j1{FaL5d1+y@X>MQ3GbiOOJ$PzB!@-ZDVG9lBK
z<T5d(rY;30_Ox;{yK*b9k~2TEGeOfcNpmzQ3NbBHWyDgQ3S}}S^EF*FHeqv+Dl;`z
z1~dPWFm=-~d2=^?vp0crFj3PsD`qwCqA_JNIcHNjnR7WANv0f0w}|sLk*%3DQ#7$N
zG_|udvy(fw(=@viJiQXZI7d3C(_)NMFObtYo3lOH^Zq^GvNq3iUvTp-fAc<rGe7Zj
zKlQUe|BO64Yd)zaJ+%r9-Sa@<GeHsb9_3R&f2BUJqI<;CJ1KNREi^na^gA=OLN}Dg
z0CbKVbZQ7xk915yO>{v|G)1edK|_>RAQVabGe-GyMrE`{Y4k>mXgFJRQARXt3{*vd
z6h(zJNL7kOcQjF6G{HDjLz#3*o%BMR6iT18Ll;U%j}%dQ6ue4wNV$|qyYx%*5jv6S
zN-HKw9nwb86i3xGP1$r!rOHal)Rq==PLFd-z4T7OG*9ugg^V;#C8;|7={lp7N(Z%2
zr_@lTG*JoFN#WE_rzA`9VLkP9QumZnEj1{_{xqK)^+5qOr|h#$LDfw|byP*QRLiJQ
zH}yXtRZ=UpRWJ2biL_5s^*_uMQ5RKFZ8cX9bysnfS7QuSXO%xz)lOlxSY7p4yHr+#
zwPiXLuRhgOp_NpnHCm}PO@Vb;fu%=T)mXU|S-ll9l@(jvqE>xXS9|qbZ#7-bRb9)q
zl&)1=*J4<Iv|H)*TkTag!xdiF!c3z{3BL&>r*K;R^#{MmBB%9Wt2JS}>0R};YUuP~
zeY7=O=MQIx9QkkL77uqU7KS!<kTzBV+fW^g=MM)_WG}5P?=@v{D^uyJVQIBleM?aL
zknP^B7BMLN6pHv*OlOO+74fZtc(#-Nc=q|iuk?KO_rwof*L7*zbwU}|Wi<+7AvWP4
zun<M>0>P2wFc##NtZT294!^d0DE1CdPisr<4Y_sz(ROCd)^#wjWZ712yOwQNtz+eO
zW+l*WRd#PvDqo@2Eci9<09NaSFd_|?W(n7D2N!WaEpfdr2$zos$*yr@j&jS+Avtn#
z3HER!H(=k;aV58K1$T2PS0g|7BG1%vJvVVjS7BWjVXy0H|5hyIRbt&X^v?DWbr)~9
zHf}p@V#T%)@78FAcXt7?V*hW{fH!xmw&jL5c<0u5pO<+}_T{qnZW~W|O^<K67q0wv
zcE^HT?<aEUOzU)!+i<qr>_`3;Wf5`B_kHy(741+$<+px<b{Ah!7Rz^Ny)1s`7Jm_!
z-QI_P*KKa&Eq#yoXxRtU6xjQewrSb*fqPYU!S^F-*C=+4kBB#Wr8j!DcX@9&dh1q$
zp*Mpw&SH0xgh5ylwKs1|r+Il-V^vsgI~Imr7<*56cW=0RdAM&`);ueiEdn<rH&+TF
zckVKmafxqnS$By;mvf!a_>35dQ}=L*SaeyJbdR`*CwGej_=#25il^9$TNiXicVMSb
zbI15~*%)@6ih_gqf=!lW1(Afo)`fewZHc#zKNxP)7I^KrhWS{8-<E9u7}u`1gR%CH
z8E|_Oxn3bzt-d#iKmI~|Blu?}_>!46lQ&tDA-Lb*xPs-lC-XRxO}U4?b&@IhUXC(1
zd6S9TIF{XbmStI~LK%EV8I@0Ymvvc^e|VK&wv}a;lRvqbiTRj48JRmdpl*3~bD5W+
zxtF7v1AiHq`(ub}nU=LVo4I+LtEid(_L-%5oTr(b!}Me{)tbi@W)Cbvm)V$;IiBBH
znc;b!2?(5_R-DUupUs({X-JhR8JoSin+bZL4VsPd*=6;)pBdVp8=83lI*2XVo+-MX
zEt;M&TAtfAp&NFg9r~jm8l-n8qAOUS3;LuFI;By1MmbtvJvyXeTBKtdbx0a~C;Fl_
zI-@IEr*V3x{=2iK;q|3udZ=gGp=)|}O<JXudZm}TseKcu#Z{<_da8*!nveQ#Z<?pI
zI;XkXr@gwT0}iUORjR9+s?9o*uNrETTB^RLFP!?VnL4fqTCA6qtOqG@+~q#Xdauv=
zzS7!dvzjaEYAe7Rlk#_>=+_nx)n>=7ff9Qw4|}UE>9PBVvb*}S=sH;KT96)TPZ-5^
z#+DBg5v8g(kV?*l)DaK;FxEhuok}@*Kvs9zktd}$w)41bFK^Z|E!67kQvbSP*BZKf
zXexZdt&OnGkdW&b(h95is4#cV{8f!>(9Ni*xt064<xF$m2w)+Xx|93q&Xl_q61k!1
zxvzWvx@l0ZohY+sb+eI2Z&&9l3}rlud$o1Dv=i~QS8i?Nu@5o!g^xD@tyY8io40fO
zz+X7m0z8A^`?Pm^w0pZ9*EYdF_Q5F-zmOLK`J1*cT(r~U!+RUR4IIKN7Q%fE!yP<#
zQvAdbe8WAjz+dyX^);|Z$tvqdzK?>wi<^Jwmk0Al-6C7W=uLg=OUT2G$kXH83|K;Y
zeCiZCaih+DPi)GgPWx=J78#p<`WJt)+{%;O%jKtNjT}=dyU5Ml$-f-U<IR12oXP<R
z$gw=ktK7+f+}@5n_@eyy(!9!TcFWg%$cy|HpE%E(9Lj_It2^jJq2wLl;T;^k(I5WZ
z(HULRA$`&#{n9Nx(<^<`DZSG%ozp+v(=}bxL4DLi{nSl8)k}TVNxjukoz-7m(zo?u
zV|#XRT*vFXwIdwFcTKk^*1#Qnj@|aaNu0p%8`wvD*jtU)jh)ze9p&u1*Aej6g5AP@
zJ;j;b*`fW}#WvX`yx21?x4WIhO?(kYd)ZCg*I(P)L7c^#{oIk=*IhHWB)#74{oe6C
z-}Qap`Mux${oesT;01o*3BKU(-Id)4jiV?(aDB(CTkX=jiQJ7Omyf)wIK0vO!_V8i
zIi9@7+si<H<2^p&1sCGSyNoq{>Z;q~&s!n28zYezyemGr&D-T4*SoK7y8d}E<9YtO
zSw7}7zKgX;yJ;|rBc9`-uI6dkq9(o3oxbUz{^_MY>ZyL}t-k89{_3?p>$!gGy}s+g
z{_Dj)?8$!WXPt&9288tb+p}F`*&f4>{nuGo-rs%PTU_2z{KK0a+l3wPhaK*dy|k-+
z*RP%3b2r@M{_eHi*+rc2E!^0*_O?|{-5Hs8dKcaG-rDUR@W~xqf7swbKlDX^^hv+;
zO<&-Xaw`Yht=IR-^L)(R{M!J%&tboRv;2OQT+Ipn$qQY}?_AA$pUmNh_J17E?HtU9
zfA$-@_0!zXd%Vkazs>c0&Y|4(g+G70JkE_A`<MUBjepB+zkQh8{`zCT{GFfo(ZBp9
zdw-Z7)>Ylr-#^ynKmO_8{p}zA?|=UDzy9&R{~i780m5B7fdmH{EQs*nK?L#eHGJsM
z;emt&0VuR65P(Ji6ges+xDjJJk?uT}+-Q(w%7Y<I4%GM(B+85|DaO1>Qzp)lA76&F
z+0tjolpAek9GcT-PmxTEUhFB;DM^z>T~<WuQf1PLLNy{p`qAo5l~ZRf4f~ZV$f!(f
zLVar#uH3kE=R(DIpdCJj6ZZmm2RN|c!GsGNK8!fA;>C;`JAMo~vgE+=4&ZZ#006vp
zn>%y<>^U^((V|O_K7cy4>eQrLn||#&HtgA-Eqb;sJ2&nA-MV}8{_Q(BaM8Gj3qNi=
zIr8Q3G&6s$JUaC0l`r$f*Dmurc-y;k|L#3J`0?V)lRs}hJ^J<P+p~Y~K0f^U^6PWQ
zt2eXVy8QS1?+@UA0<Ps&fCdhT;DHJz$RL3WKG<M{5Gp9vgc4q8VTSnaRhc_}O$K6!
zB92I6i6%Z)9cCWE1CKx~y4WITF}^4xj5gMYBaJ%F$m5MW`q*QRLH;NtkVbO0VvL#{
zNo12lKFK7MMNa8tlvYwHWtB)?sb!a0e#s@6Scb`Dl4OpFrk7``nWmUDrg&X;e{lyG
zo!!+Ln4Nm&$tRwE-U;ZQe+n9CpM?%;D4~ib$|(M#jvfl>qK`@n>4y4ch+(FfZmMag
zoPO$QsGyE2YN@22YU+TNcKG3muD%Lutg?m(r*qQXIvuXM=F01?zV-_2ufhgP?6Afb
zi|nzc!C9T0_B~5qw9rl~ZMD>1Yi+jOS*lg4sDA5hxZsW}Zn@;1Yi_#eD!6K2+RX}Y
zyz<UlVy$bsiSNDowz)5x{^rYX!2k9O@W28Wj4;6pAH1-^4kyfT#LQaeETtAV8Y#vX
zPpWap9DkfK$Qy@D^2pq(i}JcDudH&*EWhk>%rGa|u7~f^i*wF8@BB`!$|l=eanspm
zE6_h5ZFJH|FRgUbOh4`PXcJ?nowinEi~jZ1T4&Am*65uq^S4%22p3gh&wO^;Xs@ky
z+bP%FD$jDyP4|fQM*MKYQZ6Z@ZDR7>oZf=t4RPLt4{mtkg)fdc<A*=4_~27l>~YDJ
zkBs@{nv1--<(z-+IiO&t%#l+^c@+~(7NL%MNvC`CQ&%j-z7^ZHyN&zpy64XOM{wU<
zcksdwZ<x<f6KAV)#VMaW(L`^Co6yVOh9vdYACEoM+Go%G_TG07K5vs(-F5k1n~(na
z>SH~6%USJ&(fdio?;!kcO_kQ}`uEQN{{Hv>t>68Hcmyn9@a`75fB_D6Ey>7?Rs=x@
zO0aJ=YRQr`qa+^rt#KTLoZ}J*{=yH6u!A8a;Rrow!Xu4uPMymf=v){&7|O7PG<;#_
z+NUo0RY-n3$%)wt)WfIL&vpMRA^?qu#3L#ZE&?>56Q7tf<9%;>Jn4+`K$AQxLa#QX
zq2d;sV@2tOZ;an7BN@+V#x$ZaI4ew_8`lTNH_9=NI9yi)iPAbAwuOjCxe8lmS30#M
zaga+aBq0x(wkASxk&J{D0#B$Vz(MkZW<sGQOL)mirZAJ6#H1%R$;nV^sf{zVp($fn
zLsXu!l&Wl{o$6>Vvhhxqh^(a{Z)wY1PDqiB?4>V3Bt`BCO^vT98Zp;+%w!^SnaXS?
zuShw^XvT4x(yZp!^5Pf%U1}4T+}x%&yU9CV{&Jk;RLmng3Cd5RbDg40r#soH&UV7{
zo${2JWiZn$@~twJtn4R0|GCeAh7OkC{H8$*iqL~9beGuVi_HdD&WK7>Fv0vD0xpWt
zj9xS^&g>{NKkCttf^?+cgC;dkYR#0Q6r}_;S7t1@kq#|%rU|VnO>b%-aZYrn<2+|Q
zca)jcsHQSMrDr^=guxBU6N5lf>QRmQH>kR(l24uIRJlY|sZI%+0`+HC0qRPydNr(n
zYU#OxDpUX*K&C*s<4o@Ox^4+Ff3M>YEm0-c{m?S6bh#@aTQ?H8!gXzYEtgycOV^$B
z)hICWBM|?{*!uqAFNoo6D64?S)66!qqTEBPYBaJ|j=IK}T>N77s#sdmY@{?WF)bKl
zgA(tN7C6JiqH=0$8ZXY)n6nLEZ?(7E&|L9)u7z!DTcZ)-icz@4wQXu&`^Dd$(WEM^
z?n<qT-D~Ejun%hNT!N}r)NCZQaXGAH6)P951k!$seGBaZo5zzVg(ha9pX})C-S<Ma
zbgN5UeD8~v`<=zE^@Z<WSK<{No`foIg)C3Zk`UVQH!EP7>to-?UG%QSY#4s5dkeH)
zBCgK63vLU9O{G)Ks@RD>O<YL61YWg{H?&mBs^2!4RDLmaOC!nPRk7q$AM<#DeGIGw
zlY3+q1^(H26jXAJVU*k!C6%c;4qTHph@%VsXva-T5|f>5WiYq4ITchgm0z@DE&CYB
zJuXv`txV(`**MD&EQyzb?7$nhc}r>jl2ZAm89g^g&|XH8ph3x1vMPG4j25e-zY03D
zGDyEriSdld>)s0gaDEjYFitkz!@=?~z=^dlA7LlpQ4?sgsum)96-?P3=Ffs`A=_kc
z?P(vLcPpq~wTC18Y75u8*8e@Ver1VjQ*YX@t)^eEW6kSmdn?5&uJ-UayQ}2(2CbK-
zaWQjSo1uXF+u;t17h#KT;y5>Yr7ha?P#YBJ!do`(UbnpmE$%MrTi)bWuDI*X@6&2=
z{@w$Z_q(Ip+%T>dwXZ!lxtB}u+~Br~fi^9>i#u-HW-*KHjyJ%QM&0X*Ji8<xxpuP|
zHqVAPHEhi_i0xWlsDPTg$nJ<*mMv}j;@Uxb1)`}#T|1knI=wE>dC^I%$Dxb(*Ra<0
zO6u}+W1FsQk^S_rHB4#*Yu)I;9-^qIZSAnnt;JCFtWb&C<)&U4%5*jomxUZ>C*gU|
zaIW*70WD=3shMbO4>Os;JfuRS8Sr-gyWp`r_`LUs%TyJ-<NIDo)Diy7Yu3BsCusQ}
z#~IL#w^5ZVZ+E#*3GYb`{o(tLcp>|p?@c~^C==aiNH6-)vzLABMc2>_e~Tgh5rN1<
zCi3A3H`dmjzRHP5P3f;BAHEbW_78*N^b$WC`N;lx{3PsP<xic~U8#P4L0sUjcVGFR
z4nNkRuSeC%9Q#VAY*>;nYxkFh#I7D952e0GtbYpZV()(x@0l5DBvb=PQY0l^Q&fQ2
zwr>f@fVy&k4fq)$S8@|*auirTl4esGC?L8QOBz^pUgv>?#B4^yfBt8J@j`Z1Ra7ci
zRd2_Ff2UO~xFd5{RV!$N4wF?ccqXt%d$;F<JqU!hS2-AnQ$-kpM`(mecrGP)f=%d1
z0Qi6+C4~?;g;hv}S7?Q1B!Lykg%;R_ER}moD27N#hGS@kqr!wvsD}Ra0);wwgE0t)
zZdikJ7>92thjmDYDg=P}#6m*ohqVWYKlq0*M1*B%h-Zk1hp33EVp;A2QELc^uYzq@
zxPZ8FaFm#Zn5c=F$cfmqg<c4XUl@w%QHY2%HU<J}i>Qi;$ci<UhLH%1kdcCRXi1Vp
zgFzB^c&Lka$cwa?hrYOrz$g$rIEX<Qh{h<0$5>Wj7&8-Qd>qzatn++QVLF=jUL3fJ
z+1QHPh&!(si{H2ylgKpM)^O|AJcf2!7x!EM_i-4viSO8n@d%IeNE@FhiuX8*_$V!<
zI4VsCbWayV%2sMhcZ%F-klKil`{Rw^$dJX;hP1eOZe@C!r~Y~{D1B;%c@`;*8~KYJ
z8H^s;iy*m?#HfrVnT#iijI_s(p5l+Y7LZowbGcTK2}zR&X_JZ6h!53}J1L7$Xhu{7
zl+FcR!^Ln6$BtoCiS($H^2n4+`HuFOk5Q?Q6S$I}GFa?4KTk(tj#XlSgnTy%mNhAs
zZ<CW85)WsImT9S$Ysr>v>6UK^mvJeVb4izVX_t42mwB0%5BZCd6q2F$k%9S_gUOMC
zS(t?RCVNOR1IU<->6niRnUN`(lS!GCX_=RanVGp7RjDZ>m^PjnmZ3S8quC&E;~}Sc
z8L5eytErl;$(pa}nz0F+vniXkNt?H6o4JXbyQ!PK{>hua>6+r$G!xfMQRtLSiJZr&
zoXRvg*x{Ud0iDk&ozY31(`lX6iJjM}o!QBq+v%O%37+36p5aNJ<7uAN$(f|7o}$T~
z>-iw7qEYcFpYutd^=Y5?iJ$qYpZm$5{pp|o*`Kp0k^^d(1d5miil7IoptM*kFy){R
z3ZW4yp%Y4>6>6auilG^*p&RO;>Diti>YgBaliZ@2C2FE4ilQm1qAMzy!pSuEDO$-X
zqsvL7GisyAQY$Q~qdUr@J?f(+>Y<zRQV!a3A!?)|dZf2RqCd){P3ojinxX>gPG+|n
zXqPZ9xORtWgMNuZSjwdX+IeGwr8W4a3Hnq1IVfifnxjz4rfuq`Z;Bd0iXl`gUYOQa
z(Dxsnd6j~-d@_TLnZjxpqF#X2r|u_yhe|r#g_Vk>r;J4wGkIVicz@HUkhuq^mx`&G
zs-iC1G;|7DXeV*cL7bJyam*!@Xk?ti(vHxva0R!H{We;#ih#+%Tg3%&un}9x#ap*3
za7F2==XQxAwWgX%ti@`qjwz>(x*y<`8sk-@GM5(W=Q`DxeHRvVhPr;=2Vr0_VqZC}
zdDLJ4He%)llh-$V3+AZwcc}4qt@yP^#rKkR#a{2Htw^_g_X@2sse3iYVO$ZYF~@VK
z=B|<YVCp(;mU^rStFXl?rEBtHQ4;=R2QXt+dL*_;c~Mq)tVeiRijifOC5}gEkauVq
zOL>J?dPhcjZFhH<mu3+JWKY&N;%1R!I%XQ1gP(_ElNU)+MtXhbW@#!Ue^zH>ntC@9
zXcR<bKKrtn*JFehvaL6=^)##tOSM%CrOCP!Q)d*G23n}`tU|YIu=cNv8dnUawE($v
zzJ{m*36MKC7QgmjahsJc`GGPiND>x1Zkt#A<&sgCuWs9Fh<bGwiF4xzw@b&i0y`IC
z;cRpJwrZ<?Ux%<(OSzTHqnvtM#>s76>$NeOZm(*T(G_n=8LY9YS{`RT!F6w;+pCx8
zy0KburP_|YHM*=tTtpdgzy2z4zja*D(-H$Waj4sF31?`nN^iEBTBGWY2uGCasJy;f
zan)0*6eqmP3p7(}x!J3|nu)a&qH<LVeC-vsH`lJ#imif+t$>TR^EI!4JAJkmxA_;S
z-7>aw<&S$ibog7p?7Oa9r(yROd^0I(`3knnwy1SWUt0%l>3g`6yItE0!4X`U4ckt1
z%5ogFH%0q-8OviEtFxEqu|K9GkJoyTXSAnRvTf$GN;`vVm%_Oy!WucksK>#H=OZNS
zcb*4$IjbZ$n|UjYW?Txx9jtglYqCVFc0`i09UEq@=fN78iyCWqG%U4HD8W~Z#f;g#
z4Z?fA*L&ehbulS@{ycYlhFi9SORxEdf9uO@$EIxN7q~Fl#`CIufc1<`L8xbY$7pM?
z@_V*?<yPPqViy6gV@$U4S2pk`bYwxWf(xmv#;pyEhLfAcm3+mRn>3LLEYF*qyn3UZ
zT%*X8s#l1;mTbz|yTwWbn&1SfNt&og+90b;f|Pv9wM@AbY@md5iwlZWEu7209EU{9
z%Vs*mT533@Y|F`<u&E5ouI$XsOjAp$%+s8(nEc71e9hU6&D(rT$V|=O45!Te%;OBr
z<a~tE49@8cr?^ba?L5ryY|QQ)&+sgg-mK2|%%tL6&iic6{9LIIjL!l6q}B|9oE$X0
zs?7<_%?qvm(8^)Y0u9kBs?TlH%8Ltv{@l+Qt%T?t(H*^_><rJgs6c>8&+-h+C5_Va
ztkMtd(Jg(M6RlV1ibv2`utg?f)CjKjx_ubU(;97v9PQFUjhO^JEaZs0%!8DJmX6QG
zx(LVA2HnsME!9zd%`7d{SB<R9_{!1ukB*zTbo{=F<<mV))~-m)SdG?@3DUJ_cib0u
zE}OEG_q#_d(kHFbc8%92t=B0%N>-fKe+`*14Rcxvw(;84k8HP+T-J*{)=C7_fDPFf
zY#pOq)T>*L1;=sf=vqgKj>JpVQw`dmUDbXa*`=Ktg1xxcNUd#4*hImV);P$2+SrUu
z+im{y*rxs0Yn?!48j@(5*L=O#cOBfnJ(8r2+mVgh;`=|cJloA(+q-ky$BorQO)OCD
zTcRD>*^S-WY}L};(#ieY&Mn^Iy&uu--9fF}!>!)H&ECS@-o$O!-F@B>4c_Bz-{gJY
z{9)en?a|adEHJ9w0lwV=PT<BN-~1iW^$iz83R7Q;-w&SOXSm-84$<kYHx}Hv?wv`y
zj5l)zk}fFBNc@Hz4&Upo;R$r$6t2z+zO^g&S$3MWC#J}@Bin+i*r@o702_QomqVOl
z$HV8wdQ5*m-VtRS;re~nD&F5dIYyqUR-kIT$$P3wU7WJz+01cV4mahhC9A>|EdIS4
zSet$2zN=hGX>bKTMk%i3-#pO<OA*W}UY`oa{d>NtlddMF(|GQ!&UjyDi|6F3xaR6?
zcHGElF>@ale(>tY#df}tysh_2t$HlCax1`#)vpR1$4CAj6Tar^Y~eMwS`aH^qaI!q
z3$$Y9c27*#JPUd#t9lG1!Z>VrQM<z>OvD%);$I3oukLm|Yr{Yr*Sj9WNnEqHE~aMo
z>w_0T8@#d=3xlgOv`ky#?=2;2-s#G$&xJ}5T)T1(?$rbgzmS`@^>^5JOOVnAY|+Tt
zbW6Z5_iA~YzlbizT^+{m3w3l%*u5seMxJbPoQe=W7o2|W-|XK(qq*VL{%ufxy1h%g
z7PRoO#o49`yr6sL6~C%l6uX#xySbHbx8d+wuDe57Ow#kaOU>~RpSqr1@*saj@8-$A
zN^zGRan?QHC1u<L578`MX)EXAFfM*--0s4*!1Vim^KS18obHpZ#sG}&;4bw3tG|cq
z=0kt(S!aEo_O4?6zX5B;%#GgykMqj>>57Bl-WGVM$HP?o>mAGXAdKw1ZtSZU_qYi6
za-ZxV%-hW_;%m>cX{YzAN3$ku>r}46AFRWDKeK#qv~cJ4F01M%ZsLhK*<s(&I{)Tg
z?0a)g?s&|uY0SqCM)YVbUu)d-bTz40U*wW5S*p)`OCS0H`NxU=EER$r$LJ^Yp)YEM
z9Dj^lt(uPH08RM<UGTr6$xZq4H9tl)kLJklQPv*(m2CNASkb;8#?){90|EBWZ^~mI
z`RNpS-Oty)4gQc%?d;_I+JD8-fBowZ@Xnn5=%2;Izx?yh{Pb`C!*c%c55el+{{7GX
z>Io3|4z$CE0Kfr+2^B76*wEoah!G`Dq*&47MT{9WI*fM!pF4x@+QEY-lBCI!BU7GK
ziPB|Dm@H+kr1^5D&6+WD-qeZHXHTF!h3+K!bEwgxL6aU;iqvUSs7$3UrTTQL)v8gm
zUe$`#Yge!=JAO2{(d=2YY1OV}YgQmZgY87lm0OqYUAz8y@$S{zm+xP{fdLN|T$u1-
z!-)|uR@|8JW5<ypPnKMn@@31JF>lta`E9|2ZAFhJUD`C;u^<7!8`+xmYuB-1&z4=A
zHUiwab>kjL+qZ4tzl8@UKHPY5<j0jKXTIEdbLh{dN2fmBdUfpAwP)wPoptK6r^Sya
zU!L^mxSTf|1km2S`;O{6%cnozetrD+_2=im-+zAq|8oqz(9ARNKm-$H2s{A3;%ch!
z8tN#lttxcTLX`lZ(5eP?((pkHk6Nv!5sm5)#0zoyFhmwp-0(#dVQf)G7h_~lK^$|`
z@w|aR6Y#MJ6*?%sz~0l4uJ@31FF?wU{IN*8I{u_j%65{35-=z6%JRv<sN}4@yV{e>
z$S|!eGcPcs-0M9q+ho#By$IZKPCDzfh(YhVYbQvA+B;xE;Z|$y!zx`9lu&pC&2!O_
z6xGu?M-lB#Ox6%}bhb-n%k;HPA7xHb?<gJgP(xt@HMaIJl@!!SJ!SM&S7ZI{MmuY@
z)m8$36!WmM3Uu$!1F%%H&^3|ti%pR<bT7(fldZBrDvyLVO?Qx$64^qV)$7{1I+V8A
zX}x52*JG>g)>yujCHGr$(Ixg-YNI_?TXnM}voABlP4``8#|-ma!Js`?UVGm(7|w&|
zlJi!E8^)2r8h3h+s$LKJ71*FoOtev_{z`1g<JGDSxyq72E_vjU6HWF+mQngp<Cj-l
z(d7(lR+-}rOZ1qhlvnaLrIa;xDb-|4K51v4i&h%vpplB%W|*5AF;$~UyjkU`VL~~n
z)nq2wBxqUcIbyPDG&@GLbE4H@w%Zmj*Zj;Btm2D-71mk21Kt<lg5Px)Z*J>yvTwqN
z)iPUt1vlL9a<>K8T*XCR(r<4g$Cq+<r9G^2z8BwH-owr1+{<gV{TFe_Qx800gj)x2
zVYg$KeJwm?eRjF<>c%+GWjP%#Rojew+0;gTyOh*QOD%rT<&#g8c;lb%+V|!QrJgn;
zYZJcT>otX5(M}Ux)kx}3t(49F=b2C6c}*v_zWVa5M_zqYwJ&~tLi4vBR{r<5eeKx=
zP=FVKo9pxvp#mX<NP9~h1085N$ZaWa-RfK33fH;Ep$Tz=gCOWMn89NC3xXdMAqV$W
z!EH&fgA?SO2u}yNzgf<NqzmB-S9h<}8IW~5ybtUK_(LFa#3QOHTiW=f5I{+cW+a(e
z)<h(>swvH6)tU*_mUgwMU2S7poSD{umNc9(@nbicB2cylHlIvUXF~be6=8-nG(v5O
zEbF2ek7maxjxmZ(+#?iUa>lRitYtQvQQC@FNJP2_fI(zr5DUn|xga1O_?ToRDM`s-
zT}g(Mlbq?sWkMHXONIXSlAFjvNiWYC&V#1Rp$a=Gt{1`!mVy%{vo2>rPL8llldIs8
zW|_TK-tvPu9Fr$OSV9tZQiscgq-1>9NN5VMcKv(KMEplh`$6xT+r(x!fnz>yhSQtl
z6lXcf`JEviF`Daa+asCz&V<nrp7U&G4e5E$dg4=`lX)gP{n;>xoh^|9J!Fl9_BDbg
z)Q}1ts7wyJP>42Eq6K9rMI&lawWTwG|KupHdX%1hhBTie6=_LHdQy|7lt2CKXiIlA
zO>@TdoHC{9Ol?|IoZeKYIpryA7U@!;;>evSC8|n|T2!PSRjElGDNBR;RPzM%q7|j;
zRINJEs$%u382;sIR=c`YuZ9(@V$mp6&5EF*E>*2eU29v}`c}7^)Tw8s>u6xQQ`YQ8
zuL$T(PyLG5zXletgB5IH2}_%w)>W}>N$U>TvpoPTFs^W=>|`xlS<EtXu8ZZYS){5}
zift5$y#ei4sZz&=K6Hzv6)S7U>RQ;ER<^C}YGONkTa7f<b?Q`LCeyXbl)AD_D8x^@
zp0zSh0uxQ7+tMg=nOW#w_OhGBZFMJdSDNy6cfqsNVUrWSYqkoTz~j{L=(j%ZqUw0q
zQ=WI-YgqWccR04SZha%7+szpFFWQyt;Xql+Pb$uIwFDFB^i|AVm2O?|YMkl-2QJC|
zg~0mt{uj4eXu-nt%UJ~jZgf2?-4845qoTEMi68RWB2Ek`{3WeT!dA5=lF^Su3*?Le
zd9yTOagKBJS``WTvN$qvja)m~7yr0gW#v)F8Ka`nqSiFpM)|d~owAf;3lsX9Sjz~(
zZ)O0z7Z%@bbTMRMnHe`hVy&)$$i$!vHQ2BJE>5^@&SB>?$GE{gH*x}7Gblq0Vn9=t
zx?3(Wb{R!p;;=Y4;7eb3+lM~!Zfd>nb2NI*>pby#Z+eWbUZvIByG(zt(eRUW^bof`
zPNP@8@n!X@UEPi>6S~A*HdvT7so@Tv8FRXpV7okcK{mVDSa6o1oP`;|R601=Xl8c)
zpJ|E8KSw*zOC7YVt&3tSE1Hci<71PDHe+xb8EIBT=#uT2#VqFJ#)HJ8xAiDRKYDR#
zAuA)49U9~|{`lQirt+1m{BM6_HP+U)F0I`p$xB+YlD<9my7WxJ1wXEqp+hjWih0V2
z3tN?cOE8%$eqmUK9J$8*GOvXlt%pxr+AD`=wF!P(L&wybul~)dT77ex<6P%C=Q(l)
z{_@)zoaOP1<<M1rbfYKTbuI_`VzCYIepC6NW8-(#p>FknM;+^0zxq^v-t@%^9qD6N
zdfCZ-b`LWh>~xKJ&)vRrxW8TQai{xxzrJ?5irwscM|<D-{`Y;V9q&+mde$Vje)z5%
kKJi>veB&Aac*JLvEF>O$XZ7xP%mZHYnddxx&=U{<I}NMn=>Px#

literal 0
HcmV?d00001

diff --git a/www/crypto_files/crypto_types.gif b/www/crypto_files/crypto_types.gif
new file mode 100644
index 0000000000000000000000000000000000000000..d43072b14391345fc99810be9221368eee065ffe
GIT binary patch
literal 11401
zcmeHrRZ|=c(=17Vgdhp-5Q4je;1=B7-Ccq#F2UX1b#ZrF2)4Mh*y1cM!JXwi@9#KY
zU-VQ>^;K8(RP{*7Nb>NSti8v4e~<7#TwGlI$82nW|C<*G#utD8xA{N(p9B9tIKcG3
z1pF@x2%q2xA3l*t*BA5!f5K+aAE_@K2>(hcn<L#&G!#wn!**??p?Em{n^+WyOk>Gt
zGM!qb{%9j`Je|#KEJvoPbTXUA^>}Txscbr5B=|F_Y;*Z+v9$Ah?X2dC`7-5V*<4u-
zDunmiC~P%jEmcc(#sg7;UO%fAtIXyr4aQq*pv4xGc}N$nwd-A;*T*#(fFspv>-*1S
z^6mB86&A0^($%;1yTb{Ta+aAHwSRjMY3w#mZ|h8_3giq)1rr+fX3Eu2V^OtRPGU>t
zJ~+N~ww`5HTjlpmW}BP_cKV=_D<%Q<Y6g>0UqB=mj(ao3VlP#<_P>t?2<Hv$@w)E+
zeF}h|_+uCX99JjCtKx<D*zS*EOTlq+onD&{SJz8qAVHA-RH_9{wm$UL%Gh?v0C_X;
zn)-n(5Q&41!u*JxtI#qP(~T_f!Qha>5H}059qwbn^DP9NSpGd?>XvpVDm>GgJcPLw
zc{kQ})~eWsa_3<Y0M;0$@DsvYA+#*pyUR@UXpu^fBPx=nN>&%b-ANGCd`xx!p43JG
zz_g{OQPz^p+{;k+BixTMxC`CS7Sxgc8f%b;a-gQoa<iA>aTf`-SDCXWaq%zp%E|TV
z)Hy6-rlu<@xL+A9*EZfLJ1oh-YugHTtvJdl$#i!o%P0u5trQb5EiEi_&3)1Y!kM2m
zDyy3Dnzwb3`}m+`Esa3N3J@|XW|SQZ_&BLQ42dy+l*=a}DMZM}zIjSjqc~wm6Ixw8
z!cfB4x^9cAkv;LBQetyX>a0V`q=TjFqKNOT`f~NA-1T;!QKeI~r|O^LqRPR)UPP$3
zeV+(G7Qglrcg{>>I$t$*8|oJ(_P#R{%iSRXdNA8Ceif7z^o`rrdGu1$hhvP>Z^EUI
zZ|C`Hf^!~L^6m^$eLa;jY4N9l>YC|h=K1}FYr8mY4X30$1?Xm8SqkR1psvO2Fr#Tz
zbGxYTadx|egU<F>+%%kdZkZ&VG;x)xkTePU)QFzA=9-U=y^gWHo&et<x>Ts&M0wYf
zxP^~dTeFQ!VVJOk#g37*8#=I#38PcnXon@6k=5;)*ln~O&^aq|9TG(PHyn8-8+IP=
z6bW&k;C7IC9oBm&ww$7F`zM?yU*-9n75B!rE_?4Pyj(^O)ZAT;{b1$2M#SuWzL+wT
zWxa{!X8n4#;xzqwGe=AQ=X&{zde40ptC3&bF@8Mn<4(4c-@{>m(cATTe6Ns{#Q?eA
zHEdw>?LA%Z71E3YSZoW9_p=4YtQ_z*zxjyqAoLz1A?Wi>{{0T^uV>uP!mmCBYjn$?
z_qG=ycx%QeKY4hbWY~hPT)&~6aQ`JNV)gl4U5H+@^p_ZKCJcU8Z1h!1nj61UIaGLo
z0?VjfOfu9iVl|oqBhXs>yP`_uSNR>RA6k8cSCdh?DLZ)A2Lnu8&Z=vw((hdfB&o<|
zV}9dMVtYt~IcP4_8~b;#R_=!A(p2Ik<jE2C2&CX%aq;yZcJb~Hr7$X;yuFJusAy$I
zWp%HTGA2rBxJO47y_1p>(5OkC+ogXzp(hqGQGKgOmnGX*NiCH(r##`2oe8{*i|3~z
z#^mUeti6hf@ug&vyB;+qy3QDpFXc$q>EC>Jofy}=$5KJS^Ma!Gdwimlt8H}BQ86h6
z$hpmgB%@%ci=9sX&WhrT_LSu!RxmziSryfatQVGQ6aYT>je&RhmpiyA5Ba)O<fH6N
zkmg+8iM$E3nvA$7d_Ff*%v!9YOj<)zJ^#J9b@^QRtgTRT>a1J2#5-xxi1*2XIBEyt
z10E_awW=leXjYQy$8wT+4Zts##_}q*>;oD&VUN|M%!FlXnNN|X+iO<z&STU0@VGQg
zT%hXu(L(4sj&CQY#+PJ1h2O|O0cc2uANivs&1c=p<bk#d5Ko1MTIMRpkSc|2KIt%#
z`4Y5=3jM0Ap@K1vYEdM5Lt*KfCYP4n2wY3L*`q{mhB?1ov=d|Ky;Sk%=mzxIQgh(3
zYO`g1<G?BQCwBfxHqF~I&fHC7D_sfUR<4=|Qg{_!?lC`SOIlQ>0fS7#Ck;9<S99T2
z4S^A{PUlX2tt;sG_=#`?_4}7rRtc)lk1Nxz^lpVrr)K~P#&sl)*3MI6V$@9(!9(Px
zE>KC8Df3*<)P_@fnc#slkZ~Y9>%`X;La)9lXMjD0-{HVy`}^R)a38~?CQ$yup-y_B
zJV=4A#qYwF7TW|Rf3gP8zsimwXWPxReZW`)J^YuwG#2;WKrmrLq)yikR@=i6TU<ko
zmHaLd^a0E>)ez?~u}k*+Ff4-6m=G=x`%e5gBCXh%ls*BY;eQ-ej%!RQliy>|dmPiA
zYD{aJ*kkc|95=>j${3d4=g5AXuvTn>XDv<ab9FsV{*G(PIgmf#gFa4qPBrD-PaFt6
zKTiL_XfF7ua41UrG!vnCGjI`HK5cyVoz$CJCuZ)DNzj`r9ekt7d^JWz0pKMu&?qZz
zJPMQ6HDnwgsh}`84#)ffX^(V^CqcK1k12=9k2lLPIM^CMJIz|sRy8|AIc+KIAToUb
zDl6b=BwguBwEvA`!Fm$%)5&rVUTa&B0jA>;6$E(KS{j(^pi;+B&~Y`_IVi~PUY5Ob
zF4@w+BkG`>{Y*PTW7+J`f@L@SO!2k>_&fi47N|G0b-1Y9FX!5Fk)p>iS<C$w6MpQ7
zExSYSHP^BUumuoz%}>YSjli$bo3)g(7wOV(T}6dlV!4_3irhOa5}1#a4ifhm|FsYC
zcweUvbRUd7HjjQ7b4|lupBEDDm{1V9R`BrMj&}AesayQ-mc<?(_WT@W>~Sjq2<}r3
zcP@mJxhfC59R8E+9KX+X$_@8BVb^&s0#03;<gcAtE_n_e7+m?C5dZTXzH3Fdbm}{J
zz3`LrU4BRImKaWQai=J-Njmi~EZ1}CF6G^?!s1n@M0Ra%G`GWQbQH^-doD5W3;Xr<
zI4@`SukMS$ewCx6eO1r7$EMHz^!kO*oBm$&lHduhlC!rMeBJG>{US8Kq&IzSbAJEz
zTB7$X=STPcy<+#737qu_%HQ+2s`YvaoPON<CUjiy1iHOl_XGauzS_|ezON9zZ0%k9
z*N+!4ldE)cPuY77`{;GX9q@!7aMb2M-xgp->(}_vA4L17L&_UDg81koK<dEX^MG@k
z<Il`Nz&5_`VcQ>E>42{U0UtgEOjrf_Ed{<U1+9b!(s}+VZ1sEd2x6xTBwM!Qq;+E`
z4@PYNy?5ZDCT2fi6-;X#%=#&$%gX<IM6jY2;9Gl;vUVU2kN--#ulz?hg$xgyg}_ZK
z*XdS!YY$Ietv_s@A<3Nn#O)z^)}fA`uFCi!SP>zD>aJ=JffiC6g=v99`wo)U;WsdV
zRU_bsc1YNvA3QJvK=v_AD?C84or9Ag(&N(~=cV8jo-n@=YjS+@nFDuw+Ay;RUs>y*
z@WZg&wlI~$Aa&~~6VFf=Yah3EXU~iv+vSL<{m498_jz{TAnPa)k4NsOpaAQzo=@(Z
z_mOe!eo7I6NuFUtWwtgCe?GT)orL*RYRB-jMd^QvvT2KD9f=+oi5ixU)g6vplm=KF
z`Xp!kDbx0#E{{WQ5AWFyk}i*hNQLTZ`(<gzm}^JrdxVc?MEB6eJM)CTlZoc$iQX)Y
z*2)N0wT{a=be_`=?)HqudyFfl3m){06sJo}e+WC^N#x;4y7-s~!jJB6k5m<lKN*St
zk`YPX0grMSafeI0UmONg(I+7t`G3qzsMAhNwNCUa4|#F-`ZnssMBp!Rlr$*m&k&iY
zyy7RZlF007kM8y7!(&R~Qd~E;9V8<OQ#<~Q&W^t#h=?wTiq1!E^v|bE#sj=KjK^5H
z$5_mfkQeC?1C&V3;XhlSQdlojkHgZE%iY~klI0JrSqVb|kBC3DrxSYl{;u%rv<f}r
zb`1&lrZ{w3=ZWsK@``(iZ^BQ7SVw-=iB=y?yEwE7kP3=j`W;f9mB`B`NtYoZ{rlcC
znVr!4Xe1Meg6%UBZ1ot8=H-v*<^LYVeZw=ynLgIYDqVglS|Z$)qs+}h8=&l&TOyMa
z0zb?m)ydV-&ZK!vcu$yX=#qGNpB>X4{Cg>WpfpG6KC8mhZ|*UgSt@TKGPJ)UXDTu-
zJ2QXVB*!8g0F$x#qJ@+6-VP}Xd%8WJCDJz1+Bq|=pw?Nr=ZFHelc+0#Atk8*6NPwo
z#O95ru<o5~fKB0dBHC6u){%DVy~U{gj-=@%JMWAltbXg1U&Y8SMMB#}^X%??x}l_f
z#afXpd-TQPPgLZl_K>jRFJaDngoH%xdAGDcJ~~ImN|G<DPWYA9`l~?0C!jG=sVQHn
zxo)YYcd7N5RaXbLx-77ZtHfrE#cr&0s})#@T;|NcvMcR)Ra(H7QRZS>mIbzh%Tkp8
zk)=qj$p65XpZC$tHr?w!Gh9z2LS`ve%-U^0CV%eHCp9bd93}e6t2}NtU@+aM_hV+r
zO7`BzN^-9V6;F2@l!VgH71x%Y9n!%BndKeymDE8I*Wn3^M}e*0S#c<-4Nt*S!-)Z7
z-V>bx%e29@%ULf6>D_z;)`wMmnQ4>d5mP*Ye|3{nBC1FTlGgBRN**fhJ%NzVcvRjs
z4$I{hylGVQY3kwCycLO?N3IT^!uO-<C}rwSR;x&}5`Ht3Ky`hBWok~flG|77zVX)U
z;Mct|RBaH|dt(BZy%VoI>kDMk@0S1Et=7YdYGF?~82k+r<@I<_DhghB@?At!`$_|a
zop+H}?Zi<!L0270cB8;^1EU@Ocde#*&kC}R)Ir^J1jan@YSO4}Rk)Y)j&^f0cby4J
zt*{<`^-*OgeRgz46+2xmCu#&-H;29~pzyxY;JGemv_8zcrRrTC7$sr}oNJVkQ^i$)
zI#TXf<}nLy%VcQdit;_?&3$(qTYS*EiJ7PUR1#q)_-~B(E3~~9Cuk*;Nc6ZV>6s=S
zT5#Q0(v{U=9n|0e#VdL)F7W9r&+e@3>a2!#);@RE6L&T8cQxyEwfc0mXLogWb#+6#
zdY-%f5_k9WcMs}ygMGS3vb)E+x+hSrk(3df!%Q=uyBAPF_V7EAdOgrID#CQOCF}#j
zTvy|&9B9oBWO)bLBJP4PG9oGWSh)-MQ*dn&_dsNO)`$^cP>_YBfC6PN15N28<JU*K
z9y6NWBgS9XC!HSzzM|^?h3ko+taYNt^g^q8O~JjB*nQRfeK@B*7y<|%V}vNWJ4y8W
z5Ya3N1VkvSJE`?S=3#w=&4x+*fA{VBS?&L_zw{dN^&s{Q;CBnL$@hBM_9C(O;GJ5q
zF)6+eYk#*kAn7}(m)0*EV-%~`C-E}KGGPIiQ-yO5ocZ)?pAP7>4ozvO%D)UDl7J-z
zz~5pF2>@WDiNCflgIbc{f1xU(-2+_RJ&XLq3wjoC)tKR>mfE{2(EZ7vtGtCCTCd~U
z(7WeBGT)&{5{q9if8X{-x@`yLocoii!6~N#a)okE@*^k2qbS?MIXUJ9-TfFPO7S^E
z7=dF-;9jB$&El8N#+QM%>c1T^{hrl5{x5yCIiTd~am$JEJl}y~roJKjiD3Eu(dvne
z?mm;3p7DtZZTrb-`N<XEp81#wyVJ>O;D8m;)U%!;%)WHLdeYUctG?TkW3Bs7&eWCu
z^queYL(cS5_w>u!H2h^6fpo?jSHRqi+a}nAFK5_Roh`+T_w%Hj$F&Li>&$B?Tf%iO
ziR82f$1LKR38n&nzbik^nF_@#H|3dp#|?azR>g#9or%D2j@H6}O<|7g73*kX?uP*@
ztDgy4?mWURFSUWXU5Sy(g4~0}LUbs|W5+?=S1wM%cy2*+0<b_v1yLhqI@3_vwa}0>
zfEX$$>VfokTU6Bzz?;FM^ALFxbXrF~2w}^wm7kLtFXJBadc13M%d->|>WgZ=;^uyf
z&$}b-&5Nfk#-kRxU7^cpmQo1F`u5DgFa<+dD*aU46|)rM_May4q~s|M8r`YO0U;~-
zf~y@15+6%dI&k&;0ZN_*WCF`Zq6^Cn=Bu4RDQ8Y~H4B~WR}!T&371<%FhFetqEA1m
z<D;f;3s8M-Ho~`7o_bxIF_0IA3u+ibbjs9q!*katL#2`|wdr!#!~NDpB%ri3DkaH=
z>=uTz8pbyG>*uc<7YapVw{kKLYx^Lb8u6h*+|8Hu&41`}9fC%^dn*Ga#;`METZ3QD
z%xmp{iT8`ETZzDH^bH1>mSqf-jam;kw+_C(O;)Sm1KipOHQr6x7R{aC@Pi=6K`og@
z=LXl&VQO{|twq5J==zev>yB=yI{mru@wzG@#ugpf4w~ZTY7G>AJ1^Cu!2wrkiG^`v
z?4h@AhqO=$o*Q2N+=2|Qi8ySE3T+)bC?2b8y1VS%-DnKQZVn6Xn@>T-{k0|Yv`qm!
z)HOQ46}Lt5_Eq8};dQQ?dAG1L`T5M61AP|Vlbv<5yggQ2(@hI$80pqo^<lc-ehP3!
z`}MF9{m2)1<dnNrX>nB8wbv)8I#RPr0YAbf<4;sD+Ckj!5npjfXRX3mbq(1@C^e{1
z*i!AG%bh&F-#vEYJn18wGn*WmyWZ80*{$|d6q=-h0tHbO4P2R}8%WRk$fjc&mkif;
z7~}T-IGmjrY!LaMHIN>J+(00PMlvk(pjf4|IIU%<6ms6tXZIsD#dBHeqkBhV2b`m2
ze_m_kZ4Jr`m0uS;mKVyw7m9@!KfxEWyBE^$E;(o}#l$WpOfFf&F8PZu->+Yiy<L7I
zzxpnGMP&rPq6xU7%fDjiy<*zDVtKn_BfsVlzUDN#<_fsx$-n07y%yNK7J9oDA-@q7
zz7aRNkqo$z&cDHA*-VL!8(L{op6&=`B+_7yNZ?_2dy2ss3vK$Can_L#Y}<*%-N}s^
zz4p+tT;7;Zh-JR%#50;9+gJ8&wq9&B$-&9C$oW2?qK>yQPM^Q5O(whTq1Zbf%iF8K
zRM^?&4YLg8j}f6yL)v{LxyOAQo|{oz>T`ouWo@GRt*-E649Zi*@SV?UijwX_JaI{R
zKyi^1c6yx)jG!8&J=+5{pKGO@x$TbF2XL1eo4;BSd{Uvy(;hIE->%diboi_<e5<ci
zwGJn&{;vUfKHtf8-C<-tw+z2zXXk}fRXwz|g^dSxMdbFy=d0z%OH(v*o-|NLR+bR7
zD0+D-+GWpIW_|0*vRcXocKV)Aw|UBVBVdYbi3A}aeB$(E6X_2|#^fXUl(;Pxii0W}
z(mrD%8brjcIWaO@ESiWTV_IF_usaq<&D=B5?($tOi;NOH_z4>(lf~lDqhJ2RLN15j
z3-0Ur!)7v?HkJ?Ml>$^sq^1R%XK9>h*2>qIO2~2o$Lo}f^N@(Jm}UxO6?AW-S}Io~
zXiiEs_?ww@Q$@2ksO@h4srO0e2Em}|4l3PdVnw+po)^=Z4qeFZYro5vYkfa_fU~@0
z)Ngbbur5;hteRSke(K<GJmort0b91+!MS=K>S5Vd*R`jFdoWP1PgI=WGmlMEZz_I1
zx*!LvD7!EooR`~lG6d|hW0^?vb{*J2-#tHbEqNNOn+#{3%DWr6bzo=hC4TmOuD&1V
zPM;R;b*HQsxzAfwENzJ(R&1ZaQ&;}cFjqX?_L$|(&=f|1rX)NzXQ$l#wsXb&x23j7
zq4QW0=G6a>1UA_?{!M>U992fXx~<J}4pVsQZ<CY6DeV0v8{r9btoI@6=2Bu8Ed)z;
zg2S$H^vIY*nei*DeoZfSAmTYIgW%1@*eBNRbNQc3FYFT6=Us|IsT1aK%$``6WVLdv
z>xH<=s&A)>lPtX7r@>n=Do#-%SF}V$5<+TLSsC;jSNUH{C2B*`D$j?4Xihlng9Mv9
z^@0i#ZjI`S_suiPawqDI^N5jSSc}Jakf|}G$HAL%k#sW+l`hp+_DQ8ci0TOSFMzAO
zA#LcQ+<v<+mfX8^!GsB&suwnGwM{Ax0V#?zT=hG9eZZm`>5Y4rd|xi!v;<NKmx20{
z*<!ovHgIu5;BDyV;>T-h_ciM;iX3bH2e;=xn6~EuWof!=i$;(^z5DGtn$~$fijFSs
z7F$Np@>F!@`Vv!ki^dn@6x<#ha}5i4#O`7%HFm4e5yK}12m&0WBN2xLdDIDsr_pT4
z__*s_i#Yy$)bQypnYq@~OOx*;X51H><G?YM*ADF$^72reL08hYaW)=AyIw!dT{K?i
z`cgSEKUsS+y9MvoCfWw6o7K$$SL>K5R+4Y^`{vzG9ut)uz6m2zVZ70i>*#EoNR}^p
zQqwxm$;w>=NdGkVcMN`tElid8x}kq~1qfv8b2lCU+tfKZ#x7G^Z#wn=dEJ{h4Ew4Z
ze-TqIt@!Toc)QJ8=X=VAU6v=JUo{MGB&4P0@j0#AbZ|V!FT;6(cS{NT-2zVX9&R_o
zja099r+fSw2Fi?HANlRLWv@`h*N(5aMc#j(^dDk0eh<fP7e*TUr})BOkU^BegAA?-
zNI8~y{JsoCai0l(h}=RJ<`Jb&toQ#SuJoX6Es93Qq#|dQ4=7RZTWOdHL)AA)a%>kP
zyJGu;fn)N8e!2bIeq7kB*feHnyZ8xxVx&@tDGrcFf<bdON^8&*uccjr#eFu~2+@pS
zh)0qmZ8pYA+>8j)F3Ht88|xHeMzY5v#kV*c=P_tTcH1r`bT=CxfN1^=iC0=w6cs>@
zLpJGeEx3z58%f1rdW)eWEvq>f&U3QW%NAL$<*ceHrAPHdV<V%Q<`Tq4Nl_$uH0u5C
z(tkG^_LbX4R(DY~AU<Yui_UT+J`gK?Gz!QX47ZUpEyZ-p%_5flvrs(q=qNSarT-%^
z6W=P1*}}($w9fit>N+X5yvq;081=_d$)rlr5zZve{83&f(YlO(6Gii3du;0{wbpP^
zYN2O$4qHAM&(!zIipO_ktu~4|HL7^a?m+qDmzY8aIm4{_pDoJ$^F>_t1nuU-q>JrG
zdR|SjWt_Auxq^}Ao`uVT%q@+*4HYG0DEeMR-tF6<F*Rb>=mwU~d0NG0y){|6CN|{R
zKO55dUw+sK5${zcPEC}lcBQRm=~9NYj+grREO9fAsns%E1Ssuc!A5XNi)>MK^iN<?
z!(tTaX)Wyb5Sm{Sl`IziwUxyy3Cg3oa5@*qma2fsd=~Vyh3>f9lJ`&xRSwCz$3HEy
zIuf>wu3TE6QnYdsPNs=1ah<>Ji@`zbRwE?g%N1mCl5*5Gy5W5FA-pGMd^LEgCfO^f
zrEbkAu}hZxFr5v5_rmH)+$rfUm3boEmd4kbO|DeNk*r(8A64^aVpZdE=xv%sPzR@$
z6Ae%S#C_MkO4qJ9V}-1RA61N05tGNT!(EzX+CqJFXY5<{HmrkLtzwhpc*DqXsaHW9
zO}7}?2u#W?{Wta;qROvYN~Udg7p3HOnZ|ko#`XG@Yh{Y6uO4TaG7$Od6j5<7xeDP-
zwEIxbn?EdnF%{=P<h>_g#3Trp7IFl0#*y;aRPQWAGG{Mv9w(^U^X{+nw0@Ut#IegZ
z=VHkmRf6vt6s}3qE3J%q`%<9QoenWgyNnx^x?uc5+xLtj>@k<TCNxOhXRFPebP99L
z*%PqhTUwd&0K4Yhc3TPEuS^FZyA>b_T8rYZ&V)<472$%cCAn8;<HOuas0D3gwN~fS
z!EU8LK{kpWtMmEDfN}{zTh;W{g)&J%r3T1Wvuzbp7Y3-d5VX@>T3u`d18M;vJHz|c
zrCwzB`cOf8Q+(+1u%vrqD#+fF8@e(b=H3hxbg<Qet}cPyTU$U5jvi3xCbCESkf5VW
zI&|$o(xVdsa&(8cLD&C<d35gyI(aWaH}1h6J+~ky|9j}>8?xtLB%$9y_-k9?WPcH`
z(toc}<!mpjJ&2I`UwA5!nBXl%4Y2!jMmy!~oZdZ@h$<#0l2^mXo$g1`ORnPT^;KD<
zcst2!ozrHz_c5Hj1|52^Vs`})2=X5${1g*%-`4g;SUW{RFs?Hwv$qA~+vf_&02TPJ
zM}ob)i?MmGkxIFT%Ktj2gU@g4f<Z@+4X@#f+PnI2!DC7(zNM-S_u^i^Q=@$T^=rfX
zCN=(Z)pY)?E+NnE<eXzYR)HOqH;*Ao|6O|}-_3kMw>~S-X<EGR7IB^Dm=owa(1>sP
z%-^$A4lcADZ^XZHtN1X{)N_^k<}*t1@3O0H<7V8_cRiHFd!)<oI=k+5=S$t=di2IU
zu=ll&F#kCR`g)&fBy<E2dKtlgyQ<sty-FqZn~{5aSQzeE%{B5oN8NnbT=H*H`S(<)
zw(-<c2VWjmy1y&SyFLE`-<Z$0-&Yd6)%_@RF)s8bCfqjATgAwafcE#*tQB6&TQbml
z5Zqgw-FxvY(2(4NdLx7k`-^e&_X}d*SDZdfsy-~vK5X$m9Q8h2^FBPcKKzhAf|NeO
zl0Ks5KH|Y&a-uz_yPx01V3FrEldkoxA&An^_s3)RQwsD(tMyCC^&b=Vli7;~M~kkP
z!~3h-`xVCfW3olRpNa-S`)fZ9WGA<<SEKyU?}v$rF};Yg+Ycz|4RCUHaHq5Zi-i`{
z{w_5QyvcP6ya-JH=;CMmF5E1<PARtjp;rJ=;O#`<zdn7WHt65QCo2C}WI;@lQ{=H}
z@K$V)XQ5W&yU3jy52T7u^>k3ue6Sf+;&fL)?uEPR1oSROLYrw2vdgbhEg>jJwb9iB
zE*?TWl~8{X=EVU&Kt<SK;>&V_`U@h5K7+;rV8QVQv2LMDxdBUa2_t#1eY2$Ijkqgn
z#|yuhrLUw4iPRObP^n%Hz<k)<ZP+7Z*fV9=t7O=FZRmH75Y%o+ETro*r_=ykOv;vo
z$2X)`HbyuwW@uAQ9MC)*<~9-@G7^y@?T#qTwIJn;)9ueR65<9HegV5sN;~OGIEYIN
z4T>A53<wP5Mwx$(Q<wCYmxx&aXV~{xl!#_`i`QfixlD|z%a7XQ3>qMg1(!&!28-vz
zB$G)-3tyyNP-T+3!TK-5g%f;v3lhaDyy<Jh*RH(93sM6<V}XOCH8HYK=;)L*Uu8-Y
z!e^P9l+k-TnJV+nX7zDDAKA>1u@X*6dK?*{=z`Xiv1i6%;g?ZIm?(&e$KF@QFh{nC
zX+$$b97Vp_oO1$<BcFCN7EL1fS|#WAEYZg)GmN7krVk3SALHZ~f$NiiV@W^|arw5B
zp>ALKfb2mbby>vbi9CA+q&2X#IFG71zuLrvYKi#9y!eLvFq*)mQ<GTW>EO8eWLEX)
z*n)6pjyzO+c-vl33-)VnVsIHIf6^?+r{1<V(U(8SeJwCu*UWvZKRs0~cIB(Y>MQY>
zGyOa`{jxCq3Y&)COur${AmGltqn>&HbLNA@45G#ilEn-%VCG}!%%{{D6yVI~mKoHc
z88pZY`rZu2?aUXX*{`^>nAEdaKWDKeW^puTaV=)?0JHd^vjnNLguvM^p;h(lMQFU=
z3(?9jlbO!xfhH~`=$|QC`|&Y%X32hjV|AtI-KmA^7SUJ0v$pt}7RT^t{bI>;Db%o3
zrBo@roEr&k$WN1~XdLEP(3$AY3jOFaGx}7EF?0W^FdOcua^jZK$QH3prZKjtA+f6s
zsi-~msnT#Hat)PmBjx{ES5rBj|Eaow37!4W$b`U=FEvT>3w=R<Og-j(ig%_u)iK9u
zB|{hkhxu5p)e}1b_83J|w4-g_+#?N@341{Wtx63kfJ4=K74!2uI>ZiUt1QT=cS_Ww
z#`ssrLI*^5h;^L;BB@G?g4KwwmaF=cMNMPQC6HaGMV+^1!PcVoqe)#~RHZ$TwvC~7
zuad}bhp}Qg6M>R7Vh2aCp$tS{4)Vq<_tJ8I#7KqHR}d7dW{OsLpx3DPX(d0>YtS#d
z2r}MAVf&x4<JmMM@I|F=t3MaAtTv(_&Q&#`EC&m+uF%z`>#`*PHKv!#<M=Rk7#hU-
zD+?~`U)bt?lM;B4HsM{;!#=H~?%+on)VPtZ#5ic}6cLSKWzj2O`d5}phN?%u)&O!U
zm4LNj5^SA2bze|*Q`dF6E59r;<OD$QVeLzX9Cb3Oy0Pz|3`iI>^tCSRIYUIt1N}7(
zL6zx0R}h=h48LQ92<qW|E{Mjh=~QJos?;r9U*3+=9zbd|kWXP5U<XUE*5Kwh6{I(4
zWcT6LQ~uIZ?<hTTW(itfiFRPAVAh#TRfUrx)c}wR=TS5#_VflXp>>b(OR_AmtkwQl
z=(8>BKdkwJ-})|<h2!6uCLlFqMSA@S_0_NI!qf(xnMwH$Rr$DDlb!3JEQ7{IEfbI~
zSQg5wU`T$v$Y573%}WEFTe*7GJB<48{kVEMra?JQKhI8b!@$Ol37z}H{9)dJtZHR%
zoz<j4ufqU;2Edr>q5(hFIn^*a12Q1yffq^VkEu6CUX9{_TZcb4Z*%o(W0{Px>XP4Y
zMBrAAB4yY28}+YHEjh5oGc$j6*K-TiLl-i-)z~f>H6}8IKHP3-@^0e@X{QfuI0G1-
zi;RK43_C?vA6)XQsP%;~3BO9hO@$L#N$#|xQp;CDvk{S@Sf#p6fVw<%trZS+Y&cP;
zjA;|PSuJ4}<qrzFxC$|Y#8QeCa&Qf5DP7$!eMB157f_lx`+}K++1t=AnDDDV5<Pc|
zW>k_vyo}C!ITPWjC6xW;OFzcO6_N-E!)lZrTMpff&uh9WEC`qLbYmLXKj%_&;z|HU
zWCI%auNvBCvyeT!)xc6JK`f`js1KQody$Lw%(PdT;AUQP2R~NowCq7@^JWuG18NSN
zpgkQ$ORJw83VCEQj+ssURamZNHjcD=k3|Zx96$x~-<AeH@#a%w3XMg}t+1`mp9TSN
zGIAtCTn;NX=0XWeE)O`%Hz#B&zq>ghz}hQ>!XWJ+P|?cb*@~(EfKE^CM|NTVTqD(v
zB?6^&AeVJmZJWcbx~?O0tWaKHD_2bIYy#d<BF#|}*HN<MQHtgfHlhtPJ+0Ey22N7G
z2`-SGuOVvZkXpmi(0fbdY%avVDNTs{Pw7Hln$26G&A)fHBpmq2-_?FW=8D3;@xR*0
zVIO-^+eR8Lgg6(Jq^WUq?o`|@VMp24Y}meGs`|q@k%ZJf^aHEztl2-Gtdo9gU0leA
zQ@7JJ;b%3xC)>8$FP#k4KMTz@TQ3Fs9jh3!|L|EPRXcU%%T)uMT7#GNfkx`9NBwu}
z)>pgPEOfo+xo~rIOMGa(W=+)y4X&kuEe&@0GATnP5o@Kyx>luDaErO?YeJ?etlLI6
zV5i!3?#v6c4NRcj!dq5(XSzz0yX)>Cey0gjq^s6k@`J>Ouh#6aIJzKn=77xmzO9N2
z?Oa?rAYz*k=umHK*X^P^F-Dr@P40FB{z0WTi(Xf6u5?%&^*X*=pxx;tCF!5j>|*l%
z6V=mvIfotmykL%l?I@g6Y&d*{X7zo>ecm%UDnEY|G`!m1W;ZmMvi;pwvGGN?R%!Ag
z9IttFbk)M|^fTA~=KyH70_<++B7$%oE1ns*t;*>Zaz?6+-L>^bp^1`b`sL$4gWSsx
z_-01#aA#MR3(5IY#7!eiT7nZ*CS=yDhujn7xC^p_-(o$L{od=mqXtTGdzA4ycr2!M
z%urM#j;=dXsj9P@QGNQhIcj+Q&tB&*rE~8~*FSpf!UM6dei{<zZ*$;Z{it(hzdIf!
z(!omCt6@IDUNTDznr941`}~7VV2O&`<K~6gjdSIq#N>o#$&CfS?$d@b0{o1?@^W?0
z2;KF!xLqtWIcg22K9wPBTGqzn`4YnJ4O1&aBBY+RqE0u!$&}e0H0yN3V&;QxaUTXl
zZUdxeRe#GPkRrGI=;J06V05sDi8hW=<6RRvX<$p{T4U>!u}oOpa{1}nC8OqZ|1CR0
zx>at7LLJEO8pFfTgW^U72#aWRoBgKu`%V80{KMFR#@>>ard7j=MF-1{p=|H8SMeb|
zO~b?1(%{xEpm!0wX`e)nIQ-3yl(KQu@c}vP)N<WsHxm-6^@wkVyP)Xx$H+l<-Y%u<
zF@D@D3i=p);uZY-7=-E_MC=_X=7l5hl&bjzw0bJ_cq$8jDo=l^D0`|jYW{<O!2kaM
DfNEl>

literal 0
HcmV?d00001

diff --git a/www/crypto_files/kerberos.gif b/www/crypto_files/kerberos.gif
new file mode 100644
index 0000000000000000000000000000000000000000..d22b5acb321ccdc88af8d07c2712291d5e3518c6
GIT binary patch
literal 20772
zcmeEtQ+Fl|taUl{)V6KgwrzWAYiirJ-9EMLscqZFbKdj)jBlNNk&E1AuOurgJCT%@
z;NmnU0@nh21^HhP5fKRq2^kp~v9eBs1cCrTK!6t0fq{Vq1qJ>6{d;?RK;VDA|HJ<=
z@c$tL#P1OQFDknKwf|caLeM}EY-l{GhJt}$XjB@#@rJ^oa3oTh9I3{lk!UPdo2~K2
z;<0!l(I`CWrjm(dD%C2ziKf!2bSBfu9O>q=nQShXi>-;~^0|DWU|4*amWuf-h&UR3
z8y4!ta;0LKT$$8@#bAgg3wqDx0*z|j0Dt^7_5-bAOVza6NkHvp+n;O(Ia;Qg)jD_V
z82+v{hqWf1<dbXJ^vk^=1<2FoPt04xQCr;A=gZWl-C=Kf${k;ImZPZx%DPzD&X)7V
z3f6K1dRMl~)dth4vU8nglUXx#!(M!xON&uJ+s*f+X4~~#)-4YpCV_KpuqS@E6c5Yu
zcC?+CH$ck=@Ory9WC^@t==GI)I9aSVWW?qFd@b6a%2y<0_!t}k=QZf&ZS%kW4&}&k
zdHX&!bSrSv+zteLNXH1CI}RsuCGXJO4aKs^NDjTcFE6yg10_0$AWO44h@>j3Fae_j
zoE=0nf!*!Lu%V3XOMY6Xn7R<qsNq_y@>^m>_$Dr|#3Fze^e4%2oF64CNpK$|tAhP2
zN@cRBERCs;)k2Cy_tHMhXnC*L${aRMHws=)l-zP#GY`je42+c^cJ`EjO3RZZ?np?2
zt)QwXkVA<gj}Et~q$+Ai9S_WaD5XLwiI2jnEKM%TpiT!@rYVaw3**VGVEf2KDo`$~
zs!EZG!m_Fkr1+I}R-~I`1H7zlPqMC(3x2t{EQnZ;p)D`rj!G^~(TK9Ho9576u49aB
zKL(?sp|J;R9K<=Rt~H>(DjLSHt!XN7ut`YIx3Re?&HbBMQ*udjdDZ>20dXx;S69WD
zvfkTipSt6(Yuoe2AbU3e-Q{{K-N(UK+E+KYVc!5|iS00m6>KInisi6XuJD_;+ibYj
z8P}>Gz01={c4G4KVakwUlcgk&#FlA><y6kDlNZ<bd{VG&%6dlcfUjk?$tx!TR1UL*
zO;}ElUTFzltcQ77$&}x1Q9*UaZAC^`zjaC1$NojgB!K^AS*QNHW!bKL8?YtchVZg!
z6Rq#Q<>?~NDPe}$3S^Rczp;HAC$*)$pFj(qx<90b>`mBUT>nlyww<Hu5Xpv9P~8u|
z-E<tLAhh8*s_0tsy4bIcOOyOFrr;&&Au;J)#@rn3)7AZIaDLMdtmC~*+Khd^Z?vrA
zI~n~%@L2!HnBV;{-xZ7WKwxU%_uPbA!ntO}tH|-P=Gf=)bS!xEp%QFbk{?vQqmVL}
zP|p}(_rmH{{PKHX4(Z=3+@9itX5y1PnO$=*43MZvC<-m!S?3aWshhLo3i*#sxsyCt
zM=()1NCSVawt|C%l*kF)C@TfpzOiRZIoj_Do@wa_pb=Fr%Eoa>pY#m)p+!&q1ideY
zn9&Q1rT~G%bw$JiE+I;~COer<f{&tH(d#gj7<|~Rw@mluTAkJigR^q9&(tnt=0Z#8
z43jjN9I4u9g~UPwGu0fg(lr=aA|l{E?vEbM_S!Eo0gZc~l}pmy3l7d^WM`M%=mKJ3
zSZ}lTy)P7~88PDdm;~5DlD@A2IQhe9Th2YPJ6}e)!&#Q%ON3qy9wAt>`>=?+eRMks
z(IZEMWNc_jGHf@QxByI|l5>rpRwd9}&P;OJ1m`hhT&|2IePY^z=P~nNOc`5wq}<XS
z3rR0p8AsdssNRSZpUV@zNK+&;v_gEE!Z0pvdPbXioof7y4>?`mnP??<d^W@oc_ql7
zK>uH5`5*`tLQpdQ{{BwMc~gVoL7i0UUk(xb6<Z-jDI+NS<5&dtO)0@SIUhmNQb>ew
zuJoim7MJx@LM2}*$X>OO*7;O`K0--vX*uht;~GUWbN(zcIG6r`<{%JT;r~}=sR*Oh
z9ES8<Jf&)pm!`E`BA4pF=J>Br<+)00=0d`BW2x?>C0S{?N(=Nu04(OY#!9|gvS)H7
z<f2JckUdZb!DhK*<GIcg@=Wq<b8;0VjJ+P;kI)E8c5RTrsNPThO7vI%+9(GHNW%5F
zh;-3361GNzJN~?ec#7r>4n{+SdW{v_ffi`SOG}w}ps6O@I*1%|X6bvi@|4ZW9PCna
z-ZiBIceUmY3R_$Fv;Ch!*sYz(6@WFuwUwl<&Jqu1YZbnbt-fvEp-c*(RlLr<ZE8D(
zrj1MrRcGE|l(leV%KRJ_XF3AFz*OkmL1Rq^mM3cnD(2DIJm8?;HMRTm!CA3;Y%M-@
zY4C`F)$_!A=i|k(6OEtIb0;3@d-=KbDFLATSZ4GDP8sf<0NU|x90Ey!Tk5O7K|sKT
zKtQPMbVd&}xv@tb8b#y|aW=K;)v43H4PT5(u;shSC?-sy8Ui8cs6k+bSWK~*wkbq0
zKtPd{Q;xe1mO9&8pBrytLFu;k^U#NNf1GtkpIP&X(JiuBST%#UkjF&aK|uo_!H)0(
z$$8&rRpK5Z>U@n~thlEouOIBY^tMnSpN6`h8wx<}mynya{T&>xlaP$eNJTX|J^UYB
zORu(65n$N^ELtigbJr!C(HE6>S|XovF64H-NRH6dlttuiYB0R#At7CAmoKbTKR+n$
zqE_nWy=@OZFy==UUK)xwF8?N4&Hjr6w3N$V+vxg;q1(RHXFi_;ndm<^_uMN1l7FlI
zWqul}eP|x4lr`DMYpfW;wh1HHZ_O-ZRdoKmw9Bj9xZo-{A!TC$*6>L^Ohcxx^<D7y
zT`ZK!td^p7YSTz(wY@Jj+EEBy6(8|W{E8vei67BB7yWA8Q1Ntsg|`kO`?jFwwsk+i
z-1Sgz(0Xm=tjlIDPlTG2TR(4|f^%{Y@aH{zTKk-6*S^mj^PAvTm+bx+s82|Z(x+VK
zocW4-N;EJK6di8#_37{!cjTd<#@fm9V6H8J8@LrVXJ6SZ-^VZ3oTN?hcU%2N+)9Q}
z&gPW6>ZHdwD9Wp9RmI<QP+Z^H-~6*ePe4Hd_EjkAa9=IJ@I#^ib-ag)=}Z}`;6$$2
zbr3C(oH}>*pd_4lq-gVzS0VejNz$EyGUh%Em3s;-(e%3Ul{9cVq4Vq^-0@b*_h}!N
zd1<ci8Lo+=Kfug4=6Cs#q*DC8&;@?1&Go*t&3)ha0G~PDdxr>~zk-)?Now<3pX@dL
zd)o5%Ie61Mm%4pC=M6nzHKc-q3HkOr$Wr)Etbd15!@FDDK)SeS268MK!HfkSLbx2M
zFi1T!KxhTU{S5>!3;Z1sgaBYc$_OBS@F(FyBW(329e1Rp5=1{kK9~F(U}AvSu1Su?
za1I%KP!e!Rj@G#Hm*zCE!6Fzw`7c{j0GlUUNAurrOMkB50P!;)iZfv_=wPHU4;5%3
zaV<7p4i9N7HZ7_E&9y*Y4Ayz5Fh<KD87k7rGm|hn$uQRDK)$jt>$Bi9%8<_|VZJj<
z*EK3HE?<cZRH8Escc~z&j4<T4FnlV$c_=o1_t0Rh0QCwZq;Y2lEei}Q$yjJJ9@Yrq
z<_P!IAdmD&FHCwLDqQAgA7sx!eo|j^ih!=ufPvEpx7F~2Qa373rV7p=k2Uh*_Gsq&
zknVAoKCGCx2SGuM@CYi_6O$NNsBjCc$oPyHPtD*_E2EaR!0GWoJSxWX)WDgFFv0!k
zL8<V)x4-)p$cI{SXBlx9?QvIYaW}xXxI3))2d?-ht@vtW)3=QHkM{VlwfLX6co6Ia
zFzy6U>-b;P7*G>P{V56Xk)$sBM2Vn@_C*x^i4<-uiLNAg?nQ~nnTeyI#2D|`XxK@;
ziKJxM_(T(lz9@tU>q+J&7*b9$eP+mT=SdvW$ri$iT}P;#&Wv0sq60?)<*tM*Fv*-=
zDRlRwf)f;BL5X}#q-2>%&P9~2%0$F$sS+e)L`jrXmC1G_sXxq=q}nN|K`9oIDD07O
z)?R6L>v*u-GVUm3Cc<e}FzMXu$+qi)_8sY``=qyzDZ!vbf$J$b${Afwsi9uDp96^z
z-1v%>_!!tCY$d68%|vO~lsb8p7(H)xD=V3K>zRO8lGE|@qNMb}j5MWi-<l#{OAjAP
z&a9G3T9%R|YY`FU^Hd|RB;$^3a1uOu>LhnBioy4UQnM^(<>boBEVUw%+Vd>YRjQq{
z(4*xDr?a5wc7ygcPx^OK^Gc@e_atX0GGZ2%YW2KWagx(al29-=kRe}3s9Zy6Gh3>B
zvF0F{lUN<B?2mKd15B2p4wsmwd?1(&?WnZFWF<|wCeIDGw-a$h3RTz!R%`-S<SJJ1
zB1|E;jw>XOpB5Mo*@4&YgBK8m87|Ad(L8`KBS;U6ksUQGj4C`dqwu(`5EqoEu`Q2k
zf$W>2DB6?<B+8j(5>-w;UNkF(*SL6s+AUAgr(`j2_B}5fJKxPUd?PYAT{HhABl-<o
z(fAO_5gpUJS=xX{J5jVOsZ?+*sibMF7&gn(3d-)(!vHHQpU%4w$s$4sD-t2Rv`{Nd
zpuJp&2R-6RD6vE)Q%rm>SX|glU`e$?ETrNbwGzfvDwd|wn5XjBl4KT*czkCChH}Z+
zyONEJr`<(K5mdIYjt~oM6_8c9c-WNzO2-pKlUy*p%8pppViKui1Es68+TckX^+-Gf
zmJ9c&`u7NiZHE+Gsqs<8U-@yLN@!od@qnN7koZMzA2xpe7ReY`>C<BA`Yfp#@XD`Z
zDb~_jk76-Hok}>gvJ=xf2UWSCC8U}tR5qEMsB@eOn`$2A`n$7wToqvx*bL65`dS;j
zZ&DF_;dE|k6eMoOAseZT;mRaf*<WUrIaw9|NE`d28Z$c^^-aYL4lB@xE0V-2$z+Ac
zhlEy!kyqIi&XIFy(L`B!GwF{+0F@%JaH1toBJ7_cLcA%+(xM_=IPExG;J7rGI5p&;
z4OWK|I;J#?aLr#bq;3khQqr^yGKsBKL#-rEtuEZz@V5Rn&50bJ4ch0{oa5ZNW;LTS
zguxq?sL_qF-r{(?ZB8ZpF(r*epLKB0rRg-nzPfGR(M`=yfX+@d*(u@ul7QD>(OzUx
za<YzZ%~Dx0#S62>=MeFomMZa}c4QW=U%IWpl1(}e@nn26<l;;G5!g;US?w^LP8Cpq
zgl@^*q6dB`ou_MEI<I2Zr@~`PM+U9p@TWrer_6PUWRtA6=`Y9ME$v?&D%zkrQ@TAY
z!d>MgCM<sy3?((`TJ_UD)pMd%LoXEiqkC4SP+Fp0Ezx;3TMcE?y<T0qM`#r@bo$P5
z(Zwfwi(Y!FSFNhE`??}zzoJ!cqBSy}`-n06!SKw^a9Ewh<vdgSVfAd`xB72hG{;Kx
z?{o)}JO;3~P~F08PVTEtP7Tqn2597ziRlPSLqX=v^T=uhDD;Gu(fqB|HNsMzo=?pA
zuZD#1hQ~D=@m>e$zX(uAP0G!U{W!{u4R{5`#C2);MqJSQmm|D_a6-YdhGpyweai@%
zQjOL4Mz_oxW_`+4Bl1f#VmZbQJhI|umPh2|^vAQ}d&EW=(VYZi#^@mjnXO7C^^o;y
zhF!kWVrc<io+ZBB<M?T&dqB#rgisJrkfCHeOWzY4T7YFtsmYW2xWBeW?BIBj-l*Ds
zfges(oaf}eY<N662n>^DeGP~U$6#HVjS2-x_SM9razAG|i4WcID2HQYnA6xwPxa|o
zkR5U@-$WyyWfR|^oW@k5x;Yq#xzft;FjZe5*W}jL_yj!W6y3~$-PE`C>`9I5cFrsy
zbb2?3fCh}^BFFY`nXM?@T=!SsmG7UN_slO}`?a(=Vmv!O^f?Iq5dr3^N$%>X!!n!I
z*_q4k0F{3z+g8Fs|EjcE@+6Dk@r!;VjP_o64EZ|YYEDm5EDWhTk@0(xerqOTI)Hpr
zg^~<ahvuDkSW>y0L>vy~T>$3WIipak4E|b`>t&1_IFBIHPY1Kit9~uyqEth}GM5f<
z@$u7jzs=5NSeRuj!?(Ga9Mj6!n=VN&(H$;*u@r%x77I=;;cp`!y3Y-#Eg8~V04<k*
zLtd03^gq^~1>q|oRVxsO1!Zy`&1;cJGUfVXjzkEn=U1x)Enb{BJiJj3;h5fnuq7l`
z%YSo2ZMxU(=~f&EmfCUq4D?N7wq@h&=g-TElX_OkZHjF1aZ7Vco&087a{b)C*Pteg
zr#P1()59Ic1K={EK;L+Y&KMf;L+WQ7<8n9UCO6>ywt$r`0ghaJ{kg%MQlUfXTYKUw
zUtr!_3x#R5+sdHZ4^lhuks%AzTleV!W*m{solzPaJ|prGMQ@aIA7fas2K4ErUo-i<
zYqoj0Go7za2iv;}<00?zwPy&mP_t2PRZ(mFF&HucOR11$>ip2{SR8__46ChFt9{do
za@lqZf*WTozo6MS11<dsv9l=q@gP0R9mpR7mY+EGowRHDT*>y3<*I|`x5MSAKX|jK
z8dQau+absVg2FQqYC4fNmq&a*-fS)hpEJC)T)Y1=CP)32$J%)pxwgm7c3ij)k2H>r
ze)jZtc-cKq7<TqnK9usoV~C2o7$zNQKGw~8^_nd3_Q>wTo#RI4u_=6KQ8)$ShwzU;
z$0MWO4l>W2Ei?imcg}#AyI$V;R?s2kSBH1_YtEDBOI9a$*P%M{k#>3)K?++r_7}z4
zXZPbV@O3BiA1BM#CuuwDfSoA*xGk@pnywv9aRIhUkJG?u|4aeu!`O4xfs39WeDRwQ
zt&CikC<{h`{LS$lbe$O6iWqgOONfk<_1X2KaDxr#6Lg)cp7yKA(yNP#o3ovpo1dGz
zBZAupf!im8+ZX@ax4her-rKL8+aCc;JFj|RofcSrIHcg6?=eAcVuL9yY5{yEQer2^
z!W~2OUH2KqZ<QpgqU^sDlxfsCgnjoWn}jwbiDZ2l$SO&^B9iHm4<OFtu-5lo5%;2(
z8JuuwnJ^Cq6RCX@sp=gmCSHmByV*3i_b7uY{gJ7>)Q>(?tx$?N)-AM(b5A_%&y-fr
zYJ@6UjDL0WpW#Evn1Bgbqr_<W4_zIpoY9>ll_>hR&u=9uB7{%rkxxU|PwoM)1z(S`
z+&M@Kx&Mgoy%t^#xzq5^Q}__?9Do7OZ?KuE*qKosNp!o}?;8(LCNIvwj8sHZ=iv-e
z$M>vy9B;z3x3&A0<hQ7RG<(O7!IY1=v5%?%$x_!B+We&7x-U2Z4UGZ+&Gq;aA0O9}
zDfp4~GTb!inWBU+lmm_U-P~j)Eq4M_?<2w=`qY^th-6DnsXe!!wT|Omf|T5XPk$o6
zJ?oSB1o1k7-$jZ)T=|cG8Pg=<pX&&BLH^A>8QKGDzTeqN9aTud97#YLh4zI0LLv}|
zMIiNyfWY7hgg_&MfJdRz8w_VCA4<gG^ZP?!s~kxsk;~_aWvU#@q|xj5mPmn|$YrtH
z?+j<El*xj?`u;%RsGTVl!2&UGuDzZrl*1871wudmm?%`K*BXpusb6Z;QF^$?O7B(6
zHk#6>u~(y9Z!}@gkDB$n+v_!OFP2?ttKAwD$_BBRZLnSJMW|j9NaSeUn~cVa?$lDX
z)vh%=(yPYtzOozxj87$2w$_`cXNy>G&7$w?tp6o2HpN|emR=@#z3;5Rz1^ym!+4_-
z*lBSngrQ@@*7y8*b3U2L?#he7d9+=~VNTEU-*|jEb7(dt#QmnVUCZndovrI(@!pta
z2M}80zJ3+RB=5Yge{%k*7~g*6tK*7+Fca!OjA2#chCq;28i1rGVG@A?7B`5D6ePpZ
zO)!KYmOasJRSYFOfRz}5pel+Xj~ptr)QVvQJitkmk{!e|0fodO`@tx;?nepe7nDT^
z-M;PzqQQolrOE42oTMr9$tow}rQjQ6XzSsb`mkE%qDFCwACM=hz37|=V1m_d`azdN
z5~ew}#Z=_DPoHF1cyEVU75QI}niU0s5Nt}qP~>c)X-CD3%AW})u6^IVDNzd2l%*{y
zvWz2YjgrL2uEe`I4{U0T+^JNms)|5yc6D`4d}$eZ)KIti&rY<MB^A~YXJ*Jy_+)j%
z07!RrO=M9tjb1bHD2-ja9`r?;RkMG>98+`(QmjESFYBbG#~hnReUO}buVIk1OSG8%
zEc&}Gc5LhYY32ZGJukaIq$HbL^W!o9hBdg@d}>$ZouDY%_iDzECl~h)N}KfipQ1H)
zR1de(#(j1}(hMAE!vKasj2v8MiIRCR`!xVL&f||Y^-28*(wkJXld{wfi)=@S)(-ku
z{Hpyl!ZaF_-9HpM>fmt_Jl3V@7M<4R`C&XZmE~ofHr4f`JhruMc{q~E)gs*Hbeaxq
z)ak)t?+vb>_{<hIkiRN7vz>wVFgFPZR6LI9cQ4-U4I_XgJF}p=RO8l(n$_uF;Bm>T
zqjOv669Lp^K89VpIcW~|wNF@Pa_=j=t|>ydU5&Y37<hf!yW1&(ZS|d;PSdp`8HXFp
zKbnRcwsYGL8ML?CP8|G#sZUXHWzg2qF@^;1hq;V9UdQqze%`}1^-*3(eRb!qOU7pF
zc7ywF`heEwYo|AG(_4+rCu&1N=U1QAiig)@%g^uidnk?1)6DQ4AQKBen9N)tyb{3+
zl9f;|c|s5zo)LJWrVxw<lNX|10R*F`aJO;%U%an9aXv0#6b;5eV%GvlNhtE0nPHz@
zR+%>wuHF@CIaf}xRN!bDg$RCDgBQ)T(E}INFroXu5Cps;36%_C(x3WB=@tUe@OCjG
z0;Z6uO(Hbp3~_{CiP1FOCQ@ITokIf&R062GF|e4_cmQT~Q?()!G_GWBZ)V3oN6-ZH
zOM{72*HRW+Q+rG8HLD%><ms$tFDM=3Tnmx$$i5pBD`t2SG!7&Q&1RoVZGy2K^+`*p
z(pb_(W1R^o(L|v7Xpk9VRB`hu_?4u{k68WaG8c&nTf|Z-hlwKo3kKr@WW7jiawaEJ
z8G~XLEI_~Yu~;qSU?j5w<e>2(Mh7NqgKi77{5Ns?$%pW{sUj3>Y*~U)=aBsp3O4+9
z8E6yMEcdT*+BPWEvk_-S{PSa$ODMTnau?H)7(4)t1hZe5O3tY0J{Pl=B%}&cp-~Ar
zA1;ovheC5s!q>??OQ*83##15K7Zo2r$()ysmFNr2Sx#Nbf^ySR0vUNRmT^^9TTZDz
z!-#deMV9K{YuES+vQtR`*3!SJ;iS7A=H@9?$@gS#{G#*~ia{UK^U5u>!nsvyj~U3<
z=BOdRTWJ_%i<V)9N8{aCE_&fP@Jkq;St;>jtrR|1%2uA(L=k3Gk8LU*T|?^sAjsNY
zbpog4I#{wVA&hy;xdy!rk|R6h=upKkhGS(o8slQGjJssi8x%CcQOv1evbm=k22s=%
zVymSdGHG~&EGkc&?Cox4R#yS&fYZiH`*oYN%aAekF7~DHn&Q<g|B8m06bo@(80F}y
z<|sINV%lh`?Qxx#VtjoPx9Uy4I+mI24ZAuM%}8zLs*6M=@(Ueiw#}ZGm)0wL8~a95
ztv!)vmf_fXJL}2S_8UO`(g3Z^HtF2IBz4z6boBTLd^)Psx3(RzxQgVyZ7|^u15?C|
z#@|^QaW#NJ!XLbdXm{gvE%Y7`4hL^>`1J4I@IHJJD-Y64BUdoDOfrEA_o*obq$Oi^
zTK-`tdKmWu=z6WbAaQ3~ju=JrL6ktrD+<~k9}S6@KaJD+4r!b3LZb|A#qQHLJnGnD
zG!82blD;*+kaaDH9Fa@($_|r#Yh<CTSH^Fz8N-viEdv!G6Auu|)rqq$hRZr)?G^Sp
z5P5e-NfM{${p#2&tLEut6}wQyO_aK*28DEWqFlb7AegK4IE!6oN##*el~qpPwld2k
z-D!;+vzbR@pC-iZ=sfy9W@S(^ipt&D<;P_e;VL)C!~iZ0yNAT)h?L_qWsA+Z!B=LY
zn;XE@(U*QJIuwNb;UO+J9eL;4Jz>kuty2yT9aXs`$1c~+Fo%sgTzVZZQLi<=G-iv#
zT3Zp``|VTr;+Ei42e+;;VkjZcLBzmzyY!d9W7jJfzcp)rTDFwREf2AC{abl(zH%^3
zd=R8wjL`J0BTB)Jan;|~QY&1CsC{&!@A6he>6=~by=-Q{>wB7A<S`maxXDlf*P`t1
zZ9dGGnZ#b#s=zIpG3w6wM=!@^hLR)Uc<+_gUgt88?aL9`)s+!}mr%IyJs}+4iHTnK
zTEg#3hd7+N+a5>9-tC*%;i$>=-q*(R=qsC3pS{l?%QCo+6;-!~ZS=Y2a=4v)7|FDa
zL&e{o6PkI~A#Ltj>~ThXI==V$<*u)Eb1$W_{zqDzei!P7FBZ529j@ivBDudm5CwH_
ztLHxEHR8RuUUyz$#=a;m=ZrQm`<7@rzHgBoK#ubb=w`zGpMq}P4>j{ob>x38Qp<cN
zWp_V!8NKgn1^r27**}X{`Cq#b{a@Ph&z2|yzEo)xtKs}VcP*nopZkD-Dc~;fSg;EW
zhOf-H@9VG+T&(}@vkwxDnTw|{DY_fNwf8i+AGSp(C0Ov+Qoq;&Z+W5+cy~V%+Cb7&
zKLVR@ur)U*ns5i!0EVk@9q$0va0D85AV|Z2jPyXNr_i10z%FllO|{@H+#qI4H%f|d
zSMdN@%>am0BuEN%#XR~gxG-^zAf0eKO=d5MGFSim09^<V9ogU{>mcb@C#o<AsE{bA
z5D0{l2x_A+g>O$Sax#8OH^EUK;niT1Y6oA-AT6GV0K5q8^bnJ8H#3=NnP?)LnwYqm
zD4Lfj7g?=yF&d8^?*x`G-`5aL2#?^>Al=rWTsJ@M{xC7wa6hY91~8&gG!l>W3G<$J
zxC%NDReM<5OpLR8AfZsKsCiiBXvDy^TNNTf_M+rzKVw>ZB&LvEwlmk(3n|M>Je^5Y
zr({IJS1fp91iS&&aB0*&h0jP$+)+4xn;K=EIPX(i!l{P+$!j!KO3YeM%*IzVaRAk!
zWXzjRWD#3pnp@JDPl8k$kG(M8>1xbePck(^!lPz{JY-nz9kr!d@~$gM@oG3+O~A1P
z_JDfquUKlZm=s&cnC=#VU?px;h=9;imoS+$;nMh9v^eUylz5AH!c&BsDUGmnMoNv8
z@{?GOoj^2SPK@4!EHg3$NMO3!P==lq8f^++V}k9`M0tr+K7w3^Z%(d>9BN0U3;+~3
zS>PH8LL~#L6#+^l<MA~fdW34^BvYX#>zy*$nUSALGES(C_hvnXpeF+1ISir{m}VB(
zT{Bt)0a6by+o%^IE;gA|Fd-`~Tk+IYC_2$fI?_tk)wvY)2r5;BS7CS0I(;;m_-7ad
zDFQ+Z1QIC%#AvAZY049A8XbGGh)y;~TW*w0TyANQp=Cx0LX>G~NIpfbuy}eFKKH)_
zm{$vg0EtSIo9UJ#>^2KTtCYyxpV@Jp9#4@%fe`0U8CPJF-cC_Kfl#nRRlpSkSs<I4
z*8}O5o9%m=WP_OYtjSzUnI7AkcrTgTUQ*aunz&)>yqyNzwFpBB1qKnxAISmd`XHu2
zl!i-=$UdDgzFq&Ne98a7E0nYhfJ!NKtBvo=1%h}+q~Qhj>WTRti0FC!Lunm@PF3oG
zQKXZe>8DdVuIY^D&L<C2M12;yiQ&0uneUZVcJUda^_nMA|Cf_7e_Sz-FFvuEGrl!E
zj~_Zf5UPS{qSWTPP%EplwKQ`bGfM+0kjfJm0<y>ixp)YYOl4n8(j&zHIVgZPLjFA%
zp|(hygUwK~$TNacD6Gt?pGqy>%k{hnKCS8qULxd-wX98Q0i(u`j@fA3Cg`R{>>6)^
zz0_xvlB$gLz>Ftu4?u2Bzu8iGm+K(SmBWvfflXYJo{2Yu$w`;SmA|Iokx(Bf=i{R5
zQKp+w(Xm%0_gmyAQ#X`T>rO!Ch0IawNx~M%)&RPxyF50G){JcqD|`;m$<cLL_sr(v
z4S(5bAXz7Js3C`)X*jwihMmKi@~i2-tB=qw)W#rcZY`?eAzzv;VsvZhFE6}zFX+k(
zkekcmajUE47P8r-C{HX=%}Dt}j7{N5oef7To3BVdFOeayM3kxqiL3FKV*enIeeL7B
zf1|&lE}zR`hx?7Y@RLQduk+RxG7_(k$cnE|O!_U!WgCy2q2eaG4Xoam44<tELu!2*
zEeFYKnDdiCz-wo_^#NR0J164HK|q2)0@*`0a7-e~G76id(@Y^Z3T6PRUs~tjc*X4e
zaiRE@U!-LTh+#tM9~H>=jT@Epnkw4b@gIkaM-jTJiIa8Y8}*Qzl<Jjg&zgYLR9X4;
z*5kPxKiofPQp3mSessxyh3Dz{m3!P4I>~?cwdyfcqBMc#=jEc;)N1XuV0D0IjtOtY
zb>O>gtCEIpjUNyCji68SuTLLuRr_r!NY9txZ%4b~ZF1`+7H&BX>x%GczkKQ=L#|+f
z<!edj0?_pev9rv`H|5P!4X$U_T6ap^WZPqK*Ln<glyYZl^#_-AN@#cTOLltnxgz8<
zsXO%YQi=1Q_4cTC@9DGN?KSOcm)%ATRa<uPgtwcncc#q^Hb$0MLU)WrC}8Gut+@65
zRV4LFc7uqK1H^aw$@f;yfxGpKSV0ezziyg;pX{07WWvYo)n@GV`R!^u!G2TiBlV^Q
z$n0s5Q9$?`qgcS>I_#Gh@Abazm{BL3&KT!L?v%ls@C@vetn`yg9N6d{NYm-NtC}Pu
zZFatw?srr!#>!@U9^g$JAX{e}IBUC;E(pS*tXZ4L4(KB~=t2G%{S7h3!7!fQ+GFtV
z{B4>~BOw7Pku!627#pk2e`0EUb=Zbn=6{qP7-b+vFkZbh#>8OeYfUK9D+kT2&jA>x
z5-_D^&~MK?#QvSE;K0(9YleieZ_2Xo2Ro*?b13|h<N7681AnM#ajdSerAA=3^K8n=
zVW!Y4157Z_s5Pq+`x%jQH(6ZHSGh4a<dE3aHV>3WQhC8rt()E;vXHMlu@ykEJJGaX
zv5-5lkomCa$vlvD#^C)qaEqPSFhh#fuMLb+V<NCLh_bX!EBT`#hwWhGz9XmNf5H*B
z&lP4orgR*fnm^%mMC+huQFF{ZfX|zjqpxAPON|tuXExKA{g!zgGkffJVIFmJ7;ItU
zlb52Lb`m&?=}~4mieQ!UbE?v794>J3X`GW`KWZ^cW^zR4Vn!I_eqx4UHX~<RdqnAG
zVPx=QEm3zar?ZuXag-skW_DtdC~@c?W)rkglJr|Y<>oX!)FNmUVBxQ~{k;o&Z&Ash
z?ZQ#g^kdNq<ghJk-fg5%i6pS-TpkFqXXjbT1o$U;?O>>>nT`yb7RC|MrA@_^na5$+
z1<~1Uou9>FU+55^L`Ya|ydQ`9TTEEk#VVZD8QCW8m<Obp`cj;xaU65TS%nIe{d2Q!
z5UyM>7{Q&ek#RVt$Ua-zLEl-o15cFQEVRR9kTCto2qGDk3NzPYxQf@X+w3)OTe|d+
zI2O?`$CMyTqPRw|I9jE!-^jB_!#TJKLhT(*J^6_@zcKO`w!ntG>;;(X?wqEK?zCe#
z*2mpq+?>m9Tt-umY5a0*+HqXWbo{7082^2gJZcq>A>n0^!|q_S&u~}nKb3hxm}6lP
z>Tu_(t|poHQc}KSNBVt>@^kbRdA+-0?g_XW9d(@8!51>PLk_o(5qFyIy*v1^>N>gm
zUA{|tW4AHogc}aPueTsPy(hwaAf|jE;d~&Kd?3?&Ah&#=@KAc741b_Xf1oaZplN%c
z9ebc#eV{*mV0e9CgnDGcd}OA4WZ`^dm3(B=bRolRFtdMTzn$h>RpSnSOf7NY?|I}g
z9OH{u5m<c`eR?E7coGDr3vZ0qzBJTY%f=78HVQLhOO(S%Qo5pwJ&9Y!YpOooYq3i)
zR!JKk$SA_?qqv<n#C<u}E7$)ny`a~)<XF{lyOVO$q<roXX}auxdUIy%45U|yuhrB<
z%)N6Z`{gEQ7>}Wfc&8*Id+PS~@eCx1U-Eo0pG&YhjeEeNvvREO-1vPh<lYMXLPFqv
z@m6my_@WNgfW-W2q50}U>ETxX;(SVPPU%s6;qJcs;(!_N!-*{od;tz2eQq$BGd_1d
z)GFt<&S%hXp~TxMzO8A!&Iq{;4AP^CzC|H6Xx7K62m<`)jGgyiCE5Ufr*9ZP^uOnu
zOF!Qd3Hwq`Wzy<3y$)TxcmupXQj-o2T$8k8CmLWhd}6ZmCo&0lcV%8<E#tBzX??=u
z*0ng_xZcM=ylWxd3<O;b!=KT*+^fbuJXb$r!k^93-->PA^DOJjMLb;U8Dk{hW+IZx
z5jO%5>3ml`+b!d@(?49(eH;Yc_Q1USBoWDrJxx!2+;>a8+dc;wy#OBSZH(@om|ul$
z9;1CeqlUhH^=}jPuV!s-ldE4-;jiNXK0}Tkg(ASOVL=*QO5a7O?;Ock{dD(#eXpyl
zUguWK>w=!)>7Kx>Z-cq_xpF^;vCkDl_i{o%@mQ}|x}W{m&cj`oqcN9z4gV9#&eH(#
z^Kk#bVt<zIpNly_M|x|Q3G;2=V;SPxA?D}AZv9mN!ZqfTdA7%lrJsBs%st}UaDm4o
zl&}5*?2~4Im8o|y6!b4JsNZBp2_OR@kccQ|?f(k;gQ3YeT&3oXMWT@i1wtYk55>X=
zu|2n-SxTgnaFDCa)*ng+GgvGaVzeG9W^;Hv9<I(GDgPCSgrm^gJW(x_$fUE_Z`_@X
zrz;gp$Wb?yOvTey7adh8nMu^(>1#Z7s@q(s)#9@ElKG^PtCw>eFVxz;GVFAFzdl@F
zrZZ}1s;L&$Vzn2qHrUQN@Y`z9n2m&21N7lnA2h2o2zgJ|lI|8J0<6KP>_6BpmZ~(%
z39dibuhyC@7f+}^oaAEcs83Jy-&mw~I)jQKuh&ep22A3M$>1?qoJVbEPI_iIpZ{KM
zw7J~geEYmC!i-XaD1GvMJYB3dw{7S3Jipc-vWg@82>g7($tB<J?sofv!g3J>L86G~
z2e~V!7}-JpnC1H;%e3PM{AgPd2g2L56Nlr^o)m-=M?sq?)MR>+L{Y>+^@q|MWE4g)
zPXf6}V+9hmNaJp|JyAhm-`+?QgkibK5@Ay;%;F^ptdF7?c%%tpxMjG>Q*myz$kQH)
zmrWD(y{V5P1)8*Wk`*N~$+N7h&NoseIv_U`9d|HR<yPd6wEwiXhEnRW0=QAr4PiHq
zlZ3KH&63SKJx{V?c|NFA1AarE29YgfW?PLa!&({zOK0tr!$9&-RSFZ>oF$niRa!;I
zC|KhNmqS9*mbBJ!TT1I8Sgz<slDp44Cs(E}n~$fqYCC7b$X1$6#(FMQl*;&A#Ftl9
z(NzC*(2&={yTUEC0itBd>-6Vg>>7J9(jDq&ygBH)uPH7WdQcG3tt(oOd6ilgl7Lla
zNubd%<^aYjnCcql%2CIt(#VZ0Avhmer(vXcpL>1xooYMta|sIl#<$7J8;8WqtL(g|
zEIiC6m>b;2K4$P3vYCiFox1?2`ZA@q7XQ!YA#}?#mw)g>QcnOZ+HJLt7l!f7#r*G!
zCtWp0T$V;P*;?8>MeLWBrdjb^<<(!kSG5`76+IlA_Fb_!n?V>lwMoGJn%Y_M@TshS
zjTrp*|9HWF?&iI9yV(w8tnF^CbU3wgV=P@@0yk3;L4-gdmFfVIuEE-z10JH8ocsP=
zu&(<-`9H6F5>sdn2aSp{i)#VP44dmMi&S14X`j6uTm3!`G-r`f1_bA&xURW>E=34`
zb3Hb|-SAyC=@OnkuY*53_b~@xm(6fS=e4{XXDb@roNi9`ye`7>u>uZu<$FJ#Hv<HJ
zwg84SU$?eCUr`T~{h%lffjCiwATz^73n`XCrh^z@a1w&xDh+=zy7%-+GWs#O6Xei4
zHNYq%29SYC4I%6@hQD4ZsosdGr3-oUpb@$F*SO%_nAwPbyR2cNt(5xEkP*y)oroO9
zGD^-@8yNmwVO=?Ih*U634)lE!oujS{<ya)DcCaEkp}zV9r%Mt@^@~4*x-o3Icx@-+
zZJ51@nUc>{X6PUShq-4iiU^_r1C@=Rsq@Ad{t}lcTeI=FP{M2G&=eQ7ay+ZMks98P
zC<G)hP+9>c8dzwGbp19+VnJ=}3s-WPV8L9Fso+*hXGXQ$KCaHtlql;}f``uD!9#En
z$HYd0HB=!ZjM5aZPnUBJA2}>|laxAYR!o}=HpMlGlB`~HOmR9^iyeg=X)R_>q)o{`
zWZZn1KK6A&lMF-8owS%Ky+DRs3Zqa2?~;2nT*wv8(uR@5s?$78#<m#Q%-5Uj{ry#r
zdN`rrGdZnx!iK_g+@=`F(o*=1R-tsFt!NW@ULewK0*zlaAKQddw3lTyM3<!`n--am
z$4@N-d8V8{?GgozaKQaosRYw`lH5BC^Nj>km%S1mEx}xw1)rco1LGz{dmSkTXG4`Z
znNng=RT)X3HoYpJ%BGHg3Qy{-u8Zzg!F^E`7}uFx@)2FYByOe3%9CY#!6LI}hk(7A
zCFAhRCFW$kjAKSiF8|~?>mO;!#m6LYiaKbynvKRTa9D?g`sOxojxJ9%7h;K?8QHqG
zrRFgtQhQ1N#WCZX*2;@RJ=go8xy1fd6CqotdAY1q)zwap*k@{Wk3D;v&&>RsXSMTS
zCB^UPiqY0Yb?@Y%R+qoV#wlcN7?9R@9Zaud-t}*7$-Tj}<vP=qhimWUr7XYI!3qjS
zMiijXbtJy%jBOP7+~h%Y?#8IK8eRHQrP(VOS?^~ky4%&QDcRz5jacZTtee)-F|=&&
zg}k-S0%#q8tE+Yo$6lUxe{I`Jx%6ya+Wk1tq<9Z?Ont#kK@_wZx>l}H*SGoC{F^JQ
zRzy+5%S%^V-J{D6oh;UcRx1zqqY}&dauwP$arnLxGW@I_5dkS;_yX(J_u}WAj68Kj
z8qC!v$H9_POlL^jmOdr!_K-eQb3`A2HEnv*ke2v$OcSl$W9iNsE-ZIUP1!+7A<$?i
zgrkBH|5Q1_ZxIkHXa0A|YeJjA#kgM1L^S+;GNKnI7ZLwdn)PG;Kixc&yw*w<6=ymw
zkEN(f=bS4Zhsq;NF)#O$AN2KoB;e=7=Wz2pBVuhaO~E;Lf743g(wibffwh#K-i|sM
zd#!EOxe_($%7E2psZRi)s1R#|Q>9Z$Cr2A*&@+2X!!s{F>Q>SdV@Q{*Ju@EX*2uhl
zPIcM2d2PU1`QM$SVzAH2d<@2O&prL^pUn<YDva8w^hry*daI@lio%v{xNJRA@>TeB
z{Xz5_#~w26Ick$CSA@Eu!(P^X<n-v`Oq2)rfNp<sO+`LV`l>+0^Nob%w*h(2hm2~=
zlQV0xwoAMFTtUVF@7#>t2x%FHH0JIp@DCDug~vy#Z@!MHj>*erDV3jjKyK{^%6G;-
zyA19Uq9)GL^|zV1M+bF5Z+$^AJ}Fw*Hir@T63ruy>-_@$xE7Sf@?)M<yzECW`>FJ5
zCW7UkA>D~yipe4QujgF0?-SVxZiSjKRgFphTlaF_g+za^X-lC0E!(|!C)}JP8{Eg0
zmB4ooCB0`-_|{XQ#7i4$?u%RT=T#l$XW<CF<C0+ZeWLAuW13@Y+v8P6>e%%buOrtq
zAz>@GTzz41&*csy?#BC0>l5L%-R7MCXX{vxf<yhsg&}b5jYIHb=$5jx+v9CGewowF
zceS59;8A?l$AVix<Sd&1d*;Sx|C{j4nDE_vqupt<;T@+VD1Z1KrySj=*lV{&y5M48
z>@Y~?P>NuSew*t)?NomwD|I8uoUk%8dw&MIL7Au&#wZzq01QBs;%9K~wO-SM{no0z
zF=F&&ZP<-W1R}Bl^B($XPXwis_IUme5~I)`lGun2Iv3cVgTkVQBC&5MS9r+0bHKdt
z+4CD+q7dDE-@vzUG1L%aVHN`;zg<t}C=#`Kcmj8O7BZ3;>mU^G0<I+0I5&qFr%qAo
zD#U_H;iJV^8Gh<##yDt+*j{UFd_967YI5XAMw>3A4g~6+IgU&qmfR++Y&cp*YBbv}
zwplJz$5*0!e1fp5Fr26e_?!(M_lsaOPvwpf9EWI~y#Q>Z;6r-CjLt++%OsMIq*1KM
z(W;0H!<6zPO8Tqt4_z1&K`|?jDT_ogc9R@ak{tVQ(-ovl)$SsA|K+PfeCW7rdLHar
zNS*BWos<G3JXlPo*=QDlL*CznlTxP4uq0F>hwMNGQ&yWoY6}x;oMJu!Qe*wBmrC6V
zge>SNZ7>0%-!BFTd4}+vdoWqpuo&4egV@>p1zBENkVynL<U6mq1_~8L_ynPhKL_pY
zgic1LtP7-N(8VkcG822n%onEeH>9#*2aUc(3MlGVrF$Y(dy*_Ah+yQ6=LTo^W*^Fg
z9hrGuse2M6>lZznG?Uu&BIXQ9Q$%@W@l*)qHAi(zN4x~4d=F&WEXC|m$Lw*XlQAaz
z2J#kSMf{`Cz*20;9djVLnR3#eI1e6u5|JuFDZ)o79nB`)uYy{Aa+A0MNE7MaKjxYy
z@XcBhguT()3MR5~@O*J0sBtlC?c|e2u<ZPQDb^z>bY&)9?Q!Ty$Y1A;N@KS`D9F`S
z%xxtKde_UOdJP;p4PNI7F0I$?e{i_dOz+G~IdS^S*@_0SfFv#^C6Kd3(s8ouegyaq
zq&5qh*;J>_9OcCB_>NKekbcF+fAK!4HIu9<SBcO)SS(%ZEQjz{{H=)u0WfHt<r1ys
zei)GcVf)v$#b$g`v`#V3fd~;?hHI&t_;m~ZC*?|XRwMvo?;Bzk{9j~ca#~=p-?2y2
zk(S&VNYWblPR^wE5msI(rzks<fwRZ%fO$>WlIT(LumeL*nlhDxqVj73P(P}00m}$3
ztG`(lwr^CvVih5E%F$sI)F*}N=euB&>%Uhv-Vt;_(aZjjln6hVi=FHk77^VN?};^S
zUSi{lZIo4TTZfyF{k<Tv`%68<e3JRRjR|{xs9z9J1T-VDp6rgGh>5~D{kB4op}wBT
z>$*OBw_7{gKQ;(6h4dzj7(Ho{r##m#0Xx}?mB<DEO;fsZVmnF_d`CiBM1oASU}>|L
zxI^|hLl{p(QMzGeEOGI@WRA#SuEb$p18bB4FsVn!sZ}t?_)GSpZv%wfqx-39NTRC6
zhW6~luL!HE_&Ll&AyGJ3(_lZ(zTSIt!z#>Dv{}IIZaj%~uP&*x?gTCGz%Ou!J5}<&
zu=`!=NKjG^u;@s#b!f6VoS;4+uO>vXP6Vh3oKTzfRwT$HwXRg8XjC=8BJK7Nd5GAk
ztX)RzS1Wv7YSku3ozMmo<b|#10tmK7t8xReh^r}oi~AY;TmRA(<-Qt;Bg;CY#VoV)
zFRGcs$TV%b>Kz5v%<No2OVcUFT&3t-aI6&09n}2mg&NPY7)kn718F;SQNi`Qc5wx7
zSb}b*j*9mAB>RFO8=L4a!TPm0j_?j~iuX}|)b;Y<)#6I%`k>`}SPdV!{b(G0j{BOC
z^LqZrMb&KW7KUAl`_Vdy=3E{9rU?}YUO(s+%G^ms!QY*dyy6`l^D=F6hRHopK;9KM
z!x5;>?g#y#MD3Eqh&2+!Ss26Fh5T5d?h%c{p$@~*!u6U+-G%=(#EHF{#f{B~zV+JF
zX;j_KP2HJ-)<Puyp$_$-z|GcRZEuiK<0QT7EJOMNgN*|InGD3O0^_p=<354I&zqep
zP07{h<^@F`!^tljF86x+sQOEu+nAE;V)z?Ssru($#;-Vs69?)K=iC>Nx(cMa&rwET
zFXM}ILFY<6YGplNX4vz^ZiheGC*W52sUG~Z9z^ob0=8BZ-=AApJB+;Xo11z_kGq?n
zdWi75=ZsoVp9UC1MyLPwfKQB2`3-QG4jvL!FTbv9)9RrQ<A)gT;QIc|)8+jhs_(gK
zK*D5z?xKGrpiAMff7@yJ7(YiuWJaW%LG5!y5^Y3BbwX~N-(H~VWN^9!vN)k$j-VMb
zW9$AwPiMv<y#r)2U;@c-gB!oEPO*v`pX)Gj@|p2Z@1HI1e|j1(1;`Wpnel9G5zn2z
zXg1If8;KcNFskoS-SX4@ui*jrMCpjqv&^KyH>rt@B$iE-0e8p(`GllSCSbPYeO07>
zO*bSglx+<(eGgAz&V)lZZ!5=S`7AWFsC3Z`KHH77w=7Jm^`wprhOTrB!MO}j%>=+E
z7S3j-$NPmhDp11aFgaoh-ex#fRt`rOI#E{k02jBYD@xW(Vh<M1{AOStG*|uO?o1SA
z@*|5aE6-dr6e26{?&G0&3PH0oA14z(@DY8JRRHlxX>E(WkBN`}wOJ6HO%#evSkRTL
zSxpqYaZ#>CT(^-^^hq>*3--1F^vYS>utiGLNy3&*`14M<k8!EeSt`Co7STyM8~DTw
z&NA12C)3=*-PfX!|3_|$jRC5mE$5CRxP|YwMcLzz;^z}}fT;|)s{$drTJ|3mT6O_b
z7C~MYS;<z7+dDPYXP)NUAZHg1M|SPU2F?6dzEB6o#YffjR$Wqdow3%VC@oc5*5z(?
zgX9*yQzeim_BH$pzh!o1Og95e0HnvWL9z7a8@sX}zS1KcPrMs;I@1@dyAbXRDCG;Z
zwt^v)5DgfBo%2zjmBn1s(c1FC+7xg@0<ch=xUG=4yewx1CzPjrq?LUkNpAo>bs+V4
zBFKMnD3%}%ZgPNYvkCZPtBbTr)PFnd-ZIaGL2zcL<<4=)VdLR?W6|blntFfs!Qp7z
z<`Mq7SN7sG<>;)6v<V&P&DwU$)rK3);fhKZL*L|9?d)`U=NHak>&ofx$Z3Ad>6Ok2
zpWg;rivU)^`4<kv$A!Z*fXr8PJ4~q!JpP5_lrsPb@OONLeB}%`e6z7_4=iR1LRIpn
zY>#B*+HCjeUID~Naf!FJvgmS!xo`$F-v)eg#xXK^E_y~>zD59(-!?MZ6Y5_#TmhDr
zbf+v4(T{b@axF2BT#m0VVV0iZs$Ox7+-l7n@o#FNrWxa9aeBCK35eW2)m(e>kF@HX
zF|S<NmyKzR)Sfd@LQtB{>2Dd?o{608?d@-OtsVK`kJ)f_G0KYs%xl!3*fhd12&rjU
zL5;b)+=+;RiH0%eobUODJO#KJ9>gDIrdlB|oh=_4yMNM)t7n2ldH$w%<ZVvkRg;zV
zdB>>!;dH`u!v0uMp7Ri2n?uNi5ag*keNR;F{OKgD!R%s%>a@bg$_QStpw6f`?QFjN
zsFiG}-|eWX=P7CLY;^o=RBVf9&cH<POy5*DBIhY4?5tf>>;j4Au9EyHDUXy9fk<=t
zbQE;@Gxu3a$}4-loCD-iZ1Cv<_lX<s;y>W65%fw~^f5=3;+<&fLlkd~e{Y524Il0j
zp!NMqdx^#Us=oXj!iDZH{umBNA7G?aG4|!r<c=@qg9zyU2;nP%>t0Ol{!fM+YvUda
z=9(I7`tRL(IGNin+lxSeVy5~?=h}C2vul?0+a@|f{<&MZzq=KRAK-I9f#D|v7@J|`
zUwy0_1FA6y`>AB`fI#pqms73a@`u~`t+w^V`#`4`cWsfXus;Lw1fW2`GDbm;_)Fry
zR#W)08hSRnzE@3Co%nqmw($=z1zcX-)~jDn?)d-7cK%Z|$?cuovlP%ggf5OxiX+Fu
zdHx)c`2eZ#IInI4+v5kv;=bhV1(8a!#C<!YY@hC$Uy^tms2>Go{04{n(PjNfhtkf;
zpGUTj9zwMLNBagwCgjc(0HWl7iR)zz(QlpL_xH2s`Rzy6_74Hn8vs1uF8s5m8bvqJ
zyB?|sjHwUIZ0tj@&r(wGGW*x_RBxAN?}8QZ#n#h*w=2A!PY48w>P~1N2pkTFFC)QN
zG#rswB84l_L_8V<%WSDV(Nr>?P&f>YJIPEsnNqpze*!QL&+$~blK*8(moH()JUM`7
zfCLL}D#*EDKmY~-fCd!`^x#062mm0U*)yn2r%$0~1YnVBRjXIAGAz1PA;E+QyMFcR
zHS7VfWzCY!x|VI*i5R2Cl{=SiUAuSj<`ucL=gpfq7bsYOz~@lIL<a(0s+1{Ey^rNi
zbvv1I<+NKRqt%S?tk{K@wPMa}nRIE1a3QBwy_$7v*Qu8R{TpBb?b<zm9u~?VF=5`Z
zo4yt<a<pmV#~*ffsGRv!wV%OuR*syyan!@HXV<=+J6_<k124GUShr9B0RRY4FOYn9
z?ZvCdCp|rM@#fOUMt`m!zI^{yuX9hp0SPQnK)!+!05HME%hIU4rqEMwz4IJ1(6#>l
z%MdI2JZosW5BckAw4yXD5kL!3Oi{%Z=>jeQ0ciV6yZ~s*?Lnf}BWyR2L@SC#mM}C?
z$RUX=61f0>Oj5}unPk94pm0J!yasO!D!ub0gz=*uw`$U)AdL)D%rVJ?2uUx|OjFI_
zo>V}A0T3XJu$qPv2t7Nkd@;+AxD;qj;>rwE&_TmI^Up&OO*AS5t88?)ECm>;&n^)K
zlh8{s&D1SJ746j1PfdFAFwq>Xup}Qh;xbK3H660Y4O`8WQ&4HG|Fu>+&zqD&3L8yn
zAmUX0k=0mB?2{@Ei4}8JTbXV4&&GH)kJM7}3f913ll||$5kC`=EE2PI)!A{$Ef>We
z3B)$s>Ohoizs$~hcU=va{ZrR_@ikZ9ePOZ|J9X!^PA$zYi+A9H4-WXadW9`&%7-D2
zSmKEx9w>o}FJ_qEjXCB~wBZ0&*s^v-M9bj(LKgWdjR$m?;+J8D*<y@orkUlAan4yI
ze;-R(<xRQluwbD<8~SI{ZocrKn3--`;)80ATI!^Au3Bewt35hH(UJ?XWTTPQdc&6S
zE!*sw0gzg4wW+q+?W(bk%4f0ZuG`E40dQ0Az4`9j@4pqu`&*#E0~cKIjMq-w=C>Jd
z{8XM-n%nNl?QUDOyaCT#bG{81EpWsYSKM;PNzeISl_aNJb&*Gh4D-!l&s^}nXHPo;
z+e2Tw_0oC2deSdbUtM@&ch~Fn*pc6RcFqUK9rxU)?p^xnf$dY$;k$+}?B)F1p6=p}
zPhNbzmsh@djGu?TX7H(R-}ksX3VvO1369A7%I-g!{k)DJKX$_j*Sy1lPJL0^pZgGK
zHGd^+a$MO=w-DB?lX>VqpqXIh&gH-H0g!_Oyj=mKmp~DYkWa=E9%oQyvTv=BX!0tW
z(ZZ6y`K9P}0N~3FafrjB@C9?_BVPc~2SNjq|B#49+)~ggmqPwH@P#N$OA}qVEe8JV
zfczt04s}?70@x6Xxf(zZ3CB4g5>SX4GvXOZ_bXo^k%}vX&J^+UM1r`mEESX?@mN$t
zEbftqS6oUD`{$<G1+k3iL!+YLr$#mQtBRFcB<j2c!EoVci7Mol8|{-qf_Y7U!qQ;!
zI)|Ch5weiCJESA8bC8|+2`Y~?9i@C_CKJl)V3e%o1z$+PfmN`6^J--HK8ZXI7H*KF
zEaWdwDI8aNM3JnN3M{b(%Z|bCOUGg(_OMwRWL7Jf!Yo_>n>R`_mT{ZOY|S#`$I3;n
zQ=QJ_O*_lErriZ^QrWa;R^n-w^p#R{|7jD*?fz*y=ke2&=3JFKj|dlbV&<8tglFT5
zCqG?s?Vc62-;(x8(5d;8qW}e6MhlovgQn(@s%+><QJPMNDiom#?AMWIY0+%9R7HX8
zChfra&6$0WpCTQp>pr$hmaf#K?_6m^X^J!UNz|IJlIiNsB+c&F^rp(osQ?Gs)1Pj2
zUk79=KCk&y)}gMb=d7yiuG%?cl9Q`#C07-{3N)vRb&{<_l|BV|HeCf!r)nLi5Pj-a
z!EUFKah*?0={l&uA~mUz6C^+#CXhHy7NqOrs{o0)R=^IHv$QH~tHPRCBQ5rEWtG%p
zMY90R<gRvo&Fo)6NZQWMb~V2=GOV_ACED)Q^sZ7t?Y*GaTFmaWvcaXTfT-D$#*VO@
zw>1&IbW54#HcYSgx@-rtT1wgf9`__gHErako4|Zd(U-Z6?y)K*Nb~7cjJ3nAW@F1;
z?tC|;DP^cpo7vmbnXX#oZDT#p`;|n2k$lx{Z(3i=Q|-!ks`oXjP$A4rXD&3t53VoA
zwu{sgLbswBcAa_)%wDUyx3AefCWF&OVOKhMq0pT0i#>d;>@e|rdTpSm09jowUAM&W
z4JnFe+~QPWWV-pSuu3b8&aPTWl69-@3~>zNyo&gTB*v<b)fZzRCseAvWh{*0Syl>P
zcw<_QNs}q3W9LrB%vKDeltC#**IpU6Ki)D8!z<V}$A!ile)4nireu;37|!0b>YV+m
z;1l0D(1NDzo_prsB&ylP#ub5d_2^5SLRS@#h&J(N869dGj!V*XrSz#$ooee1ddjLE
z9HJ9k+{9g4)U`g9zDgb7s)X6qy{@jN-+b0E4mZ)VHXyBSoowQ~vd_BiT9P2gqfOtm
z)5QMttd-5IJWmhVc|<i^%!b=0N%d6I?q;>$Tj%v<o82--v4fw|Yc*|K+QB|6x_hi{
zGqyX(s&prqz02aEdO4^r<@c5eEo^+#S<&l0c#t{rZ`4S9l|!!hJ1u^3jl=EXKu-9*
z^Xh5%cK^HM2&MQlGmdeMw=?A`-}u!!{%&&zbK#*RBgtd#a+I&!p&Nhk&VjCTq4PKA
z+|6;XLvC$>?z`yk2~fdLuJfNu{ps-Lc++P~Rbj&#Y5>K0@914FoPXU`T32`ni8*w#
zE7j_GTssNJ{&u;yZ0_Q%``zCbcf2!s?|oOQ-=(K_z^_Q+qYFEp&so9=dkkHfri<f&
zba?P?+oX<GTAnTc_`!?tp~@A!=M&G&BS$sKWS+~!CC?+%e+hUjGcu6$iTQsUZ}Z|M
zGED{UZ+PcEzXA8MQ14psFQ-1<z!E*<k-XxhqDuFE>e8>2KX3~tvZR#{KE(xX{o5BF
zssGdez3+i<;ff1+$j)be=3!rZ_mSJ=ERA^8gRb)Szd!zu^Lfu(PEt(MKcPtW{`UFr
z^<MA)P73-uPXJj?{yOi$C<UFGi2xbU{D#W(RO|pPZ~`R^1I3Te)NlPXaQG7N<#^5d
z_>botPvBZ^{#b)yst@_z4+9-d0#RxJ5wPlD@B$?a0yl5~%kKqeu>Ee(P@2#GYB2nK
za0k&ZayqbmxUc?15dPFI{!}oXa**dz5DIIn|AelwmWc+{$p?*0`*=eK6$t_j5XPjU
z03QklG4A)Kj|{)C2%m1}$`B6mi^%FP4974E`(+8K2MB?WonBDCTui0J%nk2Q5DcG?
z+<Jzr{IFI&?-Bnc(Iu!R5+~6qEb$UGk@YrlnmX|ll_V2Ev06s46i3Yz%|#SZ5foi-
z`I1n%G7t|Fao||+74eMtO6vn7PqtKX6%on(C=vhWZP`|D18=SMj&Kj_>t;d_Z;<iy
z7SLCY>@IrI7aa)`s}Xg$Oqzxe2~iL7cE%f{%KX-d-g?g%KZe(4(dAsM=akGxbT9n4
z?+^=50(b8mZE;Jiv2>vB9vcuCzbp`Y4<P*!5kbZU&CuV#FdF$}8u6<KZ4m(Z@C*}@
z7O74aD-y!~aU9h!2!GHc6|f^CEDRY^8uyXgP_G2%F9f4bCGl?xTavI4k_Rc0%#tvu
zj_M-^EzG;B=Ll)i710n5bMhSlun05K7*Vb!Gm;0j@gyAw1ygP%36fKwk`A#jCf@`3
zB=Y|>unx~q2nUfJbJD(m@Ef@>4j1qokEr}^Pa|ir4Zn*b<FWgKa?B=BF2yeanbIVk
zGVg>DCgG1IU-B;p(<SpSD-Tlt=&lDNZ5*?a6Z_I_`jH#&s~Owz`UH~@4|B$p>2i>(
z3vto&9CN@TlL==fG(E92LFF-3Q<+YaHD$6jaZEO8Q=e)Rk#7GpH|2(~P?H1wulT@=
zk#w=U9Fp&J^El6JzML)t?P~HOsyF$trjWB)rY;!m${>evEtL^26VblLj}{f`;y6+n
z$<ZpiGbxAj4J|G$nbSN~ulmaKA?tGL%F_#h5zLS>3#YT}3adX~u2L9}sMyc>1ad14
zk;@7c9m`TF*|Hw>us!!O4apKDjglzSQU;ImHDGf;F|9fQ?n4325aCn%(s3+jvBgHv
z!<J>tD6k2OlQAI_5MlJf956H6Ge*<X26gf%nX)D;kV2tTCN`8qwbMOAGUHm(6^j(;
zs*@ebb3C^Y3uzBQ2hj~3bNhf&2&0dv?(jfqwE4`k1aI|}zI^ZbjtWG{F9Pq9L<8|5
zHIzu@NlV2OCxvk$ug@^0ur1@WDnT&AhV)tplz(t9NM{pH4+=?B(oV0?{-V?h*E1X~
zGg1H3GtG%mTW>-0&QRy=PMNe2?{84)@eqx0LJL$<6I3xZ71~mDRgaHV3C~qwbvt9#
z-DWjasj?ZN4ODwFRbG@=$E{bH<WFn0)^2s;#?4X>&r;7xSO;xbZB_B4G9dHvJEhfQ
zK2jp>5l4$MD7{Z4*Rw5Ubxw~|KC@L2>2oU;ktg#p^qdt=YcWNU68aJ}AH`5jTht?2
zbW6pt?UoS-?UgGTG%s;5LZ_--qYafR88iBBR6(UwBL}u5my%ma(m+9TG)MAbL2?@H
zat-~pU=5Z?5jHNrlJpLg5J$5_Sq@YgYBIajUiB67%Ct>UHcUr#WQ`CW0~Rqqc0UD=
zSr5)<cUHcDb~=YPXdlgJJr-$o)7O}`X`S|Ip*Cuzc4~!BX|48Zu{LY9c5At|YrXbs
h!8UBgc5KPEY|Zv;(Kc<>c5T_VZQb^5`!XN^06S-}R*3)r

literal 0
HcmV?d00001

diff --git a/www/favicon.ico b/www/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..9f6f30e4c6de09f2e93be5e3cbde8a97850b1989
GIT binary patch
literal 22486
zcmeHu30zf2nr~sceZHA_-90^TmN&28Jk8Qcr;~KLlTO^lBt}i5G10h0RE&xU3Kv;K
z5JYwq1!TJ*!ezg*URf{uWl>gTQ2|8(#Rd0WP}KkX*TEZUC+SY+b-$VSn-qMv>YP)j
z>Z`BnRMo$}?-RmAj23UcDHx9t+MftvA%qw^_Q~}aA%5~xA%6C=;cLqu3sLZo;z|Co
zLi>^s|MI_#`FYKJ2j4U1A1f?>B!ta;AzopbtU{QRWIZx?{FM?7|Cl^Y0}vh_9=zef
zSosyby}jgVtk7sQ!ra_kco=wX&a{Vyl{4#DbD=R9gsG-in3Lqq-d<DDt1)NVoL3}M
z59ap}rhI3thk^MF!h@vgg)sCo_7K8gknfFUUe@JdDhwKyVKC=CmO~ml)?ApH@|u}@
z4Sb>3gZD`0B%u*xK$x0q$fJh5YsfF_A+H*ep|@8I4h{-uXJ_H>?=SlM`$b({o#^cB
z6k4rT==FM`R;$Gz+pkhN3tjJ^Xt^;cH2ON0rxhBlPSmw@l9zs=>l|dhK><>5u%2c2
z3q${)P&unuzDjto{9v^|%h9qftqAtl@tWmpTZG=wA`G3qthZO_T4Y%_gueHNs3U1v
zuAb!>SZ^oES;ewE{Dpt8KV!8}S!!4g+c!%qoXL~QQY$>1wL-0t{4vdX{8^7irx*Tg
zd$88Pb{T{^xK5~bEkaw@!ZwpyT7=HfDRgz6LNAH!GLTv*3x9nt^Yscn`Ku$T4gI2p
z?dznxdP#cnTh~vXTgWSAR7Za6$ZIc2rLrVH&Xj|PaQ5&Jv&Q=iOUq!UgDHn#VYyf>
zELCdCOii8`Q{EblTFiP=BP`ixmTaHOSwk6W*cT)X+iI#6mTa&2Vz!rLDcenQmTmW^
zeARq5OUL)vcD7$FNkh`=gjS~$ix=zpo}Tj33lEZ|C1pdhR5A9@vu_x)57m-nA8GVL
zOHykoN0OGLraX0$^z3VrzrTUc3@o29<*PSP)|xuXo20AbI3{sysr4;<PPvnGl)Ii}
zAO-6?`K*)Ul4FnZZ=vk99HT9icPGcGu8!l0W265@ztB+L2FkmI)Gz7A4UQYio@1qx
z<M{@ut{)sP5Ez88bT$|NBrL_)F_vQ9JWFA2Y00*doJr;?jv1AhWy(IXbmsVyedWxt
zMe=tRKZHLn0h9kXVf^^<tVq&#3ga)19zALN)k%}CD({($AAj|t5{56IDT9TNKAbmg
z^5nylr%d9-_(`L?Cm){1Fxf@9A@e_dbNt0glSa2qH8qWno;rCn(=OAdnnq8Q!NPRR
z;VF|QU6eV<!9|7XtD`4Ro-(Cv%)|*3Oxs*0GxNkz6DCY}k73?~3DHxhO>3JxEpO`7
zytXM9CC{T>rjD6*c-qv7t5;7PGiHy>{N6kn<nMbEMzI=;iK9l1vY0w~()iJnr`1li
z_}tcI%*6M`L{AtsO6Cm?mW9g@9L#$7N_2Fz>6lvP@18nw;+hGgX8HwrxB0mwu37!r
zy!Upmed`O|oH>T7DnsI$;Lj#Z9K(jYOqnue^u_VrWBB%j;CY`P4qCNp>wEVn+#h;t
zPV?f$i#KgL>FT=0&D(S^Ji2z)@maInyl4B5A3tU4gn7FUga!xS%~=(+bkvag!Gd4>
zV$;d4cY4gsmM!aBabb$uYEIJ<*S<ctS>636CV5Grp)=bv*G5K!yIuLxGVE4Z^Dj2N
z^Nx?tj*rfrI~O?D%vYP$v%<Hp&wJ~vNgtb-*yOCUnYE<yiw%~kR@p_duisWJ{>7#f
z+y2&P$GLOn<{zE$@hvV}(zq`2a~sFQM?A)lUovxJr~8-fUo0#w*6X#&v0?VD+nD`t
zFMV|G{Xp}}@A&w(RZX}b9K3qM#ON{8rd;ee)al;g>^fu797AJS>4r2-OY636+k7r9
zJNN#lfggReWBI!k>fO;15uZPvFk#f5+U{dB+Gljk=-9Y1*Df<-{elJMGrCUr_?-L5
z{QXZqUHQ@b0q3_qNC{7f3y&CMI)CEC=sf2|b}E&f!=mb3)q(}7v0)9ao@SKH`|r#A
z@4vr%dt+E^vQ<h-_<_Td>!*&%TeKl<!G|Ayn7tr7`@^hcE35KjW?p8?mIto<^xCzZ
zUoBrTw{3rMu|7H0Dk@^_%+XV(G^^6JR>{n0#T7igbpH}}_qhSfmVf%y2iJFfu=D&}
zzh1|tw--C<v*J?KZ#mAs>gn04T5oM_t+g(;E}hd*`r+a)y_PRuzEbAjwS2B`Vs!2C
z%{5ClH#wCS?0YM6_Nh~zo+ppmXQ=FE9Gc;<FF&^E%MVs8|MY`ZAME;I``lGccSc3$
zxpYsSW|}x{N!fyknFkNeICko!!_hALR_6|fqWpqVw_`15wtw)!2djJs?Jh1HoIt^w
zMvvNU(RTJ?|K`y#F){0sGAw7fo3*yusY>$GDqI`7%$R>w&{}o&)~2C}A##xK4xc(&
znGNR8x0oMeS+FqoV2izdc2R0+d-LL+xhpPQ@SDBvix1nEY=|BcZECtVA@yy3z~etL
z0W2&m5(+oO$4C9Hq`)fu?egYRbLXz`_4b%vXQL@~b&Aido7^_7G;87TByscRz`Rir
zsg!VXY^+sr*`k({US3~%&%VkTp(*~uhQ-AnsxqQ1vy$H)&Tm16a8I35tSu-^U-(5v
z&QG14J7)EdpFW+>{VRW0=+sbHP*9M(e)e#F{(gLR^2~5`>06d>g-66B+2lE%zWT|>
z%ztD2C#Qd^Td=-i!+Lf2tgo}n#KlQVXWA^C<TBdBqkGDTnTbrfR5mSfbe#RK=1NM7
zpU<=5#`N(QmrnY`#N-o_F-(`U-IFk4-jk0%=I!b7kumRgh(DhG9WwoUW%=W)+Ye8P
zeI)$hzW%$#KS=D4OW?c8(U?!-)UhN}($_fkN4ziw6JtW@Bko&?1G!%wiA^O|l(<sj
zMj_0Hai^x2dw-!|%CV*rSMp*kpOGY<RB)v5AkOpn8b6v7KlY9_C|Fg&wjR9-zV$Ht
zA(oWb(TF7_u9O&3Vo8Y$CAO4!N#Z++8U2HUiILRABNCrTJW;1$DTy^Dew29Ah${!V
zmzVo_1&=<#m6qn*v$M_4&cSTEn&qj7ag$0T7E6pYkN8NE5hF3yXtcyBTH=>soMg_r
zoy~Q`LBym_Fp|VQ8e$%edKfe6h-nOU65G@fC)N=I5xWq>NbDl<qr@)~yJ(1A6#T+=
z2J0!8C%93;x9k^*V<g5kbPi+3PU06W+iJwP5;xWnw^*vo$&aOiA0<waxcAMU5t|U7
zNQ~kv@d;`1Jda^)Nqp%~Ir#f~i1GjA&v*TaXZ$G_67jMJ`$1x6e`0Wn!_8+Adzw>b
zl-s;l)MDN&%1vTXb2al*jwBC>M<r?0#DF9%pU)%yTueMlT<Y&n3Vw=9wOZm;%6u{9
zt&&7+>Opy1S~5*i@TrRU)cFZc_2)T2@GxEtCT3NWG^AiH%NWo8kp1GUBag(fq+l6)
z@E-B3g6o5MPtAMmGX>i+*2%QQxTboxNiS5A=8+cb6};=OV%nK$4?X2a+)4^2Ir}qB
zlGxXo<5W2_;27}N5bKg8{*|~_o+IcD%wx&38fOFfG7u*-<~Wh(3;x8w5(le^gC!Q$
z5(oRMiF--@5)YGfBsFodMiQ~Ho}}ft(v!3tTM{R?kTmKRzC+?z3noeItRrc8UZUZc
zlV=x349ySw-!=R>*6(r8z53#dFOC~$Vlr+V6H4l7xxDw%3k<Ky#49iS_{Tqf;g#pc
zJqgS<ZuLvAc12A7<&u}GULN)Q<jIp=CO`jj)hn;e`SA-~&y9O-#Y-<lESWRvm!sa`
zLnkK}1}DeopC9$hU;gq9mif}lzkL4r#p{-@`}p}O&c1syfAy;cUwjea?E1zlFTJ$-
z)fdOT^oGlO(;VNhnGiSC{Wrb$SFW_Owq9?O6Zpk)?kCrcGnxN}|L@ADdzY>+-t2W@
zVC5RC*KKWo{hHZ93yTL>!RIFoOD+3~8{T|#hSvw?<^z9YWo!Gom6gS@H=dt7>g5+!
zkGruHk01YbK}Tz$_Ne)qHP)}c{rlHnf9-cWO-=ngpC9$|OJ6QJ+J5%8pO<J8_gq_L
zZT-6K?|=XH+i#@@MJI%O{K}k{UntYg`tZZgKASanX4=qN>tCyWZ@=;Puf27>sJk|A
z_isLa?zxp$3T7wG{3u2Lt3#J8Uwchu|IRxb-&$O`eA%+g&2PS+wff<zRbQPsdiu*-
zO$R=;u>SQs@4Pei(YmS6|9HtO>X%nMD4QP{nfrO^s+IQ_HGbM`c8||(rhj0uYt-|j
z+`Qvnr0}-~?3g|;yW&X8r?VFhTD|qwx(&KivxVXDb3U2XV=`g9iG#!Bt#7^=96Yza
zZPCiLmg`<LS(njx_f+Yx3Tt{~A1_(brT)##d9!0eW2=9G4dY~o{<h%M$^04bv-sh#
zVa4&At8cGf@#;8vJ#qZIFP`iB-MQz6ADT>h5|51DeQ_N3vR~hM*JRwp36q{?95>Nq
z0yF$M!oTas$I6HI3r~Ol()>KFX*ebKDLiUd_A17Gis^{Gi5QXQ8{*NUN8-VQhvMPT
zBQZ4ePz*g}n)e<*ek>k80`EOyp2y-5uko1cJ|2q8SFVT)m(Gcb@@A2|r&<)`)ryL`
zdePp~qnu+u#v@VJcv5KM>xCxfptx}UD(e^$TYMeF7H=0}`&FD+yH+b!EYu3mZ8<_y
z)+U;IFNsUnuZj4?GU2gBFMNH|h0WSHu_v@v?9DF_Q8^_dD6T@pmeh;wdn<*_szQ;H
z+aU~RZ;R%O*F?;|8ljHL5J4e+B0hDmh}EQtj`nk+@o<L-ORg20HsuMc6=}lWI$bzf
zWeLCSrK0r21yOSDj%c{~NE{x3C~7_?5~7Pl)b=Lf;jmu>_-Bf;%4!jlRw3fJHtfwh
zAa;i33yY;G!o@X5#2)AtF$XV;obCZp&^sXXr*4RCj;UhVyzRo(B|yZ)M2bT49vPP)
z;<Iu@_#U0u=A10Tg6qV`lXeInO_K=DJttC|?~07>AyM9SN5n<ch=jC!5uctTs_UA>
z-Me>%E;~zjdHD!;4^L58T_eis8-$gGov>ATiS1!oB6M$wh)b_#yZ4KYR$E1iHdmC_
z91?BqC&V4T-`(9U4jecr_U%g(Zd=^M{{7h^DM=&T-L?pO)ka}wV=J7UoJ2xmoXFv`
zl;lKVs3;e=Z{HT}?d{^^$&=#Nty|*i)vKcGWS6pcyl~+H#|Xqjju+>NKUc`WvGx8$
zGx6#BUx*oV7l^Ub=ZdlOXNU!}=Zg7e)5RPaFZf(6`1Et}hSf^3lH>HoyFXV*j@eI0
z(?~MBLHb^0nQ`13ej<(@|A~0`J>DJ9ypu@svyk78tkZUtqgZ3(AjYn=A^&TH!#W#b
zPyRQ^*kPk^u-zzB%=>@CtLe{vE+ozS9(78YO=f<o*_1Gvzw(|pnK$zCI`4g#HVl{W
z?Z0D2$=O)>8MAxTm@y_M0o!*3n(W*a6dYn=GG>em&m7&idTjIb^7ird^S82Izrn^<
zWw+7Z!O>}x^X7k8%EPf0<}1HiwR(*Oml>;%KbbT4(|MnLK7YX%3l}Y3^5vw-Q>IQc
zo&MhYAI$i0=B(Kt{ra`n-}ud&zx~}?Z~y+CcgIhd_`m+;e~%sa{0lF>^vjoD`PHi?
zCO`ez-~RmX{`=qmgULVs)BpJA|2gUx#<k*a{+r29BtN4@J@=y@kNz)XOve1^zy8%<
zo5=3`qhT0J|IsYp_|W*C94l{<%t<C<EPsXYcu9$V`1wHsKS<yQ3H*nUfN_7w{hTpL
zfb;kp$(X_T+<5(LY<&KwV)>rT^K3BQGse$8fA-p#PsYadH{~%t|4YZRZX+Kf>oVSd
z_TI?*+;1!I%6MpK2>0*bSBU$lKe#_K-^jEqTV5OQjjZdN?mhe5n8z58d_FQQd6vO=
zZ)AR%mV9$Rh@PGvoH}(1JZHq6J9of6BQ9OKgv*yNE9rap?kRcYJH{Z}D&MEg3%IYu
z_3PJh?b<b^JQ+*6dGjXZyAK{bfKfI^USurG8_ARL*|Ya$og?!}nM;zqO1{g>%aNU(
zjUv4s_4W0rud72vMFnaO9KeYaCqQjAxCd9>k?+a0yeHp1a^whVYinUJ7*JYTs!&Nu
zi4xb;)S$V!1zlZTN`7NoWEms*k!d4OvYkf$zbTe7lXAIo<%%NXUh+`Mx|5QV5w2E)
z=er0E4Mj*u2+~uvXliIc&*{^+c;&LvAF{6w9XbS_0V5?P1yNB^2o4TLU|=A4K8%2X
z0QmWleEqO%*G@!6Mj$aUQIV09#rgB+m9`lBNAf}CFix`$o^_+IuTSAi@+kXuWP4;A
z<=Bw<8pu~eV<S#<bfAmnR#8@Q@fz0a3)(=z)zuYy*cREg!!0d1z&<G~EJSK*DtU@j
zc-^vP3pQ=q1V=|lI5;?B<Hn5&*>7}&o!v&*JJ|ENBeuA1QQDZEp02dJxVRXVm6eeF
zQ&d!h%*;%rrKMrtzJ18b%0g9D6^<W2u8c(^&vGmi@8Im&vuJ5<Mh44@i`|R7!UB|W
z{FJgxE&ITq@^i4aSIB>R0Agcfk(iKxh|n;~)er9O?%3?SnLIlwygHCadwcS2uY$_X
zma(0}yUI?b+_QJEQ}S)1OuW3jzV4%)J9n~wb}84}wt0fO26%aUVJGiN8P(R-Dg4TB
zNA@{w$&jC)kKDXGXvzD|;2`GrM?wn62*+qbQWAW9{Gd|VBcADy-MiuF;)-qF-q`9!
zIXgN)MfuuE{>YP!Y6EO+Z5eNbjg15BRj$}*<BW~A&ahk0{;=Hyds|0rSZ@tmTN^kz
zFpoWnv6Is#Y$d+|0saWy6@<{;AqeGoRfk6+DLxT-Ik{+RYQzQ3Cvv>YZ!9AtL&@*w
zza3jWec-Uk0bATWk(io^<7Y3R@9sU+A3uqb$_BKb?MKbw7DPlQz{@j`JgMO1sNxv0
zB`+J{=;Q&9tx@pwjEAp(8UnWOM_5P+c_=_+coCBJ79b_I7;!QA2#-!;`+Z?=vmTD@
zE6KaBuQxRDdpTd^qptQKT3Zg2nsM~#F?4peqpRmQ&YbO4#*gH`t*uS@hUA#`*t!k=
zK7nxFL^*Aw4B78)e*Vx^RHOIC0J^T+LD%&=sA@S1m8~6A8*Jh1v>7TZ6>P0G!NW5a
zp}UI7S1tCWG((-*ggxoa*qhmcJ-TKjlyo4crVH5y(t#7mZ|Fip%X!4aM8Rq$$ED?V
z><SD+ZcYvwnvSBXu?+_f9Yf=h6DU1+6pcrFaq8?P^qs#<*$?7A$IsEDM>(calyB08
z<I>J$E0WXnaB}y9o$UtLZP<WStE~}}kcH#@_i*M0-|0Bb@6H=m7F%I9KL9f)yTaNo
z0WJ|$@QkiORBkikN;{w~?0}}Y8(EcSk#qPevRbboqvHy4j$A`^`*j>Vc?Hequc7@!
z7c4&w#EO|2*d0=g?EGrz%R7-<ejMd>eW*U%kK)=6)U|e_x%DLHpldv;8eSvPbvcNR
zi-)tjheEMh9kR*}!7nTwp6-$G_6&yGmLS;L>_&cFCr%9BLsiFd*jvS6`mg=*&!g61
z<^+EP#y7$xtOlXF79>@i!rrQrP?uf6p7OKMAGw3<uDjUNauc!5H?Ws+@yS7yAMZ!z
zvGX|GeFl#6_F?U`V(9Yv&~W@RTDz{o&~y&fZGAY<ei~J6?5krZaQ5N_3_Tk9dd&-u
z)nZR#CIZ7^5fz_?x|ZYEUw#-7d-D<Kn*pD#`}oZzV$~uo7R`*uCZ|eRt}nsN-^Jq9
zG28Gjf4v%R9{UlJ(E?9RGs1F?Ah@6dZt-W~xcfZ9i_RkN$bG~dy^V-t_pq=19+KJz
zk=Jz(x`X}D)Lg}(-hS-dn1@KuDio9-LSlLuc8A5oZ$~Ix`AvqUCLzC|9K~f-DC0NL
z+<p{;_Xd=8EvK>`G3j}T*A;^{hA3<~hSH;bNH1)LAHTmK?_BJ5D#8v+J-oikhu5+K
z*nF0WMbne<*_(SX>s@aI#u>0Py9EK6UD%y}0{(fuu-tVV8~sjUf6F~&9UDY!=OFf<
z89?!=0i?7KprC62Nd*@XQF;Z3&iA7%zmfAxE}UI9aqi+cwzuNkumO&o$F?{*A%OGe
zZmxxKoUe<xmY+Cr9M`U2Lsm80TTljlV=GEp+mX}If{X)4kyCjTNreZnE2;<~yYvW;
z%tuUe8T%w3e%tclvS}YSm?y!)G66eNYq3+;3g5zR1eKn~j*?!49XJmi$4ze6EhHYj
ziTyqIQQ1F$vfcsg@4S!P_Pfxx-9v6Szk{AWL<i-=VqpXv?Kl>9s^RFm1NK{Yz@2NR
zhnoxMCKt|e&e+B|CY<X{Zf*fuTaQ3f#CajF5!#|w#1}Rq%g~JY;(BBstOs>yh$V&d
zo7fSZ1Mko*xcjHW#yW%RP6kvq``{m1h}ir(?BTZ>T-gnE^*O}W^ds@`HDnyWhvd#X
z$m||K<%NeRzjz<|vjc3?Aad9b1zp!*;9OF6r~{u*+k!Qp#>2)k2rkZvur?>H4T0;n
zK*Yy$Y{#e(ygLZneSNT<b7DwvD6%rMk$$ilJ7Wvs7hVYW5FOkDbK${xdUr}0cI_$T
z*vm(lHV0b+_QQ@cw^eDeX32hhG${eICxvs}C`Ec%J2L7yR*qakR?9`?wp~UJjZ!mD
z-9yHiLFAsfhsyI0P<?R-CFk#AKhwItdnl#s>o43wYH}4mea#>9-_T<5q!^gZ+5?N(
z=~(k|BG$1zDXB#$GgP3io_j~`|5CXZh>eTozA_6zQF(B4p-fk5;jlr6)n930wk!=R
zmZidBa~{^Nr<^zCz;SCfR;)<D(ogd7`THqYK3j|BbD|Nzbt%50g=3`$dO4r8p5wQ9
z4f->;NrNcrA41vX2dKaF5C=(hmj_UObqGc0ZlS8@I;wjwqP(;gYVT}#+v*TtSB|ag
z3^02;3tzmH4YN-)*kBU|JEvf{dxaw*IU6TW_M)Tnm_p(4Rq*o5g7dl*s21+S>W|3V
z)Kn~=oC32C7=N@6%P0pcKC}Hi4K@q*VavKq1iR%!y(0(us#X-Vb)x79_u8i}BLCPG
z>_2`Dg?+bCe&s$4*N1TE_G28o{s?uq9-(!B?O+=!`^bAwKRT{n#u3hs`8hS%pI(Ld
z=n8(vt%%y$2=CQZSW9`WSr(6F3*xbG?ryky#38?k>*<;ExOwLmw1>_kt?@L%v+J;B
zdk*Z@rNZf}bhxfagNs=j92Y0SZIu>2RvB<#oru7#xd;i;W7p0~t_!7DWtk3j@)1<F
zpFv4`A1b<Uq3F~N6!qPJ{_<T^+~692`w@<@4UJ6K-MEX=v)5thyMmV9Yf#4|VrNJ&
zGIEPhdEf|YYCAc97NeYUsjX>+E~6Il;mrtitcKm<61HU@+&q)8%_jsseHRd4cO0pQ
zPC(mmlGKBk18oQ^Y=w{3fQ>$B*t#nZ+xHY>udW_@a;p$qa1g<%6|i6*EM8QMY47fX
zwM9Ovj-AGltAiX5*HL=<25K(eL+gzp9J@6{{vV+6+FcyE`v47Buc5sAJWk#kKzdd!
zKAU3!FAsMF2ZbOjSI7NgGg{l)aj>=tc?JCTBEk@@-iw05QWTdSLZE*MY}O~i$t?o0
z$r;#_U4*@P<%lghh`5r&(AFPAe03XkCRIaS(h7CyG594^WB2}QXb&`VFVKXLcmvj$
z=W_2*jCBi(;OCTw(u$Kv%0G%7+D2qH_M`UvZ5+OS7j3s5;Lwdb=(ux_^1g({U%A0I
zG7o32-Nf#IY^++b1+JSN;p*rLAMR&EcZY&TxCjdk#ug86*g13G9JHMn#DHtJuHY)M
z=lSzDP~UKbW2g@yd&03RI)XBe!uGv;5t5>TXGjV*tkxj0unzl=b|Q;oJ1F}wLMSi4
zm=ZX8k#D<VEM1rf)rt(nhL%8=-wAi0T14zWiGm}SQFrb(T5k`cnR4&CejnWzZ^6?i
z5=$3zAMTiq>ZV@gq}0RSlJnsXVh0x&xNLTTo0~iLzHV@F-Nd=h7wguCAz7P=p6*i^
z9Jv1kVm~%QZS0KVdJ*Z59bo|ojM#zTm{9J`V`2AMK5;-cB6Mkp$SuU~v_|;Fm%}fy
z5>}3xSj#bE&To19mI7pEH6b*y0ekoLAeDQc%ClEc!|~tTe+x&i-bDMkOT?KMuroXX
z-rgx#WxfxoS?#DU?tqt53VcGNph?y!d;PGm-H41(BPLD_7ni+Q`gsz+=Q0co-2EEs
z4-HAoFZV!?INxu<)<8FS1$n|J*c1LC0dP{qz<IeIZjQ-NZQcV1&s11$jKX5GBwklw
zjaeQR&&a@Li!{y`2jLe|f$f?)r1M*<>AixAGna9I@gdGHP2D{>a`GhiT#t~cFGlDd
z&T$qAaNEXjRDTBQT{TcSXy6-_iri8?4sedIuBu02aS1$J3$WzFBJAYaBlnwM<K4%^
z@ubI(9%Gg53aoWlg>_DApmMdrR<CW`(+9$0ej41DmSMs4IJ`eK3ZI#3@Zswk%$<~s
zm9sLiO=UpDcCK;ZdDxxNfViq-ocH@s+|h@!V|{4qJcF(?=Wv7P7&6GZ@7%qE^qf*`
z+?<G&D^d~Qa{!r%{AO$$vD{3HErFSE^-jYYt4OS0$2oIm5$280MWV)_l<|o2eng%}
zh8>}P2#F%zjNFcZV1KyzI#bqbVX-s{HgmGzYt8ZgWd@wS$b+kSKDMpT#7-|A{C%~=
znEMctl!w&%YV14Mh|~jzkW<@+8seKvSFYjV1D?gm^AGYa`Imu`L+`oE*ppO(FU=yb
zd3_n8gX<CO-V8hQa;#rmj1BWkVe>^5zL=f`o7L$!!|&dBCiIv}YvWmvj7Nt198>*Q
zFXBK`17ef1uxiy#tX&$zF`h##kN^i&G<>%uz{-9noV?iP*eFCMCn7o_1<ATxWS3T>
z{nSa^;#hsiJ^B#KyHEZfkRFpB4L!sF_r1Un+D~^Qy}S}W+q1FWCKc<f*dIG8xTa)d
zqqP<*7KLNgnjL6pJ38EIw%^G2NS>8*AodG&^2&1#GbLQPc>@<NpGRlcDQNcXCmzTk
zR_npp%NJ39_y|s(Ig2A*ojAgMY|D|OINsUGGq2%uELngocep;D@yS2RN|GD{^4!1}
z28ITRtJ)ByAui4_ps>0L*#!rnFRG*5&nf*jG<1LXU5*`D#>ikS*BCz<(bw#3Svheg
zzx5}tJ$N+0+rwjFWH~Y|%aG&5SeA@=@dw$AZISJJ$o_c1{C9|DFWtUQS@od*;$^m7
z&XdFEk#e4S^!Ndbk@AqmJw2y1)=Aq3h0lkKmA+;y`&-IMVtnQN?!kQw@XTw7ZF#_Z
z4|v`sN%osDpVF5sU&h9=N4CY7HulZX!w0xKIKa8_0n1`N<oQ15#(Vtc2M6vc^*(yU
zFGi7xu|NM%9?#Yz+oIGjW66s`lq-3XeJ|&%$LtK{TFEn<Uy(HnGxBJRm4=M?G2WN4
z<n19zic}d_l=YD0SI#l~m$4*fRmwH;I-<C5P5$dverwjRA4s15ZQ)<PC&$^-Fr5Cj
z;+1-tWu$CmqeotUm$a<Un9rDg%ENHV`261ze_NT)*75(-^?wK@+z(9rAb}qw@Sjow
z!*iw4F7!{w|0#v^JsSOe<@twxJ7blaJfyMV58($1jF5obFFhN+Z4Wgv-?!x%d4FX7
zk!fR{Bjb_p8SjsLN2cX{BS!ePJjQpPEpOy|#%IPdjn^`k`g^I@m%8w4wDXWQ8s{(Y
zO!bLwU*?fPVjpSSAfHRS52NkJjT<+<wgE7fYph#&@yU<znK71FN!nQ4xPAjov=NZD
z4fJDE^z#|%88}9L<aJ_SnMc|qG&MCTy6xoT6h+^@ckf>6J7W|*xYYI2c3H78G1_0q
zShhj(C(DraNxmemlq78wq|UaMdaR?2OUp_XdkQ-{J8Y+oL`6jf&pvCR%hu7}B1+NA
zZ`$NU-HSbSy3{K%A05kK?`X&Kt<8$PLeBmi#eSizv`n!#NT5wcGTT*FR)#ZY&L}dJ
zwi7KaEs8x!iZ&HNLAz02S*6&fczRH8>>mIR+5qeb+)16KC-vC0b6|Zow(F_awxzz<
zp871_vtdl4O*huBx1!$Kfi@MJv1N-Je0;nSKsy9!XAv9}gf!YbbaZqmGLSYI5fKs8
zZ~MbV+E&o!V86Z;$If4XfqLQ=>M-}lr&7O2U6aEGY*g7&kK@PlKI+l8)21LOkNTTJ
zMDNk_Jg=Dg;5^E04;(kz!O`B4^#xJ}`KYa{Rr>63%Mlzu)kQu31qDMlvafg1u7Nhh
z2-q18=Pg@dZM_ZwyTWkn+%;Sp0-|H$uy&Ob&kVOvcOC_Qbq)4rAHiNd&(w=fA*1Fj
zGMg_Vr}Yxbk6ywto=?W9_rd(*P-qegP*vA~%En$CY&i?Vp)PcEo#z-BVE;cvT6Qk$
z3WbO7c4U{-VOIq8C0oO=-pU`IemO97^uyaL53l{5Gp4-Gv&fhR1f(89Z21Z7qE0uV
z@*;H9hefyDM8c8VDC)S05}q-pQ%A4*xR83$^VC(JL{{-(6gC{gftC&&@9Dt+&n9F@
z$krn|Rfqi*wJ1N*jrg=01bFd$&8`6UUu404X&#o$NXPI0-W%4o@z|Z$fnB;zY)d~0
zRbVgD>Te;wV*qI<?;-QVAhMcnBEIqp&yi0dF*2WR3t_*yD)uJs9$OI|8I6>TbhPn%
z8sJ$%a#1ZZ4UNzrZbx?A5oA}lAWB<|u<!z?WA)U_QIF-E1=YG__(hc<i2A_5lG6w(
z>qGLP>&QHQ2fCg?&{ve_l+^!Gw^?%L7IY<zur>?D=FNfF<Pri$H;z9aPktL);Lb6*
zCprcPYN#8?uSJN4=d>}!*b!HXh>S8s?&G<1Y7RF0Wx$sD$VGEfv20;H;<6g3N8nlX
zp$m%5Ko)iHX+6|?QEz9sa348+tiSgTbz(Q*?V5@?uZCmId<|BAoQgGHhI1Tip)V;!
zc4j*3k5<0L9icgJuujH$vs9RUmVy=Ysjpw1g>}@USbmj;Wglf=&0L<L+U`SIRSOC_
z&LHntzoLsPqRzAI$`I<WJf!|)2vyW;l~Bjh+<zU#IrZ4(l8fz|sjrz|f~D_dVa-?3
z{BEfqiPxc<W1#QcX(U&lLS%Xa&-Hb%F{4g@K^oT2qaJ0sminnQ_&8-FB(MaY9(n}F
z)xmJQ50yRCLG{qq;L=^x-g=0mHy@#SfO<6AlGL8NiJX#3q^4!TP}7Wpl4hRSwIMU1
z0lPdauyJ`VELKoAwL1kZ$2yQm-BfBrCsJrLqB+=(9qHBZi7rJT`$SWC5Gm#LaNbsk
zIUnX><w6~8RL)S3aUO*yuHx{uLA2hat<Jp%s5*5HX|*kA>AHk9D_pRdb7QO~9_6&<
zD&l+`#WU3i+LhJT9m4+XRs`<KLTcuIgvRbcP@IPS%`;=_Ah&wvAe}ZUaWzK~k>AAo
zm9TLx!m`hE5$aWhlznZ~wXjX?v=O;}k8Qt?lUHtIi+dETRq?1f*aLTm-SFJz4j0<c
z(C>x16Bn$p^oE*tJy)*wE8m?woRVu;Km_N;P+#iv{jqghB%I805D=M!9mzRx2`YqB
zKna$A$+O$9vaokgHA0gPLsxqiRcEiEf%?7{+993lJCD%lR9IQ3B0Zx6d&A1GZC4bM
z(h_J}mX5S6o&!_=8yRBY8qTxH2Xf6BQr7d;b}OkTSPeVZ^{{txhwYLK*euGz=O6FE
zXH(;0_E8obsPhQ+q3%1m8k*{M6jL8iLA_*0?|EG2`YX@uj`yCTO#sJ_Di;Y6ZE&+I
zg(r39fwUj+a?8bnDV(Ee$0EZ+p7R;k<cgXy7!H&}U&iN2YHZvP3Cqutu=%S@I8c|c
z**YGZw?x4^C=O9N9g<2bkYC%3o^$6hbf5Z~CwmfE?(KVb5uL18YzRD@O5tc-iginM
zSo~oM)>7|(fi?m1oKc=d8ut<My^-Pcg|j$V*NWtQMbzgWL=$Z<Dry^XsJ#{ShYq8?
zqZ7BdR?8sIFlF0iS@O*HkvwPQ-`R_okd#@0xP4`yKRYrq4b<tKk#Bt6ZsWegxc-mS
zMaZ(rrHmLJ4@b}Z4xe8>ZHGKRR@(KXeGkaTRqj^?Xjfz`!`SD;bw51|mQ^U{vr?Aa
zi#%XEqz+7;Da&@zKTpw>7<n}E{!OuziE{otG|Z3kt}I76EB?c?M`M$C*O>hC#^0e>
z*#=qtH?`$Y-IL5J?>~wERQ{*WpT0K&3jC1#Pbh(B2mD`J1kcv@hkm<bmFi7@^q1!1
z`<E}j9l2&a8@}nD%q!;`;~FEcjX~lp`j&o;&*XjSPeA`t+R=6@_RAx(e?2eIpB3HR
z-Jm}!F=3jruG60t^k)VAS!s(*J7r=Y`m=)mte`(D=+6rJvnqIxzO=+_KC~0^q%N}t
z^rfYpsvU8M7wAh1`qF~Fw4g67=t~Rw(t^IUpf9b0XX(oe`tpLlyr3^H=*tWG@`Ap+
zpf4}z%M1GQg1)?<FE8lJ3;ObczPw8P^d$y;i9ugt(3hBc^c3#-azI~V(3cqWB?f(o
zL0@9fml*UV27QT%X(K^jV$heFcI|nfFEi-N4Ei#IzRaL6Gw90<`Z9yQ%%Cqb=*tZH
zGK0R%pf5A%%MAKbgTB<<YgK^0)U;{gzG_t==t~XyQiHzKpf5G(OAY!`Qx1E%e@g>>
zsX<?A(1#oJ;Rb!UK_70=hnst>9MFdw^x+15xIrIo(1)8?l6G%v<3Jy7W4D98<Dl<2
z=sOPjj)T7Apzk>7JFduAW|V6#{l{r%O&i6SgWNA%RmKo~$iFV<+Y)m9e7cN1)gv3{
wd^r{+DSI!jjm9<AxPMUUm*bYtxP<b#%>Q)Ue*Z7#&-;ea|MdHoYJBhi0G)?VF8}}l

literal 0
HcmV?d00001

diff --git a/www/index.html b/www/index.html
new file mode 100644
index 0000000000..86133dd771
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,3718 @@
+<html><head><title>An Overview of Cryptography</title>
+
+
+<meta name="keywords" content="crypto tutorial, cryptography tutorial, DES tutorial, RSA tutorial, Diffie-Hellman tutorial, IPsec tutorial, PGP tutorial, SSL tutorial, ECC tutorial, elliptic curve cryptography tutorial, AES tutorial, Rijndael tutorial"></head><body bgcolor="#ffffff">
+<font size="3">
+</font><center>
+<h1>
+<font size="3"><font color="blue" face="arial">
+An Overview of Cryptography
+</font>
+</font></h1>
+<h3>
+<font size="3"><i><a href="mailto:kumquat@sover.net">Gary C. Kessler</a></i><br>
+May 1998<br>
+(26 September 2005)
+</font></h3>
+<font size="3"><br>
+</font><blockquote>
+<h4>
+<font size="3">A much shorter, edited version of this paper appears in the 1999 Edition of <i>Handbook on Local Area Networks</i>, published by Auerbach in September 1998. Since that time, this article has taken on a life of its own...
+</font></h4>
+</blockquote>
+</center>
+
+<hr>
+<table align="center" border="0">
+<tbody><tr>
+<td valign="top" width="490">
+<center><h3>CONTENTS</h3></center>
+<ul>
+<a href="#intro"><b>1. INTRODUCTION</b></a><br>
+<a href="#purpose"><b>2. THE PURPOSE OF CRYPTOGRAPHY</b></a><br>
+<a href="#types"><b>3. TYPES OF CRYPTOGRAPHIC ALGORITHMS</b></a><br>
+<ul>
+<a href="#skc">3.1. Secret Key Cryptography</a><br>
+<a href="#pkc">3.2. Public-Key Cryptography</a><br>
+<a href="#hash">3.3. Hash Functions</a><br>
+<a href="#why3">3.4. Why Three Encryption Techniques?</a><br>
+<a href="#keylen">3.5. The Significance of Key Length</a>
+</ul>
+<a href="#trust"><b>4. TRUST MODELS</b></a><br>
+<ul>
+<a href="#pgpweb">4.1. PGP Web of Trust</a><br>
+<a href="#kerb">4.2. Kerberos</a><br>
+<a href="#pkcca">4.3. Public Key Certificates and Certification Authorities</a><br>
+<a href="#trustsumm">4.4. Summary</a><br>
+</ul>
+<a href="#algorithms"><b>5. CRYPTOGRAPHIC ALGORITHMS IN ACTION</b></a><br>
+
+<ul>
+<a href="#password">5.1. Password Protection</a><br>
+<a href="#dhmath">5.2. Some of the Finer Details of Diffie-Hellman Key Exchange</a><br>
+<a href="#rsamath">5.3. Some of the Finer Details of RSA Public-Key Cryptography</a><br>
+<a href="#desmath">5.4. Some of the Finer Details of DES, Breaking DES, and DES Variants</a><br>
+<a href="#pgp">5.5. Pretty Good Privacy (PGP)</a><br>
+<a href="#ipsec">5.6. IP Security (IPsec) Protocol</a><br>
+<a href="#ssl">5.7. The SSL "Family" of Secure Transaction Protocols for the World Wide Web</a><br>
+<a href="#ecc">5.8. Elliptic Curve Cryptography</a><br>
+<a href="#aes">5.9. The Advanced Encryption Standard and Rijndael</a><br>
+<a href="#stream">5.10. Cisco's Stream Cipher</a><br>
+</ul>
+<a href="#conclusion"><b>6. CONCLUSION... OF SORTS</b></a><br>
+<a href="#refs"><b>7. REFERENCES AND FURTHER READING</b></a><br>
+<a href="#mathnotes"><b>A. SOME MATH NOTES</b></a><br>
+<ul>
+<a href="#xor">A.1. The Exclusive-OR (XOR) Function</a><br>
+<a href="#modulo">A.2. The <i>modulo</i> Function</a><br>
+</ul>
+<a href="#author"><b>ABOUT THE AUTHOR</b></a><br>
+</ul>
+
+</td><td width="10">&nbsp;
+
+</td><td valign="top" width="400">
+<center><h3>FIGURES</h3></center>
+<ol>
+<li><a href="#fig01">Three types of cryptography: secret-key, public key, and hash function.</a>
+</li><li><a href="#fig02">Sample application of the three cryptographic techniques for secure communication.</a>
+</li><li><a href="#fig03">Kerberos architecture.</a>
+</li><li><a href="#fig04">GTE Cybertrust Global Root-issued certificate (Netscape Navigator).</a>
+</li><li><a href="#fig05">Sample entries in Unix/Linux password files.</a>
+</li><li><a href="#fig06">DES enciphering algorithm.</a>
+</li><li><a href="#fig07">A PGP signed message.</a>
+</li><li><a href="#fig08">A PGP encrypted message.</a>
+</li><li><a href="#fig09">The decrypted message.</a>
+</li><li><a href="#fig10">IPsec Authentication Header format.</a>
+</li><li><a href="#fig11">IPsec Encapsulating Security Payload format.</a>
+</li><li><a href="#fig12">IPsec tunnel and transport modes for AH.</a>
+</li><li><a href="#fig13">IPsec tunnel and transport modes for ESP.</a>
+</li><li><a href="#fig14">SSL v3 configuration screen (Netscape Navigator).</a>
+</li><li><a href="#fig15">SSL/TLS protocol handshake.</a>
+</li><li><a href="#fig16">Elliptic curve addition.</a>
+</li><li><a href="#fig17">AES pseudocode.</a>
+</li></ol>
+<center><h3>TABLES</h3></center>
+<ol>
+<li><a href="#tab01">Minimum Key Lengths for Symmetric Ciphers.</a>
+</li><li><a href="#tab02">Contents of an X.509 V3 Certificate.</a>
+</li><li><a href="#tab03">Other Crypto Algorithms and Systems of Note.</a>
+</li><li><a href="#tab04">ECC and RSA Key Comparison.</a>
+</li></ol>
+</td></tr></tbody></table>
+<hr>
+
+<blockquote>
+<font size="3"><br>
+</font><center><h3><font size="3"><font color="blue" face="arial"><a name="intro">1. INTRODUCTION</a></font></font></h3></center>
+<p>
+<font size="3">Does increased security provide comfort to paranoid
+people? Or does security provide some very basic protections that we
+are naive to believe that we don't need? During this time when the
+Internet provides essential communication between tens of millions of
+people and is being increasingly used as a tool for commerce, security
+becomes a tremendously important issue to deal with.
+</font></p><p>
+<font size="3">There are many aspects to security and many
+applications, ranging from secure commerce and payments to private
+communications and protecting passwords. One essential aspect for
+secure communications is that of cryptography, which is the focus of
+this chapter. But it is important to note that while cryptography is <i>necessary</i> for secure communications, it is not by itself <i>sufficient</i>.
+The reader is advised, then, that the topics covered in this chapter
+only describe the first of many steps necessary for better security in
+any number of situations.
+</font></p><p>
+<font size="3">This paper has two major purposes. The first is to
+define some of the terms and concepts behind basic cryptographic
+methods, and to offer a way to compare the myriad cryptographic schemes
+in use today. The second is to provide some real examples of
+cryptography in use today.
+</font></p><p>
+<font size="3">I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in <i>current</i>
+use and is not a treatise of the whole field. No mention is made here
+about pre-computerized crypto schemes, the difference between a
+substitution and transposition cipher, cryptanalysis, or other history.
+Interested readers should check out some of the books in the
+bibliography below for this detailed &#8212; and interesting! &#8212; background
+information.</font></p>
+
+<font size="3"><br>
+</font><center><h3><font size="3"><font color="blue" face="arial"><a name="purpose">2. THE PURPOSE OF CRYPTOGRAPHY</a></font></font></h3></center>
+<p>
+<font size="3">Cryptography is the science of writing in secret code
+and is an ancient art; the first documented use of cryptography in
+writing dates back to circa 1900 B.C. when an Egyptian scribe used
+non-standard hieroglyphs in an inscription. Some experts argue that
+cryptography appeared spontaneously sometime after writing was
+invented, with applications ranging from diplomatic missives to
+war-time battle plans. It is no surprise, then, that new forms of
+cryptography came soon after the widespread development of computer
+communications. In data and telecommunications, cryptography is
+necessary when communicating over any untrusted medium, which includes
+just about <i>any</i> network, particularly the Internet.</font></p>
+<p>
+<font size="3">Within the context of any application-to-application communication, there are some specific security requirements, including:</font></p>
+<ul>
+<font size="3"><li><i>Authentication:</i> The process of proving one's
+identity. (The primary forms of host-to-host authentication on the
+Internet today are name-based or address-based, both of which are
+notoriously weak.)</li>
+<li><i>Privacy/confidentiality:</i> Ensuring that no one can read the message except the intended receiver.</li>
+<li><i>Integrity:</i> Assuring the receiver that the received message has not been altered in any way from the original.</li>
+<li><i>Non-repudiation:</i> A mechanism to prove that the sender really sent this message.</li>
+</font></ul>
+<p>
+<font size="3">Cryptography, then, not only protects data from theft or
+alteration, but can also be used for user authentication. There are, in
+general, three types of cryptographic schemes typically used to
+accomplish these goals: secret key (or symmetric) cryptography,
+public-key (or asymmetric) cryptography, and hash functions, each of
+which is described below. In all cases, the initial unencrypted data is
+referred to as <i>plaintext</i>. It is encrypted into <i>ciphertext</i>, which will in turn (usually) be decrypted into usable plaintext.</font></p>
+<p>
+<font size="3">In many of the descriptions below, two communicating
+parties will be referred to as Alice and Bob; this is the common
+nomenclature in the crypto field and literature to make it easier to
+identify the communicating parties. If there is a third or fourth party
+to the communication, they will be referred to as Carol and Dave.
+Mallory is a malicious party, Eve is an eavesdropper, and Trent is a
+trusted third party.</font></p>
+
+<font size="3"><br>
+</font><center><h3><font size="3"><font color="blue" face="arial"><a name="types">3. TYPES OF CRYPTOGRAPHIC ALGORITHMS</a></font></font></h3></center>
+<p>
+<font size="3">There are several ways of classifying cryptographic
+algorithms. For purposes of this paper, they will be categorized based
+on the number of keys that are employed for encryption and decryption,
+and further defined by their application and use. The three types of
+algorithms that will be discussed are (Figure 1):
+</font></p><ul>
+<font size="3"><li>Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
+</li><li>Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
+</li><li>Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
+</li></font></ul>
+<font size="3"><a name="fig01"></a><br>
+</font><center><table border="1"><tbody><tr><td>
+<img src="crypto_files/crypto_types.gif">
+<br><br>
+<h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.</h4>
+</td></tr></tbody></table>
+</center>
+
+<font size="3"><br><br>
+<a name="skc"><h3>3.1. Secret Key Cryptography</h3></a>
+</font><p>
+<font size="3">With <i>secret key cryptography</i>, a single key is
+used for both encryption and decryption. As shown in Figure 1A, the
+sender uses the key (or some set of rules) to encrypt the plaintext and
+sends the ciphertext to the receiver. The receiver applies the same key
+(or ruleset) to decrypt the message and recover the plaintext. Because
+a single key is used for both functions, secret key cryptography is
+also called <i>symmetric encryption</i>.</font></p>
+<p>
+<font size="3">With this form of cryptography, it is obvious that the
+key must be known to both the sender and the receiver; that, in fact,
+is the secret. The biggest difficulty with this approach, of course, is
+the distribution of the key.</font></p>
+<p>
+<font size="3">Secret key cryptography schemes are generally categorized as being either <i>stream ciphers</i> or <i>block ciphers</i>.
+Stream ciphers operate on a single bit (byte or computer word) at a
+time and implement some form of feedback mechanism so that the key is
+constantly changing. A block cipher is so-called because the scheme
+encrypts one block of data at a time using the same key on each block.
+In general, the same plaintext block will always encrypt to the same
+ciphertext when using the same key in a block cipher whereas the same
+plaintext will encrypt to different ciphertext in a stream cipher.</font></p>
+<p>
+<font size="3">Stream ciphers come in several flavors but two are worth mentioning here. <i>Self-synchronizing stream ciphers</i> calculate each bit in the keystream as a function of the previous <i>n</i>
+bits in the keystream. It is termed "self-synchronizing" because the
+decryption process can stay synchronized with the encryption process
+merely by knowing how far into the <i>n</i>-bit keystream it is. One problem is error propagation; a garbled bit in transmission will result in <i>n</i> garbled bits at the receiving side. <i>Synchronous stream ciphers</i>
+generate the keystream in a fashion independent of the message stream
+but by using the same keystream generation function at sender and
+receiver. While stream ciphers do not propagate transmission errors,
+they are, by their nature, periodic so that the keystream will
+eventually repeat.</font></p>
+<p>
+<font size="3">Block ciphers can operate in one of several modes; the following four are the most important:</font></p>
+<ul>
+<font size="3"><li><i>Electronic Codebook (ECB) mode</i> is the
+simplest, most obvious application: the secret key is used to encrypt
+the plaintext block to form a ciphertext block. Two identical plaintext
+blocks, then, will always generate the same ciphertext block. Although
+this is the most common mode of block ciphers, it is susceptible to a
+variety of brute-force attacks.</li>
+<li><i>Cipher Block Chaining (CBC) mode</i> adds a feedback mechanism
+to the encryption scheme. In CBC, the plaintext is exclusively-ORed
+(XORed) with the previous ciphertext block prior to encryption. In this
+mode, two identical blocks of plaintext never encrypt to the same
+ciphertext.</li>
+<li><i>Cipher Feedback (CFB) mode</i> is a block cipher implementation
+as a self-synchronizing stream cipher. CFB mode allows data to be
+encrypted in units smaller than the block size, which might be useful
+in some applications such as encrypting interactive terminal input. If
+we were using 1-byte CFB mode, for example, each incoming character is
+placed into a shift register the same size as the block, encrypted, and
+the block transmitted. At the receiving side, the ciphertext is
+decrypted and the extra bits in the block (i.e., everything above and
+beyond the one byte) are discarded.</li>
+<li><i>Output Feedback (OFB) mode</i> is a block cipher implementation
+conceptually similar to a synchronous stream cipher. OFB prevents the
+same plaintext block from generating the same ciphertext block by using
+an internal feedback mechanism that is independent of both the
+plaintext and ciphertext bitstreams.</li>
+</font></ul>
+
+<p>
+<font size="3">Secret key cryptography algorithms that are in use today include:</font></p>
+<ul>
+<font size="3"><li> <p><i>Data Encryption Standard (DES):</i> The most
+common SKC scheme used today, DES was designed by IBM in the 1970s and
+adopted by the National Bureau of Standards (NBS) [now the National
+Institute for Standards and Technology (NIST)] in 1977 for commercial
+and unclassified government applications. DES is a block-cipher
+employing a 56-bit key that operates on 64-bit blocks. DES has a
+complex set of rules and transformations that were designed
+specifically to yield fast hardware implementations and slow software
+implementations, although this latter point is becoming less
+significant today since the speed of computer processors is several
+orders of magnitude faster today than twenty years ago. IBM also
+proposed a 112-bit key for DES, which was rejected at the time by the
+government; the use of 112-bit keys was considered in the 1990s,
+however, conversion was never seriously considered.</p>
+<p>
+DES is defined in American National Standard X3.92 and three Federal Information Processing Standards (FIPS):</p>
+<ul>
+<li><a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf"> FIPS 46-3: DES</a></li>
+<li><a href="http://www.itl.nist.gov/div897/pubs/fip74.htm">FIPS 74: Guidelines for Implementing and Using the NBS Data Encryption Standard</a></li>
+<li><a href="http://www.itl.nist.gov/div897/pubs/fip81.htm">FIPS 81: DES Modes of Operation</a></li>
+</ul>
+<p>
+Information about vulnerabilities of DES can be obtained from the <a href="http://www.eff.org/pub/Privacy/Crypto_misc/DES_Cracking">Electronic Frontier Foundation</a>.</p>
+<p>
+Two important variants that strengthen DES are:</p>
+<ul>
+<li> <p><i>Triple-DES (3DES):</i> A variant of DES that employs up to
+three 56-bit keys and makes three encryption/decryption passes over the
+block; 3DES is also described in <a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf"> FIPS 46-3</a> and is the recommended replacement to DES.</p></li>
+<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2232">DESX</a>:</i>
+A variant devised by Ron Rivest. By combining 64 additional key bits to
+the plaintext prior to encryption, effectively increases the keylength
+to 120 bits.</p></li>
+</ul>
+<p>
+More detail about DES, 3DES, and DESX can be found below in <a href="#desmath">Section 5.4</a>.</p></li>
+
+<li> <p><i>Advanced Encryption Standard (AES):</i> In 1997, NIST
+initiated a very public, 4-1/2 year process to develop a new secure
+cryptosystem for U.S. government applications. The result, the <a href="http://www.nist.gov/aes">Advanced Encryption Standard</a>, became the official successor to DES in December 2001. AES uses an SKC scheme called <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/index.html"> Rijndael</a>,
+a block cipher designed by Belgian cryptographers Joan Daemen and
+Vincent Rijmen. The algorithm can use a variable block length and key
+length; the latest specification allowed any combination of keys
+lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256
+bits. NIST initially selected Rijndael in October 2000 and formal
+adoption as the AES standard came in December 2001. <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
+describes a 128-bit block cipher employing a 128-, 192-, or 256-bit
+key. The AES process and Rijndael algorithm are described in more
+detail below in <a href="#aes">Section 5.9</a>.</p></li>
+
+<li> <p><i>CAST-128/256:</i> CAST-128, described in <a href="http://www.rfc-editor.org/rfc/rfc2144.txt">Request for Comments (RFC) 2144</a>, is a DES-like substitution-permutation crypto algorithm, employing a 128-bit key operating on a 64-bit block. <a href="http://www.entrust.com/resources/pdf/cast-256.pdf">CAST-256</a> (<a href="http://www.rfc-editor.org/rfc/rfc2612.txt">RFC 2612</a>)
+is an extension of CAST-128, using a 128-bit block size and a variable
+length (128, 160, 192, 224, or 256 bit) key. CAST is named for its
+developers, Carlisle Adams and Stafford Tavares and is available
+internationally. CAST-256 was one of the Round 1 algorithms in the AES
+process.</p></li>
+
+<li> <p><i><a href="http://home.ecn.ab.ca/%7Ejsavard/crypto/co0404.htm">International Data Encryption Algorithm (IDEA)</a>:</i>
+Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992
+and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key.
+Also available internationally.</p></li>
+
+<li> <p><i>Rivest Ciphers (</i>aka<i> Ron's Code):</i> Named for Ron Rivest, a series of SKC algorithms.</p>
+<ul>
+<li> <p><i>RC1:</i> Designed on paper but never implemented.</p></li>
+<li> <p><i>RC2:</i> A 64-bit block cipher using variable-sized keys
+designed to replace DES. It's code has not been made public although
+many companies have licensed RC2 for use in their products. Described
+in <a href="http://www.rfc-editor.org/rfc/rfc2268.txt">RFC 2268</a>.</p></li>
+<li> <p><i>RC3:</i> Found to be breakable during development.</p></li>
+<li> <p><i><a href="http://ciphersaber.gurus.com/">RC4</a>:</i> A
+stream cipher using variable-sized keys; it is widely used in
+commercial cryptography products, although it can only be exported
+using keys that are 40 bits or less in length.</p><p>
+</p></li><li> <p><i>RC5:</i> A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in <a href="http://www.rfc-editor.org/rfc/rfc2040.txt">RFC 2040</a>.</p></li>
+<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2512">RC6</a>:</i> An improvement over RC5, RC6 was one of the AES Round 2 algorithms.</p></li>
+</ul>
+
+</li><li> <p><i><a href="http://www.counterpane.com/blowfish.html">Blowfish</a>:</i>
+A symmetric 64-bit block cipher invented by Bruce Schneier; optimized
+for 32-bit processors with large data caches, it is significantly
+faster than DES on a Pentium/PowerPC-class machine. Key lengths can
+vary from 32 to 448 bits in length. Blowfish, available freely and
+intended as a substitute for DES or IDEA, is in use in over 80 products.</p></li>
+
+<li> <p><i><a href="http://www.counterpane.com/twofish.html">Twofish</a>:</i>
+A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to
+be highly secure and highly flexible, well-suited for large
+microprocessors, 8-bit smart card microprocessors, and dedicated
+hardware. Designed by a team led by Bruce Schneier and was one of the
+Round 2 algorithms in the AES process.</p></li>
+
+<li> <p><i><a href="http://info.isl.ntt.co.jp/camellia/Publications/camellia.pdf">Camellia</a>:</i>
+A secret-key, block-cipher crypto algorithm developed jointly by Nippon
+Telegraph and Telephone (NTT) Corp. and Mitsubishi Electric Corporation
+(MEC) in 2000. Camellia has some characteristics in common with AES: a
+128-bit block size, support for 128-, 192-, and 256-bit key lengths,
+and suitability for both software and hardware implementations on
+common 32-bit processors as well as 8-bit processors (e.g., smart
+cards, cryptographic hardware, and embedded systems). Also described in
+<a href="http://www.rfc-editor.org/rfc/rfc3713.txt"> RFC 3713</a>.</p></li>
+
+<li> <p><i>MISTY1:</i> Developed at Mitsubishi Electric Corp., a block
+cipher using a 128-bit key and 64-bit blocks, and a variable number of
+rounds. Designed for hardware and software implementations, and is
+resistant to differential and linear cryptanalysis. Described in <a href="http://www.rfc-editor.org/rfc/rfc2994.txt">RFC 2994</a>.</p></li>
+
+<li> <p><i><a href="http://fn2.freenet.edmonton.ab.ca/%7Ejsavard/co0403.html">Secure and Fast Encryption Routine (SAFER)</a>:</i> Secret-key crypto scheme designed for implementation in software. Versions have been defined for 40-, 64-, and 128-bit keys.</p></li>
+
+<li> <p><i><a href="http://networking.champlain.edu/download/3G_KASUMI.pdf">KASUMI</a>:</i>
+A block cipher using a 128-bit key that is part of the Third-Generation
+Partnership Project (3gpp), formerly known as the Universal Mobile
+Telecommunications System (UMTS). KASUMI is the intended
+confidentiality and integrity algorithm for both message content and
+signaling data for emerging mobile communications systems.</p></li>
+
+<li> <p><i><a href="http://www.kisa.or.kr/seed/seed_eng.html">SEED</a>:</i>
+A block cipher using 128-bit blocks and 128-bit keys. Developed by the
+Korea Information Security Agency (KISA) and adopted as a national
+standard encryption algorithm in South Korea. Also described in <a href="http://www.rfc-editor.org/rfc/rfc4009.txt">RFC 4009</a>.</p></li>
+
+<li> <p><i><a href="http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf">Skipjack</a>:</i>
+SKC scheme proposed for Capstone. Although the details of the algorithm
+were never made public, Skipjack was a block cipher using an 80-bit key
+and 32 iteration cycles per 64-bit block.</p></li>
+</font></ul>
+
+<font size="3"><a name="pkc"><h3>3.2. Public-Key Cryptography</h3></a>
+</font><p>
+<font size="3"><i>Public-key cryptography</i> has been said to be the
+most significant new development in cryptography in the last 300-400
+years. Modern PKC was first described publicly by Stanford University
+professor Martin Hellman and graduate student Whitfield Diffie in 1976.
+Their paper described a two-key crypto system in which two parties
+could engage in a secure communication over a non-secure communications
+channel without having to share a secret key.</font></p>
+<p>
+<font size="3">PKC depends upon the existence of so-called <i>one-way functions</i>,
+or mathematical functions that are easy to computer whereas their
+inverse function is relatively difficult to compute. Let me give you
+two simple examples:</font></p>
+<ol>
+<font size="3"><li><i>Multiplication vs. factorization:</i> Suppose I
+tell you that I have two numbers, 9 and 16, and that I want to
+calculate the product; it should take almost no time to calculate the
+product, 144. Suppose instead that I tell you that I have a number,
+144, and I need you tell me which pair of integers I multiplied
+together to obtain that number. You will eventually come up with the
+solution but whereas calculating the product took milliseconds,
+factoring will take longer because you first need to find the 8 pair of
+integer factors and then determine which one is the correct pair.</li>
+<li><i>Exponentiation vs. logarithms:</i> Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 3<sup>6</sup>=729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, <i>x</i> and <i>y</i> so that log<sub>x</sub>&nbsp;729 = y, it will take you longer to find all possible solutions and select the pair that I used.</li>
+</font></ol>
+<p>
+<font size="3">While the examples above are trivial, they do represent
+two of the functional pairs that are used with PKC; namely, the ease of
+multiplication and exponentiation versus the relative difficulty of
+factoring and calculating logarithms, respectively. The mathematical
+"trick" in PKC is to find a <i>trap door</i> in the one-way function so that the inverse calculation becomes easy given knowledge of some item of information.</font></p>
+<p>
+<font size="3">Generic PKC employs two keys that are mathematically
+related although knowledge of one key does not allow someone to easily
+determine the other key. One key is used to encrypt the plaintext and
+the other key is used to decrypt the ciphertext. The important point
+here is that it <b>does not matter which key is applied first</b>, but
+that both keys are required for the process to work (Figure 1B).
+Because a pair of keys are required, this approach is also called <i>asymmetric cryptography</i>.</font></p>
+<p>
+<font size="3">In PKC, one of the keys is designated the <i>public key</i> and may be advertised as widely as the owner wants. The other key is designated the <i>private key</i>
+and is never revealed to another party. It is straight forward to send
+messages under this scheme. Suppose Alice wants to send Bob a message.
+Alice encrypts some information using Bob's public key; Bob decrypts
+the ciphertext using his private key. This method could be also used to
+prove who sent a message; Alice, for example, could encrypt some
+plaintext with her private key; when Bob decrypts using Alice's public
+key, he knows that Alice sent the message and Alice cannot deny having
+sent the message (<i>non-repudiation</i>).</font></p>
+
+<p>
+<font size="3">Public-key cryptography algorithms that are in use today for key exchange or digital signatures include:</font></p>
+<ul>
+<font size="3"><li> <p><i>RSA:</i> The first, and still most common,
+PKC implementation, named for the three MIT mathematicians who
+developed it &#8212; Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA
+today is used in hundreds of software products and can be used for key
+exchange, digital signatures, or encryption of small blocks of data.
+RSA uses a variable size encryption block and a variable size key. The
+key-pair is derived from a very large number, <i>n</i>, that is the
+product of two prime numbers chosen according to special rules; these
+primes may be 100 or more digits in length each, yielding an <i>n</i> with roughly twice as many digits as the prime factors. The public key information includes <i>n</i> and a derivative of one of the factors of <i>n</i>; an attacker cannot determine the prime factors of <i>n</i>
+(and, therefore, the private key) from this information alone and that
+is what makes the RSA algorithm so secure. (Some descriptions of PKC
+erroneously state that RSA's safety is due to the difficulty in <i>factoring</i>
+large prime numbers. In fact, large prime numbers, like small prime
+numbers, only have two factors!) The ability for computers to factor
+large numbers, and therefore attack schemes such as RSA, is rapidly
+improving and systems today can find the prime factors of numbers with
+more than 140 digits. The presumed protection of RSA, however, is that
+users can easily increase the key size to always stay ahead of the
+computer processing curve. As an aside, the patent for RSA expired in
+September 2000 which does not appear to have affected RSA's popularity
+one way or the other. A detailed example of RSA is presented below in <a href="#rsamath">Section 5.3</a>.</p></li>
+
+<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/faq/3-6-1.html">Diffie-Hellman</a>:</i>
+After the RSA algorithm was published, Diffie and Hellman came up with
+their own algorithm. D-H is used for secret-key key exchange only, and
+not for authentication or digital signatures. More detail about
+Diffie-Hellman can be found below in <a href="#dhmath">Section 5.2</a>.</p></li>
+
+<li> <p><i><a href="http://www.nist.gov/public_affairs/releases/digsigst.htm">Digital Signature Algorithm (DSA)</a>:</i>
+The algorithm specified in NIST's Digital Signature Standard (DSS),
+provides digital signature capability for the authentication of
+messages.</p></li>
+
+<li> <p><i><a href="http://www.iusmentis.com/technology/encryption/elgamal/">ElGamal</a>:</i> Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman and used for key exchange.</p></li>
+
+<li> <p><i>Elliptic Curve Cryptography (ECC):</i> A PKC algorithm based
+upon elliptic curves. ECC can offer levels of security with small keys
+comparable to RSA and other PKC methods. It was designed for devices
+with limited compute power and/or memory, such as smartcards and PDAs.
+More detail about ECC can be found below in <a href="#ecc">Section 5.8</a>. Other references include <a href="http://www.certicom.com/index.php?action=res,ecc_intro_home"> "The Importance of ECC"</a> Web page and the <a href="http://www.certicom.com/index.php?action=ecc_tutorial,home"> "Online Elliptic Curve Cryptography Tutorial"</a>, both from Certicom.</p></li>
+
+<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2124">Public-Key Cryptography Standards (PKCS)</a>:</i> A set of interoperable standards and guidelines for public-key cryptography, designed by RSA Data Security Inc.
+</p><ul>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2125">PKCS #1</a>: RSA Cryptography Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc3447.txt">RFC 3447</a>)</li>
+<li>PKCS #2: <i>Incorporated into PKCS #1.</i></li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2126">PKCS #3</a>: Diffie-Hellman Key-Agreement Standard</li>
+<li>PKCS #4: <i>Incorporated into PKCS #1.</i></li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2127">PKCS #5</a>: Password-Based Cryptography Standard (PKCS #5 V2.0 is also <a href="http://www.rfc-editor.org/rfc/rfc2898.txt">RFC 2898</a>)</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2128">PKCS #6</a>: Extended-Certificate Syntax Standard (being phased out in favor of X.509v3)</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2129">PKCS #7</a>: Cryptographic Message Syntax Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc2315.txt">RFC 2315</a>)</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2130">PKCS #8</a>: Private-Key Information Syntax Standard</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2131">PKCS #9</a>: Selected Attribute Types (Also <a href="http://www.rfc-editor.org/rfc/rfc2985.txt">RFC 2985</a>)</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2132">PKCS #10</a>: Certification Request Syntax Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc2986.txt">RFC 2986</a>)</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2133">PKCS #11</a>: Cryptographic Token Interface Standard</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2138">PKCS #12</a>: Personal Information Exchange Syntax Standard</li>
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2139">PKCS #13</a>: Elliptic Curve Cryptography Standard</li>
+<li>PKCS #14: <i>Pseudorandom Number Generation Standard is no longer available</i></li>
+
+<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2141">PKCS #15</a>: Cryptographic Token Information Format Standard</li>
+</ul>
+
+</li><li> <p><i><a href="http://www.zurich.ibm.com/Technology/Security/publications/1998/CS.pdf">Cramer-Shoup</a>:</i> A public-key cryptosystem proposed by R. Cramer and V. Shoup of IBM in 1998.</p></li>
+
+<li> <p><i><a href="http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf">Key Exchange Algorithm (KEA)</a>:</i> A variation on Diffie-Hellman; proposed as the key exchange method for Capstone.</p></li>
+
+<li> <p><i><a href="http://www.kisa.or.kr/technology/sub1/LUC.htm">LUC</a>:</i>
+A public-key cryptosystem designed by P.J. Smith and based on Lucas
+sequences. Can be used for encryption and signatures, using integer
+factoring.</p></li>
+</font></ul>
+
+<p>
+<font size="3">For additional information on PKC algorithms, see <a href="http://networking.champlain.edu/download/hac_chap08.pdf"> "Public-Key Encryption"</a>, Chapter 8 in <i>Handbook of Applied Cryptography</i>, by A. Menezes, P. van Oorschot, and S. Vanstone (CRC Press, 1996).</font></p>
+
+<hr align="center" width="50%">
+<blockquote>
+<p>
+<font size="3"><b>A digression: Who invented PKC?</b> I tried to be
+careful in the first paragraph of this section to state that Diffie and
+Hellman "first described publicly" a PKC scheme. Although I have
+categorized PKC as a two-key system, that has been merely for
+convenience; the real criteria for a PKC scheme is that it allows two
+parties to exchange a secret even though the communication with the
+shared secret might be overheard. There seems to be no question that
+Diffie and Hellman were first to publish; their method is described in
+the classic paper, "New Directions in Cryptography," published in the
+November 1976 issue of <i>IEEE Transactions on Information Theory</i>.
+As shown below, Diffie-Hellman uses the idea that finding logarithms is
+relatively harder than exponentiation. And, indeed, it is the precursor
+to modern PKC which does employ two keys. Rivest, Shamir, and Adleman
+described an implementation that extended this idea in their paper "A
+Method for Obtaining Digital Signatures and Public-Key Cryptosystems,"
+published in the February 1978 issue of the <i>Communications of the ACM (CACM)</i>.
+Their method, of course, is based upon the relative ease of finding the
+product of two large prime numbers compared to finding the prime
+factors of a large number.</font></p>
+<p>
+<font size="3">Some sources, though, credit Ralph Merkle with first
+describing a system that allows two parties to share a secret although
+it was not a two-key system, per se. A <i>Merkle Puzzle</i> works
+where Alice creates a large number of encrypted keys, sends them all to
+Bob so that Bob chooses one at random and then lets Alice know which he
+has selected. An eavesdropper will see all of the keys but can't learn
+which key Bob has selected (because he has encrypted the response with
+the chosen key). In this case, Eve's effort to break in is the square
+of the effort of Bob to choose a key. While this difference may be
+small it is often sufficient. Merkle apparently took a computer science
+course at UC Berkeley in 1974 and described his method, but had
+difficulty making people understand it; frustrated, he dropped the
+course. Meanwhile, he submitted the paper "Secure Communication Over
+Insecure Channels" which was published in the <i>CACM</i> in April
+1978; Rivest et al.'s paper even makes reference to it. Merkle's method
+certainly wasn't published first, but did he have the idea first?</font></p>
+<p>
+<font size="3">An interesting question, maybe, but who really knows?
+For some time, it was a quiet secret that a team at the UK's Government
+Communications Headquarters (GCHQ) had first developed PKC in the early
+1970s. Because of the nature of the work, GCHQ kept the original memos
+classified. In 1997, however, the GCHQ changed their posture when they
+realized that there was nothing to gain by continued silence. Documents
+show that a GCHQ mathematician named James Ellis started research into
+the key distribution problem in 1969 and that by 1975, Ellis, Clifford
+Cocks, and Malcolm Williamson had worked out all of the fundamental
+details of PKC, yet couldn't talk about their work. (They were, of
+course, barred from challenging the RSA patent!) After more than 20
+years, Ellis, Cocks, and Williamson have begun to get their due credit.</font></p>
+<p>
+<font size="3">And the National Security Agency (NSA) claims to have
+knowledge of this type of algorithm as early as 1966 but there is no
+supporting documentation... yet. So this really was a digression...</font></p>
+</blockquote>
+<hr align="center" width="50%">
+
+<font size="3"><a name="hash"><h3>3.3. Hash Functions</h3></a>
+</font><p>
+<font size="3"><i>Hash functions</i>, also called <i>message digests</i> and <i>one-way encryption</i>,
+are algorithms that, in some sense, use no key (Figure 1C). Instead, a
+fixed-length hash value is computed based upon the plaintext that makes
+it impossible for either the contents or length of the plaintext to be
+recovered. Hash algorithms are typically used to provide a <i>digital fingerprint</i>
+of a file's contents, often used to ensure that the file has not been
+altered by an intruder or virus. Hash functions are also commonly
+employed by many operating systems to encrypt passwords. Hash
+functions, then, help preserve the integrity of a file.</font></p>
+<p>
+<font size="3">Hash functions are sometimes misunderstood and some
+sources claim that no two files can have the same hash value. This
+isn't true, strictly speaking. Consider a hash function that provides a
+128-bit hash value. There are, obviously, 2<sup>128</sup> possible hash values. But there are a lot more than 2<sup>128</sup> <i>possible</i>
+files. Therefore, there have to be multiple files &#8212; in fact, there have
+to be an infinite number of files! &#8212; that can have the same 128-bit
+hash value. The difficulty is <i>finding</i> two files with the same
+hash! What is, indeed, very hard to do is to try to create a file that
+has a given hash value so as to force a hash value collision.</font></p>
+
+<p>
+<font size="3">Hash algorithms that are in common use today include:</font></p>
+<ul>
+<font size="3"><li> <p><i>Message Digest (MD) algorithms:</i> A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.</p>
+<ul>
+<li> <p><i>MD2 (<a href="http://www.rfc-editor.org/rfc/rfc1319.txt">RFC 1319</a>):</i> Designed for systems with limited memory, such as smart cards.</p></li>
+<li> <p><i>MD4 (<a href="http://www.rfc-editor.org/rfc/rfc1320.txt">RFC 1320</a>):</i> Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.</p></li>
+<li> <p><i>MD5 (<a href="http://www.rfc-editor.org/rfc/rfc1321.txt">RFC 1321</a>:</i>
+Also developed by Rivest after potential weaknesses were reported in
+MD4; this scheme is similar to MD4 but is slower because more
+manipulation is made to the original data. MD5 has been implemented in
+a large number of products although several weaknesses in the algorithm
+were demonstrated by German cryptographer Hans Dobbertin in 1996.</p></li>
+</ul>
+
+</li><li> <p><i>Secure Hash Algorithm (SHA):</i> Algorithm for NIST's
+Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was
+originally published as FIPS 180-1 and <a href="ftp://ftp.rfc-editor.org/in-notes/rfc3174.txt"> RFC 3174</a>. <a href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf"> FIPS 180-2</a>
+describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256,
+SHA-384, and SHA-512 which can produce hash values that are 224, 256,
+384, or 512 bits in length, respectively.</p></li>
+
+<li> <p><i><a href="http://www.esat.kuleuven.ac.be/%7Ebosselae/ripemd160.html">RIPEMD</a>:</i> A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. <a href="http://www.esat.kuleuven.ac.be/%7Ecosicart/pdf/AB-9601/AB-9601.pdf">RIPEMD-160</a>
+was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel,
+and optimized for 32-bit processors to replace the then-current 128-bit
+hash functions. Other versions include RIPEMD-256, RIPEMD-320, and
+RIPEMD-128.</p></li>
+
+<li> <p><i><a href="http://www.calyptix.com/technology/haval.php">HAVAL (HAsh of VAriable Length)</a>:</i>
+Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with
+many levels of security. HAVAL can create hash values that are 128,
+160, 192, 224, or 256 bits in length.</p></li>
+</font></ul>
+<p>
+<font size="3">For additional information, see David Hopwood's <a href="http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html"> MessageDigest Algorithms</a> page.</font></p>
+
+<font size="3"><a name="why3"><h3>3.4. Why Three Encryption Techniques?</h3></a>
+</font><p>
+<font size="3">So, why are there so many different types of cryptographic schemes? Why can't we do everything we need with just one?
+</font></p><p>
+<font size="3">The answer is that each scheme is optimized for some
+specific application(s). Hash functions, for example, are well-suited
+for ensuring data integrity because any change made to the contents of
+a message will result in the receiver calculating a different hash
+value than the one placed in the transmission by the sender. Since it
+is highly unlikely that two different messages will yield the same hash
+value, data integrity is ensured to a high degree of confidence.
+</font></p><p>
+<font size="3">Secret key cryptography, on the other hand, is ideally suited to encrypting messages. The sender can generate a <i>session key</i> on a per-message basis to encrypt the message; the receiver, of course, needs the same session key to decrypt the message.
+</font></p><p>
+<font size="3">Key exchange, of course, is a key application of
+public-key cryptography (no pun intended). Asymmetric schemes can also
+be used for non-repudiation; if the receiver can obtain the session key
+encrypted with the sender's private key, then only this sender could
+have sent the message. Public-key cryptography could, theoretically,
+also be used to encrypt messages although this is rarely done because
+secret-key cryptography operates about 1000 times faster than
+public-key cryptography.
+</font></p>
+<font size="3"><a name="fig02"></a><br>
+</font><center><table border="1"><tbody><tr><td>
+<img src="crypto_files/crypto_3ways.gif">
+<br><br>
+<h4>FIGURE 2: Sample application of the three cryptographic techniques for secure communication.</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br>
+</font><p>
+<font size="3">Figure 2 puts all of this together and shows how a <i>hybrid cryptographic</i> scheme combines all of these functions to form a secure transmission comprising <i>digital signature</i> and <i>digital envelope</i>. In this example, the sender of the message is Alice and the receiver is Bob.
+</font></p><p>
+<font size="3">A digital envelope comprises an encrypted message and an
+encrypted session key. Alice uses secret key cryptography to encrypt
+her message using the <i>session key</i>, which she generates at
+random with each session. Alice then encrypts the session key using
+Bob's public key. The encrypted message and encrypted session key
+together form the digital envelope. Upon receipt, Bob recovers the
+session secret key using his private key and then decrypts the
+encrypted message.
+</font></p><p>
+<font size="3">The digital signature is formed in two steps. First,
+Alice computes the hash value of her message; next, she encrypts the
+hash value with her private key. Upon receipt of the digital signature,
+Bob recovers the hash value calculated by Alice by decrypting the
+digital signature with Alice's public key. Bob can then apply the hash
+function to Alice's original message, which he has already decrypted
+(see previous paragraph). If the resultant hash value is not the same
+as the value supplied by Alice, then Bob knows that the message has
+been altered; if the hash values are the same, Bob should believe that
+the message he received is identical to the one that Alice sent.
+</font></p><p>
+<font size="3">This scheme also provides nonrepudiation since it proves
+that Alice sent the message; if the hash value recovered by Bob using
+Alice's public key proves that the message has not been altered, then
+only Alice could have created the digital signature. Bob also has proof
+that he is the intended receiver; if he can correctly decrypt the
+message, then he must have correctly decrypted the session key meaning
+that his is the correct private key.</font></p>
+
+<font size="3"><a name="keylen"><h3>3.5. The Significance of Key Length</h3></a>
+</font><p>
+<font size="3">In a recent article in the industry literature (circa
+9/98), a writer made the claim that 56-bit keys do not provide as
+sufficient protection for DES today as they did in 1975 because
+computers are 1000 times faster today than in 1975. Therefore, the
+writer went on, we should be using 56,000-bit keys today instead of
+56-bit keys to provide adequate protection. The conclusion was then
+drawn that because 56,000-bit keys are infeasible (<i>true</i>), we should accept the fact that we have to live with weak cryptography (<i>false!</i>).
+The major error here is that the writer did not take into account that
+the number of possible key values double whenever a single bit is added
+to the key length; thus, a 57-bit key has twice as many values as a
+56-bit key (because 2<sup>57</sup> is two times 2<sup>56</sup>). In fact, a 66-bit key would have 1024 times the possible values as a 56-bit key.</font></p>
+
+<p>
+<font size="3">But this does bring up the issue, what is the precise significance of key length as it affects the level of protection?</font></p>
+<p>
+<font size="3">In cryptography, size does matter. The larger the key,
+the harder it is to crack a block of encrypted data. The reason that
+large keys offer more protection is almost obvious; computers have made
+it easier to attack ciphertext by using brute force methods rather than
+by attacking the mathematics (which are generally well-known anyway).
+With a brute force attack, the attacker merely generates every possible
+key and applies it to the ciphertext. Any resulting plaintext that
+makes sense offers a candidate for a legitimate key. This was the
+basis, of course, of the EFF's attack on DES.</font></p>
+<p>
+<font size="3">Until the mid-1990s or so, brute force attacks were
+beyond the capabilities of computers that were within the budget of the
+attacker community. Today, however, significant compute power is
+commonly available and accessible. General purpose computers such as
+PCs are already being used for brute force attacks. For serious
+attackers with money to spend, such as some large companies or
+governments, Field Programmable Gate Array (FPGA) or
+Application-Specific Integrated Circuits (ASIC) technology offers the
+ability to build specialized chips that can provide even faster and
+cheaper solutions than a PC. Consider that an AT&amp;T ORCA chip (FPGA)
+costs $200 and can test 30 million DES keys per second, while a $10
+ASIC chip can test 200 million DES keys per second (compared to a PC
+which might be able to test 40,000 keys per second).</font></p>
+<p>
+<font size="3">The table below shows what DES key sizes are needed to
+protect data from attackers with different time and financial
+resources. This information is not merely academic; one of the basic
+tenets of any security system is to have an idea of <i>what</i> you are protecting and <i>from who</i>
+are you protecting it! The table clearly shows that a 40-bit key is
+essentially worthless today against even the most unsophisticated
+attacker. On the other hand, 56-bit keys are fairly strong unless you
+might be subject to some pretty serious corporate or government
+espionage. But note that even 56-bit keys are declining in their value
+and that the times in the table (1995 data) are worst cases.</font></p>
+
+<font size="3"><a name="tab01"></a></font><center>
+
+<table border="1" cellpadding="4">
+<caption>
+<b>TABLE 1. Minimum Key Lengths for Symmetric Ciphers.</b>
+</caption>
+<tbody><tr>
+<th rowspan="2">Type of Attacker
+</th><th rowspan="2">Budget
+</th><th rowspan="2">Tool
+</th><th colspan="2">Time and Cost<br>Per Key Recovered
+</th><th rowspan="2">Key Length Needed<br>For Protection<br>In Late-1995
+</th></tr><tr>
+<th>40 bits
+</th><th>56 bits
+</th></tr><tr>
+<td rowspan="2">Pedestrian Hacker
+</td><td align="center">Tiny
+</td><td align="center">Scavanged<br>computer<br>time
+</td><td align="center">1 week
+</td><td align="center">Infeasible
+</td><td align="center">45
+</td></tr><tr>
+<td align="center">$400
+</td><td align="center">FPGA
+</td><td align="center">5 hours<br>($0.08)
+</td><td align="center">38 years<br>($5,000)
+</td><td align="center">50
+</td></tr><tr>
+<td>Small Business
+</td><td align="center">$10,000
+</td><td align="center">FPGA
+</td><td align="center">12 minutes<br>($0.08)
+</td><td align="center">18 months<br>($5,000)
+</td><td align="center">55
+</td></tr><tr>
+<td rowspan="2">Corporate Department
+</td><td rowspan="2" align="center">$300K
+</td><td align="center">FPGA
+</td><td align="center">24 seconds<br>($0.08)
+</td><td align="center">19 days<br>($5,000)
+</td><td rowspan="2" align="center">60
+</td></tr><tr>
+<td align="center">ASIC
+</td><td align="center">0.18 seconds<br>($0.001)
+</td><td align="center">3 hours<br>($38)
+</td></tr><tr>
+<td rowspan="2">Big Company
+</td><td rowspan="2" align="center">$10M
+</td><td align="center">FPGA
+</td><td align="center">7 seconds<br>($0.08)
+</td><td align="center">13 hours<br>($5,000)
+</td><td rowspan="2" align="center">70
+</td></tr><tr>
+<td align="center">ASIC
+</td><td align="center">0.005 seconds<br>($0.001)
+</td><td align="center">6 minutes<br>($38)
+</td></tr><tr>
+<td>Intelligence Agency
+</td><td align="center">$300M
+</td><td align="center">ASIC
+</td><td align="center">0.0002 seconds<br>($0.001)
+</td><td align="center">12 seconds<br>($38)
+</td><td align="center">75
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+
+</font><p>
+<font size="3">So, how big is big enough? DES, invented in 1975, is
+still in use today, nearly 25 years later. If we take that to be a
+design criteria (i.e., a 20-plus year lifetime) and we believe Moore's
+Law ("computing power doubles every 18 months"), then a key size
+extension of 14 bits (i.e., a factor of more than 16,000) should be
+adequate. The 1975 DES proposal suggested 56-bit keys; by 1995, a
+70-bit key would have been required to offer equal protection and an
+85-bit key will be necessary by 2015.</font></p>
+<p>
+<font size="3">The discussion above suggests that a 128- or 256-bit key
+for SKC will suffice for some time because that key length keeps us
+ahead of the brute force capabilities of the attackers. While a large
+key is good, a huge key may not always be better. That is, many
+public-key cryptosystems use 1024- or 2048-bit keys; expanding the key
+to 4096 bits probably doesn't add any protection at this time but it
+does add significantly to processing time.</font></p>
+<p>
+<font size="3">The most effective large-number factoring methods today
+use a mathematical Number Field Sieve to find a certain number of
+relationships and then uses a matrix operation to solve a linear
+equation to produce the two prime factors. The sieve step actually
+involves a large number of operations of operations that can be
+performed in parallel; solving the linear equation, however, requires a
+supercomputer. Indeed, finding the solution to the RSA-140 challenge in
+February 1999 &#8212; factoring a 140-digit (465-bit) prime number &#8212; required
+200 computers across the Internet about 4 weeks for the first step and
+a Cray computer 100 hours and 810 MB of memory to do the second step.</font></p>
+<p>
+<font size="3">In early 1999, Shamir (of RSA fame) described a new
+machine that could increase factorization speed by 2-3 orders of
+magnitude. Although no detailed plans were provided nor is one known to
+have been built, the concepts of <a href="http://jya.com/twinkle.eps">TWINKLE (The Weizmann Institute Key Locating Engine)</a>
+could result in a specialized piece of hardware that would cost about
+$5000 and have the processing power of 100-1000 PCs. There still appear
+to be many engineering details that have to be worked out before such a
+machine could be built. Furthermore, the hardware improves the sieve
+step only; the matrix operation is not optimized at all by this design
+and the complexity of this step grows rapidly with key length, both in
+terms of processing time and memory requirements. Nevertheless, this
+plan conceptually puts 512-bit keys within reach of being factored.
+Although most PKC schemes allow keys that are 1024 bits and longer,
+Shamir claims that 512-bit RSA keys "protect 95% of today's E-commerce
+on the Internet." (See Bruce Schneier's <a href="http://www.counterpane.com/crypto-gram-9905.html">Crypto-Gram (May 15, 1999)</a> for more information, as well as the comments from <a href="http://www.rsasecurity.com/rsalabs/html/twinkle.html">RSA Labs</a>.)</font></p>
+<p>
+<font size="3">It is also interesting to note that while cryptography
+is good and strong cryptography is better, long keys may disrupt the
+nature of the randomness of data files. Shamir and van Someren (<a href="http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf">"Playing hide and seek with stored keys"</a>)
+have noted that a new generation of viruses can be written that will
+find files encrypted with long keys, making them easier to find by
+intruders and, therefore, more prone to attack.</font></p>
+<p>
+<font size="3">Finally, U.S. government policy has tightly controlled
+the export of crypto products since World War II. Until recently,
+export outside of North America of cryptographic products using keys
+greater than 40 bits in length was prohibited, which made those
+products essentially worthless in the marketplace, particularly for
+electronic commerce. More recently, the U.S. Commerce Department
+relaxed the regulations, allowing the general export of 56-bit SKC and
+1024-bit PKC products (certain sectors, such as health care and
+financial, allow the export of products with even larger keys). The
+Commerce Department's Bureau of Export Administration maintains a <a href="http://www.bxa.doc.gov/Encryption/Default.htm">Commercial Encryption Export Controls</a> web page with more information. The potential impact of this policy on U.S. businesses is well beyond the scope of this paper.</font></p>
+<p>
+<font size="3">Much of the discussion above, including the table, are based on the paper <a href="http://www.counterpane.com/keylength.html">"Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security"</a> by M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener.</font></p>
+<p>
+<font size="3">On a related topic, public key crypto schemes can be
+used for several purposes, including key exchange, digital signatures,
+authentication, and more. In those PKC systems used for SKC key
+exchange, the PKC key lengths are chosen so to be resistant to some
+selected level of attack. The length of the secret keys exchanged via
+that system have to have at least the same level of attack resistance.
+Thus, the three parameters of such a system &#8212; system strength, secret
+key strength, and public key strength &#8212; must be matched. This topic is
+explored in more detail in <i>Determining Strengths For Public Keys Used For Exchanging Symmetric Keys</i> (<a href="ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt">RFC 3766</a>).</font></p>
+
+<font size="3"><br>
+</font><center><h3><font size="3"><font color="blue" face="arial"><a name="trust">4. TRUST MODELS</a></font></font></h3></center>
+<p>
+<font size="3">Secure use of cryptography requires trust. While secret
+key cryptography can ensure message confidentiality and hash codes can
+ensure integrity, none of this works without trust. In SKC, Alice and
+Bob had to share a secret key. PKC solved the secret distribution
+problem, but how does Alice really know that Bob is who he says he is?
+Just because Bob has a public and private key, and purports to be
+"Bob," how does Alice know that a malicious person (Mallory) is not
+pretending to be Bob?
+</font></p><p>
+<font size="3">There are a number of <i>trust models</i> employed by various cryptographic schemes. This section will explore three of them:
+</font></p>
+<ul>
+<font size="3"><li>The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
+</li><li>Kerberos, a secret key distribution scheme using a trusted third party.
+</li><li>Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
+</li></font></ul>
+<p>
+<font size="3">Each of these trust models differs in complexity, general applicability, scope, and scalability.
+</font></p>
+<font size="3"><a name="pgpweb"><h3>4.1. PGP Web of Trust</h3></a>
+</font><p>
+<font size="3">Pretty Good Privacy (described more below in <a href="#pgp">Section 5.5</a>)
+is a widely used private e-mail scheme based on public key methods. A
+PGP user maintains a local keyring of all their known and trusted
+public keys. The user makes their own determination about the
+trustworthiness of a key using what is called a "web of trust."
+</font></p><p>
+<font size="3">If Alice needs Bob's public key, Alice can ask Bob for
+it in another e-mail or, in many cases, download the public key from an
+advertised server; this server might a well-known PGP key repository or
+a site that Bob maintains himself. In fact, Bob's public key might be
+stored or listed in many places. (The author's public key, for example,
+can be found at <a href="http://www.garykessler.net/kumquat_pubkey.html"> <i>http://www.garykessler.net/kumquat_pubkey.html</i></a>.) Alice is prepared to believe that Bob's public key, as stored at these locations, is valid.
+</font></p><p>
+<font size="3">Suppose Carol claims to hold Bob's public key and offers
+to give the key to Alice. How does Alice know that Carol's version of
+Bob's key is valid or if Carol is actually giving Alice a key that will
+allow Mallory access to messages? The answer is, "It depends." If Alice
+trusts Carol and Carol says that she thinks that her version of Bob's
+key is valid, then Alice <i>may</i> &#8212; at <i>her</i> option &#8212; trust
+that key. And trust is not necessarily transitive; if Dave has a copy
+of Bob's key and Carol trusts Dave, it does not necessarily follow that
+Alice trusts Dave even if she does trust Carol.
+</font></p><p>
+<font size="3">The point here is that who Alice trusts and how she
+makes that determination is strictly up to Alice. PGP makes no
+statement and has no protocol about how one user determines whether
+they trust another user or not. In any case, encryption and signatures
+based on public keys can only be used when the appropriate public key
+is on the user's keyring.
+</font></p>
+<font size="3"><a name="kerb"><h3>4.2. Kerberos</h3></a>
+</font><p>
+<font size="3">Kerberos is a commonly used authentication scheme on the
+Internet. Developed by MIT's Project Athena, Kerberos is named for the
+three-headed dog who, according to Greek mythology, guards the entrance
+of Hades (rather than the exit, for some reason!).
+</font></p><p>
+
+<font size="3">Kerberos employs a client/server architecture and
+provides user-to-server authentication rather than host-to-host
+authentication. In this model, security and authentication will be
+based on secret key technology where every host on the network has its
+own secret key. It would clearly be unmanageable if every host had to
+know the keys of all other hosts so a secure, trusted host somewhere on
+the network, known as a Key Distribution Center (KDC), knows the keys
+for all of the hosts (or at least some of the hosts within a portion of
+the network, called a <i>realm</i>). In this way, when a new node is
+brought online, only the KDC and the new node need to be configured
+with the node's key; keys can be distributed physically or by some
+other secure means.
+<br>
+<a name="fig03"><br>
+</a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
+<img src="crypto_files/kerberos.gif">
+<br><br>
+<h4>FIGURE 3: Kerberos architecture.</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><a name="fig03"><br>The Kerberos Server/KDC has two main
+functions (Figure 3), known as the Authentication Server (AS) and
+Ticket-Granting Server (TGS). The steps in establishing an
+authenticated session between an application client and the application
+server are:
+</a></font><p></p>
+<ol>
+<font size="3"><li><a name="fig03">The Kerberos client software
+establishes a connection with the Kerberos server's AS function. The AS
+first authenticates that the client is who it purports to be. The AS
+then provides the client with a secret key for this login session (the <i>TGS session key</i>)
+and a ticket-granting ticket (TGT), which gives the client permission
+to talk to the TGS. The ticket has a finite lifetime so that the
+authentication process is repeated periodically.
+</a></li><li><a name="fig03">The client now communicates with the TGS
+to obtain the Application Server's key so that it (the client) can
+establish a connection to the service it wants. The client supplies the
+TGS with the TGS session key and TGT; the TGS responds with an
+application session key (ASK) and an encrypted form of the Application
+Server's secret key; this secret key is <i>never</i> sent on the network in any other form.
+</a></li><li><a name="fig03">The client has now authenticated itself <i>and</i>
+can prove its identity to the Application Server by supplying the
+Kerberos ticket, application session key, and encrypted Application
+Server secret key. The Application Server responds with similarly
+encrypted information to authenticate itself to the client. At this
+point, the client can initiate the intended service requests (e.g.,
+Telnet, FTP, HTTP, or e-commerce transaction session establishment).
+</a></li></font></ol>
+<p>
+<font size="3"><a name="fig03">The current shipping version of this protocol is Kerberos V5 (described in </a><a href="http://www.rfc-editor.org/rfc/rfc1510.txt">RFC 1510</a>),
+although Kerberos V4 still exists and is seeing some use. While the
+details of their operation, functional capabilities, and message
+formats are different, the conceptual overview above pretty much holds
+for both. One primary difference is that Kerberos V4 uses only DES to
+generate keys and encrypt messages, while V5 allows other schemes to be
+employed (although DES is still the most widely algorithm used).
+</font></p>
+<font size="3"><a name="pkcca"><h3>4.3. Public Key Certificates and Certificate Authorities</h3></a>
+</font><p>
+<font size="3"><i>Certificates</i> and <i>Certificate Authorities (CA)</i>
+are necessary for widespread use of cryptography for e-commerce
+applications. While a combination of secret and public key cryptography
+can solve the business issues discussed above, crypto cannot alone
+address the trust issues that must exist between a customer and vendor
+in the very fluid, very dynamic e-commerce relationship. How, for
+example, does one site obtain another party's public key? How does a
+recipient determine if a public key really belongs to the sender? How
+does the recipient know that the sender is using their public key for a
+legitimate purpose for which they are authorized? When does a public
+key expire? How can a key be revoked in case of compromise or loss?
+</font></p><p>
+<font size="3">The basic concept of a certificate is one that is
+familiar to all of us. A driver's license, credit card, or SCUBA
+certification, for example, identify us to others, indicate something
+that we are authorized to do, have an expiration date, and identify the
+authority that granted the certificate.
+</font></p><p>
+<font size="3">As complicated as this may sound, it really isn't!
+Consider driver's licenses. I have one issued by the State of Vermont.
+The license establishes my identity, indicates the type of vehicles
+that I can operate and the fact that I must wear corrective lenses
+while doing so, identifies the issuing authority, and notes that I am
+an organ donor. When I drive outside of Vermont, the other
+jurisdictions throughout the U.S. recognize the authority of Vermont to
+issue this "certificate" and they trust the information it contains.
+Now, when I leave the U.S., everything changes. When I am in Canada and
+many other countries, they will accept not the Vermont license, per se,
+but <i>any</i> license issued in the U.S.; some other countries may
+not recognize the Vermont driver's license as sufficient bona fides
+that I can drive. This analogy represents the certificate chain, where
+even certificates carry certificates.
+</font></p><p>
+<font size="3">For purposes of electronic transactions, certificates are digital documents. The specific functions of the certificate include:
+</font></p><ul>
+<font size="3"><li><i>Establish identity:</i> Associate, or <i>bind</i>, a public key to an individual, organization, corporate position, or other entity.
+</li><li><i>Assign authority:</i> Establish what actions the holder may or may not take based upon this certificate.
+</li><li><i>Secure confidential information</i> (e.g., encrypting the session's symmetric key for data confidentiality).
+</li></font></ul>
+<p>
+<font size="3">Typically, a certificate contains a public key, a name,
+an expiration date, the name of the authority that issued the
+certificate (and, therefore, is vouching for the identity of the user),
+a serial number, any pertinent policies describing how the certificate
+was issued and/or how the certificate may be used, the digital
+signature of the certificate issuer, and perhaps other information.
+<br>
+<a name="fig04"><br>
+</a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
+<img src="crypto_files/crypto_cert.gif">
+<br><br>
+<h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Netscape Navigator V4.</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><a name="fig04"><br>
+</a></font><p>
+<font size="3"><a name="fig04">A sample abbreviated certificate is
+shown in Figure 4. This is a typical certificate found in a browser;
+while this one is issued by GTE Cybertrust, many so-called root-level
+certificates can be found shipped with browsers. When the browser makes
+a connection to a secure Web site, the Web server sends its public key
+certificate to the browser. The browser then checks the certificate's
+signature against the public key that it has stored; if there is a
+match, the certificate is taken as valid and the Web site verified by
+this certificate is considered to be "trusted."
+</a></font></p>
+<font size="3"><a name="tab02"></a></font><center>
+<table border="1" cellpadding="4">
+<caption>
+<b>TABLE 2. Contents of an X.509 V3 Certificate.</b>
+</caption>
+<tbody><tr><td>
+<ul>
+version number<br>
+certificate serial number<br>
+signature algorithm identifier<br>
+issuer's name and unique identifier<br>
+validity (or operational) period<br>
+subject's name and unique identifier<br>
+subject public key information<br>
+standard extensions<br>
+<ul>
+certificate appropriate use definition<br>
+key usage limitation definition<br>
+certificate policy information<br>
+</ul>
+other extensions<br>
+<ul>
+Application-specific<br>
+CA-specific<br>
+</ul>
+</ul>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+</font><p>
+<font size="3">The most widely accepted certificate format is the one
+defined in International Telecommunication Union Telecommunication
+Standardization Sector (ITU-T) Recommendation X.509. Rec. X.509 is a
+specification used around the world and any applications complying with
+X.509 can share certificates. Most certificates today comply with X.509
+Version 3 and contain the information listed in Table 2.
+</font></p><p>
+<font size="3">Certificate authorities are the repositories for
+public-keys and can be any agency that issues certificates. A company,
+for example, may issue certificates to its employees, a
+college/university to its students, a store to its customers, an
+Internet service provider to its users, or a government to its
+constituents. </font></p><p>
+<font size="3">When a sender needs an intended receiver's public key,
+the sender must get that key from the receiver's CA. That scheme is
+straight-forward if the sender and receiver have certificates issued by
+the same CA. If not, how does the sender know to <i>trust</i> the
+foreign CA? One industry wag has noted, about trust: "You are either
+born with it or have it granted upon you." Thus, some CAs will be
+trusted because they are known to be reputable, such as the CAs
+operated by AT&amp;T, BBN, Canada Post Corp., CommerceNet, <a href="http://www.bbn.com/products/security/cytrust/">GTE Cybertrust</a>, MCI, Nortel <a href="http://www.entrust.com/">EnTrust</a>, <a href="http://www.thawte.com/">Thawte</a>, the U.S. Postal Service, and <a href="http://www.verisign.com/">VeriSign</a>.
+CAs, in turn, form trust relationships with other CAs. Thus, if a user
+queries a foreign CA for information, the user may ask to see a list of
+CAs that establish a "chain of trust" back to the user.
+</font></p><p>
+<font size="3">One major feature to look for in a CA is their
+identification policies and procedures. When a user generates a key
+pair and forwards the public key to a CA, the CA has to check the
+sender's identification and takes any steps necessary to assure itself
+that the request is really coming from the advertised sender. Different
+CAs have different identification policies and will, therefore, be
+trusted differently by other CAs. Verification of identity is just of
+many issues that are part of a CA's Certification Practice Statement
+(CPS) and policies; other issues include how the CA protects the public
+keys in its care, how lost or compromised keys are revoked, and how the
+CA protects its own private keys.
+</font></p>
+<font size="3"><a name="trustsumm"><h3>4.4. Summary</h3></a>
+</font><p>
+<font size="3">The paragraphs above describe three very different trust
+models. It is hard to say that any one is better than the others; it
+depend upon your application. One of the biggest and fastest growing
+applications of cryptography today, though, is electronic commerce
+(e-commerce), a term that itself begs for a formal definition.
+</font></p><p>
+<font size="3">PGP's web of trust is easy to maintain and very much
+based on the reality of users as people. The model, however, is
+limited; just how many public keys can a single user reliably store and
+maintain? And what if you are using the "wrong" computer when you want
+to send a message and can't access your keyring? How easy it is to
+revoke a key if it is compromised? PGP may also not scale well to an
+e-commerce scenario of secure communication between total strangers on
+short-notice.
+</font></p><p>
+<font size="3">Kerberos overcomes many of the problems of PGP's web of
+trust, in that it is scalable and its scope can be very large. However,
+it also requires that the Kerberos server have <i>a priori</i>
+knowledge of all client systems prior to any transactions, which makes
+it unfeasible for "hit-and-run" client/server relationships as seen in
+e-commerce.
+</font></p><p>
+<font size="3">Certificates and the collection of CAs will form a
+Public Key Infrastructure (PKI). In the early days of the Internet,
+every host had to maintain a list of every other host; the Domain Name
+System (DNS) introduced the idea of a distributed database for this
+purpose and the DNS is one of the key reasons that the Internet has
+grown as it has. A PKI will fill a similar void in the e-commerce and
+PKC realm.
+</font></p><p>
+<font size="3">While certificates and the benefits of a PKI are most
+often associated with electronic commerce, the applications for PKI are
+much broader and include secure electronic mail, payments and
+electronic checks, Electronic Data Interchange (EDI), secure transfer
+of Domain Name System (DNS) and routing information, electronic forms,
+and digitally signed documents. A single "global PKI" is still many
+years away, that is the ultimate goal of today's work as international
+electronic commerce changes the way in which we do business in a
+similar way in which the Internet has changed the way in which we
+communicate.
+</font></p>
+<font size="3"><br>
+
+</font><center><h3><font size="3"><font color="blue" face="arial"><a name="algorithms">5. CRYPTOGRAPHIC ALGORITHMS IN ACTION</a></font></font></h3></center>
+<p>
+<font size="3">The paragraphs above have provided an overview of the
+different types of cryptographic algorithms, as well as some examples
+of some available protocols and schemes. Table 3 provides an even
+longer list of some of the schemes employed today for a variety of
+functions, most notably electronic commerce. The paragraphs below will
+show several real cryptographic applications that many of us employ
+(knowingly or not) everyday; for password protection and private
+communication.
+</font></p>
+<font size="3"><br>
+<a name="tab03"></a>
+<table align="center" border="1" cellpadding="5" width="80%">
+<caption><b>TABLE 3. Other Crypto Algorithms and Systems of Note.<br><br></b></caption>
+
+<tbody><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/keyrecovery/cap.txt">Capstone</a>
+</td><td valign="top" width="60%">A now-defunct U.S. National Institute
+of Standards and Technology (NIST) and National Security Agency (NSA)
+project under the Bush Sr. and Clinton administrations for publicly
+available strong cryptography with keys escrowed by the government
+(NIST and the Treasury Dept.). Capstone included in one or more
+tamper-proof computer chips for implementation (Clipper), a secret key
+encryption algorithm (Skipjack), digital signature algorithm (DSA), key
+exchange algorithm (KEA), and hash algorithm (SHA).
+</td></tr><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/keyrecovery/clip.txt">Clipper</a>
+</td><td valign="top" width="60%">The computer chip that would implement the Skipjack encryption scheme. See also EPIC's <a href="http://www.epic.org/crypto/clipper/"> The Clipper Chip</a> Web page.
+
+</td></tr><tr><td valign="top" width="20%">Escrowed Encryption Standard (EES)
+</td><td valign="top" width="60%">Largely unused, a controversial
+crypto scheme employing the SKIPJACK secret key crypto algorithm and a
+Law Enforcement Access Field (LEAF) creation method. LEAF was one part
+of the key escrow system and allowed for decryption of ciphertext
+messages that had been legally intercepted by law enforcement agencies.
+Described more in <a href="http://www.itl.nist.gov/fipspubs/fip185.htm"> FIPS 185</a>.
+
+</td></tr><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/publications/fips/index.html">Federal Information Processing Standards (FIPS)</a>
+</td><td valign="top" width="60%">These computer security- and
+crypto-related FIPS are produced by the U.S. National Institute of
+Standards and Technology (NIST) as standards for the U.S. Government.
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.rsasecurity.com/rsalabs/faq/6-2-6.html">Fortezza (formerly called Tessera)</a>
+</td><td valign="top" width="60%">A PCMCIA card developed by NSA that
+implements the Capstone algorithms, intended for use with the Defense
+Messaging Service (DMS).
+<a name="tab03-ipsec"></a>
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/ipsec-charter.html">IP Security Protocol (IPsec)</a>
+</td><td valign="top" width="60%">The IPsec protocol suite is used to
+provide privacy and authentication services at the IP layer. An
+overview of the protocol suite and of the documents comprising IPsec
+can be found in <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a>. Other documents include:
+<ul>
+<li><a href="http://www.rfc-editor.org/rfc/rfc2401.txt">RFC 2401</a>: IP security architecture.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2402.txt">RFC 2402</a>:
+IP Authentication Header (AH), one of the two primary IPsec functions;
+AH provides connectionless integrity and data origin authentication for
+IP datagrams and protects against replay attacks.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>: Describes use of the HMAC with MD5 algorithm for data origin authentication and integrity protection in both AH and ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>: Describes use of the HMAC with SHA-1 algorithm for data origin authentication and integrity protection in both AH and ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>: Describes use of DES-CBC (DES in Cipher Block Chaining Mode) for confidentiality in ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2406.txt">RFC 2406</a>:
+IP Encapsulating Security Payload (ESP), the other primary IPsec
+function; ESP provides a variety of security services within IPsec.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a>: Describes the application of ISAKMP to IPsec.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>: Describes ISAKMP, a framework for key management and security associations.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>:
+The Internet Key Exchange (IKE) algorithm, using part of Oakley and
+part of SKEME in conjunction with ISAKMP to obtain authenticated keying
+material for use with ISAKMP, and for other security associations such
+as AH and ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>: Defines use of the NULL encryption algorithm (i.e., provides authentication and integrity without confidentiality) in ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>: Describes OAKLEY, a key determination and distribution protocol.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>: Describes use of Cipher Block Chaining (CBC) mode cipher algorithms with ESP.
+</li><li>RFCs <a href="http://www.rfc-editor.org/rfc/rfc2522.txt">2522</a> and <a href="http://www.rfc-editor.org/rfc/rfc2523.txt">2523</a>: Description of Photuris, a session-key management protocol for IPsec.
+</li></ul>
+<p>
+IPsec was first proposed for use with IP version 6 (IPv6), but can also be employed with the current IP version, IPv4.
+</p><p>
+(See more detail about IPsec below in <a href="#ipsec">Section 5.6</a>.)
+
+</p></td></tr><tr><td valign="top" width="20%"><a href="http://cio.cisco.com/public/library/isakmp">Internet Security Association and Key Management Protocol (ISAKMP/OAKLEY)</a>
+</td><td valign="top" width="60%">ISAKMP/OAKLEY provide an infrastructure for Internet secure communications. ISAKMP, designed by the <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> and described in <a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>,
+is a framework for key management and security associations,
+independent of the key generation and cryptographic algorithms actually
+employed. The OAKLEY Key Determination Protocol, described in <a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>, is a key determination and distribution protocol using a variation of Diffie-Hellman.
+
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.pdc.kth.se/kth-krb/">Kerberos</a>
+</td><td valign="top" width="60%">A secret-key encryption and
+authentication system, designed to authenticate requests for network
+resources within a user domain rather than to authenticate messages.
+Kerberos also uses a trusted third-party approach; a client
+communications with the Kerberos server to obtain "credentials" so that
+it may access services at the application server. Kerberos V4 uses DES
+to generate keys and encrypt messages; DES is also commonly used in
+Kerberos V5, although other schemes could be employed.
+<p>Microsoft added support for Kerberos V5 &#8212; with some proprietary
+extensions &#8212; in Windows 2000. There are many Kerberos articles posted
+at Microsoft's <a href="http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO">Knowledge Base</a>, notably "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q217098">Basic Overview of Kerberos User Authentication Protocol in Windows 2000</a>," "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q230669">Windows 2000 Kerberos 5 Ticket Flags and KDC Options for AS_REQ and TGS_REQ Messages</a>," and "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q232179">Kerberos Administration in Windows 2000</a>."
+
+</p></td></tr><tr><td valign="top" width="20%">Keyed-Hash Message Authentication Code (HMAC)
+</td><td valign="top" width="60%">A message authentication scheme based
+upon secret key cryptography and the secret key shared between two
+parties rather than public key methods. Described in <a href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf"> FIPS 198</a> and <a href="http://www.rfc-editor.org/rfc/rfc2104.txt">RFC 2104</a>.
+
+</td></tr><tr><td valign="top" width="20%"><a href="http://web.textfiles.com/software/sfs7.txt"> Message Digest Cipher (MDC)</a>
+</td><td valign="top" width="60%">Invented by <a href="http://www.cs.auckland.ac.nz/%7Epgut001/"> Peter Gutman</a>, MDC turns a one-way hash function into a block cipher.
+
+</td></tr><tr><td valign="top" width="20%">MIME Object Security Standard (MOSS)
+</td><td valign="top" width="60%">Designed as a successor to PEM to provide PEM-based security services to MIME messages.
+
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.pgp.com/">Pretty Good Privacy (PGP)</a>
+</td><td valign="top" width="60%">A family of cryptographic routines
+for e-mail and file storage applications developed by Philip
+Zimmermann. PGP 2.6.x uses RSA for key management and digital
+signatures, IDEA for message encryption, and MD5 for computing the
+message's hash value; more information can also be found in <a href="http://www.rfc-editor.org/rfc/rfc1991.txt">RFC 1991</a>.
+PGP 5.x (formerly known as "PGP 3") uses Diffie-Hellman/DSS for key
+management and digital signatures; IDEA, CAST, or 3DES for message
+encryption; and MD5 or SHA for computing the message's hash value.
+OpenPGP, described in <a href="http://www.rfc-editor.org/rfc/rfc2440.txt">RFC 2440</a>, is an open definition of security software based on PGP 5.x.
+<p>
+(See more detail about PGP below in <a href="#pgp">Section 5.5</a>.)
+
+</p></td></tr><tr><td valign="top" width="20%">Privacy Enhanced Mail (PEM)
+</td><td valign="top" width="60%">Provides secure electronic mail over
+the Internet and includes provisions for encryption (DES),
+authentication, and key management (DES, RSA). May be superseded by
+S/MIME and PEM-MIME. Developed by IETF PEM Working Group and defined in
+four RFCs:
+<li><a href="http://www.rfc-editor.org/rfc/rfc1421.txt">RFC 1421</a>: Part I, Message Encryption and Authentication Procedures
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc1422.txt">RFC 1422</a>: Part II, Certificate-Based Key Management
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc1423.txt">RFC 1423</a>: Part III, Algorithms, Modes, and Identifiers
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc1424.txt">RFC 1424</a>: Part IV, Key Certification and Related Services
+
+
+</li></td></tr><tr><td valign="top" width="20%">Private Communication Technology (PCT)
+</td><td valign="top" width="60%">Developed by Microsoft and Visa for
+secure communication on the Internet. Similar to SSL, PCT supports
+Diffie-Hellman, Fortezza, and RSA for key establishment; DES, RC2, RC4,
+and triple-DES for encryption; and DSA and RSA message signatures. A
+companion to SET.
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.mastercard.com/set/">Secure Electronic Transactions (SET)</a>
+</td><td valign="top" width="60%">A merging of two other protocols:
+SEPP (Secure Electronic Payment Protocol), an open specification for
+secure bank card transactions over the Internet, developed by
+CyberCash, GTE, IBM, MasterCard, and Netscape; and STT (Secure
+Transaction Technology), a secure payment protocol developed by
+Microsoft and Visa International. Supports DES and RC4 for encryption,
+and RSA for signatures, key exchange, and public-key encryption of bank
+card numbers. SET is a companion to the PCT protocol.
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/wts-charter.html">Secure Hypertext Transfer Protocol (S-HTTP)</a>
+</td><td valign="top" width="60%">An extension to HTTP to provide
+secure exchange of documents over the World Wide Web. Supported
+algorithms include RSA and Kerberos for key exchange, DES, IDEA, RC2,
+and Triple-DES for encryption.
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/smime-charter.html">Secure Multipurpose Internet Mail Extensions (S/MIME)</a>
+</td><td valign="top" width="60%">An IETF secure e-mail scheme intended to supercede PEM. S/MIME, described in RFCs <a href="http://www.rfc-editor.org/rfc/rfc2311.txt">2311</a> and <a href="http://www.rfc-editor.org/rfc/rfc2312.txt">2312</a>, adds digital signature and encryption capability to Internet MIME messages.
+
+</td></tr><tr><td valign="top" width="20%"><a href="http://home.netscape.com/eng/ssl3/ssl-toc.html">Secure Sockets Layer (SSL)</a>
+</td><td valign="top" width="60%">Developed by Netscape Communications
+to provide application-independent security and privacy over the
+Internet. SSL is designed so that protocols such as HTTP, FTP (File
+Transfer Protocol), and Telnet can operate over it transparently. SSL
+allows both server authentication (mandatory) and client authentication
+(optional). RSA is used during negotiation to exchange keys and
+identify the actual cryptographic algorithm (DES, IDEA, RC2, RC4, or
+3DES) to use for the session. SSL also uses MD5 for message digests and
+X.509 public-key certificates. (Found to be breakable soon after the
+IETF announced formation of group to work on TLS.)
+<p>
+(See more detail about SSL below in <a href="#ssl">Section 5.7</a>.)
+
+</p></td></tr><tr><td valign="top" width="20%"><a href="http://www.microsoft.com/security/tech/sgc/default.asp?ID=26&amp;Parent=4"> Server Gated Cryptography (SGC)</a>
+</td><td valign="top" width="60%">Microsoft extension to SSL that
+provides strong encryption for online banking and other financial
+applications using RC2 (128-bit key), RC4 (128-bit key), DES (56-bit
+key), or 3DES (equivalent of 168-bit key). Use of SGC requires a
+Windows NT Server running Internet Information Server (IIS) 4.0 with a
+valid SGC certificate. SGC is available in 32-bit Windows versions of
+Internet Explorer (IE) 4.0, and support for Mac, Unix, and 16-bit
+Windows versions of IE is expected in the future.
+</td></tr><tr><td valign="top" width="20%"><a href="http://skip.incog.com/">Simple Key-Management for Internet Protocol (SKIP)</a>
+</td><td valign="top" width="60%">Key management scheme for secure IP
+communication, specifically for IPsec, and designed by Aziz and Diffie.
+SKIP essentially defines a public key infrastructure for the Internet
+and even uses X.509 certificates. Most public key cryptosystems assign
+keys on a per-session basis, which is inconvenient for the Internet
+since IP is connectionless. Instead, SKIP provides a basis for secure
+communication between any pair of Internet hosts. SKIP can employ DES,
+3DES, IDEA, RC2, RC5, MD5, and SHA-1.
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/tls-charter.html">Transport Layer Security (TLS)</a>
+</td><td valign="top" width="60%">IETF specification (<a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>)
+intended to replace SSL. Employs Triple-DES (secret key cryptography),
+SHA (hash), Diffie-Hellman (key exchange), and DSS (digital
+signatures).
+<p>
+(See more detail about TLS below in <a href="#ssl">Section 5.7</a>.)
+
+</p></td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/pkix-charter.html">X.509</a>
+</td><td valign="top" width="60%">ITU-T recommendation for the format
+of certificates for the public key infrastructure. Certificates map
+(bind) a user identity to a public key. The IETF application of X.509
+certificates is documented in <a href="http://www.rfc-editor.org/rfc/rfc2459.txt">RFC 2459</a>. An Internet X.509 Public Key Infrastructure is further defined in <a href="http://www.rfc-editor.org/rfc/rfc2510.txt">RFC 2510</a> (Certificate Management Protocols) and <a href="http://www.rfc-editor.org/rfc/rfc2527.txt">RFC 2527</a> (Certificate Policy and Certification Practices Framework).
+</td></tr></tbody></table>
+
+<br><br>
+<a name="password"><h3>5.1. Password Protection</h3></a>
+</font><p>
+<font size="3">Nearly all modern multiuser computer and network
+operating systems employ passwords at the very least to protect and
+authenticate users accessing computer and/or network resources. But
+passwords are <i>not</i> typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme.</font></p>
+
+<font size="3"><a name="fig05"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td>
+<pre><b>A) /etc/passwd file</b>
+
+ root:Jbw6BwE4XoUHo:0:0:root:/root:/bin/bash
+ carol:FM5ikbQt1K052:502:100:Carol Monaghan:/home/carol:/bin/bash
+ alex:LqAi7Mdyg/HcQ:503:100:Alex Insley:/home/alex:/bin/bash
+ gary:FkJXupRyFqY4s:501:100:Gary Kessler:/home/gary:/bin/bash
+ todd:edGqQUAaGv7g6:506:101:Todd Pritsky:/home/todd:/bin/bash
+ josh:FiH0ONcjPut1g:505:101:Joshua Kessler:/home/webroot:/bin/bash
+
+<b>B.1) /etc/passwd file (with shadow passwords)</b>
+
+ root:x:0:0:root:/root:/bin/bash
+ carol:x:502:100:Carol Monaghan:/home/carol:/bin/bash
+ alex:x:503:100:Alex Insley:/home/alex:/bin/bash
+ gary:x:501:100:Gary Kessler:/home/gary:/bin/bash
+ todd:x:506:101:Todd Pritsky:/home/todd:/bin/bash
+ josh:x:505:101:Joshua Kessler:/home/webroot:/bin/bash
+
+<b>B.2) /etc/shadow file</b>
+
+ root:AGFw$1$P4u/uhLK$l2.HP35rlu65WlfCzq:11449:0:99999:7:::
+ carol:kjHaN%35a8xMM8a/0kMl1?fwtLAM.K&amp;kw.:11449:0:99999:7:::
+ alex:1$1KKmfTy0a7#3.LL9a8H71lkwn/.hH22a:11449:0:99999:7:::
+ gary:9ajlknknKJHjhnu7298ypnAIJKL$Jh.hnk:11449:0:99999:7:::
+ todd:798POJ90uab6.k$klPqMt%alMlprWqu6$.:11492:0:99999:7:::
+ josh:Awmqpsui*787pjnsnJJK%aappaMpQo07.8:11492:0:99999:7:::
+</pre>
+<p>
+</p><h4>FIGURE 5: Sample entries in Unix/Linux password files.</h4>
+</td></tr></tbody></table>
+</center>
+
+<p>
+<font size="3">Unix/Linux, for example, uses a well-known hash via its <i>crypt()</i> function. Passwords are stored in the <i>/etc/passwd</i>
+file (Figure 5A); each record in the file contains the username, hashed
+password, user's individual and group numbers, user's name, home
+directory, and shell program; these fields are separated by colons (:).
+Note that each password is stored as a 13-byte string. The first two
+characters are actually a <i>salt</i>, randomness added to each
+password so that if two users have the same password, they will still
+be encrypted differently; the salt, in fact, provides a means so that a
+single password might have 4096 different encryptions. The remaining 11
+bytes are the password hash, calculated using DES.</font></p>
+<p>
+<font size="3">As it happens, the <i>/etc/passwd</i> file is
+world-readable on Unix systems. This fact, coupled with the weak
+encryption of the passwords, resulted in the development of the <i>shadow password</i>
+system where passwords are kept in a separate, non-world-readable file
+used in conjunction with the normal password file. When shadow
+passwords are used, the password entry in <i>/etc/passwd</i> is replaced with a "*" or "x" (Figure 5B.1) and the MD5 hash of the passwords are stored in <i>/etc/shadow</i> along with some other account information (Figure 5B.2).</font></p>
+<font size="3"><br>
+</font><p>
+<font size="3">Windows NT uses a similar scheme to store passwords in
+the Security Access Manager (SAM) file. In the NT case, all passwords
+are hashed using the MD4 algorithm, resulting in a 128-bit (16-byte)
+hash value (they are then <i>obscured</i> using an undocumented mathematical transformation that was a secret until distributed on the Internet). The password <font face="courier">password</font>, for example, might be stored as the hash value (in hexadecimal) <font face="courier">60771b22d73c34bd4a290a79c8b09f18</font>.</font></p>
+<p>
+<font size="3">Passwords are not saved in plaintext on computer systems
+precisely so they cannot be easily compromised. For similar reasons, we
+don't want passwords sent in plaintext across a network. But for remote
+logon applications, how does a client system identify itself or a user
+to the server? One mechanism, of course, is to send the password as a
+hash value and that, indeed, may be done. A weakness of that approach,
+however, is that an intruder can grab the password off of the network
+and use an off-line attack (such as a <i>dictionary attack</i> where
+an attacker takes every known word and encrypts it with the network's
+encryption algorithm, hoping eventually to find a match with a
+purloined password hash). In some situations, an attacker only has to
+copy the hashed password value and use it later on to gain unauthorized
+entry without ever learning the actual password.</font></p>
+<p>
+<font size="3">An even stronger authentication method uses the password
+to modify a shared secret between the client and server, but never
+allows the password in any form to go across the network. This is the
+basis for the Challenge Handshake Authentication Protocol (CHAP), the
+remote logon process used by Windows NT.</font></p>
+<p>
+<font size="3">As suggested above, Windows NT passwords are stored in a
+security file on a server as a 16-byte hash value. In truth, Windows NT
+stores <i>two</i> hashes; a weak hash based upon the old LAN Manager
+(LanMan) scheme and the newer NT hash. When a user logs on to a server
+from a remote workstation, the user is identified by the username, sent
+across the network in plaintext (no worries here; it's not a secret
+anyway!). The server then generates a 64-bit random number and sends it
+to the client (also in plaintext). This number is the <i>challenge</i>.</font></p>
+<p>
+<font size="3">Using the LanMan scheme, the client system then encrypts
+the challenge using DES. Recall that DES employs a 56-bit key, acts on
+a 64-bit block of data, and produces a 64-bit output. In this case, the
+64-bit data block is the random number. The client actually uses three
+different DES keys to encrypt the random number, producing three
+different 64-bit outputs. The first key is the first seven bytes (56
+bits) of the password's hash value, the second key is the next seven
+bytes in the password's hash, and the third key is the remaining two
+bytes of the password's hash concatenated with five zero-filled bytes.
+(So, for the example above, the three DES keys would be <font face="courier">60771b22d73c34</font>, <font face="courier">bd4a290a79c8b0</font>, and <font face="courier">9f180000000000</font>.) Each key is applied to the random number resulting in three 64-bit outputs, which comprise the <i>response</i>.
+Thus, the server's 8-byte challenge yields a 24-byte response from the
+client and this is all that would be seen on the network. The server,
+for its part, does the same calculation to ensure that the values match.</font></p>
+<p>
+<font size="3">There is, however, a significant weakness to this
+system. Specifically, the response is generated in such a way as to
+effectively reduce 16-byte hash to three smaller hashes, of length
+seven, seven, and two. Thus, a password cracker has to break at most a
+7-byte hash. One Windows NT vulnerability test program that I have used
+in the past will report passwords that are "too short," defined as
+"less than 8 characters." When I asked how the program knew that
+passwords were too short, the software's salespeople suggested to me
+that the program broke the passwords to determine their length. This is
+undoubtedly not true; all the software really has to do is look at the
+second 7-byte block and some known value indicates that it is empty,
+which would indicate a password of seven or less characters.</font></p>
+<p>
+<font size="3">Consider the following example, showing the LanMan hash
+of two different short passwords (take a close look at the last 8
+bytes):</font></p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td align="left">AA:
+</td><td><font face="courier">89D42A44E77140AAAAD3B435B51404EE</font>
+</td></tr><tr>
+<td align="left">AAA:
+</td><td><font face="courier">1C3A2B6D939A1021AAD3B435B51404EE</font>
+</td></tr></tbody></table>
+
+<p>
+<font size="3">Note that the NT hash provides no such clue:</font></p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td align="left">AA:
+</td><td><font face="courier">C5663434F963BE79C8FD99F535E7AAD8</font>
+</td></tr><tr>
+<td align="left">AAA:
+</td><td><font face="courier">6B6E0FB2ED246885B98586C73B5BFB77</font>
+</td></tr></tbody></table>
+
+<p>
+<font size="3">It is worth noting that the discussion above describes the Microsoft version of CHAP, or MS-CHAP (MS-CHAPv2 is described in <a href="http://www.rfc-editor.org/rfc/rfc2759.txt">RFC 2759</a>).
+MS-CHAP assumes that it is working with hashed values of the password
+as the key to encrypting the challenge. More traditional CHAP (<a href="http://www.rfc-editor.org/rfc/rfc2510.txt">RFC 1994</a>)
+assumes that it is starting with passwords in plaintext. The relevance
+of this observation is that a CHAP client, for example, cannot be
+authenticated by an MS-CHAP server; both client and server must use the
+same CHAP version.</font></p>
+
+<font size="3"><a name="dhmath"><h3>5.2. Some of the Finer Details of Diffie-Hellman</h3></a>
+</font><p>
+<font size="3">The first published public-key crypto algorithm was
+Diffie-Hellman. The mathematical "trick" of this scheme is that it is
+relatively easy to compute exponents compared to computing discrete
+logarithms. Diffie-Hellman allows two parties &#8212; the ubiquitous Alice
+and Bob &#8212; to generate a secret key; they need to exchange some
+information over an unsecure communications channel to perform the
+calculation but an eavesdropper cannot determine the shared key based
+upon this information.</font></p>
+<p>
+<font size="3">Diffie-Hellman works like this. Alice and Bob start by agreeing on a large prime number, <i>n</i>. They also have to choose some number <i>g</i> so that g&lt;n.</font></p>
+<p>
+<font size="3">There is actually another constraint on g, specifically that it must be primitive with respect to n. <i>Primitive</i> is a definition that is a little beyond the scope of our discussion but basically g is primitive to n if we can find integers <i>i</i> so that g<sup>i</sup>
+= j mod n for all values of j from 1 to n-1. As an example, 2 is not
+primitive to 7 because the set of powers of 2 from 1 to 6, mod 7 =
+{2,4,1,2,4,1}. On the other hand, 3 is primitive to 7 because the set
+of powers of 3 from 1 to 6, mod 7 = {3,2,6,4,5,1}.</font></p>
+<p>
+<font size="3">(The definition of primitive introduced a new term to some readers, namely <i>mod</i>. The phrase <i>x mod y</i> (and read as written!) means "take the remainder after dividing x by y." Thus, 1 mod 7 = 1, 9 mod 6 = 3, and 8 mod 8 = 0.)</font></p>
+<p>
+<font size="3">Anyway, either Alice or Bob selects n and g; they then
+tell the other party what the values are. Alice and Bob then work
+independently:</font></p>
+
+<center>
+<table border="0" cellpadding="15" cellspacing="5">
+<tbody><tr>
+<td>
+<center><b>Alice...</b></center><br>
+Choose a large random number, <i>x</i><br>
+Send to Bob: X = g<sup><i>x</i></sup> mod n<br>
+Compute: K<sub>A</sub> = Y<sup><i>x</i></sup> mod n<br>
+</td><td>
+<center><b>Bob...</b></center><br>
+Choose a large random number, <i>y</i><br>
+Send to Alice: Y = g<sup><i>y</i></sup> mod n<br>
+Compute: K<sub>B</sub> = X<sup><i>y</i></sup> mod n<br>
+</td></tr></tbody></table>
+</center>
+
+<p>
+<font size="3">Note that <i>x</i> and <i>y</i> are kept secret while X
+and Y are openly shared; these are the private and public keys,
+respectively. Based on their own private key and the public key learned
+from the other party, Alice and Bob have computed their secret keys, K<sub>A</sub> and K<sub>B</sub>, respectively, which are equal to g<sup><i>xy</i></sup> mod n.</font></p>
+<p>
+<font size="3">Perhaps a small example will help here. Although Alice
+and Bob will really choose large values for n and g, I will use small
+values for example only; let's use n=7 and g=3.</font></p>
+
+<center>
+<table border="0" cellpadding="15" cellspacing="5">
+<tbody><tr>
+<td>
+<center><b>Alice...</b></center><br>
+Choose <i>x</i>=2<br>
+Send to Bob: X = 3<sup>2</sup> mod 7 = 2<br>
+K<sub>A</sub> = 6<sup>2</sup> mod 7 = 1<br>
+</td><td>
+<center><b>Bob...</b></center><br>
+Choose <i>y</i>=3<br>
+Send to Alice: Y = 3<sup>3</sup> mod 7 = 6<br>
+K<sub>B</sub> = 2<sup>3</sup> mod 7 = 1<br>
+</td></tr></tbody></table>
+</center>
+
+<p>
+<font size="3">In this example, then, Alice and Bob will both find the secret key 1 which is, indeed, 3<sup>6</sup>
+mod 7. If an eavesdropper (Mallory) was listening in on the information
+exchange between Alice and Bob, he would learn g, n, X, and Y which is
+a lot of information but insufficient to compromise the key; as long as
+<i>x</i> and <i>y</i> remain unknown, K is safe. As said above, calculating X as g<sup><i>x</i></sup> is a lot easier than finding <i>x</i> as log<sub>g</sub> X!</font></p>
+<blockquote>
+<p>
+<font size="3"><b>A short digression on modulo arithmetic.</b> In the paragraph above, we noted that 3<sup>6</sup> mod 7 = 1. This can be confirmed, of course, by noting that:</font></p>
+<p align="center">
+<font size="3">3<sup>6</sup> = 729 = 104*7 + 1</font></p>
+<p>
+<font size="3">There is a nice property of modulo arithmetic, however,
+that makes this determination a little easier, namely: (a mod x)(b mod
+x) = (ab mod x). Therefore, one possible shortcut is to note that 3<sup>6</sup> = (3<sup>3</sup>)(3<sup>3</sup>). Therefore, 3<sup>6</sup> mod 7 = (3<sup>3</sup> mod 7)(3<sup>3</sup> mod 7) = (27 mod 7)(27 mod 7) = 6*6 mod 7 = 36 mod 7 = 1.</font></p>
+</blockquote>
+<p>
+<font size="3">Diffie-Hellman can also be used to allow key sharing
+amongst multiple users. Note again that the Diffie-Hellman algorithm is
+used to generate secret keys, not to encrypt and decrypt messages. </font></p>
+
+<font size="3"><a name="rsamath"><h3>5.3. Some of the Finer Details of RSA Public-Key Cryptography</h3></a>
+</font><p>
+<font size="3">Unlike Diffie-Hellman, RSA can be used for key exchange
+as well as digital signatures and the encryption of small blocks of
+data. Today, RSA is primary used to encrypt the session key used for
+secret key encryption (message integrity) or the message's hash value
+(digital signature). RSA's mathematical hardness comes from the ease in
+calculating large numbers and the difficulty in finding the prime
+factors of those large numbers. Although employed with numbers using
+hundreds of digits, the math behind RSA is relatively straight-forward.</font></p>
+<p>
+<font size="3">To create an RSA public/private key pair, here are the basic steps:</font></p>
+<ol>
+<font size="3"><li>Choose two prime numbers, p and q. From these numbers you can calculate the modulus, n = pq.
+</li><li>Select a third number, e, that is relatively prime to (i.e.,
+it does not divide evenly into) the product (p-1)(q-1). The number e is
+the public exponent.
+</li><li>Calculate an integer d from the quotient (ed-1)/[(p-1)(q-1)]. The number d is the private exponent.
+</li></font></ol>
+<p>
+<font size="3">The public key is the number pair (n,e). Although these
+values are publicly known, it is computationally infeasible to
+determine d from n and e if p and q are large enough.</font></p>
+<p>
+<font size="3">To encrypt a message, M, with the public key, create the ciphertext, C, using the equation:</font></p>
+<ul>
+<font size="3">C = M<sup>e</sup> mod n
+</font></ul>
+<p>
+<font size="3">The receiver then decrypts the ciphertext with the private key using the equation:</font></p>
+<ul>
+<font size="3">M = C<sup>d</sup> mod n
+</font></ul>
+<p>
+<font size="3">Now, this might look a bit complex and, indeed, the
+mathematics does take a lot of computer power given the large size of
+the numbers; since p and q may be 100 digits (decimal) or more, d and e
+will be about the same size and n may be over 200 digits. Nevertheless,
+a simple example may help. In this example, the values for p, q, e, and
+d are purposely chosen to be very small and the reader will see exactly
+how badly these values perform, but hopefully the algorithm will be
+adequately demonstrated:</font></p>
+<ol>
+<font size="3"><li>Select p=3 and q=5.
+</li><li>The modulus n = pq = 15.
+</li><li>The value e must be relatively prime to (p-1)(q-1) = (2)(4) = 8. Select e=11
+</li><li>The value d must be chosen so that (ed-1)/[(p-1)(q-1)] is an
+integer. Thus, the value (11d-1)/[(2)(4)] = (11d-1)/8 must be an
+integer. Calculate one possible value, d=3.
+</li><li>Let's say we wish to send the string <b>SECRET</b>. For this
+example, we will convert the string to the decimal representation of
+the ASCII values of the characters, which would be <b>83 69 67 82 69 84</b>.
+</li><li>The sender encrypts each digit one at a time (we have to
+because the modulus is so small) using the public key value
+(e,n)=(11,15). Thus, each ciphertext character C<sub>i</sub>&nbsp;=&nbsp;M<sub>i</sub><sup>11</sup>&nbsp;mod&nbsp;15. The input digit string <b>0x836967826984</b> will be transmitted as <b>0x2c696d286924</b>.
+</li><li>The receiver decrypts each digit using the private key value (d,n)=(3,15). Thus, each plaintext character M<sub>i</sub>&nbsp;=&nbsp;C<sub>i</sub><sup>3</sup>&nbsp;mod&nbsp;15. The input digit string <b>0x2c696d286924</b> will be converted to <b>0x836967826984</b> and, presumably, reassembled as the plaintext string <b>SECRET</b>.
+</li></font></ol>
+<p>
+<font size="3">Again, the example above uses small values for
+simplicity and, in fact, shows the weakness of small values; note that
+4, 6, and 9 do not change when encrypted, and that the values 2 and 8
+encrypt to 8 and 2, respectively. Nevertheless, this simple example
+demonstrates how RSA can be used to exchange information.</font></p>
+
+<p>
+<font size="3">RSA keylengths of 512 and 768 bits are considered to be
+pretty weak. The minimum suggested RSA key is 1024 bits; 2048 and 3072
+bits are even better.</font></p>
+
+<p>
+<font size="3">As an aside, Adam Back (<a href="http://www.cypherspace.org/%7Eadam/">http://www.cypherspace.org/~adam/</a>) wrote a two-line Perl script to implement RSA. It employs <font face="courier">dc</font>, an arbitrary precision arithmetic package that ships with most UNIX systems:</font></p>
+
+<table align="center" border="0">
+<tbody><tr><td>
+<pre>print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",&lt;&gt;
+)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0&lt;X+d*lMLa^*lN%0]dsXx++lMlN/dsM0&lt;J]dsJxp"|dc`
+</pre>
+</td></tr></tbody></table>
+
+<font size="3"><a name="desmath"><h3>5.4. Some of the Finer Details of DES, Breaking DES, and DES Variants</h3></a>
+</font><p>
+<font size="3">The Data Encryption Standard (DES) has been in use since
+the mid-1970s, adopted by the National Bureau of Standards (NBS) [now
+the National Institute for Standards and Technology (NIST)] as Federal
+Information Processing Standard 46 (<a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf">FIPS 46-3</a>) and by the American National Standards Institute (ANSI) as X3.92.</font></p>
+<p>
+<font size="3">As mentioned earlier, DES uses the Data Encryption
+Algorithm (DEA), a secret key block-cipher employing a 56-bit key
+operating on 64-bit blocks. <a href="http://www.itl.nist.gov/div897/pubs/fip81.htm">FIPS 81</a>
+describes four modes of DES operation: Electronic Codebook (ECB),
+Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback
+(OFB). Despite all of these options, ECB is the most commonly deployed
+mode of operation.</font></p>
+<p>
+<font size="3">Although other block ciphers will replace DES, it is
+still interesting to see how DES encryption is performed. Not only is
+it sort of interesting, but DES remains in many products and we will
+continue to see DES for some years to come.</font></p>
+
+<p><font size="3"><b>DES Operational Overview</b></font></p>
+<p>
+<font size="3">DES uses a 56-bit key. In fact, the 56-bit key is
+divided into eight 7-bit blocks and an 8th odd parity bit is added to
+each block (i.e., a "0" or "1" is added to the block so that there are
+an odd number of 1 bits in each 8-bit block). By using the 8 parity
+bits for rudimentary error detection, a DES key is actually 64 bits in
+length for computational purposes (although it only has 56 bits worth
+of randomness, or <i>entropy</i>).</font></p>
+
+<font size="3"><a name="fig06"><br>
+</a></font><center><table border="1"><tbody><tr><td>
+<img src="crypto_files/crypto_des.gif">
+<br><br>
+<h4>FIGURE 6: DES enciphering algorithm.</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><a name="fig06"><br>
+</a></font><p>
+<font size="3"><a name="fig06">DES then acts on 64-bit blocks of the
+plaintext, invoking 16 rounds of permutations, swaps, and substitutes,
+as shown in Figure 6. The standard includes tables describing all of
+the selection, permutation, and expansion operations mentioned below;
+these aspects of the algorithm are not secrets. The basic DES steps are:</a></font></p>
+<ol>
+<font size="3"><li><a name="fig06">The 64-bit block to be encrypted
+undergoes an initial permutation (IP), where each bit is moved to a new
+bit position; e.g., the 1st, 2nd, and 3rd bits are moved to the 58th,
+50th, and 42nd position, respectively.<br><br>
+</a></li><li><a name="fig06">The 64-bit permuted input is divided into two 32-bit blocks, called <i>left</i> and <i>right</i>, respectively. The initial values of the left and right blocks are denoted L<sub>0</sub> and R<sub>0</sub>.<br><br>
+</a></li><li><a name="fig06">There are then 16 rounds of operation on the L and R blocks. During each iteration (where <i>n</i> ranges from 1 to 16), the following formulae apply:
+</a><ul>
+<a name="fig06">L<sub>n</sub> = R<sub>n-1</sub><br>
+R<sub>n</sub> = L<sub>n-1</sub> XOR f(R<sub>n-1</sub>,K<sub>n</sub>)
+</a></ul>
+<a name="fig06">At any given step in the process, then, the new L block
+value is merely taken from the prior R block value. The new R block is
+calculated by taking the bit-by-bit exclusive-OR (XOR) of the prior L
+block with the results of applying the DES cipher function, <i>f</i>, to the prior R block and K<sub>n</sub>. (K<sub>n</sub>
+is a 48-bit value derived from the 64-bit DES key. Each round uses a
+different 48 bits according to the standard's Key Schedule algorithm.)
+</a><p>
+<a name="fig06">The cipher function, f, combines the 32-bit R block
+value and the 48-bit subkey in the following way. First, the 32 bits in
+the R block are expanded to 48 bits by an expansion function (E); the
+extra 16 bits are found by repeating the bits in 16 predefined
+positions. The 48-bit expanded R-block is then ORed with the 48-bit
+subkey. The result is a 48-bit value that is then divided into eight
+6-bit blocks. These are fed as input into 8 selection (S) boxes,
+denoted S<sub>1</sub>,...,S<sub>8</sub>. Each 6-bit input yields a
+4-bit output using a table lookup based on the 64 possible inputs; this
+results in a 32-bit output from the S-box. The 32 bits are then
+rearranged by a permutation function (P), producing the results from
+the cipher function.
+<br><br>
+</a></p></li><li><a name="fig06">The results from the final DES round &#8212; i.e., L<sub>16</sub> and R<sub>16</sub> &#8212; are recombined into a 64-bit value and fed into an inverse initial permutation (IP<sup>-1</sup>).
+At this step, the bits are rearranged into their original positions, so
+that the 58th, 50th, and 42nd bits, for example, are moved back into
+the 1st, 2nd, and 3rd positions, respectively. The output from IP<sup>-1</sup> is the 64-bit ciphertext block.
+</a></li></font></ol>
+<p>
+<font size="3"><a name="fig06">Consider this example with the given 56-bit key and input:</a></font></p>
+<ul>
+<font size="3"><a name="fig06">Key: <b><font face="courier">1100101 0100100 1001001 0011101 0110101 0101011 1101100 0011010</font></b><br><br>
+Input character string:&nbsp;<b><font face="courier"> GoAggies</font></b><br>
+Input bit string:&nbsp;<b><font face="courier"> 11100010 11110110 10000010 11100110 11100110 10010110 10100110 11001110</font></b><br><br>
+Output bit string: <b><font face="courier">10011111 11110010 10000000 10000001 01011011 00101001 00000011 00101111</font></b><br>
+Output character string: <b><font face="courier">�O

<!--129-->�&#8221;��</font></b>
+</a></font></ul>
+
+<p><font size="3"><a name="fig06"><b>Breaking DES</b></a></font></p>
+<p>
+<font size="3"><a name="fig06">The mainstream cryptographic community
+has long held that DES's 56-bit key was too short to withstand a
+brute-force attack from modern computers. Remember Moore's Law:
+computer power doubles every 18 months. Given that increase in power, a
+key that could withstand a brute-force guessing attack in 1975 could
+hardly be expected to withstand the same attack a quarter century later.</a></font></p>
+<p>
+<font size="3"><a name="fig06">DES is even more vulnerable to a
+brute-force attack because it is often used to encrypt words, meaning
+that the entropy of the 64-bit block is, effectively, greatly reduced.
+That is, if we are encrypting random bit streams, then a given byte
+might contain any one of 2<sup>8</sup> (256) possible values and the entire 64-bit block has 2<sup>64</sup>,
+or about 18.5 quintillion, possible values. If we are encrypting words,
+however, we are most likely to find a limited set of bit patterns;
+perhaps 70 or so if we account for upper and lower case letters, the
+numbers, space, and some punctuation. This means that only about �<!--1/4--> of the bit combinations of a given byte are likely to occur. </a></font></p>
+<p>
+<font size="3"><a name="fig06">Despite this criticism, the U.S.
+government insisted throughout the mid-1990s that 56-bit DES was secure
+and virtually unbreakable if appropriate precautions were taken. In
+response, RSA Laboratories sponsored a series of </a><a href="http://www.rsasecurity.com/rsalabs/challenges/">cryptographic challenges</a> to prove that DES was no longer appropriate for use.</font></p>
+<p>
+<font size="3">DES Challenge I was launched in March 1997. It was
+completed in 84 days by R. Verser in a collaborative effort using
+thousands of computers on the Internet.</font></p>
+<p>
+<font size="3">The first DES II challenge lasted 40 days in early 1998. This problem was solved by <a href="http://www.distributed.net/">distributed.net</a>,
+a worldwide distributed computing network using the spare CPU cycles of
+computers around the Internet (participants in distributed.net's
+activities load a client program that runs in the background,
+conceptually similar to the SETI @Home "Search for Extraterrestrial
+Intelligence" project). The distributed.net systems were checking 28 <i>billion</i> keys per second by the end of the project.</font></p>
+<p>
+<font size="3">The second DES II challenge lasted less than 3 days. On
+July 17, 1998, the Electronic Frontier Foundation (EFF) announced the
+construction of hardware that could brute-force a DES key in an average
+of 4.5 days. Called Deep Crack, the device could check 90 billion keys
+per second and cost only about $220,000 including design (it was
+erroneously and widely reported that subsequent devices could be built
+for as little as $50,000). Since the design is scalable, this suggests
+that an organization could build a DES cracker that could break 56-bit
+keys in an average of a day for as little as $1,000,000. Information
+about the hardware design and all software can be obtained from the <a href="http://www.eff.org/pub/Privacy/Crypto_misc/DES_Cracking">EFF</a>.</font></p>
+<p>
+<font size="3">The DES III challenge, launched in January 1999, was
+broken is less than a day by the combined efforts of Deep Crack and
+distributed.net. This is widely considered to have been the final nail
+in DES's coffin.</font></p>
+<p>
+<font size="3">The Deep Crack algorithm is actually quite interesting.
+The general approach that the DES Cracker Project took was not to break
+the algorithm mathematically but instead to launch a brute-force attack
+by guessing every possible key. A 56-bit key yields 2<sup>56</sup>, or
+about 72 quadrillion, possible values. So the DES cracker team looked
+for any shortcuts they could find! First, they assumed that <i>some</i>
+recognizable plaintext would appear in the decrypted string even though
+they didn't have a specific known plaintext block. They then applied
+all 2<sup>56</sup> possible key values to the 64-bit block (I don't
+mean to make this sound simple!). The system checked to see if the
+decrypted value of the block was "interesting," which they defined as
+bytes containing one of the alphanumeric characters, space, or some
+punctuation. Since the likelihood of a single byte being "interesting"
+is about �, then the likelihood of the entire 8-byte stream being
+"interesting" is about �<sup>8</sup>, or 1/65536 (�<sup>16</sup>). This dropped the number of possible keys that might yield positive results to about 2<sup>40</sup>, or about a trillion.</font></p>
+<p>
+<font size="3">They then made the assumption that an "interesting"
+8-byte block would be followed by another "interesting" block. So, if
+the first block of ciphertext decrypted to something interesting, they
+decrypted the next block; otherwise, they abandoned this key. Only if
+the second block was also "interesting" did they examine the key
+closer. Looking for 16 consecutive bytes that were "interesting" meant
+that only 2<sup>24</sup>, or 16 million, keys needed to be examined
+further. This further examination was primarily to see if the text made
+any sense. Note that possible "interesting" blocks might be <font face="courier">1hJ5&amp;aB7</font> or <font face="courier">DEPOSITS</font>;
+the latter is more likely to produce a better result. And even a slow
+laptop today can search through lists of only a few million items in a
+relatively short period of time. (Interested readers are urged to read <i>Cracking DES</i> and EFF's <a href="http://www.eff.org/descracker/"> Cracking DES</a> page.)</font></p>
+<p>
+<font size="3">It is well beyond the scope of this paper to discuss
+other forms of breaking DES and other codes. Nevertheless, it is worth
+mentioning a couple of forms of cryptanalysis that have been shown to
+be effective against DES. <i>Differential cryptanalysis</i>, invented
+in 1990 by E. Biham and A. Shamir (of RSA fame), is a chosen-plaintext
+attack. By selecting pairs of plaintext with particular differences,
+the cryptanalyst examines the differences in the resultant ciphertext
+pairs. <i>Linear plaintext</i>, invented by M. Matsui, uses a linear
+approximation to analyze the actions of a block cipher (including DES).
+Both of these attacks can be more efficient than brute force.</font></p>
+
+<p><font size="3"><b>DES Variants</b></font></p>
+<p>
+<font size="3">Once DES was "officially" broken, several variants
+appeared. But none of them came overnight; work at hardening DES had
+already been underway. In the early 1990s, there was a proposal to
+increase the security of DES by effectively increasing the key length
+by using multiple keys with multiple passes. But for this scheme to
+work, it had to first be shown that the DES function is <b>not</b> a <i>group</i>,
+as defined in mathematics. If DES was a group, then we could show that
+for two DES keys, X1 and X2, applied to some plaintext (P), we can find
+a single equivalent key, X3, that would provide the same result; i.e.,:</font></p>
+<p align="center">
+<font size="3">E<sub>X2</sub>(E<sub>X1</sub>(P)) = E<sub>X3</sub>(P)</font></p>
+<p>
+<font size="3">where E<sub>X</sub>(P) represents DES encryption of some plaintext <i>P</i> using DES key <i>X</i>.
+If DES were a group, it wouldn't matter how many keys and passes we
+applied to some plaintext; we could always find a single 56-bit key
+that would provide the same result.</font></p>
+<p>
+<font size="3">As it happens, DES was proven to not be a group so that
+as we apply additional keys and passes, the effective key length
+increases. One obvious choice, then, might be to use two keys and two
+passes, yielding an effective key length of 112 bits. Let's call this
+Double-DES. The two keys, Y1 and Y2, might be applied as follows:</font></p>
+<p align="center">
+<font size="3">C = E<sub>Y2</sub>(E<sub>Y1</sub>(P))<br>
+P = D<sub>Y1</sub>(D<sub>Y2</sub>(C))</font></p>
+<p>
+<font size="3">where E<sub>Y</sub>(P) and D<sub>Y</sub>(C) represent DES encryption and decryption, respectively, of some plaintext <i>P</i> and ciphertext <i>C</i>, respectively, using DES key <i>Y</i>.</font></p>
+<p>
+<font size="3">So far, so good. But there's an interesting attack that
+can be launched against this "Double-DES" scheme. First, notice that
+the applications of the formula above can be thought of with the
+following individual steps (where C' and P' are intermediate results):</font></p>
+<p align="center">
+<font size="3">C' = E<sub>Y1</sub>(P) and C = E<sub>Y2</sub>(C')<br>
+P' = D<sub>Y2</sub>(C) and P = D<sub>Y1</sub>(P')</font></p>
+<p>
+<font size="3">Unfortunately, C'=P'. That leaves us vulnerable to a simple <i>known plaintext</i>
+attack (sometimes called "Meet-in-the-middle") where the attacker knows
+some plaintext (P) and its matching ciphertext (C). To obtain C', the
+attacker needs to try all 2<sup>56</sup> possible values of Y1 applied to P; to obtain P', the attacker needs to try all 2<sup>56</sup> possible values of Y2 applied to C. Since C'=P', the attacker knows when a match has been achieved &#8212; after only 2<sup>56</sup> + 2<sup>56</sup> = 2<sup>57</sup> key searches, only twice the work of brute-forcing DES. So "Double-DES" won't work.</font></p>
+<p>
+<font size="3">Triple-DES (3DES), based upon the Triple Data Encryption Algorithm (TDEA), is described in <a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf">FIPS 46-3</a>.
+3DES, which is not susceptible to a meet-in-the-middle attack, employs
+three DES passes and one, two, or three keys called K1, K2, and K3.
+Generation of the ciphertext (C) from a block of plaintext (P) is
+accomplished by:</font></p>
+<p align="center">
+<font size="3">C = E<sub>K3</sub>(D<sub>K2</sub>(E<sub>K1</sub>(P)))</font></p>
+<p>
+<font size="3">where E<sub>K</sub>(P) and D<sub>K</sub>(P) represent DES encryption and decryption, respectively, of some plaintext <i>P</i> using DES key <i>K</i>. (For obvious reasons, this is sometimes referred to as an <i>encrypt-decrypt-encrypt mode</i> operation.)</font></p>
+<p>
+<font size="3">Decryption of the ciphertext into plaintext is accomplished by:</font></p>
+<p align="center">
+<font size="3">P = D<sub>K1</sub>(E<sub>K2</sub>(D<sub>K3</sub>(C)))</font></p>
+<p>
+<font size="3">The use of three, independent 56-bit keys provides 3DES
+with an effective key length of 168 bits. The specification also
+defines use of two keys where, in the operations above, K3 = K1; this
+provides an effective key length of 112 bits. Finally, a third keying
+option is to use a single key, so that K3 = K2 = K1 (in this case, the
+effective key length is 56 bits and 3DES applied to some plaintext, P,
+will yield the same ciphertext, C, as normal DES would with that same
+key). Given the relatively low cost of key storage and the modest
+increase in processing due to the use of longer keys, the best
+recommended practices are that 3DES be employed with three keys.</font></p>
+<p>
+<font size="3">Another variant of DES, called DESX, is due to Ron
+Rivest. Developed in 1996, DESX is a very simple algorithm that greatly
+increases DES's resistance to brute-force attacks without increasing
+its computational complexity. In DESX, the plaintext input is XORed
+with 64 additional key bits prior to encryption and the output is
+likewise XORed with the 64 key bits. By adding just two XOR operations,
+DESX has an effective keylength of 120 bits against an exhaustive
+key-search attack. As it happens, DESX is no more immune to other types
+of more sophisticated attacks, such as differential or linear
+cryptanalysis, but brute-force is the primary attack vector on DES.</font></p>
+
+<font size="3"><a name="pgp"><h3>5.5. Pretty Good Privacy (PGP)</h3></a>
+</font><p>
+<font size="3">Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. Developed by <a href="http://www.philzimmermann.com/"> Philip Zimmermann</a>
+in the early 1990s and long the subject of controversy, PGP is
+available as a plug-in for many e-mail clients, such as Claris Emailer,
+Microsoft Outlook/Outlook Express, and Qualcomm Eudora.</font></p>
+<p>
+<font size="3">PGP can be used to sign or encrypt e-mail messages with
+the mere click of the mouse. Depending upon the version of PGP, the
+software uses SHA or MD5 for calculating the message hash; CAST,
+Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for
+key exchange and digital signatures.</font></p>
+<p>
+<font size="3">When PGP is first installed, the user has to create a
+key-pair. One key, the public key, can be advertised and widely
+circulated. The private key is protected by use of a <i>passphrase</i>. The passphrase has to be entered every time the user accesses their private key.</font></p>
+
+<font size="3"><a name="fig07"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+ -----BEGIN PGP SIGNED MESSAGE-----
+ Hash: SHA1
+
+ Hi Carol.
+
+ What was that pithy Groucho Marx quote?
+
+ /kess
+
+ -----BEGIN PGP SIGNATURE-----
+ Version: PGP for Personal Privacy 5.0
+ Charset: noconv
+
+ iQA/AwUBNFUdO5WOcz5SFtuEEQJx/ACaAgR97+vvDU6XWELV/GANjAAgBtUAnjG3
+ Sdfw2JgmZIOLNjFe7jP0Y8/M
+ =jUAU
+ -----END PGP SIGNATURE-----
+</pre>
+<p>
+</p><h4>FIGURE 7: A PGP signed message. The sender uses their private
+key; at the destination, the sender's e-mail address yields the public
+key from the receiver's keyring.</h4>
+</td></tr></tbody></table>
+</center>
+
+<font size="3"><br>
+</font><p>
+<font size="3">Figure 7 shows a PGP signed message. This message will
+not be kept secret from an eavesdropper, but a recipient can be assured
+that the message has not been altered from what the sender transmitted.
+In this instance, the sender signs the message using their own private
+key. The receiver uses the sender's public key to verify the signature;
+the public key is taken from the receiver's keyring based on the
+sender's e-mail address. Note that the signature process does not work
+unless the sender's public key is on the receiver's keyring.</font></p>
+
+<font size="3"><a name="fig08"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+-----BEGIN PGP MESSAGE-----
+Version: PGP for Personal Privacy 5.0
+MessageID: DAdVB3wzpBr3YRunZwYvhK5gBKBXOb/m
+
+qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
+ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
+c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv
+z/9Ak4/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
+uLLem2/fQHZhGcQvkqZVqXx8SmNw5gzuvwjV1WHj9muDGBY0MkjiZIRI7azWnoU9
+3KCnmpR60VO4rDRAS5uGl9fioSvze+q8XqxubaNsgdKkoD+tB/4u4c4tznLfw1L2
+YBS+dzFDw5desMFSo7JkecAS4NB9jAu9K+f7PTAsesCBNETDd49BTOFFTWWavAfE
+gLYcPrcn4s3EriUgvL3OzPR4P1chNu6sa3ZJkTBbriDoA3VpnqG3hxqfNyOlqAka
+mJJuQ53Ob9ThaFH8YcE/VqUFdw+bQtrAJ6NpjIxi/x0FfOInhC/bBw7pDLXBFNaX
+HdlLQRPQdrmnWskKznOSarxq4GjpRTQo4hpCRJJ5aU7tZO9HPTZXFG6iRIT0wa47
+AR5nvkEKoIAjW5HaDKiJriuWLdtN4OXecWvxFsjR32ebz76U8aLpAK87GZEyTzBx
+dV+lH0hwyT/y1cZQ/E5USePP4oKWF4uqquPee1OPeFMBo4CvuGyhZXD/18Ft/53Y
+WIebvdiCqsOoabK3jEfdGExce63zDI0=
+=MpRf
+-----END PGP MESSAGE-----
+</pre>
+<p>
+</p><h4>FIGURE 8: A PGP encrypted message. The receiver's e-mail
+address is the pointer to the public key in the sender's keyring. At
+the destination side, the receiver uses their own private key.</h4>
+</td></tr></tbody></table>
+</center>
+
+<font size="3"><br>
+</font><p>
+<font size="3">Figure 8 shows a PGP encrypted message (PGP compresses
+the file, where practical, prior to encryption because encrypted files
+lose their randomness and, therefore, cannot be compressed). In this
+case, public key methods are used to exchange the session key for the
+actual message encryption using secret-key cryptography. In this case,
+the receiver's e-mail address is the pointer to the public key in the
+sender's keyring; in fact, the same message can be sent to multiple
+recipients and the message will not be significantly longer since all
+that needs to be added is the session key encrypted by each receiver's
+private key. When the message is received, the recipient must use their
+private key to extract the session secret key to successfully decrypt
+the message (Figure 9).</font></p>
+
+<font size="3"><a name="fig09"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="400">
+<pre>
+ Hi Gary,
+
+ "Outside of a dog, a book is man's best friend.
+ Inside of a dog, it's too dark to read."
+
+ Carol
+</pre>
+<p>
+</p><h4>FIGURE 9: The decrypted message.</h4>
+</td></tr></tbody></table>
+</center>
+
+<font size="3"><br>
+</font><p>
+<font size="3">It is worth noting that PGP was one of the first
+so-called "hybrid cryptosystems" that combined aspects of SKC and PKC.
+When Zimmermann was first designing PGP in the late-1980s, he wanted to
+use RSA to encrypt the entire message. The PCs of the days, however,
+suffered significant performance degradation when executing RSA so he
+hit upon the idea of using SKC to encrypt the message and PKC to
+encrypt the SKC key.</font></p>
+<p>
+<font size="3">The state of PGP is in flux as of the fall of 2002.
+Zimmermann sold PGP to Network Associates, Inc. (NAI) in 1997 and
+himself resigned from NAI in early 2001. In March 2002, NAI announced
+that they were dropping support for the commercial version of PGP
+having failed to find a buyer for the product willing to pay what NAI
+wanted. In August 2002, PGP was purchased from NAI by PGP Corp. (<i><a href="http://www.pgp.com/">http://www.pgp.com/</a></i>).</font></p>
+<font size="3"><br>
+
+<a name="ipsec"><h3>5.6. IP Security (IPsec) Protocol</h3></a>
+</font><blockquote>
+<p>
+<font size="3"><b>NOTE:</b> The information in this section assumes
+that the reader is familiar with the Internet Protocol (IP), at least
+to the extent of the packet format and header contents. More
+information about IP can be found in <a href="http://www.garykessler.net/library/tcpip.html"><i> An Overview of TCP/IP Protocols and the Internet</i></a>. More information about IPv6 can be found in <a href="http://www.garykessler.net/library/ipv6_exp.html"> IPv6: The Next Generation Internet Protocol</a>.</font></p>
+</blockquote>
+<p>
+<font size="3">The Internet and the TCP/IP protocol suite were not
+built with security in mind. This statement is not meant as a
+criticism; the baseline UDP, TCP, IP, and ICMP protocols were written
+in 1980 and built for the relatively closed ARPANET community. TCP/IP
+wasn't designed for the commercial-grade financial transactions that
+they now see nor for virtual private networks (VPNs) on the Internet.
+To bring TCP/IP up to today's security necessities, the Internet
+Engineering Task Force (IETF) formed the <a href="http://www.ietf.org/html.charters/ipsec-charter.html">IP Security Protocol Working Group</a>
+which, in turn, developed the IP Security (IPsec) protocol. IPsec is
+not a single protocol, in fact, but a suite of protocols providing a
+mechanism to provide data integrity, authentication, privacy, and
+nonrepudiation for the classic Internet Protocol (IP). Although
+intended primarily for IP version 6 (IPv6), IPsec can also be employed
+by the current version of IP, namely IP version 4 (IPv4).</font></p>
+<p>
+<font size="3">As shown in <a href="#tab03-ipsec">Table 3</a>, IPsec is described in nearly a dozen RFCs. <a href="http://www.rfc-editor.org/rfc/rfc2401.txt"> RFC 2401</a>, in particular, describes the overall IP security architecture and <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a> provides an overview of the IPsec protocol suite and the documents describing it.</font></p>
+<p>
+<font size="3">IPsec can provide either message authentication and/or
+encryption. The latter requires more processing than the former, but
+will probably end up being the preferred usage for applications such as
+VPNs and secure electronic commerce.</font></p>
+<p>
+<font size="3">Central to IPsec is the concept of a <i>security association (SA)</i>.
+Authentication and confidentiality using AH or ESP use SAs and a
+primary role of IPsec key exchange it to establish and maintain SAs. An
+SA is a simplex (one-way or unidirectional) logical connection between
+two communicating IP endpoints that provides security services to the
+traffic carried by it using either AH or ESP procedures. The endpoint
+of an SA can be an IP host or IP security gateway (e.g., a proxy
+server, VPN server, etc.). Providing security to the more typical
+scenario of two-way (bi-directional) communication between two
+endpoints requires the establishment of two SAs (one in each direction).</font></p>
+<p>
+<font size="3">An SA is uniquely identified by a 3-tuple composed of:</font></p>
+<ul>
+<font size="3"><li>Security Parameter Index (SPI), a 32-bit identifier of the connection</li>
+<li>IP Destination Address</li>
+<li>security protocol (AH or ESP) identifier</li>
+</font></ul>
+<p>
+<font size="3">The IP Authentication Header (AH), described in <a href="http://www.rfc-editor.org/rfc/rfc2402.txt">RFC 2402</a>, provides a mechanism for data integrity and data origin authentication for IP packets using HMAC with MD5 (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>), HMAC with SHA-1 (<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>), or HMAC with RIPEMD (<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>).</font></p>
+
+<font size="3"><a name="fig10"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+    0                   1                   2                   3
+    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   | Next Header   |  Payload Len  |          RESERVED             |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                 Security Parameters Index (SPI)               |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                    Sequence Number Field                      |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                                                               |
+   +                Authentication Data (variable)                 |
+   |                                                               |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+</pre>
+<p>
+</p><h4>FIGURE 10: IPsec Authentication Header format. <i>(From RFC 2402)</i></h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+</font><p>
+<font size="3">Figure 10 shows the format of the IPsec AH. The AH is
+merely an additional header in a packet, more or less representing
+another protocol layer above IP (this is shown in Figure 12 below). Use
+of the IP AH is indicated by placing the value 51 (0x33) in the IPv4
+Protocol or IPv6 Next Header field in the IP packet header. The AH
+follows mandatory IPv4/IPv6 header fields and precedes higher layer
+protocol (e.g., TCP, UDP) information. The contents of the AH are:</font></p>
+<ul>
+<font size="3"><li><i>Next Header:</i> An 8-bit field that identifies the type of the next payload after the Authentication Header.</li>
+<li><i>Payload Length:</i> An 8-bit field that indicates the length of
+AH in 32-bit words (4-byte blocks), minus "2". [The rationale for this
+is somewhat counter intuitive but technically important. All IPv6
+extension headers encode the header extension length (Hdr Ext Len)
+field by first subtracting 1 from the header length, which is measured
+in 64-bit words. Since AH was originally developed for IPv6, it is an
+IPv6 extension header. Since its length is measured in 32-bit words,
+however, the Payload Length is calculated by subtracting 2 (32 bit
+words) to maintain consistency with IPv6 coding rules.] In the default
+case, the three 32-bit word fixed portion of the AH is followed by a
+96-bit authentication value, so the Payload Length field value would be
+4.</li>
+<li><i>Reserved:</i> This 16-bit field is reserved for future use and always filled with zeros.</li>
+<li><i>Security Parameters Index (SPI):</i> An arbitrary 32-bit value
+that, in combination with the destination IP address and security
+protocol, uniquely identifies the Security Association for this
+datagram. The value 0 is reserved for local, implementation-specific
+uses and values between 1-255 are reserved by the Internet Assigned
+Numbers Authority (IANA) for future use.</li>
+<li><i>Sequence Number:</i> A 32-bit field containing a sequence number
+for each datagram; initially set to 0 at the establishment of an SA. AH
+uses sequence numbers as an anti-replay mechanism, to prevent a
+"person-in-the-middle" attack. If anti-replay is enabled (the default),
+the transmitted Sequence Number is never allowed to cycle back to 0;
+therefore, the sequence number must be reset to 0 by establishing a new
+SA prior to the transmission of the 2<sup>32</sup>nd packet.</li>
+<li><i>Authentication Data:</i> A variable-length, 32-bit aligned field
+containing the Integrity Check Value (ICV) for this packet (default
+length = 96 bits). The ICV is computed using the authentication
+algorithm specified by the SA, such as DES, MD5, or SHA-1. Other
+algorithms <i>may</i> also be supported.</li>
+</font></ul>
+<p>
+<font size="3">The IP Encapsulating Security Payload (ESP), described in <a href="http://www.rfc-editor.org/rfc/rfc2406.txt">RFC 2406</a>,
+provides message integrity and privacy mechanisms in addition to
+authentication. As in AH, ESP uses HMAC with MD5, SHA-1, or RIPEMD
+authentication (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>/<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>/<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>); privacy is provided using DES-CBC encryption (<a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>), NULL encryption (<a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>), other CBC-mode algorithms (<a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>), or AES (<a href="http://www.rfc-editor.org/rfc/rfc3686.txt">RFC 3686</a>).</font></p>
+
+<font size="3"><a name="fig11"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+    0                   1                   2                   3
+    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |               Security Parameters Index (SPI)                 |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                      Sequence Number                          |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                    Payload Data (variable)                    |
+   ~                                                               ~
+   |                                                               |
+   +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |               |     Padding (0-255 bytes)                     |
+   +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                               |  Pad Length   | Next Header   |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   |                 Authentication Data (variable)                |
+   ~                                                               ~
+   |                                                               |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+</pre>
+<p>
+</p><h4>FIGURE 11: IPsec Encapsulating Security Payload format. <i>(From RFC 2406)</i></h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+</font><p>
+<font size="3">Figure 11 shows the format of the IPsec ESP information.
+Use of the IP ESP format is indicated by placing the value 50 (0x32) in
+the IPv4 Protocol or IPv6 Next Header field in the IP packet header.
+The ESP header (i.e., SPI and sequence number) follows mandatory
+IPv4/IPv6 header fields and precedes higher layer protocol (e.g., TCP,
+UDP) information. The contents of the ESP packet are:</font></p>
+<ul>
+<font size="3"><li><i>Security Parameters Index:</i> (see description for this field in the AH, above.)</li>
+<li><i>Sequence Number:</i> (see description for this field in the AH, above.)</li>
+<li><i>Payload Data:</i> A variable-length field containing data as
+described by the Next Header field. The contents of this field could be
+encrypted higher layer data or an encrypted IP packet.</li>
+<li><i>Padding:</i> Between 0 and 255 octets of padding may be added to
+the ESP packet. There are several applications that might use the
+padding field. First, the encryption algorithm that is used may require
+that the plaintext be a multiple of some number of bytes, such as the
+block size of a block cipher; in this case, the Padding field is used
+to fill the plaintext to the size required by the algorithm. Second,
+padding may be required to ensure that the ESP packet and resulting
+ciphertext terminate on a 4-byte boundary. Third, padding may be used
+to conceal the actual length of the payload. Unless another value is
+specified by the encryption algorithm, the Padding octets take on the
+value 1, 2, 3, ... starting with the first Padding octet. This scheme
+is used because, in addition to being simple to implement, it provides
+some protection against certain forms of "cut and paste" attacks.</li>
+<li><i>Pad Length:</i> An 8-bit field indicating the number of bytes in the Padding field; contains a value between 0-255.</li>
+<li><i>Next Header:</i> An 8-bit field that identifies the type of data
+in the Payload Data field, such as an IPv6 extension header or a higher
+layer protocol identifier.</li>
+<li><i>Authentication Data:</i> (see description for this field in the AH, above.)</li>
+</font></ul>
+<p>
+<font size="3">Two types of SAs are defined in IPsec, regardless of whether AH or ESP is employed. A <i>transport mode SA</i>
+is a security association between two hosts. Transport mode provides
+the authentication and/or encryption service to the higher layer
+protocol. This mode of operation is only supported by IPsec hosts. A <i>tunnel mode SA</i>
+is a security association applied to an IP tunnel. In this mode, there
+is an "outer" IP header that specifies the IPsec destination and an
+"inner" IP header that specifies the destination for the IP packet.
+This mode of operation is supported by both hosts and security gateways.</font></p>
+
+<font size="3"><a name="fig12"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+    <b>ORIGINAL PACKET BEFORE APPLYING AH</b>
+
+            ----------------------------
+      <b>IPv4</b>  |orig IP hdr  |     |      |
+            |(any options)| TCP | Data |
+            ----------------------------
+
+            ---------------------------------------
+      <b>IPv6</b>  |             | ext hdrs |     |      |
+            | orig IP hdr |if present| TCP | Data |
+            ---------------------------------------
+
+
+    <b>AFTER APPLYING AH (TRANSPORT MODE)</b>
+
+            ---------------------------------
+      <b>IPv4</b>  |orig IP hdr  |    |     |      |
+            |(any options)| AH | TCP | Data |
+            ---------------------------------
+            |&lt;------- authenticated -------&gt;|
+                 except for mutable fields
+
+            ------------------------------------------------------------
+      <b>IPv6</b>  |             |hop-by-hop, dest*, |    | dest |     |      |
+            |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
+            ------------------------------------------------------------
+            |&lt;---- authenticated except for mutable fields -----------&gt;|
+
+                 * = if present, could be before AH, after AH, or both
+
+
+    <b>AFTER APPLYING AH (TUNNEL MODE)</b>
+
+          ------------------------------------------------
+    <b>IPv4</b>  | new IP hdr* |    | orig IP hdr*  |    |      |
+          |(any options)| AH | (any options) |TCP | Data |
+          ------------------------------------------------
+          |&lt;- authenticated except for mutable fields --&gt;|
+
+          |           in the new IP hdr                  |
+
+          --------------------------------------------------------------
+    <b>IPv6</b>  |           | ext hdrs*|    |            | ext hdrs*|   |    |
+          |new IP hdr*|if present| AH |orig IP hdr*|if present|TCP|Data|
+          --------------------------------------------------------------
+          |&lt;-- authenticated except for mutable fields in new IP hdr -&gt;|
+
+           * = construction of outer IP hdr/extensions and modification
+               of inner IP hdr/extensions is discussed below.
+</pre>
+<p>
+</p><h4>FIGURE 12: IPsec tunnel and transport modes for AH. <i>(Adapted from RFC 2402)</i></h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+</font><p>
+<font size="3">Figure 12 show the IPv4 and IPv6 packet formats when
+using AH in both transport and tunnel modes. Initially, an IPv4 packet
+contains a normal IPv4 header (which may contain IP options), followed
+by the higher layer protocol header (e.g., TCP or UDP), followed by the
+higher layer data itself. An IPv6 packet is similar except that the
+packet starts with the mandatory IPv6 header followed by any IPv6
+extension headers, and then followed by the higher layer data.</font></p>
+<p>
+<font size="3">Note that in both transport and tunnel modes, the <b>entire</b> IP packet is covered by the authentication <i>except for the mutable fields.</i> A field is <i>mutable</i>
+if its value might change during transit in the network; IPv4 mutable
+fields include the fragment offset, time to live, and checksum fields.
+Note, in particular, that the address fields are <i>not</i> mutable.</font></p>
+<font size="3"><br>
+
+<a name="fig13"></a><br>
+</font><center>
+<table border="3" cellpadding="4">
+<tbody><tr><td width="600">
+<pre>
+    <b>ORIGINAL PACKET BEFORE APPLYING ESP</b>
+
+            ----------------------------
+      <b>IPv4</b>  |orig IP hdr  |     |      |
+            |(any options)| TCP | Data |
+            ----------------------------
+
+            ---------------------------------------
+      <b>IPv6</b>  |             | ext hdrs |     |      |
+            | orig IP hdr |if present| TCP | Data |
+            ---------------------------------------
+
+
+    <b>AFTER APPLYING ESP (TRANSPORT MODE)</b>
+
+            -------------------------------------------------
+      <b>IPv4</b>  |orig IP hdr  | ESP |     |      |   ESP   | ESP|
+            |(any options)| Hdr | TCP | Data | Trailer |Auth|
+            -------------------------------------------------
+                                |&lt;----- encrypted ----&gt;|
+                          |&lt;------ authenticated -----&gt;|
+
+            ---------------------------------------------------------
+      <b>IPv6</b>  | orig |hop-by-hop,dest*,|ESP|dest|   |    | ESP   | ESP|
+            |IP hdr|routing,fragment.|hdr|opt*|TCP|Data|Trailer|Auth|
+            ---------------------------------------------------------
+                                         |&lt;---- encrypted ----&gt;|
+                                     |&lt;---- authenticated ----&gt;|
+
+                * = if present, could be before ESP, after ESP, or both
+
+
+    <b>AFTER APPLYING ESP (TUNNEL MODE)</b>
+
+            -----------------------------------------------------------
+      <b>IPv4</b>  | new IP hdr  | ESP | orig IP hdr   |   |    | ESP   | ESP|
+            |(any options)| hdr | (any options) |TCP|Data|Trailer|Auth|
+
+            -----------------------------------------------------------
+                                |&lt;--------- encrypted ----------&gt;|
+                          |&lt;----------- authenticated ----------&gt;|
+
+            ------------------------------------------------------------
+      <b>IPv6</b>  | new+ |new ext |ESP| orig+|orig ext |   |    | ESP   | ESP|
+            |IP hdr| hdrs+  |hdr|IP hdr| hdrs+   |TCP|Data|Trailer|Auth|
+            ------------------------------------------------------------
+                                |&lt;--------- encrypted -----------&gt;|
+                            |&lt;---------- authenticated ----------&gt;|
+
+               + = if present
+</pre>
+<p>
+</p><h4>FIGURE 13: IPsec tunnel and transport modes for ESP. <i>(Adapted from RFC 2406)</i></h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br><br>
+</font><p>
+<font size="3">Figure 13 shows the IPv4 and IPv6 packet formats when using ESP in both transport and tunnel modes.</font></p>
+<ul>
+<font size="3"><li>As with AH, we start with a standard IPv4 or IPv6 packet.</li>
+<li>In transport mode, the higher layer header and data, as well as ESP
+trailer information, is encrypted and the entire ESP packet is
+authenticated. In the case of IPv6, some of the IPv6 extension options
+can precede or follow the ESP header.</li>
+<li>In tunnel mode, the original IP packet is encrypted and placed
+inside of an "outer" IP packet, while the entire ESP packet is
+authenticated.</li>
+</font></ul>
+<p>
+<font size="3">Note a significant difference in the scope of ESP and
+AH. AH authenticates the entire packet transmitted on the network
+whereas ESP only covers a portion of the packet transmitted on the
+network (the higher layer data in transport mode and the entire
+original packet in tunnel mode). The reason for this is
+straight-forward; in AH, the authentication data for the transmission
+fits neatly into an additional header whereas ESP creates an entirely
+new packet which is the one encrypted and/or authenticated. But the
+ramifications are significant. ESP transport mode as well as AH in both
+modes protect the IP address fields of the original transmissions.
+Thus, using IPsec in conjunction with network address translation (NAT)
+<i>might</i> be problematic because NAT changes the values of these fields <i>after</i> IPsec processing.</font></p>
+<p>
+<font size="3">The third component of IPsec is the establishment of
+security associations and key management. These tasks can be
+accomplished in one of two ways.</font></p>
+<p>
+<font size="3">The simplest form of SA and key management is manual
+management. In this method, a security administer or other individual
+manually configures each system with the key and SA management data
+necessary for secure communication with other systems. Manual
+techniques are practical for small, reasonably static environments but
+they do not scale well.</font></p>
+<p>
+<font size="3">For successful deployment of IPsec, however, a scalable,
+automated SA/key management scheme is necessary. Several protocols have
+defined for these functions:</font></p>
+<ul>
+<font size="3"><li>The Internet Security Association and Key Management
+Protocol (ISAKMP) defines procedures and packet formats to establish,
+negotiate, modify and delete security associations, and provides the
+framework for exchanging information about authentication and key
+management (<a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a>/<a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>). ISAKMP's security association and key management is totally separate from key exchange.</li>
+<li>The OAKLEY Key Determination Protocol (<a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>)
+describes a scheme by which two authenticated parties can exchange key
+information. OAKLEY uses the Diffie-Hellman key exchange algorithm.</li>
+<li>The Internet Key Exchange (IKE) algorithm (<a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>) is the default automated key management protocol for IPsec.</li>
+<li>An alternative to IKE is Photuris (<a href="http://www.rfc-editor.org/rfc/rfc2522.txt">RFC 2522</a>/<a href="http://www.rfc-editor.org/rfc/rfc2523.txt">RFC 2523</a>),
+a scheme for establishing short-lived session-keys between two
+authenticated parties without passing the session-keys across the
+Internet. IKE typically creates keys that may have very long lifetimes.</li>
+</font></ul>
+<p>
+<font size="3">On a final note, IPsec authentication for both AH and ESP uses a scheme called <i>HMAC</i>, a keyed-hashing message authentication code described in <a href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf"> FIPS 198</a> and <a href="http://www.rfc-editor.org/rfc/rfc2104.txt">RFC 2104</a>.
+HMAC uses a shared secret key between two parties rather than public
+key methods for message authentication. The generic HMAC procedure can
+be used with just about any hash algorithm, although IPsec specifies
+support for at least MD5 and SHA-1 because of their widespread use.</font></p>
+<p>
+<font size="3">In HMAC, both parties share a secret key. The secret key
+will be employed with the hash algorithm in a way that provides mutual
+authentication without transmitting the key on the line. IPsec key
+management procedures will be used to manage key exchange between the
+two parties.</font></p>
+<p>
+<font size="3">Recall that hash functions operate on a fixed-size block
+of input at one time; MD5 and SHA-1, for example, work on 64 byte
+blocks. These functions then generate a fixed-size hash value; MD5 and
+SHA-1, in particular, produce 16 byte (128 bit) and 20 byte (160 bit)
+output strings, respectively. For use with HMAC, the secret key (K)
+should be at least as long as the hash output.</font></p>
+<p>
+<font size="3">The following steps provide a simplified, although
+reasonably accurate, description of how the HMAC scheme would work with
+a particular plaintext MESSAGE:</font></p>
+<ol>
+<font size="3"><li>Pad K so that it is as long as an input block; call this padded key K<sub>p</sub>.</li>
+<li>Compute the hash of the padded key followed by the message, i.e., HASH (K<sub>p</sub>:MESSAGE).</li>
+<li>Transmit MESSAGE and the hash value.</li>
+<li>The receiver does the same procedure to pad K to create K<sub>p</sub>.</li>
+<li>The receiver computes HASH (K<sub>p</sub>:MESSAGE).</li>
+<li>The receiver compares the computed hash value with the received
+hash value. If they match, then the sender must know the secret key and
+the message is authenticated.</li>
+</font></ol>
+<font size="3"><br>
+
+</font><p></p>
+<font size="3"><a name="ssl"><h3>5.7. The SSL "Family" of Secure Transaction Protocols for the World Wide Web</h3></a>
+</font><p>
+<font size="3">The <a href="http://home.netscape.com/eng/ssl3/ssl-toc.html">Secure Sockets Layer (SSL)</a>
+protocol was developed by Netscape Communications to provide
+application-independent secure communication over the Internet for
+protocols such as the Hypertext Transfer Protocol (HTTP). SSL employs
+RSA and X.509 certificates during an initial handshake used to
+authenticate the server (client authentication is optional). The client
+and server then agree upon an encryption scheme; SSL v2 supports RC2
+and RC4 with 40-bit keys, while SSL v3 adds support for DES, RC4 with a
+128-bit key, and 3DES with a 168-bit key, all along with either MD5 or
+SHA-1 message hashes. SSL v3 is the commonly supported version on
+servers today, although some implementations of SSL v2 will still be
+found; both are supported by most common browsers (Figure 14).</font></p>
+
+<font size="3"><a name="fig14"></a><br>
+</font><center><table border="1"><tbody><tr><td>
+<img src="crypto_files/crypto_sslv3.gif">
+<br><br>
+<h4>FIGURE 14: SSL v3 configuration screen (Netscape Navigator).</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br>
+</font><p>
+<font size="3">In 1997, SSL v3 was found to be breakable. By this time,
+the Internet Engineering Task Force (IETF) had already started work on
+a new, non-proprietary protocol called Transport Layer Security (TLS),
+described in <a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>.
+TLS extends SSL and supports additional crypto schemes, such as
+Diffie-Hellman key exchange and DSS digital signatures. TLS is backward
+compatible with SSL (and, in fact, is recognized as SSL v3.1).</font></p>
+
+<font size="3"><a name="fig15"></a><br>
+</font><center><table border="1"><tbody><tr><td>
+<pre>                       <b>CLIENT       SERVER</b>
+ (using URL of form <i>https://</i>)       (listening on port 443) 
+
+                  ClientHello ----&gt;
+
+                                    ServerHello
+                                    Certificate*
+                                    ServerKeyExchange*
+                                    CertificateRequest*
+                              &lt;---- ServerHelloDone
+
+                 Certificate*
+            ClientKeyExchange
+            CertifcateVerify*
+           [ChangeCipherSpec]
+                     Finished ----&gt;
+
+                                    [ChangeCipherSpec]
+                              &lt;---- Finished
+
+             Application Data &lt;---&gt; Application Data
+
+
+
+* Optional or situation-dependent messages;
+  not always sent
+
+                                     <i>Adapted from RFC 2246</i>
+</pre>
+<br>
+<h4>FIGURE 15: SSL/TLS protocol handshake.</h4>
+</td></tr></tbody></table>
+</center>
+<font size="3"><br>
+</font><p>
+<font size="3">Figure 15 shows the basic TLS (and SSL) message exchanges:
+</font></p><ol>
+<font size="3"><li>URLs specifying the protocol <i>https://</i> are
+directed to HTTP servers secured using SSL/TLS. The client will
+automatically try to make a TCP connection to the server at port 443.
+The client initiates the secure connection by sending a <font face="courier">ClientHello</font>
+message containing a Session identifier, highest SSL version number
+supported by the client, and lists of supported crypto and compression
+schemes (in preference order).
+</li><li>The server examines the Session ID and if it is still in the
+server's cache, it will attempt to re-establish a previous session with
+this client. If the Session ID is not recognized, the server will
+continue with the handshake to establish a secure session by responding
+with a <font face="courier">ServerHello</font> message. The <font face="courier">ServerHello</font>
+repeats the Session ID, indicates the SSL version to use for this
+connection (which will be the highest SSL version supported by the
+server and client), and specifies which encryption method and
+compression method to be used for this connection.
+</li><li>There are a number of other optional messages that the server might send, including:
+<ul>
+<li><font face="courier">Certificate</font>, which carries the server's
+X.509 public key certificate (and, generally, the server's public key).
+This message will always be sent unless the client and server have
+already agreed upon some form of anonymous key exchange. (This message
+is normally sent.)
+</li><li><font face="courier">ServerKeyExchange</font>, which will carry a premaster secret when
+the server's <font face="courier">Certificate</font> message does not contain enough data for this purpose; used in some key exchange schemes.
+</li><li><font face="courier">CertificateRequest</font>, used to request the client's certificate in those scenarios where client authentication is performed.
+</li><li><font face="courier">ServerHelloDone</font>, indicating that the server has completed its portion of the key exchange handshake.
+</li></ul>
+</li><li>The client now responds with a series of mandatory and optional messages:
+<ul>
+<li><font face="courier">Certificate</font>, contains the client's public key certificate when it has been requested by the server.
+</li><li><font face="courier">ClientKeyExchange</font>, which usually carries the secret key to be used with the secret key crypto scheme.
+</li><li><font face="courier">CertificateVerify</font>, used to provide explicit verification of a client's certificate if the server is authenticating the client.
+</li></ul>
+</li><li>TLS includes the change cipher spec protocol to indicate
+changes in the encryption method. This protocol contains a single
+message, <font face="courier">ChangeCipherSpec</font>, which is encrypted and compressed using the current (rather than the new) encryption and compression schemes. The <font face="courier">ChangeCipherSpec</font>
+message is sent by both client and server to notify the other station
+that all following information will employ the newly negotiated cipher
+spec and keys.
+</li><li>The <font face="courier">Finished</font> message is sent after a <font face="courier">ChangeCipherSpec</font> message to confirm that the key exchange and authentication processes were successful.
+</li><li>At this point, both client and server can exchange application data using the session encryption and compression schemes.
+
+<p>
+
+<b>Side Note:</b> It would probably be helpful to make some mention of
+SSL as it is used today. Most of us have used SSL to engage in a
+secure, private transaction with some vendor. The steps are something
+like this. During the SSL exchange with the vendor's secure server, the
+server sends its certificate to our client software. The certificate
+includes the vendor's public key and a signature from the CA that
+issued the vendor's certificate. Our browser software is shipped with
+the major CAs' certificates which contains their public key; in that
+way we authenticate the server. Note that the server does <i>not</i>
+use a certificate to authenticate us! Instead, we are generally
+authenticated when we provide our credit card number; the server checks
+to see if the card purchase will be authorized by the credit card
+company and, if so, considers us valid and authenticated! While
+bidirectional authentication is certainly supported by SSL, this form
+of asymmetric authentication is more commonly employed today since most
+users don't have certificates.
+</p><p>
+Microsoft's <a href="http://www.microsoft.com/security/tech/sgc/default.asp">
+Server Gated Cryptography (SGC)</a>
+protocol is another extension to SSL/TLS. For several decades, it has
+been illegal to generally export products from the U.S. that employed
+secret-key cryptography with keys longer than 40 bits. For that reason,
+SSL/TLS has an exportable version with weak (40-bit) keys and a
+domestic (North American) version with strong (128-bit) keys. Within
+the last several years, however, use of strong SKC has been approved
+for the worldwide financial community. SGC is an extension to SSL that
+allows financial institutions using Windows NT servers to employ strong
+cryptography. Both the client and server must implement SGC and the
+bank must have a valid SGC certificate. During the initial handshake,
+the server will indicate support of SGC and supply its SGC certificate;
+if the client wishes to use SGC and validates the server's SGC
+certificate, the session can employ 128-bit RC2, 128-bit RC4, 56-bit
+DES, or 168-bit 3DES. Microsoft supports SGC in the Windows 95/98/NT
+versions of Internet Explorer 4.0, Internet Information Server (IIS)
+4.0, and Money 98.
+</p><p>As mentioned above, SSL was designed to provide
+application-independent transaction security for the Internet. Although
+the discussion above has focused on HTTP over SSL (https/TCP port 443),
+SSL is also applicable to:
+</p>
+<center>
+<table border="0">
+<tbody><tr>
+<th>Protocol
+</th><th width="50">&nbsp;
+</th><th>TCP Port Name/Number
+
+</th></tr><tr>
+<td>File Transfer Protocol (FTP)
+</td><th>&nbsp;
+</th><td>ftps-data/989 &amp; ftps/990
+
+</td></tr><tr>
+<td>Internet Message Access Protocol v4 (IMAP4)
+</td><th>&nbsp;
+</th><td>imaps/993
+
+</td></tr><tr>
+<td>Lightweight Directory Access Protocol (LDAP)
+</td><th>&nbsp;
+</th><td>ldaps/636
+
+</td></tr><tr>
+<td>Network News Transport Protocol (NNTP)
+</td><th>&nbsp;
+</th><td>nntps/563
+
+</td></tr><tr>
+<td>Post Office Protocol v3 (POP3)
+</td><th>&nbsp;
+</th><td>pop3s/995
+
+</td></tr><tr>
+<td>Telnet
+</td><th>&nbsp;
+</th><td>telnets/992
+</td></tr></tbody></table>
+</center>
+<br><br>
+
+<a name="ecc"><h3>5.8. Elliptic Curve Cryptography</h3></a>
+<p>In general, public-key cryptography systems use hard-to-solve
+problems as the basis of the algorithm. The most predominant algorithm
+today for public-key cryptography is RSA, based on the prime factors of
+very large integers. While RSA can be successfully attacked, the
+mathematics of the algorithm have not been comprised, per se; instead,
+computational brute-force has broken the keys. The defense is "simple"
+&#8212; keep the size of the integer to be factored ahead of the
+computational curve!</p>
+<p>
+In 1985, Elliptic Curve Cryptography (ECC) was proposed independently
+by cryptographers Victor Miller (IBM) and Neal Koblitz (University of
+Washington). ECC is based on the difficulty of solving the Elliptic
+Curve Discrete Logarithm Problem (ECDLP). Like the prime factorization
+problem, ECDLP is another "hard" problem that is deceptively simple to
+state: Given two points, P and Q, on an elliptic curve, find the
+integer <i>n</i>, if it exists, such that P&nbsp;=&nbsp;nQ.</p>
+<p>
+Elliptic curves combine number theory and algebraic geometry. These
+curves can be defined over any field of numbers (i.e., real, integer,
+complex) although we generally see them used over finite fields for
+applications in cryptography. An elliptic curve consists of the set of
+real numbers (x, y) that satisfies the equation:</p>
+<p align="center">
+y<sup>2</sup> = x<sup>3</sup> + ax + b</p>
+<p>
+The set of all of the solutions to the equation forms the elliptic curve. Changing <i>a</i> and <i>b</i>
+changes the shape of the curve, and small changes in these parameters
+can result in major changes in the set of (x,y) solutions.</p>
+<a name="fig16"></a><br>
+<center><table border="1"><tbody><tr><td>
+<img src="crypto_files/crypto_ecc.gif">
+<br><br>
+<h4>FIGURE 16: Elliptic curve addition.</h4>
+</td></tr></tbody></table>
+</center>
+<br>
+<p>
+Figure 16 shows the addition of two points on an elliptic curve.
+Elliptic curves have the interesting property that adding two points on
+the elliptic curve yields a third point on the curve. Therefore, adding
+two points, P1 and P2, gets us to point P3, also on the curve. Small
+changes in P1 or P2 can cause a large change in the position of P3.</p>
+<p>
+So let's go back to the original problem statement from above. The
+point Q is calculated as a multiple of the starting point, P, <i>or</i>, Q&nbsp;=&nbsp;nP. An attacker might know P and Q but finding the integer, <i>n</i>, is a difficult problem to solve. Q is the public key, then, and <i>n</i> is the private key.</p>
+<p>
+RSA has been the mainstay of PKC for over two decades. But ECC is
+exciting because of their potential to provide similar levels of
+security compared to RSA but with significantly reduced key sizes.
+Certicom Corp. (<a href="http://www.certicom.com/">www.certicom.com</a>), one of the major proponents of ECC, suggests the key size relationship between ECC and RSA per the following table:</p>
+<a name="tab04"></a><center>
+<table border="1" cellpadding="4">
+<caption>
+<b>TABLE 4. ECC and RSA Key Comparison.</b>
+</caption>
+<tbody><tr>
+<th>RSA Key Size
+</th><th>Time to Break Key<br>(MIPS Years)
+</th><th>ECC Key Size
+</th><th>RSA:ECC Key-Size<br>Ratio
+
+</th></tr><tr>
+<td align="center">512
+</td><td align="center">10<sup>4</sup>
+</td><td align="center">106
+</td><td align="center">5:1
+
+</td></tr><tr>
+<td align="center">768
+</td><td align="center">10<sup>8</sup>
+</td><td align="center">132
+</td><td align="center">6:1
+
+</td></tr><tr>
+<td align="center">1,024
+</td><td align="center">10<sup>11</sup>
+</td><td align="center">160
+</td><td align="center">7:1
+
+</td></tr><tr>
+<td align="center">2,048
+</td><td align="center">10<sup>20</sup>
+</td><td align="center">210
+</td><td align="center">10:1
+
+</td></tr><tr>
+<td align="center">21,000
+</td><td align="center">10<sup>78</sup>
+</td><td align="center">600
+</td><td align="center">35:1
+</td></tr></tbody></table>
+</center>
+<br><br>
+<p>
+Since the ECC key sizes are so much shorter than comparable RSA keys,
+the length of the public key and private key is much shorter in
+elliptic curve cryptosystems. Presumably, this translates into faster
+processing, and lower demands on memory and bandwidth. In practice, the
+final results are not yet in; RSA, Inc. notes that ECC is faster than
+RSA for signing and decryption, but slower than RSA for signature
+verification and encryption.</p>
+<p>
+Nevertheless, ECC is particularly useful in applications where memory,
+bandwidth, and/or computational power is limited (e.g., a smartcard)
+and it is in this area that ECC use is expected to grow. A major
+champion of ECC today is Certicom; readers are urged to see their <a href="http://www.certicom.com/research/online.html">ECC online tutorial</a>.</p>
+<br><br>
+
+<a name="aes"><h3>5.9. The Advanced Encryption Standard and Rijndael</h3></a>
+<p>
+The search for a replacement to DES started in January 1997 when NIST
+announced that it was looking for an Advanced Encryption Standard. In
+September of that year, they put out a formal Call for Algorithms and
+in August 1998 announced that 15 candidate algorithms were being
+considered (Round 1). In April 1999, NIST announced that the 15 had
+been whittled down to five finalists (Round 2): <i><a href="http://www.research.ibm.com/security/mars.pdf">MARS</a></i> (multiplication, addition, rotation and substitution) from IBM; Ronald Rivest's <i><a href="http://www.rsasecurity.com/rsalabs/rc6/index.html">RC6</a></i>; <i><a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/">Rijndael</a></i> from a Belgian team; <i><a href="http://www.cl.cam.ac.uk/%7Erja14/serpent.html">Serpent</a></i>, developed jointly by a team from England, Israel, and Norway; and <i><a href="http://www.counterpane.com/twofish.html">Twofish</a></i>, developed by Bruce Schneier. In October 2000, NIST announced their selection: Rijndael.</p>
+<p>
+The remarkable thing about this entire process has been the openness as
+well as the international nature of the "competition." NIST has
+maintained an excellent Web site devoted to keeping the public fully
+informed, at <i><a href="http://csrc.nist.gov/encryption/aes/"> http://csrc.nist.gov/encryption/aes/</a></i>. Their <a href="http://csrc.nist.gov/encryption/aes/index2.html#overview"> Overview of the AES Development Effort</a> has full details of the process, algorithms, and comments so I will not repeat everything here.</p>
+<p>
+In October 2000, NIST released the <a href="http://csrc.nist.gov/encryption/aes/round2/r2report.pdf"> Report on the Development of the Advanced Encryption Standard (AES)</a>
+that compared the five Round 2 algorithms in a number of categories.
+The table below summarizes the relative scores of the five schemes
+(1=low, 3=high):</p>
+
+<table align="center" border="2">
+<tbody><tr>
+<th>
+</th><th colspan="5">Algorithm
+</th></tr><tr>
+<th>Category
+</th><th width="75">MARS
+</th><th width="75">RC6
+</th><th width="75">Rijndael
+</th><th width="75">Serpent
+</th><th width="75">Twofish
+</th></tr><tr>
+<th>General security
+</th><td align="center">3
+</td><td align="center">2
+</td><td align="center">2
+</td><td align="center">3
+</td><td align="center">3
+</td></tr><tr>
+<th>Implementation of security
+</th><td align="center">1
+</td><td align="center">1
+</td><td align="center">3
+</td><td align="center">3
+</td><td align="center">2
+</td></tr><tr>
+<th>Software performance
+</th><td align="center">2
+</td><td align="center">2
+</td><td align="center">3
+</td><td align="center">1
+</td><td align="center">1
+</td></tr><tr>
+<th>Smart card performance
+</th><td align="center">1
+</td><td align="center">1
+</td><td align="center">3
+</td><td align="center">3
+</td><td align="center">2
+</td></tr><tr>
+<th>Hardware performance
+</th><td align="center">1
+</td><td align="center">2
+</td><td align="center">3
+</td><td align="center">3
+</td><td align="center">2
+</td></tr><tr>
+<th>Design features
+</th><td align="center">2
+</td><td align="center">1
+</td><td align="center">2
+</td><td align="center">1
+</td><td align="center">3
+</td></tr></tbody></table>
+
+<p>
+With the report came the recommendation that <a href="http://csrc.nist.gov/encryption/aes/rijndael/"> Rijndael</a> be named the AES. In February 2001, NIST released the <a href="http://csrc.nist.gov/publications/drafts/dfips-AES.pdf"> Draft Federal Information Processing Standard (FIPS) AES Specification</a>
+for public review and comment. AES contains a subset of Rijndael's
+capabilities (e.g., AES only supports a 128-bit block size) and uses
+some slightly different nomenclature and terminology, but to understand
+one is to understand both. The 90-day comment period ended on May 29,
+2001 and the U.S. Department of Commerce officially adopted AES in
+December 2001, published as <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"> FIPS PUB 197</a>.</p>
+
+<p><b>AES (Rijndael) Overview</b></p>
+<p>
+Rijndael (pronounced as in "rain doll" or "rhine dahl") is a block
+cipher designed by Joan Daemen and Vincent Rijmen, both cryptographers
+in Belgium. Rijndael can operate over a variable-length block using
+variable-length keys; the <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/rijndaeldocV2.zip">version 2 specification</a>
+submitted to NIST describes use of a 128-, 192-, or 256-bit key to
+encrypt data blocks that are 128, 192, or 256 bits long; note that all
+nine combinations of key length and block length are possible. The
+algorithm is written in such a way that block length and/or key length
+can easily be extended in multiples of 32 bits and it is specifically
+designed for efficient implementation in hardware or software on a
+range of processors. The design of Rijndael was strongly influenced by
+the block cipher called <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/square/index.html"><i> Square</i></a>, also designed by Daemen and Rijmen.</p>
+<p>
+Rijndael is an iterated block cipher, meaning that the initial input
+block and cipher key undergoes multiple rounds of transformation before
+producing the output. Each intermediate cipher result is called a <i>State</i>.</p>
+<p>
+For ease of description, the block and cipher key are often represented
+as an array of columns where each array has 4 rows and each column
+represents a single byte (8 bits). The number of columns in an array
+representing the state or cipher key, then, can be calculated as the
+block or key length divided by 32 (32 bits = 4 bytes). An array
+representing a State will have <b>Nb</b> columns, where <b>Nb</b>
+values of 4, 6, and 8 correspond to a 128-, 192-, and 256-bit block,
+respectively. Similarly, an array representing a Cipher Key will have <b>Nk</b> columns, where <b>Nk</b> values of 4, 6, and 8 correspond to a 128-, 192-, and 256-bit key, respectively. An example of a 128-bit State (<b>Nb</b>=4) and 192-bit Cipher Key (<b>Nk</b>=6) is shown below:</p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td>
+<table border="1">
+<tbody><tr>
+<td>s<sub>0,0</sub></td>
+<td>s<sub>0,1</sub></td>
+<td>s<sub>0,2</sub></td>
+<td>s<sub>0,3</sub></td></tr>
+<tr>
+<td>s<sub>1,0</sub></td>
+<td>s<sub>1,1</sub></td>
+<td>s<sub>1,2</sub></td>
+<td>s<sub>1,3</sub></td></tr>
+<tr>
+<td>s<sub>2,0</sub></td>
+<td>s<sub>2,1</sub></td>
+<td>s<sub>2,2</sub></td>
+<td>s<sub>2,3</sub></td></tr>
+<tr>
+<td>s<sub>3,0</sub></td>
+<td>s<sub>3,1</sub></td>
+<td>s<sub>3,2</sub></td>
+<td>s<sub>3,3</sub></td></tr>
+</tbody></table>
+
+</td><td width="100">&nbsp;
+
+</td><td>
+<table border="1">
+<tbody><tr>
+<td>k<sub>0,0</sub></td>
+<td>k<sub>0,1</sub></td>
+<td>k<sub>0,2</sub></td>
+<td>k<sub>0,3</sub></td>
+<td>k<sub>0,4</sub></td>
+<td>k<sub>0,5</sub></td></tr>
+<tr>
+<td>k<sub>1,0</sub></td>
+<td>k<sub>1,1</sub></td>
+<td>k<sub>1,2</sub></td>
+<td>k<sub>1,3</sub></td>
+<td>k<sub>1,4</sub></td>
+<td>k<sub>1,5</sub></td></tr>
+<tr>
+<td>k<sub>2,0</sub></td>
+<td>k<sub>2,1</sub></td>
+<td>k<sub>2,2</sub></td>
+<td>k<sub>2,3</sub></td>
+<td>k<sub>2,4</sub></td>
+<td>k<sub>2,5</sub></td></tr>
+<tr>
+<td>k<sub>3,0</sub></td>
+<td>k<sub>3,1</sub></td>
+<td>k<sub>3,2</sub></td>
+<td>k<sub>3,3</sub></td>
+<td>k<sub>3,4</sub></td>
+<td>k<sub>3,5</sub></td></tr>
+</tbody></table>
+</td></tr></tbody></table>
+
+<p>
+The number of transformation rounds (<b>Nr</b>) in Rijndael is a function of the block length and key length, and is given by the table below:</p>
+
+<table align="center" border="1">
+<tbody><tr>
+<th colspan="2" rowspan="2">No. of Rounds<br>Nr
+</th><th colspan="3">Block Size
+</th></tr><tr>
+<th>128 bits<br>Nb = 4
+</th><th>192 bits<br>Nb = 6
+</th><th>256 bits<br>Nb = 8
+
+</th></tr><tr>
+<th rowspan="3" valign="center">Key<br>Size
+</th><th align="center">128 bits<br>Nk = 4
+</th><td align="center">10
+</td><td align="center">12
+</td><td align="center">14
+</td></tr><tr>
+<th align="center">192 bits<br>Nk = 6
+</th><td align="center">12
+</td><td align="center">12
+</td><td align="center">14
+</td></tr><tr>
+<th align="center">256 bits<br>Nk = 8
+</th><td align="center">14
+</td><td align="center">14
+</td><td align="center">14
+</td></tr></tbody></table>
+
+<p>
+Now, having said all of this, the AES version of Rijndael does not
+support all nine combinations of block and key lengths, but only the
+subset using a 128-bit block size. NIST calls these supported variants
+AES-128, AES-192, and AES-256 where the number refers to the key size.
+The <b>Nb</b>, <b>Nk</b>, and <b>Nr</b> values supported in AES are:</p>
+
+<table align="center" border="1">
+<tbody><tr>
+<th>
+</th><th colspan="3">Parameters
+</th></tr><tr>
+<th width="100">Variant
+</th><th width="75">Nb
+</th><th width="75">Nk
+</th><th width="75">Nr
+</th></tr><tr>
+<th>AES-128
+</th><td align="center">4
+</td><td align="center">4
+</td><td align="center">10
+</td></tr><tr>
+<th>AES-192
+</th><td align="center">4
+</td><td align="center">6
+</td><td align="center">12
+</td></tr><tr>
+<th>AES-256
+</th><td align="center">4
+</td><td align="center">8
+</td><td align="center">14
+</td></tr></tbody></table>
+
+<p>
+The AES/Rijndael cipher itself has three operational stages:</p>
+<ul>
+<li> AddRound Key transformation
+</li><li> <b>Nr</b>-1 Rounds comprising:
+<ul>
+<li> SubBytes transformation
+</li><li> ShiftRows transformation
+</li><li> MixColumns transformation
+</li><li> AddRoundKey transformation
+</li></ul>
+</li><li> A final Round comprising:
+<ul>
+<li> SubBytes transformation
+</li><li> ShiftRows transformation
+</li><li> AddRoundKey transformation
+</li></ul>
+</li></ul>
+
+<p>
+The paragraphs below will describe the operations mentioned above. The
+nomenclature used below is taken from the AES specification although
+references to the Rijndael specification are made for completeness. The
+arrays <i>s</i> and <i>s'</i> refer to the State before and after a transformation, respectively (<b>NOTE:</b>
+The Rijndael specification uses the array nomenclature a and b to refer
+to the before and after States, respectively). The subscripts <i>i</i> and <i>j</i> are used to indicate byte locations within the State (or Cipher Key) array.</p>
+
+<p><b>The SubBytes transformation</b></p><p>
+</p><p>
+The substitute bytes (called <i>ByteSub</i> in Rijndael) transformation operates on each of the State bytes independently and changes the byte value. An S-box, or <i>substitution table</i>,
+controls the transformation. The characteristics of the S-box
+transformation as well as a compliant S-box table are provided in the
+AES specification; as an example, an input State byte value of 107
+(0x6b) will be replaced with a 127 (0x7f) in the output State and an
+input value of 8 (0x08) would be replaced with a 48 (0x30).</p><p>
+</p><p>
+One way to think of the SubBytes transformation is that a given byte in
+State s is given a new value in State s' according to the S-box. The
+S-box, then, is a function on a byte in State s so that:</p>
+
+<p align="center">s'<sub>i,j</sub> = S-box (s<sub>i,j</sub>)</p>
+
+<p>
+The more general depiction of this transformation is shown by:</p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td>
+<table border="1">
+<tbody><tr>
+<td>s<sub>0,0</sub></td>
+<td>s<sub>0,1</sub></td>
+<td>s<sub>0,2</sub></td>
+<td>s<sub>0,3</sub></td></tr>
+<tr>
+<td>s<sub>1,0</sub></td>
+<td>s<sub>1,1</sub></td>
+<td>s<sub>1,2</sub></td>
+<td>s<sub>1,3</sub></td></tr>
+<tr>
+<td>s<sub>2,0</sub></td>
+<td>s<sub>2,1</sub></td>
+<td>s<sub>2,2</sub></td>
+<td>s<sub>2,3</sub></td></tr>
+<tr>
+<td>s<sub>3,0</sub></td>
+<td>s<sub>3,1</sub></td>
+<td>s<sub>3,2</sub></td>
+<td>s<sub>3,3</sub></td></tr>
+</tbody></table>
+
+</td><td>
+<table border="0">
+<tbody><tr><td>====&gt;</td></tr>
+</tbody></table>
+
+</td><td>
+<table border="1">
+<tbody><tr><td>S-box</td></tr>
+</tbody></table>
+
+</td><td>
+<table border="0">
+<tbody><tr><td>====&gt;</td></tr>
+</tbody></table>
+
+</td><td>
+<table border="1">
+<tbody><tr>
+<td>s'<sub>0,0</sub></td>
+<td>s'<sub>0,1</sub></td>
+<td>s'<sub>0,2</sub></td>
+<td>s'<sub>0,3</sub></td></tr>
+<tr>
+<td>s'<sub>1,0</sub></td>
+<td>s'<sub>1,1</sub></td>
+<td>s'<sub>1,2</sub></td>
+<td>s'<sub>1,3</sub></td></tr>
+<tr>
+<td>s'<sub>2,0</sub></td>
+<td>s'<sub>2,1</sub></td>
+<td>s'<sub>2,2</sub></td>
+<td>s'<sub>2,3</sub></td></tr>
+<tr>
+<td>s'<sub>3,0</sub></td>
+<td>s'<sub>3,1</sub></td>
+<td>s'<sub>3,2</sub></td>
+<td>s'<sub>3,3</sub></td></tr>
+</tbody></table>
+</td></tr></tbody></table>
+
+<p><b>The ShiftRows transformation</b></p><p>
+</p><p>
+The shift rows (called <i>ShiftRow</i> in Rijndael)
+transformation cyclically shifts the bytes in the bottom three rows of
+the State array. According to the more general Rijndael specification,
+rows 2, 3, and 4 are cyclically left-shifted by C1, C2, and C3 bytes,
+respectively, per the table below:</p>
+
+<table align="center" border="1">
+<tbody><tr>
+<th>Nb
+</th><td align="center">C1
+</td><td align="center">C2
+</td><td align="center">C3
+</td></tr><tr>
+<td align="center">4
+</td><td align="center">1
+</td><td align="center">2
+</td><td align="center">3
+</td></tr><tr>
+<td align="center">6
+</td><td align="center">1
+</td><td align="center">2
+</td><td align="center">3
+</td></tr><tr>
+<td align="center">8
+</td><td align="center">1
+</td><td align="center">3
+</td><td align="center">4
+</td></tr></tbody></table>
+
+<p>
+The current version of AES, of course, only allows a block size of 128 bits (<b>Nb</b> = 4) so that C1=1, C2=2, and C3=3. The diagram below shows the effect of the ShiftRows transformation on State s:</p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td>
+<table border="1">
+<caption>State s</caption>
+<tbody><tr>
+<td>s<sub>0,0</sub></td>
+<td>s<sub>0,1</sub></td>
+<td>s<sub>0,2</sub></td>
+<td>s<sub>0,3</sub></td></tr>
+<tr>
+<td>s<sub>1,0</sub></td>
+<td>s<sub>1,1</sub></td>
+<td>s<sub>1,2</sub></td>
+<td>s<sub>1,3</sub></td></tr>
+<tr>
+<td>s<sub>2,0</sub></td>
+<td>s<sub>2,1</sub></td>
+<td>s<sub>2,2</sub></td>
+<td>s<sub>2,3</sub></td></tr>
+<tr>
+<td>s<sub>3,0</sub></td>
+<td>s<sub>3,1</sub></td>
+<td>s<sub>3,2</sub></td>
+<td>s<sub>3,3</sub></td></tr>
+</tbody></table>
+
+</td><td>
+<table border="0">
+<caption>&nbsp;</caption>
+<tbody><tr><td>----------- no shift -----------&gt;<sub>&nbsp;</sub></td></tr>
+<tr><td>----&gt; left-shift by C1 (1) ----&gt;<sub>&nbsp;</sub></td></tr>
+<tr><td>----&gt; left-shift by C2 (2) ----&gt;<sub>&nbsp;</sub></td></tr>
+<tr><td>----&gt; left-shift by C3 (3) ----&gt;<sub>&nbsp;</sub></td></tr>
+</tbody></table>
+
+</td><td>
+<table border="1">
+<caption>State s'</caption>
+<tbody><tr>
+<td>s<sub>0,0</sub></td>
+<td>s<sub>0,1</sub></td>
+<td>s<sub>0,2</sub></td>
+<td>s<sub>0,3</sub></td></tr>
+<tr>
+<td>s<sub>1,1</sub></td>
+<td>s<sub>1,2</sub></td>
+<td>s<sub>1,3</sub></td>
+<td>s<sub>1,0</sub></td></tr>
+<tr>
+<td>s<sub>2,2</sub></td>
+<td>s<sub>2,3</sub></td>
+<td>s<sub>2,0</sub></td>
+<td>s<sub>2,1</sub></td></tr>
+<tr>
+<td>s<sub>3,3</sub></td>
+<td>s<sub>3,0</sub></td>
+<td>s<sub>3,1</sub></td>
+<td>s<sub>3,2</sub></td></tr>
+</tbody></table>
+</td></tr></tbody></table>
+
+<p><b>The MixColumns transformation</b></p><p>
+</p><p>
+The mix columns (called <i>MixColumn</i> in Rijndael)
+transformation uses a mathematical function to transform the values of
+a given column within a State, acting on the four values at one time as
+if they represented a four-term polynomial. In essence, if you think of
+MixColumns as a function, this could be written:</p>
+
+<p align="center">s'<sub>i,c</sub> = MixColumns (s<sub>i,c</sub>)</p>
+
+<p>
+for 0&lt;=i&lt;=3 for some column, c. The column position doesn't change, merely the values within the column.</p>
+
+<p><b>Round Key generation and the AddRoundKey transformation</b></p><p>
+</p><p>
+The AES Cipher Key can be 128, 192, or 256 bits in length. The Cipher
+Key is used to derive a different key to be applied to the block during
+each round of the encryption operation. These keys are called the Round
+Keys and each will be the same length as the block, i.e., <b>Nb</b> 32-bit words (words will be denoted W).</p>
+<p>
+The AES specification defines a key schedule by which the original Cipher Key (of length <b>Nk</b> 32-bit words) is used to form an <i>Expanded Key</i>. The Expanded Key size is equal to the block size times the number of encryption rounds plus 1, which will provide <b>Nr</b>+1 different keys. (Note that there are <b>Nr</b> encipherment rounds but <b>Nr</b>+1 AddRoundKey transformations.)</p>
+<p>
+Consider that AES uses a 128-bit block and either 10, 12, or 14
+iterative rounds depending upon key length. With a 128-bit key, for
+example, we would need 1408 bits of key material (128x11=1408), or an
+Expanded Key size of 44 32-bit words (44x32=1408). Similarly, a 192-bit
+key would require 1664 bits of key material (128x13), or 52 32-bit
+words, while a 256-bit key would require 1920 bits of key material
+(128x15), or 60 32-bit words. The key expansion mechanism, then, starts
+with the 128-, 192-, or 256-bit Cipher Key and produces a 1408-, 1664-,
+or 1920-bit Expanded Key, respectively. The original Cipher Key
+occupies the first portion of the Expanded Key and is used to produce
+the remaining new key material.</p><p>
+</p><p>
+The result is an Expanded Key that can be thought of and used as 11,
+13, or 15 separate keys, each used for one AddRoundKey operation.
+These, then, are the <i>Round Keys</i>. The diagram below shows an example using a 192-bit Cipher Key (<b>Nk</b>=6), shown in <font color="magenta"><i><b>magenta italics</b></i></font>:</p>
+
+<table align="center" border="1">
+<tbody><tr>
+<th>Expanded Key:
+</th><td align="center"><font color="magenta"><b><i>W<sub>0</sub></i></b></font>
+</td><td align="center"><font color="magenta"><b><i>W<sub>1</sub></i></b></font>
+</td><td align="center"><font color="magenta"><b><i>W<sub>2</sub></i></b></font>
+</td><td align="center"><font color="magenta"><b><i>W<sub>3</sub></i></b></font>
+</td><td align="center"><font color="magenta"><b><i>W<sub>4</sub></i></b></font>
+</td><td align="center"><font color="magenta"><b><i>W<sub>5</sub></i></b></font>
+</td><td align="center">W<sub>6</sub>
+</td><td align="center">W<sub>7</sub>
+</td><td align="center">W<sub>8</sub>
+</td><td align="center">W<sub>9</sub>
+</td><td align="center">W<sub>10</sub>
+</td><td align="center">W<sub>11</sub>
+</td><td align="center">W<sub>12</sub>
+</td><td align="center">W<sub>13</sub>
+</td><td align="center">W<sub>14</sub>
+</td><td align="center">W<sub>15</sub>
+</td><td align="center">...
+</td><td align="center">W<sub>44</sub>
+</td><td align="center">W<sub>45</sub>
+</td><td align="center">W<sub>46</sub>
+</td><td align="center">W<sub>47</sub>
+</td><td align="center">W<sub>48</sub>
+</td><td align="center">W<sub>49</sub>
+</td><td align="center">W<sub>50</sub>
+</td><td align="center">W<sub>51</sub>
+</td></tr><tr>
+<th>Round keys:
+</th><td colspan="4" align="center">Round key 0
+</td><td colspan="4" align="center">Round key 1
+</td><td colspan="4" align="center">Round key 2
+</td><td colspan="4" align="center">Round key 3
+</td><td align="center">...
+</td><td colspan="4" align="center">Round key 11
+</td><td colspan="4" align="center">Round key 12
+</td></tr></tbody></table>
+<p>
+The AddRoundKey (called <i>Round Key addition</i> in Rijndael)
+transformation merely applies each Round Key, in turn, to the State by
+a simple bit-wise exclusive OR operation. Recall that each Round Key is
+the same length as the block.</p>
+
+<p><b>Summary</b></p>
+<p>
+Ok, I hope that you've enjoyed reading this as much as I've enjoyed
+writing it &#8212; and now let me guide you out of the microdetail! Recall
+from the beginning of the AES overview that the cipher itself comprises
+a number of rounds of just a few functions:</p>
+<ul>
+<li> <i>SubBytes</i> takes the value of a word within a State and substitutes it with another value by a predefined S-box
+</li><li> <i>ShiftRows</i> circularly shifts each row in the State by some number of predefined bytes
+</li><li> <i>MixColumns</i> takes the value of a 4-word column within the State and changes the four values using a predefined mathematical function
+</li><li> <i>AddRoundKey</i> XORs a key that is the same length as the block, using an Expanded Key derived from the original Cipher Key
+</li></ul>
+
+<a name="fig17"></a><br>
+<table align="center" border="5" cellpadding="1">
+<tbody><tr><td><pre>Cipher (byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
+begin
+  byte state[4,Nb]
+
+  state = in
+
+  AddRoundKey(state, w)
+
+  for round = 1 step 1 to Nr-1
+    SubBytes(state)
+    ShiftRows(state)
+    MixColumns(state)
+    AddRoundKey(state, w+round*Nb)
+  end for
+
+  SubBytes(state)
+  ShiftRows(state)
+  AddRoundKey(state, w+Nr*Nb)
+
+  out = state
+end
+</pre>
+<br><br>
+<h4>FIGURE 17: AES pseudocode.</h4>
+</td></tr></tbody></table>
+
+<br>
+
+<p>
+As a last and final demonstration of the operation of AES, Figure 17 is
+a pseudocode listing for the operation of the AES cipher. In the code:</p>
+<ul>
+<li> <i>in[]</i> and <i>out[]</i> are 16-byte arrays with the plaintext
+and cipher text, respectively. (According to the specification, both of
+these arrays are actually 4*<b>Nb</b> bytes in length but <b>Nb</b>=4 in AES.)
+</li><li> <i>state[]</i> is a 2-dimensional array containing bytes in 4 rows and 4 columns. (According to the specification, this arrays is 4 rows by <b>Nb</b> columns.)
+</li><li> <i>w[]</i> is an array containing the key material and is 4*(<b>Nr</b>+1) words in length. (Again, according to the specification, the multiplier is actually <b>Nb</b>.)
+</li><li> <i>AddRoundKey()</i>, <i>SubBytes()</i>, <i>ShiftRows()</i>, and <i>MixColumns()</i> are functions representing the individual transformations.
+</li></ul>
+
+<br>
+<a name="stream"><h3>5.10. Cisco's Stream Cipher</h3></a>
+<p>
+Stream ciphers take advantage of the fact that:</p>
+<p align="center">
+x XOR y XOR y = x</p>
+<p>
+One of the encryption schemes employed by Cisco routers to encrypt
+passwords is a stream cipher. It uses the following fixed keystream
+(thanks also to Jason Fossen for independently extending and confirming
+this string):</p>
+<p align="center">
+<font face="courier">dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncx</font></p>
+<p>
+When a password is to be encrypted, the password function chooses a
+number between 0 and 15, and that becomes the offset into the
+keystream. Password characters are then XORed byte-by-byte with the
+keystream according to:</p>
+<p align="center">
+C<sub>i</sub> = P<sub>i</sub> XOR K<sub>(offset+i)</sub></p>
+<p>
+where K is the keystream, P is the plaintext password, and C is the ciphertext password.</p>
+<p>
+Consider the following example. Suppose we have the password <i>abcdefgh</i>. Converting the ASCII characters yields the hex string 0x6162636465666768.</p>
+<p>
+The keystream characters and hex code that supports an offset from 0 to 15 bytes and a password length up to 24 bytes is:</p>
+<p align="center"><font face="courier">
+&nbsp; d s f d ; k f o A , . i y e w r k l d J K D H S U B s g v c a 6 9 8 3 4 n c x<br>
+0x647366643b6b666f412c2e69796577726b6c644a4b4448535542736776636136393833346e6378</font></p>
+<p>
+Let's say that the function decides upon a keystream offset of 6 bytes.
+We then start with byte 6 of the keystream (start counting the offset
+at 0) and XOR with the password:</p>
+<p align="center"><font face="courier">
+ &nbsp; &nbsp; 0x666f412c2e697965<br>
+XOR 0x6162636465666768<br>
+ &nbsp; &nbsp; ------------------<br>
+ &nbsp; &nbsp; 0x070D22484B0F1E0D</font></p>
+<p>
+The password would now be displayed in the router configuration as:</p>
+<p align="center"><font face="courier">
+password 7 06070D22484B0F1E0D</font></p>
+<p>
+where the "7" indicates the encryption type, the leading "06" indicates
+the offset into the keystream, and the remaining bytes are the
+encrypted password characters. (Decryption is pretty trivial so that
+exercise is left to the reader. If you need some help with byte-wise
+XORing, see <a href="http://www.garykessler.net/library/byte_logic_table.html"><i> http://www.garykessler.net/library/byte_logic_table.html</i></a>.)</p>
+
+<br><br>
+<center><h3><font color="blue" face="arial"><a name="conclusion">6. CONCLUSION... OF SORTS</a></font></h3></center>
+<p>
+This paper has briefly described how cryptography works. The reader
+must beware, however, that there are a number of ways to attack every
+one of these systems; cryptanalysis and attacks on cryptosystems,
+however, are well beyond the scope of this paper. In the words of
+Sherlock Holmes (ok, Arthur Conan Doyle, really), "What one man can
+invent, another can discover" ("The Adventure of the Dancing Men").
+</p><p>Cryptography is a particularly interesting field because of the
+amount of work that is, by necessity, done in secret. The irony is that
+today, secrecy is <i>not</i>
+the key to the goodness of a cryptographic algorithm. Regardless of the
+mathematical theory behind an algorithm, the best algorithms are those
+that are well-known and well-documented because they are also
+well-tested and well-studied! In fact, <i>time</i> is the only true
+test of good cryptography; any cryptographic scheme that stays in use
+year after year is most likely a good one. The strength of cryptography
+lies in the choice (and management) of the keys; <a href="http://www.counterpane.com/keylength.html">longer keys will resist attack better than shorter keys</a>.</p>
+<p>
+The corollary to this is that consumers should run, not walk, away from
+any product that uses a proprietary cryptography scheme, ostensibly
+because the algorithm's secrecy is an advantage. This observation about
+not using "secret" crypto schemes has been a fundamental hallmark of
+cryptography for well over 100 years; it was first stated explicitly by
+Dutch linguist Auguste Kerckhoffs von Nieuwenhoff in his 1883 (yes, <b>18</b>83) text titled <i>La Cryptographie militaire</i>, and has therefore become known as "Kerckhoffs' Principle."</p>
+<br>
+
+<center><h3><font color="blue" face="arial"><a name="refs">7. REFERENCES AND FURTHER READING</a></font></h3></center>
+<ul>
+<li>Bamford, J. <i>Body of Secrets : Anatomy of the Ultra-Secret National Security Agency from the Cold War Through the Dawn of a New Century.</i> New York: Doubleday, 2001.
+</li><li>_____. <i>The Puzzle Palace: Inside the National Security Agency, America's most secret intelligence organization.</i> New York: Penguin Books, 1983.
+</li><li>Barr, T.H. <i>Invitation to Cryptology.</i> Upper Saddle River (NJ): Prentice Hall, 2002.
+</li><li>Bauer, F.L. <i>Decrypted Secrets: Methods and Maxims of Cryptology,</i> 2nd ed. New York: Springer Verlag, 2002.
+</li><li>Denning, D.E. <i>Cryptography and Data Security.</i> Reading (MA): Addison-Wesley, 1982.
+</li><li>Diffie, W. &amp; Landau, S. <i>Privacy on the Line.</i> Boston: MIT Press, 1998.
+</li><li>Electronic Frontier Foundation. <i>Cracking DES: Secrets of Encryption Research, Wiretap Politics &amp; Chip Design</i>. Sebastopol (CA): O'Reilly &amp; Associates, 1998.
+</li><li>Federal Information Processing Standards. "Security Requirements for Cryptographic Modules." <a href="http://csrc.ncsl.nist.gov/fips/fips1401.htm">FIPS 140-1 (Federal Information Processing Standards) publication</a>.
+</li><li>Ferguson, N. &amp; Schneier, B. <i>Practical Cryptography.</i> New York: John Wiley &amp; Sons, 2003.
+</li><li>Flannery, S. with Flannery, D. <i>In Code: A Mathematical Journey.</i> New York: Workman Publishing Company, 2001.
+</li><li>Ford, W. &amp; Baum, M.S. <i>Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption,</i>  2nd ed. Englewood Cliffs (NJ): Prentice Hall, 2001.
+</li><li>Garfinkel, S. <i>PGP: Pretty Good Privacy.</i> Sebastopol (CA):
+O'Reilly &amp; Associates, 1995.
+</li><li>Grant, G.L. <i>Understanding Digital Signatures: Establishing Trust over the Internet and Other Networks.</i> New York: Computing McGraw-Hill, 1997.
+</li><li>Grabbe, J.O. "<a href="http://www-swiss.ai.mit.edu/6.805/articles/money/cryptnum.htm">Cryptography and Number Theory for Digital Cash.</a>" Posted on the Internet 10/10/1997.
+</li><li>Kahn, D. <i>The Codebreakers: The Story of Secret Writing</i>, revised ed. New York: Scribner, 1996.
+</li><li>_____. <i>Kahn on Codes: Secrets of the New Cryptology.</i>
+New York: Macmillan, 1983.
+</li><li>Kaufman, C., Perlman, R., &amp; Speciner, M. <i>Network Security: Private Communication in a Public World</i>. Englewood Cliffs (NJ): Prentice Hall, 1995.
+</li><li>Kessler, G.C. "<a href="http://www.garykessler.net/library/nt_crypto.html">Basics of Cryptography and Applications for Windows NT.</a>" <i>Windows NT Magazine</i>, October 1999.
+</li><li>_____. "<a href="http://www.garykessler.net/library/roaming_pki.html">Roaming PKI.</a>" <i>Information Security Magazine</i>, February 2000.
+</li><li>_____ &amp; Pritsky, N.T. "<a href="http://www.garykessler.net/library/is_payment_systems.html">Internet Payment Systems: Status and Update on SSL/TLS, SET, and IOTP.</a>"
+<i>Information Security Magazine</i>, October 2000.
+</li><li>Koblitz, N. <i>A Course in Number Theory and Cryptography,</i> 2nd ed. New York: Springer-Verlag, 1994.
+</li><li>Levy, S. <i>Crypto: When the Code Rebels Beat the Government &#8212; Saving Privacy in the Digital Age.</i> New York: Viking Press, 2001.
+</li><li>_____. "<a href="http://www.wired.com/wired/archive/7.04/crypto.html">The Open Secret</a>." <i>WIRED Magazine</i>, April 1999.
+</li><li>Mao, W. <i>Modern Cryptography: Theory &amp; Practice</i>. Upper Saddle River (NJ): Prentice Hall Professional Technical Reference, 2004.
+</li><li>Marks, L. <i>BETWEEN SILK AND CYANIDE: A Codemaker's War, 1941-1945</i>. New York: The Free Press (Simon &amp; Schuster), 1998.
+</li><li>Schneier, B. <i>Applied Cryptography</i>, 2nd ed. New York: John Wiley &amp; Sons, 1996.
+</li><li>_____. <i>Secrets &amp; Lies: Digital Security in a Networked World</i>. New York, John Wiley &amp; Sons, 2000.
+</li><li>Singh, S. <i>The Code Book: The Evolution of Secrecy from Mary Queen of Scots to Quantum Cryptography.</i> New York: Doubleday, 1999.
+</li><li>Smith, L.D. <i>Cryptography: The Science of Secret Writing.</i> New York: Dover Publications, originally published 1943.
+</li><li>Spillman, R.J. <i>Classical and Contemporary Cryptology</i>. Upper Saddle River (NJ): Pearson Prentice-Hall, 2005.
+</li><li>Stallings, W. <i>Cryptography and Network Security: Principles and Practice</i>, 4th ed. Englewood Cliffs (NJ): Prentice Hall, 2006.
+</li><li>_____, (ed.) <i>Practical Cryptography for Data Internetworks.</i> Los Alamitos (CA): IEEE Computer Society Press, 1996.
+</li><li>Trappe, W. &amp; Washington, L.C. <i>Introduction to Cryptography with Codin Theory</i>, 2nd ed. Upper Saddle River (NJ): Pearson Prentice Hall, 2006.
+<br><br>
+</li><li>On the Web:
+<ul>
+<li><a href="http://www.cs.purdue.edu/coast/hotlist/">COAST Hotlist of Security Sites</a>
+</li><li><a href="http://www.counterpane.com/">Counterpane Systems</a>
+</li><li><a href="http://www.cryptography.com/">Cryptography Research Inc.'s cryptography.com Site</a>
+</li><li><a href="http://www.enter.net/%7Echronos/cryptolog1.html">CryptoLog: The Internet Guide to Cryptography</a>
+</li><li><a href="ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html">Cypherpunks WWW Page</a>
+</li><li><a href="http://www.icsa.com/">International Computer Security Association WWW Site</a>
+</li><li><a href="http://www.ietf.org/html.charters/wg-dir.html#Security_Area">Internet Engineering Task Force (IETF) Security Area</a>
+<ul>
+<li><a href="http://www.ietf.org/html.charters/openpgp-charter.html"> An Open Specification for Pretty Good Privacy (openpgp)</a>
+</li><li><a href="http://www.ietf.org/html.charters/cat-charter.html"> Common Authentication Technology (cat)</a>
+</li><li><a href="http://www.ietf.org/html.charters/ipsec-charter.html"> IP Security Protocol (ipsec)</a>
+</li><li><a href="http://www.ietf.org/html.charters/otp-charter.html"> One Time Password Authentication (otp)</a>
+</li><li><a href="http://www.ietf.org/html.charters/pkix-charter.html"> Public-Key Infrastructure (X.509) (pkix)</a>
+</li><li><a href="http://www.ietf.org/html.charters/smime-charter.html"> S/MIME Mail Security (smime)</a>
+</li><li><a href="http://www.ietf.org/html.charters/spki-charter.html"> Simple Public Key Infrastructure (spki)</a>
+</li><li><a href="http://www.ietf.org/html.charters/tls-charter.html"> Transport Layer Security (tls)</a>
+</li><li><a href="http://www.ietf.org/html.charters/wts-charter.html"> Web Transaction Security (wts)</a>
+</li><li><a href="http://www.ietf.org/html.charters/xmldsig-charter.html"> XML Digital Signatures (xmldsig)</a>
+</li></ul>
+</li><li><a href="http://www.pdc.kth.se/kth-krb/"> Kerberos Web Page</a>
+</li><li><a href="http://web.mit.edu/kerberos/www/"> Kerberos: The Network Authentication Protocol</a> (MIT)
+</li><li><a href="http://nsi.org/marketplace.html"> National Security Institute's List of Security Products &amp; Services</a>
+</li><li><a href="http://www.cs.auckland.ac.nz/%7Epgut001/tutorial/index.html"> Peter Gutman's godzilla crypto tutorial</a>
+</li><li>Pretty Good Privacy (PGP):
+<ul>
+<li><a href="http://www.pgpi.org/"> The International PGP Home Page</a>
+</li><li><a href="http://web.mit.edu/network/pgp.html"> MIT Distribution Site for PGP</a>
+</li><li><a href="http://www.openpgp.org/"> The OpenPGP Alliance</a>
+</li></ul>
+</li><li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2152"> RSA's Cryptography FAQ</a>
+</li><li><a href="http://theory.lcs.mit.edu/%7Erivest/crypto-security.html"> Ron Rivest's "Cryptography and Security" Page</a>
+</li><li><a href="http://www.cs.berkeley.edu/%7Edaw/people/crypto.html"> "List of Cryptographers" from U.C. Berkeley</a>
+</li><li><a href="http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/"> Yahoo! crypto pages</a>
+</li></ul>
+<br>
+</li><li>Software:
+<ul>
+<li><a href="http://www.eskimo.com/%7Eweidai/cryptlib.html"> Wei Dai's Crypto++ 3.0, a free C++ class library of cryptographic primitives</a>
+</li><li><a href="http://www.cs.auckland.ac.nz/%7Epgut001/cryptlib/index.html"> Peter Gutman's cryptlib security toolkit</a>
+</li><li> A program to decode Cisco type 7 passwords can be found at <a href="http://www.garykessler.net/download/cisco7.zip"><i> http://www.garykessler.net/download/cisco7.zip</i></a>. A version for the Palm OS can be found at @stake's Web site at <a href="http://www.atstake.com/research/tools/index.html"><i> http://www.atstake.com/research/tools/index.html</i></a>.
+</li><li><a href="http://csrc.nist.gov/encryption/aes/rijndael/">Rijndael ANSI C reference code and other implementations</a>
+</li></ul>
+</li></ul>
+
+<p>
+And for a purely enjoyable fiction book that combines cryptography and history, check out Neal Stephenson's <i><a href="http://www.cryptonomicon.com/">Crytonomicon</a></i>
+(published May 1999). You will also find in it a new secure crypto
+scheme based upon an ordinary deck of cards (ok, you need the
+jokers...) called the <a href="http://www.counterpane.com/solitaire.html">Solitaire Encryption Algorithm</a>, developed by Bruce Schneier.</p>
+
+<table align="center" border="0">
+<tbody><tr>
+<td><img src="crypto_files/crypto_2600des.gif">
+</td><td>
+<p>
+Finally, I am not in the clothing business although I do have an
+impressive t-shirt collection (over 350 and counting!). If you want to
+proudly wear the DES (well, actually the IDEA) encryption algorithm, be
+sure to see <i>2600 Magazine</i>'s DES Encryption Shirt, found at <a href="http://store.yahoo.com/2600hacker/desenshir.html"> <i>http://store.yahoo.com/2600hacker/desenshir.html</i></a> (left). A t-shirt with Adam Back's RSA Perl code can be found at <a href="http://www.cypherspace.org/%7Eadam/uk-shirt.html"> <i>http://www.cypherspace.org/~adam/uk-shirt.html</i></a> (right).</p>
+</td><td><img src="crypto_files/crypto_backrsa.jpg">
+</td></tr></tbody></table>
+
+<br>
+<center><h3><font color="blue" face="arial"><a name="mathnotes">APPENDIX. SOME MATH NOTES</a></font></h3></center>
+<p>
+A number of readers over time have asked for some rudimentary
+background on a few of the less well-known mathematical functions
+mentioned in this paper. Although this is purposely <b>not</b>
+a mathematical treatise, some of the math functions mentioned here are
+essential to grasping how modern crypto functions work. To that end,
+some of the mathematical functions mentioned in this paper are defined
+in greater detail below.</p>
+
+<a name="xor"><h3>A.1. The Exclusive-OR (XOR) Function</h3></a>
+<p>
+Exclusive OR (XOR) is one of the fundamental mathematical operations
+used in cryptography (and many other applications). George Boole, a
+mathematician in the late 1800s, invented a new form of "algebra" that
+provides the basis for building electronic computers and microprocessor
+chips. Boole defined a bunch of primitive logical operations where
+there are one or two inputs and a single output depending upon the
+operation; the input and output are either TRUE or FALSE. The most
+elemental Boolean operations are:</p>
+<ul>
+<li> NOT: The output value is the inverse of the input value (i.e., the
+output is TRUE if the input is false, FALSE if the input is true)
+</li><li> AND: The output is TRUE if all inputs are true, otherwise
+FALSE. (E.g., "the sky is blue AND the world is flat" is FALSE while
+"the sky is blue AND security is a process" is TRUE.)
+</li><li> OR: The output is TRUE if either or both inputs are true,
+otherwise FALSE. (E.g., "the sky is blue OR the world is flat" is TRUE
+and "the sky is blue OR security is a process" is TRUE.)
+</li><li> XOR (Exclusive OR): The output is TRUE if exactly one of the
+inputs is TRUE, otherwise FALSE. (E.g., "the sky is blue XOR the world
+is flat" is TRUE while "the sky is blue XOR security is a process" is
+FALSE.)
+</li></ul>
+
+<p>
+I'll only discuss XOR for now and demonstrate its function by the use of a so-called <i>truth tables</i>. In computers, Boolean logic is implemented in <i>logic gates</i>; for design purposes, XOR has two inputs and a single output, and its logic diagram looks like this:</p>
+
+<table align="center" border="1" cellpadding="4" cellspacing="4">
+<tbody><tr>
+<td align="center"><font color="red"><b>XOR</b></font></td>
+<td align="center"><b>0</b></td>
+<td align="center"><b>1</b></td>
+</tr>
+<tr>
+<td align="center"><b>0</b></td>
+<td align="center"><font color="red"><b>0</b></font></td>
+<td align="center"><font color="red"><b>1</b></font></td>
+</tr>
+<tr>
+<td align="center"><b>1</b></td>
+<td align="center"><font color="red"><b>1</b></font></td>
+<td align="center"><font color="red"><b>0</b></font></td>
+</tr>
+</tbody></table>
+
+<p>So, in an XOR operation, the output will be a 1 if one input is a 1;
+otherwise, the output is 0. The real significance of this is to look at
+the "identity properties" of XOR. In particular, any value XORed with
+itself is 0 and any value XORed with 0 is just itself. Why does this
+matter? Well, if I take my plaintext and XOR it with a key, I get a
+jumble of bits. If I then take that jumble and XOR it with the same
+key, I return to the original plaintext.</p>
+<p>
+<b>NOTE:</b> Boolean truth tables usually show the inputs and output as
+a single bit because they are based on single bit inputs, namely, TRUE
+and FALSE. In addition, we tend to apply Boolean operations bit-by-bit.
+For convenience, I have created <a href="http://www.garykessler.net/library/byte_logic_table.html">Boolean logic tables when operating on bytes</a>.</p>
+
+<a name="modulo"><h3>A.2. The <i>modulo</i> Function</h3></a>
+<p>
+The <i>modulo</i> function is, simply, the remainder function. It
+is commonly used in programming and is critical to the operation of any
+mathematical function using digital computers.</p>
+<p>
+To calculate <i>X modulo Y</i> (usually written <i>X mod Y</i>),
+you merely determine the remainder after removing all multiples of Y
+from X. Clearly, the value X mod Y will be in the range from 0 to Y-1.</p>
+<p>
+Some examples should clear up any remaining confusion:</p>
+<ul>
+<li> 15 mod 7 = 1
+</li><li> 25 mod 5 = 0
+</li><li> 33 mod 12 = 9
+</li><li> 203 mod 256 = 203
+</li></ul>
+<p>
+Modulo arithmetic is useful in crypto because it allows us to set the
+size of an operation and be sure that we will never get numbers that
+are too large. This is an important consideration when using digital
+computers.</p>
+
+<br>
+<center><h3><font color="blue" face="arial"><a name="author">ABOUT THE AUTHOR</a></font></h3></center>
+<p>
+<a href="http://www.garykessler.net/gck.html">Gary Kessler</a> is an Associate Professor at <a href="http://www.champlain.edu/">Champlain College</a> in Burlington, VT, where he is the director of the <a href="http://networking.champlain.edu/">Computer Networking</a> and <a href="http://digitalforensics.champlain.edu/">Computer &amp; Digital Forensics</a> programs. He is also the president and janitor of <a href="http://www.garykessler.net/">Gary Kessler Associates</a>,
+an independent consulting and training firm specializing in computer
+and network security, computer forensics, Internet access issues, and
+TCP/IP networking. He has written over 60 papers for industry
+publications, is co-author of <a href="http://www.garykessler.net/library/isdnbook.html">ISDN, 4th. edition</a> (McGraw-Hill, 1998), and is a contributor to <i>Information Security Magazine</i>. Gary's e-mail address is <i><a href="mailto:kumquat@sover.net">kumquat@sover.net</a></i> and his PGP public key can be found at <i><a href="http://www.garykessler.net/kumquat_pubkey.html"> http://www.garykessler.net/kumquat_pubkey.html</a></i> or on <a href="http://pgpkeys.mit.edu:11371/">MIT's PGP keyserver</a>. Some of Gary's other crypto pointers of interest on the Web can be found at his <a href="http://www.garykessler.net/library/securityurl.html#crypto">Security-related URLs</a> list.</p>
+</li></font></ol></blockquote>
+
+<font size="3"><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
+
+</font></body></html>
\ No newline at end of file
diff --git a/www/test_dir/some_text.txt b/www/test_dir/some_text.txt
new file mode 100644
index 0000000000..041831f7dd
--- /dev/null
+++ b/www/test_dir/some_text.txt
@@ -0,0 +1 @@
+This is some text.
diff --git a/www/test_dir/test_cgi.php b/www/test_dir/test_cgi.php
new file mode 100755
index 0000000000..5171ff3e75
--- /dev/null
+++ b/www/test_dir/test_cgi.php
@@ -0,0 +1,6 @@
+#!/usr/bin/php
+
+<?
+phpinfo();
+?>
+

From 6e4f13519ce1962b54ca4875835d8d4e55092c8e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 Jul 2006 02:03:33 +0000
Subject: [PATCH 002/301] Initial 1.00

git-svn-id: svn://svn.code.sf.net/p/axtls/code/axTLS@4 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/.config          | 107 ---------------------------------
 config/.config.old      | 107 ---------------------------------
 config/.config.tmp      |  11 ----
 config/awhttpd.back.aip | 128 ----------------------------------------
 config/awhttpd.msi      | Bin 681472 -> 0 bytes
 5 files changed, 353 deletions(-)
 delete mode 100644 config/.config
 delete mode 100644 config/.config.old
 delete mode 100644 config/.config.tmp
 delete mode 100644 config/awhttpd.back.aip
 delete mode 100755 config/awhttpd.msi

diff --git a/config/.config b/config/.config
deleted file mode 100644
index 092035ebf2..0000000000
--- a/config/.config
+++ /dev/null
@@ -1,107 +0,0 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-CONFIG_PLATFORM_CYGWIN=y
-# CONFIG_PLATFORM_SOLARIS is not set
-# CONFIG_PLATFORM_WIN32 is not set
-
-#
-# General Configuration
-#
-# CONFIG_DEBUG is not set
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-# CONFIG_SSL_FULL_MODE is not set
-CONFIG_SSL_SKELETON_MODE=y
-# CONFIG_SSL_PROT_LOW is not set
-# CONFIG_SSL_PROT_MEDIUM is not set
-# CONFIG_SSL_PROT_HIGH is not set
-# CONFIG_SSL_USE_DEFAULT_KEY is not set
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-# CONFIG_SSL_HAS_PEM is not set
-# CONFIG_SSL_USE_PKCS12 is not set
-CONFIG_SSL_EXPIRY_TIME=0
-CONFIG_X509_MAX_CA_CERTS=0
-CONFIG_SSL_MAX_CERTS=2
-CONFIG_USE_DEV_URANDOM=y
-# CONFIG_WIN32_USE_CRYPTO_LIB is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AWHTTPD=y
-
-#
-# Awhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_HAS_SSL=y
-CONFIG_HTTP_HTTPS_PORT=443
-# CONFIG_STANDARD_AWHTTPD is not set
-CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_PORT=80
-# CONFIG_HTTP_USE_TIMEOUT is not set
-CONFIG_HTTP_TIMEOUT=0
-CONFIG_HTTP_INITIAL_SLOTS=10
-CONFIG_HTTP_MAX_USERS=100
-CONFIG_HTTP_HAS_CGI=y
-CONFIG_HTTP_CGI_EXTENSION=".php"
-CONFIG_HTTP_DIRECTORIES=y
-# CONFIG_HTTP_PERM_CHECK is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_VERBOSE=y
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-CONFIG_CSHARP_BINDINGS=y
-CONFIG_VBNET_BINDINGS=y
-
-#
-# .Net Framework
-#
-CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-CONFIG_JAVA_BINDINGS=y
-
-#
-# Java Home
-#
-CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-CONFIG_CSHARP_SAMPLES=y
-CONFIG_VBNET_SAMPLES=y
-CONFIG_JAVA_SAMPLES=y
-# CONFIG_PERL_SAMPLES is not set
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-# CONFIG_BIGINT_BARRETT is not set
-# CONFIG_BIGINT_CRT is not set
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-# CONFIG_BIGINT_SLIDING_WINDOW is not set
-# CONFIG_BIGINT_SQUARE is not set
-# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/.config.old b/config/.config.old
deleted file mode 100644
index 092035ebf2..0000000000
--- a/config/.config.old
+++ /dev/null
@@ -1,107 +0,0 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-CONFIG_PLATFORM_CYGWIN=y
-# CONFIG_PLATFORM_SOLARIS is not set
-# CONFIG_PLATFORM_WIN32 is not set
-
-#
-# General Configuration
-#
-# CONFIG_DEBUG is not set
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-# CONFIG_SSL_FULL_MODE is not set
-CONFIG_SSL_SKELETON_MODE=y
-# CONFIG_SSL_PROT_LOW is not set
-# CONFIG_SSL_PROT_MEDIUM is not set
-# CONFIG_SSL_PROT_HIGH is not set
-# CONFIG_SSL_USE_DEFAULT_KEY is not set
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-# CONFIG_SSL_HAS_PEM is not set
-# CONFIG_SSL_USE_PKCS12 is not set
-CONFIG_SSL_EXPIRY_TIME=0
-CONFIG_X509_MAX_CA_CERTS=0
-CONFIG_SSL_MAX_CERTS=2
-CONFIG_USE_DEV_URANDOM=y
-# CONFIG_WIN32_USE_CRYPTO_LIB is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AWHTTPD=y
-
-#
-# Awhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_HAS_SSL=y
-CONFIG_HTTP_HTTPS_PORT=443
-# CONFIG_STANDARD_AWHTTPD is not set
-CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_PORT=80
-# CONFIG_HTTP_USE_TIMEOUT is not set
-CONFIG_HTTP_TIMEOUT=0
-CONFIG_HTTP_INITIAL_SLOTS=10
-CONFIG_HTTP_MAX_USERS=100
-CONFIG_HTTP_HAS_CGI=y
-CONFIG_HTTP_CGI_EXTENSION=".php"
-CONFIG_HTTP_DIRECTORIES=y
-# CONFIG_HTTP_PERM_CHECK is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_VERBOSE=y
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-CONFIG_CSHARP_BINDINGS=y
-CONFIG_VBNET_BINDINGS=y
-
-#
-# .Net Framework
-#
-CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-CONFIG_JAVA_BINDINGS=y
-
-#
-# Java Home
-#
-CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-CONFIG_CSHARP_SAMPLES=y
-CONFIG_VBNET_SAMPLES=y
-CONFIG_JAVA_SAMPLES=y
-# CONFIG_PERL_SAMPLES is not set
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-# CONFIG_BIGINT_BARRETT is not set
-# CONFIG_BIGINT_CRT is not set
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-# CONFIG_BIGINT_SLIDING_WINDOW is not set
-# CONFIG_BIGINT_SQUARE is not set
-# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/.config.tmp b/config/.config.tmp
deleted file mode 100644
index eae93ecacb..0000000000
--- a/config/.config.tmp
+++ /dev/null
@@ -1,11 +0,0 @@
-deps_config := \
-	ssl/BigIntConfig.in \
-	samples/Config.in \
-	bindings/Config.in \
-	httpd/Config.in \
-	ssl/Config.in \
-	config/Config.in
-
-.config include/config.h: $(deps_config)
-
-$(deps_config):
diff --git a/config/awhttpd.back.aip b/config/awhttpd.back.aip
deleted file mode 100644
index 7c754f1db4..0000000000
--- a/config/awhttpd.back.aip
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.0" modules="freeware" RootPath="." Language="en">
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
-    <ROW Property="ALLUSERS" Value="2"/>
-    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
-    <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
-    <ROW Property="ARPURLINFOABOUT" Value="http://www.leroc.com.au/axTLS"/>
-    <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
-    <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
-    <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{C78C84DF-8FBA-49BD-AC4B-BEEE0A3411C6} "/>
-    <ROW Property="ProductLanguage" Value="1033"/>
-    <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.0.0"/>
-    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
-    <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
-    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
-    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
-    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
-    <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
-    <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="awhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="awhttpd.exe" FullKeyPath="APPDIR\awhttpd.exe"/>
-    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
-    <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
-    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
-    <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
-    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
-    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
-    <ROW Component="crypto_2600des.gif" ComponentId="{7C3C3A24-4053-4A9D-B040-FA671C2FA638}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
-    <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico"/>
-    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
-    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\awhttpd.exe" SelfReg="false" Sequence="1"/>
-    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
-    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.exe" SelfReg="false" Sequence="3"/>
-    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
-    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.dll" SelfReg="false" Sequence="5"/>
-    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.jar" SelfReg="false" Sequence="6"/>
-    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.lib" SelfReg="false" Sequence="7"/>
-    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.static.lib" SelfReg="false" Sequence="8"/>
-    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtlsj.dll" SelfReg="false" Sequence="9"/>
-    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="10"/>
-    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="11"/>
-    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="12"/>
-    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="13"/>
-    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="15"/>
-    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="16"/>
-    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="17"/>
-    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\favicon.ico" SelfReg="false" Sequence="19"/>
-    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\index.html" SelfReg="false" Sequence="20"/>
-    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="18"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
-    <ROW Path="&lt;ui.ail&gt;"/>
-    <ROW Path="&lt;ui_en.ail&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
-    <ROW Fragment="FolderDlg.aip" Path="&lt;FolderDlg.aip&gt;"/>
-    <ROW Fragment="StaticUIStrings.aip" Path="&lt;StaticUIStrings.aip&gt;"/>
-    <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
-    <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
-    <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
-    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
-    <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
-    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="3"/>
-    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
-    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="2"/>
-    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
-    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
-    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
-    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
-    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
-    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
-    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
-    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
-    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
-    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
-    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
-    <ROW Action="AI_STORE_LOCATION" Condition="Not Installed" Sequence="1545"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1300"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
-    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
-    <ATTRIBUTE name="Compress" value="1"/>
-    <ATTRIBUTE name="FirstMediaSize" value="0"/>
-    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
-    <ATTRIBUTE name="InstallationType" value="0"/>
-    <ATTRIBUTE name="MediaSize" value="0"/>
-    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
-    <ATTRIBUTE name="Package" value="1"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
-    <ROW Shortcut="awhttpd.exe" Directory_="SHORTCUTDIR" Name="awhttpd" Component_="awhttpd.exe" Target="[#awhttpd.exe]" Description="awhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-    <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-    <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
-    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
-    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
-  </COMPONENT>
-</DOCUMENT>
diff --git a/config/awhttpd.msi b/config/awhttpd.msi
deleted file mode 100755
index 278f1046685a463327df1ed30cc988e920c6fa67..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 681472
zcmeFa2Y4LS756<e8o)GTdNZ&XZ~<#kaYYoXB7qy0Y}4(Pw6YgVTCpox7RIn(z@{40
zA($FMHGvdrsG+w20YZQfdM}31o8I5KWp-8t3?bk9eb4jF=)W^_@45ZnbI(1u=*hor
z_{ya>ZuP3u<J!~7bAISv+gUSYzAo>s{T}2%;W$3{p}V`=8Xw6^6PN?$f&@4W%md9}
z9~^uMaPt3O|1Zda?}>v)xkx!Tf;B(|SPKjQYlAAvOUiydus#?FHULxsXG5?N*cfaA
zHU*o3&A}F6ORyE#8Vm;8fNjBcAOf}rL%<GTN3atZ3WkB<U<BA1>;guDd=Le@f&x$o
zia;?K1xAB0U@RC1#)I8J3D_O%0rmuYfeD}#l!0>404hNh*c()X8n6%87fb~8U^18j
zrh@&zG*Aobz;rMJ%mn*`1HggcAaF1^1RM%xf!QDir2WKs?npj&@*Kfa%B4TFLX!k-
z;Bb%vY0wTjz<jU(+<`w`JdXei!6G1j9>w!$kO9;1DT&JnDR1SOQZBGq&1*Ai3|^{B
z>dbM2q?S0&-Rf6mrGDeLEjoAR<rh5Q5-sO$NdVUx<Xnf-!W~m#*AR;)Vw6%Q?eLEz
zCjDQ-9WMx9BGEr()<(+ZC0Bn>s6KkH#?oEO#z<lRf@?j;bES>w99X^ZrH)8lk!wQr
zUVC*`Hdh?B=N~F|{RMFtMEH`QKPUXJaIk6%6?``Qk~b=M{AJ+>VXtofuS3vzpV;ub
z_j;rJgVHxDud68hW#PMdKQsN4pl=h#!Zo4#k<x<l8%s*chE|O&8(cQ3YHr0)VF;^v
zZ9)DEPaFVNH~qq6gm=kh!ryD7y@pqgE4#6D_|MFPO$c9js_^gC4PWY>O`<dd4@e$L
zJz4{ZUt#_)<@Mk2{|N5;;{U?;w#QDMJDBHAJck0||6<-B{};P3|CevUf5ZPP2vhjI
z_+$CMyodR})E&$Jh4)`h1`0nH{x7ta_shGWFaCc6ZY=+Az@79dLMwfMJm;9_T%HMV
z7?=l|f$;eL_`kTd{9pPJ=>vrSpALloi)<!+K$!opNon`Ix1)F7j-FWV{2q59J#HaA
zuH2)8dpG*n@LhonVei?F+>5x6?{%Nz==)0NO6NxI`?>#R?$;f;-|OdI<@CPuTz#+O
zX75d0eHXb!?ih1Va3{ENbvL<kC(WI5?R|`!y{~n{_g8NArr~(&^|}Xp_MYMOeK&bM
z?@rI&$9TE-iQb9cDLJ>B@iKWCKeI+=&CFVv0hzTk>twW9_%~}GHqE-tzG+{=-&q%7
zQyrEyk!KhZBW-6X!tq--v!1cd#w#0d>r&fU_ttmobJ+JVjm`^eBB6%g*UI@4n_OGT
zzpP32Et|J}$307#eaq%#u9@eo0Y4ppEWHkVbUkF~fyliBk$Ja=&yApkUEy5H_vJ{n
zE8s5LRR4}fGOa<38cF*qN7}4Is+<AM2-?>Zih7vy6z!`O?y$&N?3_#+^PMx0!%ufk
zgKjV_Y$QIO%gF6&MWLUsLOU2KQ2L**E1#&ks`RVM;lH2{lKv02)4e5pMV>r<@)CJD
zB>$9rT0XAgM(GrP!G-+wv*iy7<{|0ixQ3PARDR6fLrZu1nf<PIEn_0j9m0q7p{twz
z7HC%_q=$9L|5GYfRirBBR*d~cF&Ie51Mz1Au)5*Lpq0Kvt_juamya%ct1?x&`!5aO
zmHt}7mP>j16F-gEZ)<2KRBurBM&*La;Uz^Cf2=4h`=s*cN#dK4{s?|;3RXA#CTMpA
za!sf{sdQ|4s$!e6Z+}q@B>&w(_#>m9)eT?D|F_5ha!L7rQu*hK-<OOh?b__;{EGa)
z1`aj`s~f(I2agm-TtWW-qSDv(U&i&DgVhaxIkb{zauI&{u4VfDm;4SO{ZSlB*mA9o
zA6r2*H^~2&%2Jg#!~IsrWp5hcKO(D&eqwdQ7k**0dqVYkRbNyVRp?sS+y9?3k@8mw
zH$Oi`FZNTxY<c0DP(7{Ui^@03fBy?dKwFvccg3&OP5*FcZwm6?g#QaiK(zm#o&GAq
zzYNGVq57iTe`(tn_v;Y;hCF3By}Ica-t!QUYeMw_m7iA3tsE-@j$d#||FaS9wgamh
zzLeEFCalS^mUvyPzByjgnr@FZH^&<zrIRZn!zWLvi%hGmoj$2@MAl$xDxQuv#~a$?
zjbYQ$y7KA~bzN=o@?>*IOY5u|vF1c$tUZxzo!rsfES^tFv|`v1pA=i5p8LkTRG>Vy
zoAOwDd`>deRU2=wh^HG;i8kfDrZL{yo@h$MQxeZevMJIo-r0`^72W|QlS?MdoEvYS
z8&5^}iD=_UA{}Wp;U7Q*5-lAqk@*sf2<c3A#v6%EZ^No&D$<lp#S?Q{BlF^2BO^92
z6>_9K8R?vxXqX!zfw4$SN4h=IoM@e=Q<1d|`9O49TgkI@U3@`%3EsEF+R4C@x_C=l
zGs!L~PqsEDB)KJfcO)81rpDUmmduE!(qb|();gynHYZ+^&54q-L~AV7RWiM;EuJcm
zrQ;<NNsNB0N;Jn?$tmSYx}>zVOZhf4(cD-bOEm`8)8ccK1^J(iP&tW7w$vs&QVn>J
zO5%NcS4nxSKG7O)FR7iIOtm+3w3keuHnFxnm1vz4X)uK*38UbocvSwTDTP>jB$kRt
z@S`Om$qkjN(CH#7ZIEP(^NGm@D$NnpzQ%0vM;a4pvZxEwL~Eoim7GKUOJf>qPR@zM
zS{ozs?3^2Kjl`5sQsnUkabijIqS|*`e1?MZtB;#N>f?=3TMAQDg^M-grHu(?NKr-F
zO*ut6(nJLJ#@u+Q>Om^rkW4kE#mYuH(%7Lg$&i_7C0nDVjV+1RN)^j^ZT#?#cxyvY
zp|g=pw9Ze?i;s-N6RKL1eyQ2<);SbLgiz#bE?Lk_ov)ZUF&b2&AR+MuZIWGNu&J@>
zd5JbD8tT8vt)@s^3XEdJJW1BIRmGaq@n{Y0OhU{0knU=2k1de=C1TRNM~36mnP_e%
zpD5~9{2Cca#oIeltx`o2@pM_Nu~dauL5qn7Deh>gSIw0iZj5WU5(|P&Q_)CbBi1Ba
zx3+Ao)2d$SV$_*RDMlg_<FWbiNPTmxb)F<8-O;8}Z;~3V%qGPqS(RlFbR^M)AM@kQ
z5~hS!6_1gKxMnz#aC~hb$LGYO#%h*%PK!6iQ&NgT5(^x{xl&!?TaHgr70BdxXGC*S
zDIOiJ#F|Fb(}6@RDBRrgs+%^wQdg(xH8x*M8|Sz8s9a(cBB+^FQ<E-jYimx>ehGe3
ztgVfrs$9?>Z<X2-yeM`{PISiWBaO+1juuiRNu>R>;6^uwSVVJcX`T&Kw`3|>)f}6X
zRzIpeKx%_h?xb4O$LGf8C!noWtR7~g-3o&ePy*D8R9woCP))s1wAp}^@9lFb8i|gy
zc(`VLTK&M3=f!u6>|I$ma_W@Yx{-C$O3N!pR#%o*jGQ{XE*g!_jMtZDBUY+11+&^j
zd%TV`^BR$NNpGjHdlgRKNoh{D&Phkb6^u;hVI)RQG$d#YjW}-?=e8!LlAY0MH2Xvf
zJNSj|XefBX3fDZ<LynB3+u{w0rY^}gv2C*TGAYbf`dP&f61w}A>Z6;Eup*%^pIBQ{
z5ow~y)4iJF6V|TEKGqE5XlYBflF74zw;zvQKo;pcf(_O~RX(QqCJj%ZeYDZPX{HUM
z6?vn5ZYtR^XKqCLfOcdE6QAg$nn{(j<R@Thw1al?IFbm&0@zSj8x^^^xhpb+*Z8iQ
zI}hoz1cLIR!p*5^oTVRu_xiIBm#SMaMH_H1U9eP8%15;e$?cXny;CI7LYJK`F(sjd
zg!WXdVIDoE>P)pobZQDh3Pp(-t;yE>Y~Rxk^KTug<qJ9?DquFvQpUz37+)3T+|eqT
zF5F(~6zwN1?3q|2IW^OH!nNnLQq>xxrR{Xx^&K$$8nSW@EVh9>jUgRLt4y><nxye&
zTb>w;hY@5J<1jKjsL_qo%oh4g)$0qph{uSjc+-|lE0IRx+J+#|O6H{F=@G;>sPHMn
zHzkaq)QLAOUm}%CHtTjT;YWolNLMaTk#OW0kr&-9OKmqzKvitAF4iTSD#%i@s!sEY
zE}Ld5<B+t7HOiwSr5&rcAw)R=A0vobWD<cSu1SI<J@sAEUk+E~G+N2U5m76sO-vvW
zLTs~!4oL}ck(x#dg<@)n<)`ChiQ*0L_7-wP5>2~pjSB}89&8?wv=+1^b@R22E#Q(!
zq)c^oV%O2y!&Y%4l{-X5>Lom!0*RM42%ilxXw&H!&SR)546~QC*z{Dyn_?Z!?GbCI
z`a|+J9Z$_CPW7-Bg0XBfIxU%OuYkoVu2Y9i3IiBIv-Ik@ajF#`QV6w;RD^VOGTp8s
zF5+FADjPag-V<$_NzX{6+B;&+Ii3^mNSHSZ(^f*d#A&{EfLvyxL$y#WTX#{pInaw(
z#AJzo+uW|S@EOg%NI@^ko)HVRZj}IA9K9S)Z%rTth8wt)X*Rkvo)qJdwk)@ZMv&0p
zq((;9xlb!sLGWyhHz6h>qtOyg`!-F9@sLh|De)kbs3~CbRg#Mjs<_h~_4$fnceF~$
z>83m^t^9~Ws|$G6RMo_D1R=?K6?17aiW%tvRFCe=2Bdw?raBrag$s#PZ32~!B1wV}
zo0{OCn)}8gGQu<zS+0eQs4JYQX|{80PsQU=sYbP>Q)_76h@JXZlB}9{AaV#(k|Zcn
zv4a+Yp{7yBXd=(frvaC?*V3!P>noa@YdcbODi}&P)-07e(GZ^&Z%MWz<x35pEL_Wu
z{-$-bmMRuZw}4;q>9ix`hP;H5;6zBPjmJ_AbLp7WU`(PJ6nak)BZj~-2l*SJHF%j7
zyp=HIQypwFRZ`QMu&)&<`z9RNyh|{F!&$l6+Mz3}%B-{vPd89<y*aH#7%FhU=2h{B
zJRBK`WaBb2l8wwr)eD$7C@-Y|f*5K^JROyM6c%DLVq^qaKb~q}BrLKrGPJH}u%zY~
zJ)>v^s4vaQ7&SOLLlgjJ{HnVxX>8UnI*G{)0#ZtGAg&nuwRc6!%0%*@Lz0{kDZ{cb
z(@zQ8Zdcr)AxVu@qaaJ7A{S|nH%U`WwPx90eUdgM)l3=@y#$?$sjk-7Qp^AC$Wz7#
zk|%W6?F@n$av=<v22T5sewo~kDI;PV8BTt{7pXldkwr%Yc_*IOP;|GbScj5SVCtrj
z1OMt7-_<8kAdHM4J0N_tN~J&$rO%?tHmUJXI~~6vi<U-;i}FPd=#&Pmx^&&{84s!y
z1mc7dIB430t9ZC>=!#?5D3)1|X9aJSh}x-E@&MsU7=xrJu+&v$q~?bvQ?rq)rfSY@
z*S|K)f4VScCK}u4s-M+&vww9ml{i8KtY)(NSF9OQ4^@egI0{2}2$}^-k|D6oD-rv$
z3KXM_kZhtpXhlj3vVaJxQUl{KA!Nr?vW2X~rSZ}>HgOmD94&2CL!F-aZwI<+T+l~s
zkhMBR%t2PCVya;5Xoe8$<I)%mt436vA{qdUN{ukd@ZLyUs{12G2u`@m5umb>B*Rl8
zoQrZzc)3UsR`G$`E?Nsche$9gR)$MaMzm1Ve+K=k)>cI)A|NVTqo5>4ss(D56_Pzl
zDdd850u^O2PDAQyi58R;mK2qYDj8ieres{n_>w{l#*`F}Eh!vVQdCe<gl$nt(WsK5
z(IrJ=N{Wk0ii=B%N0k)wKDMNIT*)Z@#+QsPC>dQ;GP<~A^eCIvK|4x^#SP0Z%$T7|
zWQCY;sE+0s+D$Wp)ZJ^S7Y{Uwb)o7dB_DM36q-oq<RlqK>ugHQp}Pshzv(s7ZOceT
z6t8Ajpz;}+T{1;Ht7ilZtA>%ZQ)eY8+dVfc{R;tT;mvgawww&pqw-iCG=a7Da7=qB
z&?QUNS3we2DFW4>FhrV<Od?W*Z5q+KL_1=>8U=*MmTJ7+Pia<Ywd7<pBB?|}NMA))
zl+_WU4?;Pj2JaA=mZ(R5)RaJpq(!G-3@YqQ8g*8tQ8JLJo@wd(RQG1vfTg1$v?5{K
ztda2_YEjAWa5f4FC6{evT7DAQTgKjj+@vZkA~~Z|Bb`dTY;{uYNlH=?C{1`&lzUQ^
z9j)}ITEm@VFY<kj42wmePM4ye(c>h>F^%!&1WID6kw}`-KTrh%K}@B=Sg1}StwbVW
zR`k!3zyt~d#&BpsYc<nRev=^`X$A_^msk**>F1>vQbSd=cFjpCGSk(i5AP7Ib-fJM
z<5ZG^4vDB?;4DcRDTt#24b(I;95iK7r$&}C86drwa7R%>tNJIBQnb8$s+Q!+=f)f6
zl_eL@N+?QFY(;q80k$VFGrgHA0|{4)DP}0xQ|eP0AS|Z587mQ<daKcGMkx|aNdC^D
z1hf_?G`No{8FyAt9p$q^i3&zXP*FZ*5_zBtnNCNQLMT$I3)hOp$Z!+qy{FeyjEI(|
z<|q|n(rVgc#z1+YVy*?{bX4iAB<Wgtr8~JP6DzG6OSIk6ScRn3wn8OjtEh@pq|;0#
zK(I!ji;7p}b^Fg+z{OCfrj?v;sMZQ};myTClI@5jp-8Nf9m#NtbX+#}yyC-rngl~r
zrJ<Dw?O{ThIHkOF;;h=rX)`LPiQ*xvqe?c%i;JR-&CNqZyc~k&GGV@}s3;IJN0y!!
zM8@Qx2tuX+dgi@Ufa-nAr>X8#<<|(2i4=cmVZ@$jqngrwL|l^D5lUS#hc2yLqP}L^
zA0jg>E8dcz!%Mb~R6H}t-;R2`O$XiPoH(*9Jfm^9NWsX$kwxfKYl!A7`3a&=DTKxW
zreX_4Ke|H#rbbD_3RNkiZlWwz@}iNMrswWV$<$ISJV!ch$p}hThOH_D$pm?+k!Bmj
zNQIzUGU_*_1T<~}3T^yj5h#^frl;%>?3gyC{Ykf?7?<j<Z0Dm2MRapY!>XkoBo5sv
zP;&x*auxfMlwozLj`%R`yBY6?JW~Ca@E1MESAq6q?lKQE2caExVA{&8!(`~1Y&HJ&
zkx1#*tpZk$UJWyoww_c?ccf^l#KS}?T}ky=eaR#6+H^`;<#SDAFxU}pVMidU#!&Eq
z!;w}GrYon_u0;ctwe(Y}{|w12l20~7J=(!b1YFxY(2&*eT8q@3bLkNb)1`c*-I+0q
za-ljYwDJta%-o#OeZeX<kGE1L?b}q{kUoXcsdS&odhwSUU?lDw8B5|D-8Zi0ZiOqz
z*j<=)SILx$vU2HZ^(1Yjo*R_f5>gKJ)kBSxA-D3v4vmOhu4g%28LUhc6DqADV>2-<
zVxF36mEeN%P`YKiazK{}<W>rj*)`FPs|d<W4l)silk0;h_b6vQXQ*ir1H>rN9#)Y@
zvorDd7jTNG7E@%X9FMiwQHMw_nuZAy6!NW+sg;r8QDg*RyV1)1S=PXd@@06mrhLi>
z=`oO75b}Sl3l-*odd7-EEKG<7jN?~kcA5|U9Bx-fzSs!X1XCnY%z}9a-TNzXMln;>
zR$3#WzLm1=F>aFLGLg{_qwZ6|DaBu(q1K>_v5ZdjIK~qKkX0f`O4K4Ha?(GmX=-81
zZE=3!rEO$1xhx!_K8e62f!U#zlGCXlB5N_hJxAJ+;uKU15rrbQNQ{t7jntY*N?a1d
z2bxP84{Tc!c+)yZ$5M|1bdy)|c1*u3F$~SdPY7;!rz26y2uMPcFMJ3|cFI>0sF{w=
z2b!A9dh5oa2*{oKWPNgh8Y2CK3>XAjtCr_j0iBg8sQ#t5w3?$(w;Du1WgR}~1gc?o
z?=g2yo0f@wJ(yGDWyR2R%ynXoG%ekP$l}qprS#0;ot`VHhAPYe<A*9m*lb#@+L({1
zoYg~?M(UHuOUTnY`Ko^nX6(sl9i|awy9^a6i76RED@am&HCjcrnhsLB5{Z!(&_zz5
zR|sh+e|43o;jNOi=8kk#NGMv}IWU|~#c7uD%8CY&7JFHQh52&2FQc{8nIQv9<XhGA
zgv+0nB&(QgJ0c6E=fi0((+v#Oct?5JpUO}#()n?Hp{7YAo9n=4O|~+<QSnmpNt%$J
zq!fiFG6>%h)jqUqDLSGnu{SBxt(CIXV{O}}Oxy`g%3A2t$o9Gl3hUQGO-iei8oC;g
znzpY{D~)F9M`a%xM{Q&KRGY^VMH9Q~cypVCH<zb$Q8X3PJqDtIQG}>yS>B@sEoSFY
zr~E3K)F3*d`m|ZnztYo?uco@wP)|0c7D~P?*zy=%e>0LcHBXlhIwVZ8)vOv(Uib*B
zzha_ar_5P3GEcD<UFd40u6t}#4Rp97g2;Lbc!UzdlaaQLG<tBEzro66uZ@Y3_QO%3
zL8!SdQ$wN=8y6#z{4D>g5Q<sC7)q$F+e8Mf#$3~vG%>@<P|B)kvI%KGh+#|>tu7}m
zO8ps9AqSJ{rkgO%$c<Q}AiuDnfVDVeLKGEP3tW>{A+rv2s3Rj{sm)TV24HAw0m{s{
ztTh;25NS|>(#NTKXvUtp6A#v(w2QvX@NJ{if^8W6l(wu#$(R#GCJa02+*$cDBS=>;
zW%9FA)t+qYnW*|C%ET5iwE_1|m8k(d^w7=Jgc7uQB5;>fDivi(HA8w??AR&I7R@eQ
zN28VKb#K)kV{JyjimZqeRAm{+Ak#AN5~KcxiB>d%8>rE%R(S>vbR*G9c+pUIu#5vH
z4Fj2j3R)I&h`bt%t&Q|kp;tz#el2(QLsu20H-V4N>eIE!puV^n@lw5kA*mEC>aUbe
z(UvKtY@ewV{jOf8V#gF(L!ZV?iov&X+J|&yBOHPANXDs_pjHQxb4Hp_qKER9R>@l4
zBr{nE^rl(roEA2cqdZpu_MQ7boqv@o-$+v+oNKm_tqj6D!xM}uI76gsfz-YTt6~{S
z1^k0V$nqB$1~o?78sjIE16di|uF+@`4i#zdWW6VaiYhc(u9!}hTAUFUP6Ab@2rgQK
zp{iDRR3>X$Oyvw$$iQijVR%$8GA>nG2x(zfy#zm$7Hn#~WP$k1g2c2QFEf}>3zGv0
zPOKYsX0b|^l(0lXcbj@jF*lO7Yu5hLHe|4;bi>RY$5P0Wt;ooFF|LsdJ6e_EgpsvO
z^^5!))x+-aI%!FQ79*`B7mRRCe1q|BV?0`i$}`UL%myXw!nYCn=`<;~k+2#W`k<)M
zy`8NDIr$RIg`0)l61u3yts_+r(p_ma2vTwpeOJutDNyZo)GKmX0MkjWvT6<!M?DoG
zeJ=vET`8jFCFM+(R7tf$b72+NN|WA0iGEPz5M5){$b-hmI${_iOiSYXzgt+K3xb6#
zZF<QLIZD=K)2h+{r_3%53dMztVxpvjfhcQ$Wr|7GT@Yop(xzS(q3Y40_EfSpoksJl
z2A(9bAgVJ@mx!!)(`w9Mi3A=o?}Rg1B0=_sn78RWgUFb4NXTj$O({soxv5gpX7JpY
zM2-@LpUzw9k3(gqqKZ^tMxafJ1w^!wii{&u)}gAR7F62=Q_r>Nq{E9=bm-N)YQbHY
zIoSGcsZDiP%3Iw}Hd?2R(f%BU7)!5Ze}QwAlN4*ZU9%`FXTq257&@%8%PkwGfRoKy
z%9r{cRBOc$RIbs-!(!B`L5f8dsHw0d6j8oeLJD~f8A$8Yiw$~2Pe?^&msPa{BWA<x
zd(Og&mRs?y%2t+yC0j*>EY(K^Xi6!bwW71r19YJYdN3K+oBESWi-j=GbWYX>Tsf5Q
zMmegNuuEY!WSM=hGBFc}LiQsu?0Z3*WPffP=f_x<BDz@<*-BPWrD{xnAD0j59@r)T
zXV1}>&W+1j9^Jxfl&j%PKa60_XG1EPj!x3+8kB`m>#0rzwy1X8^z=@(1!?O9*lg5)
zsdQBJ)@F5lp8`|=;+D3NbrQd*tCy?_`tOc<S#D4-<ECVG{cg{iV#$LA0m1_qanKs1
zju=saFD+5<0=rX-KC%kTka9@Rw3Nf_rB>1#hbp!nuQOB+C63Utb6nDQ*>%|HDa^v@
z?4)8S9DFe==GCg=B&&-WlkFqS@`j+A=IBgREw&3Fv_KN(FUmS_X_%=r&)TY~<tT&M
zGbCSq&wXh7Eaj~1t8v?>yCytTo~p(Rb61@!)1VSs)VRbe#8G8LA4O-6J{%pt>MRUt
zB%iLF?uQzw7FFP+iZTdg{>UC(2i!;noGXM#18u^gW}V`NTIL`xioZlzbtlebT}rW3
zB`a=dA(+_6bdP4^EwnXSjG6LDG|7~YI0<+VoYBn0{jZr#v}STmhzqJu$$HH*;e)1Y
zr;lf9kW>-P(0pl5HukaJUY5d4HC;-t8YO=95N46t=z=A$#WJg8q_L?r-SJ2^hKaPy
z=t#b0&Com=@uZe%5^|iq1%Y6kC9{^<m6F0&44X8iAWgluW>op1DG>41MgXJ)GEDa|
zeXB-=3+j?rwUDt9%%XEwrekD)!4ewgJ0-5UX%QbKg{E2zrzcf=EM?RoLp&B%u$*7S
zA?dHA93>tjY>IUW8oe<Ds#FzA;G^fNj2sWDWQ&8u#q4#^;<HM*sK1o}r)VS@N}eKp
z1**hgZ88raWMU~<M8i<qV0&z#GN##GR5eHyqNoY@Oz<*`c|g10N%DiN4D8HML6qdu
zjKgcz1DaX2b72XMKju`IPQpZCqFUq%tJbOpGk>M}RXb5)7ayr!fSy8AvYH}6nTU94
z`gOe|AXd+En(&S}-KvzP*KVGZWXbk3DNH>gm-JX~uxwzbgUt6uWdp(LEO?;+Bwx^Y
z{+IJ6GUFiACcp9=hN|zT)&0~QhNO8$BHsD`++>j?dOjhV*-$mX7ZxPdM5nGdS*2Z|
zf)-mn&NEB8LQGRyMst$wNR6zs&Q4dGS=TzLXEJ9xZ>ntnRNGC{0h=tTqKyZ$*E!n*
zVsK8;?CX9@qFRw`VPL6$H9L?hrDQWL-ZNchLr_B&y<imSCK?%@UFv1W1S2F;Q|b?c
zqxRzE!DKiANECG}vMI>EMf8ptB+K+X7V=cds92;TnT*&YQZ#1VsN&J1MvsXM-@9^h
z<+PgeS*6S{?-40jfWlQ>Bc`L95vT?qPJ%8C75zTrKS{Qd31hP<g2AI!w%v^gs;ZYZ
zg1FsUCY%$AgMy5=%M>hgtZGD0#0{lT1XKD(-Jtia!FZJTZ+4Q=wpmNAz0#xKY?Y$F
zv3t-^pw6pl%;{Wh??f7dUMaLrQssq~+{7_`F3arYO_lp@iaF;@_M*1Yi#6JqL6Mb$
zCfd|xDHf&bu-XRIYY{NnhOf#mQ;F1qNUF2AinPY#Xj^n4z_(by&j?^*EZuH*(yEFP
z=!En@L`R%5VX>VV;Y%e|6Ada0qcdc3J3cXn+Cj>W(+`;C2!!%ro_f9_i%v>5b~I<V
zJf?$QK#Bi)g$SiUOA+-Xq{c;{D=<oI!m-=TDpVXbb!52N1*bPI>vg&*W(J6K%LwCF
zO@)qy4boOHIJj2&F&x$tB)#^uQK3w<(B`Wtd{f18A{!beM26R@Ik2c+5~u^t3d1HM
zDYZS;#siIuk(Et^Cz`a{r_^g5AYHg@tnI_4T_03a5sH8~)Gnw|Cd!u3dTyVrNiu2c
z&xOf?9yt+Eqpy}6GHE~u$aF5>J)&dMp*VBg(%49fh9KBzs3Y{#^eQBjZ@p5kyqD#R
zCgqmUrr16u-Tl$Zc^*1l!C4yFiqNkk4g)ccU}x%7j{Y4@O3qg!D_EIoWkIb};v5RF
zA$H005LNMw2x3@cimYo%A_0rW*D9ASqsW=Z35`i@kXk!4nXXB);J?x~37?Th9M&}j
z;{_FhW<)s}CiaeS+5>tYVc3ya6Vf*#lBAm?2@jNc@ix|#zyZk~HM^nNbT}C0*e2Qd
zPfXMlx?<;MN;0Is3$b!y4X4-pff$zt+6+-EqrA3T3W6-ti_P`=n{-Xi7^TNNV&KGV
zMrRa7MGTEJTbhzG)YLlnUs3aC%fci$C<Yyn6oxHwDX~zt3{Q_R{YCHmmuV)1D5V+~
zXTx?LCgn41uVJ$Orm=z9K=e}SL@8UeTk4y;>@(Xnq@}+J4<33+EviFOy{60-ghrm>
zHP;deQO!uVL}#g{E~wiQs7&?f_5NZxr#V?q-3r;M2uzB#CYqG0H9NaVm#eF9HU_y7
zXfcj-O%>lI4~*Ac;dD#Z)?ue=o>U;qRmC7*4^?IJwLVHE?2B@ugm6psvmKNF6*MU{
zFy*peuSxBBkXKn!$)et@p(;zs#(Hu|<t39Rve1ksm!<0MS*cyP8Z;Cw_enz7_L7Z2
z(1HJiP#hVq^g&7%w4+C4H#QYAMvFI&=pBVw;d(>4Wy1_5+IpquA%nU7-bt*ErPcOl
zhH^B{Mp?kXl#0p}y;V%~9x6*!{sg;EdkfwY6?Hg*s=>rcDwB90;x<1+xg{*oj9*}g
z60I3%las8f(360ATpI{pwmuo!s0x_sS7={~>`SqI8ATkKa%q@bt+dT){pe%0Df3F4
zdZ2aEW(SaJeae{1YR<xn($%v<l>!f?SQhx0-Ije<nW(JNEwzU)%uvTyiSJ^pr*u#w
zSZm9;`n0T&`JdD*wdz;B=2X3~6C}<om98pv(ioIvO?ROe+{rS8>^M!$E}^K;QLE*I
zAlfcXrPxG{9jwA0mlAaFI=-R2>fw1*MgnRJqB<-?wNmZBVq~?PLDZ%@BG_Cid`3?w
zCJetA)v_#DB^WlKdx4)$E~KV!$gao!nQ;wyp~{09E_?7<PUe_Qqf@um!RZ!iJBNt7
zn#PQ4mGBdOH*JEQ8hbEB!rCah*}^?!RD@y|-UPdCkJd-ob4jhzInZyF%f`CDde;|4
zHj`%Mq)k`5kPBP)Fwzmx^-t*PWaNU@Et&es;$ii=A<YR*3O;M4s$u^%Bt#h0l57-y
zURh`TQXD16aWKSG>`b<-sx|Yv$JOI<mT#}lc`{bsGJ=TIi++xD(JU+A8{y5PJz5zO
zk2;A4o)cbel$8Wl<B%Ga=I}`>I(Uk@&!bcVJ~^vK_fN9QUe37*M?iYifROH5Eh#r6
zv>uFG*B~b7VbfFD*hgNfo~UO}DGG=hS+r&S3iVg0k<pr>agk{_f>tVoP(F*9PF0%@
zK?f(>S`2$ntATGs?QRJ+H|miposx1Jo!WtvmYy4E0m5m{3SssDD5ZLnRak1kt2|cH
zdf>Z`YQRvD-nBSyM*}i8Mbv|hn=LH#Rp>}ioHTYcw98gNX|{G9i71?iol-1^bli4<
z5nEiP8LJquxKkEgg}Az^+p)-gXmMnbRby5s9<^qiJ3>bAr_@}KD9I;S;}m2{wuqo5
zAnQKlCx`8bI#YWmMPq5SG={!OHtuD8q-Ytqv`44K8WYJfwK2I4S9F)Z;;9ZP@!T#)
zRo<JO;^7sQWLeIBh8#z$qfX9o5a`nNB3SCf&)$VFhqJlbl-NC&<`-H!oZY_NDJLUX
zIo>R{mGrTv`d2;tASY=m1C=yn>VMD5rnChnHj&(I5!zG+W<O_Rgi6vcT*hq`&f<rb
zp4gtG$1yVSQTfZvnyvZjuq5fMMAB>T<tCVoO{M0^5Lr3T_4a=~6Wb#+(g%B0BZdB>
z9fb;|yma8Dt2u$08;mfAUw8ge&pr@kJ^K-i%Kle7KtxX?<*BCINlk&)*W@Ns1Z<Y$
zNLmBsgx*@0J<i8!zsQbkzeom)W<vVraL=K9V*n?eO~CUEqt;Uyx}#{4F_qRsDXkfb
zrI|erj<o{}Nkbpx*80EFl}UrJIvTwm%kq{!Lafo#wUZc}npdOw>#<Wc(V`lP&LFe+
zfde_DJ^sw452~^0rmORc?bEE_R2`086hX-bdSBIn>GiHsXo&=S&l5Txb+I|&ateC*
zP$8+_He7%WRx95}0jijwQ?~h)o&Hym&aNm>S&aA<ESJz}P*pQD^`~P=t7URArPeO|
zavt?RO=xcWp&2l;nNR<oZa1$qCA-F&#r!RtyrdLQX@oVV{`*ob>#{Z4WJ=d~r1g;I
zW8d8MeygV{4MmPhB8Phz6Jd=UYsb`-jutUU>4ZoOWy2COQMUM{F4>K@devHUmyM+!
zIsHPvB-{>GU|9W5I(OYQD>j;&s1tn_sIVTRTguT;nrRA^L*a=xU2tkcgOrvu#|EBK
zfvuGmk%RfKT1u9K)yg&F$}$`&am=HUT}MU^mbKv=w5XOg=**OvO>=VbG&M&=UN$AO
zBZ@xSUY%-tTAmHFN!EvO0%4nNWG3J;H1lc&%5Es*b-D1yJTSAtwc=tVA4TdT*(UGf
zc&|{bV`PK{lh%pM9OpREU&f7mXh-%mjdbu52n#`0AoieQmBs7G_XizyNOWc_!CDNx
zrIOUksz5k7A_fblu<Gf9n9G7$mP1PlOxBy!$zW4yUu+pjpI}HrnheP%8=-7e@i@V%
z@eUU7!-iOrh&ZIe=#i_OdWc*{S>a%2f}@IAAYi8hQD;w4u{YjJCq|>t(}j8+Jtrzl
z#F-!IkrTQ*mF+@mU_##TM|+Xe#w9(KcCTL_iBro;P5rBts3+Rhkpp_cDoxeI$1JZQ
z<|+~sIe%`7oG!JuNYqnFmYj_y$<t?~=~idmO0<Z!K5DgA5+N}eQLAft9SbZ4J#s6c
zn~pa!{g714AGDH=cu2Fh0mRaZT6|H5A8}lbw7yp9e9bVL4LRz>cgcK4b9QT*kcD(n
z*-B%`S5NfJVGmiZrdN9CDLv`Q<UmC&ok;ZxVx;1N{jRpl>pRf?*b&N1U3b;87$sIn
za|j2adQ4@l4hvb$R8|BVjkRQ%lgdDtlXhno2nH!qk)Zm9b2+f2{Mk2>9n$t*?V_at
z+}phtQfOLMR;xdVzdCwVv9oYGIb03iM;0eliWT2%ZOm6|;s{lp*khIF*#d}GC)<&l
zr7Fx-Z@u$J_B+fqbBpH4(|j2ls9ifYx5WSkAQ57<V7^{SCQ2dQK*gM{LvPE{Cled$
zxr{|a<k3hiJNC+38d=U-GFGBR-gW9;fJSbE3s01p4T(Za-VnNUG)k_M^TgHJ!J_Yu
z&YVY~S~h@cge5$*cQsNI7vW_%G-S15H7Mw4FrbiN!fi{6+mvT`SIv(fNGzW8H)5f`
zL^#ujrN^w!NmVLQD5!avVCg_wJZd(pC_=MIRt=;g$AmuGA2nImV*XEtZFQpQ3AltM
z7X6<1Yl+k5)Z})|bZYT&hMwpT)4@Q)D@U|<uz4G{St9TwVJBLHunlpqu=)2N;h+s!
zUqOp%xwgG4`#(k`{%JALL&Ubw1`ow2X>+PfOlhh@mUhU#g+`e%GZnTSf2Ec2t@Vf^
zl8U$Xp9++7<Wh=r(c}<nTBJIg+t6AO2+gE0bv=YMY7gW6w7tuumUDnfWcV~W6lia~
zskco2-HAHttRTN=^k~k3fpCw=w8$=zqS0e^-djHpE!w$kM6?QFSSos;QtT0YPW?q9
zQu9I4h?S>w{+MXlV*!XyiwJbZg_2I$o+txbNhEDUSD2i_%6hBRcgl|3)aw>VE3&9m
zZnAQC;jV>6L1w5uZ{z^6(t4^9%&f@{EuD8nLzQEQ3|~>}ONro(VuH+I9s%P~QiPOX
z&Yp5{o~4SaDuT?%Np`SISv6_b;^{&~@6NvjpmUv=sJ9s;1r(^T1A)_SWKiNJ=L)I)
z#KDZLJ*$yu!kd2jwEuRI3YrrfV24D7Bl>N#z9Pv=l3=TcE~`G{^P^oDYHD>dkK~3r
z(m<N4q)TOQIB?aQSRP}G$wW-q^=N$73bidfB*Fend(x8{H3xkJg3UOY)d)7SnYN-+
z)Dk<aPlv6vzDVI1<xo?qVFtpNopw}mpd`zTC4=%5Gf5Z`6qi&CGeID4ocYX}ECggd
z=}Zn!Ow`v@NE-Up$J>-nuMu7&q*}8s|NN#$rs&4RN@g>MAl;?v!GpPCEgOYa;ut5>
z+c>7EQ8DD~ERQY*;%zki(g5&W_4%Pg>18dkklNDI-M=~P$~cw5r*0|Ih{*H6Ts9?!
z?96}RnQA&tNiL+i6QzENYo#GkDkGV82s@UdZ<1q@8Q6+uOJ$acooN}0r>2yx_K2*~
zV<~C*Szog!+e)Hk$*4%NdR-%-3}M~wkf_PEa<oZeANthADSJufKk%sIWZQL8B+fax
z5j8yx-JN)1`$KX-NR6d!5ka<vvrNZMvPNVBGFKitU-g(NaAj((6e&XlbH1yoL_s_f
zttuX-)BC>?k9sxoQG+d&P&KzwuPav0LNZ!}-VY}G0N5!jA{cy`eS3<X8SbdKjV(Qr
zTOTksqg1yX$%wNo7dMiuWj%UPj})OHk#mPw#-w(VSXa_#W6r))S%ydFAn!H$>}|fP
z;C<SJ0bX;n`oB(Qe$kAPg@RRZ%G&x744>5z-gsjSW*GLayqOtqCK4Pg&%fo7z2f}i
z2I*fa7bI9Ft#+_6*Ve2?qEiw4&~89V$*Oamd6fa65SOc+{m8~@AeWYjQ9Z>--)NSE
z^_+7|8w1lX*-uk#Q2fyT;wg2MXbs1JT7ybkaA8CF=PluHiD6Bnm@F(Pt*ojlEkY_8
zUsakvs<>cO{<xx|vH4ZwD=P{r$CQmLEht?S>zv!(-qsl9IMs#YOAAZOMi-2gb53wD
zwxA-vw4k6Uzr12x(U_w0(oy3Jix+ivcFwA(nbyQV7h-ZY%Fn{F<HwYj6_k$8A5&B~
zDu2}I;==sW;^Kn*@nywhM->&6jU79F{G!-`_U3f-uvn^e>Qvk>tSqb?KW6OMQTb!b
zs>*RxHa@=$SNT=t1?6Lk3&$4~R#hzG9|_b}*3GJ!Tw4eCkbf(n-wKVzq|%znb-dfB
z5bJ-bhoOF%Jf+TRi{g!#R_<Rnt#a?k?t4atOim7ACyY#&@LvS92DVnzmAXi^9x|<U
zK}IW(HoRqWUCyR$78bUmV{FDF7U?S{Wb34?sxZ~h`e8OU(HivP?=;e+8r1SH+~l7e
zsD)=ewj8A=CFpJ1<EF}>SYXg@*LO;#o8H>itJ=wIylNlBN&YEGI7Cy&^qE(-hRNnd
zVx#SPR7WFeA@!gYvNX~Nbia|CAKEOm>$+CWpyN*Z7@Cbba>8a6r80f$-qT7eDtF&g
z3Pn??n44EMvNo>a4m4zD)wP{uuzs^;7`6@C<+Mq`0l`MQ%7g~1{nPR_y)_k|W520F
zx{B)GJ%$XCT2)&;Wm;YN^g60;=+#)(l}_W|U|}_@Zi;bS8*i7GnM$M-LALz)hZY=T
zsdTC7pxCly6Bt?cpkkNH5<*701hWP?Tq0|%iZ=Uc*+$lc!Z3^@YnD^ymV25~tEreN
z8$f%Pu`&({Nqyy(47JrPJk#qqY*V2dQvVlIx7)~+X`E)raNGPdOi@hIamkrhS=NnS
zAN2{`m?~6SF{x%UPbn?+K2`o{rZKSZ>KR**PB#n3V?woIZq_#$nOUiUzQLZyBFnQw
zLx1Vf%z81i5Jmr&8|e@eA-M>ph!&KdaD3-u=RJP2|1*3M{~7#4=Tm2u^Mm8M`u~Vu
z>U`&X<9r3}09XDqxjZ*;Z{_V={=2yEZ0>I57P+HbZ9d)|$$u*k{~z;3j{cA1_Sx<p
z@1E!`aTmKMyPLbaxaH2D+!5{{++pqw?)Ch4^Y7fr&NJ>0Zl33Q+Kr9hU}AQ(Gs`*9
zbqRNdw}Ss{UhZt=PVfdgv%LG92c4ML=rwu!IUQcoOM5Ne;odwi;dOcoy+vM^ceJ;}
zn}Lh{`M=pK<o~LB2fBluGre=YvoW9SEccdqk(H5^{;B?Qe|h%`@9fBmZtm)pkn<}h
zLst%6G2!Cwi*a&%^$MU&^>6n|c}`d{^wjE=)u(nZ^N*=su?cR3YUqmUQ@!Ky3xBFt
zbT7ltWkoBwG1a%fyy)Vhl|xT0!UeV`R<E2OA@lUEm~iTZi}B-Bu_;=)N!ZN_=i;Ij
zMc8Kj$y{87FGaYP5F}Rm*?ot&mw1zsD;(VD7z~9XoQ`aWCS<6+<4N_32)9ZbIY3H?
zhtT@Rc*i^E4_z@-{8q8GahY(jj#>Aql6T@Vv#k15@@7T%#kY93dv|zi=WUR;Vcy1h
zo91nv_io<%d8_h1$@@><XL(=deVzAh-uHRkdA;d2&%52*Jns&mZ~bQJKF|A5`S(%Y
zJ9+QreT;vf;@=l}U*&z1_g&r(dCuK#=DC?pX6La^#%Xgi&IF$O0LRNXgWSw{dpMbz
zDkqa)otIg;wUhaDQzvucNGG%7eop4lt(?qLl}=`hDlc>JMo#9j4soZi5Ar_9v+qCl
zJTLFOAE(RU=W5(;X5-A7nY@gb@iS{=*3PVxSvRvuW?*Km%!ZkbGV5j5&kV?HkQtQO
zjaG6fSljWOp*;D&#m*$2l!w$!ekuD?H=(9Vt=BcbdS!&N^_NS1_pYd3=`YVv-a}~@
z&|W-r<tBG*a!2<a{-xCCQwyCUXSB1MQ{l{Z7CFZ|r#M$SH#+}vUWd1=a`N1D+)dyQ
zW84XD+--7`ZpuBzz1IE8y~SI@AK(wpliT%ue=YwOYQx%jj-SU(Y4~emqH<E_hR#&=
z?q=k^)02B0(ozA|1ABq>!A!6g>72^bck-Macn-v56weu$xA9!ZU(X-t5ArwiH}N;~
zxA3>}2m9Ol+xgr3L;M~6q5g1xXMdz0^$YwWzt|t`kM+m<CH@}%Uj78X%&+jP{Azz6
zf1*FxpXyKZ>--u1{{Dgf!TzECY`@-b^qc%S{@VV!{`&p~{)Ya>{-*xs{+9mM{x*aW
zA&edTo%~_`2!9tp-`~|QB#cr17=N6<o4>oiC+RQs%l%4!Z@<Rh*PrB1@%Qs<{ptQp
z{{a6W{}6wcAM+dhIAKVcN?Ny(H1Uk^T$@~wG_Jw-BA)!ObY~7vpXaU0-gAz0u61s3
zF7__*F7+<=eoGVoop-(Wd+!GCM(+>aAH6?$fA((j9`+vb9`zpgp78$WJ?TB={oQ-U
zd)9l-`-k_u_fPKy??vw=?_b`_-oL$9yw|+fy*Io!y|=u#y?4BKz4yHLy$`*Qy;a^P
z-lyJwywAMPy)V2ky|28ly>Gm4z3;s5y&t@8FX12NH~X!m*>N7!C9cc5$L~YRPADET
zRF8R2d;Pn3HODVa_ks73GJVXme()c;bLb?{x&8;<Jio<n%sh7bXUDv=II{S-#g{C5
z==_(CUvT_c%MUwm+<6zC=bZo5@`KOV@yxr=7<fYaX-_Umo&Hc}i?gpf=cdJ{A9KTT
z&!2X{3EwQ6a6-j7e>&@#bB{c`?cC~9-#F!(<F7k)&}oBDnSJ8$lQO65f9xw~pSSd*
zW7k@|;o^zMy>L$RlHZ;%V96;bjas_ur29_1<>b1Pzgzm3W2c_=!I?|Xd^+>Sv1^~O
z$?+cb*mE|g441e&dS`lv`)R+!@ASL;h5jP{X#W_0v46b3#9!*4<ex%Ew#+}>Kf^!E
zKgU1MzrbJNU+iD%U+!PwU+G`%U+Z7zU+>@G|H1#0f0KWUf1Cdo|4#pI{~rIZ{{8*~
z{zLvF{$u_V{*(UG{xkk_{_}oCUef=K-{z<Mc7MLVz(2x2(m%@2_{aLk`6m$OiT=rc
z(m%~VFK@Yjrhm47u7AFNp?{HoiGP{@TmN_dRsJ>pnRzSy-}^WEfAs(C-|XM&-|pYx
z-{qf@cdvh+e|p}7{=@#G{^S1N{HOfC`_KCS@VBJ>Zb^EFnsjf^b348t&RYPpI#>Dp
zXMA}SH~;is@LlZsx+UMFjcjG$@T9dw2B}*14s~ECZ;^=lbgmlUI0NC+@*nHPXabP-
zBUdI=U$kpwEH>)T$z<dWaPxBa-FNd8lWz6LziXE_z%54d)91A`lViNJ^Y+_91_QqQ
za^Y>)WDS-qJNou(u51eomM-{m;WeGX_kbl!mMy%p^CN3NfPaYLT=`M<d&!ba_rQ-j
z1N+XSUg?G?_&)0G>zyS_maN5C+gZAF>41-p_~@>$lznGr*~MQuORoRuuA`S^u<Fd5
zc>Y(;Ngus`^Os+>$v>yhod5NC&VY|@zxn8+2VlP>v#k4k$60#&%_g+ArAtpd9Rr-o
zrNZQUfVkyaAU4Efz-JY5O<CYbc=G-B{HEr|_?GbG`-je^Ci#}|<ojbG5PAtu?1g}D
z9Uk^Vz&DqK_t{ZGpzL*cokAe)O?aI`z_$(0#>a%Gqf2~scoJ=OneZf-;3B;2r5vu>
ztGoN|4alvvs1bPz$l={tIC(!%4W;^t2%(VSc{hfu9QXUL95=5IxR~{6_Z{6c0e=s2
z>-hkDr~dltp?}=aJM~)r`l{!5zjU{=>XF|$&#dZpZhWoVIqjKlXWj$dPW3I_&Q8}*
z&jn|^<Tyv%>Nxf1IL<z4$0?fXJo7sA4?=$}^vj@6Lq8MR>7WMsJ)kdyekbU+gdTry
zyb=1-pq~eQHS{|{%gDuXpr@a69OxbBkpo_b{z2%kg?<_IY3OG{Kb<yM1N|P*7ec=i
z^jku|3i{Wee+K#opuYwBYoNad`ZJ(E!t|V%1$`&M<XpPf*nOGpH*zfbI5Oycukx<;
zuJNw*uJcxUcYA;J?x(kve)b*Je|mX&d28jZllNGj^pkz}kPmu!6uq{4(33vyKJNi<
z&Ab75e9@ORW^6CE$?@Gse}D8T8Rz&Pj&_k9^D+-*q`%t#Sm}peJMQ`8{LBZ(J#n1$
zH$7vV`+ciZPk!w~eie~l-Q-s{`PEH+b(3G+<X1QO^#k`y+_!R{!=2`ys_0ii{~Gkq
zK>q;rw?HqsdkxfQKz#(%^-%8vbrJr*4*i4BUkm**=+n^8gnl~oHPG(?eIfKaLBA#R
z_<Q4x(4PkVJm{;T->IM40S|s1`Uj!E7W!q-r=g#@lhZw&+Ehbr+Jo9uNNw7Q+O#F~
ztDt`k`e&ej0Qy^?zXp2v@k?hwe+2aP(C-6%k??rvyP@xfz8m^(=(~vz)%7K+>#bDR
zbEvLqs_WFLj<X8-*Pwp}`UjxD1^R2C@2B}VuS5SJ^w&ba4Ei+mGokON`QWdvX<9;C
zgBoU~u;Prmk10Mzzio`9T@3C~b?Q!UaNgDk=mYYeac(5M(+F=K;Z+mfPK4KA20zpN
zI`j`he=YROpcl!rKdCdfrsaM~yXsF8%ccDBFD?0A>4jV08p2Y0UH5vrEkAKwxb>`w
z6ta_(Po3*){B!?Lj)2^ZxYw?KY}{l=O)_S3y!E`nXgE5(V?6sc!+f9Uo#I_Z+@*K8
z4@gqp0I&?kVGd&f2ThLStO+7;^ELapw<ApwE4hcMJD(JW??PfMahAJS-J=*)>3cNe
zKz;AVcrbkL#mG$G6^zyFy|*LxKB0TIBX^^@+Z4ADj-l@(;hBrn81s0>nc@2sMxAnB
z$$hOF*WAb$^iTcX_d8NP`hJ~}>g&#1-0$^suOk0?-g&OR*I|5X?+x7z8SCnMu&eJK
zU3=%d`YuwV;W3PeWlTK5E$6OM_at|cyI+s{P&a$W89_^Jkb4eyGk4P5DaO_Mp6}ZG
z7)ILmKGl_bnYzz$?R|-xy{~0dp1p5!?fn;5?z_0}GxuX|_Wry3clUX9zvSBcP1oKZ
zx^jOS++R_L?M+4X)(GzPsM)#qre5|QOs&`VcAmY5db#&V&)&Ow_8#Yr^L7v26<&Y$
z46pCIiPn{SchdUweGIKIe4pq^8w}s)d-kR|a(lGGwHS@B%}9M+G#2YKnj46=bO$gD
z-RCg0lDlG(&+lZEj+Z)@J69OHuugTfGu9dJ?C$Id{b)3rRrG)(XmRDZ+Rv#&$FV<l
z2RVm0v*<&I(c;9nC!D98+nwFrJ>7w{InkH?(|M8h*6g$@>N!rrIh?lE;mmhBodxv3
z3u$dfgT-)>P0<Zcrq!M7oQ9};2C*7Ri#wN5(beb{t~Yc8F_l={OpkoKbBA-6bFT{N
zVMRAs`SmKk9ZhV?op%C%7a3pQL;w6Sdfv(E`%>E7S7@KVqg!!Zt9=&D^Q}e?T~4}u
z;v!n;IrtiJhoDiu-Wi5Yc^6mo!;78#Ui#_lol06<jk_-z=PCGGPOdF>_H*}l4|ET9
zeZG!H%Y3lgpu!wsN?@*g7&$kLe2^S@HF&lok$1TZ-9_%vXtWoj-(G@-`((F*a#-$4
zSuA&#yXUzVxEHz?skh7BE8HvHtBI+O=MCt;|D-hMlbu`K+f2OgcJIaK2i%9;M~LSQ
z?%&)e-KX5A-DlkA+{Mm#_eEkOX?@jwUA?{SzU#iPY*rbY*WEAN5#;6dXw<($r|x=r
zo|MlM&H!&6PfAo$qRaDDa$WLk7A6O}n|d<Zou%?Ya%UIvW=GHFl+LH2&<Op3?ntlP
zDfEiGQQjEudi3gIzJa^DH^D38U1B+bmRIfV<4yD?dsDpqyjpL%v00(&hiLI<c(Xjw
z;P2-&p|zif{yvEYKkaqU-nx_y|7cIwFUivtgtNpOOz4xz=Vjh<v>|7s%O64A*wa1V
zTfy5{YW@c5-jw<qzBk}YAh%HHUu$CR^tb&D)AcsX^(ogs>(a)+e#=we*2el0Hn;B*
zro4xLv+>YAXnX5hmfE_q&n&g2u_0&EE;jbIw)R_|)(>lEpV=_N)b?HbZ@+reX2Z|=
zXQ^_Z)+bG8zp_5tH?h&T^--H-zwDc(%Z8IR>1merHP<F<E^pZ{`yMtCGyQFUv$okc
ziG!uHzS#8G_+_azrF?6If3;6p|E!%nbr|AW-!>%eU)DZro(;j$*e4=paEao;Di3&O
z0*iiLzU%HjI%E~555EgZ&Ue^dKkqs8;z7@=NBlCz-aajP&u?qKT2D8VlfIsA`trM{
zS<mmVAJ)!3#ZKNWcnz*h@b+K6{8*Yyp7spOe)shhGi%OkaAkP22n<6nKV=sp&A#?1
z^Q=YRaR}Ro-!tKlU-`W+zXP*=>Uy71=$Y1@-{J_foGV0=$+7r#KYlI0e=UC`b*tl-
z(1hviyM1Ea>&o;nk#B`iUMmt5vteGS%q*?__-~&5_%B{&4D7o+<;tjE{S$r<8SB?@
zJqo?|>820<(I*`~i@CK6zhm65xwR8|xiacE`_uC~Ytx%n?E0i9FV!Ukk$z~z&R&#k
z=BM7pK1|p1J8Wm)?bG_**E39G-zD;4T5BFQ`#JAF=Dshxo^`+HcQ|b8J{)H;v*?R9
zY}Vhq_4k+9i`$-Yw*CcAlgILH(K9SbQ-5|s+eqCK^mHfR;<PVwWw%#9Ziq{NZhD&A
zbo4a;HNMeXW_tP)4zIuWo^IqjOxxGDGV767){T7%&98m+tRKJB|6enXs}m;)FC3<=
zXJNCRY3XTa{jkq4J-X^l_*>pL!mKazo^-48-Jd^_4!OjSaC~nM#pkE;$GTU37{C0G
z`*8fiVe||$hfX}@vVPik^PN#o%4CBc;i$Z2{@Bpv@Pe=(VjsSG#w%>Mdhhumvf1iA
zY!b3WOX)BdAhs1s`!9AC@}n-Xm20;8wQo<WuhHuFet!Ri{!*^l_@rsAJ7uhXGTB%4
zc1rLaj@fQO#miT*klA8;Nk}>zYoedo*oMtzwOjbovkBH@6>|&v(r*=^6k3`Jl{fk;
z8-{f$@!QR*qB_c@)0?HzrhWg)d`n-~m3<jvR^iAzfwt`HEnHqgrE^Z^d%`w%DIa>5
z3-g`W=(Og#aGW=dO<%5bC^}ZXfBQ;d*ev`muI;yd_MM|y+nymx`APj){maIG_K!Hx
zHT*{ia;)4;_EW!yO|o{3>7bMqllr$Ot#xIemR@|w(rWivf2^HQ*(>XVHpzZx->eTp
zVdG@oYd^!Z)}}8r<~miHERB52ZNFuGgMQa<HU-vRo?)|W7}llOW+}9NmMZK|&-bjW
zT$}z}ONiFahAy$QDbP8S^-KG2f311{F%+9DwGBz!S(~s~*1x_?v$pmv`wY{E--W_{
z+ov_jeut^De%d#Qe=e=H>F;Ujf6P_bZjdv`c%`3%nIRdB*$!YBHp7&?n8<Yzb`I~_
zF8r&_wOgT<H%;j{(|D8l3o+4l+Sfr&JCyB;R=af6*C6KS#0PON^zF*sV5iHtm+*Cr
zvSDC_sZPxx=EScvUtNk)V&9H?32$29R_MAg5r4(C*vivUCOXB|R|!cjp||14x1>bp
zgSOGX;%W=G%h|@&K57@!FqL=<jiYkd`X$e4+&VrwRntsZT`D%(t+tVJv3W1P4O5ho
z3h`N<;-3zsOXj=iW5lJ-GYNZtMZt@Cw{O~9!V*7(-o{_v2NOU2eWmeByK|Izw(NDP
zv}+x%cCF3D2k~9{VtJQbx3xgWQJ05MNtp{xm$Q|pQzmZYeS2Vi(m5shWK%5^`W9cb
z5Av)1&~-vn>s-^nQd4!Tg?5Ig!xmSPBQwM+?DeluWZ&gWha<IFxu&g1ebengLe%wF
z5%ROKePMO(k6jo1nC1Ux?C$;*W6E;p|H(D&zxKEDzxJWOgdOug^SQqe`!~Pa872#^
z{-;;{uO7mNjIK9vHe(;b7Oa)rnsxEpIuU1xvm<NZhdVnvyEsv&z&YQ!(7D9<jdQVc
zne$uccg9Xr=-)BUIH!b_mlK>ar_`x*s-1nEiR><#>P&HJS(!Q0Ilwv4Ihg%NF{i<K
z)Op-_%z4uJoAY<4#NET)%YDvy-uZ{~kn;j-IOjPnPSS}xP0n2BFelX`M~`xjagKG4
zb53xUI7^+AoD-c>on_8)=S=4;)_tDsoabD{%F&h1@1gsH^GD~;#HiA_$+^Y3&H0OS
zr*n_<SLXpjdc=9gdDeN^`M2|m^BU{p-Xu0}JMRYmzHfZ}!1>7e#QBf&ne(~x1%k?#
z&ezVj&iAZ0_1rbwHQlw`wcT~y_1yJ&8|V&lH*z<2H+462w{*95w{^F3w|94Nhq^nt
z!`+?Tk#5v2aCdbJ-C}pNI~JGY+}+$#x6G|@_jaq@ecXxeWOu4t>rQuPxOMJK_W<`G
z_YilMJKKHJiMjP|qZ`ikggeh|aa-M&*}nFQb2!hmdUm)A+#}p0-J=kDj&+Z7PjHvI
zC%LD%r@5!QXSip&XSrv)=ep;+zj0T%7rU3bm$|=nf9GE1UgKWpu5_<=fA8Mt{?Yxj
zirLNXt?upa9mMfY_a67J?)~nA?!)e*?&Izg?sQ64?q}V9xc_utaR24L?7rgu+kMS_
z!+ndlcii{f58RL3kKIq)|M2~p`?>q2`?dRx`>p$|`@P%kdY<pC>22h$<*n_l>#gq%
z^fvG|_6B(ydK-C%yPJ5Md0Tp$ds}#0do$h5ylr^jmiLG^#2e}E;O*oM_jdMn@kV$$
zpM)mr<typ}Z>3x8jrPWR<Gm7Z4{uLzFZ?L=%Dqajim$!-s`2*qCb14>syEH612et-
zy#u_1y#u|2yhFT0p_uJ8cyVuzH`hDNYxY{bHZSG1d-J^o-VxrB-cbxP9OqcC(m9Te
zj*Gn$yrter-pSsn-f7<H-WlFm-Z|cR-UZ%oyi(^v?;>wt-uij#=Jlx1|JOf%Ks&UC
z+Dnid6=ANg9DnhrUr(7k=-TB2oLz?f@t*~lU5ADA<?Di_U_Eda5ax6VSOeS*)&y^W
z^}#AI5PS!ukC)y`{9liswRvvB6CIXQ!BaA5B2S;^!8~OTLNibFfX)J*Yw^60=LDWl
zetLN%GVB32{Jt&bn*npIfj-8E!^C3sv2+}BvEMRlFaH5!Qf<x1NQgwy5QMrW@O#4<
z{;`u!d_b1g!#i{wd8jnMK}5w*kv|s}6^$8PK7JghSQHf&=Z`9?D##yKF@~Sg;&Edu
zMi-4AT~@J3yO;bDcdS(Jo{8GA?*-=1bgyE)^lPk_eunkZ53pYP7U-{m9`v!m{27#m
zH-gi^JWvgG0{ty8|MXK1E|K$Wa`%j<^>Hm6)nZNv?zO9&!>KvJuuUJ`5O36*)*I3s
z@zthI>nIyvJhpgL(YXAv<EuvJkE$3uHh<jsBF^6!S5Z`4Sw(gfRC4NuY;~Vs&wr{^
zj*1Jb3W_T@s-v=C{P_G)Wn~rl<HnVZ%^y`-R#rZ~YV6p`sxos_M`LsI!cpa8M-^6%
z9i3lVIF1uRs>;Xbj~`o9o?l*ASv7iG@z}!RN<)5FROm~~#ubbzE+-~M;|qz&_;LAV
z#iL5|M~^8iE*?F8^q7kB!bJ_KuD15%tfDam1srl2os(!XCQWjdiySVpaBO*Td2y*E
zreHLsTspoYzpP+XL4H-~n6ZWBMLdefEz;*O994K^=s<?xB!-Zg_8q!#FzkJ@NBE}X
zXaRHBf*d-rTjZd^Lq<k81=jpmL=L>btmqI^;iWLs`j|704w0i`>;WG+|NYz?@vvLu
z80z4$U@<rj91l(aOMtZR6TwN~WFWfJQ^9Fq8TbKZ@)_oNCQso5XPfVHdCK0a^MT0g
zLVF?472qOpF}MU=3N8begWrNH!0*77;3{x6psur;8{Pv}g6qNW!42R>@CWcm@F(zR
za1*#0+yZU|w*hqdNB|CNQ61y}hZU)sPu;`wUhr3NAGjYp03HO=)*l8E_eXg?1|A1b
zfWLt!!BgOA@OSVGcosYd{sEo`{{$}p@#7_){{k<Ae}h-RtKc>8I(P%T3El!i{|?W0
z!F%9+@B#P`d;~rQ!dE{5pMw8@&%oyZNyYgRd<DJ+-+*s{@Zayj4*;H^nDD30TW`JP
zyzs&c&J#~O;oN)gz0OTH-Q-+z%{9(N7hU9>amE?W2`8N39C5@EPHStcQ(s^2%$PC5
z*=L`9oIUs4(<v&l`|Y#)_iy%Y_5R}B<qgW)C~uRz&GNR)yVJW(?a|gdweR${$a6Bi
zZi!FM)!XMK8OQr3@^xsxpyL%eLx&D^w%TedXW+nr&Z=*_o!?$^30u-K_(d8eneadL
z;8$2785;^mVzvc)Sq2l!t@Cd49B1piZF%1&Z@av$@@NB@C87O-OB^;OuFCEgTqe!r
zC$5h_{`k{RrHJ~xB6&UU-s#S9IN-}n`1|9J-+c4=Kb(DHKOubl)?3>C+zb1P!pCp3
z$QW6cJ_$&_yarektOW*uwZS@IT_FAS`d}c~01N^ff{nn&K>G1b!De7{um#u>Yz4Lk
zgTXdnTd*C7fbGE$umji;>;#5_VPH5I0d@wvfRP{{M8U4002G2EPz*+a(O?W13&w%*
zU^h?#b_aWaJ;7dJ0w@J#pd5(&Q3+&rWp7XoYQR2VUm$YHBrq9F0aL+#Kt{>6pbkt2
zGr&x+KR5s!2o3@w&l~~{1+&0x5Cip~0W^X*XaaM<T#x{Vfq6jWpcc>ylAsM74pJZu
z+Cc}H4`kde@=_N#0xSeaf<@pca5Tt(W5BUsF*pt!4^99}z*2A`I0>8#P64Na)4(!t
zI#>?Q0B3@;z}es&a4t9xoDVJlzX2D572qOpF}MU=3N8begWrNH!0*77;3{x6xCUGc
zt^+H<_2Bp525=+z1NbBO6ZkW@3ET{B0k?wN!0q5K;0|ynxC`73?g96Lzk>U~{on!c
zAb1Eo3?2cGg2%w);0f?I@FaK&JPrO1o&nE-=fFR}^WdN01@Izx3H%GZ4E_yX0k4AB
z!0X@*@FsW*ybay~?}GQh```ocA@~S<3|4_pz^C9p;4|<!_yT+hz5-u^Z@{<UJMcaD
z0dxZqU`6!z0Gm=AAFKh^1Z#l-U~RAtSQo4Z)&~Q@24E1_5NrfC2AhCQ!De7{um#u>
zYz4LkgTXdnTd*C7fbGE$umji;>;#4a(WeXtBf!pJ7cdg!gDBV)6o5id1d72ZFdB>j
zW5GBu9_$86!0uoVuqW6HOaP^z43vWkPzkEQ-k=)PfPKKeU?P|VCW9$pD%cN91GS(I
zOb0W-Ot3#V02~Mo0tbUbz@cCkm<?i}9yEYP5C=_Q4wwrP;4m-`G=mn<3X-4=91c<-
z4cb8mm=8L^0?-AH01Ls9U=cV991Swy7;r3D42}cGgA>3KuoRpKP68)`Q^2X<G_VYu
z4wi#6z?tAIa5gvxoD0qa=YtEtZ@`6M1-J-Y3@!neg3G|=;J4rk@H=oNxC&eit^wDA
z>%dBIJ@`Gi0o(}w0R9O61pW+e0yl$Oz^&jma69-5xC7h??gDp%d%(Tmui!p#KX?E<
z2p$3tgGa!l;4$zxcmn(lJPDoxPlLaMXTY=IIq(ngJoqPg0lWxa0{;RpgMWipz^mXj
z@H%({yb0a{Z-aNhyWl<WKKKB92tEQIgH_-Y@G1BY_zZjwz5ri>ufW&f8}Kdo4tx)O
z0Np?a+cK#2KpybH8emPZ78n3HiN{$7h~{EFus)CzF*X2$z=mKWurb&KYzj65n*-!L
zXG<V*)Yf1y*amD1wgVBcJs1LZ06T)6z)&y@3<o2?&R`cX66Av@*cB9jLQn*X!6+~q
zi~(c8I4~aU21>y0U=Oe-*b7VmrJxLyg9=ays=(f$8q|P&z`kH2m;@$+DPStt4@?8K
zpbkt2Gr&x+KR5s!2o3@VgG0cfU>2ASVxS&0fJP7pO<)d~3liWkFb_0?7SIZkpbZ=j
zQXmc5K?j%*I>7?a1&#m<!I5AQI0_sMGT<0+ELaSV1IL3Cz!I<&oCr<=CxcVKso*rQ
z44e*@gEPRH;4E-9I0u{y&I9Lz3&3x{g<u7^2wV&<0hfZyz~$h#;0o|Na3#13Tn(-P
z*MjT7N^m{+J-7kf2>t;62>t~A3~mB9gImC@;5KkO_zSoL+zIXicY}Mtz2L9lK5##H
z06YjD0uO^nz@y+X@Hlt^{0%$_o&ryUzk_GMv*0=K5AZzrCwKw82wnpJ0xyGqgIB<-
z;5G0%cmuo%-U4rfcfh;gJ@7vG0DK5O0w04_;1lpE_z(CDd=9<<UxKf|*WerQE%*+6
z4}JjM!0~DSzyo=}2Wx;e!CGJdSR1SZ)&=W<^}#@}0T=`}1RH^k!6sl+uo>7KYyq|e
zTY;^?V6Y9?7HkJ1V0$nG>;PoUyA#i$U>Fz<b^$wsC>ROyK@r#$6o5i-CMX7@z-TZA
zj0NMsc(5BN0lR}efSjwf7nlG_K^Z6q6`&H_3-$)ppa$Fr<aCsYJSTz4U<#ND_5;&E
zEvN(2!3;1H><<nA2ZDpZ!Qc>ZD3}FigBYj>4WJRkK@*q*=7I!}^FHQ*X3zrUjI1PR
z1BZhYNP~9J0p^2FumE&{Bfvs%Bv=HF0!M=km{eO{CF98ziM8axzFmFgxh``<)NN=)
z4v@2!l)$X4Um7*?>WC9Mo|nwT;%*TtUmCTm*eTs!RwJlKD~|L!VFJ#%)T`^-q&~hh
zsvvM0s0A^{m9$~(M<{zatQU=*!{L3{tPyf)j`4LkuFu)|6K#`q!_n&whxR#x*IKiO
zZyeFg@!3%!kYVkpNdpu?z70-k5FHK$bVePrHdf1uubUTfdMgVZ&J1)OyPy|Iac8Vc
zX%ig|4|FztwHHA>$Bm}avFKrKa~#eVbkg7UB5B}1kBCCj;XFd8qI8{}(J=Z-ha(A{
zPY&*79dBq*t~ssHnUw5hjVgA2u_EA@Lubo3dlASX_&N!kf#_Ve;krTi^EiP!o=R#<
z4pnp>sMnU`n<Gx>EM|wp6rBri({?N8MH~($jxUJLZEtCI=2yP>;H8yLrhMNI#vi?4
zlge}cRWmGc#^ff?Ew7%PDSh4B{-Z&YF3fB^@z~B;cVFZm@sPLip!*K5c;l}how-N(
zdCkMlt0~#`$`5Y)^4*W}U;Dc2=G$-n;O3WFC-1Sv;G(=k@BV7t{a%{#+~c<$zj*0o
z<x5Y$^UG@%p0WKqokxA!`QEp`yY0Q{&o2D^%L_k$`PvKOdp-a7Z;RLa>pfHcvE}cU
z6rObQ*WHh9`PG|`FBq|Ge8H<<J+|#l{A_yXx7*#+@~<zRT=e2|d(D0EhNB)mXG!CW
zdwluAO(PC!{xW&vvoHUvap9^<PyO<oH{WV{anj&q*TU}a-z_<6{8`_9c-N7s>MQ>J
z@}+sJ4%zRbEsi+pi*J{F@#OgK!q4Wsux#L@OaI-u<fyW{l20XH|9<NumkxXQ^8Fty
zSbyY$%`dGw_`~7<ez$qxqs5P{k=}UfY1c1#<fQ!Pp1<SSchYZd)!JA%?}>)1UYh&h
z1>bD*^^>0-IpWc!&kwj^;w4{~4EX$@b@uwrHkWUF&exlM`{92cePiLxkFL7oliv?5
z-~54sHSd3*;QdE#YB_k<zrMUnvhd4~_IYIXpPYxLH%)AK?yMa$SDgIrmoId^`iGVc
zk}qanY#H;#W7jSI__p^y`ToN*w%GOc_+L&r_miSSA9!@ZmgeKro6j0rbM3gdSH=ck
zxnlFPi!R>(v4Z<%JXG+)8lMkX>yiU5Xx{wD<5tFYtY7@?<rRBgbZ^0X8{TvKZkNSB
z`s)=3ezfIv^FBOw?|FaTe7Cy>zO}|KgEqNt^Tun(oIj!VnR5mV`TE?4Gq>Dx=qnd*
zxBK(XSubsW^(%v3UVrO`&u472&$&1M?)|q%xBcUUtv-7Do-xsP-mJOe>}jWbc-y{r
z@4e0;b2k6nePXlOmnL`J=)LtGE!k=ISszb)=%nIn8s|N>=W!1X`|!C1Z?Ap+KL&Q5
zaQ3cuY?!~-+<%?C`&z||+h08Jj!Oo<m%4hNuVZhFI57H$Yj0iS#^pP%vqja87f)FK
z?-ge(eyMx$^lhGdbM1}3ZYwIf|LXrN-}Jey-z|RR(6X<W@BZnr3yyf_<1IQ${`OGU
z1?xW7z15(nVk-~caoMI%y}4rT{M$B&JyMh3nVI(1Rwr(^=9l$TcFcdiV)C;){H6RK
z?av>!;q|jldcR?0>XJEm1225~o8=d8|F=o;2}O$@e)^4Z`CZ5ER6S(>va_d^eL3sc
zceeSawfx(<kB>U%rLo)G`r3*OPnz;X`8r3;zu_;RZ?evd7k{|5Umn?Y^5O$x=T=wT
zwzj+36M5I1b?CRZ?s3VJcf9z%`|a}COBRj&tn9)=KD*+IW8y2$^Pm0xl6x-tJ~8^S
zJ8wRwy1Mc9uF;RpA6y%Ke9`D9|FiWL`(M&Hzav)u==~#FH~RAyPp`Af{Fb6)w_3Dt
z_IVShq&8Y{!5eSfS~lwG^&)R<{_u%||9(bk;*s_4dgsMcuB~2v>tSC$bj{;8JaY5E
zwPro>;OBSDUhmFxkLkSZ%_qmt-f5rBj=yi#Mh~yM-kT3z?0Vg^{||Nd5G2d@h5@>5
z<F?J)HmhyhxNX~g+qP}ncK_PCZQHhussCakW-*(Yn9VGnI(ag)BF-wK^84PbB%RGy
z7YPeu4>Y_Nv?U~trr(<z7*BF5Z&jS&NbtC{(8e++%LH3h=eLwb`U(f*&P%^B`m_v&
zPI-N|oo$V$rQkB5hyxM6a^#g>zc_Uc9!JTy76|;3+-VuM581k6D7Av*q38u~ACD``
zMDr+&kL|<%K^(WWpuN<MM~=j2pJayFn7PXzD@{o}@pI5w%q8eNXnxPEB?P}fXkD-A
zH@|{pqE0LPx~L6%XsOXv^eqAD4r2eJnFjHHcxYw23WhQl<F+L<k{Jc&7gFL>%+mh_
zH~fPz&gjgMQITG%(?iDED+ZtW1;#f;ob@e{#6SHFW|kMcc1A{BW2~etq3E<jKyhz-
z<`P7~y8}aS=w2FTrTK*ZHUF`&{m6Q*wKWrrv>IhNe3=xJww>ih*F2yP_+W37ln-EB
zpeav>=6z~qxz*fRNOdmI?ox9}0%wAw@-C#j)8<>DP9y*<&1_cXbh=$ka~70_t=>am
zHxsT~nDZ#;@DK*Hx;0qAm&vI}vq{0Quhv|PJLLt?No0DZOiFQftKp4JmC|Dg6SxQn
zHd2}{hv_=0^AK0Ifvu<;82z0{K5st6Ktchn8U0O4%xQs>lfpFSdY<a1jmX0DF|DS@
zc?rEKP?uZvxbeAGe<Ey<&zsf1YY09FrL((8mV!F&d<vHP4gV7}Qya_4*lTcB4nY$Z
z4myP$FfDwV(Vz%gP=;Vp3ah3LnqXvr604~$Kc6ETRIWsukOUxn|4MTu2;SO<@k)Tt
zM!sBrzrEA25r{?|m-FQgcn?Y?Wb@;>QT$KnH?7ov=sOB$R)W`gjImG*_ZL}{Nfu{Z
zQ?mw|mwyf^1*8HUQviI59g@InGSmU9#|UvBNTIi7D?M~gjLCG&@h>_81r{jwgiZc1
zu%KjpxUenRC%v&K77}%Z9wk7TwrXR3QmA!5$Cvvn_kvBRM`UgM`QW@GVYCc6CN~C*
zlFd_a0s+2I7r2iyXvanoc00xVR2-&a<xjq$wvOG?p0SICMv!0(6LVZG=oN+mS1W}3
z(tu!fuE>|jYO2Ag&OJz12335tP$dl`O@xY<#ce1t?M^oCfA&))zcP>kaP?B#h^^fy
z2B=Tvgi>H%2!UzGnYB$}(7j_f|5S{z!#v|8yoUAtBgRO`RLWOU;VOn=K?jM22&Z4A
zK#Szf3vHD?>XFI{>5HHRB;{-%su)qm|3o8>+Rp+4^X~ST=omomBqoP>ALt8+z)6rZ
z{=&-78qY>AGhn0(R_XP11U`3k>n(J#RyiNJF0I|;4(jLU(ZdrMW@r@I7&z8C5t>tb
zvn44NS>9cq+fXF6YPE#{TtcK#O;mqrPFheU@3eZ5)b9Ec_#Ez(8Y>EUiUNwkn{jm}
zN^k;@DPh$oSq-!|PT3|o75f7-<b~D`=a33%L<A({{w=6bJi8#NDI}ChkqZR50XAj~
zK1`e09b$Q%D3lWgk+>)M*{sl~g(%7(5x{@EKn=<mu%==n3P$ZkKCdZR>_IUvr;=%=
zP)0}ULcA;O{uQ(-&m*ns&E5vDTlJl&SvPdtgyxp{DY-uA31=qcdc#&$5hm3(J594o
zCvf|JbD7px1vrP^PWrd%+TBYaY>z5!PwO91Mr?{G$UJF;&fL{PW{|QH&v{Z%D;=Uw
zc@-}2e4~E*Ebs^WWl`e^ciraeDKOqjcfdpa8uRaFB}njlJ$f4Z!$>G3pOG{+RYdg{
zJ)54K8~TjC@UT*RY|i@`@AP-q9R3y>_h20HdK6)NCy9C8rDLGi&K}hGv^BXKUNj(p
zEMEgPe68iX!=5eDN)xM}{LeTGly}fsydq?NpkfQu7`A@8ZuQXJd=m+q=-@=)PsHlq
z)<Ip0B6C`AK%u=_X9i&+NmYjCR|gF0B^~Zm2fr-R5zZRdrEzZ7rv(&Wm77V?oJg-b
zqC}8oGMQs?(Nl5}urG+`B#nxST}ogIF<|+Q>q=5?3#gh*mb?;Ms8>;Ka##<y@|FdO
z``&89dGoNZ-?lpAf>T;V$$4l;umjhX6XIrfj{pdW-l^F(Oq7J(I;20-qW)kS7ssgd
z#!Fs|0Zc)tH6A>qm%;7?Fk(;?_!!SS1`Z8DM?(sP!J76&EAL0Ji|Jp>NHZoDMDc3H
z|GnfEj_Yo8S0Z%dwyX=udw6|@i`nV36$W9|1qil;!u2u<Ux6qJ({aJwLsf0wa;IQ{
zz|Z}|$V9I@lDHqN8P5Av)1qKBe$$u;@c5)-${>5^Ci*U;PoQeDsBY=t1RWK|6(NN5
zCwjm$MBg2E4#uOv{w*3|7#@-r)2?(E|BNMb2tNo#Y)6iBlWBE(&?ae;%B<vzm9bPf
zcKvnC^on<l>o;gn3VJQR%lx@FjwY6e2oa2vk1Qc()REH9Ai5jaa2yOOPO24O?tfoh
zN*AzwB)mvC%DQrLfi0qP>P+dwwmXj?oyJN3b_OTC0>?Gig?)GU_q<;yh=)`7ODTv4
zgmgz#;UfQV7eY_wrWEz>vVCFMRl@@p@|Y6}HYe{{i3HOa*iy7o<?k1Q&`;8h?x=Zh
z^s%{Y@EuAxfPv=P5{6K-Tf=m-e`_tKCTDSXzIf~iGp*08Lon?_3g7`y5w<qr{pOS(
znSd3n9h!r>hKk_^Y7yBlfMhZ!HIa7vFS@ZE;u*uQf@0*#D7qfAijOON>H>UG+O{bN
z`4WV2ntQ;SOxwN^QquX)lSNQ0gf4!s{XKd)gAU66L~^yDHI5GDM*m@)+5TYv{JDv=
zX^6p1_u{*JR9dNtH5p1PsH-$TRR144+;Jkiv@{*0P%)=^t_+G3P?z3GjkNK#csz-G
zjnYGRMsx7Ae}@mV(=fWZj6WrRdlPXiz$xVy7K4<0&5Qj}$2cc{P5p2`>2mYKwvSss
z{*D+GNj-z9l9(XdHDHOcIDx^tn{Et4iat&1g#m$rbyXqw8%;>kc4NEha+-i^rG>`*
z?Nd*8s}_T{CTfXs@TLnl5}$^)ZnscqJm^_s9bmH%x|E(9{Uf8rKH?UfGDJz=Mig!X
zr~L^}&cZYm?Mkoj>6EMm&h-f|>I8sQ--lXB&x4|29&XP^l^MNApM(50)8KL)mU?8s
zN1Ny#C9eEtPVL~ST~0qGhZHlQc37Nyb&c$;Oo*L%3uDjip~|O2_+P_^#qQ;M-w^`(
zegxKTc4nU<nv)J-%CVZ4*40##q8*L+V#*T)rwNU?oyGfALHAvWyUH4;NH5ad#oTSl
z@VxxF(3d_3NfJxDdya>#^3V$%x1QLthY&EoatOcvTf(SK{WfI@5@)xn;L7+uEuFQo
zNbqB)LjrFhu4`ODOC|nZl$>jGeI4GhGAy7a9?t0xX8SFu!<Fk>&f&>;r^~}q8Eb;~
z?Q0|_5x_S!1-NBM*)xAj>iORUhD&{J(jU(4y<0@||F&;-75e`xD6*Q*Es<B6Kb@Ek
zmZ*iXtqX_(c)WU#N%tjSzQaA-30)woEehJo#T2_M&kODe`_R^VgUy^+Ik<-7ed>-E
zqY6k&W%Xiuj8)fF;4!d$l6as=5b>EFE=2tHWlo(#?)H~3F~Y%4=bT@Lel?TQ!7gkN
zeShShX=0D&Kf!ADO<fi!c_P%lDSbL<zAkk2U#@B1mbcDW*0Jo#SmxKZFMi_Dt}A$=
z(XPvH39tLNC?RurWQ8k}b!2+Z)U~n<#;s>I&=RQTw7ADs!nKz<I-&Aud01iPUB3t=
z#mSc4aBPM%;DXnjCFbKqAA}R0Sfk*^{5lJkS}np64N6|=3pfZ6J=^P#me)JrNf2~y
zZp}6}0TqQ~%_JEsI%@ME^R2SKuwlxLkufkNXs<9d#f{iOLRiP1N8Z6^1r-@k`np8-
zcv;D5P~Xl_Lf~qfBCi_=HlXlyG|7dAe=7_<&bu>SpBqeL6&@xr0j*AHEIHEj-En{~
z`;JIKju;BvfW2-nETQrjQJ-GG%<YCuyFND965JF{jcKg65sX{X!x^b!es1XmbwY&^
za~MWOl^bGwbvrQ26@Pz0V#*xgrS-`F8lw}C;IA9b+3|w(E;GhauEE2OvM1UPsyMk3
zbzzgQ(3sIA{LuKs5~A&ZC#UzskEnzb3PjXXgBza|pPh5Lk0UL{<<UOgP-N%4=?NtC
zj#s<SJ~5TQh$-XUH5n<Z3ObXXmYxrevzjwIf;#b}*eYODGye5dhXqKKN4>D$JJRfE
zpebtZ2)%=+ce<9oZ^5%qoRaneM5(GPHS7orVDD(u#Z;5u^hcX1>xO`#D{7#CNb!QW
zu1zPXxQi6+59AQ%4#!Y7{T0Zr47Vr2*YIhSM3m0mZxX>msO~>C-?!=!5Kia@_2yLR
zJH%w#gpNJMp`o$pZic`^0pI7=rlgYvzf_urrTp)T)joK=mkhscw?y>c1pw;69{XUR
zwH+&uhHE^*Ay-jal68}VoQ~NHF4AR(U@`ksMctFk%UWZRX}bK=H-4BYrT{uk%y6xm
z`5#9aT~%eD>%AqtMzDSSXv=varjF2#Qv&jTCbJ@tbSLQ_;F_$KAo+F3)3rAs-?R?2
zmqf>Gw6x@LH@$9HBET{q2pAAJ5Cjk;5EKwJ5DXA35F8LZ5CRY)5E2kF5U^18f1CgK
zUmX_<cnli|2M8DFfBW!(BLNU05D^eD5D5?|5E&3T5Csq=5ET$L&~G3bAX*?gAbKDM
zAVwf2AZ8#IAXXqYAa)=QAWk4IAZ{QYAYLE<5FZdfkN}V%kPwhCkO+_{kQk6SkOYt<
zkQC7W)-D4aWr5^?<bf1`6oHh0lz~)$RDslh)PXdBG=a2$w1IShbb<7M^nv~W82}jq
z837psnE;srnE{ytSpZoASpiuC*#OxB*#X%DIRH5VIRQBXxd6EWxdFKYc>w)y?SFxz
z7mzoQ50EdAACN!Lc0Bg+Zk>T_6yZ8D5mza)j`EA2<;KZ*p_(L2;VBzYtK=9t<O`l(
zCXq>;q6GGpyTJNQS5$ww$G)}^ZZ(<GAGNsvJP%?`RDXN-oTm=;*GgUpaji-XHsa+E
zQE!!5+UtR7WKlK|raO7P+(Le?KD8_C)l_(n*t*Vp&mMvAh#T<Twlbm@wK(W$PX8}f
zm%LR4!dM)SS2s<Z5;n;UkZE~AtGVctYvcA>P<Jl62d3LUTqq<}SO?rjpB8_?GKv<g
zk-#+Js3pNPvw`8uE)e1f!y?**(VG!ss)V{!<AH~ns`_ocn5UxVFOZs@g0oq3wB@q=
zXV)pnVed}-7W<vBUpHdo&qXHgbVjqZyM7kuq=2Hci5!P*g-&r@5!;wOTtR7c@`UQa
z>u_qPa%w2zn!u^iCc~oy-twhE`IsVJ&y>BiviLHZc+Ww;sKc8AtVtV6_9#V`z#A~9
z2b{}cN1k@KK2&iH*SY(Hde*|#u}V0=pv91!=9n|v480&#G|3cdtv2m!$Nh#-NZMEy
z-F^47bfLb37SEr2js2HKN11rkRG~_X=CC8+PYndyaD)OYTrBc?9eiu`nMn^~-OOCf
znNytZs!*x+OWqWoh)XG<`INw7SA@i=oj`J8EOgtwmMqUvOB<+7&!u%x(^k>k=ls3U
z^J=4{+CIJ?6-8PL!TWfrDvNEVWw}3&nRb2*c7S<S7@pWmSKE>w>38^UX?5hJ5vDs?
za~Fx!Ut3{hzVhT*H*f!K_d)_9X=K`omZT`oig6`j6cEu+5Q;2<&@v6kD#!u2JfY;G
zl7VDHtK|Ylm}8P6qvvMI9nCCVlL+7cCI^rYcz7?7cn`qMRp;4~P*ihkgC?ej5|;4r
zD5{xViqF=a?Oaa+8mE1CyakAsTrc=%_+GM|XF6Us@kZR)Kkf}RkFo%|DLm*47Q^un
zQRWEY2p<_M_1od5jN+B*NoW%)u?})R<yf}gljwCp_<(pB_BZXf$K#fD3?~SO#B>MP
zv`CKwA=Ls`L*<*`{TKEpcHw|2Du*{dS%tuXV_IQ;4#{8dSvN)gBdw=syOp?<8`v<h
zv+tY064tr6ju1?yqPDFak0XN{freXic8Z|UJB=gTMpl0!cWQL!j;ofPuJKNG0Ir5l
z(+Ki0LQR4xsC4TQ_)wBTCM5&mVo(yE-HQuDTV99L8j1F3E6-6@#a|64>G`FgCRwbh
z);6~<-gU75+_c6`^NmL_)8V~jutlivreosBxm^<GDXH^Zsv0rbFv3FQPG3N7jxf(U
z!IcMs_GfW=2&GD%0}p2AnIvm#^EC)fc#02Z?t}6Ls5&ssU7V0ev9Nyanb58YP16Ne
zI$T)u)nY_)NObMGizwa*r@;tyiJQ<0&W28?Vn>=cdMiifh6P(9KB8iTM;%eCRR$SN
zA{NK^6OJN=P;1v@0y-ndnB&Db)*YyHsN_ppP!!8n5}x0YLVtWV0szlfeR(;rP1ZO@
zTgzMo4c`}9<q2vFo55&mr$<MQ_C~O_l;88F@HkX0Q91491UL`JNU5R!xv2YTBURFY
z^k8EA0x=|~EJpa{$>ct!#pD^+KQcXOX0qP{;>q5jQq`>p-ic@np&9F7Ve3HtP$EW*
z3AdGPLYB7jtUZN>7PB<h%HP;JXr-S$v%)Q`pv?qsQDA6G=@#?709Gosio3Pi*3?ed
zUW#7alCpR&osIt4-dQ>{75L)=<01PLD**pJNS#o34D+p_X;8fTgY`=i_47kZaF$;F
zh=$Shw+8obxsFT{2;az!ZF{=KHWCOwR=ZL;=zRFL>SX&RGs0lvm=#iW8TCTP_j=R}
z^rEV*#mp&5sg3%?>=K-EG{aOQT_m@MAyc(?*+4%uyP`OyfAt5&FsO~{O_^=g5LU|b
z#5E4wR6dI#+Ssz5YE9@5$g@?Don$j=k#0r0@#cS{W6H{S15`D@E7p0BxrJHk%#4go
z*m`ba1Gu5W5RmPdqC?=<OP=74ie*DerA*=E5-3y0b<oopXcjVt9mW1OM~2EE@;Hi}
zqZKpz68kt}ZiSs;6J=CQiM|)DNPjGpsVPA&F!MX91YUj{6B7)*iKNHgeJzy7$Q9*4
zc|ufl3&x6G2cbgI0obFImeq<}x}28i<kV`-q~DkVbwDTvTcZme>=dTSpVc|Pi_Rwx
zha}Hrvo#-ZS4i$YO(<DH&wKL!&X7FmPOWxoPLLSJRg@BwZ-F5r&zuLw>&pJ2A6$cG
z0TXHb{VXI%YFya!imp{+JLH%f4!^J^ji;bYiX2}r3~7l}*piQM-0t_j{S>d4S&$|8
z^G<2x#wc<lIpXVuL$k0W8htgK=XM8%l$F)17>K_HdkHbd4EOCk_SdK^`<!`USznG8
zgHf`=jt6tj#9nO}8_ku+1<5irX*98<N_C~n>Wn5lEyv`{YRR>-$K}Z_=ksVo>NrX;
zwDJNl4gdj749Yt`2&sM8o*Qx{)J#&XQ;iC{%k<#CCz+zbp@VipYuT)})zvFdb6XY_
z2RDm&!9N#4L)x)+Ke%mZF7QVrGeWDxAk9^l(b&*AqZ3rr+>s)qP<NVqNm%<XsGA|*
z*|?S2rp8P}>&={`7laP9Y%k6*6Yff5$gYmMbJOxS`d*d`ocENYZxB~bp;!hS(bo{d
z(IDar>PrmJ4#1}U=0=R>$8a`?n6>Tvh1^H5a6W*jAsqnh;spW)0R;nv0EGhmFW4Lo
z6af?o6a^Fw6a(~s=Kte?+X+C4KuJK!Kq)|}Kxsh#*ZhALaQ^?-{Qm@S?f-x#f&Sm-
z|2Kf&{eP1GKLMV93Umf^4s-!@3H1MU{=XWkELl(NkDxuMb}O1|2JOkn07lG0GgX%(
z^!%dFvu`HP4fDK@`vuF&cGW}<QmHtMknW(-xo|wMCYMYlSw4goW(C}CT})thc|%@@
zLQQl7T`;fYM0F2|SZ7gvVp>?oZ+RBkjZP`>4R<!_hs*7FDYQ)&Gg2vzvWSxcHMq*4
z0`mRQi1H-0vMDZ2F|0=MfpKQM>DOq^z-jV~2#?&*8(~W3`RWW<=Qot+YE+~C@)XY@
zWy)5J4$QL3vbua6hNictl3*#{9-8MNJy<mxWV4aZomi?AEM3{L!o${LNaVuYHLEXp
zn1j=Uwx<o7^dQ1c)&g9AOLy57DiNPwMy9kd1GK~9@@Fnc>>qG;cvjEj?v$orhtBKi
z*M3M{Yc5oQeLRs9tf@V0?Bi|KP}-}1IFuFq?ovuU@72=>?M|0wyil9`5#H%UMex5Y
zn0HZ@)T_GSQ0qxh{YKF^>gJ)ox-uCY8+;NknB9?^F-zq)@gRNRGGQ7i2W+<FxXqf~
zF|?okJy6_2C8;mRhAh?|P1~#9Ko@WP+QG0A=-4laETuA<l=qJ}NmkmDvC;cY=_x2-
zI)PJqnACKg*RJVFeuk;1r<&yI-d^5fRdaZOk9Kd%RJqLa;5_fo<PmS3PSey4YG<Zl
zaL!=bAn1DuA<j$&j?6@vU_V80>OTLpKiA?Hha#hCONTLpkLXERN8ayEzfo|-Qhvk2
z6En--)azYd);=gE98|j0Hh5rXqS^D6SMASBYV$*uz45s6_<&TUZ$H_`FSQMG=@2d?
zvhX6rFJ%<Jtnqx~RXKo_RFVGDR*!pqfgI*zV&GQ5aUc*^8Qv1!jXS+P9#UUi-+KHQ
z5A|IiD**okq97GG{IU+-84UaH;8f~SE5kJkMH8A#LrG1@{USn<;LOeYH=mMN3obsi
zb4;>0QEZWJg1T@Mn)Pyfzn*57j`YIe)+2P9p$i}GBhl2R_$Ig=*2}JJ`EqaVax2G5
zuUrczmltQ!fx$z0iKmrouQrdg9^BsV^Lb0Xm~xKAYbY@oSlILIXjiu$_&*^njN=(0
zEn$M3<ufW54`j#?V*l|{_d-Oz^8{Ucs7Li+v~@9y{qtl))q!gmsM=?UI}Tk@xHYHx
z{v`MYL<wwcH5)=U4Z5VmStE~;0Y4_RAbMpa5|lxlbsLAlgS4Zuduzl>AN@3<_>jr9
z@k`X>Xsfs4=zG&G9O0}TwGVxJhQGe(rMEA1l9qkVW$4FKOUsuQK&rIm$rv6i?+M@G
zqHTk;;gZy=v@_*I|7gWzR;I37;jYVgl94Yt-)injL0@^e%r6T7B5GpEt-uV01ILJ;
zT%X<56}=GJPmnQsd1v|i*jJ+7q_orpEX(OWj+%?PE@7~04_aeaCo$#ySdz9`fB$YH
zB@*$Q={kE;<6-}2zIMWK7$zA;#Rq(Yn=xY1hQo?^=L`61vD%>%-lX@vh)XJZczrOH
zX<VgNakY}(Kmwh_af1_6SZLBDyq%!Q8V`5M_t!x=N<7-MVS&s^0U0yKxx&fW3(?45
zuJ9|@TGjv-wbp3}Ic&1C;IPabe9G3PfD{k{4TkkTQn=2}Gvmq0b9E$wK9vp~afo5N
zwlI-|&I`w_pfPdpQH04p4E?={Wclfn7@T6&{YV<*+OB0(^+^3c5fk?gTkl+|vCfd3
z$Sk2+Kc3QTlsaL}A8Ou`U1SYg;zSHl!V3rJa>zvUkL0qwLI-Oic;;G3Qy>48ydmx^
zdsiyif1kwp6uoH_c*=g$X8K`fj#jU*=WXu5ZkN@-P(6P;_)ToDgQ@#Ka$}tz&IMdd
zpt{t?J893Skd3U_OHq9hD0dM4mSCAyOL90h)=?YbPW07`8f}Y5=`iy9w`qH=!eA}k
zW+q^1KNyl2hahg81h7NvEpB>cnebkq3Kx2_(EEZ*mml+Cjz4h!&?%8=5=gas`V-HO
zsDvkaB)I4qE*((rP9{)MwPM)Ih;+2;D(5$RI~>mwtGeEoe$01w6l<r}U9PSlKRO@L
zcKU(+NgwpW4EPmPuwKhu>rcp%bVkxP-wSIa_BDf!W{m;sYI45#9m3gVIyNmW=8)Yx
zZOqZulI+++Qj{&@SG98g8EoRLN3BQTr`od>_=9H7<j+9`!QX$ymbT=md>a>h_{+Sv
z;z_kxD|%2?o$~cg(+?;9K7qDOAA)RGCitDvv1Pur^RFZns#l<M<6oH$7E6(T%29QU
zdVe>4OY7$;`8Fq$5Xz1lrz)e{qPWoU)+3wf&gRh)=Nh@J(adt<a84*$-@6^j4%yDQ
zsY?F6(Vdt~a^pIiQ8^1UH04^eNG9h;rCK*m$xW_DW6+PL#b2B_$jr-tXV!la!0>c)
z?1f1%Puo1YK}V^y>jx>^?!-B_b0Yn^{|f`jW{K|j^a{6dMCA>@dK38Db_Dyl2MCqX
z&{v*6vz8F(QERKhKMW76;+7*ISu)kJR~Iv&#nWpJwoR@uibLUo{1j`tPn1z`A&0+*
zCG~&-c{tLe*e2W+a_$005X_=+gP-_4V%PfXAe%Yx=g*$8e5r}8Jbe!ImCKbur;dBZ
z!D>=Rzo+<4wF|coVQF(ose}m#>3uroI*14<WDEnfm55{VW=&9hxkrUiCstdJvH@L_
zk3PNL-x_-Mq;wr!?T38~8I#1p4YIQOV7`1-3qnMSK^x?UIP*FDLq<psII*l-+22f_
z<YDQqvb?5Iahzgw^y2<G%~;`lT<fcYAkQeH@R0xJfA#O&sY+X}aFpiphG_7R2BL*z
zK;iz$Yf<$Ob9mQ(NZCcBupP(L=Vs`x*f-A?nJ$L57f#*|U6@5a=8hfD=EikQM0kkU
z_M9#IRHm@9Vra9Gw;rd!nfljAnX><^ac}KpDa6L|Ini;#H}bKy+N2g&pBrGOyL-hg
z=h$DZo#X`w9jUb@#&qUjofN`4#2L?My{A<D(8Uspf94XU)gB%EJ;p<-4{;y@;}K)i
z-D%?DFj|=K;=kYMzmJPS%nhHI{iZYS-@ys4{pScTxtF<<9;rZ9%0e+@Ubze%s_Vj3
zoOVl^`Wl9hn?%#hsAWA_9Z4B)U1b3=+9=*>mPJ)G>$ebIX+Cxji7lYd!dNSj!_HQ*
zd(P!-MbWSnbet^mFd%>*Mwaxrbw7FhETKY@q2jN8$eav*L+18aedTCbBaiflr5VEf
zBy}Qca%1~8MsWt6O0Yd~{(5n0>Hw4f;rV*dI%Uw5aRoR#MH(S)8iqr&EB?Y{-T+_L
zsj+ZAD!4TRZfCyh)OKefAsbd)4Ra(^I*H#b;REvMS>xNBW02{?OmD}iE@v!k;J%~C
zOFHnLTjPfLKYrg+!Ustd%!sAc!AXMcNUtffGYR95t|j(gcwepb<~u{d{aJy{Sj%4-
z4C)$tm0AD9y8*IcWmC4XuTa~ln7M1nE{ls{i_PC=CDf6*F!N*QG)F2zZ=w!;E|d?h
zPc3=^!AhO;(`KvLifK}BQCepQD?86ejLn}!|LL5wT@qjYH>g??rDLzgGj(jN?dzY)
zg{bX&3sySVg}S2@{x3`r2Y{~7R?JowsI;nU1>uEqZp*;_+t#ckXX)F`@2VdX+*6C8
zXx>bDT`v711Qh!bAdPq2uc8va4rq^U+jWJ>4Z7`ynIZIWGZga3+#?yD(N~Ph>jJTd
zvxmEhy6uIzvGZ^r?1J9ryNw;-g}cG-HWp$St1Ud^kU)<?MdbBC&7}q`vrx^e>G?=_
zKnrtmRlo3~2KDj;F@v2-9wSP-j|67H8%GF@5n%^UTL1Ybg}SQM@xRjdBx1^G^MB&x
zru2DF$JkAmG_{dsdO#8g{u6wH0idTijws8LnVP^t@Jhpe_GK-%3Z_pmH>mFQ&$hwH
zgg)A2rY17M#cpDpoS=Zv@+gI)cC*-eyUm1}LGU>4Q$d(9@<{D}xCP_jH~?8W*yV%U
zF51mOw4bHPYw6#BvZw8?xjo*S8q5mf<aDud!GGIr!^zdV#n)uAu#uhwdCG4v*bx~u
zbl8k<z&p%SjonU!935%Z=Vrgd=H?lnt+9+XzF3edH=|-M*Y$n%^0+582zTlE;@qE6
z(AY^AC=uh_ojDGP{`DE<@_l&M1HT_TAcFOs@)^<M$LYs{Z8w$|!LvMI%?+^gnAmk3
zV1>^;yOq^?Y};3`iMCihySlv$Jn1X^A^Nm*etIy!*vGp!e>UQvO!t)F5B|5S)%ME!
zitha5`Z<37_2<sK@VW?OaO1Wce#X;-q0bpLm(W95&yV(d(J>kNKb74K$Qh%Rop6CQ
zVXyr$2h}Q2)6bhm=&4KBJu4=$rVJsTiJGI=jD^fVnwnajd;#rzwZ_g0M&7*w4!8K8
zlvQ=)0f_5=UE=GmD=kV%f;F#4t3p=8k2ZQWW8>dQEu`#O6_|N(*p=#=tj~4ow9AK^
ziZ$&RM8)dOkDNk3c0)0Xkrl@1R>O79E-S1|R%NQHYXX;;w!KzyF)mdtSWDXLy6_`g
z+_X9zfIo~S6)icog=SI3R2)B<)-CxSb8>#q@z+Ml6})=YX1(ug<zDkdKKb^3<cYsd
zrNVC6#08tj2kXK)f>@V`b>N1h&`z8!`4xltj-e?Df5ZG2y4=OqCfivhn<+au=xC}j
zK7R_2avxo7%wD;0X4*4dd%~rAbQvIAgIY!CAU<g^7P$s_H81N?+Q<4UcMr~W;>XCI
z-sK5~S4b^Re55>OPEx)L+th1C5ik+^l(Do<4f4n<QrXXRH)efGe-2}tL%T*`cos{V
zd^kTPcKS{7>W(vuh->1HVu1JBS%cRB4(4&nz`|{~B0hqJ)7PCAOezA`t<D<@6Oi=;
zCccFa2!4W!B^VJSu;dzdWXLjacQP|NqW;M!n+>SrJWO`V(&h80(M9JGbj}~lGLd%_
z>j<SK36f(m74;JFoM%d%kZ3Hh15Dz)`Sp-wB@Y<cK5n5#do5xpHsXa+By<^IqoELP
zhPMaI()Q7u+nM*)2;JeQODWYS#@{-%zOXJKIK9NAQ{}SdiX)2n^+$PVuFQsn{%uKJ
zK=>V7pZz0%QMc@)Ko-{53I4EH!cAsru|iUEy9B%eQP4Do<4#%aeOni9^qcfnwC-zs
za>dTV%4)ZlLH?C>@8j8Pw!*%XX>B^iAO}O-=_SJ7A4mJs2TOSd8z;qGVaO^fU~^~z
zt(_pT;FZ5rs%2p&#UQzLS6k}31z{X+<}q2bwWW(!R3>09);ENE@Gvqmwk8_Qk34d+
zWmA`@Mj1j&v-|OEax`!6C58x+js(&jYJ=*qhQvDa7c_b@f@Cf6xJ7Kzl61AEHG+g%
zQ8!qWSdM<63cN&T_g}GJ#v|i2amfIddHiTwgrhMz*7!e|(>xCZ*;BS~R<X&x<FQb|
zgTNnCvS&SKur2ritPH*NAn#QkX4PN>iq}7;F0t7ibEs%wzFX(6!6CL;v!<k0>+z5r
zU!iBxi=+^^4*frJ%yugi5I-ib)aYO@cnJzc+W3E>r8-BLh~Pt`pK;BE&F~Y}X*D5g
zqZ9yON`h5^KUydzgsiyD@sF=!UohB|W0TZuQq}>0V32oHHqW9oU%yr26@!_sX}tG6
zfUSW8+(vI)ufLM~D+!BD;n%#$N1z}7^<e#2*P|o|cqZH@j8JPm=F%xS09g$qjL4JC
zWYbN2!K$1h3YOZH$MQm0rx)gfCa&r>oj9t=9^`b{I&);ifY913F&D#=a5gBPiX6&6
zMuH_OO0(>byxevk@vD#GHa`8MoBbC`_$QuMdcTpeFT7tG?e&Mnh0C`%w*%<Juk*$h
z-{kX;f6I>tO;&a65BCtez!1Ne$oAobWP7ij7_^<%%s|Fnhs~C4=9N;A1;Og;Wed{Q
ztBcu-y?3oSZ!brjO5VRfqcUC?^yDxSQXR}0<ZV65?T6TQwy<7<;Rt#sY<CUbl0f0N
zZZ^VFc8FP5p|{iH76O%blA{ciM8?@7t;r$;8pg5Zo|5D!Pt0dzcxzh_qY&3q-@O^}
z$Dnr1G=-gkCw<Gn1DP?e3s=uP>@lw&5`WjK1MJCRJj3G-MFNbbxtZBe0&6VB?J$)J
zSx_NWGiXHHSVk#T+@cN!0A!|>`9pa)W|R6X{UkGp8nPg>UGRLJBbiH?>8!W~M=cuk
z{azcK;@v$4{I%G%`Vn7cw~TyCo0}90IGF?Ommw5G_UtH2==EziPq*K&C+PB%Q!b?5
z%ulhm_rp4JSv*Idh3mjoVsYjmz3E$Ntcp)Bf71EZ+~s?U$=wr<DKD(iKMnbV#zzw#
z2Jn}c0_H*282UxL3t{ASeX2An*wffcX4N@&S{$0n(`flpI+$;L44R6bVKby+L#$2(
z9I6A)M~N$f5Yv3k*N_|%PN^lc^l?*qb9W=TcFeLV{oh+BUzn1OJG<B7(+ry!I?l8C
z-2sBQ;oUlzUzOc@tEGD>aMsU*_zH(t^!s(6HNwP@X=5sv1kUpXpqm$JdQ+;k3psnE
z`7Q#AN2MLE;P|iB<rFMA;a%|Slb|-j5x60?Gg(TxXB}Nu&`z8}-Vv175~Boh6xhwe
z0Z!%1uKD<->H?IYHrmtj**Y0btIE}|rQ1Q*l?EV97hB6tZsa^MSV|~&`AVAy7U-=f
zhGpGTvtNE}<nY2@<B7I(@!Z9M@E)KcFZoKV-^{^mj%k$F5!JcI$?e>fp4GQjsb8`|
z^UyHd%F2b|A99r!AbsWP98`@MR`;NPN8y4B`bh}OQNeh%=)F+jEW4?kJ9IFS6%C2?
z<`)V`22j+gud#C1AY_4s^YOk@gmUmuA2i>HuB#rd>`HIJv@R(Y0csnaARJw2M+A7?
zuAqGxB=K;CZD|^0tNs4ey$A0<W&h4*6|+bdV9RY=_w1A01u7jc6q4+yRc2!(*I`#N
z|8x?zjIJ%VvIeXR)Yk<;?%P2JdG*Xc;kAl9(<Y(3t|`uHO05Wa-JtYcL-b+X<x6?E
zzIJ;e!hxh!gm=jzUWLjAEodnVck|+^;)Q1JOXgf`{D(fI6Xx&n&y^T%#%AcBFiSLe
z-xXG?PaJ3)Q3qHbI13_v;K(_epgdX12dH3C_l|d9fBN(;Ya7l{&@B-NTN}G4@;-U*
zx2>1Gn%Y5~0e+xRH&hV-d#Dmlcm@lfo4_?GzKf<Idm4rZZr&?t8*5&F_895i+~~I=
zt2@eIzMYh%nP(YU@6(o~_P~ZB03@$ObaQ8iU2T&L5JW{zy5JaRVcs#q6OOmH@Nv-q
zW|hni&Ge988Qu<^+(^^MAx{il42Ua1+IFIJEg_F7lLS?M68YWU;8VpAk*&F9w^Pl0
znumrX@}Ox3U{ok8&i5FG?b9W`uKXhuNS%3gvpBbtJ&O3M^lQ@}8r_LoJ{d71NOo+7
zz7y7S<eq@?Pzj!u<Y$d#G5E6Kdx?@fx3V_?_6<2mqg3W2D_@45lZ8Z}fl_u%LM4fI
z;p=5ivkIKxot{Pw^U#NBsj04+na|9*S8f`{74$y{l+m`<VrtuwV^v-La~5gHZ}l@I
zzOv7}L!U7!fpTw~RB;58Ap93<)S^%B-_vb1<yFWRv~2TZCKR1GshVwXvUQ^K=mnZL
zkvuNH>yWEDq<O<^zYlI!OPwO$Fs><xNXSw+uG4Ig-@1RI*`{`Aw_J{3;!}hg_wi0I
z$}{nBmL9QGKZuhdNx<P9pINKby=a%MTiPls{^B_?x(LJAEc%dOFG^`#!6{qAdykc#
z|NH|GcAP&s-JWR*ZrpNN5D1dfxBpiZ%ms4%y>`UBwzS_1wa4A`uWtOMx%~ho7tjS@
zP_S^cMroa5SUE%xi*^jzUVSG^@Cwn$&b*xfqgMti;0oSP;6~|$DzHxIBE|?(q+=1Y
zrzdS*%}>2t8#Kvs&ZQiIvo^k9T-Uh}f=1P6hN&yY3?}_i6H-5ZNO_(i`03{=D6i}c
z<fwn3qEK@&gZ`V%Tf4L<>4~Yf)LhKtX~olo_A{sK#x2faxiSN>T#H>DsU_6IV}@I)
zkEn2?QKx&FNR&FQQ9-IUJbg%lq}S2uU#THHTG(N8vJCYX^Q>3CX`;>`Qw@(sU3w0*
zzD6!Fq%}qgUk^`!$Ftqe7~0vy!h&YtVo48q?77F8c-93*;11XOEj6@Mq-d9Hkotrs
zj2y<)b_@)&Btuy7mAP|%PpHZ<MuB8U0Etha8=ZT_nE2oi+wK~#`@Sj&VL#qAj{HjD
z!w`v0t}R)mb5(Qp*D1+ie@`cZItcQYC_gy`hal+hJwYi-if)=*GM#F<JS!c<&~IJQ
zYt?;9v)d2F<2)*o$IfzqIe%dztJTM^15oy_bnR)DPkI`WJS)OJ|8+j`cV!0NJmQC3
z$43Yro%x^xC4xX0Jf9%3-CAyC)}G<O-}>9Esrq)KO<vqyAmKiq9utR$PC<q{zSSF@
zfP|<rdqakG-HdR_qW=bAES`p#k56KCs(*r&yfnz_WB%P%?@p#%YW6!-U(7%!IYoJT
zl(kzTBj6Ia;U9-=^qWuuq*U~7I{%$*!g8G(Hij1Z-3osDjec$sXe;*>*vO3P5S@M*
zJh*ZnbV4Wf4EFad=tjy*KP30w*!JSnedwOywa&r8$)`Kq*n}0=mtaqgRpX8}G#D_@
z)_AA4#u<)Db1&*a;b<<(jF%Jg!Oi6QRGwi8q*MVANnzvd)+3FX^xOr8Kae>E@@F6w
zws#n}Gsg0YqP&GNl1j$iX~p<KhQk4w^gG3hK_;|GuPmOTA!Sqp8Xmoo>9l|z?P*Z*
zI8|5O$R1b7u}?U+!{Bl6?mq}-<hyNuzlzBnC|3oRvNX6@v_3EooeIBZ`x@wGH`WF1
zS*2N1v@+TFKtln&yY%C&g8Nv&&ed>cVF1E-f%*Oy@cqj|t{B#SV*gp&Ga!!Q=spgA
zXM0>EUmtkMfUz6*TJB|vz@%m?+y!zn$q)vt7*Or*XhV74o`=1-k+iiI3LPFv@n)uI
zJR)V8*Y{F-p9&c)-Q92Hx=fUuN$lTx$sQ1Pd%@kbiPk0Jnh-W=dkN9*B{@@n4~Gq`
z!y7ak9Yq}IN(H&5vOD@mUj2Zf7=DC-KsV2)W^$nq`&1FwUkOmMSKgsK6HikhI3ebY
zv7QPPQ)=R{BLIxS9N|6ns1$onFs6P(oD|q`9UxYt)x-@>>R*xLM>XtrmK5nIx*bSs
z!5X-hG=^}Fg@E9HKgHpGggt=5)7fo;;HqzB3kHeR@DVYClcqPP4}1>K;2mxn<g^Ii
zu&UF<)Xef0Hp@i-M7mD|BZa_6l^>G?6?c<3#!5{ri)#d-FFj|HGiiMeO-{+8xQEg|
z0x9ijt}>%PxrUP@c<mRE%iRKHJ((;_LsW|f!YShrta%3hx*d*ha!{Eodelr=N@=Ly
zL6x||VMKmPoT@|tTjvV{<0P~Qw!;AP>QdX4^u7W1Rr_=4c4iDH6CF(~z&~7GN00NV
z&L}@R>g&(~UK7CqBS_T4PMTwDeU%{S0fzujqM(e9c*rc&&9OzHzDk8V+i7o+ENA7v
zS<X&8eR3=ff-2!pbj{y3A_XtOyZ?;{@`R*(V?miira22ugL3f(Z%fCXnxSupDWi4d
z?OhF5yw6J2=06>gNWxzmFv<2J8TP8Z_4W%s7P)<SQG|$TIz7NAU<?R*?9$}hdLqog
zK1k<Ls{QtHtmq#8EL75dBxN*DzK|K3{lw1)ZN+B}MqUFoW-l4u)Ez*K-#BvQnGF07
z9J3WoAD#DvmXuKXdh_$8Pxg-yBC8hUZx7&~Nz7!FzNR|#j{VKArkow4%iTUoa6w}j
zOu~`A&|u<cq)6*3c>|T}Z0jUy#W~-U%IqzqHm3igU6kSS1*yb@Eid*0DU{?nwpQrx
z&#lvChu<I?k$GL+wc>`pyHv9_!T#Gn=$%3g2XK1~R{F0$dcz$>;drlc_TIXkj%^rV
zp=BYUD3gL~A-;|He)lrU-x|`Sm6E62qdfRbbRz^^bk(18sn%6%*!5~L_{<)IxIv`T
z^U(oPIeT~nZm|q`tAR*7*cNpX4OJxMlkrx<ZA{pPyE@$p=}j1v<)oseh^YWM?CjA|
ze+tf9hM5L8<lcf0{`ax|z}Q}dnmQLOnQ(zGzB>QomJmJV1{#Cih=l&6JU|bAHc}GV
zC~P)e+ZipU0!t3o-puw`$nD!Yz4y(ec8RATmA5{1y;i<&Z6jtYjtjA>B?Ib9SR(7)
zqL&^<L5Qln6ycA1B=ZN+<~eTVxDx3ITD$tNh2o`tPu$jlknUF1k}SgV;$XDscT+0>
zaL8Y0lWp@rQ#F><?L(=q9pi#I%G-?K0sU)(*K?iHG?60vt$2$k>Y5*P;R}tn-1hzD
z8C~{YIvA^35K23a>8*B^6FpMXjZ3#{*j9cEmw-Y|xRh)E{wRXUUF)Twgu@XB9`iwq
z-n`_!1kabRC`4DMwe#Kbu%aP{zfk#StUaqg=@Dx^R6v3=0roF~Xr=O$!DMWC{as8;
zaKTbGO#a71<D7e2>ACX1F1qQn;r4&M?DlK1#>G>Q6z;HZR-BlGxF<v^EFV3%2fvyJ
z#H-i}l_X~VOEP}E5(Vi0l%#6ah1o9f^4O>$w5~m(e(Db;3Aoh+22Lz2xBJR-C>`kh
zXN=}fR_uBt2*Wtd<qg9~pZ=is4Ynw12Mod=2}$M*rz>aGHpdnEVW)7V8qzE6zh%vU
z{0o>bI&8`w3r?dQdtFib@kKYT9M|3bLY?@PUcyq<(zN7)ZDBcKA`&w{!a1A+FVvl5
z&V8{~gJ7Ai!qL^z1b&vcSR>iKZ_WDcuk|!u`wJ6!&_vMU_qJ1h%78aG+=vH&n=Y=f
z&8#6yz<asa@xK4UA{!+GdD@`w*EYGMfePO>j+h^BLJp>rZVKf4qsDmA&}@cNy7*n4
zB(vHPr6;b4D7!7Nl`_+@<g#tJI5zyPoZl|Wve=QZXvOn(n{SPqsIrk~ocSx%%3h>|
zeXg!Df1BB~R)}z~^z9v#%izxNF=(eq%b|^bZDlDG?+#fXQP*5?1Y&?6iLrv2WlJSv
zNMrAdCJ8~(`J?)Y8h1$+kg{dh(9f7_3Cf%iapu*qyB=%v&@krE?cC94Yx|D-Bf0X<
zR>F=)**|lui0T|g#gIEGLS<*o9)V@kNMqYDOA(OmT?}r2h+xOL52~}YB-i-sF*Lf8
zmJ(vRP!AX1oeHNw{W-oeT^olYg|9~<nkKzQ`PAC3;QpxxZ!*`5h&YOClvKZ0;f?3!
zrCsUy(8B4{hP-`sNROM>@Tg$lBNKoMlFr1#!q8sdBw+edP!x}croz+^O4g#T+@FMr
z?>IbJOZWsDtEvtAxjj>b3Fs4*N49L?sPsnYdxQx%$<GBtv1pl_RhxFMqtU@y;{I;#
z7yUMI6MIsQeaQz4_nf&4Pz_uDLC-#b)pr9v0<~?zbduOM?dy2d1B=$zwK_SDj#AD`
zW*ivBqxC7n)0{rE>l0|)a%%z_X3nD-V**;oum?Jh%1Rjh^o(t?eHXC%a#mX{bYZCs
z-r?C2t3vXE_Ik9p(h!`c(E_5JsV5A8&>WK6q@sH34iuUu9mSEK5zn7%o}-(r*YPgr
zvQ;&q`DX&&j5MJ(*#B~~`eH655X3tLHLowH6je4FzFKo945GL5LfXK5;{?IPil-Kw
zQRYvL=ZMbnm|(!r^i3#t7U^`w$CraCwU~2!yhi1?{wQkd$I4+QIWqF^_@bXB%YMN-
zD7&<Jf1gg=GjipS9kUPaqI%tnPFlwt@9&&M;21Mvc=jQ23l=^+1EE_3Kr>bEx>W9_
z=xgG@(lK?(u)iCR>xh{@>kjIGXsiMGV2KnW;cfC-OumwowE=}t{WR5_x~8?IX3fCX
zxZ|80`@~_iH;4WMP;&ZNmSzO#YUSLRyyqm$33H!7Fte8E(l$z3=hG$oF6a_JlvXU*
zmMhjg+FOUxdD`6;{}$33us+vyg)h^phgCKL7fWgm@E>_<avB-%7Q^%$P`CYIGU8~P
zMsEK5A^Do1J~H@yHZ~~uW%LNTG+rf-G<g%^6c<LOv1U46paA(mS>?-IjwC(LHE^`D
ztAKbR==h~w6K$KV5Q~+K;Hni=(&{O#rK*z2xQ~Ihi5iq<74$-Zl0L1;>D$@iMic_#
zt684|d9PE9Hb!S9l$W@xT%|oy@$kAU40C%9kk|TpFanqUT=DZw)|27<??@AHXde<_
zrO)z*ql|Bu84Nu1^Kv2s){ej7Zh|~REzQIqYE50PTm61C&?(-mqhJQY>66EDStNBN
zS)mh)i=oIFuS3gq&43amw`Pd%r(Ovr{Iuh{_dsTk8+wB*JmkF{QhKMSlD3m%*x4Sj
zTZ-?b{N(6O`j2pHj1XZI6c%2F!$!b>Z6m{`ow{&N5W4$KyL>PGQ2_@gIR4s1RhGwo
zBW5;Jr%@!Q8A|RK<i>qW05z=Trm|QUXZ!0kc4X&Y<qdRvceR?90EeOb7LJxs4J=1$
zIYEi?J$&|V-K|D0O!6_9cw$`1c-8B1NB$d_WMV34nRtV{SR*Hv#L;=1{*o0~Bmr>T
zLSUa=gyb?3GU_I>qPuey8+=XO5-}Bf>BGqCPH(Q3`*J>;p<7=MW;?*6x<x)DGYxx5
ztYKH$3qhO)<0O^(&dc!FpX*XtuMV5_oPk<2mLgFLjCiyGgDT16$HWP2C?`2_$bGrb
zq%l~I^7l@pO}Z?|4qit7)|f~QwY6!MR&2%B?I~jC-@xU6Cg_FAKAC&&sGs){T8Oim
zi71nfg4S>%wCIymNURuo!jqUR&AEcjES}xP&Wih`zRe6c!Rm9RfegGfBQEvip5`~E
z)i?V>*ctTHI?0N)_ez|yQ-WETg4v#GOWO!X!EVp+!<b8?8G<eoj#JxS&#c+`tQkXI
z0xZ$04nxchEIiD)cM{xsu;#qe6)m5C&$+1VDGnO;?f*UW=AQU?iVal)rtmcBhPbC|
zZbB2?DWyxF%FZY{3q+B8_N-AxPr!(T5p?!PWguzFA7~hE=o>4<S$0CLO@At4%>}31
zP_yn^pzg&dC^v9?$Bqex(e+?vq&#UDGEoR@O^1t_V9ir0N5<klFDca+?te>X+TVZe
z6AZiA?!$U|6dIK;CTSqEG!?PUg0i4D(p?-#{spxFq$LfVMcN7db<joq6em9j$u=fo
ztb?#K3O>z|l_$*_3d}MG9j<7>qN=rFP~VGyZ_H_D7)TZ%A!9-GkeF%BkqiBM4O?^o
zmK@J|s|~#}3>(!R9ElR*=5Y@$zcnNjbO=rT3&Jn{H-c2B?pRfP0X}Q_kvCW^PYwg?
z``JA2+{qNv7*6!9zd1t*H&lWJovpJob0vH{g|k0kAy?d%_VurGARvRm<vFU^OE4Oe
zrx<}<PY-~gMMz$-Y0Dp@i>Txds`9cc=G-qQ?pg~NVJ0-!6l|kCHpukP&YU$N5kCrg
zag;)1WUPY=L|ng6Pe3ht?Dvy-l{v3vDeB4~LwM&^x|uD0rAUQnoL8kX2RWv@pzq@)
zFpTr`lvv%?*36#qylvIsSPNj@s<2*}EMy9zl<k@P8t+DC<WGFSD>AF61@LvY<|buF
z%^XN?k|W@ejyg&e;!o+(;%esqj_y*25|2q%uC(aLVjPUiw}H^EcuYT=Lpw%LB740V
z@?4em(<%H=GNJqx1}Ts^BBx>OA-dtm7>su|<{7$U4vvp$znVWRovFR}pHJ~i=8D&p
z{M>)sEs<Bz&04)0e8}z@jHk}8ha)PA3I}TFAA_u4E6;G_7s|1|{paO{(4+o$`JyL_
zHtA|&FMC(@f4C-X2_LNA*cHF863YJs=&R9C+Hs|Y?uBv&&J}B*GOu~z#R>IBO8>2Y
z<x#YL0<1?{M`1PM&*<k37Mxf#AK@Uzc!?W@?er=LL|KOg%&ue;r?E+OluCILf`8~h
z3-t(J*{$<s>dkn%m-HU!!HcSa4=P}V^PHF9zowI&Tl~k}K`GFP$}Dg0Pg1s#*fzW-
zj-{hHkQ>&L@md%u^hXQzQ3r=Py*sl24nw4S$&_-~w)!Ps2K^cLSHlK!v2I&#c~6+>
z{{cxrw!b8v_)zbOjBU)$9dz~Mm_{yl@YRp$cz9Slr55M&xJO$T_890-m{s||Yb*Ax
zZRP*ZZD~0dA>{~XNYs`?bxIno&76*y*o1&2o670NRrY=mMne27%(RT%S9waw#1w5W
zmq^coc6*SCGFj=ae+CK$TR#tN{S}|X7z}`_iWk75Z!cMiw?m;uxCMzWU&j;~znE<q
zs@o8qtVf!B0l%@!>XvnF+whR({I+e2;Cud|R=j?vq!C(=;@X>))^+2xE;x&bR<-0&
zRCf2`xqAp}8y=-+zGoP?GztI63pIU?#=VugF0o;#PTu}X-@`mJSvLpaOFPB3F_$!E
zo7msJT026&@v5dqnq8I5J_9ku2#yWdDD?mOg3+IrV=w}imT;Py5=pC~uly^-+IykZ
zm|>oNv3M0_yXf6)!O%vx{|cv4i1+Y~PDH2mBBbJli-P|%_SZ7<^*zM3SQROmrhnDy
zUo-TtrTW(#{cE27Rjhy6^{+DhYm)x8vIs{9BeF5VlSwU?l8D{Xh<`r=K<12$euO5i
zm1VA`pZ?3B<&$c3&a%?CztH2D-}jbBq3pzJdTJV8kXFQQM96N^y4~=$D)+(^Qcb_O
zZO|Cq#I9a^4(p}W5lzDj(Eu-*^k<*5OK~7<r9Wcf>On+?e+fiRqjPYXskJ@~W*^d3
z<FZ_|^WJML!}q>vHONzqbJ)jp{bL6En87}jBFq6iiM+56$zK|&6k$e#1oC|b3$Q;g
zwiii*Rk0VjpxuH6Uw+zYP#G<-vO4<#v+P4^68vxD!ad_WH}bpSM}>pd96+kW;?#Q;
zgP4IqN*`n2tUkuCwd@<KX7ExM^RTwD#%O1R-JG(fQSv$si3)dJ)p-{{KsuGml0^K1
zt)GZz3?<?<SCd3M7KwOjOef<12Cu@1+bc={fI~~|y?uBT<<&pF@0pNIW`TeUBoH+y
z8c;MuvuuKiunDM(8<uQ{vcW!u7*|>;%mi$+d2te($+*?FwgsiOh;6a@w7$@Q?+KxK
z0h9z(g3uZ@)jJN421%0z7Up}-J+qqx>~r<^&+mI(->YbLX72a7=YBco+~<7G=pcrr
zQjR0<pT~YKTLb%MF-##9J@q=;KEzIy21PF2PVDEY+Qh}u(v4Np#~FVQJ!ldxm^N<k
zk+$2g0nUGxZn{G~q8Z#|klKyy&i0Kq4_dj9J8c>o#}%Oh8w5Mm;00PRm(hCO;0fhy
zC51qcmhQv`NKmJEtI%O8AvZ(dPHYLxq^L>;VvL#sY2<lUg+xs{r>e3K)66tAZw}a3
zm9+`i=qPNJwW0ziphRF?uH1!Ixe*F25vP1RlG7g`VH?SWlq%Nm8xV<SEhD|9OJSwi
zd*9Xhx_9u$*&z*HhH<;54AWF#nu`B5O{Nms!`w;t$~#cSsly~Fb4o?aMzSV~Lyl6$
z@;Zn69u8?DDL=>9T9-|=I|ehm%Imh+6Z9%5(y0Ffle9F)*van6PxkuQJwLEy9%&dZ
z2`ypll{3*Ng0$4?Ji9SoTEze_eSV`=*ryj-<~Tpx_&N6Oy|`L6VrP|oq4v}3s86zj
zY*MlPxLn}-Gxm8_ke^W?4G77Q^3q$$tdVY^Pp@^PoQB#BI!Tw=m21}NTGS?vo)%@c
zkR@N>>djQ_!n(fs96J9kWJvP1Anr2#KHYNM_%kMASOoJd0W((o<dHlbnSu~sJ9CgG
z(1=y?&$HSJoJ6fa@C;|bjqHJM^$r9cEWtzb173%NOOkpYJYf}Dt;Ua>2RDB8V2jnb
z&)K<&aX5IB)T)_aO@MAf7AZ2eyz^8U%FJ8wND-Pi@FfiZit+C_ewN>df(W-&Tz;Rl
z)Py!}4ST7;4k6~GTnabWV?66T7EDK&x$4!zS_cCWG&&WdZ#RAn?Q$Ni`c(2qBwg-L
zpbMqywdl@kEmA#lS?&`MM4#*Md3o+nqtD1{$%}G-9(|^&Y&YbFqR)@u^UU1Gqt6I-
zASdPi44>oRxd|7y%C!MTIa(@Kua)EQC5x1!k}F&)7ThOvDpV#%sj<9L4H<RkU9me4
zrO+sBv{jGd@VtGDE|6T&iQjp`KNNc2->+n0I*R013d_d`?+v;7J;d-kcy@MhiK_PC
z>z`>nM8BT9vZ67zM?i{6759zOOtb{^+vW9nu+r(UOxg?zhl&b>%7=JNexo)fMb}9f
zmRF1&mUY3C_zYVTqweQ;_#0EX=_9}DhcTyF^*#0qI!K%Iii&>C{fLOWC~TQ?kP04I
z@-ThQgXcBy_KLZ2Wxfu9^{je+xfd1IS3=uh$9w}BA3n`Xc1)m4p%}+c4izK^3}OKz
zT2_e#cCo-DCrY=8)r`1EEVGMcrn==;!$h493cfc_h2#^e(oH(<S_&RW;rnddG#~l%
zpB1I9+^Qf2UvAgIIw+Jgi1;_0Z_VQ@!o!S?OIMbewj@Xs8x4w{ZElgR?AtBCPVAgZ
z@rx<Go~2E(;LJiK^T}w4;bIiGmFz*zY>@)x1g*N7FUtIF!-dv7FZ#SV&MgpX7#)8D
zdXLjv<atd-1)Y~2CXdk5<V6ZUnbe<v{Mpy@HtFz7w^9F~0(v>CIf{o*p%>E`imJ9{
zEUFqps7Vc|Y2cN9jp73z&|cD8R@B!13%a!nxwnh1ZZY`2$nT~$3@swxC-VD6{w0xr
zlO#7Qii7Xw=aIM*s)mhb@<EC|rGu<CxC^0#T+a#jZMc9^)^3LCA`Istj`VXBl=7#j
z&xOtkZc+GdBG9LcrQ95R;$K1>vTjs4Qjh=1cQIatfwq(asW=8tnr+|}nw%^eSLFP0
zMP7ATk+y$XWG&lp6$0u1ovlY8i>Aq$UG+yq{*cJ`iu{X>#b2=XU&jI6Ed&qgME_p)
zu}|QsY2VzmoK>4AvTyHWn`@td2_^KgP^t--=N9(u`qq~qC=k~gHkCSCMb~5OkI|2k
zlHM@wi9DU)?o&j*k@jy3?P%!qHwQ}N(4=agK+?EH0x@#)1j2B$mM%r3MkCv>5Y2<!
zgc-O=y)g~UQE&7Ev*4!AO;E@<Fj);W3`~HV+H=?QX|OrM$CYX#&WmEOg$<pysQE|y
zEd&2R*B-8x2U{kvZy$i2u3L1q40Kzla?k*3=3oh_<4WjbLw}|v^eF?sr`h|)X73yL
zDb2QwE2uqJ!DZK;ThC3YJ-3-{KsO@LN~CoLzK3a?>v`K^46)&P<lcc*YQt;;cdIvP
z0|ju?WX!pRzoPa>`UU*N#WZ=Xn*2J5%*mutH`AzfM5$2}j7q|&wQRiwuMe>G7hx;S
zd5Ena#w*X(e}&gAZ2jkWT?M-jszdXSp~4Q^yw8Kf{;IiDsjA8KMJYE;a(9RLL*y(F
zb4|v@^({CK>i3}{nHtdt5d+)I>h}w;Wgp*&LgIRv+Rb^{$6r8Q=6eK^&)ML6<}F3d
zy`^l!-6rUTeQ6!8Mrw3h`~|#po`dfT`A<>kanXNLbZuor9n`R{4|z8#Y%Cvfk@*bI
zYrQG2*8<|S0Lk4aoK<-9Yp6L39}lB#jQR=1;7PWAHzF%t1UB(a<Rx7vCA7zS6B{w`
z6Erj-&?gS42pa0oXl3iyLP6NzXE1V1dEB+^p2CQy0vn44!)QrLjMUAW4XKe1*Gtse
zHnFKN(&#!xHBD$rsB@qQ4O~!{+S!gp-2hv@^F8ibEL_L1?;yl1H<20~MBA2P#Lx8R
z01A?J>{XlYA#JFkHh>1YLU;rF_@lJzIokE>*vDkFf(hTx{^YmRj_?5v7U=JDvxM+N
zY{Ow{4@zpGU5Mz!EyMmp$oD+yR&~si-7n&9#nyjdq)F4b_;Sg0s2n(1Gh7kamcHSD
zXrx0n4~m*VWtybCp^Ft4Q+p?=#3Xbu0}sLjpHzG9e!ft%vz8Y*Tz%C>m^F35KGaI7
zo+t5rb?tuY0j|x6yIWK77eHvg$W4Hk75S}FuN()tF>&TFb{`|UYNf)6=&GmsW_%-z
zK?N4@;QR2fHRP)GdX%g*gra`zE6UhNK_cu=sr!OjAy0?l#!tbVUf`H8Rk@m~w6r$(
z#r^y=7$(u^IT&3Si+0ZA6R^WjC;=nYJFpQII9=%55Wd}R`AUIoV(T|tphKtrGwgm`
z$L^tndH1!tSl`>IoUjWLG`V)0irQVB^BY}V9j^V<g!E+yr^e50!z&jlsgD-WQ-)jf
zaMW1XcM2o235Ve}*#?2o6`XM!5TQpP8V#!L&JSynt6-3AN*d`Ej_5`{(i%+%+7r@8
zQkXYno<P0fV0`quOcd6U5jqE>A4uv*XyZ-7y8XJ)Uu0^I)2F!m8d_>B7{jGYuHJ1c
zJl+zLj%d=Y^M$hx(Z5v+OCMDmjqcrzNz3I!p$5#E(Oy8SHi$0RVNP;)p%g-Tuhuc2
z%U9edCHKj8{ro)n=4Is&V#&*MzQ+$`xK8$j<ymyj?v2e^Ic`~PwvIDnl7B)HC{PH#
zq+=V-Q*Mmx%Hw92Kd;ks7U<J?@}ynrU53o;GH?lS2TRX>Dx>hXWcYhC{QKdHSow*t
zb%tDryuc_f9H9)N!ta-Y7#4DOk~<&_(lMp*5nRN?vnAfZe2627YGNVyCRE<b6*aU}
zyCt43VS6l!d#fj42{oKT!=RAsi2_dnIi9Jl6#OiQ>j`eU!asp^gfI>H3>}&Vx9Upy
zR(Z1EKBNFa=RWDdiaL={#r?R7wt&MHq+x_KthL}p9hZoPK6h+KR_sOKf&F`%jP)&z
zt}ozIxgV2)?>BW1%mFTl+;jwWV#c6u4_poJF^;H#nJ$HfV&I$2yHH&%Ou;up%XFWK
zdAd6q^K|RrZ#VpX1%JcvHxI&RH|0@ZKNLRmn_r<Upg}3+uXUJL11VcM%co4S0j(c;
zl;Dc21{#5e0>VZb<hv+B1?H!S7s-_UKm5!n^#8wEPHU_jD8Yt*WOAnJI<~ZwpXXST
zZsY#VqTU``RC26QA1}b-)J9=>$^UM7uSG#P2y!{;y};$5=Z1iuG@d{SgFg~5t^uOM
znTy!i!4het^>YJ-sy4Pe?A#I!8=Lizsacwr5u@Vj7nJ0xIT}E=MfEg++FlyQwT0aL
z6dE5;mmDdULiw3X#Tb3ZkjK`OjE_*trpgCarlXHdQ^OJN0Tt`AzJ;G!caEa|Bt=nw
z%md$nc9ckGg>$BjH;o(@J~49EjGm|&6F)3<w)Qc`R=n8YazOah*g9a~EN5PTf+wiy
zzQlCYo(UO4>>cJ>=pD;3RShJ35jcS#9v-7DKk!GYw(e|;*_BNvrLhDmLdVVz)sv0x
zan=P<ivyNzzAK3ul(l<EPq*6jXdh=W>A9Ow;&W#=6_rm(RwbYbQM0>##M0<TwfAWx
zjEaWtevu(3-itNwTNJ13K1BHtijjIW^)gk}b!WvrXtuHzf2Z7szp1P7H)|FC=B|X_
z^2ess(n}&oFR31SG2cZmvzOA#yd`ki{<wL|J*XC=+qs@zO*=Q-gDR@b&MJIv=!-xb
z&3jAH!<$~W10#2?FGW%2eefG^(zSG$*OsdO-zYmJHuOT49aZ%9WCQ{2Q2ll1OXy%r
zPeQP#m7*gi)P$|D+L7r-v4@b033NRA(t7~YRAAZTbYZ*NsJv>Vm0G=}H|d2|w251;
z2Jl~-b)$}IwTq;uCT^O6o6xG6w-G5n0y%H4@8{B=rv`45pGUz2XOQ0w<)bl*DWkP5
zlz%aHcOiBc(e6|=9G4XhL}0G7^`Afq*><-6I5lu!q%1oO0{&hYRvzU;XB$5`iUu;_
zT@+CbyhSxUY|ijz168fAoJ0;B8eL`wo<T9WzJy%)G%#LmsK6iL7mz<3ifSjyCouQ<
z&C|)x4^gOwn9<nZj;f>hb(jc{i{eG_krI?veCX`hI0IV8$3qD5{1V0ID`}BeVUdl{
z&MP1q$ZpC(M#wx&GLTOt6%jd+T1_%!dnR)6^ca_IMud2j4<KH6iS!<C3@tY_O{_h)
znlsm)yOFolKCFkGW|xhRuRrn*GA6wFojg=2>x&!i4&30IU8_@+L>xg0VY20xn8>-X
zVr?Sgl>aPCljUYsq}wr|E*fxEMG6hr5Dl1EkxT>DXaT%YIGiVSv=XDxmz@yCJB!d4
zm(Zc=Q3<CONN%RC^-0*{fa4d=7KnUU<cIJ$+C5ms)SbNxxR2_q$xR1ib~Chxe{@6@
z9l;8HKpDuTas$6Lv=|obgw2zLVDc54VS}|hH(P{YinH=+GI(Ho0Sm_!a9&USe(6i9
z?hcuLy?+Hvye$z)m(k&L*@A1NRy1?3eb~HI=#1p?R;e|xcH6xp=NpdjlR|Z9g1YUE
zC!hoxk_7D#&Kr2B*p><{-+W2MtvzEau2Zo$jbW`0G02RsX3dB)rkZzXH5kG`9o4Xj
zFrhm13>9ra=wT(WR_c{HFr%;Hdq~Ok!i?GmE4XoAYuFH4V*Gj=5`0qYHh~n(_;7`X
zbmZuC&;l1T`J-(<V>n=+{1K3dFGHx*DY=rRa}e4Y$eDbuq=-DNh1$o3Hee`}kRpAw
z%^05i5xLfh98}mt{^Zoanbb4qj>DQp!4OnCKI+A2RK!F2#z*~Bje-fVjkZ&C5y>@(
z^sdV~`J<&mFilTs&1BK_J~T~qbwg7`*CB2iL@E3X2Os990_o);e_yB;%t)>w+ES@Q
zI=bfGG8N@wy@G<NWc?Vy6q*|d>*{r0Ux}2Pf+T{!QEKy4m=WLMm^4^-5p@BovqJ^?
zfZhXK4*6zSRlI@0&yt5bV;a!I^5ll$4i_TU=s3o!@U@sfQ)w9HP&%-XPhp#l9`Y#d
z%2MI$JUM|ZjAa*s^+4)*$;_XjNHs*QAUae^@6a<y>7g}+rnY3KW~pvME<OuQ@iTSj
z@u0o(J5pOKVc6!*Mpr~~ooe)77+#`JHSrT`gF}>z9HeAqn|yCTuWT@d+~I(sC}0S=
zBSjUsI4B#e6jbZKsk1>m+-zr?U17G_eU?%S@>D1l@e@*QTs+%cn~G=Q2B}Re-aUvY
z-U!*EB6Syy1q%225T?XENbbZY^Fyk2+a%3E{898gS2`f6@Zipa{2Y?jF@DJnyhn#f
zwm*Vz62>>lY>_J*ek*r0dm49V2@Dl^PLqvoJ~zDN)>IRB#lnd^)8x@FEYfr6mpgkp
zmniL%O$#RitCDT!--o|swpl;CWIm)e=R+a*!|z$sq#y1@6HB!&6`Z^*`d(H_L|?19
z`BUAXA^<mMaa5(-HqRvYw<}6uY8jP)i}T4V@2W$)ec%mTgCNcHc8hLfFB&E|4|Cm)
zhm)%gdZkjE^W&;H=-lUODW7q6RHX>vD{8Kg@=b7W6T;4#1W6CKX1J}MNetsFamOk_
zWlO2ZDxA|7SA7@8L!Uv~)d|a8#x7j+oL>fSm-3U%xYkJBb)V7|3Fzd9&36a~BDeEN
zups$IF2M3*L;H?xZ_z~upRW+k>-kB-!`9RqtCVk7TVjEhZ29ZBmb4v;w&VbOwFg^_
z51ueea?_L9wbSx-jZ>SRym2es6gK)y1%hI%`n=teCbXO2SIW0;3rtueeLQmh)%gX|
z*MYT$wnmHLXhGxD_5wXbGuuWk2<?Wkp$nmVzAaR*2Kp~6BN-y3uMu#vWis5xVlk$4
z<ZNiUUfQ>9M1gR9zTs%&#P)psg!X&`x*xrlG92&JuLcs>^RaqJ#mx|^b9DTqfIcvt
zocKmPQ4kAqIHOdZgX1JHy@VXUK!*xFe(b(Fwl5|l<PRM=VlXTsI&p-bNv_{Nt~dFE
z(cWB-J76H4YSj41@EM%<R_X(eyIxuhgG5TGnN($R9^Pan|7fFyi1X!Zgm7HdoEq3>
zm51_vUOAH-Xd74llvw!*P(E3ar7h~mv$W+|^MTtnx~P9MKI&N4=%Su*%ebgFyR=2!
ziZZps(u}I_Lrc!r4jFZoYjLTEjmve)Gvj~{;Q(Q2XmP5pfmN()M=;FRZ=@oqc(qQp
z{<|t-*tY9jr!ecZ;z1v2iseFp`i_D$DhYESgYP5Xi$z|q7Ku*rUSFWLa}Fvdx+2Eb
zZLs0(6J3mC*(UX79ET-nMvquLsFfur({M;B9e_5^IDm#5Jtcvh6<%^77t0qdL95V`
zBed-oiU$?Z0&xmI=p{Fzht6K9zyujfjJ=Z&1agYJ_@?b@wgOWyaZJ7fQ#9jnj+&8)
zWwfgqLs~`#GunkVqGn`D0(P45E%dH@OzN!3p=03|slXmu!o+P0!~r>@M`J7mne*9e
zrU@;xl;z1{fwiL`Wj*aUTLOh7)Gtrbu&%XnT7t+~?o;Ha+o=mdiMJwl2xk!IJ4g7r
zWOJ*cXnqD%`lnMnj|tN~XGmSC2R@|zpUeT(mTai%g5UI-HpzX;+cXo6RIByEYpU~z
zEAY#*&20h3L%y4U8^S5oZ^lni{|F-3X4CCLAG#VhH_a-PJ8I9*17gf=H^}DN^BKGm
z0)bL!Xki~)rdI)z>htJLI{WyodTJeieeL=ATzrQs8KtE1f~L5fEnH&GDjI}>L-|U$
zL4lw=K?vLU$&j2+qNz+dt9Vl(R`GJD%JpU*8Nq$zAiKx9e7M!bG3?t1(bxO*a$uW)
zYi&A6UA|9);LS#1AWdlPa=Mc@O@kIQ4p(I3wY<rBpz=z1G*QpAR|A1__b!G{qmF2e
z5)7?%5uLnR@<-S|`;(2wfhETGer%WNZIrC@Gj{3uMM9r}i?0i!>Rs*TczDIR4n9(O
zEjj)UiplJHmHptLpCXEEYjWAs4Z~C+!q_e%wSa<hgP09T4V-br9~t-gkTJ1G)6Bo*
z%SMMvW{bm&?mIj&+!sEsqPr+xC+j`rWx5C^``hL{2YU{86}t1gLLiBpbtzSh*h}4?
z@0~<{O$d;%cOu@SQp;OZJ$SG<Qwf!&lz7S6uM|bBHsPsiwKcOPRBe0Vg%_wk8jO>S
z_9m;nF=4Tr9|`>g36!^yvS~`zH%`o7&X1^wAV3MOJ&%-N%2>R!t>_cJgnHbmG$~Wk
zsD$Ai9Tnt%O*zKKdh=Fjejc!RLrt!x`j++vd`{ysLVgM8E}-w6otvj-wB~t2PbOki
zAZ-O%M%6H_i|LsS-wRYkCD2)0p%PC?h!)_XzJg~^54v6mhfr9KOJdO_ki$!+-hyP=
z5-ov#Yyx`pK@**(UIf!KTi88!xwa0s>ba!ayDX`;rpL@!raTdyuuZ|BGz@}L8XvPz
zLXK&#r#JNVT4i_W(NroUul)@wd~{vss+EdsL-k1*YU~c(lO~*>w%J;HR}vK7Q@bxs
zW`%RpHYZ^~8U%cq)@YNB?K)k)^YF&MN+ImsHAu}~{5evy+f5X+$XYQ6WlFEWwnu`!
zC{o-(eee`+;8KN}^*ZhfX>$eD$4es-f$HOt1N%`bmPr1mBdQm-xkBXoomte8&n>Vm
zPxp;ck-Mm>$oa_rM^V~_iNwMRiKd2ZK2?D+DjT9WrazJReyCt~yCxPw`W3zmlCO{b
z3O?q=i(=|;SEJkA4l`b{*OV!9phhGaT^h+K=Li=s@RP<SN!KH`if}Q)PXcOO$}^2d
z%KOKXwo-f4L?JCYK3x&yfGO2LDo|Pw&K$;*PzE^CHgYsVMIP&@r?P&Si+cyLH||F%
zWXt^AL8xJ)jMRNebY!#j*P)^(POi}66rYFekfDepx5H3%6caSf*kolN4O3nGuV4xw
zs%wb<x+$r?i>=>Bm*N72ZSERCAI)QmxkskbHz?-8uK6P07kXLep*<~M-&BC&q&aN!
zBGgxaF6e8jJq68VmN-+PG<~5nT=}IGWC{vu7wPyO_zH@vPiSX^V4n#J*f=0{K)X5?
zBdnK>ybMz~U=bHvLyK)8aR|z}r(C)zzg(Q3pO<$Be?~e(CPA+Z`~yC0?On!HQ=YT6
zau~|4R&;E`0_eif;+d~q#1~|kyk-1ZprgoYC=`kmy^L%WH!-lh{0Ns9`4vYNekr!$
ziHp=&UUElN=Iq9wDhfrZT#5sE05(HBlO`{HfL}-qo+Ng3wz;MPz8hTyfy{6&HnH_3
z*!gKlb^RCh@&ODbTVDWyuc2i<3~A~7ncoRl>%7PxeRF|&>_dPFwjn~Tcup#n6|qr1
zQ7Wj&ZPD~bPvSfg%PPE5E{<&F*l@uH1KWT~PQzxLU3#|RZz%doB!Ao=okELEJ6~Fj
zW+Kea-SleRxpy_ShJ^tXHV19x(p`&f<)YQ~90cddgvR9JXAdSe-DOW{Z0vJm#DE%s
zV>$?{jvbea#zwLn<33mDtcx{!GM$aFhF?t^o{C{!<ycH<3@68YXzc7ZoR0ErRBcJC
zJFn*QlK*)GMQo?{Mg@DaiMrZ#^^qMduuurOo(<HWR^S5hQCIM04A84S9ASR}4$dY$
z`X)aAkMpl3+(WsYUMRUjdh{g-bN-bpbIjrIksjTvK3xG%lRacJs>3v6F0v_`B0fF3
zdt3tFXo5*JfzpiSkwv57nU7E->qlGEj7uP6p7bc1hRnN2^;IT80_jmySEXRh866&?
z)L~G!_H?=q3&Z^6^E#@78hZPE93FAG48Ft_j$PO)p7oFmurVmNl6UH`&VVIU?YXzE
zCQMNMccK&r)h9sp@DZND1dfLy+$5>cG#dP43>G?Uck*36@<V)}TdCH6CF)S~DaX`a
z146;*!H2zLA9jy@Xc>Kg)|7etbw5&D6E7LHaN$Q09XA1nX7stu=H`2)NAV5KSQv!S
zR%nh<xf*XVv;+s&|BaUT??q+t28Fv7Qf2xiAdk5@C1N%?hQ1VsOSu_7vVv+}=}K{5
zqN>-hFKxleEp?PpFfVIG1+F7I-hz?8z6aS%bwe!J07O$YY=|kO7=t&g*LKCvtJGa_
z_gktq{jnBpN{0&8OH|F9Drk*SlBE->6_UP>Cik$&jtZ4*C{%j>2`W?yE!NXnyqT3;
zM0MT9?lG;BdC||b1{nr76UoI;a1sxBI9?MFPik^80YjrJ+~_~s?mDL{l_z9&HTuKt
zuCuy)C<#SR$tZmSj<E=t%@BrpNGd&rO@mdzmhBpfNvkqj<Yab_D{{5Vda0NxdOm<#
zqUb^#^%5WKl4MRZ^zmU}QA+uV<oNFB36Rtw9h2`+_+*rKDSTK1?pHClCr2F?aq%8<
za5uV*J^Zf``=PSp2=xY(T+xW1>zg;A%J&qJKZ$Tg>fu-l*|1xMlqw!=L%a0hK=<Y7
ziv^GZ2Fl!6LY0HAd_z5E==|T&7x`<5SuH?*b$kI?Y5~FlMcOCd>mk*D!4-BCqcH`#
zV-%+G1&Z`<Lk*AOK6yI%b*wb<yH~M%!F`hMZqboM{lmLXO2vJ&CVH0k#$RGY6NAW4
zd>Flz1kw1mbs$c*gwTVzuAF_y0)NYG@Z(E^pR)PoY)u^e-3>uCB@k4z27(?c&x4=u
zd*G+?KKQBL01@{?Sj|HaR<jwxYHBuwnsIpy(M56@zf*!b;T`|s*Zk?BbcGM&Nuu8>
zwIQ?bVloe891uQX@v;plsdE|UgfCdUNIeP1_&X%tCcP(oQX{&F^E5X(<FwD~i3<H7
zx8x=bUEF5LkLJ3@qZvJ7@hM|(2C!y>5`Rhx4nl%6&mrWY*Lj%F8aXbs+C+DMv?ux@
z&dnGh0CE@i!^q8W^?Oznk-K6w$kSupCiS!q7|#4og7z9|p{P`huQ-ISD9j$hBVTe5
z=Fd*Nje=0vy}pvn69K&!DF|qo=pQ0o5nKsK6z?2b&6QGMa`<rn4RKQE)dw)@tit8f
z`fVA5GtRM%K*sB880Q(5?vqsU)r+dOyVSG8rJ6Uh2!92scsVN3CVse;bo301n!#f&
zQ}ilSR=7c_nowhMp4n)U+GK;&jt6L%;Gy3|@yoeewqfmCEHy_PhBqIU_(AF(fFTI5
z4*Mw|!BbAH324)wd4jrrBVp9C%r^50<itzZ7(~~hvvWv(%Xz-$2USq*rU$*F1OF8u
z`bII}m(YVbhV;Fx9yQN}{X{h$Sh`Jg4N{bLv3Q8Tj#R~pC-pDkS{?OX4{g1g9}+G?
zX~Qs6psG^}Pq5I!aaA3sj>QJ>g5V~_jI<9?s6L(b;E_3$+Se3EB}>R^W1I6$)DtI=
zkWKmNh8FhimJ*8J-xGFz%z5h0V<&UB!xcgMufeN9$IZm6Nyq2bE;H3iNuj$YrZ-Kj
z{j{$30Pw`}wc|q{sXbtjN$qz`HFDx;OzoAmLXgq%an!MfoPfPCTL=555dp;g<6Kx*
z{CWIw*elI+2?|VIRn{gY?uP*?GN|{At2Y9q_{jNs9F!=U+Vw~&jG$}&96Pi}H|U+p
z0744y%HtAA!k=RYsh<HywoA`V-DMNYfShiin){5<cTr3d3$QSu?`xscQ2xAC56=hz
z;*aoi$@U*=%HEunJn_S*qIV(;1Tv*wwM~UBS)LCg47ITteTjxAQou-yLQC~xlC<2O
z5nkpzFD^G#r<R~+KT@|#!-<T@ZlN;`>O(luhb6ZaXVMJB9h)k(s*1mek772OsF#SC
z`mZUCOU8LvME-bobbN5Lq1Glh)5yqEGnK-Ukc*+!O^Q|L2u8Sgt(Rmbx*My<U6gGd
zWgZd3J*yY3zLpEQ$t&}97kM)&g!kNm4@gs6$`chu-rxf^mx6{fMKJiYRZ9JSAs6!+
z_!H_77s6ZkZjqMf^99T(8AkYW2HjLI(9;=7F_{x-;m`>?eWBvP6&_4jq)eGlOXYr2
zPS?^1qHld6ARpCX#v&;{{8{wi2nCKOoM*Vn4!?~{%AN^JGsS5&mWy^6NwB)mO?{9I
z{+N29b*xI}XQ@eGLupPb7n$*=MtSl9bWqDSTRfyyr_n7zWXKy|q&}AP)w3OLTUA=-
z5j?5?#l96VbBla|cpzJ%t{WjWw8L$4(kvU(vdi?`45&t`eUa)Bu0sx8l>-cv;$G=_
z5r;1NmmJ#|9Ni14K@F{`1)WDi(E<JV+Smq6B)?8iplmVqsgKkRd%Q2+FCSHaEysQx
zlthhc%b$%C_Y!Zr+A-Zb>M`9IC{B(+J0s`$%`?bTFK9;zs`k!5UeV4A<eSjO%Xx-3
zHBOU{OX#f2aC^Z*_$YVtXPoDGTjMlRhIy|l6&dNY+@jhhAqsCQvR}Ru7=7RQ2Kp!q
zQCoo=I>RF-=KxX%Ik}v^&_{moH)vRhv*^)5I{#(BR0tH&acanR9=4EN1a0LGss$9w
zc|MW{86@JWU6fnO-5AgplcmQs#f~`c4qvf{*cHuZO4MJ_w3k)-sKaFZCk(7N6<Qd1
zih~s?6>r5^9p)u5cCi#qpxcxzteNmM5#HkD>&NvB#)B8Wq>J&1and)ixp(O4VQ@TR
z54aeUI2k5l?V_uA8>Wi9dKLR*O98GLIZ9l^5ssm~C>C3rX0pv~o&w^Uryf*HR^rf7
z12_=3waKEmtd07D`V$l>#Kzr>a3=iowdd0~bM5(f{x?vPsr`0^g67sPg0VP&urHRJ
zG|rS0&sz%QGt1@AXhb(XcV@7GF13L+MW1<Mab}lnD9Eo}w3<7Mt-S_aFU-PfI7A|;
z&Ay5^NrQ4?W(#~ySA@Daiu4QsMKoy{t=zEsc6gyK{xrUerM`tLrfp=P33ukibA=5j
zxZH*#=m3Gcn%p;6J2h&u!0V|mr^JoEshmi1wIoJ}fT&_?!2o(4gSz6{4La;G%wQWx
zqDnMO11t)h5h!m(ABC|QKk&%cilUnM_pOE?Z)0k|KVLKO-+_3-&NeZN!{HT|ZAY@k
zDDn{?`H@}mdPBh>lBBw4fx(mub>6n=4#_<P%iN~hrEu#PhLDMMwr;!yxaJR$DsY}D
z<*w7R8!wjluz+_jL<?BD6S0OxiaQM4j!{LX?P@D3+Clti*pG?{OVJeT1Z=Tw0fV2P
zhl&NTB3e7ln1n8uSB);r@zP&+Vz_LkCEy821Dch=9Anj-6fgwwE6W`-rFJgK_}6lW
zoj<EyzL9cq?S}c0(eCXD=Xrcyuec<A0c0gknY+1|3b$ZhiKwx8wbxsW7NO~oN;w8w
zMG{?_N`8Qx#_DvN1b?t8EP)pQLT{Dxubj!*#@9k?_0;g|3|qeex-fetHvv!O&*RT<
zMthz_VE%rf&2}IYlqoroVE~CU=n=9~qElH5MokI-y)k72y6Xw+!gLCFOWs-jdEOh&
zjyHe;Rk*~4HZFdodnc;T$@lrF>eiI`6wNx43H0TZ1xQH_s^;Q&&8E+|VL)9JICm)1
zHJFJeYjJPi4JFG74bY)dduyL9VNj$HjUyk5Sy(|CLYoV-2a!T=JA^7GE7R%8I;^(#
z;uW5vqKdoTjA2NsoArLg4OlDA)=(wqORFf-VdgYxgH^bAk#j;B3xsnQp&!4gydkup
zGPL?to0K3fwF*B1GVc%-#Y&4Aax-i;uTi~fcvu1t@=I$Urz(8Hemey}MqR&r6B=~v
zrR!8Cs(VUHnaobIstQTc3OfRZZLk5$P8O+)r=O;Q*ANZpi~(KU+yw#GDL+V2eqdLA
zFo#Uh67DnU;7fU>FL9m7Jc588O3%IUq1vP`rPEStKu;dO4wqGk?Sgnk`5ZnUbP~F4
zsW=1uQbgu0M0MwTk&|1W&a5b+YQDQKY85a#4cr|D#N4-0Y1ff@%8%-x!0kjtf0)A6
zp|hrn<Y_p;89ntAah{I<QtT(yI-QwDt<!;G_`*YK-h!RllpeODJvtVreCQzoHL#xs
z4r+nL5V&*5pRXR8o7Zb5h1%xw<{vfd$FPB)ThVE!Rd`6+TXgd5jQG(4zv886IP(_T
zJ%%B42mSyH;cVx==g6Yz)_KUvx2VYjv~hOGeX1w`n|&Y9X&!~9AX#rk?Zqv_E~4i%
z>1qA02gmuxyDr+KA=AeAIybO!X*zi!y)o(Jn|9!fL9KH<<nuSR+F<$P>^p|k2o{(w
z4>_R5K}?K=Lgp<C`-=Rx8cCNh<O?+I%`r4Z!On3s#ZUhjr73b_G=&{#itg;`oay$v
zdH7u1S4~Nc6M()rI7(mGsq#~lzSynO7j*ncJcD5W$tAoE3bP^X|0EjiZ-X^6P6}FS
zGv0Z2Tr(!bn(+bTg*MET4@ku}=TUmwBLtHbshww=CNwg6w?ji_LPO+fu}9`^&aAkT
z`L8guq0tU)lrRsvR<i~?jjJuns(~#qGa6?S*O-Psf|C$=r}wI63TF+~z%dy4<Q?cY
zpsbBv#6<OhBt1Kxvs(3hRMC*CuJ1xY)C12WEeYfXP*fkIgRBl<$v)T-m5r-Xp;@tv
zvRBAOcpf949WasYFRIcZFG=`sYFFRq?BEilO%dU%cs#!`N_<R+h|7~B*vH$vF<8Ah
z)RI?fC)YvwZJ8)T#B($gS&u*(uyK)v6;w9#uW^Nk%_ouk_i+eF{>>f~?7y&q!YMF;
zspQLz5TGV8u=NNs{Qo-)aj;ua;FfY<h(sK~1JWrvU0xK3cs%@Yz(|fhpeTn_kbN|v
zWa_g2_BWjlMd}LzV~!W2TuzA;wDA+2=PMIc4#t2yj$EU0JOYFAe?_UOoI#Y|(D55}
zQ+dZ9qT?616+1ElpZqY&4zUfi4<uJ|d9I?XyalEK3soePczxsrs(NW9Fa0LUpOD|d
zEwVDB%mSUwkn0ARIdez@)_hg0=I-CeH1p~-wq^j$V;e1Mt1YU3M~G+Z=PN4NgJ}@C
zHRQGyc}slAZYCFbMZc9YJx@~4ja)KJUAE!BC?~}@4{~pbdik{|ne#)oVJRBS0{wtq
zEu81sN52bKe5GEhDrg-*uLGkdD={mPCc1qjtM(K=+>H}j_&G2Sac8z>9vL|;_2MQ6
z*FmXmWG#euO6_<x_Q-{Bk5mnsVL+Omfu0jRU-tASbn!zYXQV+$l?*9>FdF&X*t0Ro
z3F$U78(Al$t&Cru0TDA+rYC2ffI9~6tRo+d^a>y8qyy4X={VL?w$G-6+1!b<`RU(L
zNqoZzie5mn*P^EQA>6hos<qWi2Jgq9J*eKIPGq*>=Xw?Ry<fQ4$Nsnp!LdxFbysw1
z&woBTwb^=9fOlpg+U@3LDBz6$Q<Oh4BQkH6k9_!&3a|kS!L`!j$WmwfMwHcg(dAta
z3`H;L+eLkOKyE!<R_u;oKfe@+BTMFRfyi5hc2@X&5N>=WV*xwWGSe<CGgwEZWqo8f
zm2o6Tmzx_Xr_!h6Z-V#M7mOC_9R)G%rRX#ABotiw8F=ZT-&3HPV1I+cHXs6<BX<r$
z$;|bUhyOy+FxUok3_*5pR}@^#)<-3H9#Xy?U)&<E!MupsKps~UaTS_zzz=9kE^k1C
z!uuR%TG0X@v8fetv*2q~zUw18d?t&xkK!hib2|~NWIhB9R3TTR@KecE+egKT9&-F?
z=wnN%)FB^1VvBAUmDdIOGLNhpISoV0wkd@SJ{{W~sPJ{+PTGMeYGeNlW4nmztv*W+
zlFQn>)SjRuQxOg-@U2qG%TJHj;yV9qY>&8oxWFoKxBAHRhoB0nmn=v_rMx9SKpcg}
z`=|(_p(SXBqU4EEK?;1=2_E8GhaFg*B34@|peP<~5ggR*STg#JXu*vdYL9MHH#|Ll
zo7ytk1S>QlkF#P~u71+>ETTD(UH7YF+DC4<1O|pGaeM&9`^X3P#}-)=9(<rg-P$@3
zSI&OjA~Tv1%M;q!Lm{3$6yn)KAs$B*;yFVho--8UIYZ%w=m|sj*y9Bo7VBchpCZ6V
z%%P%t;nNzic*uExo0M^&$U{+B5W3vONX0|Izq*VrTgE=o6^7mjhJlGZ^G6i^-!SsA
z&;bPxVlYZ_FnAELSc`4O&W!FA0icbmM~@?7&7s^ck3fC?Hd9`si$R%OyDNTSyKBPg
zc2@$7QcgYRG6P%4AIog<tLJFcKN7>;iZbfm8l?73<WJl1ldw1-p4b-C$EE`BkAAC-
zuYs@d@fp|{W%RdQLg_1R9?HfJ*32TSwvE^0em0ixFVsSpX`F?oTewk7!WKu`T^FFW
z7jJ0vD{@@BD*`tce5$PvlG#)n5xw9dwZ0B&N_M)Ks#RogYg9B01>WOy+0b6r7SIEU
zO7iZHN{x6s>DU@Opg2r#slwkJt!!JY?07T{LC|wHIt^dlijZL~l&OQ!%*=t&9LBvc
zj(lgQcIv8<!vP)neavn4rDkUnev2oyaisX!*w9Q?wc}5bc`!hvVg@Gohy0BsW$So~
zulzTct5#B%pabvfRRbC4-yz#Sel<SZjsG&+FI4ZkjtvZ-j%t_Q6=ZJ;MF_;iY&}nL
zdWWbK^8wU2dj}QG%Gu@#?4B;R`Sk6>ODw4-v6$gXYZvNxQ|7R|Ub8KTP}_n#R+Lby
zf>Rz+!cxsN9Cj#{bw%Xq=q0z|U3we{&+y~EP~O_dlp9+W7sKuugr><U?4F*G)i9i&
zYU2_iiHHg%?4HxIk=^qRJSWhW^ei4;Vn{V{#kEdsMweVMt{I^_m7-Wf-b=c)Ayd)0
z#?s3g!S3mV7A*c(P3XcV94L3b$ImTq80K=|yA6DT+sV3LMi;WnyIfA6(IWI2meLrz
z*0(ZyiB2Vz;EypkIHu~5YlDT_Qe>Wh@d8{fIky1~DhAP<VwQHE)iDFft#D~6TmPso
z_66l&)V5;(FUHTwq+e?kTzE_y<mDwz6WQi{Y;#yOsJJq}Y2w18+!VI?9Q02@hr?y%
zr-bqq6ksMg{1MrRAx6<1$zOPsZ-dg-jMX5$#Dd}`&4MB@w_*-Xq(5(0jcz+d|NB6E
zAn1g@SM>M6L^1tVH3TJtad`OEN1=wEL3cwiO*PK;?x!_9^phSkV|>(tXjCuI+~cFB
zsZqo+1q(hTroIR?lyF!Pb59|1VQwG%R#Z(xg^cOw^#DkY{Xhm+WzXcc?0Bh+QmI#Z
ze57(p)F}+A97kh-#`ly#(|zRk?TV7;AzSw0?z>ZsX6tbn`Fun~HN!mM<1w6YMD^AU
z@hG8G+xdg1XgdecsZO-?L=XAKPZg#xph8!MBuE<7Xi)X@GQ0ADcZA>_824aH4y;Ax
zj?@Bp;F6>%D>3j$j&YwF{1gUH-?2+Ae4^++nPFZT&DSei)DMEJjW=)`!Vb(YsW6qH
zrWSul6&RxQk7FJFZhiv9OS;BYx5;tpoqbHc4W@unu}aHH^Vl#?0;bF}VJ1eqwRgDQ
zr}C>{Klz%vij;yU$#LzjmwZ6)qRZ=lQLE7R*@n+hx6SAa<VnFk<yI=}Re?aXkDk6w
zr7PNvwTtHQOoyuzD=F}ir@jZ>`9O;;2?s-elO-pEV{+zKP04Z8Oe~PU&O9OU`(Zf#
z8cD;p+C>ZbY{;|@GeIZmUH!5dQpOcP#`(d2V!R#VT^N69q{H8dTGsvS+ZNGv68igU
z+F)g~i8x}-O;(%BZ&j5*%u*qA32@ZpGZS^Uybs<(6K~_rBLuB_lrRQuz_xU-4QJt{
z#+o&Xt|1_dJ7SiNvqC=}Z`sHtq72g@z0|TIUneJM509-tV%-}0F||Srtx+@+#lYG%
z1%Wu!yJ_1t0(({%l?A$`k3xl`wusWP2aceHqOslB7OFSQhK|F^fe(GKB`#y1(PeiQ
z+iNT#&T>{Z7zc%5vRMTwr@kD<Ha7LL#wMU$Ni7;R$?^2|3AAq-tX?8~6(`?zi9P3N
zK{GBZC|+9d7y8C=aD#7a<WnB($}zgr=x_Q1T?iRqbk7ljjGj*xv-)vqNF=cZLVgfw
z1~F@ph7X~})w>1_+BS*_{L(L@296K3U~zggrh9l&9lh#SUt?AhF~2-*FFrVEaFz8s
zdR5G{Xu2lFfSpHiok@maoH6ARwJrxAp<>RPaSty^1_E!fa|*VXw>qa_QL2wFM;0y-
zZ2ew(8j!UWANH7kPcMnTg^LFspVO|-;+3BQciZ94he6L^&<d|?jo$lwD|~Q|>xq~6
zVdH{_6>4#J;p)0S9jaNP73k5f%W1(^z}?bl!FOPgvN_o+Cq<upK6u8$aSa1ritdW(
z@(uL8y(_%lfT1*CT1CEyXarEej0N~Gc)}{u9l`WVr9}LKJFrikol;3kaH_MX>MCb<
z%}i%c^-O1XaJtln`>(URYS`IR^Nq8+nsN375gd+4g$&GfW1$Iu<J52I?BNqLyPRem
z5$vy9<pg}d@5XL#m0IQ90j6Rp?r`tIu8W88yAcoj`hbPZ-G<9IAJKvm$Y2;2GBZAm
z1Ij)A3nUmVBz-HDqgg8|u(;}9p!zfUVrx`|H^`9BE{xOki&C6hwE{l-6=jIWXluM4
z8c!;kelb>CBT^LA))<@T(M$4lKRGs!ZpF9dS#e38?c?%<WA*ICD%<vAA#HoZ^u7`A
zNB#fe=>xE{37zN(n2*OwMn2hR(|Jce(Zn`u)02(r-6zJQ_d?Woo7n^RYc{hemD;pY
za+9d#Q8KDD1`J+u3Xkm|e7{vrl<HKoBhxA%+i-)E>blhc`@jp7#2aT@JMf$edL!&r
z%e?7ZwI%QD(~b(F+L94qa)9a4mC94dHIGFlai}<n{7_7B(iAEV2aGF<RFhq_`Pe`k
zP0krLlU-FBhP15(ZFl7awBF5ZX<8RfXuVW{QpiPn9UZmxG=-M_MmRfd^F*PgFRB@^
z|Kg|tZ}J#31RtKW>@7nu&eMFh*NeI-6)n?{2tkTPnPOL2Oh(MbRPvP3qsa*!W(+dW
zy*j!2D#;CNqHS5Won!KVG#wVY6xbayT9-Oq$w58rS;;#vJu(XQFF@f)7VXrmx*86m
zNtr)Q^oMyyvH-;(y3(YqD(c_P;ZH}kwq*7fEy!A#(7igECZ#DKA}7e!{{*eN7ppRq
z5h#D-t)V5iF}diwee+~88=-0U!^WJ_p*wU4?PfgWH4i<w;o>`VD8dz57}!#gcO7#0
zhuHdD<c}17NL8ss#xqSt7ycASM3$W%sj3N7OiQWLc~EqR*?QDLDIalJbtdjQhd+g_
zr;6w96!!5yP@m8#3U42qaR6o0&V$u1O#+0icZ8P2YptJ3?gt7+8UjK!&|$&W3+;?N
z-9y56U-|;lAVSPT!hD4f`^MA}{e)LRd%RxW<n_uHwIP_$i|<CIw6OpC$jkve^5KWb
zlmRN;Eu}|m4nG53Bl-u`kCQCA82DJDUkVwOL&y_`QFe2R?p0UfCw8T=^(QD`3<`yz
zFY&VxLfJ<<9!L#w?@L)Jv_GM<J<)E#s4x^WJg^5b%yNZr-{x$1$!M<>p=0!j^E~&r
zjyT#Y9kf?IU4B`wgrQdyNVpqb)>}dv_iFG{;S&0BhsM{4T<>h?oRBLF{ewaTc(+sJ
zR*G&c@`KRok-yIvz8bQVGhd);@$_g{jw;_OQ&Q;h2@EAJ9{Y0Y3RKQ^4Z;|-I$U;S
zCX6(wJ+!V59R;G=6nVJ}wWgx_KMd9XL4i3x2W}NUowj9MU1T2J1=B8328yn)2o|al
zE$|Or&n(k58782!xqW)}1yj0wT7qw=G+7|bDzxj_ou>3nr$Yr;W=!pDjBPVoHLv{f
zIIH8|{3L31Y(W(4s8REkdvNqnqvj6opv1s1adwFALHOV?)8+|3j+!>NqG|Jlnw_d?
z^X8|$B^9-qpXfbB1kb#sPNB8nTaYu**4oWP@iTxC`8lj{8ND!QF9pyD<-aa{v~7il
zG@XSM9W#ywbZ^ua>2+QR+KeE@!9inqV(}1?sx|H^Q-iXp5Q?emz*Y#wL(qh}PpEyp
zi+R|*Oz4W_^NB!)mX4eSG89%lhFalodyTdZ!}5*iF`s-hO7yhM(VP?h*PL-tkayTj
zkgXaL3zAF7%g6^QVnNEbirPP2RG{7O0DYk~I-+|W31;5>It4>1NC9rqal0v)DD~z$
zQktsH(U)B&F1KZvngTjhsdQPrcsetmtipohgceijwvn@$C%hHNF+r^*qR&p8TCL2s
ziow$g*18O8_0nq5x_PLCpw~yS07<BfuvnHRF4Bxhar~9|U^`LIWP-_ssAn+JJMxjx
zt3#LqQPrMEiN@JS<5D2bp3uVEQL_T`$IfwVa6KyLOT9E^WqLA(^~gQP>AB4behANb
zfM`ge=Qj4(xlQtBW@8)**DLkQGml8^ck^-DVa>f|Yk;ay=Zm+5HrEzyl6AC6Hc>q!
zf@TFLW5uIUc8J1Lrx}O>f!S$mmq6~*(!R_icR##b_R<C?YYHRQOB&n>4YvQ3k~(T@
zZP3~zXsxx9$$+<?0lfiND_m`NKOAlN8jTt%DjMC*cf5&&x(`q3OQf^>LX?AM4j1_7
zhK{Id(Y-ti6Uqz5?BxN&s+}~@Obel#G+GJbCf%XaHfch)db_$w$I+$VKDtS#;Sz46
zo3wRwleR}UX(X_!bLx~qMXA}mVC)86A9wi%ZC`fTO5WRWf_orjy3GUgg0xWWMQe$s
z`Hfq&ojUxOh}(#luEI8TQ}dE#pQ?MA%mdBtPf;5Wn^+3G%;=lI;!5J;)lH1TM;AI_
zt)7WnmkqWqE4~bw7mqsuZeC}&lOitnW7d6Gou?$D)aHy7Mr)v%cTsDg(7IExMgGvL
z%NBXF9~b#_y2xL)!cV87=afrUc+E(Ptw%^ArP4%p-w9<@GUP>iwUX!P)ke0{YchF~
zUhU*Dyxu|@=wliQ(rY^5>2(hI9=*;b>*#ep@zd)9QcSNY#7(c+#6_<;B==5iU7k{z
zM{cG;OUU)~x|Cc+uXmB@^y(p#=yfHTK(DKafnHaWb9dnNKJpE{t|ed6YX$j~Ue}Y4
z=yd}*La!V-K(AZKK6<Spuiv3Iftrnw7csOMRS3ucc0h^04tk3^1>~3X7LWdkL~oJk
zBDM4uPtyrcZ?{rx8hVTB17r=oMa=`UlHMXeK$g+lUDW=M);+f@X0(<iS)68SatK>|
z+8xvhh{<U_q=h8WkV?jx)$LX7#Ue1wOGoopBc_A-eJ%ON%V+^Mr@2=Pc~=cdcA8IW
zA#bQ5cBi>d3wd4*NpYI{wUA$_A!)$YY9S3Yq%z%^bxLc<Cbc1C|5Io=BIU1#_do@6
zn>2;mtQBqG&E)zn^a@~V`~O5=02=_|LaUyV8Szmv<149Er7}kSBcmf$JQE$+M<MER
zB*Q{Ie*<K?X5n}A{Ok$+Txu(^EzCFY(;#r-!tWS)o6u?!_L(O1^G75lv!(5c87)11
zLW{m_WFOUnvo{%_El|uC&;ZDEa%3O!E8KJC5=3D6??Grgmj72M|1F`_AU6V6-iTZ|
zX;8f`l(TbMJ6!!#HS=l>xSqOF;3njz;ssF;H1`O?y8cnH`hN0dLsYJ3&usC+5)A|p
zE=k*0Nu61!vE}*o_IomVxLHNN&TL_y#aKTPixEPFs_{WkG2{u~JK{o9VH1}`%IJw6
zhv$Om7y)=c@-zhP46F7+D#kr^<VD_pfwHEkmL%pgT%xed%5>!0F;1Qc52jFlGDJWS
zc8ZkG2;VX3M1326)PNEGuRsWaipW(cj(!Yr3DE?gEox=pld_gTAcrP$XiE9v4x1V=
z8d5fXshhrv>a$xV_fS)Da{WquDnFA#V@w*S;eNHtrulq;p3S>d)!n3?JOp&)w~DGW
zuZ~5pucVl&8?OCF9<@(;bE1wqy2A6+%k(2}rmCAuBbl8f+e`H$ZIWls3dxhcf+SPD
zO6D^4NEFG!24Cz6T&!6Ck4tquJt1JdRZrmPp&NBQQOi@|77A7Aa~00w<kII>&I>K5
zl&r6cccoiV&9mxNla9Ya)$?5PDnpj(w3{_J+V)_xHJ9R=qGx8yT8Tc_J#4}@0LNcs
zl~!0CMGSAIuh!-*dc(dF#lG4NN>|WB<6@KeptZQjv#QizdM|pg>K^Nz{LrDI5KO*|
zPT>>Q*gB&tp|y12`tK@AEHo|}n*3eV9e@=J&3puI<}QYtj+@VoF6!uDgu1aQ6)osH
zp}<tu23^Rg;96|6CA9RN0u)Xdg_bn7c|z#ncWxIHd~8jF?`?9nav!b9XpN2=uZA@C
zNio$3^)vhp<j4=lpLnG_av7SKdLk;K`T;${<};|V(AZq6jrHZZ<YLY2BoR-iNglPR
zkQexX9%q|%XiwuI2VgWPK-dqm&2ehTUMjP(6#`XYat?AwG6tpgvay(BYgAD$x;)8j
zfhF;qKf!`Da$NXY-{i7hfTs?9b{zUllMPZwWDN>*&{hFm?V?!%(j#SU4a43Neug7!
zJ*u-85x<!N;4D>>!1l2S)tP`wy2VR$sQ(Ad?`#kGC#(X_j?&62Bui~hb}phTd&mTH
z%-5aJZbFAR{0H=`vQ4stmSpSYA@ww3l(-C7Pz$xfWTVD^Xb!AQNmqTJnNhD}0##DI
zY9-c7Nu5vbj*&VGMvFnzA-7$00iTxaMeskJkHP^`9@AwN-G{^=LXETaYp6~y0$haL
zq=>qAl2Vb_<jRB~(etZNT1H_y;Vtf@K`x0u2{TSRYeJ%|mkj?A)o)4*oFmou)?K93
zr#H0Z7LEG6kyucBe?PFP*&6jZuLQpQNyv&sC8Hdr9!+504fIfXU-cr|o#RADh*%r!
zcLe*n-jL}Q6dUxDnY%QtcD{dHanRTr$$!ZCF_(%JrQiv0KZP5mQW%K7PxSZ6_d0^_
zOQ{&bCnK*NOGVqm<@f@6vf%f$DX0R*Wk3?oXd-6^>Y4SCr}L>|O`n_~1WziQS#o!a
zdTd_SF)EYj3$1I35vMmUA0<wy5{V6=T0fwID{7T>&k99RC!u@u`04bk>VGi_x6wmC
zR3kY^A&wlp4G7JoOR}%JJiF8`-=|H*R9FS*Y@9%+nH7^Qi6XN&$Ii_8x=Ux~Or1J2
z6}OFJwCVXSPEYwYsz@AzVf1M-<;o%|Q>Iu$&cA<)P+9LKziRn*p|V~TDj$jpmH+T9
zLgnB7J3{5*uKz`-+{6D{LS<i6p#1#*(6bekUq1Bj36x{qf(tPH^7nc0jcsUD#!nt^
zf;aGnis1{R;#PkAXRWLH7o(z)X0dYb`sko=zE?S&oa4r4UZQ4}Z<Aa@j#Uh@L?}X}
zS`is^`LfBkz$;@I{4o`Jn}&Ni2urkyLJ&CHc-tj|iWOQeek&T}s4bpeiP_>66?v(5
zn_OIT(Q+ux+0Ly~Cni0WQt%|}sIwi2G;Sq=AN=N7n3U}lftXtiaeUYlP?TFS6^xEs
zLavC<LlP~jsbX-VgO6}l#11~4tDYbU9VV=V-=PgpTw8}RK{qCl2S@j7+)sR7_$moq
zoEs&1LF=CUSMO;~LpuDL3H?oR+_ga6UJWESY%dGH*l1b!*=B>`^MxI7*9Ld(3;Xy4
z#1QYv>{{5z#iMr*Wusx_xYT-Y*&1yK%pJRSC!-;{;>hg;VpIA^I!*nF^z+#P{a%zY
zz~u12qBez57cy&y852^%dHlgaXY}A8Xsgag<+?WNcYw)r9_IfE+atVmMynpSiekI-
zSoK^WrKJPklET<67Te`XKtd|P_hBR=aW9-xs)nRQtU)+yVC&D~JU-0UpQg^X^PHXh
zhmK&180>`(OOlqEM0X0b0@j9OY{OI7q+%NnQ*PA&4~03q*~h;}eKy#tO#!1kpzb*-
zQQ#%63E$v4*nA8d`w&|x<ob#`*5uLGAK|*25*9KWO$!fHzMPi_ZRd&nmLq7d&c@UT
zN0c`($)F-KVXm*$TtssBH^oCnX5j($QJ4~nn)ws?Jyq0#n}*FBh{slZDD^r&7X7eU
zDu_#R;vL-6s`J#dgfn=SupqQ#2IK75JekZysN4O}<S|l~S8i2JO2+PGeJbb<YUr}{
zyHtz!J}Qkki91+|dJyt66b-_ER9Mj;YYh+|KdQccO#QcL^-m?w{1fVrG$`CX<3#p1
zUe*LvWDf~%!Xp-1e6(Kf3JiLmHb|AUGgQXYTSC@#(}RmXvbq~tuijFslbDHAV~`nh
zY!OU}9b2SO5Q7mU4}fSWW$RxDQozZla2|ZKkP8nhPWn(RbSoz61qvL2ou0gas_2-&
z4hi~cf~g~_3k7?Ff~wrJ7osZngLr}q6C~KLzJ}U~(Ux0rj+~GNxg;<7r$bRn$kz^v
zA=DmP*BRTAw-;O{FZ$pPDld|XVL?ozQX^GlMCC=x=!t;+5}s-NTK?o6sF;Xr`O(YP
z@{ZVA{@_F7m*c-w{)@Hz$xGJq4`D68;gZZ-)XegosQS9p2AjwfT&7oO%ehGXeAwjM
zlnt;E4r1_%=!y<|_ysBi!^M0CdH?%Sg}i@bUDv2*`Kl5RUD%T~@02ZkqGV|@#pUF3
zDfKO!JxT)iO6?hD%u&`FHjMPPjeVrM0WhVCbeK1EwK?Lrc%jvlCpdKch}V}FFnP#x
z+f^*tQe4Mj5s4?sSx9BYNgv~E`znB{-%yv(W|EAhP@jCIMboBJ4`zV?pf*+|c+{3k
z$oIzg;>~<ai+Vj`5}ko+IBy`=N8ZM@io)Ixakm47vnaDGdzF3%ww-;l)oHH4-OC;3
ztx}jETG~#Gf&RP?KU}&am2wm*B;hQTE!;uA|Gj80qe&7nFAjg0ZTO{Xfl#G_?9)QH
zzl(M?KR+3wzN1Ca0^3Bp`T?+|r?}lxa3}-)07l4nFKSx6RVy4bx#gh+Z!5QuuWv!>
zGF-~ffKCz7;zYC$JVF5*O!#=JFtlK=V<taH?PhM<6bP6~Gz0Fpp4K$&xMF!ZZ7QOo
zInM_TBOiwf4bBesu}sKA4SZQ)4qQ9|la{yc>6n%ti(;GNNXWWZoG6x>BsU{Yqi>1b
zv_;}00lkm>?ipB<OY=PBFHc2Pk-61A9|>vUC8Vn565I6PM)j1;9hN#W+KsNEMtk1K
z@flqsJy&-Yp$}k{k75Ow&E%U0qvTx)If>&3-iM<e2;R$5&k+X#7gc`)Z)H&<=~6T-
z8YotgN5*i?FBH&d98vrn^3;RlM^pdCZ$shcd=fu|3aATF<W06LrTlL`+uSp}<mOZp
zH$AV(w(uyoh^p!yY5jyrIN)$w`Glo%D!Zr0QEcTB^UB#~2I9+Mns>kz<CCzOE21=e
z()da*Q764sQzuns&xL;Z&%git`_I4s{QJ+p|NQ&UzyJLEf9K!-0jA^1Zw)5^fI~~{
zT@QF1#dROaHW<YQ0d7JQw_S`K3){DMw&g!4ilei1LNbzdNM{SEi@my?yIXs2cfEgf
zC*ly<G1Q?nCB-cyAt?<`3oWH?Y8pdHN>fN2N{N%WgeGaBgruaU)J@!kw1oEeX7>I{
zI-HMuZTUX!`lq+^-kaGsZ{Ez#%&z38B2BDybrX9n*2G={z5$#7jsy1s9|HCP4xj^D
zfOcRh&;qPq*~EH*6tD|$ft!KDz}>)c;3V)Oa0Xbgs)@Z5SP%38*8{tOeZVcioxl;`
zVc-eiTfob}Yd|Y(Re&|XW*`Naz$9=OI0`%uoTk6;rZ%zjfyKZIpbOXvTnFR;7q|uZ
zC~y=w0Xzeo0bT`Kqo^a$3G@NO!1aIy+z1>7jsTwno(4`wn?y{!jWPQD{mJtH+E`f#
zKr*=iz(R8JV&Ed+4!{HGqb$mI5qvY3e6#{}08Rp*2aW-EuV|VQZ{Lk{u`f(^vDNo=
zu?vrOvA!3&%Ch6QzC-P*(H{zY#m*>sp10izq_^6>!Yw<<=0cw0+lpqIc3ShfvP@Uf
zwq^0OZ`hXNnYQm;+QPI#&i5U?Lop4{=ayk*6-XW1^*x0o9mu9xy14d`p#KcPuykHj
zbAH}rEHOOXp>*4Usawl^Weg&^Ddnddw)H2++b^d)%a?h}6~j|3*r+MG;ld7BNFr7!
z6xaxN4Lk5khI7}oT~$?ud|0!xyo0em+w(hU8+&LZMf|=*yoczO36W%dsZ=t$T3xNI
ziN%zmt6EUzICndgxaAv>Q9h<@U*@%R+ZO8SM^Y0G?@+231Ki5`Ij~H<WkB=%$e^to
z8H4LWi^?ziYMG~a95oI3#4S;;){gZ*y&bZ)WJUytk~wE-;#xJPZovHqwW5&^@=D-w
z7wwuie8uHjI>&WZ>!-D`)ykkf&UGcp-MnVu9_B>L0L2SpgbIzev~*tDGt`~BHknZR
zQiB6Za@*#C{%&PSBpU5cq<W*#o>Y&NtWjgpXkzP<O)Z_2-qcC$gG8!7HIUde?Y%mq
zQrOZN70R8PhkCB1{Hr%jqYG|JD#sPwP6v7Ll$?fu5qh0*rEfUV`|c$$dC8_6cX?+t
zzDey&QeneXz9<=GkYz13euydUv37+zPp=(VdR@!-yy!<M)>}%|3T>2@*JLeKhwSf1
zoEy|9e6mK#PbeAJK+vd4TTPzJWxYB#4{surV}y+BQ6fr8+ryPHExkwa>^xUIBk!0-
z+VCgTDU~YMXI*TaB7;szP)GXdszkZ_q3>FnSyN0+^`=vxi22!7hefpleXYQv^jm7)
zGEekDhxA2!MsF~jnshNT2G$y;j@__^bX8w-)$9#*I$6pF83Z(z<+Uu2j-y=)nxhuR
z@+6a_CSO@2Z+dChaQrmsQGzky&nXI_eCBe}!p88TzKoKrzRtyn<wYFVE>1+Wz_&4?
zXN)ZAI+`di&pnT7<Yv+v*T4&E-pF&3kGrC<ysdLHDidnKol?GI7r5)#hDG)}REt`9
z-YeKH#t{{rP}pdt>+R!yTF(esNNeSRhh|}_Bz3ZaW_S_L4&1b`x!}3!y8OE5_y}UO
zpXW?18%-NY+j+-@7vyNCiq-~o?M!BhzAw0{4|~u6hLy3WmRS)9o$2JEY?{1OMG=Qn
zWu6~oG6p$V^#lRU3B@`+!Gx@yKi-~pWgCQ-Q{|3fm*n!YPDgUpP*~TO1Xq=$M&|nP
z8U3h_9W=M<Ol@;p*O*E_ruTm&?@^q3b+Wuc1*wuupO2HAPcPFf$naxIUQ?r{QYERA
z8P+(4Nt^s_jMv7!mX2U{ljFtqnDBXS?=<b56O~tU)5U#OM1d+volGC6xKbsV(*AaO
zPeB{!k&LN%InkblDdlGZKS0zwp$c>yIfi6%gmielE~FbOV_z|naXHUnk{8O_r`mv_
zCTF_^&E@0-p{HqM4fQ;p4fVW+dU?$W_44xmS!st}bR|ts(|1bqN0J*-4>K>7JKogs
z%=63Rv1Zhjvs)Y2N>a#o*Tx`8<v0efQjAhx(F5^pP<fFHS?G_Ncu)J>NB_p8OV$ac
zj2k+)aYt9vBe)~y7Mf~;#%07}e!MLAvPJ|`8bgeK;YCT7_rw*-lW{_FqEfy$Fw%Q`
z8tv7+K4gxxFYjb4I$&l6Pc#nb+E7P4FSS57s&ukcd3BE*yU-7HqoN}c#H-{(h>9^=
zkdRl5I93F1Fhw%rm_ZiqQe8*-#mxiKN7Ly`9gW&8lNNq7<QN|6hDpJfF>h7bGp2b)
z8nPgabH|d;NkKxM!9{<Sq}(5h1uSFif@o>ASkP-^j!~qLRg1C?W&W7qOa535pH@QJ
zn8_oWH6i4VHNCu4uH#HE&$`+~sjoQM>2*prIMN2ymkyG8GC@2U>lrz|?hfN*w~Ps?
zD-+;V`6?^*vtfSS7k&}*mSQ+x38~<vJx}%>Nd*s9Vq9=E7h|s;8Q08!d%{j{yiyi4
z=tA@{zgXtGMmksGyH$L2BkF;wUzB|q^V+gZE>T&yR26ebnnmuwb+_#%iiV$b?KCF~
z^IqCUuT*u@WNLH=d(R5S+`yv#Bp0I!V+%1SO$`i<j7Sb8*+~D^E31;MXJ|0qzqOi!
z_3QfB+V+JlaZ9NhCFJ5o(>a#cist(~@A$NIHf>F(HG|Tvl<sdDW3Glpv0=eR8u(1i
zmXjveJWfk`UrUQsMs?}Su|f?Tu?+Vy3Mm;>01Iob&{PIXD$-G_?OVIBC8ESDW?=28
z436{<;07=;<Jx)L0_%4SggifHPAGcd(q@5$qQ<$@GAzS4G}E|26py7E^wE>ZB#xZQ
zSdc|pnZW$6+E!J;TFIc5oadvidpJs`>fmt}m|}+`t(hj>44xvJ#1zjkvFvM$rcL*9
zB@<Y3S3}sTRgAJQ2nY0_Q1DL(drWf>0VC>8^<G2uwkjJZ9_G<pxQn(;%o>MP`)hTb
zzshyzvhjvf(%(KFtcq==xq9~gDA^XHdr(PaU*!gRC||RY<bg$9zs`gl*Bogr>1}9G
z$AV$kwOb|M`Wf?izTP0;I?Cr@I--mlt{-5LSZ*L{Nufx3?K76Y)3z|x_M<dMGvHsU
zV!8a)SJc+qcDN<l+D2OE<3_qlH}nxNI_Niu81hVY?<AcKbvk*3o#E&39MUNY_SEao
z?3XZ;uK60&7s@8D@ANL;i*b)`M3FKac5+k%E9$&q(O#WF?M>kxSb;|lENDN&E{{6I
zu9&e7+(N6_7HzOVn{+qMsH?eIu@mE!%N6}8gF(!v4l5RtA}bARGIALkG}5l^*%@Ei
zZiw1-uUuL7!+;#@NUsIjs;aV1tatJF%cEaIA+YvXcEQ?&`-NG=-ovFWElH`?fuWiu
zEE<xMbbn40n5z=QTN49o*Qh-M17e)!wenum>&5s_bcFlc>Cr^jS5{reX(yHP_Ln<a
zw~H&p^oZP5ja&MNV_4mGK+9*ghr1RxaZh@v;AmqO3z&)XaxspyS%GQd@*Mit#8@kv
za}GPFxpi(Lk(fuvx)@6eMP+01nseu~4YAm0@?6Fgh5jBLo4+f!3kPFGr-)-dG}yUp
z{(O-6I4Q|?T^nb|0TpAWoUdx~IhoGurG4b4<~eicopbK|^IG1rVBz@}v|f18#fyIK
zt#7;J=imO0#lP^2zocBc<g%s9-nqQ(@)avrMbv0)^_sQq>(+1Bctyv%I^VtNJzeq5
z-93rkEBpGlTs1JbbtrlD@JMRg_R(vuz3!KH{L1w^cWGm3ooBK+WA`32Z`saX7i-_~
zLUH1T_wIY&jqhi0a`+q`6%(%!Uj!@hw|U$h8ru!`_E(~qzTJR~c0l848tId^6F7n=
z)3O*gDEC4(+r>EBHj)@Fwf;GilQ&Q9pM=Bb+&p>nfyqVl=E37P-E`AD#$vI_<m4fE
zuWk9p<me>)38yEM^j)#iHhE~0HumB6TrM|%{<%fRDL77zzf;#?P7qjwwv`I_DA!ZD
zpw~4<gwwZZRxckL)ZDn^4r&uy0&7cP#)Iq#cZSmbR(l*lIs5jiawt>Iw(_Z*#o31*
z)#yAp%~`9lzv^r{%d<NFfvU6lEYDJ2Wi|k&Y17>Qb_6t4&a*vgBA}^qHlO8LiGVkH
zzFz(5T!gbaRV_Q~Du?y1O`mOjEA_7Di2oXgP3}MNfrB^Q{HupPc+0Qd`s*M1joUu_
zo3|hSt>3=m&X0WbV|RW06Tfr!?|$;0BcJ-c-@o_1KlsD@|LB1~KKdu0{?lU*{@G`a
zKlJdQKl0hn{l%ky`T4(k?C~#r@x+&&`0FSC=BY2A{K{9qcIt1R{`xb2_l<9U>+k>J
z+2{W8`ES4Qo$vnBi{Ja_e|hO&U;ek#|Ni|SocWI*{^*q-|L1?b`jglG`wc%JXMO;l
z)dTYXy8dr^|G(Y@WoG&R3;*}^b>#CMavw#<u}T@lq0q$y4mLO#)%ECvm@_8_8H*2!
z`7PGzVrt7UvnXF<qG8h|<{W;Bi780nVS<9$h$sUS6R{_RX^LTr_sMRWHkC1Xaf5Jf
zj=7Auq$vx^r*f%GDvQdYGLUbA%Aov|m+~;ogaTLBL>ZVEi7U*JTrcEd%4G2{ff<yz
z!emM?Ft3snvnk}Ie56l$q(gGnJ+yUbTWYC%zxxKBJoLLs$;;x5en0!P!PvkfjG5n=
zUY9<aCVDcYrS!AQyK3a8>g3V3#`2vj8_Ta<)mZ*?q_KQB*45DdEvp;LKe@J6{%D>2
znsv4EC+p-FY^Z$C^3C;KGuo+bXk3qvZES4kaBpMzeOnvbxo2DB{4edOl|NP`zeVd}
zpU_^X9rRlHi8}cunTnr=c*Re*R_SfYb+N6v#`pPw*;syZU#<L^I{Eu<tlay9H_qH%
zEBDV_PVPV#+jn4Q`2&!B`oPTX@#?`YcJWP(+vEEmZY;n0_Qrn5e5!FgymD{j{QdVg
z&j0ZTUMC(OZ7jd+@y7RG`NhWa6JM&8AFGqU_sfmr;KyHUTz<!?ndJ|DyNi7V*jM%a
zo3gTr9l}(vr;4`%yd-#M+NyY~>AGp!F?jZy$2ZS6j~B3=o@eg##Fs-mEneu_$mU5N
zy^8K?XLG}pVd;=H$yC}emgLP9j?B(3l$?TV_`GZN8n#fTX*(9;i<#%UY0cwldU>lA
zebW=0a-$<_c9!<%_BMrkN@6>av3AyN+8*!IEZyX+wYiULj@$ygyD8kUitD;7-X6W5
zID@txn4x~0v4>do3#PY<{9=od-N_QP>sYsWh;gZTfNSG?3jgKi5$<=(4eoB=HRUZ_
z_7v-dgM^jraa@}`W#oCv9+~hkw@Zl+e;%vi(}#U#Dal62<{sA==k!%roPAZ4)@xwx
zK|1tDUz-PMCw%jSkIbWn&b#STln0xK;Z#y#>>YDp8C{k)QZrPlxCecuGs3#j0zQ`o
z9+@*r%_FiNo>M9?WtZ>5mQe0eO_PkRtxChaxMQp2<n!>sfMKE3?-6G^cRlzjQH-;D
znkxH=<a5S0kd-689yTRgN@<x0w`w1vJXIQ>k!j8K1BW&q<7_`>x+eFhG|u&NQl(w{
z^1H;%!p6XLxm9j|YtA++CrZ~7#WW`0$P7mapKT#~W)xr1-0$`9u^^k}ZW7^!LfHrA
zY?p6VL_qB?rNSNRw~JUC<}$fRq<T1dfIY!35-Hg#c%oP0mRe=2mZx^-b5d11-)TyP
zC1>cmyg#l}N?5R}S$q#jFH5-IZ>3#MZv_}@qncIqsopBjq{O?DejQrXxv`)q<sNPx
zur)n=AppBBYo2lEoo$~pVsflMUS_>!;N_?`n}bXSVZoRoVlptzq~_<sI(AiA(o^~x
z8T`3|pQJ`-KM_016o<DHcPKGP*R52igryH<WFPp5jOs8-<7{13%nk*<6Zn+to*J!D
z_CrRFOH|&qjQI3E)r+%jlz*y#{b+_9qil5g9HY2v^VI=&Cz9M1o99+q20WtbS;~_#
z(tE-l&^<L~(KJtpeo!7x;$C_5_<HlOZ*H^bO9{4E#MB5{g)v`@qT<!5>^SUsd8a(T
z&bD~fE<V<%%>&(o$SBN(W}-R`>mQcAkWzApVxO($K&OLYFmN=NmrHq9EeARm%N8s9
zXS?Pa^ztxXc`FpYp_x5qkJ)4Pm_25X*<<#YJ!X&DWA>OmW{)?|QT<&!9jzC}*<9e&
zR!Pr*z6d-AoCHn)$AP23Vc=F^5-0*Dpoeq^kOcaGPM|%ct3tXoq>F)8V17s$-R}b2
z4|oiC1ULfR1snwS0VbdWDPRED2*iM;z+#{kSO75KmGdP%4f-7LOh`|L^hw|taDPbe
z4e8y$L0})?06Aa>kP7KQNPB>dKrEzfAyt4yz=Dv@4JiXoFGL*|O8Ojd5;y@I1CECD
ze&8^08{h+GNcE8J2<bH;O#+?3Mqn{;3BZ6?7D##~q%VP<0-g-%V<CMcq{o26z^#A@
z=s*w93A6!9NG}O#Ye*M_bT07XTTn0HQQ$am1h@-01WW=ZpaXqC53mYY3bX?AfzvIp
z6F3Dt2^<HG0e1n1frG$4zyx$41q=Wiff%qDXa!z54`l(*0H=UQf#V@P3fu|Y2J8cT
zU>9%=&;_)IGzKgN7KOClzLH%FAbV+koV@^?1Wo|=14n?{fJ1--m?71HB+v)MfHvTN
z*t-(2rmk(h5|yUIYi;j+y=|Z0cL8x|tCl)7K!6~ipn_3RK@nn644@e26sMr5skJqA
zz=#L|MNidgRK%#Lu})E`MCw2lF|AU;YD=|Vape8`<WM3lx7s^>&&T@sS^MmHuf1~4
z`OmOVE8x$9egU}u4CW260ahR%*a+wW9iRqOKnNfQIshI(OF$xM0<O6@`d0?66P^>0
zD+7MfBIny=Eq}d_5I1@!tv+4cv@30rCy?;(<h!@LzAxzi`Z#{?IY)5=X(q@o<(>4a
zPQRsQf^H75?_0G1*e4g*$0OKhIG+L7H|HgSepb-W32DzerM)VYW%?zd-j+h#%fKrF
zSiGAM-%Z#K5Viw_ZG})~fDk`W&_jg!qlC7{2=VMi0#|^&jMxg8AoSHm$gdUpoGR$q
zLi!vbJx!?RQ-Hk*ktJ;B2>n?jw6{)(-y!txgpht#NPq1ahb`)C##ZmtKKGb&+(18R
zd}HZPn!mC1|D?2ZItFN74d89t7n;qXD>O5)?!N>0e9_QsZaP3Sf0ID}3A*gh0lbf|
zfqor&I`kXRLD2uh<_wzo&gDM^5L-(BAoO3MmC($$+CwwH^?W6O+@bY2Z)GoiPKRdC
z29AMd3wT7c^IGUgX!ejv2-AY>vdHOiz&^S2yf9|=-JRw_INd4yF~Sld{E1U|kyBXj
z6#mpHyx1wc#3|fN_+4v+-wF2@oWK0#U%fJE%SOeK?%Jq49Y?9gAGUU+H~uj2({rT$
z|Ly}%hbvh6;5=X4T(Sl`66Nd<X1fXTYcD!<PM$-jX4~)cykMr5*BtWiUwv+MW0RTs
z(4pmm-u{^R0|Z@w{KdJKbKjtf+{)Zxjn_XjhY$6~4!Hlhm~*ZadoJ-@=U?als<hmG
zhv?mzj*>;K0{CYM1OLUx&PqkVKXv=Jo?c`h_4_6K2KeJ&!3|w;%td^)!tsp@rrBKA
zokP|N&r?!^uvYD;pM6u6Z7Uqh<o#h$1pQ;>B?G`?2RM$$>=@5J`#MxO-YsW-1)KtI
zvhzE1+!F`~#){~dGTy@Z=Tyh>nDT+IfE#QthJ5UC#V}xulVO=1kHJT3+`+YhYTz1B
z30wy3Kq+7YtUw`P0yrQOFaS#dJ+Kha0cn61m=0)wNq`y{1B?VB0R<2u<d*|dz!UHQ
zS^+JA<^Tcr-Ow+f46p&uHm~;$Hus&_IT5ra=Jzp65avs)j!q5yjQv&^Tw5%8y@{nZ
zNs}~5lQc<_G)a>*Ns~OyBIY?GxV!d6Xr=I;R=w~`4>3;0-t%JDFxk6Y#6h!bpB89#
zpQ03+UEi;6P@a|5i%2UGHLO>}a~juQk#k49XCv|QM&cEX#48(#S2q&RUScz)iimr$
zJ|z+Z;3Q62SBOZ}qJC4Ah4eN~SI-V&+v%RF`4sXuuitk4T13uQh@PcT3IbvYJdq-(
zFMo%nUfKhmj=4cE9UXb(K8Dj+7~R+Ms}O04Df}n9-OjGqk<n-*wjPw$f^8+jTBGAe
zjjNK377NLZc2WW?(r%ZN-KgYSb!CuikzY%4lyTKskk3L|z-X@}iyazmSuCuaEApZ(
zt(+`I)L~H~4)p-8Xh$x`HZt2SC}7tj4p0JwzQ~OvXZ-@SXvc{9mFTMxuwV=|H8rHs
zXh^5iQDtQ%S*=zoEiEOE<H&3_lfhu18jN49){x0wL$>M~GMcTZk0T>zBCD+weW@f<
zX$|t#z*aS+*PBsyC0QzKNUc$$el=-PzuurjJsjHNNUt+t8})NGGFxn9DYc_rJDF^(
zu4*#dtH}y*sMm~oENHhB(5O+DR!2I$4%$F!l@aw|d?6fZ&?mKuBdvxbgOT+QVYH(|
zJ4Tb4bQrsyvtV2nGU%;jFxiN++AwCoW+RiOluXuAGBaRY7QhBu=*)KHvy&P9vjPT7
zCD|~(QrOE5n9*NrCHibbUtuFF`fEjB?SNXXLVq-{gO)Uy>kz4qR4P5fde}ivsz?K=
z)CSnhfIdOP-bSN=LOhM6!knovKDEXO8yYbe0P{CFM=Fe08Hw=%DmHFF!^RHV>I_H=
zF`*pBj`159i~#0~Gnptd(u{Iu*vm{>K&66h0F@eAYsTC_V-5`rY>td(;*4yrU`K!h
z46vt(0X|{@bUOGeY|ELTVP7+RUvIR+-hjypKL+4i2D1(6usdLa-OYdn(3?w<Rtmp_
z@4@~y*q(!r+L&L!Pfb?%6MUnxx{{2rw*~gL0hJ8Z)$kkG9==ivf3B`!b5IL^sioSQ
zT2g70^ctziRiYw=LPbiI3S$K{fKm;gQB#N<bEML+W!+#m4SWmGX_^jYzavk!TG1aC
zsZ`4TKX&#i7Z)GtbswMWd^r@qUd4-4`rDPeoXGc=$xg_8eXt?*aVeLb@Q27!_y|X)
z`pSKLTuS`p@{9~WnG3=x{(kZdZzl0_$q8Q{pDLCEJ*eV4eceSS^Ytx}czb!tOHyRW
z>@D{4^6CLmczI>``TLj1{PX?%@=JWHSf5=|{3QM-{QbN~j`WsDR<g`J6inFv9$sQJ
z6Ynh+i{t%dK2jH%{}I3V0pn66-aRB4UScuJtJn7sM6X9XD3XzpA(tFM{&GKW?@?aj
zUh@~FmCR3BJ!)isMUTa!y9_dgg;~D%!m@glzQ32Z1Ord;_4ReBl9o$Q+Doq(aAHwh
z+^imVyzboV5>^};898-o*|cfXXQat%mSr3X`8p(IMp~#&D)sgAQY=2SM6bWKHEz)`
z@jb)ch*qtpmYwf@F*<tq@Jq2*d<}_VMN!i(U78V6UMUjguUWFB*O|{pFHc`K<JwTw
z(i=;QTTSiWeeT?kdRJ6bEDVpH$8EY8JMYq^v{@lOeMF+<tqI8?QTqptRjo_hyfdrg
zO?70espnE(p8HWng;Lr3+qv_0?TI>`uzW!B<P%?MrP8Qg6G~?eJu_%<;V!e8%gb6i
z@nkBpzkIcKMc_i^_uc2tEBV6fj$S{~%R58j?^|{D%hH)=HPeEJgjtU7DIB}rXgisj
znmYID@QT2G3w!teDCWI=hQ%4_=>r~md5KpZDL);2Cirad*$ET2jsJY(n23nI!ROD-
zom<gc8Q8Dih~9x8emCpx+GV-f%hDzCf!^L3`I;f))#~w+h8)<Yj)+*7we;Au+0n2}
zU?9sM7#OqQ_|mMr#I<Xe9XcU9>L<w`GIo7L&z?OuM{M5Qb5mYo;@;EIbE1dGEF97A
zhaWzEKPEQ3WXrBy=De)L73rgUx%m1Pt2c0odB~WEBlw2GEm1RPhJQFbrr-NPKYkMQ
z@ps|#?UReTMouwr%3f#aGCB16?Aa&PW0I1RxTIZ4g<;1EdqxhO6B83Ng601tCVbxN
zj3Zxva4_nFqA7(1pLJOtdf~$C*=46DZd8vC{xW#dXWO%O4h@Qp=@%3i^hwZy@VKI%
z#Tof2<uZTyYX7J`5$U}Se;IuGLfNEK=O>=joSn3DdqLrh)3$FH1O)}f&8rz-HMqtL
zhL>lE7sr=euB!aNB{MTKVa-NW@XY9wC&#OIZ(qM}+OhM|$RD?8v|;nCqI=$-GACcW
z%+H1YK@J=kKQL2OFnHTx+r){RcdjcuQyh6QJod_!`JoAedY*|In<2@N%U9*D>xv(+
zw6CbPHa<Q+cgNVAoE4pS7bI@zy0`d3czEo*G;M%2*;qJjO3vq2S&4t)rooOM`%gdJ
zR*2Kr!NPf2S&6&$46&8XnKLvk^g4dnML9i>MegdU-nc@wDX*&|e>^%=`!~bdU0lJA
z4TA@5-1?G6b2g+>8W4a)-TuxyrX1T*P*9LJCiIuxPoK-OUds%HT~u9`rDv{5&Y%3v
z^}c<OzgpV&o0m)xV~&j-V^|jQ$R4Z8XIQV~VLmA?T5Y+n)1C=`Df^3}CQlCi)xHwj
zeSW>`s}7J>4fE+M67}s{9~r>!5*;FXbdT8wQ2|n^^s)EEtW3ba=^*h(r0EF$_r>v4
z&*SSR`RCfRz2iCp$(?y>^S{qi8*)>|6&bH&ypig7Cpf7Vn~YPs${DXz@|?AfPx3qx
zJXZ-GS;rq4x3#-kc&^HGTdkevx7r3=l5xj6F3ET$<B*I?GG55IrCH#2j5F%=dT=E0
zxJVPvFHGQ;j7u@D$@nAVn{~Xhrp9qT&+}1%SE`g6o>yr!dY%vJz@d2Fq&89{<46kd
zBZU)3V!RdHkTY@MFAkohMB5sr2|Ng#RNzRA_ZY!>j0Oj1G=bAttQMa8n!sf^##_w}
z?qU`A3*#<EtH56{PCa;|Mc|DVCmzE%uBFt$9ZNA*&R)-PtvtY4)JpV6#q&qTQyA~{
zY^mXSIO8Z9t%IXPDzpx639yxtbvi9cUt=5-TpQ460PtnTzZqxN85}%Z83OL9gw0?#
zMSBA&LJSTrsx%-!><DP}4qmDUA2l#=NLRoQBEd(&OLaOxU(ZW9&dBr9NZ4DgaBx#C
z?5$Eccsb8c8UNP^Je6Gs&^!359xwn#7KZ;sN--a7Uch0sjK>0crnQIzpXGVIo?SzL
z<^*mFm{^!`T)7!z0?%bo)bm{(IIdcQFnF$3EAU-F!#J<b!F@IGQ~sKPfn77G=f8~i
zvg-(D3-YKe=$8fkV%HL&;V10+f{t_WV1voQg*gjL1MdZNj1L1QzyMxsWB@ld104Ly
z3~&NZwgE<i4P^lMnjT=>*~GZB1svMyxOP#;p`QjG=+^8l4-XGFH-y|ggpgCJn@5}0
zkhfT%ed`u2TC{H8%uNuMKC;bQ=hJ0vquPAYPV6p|$x>wQ?Y?N=KCDIS^Ud6v#kOgk
z9u+2TEAE8EDN|A)QzpB+i`%ws+X;2HY1h`>Ju)FCp^v+-X5OmL-+VJ-(4ch9v`+2Y
zv>Ex9hg+LYDLworcS`ok_M7>R{mzIHiAhOglD94#6od201UJ#ZPP)!}1JVk|?D}BN
zmD?jmC3YM)?(GiIhvVb#*2W_JoMo8m(yn8kp22g1l*-#LB#s-`F)=azbSHP2xLxa!
zZq>tTA3l6H;_S&C+$rU#QAr)UcI()&L+6j>^7*sf#qHV*9dhc-<#z|{=2ox#AucJY
z<G60!x_0fdVNpizr+wOowQIeH3+dUjfB%s1UhD6TPI_D2ZQ_J(9lHFuv;0W@;&=Kq
zYc}FqLFk%Zz1N!G{PL=*LkIQ5?%gMJiQFGEeE9dpo`IW2-j9oW|JzgF482iws9${2
z+ugf&cYToH=iVZ!y`f#~-8}=BFW)wxFmA-1A;<d_NB<4!$pJy}pNQSXGt#m>VEhFi
zeiWeCyzeVpztF)oiCwxRj5V!`9=t3ktZ&Fgk(X37X_9P~r>9;YezauBh|#J94^hI#
z<F_spzPaPzMK-%pQRfZs^iqUoF3CF3s&*_tq3;%4DBB(!=uzhZV`IPmY2?k3v2XEy
z;Vpg7qvBHMie^Hp&u@6tdme7iR}J11xp{l})Ms?_7J0cn9p{m?4dmb59y?EIDV(d+
zou@o<U!lQy%7X_F=<eP7bpPH1x_9qB-Mf!4;vPPHNDm*>BJKh5JfsKMu6>B(e(inw
z{@OLVa<zi??JcIfl?SLG{|N1~9;GuEFY@Oe4{INg^>`T>bB>ZR^Dtfc?mF7IN7Ls`
zqUmWVH17Ru8a<k$*ufmlPTfkzJtb6Rze-ns{DE>-?;-7UGtHZ~fs#jO)5;}BXw~)t
zTCsIEEy~_US-X$Yf>rw|Ic^87-FB8Nmv2&W)en^U*+DX_*hq^$oliOIR#BF5J)J#M
zLB~&=rKNdCXzJ8_N{n4k6O%U3l*COme?cJ?p1VT3D}JV9KRuumw`*x<@oCD<*hwoE
z6p?n)7Wz>4IqlhhfHK$bqih@-R&6>&A1~cb@x#_q%CxPNb*P*&4}VWv%WqSG{Wh5|
zR8#8Ybu?VDfTpE<NST?-X$ShgJUf?iHf^P4D@~ND$)lxuEA{dDh~^rLNWZOu))n8P
zjpg@f@A;o8JN+Q#uHQ~M8@AE`YZ2YLb&E`!H_@Cqb7`h_HtjfYkoFusMv3v`X`Ffv
zEm*pVmaN)M*&7aE+*@cu;w)OrZKJ&hzoe2g=jdmYFE1~rLx&F2XP>R78PjLbmMxoU
z%^D-koH3myswdF+<Z+~#GKF$iXVX@st<76amVJBa=FOXQ=FAx?D=VWLH*V1N>(}Xg
z*?Iol@yeAe@R3@&4}Z~kzrw=;-wO1Orhb8gC^$TVTm!<%bzm?>goe|==l}|1I${7t
z^cz5(5=RjG##;4zukc_#%RWxxFZd>Vj_--;iiY1?UZhiBzsSE6@wjEB<ajnyB;1Q)
z<;KNLCbkHh>xg8O8%2{6l4&B!jb(b$1Y#fGQ~!f~mA8C_hvEs^WMyT<uTLr5y(B&^
zO;q2Pj*nU2?}<e0Sj8S9SuB=FL?X5TxQJf?98r=6tFt$Ji2T)ti@P^`h`izA<P8@u
ze{^Yck*IFra}mGtxwuu`{{Dsk61~X!BNmoP7fG5w``q)te;jadyFaqOb>PwamaYyy
z*rthB|EJ}D2LR6G??Eg!0DwbF?0pART-UYsfDl5cSYu?6OJX@MPWVln_)mG!?<9`>
zUJ@s9oLIJF%aLr!Rz-z@p$O3gh%S2Xy_cc)-n-~cQ~?4cA%q%;rtj@@X9fm@Y{f5Y
zy|@0Qt95nHJ!PN0_t|Hca}IN#cK`HxdOhkNl0OI8^m_N&^2c3|Yrh`6_27J6+2i{A
zCcK^$r+>x09!~4Mug6pJx0jy_3k#T=o8xZsqgLh1){{-I&6B;?%UfH%7S@x>f^2=3
zW;l~Sh{3@@^!N8;VqyaK?%f0VjJSUNI&R#!!KG(rX1Kbnjr3x)vOJ0vKz=1|-MWRT
zsVNQ~d$RlX?b}@2`T6-}-aL+$ughnb>^tKvyBV$w@1mk2Bqt{$Hzx<RwY8|NsX=jZ
zF)Au6aryFPT)TD+<byA_V`-Mh+P1Z|p}M*nB_$;&C@A3W{QP|GSy54erlw}}_V#l1
zrL@S7t?YQSo6#x7f4!UWjPYf1a+2fm5aCcteMd$`!OPbdzI1zdc)-og4GA%^XsD~h
z;FT-5HhF^^4>nefjg815TBD<*;pgWES65d!Iy%D6&JOnW_OP|3+r}2o&Q9?0@kT^M
z1ji%Bi?OjWjuz?oFg&hay^1T;$I#FaMn*<ByjU3<TUmM-eM}x$y*k3HuD%|ZySmUz
zaLb5SAz`7^uMG?h4Pk6-i~ypA(RQi18I?39+1c5MiHRYcd^lW9OiXb0>{;mR>qAdZ
zA3~v!yLE;7(9xl%o-UQ^!^GHxqcI^NfulPwFAt@qrQG=B=H?<PDGBlM@ra9ygGeMo
zSy>r+dU`lnl;X^INAV6uM@P}z)PzKW6%rhTjO;8F5^o9!W-N_?9q~_3SC_l(9PAMs
z9E^zYaCm!o5?^g$W@d(ShUW-p0}fX`!ckY3@YdCawvK?FIvnoWI@(;GuAUB8?=11;
z!i5XVW8~!IMC0Sky<1pV!ra^(7pyM8iSihas;g@_e3`tlF|Q&1WoBj~JtG6Lgu9cg
z3)Qzncr?if$!K_FBy6m0p{=cpFiN|*yF=f|7#3DmIB!aP*4KkJ;i1FuBb>Cf&p=Bc
zpr;U8T6)mcHil5k5JG_=bWYQF2+l%RppP@BPeCBif`J~@(WRT71_ozwp76D|w}Y#*
z3q0K2;6d{0>*a&Uun1(NrK6#t9^<4>n7p$&mYA5x)wi{Cz<En+=$+MriK!(bVv^7^
zI*yV1GpOz9Lw;!;I!7l^aj6;JKH<1v=}0(f!$4n~cr74YgwQuIhxvIwSXzd`#x5TA
z4yo{T%O@PN;Nz8x$e=7l2j?LqFcV(>kwm`@bhS=HpT>&eZewGG(6AuV7n!K3u0l)m
zCAyo?-rj-k?oRX$_F#B)h?5_Ne`{+iH;0%^o1eFUowXwj&k~=6#6ucmQ(HTv6qjRY
zdKSHt_t1Om9?F{Ap)JsX_89>T4bDOPq&5U6&%)d?7#_}fgjY2JqMP6w(|~}4CIlrl
zBOs*-;rU%itLQ~?3Eh>Kky+P^y5=zi2KwRTmn4@b9N_HeiS)EI)HSrDtiBbMjUA|O
zyNrUWcGR~Ip?~x`M#gRs?hi0W^3&elPBInE;jcw<sbh2=QSmu2Ftde@;0$!moWbEE
zrw|w}LeInuhNr1b*A<#~RycX=JPv$hk9U7<j8i({F!C;grGEwd(wh)c&;{S@E`;U{
zKvX)4v`aT3YMDf0*Cf)~rcmB_3srrSXd0VB=jC3U_?sgRzMBYlw>%_gmLsRA8|g(o
zD5@Dj`K1ZuRd=DLWdKbreWZh?K-!hlI|(Ui@DB-tp_w^%2gjyBRM-ex&jeVS`M}E3
z6{aRG5NNq0v!)xDAIzYvs|UI#L-3A<9bS;v#Jm5`4vt~<F!HQ`M@lmyi~A8&)(79h
zaRd~NBB$*hl6&tXp!qg}o2C&&&%C||DC(I&QpXrB4Gcs7gE$=jZ5~oGMo`yt11-Hb
zQPOY~<*g&A?7V`qRvN30%NV^jj)kR#Wt-;}9E*U6Bsh8o!!IlzHO)OpExH8npiDU0
zB*OZ99L>219R4&GpS~N0vj(L&aXKIG{xle`DOupVTaLigJQZ$<&9Dq@f@fMAT(i1h
z8a4`j_c3_ojv}LN4uS1=;oUKVxXu|wc0NEx?+j9^CJ<V26OBU?a1v&~$FdArMU99^
zD1^Ib7;G<kz?kNwXG|nAvx<;cScXEH6HT4%crY`|>Cd#%S_CF!AS@*hIW^75Ztg%q
z`v?-Un`l1A!^J8c?gqKIcp?WEzRJXf&$FPlHwmA<6NSBR1mKUqw1Q(u37nFfVV~3s
z_sq+%%NW85=N<@c`;po_15w8V1b06`>hLV``ezZ{Ig6~`Swv=CgLlCs8pkG3m|0Ky
zB^`!FXGwRF9P6GW-Eao_q{mDQ3}8?C)1B-@2<huwvfr04_h9PQ6h!4jZ&o34>RXWC
z(uuUXW+Ya&6J70y%&vs9UoPC7bKvEZiNL5r8k0=eT4ciLY#h!Uio~%K;c$wnhEqxl
zY_bR7Qg8(q^M~MBIffLHoAlm0h-kl!)WJEFPRyckXcnp6b4c&JkDS&Sqz}+M7#xAW
zOD2we;thQrl0_$9=o?>z?)i%_Bb#Y%YDBuph;*DGEJ(+Ak-bSz&q7N}8$xqQFJ#ms
zHn#;~+4T^WG$Aan7Rgn$2u;aBFx_4>CocM@!OBAfGrI(6ok}FTlL&3CIM{h)BRI1L
z0W?=#O9$XveigwL6NtDpg~Xm2M0MXo(!eZA#}`p_Z4No3vqaMar1i5gm_iBZlETI=
zeE3@v9Q|7uv`)Cd$S?w@4$*zw4aOFZ2n!?G4)leqy9*p_tl>a9(aqHZqNHRbR5igV
zI2*QJ*)VfUfth1E%t=qXM;F35Ae&?_6P~eYIB%Z{9pbq_I~GSjOU0jm6^=js%8Tqq
z0TK#3kyuNz(smu9=4(iAy@9muX(aW}AaVEs(uZeIIyR5;YYWI9yN^^#r;N;?fOua!
zeg`p8W%%2V?C{Z#W3lg7fjIET037>M0*<~H0ZpPOIwlu|CB>+zCEt<!zZmibf<uDI
zuN1+>F9W7V#M3Whp?4+)N4|>1fzRV{@behxoy)-S)5PbqY0y8PjDrWGvHvfb`0ziY
z@x`BF@x}Z8uqV3|R@_XoGKd_ePg<_h+?+zr@LjqeAa`N`g*WC=dwmgAbl2RNMbXU#
z<X*jlvcX#@AG(I3f@=6$CBsUP0(+ezoYySDfuD=;_g9l~;4h&#qvZ)516P<`@IrW0
zGWz<4(AC|+-Ckj3xL_-Sp=LC+KZ(PUKND_m#o&uyN8`Zn==tY3d`^5gNo9f$<DvC&
z985Hm;A)x)--~I;DQiJiYd3P+$k*<_hRlvhr1nf9d*m*PCg)IcYXOaSAEM*d5^C-&
zp=FlnAR0<X2=~DWbltpxHqwuoX%$FKC_|WkG0o!^_&L?X>PQ)m6Tgmr9){094#OvZ
zb%&XG2r_fYo(_-U_PslZZ5%^<{S|m6*TBRf4LX`JF!(9~#s}kJbRZu3`yyd_I2P6?
z6Jd5F0*>d?;pUP9XQxuK3k5iQA_2ZpZ7A&=Mt<iAiU;l>w|^SBBh$#aaUaFgWaIBH
zp@V3sr*zHqeH4t|LdnP^nun&~8yEp6H&-O4=c2T-4Hebhq(AdeM0}~PXhBM1HNw1_
z;HX~?oqhR4OB_rsBVl3fhQX0>gw^yQrtvaj>-y*(L||nrJhNM19a{pSbv({HXTTvK
z4?!ul2uLqOa8?yuV~TN%#$ey4dHC%w<8bO&CdxXlpzY=Zl80L;xH653Ycpt>UO>m4
z1;T$G^;7rJc7GmqH>XfEFowQ6vq%tCWAFRNaKYRRt}bp6rKga;*o2nWPE=JlAR~+B
zp0_9beS?sdU4XoTMmXB#L+f-T3{1Td9F>TG<Xi-06d^db3L*KI5L?@Uu<}+oMV7-i
zzXiSp9k2~AhkI%{Vk?`-7ifT6SP70EN+;hT51OCk!qy-I1;u@c%xuTS*m@+@PoR42
zE-u}=kJdZ$Xq>)>u6r}Y@9Wt2l__j|GB7-K8}9bWIDF6q#^>~5tZxi!@@GBVJ>c)}
z4^IzQn3!8Z$B_JH7YB+#N-%Y25;rNf85^5MZCxA5&<NZDyx{EbO+5C4Lr@UhqC;Wn
z7L7AULJ^T&gVgqJh)A|wk}tuH_+=ZI5B&>-w@x1Rf06<1gNX?C$VW<MH_WW7;hoxt
zthO7dxq25ZcORgM_}+VK4g=Tjz|z_W`}dI_uAhwZh9RUy*FyIM>BEZ@I~W<k=$sKu
zP0avdK%T$I_ceu)@mbP!HqboniKy5l3=Z_;!R(wgYG01Eo&3mN_}Jm1r#&3KFTyp@
zgM9N~=<Lm;I3O9`De>@5&xU(^J#52@U>i}2lln<GPBL?d=CXrH7Lr5_@QA2GP~0G5
z$oDB7okRu6f78SrwBNjq&a2lc&K!r6S2(P!qH*|89AZSBD9`J{1%qf<d-x$VDwOl}
zJw4sw<L!&U5MLM>1!4b(ku;wRF*|#IIo4lTU{B@)Es?%A!FfkhTyU|3wW}rU-0WeX
z9SFlOa$u?-1?_VI(6fxe385eM9f+j&VjMk?fqlPE#JOYfq%W#q>sAbh&>AGrT&ftF
zMDg$qRMNAN^h?9QAlmx+$md!@QcfN`0!YUl3x}x%&C#4;_&QfWTQ3wgelbWd$U!CP
z`0}z^Was6>+&BxL{UH}lWP6yuxg764T;%SDOAm2aa1h7!4nx!6D71~WaQ=b?`SgxB
z_E9{{_7~#gcS7)=Z~0;G+oAZw>!JATucGkf9}{7rT>@_hvT<G+a8Im5NLdHz{SoAK
zji9h&1P$H8=pDX_>3jE<*HrG^zlVgh0tnAV;LC$Cu(z&6QUuKzK|Q`W5DOE>Bp6%8
z<LF5roYo|r`ED*g*prTk&=T=F$s&u@SFf*K^st4SAH|zK4zPE%gQ<-n@%lK9?e~M$
z`y$w!B6<HuA`JeX0pmlNusEFrrwb{tvx%h`GY)Q%8HlMZM_g4sVk#SvR^5sUif^t@
zPGNC=f#drE;m+{q=)e+&uHHaEWIq0Jz#HdI7sB7Q7OrMZ&^c6u)BEyp=A!~={k;r-
ze@6tZBMBI$dB3towY2U!7Q5z1rY3G)LuEr9f+IyZeAo%c_Xm=Ur%@~r4n1vu*jR+)
zq^=VTE)dPZe(;HkfPZ*2qEgb4Tu_eA{yy9xSzRO_eSzT3QJ?dyUpDRwi<l+97g#{&
zl>sCamBQK~8K<>kpm~zU<6<${lw=4`#p2+nUO0U8BI;V(#Z=3zamiksJkhu;O4f{|
zQ+x9EG{$d?p}V&qp>e4c4<u5oHi*$1*HC+@4SmC-XzT4p8~L%#ZSCmk?#8`);&rUm
zYhvJJcX>UE`eO4?dd)7(Qe4#vzfg*c(@KzC-hkw+O626$5Z|v#=Ifk<|BvGT$oibj
zSYuJFs^&-z7A4K*mu4w@@v&>XYu5s?wm+<_t1Z%a%(HnxvF!D`w}@ARn7DR>%9x&9
zlFXY0nyd2?xdHcF+vk#m?~C-Dm-1~%%qJG(bL)5WbC`YbfSwDOr@VQ}WA~y=J+W?B
zT3!qNx^-G^t#WZ5_aDrXZk#7r)DPi2N4jx_=KO=%8Od6rRCbmgyFR`Owgf)7v;-f<
zSBac4o%L{0@-9>Vo7T72?Tc_*Tw;1qtXt+6*?eCV>zIe&o?@B#7JC9uRBQcxgm2Mu
zot%e{ls^u<bl$F&+i$z?@J)Lw|B8K$|6i`BJAhBGr`OZ#>EG=<{kxszb6Pu|^6}}l
z`ub;lsejhrdXjT3kAwBNc5BZ#Jn31T_0CMJSC8%AvweNG7e00KCU-_-Y<z5aZ(rJu
z#USi#11o2H|I)J`)6>(-X8_jr{dM@USc#pnn7%cQhWdK$Y(s2pEVn<On2?B$_IBK&
z*q7B|=Mfqj8o0gfsHkXezda}@2!Vlt+&(zl>+kF9<Ib2!&tI@7qk-YaV6Z$cR+Pl0
zY`>rF*;ZFqp`D%ug$3Ms3LPCCIM~^7XG5y0tC5nN0$*Q0ZeRZFSp#k_Uq`6T)zjA2
zfv&y|jEv54=M~aY)41~sg$0G&d4uqX2*NiCg@uI}9v<d+$j(kQH#c+VNupz8;Ns$r
zqS7+%Y>K711?=qXVNQKrbaaB1r6u$Y^tt}D1g9Yo2%s&{g-}3wTJ)q_M@xXyr%ys(
zPY;HM=U`%D3TtaC*xTB2=PX=ZTo6w@?ds~{c)-qNczb)p#>Ngt>}-XhAyRV+&@ncS
zlKNIO4-6wHECy!{j9{R5210ECj0|mIWfcY+hXgpeWWd!u8~y<~hz!d^V0Z@cEdcsL
z9q8-oQ-6-cgG^M{RC8l?skse3{k<5U80TW+dKznICnpGqclJ(RFf=)jQ>Qdx@9c?=
zt5dkX0Qd)n;P_z!?ElaNTDpF)^Q}NoavOqjx)G7vkHm^mBsE<_TFZ45wO>ca#2tkA
z#^KO=9taK3LRn20O6!ME)jW!l#$I&wj*$$^a&c;Ways?p0dpG%B<I(_**h6l=RI-y
zq#Z16(@@ei0jmoc_>qbse)GB|tOM&{AJd57qRVj37(saHHKg>+z`yl2!rSg5x9c|Y
zhbEB_(*W)FXzZ)UP*l?gQQjqF*L9$>xeGmmgP5Irz|Dj3<Q(|Nq#(7p8bxgb2#c?P
z{RI(hbh4oPcM){=XW+BnC*T*)S>co*4DK0Sa8BulMM5969fuHKdk0}%vxx7TLDJ<1
z5H;LJSm`9n8~PF9lS#C>(YP9O=S|Ga&%@uxAJK^kXr=iyJ3E7@+-fA1)FbCoCz5O0
zkX+sjzt}u@dS$^kI0p_k889^zL0dBlwto3=$?k$<{uQ_sjv%V>7Lt1IA!YCZN+#Ie
z@dKo_-9!HH9i-&f<J18UoIB@;vqo;vHzoPAwxqdX0yC1y0RKQ#R#YJ*vl?!p#c&AB
z!^MyScqbOZCoUWAF=;qwn+Sn05ud&vgU>$+Lx`vjv9*JUX&mRy42XK~BYtoeMPu_Q
z8J|Pi2=za754G2)VPzbH_h0kE(T_rL<h>Xi{f8IHaV&E3vyq&XK>ho3bMc}_8uU&@
z;q-wR9M~I;gCE7=_z@8_HIs1St9X3==R_R+Yb;CzafmN#MpoA_GCC%>y|~=bSrkq#
zpmuT*bvGAKHaUm<D{OuI7V^?+;cS!+hjS$mew2^>|1QGOul#A=dLuY21p_1lBUi5=
zs=OaQ33V_sPJz~eIOu#FkJBGS!r+Tom>!OYwLvo69P>#R<iItg1|>ZsC>@+e&fsn2
zUB8d&JBw()y@aOOCDcsMqWbD>q~(_)CSHV+iY8>`Hz6mt6-nWBaJDRl@QZXDI~V~c
z_h>YCbRnX$4Ka1yh_35JXjLaJCX~b4zW|OjCZX9?h%Tyyp+z>{|3e18{3Hcs&BMrQ
z8$<Txo47Rf04=xY&^9xVvi_@xuWm+j?{yqKXoPd58-qi`P*hTaT++vW!G7@e@g_ac
zh}7g3I68|ElavaN-~hOUgwlA&!7VBo=PlEa(9n*MigtKsHc);kv<!3c`G@K7xR8tJ
zxK`K(5>1_xXu35+w9lb$@-9rw{BTM;3>8&_Fw=8~rG*)c49>xnWX;sn2uDv?!Ph?$
zlQ$<M21tB1&EA`IqlXQg{p@hw!UqNi(qQisiHlKbFmlO;fqg!{_(w8?Ux^SDP!5mC
zOGv36McL>S>PBy&d2}58BV+LJkHN`PF-S=4LXc-6ES&ui86OUjC;{=J7-)VK3m>-<
zvUQ83cNe+!M`rhq=zNLedPksRd>Xn2W)OUq2(3>=`0%{|?0qW?2mUOA-WN3X*12$x
zDo1E}C-QnnP~16;uAwp9Ap6VK?0Sa!VP-?}qn(a$?^c-V6u{Ck9gZ%UxL}%&kAFit
z+OtBk_PJt{iz^CIQdxwYLMo5+h473IPV9}uxv!F-cQ6L$PKDu|i65+7Lg1H@g2;km
zWL7s}@ah;A=H|JzQR%wo-I@FFkILcB5SSYjK>t($H20@q-yfoJ{7?kO$8K=zj7wkR
zzg!s~MO94;qT+IqnOlX1mQEB`*Q2qs1+|Tr(Am|EJ7lZ5wd{v0>*H+AcZsbt(!bGb
z*AbaijF7lOq~z2fF{uPYWN+Ep?^-`dYX4>TBE&0uOJBR<C|&bj@uS4+rc(Om36GoP
zugpG}S%x7UbMd{jYK?Gt&2@2+TQ6mMU~Em9(Y3H3#!rgl*PityxZL{lf*2pJ?fk;J
z?bct@{1;wN0Cv4K(*N#x>~FqT+C7bco~|qW@A<o3@jAuZ3jaIfWZAR)vip>e+pk+M
zR%LNkXJ_Yfe8w(zX12Gl7v0_6-1%i$(;#hsk7BlgfdN!jR#8kC&)N0V)MP|PhQiF$
z1iIQnF7`1rFrYXqgkrB`L`OxSq_~KS_fnEY6th{A4{V9-@(L8z*5Twa9f~_Hz`;`l
zkDz>nkna-~lM3O<^AwAvqo|@0t(}*-c-AK*9ATm~cm<@u!Y~S+t~Ge?R~KO&+5p$|
ztB7g3kHmom6!qRih<63T<1-PKkcRS_2Co0Wc(O++H3$+_!pSoe$M#2)&zFYa$^isc
z-9XyFEV71Xk<&j73w`o;KX8Dtkv+w<KFH3@f@f4U#hV#8c`zQjrxIXrQUqIv0u)>x
zNB-4&s3RZn(kzhM)PZpST=+ROz+5jC_I61qEG<V6!SG8X|2?D_!TGgt2qM4ga5kdT
zyHGNE7fsiu5ExehU%y1SxY-gPg2;c1M_1=n)L-g?iH#mitc)P|iej<ju{iiiEcsYz
z2rX<y!w|*)x26ylQ3!LB9Ev3qpmjV10Up)M<9K6o664peqPVCDQRGKuWmKcMrWT##
z2Q&UkZEj6{A40=w5gJ%U{=!X8hUVuNzR`{>$?TCsW*>R&--mF%*TT}WO<i2G$H~f=
zX<k@ZeJ0|6UQhk^{%)0N7e(G1Z-{>#fc+9MX`9`WHzoFq$?Q8=?2Y{j@CHfE-P~^g
zD@bbY=6(Tqqon3;?)QHcpPG=T*VF6i_4Imr{SRL6|HGC0&3^@n&C8MGzx@Pl&FS9$
za^7}c#^%OXa^(Kf_{zs8G<A1t3kAo8U!K{0_)9G<f!^+~j_wxfYwgz5+Wot~eYE?G
z;K<P*Z`-E)eF=;Ye$V6mMQ#J{<l*q;Z$S_7w##jiBjd_`Y(!!xi$0Y&`-ddhv9!Dx
zZys;u$$mOs`Z4kiT=ovhM{0L0f2>w^J5!tBzQ+^8&5>W9$gSUovAcOZ+0O(h(fc1|
z-hZrj)KHI}6~C0wwTJh}N7O0%(2s?>!oxfXZigg<zPY*{apUbD3y+=_9G2i}E`jyd
zBlZ4cEt;X9il2Yvnr!5y{EWvd`8S^Q+i?H1oAL*F^$pw?YUMYW$}wzTdy^+`%u?zv
zGjOj_9hEoaxbFbVu}?Ki3dvnkRMy}r%9hK^lz)F!xdQJ8;_>D4Uf%6Qj+dOWq#mKJ
zxMh=~>dU*;6&N0hTQzt}udz1r+&706R$y*W|3520S)W^_IH{`tKw7dYU+ppZyJYj_
zxo;Y8Wckl?`KoVhP}PuA<BEU4lUM&C$A|BV8THy1D-2Umf02qz<(JvUQtB^p)fvtI
zA)XF=o*DhGth|Av;#r>hZjNTvhw`cq<+g2pU5%%(iQ~y$MTHMkH;MVc)7Z#U*twUt
zX_+4zc+W}k7ei7|aMo0RWfh+{aJ0zQ*(g(k(aOeQ6IU*vhw|2E<<*rKa$@8a)xSrz
zb>$d>8oW)ftr>eUOm+2j#$LAkwKZeEb47MoCmRSUjTQcH<h~oex_rBW`j4bFe##iV
zO)T0^M#Fbj(Xh7t2Hp?9zP*C_cUJ+Bjyy*T``)<{YpeV33_*EkO|_qXUtZN;NY%B~
zY21{5^elT-k-pLxlQ3z>scuzz{dt}uHBfzHlaQv5w#EjkDEPk|X6l<*Z_9ADh#OLq
zZ9K(I@`9gml{B_+FK=)!+}Ld72{&@zUnf~t-o2LwV#{u(hqkJ2+o__kQ)MF~Oi@Kq
zeKUJ(;ww54N^&Yn{7vG-W>pnsRh2D!9Jo){EBXt6DAT*jbNuIC{|Qf##7yn8hYH;5
zHYWCp{^~#Fa8OWG+xM!nzdB7U<t@BDzm*pQ`Q=(5gxxl!-M}CYZsqOSMb$R!5(9jb
zC++$7Ya9Jq((_N0_{x06hYG~Pbx`0_>8on{RFoySg!A^q%ZVZGT?_GNPe6;xMyB}{
zc!vnlFC~EXuLY#>B!Cond)NnZHast(R7p-k>G8GTp5d&G9M|Wdq|({1VaFE!rpK~l
zGk*(X$Ced#I5Exp;zKzpAbk$L?OOO-IV5&4BsBiUYIv<*Ly4>LI;#<}evP-e8e3%1
zdg3?2TA3qM!nET{fEi6*<xRR2$}6jE<!{w}h9$P~w+VJIMXB_nt{M~W?fmUKSBQL`
zr%sbWS(r^I3Z7;4)YMfty~^LXQ&LCBdtT)k{zl;(tFu#vjEyg-JfpFTO626$lx%pB
zT5RW2E53r@Ic6&)1+Pl_+d?g<;ScGdPUXt0`{t=CYrMtdZ&%|hDf;hR1>k!;;k&G@
z5}Sn5*6OOOS~KP-@|7i0mn{Ldi@*8X1KT16wo_%tp6@XU-7JwR;bGQLRm`((0yW0;
zXNmS_1-lr#RW#Iid=<e4aj(*j<u!H@MtqfLcL->d6kk>0OG{e${FQodvakJ0dfLg8
z=c}myf(<@P{9G&(+B^;BO{@!QoPko1zNxKXth0i##?SeDr)Qap+evKN&g1V?<nK^)
z3zCq{mykWq->JTfYoMm`oW@0-244(JnaAfd$!0T3MIg@-MELX4ntM7QGT)o&-*H7T
zhj<%a5aaX`|0VI9RP$H=83#e4nZ-I;Rb}H&6-A*Jp{lY;RYgfvWwTgED~omX7QV7r
zHE-o_5hu3Ml=>b|W&2K*XZEy7wPl=~%+#YU-?U&HUDis=NGM8?kZPqJ{2ed9DR_Ze
zavWVod5cVC{tm&53^bpw`w|=WO_B^gUu_>Hzr!UzQ~Qi7<&-}uuAj-TqsJL!8O5c<
zgqJC<NAcrt<ts78rL>~BuB@lWS<7EM389Mo?P5i)vYofbTW%e#x(2z;Y%)9sxo!N-
z47trK$o)=k9c9j1@=0oUvmMxjtmE%Us^za4FOskqR5tSVEb-PcnXFueOeP0tPz<P@
zw~j4h6*ZoO8Dxt*WXu4oX#A)dVA<Pw9N%_ueAD>o5knwTM@d}gCy$r{nL2Na>&Qyi
z>Ni=1&*b>Kr11Hhm<Ptx&9j1+Swe-cqUx_Cwg5YKslBATo26)?@^=beVe^mwoZx#b
zi}k#dCu~_(1X6XkS;8FQeHpE`T}}6SHs@6NsykO0BQ+hH<sUH}iaRBBnCVdCE3P&j
ztbk018kr8o)uw}$km*q4tMaLpjOkznt4xRDH<%7pHU3svZO;Hmwf)v_)b>geA(5C4
z)m{8;-yYcJWnj7##3^(BvI<#Eaa_X<W+YQed+gZ%MEZ05XPDw)m3DE4<JB$FUSE+6
z&}QBysoLEoR=d(p<@vkBMuG}9G9b^$_VoG>mK%^LaC&+@F=5vKRkhDlSW6DUqin~6
znFqpdrvy3PBiKFv2zIN*>NnIxRiMaPKhJ+&DkCI^?~w@cpJ%bKgoP_)u!Pvw?eSs!
zVF9(W$_xA#WF&Fp9xI0O3!KK?wU3JtRbJ%NKWEKdpS`RcC{C(<rW!~Cs>0*HsK|do
zQ9$95a%-Sul(?#rks2T}cZu5w_!0^gRus-!A~iOXt$S(Dm&7B!s$e@8*2eRMnnctF
zp}qVn*%0Q-ubFa^n01CI*uv~1XXV63Zj11h4LofH8NLYL*&uB$JiC(YUrw@kfuf<e
zc*5rtmWyL4spv@1<%I1l_lGO+hF5C6wsCpJGhdvb{ER2GS<VzrY+MC!lNjL76;}b2
zs!nSCZ#?1Kipx!mR+2f($u&H{6Y+pK5L=brEM?LloL&L@gH6jx8LX36a_2Tl*}x+6
z)x@t)+*)q^S9{kU<Ysl<&!^Q&pF}O&GMF`Zv0x$Km|gF#cd>aSMk{G|#cEfwq+LJ2
zQMJ;yyNb1v{7Gx?mX|4{fdM9gkQ4@HN+>N%lLk5^t;;x5XF_LyWLjvUP1>YG7-mSC
zOd1HKy!!Z^^F8!QUK7&xzecit_nvd_J@=e*-``_BtghlMebMIrYR1zx%(EY;r#ger
z?zdRiiS)D&Ikt-UD&Ju9d(PP(<NXcR1v%n-wrub7dbSMrt=%@HFZe8Z+oJkSO=72h
zUz7N_{%Div)}I1l$i9n*4qulrE#78c*K*M$$u&5>7QoYrUw__~Kpt$_ww<f`?m2_>
zE<bxu#B4K${@MH1_*7Z9-0R)F-_vp0Hw!ke7!ZwQt{G9xKT6KmpN<Un_4f_;?;Pao
zh}21C;A;@qa}!bO3^Sf-=%vbhopTI9VuN|p8G1ZqTnp_Pn~w9v*W<hhqoSUXa&^|c
zo(Bgid%Im{`j~i6*})fAxb`mNx`kX~yo`)%s4ztS-m=Tojq?S~(73eeH#PTAkq&}d
zt9*d?2K5(S5A6`ls|UgPj5?=!=vl#+g>#vY<MTd_f5FFP|H$`yK0h57{Faa9yez4&
z`+nfVKETiMAwTE*l%Mm=3f}4e0GtN|9~Jx)@QJKH^sdNv9i2;C;7yCVNGKP1h3Yk_
zH9`%6T1OppwosomsZBzSOU@2RV`@rTXgBpivqPxaO+Nw792-%t2hIrA1aB97Q1EMl
zCk6jj@KwPd3%(`T;bJ^na7ZvEcu4TK1s@XpGr{KtUlV*!@T?BT?Sf;1dj%_kcM3i#
zcvA2m1>Y82<7T`_aJS%;;6cGf!5am?DEJk@=LCN!_-}&lPR7lGI|U<x`vfb3w+sHh
z;9m*8Do7sDL2#$wgy6M;C16S(68fF4!_scE21Q5FLtWG`shiQgU38yGeU8on^^{3H
zNaun2kx4yHJ)qR{nfem_1zmzx4w=-qgxY0N-w`ThQvX1gf~uO-KT|)bmGdplg6I>s
z2z48%VNeg8-_+AXkDJsRbS0>FOzLflVk~aHz@if9RacqRMr9iI)=cVL<vI$`=S}Kk
zpw`lpCN-$cqL02{QzhC!Z(d+&Hq3uTy~jwq0x~zzU{5pc9J<<0(`mDL<K#=BWlvZ+
z&!%qkj42_Ty2q1H&bO(DJ!z%Krk+5~kJ;35&jICPoBF0FuWYrcZ$rwZHuaLHr1aU;
z>z<0T-KO64)Rlgl3V4^50h{Xf_S2wEZTHrd9X7Swd!sUBQ%R&<W>Y!ut;$ZDDtqr#
zuB3WTvo)`#8+weEKIZ+Ray9*i-1fSKKI45*3DaF$4eE2CB6M@VK|SDoM2XQ?P3kf4
zW6CH!IbcvHK#kLhL4$hH`^U;Pl-OZVuYj7MKiJW%Jt6bir&Pv!1s@W8OrBeLLgFV>
z7vd+)IP-tl7Vn^c5zd=7-$JiXo`3Oio=v_c=K|qe?BnCI!FSg9rn(x(#oNO+e%xoF
zi}tj|JIwqi9NL~djpj}XCr+{AT3^#MPHFc#IEDnT)Vt1Mmy>^i@Y(84Gj&$*cFA*U
z{Ga?y&Z%)rlTCD({uJYc+tVjFKzFMrmCGd_rthmbt<qcSE9g)ErEa7+_>U-isN(wx
z@CM+1dcgONlBcJ9|A8@mm=xDxpbGpOUyxSlO<%xu3w_{wM7e{4{(jm+XZts}_E5;*
z<yrxM3vyoUzYy`aX{&2JUG5Je&u;%7<QenN01wl(z>I$*JwO$I!S!Xj-d{q_!&C)c
zp{xL(_TTIZi!ChqR!Do+e+Npv=)YU)`i9i?ywtKqI4?;2d6$a4#7&sr*3qrNGwF6<
z7v0S>9^DHJ(eDB;q=$f)(3gRi(jNl*=_|k?dJ?#cz7D*Ko(5h`e+i7zGr)0r4w#_7
z2BzrmfLZ!3a3B2ucpbgU7bWO*V3B^x&v;?xRk6o<8(5QC8uUJJ8I7gV4b%xdMt<OJ
z*xRVk^-SPhv<dimIuCfC@b9M{;6ro?@L}o&K8hJv#j3Is_*J?J_@wZkl03(yt`m~y
zq~v)<@;oc4-x2-`lIJCfe^>H+U-G;na$b|1Ka$j+O6t!g^({$#2dRBHQ@rBp!>s>f
z*Ky^9@|^Ob^0M+h<u&CEWxMNM*E6oaca6i&owV%1UI{($HVLn!dnEh>JuKmFdP2f5
z9hWdd-;^*$-<EKUUXn0QuS+;V?@BmH0WXJ1>XvX1ZI>`ZyCs~aq=b7ZC*gi7BXl2Y
zzXQETZM~7MpiPO|c?YfNRg=}?Qd#>X<(KRAa$ljokk@N{+OkHOOajboBEzxiMybqU
zB)gA;jHVyabYYZB{QrjJmmB4}A%hm{g{odI%~EEi-q02)Is0j?(4fT}C-xQizb1*6
z>a}WJqw##Dh#C)RnMS^`RHrem5h>LcG(BGAct)$&OVx@&L^QoonkyCZ4J|rFBTJ=n
z5xQ$MnP29lx<tZ8bUa^A#U`bia(*SI>!@=vS7<C#TFVz{uU=|srh0u-TB9#hEgaHN
z&IoC=R4LMorkCbcSRM*hwE1eIgsRz^L=`e3)k=lUf)8?;SSAxsPUYg!Tqb@XCcH=@
z9-GSM!qeGtgz-o?iyUU|^h_+B!!JI%KbHt+V`<?}C3Df(Xm~o2%}vDi3o9DWq!Qu%
zxl9(hGA*o;{q3AcES+uTq%&cmlM`kISt}Y#r;}+^7mhl}NOEc_mq=!^4qhf1nSjRG
z=~Qks98XNAV~)i5)J!-5qsPNj(ad;wVzsnX8nsSl##Spf8IG*NhGR08uUb<~KRZ(3
zvq(HOZhFw*jfA7(i})yeeKnmd_Zr;M_*6VI9*bJZZQ>z`+a*2~YfZ`KGSjJ4GMzQ~
z`-b~3&m~7k;VhxU2`(9dKVzI5ZS7!BPsR47ViA<hO~R<~Sj>^g2Bc$=WEzR4hl~W<
z&n<1yEYxnbkrGcNVq@V%E)`CPCu3G`Gt#1{CK@wrYGtSQr?RK;S8JkhEHf~;D+j$S
za&Y)En@mTBa?WIno{SC)Ju)3npkXIsiC7jRXcF2u`NmL5P9^p`xUs45NFrtoAm_kp
zNj1iwgFiZ*NVLnh$;t3OqopIGW6nktet6ZS@o*-`lZ*^FbKGWT($Yy=n2`kL0h=q`
z#E_SqoP^0!Xq2{;WO^(-6+h6lZ1p6xX<Om&he-~9sPOQI%TJD6)6}Ak6K>&Q(y<2^
z)2WF_W>*U}Fi2PmcskBiw4-)>PS-Rc>aw~t(`1RUNjsa)Q#nVD%5*MiJaKbmUTZ*%
ztRA^ilU0z##o{bjt52?OEI)R(YGtl8FJ#eJLUNj{A<Q`<>q4%;3xiz%M6Osd)oLyl
zOjl<=ohw&ORhd}S7OVP-!JEvNDpahRCUeZNmTGzlHdkv6SWq`9(=V+|(>oT^($}!m
zCLO*om%a2-rBPbc`XbfETB)q*yrh>3TAd6=p2elLa(-E2^>Cx1mu8n>lUb0nA!)W$
zE;Uw~sm^T#m1;Dy(p+h+D&v)grdMlrjgxsD`OB!ewn7EStyb6t;&QYF)_BXh%F?1`
zinJD$D!F35k*DNRqp1Vrry4pPKqXXNY8W{<Qr6H!#0|z9kFrMDD)R0aByN_*N=>6V
zxT2C@)ToxP*N;~9B1vH>*mPmET#iFa-BG96iOFn^xgu5P=IYo><n?*%E943!%*e$n
z+To=<`;4iW6`$qpOpc!pB}1bWeB#`qP&^eb7Io-A;mQiASf!Y%q61L2P)n4Mt->3!
zMjpKqTa$XVY?qEFDXT3vWYeRI^~Q!s7>QCvqgdrgNv~EG+3T_85&#2ZZ>h1sqOjqj
zaG{{p8s_dOg0`hdnfGt;N>N)*&cTn&4C{J+MJh;Wm3fqoqLr{ZSL=;frJ=9zF0M&%
zKGP)DpUn7Zez8<uF?V8FZj+Q=ZBz@@vJke}T-@A)X+_!Ai7CQ{E_Jid$j!1k<<RaL
z>2yTU;1qC@DS@uw6oW1C+Fr_oR{*C5j<Ti~=d~rt0qTriNzpm(>!m}8uL!q>Qs|4M
zpu8cyM01=5I)W4G9OyFmEU$=g7Bc6BszX*DKcsD7YJsYBlzJfnJ82vsVu<PB>2w87
zc^QZPA?Q*Sy)~S@8lX!k!&pI%yx3JF^7cWyT|_<(2lxulxhc`_h*@vQv?D|pld|Pv
zTh0>Xu&#3=QA50slyf7d{UzZSY#AuKCJb966vHVJr;VNnC20!Z7<gHn$(afvo<J-E
zZj@*P>$4Mb`_10~TBX;ti|Z_~r_W+<Xzkn{rk7x45mGCNH*Aksd1ync4pL{EM<b5*
z|A-##jv&_}zMMA%>3PI8Nb~VigIn?_%YC6N@>^?zmj;?1&P(}L>4pw0Jum);&$T7#
z3-eM3m$KydA#WYX+HxCQOYMF925Rr)2PIz~Y4f5(pL}r=+`{dBNIZE|^s34TD4AB$
zaH|&WHJwJP7NXV>6*6=Azz=~_mEIJ>uPSNIoJP%;n7uGBt=(*uA$)h>yA{WAuBACn
zeWvs&k=d#x_Zcj#g37UbxS%zpTU9HZrlVU!xv6qdn(Y#4NQ*8xTxaBKHDasHFJQ>$
z&9c3uY-8m^(lL$hp^G~-sh<aB%`Qo6LQ)HNzB<tum$!zp(~{E-_jXH`#8t|*EXSJA
ze0D?qG8tA0jx8W}UZk=6+2y+UQ^~Vz=LBg;Z%B@c-Q;YqHN~yo3QZXn*YLJ7!8JIi
z+*V(lZu-hghggvA$Zfa61MduncQ0qT&8geh;#*_#Sd`LQdnfw@muyb+R>_Px)rTBu
zA+t7Xpw-Q;-M%ceOTg(27CR*=s|?pd%T%}Oa6R@}V?a1((U4TbqOWj_S61Mtq%=En
zYbk?!y3t!kYC&ebrgX=Mj{olmrrDjZ{OAMfA{oezM*q-xrPZCS^UB>JT5ZuXibrKZ
zsF@2u(Nw8dru;*u0SgkgmbT`TqtZhc9Qo?z5@c);xc?Y=d$H_BNtuqw98;0rU`b_n
z&C9sUpE6f*vy{!g#dR1>HfK6*N%W<&B9NY<aV&9ZyIJY1FzAeIG<Ko>4AR3`!VT^q
z4bx>!?%FgOWoQ+85?T+V)O6dD#NJaTd&&BaK<XH@m=en~*jj{SYr%1A!;ymIG=7ud
zXGPZxH6<u(ugAvY3M`;}^Xo>U3BMyX1_{ysx$IK#!19H!T`>Oj13%mNe*e?glltes
zb=}OSp;zv3dAi&oMd|8*J@~2kb-F{;4NwC7_yPZ1Zc-GrGvrcysv2^sL3Lesr&l7~
zoocAV2t6Sss0MwVAqBJtTs06-LvEGR5OHy0cc;svx<kgRKMI43!Ofr=?}xeh6$dvz
zTqtjmx%s_yH^0K}CW#^H=D)Y@exKnzhIbkMo#AbUw-|oG@CL)r8Ggn<4Ezj>n_pUS
z^IxrS^J5%tzAx$K`*?1?VdoxY7-r~XU_IROe7`)P+aV7QxVn5QyQPbxU8<KlfZd%Q
za;aVGx<IO3up2qLx&WOFs(^|D0WRQHyWk-ob*f$BqE1Nb4tU^YwL8F#5@3&mk7!V3
zhT7qkUng9puz1z$?da}A49oz2E|1sUrK&EpVwcCu?ZWE00s#=gkjm|-20A>!0j?!D
zpo-{W*cS{#zANCNjsQMv7c?L=ChOF3zIUUl`XB~v8R!NEhl7^~&t$EGKD2#@3#HW#
z?l&FYPzOq|l}d0Abf@m%fDgR&)9d%IKPVOEp`MGq5D37RY-)%4ac{Q@#RJ@DRHGVn
zmVg@EgYu}(7wm#HfdF?PD7ks_=1$nBvKS?>nT2iM?DKYZcjBMwQWf)czw`Ksk*sUu
zUOiu%s#apld~n1$EW4mrkJgp@_crfBe9d~Nah1=*c0L^P^w_c{7fR&Lf~NHq%Vp!Q
z6kJ51kMgGGNBt=BJW!YM24M@IJ7fPUeCyr8eZNU`o#PhEbuPYVK7&ai2Q;P!W9rDs
zq&12-f4<@V*Z;KSI6u1`?{&7PMuj&cE90oS^2KFZuS)ubQYtIcdqqwQ&1v5FJn25c
zw~(My!`#HouOjJw$<uFthp++S+wzxU3Q_F*QCW5hBB$0;Pe^>GI`YoQ`dxSA>35s}
z`^C2Pd|%l-iSfpe7bNSPMW>vA7Q_oR`y?dKeu{nxQ1encB1`UyXgH4&4O6#-)Ri>(
zC9^I|*UGO{=aAT$lI6XKWs(=|c5B;h-6dthB3naUv#5bL*1xRWuRs5XpOo>e-pQT6
zcE$h4&wm5)4*O;TNdSODOYA&tR1{a1RZTZE&`=FFii*mZGGRw2i)oBtqqYVNnZcdr
zs~T2?%#Lv@9XC5;swQSn<3Os(+7z9WWX+!J#GI3C5;rq(N6w7#BQet03}AGlar40$
zoe={kd8Ew*Ll(gy)ZY85i!aTbIlFuI7j;g(y6?UF?z{KC`|(~i)c@xH|H=Qs|NsA6
z;i1;PZS8%=-SPa1zAx$XP~X?^%r4*G_bIKv+1E>P!hO%s`oX>i`h2_ZWBNQ!pXCq!
zP((U6nK}K=fO*Du2IBPZ478#H=xqZlV;=|z$FyMA>o<L8pn;wEkU$(W_4@+1{?0(w
z73yjbcv+^Q=6`Nz;-wjD1AIQkelx!Doq>@TV+^&<U~J+$1N1#Vlm8bn*>fj#GVMD9
zIvSJp9ViB4iDd95ys+`z0xB#1-zt8)z|P)8Z`K26ui0z%n!RSP*=zQiy=Jf3YxbJG
z{(mmP>tjh190+|Tb&&W0P)F1v-sTbWJKPM(aKMo>3!!9$NCY4jAVF+EaCi<hRwHy3
zp&W!hM#zd#4?^#s0_a_Y4kFY6kXLL$@HjT^MCcGgr3k%>&<cc}2T18~19ujH>T1vG
z7v=W@F2?U!ZU(;(P&R%8&=!Pxv8`-^je8L~hHY!-pbV6ayC!7Fnc#BqB$sor@i`om
zh>!;%E!`0IztRmEqUn@hU5wwS8)Cdqo2|g~x^xsnY(VBt(pIxT(m(+2NLUGvDI+T%
z{VsQ;AwS*CXnYe74^cwgXLQ_XktkwSiB(sL_hVIxRc{xovHC!)I!_=+Qjv6bnOK4y
zr8*yC5mweig>27&mT<O*+zEh(yyHLwTT@u($bCjv4K&t7PN%t<H{sq7_v>)?z|FAc
zKld`xGR{~(4_OMFi6?*&b%Y#FqYOKTL$A<RLfjGCx-#)Fa``XV)yV?a%6PW_6R`yw
z1JFo*?uhaChyz*Y4A$#vf%z7rbN?J<{_ONixmx|wQ(w9nXGgGzudJw2ck-g(b!tBL
zE&TPOtB5bekL$qGf$uhgem);=H{2^oZ3<Z1pfg+%l=!^PB7PwYG_v5%CHFuV0DN3H
zF6@EDJ~y9XLbf+hqB0*#QBKT9F6{+d`JFh7d$ONpn5WdD7nru*PSC~Rar^<vd12^)
zyc{fgrxMm&JzQuAu+-8Q%u0kUBUPE8p`+(PVZlm1f8c58YwOVm#~XuJPZ=D>!9{$I
z3mD)+zlxDkEBP!S7qmUDgps$Lff6KiUMFNR2;DJ-P~#*Qjio$&9~La-^9DE^*gb=T
zB~u3GO%8+sg#*6_q_(g=Ai)@r(YT$r<ELpr?V0$FXy7QK9h;$+6n$!z8F&u6TW56V
zO_{cfp@Odf!FeupoS6_jd#d0oqUCL`&EO?TpTy2Y?{0hX)_qncx<DOl+XubJ@wZ)P
z82bK3?{hOSfeY4{Yx&l=rm22D&&T*!pNYJZjMmdM493IPuM=BfH2EZhT7O;bwk>KY
zU+FwcKA49s)e&HqDI>KvfJEgBOgX7U2yDeez6+3#4VCf>%Y0@L-`NUeV={695*2x%
zD1{rJl{-M6B_@U}!l}Vv%CVCqLTv{?n|$^V^m_zy4Wwua*E_@jGF7HC1y-zrRr@Rg
zIb-zuv47=6|3l~yAhyp^hBM)7MIr;P+S7C~xRtldi^OUiF=|JbbbCl(ju8!WVQ7;k
zZ5Jy6!Fv*4p^{!bMm2?{gp>H5H9Ai$#a_}i(P24><_WSCmV1Q?Vxo*mi@hR`^E_?L
zlSSvT!93kIK=<=G&fz9)k4x3S-?P-BHy9rSZdyUw6On+N2yw=B-T!fPky`o&Qzn{`
z+WZuQSp|vUz^(iWAarrh%4k9?UIFcF)o~PT&F*8$eI^ficnZlO|K(_+YC9S|h<IM|
z5QLU0@&Ju_)@WSlKE`<w0z#&Iw>XB;?Ep+f&Tz2+_AH0dZ6#*}<}}i3bcIvt8i4Zo
zP$lm!hlQ;6l##4NsvNsYnm*@Rz6AcN%E?DoG`twUfS3y_{x-IaG->j3fxK>|N;Eq!
zMz1tolz&GVvZ<ZK1C~a<H>zoGp-)CT_N;~Za?8XKWc80=MI_tc=d)B~^$E(A9a!aw
z#pue=S&gPOY4weYpU-6EcrVGtNi{CCQ`0oP@oupn>As9~yHjI>pP_W`Or2E0zZ+d|
zr^IsT<pfmfLLfNsOK`bz(w#ufayz;exYXkg-KA*!Z@jt_EXYU!0Up2F4_V+K@3-J)
z$f=2?U2ew61-X;CV5yM{GU3jGI~#5u?n1arNDs_O1AQJ@jnfZek|-j}6KGy2H1fjH
zIWzJ?9(iSso)`A>4Hk-=!#(MN`9sfB`@;O-?xJxh(TGF$s{x7}3wHYfTa{>x^{o*|
zK}O75xIhc^bRr(>A@kEQcXXr5AQI=2>;znPF0czndu*ynwPO1~_*O|}&GZ?+ZKB~d
z3&N|L3uT!m!fVdd@R~Is-72qqdpa%h4XGucy+w?l!N(Cjzhwg-g<R;h$^6Do<s*CG
z>aEiW%{pIe1OI{DdAgF5C%SRnF$@j-^3Tgz|H#}j7fxgN8Z$K==0}A;k$=|wiTty8
zX8z%t@CTl$IY_rBuI0_IV`(U!rlCd9s1isP0UonHJWBP4M}Ji6DqZ2((WQ4m{`kmD
z9V!<R#y;9sUbO>I1su`BSHpvxHPaMvm$(AdNK!c?MU+rq#9X%VD<hZXe`VydJHMLr
z{%johDxi~hl435tFA2RrH)+!Q4;fu;iFyFUxC_Ru#ZAjPV;H}cq*yjcoe1P_#^0QE
ze70}MI%T#QSqB!Z46{y4+_bE-(3t0d&B!|CFpqP%K;pCZ+=kf)G6ZG^NH`ukmTNl4
z(9Nw2Q2bW_g{SD*dzL`9@Ih=aRgh&d)Dsh^*?<c1!9#8XEA`T}j=N(&#3wF5w>%m~
ze`P1{U_<)CltBWxf&ST3K~9-;f(l|r$d5t!735iHq!g%QK%O{3#|^#81@LQO6{Nw0
z;q?TRF$=ng<OtY;ZXcd1at>OeO{)2*N6(y>Er!DHLu+#!E!W$-CfZk8=&YCvJcKvl
zJop)3=$U7U?J1b5GUASLZl#<{j)@`HSc?3anP%WjNMv_-D@d}Amg*4+PFJl@2ckYP
z1Qs_$e)=UmAS^56?nk)b&ch|N(#g_LT?z7gz`p%JTEyRZ%Zb;>J6r&D)^LK~jm9s}
zYYy;_0aTbInF~{7YXwoE7QF*Bf(RiG+iZo<6F4njUw#UMFLWSTPX*b^(lrP@26+#-
z22pNjb%DzW{ybVm%CX+U@3!D^ktVQqu;0cG%v+HPf)ONoZsI)Ccy%8;HJ{;c!4>L$
z{zarEcp=@}J)#NpLJE=YJ|2Ula>L|*K)uJ@wtY%s`F!Yrl-^c7y+vLJfd;Yk76>#I
z<x&DUGNNfw3ps@PY|%+}SaoilVUkAqMZO}+4R()3-C~Yf-V%UHg~;HcxD6~@Jl_t`
z8*zrqECJ}Owrnr7YRdw&Y@nr|mb+;w(eg*M+(}E3mfLB0KP|V?vYM8awDi!jgqB6L
zbknksmie^Iqh&5FSI{ztmOL%9X_<u_KMfmnP2$ajK$_K7F@w-H7j_9Eew9swqnRxt
zHh`#FMrqiM);L%E5mY@|Mu}dJ$I;sP2qp3!m_ZF~$nZe-S)Y|$&ctIY0ORuz5Y)kF
zvKkKqO+dZV3}L{!>x)`w2f!JQau^rY)TYzW|DN7&+ZC;a0|ajtoWrhn<wa!a0@&N&
z)kVLJPJT^~q7L8O>e|RlJiCE$bxOYtvd%CJE7FH`!m#N4>BIa}h83*BaneOKB^RDS
zD~?sxIu>nU7-@lsPcpO+O}$1+*5$*t8nPK0#a2+H_#A5UZghiiO^sYBc*PgiLdyl<
z_2g5~r*^jOgNLiD<`HhH{MUC~Q`TnUM0K^&LJ=XdH#U_G&RQlP=pI|0;fT*Bp1%Y{
zKZJhJXaF^;JTL~ac~ilv?I^%Q!BzLev$@#*uUp}%)Y};OUTu{PsjjDQm$X$@tlR~a
znwns7Kje?O%HQ>y3+nrKrKrXIDlY0DwDZx=#4zxC>@do;2{xiNVmH=1sGL~uD#pJe
z*2oeJ==F9+&IwW`fU|T^aE&Hg$tRGlfjjJ$tk5x<fkr_78U%=daA<lqvJ5xPU}$)<
zqzw+Efkhl*nXEzs!9P*PszA1<Vu%;WBj3VP<CED~zBm`l-4qsSS-lv`kF&5m1Eu)(
zZ6LyLXcpyPMvJdS%?_ew{R=QGK=P8U+_Pb7HitpWy2ViAA;t7a>rlG2XdU?jM)~Y5
zaS_}Ne;P-1Dvyzm@Eh(C4~YlHYSfWXvCSi(I@)6GA1;NhMsYtmq}RPv0;MC<P$@<y
zSPOC&uoEFclfFxUDL$lAL}-9ix>@Jx0*eSL=k~R$?U4#}BAdF&rgk@6iF00T7&Xc3
zcl_MSN(JgBt5;pO9F9nPR(RpSln5kiJmla?8n0YkG6%x~;m0_o_v_#$TQouWD_gd5
zMyrE?$`07V#@DKmExMOB4a<oF!N2pa0ly_r=r%7|KqIx09oIM67`NmQ$N|g{<o3Ie
z;p;sM!J*Kpd=An6JA4lb&gayE_5H#6OCZ;Ad@~oUA9D@|<zCk+227L-VUl`@*fuaB
zb8A7qRI4(>Zkr+rz`q~)uW?@37_1tjD5|+tEwK%^E7D&UR9WRT5Ak3uQbsgsu~yt4
zonKIIl^w(FCW-TqRk1EPF0uF$%t~;tuqhgFYO35z$!U450(p>55-}Dfo!YsTg@uvg
z)Z$BIUnW{HOL+Qb4ooN?B`e6Jn<d$bT1vs0qIclh|BOWu<uQa0qyK;b%v|q{NRb)}
zOG&ciEMn3yri_fsspR$yv_?I9MQCL6TV0lL@&;yC7D>#Qh;WEOenyXq4jKr%mEI)}
zg>%|REvhZl3;5iTBG#<*x~B)pPRH~h>2(;^4tQ>RZRD60947J-u2550@HuMbgk$(I
znrOVMvpzxXd>MOuW)BHDX%MS<8TBbI_Q5%gt}BtIby$20ApSZp97noQ3)OzmW>VU-
zl~d-%(Y;{k{?B~lwSbWc7+&>;^68R?v>f$R`-nv~H=!u1IRO{i3US{I`NI@k3Bxxw
zj_!s5{&(w8e$onxY*>pyk&!G!abmW^xyS)DWU2$of~$SkytN|C`lx+*J4~U3?H;lq
z9dXbHwTwzgY_SD#)F;#KKc>Y<SZAPoGsQvsB*p5RDZXc)PLZO3g;k@4eFV#_%HW5R
ztgJl&^2f>d_{>C3i=_jBxbx7~Ah?I6M8QM0Vs#>3CsRA_XXMpjY0)GY`9nIJ0O5F5
zemod|#{D$6%X7)mbd0cC##U(XkcXibjISZj0|WZ|2T03SZ-vmD2HRG9;DYq`%|B)X
z!%~%c9eNzi39uVob4r>Q2umr=@p>gG5SE8(x4^1I^rlXEAhbto{(&jbFXdp9X-$WG
zvUx)sjLK}@p(*XqAYG2W4(qt3uKCo!cVO!nx>tirMD4;76tf!@a}tczc`>-H-x&t|
zxP~x<N91gBEzJnw6?l=y(+r~?z`w?Kh6}dYD6aH=P__!>i?7i=w~Y;Nvbnh?G!TJ&
zG!_ddcS07?;c;oHK-vI?MGX~FOBBc<?5ok8EiNHyIo3MthPcK5R4x|CGgF8>F@?xK
z%pl_X1|kho7U5?I^M+j)W^=z*u&rOdO(0J#z(gM^wtFfx*#>Dai)I_aOKb}fH*03t
zIWs2~c1loiBg*>|$)Q4qapn3G$N>P<T=FVD%&jzEK8G4For6DJ)duB$fi$d**`Hc(
zg<ZwchV_iJ$V&>=K_2jejLYb6RIqsz$ivGhAEX+1*K&yp%%~$?k{Uz({xUoc(I0mN
zvXSCu8$9Ey2(mzDxSt$cOXFlxY$u_(X+Db#d<Lk%<1ys%HMHT)R;T7V_mew)z17YO
z*RQ#XZ41M0c?tQDLv7-pjC=7Sf6K)}=D-K|^Ua~nHuW0VgzLH-2m2UmT*`RwqYoO6
z_dTVPQ$86C$~Lta0`Wm;d~`Lq6iLw&8fx{4eBB!j5$aIw+xlIXr8MY<gWm9ZJq=%$
ze<1j*h7)cFpHq9Fv9w^V8(Ji%K>i7L(|G9Jg(@qyySlglCOTb&fnoqLiP?aICvB)2
z7@k7$q<9?%j*pkXf+AJw)iPWxZ>V_817?DZzJss$NAQTK$@2wO9)l2LC%;am$It}w
z3jl(-wQ5)0>4+-@w;-}<C^GOX;NF)h_Mol{)6k-<AZ)O>*Le}Vj|bn9mXL>2r(3O-
zV(5AGga^KW9{2(Ju07_vQWuW?tvU|71lY*knCh0lpl<0Njd@hAK=MXo9>ohJXLPzp
zWsXkuD0O_QW0nYHbR<S*r9eI(iIG_*kSin8$-Fl*jZFQeslK_8>`j?2rT)&{5!}{W
zu&r0xpl!BEtF`Z&cPFVFcZA&#<e~{)@{{${JbG|Lf;(_mG3-=eNHk5|+`pHF-AiGT
z+yNbXC-#SQA&YxSI`~fnxbTuEQNGC8&_-=b#CSKpod?A>Lk_7>d)j-gY9(*IehOa_
zNg2&a$|-iu8R=Z$v{a@y%F*N=uNrCZvkS>RYEqjvKE6k7SFbzI#0|!cD%Uh+P;;Jh
zc4At-!mw<koV5%e(tqNEm934R;7bL$qqc4f#CCP#*qVrRH^lHS*7QktKy3fCo!Fr%
z1DY;DQ#>@iAN}XrI-Tc@<NsaU_s2(3WQosYI+IQ^Ne_@fM1BN~ibh;;K#7yUVA3H7
z1A{RMBP4L&!)$iMTZC@FmB7TFVbdvkWpBMbykqy|!tUY8?y@Ihc6D)vXhIN?A1<P>
zZd_4nXja35$v}qm_r2;#2=0FGd*8pld`Nd!)vKykRj*#X_v%#*<b&6B^OeAtQnCTo
z>l9e8@#agWVa`cQ>ZX)j!l7udZz@3(q4#mwwX+yLn%Xdk{_*l{^-XPg5XiL3W0W=t
zzOvV4gUH-W;Zyi06q!+}8rKj<(rp3?ed`5e1OW>fzZxc=anhHZg*_nijtq>XPog;2
zhSkSpv=+{)HgZ=104$xbTxPNixOVDiNVyYc04e8G@hr&DFuY`wqv^b{*<u-j0%21b
zNRjMK@8dx<;yp{EI80TiZ3k7RkG9^6%BZQ5=1#|F$z*s^9?*c&K|Fk|knsbV4~(Nn
zQB<TmnB@{8ob-1r;(wtT4<<U@co(y2@_}1vY7gq^xeb6s>p2vHW`S7Lx*E%V){}$+
z)%`2X-&c~1NT)|J0&4veW=EFbqi<l;&N4){0v<kNMloL9Ib$Z4b>EjvQv+_GG<GvX
z7ylQa-aFu--$%rYgeU2$_XFQzDl&DnojgH__`xvv7z{Gy06t0ixLS?RLZv7Q7{@#i
zS8dGL4XlXFkZ{OO0a}xG?n3nlX7d=InP{9cjzI!Xf^oEL-P-WdaFfQ^hHW>QG%|qF
zc;lD~GY2IwSnVwI#|B#&|DWng{LQ-d{`Ykmxf>wmAZJOImMfXE*e%A4AoeL*+Wdo6
z<!(f|a0rFb5Z{bIk1;#UF(nIAjGeoa>Df?k5OOG4EO%@)ET*tZ=6wR>{~U;g!%&4W
z01>LQd|5tlH<vM2-IN2^7MMLn##gZEp>DzMWG#Zl7{l0Pb<^sOEr(!^ly+>H58=|b
z?Qtluya8$tLB4>49<~pP3Zg?TUxoC#vzY;{GS;o4zk#v!-?ZT0or$WJgW|Re3`316
zk&-yY09rt$zn>a1X0T=s>o4ONo3aZVa!e~M-nWb~e!uik^&of%d+MG6)>F{7ya4cb
zJmu_%nXwgnX(4B*b{(`h<qE{QdZE^4h+j@RQ14xj<cPK4RNHqEATU0_H_XKDbY&!E
zbRl#BnRR)AIbU$Iz)#BWHADB9q3LF5oEa)ML)m7i%nVt~P=y)#%Vic?R)V905uaj2
zAd5boI@qzB8bAgc3n*_h=|^ZXa2O<5aQ0muX1&3KxzMpQQ_U{Ntsk;!7396WhQ1EG
z!0#@>k&$wmjJ<vEb||wgG8FRrS;NL?0$YohVYze@NR>do(0ITnonv|od^_lMv|Y5<
z3?nkOWt&cm(MS|o4sz!Vq^pK*0H`reHGF{Y){V$dPBk22fuI?Put10floEu1If-+j
z70F*3t&{|rqL-zVgxCkFg#|m2G*}TkaTau@V#b5_1KBZJV0q2y2a}~0sYwVOK{F_u
zc|M%)Lg)=7$EH6c)nRtph(Ait02rq9DHdksvH4od!dNuJmwNk=CpuYWbb)E%f1;sj
zI#MJnV0*tgcL4>YQ>kK*h>Ht`h<N(VMEpemAQ9h+M0|JRn?&r2c=R;-K|l6$-SYOu
zm1J3gqq@e`3qtX@>wB>p`&`8sv+)u<1Z6#1+XFWGi+Qkg#I1fIGz~W>Y;?ywrn<|}
zuP;F+s}RDy!lwQN%F3bH$PAj_^H|=<fuXMa-8R6jirVHScO9fG(}2b^BY92(-Ux8u
zWq^Uzvm^BvDKJh(?hcb$?`&8N<uvrCAYDZ(21^iJ5g-1eZ>O*_s_B_&u-q&0V*k3C
z)$}Nuv%YlOIs&%e?BeEF8dgCeg@+dV=(}?nJQOj))oY^BWEP>PxOy8J0Isr%PM`Y?
zRBKHbWBT=de_;?KzX{<sAsU?dR!f5iim9R~djO2?3S2RAw<DQT_m|Qg%5_7^51_|F
zj!!cSG#;S0PD4YS@j#W4`vQR0F0We(`iza<UtxB=lna47D$H)5nCy0WbOZJ{oeq=F
z6owcZL&oUpeQP(gTq*u~)n$a7pmAR}z?V9+;Uxi;Eu}M$Zpt(*Fp{HO87SCz0?1=|
zUAt1iAVFr-FIAH9FQHs>0Ap&%EZ_&Dluevf%BnF=*3dPu>MM5wr|ICE2AZ#UEE~@<
z$mPtkosN*Q&1amvk^V*9QdBuWH!!BZgP^8OqZT#E7057CQY~zqX*}mTQ#2kmAUTiX
z9Tb5Hbiwt(cK-N0wiEb?Hk~0`G(qA>r~VItJo<-xW@~l#%K}A%l&S7OV-^Q8C?4BG
z)uCvDd@t*W8v0BIiX1>|V`}KXe~FyyuyrsOXnA_3It!)q?|(UrSq>`9|H9#NltJ%d
zQi0j7YRznzGRq>5^3ej*EDD@&1pV<BI6ogS4MTOc%+}KyPn`o=n6{^23AC>1BK{<b
zx$pIk8s3F;uZHobp;Qg`E!BStGPE|T@&>h0s^9ugxIbRMReOQGYFF296<5`7eWIa$
z>r*RtJRe4nGV<CU^t%Y-Qw{Gx7ZC9@UVWgxwhfa#iGWWHZ$(W(3<fMdia)jrpQ?CF
z18wAON2eGBQ7fX#TUGG`BiDj!H?s!qg)dD!2J87AbGka%GMGXS0_po3Fq4tHJHq6g
zT{r<WY>?}{I{FUCb4~B;hENxFn=u1>f&Q%5G$Gq+jczDqBbHJd>qc!9ddk)1=H5dh
zl19!^u1?u_Nvrs?a&^RdM<8oSJK^5j3Q6s$WvKCI``w3bjocnpB78eN)rY0Z_O_m{
z0f0rd4@O-vqi_@9Jg(yl3i!n;Pc<A*(nBLCU{9?BMp*^2hPi!W=|x74n<u14l?w9c
zS6`#H>>lv@*K8zzEc`@!l2fj8YgSj&_A=zu?yvo8A8EsTG~7LFQ%Hxc!`-pQ=>vf;
zhqg^HXP`VrD|bS)+l=0sjFt+c{V6`Jcsrc{mH1l`0RnZZ4=SBp4NZs0R>TBE4&YxA
z+^R(T9T&)_qbHbqBA;JjvUj+bWoFQFY9Mb3%=0@f%o6Wt2;#(3(chu+96*EEfL4Gs
z<8K?Me}+4t^nQReH~ZdzL^SO8o%UA%=V^<a^;q7*hr5&X{M9BGFc^S2gfNHxTNsz2
zy&nIXF~>>RhE7f~Ci_+U8oJ!v2CQ!?@;)xvP{*88Y>PI{WXfKTtE;|gLtduU+zUzW
zCnNokielR#;q^H=mDR%QPupE5!o4+G8K1Xq0@+xQLn<8Zt83E965jTayMK)X^kOA4
z*?nrw7uc^$QJ{MXy9s|m2z%(as9ruw*BYh@R01=<@SyKe`i~faF@?la5Tz6Qjw#*N
zWEblBsO(sX#nn{;Y%XG=2+B?}-4&sD=?Ea*kU!gFS!v8LeWePV>Z$^#27iU!mDM$j
zJxmi5u6KOu6V#C7L`)=0P{p_=_N;8heC@>Bvr^5%Pycdg0{Oglar=<Ja1O5h`Bl|q
zE$^Cv1=bL|5+CR&D;Q-N^!?GEbxK)eA!mEv<(NrF00$%s9iYXUVe6M{UQX`yaP>lX
zBJRUK=}@i@pi7PR81o<=r!FYSS1S`zomTdgg)G>T6YkQMZE+GCB<4t?$%oWailmO!
zS~r$$UH}E=02+kK?*%skDpCPMYZw|Wf4&)w@BNvfk%z<&D{wm^k8RdF0FlW}MSs8c
zsc!imrKH<|0^p<ueAD~b-XTbXk`vv#0@g>3TueZ}iUkGt(vKfD-Gz!89MY%;vwMC|
z4$-s8c(iJ(6^?J>_T@zrw`zvlL-Z32&*#a9vDJ`KdDbytn(2}yzWZA?vAz#!v0UU^
zd_x3jYyegQ`tRu6;n{#&?QBLK)6-ym9!4#+9`eyK@Y&w5-vimMp*r50!1aWg^%hst
zkN=WXPO{Oo$Jlhtiz8LNZ0D|C#G#QVhbxPUq-=8f$ukZm>acz6es|56PevTJgYH9X
z`Jy73BT?iosHMX62%mxVb9j0EI3xN~WrwnY2ae*2U0@L)6rxu&S-3*=#);RVE?hw>
zIOQrYgz+{8lC>S`CnY=ZdE9o@{b6IllU)w7X_>OJh=&B0JRXxDw*3+Ca-ZDzCsLar
zmXaU9)FGQz%ITfuD{*g7uPcFtEW*P0!)f}$k{=F+anaOgmHcQh9LDf{CE8#Zf2dra
zQ1bj>cngNJOa2kVX%KEfxqsct0B@Z1tD9EpY1qic#z`W^{c8CN<&d#-d0m&el3PGn
zY31<2<HG?DmO!$wtE-EA98lY(Cwm<>3HNgx!0&ZvvJDoUI(Kw!Dgr=1x5MfJS?NEc
zNu@oI-_VUTaRG&PbEEV$spXaa%*_j=T+$v$@fSv=+u)Cfzm<hixs0Cc!4(MrL9JrD
z8~7952N1oT_|R7v>z9#}bOqB~K{g|H{c+N+P(dnIs9h?okjBw>;%H4C%|s_t)_yFG
zb0$as<pD%*CqDGi2e7?6@u6oNz!vYsN2iFV06>&D`6aVZ`CSpEu^TAjG{hE(-Eta8
zv$@@dQ6!#2we?^xD%KHIOep=llmU&CQk8yAzLhKj>iIyOy8_~64_UNQ^&ab-yK*a|
zFkZgTq$1UOmSizP%Eh4VaFO?H<1NH{7740mnOZi2H^j608IZpL9sA(?$xW6r(OAE-
z(x~e8>$gD9lE%}xD<<&)3w;z<-FB9CGh!pqJY`~KC*m=6?n>a@Td%=XWR#FIIP|Ug
zLth2>W%`V?!L)&ia*($KavCgugwb_eOOCEF1L5eu{+S6N?moFv6VLf*>K`EN?gX)$
z?M}S+H5&@R(+V8z$a{l|G(e1O*!A9!VTqNHdSH7QZlIh&+XO>{?MI-c-#7(>qkk*8
zDyiaGSeV8PUznO2&te#aI^HyTC{J`-hHP-%^u?=#O`gn}Hv?bv4;M{2PB49f@RLK{
zg<I9Qr&LXU_^Dy|=#)=QHyP<!`V06}BKhtfnM3a%`V$uRKzKRiG*VZAeuzE=4y(Md
zvPLTo-wPEfvn_AntsioJCH*3YiA-vmJW4Ci38bjyylP*fmglMEoSsEytDAUrmRgsm
z)^SY>9VsI$7ASbB$Mi-}HWqLe=`Q9s!8{k7(k<0=-zOlX);kQeUe@PXKweVnd31Kb
z28Scn<WdKK%70J$V6>n<Qn5<SCKV0pLXKp+vzWPLB*}_g2idq{wVXzarsBRSDd*g&
zkpv`;hDGc~I!}LcKcts)5ZminodQ$0Vs#2sVbwDT4<&mzOzfyT$XR;lI6RVFd4`7t
z(wN6>$Rs10Qw*!HKcYK?0};@452MW{>D*v%H|)3~pwrbT;&rxw_T_cZ*U_J5mI387
zIxL&dgF@0f*WsxIDDsgsUD?cAV1ktuIIMPkN{h`{P~af%)8`;lDddtz(SJv=Z00?(
zlf1uoHvNw2@(v}PL>&(l8h!v3nhhz#6q+lz_JmO_t0X_cTL7zFy*1=_4)`)&Lw88c
zy94wNwebU0-lxh`l|k+3R^_)<d9NzJNuPrvi{xYS6nY0#e#1YZn(n{MrbMuDw?#@L
z;x1*y>g&k*j^U92@mQ}1_lkBgrj+wX0F4`d=>bDNM(r##;Fl(2C=O!|Z`|vd&h~of
z7Z8)&=&}3#uHIogMnYIN7&wi7GQ7xFKN()+&;F{&AN?PT3<}}f0NVYD5E={bmQk**
z&<RyOqROXLc~5iIc_H*wn#EG8G#&vhuua(dDTG=M-kV>%Wc>)?z(HYu@H9++rCWef
zIajYMA{+=s;}8`{i^e&>JF1FXh3`KLxr~DFRUd$QyA4%tX8jvs9SxoSX3P%|P@Y2b
zrCAEKNmCTcOA{+9q>&I3!Vf{R;-!3Sn)$)SCYvAD*hKhf@>0}OW24N-lvoCQ1h3sA
z=YtpzgG)9i+yiQ3M9?nT&HR0}k=W;U9ID8ZkqqI$VUWy^sbVB{3?hL9Vu$Qz3FB`n
zp<B>?#Y*TlVn1iuyN74*j{T5jn<teAuQf<BgV$C`xxs7eh43?Wh9zocv8NEmy-IeL
zVvG~@>$cbu6ESCOk@=AyD~FF3Tk!+(nBcS4>GFtD1|BrQ?}o%;7fZUIC4peR8Mp!@
zWn<DxA!Nt*cZARYi2lXj6+*rEmW9xl_}(CdzQFeqkecwkguGP~cld<;2YpEPAI@gm
zJ1ydQzXa>rF-<-~uYy3(Vk-?rkPboz(ZASC=!S&Yi>c=L#a9Z?ud$+4PDgjvc%|_C
zE4cIbxI*VhP8d%Q{P7hPLU<7ey>KwUQ*6ei8%PZr?J1JGwc3l!u}7^vtBTtNtrM*y
zVmF%OW9U9s-zU<kyeubsQ(u*gNJ~Z#Z?|&QkW+sH^t>4c50jm|IfQECSs}E~2Ac7J
z%<tTTOSyQKh-W*+H`&>PAE1elLZ1{tMSy5+VN?jMgn|&^pJL*$@}#?j*XJgD4T!8J
zUi4|=X&-%VR`TqQG`dsV%MScxwaiU4ix-&@gh4``vBl_Vp9aObJFuwxKvZ=fmF~jA
zExhm+iWt&}7Yh#_j}PKD&W6MEW(;kdJ9nF?`)K8O7^xWEou$NA3(s$1T`#e&e?r)*
zqm?lJZQ%zmq5cv7jsy()AEb#&{JTOJz0G??8U(!14NaPd{f7=!9`c|`^EB%;u9rgS
z_cjKaFQwNL@kqUD*Hht*f(>h7OtmqR^*~X0kb-z=eYi_dOOg4eks40v<YP}lK+X<c
z`?fq6Mw4~SERf7L*<jW*HFl#0xoHZKyPG;{t;k=u;K{Z~OVxS5D(;aops}jFot)Ow
zAU6WLda?U>RSc532~`Xs`5JOF(4YYfyzv7FY}dqKrO%k*?8Rf!=a{XUG*ad5aZTru
zT}Wer+~i!$S!v7|hfqH<q5S?}<N0sPw*Z+8Cg)+YG?eU~B4=WU;XV^kYGrKA0B#m`
zV^^x)eflJYt`$P7uQSpKeTLnSeC%;X%=_?XIFo(vWG3t`0B8~Saf>^|LsOf@u1*mx
z&6e1&A-=vZYH<qT{~BOMiQZ_wl-nEiAl2A~x8^2v4$1IE-3gJ<6_V{mP@YaeGK8f(
z_o>Y}8-d8yX7`;|PFVUrP9n_+Z5#QR#N`y%8Qk`4OdlMV5y}&^kIlis0V185?J}o4
z@wP>K4d*qmJ;U1_j%>DL3h2z@=@%dMRo2jRZlHwdROM=sTDzUZ$;X>)Ht)XX?1lOf
zEsQw}JIYzrDXIu7%vosxZY+_b!J?_?rf?Qy=nm^tkADBWdWf-mJnp0Nl|u3C@wh&b
z&Dq^Ub5>8A7o2I4QW4~906|ZN#=RCH+|TSrbhk&kqyA-!RkA~$PSHp1HoppWes_wL
z317f^-e%iQwUNTw(}lHf!-zQK5wLV>;*rWgK7FW<nX(M|ZPJKwn)eWW1mXaW_roBF
zl#_*;%D_}eqgf`f()cD+ep*@_j%@N0nX$0f?S^-|FJRZg7tuFW6StN7%IT7a22c4-
zEE2a#V-0y5)}bK`{R|WorE$B(FGuxJiuZ^CBBl4N4=Xx^x(lwy8yN-?Vvvssq&JDd
z9*dM^$a`qnX*90wvG_@CTZ=6eX%^4JP<gkK#t&MK#U_J#MHlJc(7Ix`LpyE~YG9@l
z4dtlib*}f8(r3@2B^CEyyV|vRmi9+HmV4%TEF%290Dni}?-cxHL44|bj|Js2dJW~W
z7gC4GWjVNfgbPxcKvwkHWL$#89jg2iOmaER6^Tg@<L;2}qLB+|5~V-CV2WRZ{-F<E
zFf|g8xY*&C*YfcMBKbu5Y~qt=CX)`3erl55GbGK{-cnJJ(sk@=@M?<MxUJdyij*3>
zYL#6?!<ze!_eQPqowVu#I*mhRMc=6GaEw(J`#mgKy&f)K63{&!x4dLG8^mgQ;sd5y
zz$(j_UT>L=3ksnaj^(^Rp<!i}tE;FYM-xM!>-b2TG2KQk8M$vWJGKzQ(}Lk%DI?hU
z3UC8FVQ%C`nEJEVqWo?$J2xeRq#A;STG)cew3H`yS#%qbx3-9{gd##1fBdn<?&>Pe
zfC@k)_o?1yD$X=FaK;9#nz*OhM}NtP&H<vM5c(CAqE98_j=~OG7^_g?R$<GFHuS7B
zp@YMqn;^d25O*P+1X4B4k;=|qYTiAIfz^gE32-xV-%R?g2%$w-60CQ7ebrhR!Odoy
z8&240Jefsc2@zj%cL-bau~Ci9(ENY13}%G#2Xl6?kF1*tIETwy<6f(<^)nRc#qEap
zlD@LoDsjar@~y(_*{&1y%2nu)gXQIlxGP2V?!irks^%m}5zdm12Z0;9#XWu@`~oZG
zCB#A+AIMtbgQbW5{6@NDrb9)9by$(OOL*=X;LEYU#}igSXFwe=>~~;D+~MlQ;RHEa
z2>%f65J@uMD{OfJ0la&03=6$GG;yDs5#rjrNY!3L+}kp8PVicWoB<VeSh76Oward^
zHZ|_T6IE-DlOD)Z*n^$)0`#u9@0(qFm@(-Wl3n`_3+*iwceokeYm^w07+{wognx1~
zYAmOBudDYa#HImainupLczxuYIrR!4m!*i?Q|db{Sr(6{yqq*{t5==))ii+Axu)~~
zisD^2p?KRjP!yg+KZjVR^#*dgge_ATa=UO=0D3^C;WntOE{Wv5q-qx+Xq9)_jxroG
z7=E@6tGpNf1A?}WrpCQ^GHlHe+>UK{1w}WF#{+(vhD8-dnat%QQD1dK>^e?EM$mEh
zfb@*n7SdVR;nPAhFqe;r+lXaYv!ryJ{DOO6^9Opm=_&#g1i`t$ONW}KiZ2Pz;fWo6
zDwODbVX?s)XvjN^sYB&BplgtK1Msk-i1-q$7uC?)=;^;l$`7R0!CTIvTRuldj$0;r
zAyV~@&)ES0lM{KcxE;ZnW0|pIEcG*B{C#oycb_AB#X}{wLUH@@r9?y4j9X^^cnTSP
zUMe#BfU_YV%|^dJk7gJij|ALG?}V&MzJ+EERgK&j$;oB7JBN-3OrqC8YEoy?&(00P
znMNfPrqI6EMGi%;rfTEZ=>XEBd@=FK-pM3W*uP*Jr+jLa-ty6(j4-`giLJM6Drc2O
z8?rO$JNmCz2YtQt(KI+z1#M=PqIdE)_mis5<4zJ}J<r_dp=};)+tn|I+BS+lcy4%`
z(B%`IN{8AsmX00*Fg-5+<1@1{$IQkQ-`p4h8k5Z$)8V7XoaUY|j*T4}GYxTh#L4#K
za}Svto0)?{eonWkwdaaz&q=q?*PssKJ*V<?`)5Pw{f!1nUnCo7Hyij^!wPI*-WR6L
zFTq6R+z-$d#mpI)9LTS$rj_j63A*;8?AMAdP-kF!wPp*Dfqr*~hqEZW(cwwWP&e=$
zo&rmU=Z=gH&z%`cWHQOZ3{6o4bw}5ntS@RjDuk{xoQ`3kc#i^^sV(6&&J7JScPQf<
zQ%Ky^TdqHfNYG<eb8}qsYL3?!0#=1}dA_!d;c(|L9MCi#Tu~4lj>L$jgA9R#YfhCH
zm0-?|KiBPqeW5KeY;1Z8Pn+?eBTCiE)d6X7iw#7>`MY^JbFq<o%$$D3pouUc!W=-G
zX-Hwm)Kq(mt+||IyZKtV!$)^tFn8cUibvypId6#FrHY70+qyUY$aRKX#u8?*0_^Ax
zmx-G=_TWM;sITcL=bFN2<kUd#5<P>oSK!8`68YMf^x%jqh9Q-P4QY1G5N^}eS$CjQ
zf)Y=Wu@sM<uEcFJ2cP^6tVSlWk{$$%^bCaSv=1<2TE9)$`fW5MvB5QRk1+GFKH}!>
z9w2;r4{o}ma|iQsUpw8r?ZPkLRg^m2KF6|dVzrTb8aL&)P*keTNE_sYW|AJci*%Y>
ztG&!mK8Ni!|KZpTXYc=EInkkVpaduW(f=I8#V=1ODl2eG|HGmVu%ckj2XRWI!aQQW
z^#LpW<tL_>cfht>ZR~cJ;F+Pu8qyd2B843evUL>YNoC2iV1keCe*j(HU^s1tcup~L
zHcn0+2(z0<XV8x&d8W%we{%%gRoNM%arU|TPro^3qaY*Vv8%;@NIG^bUJPqy!qw|j
z<%BB7sq~I%;!e8%6o10ljV8u@blc5IlRin>>Juq-a;DN4PhFD=BMVI2wxp}w6@lL3
z0v6$gNCTRl0MTwnR;|qS1$Vb;BaVLD)`}+$<bsAc^ds}MLrF4s@RYz=luqx!Z;O5y
zDW}1MzFL;yrwE|b-B^Z|?Vl@m6eF~9$F5BD`rVs}XG_&AJi5@Cx(}YH3IhdZVfs$Y
z_+(d(?T|i_JXXLJ`W#Ky@IHq%=}IIA_{#;r6#7ZI=p<gA%yCu|*-=9V3ZHQ(9f{~y
z0(t*CU1;#twpz>3In>)jvgd)EuX+<g_#_&HwQ<wPD7ESesZOX>aZ+`q_n=j+b;wfm
z8uy5DZT31_VD{r=KIfj#%MUBp^3ek?xb_xu_@u5aNa6ZUPFmJhHjpmg4hT%TMIWa<
z(mj;2qwQ^ghD19i`Z-eTAeB5>$`NnE=Dngm&XFnyf#;*VTFC=W<oHds*2b030GTU7
z_<1O&P>w@Pw4V#iR%OThI`=2*QphJZZ`{n~J_Q9p%qjQBQXTO+$kUwrX<l|K{rLwN
z&SS{CC%^1FHAw<|7uYy?5+XHCAFIvpX7T$>Y%z)9`!vT&;mJG>_ZC=*WFD_B<e`&6
z>8RzE#w!+?cYiE|g3RF4qdATfKS1+p9j5~HLU{7<bT8!P6)n&y&0b+33cc72-)rv(
zHVPIwn;d3+dQyi<({Ewltar=W%F^@nyBUxZx^)<opM&skS@?n$VtA)JiI`CBYT48T
z5qk_?2w%nnoJefQluxtG-!|mFGtQx#C*GDG{Zz13INm^OYUN_%l$p-5B+E|s@hnI@
zPBT&2)r^%{24e>*O3lv-XYiR)i=3{k;09QXvVk|`Cn{kotaccuSd_8adGjH+B#~np
z5IM<3YA-ybEf{feu~w0@*hkOY&knSp`GJADQxSF@r#!{yu(`qJ4?whHyjp@NvYp|b
zIFqW$49rvmf>@6{U5PlKjO3v2HpUI2agpucF^O=4V$MG^7n`$B_U70ae8byw@X+`0
zY3=S*%bikZfWsdUgZ_kB39A!Lra0u0#yV%s@Yd@8sx0IUb(Xq`Gg7e%QtpH`oOA#y
zX1tC~VZO4OJngJ;ozZQ!NNG6Ic$Kt&C&K1%Xe!QOpnfs_xa#3m52r-<N8~F3j`TA&
z7CkT6o^dqbcqUOn-|j(qRQqSkYFG=dsa1*frQ~qo`_Y&~o9mpTRKyLX`6Bu!YTFX<
zQl0Sr3S=u!q6dRMt}{sC0|Tj8&pi2EQUzodPeluew#cDYaOxahdjvjsbq=Sj{An3;
zCw%j#NG&bpr7edBqM-;3RP(}8*_OV6V*~~h@<QK<Nj{#mFRxqLWpXly$;qG_WM>U&
zbdV1V7XvpN6TKji!{6X$SIDA-@<q=)_a$v(QG!fVy-rxWgdbEvYHzz$2#fGx`^bG+
zc;3yFrbP5AH&3}bTlL1**#oov=p?b6b1&!RQsrurw~fU)7S|S78FSl)%<WE-xlL4}
z-NO@iZ2Ja(Tf{?YDt>TeGp|0w6R)%IsMVW*b;u(8;Ac1qL4Nl-q6W7}F=lHErX`To
zEhn{Cv~m4vtrM6d=C5_CeqNo=Avc-N!_)2O<(ifSX~0270S7UFgQRh5#|0ZlAqRPX
zI0w<nww00h^?a7*)E0e%afBGs5Is1@oydf}39an@gvzT6tO?+4RSvD(sy>`h%kGcI
zirE=4c88LneGB`s)^RtKywIx7PiV_r2^gv90Jl&Xm<=lj#9@=_dc_0`0Aq}DBALt*
zpmW@da4{JeT1<`tyOZpL{hfVdF<HnK6Z_xnY*<X7zt=NHyPk(qk=M#j8;T0fn=15P
z(Hxh^GuV~tv#fvT!;??0YS69rBx4?cZnd*+WsLdgTda$|!k#N)-Fg(emGR?+-NO=}
z8S2)B!@5;;sy4MOFTosq2gy5UC!6|S9+;6W6?uyi9ix2O14}c|W+f13esxV_rgGFc
z`K98G8+sNHopRW4^`5+d3v?FacpvE_NF_(yw^zk)AISVr&QRKO+^5xAehqb>mN%2}
zSn%J1`N)L%NM5QtlxKMhi-kD%=`}r&b6PTI`cRsgqX%;2(x2nKfp{@eEziu8>Fll@
z5Bk58`A*eJN}b9~L;74D&yXy25~p&_0DdFokgcqL$i{7Dw|fzv_vO3UNeQ#tD#}RF
zAfDNVm>@qy7a}Ff>F1Ht{PnzFu&vBx+<sIZnJgFz4dgEep4l}w+yy)nKpwlwk&Hr+
zcrFbRr#HR{>A~G6gse!$k8tisczGGjCPs*jcaryUnk2N1GlAmN+Kaa@Yc5maZ$OY;
z#Cs8z{7ISmy)bu7u&rz{G@&QmG9W+>ITM{(ycZ|U=aM2q9O~i8_c-+#4k{$yL$)A<
zG$t?%(&Zz(3IK}{KwZoy@v1ZFGINM78*dLbW?JM-MtCr1zDjowBhf_q#^y2<7XT#d
z26?7Gi_(_%W^<A}nJjej%k&3<jfK0UOf^GYFaoDMa6-Aqb{uClMBNXQ`U>6zqdj9)
zXUSvT<8g(B?)E0!OcIdOl9DXMsJ!+t$4I<wTc5|$-qziVXX-)Pt#qAnzgu0iaj82C
zwXC(3<WkZY5WR7*lcd=?dOe&~nt{|ab<oXzeBry2bDqS{lSfqsuIPMa;A`Dh8R#`~
zdr)>rQyg{!mhD`+?c|WXV>^7Rd9dQ4^XTBc4P$82Nz+JEe{z^XBYA<tZKgG2?byG*
zq`?+NwB!Oh=Oi<~-*s}xBF<`SJ27Z}uWKjfJti-qLbdPrFi#qJ(utQO^xdR9Cw;VB
zXNu~0`GG(NEjex~To@jELvi(=F%?%C4IiMp4ysD{OFC!=8P5t&UdCYF!=RPTbR@4o
zVD=9{q8;?^MjmQ0-XFZk;;&n&m02BwmmJ)Dzb%enUzD9$EoiYSQEMn7Ei@zKuTt45
z*W_W><o%V_-{QGd+c7+>dJtys%j}3MC36yx^Zw8|so-UhGAz=lm(fNbrReWzbI|>p
zD~z^la|VXKt`B`Bl3yn8tgbO+Uh`h0J!jYfY!JlJ$|j|#Q{8>?y>tt7CNrxgw=BjS
zPr9eX*-p+C+{ppHbqejNjX9D-Y0OF4*agpm&FwI0D_bU@VQ7<8`OO~4ZrwBnceI85
z?E&6L_Z1?oU&ON|PV&P;?0VsLVL$h<(#@`QYneD#?+o@&k?o2%FGWuc_7}=Fh$LbT
z2;f`iS<S75kcWK~2+u#rZts%s3HDEw(mTZ*+%(pwx1<$skg|%GuqfO|)hEFRDusH6
z5_ig@09?*yP+aj6nVXAM{Q8hd(ykMIa*nY7UEy`d!rmw+@xp<3mDp5$Y(0#cRhriF
zZZP(D!K=4G^m>~T%U7aZZg0-oTL5FeNKCA`OXl2%*G+;T$L<umorrmhcJp#RyF$nY
z(irk=eHj5E>sPfoHdq@H*zT>nxdZ5EAm6&%D$i27Q>65!Mm!`FT%Qh2ythbBth<ZS
z_i@)S&)R9Z4M__6DPic&7BR0NrI&fK+d5QW{UZ7eq^L6iG)1!Y)h2ElKG1UXyg`_$
z-xygY`va+fexJHA15b?&T1e%zhHY_>!L2^}>+6gtYTJ*1O6@@U3ZIa^W1iIxMdZ<-
zVWVw4TPfL*$?hwO8TWudO|B}}xHZ%IK2kolNshwf&1p)fRf$>UUUDef&D)~*a>DDd
z@+Vs~mLl0NzXAnkm~a;m4k}pACL!Wz9y)3DrQspt1^CRZz~}ffe9rLTv!ocF^;>fr
z*eh!pdySvTUa8aB>yD}HHRWD-?RY+QMH=cume$AEn`>PHZw>ULl^70pCxHK@z65L=
zPonI^#MZ~qb2POAp6Q$=(wVw|r6zYN)$nP^vhxM@c@{p+gD9=r0VrUlKD>JeugJnP
zDGghXqemoqCo3fg0J<^2+>0;`SoTe)Qo2m1L{!fD<ni>#dpFPA+V{-OMs~+#xns8?
zgz$j-ZjTT~|7P60Ru1KZo)u%4A0D#SzwEH0+Lc~Sp9UuB*HiJ}x7}EmXRPC^>5tp+
z;4b~%w~|*bspXt`Cn4IdHusi0o|6|<)75QBhqC*s>B_dGJK1g3bV(b#h@d*TV9|=U
zAy=|Azdz|n*5cs`o-2M%PHS4|K$Wm*QyyB7<s8JHm$K?#ws7d(oQEnD$u<^p>=uG-
zeH1fyb~`~sO)qzVddSwV_DVd8<s1)sY>k{sAIICaX5b-l=&{Q(u5mHE)U~)ovd*oh
zi}7{_kfE(D_J`W#3juC!4OMk^M5f>GS4;4Wxb&`BK$Y&Pruit#Q875H#4mj-V6CD{
z0ovUTuxZjG)m1*)<s3R}XBzj99yV9IPR{oA%n9<F1}lu7gT7G5<EJ{YGnE@}QjaU*
z$J2D}#tf{PzQus>6E|7Tp}GsIQ6<b%k*`+M$X`I?=tP;!BBi6$B=Vd(3YbA~)@`yA
zp%Sm&CcF?ShbX<+NP~IBx7eFg9#*RyEfatb`^u^FTjsTGql`54tduf9&1$h5qNCYb
z9y-Hx9H(?YDq`}>!Tx*+7<9V)Z%`7~@vy-Tmjq{7gis6>R(o+ia92<@%Js_&_0L$s
zG4lc{L{KylbQ)IInNnAmo>D$1IBS`76|ub&chM(eH4^Gj!I`(o9O==sToD*fF#(N$
zHXM(E=rwX4t2|}d!_c5E`4YCp4(ntU!;uFR<`<_+bHit(lJE)K%a(4Zh4-0_%xVEG
z$YD0lNW0NeJ&W>55E~>wQkA1TR*k3OPDp7TDHiN8%;1b=GiPF0y6TonHV}>s>!1RD
zGvR%TN7LD9(bee?RoOgV%9xWpE4mY}FL1Z3Gaf_oN}HJnZ3Br#PJqykR@ur*t?>%Y
z#-n5+8oNuN&e>}p0l`<fYOH;j#G~g^G){0w*F4~(|3c9*-hJ6G-JQ&C8>p$q0^Ykm
zSU^Q9UTvVVYYss6vzd}!SNr0{J2wDUcwmf_SfU;fut2zL52Vz}Q;ZL>RLRkqiXhCl
z=QeX=Nr`We)5$xn7_X<Y5^#wQBVT|yCYU*ys)L&v^+gj%hm>u5r@kmpzG}YyLP~IJ
z6y`@^N9FOj$5&lhi8nDrR_fNJ`>SaCc{Z<9G|%5&Sy_c=%?bd@_z+gcY-Yya`5MZA
z%L<$X{;G}K1d4F&`V#j$66bE0gGO%LbSu9sgjPcr&YU1+cxL9w{rKoD?C=l@^Y?sm
zw#yDE;tHM-!BctABXplRm6OqE`>$Q<_a_a<=52OQ#Mu<6ta)qU7oIoVop0bTcuHB}
zb}7B@SS#{>eML2niIMBX`xNDbOO6}44(#e4^RP3%c^1~h9)RNzPQ2n0dtB%cpLSpo
zl&oilp+iXrER~r(DmwzzcS@as71S+<frJr+Wx+|dyvZ&Nb-z<1eYa${;ju^!WDEY>
zB=kvL(Pa5?vZc)oje*c8AFbU7jopvAXzX6xJ|kQ9-2_m41E84!82hn2T5u!&mVNAe
z>z0U_u?#YL$QD$brVKD2=J>17$6N4J`det&DD3pn&so&5Waz_Ju`tX}kG#r`nrjC>
zz$GlLgbqL>#uV*FtYpDQ*Md-CJV<}`D%KgWYnyyan>NRH<0=0UBn_(1gzD3LG=u;}
z-%Us($z1M6^ivqEbUNqDUDb3225?jd`wwOTUiMH8WXO6AxVX)Sfwtj+eZvEh8v($k
z&R5&?tcguJu_fb`XA{U*OS!>tyVEP5CR?zDsaP1qF)WgISV@~Js{oU2|DQ0aU5a-?
zgbnFIfO1t6&=I7`HR??IAuyzHuV1>gnm)?B@hyH?Xc}NQETmP_4R{Y1>8xuvFa3<5
zO803eC|}{<A&1(@jt-QsmTprvt+Ght=s#fe>Q(F%Za%&1KiOpz^hzggW;y7xb{r^}
zTUz-l!ftb5PW!`-c%qM^9tBYULCh+jYoD?UL_;W_a?%)uW=W0;cH**)!;{Z#BiWPV
z@i_v&k?sACSu}d8T!vORuBMXae+_kP;_v{*CWkAcZF0Wy$}8+H5a0xb9W9Q$=FC#B
z+^79uJUga@j#D|-<`Hui%6)7M(PwRCKl-eV8}75V9V)D>(ZrC?Scey}M$yRpmW6rT
ze#I94=1}T(K;Pr;Tyv#GYzaj=!Whn%3bk4y>^~&zx493kA6*#r__P<YFe#A#C|zxy
zm@Q?_)$(Z&D%UwQaXVDvtI=2iK6d};<a<$ju7r4qg`TS!O0Iz%mGqve$m`0I0M_9E
z%tx64r81xbS44Pyfw&!3Y$-dqz&_sDvNaXU)JNb|mAM#|k5N!c^Hw|dlg@X9*avG~
zRQGCI#xrNu;J@KX(yqJ3AgKy!p=^w`9n&7qSNd;R?+7l)hQf~r59aHFa_yG&*%*-z
z5f}2Cow}{VVwvN9f6Y5Y!`@wv4u)g*q2CE!C)9;B*o`z;`wkF`^$le6CJoMAEsa+;
z0}YNL>l>2fxBEX#@{`{|^2?%sh$P7mKvemhdj>lL^8ifFvDL$_CmArWC#j~nzrsCQ
z1XAZV5C)C+%bAzQ3{ouW{`wDqQlWxfZzVTtVJ!j4p;Ghq(8Wh!Fb4+I@h@fI?USH#
zBv)P|*8|1OtW8KF@y3<ETYX(GRtB!iBZq^Ou{)fUfrLDgh&{x^-AL5m#=L1L44^L9
zF=$oIAEZw)QAuhY)kNlNXal?04&;CVwUL*zNjp86z~jELC(wu}p98tF?GX0Hw{h<}
zGPMMMdU%bli4<rlN!dc^ZoF3mCzn<_uG&WrU4kM`JPf2-R7KI6yw)LXi8J%zmoNoT
z8`0#iTCzi3Lg*kf5|kUl{;n9_V>qmsrc2C=1&VpHYpN=DYrj5i_OyOaOF7zECJXy#
z;lU#4g6@{!+mOhYxyM6k*17KZx(lR{FE0nVR6Y))V2IsH2d^}Cb5OvV80iGOI!n<t
z%R+w*Q#fE(OC4INQ&W#XIgi(qX>;n;sdGG@N94=oG93xM68ju)=v-hM&w1R@b-hsb
zCc`3xr$ZNNr4xRG%U_V^J@e$Nz;x*{C=`lRD|y|fuH}KfJd5l_|F5DMI8s7*+W>Q&
zAl`)OFFXI&hS7!B&sw^HkY4~khlfY#^fvRz<XM`BBHr=_7&oS$t0M0%1r4nRJ3k+9
z9N&nJ321y4Lgf(o8@!zXNSgFt{+V*Sr4k)|{(^kluZrDxMPGt#Je)PwH4IVt2vXiq
zV$!*fPT7MpS6xG;xl$S*_Li?s5yE(iwl@`L7s!EsKo`s``Y*p5oI<5s>)s5sZ1b)A
z*xS+Cmccggfq>$vjm~<qpwwBfI>cQN?a?VqDZycH%xYPXH?Fz4?V1M?VrBx;bR%$`
zJY*Nm&5?dg`@&$eZV2sBY&H%dF1><?kH<KWA#YkkrUJ6LZ{l>+@4z!?`Az+1u1Y!!
zbJ6+(gO1KRhkihKm~cT97===T^1ekL8MscX+4a(?&LK@MImIeLl3cwHT}6t<zX{D#
z#U8abq1MLP4*f5XzBisgy!V;Dg8fWz_T#c--Ym5G1iM+t-7cN?(RL77I=O-s7}tu$
z8K->omuBPw78yxKz6g=6Z)cz#BkrS5w<b?7CbiO;Zzdf*;wkdI4O7i3e01fjOzLhu
z0{NtzhP=V}1t=-C9)j4N_#kqRyF+@aXa<9O!bi8i%FZ?bj(2F@i;Dve&D*^=VD%Xc
zf<E)=;9WoVUXfa5mnL5E(VW(#?}>@h&)!I)bcI`!-sE-SZ-40zu@BCoPuqzNgIXv1
z=sknA0pF7HcD`*U2!@>S(QGpfQihCJ5O2)DzM_}@izPDM2MtPSXK$~rk$AjR!QH?9
zR{AXTOJH=JI@QD}%j_o7p_kxQ7NFH|&3XDq<k-xy68G>T8HP*xvL(AY<Kgm$-j!^N
z<jXLA&gMMo!g6l&t30`+?=vrD0CK?HSsn<XHm3%!i<F&3wGMgY{|1hK2EI)&0DwbF
z?0pSfRAtuqoeyAy!I^3_DzdvPeiTY7YQShgFe0s^10#cGXd?_VILu5l_oB9<=zuZY
z$hOtq_AT4Y-M;K=tF^6c12sT%OUiAn+@i92*l~-J6)a-jbDn#LnZYFgzwNjG|NHxU
zhr@I4^Zjw2^PKa1oQFD>?gwEjPN-GWZ1lbom5nX0gtGBh2n%@_7dRvoYxVEY*G^xp
zE-19|nx^<hRrZaLk#Ufbz-2?9szqE((5U0T#K7{#B*>$HVR(&TP*<56Z;1^q>0S%{
zp>Z6!{grUWH%F{RMAT79bmqEW4rOloP#s+cb<|0x8s=r~57*0O<cf&sTf}-9(vrV^
zobQZ$gW7jS!RvOS62;~Fso_r)KgfqKM{liny&PUh@J)CKryc2TQzVwFUd1s>C`A>j
zAE92(cK%AT<K<9C7I%@R4Mh+zhm@mcR4K_vIPK-H9WayKA5gs_UHWz|LGTXvz8r;v
zjRHoG5DA%pOAEDKyw*IlZD9@-JAs>+^eQeU1aWN(27M)Y=0$o+UQRN9OEq5}J`B`>
zUKW*?qJw%!DlRe=7FOQ5c}Sl|_@X>jxqpJBVPl%Gglc|Bzf5qefnnhE5XVg4w}T+}
zep8dyJhP_xmgluXf`7i+_e&+iAEqNHkYDoPBp3texfS?$7Cr*cmT#p?621dTp~mRT
zQR0EQKhb%mbew(_=Bv^>$g9Aj7Ymh1xHZMC4Z3yYdQr)JDfI)z@XK)@H0o(x02WsV
zZ%Yo|mK3~gG8rRz+^57FG0eh0a9$_<ZPeuz>|C}2)eHSY_*!VKl9BHwQf>Ahq#p$L
zVDNL=ZA$ROL}j`!n<*r(O~vCR&|&c6Kvhv8-5B`7pp<}$89_bK>6ky^5M|+Tac4JD
z3Nq(4Btl>@mRyf4ndn8XsYhK!|8Z?bI|(ojhB~?@85J5;A&)!;*yfNvqi8KgRSL2m
zFlpHRicn)ExT8%lYH>NORp?Z-=?806`hLyk-=XTWGjyi@s?bdR*b<BH3ytq{jec<X
z3SPB*MQQg{&<K6)bj4~+Yq#9@iNbeA<+<k6?}I7Z4>V*mcMI(=qpPo5=~4T-6pD^u
zO2e^wyf(A>D7u5W1Wf{VI(W$d7>^Vo4*0ajd|A^xImFwTFZZ=6eC;&$!$Yw*7li#%
zUou~t+}AEgUyp?IAo}sOp&wi<0N2LII9>tcF@T2v?!y28jR183YXOA3yH5D?ww?f!
zfJwkS3Fb*Kd%)}gvlq->F#Eym2Xg?-fo3HxLo<pVMZc7o5X3?s2Ot0gXk&nSJh=aE
z%wgoaSbE6@@)%VkP#qz^&D`_>+?*pdLQ1$162Cw7`vFMz);loWzW1P}wRh0+hT7ze
z*e0piCgodbo1o{rIe5Phpar05o??7wW4^-oC9S=$Xze{05jEyb@)K^WFTp2mg~kY<
zcSraGPvJKEQsMgwv#i;SGpW&W>%d3`NCB7vFcV-7KpsHJ9kgwdp{|p`Oae0rOdXgy
zFtuO;!MsZirW#BYm?|)pU@D{AMyw+@{9g;u2=Kri5p6S10lAK73;G@14v}_IZ6~T#
zz!T=GO&Na&mKSH2G&@5(aIybcNXc)JC&$|@9^1T>zm#10!q7rGURBW%?8ZYWk7aX-
zL{6P>g)i_a47rcVxUr9E{mX%wZ=i~4RKBi3|7ia_jLg^dm9IlCE#2Ur$<hIS3c2*R
zl2!^%O%i?^(nygAJP^6<K~b+82&w|!a)N3jRI(Cj1Li!HaDDT9nSZpfFe$aaK>wY8
zp>o5OC8%JV-0-G!LSi6b6jzRLuv{k?)wl=#3fu!fR%jI$b#Oyzj6%5`*LsGu1SnZf
zS0y)_3&|)LXU6aI9nj+1(F91f$*5{n1;(Za^GliyDw^Dpzl4&@tR3J+NwpMEL8a4e
z>noNmKNu34v5J8=IaMOmYWa)w-_<0dHuL?Q+@F-*64)qyD155mCfu&RvE~Z$;B%C5
zp=^tP8kzQ7h;b<j@<}LwAK8mD<~^B9beaZA)&+yEVs4PBnGMXD29ii9F<Z#MCp42}
z(R0{j*B~d72d^2Z?*~{oQ9!3WCWJ}@mT59c!IXbKl=7ZG(3DXq-y{j;-Kd?RF;>iV
zY&(@9z+F>6Ehx_7qaW1I*KAZ5noBHrdQMkp_Lss~tP~F#K|md<ByU)WL5wQ>8{DgY
zS>UD6to`kphWV(k;gqHxbwcaE(`+dN6N_}USfp+<9_Sd_Za=i`zKM>mI;rNNp|G-c
z0V}83V^9gk9>Gr+_Fq)yOu$`~b-0WZstAx@F+vr2jVc=hrpJQZPC^Sm8L!+zogJv$
zUO0wK1eiU-{=Ras?-1J1RCEUN;T>oBaoHLCbar=s(D{$fV+jZO-o8^p5BSo7kGvFZ
z-{*=>&uBgPTch%5^x(H<)WTG7xMFdNF8u>|Q^A|M@BO}GzV{j7knoQ19;UN=pO%T3
z)u;0zc(ioZ5nu(lg}%8;CWjg1W5_rb7z+GAF)_9xF&GTEEl?NqETgIrM&%Sy_*~_i
zi(%#b2jL}?BYqm6#Znc6;t!sxRGBQnF_XpBU3ye3kwy+ZYnP?DxTna39t(qGrih0(
z?gD&->K?!oR?~Lk)IfU-MoFi5J{{IAxJxoiwcO~8alBUQ3KiHf5G{ke4jb^3mqOUi
zUnP2ptI+HjUEx<n&K98>)<d{7q1h8_BHw;5$&s}<$JF>F9dBeCCS)45>)G_TGfP#P
z?falRsR}JsqbO$1q<IJ5kPo9)PlI^ajO8-!3hXg;Ptr5&Hj1(oVY-(hTm8+`q0SYV
z86=rmRQViDsRf7z(1xBWS#)Ze2J{qonPQ%H=-kKq6pgjgwqXOE@A4b^1%tN40!>cj
z!0h|p3hLXJ@)wcYo(|D!p<Vb};3isW1BF2z7jsx~zp|m9zeH?cJiTWkWl!V5xwnKi
zar096vX|z(Y05hGdnkoaJb=3`s&tjvD5kVL3rW5i^z+C4e3x{BESadD7B^n~^Qoac
zv<dHaA36JY+=oxm<8cR`ias7!{FHd2tYhTkar{KGLyW*TECQVvf$vaI*cVu4B1_&E
zC8E$Fx@4%1@Hx8OV#T7Kh2pNj<z&`SY-H|J;!(Qebm}VlE`Z}gaTifMD;+r7{yr6s
z)Rnhl#XR~9o<Bc<Dw*}O=nWM=2LWo{ZfQ=*LO%QJ4{LmU{u!LXRg&B%#IYD;1mE{v
znmh1duvxeg_n_lppiC;O3E%Tc<i^LT!q)pA4JmB>>{m#scA`A!>zDDP^<Q#I;q`z5
zx`HV%4$n&^6cZ$s`ZgHV^<VM|7{h$+8s8T^B^F5te1~eXo0u7cw_sGMS8$2Nr0I|1
zFuW-cM=pMn)_VdqP&+pYG^7%jG|B1Rq02GSTT1D9Bdn3_fD|A}Hhe(!*%4H|v$Xp#
z3U*YLsoG5Lz7MTl#GO*2Fso_!wM@FQ$~Opg(1aV|m4taBB;FoA91?Fe^$+6momkZc
z7PE=`zEf1j*}}!3YS~#9;yEf-IS9j(gxrDo`ZkYTXu}IzPLMlJ;Z2t74^tIt5PApB
zWgke&tUbZc*Z1+U>8I!UdG*l6BbJiLLjhu(?C?0#G0q_0MNBj@U8t$k=$?WuhMx}Q
zmdy)CY7QTiI7w&I0vDqkRH}kPr$0vb^3|Sb2x=N|m#1_=$rKCu=6R|YQ`7J^L{HX2
z?Vv#K2;U)e4Xv=)zzPhDTKtGv^u$$)?G(6;=H%=QGz58zhy&bA3-OByaaTcW)cnOF
z&Wn+_C&JB5dI2H!lU_i{?)BpRlw--~kK+PbC^I`AN4;=Mh4#SP;^k>2=|SHc;(nmL
zk4NtZGCn>u!Exhh;N7_EETrk4V9+8QBZGJ&A$egNDmR;Oxuj2`HU^>!TqMj(h6af@
zk-7I`$u}hXH>l}p1G-rgu`%vRoQysZq_-B~Zlus0OXlOzb1a7*8_I$jFG1nd7#DQZ
zcr2-fT(@0BMhi(Bro)vkm;6=0%Z<vnOY<c^k$ii@rRSD!f4A)%^6j5~O=YPUwu$m>
z2AUmU*9(xe?L6gMjQz*uTbhS+%C}M+_k+<0PzSIUzzt9da4W!)Z9kQKi-`$AEc9N0
z4uIp^{uA<T_Ps;$ZO`^|%C~vjX`7(uyBEXzT7ZYP|A>5xzRyp-rSbkB$+uG6y^x0i
z0402?0dxS#04V_1-TPC?w_+Wc;QtbUN`UqE{zURE<tCGW`f8hvguM6+9ebK{Wpwdn
zjYcpKp-y7@mjrl!sj9VBrNTA9kf>%NZ=RBP#fzH^sw#P-p}(>8Oq=0bW@#Wk{a|Bh
zf1BY9lLIkT$%1Yjuy1&)Qz0%_G^3q~c<D_<Eb!CX3_~w6fjuHe8qjH8Gz^S4sOxHb
zsie_^j3aQiA^piXJ*rLUfd6WK6pHG79|MnX?)z90GeBfeh;JV&-dPr6|CPw#07WsX
zTf2c3{;DOQlD25yU7^_sHXHM`_>aYZ)9_z5{xjjfTk)T}nQm|?;E&*WrO!$wfeE8E
zsD2~#r+=IJEs!EKfUwU&0@msKWTU^hSAU4RIQ3AWiRx%Z#lFDk7xy;2%^4I1ZR$SY
zG=b38_6x?|Q%`_fAg%8sUpqwHgVrd5p>+?Q0V~!jI#Q1mRWXHRgE;Goaf#XSO}Gy!
zBH1{GVRqd|&(MllOom{{4Oa~=(f9ZbC;i1I_$$b!UDE#lU6Be6s(>!j{inc&(nH{$
zNu*>K<!0vY8XA5m^Y`Y%LyC6NQPEDAFE%$Pi-#B#ingZtO5FW-DY;0DrSIWTa^3j=
zc|eB0fNc7|K`}M;U!ne-R=K9(bG&fcsMf!wsUM5mFS1kQEl2tr4TG9Lx6Iene+%K}
z^A`*I`i?v%)70Z}PTwbk{$eeje@PGwz0Gq*pUzj#=W3c3#nhdN=bRw66l=LvjVd7_
zJ80Bq6c4r=dQhfn%NrdN&n*-Znih<nfL?Ra<Mknrb+v;s@F^F4PKf7IsLzS$^D^|Q
z3;6_J3enfZcvRa#K#b6u1VwOWY;a7nq|@XWYP6{(z+&9_7d(AltJU0b0PPgA+MedT
zSmkM^PE%hbNBMeCuBrFP=|$@604M4)<N4d_RLX!$EH?i$^7>9%m%DdHkH&L$ih_Y&
z*jJ@o+DY`Sexuf-@Ed@Y*OG-TL6m;{hF(p>5#)s&J437q;pnSMLV_~LSRMPFP}>V=
zr)byr`)h&y@6q^<&=We^CfS_JHT6&9PTNFI-58gj1L<_rNpC~Xe0_)a(&ijlT}C_~
zpMx%Kaq&Pz4B9|-(4a+CDTK<$!RR{T<3qw0Z}8O;hPwg9kyvO;U0rQ3o_nb+E>Tc4
z8H0@rVq*dm^tHWwEOmION>&xD3Zj(3d_zSQYOMtS`6vM!w3^NNC^3!^6k<(h^D%WQ
zc_5}q26-3SQw_b?+E~JdBXpmYrXH!^q9#rK!L_mZ-CHR4maW-yFre}ED>q&OiF-yb
z((KV>*S*vQGCISNrb{(@4r%`E$Ipg?d?FeBP)NoN+@7QF;FXI0K(>&ec=L1)lqn_O
z*Dr4@j9EXb=~5w~aq;L0`6zmXz9#0U0(;wc>^D`iA{2wk#II?|fVE1k?d>EupH>p&
zd#e~p7mX+yLlO9yAy)EvT!!))PX?h|=nZOICtq+UZWu6}1VL2OP)il-^w4|56c{w{
zE@0efz_<z@pj-^1oZ<)3fT1C^nio|SzB8AL2dUvLk<(Q8HTn73+0fYCe-w{@`&tL}
zt=^wC&zI9!wZ0Z5xK^~s#WNIR5Oa{}_8GKt2{+_8N}LNfZl<`gID{LMDtxv5@!T^I
zVIqU*(U0hXFK6Iof}m*2i=7xBxEj$VPW0=e_%evKdgLowtD=1zjU#^uXHe~FAW2AQ
z=0+<|$0E**mIqW70#o6S%g={q0Ls;k>J!DhRmCjVw*j3S`{0mxJnlg}BGtW?s#vVn
zG*se??IhC;sRyN#86W_*(ET3|MJUkuY==mj5AFC71v-0oP(twVj%WcteaCq#(7EMM
zwCo?DK<Bkc1v)njB|-9coJ)a@?jcFse*|OQFDgr>$FRwfS17-LOOXB?6_@BMP^;Q=
z=)V8JMew0)&e4GbSRu(3a#TL6lJU!iW+hcPsg?LBos|UPptq@5SHD<xB|nZH!?`$W
zo^m|U8c|I=O7+7hES2KboK*~YC@4-DNn0~D^_x(=T8)yV_`#({MUtthCOT?riJF=^
zqNHXL8E6D^Hu)DCH7xljHB-oE)SOKIPR%Lguhg7I{zA=}<aKH$lUJ#kLH<b1IpnEE
z%ujZ(CYwA=t@6l!Q*%DKhnfpW6E#g_Gc^~J+o`#Pc&K>`siNksWF<Ar$<5TPBt_J8
zkejIKCO1-(BU#j3OJ-1WJ-J58!X9LGNHW^)!39!s5q-rKQxZ#Gabc5ucL%;=KPEl&
zbsL>xp|7|`O5UfhxHwAQqOZ8FN)FIh)PYQ1qOXtP>(h5&+EbPfZIzuR#Oh<{MrWX1
zci%y87*pzFo|J4hP#X{pXFVGfH|jaiCLDf)Fi)+Ic|r2NNQ^+MkNJ~iGgq|H>0|av
zHmRab5_B-h<}%SHSs!yivWXLISba=~Wb>~rG$SecS%;;Je7c2ZM3iSOk_JV1@DMrh
z>hgHJlW3nzvs;-G_!?L<-@zc*`&wm9vDB$errD)T@qQ_^0*k!-V8j_jRC$66@X{5T
za|C&oj8B6=6SJ%`enR{S?n=DXGDpr|29_6PSrtHYTa~_j%J>uf+X9fC{dZr{(%I!}
zk?rr>M|S}vHOcYrO&R|MWB>vk@7srcko#SQ01g=cn_%09@xKo7zv^q12O8-#Yj{R|
z=TSUrV8JanCBhj#3rTqT>3NpQ<m0%}d5lh+MpgM|p~t|?@XUF9m3+yrqvC0Uqx7_a
zT--9K-><1}XT%eN4TPTYO!AlZ^C}?@6_6W}gjqAGexl4$){L@@W_t^+UMOFu8vlcQ
zQt(~ea;2$9J;NL3Yzp=SgB#b(Y|gtuH5awzt+|8@#sRH4px@6Ww=;(iBPlYGN5n%v
z+^BX2m;QV$D%@hn*_)L&n5q~vdB1~_#S*hfDM7x$l<*?2Ag{x@EtObYVC&7~xlic=
z&(Z*&emb)>S<Jl7Z%Bs1gi8|SlgX@jdhlu~)w_|eHzaZ6%;sjJ7Pv_@7KSXt3;cR~
z2a@!sxZ{2#(YlCTP|3kDNjPtPO6W%fTv<=|Yd70Y;(aT)sz5$y#6^WDdiv^4R0y5|
zuR)&0IG`k<Sjpvd-Zyy|`8+>-7J?L!)geUwx_Mqu#ANBfe|T%E1^3P!gN82=zUDK`
zW?V6(SW}5?hB-J!9YUSC=qoTL0(IJB&`M5mL$~4Qf>8%-NkK*ur^?p9!Jmd+B^Y$6
zt@HH;U9Akb65Y;YAq?9s6ESR;bOyEI4Lkr_%8D2kOWTDFV^|7en2utYHjH6x2*d6I
ziw(I|UFmNx>Fa~|J=aBI*?lo*V_A0ha4ZAH996pYW|sD9>gVDvZD8=k=0F@{#oPWq
z!O?M+nx3x_J&4yQ2p#%2{KkGweJewC_^KHtcQs&~rk<V<F(zxaK8ibuX(LAlq+FQ(
zjSU7d_g`b~Gn?~9Nx2_O-bazF7m%*1Jr;BCYf}X-H<69xtZveSSJ#2ZoFLzCiAW>V
zgg=M;n9aP>Y!1YRu&v)>#<I~BGUzcDQrCss`1oG3rc3NPbh~6`sS2vbU)m!!4)h=u
zG*-B!km)!TEA}7|ap^Y8pJ5XlSWW#0R2d&GsiI^C$q`K)-4unJ412kw!YnPVPwc;;
zYC)%dh~{+ni%31@`ue-pWI!Q9wL*or0sVK}-`nG8t+dlxv43$^t@J~!1i|AAP*`&b
zx&MHqJGj4uHg0cpipuoUfeBDKKtQ2>OeM5qo+QgrrF@T{$Nt~<;T5OHLvT|35w1vG
zKCI)?8rRZYYJf`ID6C6!9cBD`00-5XKw4nX%BEIr&9<%~3h`3?Srp>_9Y`T2Qwovt
z14Lr#0G5UwMkK^>&ul3vrdzwTk7v_+ygq?iFBR{9I(skL47yEj{y=&MnO;x#qG<)w
z<RZb8Qbcrg51Z<&t!TKxE-yt}Y^oZpOnQ9yzB*HLUW!t@feLSj!hLnPqb|s0`PQdQ
z339P|E@ev1)aIErg8F&?f)q7wsayZNlHo5E_tfP*uObDE^n!P!2VTT%OIKM*o9fbA
z$_4tpX`K@Dz-xs<wNRwaEL8C^v}pUyg|GAgV-QG?UU23L^{(V9{j1f*g{CD-OP4Og
z3wDo)m9GMR+|T#pEI3a8Xj{AE0<q0_vX!aOxMBeoYT=)Sg@4PZNwZgraQ3PMXRlU(
zm8&8f{y9zXujW?xx4{h#t8hlkg)>@fa7JsRyP2|ip?R%c0;Cx+wUz7#8Hevjg_Nag
zVgGN04iHe%52YUReXKzvdd^GeO!ymrlK{nk)A#X4zme#_<}OM78W)=;g{P{Fq~Rd9
zMkqxEJBoKwJN?Bc6~|KFgN`lmCxzM`@NnvPI0t6dzs1k$d(YRZ^&3xwYT^XA8C43f
zfY8M!fY_%RPMC@c$%3I20+$a}o6y<XEkE^p0rIP$k>aIISj1i|qQp-XHUl%2+5tsU
zv|e#Ap>=8Z6G~M2D%r+`Y_};zP1scm_^ZUjE|u(Y+}W+dv){O~zdy8jz#`02f+dH-
z9G=8_cPAq{gl!}qwZuYJ@0E^M8-0VaohYaAv8S^a%lHJ}pqx)WojnC)vMM>r#XZL|
zp`T>!rPDY|xnv7T+e@!r9;1wsl0}MRAzSfSOn6qVAt<d^FKq)!kKxoM<nFCFMbHrx
zuk1rvv<qcX)jbii=+dpCEPDOcNLlo*vt`j~Td6EMc5AdO`siKfEsLUz7%7X6Mxyb~
zptx`p(2!T|8cDh7fBi}lKCh<R{b>c$WAfa%$5h<qD9<hUCA~+dk6t^w)E|pi^UPCH
zB_+(qP;kw!#7hS&G?QB;tt5f*(w#)~o;)so?v-fZ$umhQCaz;g+y#CS=0cobPj4{;
zg99TBa)J*m5jtk!u6NUp2X0R7<gO~*k=~+t7+p&V^a8)JhY}00Duyuq%lZs>Ttmr?
zCd=u?ogC_F#D-dSa6h>ptad#RF~_S8b5vEaxUr;Csm0M=g;VmuG1Ei@iNUsxr~C77
zu0`@s$^O0#Lu7wuI2u$XVobto;te_|#}R?CQ1$v$J%K^(Hy-xa;&lp|`W5sz1D*}S
z$xnJKv2Z0aPTX=|Es^m{a8?HgCS;O-L9Gk|e;g=ryWuF78ON++<l&cbA#~|Hecy&<
zn+7SbZf?$-EseO>k|G#tfQxG9G9)f)Y6*;v#~~=PM=D&D*Z1+zEZv=Sh2q1HXh(_S
zuuy4k?TO6V6Wp<8<!l^XPmuUmDebV}h2fFWL1s4!rHAz&aaUqO$!7FXLT{VfEAlh9
z`b)b4%Q9<^3Rj{HuS0|%@<sE*&9PL;$R)eQKI=DhajD?N6!xTV#})rB@`tq)_qzfK
zzS`qKE=DjO@yjrK?!VEYyQ|sOGBi+YYq7<K=$A6J<BFEPBjY=S0}~jiIDLmFUT9sq
zO<?@Wl>Jk2j-`PKbcfeh%|IO!4su51)N9o*<~)D%9v1odiSZ|z;<!n`xsM0V-PbP5
z`oa^N_30Y9{PV1Kc-s$eZCPDFo4RFuXZpdcE^ZXwrV{kX``!~;m*Lvd;oyV}sEiBG
zh3CR^;koc!crH8_o(s=~=fZR0x$s<g{(pLAf6g$;-3&7tV307(mjK5B4gvfb;7Nc7
z0JZ?s0F(nP1h^4kHo!FiEPkJ0n8g5<05t%20Xzb*2Vft-n*dz^Jpl607)A?_3~&v=
zOn?Odw*YtmngH$vcm!ZCz|qfe(Vk%j0FofTHv!xXPy=u$zyknJ1MCAh3h)U)FTemm
z{1*@gU?RY5fINW308W4{01pAY3~&_S1i-fdIwIDMmtpD>0A>Q<ov)Vyj6tO;0HXkK
zH(VkB-bjX9(lE?eC?5mxk53uqeSi*t7XTgtxCdY@z^wp90NDVO0ki-EpPbz`m6NiW
zfjQaC%eC1|)qUAa@zddXi@@$|=Ca9W&tvdj>nd9oYhCO0I@o326<(XC#^zb?T~X$+
z+nih}yUglY<z>^-(n?WzEkiwKu?COF<;h|vP4G@)?OxXEWbMuxtHWN-mbt2{t<Lf^
z@Xb#3R=U<q^?0qLrm|*uWsA%?te3NLHX0YW<NK(PEB#`tZC=ciHy+%}Z7caz=x*}Z
zog7>3^4M4x&$)RHBN#P`Wpg2EkIikfaxCv=ITt&joaOA*7#zaq=2X}nHWrEiapc-O
zoV~(chKX2tuF~bPbL--1KA_0<ign<J<2_E+<z(G9n};on2ta+{tKH=k!`#N(Z5-xp
zp^Fu3Eh1~+?zVcp=<N2`YcPh@wskDc4LY#yN{`iRW4$ikQ)Z)iMRzfyrr{x=SiCn>
zXP7I=V`K(H9<Al&>}0zWO*>{5?aFNxR^Gu~jqhcZR&bpf|09*hPPLYm+1#O&+%8BI
zV;3zU+R0L+*!(kRrl(&WAHt;&5=Eg7?_BM4t%16A(@ah9#*6sJPW9NzTu!I0jDuwI
zJT5mNQ#s^nYPEGW6sXe1O3oN;jh(Bcc3x|>jWq+NfbG<Ry!c`5AtG;dd;CbfNfiwK
z#N^mYmzT?;<(|r}sdUl0lbql+viJ^HnbkqPOBE6BSD}6sRTt=?SgMbyQ0M5sD0k*m
zW8N%kn&;;*IR^8LS+nUYzE7W#A-?ApnC2UbFjb&cQ}Hn@%wx^w1+3X%HWw^f$eMDB
za*T$>h9Wa{hQuaJo3R$tpx-wd@(UJ@93Xem!i9$1#pss1V3FC7hj9RL%gN0(m==S3
zMD>Lz0Plnfu{&+p@g?FAiN-(VjY)G)pMm*Gb7zFYm_^Kiiso!<Y2`|E1?$XV_i{ET
z!>qJBX`OjpWvgu*lq*DLu#A+5fJsRQm?8;aq%O{gXae@w3(-I1j@Aw01ezj-Gr2&<
z0O1w_o@I?1C8Dd8$6T>Re>jg)-O)Oe(1i)3IHnVNW0>hPu1lK+zv);O2~lXdqz;7d
zxh{`kt(`M@TxB-QaJ9D#h@dU4+~Hud00#`tGFQ3H<O1?Y1N_2Jw9v31eMVZ|f&~~p
z&lc@I&*7a1;n6hPIE&T6)A#&{_Z$ZxG=}x?PNW8`4a*H_B|@1N145WZ8~kL<1q<^d
zKAF5l#vH(}A)BJv)6!=q#^(S*a=RT80c9(#Ubfm=Zo`4Y%5k=8H|<mom$jUB?_4&N
zw!^;CWA&_qDu!}HJ#vn9Y4Ik94T&eVfEBwVgoucJl9%=JZjoZytkrA<WS)*3b|<`6
zQ$J~m68*var6<NuWpl#W08+pj%>@fstU9*B<En-vaFp|UZPhCs>)3K0hND%i6QZiI
ziN5SkptgVnw~Hgh;!27Z<+PJPNEVP0zS(s^?<4b?#uiWvss`!-WnFE9*s(Ysn-__T
ztAYj6;=sh9rZ7){Kh<tPXdv>}mN`6EvlYBkq>VJ6)^MhrUe3dpaZq^pqmFqFhY^T>
zTBu!SV7Z+xj<q>m{HjXU>$aBJXmwGF7FA)9^)-E1eGQdeq}RDci^clpDy=w}mf6zI
zzdk~Fn}%s%OqjoL0_BqXj0|+=oz|5i^^V9wrOoOVbBq428=;JA?5<($77jQ2oZ-A&
z`3T`=VK_GrrLVDjINs_AHxRZY^@#pvo-_UxE~gE8{IyU~V6Yq(aVY-jnbGBTxou9`
z)-L!ix7FCoBK%5qWLxWoeghbTH51ua(a&|m{8R(l!656gK~DrMSUueTx$8v=RBq+0
z;5|`n^5LD{W4n#Fc`+fxlp?8<LqUK#Rok67T-dR_5#4zw@5KsSWBm!cJd|Nt<~hq?
zb3&`RoYg>x!8iKNIHzA2(0TOe9g3IsrwSlq9ClbY(p(x8$(o3{3}dvHd0bvs1;<+K
zv~;<tsYCU!KqPkPFCNFov@~Xp+v8g0fg(AP<B_<i>mfZU2pyAt79VdCz2T6+6byBS
zTwrmbiX3K<f68%|o85M2u8XGw&1##+X>-6>frAM=lNl$&GY<G&P5b&}C+~2GuS_id
z$?yg=MJy95*D4JLLkvE%rZFb!nawaQiBmDxO`BF?iUUT9#p5@O>ek9z;Q>L$y%ru7
z_+a7~l?n_M{P2@0a5!wMpek0bgXZ@lh5*gLvBZu9-v!j4HULnYb<Dg_Z=!Ue+U>Am
z8`vm6u+T+O7O<|yYIk54f$<J#C9OKng|5z3*j6@??S>9xEvHCst#R4QX(UA=;ibNz
zg>7_9b5$eHOnU-;-{^6zhHmG!yKT&3@CfqGIw0Q8)m{v5EuZRgIwa2ByAF`Onzo53
z9(irH)lyzXRC3rVC_gQBUYg&?)C-(|=D-zu?ASL7u3bdCfXC&)uJ56U9nJ%#2AHn*
zhwQLhot2*u7Gs_YkT92rDjoC4MOk2;`LfDTR+)lo%o(t2SawFNYZi!>m-9x}G4&kc
zcSDtUBajLZQ9Q`hn6U3tRvvsi?X(>h4(oDEWV_+W<AR=IhiV2|7;bG^uVs~XM>&XH
zlw*RbplQ+8D7SgbJa#t}hB2(Qm9Zji7|K(QXBCS)W+bjeml=oBP_D5KLAtnB6f#1Q
z6d<4F;oV5$q9}hvTvFDCzG>bd=7_3i7KK`uBDx!Eh(k1oFhh8V7kc1DANa`R3S~@e
zoN82jf;w@uMtjl4m*~cfy)@~v%dbeja@<wy&wf5WWx~Wsldrxeb;{JVYo|@0kv?<Q
z?CUZzv-ET3UVlS&&W*WwhI#q(3vT+w0^`C(rotlg;$ln5lBG8<yQOsbid(HK%YbuV
zRcWtU?WlIT+_!nW9AC3$?Yi54xxRM8Mg|y2iAODgVcxaI%!#-O_Qk->E?QXyMJotX
zW6U+UEwFmIoHFECOfEO?rgq}D7!6|-X9I3@t<7PI&4!{7XB%5rx20}V9S|hNmbxvQ
z>vS<OK#>|68e$k`+O#@TT_aGJ$&)fnC3Qe=fGC+vc-VuTT-R8K6E8rPDl02hs<^do
z_Zqi5iXL5faAVi--{hemdmg{}Fj9>4tN(#tw2w^@KiPTyBExTv_{q=n7YfT>K!6`;
z)5`xe2FSv{^L?T)Ko<VV&+`|?fPeS*W97%64t|kek#6T*WU1WI-{)K2aJh%u(5rfw
zx=ovX^$lC@X!JJ;cQ)U(_3mHY^XqNf@BOd)e)He=Kd|G$-#)bS;a$J`{UeV)_V^RK
zpM2`+XP*7TbI-r<$2~9p>7|!n+576BUu$XIxBtNFZS5Tg54~~tFK@ner1R}}j{f!C
zza4w;{SS`+{lkyCKK|s>6Q6zl1?m1r;N(BQ{Ho{cZ%+08>vUiLnQy-v_<k_>Zx3we
z9=OhHVEeya{{Qv$|6`2Bx!wPtsQ>x%v#P7JD7(j$!!w07!o%XrI(QhP@!In8Yu8bk
z&13`~(n#mrY}G5p`MZU#nxXeaz}(@h*#_*PWSPUS;=RCq-^4p;95;b1j%E&U{KzvJ
zt)4R6o<GmF(!)!#;Z0U2eT8%|evB96#JDgXj03{0!#FTJhQ%<9*~;;rax0Bvp2tq#
z7FY5fuVhzZD|gzYkHx(BW^_5Jg_)O3D~Dk*9QsFp=m*{DsFAy9;iBTjDfkW6;0m6=
zF9gAmH1Cid$Q5J`@(5Xl97Dz-|4<Al4HgP{+ka!^!ad*59?xd*ObvSj!`!)<VUiyI
zVZXS~9nGVX8T#HfK6^y>qbbquhlja)CWhDAu7~$?#dBcd$myhCJ+iw#b!7LGKjN;K
z8tvXO%)K`)+WkO;`|j!4%xlv}j{ooJ(eB5Fxi`%U*Ui1N&RtKAtdY~P&OLWJ_g$aO
zJbC@O-QUg5X5P<^c5fLLe@5Q9+dIvW%@_>P?nj1&|3k^h?)NN-cE2;i{q>u(nS(cv
z9Nuut$n|rNePs8!YesheYTd~AzNvQP{C%`(<nW5EBd2fPI&%D_zZyCGxL=PP{+kC!
zc6U8>?)dkC+lK&qBi7`noPhD5m0=nq>}G>qGT1pj4%=OWml3vH*lY2>VXuXXS>g3M
zR;;pdE6QBX3j3<;nM_=So!wn&^Q^F!gEccMZ0{A9sYM5wXkW&yT~Xn&*}x`7w2{6P
z;#axd>vmYzt)O!~7+<_-Uukugdn>K0Z7Xn{llOvCqUeH?@7WoQM*I>N5LY;DYrrl+
zv~#VjT7gs1+0$o3JBRZjdSWgTZPs|~oGp9$jQ?rx>O$kFqVUP=+MhJlC6<z;K@;sm
zL6KT4D)eDCn=Pp%G|6tdiqIrvCrxzS#Qo7kYMP{d^rtmJDilqVRP)e>3azzbQ9)>|
zHHj2yU4zYoLX;qV5UUW2-?{h9X7aPP1&bK>z{k1&bM85J_RgMjnV~!Faii9rwgkH$
zS&kKs`C73=eK^W}Nk&s4Of?`!b{jhqk+^a$hXPybZ9nrsj`)hawj*sHmsGWdlM$-|
z^NUzsqBG<Sdmbh~`_&e>vx#bqN~`e&Yf<_0IpSOLYhT%Vqrz%zSAkFRsI(4pdbpiW
zpIE7EjpD*Tamg+##uoE;cxfnS&a=h+h%8so5if1xoJ35UIh~HGhB>D$`Jkb^g6wIw
z!aJf(F-v<~H@O1yq};BgNyeb^L{LRjc7)N&*&9zscJE<Vh)u;#S31Kz1BtL!AJNNm
z8s&P9Vne4rcw&rLiACz#?F!n_mvo%D%pr?i7<JV}ThtZ8{tk|kqcetAf#oN7E*YyI
zH+IC!IUv8sidDntJb_xH5{pqn9+2*SBV*ix`dy*cu;puMj0M}OI6_s{nXu?SZ9NtI
z@>Szm$&tt8p@&~+dn6feVI7nuo10-)qKz!6R+I!nnz<jh33j$ybXx1OF_uWSv%}I$
zyIg^Yh3D&aYUPw$@kFexlk!#02Q%?`gZ-{uI^L%&-ec!vWfZBlwU*94$`UxN^&4>~
z|6J@Tkl^@o+)H&V%i;>UmZ3+8LQD4u5e*qNNh{V_ZN-!mHrk}859?gvKEc+eXGI^r
z#kR*nJg@Yk;s?Q2tf#or7*ga`?W<W?^r!ORvNig+bf>?H)5U830a%vkl2Mz8)J0$9
zLmWvXZOvetZDLBOyH|yvwE^fYz1GFHUfSxg^iJh}=c^3OYZammtY?-oef;5+!SNY&
z%g{&K&a57`JFaqeehG9|ZdCfJAh;?+3%@gu`T%MB^N3!0gnW^<xcr9Aoy3snT9&eu
zr7UGBOaEOuD}FIr>rHbVDG>53?!zy%%K4iy4MCQ&bgRUlvVXtulX5$+J})d}udRZw
zO!Y3{nG2?R+sdcld>CsJI4{@PFHQXWCAt8f4?Y5ZH~3!g0zUr(UI<<cUc@eh^CoQo
zKMr0DegOO)jt_v}%NGUb2=eF`CY7=;Y1C97%i0Xi2eC`Q*~jhye@QuAP2!iM%$_re
zg`PQQrsqOS+&ed0o~iy;+h?l(H;H9g@A&O-33s!-0sbDtT77O!*?c9Cr+he?uNIyw
zb!!}T>!mOAyJTFCl<_*r7jSv0ly8;1SMol|S4*E-DGvw_$@ovnwIfpgoQk{?wex!8
zID*K!LfUtW%ss+;rGCHEACPel0ep1tZOI=Md4}bB?@9S-k#9`uFG+pDO05f9XIFd7
zn*zU8XpPv2UoGU8^qY?Kt4Q1DY+iGuUw5PrI?{(6={FqdK1bRmcI*(n%;27%1o(HL
zJNL%x$=<fQzc#4_s06kFB|si<bpqo7qrgdE0N4w(070MvcnsJC6a#s{?6^rYz$7pV
zi~#*W`?zk~0A9gqpak#$Zs6B3lcvUWo6m)x06zkB0}&u7<qs^F$ILhSx5Iav@7a-S
z=0BRxSwdERRjy6b7ooSyu*0_|O<#vTuIW#SG3O6p-(K=$BsnXSk(S3UoB5E0uFo9A
zUp`M7|MxYpJeC6gR^%A&Rm0dY8hSf>OQrnXE1DlYrg_ghQ~XFqW>>f3BWVBGP--ZX
zF?+6SZVEqjlkL62KS2BO!5;>T=*Pk7!KX8i-*r@_YOvAPq;{uDs6O>fYRlsG7cYN5
z^#{?zUAm`B%I)~2^S{?}q8pu)GZv6b$hpt_j6Jkq(xi2O2gn0f0d9bR-@n5?1WW^y
zzyvS~d<=XDoCHn)$AJ-G7#IMK0EdBo;2`h{Z~*84+JP2n-vB%bR0HL}HefTb5hwwQ
z0S_>nf*inV_uSsedn12xZWw##M6UOS*eAq$Esycgf_=E;j=n<Yzs$b?i&dW!*fIcs
zLrd&kX;f2J*WQVh#XEd`+y3~z{_qDlchK5mZ2|#;fPxBAMFm9&MKOS4m?VNj6vb#A
z;s8cO2qJI=g@_0NL9ZhbQ6eg!D8?!ZjyP2m^?du>fFRY@4(na-dKY`~aPB?h-uvv_
zoaf%;gvJkrLT0Mh^1u{N9uqzP)Vz5({kis^;>z0#LAu0u_hZV@Y!Fl1*NL0y>lASg
zL4SJZV>D<O!W}V(*V)FpeVra{TE{{G;w<7JeOJJGUm@HOv;UI_QjhdVkMu~7^hl5N
zNRRYLkMu~7^vGW(eA9Pq02Ci$Drx_mb*FG!Mo_LzKaWkH>Cn$&17rHkHvQPUf<C9K
z!<0VXYU$RVwpH;!Vb1H`FOR$DVet#TZOR|^j(qVu@;%;>FL_74>>c^^!{%B`9xxwv
zmUy8uOxG`!3wa>z-FYgt!}0;0=O4|$^DdvE&_!bX4?52+=JTNIoz%a9D>xzixceWT
zFphh|*eQb%!%TC7TACDj<9S#YTj=c)1^4ZE1<(ZlgVAWDceX*J(E#1YL&4&?1dkOO
z(}PM2320ar#2O<=5Hyqi=!#Jz;YPKf5G%000>s$HLcwA^78D4LkpOGN6vtv&+Rg&&
z;#dkXuo~=xm0%wBgRsDH#9}<h%0?C&7!{a@kRSkc5o<t9^+G6c91Zp_L0vTn7Hw#4
zZ3Vep4oamGnwpwGuh&CeT^%qC13H}!)M_=fqWv<N9JIz(FtoISMyJRA7|<|U&>QMd
zmnP8GwPL+i^i?aUR66Xt3D~AqkjZ7(zYG-Eze=sdei$5!0hLmV=h#1E03B-pw$6y-
z8bNEIeYJqj*aCV4gZ=8T9~Q^0L&#;=mqH0jl@e1m$fO$V2kmoVK#n@eqzowJ45&3!
zKRm{9lsJw?s{<w4u3}iUiv_hx4{EIe7`*{)Mi>mBW$QqzuLB(g+QlLa=nJLJi1m!1
zL;ds!HQNLRw66~RWkl#uUwsqmY(QPnM|#v(kGdKWGMN<hk)t0JAji3O5hy__RpGG;
z{h$J=ml~upHTq1AI$?_b)@an=GE4(foHHrfCzET?hZ>v<1dTT_15&hC;)V7iq||PN
zoZ61QRjRSfMT_mwcC=qjp+Vq$F<LEndFim74*jJA1wtxC-yoziOcgqu8%%Ky)f9A&
zG&*23bgs~k2nL}>e`+Z(Mp%SWiSdfQWwe;0e{~r9DvcifjnL{bju9AJYMlYg(eDT?
z`dx=$5h`6BmepZgV(g*+4d{CYW7I(70^?Mx$9TfnXliK!4f>l!e;W`@6fG?nH|Tqe
zl{$>)mR33k1mlGOX(b?)OW;$Gf`z#hJUpZzkxJ24gd8D}Va&+DMT~PKmDBBb&~I{#
zEre3u^H%m7^83Dx|A$2&5YYecUA@`N%tmn6#^x^94x8U?=0qTPd*^1S3+zRr(;{0N
zJQ3KKHHc2zqljX-3{$1f&TVYWs_n$$q$E3$86L;j+liB`sRWA6PutqqG}9WWK{KcH
zT{Dr$*0$Q*S|}7($B3}9HD4$cjzsYg3X|;Y?W;xh1$K4?)wa!4XR{bPbNkcwcGfdy
zSeu(~rIkl=zrsoXj}-E8m_TbjpC4!^vJsex?91%}C(Mm8w;pMpB;@mHU6pENyQow+
z4mL?jN)nrwWBmp@YwMXp{^%9!mQ}BaNuN36dykPDW?4<ry1B8353}hrRo@G(&C&1}
zTU%SRW<i5Fwic>9CY)Xu5U_aUGvTu~E4L~yFR$q6OR=#F7A_OFCM1=+TySw&xXe{4
z5ZKxYJvJQMs8T)24_G&i-===<*{4tRrTP(9e0-))zvg$-RvqkC=^cCR+CrCxCLXU~
z$HtALYj)4toS3li&Q$59hnuSUM2{G;eEE-K8XFr|yZgj5xmWz+uU%WV*u`cnj~ALB
z6zbxAXwn>MR&ZW%%8*AguRhTimwdeZ$Hqp9WXw;?<4elCPX=wC5E^y*tU@609vxn{
zXll)*$)zPa9g~r=DdNl$tp4$>F^!I^CAUW`kFP!~e5O*(5Lzdh+uJtRo~m0^E01-a
z;>MmVE1i?AF`QYlWXbYd(;FSfuO2hzN8j%bsy8GhCQf)I6!N#0H=K8_ajtc)4G-TN
zwtLrXPtOC+^%s{fZyY0W96#QFjN{51i=SsEY)?%{G#5{_woWRLPYILB!Xl>}*(>w(
z%u3l*5xdj}J>%#|>pMF7t~$9XB_lX9GvU~2(Fr^Af+=&dJx7fimFJn4H!3$HIQYPM
zpE#fCzN`Jm-@CWw2VXz;>OCbTx{Q?IEs3*6o7vh{$#R(B46GQ8@8CJ5d%PDda$h;!
zcl-}d_t!eDx#7OT7*#pkYo0DQHA`(3<$8DN(lfHzAt515NJ&VkTSe(8uc>jqzP|pn
z{#sx6`1GXm3-gb9&##<UTDa3{v+L!{OP5|c7qLqg=6uRIa_7F3;;Bx4zT=$&oYp$6
zau29{%ugzaX%N|q)9t;>JQGJBKjnP>@}<ag^$};}wUNd93QHHBH~h59$;l}ozBR0Q
za;p#>FHYib2&}%|+%(@TIXO9K$1bV!BA+v7!esmRWgm>KsQ1D80qbU|^A=aOS+A!-
zz9GTRjC(;&oESJUSz0)G?{Py!L|$=LX-$>a6?eazH&?g@O&V3>JtxULNi5#BJ!?3=
zfCb}tgaif#ZZDdXmbT@a{e{6f!w*zlc6axSU#4)-hiXb==cVn|i>mEQb0?c#><=D1
z_24IFp@%b4Qi4m$rWh{8#Z6u2dKX{Vm1(0Yyh=vNc5RX7W(+sg4@8B?&+5z)rm!ey
z@}yn)|B}mVU77?A4p^u>^i9#cilV~8!i?FjuP;AiuZu<}s7tM+Rtbs8J3<ShuHGFt
z7VEbN#$ElF)^m2noZ0FGmp86h%{J3UhfcGJF;gfSY`a{U@Gs_2rFT@6>o2aAcs}-*
zm%bJULGv`5aXj9*ah;hC+$GT@yf?3yV=>D?AP~Iwm6*11_&2>t{1NGS2mf{H_{8x0
zraki4`g5@9J_3ll^3)H0ou_u^rj#pEUP*Z)bns5(qzXKxoYF!}d8LHotQ~xk<B`a7
zCCDQ?_#@@EMhlkXsvNgf7&(5c=*A@}ckJMjlvh#?Nx3BDg_K+B+W8&jj7pUXITG?X
zFD=I}w8$+fm!e#g@<+-yJ9uSlt7$#Y@zHi(DV4}MUL}{SI6kOE4#n{%nFhQlNAf^^
z<k5vAQQnH&kkK;8Urannf@8}iTI4~<N!vLR<vkkYJQ}r$Gis63uzHr`zFOom4CSpl
z6L-<K^B2lpH2QY_f_AEqH?r-#k?q1`D92^%Ox&>!ZDov|99Pc)Ig3n!`batcNO=n7
zy~93|b3B}K6uH90QM^19CT@wKJNPM;3J`osIVN&#gj|k5zD)Ty<;+U8iHA#Ekb6qd
zXXrPN!D{euQJc7^M2+>)j|hdz#7kAkN7WPzmV00vcp)D}UaC|gRGqw(VKf{s^+JEk
zJWSkFf&P|CO}w1rr<DK8+j%Oz51=yfRTV;w(9mOyA1?vU2b~w>unNj!5h|K0Fc0}G
z$Lm$}9s;IJJGVt>=`rQFVjbFqJeR_wlkX~#<I3cCj67GNXy>~KIpw@c6Ze&4oO1UJ
z)byS~C;z3qm)=Lvu~<jSqFyZOMeikGig7~kFDMxk4_0eUT$o{L8S-9)lJa4M7NJI7
ztf4?|tV1vuS2_gK&XWxYjoN^15EyGJ1m(_J%AHx{(0bFoiw+L`-@pScdwt%&e}79$
zJhJTHe$=JZvj2d7D4)}V!Toyo?%i*2FUxkJ<ue9+UY{r$=sn=@AbwwwNE9RLJLvG>
z!EU|#)%UXO<u{;TqPH7=Ab%(p&YKs5GB2ucU;e;>1BYUt0|pK3+t(||H)w2MTY3Dp
z-JgBtIcZX&Ja*{d0Rv`y-rsV-(3p|-QA0z8sdkILGCuS74-N^L9h$#-k}s|&gDiOy
zhbq50;IOQ8cFFv>n@{~`1`nA#_lqxmjt2%lCw^Fdk)0;JR#Gu+m~)(yMDp~X!E@&h
z2@VcCKeVriKd9df%a&>6)vK>PYtIxh=Oi;{h71}0?T{f~ezQg_Ua_<<f6#!bQ_j^~
z|9ZlHCVlI@fRK<ObHDv|_;9P7bxGUTj~(nbs9zc5GHTTK-@CYv&Tg9(@`dc%i12T}
zw7Os1P+qX%tFgU$`QIsY-7$JhrtY&-x1?WwDT^2}BHYUBkni;Ax2uLZ=FWH#5b(oK
z=dMnDSb1!GV8|CEMvSm{8D!VDxA$Q6Aiw8j6E|<(JE1hd|Jjt2<Ewmr#_~`Hr@*!R
zzWjyDQv0LxSFQZf!6WbBS;KhO$*sXwRzY*LSw52!(%i<mT;T}?yvRt=;$g#7D)$rB
zQ~YO1gZlG=cAb23x%9K5qgUwcdVANazZ&h~n!GXPNFOqXo6xTdFJIc{?AX5}0_ON#
zcrfG948PC0xUd#{*T3=FH;uj8OKsi~QQ!5q?0VPWJD#Pr(5ADZr8Q4z`QNdQB;DlS
zJsw@BeAK>H=~$<{@m!(XI_2fdm+<`g3wY7?6585cK-&vE#=KXrUcsxE1oK{EomcP@
z&&ex%-zP8N_MJO$^Hw7qJWvH0TaQ3tK{*`MpMaVxSGcvuEAkTbCoh2}?F49&kHgIy
zcX5n1SP&lx3zo&e+#gb5)+`46CNr>fNj_-Gs-e<&3vS)N2WjbLpje=T`1l+Mos|k(
zH<rV;eTA?ke?P2CJqRiLPr#~ehafbd2r~E90(<=tR5jm&<ef)By=51yTfYL*vbI5r
zCL3yN8sX&WTG*6P4$;vC5bT!?5g|D+FE|%gtSW`li#K6^<723J@DffxB~V;-9=0bH
z!<JQ*porW9E0w#U?9dTN&OQjK_};KB_ZY0%v=0KOWkO7BKBOFLfaK%1A-~}%6dIp`
z?s5w(iOPcM9;+ZWW+fyiZ-ye&eRJw|NXyNKgsoawBF}(LDm{#~`4N_DDnYfk5wfbD
zz^;ZiI8gr>QWKBD_UwI-mXi-h^p)`B$rI4#<w9KCa#*BT3PnebLfMH52o4N`xw1G|
zwJ8@iZrcy3IY-d$JrEwe7&4i?aNy`EsIIvPkFkA2LjxQ;b{ux@%!Y*v7Q&uAd9Y)L
z1{N(`01>iq2n(GH@_F-MdwMG5V_9ZKI<N;1z@tZxpr)n<E?v3=4<9~+yLazG{iS+t
z?RfL%O^gu&FEC!@)}L@-F}577ePF!fBye{31Pcduu$br!p04gN(Z>PYXzDouJjYLf
zp~3z@e-EYQyH7aKn591mV&5K{^mD$yt1lmnd-g*(ci}_syNd7ImTnGY)Bds;+}>_(
zKorm&U@ZJYvE59F3<`w^Y&VCdk>No1=a&6RUBw@L!olNrj7i&yu>SwOetHR9-ZEaN
zE<@h4zuyvbzG;_M6!Q&yb8{Y#Zg9!tcDTeW^KQG3cK@=)|90QJwELGWx^KSOeRIw?
zx9;TeIyUy?aXWkR`*d9I|M@?>52-%<_H96U<{$j+@BjGi_W={P`y<y|6W)AoX<_1n
z1A2IMkMu~7{HNXLB1mdpk*>#YL-+D`$-COWt-rVR^J``A8t=FCdS9LX3cO9Hx1GPu
zr?}pJowl{Lk!R1Ialm!d8~I)9bv^E$*A;Ke>t5cyulJ3GuJ!3L)fv}=<jR#R<nraq
zq^YTiJbwI`;F^)#x^;`(zI~fJ{`u#hxw^DXhfrH-9&!bO>q>I}{(W-q-aW2Ano>M?
z@PKRk{Q2|OzIm4|zm`v>>pAr;1=W@6ec-?Wl9!i9igh}2;=~DZLa!$W4;~~(j~ycy
zFJ2_g&CLYY;IG@!W12_Xo;`b(l$VzimSst4X(@;O`}cF{(W6I6Rh5C%*Vl9PJ8bDX
zw_WF(g4)@k|Jy))M*VW<&K=IjM%3XDj=duzgCwZcM2*<EaU)s3em%*_Vn}601-Wwd
zDrvrRo0|_hSEo*$B097+Gc%KH*|LSGR4TH1^=hJ2D#^-~E6Iu#i1-y`?b<bD^X5d7
zo}SM6i2CBjjT@XT9rHu=Xl!gGS8)uZ(MYacyT<87%jn#8wTIeA<AK(zK)otXo+KA*
zYe_x!dl-F{nx?^V<B41@C$X`yWGmW2Z98o+kYhL}MMXs<D=Q0i+RW*?V8H?s9UV=g
zqM}G-WE2Sx59bgO9!0{!FpZ4B@+h((b^&K&PEHPIcS%VJIdtd{H$TP2#bo#H-6T6Z
zo9x`VljP>+lEa4&lM5FvaIx5-GxZ(v9diBpbz-QhBD=7!)Rb+cps0|Pp>ImDPX^~e
ziT;a>h~S`HwUVTyq>%LO+ezZaP3YGZWYMBUWWIbp>O7CrH4=4<h(Ns~WJDG=7t=6K
zcUhQ>%ZrE%<LX7DPvYX@UeD2*HEVEw)^g`dmMkR-g@XKld*1<8<&~|Cii&{ch(g*V
zX8xP`xgmWr6K66rNv0)}OlD%Li6$BqyBxaoCcXFG4!s@@hu(V!=}oGDh>C~}kmCEV
z{hb4XCCSXa&vWndKYl)+`}=lTd+oK?e)nE$Z_and`V3qsj>)L1s+!}M=^N|wYLZ_@
zMh4Q-(-B9!ySTeietSg3kdBa!Mnpxy*2WH+nmQ2BvxlcA^o)#QX>AR2Q<AfuE;NY`
zEyf@5q@j5V8hk#5+R)I@g^s2%v^5N%%{PG7N$L;&Y3T6vaO&g<@cA0h*QGo<bW^CW
ze;Ve*uY-d<++E$^<>>)0(pP^UKST*4kuFX{eSIA+5}q)9XJafWDT&K(XYUAeD;wyZ
z)`f|w6(VDk(LHhz!?&kU)7^`_l3H|(jG_E&6MX$5aK_4+c+!Nvo+infPrPVDPu~I-
z<^iy>62R6z0S=C-@b<_f9x~zQlY^*`OvHrdA}lxqK7moxep~2hoP-|r731C3)*9i0
z5W<TLR997^x#=w3jc99YM^{$|dIq{NG&0EP597b3rG*<qOs6f(En#ot41?1oCvB1;
z^|7g)Jw!!i7@V9&&-g9$T)TzRrZ#BuwV-*54+DKeXdc%D|M+QGScSsNHJA9RLQqU2
z{A248l-P)n<R%1(8WEA#32}K3Qi|!WIERed9@I9CA~-kz$G<1NJn9HnXK$p5#i*@s
zLup+LDjM2R*Ln{5m2IeN8${p8WeksAA>L<jhxDhdt&MalhT~s@^is>n9MK8c&^NP#
z7XK8qPMyNRLnja%Aw>7s6ow|LOy_wTch)$5*c^L5bHMw*GsX$62pIX6!YZ&F0cnj0
z%kPALRwu%9`ynhDf%xoI2%E=|)Hx1u>jcU=uA#Db9F3zB=s4GdqyKcqzW0;h>5+?+
zj51^wb|I~>8->-wC_6ib+^SAgH}|8lxtB0#0)(y{?j(xD2n-Xzz|4ZXL*qmc7Bs-l
zI}ui9ez3N3hpCAh_!^$bsP4kKnJJWZc0=cQ7~WH}$5X41;r-v(!&y)VBkyu}iJA~q
z)Q6DLUicSWL{Q-fvRiK<rRO$+nyw?XaS|aE=Jw8@uzL*2?V~u`KLou`;&J4iT!_+#
zQQLh5%{^C9Tz>&&EyJkjIFHg6>Z|s17`b#2a|?4zbDmFV9D*W~;p`oX06_w(o4S!&
zcox1P8F02uf{l4Rjk!o1{3;G#y)VFN{Sq8KnTPk^2*rzXmUvd-5KJvn;gQq?tMEp6
zi(BEI*$Gp@2=qKh;gd6h^wv8FZo3KJ_9?`7Od+ac2I)Oh5LJ#Ly!<K}2FKu{oen>%
zQe+l3ATqH4p56l3IeEdD#-w*_6f!akky}uT0vZ#I9c`GIn&$9RTvCJJ#B>NmxyY_=
zLRM2d^4o@ynAJ$*IRS3gY4Fs~fz#1!oH>wzGv8)HV^=c1dM_HgUJJqpZ&|}RtQamS
zO>ju=foH}!*ryNTsB1U0?fQ_~GzDS%3_`nRkUBJt+`ehVbW9_&XBttNm*AT}j)u`O
z6lBy9zNEpx=rmy$>9Njn!iH1OBOEi)*M|e)rzg!5VT9K?G=HBv*Nus56A+eBdov4=
zUDu4f<_?H!n~+q|M(t`tR8|FC19ITunhhVn3<O6PP@iPL&N2f=r{i&Ie-sWMjetvR
z6<kEku+8d+TmE@C<qg8SViY3Mo3x%Ah-|x#)PXxF8JkAI;51UZ?jWt>HnLl$kk(J*
zU|<-5ZW%cIr7!ffNEcoFp=ay_9djp`(VS^vYDCy%L>OlPOTri*ns3t5GSS@Jitrr5
zh4eba<upT(RR>{lBLulMNU5wrxF{Q;bo<bla0(Q|+DiyC`$TA*NTPWs37Q)5u=mPB
zXht=HXso)I^uxdG0z%8j5P5b2N!?S3?z)BK{%Mq4oJZlMJIEfHrZ&w$+{gN00>y+S
z1r43}^c@qZ|5E^sqi!%Vh{TEgbRY46v86Kv0@CeZf4F<P!O_+Rj)aLG?p_ckry#Mi
z5iX%wu=B}+nTH5w&S|h9oc4?<fNM||>0SoB<HRs`NQD;3oUa)N^{-R$;oA}T+uJ@g
zZ{#DfpaV%Yq${nLA#A#Yw3aIncTFO>Zwg66Ge{enLdobX$}Y_zZ}c`&=~*;9g?y5I
z&BYstjV{GMU$Vz%uf$>Z+rilTK@blAEfMM;MdBE>Cnh!r1;s_EuA#Lft^Z<aEf5+O
zO6y7?+yc^JYD6;qJ`TF4L^yOH4tu{%z`k!|p=+3qBPU7Dr^V1SPr<%@G1&9>41D^h
z7<~7)IDGeUARK635)?I&t_&cX;Ysra8k-Zy9=b{Q406WiP;g}yHJ9g6Nq6;?X%t?a
zL(YX8C>^+lvcXFz%&&sKbqcKcA~<Lj!u(h<_P!~^7cZn>@8835O2Zpk`tC40<AaFk
z6!i8EqO+@=yL|+uIAbS-!Lb-<ei@HL9};hWh{bomi^1MMQ}|&#z9l&vr!@Yj3DEdF
z9wx_<;cl7%e<v}rOPi6|(uJH>T5I=RLPq;IQoARRHGC6=<9ASeZ4M1L@1p(M0;+E;
zpn00wL2W1*Cf*0e(0TO=S_vOB#N|j$EQKJjh{ka<0$l1~eW(;iNM7pS3h?dc0(|)o
zPncPRAtQ(8)1gsZzjXs~4Wme?I}e|fYM3~Rp>-@4`UetWye|PpdlR6yI|`-;<6v_<
z31){P;cT7;54UW%x|GnokdK2$6X74-ijs~Y<aG?AsQ(6X`X-SxJc;Zpw^1}nbNtN(
zv{M`E=(&3GHu6WVp?G*4O@kBg4~~S3hdYwea!^vyit?&1!p~e3l3c3Fn;}Z7g21N{
z&U$6g+MP#jiHE6G6fA8#Ffe=(g6eL>Hk?CTZ7<ye2(D;>cUCiO;)<bdlK^wqbT|g(
zB1BY!ptMqiW>&&Iwg`u*4|ac*i+A3N$BDxkC~ZHF)~hq557&@?eiG%ErqDb&hxQwD
z#Q!YnCT^qk_AF|zPN1-V6umd5ktnRfu8$AnjD;E8-8>*n6VZCH5zQ?fsI00-dM1rM
zUvC8ZhafX6AG!GraJJ8b#>pt?oBAR&Itf83IS5HFL}*SW!t%}{uBIJ=vKF{RmBBx+
z8UFe0u!|^zXKESZDjI1mP!A75G1T{`(b^#w$G*&goqjs<i+T~2(FUiuIwaSPp=$Id
z&R)BXmK(EZn7oC~TT>+O%h-Lu6t;fp7@D{aPlps7+-Cw~Lp>Pl8N-IwvtFKF2n-B_
zx0gFiEUckrK<j2VN3ubRF>zxYSIM>+9i2o?Z7b=}Fg${M;2P*lG7f-aNC-S)!eQkR
zgHwmX5t&tu)V3}NNw?in&ccJ_Wfz<Wy)(qORxb8@nGVf;NeK1IgD9g5W;RvuP3=Wy
z>lIXAxQXVQGiW5a_guS!{!2GtW#flEyJ;P+mx8kTL5O2&pmUV)(1~mZBO@3Y8o|`m
zjMl!UFfu+(SZ9l4C%q9JmyCh_KFmztS+v@hY;BhSnlJq9;pFWAXJ03{2Yb=lJQP~H
zGRO`{fv+e5zG+$TOsIpMpb&PEB{;5^j3cBo`)MpYnq(qbSP!qrT7<+8AePoXB_rb~
zC;e|6yMeZ=*U@p|GTE6I;o=hkYwH*s+#iovVF$``J8?!o1~y&+2#*fu*81Mwp78Va
zM{t-wjEq9C=hG+}&jpyCzP)7Y&&{!rt$`K@?@eItY>G2(R<Lomg1v_W^fiNF@Le`c
z^`fC^7zACbSRB<3!0x?K^j-w@z3JHfmn0Y-P9VIfgq=qb9K)-TNMosda2!QLS5QG=
z1K~@3{{UKhduh$JfaL64cm)y09gcvhB>-GNqrZ*O>>>EOmP1oF9JT?mNXySg1z~(y
zX$`V+^I&0|iLd{f0~eZm*m`rx-n~1|-FFx6;vjz?j_4l5F@1Gt8f(D(j3uq<opJcH
z1eon9z~}FU;ZJ`Ez^-@0@z<Bb@sGEo@%;x$u+%JuuOrQIKI!mGszq37JK_E?ayy4n
z&_0a%t|9acUBKk6TT4EbTeoi^QJfEL!$^F;FBT3q6-bVxF~hIJcYEVt;+za)>jbDD
z_ru9!gqiQ>;FFzchzu{5_(|rOt-jK~=Hz7uj{vea{T$)oZVyvi1CsR-9NrTEjgN(}
zJwf{ZO%n9KNQd$M3|O8_hRYcd>}})7#*BwYR61g7$`D^!huDe+h^tyqPWH{^@d?b&
z&T(>|Bi<SRTsyFU!3$Rq6qSc>_WHu`WB~%*Yv69y2(A5vIJr9)r#{Pv#uugd;yocW
z4kcoU#{E4X)xtylSnRq(IyH9n5-RFz5gH}L!GkV1vL~2yTuin=1avh6VQU$I<2o+T
zKSON}4S-*CBmyI15G_hWN`4tS`g(DLbakHA=yOEx4%Io!>Sg^tH;-vr_X2b1INy)N
z!V=gxrr@MTERG$g{%|UyIVA<!C*rX0D<2$GcS3DTo21ptd|b;fPM@e>=A}NP#i2cZ
zeG(V1jH0Wj58?5tWDg{ftu}y>E0<7nwiUfYBWUgELMyFfn_An@-PMI#w<Lb7l|C_W
zy1V3$qPo~PT)d{|rpc~qK|na!#o}UQmDM99vjW*U)g<=|((!snD*p%hf51PttgkUI
zfvP*C2lLWmvkTJ{J^x4_@BO|&++QE=`PJsBKW5puAY1nG&1)p90gPR`LTL;q7o_86
zj>hV&RBynA_t&`~mHRw}vx{<DkjRPI_?-W4_70|JW+<G)EXB=I9J}Y2<&$8;!jdoa
zhy1jhuX27Cw`Zma8)u0Y)k8erA#9wYF+VdsCG{mP>dwL={o^ZWOX-7qmh!{oD%CTF
zS$F59@5}Q4n1B1BbrEm#3k(M(*fKlM#{0YkWA1_rB|7tO><Rp&To2zz_%}*EB<Ah|
z>5n46IBxIP+kbc8;m7t?{yX+H{(re1?*Kl&9$$~I$A7o;`0sX>&S`CVEXT*!%IjZQ
zOZ}_st)FtP<x#XARqp;X4nOs*&cn`3JS-pEzi0dUY%hG`>Q(NH#^}Y-rM>;da?A!{
zXB${L+xuTU`!P8=xpW5L{<?pNKV~bjGZvHACQ)Bk$DM76i;Ls-=aUkX(B9UDYh?Sf
zJnTF|eSJN*w;dfF!|k_+goGeCIGEc9XM6p<y}jHSlg0BFEM#q9{4p9Vj<Xe|b}8HM
zXM46)Rh4L?Fux$5J5Qmdr3FWOd+uyVWmOeKDI)m$2XOoHr%&s1d-+=0np{3jO)co?
zX~D?IkUOs+P8D<K7YgzVxbp@Pk&(o2Gztm|Ff=s8$&j6$XliQW&XdH%#lp?a6NM$E
z+}RW>3rpDBJHUeKa&mTowUrh0^!2#<H25dM=kuY-*MT;l;xs6vTT6qFlP8ZuPgfTP
z28J*(F@=qdH5}~hxN{cnZf-~*nRa$|ax!3NGJJh~VQXs-BX+jJzyPV)`Dh=#h~l~y
zH1!W5L=cP9`bN;#Jq2w|K8y_PU~Mgctz#lw+|uFhnT5chY(xoi5gd_Datnf<wifhs
z^r${(l0gQls;js@JKNNX?!F#e9J|Qb#&y)!t}ZU%lk6N^d|+T=juR)2!NJuV?H49+
zc@78+4#Say`q=ZS2{d#9VDDd!kd#)0WOpGlrw>WxBS>z%1ab3a6t-PP``8VH`Nw1b
zM_vez$V6#%CrauDQQ0(t;)Wh{_KcDaOmlW>LP{Fd<pm2{N2KIc!__wh*5=+gdE6dW
zc48EFj=}m&I$lyT!0%tSf=zHO9AX;~T6hkw>BER9xdc)76arhWBck;tayqXgZ*Uxm
zvGvgWi2A;26ou8j5aymmR&6^fnmW-vFo5YhGu$|cNXbTEtO%(^RVZxjhajOG4rhe0
z)yjm<7eeUlNypcJNyM+VTjK;@0MGPJxQe=9nb-?W=RqXY+<>5S8VS8qNIo|MVf}Ro
zO2$!E--k%Q3~HMP^{X*=-o(tp9D#m;h)GIB3yr7g=_y3#R3W*z4%ufrkW$@>l(HrS
z#O1=<Clmgm*>JQ?hpB-On#ZDH7mx?HtWG%Rorhb&Frpi-A-Ve&L<2J@9%FmQGZ44l
zLf+5~i1O-iVy_nr4V`h?$OC$&q<=P6G&W3NMmiZ37>tVYN`z%p!6Uo~j={Nb3d@IY
zQUUzpv)~ykhM`>&_}WSM>f=~^`=tP3!dk@D3?R1QB6ns$*mD~R1JfuRokj7*I}i_3
z{e!nqb9oZh#<BSLMIWet7LG$7#X|iXAJXGEWanieB{`Am59G$8lb0B}C!%q3Z!Gri
ziow3m;&J4V5XX)s<LH3|eEVS%)c+9&6Mj4rN}G_`IfV4~F>Ws|XJi@$<8!DPpGWQ0
zIh2myLEd@hAHRlNaSdFJ(%@)V4DHYIu;<r8s2>QVaqEjvfe8Ji1H%{2Bf6{)eu=d(
zG8RE&Z#=X<Pr%7fqM-j>983=;z(zj>9?p4$1=(;9t44A6FiHj{kv(u7xtDLF>c%|U
zt}mc*dI8mw)2O;|9pbza#3l$)T;7Pxyhdc_v>-X67OqxB(EctBhxbLo#WMy??VX6M
zXhm#o7h-CA5MJ2<r^GVY1m?q;`XoH75;27}FtE(R$A3-7_g{)o+BAgB)=^}gyNa_D
zGibhk2dz`HDDAs|gsLVq^<0MfJ|h?sHim`^P*_}y9Kz#(&;a=Q`4SE^AT^~K&aOhl
zCa1zHGze~C;nd&p@Q6-<xs@1+^=$|%Z-Z|}J;j$m!ypIWewqfaGdYNfZ-HGfwW(tq
zjn}5A?RU^SeiJ5U0XU&4KzZc=%yd0rWoZT@eM6X%u9=z|LH(#T`~#yfesxSb0ZGoL
zIrtJbdfCD?z#it7e$d}5hJ#-eoT9}ra?66gLms~SCI#9Dga`>LgICm9h^j_VIx>OU
zk!xrgxrn~uQFsN$;`oVJBqntt#Jd2Nt^tTjh=5R-hy-CQjva`DpGPsxb@PO~^PK;Y
z&3lKmzQ+;WL(nol2_1bi@V`!i##cgo`cV*e{Xu}e9}1!S9re9U4m_jF5MI`S+@4_+
zbqt|%a1>W){$)P9?!i8o*^>TfrXj+&1*Tg0uyRg=vs(tvn5N<L-xEfAmrH%0_vYlH
z@&XiB6e7ET(xd#Leaa6<cSXVQKr(dq#lrA}0EQ+3uyzYWfJlU>{32vjHDchxDCX|W
za=y_;zvj)U+X#%#=FSjU=;uT4L_Ut~5n=aVV{l}DBrc9#;rxsXKd^o|e{lqr)y;^G
z&p}2`CF+|yP*hcihK^>`G@M08XBTeJT+R8i@80u|GoSAQ^E1-FkxQ2mm0X0d_yUNs
ztC5skj6s@jneX@hb<pDczkDx3;@MmHL6762&->mwO5!(NY~L*Lah299(=$^`G#2|@
zaxbj#5ia>$=jS<pDcb{MK4sRfxj6}ci#-0|Szn^d`Jd+`{BUJw=N?+_;Xcj(#_K1L
zeVC8*zj_|~$M1XP9$P?<{R;nk{%%*|r+8QPf2W<i{4D?Seac7e*FDTuWp-9aN5_(V
z#x8bdwx_oTU0q$=`Q_zP!(#bcWV7}6_oJesl5D~RZeCAKO+i#tILu5<prfhH***sP
z`ebK?k?oa&nCM6p7Zq~$o+w2~Hk%Etfvu2LR*r(2S{y&DMRvy-IC=}=6_STATKfoM
zQ=xs_oNTc)6qYxjrQ;lD&-#T$Kp+&uCrAWKgJ^iWSL36%onRAQ5BIbSh;6)$r2aV+
z_S{04Z#g0oG9XA4qpZ4~t3Nn_<|9!xLWC7?@y@{EJu$TA6C<>uAHkJZAnu<==HN84
z`zB$jN9)~B9ARwaKsK!(vNAH^9bHBCW;%}VOMuRaMCczE!p<=t`R6Vo@4_wA(i-sW
zG?3HSj)=e<1US~iLN^r-_Q@zHDMJX+2oTfyJ*)_!c{Okhp>@^4EX1UBqIl#c8ZS*C
zIKCYI0ZDN4up>Ey(E2R_ogEiYceWEIwz@E}HUj?u*<wfHu<y$_T4RY3UeJR2L9+j^
zO+XM?01K0BvLzFtaU={uUR6u|cx8MX7cXBxQDGyZX&sfBUWKCS8g$S)n8|l>&aJNN
zMYx~_;lY)(UbxEX(CqBokIo|t%l62zY#;glzYpQoUULgebL#wkdz>tdP0e$2E6+sy
z&*Rj8?eA6@x~!9V?KR1-1F&BLCbZcheUoFqn9RNx$KKel0I!ke+`;_@u&gxa4(=C#
z*GhBl;C}yi-Qy|b@%8w6d_BG%U;l&G$KSYfzxgjKo%6D#@$deGvKDl2dM<a9O!|g~
z=d)M+z2W)Kj~>(6p{dP3qW%4;9S6VH(BSLtIH0~mTTf%hF^wI6{^w^qPVo<^zp`<o
z{C`MkeDW6=nZK`EBXi<l#L_q42W2*`QdmWk>mOy7Cd$J7(#5`olsopkTEe%C%)O9(
zgkbR_m}|J`Ez*xcZ&~^%^z!Y@qx&V_@Md&H5Bqp#xa6DJ|MIm%MrQeE0_5oZgJtip
z=&Bp&Qds`3v|WFcdEn!n6utiyZ5{1{GE&|wqz(P^%6vrP-B+~LPx22+c@3A+`rv_l
ze|(^M`z7HAT#>ah*>6x?FH3&k<uCunGUeITs#H||MG9qE7^6cZ<k^=LWOdfFC)Q^=
za_ot9kIn}6L^)+&l#x+-Z58)@cFN2%V<q_Vlq#<#v+l*EwACz)(cmjQkhX@UF{*sU
z2hwC&8mouDaar1G?px`!aO16Bqe_qRs#}**CHyEzRFJn?Rp|km)E-_F6<)2nZAF^&
z+w)Xr`-*t>9s3O|-kBQr^vm*0Qfl&Q>(pddbD0=FOgE|3yfs^8?rx`cKE2M8{m<m7
z!sN;5Fm+L2?Rk=7oYzQbQ7$zL7Qw}G^cKr3hX0U+tJi2LlaNjS$fW+pYGW3vQp{4D
z84rq#Pf5}<lqBU(lD6?)+SB*aWM$ZxrUf$Zx#wM|o>hv{JWo*`h4pgE&+Slsma3Oq
zYAcid<|SHdRCg>AljzY>dle*OmZz-xv!xu1@kE2C@{oAyN8S@F;#bRTXYHf-C%Jg#
z*Vn0V!dG5a=d(-<pDxNtmZ`%!(?3hpQ-);49+@UcWhE=~7KPhbUp&X8zJ_bbRvA`)
zouZub>&minDjl3OcCC~BL|KlLfZ7__ZM)<Y)MVB(zSb~a8E-sEY1y@^Puvp(<D2<9
zlvz5TBqXo6b+zjAtTG8V>r|g)b!}a(^B+vkjOb!NsVvb{eeV7~eBxf(^UM2?+9vZP
z*C&kl8e-<>%VfBgli^d#(>KYg{-0(2_6sJp*JM`k{`8}H-*!LmE6cBu`A;hU%p=Ro
zvJtkDzzW@wl@ZXG{~6N}CAl5DNLiE=b}(R7+MukoahsC-HYG*Xm#C=HI#mL_bsKr>
zsJn>YRZ6lOq)!UUN^6xBcfP<thbI@PO@mfbnMp-n`Ij&9<YZm5RL;GjKx|VY|4&4O
zM_sNY$6lFa<dqb54zH4y<t;0_RYhqdZ^I5?0Q;0S>@1=@Yo2%~dok;C%d-AnTFqTq
z<-4nRYkBLqhy5=-SSwGKx0Xdk@Yd4n+MUN1$*C<P_v#OGt)xh7F~r<YY^g31_|-B3
zFZ>7r`JLAp96$LE`v^Bz`n_ePH*@4yapdzCGwfQH;mzgEmD}*h#;)gTi=bykHT^YD
z|MCb&>HB4rBrVy(s#1HOOXWY1D#xY%CzopaK<c|(>hiiD{UYrG#{4_Y3xF9Zr94kT
z=LMz(>v`*Se!(6#^EUJUFH6|)w9aps>hXBIm$$3ZK#|w>p!)fw^71OGFS0C(+oasQ
zvinJ;tvp5TR+fSKQvRj2PbqCx<55)4Qq-EKDG!fF`FQgDw;05|^1OuZ1<FHNH?NY>
zWa=)ztPW+;lygekmE_cZ&Eu)?SYx(H3qPm*Diz?O?iFR@WRX2-dwJVmFISc$D#}FV
zO&;%w^~;Dn%Mn@sqcoIXuiPfTbBsay#+T)_KVo@VHj>sWOl(X{O8nn4fo)OSK`&dj
z%JAP{ubX(AlwVn`wwbqu{|i>-FITIrQF*zKV&AopklV7F(ntl@vG85iZR%><9zueO
zU81K~w{R?cy~u*vZ+V*t41UgFVVg2NpHm_@Aqv}ga@6S_s;^R}kfoNWygtg?#xP7?
z<z;_01){Z{w~6IhN43Ae0ww<IEcLfr0q}V2WobTXp!LMF4DX(Ll}$h@fqVkGbt(i~
z9C~e1R@$;nX``|dZ=2F)ZBycqVc52xhGC@6KbKKb+@_?oQ-eb@g+OhORrfSrm#467
zSSv`X<|$CK6xgehGEe!r-!g&8E2;2QlwVzuO_~2oPMcJ8-eei%r4c+8l@5CR758{f
z<s6qP!NpBGhgM0sSP6Ctj|RIHOi92_VF~QK7RjvyyB}`UW}c!H>=bu?x=3I-8ojlg
zpOt8|f*M031qmAM+^|S!CGIKiU|XsCsHQO)X@<yU@|Sx`iMR9YV#<AU#TKsg09QI;
zG0$>P{`rqIbmJmMD%_8eic*YJWEiP%KSnA_F;bCXq{96esVK!rMYZMCsy(E$7<cd3
z6D;!NRe#O;e*<p=!w7l#b;^OfO%jxpdqU+Iot;v=<jL`W!}Ml78}{-qZ_&<K9FbD&
z*g~VUZwV+ARdn8F!(cma`y!rRU$qiXH!sK2CwQAz;^`BFr<+&e=@Y!|Jj%!0_z*nZ
z`~!IUjFJN3>2`*v3J>C`!XvOyDk$DFQat?`QF)WMo$yrQ0X+RN8b5ozl1HFwsHRD<
zevZ&{I|)>Y|2rljLM{#}mA3N!A7m!x`dK>wfI~~{eSKh5)wS<FXHI4&Uo-gvf_ymY
zv<86~m>>b7GE5Q@31N~+0u*5g$pE7v6DKoDdZ~sEu}%)5*z4`9ReQDCYVU3PY)b*H
zz9xoGpRJ-+QCdZ`I*K3oQ3XHX{nk2XCNm*g?|bk5#~EgwwbovH?Y-Apd+mMB8BX%X
z78k;frrbO&Lltm_(saq7oEo!;r1MGP1-b~lLP=~if8~xXQKx26g9W3tmz&gH!jZFc
z3&xTajrrqq$0xj$8+6F9*!ZG(@lnS6L}$w6Wk0}NC@QBOOvs%OujoiC<J3Qa6VJHk
z^gVd~dAay(+g14D`5AX==(rch-Z?fd_hSBJSe%41b0_3x1}>*ouK?I_XTq+NXB@@I
z3bfjk;<Qm+nw>PNsm5`0*HdmEla$+K(Sb8EU2d=*gDScbdJVJ_FlHFfztoWxTqnoZ
zn?=U+XMypZ1Y@po0_cBD(3cp`1AT9TJ}>w?;F`9g`PA!#!SsE2rFK67`)G1yX7FIV
zt|@zL*3`mu^Q{@daR$+8+)9Qja?*twGMPDj+pd|%iWX4NUu@8;(0G0vybh!xc&i~f
z27^O}lo_gB-yDKGcI~;mN@emQl@Xkxh)!j=o531IuNk~4f&D#>8472X1t+D&`40j!
z6}brgYg$VCZzW`A8sl}x&nymZi&Mc9#$+wV(X=2<P7cmB#pOZ??6;;7qtmWYUKg~m
ze)aea=Uw?*hy~wDD6^U4*l_25Vg9cS@oNkv_@VhMg9N9h$4&E32Rbz)_;C8jLDN2k
z{=ytq@!YP<=>kl~M7lKF9L&i;?p#1Kpj00F<6vG!VyQSS;UDqrBY56v>1Ob`R?$>4
z-H4iw46{)VTtQ0BgkjzoO_wb2T(v;bU(QYUysn>FTv9x%WcEzDAQx$(o#Ne!KHezA
zR-8{-fO|qgf5*BmlGuVxR#^skO&;+`k#<k;qJ>R0bZhMi(68aT@uCIofi?PlE$o-1
zrIUU-DV_cn=%<o{F373%>DoOHz9mO<jNZvyg)hB#_!7-Vd@C+Z|4Q1uA-?99w0l-u
zZb;nzd&8oQDnq;`9tJFwJ{3k$BwZk7h#u)-;HQCG#9QglqcgiRewtwshZvsDcs&D>
znPW0D#JbG+fH!64qjx(p|3{`#yqS3r(3Ew7WE4}gNLxi#KD6DK<;^mRA29!cERq>w
z&U4K98^dGZSVUg7Dcd3@Wj~*86jQQELrM00$X91me;QG06zj7|{@dA|z;9=KKTAH5
zO+9&uHKbbzUSgsCmoaoPbc3HEZnTijJ`2^o%R>Em6i|rxtJvdSpCV?%qH$_2sC3}u
zryO`<w#Wu$5NRl0!uPDwV0WTc>XcRgTedfXGKyTLZf0tMurt-ilnZ_&>IY0!h!Uo5
z2UUc2<}h`yPR(QLSKLCSxLnYCm4ByGm12f)NjAWCX*%FGX)fUJq=jg^S>7(1d#;yn
z2kc{bAHzo&KFRPH!;csm4FtzBoW!t*;cSMB7_Miyh2g(5+{y4MhHo)E&9G1*Sj@17
zVJpLbVW=|vDZ@W9Jk0PThL$vfmoRiPT+XnI;ddF{%J3eBzhQWg;mZuaU^vD|a0<gR
zhHi$}GQ5G|R)#-i_z1)28J=P|)<m$B;c|x8GQ5f5_Zi*=XcVsW-Ehpd^xLuR-v`{y
zKOZs{ekAhYzhx=ZYNm1vFO|lD+R9YE`7&t&s0VcFYN-g+9-ZoyW`R1YQ};>>Kz+_s
zmHejE3Tom78ufv+9`RbrR74o$c2I7;EK|M?)Ox0JMS;8#)Yc2M_@62FAhI90V7Q-(
zc#tWBxk^?+{WYcRwG>Kw*fG}jOOsa`rv7B|NyY?q%yf-pN>HDfI;HdkHOB0dvJ%vV
z=8aNzf^wK|lB@};&U}rOm!OuKzb6$WsB6qyr7;O=llfL@Y=XMg{6lG6g1X;)hg6uL
z_CRucf_m0`w{%{DdKYCA6Vz$*&!tHT>YM4mmM#!)CoJ&?>6^T0)7|~r^n7u#$kD0B
z^!1>o=~P?#pmedQ)~U|)y`VPg)OXS!2lb;1hpk&A?q+JNxGnujM8$5M`Uz7{>D2v9
z#dPYo>Cb@5x=5oQO1}eC0aFTeJ}*rX(=HnB=TuRyQ%|J-O`0ltbm~z0>&Pm1>(u+{
z?@1-%S)DqW{;@PeoX{yl#>di3k!9B?YsTkT%%&wMgM68A+v6j89y#i2y=+{@ds4aB
zo>X?ZxHD0fC0{9?wGUguDgLULou4sAc8aZ2G-?hgmso$P7Rj!RiE^cQO{W?_Rf)0^
zP12Wfp}bJ6F44-mGA@>@#rzo>bqlDgMCnY;W_M*wmus1SLLxXt9)`P3w5|@A2!AmF
zW%2$9+<^TqaV96AET$&mmzznZ$~;oTWb;UPH^Ya{()L;sN7Im*PC5(H>Gs2<^pX6z
z%)c_7_6=HT4a3)x^e2z*>^{$BJy&wAkJCr?lUk9vb%U;7;|$k|_bR!Sk4NRmy7i`H
z5MG)w5>IY-w`sWaY`iohT~PeY0d&YUfD7bY=F~H^Gn~e-lwrBfr_48vVJX9MhReCM
zg`pqtLgdwxna|1N1?A%Lf^zT_F+S^6a46?)7PGQG1Wxi%K!c%zSLa)S--y+c`1dgU
z1#24=Z)Noxek0z?+KoB(QPzFH&t$C^uZX$X|I_fMsLS4Icwel_{)6El<o{?m1h@}y
z4faE)L~r&J21)vU_Jwk~^t0?cq!+}0WIt_qLHsWJdBZ93{p^<@`Ed5DhVjy~*)ebq
zrN3jCAr7PN3*xQpamowggY1cbABhV9PiJE+QnqD^a)ET7r9?r0#ASfvGF*VmEmtX|
zxlTDH)>#^XcUqPy<E3v~Rw|_VB}2WGDQ{=|-xO+noFLA9%5sTq2>5%&&$w9>iaP-(
z!WL#+SN<H(F8&j+NIVEQP5d6P1p8MryzxiCGO-7+TpR?PFa8WzA)W!O7KZ_A#oqwk
z;uv6~cmr^mcpLC)@jl&q5+4J$iO=X)b_fzPcK2z3ogxD;B&>iNMFHR@Zly<z2fjs2
z2E0XF1h^IZXS3KYrUTw4W&-|5%m%zulmp(){QHCx@BvW;_)D<}@Im1Q+##9(cZ+WU
zKEnI~mf6E?9blO!Smr5~d6r8LGyktFbCmJdSSH3YZ?m2gEcp?ap5)Tcxl~A0sz_DH
z{Sk4WT#T78q!f#(^25q}tN?ClKFtv1Q4LNI)tD&}v0ZLuyp{QWaDI=S0?9|19})k;
zco$$4rH{#XbLl<eRfb0Z?-fHL({L|q7~s+&#)sgoh~X%6ghU)65pHAL#`t{3=QF;V
z@zsp?Fua@L0P_bJACjmiM;RBg2C4LJ^F^{-+9Yq5Z<ba0i2Snrmi(T48lP^%%W~B4
zL&JOE(dUT#6L20dysXm?7#=WuXjr2}4R<KNz~|SB!oT07E3ZO{t^*E9jkF_>mIMAx
zS_OEGd>gWlf}BUce@FwwRT7{H*Ap_X5;756VSH{8tL1faha8qS7=-i<@k<jeHW!OO
z@p+0k#^<TxGd@ojW6X5ER9wjC8N$J5hp6N8EU}c&v&A)ho+CE#d7ikH&zFn)`Fy3=
z!)K>>md`HnE}tvKX+AF$-%OW;(lhdR7)LCrKPQpsR|O*VHz^tXw0ET31(J3Jt-uZn
zKY7m*7t3@W&u4m`d$BxSoWeI`;7a9-18w1U-xXp*S8E{H?q4Go`&)y7uE5$*akIZG
z+|s_FrOV$c7I!;4JKO!OEg^rP0~G$b0vkHRAzu)vI~cge*BS!0)VIdt3tsPU^>vBH
z^+8`to2O;1Z^;@ehSc@`HeYb{4AHVN)ZPWySnIidjqrGC>Dv_Yx6|3xxQtGu2il3z
z?x#QS)3ULvs~v4DZt-`F-p%5qPA0mM#DkDe6t~h}7#h8Pg-@%K7@McNE9BcCv;m+h
z*Inlec@q*F5@_luSt{9R8;BYq)6}I4GO~eBqo_%?>IQF$l}AV?H<(<j@;Z#MO9aG1
zU#PmJYrQMb<`a$GojzjlxiO&KV-YTRE#&ihYdX3@Egh}Ekl6h?Au9Y`oq?{@V(KE)
z#5w4q?)nfq(%Rh89_D5e<#4IjQ|a;4EUEL>RCql#->PJutG1@HuF>mkYOKb&#^r2;
zgf89CT-o5ox29^jx7OKM*}(j|CEkk4DrZw|qjyo|a%NT3c-*zl<z7!Cq&z9C1<OZr
zT$K%tshkFnlj$Xk^adK^Xk|mgk_I&AtVkkVOX}*pwM#sWNj%RI*CO<|vB~YNa@N!~
zHB=@Q*3>mSYcc3*XI+J-+PP@7GIs-7UF=ynTD8Sa*C=cl#uK+yYKd;=q!QT7RpYMK
zEvWGpI4jr|HC1Hw(fSlOug0yasjKl+S60M}N2rG;@=Hx!Wok*I*VE*7FKKAh`O9XN
z%<(R%s)DhYcGgl&7wlO{((rW>yQ!{nnY+@3y57YYlyhNaQXvhXq0+Ua0foASw1R}4
zQ+zR8Y2>K2lA7Au%7xBauiM$+TwEECHm$4z%~VusV@hQ=EO$4a#UIT@&PvaWnPpz|
zD^AXwby<RJaFu$Ki{td-idjrAXsW4&V;5D{RyJY=Ek<vW`Px)jQdhe?iCbCcTu@u7
zO`zn7l~StBza)NDQ*G@?{RwihbD8F8SJlE~Co<nTYEiY*<8@aq)+U@jZ#~To9Hc2s
zS1s~Dg3Do|>07dRF@{_Rr;I3B(y-83SM#mmk&RvipN^>P{3^}PuT<{*YW+(VTs7Q_
z5gca<4@oC6!H9M*a(T*9s2MW_7C&!mXrs5ocY_FYQiksm9pMe$E?-v{6LEpHL7y*9
z@VSduQm)v_OR0Bln<k)9RG@3|`n8g{4kjp<V+HWGwS-!jaYN7_@`*q=q_GHT_jPC$
z{T-SHS`<boC047yb3OW^bJn+Xv~{g-xz^{!(hv%F4T}Xj*810pz}mH4z7TWUu<*3E
zbbEclAeLZ;kZRLLisAX!c6(cW!O*Y@5Z<;9(Te3c&_NprZ7dzWb%Br{OB~aIHP?9C
z0~jA6AzBF6`Z1Q44L;G?($#fCAlR0W+u+*}2zG1YJa8H`8~`)<JL4;(sE&`xqYViw
zpNj`w(?+;Qvx!Ey&`1ATTCjZ;b)qf2VMDiA5capXEvAtzZrMlzU5q$26pJ^_pbE_z
zm28X+?CA#b(o*(}wreS_^M#5%f!1q%sHdGp6}v|?v%N?ostp?in~7Q)oGZ}LLHnJy
zfF3(y4Ry*(KLHml!F63!q6LqL`$cnXf=qIKC$<$KZ#-l*N)O3YrXG%QChzm~p}68s
zB*V0e$~HeXVhe(S8@gK7wELVPY+cr14>q!ZT;Lnl(dMfNXu9CzARN%)3qqicN``gl
z;uZdubsd2&>|nY?g>OxG-8x^e+TYgZ>lhXteHR&TAhG*GH#*u{f^FJnd$>B(`7~Y~
z0`9CHqz)RJ(=PwI4pHrE?_A{TrpP?2MnkwG<lo>sy9as!)%68ACbf;DwmH*FX&*?@
z+n(4JRs{nabdIw%<iEa!w!hj2F|nIl+`TXu2zR;y?d?zq&wXjHYC5n>4s<3ug<isJ
z{uBo$?;MA@@$n=)He6KE-d+PU1w+FuwBrs1#e#0~P)iV#u^k#ZyT!NAJnvTZF*ODt
z>X?}{Uqp?&vZKu%KsbuV*3Mc#3OeXIK-(KH>7?cZLG22mCFs-nni@CSLhEj4TU!v}
zFPt6S<a$gpOsK9vd%_?!OGKk@V~8iKw!_yZGBaxZ9f;$O>;1t%#|D~Vl^gv4NGePH
zq4lH+=>qO(^>v2yS?yZi67M2<wjM5O4{%Sa5x<okp<p+9*yh`~WG#kF!p>l@rJEbB
z^>wU+)`|`eieY)adeO!~Mi4q))w03g-mPa7zHY#!M<~!5XlEi}JM9vQvxu*aQxgx1
z*=QfO>1w5+APH!T7j4(s^&_3m*D?*h_Lhx|bq$y6Va1*Z`PcZ{{h{vRQodR&zJ5)I
zFO-ZI`!@RM$LrHYi)h6MX<mecls#QsC&I!H8dT<VE(sEzK3!Z3yqme5sD(vJNT`23
zOZdfFDg*5jPT+pg4nFB?!+8yKu4AeTx?1o>Sw2zgaV>U(m<|oN4i=KL5?BztpqMLc
z!o#|?7HsHCKy+~3jes_^(Z#R>5?F+QwFzM=M(@gmNT>4*F;j>ssXE=<+w1jS*z{4^
z#Kl57|Kfz!Ftk$7*Rp;e@M0lNaOu|YGru*V19h{V7`aPSLVu$W7rDd|QHM_@c#Wcl
zDI4%wU><NQgvh7f&4%6*{X0X5-0Au#sm)fh`xvr~ZzT63qQe+-8?<%+4<+mqml64?
zec(1n*w@8Y^RZRGrhO;5AhiJ>lC?p53veH_rPKcm8RNoO-J%+;H6%2MF;37P_C^_e
z?LoN{Bh$Du#Vm2zFxT3EUX_kQW3h*%G^PpdUdv;?fqO6=Uup4l5&tZJ)`jRr9mkIc
z7Pqm*36J~14b2VsE(X7m`|1(H8YJt#z#nsAg%b4cJ3`b9msO&E#s9tL^IM>mW==cX
zKh+zEq8Y;x*utYrwZ7&fvVIH4Ct}hU=9#mOeL%J1`ioI-4Ip`wVsr(#UVMjV)F$S%
zCdI%?mTN)TI_^U;e^v@{et3k{1Dr4XdK8FRsl6E4(wAuUk@u4Gk4=|KXRmg$Wr!OB
zW*Z@?wOpjn(iWZ#!%<s`j{~16LYhsj3}>};U3(qtOzkDjsSxxNlzMKZitz-P+O^g%
zNd)o4H{9hmc3TlUGEV!GOsC1E4q{4z---m;qSr<EOr_4-c;af|5oB}txP3}mor#(v
z+s3WX<m?h+A=Qtky5y03Svnj!k}#V}T0wf^=|4T;sDGv-UW2gpkZxgZWPUPvknJh8
zknZH=MAIH(iH?NJX}s|TVRSDH>xgqTYfClMLh=HYYKt#R?=2h<>p2|BcUb7=kf!0K
zEj`7WS~}gp^1hK_bve}>UIybeJ^E5;ODePJ-iuGIE<Kn>E}J7YP||UxXp%;mpsgv%
zf7A)u^F3_}B(EzrZiZCPO`4(9fg8AFICN8MY1}WHuk9#p<vcg6J!uZt{J&2{J%GP5
z8>E^fH5>HX#Ar*gR=tALc&DDW+w_?^ofGx7dMDQNIkk2?3*5kQwLVF%OJ7*EO%TO^
zCOaKVO@)w}T$~v?*rRc+G~{(WTUyS_Fl5?xJwB)n&FpLS+!5yf3Q6RSOx+qM*)TXB
znYZWu17ixW+WGMdp}@{(CJXbfZ(rR!zVv9+{NR<|n{xk>G1q`q*#M1-5P4Z9<Cwfc
zDKCo%vrd?a$kmBlA_{b(Kry2Z0W*PI0tJdqk|#o`S+R+{F+eQxWMRsYq{#y35=oMB
zCey<=6z2<r5l9gb*+}yIpJyck^q36)6nc!r|Fc@59~CR~KLGfbL<+s}MWL6!D1tGd
z3jL)L<ud}G5;#TR69OL-_=v!V1l}ibg21~31Oa+xrO=Ot6#9RJ{GTut`mu;Yzx+@f
z1n9?>$}9r(kWZn0DD(tNp+{AUfgfebg=W}Gk_rheG@FD0a8jC4$mYVFLXhUdNogce
zSO}0tz|4SanNiC^wG?xq*<wi-X=bWzw#df9G#e~e2z#c%P?G>8iy3XwS5C9Z&|tR7
z<~&;t<ZT8ZI2&zJo-J=Ys)9Cx3#De8VrHEXr$Tg&YEQCI19>*+l`O2!k|yHp+zZU{
zUq4cj#WGG38H>9ceH%J)z2h^L6_?OQ2t9oCz|lh{9xNsbEE5Hki2@0rAYT%e#oft|
z!Qg92WP+D?U?s97VFH66ISIW+^0OjDgfwxY!6eD}nvFur8<TrEsUHK{k_LT~g_42z
z0}ml+Q!oIFr9~2@`sFQ@700y|$FC2&iamjr&gxL8Q+u2j=jWaMyeWUQhfKOL@~P>3
zYMMe`lH@eDBYKub58f#n%qEjzQW~%{lL6ra7Z(~$<iSEC;>BW-DLyO)V_r9TDzDqj
zp7J3G^LjSZbhAK?hD0G`p=mcBm;u2gNs|m0nV@-+1wO|&&xa5|IGOYO@clG1+>fBZ
z)RW8x3M+%jW{`+QR_wVI&KHyNy0gH{?YTX-=dRqIdyLe0&(F|HnWEKVK>(srv`5`E
zOgEj68j1GC=lMvF-YVh_&6W^3Da~T$ptqz!jbxc<HYsT^1|l0ggb1X`3g*00GMm{f
z=?|1AQzSOZW0wY7I_m-*l^f~40s;qD<AEExVBGDiho3S3I{q$)(O$Q(dL+l|3Ir=R
z`uIK`KVSCwird=TwYM~VL)gB~n<~y7U++l#-|(K1e3~C6qwwSJj#!40#-tw-G|Hub
z%~*cDfZCOuc9rMltII0>Rkje1D({_+>q$PYOnR@!$kGbtHS<2EO5dl{@B$v-ay!>*
z<b}M0ujYmqbnSRh*}=aQ^nkBzIoFM%X*<i5BtE6suF}sDr(q$K67m(i!DwYYohj|u
z*k<M=*=F7pbS24@B;CO%;dgZ8&@cV;I|;OLr>#f)K7lyv3bljxVe#u!`uh#kw_4!q
zxTcFYR^8mYb=bIs^nO)yJ4<xFUvDSg&yKI%UMY{y%^SEjY=mfAHgc3B$5_U7oUGS}
zcGf^UUGV&~dgqS+hGVt%|7Qly8Tj1$pZ<&Qe>(dA;r&mCFZ;<GcP>4#BmVuvt^GTq
zeE!LfN0|5ij>mBJF8kGvJD7jhjtPA3+i@44Z{c%;zjZy;AK6Fk{ZfipmGXWm`2v2w
zR3~jrG~T|)^%q0+NZKo+ay0s^_e<r-i5Ey2MDly3Qr|B%@N0?J!?yb=JATD+LK1Ih
ze~oE+kCf^Y^s`a=a{2iCr7C=q)}c-*^~G0-_e=3JXi+djAN%}-4N~7PrHN_3)gO?w
zMP%SCxq<k5sJ@-Ajg94wO8@jdROgO!$GPL&aqc*GoIB1P=Z<s7x#Qe%?)dLL>eUK+
zK_n)cLSrH^$=Z7xF4cC^3r!xS8~evIcGDxcN9pQUZM0{3njHsw-&wjgDzA-RBlmw>
zxv>WICt7!Q%8ny_WsyNSGGOjoc53idbLLCne#S`j>hGTfaT+2UKkr-iMZEM3BlG@*
z^3ON@!MaQCS9+<Xd9nQ!cKh~-loPG6=cxa%_CHJQzuezu7wW#-Klwtf-Sv6z(_yzd
zI2g<M2K|)=$J2ceZr?2BSa<I2+fIl&$b9S09-;={EVS;7GIq?I`4swWC*+WIr+M&|
zLdWBg0SQgnBVU-q_3Cq*kC|`{+?{q+<nfaWBA+VZ%ZD4X?$p%}#tIWn##=dN-u#Lt
z#BF6hMU6bJ<~t5W3wA~JNs%FCUdWzf-Fn%XGiPAWLUhEYnxlQM!Rl(Y677pIV)jP+
z-X?5*)~e`t=_-1~%H=~((199?r+-<2b(b&<7zQFI73;P;(PUF(;PYlO*HU$!y8jzJ
zIQk2&+<fdb4)ws`o2IFQ-<W{I@tAsG^D9)W9vXbhH1+Y#uMoSxKxnd#$JIldk8$}2
zgYTNA!Wdj$n!fpUE`Lt_!10NC+Hq=de~$XDBR06#?D%5v&t}JI$ES`{j+4=O7-gj0
zUVvb_4#V`WTDd~&Iv<g@r(vLx0mWn8we0g57S*lHXjU-f8FgmWoi(F5D>9JNdn9_b
zy?{o8K;Szs)@{pSg{Gz3`z!2457855los^Yi2nN1kz)qy&WaxzbT9PRpJ7hp4`u7l
zhuK+&bcSTz`5(lH3`)#X3x2rynC7q_Fn{RGoU83w(OSDb+Gx-D&h_f!jz6h~9M7vS
zI}SUZ+HwSq+PY1KBasg$9G4A8tUHf5UUUqpe{;ON<;Yq5&$b){?_lJ8;vKZ^Jm`4b
z@upg9w>fI<IcJw49&#LqP;OVRwoe>9YR=qGU@w8kP*@O^BabQQS3!ThjHtAJm!7dB
z9tu@6G#0^bQJC{1N27fj`dJtyvz|mrNt8_cIV7`CR*G1kHxzBof=rfm>n~wT@5&XC
zJ=2DC|5Tt0)lJr2Me1J$k15UlA-P~_wB2rhm>kjX%u;Xsd`4O1T_y6C6p1OlPv7uv
z?>o_u-3C|XXs-GIu7aQDPaX82k@>snu~7deyBoyB=q9`ExT3b(i_{a5*Ws1WZ{Vh#
z+rNv+j;YbV>~!Q+gF5l{ez&AK?N$Rh2gUuJXY>k^USadAn(yu)BC_|)97G)gr_|bS
zpveO(tAmcmwhX}11CbMC=>hA`0kVy{&oMZHe^MQC?AtPc{*|QgW8gyvEKruhKcMb+
zkd<rg<s&p5Q1?3aqeiWL+K3kRpVjIC^svG{&GDqV$zH0)9PRc(&}EL}>I;sm?IrMD
zx#L}Ma~v-__CqFT@b6~FOO6*ak304|{!GMUT-TNvqeSd@9IQ+VvSrarkLOeRK~&M{
zIRei_$05l_-c$PBa_`e|cUZr-0YRXKl3cvWK3^?2Id1$MevXzUJpBeO7UVmMp}p{z
zoo1nR>v^cZ0uw#5ry^;p>+xjsAf8K_p?{isGbOsEG}g`g2zAG9+X_$BDUp3jJ#>}D
zwh-M+bOY$}SO_#ls#--ncdSjLbI_CW$h%pQ7==xt^_C~mbIgFjm_pT>RBL@~4yjtI
zMD{BU>WSD?qGIYoqTR7cL@gnlnw=QS1`Wd(I70R^Sg(+#D9m0?fenFaXs)y$I4aOw
zfNzUpGd|<#XLEB$_p0cafmRkb5+KEW?6+}Nk<KcJ{d=4>O=lIxwlYggn)8t~ooCn?
z6IWu+mo~&UP_Yp;%G@wOY?aE9ofS3K6S+j?g*m4oYK*ynd!tp#D$HivP{RHtWdAZX
zLiQ#v%qRO-ZywU@UqA{LDQKPyQ5{o=_7F|>uZ?}wr`z8}Ja_E1zJ&d2BgfhPSKEuM
zw|tUp|AHpfQXhM$FYZe9a08@lvHSbj2bwF%j<J91OLl)_thbNHLnfuzDn}YAaigtj
zNYK=#X^0e99&04y*V^a9QM8Jd!g;kk&PKZ(Gslf6Eq72pz$~Pk8`+}(tp@5w{aO-p
zgHZsYFqTe(GI`+K*y$*tO@w~PsOCP9uQ3S>ekz2Y#*?3}woh9LofY-5y;1IYb=1%R
zL&bJRbw_8Bqht3+wS-h3HN@@!?p+miDezOt$oZmX^eJ<;3~Wrt8b!$}V<>X;rsn<{
zNj(wG;D<9ej`3J`PMm{f0V0N>$h%TBBmB;aRr>y*(QZ~{a<SREGplSK+6<*d4xI50
z(H=*R-APMwQltM&z8&(C>==mGp<v2V4OAhkr@TxK8NHBRLDJ3YGZ@`GGRukHk2js)
ztj)k$WEn}#Z#F#N;EufmPGnDx<WTpm^3uKl@kv2h)^kM(t@ZTMsnEFfyRr9+?buGT
z%I;5~aTS@0=DcUAyE*p86r?FQzP=ycYiN$Gqc%_W)2ss9Uf+zgwk%dp+{67ei#Uv$
z5kRZCe^~8$X#-JW-L?R;p!bM%+gv&iShvljZ3dK-knRHL&W!7JlWtpmbBun$hQbQU
zR}I`~bL{WLtF_lst+Iw@H5Pm3G`EhRrg{~qH+Y&_F7G{K-S$VCEl9msEa{0=?>p9Q
zzZ6<W?h{%^Xj4Zy*-b&!%tMFiOKE@LX+m_*Z(7=bqGjZX#-%(*>QUHE%xbr~#lD4h
z_b~al79-`xUf2e8TkTt^;XT#$v4fzSVncwQ*rR~Wv0d9Zfb9*jUlB&*iru@79avf)
zyL}r~oVe1v!ZE<k05<HIWPC(CTOx1UslU^fswevj<{)MfFFl`*i(0I`ccC{P^|_eo
z3)sqn#eR;Y9(K?QO-Yw_D0Br-z`Ge*thA(1L<!ltQ<>AR^z?68Z~~PhCudTnn@o{`
zHbSr;oFkJygC_Id7rbGdNPMNgpoh+B{af8s7aq%MKq{CRD~@u&MJq+LNs%Ty23B~n
zq}fwO<Y`vlU#cEfjq0Ze|B`SS0$+WOvhU|-&h!p!D(ZI?y4C$Lg~Lqg9SDz&3}Fe}
zAN$~RoTGSGtr+sIqF4Qk6(j8BftgfXOhLIZTnFV%n1pXovWxY;vuSqZ3qy0bh?7Kl
zQ~z~RbY}RxKIMvXrN55SfQ8J0b$C$nMl)6nNtdiz=~ahT3~7+T$b6GY&N1uGA<yK8
zGI~BO2&MIWIyQV6G|{xqjI~i0PV`qv?pW(BNNtru&1^P2S?`XWN2#reX7xU0tk7om
z%0x5u9IQFbFd34@smPztkl7M@#a@R*>xRUsLwrUiv~E2gyyM3HJ4iw`Kz@d`mv(g6
z6Grp<l(|Tc8Ii}39uGwGkAD;SvA+QY4{>rlUwul&Cb6_^@D(%k8vcyUOVkiP-h0rx
z^^b9VCDvYgh4$CcH{nb5ZMsH%25wz+TF-YYFxPX)^}mQadeb}yws^OQ0V!wR`(aaL
zQ!kR+dC(F$Y1s6-O5!o6$}#t5fp$fh6K(7jZ<@~V;+9h%yHG2py%n<TazxEageA_f
z@=BbMKg|fq6RMGn`@hd<gZsJAj7o9&pQkjV(tDCsqgH;iR*uqsluAbC8^S@2*UdFH
zwMC4QRw2AxD_E@+EaHJSFO8iz#YwNQz8NzjcI=e4i9|js!bp&BJ(0&smNvxZR8az2
z)<;REp^wH>>Rp9VME0059>gRe!}+3#Vo~8l@uxH8hNvYx3n}8YlV{FYcO9r-8+A>K
zy#hm8cX_5oT}7&;fur!Yn>Cg+7J=w>46KBS_96^D=-UepcxdY3;|5$Ws>a>{HOmpY
zxc6Yl3A!(5Zf<z;mZw8`eQs%Py%f%i49Jl|dCSw`*Bk@K(|ZpdH%%Cb9LB)Ixsm-6
z_92lohE2P91fxviW?mT`ANO2Y5?)HF1)-irGO-I!vh^0wo<L6>R20iN$<EF)9MIBZ
z&!@Cg$qJ9B+OfAk(L#alzC@*dWv+J>JAZh8XKv<{(U(Q3i00QRV^p^G=1Y{?fAt9`
zz8qEV&no)^-O?f5|LZ}luT8o==FymsE0ICkg+)G7y58<R5?X29X|(Q~GIejbGICrZ
zU+j~>u1c_rli8Oh*yEDfh0IQ$IvBF_4m?CgK!QGa=D6%Q*n4ngcoSKoui8wPu(wnf
z(<r43RfcWS!mInMk<YZPP(JoS(77U-A<14|eay5eO4$=lO5}@-vo}Y_C3!`>BH514
zD`?xYDmn7BWAoeegOGdX4@o(WJ<%<^U}7=-5v^2B&FT*O1A?w#9<kFpea-wwX;e+L
zAi>W?^z--FQObvhp*cDkL168rw?orj0$bOD*rbm!-{{T-O?BkOSk}kd^c>KZ`<$Ng
z*(LqTY+QFtRNtkA&)WMlQcx#x71${D!aooasB550zQP`w(BGvAy-yQ?lGx6FaIAHZ
zO?%3%cZVk+q=Crc6|f6y`PYAFfn_+rd>8nM7H&u`D+ym5ujAF!j-%x)@`aw|LNhUR
z8~r8P^+##j_QlP-d$6Mr8xGpW&@CXx6EPzUvw07hcgWLE7m`oLUOE+D6Nl8HehTyF
zV?XA368>$!C#yjh+m#TzGhS2qEY6Cmt`fDgsLxegu7t0ElA`+9&!=)9CaQm#+Gw|d
zH?6^4AKN|?hP;h^Nt(;uv0?|DnA5+Ny;*;JetBBB8dfN3h?Q1rTUT}ORE!S1Y3}-l
z*cElqphW}i>dNb5Tfw=e09r`{wu?{vpUR#-I;!f<dCW_AkSA|!1_%-*ma)w?kp?EG
z4LhR-hI~{4&Sa7q++aAiGz<d*$_xoGnGhaR9PU03Zmrd`d(P_G?t0wzw6;|c4$LHh
zgrG$sEwaQSRjW6KKoCp<4b1+2_r94-0=Bz<4CH?O?!CY7k2}dU5HUwFxDEayJgO6O
zC%N<|SMj(qP&#rNT}2=g;85WPFVb<7MUoakW+uU)M6$;FV$cct1eijK3<VmzoWDVp
ziHDtZY6OpWSawkZ{DgYxh=h9SBjSO>UjW~aloxaIfK4hdB9(xZxQNPEBA%jZYF-3W
z!X+LW-^Ds32{Ih~k5%=z#_tmHJ+PzKny?PQNeVGN1=4LH<t2drG9n&?UB0DN%A}KO
z*YQSynRudv82b3oO_l-#Rm`+J6Bih0{*2fUMiPPZ<U<S$`!msLW8SjK4?*c?+Zp+C
zUW7F^Pj1VMP=>8MXS1^E5dMMU6f~R15}MHhLwQ?Z=&$KR+EP4Cf*Gs;3|>ngj0^<t
z)|TUhb8JEoCR|USfE<-WmKTvyk!;O(dg+kFkmPiGX}^Sq##4w*Ql4K8qbnA1i8ljQ
zT!44ja+=dk@6F`sru`X*P&{DqgGP?*0VVPoU}oWl5@px9n@rg9K*Q$(ixK8MNPsiS
z53}mfjr6lk^xq(8QsYz95vehhutciz4J>CG-zAv(Hme2$HeSL;gWlMSjYsuH6E>>!
z#%gRlq&J+{SfDrZv2mZ?Fk>S}Zy2zV1&t1{B{tZ69(?YFj~PCb;dA|)2Gan1&cmk%
zK1usX#C?FK94DO(x9bx38Mp=mmQ`<xp+9?R{!ZQV8GmDBML9C0?AoMfl4Rc>BA|74
z!*t*8@TcaT=;$Dpkqo|n!@jjUIVs9T-nk1qYm%M%%+=WW5byL=Vq*b<Dwnw&C1Ks2
zTxLpxB_%t}X|S%evQDiWu6cMXs0?2Tc7M={`aI7?Ut@jw*mtZIb0tM&aUN#%jd7>X
zjNPw8w@<>K{;L%;oy+HuHc%}pofOE&e{xkS1WYd9RUiZ1#kcF9?YjWYe%bd4{+HqV
z00-BwLDBafHvWk>KmdUrbQTDelm3?JbJ_O}PFR?lkVUqX0J<a3W1bjjf&4})rPgb&
z)h1d3nP?d*)0vX#D>W<$fv@?b9{~V8K*GPMi#r%7IukjjT*77b6X&;vSwAev$0Y~#
zC7<kMOHgN|mVl&4WRdg$o4-JfgZM@lNiF&8Tuw21r&?+k)Y6hfv{KyqHD3+FTgTz`
zJqPe6$`3{-GAM)@06=;S)R4p^2A1^|!!jkdOvDt4+g0t`i?HUf&c{SR6}UQ04v+UR
z{>o`mCKK@ma^e8~_UoRH=C=1xb!3XxRJ6sYHGP*>p^}Z~fvzyBj7aK5aqHUvU~Ai|
zdXDnW7Iw(G$2um;w~0qkUZ>wst8GfqXoP9UJS)<xVPTUPE^%ACwV$ykwZthC^MQky
z81MObZcoqW-~v5eGf!v&he%Sd<%P~Eu}Trtv+Y{wcwLH;V4?w=ZHY)XkQ1<31=w_n
zQIom|u(=4ZxhRFryZJ%;%3Bee+&Gv}5_8DP!*c8Paikm!b5hQN$xQi2*MYxxSRP}c
z`%}BlCCkOABy6y&<*;FSYQtaXF#ZUrhb?j@Y@zAHZ|+D!&$&Hx58UTg=*#uxjU2jV
z0`za|!z*;?p~DtZp|jt7&VChA%Qr!@L?<VKhsCWkIPlBO$?&bNZ^jPp3Ee_p#$d|6
zO3|b2drEAuod{3f&w0KXGja7DWRtAKy1itZto8}kxMqH);HEoC?*$}xrtM0j>8Y78
zsD3U+x|{p!KvL^g=|H%ro7`22Rb<)*!*h*sTW8B8(n%hX8=@7NN{p)=7yUVB&}aqh
zSs}vIyI=}AUGSdql<`!xW^VNxs%a*h1S=cG2?7QBeLLt4G8o7wlU0X35p{@ai(~+N
z{sJ-bVTj{X0xqH(!Laq``AyW+1S(N}gBPSnsL+%=1MHB=?txnYrn}g0r579}q>Eby
z<YwS`HMD2c5X>V9#AAbcO$eKT@(oco2*_jOfsZgA^e^!X)D}jQZH-5bQAY_JG3u~C
z?I?vkS+R;@eKzWlNU7Y#s^ny;L|k&$V)o5avU!|>yF<Uxcfw-|ZY<Hl?Hy^HsN>$>
z&Q}>=)d40L9tjxh_MH0&%7xdiRseHVq&W9E9mFAEGExD)SRmW!JAxzI*oZ`5!I4H0
zoVK|se(}iUo@#o08%E<twsCi)ms|;cTIZ#|+jfi1#iXOeL|loLi(Z<G-U|3mBiJNf
znR5;JlZ}ickSyak93xw0-}gk&6HG@a`zl0hZ-cE(iP09L66@1~0$qdozYsXvU(%H~
z^vd|d0E;xq<W4f#*sgYowsx&JXLj#!uWfMlso}HH`B`T%WE~KKA4F#{PhGbPC}aOu
z%i!V{rrSbHrAp(t>FfC3;P3I13lU_h^(e8;B3>{L<1gy~eGZH&aRcFHau?|+$iynh
zv4Y>*&deSd{*$e3c6|6ubZQn=+p(Nr5`zDu`~Q=o`AX~&#4JC=-H5P;2LwYn8?FSR
zDuSqz<7%iC_WwAgiWa0)Q9i2(!+mF_?%R~Q@8etfefMw&J2(Blh_~Q9fBU|Vc0fFU
zCW+r#iTOm2S1S{&32MX(Z<3iO>ylY@Ui>B26P?yxw<ikDEqyP{c?9D;^IO)qlhsyG
zpF9ud!P;%?$UaG?S$mCb**(!ro@}w*AZJ6rN2sf!_asStD~08+qVUEhe&ZLmu^Ws3
zKYekl!wvUm=Gd#mnnkyI3G}hG+e2z)zu-5xoLcb#+KrY(zlOCNlkyhK!+(KZ$R#0~
zN!qZ8Pu>o8E3sM;JO?$jchpc{7rYmIXk}j+C%2iAyG#VoO6-_^9?WTtKa*Q`V7w@i
z6{5Bx5nkfait}kUL^PneHL*YwTQ&K`dObgKXVgS`R4S@{BKRMXQ^5f?>zC}yGSx0x
z(3})xW~!L{;~r+M%=n`Ek<r-h@wSaj;_%s?u%2lF>yXDqFMuRzwJg>>6)Lp$Vlh>D
zvv4Y@kTv;B+@$9(#t!iGg?w=IgBjK#tbBehY(1^SydunE$OwKTna@eFzgcI0kc=^W
zpt>1vQPm51$W=<LRK%m_bG2hfnbL~cBOlVqs<&=TSNf0{OMqWV3$kpXCNdj@o)(1d
zg+M0@y^HC02w70F`$d3eCJHDdYi~5f>WjJ7M8Bk~*S$=4$p<i)0|v*e!vQokRc{!q
z1Hce}1We{}PLD2mg9YxLf-MB6IvY9?UHJyf0by6bl8^g^_G0B1tOE2GtM4Yh!mUxu
z?Sc?4Npou&gPiYQYGizG|7wTp*0nZ$?P|WZP>DIg=LgC>ds{7`#7;87(PyC4q{`3l
z^sQrQjP&<Etd4~&W%n>C(!_@Vlex5Qm}`(HWLClf3Np6x8$5uC5}=2jJ_AyG5Ur&q
z9|oFW=^4{%>?Hy)8s;-mv?hVrIbBZrP&1Q6hIreDm~R8=JFaNW{5e~pw*D+Wiz!0a
z9o7whodgY5%$F8h<HpO`BMX;cHPkq$zAupDt$)UEMp@%oZOQ6I0AmFca|x;}#eRc-
z63EZnz%Itl?DwN(2DL*_kBYXHV4IGIe##6S9GK<EK}QRc8Ui@T5U_b^U~*R}b1zg-
zo%lcsR%8B8?UXb}!q&y^h^6*_p2e#JOHyIbyp$@mki}wDP#1$5TnuXP;S@=In>k6J
z4eBvX?U;QjOSdm&<LpZ^b5qzcUcL(5T=yeaDzSQI`HJ^EQVIvO6#NP9RcgSr7c?<1
z%Km!K(^Z!2z&AWjI`vDI;E2S-IdE@#HH7+K@RSFuX(01x4uO0~U;k2n<y9uopJPVy
z3^FpEI)ueAB?hW-nM`V0NBsu1U8qL=OXr2y>jXTaS=aQ&ZezC#ZA^6&=VpxDMuaWj
z!3xGamROYefkDs$S<0JBEZJoJZcG22Xmnh)UOI(OA{6V?O3WjoskXHT&2Z@wZIeJ>
zy~^B|VjM@Ssy}1w&q99WeRlAfoaizYz&Ot+wvG~q40hq{69%UB@iuN5u^(t1Rbopq
z#9SEIGm1JZI2F)n$MkalKPs{9B3_oXlO_8{F<rI-ZQC(`1|1{Tgx7e?ll?xhVjfy~
zI2S&oz%wiRmT{?l6!%)vIugNBt0nNT@~Z%<$n7G+sM<e*;0sQGJ)<|kVIYIpeVo+n
zzY1dUMfNd-HN4tlx1D?{t5LLdZpi>2#x5`vR9WniZe`bBSWK+*XC{`9$|ROpMTBCl
z7%qp|v_nIzXjDkfC^1JSO8}Y1g(piP1aPE<Cz*{rG;jc>96UT(dP{h+W(&7rzy%G_
z&D`b(&?~|&d%+2ycRtX2&uE}7jZ>f>x)K`vGx6xPaMT5i1tFGd5FALG2BA#spPgJ^
zP{rZHHeCR~z?A~9g2sFxd=CUzM31MGsnb%q;B>)Bt!nS6i=J7h=e}f6`-SX1(=$iV
z4|a?fa0d#wSBz$>6(Hak46I5C`0kBdz<>Q@8sfjr*Of^v_mK*$Yo``&9E*STg^f?L
zCkds7!2Otlc6sTu7nv)L?iEHx)pYL{m?*kFq$eo3tg@F$Ub^}sOJV1Zjr2VZ)Ajs-
znMDiBnYen#<Q0qgbQ{X$N()L;ZZvRE#@LF`WOVhb4g7d#HW>`H9=9G~(I66I5KTbf
zpd~#TYtiSwx+xWnLA-|B)5kCK(1o(Y)TTn0NByW64x%ey0f-<`TFsP1H91QEon2LQ
zx@pE=`F<wYFDHFJMc=Ok_FI(<|I%C%m%Ek`fh9k@<Qh2(ict<{83$A<1g~L3cfLS1
zPFah^gCcaQ=x+xT2|W^EDh#Bs9M#2tuf=e*C_10Gi^u{vQTl0GpWvr?ZR6PO9Yw?d
zH&C&F`sUJ7QbWL3t%jcY;K3bc7UxKg?IIZoZ$y1nk<R%LkizmMzaI6%{FjF&Lb!xJ
z6r4qT9S>9Z8}&%8+B|leE9?1bayK&m#;4C+W$aL)7tn`J?p2>;@Csyb2*xpSAgB)D
z)9oof{ZAd(yBqM8+qz;_{Z7^=(EeDISR-PK)cj`jtvLq%RrVc`_ms#F;F2e)+9w1r
zt0(ZyRxYCkIm$|M4_^Wz-^>H|CHfEeMueOQ-?M*BLqo%G-^uHwy^YQ>wv%J(Q9-?y
z*YYVYVKL58(nIH9FuYMFo!}V5thSL1QWG(d&im%D_v4l7vGb*R<uiN-_h*gWjP8-+
z%C717NcCm`IFU(*0^C6*+QzCpw&Bob_TC+oh|5inGTggMN!5=5_b$Nw<`HHci<6t9
zErp;N&tPsPoj}vuonmro|3HR{&Wmk0Af8+eKIcXFvH4ky?SK|97PJFJPmU0Ar;|N#
zbkkR^PNe>2P~%!7T0T$@x&7<gKF!bq)6Vz(D`KT<JW9H5cbKWbZ)5m~Ou;8JT|z&q
zlw5#+^2>=kwlKqy180p4vFAKm81}Lz7H%&N2lV&`__cWdgk+1~&w1y^>yuf?4HEDz
z5#PGKTkOV6;W|6xKu3xLEjpBC0L6I2w!Jv?FR+`FhS&0fC%}SX9o)PWI15>dUUrhB
z$Kd^8Er)kwU26Sp7UNlNv-qd_;y7QN%ayLwfx<v%4zLPwE*WHQ(mC320XmkktW8;Z
z)~5c427}+=_0ZbuY()u<(~_^4T?DhyZD*6R^+{*gBzJ037EJQGJ@f~o?0KY<$B6Wk
z{_*Mz$hQKFAo@S6F?|K7tK^EOIHe1|h4G0J4T~|PnGj~#)vdEQ0-pDA1jK+U{TXZq
zL<)3$Un1e5Kf=S60Ze(E0WH%JT5AxtbLy^3A+%hFx6!Ycj&I8uNXq2eF=9;B*IN17
zyuZO!x2!#}hOZswT$D2*p!MM|*rJ2qXYPa)#R6H^A`v^g7O`KwMcO(h<da#tPO_DY
z;aOg7KmO(llIeBQcb?#$Q&@~<j%E1RT$1Ue`y1Ffy4W899ZLYR@0)mhIlBcD1o-r+
zCjD_kq&JvZ&t87kdi|691~;A7h!0M(!Sx~|Ui#qo8Lt#VRAg|2=Rq$qpDd5m8r<aF
zf)g&|X^?3;KLE0Xb`_M57>T!>chj;b*+DP?QD4`gKJaRfU@`>13xEU!=6ea+iRsb~
z!4!!H^Agi7@RQSb6>#ax-Hr7>b`j7Rv<9<#8Ms~;i(l?%?clVR5f0e;#B>n=q~BL!
z)sN{o4h)@`Zb%<z%Xm^0jgHytcJdk4p-6A|uDv_#4;q3p^}yD<;!leY2CkyzyAt|L
z&x@)LtT>1Fnc9`{GrSo40z=&CE5f6<gY3MF-T0E{h@_54uV5=^_7&prE2-flV*f04
z#1t~~+R>gLGL%{4Y&y9Ew@}*z+Z{FVLzFc`3ItqPe0m*B*S}8m&i?|H#FU3#O#pyH
zOU1o=d{b4n0DO{@w1I{uK!7L(ssyPNu^7~r6s^*PI`T;RI02!pGgmt?qmE)Ccx_AZ
zw9<4F$C*JtoN?xkuNh~?8J#-_bwo`XXaNy<C>HQhM@DxEND*ucl;&G&os&L*neY4W
z=Jz`}=j^@DeyqLs+H0-7*4py%(xkFWp$&2UQpp_#82ECr$N4+eq-h&av|;(Pikx({
zy<6U9akRcf`QM27*IE%A_dMOCyM<d3k<)tbt3FxDm)xgpe(_&FjvD7TE5hl9NJVfo
zw<qJaE0S2$&$jR8N2m`=W2lew=`ekqc2XIA-gXA{ZrE!!j+7JIMDJdILAc)b8esxA
z|B)XRbfEI9k&!9Iskzl=!Cm9<2HQ6L4DjFG_*!p!TA{y|+>OQN*dv4ToVraq)cCon
zE}-+RAl1Es>UfxR^KKhK1#Garp(>PQxcPNvQnN)y9zkX+E9O_4$r@&6iJQM?CTPy_
zaDDRI4eGZAZhp!{$|wtMMI|17)Pz+jK$V=5V*aF(Z5I)1234PC^S!7~gW!n`)n7U~
z3|<{7y!uplb*b>`8-Uj)6<#;oM^##HtD^u9zv?~$S%wO--3rLED;1D!R6v$dse()e
z7{Kcd6<!Zr1g|e`YMYw};dNpLHOx2!UWaE4!0Y<#B)ncpe*63&y#6+WRBse`y*y(m
zyt<Wadxyd6$$Jo9M~A~pZb``JbgLF7Y|q?(hX50v|6mq<6l1`p2`IpOE}Ia_V8GIu
zN`M5<uZ<miuCu5KM_FL<c=+ibDhllA&lL3|u7m=z;WELM4_6UfWs*H&-*4}>pFm-g
z_dSs;s2Wkk^=p-hG@CXXua&=C(-d+yYRq+K6M@RQv;Dz|H|&&8YG64$+KBw$57n(3
zz{%w?IUxqWF>T%%?LeM7EsCPn8Ei-Nthv#6C2(JILQ|WD?}p^Nwl<|vhmTO5ZXk9Y
zK<8FJ(a;_Iow6u}%&1d|<EvgfbbQrmNk4AA7WL!g_fbVCA+b}az8#$IvxT5)$7xpS
zD#}@GIdlqs0lm@tBkT>#Eaoc(a7ldMY85dAC;IX!<h^8wslH6Bl5TQjyuG{0P}i9Q
zqpR-h2x#S_qTHDp`BK-oe$EO=)?}_bMv><raz8{KOV#d5#{Ihw%m2fN<^So!ivRFo
z#ee#+@;`itaj1>iZ#Jzr12%<B&W;M`>&}i0>LGdjB&ve~EH@zZuMDr$N!dF*ZvOg(
z0WGtI8k#yV3V($JKpS*G*sWoZ6MSF4GuV^e;zpeAE#{A<!8|g+l)hi9sI}QV{N6ND
zmBa2)OdPmqr1iVuMBsiU-`jPBt~S^L+JWgjD@`fO3}q?fcUXA~p*#;Cp_I3Q%EJ$B
zZvOp9C{Jk*;(?jP{FiA|o;}iV!t_i8;;{SFk6>Ab&jN0KON=y-R|CG>M#73rre*0K
zw;K}T94h90yAUKcQkxzee2?EfIQRq{qeT^$8>6Lz$<THJ?u1ETit)U`sEhW8jEcy^
z=CvnqgTQ`*>E0=XDe9K^$>0F>6qvw_@9c$OkHp(Cn3G<ZqGOy8t9PMPtn&e65tYx`
zf$WbpXxdqAGlw7248pZlZ1)@3_kK<GX?{;7QeTo^1F5pOM7Y^ZV&+h4@OIw{Xle<+
zFR0F{K#tE%A>M(I$t1}wWAF2^eX5w&w0^XP<cQX|HM~IQmP*(Z?mRy*(oPE`zcI6z
z%!R-d)JPhOJY9x;e;#0T(=#oARpMj*p@>BPfe0?HqivFaEr(d?HvZ^2MTtHXuvr2V
z(RlCL6{s{mb%lb!Rmm`*R^4w9XlzILVGZdoH;o2Dr+z=cVUO4eqiz5$2*2!>Y{;~B
zT$5AC9~IE$j|`3k-Vv}{L-(3En^4SS%dwPqmMiU3bSMMU8oC2l(Y65E;=-76OJ%^=
zTuq93mda#J3T*?=L;K&Q(=eCLjU@G5KN6Jvh{d{M`+n#Ki#C+fT4+e1$s0>CZD{cz
z#bpI1Xgkf^jM#2Po5r31%$xcy`o)e{_zghIHkA`yE%Bd_CaD=YBwg)iEY&~KmxH5=
zTLV;D26ant0#gj*jGkgQ>*4p3If^lEB01<nKpt&egVLKW1oqau5Dc5|8US{SSs2jg
zpyJcYNj*7JV!iyoBwCg-C67Cl$|riMSX3FZg;t@Qbq?hH3M#cvK)cJkDet=|?@Y?u
zB3z{ZVh0Av5-Kvc37V<SAGa0gLVy0?WLtru|I>eLY%4H6T6)7U`dlX;FGMz1j%vd&
zUXZ8)8hTm6zQ5^V($A0Tnmm1E?+U@^=m9rgrM_T0dq~IJ23BNb0y{kQbJpMU$<(uH
z=SAGq`#fBqy831RC(%f%*gCbH^+Mb^inE5-o1`smJQ_8MJJ?wW?`Mamwo_aNI~3k9
z;mAXow&*UCxNquVb`IiuDK3*84sW{o+dc0@qkBe*-wi9zM&-S3s{a1c^0J`38LjIU
zT&}#CRNh!u&Z|_OQrgtR6qf^~X`XRipwcdC-yABhePi8ymzI|c<-Oih$Szl2K9%>k
z<%z_l?JJ=6z5B_E(53Awr1GvF{q#>REw2d5`{lzMFAS8&zJPB#r}DJV#1*!MtTVh}
z>{Ig}`@Pb_!#xK=fM2GzPd%3Q+0=8uRl3E`!kg?@88+RawDi!_&y{|H`qZcXXxij%
zG?kv(AC2g-WCd<eX2IVJBGKpwC==`1JMbM4mJ>X8Ra_HoNr&>Vo@W7i?drHV1a16N
z+vd*b9wW8!>|j4pdFAHo4^l}4nf@f)pu7@Gq4v`9E<kB(zkZ?pa;4dztR3eMd_!d^
zB@NUvmrDEkgD<aA+ohC8aSNfegQ+*iF4wwDC~w`UkI!7LygAgm6PCN2m$t5m%F}m#
z^~X!g%YgEFUpm=$x$<(LyhGZb{`hj`6+&rE3ulDY_Sw(b`)Rz_r{11-E)k9B5Q_GG
zdoR{4yw$X}`{8xbwluMqeQ4if-ytr9G51Ay!|1Dj_?ri!EoSi(`(gGzg#!d;8*~44
zA-Z#fxXXSB#*vkMXFnCL7YmQQ`!ePnwRedDgzznY{P6QTqpfLT7y7ZFvarr~-}!bo
z=6Mi8&!NW$$OC#Y?V+vjy{qJUmd0*<YHRJUvnWS)PW|2j?K(I8g=52W%?xjy(2#TT
zqiCC1>}Ln<pRmJ}D~!c7{iH@6=K7(1pI8bruwI+D_oGAX6Z<};u6rT0FudW0e?52P
z>u5`wxEEUkE%+Yl-&_6SlxV9NAee*|_Q$=_Yuhl#J=jlaX9=<vsBPiZ*Pe++QlPfb
zPiei>3T*HHlbA6-+A<PyhCWX_NBJy-cKl)LhCfGJO^`eET^hhb#YlO-`(<BrXWFp*
z3nBm5vgP+)oIj4aU+gyi4D!d^#l33&`H+9jnUe|3n#xe~M-02KyuRV${O3UaOKM;J
z>G1q<26cQrv;X4S&xG79^EEGBoIB#17e*TvU!1!Qa(|+>r03$=BR;tCySeXNoPP%7
z|Mvb*W&n0s%BG0zJ$sc>TJ0@jp)EHwC0uX#`GF_n(H&{x0vO7uuCl;@cLQ5s6k9?I
zj0(vx=q5qcpJj{9EQ+*OMwE+T<Jqv~0&NI%-0IjBT5NtqC%Y^f_F=Shl4h~xZS>Ka
z-R?MFU5Ip42@u0MRyY6o64WcV0zHX~Z(NSuigL9tY9=Bn5MFpiRO0VKj2tUKE&J^S
zjxVbJWsk(QK%qh|*%!RxG0dpU%@-^oM)p!|RibYP<wYcEv{1F}JHxIqsK2z?-QQSh
zG{8LpcVKJGa2pA)8n~yS%3ee#pEayJ2u+T5it?AY%4c(%bD>2m_06lXVNtiw5JC2@
z1IQm>6o5hk+8OPs!!E77%^F^!d6$SuF<G7`LB);6!aN!(%cI3|ptNr_K~zFAS5^Q)
zFPADD`e1uJUb53MxTS$jm=6<tb3`R?tG#|LFc=1)()SO9&4*7)ZH8ii=Rnx?ew~sH
z|L=jYi9~3X0>KhBc--Q_VxAtQxXNWQ)>cU(xV6U%^+WmT0zL85ZavwXc>zUslc~Bn
zsDJNSAl6yiP$D<GCA?73didUj$XF1UXFoAKK|`c=Mw8|GR^4RWgKM-*hE%Oc10#!e
z$58&v!K)8qGJgS@lGWQbAcLpD5H|$a6Wr`ow$(S-mSQbGl)p@E(v5Dc&)-Wd=5sy$
z#Jm(V8Lw<ypKpRR)dzqP%g`Ys_SG1Y;MChT>X6G^Z_9$ahaa~Jf)6E5knkubgcNfy
z1>bKamJpMBATpnFnREq#r%sPGvB|xf+9lzK67dm9?bZZ*o<W~KGKQo>>uvRF23eFr
zwUsQm)~l7sp-Qw_X%iI3%6r7p*69XV+CM9zw}<q~wgB>$3V%8p#obRV8Hh#lme@mk
zgikC+?ht$S;`!rA>dW`~bG(xLK_aOi!*72#$x^K^0*1?<0>u8T!LT`KDBU~K)PN#P
zHsP)HFc`#xPqP`0YlCA@pAW`*i%#xE`^`w;Ueo3q&?58upc6g5L^Z&JLGTX-f@cj4
zwhshP7#f^G!J6!@z?g<^oav;Ay(SI#-*^hX19J`xpp1Y|_2<ZukzNTng2&z&s5BZH
z`*qNedy`?+kIKD<;KR&>I7i$Q8mUPQqmv9s^TI%yVl?ux?`(*)k&EqGOLQtAl>FIj
ztauLP+B-sy>f;jEFIHt<_DK1%m~SI8@@tY|By}rCi)pr<ZYUT-{Z&#6DUnzX&U_Sh
z*pHxRh?y|&;b!Ik*s4~eW{ht)W;s*IvhzvBkkhD$EF^v^nXnd_Eo1H#L2Oh;F@IID
zO^i!q04RkaS9Dv&g?^Q#uD%7Z1v#qV3zL~t&mi%|LihqJD1IloQFU|<KYX4f8!+VD
zl&^*Ll3Nj;vM9MxQZdMdu08(zF!}FB#eVg70*%vGRclon1mQEwQc#&aQe1|bjHm;t
zdR?&czr8&Oh~o%|sY-#J*BVGdYjhK4EaUv`feueMD30Rl=8C2Ubg_>78o}A<DI*U!
z>}_(nFsGRBOQ&euPPb<7@QB-SW)&3kLl&B%FRMnDMIJtV91Nozns;UVN-8Y}OZ#0a
z&J)7BWn4R0i^f!(D<ez|Yf_0-)k$n`vkxcC2VOSYkpmOvm`+_E&f$dFj|R`PO`CJG
zdtkyG)1crws)1nFK=7=g!PgH2PZ%0(rC@XRcY*YV?q=2Cc?TLi(?mI$LfU=C5kBk=
zvZ62Jcm89b+8?IiY$54d8MhCHZ%I*`Z-(Yi91Q;-C0xlz91LHVLSRwyiN7@v{?il{
zELAB=FTE8&n0(A`aLm384grwl0R|wD48aPnf#6{{<obc&VK@XpqQT&<%Y)=o{V<Ry
zRn8r(@>czjre_X@zl`Bpwdq6BuUFD5`E)f8ga`Bl5+$GZ!SEG&6(l8k6(qj@50C&x
z%)1Oo)ZmLjq6S|K5*4jp79=}$Do9Gm-%ME;`30Ph(X#^*xtDdxRTH=6%6LjMDq~}t
z643oRnpfte_{tlelO-W8$tvdI9#wi|T7Ng5>IQ5wjUX%0Kbf=;y|o21!+mVjNNY2N
zPbm_<9Mnf4;Lh}*tHC+^JxEEtV*^^~i7lj@fm!Qy>byk4?N?g{pnU?+d9tIefc%yW
zM(r2Xjz)hzHxGuRyl^0^A?aVdC@bAy)H;!-k&@N%&4a@q!b#p1Hl}z=c*|&_W-z8q
zB#31>+7y3g6B25>5Vn6B%;CCZWh^l2elZw6PE<#cQB>S<siO$>ss8Wg)*3AhB=f-B
zvcR19^v!`<<0b>a30t{sFnoblMJw3K*9OC{*Q#?1^Vu*MK0&L_EzGBSFg!sNOPZ;n
zTcbjy?*Dpj-LFwVk~S11J2wqf8Fx(vI{t5)h7n(3)PowFjrQ(=**IRK;%&_B@l8Xf
zVxOXDZid-oBgGI{V_`bZkV@QKduCuNeynWt<=}Mm@cT}yt_=YFA^kL4t&eB0KID8N
z*+nA;!`BN#y6Dv3lcdG!fi{gwrmen*7#93~=Ri8Q+-nKmiMT^)4j>MX9I=#<i@X;H
zl3j}=oQ>KA?eSZrux<u4X!dEfLDi@iKa(7z0QE(*%3X!3j?;P~MWA^-?Gq!@#z3NS
z`))nbYW!;#63x#K-=CGd{Ei(k8)y18te4lj2%c8fg@i*Whcw05j^ednb|nPC8>-C;
zEzaacAHWBK+Z#&ZH6N2&YCf8IxIJEe9Ync9E*&q85fyQX!voddf~o$u*e5QXm(^yu
zxfDayQ5|GZjZab*Y8h*`!=uZ9cK?yUkD&cAdUt!dmy%mNd@`lB7V~iw2keAVjq>sv
z)HpBCQX{=e`o&p(jfcOqO({rQ%r|bsx)yl(>uspqls;eG)s79=|43|AR;#N(!xmtN
zE^SfNRwe%V!9)VWwQPwM8IN}U!9haOjQfQ$o&)L7&<v6mmq^^RLs83?`1GA<I|RIr
z#Pj!14jLwzQ3p@r=RX7pvIV%El?id~GKpL1!$Oi4B>hzs`f{7l{`Yo-Vy4?S6W{)c
zZ|NSN4PTzX(j{H7&x&t>76o`dBfeF&D7$uKUrh1^FF!tywjiMH*y~=mWIw_y-X~Lt
zIp}Z51GQ_cDB$PX6A5n_R4+=I<UklXF;@2@jakI-26T?L>hH398xpnC!br6P`N?l>
zR_AnJH0fPJCd&Syk+qlcXKzay^A7Q&r4q2@pNHB`uGlPC8D4OKYM0AyLRXG3kUY@Y
zf8IqS&_MD8hB`M3Z3}T|{$dx=`S*le$f4YgjwROYq6}6;Z~(pyxy<~23|dc{oAS1z
zkjnyT3-R+3<@2Q>7jFBM;^zgsl(80aW$=3<>PTE3QAc8Ngw&y7ta-V#A7jlh*u4A)
z`^in6Ix|dLVE)n|vnmQttTL0G&hC=G73FH1O=xurLcl78omwB-oV#0{8V&!(MN4aZ
zba;{0BSDasZ#zt&#q2V02D^cankBkh3ukEs{z*Q1<IE~4^YHaM6%|j+JCNq)8H$^k
zxRrUcT5m5vr=9TRaTjy#N7OSVWiT3HiXI@bi+OnOQ2!X!F=Sz@G9}b>DRL3IwLwOb
zr<h+cP-G?*`NzIwkxQ~#Z!16_qQy!XKRZB0qI<sz2UQv76xLdz!Yz~q4YuHPRU*-3
zvC{s2BB*n;R-dY?w)Q6iR@NG~B*&vQIUZYKJmPlcXyhU#F$QgX*Fk_R;aA?OIArJ!
zq$-=CG1Vp5CGrJT;oiRAzSC=ugvN&?U3{ck8K6f(rOz5*sa$&wPgSfwrCJ|lglo}l
zh#3Wotg;vR;HC_-_K+4H$k(fB^ZRVYQ-)AwFDzx&5Ik1HlFBOk{zKBfVM(X_`;=3L
z=c)S-dFqBHmD|i@JZowwQXNe%i+M<a&%oR|$=;m@=%RKRSuc8%`bp?k^DJA~Y|!ot
zk!>P6UPd>*FpV1xA&l4+LX&M6Fs98rL#54zrqV`3js+c585Om*O!i6j=F0MrTNg4^
zEW23$GP$2=tqK)o{D(cwwgPk4m-}O}i~LWa@P|h1R@({<n#G0}OtJ58dMIJq{E&v^
zr{*Si7y0yskniXrRJz`PX--4P_f76I$=L4X!&yjS#1uVE?%rhJx#YtIh&5yE`6hQ?
zGO(W><g;do1e*9U05K2@xo@M8lofT@i!97{)b6v|4R)W7xjB32xP6!X+kMe}+e1DZ
z^JUn5U7?~(yUzeMwjX2eqjq=SzU}sX_JjLc<hUl}vxeLm!A<ODhBl-IRNY@=M)d|5
zi542JsQ=#1`lD@n+#KvVF!gZSXXN?nJQ|FM)z4d_JG9}g*FX2z6L&E_^;>k>%?|eL
zpSmyYW7NHX55;qk3^9&5x<?z{FoBZxqBkoPwXkoecCu*C-l=VA+tDaD+M*Ztilxt^
z0hu{mucg$uga2)GrxtmGXhe@SWZ(51occXGJM~;zkJu^}K5s*zUU*XueQ*}Dj_%T;
z!6D|3S`Aa%qOE#%Y-(rPcCkwgJfB6H_Az~UQwn{9c|#G9H@ZHT&jZ9Y0P(jG5DEm2
z**ooAynwAn7$_}&A%5sV2I2N^lkLR>8A@9zve(|q&>^(N9v#*~C@ow+gOZezi%o1B
zJIVU(r|jP;ZGt9*H)T<hD7mGAb}$a@utQzM@39ro0?0@{pQZW)wuCp`f*$}E0ky}D
z%t|&uM7SMFYoB^p+3CeuDXw@8yAb;=yw&mP)`>r3d(#e1-N#NQKWLx&dD;Q$?NYT_
zb17Lrb>RnTXQ%dJC#GSuGm{O(-lqOis<dH(@(DYY)-|<<O2^9Eh9(DSZW^ytKmk`;
z6gy+;c53vwsb`_tBJ^=u8$c$DIxdHjD;+1F&nNTJ705o0f~LQhk7fqA=qUYm|5ht4
zL7zusdU1tP;PcrBqd(e3gLa>Nul=A{x;2BvlL@e`S7HLzZf{juYmbVBTQk|Q!8V5L
z&6MP0+#zS5Q{M%)+Mt&rdJ)=BU6?{iqU;04?Z=daYHOey@86mww?S)WVIph^P<Na_
z7sKkC){{eD1sAa?;^%CYPVB;6t>}<lEuaU*?V%~;qr+U)wje`sb+UFFBC}x#&a}mq
zQ8n*op~Oon`;Y#YX-lNFFlTaIm8LcWBj3U`=mzu<@rae|;rBMKxM4EJR^=_G6f5Hr
z|M*-Y@m8+FNnrRR3swA%2^v@A41BQi+xTqLmL08yvxgLcA7TL$Za8w;{29<tJJ{YR
zH#EAInl`(v(N1ghn7PrljJYh0i={@u&dK-{5N}c9rN+f~HA>4HUFH17b3{W_Ua~%u
z<AjDIfrUf-=8#_Fkoq^78W&;<9;E7Ie<r&uhM=f<&{{RGKnRYI_$P`#Jn=%qk>H-;
zyL1W-%AdilvjTe}?3(O#bMHJNBSN*7P%REavpq84FLAH@Pw_1jvuE!TcS4)aX_@6&
zG|@P4jMR56jitGX>h>g~BzgTgehojLtEfz=j95y~ULfxNh{t4B0TUL;e&J}8wCjBw
z@1n#v9f46as)Is3zM=@+H4^_Vgf=7s<HDAAurkGv^9#9(nSyJkACmB2BwvlBJ7f?p
zp?A<Bb(t59fUM#9)_1y~<+y$a9JD_uC$u%`a>Rf;Q@KL03*LiQ`MQwFD7{IMlOg}Z
zH@u;A7}`58iy=vnlyF;tMEv?MXmgC*?}=c6M2b+M!1)ZmbT-->pGTNxN&x8e8x%oO
z-F%%U8_gPkoHI#co4bUUBvdP6l_Q=ytiZwcpqU2@ug8q<VoQL?$zLY~4Ad36>hIvM
zcC4?6LG_=xQDH{_EX!g<poizIlT;Dsjek*@_29x1Ho3&h=e(haB@6)W2_^iM*Qxa7
z<*cnzHTi&6D_-c#*}LqKhMho%7DD62kBi;BN~!$v^2&?I9mRi9K`Cw`Va?^U`c*R$
zws8HUf|(T<p}$yxnf@*KFVLfo{tfVNkHFv4%OUX(;rcOL55Tn&uGMf2=5JP6GQ-n(
zMb^LwR*(-ZJ40Vzx<4&>eJFQ<!Bch<jnYikMUvuBZBbR5OQ#q3?{@<<457t2sMEdB
zmKBobK!rk!t!*h}9_Gpod#xd<uxWv=(KUjZ<eg}p8%megn1x_^Xq7p%%A$A@HO83N
z5|Rpl^A0_fKO}evd?XluZj#6r>6qD5Z13j!m(>1gMjgMPcEF>n>Mq$EE+19Gdf6%d
zJ*lJX<OF#G2&BmgG5i!Nu?JJaPaRKs^teNZ9vGfILkiM{kh$rpUPbg|DQhg!70VI5
zn?HO#VFAbq##2HYcCCgio+JmSk7gjhYuYU7aZ;nopvzF=P3-mZ7jB@f(E%hQAGZ$f
z|0DC6i5{`p;*7e-bb^<i3yd*sE=>hm^$vY@OLkP|ns|z7vj<*Sd&7~M36&Mi=kT-$
zqDXf0@8(eUG1?$vv1qTM@ku;NfP4&i*`CJVVmtWPXi_La1#j1r`Mxe}oPt|%D=q(L
z!bEBYbR5l^$_g|vn5H)75`0fi3z-YBeXT`24|t*=SM@F`SxP+O-eTnJ_g{x!1BSK?
zb)mHO_{L%Tc^j1dyysPOj+Ygy;xJi>N@aA!3g5AtL;)FPxKml==BuwGlRSAl8J7UN
z`Ugy)*oMg4=E%L~+U0WOWE6l%=O7tqm$L-7FSGn+H?UbesAOp)6am3ra_Limr=OsN
z13t(vqXQ!##LXA%#?hSx%$Y$G{NJP(*m3}o){Zj1je|12|FB<)?R#~geVK#pvwkq7
zeQr13I8$vO8iOo^_Vp<3JDO~trS`$FJKp>Ol-Kjm=rI^58mPSi`3u7G(A0&tnSP5$
zZnN-z>?Wa07H!8C+HBZV02?+Jf^wk-g(y*kFAB;$5L$|+jJ$qmlmDcOIjPB}8-|KC
z*B&<xv!5_1_7hgJpMVDAgQ8gzW#6G0Zac(gLg2ph@|PNK*fQBI9x4m3w`Ib3B(F+`
zFOWoNrk2EG8D0+_UoexuM4Qdl3K*-2^5wNtlJbaBo#BQJI&`YYjJ8G#ZeBXtsyXCf
zP?X*)XJdVh+GKs}hxHF`I=%2RLo2ga@qgTF4DI2bCr8QH034u_7YWF!7v6xl<RKeX
z*mdE*BUs)tC<g*fI{ixc?~x$^^ZYrdU*X~mW#iZCU-VuMd4&5A=vx^_D@T8_12SZ@
zYS{Ca9MZ)n2w$$g0KrBwdpgBNZBnYFW22gtCj%R`Re3U2u~89t^j2Y=lXV(*`W4ny
zl6=d9x2-ftap3qDx!=MX@@tf8Z4gwwDX5fnNTr7H_xYNk^~=>L_E|-A4g~@bpNRWk
zikl9bY&+1?Og1~nV%Z1KexuQ-RaAD)u-HYqK$~<sk{iqXB^2o`vam9<N7ZEc`5`iv
z$do+%ro-^Kfq+vix0<=@B-+bb*dntVRb|$b>4fL|L}Ji3?xpXQZTBOAY#4o5PWCA;
z+b6eLq+<3AcFuc7>`H>ic*PJUp8nPdVW1HJy7kmLwcEO9A%yaWa|ou*1taN10y)wr
z_s*6~>(-KbcVqq<!3>1OOt|^Zz&HHU>1d`_#=5)`zv<^Be}l>ab$sX-MBAX4ET$y=
z8z$8#Nz(?BelGF94ozy%LDDBNshLv#?KnvkDH2soVk4pKO|^pg3%I7Q!PC^m|Gz&C
z{cCakynk^0^fgH%OUmp!n|}xNsF&!~Tyx-IIbwk|XdV)&)hF#ISc=?XmTPTv4o}kK
zQ1E8cW~b=p2d_bL#b(;PNc4oC#d%T8p2gk>KSeIZ+xamPXBw00ZAdOR9AUM#z&N?u
zRxJd_#ixa5hQc%df|ZE>LJ5Rb+^Khm7q9kuc;0jx)fgi70>@#<TVbmXj)+^8q@&&8
zXK}!Ii@9kqrD=1yM(o8c?4^)JH`KC3JddZQKr#+*O-@wh6VKO20-2`G?daA!3l_!?
zDB%~V98==q?_EO+D$pd=K(^|cD=RKC*GxB0o1qXzwV6V2l;6nrPE$_qaAiWBj6xuf
zNtrLq1Tdo*KBNGkA;DUK(@->i!gxT;(|9Tf<XKFcV-S=ZpUYgCY*bDRO@Af6B>81v
z0wtmEa#<^v)Gw{13WS-lR`N^5^C@N~Ru0W>Dnk!ulrImAWs7YdUUscwV(qf2mVG{$
z1zluacz<m7(DQZX7gfotvxLA5$+YE>g~%kD6^F?%u}x|&iqGWAw)t)%-<QXR_=8^B
zq7w$`&!&Qr!`@Br6{IHvD1EQEYI?%fko$ySZq`F)5J`S8@vc+v8s!c&w+`jVW=Ly=
zD-*7)Clp$JfL<>uW$q$&yV2w3TVG0Uspzj0w3Njq`~wnv2EkOnTR9cSEHt;T*O-I)
z=Dq9Du;sNZrL(JT2BCSI64OjEzsN$=ps;YT%C9N~Jh5ITJaISNnqP)g@xtb(@iwoy
z8gDl>`|x&s^Fq93HRs^%s%9(Ru51?YHn#aFL;uOmAK^{kyp5rOIod<>tDr!>W~OSh
z{QfPdX!zq>Xe~lF;{2XuRQEhIu?9GO3b6SKu48bWf~yy<1Y9Xlzfo{m;F<{6)o=+K
z?MU?}>hvk826z~88GqjhuS_A}AobEDpuc)Kk>E$O)$((wYP;tRR&8f8YWciD>+iw*
z3WNYUZ!&uL+@p}uual|2nTHw4^Hg04$fzzEHD*{w7v*Ob0`p12T1rAVBl5LIG@fNq
z$UZ-rM<Zo#qwKAe{Z+}RzvpB21N*Td7=S+EDd>df2`lK<_M<*s&7`%hIIblA-HVBY
zV&DEaB`{RLSc62sy4G5HK9_u5VTh|7jFbEOO+Wh<SC{%jh%lcVLkbIHOzZF!=0pCI
zu-1HvUtOyd*|`TId=U(ppoZWMy>AnS=+zKBS;qG=hMZQgQYVrNz6}`i<+MRnLSG|>
ze5i!PSNT@sYeaqZ`F!~LH}!RyZw0=-sJ{NdSA?&>R9_vw9DJ=;UuXKP_!?ASC;1Hc
zTBW|G10Z0Ob7`95=$s&S2fXk<T&qI<v;#ZkXO3i_kLK%>QIj2tog{#dB|d5p%-_Ma
z9j?vl^B>^as6PKUTt4+#f~yd&8{o=R!;)91VL1Ls;sfMnea~Z;|ItP)p^@gf%d~Ez
zLK8&R(OlmMH{W_px7IcUzSIXlwI$(80KMCmgzsuh@3AG}>%-UEZAti+;;Y@3gl_@9
z+H6Vq=HTl%TN1vR_?n`=rn`LxeD9t*1iqc{!WU$zK>X!ggzxop2j|qxWYoKPD&E)u
zW3LykRA}3HxS&bqX>gwd*L=7R!+SB@g%Qc0X5dLX;?kcuLWei~h!H8Nm&O|Yjeb9K
z<u)zO_3Qn5Qg{dU-1jmxPHJ3Xv$Pi4#)<GZUej1;o6rdKI!~agsw>xxCr-GPlstZ(
zHlBeu@(Yj+YK#{1m#@S_&T7X(VmxL+vii}cmxm!(P6yVz&4nUbp~liID9#QIuu`_#
z6y^Q8^AiHNQK*EzVH>8>kL#yJk*$X3XS%}==9Gmha{0eVJJL`k*QWOeM^uzkzRS^w
z(~1uJ*&?9?aMO~>ih_H}t6EdN9<c!sUONm?E+RkEgaVHP(Q}6U@r_U7*lc_jN2(&C
z2+m+m7?K9R;6cIWG_<XBBJ!=v6(D~p7b%gGClwi>E5mEryjl+l!bYp7gj_6%=h>c6
zZ7x55g7)W|iqOYg{Z4?ZC6H~}yc6~7&t~sphk`&`p}RDvP!cXl6pL+czDl9H#Pg5=
zG{x)jH52TAic)e5$?nYIC(%$hdrzI9367MxCT!6(?5{b+9uS~3wm6Hqjoz{{Phx-5
z3R@QPR{Ru@GAQ<`tF~Fj2eXH@&xs}`4^aDR1hs)>5>Hne2w7P8|Eix~B(Ftf2@-Ny
zkbrF}7bMf>pf>uofkfeA7fVH;NBbOmV33g_a!ndA49$HgHCh%kZCL{J<pI-sJ01Iw
z{SAzT{`;ct{HWkz)0PFss(I-`a4#-8excZpHuT=ms$Bl8qV`yK-V`v^9|@#MWnTWH
zZ<D?st%6h*7)3{SdihVrqnR=}?e+4>W<@az4QWo*jK#T%u4}%RyxgvcM3r6Vi}Z)Q
zevNMfP}6>k#D9XUP`Z}XmlCH@q8obhxS)u7o<wgPNl)e~{v+a(I3VWCX%#H31sb8X
zKns^>>~;#~U<w<Bl&u`mxjkk4wNq3Lh%p4OVosHAoFK6`J4kd=<Cfd9-ZB#VRaxN&
zu=vN9@q<Lzn(=%r(jW5LkJuAcat%(7%H-teaS|TJ7Fh!+5`P%_Tv<=o+!9zCe$u4q
z_pQ3ow7Kr+dc?#HyW#dW?)b&$(avT3rng;qyZ-I#@s{=W47^>{&>a|WKcXz)rvHiI
znNeS5%CV90RQnOdlam(JHyaYgrVY`$sK!684Ca9i2E;Tz5vpEN#y>hcDBh?nH*JV4
zk3GE%O8+rj55jdfT*Yub2A81MX!RP6UKDh?q<#cTVeR%4a)&|w3V5qrvzNB-aI}r8
zd<Vx`g}M{q0`!zg00fA$1e@!~4UR$Q$q|w_o<(`%PPDg}YucQZeIe*XH~bNjAnrta
z3pIGw&|v#O@Pwhk85AsJ_Xfr^&<Rh&>@DyR;0O$MnhmFv*`RV`*1(8(Ar0ifydguc
z>)hbbt3O4X3BdR!l<}tyzLUW;iLX<XY#3*Y%^v>O3<xJ4(w-;|)tW=K7XGUYMUN}=
zE{S1ShT;=>r{fFgp-^pRWmV|Gbhf=JwAeU&LMZ;D>_@z8bxvz)T4SZAu~OGqnVP$F
z#JlLr|Iy`Ttf;V6cZ<ME59z`)4*`B{EWJh3v`B|$O0Akk<1MTVpT&d4awNyiuY40x
zs}As-+Y`3jQp}&TDw{5*%|#=`Ao|Tk=R}99|4<%Ye3tFQ440%ddi8Qtl-NGM00I8-
zjb3fz644!cD3|X%t7;A@=aE|c0&luek;184$Qh)Li6TSXtZmZ~{{|&(v&2YIi6)Uv
z@|x<uL8u+U^E*FN^lez_Z-j>Zrg}Pia3s53w>Dbm(FpQhArA&y_2e}vd4S;`9be3E
zo~ZD3g}<RA2Rg&5U*Trd%9dLU>VDn-mApH!5@8I$b+nt-Ujs<M-VG~wJ|OKJR`@0!
zSz2FDnjty|%81Qttko$FK+unv5lx2{(vhC#s?e&1s(b6|9jcN#@(9+-kfFl9GvwBl
zhl&iLqO9czTz?Ml9!J|4bE-mjEet);L8qkshS<T@EY_<cHhH9h0oWAVO89K4U&EJW
zs3P`KEcs2^L^MGDSOctZGV!JRN4RUEXuL6JE{y<Zj%o8!Sayq2B*3Ub^ecmSNdCr5
z1K9C-QnEtsz@aq2Aj$O#36omSQ2i^)t2#$x+PpAFi**BN6w9qzu@wg9HwL$OmOu9M
z<lfyqq%&-gqq$;_<21ss`aRSlK)t5wUo|8GV+luVh2Y3C{zR90)E|oJwQk>TAOXtw
z?o&y>tY}b`fZ1AE5nebVy(+ZGs5q~{%AQG9c2NHn-DnZH6tIz@h0*OFC$*yAYWTZC
z;J@rfC0mK#c}CGFbrm#3*y5sqfl2uxcRnC2SAOU=GyKEYF|fr2p`ro^lnO!~3v&VU
zz5u5!9)olXK1jA=ej`4(vfO+oMa}f^sn#SaD&`Z=au4WAe#hTXak13HJAQ%cu!#v|
z3s|8@7Lxwkhys+{{s|u5Ns>#mqqP>d*;<UkCHlTzd!jqV97vb=Uq-1qo{*bg=X)A4
z>3E6%9<xYC=ft>L50zmg*Avqgm(H|hF*GojP4=?d96uVeGM5#PJx-cdz*@s!H=(na
zh7)VX(zt<%RMqB6?@x3dLXrI9Tyb#@kYT=FBH;cCeOje?Fa>f?(L9(7<F(4+(mi5G
z9s|nKyQ3QTJ_VUr+zaYXtqbJVt<h@2mD=F-b!$X1c&%UW^&O||Dj_?+SR(PNe<9=w
z=u|VBmz~Qs$WbkTap~1onKoDIq8&Q11)jWORrH^RD)E5aJG&|*=>n6h_1#f(aDord
zK}HQ9yz^4Xx)T-Q<uCg~=~XPXDnvAL(-LjtQ{DJ5p;0n)(gx*DO?OlWiD)l2P)YRX
zOy)M1dA&e?_8ggbq)h%wTf#nJd-(dVl%02L!-<*^xJGyW4L2IRz7A?p7zoa{GLjT-
z{BjhoX|u~9M~<VA>tP^K);}XaK@xw2Mg^TQ9RDE<bfYDJPPWZBZ{uz`T?fm+l4G<k
zBFT1?mQ3_E7q=r#K&M)_>ax(!xjCL`+Pp-=qMn|1iA?8iBC5;~CkOH8mDByqgKSMY
zehv$MN}EPd&qsv5Or${77QprW2H^9aQFvl<HP~>(RR2HZ+!QjAya5w?DBsOJc;aw3
zYYm>VcUR>-lJ#g7;+Mx~4oC|BWf>|dG;Numg{Zfy`Utxd=2n{$Yfpq9vEr$yfh*no
z?+~V_1JIFzfMju}xVnRt7>oIBzaW>??$-G_fq%3YI{o#(0xiaCE$Xhva+C@bs-6*z
zKudqor+7^Ugi>>rLOKSn0NQySdT(A*#5^;-#e8I36|+~OdPj2p0yj3hL*d!l3XB>7
z{?ikQ%kB3Y*!<iw_LCgR8xE#~-yYatI{gYT7T3uAnMtuZnUX>^n|shQlnw&y4(P*+
zrsIL6Y<`hxi#yB1ie{DoC;B}y46V~c^WCP+##yG#g|jqx0C1}aH5GRN{x#NMPJPLo
z?E3-p8v*{LIdNsvFE#?^2<OjwdaflkFhh=L9ntDDs3VTf*3RiLarH-)cs6XeGCF{4
zBByf;ZN{db<HtB+Dk~aGMh-vlW1yvyKeN>-Xj`4Y9yozLaO%WXr(VMye@P_5Z$}29
z0H3!yugUBd4S|X55jUPEP%~YPQ{Nw78lM>sPKPXc-)r#s{G}AndLhM~MZ`Bh23&=S
zJr3N2fpw{0w>lRHO(i4!Kky5UWkvq+t<F1yl2)ha;*WMEm9Z~gUoX4=DHSnSZV9V^
zrSVR&jQI_~9zU)v^I3nUF~g!rb4ol5&_dI0ffvP*0?d@#`q4nG09Zh$zxOR1umK$%
zSQ-VY%2+e0QeA%scQr$nfn80%hRn&t_kn%-Y#&ur?#&6NBcCe<Q{gsF6BtcqG*<M3
zcm-L98`bmR<Nt)hQy}9E$ZMJ)Xppi%W0p#}<GdWPlrOIexr}55KF%_9CpFprtYPi9
z;l?kk%z;&8RVf|RnJGt8>?iV;<kn287;J`3X-3Of%o4MRxqUeR9xtDJ3<U<T-jMaI
z97`#2^Au`UhTLm2HEdKYos1s8;N>-65!P$Ase$lK&VM8+ugE@qIg%2CFGEsd@MTEK
z(U-S~4d~xFt!$j;pldZ`xa_;D+7=is0zWinprIG(&$aVjI%++*28MJ=U=j~?C69uA
zpoDK#UaH#WLoUl>ygF%26?FHA*js@dzrknz8LsOke9sBhWGQ$9toBAVv{?zoJklVK
zAu+!_fy?!LqZuV1B-%iHMHGNhjwFDg>>Z2CIk2_sUL_f2o$YzS?1gp52=@~9Ilogq
z%YC`2p#kSuE5BAbB9)iN!nLKaGClUavgDyVxO<riX9r36A8t~&Qi3UD)E=u0zbdGl
zYK-;s7Zh_7GOzFyqmjaz&r}%&rr>M)lI4)u6!3=xD+A+7f~Oz&wO|G=!@L8oV{m;B
zm;QO=pOZfgTv`$Sbc6Vpyy02_29M;>dC!Z1hLCh}#~PT#wPLgbHAM?;Hb3ys7u;;V
zRf>M2bBpKr?^EbROH3^?4y&}jtV|-hrzC{F#7b>h>bc4}WS08kH;Ro#Vs?NC?6V5Z
zYL1mjCH$FBlfoREpwQnW!@y|!ensQ4AyGTFsR>c*+=VHIK!zL<9c|U86@*-U1i$G{
zW{Kh{C9T|+(r}{j&XKTC7;jb=3g(_^+ES3^DJganeGRJw@kX#TT#$RsZ<&+$D8nuG
zhu2?$OOn^aPmM@=RiQJ_&7C>OcH?<ch|+=FuuLbF4h!2GJ!S>uuDKYw1KMYM8b_m+
zCOSHSS;qFlA9A>(8*kHuog>};44(G~MI<B|hOLHyiMR}eA6Ytx{^hAX%?psE839p3
zGZZf%Nz+=Gr9rI%yh9g_A~-}ejSI6hgQ4S|Q$tIKhK~BxWz+sz3B?Et+FwB_8s&!P
z(7XLY(~i1M9n7%CMIz5TmRvk8bKb48-m{V-gj!vV4kfb&)0W$_=rmen%m2HsMz0A5
zkWeCmV8~J!n8JQQ3tb6Jr!g@4!>bJx1w9BQ!fGel4BhRJ0+vMeo2Ig&i4nPDgd9o3
zy~(0VSdyzk^NkfXbW&)avV7~Pt~4fx*IGV4XHcG=Qvz5X%{E86TT{%fE{))y1>BSw
z#pt6oyzUhwi%OX%r`T6WxV_>iTIiJmZg-`)+3h*BC}lzA??uzD_VArrbm6)fUDV_>
z9q`n(XrsLbZ=)nOx^#^ddVUK|3s@0Q>gVMhTrnq;w-u1ST9BBXIkDmJ%^Iw)jV&lD
zVM`5I>k{7zs?z&kkrs&smy^~M6E=cR2Rs9-s+3afw~@Ed626U$s%8SR8ec&=j;Qfx
zgF*!=G%Ln-G`jRa7_q&LE)j*9!2g~#kZi`=xLDUHX?c!P-+bsAs_%BA^6AC;bq0yQ
z3An9oK2g_*pSAc8SePZyGx^f*2FTFr^eXxBbRo#ALXV_ZERU%~>1045-yKWtRGV>*
zBOS;eR7p@s46Gv}e8l%9MBti%z<ugtI=&{8@@DM;OO?C^2&GYj!$(dt$Z6&hUYbzU
zeer0>p)4rvVnpP#7O!dDUueY$t$2}kwF+Jo2(=oy0r14~O2pcRu)7qHj`yT;1WOF6
zVdzfHRMyPEBrgviPcC==#n)b-W%4ebg)EJpKdij}z{|az$yD>ayh(Xc@|O*nNN=YD
z9ZLad+h_n<eEYFviMS8MpX^t^c{&Gb`P&x+^Pk~LgXeeQo&ooHa0w}z6!oV~5q0#S
zzi2+gaOr|I#LZusiYyAcwFTnrzWrQOJa>@HW{8|d^_OLOH$^#4^4%$JZkUEN6z77n
zrRm_o=}qa%(Q5TO16ihb$3wDW@;{Bq4%yUXfkURvCRnoo(_}}<q7InqSYq13wHk9`
zS`qyh(tp8Pl*u2*BL$AzBzw1`H8_bMyG{@!{Iv<=ae;bVQQ)*kDt5;59@4EDTdm8>
zd1MrCfp8^B{400Z`Kg<~bS-XwEn5~mK(CA7by<8T6d)fjDnVIkuj72Eyf;+d7rdIw
z@OcUT)M6}3G4ieiYw28t<nsc{b8H7|2`xG<N8b)PyX3tIM@%xUy8|Lu8rPmh#U|4_
z2PHK-V%2)NH?7w7oZq;t=PcXxoW^-Pw8T8RtjqC!O}ZR4%Fg2n2$0LV5^NE)xeIco
zEKTcrG(&UjM2W>JGt<49zXMinzb+B%dM*(>9&#QHm2rL*OvkjAx1WYo!LfjW?ty5C
z<s&FOn8BRK*`hALpuayAS}5-m0I!|6nc_yt{hC^X>^!QG%ecUTSPNDLX_v|0Y9>ZQ
z&JOt4qt8a=xv~3--J#&8TzfP5z-kFO&#(o?=ad3F#CGO9Gqy#7P~LG9YK&nuJF+o&
zq7uB5f_>;~7ivf!KsCo=M*Kp$AgEc0<wyO(SSPQL*2cg1FZjedu@w;Ak#stIYk`3s
zeohjj{`|2A(4VUss)JBG2U7CqL+I;DXsQ~R7c_(b_GMjxHT>^40zvNVb@QTGG&TaG
zXlU^nr0HY{JNw-Hhr^>xN)&VUVHbv-$KB9}VP~_O&!4W2uOF}lnU2;qsWr3ng6*|4
znX~ueq*h28AB7?GdRMmkr5Sq%AU<MQIM{spmAILo$KrM+lu^i9Dk_)njFERA4Zj^Q
z%d(i?=-c}OZo;E|`n^Y?+YF8yH-4cpue#c=;|}QcW%9j!g2ZbI;1LE%n-f>h1Rp_%
zg&pPL`N*B=c<#-(39e`XUg$8b`ycXQKPjtDW0t)3?z|fp9t8gQLeR=T1M0;;ncw6R
z1TsJ7*F)u&EqkF6N|k#x!F0#BK!|ORi}px?J3d+N6@zJIWQyTvT^5|+_%<lo6AR=v
zll)DWS4vREi38|~ICxE--ggM7eq&`|R2kp0fZ!5b8&Bom!E_Df@;Kd4-G6y`tc*Vc
zDVFhr*Wz49skGuQ9r*R*UWo;bY>}DO7+93;6I&hqj~X1krYBy85x4d%8se^;BG0Rb
zItzjEUP=DOB!6vk^jA~{4HcE;okt<(9`b}092f1>%KsG6f8LDKuOw{GeDtbdewwwB
zS7o_Vx6&wgh~f@lH~1fD5jl$SaQET87s71tPz2Z1eN8EisZB0T;{r{SOAGlnF3_TU
zqm6RkJ&=3&4q+fIr2@37mD{wK>i2_nP|^U##To+Yh1kZSdAtv|X1Lyf>s7dZ2iHdY
z5UxhJSm9GgLxn#(3U>~74)^15KMwaUxOc(*4BXGay%+AiaPNbAUsxBWW0ktZUbQfm
zz(ya3s~0ZgA0fmEaNHSt8f!T8S!ul*g1+#ELIl8(OdAf&?h9Av^{Jg;8|;Kp7f!#@
z2jxEWCoH$;5I{QfPt@LIpPW_tBpdrA@JH$sO#E~`JiiLpUbvcE;?#YO3q-(enDt45
z-v18C8tbN}8SJZXAtm)f<B*h34@n1!2K($=Q9g-PHa#K1=pUZ94Q?~xngdrpT!nBg
zgsT*;AODH^CIeud0e36ht#G%%-2!(r+%et=cUZZfGQiyccOBey!}~^oQ62m@!nF~u
z*Zwr5Z(JhOdPrZ;`|y4k8aAx&0P}Pq=1IL(K&;cy9SF+v5C@3C`G8L%_5sv0YmS0?
zfXW*ox%m(9by*S*rD2EF92J5$CxV9fNci%vH;@jRUr<rQxS7haGvoP*X?QTAdio51
z8QwxE%Sa;-Yh!*9YV+7Fhy?&&1r4TWB1AH5nU*946ck=GO<Bu#B;u8PI(kjYTrS4k
zfKoH{ShG;DkDDPF!uUsp5W;%HPNQ3b`te>-3BMYUAGC;b<=x9~bCNdQ#n|<FtQ&6;
z6-^^3!bC;Hh}@TVXzV-l^sgPzm`xj^EQ*cD!A5LCuN#XD_JrfZM`!svmfH9CoN_pg
z6C(w|DV*Dq*v^YT{+LarfI88mjp_A8Ms_L$t3VH+*>0EpNT~d%+~2Y4zGUazDYpWu
z>k0vSbQ&CbS}Se_u%pSuvQSMQHq$+K_+n9s%_%?X_#!YGqP->jzjee`JH811Q1Tm+
z9fgYpYlpyvdGipD2ka96?l#B@-2kmbr6Q-<(PpZ5qnR=_q0@<*nhC(wP=hyfu;bzL
zQIsx_qNHIl&hr6`fYm)XpuD&)CxS+-=&t?&$3MX<0Oj|=Ff{Y+Q*q%4r1Gus5Xz}w
zZ7^OPqY&mn?de!&-y%UM3%_Pt3QOqP<5^--Hn=_1@G=l=-TESU(?|h>e<WXWD=sk;
zmr#ztC-F(}xJ*f+HPs`pA8J5Lhfo-|VnffMet)REIuu+TstHuBe+E-jtq*UYTlqs(
z>z(&kt-se-wf=#7p8pvM3fY^l;V}yh_#bLOqm?#iy9So1(3@xnzzX{O?ob1&dxxEM
z=u4wdOOLpd;@lf{w)^3Ox^aR~5DKmjIX_B_n*$vYcJ6g2#^uzZDJcKYEC{<{c)4+S
zl{s*~9L9w`0)Tg%#)%ROX7Z=5PEHgeefgBDlM|)$B+eebPlLmvysz73EHE|vp28es
zah~@k0<$E3z4F{2xLV><;W^r?59c@3eU6((V=-=-+%e@Rkt{Jau5VttOJnXXu&oI?
zCEh(|Fq30r1~d75%<xS1jJbR!b%6}N_p0Hw|KU|i?H3(Q<dq){UX@s^Tb<6*o1BJ5
zjcIcvkrGd%DScrvP5QyXZdB*)BXjWxil9;ANb)X=HM^n9V=r`^L~JDaEfvAkX4Ha>
zr#M<`Qd#Ru7~|Ku`6tB+J@?W!m|MZgew`G$5##u~!y@$lE0<Qp?EBxseB=5TFfe4)
z%F#@@MYs0s-t8K5^)Y{c1*EteQh3=p`I{*}Nn|lP;7>;&VY*ZVo59f<K+aMdnhl@d
zzV>VcKB(SP32ae}-!NJb>gILf!B+u2pHu=A_l;N<pL-4|NF*nz3XbT?3G?27QdgO?
zqfmq#0VI3&I&3;3uf(`qJd;b&UANSvQS@PoCMI@xl7FA$hcgFr%)d0pH)amcF@NYm
zU`hTRIac6P8}<k8vqzdBZ9OaxihGrn=}D?i-#NX64B6y!x|Oqg4#{7N0b}+)Aeewu
z>eK|g*$xtv;>`@VT|i&J!W~FC{b$H{q>}C!rh@{AG1tZXX5T|Ng~p&QVL2YimJXPR
zZ$AT&?A(p4S<nb{tg(cD){8+~aC25cyrza<qGyprs0Q(|X<ZXJFe5uUM7t$C^*Tbj
z9f%>(5td5F-+_M1I%cbSs{uXC+xU$V|BJe)0-l`C=JypjT32cr@J5N?QQmh3w+Oe)
z#5Jk|zHX<pldO3)M}tMME~LP^0O)^U9gw_35xA0P=EZs9dCTz7!5L*{NzRs8w0?I8
z!P(GmjcYK|lEDSM0M~`y_!uO~%MH-z_h(Qi*Bos~m>N(^M_n&wO1#CPt{3}phx_~_
zh^y%c-aokP|78+3JSAR<-=Z5_eo#pi@G0v>{9&rer4@iRLQ)uvz#NG$Qwj=9f!=uZ
z1Bu^(@4RW!ATPlmz6n?FRS?u!oj{{`ph51NG?WI(oJ2GTYm4tE8*+QMW6z`4`aA6V
zm%@@=Xfr>O!Ec^4AhN)G`HqaF$RcKX9i3(-0yZOm5!tzAic+GwA8StAfm@To5u~5}
zWs6xT>G_fl<Tmu&W3!0L)0g6b<%36usQML!HcMJ0m_<&q3T;LtAk+^}u`U*a&&|LS
zx8hyg7heF+D-?HHm}Xz+z9ajN?Q2il89dW-nss4ej1-4@z83ebOm{%KRfd%&XrJNH
z5sR}SVq&SyVm|^;26!^|9PVkC4-0G;JHQTMITgbzSb`O_LItg)i3HydRL}_b1M%Ca
zLIZXTm#L7IDr6a`kQpkJ3KcRws#$E`kNhEmi}r}T_JsU?0>=F${@O&9YEs2I^Ck|E
zg15t>CI@bo_zfe`YO$RkcH{E4!iZ|)8n<fGQKN^f;-i@>1Lnv`H}AoTAF9m=)f!n0
zmDym8eHszODIkAw>A@uy3Ar9zWZR$$*G^0>QwsU^k1GeNV8nGbV8py&`8fkQ#3Wvh
zNE+}1kkJWz8eFH)Xej<MWH0e1!sH~&LgF4}r8VY;M9A68oIoS=nd);85!F}(Q~fol
zbn<$Qg$1ouJuahB6RPQAUjz)yWeqvc#8caxXVA(HW><Y1(kzrFa2s>M0uz{PT0a54
zceJzffEs!oHGQUaNC$WmHzk5VI`;Ahyn=9Ttxj``rlvRh3jo@+HGQn6EB>gX{LIQb
z<eD=;&jm(6f1@d7c8dclx9(Ty#0)-`_z3|1GB;l+CEbM9qZ$P)af&X6#@U<Qeyy`F
zo+a_BB^0sDR39P~)F%YW*rMKqv$s(LZMieCs1MrHaKzM*N0g@}KHJ_c*BBE46QFEb
z`Zp<u%=2fiP-bYGa5d31*Ic2_Q0UQ}G5W>~-vB;=kJhLk-F*di<kf^J-1v*P$%~Dd
ztSvi+tux14;ME*I2_xbS91&jt3b%KMf=5}o+3|TGo7Gqx{Q;XjGQg^2a^n@lS(V>d
z)r#=1;p<pl5PcEsNI?Fl9leiUKfE<x_fo|$Ln~z%cs-f64OoZ33yGkWr{l5|!mhG<
zOH?9y8)>3iE*e@e2IGzR$#wWi43LyLdHECYZ{b&yc-^9mJ7WoqIfMO(<2<yZ&^lav
z`tgJTN)pe7_R>*|d6haC&V4mvs8Z+Gz%n&O>2*g8#%=Wh<~3IJv=}r&L-qn)CwjJI
zsceZsVqMv%x?99h@C*#fU>_^%lfRzwlkTkOIX$yHgG5nx;SIXFzy!9>vG<YDtgCMB
z$e=#qJYzp{yW`->Q+egRC<Z;#iKklD?_YhAKRY1_b+TdUUSQOi>i-u(;MF+}1P!6`
zGo3HtE0k8QmX;kATcYRn;f&v4i6N(fiQR=cQ0yu^m=)#%_mnBEarOqMprmq<LEI4^
zQI|V1C?=eS0-%jfSM@9~3Yqa+@q=FcW>T3t?g7sLLdYZfGS6vPWnxQ=-BCjzwW=p7
z=mH{JU>ztEULix6_SfQcKLc|>jFO-bWrH~K?!EpJp7^El!w1@&@dH?BIu40%zE2Jl
z1E17C9PcD~+Y-n&h6#+_D)s>e4A6-2RXJ$pw+)nlnO4aiC*>NmCgd^((<QzOMx4fJ
zl<zeQ%OoB_-^ngxePr2V2DzgT(!|HTstJsK)esm}^+!P$Ol@;n5fX_YPD6>KwiIBA
zlO^b>jeJuiOwUB`V9|<l5=&sCADVSZqyIW?c%yF}H_+%?0AIpv9EpB9^ysc;KQ`>k
zGYS;E>O{FhF+aErEEddCVIh34N@dM2K_%kX4RTsF2FH1Y)5_qsal?6)H!bQsk3Tk)
zCkq_3M{*}CkMHwZ3F$clWH5?<g*sybo?#H*1q@m46qs}$T9TRi`@_yIw-0$*{*ZEh
zMEoT{ux822pDm%K>@sb@Jr8O_{uydR0n#Nzn_Q=~JI4PBSO`LNJTC{i2xL+Co~5cB
zII$Pg`09R!6ju?+Yy#tb55X&t@rBBJ3Vxl~8>3A2;etj1;}$~nZoh#yU4?`pJp3_J
zF+}W&r;(nV7IJUZIRZAr%99m}fg(W5gobh~y<sQB?^EK9E8`V0Qbt8u40^qJ?C>3<
zJLvFGi+?;YUoSKRR|JUia7csX82OD+H=5R7^x2pppXJ?%-vy4aQQP1iGT^uJysgA_
zT<OC*k5?$$25CzBFl-rjLZC0OR%7<9fIof{(v&FoFO|H$Nf{8bt6UJ?ErmGN`rcBw
zIog&zVj9~1o|UKMc@ZqAvLZ0ihflmtEeh5r!ad_K)E*&e5)Q(uY&`mrU!SQ8<be9m
zyRjD=@RQJuXW-uCG{1=KAuK0Ca6#h6O_*yB9yr&VxbY2qIVPz*azi38UVh-H4p@nm
zqhQc5l!|<t*c(6QtB3kFuf}${5MlV%<9j2u6W^1gZ3->cW+9jrqDnx`-kA)!(+YM0
zHQZeo9WX$|%NP;k$7Y~_Pw)#g7^kU&5znTk0827}j;iK*^%dB5Y(ker_)p@0t;Bz)
z8UHuZb0htq&d2{#<@kRX{(a8(1T$YxnAr9b4sqb2Pve1mMV9+^UYIWmYooE>UL%Bx
zEG!!3=4pvFP`wh>-Heg#sQXg1AE`U54c=PyM}sDi$6N+4yM?^o&h)w^K0-^_D|WB4
zKC}f*g!~>e$sHFE_oX5k0c2(+`Z=!B0e^w}*GZ#XbVUY~p#ZFc#Gh0~PyknpiWrh=
zLP5YH@!xBZYMobwy@qOX6)_y5ev8kI0|HIri4P6ceCpTm@skw}6p51#2T3YSVPvdG
zA`#ZTk(V2&U_y5R(8m(g|J+IBRP6h250&*%5~h2D6~Xc(2d>X6GXzJwISTklo-;WC
zRKyi|HHM(2JE{$s-26s0DkzR{ehQ^>+_HDY>rn{ULD?ndydm*#sE}B4)Qq7~W6;2m
zgT>GJDL<G+N`-uF1|bZiZ#A~;@hqgV0Occ;&?De7WjV8+99+&e{hQ^iK1)S^^G*`_
z)9~H>N%@G}+aFBl51J6cjv$IJMtGvy;LzU<>;K9O?lBGE3rxZPnLfbfu^o!UDtcDW
zjA5h~Oq&ZeI=Q1@ILb*k4M#culb&3kAYB0rL%-R#5u3STI>bJ3f)p%TGl8Upg)Wg-
zV@&cGxDh&($B+gxiaR8p_HB}*=)R8Tc+jFQtcfy1$k_pl#3SVYDr2}rtb_k>I!VNi
zO8km%RhrPC%t{|W1(Rllq7$wVgqbDwBYEXUsLoC4!>PfxQ3KUkgfi$@;8Q8&<WO|j
zX+~*-G3@Mcw>giZ)mxkM`0e=78&oB8V$o67wK^4Q(`b!Tx)Sa{&V3p3d^=+U`W@a9
zscAH7jMVQB{Iuy|O?@}82R+DdHsOxh+?K$E`bc0@Q;PC3vOW?#U9r3pdR7T)4R(fW
z6HPzV)*lUIVUTw2w&1%>w~6qTwW%s0M<F2aMf}gu!^<n1S~@@YFF^<|NK~NGNE`kq
z<<%uX@HZR@rrIN&$mq!Db>5Z1@Z)_AiANt~i%<&RWLC~afvOhI_4EZ7HMuXqbN*b<
zh2YIi?tXZ_X0E3{cvX`-0ng^So<uNBcJ=`p?pxUsztyz40G)p&;x2gVho}B{K0IB3
zrwj2L;HeLufN4@ni<_DdD3-aSgXV(U63)K7^1hYFf!P7@nKlci%_Fj-@$azq9^4#H
zjB}&(1Zc}eeSSeN)J13b>Ym*wtlf9j;ve;U+<aCSI=wN#BCHQ-LLS}DSXuaf+xoS~
zw+VxSb>~As99Dag6Aslxf|L1GFsS_FD`<d*a`@lVlzsKqP88ztE5@UQJL0BkMBDGm
zNPc>xy8Rw0@#jCctmkZ1$Tbo-(bZa(Hv<>4)hD=OQ@tg81I%QHUib(J^fy9fn}P<%
zI32tNO2W=<@JVSM?pP-R)8$@m@QNzAra}mek!$W30>(Cd2Vj2GosFC2Y4|JvVjhJL
zz)QXXg+N&^Vb;vK=_Smx>IIDS3qJF7^o)fH$$acdwAb<BE>W?Y-}@ufc~~10{$Gbs
z^9o#10DwbF#l3%g6xFo=zCR|LNwUc-kU)R{QG%k;77ek)O>hI*Bq|FV)@+EHz<UpA
zT(Ba{@S_s4aW*uQVU@PFg_gGRz&@<JN?VHf3w8<S2cRTiF$%R&soXeJV~xo|mdy8@
zJG1#=f4qMG`F{D3otgXd+;i_e_ndprJ!cq&?;;9mT41?hN=X*U%b?R_*V^SdZ&j00
zRKI+aZ*T5-L05Te2zli%T7b?A|3#|H&<qVLm#&dg<kA{xF(aqglS|J+1INqBD?5SX
zDqSnYlls-TNd*GDJ+7t$A}7MaG7`@c_ev~>fzW=(T9c3}maa8H6-FgdW}##UgOM$G
z1BXuRbdMLOsEd%*C|FmqN3qN7AFO{sb`kLvyu)PNni_NxH%N8l=;L^ng=QR;WVybL
zYFjbO#BNkn=H&X*T0nZw|Dc`d+CBpxkIFAA)?SyJd#D2?ClQZmW!@oGvEf>l#iC&x
z&!V=^$>hhiO?7^JlauwC8lBO`s_QMzAw#8-MqW!mN{AO=bJ`oLqAkwrhC(P2IES@N
zusq^3FD(nYqGeunEd`iJ-=WJsZah4W#4KVIEZkvdL`mWfyRPPhnjVQHg>^7pz2bkY
zy-s%s3L+O_fC#u*#RN-_iB~6Y94Ce{n<;T*$(uuTF~cb(gVYl-db|}}18$_q(^kS5
zJcfru6_EIxTR%iYWe6k~KSR4z(tI^-g<m^$FbGLB6`qMIAIQZvc`L{xz<4l{(*`{V
z0(Jdm<Vc27(Hc#>rT&b;k6jVni_EJGsXM|SvF1*nQA!Iz$X?3JCb!{l!Rzo#w$Wp>
zN-nS-7l9wR@k>Y~?GW6v0)uYHvxKyVp_0A(kxe}Ggu$@a3Uh(5-@?ST@ub)VGw3w=
za4mjs$s~__hrUb#M(t!DWnQ2`aV+HN!A>Sz9;9yvGSMpJ<`rN#_cUIVQ<L#MuK@W~
zA&%HU<jkwJ2~Uy_=0UFRMeuV6z@_+bDp!){A)qGJL=94w<{=wsAE<<u;5728x&Biy
zjdNdzP9xkRWIj7!G)}7Ul6UZ{QcYWilwmOg6H-a{l5rp6UjAdKe-|+e@fF$`U{1(^
z`$NaA24Fvq;JO?I=2pHc{|)8@L?XM~FIe-^Xe$D5BJGFez}^e&+K@^3#-8oZP??CW
z@Osn^NR7wfT;Rtz7Q7zvHX1d;Lvt=5>Os;I^we1#G72z6h0F?A{Dddy(D9I8K>Apb
z77T$#^<!0L;U>(yRntT?-=I~*kNdm&_2nKnex{)&5-TUT%Sg!s^u$_zgy``(A+ih_
zinnlCBlN}9wVF^E^T<H{io+ey61(PSAK)!{uo7>aPO>dysQw#qF{+P-oKV$wN{hv?
zt_zoG`x(9?Z*%IFQy#g}X8-e++2UYQ-AuWVwYP4`5F?Z7Cdq~9PXZ{oy)H>cgL-lB
zx^+5fi5pYNvf)a~amJNd#cRg$E&nAqhr3Pken*?pmc1W!>Fl4@E|3dTsb-wqQU4JT
zZ9m%E+#GkGcrv;`Nb#-QRW)$E;Vhl!sk`1lB|G{(NgOl^<HgO^X?0e)FkOSh0+8g7
zh2(7}2FXe2(bXaI>I-IBX?k|v4(N%-iA~Rbb3eS4G<un0bVvV5izO3;KKPXjt-E}Q
z%jG{04E}yjvHZDjrK!2mVmepcII*SJ2+{1Wf$PAcj1IjU(DRQ%jap#U-<6RH5%TA#
zXcU?Nufwqz11oKCu~9z0Ye0o?W1;C><G7YWV`59836-uMS`N}k#jy;W`p)}sy1~$!
zDsIg;2;)I4n?g?HYD8Kp&IkT|Yd-Rfz9|*tJ<Vnv$|z_M9*Ut$Oe*dq>C8ezs_g@A
z6<CJP%ww?WH^;EK2JiFuvgj^^mwbS?7ptsPJ%PVfUI>FkPO2Nfg|VMmZzV5ig-COh
zo5V=`mf3Y|{Z;jG#}7A5Cr^(pKXbVJBoi8`OV*VIFUO5xNv<1pWx+l-F<8b#ePkTb
zBb+=os@147GFH62eMX+T<vRe$puf*-*sv0{3$wdWKXB?vuT*tKa`lp2fX3bmG_0Z4
zh{s(KF0c+42U3u%Q)%2;m7RUNZqbwtCzpfhtD0iDN+7ni7!6n&dh$>_^pcN;BX8A;
zM176VtQwraEcO8$=CG#b>SSfhF1aiFJ>c}Fc1q>FdRa;;4TqHSNq~9kNq|-EtnlS8
z^^hMWWBHP$)+&bb#pV;J+$sTS%2$P64{5bh)lpzAPVTBOcTG6y%P;d_ORKeP#Y}DT
zsC>mtEaTI9Ms_%3x|VU4o{`0j>0&d{GO`uEbegdoGTPsj+v@V^Sh!0rP7fBb@w<HS
z4-E_&7o+qJ*}ds?lf}>sb#W?iaIM7|YbfGuN!0nRad8H)XUnTKEzG_1V8A#33r!O5
z|L3Y9A9kxMylQ$OXo1k_2dso*iXm%J9fY1=j#UwXg#pj4fqx=Lfm^Js!Axq}8b95<
zt3fs*hz&xf^!FE`t#9s!uXdcRYA#}dv=(XO#$2U#Ln)iEl&YR?oo&r&w=-{%H<2?f
z6tCXC<%?kHU&X8AHd=kj%bI28tt$}K99M)c;8H5>ZBs)t!(xbSCJ`rPIxI)rt&o5Q
z{UsLkfEI*1J(qQZMP(98f++UOy(9!rX^u`%Y@-MYl9Ihx)5uiM)lM>Cs#}m}h*6Sf
z|BS04r6jHVDOe93KuchxNzT4udQz#C1oR|~^dzxvuSQQc{>)QR<Inlf2utY21XMv5
z!^OdRR3+I()w2f%gPT>~N+fVD7X1kCT0Wrq)S4dx%1~1}vP=BPY(5^2n1V&-&v(g@
zVBxFs`@2An_!F=r*{xI0`3$e2Sqr=obrOQ)+Fo;HTzMa!vDLY@Fb(SZ5-6s=6`>Hz
z`v8Rc59y-jWH-m%E4D`qg=ARMfVRUL2Be6kOW&?nD0CQBXdc9T%AF7w%N)y@_%CzD
z1FvAD+&hb$h|nh$r&f@6SU@h!$c$Yz{@)C#0QY!+TL(I7c$IBK=I&KojOF5toc6-J
z1waJkuEM;GrY+ZKWABv~+p?J^p8-8KIjtVx<JCFjNh~-Xgy_m$16Ok{cxr4Zcv{d`
z0kfG@>$S4GYI?s=vDV!%Nj$V#Bq@Cr#LiL)Xmuz*J0ewQO7lle^4RXoTA1RacV~>+
zsTti6mXjZDjco*v&XfPOJa0uu=UMR&^RQpbvujMAWy5)nV3o~BR?y#N^q1hT@3xvQ
zWJVuP)6O2+q^ftMs!LMUMX9Pws_OQ|ldMEdkBgkdIfC0Rm)v9%&Kr9(pR658+@$%v
zrFSL18X6Oo6pQL|la#T!sP&r@sbrxKIn~qBv@1Xx(8+H>6ag>jh2NSEU~<TFkD_K}
zuOytXf5~r|H=W<Krx(&fQ8(ZoV+}H$$ot-lmV5P>csJShN2t$Bn!ar?INaoRRGF#V
zt3`8xX}BPI$zu>%>2RyL7*6_E>8FZZfHB4nTuL=Kd;Vq^DLvUuW@G8nGz_S5yo2W$
zxJ7^pImf98StuoAgZ5w?3>M&-SLIFHhC2!=a@w;PcsAdBTnm05gQx5vTH)g)*Tw9(
zXJh%g6pPj&NP<1Sdt_&~I;Wzh2;yP3oR$lCs8@X#W#qi74j~cZWkch#dz5(XEqzqJ
zwG2>=oqA51$A)>5Fr|aROsxKz-s*gZ&dS<Lq#ebJd2;PV@_YTQi@ZeNV!M9-iF!Fz
z?{Ezt<B^it>vPDp-Rif<uUF~H5V1}ljA)lcTg?9Xw+n2mvkfaL_L9eO1NzYrPDa2<
zlO;c!XY=Q5Nz2cx8&|A+o^wGKPQY+{1CR5X{qye@=0T>rF%uxk2x3Saq>L|yjB{$g
z!uWKEpMvpUkIbuT<IMwAm$;)A$$1g*J(B{gZe+;dBQbDOHE<Vc;3{!)37|w4E|E8)
zxKxm*#%o%p;uR|jYGSR`sA*Ejy>ctpa1|OgOCy1$Vp|mCyFS4xw*nmm_5o<#jNtbu
z71XJF!&yFAZb2F2;5;B`N|OG;wBdG?HTXTc6a<&6$7p(33YHi9;!$Oz8Mth@JOUMG
zcgXJtOVr_&Kz{epvv_63++uDH228Vdt14D5J5yJO;<JyNo$2=S^g2tBw_H_B=3cQj
zHI8fW)4lUP!x&(v{T;AL$cy@s_9_YV6{)ekcWaUOS-f)3=!TCeXzJe;lpxRj18s3U
zykKk1LdNR$e6uT){$@SePPL|8vvEUTNR@K?kTfJmh6#kS8aZYu*MOKx#uCW?T+<FZ
zI9=C*e6L?yv7OOJLs*<K4%2NOUr(Qghi{5glQF+C`3QdG(cmrCTj*1bqeWAiL{&U+
zXT}Sa=JdN!`#VmrO~3OqRjVsch|)coJCV<>NcH4gSZGf}cm=CH4U6IeNKW!{uTXja
z2y%6Kxn212a@;5Mk=zXrH+){wpC92<NQ1YF@aDy!4=`w{N3q7<z22o>ct?8TAyqI%
z;o}Edaodr)p2&h~0(yZv^ykyG;7Rb-7%R95gVc?w9wjCA<@Lfh7LGK`OAK^L%Tm5U
z+wEEE@%T)YK4uxY9M#t(UmO<T#o)wcq=PO^rE)U%;2y-Oy-lvjsGVr<+;XG6qi(vr
zbL(__N9`23`5{<M?HybC?VWXhvv+J|?VYtuPDmkg2@7-GT!L$_IbQ2ad#8{L3}YOQ
z2=3=$B?&*U-?-gjIjkJ=u{9A~;esjjv?sR@fERA{S;!(Yu4_V64@x4vFxAyK{D=`X
z3tduE@bJh&icI?9QTje8Zhi{7)Fts|{hU;;Wy#0dCd}8*ik9gGm}vp0E4-c@Rnxhv
zO)WvKwSlgI_r)$WXO=2yN^BXixb%^@47Aa&tHGfI$<$#rIGe5p*F|F<(3IplmCpC5
z8r%h;5B2y4R%T^THMsO)HMmq=4bG;k!7UNub!EJVs+SKd;dv@3xV9Kb))A1<aF|uo
z&a0h(6^}%v<28AJcIp_VJxyirc+S}+n-?n{3h;>D-dKR!P;c-1RCRGgX)lE;?XlU=
z`l)~ocv|6UTe3L@_;S?b!z*aVA~@Rfzv5ve7=`IU=Bu?hi|5rm#{si9M{G?emkRa0
zU~92Bl(pq7-J)w2vuH{KjJGd5^0ZBOrR^w&RLJwuo|m|lF@jvKo~s}?zXc=uCg}eb
zwti?wJCKZvH05%72%mr{1+!Z{HxmCz^+V0tEmd{yo0wEnS*D68^Ke*QPQugH5~=o5
z&V{^bsE;b7lU+7?hwg7Fu{(6i2e?HHLP~Hh1vYOw&&aLHcYNujG>hIru@4FyQT`UY
zIRT9+^Cgl>gT~6`O&4yXh^Qccc4)klFsXu6oQ7h_ABJ<G@^F$gUx}|E`KL#n%EtzF
zT@nuLL~^UDtMov-yg{vD;(UWJ!A-KXGiQ($#}VaEsKIfUruU8J{2i#&Y#6Oh+z{IP
zENZ(OsZxeGs}y1k;;bF0!?1TZ)l`s@QPH_I?m75HGY$^mb1{AoW?bE#YHm};!;oUK
z-PZbRXytlcf*4A*hu3|Y6N)K4f(TWJLY}ok9?ITq6<ea=&pG+bqwNgJ&)bbf=()qy
zE2rGsA2v#^DA#ZfH;sZBcgPc@@;=!cm0-m!@9RHql&Y)(AHK%iCtkZ}gV}e_gYx~1
z{eD(hAYRLS4Noc7PnJ)fQ-X_3%)q%D9zIeulpxFm0B)G9WCZW)9*)_41P{O<(t?qd
zj9g`vJ*@l?BfFwzSD*ACBbQrc_+83M9u{Civx%c>t%`^r12BDD!!u}NONc;7c#!ek
zBMH{~tL-0bFv%a7T@fvp{X7%^A?NMy^VN9H_XJ~qf)(uIVCGQ@^CbDyxz7g9-@pUB
zi_DC00|Ir2G9`F_Hw{0eL5ooo-X|DZ3X5Kj7HjW}d@n04W&z2HS*~I!Pr=&X=K|E<
zhpRVe?UXAaH7iv!5~N-XzbyRP7qh~OCO}G~iyI0978~Jx{VabiXAn~4lN6`t6sR;|
zGJU7mEjm(^kgnW96WIW*qf%8e@ck<N{xle%a3|P+6Ob%Y(VVF4>{VH=0S)i&!NG<?
z1giSU$@@@OA$JQ5${GXAk?@C{xzzd^o{D(N)bm<A&7zl`;AZKk?67H(;=V?#%n%D5
zDqX0(mfHNA7aD{FaRoC(L&Qz2Dm;Q3=xeR&c^agywT->frVnzAgFz1R1AJw-1s9FG
zQWh*tEpwAuRaAfm;YFoM?QxiP10z1hrqa1V=MSXVi{VlMf=I>IJvfuRaxP}VO^;q-
zt{4KrBNb#K%vUj5FW%lN;7Ytn)aIX-i_Y2A{i$Y}zUD+Bst}Ey*0|4R<6C`9jUf|l
z#KWwtP}BT+j8zz~ZWyVC9#;KKT+FJ{d}%AA#$gq5u}x%Ev_MALuQED?S&vtK0${$N
zn9ZSu4WZhra`U4hI)?*ua1O)hcSatR9IWJE#1MO*(C1_1!5Y+94qxWXo2@n2pE@W&
z16kBLMdO~qpBUBxYjI5~k8WHjpUgfJ?y&|-Y=vTJL=_va;1Uwt5rv0jgXiZ!Fdfle
z{B$#|egZG}5r_5ME1Z(cVVFhYBIqn;iB&3Pq(U}$pB1fW7Bb?>UldV_|N1X*v@{hj
zY-$?{2SU(Mjf)ow=7dcQ9bhmaKOH!GgPWzA<L$cSp;0nGg8<7@tyO+Ey9}t=r0}Pl
zeDZ75tWRDN6+h{{*Zu`wl$B>lE*q=_+|zi>(cf(38k{I9yl4NCd&X|0M}Og~%)R2(
zdn8w6gT;4GB|PQjjD0yPEEKQmv~3E`u}E-{krKBZNZfAHh}#S?+&wyS_l~d8w<Rq4
z5ylrru4ARmtn9L7zio6yadU@z`gtmOMuC)sRc48(-V<DOM-)lja=EH6m@z0-*?>4=
z{wkYP$x8P#NKNi%;n!Zt3KdO@;(>xp01Bc41&L?YXZUL;AO$%ynt}w2b`;5HluR0D
z3oiK@;RsNmAviY2ZAgS&(O}V?QHhln8KXek%B{g-qqHC@72O%>L0>t*^`p-qF8EEv
zW0mz5D0#6_x<49xI424{6&_+1i$nLo$^l{6r0RZW)ToJGvJlmyX#^n0z62MOq2a~k
zZ6J5NC5G>mk;P;&T}&+h5ZSPp0KPX;Lc5WLQjyjQAZtaXVR*C(U42387xHFArSv4l
z@BQ%0>Z=-{)uI#TAwa8zqLmWnw~tX2eU6yRqiB5_(Msv@;_gwAn}^Z5cobTlHpwg%
zrAPH+QvG0O51slhVER+daY$Rl@FelWURau8Y<ggDW_l}Xlf<{xbDxQ>h^i#Rpc7B3
zIsNB8#RWQ<QoQ$+ak7Vz?K8_GGl!Di6%xhfRC||H#jYdvE}>4Ih6VqlH1BC?-V+{D
ztm2cbfrdhuy=z@B<h(=AnJ^ru<>-YRY2;Ve(ELxs1qh*XAnNgXh+`19oA0+tMtPx4
zoTu`Ck)}}~7usZ-cufU*!>7vIDSqTFJBnty5S}x_EmXwN&{kR`=f&VmQJqow`*>a;
zh8g8DQkuV?_ltHE<)|~?7RKuZL!rLR<v=srOB&jNW<rt&t}=3BHgG&&#0IA;vK7aJ
zeSixXaTwpn*zaS7hha9+fmnN!d<LgUG`M9Rj5w+4%FKrwizN6P;)EPDN>at%kfhuO
zb4N?Ioi2u2>Ki5xagakuf<%z?hWi<vMTkH>to&U@+RQ+O@^_IeZ~<y&d3apj$4Zc(
z3=>FYtPWSTHZGHf$7StIe{GUMNTLG|=FH~__EAGLny{s@2-yWlk~}gz6P`qFEBJb&
zK0GNebndf+Zvh!=Xy=opL}}4Dobo^kg<f+f&T0s{6DD;Z>J<k!8>RWe6#Fz>VFBH)
zsGV{GLcGq&LWsl$7cg{)*El{k*jB2!2F;nG4b7AW;V-+}<E@|vLw7i%Id8h9M~DjS
zoHMGk->{?woxLmZj)9>W7^#&~GQL(Whf?LgRF(a`J+4$VQk04I-`Jd72fZC?5hFt_
zMOhOJt!OV8oBO1VPX_kOd?v>_k6b^F27Ik@F{^$5^*BA5nceSTR&fn8a6qiKir0tG
z@_rDFM;GY^q&-o-I#~3WL0+^i6%g|9Hk*w0zf$>$^1Fn&6$LJ=*0`mpZV}3`0ESG2
zxBOcG6h4cBH42OkUjt*621a_!GBg5@ZC6^*9bkRlf31J4Tewv$*iMzJZ>Yg1d79pa
zWT@4s2eM}Sj7!xtj6l13=!WkXw`k5R^J=X8gc=P!f0WzEb9y-St6ggSI&ANUHQ2lq
zw!6tm{D$@C-JZGViseb`kal%lFY(l?RCKx@;(F5HjdC#~yGW7{A$;eUjij?5>l^10
zH`y^Z>SZkoR!UQ~kOcE4Ze1Ku&h}=Xd0BgNPACtJz8JV?LzLBVt7(mzY(?csGsr=t
zmg*~+_u^$!A*%*06_7Q5(`2=@7$+7$y_Q+{Zct7_`OW1ye~lRicmQN$<kZlu@9jvY
zx84CfB&E?UHp*6&s~e(f8Zyx8UF9*uEn-V*iM;^RZ+X93<1dHfmOnJQV(E5#uWHuZ
z2ct+2ylKYuoghZ@mJ(5&wB-x<;lzzF7|VTTvJ0;+M2wYO;11;c%%rhGGYFF`7Noyp
zv>CYo4)prLDD@|F4>~Ja`y-?6wNz-k=MDFHw8cHJICgVZ$F%Dsis>3W3^@8Ir1AO;
zEpd;%3n)?3p4GU<n`)LpIW>dS$I%~#OBmjLOwh{k64Me8SH(zv<%W4)@)aih%x-S+
znO|A?9^`-EN666wC%<tCJ?%$_x;gzC7%d-ayU?bb{u(!=^OTc$-miiB-&z`V?)Ba6
zG{wZPr|@ejYHXQCL(S|TVS^udK)djf<Lgt?cA%U=?4R+o#Oo@b=|ew-sqUawpn4Zs
zfS2Fh*qdqFan}L}P9+REGTp18o==01ab6AWGjy~I6REFXG8e|bwtI1_rr<`;#Ifbg
zYA!y=?{3l#g*olo2fi{m>SA&`E7jsW!F$2A$SsC@;$uFtS8<P9;BT=Fe!Q9RQ$1%D
zR~HX|OCYGO0)pz6L(t=^9PslUH~ef^0Y6*ULd3TrtnP6LtJ?@+b#-flhmjQv9>d>z
zg}pM=37qI(sx&Y%P{l+*(_hF|HKWFZlg&AqeNz08!^bW;l5;Klns}MRhujIv^nJi<
z$#07v)=4g6|AL>8{RLjrzFGG-?S#e<SYI{*D+}DD`CN9VRDQ+Wl@07fFIv{B?S%wi
z?n7-{kNu30JMf+uwn?r_F-%;7I2UV%0LWc_37DyD=Oy>jGO}p624%`H+T_k~kLk<j
zWq{XA3zeZI*u*|;qBzTs#FKQxz}V~8?uJm+EHBv#M9591Xr!o;f0CphgW^M(ATgp$
z$Pt!)JK%dc^qU%Y@SM@6-3S#Hdn$tY4QrsA#d{2|AypDGJ>+NOXpc+r!h~RPs?Q`9
zvyx?*RGcmqGfJ|2kF=Eq8L&ECs%GjJTTPG}3Vz6;T~H9WWHAQ*W_p!^US_cIlf7im
z+p1c>%BrI4m{sWp@g{?~ipBd6{e@NsZxJ`Mu+FIWGMkd*ag8PwjXNk-?q~?+-3`gq
zUIe{uU};t@+9kDKWdb0r$;qlND|s0aI$woyYORL4%hgrQ{Uufh$X~tkd;DCn4j932
z;9jQDqTJqOR?++08S)flS_rv>38eDRkbmB-FdEJryoWrBrJ*;(x^uWM7(9^04xwhq
zCetX*5Oj|zHyEf9;-4dD=gsM_kl#R?#p)l>baK$OTXJ?tweLv6AxR*T5R!y$NjM=1
z2PNTk(sxc(^MnrJc5?9pZC_r$)kYrsfRY1$?S869yASnfQ2_2>aVMdp-+^{J_EEK2
z@eD2(Y9)V{Ds&KmehpRfv+?WO@C8q_yfK%WnIPpDubJJjR95EnkFwvvH3%wAPUeg$
z^2RYmrv6=#rhi(bpKHLYrS=cFz!Z2kO~`2voRx&rlF%gy2O7&SbAiv}4Tgnc?P-Hl
zb%fjgA$&C*zb!L=*~W3)(c|1<e<P4Wv73WZ8CYdP+|fXIKLq*W!x5&^9+sTjx$iw0
zPaV#!7&O>KSGOt&jTFBjifBOk>phi_0?HFfCO=;!X8v}Ou>6eDQhq#qaSeCJ;~j6p
z_S~VpFg>%i7h}&1c&T?0BsV=1v_Ml&BE0yo-6~{?tqgRoTo<(uNwpy^_=QEwKTs9w
z`HKa+DzrM3$Q?ZyEMhw(XQ-zG0$~XBv{|$grj03~n+v`~OXya6enqo)kIvrR^L?7_
zUcT6Wt%jfHzqW=?^IzM@HEgy}C=D<=dLF|x_BDcSA%@s+tN2LIG7T_W&l2q=vj@E%
zG@0}75+?bdG|m;qEu_i)TJl>UGCzk#-ASW>&#eRY7NSxxY9$x2;PX)~Fcb&R$GJd1
zJ_RoD89q00flu(cj0=1ahb`V7bnbR@hmX5)*w4`{2{kz{SMrl(S4U7dO|F9U)nr~6
z2;n#g9FIe>f<|;hM9;1`t^Xn`xo1#WjteN%eUgWJ=0!9Y{Gdn*c^mYn1OC|3Qm$bM
z16Vko+3IXW4jP6UG}@6TbO)=h(7U*JXz$#~1yOyk)!B`wNmLG8HQ*$3SV7RSsjSfh
z;`IR8)h%9Cg}7JnN(*!zM%!4e3#HnNT;LF%dkqQfo(E3i@$g02d9l^`I@Q)gwM3Bs
zPV%540JJJQ%mr3LK?v|KFmhCR{LS3UB~f>cftm<H1A|>|^1GP%0)Aqv^B`5*OKvKO
zHaf3RZ8Dk?>g*{)`=9YpoV^8$`Ua{dzRll^g&SDz7>J%1`Ek3lk9S65uw|IBn_llh
zj%$xw1KmxoIH9L{3<z3eE%(eeih7=+{t<4wV#1eib5B1<6{;WQfk1zUpCLvb=NitS
z`6Vau16+77jK3H0hc<Q`^0%}xPr`?Awc-MQG}EM+e8MW(d3u#(QR3h!S@ah6NM<@@
z9Z*yv6*tMMhIUR`s9hwlV8m9oXEmD1Oz~g)won4SNf9$Y&)L1z46~-bwi^Yqt+&fU
zcYRA0)wO&h5m&dS^2?Qy^8lX+jg^F*au*s+pow$(5q+%W^vfkt$r-@ms|t-U22~*7
zweP^k&Y;upajUt{odO#8gK1RxT&^YJiH!QoNG|v(Fx-SR%;`~c4`8Y_TB^!Qf9>UO
z3zK1(#G?0Ov}-upe!Gx_2m@Fb!btV>tV3@h&TeXL*>y;{K_u(B04g%U&<T8u=tnyC
zARWwy&=R$ddmCk_+aW=d^AJ<k;%uAK=xlFwo<Ik+J->x;yoYY%8h(dmv@-qSOg^nY
z?7&fD;f|F=6$XdlF2x3cfC}Ec3mDzA5Dnjay8V1z>J}Je>r)20#IuHh_jRD@K-(d|
zFGmDZ&IPn8Q=1U$mvQ1FWI(?UuXT{zn$#>X;v**v!9OTe_qAJfbvK0SEEof#r?YF<
zQn#mq{1yEWhUbV^^Q5YsazuWAtJ&;2)R?kZIUQ`koY^hKv}%*&gcar@zX*+o$#47f
z=J188>!R$s*kYXHQ0}~U6@*wE4*T0eU$*mNXGEDn=d62p&MNWuqVK^tO!5^Zfda+a
zg9ff)P`k>q-@(sX^@733TL7oGE93WTZ`lgF-^3@u8<3t8R7IyMlwH-8U3CI_#43z~
zr8DR}?eS%jyQx<_t16t3YcVY7Y9seS7^Gu?U55uFa1|ck9Ec;yT4J&Gb*Q|HFKY;G
zb;$xHVJ}-$*G{+35^T7F+Q32Qj$(H)X<QU@UOOYtxr3jg3OlflAf_Q7qaH-<PD7;-
zRwjt9(<(4@u8VH0s0~d3;Cj4;Lck*gnHVAW>ku3;@X4xhfV}w<1Uz!UP$^d(X)*^w
zjn2!^Rj%!F?K@2!J+mWtMt@$_EuQM~R?kdm#~7vtX1W~gqi)S}-g<~+{ti`AaXX&c
zF}(FFgYElY8f*vPZxH@+`wX@M_~YSk4a5N#s4462^}mlQCR^|~Z4>@Z<MB6lE&dj)
zf!|fz({|EF@^<=|Rzn|gE9qm_3i`PHVR-C*CT_?3cphWe8=y~SZ{z!@WXtY-7QY+1
z(O!03$9s6M%xKtyk$VI0;mPMF_)TC8q1L!9?`gNrC;(ePq`$K$HFQCiJw^2OBD`t}
zynEZwMyipd;z2K7_(omc8s^6+XQMK&Sbzx(0t;z+(R^JEmOVzBSJz+OeGy7~4uAIH
z&;E<LIW9SQ?r9K=^V|$?lfPKqZ#DC1kIQOrS*NUSx0)AavDNnQ`Z!Er0&zmk#r&i>
zo$6C$)-1z=@6WEFX+L_+xC{3J2b1a+@o93i&s3Qm=5K^Q7XDUdhlL_yn}Rn{Az_0m
zP%|O_fzmmGw+DZe73#)^<#PmY9pRl<R<<Y)%FQC-_<WIA`0P?XgPb|{wP8c5&uKFD
zZ;m2(d+<k@cof^a2Y-~rquAm-_|xjVWTbpCdbR@MQkfG1`eW3N4uRqb@gN9GVPL$S
zmrxH8^{gR{<cx}gET0IC<Kx6ZMwluuSs}UJkxEuTxZseNtdv|GttBhB)0>|x$P&r3
z0kyD_%E`CEi=2j^=977@i?zViTm<aO6%R{A<5(4_$p!Ll1jiCPrccvLnW1i6=~2tO
zE0xK(;ab~8Z}hM}19{@lcyLeS#sW4@cE+HxfG8l9tjr0K9g3=I%1_kJ-Q&%;7m0fC
z`=6>5CXw2+h*8uHpjXnNTW$v=0S!wg|4E~6r1rHvITwJAP26t-p^ghs2OEo7v3p2L
zK_%T{E86~OGp%~TisnD?Y`7{a+(!QQpe}0iR<h?{Ow3G1b86CYZQCl|OMY`N3@MZa
zS!0EM&|J*Q^Mj>EDMenKo*lW@J}50_woa=+laS;))E_jOJW^a@TPD<pw~RN-E-SEK
z{8aJk5I<24Yhni;oX43NYBFY6_+T=5kXk*SGBUN)V3>KF`l(U*Sx{?}i*00;i8*RX
z1<Yw$ojNO4U0!XJPtdW1`j*=5#O0{=<a?lI6V8VZdbIfvrCdSUbN*qiB;RabX0@06
z619mcQQH)kxxLh|OfFt84>lTrlT~hMaWDpvRa+c!iP9#v#gS!bam-3=aom(BLUWQa
zLwy*N+QaM4t;(x?n+sg0>rMw2ippv7yx=k>$k-+4r6b6f+9O*`awMm}SXqidkPMTi
zJHoqy);~}Hj3T|^o*CRhVYq1&4B`sb;9rsD9}UE~`r{OU<Lk~B=M`YiEx%GMGJO*t
z={7W|TOUKa5iItH7yF~E$qb|C{{5_wRHmlw*6f7j1Jfn9pvgdLZO5$1jMU(SWNAWA
z3sl)9SZsBZ&!@$7h1<~zNiocv?uDWgjZ}1R`C-ll`AaMzmlj~b&P>8>UyFY+<5$+T
z6f^Y=7lb%p|1u>}ZZ5@}NMh(Kx4v~25ml96*r4+FR1Cv5SDH^d7jGJ3DGnt8uLUyj
z%8o!)sYAto3m{SwF<q-=i0&H<nz`-YMwyv*u9~*fk9#u8INTW<xn>6giS%BE`RT1V
zN?}J`r8|P(qunqCHzxSRV2KqVMTI74S?laLiu%a9kJP(J)&7_!6H`BgyFOcv(o0%7
z{nTj2gnei@wLz^EZqAE42n2A$46mBD4=;smqdIt6pc$Y5l*zq9J9U|h`RS$BRB8e0
z{uf5ful}3mgon$CS(76F^BWzOO5ygrqAVN#Zx(fQbWy3pK&?MG0u+{)`tO$a3M~(f
zEZ}tg<|i;+(RL54qF=s`df`=3pLscm+x7yqkx^SA4}?E4QIi$smb`SnNVk!}xk>+T
zb^8}))p<!&Q@7044P{s~qn6lXx~&Tf`TegTv1a`<!&0LB;_EtD%3oj*01!WZZ`jBi
z2trZ1^=A$D#INE$4=Jqf?Q(~{Nm_!Nq$RjXT7vtgCAcA4f*YbGxFK4yHntVoF?t`=
zhQ&JBvD=-1#eBNQD1KBYmG{|C^5e5lmbuA#RdZzIWaaX{hO@lW?6hScmz)u_brg|Z
zeP8|>cPYOy@Mp0V3ht#QkYrac2KS<tL%Ge|mff)wy?t#R**Dd|(XNhq$rnYMkvHBY
z4jK30G!QKPjt7iF5?-Or=y%)(3y;r4+Kce2uN)zvBJEBapW!8kis<Hc+J0?QKT$K<
zC`UjPQN1Ls2pvJ`w!<QE4XSQZwX&sX4rAc06=dHj>_yFSmNqbs;J}!O{$ZRf+60+O
z9)mPurhzOyHM~^9GWj(1<7;mnwhwXxDLRF^_2ky!blN?@*G_6IO1s<^z8V+Ipyok<
z#i3xyN!;N@cQE3IM*f(ac#AYUEt=IYBcFoCO3vxlOcaisIXMi1>yrBQQS|)BFp4n8
zOGTPxB|b~D)x}TW&jO>rfhD)@qZ_RQgLuccQnKLQZ84);TcVezglXhasAaSX#cS=_
zO^Pq*(hTKsflmy`BybHM;M0T_>u@3NIYW_S)cF9k(9(%JIv}>=9<jP19boVh1%$Oq
zH@VNETgL$iG$*$>o$C6FtxpL{yyVSS^{vKlc*!fT>KlzWdddI7J9MU3w-`)*{_5~1
zV|-<$zREW_n5?JrpAzEh7h6$#seUW9E+(WR{9|m6p(pYbbuq&oHWo@L$^^PPblb#`
zEde;0tqk;a?8<5ejAy)L<{MgO@1-6lF2V3v+^!9eoc7Vf!v|!V;uFRPT?5wLOtRYP
z_(*IYMlUrZ^RqVXTo7{Q#EluSo?wQyD4NYJO{E}$8-Zi{ppBMtqAgZk58nH<zYFt^
z3w+LifFCw-4WFRFHJ8<Xh6|wg&?ZNgDbx{ZbPjPxL#15c8ssY##>>YCI`#txjGA=f
zM?+G%4OI`4WM^M6Kc&BfDdjgbEs67AP2|6mb2hKs#(%q!m6IH*%QmlksMXnv{B%oE
zN?anpSWaqMlrjsGF2scMV+sAWLq<qx(o)V!6tZZ_n=s{MOqm)>38~Cls+$shhM<d-
zse;Wdn}L9;X$Sqfnjh|8)shC4+x`|3_*xtHy%QK_HrDnAi!4mP!OsPjno!$e$ixNK
znb6K95A0!|KQB>u!p}0w<65(Y8^{k@DK0m)#>5J3#wN6CGuAF2_c4{7#2%JhwsmI7
zX#<GJ&p?0$`Xf2}xP}h2V4K$()4e5y^p({I!GGb6ip)Vgq=B}z+CloUNzPtQ?4Y|<
zwkBi#6fW=^_{dM@t&Q;|g-}lqz4htrEw#6;pA;-KqB+6DLX2sNPgDc|LU~Me+5kh;
z{6^5Jj>S=o2*R6FtR)8i9;7A~=*v`pt(wTc(h{F6o10u}<04C(GRt1u2P_UoJm)j|
zRG&%>VCK_30vgOf`VxRA&uQbHDgk<<q{(It(+(ld&zh9DCL_Quw`M#0u(z>=4cJ2L
zFSG`-qzU-8O_maBdJ#Av?r^)pi4mr50#v>(WeInfbNFBJpTy&T(lm)Xe3CmV;b%j;
zkW4PTi72HG?!Q}TZxa}EL~+PT=C}I`p-ovOz@s&m#cfGwnj|MRK9Dl21Ua?X*G(na
z5oP>9*DjxNsT*7Nyq&fT$YpkIUnfBpzd{xIe1@8y>uBlX0L2_ML6{pe0PKGg*9g}Y
zSP}Z{PAiIrAO8Y1f}B@?CTW+o0Y5zgs^Vc*<vfhI6c}-<L>O{$IONR#a2Ob9P8;_!
zyGpz|MH58fEt%(5NnA;Z!vUS$^9N1yRtyh;IDSL0)I>`~b3zcisx>~*Kt~LY95f;!
zI&CI>Y?x3B;h&9-2kF>&AT~B`UM1E>68V>)z+?jsj|dJAe7OoQvt)Bik>#dD<rW++
z@mgAuj+Y_C>XN%DR<-bWT1Lt6n85=cC0$Mm@+nNe1;<Q^NnuyXhE-C0Nl7+d{qOC;
zjbaTpUtG1l1?b$z%`pN;6ck$L^lYM=$&YajHTd$#6+;iyuIl$VVd?I|rTd|aqn7U9
zHEXo_C(Wa2^Uwc&>6V%)A$Yub?9y#${<oLzpXHBTx+iJ|w-7tWuEuOiDieuyq*<x7
z(tos)U$~&J<bTQ6T=t;d%~WlD##7rz(A?To5<0G5OxB=XdR)KatT^*(ZT!SM!Mbjo
zm%_o4Q#&aTN?055Ecxkw(*R6)7*eiJAx~g&H&#ll{DtzrzKP4w&8&WkyvVLGX+Zw&
zKRybV)y);ikW+af9r&<AF^NiGwcgY{l7h69cU)(+rjA<SbcQU5c2zU4$C&d7cH|G<
zAJvgPVXY(I4*wq=84A;m{8e~tM}8~(Z+GO`yZ>oNem*p+BNq-=LGBO#vyL49zTS};
zcD*Bk1>fU<$~`$3a7RXRMy0Ag>XfWkF&6vhXY$vYEcySz=jE^CZ_D4v&mixIRCTm%
zwbdcomYh(}{U+Siw;IjVgq16b_ZpNW2uZ+$7+2Jk(_UEIWVyS!f(yI?L9e1fa10gW
z?Wec^UQPsVfS#58H$4q#LcEepE)a+LNfPfZ<x518&VN%RiTsTsVYr6xq8*8<2-k3)
za-mjOwj=Z~rW1Aa%dI`_^o#*dp$};(96g7rQ3J{?^!!qb1{UQ<6h~IEdq`|E;hvN;
zDt1ScK)#6f1n9-oh`>YsOuYtWok$+Q1HBZ!sFa_B@J$qng=@G>ZCE?4hLBK{P-|80
z%d6@W?yi3%svg6$kv^I^7XxP{)J9_gS$dXn^)4%(ZYmRKfQ@Hz+Ld?=1lEvZk85}f
zIyJAVm){ucA|K<evHlqML!G+1j<6EM@S4;g<0ZR0i*#>aR<R`xOENG9#a@#^BhyAj
zvNY0UP^Q<+rje0_dgMg0g~9+!M6Awv)A=dnt)pWHL-kQ@U{9~{Q$K6AptDyStsuS?
z##EA!W@O6FR86}B6&g#eu%<}M7%5#^#!AaFq*CpgB+S0_=b>Gx@1kf-_jW-pJ%36Q
zj>p)K43D-Sna;a4*;ptH7NfV;jpKvGuz0=)vIO0@`C%+Iwf(s3=cr8-Gc8GFYOC8z
z-l4(83W%r5e}d%gn@4U(Q;l*mm7STC5mCID?!(B`=?*!Qr0vAeXkh}1+>W1&61idd
ziOJ>jVsg2hZ-K_y2l?^Raz<Kim6o&83~70WxWuN8_FN>ll11lX7RwY9eeEcrqka1d
z{R$kqa!fB@>Mkp*S(|E%>4uIt`(#&2vvh6IIr1{9y_hpuUTYPHhIl)aF;~1c#54B4
zZTLoT?uOvQzqiRr&^zLjj6pbEL$!DpvZM(H%`5cK2tIbhhjMV`GjY_R{E2ilN{=_M
z1_~KGt)}jv`5fwDpp?yNBY)Y6nu|5*cu{4oO<kKx=4--u6-@)pkW5FA^#=O12m)?V
zpU6<3NLQbjP15v)Xc*30;gLVh3Bjm1i)wvp=R>$a$e+qz$YH?D<%QH5^M#yth*#B5
zfYy1?{VuRplhTZ~GIH|@Jj+3+Zs>t-X&K$gIW(kKz#6=2Zr~JN-#LQXhv#9~-mnL)
zc%f7{$*o1I=cyepR`w%FP^Q*6emu$)@syf5KOSw0I1x>=sU6q}*iu+q4CKf3+S~uT
zx}yKEF89B#OHF$nVgPY^X=z6^#%r>gdjwBXHX|Uhs?tK}17#S5i4Y#bL=RB=$sJ-c
zHD|UbpvR{`y(jP(D4FK&L4gG?BjU_`@EoeI4ucAd6^N{@#Sb5Zlz3%jD-wh(4O8+o
zgkC)-Z9{a@7OBD|{Kh6rTi3R1Lk50f%eMRR!1;&+&ozo`p!PQ8)U4!<R$SCk&E090
zir3(6oIPlr5Z=`dYsgP0!@L}GFV}buce<?PKnv}Lir9t?Ige>{t8F9rQah-fyu~p?
zZ_Cj|J%m(N@^_Cl@<#O&X@{lz3|{gXRaYEi<t@QWvVVw2I{i@VX+PfhY(WdV8&$1L
z5bSLvx(~?>g!|Z<Wr)tCvk;5E&$z&+bpIm@PmbNB`v;h?_%`k9toAim`#Pb0<!fJu
zwXY)WYrpnYs(t-b`+B$ldj|s~4DcnBl`S#EZmj`nVhVuVp^YD|Ud3+U<15I+KNxkt
zvjR;xSV?w^7DkE1)-{lKW(C=ar*`%NYBw^qUR~P>Ppf#30S(<9o;a$Hrc)g=2FoSh
zPF02BiyI!vBzl4x%7u3;>80;t0mVMQ2pz_<4XSX{-%qOXV|o<klN_nW8*-!iZC#Z1
zTLqB;faSv@Ji&(=&~#Q*j2g|<!%G4=7e&5*IdG@BIDl*XKgJtx=WBR;?mcu7E32uY
zA4jy074+kE`XLrz3WJ=B#qY&=28=`jCN%KLV!`Y51$`}L?ZKANBKF{PYmLK<riplH
zgQ;j<ZJq<ndl7anfaWf>DegubZ~?q}LCT)T;f>iz>L9*i0tzW%=r=8o5{ABO_>DzV
zc*!Md$V97*oTukz{3A8tNr*yPz&8gqA^{*EV)@e8Y`KFB&z8AkXG`>2Y_?3r*%BK3
z`fLF)U5O{F={{lg^5!y6Il2&{X2U}iJ~SFG_e#L_lb7(;OvFA^S-EbD{O9Zsf~y(v
zI<s!AmwZ(~?J|B<x&A)wEUI_CNp3N>*jv^Cc98y`zpNWbp9Jgz1lzUXV|p;39Ue5f
zgZVqj2OvaM?nMAVB1xA}Rj7irL*QP71g5OEg<JIy`W0k+nPl!|Y`m8|uSs7G{WLR8
zEyVfKmsK~5HyNnSY-^1lXZj6q!vuI}4~mvi>INiU{l{jc3m{=LxqA<?_Gsk(HHf6<
z?Yb&UfutP??J?Sp;g7vl?)^LC?({t4NE@bU`<H2Q)ZojFr>GA1hY_lSBdW72CCfUp
zTr+>asy@&4Adfc#<idP&xPG1+m{FlOr+roZrt~DE=5R3PPYaLyOY_Zb+{=Zj9xwOu
z6PBE_4gD3tA~t=)beO@Za;epRbzK6mDCYO<gX^r~aibWTZ9l*66Y3-d3F32zrfa7)
z4B<5}+fsT)fM;L@Agg5`cP}MBzyJ)%mK|APGGm}a>^ABsL?-l#3|w1IdjW7SAq~Va
zb|<?};{w6fgs`rs;e$Mg!^^P=RoiIKbSUv-kI~449q{u%n6YO5G}K8Sz_D@yRUNd8
zr(W`dt2&WKXI`2PMUM-aEAPX5P!R$>o5&|Ud3k(_+_n0GRSa9r@7qtU`)qZ{YCdjn
zThHd@35*=p<=I3)6J8UGjxKMI9^J<QW50sMeXgEQX@HRnd_WJ(SKwt#msMK4LM~;{
zXK2F_dTANe1LOj#D$r@ZYJayj3snTRJ}j=xV-0cvjh=?l3(S88xa{Y)e1zKHhJvR7
zh4R*wLPBftO5FQVsta~N5dE&l@5Ke*k9`NI=3BuJW8Zj&uY98*82f$-zo!>G6Z^)!
zIwhsx2lyQi-zXcZ8&>*Q^<1U2b)^!IjVx2o$<9cnRJ;Pjak>q21aI@;O%@>;86r2?
zqTL(7L5k`qZ880mz3&Xab>W-lM4^kGlRAJK^rhBx;}DQf>MAB`E~X<3`l;<V`+(q~
zHm&+lWU#l!j4m!cs9&<VWaMwCIW)X*K#K7-+ebJyT0-2>J7%EN^%Q#apkPqvm?%A|
z=Ot&i@=blXO3sTgVkeCrvGuhV@f#LIR^uk{=zG|_YBxzgiFy~o16kx6YKK1?H%dD^
z6}R~tvf`*(c-|joqav(xw<J6#2|MY%Lmm%#TZEg*7YC`?qIVCDH5gWNaQMjJUM%Ym
z=+@LDe;|H5WA%mE^i;h<KOd3f&CN}vS*G@mtNyDdsdh)B>qS1!f7K}D$U&@mpcBs(
zZX(+bqGtxE%=fj*24B*SfBuMP3#dK8p$`gNHkMIU3_##(&rx#C1^TJ#Wq*;G@pA$6
zV@`JW<Lq6N)1FtF8gvE#e{MNmooklAP}92gP5lrgZ0P3`{k1O|xWMmFkWITtQF_oI
zzA>A+DiU@}&VVFr=eDV+_4&v?gJPD2?M==X10k-#f@d6-oc8=gsDL{fa!am8lAfkr
zYMFw&<OjTNaygF*>(tlOOSow=M|SScZZS7t6=KB5ZQF(RK}}lfS4O3-hwx(6xewKj
zd~v~`6*81Tv91GUZdC|i6u_pY@w#PaF0cekG6bCm-QHjWCfAy+UBbaeqq!y7dC=&5
z&fdapr<O=-8x5KhEG;9HAIsT7Uy{cZa0!)cYY!T^?H}W{0_RTE`JA#c-^erhCSfY~
za!StGRpM1Z$noN0(YengxelO>$nr)#NgnFzsdpI+tL)ALm0ZKKw3O!%3Vxa|d6`>s
z9w2`niRZO=s7R&=%X9AIp4trKz30D7*z4wI7#+~<v+&EgJEtGJQxXnv4d2Jz9DSG{
z<hDJ630w!U53^mngU&;CIuO_2ESDctod=u77y7Ry3W-oriy_$osBN_2Z+-1P0}R1+
zopLYa$?ioYJqy@%9{M_JPttw$XLZ!RNxu$eJ9pbD-0Q?19AW^SiEH@zSkP!r*TJ0r
zF@W6xfQin7Chq0&g@vm`04`Z{?li4xH6$Axj^bjucE>8ohHv#lI6Bw0{+}S;JO;!Y
zzXl@r6bdChNyZW2_Ho;8r@-yQSpnd|Fl|7oy;=wIHo1Hs0B98Unct=`CQ|s!Ek@xW
z{09KdE%mhrm!bpB(|AR#=0#K>53&$Y77Suh*<q^r?UuuCuYMjv2Q=_@{AR5!a%*;r
zI~d5tTyEL9LpF?R7N1}ip0y9vy`v;(avh8y_$-l~`-Yn)IiKU6Lbo`|96aQEwoIiB
zRE6E@oZ)h;fEv^wg~X$ZlAX^1Q|<+9qXUowe5Nn18lFNjdHKcIUaXRhqx!8Esb3I{
z5;?HA-Trw~=+^lZ(nJ$yAZh!-i%4E^Q`(&E+`0TAIf$egEujAPd#G-j9*63tK3k39
zSFrRLPK?@-u6R+~k<Ned|JafK#*1`EI`ze|JJQep`rqD>c4Yn29qFHqK3e$guZMS}
zU-|Vv+mZG+>pRj-SyYqLR+EWs%W58O+XPbc>(OocHMZ%3y?MAzQ%K2h0?poD*9%%>
zI<&^*k8KPGjY*-6X>pVFGc{{Q*f$nv%pC~JUvJdZI4)@-Zc?nvFDYiJ>QY|SC4Msb
z1Qn57mn4?7zwocLAbxpVZ{Q0vspT&1UvPo?P_wQ;6I_{P(0s~z<gRcx?trla=)l{+
zr!^%4-+T8d{!E~qFVg}AC8?`IZVrEJ^Cor4iO1BTp{;UQ9>_Um?loT(zfi?qHRnuD
z3%d0E&|oyy3mLQU!Jos2QDEy)Tf#4#s9ydMvOx=?cQ^BQ1w#DicYn;^9Js_^4ig&$
zr9sd|2(m!XJIar%muoOD7=nE8xUM~-_&9yqqx=6%ALIX1^Zt1}=d9xXm;OG{Ojqjn
zHP@iS&OTG9vrjhW>+@@#KG8(i?fU>9^c;YnB$8y_T1uslBMgw`<|E_jFT>*RIDAK$
z@eR6z*;@|6Om#+uhh#Ovz}(8<9l@>EoKSG9?Zp>gr29%RjI&#stm%zO3thrM@M*O4
zN!?B~r5YQ@6)qMAP`aZm)yhF+sWL{hR6C(UPX#a-Zgm6jk%SJUV+MLH<#T%M+!%=4
z3E(^It?T-loK1mHO9Osq^4Y;EnLFIZ9X8wBHcreAJKVu%lQGJdxs>qVqZ4c)y@4cj
z`G5zu24Sh)z_=@dv;a3cr6Moo;w14vID`UStr(83fE*q&!HUd8k)FUfIsv`NLlb>Q
zJ)~sigt(U%Id=kE#;5ofS*F>Vw#Q+a$~bhel!if>7zCv>Znq$w6t*QmUug5fiYvHn
z8olx1|0POQ?YB7na=AYkNWoBZNAST+ad7fRtA9}n6yE7So~dx+waFV(Fd!2GKFw^j
zDdrY~q0oM2-J5a{vAZ0#@PGOglEvK&C5zS?2a=ASqcHpaa0T}O_E3)_C2RR<V%-`8
zKS|zLL-*A($-eK?eKle{hT>f^3H&~`zqPSO5-!<usoRpffD4@B9ktapq-}M1$rE+B
zosWs6k{X$&hHPGKBXW$p)Td?P5>#;i??(KkdZ1^5u3qwspF(F24N223UPQ0mt#SB7
ztf^_eP|UolDDRYA5%l??<cmYsh4G`4T*2ea3*t~z7?0|04rU}$Ie~fOK^CGn7g}Pr
zP%?*o<3v4jm6ckkCN(G_L~{D^ULPx@$j$n8R?j22=Zc=5@{X)UY<wFv3qx}XdZC7O
z3LfcK#6~t3xCJ+CadHJ0W&pE#IsiqSU4RF=<pgcOthaL8BGl-|XD|g&F)Jv1-jot(
z*9_fqhl^G2aC;AWb{$nrLx2)lC}ws097*U7{?@NyTDi5U*a!q_Hg|YF-o6DCbT|3e
zKqOmap9ZBFOYD&ipMn%!T<o835IUh3RA;x?!iu%s3>2`gM{WhUS{EYcU?9JRDeSXI
z3$4M0wxGmAIS;Oq?<ia)%_(#^?i0S0za--UD?NXKj`c4xPh%YR@P>XUd#h^T8s-8D
zgA1p>GK39eS;xJ?Re2#p9)?1pNXf&(y0M-G^715-7v*<(x!6-&!;T@UbSt}}+NF|H
zFsj<oY1#@L$eFK0tgBlkqz8LQs=Y|kufyB&8t6CjTWTkgwJ&72Km{T{6I}*8{SJ=n
zu7(R-pcn#QL0j-Jq~*acpBHDMS!|a4jk<jXaS~l#N2x4xQQc58Jj%z(#We-mICm3i
z3+_2p*LdWDHfkTZzj!UMskoESABVHc$Tj>4C4^*BcrZ4F7BYLUTts^`?A~7bwC?S@
zNX_oS0E)!b+E&Sn7TQ)xR%bT^I}}1=3b5O2lbaT$XEZjhcpD>nv<M`dwLo>!kz6!3
z)||n(PgFYVhQXddXX7y79Zyob${6NR-;K>kRQm!(FPXgl8=Q{HEWD_lSwE=d@{pfm
zE)v-j)4x&}6r)jo?s^png;;O|@3jl#eb<SXx)_YZ0Hfxg4b~T#hc#~7>-haw`<oT~
z;{^`%dRQZGJBaSp-{h<FW(yC>+m2{oli&;O8$zw>Va!G1@1%~!wjCOiz&w)RS9ef%
zF^3OQMU?Ljhj)LMT65eM(lQo7Mu)r&ZP464L~ofKg9P$6+zqCBxY@04a)1VP=wH8}
zg<*d3!|&29-r&)9aCpQQ_;I6tQr>=qO5oh&``-it^ewW6*6FhZx4IvyuZz^+HvTv{
z9;#1*>Y)?v#{_wgNBQw`2{RHr7lXxC+x<ejm)wjWbSc&GSD_6xullZrHQ>L^Zu~eh
z`s2{(kI={mKvV6ms((_0CP6mq;o_4~1D^;(GxptVa|vDYHf&+sA?gkKT?&Qn^pLOf
zlmjFk|35)e^$;HVG^qTyAXSc6o?{>2XIB8<{w@r=hW<)^s+TOKb_5KSxGvEn6j+xw
z;pCQE(YOKKNJcu+^)ih7eSg6XM{PkYUJFdqR#*@-NDzb9uF+S;r<=4@QF&QA75mNs
zeM$$5*U0p^hMF4~wFgZnR2Y)3MiB>yY_sMv4DYM6_4ED&v;lj3!KUHWFLl%!<VE|W
z8Gpj<&M$;{9uHo0soDP%w3di=)77+yCV#O~0j5&YG)7#EY!VV%<1olX6*E$|-YC0L
zWvA`ldFedsu%8n8#ddVSogFT<J5y_o4#}Ci2h)oY6Bl?96;zwKz+R)a&C+m+Dv@ML
zRS|)eE$DvCnJMQUpqqbrRaqXOo2lH7La5HbylK>2hi9ti(LyR0cp3t>F7$QhoLx3B
z0OhayR<P(EwgC4AHclWOn6L5)do!QWYB+rwnI<<$Sg)$~=1M-H)qn^RLoB*M2hpN0
zud0s=6d*gM3VoWFM4yq?g=_3bI2&^jCmxTMK-(IW+w7+#SA+|MW11%ne@k9f1{a`I
z$Cbf7gTBsGAp?DIkIG0j_3Wp%IyLCOK<M*=MF~3e6UmR}K#hI&FL__91)+!aQ<>r>
zrR%=l0J#^<%0R+GbgDk8j#wAo2=I730^{*077Y+g=)ty8p<Z%Eyd;F97xI#qah-EU
zDtjtv&#+V{saNZqR9N+(vqpLf7qu(5YYJhK^9tRuyaBt|naKq%P@ypBN~PMnP#s~Z
zTgP<t`Q69ABj@%}d;+rFF|<&3;809|54wWiS|CQcH_n4b#;{Tc<WG*;2l+p>##5}c
zQmowh#NT0sD*i*lL(o`H1v&hrev>v*K|8l^Y>iA#zcLGu6Li9=ln&e#AV;`DD$r+U
zuO##W)B_((?VkzR$&c`yQkfD%W$LgDuBP?TO+Oe)d;;RKg{R7)y)Xu?dCqiP9Dh%P
zT7r*sqq#3vH0Lei-iWM+#-Bnd$eyatpaG59@Tv+~6qYe{k=v;)?o5Ael=`NleCkLM
zRxILmD1tkTwrP50iF)FDnJJuw>P=tErMs;=rpDaXq0>K{Z!SVMK0|%}1s57AC$N!|
zokaHQr7cs0f9Ru6&^;Xw`{;`_R$XmzUNclGiRhRw(&D^2?3gbVee*e^Zt8t9h+%H>
z*lZjonZQ}t=D|RT`3TGjDXHAc&ge|1b&OL!V6oBr=rrU9ycI$m=@<a0bI~;&jDRnN
zblkc?Geh|Wys^Yf>>wOe26>ASHM)dPeN0IO8Fz{vTn++vR?vlf!zrzRa>d~#iMX*&
zoc{R*mHan-#&YuUNjlsrrFi~6Z@HWJnPE#!+AhfXpJ==Ct&I7rdDDg0RazK143k%y
zhOg3$*0=-1{7WU8Vro`%v1ampnh0NUH|i4gBj^IbC6wo6y;8jVH@V!}YNVPy33$`i
z$uiOeAnE@3Hws8JozdUl$UPe>#%q!JYJ9_4o^7%;nifdq)~4y);bwO+IeeRDscC{5
zkA`qyNpxA8EUMGmXe<s~pf)mX{GDjXQ+UBYn90Za2NQ%}LP<=^0+sr;1IC^U^q|30
zOMWKL<R=K0V&%)l%EvUKLv!GZ06H}QZK^Tn!or+(#Z+AApZ_p_6`{Qej~ixSH9Xqj
z^v}CdV1Sw>qwWwi0~!Hs=<I1|=f~emD>ps702<UTe1UDTfDBSjVPpY>`|}g{l7<U>
zLBm<x^yg=i&TQQWSCa*rr!`KEA8DzQOn##$F+&7Im0OE@yf}Ez^6@Pu17Zv_*m_dv
zNe<f(s(y$!i<t)17&G8HcHmWfrK*~#u}oO-yq?BsS@g~y8XDV!P7{IH<PscS@$=H5
zZGu@6qH=i@$39TX+CGvpM5!+frUIz*p7r<1u0HXqx_*Hi312n^8O|PFcbA*o*oG{H
z{mV-J7CpOpsKSc{ymdWRK<VDo=-n~5;~c$kXr|X!V6K#v?U{{Qr{!K?ve<fvya3Bb
zv(Ho|+zxycl!^{fF$tAtZyZ_p6XZAd&ZhTgX$f@w#=}IIW1N<gE&%P+7s7P8g-<cR
zxhgMRxT-z=ra3x+`H|h?>5MqsUXMpA%9;yViCy9EEGPH3(s_lJ>G_!+PdRD;WI-zQ
zb0VbB>x1hbN8tkZv)~Veeg^%gH!I74#bxZxf?rKD)YCJ)FS)>4K;gXUe4=Asx-f`8
z{n;%JnZW#Q(PullK~9U}i7k4g0*sK~tfuRP9*k<pRS(faOUH4mA*Qt3j0aK?IuSe-
z#}<F$c+KAW8m#gvpWM*QCk%A##asN!3hyYFx<WKZh^T3)i11!bzXG2&`W<xkLOLr#
z?(EBP_U7Q3Wc<-3P_mNL0BA*bBDSPniJE^LI4|X51=Z-pSDf`Q^o4<{0l;XqpYm4l
zES}=q2RBY7`=8bI!Zo^d_p>p*@H<d<0y>OooUFVjcTx&be0MW%ULt&H9~5kjlgXNA
zN0h)r+R4A}Z<!eg(>>CxCZia}y@179fbcn0M2u~&Y7g1?D(;h-J8*OKxEN+$pj)Cu
zE{sCXI|G;atQP=x27bZ|$SLtA<*i^LI{0F;!_C3Mq2agd!*5aj&6lXViGMJY65wX4
zX$T@ZI-^dl5Nyyu8@i<)Pr<KhhOr$l*IFrRf<GLCni)Tgq2`Z}7w|G&IVqRh?C0of
zr&yb+$}Ixdl-S5R7TkS`pALvpCJ%qIOZYg|l`4FOnN5x9fI}Jc2(V;YeeTAGE$Xr!
z^t#kIolN-Q2x6Z)jmGX#*;3zP&X-Mh8-;HqhWMNA{tu%tEAbLP4R?hLO~Pad9C!DB
zm<1bPQ9RBhUJ}mADu^39riMDZ#gMUi;5c0u(wj`UcWo3dL-#<Yiv!1zTj%$!k|6@i
ze;Yzuu>3cn{5Qm~Nof=da6vM7Wx5RE2?<C+{hkV8YF=(P(yTJ-iX3KQsg?vJwfQ&;
zf$HAnA%CIbPehsJChuRT*P=E|k}dxHc?D>p#7zos9yY8fwlJvWBK#5EP**q0mSE95
zqtZv7?1E|8CKs-;$5H(>o18|4rn0p_TVMDao*pyJr=gE4P+uOesn)V`Snf2p*oQW-
z_6YaXKC}>d6<L*aGsJ=bH6uE)!Yf|p#7{W;Q1x<wtzKT$)Ay394zyBqr-ge=;zwrj
zD!cC1FP~SlesscNwC#{vU&UClhgoM8yUpe{HLIcP9w6me!FMnop3Cq_AS@ML=E2`g
zoJ8?W#m2@GV^gsS%55w$i7jTam6m>bxb)z?hT*g{l@Z-=wwf^2uSQ_d(uggXMr<`=
zY~$!MUW3Pe_<Iiic47wjYlJ^P{B43ix#;OjQqeP);7Q;~;CTg}SK!$T&t7=;!LtvZ
z5qL)68HHyw$e_VqgSpon(JPZxZ1hF=Bk&h>P&4$^%iEiGAcUjewbtt)0OJ^p06Jo6
zgZv#)G-IxJLe@wpBwzpX`6$%8Vgc4W@E%~=wt%)b)+blBKFP*DSy@Q?1QYMz;e99k
zh2XEL*gUhdvBWHXMzQxf#oq5m6^*dzX-4|$Ge}8$p>b5o9i!4gqLDuP%q)J6AahS4
z&oH*^RCr{-Ul#n`27hzmFCYGj;ICo<?VAk1bp|}s;h7H4RCuPs(*{qBx5Cp3PZpjm
zJQ;X0WBW$K(OUT31b>b2w|l{;z9}{X)T8=>evj>k(P3lyPTRBgz=C-0EUN$KO}h>4
zLpXb-swlmp(#JLYFK!syb|QoGj&?RYNY{T99Cd9>W+&Cg1o`K(o7{v}M3}6;pP>FF
z7N?$flW|&LHw~Pl2Sz(pb?;of4TQ#XGrp_K6FPIfdAqLI6EO+5)tvYVt-?)OJ1O(9
zH~#}vZLK*F3xBB-ReI(@=pOu$g<g9L|5#owP4|eK40cilNPuxx&~>HE2hvk_8Hgb&
zO+hYp#`GgC{Z3*Oa;WduW1Dq@z8XlM$T~=U%({enm(5_vG$?n|7sjC6u?HIlwa#{v
zV5~M^|M>JhbF~Og6{2qPgcb)eBO;{`RdW$n<N+;`vT(T3gKK^Bn6>`(?PC_S#oJ>G
zTEXyIpAKt%$Gj;#vtWq;-Nk>_l+u_8>;9>cbw8c(+eenCL)yBJ>n*x0e0$4u@v3R7
zRlI5zQum~SAXD8;A5yaRLB6$ptjbWE9Meyt>XpyouGsN?n%>|lZgyBV#iPvB^{c2d
zAfH$;4Ig-<s4Mu1k6aqjsk%f??9*)7fUKGm^5E4eXCKJ%p54pjwp_%%`{%nK%<kl8
zl>Iy>#QitMRuQQjo$Jy|5fD@kc_I%DIB_4I;ZsO86<c{U#EhzafM)VD2-+LajHv48
zN4W9;=D$Qwal$zJ;D%(FF)(&a5&)vqX&+{hRqN5_N8N_0<o^MGt#sH(Gys4@OYMCN
zSX0Ng@J<L25KUB6s;IG|ViiR|1R^a6K~SQR@bHBi$OeKTp~>C|J)+QnHKg?2p0=l_
zt+l78?{|Il3DSz%htFDDZHujKH;t#&N|m<M+_h%!gaitw-+%6R|Ns6UI}Ee;yl2hK
znl)?IteNH@%|aT*9?k7;ayLs3Ea`EjKB^AubRltNsH~CP4(m{bmL$8Vs(2t*WRS(M
z0&PC`b2%YQxsy%qL$KWY@S1?)f1cGm=^YSj4s?h}?wKZRNKekme9pK(RWIyMb>dom
zdjMbRfOecXDe#vyM7#K91ct#ofST1IE3^gqDCZQqLTfJ!!K*k4_Xr|}0*NJSEW#*i
zsq%g1ExX9M*S&1GN!FN&`aOXj--z~avTem+W0kJutJJAQtvHmoS`Q-m+e8k8gbEji
zsK}lf-k7J77vw{Wb4b(J4kM+(j^y64yCne}?T$~JOI&Pdv$|)6i|rQ9A}ZUF&okP6
z>Xix7a4*@Bk#l(9Lx_-BUJp4^8d}zZJy(h+B|mc6*)w*wLlBY(=ko2m0En`;4Er4?
zJCF320GVwk5+I}Oz7ilixAQ_12L_h_VW)G>?IeMt+kF!#;uEkPayj-n*J!vfv9Fv+
zxHp@MdxiiOmDt(yI-KJ<n<q8Sv7MI|IYYL;+^pshB2aP0k=Ma3-66<S<dNIZ_+w;5
zO*z-Rm*7Oi74}pqGu)OHB5hA4dKH`_;X~4#8VVlZgv6*LRcg~oD7#2tTjv*SUd_YF
zn&YXuw+xBQws3@tjTh8XqgL@yc9M;w7&)r*WJhbuyPQ&O`Oi*2ZTV%_m@r&S1=_;{
zU?@Asa*y2NspCIyA<f0BbMRU=ZC;}sPV(0}E(-a#q6%A&^yL1_DFDm)c<)2BTRZl|
zS?@FQEJm6&Kmlwa0YITU$8eK+3ospC?P2_SoYWq>(Kt@Vmy7G#<|T8}MsAATe60YQ
z@s0z$h6@0UBZL6PuN8~MMsSC>5ed=Pws|lx$t`1BF9vo{1PgayUtahK-Xbh@v}3=&
z;-h*=K*})fuamOz<-uIX-TbLP{2t${_NeFtFW}9hY>q2K>h3SmWNQExE+lc=cat}|
zB0WPZAw)QPhj_f_Vdze=r=c8>%VT$ulO-sh-mjL;=^~7Wx2?66hm}$Pgc{uRFz(Wx
zBSOJv%7<~A?ji!{{53$Os6~DlH=UHcw#Qz3%H~RuHK!tR689D+iL#k^a|8}$331_7
zDqWD-@b2x)835I_wk=YMO@zXIj)}*fP6H?qxA0yttT`@#!QWnZ#_0!uz}bz9BwVmF
z6g#eYU5J*iGbYMR(DD_r?T>Wc?5I8EU^^fKA{Ws{B7D0ag4ssEf^!yMum{Q`S6%tV
zak%xYzh5hE<<_2au{Dc3rwjVTxD~rRJIjo&Ipi%LZC<^4x~${+X!NqRM51)_=dIuQ
z+iTD9ec`a}?BtCH-3_)sT`Cb3aQlDfVJrC~L96(`<EGUx?(7|&y{1UqVY;l6*A<lG
z;gG`fF#m2ZyxOih#otVKW<3*RFYMT_a><>+g4)mRg)Y=$%f*BXoI9S7vEM9Qq`+x7
zd8H5CW#YZ|AX~dpC1*!nQOT*4K#KKGRGnueb!t}~Oc&*TtEcXp)wUN!1eohHnV3vw
zI=90{2H^-7*I@IRpvT&HA?MpAC^pjtky@M~{7Z_{54EDGLT9xz^T9-dnE+;#jZ0yl
zi)~3%cM+y#w{yHbuiH7MUDZu?=|bG+mSLRW{Pj8&i0bC{;--eOb?fy^EX<;F35%VX
zoQy(1vIe{mJ{h&@${O(+3PEv-b1u9{@MXH7B*i%~8QYeTB~t-l>6QCrjg$EZB3`%1
z9!$6K0NHzHMmfg33K;v!v8j1s4acheVqJ?-OY69Lbr+s6u1E0@iLI6sV@r2Sh~`&D
zJggg)zK$fmQfDZnO$2NnyWA>g0*I@eE9oIxdh7v!%F=Ik19!&Fh|KVo4<~LB;O5x{
zp3XpJ#V|b!TQOt8>)rYS;vDe<P03f?nm8`kqqM*w`0t=PQR|DKu}#^=Mhp_YfY%S@
z+{3GLQ@cFs+|({<fh(S?#KR#0jw1s4`PJVMN>m1}TGa%7>7WQNv->0e=5%pHouY2L
z`u95e_ss2T7k?ep<<>e`!%IZXv0TjDSS|*71+#gPoYfBDX_9NWF;I{C1U$FFsKNLA
zt1egPBpliz+!}GkZ!hfO8g}!Cms;5Ib+tX?@gnx_2XerZyL+slJ&9@4YT;Y!PMmq=
zvdRSoh=u~}#bME?mXkC8$do!iwUzY`s+Bwaf>d~a)6`aoke-a4fSH+0rGRy9GM-2$
zUt<1C0;DE<Nho&We$`cxa~yUrR5~#Afbswv1a4xd9}IIGhS0}l4X@$tWGYvR9rXk}
zNo1S5a2&QwZB51jC2QDC`Z<owP0ChTV*{^3McF3XRzvoP#Z@D0-IA(kTerWgv4kip
zP+g66Wy%_+!$+p9F^7n^b-S(-%>qPc@p#1jVgihJekQceuzgIsmN+~Q4sK14vWD9L
zkCpooHf=mNWf!l$7Cl&^VMNSqgzmvFb?a-pe|+N|id}^@?>s|!%6XJm4=CGKL@s5K
z$Zo*_E98HJJAYY2nu{FR2gmDpM<@nlMP%YT{dva!G?xp&aTWft*FeCpP;`y^dW*2I
zbL{U##W2ZOS2kQ*E`}iVo4tj`O<d9jsU({vyqEI<01p;jz!*^MS?!wU^kh=$na6wM
z*Fk*0?!?*)TTeqL|D!oLqDdN~zFK#7YqWHr5U9;a-r6Z|IU88_)z;uc35CCJm$Fk}
z1W1_)1CC9pLbw<YNbN|R-2Z+bIfQ~jaE{tA<yG0eEz14u1ny)l0%N^Bfxi=_td?I+
zwL4eYWI$;pvQiR~Ihn|YGtkdNr)|B;AIeK%_Ss=M?L`UWu^~r0x0HxZhr&eYt$Nj=
z>VRbYAXP5^KBQ7ELpc)Jb4+9++W|ERB-E*(UDQ*3f}|F33$6$=A<7U)efDlAkc0GL
zf)>8ee6rPgo(r)+2gs8GwRe)8%U#&)yNs^iEZp_bP1GWH;lgYWE-*VkL~#vAVTkez
zh_<&+v?T*ZyO$qliIq||0w-N<4i_<o;1LWA{hypL=)y&1rvarR-oa_9M7Aqfw)>!L
z*TqGb(*q_-?0HgVRb3KA_Ro#DpDTe?SGjmaxp+xVfvYlv%;!_cy)_ZGZV?*@DX4m!
z<8iz+en@V9fp7Sy{=KBNLt5h3>QYH%yDvb|oZ+(FN1H>$ms2Oonc)z`jxuPn-4~sH
zvfV$y_b^hDqiL7Z#S<k=UY!z)anM=jQ;g=Nt`(kw+~3i+AY*YN$m~}L+3o{Sg0z8(
za1e`ds6_b@JG-RuGP4lct@A9=|MeHQ_*#FEJ0nn?oH&#CgbA>9%6tM6hPbdLA3}CE
zJ|VYshxCfCCKk#GmrW2=2}KUV5i^qVU5V?Z?DXDco}q$7CF}VSq&W$Xpi|5XcCd4}
zrki|Kh)lT2!y#}>u=2eHXL#g%C@(>*+&;0ssTm;F{bUqL0d7*4TF$pt%H{MV=r<}U
zGaG9%Qno7~_Tc68gozS%oosiDGoy)0Y9s9!5_=5#Les^jBM55<2i~$>M>0qP%p{DB
zr#QwmjfKRMjx(2HPd9aEG<_!94GW4AWh*<SMEO1w1mR?jRW8CQ@stlwG6SyR8w5Qr
zxP^VcBe0iy)Ri{yYvr~NKH#-j<PkL%9R(tyN@?9hiYnyqZR@XhBZjC1$?S<ez*XcC
zy&H0eCNjsNiOAtXiM|eLKeZdEOe8%*o~J3lTE-Rh)gb~%J3_+W9EZ2Lp$-w$9^zt>
zY?~uyyO;na6EV9gsyVL85%P*XJ0b+thirZYrt5LM{*d%nq+AvyysSr}Y&RBLxPnel
zAQIc6caZP;8VQzxl{;31IC4S~S4dfZQnfbiiZ?bK13GG$@Z!L{mP+ku68pxGycL?2
zs|r`GL4_Ab@K{ME;`0yhK*?rDp)}T|{1Q=gJ3EmJs`gd4_uwY?TGgp_-&B@RF5xyb
z@~b#4cbL2ZYHnwSIjlXlAA(RM+0Vgx<l<1pN@8sXE7y9iq*ahDVaI;1`3^+nDAIzW
z;Sw&o0nv21n3EOv%82($$>EvI`IWd8wak{>0A%x3lr90%W(R(t0Bb<WaF@$jnGd6o
z90HWCfJJI_JrRp7wIyR*F?+gq3;l?lq?eyx?vH$AB=Dq~eAk%S_2fJ%Ib$`PB>szw
z*_q#*cOgfE0av)jM3PjQ+e*lVQ$2VzX{;6{huZxyNwU89x(}C<84cZ^8IdrFl?$B7
z6690jJS(7%dpEk7kL+YV2x7(&C3dOrcu8>{!cA%zh8pgk(*i@j7Ny^}KTCFHL|djM
zs^yy%vBv<n$nM>j1LI>wet8gK6!N<CAT*RiEmx8#7Dd83SPLTqv+h}<bc!Y%L>@`4
z!lwM5b@MvC3xlisByvQY<kW)N{2=Lak#BCYMhxV9z0ZLDOc>C@>{~!2uFiAK<p>8k
z!p#MJOKgu;USVf*Wvs6P)L)qX6DlC%lZaAlLzxg;ZK!zjLHHlBwauYEuWg!yD!{jh
zY<sbaqAlZa9+K^9E0=1xJ5jBf`aDu-a>t!SsA^Z6Y?ow_twV~8=%&ewo$YnMMX>=k
zb(q-cU-#QA)(;$krh(esnk9%(Hl&c32-)omL}YvRy1L(@nV@!6DBgtPjB5&9Sj`My
zxRN-bK1$~lc)?3QoWZtkIXfDHvm;0-$-<SaWHDy((gB|R6npFn8!FrNzHE2MvdgU!
zMk;&zeOqU=b37~z{Y1>XruXYQb#=d71J0ZLY@G^Q>p`VD)Orn+SemHnvCLp4%0pFC
z;1d>=a*CbmP=zgjQpzgui}7>Rh9IlNxz+)b)C+~7exKS4d$8WOJ}G${=MZ+nlOpzd
zz|u@meJyh8>ox^J6=x^1JykQfLsq;BBTU5Wre^?7JuaubNfj0$zD%?*`0a;L49$uv
z73>KRRLuBYDeUoSJ_nEiVeT-|eOi{BWQVQ-ea*j{DDrSmuWVqM22r3$L(T(0rzqq(
z)xGFrM>@*c<l{z7f#Vl836~kMmoxH-oGlFcgnB{5c0LAl#(9a@mWx;JOy@;y(!UU7
zXK@ln+1YkVke%fSn=Oo&oed-snPI)MvkH`~loQ$6kY3r@Ft_Y1-ifqjVZG}DKzUP~
zx7_T6fc|o`M;G@KusqdxnlUs>ZqSrdTCO06&>96=9zIC*h7r9lBT>3jON1k_y0}Nf
z<sRonOr0#?*TQhV@IZctLuGnv;$p+OJNyJ?gE-SKR;t37Nhnb&UjcbwWw>2<bQ+~I
z0oR?eW5alfW3u6{F>#Qo@{*$)CA1eTB@)`r^m&i$<q35^*-Kjq%3ekg*~@-{m*WZc
z2=608DG0918tU=DdX<Fxa0#SQCFR~Db_n+tvE|%r#17@2BX$_~547XChsmdcyN}or
z+-<~;<hBueHn)Y?(Oea=<2Vzs!?_Y-CvfYCy^zaaf~8AwRi$uCiBme4M(j*ZN$hMc
zme?9@7O``=sl;B%O(6DKZZxqsaKnhL=lqCW#{HIswvoF;>`Kl_Y=--q*wx%=VsGY-
zXYoZKS1@w#q3bS`5#wGbuXreidx5;-B^lh~<P~M1xd+HAZh&#Okyj)iIU9LJek@l_
zULVER3i66~+i^wY^+|j!AbHPT=Q&6)-w~knC&xenHC$pAQLrRY`lkynGl)x-R5?HM
zI4{FL23>mNZ*gRVDE+gA;N6)d0lCs&Be;CayM!wJa|M?Zyi1tUf2H8Ek9P@I`mYsS
zUgTXAO8*Ul%frN_DndD5FBIg~Oi~b(w?dVl!W}2@;C1C$RFgQkg$c6l6Um;DL^v-x
zSgGxx3*2q3qNV`iwO=ILDT%QD;ApkIs{kC<d!O*1OV8mV35B>5y4alI;#1-UAA7M}
zc>oe9WfD1xxl2*b7w{NQ0r?{#7fd$HSD;dTe#~uH;u&*sy~*I@s}8fPPQmo1wX2Re
zsC;tE646Dj3bCs{u-D?PTC#@qM7{t|zoBMmqFTu@5wRY#&Q{Bb*p<jBMihYfXDM+~
zIoLBmC%3CkAR0vMaEgoj6lEw^Whk#~SyO+Nph0bOdc1%J=W?MUf(F}}1OW|36#%ht
z2BPw7`r|}#2vEyJ-=&6oei4y+@;O?7r<QBaCDxu}PBly7QLOwNH(M=87_#Sll7qr-
zbrgP}{F0f78HH;xL;>NAGW?e1276(Lb4_CH2>^>gbic<$bYVl0F!6*U<zW`)my5Wx
zhe=V8PG)975KV6&AiGDn*bZ)12BD}soWpFjXIzZGLw&?9!s6}zkjSieG}A2}EctvU
zwwTa=Ry1cvNM{|eot62uPB=KMbyerD0jM`Xa1C_3o&#4O#Cn~MNTi3r(zhuuv>{hC
zk)1@yfKfg&>Qhy2Rk40RcJ>ukm+))ja*BJ@<weNJwE{i+-UcM9<hY~9j`k&CJKvz(
z3*S38`YvIw-8jG!b~}j@!hD!d$Pwj7RpYtbK9RpE=XY;!0IDHzr4;81Jn}%+;KzfA
zUKD3M5T@t`Mp`Dqp@J-l3mVQs0w|PitlanDs8eQZxyn27l_$(GUs_hw3xX9ZwB%yZ
zWE9mysp3H8eum~d3NnPsU7GxSXnr7wx|v**vY+%2bdvqpNqU$x@MF6*P>}@~3Sb}K
z49g!4_gXNog|v1gP+SaDsfW9mhCPSvv9(Ju6Ltp?5jog~WBoD)ID!G37le}p`3143
z%SA|wNbQ9e?1f$2><&D~#JQQU_Pq1VD#9%Vc*#3Z1aRsh^nw*oD!KJmKI_7SUuE0(
z1F*MBm6v4Xlpnc-R*Nck^!!a%k%GSN9(Ek}lEI^g{Rso^5%4#*<2DiIGDd_a`2Z4)
zuFb()CCW<{iKERacI?-nybT0cw#UsBW#S*e+^Yk&9&fz7>9B*nK=v%891i+bs~|ky
z$t4s4FVv1bO_ZB+sRq0%)}I~5MUcYaikgTHbUEKr{<ihT&5*5iqqdh_Gv-Tg#&kNl
zW>w04ewOHl93zLMdCg*(57<=~2<zCM*Tv4{-Yat_&wW^iC{0kA5CCPJ%60+TlQmoh
zvIVj_?_xPj^yx3Wv-*^%&hA7D+RTwBb?n1k+pi{XJQhjLDhrpmIs%$Q<g#6<l4&@%
z+f~x0)Ch5l?Cq8UvZ-*i8&H>~{x<|Nvj}Y5Ntlkdm|`ZOEuq-tx-3bZV?=ZI$cUzq
zbzjxj9TIIH>73!~dUM?&v6HLQNwzwN_xjXLslzh`Y#`a~a}GmjOru&T%CDWs_Ts)V
z*(_%#axazo@<A7sk|A0?cICP@$8Zg9j!IF!74<#v7hb@^wmI{i4BIc)z&fTyA=?$)
zT=UK%n+rc%6{t8@*~)yjepc(cUW6k@gp<3L$j1@1l2q!88Qw1$0Ik@O<3R+G*;$;V
zPpo?fh~>-^7V5)^*6tK?V8<Dk4|Ak!7lj-M4VMX}ajB$^3$k5-yi5FAf+H3Kfh<v8
zV2;hY;Ml*;8?PWEj3_hmgTFG|lqt*Ifm{>Zk=u#9h&DI7Bi}I}x6c@qd%**gCwJ8G
z9=$H>d^nZ)1+s>Z$@w>eoFmtu@??aRyu`Q8JLmx*^#F3K5Kzqf1Oq3sav+S4(!SA)
z`bP&0x<P=~L})4kvUyU%;l^O;Zib)I8+<`)`hxGuY94$pHB?)G;fDxA=UxHt;mjwQ
zbpVFuk*Nn9?@ptDlu#b91Up(+-Q%F_l8Ck_L{*KHvy*^kwl~caiulo$n4FE{>odni
za^>tfHlbX!2N#JNK-54Cj0qEz;k5f_yU%6#9>_#zav-x-z9khUqua>Ul+qOCVfJUB
z4FNgNY83&Al^3S`WXo*4TkFstgz!6J&kJ*of?3&BdjfC*5wZH!wYkeN9CNV!0?W`}
z@O<B4S;IvUxxzttfIXR58*Z;X1w`WrN0!8{4o6M$QspPI#s{%Td2&_?>)B2g5>p<L
z-CjYi^^|Xsl>0e5d0H*pt<8XG!WzuP4QNXTDlBML{lI+Eq!Be7V~#WpOOje7Nr$Rl
zN=bpTvz+s-#M-be2^bpB_@{J^67y;fFxHQJEY6`m*AxU1rAdcm+ZbqHKJr=TNBmkD
zi7mOdJP1p1(s4@prM(b{Ocx&ZJ^c>Sf?HDfGn$w1j3%s<CrFj;uuSekb!P8Ek-e75
zPbcu=3Enhd2Y-?sFF2JoJjo;C4uba2Amta%A27X(==y@W1Xr8qJf(p(_FuLv^2$G6
z$bT%yVE#RgE@rjQQOFtniohR*#QVf>_njo~&X*a7PA5o#_!Ep_<Ur`D0`7%2av-#W
zdxGc#I<<;iKM{+#u2$-G9JDsva~w3BOjwu5t&LY*t7HwY<3Rv6oY9mMJ!Z%~Ig^j;
zdKU&d1<Q8SmT=GSDE@~5!XUso65xwV{Iy<TjZiQxSF41=bZ$hw3ot-X_$7>x&vHUR
z^Cb_(4s_aaff=FY)DXUaTdX7p^Y=H?2Rx+g*U9}B{CDM(1-~N?2sZ^;_Va6gvf$4m
zCoRMN@T8@i=3J4FTX#rv9`8qUwtHyKi8^1L_56kbP~JU#XwH*Bb9QX-jeH{?*|`)s
zu$giocE=z&nIq5=)x4ru=MAn(DY&C^j+^oXr1m@EVj$5uf!nsh&4T|E^rvt*#CdIj
zh7h2}pWQ+U!yN%llE8(@On5^J6XrhQamulOmOsW=*V-+<a;nYylTfWd=erz-S@FTP
z#6Vbpwn|cLi4=Q9o1aoH(Qtpc)2+1@=uJQ(L0l<e;RHIq#L?D<cXS6pUbZ%g!w;pC
zoKpfEs-AUjr7NK*aYEQ{c!YT(_uzV8D9&2%*={i6LH|pT4Wlhj&gU$6qY$3(RCO_n
z0OemFdoW?8Xa|;Ec2BF){|r*u>TaM;yE#-rvJ-s(o*S^?A`&N(12f@VaTk#(UcxEX
zyP=G7csS*fn-lIsK?Mn?y@MBBCnrz8u!r&S+0o#YAb61k+w5U{17JzdGp{;oyJn%9
z${w!xs&Jxhb57zUW?6IG+pc(SaRN@a-K*FM02Dh)`P#!eZzig%CHQ%MadX_B#7XQ0
zBCC9ZwY*$XARI!y=MG+mq>agQE+a)nRU^vZYQ<N+Y+fu@w##mfg*fDpqRbWvmZn@H
z#9ir*D{GJ;M?bHpIb@H0q<xjdp_baOA+<y>RXc!q7Ugr#90Z)aDn-NHdb|4&F0(d2
zpSxRdFW?jhg>L4S`>I;Y@A|8|Q45`)s%v{#%9T$i9K3RL>VXw7Uxo`>gKRLGxyK9L
zy9fnb+yYdKQP_>=vwOJd3;6Td<n|bJ7_)#J^jw9TB%OKS$n#4I^0hFh4m-%Gkuy>o
zvOD#a)w>kPH<=!Mt|^e25!}K|we1(#+C@p<Spt&2-Xs=(o74_(ZSb}~se>J6>lCp^
zV-F^EFhO`NyvriK@~NYB4W6|?QC4YQ?7x(s6E<gZeu0+zD>>kqk<YD+Au#zJU_y>#
zj5*)|MIJuf#x-sM2tn&{ANusw6{Jcy3fM^Q{<Xd%VCLF>NC=9+<U80dl=VzPJ}dXx
z%Y@QQmF+ruIXz~ggc+aGggdU+lP%q2t!Jgf4kfBX*kPH@iL%{C6Z1lt;VHQ53;rd5
zn%coe{}GtYI5*)nqR)ox8lQdd1^jgbZLVpGI>cH-&(JgU3_U~7&@=Q5JwwmX^S|R+
z^puF24JPy{5&70XFQOPQ+rZopCg52SRRn$(Fk8Shfq4SVyI{_M=>j8u8sdYA1QQQN
z1Ew5I9hkeoJO<`fFbBY#0doONz%wFh5}4Uw7J^v<W+fOs7zRuen1{eT4dzWS?}9l7
zh6B?DW)zf50cJLsBrxe<)`BsDX#jH%m>0pcfH?-{TQEO?=>a2sPDF))i3GC<%xW+U
znA^ZS31$zNkHCBZ<~*2gFu?$e@nE9Cq=3nJo`)9@|8=9mj6emS6!QLkpEqBi<faRh
zeDeg6JY%j%{<^Anz0g)Jl2^P)`K%v`H*fmOPaDneMT<&jUH#;lszWy)to?P>;tS86
zc<hCT9=EjY{{8Oh@i$!gAnqUET)gqryfKpYscm8R`9Byqs_rZ2jF;IU+wAcZOsgNw
zQJ#Ed=GSu@v`49bDSBR7Q~v(jiA%Cq9zOEp)4!#uV;fb!h_`AMKJw&>ohi59_4kCI
z-`w@t6uIltu@6H=pI`si^l|V0b4#+m@EYre`sHV?z3z_f89(d^{bJp)(;YEM!C3(j
zYxf<0w&>1#&((Z)U_nLm$IG5F=68Kh-}Jon_3CMJ!k>6`KleE^dFfk@rpoJIE6Mb`
zJVH0WVDGlpi4ULczJH|Q)7$R(+oW4MKgx^z^41;p;qQFAs4Vq?DA|j-Z;Z_eD*re-
z{vQeNr0jgS{?aGEZT>p(=D*E#-4b_OTKc<RbiSYamwRHK*f%x#hwOWYE&8=>nRL#M
zlE_aZUang6SXPDO=rl|BW&O6Y`^TPmeC-E?^sc*%m6@8~|F!qCbz?FL{@MKZhC5C@
zL*4r3@!%`xR{HOGMHO&l_N3bn-5?XUzVMcxXmr!Yq&r8ZE-yXv{a=4N{LzJ1zqQ`?
zEOYI5&&_ZA>X!vvIQyk(@x}2sPMrCk-MqVK#M5DKPw2_Ne(C;WHHrsMw_L6MaCO(@
z&!3Fl9@swbrBU)#GwRN-->_oqQ`fw<WO&p!H$8Iq!H0f)v_q+W{<@!EJm7p|p-uaM
zZrm)%me)6(oPO32TAVi}q*f%BNac!@x(V^dQ_rX$oV)JL;{AV}Uw-11+FyTs?@o%k
zZd>NIE5k)1mBnJVBq?&s3|0mFnaqqrr>N2y4SGeYcG;YHiV}m74yGs}T$YLVTRA^E
z(I<f0qtari(lNARBV9w~nXGJOrP;#JdWGIlN?RF<N-NVDOqi2Fh!9y^Mi*~Xm@RtR
zqA-^zifIdDok^vEg~6<}u_VfBC^gY~-mOe$RnXOy1`9agRc%5zEO-sg@I^;_q|+-f
znvP*DG<+{JD;NuF#iA4oQFK*0gHcyxL~n{z2oo`Hq)?(TpSBoEYLbG2f+$Lz9)nI`
z&nLDvGj$%m<e4mVvANV_xQW&$DW>VsO=~Ds<knQu5R=N$rYedIj1~OhllNZ+S)`UQ
zv;|$P{P!Zd#B8B?hwBuiM(GACV=$Gn25T9Vc$uyO+hDn+R0o;q7=ziQGb-{-21XIN
zJZ~oCZN;>`{lQ~qQV{Q+X0E6J7feMFnYPU14tb>xk{uP*=TRsWX{wxDMY?KH-eUOZ
z>yL4Y4C^atONGuvo0uepg)XrwHtG20nJ4(`X|E7PhEjux@r3dC2w_VsG@Yc-6*Gn^
zdVR5(#h~D;FwvztbW=nr^kx>?FbYHJh2(Asrlwhw6p;vdXqTCg82L7_Mk9Raj7D>D
zpTb24ll-7zDh$wRAXBD{w$PB91(Q&)CZ8M#{Dd)4LX%ELlJRtS^zYgxl3R)}Z$+A=
zrjjvd8;TUus;MLexJAcQgGFIWq^p)jWtmFMNs3gJHY#R*d{o+^wAoZ2_jxf1f;$1W
zYFRpIjjW8UwA5S`aihHaRLjzGR%voo=?YCwRz8GKELE-ILwUkr2kqx8q_Ie~IBQw|
z9K8Gn$-yU$Kg^}qpP#Ryw~OR*Fx)L7`3GQJfBwPCJ#UDcAHN_WF-f@)nYGC0q(ovr
ziGM(#G$?pj$nX&|`N&bDL&uCA7j_LFYy5=piIXNPrd&HUV%qc>ku$HGH9Km~+~|2R
zvBdjXD8qIzMliWx7J})61B-N4IzCRoe}bPk%B$2_t(yR^DT)o1(3d=6OxTTdz1}eR
zp|b%((x}vKbW6p}_JEhtSj@#y1gUuNb|6v>?)QM+_mE(b*z=BuA%r|DHx^qH=HmZ(
zF^USng9_G4E3VZnQbi#)i^@rh!wz;W!Eb%)S()HF74-9mBz*#CggIa-%mEr0oQ7iZ
zN~z6y*2r1`M<PPx@nO^-AQ|j1gW;HBqXBV1iNQqh6=kI@RWNyYzTFSPXzqM}JV;E<
zmCMWIp%iswF(uzHmXddjqvZ1y^6h=y{N+?8CAb|i@<t-3QjofOG^5u|fI)?>+EBq(
zC`@cck=OjC(CPKi$We;oGM%ZEChq2nN&rt3V*o5%Y&Mk`N?8k!sx9=5EY4?Mu<f5N
zpz8lHX{tg8^PdH#)M5(_Q!xc|G)|>DlNExx^HxOWnKqitn@lsQ3<02u$a(QIaUS8}
z4sEGWRSVe*USu9Nlo*P!-TAo_yynlOw0zrS(tvXn>1Gqgh@0sfJ_ia3!~yuk_DieR
zFQ%Vg<h*&r%_omYAsk;;!Ho~ce|S=iMn{;zX+ssveSnOuv`NpuL7EIs0zm>yqCDh^
z+nqJ(Y3Oh`lC6aBh=N%H`=;4sqKgUa^|Ve;Ew3c+K63-6Z!(kSbXP@4jH29~*qtGU
zb?1#VRgq5b9nm{KqZtS+OqZY=uXtA4N?O?c4Z!mGuFw^G-YYF;#$0SRDk>n7u9Wu9
zA6i^*Ez@nJiOS<_1x;Wx&AZ>i+=}!>lp>Pldl62*WIYI-4yHgp4*zY|)1FVtU^K#%
zZUn4o0qTPx<@e;LC;>{1r{l2xNOf8GVnaJX4+a1L#5^S~21t<U7<wV5or-0GvbozA
zrt_j2hPI*~#5a+WK?0jB1_tv07!*TV>%HMDl%F)7)oP3p3L*3#i0qXptl>~n4OOJ}
zrbYVWdT7G+Fmy_N@>pL*1`H`*zkn1axO)X8G@V6NZD2HfGBCESP#l_`qc<7}?$fd+
zwb_)*(gn0Ww~WoO7_>SZ^GkH547y0Iv!qs9)Vi7_tZ4~rOl3>8bmj75W|_Gvoi4`s
zxvODp0J()Ig>Pr56Et*g_HwP3cNtFT-K=Gcy*{b*<?2+J^F1y(@zJqy!-G>z3SDKT
z5n+j46^Zx?9kjm=+!=<hfS$pap$9|j0^OxZQ@Has8j37BOAQPMs2>2EG1klp));A+
zdlA(!KpK)5Ua8Npx`&#Ap>-8xeysrDKpOB`LBh=8OUsupc6e}<BDJ>|I5n!ZS=kEG
zMN2H^3Vwcu37f7cGS(>ctOfg#i6=oxC>XYk0Y(W=eFyXFDd=w4c_5~uh%JS0MU9!Y
zc$amKB8#j=Dq!qFT{qH@I#$O*TUjGRkULPTm>EC{%M>LbdqB!_i;b3<iW1hu4}Vfl
zU2maGR#@;9Gf;W>BcAC-qZ(FUbKLC`gY`ztM4QZPX_>-WsVk-lxPU%}f$R-1Z+Ok?
z120eAX}<Abi9q1ZzyMa5O~v$_KMxOg*`hHIObN@^n}J^Nk4Zp()`ZKqK1C>_b(MT+
zG2DVd>bS{Z?$d6)@!|)JXJzz*#G8-tDseebWw0<TU^GtyVM~&L7%pzW^w+~A2_t(h
z017MxgH`mTKQGa@-sVc$MB3VH#7U&eQ0x^}fRP75B4oVBDu!9mCrkx&I|EZ@fw>EN
z!N$Jf2ZoCfNv~sc5PUe_<b4Odg`a$BewgP7gB&X2S$HW7*xuOPSrcnT0B+L#Hx7BI
zLv-SRb)ZeqYGzXfU|<N1VG{-ntFx4{7|`lTmyD+pKw`L-R#cjCVT(}_t?@k<XkbIJ
z#cVZ~Fp7Kwsa@KvSsplK^T-av1w-gLbLLPBVWKF7DG|ms1P~_G>mffO3YmAO1P5#Q
zV7RoTA}JHaQbzcZsh8r{z5MtMz&{c48~p;P0I^)6QmOp$nIBDQNMJ>RW@Vt1S`Zyw
zpb4ZXg#u4gQqm1&8{na+>dI<(q!5A%q@+@?r0~N}s`^ur{0NxhVk_!8q4IJwq7npq
zUVOHSxGl>{Tb{0>R3=258iWy<>zAr>mZ`F1W9Fo1XOnq^_Vv#&S~FmNLt9HT`8p#@
z-WPklr{c06<7Rn~K^n~H&_#?|o<vGD>9v&xQyTIS2>oj@(MHJAJ!v9*>gu-D)z<-l
z{I=C?ySXmZ-ya~<*x2X~Yt-mEP2F~=ZRCsuO+g*hAAqFM;OPlPWZm{UWZD9l%F4>5
z(!lD<%1xD(KJX!Hl7UvG1FuJWm$uj6kdnG6EnStdI5TU>(ropz<(d^a+T6VSf|aXQ
zuUT8TZv6&bQ8CbxrDcZljm8R-x$;Jfm0_zkRoC3~m(8_XwvsXc&;+`n08p}d6VkLu
z4}yChtfiJ0l>@l4dPhzwA151@52=I`qcK;qmBfwz=98h+JOQ@IT%AhgX;nGBtvU24
z`u!q3KgFN;Wx|LZ?AP!IKi?4bUO&;F{CUT}+3P3%lRtM{#ZU+MgElSupY8#o-rt{n
ze0qSW_b2|7zuq43pZ@+`{qYwHKkqMZzdv1Nq29jVf4088_3rCJE;FI(>Tk9+G;X_P
zyS>SAYx8Zl-*M+%ci(gGeSf|Gfd~Kg(BB_^<k20E?R@+nPyF-Ar=EW1+2@{r;l-C;
ze&yBIcJ1D?_w_g4eCzFZT3YwDz5Cw&_5%kGz5l_7A00k&^w{weAD{f>)Tf`FKJ)n(
zUv`}R>g#jgeES{O`MvY}zkc}f!o{C1b^Uz#O7}0n{?_yRRo8z!0S!FC{HY1(|91WV
z*Tetc5dZ`G|33l$%*>>UiX<!Hz3AbYtx&_Gz?T|$D7AX7UO%^n(7+lsMWw0<El499
zlp_0QRi5|du)4)pEnUgD9aGs-7WWyKutt)`5?I?19#EylfJB~JXDP<xUm0|fg%xP+
zB{~y%Mb-zTkLhBXm=>mkX+XRhOatR%T#Q3$ao<O;BWYw<4CF1hjI~$=w*p#kqJ@uK
zmVZ;5O~gUV3bu~HxEK$^V>k?h{#4rXWy|w&$@L<D{r=A%Jc;$<4w2l?+wFUbstgrT
zT!H8h<B%;Bcuokm`}@u(csYZC{3kp!xc`s;#$Wc_;Qr6N;Ol>+kAL^egU8R_HMsxN
zdj|J^|MkKBKY3$t|G&LCxPSONzWyKd@y~4SmGcON_kq%Ruyt@ay|r)Pa_l@r$zMI>
z>;Gz>_<^7J`k(6K-*|fPdhY)>{*Qd&>)+D19k2TO-|FQ*4yNA;V$q=WkChDWUlTC6
zf7*z_{X^t~`yU%E8npfs$B71o@1Zb}r|nOAz4uM$?1X{S37aUA&z?B2|2pt1>f`U-
zAKNF3<X=o4yq*tFAKZWIjKSgXmsz4g$HVZsgU4SNGqC>*l}MhZ8a(~unS-Z)?NVR=
z1AY9t>|Qyo$=SW_)Hk04+QH#;=PHrB>&aeREqzKvrPPb4SO3}TmW#4?bt39rFSnPU
zhgDpiXh>%7e@JGpKpV5(%~5Kkh}cJJG1-GnGn*K?nn|UoM|t-gn(#CQcj`Xgbun$q
z(V6t-3ZPli^HVih?$mA+2|O4Tzh@>FXVSV#p6NA~yb}f)W%A22;m(<n)~l+EX|n&A
zVK5Rl+7dr4%?#*$Kczx$TOXzwMXeBL)4D3UpZj={YYxqq;Zc#mS4!3EEo4t>E4q+P
ze>#)on2H*jy|=9nVF+!F709<-Lj|2`g_6+tMty}o__o??qP=)gKxv^*8f&r8CMK8g
zoU`-*4dQC9sDO;J4JOE{6J7H8txi>SDz#J8%lE=^18(rkb#t9P`)G^2Qg=HhinFZg
zbP-!xN?SBgHSnVD@hdRs>9jJPCD*J*p8290hNkL)hBVSlKTz5H^7-8W(nR&{FM(qj
zO5m7ITN#VFh8jh_(x76v8Tq(h0q#m7T&TSST8y3tCPmfu!WaEfYzrV9fo;qO5g45%
z7>+=;rjn+1^Qq{d1eFNbR4U(3YovkRjib_V=Tu0Z6?^KHYj#(bdQF@I5GTc<CSXqZ
z>S5D<BF<rqd8SPUlb)jea=rMo#rP%Ew*=okTwFbV5xC42XJIn9?Lh0ZOvM%&`Rf!F
ziTQZ-{7CO`>9i+YjyT(_(+f;=fW%bsfSh3JTE4%KjgvGD&;wrI08*&k4^)PcwU%N1
z7O^EI(2;OU7ei?fY}D_B|A}$$M%U#kHNK~dv(wbNN-cvsgir>R_jdtBU8b<As@{DD
z-p86s<zXuQJ*X=K#3-N&{x}BYvQxZ*r7blY+Cm17shIBy&_rMI<EnV0&^OZh_jedh
z3lQR7JxxpT{SkqYN`;diic&lj#SpASwhQ^rL_NUwSOJ!))O;_<E@zoamO(h}^a)i!
zz0UVatN`{>NarnImjYzTYq7ri<t2RoOG3%UN}YxFKwIhS0&zz3aXc`}*I5j>d6wF{
z<KW@`uPc5m9qkui5E0p-P{DA3?-RgnJD9r1C@Ojf;P89F2KYVN0HzAcb{DLv!0xDr
z2sgw04fX{vcPytU1=Lq_AGqHQ-(YLdAHu%~X|+R|pMm)v%r9U@ya;m*nCV~=!7Kx_
z0ZbK`+rT^mW;d8NFekxqV15JhI>Zfn3Ck^}{3r?KPX*xq3>8ELQ^TkbYB)85lEI8M
zk{SgC8BOV`8Kad{y_9BfC&^rb>(TXAtI;ijV4^pr%!?76m}(-6nG)Cgjs6Mzr`}+#
zH0o;Blg&bRm=eGO?f~9#Awyo8L2q(<6DK0JvfiNg2}h)vyj=ug7O!v~F_HCF23F)&
zx4XHhd_8WxrOb=(b*P{#%$6G7JtmrW$2r7Z5*P<`sTq(4<0&sMUglk0UJQd&!X1dn
zjv%-Ii5J7HUR+T*#PS|`hMu8k=oxy3o}p*x8G44Ep=anBdj7wA{DOxOyY4?sC;Dd5
zUD5SD;vni`+bu08x(fD14-W`(pH}wwr=sKL#Y9I3_~l80N6*w%=Voga8jBev78U7c
zeQAxt`-D&`%aoa6WnL3KY25JWc=#=tH!m(OHfHs>;jyvvqGMu(&*<6n#zu$osSfu^
zb>66GIlB9e4w@IUU`{mr=0&gdE|kch@>@zpXNps)qsr*@Pl*;KZ>zAponl(inzgln
z-4PZ4O>44DG5+Y(ieH&y*H3-1vggtAFV3fKZ@8K}W~1)Cu|<3CPQAE1*)``av7d+%
z^{KF5eLWSdy57;U`seq)%Q81T^LF%>(f(VHJv=(@;}c6y>^}C&sIgtEUwG}tH(&Yr
zzWb(jb+Hlp2cpfb--lKo>TJwdIO(rPm)CtVHpt|+*8l0ltbE+-*Svbyud}{6_>bX=
zmbuOE9lkTYcxg<|8_b@k$4>tEsk^?o{obFhSmS0)Pu>37<_oTejvttKo}y5PAKoep
z?UO7PQU6_ag>>$$dG}wp&42QfGex_)Cy&k3zU^;Y@}uU<=bkzkv?VEU%z@v>zR_~-
z{-de~Hn2uLZEv46|FI84{Sy+$jNc>kzfU9*PoX&HCr^HP>W-%uPI+81ul)FwQ`7EW
zz9;hTS$jLz@7+mns)ZomTsAv3?<z%Yi)uBoHwB%Mep7Ynt?y;uTs)pUxA?0)sSxDz
z!!LI}bQ62$sjcsRu3D#QQKo)2<^HdK`fbt77xtMP);tK(R#^V=%eRbPrW{%Q@GG;=
zzGs<V`gB(Ar>5g4mPft0V*#e}u0g6*#=N>~<AjGUUA#1Y$$hTMX^QcGr}zBh_J`Ux
z=~3=@bCXDJZ1UCjw(Q%KH(t8topiU1M#q=DKiVSi?YlqF5{D{rMT3kfv0#Rtq36#&
zs&{;QnoHP+#(p-|t55j}ee1sf=zcC>{zd?RLrd&k2~<|qxBouGgq%JL5f!I$7WLk9
z?sU$%11b?FBqoMa35kY<N{WGoh(iuVisFFtoRpU2keWl9l$xk0C<G3mh?@Er)D#o-
z?F-lbzTWfITdn_lYxV#3TEDgLcgJ(~+55Nm{qAHwWNUu^*8F0w`IdI`nPl_B$u$7x
z8|vLG?QZF3tz|WzSmtSMYwEhzejV1ldVuFFnDbj$^F`}-7wdO7>vyoV&1=^D-j)uv
z_TSGsc9b=LxXo61m$Lb<tv6tl)z)XM^%Jc&Pqg$TYx!hr`4nqE=4VdLM=h3FzgJrA
zSz{e<oi%@()xM+F@?2}VSB)xLJhoY4bd}9Z%c|@j+&knijcc&qU)w(NfZdUHpz8Vj
z-}}bn>83XGN{r3c9}ovv05D&xoCCOJ_S?)OfL8&-?f=|{TH_K6FfW&E0b~PintlN5
zbp`|hqAap|%z3}(zCSzvY0Lk&>pyMz|ED;f;C|aYyTkOQoVj*~>9c8|O&@lEHrFdo
zu{%s(+ydH+uVm2AgN^`g#<UOUhM-+RHv*kG$L?qhdM;=)R-!<g;};0J8R*Ni?G7`R
z(m|VXx;@$MFh5=91={onH_+xik>#`Oj&bJtpv|wI6@xY%DF^ftXmirMDnCnn_V3TP
ze{?^(%kQL`B~QkkDXaR~9e)PE(|c=L+ctq|S8ICy6Vso-^yBB2W<D`J>xt>)C#GjV
zF+Jyr>69m?t697sXYuI&Q8YYNs+Ko@s{B2?>*+V;S1o_~P2+!`2>W;Ufxm|<_-4ZS
zkc+F^8X%IeNn<Cqu;zbyu1c?5Tcsy1FRZ9sKOwPFr@{LBR_CvN+F(w6Xzkz9TmR(x
zT`X;WqVd?O;#G}o7gt?gHQ?#{Pgq$w)e8u?SN@y%&25A7-^oY+b^YwTvxWC;Ha?+h
z%a)6)?j7y+FRnErkN@ZM(!cuK{@=9K{8r)P>E;Weo?L2ov|Vm@B%ZK4qK{X7`Nh=c
zSpT+O^^}IcKc_XfePMCcI>9ULjzB;Fzz^UHPyq^n1GEJ+2Y3M705-tw6?R7{;2PjE
zpcqgHI1R`H<N&e&nSg_U48SfxIv@?O!dgESkPMg(hzG;~A^`&deE}hW0Du5!3vhS+
zr%lX0cLJ?~O#;sTF(z1I+R)rbC(FJMAHVj>DNb>UQ=H-yr#QtaPH~D;{^ftK*lZlA
zMciR7hda+*<1nxD0eoNnC@Mr{$Q@4;J{7hL-wX5UV8d2<u_Y1I9lik$5{}8aa<N<{
zKa^`KUP>zkDTWfL1S=s*UuB>YrbH-_N|dr+IieIPca)mMi*zJiNhldXCXt0?HTi*@
zB&W#*QcCL4fpiu<M?F~wHidOm`>V^;-D-u}SnH>~t82z+<7*?!JU%qme6s!?cZDxN
z*<xMkyu6=Pu*K?Om1&2xP<@SVe(%?Oxl<w6ntz|)%x^)i*cZp+Ho_`l6ZGXf;h=Ct
zI4|53eif>Tjl>s4UVKR$C4L}I7w3p8#C76V;$HEXcv3to7K=ATSE-?-OMcQiDOavZ
zUMEo`n#7Pe5>LJ$`-x27q#x1+)I}Srjn~#{*R@C5COyM!YjD-IDM6X9Od}h}4t7{=
zs^w~J^q=*I=JK$rYj5@VP&{1d54IYkOjc$q=EW@YYENGwOc)`&FWeEfilNdJX}Xjo
zB};RqR7p_Qk!duRwNXWtsa@1J)LgYx{Z)0<>T0ptXL`EsV{nFGC`ODi)mUsE3kIze
zR86jctIyX$3R00T@<a2{Qk0Iiq2nkIok7LuD!Pg8AseoN>)`s>8^4I#;V>M5BXJat
z#xXb!?3jqB;OY2F;h1n$@D^K$7_1j64g>prBrX)w#BJgaV7p@RwrH1B$rmgaAO%Xn
zQi#-78YqQH5mKZSB}GdyQk)boB|^_uO1q^D>5x<){Vd&++~fvwYgv^2<PbSrPL-F)
zE95nDn!G_ym$%5<<z2Fe!Yc!mT+)xtVO!bD>Z@v|nx*EbdFpAkP|Y#lVwPNWEis>O
zic|3=yhA7xlEh?ju9zzJmFLN^%2Fkk>>_t)E!LWavtg{3>QFsYFV$OZt|o&uy|tD)
z)r0k+dW4Z`*jCtVS+GA3t^=3CFXBzx1)x9_j6zUf<bfOE=D0QX7hZ+_t(Ue+r=&Wv
zxBQX(t(+&HlP}5F<Wl*z+(hZ7gjdEyv=XDlDe+38GDSJ6<S2Q{X{Au{C%wSCMpyb)
zB3VfelLy3=y3tzHK|QD!^`_0~J2aZc&^Q`T57K<vj&)|f>~&U6t)n(pW7Q<}1X!V1
zjnz`Lm0E@tuD`2~)BmAYH?Z-FvCY_R<QkWaTZS#&W=l2ygW&3No?I)A=lr?1xEO8{
zH-}ryZR7H}V(vQU&in9T{BFLKZ;MjULi95#g}%!8UHl#%k2CODu~Z&Fj*xfgAXd!Y
zRu8IY)C=l0^_Kda_L26T_M>)6JFDH)9%wGQhu&0gr5k#8eULs(pR9kZr|8S|4f;tv
zU%v<u;btr|)*I$0vrT>($1Ua3fRh^WA^Z{k0nbo2+9+HT`iLXMc!<-r5ToCShs5Jz
zuK0#DL>ec3D4mdNDNPg%HXf!-fH<13EKyd0b+eT-N<Gq!h=h@eWExpTvdIlngZ8J>
zXcBl(J+%?o?2vKBjFYUYI2p%H;bwB5ap~MK?k@Knk9mLI3pc~rxQ4(4e<4tKO)%s0
zs&E@v<dM(-I3!q%6lVc{tQFUbyTpCsQSp>`QM@MJ6B|k|O1-60`GLGx`BXWtTvh6l
z`lK;w1AN$ryg}XuK8XiToDL(NP0o>P<QDmrxX@=|)SJ+DRHR*LciNi{po8gf`aYdP
z=g{Ny6m7!<)|K^SZ?TbVHj_173(!Vs3EC8Go%W@6K>JBMr(M?WYt8gc`U(BKep$bv
zSLoFYccY%sz<AMUYuE~Hrpax?_*i~CzkpxDujjY$`}j=$EMLY~@Gi&=)kdBOBLW`Z
z9rZ$?C>%wicr+Q!Knu_^v>I(dJJ7f2r%Laz16Nc)1T%=-#d4v%nd||U|B2ioJt=04
zg|HE9FY{A-0B6Oh<J3fmwMFV`b%VM`J)mYo{9aJ6ga6!9>uBAy0l=vrfhRB0R%;ia
zCk`Fyq53=EJ@fQ$^fP*~ZVr}tjXs+Dfcpmg<u3mP`X2bp3%`ZO;7_o(lq<O^?Un9I
z771e!ERsdBXcoibSUmfPCA0Z#30uX|*hcm>+s!iAVRnN3#ERGzR>mH%XVjW%J&3E8
zYG>eCUo}|mqYhBRA<h!i8R|?mMNNgaXRAeOTdgBlJ{D|08CpC`d#KgWYwI(Oc}AIG
z{?i9^WUJ1#=6twNZXLIgyTaY#8uJ1_hF{BX<K0nR#G{_*J(LVlwidX!2wg`nVjryF
z(ZIOV@d~^TAHlb=U3f<D5EOBwI2O2ehj?A|mWIe5$hDz|!6b$zP{g{h?d*GI+EvnG
zv^2;#cXd~zy`dTJ87oX5ci3%ycAKpUcY(jld%%%X(N19h%g7TrEExC2v3MF@h?n7C
z;CQt~NmRv`#oplEBg9xSL0knKzghfN%n|d&3*yg^A8Sj`OHHKq5+_MgS77?rrMH0N
z$4C<(D(3*Zr&Tgyp>$trFUztfcaw+8QSx-)^$eL)dMj@z^MH?wmAlFV#huh8O-W0l
z5PuRxdXr&LExZrWF`3LD$z(oRM%I$g$tJRs93YwGILRdiq==M2%-kk6>PcJB)|96b
z?Lz$_V#4X$G?vb#i|E%7FGVzzz02mZh3reH8SKFHt<;y*li+h*v^W^K<=O`AhUNoa
z)<f^5dl@enK89@g86l8GlVB{D80(D9#y=|SAiFIIRDJG4t`*+}?AQnmKx42M)D|}c
z7f}|2pn|9-A;<=~(j!TdedSIhl1v~a^e*L@&H{k72SMIh#y(}~>=4UlCCp7V)PCwA
zwM6ZtC2JcY195scy^kKP$LWds0?6x`z?TK!_gD0Cy_peU^fSg9=1m!po@_c7!F|cy
z<P<)hFN7AkLBuAZ#b`a`_kHLP%7Hpaz=!cTVX4p<cxjj%Cx0dHke^ZNDGiklilm$;
zzd**R1{ude$I(QZLYIQwzN1I!Nyw9LLgcIj-#Wp5VJ?twJk_RZd&s@7LqvQI43hzE
z6T!>I85@m*#xck=r;S3R*s%H9O`5UQ<}lZb>&p$~!l0#*Toe}#8D|fd!5!o>xhzfs
zI}YRr^O1ZMAI;C^ck<Wy+k82&kPW#457j~r)E|YR2;iS6bO4=&dgU&vKo0DQTj356
zD}$g$iN#a#$B^^C!LC9Rp{tND6bYBWi}#8JP+LrvljV)_0lB&&DCd-pq#I=1*vdLC
zkCc-Ds6tcdM*1wP54;-0`mlLy9dn1C`l@5p@#;=>w%*3*YV<UQ8550J#y+E{vd*)c
zrJU^th@d7ILA8-16Xhjkw~`Av-Gxvx9=vxG*-H*Wy?c{Xkm_LHR@8?g8UT#$%0{t6
zTE12WO#QsxNN=h8=tTF0QFk{ID(ghM&3u1(B0q;;1Kga=Uxd+hM~zWOl#6borZ^N2
z#odHH!bmAW3YR0HCci5CE2EX~l{sWH-9h)z3>d>R^f~Z%MfHO*>#q(0zHOr|(Z19p
z&0|E{ZEZmv<LtZx*#9J7!vDf|KqB&o8YdlHL-nBg^A*kal$Z}&hw%~CIK}gcyoc<o
z_$dKU`)B=D%cRi_G@b6Ed*RqwG>7KVVtScgGjA43wpZRK<tn*JwiWiudkU8DEBMRc
zv2CHMibT^<8afEpbi-|N0Mwo_I2otoOq_*Fu|wd5U?Eya5|V{<AxkI~93ls~HyY}K
zRB?;A9e61ZYR_`fOH!cXjDvc4i?m(JlgcG8xh2G5m<$KpYqt#q<%79O#>)~fLyfkC
ztbsax3)F=fz%4m&Zc<#yD-}?M)q-5?O<TgK2~?$iG>`_<5IUVDK^B?IQX!A5U~3?g
zY+$x5du44E$%XL;`8?=XIrPlux0*YkvTBS$aVQZ@fxadI>(2!aUV>JjHPG`7VDBwx
zJKBZzq71M@Cdz`?%|oZ*jI0=}at-qAZB!1PZ^N$G4cEdB>;W0i8*0#&U@-;GcKpC@
zfzY!M=-a@`3O*V;Pj;Q+6sI`FDNb>UQ=H-yr#QtaPH~D;{{1AlM>SWE%1<3}pPd$-
zT;gtXwFSKt(xqefSN%Ib{Ly>_D7Z(}_mEuvaAWiJi@$9g)aBLg{x9_o=@jIDD=71D
zV2_TSj@RzdvHj7^W1C;&a&Y0rQJr21^64IQe9Y&r?x{aF%xIk2F4A>DNxSl)ts7iy
z5bC*LO^IiRxRO>^hus`?ul3N9EA&!J&jth9wS3*9!KKnsWuxqsZEF(K`D62OhyMR#
z+swzO!sAAdj_NcxDtz?lPx{r24>@^!If+f#y>rLd;hQG5a`o&Ikm%}`{@n{<oBBnx
z=)Bqex#0P&c6Rrib0)p6o8IgA=Y8T0-?1+VKlYfhC~H#R;U`bMvVLoR|KY~)ch7Cj
zKXz)*+@q&IkQe)A%{g~t+31qYg&4nGVqEgsm{4{k#m3dVpP61`X2YV!Lmkn9Q%5e^
z=W<|((qjMUKss#drJ@0+KbUBAZd6pzy1dS=h^Y&T>OUXfV9$YC8*g5^?;jU5wRh&7
zYPiDj=7OTyCFQegjr_56@IUsn+Fx+`q2JWyqwdeFWn8%PM#Hlg?p#6@lL{WC6pbHY
zaNl)4!c|WgGG)-M@@{zU-jNaIUo`Y6Z_+!V^ZsUiFB&%sd!mYk1+!AGcRqbT&uw|?
zzJ2o_%qw`bps4qVM?a)YSWtvVJPMyOVNp1bAAEfMS9#>UX7kI)ggxB;VXmm=Y@@6H
zjP1vLH>CPc9Za#;k*p*%qucYN7Y@lRocO}v)>o$Wt2k8Bv(AK3L$-MFvvP}X9cVw;
zUJw)bLoa{tBOQhhEuH;^GPU5_tQs}PF8@jm&Di}O`j6V)0<5Z~iyJ?5cT0D7cXxM4
zN_WE{6=@`-yE`SML1_t*I&_BuhgOgf@Q-@$Yh1nm_x+ylJ3Q-Q@3q&=>{+wcZ>^bq
z_L*4Tg5?OT9jRj>&Z<|DR`Baow^?KDO7FBaFU*tb^ad~qN;4w8Goq&~nUd?21_(Ib
zB)Q`9!;DyFF>ewPY!B}|J%J?H9^x~RDUC+5=ujI7<zPv0t&7GR(jzyg_Ur1e(5lmL
zB1m=dtBY1_JsWI^UVO`;GookSXTT{0|7uRq6V&TVz`8CT9BoX=Ls4Xcj~Kr31ife@
z0S6vdmkM2Kum&|WxH0mLXSYq^LnAnK<m_8D{QNwi=b7(kn$OXw4_h3=cu7z~7jcgz
zG|4uez!YXaRu56{&vAE2UtVVJt^v|v#@Z?x2uO6h5Ro@L0dBmIb9-YTRR737Ms<<C
z-&k$`QX|kY6Z@eK8TKCd*!iR}q-{a}?f!<{LvQm&?;GT2%?6xwB>MOEy&6B+&ZzCv
zyT*UqYw8QGlPRGr!g*F>A)=_E#f1MP-ou1WENexMVgb_-^TBNT&2pWdEWuuBm+_pe
zy*A=wqA6zeS_Iv)%_2!U7PKyLO5=((1qYoq_8sjtgdOQYMFN2xWy%^27j9##z7ZV5
zU=hk1?eVxhY=``Q{4T4IEKcGOQ>L@#T4)&5ZZk?)90zHN(o`p<kjJhti>}1<_ZKju
z6J)|BQM#EC!?+AmMR7G<gwdjlEyT-`-|^T;>Pj;b)R@AdO({Zkdq(oW2sWxS9mY)=
zrpcB}>iJo?+j70rW$S^itT5-p&t2EP*@$`WKqhU<>J<-Bj`bdFyeLOANktsLOdKOq
zpwiA`?i?Ai*?rg|jNK64lX*>?4`{#5d(6Hf!?2f8YD$EK=(JInUuCb;`Z#mmY*{YM
zup6XqEl|aQ0fu*ZzO|P*Ei0Khcu$ajKt#Hm@q{6&h`z&?f(X7z0~KZ%yW`$7^<#sS
zv|S3-Fat^EjtE=_%LjqORbhFewOj=U@y6?Jt$T#KeEJ7_$G$MmU5<z=5xfK^_J}L5
z)lZm&in|hzu_bCMYno;b>`p<`3r5qP#@@+~o7bul1BsnAkG=LaTm<(uk5O-zhMWW;
z!*`*rl1<cj5^t^Ofq3?msR?^M-M9ib?I$EKNBy7Xde0dz0C4fGT=zf(gCLMCO3qX;
z;$c^Ik*Xrq1V(K*rRyiMm-4d{M%?>sMs|aY7wAX1Lb5S@ll%#UBswm5i%pqm4rqtP
zAzsn~f|O={)h{`BxYFS<w3a2}36djcW=y&8O;_tp9ET88TNp7)gHf&o8~I_*&CnK)
z;U9ivyr3gpG9NEBWff6*SE0YBWXA_%_S|>o)<uI?qq$*<6g7$bwNl@;qj>4^D)CW7
zb?H{zf-Y^tO@&2<iId4eTvPwPrKM$3v#QHeYuX;dp7>F-_AqU)5camBEikz~`tX4-
z;$ox?L!-BJfvca;gV{)`yfny(+#NL|KI=F8^VIO6Ud-Lf&+~X5%=XJ*y1K#lXtZY>
zw{@kEV~prmBceg?_vf=UlWWTt?6xPlye!VP3++sroVTc7G}_9wsb$=WTf{OF8jW;&
z1i3_l<_U`sO}jv#e|i&EqUH8dDq8J1sOACc-jXK`n(AEpLgB66IEiL_Dr#3vFD7#Y
zZGqWGY2By!W)ad1aNa|RAwyooZ5~EpR+XX{&T&$bC(M=}ROScw%F?+)=~V<NC)V=d
zUd?kSZQ8OzWEm0959x^vrTGHn*A(lyfQ(#C`EWJTL$y%e^N9#{&T)MkDra4a2bqhM
z729X@U{vArSh*)JB`s$uO(%78>cAg9e5MW0!cl8mkoRV)D-{dIuPBIT8BPblNZXb^
zggTfZQDS)0{hS}$S=W|**s{mHu_DD6p0h-Q8@0Lob#;D|6et&2<e@BFE8B`nNs~qv
zb%CL$QO;HIAuLa>*i-gXG7^nrw&3X2o`Y;{k!PUx=MvqN@(P!R;W9oN%;qRH{0qnB
z-Db+uh7TMkIiG`aLekB+AFs;<6(SSrZm369Xx!@VzL?Xrr+wbww`|N>=n)_-DIL>3
zvAm{DfDOEtlb@&#ceqf&x=F0_dT*v$cY<5Eg?;^q@55oyC<~pwG=BQyr4nF74QYv|
z;kX@$kksh2Q121^{Rbzew8~N!$ko&Gb6T55!J{xkBZDp+{ED5Po*`rTNXs4^o<>~2
zA~$h`%L<{DD{z!m?#S}^j<lGD+~KLWJ1Ab?>QHAVcqvH>O*?`|#;bLNGzLc4-|ybZ
zmE1;Ehq7g2Y1{C&CvTMt?*-Vdvb;(^&G`Oyr5kIxO@-4bvo}^9UH^Vfby=0yCz~Ma
z$XD9k+9?bOW9=2fhYK<$(wdtZc5vJ8HSANlv~@q(fh(4*_4MbLc0Pjd)7q{KASR~?
zC&`WH8HrztRI2P4`08?9@JU>7fYnQ<Jw200fH77fM96RtQZ*E^d+D+9(ubtaMvPW`
zuxTY<H4N|aQSQy?%3gasV<y?n5w5SC(xx9N-#h|SP{Vi2E_`N62plSyOW2IxlIDJS
z;V=NxCaOP`>~8%=w^!!eKT0QGeX8-X+?2e0xjhmB2kMIY0A4P)5yz>m7_B(F%1oB%
ze!rUVB(=&}Fh95Cwj=;Iq7e)1gRqB%Jvh*0+A&Oe{sAGis-~z=%Uw3Wq~$^m=O!S3
zMIa(K90PXyc?xPHv8PU&9eerMj%!VrQ^T{2jmn^+ke$E<quGjn9NTn^xMR&yihF0y
z6I%J_vGH2t8w{P4_)eSn4EXEF+Og4UuZu6)@YN<Pl5-q~Og*(VGi)XV)*VQv?%TDb
z;=F$ndz14h$3D1p-+g)-1e(6GL%>FO9^olxSyAy;?K~Qv?eS_YJrkiDOwrIpKcz~o
zr%yTkK~0&4Wh`_cePXb|oS(l#W;qQexwjthsn3>$WUZhSlew%03(iLZhuABoGn<?$
zkfsKsfk=fsJ>)b~OrDj<G~FuM2wRjvE8-I)O2^kQ_7F+{2){?4EdlR2lV1pPF%+ca
z6h7tg1RT?OqLbu1w<$0|VC{#?dd>usO^`l1;){3(@wB2ehie~dQLB9E!A|(|Y_^>C
zT|3@~3!udIZmAGsxdwbVF%j63Q280+JS9R!!VJIeA}<bK^1>1{j?#0<8TADfSk|gM
z-ue<H{xg6TrYEY>V;?p=+%A7Tc<oyJlx}G?D3*=$@hEB+dZtirDV*z~5>|Q@a8WlM
zpnR;Bj`tihJRhx|*fxQZI9tXe;Q>GD6#JlOT6M{G*T(DGj8=6j*^;e6hK#^^IB#WE
zhUTsEC{?n@<h5uVCAgTbfcK@&iM3_d_<F=)#>kxJLBna*E=BjJY#3c{xMQCipW=S(
zE(_4>Co0sAwXG;4VY|;+T|$oONHFu-F})1o<Hv%S)Hx7!qU_2t{Rb8Erb&@w*>@~j
zt*^3!7w3>z<9W=_yTz?oG}0UN`uMc_HkF7UhQ;dZd{86Cv7c$G5+^1Xf4}dSpQEcH
zHzcT<+?-I3r3sQ}XiO;IE-g#c2A^)BcCwLAGs}6xY3Eh@y|m#+)y$|4gP`-WA`MTl
z!j(GV8cjDJ@qyup3!ZdH7XcKHEpDZnd6FjayE)cd%80&Rf*=TB8;M^;!YxRu#BN2i
z!jg<lPIDLtOq+spKkuSSaU&wa{(z_V?yT28Q;GCRqR36{qfo^sQB~=}wR0&`aCi$G
zQN!%5Uhl^nk$jj(bLuis_-`Ob1}80<>gi1wB>BUmH*3?<SlkS%b_M4<loX{!wHE3>
zb-#Vx@OF+aq%!LgG}Nqr)xEqwSd8*fqK5e;X^PAFsk5(my&Z@JH$iwhMHGNnxms+^
ztaK!N6F<BR<?}j#-FY{k*>4D?ujRFE<GUO=cidXnR^hGP#}t{3HXoOjD_)Rdw8zw2
z`W)>V8?)SZj}zx+)a<R8`IzHH1A(v_27N|ISJ-J9A|nw(GguPctTu4p3@18hnvH}d
zc*uo62@~=)H0f(t(RC@Lbt&|U{1}~TS}?309Pv1U+0J8lL-Ey0GfIbG{3UU}{jkvx
zBHb=d7i#1#?PCf<sAoMo7Z^(bQOX*Vo|t3uC1}##(POlhWVQERNoImpUBos)?X~cS
z-5=JCnZiD~@CZFhu7yhN?rp*JTDO~v*}F^eB+zKqF!sZ4fKWm*W2weVsBxR9e2<b6
zTS!qi$@v~%kBk9``ki~GE+{%lj2{OI!Mr;5ynuayKzodLOmT}~+@rdNbIseq05Ha~
zJ%)-$5ydWC^JIruK~G#)c7^C**6C?~z<h1kw-(?kdPW+C)*pCLjsHkAB3J!$z=hs5
zi3kp9_iF#@dhUk%MRO8ru3}-ijIvY`jd`0^SUnfv=%oMar?`dEZP3*kl(7jcl9^kt
zB<MrTi&2GCqt>Ntk#bm#!ZnNTmjFmWx4(B{l`5cZaP5*aC4byN-c`?HChp>&Oyt8O
zDb?g2Ct&obSEa%byy0XJ<H_KYtJRn-eAf}=_QDv-g}9wMJX$63EoP~{n}r-|Xpm51
zkkClR5PXi~=tkK4@*q=SB_&=qF3y{WU4xt2@uhE(BdTV}ImS{_C3mOi_6HyGar+Q4
zjS{6RCnUc&3!M^@t9?f}<F>6~AJ~PS$Ik*Ea+MkfeI9Zo>Gj<5K4+6<(OMu_Zb#8Y
z&_g~}d%mP-{Jg<kH=;<K=8a|rdWiR`Vo)HeCSi*N#tq$+ZiPqU1o?T-3TK6Wjqzy2
z`M~G$;R~5E#8x})!ReES526I*i&aPsaNMRVo@VxZzQVqpt-LS^B+AHiw6b3SRBcG^
zg-;8T$C>SLJSK;I1JQDQDb8nDh#4@-<Z}SHKtTSGX!#)9fJVtTy>>xKawH^qB*fO{
z?)ZImU!P^cTO!LIE{XI((}=Ncj`(T`{}FyNkxz=lAq69P79*D$1pM1igP=#=JHhL}
zwUX@W7VbF{g57^KW!Ip=Z1YYLbBL(0yFSP)eTQ2<T%}RJoPmvAu3u&)z*j6=N8N8O
z@-%0qzy8EwVkT)P{}tDm)j{w~pp8539HMbpfrtq4Xo*)-xfo~I8}%vi8x~<ya*lui
zcTxxZN3jq)Thlk_Ua|EtzM;d|7Y>DV{8KYIPqPahPrW&qpPD;q`Gq|K$r)?g3VSpV
z7+DZX&ttS!s-Mjq$v>=&(P&Ye>IhE=JAJLeee@Rdf=st6CfM70J>&q?2_Fr8JHHcV
zXb1@dWS?`PkCsM@E`97m!V*5DheWLhH&sVswNAa(1*;cfT-HNV){Ud4Ds2u^11VY)
zgkBRGGY5IU7RRZFhk=iLE|_qQ3MUbd4f&ZFUdI#l3mlvjRTnJ(sLXXPr*5VWOr+y`
zSs}9<*h^7wfx-f=ggP6uE(9ylC_p5h_39Q}=iW1*px1`i{(zwEw9#|0Q$}a1)nV_a
zU1vCvN1t~6;7NO|U3hc4gfD~+`%~-SR`b%mkJbIrNPAZ|HZSn}AwNgK9lHxrO&-@i
zJ&}(OR*e+e#|piO#t$EhLf|7CJ|^r5deu)MM4qzt;Q{{(vW^R*^;btvbcCqejy>bM
zNFy1KUp*jvLG9Gr+<$X{b%Oqa5_R2g13QpxrN<<4b=|oL`C4qaUsQqTx`B&WGzDC?
z8uBnvXG64T<itdS@K!cz18-6XVlqZTt~rWp7d4(mm`rJs#Vq9`lC-acg}kg()9LeC
zxm8S`$>x5W-6VX*PR0TGBc%4z{4}~7eWjFJhN$At5w@_{#bFZcQ*7d|Ig~KmkyY4N
z)yQ%2QzDR1Na_a1>2L{WBAy^S7EGe!XoppncZwT2w5S4+1^eB4Nz@&8FwVkcrGwWW
z9iuXa!|n7JcXohxmZhhOOHhWw=%{<RRF39MW!QT9%Zmq<igMg=G2tKJL}PgfV%nQl
z9LLv6y69oWevk*=JLwcZbH_+k?R{#*6Mwwh%QIKiyzJW^YH(%?^}z=iDx*^KGGRu8
z!^pDLH|?qY=|=-c_D-o`pB8Oe6YnPUO0yR1>UwOB^Ruf8!c(tBeHJ}&T`BZxQ*=jD
zOmaTeDq3ELM{W}cDi}eCbr?b(+;&*55fRW1xXUgvEs#!_y4_x`+(fvu-JBb+eB@2t
z-hDA1qiyLmy3J1s<B;3xWV|=WUM|G=m(Rn&>CF;)W;;(V7QwyXSyDGyf0Oxg!Q{2q
z2>LU3zr8$C+T4-2PJ`v^D}5HDURFC-+SXGRw_V|_$xnGwLV$+8U^bI|s#FmrmSvdK
zh~=%x&aKG+mzO|juc_(}>?im{7^+<j8)QPXsNISiY+0DHgT(>InkP&hv{yro9-pRr
zKU>~}htpNM-4|U_aeW!EJ}1&*&T7GaprSoRQ?OL5d8k9rQm|C0d8kd_5aE`q(rQv1
zO}fzn_dIJsrDm!lrM?-{ZE$5<40lYj1PJlIzuBzn0yP?sRb8hO(sHBS;?ucl&V`5}
zl`&K*AIwM}+OFG~09PchSt0NV6>+G@GEHgDq<K+~ELl6-t5f(iH!Iwl&QEHwFWFuZ
z<-J*3(Rb(s!g1`B<S?#Kf~QVJCbmN8+v#7LO}GM|I?Sm{7CS5qk<g`!cp6MNY-;n*
zV@n8rTF+P1mar?sZO%o$eV4FgPt;i><}c=Ti|N+)%<S<6x|PN%c_19pZYbG>Xz^L6
z5!Xg1(vY?I?d8CGwpmNemM3uS;rz9a8YKN8Z8tRC)>gYD#-iCbI5Q4P^&y}>!+cp_
z-Atkgr^5jN#Hhb5uzvd`D3)IqSmC}duxcr3+Od9Lg=PLl2<yAh*FA0QzOBYOCf?Vb
z62lJl&QqfkZ)KFmR?CCI=xzrxKZb3M$YT}q2=$^Xr*@?lUl+a1Q}w!BLpzpjU7|%%
z%(k+u7Ea_`-RF0=dN+GSDhk20762;=%<9Gx!ttSbZ&*ZD&-7lxLfS%mt9XzRL(xKc
zt8uVxFl?}7FlCT1{(x(xq%LuwCg`JV>|Tf}^7D7^k5GzII_o)H0+(H<-<?dnc<+61
zbB~f(T#fN+n1v93SbtCZQ=+g*!}9R;OrUmhPjQE3UUfl_He_(?)(OiAT_~-zZU9Yo
z15;#%^#qiOYrfW-1gSUjTxz$pZ+VaD)GGLgQ3!*$wvTZ7$cL-h+cn#A18B7{YISRG
zA!A3Du8Ky4c8Q^5w{f%Gk`w};ndY54)Nc6;ZS`=_T)NnZg`qk&6A>+tYO%u~9P`;k
z8@RenNR0`*Fw|+zBZ$oGPZhim7_(NV9=PFyEA3Bs-^+)oyy;xGFVoog{<D@d?J03{
zJ$B&>H|>5T;`>c_)1!;eaP4!l6mmE-X?bL+mTw!%Wx<0VRL#R3w8o*a(i7%SVs8=*
zJhwPJ=4s8C%T~}Q`=pUePu}!VM`yG|GtvyOIX!^XRW?jqp(;^Q8gWMT!Q#Zs?DxcS
zZ!vp7!mDiTKU_f8T;xsYt+bT9BD}<V0zgCYSfp*=6P&&rSb+6C6&wKHgfscE#0{bN
zC<%W?sd6;He?>-`5rpLL3FXj=V3+c+&;g~%k#p6|-~3e<e4{X;SH9*)g2L2^o;dUQ
zc>#kLHV(Y{DTPB#u{y*D)WZeb^Rb}#$$9bmD#zEcx${<gHlH#bX*lp@qSQ*WBoaK^
zorD!q!f_gO$A{76tYvFv<7d`gd!{0NJa&APIO6Cxgl=h$<`q3Xz$-pIoI~=~9$v9b
z&WXlW?<UT)CGjHOzoE`6IrI&ubGCw9s4hf{V4*75_Bdsq=<mzOp0)p&#m$KRGI?jI
zQ1BW0+e-Ngy=TU-PxhCk7Dbl5g6VQiqhr}iu@_NSB3cEmJbg2{R_&Bj^I}NPC4D{k
zv|l}X^Rkeo&at~t^o#d7R(iPNLjeE~a6dlY_|>t9es!!bdv$r3IeEB$^RUnvZ&R#U
zVz}cY2(x>H4#6jVR?g<Z-41Uihj2w=b}ZnqFwKI=y`ts2&?igg{f;`%RR%|Z%8Oh^
zwwWc2M!O2SZIj6*j%}0Aj~IosJrd+TKU$T2x!QiV(*EIS8qL@rK`haAL8>D}Rkdpu
zn0|$PrVn-pZI`pEJySC&dLb2%?wfptcy{kh8*C4nEq7L1Eix{BAsvu;g?eTL_5%@u
z&dW*FM2iBYZqj@cuMo~O!PcO$auYRY^_N9~(l;4bC};P<j$m)lQMstv!=hWMPRW~e
z-_$FlGhMJV$Pcty{!s06(XI4Nrf=>Q+8M-|2{n{Ln0QQqjHY>+d08EZ&rXOtC__%U
zAgXLgi(OknIln}sSc^bgMY*s<69<G`kx)@kQGTx?rJ~SE<4g;R`$>lKX#P8m4`r7i
zNIUYz2m>YN{1lCmG8sGmX(?_^#<FBBq(-}}I^V1byS&$~`yuB1Dr}f4&^HLQEu$Q!
z&?s8<8x6rad^v3G8^jE-0ak`FoNDm`3^R`Xm|zpO@x<EE7938sVFkW~<NFW|BeAps
z)g;-caM@*!AE~lh?(O2IWn??-4UJt^=^4INsCQ?7#l@DAE>~(W3F_Y%BJIC6>wgfR
z*4DB+8<(PRL9y=A6U*lc#hqS-b>dl38sROC1;J_K-49CCwI1$vX|}DT-(~9!EbZOb
zny$FE<0`2kbz4ADVs)_@Jl#z{#RV1d52Z7yO;xV@0JsZZm_85Y%<`1V+*N&}!Pb?m
ze$LDM*<lD~u<b~UjmSfQ>7nnV?U0UW0a9I7{HAN){HaD@&u)|qWgQ>mkmdYBy}vRA
zCVZJZXv}#*Xr=Vs!Ul$&^$xu%PFv5+OxasaYq=1RdBy>_#M)xmKQHa=lRm9<PTg$!
z*2<^)l?q2eIq8D}95#zO?Y6W9R<Duuhm0~jD+4|GUncv?+;ljR&tS!rGV0@v-0$0(
z;bbl?Z{^NEWKXnl(oa^PvSxgDKiwr9$U*+_$qTRhy5l<c^QP*nTYM=c!7HcrU<GjT
zlMqMly2kVl9G*o7#xo9I6HQg&Gm*XO<O=9Ehx;a_e2L1`3AFI(_chyl@NB&C+J~#t
zF8k$~ywX%C>_U-~XiZFSgk9Rqhfr!r8L~glgBcTtb=wFTJy+!DifAaRQdCU1HJ|h?
zjJmjF1}=mZ;!T4~Rn!s*%yIc1IvUUWMe>sxct1<Hj+S0%vN)6(1JYQR)Kl+PUDXyF
zPY>-XJ)hcs4(68s>}1Eo7I^a}KWIHDJ_c5XRd3GGG}?K!CeV|?&$LC<-^JPF^DWSM
zRZUbh?i1?a>O3j_THO1UUP?(g*nm%AXwj#raYTANbADysS#>3YdiGU}J+iJc@pU;@
z_>DmVi3@Vs(vAghN_aH4)o46fre(5aFUvmAi+Vy>s^e)ufGH}n+tR>!EcuT?#UNZT
zM@3>=R(&~R8M-GmPDxDx1!!6;sVz((r7a~&eO4XSQy8bzDX*=Ju-pku1Lgx;*)e(|
zO-n8-I2Jk;#+EvjHfegR(W-fC&}w+ABY>Uk;5^Z$6_*vy)X&ug%RiMHfuOWR&&V1x
zeIphmg_W|Uge6ea;xvLm=Aa?aCJ6lux-r!^;a*8j!AEsf%~CblGR<=9vYVtlRJAb;
zN{~B99P9%|KZAUuMmoRJ>$*tb@OmByTjH|Eje3T9WE*{o^6`jBoqlYN*=+iu*8VQ3
zJodf{s7d#1!Q+NbSi$q%1!TbRsRwtnt}9aO&G7T3$A|jw-?ur_kBrj#rAF>L)LRZM
zNmYc?E7R70N<(z!s7x(C*Fikv<m{A0JmvBXm9@Cas3^>$xWsE~a+$c90w%RBZf*$~
z>f|Q6TdbH|4EI>8usnFf`Sx6>@iO)7RCv18Q}t+*rMmR9>vp*sn${6BE;!h(L(<JJ
zKYhh5D6ov@GjtBY2)|^|3%YHLj!tz?WA=8@;a1>^j7zhZS8h_ahaa`Km+*~-G0!|_
z>$z5~bH(d&t8*2U6@%{E^0u`!4>axdYO6E#;uQsk-JB{@QSI$=+?{fTNvNe4c441_
zhW4r%+!gh2w5zQ@ygL{3y!3R&;yUkzYcW#m^ft^7tju3SKYELMy~=)wv#jc>a-<!f
zJA0$6@6~_MU1DYJNve~PX>Uhjzvkf&-Q}xQAEZ%X@hK_V8VpQ{wcZ29#%_awIkDS&
zz@S(>FfcwAZx0w5n+gV|$ENN9Lt}Npz~ornJzz}iEEt#_JG%!Aj^zad6JvSzfKOtZ
z!NAPe<~?9|tTz~#8tc6WjEg-719M}~_bwjAqJb}-#-i<AM8w8{FVbS;_AWwVRlyfY
zv8sDOsaMt>*a9Mzo9+T4&o+^U$`+jD{0;l@g4F%AE!@O<(DA9+4NRl^*dfiS2N0rD
z)5zG=A0&vy_gMrzh{Oz{$JB&TpdN-ErY=EHN-aZABUh(aqgH2Dqf}>9qh;63GcFJ}
zP3dz8;>UD{c_;rGPmiol%{0F6K@c^jB20=r7a~)t4W><s9(k=sfwXCIpIwknBsZiz
z^$bE)>Ks|E`h&zSD+J9v<sRC#)LLjr%mYYbOz|LQ%xuUeDLFDG42%c`B1ZH?7w8R4
zBgkdUR|pQtI~a2`t{q)okyy|wNpkS}Pj_&366fe^6$?yEoBK$D5~*OJVX0Mc@e}44
z*_i57*RUfsVLmDnq2tH%(YeTNa0T_sCMX^woPBNwTS7&#;U-Rh?x&MRurfsiv*Ead
zo=Ma7x+R(8l$6I$O@twOlwp`PCb?>v5mwYeanHpVAeR?@G^ar=H14cH0pny98&}SQ
zwbKimJ{vX`Z<jj?m^gOA*a<Rg-M5H0xa|iLC>|rGY;ZI6?%DJaf}@-Z5S;S~oXufY
zx)nOYaXaF)2k5GJ1`4O?2JRIS*~c(caf0hs(!x;&Fdeuu>V|Ckt;{KvdgFM^k^E(_
z0}BaL>WCo<(GI{vqUAY0*dk|N)1w&=cb{o^000m7$MlHlm-Gnt*Yrq1MgFhEC}q!U
zQ40N)ZfCKw;v`LHvEu?Z-5g8?4OcOBac#=%$xJ=fbGJblJ?#7P*oN)0UaUS$BCe>U
zKmbY9)co{diUXco?1#i{(RM*W&XsA=&$nm1<QAb)Q(IK?xfF1kTjONbInvo>pO?sJ
zk@}T`vpCwT$H^LWKnMr3tmi#*Xdf3$`4{&ZEs0>6gAJKo_UM3EOwGY>y6YRfv3Wl2
zNjp8Af-`#wiK>g3cxIocNX|r`hQ3rs&8pb#on}mQ+ONgS{Kmm#GRy?VE%9p2@o8r7
z$qLN}Du1BmeFKm+Nl0=<6Xi&i1YruRy@McSQmYGd8*?ZcC3GJ@LsAp%qVl^-(_GR<
zzsL711R4dngI^;DA2*t@aI=lM3&BUHa7M~SmzXb3x`jADE$*NoYJhD&Bdn=XbK({n
zoX+k*YUVA6iLBCSXR3G(OVUj1*Fw^#g+~b6dJ;qr2EEoIXO*ZAt?7aDsM?)-mv@iG
zyRt%pl2Y+`73T<JMGyLU&sMr8hU`bJbsjuz9hK|>8r_ker3$Q;(c$!W@}4G9VS55O
z&p_g~%`+q-$tuN=@?%?(26il1c6}hZoi?R%%sR6M=G1hy%qmHS9ax7QofT=vIrEau
zpeMtp*&RY<Yqc{^HnFxicsQV%nVQ6zcQxW>(r>k+9rBS!QuPypl~iC0nh&nZ1?n&K
zD3J{^IqK@Kq$KuzHo*&<eSCv8)*=Z|v+VYr9VwCJpf%j*+A;dC!y5`vU9AnEr?<#l
z9FP#*c%QLnrZA-tVQ$LGy`klI=BUmrOAfPKZ*%vdW=Ex|oT@Hbd_6pn=i{`kC2+`=
zDWFyUl%<kz>uT*$_XkA>->dNCc_2eNZr0PtrZoE%3*u7a@S^!~*mSwDwoOO1%p+5s
z!<%L(4=s)fjg>eRy}d)J)N8lU&u0Wxe0)*alTXY%(iKn+xYXY@AQFuaow(B5d)k)(
z6UuGv?(1_8`go3Ue>$?D^+)102y*x2G?J_S<O-j<UJj|7`Zl`$W6y;$KJDScxPz=&
zX)b<=>9v#mXx`D7#VP;U1yAf%zSkV{Nxmc~=##sOaK)Oh*)u#(K@PiJwWxOLIe7-2
zLf!D%+DR=TG9#TyvvJ!q)ZkUg`8~Ls*-ojq_*o=#2m7*ce432lPCK|)9MPLj$in3g
zwYfH*^>}();&6qLUkvNWu72)FYh9NXjTL~~+qoB>eVn%#2iYi`-F&zb@8CV1DTyHy
zi$>I3=CVDN&)S>1e1UJ>l8+@|hRJPV;9>G=v=*}*FC~4==;gAYuh|E<;Y&z<X%)h)
z2gh%k`zGFtK~L?pBkEJouHnevv>pe!La!vQ*<#oLR98PI;y>(y0-@dJP7Hh)faF(v
z6XY7Cl=vY7Z%{Uab5MUvdW(9C$c@B@zz4<$#|OoSxb;y-P)B4(sG-z~%!)V*`4NSv
zOyJ{dY#+2sg7@wg5c*OpvVlR@n3p*3A>0Tq(OVxIN(aXHhZstV$OH!aKlYEh#%+!D
z54%RaB)SxS4@V`P@|31N+F}sV4N70y?Y%^U4AZDUU~^>QZo!T0hAko}U~+tkO4QaV
z-f@(8izW6G!OPDQfzwGBH@uiOhw&wcJ-FAR;yveIuyBQADRdAT0N6zOx2YofcP!M@
zRQhWHM%~DHiVa)%P<P?A(QI8z9OQj7v3sU(_fWW~!qAf|PM&rnp~Wu(s})mK>YmV?
zqyhm5eSJ`(k4QsX-bm0^Fif6|wr(4KntS>A`Wj}9oTQ~}%?`%W(A||d6Ss+pi+QQm
zWvaU=_&#!fq1qlh)E-+>PPtyXQP|^I+s;BuXH5Ap1KobNhrXc1p`e|ZNLPyDINFSg
z4(rgy{0K^6Y*Gu;kaTcTX^<k6?MKjw8cjCcTVpnt4aoAwjJ^~mVD))ljb5=*w18HC
z+15xvn5Tf0H<d`#N4>saFH=k$v>c9>Zi|f5w~Usm8mNyCV{u$vK>UVG{4JxdaN4M7
z%&4T^{D<ozuTU4ZaB1O|O+hrI2fiY=%Fa}u!tyiD`XdSUFdW62u}EkVJ{mN<WwI@6
zDEnAXXTR)4FFmIU70w`Fuii5KkU1bl@BpXWI&s!YB#Kmqy*F%DKZ!`$cN|feO*my#
zUOSQ@mSLUa=5lZXuH_bu?d1t^>$CDUnU-jwbxQ2xG%F!;FPO8}&Dko@!?(O!D)FM;
zt-BpYd_a}g3@jG0)t`w&$2eu_-<n|6m<80e@jVMvYzcbuWV)Eu9Za%LZTJQ>%H-Z(
zL0IbY?rkpov+)ecP1Y}lajT?av<LwJkU{-u7%YDdl6Qt7`E_6EZ{}g7wx|H9j%_3>
zD_eRpDcxR{e6|r2=F82532jyu9#7}{)KzFuX_H{Q?z-x+82t{^Rhdm3g3Pv=$&9gm
zZs+;z`6t>(nnd&wW=7qxJeCgq<dj%c`Y>h=BXjX}Bk01-p$EM96vbZc{v%}Eog&t9
zyG?7eiDq$e0#;+xQcXhSEpIuo72C{3(lgdxSOI4!&-c)DEtj*rJbEXPC7*H9h4B*T
zcUZzrQkf~wzUvW12w~Vzv)C^mBv%C`t4TwAVnB7lcZovY)jnv3kla86wcdaG4&?m`
zm6>BLuyX9FzRGUKgS_QaqI;djPMQI8jo0*0g?#)Z?MC(!EsPhO%<{T<MrBmVJ4AGo
z(+}W{;hFF=_wQN0^5|vrX-yaz>oTUdP#a>9g06@tkdcENDqcgzklSjQ=9h>;3prwR
zeu~)0Pr)f=a=XhK5g;#Tcj9^l_hnpwSKanncjGbz@o(dT_4BxB>HYN;R?S5fth+&x
zydT!odsFb1f+A1T3FpY*SOSNjIxh)7<{n29RQkf3v|X1EaMzGG5GDa#(2|7+aUvH`
zw=u3qQ$Z4;eO&X_-balejkl{l&gLHZ0S4Id#5p%Gkj?m_X`)?t?#bYrXHoMRZn4#D
zVCJS$g4%oLwNYpJ47Xh*`;~E;u|p7_=sRl$J)kSgu5}n`SC(F8+Ze-v)_ha1HlEhx
zz}~K-hk5w8HK{bJ%>ieXUwRm_4Z5wzP=~FobaXV-gC=#*Vsc3GQmD~7>$=`0(bWKZ
z!G$?)a8&mASxL*RhBjvlzG0n1#%g7$`@6RE+R)TNzWL@J#R0TJ9I2U5`)Y^ckiGar
z%0i$D2&YNUQ)p!CtfC=FQIN@SHs<|ShwU>OjvV{>%AtphLKG#0RNxC^s?DlaeRjta
zLTOuDyY+s2O77?6B^2dmkcsyU#w*r&4sBXS=7p7P<<?(>!KIbZ<4oKm;dl{~&&kFm
zv~i3N0zTG<Im4l=))?1{=Wb5I(tifY&fDqFE?XbfFLeKf%@dSWTaB6nU0p-*h2XZ+
z+(05NUA0%s_5H-M#uXh>E5fhwS9P^t#C!N^1E-|yXXC7ghAiC)`I#4+(~@uN5PO}8
z*i|a1Kj40t?Bp}rcz9sHT#75z?b>{ekj=FYtvez6@VV91c{~YEY(2cCqfMy-TmYfu
zBN4IQah9a~nnO&x7v#s<94f9xUb&dt1Yma6>8XgzB?ti=fxR#<bUJc9Gif!+6K<`J
zd<EJze;LwgA7da8E<YaA?j@0$-CMfM2fV)iz?ZBn4C|DB)Me8l=Ls$Yv{{tEr{{_i
zW9%1b*nX}vui~&W@SdZks_|Yzt*83q_=XI!6fA1bUPhpcs29i0B<%`?33_(aKv(<D
zTSwi{=I>QbEMmj40bS1XIuw#{JY%9$#?_QB=n=L9ddP;5CiG2cPWv8HbLnUXYIcZO
zqny6{;vhyyz<@PK03a3S-y+(*pBzNP(#%56*}=ln?VF!y$BruWieZP2DSt3G-_Lbw
zN7q_-6n6Lo3C9(KA#J1N35V@K!c!V_%w2Q(=h%i901>U-Y_i9hoaZ_GtFJHT9|l0-
zuY<y3y|7R`m^_$I;RozUbey3by=2*5x#FfahYXlrD2yL{ki%RE%o>t!M6_hbF&mC;
zOnMtk2O|qB39}$>jDvKEU%6<Ee!;3CrRsBUXoCjhs3$0t5)M|WCtXkVhV10F7@j!!
zgGM}a=QdmX6U^-;&FvLKm3Sdrp%0Q($}3C0a1P#ZZnj7V4JwOO%vM22?^yZ$`VZN&
zOlrnTH;}!d4mQ!)?LTCk72Q^Ne*Ip2_d(;s(>u-ZLj3ojuW9M#^|#*cKwqUt3|$y0
zRDv0g6$mAL8v3MeU0vNoPEPJ#03G|4)IvRZb+PioWB(Ky8g%7rfaoxvbOOy`@BZs_
zcPs0$^RZWWk9bt5Eo$k_kQOPt>e1DsqKpva_ao=<T)UpWXfkB%u#}trbTa@IJbosV
zm7iz8@-kBe`4G*cmt2ZVc=oN;pjvfhlgJcKYIxMU^f94*F0B9&HSYTpT#dbCwksfB
zpRuSApB}Emv6hDzLlzd~k$g$&GNEO4Y6BRtmRhcuu6D@%E$6(C$nhkXyUh*vK8zzc
zTn(g!cVbB1<sF6X=5JSOZBJARRd0sIk++ef-}|HU^_p@6ciyKq!hz7i7BF^Odax7n
zkE9hfm-4{T*NT(OJR`|4bA-jn9MX{yVo0`GSP7DW%r=sG2nyBIn7p}iBHXLwS}AhO
zPXljgUrHhBhG6R);XZ`;G9+=9!j!6a!|~={hXnhlA<_1*{p+0t$9N<6NipoO)#4zr
zj7hX=Is?WFbunfgV&{E63KSgL2y>fPt}>iRQpi}Cv<Rrz1kRl&11p2Tb+lty{+v)f
zL1w>`!+G}{_cw?0s}BQjA!~!f5piAlLmB7P<Z2M@H3zxL`PWBiU5&a?mXcf*2XG}H
z%z7OhBlJq-0|&{pJ8SxDs}^g{-1uzn2R>;geqXd8xwy+yqAszAJOn|i%`A$Hk8P$?
zAh|(_W^5Zn|1m}UV4<5fJdS(y+}}>E?1{+Gax50N4zlx(cU1=SLRnZoX-HGU@^)@3
zB90;lB105ic}t8S!y%&meL4L>VT&?K(omK0)VjhA5fZkd%d%p^8#k?JGwCEo!KH)b
z%!3!x2m~n<Rw;`7(3xYX;H#W@n?qaV=#?~7$XEON`ST}BXkN}<0q?D$m&!WWD;M@s
z^s5gtM-4{D4Up$I<=#5Ds6*%KBD)LZYO4!n#M+JyxNj5;@WEF@Q1g=<fxQ;DZ_~^=
z^K!)`R=xb<o`esIUw7(pq~R0VW~dN8=Umt<CN*6h%6mzztd#9jRQq@uemU!^tPA4-
z7L&gqj3@=rk%Vb9C>PV;iG(N@>LuBQ&<rJz@o{S0Q?d&ri(SSdPI*{rBQY9<;Tu0I
zFUZT!oH%`QtKvO=RIVpLhRZV92h9B9U@j9WBI@^s6oO&<CSQ!`*~rsNs5?wF`I^i@
zKw<-ae&Yr5hgW%i{`~Y}&#y&)e2oVCr((i?c&+Ex8h(6EjPz3t^FP0Q^Q9mn;Lned
zzkdX9e|V_;y|pg^;K%1;SU(jq!Ts$+=3guLapj2UrwUpK{{3Ovk2QT+Y5H;Ah5J)Y
zvlM??clz~ieoWDS-ZgTQ_Mh{$A4`AH;E##q&v$T5|EHw>*E)WTwLdE~iSf4y=&xP)
zG2q<$se(q9e+$sR-pG$A`EzGZSpO8Pey!t2C;8c$L)d?hu4;-fU$zefpxpf_-jy2q
z`pZe=LS}B}HX?|uzw9!^&d$xw#m~Xd&G$2(?eFVsJUriyOuyLqodV%kzIg>Q4*-Cf
z_KmQhzY*%dH$r##Mre882&3s6p)Y(ROqy?mq415co4yem+c!do{YE%c-w12z8=)G0
zBP_3Pgst$6P!9j1uy2GD{e?_S<dxM_HMC5mq%|cq<khrPHB7!*FTlh^MO#VfpO*m-
zzh3`#RZC7=MbSh`Tub~;-qz8@#N^KLO`IRtnK(F`S%|Uo0RGANS<cbY(b>)C+f@!W
zz#sYFOPPBBO`I&f#rOcfo_?3Hw)8MDw{-I`v2glZ?ibc~Su0y7i@$~bKK{8TcT0D7
zTW2Q|TMIERz#q83v~BBRW9jxwfuES)<!#KIEZl9(>@7|1aL2>b{qG{b<Nwl%vy+vr
z^-oRwhx1+X&Tnk3e7^SmZ_!^^-(@Xq-CZ2ad`v9e+??J1mi`Cx2i>_@TK+Be_wo0u
z-fp%YmSXH2fM3qOOSoA&Sz0@L*qV9#r<z|_Kacy5?frQEV~uA28O^_szh8C#3L`(7
z&(EA6TKkHgU-^G`;1||6**mR!*g9G|TUnU-0Dd|9t2Pfeb2E2Kb4M4zkH`Nz%JBXN
zW$^B>Wd;7*o31>_06-ch004c5;{&JwfWuux$wLDGnlJ!>g}Y;#yK4$}$4z(8$acqv
zz2i~cMee0LdBZz-ue<*Wch?S40D!PNipKd0VE~A`<N_Cf1Hc5p0#NUe7VR!vBLa}`
zQVpcLWCP|dY+&4>Ey`U0!~3u0paA~|c=KCD|8byxZ!f<^kAE@yf1<-bZT^pF^Dj{F
zC;$C7y!m&e_yg+xJIMaiUH<5jfAXC_;>+*c|DTTV^JxCb;eO-sKe+C1!RjY8|Do)k
zBEoNh`X9LZ&j|1*)c$Sk`(2Rx8L0jNga1UT-{ANU0Q+6He~8atxhxhA4y^wj-f;2#
z1vhtiqXYp3Fg7ocf`|CF_wg5aV6m`#;Au^z`FE}*c1O{_OhUu}=n^cp7G@r1R2)Cf
zcwgVq+F$2TU**`k{*vSQTkcCLb^C+dxBAGszU@7Y@NL@jpH9&Mu+ZWDs_o0?%U#kA
zU@F_1yE(f%TX~StY0#4?$*U;-_BRrc0pIsO1$>=K!F^54VZI*yrxAddxwE6o-Hp-?
z_yNA`=mzy4`M)P)kbuAYd#8`D_i6+9v1d?U=`RkK*tehN{w~A)o%7{G^20rTo9glY
z#8LS&1Ny&~!Tqlm!okJ=gM~nTwUCzYlhWT>h{c~Rg!4xWDf)*T+y9f1|8GW=_^X!x
zpi9L6S!=x9|L`l&|Bu%G#jm*k=0X4ESHEiQZ(I9OZv6kDcK;iVe%Yh?4@USu>ywL%
zjO_dD>r0DD5MOlqW#0|VyZik))O`2l|G6Fh-?u~jSO0z!#J)H7zxRsg_pROgnwdfW
zBR>AQU;iJQ^na1}A^?CxOYA*cY+T26cgYpCq9~H88QX!?MsXH3jk*$FD~XPgz3=x+
zT8fe_S=%MKq?TIlGW*cOv1=EMVagkR^{YnEq(I~Rw9ZfAxDDV^p+P5rQ5bDM+#(-E
zkrrxeps8)Rb`aP-Gjrd&T)s@pNv*}*ojY@8&dixJ=P`3Q+7wf&HKs4(nTkg>?=Hra
z8g7m0OPIgnt(E$2XgJau-`#k=;vsus7xZg`WuJ#-*R#}y`?_2#VH;<UW@>*3TfltU
z%}kwYjqeDSIPn&i+0H4M+F-tpI@_qNZN6RL+dw|uk8PazhSuaRc;#ekjQ3%OG2U#a
z?uJv^jIJk$D`Eog&3ZfJVswn_y;*O)K9-=_zDNAu=VA+a1bZ{Geiv8R*VxU-+Gyv)
zE;i4N*&D973t0gH2g%2>(;eSaqbElLJHGFL)gzNf=xKf)d$09VTmSsI15YgehW{M?
zh&=a<?d&;zvGt?>%zqxgz5D0s7s>P7&v*ZP=cPOIy#2yw?&&!GLGX!gOZhS*oz8M}
zc8FzZQ5P7K*Lb>`FU=5hi%83Kl3{2MP^3*&vUy!{0f}dDC4VD(efsho0nW~p-2$*|
zO8M!UlLZ-`Nzlr(aItWJ#jtHgu<1&EI$yY&pGl|ENlt{HsT;L?HQXtIws>AJbVH&S
zE9Gf0a5f%*LJO*(3#u7_-DnKetCe7XU3lpC)sa!R+U0z)SZ<-p9E8JyV5p3!Xmt8S
zs3)VA$k+la88jMLHBx#~;v`#=1d+~w<&;m4rcZ{;HAZCxQ-|Roj{?e5;c}g^IaOm#
znkfP)n#xb9vaM)_#Nufzl;$Gk<C4P2n#S66shmy`dpHcBs64BiqD;@^rz<xWYcNG2
zLNhccGmHd%pdBUvt23P{maDZUKvOd{S<pj(GhpjP0R>xSOo12ZDJV;!IWEi=rV)K2
zfHK323Tv5kp>#D@EC4V}3^IG000o{?E!A|$h?q<{Te?yzUjtB1je;Ap#A~u-(qyXB
zDe$uj)yvIew=7ZOOhKRtmuw7Z^NK1OoZ<J>G0?++EX^8{pj(zebAe&w{tgc}ca^0D
zP1aaeV}cXB(E?&=g%=pv;Cb5XXUgqR1XANwmD3HK=A4nqXaP7qY1I*n7X)6B1v=x<
zEKp&jxdI0x<!r^)X$S61{_FKTFb%FS)T#o{YqrgSY$_Cs`MF#%om$LQatrxdgl7R%
zQ50LY4Am#Mx4@&IKs}SwEt~csQnR^2v0iBcwG39UIm4jqrF_X<4JmB@g+Y0mV<ccV
zK|!F`7lGLk<N{22ZZ02{Y9=e`GRw*#sn(L?MVi-TUey$t&f)c*N{<tQ)g5MbX1|Gg
zBCTqMD66ojtVOc&N@b{DtuHQ?D^06ff&s`jE6OGeU?vaTg8HAUrc*caK2|YOOQt1D
zVFbYvi8u*zu-izaf+;GNsoPqVYxr`>W&5$_(I_-)>9Wk*qPL*OeNIlbmZeZjR|M5&
zI3~QfCW-za*iy~dR9e<}1B4eJt{39i;gOaVb=%UJ=xPpE9BoxmwRBTefH}ND0dv&K
z)8*m@Y^2gAV>1?Oh~A3T@-Qd?bX~4A=MwWo6EabvRhczdQB-{;vyi)9Sg0=mlhhZc
z(6p3i$$SC_<ov2CZOO8vXr{PHRgNLmy{bB`849dsL331pvu-kI7Ic6q+q_Q%P~H(3
zLDN)K<^&ov^GG@cjg>1i5g0|1byMRMznz8LbO^?zWl=CVMc0s?E6)JA@D^SKND&Pf
zEAY=W=(jvxLQ%`Z0x_jqrloSU=*id(NN>@CC9^84^E4V*3M56Y)T9(FS`<{t0D(*|
z<f=&6f$o^D<ZBTq(DT5if~%-ojliNcQ#Msw1bZW+yAaM&4qGNR&DsLT^Dqvqg&o5B
zl*{r;#@3lfvy3jBneboPM<;}g|H_35&tw??B{RWH2vjyVLkv+rmCe;_m&xm5Zu&~z
zDO#))uEP33795qG%2f-~c&7wxxcqFcUaSS>X3NZMF<<fvLd~_vB+#y+%+3_%V9lZp
z`BJ`uK*(fd$y`v`E1;De^AIa`-;fM-%guD#1(OmP*jSu9=@2~0!AscPudISTaS9@>
zxYYV}J${D%kpvQU@RgsfZt=L8V5l$75Tb2%;GB_}VOXBIB1tNxLXD)(IxU>x#<F-B
zkz_Srt9x$LNt59Pj+MYpEYH-7^{|ySZZeu+v6f6{3Qss%sCjwu9Oz0-<2Zq#L3eHT
zNuduc9#D(|dsZUvL18K|hGKynvFlUC!ZeZnVIgR;yk!|6Ol`vA0T{F_vyRvxFOGRb
zUJxgc6s(R?%}ZXzs|3%Pn?q=aUg}ekQrt0;t`_D>&iuIj8{$mcWEq*G!)nc<Wm7i=
zku`k{qj)OuR650E%=FkWGQ5lV2#vw3F=TL$Or=#_P}uD%^I(e0vaE>~>(^eqGF?5D
z9!5W?`a&Hk@p_dgSI%aEl%y<6v<P`U<-Hkv%HcXl5vGHL!*jk-#2KP0FpN&~f|edv
zO0#8zoDnkV@sZSt^f<?I>7l441(vDBSm1y*R~jBU)v}UC>&W}IBsIW;g2{uv2C1!x
z3I_r@z=fg82F)QijbVb7SwT|FEml`7mQz_UtD7eWgnRzPSnEkeI!w1&LzSYP#_PjA
zqf8>SDNT5E1Kgm$Z5Xs7DMoYGx7-NWbe6~g?PPxdXG^|44bDlmdJXGLBqxIvMR3|A
z4n`6gfM9ZG9<?U~zPSf}bqTCk5I?FQHg|r52K>q}<A%Y24<4X;DUWUYV25XsRZzQJ
zsD^|LtHPX0U=T#{2I->HmaQ5JK-r+_(&H017LgE)$RhAr4IP%)SbE6sGm%B^kqePJ
zTMkOP42DT|VJ79IK)VdP_(oLTmgve<s1qYV2ub1)_eM8OQk==FqRrcQ%VucgdZZlO
zc?GEeL)D#4ofL<pWmzvw5o79llw~bj)^yI)e5%jpLGe}cO>Wo;S0tNK7L+@vxgw|$
z@($+40*DVJW2fq~4uw!^u2Q~6Qdr(1rHhshNmW4EmKTEQtoay_DSzEDA4nQhfBrf}
zM0|FtSe~M?b)TKlZel>#*rq7RyrO^`T7+31MfTw=(BT?#5%GwIn%Aw!NxCXYJUvy&
zF2Yc9CFG{Gs5=~~3v8=Nf^I6{NI~71e5m$RVXlDO9l!pfU(=#>QM4pYu~1EqfT&&#
zY!{&aHT>;tn$%0_@mXI77_=(!yllfnLv2KFR53SQD_jL@tX#)vv9ARtNv;;;aKSRb
z4B#CG86`eIsa`B%FCc1bOB~NhJb2q7@G3GO0v^4~8_*Z9hw<-Jt^(F)4X42=DdkD3
zys((7xaq|kI1wNlc?YL!hQNU1QLd0&hp9*+yHF-*3JV@UkSXC6AhL^PAY%A!guH@D
zU05s<{9){lDFG?4tvo!{uh-pv1H%Q;R_jx>N^Y9G1Qr6~)>;`dU1E-jU<!fi5om)S
zi4b~B6ct$&6c)--k+PJ?2%2Qu3XSZ*DEBfn&zdH0fh}Po7Gv`uBZ+l)lFV7tb{J#J
z0%$i5@6%jH%n4*JRHAzzU<fL@A*i74vF@2F)T*xG*wS=_8mg(OqG@UL*%I>0=1Ndu
z#^IV~c%C+F1B5p$*N}oD9!+#NO4Kb;k_^-7IMM;td~r5Cj;yw5=LK42Y}=Muo%Ss&
z*S?H8>#PLEoMh=TqtRS>VF7JInYjgLYl1T|kB_?aJQ1y{iV{+rVxVJqwc{PB7JHZy
ztyz|0N(@X!WiAIa%8`vPgw1M;3@k5>lfa_GyY?E$cZ`xRRBMIOT;1{Nao-~~P0*62
z!D}F?%reNB3Yds_XA_(BId?TzDCVY$`6lsbbDA#jqKlH*23m_&HAWEy-3pBr?U9~^
z_3DiItTX6Tt3iWRBxz_rLe^VYWam>u<8AF_PNrqhnT#a(wI{Fz;Z0P|ohGLpzb+W)
zl5T=R0mitTE0jnjZ?^_@e)@8L`bs(l<_XzT3VKqC#ArMVt!&MYLe}Yqjudc=V(=F2
zYzmT9crs$Y=(cY0s%FrHEO>O~D-j?|l0}6D|1MLQ16mL}DB6}q8;rrT3}^}#ZL^?7
zMht_nf-p^)QCMCk(ubKv+dxs_lg(92!&uE@(dxa0Hac)_DSy3&tSINTdZn;PUMpZ#
zA=Q?{els}V*I|I+y#gnX=n0&}KEB&;ClA{pIOPa>oOXP^EO;f^>8WYo=X5hXzY}Ma
zOIOjR1MWA<K$-%*Y&+uN<ao-9c<7@jN~S5QN1&+p9;2xB8b!Skk5L~Tj!|Rx#HfqM
zW7N;|7<K#c81>@QG3w{f#i*CQ6Qf>uJ4StQyaR<x;Ha)193j*TpB@}jgFgF1ziw`i
z^NT(mp^{$b>2%(D18*H(PB)IUisSg8&Olq;PFXLMpub(|#ecbyaB@irD(i+P0e$Ml
zEueb)aogQqFZN@o-ay-K?@-Hq&c`n~fInUEK~&h^^x20$emm~S4sGMp<51Y8TZc1t
zk{`q02jPRpg#MP2z;=d4(GeMuPq}Vy^e#nXcpm*v`;CbW&wID)Y_vZg-mx*Wi3`)#
z*xBnt>Gu0)dwyiSwGFyGIoRHo4fz>32j8BX`x|_2zQwSaJw9OHqDS!=JB#1Gd$Wzx
z`|Wu`+dA#vR&3H91qXa)T(|8+DQqWB>r;zp*iuB>?!q5_ZQR>W?}Xt~iwN1#mgG*u
zNVXPQ_<7h#yRehp9X{=RgXT^hTkU3JXs7$;yWUjV#o6m8up{*e9QEzw=;f0*J>KnR
z+W+4Z$~(1<xQjEUT^y?J@_cG%F$#MTg7Qi3!tVIk?M{U<Zt-Az(;%HK1VwIbhk8qg
z@Sk3E<rX*0+e9es>|C{NpuzU`=|2w;jq1m(o?L7aM!K^j@a>(8?DDwb6N_|h8~)Wg
z<Z!b%kUJQ;w|Nld&LVqve~J~14gNe<Vv9jTdl^K%wLcVW{!_dy2VZX~;wk*+ksHK6
zwTdGP1evr7^KKXM84Rb|Vmx@;zdvj`pxvwJ@!yR5%)Ef|9YhrFC=R{(g2rt|rU$Q?
zi^kvW&1rmhxtc{tjsX#lw>wQA9vV7<?us2AJ~8Cq0o8@?fI8BN?kghyj?I9UuU*Z%
zcPf1s-B=TgT-wy#Pet#FdJf&36>D)<R1E}uAn!qRO>GB7O}Lj%!E?0V{sX5yG5Fud
zTmqO<0FLf&Zf^>n>j3l59sV6t8@1Pg#@QKe4+wFb7ewZ)KA|h@!}r(gg_&c;!qoj+
z%08DF$&QY+D1a}{n22P8`(QGLkb!LBJi5*6;gDGKbA3KKiiRaQcVp4q!xzCPn5*O#
zj*1{Ks~4wl%v~##E?zD#<S#Na3rHk@@~D+77xCT07lA!51~}vtbyq)iKZU~y&}CZW
z`^(`gwa|wALg5K;UygF1UI9;qqE`6iFP7f!w{N3<^!;!m+0)>Y_ZI&CHjuNSC*wC0
zH|_Y+YXfTs@Le|UZO9KgGt%MQZ<oNg_+-vbHfqWKzE``>HJ(h~+xP01NV}QFZT!3R
zTH>p>>kmBNyYzZ&X+8GMpVkKZUcDQ@&NPG7{;BWfzP^{cvX>tJy;~R7;AeF8!rB17
zy#)2*h?n}Rm*TvX%R%IRu!HzU>|WeQ|1Plw=PofCZ9N?u8bX{ya)N6G<#xut+jPrY
zaGi8unCF^d0z8dx>5Dz+w5ZSr{)D80H<@)(N1Z#{e#>hE<pg;?j@#*{{Mw!PPQf6q
zeHdoSftG%7>>VHahzEmO1_fHgwogl3T}`<5;kF0S?RAmMQ)ki3iLsEZtQD)n*r0Hv
z*k&>;m2z*bK{D)KEW>`)Ls1ttkYRrT&p&o<F2ioZ^Gtkm8HO%iIe@M&-?zC8`)z>v
z{eA6a*q5Q;B*2{S@-L^~sJ%Z0n3uZRxA%Q?xjevR_ix_60>IqZ-@ZMxo|nQm=5N^E
zw*c<jo3w{+SbPy+)P#StA8xOL?hEwcz5ve)iO78P57Djg{s7?qHqjn0x@+^NiLH$T
zUD^L{iOt9H-vIN+2ilM0FuGp<z}Cj`9>B%B+v6=EDFrZ3c5klp{v2TbYLoUPcwPmV
zeFy!U5;tn^ivaWB!S?O_4?Lp)lkD;TXQ_?a`&WQ@r{`1A$;`}E##VNvuA8iDte+J}
zKeId1&mrlza}8}fIx)W15mLe35xGZH@Y36fvyCf5ljr6sT<_*Ya-i|%t^d4tU7%v?
zLX27$I^c<St_%BOEA_6%-z^`8@?Z8ZpN=iviZ$MZuUo%NEFWHGVk<(oJ%7YO-}8QF
zV&z9j5B@d6^zQd+_pJ-Rdvv9Ge&wkLoUEm<{O>D>=l<&e6j84{0Lk_EAhpg9#u7`b
zG4xCIy?h8axEfp52V;Kj7h+ECL@@VIM@!gFl8Xuk22p;T6azB&vFEAhfAY+K#OLqM
zEE}Cp|NFs$0K;Of$0K6KS-}H%z4v2%_cvbZO)vHDUh1w`(7r&@ooMR=0s8_bpuwGL
zWMniA&pZ|HyvZjMeLrLeU+0rp1=XK;=Ba(LdhOZO$#XCPD?eHd(DX|U^`Vve1CyE4
zWZGA*CveeC&W0hp`@KeIGV%Uf0I~9o^G==T&&v0$F8#}arPYH=PbT~2>~f}i_9oYJ
z>8S)l`KymU{uoTUI3D~fAHo|>sZjSGZz$jQE{pB%cmG$X{nYI1bk6`ay1M4-ir~K^
z&S=N}484uM2E!c6Og63!fkoMEuXpvYi!o~c*gBu=?}V?zF+84zHPJXdbOv8Ve2(Ot
zo0z9o#4fwR4$Tj(=*dB6=#95lw2oUJCYH?($Q^qAA5K5><BnS&B+e~Qb}ozY<xBg>
z%&v81=BfF+o!0c^^`+P7OBY7paOQn%E$&z>UDQL~jGscw59fUizLPlb9DIKTr~VMW
z@5iZcc^2ij9jkYMY89#Csf|OP00aghBuX4bgzR+**%LJq9YPNJgiJOhIny|wK;+B>
zXa#f_I6Y6DTkq;a)Wv!8v6acLGxJFx`$Kld8T3QXuGa6q^vb(1+ZTW&Nsk(XYmJ{Q
zi~E*VI~s2;i=9iWaab%sWLWY*!eukQJlWwA@)6*;03inhguKtWHo6Osk&qAF8a#$m
zvPa0AN3@Lz=?5WsMC|tdYcU`Q@hln_lZi>(lh-*kdBB`pPY3$$1^)hco+3kU`~sN!
z+4rC9on87yFIB%id$Zbm>B8C{eFT>M$F<*?bP1GrcD2^u;N*t<Q0BCohkzUF0KVT@
z%>#I7X`Dg}=4&{0$@xEx20WcjbR03>9>M*E6_?0NA}^@lb~v+^Jc|3)c&j!ryY%!R
zRXgM_;-!O$rGx!$@8a1@jkOCu?!lc9JcfP5Ln?WuKe5Pof>ci?Mpu_U95~na++QMk
zzl;oD>f_`J@vbf=doY3v*)`O^6?@{0t6UP0^(2Uv{lKgLSKajoM^WAJ-Mh=>k{r3i
zTta}L0XC8r!Gu!@Vrvix5dvHik|=3%b^<b<6<TxWk1+x15(U->b~=t$WoqqIEwyTG
zqqf>!2qs!^I^(FN^%stIh$GBst&pmazVG+_*u8zXxkLYIX0myC``Pb%@B7}qAD_>@
z-4*1fkI!i1c_B@y3&SL^9s?ie@c&m@QQr~&Q2UmKj}alrU!>8J;yTUOWL~pZndrx>
zdfAW5>-JzE2j(AFVKanx7`I_aV=ad^$aNT6OO8z#YG=1)2;UkW#?bX5E<uis82T|e
zMlb|j<7x~Ih$?^{y8%->NRF)-dYK$sFa&SRUMt3sW(>jGxYuCl2sy4|Yb!dVqBA|(
z=2w1$HR^A&SflRBVvU;5EPnO+(+lZ!QCQnq)~N8!4Yu6-hHF$9L!k+OcVt7QydKWM
zv=lZ}nQ1Ak(@A}g{Y8#zW~X(mH9z=9a`jP$DKXwVVxnsWhUcf%F)g2zR<4v*9%A^2
z`s%#A5)&O0m~yOT({jFKIZv`&fS6yheEcKv{YOo7pTO`^JRo`X87U^2T2jjj2)}Tk
z7PGTc)SqrLKOXn0Wo1U=zL4r`lIrBcNm5A*q>>gQh7YFKpWgSbiLO*R#_q#_WVukX
z98B?H<%czgO!TEH$8aAus80TwjCLlov+utXxxw^LhiYO{%YKfO!=RMIBE)QFcS-<~
zKyAO|t-$9d`VN(2cn#jK+Us<`6!WZOU4*3k6iN9hM$8IUvukD@c*H~xsT_lR6X*Za
zrd1-PRV<}71u>s8FT6SDj#d->rphs3S!-BR4W9^kkzM7*7&!lwh=HGvQp!#+_+60)
ztykf9B#e}+zLb2J@3P0tcG)a1QrIlQv~#f?Q(Z+r_-4s-HT!Odh*_|J-I?eOjDf4(
z7BN<@mP%fof?iz--?y_)X8GGR?Xr_qZ?P(QLKC9`OUlbQQw5fE$mj+Xd(+OQ9VNvS
zG2N=_pWQoBqhK&`<8|>{qg`9JTz}n0rPdk+kE5{@parEoFMs34A6Ya#A-mf}(X4l=
zq?2J~InydAT7~p9s$d!o*WvY6wtpQJ$+Xg_H4>SQ?wfApVwK=|7pCWVFS(e%F&uc_
zX-Y@eFP6PQy5=qio_9Zt_nyo=?@sdjw{$$OjkkkQqb*1JUP-OQ-;&=hg4>Y=AAC2#
z?90FhA0xky5zHR1Ip1=!_XNSbn1K&|8kR!@b4zY!d-vv2ZgwJj(4#&@FhjYS`NF>w
z%&`piPQeV9U`8|W!O%n1WXYpO2=1D^%;ks?OmAN1a@<2O4`;9!CMWh2%)9wE9^Y0D
z7%R1c?8;F?aP=AZR#>++5zKo9ras|Rj-{kgH~S~HHwH5gf@zs#Ugu=*bArh!oY-D1
z@L>eAHek+c)A<GFG>-?e^UI$I?oi<Wi8r=BUx2i6JtNDOe0|!Ob*5jRH7=ynXjJ%N
zF%DX;x%P&2xeEMV;rRFgAFdiEnY?DoES>h2oY$n>GSZe7DmXBZIA1?gzH6E0A6cd$
z`L)#_?R@SOXB+!Y#&h~t&-vIDe#KZ?A9yxW*@(;wTm28u*|jth81T;z3@n?k4!-Zx
zhu!+Yp!?-Tan0WgmcHVa!msUGr}_J@RKm%=SGG>u{S&-TE}Osi(ok;v+j`Qqc(CU`
z27%}YRQ(GNfO}q#l3e*uQX<q(X<*_H|L%Jf>YZS;b7ylt#<wvygp~VON8(l95Fy@)
zQ`h)|ym99$!ZEF}^5Nx*%TBdZ{?5wvlGK1eKk4?xryJc7eb{Fb>Fod8uKF0+;8;1m
zd?}@ij4^^(RS)&3-&(1}1IBF;eZ*&c!mb`(zCzjEoF7{mQ+Br0$4Z8mU#T<?FL&2j
zsPG}E<>^?^YeeW*3jOkONQ^Fwd%=QE#e&8>NJz#?ICT^pa<i`8iw(&%P-Gji%hAC0
z<9^~kPIm6leB?i)wce<!X*N2m0t2huEk?}O78tnA)q+V49`m)5rd8_xFR8{d7~UzN
zw!B;)Iinx+FCKdyY9{U>bsBUJE+Tc@J0seGZKmD03lm^0=Jtb-_E1diC-x%lLyaxG
z5c*hEqVV<}E#yw*l0U_2d@{1pr7?xyHU9o}TBwPVkcO8SE+e)opqC;waq7tQWK=);
zrJf9Rv|qcc&L2J;PFmB1G2;Ss(mXc5_abdqiSD|E9Oq$Z4`Zf7xE7y}p+RyyA4A6l
z&S96E7<Y9H&B2<hpf%@9TXT6?)LfX=TxCklX)a(Dqg5@f#?9-Dx+<f-Tp#p?Pb^wn
z(>tTntN_hg0bpV%Vif@Ds$vRpZEX`!`8;oB`j{5zyN{CIejvShEj*{ONODb;v0!m^
z;v9X{qYrxY10H?M(|x=z8Se-TEC>uto%>m0xjqWI7U>O0be)KvZ;ifCL{G6smtyqf
zx&MwA_MLnVI?`>q`pe^_6HAh_IWGdcPD)or3e;)5)X^S3Ou18QLCspfT-00x;}N~c
zNz(eiR@C}7a$JNVU@>fUZR5&eUa}iQ)3Bav7*~FT^RwGX@6sHfVIgU65F9fQ=pm(j
z$Z|4r$_>pqUL~3eM+eE-1>)8hv0$Ts*sz^}=pdYLN6la=7NUsp)FJE#mSPANtyf^E
zPPD`|q9uM$^eY=g+)W~GYf6jl7j2c&GD`#vkIy9e_2hW?gg#bu?MNLN^8$B1hWz;L
z*bK+DK1z_kOB>{9---4>AH*5M7!&O@MmvW3x2|hrcmF6b`6m(^jR5pqSNIzvrmm3i
zMxi+jMf)F9NDINRafXX3Wn^qBZER{4k2?7&+L8{*bXla88#G2Kz?mJ-;Xf+*b-BsG
zGgFY!-(n=VSE*)W6@5%<iI6}W1qn_GZ-X_Ykn#{CtwXo~tH96;jJ^&b&D|_$?j}KV
zuN5@+Y7D(C$nv9%;P#5iC?$L8@Ny-aW&}Z~C?&PlO$GyRU|@|J7-;qAN4Jq7VXJ%a
zsLwqJ5?M^qlcyub($dz!W1fin3;F;XMZ1mBz(8G2OG_&@%jR7Tnnq><mE^h$$QS~x
zPGSBH>EqS$Nn}7oX|x?W#TKCw`Sl)6Q+n|<2uOH3{2Hh_qz@S1TC^MQzDpatzId6Q
zbT1z1`HapxdftL-PI8mR53~@)>LcF16FXPsllhQ;A)5~wkqZLP)>bw)GdYG#hDaNz
zgc;CjeJuEVkdJO<5%-z?yQad-tF6&&KOM#pr1BBw1)34o57cHSdK)O^c8t4I)aX-U
zPV=@oyHWYvXD$g{gQ3e*-d6Yv7s@L(l;gV=#1g=RQ}r^e#r5Anz}TOKfU#4?SQZ=Z
z6jC^r>$}{<d8{IbSeAIq59nGJH&now$#QmL&*5H^JewsjnF-AtiF)%$geDayj<I~~
z{pXZ?6Md1uaJqS=M5C{Flp=Da)V)&bRIYfMrT)N<w*4l0v%v7ww@dQC-Hxf}NvZp!
z)TyLV#L9B-$mwDe{WF2FllTRa<$TF96(>%y67GDs;g2TzcLKx9bx11L2U5%@jzS2P
zD@wU2(~~GR7f+`Z6GP+XsrDMIO`($Ek@xP6aR;v!N@e#;We=oy^}#=T@=SEQ$}x7Y
z1|`b@$ugBR!c4TAS1@DTL??u#!M(cMQ5vBlM~I#M{gdYwnI3yUH8H7WFOqUNS;`@m
zEBaa6YX8@7yG`_n$}v2LA4nwr=TeNv<<!E9rTm1X{7^|_jQO|s?oXdF(KB2e!>NCe
ztY2bR(NXe3Ngjak9|VTW6~9ioYKi@-FsDaN%xX!lSZ}`yKLownnihU5e4aI?dLjEr
zbP1Ots-f5VP{de0HbwGSiR3XVSHL|1J;)`M+hZnri;H7;p6_xwwXvyahd)StIyrZV
zrH#2vj0^Vfbln8IPEzi{t{>j&Q18>EQj}sT{tAN1rWAE!lMoFOxK&Etk78TLSws~3
zHWz8v3UKo_?ZqnHSfv^X%kt;6ikwh@5nCJ62{2iI<L&G;7`qT*x-{M5$We~T<}FBR
zoYf79ZSLCWxSJ~rDaHAlcIL&_Eto0q=A3YsTG~BnsrzBi@&#J?KthVGM_DL3;Y(_&
ztAwKSb5wMmyqc_iUFj7a=w?GxGb=hfU_hOoS<!);v446RhB*!Hp>()Zm~x!t`w4=(
z|6FsRu2pK2c6%^Meu7{ooo7xv2(C8W&VoLI*>hfICFy>GdHlSInRl3oJwq@TmD`y2
zbjlRL>?@zx-UujD1hZx4#7Yf3_wtvScK_9;W%7&3Ou1s##OXc)Lma`pHp`q0r%U&0
znEK4lF5OK8ck}Ft(*<f_JHfm&JM+$r*_xt+wG2Bw;F&-zyB!Ff1h+YZJz)E8A((wy
zW@YaMf;pVQ9z6H;Cc#82GAm-;1fy3>Wbc2N6jVIvF93i;OVnL^coWsOpJ^VXH6;N8
zR0SLk0Sav)eeo*ww9?k{PLnnPq4Xl9V8Iq4p{S*Rp@npaC@KfP5B>1Ly};3{SFn^L
zYN0^EPel+F1(D;CbJ5BXgacK$<gT^%%udorGG6Z=_m+>zn!SIsX3yGtul<;{*3kV+
zA7B~>M{dst0dq0}KWv_72P>1`Ex_rAMCR9Lh%$bo0GAhmA6kQ00rTUK$n_C36s8D6
z!}Bvkh8ZyV@sT|}mH=jTe0YAiVN(y7gYl8;_jADfJp#Y4aKQtZ4~9kVAI9O3H#|JQ
zOYna<VEQIR=2r}uhZDl{L-W=uz?c&w%Wn!`W+#T{_Xh4-0;YFTc>RaVulY&J-efKV
zoF^&#eV@gC1ek#%!oOL@`z{!v?7nWm)s6^%-#(DB5ir|FMjk)>fH7FY^E-!=X~5jD
z1j^eLKMyQno=FbR?@nmIF94<?HDLAC6~C>p-gqr7JU?7iGyvw~w8;AEG+-`9;D<h^
zKLaKyJu<)1fVn?CJU^Tt6r?NDSF-@ONC7{$LVl|Nw=n`g+;VwdA-`7vw<iKWbP;$D
zFxpW8Yv8W<jR8#lsPO!77`Fk&Jt}g2tOCr&QIS12p9joeM$_}bUGz)TJBeeJ%{wg$
zaM*9M6yR{`JWT-(+x-FsIP71m6yA5ULfjh)aJZp#R3Yw5g}5IS;BZ^urUD$Xj2IUg
zhx#*40S?ENfeLU~Z^OnZ)A!kcD;O8Kzs&;7E92VDvpeDU4PbtXzz<&u`~sM98Ik!d
z2TWZ?cz*b@;wiwKSHQ2|c<6KE!}Gfc8KVF*;9h!uZx{U+x2Wo~l=a_j3UIh3_@)9J
z_P4_daM+&DD!}2o^OC~n_(dTuIy*8B$C*17;K({kAud$`4xe{|0vzh0=?ZYD4;CuG
zp?-c$0S@Qi>lNToAJk_n>*t#Q_i}dlc3%Y<uK{Mz1bRM<>)HeV-5h1ldr|=oUvHdO
zfI~T7Qi$^_z~QTo9=VZm#8X`X4xb}c0S@aeD_2>)<pXX;ZuolJ2mc=g%-wn6Eh$kS
zxbu|Vw+_xW=Y_xTCdk+Zn3ViLzv{|@b638y`|bzahxy^}`#Jsx%xe=P&;QN=<{uNo
z^TTOc8(>CGio8Cb3Yg+a;rUhKya_O$Pl~+0ybYM{lf(1FmxpnH(M<`=E4myn0aG_6
zJii5y@f2WgOpUyr&YT9%JS{xGe@Bx7z-XpNmfs-2q)rdd?+RpO0%k-(WcfJ&Q&te3
zpC9)@08?pe$FCC$>_6F*wbMTX?j2kB`=amAVZc0Lk6dq;?UJocxP2cSGXXQAF!DNO
z3}EsLBe#27A%=N~TyOsdn7tAB&4z*N0ATt%gY;%6a>jB0j8oY-eL(>Z^~)8fvU*d^
zfO5?U{~T!E(jPD%&1kou(^({+nXrzZ8Nt#WWeu3BnUUrE9ALK3{QqRZ&VmMpCWpiW
z49%h;1Utfmg8+8IED%XBG_zx*z)mifA`XV;goN!2&1x6>u-yZYxQC%>a=gFL)R2gR
z9p%;;BN~v9_yXiez5tp3V_$&Z=LbMv3JUBMBYmwIIJZ2(Z?dep6&1~0X<pZK>YDSQ
zB~}|fye_})Ml8>3G@K<ZImKeps*2Pxy@rvJ3Gf`{^XIvQoXXM#j|xFwvk<b~u7#EO
z{?;;}Z>(h${2QH|oR*fF@<89%)YN24N~&~fNlflzF;T9uAzYJtT8x;k>J^=wGJ1ps
z{v}&x2N#OhaH`3iB|j>gJCR{2*~#CRS@-bL_p&Mq4oqC-bib4|>cW9cgK*c0K@b1x
zI(hG)H<#SnR(|fs?DcDJ7xrE>_i&#F8=uL(GCk8j;@v0}&++XZShZ#i7n6Ih*z~|Z
z5C7-H%KAUQXQ}C>S#|QoUTL45ntW>S$=yBsTzlY+w;$QR`=6UP54v{EZ7zM@QhDG9
z(~1wiugx1j;7=!}ul}M>bcJfRX4i4IvF~5*+_UM|gbT;E#|lj&eTR=foilH8itQa&
z<E}pUe71AbxsA{Ld}CSK&>`9D->$yw-}>p%{y)OR4ejpWKh#fV6wm!{JuC2e`q4v|
zo=o5I#n}fN+V1I7WPeZNne>zOo7Z<9i>?{ht@qLY>hn(1cUw;6KL0Q7#ijGTEd$bD
z{>Y>mGq(3#jRwtTo{t*HU2Oeg$2X^++BJUQtLo(PPY0eJyk&Z0{4)vrzAxGL%KWO8
z0J(6zvekMhgKxfXr8V`j=(D;D%dfusgW<xJPcui(`?fI~AYUJU>-(*bxt~70>d@D@
zbF57n*<TIZ^0%LF-Z$)xgB9YkB7ig(mw)!wx?a;VdaQVHcj8|UFHK*tYhvM-6`!7(
zp0xj^(a7b{Lppm#%ASTrcW=FV<?3CNHv5+h7Vdgse&hCyTU)A1gO&JqQF0)ki&1o{
zuVqSlWV(hJ2#z!w7aC2W15vtQT;D!TW90I=c4=xOzMBqBi<1UREeV(tE!pzPHq41E
z*TQnsSZ)@}&5@>fTC$NtsY0pzS`q?-rp;zlXw;}ba9u@>qA_Y5&T>n+6rrcu94B7J
za2;OljZZv>bUSgjRpzaUcO?+h|8kC6@0Y72W9V3#T0m2Inp*33_4b)?`o!5J&cMr?
zmsoBLKGm0qN9G*VkwVj;F!9W|$Re#%wdCy<wUfVBdJru!81Kal#%XRK+{_Y21)D8K
zNd`be$wL>Ah$uzQRR7q=<9rk1-o1R=@Ap=l^{$Lom2V>F@kg!f?rG9tu*xx<`!bxn
z2QFl`!{|2z@@0Z9K_7sb7}O-rmt)pj(RoC2a6)@=eeET87Mh|94zKGbjjH9%xfuuY
z7938i%rbuU1T~*<87=Ow*BBhC78cV-FJ7F3{!8s|h&$QoL=d=lmcq#qc#@f8frXQU
z8jU0r+H8&@)K2DNvX5OsKD01SkUp~@(61~Am1P2nZ7j?!EuCK~Bni~Sg{0HLCJ7^g
z2y~QoFD2iV5zt5nKZO^=j0}jSFQ+5DghoCpz_2h5r}(J;J*<G#CeQeFoD1WHdD_&~
zKf|G>*TNu+Z8bKTnaxGwVi0uNI)|^&Y_!RKJo?%u_Y}K0z%Kcgw4q79-_@6SJ<KW=
zTS{6;zXv98YXK_EnD7B{C+mT+PYYC^v9LJ$S;Zv)!`=Ts5)lt)BEFvqb_OTMg;~Ia
zxLJBf6h@pAvVXrsUttpMW|Ut`5w8cem{nNY<Vr=^dVbMV4VQudiCKE+ZDN*@98GxS
z2&pDV9UN1e;LxSFL0?V|Uz5YE`ST^~eJ!!`&!_r_qfv^ep2}l-Dwk>9+3nm6bArll
zgtGU*vOhI8Kh6~`W{rn>y+%sbnTMj4T$*~Uk-Q2wx{RJClji`RiRslpr8YJD)Lx&O
zIC&74rvao8JsCBSQL^nt@L!SSn4ot!7v3T&PF9qHcp197(dw<qFKfwDYb3>>^G>sf
zRy5d;_d3!*s@`dFEn2K6Z{8T6GtTSCslQ*nJ}+7{c#iSV%Dmk@tBjnxySK{dtukTz
zhQwykY4SR<#QRO&CF6sVW0`6j!tDBG6Au*;iiQhV;-fqrpv2Ilz$oUcMPq?2^?IPU
zkQia^DB#_URXdllOJFkAFiWRy+`fK(zu)&nD*`?M9l4t0-7%hvywAkfo?LmQS+>0h
z{wt$bn#h$`f6JANs6P{Sb)&=SD~`2`ZQ>QVD|`Grx&^xK@c31}C(+>4t@S;L9&%z2
zuTh++_QK<CzJ}l?o!40ZBwFD@Z#NaK&sW<#O&ZqAffFbkf0Qq81+b{YSY_h!e&}#v
zXmDt7L@cmb#XOze>HkFbLyIe!Q#`A=2UDuEm{P^Q^9YmUR_1nKBwcig)SBV~;oeM8
zH-g<EUJ<ADTm7h-bBe#ZdKwxEyZH?b6Ez736Apl!TD69T0yq&**PdC~w`5M^uTpR~
z6N}Im*Gzon#O4ESy7hH8=zx-FcZwgcf3b}XTMl@r`!x8}ZEBzX9#Eh9rKYfcbYl~4
zbmm8g$({JoVR9#abTFuO=0`^!1KJ-^#U(-E=HiI!SQY7&xY@LVxqmGoR6kx$lkI7=
zq_t9m-{qVfHO@%fzr;MFQ>-zmZptGqdSW?D_5#%>HgBF$b_Vj+n4k>JIRB_2yoa+|
zm91=OT~f#Rm6BT|x+w<SBGINpTx-UPFA`rfV;~`?_zP4`zXH3X$O;usM}KIF{fca$
zK=NssoOXxjun}<iMbx<mn4Bl&O7pZCYi4<xemVdZ)P${Ght+1YJK*a0a--GLVw72$
z$(RPoz|LD}&hkz%kB6i&aKZQ@8(caCQskB&?^$ft@$R?84Wzgw#mr3;ABlJ`R<TK`
zmdGK8Nu-FStz*>Nj5^K**UwjyUR7~}NH6e6lG_?0xh?dew@H%Q!6YYiAvtT1<V=8@
z5|G??vgAxP6+UZg<3}HU_~DIj5Bvbln+Lh*e5GcN%+o-KQ_P9wrUFlkNp2hQa0e8k
z8HETHf`WvkF;IdWNFEPYWEB-aY9XY|2o>fo5azZ}VQ%dx%$QDuNz*nl>L{bW4H4!g
zX$mU~b3NCkU-epZ96ITuG?BoT;}8#sKR=I(1afhY;>1nQUwNm`G{CC*vdFi=Ebt_3
ztR(6UX0+jjKGe@yP=u0_`{x{Vfh(R>bC2&;VtiO%sMe)CtJcBQqTamTgaKJITB<L0
z>VX{)hD~Y>Chj5WQB2&+A&>jIgivwAjIygIKJMC(wzFD36Jt?vh`n{hrE{x!gVdU^
zTRNN|0b|)qxGf3wYJ$g%E5l~x+l^I5{O5hu=Kfc=`*t@4C1jRcu5KsgC)4`!sqf>|
zuRuI5e&+R@XR4J}Jaw?2#U6NVXzk;Y<~dG|qWK(~fKV!vQOnrSvQc_y8mN{EhMMII
zl3BiN!Zwhoz|llZo4OPe)H})<2OP3?14*c<)PT~7u{uiW%fwg`DW?oYC5xi>)$QVC
zyL>hl&i0dji+!nls&$_wNE*+|9*SMb0tfsT*u?q;);lQmM@B7Y67Vt!ESmqQz&^dj
zjOnNZa+n7hN&tNr0}>d+({_;$zqMzuWgrC$kp1QvK=}5UvER88#Lva%gil3(y>7ie
z3fl78WA1BWv(L)c>*(2ygoD04>ZA18r7tLmQ%zzKOtF0E!z;&Z6&zG6`JN@>w|S08
z+B(-HPBmH!ARQYiT`T(5nsEZ*kX5v$_KYh5dL`Z`;fhl{;W=V**u>|s)xD3^6OcHF
zy0!a0+(nQc0xD+%dAgAHh~fyU1MGG?h(sUfXe3}0R|m&`Web_@%m?^YwpM(FP=9Cj
za!1H;jOK;YNtcZ$ZSiGN6NZMY7@W(2{BC*Lk{yP1YlzP-@#&NnC=0Lg($kbfuf6P)
z{h&=ChG_Xj4b#=)<{&8F9(t}FRHv4q#vr7TWP&0qZtl3!Q7Qf7$uSB|4H{Uhew(#w
z+J{lg@8)Fh>$jNBAIUZ@Xl@0|UCnYusdv-Zxo;BAsA%>O3hU%Q2(?3ck*8%QnRIuH
zhNpgAns_b_OgtCXJ7Vlb(z?k>Ha%eV^hoIH>5{1RoHu%E%$ywG1*dTC(T0XxmE^CS
zXEroURTcO)W2tQ7W^9|jCsBb)p$MR5%7I~U&!zT^SYvke_EejzId|{Y!M;SVFA>Yf
zwQiz`F#XNdSbfu01pJ&aMb%b&#;qGW+g$CAZjGbR9#-FG>^@FgFw)Ra%&Xe$(EDac
zEbOYAFbB$!VD-6CFovmau5EG&hKAF2oJdJ?L%Zr5xXjGr0^=4<b*<l}5%c0(RbpNu
z+kx@a2%I~%TrZz{^8_f9o^y>A9Rd-vjXCn`YyIL8S8wE8ka`AG=L|`9@vSxzSOk*B
zw2l+=1gey+1wmK3`Vt7aZj2O^0I$TICbJcpiAUbyWj)}{OT@xegTPC?75$25xq6Ay
z%<|)?Tk_1(G-n~3Z7&X*ZTDfT;RHrmSz}x(DOMAS9!hg}vuVuNjJnP!j6p=Hdl;3(
zs61X?Ejf7k9*cMykp>1qo+=L$w}Gck*u-t;Y4mX|_d3fx!g9|u>K5bNBPv)qp>6Tq
zq+@g^E%F_@P*(57n9!_lThx2WenE7|YA&vwl4xS<481rZzs$2Do^uU%81^okLSjF6
z!L+1hf|cw*&1(Kb2>T4S=%${9huIq5(=_9tI%Ee|_C5T7Vd}GDy1*P~7{mKn-6hZ+
z?LemjH)~T>4V9u|G~)6fu4s&se$~=1Pk&RJ;NY9sL4E2a6-0M$za|v!lAUE++h^D|
z(pOAr<+m%-mw`>8{6f*%KGudylZ2Z<Py!<t93Oj7J2rn~Y^X=LVJ&*Bk{&{IpIbwI
z0v)^Btm`Dl&_MTmVNp?47&>kdRBI0X$)rD{=+8*{6Hk8z(x1ENPcQnTr$5rY0=u2G
zJWT?<y)`Hpiy<^?W^*T15cZFcijn?QYK^v=4hRfG%nc(e>HfH0Bh(<a<B9W(K_m^W
z4g_AFuF_mI;ONiG+kE{9RgBKEyd1!#520{RrzfFMlXNE(I@-n%3I{zcp>RzZMJU{^
zzD-&PPK<vg6b^*f3564ptAyGq+1Y5xAV^EKTUsvBz$HHt>L7}mP#?40FVJq7>JK>H
zP40^;$i9R^5%(e#axf4I?{o*DaEGZIq1uRJFjBW9n-v;V<0hd{58faYu93bc)Zk??
zbca}oFREBnQCU?njFUe=E5s*{8pchaFK{QrY&Um>v_(uag5JB*uMR_c`Y_H;-|*(6
z8>o;|S%L7hP`Hiy&O%0NR~adx8S%-<?KsD$u(C-BfS?rPVj0G<PbLc_+&>}gE?_w>
zT6*v#LHb0oAg9X)__Cpo+!F#lSm0b47{M(>Bm9QWf^)TzB-+UU)&z#K29m@Y$XJ$p
zA8R1NYD)h0)CfMfbXlA$4NF%LrdayUiiLYu>7-bF*^LEOtRbveDJ(Z5q*&SQij@{p
zEF<Tdfcu5`!UJC<;foi&%^I$hah;VCmslCRTq0VIk*t*Itd!X-cTz|xtz2l;jw7YS
zZ8}};b;DXOoQAybS#ulXD6Q<j<_PL~Ix7kW=;na_r(bxeG2J-l=#b~RecQ0{AJ}u(
z;&|e#L;d4v>uFf`B~jqD?K!Hy|F}cS{thX-I;3prkW$w^rL`*bbYbY}%+S+Gp{E(4
zr-`Ab{X<W?hYBLnpn?suM`#vsLGg+H-!`&@|HGZrCy0*h#k4dolUDI^JF4O3Z2+2!
zubUp{<yk0AtHx~rl7>sj<%FtZxzE6HDM{PH(r^)5LDF`yw7q2Qh-v#-+A(}%LDD{E
zX*g4Pke5SP(KKw&b4c1xEbSM3?LyLSvozH84w8oP?r9p1DmIeVkEP*gJB_3zur$;K
zlStY)mX-t5{UmK7ODhB_hosG9X>)m5l4UFn=hd`Fx_G(2KE})awT|U(<mLXl6{yLC
z%Qnd%MN7U0I-O8Ea4UsSud&=W;pimP9-fAq(UQ3$&D{^jd4y`>sTHf1JH&F2!f_Fy
zK7?Z>p+14*GD4l=seQYaJI$^*%c%2=`VKcd2<5IQonQ7)1q`KgmkE!~cfnXQxRjH^
zY~$P1QVgPvc2huCRJsKAWmm4EQV5E*AV_>T*=|Z6vp9L|!cQ$fIJY$TqTm}Xu3Y9K
zJc$JyyGoAlEuX{i8gl;d+<A<~a3GcQDi;e6!$or!%x4*ah!S@D6oFW~!DGg7G4i`-
z<`F}u#FWV5+fRwFh3G0AA;?rW&#-Pw$8DPbGg{92o3-5UnmR|zfBb(FckS^_75V<0
zlQd1+Gzk)*2x5_fg`yV1BUnJNv{r@E2TedMu~Y)YQXWk}r7hJ^XnHKVE+VLiSNC3Z
zeXK8vh>sRDweA%KToLe57uKa#6t7qi)b7ljd7R0luAlwq^3ihm^*i60GiT;EznS^X
z{OFUCApS8V7~x-W2??fn@waBUZTP%QCfj4F)$t5feSbzz(EfNzCSj_WI`l`W!<(q$
z@lqLF*LxhvDya-kf*(b)8Y+W^_CrW^50$}Hzb#1iFsDH8k5Zs;1!@zL?WQsq5=TX{
zb}BnS)%wSrQq|PW32HoiO^t_c`r96AJU~_YG-9!UpHHACxEQqqJvn6U?kJO#B5NUw
zHTC)+dV<rHKcXkNRd_FYf){N5H+mWkem0;dbjLo>6X`+C90xsVq=YZL(fXF8MG?pU
zSXxoBXmMFZ>WZ>eWy=-?K;Nd_G1XVLv;u~EhI#?m!OK@^9XeRK==K#rF90n<x^g+t
z4~w7%f|tEaheg1>c8$z?I&74&F9KV{Gpo6-#(bAQ&L7tV11hzi(|Uos;pQ|)WJX#)
z7=Eq4+%O|;K*P+m6ny8ZtDr#5&D1&%_TzG=gx*f~OMqr(ni+d8)wk641z<Hl6a3mQ
z6_6X7t#W-!TQ1rUt#P2c5mE3dvYceuS9f7RKykK2N!cP3G$MD=Ddg2MY1x{rkjkL*
zz$@sfhCV$^_W)j`Ph@hzT~4^0+QQm??aMM*t#N3Pikq@i3z{l3OTr6W^lI!-t@YPn
z0=e-K-o^>6;DA+~B^A>Pv@NRXDaE!v4%(3&_RzcL){`*KpS=-o<{xT3Z=T%0VFT2s
z4O^gg)wbV*qtqOrM$LYyka)=f0hpoGxg@~vcIg%i)!e}zTl4L40MKMfDJ+KW8>xm1
z>i%%83xC1Ejd@0ZT;C49sw0qLYi?KDww?Vc<306AFwWKt-Vr1&ZYu66GPF_kXSe_e
zz^ix)bzdI2W`J@uZ9v```=eYl)MYR?H9uV~uy{&J3VRMV-i&Ui^rF<z4FX=A+&`Eh
zzTYzRe&Ew-FIYlf5KuU1ayZ**L7#RCT{YZ@b+~p7X^lkgLDqKve*`~UQ3^Qoev8^y
zxFN~fw{{>4Lt}yJM`LNEzXd%}izNcOB69wwXQH(EiRM)Gx=h^E?8p_x0av~oOC`6h
zIjFRLWk#{C4X4$3*c4iS&e{(;o*jCo)FgSyEy(ls*>=sg*qRU7-fGV}0C!gdeL<`G
zqV7U+@ThIqbr#<gs}%eYPR;yMkzWc$jGpis(kSh97i<CB`eT74cZo-LH))FGE(s*V
zeQF$Jt}6*f`zxfe5HmsAtnX|3!ci|{f1%+=w?}tvC@9rxTFZ^JmZ55S7u643M`@FZ
zRUDDY4DMs<b~XsrP=w9kJbqd819jj}ZB_iTdJa81Tf!T@!HyOi;QEQ$=3RgmST9C8
zp%1QX2U>pGLnn+A>1v*~Ncg^Hx}arpw4bErWJV-M1ei3DX$tt?VCl}0>_L-?LyZ~>
z=tbY~H|F3_H3u)&4sfeGJCL72O+lzFeYXW|n|T-b?J%e$y&k+2xzTE?&d?ih5cN=f
zoVr=QPU~kmEwI*t4$9Pz$>MPybN2W`HBiZTiIO>+gKRKZgDC-%R&&~ncHPv#+@=jS
zG+|9zGag@AjOVO-($Q+;9tT=&+>?t|8~0p=RvY(>LaUAS-GTnjW7-tjwqswYOAZ}R
z4ed+pigzA^-A3{&VAM#d?<ulvZmnyT{ryUSK1l;jc(}G1Qo`-`drNJbTju}PWyG=)
zC(CgL$!N^LR;K1F`Grh;bw5W>FVY%&6_0D$mBOFO<VxYAGPzRth)k{&J|>eZYd@p&
zu}@^OdVHELpKJAgSnIi3SbB$QQa^E?3U!!6$L*n7m)#St!2LAY`^L}ss%GfHn+pcJ
zRMZkc(@}fWtFv6ei$a}7@Gs~a^%L}sY7Z>3HD7IOPS5xym=o%R&JNJqsXcH56<?_r
zJE?epUOX6yrHpfdi|Tuzo15kzl?45xOz_|6u5qMCzSr~!-T+GpBy`O{Dj+cBH@h6%
z5AD(V9qx4B1(VqB=t(u-j(uj(ww<%5C|qj~*J4+g+|+{bn;p6hW@mfW7oeqtYg4_x
zaHUm!#~04GAXRdL_Tz8pr#(meF%0i}5XpwoZJCMmiERRr!;Lcfj04eUJVB=_#ct;@
zk9vD%BtEIZD>rzJ4c>Uy+=MsbZuaW=C2HP`h;gc<&N*Ui8hr$YF`hG3Zk%NdMP%?_
zgJr5(0-p^Z7lm3f@rHel5e$a~g-wpBMbrn|)|{7M2pU8CWKerqN2;GJZOZ>iJpc)3
zn;JZEp;m)iJ>Zv6)YJx#(lFal5MJS8;T7iZE22YMIUUlT;FQGkQTwx<*tBzy$j!jC
zgEj@c4jf(24!xGZ|MoT`+P?$kd)u)O-B67*OPbqbTMw@hb{?y5v2B7oE?{D#&e<;2
zAGEE13%**Sdad!U*1AGj3VkR|0xiFK$U4&`U_PwwPvda5&Df5L)!C#CA>&?!mS||N
zxd}xJ{C{&446H(TV(*i)KC#_10%%5OH!w~ogRwVLov{-bs<!pexkSw~W<duy`?{2B
zQx+I!tL$*J4Fef+{Ryv`30go_AT7Q6UE~t0Er_Og!{!Cf_Hco*G@NG+=cUhwmFv$W
z?q=hB;hScL?}j}=4QxkSM3Hp$93C!0iDng48yr$mvbn@XSiA2X<h&CdcQ6BfSOQpJ
z0yfd(8F$jH!29S<XuGUG#{f^&#v#kZfSSy=WHtc3T2UiNQFC0V(d1;>n&$#DFwf)$
zLz~ok+-x`!`llWBl&sImW_-9B`9P&=SDgQ>T~}_|S6kSXh`qXC6M|gTnX;{UW~KsP
z2UK8DD54l5ei)mh!0?l9a(yc_R8@1R)nz!F^#iQ->bJl*a!djvTlGWrJ%PSxtW%_5
zVhL&HcI39GXp@l=(hCP8ZByR^w2gN`)64{`FFeaqipmEIdxjJ?L>=*8!#jNrv?tn4
z2a+r0=pYJYg@zn0*8HZ2qB{A3Uyg=RRneRvkOqcI=rHK-=LR#X6dC*&NL*Fi)K?&P
zT78R}pBFHz?#bbT$v}(eP7Y7EgP))co7Mbj;k;=;=$;lXbf~$+Z74q#D`9sURztbz
z<X5Bh`WZV3<r4LkKS%p5DL@)ru^mYj%@{hi`f2N`qEFTIsh&P<qE8ReC#bl7Ml8?L
z6AmwN8`p10{OZyLqOwuoAvD)=7x)K|`I9{>QVV^~_gc^@FjI<YbO$2=?@}_$(%I8(
zvIneg79<(GDvdlr#y%Ok^|Ybi!OJ1y6|&1S5RFYExa^`WOOv8E7;L+8jkaC+;A6Se
zAs)3h(=TPTf@yP#;c!s_=t5|U4vYyJHDX;~)Ukkaf?+0p?dgPui<<8;<Y$6;lWxZ4
zlPgVt-6U7KfDZ6w<r=HZpiw(pp!s3#Zk0iL6Wp(W&OP1nbpco1Iz?{sD#5Gj))@@J
zk^VT3j?Ql=c5|%&>AFt1_-bpu4s=|P;<Gh-jjbI<!(Q;@G5A{lZuS`th0cxfh26%$
zkm|VZR(o*35*P#lyn_S&jkr4Du5IYcU&B_P8t)6ENp0h7rC}3XplKY?;5K(65Bqkx
zyVVFl=om!6izbYt)dG8o#{(veXO9g!RuVd{6sw2T{q#swO8u#t1ZaeHLSwK*|3>JX
z0h*F_#hQ}Znsd#emT#b+!b)rlmr$=R3w-&mGSF!)jzA*(B2ck)6@;utKV3M4bCDCs
zCW4YKCp7wiwhqe?W4Z*()Rk&$o-M1bg=arO(TB+TK$jUZUeJO`+1V<H6($E3ok_c8
zT$^5rTPLvd3|7dop+O34lMCo-2lT#6L9*wlteH;C;3h>sg{*{Wru8kd=Iri}?tuSB
zY1h$-@QdJQA0*o?lL;I&oHd)Qze1G5Oz>nwxB_@G5<Sg<rzO$TT=3J1p725#JV#tr
zF%~as^%5BZUL~Meas82AwJ0=@d;Kxn`W>(lWP=KHdjd9f#biyN)px6r;P=jM-=wPa
z)#-5XSv$HHCmP$X>~uJkpRPWp-Z+|iH#vKns!~)FNO7^2LObjQ5Anf48y@qh?of*@
zSj}de3nJM@-I8%Jn;_2zI%E)5W)9?CvXZX0uB6_2E2)oOnnL1+4O7U%#bpXnpiEi5
z5Tz`KDnwbLi18K@F<y&hUo#X(uOEmf@9OM4wQw|bceASzFFZn-jO*BeCa8yHvQhjF
z&377|9%<Tcr1GD~>iAKPZrNh2j`cBTh%7!Qxx?KmNCpa$QGz6klZa73$U)q1w_WrL
zTR_d#ZISb-j9jX=zL$T*QZ3h&9o_}c?yk@xe8B6XA@;_~J6Ezd-KxVV)Rld!td~UK
z#bTTUu8TiHCHfL-kwR|4&Q+e~qeEC;XCxg4&&0LzG6`G_hi9PUs06y<o#Z4_WpetM
zlm~7~+9{71GX1y1#mE1SaPhxCWcpqBDe;BOA!1C61ll(Id_;}%vWkl3<x=e2e}7o@
zHeA+iE&up{q3@OnMvEK}ofrIbj}TR23tz$&tCm&<e7&@1EtUxhIUkx=XJ;+*zhs8_
zcX11Te^~V=@b|vvxsm%A`cqw4buIs{UL$;HF-Y(&DAK`yT(Xyy`JBu!%D;(0V(ldc
z2|4NhZ0C<H4DD11Mjy)Cg;TLm-edI=)GDvgOU9E!;#4w$96O~FWI7JgOU5|yDb_wx
zbleLusC%DYg1VEVtsfXJyw1?M3c>v6;n_#vKHif4>|%y4QV1qG9?b6##vaDH;-<Ve
zf6>tTs7P8ccJIQVulG1fy@e>(=cUE-$iSHY%O3SALzmNd9;9UkdX3s5M(-FX<TVIk
z$Z^!Ik4*XtLpLe}6J2A21?E8l^CcW}d*#K?GV~J)!9+6;5tuI#m@h?`NAOqv>gBWd
zGxQq@!60o6@2rt}tDjUMuS<ozh9XQF9$~yMzqFsB_bUWLqU?O8@E0RW(&=8m&SgUG
zLxtRjA&d*NEsj4kRj1Jm1e2;ocG0Qh=)BT|yoL#R4M&)xSliS*pRirmMhyfL{k=vA
z%)<p{bb?Plg_&PTIvuYohk;<CnbQU4%LV3<2=g4aS2m6u{s8WkD^`&q24JF@M+wX$
z1?CKd`3oKg-5noA7&_BHFwtYdXq1XrdGgGIce1e{&%iMJ*SSI{PliyQD-mWhuETk^
zo?oYnUS=Q|^rpJ<T*Z|~9WeeDR-U^J48xZvQz*}sLV3m@On)4^==G$FzhLO63<N`T
z)NVtxRq(bT`B0D?6(lD(iFekF@z+-_4a9EqV}-XEBfNzZVLr#!z)Lk>>$Kl@27*b|
zqCKIJ@j;wQn^&CY%0psS-AOTI6rRnciZe#PSASy^&v?>nDbJWO_=r6!Gm^mX^emO=
z-+i3$?oQ#|$0H0pB7&|%2wtX(hd0bfFwuQyg1|gpV4f(EC~*+u7`Ug2p~o5tCYsqL
zFi#YiCm~E0#<Wz8_>!Tg83`u3C0s2qPZF53sD+Qt8AmSHX}=;P!9+7p7MQaH<|!QW
zg^u@hQNETK2_~9(s=z!&V7>-n$l;b*FW&K2hORLZOf>T}f%zJNc{;-6;TheCyH92^
z^aDnM(OaJBI2CL2sd~vcV*5<zEKj>$g4(l-<j$4(TA|F-g)(O&%rJ~e`E}t!hJMmW
zFwwO!LtxGpm~%9HRo2GHj?6O?82U9M!RTw_aeDuY*XOGURxQzME$`B*vOwSty~MY)
zVo~LCUMI90dz*3OqVkYm-&^)d7Srl~GcpXH>N;-LKXKIR#VpkiMuy>2<#8j(pXZ*x
zgr&MHj$v5ry@%<$>v^u%v<*(V)7}zcJo#}9qtMo}IVR5yl0E`u&pT^QFrJ1uhGAN?
zDJIX2h-Uz8O$X*Oo|ZU<QK;tM5R+#n_g<T)?_Z{y{lzhiLT6IzV)D%5c%I0xR4|?~
zCWb*gXdU+Um^}H2rw>l~KQ9DEF&@8(VGs`r3$QXK&uoro!h|`0V>}O;7)GHz*B_Io
zfa3`d4?n<o{%T?vg^qFMF?k9leT>8F-yN}y@%(IJ7>#EvzI7>w=$5gtX?Bplj3f{P
zy(=||KCdE9ug-h@tc&G!MLfgsJ*60>N+34kb=FO~Yn$R3hEFvIr7~mOq1>0wu~aMK
z8HP_)!u5htx#4SBs{7&@hSzm&LD%I7y3Rv2KdjWH&4(Ui=tw-l5FPbVd~dUxxk6qZ
zA+LD|Gacu(=joke8M-5$U`Sr4dd=%5A+LEtUh@&A0Oz%7d+B6`J{M0gB(HdLZ+YD;
z<TYQ&s}y0N8#)}tZ!USNQMYDcCKxhaz?KP*NR$d~et~9V<CF{MKfQ*1<#aQ{@NL7(
z>G?1Fc1~rf7MK}^Pjw4Q)sNUx*;CVWuDE7~VS0XC%rcj8dUe5$FOD;wW;4SuJwH4q
z&q7XbtXx&Flkxo1%rH#P_m9a_F6rZBmw!9tKE~50fnk`QkB`Z7D_5(J-ty7SjAwiT
z!!SL6PKw2|h~r86Y{od<*GXU)rsq3j^7uHba?6xe0p0gXU>K(7kH+L#%#~-u$@e=L
z&r=Bu!}R>SF?p77JlBn1S<ZM4Brpuq^UX1NmU7?g)#HT<<2j$eFig+?DJGAf8&7Xt
z+SI^!h9okKLf13zkI8czH}0&>zfHFyU6{x)3XKO`M|oiH9*6fhN`+CTg0rla4V)BW
z%+-ku!}rr=C>6mqp8W1SOZ8+T!)UUW#NKSkN^ab_a@owQ8P7+F48v=`<%0Gr6|~<9
zgjs{#c{cU&&S&T|i3Fp!miOXRe9f=qG|~@`HPo{b8j=`>f3H<st^Pdx<Or5(N)p2`
zJ@#_U+^Y~zGT9^hLz^!5g-Hy<^w^(b@&vf{^W@$epV9TxB!*#n?17j(L5`<%&`*;X
z&r3-R!`rJO&uYYDBkkvd%888Uvm}OLdTdQho;4DQybk|-^31k4#uH~@7^cUTP#&U@
z=IJF!x7-jjuiLqAQCcxQsI!eN48wGbi(`iWf_?-m=*kIvu}mt_=XD3yFVxqr(%H{$
z3&ZgJ;!dGotPuLeT7=n+_x0xPSvr@YS6c`Mty;q)9$b`eeF>|%k@4@B`m1#<%EB;w
z32THBt`$mHi!ks|0Hj&?<rxn{@3at1ba~csEwgs-Y28S)*TOK^inDMlc*_<ot6CK3
z#n!45%3Ldy`7VU{7_U@Zaro=u41Lx@Fl2o`E;)MTZ9sBwmfqb$?so~fqs!XliDW0<
z+V2!Yk4h$(Xy)|-b4XyWN0{Y!WqXQmzOJ=oClgFG^9F&rUSQscFsI42DBm|cs9Whu
zCK$4wIT5$_jdVmKBf~~+wP&$jGLBe_8@bh<d3wnNGK<>C_0#_)B}5VkIzc7+H*FB!
zbffU5=$=@4v8=6`uf4HjEkiFzCYb0tY!sNo0<(%R&*SetF}ql|1GOTVV4|7t5tvnh
zxd~yu$NNnaE<cl`+ka0cm}urr0&|nVd@sWE;1*>YeRMrTZ%HPY=-z!FN=2@JU(|2<
zP}aMjNoE+nJbw_%bFWaI`w`|1+zy+boAeq(A5JD1(oc`~+E4!|<aNK0*Jf=O4`ZII
zI8?^ar;-UKn)v~Nd9%R0h0_2Jzms+;LtjWH80!CH?d>fd6!O|4<h51v2T-&f^xK}S
zzE`(*XeF3booxesLbr0g65b@YmFt5My#$T;JM|JL6wSmu{8+h-n}d8lYKCrY=L##s
zXtG(>-fYo_IGg{K=R^B-YgSf<;Zr@#jXS@zWK3tNHdz@4?TwbN=EqZA%|9a4{8pjn
zw<F98csFpwxY1{HJI+>uAz%4@YxF4dsUZ2P*Ou_8P@e5Vd3GSoG~DWDy|?}=-Kb|J
zm}ut51m+!@KNK(ry-Svrm3x=nI$rV?WsmbB=SRsqJ*U`PzOdYjy&;(ZpC-h~s+N?E
zk*@hyVb_w}APhr&m>wYgc+r&wX@DjZID*DCCJ<805a{&ywQL~JW~LhkKWT(4dEte4
zPv91C69$lFQM^reJMfY$f=^rm;vooN;do5qw?h)A;I&$QJKE0{a=7%XLH2tfUUYLa
zv|aT@AQ2VZ1HJbNOQP_>&Qtghpvu!E+;eTU!nW?|E=H;0EF*({QwxA5K!~!yK6G(q
zv-VF@7`7H2@=Nn^rhAX+Y$itL@U&ql^W1HS;WyvBy73YJ<^~wXibXN(lkgZu(H<P(
zfp`{tq}vzV^X&_63c(%SzTgsWkx>qPIR^DoLUY(XWJwagAJXWbu-m|g2KHAqi7nKU
z*h&M*)q&DjHAY^WN9VReD|@c=C)Jmfg>3O{a~h?W2KW2w!a|YVDa@;rYvd@DG%eBk
zs)3|>P#IHKn!yq(wW>!0yo`BDRohD`wpjiE)RVe@hc5ttLrdIU3vg9sen0n-a7_Za
z=q+3|g*eHMDOgEz2#B!e-1qz5lLv_i8bbmmF(he7K)Y#*8*p-SxU21;qaE5=-DzjL
z-JOmz3|hsNOCS+;RY0XE%E*qL2Cx|1mA9n-?|II-_vW#*owf@je)s!+-~W8i|M&j=
z8#lL*PC?zcr9-kiHguyj6K>iD%1uklGbVXGL0=@~4oW1vvVs6;tLCv$TU_7X+4Q6u
z(-ZSMgU+y9g0RX8PWnn?vNp%_R^xY+d0RUg+lg~^S2OM+$c+!i(Fr*X2Nw&*U6-^m
z)YoAG-rGgHc4x;HRH3*okOzd3AJjq9%dKDG=GpLMYkNDce#Y{V(Mpz($vT!WiB&8i
z%^H@FZUswda0hDSuwzX_O|7HWgX+4qbA7|c-i{_#q+-nLkUdUcM5-)yc{f)sOVvSs
zkJ}ZD1*5d-R{$(P3Ch43)WKtt+Z~QYV?me1sLM!%vSn#lXHbedWJk;y@k%bL2Scb*
z8MoQwF#}RK;0ekOmqXGplT}s_?lT&%B0Zj8ih2XFXjl$OHB_NunzG6YM2<$|EzOit
ze^`!%9Wjsodz9UbMietf47nrGP}DtD#PalrPRSYZdBU;OFJgRICVb58@wfwiPioFk
zjEo<E?iX~0BVk_nng|)b;DQvn<bWKOC{CA$(zFO+DHI9Fvda^aIPn|8Y9J2;{c<1_
z@i`?**^m;x+~@MiKA*=cVLCX_y314Bfio8N``xmaH_jE66_gC8vLYoG?+Y$ZbuCr&
z__D1UQeEQ^&_AjE&Na238hSMs_3-sVCbM!pT|UX>@XJoGKPqwFAsB36z<GK@4@o5I
zY-z*23tCFZ?+HsPT~K8OA|}!Uy;3j~@%n>qk3<NIU=ZpAxty{nwblD#0f)yE^GY3^
zWPIZ7i6t(jZ3NsNhd<(WOMJe;OI3@ENKTL26ZOk(i5EK3%PHCN$U#RGfYN%%iSGNU
z`S&{<zF^3y%Rk~v(g9ca0uFyD<djKvu&PXzB)bDaZ^RW*(?u0+ns#%zy#Z$|ssbtT
zQc6YxK7TkGas^ZzjHs!dJs1l|g8`>U1u>>3fD?X~)J_!$1Z00K5>%sbRiC0+Ls5S;
zD0`tZ)P!N=<H{JCkzQw)c|4Jz!y5=mEP%9iU2EliEaV6}J<)JLo!O-H7DpI$7q#uV
z!+v)#6!1%!ABVT*0A<PHO*?I9fUXY8&?C{gGRuP&6qWp5Ps9}nha^I+lL-W+=5~ib
zwLoGh=MEG!Bi%`bhMdl*D;$$0wOlJG8;=euOHSG2a=T&Z!p)RCXv$E{pvoOS7!N%G
zNu}?}T)$B%;Elkn5ymM@>x26#8liMrF6@w9(CDKQX8Y090Md#L-Hlt>d`s=0o{%5%
z6>?}5Co1#`{N_p<JteA3ibb3r*%gUM8pe~#3Or||@zC|`C%QXf^3&X@PCW3h&0D%t
ze45%pBWk?xN6GlDT`JH3&6)uH#4QM^Rq`A+B~-Vl(M+Bidg(MR(=%R{QI8aL`oexE
zXuk|FRzlqRC&@LLtZD6k3h8z~X}0kihw3Sa-MG262~WwnmI?&j&T!Q0m-tIL`c;-5
zki4Z_WTNn5OVu}?P$(GmyF3zlUB_EvO52VGBeLx9$P#;Ym$@D2%#*_S7WFkiN7)3^
zUQ~)`xFZ>d^+V?tsJ2F2RGS5j0aF3Z>yi1<C57ZqSy@Hd(iP<^DwY-M{*;xLE?WkE
zqFA<^_&lByHslHGnqGB3k)zsm(mo?&8)CmpeMpvL)jcI+Tf;kydYB}nTj@o+JGYti
zxXG;at^!=x#2(^hw)*>#SrF=GC~uKP5FWHlE$<?_T4zy@#*I_R3jk)#ZBxrb*HW4Q
z^QHzjnY@F5`Dhw>=sL)0z^urbK7A3uJes4I_kYgH@qgU{FY5xgZh;r^mWYSregJ7e
zmcLuvZ{HaA7mNyqBF__}k~#iQ?|nTgS#Eyz=1Zee-j>>O>!@TMKXZI|n6+g=vngc}
zh%pmn&ZA~EHdnF^oZ{hxZ=ra6sB0pBZ<hg)a_qMb$>Yi2SaMH*&o|f+uia@unBRiW
zw?p#pSm-6@xC)3ogt$B;UtyltnBzMLwW84LL-Gygc@sMZu390`mcR39WZlhO{J>jQ
zOv3Sn=(i~?Uy3bu(IU2(6?shQ`bs<^UO1LKb|~Ibth5w}E#q;2q1a-96pQB+`Abp0
zaqN(IOgwSyz`%J!yu}`u3wrk`%N3tliCL8TJmoK~@xEd!dY_Ir^P7tW<)m^mIhv)M
zEgHN0VbQ0#pCis3({;q~X6oB*PrhqR>|65k(?5Jf87sPg$WxRPmyZ`6%l#NJUqD3D
zHGm<G4r}s#V`A5Q480N$Q(}+{MQ4@d<)cNTxrZRKEqNfzbktP48<~c(Cbk<fx)$M*
zhmFXPTXKIEN}=-2<r78UDp!lH<z6<8nB2RIG1=UnQXJtb5}iC^M6b+|^mtFPt!Okk
zlBJw0I-7gQG;ZqIU4pHP4re9yWaBtUHhcnP$02J2*P+A>P~w>RiIl)O@vJyz`VQq9
zl>y25E9XDyP{3cj!19X#1thOH@QOI1oW)k;lDZti*Am+oVF-BByeVHRH^qzMHzZGx
zg~Xl`3`rshC?Cog<U@qCn7&21fE<9Jf$Jrd$i|k~^AL)VztcBChz3en227~jKFK{<
z^eL)LT#+`@x}T#eMD>=~xAL=ncR!~b%{@_cO!=BcI9YT$_d{IUwKQ7~V%SYwh41BF
zExLj#F&AaKkYy0nHm)y{q+Rn#6y;*>c+qA2b(HvGEgVX7&peU<Qe3%7R2fBwaHg*n
zU4?9$ppJ7#p=3&M#g$?>sknjbt1#IVBs72LY{>dMt0?;lt+)1l$jXRKIh`ENGOZ&Y
z+`afja{Uq9Xpf0U#S^C5eFe&S20(ee3jvgq;t0vDm^8Wf6)NY{JSMhVG2~<TvQ;^a
z>#k>CG1SujEED7(S7A1WB$fA+G4UJ$(%e8bw(lz$7=_&2k3c9V6S6Xfi*6VtKY!;+
z#QjKgk+RTqTG?tgjVnHjDH-=!6knd{K-`z7_^hTw@rCiN=D5$ganx5p_z|8th?Lnd
z8)>Vtwwr5ZPgQ3L`LBBmHhzD(P*abo%C<D+zrKIOUAkb~MniuA3j7ze*<XHY<I3b_
zdm;e%ql4?p7ogCME20?DeV!6ZJV59HkpJc|CAUF<!F8oPLidI9W%;kaJK`?Wd;&#8
zADCZ$Dx-YGYggV?jwZ(}gWiYp_j>Kgv-adU>!5dy;<XJ%>jptrv+#8gZX@A!gV9F@
z>(&l>ALV=|YlnR_>o(!vxr<F4=<G;f?@6h7!yTu3!i3Bc^ANs`3QCi`q5Q!x%3udh
z?c&b|yf#a($<Sfn_<c#}RV^x+zT0uC_kC>B(xdxyJ%2Dy?y=1mR7Ms;J|c+|3Gae>
z&M_J9x5fKWbGC~6&u3HGsG|eFG2!=4i;tKNLup(yDz+C*hfRk+Jclj)+6HSMnCLs%
z@EEpCbvxk<qwghcd~%{?FDMXhoxR|%gj-=R&`y^K#{e6o=Wn~SSskj)9Fuz1WKKJ4
zGNqkj5k`TJsF3k^{Xy+(Xog9BCzPEgIV(*vd9Qzw<}i15LrD9IQ2Sp0)?Vk=Q_P<{
z``l;R_e$E=`M37+el1ON-_6fvY2T#iU*1o3YbI}!x9{lIzvg5Bxn#0bi;%UwlWgtd
zfW~I(nSQW9&J%LFo0e)9Ow+EI%F357RaZ>ec*V5eBycP8nO02Z8LXJl6`U6g)32CN
zY1oZ3TjAItT_w}3n2@`ChAXCj0Nh^F|AQ5Ti>@G6-O>tzHi=tbKrlKg@wj-nUfds_
z7q2sG`Pt&NFIol;7@oO?O0n-EOq`HS^MXV_nkie+2&pt&fpOhFRA4oJVgv`W%y}q(
z@2`|~KeEIduD~#2kAt%h5jHp6m;!o32VFQha-m+Pc?y|kEp%YiIsg+TL;emw%qs|q
z5^ErYadx&<T@6)Xf-#FCo9o0&h+(dO4JPQVr-idEX~^FT)9p7b#$zx=vghwTg1G*W
zIZGuxXo;hMBQTB0LvyeEy@%tqZ&-$E2Q8(x`;l!FLKIl2{A=IdhDYPFIc|B3q^5_q
zShJ9;nXUZK4MhVp7>bx)tB!Wh|L+}&*soX5gm<Xue9cf~oY7E(h!?a+tLlx4?#+$A
zm)2ZXRxYYq^KPs)ugxKs>n78hVe`zi=I7?=wI+IE@i=7ZK$c3nGntmV379$AQ)^B1
zRNoGmL)mKCP9|?H41iD0npz&Z)Yc0avqhaWPA0DfFi%ahZ-t(;{SYw6Qsrqb9<f1|
z?QQY$vzAJ!I5em`W`IMV3(o+D(o;JFT)E~si4K>cT%HHqkEhu$Lo^sa1I({xu>bZk
zVE%0ydFWc$*MJ$!Q73GZ$$K9#r*o#3hj^050CSLDVV^yPJa3+Qm3uOIXd?bNV0!YV
z&u>3qel(3d#N+l7U}CeU&+iL>`TN;Z%R2-A{WD;mpQE;)$>e<jnDIG(__Gh9T5o;!
zK}qM@?&F-&Xb4rt(auJ^6!Emm%DdIioEeAltv=pg5|0*APE@%*p3TTyu?c#a64T3Z
zubEjlh6SIAuQ%sV9b&^&4Y}A=DKI1GG4A&;U2@pCHYTHtQL|IZ30%?5LB(sXSNb`l
zs+lq5*OjyhjBnL~n6mfxte4quM#C4iF>Y2n!xqRqsGf(_^FS7{q|H#pKV)QteNw%S
ztJ4BSFpn;*iMh9V*tM84HxVOmB-F!0quj5ayB_DRHjeAzu72){bIH57>u+gs60X8K
z1g-IP(nSo~od-;1U#Dy>8SzR6#b=WlO}v@fumFFf60=vq)b%9i#vN;8^uG1Twvb$1
z!#O)?G$mG0rAja;b=EcmGm9ZBJ}Yx_LlSPZV__2*hw=idm5C)W;#$Q+LzIAlm|kAU
z3vB^*{TbhG=;MCdc?>qLlETQgs#_4WrS-Tq#*@5-8oNZwoGQ(aI&-xaXwexkDt>G@
zhrZOw#?ycb{Bb*FFCm6GiQo4q-wd%beLwaSDQ^xjx=Q>Ul-nm8vmX#YncOZ!RwV_w
zcYS+n6Lv;An|s@PHw!hbf4<?t+mH>ZKTZ7uDzdu9QRwzKSNp)78l1!D3))6=ub^6S
zEg5l00?gQvWteJ3E~(;Xo3T~Kdw5~rqhpLBj3Kkg(MMl#0qtTi=U2v%5~`Q$#8ZrP
zdnu@>(kf^-gO5qruYNT*tx^hpZ=ht7jj5r$5^T-A$Gmd1@0-O}c1-ktF9EBkYSSUD
zo!PmF-L*<%pXKCgm4^6HWq2*FHZO03L{F8|r}d-@yRmB%-MAnIz6nmzb-9<hJ~LYx
z%?B<$8!|xxS<554Z^$N$t%~&yq+pe0h^ibET~#&Lv=*j<Wk7_P3I<$r+?xm9k5|jw
zT*y=4-2-vsUdm~_vv?3^(jWKQ0PEI7e>m>7gI8^}Moq@O1(RyZJkW(qS6V?CGD9S*
zK>Za^txfo<Ntryzb$pQfJ<45O+!g1p-Q4w49``lwdXu|G_=s|xyVz_AKY$i)=R_BT
zmKC))3+JD07|x}A-^OP}q@iYU;s&&L?JmwEob0&8+LVSu<+qE+2QHW}Xa5K^j2?Sk
z!eeYfuTSI=kHNrN*ZH}Lh_R{;yo{_3B5~-P$}U$Y-1nR05%>K@szPEVHLJO;axA+i
zmnZhTU8ye_aYC1inZZ>h^X^u&8Wd`YtQsxA&A5WH6xc9-NgZ}=pxeOOV&BG#;BR=Z
z{YT!&+2oEiW3psl&5ARR_F<c{wXm*@nr1_GYao4fTpggC6sF`PMwCarxmufa=niA7
zBw(~r3&Vy*;LhHAFWnLtvZ3vVZPzAx%_~RxE^h0y-<;^ND<kJ^Odr^pJ{SRgFuvnb
z|6H`2QfC_06dg+wX#H6Y$_N^Rp!^2jogiZoDZnCLSRya12rsOMxxU!Qi|v=ZphtBY
z;S68RTda&q;eUI-VLe^<{`J9oznW~nL7>wM{UeW}G@m6ppLDubMpu=2Yj@^58NZ-w
z>t(Gk98l2#-A+b2IU=Jd(fc&&)4aY_6Omy$CQb9qx9gvyI_d{P$1f?3AAGB+yGOHK
z&z`C3zaCHXc`+@`jm^y|n4hF!nmW6l&YX*x9}UE4F5<86v#99T^hX1l)q0MepyFfO
zYIP#8PqXUR$I8`F)ckmVPpKN~3(ejG@iR?IUYn<T?tIB`HmJ&(ts~sk#+t2r_|>uH
z*ss-Ciw!DfI=Wv%!COv4UwP%YhBBwhpknlOkw1gO6hg0i55?TLwDW|D{yPK1q}KA>
zG|AR9$%NqcW!h@Ldj8B)D*9&zhGA{&tu#9157K--)e|Idnu@~tj<giso|ZyFl=~U2
zgTt@gSfrxQ8W<*3@*ky1wxvm)#~*_tOpE-Wh6wGtfnic5&rg#)FHJI`#eJQY>Q6@h
zBA~esWMmkwX^p9m$n{jvQy-AsnU)@VT6zd|?it$iPhaeoRdlhDVNxaEohJD%EV;}m
z(0lj2>+vfZ{PqSEPS=L+O^qEJ&|Q4^h2Gd~>TJgD)=lWHJ8^cj_Ov#(!%9Van-Kyu
zw;ZWb=Fyus=tVcTZfR{MxJ|w7J*{2sPm@pfuJ7q?Y$70t+|bpzbwjuIkpRE48Fjj2
zv54%J=#q*&XGwVz;c-L)u`popQcDBDxz!3>9(A}qE~n2S(Y2WV5`5GV^2D4mzl2t3
z<dH-ARdBaU^2I_Sm&@ajDpySVw*vizoK;rfMIHGq@tT1I6ZhuUCpy?0IdZogKV<^n
z#vWwl6y;^ZQ@nn7v6b_3+oIMo^Wm3K`O`@xw7apRxpPxP^br!q-dW~!m6c~cC#cAL
zPOyCGiZb<_V6L#X=~Z{#JVK>7**U>J<IK(pBBl)I1S$K?Xt8}X4Oc3q?pq=nikpD@
zfmxlcOtx?N3&6Z>o@O5u0!9Jz)70~Xl=Pwa56w#554UFA53dAVY?^b2Z4j^qFrQe|
zu|Lyy(JD`z;XZsb;CiOnH%BHD`q6#aoT<+z(8~PnoSA+16yVNJv%fw9`TQ0zZ{4A8
zQDpiq+G+aZc{BU&D!_&3{lV``)2@8$`_hY^^*?)gwgK^yad)=r&dV_vx!Yi<s&6Yz
zz)D`OW2VmrKA2F=mi5)Q8L`#lI*p$Tq9B9HTE8W2W+F!8cQ-mKhBcyjAZe+RO(*y=
zv0=@yG7A69qmw8b-iNbd*F)S@%|knASG94aV8H*WR#MOfU^i$7X8n14u>`-A?Zt8y
zy%l^_ytHEi-OuaIdIztGM-#GP$b#3jy_XjsNQ4C=-IG44j3RqE|Dgx$*x$cs$hKs}
zyg)!U6Kx9sHDVYzWB^zqAZU;)$NEknSepcZ#P;G{W@LB+`N-fQ^5Ru?6+etp`N6=M
zSwrTzgWFdfHKT;ReEBA_$}=Gi<=r*7b5%ZI`aVqTDlRZHGiPlQh<you%88xDCGdZe
z@)orD0KhL15D-hv%)mRq5WETkS8*v&JlnGH=IX!|Lw_vMHF5qnx*MQOK=cA0z0C#!
zwo?HmTmWEp(nOT<M4%mt3x?iz+N^-xhEsyhLfF1pR~9j1S0&5Pi0-S_*cPIp0|yJy
z{RZ*Z;(lW9^&qNQeEsbnyh6N>?md%@Te36#bGm-EVFEn52W230ESqo_cP%lH*_usQ
zV_>*09=d~vBJ&}4Viz(HWydab*OD9~oG`GRb3Uw8VGfpsRyOgSB~-E7hgaH4|C76?
z0gI~IcFvq(W@JWZz$r*6M;TN3NpMh6ED#2SBpL=7(p1tbrTB*eW%rU{2NFC?uOGVg
z-o1S<t9M^N_uhKF^7gW91`N^4OjA)S^Yv9Cp<OEkO6Kjg_c?pc%o&)e`@MVL_xL_#
zv-aL=?Y+<5`>eBm%bnZ@VAdNe5ox0%VrT_J&nk7fQwmGNNo^wyO^~^rkNGeBO?LcY
zJ|Sa9kPMTRI635u#2@@KOx{evei<gM6zrE_GLB}LjBe@&n;O4#t6*c}Mk8y2_dBnt
zO5xm*<<1t3bkGn>s7fWBNd4X1fVOTkZvg2Wd#ELn(cm<Jer+5GIb<_*@5k)GHj^h_
zYuLRYl^@Rzq0wb@wPe(PBgt%MbuVAiAyo_@*c%syy<P;afIPME3ym86o<Q%98)&IO
z_|R43e24^gnU*FpL`z^&6w*fxIdqb6k2`3}N$ear-(0=!S2gJ~;s4ZG<_&c<wdT5-
zO7j$Zc5X6Qz9l<y(vnkWrB8{ZJOD}iMRM>?SBN<(Z5C6BlTU%07?M<5Pdi(dS(4B_
z48}pewYo3bZ{9ty;^+wJ;e1)77w@(hxOmgAse_e|qX|rVov5M7?sOrns5IRt#jn2!
z-QGZ2`eYIyqa|2$V{tlr$!Uj7-)W+lJ4wWA;s-!>NyU+nV-V+`oZ`3sv+){&z;6as
zIgzzqE!^Qmy)+${9;SU?rP{f-XuJ1(dOz|c3W&R?xjNmvu%zgQR5L`#j-)IQ7R)L1
z)YJjq79bS&y)B+3*WuIT76LJO8G2V(5D3crbn?ctx*cULkPOdeNrG32B>i2G=Q9H_
zL3qRC7igLEu#D5<HPkoEXAMmtPXQGWe*F4kAWV`BBa&$}_b%u-ViUWH*>~aI%%T@C
z#1RAv`Q-M+15I*>)KY-j(;B#A@ax%c6wMmAXT}(s?$=;Bv&zXIegj`NAC&W{87b(p
zIgfKYqx)tEE}J8e&NkJsI~}L9J&&_Bdl&@Hqu?8);F%O0BL&A|urcvcuynSDri+MM
z;n2E`Sp$y)4cq8H><`s&)1WCE{TKBwYGL|Dhadc330#I}hZ--749_ODuq=0~$x|X1
z@Uf9I{LVwSXOIlP0yr?kuK*6r@XG-B+u%#`Nrc~$$cFq@MDVFU7lHGb%ckB++RO0N
zM&Kop;aL_TEJ;a3m`n1%ob=ex1o7_il9Zrnn2XEMt(N4Hq@%>sSBX4Psl_DBh#!DC
zdC}un;d5og3Kn$LmAlfWJK>6(P7??Mjyq5@rru)2J17>j$!4FH8m>MwLYT4N-~#(`
zewif&+^_KBCKW@1%rxJ*v{05g7EnWC4}30T?SAk7K6GD+4?4Ekuj&XZpo(?)!QW(q
zqk3j!R6AIFjAW=bv0zbvFuC;V;u2|18B4N&XY7Y7%Fr6)^?LDOO#ZtiSsaYXf7e~b
z3cE<p;$37Eb`fN={KuWG`;~Yj8R^+F`JagjrLax`vs|PUu9bjU&QuC#D*#W7QaD=y
zc)Xa~(;1o|FSBG-{()y}Jwuj6H^PztcNFZw1LKMo#B2|G8X@8~zPCke^eFyBSPCOL
zJr<lM8@*%EaZGTQ*riAD7*U6&z;UE$P4V>y2P{=Sp63+7A5p6!*dwanDxXvRYW!X6
z*T3G*4VdZ{!`(rqgD#F@&TWDhcbufz3}AmPcwT5eRVJrPl^~r^JtWLcg2lfbajukw
z;(_mI#jFUL-sSFz?y1ob5!(8G#04?=@b-PczDPca7E^u+)TB3I*fPp%)lyz-7yY_^
ziGC(^D8$d7V+!%}=f5ewAzGS1GhpKExe752J1L!|r9oPP47&mcs3bx!wPGKIeL_p$
zE5%X4%|KulT3X18bWgJ)f7nlJC#gjKFh?cAHmF2=zoxK9DeO-a_AV`bN^1uw%ostX
z6A>iik4fR6uqs;G5h0GxtQKMEv}C8HHMG<~OHZkZP!4g%8WFabmey*-`EIAM7d7I1
z;qeoG__RhG{dcsTPD@uvE7n>mY$+}MMl0fbLMw9Bd$i)`Z6JS*K6C;ZY>@Tglx>Q5
zqo|MmJL}+ODQ<5N<*AA6tG;$Bsh%E}t`~Kh6mpBGU7`>O+ijr`sic$W*Y6YL(oH*m
z`zL8QPO*)shkiz;b$&wz**~IQJVK@`QpvPXM0XAc5rkzEGTcsI>*KUd@I;3=IJ6AX
zCxZ;gAgoM7X$YmElsqq@%lCK45)}>CFupbfmcj(K%3;C}5G~irt4GkvHwcO9_H2)9
zkpuyjq|;?X=&FgHK2@mgU3%@CzIknAq<VVz`6DyZbJvBTy(U`u(*nk`8Kn<O5>8RA
zyg8^=Ud)tS-kA4*Z-iZbT6yVs#>vK`myL&L+~HmTx&P{@E0Tny5lXR*xLZuhk*p1f
zR(_ID`^2wX{za0MLFsD~N-J-`BfK5;$OK_c1yIP!OwG(BqMHg5Tq!GSUe-LJ1&swX
zYO{0_;&A0%Bez;rS(2aX$VtO3aQMnql@&NTQw?cSQJs#1NRATZ5<_d&t*wSopu(RU
z(Q1=FQGXh4RT7F-;!YGQ>Z70?P01;;7iBNZ&&d*0us<&nrvK!q$~8MHJ3l{vao(-j
zzK~jY?J`rzf@RJI$yw&?x*8JDFUOvpC0Pj^c#bSKSy>wJ=hm$JqQauwyzC+$<^mdN
zEIo5JdQoMjr9zb0^_4XCm)}#81X2~T+OuxSx98kkR1gd)j5Zk7$PKG!|1AA$nl(k@
z-D<%4*BxVh$=rkKU)P7Jf4vec9+1D<4JY+$km+Bu+<|&LU_RVodaa&A?FK@4!2%Pd
zRE3A{M%3<>5c*v3fhZ3X-)~X7KZL;7g<hergo$q}x|*AHqvHd1`%%=!s`qgWBl@qQ
zHtRz81%ZWb9cq&?Hncu`18Q^M*#GzXQsL<Ra(!uo;&1zrgfTLX62hoMJWmQgS9=(7
z(~-O9I9*%3o(oF&LU${<PR6j?KHOaFMZdhwQHI^d=3)Rb&BaPVAbWwSJH4VqJXF#j
zBSCuL?)jX@>-6-X9?Ek55(hrNTfGpjh~YXxt}6sBI)T7Aq|phkhiP&CR0qK(#M34H
zxr%x#aNpQKsmghju3C%f9iV8~y##P?#<)GIoy8dUQ3S@gk8&3YZoXQ@+qHbYo>%av
z;y>euFQ14X)cwffATO>)&DQ6tPI%lJwllt)A3$|OxGvV!YH<E#|2dCG&vx;H2tLf8
zjPJ&Ear{YFTg>Tdv&D1Jz<v~eiXTGt1Gvu2pK`r6_rjsKJ)T36>?J>X7EJGDL;VkO
zdeafTgw7p{g3(LD^v36<Jdf!SYVoIVT?(ScJf3$2Qwx}18m8C%WW!oHy>vwH<;ylc
z7`+9U-hbTg^~&d$h3B{T#IhFo{A`%sl&FW-$?4@IdXH^>@(QKLpFw?bd?9w3rI7D&
zwT*u$=iWb%8J@a)6vE%ccgLUCeHuT+ueaFQPhGEBCu?6TATvD~{~38sXgrOYRa39)
zhcGAc!w^oVQ(QMhGwVOI+#b&uL=(n2K>KB(85S>HalNN~9HIx~97L<vE$oYvXpS%L
z-`(Rmq{nj{^gSm`Z@F>iaZCxX%&@p_h+c`wrj*mWf~al(YFBqKY8FJR>&K&CV_Jj~
z9c4PE_SFYxCkyi;^l)7vqIO&}w<Fl>%!uBOvB$m-MlTJ|uFteIS3bLZOfRD6ix=ed
z;t;)oXD|K~j9v<&cT&0Ou3+?Rh}zD=1eY*B>yULA@ApPc_Piml$E|`@v<_PbU~I0p
z4BPuR@9^x`u><^v)<f1Vwh-;PGp@F%DJ!4a;AuCqC#<LV_b?o-K&n3d%PXD(W7vb%
zlV~5s@|UcCbv3fK^Lw8I%pU8vY%Q$tO)q@-*<w$pj{TM&whm%iFy=cJ@977e#}Rah
zKV$7iIM7qnRloJlUV?QH@7+dC=eFNX#~9IANq-ZX*U+?G=l!voU2nxSrCj{jv){-L
z^T(|x_){1w+Kak~YnxSo^+W4NY$-Z{jmmk4KR(Hyuzp0wdKf`%uC`fU{`2XtJncI6
zFw6$c;0HARf%<1Ac{+_~1;w?3=TYhW<37N62%eK}5U;EWjn+10#`hk#8jTh`C*1&^
z1<dyeZ$gfzJrZF?&s;Zz@f4zY{Cj-cOP)>x!j7Ju4y}c7Bh7pIv7bB#bbk142!F?t
z+baX{!=8Keef>Wn{D7T3EZ|>&@Zb0SMK7SnGz9!`!+x~9u_+LL8p40;w&yqb<A)RU
z`BzE9fum1C*iAXivw_&*zS$L}EegbLLD(PIR&qIT^l%@{zBK>sK>TqC|DGc!6432(
z8$XHdzI>Qa>9n@9HcNWTBv+&Mk)sdxdb)J%BD9rT7O5cSR;MK97TA_>`)nN|zZZqy
z$Hb#-g6K*Ih8uj5k@sMqI?p-Qr5|*eu3#Sf^UREcEk(u}6_;mX_zyij*D^(>J-|{Y
zc4z!pZv%6O5{Ju{5-Zr=6vYajXuVuVCb!R+appcSjf!;@UgHr|FCAIjJ{9+FR>qn7
zFRkugrL_;RBwi_J&jX?|>e7P)QTg08OR2<mBP~7d=bE{T3cZN8(InCAKvaI)ELt2z
z1<%xaz?Byb0mFd(DAj8*|52(R0~|=HJ`%GarFtC>r>NovwOfv(Rr2((+}TWSF#Qd1
zuG|vw24q)D^br3|GQldXL^tKiQ*!%aUAHoOfgkQ=MS7vw9q{t2SYdsi`bDY)5uO^m
z3K1FXdg{P>FD>mATrEwMiDt3bfc!o6?=P^Fe2%d+HwzXGy}m@?5i9HqZMK4<MT${G
zk0LucBY&EZ?+fxa;E#Gi^!Q7Kh$2rpk^ACd0dwv~{K@PSB1$o9!Vs+y@teq0?ulq0
zFJQJ+Qp{Qz<}otNS{Y^{Z0iz?daHh9%yP%8NEv3iXf1LC(b_Hn&!UX#8B$jYsc22^
zRv@J{HVm;D5v_F!&#CRjp^ts7ucd87vDq}4z;t9sFu4oNI838V*fFJBR&K1hbJLa$
zetAE9$v}RVBnXn!RBrK!L#QkyEx0TsefHdRpDbjuV(G7*u`M@|q=dm_AqU}8F(R}q
z1k9t<>d?06pz>%{hmMf~?Vb&z9bCe1hS3gm3Ll5j4kWY#VYCBf-qo7W?cl<k6-GOF
zh1?cKJ2*yL!)OP}SPr$DCb5CfQe??&{^5IkJNUwl2_2h-Lv0=lVFM4^oTpHm*TaY{
zeE_vN83G@q@%sX`c_h+zfd{i~hv)Hfm^StAMH0LE(ddpxguX;=2FCjKSunb=uYMXA
z`gwq?(QF8Bd^e+ZOAVus?*~+|8nsyx<?|~WDHhV?=<xPca&&m(OGoYUqeIII9jMJC
z(V_Rjzo9m-hrkD3r0)RT@u6etJc-&oKYnz4a2daf+GtFnV`t@{HYKM2<FdV(xwqMG
zb(GGhS<G<yveY^93jg$GSSXk$2n92Lkx<b04*KPCL0j(P<bsWNZklgim|K!OYxbPv
zoa~&W0C4K8bOOdfK5~m}W=N+~kXMkiurwFLd^Nd6IgTav(p;O_?kI4gdh_DkB>`<9
zgh=q(?A%2KMI&G*b)oQ+Rv{?JcvWxsKR2O&nQ61<%uSy+KV!j-=&xb)Pr)czRfJlj
z9TTb3j~!<)Mn#V|U3GO#>@}p<go$z2UN^}+c}l!x>h;s6&qzp2O1@!cO6n{tt{zG3
zN*n-G0&k?o$8Q2I>4lfI8e0*YaH&mD461Qn%5k{#duj{*H2r$u+P&P6>YhTc<#8Ob
zLNqhdc0gnng@Xe0a)5J$GLJ88YOsW@)jM1TL1zWynTtmfP2<^sTZ5Gbe@exrEFn06
zNl{2`dmtu761DtE#IW@=K2Eh@`>e*+Kyz>jzSB~0sa|l(Q`1+l^e4d=&WBgq{ev{E
z=olk7c$qMtc_aPKiVX;MvjAf$b6VZjBi4Rv-#nYeSpE*YJ`E2w)3`J6k!RSgpTV8I
ze<ya-Zy5B}Rx}I_*G-&tfV;@tdrg4#KN$OWa9+0VYs2mXp3l`>C!_Ol!>YOjzRNRc
zY}QZU+8NHvY}3KtTJdk?Hg&TKifB0f+`CN1dW)(4fu{btr@{8IVnvJ5>R#TFEWA+F
zI5bTzF6GnJ4X}<`wX&viPMX9t=FjvS&maj{v;CV!rPTJkL5Xe8Tb1Cc#J%UW_BDB(
z{9n<BxxQ|i-(+zl622Ap5I%#q?*n8VYy6%`le=zWAjHsEh8p51*qr-nYyVDdLr)4s
z{1`+Z_XqA~xgL%Ctg5*+4HCxgG&Y>al|!iV2&z1<Q63cQM(VhHl#a_s>$qZ+jw?p%
zSTRaRr~_5Ru+h+JME3|nGB~z2qG2$yE&?_0y$EK^Xf4}d^(VNtsGNyi#de96U=vt5
zViRd1yaAsum!09g5>GEM#W$5ZL=i`$1(dXQ>`Fl-9c>nPJm8^`B;qzV_0_KT;l*xJ
zwMu_CDMZT%Ze=9$ij-a<qE{@^Ys2)2|A*-21@kF(N&GX+R(DgM;c+*rgU2UyvKK?Q
zTA^E^WoxnM*kR_C{5bH=YQr&(95evea;tlk%@=x)A|UK>?AnD6t+Yxb#D-DhOQ@W>
ziX>8}oh39n8M(3{@O3GM-9<0&4HWhiLk^os@hU@Nl$aDp84^j~r1+Yaz*Mmqmm-y7
zJFqMvwK=p@PD^W*VvmQEB%+Z?@uZSO_A)76QIf#fCPk-G9P<$+u_{w5PAJ70_0d`_
zE0%=Iq--NiTxYIcSyOY*rY)<@BzIJ#*k)rTs$A)-MxXBH+BIuy%=X+{B-amoG3>&e
z?o@pJ+$@Uzh=9{lZuLT{0&5?ydK<s(1TkedTo|WoV|YCV3ufc|IRN+7MPc7Ww*DYO
zk<_yRjFw4v{%GPc25mgZ|KO^YxK4Jm-BnuthbkuVJHhVPS;e4Mq6d<ZLp>BNn!4;Y
zK4(A@UMxihxenx%X=VI-Qq$rn7)8A$wl~(bNM(1H@ROtm`8#5mZ{$0;bBfwY+&QLp
zJo>LL&U$2Csl{S=ydAv;dZXXO(nuYc(kpsZIGAItB?Y~Y%=~^b?r)p=A+1I2MBYG-
zOF0cyh+`e$x4r5q+_uZLnZcsXol%^JX*`0~;Sk#+bt#4QOKiuHl&;#Dt5`6$R<$6q
zE|R+dPNhx#_xJKK4ha>QAEJbozIJL;f9+)Sno1FU7wpb58XwA3A&$gmq2;RuIVXve
zM-E9cm7b<iSQ%{xVRI@mtd*8vW~*`Sv$V&{LdYMr;&lo;AZ#|0t$`fGISk<=ObT#$
zBwRufEv;h2vHY3BUZW)ld9s3VKuMI#RX{lU<kEYqE9cYiPZkT$NbKnqWVh$37(P#B
z7x@;Pm8MALupU91&ZKNnciOaGh<wSb4Q=hk*zv(3Ue$3Oz)P;fl;<kMF-TS8qHRnS
z<&cc%R3R=xv-dm1=Jl?q(pE9Trl)?7#wK^mBGtA}c}-O$-rsa+ad^kpf&U)Fkkc1C
z?EGaK{LFx(`hicixF3V=!*(NPy~ra2^YAT{c_d6Ttk-60EMA36>lEVSsiREXZ~WM~
z7AjCBOky>ea=CAYwHC8e426nLjkDM;xQL>eO^2=8a*ql%N)v}4<KVyb8@?G2--M;f
zWccvSyp>MmUiu^wXaq+xz(syTEei;Ide7e=;XfFLg#W=XOp;@Snpb|O-sLl6l$s>_
z8$YW2dZixQ-0tf&Ptx1J7m@H!5Jhf=FD^>VP9-6~{Cg3ZzeT7|n|Z<G>-CaEFA&Uh
zS2Q5~<Wrl&*Xz7OYPu`!MYI5MVgQKSCfR+xk{Mqc|6W83aJ^^(d&{gdzFzAYUz=b?
zxMrc<XG!CueZ5{_!V8wQz3Yn0*Xsf!4VEPjjrE)`j-AuiOJqA@03u>)Ua?_iwJ69D
zAge0xTD!3ZKTiQtxp6fZo<Hn^tgNi5sHxrZdkT>XkcfVvK`5>HpPjOHgU+p_<b#)q
zLeyYiwhZ1C%Y?D88f96oijN=o+$|5N4Ui%r2wjaate=NalYp+qgaO*HL#W9|S7Qnr
z;6$jYL|0=5o7sS<0g4!c`o=l1&>*mEnHR^hWeI2qJX$Vu3Zc3SW!W<3@_A&t1aK@s
zMz#yGNO>JJ=O^zxB#KZyg9)YvJY$8F#)MGv4vXa6kBF4HoC%?Z&>>)gI1T{=H5fsm
z{-Ak-GeY$PCd46NsO}L(DL3}6mfnqU&s!#h8VFO38GWOGIfjS_hDa!eNIZ%N@{A``
z1ei;J2*;vw$f0Dgg|^!k2P{XpIg1&g1|qhM89iU@WX2Wm;tUJ`5ACd0jVl0vLrc_M
zeRNbsmVcc*LYwrYgEWvpfCf4e1SCll1cIhJouorPNGBm3F_Jb39g-LlOu8XxNWeC;
zG|zT9t7rV0;~r;5_w1~?I)j75dPqW$kWu_X9TnXXhaGVkkW~@bVJ2I*>Q%k>`s=lL
z<`3hMyuA9=t*Tq~>f_#9_o})?BaX{ps{$O)cse;nLcbd?IWAN3IZfg8@2RhZ8mZ2w
z;w6l-r8AZD*pGM1%;zWZ5+<Bu$>?s%LLH!`Gu<wfFlSQovl2R!rx-l{bh~AR1(!8D
zq^$IivgTlnUtA~NoU!Fj3B8)97&;O<o40ILj-N6<QV-4zDSb{z=|+sH73U=bckm$z
zUCUEU_=_*mb;R>RN;l%t;WnETz1&t&Tv}wcmRkyo%JNr%BpPhgtwlBYt8#Kz<gc<7
z*z&W2L!K8oY?ao^wPj&4W#_C6o2krF4$*Wg?WHnbX+`S_^K)e~XqmS(d1hOYrMRf9
z#BM9749?89@A<i+6goe*tY`zITV$sFW$Vfv1r??C;Oy8PTX4oOH7KaC*dWfj)he$(
zmT<?^0K27pZDEnEw5T{VdxR!PnXMKF;@evL+KSN3u{NOGQc#NOXfL&e&>%3pWx&@;
z6zUansl+P@5#SpLx%QyAP{A%ixEj5lR@t2h{G_;wLW>f83SxO@@V$%*%i78UTWLXo
zEzA`Pk|p>~hI<RU!y=6!TV=5gjlL3zicB;DA<l{LgT%Z?RM2R4H8(X&w_)&$uFh@H
zGF*Fj0ZtR~ACh&0Wb!}@M`ORD!dg;PE^7kFT=H`p<psAu%z2QzV7GwZ?Yc~-dpmA7
zY|bQ~i6vzP73GBmmgV_b(kN37i%Lgn#ac8f;Pjin3XZ?1c2a0-=p9E<1s)7su;z{2
z(gEIc5p-`{>z2mmu#v4JSa0NH<z~s_w1M@;i<8L066q#OEOFW(zCbK-+HL?pO>na-
zUNWMIq&0mFVNR;tPyu@XgD^>x)agBfF#k5`2XMpU`$c-DL*m+1sk{I3vBKNV2O!fE
zeroy#)=c496CD4Y!hZaB9rkVZEEY^SsI#+jQ*XPdK@(mvfm^J)z{92^kWCbkp*(O_
za#GPvmU;NBR&-{zZ`Xbv-1w~6<>6cJz)>|VeP?ANcnc!-0vGJ542CI4(oMCZvz<cI
zk{Tv3UoOl0u$b54pd$TpQ%Mcg_*uZ8N=-E-dqI@cU^%!b1pk=c=GQR+4e@tZ!k!wK
z_oFTB=?RWHQvXkmI_y8po{n?WvH$NG?kr2a%$^c76bJsVqyVSzDcp?Z1xsb2<#zw&
zw4yIR75nn4*q0Z?zP!r%a=)@KA2990FIab`i{1IUvO6CQ>P{NEZa@Em*q2))_2tVU
zeW{DNFMk@;mxgG4c{xm9o{rR)W$dYu_25=TU(R5CIi2<8bk>*CSYOUyeL0==<#g7U
z(<1ccDp_9|{=qh{vBZdlIzih#uU`FAG)MW#Ay>{*x#%ZAj*~mnr>CA3-1l(<9lJAq
z+OAWUg%3;UDu$soyd$Jtn?v68M3gc_a+DA52wX5_yS8k~4ZqF#j$0K>tf#dxTm33A
z-g$MowzTz-O@!L+VMUfXE7<n)ypF_?jI?`*#r6~8#vGrdZu<#G$=hPEt%T0shH&@D
z;}wSSR}3@M{RxtP;b?K-euXfHRpK9l`<B-c=3)%=CJ;tHS=|;g4Pmk;tJBLvm@+lL
z#xUt4%zKlAY~X_U2OoTfHa1(nOoUsh5_b`n#R4s;#wF2jxN?Es>2T#X_4LT!>B5-e
z?BcS9!`1H_M30Zb<}?{$Zn!SUMl=k)!t10MjnU{qe8z1t*s$(Jn8#J<fvV&e2y-fi
z`b{8=Ud1*QaA^p$C{ewBw;)V~3cbCs2SAupiITW9T>nBjLX!IT3+)TUfP>F$Us7!2
z^d|`SjLQ9Q2(kA9!mQH;*)oTjU*6KiR_?n9cUt!YICYeXr;fsFI&}msCD(rV5N#%4
zW8>|18#}u^MkYp(%(ICFNh|!O3QVnE<2%BSS$TLlX2sKpFfy9J9AeQKUw)%Ih2D|I
zm#VaR#e9ESUEpQtVIiT8MNaeg^Zo=^1NKongArTAhV>*ShYqs4gBsz*fY{y5j%aO{
z&Ms@$IEj+k{H@%)!<*26!!p&@wa2xK78W&BQ%!z%n3lAoje3p0h+6j;g<7=Pe{=C0
zRq^k)YsfY@{sLTSyR?%Z93J?zM&<=}V?#aO2a_0kdUglvM$zuTfNc*mh`%gO?xB~Y
zx<vLGumYPnckXUd7%0Yx@doD;UH>ikrT1o3YYo&Kw|fEyS{fYo8p#v6mL|7Z(uoRe
zALhDdG)}x!PmC~E<EK<+m^q)BPiC@lvy`I_ZgWI4OA=j?7;6?VdKo=N8y?r?ZB53E
zUbdFWy&f$iZCQ%z;!S>vm=`!m<z;nCWOV}tkCiFPQn}!L4;_)<;#D9#sHzs}DXG{)
zsL)y!V=A~ZHNqWebmKr}bv0tW%-;^4?4P-B*P2^7uMRWw{^33Rt)6cnRQT6@pS#dl
z(6FMWv7#1=F1HM9St5m!`K=rmiUTi=vE3Y|Lwu%9=BQUW`svAksuhDGQKF##&9E%C
zByJNNB#&r)m$kSsuOT@32!A%scR8icps;l_4`Vnn@C9$x_`#3=?b8nq_a{m44Y=z_
zZIhVI46yl5W|u<-&U}`d#hzg3ZNyJ&7|zO4!3^zo{8Y<QT`bkj%I##F^RRaVEbsj+
zZz8wa$Yo^Z^cvY}EdQw!?a0<kS4hEb<~FATd<@GhTF}wiQ-xhBQqP9H=5KvR40%T}
z-~3q3+n)+UY16*F{H=tqIJkUk-<K}(=dh6wlSQ3u@J>;t!Gu$8a<HqR>+#jlt+-jB
z80*4Mb4B$qaY#+fdTwPbDP$~J&(Uae&CEUq^0l$as1-jAu+%-`;mv^kz7gA+jGjcc
z2f&I_j$8m~`3E1pg&2%csL{s0p4};tj8UkW6R(&FN)>NH4OV#BS}6TEl?E#zM`n|l
zYvy0uyJ##oZwroy!;Z|+BVENFH*S%Lx%$>!3ncVrhQVb;RZ_+t-7Qtbe0$9CyoA1+
zVbqNY5;=AMZ%NGf18R1>;l*D|=zAH4l-1nP)#H{6Jy7Y5n-qeP7LU85L;0r1?Y>L-
zrfaLalZ&8YC#En|Pd@9VL$Y;bP<G-{yCRzu;fidD$lvs5Cd<%|E3U{=1CbJT-NWVX
zZSyEaKv6yTNtb4^0oG;vlTs^wDKi-nqq2pFn=UBc$WNRp3U$8nN3W4#2>(R4t0^Hy
zEmI;~>kW-RM?G3TAID#n&^Ly}pIfEyuXt^d<fs8nRqhv0NNA@bk{tXrMJy}!*mAds
z?Yg+XWV39{D`Lyxpjlk(MjMf$&83L#I%@kkS!NidQ5bDpQ{1?{Vqd<n=*`z<<5@#7
z!R8>uAcKy@y=T7sKWSt>t&uRw@tm&sDo+>oz9Qv1q>(VnT*M%QipZKZe6y76Lyd$X
z@2+Ub93MJX=WyX;-O0H@%rBl4=Yqq}ebgo!0dW*V=AV`hZ%?cITXwbeG<rNc<ZnRH
z+1aHOs2Y{A0Jq7f0Aex{{6@|VBU|I(=bsz*=SkdH5+`BAwKBx0Zetu5v+>7V%%9#k
zPG%NS=_n~Hx2-Fa)Y9UyHa{1gYx8p@{W#UFx4L^>ZJnFkz2vb4&f2YE3<O}g-Q3-^
zojei!K2sKp704+qbl5H3O(N;)b#{5ML0U_zWi7<&t0*nEKoGv3{9JbA!44jad#QiP
zwk=y-F1y=P-q_>84YFj>w>XQn`EGApx7*g$34_E6>S@<zoZ{&2+J-*t&dq3{ZgDkt
zdBIC0)JGQMP)4ZQ-QjNRp@b|e<-zn6K)buM8o#w<=Y&Mu!vjNPXq!j&H*I=$5o)!y
zcx{;_DDYrTc}0cYZUb8sGw?u`lxtg8SX%5TbYNzoEjLSV?&|PvAr>C2B<eF1|J~Hl
z)daHqwyq{ui?_3xk~CKqTOCCO_6m{zE3U<#XH(l|R7Myt4(9NZ{OnaL%sEVwzn<IB
z{IkOJRcM}xBFSI=qu9JSy!s<`I{;V@%7SjaN0LA`BHZ1{Ds}*{jv&la$<c55!@M?>
z9Gm3s6NEdLtS<4tlq}uMk5n!QQErX#_I@kE^{U+7hr{H32s5fuE*w8k#aQla^v}|i
z=;eao=jN2y`mGE7GoV86AvjkeO!}1Q8VQ()JEo{hgrTXOG2mb~w{uEteDNdPV^gBH
z<6qJLKS!8?>!p)ZB)+sG%sndJ3d|_seuOzNRoWLuqIVbC$lYs*P7lt)gNE4p?L5N$
zU4<S9YqV(Ncl$JT4MHcv^iPXU4~!)CAk4*SLEaR?cy-B+F#=@?!reAKdbuF+YnmP#
zUmilZpR3RVf!T90()%3YE~(H1=_0#TqCzhV;Vd(v(}StGG)8)L2)9{<9+*bojW8`~
z(%Ci=y>}7jbXs(JAfGvpFt^Q=<P8xuX9)B7%;@wW=JYQRrhb<6-G>`jAYnQ&E4Fb3
z7X4Gwqn8WSnuRdA>FS!>e1xe~p$DS34G8mKy88F_Glcn-3cWv||6f6vCuXbj`8dLS
zGCMjwI6Z%kFu$LpKL1T1jDBu(dSAhb3}KRtLGwWvdUk}VGe)Ne`;tb4`P`_^zrP|(
z(!A*Oz`Sc3!t~5jr}s|?^N0$)r$Ka$FvauL>D`Vn?enA41LHam!te{!>7^n}=7Q+-
z_Mn6uggIym(%^@oXUO0<Q$}=p_$-Mq<_z`k;}(ReP@xAwk?Igezfh7LMxs}XFz$uw
z_3J_y&qDS3^&`xKD)g4258_dT8Cxu!og>lv+Y&TSFO5zQOvq*+jQ%ER-xJY062iQ6
zllu2IgfK5IldjoCqBkvz<1(_M)7yv=mLbdo*;2kp^p@nHeQJ)1#RA&k79)%^SGuMY
ziC*Rkv`<|To!(LKIDjzPmC|*bNc7^+x#;>;KL8E>_jAG|9U-q>c@O$)p+vj;$}ejt
z20RJA5skk@J4z3Ha>ct=(v|!AwHl8y7$^QcR;&dw4fs~~^>`7O!fZ0rm?dUYn`^7P
zdrM=dyVJAU*zIoVF>Y_{!G;6biR^GF*R}shDtmW7E+azm8mze2bJSIlffb)FFMg9-
zRsq6BRt1)ls4y9zRhdDwz2zpYVAbA&tCHgzo){eVTeSn3n4J#ZKgDNRqw!f*PWVgs
z9YJABv5s|_s8lDu0rX6v&8i3zqSeO6W>4ETHxa-Xx1&lKJKdWb;hk}*aZ{JKsl&Y#
zkekF-<R`Mjrd+v9eA4QNN>Jr=i{Bg^cLtUp97rC+=`CXxUW2$+Bh2y7^nIa$Sa?VI
z!SR7FTNd^5^~6>E${<s&g_vTk&|%UIp7Txz?e|9TbUTI^0O`1u`k@MN^PsJ%s+L%w
zAKJ+Kj_7=6HN7@x-67}~p-3n2j|y)b1U{VjY{B6ZXMC5h3-o4fix2eP%rueg629*|
zzvDGTV8@87LBZSljo1+bu_Ktp7z<PQa;ESl?^>Ak0BA9@@YDU`{yhQT#n+3f+Kisn
z#>}3!d)&s1O^d`oJG~tpqAk`#jMqe$v4olfqyTqPoOO<Nt~RiBf@)}u<_XmNmQ}rc
z|H>NkIE@GH&<Tcv{{`N-PW*Afi4%YJo!9JHf0L$H>l@Mft{D6N8+y+-rpdd~_q%%b
z#kv|cqTx3(F*uGs+ks4MfKbKzQ+!r5{H$pBS;G&%sT{q|A7BIVUs#(TX9JO*l*tZ}
z_<bO5rfO*LZSYBd$06PBdn10A*e8<zF0D{_NGHuTOIfuS2<v#iR@1r0SBz?099(0<
zxH}G|Mk#_&PYqAqi5Q|v-K0Xj?~qBbiywS8`QYu^frUab@1IPG_wzfZ2RYB$SdSTw
zy-Lqy)6!hV>V=He4Xh)YS?XOZbtlVvA4}cKQeR<tM_B4OOFhZ*e#%nMu+%gS%{xa!
zQ*YGB2Y^{aN4QqzWeZPr=;PKODB+#@1KoT}-W&asUnVo~&Pl#w6Ah!nR-JxmyiT}B
zhvpUYaKP~3;=k9>5uYQZ&&d0FdrJ2Vm~{S(W}Ka8>s<|_^)8V}y$che(hyPwBC52D
z6Pi6C??V5A_~E>x198Gpp;Fi4w<qX_hU3wHl5aV`9aY25Bj`*75#C??R{T5h?^Fj2
zyW5%jC6seJKRS<@%M^2RhZogBf>dHS<E#_z<p(E(3!Y42vd^|=!f)e!16nTJ7{dRY
zHMXY^!wua_*k)by=0WO+YLI}N4pl*;YYZFxYHTYZ;`it*QO%!#6(FRaGFdM!6)R=H
zrc=bxQW1N?y7r)@HY<_IaikLhHR^E+7xY6;Uf8A+JU_YmTNtl!=VRC41+VVyGpN73
z7jfT=d^RainD{B_q-=#bD2H80p>Z<unD4W>@rTh^;e~45$mL19Pa%4{1jBthCav|2
ze`*~Z$F1(yVRt_9!$AJZg2SU!JR{$Q+$mqle0_Vba$ch_0b{VmcSX~0K%ae!A19)L
zhtoZujZ(Rc{KqX4a`1U?_w$fvl<qXRAn^v6;y~EcB@i1GjI);1I`u<adHs-;hY027
zb9M1Y{T(KQ-(xaSe=KVR2;{Iqhkg|fjtiHC0-YZsuiAC~K2sJ1H}_l@Fa+?Z$UvZy
zy#LidP!G3A%1!C|2dYS{+VsV5$G;DQHNfwwrgwZ0dOZY)5Ab`@xP=;=)q=YzRI^MW
z301TNP0B{!DDOuv%qP)IRgUU@+>@4fX6G~vM057y3&OGZi}YJ8M3o%&@Oj5}E)ynS
z+GJW{J{LcVT{@);Q{N+xQ{NMyjlAF+;~|XBd5!Rq_f-hL>gzD2^2Ehox<7p{utNVp
z`^3ZqqPqso$*9bgzBeZ#O#Hs$H5yI-%1BdlA!1|1X<apM7IDyI!m}{cLyW}?T%zu{
zDs{diDgH$*V|KI;f^QAy7+u0qpJaR4T+q%Y%PuxqZfBF_Gc5H#Sn97?D%jN#r#o+G
zsN?((*%Ot`U5C%I^YBF5MOIp8dm;4z^nrQUAMdxVL=%nQwq}pbf@Y4F<7m76HmzXM
zkr<aknO3OMjTPX#phA!8o?RFv#-v_cn;Tf$E7(@PnoT>mEA|KNK{{9uog4d1I$?XX
z4LgpV=yz(-!WzDdD`8(yx5j5ji>p0+7u#2&fjiY9PtlT;?fl@ko&{{Vaq5IQ)k@cz
zgC~Wry??5&la_0|F`CIN2lb*s1#PaAt+VwkwOMi3tRJU(S?W%f`iN*OM7(^Fr{~xc
z+VL~h>T08>)!pqz`~7a%a~i#!iaow)_I7~HjD+p?kii1Bqj)+cOeoQT8%F<>`q3oT
zrBvK0?ppD0pOhQ#>-0m#ylADoPA6Q3KZQCSSytJS3ExWnXbK|?%aNZIk;{r8>a0EV
z<fPLdSj$6rE0~A$2kgB0WJ}(Ne(20Vyng75fLBA^v84+a>2#VZl%nE<UY#&Sm>ho?
zO+k5w1ItrqoxF51@4~EiE`8+BPWlMqSe(;%KlZ0VKxleCgYWq}p3&$Op;at2^C9rO
z%2JcT*5NGn^cWj8PqK0GjN%je16wzB_``n?v#JWZBL&u)9v*mQMC(h6`5dWS4f?ip
z!c1XwaRNF3kw9+0tqI2#AJ6+>*11cc<c-W4zVv}VG3gAP<In*_<NXjKUZbxh&Y!6t
zs)T+d?U@a{Z@ERo^-o3IK|3e3q74hb^Y!gUP5C3+?dGuEF0d{YST}>Qt~V0v(&em!
zF7VEY&bkewsf=U)&N%iw<JfN$9J?Uy33xH;%0uEht%ZXZ;hTP_m3P(!iZo{N?6p;g
zeGOK@l4%I=5T=@Qm`~O?{p+Q;;@}=vF#Og$3>LSU4!S`!kH?QreOpL2pNt=wdcvOo
zJ{phmd4Cf=>N^fpUH&<AyoC-oU5vwx|8Dyl@S2>)KE5?<k%C$3F^<L{CwzQ?@$qE^
zAHSkztsp@{KaWyA;=^m5erP9O<NFeP_>Mb;S{<1ES2+U950Wa2>@bg4f%my8>euf}
zjXyyc@q;J8*SzEUp;{iD@O^#zu5u0a-gyv>=0Fh{cm_Q1ig-j?KXgoNmrHncBeZP+
zYsYHw7;0dufjHTD<Vo>BN`w)0Fk9LAz-<%#h0eh8OuEJg_{9N!cR=@8gXjnO|7*Mc
z=%}hYKX2YdB19*Up~jM8$__S|fPo2xG_e_(nGE^;izMxlW)@9?frMZ(;l~o7IE^|y
zrh<A-@z_?o>K^M_x9X9ih=BkJvMp}ZmHMNKXIBqw7DZ|$dLr5H_x^fs=Fa5JIlKD@
zoXNYN_r3Ss`@P@${eJIzpF1<0uDuyLXA7OTg~pVDH~KCR)bGf<(Dii&BL}hD^+Gr6
zq5^{!VTEaM{Df{tu|1B6PX+f^Rfn3IkB(c}=O5TUsEb%r*OyI<%C-^n0t0XK=eh78
zo=p3Jyy@UAM$-O<rEh+$9t#aCN)8e)r?|cZ?=JLT%GS5-gUvQTk<RVAaqKGkY+_<N
z*u;i8ulFx?aSW=HAN5F23S%^zJkoE)_YFpJP4bAjLukdvBmQadkYJXNj;qX1u@8D|
zT1D(5c9TcE&|l=5M4P_bc2jYo{naBoQ$pwR$JEfdWpGQxQOKgBH_ze|TSHe;$rF#D
zao>t<M_*-uXuUhC^?P++gtY!yrqJ0qo$Z5e8#X+LE<VL*4kHB$*aN3F3|=x*mOIf3
zEC)lO?L=Dvjy7ozCUU^H%>%`Da_w*-VQKo94L{b<?9fKndr0{Tva(#0Iza+i!O~tv
zj~*-wCpFh9U$lUueUy0C+0?{@y)RmbaZ!r!1jTpzkB3*kh@NXYeQ!Sp>+9bOPqUnQ
z)&=oB>!iHn;>76~(|hwUb^`w*)W0vTfwvEi5{tzUXs)siqgF3Q?Ex{(RpCFU3jaA>
z_|GMx)GJCWqY@SOu{U{D%XMVzUm#<Dp2v?b2w+N7oJwO`RFXVYjsl#x#ZAQaMQkN7
zoLOT1=psQJsu9ubb(SU=j^&^f#RPIlA+i0d7?y#S@t81-XOWdrYE&y2%UZ^R4fd0a
ze$j`3Ob45J${yKH{hho>=erYxf!4Mk@4Gxt>$A8fq4omT5%u$oaU^#Srl=P~XB6$!
zu8%M{cO98=bObIFCmb`e=?aY&3)WfIS(!yshcnKEeU{KMC3M18v>M!`Q~kdnz7|H0
z7#zYHucQ*jVAM*e+#Q@oQp7O)uyB%t$&TTi$qWsrMm&>6Bjg$3cKaSYasVS<ksDtm
z7DA`C!WLFSD_{{^0gGUHT)iS0<3`;-@frOSUzC3mXn|z{0<}Dn8L1Z^o7^HeJg8EA
zB!2Y>1==hWXlIlHq2o-MCn=x&;b;XqEGZCAun!rmOkM+ZJ#cQ?2V02iR<OIq4L#({
z{R?!g+Y-h=d9^bS#)y0ec3-74BY0zz;R~D{nV3VUm-vsfk3~F+_8|@T(2eo&$PlM9
z<B_%x!iri2p8u|ib(YYOQjg0vzXhA<V2+0Rn)+HDcX6=kn3x||HhsUgiPxM)8w}<q
zIKzIx>&(zP?{$vNM4zXwQGm2_7+aH+5!lkAp+1L(XRdA(u6zNOqgxoU4Nw|roDlR{
zF@zYk7-8f>IsD6xK*Kdp8gnO53-D<g(s1~LyC&>|6}W>?7~DO9mb-5{bYn3dWij>x
z``|VkKCCvRc@IvAgvm*e1{cO%lg;YMri?ReE?~RDSU*Uy|DlT7t{-Dv-d*FMwQxCD
zZvU4cE)?5rD5LV=IEv3bE$CG);^kA?s)Jv^yu6fg5@lU(bru(m_RQF9D;nOE0#10b
zLb{;RSv>HX{bwJOEe|$9u7dS6>`RTTa^}<<I<&T-nREW;k<}EBUBK@^jp@#cwDzzk
zPP)^RhRZKWcUB}yccK=whkL2ZiL}SHc&Rw|G>mr+jQ8$|;B5v?f$MN-G6Mg_HocKI
z_0OS`lkJKJ$EIEJ*~aGZ`*SO)e5hsw1h5<ys6vFe;9*Shc+$|}c9TWLotFD{?r5ZP
z??fH{Vhv=%;+F@OCe!}&<KKXl@kCn~4_cUJTR0=+2MdD<gFyV1i?{w}dY><K=X}j?
zLzBpF?2daQnFqmz&~Qgxv(CB<ZH6wdkN$!#z~(Bh(rnubbzd(z&-3Vh3qNJ@29fcn
zwrsQbb+?5lj?mLRNq)U7EZu45wL2_-6~B<ciF&K`3J=L2Qn(#_M&VLE6W6>}es7JH
zMpF*UPpv!|{-l-H_O+Epr_g4VOMX!0c6GnX?doGHx2t~?rK6(s9Z@=_@+Y5A`BUNn
z_P-{-GHtvx*Tzfv%NeO8`lAc|h+#|0L2?z<#QHVs<`0yNd3URwXq>Xb!9!`76w}Vd
zOHDO4HL%PWo94Kr2M;+-(r8+5DpoHNC+A3G8lw^?n)eX;mrndH+EN=?b@gPuc7hA5
zZ4mXPLw%Wv>I?9^9XRsygjN)ZWS!e$WVoVz-7NHDy})f0xGe&w3C(+4By<k5*v3Kn
zdPM9i%}Thh#9w-`7^2HR@#vC7=({W2_5(*7aobq)hSK<=nT5%5?6=6Og_feB9diJr
zRfZt;tZU+*zo(OFlzOb0c@0fC;>5~<ovEwW2OEAwwomf3d6u?H%LJvUujPWWBij`w
zquN&VI_?DQuwme~&eGh-P-v6zquMiAy2S>A*2G7tk>?UK2aW{#?dwo)coSi17-r49
zMf6#f=-aiTZ+pd;`}eS<uY<h4Pp>^AuAQ*(nR!}Rj<e#LF`BnpvPgfw!SYCr#MY60
z*k<i3?OpIc(ss;HFW?~!U*R7t>}4KE*prVTDtma6F(RG<JW(lMm9>ie@M5hYUt5Cb
zOPI_GPrhd1oq3?b4Wj^~$p?Xa8wEXB^r<$!qZ{1<zj1-_r{eA2-%m6rlz?rqJ%^3S
zdp>kLE3`d+YiIzKKH?*d>fetU4qjIaUq}47j(BWg+|N@&9#{^x#a#{p;q?VSx$Vc~
z03*7|Rw#zHP7G~_m?9g*6xk%ENLcukj|c_%R}rZEMO?cqq)Z4YHsQE>g<D%D+}gS*
zw-(>+qG{e)L@myUX-MN>r+siU4zjlDdE;K+zu5=wfZOPP-{+yzlQ3zsh!SZhFtnll
zaU~l<yzl~;a#`Bx9di$^ZEtVCe17z6ZRqGZ-1a*eI-!KV%HH`2-a-;^C$u-|uyv<t
z!*p}-=y-~@YQUlm&&RF7ttl%*C(pVEj=V(n1+Sq=4fQpmt^=p+KbwuaV^?w^(B|<D
zgv|CZZhpHai!S%~Vx|`7dmUGq2DeuEAes=SG8jnl%E@kBIqpnqj$PU?sA9ZUOcV77
zQ$iS96<rS6Mq42+{}g_1--n4uP@#u&hd>cW$2HsC=+I;*RNBbqN$7fT9<s(dkA9L8
z30`~l{3BPuu^EZ(l970gnT{K!qCW<%2Im)gU<@6Otb{efgF#ydzQm!jM|MD6uF1k}
z1v`Q)AqLZ|;NTS7HS|4>4XH5QG}}w@QwI(BuEqLdGI2a{Cyx3}(YAvA2cWiEZlawa
z3yPVzMM9iYtH4YIpNO7BsR*au7URv>7W1340?bIS5c79Cn<Mmi6*@z|60@;G;WHG!
zgJnyh!f_YGHGIR5ZY9mP@_D(?%I9UfmCxGsqO@0(hOB&J=zzc-61Zam_g7ImE=nz`
zaqi=Lm^8sVjZBpHxvL~NXtHpxA404T=!Gh>-Q$bh?t%5NiQlmt%cn$R1|<sgX98-7
z0yQ@@agVH)CPk$c2UPV(5DxG)#}8_<lCBK}!d%~k`6@ds+k>c|$`0}_PRuEG^zDlj
zf>_5k0GoI`0FGExDB)wu(`Zq)QB7W-P<i6d0#sXmZ$ib(o?-@>-J3}=xG8M6)j?j?
ztQX81bnRKj94-f8-k_zcqgEz*ZI`$fX8PeEZXzvxUX=c)*i1MtR-w;zcTb!Mh7_6q
zKz<d7m8npyOt*@aX`?9Z6Q$cl=`*7AIZ^sj)T%bD@b}VeM6*Bof9Cy&a|n$@xyfIe
zT~_+VtDI+}BXCDI<-t_{H>8)WjuWr{caBWv$rwD=+}_<2OrC+^swl3K1<iYZr)RWg
z85rBFCP&eyBshwG0c-Q6yVlm}=xTw<j(Z3VKRV*9{k_9_ds+-{DVZ^Nq$XhSxRtf%
z0p~WSK02HpWJUs>jbbLF^Xd<}^!DukKj7KmFV*gwy=78Ij~aM3)TEA?H%g}57Z0*A
z$hhJ7B^~`A0u%eBGpArYxM0ySs8M~vJEGVgh?XdcxJoEL2LGV7?a{gA1|3s$O!QqD
zQ4AivzZy0iVzg4xG0{EmkoqTG>L1E|@hF=+pFH&R_jL4Tg=5U=YQH7bHCw8Sa$n%<
zllX-DXQs95=(`n;iItowNxn{!Ot~-kTagpK(zkW={R+p#O8&Ma`Fcq*<-VwAR`2ms
zUk7#cBZB+F{GgF6sjfLvU6lKxi&>dtm)r$xRvP4fht?%?6B)FHa$oR|BwbI<*l0Mm
zN6|56hmm|I!C@r)#m1RW?ccAX-&Z&$cAh3WXv8Ra9>MU}8!IawtJTpL6^@CO{CAS%
zd6Hx&!SMGTOBx-Fttb%e>F5%eSjqDx$xcZ!S%Vb*iezESNB0}JsH_|lEBSkp<QpZ)
zITn6w4_fLG=Xt|%P1CI$6DxUvBsoWtd=tT}W9#To-fDTmaP*CpW3o*T>B*Jqx=E@l
zk6`}5R)uH3>$sq!bFCbcfRoCg&kKp1MVzPRS09uaj;6EfnCKQRl3JK2weV&OKfaDI
zbd8QbX0U!%j){Htd`a@nlH|n%vy>@<ZN1fHuyt0BF+ZediB#8OsV*16e8|T1p*bfM
zeKlXx+R8Aok_#lsE=lrIg1N|6ht@+W1`Xe1<(OE>-<KpWl_W1Cm`lvoy>g^GpraqQ
zatyI`X#TqTI^*}xa;dImQeB0@Uq!*c{KqSuI{IlV$7HkZ@0SvC=KMgat5B+|h+tY+
zU7wb}wM0iBw{lGE%q^BA7fF%{_muJ^lbl{ssp#l`w{lEun|~-tzD1H;LNI%o<jmva
z+vLO8N+ii{NpguKnRuAWee6Bn1E(9W*3q9?IVQF@R!EX>l_YxzCWT?1ee(Ex9nDFn
zJW`vzl4Or0*+($A^^Kl=_0VTq4gRIdF|lnfl_dKl$^I$YJXhtI*fy_}B>N@FWps^W
z+e2SGvh;Nwy+Gv{?wuASJW{S)s;f+@tAb$0ng4xT^Lj)7{7~hXSjm-=<O)f0m9PmI
z!*nde{69yRs~i(6xmuE3B}uL!7|i=3?zwx9cNv)CRE~)q(^^S#jU>5_VpQr$|I-s^
z`*d`-$}zERu9qa&Ns=1~2BUiPZgV=T_vq;DD#yf1UL{FxAd>f}bUhHCa~fE_N<IF{
za=+i}HkKoE6n-F6vUKyBUPkw|Sa3T<e>7@1$g0BctE?`o@wuZBD2;uRX^^*3&{BD;
z+~t0+cV%sPrJKc|c#H9SPq+~UEhS%kLK85t5$NeyduK4vduK;`kUk#9_lfzj;;>iM
zy8Rxn$M0QP&FHHLW0t23zi_1dVXg3Ac?`o=mAl$kQ&r)s@kZZ;A3_@8*rv8ENPH$@
z>p)j`D@%iPZCumS1`a@XPaFBG*KmYhZFQ+{rMIliO}wypqmeHvY46z33L(K3tctU*
z;m_MUf`N|SK=+0=)?K7(s1!NW0<fkAJ2rN1C5<r<s|AcN-;1HGaaWd>*7z&RYTU+h
zY#4bxABU$$^w`qA4JC!`&@?0t3wDD@`pBK6E%2+i@AhC13@@uZ7~7g)ptWOD2c8xe
zSOb09x~Zp&Jws<(yK%%jx<v2x27APxJ#B0II@k0>i`D<&#l3g+ks-jl^`FsIcWk2N
zZ9y?~x3B5xX$ulgwl-{3U$8CE+X?psHbeIlR=W-a2R3#?uSEZ~#ImM$!{WGSo+aWs
zTef)lQo(grN4U<O250}9DY(vFNi*j<!|!{m;&GkDaLZukWK_Z-w@eg__)qW1xFfOL
z1!&#h2izyum~&HHyv8C<<VnPZfbymT#&NB=yt#l`WFilJxaCQ5yY&Jtlmxe11TZfo
z(Z0ig`ICt}jN#58C#c<A-VDIZG2vpv6?8sedSkiR;>g<vnBSPldjkso*{<`GITCOd
zVI=IEl^kbLC*b-`ILGjOwtE0mo?*@z(*l?c8B@!{yu}v4Je*<P&yNG<g$#4fvBQ9|
zJIwoeAz*GX;V{Fl^aJK8hk5&+2h5O(ydS~8KLW-%+q``%08?+mi57r@)qpwlEprYe
z<Pn=@!qtT@^~?m!JJ*?W__#8`x6hnf9(sjUfca&n`SZREm{XbN+-YxRCTBOU1*dMV
z36~hY5|eX%a`Ns6+@mJ)FhBZRz|8u#`Sa!j#%;n)wgL*u0kdb0`Fwi}Fu$KOwY;B$
zfR_QYa<0xn7SC>A7P9h&B<%*^`c1gHkRSaXz+Aq;Tu)t4xyOX7YabL;0p^46nsX7Y
zm<RL7gbNElR$2|1G{$k2m7rg6dOMwQ`XvU3W@>p7ILty;B!R<vdy~N7a&T`FI5Zdg
zlfdCJ`D_w6%&WhW1P)!Mcbv)T)yIJQn{(=M!@S%iV3y1`pC6@wX)@sm!<X~_9xxx?
zsE<z~uF>us^XJ9f@?A;bFn;V$61OV}9L}$MlEC3|zb6SCj@z%3l=pNJICO7bNdiaC
z_)P+bX79ZuaA@|vOae!a-Xug!{{x5P?kamY0DwbF)LjdBRK>kNXLqv+OUwod5P7-k
ziUAP=$wC6D*;h6jl5CcQBq+kVkWE+!2_(BfYLwJv)y-jPYkkySuTr$PULVz3Z@^2%
zU{Ju@s#mM%=U1Ptq7jO>RvuPz=RY%N=A1nV<kQ~!eGMPUod5jiKXc~Hd*=6>^XttT
zg&xFfAB7&QMX#JWy87`Wq_=bCKLO|1ce|@tp2~fD#<5wqdT%{>fhg)tW7*v@`05@r
zJK14MnaXA1QwM782_tHgt5+pcuc3Hb|CTYa{i3<AKVce(y}z{~Ss_X%5+*p`DBL`u
z&fGV(c>ntuNJT#oJ1!<n(PNbFYEg>O$;9YVYlftQBa<2CzRaRURe-^Y9U2M@z)4jC
z?+grBsD6%$%S<n%E4a8uV@cE%^ru>zm151x@TQrP9#by#loaVA#sI#14B2XsUQbX^
z=85=M-4{2ov(O1q8sDHlB7=4hWQzsTiz@@mF$vCO#ws(5fbZxQSdQulhhE5FBx!J<
zG#}1y7xi3|4>Vwqz{n)k@ufW{hlYk$#t!7eLB*1~M#{jEtg`09HAcBIImaouKG>fG
zOmRb^+q#V6OOQ$-TpgV6Z%ABky@6Vt9S2xkzIg`>&*JZxcPxaz{pKC>(BFDwB%fT7
zq_FJ=+m<CX_N7)g;G1f3q%1{M5UQxQK{_hO?zS$4aPB4Yq3@FTka@>*1RG)z%sb#B
z=J+x54mh$634sIikdXTbkjLsrU)|e)Umb9U00O|MWqW;NE%I6h-*0In92@llpt===
zUca=>3JVu9y1G%m8+kiUgO@;L>J|6PHOS}`D+hKl=9oemCNy<LV0l45{us!`zl_qY
zCQ~cK-`_?%dcrR>6T6l(*GA_0IdlDnxehYd+srk{TyS9txgTqdD3h~oVXm8*Ya4U*
zGS{8Vbw6`G%v|(}!li4%ot7}6KMGnl1zW>S7Dt_L&Rh%J!eC-^d3^4No+`^H)io>j
zxfMRu>_+KSZ%#4r-y9n1IWsAdWsU=%N1gO0g>;(xmKKYcsKsryp#Ojv%?79*ASU7H
zEx^hEpa95XbDyC&Y3NCAbDsESXef4S9t7H&9_w$yIMY6Nu@3C%iOye;4nDk#<c4HU
z5ByC_Zudi2R9G`>0d_3cwM3bas5gky3;LG_Rsf&P<*ZsirfNSA(3z!3sT2smTTG{u
zOz36dHA{+h(JY{bG%4DpNvd|~64l}v*$4yb8tIEh=`G19ok7h~ezXWRNYa}LBQ_K7
z@6JoQa{balImz+<=)~B7rA{R=0LMsRCFV3Cp!La&Y@~#-1C$Iy)kW?OB^T?}p;wV~
z1@E9_7^6OvjC$J0N=M_zx);R0(Kkf%aGz09pWG-W=0zv>8m=iZBz@2;WWje@xdLTD
zAYocQAkJF3A^;$C@*Dq}pvn$Dh#;k?l9ZycP=qpQ5rXnFK4R)QlM_knIWsXjADM^N
zdMs_NlOB=6G0ITL2K_5CYPcR6>lY0Z1=3)z7|3IB7qAA~scNv7F`5EXw!G7WfgzZp
z5Pc!kcbtyBJOp1!K2mRv!^tK1Vsa0H+Oq8zBbiJyAnB3*Tyq?7+eyEe7~gAHh`L-;
z?0MAX9!iWKoPqk>WG(V|26wm@ORq|Lb6;W6{ttjgK>u>=Gclo$4#p3gw?8M_%Qwg2
z_NUR<n=+!k?zPhEv=rfPZ#inbvsERndr?8Zx$kz|*MAXBk9EgUZ#5a;cdzgM7!LEZ
z@y4e)fNEZfYVp#z@M$`MIA<?Wko-Ysdo3!YD^O)ae=+XoT1+4{nPHGC8Ai{~!0uxS
zpBrnZN|{SuPQpi;DH^$+!8RJC6Os|W*nbU?90NKTb=@*=2VA{mB>uM&f9fk5v0NYR
z;4+jWO);ZL0z|J>c~s)uqbJ63XWf8mwTw>%I<Y*IJ*Zc%i#?y;SgYu!<esuHuo7hr
zoU#u9(-b)PD5I3Q>X@sQxw={Z(92v8Qg%7Q6hm_C2|<~6hv>9Wq<p2<(Pq3JDxU$j
z-@hL!(I>K^HrjHVcOP2PoN&#i4|TH>t~@ELmQ_0ti4#%H3l#LP7yynEOjtt_c{!_h
zMXGvN!{>n6oW3sp8g9)ZGvbFMmq^e5s5g7zxajn4uSG8G^@|Iah|vpU{kqtG-L}`F
ze=6u7Kw75<ru4_&8d6c>shRBR&?kAjU`RS~<y)9WPcp{)rOblJ6)3a=J)b*{!7=f}
zgXuU9)Z~sM>^89>efJ*x;duKiFViXc6V@sSzY4zUDb0^ILT`lHkxWKJg-VeVm~dz}
z0ABKlBvXHg^r$^&45$Okj9vtxW#4SfUnM3D3j-^0&0;i~Ie4%@Tz*yS%h@8y{(rk%
zaT;(h(3=VU5VUrujR~DOK3<eZPS90Lx@2b2Ug*UjG5c`EqdB?=a&6E6G*c*dzBY7z
z9)BmY!rW&x_szWWg=kr9P=tc@qKL#ECZ3}dU(Ljml;T`09&_dXNEU_oph3Xlp+Q~2
z;rQVd(Qe4PUN4Xv<=*a{1KA>)Bpu4kwCD{<FY2PmWM@2@=^&fS6DCm?z=OLCnD(e<
zJ=0k0ZPHGE21VU+IUr;<{3SG;;JTRQ@_a$QnO9yHC6$d}Ob7$q4?c$zHu4pw+wgc5
zjb-8BG$3`KwmyvEh`+VMFnO&Vql*9x3akiu0O#koDJQ0*Qe}>ROh)TD416X60|GS6
zs25}HUO#D;vU^Gv<R=Xa5)tcE={O9&%yBqOgnD!wq>2WC9#DT2a<&Ir%3BCf5UWI(
z)$TUP^PUp(&gc|WX^=w~T@E86W(7I)hp^m*<mwn?zx?PG$}q_6B-L0aG7r7F<rI2#
zK5GJa6WqSK-3qe^fPK(QSbuN;vUi{kwaq!wD~bWrfHaVVdUJ$E5`8LJmszV(yH6W3
z0T8eadA+VVC5GrV$VlE24s?0r%B5BdlFgRcYm#^3ZwZ!5NE5j>JGmWy%_W2OlC-E7
zlNxaB?F)q40Zm3I04PaH15Bz)h|RS*$SPQ%v$ce)5Di_|=0j5bjX;|r^B15m9e?vI
z8uy})MDq|t17|VoB+#810ji(KDCqz6IV6PHXdIVVC*27qSNKk5)P0j#*Fsz`GS{cf
zl_turY0NcKlu<a}6A6)?5!VPZT>?taTd}K6Bwct8KKt##uDh5FCM(yGctvvmb`Cya
zycN5Si-cM*N60`G?I!G+j$GY@zlov6>^d2H)2Nd#_g=3f{SKQ3RkV?*&oWznv1b0W
zgND-!GjLt*5*YP*{HsWFBWXKOM`PG0&nfq1(y`D%e8)5DH9nLY<PYyDBt;vIzC8Jo
zH;=JYNDcW^<>n&J$T%dOjP61${Up|#U&35A=7PgjN$i4w?RM-6s`~$pY`{y71xX6X
zD`3nU3x*1gp%<DBm{!yPTP05sssUw^VJ}MTtfV(ndXW~Y$Rv2NAw%~^&!TcPB=gQ>
z4B!?EdEE4gRI)cd6nS5IFLAxqGHApsE3jUW%@{~f^Kvf=v#4R})`{I|i#)lV=D@Rm
zhk3SaZBc`@d*W8)W!Z$hzE*lAD;23ho~M<b@ng|xNgr2;B84+b1*p`yk}qGf8>Fs0
z&Y~_;jF@*f%!WtFlUM6!R2~O%P_8UNpASWu#Q>xk($T@RXQ73vV|L=l%<)f9&J?#5
znYX=r7LSgBHfSm%ip)THc9bM0@a#9rv|TO8H#`Gn=G}~HfXLouF2I-Eg<a#A%Zglg
z650b%2EqG8xnOKWt~*$9_^~Jh;|WdM9WtkxA=W=8b}D0Y_mCCeoU7um|NnXzNLC1=
z`GFPEe%!u5_1K49Q`y1{)Y|{VvYAW<6`~Kz<}(?bkbMfvTufF;nbOEr=Y_0lJ%VK`
zm<-06|Au92nGEjh-bHAYm<(F2`vv*Zb0ULk`T&+e$Mqm~!T0+mp$<X6AH^={=bpf>
zofHdi#MBeJu?q$bd$9{vF`gs1ciNzB=m>8LMnaZ#p)R4GU%+W;3b%whBZ6y9Fx&>~
zKVhn$hwo&xw0AUxIxOwYmerw-Nasw!h5mqAXQ;LLs?KmrTd0Z1)&x5(p)DK29kPI~
zC3S@&WHm`}2AeDp0^b=b_}VRzj%X(&VKr3`ZVHB5gR5FY0&aaFbo)BC=_x3VG5(8c
zR4o~Hql%bIT9bo@-HaB;5Ibw={y<4#JB~JYIk+6~Cb57;Kt{zcu$DbD{*`$fz%g-T
zeC(kZg%~j_6>14oM7xs5Fr080O@%2>Cg~A0!Lo-F=4gdU56uUKIO(%2NtK}<Msiy8
zgdJ(Pw=(zn=1BX|03&u(7s-QPQ)5TPNcIv{bc0jy;~>eH!8Fy1w(0@(0oinxEH55p
zrYek;HWi`lj^BM2x)RJcd`6J@hDk+%?c0-BcB!f&f0<H|VF>XBmQ^wt%!-d=*$qqv
zNf^Yk^-OjXvv&)V-NEeL!(_i?_8w!hJ#4dPAAL8YFu;6&$9#c(<j>gm2=j&Z?n5j)
z&SbDA@*V-PGucFuK#`63dTt`S9J$`cvf0S>CU(IR)$7<*#PsaQ^(vN?F<Bk!4z3kR
z-9jS<kpQHPLNn7d2@Ro+aC6tfF=NIE)$VyF^vh-v>b#D*Ce)_D>Bp9~@b^Pa3oVy7
zA$hpPvb1YM2&oITbq>p_a0JfLqDS!cq1x?ej)Xekxf4G+L(T0SA@V%Sf*TQcxHA%N
zYl((C*Pw>N7hI1<Vl^EtK@?3e5^iq`wp!}j!VybeP5n$1Yp2>5iDxbx15#J}`t|4;
z3|R79J}O0#I7W`=s+1p##o{WfU21WcIqS>OL#n@t?aPz-HF3Q3e~i4|rqxmG)Dq-%
z2K5<w_2J97o<WJu7L?~V3G!M71}y*KjqU0kM5Z$g7TYA_r~dHk1tg7u)sgV}5XWNc
z*}0wJaR<gxV5rkaifjEk7FjxrYu1QyWoY6`*ThAT*Yc+4{khM)q{K4GI;nU8E%JKI
z2*~RhROjrw4}ZY5JxnJx&6%UXP+!2%;-K^TjK7}c+VxB))pC}`@&y{p1ZVA|<)+~G
zRX^t1O-zSi*-|ls=SH_>YhpKRVkcN^*oT60_};G1ALQB{OlNo$A^hB~k^D>;JtqLc
zYtzf|guRPuw{Yy?BZ3OAt$45Tn)e!~c`t&_K0s^rBMbH@kk=nGozyZmL1Q^bW0_#F
zFQGb{uDR_1*FMd3QY}x?Se~e{oXgPA_^kK6Cr>MCktpk=TE0kQIagzuV6lT#XV;Uq
z_Z8_7Wt~*ZQ#6(*Yb+Dw^)i~~b@x0rpuk3nvQDbyX&TE@HI@m^8nz{%{px!1uvLLr
zV>s(n%UYcE^bv5@hiFUWN<JRr+Epr?HT<j)M{4UvkG!s-`SZxmxzo6I+dlw#Ew9f%
z@X8cLD|)l|-I3Sw!u!8wUibvpzEk|}$m=l8jjK-XyNhf8LgdJ6-M2(u%WK2aznZs$
zYd<4$<hA}=;;eU2ex<qoil@2u%c2rz4L@&*sqNuM8p&~u<cvmQ(4|VURFVK1DOR9?
z+PN^@@`zyOJA1eDcJ(3^rdx|c$2+(>^?64D^F|F{3r3Fw-$=(Ir{+E6<l48Ykl=Xz
zME#};))e78pv7TT2F4Ia|5Bf(nE0yD;_&mZCg-2lNM6uLUKufeMvpOnlD4OtS6;2a
zv;R>iC^6=WuS_uJ^7t|QlQ(YQU-=6i*U<^qDj%kmxRJ(XRM{ao^zm}<@vHftDK2x=
za~*64-^AKBtQ~?(mycK;`1P+8JSvrXu7m9q$R`)Hb{44K>p9&kk8(S=>$wiLQz+vy
zwRQ-4ox)@U|MxF`gWK7y=Q`MqO~w#w?GS{!%(k?!=(o>vJ0I$~4z@F2-Zj<QAqaOF
z`t;7-w;ktpatvGt+gTvjQLP<<f}h3^=bMjlI|~h52iqx<dpxZjf{T}-Y$d{-i@2Rm
z1J}WJisg|Pu>&Q_Mwi12=zNEl`R|Q_{eWQS3up^-SN%Q(w)dw7StqqNm1-<sqp?h|
z^Du9OvRK`+;ZI!q-wm=(YHcED`r%oL{=>j^)S(EPek|3y>iNGd<e^?Ra2<6hj<3h#
z(cTGR9_mX2*HMRZt3s{5@48kVDm#tqs6!FNy^-oYG<WlK9%^<P*HMQeh<h16wrqWM
z8V^;G#&y)8%2g%m)jfe#JXBX2*HMS^s^WU4YuO1NYG)ePQHLU^e3|R%>YJ|r8xQqb
z8rM;W;uw59!|A>EQXXn3jq9jG5mf#Z88Pz12aoVjbBtU^9g3jxWyZ5F@A_+qhgxIg
zI_gl>s@7)uPp>)6Lp^5XI_gk9Rj3K4_srs<J~46~b*LIu3b#i8dnXTdSvuEIha$**
zdL_4T_^FO&9x9m5b<{O?iKgb-am{@kg$Q(pTLSIjCP4f)hqnlUmOxWmAkwuV)F}kW
za>x8a<RXg^;A{y+0&qM$&>CuMiL4RGLmO%Y0`05T(#Otq;SGvM2m=6i{zTXC1F(i4
zsI7Bg0X!i~n~}s<u7qyOU~RA6>+!oC<z;rf#|a>9IP6(!3(Mf~V5to+(U;mBb-vQV
zxpqaI(a7omUQ!{VO`(p?aC@8l1fjx_E`>g1%NE<be08$hBCxIxpltcogUsZH=&IK6
zYQ;-MSMhfu8N+rB$TJ1YL#BgMBNb2z@{4iYsX^H@{#;ZM$E1Ld!-}RS+!kyl&iV~a
z0Di}AJcxzSEcHh&>Mdut!(LulR^xSgt9X9XO_)*}Y;4H6Txx@zWd$2SXJ~b_1LY=q
zllFDtkYHDeU^j+(*b8a8@i-Ib8F69ZCcH+gCKUh`cypB}f#0J{g3sID+!XAh7MjAH
z8(M>1fe<90u@IEm7d!lZzt>r1XRkvGWT_2(FBK(%(`~QzS34J1R8-g%yG^AwvfZT8
zbye8Q%By@{cSWTgZ$pui8I~gfDh2%dr8c}9h5j_#70L2c)p*Lwt9^D@$t7W7cdE3Q
zY)`4v<+Rth9e!__(?!+S0EGhGxKgW@+ZTJvE4}3|kHRvpFI}OCTw|0WYV6gHYPZu-
z<F-44DB-NEsqOmg&c(iJcV$hP-Pc}fqq|_Gw$&^Wwh@*>Gg0NQs&Ox_thSS4gwxW#
zj+UQ}(E4_u#|Q@SRvrD8=i$Jh9#!_rnhIY<wY$bnmiSSjU4Z{7wF*6s>WT`Nqs(6I
zo|j^w(BrA_E-tHZB0pP-pUvYat1S2XE9_8%QasUzSnR7@?D5r9+Le0<ltjbRq#@g=
zDffCRoMjGsUAP4`WvCj{)TWp%uc)dnTkNQ^qtXwABY5{gR@EBz+kHN-qr&O-qR)ad
z7H>{)^-i^Uhu!V;`P?<W3ZhN+E=E+Zvb$Zba+k|r4HO}jr8ZKcRND@vHrRJa&7K<j
z;z~z_r>v^RuHN`4wZYB@sU9`;m}i7$S!b$^a`bu8_bqogRW@i?8g#)3LA}26nkugY
z)lIyILQ{!@x_svhTVwb5U6oa3Zjb!Zj?urk+hwmPcT~EasCg(YKF>cJ{DaLIWEpm6
zh`=tGf}u_&xdvy~m^VDThHZX+p@p$)j1!iv-sLu4NapP$vTNwh&#nO{pQ`oeXV-vp
zORsA5?DkajC#>%uPa7Q?{A;8))_86-Dcs3B0qOLopC3&>IYSU;Wt`g{oU16z7+v~4
zLwaY<V-MIh4Jc6$nE39~NcIjQog=1m+jF3N{s8G*dcpbaEk-)mU2txDUC5&e>HIN^
z?^BFq?>00ExaT~q89x^Zvxalr`R#p<JpVrKp8#FyqUg$!Z-=fVRr%Y4D_3`KzVUz7
zwZD)rwp@Ak$fKKHy5;aqXRa+j@%SHhJ#pVd9sRq%`N@p=r6+$^_=`V(vGJ|B6ATA0
z8_2yo?Puv1_Ix;a#Z%ESvDuTSv|YEecF~)^nfcMx|I6O9$3<0bedYm-GCD&JiTMa?
zEPSNs!Gb_T1EfM57?^>JKxy>h<m=i@Y9U33Nr&xd_Oi#lWzpB;=Dpbq?P1P<f_i-b
z_OPf_;@UBMpcbMM=dQKSnZt0%U-$cd-}fKq_hZjmd$0Xm>+Ewldp#<wjm)X&uJ`gC
z|NK1R&WzlH4QKv#`S#hYJN2UaQA^S*Z)H{`uYc;V@xOjn{q1O@aK353e#pt9jVVKS
zzF9WyzJg&7-cx?}ch`-3a!uOlZKfXz!<&yzxpm+jq2{?Yhc?gK@NDbKpLXA}$ou7-
zw-?%e`MLPvf9O70F=pb3H$JT6zjt1H*LG65boxj4r)xR}-#gX*@e}@$FCXiCK4QT)
z>z;XO)anxla$=6GebqB)$MKmZGhVpKuqFG`tFs0;zKp&3zvFi#SG`<*{_D%7KPEi>
z(j;MZ+`8LScK&eUpV^N*Gv$q%>!+R0cs6|IrP?{ViLc%t^Nsoahw@*$V-aZ_v#hh@
zz9&kazxs>U=k6;gu6}Ca(savjr#}9+Ffz^lruVNEPab}US^L?cffrhHL$-a88rm>n
z)cU=*8PxuFw`){GDj&FYL&S``|LeP-H=a9qp#8(+4?efqdEHNcpXzS8cnd$mb!73Z
zv)BB2<k(%FC0pkW{#(@N!@F$L@2YEB8U13juY1M*KmBs;_iwRl!s;i#ca<^k#>Y+;
z-IMv~+rvJ(bI?uydia&6_x$C|rlX0o|1s{@ExX%3P2#LC+&gr<w(OJTU)^wQfoXou
zX#FacTB|cgCqFj)=7opfnf>CV!q4W{ZJg@(;)7L}&g|My;aeH1@p0|LYc;;#jdnjs
zGz-GGT^!HkI3qb;WpLvG!#0$`?YM)r4cvws&vvb7W2m><*gfu3_WM2R`#lb|_hD_>
z9W?xJ^-?w4Tp7>#)tpaPnS0Uyqb~dh$h}Mf&)oH$fOG@NimuAs-vXrq1rql|c~|MD
zhOKHTUR)wypCY<?pgQ`$8oXa%|3_$`kGdBw{6;dicDb8e7UK8w#xVkZ-)gGdB5L{U
zs-#gtiJ#^hs!_X^@t=q?RC_4Yq6=?8rC|gb4b?jTu_$&gTEL+0^=~>?Ci$woC5%Sl
zxRcx4Ig`7jbxrH($WSdc@8_fBE(5)^=*o|YM6|E)2JB=n8NxPtOj}Wdt5%CaX$)&`
z7LAOeXk-ALr?M4eoTO_#l{^J>MV`u&2qo(aJ&&V@;QWHT+83o$_)r=*M%2jvLWWvo
z=%fs>ssJ=yhSFsyR~4++|BfmUWO;xwaPBK=O<KLVCc{<+HLJKzt!Uwz!}+>w$Q?UL
zB=ut+gUf5Wt-PfhF0$KyB5b^W%y78a8nV0m7#5R8|IcCL_m&^SY_EwCY1zG`vAl(r
zpYxv%8xLzw%i{)=AE)JCk#p<?(#>A<*Bi-cmiO<{vA_8b=-6)d5_^&D^dw?*+=XTn
z$nKx1#%_UVxKb@^z=aqCC%`o9C#*B)(^?H%bGs%FCKl~vn-*4l@*Ewp=qKCsoX_ZP
z_ROUwoW_9WrePgw66M&R^ro0&K1R)88jtY~#+%vAwP+00DbHynA@F7jG$;ExwW0bG
zDl3grhRRS)Pt`fUislj1bLB0fygWtoYlVclX1yoFZ1!ZEjjJ9ad)fV@k^Pz+VGpwn
z70sw?yfRGF%$*<Jrq(nYs+-ww*;?{Fd!(YdPyXeKJu5Me%~{ObW2oN4?qyG)x-Oex
zHufz;n>V%*&6H6~+J96RUXRHxOfYJW$)o0Kv>4~vo2iDI!tgjFQ1$yLqJtJ=VBI{h
zoWHQy<_XmL6_>RWN@6{@v>4x14`p$1t0mTYY-lN~H>}-^nsH)e&q7&jm&#DN4873H
z2<0VJz~WOhaU3BrHwDI@o@3Y=L%#I4Xl-7n+JuG#=1-7|-WhsQ)-^evJB{I#IbQ2-
zT7KGn%HuRg%Vv=4&Y@CqiaB|_--@9Mx8ZZ%TWYpYW8PA8bQ=Z?iy`gYabT(QJ>W4F
zG&CRa=5}*GYRHHeycU(n@eLY@v)-kGR6!+GDF0DpJk_x0b_od>K6b7-&frB`L23)-
zXKP>+52Kqnu*rv>4RE>ZSid5_lhm?x6+ReWY_EJC@}Uh_f%sneyGcEZEXpt^DO%c1
zcCqzPBf~sF(L;ToUU$O?Q_K_CgEZbH&n`4a0Upn`k#E?!=2&2T5_=kQjqDM&9%zjI
zf9cpC*l)wz*n0K=A~m#bbU0e%j9~XdRyay%u4hu)5ZpRJB=P4fOb&U5!UKvsqxD+U
z?xp}c467HR61p>p#iizCk`%_4bpf9}@iM1>!UrAl4h3)*jbe)tE7x8F_4CoJb7xBJ
za_K*XP^z6iK-NJPp^s!J@WvexWCt}`62WLR_ou!QCXgpuB|Y1?@;U@1`+zxUQikDf
z;w9Bp#4(OtQot}xPtq{Y(qpIwh1_X9#~W!>%ryt8ji=GiYq44mF-XQcb}d)0%_8lR
zxiguCxYX_42xGURT@CQc#9~m^4B#8c8*nNK?*+8Vg6`tH07C`5eR`s0W00$!fokwU
zYJm+HZ<U^`7%9utlQlugijuO#O*<Jj?HK~)--rT&4j;tgP#Q}U7C<%|^n_;0C`d(?
zWUpG}Nz)e6=$p}!dV?6?T!fNk$Rb0J$dE^dHp<YOGSn>XDxwyv7@e<6h776zbe#;%
zkRgi<70J*8G8FjtN{ne~G6qyWs80<Po_NBcu%HMfqwu7c*9HmCU0PT><YKyrTM<X$
z$><TD+cB?~@MLgpRCq9O^O_66!eh!IgENEVkQ~lJ!<K*miE@ZSppf0{05dF-kAo!Y
ztONa700nMkxb496A}PScWHy7o@x+1TWzczMo6Ri7g96E87t%oL6Yv3r4h>)*2halb
zGmy;ULHn-kfc%76K{6#Urw0^ePew6{JZwrJWHeOuT=Rqij8~l*7<sx!lLZUaBc*yv
z0HsFXk|lgmq33pOKDx;Gp9`5+hF+1OcV+0Xv~P&&&Z2n4%21*V-6=y0WN3v9t(Kvu
zdkNXAl6Q-MklpnEthvkm2b#O1q;E@OoT*2yq`4c=+{CWMoT9AxOBPEVY5M5tirT$_
ze{W`LbI%0FJPFV!b&o>&oQG-qoMeldyYEOI-V<AAUkKLQ3eZIVVa%k^E5u9+yraJJ
zcEP$}{geQWvgHBHA4fkD^>pd?CA6|S|Fpk{dZtXHT#fKPEf4I|vZ$wv&pm88=lQvX
z!M?)-G|HCyMo7|MAwm*viugp$9X4`P5A|G`hH4{~IF~G5m>d_RpS0Myq@-8Q|1OHs
zt5WX|{Jj0;9_mFhjk4tk=J(?dq2*@Ly~Pg}JveX43K3c$f-_RBMJvRkM+DL3GCd<i
z1mydn;$=Y@#f#@JTe;LJBKH*sA@k?W?_G)+0gBmwdXnBDTIpWi7NnE$N7qqYoohcC
z%zQXt|LAS1jQyjj51pmbm#z8tE=CKcdBxGoT#KU@ERIgO+Zw%S$$iBW2Mrn+xEp4j
z8CRrPm!c2+`O1gsRq$(0PtY6b?>K!F{k=`kP?}VIA;rh)v+3`2y_)_e(ci2E^GmRu
zz!)v5s3WRnis!$U(lc)L=y0?NKohd1VqWJciLqNG))+-xtJra<KMrHCg9D?48|8fb
zX*d9KIfP-JsTXx}u6P+$eZCX_-nC|@f+sM}B-NGa1M>RJE7E{AG4l9&G~XE6TVl)<
zY3|8E)@D7jAbYo7fl3waQd{kP=zJ5G6;t&@^I&mqVxKA{-OT^Uq_O|%zxuEKtN-f1
z`mg@0|LVW`ul}q5`aiq4iz?ga_q@*-okOS-Kex|0kfiCjI$fgQb&iCQ^c1_$NYb=q
zD7iDr0<hax=p0Nk%$SoEp9xt_wfp1?zek(g%{II1jvd%+pwVzLOUKpgxXv)wS@gd~
zLZM|Fv^+~ouEv&a*fKPHbx8wMvyhqbHlacEFNjA$#6UJ|Rx?bF75Z~9q#cH~2E#F0
z>5#}mbCf5Qao*@q+4#_b^n0wCdL{9wT*FGXK$Fy}kk<=>!0pr)h%K`|cSqS(B!{Uq
z8A-w#6T1FOtSdcTAiFfA^U1N(AwZ9tgL^cUU5jV(HnM;Gm!w_veO0L)xQ2S}JFRk^
zFT_#fX99;f?xKSHprsPm3!SW*<o10yMO^U1?q-)3>0y;0$9dWu*l`0oEOmtxVu|}y
zStQj7I57Szx!Y6FZBMT@>=lU72d&s2o{flJu8ejvoqA5o<nIcD1)FP*CiYURjqpN~
z+h?dipGhUHuy7^cQHHF>56Hk1Hy$dEa4v`L3&?spVC3UQ93(L2u+=6sq0&cLBvrr2
zHk&F<5o=61y2SmZXB-SPg`)$y2I~1O8#-RS3EeDaW>KD_|EC%wL)K#^&;w<ooGUq0
z1xS`RBXv^)(;>4;t#pKj3jF>|*5i;%Odr4;^pHq0wvuct#p4kiD6X@!M6Ty7km|JK
zyidL_*GW~@iR-B|R;t4*>O_!@PX_7~73SCIVeEA1dZvf}+wh2>MknWN!;dAsakT>1
zDsY_wH!ARG1)dy?!+?S?C`Vm|Ui1pQySq2urNA#M@JkB(q5{95z&jN9FADs;0za$3
z+ZFg}1<v%wSzoW|@1yEV!Sp5t9;3j=Dex%@oK@gy3Vf0RpQ^w^6u4S}YZbUkfopo>
z=(`yA0J!V(p(t=0?F%Z`Tlh3AqGB3Ef6MRD<NX%}dzFcvmS>oaR-haLl=(F#2KP3-
z)eAQ`^)PA4;lIC#+pp2>bA=Qj1)e427J+wgwB44O#ea=EEa^l&5gSw}y(9=W{;U=~
zB$-G(YU@BX<#^EsSRAjoUyJ?1Hih0JO_@1-v9jN6*mzRJen;4|Y!)63rqL&))s~q<
zI(aSacV(Y`gVy6V^%d67W??({8`bo=hijs9L<9L%mv9LBLKr8hD-3J`;`kYL(0T*j
zq3VsFRNyTN{IE*NFPkM322rQ#83c*2kjMW59c2m)g}A-e(UjJIJ-9wy6rG(F(5Dy~
zOg6j@mFyPW`8wT#E2OBfCW@iYtr)i1ead+aJj>T0jg>wK@W~ZckWZ=T-VSWA+OsS?
z`dgyW7)-D=W}D5>bU8B4j=Mf=se`bux1@HOa3E4E!Rw3ahf&lM8M4-xNj=-!dG`gG
zzeRa9BdFxX*w_v_yfATiHu_-2=Vw@90i}Xb#88bocnncNwq>FCz9ydb#^512l@hDP
z&Yy=KtbB=@3WU2OABJlXhl}mf;YzLU6UM~7#~6h%u{51P(-@kXX&Oz_5j2gWsfngW
zn(Aq)qp6mr3{AVXVA@I3UufD6sY74VzLPQX>5(wz**aE8JowN=$I)E2>B8B>RQ+&Y
zvg=wt5(?|-ahx45{tXkI1?xNUB_4UbJ6liAdR)513oZ@Yk;XQA3R=1Dqstd?)0T#-
zj2hQnT%CbC-tKYfNvbX}<Q~Xeev3oP&k1FiJkP2w!KLFD7!giwtxv@#g21EuR8r8I
zc*Ge2#da(Iei(ImmUzT<ug#$orpBvOMj<j9=0FZZW=6uaILL9bHhu~=i~d@d;VFEo
zF|poIVF6H_!iiJ>S%J9pFak8b&8vm#gD9OdRHPxbd@0PaHiw+d<chl(yEnDVBDnN8
z(7mYt(}_-E1=lbeado*noJRiK5PGMC@h1TA#1_IWzo&LvWD;Yn+H{UF)`z?fX#|VV
zTL2xLg3xAwG&FAuKr11y>O)Gr4bt_A2z`bSCH4VyaWX<X0a^o4E&md(6g!&62+=ZC
zI|X<T58=1NJ3(_xEwI+O3s}1dMnqibVAU01$n7xoMw~iM&c+W56W1OlFaWl)sfgwU
z7=b6X+^SZ_bqmbCZ6MU#p}|Fi7s>z=Vt@%4UV%S(6}rS1BF&It;j6Af)tWqh@(^h$
zNvfXfR9S6ygL^0{osEnKx*h1I(GHCrvPkTtw-^W)o+;Zr(}l=5+CFsX3a3=qU)v8P
z%}C1ho>bIb@}wH!zYb4oSNTuEqYNWc(H_;#(DH-m^_I-;s!E3u1Fs3H%4!-NDo>;Z
za;mZ+@eInvbXo?ayhDo&%`;Ryh>Os91NDA7kpDYmpSTCJ#>PTFk+IN8l@k_~Z=J|6
zRr`Pg{B>iIcvTp``Fe(F+s8*tr0$rb`De$AewiH%kE$KeJWMELH`F<S4)FM~P~Nr&
z?!kK3)P!l6Z&-)#FTx;%6Q)(bz+54GConu=mC^MG-wAIId>Zt^N5Z(;957c`9v^-^
zzO~}(w2IfnAV(4}<iSkdhNf)7)O{d6!qjJQlCJB3lk_EYsNKfjdOh-8h@1d(;^t@t
zPiR||jsNI3LC8CST5nvZ#uaAgxiLV-`jX+DbPsI$AZD>BW}y+#(?xQQ6zHH3rK!WE
zPl%+ms6cm+C~JxB&JeC!?V9*%{0GQWr_OG(3JpMwB4(&SH8{xO4`4776i7n_CuOaT
z#b6b%v8Y^TU`4duV&zxFQqi&UF9Us`$xzIJNp)aX8rKb2xeUsol4i8nku#!C|B|?q
z)Yi6<B=scGkpZxkcTK`2sU^j{RL=VNd9YK}!VRZW0WXk1aKb;ck~4Y!6j0^Cve@iw
z$Bv^gc`oT!eLG`Rxkh=lzv=+;#FuO`K&@D=K8kn5QaQ+T>eIMxb7>P@*ILd@DH+z+
zcGgNpCILfipJNXElj0VfL%1@n$~nj`9J2FQcL8H=fIGQPSKb|SmNAxoM=6WYN569b
zQo1x2;ZRTc@xpw(8(}LJ;&vga5Sa`e6ySzoK~5$a&<FD@&#G3oIbkH;;;tzE26!=b
zjN%`K@c=|XyT6v8CMiE@BrXkXEZ#Ue*o09|Evau??1<v$poEal#LF%N|IOgQvjZlR
z=@`i8F}T?jbR~>(O`r>5=Zono1Am6v`LxTheteZ&3!Wuy;hyPjAb8`kD6lP|Y6>um
z{{kp$q1kbenJ3N5<`pN#O=ny~EWBAj=I6O|jtG9z2$cAng~$|`a$y06iqcla!W3)&
z-PY9yMR6tZU3Y-DFtDRS)SS6M;pY)6A~C0#<XB{vtiU1!0Z~4z3tAi0D%2g72xhHe
zQ@nkQF;&UkRb47omUs70?$1k=m85cPFe;>!81DQ?u5u(-sSGYrj2tdF*}3jFi=r2*
zn2*=*qo=3)*WGVt=9%kpr~mdzenWyTysKy$jX?o!3Z(iR!fNWl6%<WXQ^lZ4T&GK|
z+L`tEr@tw3$EbPZ)%u?wCLOX!YPT`3MafXR<0%JHpx?oPcE`3s=zSwF(r$CT)gQp0
zyaB!{Iq03{;&;I4dbi0<@H9fWvMdk>6xJ8nEf~p}g<>Dt?s7b~#fFgYx}qOuQGY9_
z5`rRxW*gURgQ8=F^=y3;9H{4{00Ly4dB`wxsxdlvwl3KvXioNv@(WnM>&q6C*S}9|
z-7$Ayx(1J%=gv`}P2glt_>15xMg0-aGSUN%;`j{yq<<hwePKg7a2iY*Yd}k8)9Q?H
zpz!W>^&3Y}EV$g8h9Acsvnx~VLUfckqPUY_H>7^+h>iiS-+2!@PPgjaz<Mx1E5E4&
z0XNV7=LQNOPUK#(4<JkG^5;=Z>T<j^+vzsg7WLCij84v{1YnDg9=HcsCelw~!##u9
zjtj8`a7{u%wFnmhx9WgX?a!8@2X0sjqK-=tMzInJA_K93B?>x4^_&sC<zmCH4B|(g
zv_88B7^D6PmbG~*YNvj~6&}H;Ra;uf7Sg&&R&UU{IIEkS`ovC~MI{)W5z5t>;zN%1
z;_a+LkSmC?Nu9~X4;6<FE@49>F|Bf*aCaoH>5M1gRPup=yd|-vTKVXG$~$N9(|ABk
zMPj4CnnhMi*bV_)qQgH)w+pOJWUzgS&{_gKvC9vQ+8kH^1I$di!f!x71xg%BqW6UM
zVu<M~TI8<}&0}9X{Bf(5d<8myk}L9;!4?L=;eJ8hPZU|bm-{j2c@g_;<mTNgc|qW}
z(jh2$$W&qMajjyMm;cS;7D=4n{Q~cWu+0LkvW^9|nc#E&iWqZ%$5Fc{Z4iKd>FNm~
zF8C)j@iJ?K+Jv?U6lzz&mcUl7BFfGP2&LEWN<=}5y>NVRd8pfEQ?l3)m+43h26Zms
z$6UIeGal#S*lJ!$0<q4i)hNLE2mJho*2DRBLVRJ+RO(r4Fz<v(Tw(kM?I~0?^k?`C
zCd=Fl>crNgr3LVLmgqMwhfn+vZLqe+ykgOLlVsn{YQj&MTe67ipYV~MWWP|F@ReGJ
zJ}J~$YEzu*P9ecd)FZ@HcGZF@bcp5^USxJi4@YlFB}W=4Im<z9FSwvp&L6MQeAzYC
zdfOU=TLNLP$*amKSoe^i?jzaUHn{yjjnmKb7z$a0>}zn~6j~C%3^oGbktdXA)P8AC
ze|EJ6B@MG|Yy&nR@By%m9Z@a&vs!VR-7}T#;PnG%OTerjivQ*Fv`h+~Zx;giNKyc;
zvcb&Rnxu%z0`t&=VR-ELN41KW^f&aFV5Z;@5K5}VWaq&3a**dHj4L7S2cEx*IUN0^
z5YSDtfmiyu4fm`?8wTz7#<x>9p>9F#C*{gyyTI;o{EmL_a&(FuQ<JQKcO&Wra}3vW
z(|(VSjma~#&Ny7kh6;wGW1{w=RHFLgrrJA>!GU(tfE|@!e+x1fw=sdI)x!CZ4hMLW
zg5zvfK4W#DX7Q9bzDKe}q&|U`5Um^z2rUuRws$?;mw)swYD=W7G;$#k?dgXb)mv4n
zIGjfWu3%u0H|~CsS54RehIJN_i58N97!(LRx<z)ipa#%vQS^q34LyQplWdCtDc)xJ
zw$`=LU{6xN1U}w%q7JB219n#!vv<dJ`Ht%ie9RbNCps-`R;P=pKYl2+y|@wftW}U(
ziBhUgC$a5uw6VBWY3JZ}62WbS1#VBO(b2iYcTPTnZ(9iTM)5#kuMyfwm|rTmWcM53
zfNic5xK<16HULVZrm#gdi?zx^1EH>!HBV|w@6l!nz!BRwOSF;D3IWlig1}a8BuYc1
zG7S)9As~ne2$CioTpH?LhzK$~7eO@7Ne>&2<#L*&ZFvMZdN|WiJZs|;g0SDvJnIZf
zXr<i%Y^xKsGCSR5P|v#f7(THFi4lH{+NC{>a%>h?L(f%qT488SMF!ldXhNt`6UE>;
zpbRgmWy)*74dB427)dfGfN<n3=u8s#oyjGDyI|_9yt5uSlPc~^Qh!$1;7mZ?hdIz5
zCeSNltpX7T#7NRZ1NtX5@iyy3QPQJaz7?<~Nv{TCO-%xG0>qli#ma&C(%-p=ZlUBh
za<N`Qv2r}F8l6Mzyf4<OIb!un)ImLqjbzqhsdx4%Zu))#VB|>QVNi6D`ppEmX3))A
zP|n=?hVBgYk~wly^~cRvCMcacWEM@0+&~AN$r0~*Y(A?Mn4Di1&rf7rRnpagZ21~(
zCI@u+n(`WZ0z3Y>I@hf_*OeVHQ9Vj*ycEjhYX>HvWnr?V^FGaLF##=d^uNqNs&Xy-
z6_oH)*@*#!?#2L_RY=s%N+orJ8T^hu!I><Tn552_fH%Qx*2m?;x=woX{m9R-vKmt}
zW{J(`VH;=p%rd<OdlNs9twx2|_lPwAZ}*iaJw;~zC1pXfW9YO!w-qpR@Wt>TU?x=A
zIxVpD0*H8S&nl-sehl?NzUzXV7MLj)<Z_}kfi-bO>|Vi!(M$}jYXfK;Z642W>h)0g
zPq>sK<{t-_pO+DP3T(%!*2kTpRXcA<!UZjq45$QE^D2a7h!BTy2zynaodOKVUPV}N
z^=Ld`nAOX2LZLzpR-iQ`$ybY|ml^l<vO7Q2oncclxZ;7$+;YluRMc>G^?EQ|fGU{}
z)YEwsqb=>D-lTf+SZL&?^Va}l;lW@AO{bOf(c}RMl?lgXzB(kWTn9!y$+E(OTBn`<
zMtNL*0zE8<+i%D`5>V2Tkt~!@qHPkmiu1(AjfqX2_Sa?GApbo+z6w%?Q|?KdRP-qg
z^C?Xl#t%AE4ev31JH+#?E~*@%-ND^`Z{st+yZf}a_^!EQcb|9f?!H}t-F^Go-gzU8
zi)yg<@fS@kj9VJU7j@5jui>&d^nHA7nYoSjY8u9m25R0Au2(aD$28%PdOz2^*C3iW
z?+s<zZ2eT}quzg*IeT$Rl20K8;7Id+4vA2k<vqpl6l8Go^x{>J!3D69nX?n;narFf
zj9@gpprVT{`U<FU{8OA+<%VvqM=9u$`BpmSXf{Wom+6(zOY_*MwW5<yG$;!f*Ftt2
zTu`D;uj#t2`F>ER=N}f^Gq(*e;o>tu8c6X#2G*X{C|~$Re|{7^{(%1B0zNO4dgc#5
zLIo^>oF~xnv`uO=`4=W}J{=bj)8M~gw6?y1%fAqE$WN>3F5QGk+G`|pT8Jhz??f9e
zUSb=77`Bb_cT5^v;fAvBnrpCcfGwP9&aJCw2T9R-?5u&Ms`11*&$5NM@XKQS0Y^J3
z1v4Sqbqp7Y8}yu&_#TzW%7}HIvXb+)YRWC_c7<`xO}0l=e@Z}7v{u{7*N|OGE0^Wc
zS|iw^dG^^@<?Gp?e@(AT%)#g1A7fYb{*`#?IIO+P^I9c;tv{Y%x^gkp1*`;@akl2L
zabm^8Y#du*EnS4ajX-8RfXw6d#?ApFtB!Ac`QW}$<yYzpTQNNg<^^!C|8mvra%MQ)
zvZ~$w5`<R>-De53dP?7JUE5O|17dJtz!J|t*#*5RS<aX3@`;b~_TzGkw|dUobNaV<
z4(|Ty*aUE?9u*VT6mqi1&pzOD5NXiqSdR5pGO$$7Zl5a?ZOY5~N>DahMwo9e&0@X)
zCM{WV=C&EsFP0gc28H%@C~10nA%FR>OpsHK#DVx22<HKv=+{?cKLV6axjW`5*{ZK&
z9t>fRr85FOy9FekYxzX5S*d5esfe0?Lf?x#Da7@0YPJ5}I=F!Nu9%3623G4$h1QJ0
zZB9JFiANfhd1Ymwag2V1I_r$2Mx4D_Ws$7j)JQavRn{}8+}YqaT7qd1YN|UseoDH~
z`vc;ywh&WBNY5Z(S1^bDj(4;mvf#O)V454tmH$SFyJs-?Y%C)*y(=h&roFS2TkLaR
zXv5mz3_D?sUmIEc+>#xN-4{uBZ|WKBCCXF?;<mZtU%!b$|JUMwk4~K}dG(<w8nv6)
zOeNb?q~H=h6*F9j5D%6nQi34q6Jql<F9Bh!!>k75TuRil{{x}T&)TC*0DwbF<-HGl
z6xFo=yqn!khGfGmu)!z+A_S!dG`L_{HjzM>5S7KnkWHc_;Cqn96_th=z?Oxilh91Y
zt@J(H()Va9Mczj%wYE|~McB>a<`0MoAcjBMMN_<CC<aNB03q|8b7wby)c$$j_rCYu
z_kH>0?wz@F=gztJo_p>&_ndpKxhd$u#XL(ikl#>i4@<B{b<3T+)lEKv7qVS$Lywz0
zmP*exFV)^*$aiqzuQ+=5k#?uG5)6A)NP%{e+ej-=Vq3T4V<DX!g6Y~bb~#-il4cXv
zP5hV@D>_h5xuN4u7@u~5S=VA0%$rOAtrBDNi~bRIj#)o~d<V;zq`Xz>P1f-f<N~YB
z5Bb<%_-#$%oayXK0lC+3R1T0ih!I|^ICr{yO^6K{ru)|FMXy=6DH+(yI;M7{+zG;}
zTuIwsSEs9uwfSdr$?Qvh17|jLLX)b3Nj$15ru2^uB}{qd8#<^KDY~C3Wo+kQKqltn
zAMsIDsnuQroLLNS2*q;pLUS&5@4fOuW8U+op0-fz^jxub<;M7*dR8v)QFXC$J>19R
zeSG9zm#gnK8DsSpJ#VeFX9%pv;G3s+Eg|P7&@T>aC7XYctD6>`;DB}E7(BStYxayS
zb^Dy{OMK2#OVl++HG_C<Fjt%dFda9AWHJl5DGI!lL7Fx2<&g3ms)T~;E{MG_maI_w
zMpdywvwBZqyQT+V&bY?@0xqyvn5>t$pkL@if8>#&!O*yb{B#CI6i1LZ)=pGzM@-;O
z<-1fNS#E&wV<8{n>D)(>0W+7E+TMGDthzHYbpb93$r>g{lux%)giJ2c>Y5h8tMd)q
zWz~R-wlI_6PEqnSpoQIQ^%^9vRTj*S9zeH8uOqsZQWYLl^g?e0-3V>Sc8YGH4vT>*
z7uL1NoK^HE*f~omRtJbS>N-U<zwBk?IEm{*!>h(XhxIKy{4jrVv+bOtnXSP|zvdiE
zxe91LXga}|;8zTyzaJ}O^_9lp$#AK(8hHBB?f8B80$crKRG>TC#V6O?>ZpV3O2>4;
zh?o+J&Bzr2y*;a-W&0b`!p04?vAJ$iHA!1KXR8;XRuytUxAZqvUI<qP*3>egY=f@j
z{us>#ex<D`p^>M>$tB5HB0xD<8i*{pJ?F-q6F&`CT>$ZVGxTKeZrh23fN&>dMj<k;
z>Vm4Wx?D&yNd=dcL}>GVXe$K@oslbta_t3Hi8BkvT8qNU&hrDLbVMyP<bB|L*E5cK
zb_;IqmkPQXxL({eD0;2BO-{Mc2&}gp#~ya}P3F3)KEXH0Lomk5Oc^?MzrQTYu3Hyl
z0Op`qe5TI`fOB2!o<?J!!<ef&tz{_OLf^ngyuYD08<%{2nSTMCEX!ha>t^_J)jFo~
zdKqu3yq*h`L6?!ITybz_-ipa~A+9nwr#4v`(I2Q~6hnWuN<ke3ed)<?lku0RQG!9R
z0%5A0trKG8PV9-_&5XA08UQj5fXF3PGjPmJL428fGM&4eUp%gLgL$*j5v+&}#ir*f
z@z^~*ZDUUMoOPU(`=Q}CroBm^jUi8<;`aO{j{(I7^fqQd|2ul5f=)RgpA-^mPHdd8
z*#rco;x>=Yvl4PW5Xl8uaxo9!KjxZ<x#BC5Ay+))vJA^5m2~1wC|9o=HYV_h`_iVN
zl-w$}$!m@Bbs*@Ai5`YgjVeqhoqwUjOUkhMUHC^T|ME5TJk+t1>QkZV->dWjUz6+*
z%)%JJHwO|9L&(qoT@cFF>mWhyfewkA?pqJ?oYAH(tnqJ7ltbiM7>bC(N(>Tapy3N3
zvG_X9z{4oG{DcwE+<RBgIsB4fvX_`Q8YB?by?CJGRCu8f`>>eMKK#E)QPb}oN>M-U
z8l<Qjx}p^I@j;48$wI;qY6>J43zMB~hT}shsiDC|ilz-Eph-Xzk$@uUl;0;S`{@)t
zKs=|WM2M$&Ipa%!<BB}Yw}l$uEfK&grbhw4CX6HZ3;;fx9KNOj-q7)5DkEAPN7sEU
zbEonoE{p)SAb{d^)t8w8)oD^<(i^G7B3PFclAY;;Ku=JL@HIOZX152#-oA~~9h}uW
zb<R;fzAkQIwO_biyS$&y3oRZ!;@5GU7V7A<U{O+{Pw12p(&hv5%bwwrM#i{Ey^(JB
zuHu)Ay&V6z*jpyRjFU>|k?16H7i}_YNl@&4lAj><&f~Q#DZ_H1*C8e2YaUbq;wZO$
z&4Z1-gOd|d`;;%wUZs@mr<4TUg*Mf<9}Oea2S~L6Pj@wn>eON>wt_4#4Z6#5b8I=9
zGTOS`WX<%*p}bLD+C5ik1xmGUPX5T`0&e7^lFpAzdGvyO#F6tt=Xq!6`De&SCB0|J
z`I25_6iwgJbZ$0(Q?Q(W167|ql`i?D@}f7WEV)LzH$eqjf*sVrB0Wjd@sjV2fs0v<
z05)+LB6?7@1wadyZyj3L*z(F@g~e*R#2_uC6%~~<A!!3VKIUOa?x(1`go{<5;05rS
zN&;2i#z5&Ibm7HRd=AZmc2zdN!s03FxFP`0Teaur3Z;}PwcNm49v8-we}X2WjnzO8
zFe2AFX_I-z7L^8fpbdm0#GjS)Hh(EyDZtl4@LKwpUOPDCHTx`lk3T0TQez1Q-xaf_
zK}~i19pxC4$~!b6J3*@-rWF$w5UITAcREY?0{9^hXxi9fVX3>Y{1GRljE4R_lnKw|
z(BbUg;i`S{T6Sptdn&GqSuPX<mzVP6%JGUMMLuN)VjcsXmE@xOJ5*w?K_&KjfE-#>
zfmxSYx!AgM?XzmJ0#8e`(2$~zv;49W)gwSbg@x*@JS=r33d6nXtOa;es7JLlnjxtC
zSn-*5qutwHkqFa*jHW(U)E4DZ`3ivdz%r~?E^_?k<#@l6*0X<zwt6BZ`ap!IN)!ly
z?D;U_0gQ@^R3ga5$2<cMR^Wpmx%s)Of;0gH0lJq=p+m<U^ync;N5)2O-Q-tDnmXOY
zb^#3z(LaEj=&s;3Qe-z7M}HHh;qReD{JjE{seJid01<6f#Up7u5u*XU)LAWXA<x=~
z`rp$~#XEPPtq4$S{x+BPP(4kpMHsmf^$p6n@;yWG{*LnP!|*;HMIp6CT9Af^%QGk{
zksnh%{eSLTeP8>ngMa&5YEmUU0ns>8TGB>s9qD#;)>d2)dL99Zek!RN9tH<M7z^p!
zFw;^xSX;zIYBaN>CGvbEe76=g?TPg5j-rnN+05lz5%K!}4Cp=xDxeQY;tjdWbk|@m
zQWr{_knK&=T1p;|(5ok<E!dp2Myk+`_gH0V)0)s0Jhmz)wB-@F&pF_N`Ao_!hp+3X
z?H)1zF@oMG+vcuDCDRUEW`JvT-D>hU;N1WYqH__l>(7W)W^(f*+6{%8t(M$N@VN7+
zZO~wQMK%m9j+ztgH6XUtbQc%%bB3D|-P2E73T-|;h-6g$9cD{3!cCq!1F5!d`05L<
zqlrogu#T)p(X^AU?per-H*g6X(mhQ1>)4#Xy-b%f@DSNci0Zj``g)v;Ou(Y#+-cgK
zMZ24+-Nk5knc7`f8@*eg-Cfk~^0d1)?QU5X_6{aAV1g%+yzx=AVK<e-@V^5<-m2jb
zTcu(*@NtFY-`a)@@j`$O8umLMX=%6&CvRE}?@lfxMIf{mJF@5kkhMy!ybiHhoU21~
zs&y$t`Ut&9xXFAhm)uZP70?$d5AZy49{UTg&15dU7PDyU^NY}$l>rv?uCETN(ZhNa
z#*^Gzii+PM{Z`RO`>l}3=oxPS!$)|~28E7_!Xem9EqF(elYM9jwH#)oS%|>pmmx!;
zdb&J}@y-`e(R#Z46usH1-5jGgFVPz@>jk=8JqwH9iQ^2&YZhkI@rh#AOZ37BO`Wy_
zYeI|Ify1rAgfISEHsCh}p1!M%bAWj#!p>IX5wY43cVQc_)u>S*C-KzsS@=4!;_>G+
z1BH|r={+rv5{53C6^o|ul6Go%t$mD4Ig7IwzpA`=J~kmO;J%w0kpK{|Vfno1XxXA0
z7%el0kCwh0(a|yvM~naFmq!b*DM}m_<6)Xzjto;bod<r4_I%I@#lqco({@zBPjstE
zFX3YO78I2nTB1R0RB_#+Q)oitbNW7AnX+Oav8M)YSpUIt0t4j?td3ob!cr_uw=YPu
z@c&>@hiFlrrR8lnz>gC&$CbQ&K5jdp+$-46+Gy}h^`w@%NjB2pVl?7KGxwd@@xXk{
z%7kBEEjqwaz7fhc>O@8jWt-xq4IuZY=|b64;zQYY#f$!_aw5J^6~L?@MV>6Pdyli#
zx9Ivr3l{nXUe5Lv8GS|v5bFczD#_8iF-Go%Nm+RefgtZtY6iXK^qK!a0nm#k1R>S8
zmBMh>5E#T2jIMG;TIEn6Mpe~Q0O~7F=i0OI&5i$|#LDzaTou;UsGFWa#)1KHf_ID8
z`}rkxhTVGpk==}tutZIIS)1fCWg#qw0=*{j;>4%Bry6F~ATX38kz(r%wYf%WQRmAw
z14(2wqdK;_2}eXOqjKRKkwY#fyzyUc=j3Zx!Yo=qEDreuToRA1Tx_gVDnhx&s+x0x
z$<tk=#LL0Fp0;s*(f=3dpY4<ih^orx0BxIFH~`yB=|SqS7Hv?mlx$@L8jKp@k{N{R
zJ8>FR{5Jt2B_8uN#A0XXh&K)F3*S<4>|v{@N!y@Y;C4sh((a%ECSVZ>UxZ1_U3iGX
zjs}r4eBY<taEG{=(ed%Vg=T;httO#n4O8jqw~pS5Pe9oC>_pUD(pc4>jW%tE02lMo
z&~XtOsuT()5(3s&o`t5oHWh@zWHj5r&3TzwyndmZoI!%^<74%8v2%jLC694oA=%!C
z1Ilp|*u|`JBxpyq0t%FDH`$$np6$5G2eXR#`#kyr@+{<b1R-x6|FFBjMMjSw5OB0L
z)Q8$B+YM5Y;V-i%2nSVK7`X?4m&W6zG_k>i(CevPWpN2e>p^uEewmnPCcMN2%XVsa
z?X=|E{C19UOL6iSa)G%4m99E|1gb?j#wd*e5xMfgNrDA)^}R6(<l0<FQZm)JniD)z
z7h4-MUn(%yO<?y0UAd(AZjJXIqsAfk%*V@4b6u>;nQQgA)#s=YgN45z*Pn!6Ro+bH
zO_euC2)}@mjG_4|wF9nvP{&rIqr<w`%v9c(IYNldRjw^oKBW&@B1<FyAg2LnQT4WS
zIW~~7bLUk)xQxG!(B9P@&<hjsGdvneRL-6x7(sMOwE3Ysxjv`_)S<Nl<fPFL(T~S0
zn-3Lg60TxhVypdp0fmtP5FW`K!7r>i$7j`?U=R6S{A9x46|vu}i-qcGl~dyeYpNuY
zC6O!!cmR(I%()$Ilx|M&aiJI;wiv!(=@>~3i<ugK=@Yy`Ox3CSsD;gN#B*AK2{c02
z9C{hL&z)a8{*@RU3A+K4cc78EBPh+<fan!BI~nRG7$l)jF6cugM}EG~+eJoFJq%Lz
zEcoW!wGYeAE+8pu=gYl;&tiN=7D(U&F7g{(Eb4SzE9SoudEL-o=*9xxyA>@UZ|5=;
z^JcBkqg<sR`KD_^OP1`|4N&D5xC`a1gE&Udf$$jg#FPlr)eo^$-rQiqEQn*uB#pxq
zdp8Ip<ac*sx?-Xwh`oBY1{KdR##rr5YRiD+s?0t?4)G%m@0Qt<h3i`Mg`9N&N`mo`
z9?Ea+&33u-(Pi#Tc$GL5{{8}Tx|fbCbV12a&d)D!!8DZyxzrDVnHWjutj~@EC6|_^
zS?In`HEAyriJ(&Cc$YUif<mR5^g7*w;JC(CuYo3<J%NwUo}Db*#Gmf;P_|59{Psph
zyI_VQ_P`4rs2YYAA<NR}P>v*P8^4N?(LNA9qO%;vA4h}S`4#z=&aDRs<{^J0Ps9e9
z<a9-N=8?FxLRI7)PLy5U%XU;>Llvc$k(=}Fc7CMX_VhWk7%&^oI*wLcdD?F_)H@p2
zGIl!*mH_IK=$7pw28~JjhL(2|N8wGAV8#gzh;YXxnxJQ^KgKC@@d`BAa+;;ZE6~IB
zb%w1uKusGr!1v{>jriMYxbFDSoAz{*S>CivTxn-?au$6&9v{y){1M=CoZR?{T+%1&
zvVNe``Q=S3g%J(8E79s-Db3mnN%S5aGb@X;ei*$+yip#^`q$`v4c_0I<%`~b5AP>r
zy%@bmR!kY0^)GlI2lsV2C$3xRVbqhw(x#P499D9PdJ=HISjt_2`)qO5_W&xP(KK5~
zMETN1Hfnl3n;-tO>&+3pD_v+5SM^fbmS1>y@x|=79Sv`zOFTZYCdiNIY1z2|vM4Lu
zIM~#rV~89=pH1jhlNxahb!yBX#z$!E<2oUqpYCDlvT>cZPDhUrcj!?lSxKmYkpg@`
z*pkpGQ5%4s)6y*bK<V<R>BpWJv}vcyFfDW<&8}y39&33o@?4MqQRBJV)mfO2JkyC{
z5Pl)w$F;l2??Flgj*Cy!_Ithckv1K9+x7gN<*9q4(g5TbUEVt=hSL&EhkpL3&f+G&
z`5eliV9*_2xB#f0mbkETA8xPE0ms6fw>4$m20emm$^g#sRo?S>4^j@JiHOJ>4eZPa
zlg~iT4lY3h2s3h`Fg>T-szu2ycA===w(%<bu;P03obEBuJv%^SirMNJXsl@<pK0V;
z02!kV=1@RnG?u8kiEeh;>bWR^x4fydylutZ<?p->kQb2kNncufeC<4K3yn-SK_0h9
z7c#wvo*6Yl4W#C-@&iy#`AxL2A+rWbV56D=k5-18`~V1kw%D6lyl%FeRN=0=D-J`*
zV|eq3NpC6N3x%XNE^(3XPSJJ^`uS0|ZVimPwIX2rc9*{n`SJ@$d)k*kHE4O%nYUiJ
zMsw7EImd-_T4gM$dR=)f6jMO(ENaN3*gRbkW{)_o@KeNFDxd1n(QUXstw7+Wj*kIW
z$c1|al1||k5||*0gV566DO%I>NpQ1fiq`BCBh4<1EyoroGjUyzZY8;Ah_c)W*n-5%
zX%2M6m9d}u6~^}p_4c^6jNJ?=n-^N}Cl!A(@FyF8T==sBf7bX8qaD*jLJJyr{wbm=
zMI?kN_@}_t-$=h9e#T-1(oZJL&*&R}vsBRKXy!+!H$!``rK@WU<d+M&U^eFroF%<p
z;(Bd<*$XtU>)Nm3nR0K>AH@bJxYI_pqRviC?nI;60*j$Bz2z~FZVB0>t<+&z8aU#V
znYibHd=8b`iI+f22KP$<u!X3oK(L_90Fcm-qkkRa=w-i$yKJkj)14C&qdO<Y7P_G_
z;ziccU%FgiN|%>()IodqG~m8%At}%iBYt84;#_ghwOwl3kB%(WS+>dzZ{bt1!&qS!
z!v;g6npV@64;`B3JB807F2a~VniVc)LzvtOOkiAHuD*7mzAiTg%B@`(BZdrO11<g7
zK<U1RbOU*5F1;9v5gTGK*MAJcpyd%mm<Km+z|-2HWxNg1ZU`?!*oH4asD)4oVFLtt
z!4KM{1uwQkOduu@UxxTH#GMd#Lfi#$7sR~~_d?tUai7oVqpmkQ4ZV?%$tqU*JOl!v
z4^ud3$EM&`gmCD!R{KZ_z&NZ$pgE#>ef*3*w1SRwLfT*_B;LBVs}H`r!j0eUIRh<i
zant%n`{cUTC+XNHD+_3!VCJnnTyKNmhftSmnA}>s&>&u+t@k-?z26Th8exm%8SJYo
zkdyX8?U0;Xhvb7ygMD_zAbyS@v)@CGc6ixVh*BV=L6`<%CWK4~3m_D_Y2TzkTc<#r
z3~@5VR*0<-TOh{gW{AxYGY~Tn8zD9h?;EX+*1+!u2(=KlyNC2mt^uGP(iil8cs~qH
z8`gK?lnfj^K}RCaokGmDV8`sq=uxB)eZ5CK5hNEp=326(d|BauEuW@NJc3KiE2SwB
z>%I(NozU{kcDuaBEcW;F4)iN8-slH@@{4u%`ev^4EqlWvCrEi_@w-NyaIBmfyyh_E
z<Fv?8^?1_>H_GcPU!+HpiAR!AphJC5&pacp+fug-ybV{j<vhmLNYIOYfn1)9dpg!w
z)HPP}phjp)XdbAB6hnPC0Qtks``=K%ouYm_S^f4@k`&2^R%7nMeEAZ}OSTg@ovN*P
zGC@$jBwv*S9zAiSp?C>To8Y;sUIgj{jf5JAazl~MvV_Qm=&t+;B(kg1n8%jT)up}t
zkq<CB^cQ0+tFk*E=W!34JTKD_sG5yVb%jn_Q(4u9<OIDo`w#j*Fv@wEhDLV(JZrw2
z-T&=a+liX)Lf--=dEEqgBXmuk*>SyM1T?$hjN>MZmU_MDpXxYWagi#map5>Q1cQ0q
zX@COQF|-1=JVt3ct~+D_4y4z+9wYyvM%HxF<?OTonb^}JhV>C%LrIPBD8QhYhB7FF
zyFiyg@j;DV1EIG0#U}NO*TjIn=L`(UI?j9x?i%#7<8b$&5+gVC0p3l21$u;^BoZTk
zn@AFQa~^G#14bkC(}B_S*T~@SD7;1y>m7<Modq`4SDI3oPxdr|bic_cZDOQNW}Dx)
z$@1!}uTs4Lw0L@`&YWDEkmD43d_NeE3<^#bbyj`tsCkQp9(q&_S_7}ViPpd=rXkkA
zcmj8Rp^vL}sq27cJWm;!!}vN|{W)D^sI4|_1MssQ4HaE=TwS$4RD<`ae7dhhX7@F+
z`wWi8^<&cm*)HEpiTKEq`WWeJptz7zXUM7c3vC`?y3Iar8+^o7=%WR=P^Cp)y&JXg
z`H&8&)L%sOaUr~sPqtDPXh9@{erSerTo$C6o~D`7Y<_nCB5qrEK+lh?TogOrQul%h
z%Tz{n2V(dnOiINhD5ds=SZpVS302bzTD^ec^libr2CniK*xOCt;40;UN?-LzOf|Il
z9#0i--oD;kxo9L5-db6os<7gX+t-i8gj7hllv-<13?ZFvp5y(BcV!>8?sC-9*I~=Q
zyWNPodXKq$HX`bKCsmdF<syodJE-aB!ZrMOar0^&f1A9%oa#kV$@&XaFGBuw67@HU
zWX!u!{lxlmNoaS>qV}T?)O7QAxQD1J`ZZOBn|yv4^6$V*(!z3?=7!hYnj$HxeL&))
z{6H4k;R9!bk^Qu2^#VPER-Q>8Kxg*%OXHC}6(%&8Fs5GoliHz}*(H5Eho(tSuDPXT
ziv72Q(L=L@ap%=JvA<6kjcii3aqyvX1m7Jrl8Kt0qz+ne<jW;yV2qeTQjWqvudUnB
zFL@bZq#TT>BRW>0&P-^x`RxZPu{FM>a_yo&BMaS3S13M?04_x^o2~u^vimr=d^ss@
z7g-AJX*)3=P}N>QaBIq1GrOgi?nSr)LjaFI@d=;TjjV2BtLsr-*q5ua`<gobLpQ9L
zL?{N0*p8T=Zpx5^u<v(UwU$=yff=aU&rfCdJ;?6!E6@bty2_34kXhgu52fiBI(pY#
z0#cHjTlt_)XoX%-xv&^wL~qy#1ypp%4FFd|4nzHr{SNIuW2GFkFUR7Os-c|6%j6mJ
z%A|~W+1U>Z*W_ztG_*>`pP*wa7a7JIvmJqT-B9)>RmaxMgeLUmOn9>&E66a}4++=h
z93xo<g+h^1KBE|<wLsK--$nAG{N6qbdy1{u+D{i?2aHbM?p0MlWNUd5BC@d+o;t%S
znc9v$Bze!1WL!>KUJm_6en+?TGmac1TaB9aay-(IO#Te<x~=9MTb&DuZ&Jg-_2u%-
zYrDkBx_s1+e}N7Nia~NjmmYm|7t?ulUHJf(kCJoCvot(+k+^qoeW$cMU(Q0zRzK{{
zT@%CB;L=662}hTnt@#Kwb%~@U5FJ7}#+|23xJ`!H*+ygY&hsX^8yFC%*W|U7$%}F<
zWs;d|gyd|6&?i~g?cT(?Mae0(wQIU{@SsC`fMnAPR3{n9MQ!bd9(;CDrK4^D>@jpS
z4gkLRAOb!f)AH31qazZ%H7OaW|MTN;RHmTmRBF{t?X7&0jBgR)eROVu1{;bIC1w<r
z4?<c{%)+%roiN&Si@2#hf@#sfs&O#l$4%aXCS$fgJKinipUcX-2_=`yThNEQ<6XYg
zK2>;J-f}>@yAAHfxX3Tx2H5uDTf~q?y#Q?4J1j%hV1{36P9^qXdE}|V^wPJnSLH2!
z?ZpM~Vz#^mx5i9ItaOnq$RKY)Z61~9(i>dl9-7n=xl5si;rnFN+f+s8J4Dazi_5A-
zMeA+$-3XPyx`^*iAVA+Fm)^o}dSZQ>Tu)SO?%jZD*imvEd_Dm_51r728SKyX@uTI1
z#=+#@V={<(j|fd}vI}qMR65`XkD{7e{ZMN)U?~hPyg4xRX7A7&|KJTkQ|c<I`mP4e
z2-y%x7r)zw3+p+?=zY-Q6x!r1SVI#Q25A%uY83=@e{+5TK(h6J2$GT~P-$PI^52A9
zHn*JN=;5apO0&s_fOa+A#r!xoc?=oP2X)0bFHsdZ%u5?^aLWy)LCth$1JaR$#{l!&
z|A;G`+Ju<92AHNzFd?Rp_b_?Q>d374<XLT2eE*nc)o|;b$dLBsu9m5~ojgT1*0c{B
zPyxt#14j-J*~k<Z*~efzPOT`#1L%)MziAAv!g-8Hg@Ti`brFkP*+{Jc8FrsBPYfF)
zc9Yt)2eL(0*hGgM<zy4{00zi74>Cr#2FU8*YDaRuwu6F@H{XLVmoSuLb9}sZsq7@;
zn;H~WoVq;vd@^?uewZK_iE>pVora7>z_#Mzl3aC6OGxhcKj^&GMa?-o>5Llec$sQE
zNwj7&q!K3JWf&|PIAW@~bCH)KCe{4tI*#$g)N*~bCAUIczphwGBJ5G5GU%_))>K>4
z7vgT|=0S-by}HKeE9mtY9$Vsb_APOPFoLC$kH%4M3@6*?sOt*75X<i4dX)rrpYyuS
zU$?3^ArJx6*@>-(>V;_gp%`ZL<sBBU-@bm7=ueHd-n&EAilz=>4=8VdCZS$v&hx}`
z4ELFxcLC=Df56zbxv($E>S^dj<}zHvY<&(rCmosE&0RJK=?LGb*(GGa@YiD~Qtm@-
zX3DTsqe9>Xy>JPBV}#>FpV|BaGvkh{I5Yk|D32WddMHEbL!exL*Z*Ts-t0suhxwmF
znKOWbBcE1>J~x49S*#@ppHty9vKkkOWc^!efBz;!i`c2!>cxQZS314EiYM~CK6vx~
z>UKWuS3rAp{1`M;Q~4O>J>NVPzmgsZ`sVcyT-_SD>Wf@q1e~YisJoD7Q1Wx!TtALT
zjS(|zO;b9qF=|{q1L$C~<C<Wsy<IsYw^E&D?wlZRcvQINxG7j_ZzoQCcT%y$$X6A=
zCM}}DtkX*S1wM7HP=4MlOdx5)KeDeO@{tZyGuTVa>pqeTERK`46E+#;deot0+d1?4
zk>qm2;0KO4PKIJLe7X8fchs?Sj`FeWp{9k3!IM#3%Va<7IJvn4J`80fZya4Ych<&4
zlovAcDrejIo_<~BgEIt^I?t#i`8MebNf{u0wyV%hK2qpJM`16~d}<Y#+5Pil^W{c&
zVW7h}1ziptrZ)EPqid}BMtL;5{|w!0It5MtYtBhRA3w(NN1mw);L$S5)Whg9OG$(J
z2Zhm&lfY7QOc`o+ii}dSvZyMc&%}M9eeC}0a&w>~DG*LbXiRY8dTQX4gqq{%bHE}@
zlo{D&l+PGW1eA#hCk;(i4R|0>&1uPHlo<X36qxY-^3pOXk9p$j479Dl;al7i*HVaE
zv*<8Lp_J0copO0}o>Aguvrp)h`*!Ur+eOOnLq4!Y%3;_;+-b?c9_CI-IYt~os*vm^
zhpF*&+R#<^t|MA60`dcQUn&Q21YG~~@DWhx22tDgXIukH@OzUMa=4Vz)7EoVY{R4N
z@JKkMOeyftx)8nR4n9l4<Khzh!c<v1cFu}E^yD_&0Sa-a9PC*M>5Xy-V?(R55S~Tc
zS7M%4rS(kfrPj8Db3zy9hg>O;djWjnqM@~7qyzG;XDV0+<XtynaXLI0w=^xqb`GvA
zaAkEqAJ=oXr%gPolbhv}@)`Wpqe3*Tq;xqto2<N^y*8=xdg|I(_BSmjF9qd#+lk5x
z6HgMDfNdv&o*0sNa=?+21^Nt-rbnIJ*b@l%b@sXW8FaM+WG_C!?IvyCq!zMq<l2#8
zTiI$NP2I3u8BdM((0Lv|g6#e#?srs7<QMcso4>RqxCECuBIdV$`T)&8(D+vF#B(Rf
zsSl{8wZFKyVx#=W^pAZ{8^v43iZyPsVh(j|_Lt(d4{Ihnooi#{kRjv<Rajhf8On7o
zVrYDuFV_Oe4lUUpN#@f7H)CAB%x%Q*0cxrc03;#OH^l~HA-Qr&Rd*sJz+d19r;6O5
z+hYW_<F&KMo485yDZ02((@kHdxdoFaxu`TK-laqHXy9nJAxCowglRJ7gtj1s+(aB=
z_7Jut>dh(^8ZJn_06|JK7DpBrZEt$oit}(~>j0Lv9ZNfM8equYfY#=;&=w_bxS<TW
zU<c0l50E!lzWQl+E#(welZn+^G!3B{u6A1R$BIA6(FbxOYLMM_myx%~SD)@S8(`iQ
z{bp!F<>@A~VNn`W>IkegVFqZJpgIfRC*L?ljo4Gm+YrXy`iO>6^0uLs$<2h#i})lN
z5Ue;oz)ym}Kv<a`5EhViA86uYTa7AM(b(omT)IN=cHob)LS4U1K1o(kJ5i8`<yhr$
zIVcjA&lE{4pPmPNVMTpZ1d0xKeZ8h3d+iW{w*!Bav4^m}JMc$|KZG^jfj<o#o_7iS
z&#IHiEQX75cSl&S`RcKAVIj_AAm4`WvvchztNr*5G-E~U67eR($3x|KlX%l8jFTT-
zAvsS;3s*ooh%=9_l$<RM3s=5C73Yj_ucjQAoag04svl3nTSK$mdER@w>^zTp^1@}(
zf>DghombA0_t2ClHrk&_ky0kA>sRKh1>s`lcJy%IZKEFT7>|zJ^?U3B`fNC0qhu}$
zRjkalNDEim{N&$2{?#xcbpR)(;T2$QFZSWg03vKVTA(^+QKy}gJVx@<-$!_CH~GWC
zugBtSEE%%?_;(s9Sq=DeE6jc$&l1a*$D_|4RNvaEOCI@_kW3ms1^O|8-1$jVCD@8~
z8pS)%aT&5aBOO<Gqx`O7033HI6VR|Mp@8JWM;##;;EpST!KN-08(8tP&O&$8I~lc*
zxXW%r$Dkhbaz3$ujQzdl3$99uBM*X14aDl3G(ux!oKi^_0!=3Qqy9o|{*s`_Ql8v^
zo*n&^Nv}Ca?Ig$~9K{{SaD|q-Cot!e@9)8+{g4##y2jSvA(?b2i2cw8b*PIrl6?G%
z<n7BR+uxv#7)D#fpQA9WHT6U8d>0W8XavU3o6ry5EH|0|w$|j12L5h2r!Nl%C6GN=
zzAChnF#13zi{79(3~xX42HlTi_qGdpjvgV_)}1Q}<^f-<?!uu?l(aHazg*@ESf(n3
zNh&SO8tv+PsfkutC(M9)>vIPS%^!3uRYXk%mC>lqEMcJ1TYgK8n7!>aDqDkIF(N)&
zr@6_d*Xi;+TXO=6C$AjB?W<v7^`J9R_aUr!tg;;6Me7i<S<A$iYyG5rn?mwc0D!8v
zH5}k)x=E7uA$}tC#=7_1#Dw?6c4)A>N!1}F!m04vu~DVF`^J*dhmiP0foXaN2PVj^
z%897>$e{Sxbr@KzeYl~#tFFLWy;MJ5m_YY+jHa9Gsl>M5IBzm%i5T7>K7UDogc$}U
z9W#vQmm}NHkNubGhdptBT|eAj@mKW2z2By~$gT=aKfD2B27YEjD604e^}|^D-`5XQ
z82+k$I8w$rh#DdIAsm44I)vR2UWTx(;=f8ij31L#taKj)X06VWvi842KU~QV=!Y}-
zzp5XuUQ7D~GjDwft`9&6ul+mv;Y$7=)eqBh|5N(mNZB(X%7m~0!XgMuAuNNi62f}^
zze+!>wb54i-3DPdgoFHlk$zayJ><I!$s-`3qlsn)%!?A&2||!m(o6jy{stHRPrZc;
zx`dJ$kTKDEu^49qZC6C&TXa{1BglW|B0p~i3S&$=fN49iIQ6uPNLu16G;wAmk%z>c
zv*CvNuDH7~!mdV4gYP{MvBd(Be_DC1_6Zl6+e}R#cV@$TytRByH2v;oWco6Z)4?BE
z=yZhmXY8|RzEv)=wwZ2302rtEoR^n)%syv$32rr|ImpuH=stzmZjR^$n~&>qk>&;p
zQxv3s-yZ>~%UCg@%4xwPBa}Jx!l+Yb?7)h_SEss&Df%^Fo%rM(v$Y4TD)hNXM-zPp
zPX;!OLb^H&+ln019u9am!gYb*uyuiN9~dUG8xBO*1+oU#1(KCBa?9*Hc;oy>1?VpR
zO5MoX`1!dYn-8oJB$IC(7!=|64y+MG76|Mm)<VGog<0$+W?^(h40l`u^6fQKFfQ#M
z2FAwyQ7}G$cLm%E+)S4a=w++uwW@MRVC&**ne6!h$OHgHxqaZ4d6YM)POESQUyi9w
z1{h_0M_^^n>~YmDi&cv{HoyR^oj}&?9|Zh+16x5iP7trhY%+`24T5#YDHZqm(MU?v
zZis#V@ExDc`?St%RH^tf8`+-p{hH)b#!d}Hcx7dBL_<#X<9vM9c#I61T_j2&$T$xA
zR3_7*h{%$s&7TjQjBX0J-u&%Fa^oyS7}w9XKc3#oPh9ddo1gt9J}n_q!DY$WNo^k>
zsQ}*TeWHg$6_Al1Np}+?XM|g2U^WHJp#IQz&em+I=*Jjfu_U1vCrq@^vIIKflvwSg
zoig^hSO|+P@Z(N}pVEwof!U*IU{;6*X3HVzxw35ddDaC#>sG+erZw>3TWECl92%Xi
zN29aNYkd1qNf9+Y+bP30hghGbNZu|01IP#Z$_xG!M01X@HK#X=7g&sjo2ALE2_Fg%
z%YsEdE?(FyIf>&cKPLSuGK6;zT9Y|RO%uOfE<vY(hLh>7&{&4H^fOXPrz~8Sy`7NZ
z+AC<LmhX69nALMe41nO#9&L$sc;;jbkN|HNw1cdl&b7N9TS68Md_lQmpxNYBAp6&L
z$pEi`7K#SDSjDbL6*b>tJ6&<;MST(eCgtJp_yzboD;s~aGU2!Eg`{#CB`%}U_}Mfv
z&7{$k3>r<J2GRBxO)KJXbBk{0QW_g~7R4b^WOlB^`<iec5Kq&~=pzPro*npb=TemB
zOnLA-!l?5%m=?uq+Ag}#B-OORD?1j@%kyxl`5W804KjK3<l;Hp`lr)ekClfhX-7k7
zF$**31P1cdW1ey>dzkaFCXGfE7Esfe)bHXpPKG=?Q>QD@e0P1-mgjzIW|Y@wYb3%s
zYRhAhT~i;EU1^UIE42Y)zGBLQ21*OkECnu4fBDq!e%UU`<paW~c@IPHUTBwu7D*~U
zN8Fe;P32=9eA={i(|t47$>uktMQLU<N!s{^Q77D{*(5D^gCP&;A{Ti6g0dgMj<_L<
z7$w>KD`k3L^}G>b04!Z%mLD_QmoS2fRxOyn<n1*#bQUEca)IZGpu@);qx7`7V2P`!
zxTN?A+?d-E)EsB=qea40&Hm^k;D$iF&iTcF>4A0V+Br_dt4HW9h4NKlc78qxe1+xY
zE%cyEg_I<#wh@VuvM`sDG`RC1zQKe^F?99Tx@nT^v;xLIG&`ARvK>c-Zm|i7lr=q&
zhkhCK*%D{nf%(PW7`FOVRLBI`>YaLO)5_KyMTbl!slW&bj2w$jxVTh#Rx&lRwwI*k
zgScd6f8>W*%x8R;t}CFggwx0&u+=|+giSe~u<b-qPY;w|@lD@?xl9(G559g3nUD^x
ze*`Aulm^|gV`#DBBJXt4nVlcepu+|d{R|LC#Q;o*9r%#yEVPADg)Ys}0=kb#)wVr;
zf;~CQN_R|X88j1YxzTY{a`v*-0VIMwoEeDeH|!-TY&BK+I#bveQGcYlZy5Sw2Riq0
z9Nole&|gL9?Y;#gBG8W|EAD|WcEN1uX^2JW#SqXC7eNQM!z&<nqTMoNoTm!C?jhfZ
zcHty|CqG{>=I1N1Q9lyB?tH9U(g7;0_PUAx7TrMKMfPiZR*EU_WiMf%X@Cl9onw_a
z20Cl7r*L4tbvJe;%F&l8&xS6x99$|}eGV5W@_kP05@<{8HgfuIiuuT~bn&O;St+zV
zp|M@jX2D0jP)v8net3IRme?C!KN~6;ZIy?=0j<&p?8Zk8akNz$XscYj@|9NUg;r4^
z<6fw2ejy3`l2T&0DWsj-HT;W4TemWWx(4Zm_Hh+bha8v56m)b4l6WUT-ShFd?#b{v
z`4MjNRqptzOAa+Dh1%@{D)A$*EgSwF)uLP{;Go&gCF5$>UYZp0tqLP8bN1QZBf--H
z+O4SQdmZFxRhSBws*pCsIY{JNWICQxa3u9h!Y<v;GC0O}tbtL71KklUl&=eOkOQ`L
z=ep@IcdJR}=m?*M8I_qsMz|-YXeUiH(L(6ZMXMbgx(&L>&?S@rBx^%Ajv_?z;LuIQ
zj<wLCYaSfB$<d+vDt2#Xl?vl=^ZJ=XhwZoS{_3!e{qtA)7teir%4eMG!V@b#eVO)d
zVZPQrIB=8co^5okgljL1R$XM0$Oktx3|9nOHw+C8ctGtGsLWtZpvlP}(=^nkezX@l
zpa&-)LR$c#%~%;?LeGYX95DROONazRumSok$$}d@uF1WqoqzMER6Flmb$Ouc8&7?u
z>-%5Bu1}*~|CN5fgBpXTe5v0fMhk3pl^$*PjO0=HlDdu|3u$a7b7^cL-=wjX+(+YN
zayP~gkW_k`N|I@uMl3X*N*EeXBRU#qklt+=&m^5RP9cQGvq_l7nWSwSLYJ+s%O>y9
zqy^+%8t0LBXuOF0fyOTK8yYVqyJ%cQen#VE<VQ4KL3}h`Nor_ZPP{Z;O#~XRA<xj5
zC#z_@ft1jABPoc0Kp9A~5L5Tz?k18+FVP^1%%GRJj7;vLmq?1qIC_cRS&4;SqDNL@
zqL=83mE8CVUZUood`>T4!OM1fxf?If`~<%}t#rVMWR@K3Fi{gA82E4hggQqsI!ucq
zDZipA>lnu@*G<iS<0qIh`2Hq2*X%GYjb#6hR)ED}DvG3(YbjQTX;~!2t)(P8Oe-QO
z3$&CJhiPRb<$f(C)nO`+q@-$qq&a4-jsP-J0|XG$9nk>5A9~LQ**_*8PeQ5Jv#%P{
zl&c`g!F&(tVnAOPOCN>w>`r6a+ADGZNL1-ieITCofCkh(^>nQ!Q;wOV7w(0Z?wa$Y
zUYHW!&W{fe%ba;J!tIbaYR;1e!6F8XV!biGT{t1DAc$-o=Wh**etoc~o^pQ4buj=7
z6!RGX056^IsYk|yf2B-@2Uz}bNDX26??U<Sh=CZTcF6kQKTtner4=(rD|XeFt7<ii
zSe+nq;v{6jt8_ivm!qdPYwJO*B$|B-yWd!(2w!U?@|^BVMk2knCD%jT4PCJkkCq|5
zA@2HsWr!7xL%2TI5+vn5OmmUL)X`;XjbE_LhFJi7K!d+EYNP@L%gXNO`X+PcVOAke
zG!3`WdGXhDk(C*?q)PSPU!7dU%hLdGc7I-czI>+Y0%nq&m*u=z$r+aOV%Yt<s!vh-
zU8SgVb-F;<Qgu`BSJgt0lq8M_ciYav#IUR;EF@-&y@rilz%1-C;v%un8-DdwPt2=D
z9Y4Y|{#G$Mw@(QByr*{U+9l8021vQsw^%O+eky)4(NG`gHOZ}2pG*W0finSC;(61<
zVsm)DZ(~i^GtuTRPH)aW83wMbCNAQTn(Gpq)svs}oTyn^6IM(jWCRI>0&z`wRu28t
zGqHGbD=oR|B9{BSX|Z@boQq<5`f=Nd`6oZ|EvgC2GYnryfDbe50#h-`Uce~hKx#~<
zCQ|r#l&?bXz#J7Ov0uM7F5<W(PcC4jQ9$sYZ<U-3HfW=IGJGfWR2PEaP4pOw5%%;(
zoB!IYbgQ;LXU9uWYq>E!5o_-_<4ugT(yJYbfZvWb_C*%rbgt7UoRS;i(JrlVc7b#W
zwV<uDE7CCHsxI27;`^%HeDX5@3(q<IMnPZChlsDseioK(^6|;<<1s4DC$9jc2||}-
zlZDQc7gde{hzyd@weh6f>4^zki~(GKJpH(%Wh1nN#Qz8zbmfo2x`)LMW6cTgXMelH
z26_vcJiS?KT0jZ-bj=vH8aJB$jjk&DTV2KIY$wu>4|J6;bF8Dk!sxhx{XorpB|8Y|
z%0%e02?N~)EaDehZ=uRdnjycR_x#5=RA?6&zP^j(#O+YSdC}?(Y4QJ&2KU6+&J}e$
zj%@e%t%x-gJobg(=my5tt5wc0^{)QE1mqnWoUg#IFGY{rp>Y*y2i{k$3d4-L+0gb6
zz<L~Ey*LEc)3{%7qc1GKKl!)@DV}4H;O&wy5tniLPJR{z*W0zR<sSpr<}XEbrR{q1
zQ`vdB=ghb!^lhrEOgJMaz6{9;C1LS;wvdSD=@hg}#YSnA5-(m)6-;RRbNliq{wFEu
z>;J!`pnD<|^!5MuQP9`_KTkpT{%@tAyD4Sb`@f!oYH%L>5(Pc@znp^Z{dx*|;6Fh@
zHx741Ydhz*bxT~e%$aj-P4<$sLW$c7T_%;hAPL)~lD$&NZmHxIspMs;WV=-Ix>WL#
zFp+HiS;RAKL{W3+&#0mX=;<A?K<)}GQo)|On9Nk(oH>GLGUIt;W};x2uPAS1)Wysf
zuP3nIzYjOcrTO;$L}#gMtn8Rkd7W7w3t0ZJ@{#OJlSf2-R)Yv)@|cR12KJC&B<cM4
zygWWpBnGxd#&zQ3%4?pO;s)*ooD7s-imP7G!M*a+Xql3*d)=?TT%gfoRDP40&QHyp
z&Zo@@@^5D5us^`_j54`Rmdt-<e~^LKtJoK(qJd1TQuVMWp#yz1MoVS4;QoOx70Xtm
zhsHTUwz>=-7VPP;(oJByl{+%+o9__4dv9MGuX20u3D(9fR17NjI<&={p!bunlv4ul
z19%dES3?hYg?F(aNq9xLONmvT+M9g0k_;t(Kub=DmK=TRZCBpDCzv?`UShxhEV?i=
zcKp0wRecZlOU^w5Z64<t(eZsqjx=v7G_Qp=uLECUI=+W%CeCfDC$6|78?HTZ9nV1|
z2`?)K4T|g2W@Iw!4m_+(jTXA@)j2`s9nqVr;}>e>`W{x{qkKJ-{(HGq^zMc^ajRru
zt9Rkv%;X|Fw|AYT(%WO&Xz1s99)-4%xV>0wcFV8Pv3ap4zW8DBdOTZm@Rq77hv4(J
zCgpahed^Oq@$8{a-=Y~URo7isoo@38t@@uTrZ<;Zkwe(7BxKsz7oWfmq>rw4Jc_=(
zoO|Irk5<mr@m)Udh)Wgr`na%*{F4=D?CrKD+<@oY=8frTGjOlloi7Up1D9-fz9JaX
zxs)vY7W?8AK;x{}6==T~ZouUs(x<bCS5`Oz61Rt~{zDAz%Iax5l-G}|XM5m@-Dwq!
zWs>uV-3b|9LPzu5o`83cK@2Sw!*Ml!N!ZI)S3o+t#|g=8WmOL3GqzS(<!e6g0pLhf
z=UXzsT5<qV+5P$Pvhz3^078?UlDIaBJ1^H$GiqC4^81rNq|#_v)pd2VFEgIqud?Dz
zJto{xH?v|Vy;N@<X21U@?eg&4^@&(oqr@HQAedIuBure`!yQAaC?tvAMxDTl-Xl6;
zMA@Cr;~foXQr1-FXcg{U*ptK1T({XDF$$yY3BpLpc}#LPLUlWS0r~E9Zu1Fk4cu-M
z-L|q#F4%2osyQJQY~NJiTa<W23^I}viH+=hSuS{m-9MV$KSEqpt7CuLEW7)BDe;c8
zFr}WsDYaHl&Aw`NQfVJ=C{tra?v)tvnU`Z!=XTM%UAOsdxnyf@uF7pwox2g^Hvgci
zA;ymtQa3qzxbsLoh3T@;COc2Ht~wRym?)n%bSGSuo#z9WCK{R&nl-C&$S(<PlJorL
zX1LtEcp%lABfsBshTVVF(BI9S((^c^(c6AWn_SS=`po&jg^8^S&}ZkVz$X)1I}(}~
zOC?awDFFt+>pI?4COS{)%c{Jmbd~FYJv)V7`SoZuRjJnrHqm=p748vNorX%DRfTcl
zs<Y5P-j7uk8oq)1SXa4F8Cj-sA1jQ?oke<b8oE#245+a-rA&67MkJG+@WBuOmC!3W
zo698capjIO>OgN*qjng9Nmr?E7FQk7N!&5fyGO^?tfnfAW9)u-T?okq%>iOj?rY#)
zGEzTAw(bLnTyJS789*}K#>Bz}-OAU5w%fLD*;}2!y-+5xWzxcUnR`iEA0rjU4s7-q
zc^Fr2eGlml{7`2x|BKG@PY`|t;VgvF|Ejax1)&PUY6uF1FoYK&&^e4BwiP$UUFZ`S
zpSKf@@#TVEx%mL1{N%=}PY_VRUqGl3*K#bxwL&-n;Ut7p5I%r#8p4MV+8~^PaQ0@1
zJ2w|*6w0zWU*cm!IWf}}BmAb8)ttZsu)LkZy*1s!J?QAP>`q6Sqmlg)o-mMTOs&m{
z3FR2{p&VmID91!yRW-#$hg%KWRO0@(N=Ii|g8_QkSflc6PY5@A3vuO{N1(Dx0APMh
z6>dEA3kmQENBK-lPjqw&8E`wTd>Y*Pa*Up_F0%4Hx^i#p9`vL0)0gO63{aSqd&<)W
z^UnTi-e(5##=_j48i(sw&GMP2nk-I`pA<$81xT{bnDeyX>8obUe?E9Q&}(7$H?oJ%
zNY1@B|C>nedd`U*D;#ZQQo$ujxF~r)DU&$hr?;`yuTk>%CK5lI2@*kYsQw8ak-=?S
zDjyXu#072|YMR*U=aJwwnGMcuWmR^dch2n<W8|wo?~z@*fHnik3rXB|xsl!fe7sz6
z$>x{eKSW7f^W@W$`z7uG8bnbm4oxg9bDZ`WZ)5lSS<w)KxBaYm1BqD{k~&KDvVhXj
zZM8(=Ks*e0bR!|_hBt-r**zSgglvpmXctD>g)odcNx0N;LQe}5(&U2e**){4)UE=l
z-TgrA1R@FTk`V6r6>h^uLyK1=@4*JnPYGVZE3)7>oT%xRgx5C}`IaVyrGnj1l333G
z!vw@o7WT0F9{{o^Z|-A%ds<wzRp*;|o1+J4-WN#owrVtQt4{VFl-5(S7bkMNf$Z%8
zviCZYmCXkhE>yW!RHt9``gQQ}&9x?t>iLoC^+u>(K_?na2wknKI+56^2{&Nm1g=ap
zoJcrr(&(EX4Mhrik?Q$3KNd~&=E*HRXW9Kgv=18UySYwE_YUB=(+Yg17pdLnSYT)1
z;>6ZV38z)(L0VR)@V@9hpi#a~q<o!}@)dOANgzP^ZbT{H7nJgS0afj$l&>2p-;D_6
zgIw8^^4&nn*Nv3#i?S?rGg7^RF8~e0ashno696e8AQfB$biAablp)KEhCmwIToush
zUKoZr!Bb+MM$hMd*+~K&7Mv~TzK!_Be(zzNp@p-+U9tOH<>P>GCnsNvBH2k0@+5Be
z0P@l4wV&e1HCFt~;N*H~U~**u;W|F2Sz3hg3kMO6Lqy{!qH&ixPSPBmf)#SK(H!x1
z?v!A%b1nQk;;KD5AJ;X2R(pn^)nhQhQp^I(D>y(=?tq3<;;Mr%kDiv-z&twE@iE}k
zS;VP>8crS5NktT)U}zoygnDHFq2A8UR=GV9gxdT=Z4$Nl%N)I%GNTA}FCtXQ5QI9H
zaCQ)(A~U7~trZcYfLrL@{OCZccY)l{(*}dp&>O|4-H1;mL-0w#@}l^ZN6YCHTG2)5
z?!SXhGblPuMO2cwFN8ZZOp>_nC^9Yl3Nqm|S}_4IMxzW-QA@)az!#fed7w;&jPOv#
zj{ijFdK0co9N?Pwk`gW(6we0U(TeKklJ#-{us3_lq<H>*_HdKlX|;3K&3BiHlMu;Y
z(p84$8}x(o$^4kme3(n-n{*w&#bb|>ih+aNWRRRzSs;Nc77tT(rGGB8BVf%FGQi_)
zm!0jctHJ?-!@5`I0HY@w{0V_aa0d)WgtIl>-urt#uDXaSluc7n&7!^Y3<-pB<ia~)
z<XuQYU@;&Sz7^iwCUe&88o%#xqf`P!b1(aYKTzC*256^iWk9KS!DnS}7(ae#qR*^L
zXqF3z+!?_FIpCW)0-*AlN6Q6A0-sMzXoL?X^!PGk9KCd*1keAnop6LIOkyuCh@6-Y
z^KB=upC@yTK5K^KG|(K#*s@kX&)_^3VbXjv=K{f%g@Y1~-DE>|WgtUtfbS%9)+Xct
zldlO+?IBJ9e*F;`OOMnU9?6{L9Vt8g%7RLVT^JEEWIW<1@vr>?eq`?DwZ<G62mOY7
z+A0+Td+2Cwks-7|Zv;;Lg#iv`(LUs0DjgYu=@DQ^yB%ln#rMj@)Mz(mV>j0KH&=d=
zSXrN1>xv2KGeX(WkDv7*sp$?{czt$vkl_ttqp>?^#F*(0#$ase4(c&Z?Fs61j1Dhj
z<fCutKo*+Z>^_8EX86gPeLX+cahy+ZGz()AanpcePQ)!}iYXBd0_3BJh6WvPhRl##
zh)oD7F$wiptWj6WLoSO>7X)bPExhRfs(rib@m!s^=_g_mg5C8-UMs7+J_fHCywXSB
z?5RiasBa#~+#oj}q97jUCpz8-z>Wf7#}Tj<8erKPV5vIYn`k_}d~z!uT(8rYKEaQr
zS227%2oh`}lGmWvm>o>ardOA#kJo=cgFcs*;ciCSJ|4^CTDvtfT01ryu~i|C=?<o1
ztjG3@t!hRn+5Jc5z+r5o$qnxym|8QYQp*W`OcvIRXB-W}$b=7+_=M96z6TYX{2p(H
zT8zX}^g5afFP1?QTC}18G59pxX_+R6dRivePd=UyaMa^2Ot$*hI7r$^B1+i%{pbz$
z%<41?R)l(e{l8w3$qjs(2KjA+kdFq)5l(b4Gzh%~`W{mLb`9#KrD-XVof>TQ7TmsZ
zaiW1S$o=eV%jh1`WLtN&|9OD5wCq<p#M0voTp-lPjc|crACG|xg!{N2F7#0NaRgXy
zd<QWAK)DA%f!^m+AO>WBhJ8;M3z<;H9|^Gr_;CdMZS48UL6KzhDbxKh7vr)|Hq8yS
zpt%8sXl|&D{Ndz{X=yztCZA6D5IDFvIn;qRGGr1=>n>>aX{0b#rz^&~Oht=C+X<~M
zj~~Ww)-=$zk5s2QTAk)-b(;0m7eY-a+68hWRAy47GRZ?KgKdnJiB0$r#@XqwgTFZf
ze{%%>W(t2j;7^L&VrxwZ^wdMc>u`j@1frctYQb$^Mb!Sej`Arbj7@d?5vB>~_3=bk
z7u|8FIZ6GY6g8Yy@*{h{gxMY=dFs2-onF89Mt6Gg3G&)L@yZBv3}ldnfemyh9pb(x
zOa8##EF-ngl0!s+@`E;1*Q0|bBe8#nT1o!(!+pC={+l|B-pw<fc+&7|+~%|-L`|j{
z&sdTVm&IC^7`7U1ME={)0uFzdo&^l@k#-!g2OVxDfmjwj4S4t&z#aqn^EOpIrg_dD
z6h}R=xGACBXhEYz1`QF^Bu4YGL(goCr+XHV{VUc?m~hKiWMy{d(3M$>>`az8oOJU6
zAX(?eWgU(wgkI;&xTxX{OWsp#^>Vt!106~EoMZ_-WkMd0Mr3@c=p}lg2<;`%q6*Eq
z9-&E`ESwkn)dubqa(-xR)kc0ux0Ds<I(jxeQPoea%JO{+9*9_#-A6|0sa076KRaSo
zHodS=70$z}Xe`Fy_C`mK0P{#ktLD4|deqS{+)xzI3wQ~;x1DeE86Q9+!FKZ0cc@J2
z#*=1-76-s?mP?K~{>YEV52c`MlJ-LC5Bh*+ceg?+2`f+7y{F{ym?Bsa@dt8Ic=$}W
zM^Ah|qo5$N^XZVqHJAx$J?<wgT}y{WSV<7Q=T+V$J6j|@g4c19S|EmftNa5-XZf#1
zcj+(jElOk38^sH(Auz5fAyC}m0dyNkjf<u(#S=K<wVib2XGZF~C1U(CtjqJ=wr;y%
zE^Oe)VxT8dhP1{gtzp<L=#5IY$VEoElP+`YLe~cqeVL<u)^Q1~avmdJLmsOs;ke|z
zEcb}3F6-p80R>W!%Q`BTbQ-#W1N+dIIl<8n#k!1A9s`WjP2~SC(`B1;_L9reZ2k_a
zL5wP-&gImc0~mPYJjgHS89}b{rHrxxuS10ggRMIk_`@QgnQAub74>-xe%oiBD}RU_
zVCFcG0$mz(z7*j4n1qidM%rMMiWv6LXy43Hj;p}ON2S}#nj~@=YR;$l9z|C0eE{Wp
zlogcn0F)efS4AKA47&Sgzu(@ECsrwUA$YBUOBM;fXOV9NE?5GeTN2(6d}68MNGGtm
z)H8&A4a0x%HgXp=MU0RkXUH3jRVad?D#6eVttw>zLz!?D8}-8ohgowJJ0g$aTgpH_
zER*u$2e`o8J=EzKQ@#Od^NZC;o9!l?M0s~N$7J()cGE!>Mq@T~G5cBpqul%V_Nq+5
z{HR_!jQOKZAem?ad9Io|dyL?pF}-n|ADE6t`N$L<T4y&_#LI!=mt>t}Obbp&9<4^F
zbZ7?bXx_~DoR>*k4KDFnWWfydq=Ao-GGO#hBX5eTN+*zrTIXRga%yBRb>GvaSw?l7
zM$=}ml{brCYs|(b_)Xg!l%1FJ>n7mQDVy|BXF<35xXUhfAGD8)u;{12d0BH?^h3>G
zP>|hcoG*qM+&NP>aiP*sd2_lDD>{>76jSBRbin|LKmlv~><bS?EZ(cL=|vj*;y3m5
zxbu4|Z)O0Q;jDOom@>02E^`B)m{~-V7)-hoE-ZKvFZNo5F_2vtNpl%9iv;6B{KW4N
z93aoO6Fq{J-FKATZ(iITF!F$;N5zf|Trv$9^!$vvqm>;`R$jjylGhu=j#M$w<ZxQo
z-VP8mcCN4DZo%kiUUw(l8tDORlVvXX(cO%YO84CwWUm=j^~y52q>ue=iPdmMD(S;|
zzp&eQh|2imcI$-)#c&KiqRNX~iz?TTfGSS23w`VECgZ-Rswh7;=q90w9<)=Rs#xl{
z<g}P>>XyL}(&z{}>X&9iR$$V4O8SO%pUm|s$<aI+U+UTD;i8Dc==sPsV2vxpm9M~U
z6nYo+okve>)b{`8%T7x|6YoSzKd*WJyf+@-mx^|Pcg45Y#qoE?`}xUYNG~?%=X_QX
zJLl8&F)<hCG{995u0nIdLW0<#2SL7RPM9C@CTe9WVtUTVfhTb9<FVm?Zp{-4b!vi+
zPs{^OO_%|vCYFd(6AN`}(uh2^yfn>>d0IPK&rzo)O+r`CHR{yFN}ZZm2ArChBTh{i
z&8Z1>WkQ{rFmPr5ibs=D^kOo^J`=ad0B9iBE=n^CBXC1W&jrYn-*X`XCVbMMU0pDo
zd}8?P$9(hECxTIzMk~{FHh&%D%$M5&VcdEXvHRqc>f+I6^C<s*brZiNVhpMzv=z$1
zz^4{>LYo|a82up00lCL^)X-_TE?!m9CDQx0kXUa7fl#ln5>lp6=SU|p(hE%0MY@i2
zq;&Zc=o@!_-<%--K((L$e9ou*-PP^<XJ}a(<dY!jJS4?J(kbP~rOP##=l8>V5Z%(E
zK8(~UZLcHw`S1JtCtyr|4bs3i2wNcV5LQB14B<ft)xc?Qh43<jJrL?4oPy8}p&P=;
zqdMJP5FUiE2*TqK${}okum!@uL3j;9GXw&m55h?J<|GIi5FUi^FoYrq-+@pE;g<*#
zgo6-}aXJg(GK84-bh;D>Ga)R7uoA*12-_g+hHwZ%8-y+hI)L2_AsNCX2=^Y>>bnA9
zUIgI*2&oX_A$-xK(|ru#2!uTlUV^X%!a4}$5FUf@AcScU?tox!`f5AgpRcq0e7Vl@
zxd*t)4S&54Jx{KC^1jtiKKrfv3Z8xX+2__j%T-i7S1~kwv9Nlz>$#_%<yTd38~%CK
z8vd#0o*nx9q1CHbee229^D4e2JhSRq{%iBht9Xhpe`Xc`)ISe-JhY5wSFYOdsK7s3
zHvc){*_CSta}DNsOn8=m>X}tvF8`_L?tAFbugg!1bFO;kxr*l_b;3XDllS*Jx^-(B
z#5nLQ5Tjn~^6zvOT#P*iF>b8e4RIXAwGcCreCU#7&F{4K#Q4dIiYK2>eTIG}^~u$%
zpZn)05suWdC!bpVe*!gvlg*kw0DwbF>|F_96Lr@Aw*|xs8UZ<790UXe+os%?ZJMNQ
zAQwr><zkp7(>9PMA(=pn0_Bj^6%+)8-Bsj<by3lkLq({F2Yv`uR9I9*L_Api>a_wc
zAK&lIOxm=Vl7OGP>(?26{IB=ky!Za+{3kON+>H6)Jx(HGtkhW;E&|_eIgHVJaYZOM
zMvTbycm<shas@pB(H|U2@;#*iFNHFVPY~1Xe%E9{G$5Y{W^`gIzexts3B5BiGHR=~
za%PfMLnFfZ^LZLW$Qty!giy#I%oTVs92BfUA%yw@!AQN$tT*<}BqpsNwd@fUV(1)l
z`GbOx=JtA--skeW1*I)S@ulgEM&i{8b<1<Tp<M7%XcxrMyf-Yx^P=J!@)+?Nd>+xm
zdp*+yE!v95#e407i#)0Ex$OauPm6Xzx=t2?KEaD?l0x(yUb$6p0#z|?<Xd71;V@e4
zb~%TV%x*B}MJ1WeV$vAQ(K+Z-12X#dYniI?aeN@)^(eJi!iTt0-YsxE@<mZ74TzlR
z=e&O2&50!fr{yBo_j(G0Jeq(9J_-h*y0<(n)#?@akifb8K9P5c5=WHu9w9Ci4g~x`
zln8t&R|Eslj0DI)v{a%=i`K7i%hX#qO|2SX$TryxMvmOh6$SmJxP&Lf@u84VTIen3
z+~J_dSIqe!YN{Ypc_Mz6#HTul-s5wVN&+~!!f-LtT)96SjMg=cGl(2WOZ_1cwoVox
zoy<WS3VTJ)U&NutymT>migdcg<u47ONxQk8=`L@u7grSax#XTfdh)eO`9fka>_VI8
z@J}k#dA%myBil}PXOi7MzsLzbf4I1W3k7(WAi0aWo41a`qWz_==dT*u1-bHU4%y#g
z36%ExTtZs>{)p(7LDwKjq+jg?+)8=oASw_0_(G^zSA`OR56IdQ-M|KHoaXV@tG8Od
z0WtYPqPqdU{=^r+Fu+aq1jR7#t*s!cNr{l?`o)y*^!o&i6zOmj0!}0oYvij3*R|Up
z5PVWy`;m4FQ$4OITE#~~SpfY8ErvW3-8+e9U_F{rG&{^GK><AxtzdF}`q+L^nB2U`
zgS@3&<@Gy#P?!=HLUbW&DazDChG1kX^`Pyd(NTR<a}WE%A#&g}{%7p+upwh`OdA9r
zYR&JX`4-efJ18bCuT0FL8o5$`D#9QpQil!DcrCHguqL-$#!Mbp&>!*_iQH(9WSzEm
z?;1ZC<-v~VQbC=Tmd1t!g8t$lO!Dy{2+M1UTX8*wMVf-Uq^4SBvLT!@NhKwxG-=xG
ziso0QUe%)I)z_%5ZPmKXb#2?V@6fT+^}p$S1J~uouHCxd)T3vwn|t@UB`rNeo!Pfv
z{{aIB4IVOd*zjAkvNbtcojx}&-!NjN(PXw*N7?L-g3)8fjvIg5ZztUDoX8it+(J=t
ziD%MeZ>i58m=X+$;i=Qg%BSCP=Zu-N7$zfSt{a1H@1JHDrAnauf{+lj6iz~WGt|}&
zO{gd{@*z><q7lsM4}=3!o}8A&FcT#5#X^q1Ov4K7dRt_cq)!RZCkB4WHTA#q!Ci3n
ztU0+j&U`F=8an6w#95bOcGQ^^=NZjEC+bX&^NjFvjSb)@>a^sSZUITPXS_$97LZhX
zCdYZ!wt&k$FJ?cTZE!}XqRZkoS+TorI$nEg?XI6A{pna%F?-J3d3VkK-QD;6{@w)(
z@4J7|;s=&2eej`W%m47lKRx`&ibq$jTD@lNy7e12{`s-LY<m2OCpSO!^k1LZvUS_`
zXP<k1#|t}mRld0Ur9Cgd^6G1QU;nRtZ|px%_2yd#-+t%aLx=x%<h}PlIQrqSkB)zQ
z;**n~e)jnnr~dxsSN~o8^*7&s_x(S9IDO{qkN-UPKj$xdB8olH#5EE9tL^`f_y5Hf
z0<p{gE&QLKKcuvD2;Ffr=El*7GvVMUQjUX}OzCcSdbzabvYHsvn56q{+~-NR+RW^q
zS`)Y6Zi=FIAs|LFHR0lL2sh9p!d^+n2&|<k)C7Vax{)^VL01XgvkQg6u(Gxr!TY2r
zu0!%kF3BWWB!^^xubgBMKk*U|v(x^9o0nwd20c>DQ4$V@l)N#5+b1XqM_7)T{5~ne
z9#%qLBwpepdZHs5Drf4hqs$sJLufGPGC9;qp<T)c4M@QOM({%nNt5h>iqI4aLvN@L
zD_{(4f@!dj3{{T&%b3yVd0^EZd2cC@&e(6qFxK;qpQfb;LlnNPgpu^Nj`E&Ptn#lr
z#V&uRGgF=H+%W%quHo{$tcJ_CXzG?9u2){DWvWQr7ZqO+Md!lQRh(Z}&c3MfepaR$
zX^nlI!(*B1?_(R*^Wbf<<x6{J&W8E77B*b&m>gTb1t?ooue`Dz|IE^c<#+VeEw8Fq
z-YpQD|LioTYFpMYzkgk9{ntOnRJ(!7*J|7A^w$}y-V8af*5+-cz3k16`}sfjett{l
z428T-+OEhRgu4bQ<r2%BK4BU%a34~WQxp`0?0)PTIR`hcQ-xrJOri361fMA7sWTaC
zD(5PE*UG7BL60a<aTBE!_p*?1rJO1jL`V*Wa2M?KxWRQrZNAGBD8Ut_Y?dnLm+(G!
zsDz&^I77Ip4u??GJc`5bEAkX0FGbFCdqM#(U+$FlaY%|v&W9nMqH?E82#S>3EJ^~h
zoNgbPcy+{6KB3qzdU%nHVpqwz{=!L4+S<rg4}foL^W;r?xhOM(@nxbnByB6JlJf;V
zAa6}iNmB0im1hWTr7~$-o8?lOHXOudMTfMjWN<@oDc4_G3iFK~pP*r%Q_g51NS@P|
zY1o>i+Fb{d#&GAU6TE_0fA5=(N;V4o)C;oNa;B#}_6zdcNZRRykQnrrvsO|{3&lie
zJ2z#tywfKsKRc3AcHlcov^GIb-k#!!>~qyT3CM}EHj?Q}DezG>dj)sRBbZ!|SK9s`
zkzyCbn8kyW4I!OS7%narf{`Z?D<gi<xZOeNnzJa!<adX?LcSzNL%%wWen26lIHH~?
zxG1GqR7CNb=MHX4NtX9XHjwXV(@=05e6FBSDm@12N%}_BbkArytPCP_qf_i&0jr>H
zL@#TlJe+uzw6%+FITIRCnx5-8$^!!1CYSQ?dVn^RG;Bt#bwp+6OUb@}Fj7-ryTfM}
zX%|1FVFg5gVFCLg2FDn-G-Zs(Eoe*lpu=yX9n+k0G=(ugEeETVHOZsGLa^K_1f>lx
zpG!6k_4Og~I6SV&imloUTLT*Z>ynM-AuKx`9#|8StVfJ>O^*45hpkN+Ljw=dvO~!>
z(Ock~hLMLgk*;ASXR&kA4x84>*b>UM=uH&2B^%LumF-CQPM2)dn)rZh5Ypk~8mk@t
zh%1;rnhI7wC)W(6sHVX8LfstDh|)M9J#LUIk6kbI7(48VdJ?8Qm8yFPuGO?WWmmr?
zKYz3+IE^`@UlrDfZ(?203irU*VJ@WKD*_z-bq2r+OawBnlgk5u3aA8*0V@@{%|I3L
zx0XZ7uR{D7Pz_W9E89RWpaLrCFU12Bfz1HD30naKfMY-vun5R#BVQ*XpAmg)S$;%^
znldGi%2tA=qP1LJ8Kq~HLSIeSZwp<3YRYSeYXOx=S0StbRsvRF5uj=h8ld`G$U(?~
zt`hlG2s^;9gMkuY8Soa+@*rb+U<R-i_!h``o3Y8jpMm2*mv_*cfxCbm!1qA<yXd#T
z!@z!k9ReTV0#*PAf#k!OuYo&&zXD$XJ^qHZ4)6%@F3{=-*3iIw;Ax;5xcNQC3V?fn
z?Z8Q(-TPQC0JDH~z`MW|AHX;C?NVS1@I5g6C}ZWo7T^rf>qD$Pff>L$;2`h=(CHZN
zU4Uu8YTzv(<s+;ufC&J-O0WqyM6VPam!F6yV-9YD6+tu1=*=<Pr())8fz`*=SWl?1
zHfY6KquQ@yZCN|Gz60yXI<f27Z&+t`1LIg1b|dS`y0Px;Cf0-XWWCtUtT*e!ZeeLG
zon<gJ%Vd37Kh~cOU<278Hkb`zL)kDkoZZT@ST@tJ9HwPDrf0b<5BFULHiC_0MrLAW
zc}|`r^(yBGek$+e%N$1gB&VD|!fc?0K(3pXEV0X-YP;R&RBQBhb><)>@-<j8#6zCh
ze?a`?M!n79ROe`PPPG<ML#{!qap)6ewdu7M8$y#tn*giUXtC>^YO@8G9hU%~4p-BG
zQE#(ZY>DyN##tSSGv;f|IyiJBu9>Sb7z=EPILKf$>hm;6TQxR~N$=1na%F>gw8m(F
zXGiO8c7w&70BeC+Kh~<(I`mX8db?ed7njyK1qLHH^kz+tQBQSb(3>5XzzBuq#uTU4
z3VUvW5eXCOHvy&u$?bX@v~#L0W@B8<F2XiaZ`3<1=J>BCI}bHd;K)ZL0dMH^xtao_
z)JI5w9rc$Gn|-t`0WO2xYSfH_q2nC-#5icoNQ}c~k85D6p|?9UaVjPC>Ps8T6jrUp
zjM~Mh6jy^+m~?uLE&=jfgV|uur%tK#?F4vhMuVCG>5`b^9Hr~?jnv20Tk5k}Z5A|0
zlRfWJn5hZJ*=6dpCNN?utY%WwUSPFaY#22YVw78))Bz3V#CZ+Y{P?B?g~@KwjwI(e
z3aklDN%<N(DnxIJht{MS3(YhU%e1+97%_8manbm>FNIU81<T0zNTY_lIGd*>X9Qd@
zQj1kpLga(urp5@Dm^NekXACA+le-dSikBrWf7-PDoN8&cY0~vij3LhTW@PG>RtFf}
zjhZ;uL&`va{!OETVSHT8J>uA!mS{1VNQN2fuuI{$*zz=H!}z#o@rL+mMVO!-mt(`_
z=>Ie5ezERPo11E7uUAc*y_p#elZs_dwX_Qy`yQ&6P})5n&>&r8A6G4J<X%Low8MN6
ziScMBxk=g(R=a%{6DSkQJJxECJ3iU+c6B_Ykv;M_MAvSStCc<Si!ji>wOZb>?ssuQ
zWrtf~Xt>QtPZ=)axaj@$izuo*f{3TZC_DU8^<7M?{DdMiqw!}`jYs3rcr+f3N8{0W
zG#-sd<I#9D9{=G-csXOC<#IfU)eRX-EI(FxqV%!K|CNU-N+<fxOR|C#C2S)9OoBC)
zen&{Zn`4aLU8nciTQK_knH*lJgsDo|RZ(Sa6<!LjQRJ$WJo*_%D+QF_Mal24q%}%f
ztE8<8k4?$9E8!SL{y62@UM0VjG3o870B}7JRCH~o&{rrr&sM@YO8H!+e4Zj_G0+QG
zp`=$S`m9y1w?WC@rs%g{DL<r?x4%O6MZ{+ZJWLf2oLNkDKI*7Qjjvwmi$Yf^ar&%K
z6D9soRD2=g&6W6lQStku;)|l<i=*NXM8%gx#Z#2}FH`(UKA8Bd{N00o&&uCDXpWG|
z0^6C2+JO!s`K%2>Y6sQZn5s3xJ=>(8>#zj~J0Nr;?1-=r!cGXk+saf_r~43gMz{&#
z4G8lQQk|<1QhRE@g{kN>Ic3i<73t+hD7`a)a5`NdA$?&d8zKE@IRl~jWcKq<b=al*
zg?eGkLoVlH9>0#!I`&IVa(V2RZhk#8*8lf5@at#_*6)}qDY;4WwHOE|&MBYMMaf_P
zp&YJSCx^2iJw`(g%br;wg&RTt;+i9CVpXQ}HvouU3Ae;auTjFSpg*ws#OjXhlhvQC
zzAd)=nX9DOC`=%uj@*8PW6mR!j$~d)fAH|pV`mss&y+d8dqI9TNBe)g#wj~f_Zvi)
zn@;)(UFq-4M&i}aW6r2#s?#qr)!k>Assj8(Pa)NHgpO;vq(ig};`;_Z;r3vT0@?#@
z02R;zXbv#o^h-=t4V(ZD169Btpc2>tYzLkJHUpc0jlf!9CGaq?99Rl004jhoAfV8f
z026_+fDzCEgMdCjPoNvn9%urb-i^7rNv$u))-;+M>Cf0+nRHRiQV#MR$w;g3SCakD
z^XL03>!EDme2TpOnvHhTURf7Wd!D7NBchLrfGn^2Yx%t*tKD&V{Zw~({KsG?_fL6k
z7Rjq0r!@(EUunFu9$H5I7I+)@mez?di2k~i87NJv<r$)^W2edMHTDc}5cq~>3DBhj
zCcqo*;FZbQHSyP)*2d2^uZd?r+@dCKed(H-c(?CbMdB3?EpHo%b31l+kmF5u?d^15
zKZ>vVa^L<=yAPVPx#|^L0=+jr{_-Q9?5YXpx_{E~K1+vFbF-&Bbm&3t)lC=ndU8ef
znO!S&U(RlI|Li%>X73vI&iVuA4L6kSKA7!)<=BGHEB59+w`8Mc$6b>PdJJCpL*Uq*
zIXgbM@93FFemphvu~FJpC#QbA@0(uf^Jd?q>#1t@*y$%!AHTfktnSo?x4-@2)JG$x
zKX^bd?0a?b)$5;F+2P|gxh;iuEyA<sho|n%H;v6Xv0=&Jq5Zc%{iWTs;gbo&U!E}Z
z-W3mwKR;o8^(wB?v2MXY{>^juj=%SC_X+o$d9V1f2Ty<7W7q1}CVWugGw%J<GVb@u
zwuyVXhspFe_PwEek?+T>DZ^6_tqIV7r?bYphkj^TxXjmT?)O<Q9qc1?I6k)Bwl}}d
zs=B7@yu40%n_k}VRaW-;tsd`_O<x!||5R4r;X87sfAY@KUGILHwfo$;{rtRZr|tX8
ziL7+vZ6BHT>|FZb$-P+*?6D6G>)vRy^N&wv9W8!t>0tfiou4|eG^<<JSB~#^Zm62S
zcX}3IFz&^fPucHm^}I9d&{ydTo9%qyuIql(Wp&G1_xa#;J-(Q=@#d@<n^v9J;l4As
z>Vtw?U3WCw*VQp??)k;Dhc7-mq{DPqcdfc|)37f0yg6u2-m>lN+@YcG-#xZ@r>8#q
zc>em7p|8x-=UlP%58;9Dr48vj<@&d}zL)uxVbS=(>wmYia?Fu+bJnlkl6k!3>1#LG
z9@UN8rs~t(aN?E${Vet;_D}A9|F|Y=E06A;@#AN&bYAi4-Q&kB9=6Lm_r~_-kwW3Q
z|84I)-<nFhf4|cc5<=)LganW#;7%nyp`#Q-5kXNy5fD&9vw@n>QIH_0AdE)D3gbjT
z#YzAbP;?@q;@E;%u*c4f%AELn&N+X<d2_DoSue8R<ht(MYkj_Jt$Xe4q_pl2WaB2&
zr{0hD-548&KRh(?e@-%TLg4?+6><Rle^fgRnOXbm90VqU4d8Rok>*01qD|AR=|p-M
zT|$rJByy5D8Jsno0?tN`oKwN6;q2fvarScBImb9^&MD4$&LGE;%iwP0%DFXM63?0E
z!Sm+PdA>XW&yN?v3*$+6al9owDKC|m$y>uK;H~G?^7iu7ynlHJz7=1{U&vp{FXXrI
zPw)r%!~7fkaXuhG2uuV4f~A6V!D>Ob;EZ5gfDlrI9AS;{jF2RnBbp~l5UmttiMES&
zijIpkqAQ|5MNdTkNsPZ9pG1Pq;2H2TI0`PICQ<XLTd7LwF6tqwntFyhKpm$(q`stn
zr2b8X(J(X<nwWNgc9f>3U7%f}U8RlDCTLG-FKM1kHdDxqXD(xAGYgp|%v$C?W*74U
zbC5a0yurN7{LK7^iC`JA%vd%oCzc0GzzSq7V8ydmuu@s8SsPh$)*e;|>jZ0nHOKb?
zcZB<c>%>ds?dKH;wg@T(dj(yBg~9}3ig2^AT-Yug6}}LnMV2C(Xv?pC7~)%OxTJtt
zU>Ud<)Pr7B26a9)mO4XU#%N$X<Lu?~`4#*+{yBa>|0@3`{}UfAzzeJeB!NJ1Qt(#r
zMF0_EgbqS?p|?;ZoG+9JGld1ht-?m(ap5W9Md4N9T_GSshzN!?>7riIWzh}MxahIy
z^{<Bn{*yC7BxnL!fm~1whJlO0Y%mWj0!zSF@F3U$o&*QLVekg{7dQ>R1OEX5sxj4?
z>Ol3Ra;Rcz1a%E{J+;B$>p!WtsrRX~R5*=HW7868!?f45FEnpDlU_`(qwl2eryr)D
zqMxU0>5u5o=&$Jz29kkiSTO7v6oxy)hrwb982*d}j2OlWMk-?!BZraC*udD#C}Y$x
zni$6!XBZb5Ba9o2dyGen*Nndz|1wONUQ8M@lDUal!Q8>TY>3rgOajZ6HOCO4C{`Y8
zJ?jAL6YD#R=_~S0_m%th`+o3+u@|wIvNy3?*caH>*nhFjIrawX^EpMFS_AEYyv4i~
zyp;xi^LP(<Pk3Jp?Aq{M_#oexzlN{jkMUswJAtQQo*+^XBd8EG2<`~Xg|<SPkS#=s
zJVm~u08yAIMzlgyD%vJ$7PX5`i26mJM1PBZ4QhThwoniQT7YD5slmUe!9NXNodr=;
zyuqW3sfpAw1G(3zkEq|M7@7}_K^M_C(*K|j)BmL3r9YtS=uhd!3_2r<5zk0uNDW@f
zU}Q67i~@saE-{7~qYN#B#q?t)GE<lt29{;adgeLiTLZr{%pXjE1!tjII2M7mge5hQ
zo59Lvoo4m1CRuM;fBWuaA7EE-G@QE}A#WkCnzxIm;vMIm=JoTw@@9ExK7~KmpkOI~
zw?VxWfzYt`X#q-DEUXf?2!9t23$?-t;d=wuE+TIOWqgsJNFrJ%QW^GtQ}pZq4Sq4c
z3p@`ZsS6AW9jCHs3u#hXE6tovrpGY0Fy=5t?D^bS?p5w1E{ccaQFuALL%b8bb36_2
zGVdzywjqa@^Ox{f@Z0%E`D*@2{&|BQKmkV}5?mJiDYz?mDPRbN!WF{Z!h^z>LZT>E
z)MsG**P!cHk6;B74Roh~yTRYUqXw1jG4MJ~eQ)se4=O-|)4XXhv|QSHS}{#dE2CA>
zYG_JYBkhqPKTOl!(Dbx8dXj<TQhF7=hOVTapx-w{!h&JLATr1d7X!au43M#rAve%k
zW#IJ%W0nDDS~H1EkjY{OF~bbmWeZcu+|4}1>|pj9ICU{Fn#}s$x5xLaug<rDjptf$
z?YLyFE7yxl=W@Az+)(a9ZX9<RcO`c<w~(vgZspc-cXIb}k8r!WecVgjaqd0tW9~EV
zcP^A?!P~$q=l$ea^U3@qzKk#D*YJ1o_ZmEPkB<?k4EZNds2BE&{xjf<H(Y|ig<v|k
z23!xy!CJ5pyaX<zj#0<y&*?LCONJYR!w6$6GiXr3u=2&RE!acsqa1(3XL`lea{&Vz
zr+M-GNI{$cBYZ6^6Kxg!8jSsFh`c}==np;t{|4QtJ=8Kr3!}%k*Y~`y#`lu%u<xj^
z)_2@@!uNq;&#!&^+4tDfYzu?>nmB+80QkT9Yr2kM!(7TtV%9N#V``YoSm}lgyPMU|
z`iF(_eeOHs+ruvAR&#fAhqw`f<pSleJ*odEjRK+6aH_<RIa6ubv;spU%M4L$G%(gq
z>!f+nK{|u3<39b>Oltn~I~2b(gJ!xj1DT-)y;L!eFo&7r%r{Iu^Os7zSRhNnlChL5
zHEWcmW$9T2U(h$)SK=%4t?^a*{%XDreebVU)3Cx3!y0N@53QGWo~AKWmtk5By^-EZ
zZ>M+Cdkk6c5`C0DZqV>k`WyOZ`VTssfiv(!G_d2vU@-WM^=uhuf-}vT;h?!TT)x56
z;arJ95Aj?nH`P#a%eYmBs;lHSa+|oVTot$7z(FTh&F$g#a?f)$1|EjFqg<_liV5xm
z?yr4LbKe+Z^_e?ks7C+~&O;kiMKF+J!z1#@JQtoj&x;50#Jo^mxS?{#^5P9O>sRg0
z;AI;sx0IjC|L<Ls|Jr};zxH4Iul?8l|F)3%!E8=a50C@A_}}+K3C3_MJjMnOb23Jg
z%@NkNNE-_yTRWVc1%hIWaI(Zvh{hBvQ+uK*(ZSZi%GAlh%!y<>hm5kM7!#dPPEL3y
zCo`gl1<}QhIM?3Z$=un~a*m6g>s)&es)H?P=}L2$>tP=@*U8RjuA{4yr<b$0o4c#G
zCynl6%k;EoxXfeBrSiP!-XM(uIx=a#d^(HIVf(oH`?v=(U4l7YK`eR@pB^OO28-Ri
z{k@sNphEzIHJ`~2<gpj<S<wQHpLcK|BRG&39L5g`<)%gpLxcg61p%Ch1)SJGPFxr_
zE=G_T!&w^74+@wc9=ITUK}2M5(!%hRn4qwPz_6IG$R**Ci-J=UBGMwFq9bEd7R5v@
zjfq~A5SO@QQ9|s>B}>zi!}&?k{Io<ta(GxuY;@)#$;zd%DX}SOiD`Mu!*dg}6O&_>
zC8cF2i?UY<^3wRLQsS~R<5QC}vQpDiGqbWYGxJhn^0VSMW-ZQNnUSBBwJ|$;b)Ia^
z#x?8n5{fr0Ey&9$%Fij<n3tEPC|q5!KEJ%UsG?-eqLMYTvV!>XqL|XcHRZ+mJ2n)T
z6qJ+}S8gq?D3a$Dm29gnT~c0}zpbpGW@}+X+1kc!YisJa?AsH&t6@Xyp0x+IZ)w|6
zaA426eX0#d+BbC^+j6F>sH&`T+qUX$)dzM|Y;COBx}$P`W6h!M4RzJcO^uCpEe&-o
zE%nU}?Jcc`+IH5pw>GGDbslUv^xJ{Dy={l~9zAsUKto5z&Z7s8b#xr-I=H8+b7yz^
zf$q*@ohSAjS9hH3-g)lao|E0j&h`9$>fG@Q=T03zG|+Q=;7r$*v*#`io>mTCXc|1(
zIe7l$z=ccWeS_!wk6aw+A0BMJcC~qEuxIqzAGd~EZeBhyKKjSqdpqymI(h$I_t2#)
z*RGD-yfSp_`pr9kPTm;1c6WUI{{6f6?mT(;@X6GJ3zK(mJ$X1W`S8i3$+M3p?>&5?
zdpgzkd}`v&t2@u8p1*qe{Nt-fAKtuv|MBsA{f94~{`&mk)vqsA{0;w~nHpu*A|OY$
zA#YWBMgch?DI+I`LY}`S1@Hp?XUd!dh|#lvF&dNu3PmXj;cjt6rW;UTD73^XSzBN=
z5+57RmI9Yc5dn7NRi^txlo)TPOTFMz#cqV})z&j(<N-K4zv9w8W!mKmM`O6!1Mn*;
zfe~Ehgn}-^=F7p6=quS{7<iClkFw;-c59+3P73TmT(h3*m`q|*4z6xAfnrFt_hO&k
zJdisz=FN@K$ZI28wi<W6*zV{bpBxI#hlVaIaX?7*WQogI6K2osYVK|wq*OtnKWzTc
zJ*-%7;_5wfFtQ1ZmR;3Pww2dddCP&Ml7oIFR>H_ot@K<_jg{LH_3#fMz5jqi?bWhb
zqTeUfU2}G*{I|ghb2s6vbQm+17vARDs7?A*iGMIUciN`OzM;%Hvbn0*XKPa39|@;F
zx8ddz)j*(We4wJ-g409p#}s|`A9g(5>jz)ve*Hyj{%u?4U5L$$#y@7Ct?CjgXv55d
zW%(~tWBs71iYr?~%7^=xT`XL?1oHgCgfrCbh@#qcPwKz|N_3A@xm~rYaKx=s{1JgS
z8(&<76^ox#;>*DU;XcwwO0iMWFhIh3^@>pr!4^^d$fnO-HPq^-l7m}=n^`Lg3lnym
zZ}M^l;10y|RSl3d7u&(Mp_>qlsqZj3V0Bz7wAzy6wRNdc)n%}>eMfN85C#KEGa`){
zmF8<dzfE1@H)~&$7ltFPmqD%e&5U80_X&eI&dH~$Bq)*Z-jCd|S2=(osr3+a^8=X%
zW*n+)Hc`%KmLZ6Vdbn%c1N7iVB2fc%fqpg9dB15JKw4!y<znsqLZbq4Q<FV_>f+I}
zp3u3CdDpCb#$5+-LVbNX?o0Bd-g<K}^|D3U&T^#7`?M%4tIW@BH(V@Tl$nv?Hc@^s
z((K<4I@bPtNkfK@nuU?p&1lLDFC|xvS0{Ci&g%m{ZF35YPbx!oJaJLLZHQnHb=`w1
zg<W@Olpn$txLJ}zwD^E9B{H;PgbjN~gzJ|0zrtvz`5%WJHxaw9TUr-u{87n{D>G-)
zod3Am|M>FkGKHNNS(!3sQmpegjSf!?#FFB9A7M7`KIMbBE=l%D8(@3?`slJOZym;K
zlOpG+P||r)VdbJgH5LIgV}Ha5A;*X=KCAj2pH?l)w`|?3LDqq@)s7XzPGRK^i89Dr
z8~C4!hd%7r{x(5n0unMV)+}sZUpoz%$ocA?hdAc*^W3q5Udh>G*MC<9_x;&@gBzJz
z_mjW&H|%zZ+m;MKcXknEjyf4_YeSAaR(Mh~@^16Gen2KCdwAF={8BmFEUr40FIU0r
zrqC3Q)^B@mql`E{vy=9Z&MQ5)5`Wa)A8({Ea!S<Y+e-#8SIIT2T}o|cuewv_jFa2^
z7A-VB0$lOBs7D+Pb;90B?q7{-ubB5h%AeT(aI%R-ay3%t|NPzxybXp|ChbS>$&!9z
zYoXoi{fq*o3N#lK;|g>z$7ziNRgZ8^)#X$2o5}XFK~$)8)2XiOxHheo*Ln(0)?4cE
znOsv4|8Ymt`F8GDKR)mCepr~jiQ_vE5%Htn<ia$<boi^nc3979@Wf*yRdA-N-z5D9
zfC6QMWHkksK3d`kd?+8x9R|XAPklspiSS{-+;PHc-5$ET)tfNr(eDo)^HtX%d*9{!
z@m&l}AZ%Nju||Hbtjz0_rX;OeoJ*TN^pB?66P}&EK67?@(BU5mI-xV!tWg@|m3o4e
zFp+Hkk{s;4(b<+EJ3x8`qO9N&?{_ufMim<WyEsZk@*FX;L>@@^s6=hDY9nMz0&LI<
z)V!L>T0{c`uN?GxM?AQearGwDMRxLrgPGDyC&zImXYG>#o>vAG`(_woT|8M6EK9YS
zRv|?yf748rr-P9xHcYL87ChBB2o?{)XKS~gPjp2&tyA>vA9cSNpg~T{P=n$&LYaPW
z{<nW>i<+kJ8>)i5a7id9cR%|XF$zqkmeeo8uC$ZDTyRNf=k|98iiVGnUG7z~+9z=t
zQkb1qSxGJE#~)c#N*YsD3Xf1a!ZKzR80a&(rGqX<_>9QDzlT>)a$-y4cOsHSMo_2a
zDJ%2?sJ-IKc{K{-ED6j}t3o=Z>Q1g59<Y9+F9&NBvXiU&t-Hw3t`BSFe!l~619$nR
z%zA7dR#);f{K`=76r@q895qXZGA9BY-t?k;Tzn(osgov-8Gbfx73R3IenPy{bL&QJ
zS?Ahs*h~$C==!|8IycE^fz+m)_n_o{a*Xnlo$3wr+v!tRBQg85fs`M*N~M**$<bk$
z@x2Xn0l&>8bV6>YBoEzuu0e-_C0MQ=Mhcu<<E2v&edQrvSSm~bJN<WtI_}=cjYFnz
zKZjoBIe4$??Cml6EchdLyD5=u96Y1I+ktz@RVhScuuL$TG=K4f&_!qo#Gyb{#?z8R
zP{RW*Tfw8Q1?zFqT0dO0+U87`)F@d8y?#tqI(%J@_ha|3-YP439*%e0a)8Lq-3BqW
z@QQdJZoX&NR@Z060Dt}X%7@dTr>1{?C^%+*{}^PqLcMv-<+*zwK9&&Of9vhcvCqS+
zz7!q!_Ll_!P(ZK0RvwD5swx*bO4oCQ=u+zkZe5Sb3r$mcBerQq0nm+%?vf57T7RRI
zxv!*CJ+5Z9nwj-ARR+qT*Xw3$EsCxkTm+rJAPm0OT2u4<5hi`Be`9jPZ#|w+kNn7U
ztJ-Pe+ou+Zpl39*-p<xI%U1WGRsF7IerVLo=a|RCL-T^k^6>FN$0Hzwrl;b)(JIUX
zbqI5f(zvKM#q#~GV8Iv#sr@|S`c)`~hJO6~QBwSr_^KWf3BVsuxSAAbV5E;yG$_*m
zA5NSVL<OU~q$?kX)(=PTUH;()`U+o$irx0K%gt{7P{{9Xbw^ce^thlQ@>^2zvcNUF
z4<Eh~@~mEt8JL2Vt-6j#OSZa70$PX`?>I=ZqF9UHI&T7rR!vlRwKbnEu^D6e3@dO2
zlH-eW4<l-_A6T?W;3ie=e4~tnD_JK2<Y)*|ES8Tu$Q^9s{eYMuEOH<QqCNZu;=XwB
z)5+OeL|6uZbyRLdg)Ul+M-)H){wRhJNv+Pn&!v-X%4zMo9Jo|!6!Rs(=AwF0<%JU%
zKRLujjY5h2kUIN2^_Xm>v$Y0_9YC&7qMGDJN5tsIL9x}hp!VSAG=B%7nGLdjg}dwG
z5)e@&fg{zB1j*)OUC?kj(3w)~CPpvS0^-R{o8?IN!I<@BkOC=8_KX*=UxZR2>(r=b
zLd3xx=9TT{1-s2{$>;$xwlD}?u3u6n#db?!C<44yZd5Kqd6XkMm1vR<?07P-vlQMf
zH);r4gSB8`2u{JE7^y=Hk+GWqOtTVmT8!(`R+ei~oigkhJ!&>k2X)iIgan$;i8asD
z9WG8n<8-u%Z-@(WbdZL<I+t^9D5If^cblH&M232)AtjQ^lhJb>Ww5m}L|mHpKz?lJ
zj(JYqPFA~f9o6udAhc4BX#g>u2I=Y%8FB<oj_55z_(@|9-I<30pydQsUjrbNp?t+G
zOARy{gq?CC*(hCol!yW?)I<Z_tmb!<>4U>iD<z=#9Jf|snVb(vjalO}1x+W@8uPg+
zp8&y}LK7J@SdLslMuf$2wq+pxC`WK)P-E>Hc~54a0%?P;TlI`H6VLs95Xd?SAxfcM
za-uVal=cMLquAgrg|CpHw@l9&0cYn0sbE|QT%@7~>L8vHw3iZb?Iz%$LMDJY1$W{S
z>4LW|aY>gUhmKh8(aaqe<8G;qr^L85GWK9J;rkBro*6f!wqdv|qB9OjlMvkW%5~!r
zC4;LM3_|`IUW(GAGL(R3t+2R<sJ$gx^3?v-Ak9Px*^uf>)3Bq+uwW^o1s$HLF?O@?
z-@d{BDbV~<imwuf-04c-e1yc_hWw=G@WC<>02gZ5!7^XpOWxN$bNcop_vn1eb=Zi-
z++F<+6FrP`46%t6D3Gl1D~I?!<Ln#c+9;s~N=$|__|h0;+b2|)4i%{7r5_A&&_^!6
z!(X9+7dB))oNdg05Ic7zvhG$YAe5jA7wtWw#9dY5G=Q)hOli>@H(yGBslvZkVx#G#
zJ7dIRJtCrCz!yVSGp!<3$Y+*<3s!;$xv`5I>}l=9VTH(H$l>_6mJ5jOau>uA+48K*
z5L*>$vj%!`65=gaby27Z2a)kW{js<Zj2zLbfu2VMTWaA-GHEa_WOX5A-{czhP5Aex
zs8tP^b;?EM0Hy=P_Gys&r=YrgRPhX=ybV&IMEJ;L$tggQ3R9s&wW@G~N?3Cea!7~b
z$g=L_+lL(DoEivr<_bEd4rP^#NQKs<5=dgjQm?NqjylNLNb=85hx)3sm!CR38+P>Y
z<$=S+c5#n3w8(EkNLo>vWo+6rTE#~oLXFyZa&fs7y%lJml$g9$Bcjt+duok80VdDM
z$A}w3&)Q-O2uP(8%N+J>_Cq}ejmMQ8XBQYxN#{e>n&|cT=0>~=1Ft-UwAK?lpHLq9
z@6WVM%<)X@Waa3nm2F7)X;&Ckl6l$`9z}pBNa+cZAetPKKt_73L~Yi=M%)n@G?<qP
zNvLZ3&=Xeo>PQPcf*B1rH2G&iY*sgN^-jQ3j{71rsU%QOCm&uQMo*HFNm7&dfXU`X
zr9Rz|<>H1EIqbkcz|=5wE*bHtqAiVr5b0rQB_V`C1Y0=^^(lh-LP=2|B3h52#lVl0
zY|_CaAC!emDncF<K%HdJj2*;-(_XeZuSeC8h7#AdqYyh4T<?ikuB<s#&^n1k7RdP(
zN)%@T5(L0YWX8z^m9*^ev%A@fN^?6s=BwOfR*64Hz%ExA&&o~KUo-ip!atQ%-2(C7
zB*uZDBZsy)OEu?C7Xzb1yc;melEH#>h<mr}%A}ZN5ZMhPljg!?Ad*W!L}?I-;-Xa@
zogT2({=Zv74rbpt%k{g=(51Hg)qb{ns&lSY+>Nsgf;#hOce3y#;{gpabSQ#%EjeSU
z*QM7H_j@wWbcDaU#jysItJo2gZsGjd2J>TM0A9Ohe24Frt_$<JEH;d}Ej&!<_+afd
zrTBhj{SuU|tD9YcwfPo^MdWESf~nmWg+&XM@Tu4Q$8%e!Z)FGDIz3}@-Pe)a{c>#w
z`o7wmbx`dJb4#E1yFB0T_H*01zj^C+LrP$aa|qNvFgdS90l}-i>J%E{c{{`#MR>o<
z*R>?4`o6`7H7^v_&Zu>WNl4=^Ad`T9CB`yTkXoJbd%5vZ9qRT<fS|$*{DU%*BkoH~
zPHP|~1pJo~h*)g=9>nogc29V+fA5>)_gmPUxHzxt00nYVtOH*`))wedN5}}44J=bd
z*+l^|CFpg@z<kr{xiNjSRNSB_kI)=dSO_uydIxHY<$23dWdub02Ovg*DFXsF$e=&2
zA&!dUPbiJ%ON*f@I8cIY*5EpoFiD6td@;dv{%~~VHuq2BiPMy;-*S)|NHl;n`-EIB
zv+Ua02UV_(S!ZV=Mh)bVOq4YV1UHS`$T!-eIhPbv52Y`K(^X;N6gzshuyP=Wk{il_
z!`Vsp3qS-Ngk_yC8h8RJ6r){MqUJHFO<KEBH7Z_>TEw;9irTmiWw$Zk!ZCewc*fk3
z{lvg)UM7;I&gl+G0J<U<MFTS0PP<XXD7KhTtT(=qZ5N{OYRMyp(H)n?&4E%zn)F5|
z^s`1Q0PBhe6!PxEJN?H$W&pc9Z#+-Q_4(*zMo3;X=Cmr>-4Si}TdoDa%Y|~<iL7v-
zbauKDV2ExudKEy|A-4G)-hUX=*N$uk5f09{s4h%^yiRtz3~^;OUQ;}h>wJ8-?Ufgr
zJ43m`XwKkHq5~Z};7?j8HqH(A^U#v-Bo93%!d#X1JIs({Qmli@Df%ZSTLvW%BJ5OQ
zLuK1Yd9uEAK%mA{kP#$__lqXfT`6vbnpg*Micn$hX>k2w9Pfa+ryBLO5)-YH#!Jwb
zl(+_&Gf5M;PSU+=0J%wnjMG7}8f~i%wNdSQO<_JyA+sE^^?K5GbJhwj*8Mh721Mv!
zSu3F@2cT(6Of-Siu$#Dz7B&eXk<_Tgx|;EikZ>jBW`(De)#4ECfYBoFOPU)LoAUNU
zOSRYzJ?f$aj#4!%)u;tpbOjl`O^Jxno!qQNMJb`1fVzmPO*YCX&KO`zfH#AO;*^M`
z8#x<vuun;IJqQtDZSdu?;63!5?q+A4cFk)fWY<R2QM2T{eor?&A}bpauYyNOP!|Z;
zrRwT6ekik#>6Qmue1THaRqS+kXvicy;SSXE0C&N|@b%C^iE=@?e)6=6e*p*_2XNI=
ztCo$?P1=AHddLC^dRMupu?(Q;G37eQyqnNjMl9Uf8S?26R0Y=VoAS~+;W}iCHv<@@
zW?_ZK=+(fUkZeYJ{Y3Cvr!70A3#4e@Cs2Rz*t503J>$h@$KdUt5%$3E4N!Qi7&CZ1
z(5k&T$vbp79)i?MZ|perG>TxA{dn|Pl@~x=p~PH}W3u&_)w$)(Ahuew=!9x98)!@Z
zRP!Pq5R&6hXppyqS-xFiCMw9D0}&V%{E*scjnw7UI5z4@#g0OpQi<FQz;6#iib`*d
zUfG$U84FZ+lk^0m{ZNq>K<cXAth9Kze-B!P3YKVl`wP1?=q-VFz*_Us^zdGrhju!|
zCOCDo5|t@NU)ErXK<ub^7S|2dFw)?`s<N?b%Q0eTvD(u{^1@4xn!9hq{%6Ox48jXl
z$Qb#ESc|<vz?Mn&nz@s^#Bg2pOQTv*#dz7fa$te<$pn=}fx!=bTWS04^Y3A`JDr1~
zHOLpKb;m~F{;K7@U)*lD^={opOBkZewn4oAMto?r?K*KXNelJU?71MpZdF>{y-8eC
zZSDfrS_1G)J;YvyxvP46oy$T-!+rD+3p<Xt<WOaR#tG&JeLJrJpS{=_nju-ONvU3Z
zE5=cMB}45RyA#17^Ja&=e;a(eo|}{UA^qZ+Fyjj0vH9Kuy8$~T@vTeH@P2j-fQpvG
zzm^pL#)cWszK4vQ75kXe>;Vi%iC8CrAJt;Jb=ZA9Uyr54Zs7_>AaE;qQ<K_wT-)@@
z1M$a?d6fOY=x5+@W6*dq;4eooB08>{ZlC%q1h`oe04*`Li`B>#gXLw$qFzn18*Z10
zu}yNXMiGEzI<iA`(hvRqW$-yJN?->BT7oBvXY~C6Sdv$Ct8B8Ze7i@GP(ADvxRAEy
z{;Asg!L@&}^TJQ;_k1!igsCNwO`}v)2-Yu-maLbRlw%#Df3$D>95hmiH356{{Z0zN
zy0y{UVaO|C-dtL;IzHNCXB!dj(fjj=8qyC(QVUX>b&x5iXk_FW=Q&}Hq8Pb;)*}`j
zO~QxKm?dQx%k~Zj&s1u(-&FQ#nonZrQP6ol&cpAJ;e4Wi?DC3lRi5Y%!rOXpzN&--
zhSXaPjn&#O{(Z^v%+a2rq3w+mR<)L%E^LT<jH`%5*fA<EueLidn)lN*<x-`oDcUj_
z%%R|fsvD&!zD|SiYm~l$Oqv0bu1_xZtH`bs@c^up@d_w)9alP4nn%*AVJ3uDZ<kW^
z7~tk8S3lWif<CKJ8QF<-SSKH8=TQA<maI!xVvbk9%IG>d$&z-n)a?nilISr+b#w3-
zp&q_kaH=@H)!PohlnN?BHO_eLOevz)?Ce{Lb^NpnR!f?gl~!0q{!pE6h()K=g^;71
z>*igQz+hLLmhPC3Z@Q#|a7*M8XN+BZ?0y_~Sm%uAR=tFG`(JaxDSWEBV<V?(=9k4x
zb?UG#{u3Hl<jS45E^!<QW{W}VYw~LDyWRtJ((((Xc>f>bJ9QDK?sX-k-->$iThV3;
zlu||<cizUkAx<%0nP&ThHD3T8Pn=36w{<zy%!uK2cE>a@^0+F%NU`-zy$W`xGZq$X
zt}R8BMK3UgS+z?CO<0{WN;@c8pelLj?=%gwz1Ul-^gk96)iLjQucj0dRrBdmon%xq
zG=i5X@Vs~WQp;rd(Q?bU<oah;3I4Bxe#>o~^+1s}=;yz%P8;8F1=;9z)zD=w(Yfr5
zeWRC0lc-I87)LgHGSGM+dGaB~SRfuL#^xyxUM7<B06b|%hhf%e{7tBLlq>DC;xot;
z%KVvBd+CIG8@|SIa;kDkdINB)7CzE$!Wbv`W6mAn1e}U^5u4J$ELKk#IR>JOSPuyN
zmx{}~a6NTGqccIa$(xhrG_+PH9jwB}&kR@xsAWlYtH=L7ShrO2VG4f+w^1X{Hj!<w
zTe^hozFqc4lT6@__rhxL{?v`u`QwuMvt6%0a7Wr|r7JC+(f*C9vL7wp`;Eu-(3l{O
z)US3Pd>4>xcN;L4Qg8)?>&~-ZfodnoRx-N&7DB5*F$&(S7S2Ge#A8&~Nmn_+$t)%A
zMJboOjZhJa@N}gx<77_eBj6>+cjQv189!#jj2J6aAV^2{XTtk;mX1rSOvoDea`iwm
zfeedKJE0uwHA~ZgG7l>XclxRyzKx8SdrE3VQ;Jh<v`r(RbWU~jFp|^bUYjA$9gS)1
zuOgTG?S~jg%OK`T!fr?65SyBih^DC_pL5ZE-Ce3`SDgYgkr|raA$~mz3IlAQX6}JO
zUaxZNa?hLi=c@+qGm=aS$DLP6p_t<YZ6)7E40Y27m=a_=OyCsU3T>c+{#!ZUri8Ge
zx71EMOMnZqb8yS6{H?F3gQ!x4aWp_Gmmx%r@gOBLbt=bf6>WY{?v{zCs<=p6OH(_%
z(3RVdvKoqDM&1e;tXEjK190p0m&nEhz~N19-F$Zd;wX)W@#P4sPO<$L35w@>qUknf
z1bdVWrx*=3*_QRg9K``O=r85AqjKzW^Z+JO3!NSodxnA~7M*&SW4tN4Svf5(89Y^G
z+3CM^V|;+kvt33<d|W=ZMHYPiWM#{MV9N#uqWUEBLRMxMm7`t1J!*$r$19v_K14j0
z6p&6cGNVc1Vr-fY0_T%!poB}Vih2|!RgM>ea>#iQYcjpx@uOr&us3(MblpE1lVo(M
z>pSu-BSyaoOXg=@Kqz+)PcjNw3A4XQF7;Rs!P1lim1<QfQA|H7)+=!OlV^wH8|Ird
zHMK&Uf=dLN=D=ZvWsUxlxdj9pEMJb5OIxjKVv)jWZ)~8p#HwbFkMo6*rO^a*#1CDx
zhktz>sTr{DnM5V|Nvz2Ir%&f5@5=__tx7bPy;?PfuKbem#Shyvj+UCi5=K+w)Ky+b
zlB{%yWOJjNC5?7Uyi!$~=$cO|Cs%GS{VQM&<OJec<X3o%(jVnAXoFN!soj1zx2T_&
zdlV;OqR@jWwMvMGt{=a480PR*f+n>?%&PUJ*hV>KmZ6uLv`7OeJ||HAJ!JGcG1W!#
z0sZevKX{-F;;=CZj>}io!*6NY?ZE3Zc{VAVRHW^D2>4A+Q%L1B!fILv!2~L>H1!{j
zGwMH!9t_(0RyiWO$Otqlq!2CjrxeKU&4W|0&GF^xk8*@INr#=(4;5Zf7<nA=i!WCV
z+ID@ZAA#4`+zYS5cIgov$@@*}bfbqMJ1YYTP^>5O63M?F17CnQk<aWSZw;#C23nXa
zdtuI`{U~iQWh6u9XZu4LwIf%hJT=x>5P<IM!h6tclzs#y8R1-<WZosc>^Px2>;D5|
zwpku%)1^ObZzG+*LJ6g4!K9JdBNX!u!+x;Qw<Y9a0NslBC+yLe7bfk;6b=ubdM`!X
zwCy*_n=d!xeki|f+CC6<%97o`!vo98qf|5A&f0|BxO~vv`Q}OTRxhFQRCrpD_|hT(
z)|A)xGq|PVRc!*Z@#<}^OJ!P~TN?@PYQ%itm;U-@<C#6DiWjl#JDy3)eY`x}lZ&U|
zSzW&mzxlkTq&vDZ0&_e&)6_NMSVv7}V?y0K`v_*>o7i17@E;9kv4=9A?L5`<XZbi;
z<wiapG*Fa?AS{OA<nKeBA|HPjwmR8L-{*ee<yK6so5ZQ~Wqs$Kn391$$N3+<`p*IQ
zKQ>%-mIB)y@sCA+th-P*yZ7^q-Hks3{#<v*dO09}&zo|D_uZa!hlI58UoWg{hrHSJ
zrTz5x$$w|RjZAI&_=ltLRc+3?@fEWluPpqbf4_Z$6Lb0dqTLtX9e(`JK-S}#kg+o#
zF!N?7TaCXUM((~^oU`t7*rNv(cP~7zf4V`_&=;y2;(emz{CnQ|<(DhF`-bfMbb7(}
z7U5*k#XoQHhYp;dzJCrV6F!@3M)#K^Z4SILH@v~^{GbRf14f-iPpU5d-NM&qi9Y1>
zjg^p}O8LK^_}A(3`YPbxtUi1V|8JP!=Q;k5bApG?qOVIYJZKOO+WWyK<Zj9mKDrd#
zBbdzC`!(kLV1uUrn&_XD+4HaHrwO0WYs}Bz<sEo;PBfJT*}cJQ)pTWn3JTEzUn$50
zDa@48VKoe2DL3+0RV)Reu=O>|r^`KuOH<Vd7j54MbI}WD{EaF8;FS1gk@Cl&7^YOb
z{TnLO&*7>|+>f9kRS>4c%=xGgB7t%<<Tt;ce_y)qY0<^=4Hq3#PhI=ohsOap6)Zpw
zbEpC!@g><uDl-YC?)viA!%#D2#YV7_NszlvRBR+y64@313%rT(9ZGrtfI~~|y=7D!
zQP(b5Ex0w_c;f_z0D)kQ1(#sK9fDhc5G3iw0t62b+&yR@IHb|w5+t~La0mes$mIR*
z+?lmz&5v*9-(BlIy-rtG*RH+KQ>XT++N-<v4)DY=Q~{VApS%zcg<2suL*+NDWVS-3
zdN(DhUAqSczTlvUvra=e@<MG2AfCU$c!DU(ywEm+{PjG@>8&KYYUh)pFE^5?{mn1y
z_rTYao+qrNaYS>WE(uAxYHyt}Aw&~l0dO1^N0jj#j&~#&G6#93@|I5!^;ieT_Y@Mt
z%WfzRu&-eUUWa=RE5FI=6aq`}9`-69^q%(gKYj(GscjMzj}yd&Fu-v^TxkC#d6*&~
z$_4hYBZbnGQ>lP>D`mbulv4ER@(7Y9pO%NQC6&1*?x^-sQvf(?0QRYLhXP6|1Gr(0
z{C<IgM}o-VvTqJ$2I)|YPi6cR0NZy_XiPgRUfjQfjtBdQmj-@}0n5W5rur-Av$Zqd
z#PD7N{2Bo707McKW~vgQ?@x#0U(5FxL@$IQhe7RBux)fAq!K`#J;-}Duf{7@vQzS}
z%}F5kvQYg2Fm8UR91JRl3lS{~mDYi12tu(Z0J$}&j9{u9CQJ$eRjCE541{r<f*vD6
z$g{pwvdOvGHIYcsso@c%;}TS;M5S<bf;0f433icYNSQY%L=d2gRAxy>;R*sos4%-o
ztQOo3s3Uj=iKU-_C9jf=11kq<qMucS+BoJ~oQBfZ%7V+fw@pX%6*UVKQMg8Ucqky%
z2#-V%M2=*@b1d39<xBMbnysJ_%+_@~jA4SlFLovV;z%s~B4a`wq;Lw6zXlTz$U_jI
zd>@p_M^LI`m`7R|KI|(r4R0hmq%SFiYYiB7>BTX+FQTv-hVPAhEgakap^nd|{c?m_
zSY0!iVw|<_19T2q;4^x|O8kLW77Cv_Fcmuuotg+tAb}BNr^O{X$H8409q8g1V|ftG
zSS)Em8rM+GwXmONiBF^`U_M`N=*wv$L+G2)fl(beU1P7LzCrz`9;s>~U{y?)nCo;s
zC=l`h!K3H|;?2v!v6eqG#hWG63y$fcN&pWpR6PrZ)v<mcR{<yo!i)w$snaNn>u`%T
zs9{;S-5j=eGl6~D*rz1j_o}+tDgYTQOnoSnPRT(0=ag`YRBNw3KLrYk3ziih9q`Z4
z@I;eSd_R>$f>2?yn6dS1fOq0)Tj4P8{j@CBT-#!y4v8HhLJ+EX3K7+Thz&qx^mB~+
z06DG*m$Yz$JuE97sO4u#WEG$SgFx~^jjX~|V8Wy-0Qs7TJOs>t3zo(FV=_;k22x1C
zdZa_H@JgpQdH8-<QsiL>VlIPft@c^$M+6GWfQb^=i=yY6d~(ML=?3!*plR|T)>c^Q
zHrj{@EW<qlm{Y?~Xg4{L6q%VOp=TKTlselwaBGD{Iv|OCjofeyiT)f)wIxk95emtJ
zXmS+{BA-|xLL%q!c`;19Tu@D}FjXsK9&r*p0HRSA`UnuGPHTgO42#*vq(kRCXKHe|
zLRccfJZqt{s1gqLkbB-Ws5LTN;(f@>HcS6P!OT&Vrg*4^CW;6K&K&)aWvaOYnH$(s
zhD3(C4nPw3Ggu@5{56REX(-Jpm_$%sKqpk%AEGf4rZg7@HI3Eeq97UwJ<E*w6cWbk
zDDFtt#5<8{D`6z#31Z(@zS?Rd_Xm+!iOF_IwH8{kFrzuFOox6l?QlJyIt__set=M+
z7FC&j?);65D}<gaOf&&sS}BdC_1~FdCY!z5P7vZ~ghl1~6|NY^aSgS@jWD&sGOh(d
z)_{NWoD3%9@hSLW9z@_8jMR~rJ^d^Vu=p(k3JD?XcwjjsmQVt<7FQVYB*3HxQQ@*i
zo<)(L-h<DC!laPGRKQd=Pb5h|@4w4Qhz?i;L#miqPYw{A_@L#H;dGv#jtN5sT7dPv
zuY-l5em|A*nz^Bf2YKqOII5X!iAbn8NDG1e7_4P%h3#;SWrKM)oD4oOn~}T@!4pRl
z((2K5h3U^Nt~r8KxWeuu(+I=?#A&$XS|X8SIrb??6NXJjOk{@+Gg85};tJzU!?H>U
zmlUrEeIcf6PG+|O5uNDa;3^1u3gQ(9tvx0V`~l%hh)O$+Wa|m(Gs3;jhtP5H)F|lk
zu5Ag{ZvW%{UZusDD4%l=%b>bQ{TtMHFWeqpNwO9ieTU`x9_#TRl)!bUIyTv>`wO%w
zypl=~su9`5Q=LetGDo2*ZrL0ziwZM9L46#EG>o*!9I#X{g}J97R=)OD1>n~-dObLU
z1Ch9v&=mA8rXd|<ejP5bR#}#fegNMcEU37Ze^_k&Xi&Tv|8!3OIz$@TeEC8~ewtdZ
zPn3mgWP2;@#jGi{N~|P;o(2=bvKOkTf-V<)r1D8}JwKdIFmq-QH|!LRXvTfn3%1M)
zlNktG*bf);8IxDpFwG0&8341Kf+}t|g!>#BPr<l1A-tzf5GyeCT7UC5z;al-tp^b1
z%7p*~A;7kbI56`74~hx-ayP>F`g{3nm_&!Gvl>vH{-Mbk`V<y>Z;@9xNQ&){mTub-
zD*DeAy-FD+Q2%B!`N%C}|DDJ)y2VuVSXjcK4#-j^LIx&mUx#G~BU12u<bZ;TU?2>r
z_brB__K?St$5;lKoTA5{d91>cGa9it!19Bj4Y0?CGcgsS`bA=hzBqWp%CappWX@{g
zn#O65aUaJMb*&p>YlN*d0D*xRX&S-oa}a9)n_L(w*$iSjMYpK8^i2So@X$at6!Eoy
zXr10;H4v5{@aieVrtz81X}CcGmc|;CtRzeW6=u2?VV#x;5~5&{C@h~n#A!y>tDz{a
z!Hja5P(g^Z4wN2ol5`vL{1aH{l!;~xEHL3<mw3-C3Wr!m?orsp%3FoI8HE$m<i(4%
zEIX9Fbc><q=ZQtuciUrGu3_u1vFrbvS3<&mSH!$e`;-$%N46F^pAcJH0AWPIs06{~
z2_ce#;D|Er<4F)GEyS2>%X$FI3W%`7#WtP@!Ac<9?WgWcE>UhhWd8)l8lZ*%Aq$ss
z%0YRNiEv`^_y>U~>FY&JoDilml&W!ZvS56lc?`*|%_w#&4S;2Dg(Y9RO)m)J+zU6V
zWf6@eRk<$Kmz9V}iy`8I>b|8T20(H^xIhBA;2A)j0G>#HKM#L^NE6-yW~!Y~5H4T*
zKs^?TNQC#hS>ca3*SX~~5+qz;()-Y!2ne~EHLhbn-r{4?+&#K}2@)Qw5W2}M^aLf{
zBqiQjqVOnk!E{9V02qlTW+Z2dARwD=ja~Q|8aiP&5fXN0l~E#xOA31$e~sd*C930!
zZ`!-$^)J}#Z^N%HNt?n&I~<wSsW)4rDI36IKqDF@7Pegw5K{A3MNG^Y#Zn87-j8jn
zBTZIepLtsFgi>c0aRRzKV-qZgi$}5G6`-3*Nlh3o;M>}1P_;-$8^l|MR46HKl;Lix
z+B$0eF*Pjl0sA%7vYEg^2iv?Ea+58&*@kH)PohFXi12>WyA$9#QQ)F+A4jeS`~kD-
zyzfUjgy%7Zbi&iYu=^5qT-`UBxuNcC(&$XYhaIb-#EpVv=WjEjA-;oPA*;|odl@G&
zc<1*h{5e2o4@G1NFkwRMmJ?$T@Px8N73R{qYxLW+a0hlA8>@&CE9^hI4EW_b4>e=L
z2FycF(GSG|J#B{m2?gpsK`qwXMT~#M05dC6`!zW{gext44L7vuNW68of5M<&FfG>#
z#FPeR03xY)QHqI48=<5RBus+#mE7ngyf+8Z^>B`;^I4uu1bLmUcj3q~JoZeOSPP|n
zK*Vo`Nyr1gCE>Fhs3qHiyiKGRG;=)t7sonJC*8IFe3v0ChQr9Ff<l79rMQNMjuZOe
zS!^N=TI4;14IPG~k!f>%t~3+{HO&0fw|0ew64MJO^y;j4gNS*BvyGiTgWf`Ur}wtj
z>g5eS;PDUe&0~PYGPqHL_<DCZX{=I_)!8}wFg2^xrOIMs745@(`LA_xDq~4IEd1PM
z=?0;^4Em2u+{L}*`>9pxB86-tqGL&j`Am#JWMO03g5d$|ZDKy~Ok!biDV?4w#x_MJ
zGNjg;7{6Y#jd76hMsn3F>4bjuX5d38&N0(fz134|2mw>%M7O<g5ULA1_i_?$NUx6w
zW#T;yLz|K5h+C@~g|i#z<4Uc82!vb_3WWR(r)YaQD^e^fC9CdO#hJW*LYFF4J7Smn
zPjd-?9zV@mxIiyOcNd68#|Q*dgH94W-joWZ5PD;m7>>&lG$Dtj8N8MYA}g{7z_k9g
za`+lfurxbOgW7c?U29mFiB#*hJ|VA&k}|hV-qT1Xqh<`0>X{u{2_l>)v`uNq#k~%C
zu966ZqMZ;*IB=0UcnOD7F&v!zWM(z>A?4FBLOzOo1wthaYbg0@5$mLwsIG!->}H-H
zEsNMd3KAB+HMz?0Y5+(xqpbDBCVN?{t3p+%mN<`=7~Q7Q!pk}hXLz+`t&H-~m_(Ik
zcmGN<;*aX%VMyrnWyX#RVn&0o>5-LYj9Xv7SzfmGrQrzIdiR4)jl(hb)DkE<P7PXb
zPjom(EG54wtsjzxfFEidMv}GPr72qR^x;#*%5?HXiTyGKVmj0C?XNICtQ`pLB;zYI
ziP1I63&l_w4yebr6oDARVdq#l4}qk&1fZ8({6(5dGqYKmksu?pGzW})zmW<EN<dad
zNv#@twkJoRW|S{V0y@3~N?ruWDPp<BElwM0*q5hjYlRNxzqM$DDG)k_6>2>W|6nG*
z@s|32OyCjkPAVfm+e8=%Bhs6IG^X#f#G<D0_AGgBk!~dXiO4JlTVtuNm9`SO(Z{&i
zMLh#bHFW!s#b0h6{wmStz)HjD#ZEW{ztsZ;xNDFclz=5c<o?@hR$rJr&a>lZRAfG{
zkl%JJWb;yXiSz|`TWCcRr5JqX>RKBYZr7EW5?mF;H}=yCn+Fft72XlKn53at-4mmY
zmskwH2!@!7Tcxw0o)9@tgfjN7Vewj7<5zqe@LM?t3BqhhoUcQe4o^WPucD=-@Ch{*
zQc;ipSPAi_lVdZY(1cscCPq#msySFT&m}X-Ybywq2_`#Br6%ARw@q;;Dva3G3Zfil
zF(<QzhP;a96LwXD9n`kUc-Fxx6T*3&(fG2kZjv`v;U6^&zx1UmJld#_HiG40v%=79
zyhsRDcXu{a9D|qiar_#lz>FWf2G+8rwG&)JL!tMs?z;KUY!8)^aNsCn39H2uweuus
z8WP8HuZQ8!7L~g7H+x=;JQKbbj==RA#9$at>xnK}02dS>G(Z0OfPL^NmWLn56Xava
znPm)w!ZBPNLN;Bc+Le=bKmFf6KA4Olg$gTZIDt6|5FjeMVOfG647s><7?u<=!Cm4h
z{!1HP#5D%1(`z@dQ~6Pqpc0tW3Il;VFt_!_y8FPj!JE2hlAv{Bmw_&vy$2s^2m1sv
zhhgd&pU|3uAwpl&G5PR-austfK`Cz&J^egv$-P?GCo3#=1PD(*PoApFGh6sTF3t#6
z01HnGXR;%W3rOq1)yv;)AwxhkkSzEA`P+Rr*+hu^HHz34!ODD`AcIK5#o{<cVSj2!
zov-TyX>7t+=~yB0*H-uv;_N()>&>4Bbs!<leN>8h9}e)g)Nbl>*eLhH<s>F><@}$D
zk6BI99B+|NU-vPHbw}`K$q@}&C*ahcPY!Y*AkL>f47zwv3}Lm@y*k*UW-oPBF1um6
zd(@nVUL^UoT@X&(kzaYA-U{L7JunswJItw#RkQ+;g|9)N5?%PICGw;nC3#4bPs4@$
zyYO`p-FQKWPzwJpn4h@ZtF;~!^u9c0)D}d3SsP7EIO{?O>*Yn%VbMS}iQamHdJe<i
zKbRfHF>IFmX(kNU@~_vuZ^Q3ql7Tf*4Asi<TGNGBUN?M520ec5-^-WGOdy*FBJvTp
z<t_45L$I+@W|Arj{P7GWu|jJr85J3>730Wq$-SE%>;e%YaNL(bxFXDvBtgh97EdB2
zr8!-E+y_c6Qb;q(Jyetwey-0@aiJ=&qIGv8TKZBBb3*fsuzf9D7Fj^zJP^Y3^3z13
z3W_)(ZS;h3B1}Mq>wS7OvpN+Dz!}lRllcRo5wg}($lG{VkHDsT9rIMb2n>IJjlo8p
zf~3o=!+b*Dfv!$*c>eU0TriWsv|2OIG)wd!M4~;Q^6BKfoJhMsK0~Qm1E?Shr2RXq
zB`5+;1Td5E-S6#bDV}0!L75>-PYGX%t%XZb$P-!X^e~9H3J|AZpzdAYkjW@eQcMjS
z0}M@2(XXTRumn`-vjri}3$Y@zDSn>@<si)emY1MF6A2Gx))k82nplU1>3rpx%S??_
zZRib$^*W8d2bd1gL_%rZ6jFtvzbeqghS%V;cFa=P+jRmHo{(9Q2lK>r>;mbo393&9
z5tUZL5Zz=jr^Dns3!umMH5^MQGVz_Mlsr)&3d%z<xk@~tW5OP_m9k`3lS^*Q{jB=X
zzRgijxO1E&!ckfJTUP{CPy(^*8j1|_G`<RA3pHhc(+aPnae(|uS1%Bgj90i)b5pld
z^SvwMTwa7!5Sln>4Z=Y0cqp`YO7JjmkY#uFfd|jIJUK?2$o3mNBBzv%0$gNbw})t6
zqt#0cFUBr{cXY3DCgs#nhxf0Pcc7;UeNRItu7e0HN5GU3Y5kJNlhL35d`$rZ-C8F?
z#J}d^9$+^saPQ^e8SC_rT-w=TAt&PlYeN|hblzTAD#h6WtkiW@Sj?vYj#Mv$Dbe5V
z_%4c+w-QQwIlq2R@a0|;;&ni7jAcpbLRB9LnDW!iVNT$)H+i~LAWg2#-%IFoodkk1
zxx>3|f0UwpunM>gDYn!jU8KO|pBX`sPI)bdj{sh9%|nV%x)SnCQs9G|F6w)FQ*KIm
z779w9N(9eRHy=z{7)8ahh342oeViPf(pLdX=X5vEx9aB*^JfOV0<iON%hMwXbqq*r
z0c<Wg3YhkD6**EiG<6Uvsuy5b>J4uv3kR@`#L1S$$(kKQoLj&+2o#};oRvTFA2ad>
zh{$p%Ptn|%**pDkIf4c(20;FGEnt{Pq!~nu_8-I($?V|GggT;3{V`B~BrGBC5S82%
zo0ayNh{O0_6o#Kjq)SRGm!}G%6@P{;(nS-4Puh$kY<N%70MIrfiOrr!rsI;TJbeR2
zQ@LAj8(<kW_nMqqHjAS`B53h7g~u8pu;g$;6du8Z9C$+RUUne#@e%~wjl*t@W{c@E
ztqVES2dLok#Da1hDk%^l6L{rV`!+f?7!8?0(>fASrC~W(qqAKpgSNtzqUJmGM~{4x
z!(&L|U6sK8$YpDK1|#~}8&q9Bn(;L41r2&DEtYc2h>A@SW&|QIBf=T@=ieC%*M#>E
zjN$l85Z*3;MxL>ol&d#~M{pRs3`7FQ;5mjohM^x;K&198NOd;VgFuY6XofB8crFmb
z9Dr&7U@B+|DeJ{xIsD{N3Prhc|Am*7pt5YFo$>aeqEh(4Di_hW@u!i5UIpsVQHmfC
z^8}hY3#9`Nf%^l6XL5{rXeM!;+e0mE;C_gq3`949CUC_Nwi}Xq15{-o@}gL?8#A0N
zJn3^>M+y)vGKAJMgwJk_Mg}c@-6LL$Veo;HvH@6i7{2Q+3MoAiH7mk!EWKtFqY)ZD
z62icn=4?a6jFF?61et8THN9rVJ;e~JfT;iM5cVPo{9|#7Fn9n6^m!sh2t{J3xzX2$
z6RAp&hQc=L$8JFC6%64__fo**|7pW+2c0zo%tq8tX~47%0NbA~o<ChoMe-a)6m0Mi
zcrE6|C|EcFbUTyFKQm7~fWr3C1UDm@mH<N}Qs6pNLT8Gp2o2LHB0vozwnCuE^3qaF
zQh6cPaNYPIIcg0M)xEfhUYQ&-3_U6$M?Sz_9QDp<L=nCQLcqG=Dric7Qf>`-j&_n>
zrLHR98AF))`xzb9oH3kh<eSU4Wp0D=pa?BCOsWx{>PWBOEe21qi$eT^H$^W+WEUK6
zDi@8USVJ*ihtQTV;b@@#R?;3dqZo9^lETmx>;TLzR2CCT1fZFhP?THDuS7u7OA5q?
za<Z5n$#w;PMH`h#G*tsJX=E-4ie_d*6Pl^7{0x!a3zfZw2<3qY*fKaqz`UpOymM%Z
zLl8$VSg<#QV|ooNLdG;{3|2%<gl~`cDY^dvF~KttxZSK)UFKx+OalzGB2)wezy&=1
z->BTD)MAKZpm<qGW{E^7%=$HQH$w_FnT0u;J_sAp%=AYQoFZ`)u^GxBGL=2;a$p93
zFf&)Tco{@+U|D3Y`_Xidrc4hEj?8pL(ZE4IS<I$JXoe*eH3izBWXQV#L)d^Z?8Oiq
zcJW5aF^3G`Ay5Es(nm22(NOI809IffNZDU*rDHRBE4#NG^v_mLdOA}Wh+YLvX4TC$
zho+_oVHiM>!9!>P5OX`Y&P$&4vVzPkm1&}jV=08~5>4p?panr}X>m74q$+3wI}s&<
znC?f(J$DH`{BvDGistK5meMg0K3oWEZP!;7Ilpveu7wiNb(pynh%M$Gtz?11;gX{Q
z-g8{bF-&wZ+J!I}by0B1y&?mvOLwzIf=J<LT=71LnZaLC<M;F7Td$E+xCpvGT{M^x
zrn#;U`B2(vdaA8uYK^WKljA&b94b3GE;115H9%s8E#HDfiHz?M(fl!9sixPp<DHvi
zMz%vwNJdE8#lJlWkI42{f!m<r*JuiQB&9D7XOTRGc=^+@eq|>Vp=TF`27s+UXy1$?
z;aUjBz!<`M*e(l9tOg9lB3O>ee?PV;>8;@)v;O+TjU#*T_hetV<8(u`Cj5BhS~Jzi
zF~z9t?GU}^7TUT+3gx{mr-dD1P^6<LSQQpzjf_hn_`^>AA>fCN7IuMFIB}yuHON}E
za+QbFINa3*-_&$>`}j}B>X8{>Lw^b~jXpXoG;$a)O`zw9>Kk~V5fZy(G%aX)tr$>C
zM2}_$2?)VifY7D45p1wYU;UO!L5^*~1g#&N`^Qus6!)FE&mQ*|$LRiQI5pMZprU&c
zA(i~Q`jqBv-z!HI!-=y9)VLwYbW2W2Z%t3<fd>)*B>(eV_9JT*$QbDD|HzYhYGrk5
zb$WXGpU(-H(*!}Qgi`>MP+MDTWo3mxAdpC;r>Ez{#6&_u!rI!Jpr@dxryvG{fgxad
zd3l0JL1Zlwg+d_&5il4GfkX%*{|W0PBq0B-0STT69fZz=j-a3*G7qVPn$W@MzyuM1
z6%wdLA$5=lD};`f&OZSE^!(cefv{S$0#H^uYdQc7hV-lzL<w4<){s_t2!tTusUw&m
zi1?2#Bme{cEdU*)j*iv8rh{7hXZT-dVS+HERRR*J1N$d$rDNr3C8+bSZ~u%60(t*Q
z&1Chj_f~=k<Uewr2tg~PRV@Mr0C}hh)W4qm6HWjShy)#kl^{&V69XV%NSy>hq}6}Y
zj3!ulqELc@|12N`VgD5Az;uu>q#(u<k!OWKB_w$M<Er!T004qIo~QpC|103Xp1b~!
zFW}(b0XVqyDz$lCp}6GSW&^ePJ#S&GYFR3E1%2<}51p3=>I%QcBNU?PRX-ICzUR`b
zFdO_-Jp4h>b|_1=zGO60{Kdi2V14O$E;1CKL9L-|vQXtcxA{;*`BbS+p<1@u=Zcw+
zM)l6iL!Uo>ud(WhW>9aeoUeDBsxTjJtXgdH+#JeQZ>nBy^S?M)9&V~x{eprJFlsc{
zuJ=Te^H_{D*KK}HU{%l2X!*1~oc7RVWu&EkcRWww9iwJz!~Rs6-bahk*3Un_*V+!}
zXtp&TEjGXSu`=4$bh3&Gt@lkpbcJFQ85tRkwYR+3B8ui*i$$Y<{+O$GSsm+W`*pH*
z*Yl1^yYtUW!tSZxSvt%uSWEzy>s&31d>A$L`H$7{)z@J+bO3+>Q;DGDz{C?JC={XC
z-dZT^3D<fUg`wkmINYJkIvl@j*IE<LDi4eW*ulDkse2KaXx_%Xjdy~dxVo{f+>ixW
z>QV`LE(Bn!m3SofgRKO`2u`cFOdKsq5R%$j0H9MuhTsYrI&G&2T3GeqKYG%%5JG^u
zVoOp>mC(h)=S6nm3+O~`XL|OR+oPzgYHgjYqVa%qhpTc@D2Wk(#FcEO+0BpaRAt4Y
z<q}+WeDzwaBsbXvT82ei=_yx`<#)S7DCs(}SD34GFkh5Xa;uY<?tXB$|FPB(uc8cp
zsU^KUJHO(f8b@vd`LPb0hc_lq*Gdj6Ykerax?L<2NkBU%*i$=gIJ|+ytb+nU(;u|a
z)Q^^Aps?r?td3fCqhTN{B2Sm}rVKQldoFpx5AN1$L%N>UJp*hHhx4(_A_zC!%cB!l
zudSvr`R<)D2K@0migbs=weIsn#e^<slEg>?4P6B9`2d@#IQR)nna~VOqv&}yyql5G
zMRxpn=S&`e=3R_Q{W`oDN8<2ZPAF2liA(@_?WIGE@)O<I5#78$YsGX>m7@^D<cmqO
zmq$OpTm8+tRC@5RY7t7IFZFYwXAA}=FnX&xIcxph?bovPeZ1S#dEe}(=c_0j_j6~s
zt03QEB*|}i>_!&9dU>BszMHM&i^`WuK~q>rP}a-io87#({I`2WAKY*E%R*nja)Onu
zd2iGb@LbG9N$2QnrR-M!{{B%r`Nk}>l>g6ZFSW;?-HvzIXe{Ti$A3Nwg-xJr8d<~I
zwn(pdttJ-(mxH$ll`q@Ox|lrfZ}zB}?w=FeS#@8Wex>aq`}|zG>6pyqb;q3P8|{X_
z?@d<~`l&yh7oVVTH4wYdfpk1OgtJF9EDLJKj*pKCiR@mBhO>#%VU7f6BnR$~v60v_
zL@0R$<`wuH4BXv^!jH)(eEYR~gv|=VJ(LHnE9#=YGp>D04n@8b7ynEhR4d3VGJty&
zAy3IT8uh0q_uF*?HGJ$e+KAAcNMNdy{$N5$u`&<#5!x%@UK>OGu)sRWD1kl4^Ud;w
zWhfZ-HA_O}4aX7<g|>L#7o#&2p|1HUG)zX`!3$l8#y}*o6h(-=VuZZyVB@%|jY@fz
zq1LQ&OKFe9uj1Y33kw-`xrT7|6W?1c7RZ}jr^=QHBn;3M@q|AgP^d@}rt)WE<$2X_
z@oDd^yeka;wM@=Bdh&ye$PU)477e3tlplI>3#l_GseN!5I9ItT%F3y%qdOHCd^yZJ
zsytxA@0oQV$;P5k7_!4&k=R?wCdhQDVt4oLeM}cGYgodKx&w!^ZF<A1V&}XlrL$i0
z!tX6Hy*<qbNp4OX$<`9qj$_X%>Vc-15r`r1k&&z}?JSH<<%mW%D8ei4PNQ7SnmvRN
zs_zcz%M~S6o6_TND8U;oQTT;D*_k)xPaeB1A^ja8*Zt`Qg)}$#;VoQ=aZHcQ#OYya
ztFG1gRN}A7QbT3hN?Z+r3~&mrT#JKF_(pOGj`TKz2Y#pLtw_XYky7T(14Mz0iVsW|
zp~o;aW^{B~ai&-<P(|At#PK3`n4(-(5=#f8qKB{z-q4r|&>Kq9Ep1tJku%y)%_WPk
z_G74UjK??OqpdC2ojSDPhJ{$&sV047G&r=PCMbMGOkSs#Vpm{?ZI~8qP$JXgiZ{BT
zc{eXo@4o%+xs#Dh%aCqEp=O0sU71N=^Z4h6VrTbPQF7e}h99G_Jlr7aRnH%bRgy+k
zPDU*1H114(T5<I-Wl~e>;C<vv$#-OC{(yO^fGQ!UCBN2!NBi6`rQM9-gw;N9<b>q_
zOeJ39F~y^YOY<_bMDa%;--zLm!81gb+i>vH@2h+Ak5XU#tkJdHPw%w(m6jYMWTnb&
zi}mhNSJY^AX$(f_i<BR5u+8{3{@wc1)<>B*%eE^?rhQP|fnNCbN#yv=>SpkqAaNe1
z7B^`8i+fY<P=iof7yS<Ho!&br-}P{OXnPw$)2qSDpM~%LHd}HnrnhJv6JlHZvJujq
zsIceYW%ni2?#uBRnT<wcPsdn9*3S1V>7Qr5_1lKk+Yc50_Q)=b(Ki<R)!>8en<HV1
z4(&Uc)~%YwR{8uvRNG{L=C$Zan(J!um~dHE$tPXC$_;MQmWMLP&$Xn%{57}DlO(T1
zu2mlVF#al0fNKA_BUa^7c-y)VuubUlHugaH*}JA-FW>sF()((^^joMkANfAGK;giP
zKtVfK7sSEUJef*MTVs#BbMFj&e@iYV|C>{nq!ZZZkSn;#A4r@_s24w*M%~6Wzjex{
z*7*B-!@p_-3Kj80-_@>R;gLvu=9&<1*VkTyzOC$irX?S}*|!0Ym(Zm{G-oXS*%6PQ
z0MqL@C;pZ){7C%h6UnDD5UJTbuVqWi4^yvn$-DaA#JK5Ft)CU9cLzq}t+P#IKdS??
ze^6TKRAGBA=VoT>(K*VEeIL7OG<DoPi2Z5&zEf``yKPW={P+IhC^h!szLvCX+uCL_
z8b9dnG*Y{LgWALQiwkgQqpf47Ao0t-K4{;2wrxlG>&p%)t3&8b^F_P#^|M5?J#wwc
zRXGy7Pk!Y4)nD3&Prw(WrEM3ltgn%@o~OO9(oKjX7>@fkJZC?eed-FAK2MPeY@1%W
zI-tL|ygCd_xI6IwfcHVh$hGwMX3h85nn&mI>E>J4HjSSOMgDGOT7J-3P4W5OXs??a
zFExe>_X=+`JSD|hw=I>KuWnLQX*4WuFw9p(^%<ai6;Vq)uQR4xl=@zcQ@=^acD{V}
zCTksH!6tfnWlx->F<PX-q~h@XgW!j)Hzs;ITQBXLXF~RN9eRANUn$xpIY<!WN=?~6
zqvk?yT{=ms=x49n=v|n9p$>@@4Uw2d3-;J@`OB^-yiPXI!%GWNoV9)m5B=dAy7fLZ
zUsQnt_e~D=v+TO3t_oq|4yGd57Qa96Q(zqb?!tz|LZ5M2zWC~DbRFW)_A<F79IH1x
zTTCAv=5qI@%tdC;jE6&ovm~^5CR}BP29{^<VjB@6Y8n!5yD%enITa?<r`Q`Vxyu<|
z=l7O2RWBe-KImHhHQZc@Jrb2><Es?;UF_*GHM%UtGRN98(LcDZ&#F$;c7t7%Vj}nz
z+T-s-V+W<sL_<5?J%_@9n6+Myy@<%iD)#1OmIbMi@8(?me>#PxMZ&jfj8or9^=gF7
zzFV-5(+hPVOAT42RvL|r5l)L?h|qg6pga-zlI!Yqi&*6RK;#&^{vsS5<Ny5gHI4kW
zFawt(_l)_Hz14^2i0SSy_kp-oYNxM}b_QvN-g{AJqVbn1I%zm=H(Uw79iM+zF`+7p
ze{ye-REw+5RsJ}49l7Ce`X^bJ&^QW9EJ{!T%spXBf#;H6_L`0+UQPn_!B<*g7WK=>
z<y&(sFz6J)mGJZ?TB6y8J=G-xoAy*JZ1#h5XrmR5SQP95@52O8_nfD~cbHdG$U086
zV6!!US<F+T*I2&MRmsuXc;+E0@0R9b19w9q4`Pk+Xzg(xT0}hI{P~O}%|OuBLS{eg
zlVPY&(_8g<AI<dWyp-4s37d$$4^yIPLg^rT6^}>>U9>~6Ee-D-C%hNe$zLR0!|p?N
z_y_cS`to%WWZ&h+H<t5B5)w{3&FQ@d_vZ6Wtx8QL%n$mb7hP-oA?3!qVL!cbKItxe
z&PhKi-N!e3x=g8%Ibi-#7A`d;Mgd;c;`(qdtDG&9g(`ba<>_q62R&mnk80$7idSJi
zxWvzSB{jp999(&omKm7?rZqcw<ut+hqE(ePx=6h{HGzFkN;kn<;OBdYNj~$u2hOd>
z+qp>m4E5p<o}~El15pntO$xs2=eeAP(nMR*4dvr!fNpN`Pszb#YB{X<5*#K4)U>fY
z0Z;i33W~iFgm0zd9u#<#rAj#Gb5&4rFBAe1wABxb##zBnPIFa!3Y*>+09in$zd>3H
z1M@-dzlyC|9m~-mnp1t<R<U<_-p>Mx2Fr`VL&Xj~bdKbO&ocyhJQb%yi)S}W_U`dY
zy;|vp$w72Rr8nN7Cpv{cdrH`bN^AE^-?Y-f6U4$Y1RmCcsq#wV3QKX;i>(&Q-8f66
z`h4Q?%ebw?-#haOAVHC>aM?z9s#rx$B0zyCE3L?&!GQbI%K}&`YVpg61V4tFeDwYV
zqMEQ}C@fDrtLV6;?G*ml9l%A6tTe=@sj7evwN{SY^6&t1;|DD7Y(Z1BG&33S@6lBw
zw*Y|-|MCLMfjo%Us`7(Sb>!3P9elcR;g3rurECd&i%Gl#_%xR$HMQ#iQ62|rLQQB>
zjm!ji!iVSYEgZyCTPIhGJ)Gz82!cOcTfkiNmb8wHhYp$vl0kCe20Gt~*g$FX{@wT0
zMXc8`Nz%bk92B)2l2&zf4<RD*oN%Cq=XY(~`X>QXI*kH=Mu&w<So9$oXubf1MOH2S
zu`C7DAoq@r90eKz0WwG?U2hP3Cf7|J<gYdK>?wj0RbJNhDV+JU9zj|EB*1M2Vk2X^
zc*=DDw8_tu^`Z+goDWQP)z_gL!}1$lc<7(Lq@O_3(|R_)<ze^&Y7S*?4mIU~13=m(
za~uymfv!b$qd3pGMP?D6{;}mis0FOsa^Tg1CT%U?q0hnxvIARlhv5}%tzXa}+SC7}
z2d1@Z?MAnvgxVSw>5ex3lP$P2iLLWDHHNOeL$2N7o`8Pv2leo9d)s=uJy}PvP{(v8
z-RwuUxnb&swvMLBjsd#1>VTIUbfsHAT6E|<_cA**>N^?FI|4~NPbKNj3EGY%X|4jl
zkejxDcj=tH?Yx&1xXEO^{78LgimCR(bnsxd)G&luY~(uhaL;D^Q;4h}m`M;!JJK|9
z2K1e^<Ab{{xVy-g=qQ%}xl@P^0->q{Rl<NoG<r;RAmUj)qP19}BOpCQ4-*1GdkP84
z1YQ%+;bl=1WOXNkKzI{?^jfh55=sxl7WIVSB=niI_n9sASp)$JwLSDms44(3O+Y3S
zKb9o+`q%Ypw8P0K0F_e^Eway05PD~s^);aVtC<<t5Cc*Iu$U&mlEbvFLDcSl`op`}
z_y8;k3`krD93(ZEtTD)rg3u>Gbtb@%y&E}}>bNQgN`*lBwE&Y2mN=>}rG2P!<m)38
z#NZS}fW%Thq<QN~9mP8oBsavA0M$SYR?&}iw|`~FKvhpc`pE9H+d)3Mp;p2;qKV-z
zQX|u5qp!?HJ}vPVcaJ#z7#Xjm!JB|E369R1jqNObrBC>zwJ5km-@Ni?GzA2LpMn&v
zuy%vSuPgh+kx)o!f4tYQZ{qOj5>@9ph#nZZ$(s0O2G%<TS$-b*%|ip0o^Tc#r_US0
z&z}4h1ff3#wewUT-T!Gm(U^>}o`hFTas`hmU_gSk6<+lp*@9`vYXN%H*9XB<*JfY?
z4CM1j1#@f*E5lSc2qc#P!Hu0#2_CadfatG{yWmgBS3PC&gsPg)+>Ag4Cu(IFCI@M!
zJ<x4Aw6l*&M{+<Qc|j~rw;5-*QH2Sp-08S%cB{n^l@;HtACb7-GExEsaasQUD+nr)
z@SXg@gBQzGR(IHB33JgMb1}<vad&eG4D(6S^U3D(WB?ABWiI^;cyjbT$8C%~0b<he
z#Otmte3Z&+85Be7#h5T(N(!|(o&RJ$_Gki1l3i{_R9o6XRo=01JG%gw(aIrb>dlvC
zcyT<cKHi0me)OAM?9_C}RL!TLp}lTPvwS1U2}@7#XM)$4#+O|uvsI*ZATE3e3)hvI
zn3dPTP!-hT(kS%`15(o`CR@a5osU-9YJ8gr*d1NnKU&R+g&b)vv=G&`RZ*SAN?#l$
zYCEo0GtipAuwPfLm};zdyRHY1LZ2enPCBUZwB$FQh4XB!b=}dxF`%5-b)3A7%8?Cc
zK5YKj0EXjN;DUwf2hpte4!@3QC?}w~RT~t?2=gU`nd^$;@pr}AF-PMy*}yfYv-K>0
z!&A}KT~*~GaS6#W8W;d^s+vU}uaXw@!F1PcSH3F%5G^-qK$DuhgF?q*)zCkY@IEd1
zmC?5K`|V6LH0W-VJgHBPc<l}U&cV@!c=j@R>(ZOEopQyuv^T2f+lqQdkNk6Jq-7Q<
z&ig`%*A%Mv!{Vk?$1;km+O^`SqAfIO=A+KibdHTA-oK`SB|yYRckep()9<(K?&sM7
zNZ#01p5(#vrw80+2mZMG$sgWU-mhg&0$lF<8T@-8{9EH=h^FJi+))ry$JWCfY78Sv
zF6!-|@~*S}uGQ2*>KUkx|3~KW?zhg3(dy%LnWG$YFcXm1vhl;A?uhags;u)Mi9KCG
z;rLJttKaR%A@Rw6^)dFzcTK^C9{9mGmlJ#RiTqBSDo6Z1|Dhk`^nD`a&QkF7$l??+
zevBI1XU#ngzQdBLjf*^{CbNv85ZHzL9sGHHCRcctC<IcqT81+1Ofv3G^Di<Xmfh=i
zGA|KoYzXJ5%c<lnwOn$yY6`w_9l3hxSmN*z<JUt@7YSY)kN=*1Cf;H5SeFr4G=Ob7
zAD?={nUyRR2*JjhZzMh5kZb2sJeB<k=6da>8lBY;k`#BCb_UrBUJiLP1(ul;n7nfL
z@Q5Ul@bVyk5l`X!cRAQ{BMpQV`sRi!7@}i!%~y9F_4j5f?2-s<S8#%eTD{DPCy#$a
zktlGpdHgHx%o8gSP(s}_)=bFNL}fGmid_BetbMC$dkF*IKEA8FeKL7leIjbITF3AR
zmh$@d#G5gtysZ~<m%Svnow8zuB!A{=F6YO|`z<L3a{rjs|A~0&Gx`@WfZZK>j1tuR
z2857n$Pg?dM#V@NraOcHgzF=Y*uX?l($F?s3$8zjV~{2@1CU+HN$i?Ais@wQq2UbR
z_AnZ~9gPf8x0T*>z1=Z@k^UY^tG}mHpcKofl%c<`TY{t(cf_n?^eYUiEc!AGei&Ap
zcf7`;oBffD!#$d#l$lxx1_-7zvQ^G(dYj31S7sckxq9Du+z}H>oS#^AhvR*Mt|jf-
z^v5#DUg71*gNIW1Ec>&JFC50QrQh5W0+)N^l=S!9o`Q%9quDC+FA)r;Ja4fh+*Y3q
z&+@s)`EGtY`uL%yKPE8zLW~Z6<Gn*i%JZ7u{PwaxQSZ^$9N`mhY?hjjsobW2{Li<I
z-;d_JZgKzV-SnLP_@4RC=9kc>)iV0Oue-;~|KbQ@(keG=FcBGnz~>OgvTi9Hrm%!|
z4sOBP?)o{G@utqbk0dqMkC(>e6BNnndf)#c7gVDBXu2m!K0`qI2$#4bFABGg<>1Lj
zs&7vlS;+i_20kxz*KqyX`n|7EBtxMq%bY8MtCUS&5H&<uvlNBos(UBY294gUtDtAz
zN~{p>@i~G}HwBR?z{8y#71ko(zt5LQC;X-=c9)+lT$*clORg^G@y%O%t967JU!?T$
z!;vS{!AIC!gv;MF)y~?J*`y!x)oEve!||r&lo@K3v^*3j+L)Y;E}t@(hbN2DCy4)4
zQqOG=m@y$)@c9mw?ogcu!q|PM<%55!Kid(+9e)ZmIA3ZozFC-LepoJzFmbIJon2u3
z$VD)Z??IWw<t2IW)9feevs1n`2$$00r7hT*!{(&#`|>Nxibv{tGY0DO+Z-wdGtcY4
zT`lBMTv2g7AvvD4j%bS2(L~*_HZA4xYjK&!rQ0@f1g~#Dvq(}u{<WMO9{q?b!1zh}
zTt?g-oE`mPc%4Ax?MCBnWH5idbz~b>z`dhKROcB1qqDn!ZHe~J>-|Of>Tg^AtHC!1
zN%j3EKZ4s<Xzi=I`lB4mWm{=la7yNkxpEUD==Q@li31#)cjG*}>+4<wcqkNJ1qxOi
zeGd2${N<STtWH*%=Ij-NZ2H6-$S*FpEg5*Xv14q6zq`@C%=J?zi7$0wBwUv9D$@_K
zf_^q&<0Nk-_887@FW^1<v)#k09mJJA;&+FHJo|C>Vq&$L&idPCXW%Pb2@K+T@iuj(
zclM(;o?rEIoXoP+s+b#>w87)xph1ukd0-@W7~<`S<!4ikUFrD0);C9AnBLqm@Pe>^
z5)`hO#wez>B7Ow?<%zm#H*8+k#0$DxeMfVIP?qcmNCHz8v|^*5eYuO}e{=aeZ&~VE
z>;eW-!TqBSKpgnND_@`CDCR3uz{QS5Jvm!`Fnk~QCBAaj8#2>_@J>KMuHCe(2Y#6C
zB|Q^i+ZmTr#+4`3D|@WpG9ic+#2i)RpGxC59zn6Se#Julq%M{yXyXU7=4-AF#5p!t
zu(>NX=4(AMhnMLbZFcX$bsjUu>WQiTJN(IzK2~%jqEEukGv-ARn8Qg{5W1yi(*1r}
z)IFw=V3l2NyY0k{?7e*^J^tbV9nq5kf6~BN+#g)6>@tUrfj$X%tTZaz7L(Cu^Xk<R
zg~R5~j<y~2+m;B4VJyw_h`ZDVyF*5}oc%e!j^mcabr4()icS7#B-%jib2+6@*t<09
z3VUnpy#dMfZwe81WWnOeIo6$fpp`9c>UWd~dVYu4u6hpl23UmK)r(Ax$nHl|ECcm1
z^;$tf&n?zAhkX|I^NyT$-%-^9{*B5x7p{aN<uA0qZ<9Zgt__h@iY_t6^T}IxwXX2r
zXQoQkQ^m2*4`6XFz~c=o_}#+wgt}*N-_ysJv4aR2fT>8N`YFdQ>g2BT7%nfCtcAEO
zR-b&3mG()GjmS~W@N?@-snK-W;||@S0JYJ-Aj(GyBF-jXUqG4JeipUWY3jvK<(Kz6
z$@mt$muGM``~vL<-4%gct*}gKrg#<QES8;ZDBI?$O0<K6I*7>P@(hPsv7_CCT__E1
zbvis7v$le`-fl%_rKgrjzU?Eifw!5=HePYYb*!a^OjHidrt;WCvN)vRKl5r#uFuvi
z^77tRvD)x$D4MaUB7-g-YUF{&!`*#~CCv{EzqfwxbNBn)W`1xl6p_&3K&obCdTvn+
zl_)E7*OS*tf$P_tc&)Ppmk)GAI3~h0kIUOXTHF^nYm*OvNQX^VShuXecUYVrke6lz
zDO6n~GIajSkzo&dy)elP^5otG>p%HLyPFy;UQ0;XAS@0*f@z20u>nxHPGm2awEzZg
z#*Fi2uK%tx>C_tmgR;at>${WkfL#S{#`hYTKNQo6jcT`3+fI|f8vx<({@GL_LPM|}
zKB>lJ+51GL4O>!uc%M0iB2h^nl5Pdz$iSopspos##G;bcrJmnMwn)Gb_37h>c_KCG
zV~q3Xxu8w^hUI4yZ{t2TpPD%^ofwO;r*-4d3fd`BvrW9s+1J4?=Yc)T81T~~feN02
zSi+_!tGhs?Txw3*<XhiD;<yynyPb5JOp@u<kt8yhuqU}0JnU;IY!gp;Q_iiKH*vl(
zkIf}asDBTC?kCZgNq}1XrsZL`>c*iGbb3yr+O;gE@=4Nr_4eu<vBkmPJVW4iuYtn9
zo2qWCsml%{(LuKyPz}`WXStdTQ)@+tz4SWkaR1U02x2M&6PK8+(5>a+FO+nnagL9o
z-eyj0YBiaOtmuSsY{__6G@H)zvEWGMVd+E)69<@2ldYj3swjB^M$eOk-QS~Fa-lB1
zoiB1o?4e9vf~}j=XK^nxIu&Ye9x30m?6RywXc1tX%F|Ax6bwE+7ntH-kWQ!~wa>uJ
z1rQ4QefqF`_*^+~VW!isv1$3p<L&Q-DURKBeCkd`*<Z`#H@-Ifcd9TIBqSgY1Z*J=
ztjoH(`yPhTx}qV9DquinA{3hqH52scYLtZL<=D%Wi(H(J-QCw`@7LHX?gJjRt~`pn
z;k#YdA;%4Zy#~U=+46Cf){w_9zJ$|WuKbGqE{#*-`J04S5hAOD-0m0);B(1g$$$I$
zvRF2_1(JP<zyHl#D(=>yhVf*iro_}b7a&x829ia-xlLqR#?gt`S>sflE0=w9`(5_9
zkeX1nvMl)UWSO5%;_=_mFQ;_Kk@vE{6);c@<R2dC+iyI72{6+Nt$%rt;7Ux9Bob>H
zLlh>1EfQ4`Lf-yR`tV`3eH-$NR|ol44dE7s%15s00)x%QmTxNEl2JpUFGt?hMeoBy
z71YH9mH+fkj<FrXz$TAA??UKzQ_**`(j!@Yx{cMk*^9cd8an^ny_3HV?dDx7cu?6b
zkoARQOMYarTS$>v0NNvRh~W`YIOXXP(`ORV?~yo^5(?`{2<(weW|S!EkqMI%o9?L@
z?m?O{$Xxa)Xh=%3Df-g&DiP8vDE6vQ$RmAvqg;B`r07(VdsXxmfj`CaJ&NyJ6~#bO
zLuJ5W2H~$BMa`vNg~Q&X--<B=N@!Xof}4-$bZAl(Iy?_eeyT)`L|akxTPuR7Py5L8
zK%2vTTk5D^l5&QweKJ9P_dIOIS$&-f%ouVhMgV021ycYZ7zPYQeDxOj`a)6pg$CMl
z8bl!u5(EG^9F1KDJhzi^jOmxi>Tl1)td#Y+G~6e=aV0*t1-f5=DG(5t%GYqafd~y{
zUI1-V1ftE88rG8w8u==+q#RRQ6E_W80}q&*X5(Q{|Ll<?K{P6$w|0Z6KB`a^kT4R&
z2>^_asBMTWlSpXJ=3tH#zKBj+?BQ2BUO93?Rf;0|_k|#S04(f3SQ<8z8Z$r+0L=cV
zVFC#z4c6KXwS8EdVv*t<K^JY1z=@=q*g_^g3=DXJ7>owX!iJme1}G9h)Bu3ptOoIs
zi4<(BIvo097gM7snNP@1yVM*{K2UEL*Q-zP*-o7%VR#@}BcgJ+O``@qrG}Xv*@KPL
zvue~sC2$W_`gn!nNJVKqK?8SLBQtiRFDlh(9f3f_hLNR_g{AU5LUkR*$Gv}K3fV?8
ztVfd50OmXph5zuZqSlrMh&>O4jS%xK)Lcv+)9%uYhczwJYvPLxubK(^mZPx5K{Fa-
zXY|@Mo?xQp5yN+5`*zxa<zxIk^2-#Ohlk3?hgx>3C@fDjCu02maGb&uMC2*-+;sd(
zWWxHDc3ktAGvR2<x#sWow6)7fC>%|`rv0~9=NvkL1=snxq#m_54554q#Zv##E<+a6
zS2z9dHkSc!85h?IMXobISp4)n2uuwJ&5wKnGd$ft9O)d<ba>Z?QYeeDo$T<MOhJLp
zDknKKwO}Z;@ag@8hh8M?X!7dM<fq>wtPFK*e7HDkAcVLUC%fL3A_$IAeY`ozvpm9^
ztw<iL%^%#T-UYzZCWZU-wt7Rzamy4;^~A6=9x=4>rA*;md;`I_5d%|74BG5#pvt95
zlDns0p!(Gm`Vhpl{E>h_Hj3STT3bnr>u5sk_mtY_Y3OJ?`HVi9`ZpYLv=G*eQS1nX
zQK(FKy{@Q1cI&i;xxupcB#sWmn9^`oBUC(ApIiD7&#1xZ(hTBghVK0Y7w)WevEkq}
zx{<{|)nL~CZrCAw>iPDkwU`i*vRUs~4I0d>K#zetJEcdsw&$pDKmD^7Li`s>sBm%R
zw~o3#cUbklM{IRA&+zf7^pD^M;omih$R4E`Hq+xv^?i>BGV-2&#%TaHwHJOf%9dWI
zulAEXj)*cu30FeW2uU^o^#ljR&IM}D)0!Lm#LPvpPl>{3=z5IKt;Ykr^XS0F7D980
zKMlyeP|uW%KVYGR-R6V%Oj0yWq<lkmi;Uf7zS+_~%{ns5=9_%^)0pnJGGp^Zvy@3u
z_`LTYycfOC(y;LB7#72W=4zx(qs&bj!iOnN3*UvCFefkg3DFG56)x=O&z}|HfaezT
z7veiiu#SwI9z$~V&HC;nlFUC`x&rJ8Bem=cjlPQw1`AP?(ZhEpDFzEZOJ?Ir3(d**
zXsSF@yS_*_A}Y1*2O1mYAJ>agZi>D$%ynxT*osbrCzhADmsfr+uVSsNQLe1BuWX2}
ztVmDqpt_?f%J9U|GYw{+%omc)7Y~9>C;L{$wwHc{n>HO;oTLnwn19OnnIn8&APino
z7hV-eLi`l9JZM-B=`)8yP@A7ufA_8anX%l8W#g(WZ#?B-Y@Qm7SxKp~*vDEu!LmFW
zT}l;QD=M})4pwVnSZ!sPwx!MOV5bu{p(ie3{$-vwSGUmRGrP3BO8#V>Vr+HGe56k)
zy0i?SMrhZ&867g1?-QA0&pyMcwx&(hKv+GbW3`<1wWR;H2%}<MuFJ;DNXowZ+<ddF
zPno*$pu}dyetmla)%9&-n2YxWj>6hoIBQr5_-qaBw-%nY#(ljuL1~WdK1eYEu+VMH
zXl_(6XI)XQ6UCW7KR0^qwGjfFKdIP|<FLEyuql_Q`r&D@m$C*iG{xiJ9MiOI2sS<P
zwHx$7r-#={^e;Z{+>~-yr8mivV%+w-*(62V+*hp1J8T<LttdETY_s5ETYbxCUx0RQ
z9|v1SWZ9`1T21hoJaQl8L@wWN*d;#Luxs4ZxmpXbv5}S7mQ&yMeQ1~OxE=1fy&k@u
zK_iTdvWtja+pn_o>NGR!-&TLUMJKcCMdk2eD?}u?*0$01VG;vL#C=|B{&QWK)n8TS
zWcP+uRSquvcCKSPYs)(g$=0)M(GQ7Dh50wJUmFjJ+FGtyFy8N!DWVaKb<8Wa4BpFC
z8msZuY)|ve_2O0&q?d|J?EkRuE&E2IE%rmMmP2JSsV2}{F&1i#dtTTMLn(Wf_e)1d
z`?FAVKf6#|1Pze`2fFY1oOwxtVU{e7nXHUcPPT(()lPbx6Suol`p#;`6kzoES)kkQ
zhax9}a^u>79b~Kn8rSaWkn`5Eb6&y^@HJjb|4wy@%ZKXKw#FYHEY>q#0JQKQ-TcqD
zq(G&y&k6eVA;AYSjFc}$mp=AaR>`bX-~UKq#OI;f8(DD~zr%K&82d5axLWU!0rj`&
z5qmb`rb(?bPHE>lki!{Nt~uCg?ntzkw|2O^<1%`6w6gPKZFYHr!+n_FVyZeFZg@1q
z|DzPTK~2t<s<SLMnq3}u*m%E@Ox3q^<q{g_)L~&i!r^#Ed~zaof+23fQQ6yeI2lw#
zFNiy<c7*WPE~1Xq7E>*kEY?@A+)sDh&KZwe_&rvLJuj=9v61L2!_$Fj&{XV+4RQ62
zyX$Y6nTppocMkg({XdTHfBdC71^@B{pLnKLOAzWzV<~%;O`}OY*Qs85&9;K)OFThc
z9?2!HiSK>@k50~JJz+Sfq}1+zsg8du9mhXCp-{f}{t$G+=Wx#P@|^Qa%<;g+geR`R
z0GKA%3n=&c*zd{m_mmmuTyXcSmH2{`+8f4so}qBW_WUBk$89fFAE-Si81s%<I48i_
zyX*hKOyVZAdor?fA^YnEBv%{<fLPlfiN&j*1$)wfQM{20m`e8_#B-83c1I<B^dvsZ
z*cYiQt_&x~4+UOq@}0-G>~U0C3(5R6Dh4s!ambzT>>nF-^qt#(_R&8+|JHc8!T3Vt
z*Tv+{p$xU}2*=MNIyA^{&NFA-;IF<o)yCXd+1C;uzYbrgG2fbgzX$xjaYAR>pB)VZ
zTp60Z-mCox6#Mn~r8dErORv>q*OxEdv>z+nJ)h2%S<AXw`c%9gq2*IzaM%}dy8G@j
zo14Be|7WLp$)XcSXgo(}aE$Xy7ma7FFF*KGtoT{J;zSbL3j1#Azg=YPHxujEd;aF?
z&F(O&v<Pi^O-Qx>h4SO<9h+MBaZ`0kROu`E6R{nJNcZun*m$dlSJp4$9G_7BDrJ8K
z6Ma?ghA4Jeb*O&Ma9&_%bHHKv(ro-9qv>{&vH5RDISBVhw&hRr+3g=n&uhQx(W3O{
z_-|EXuP*F&N^*BAD2)Ph{3@=VR|X4hcHXu(*;EFcb^Z#R4Tv828IWqWS^H%@C)ZJU
z`&of9o$+(}9<RX8;F8eqbHxrD=N+TvO?Oun-+zxaZF~tipCAdIgx!4`kKs2=ctqwx
zyM1Fu9FV)a-}~|#Icirk!cX<>pDTk`N$xlC*xN}F4x?}U{l<O9AKkB~(o$({^@w}L
z%9{9CSb0YT&wIGf>VvNx{tS5qJ?6L`$UO)ue@@)_$D}4H?d^4^<o#xi|N1<+u~?)n
z4lWdoL&ocPijWTl04_7G32Ox?j9r)w*Ndeu1WxXK=no@^0kJ42@j9Ke4JC6w`{cTR
zUaW=%P&GrX)^;=jkl*>?{`=kTY`IWugo*y{c#(1nnP{s%mu{X)Hh0y($Y`t*8)!BI
zkf4!To3BZH1ms9`0~XaMrH^-4d`r#VyVbtxzmAu~J?A(2hG%%!Fam$^`IpG#)o>`J
zgx#eQs`{ennB-scw%GI!q%yoX_O}UHpD0l7Nmi|AH_Uokbt^JtcrY`gX|G*OWKiK&
z_B319o=@M!u$!kNgx&4WwPTyx;+31$vzm)N-_`RJ#%JQ^hrD$z-|qpH-BX+o&q`uy
zrIgN71q7&1Eb@}Dmv^T~Tv|(JXF5H8M8vkaxdQjQw67WxA6a?)F2<&R$wm5%DU38}
z%h1=!z>y(>My8bBht`D4I*cg9(TGB={iTg5Y3$oXg$GX}j04_h52O*w$M~~`{mM^W
zeO-0*Brm=Ot9<pTKHk9HqKgXt{H6h>e0JuUxSA7vxL^59{##>b+~sh_XmNW-%MevV
z65$d55?i{#NRCV>8q<^J6<4z9CnfxfGw0PxdR`7vBAq<BZ&0Gl$l&VplCSw}ID6s9
z)3>RGFT9+#3n^`!*5$)EN}a5vP!k+wwB>lVWqBn4#3rl4c~#>Y>pN#<9k*j%r7T~X
zW!}ewXx)_LW2Kc8j7>CGNf(*qVO<nI_cL_gJ@-zvs1gqqG$(bT<Xwh20XLPDxFBCM
z=VZ&bD#h6V{z|M2o*z|R+qB2k^xTiL>n|TKI(9IK4XsC9EPSj<36LWYsDZXY<w$bf
zC0PS9`C@j+Y3_qu1lu<&^!Zz9a@(@{U*AjAs*vc8JSZNtcwAo8xne5(rR(bB-e5#4
z;rRf|q=r{I$&dE>K<(26=g}#XEV6zEx?qvEH|{^(C%h}#c|Y|&ajvZ4l06Wf9l<yI
z+}bm?bm?dHku5ArDl=G2Uic5MUxUJhGv_z2;i|lEBJW17lC^7=T&F=yF21wZC5OJn
z-QR}USFkwUbs?NZD6uVvQb3X5-H(GSRi*I`iCxXtBMsXK`3m8+S6yc2`+sjc^6Q?}
zzxLlF@7K}=3v$s*92d)Ybwlc3M7OAByp(BQI+B_Hw%qysQS0na#@mJ&q33QjpQ<ER
zr8YWO=|!OTta%BN*RI^_Rp%LC%cRrZkE?ZOC>AFBn_+U9FKa(*s&6kt9-Xva{N^tG
zbCqF;ji10AgiT0-+YAf8POmYL44AoPDXY8UI|>f5$@2@aZ&uQD3ypxJ4IVei{_r~W
z`8&mkjkESIGF<n<39^>gMS&Sn9O2%NSHspgx)}PSL;ON>i4r%PUa=DxM}4!zd(-#j
zz#!VWXo?yLy$0ZWK!hP%B(arF1cDg<EvqUMNl$ZWD?0Ao;3OICRM``bYW8TkFcjEP
zr;mqG2V2AuG%<q9A+VtF*5(iEvdnWiX<et-2r0V=ehOqLADM?|GAqLiP6$7)wM`g3
zInx~u@C4~C{6L0xlO3z@kz!I(vYrboKHffxY66MJAG0;)17KrM3nr)eSY;#T2F(MK
zVnQ2=t)CbVSyzxcxVINUXps<VDNyQS20c-Om8#V->4&XzR)PAPK}+3-g57K!;-vE`
z{;?1JNQ^LeKBsEW$5gPjCNPlmxzPvq-tXrRx5SK-+FvCpK@M&?kr3_)G+9F)ws|CW
zoa!iE?Kdn3n^J$fH83qMGw9D@fv7;lXyC@whg;}|k^=WPf#?RXJb+SQ9)iOFG&W)6
zuF9tVc&s-?!VNvKifx6SbLx9E%pZUNYf$zjtzukE2(cM}BE|TWHc4sn-x=sl1+M6`
z|MuZF9G%mn<H!R^A<K!Qo%=Z1Qm_SekXWArdSb{ld2GeG%r?2dxAglGGWP9b%~U)i
zbWeE)D?@>w002M0T)Ea0LWuGVNq5XI4-BsOn9MOhsN47{wS(8;q2xT%&d<7>SaVAO
z2{ex5`bR5q5PoFqm{>6YeT+ntHv<417X+cY<9(7JpgDTp*wlH)=Sc%qTOxbrnqOQ3
zAw!|DV=%dZco$w4Dr7n&uXVPA-_P<Lm>T(#Sp<%zqD?@VP(5l&B;pU4`e<?K-PnFC
zdK~yP33Vfu*U8!}@cQDTCDwEk_#)+b5T5ANPqJnV_R68>9i-CAoZ)2`u{)jVs^1!(
zUNhz>STMq1W{vQLe^u*@W4HpZ&8kIn569SIlpcKpD89Lm|B2uu1K!Q;(dPa&o3nQ>
zDmU?8H`I&W*Exz2ZZW^b{wgW+DN<cyi#_oDpjK*9Vj}N0gy&|^kZ~lX-Yl0(yJh&G
z>QibDy_C@Vd2zEV;fyx~JHqdb2V6NW(x-TLN2+f|js5DgKhy6@T%>>U9lLmcM(D_M
z(lQ?5_bnHv!%mJTV=!Dsq-gp3<`b9n$z;a!Le}6tMazZ$)Z>QOhgJJBFKDNQ?;FbP
zc@LhBw@jDI2vt}HZy3}+9<5FleQO)*LOj(vYti|$`i`m6MOxmfld{Ysm@n_p{^26{
zPt^%zM{?9Ev*>$gj&N;x)tdEJ0nk@NG#0ECO%#Rz?=*H{eXBb5wY0+7iNoOcYof#L
zFkqruK9r@~kqfKD;zFE26W_1z*kN?QRvduGk3fY#Y+omSBi>8n9zu{72)Q5m=l@6x
zos-N}$*W&qmgzj}G*N4`6UY`y#<P_A_HB|!UBre~P++bNd^7gqt8|WS!rS&{R;F|a
zV;-2v4gsc4Ll3{NzAU!HU^62gV~e@(X8l;|lRA-be?wdY<wAiej6ircwU>48&G$JX
zk=Q{KAq^W+-RY1xnmz7cEmP*zj<BtwyE@_@30g=H?Hq<!QRk|Qd}Uh*(KYq`eut~Z
zrNY{Eb>`>2QB@6hI)z|2ae~G5=!@6ek-tC$MOuzcIPr3EyX;%!yf<!o4?$FUC?e?U
z&HU8Lx{$vdHr0fr^n1qO64_v7(yH4Th*UBR17L~eoi9B6as!5S;fv&<oCMO(FeIIx
zwi-b=dapHLjsO-5B5?P8?v2nK2+If=j4=IsE7m7z(UiM>tiJzyojUO5;^Yr?(VII_
z_b<Pro*p>m{=tIZE#qD*0r&e%5HY5|b(qm|IPeJ@iDhMQ8dZhKHQ3e%QCZ@%BPaQ+
zAaRI`v(@9fIjD&e);%fq-I!WDq1B2n;>QgIfh*=Z5kWj_L8yZ6&9ge$hH1{LZPu;9
zZl4eYXkGQ?5e8V@NC8;wNa82?7wG`jz}LTbYt(l+q*UvhUitU|)=wR+)XZkcZq5GG
zV(=sLD5}>F=aD28v{YA5VYdU+R8g;S2i!af8HoFm_VV2?u~GE-U)ikxq%f2B$3g4>
zicid}vpINnz+$lxzQr1>f*=Hei#P~lUs#X7X6EF_!-~!i^~_^-$Uc!mkuF)WR&VU|
zA#rO_(EfZ5CuS^no5bs{dboI8EUIr#zv`{A2wWAAMsKJlSU(7u1vw}~Dghob)}wU`
zDEAzja5x|KeWB=zwL4tZtrwf&zCa+N;FNSth{g7>76}z+ee9QmXM_~#|1J`s%kHq*
z>bMynWXn%Gfc7txu|NoAgbBqJTCf*-)nZsm3gyUF9^YD`ItpR4`EO2DIc^KYUT@0I
z7b5PTh;uU|lQuWXkaCP{DoNRRt|<9VY6U-5QSVKeg-z)VmN!sVsRA}}vJLFpx#!t(
z%iBd-$6L5u$#Z1@URaS%YBsJNQj+SsYK5JeOp#PSTS6I|hFFpA7+ZDZ=JQ}ZaeI4O
zJUc(nVryPB5n-`W-15H@CxX3LU9DJgwqFcCKM7zJ<7P*rm<g#02AtR}h~GbB{Az*S
z54lt6IxK(pjSo6ZS^~g1=9zc8>y#*xQ217GlY48KZabOkEj}9?PKO<SssVy4Th%|C
zTieBsjJlRdPn=Sfz^=g2o!++xJ3TZdF2o#w2)(VEHPi|ds<gw&sOtV_T^}3w(MG<Y
zcY&!hi+KQtDr(2VdfQQKH~)HT0103@TI{wsxKZu6R-3tUIQTK{_$66kM_Rnv-?`N&
z0$6rcxSk^)a|Q<B`RK-g50OWGJ1@UEyp%T!9@??lc@B{&2u<WXLlxLpXq(TnVLo$)
zn0$4@rkN|^xR`wI$Ian7=3pwm6t=+m#)9j$;oj@co#0e+sL{IokWCwE{S^0}Q~ik!
zI*$2)MX`nZ#6>%?1;1k&iU_NWWmnGet?*J<(%azUvX|bDy`($7He7EH_IAQcMUuGq
z$nsmvwstD_xE9!iJGo*q;$ocHW3kDbr7(C&Q0%PD(ASP`YK~znCFx+Nc<0gt6UUbY
z`@!eWze(&Qy*4r(&ByYKOQy1YXXy0c=-msmA&bbJRH`TWuS<?o6tUBg7j+y70lS6r
z2XW4hMYIo+&iB&q9e1B%o*q!5cJ?O^%Vn>e9Pb|tLl3xwc4--$-=l}2yov?HNUSi_
z1s+F<bA@lGQ;C|h3)%i#?DBZ*{VKm4BHpgZh4Qd{va$-UfC$2J{@r(X+)vjlwQ!{0
zRoLKu1ovyXe?;=3AV!$;(cK#7gQBGJ>eL_Ks>+M;9~66A5V9pp3O~r<cR3UJ0hE=R
zn12i*o@@xwA^jQK`9!%fBOH6=Ll+}&H%DbRKW~p%Wsf0Xs=)-k25z>WXPj4L99Lu!
zf2{RBj4*Uw4@a`am9}&9bYPctY`7R=RbtLH*9L|!w@8L%INxK<Tt@X)8Xh(WxVD{F
zL|7btwK-_9;q3QbA=cTq4dxatD4Rq+_!fEaT;@kWMg>kb_fIpv*$lGx(wNaWsN4bX
z<neAgF<)!yk1;B~2^-f;zZ_g0WIM}`#nB&Bh7M&Jj%6j4(>wPr4d?NfW>tAPN#a5@
zC?~)-?tvfn$EsAmT9e9_g9C5>y?HW5tmLB7)JpxI6Q()5vJOS&sozJ$zOD`t&R$l1
z#&;HSO1DY2j1b-luXbyzu6iq9J>mX5acl)Y=z-URDvgq|9UC^yPh8*RKb9M6uO?N`
zrt#AfxxzG2q%p-h?!5EMC8{RwTD1h!0R<k!gZefCOpmMZH{4FOsvdZa{wyLs=bx-_
zP7i&2A~$<{7`}Je?Y2L7MBQJ=<XvJXv+a(Jdv$;}&GCGt`fw!)hJl@u=b!95%tHiO
ze;2SGj;#=23Ib>Js3$z`I3n*YSoLRFl@2^wQ733!x0$>9*x}UU-P`a~K2M0G;N?HZ
z`0Al))<voB`O`hdGlNrc%+|Df+v8RM_se&@-%5DOqcec}`kp=h!&7{LIs$dU!6AX$
z+AjH#Q^VSEGp!QTLcV@R>7xJvy+5bs9A)sS!;~rk^4z*_N+>HY9=fJFx}F)zIllKJ
z*!Qnl{>rdZE8FM(@d&^cG{icCKQBJ#j{lIPcu*k3(zJv>m)axtiB(pZP5Bd>wr~%&
zLDyqppaEp+FGn?ScHCJ+EzIX(!iIBk4EL%=gS`+n!u8_w;9hR1Ba&s@yElrLu<!{z
z0C0XkWt80~_E^^)!&W<}BPkR<jS%GFe8|mrKmTz|@nngMPx)bw<}shgSAI+PRy%j<
zzn=sjvXitGQU6L3(taS!bHNQkLfY#d*F2Q`I|Xh)1%2`)P`~Jo0w_*Wj#tizrubx6
zYaE`~i$7lzzi_%fsFJ7`2H2?C1w<4cH7Lkl$}1eoYgmqn*=~qAZwcGfbsoJs6W(zU
z@^Y?Gd0C4hdy#WmS5MUdFkMPWrjKfA@R~NHJBX~0J|uR>xM>RhH1s+tI7G%*sQndE
zZ@NtKI%)v1^T=~)e#q90Un6YhQ<hB_yt-V<yX?5F(*vFBl%6DQFGB4w+^sc5w-vu{
zxogMVvt&FWY99K^lwx|m$su*S8DlAT#A83Q1X9JGu0_umh!td6_`F>>*o>|+`N34m
z=%RcfV)pf?wz8Yfb5Zl}qI9GJ!{Cb9Xk(@Nb<5JK*4xUKfJ0n&5gYZNrUHITMxTf9
zeN*K%Efzn2z#QhL8e6)EY3_1YziwRE5W{1<a%}sooOv}h^m+WV-$-177pHCwYzmP%
z`Rw6_L)-quf}eZa17bDM@xi6^^L#AGFGhk#Ud7xux+Ftcy8H0D9|!?FZ86_kV@PB<
zh0G)0K);|;x5*t#<NIB$K;f6U=O;<^+%;G0OWNOKs@t#C>tKnsVaG4pjj`AEaHD<4
z<3#7V`4{+q9@2oeUmMDtyhQxGe<b(e!mcn5MJ@O*;#m3P(%CTb^RO>d6N6pGjK?iH
zkl|a@S?&HK*LT<9H942qK@&7z%<zQ5zpe64#Rc_iJnFB@S+ow%7h~|mLEyNEBe__F
zccstwM>kzHanGCRwR{bxhJJ!>Yzbc3y_|@odv#gHZ5hVDYNS@NGjCbFuJq=4A_spP
z_Q(6l2X@E)C_ft@S|XCJ#VgZexJb+5<)CbezXh;B*8Gy9n?Jj>{KuG&-iKu@sU73<
zo2XC4Sm4_?ZC82k+@otWhLdz=xo<-rwidqIPGQ<AemNKMOZeor-sGVC<#PtFdeVHJ
z$7Fb|nFMF$mQe+wfK{CR(VgKf?tw&&Q)>=wslX3w#oLCr5Z^pj!Bws3Xr`N$N-?q<
z5*mm}maK=dsXs+0P}1|b{)N`xYIgD8{v^w-@4)_FYyxqMn_qpX`I0fw6xv1<!4~#D
z&{tBZ^~DXZdlS(+Z!`B7ue#fELvGK6$9)o-%2t0zw@HM&nerZ=dWOR;U1R;!;$;bW
zP}F&|7ZqniU~SbSF(AH0%ju`#ZflVbEwl_%@iGXKgi7i!7<lBA?A<E!Yh56htLMYP
zaJ+z_!yhGU47Om!=)*O_FciLzb2dj~+wiStqtzqwy$J%3NjkE=nx^vL&tS3OoBY**
z1F4w{anB5IM#DRtk9R>#^+6gfLEkeU<A0$&59gV$=j&IMetpv3^&Ov@=g*rz*R$_D
zmLG9`i>H7ZA#nxoR;X796*1t*Qnr%7aU493*5dV^V70FwUVN_KJ7H_zFu}6JY%0H=
z*Ob9p<4Ejl{Y!>75h|kc@%Oq1+i`sF{##V&$NQeT&L7X1c5*F{h3`stWzK69v3N1q
zp6w@Jmhc<y_duN=v<;3HJ9jNVFLC}A;y@B$EY>Szj_rYgFZZV}D5lf`4V>A2HGNSv
zVnkLVm{C@8p*W-*`ppT}3U9GA74tAQ-M~9)A&2SaL|f%}Cb<X-i6lGK7<_;ihKE6_
ze*nO}$rA4!?ldzWdF}M#p-Q!KWqm*SNKl{#umFlQ{nlhBy;AM`Cn=9poDDucs}l~+
z>;4)|K++XKDQOtiO9)5U8MLLksU~wP;Irc=yPLPYJo}a+IgOl5P=4P?DV64F-Sd`|
z(=dy)8$v+A62u^xE^I_D7Q^efX65yKoOQK&Yw?kX(^Tox@g?<Xu5aTt)?ZVlGp}56
z;Jm<`Rga?mYKqb!?mDYNX!Peq9%6=<A|un|`N~Z#xAs3UgLTipcV<goL5YN~=U@{3
z9v655b4GILkPv*Qwy)!@^lZMn-_CX)X?7G_CZM(nbTA-1-U&9`&Uy?EzI^REm~<@j
zFofaGZ~y=ZQvFd6Arh|9o$-fL+P$PdX{%&^Jl1&HM`_$p6@twOL4=<9HRm<qV!_tI
zWGuMWkQ`o}HT0$lFIf?Zbb&izPMYhtLC*Xb-Ju8NmEVSVO6hxgJ9R|94GVM;KCHm&
z)Wd)YUM(O;apzp8Mjr()At5<bwa9R6ZWZK+w5a?i*84_6{RufdzUc`CQt9b0@xa#9
zq%w1?2wIh{Z2FtJ(C9<ZHOtYob{wFoKmAmdZ$`h9>Sx)cma*H+%rk4Ei>X+7>6uwm
zFKN-4IK$YP@0MsHL!)trnX*~4L`}o_omTqU`RDnuh9(obWNz~=b$x!%;sUZ~?-o6}
zh`vubrw`9Ay>MIhD|GL3`@Z~gov3y$CQj-5O5jsBv6bMPqwlM|JAGvqL3mG|na9rE
zJzEc_ai1$f3D7pLMb$`)7ltv68EwW=M$EB9Js_5N_D-lfZS(z8En|~-9Kd+%gC_e8
z%X@?B`JK$K;RHnzb%*o2xoBb&M-I^m>fORbtp)Ye_!8s&()_r`k|kb#CI=tu#%P5q
zJQ_`Y)N~OCa#y=unH<(nYW-&Y<RWHz)U+;>>6Wq_w|LxEm?OE}dUm{clJWCN`pFkO
zf%bKbHsjK1AI)28uQ*B%v-81c9KU`HJQz27Vac=#zZjJxxtkmly*Im@dYUUh#ty(8
zmw$e@jyJ!WcdA*wTJ#z>|F!(;Lw4y8T@s7y$+!F~*PDsjE6>;7daT^A2<@5Q?w8lB
z-2Qm=b?xS;<z(geNf(LbpR+-M)jt=L+Lm`e=RH>Meyzt_-rwxktls}V8@K#>cXP7(
z_b&*J1Q92oute5Cq-jVj{sc6U&l-doE{CU;5JK6oh9#6HN93Lm%5b@cBM0v`#DW5n
zf9L+L0Wh^Es!sqA2mnC;UcldbKn)*XL03smUt9Mv!pIO|Xz%^P$-^D-kY7m98iCNY
z_j`;G5*84a5Rec-AfEbKyE^&2LP#SXiSi=!+&nyd9G%>s|63Qt|GNk%0JzxLIM`UY
zI5;?Xc)0k46hwps1cWqX<Rlafv`mZ)wDj}{HhxY73ok1@J=dcLyn;d^A|gzj64K(r
zQv44^g#V)igolSmNI(cDB7zGu(=!YIf5u-7K#B{*13?fF3jihsK}bP=djY0@oUuUv
z1>pY#2n>N@VdLQ9;S>B5_zVNUAP58ug<xSpq5rl9|Jx2gNwLV7h2*fwpIYOvcu@$W
z6Z3Id<?FgAbtg~R9@=<^;NeqI!)a*QIXJl<aEpkFJrb9Ate~j$L|H{uO;6vz@R^aZ
ziLITz!*fR`=NCS{elPuB1%!r$N4$-UicWf;oRaz>Ej^>4u&B7Cw5+`1Q+>nd#-`?$
z*6yC(zW%QRgG1k@re|iq&&@BaZ~P06cXs#o56;dnE`MJAy1u#n4=)e^0sT+>zw#pe
z#|sRFLZCSR;ROP}{Eq-B6pL91n@sL0j<pv#i!d6OLOwCSt_zR#q3$WAjrSxz6`RO9
z``Le}{TH+U9<h-BU(Eh5V*fX<1%MC&`ZstGQa~2?74$tJ$nrW|>;vZ?)&Tuc%3(y(
z!G?sOEl!aweTXt=DVA6EQoyq)-+>^}_2DBMAL7)>EoQg2rR<89T^bu~ua!=z8DI5L
z+ou_~w=Yw7{FcteUdi;-9^xPcaVSaQNlQM!Z~W@gKzH}h+$x3dOq*&X!*O1Q%p<=u
zr6r1f#8)AXp1JbU{!!EDH0h_leo4i431KaWkbTQWn1Ct)uKtu`APLIY4c`@0@>+eF
zGnRlk3A#9WTbd;%o`yJLZRv+ntt_D+R2yBS)Ik5KU#`H&;N}jTQ2dz0mq&xJ0TE+U
zBL4{WCUR5e^Jk9&V|5p)&7%<UP4&0$SzW!z(q&(~kD`XKw(K5Hi3*UYJ}0_db)s{7
zYKK4gIZdQMlp!E7wg2%0X+c%b2c{A-ZXeOj-Vax&4ZI#i4uTG3d{2J<1(>=El9V4%
zexnzrXWG|lm2p(vlx_kY-TUVOD{eZg%eze9+GL^EW0piNUdwpPeDJVVjV&pwi^OHr
zAWpUao{CJsZcNRxbw(XwxZUDBnrZAE`f8}Pm8bt;uZMeR9%@_dR2)CsKE4(oWodGn
zoS}a>Dw8yXj?+HQ<d6w|GHd1o@CBH1jmw!CkjGRyF=#<H;|h2?=~dnJJUd&XS7n#`
z?Qt$5N%}jjIdgFSjTFvR#FzQ}y#+tn@7nBRUMr#me}T`MLDx$m5`DgfLU@?1P1ehg
z7kjrUweQDkb2yaPQ}wx?0d-J%`f%uGwZy(Yuv^~eUOblVy?ONP<p&vkM*{<~a+P(-
zr^!Av`kI*2{IsnsY^<7Vr7GLb_QuR!TJKC_*2u#|yu>I2x6Eugd?WfKY|24acf3*~
zM@HW-i|q>RRqb`03oH>he!GLbnQyf_m<MsN$<G^~@kgi|Kd%oN?wT5WDf(^^U{5m4
zv8C&uDxj1V^i+YMYd4|pREig7^CrV2;Z+7A@f@a6obj2toI|mRzd%{(tV8_bZ_<Q%
zbcAC&a$+`AkN-Sn8A})$VEvR_uSVgD|FvF-m6KjToD<x4R1+bya^zOCGVCInIZ`(a
zp{8au)aCRPeB)0+MhzEV?qYRV_IR{n(uC@rT2dt%Vc}8aufuVWeB;xzvxIU3sVFT~
zKf)QG{^>cJ`a#HFY-ntGPLnXoy*gaKH(Z@UGP&Jd>s<Q;HTLag-b0@|*`Coi?)Cnm
z!=R!I_oUe;`rXz2Pn*1kQ>8%*?MEDqtly4&8Ccc}&XO%1)r~j;C3nTn>Q(wy*d1Q9
z7uv@U5B6hg3V;9o!sxs2;4_6!Z7mMX83(gQJ<?xJXqJ<O2IxBFl}7}z<+!!7m-}XB
z3mJOf5Mh4nsJg9(%n2u}GK(+N!Cr;9ZrN4tUL%)!9s1Vjx)(J30#b9!vW<y*KPPnd
z!^LgmKWrl|LKAx6x-%o@bIXnk#r+?G$(6hyDgKMs+UJNEm@?E`T%w9+ag|`u$DQTd
z^EhH-x2<M=yx;PTkKAz>b$rHK&l2n;8$XC8iYREg1bb*l+nhYF5N7Ka5U|F|qyto@
zcD@eDr*Q7z6Rs68iLK0!?;<@`LZpdg_WG^{M+mqv^fxw!gp05GH-N#fd6eKB)vG+^
z;y*;weII&78r^y=7l#4h5`p)KshdTX_ST^FEO)5$;pteFSonsytS&lDy5V5gssEX*
z;4S6AAD4aR;7#0QHd^0I#2Q^@;{}OqUpT95)NMxk)2nP(@u9EOzm-%N-;g}%ur&=?
zJrxjOx+QpRu-@4r&GTK>5zn~Y!=Cuf%e!p4c#WH+-P>o0@89S4m&uck;hmUxxjag}
z5^$ko>7Qtzfe?~rzNj&yPmo}hBDAR|srwV`w0rE8W&0U$RNo*nF&%dK(lkujS8E?(
z8YI6*lOBl$hz~!SpeH2eCNFnpvdft`pmtc;{xy!5eWf;!!`sqBj~={aOwohdG>QBL
z2+a<}t}cp?bIG*W7M?dRP?QM6H=TWtmEoK~If9mvKDRfA{Y>d|cvGZDL1&AwN)y@2
za1R^b1sR^iT-%H9I1Jp&s}Vm(Wfu0|G!YQ7Pk+T~sIO-gu3QVlrxhCWmjAQ2-0%GT
zZ9CHj9SPZ@YT-d6?7&m9(j)36>y4{lvi~QVM0*U+Ux0UsUJw}LlX~V++{5;GTCk5X
zm*`KW?E<B+-+BnyuIq!WwPp)Qfjcm!uKRiVlF!8DRn78l=Ey~kMB0gsg#?80&rS4;
zY4RURrSGKV?6)dSD!1gnrS%r6HjOZ~|6V(tA7sGWrP-<0E^wiZ_{<)@d^_mn5`3i`
z7=@?kmtr$uoBQEqlU$a5z^~BH=J?CU$Gt2|b)>EJuP?A9DY3N2#I1^~w(M-;b;!p1
zGnR9bd~zGuQswOR;}oG~3EQWeM1xxw(<Exel?PuIsZ!IYD&1)3r9NFHQatpzDcU-I
z5uzSA>jFtwDJY^x&L2F8tR9gY3qY%2Q^%#3B&pIcJQ)3!01iH>G5M9L9ci-tGo@qr
zE=HBt`Q#H-|Az3JchlcP1xzjl@LO6YY~<Q}h$rjDb+t~mx~qx1Ij+A4{CY#?VeN%>
zqSq;Tb)(_JA^XVrBJ0@%6ReZ?hXv<Z_;FM5s?&yKM|eTYa|Ifs8FB8aHpv$Y&2+0F
zD-w+@js@Qe+LZQ1sJ*Z}O0M*7(7F%Dg|0LF9>(mJ1{_x3lluTaK)}Cm42`*bjK!LT
z8x$pmj}RguoPY$|Z(^5>=oJ<7-a3Z;rkJ?wugk7mZ{8y*2JpW!Jdnnv^tRJ~+ERG)
z%;WTV=`R)N-J2c?WqLf<u^|q>_n|wS12_zj=Se;9<J(rH0GPR%9F59uA~jKW3xv4X
zw6r3rbef*FrU@EDa#q!H*{dyBT(bWH3>Uv!*~Uty%w_)-)TY9=b{a-W^+6M59?4uE
z{fbG)F+ut55GtPn?KL?}pWum~CFxB8NgHOxkvB*V!4*eLH?f!A{fV(KWNT|;kFO4#
z9ci^$d?$RxeRTr;cJr-qHc?@dUGaJo4rgVq4@FH+y16lCQxtGbHuCQEJ+rNb3k_>|
zdzWs1WwVW0L)*ga3w~i|jlO&S3sV)$vGUESG+N!h*`~lKRd^}<3GWvk(q&b)v)Z_a
zsvn(BP3G$&A#GTuE)Nh4r9jj2a$?pSBH+c3A6m9rDt6ZAy+=8ja<W6!i;gD6I~PP@
zi#qo2_%S#$wOkM>U&?aZDhsCsxLbDjLl4Op-+?y>o&s6iKi**x6BvoFj~f31f4r-|
zp1$m3_uhAiT{c-GlSL^1(0>ov>u|n3U@+BcjL@Thh$l4z$EwvK4v4Fonypa?aAznC
zm$TDPC?0n8qT3{@$3p!DjAT4Zee43itvWrmTsGCZ(1;+K(_ef$CN2T}37jgc`S?A1
zx~%$Ox|$>U$qtR7U|lr{u7N@8W-8~G^(?)%7R`^2@>65C5d#C!N^y2QJfFzZuEb=_
zdx*w}LA(#UM9*f+y`GDe2J`1sG3HFQG(K5R;?3n{)Moa4oLgQ~?K?_$|A4`HtanM(
z%j>!Dljqqxk_*Dv1a+7(@qJ6qeO12MLMbmxRVPv+-neKZYmn;^)Q9HJc$FU8Ah`<h
zb`o+PDriHpD?iNAZ8Na&(#{P>qW?`o_1AmS4wcNPBc>-a0C%TFpYk}H5CD*HO1#K<
zE4~qPtF${vm_yd)WD8Zf3LNlA4yWf4Sm}~h?H7KSk-{eVP?+JRZj-7mK@B@chQyXi
zp`z~oFD(E9;f%}4`=(j7x-{}_Ns3(Mcx;@nLBps~S;As5lQFvv9UCQLn#--vh&wwg
zzn=0J2t4PXJl`DZqH7s9Z>AYDO5A&x6>;j<39}Ey-Fj{vhaFT~*s|PkwYGNr5<)5}
z*<27JzNG|{KkZjkZD!r|PVHBb%q$ll?0<08T6L)F5p57VD;Pc5UxB3aA7G5e`LbzF
zZ(_1I-~IfQszvns2q$5EKgt!uCBMb6Duyfm)sQHxBj4$zp5;;Fb+DwCH>rIycl6R)
zqHsd6gm{<xZ+vPw2T!+`4^=yc>LFR}&U1ghGH9A5?F9aQll{vs4uIt5!T0Z6CVXWf
zKOTF5cZRzrS^6lfm_*gqvg~VxzoJapvWQ<vU}n}@rY-|nWv_7F^P<=?ymQ68(f2mJ
zR_Nx?5Nx$muLN_fbamCKzrZWFINL46oNxMjs#rNuCD%@H-!LSh5Fm{Y?l~>vL!2k3
zr`zHe)i;5jb!w8XD0z9;sf4-~+r%NaQU(F?e&UDwgMao)aU_gdL~)mn`GPzu)t~eJ
z@?KEq9X-eJErS7K&zE3TacOO)6!WGt{w7}2Kaq1}o=6*^!xy7=#s|Mr-?@|;J;b?q
zGaIHm^_)3i7b11BkItA)8t*4wZEMJM+yrm&lazqOZ~gWyN@prN_Sw8EvQx$)Ha9vW
z5_wG7KDEgDqA~QpkoPIMug>IOw#K?v+LNM_6s>2UNPkkRrN6T1**Dhlf8EVci8iw3
z8G9X3U6Siw(PqmKu+iRDUq8>kLmkx~xS{$-vRo?aN`(#8yRKpdeLIY$h0zbe+-*jm
zpWvI&y=&XI$2r^}ht#^229?@eESB%$(36{=^bz!ZI=!Uwij99Iqh0s}MaA@MO7RW;
zcDsZ~!k&BTo>BYAF)2g_FB}(NZb_`gJq%nZbD%jFrNn9H^3Jh1?n->y-!6$gnRl6-
zTk9p^?<=NpGN%U>a=s!>kC;P0_b68RRQe^yd_^~}1&zkr-cO8D%(ykRs=G!TO5`UN
zvWwj~)1^q@un)o)L%(WR#qDa(um(1lw1gmrWc;5XRh|y4Uxd^_ev1F9ObS+OnKkLG
zXlx>qNNikO`~;@{z~^o+bA9(q`U~lYqTBUGIz#z4brWkWNgjk`$6F*fd#rzf=Q8t^
z{#C9Gb3Y>;W>}0JeBqAtHx{1Up)tE9#L|+)&LfRt7iMxo9nsA8uRI{kvGFHVe!+R0
zUlu5ym+H+;)tc=IY|SvwT%Omb9VTuYfAKG?IS&e@_sY7gpnC7zEdjI}bo{3ARqD`Z
zJMz=Z#$eqf>`H%6?9+=_S=lg`*%w&O|9rl-!FnO`w1I7Hv;2wF6}ZB<&s`K!sq{)H
z;)=_aQmOS%vyr~g%`H>%Cd1w*hWUvDT@%w@_l4~fJQa7N#nw+kHgl3U;}5b>a+?_!
zvXM$|$CqvJ#3XUvnGivmC$3ve7T}BiV61@R>Z~twetrvf1d>Wl=ju|9y(w`TWW)xZ
zet&^gMJkCJ_Up_J8N`7j28cii4SY?0TP=MsyESZUa;zU{&@@ct`|SBRrxg0`jeuJB
zvYY$UR3#^9v|^lJ*p|0nTqw=H@qN&zf@AL|IIlZXEDkhlMFI_CR=GH39}GyqrE->b
zL;S~Z%c{+z-nV?GG>9e`4puvNNx*MPE?{SPVyM}h^P(U770nM5!!P82R7(`D^z7*u
z#YtL};r)QUIAafF@jK&~HCD<e_nuc)*@Z3iyW$5<!@=NV9X-T3t(C;BP4dCeZQBPp
zkDv5ggTUnXhu>q<Hy5P(nIz0=^}f(>Yk9r@F5N}Rf3jSy4gYy>(DH(4X+j;E^p(9m
z|Gle(GWU}$Aqny2R7D9%_}aFXZi~6ew-c4d92aBuR{dcJVrjzKAU-4e$)nIgZX7dr
zaD9yH-IRf-o3`lnXQBJq+EBkOsu252tRi1muYKCr2Dt^rt&T!%vMFqJL&ihf{;8r{
zaiLH@={s!icGC*y$Bp^W+vG%5f%z0$f5kvG4?p<%^}*LNoY~52Kfe!(9iOSX*WTWs
ziGI<jE{G+(Nc$r86I`uYTps!|Wpr>mM|C-9z=NPo_~T(hf!k~FqY><l4jgzztLspP
z;;Pe>ZFtzjfr;2XtvTHNHk5wi)N1tu(xc)w-Lqlx_Tkj^Ut&A#Ui~0}xI3I;K2+yB
z<qomd=ux&~qDFqP_%B1KE!*vJcO`k6CSNb7R~}eX^SKXoBUX;B>a+MKz4r>^R<t+U
z=Jc-uK3C`4d-+@uXa2-3vA&A=v%`@);q#l<mg(sELUBuAivVi~%`-bcT^h76#%h%#
zxCO!V;z$eqnYHMEo9*3^X`Z0<CgBUVp+CFTvym@W(PNIyhYwZSKQ~YDn)4PIRr9kA
zwO4NAHC<>+3`(Tmw^RgZUTTSaw03f=h4Z^7uzndj6C?<+%pncfEo~{g*f40<{pGer
z^R7;PE*U<(9#1l1_x$uD6}fZcuWw?7Wn1kpKC!MA)-pZs7BpW5b&b1!(IH-$ad&rH
z=bv2I7dzaBZLxi0O_f_NlGMo}yxgSRk)`wrZ=5;u72kf9bg*pu@Nu}XDgf&QIO9|3
zrgq`g3uEiDpV=NB=xUtdZaOAYbE&?B@S%h=lQ-GiMRDT!-W#6UeHUvaaC0lx21j|S
zCK|zwUy=^qxLw?zI5%)KNcjo;bPPmcJH1EQqs2nh?Z|V4-rq3Fp5#dGEQj%U`PdAC
z1c^yFv-EGbp7xZRC=pugD<lAa0mtZ%Rgq1)ZDw`PTuSjP<p^^3r!GJ4f80;(joPkH
z$fGjq$NMVnLVPRcpMv>a^!|FyfbeKjRE(g0|Az<D^-Hzzf~jhOpT<zDdQ*8nudEzE
zX^<_;R^rx>?Jq#i-|H1Cpk7<6Ks>kAnmJ+zDcBJ7n($Pq;mb6Ma3WK!(Wrtm6Oi@E
z(W7%OMh$64TWfpA<GS>is<oVhk0Te(sQVX^4sw_u*~^ceLA=5ZuoaS2@PRGTlOOMs
z-2Ju2Uq=P9((_(GcT23nx?0-5)bV$G@j55{&#OHHAm1VATl~2RDNT>!`FA`Y#Zs9h
ziiMx73a7?f-vpi|PWx6kou`|>U|{Gmk1A-6>3abzAZ6Q0*XehE4-Y8JF+ScY7oQq|
z&7CyA9bySe_yiUsQ#Saj@LiNWX2D>4T6h08V*b~Yf0uyVEw32Q(tKI2wdX&c*+=+H
z^Vud1I$&8x>ss&bFxz3F2D_62vV1FNw}l!@#^_?@43F0u5-}}e1HkYx{BHgJcD5wN
z+Ub?lJIc*62iTtpbVKFG7g;BlR$r=gv%=eA-+bECon-qIk_1T+vhrMM`8l@oXR1=v
zqi)oR&CpYst)^p9*wb@BZM*sAsiYp*MWEJV-c;Dk44S1)n_FKd@t*8*DFBO=erj7C
zx9Ib9$s^4cyIP|eeK33YcP|O?b@*A1mqA{ei#d;iIv+owwj?z^y9bxsf(rY&xQzry
z1E0m!#-nhbv{|mL@C`k;7Ih{Op<%EvwoK-D6+~b^^)yqx?VZarmz0k4tg$YPqfS3A
z0Elyz$@>4c={V|J>cpPSHEO%yRLLh(q?de><JKt7#I@JUox3qkQ)OgOFj;MJzd^@E
zcC5PnlDncJfS$N$w^Z+Iz<QAKMhA;J&oa-GkXK5pA9hzX78P6(vE?y;0o<*%)5mKD
z%n#GQsXQ+3{|bFbl-bN?cQt-9s$NC!A~y1+$1Ug0s`F@w&IeDiZ+<G(Uf&%hWb;J%
zeh#)zr*x+fcr?7o-Qc{PYHVV;HF6vJ3ls=0XSx0ON$Kl4QdjuKy8AD{1zLG2zZ87<
z0Fu*j`%^S|B&Z{OOf7!;nF4VKFHD&Xlcq?J^fim{`DOkx!Za)65~qXfc1o@or-{;r
zaW}rZaC}PSif!|Yb9^TkD3J7Kr)J?tMsbv7z2#W`>w^zVg?q$GI$vdyr=}L(tD-xl
zoHnq$zv?WhY&DQF?R<6&k~@PV3y!5;{soldbHBB?U*^U4f8aipaqwk2tqszwEjZxL
zyFj~<-n$qq_OGxd`emCKFkOz4%3i{Fa-n|348dI6@m4$b!?E(`S9<KrOTS3&_KW%7
z2y4QKzHvdaepO($UZ)fm5iMi^mxKG46)FnWwQ;)V?$DA)*0r+Z6dU>Ow3G(FGn<Hi
z+R720EuCeBNe5@-ZWsDTO-{Jtf|yQesR~`>!)jB6&c3F7xurB-@b*+;sC6DIc1^^@
zz&_$lkY?S^7CqKeg*(pWS|Gbhhcw6k&i|)OfrPakxC->^zkY)F`#;;?zyIUyU;7*Q
zzwy8EzcLyc8ag^U8af&R1A&#572v<V+}YV#*;#RRc7E~Vh4Tw%00{iAG6nzf1pxOR
zAo*{VDe%F~+X4mrx5^YePlbAVGfJ20<f_H0`BuzS7}YqB4*7okUTyUynn>NRa{iO!
zc!lP$U)5rx=ju?b`pfF&R{xWO(cxbQ-`-!|<NbHa6lleqpXha6V;5Ptk)RH~mn;82
z$`o{KYvSCO(qaxkmoZ-&l>yAj?nI$_u2x5@?+=pnB#JC^Pp9{#fA7~>CmxHw0Io*H
zU%c+<`2Fj2b2vBtH%2=6*Tv@Q8xoM-9dN$O^b$lRz9!p+ezXK!(NEBVAf(9gSK%~v
zX~@4;WoZ#_DJjw;;NH0DkxY!I@ThnBMjKY#-*z|N3HBT1%Lw1R1Y*^<jmXq+R*YB!
zSA{754<1*`;<k1GfI~~|{bO(?argI)CX<OZnV2)NZBK05ww)a(6Pr7>ZR|J`+qP|M
z=UmtQf1Xq4)Zy!M?p2MduIg9at9$*{ch&ck1AvVm#(=n2)Xa~Fh*;T6k~POMOHz^M
z){3IFA0Y#3D|7ttQ2RMl9Bm4;I<k9;G27=KJ#AZ1;coyDL8x4EO$WjwfPN=DA<b-f
zR_o!Eq^VR$Du(@ampVy_h<zbXF=RO-508lj92KXTN2bRyuZEk*xX#U!#%!mIk;dC0
zaHCoy)kx^OfFXY0DC9*UyqSel5z$Z;BxiV5*0u$W=GXKfbQIUfpm<j$_X><%)c3O3
z6c<lxTUFJq=vP*Uty!O4w%!-RFJ+8ci5+KOL}VU=9KUgw<^+{f<U4);?fAQzjzs3P
z$>^%%pyopy@1~awM#iym>4^5GyNk%Sx(}vQ^P+zi=A!l=5+mZ(5P`-pwQLS>T)C{U
zrm0Zcvt%vV5N-mU_?wurSkAvM?Ty-@=AT|=JwG(6T&6K#^=PLtEeOhIp^kOPYr5pK
z9BX(PZH$IhH8wNbbrZ(zRgZ_Xjx!Z^Ul|O8Qe5?`9vPr*rr2N+*&Emz>DgwWW$d13
zx$tEkz#C%Eglx^olyo=$WVW-L7Q-p+*M}KH2r5QPoh7U@OClpHtSTcZ9r8XQ{`3l-
z)MI<B&o0roHu&4fw(eH$^SABTLtQe>&2eCH&DD1ZcyC2MUv-%8wR5K|9ks|91{vVT
z?W|A@{^zyL`?{|<@sc>*9jx2FpsQa>t$BOeQ0aU=k!wV`d=AcC>6$xV*00{0c2~H(
zepucnEB{w|(3VM=x^a5AGrDol=RxGn1Z(i*GW{{LQ1+eYCXhODUSov4##M^R=IW<>
zCslCHK~reJ!e2wzEb?sV$eZ9N-heLkk$+e$#UV_(M(xHpA`le_?32W@iJ}%{7;iUW
z;6F$tMlTWrBtPqI#TODh(pvL=kSK;LMi*d|Qf2(Ej*irvD8Op<Oy`57pf*G*#2J<x
zV#&CTwv;WzTOJw8HAI2@3@9YnmmKC^tB>{UEF`)g8Rmbhj|=!H{0${FB81lvAI?`q
zf<8JT#?z1x?^8rZDm5yl-H@2pSwz7)Ix6SI5-W!m>z^n&rkrt?TqavgqcJ+B-hP)-
z7hOzeAvLbOb_Z;mC}!}$9ruPfiaD-;RSkZ{FrMm98zCrRi2_ZSaImINM3=A@!%tdi
zH)gE(lyH=TCT-kVGdGY*IS1jVoH81-PCiO_MnO|9Ev(rW(WShH@Y8^`#+(<hPpQBu
zXxjUUHTPpdf(r8>7l8AS2Pao1j6F6J%JY!_Bc@E0QhGL0`=J15vP_(FY&O>Gq3}0y
zxuk^jTw(@Wes_~`NARe!Max4mLkzX71<icM+(QY+B(=Op#eB})L#Y5Vjba$hLc!0+
zGI2Q?<<yFW5|+nu`4}42QkumI<;RLCj52J6L)pIw^Odll)*8b!OAVoqRfcl3TC?ry
z%^8c;w!Stx$280BLyt9%leBub?HXNci?u$VHU_Y?EB|1g>H_5GjL<qX2l1BbqkU~n
zC}~&6#Ge}C<!q(ZmKglJmU45UsVpUE*XF?YP5EN<R%$kD3+?XBwRT{7TMOFtwT7pb
z`awH&*oxAioQKw4<Qm5?nT<WX=e7~K8s}7-*~xF{W#s8rQdM}1CqypPk7*3*9u<1|
z?j9Wr(2Snd?{n9otz`#;HGn~H{j9{+E*`yWuif#jx4Gx;e+x9|h&1XX=Gao^%{9hu
z!K<fUY8{)HjwZ;Rn$U<#y}(IZ4O{}FG2<sap0{gl!U>IU7QlaSFgIBwvb%^HFV*D0
zIy3GGBh1W~L5A4+5VH@BW0)DijV6XWOJ3tr+0<N~mXd5)d{b9<&K$ub=6FcM^^FGB
z5fOpv*rco}5)tyT^5%x5lnFD^sJ1kTs|Nc_x+D5b^_~LJIj}G;U#SOSavza6RpxG1
zAtz~sKTI}5;AtlY?=x<{HOxcCHQzDMG53tql1n}^y(Kp*&y=0Geg3A8rC=jy&b@`L
z0RGZQ>^XfpPu-;e_tH`}Y;D$`;W1xj^Hk0TZ?Sxetx_+>>S#^7jYB=f-|}rsz~*K7
z-pr~FeZo}exqamnnyKE%dea0^XJA^qr771}&n&8KmAIybwf=I;7?E{#{fWcR+soF*
z=6#ui@Ts}@)5^)^ePcZKw4>+J?ll8{lRn!+?orOceEEHgAI1Z)O@BkQ{=Bm<&Lul5
ztB6*LIdFc(S<I<x+bqnrZV>VUg3`Z*Z{?}Fg{cexBg<N-RN}6nT{{(hMeqG7>=<N?
z1q|sCIoNi5R5A5%^^ziAC%3N1HTwaE$-(x2qVWD%l5@{d^WV!#;2rLwI1Z*<J)rk%
z9%;1l#N1|_m+Y)$Dxy#fG0RRep(pwC0$*ao_}rP^J6F!{9+_-V9ynfcq-?NxdrRp&
z%tJRX&5mxjy@~AU9QZOUbCb4rYhH##2-96TDRPMYEq)1h50}3=FI@W_@Kk;dM_6<m
zh4{G(C%rzH$akfujNWX)@Z=|Pa9=P^-lz0zoi?|0&087Vt<C#Ab@X&ygw?)pC=fjJ
zeSJEa82AX%vOV=!_}!PI`0Op`<ooBa-^GC)J~UO@pJz*(E0PpWbTYTw^bAhBH$Sgq
zRMxkz<35few*2PC4fbBPUOJim{J}lgU-uS{w<V6;hql3-j_26^4yg_oVg4rAde4*r
zGgtx8&;Bsj0T7b@4=o<^N9J&F0nVv`@SH*4NA#;<aXwO9*;)gFC^Vd&4Ct2iD%}HU
zQjID(Y|be>NG$$xO4=}$xnv%jONZ&%l6!n#a@D~$!7B}<*9?w+`b$aqm*^!xC6$!*
z*>a%dFA=OW3ao3uk~6<&2*Q#*thptAnRAFluo;)Da+#ZEYOn)NSX_$VNrRU=j%S%i
z*lUrQXPK98S(sm1m_Ju|sfBx>XE-<@E&R$gNY~9T_9c87HX@NLB6&o2Od}%AQ^~c>
zhHNE*{3PPw2$1&@QN$Hlq8V96<*)~gtn!SM8Vm=LhG}s|Ii7^JNJceiMzwiHwXZ~h
zUZOhTqC2>vyK$n2EEO|xWWy!H$Em`nR-$Lh!l$WXW=EnIJY$y9Vy5Aux>F*yUSf7|
zV)wXW4>V)pQlhJ0R4Y#+&rbAD24ip1Vi}ra?>to>+U%}1<8IsH-bPe5P8^Z3{@OPL
zT1%=cXa-XZ32Jk?(xe%>x;Y0zC)l*PB2z@STZST7xw^T<W2MGJ!J8nxI*Px<$C4*3
z4mqbn#}8{p4_GEJysD4BfVDh5^ul2Qk`#dT0Z)kHBxQH`u`=5|wxmO{WDO3F{Nm^p
zO$FhIWS)rR{Q*x=t)#NSB(0+)KZ&Fxj1;X^Ss6gGlvd1qS<Kr*945I>od*!r40uj#
z0dV(;JMy+Dx3C5Lb$#_&v9NMD0#>z{yF?h(g{H=q0RgM2$i=`~N^3883&&BQGk2Qb
zYnr81sv8Jc{{&221t!6#7n#Rql}Gfrnml`|<OB2$2UXCiY+p<Kiz4D)Q}uqe0n6Ys
z@6-cMpX}~W0_MyzC)_g|PBXf+96mKOZ`CpmD6-m5<GTS_rJ%?WP)6x$W@CD0Pedk5
zi0%7O=8SoEJvcq<V<o#ULe-R7i*q@F*D^$^H6aZIgaziT4(7y`X9AWCZUH$?W{Jbp
z&dVXWkic9RP|gP+w~9KGj@o3OTb=Vc0W~b=43u{{ninpW1KCb=N1gw0s{RC@`J>$S
zEyCps-Wj}_2Z4}Fvzkcznn>nVaQ`DI58A`f#hv3+zEC51bhm&-+e39VSwpI@Jh4z0
zU<QXpAPxc=9=RJ9rX0Z+iO>{jrvE1?wdf+vxDX0;xC?<Ah2O=CmD7uEB8us0GUwQm
zy4@M{%8O*Z65Wl9M8k_Txl7FOfc6ML$1!<RDWz78(gdwE6m|<2E1-{8X&4|q$g1@0
zwG@oVQ|3LEdMZ^GtX+0YSr(g~<Efn%WnGpkl@`KN9)VZ>_cbrAyetf%EN-kEktQu$
ztKvsUtW-+&04Td3H}B=hz7mi%H(EiRnsLKjiQ`qdcAB*U$gVH1n8&T$!p;6SmOW&h
z)dOGEFqZK!lGWlBNU~Njj!?C*R@w1dxrA3)_?q26R!xtYLrood6_E#%ZjHNapkSE}
zGnRj%4e*Po0hs;e#tAWB33{SVxB%u;jk=IqyGgv{;A!O^@#ON4ghayU-*EqxpbWvF
z4(*6cc=QT>&d7_CiYJLEpy0{F&5WXXE77M0${{q6oYx1RB$IhJIPo-4M>P;<f@NK3
zB8sdlSad3wc^f&r8<WE;w$3Ux*BW`>8_Ulcg%O)Xd7F-*Yw*@<aVndnI-2Cyn-n|h
zWoergWSW(Do6(l)X*-(f$D3)^n+@NajmH~I&YMj$6&Rx$tvgz5*IVr0TQG_n#XBlo
zY*g2!tHd%}<=tAnWLitKT741Q)Iypd%U$lq{vKu+pH~>;mIu2();h8m;3G7@TQ_?{
z*N55UVDZ$!;cLb4nh>XlCgSJgn>VLKHLFFnYecDQ(<<0%7i(uEapB6Vf(lwN3$5FW
zmrWal&gz@JTUgqQ>S#NgcsmqUwR<WR+GI-f+dB>hIwI0KjSxHMd4ZkakRW#N((t!3
z4^UUAcDi?YY4mALM27DcY<Z(cU1WxDfK+-EuqzyxwtB9_d|sAuR%!>|9ZB5{SWP?R
z4fc)n^#+u?fvn!&yU{Rv-gtW)$90|GRo2g{1|urHDXSocD;QI&r@g8dttvY*vg*dN
zF@35w9{oULjj-5#e&>~h6IILReODS)lc$-}uUV~Qne&nT#GU<&vj65Hvxw>10%g>K
z-wg>vUBbO<9@ERgQZ85AHRv4q#JKI>SNreF^C8zl;5#ZYc-k3Wa<VGgks{*{wc@31
z^JOP;<@tsbeTM!<8pqK_YDeee^9;Ka41VL$yj>qCUmvdI%>!5SDkzL4GiJz*M|sfk
zbZ{WZDYX~>ohVeG==>v9Vw_qiNIe?TDj%U+NcTQ6zc8}qI#P$2lC^B1`8FDIQJhoN
z5gI*eHdd0lQGzp8SVA|#LsK-T)3T`3WtG{xX4A7t+Z#+>u@TjsMC0RqG5%e)+-hQC
zDtcn9a{>uTxff|->)mHKx_fP+Y?UA#iLL^*y)37_95`0i$2W!i5raygI!4p~qqA?j
zxt}Pyk|a8?!K#0z-1gpQx_7kd-KYOIT}Bf^KLoPDrEQfD{y^>9H04FBkZqv)MBjKu
z{{r_cGIBPgUDjRJpzy}5tlB^rG{{7@#%wTw@Hyy=2b^E@ZsiJJi&6U5Icrpp%Gwww
z|CI+sggx|tU@S*F2b(bf!<$2yT?5tGM!T7|_vR{zG*1c$WtFRAt{y;JSHF1AKYbep
z(hg~3k1U*bwtp;!w2d2n%FggE8OJD?Z7y2dwUjQ72c}Q;vQIj8O}fZUx?Q%MPgK9~
z4G?WE!?iB^5w7^~uk6FjX;v@#Wi3X;tb}!~#BQ#{SFa>=CF)KtS=g<bXRq4$u4YxQ
zrgg0vA1!(CuNCR7mH4jVrYr}^8TfRp1%Ix2Bd#}GuJv25q|(Nx+YAYPuBd*jBz~?t
z*|r@?&2=EJcJZ%vPp<T4Z!oE^3axhZ(~b{<@jIzHI`e!t7hl>-={ARDHXW@ua|ySy
zV>S(_*8my7HSbCP^q!Q~-p`IYn2B-+KzG@v(qraUN=7%r#unVfR+5$F?dO)W-uCw`
zr3(6)IqfPs*;az^>K?B+w9h`mlm5obYMSW&CaJ!+<>>{4-5Q!*Ou2PThP?%|b%QDm
z!D^6abRAE1F78@BhD?4o%^*$n28Vt#wDvwE{=WETo((~PtL&n^?0ja${)q3vc+5fc
z<;G@LVHwgU_tHU|ZD%b(k?3o!K})4-#^J%`YEARlZ1&Qm_jtJMp|SPhSn#33)M3TO
zp*_Qvez*3KZ_h^bwtMW<+(&tQ#sqk}^B9^)dC~Ux@ZxxUqufjX#1m!8zx#yJZ3p*i
z3MY04t9trZO(k$@7G<guM|O|bd*-L^KQO^rs(v*T{~6xK8fng1R*njVpN2r!LOXxL
z;AI{f{$CQUcrptsk*N)7zk*u*A*ScQjom?15ecmVp?B4xl#}ODTNj*u2eRNJ5aRJ1
z(eYwU%3{vtLic4V|8W}EPBhWgEB)2MR(fnrYe4ncS@+p#_t`o4ihupAOW=BH>S9{|
z`oZt|&HnmhD{6M?atY;TO<?Pr!OeI78^~$dE&VH`?HiP@n;39<d+6Df{_Tz5EmrO=
z&R4|U*8WFT$a~K9XY4hRAh=ea?~YjEj=JZLDlYoxwVQEHu}#Jiyum$`LyVHwA&0{a
zZ`=*1zxncdI68UR4$7^E+=F=T!>->Ieby;{?X56f-zE4#74`9E>z2p<j%NFgMBy5i
zrd?<I(Ma%#PVoAR;eKOsjPL8-MlhuuX_Wuhv+ec0-LxEH?sjPTgTMWxYxT3=SBva)
zA6m?;y1`4I)gU_8V`$Hd+Vrw!&qAHwow31_>Gm)b?Oby1tFFOo(pQrO<Fgy;o2%ek
zfx(+g&%MXjb4AZvmBCKn^h@3LOTFNGgThMO_G{bpYkTc0X!^aQ=T!!Lmu>cz@BcPr
z@G+wBHmq<{zWp`@{`#1STmBcvaA6i$D;2P$@V;j7zP|m*i#V6|D}i#_nC~+*(mU$$
zZJ=0Z?)2-u3-#mX3w(DC4y5z)v~;%`>(l~{7eJ5uygWfLqxSN7-JhYch2I$Vg}~#|
z1ivU2h(sdOi&ur;?hVA?a$A3YRVtE5B$NxKi?}-&Nuk!N2!2&Ak;$O98>))9KbpvV
zL&5m|<AIX@JJc~DKORQ;T#-;Z0zuhB`Fy!}0zz<m)2VWyayri;!eYfrh1R70V8!Fv
zN|Vhxg&4lZm2SJ+<<?-P#<hO8?<W|VK=a1%UkLIqalV%=#ZtjzOnw|K+kYd{s4!i!
zm=y<OQ0H3U5~Q6*i>g9&;~YNihoc3cP+`d#Zj<R;E_ZFs1g_2HT(a*u3|Pn0aj!oH
zTf$El;CwWm%^3#P^>RI%uhtm$)AM$}TJJi4f>)*DFDQyLhsk`+TP-b_<yDJ&Xb@V~
zIUT2n$>>_F72o_Tpdj%2agJOAfoeNWvxtH5qwn#jbDa<zrB9tOJbg5i2m<4Qq6iY_
zL!HPEiH|x_G&v+@v7ZX2N@5rquJvL#7C!ajxOUOZ5^&h0we>-fc+_1hhB|V5q}L*I
zBoH`>k-v*$ks?Pw)J0-)D8qDrR;0riD;JRP)7*`RwoOD(W>2xPPO>a-M98sisy51T
zZ)bs7<$11~SQWUQFGiVvjYm~hHU6g(>#2ibXR54u(RrBpMDdNB=|m8Vs{X^CG(I=L
zaoD7yAPCK_sw6?)tlH_><lH&z$cxOmToTPFumIklY*D}Mh?CYZGK*PKH<6obUDIr4
zZ=DY=j%&FFUe;)t=eludTb8D@Xj|7dbLiNHASzVlN3Jn(z?taOb}f&X(f_&c9a~&}
zdFp4=DB0j$5SHB@ci2GqjKY?{bNH?);SY=QVi1T(@nRT)Y|gbCiWcf=6h;~ADKVr9
zov6UazSJlmEBM595F>WwX__P>j(d=#CZBE!G;rrW0<?dk>#8^maa&}29Dyuy{lPFi
zmII29PHJ{>TUb`bN#<TwrJ12`R^^2yUe=Y>g#f-k)WA05nqOBuwsphccH7!%to4hg
zS&B@%=5>8u`!-|>ynQ+|dw^M|(Nf2C=hqSbO&9DluVX(vcBkWj${1dN13M;<^C)F$
zr}H@DFyB4s%>6^cI3|<5NxSk2vwJl|pleMd1hK1ex;D1PZO$mS%YDtEmH+t)&)-Lw
zP7LZs19xz8R#$hMy^SC1G4owWgc>PFA2e?E(0RhEs=v9oWbP;QjUOq;69A8~yme_6
z97lV<b_Kq;ijY9tELkB;?Yr9?@_!59_MqF3s#r)Is(2{Mf^d}e=tzPDV`8I!b0?F=
z0PO7TCD8<n{-8ie{yEOp_~V=Q4XG+%1Ol|sM<@1!4cAu1E9*c=AUoa!U)Km4Z6v`(
zE<PB7jo9jEYk$8`u*X6DYB8BuPsPl%k_B3>MtG@cZCP#jC$VuS8GDc9Ds0597m-#4
zRSktTGu;JCLE-m9F-rB>2$jwP3|h6avt4rKpdb_cajxM%^^`GY@TB=$RKvuxW^ob|
zs`$f}gS6IH<{$UEj>42h`^ECE{pI=C*yWW|-(}oI3npv)8hQ3a?>J)k^lO8U`MuEK
z1(P?(s3b<El+2wIQ|J!QgNpH2sT0*2jmar2xMdWG5IL&)4ygmdhhsX{EWm7nO{SDW
z881lMwD!N|ZhmdeFt`eyB?pS{7yAsf&MK*}XZu>Q)W2=TB?T3Hw(g58M(-zSQ`g6H
z3VQeC^|O<Np7M{`cL55!#FqM$-xLX|Imt1trvV?@+ZIQuMUrbO!e_Q80*wHHGhYWW
zludKat{0BjBUIaP-9^}*WD)m<czu1mxdaNFKZ!ZX*|dYoVpC>wlcI@1oLxWDHCN_v
zgiq}`+$56(TvX`0T}Zi8h!FxS$OsV}WLPf>J^$eRNzF+PM#tTSYJQtnH2zUe!(Jh-
z>)Bfx$|P$VM6KaHA_D(5qo9qrhc}xx7&3;bobk4=_h=1XmVi_a_d+ryzFnp2n@WlC
zroX_$c3bHosVLJ5raK_85${k0#)q?;=u=h#yWKe&nK3VZzh-C(Hi$K4G*=PxLo1Ke
z)uh$QW|QV}PidT?x70;iQW(9CC<r&ST<w{@xsH!};WefdVjS8UJc8DYlhhk*kDSyb
zWwe&&lIjVuYLnT2Y2h}ePKlC}t{>`beN$<fU}y03h~j;cw#eA|7th`iRf`re?G5#)
z=Ljesj1*7ETV_3c#PU*<6~bVhjXL<V$}aDOVyXA^ch|Im(g6ONmF5G<LUws|oAN5k
z?;(bfADizt>?B(sy84XlJi7u?|MVcdFCF3VvjG_Ae0pf|{D+N2n>tZzN;Tq#Q~YLd
zAN#E8h`<%IXn58?LekaIKUcfn<dxbq8n`ay*$c_lRjhO!O5-{;4YBLIN0z|!37L*x
z9s~e$RvpU8buE|7Rasu@{g)xau11MlTML2f)oCvn*Bt20<3H$LGw}1b3HcwUVw^mq
zvE~nj<b+nzjB9i8FjColomTQ5YxB7<Ze<B1M`h)0z{V)n3uSr>^=Z&zt-D*5(PtG;
z7?&@zaZcc`61ks7@Bn`lwAykFOGEs%l|gZi`V`+2vtJ#nIMPkBfWf5tr=}1&yNCqJ
z>_5zUUh8Qv&#i-cr;bV9>lxzvgq5(`6kvVLA(?>!JVxG?(c}arrDTh)dpjzoA)SRU
z7|&j4eH>-f)b>_(J$D1`cI|rSESO`vw=`UJhBMCHeX}D5v#wh$myLZw*w=aMOT!=V
zO}V~@B~N8RojzVTdfU+#99p>AcliyCqvq~Y+0`yt*Bi(Duy2j{7<LWjWF?}_*6K;p
zi^VRiYW02ANz{Hzn8MkoBuy=xN?P^~nd|3zu)NEI0`@Y6@8Pceye4w?n!@hs4a}tg
z!$C<+uVvpIk74hvN21iARFA!U+oJ{Aa@`Qx`F1_z+8qse&%s*GgSaox17bnID5b^0
zj_zwm&$2`M{EK?4KGTP!eYXcDc$V%NSzYPeY|99hOHUA+XW9hSdv!VIsTI{LGMvc0
z;kY~y`{HS(hrwqHwdZ-5)9>!x{Hg1!cs$1Lf8h(x;@*t2S@8}FBWhNJG~QFb{9gJ5
z{cd@W@7i*GuVx**A6o@KuPp>WmIeJq4SM|L82rEyJ^lyhJzpOh0uT>9wI<zXti4d8
zz28-P+fR7!Tzc=kd*On6;gkQ|@b=)HrWSc7OzhW2&`>pm=lZv&S~t{wgHJ`n7xF(#
zMN$RbfSS=U`q272k*eyaGyCv#e^4R_&Ak8lhS-Hl+J~)LrjOr;Q6%{4((^J7+DwW_
zP;N+`A*O++N&1uLvkU%BGe8s4D`;EU{(Dw9??sr2yMh_5@&^x)b^xx4CZFjeH?g;e
zAs?0NpeEc=m{zDCHIbT?K!k@(gwOSNvZ4sLPyZL`00f<A8dYz5T0>bGhM;t^Xg)@3
zS)s%Lt&~rcn62oP7vdC4wbTTL3|qY9hNu*Vm{L`t{DG+40jlB!g4%?rx~rIiY`li8
zsH)FEljb1w!eGB;uNe=@4k$)Gqo11qXt+UU0$IOB1=M*HGa(pScEYsa6Ip^sHlZ6b
z4J6wMAF?VUH&Y$5qXTY9mdrs&IM}vbzKPq3N^D6|7*>hflS!Bs^#ZE?T(<qWphok9
z%yn7AcDW;j1s78N%oHa*VDdg?cPsxDb=T)ypYV8!aNL*U-;jfpkgLU33Kv!PmdLEr
zD2(h=h8<N3p2Lo#V|J7lC+8DRmi?D)B1}aFpKYAS{apm_E|Gsim<vg?&_#qXS%d=#
zp1KLXEOB&aT%>ePDwAw1pQoS3wV&!jBvp1O<Deg*JulE_lu}hXolg|<V60j;T-0>{
z^donyU2LRYOfh&+217>7R7TEqyqQ3(O%+iEX}qmSj9<E1vPh;$b-bf&Kp}aMQRWB0
zWnA57Tu*eO`$X)(aL7?t+_fpi#%IXQXV|e*eAITrwraxlKz6)pVj@}A=|gtp`<O}a
zun~qF7?6xSmMpP&Ff`#hxilbdyfLvzFu5Ep=e02DWgF|gF<kz;)T*c;2xBDayU>(Z
z9G0kL=!YZ;2_=ST--lN&Y9$EuptnVG3KxAU03+P5C=Sb~F5pgxiX|0aRx+uH6IzD(
zK1)RM`v}g35LvQ9N|pkzjg-j1G~~i`&4dDYL!tIU0U|rS^^D+;)C82+%y%`#Nv(-Z
zSH&%#8Mu%ccsIpu*-=EjQKV`G<l<?R!5L&|C83V#FQl2D<g@6H(-@eFnC!EOkmJxH
zvp6ZUxQEFw#WVORGX#UPgp0EpjfyCrim1?Y#K^P1*_BB!=SV_0-tP&p#AY!==CESG
zbCfA_G{tkWq%&Ljv-F2^43Bf2mVf;IKroZfGqcaLh|ROA&9j-!v%Af6gv@iM%ySjb
zb2rcP49@c|&hs74^FPiDKraYlF8m>15Mo~t7F!TeTM#u{5OZ4)?Fzf#>hV*Yla`y4
z;a8TKRFxH*lhZ@<eW9X2rVeX^_0^14=2uhUhfvj1Q!`uCa9h-rThy{s(+*M7Nm<lh
zT-4cI)ID4@cw96bTr|2=Glo_-!CW#{TQbpGGBsPWa9gqzTe7lKw+>OaNm;U9T(a3*
zvOQdKcwBNETym;b=LO6%iY>dUEe|x!5*^NZxGj5zECaHEzZMtd2baAUHRQpY8VZvd
ze%WDYZgYXz%0bP_f4h`})ij4jm4E-7a0^)pPg&`((eP^41Prc3Ev`fpDwdyR`#&!G
zL9ZrYt|mgS#H$Gh(yyfOYXapoQ}tGWDOz-onqk>1nS-lY$Ze6Eva3EB7uxJrxWo1v
znnSMSlLOiLcH*)0+9k!!p~V!B$y{xtBgmaULORi^iX{nl<wefdYC-Zy4-%&HYyMf1
zPeQ9r<f}=8+<}-$LP*m5(W7h|I87B}nLGamMs*-FgtO|_a}M%*FhwdZaN2xV(_>cq
z`IE3OMURU}dXdO>ObZmVN?99p8`?IsH%NDUblaE;$i_$~E;mNl$H8-n8;I|b!;3Q0
zn;V@MGGlU^({57~Xq#ONtLx3(MD_Sa54^UjYwjC0s}PgL!LpSTa(`(jN3!IcoBj<w
zbdU1M%_ob`xt6RyOpI&{%^-=d&`Ib9>0j&VU%IW8kZ;!pYrlAv?U>51LgdyzN`}$N
z`wmQ1@~=M~Ou3Ut={9YD(#OwjXdlq6KVeKIAc<WUO+M<49g^iHnoM2E4!)5~K<mq+
z`$#6K=^*Osw4<qgrH|z#BU2Mg_dVvIUahAOM5ZGdO)~AG2}o1+Vdt5SRgp=6pb-UK
zjsB%@l;%kldUL}W_v3)eG4(}y*|)ap`th;$$OLw|OpVz#z&ZmVt5hw@L&akK2QnQW
z<C;w)bS)z~!MeKNCl<41y6N=j<;OetCK@LO8w&?GC^p%z_PQ}lo(bqTn)f$++u!#$
zS4<g-VkGve<@Vk5myiss*?{A82j_CNhs9ebnA_LB67Eg<`az~<&J%Orx22yprCJVd
z9}h~J72k13RrV+o*v!yB;@-rl_5-I>y8GO}b*bp5Mmie?RbgX&bmDc&qackK{M;cv
zsDTzoRV^`m?3;SS8JWr4f$0}QayM^b*GdW5vl@~feC&#6-l#`6vH=>~mmGz0E%O2g
z{k>NhOR}7?EW!_0@9b(P3N?xshfWbd$DapYB^ut~kRzXNL*J<#Kffbin3KnNa|eo(
z0rnGnffEOD%M|!ySND^!&=WZ;#qTGuku4{YLnlym$1&y>u}>$lSCjYE^#w145I6At
zN5}r+rvd7xK>5=)+}Q%Ifb<fp4E<>8!+(_OSu_hqkc(CclF~499AqjYB<tp1AEyPX
zC&fz&b;+k0Iab4`K&LAVSw7kB-xDoG)>ZD^QXu0R7@OXavvyGv23{oBt+Q}}B4l83
zX^mBWo0VHpMt+FgrKjo4t;t26g_u`t`_lPYz;UsdTp_zD_qxp~+yy__QsGH1-94)e
zD>A8u!q87wBb0cdS?C0kbkTCBg8XQA;SZPs;b?4fYA%-3Xgy}nbgOp9mJrEKd_Z?B
zwEkO^+4n+8Oy^c)ZMvO=olQfth!6P_jCut3oxN^bF)PE<V56@fvjsmZV5n6K7;e}-
zYe-Wq#=bub$(;ZDUaXICj{6=3LqC>)F~OTr)`OH#@;YhBD37i2O}A00De{xM18&J~
zH~ZNw(dAEl<1|r+0=)cEI-cT%D;)XBD}8Bv^=m7->k#v^0jIOG5`>JLGuT)ehL$}p
z6j|kmy$0Yujo%LAUz7FAJ!RQ(?xh<fe=&?_M=Z`;W)v|L1ryv-lWM~OGzXK>1`L8Q
zr)GWn7L?f1maFtwoAZz%&m}uyAlOC@Xpu`#voJ6r@<hK&L*XF~gvyb-T09tzHtpQH
zqg5y-Lp7yPFzq>-Ahwb-bd?Yb<sy?9qA9&ofjULNwEE$6K3sAG#q?_fB~^fPWQrp}
zD`#9#V|$dt74GTkIyeU&>tWlKQk>H8lh75>fgfhdU{Bvwknuqj@@P_L+T_SJ1jD>4
zWE+2b>JxeAncvOF)#`+!DQ(E5tlR$A(UrEsjn42LA(3=-lLHLnBn<Y=Z}Yt@x|>Io
z?pAgqbe1PQ&ON5r+`KDE!{uw-Avdxs2lC2(+vDGT<WKh{kK{n3pIi2281Ci<4zP@t
z-A>jjW*(|$9>Y`<6DbAr;4KouX~%v7n_0q5!qz?ZoM-=O-KNe~na<~N_CfkNYv1Jt
z|KknnAQMgou{G%1S-XyZt{Zs6GHRWzG0(Sn(9XN@kMXq`{W&i1vbOQOfC9aX#AP{e
z-v~aNqho!m=GQgf>enZ?$8-lbGQtz*adTG%%aoVbpM+kx+6}J$j(LKuJl8KJ9&e?B
zDRCCB<p!@6rEitTK%Qkl`u1zh@muXQpf)TaN8_!C)4NFGJx{|s)y}fa<GoekIAZ7|
zs@w9S<*j4*t#kPO&gLSK!-^mKy&BcK4*TODs*g;_V?3pEhlKUr6>|=e^{1?LW^hst
zM{5DfE-mJB6QehHN-!J_6;K}PfvSL1dF5DzvKjnk-Sy|Za?7#L@^eXpu8CovKFPNY
zH6tR{Z6xQBJPfa$LBID(%i!U&r{%mG1$_Sd^&|v^Rpa8oqxW$6{giV%BSss}$u`3t
zX_P}s0ktfM$9@AS1OV81Iv+ynk1PwwD`QFQ>L13Sx+)rsP5KGxbHr?_KN!?(uE|qX
zBl|Bv!$I7i!Dqql{Dug+hruJzRQ&xf1O*MNigK1@Fa(QTIyh}+XE+3d(+{I9Azvzi
zjMO;#<VTSt5Zl7JYINpkG>gsQZXv>@bUNox7?_S`!E&ZZG>&D{^BRKR3od_31R{V)
zqzbE=hzq>3cpg})rNpt|l|m;}jXYn#AMSq1*KEE>)I^0@C;~EBUGw$EHZ=%zx&MhJ
z+s3%v=y~b4klEt2+8+ryOrPFtx<3)PPju9YbG6-`!;LS_w_2n#lv$6*;HzGzvy`F{
z=XTk~V!IM<QJc-@S${oZiwY+4eSgv4A5FM6ujzcfJDDjJtiAeZcRe3{RLaI%tQfda
zgY?Pv+JW$>+C}8Rpx*lQe!4ttO#S804}QHKT)$4+7Vri4EpPkY;I8Ng!ohg%1R)=V
z?F78zp5z687k>HSkE&dj8-QrOVkC}$@Io94@BFe8@k6?eB#OTMg(RAJjEgjeeXVUq
z1*`<%%n{>f8BhZpXHx>>zCXSsBp?xL9f;zRziLU#3czb5Qje;VB}xae{Y+6Mc|Eky
zbmk@(D`2)d)KM_UEjE+!IxWdmvW_s%(te{lPB7yMKFqdiS=GrkT?3H|D_;T1GIR?l
z4l}5V#mg+6^|{OPQ<S~Ri_?wU%S*DI-^xq#gDT9tbcDrFJp~|FQ{s=EN|SPOos#FO
zglF-TC0n+V&qeCa&Qxm14pq@~U4K@h)w@<SVF(e^JS<gHKCb0Ak=BS})GXp9FVs6M
zR$R*L>PJ-tPB%PX)Jeu@ZZ|-Uo!QlO?Jit)NSAv%s7#zi)pot!b=3AiKA)?AW0e6R
zDQd0NYiIGW3mkaXu5MUPIzRo7R;*I>Hqr+>i!s*vd#Il>EXblZZVjA;I0&pr3qL4F
zDsIJ>$9}v+-|OSvFJ_K4rHH57Qm3Y@P7AqI-A*vI;_4dz!d7pXEisbVTv$`e)?3sv
z>3Uq$)A?-HF7^tm2!T6snO?OjjNwotl|NCIwRij8nscrNHy;A^ugf6Zsd3yOg5=Ha
zdCM7HdpAr+AEzzIwb1e<kmAYrdB+8RD|f?Ra4PSRMq3_q^cXV2wR?|w^>WNv(am#S
z-2r}!hQ78;$wylE+bSzysqnt)x(9b$_dyAMlz1Ze^W7Rf+56m$@NR?o9;Rh}{ikq$
zW_ao|JwD&)+4QDm>V*mu?0()$RS<Z29`Y7=KmFC*-TP4B(Ea|fE+`1T+^+QpKR!Fu
zUZ8LgRRdxIrj77c+JL>^Xl4RXY=3{prD}#_s0;co`rEnf;Saoad=UP{Z&*PpVbnyX
zVDc>3r;&TYvA&uR1|MQ16RLjPxw=q}PGS_7vVOt}h5(v_gvScXf!{x!!o}%Ge#Vsz
zkg+&L$lH=&<a!QZ<j|;nb&z~DoCwliIYjASkl@t6h%tvIM49px;?8r4vjd%CPVb4;
ze!Bld%czU}-APJ#%Qeiu#vJE&P)PI+HzJ785Ff}#MvMl^zA^=)^6~kQk&#l5N+~xa
z0z1hlSgDD)Na$n)g#QTsp&nCAoHJ66CZSO%A5(2`PN}gar!$})*OZQnq~(iL8xu{?
z$e)d|`!Hh+933+J>5?||V8)yPkTs%dOrM}5rG!n(3So|xjAT2o%W7e^l|E*JlQJc0
zhHuF*yUhF>oM$6im|BoM&vs^O@og1X*!drN)?+6nC%v)E<z-mLF|k6qESbnm{)o8m
z--Hm&6Os^;D>0&WG!b-*nJ(_8{3M?;6w-D@Ip>GO*`m$7k5f#WJNT3d5!F=BVG1SY
z>7;I#@=|$i<-<>ul0gyuLSZwN^ncF9O-1E5wmjqc;3hCIS~dSkRgCEFW1hCNN=i8P
zu&A&4K#8b6Q6}^-u`JSDM>QM1+Vfwr9Y{<`E-1Y4VCiSGe2t=r5G`n}VbT0{tlBiB
zGAYrlvU)A0l0RX4_eNPA$XBH3#h$tse@Itn-dyd5n_aiYt`_$aqcfGUAx0ClI#w}I
z6Z})%`t1NuK(N1Q!Zda%?U&eZjZR}C8|euSOmBL}Wb&!KG8d}}p`BqSk<0<4p=R_A
zE&Eaz%#oL+Ocq3j88#8TGI9y6{QOcrw<oInW^+*2V2oQtWmbU|r!^0)x(lUq<B@A?
zXC*VErRzC!(IQ9gvQI64SBru~H)S&hn)09J!<J8H1_y9L5><$1+RPV(W>1dHj0h|r
zF|yrM57D<7e`EsUC@f7eREnEmRv*I&X3rkW5SzfC6P!qlnvUpOijg>_v#||05~Ug0
za)G8fp{ww+R3S-;t`W*+ms1LgUJJ6vsuYK>s&apdE7O<Q4unQIhPj@ole2yH1+zzo
zspV8+O%6x1y5T#6-kf8S2+9~3sVhv!&a;68rV9fIiWbOrX=Ty4jV0-&qFs%TNBB!I
zRgvW{{18<X@3eI&Yn7o4Y_)5TU0&2Y4Nf7-I!BN6Z3Jr#G1;z7WyPmIug`SZMwd#y
z-jeuL@Ptkh&p_Y8RwSUr7BjM&yakXLwfazXE5TUJ5zQ$lA_|BVLbnerQnVLW+3H4q
zErd29{j4ht_*{gUmjf%AjkeP7ZNy0vZjCXQw|Ew26j1PXm0kMj@YUoCP7G6i>lbb+
z%k8l|jGgtFed%IDtye9agAC&G1+%=_l86~|5A=>RANaX9?4CrAbi|F-a&}fWItQY#
zpuap=&Yt_3k&ot1y>bL@?)yyxry{rUDs4``ht~h{cXLHZ%OB!gzZ~wNbD?-hikSI=
zMkrC*Q2b+EVGr9zA;})nG*Fa-=Qnn>s~#}3TijbsG-*P#Rryr(yxeo%N^9(?s!h7i
zB(8W?Dr+2z9jDWS8LC(RRzEfMpkCU4f!S~%$Ddj&yO#QM-ZxM6ZG%&P{Ppp0@Igg+
zDMaqR@e7NE`C@n(ROz^h*6`WMF1#sL>AnN@@Ex(%zD_#a4SxGxzTD67Hk0J{P{PQ6
zrcmp(6~ljBW5Bz4i}Joa-u+bH!++@{_`d1jbR8SVckuVidsoo!Wr$JWF3{iSkaBw`
z>6q`Kkn!_WrRQzQqdr!E@o~Y$|8eVD;H8HVe3SI0Tz%YiWtaQ@SeW~H<{<d7&G_{&
zpG(#40KSWu{`fra`Fi~l1VjJ+g4}^npSjoj^^GF$8^doXj-4~M?8F<WZ<4>E<@2D`
zf5YhK!I=Mswa<ff{|)Dt2N(Jq9vqto5B!aglZR098?h!2vE?^XcOKHvZ{(>w<fY#z
zTX`r)zfrI9P>*)_A*Np^MFiUnJ_onargG63h<~!=|KuRXc#9Kw$T|LuCs-X^3m#mx
z+*L8n$F|?ab|=P(&Bp-}W9Jy*6cFQ9<l~m)<Jausw-6Id<r6Fs<8K)e>=6^5<r5y|
z|GL`!^+fy|rQkOf$uA<~-y|f&GzG*I1*8mnq#Pt<@&#mDe<2C;pv(&>>`5ry3l4=0
zUqkj@VhX5$B-A+t)bg`RYG~zRMnAg?(Ek<C4w2AL70?S1GyIgr9GcyQ&-;2Mfdm^v
zq7*V=nJ^KNGEtbURPE6N3c#!aq-^4aZ2x{x6%??S?6I4Za@ZGg<m~+zGiF#a=Gr3R
z0v2**kaFjkFmL{1CNbfqDP;av$UC&pyF|*rRp`S^Dkw)P_*5te-e*(ar%afmib<q)
zBjuzZ6J{t9<{%Tv$Q965k~>IbARJJMAr&t$5w9@eaX%3EDiR+f;RTP>tIZ2t{o;pT
z=AA5Tg#6h=ye~sxVm}(}60RaEk39dd2fKOTTvWsdF5>4QqL2<2{7m<H&<GYvj;_)~
zVI~)D4p-qJkCHq*r&@{r0jKt+fo!B2V@m#qA^T6_!F<S|(9mj{(Dc(}#IqBj%x3ac
zk(mz4qC9lmZC$bU9ykr%Y4xV}P=v?y!Dn9>qqq`6+dKiW3|d_z8B_05+c<mixN5P|
zELL`9Kofq=lmXY849m1-FOm4jtS?4gFV-UDsL7{f_qSGMAcZ;qk}e@ijqZ`=<(M%I
zUY)PHv9_A_=(L$HqA5V#j3eqa7^}*c%qjGsJNiI9*|d^O$BjExw+p|ES=_BTbG8l3
zNp#)bGRYM;YOphO98N;M0I5k-!nF$tU`E*rNwAoQ-MhQ)`3>7$INF(bnI{FwgJ#_h
zfNeKP=}nF8_LE3)&m`c8)P_xYm8w)JQ8F?<O`T&U<S{iIKKU=RWkep1Iu=H$6qT|)
zP7pVhYOLlYm_2PrlPVmzvMEY+>Qkm(Ko#PpsqA-1d1XwA8)=wm7K59fh_<BlPgVXD
zr)W_sM>ZwRCjtm99hX6#F0~pr8e9Zdo=9Pp-F2L4q$a~GogiS9M2wqdgqx^7T8xpN
zIa!j@u9k3GoaJ^3^vyPSGP{8|@{B$dLjd|yMQNC6gEXTmFiYA-#tV!P3(fHIuB^<T
ztnzr)YA&g(2x(04G77Fl?F1?cbFxjvu*z4<ZTGBb5zdOQaJvYWjFi@DLTK6`)~%dP
zoiZv^M#|VO#bYSehuSE85_S4chq^%c<H747qf*y&=s``3aYLlqAxhsp3m>3P>!)Q8
zVI{bs!os~=2Y6NCnO|C^Pr1jeA#(++_QP-X)0l|XnKLa_fH@3^tvnDjUFFj4ub)(E
zKbbWn@W<6VYnwD5teog0n3Ez1E7}-MkspcBovseIwAY<|J?~Xsm?gaMH;WC9+30>l
zo`kIGzykL2*dG6=>fSmZHlm6)*4NY?&}>1-3?(tBIn7uz8x5r!0~dqr72E^JDq<B%
z@Jh!EayLe+SXMVDaw_OaC_xBicV@wDFxAso1TuTM@+fw*2$%LqheI6I^8)k>#>&Gb
zbc>0$i~7}z=Ja%+@+tS~Nx#eSBf6DHyA?0`C){XEBD*;fyXl(h^%nXK8oP}KupJ4r
z-NF|A)=~A=zo`Z5>TP5C9dPvy%++Jn#YzVKDh0zH!__W_{c2=Uh5qhFclCxk!=^sN
zq4Cv$y*&tvN_lp9E41b$mf`eDV*BUSP6@+VP0g7${W4F@-am$Y0fx&V`^%}TuA8bu
zbB1f@nxm_l>nDbrvFc4=%`Fk*9eDq=h2flo@m`?zK63kftL8$T@ln6_(wy<?tm+C}
z^Neu)3{(4p;_#Bl2#e`(S5o^{;{e6r@F2|i(Ovs7bWI~y`=ovSX?*>(cMU$fMssI;
zfw_4BGD0HOy`t1XTEM<FFhX(GL0ROy&s~4W*L~Mug8miv`Q!k$uY&=5Fn#&eeHEZV
zkTSvls)NUNgfF~-C*A)hSclldgruST-JlM7nF)Ej4*5K3H<StXuOsSx9V}EmYLC)E
zg&hJV)6ZY^KWlG(Rx<r=c0`h>$55z8nsh|jXTmb5$3nM<L9NF|WXAcb!+~|$i)BL3
ztw*P1#;bI~<E$qZV#XY<Czy7+z_`WQcEUPlCaSc@4r9jsy2Xxj`VHm0lHr73TaQo4
zLc(}Q9L7j6&-`DkflfV<#vPFk3x$WlFT{pls11}JEL1KHR+!ABjrG*D&ZN1{)P*c=
zd<|qhEOZjg<OVGC77g^vEJ}7P#8Gz)&v%sfcZ}mX#Ffr8jSXPtS{4>;7sz&JI?hJc
z+H1P)2Dbe>HVv1@6K5t17pnI=4jWdcUzF6eja=xg+`sO*GFcI8FIa0?c{?20R9N|R
z8u^ABe_Y*gZnJXkH*y}c3SLh$6|(-Jbm2yH{gdmm$mGIH*(5A@$vfRBGJh|^%f{is
zDt7K7_Ixk)ej|v^CV}51f%+hU{V-Q?FPz#Wb#5mj(j+bMAYJ<)s>3F0;wpR1Du?aN
z^_NXPs!86%RsQ~gnD{{owpr1|Sh}%Esr5l=`$lG*O=bB()`Csd<3K#DNkM~M&A?5e
zkVz4hUBiR@8y35An45A`Gcsed3a6WD;iF3JBf7ksdJp(f-o#C}pB>$yS!0`B-+@Ro
zj@=;1&A^~qtMpL|wZ#ydLnjreGu>>g!>%{ZZt_*6cie2M;2w3^Y+&$YVA8S#^JIkI
zqV3ON<l&A*{$!HcVv_4_Qp#bP#AepoVq=qIX3=76^JME?$p5#+B8<a6>dC(6msR1D
zF;uHn<&$HNhG`Fnv&`Hu1E&jTtBasVWtENRA5J%oR=2of*I^Dj2M@b*6t5!M_E1jG
zxK__pPC#xe;9NwIY1*Td)2pY|dzjPb@3U9ZnB6&t-*JmytAVCyi2oO70Bl<TDpw$O
zTOfWL>8YsyFRs6wZGQ#10w`Zr|7kjDv^g4Z$$$%BEexT<9NNM>xWfJ0!o#>C;@TpT
zJbigXLsPk;a@(R>xuSbsLQA<s2t1s(Ur^||g0H#ap1DrsTgji=;!$4%zuMeAI1^o3
zldIaIhue}kxswaIycKqnGyus4prqy2I7fGfV@?O}SDaI>1lSkO(-D7z!8F9SV3**u
zd(ZSZ?hM4&j4uu+6Hmuw&@D44W%$K4Cq(rEkUY<2e8LTU2j!Z)hW_HooBx|v_`_zO
ztH?t&vlNh($(^C$l_Aj<BHRAg#Oq1#Ei;VA>EksXA4EvWT|o=@f%aD5-&TN{+V|Tl
z#RimJ$CHc?6Ndkmt1(pb1*)Ot0nWFBQM?&w-CzCi-%~q?O3}GXP_e5l+B3$d8(7;)
z3ojerc>+@5%g0~qXI``YJ3{tf*;l<Pk9orTd1}YsqBz^t<2$1Fz1mH9YkS^6souJ5
z?J*MV-QzP&sDLbkc7F};lCL(=hxfoQ-g0!<e~do84jpmp!wHq`1Ep_&+B&)lt3e&>
zgZ^!Gv=M_n-nIew?blwSp7x#NUc)ZjX|*5qjh*c{d`-hXfwkNsy`2-=oh8e`tzo=v
z>)g`{lfw?3GqCM^&|U4QpE>*Qh1b0E3W<~Zd<*Cw!hHM-+nwe9JdE<4ODcR1IQ(<J
ze3LwU;yn3R{Q09xKYUv|*C@ff>+h(G8om?rox?EP8_T{^+XGYYom)}w(=L;c7-T{)
z0z0VPJJ<rdzq)rR!Bm+1dz{^Sg5CQP;QcSzZqBa5R(Ub=?jr|*V~_4*2fq-X?vpry
z(<HxRqt9sPt}_Sz^UR#FTK<ON?(uOys$>4`Yv1YZ?kj)qLxb+?FEF3z#~G^sIkx}q
z&v*LC?z?{QU8}F<y5E(A|MoTb0pH~sO7Q8r;|5>w8NKHjf9#xB@IJ2RCG|@}*#EIq
z@TyYq(dKc^Lhxhw%iH$rdD;Kj!~bQz`<1f?{497;AoypZk~1#nPY?_uimaz1v2YkN
zF-vk={9b<q7OnV%Cs>J8JdRMv83UAXFq}Xk6DkW(CYMg7H)==*B_55ZbJz?`08}XD
zbNK`BFv_q02ti0h&51x5>i^&24$K$ZQ*1P94gQNe0NQFbTFjRG7k8jj_MAurt?0Tn
z7wCb!x0soFt>5Dd`GrZ4c4OEdg7!;2EA7^JIEGjdNRWPKI-bI8u#}a4Z$6zZ<d0<+
zU#3*_kjz53;@T{<B(F0Z%Kz?Wx7=#BJ{6P6;jr1|0Shbe;o-DB9D=V9o5kgFIGHLD
zCh!SxJ6<l<nU2lo@wnV<4TBW~djqbgb_;+q9;fopf+5|gG=c&?Z_k&<xwSoDu;14w
z<iNEcB-BA%FBGyYQ^DMk7HV_xMx^3Dc<QQ|e~8Qziv7sk7c-R)Cr)(?5aP7VP3Us6
zXoHw)wh4pSdeLY@xMo!eL-?>JGkptF=+k_^yvZ0xeuaFW8zD&`QywKw=W~{#%#>vr
zqbv@d8>1P8QW|)|pmXeHK>JXZWgJCnlx3PFn4e&u=Tn*FSoL8gBUIR*?dQFnP?_d`
zy_laCg!HAYnHO)GRU|;;SDh8b)mxYqC-zmHlT;{jsex7NPaKmgy?Bt87kpGzQ4%6#
zUr>>gYhF;3vcp_lYa+u4^nS=+T+(*xQd`yqY%VVA2Y#xp7)B5-tr#b~@T;$yrt2-O
zn&<nfuUVF7FRfYEcd4)2f;N}d?fX8}b!C!xdN*8V<uo?kR{t07AVy;ga9X{*<$XJ;
zvHibr2mX*Knmd8;3@bbCi=<6?A*jYHyP?E>ntS2YIV*dS%-x#%(cD`r`>{e`&4YL;
zqSb>$B>}C&WG(&GL!gnL)=`>O&Z>E|hp60fHsI=ia0e&(5e#c5g$eT7r^V^^YyZU^
zXrGmr*R1^)ci?3SdK1b!ukAv?zo;K%$h>Hrl*hkpUbN4=Y~75-zXBcBWL|Y#PT^m7
zJziyA_k5xd-1I>+X5I87D-hfcE&^$PL-78Op-ViZ%D4Y9bh){?`Jdzej{hD1{}%tt
z(B;3m@Lxk0sQ<TyE}Cc%5}^>nkpxl=MWadokA^O+f;10hti;nf|5rm7NWY(I?HJ|r
zrHX~p*?0-%ij^AW)|+F^mCLab^)Q(4%~h+7mSKsDAfVk^E4CQLC$)#YUdOk?jNow(
zW1U!k$Y(;N1O}nv(0d~FtYqfhVS#=UWF!#d=0Genr@k)eUT6$gDC|j==iYn(ik%fx
z?~TqTs@ACWDQksvuOpN2JO`PZLu|VTpiz_E;b}cJ9D<rUq5En$L7X6CaM|f`U(j1A
zs7BBKdUdhZ3N~=S16OaIq|ag#fb@M|n|2Tt{1kcwE^n<b&$m%I!6IK@x0E{pdXOve
zfv`Wzc7pbBLw-vliBs)rzUYO_hv1l(?S>M#pX`Qls&VB9qsD4#M^NOX?S)g-tY}3s
z{Dd)yW|<q=iRQQqF^RRj95IO#L^&~uH$#>p(-0?$C`x=IA0<<h7l2nwR+iT~^j6j9
z&ISHwQB3Y`pnhzYrj<awk!JoBY@UH%J!+om&~jv+g)=E-;pmZQZjqyQ3&_olyM#ZH
zr$nwO%;&iZq4J5!&`>Un7G5KjN^Dm@ExOXv&MOHEJUI=^x*8%4*Ed5TFB3(GB$Rtk
z*VdN<f2(-Ql*!MLs>}kGtJ=iU5^7uLcg#g7mzOqR+m^*iixt;97nE)R_%1^-?dMB|
zY#T=R7R&9X#7oOO07mZ@di!G)=FJBoX7;-C0Bm{_O(pDftA~<hqPFXtmaXo$rA&Nl
zVG8P-%ItQV_|7QE=pU}R#1`vL8*ZhVov=}O)#mk)a0~5j6c^VXn6w*AT_pJCEZrYh
zGR!^dU73u5;ykA`HKY8tPGgTXgH?L1yXGz?Xn)`9oj#q9SSFwx!mgskzjT~Dk|SxH
zW>wGM8%9JW=x@i_6*kW1%xEf`-L8yn36^vPV;cMP43Hn!;5;T9nrmY>4Fh|{rK`a+
z7Cm~p8&tfTEj<C)H7)-%QB$AQ2^@GYRNWHr?WdRYeO6nOS}o{68%N`Sl3Wdjw-dgk
zEw1S(DDHKc;T+G($ohsgFUyA33bJyJJ)(nC1OKy*(B?aV_nTKVRM4#w{C3%0C`(+~
zeSolF*@KVrb?Kvrac=38lQSdToqEu(?iaiyh5T2Pf}Y~H!N%O0cYM;%_m78Vhp&C%
ze@I`6Z^u17>Rb0RUto_;$UDk_L}A0+4~ai!)RKXa)_G9KlDP{~j&xW9bC8X0Ld}jd
z0zY&|V0puZIu<E|Nj7ld>A!OX**TiinnocA;V@x{qlV%|>me;Z{z156vIXNpjedqo
z4*dA62$z)IJ3k^9zJnhN)eDNp=zA8u|0HKpbd|@<<{Hd)OwcrVFvgB)6}#1A7V`Q>
z>@X&YkDg-{jaaA!-Luy<P>mK#I**Rr2gh4pjS^@5K2PvkCegiF9}!SB3;#Js53%SJ
z>L6M~2AwVvktWB%Hok|8{+bm+Ji}>qo<`t+F2yXLXyuIfn<|20OyK8nTxqlkUhSbo
zgO+m4H`h(G3UMi|p}Y8sf&VOsaHLf;?$XAnkDQ$W96LW6fq{EP#74NX=1<59N~VV_
z38ym5zKIFIjv^7Z*GU7I#AxepGC1jyROIdV+4i=F^t)2i9@4CQT3}b1$h%Sb^<son
z*b8DP|CR3Fcx)bUkGn*Gl$pS{q<pqL3(j9_ir7+Yagc;+Vys?@=)2Q}-!97}n1>7E
zon6Jq=*xw%ac4cnPYRB0f7WVyk|rrH6tL<2kX@#jPq%+4;h)@;$39V{D^AV}(xMiS
z@FXpfw=A32r6D_f#tq1MsG!WMkYtu7$uwWA5dTC~r9@b$?Ow>>d9+raj+|_wX->2z
zw9wdo6S;|Yvqrqk)>+h217f+w3X<w^s7L~VhpMqUZo7+32r|rAOHPKDW?JXs<%Ph8
zT+;D8to=v@Pt1xOT<g*)MObZAr<O)Rmos7zuH<41bHm?7aODvjK%xKN5__~<mAsXW
zeCHOHL(gQTtsDO0-WXM@g58;shR)*b)Lo4aIhr#f?xrq1r}zxHt>dG))VV!&aYv@T
ze}&BO`PP*b1EGV*xQ#xwS*rUb^l!`VceLBY)2_#6#^f0|?#~kV9`d4E*nRSy*nw8>
z`TN@TIebG1^acPD%x++27#(!a$iH~!8#KgDqh~9eR&)leFxtmmu;GdjagJU@T&8i1
zD2^X(w__9{s|oAX%^+J1^P6#%7~+0gjiem|iUNTM5$9>45Ktje?0ugc|9ME;jzu|U
zV}DyZJy><=FkI=_)Y40HSor(>O+ywH^Iw<ozQ6V0bV!i{y#(AgOZ~-+(y&gBM$V~K
zo6QtVP7Bs9t*L9b%R5P1i?O}e&L3AU(1?>og8kyNsHRQg+f5eF(s-TEArFG=F^d^T
zFEd6JP13oMV)7mi?Rl{!uCwIUm<o#vXKGi+1l5O*dz>?I(#^Q+_^PkX?IS?U8cG=%
z+xJb-%E;3ufAcE&d3`-6)269I+@r0l{QIbtUtO~n{yg*iY~*-}8zg75e1r2M9V?b=
zLN|RsI^%M10;wG@>+t+r=(@(8seZFwv<8?Y(MDn&AN`lNfc>)fW?>%(2;1HvBv%Ir
zfl9!Za(eTK*SWn$<lcNy)?UGuxP2OZ1_!3Tr|)puuo)LW@9&7Y;nBmBoe))w(w1}f
zWJhiYe)Ldg)W3z_LTsRam)}<(y=b9uW9MJ@G_atpE&0;5hdu{<2V9wf>wR_<B|IFZ
z*<A7?C{C($asTOaHzhTmuc=vN^@mHlSN~PXb%fm@v*R#`PpH!K4C6J|=r(%x@zw2|
z;KD<e(SMnvzf6kqm~DOJ?A4LiX-aO_o$dC#C(AMs{led?)ps<i_^=8b^!lKR<Ns3B
zy<Ga<F*wfYS@^g6C}o&z(FE0aP0KGQV)*4^)pq%!3A&2$*k^6<@;<w^dums{<&OUl
zOOfI0wWPQ+jpK8-BR1vbov#|P1H5t5^Oo}NSYTs88KZX@_p9I#+uxS-ZC+o2<NZS8
z>%j@{qU)!}J5_bh>-4sj@>j;!C#U4fqyPD{pJR%Dow>|2YyjMd$r7c1g1IT`i7)A*
z-#>H9zF}RgW`CO^|9X)C=o7yvV4%;EZkl-Dq<ByTg)hlUka)2TklD>8B#7G6Ms!e}
zZN-+g%#^DwU~Azo=SblFu&+CGFbte&17&dLqi{)Lz^IEmEYx3!qTuvoB6&~Fdk&@F
zBYKc&atwv`3+#;FCA2@-0wsoin!@?E3%g|(hH?po)ZK^ZoVW|j3QJLj$ma(!j|6*o
z2KWqfdbJsPhC6(Ega9;kz&Q`vD3WUa;hIP8jx*-r2$~{)xkC6#`2)FvE7c=3aYCjB
zjkD5Z>B%GhJOIQJBN$c!+*CasLk(j>BMY&EqoJanEUbz~BE3`jTHykBo1<7pg78J6
zC?&1_QANez7>*<wcArF0P=&8(M2@vZN2CS}u2^DH!~{G=XM4uva~ZC2*_)`x+$_d?
zHJj{FsUN)XTen2J;LvTacm%bXUc(t%F2$-Qn|hna@xu6>y2aAK_{o;WA+yCbAH}UN
znK6*ZUx>t;Vc{bH;@sS<P|Gc7zek~uQX{PzbbBWJeKI@6G5>XHp>7)A7!-4&W<kLn
zi~B0jCz417OvE1n$1n~iNHio8!6w~!Qgf8+tw<!@wDNOl+043F3u*o31px&25;M~h
zwoj5yijxx$t=0|`Ac~FDPif=<{Iy4h5GCx2<tYjGDTCO7$B^-mxQW0v9j%B&8){Dr
zxKQ~an{ACSd(Bi1CtLUQR3;|}jw4`%b8x*!GV!qEh=kW65cq@JJE+{FY&kU&koFFp
z9$)6&i1W))DlL4KqCnl`_DI{P+^aq<Dk&n}uGrzC#AE7vqA?X0I;Harm5(GhaMmoN
zt(5-G)TjJZa}9${%)_h6A~N|kb7#afPbw3O(j{L@^Tu2{-_#ig+bhm9bC@ctK`YVH
zD!SUjrxX0F$K#@E)o&QK=oX4=qolzty)4_htf$NAB?;@gc|@;;ox6SNsvwcw!<F3$
z<!*57b_z&}#`OzQ@kkGG&P!zpC3V~*%dWG^-7f^FP<oVt{`6x+<#BtML5XaS<^qN}
zzCd}U_d@s3p7o%Zq~W}RSIdqfM*@t3z(MXG^W31}{7sL7M2U<V?0h~?ycs|)9iWh>
zHACe)>0FDq_Oaw=L@Wq4w-;9s7!gGTMa+wk$Hr42`7eE$yZGl>VV|S{@sqb2Zn#Kf
z@u;V(wsb;KX{zNIPsS*{1+c_E<0o}%uz9*8H%^dCdy$`Kpof=FfK{n?MxmZ(X%ucK
z*dH$o0^oa)>gQGw5xG_tI2I6sQ06;UMn{tBSQhAST`r1Kex#KQKM?inq`aTI+*#UR
zW6fDWvizN_qA(*8z@z-rv;2jtZ0JGFPAWXhx`2fOm;$KOm8_`TuPmj)s%jS~x27G;
z5D=uPjJ2#RY^jQ>s31+#U7?PH6sh*{swzgPiXSW7@X~@S&#QT>NHz;z^{U8zE-Pp&
z97PCmT~+AhNn67UTliVair^GWUbQ&So9U8Hf>rn#DN_tn+JejTfK?YK;Q+lZxm#5C
zgy7<BYV)>M*f^MkYU4T4PC(C74~>~E-e1qKRD<yzBuo*Ync@0f&G>|-mIx6X-n3RR
zmGM{8^%r(jq3LM_8#zDwx>Mzw>{TT7cPVpT+Va)2R5f8AlJ$n(va0od@+tKa>HCIu
zgi2NIY?*a?W!?-0P=m2{vr}L5tXESGf_K$&LPQItOuv=Zc@ZZYWyYDa;d>H`mE~Du
zi$#gdchgqEs7gSGpjXFV#0a2BCAoi8v<zD78Jrn3uqin-KKk6;r9CCwrX~HY4Fe05
zBx47XE>dX$ZQ+@QtYh?Xwvlkh7bk@Qb&|gNE6Z&HbKaZNGm~q*+v<6vugdBgby}k4
z+V^-$g4H`1Pn%;hJJb+54|qD|$2*#7=!WpA#>QI>gxl4QB7@&Mx4;XXe28sM(w&i_
z)*9aNdc3LDQidxwF-k90`|F{iFX>Ait;w3*f2h0irBWTVd%zhnPnkXc`Nel2G<ZrE
z<WcpARyM1Q8!N##F0t1HQm3oG$L*)5sl)bt;J1sd_nN<@#ge#y$3Z{VOJY^yrbrz2
zADni_LuafTU&V7`v@(8cWXkntCbBhlMcKVZWYA=#S6URE0pw8H0o_(*6rEjIRZenn
z10qPhERxRS>BV0K!sewci`oU0h+TC$9ksXV%4;QBKEG*cT#pv@#a?=Qc(4z-orNt1
zYH^F6+x0I2o+NziejY9mBDwZHa{u}I8%6g?&=h{KyW3~VfX}JDO~SIN5t!X=^I&*J
z!gUK3DEdF)3E!<eOgsNU29W?RhPe?&C%8Cmj+vbPj{egD#3D60*_JU_yZB%HTRY9&
zEy(|^HKsHcojgBQCOdRdnGfI_>@xLY#!Hv&9Mjq;D&_61EiEd=7|)gI4;~wj?i}*f
z%}L6d5Tu<@;~g78VxOoQPO!|RTAS$I5DUNWAs?OGzi8Ia$ZM!FdFRdUjw&k6tQ+v@
zqpa+C*l-l|0X|%m2uGLSdQ9(C_WDIyfo&VkXsY2P$JY>NU?#h^e0slMmO1OptRu|+
zhOYRq?LhmijyY_HuP#L;Ov1RF9nS3jw$b;KJ`&0k+(W`Yx7nV2!`tvhFb`htp6Z;V
z=byjDZrNE2;O4Kz)(hnKor8Xz3mc!Mi>bm#vd8+=740e}pKKDCT+oe3k(+G5`_w%d
z@6p(-B3((Dqg&wZQYX~=_X4{#$+AS?GcTcMYHKrZ?Q3#nvxM&(8qu~?ptVT(F^h-c
zr9e2{hB(Y7w<LHOlC!w199_FvG?&!2=(9v?<{SMpYWbaS<sN%=D{*?0+tez2HI#7q
zdy=-4-h473jCf(yl}Gnzbne||ZC-QsSDULt*VODqXW-|g13;-EX6R1`Zyn7lrFEFB
zU3UqB5NIP_ZZ*nNZ{tC;y>)&W6k%T_7iJ93Y(fFpF5erBj^WwstaD~rnY=I39jvco
z^w9E--L6c{o={YAgy+XB+2JP=l_iF(CT?7Ez2n4AuWxmB*<4m^|Fer_!rjCnY)d@Z
z&R0*MvD~p0?puXxMT+h1eX{>1-<HNpkM3uXP_e_Kwd?1x3wzb3Uc9@^Z)QiaH?l5-
zV6`{vEwop*M+u5OIooUCP5ivv<;gaBwcBT@PU6{G`#G_{_i2U7u;RD0zr=lj{2BS^
z%OKMowm5$<)z&eAc=*M$mv4Shl+`vLbC5l@u`*`*;j5z#zmS7-(5-H*<$F|4m~bw4
z2=HCE9gBmrIl@Fb)@3lb{ag_qS_NB0rux*R`n(2-b~#K39;#Vv88vru`RE2joNSpl
zwbBmlbezQ1OeS583tr_@l=S_TInmX%v{_0Q3>_3jS#==lqu1@FkULe*nyk<r|MonQ
zWOvr+7tZ>YPn9)LO8?7;-l>OsrbeJoRW_@7aq|btRIXo+tPgh{)WC9Qp5^gL8D7I`
z_Bm<Q6cOLBY^sTp&&msY7vWa<n^x}f>FKK0Fp|zd9pPk-i_4vq^ey)~@x|(x?Zru!
zM5OF!6~npDhK~6?lj{fb7fN_HN;9HtPBWSoj><?{%{AYOYj3KDT-nvDJtKZa;j`b_
z+?L0hym#qD|8VSp(b3Q)7(51>;nFy9l>r4voM&998ZTp;87bOY@^fdY4RHf=un;&t
z2>67!-gEU_BTJW5pyUU}&U}SFNKsv|lsxQ5#~j%kVnekaTrAJ*O&J2$+ds?WQ9u@N
z$G%gyh7PIC@?}WKmx$HJ7P$xelPe+Cq0W=#j@M7=8TBY#PcF4Hpv-4`xlW&+eT%PW
zudb(xniJoiXLpB}V1pOC+UG{v7x&MXi0zlC>6a+qm&Be0-L9AT+Na>{SBJ^2yk9ec
zg0Bf&Pi0@!&1sb$_Js~#?bX|lAK@=K`0q80WmR7-P9RXbLp6wT|9$Mece|<i`sj=P
zc__|u5cNII;awQ~#aCWig0s3Y%Na>n(4LQnZp(nKguF?w^h%*n=bPLo2?J)-0?%z$
z_M?JN{0FuqkB<zFeu3!l0jmWrkMkoJgj=Eb%k<B=R}hd8e;@*(pa}RZnezVxBg12<
z!X@mAgu@~7bb2O`3`QbjG9<&z6%2)u3i61iD<4V&aim&;apwzUGngos1|nDshSTAh
zpB`3O_j<Fb1c{)n6|H7+`82S|(-y3x;uH(@^?2AVmn!u-NG5UB=@#pG#*g>_>h$xO
ziV7uWktvkA)pmhfk7wvr(yi3bKeMeKtG7FyTJiM4Judf3qP6DSs@U&VvURJ+s(I(A
z^@@OKGT_+uRHpSd|DK#7MC_a6$y^PQ99=B;gViL5A#vJ;^RtRp?vm`4gyxNL0Bn-q
zoAS#wDDavn7h&V^VWtiDy~Uo(`+99%>Aq&`f$Lz|M+Z9$W$tQz)^ONlYjcIn{WPR8
z=vm$c0RH!JZ1Ox+Jrx>t1p>3k$aXwznZ*4$K)I)5e~m7zY5xAXPfLbGxiP~Sp<gih
zXJ*fPhGABk*6|-YsKBuej@YM83|<IbRunAoy<P;xEgD_|dDb|*=wZR8a%3jxW0owT
zrCn}hCvsr6xRuS-nY1b|%bAKk<sh+;p<{k}m;hi4FU!)8!8*#iY}z<EIQKC#**K95
zR-xzGtzuQ+cWYOf;BPFvS3r6vTaXZ1r(>J_L@{Gk6#qr9q9jFG+%(5VJm@+l%Xzra
zDKEIWprj~4uA-`}(1oU^_RQv{rXk|PzQn4N(yU%@+03rd=z56Bsp}2BH2<G+I$6`i
zjF)3oFU727*gV(nhqjeR7I4*|GUid+R&CK;$G$71MaNMJ(_=$^oc(#jHAT#0Q+C}g
zRmpRIabCg8JNtQy2YFFr+2>u1O+LWo(_@DnnnQCb2%W)AHdIOPWfuiI<z*q9mgvDa
z`hMPXAA<L3g(rrd9AuiLAkJ-;qG1j)OZ>#=Hcc1o;yOxq7-~8aayrt|PxGj_;y&^6
zr_i=6M5E8xFASM4vkENtNu&z)UgEaOkxN48F4*9eJ*iMZZtq6FoVOb)uHHg9FdZyO
zV8;qW!nga=RTFPZZ9{Nt4H7HS>1^TFy|ui2+2S>A!K_3T8Z2Yr<7i%%R}zAS!v3%+
zj@fchIy`}z-OZ#&Rdk${vD;{wRoMRV(4=JX>AY;<!0)bUq_A$b?l8>nvFUM4csOSU
z+r2jYmr~$30OEhdI!+^>Z!q7&{%^#(y1F_?N5}a1`2Q{7{O|bxGqLW!xd03I`Ts$z
z`#<Rm|F6Wl|0nc?BpSW3rvF2%lWwk9tki7$AF;01us@Perscn4-F$`KcuVzqtK<Gy
zwhSjZ1cclD+2;83!De>=6e7{Z4dZ|53+L=r|D`Wj;ELqPf}GVxfvh%LvKXxYr7uiB
z(6u+6&XY(L>Q82rpN)I!jOS!Ou&b>%xtw=L=vZHG_Wo`BAWUhy*&h+Y^Ka(^-5+CS
za;BhkwY!BZq?-3kWxqeI)qi$G{pz{lRlYx%zZQ2$?s|K!-t<60?E$;J-d~>A#`;@+
zeL^Td87M-*Smqf+gOhgxkq}x86;L^-c8wqGFn5D-#@zDd@y$<&bqMz`_QJ?A*bC$+
zfn_9`)N>1akxbT)dzP3(mL`U*W6Aq5d_2vhvVu=k2LSdl&4YN!cFZCf8H&>)1vwOt
zgCtcT=ApEPdO3Lvojm9;RoBcaHPsLZNJ*p0w>ruoE4NC_v>iG{%d$(PKF*e&<xb4;
zeBwsSC5AjZ&O?TOOUMtV@cL0e$Xsz!2+7r+P!#`D+DbfCea)f-+o_^FD@WYoxU{Gn
zgGQ_rh+tmvv%cc90$3xAabBq~rM*(tbfj&O>c6Kwqu0A7)(i0+`A<MyJB>B1$eb@{
zfYH#mKeiB17{3)EA%4VH6?Y3a6L?4SSK2`=p)_5z<Yz|_*4#;nYqy-dmD>w<Js#V~
ztjObEXWx^Ut_SS?<5g^iNbX?l*<|rB4f4>!ukN1yR(aiL`}9s*2g8qJ+k$T3ZTk-c
z(W)MVkN(}c7D<f2Ig3=H{nh{<ymU7f6Z7F*XSGJnFln>q;}VAEK^NcqJ$l?FUEu4(
zd=%Pf{brUw*JojxRixTrj!~z&xk~x?m}N>QY|?i5yE<IUisidZOHh=0_LFx@Md<Ci
zYi1`$m<qUE&%>)~ujF}aKbz)$Gl24(+9?!G|D`hB4?lA+DplI5F-{_<rEq~626UJ~
z(!RN!rDJijmKTOXn0J(7|K{S=F0p-7Nr_<5Q9Eqkobj|||2}IB4#U0Za6sS_hpr&%
zbd+P@`ncUVYvUW8aQNK6r(neM9pTo0xq8ItS=s%!@hi(X+&Qf0I-FA3L7?nxJ;v<)
zTtZJdYG^n&bLeLN+zk8__2Khmx@Yj^smk|zRVo0gDdGCZN{cXgy!uPJ{wEO?{xY+o
zKgI#BSE5HB(o&?Y(i;#~DkYnCvYLtX1LM$hJ`1J9Q8*S|sZn2(dcV!lma}L#9ws#j
z{qwBO8*;)3K=C57)Hx(4V5^2^rctz7Y#%Y{@=GD{g^~(I+C{h%bGN}#tZg?$LG{A8
z^WTaHNu(2d8S6f-oJ$M!noW$kGy%2~7bTb9ss4{|X@r#rxReYIvEJWfHy~Cygkche
zzF3MjF#wVfi%|&%He~RtgOV)H-xCuLWRaALx?~gKOevz%DOr=b|Fk$M6eiCcA9;?c
zHq@%<HWkq(w1^S6I0K!62_R0xWEeTdLRueW7)PP%P+(Nj`X8pg7^q}SDUt-eg?E^9
z(~IB|YSR}klqO#O^VqjeGVaey^g2OAFxo0v`(($qC#3?e72lK24%B3l!#X@a3(O@3
zT}t`YaL0G$TylT0kl#GO&p?GZx_r4R39%-TujSk4e+w#t-nHTn=Yff6F0vG(kHq0A
zj?E)bL&Xt-n~R5$FI2w3l$O(OOesmWNp+@{5mUt&W4AAHOHf5b4O2lLZ3@)>pmz6q
z!;&YiDH4^FFN2|6C^{lni?gjzIo_k`8I-P2$wpTnF6q&-W3NnmqtQU5Udj(@rZpox
zADpvZYBV>~_f;*_S?^yGPM523c~sDI5M${)!lY75Dja-z(@6D&Hm4`O&=neH!^PxK
zh*YyOO@CY|ms2lJ5!*6j&eReThbhmlMnc2KFPUjaqsN(FH^;6R0)3V*HPNY#!y6##
zFpOfwHGf7MB%Lg8l$bXUL{&P_&#z0GBegx?+4HOmi?7jmXoyYXJAXcISPqdVgjLr#
zmsFx@VQF-rzFv`p!EJSidvqSqU#oz;rHH&jx{Ud*wO`-#A6pQ*FCSA}F3<lUxY_i4
z4CeWhl58Ji;gsnjGFjhxmn9M6w4gGOjh$8Q<THDAC_~kGkyf?TSZQ_;T-AvQbPi=A
zS8DdMtfZkpY4@wIkkS+`)t6w_WAv~x<99mJKyfg9<GL{6?suX$*f6B7@XUn!mKy68
zO}POcvkWwL&c={1=DJ(?J^fSL`<F<^h54NoDy!sd0a7~LC&OwIKChEdPV?qy(~Gg_
z(wXo=ry1ul!&Hx|BxDnxF?Ekio*(eQrh@&4Em~YYn6HuSuX{Y+x~6Kld{ZiFdUG>O
z)U-9God6~O;*b8s2@Lm&QbA;EzI|ji2mRFY@ic~yz*Orx4nwP{(bEyNjNYP<8q20q
z%ihEG4)_o@e1M)!Q!!pijIar~VxmJ2Mq||vzG*3zzg!vb)_czWN!~WiP98>UfwuXK
zr+D=|1#lHrbJ>EVL16t``)PR@>{37bs8&21y0%Nt*>x`0?9HmO38Jy7qP3I_V3p_n
zj78<;rg3!Lj^4Rn;QZd#D7ieuyLS&HNEp%Xn*ZE+@5a^0H%sBNRguaHc8!^;va`Cu
z^O8I4Fz5aga@MXsY`UOR0BB&R?u!?cF6o}P6ZB=^?FBoq${4%P-iJ$1l6@Y;7g$oF
zT^0a!tk=IadF5FLxzI>0WDSs;F56)0&{?gmUtSR`JCwO`*Jht+sFszJXuCK4gI)5R
z?$~;sdhUMzybeI^+<{ei`G*g_30LUc!=8Q_;sxKvqdqy1D!h*AfbY_#JC8W0U#Gmm
z_h|-*>x1^kZk3HYooMl=3e)x&*@Tzw8kn5StM08DgjY_>Zm75j?{h?*3k1&XEBQo^
z)gthx-?BlMr6c$2w7*sY#Mo(V{2who(MOIrDZAG~e0?v*c`kc~-7KWRpDXwbef!UC
z6McfWwd`n>3l984xPCU+%c{E+sO59U(l@j7+gsF}_Ob=ON#6rbJp_A2189;Ry~rgI
zhy8w-1|a<OpQ3d5F~XI?p*+PbfPo`c8mv^BBtS^T_sZczswsZJ;evZ)yB8>c;3<a7
zPC;qux^3=9@+|Yq!id|`t})CTj@9h9n*V#Coq#4Y^sxs~km)F!yE}}aEDouHq(?ia
zv=WZH%84eKCMWNUGS-|a>xzGmTCk*Y$d-mF_J~AfKa)Y4j1>p-qB9-Zi-e6O1v8fU
zHzhXH6P3i0AShC%8FWW)%fFuu&paMxTmclJcf#S0CA7avT?Mg;c>6<e!W9`uL<K46
zqb$SSS`_R&bxn$7T+(Dto9TyvVJ0}D$AzZhX(8X9B8-|NJ^oq35l7WXS_icSw2}o!
zzbMtUSyS8*mYhV@?Hc7%Me8*L4W+p(xrdJ8=%KquO-icesYc9t>cH=ZFT#;zCdcRx
z+ik$nN<7BwaM7$##TGnEc3H-n&dMH^#V(auPn^U~Gz$(=#a)x@J&j2GO^$ne@jD%f
zGZqrNgo{U155JX+KQ0T0jflUtG(uX9LwSwg47dNe8V9A7kn5I!^BT3#mH-WkC(??4
z#7WeIbRdH#4QEfJ1ao5s4eHTE#A_}vGD^kwKxxpPstiNxvckt-|BU9O#`t@XBnVGF
zN1iMa;U<Ei#XB0ObVx5zPIk~1B72v7kE1#-l(H6Xt7-L%*DP6w+n=d9+2E9~?4Q5M
zt5!jQibVv_idxOsDvo<e)qy%rnj_T)#MXP1;sNrhD@yg&vf~=z@W+i02vv43j~!&=
z{VSD*1EUaT75ngz7B%V{!<~-J2}ra`e{Eq4O-|nkw<{`5w@h(UmU1qzB0j((%Sn$R
zXv-*l4f8+Bs6FK`e$7DS2-q^o6gU1eRFvtEB9`bO)vcBI87$Bbp!i0f=?zdE0|E0F
zvP@PLRXnmjTa~1iM6>GxgXF@pyM?@!;j{mREBS#^h}d&fS9y*A$)wP{JEu`r!HOHB
ziGP+EZdbGaXt_L|(zB)Jkd0C`r{_YJX<Sk#@IXgHR4`q`xWJy_eE^LRc?gX$gHgxw
z;@R_L)78JY^Q%G~v7}So$c6Ewoqpiy6VntRjWLk7I|&38P~+v1t`*#A5fHw`Xs{RN
za%=fP6|%c&eH9ckY7p2R7P8?KE|3?QC1s0S7d)jG(P(GO@;FPr(JDwMkEAoJjJc}M
zN@#d#tF1ZdwC8JC7hatv8e3ccRV(pyFVV-7&*ozK1!ZQoTJr5S6c>}uRh&K!E623G
zgdD6C#>!E87)0;LgXR|*;Q?p*nern<+62GQ*nCXCz04-T(^Q0`)DI^inLRS$#Drxi
z_v$H=0^aAErEJ>LKTVq`-5e*`I$9Gws}?RZ#Jmjn<d_3jS%Oz&O&XCPTp{XS@)IW%
zh+y`8zib0Lq9sE&!>b$^X@z-I*@P#b3dfv^r9PVx!Tnmvpi&LZY+fZ@vVy1EXjUq$
z0ujzrnLtxItX*{ejn2cmeDb6!0ii}SnWX|QF5S8oZnma!sRB2nrrA0Qlu=gg`NJD4
zCIYj<uI0zjnnhuF1#*WujESWQ9>wQcSc5eS|4=2GP?V-S_JlP9!g+nn6U)F_<tNfn
zQ1t;DG`cz{yv}`5n)AN?15?wo!jSE~Sdu$~3$dgO)L6OPD6sC`f!pLz+9;|M_{Y1+
z6c8uf(Imd!^g7(6h~KQh+pO%Y$!=p%k<yIcVydg7uVd2;72a%&2vpN)nWa#$)cI@C
z(W1fCWFM7kir?x?+wA(@(gSGSEo$*X^ubtfU1Dzy$gFecZSzTQ3eB_#%52MAX^FP+
z4S8>?#RDZG*7@szW?I|Q#_KXVKxU(@Iq#rs{PsQ0_M(pT67P0*==O@J_Sp6IN*Pcc
zen%~D$4g{ei%dsqX2*kCN9TKO$9o4VV(UNejscxc$n%a7?@B;N=a8;U*3^5a9$pt*
zXve~Nt&vyPqIc)oc<0P|S36JF&Ux1=Z}-Z1(UEt>WM+5yc=z6U_Yz{yHf_(XOwWl;
z&v{hOb!E@TdJp)$2ZEsY8(;5t-Ch`<Ubw8@QnVlc=O8!|RL{5nP4@iX@&8jC&&mIs
zn*Pi2gvj#t{x8gvnVI?PYjSe(zk62Jf3~mxTs8i0OfoYY|DR;f|K`Gf2f_Du(Ip-8
z`hwt4X=Fzn^ZP@8{F08AbSfB(#9_3a7;!2bj{Pkdi6rG*G@3}IP$4_&Ts#hBG8l`N
zaw(AmLhKQ){D0kB(nCAo3#ipwZ8V=R(5q~rUvIVF|CdeM%COnte!sU_*~+-x;|B#r
zMAyc&+aHQfs$bQ{ygwXEDw0D7VmTZKvXWv|&Jzku=Ltrk$ayuL&Xp-t%1?SVpD)!J
zjK|7(w_L8ZIh;>TdbeJ0_4*^C%KNn4?v2FJDopu+?vG}2Wl*QmZF#@1G}>%Wb#**n
z@AQMCekpW!zTThAR~k%r{~u&eg`V!u_m}(g?dcxB)w3L<)@cYREG|@t?-X2y{zx1r
zJAZ$OQ|$(0s9Wy-cMzP|6EgPk*SGKA6n7vl!_#*7zC+aQM$)yM{Fm%WwI9vK6OIAF
zX`D*>?JEZJ_qX>SjynNV-<VJnUdlB06J<G050VtcsmYUJ2TTrAH1(;~Q?%T1<1~4^
zR>{-gT+8Oepe9^;1Ha#hLI{Z2Td2GLlD9g}_B<*-&hZ(N#M0N<OCo~^#*(&-<3Y&4
zPUm+IjSH|M`b`!K(VI@<QDF3J;*tA!dRm$nN^@2QP{&;d-nN;XR1k)q;^u?%``*eD
z&9%ceBWzIOjpJdRQ?cCL-rlIn2e51|>PIMew{xTRs4R=^g=8oi|7M7t)Jk)B^~Onl
z`)wL2{Zz4OX@)XRYS{}8uPI3{Sw96`{yUFtcv!Nz?t0O-tgtPsh{S`aCaJrw3<(uC
zueOBIGLByfsWf%BzV*x==+)<>{N@7oxE*xW=Cd6_ht0emAxpKr8{JmY(a4kPCa+GU
z(TKt-Tz<7=5U@x1Ft-$*<F4&H#QU%Z37F74bRNSHGLFe|UOvnhpj>G8K;)`FHkC)3
zm-RJGc^wS|W0jLY8lxf9xa0d%u?*w*+u9F0mdY_NxGvj0Z^{i3V1vhJY95^nEc9qy
zCLPz2sB5LYXn}2F{o_~r*Y0?R2ZH}uq|GJjfH}6ZJg#1k-!D6?7YQ?@-z+uyvzn{E
z!$#i>P(C3YwW68~J7uHw)89_^tO>a2{K$oVyBWZC_yA1A3N$wUjRm*%M$U<`2K4_-
zC%L@O8)^G1^6UEZdFL;qoAu{i<y*O)Mwoe)IM6e%b)9v@{pDfVL2wf`KCBSTbEi<h
z`==cv8;7&}9rq>xPS(&PYq%GNrOpUNcX6NZd&e5_Z$E^IJQ&Uqp-)R26+)zZI0;GN
z=S~z>s)c9-m63m#?R6ncKKV!{lKr@Ab)j6H`6w<U{e(400bp{Zf*)aA19pH(bu`(6
zpQ$4Q6g;;P|BLJ?IY^^@`#)sQkwFHp+o=DO?1^_~vw%L%yEHPy(S94_7+pwkEIG`x
zb{p$CQAqSWGA!_R8yA37^cz-cL>TWbK3ukl1bcKuoaZhf*fsgh`U%CeZZ^?oz?7VE
zbX3;eIVlH;oJyj6RM~GXxj>YhT48idwZ%E5CYqeiqI^uddk)wzKu+&4I<EWVoZ5{<
z!4y_LZVaAF`zK1l95*^)%Hfhe6-~ibT0UVdFrP6uK*3%+I;mMO>j)80#5F86<(zS!
zbs}5JvphQG-hQ8bgH%LDT_!HG=92Ubo}d(XE}!<hyUzt9QT>6XnF;#&kOw12C5&A$
z6Uy?Cj}k*AN=Y*tsr*oYHAyATSuq>y{7^`QOf4xvGnbh7P=x$>#J4{>2W)>RW{N47
zwUD0ASWC{j|2X1kT%F8*Q_cKyX{88|UdTmwEE6NFP)dqiDCSWsSG2QMO_yFQm42*H
z%cfydvleCFdZ;u+uGAcsUTVmAth$<@{;4#kp48r4?dV&nyDz;AT5GQH?5fniA6xEv
zYpxCWtmFr+5jWvI)rHGd8Do#H3<)b&^EX(l*VC+ySwA);4_=sZ+N@4^0UI+e=`00l
z*XBZ>nu^3OdEt0zhufc;>tevwwiYt$P3|c<y9>t^H=v4GEa@T;a+M=A@5bKG=e8j^
z2IthujU$$4&{Q><P1l>ah?+)x2%agI&G_b(*K@}X@--o`jFjp(2%-Q_K(N1_t^@b5
zjLqVoG|e}J)jo3g25(au%}<kze$P4v;H}mk2(SZHX~*VycVU+e-3<>K-4+b*OW%)J
zN6k?k1;3o<-s|S$5O!NCl+x6|XICNzUft2z7_P39NqhJF@x7Cl|B^kKqb=z6@#bHK
zaL64A5Tgx=-d~38d>BK0vkajT0VB4iOo`rA#?Ue^ql&Q&$)&Oq2(X;V*bL70%kR6S
zrCj5NSa*^0QKn=%Kl?0DT)>H}K8Bw#E0f<s8?!!nk2&XGr`)GpvTi$%?ay#x<<)O9
zTE};YP_@Uy<=K*Ad=8#y(#PUsn~Eqm^=P47`^hOVyxeRyfAny+8OYxQ*}JAUBi{yy
z1lVIW?Do|g-xh0P*{dw*Z8W}Cdxg~RO5>s}#nEy57m<$(T#ye~RNhub<XalXt*!1e
zG)Alh*n#=kmP)lAli@)3l73lBj_22PHyF;`ez_~BOr7aN@n_Ir^_BY8T8#WqO93GJ
zM1)c^HrAf4>(TDo?EQTk0`-L_)6U30k!K-Wy!oF{=OrVo$3&@qeY%a@d8Eq69@aG1
z5NFM;R*%m3Lw9Qz_!pt&IfvuH+tH)F5RpS*$HyU49QQBysViBQx=nTkkE!MA`<(la
zW3FewOknr@wBJS+y#r_>b?Tvnw=4d87(<!NhEuFg*O_Kd`%>f7V>RvbiKM~n{IL8}
zL#A&m8@AW%a?Mi<`sSrb9Pj$Jya%XXuh&rUe|k%tENA-H?K@BkFMaskH{pUGQTJER
z|Esqo@owj){R~>~y7QRkJL2?zozel{XAE-(_6fhuWr8VZr9NHNYu}a{!H+d@{1+CC
z?`!kmr<Un1=PIAKt@mzPexz>H5QUFj{GOK)!S1`H>5s!wvxlCz?uXKX_p^QQ+tRea
zQ!BXk^UCGxeGB#L5g_<^muWyfsnB!3I1PU6==r?y@A=qA#XiaX0>8jUzC5FX!S`QZ
zVC(=0u7Gcv0c#R|uc-mA68`tg0Z1<aC^&&XxB`D_20oPr;Ar}NZwrK32_$$4B*F>$
z%@st_=A9HKiklWRFA+$m8A$&U#DMdciR&-3XCRH|-(ra%9?c-$mA`y1e+6)Y|4<RY
zh5r?Q!DLGdW@!tSUI~_c36>wh;qVMrO~VxS3=s(r(M}7|Z41$-A{5gMF}B21f(tR%
z47KzOwN48~;tJtcqJj+|RTH9;F`^QM3^Pf?FlY<YTM6@d3G>4V*TD&OpbB&43IjXi
zgmET@3kijVrG<(2h1zgMBx*(^dqx1^aP8aB<3_?Yb|XY?!(-qg<0UcL(1h?kscJN+
zCP~9rG?>czBP;&#H0DRv;Lw&PdAGoYcX~$E2!-<nhV@ZJyTgSIorDj1MkkX*W?6=h
ztVD-dh85#r_(Rf%DU*=TaSp*kSkH0>-3tfZ$BYiguocC4I>lHjQCSJa`Vq(a_Qjrs
z#UA0{-kikTgh#xjMNEf@-eW{&pF}&gMNe|YLrPIYO2xyLhYQ}ueM^s@m5iKU!Ecg`
zTGF7-ONeSJjqJb)z)DX52_?{z(h`CqwZanynG-2aqq^D>OCX~|;NoFN!O^G@@hIux
zvv3$+lJTtR@$)C>!GW=>TwI|)xz1Mjo;9&V(qopnl0yrU<*DN;3zF~Cl3CDW&pcC>
zza?vq#z=uu>}FG{aOlNWldCOLv;aVHP^=1W@=6*|7B@v40F=Q68jhwMNdir&Q_KKV
zRc$o()TstisX?Qu`VlFjtI4YAagp$WnJ<aZfM|jGq=L4j8Lr6wvLvR_XnrfvUjQCo
zcqTk8Y7%a$YV@dF$P6sp3~dpf{D_PqsSG?RybA89QtAvfDBAi}mWK3<rq#?wtBh{$
z#5$|Y;@9+I?x-?A=9m^<Idw*DL?+>C*7RvcpH}8lL>9OqqZZ7P-9()@t_9oxWP@=2
zb7xf5e8wgy3pAQ|p%uVT9?yIl!IGXHEtw8&m7bQK%Lhv5y-ix<N>#H;y@1QxgiBcx
zj@`D*gB$|}bH|-profKnwY(-9ThSwW<wN7;|NWc%Wfem-mjAmV|0iC-X&LYlF7Jt}
zfTAM*M|(akUO_N!8q-=n8D6YkVIKV$5IYhmgbRFoDV$nPV_l6vDbG!UkLQ3-;MPid
z8_ne<PRJ?G@r%fIib!ZE<Li3OSWM3u1SM3f<P30U?Tls_(&YRD72|U!Y@cQiTjkhT
z7gthe+m2-z@s!R*lvrqIj)B;%-b&g$v#KRaCb^TrT3$IG(rJ1brI(<x_2-=Nv?8R}
z#3`s4rqPJP@aQy}n7NapPc0nn*ZixIe0KnLu2w#KWL}w9-rh+eT}H*CaNhSZER)j;
zZt3J|nnG*t!giX1x^`g8S|w#gMH5d|D*|?CdOm7<<=9y=19~B6M&+P2kn$`qN~`*8
zIjsjaAxqk~JHNyLFS|XWtdu%)yMld5Dr=!U!{RL)8&KwaR;q2yer5fC0Y3VsOaXlW
zfI~~|{nK-<&ldprW+&M(cI;%wwv8Rzwr$(CZQFWd+qP}<&3u1zrl#slo&Vs>y6CRz
z>ZiJIdUdax=TrKCUGCGFV~w5Lu2Fu6O<k%`=4_dH$yKN3S@z>uTYa9T15@s_QLCy{
zySbiIA5qpB!3A5Dh)ErM>){#OUZcr~>8_C;WD!@8nHFJ@52sv`hgGR~4ivEHsP=u#
z&&y0_hDi?dNH2#;ue&HB1XOBLR&!o7(tZ|rYBV!RHG*9<!I4xGZ7>;T<X1;F&J;Dm
zXEqCXwr~a4l#)l|d!a>VVk-gsDBoK~kXo_0Yj@3BjRCDOo`JjzE%uj5D<83X=ic5C
zE$I$%ViloofEbskHm6N*O`JB~@m2tI)DC%+S(Z<=V{7DOyH-<sVpIr@R68$pdpb^g
zW>!Zwpu>l;Jry=0l)IytyR%fQvz*#11*bE9t)up`qYej99~GBB*=gwB*`C$enFZ*I
z>a4N?7*YTRxB-J&T|=AxEwEi;Yk(;LU}m#xjyt%ws!PngYX#`lwVKtvb}2M2)y<CC
zz4zI5fYWot?Q5&Wyfc}%0qEJB?77+O@tE&E&k8u!>OJ)8eaY(W*-uQ`@Y3e)6}ayK
zh3f^=?#rbvmbmcBgzn=l=tYR`{qxoLaaj(1)w?m#2a(+m-qnu{*AC^KkyTky<dm18
znUQf34SUs%jN4DsH9)sDP$<|x$Wa`sUd&z*o)}R9<}nCojfXeYFYq-eBn|j-*AikJ
zVD`>S=@`Vz8cf5=!;tQ#=NV>@9#;JdV#3XUmxyMuj+eDAro8I@$1@_RJz^{!K%gBC
zH9q_VJtBu&!8?_q!ZWI-J?iY;tMN4gft6%CRm{U#3}k`sGqWBE<{1mU^37_mNRAvL
z)UF_!ivPwLEu+Ye`@}Zl4vzeY1W6w!q4dhejY^wpH=N9#M4A|6Y%RrY*b8g-;pleA
z_V;&4Ui!dn>hf;!ZlSqsrbwPl?VlvAoV+n>;udaB5}a~rXbUHtYK)#@3(jYt=&kei
z&5@|BPMg>=o4&3nU)!o_dmXRj@!y2QgZ{)l+```J!m*c}*l?S{J)4;K_G{QmMW3jq
zuA21aOs9{GnSg7Nkg6sePm!x=s_aZ_J&&oYELtfqqUD~G^J+q$X#Ae4rsk>=u9^bl
zEkK}c^sJgg&1nii$#+}NFVw7Nl58BAn7u3q783KO3cb%Qay8L?7gk3mQ^hpTSfn;i
z%-=v&ab3?#Z$?T%P2ckP5Ja>BnP&F5GT$s~*VmWE-|3OE>cwqpe_JgbPc5NcX1_(|
z{z#W}MYQT&*GY9R8%!@L!Y}LFtYB2kcxA3Abgzik<m|(&?n$nw%ZyuIub@e-wnZ#E
z+brvDugYF8bx|&?YpkME=LU7JdTM6RTCC{hlu7z52f;@r<Se^guc~|ZXfZ7<<6weu
z%@WYg&PZ?gS<O90PZ4gXamp<AX>Yu2ZIpgb{$wo3;%qd~&Ngmul*?>NpEDK3Y<A}?
zJY#OPZg2K%r22AhPWUwATyK=eY;FV1w`zH}S9~^GYqol6H=uJi7kD>1WVZddH@CO9
zD)2A{WSZuEwnj3y?KOf#w7GI^f<?MlygXMtdCLuWm-VIA&v{locvlc%GlRQx(|y){
z;n!clO?*zTEJ;s<Z}0tdMt#Msv)5p|eD7k>tyBr_`TOie#O&?TtVZGOJ9MuR>F!^`
ztcKaFW9F_CA?z{E?3;Y=1?DU}TjplU1m5uME?~@#M{e!Qq+LyKFK_SkWgi{MY?4-P
z5JqgzeNUdyZi{$quj_2rUst)U?<m_ImBH^E<86R+w++y4n)n{iGaaeto}Bs|>Fu0I
z`EFnG9t~8VIPvY6AuR30>;Od&w(NW6b#6|gv38pd4ms3!(Y0pq`3@mv_t0dg;b(S#
zA7&g@?mcUk|JpgL)IMa&UB~e~V7fW`F+8A+UA4>Eb%amM0`3>fo)hns`pJ}d*DOcp
z95mFPr}!>40MEd5*ZpiR+ItQx;IEMRF8dJ<is`zu@rFZfeV5If@HLN-;L~1l=RI}v
z@hq>AsPZv%wnn{=rKIL2ni`!dHsm?Ekl~k_s4%MVj@UKlbUm*3x96CAZiuhv068}r
z5j!*EbGLL&+q!eF2<h;sb1J|p@VNAA*&D}<yCTWkSKS5hn$u<5g-*Nxq3x^Ewi!aY
z@O|xRT!fkZ$(iyfU}D7Py{k5MU%5L$NYKFPHN)5xkMia<`6IaZWG?KZFYHc8HkR$1
zPFT-GN>|XoUB3jtxUS}KwRLCkg`Z5`L*=jNe0E#9-N!KRXVtvt``5=Ev?uwWXE(SP
z!`|LW1XP+j1(mpG%erUl-k0F}#}yN67gR^q<7WfESEIaF_qwaP#dW>}8=FvR-4Q9Z
z6(@_`m+;${h~BqAsWabQlvgs-=wjzn<5y3=cdxj2wXO#nQOlxMt4vcv1jr8zQNz++
zD?gXF$lj0W-H))T=k1mEhFx<J2<tvF(+0cGc6#eL<M)i8&rHOxf!-j+T~mKO)4WiL
z@;HM`7SkeNs>Pg~S>^4=((K2I-uE@gCq>z3m)>Xl?RUq|cPpYq55d<7|JND+OE#kA
z<n6n4s^R9#*B$>4mg<jEo7$q^_eb3KCt~pificKE0*JpGC^R~*`X9pnAQ*VMV2(Te
zfiMJG-Jx`aLjV{auP->3;*oeFsaWS=n4*bfDz#2)@Vla^bSAUS%8-YWnQSh%&kOj6
zlDT~0zZi58Ph|_mQmGuakPl@`<w~Wp5pI9vUm(?Q8#ZVbcYk>TZucaT&DjVwnr(j7
z+rVPbi8LF-Zm?GUxz+9Vx&1gcSNw1Jz;1loFm(sRktjU&&@XjI<B23%wGnR(C)1fM
zUN<1bw}!L%LXk|GsE?+L<w})KTj;l@tM!IXuj6ziqV-rzH)E&Gnbw>A0R}9AnC_aT
z%KtCfGtF>0a`VzQ-gx?yHxK{Yv-J|XGHh1Y*Zbq~I!Pv1&u?t~+u{@Qj{g@JiM;?A
ztni({ZxmyDK}ejhsn(jlMR@=E$j2I5IQAp^qHn&XS-_1bYJ)Jc91Eies+w|x2)f=@
z>;N<(=B&`p!w0n(uG^8+D82{yl^9_V$%0sjfbatc6oK*oezp|+AVFDF>?lcHHPk2w
z?Ep(JLEj6`EX~O4*dUEL%fc+fvZ~x9!?x@ENP#sB0NO}%-wrX$#nm1$OYwh#KgkJ#
zkvhx&gN=zF**sZlQV=7Mp_AnxPia<^q;FwSl4f^tn4u;7pX|wvEJNfC!r}5)SPCbc
zHA0B_Szbe}#6?xhYWP`orq$S4S<kP<sXRa)n@vT=M^UB1*aO>j-H0>fMZ=<~#C0Q&
zM<tm@zwOwycUD;jZrQbOI;BsQo>*<waoNO8$89sjjZN2Su~p0KmQ_OCEJg>N){W$&
zO+#7jp^elZQM5&0X_JX<Iar03O}`nAPW>Q&yp@AA7!N|A#HXf)%{X2Rz2oTitfWcT
zTg_BMVb<{ZLM8kcRGO*11)oZT)2zwWiM<lArsL$lPdd*+Y|z<tiV|WuEy}WNu`ROQ
zMmTk=c85PKYnoo{cIdPqypD^cNn4G4>3!7?{LF~5NCUXp0M^ZvEABV`m$n>+UAJ_t
zc1_=On??W`vTWl)Sg|kr<oX&$>(Ogg+LbH<1kaNK!Yr)EF#6f9v-~t**YdbauBPR9
z9zKRktjCF`)v8w5x63-lW9PuA9i*yy+t10j?QYUH=3BryaNE`_WEbZ>T1QCtw(s%A
z=XR(}E!*?5$}Q=hOGN0h=*9u^XV6Z8Am?JPif_t$Vb+ZQdtnoUm-%s=wAc653+V0o
zZFK7A_w!kuGr>cIbPG@74GD*&0Ay2RpLCG6Um#Z3N@wTT1DOgy6UMYpFJpr!lyN7(
z)g9(@<wZ8E3npjTmv1KTi~VEo4<W1%2fNq{@$1x&y_gWeCH)_ME3rS@!Okyz^8&(7
z`Ea@~U1WHuL1I_A2x0I-IKkurB=|UWiXkGjmUI!iN{bK$aA;I5cVVVPhj0^AV(hf^
z5!Ti@QE>1g)aS*2;EdK`ZpFm-&*`HA-|-~YEQdG+P{PFM^D$v8#e|a-qa-%-2|B??
z#H3gfmp=D#wy4G^31dStR7eRK&Xa^#86<o+^T{Q`$CN4=to*UU@%hn4D0=B5ppgqn
z2GPe9#3JJoFNtZrPbLhrKw}BDp1UM4R3f4{PEl4el(aGJ|86D`QgG$P%+>0XU#cC`
z%C1RSyU{w-{{n@j5gt-bvq`xa)n#2Jo%qQ%U?2cQ(w?A;xz9tVrQsg*d+m#|Qig;v
z%@tUCT@XHdUsz@c7c!wl%?0~Y=xNqr^b98pc}hG9AhaxU`Ra_ejPK@rysapw$0WtC
z!WH65ouxhxk6sw?C<2G(0^V?_EU-1v?fBSOITN=g+`lXTg=kVc3@nwCk5eF-d4R+w
zDjR_Z=|TmJww2-68N%V7Lvg0JZim>r2p?K*4#BWzsM`lPYE?)sXRe^MJeAvRqp%L2
z4P+*o8VW^e2sx1fn_s&v>r}WY^p)6KhCx&vJ$3#XMzGNh1EpQwCf8>c*w+hG*~-&O
z6czSi)Z8;s!evZWl(yM6T3q6*i(@u-#if#>Vo=H89xW{jE;bfM*jj*+*HYF0RjZQm
zHCDfG><SK7rtwuu)4#-Z*n^b%Z<aeeO{$%eAl66nOB%wVX^g!x)viQW0l^`)&Uk~&
zcYGL4r!Cf=V8!bP*ey+SPf+G|jhoaf>}?QP*FKyaT00kREzj3=wtACVplzzn&Ab&>
z@HATc5Uc(0p)d}cUh{{s!X50xTW)yNJGrTDopBbmvTarSf0SGcj=t~agum2QMA(ND
zN@)JuhAt30FSHxwg`DTG!3h6Vy@z#PAHoMx^$%OT0g5y1e0()qldpYHQH*+T@sxfu
zlSbuJ$X!rNwn?Tq=IDa<g8p7e50X~JAgkzO^m26zj-N)FmMfLbYO@y2V8*2D$YWI3
zm8ocLM!qjAYCgv0DGNsC97wcz-COn{H#^sCoU3!OTH~q6<lS88$WsYxj>S|nXO1{g
zG14=b*Z_k<X1r)iu}aPbq>^Ux-^jv>$0G6mF|KH+E$3R!8Y|t!wZ)O(XJ-B(33?4w
z>uOz>#)NKb@lMSctKe3$ZgOk#0i=zB+VU1&97&5X#QZhzHW@G88=bVQtp`b#3Cn3w
zO<*HV&!qJsriG5UD>ds*GlZVmu>`T{tJeC@%WI4L3uRKeXVQ!|)j&XuHuC|~%3JJ7
zH?v0{Ow`dpYJi6I#FtF=#nsjcgonJJjg(s$cFbXL2~%2!vIfr9_WaPc*XX#iubc9+
z3t8?o7=nGS-TY)kHb=LO#DnQX;u%!j>j0RCv)v@xF=&fb2Y2rNap=|sft*QJ0MJr4
z5P1z*ubrsvMmi0{Ct}}=zSW{u;P2;jkaSPsPVANn1-bgT{iAs@ZKzu#7gm+~Ak+FA
z9S7ic>yCHzw2$~h%yYLfyU>@iP3K0q2<JOu%a`>g7RRPst-GFAi!lP_(jbl-xMEgv
zsxI^!_H0>7b<o2{?>yth^VabDqRq^tvv<TyYm(ub{+n@AJ&JLD1HBKHuFLY5^qVOq
zX7QH@@SYr9>r3@#LQ~{xzvYL_jG*O}vAVvTzE*w$9NjeSv&z*7?qhM4ud9H+Vf0^~
z?~P(w$6Z<N^>dupYRuMWVJcCEQhUoMG#7FG&IHwI65mHB{Y4TpI8Pr~6%{yl&o3=L
zSmhq5tseNP9*OfFNwB=gLqrE+eiX27%zwRzPK@Jyy&wMs?>)PbiU{r+v5*I=E)HtX
zD+Mu*dcPk9b?*89OtnQnG!RvD=FH{yW&tj}vbq;*{!&*IaaNHr_f;nXsRq3MLO26L
z*Xt0D`si`VhOKZ3mr58=;9NMH1PGf5j0f?BoBomvjvBPY4RoMFR}4H3@PPj__~_$+
z%hCl<^Nn)|It{Y12nPrL<L6=HH6G%%9un({;8PY(<s6cv8Io!qnie0DK*bS%5*7m&
z5lt4B?Mjm#8d72zR(>Mf&Z1D{$(IivmP;Pa!4XkAO0@%Pvmz2yITBHR8g^M1);dD>
zsmkBW8a9d^HijF#`^z!H4bV^m+@grWI&r~n4rgZyJ{h6mC-$pI4t}q5pkEE^eznwc
zBP79+Siljfq4rrYi~c&Sqs74;>>oVs=;NpmqZ1zSLFF*j=1~JymOCBc8&Pv;q4xj7
z?j0Ya6SAsZhZe(ytJCrrd&U{nGlrM@>>*z$Hm_oHzG$8NY^Ik2lz5Jwa@TKS^AIZ0
zb`bYa;nY(YN%TA6r&#kfEr`)nS8_Ftr&n`RM$_zcG;RwD9QSiaYDjQhrPXPsmlp#1
zI4kNWXbBHTdA6E%PykKLqav2X^~~G?AC1#EB#IrP4$8b}TY~diGz&rEk6hKrO5I;Y
z-RsOW_}1MIjlF{h3?CUZUD^CI7J?%W)J;c|-Ahu7UW~(@)y+$SP0iveLu2Zl6Pkvd
z#nk!vL8O5^mAlM^iQY_5!8OZF42Ma5GvG3C%Jr!<48WzzJ}>3zdF6?f=uwDZ8R*36
zW$V84py{8=X%J>wsNkOU;>HS|uFBx4*0HW?meEu%&T%EN!%ES69H}V|sgFTHH0FNX
z;<5gV5nQ;b%PC6C&&g0{f>mbvSEtFFi`r1-NsQ>p5zR5QVy-WR*~`M&4{o{FsxboZ
zsQ~ZJ`mFYnPp(N^@u@C~U*N<u-V&EyJv~Z&ps=}+(lQq))Jd9Ii<LDCUoyL2bxUxv
zV99eyS5t7P)3DQXWzzDS-U2_GGCS4sCeFf=%p5g5vR<FFUY8RSN>u68wL#LgXCzX$
z(Yz}LQxC>+R||sAQL`vf-EBORuiA2-QG&N!K!S3OepKTIXG%Qk7Qrj;$>##afkwqL
z2SpOJ*^#H=1m+o6&kARjnONzvDw@I*XL=%<0etR(e1VC!!MSCL@v6iupM5Iwry9B`
zd7`F9ZkqDeexZuwaqeKMbZbf90;X`n#x^76-lQghltyadCBBdWZ|8aAs$q*KG-j3v
z*LP9p^JwK~(I;>*wP`u#Wn@)23dP|xlcImE{|4NHi>ZWh_28HFhhr65mgNcC1hiF3
zD0`!&NCk~lYaCQfVwNpx;5A9-45#t-msAaoRq2RSt$k1}(bP0Z)e@Ri?cuX*RaR|G
z)TlmGotKjwQdS*HR;#(y+)XlEmRDVY$7+clYTn%_+Ec^Um8*d{t3lmkUccA82u1e<
z=6pide78sabkrI5=XviHatoK1<ok0X`QH;(er1SLBxHmOuO*?y>sPPwSct{Dt3%@9
z$dhJs1^>-S(kN)x$j;X=_V}wCvzAu^6RERK-=W?R-FZb)u9(TCKFr|6SpK8GT*A6m
zA@e5%Z$n>#D$!jd=L*Nix(B3*3f42X_IMm-8c;q|lex6`UARQPxFp&#kk>3m#Us%T
zi=Qsd&`{F@kF3@Gd!zR^Oo0psNSCIib-cf%c)ZL)zcgO{x$K6Q;D`+GMKU&p&(^!P
zVtN1M3*6NFFKH%|sZp0@CR!yR)wd#r$odi~d=+hkI`vk+`FfoDdajSmr()l>aUaBU
zejVw2_p$ue@U$1|Jg*J|LQLP;rw-J&{Js&+o{DnB?=9czcvG5IH!qz;ijA2=^-f{M
z4_LWe(1q6|#rtciPie(F8@WfH+V||O+mQbGkje3s8M<M)%9h<{#Wi}5q6wZ(PwJJm
zm^$tp`rowkn<Djz4^vyx`U}<ye^__WmURwN`VjHv_m}6;o|m_5WFUig5cshCaQ`uk
zE0_{-8&i=W=Z;*-X#e@tZKKh^)YfE-S%5Fn1F-0<R`o9f`tMZq-mdn^w(ALV_}_!K
zh+c59zqIj{w@FLkR%n4^7Di-3Li<+F|M04m@KN-0RG6wem78+-Cb0-x@VX?s0kqN6
zgoB$j-n1LmLZr@2nOm6cq=!%g5+qsUHJKS)FMGVHJ6O;LNIfkSp{3S?s!Fubt{Q^^
zT9cn9#$>wi<hI)abOwUCoLVAmagr!v$A>bpy4ioUCCK)_Q%G0w1cF%DFPWHWY#7CC
zk5pHNzG&Hwz1xi~d91IGv`&t+eIw<1cE0qF^<0njM|QClnspJ-v_(yIR8RP1v8dQi
z(veThAx<np;l+JV+%!+DWlwBEp>=yq2l7wsQ%@XxO$=4r>_Sm(Rn2T>OzlL?lKz~!
zlbw2$;;H+Z@c=bWy-iPLT~EE(v^^orJxWcjUd#sOPJ?z%5pGTcA)o^g&cYx}15MAo
zCCr0c&0TfQBFNCfPt3zqbs|>Gi#yK}YR@9j2CpTMr*K%EpU+}lErNfaQ|=&g<_IUY
zo+rkN=#m|$K&+;|oTt&PrK@tZ7;$K(9u%62WvgCf&73FIE+73hp-jDC&OB079m*TA
z%y*Uc!fzcb;*rcfVv(^d)xBth_?M$A_J(|1Pq$L-YE{FhRGWL=jBwmpdtpIx*~Mlx
z^zTx#^jHx6xW)CPP8fd684c+&Ti~)@#T0EYaRW#w9PMS@?rY`De7X(BT6NV~VahR3
zb6%Lv1k?%1J?>Y^rWFvDiQEM3%JzxOi9xucrbbw~To;XuMjuPTBUrN1oK}cQ5Ybf6
zu-?v9q=B|gpuL%`vYv4LQ;>U^vYd9ZE!4)bL}|UWef>AS()J2M^3Q?cWvY-|O#W}h
zbO@N+>sT8BR;HfK?XKtX`%vYL&|6#Ai++5R*&7Q074x%(Br3q56bbLsVhe<Qfj&iW
z!eQ$pL276w?<GqSY}Jm`CJzPmZZ4p^Oo0FzaRF{N@95-?EcG&8H1Txg=4hO|;Antn
z<)$G9p9}w*l`a<@G8?5VAMR?s(EFaS>fVE80vfbxUNu*|`<@`~me34(Gxuz3MO_&k
zxX^)m_oGWNE5o#dU~h7r{nJBDp=Lje#WFo_KX<<X+e=W=;Mf;jGqt@BDQ0qfb2qPV
z`{x!4>GYl>Ef@0?r&!s+3%7^c?f%4L;>_c=KExIo<B0>~0o}}ji{Ocs4IhvEL39+7
z*z8PE<KM%^-P`>ZSe-p6K{Ke@)PUpNx)Gzyk257f9UbK31n0BVsQogQ%aiwA|3dAd
z>Z3;8>7=a)`%hvz9(7yOBTVPtu9Wf1SQ`WOiRtmbw<k{LJMs%%R3`k+y{xocS`N`z
zhYvs{G{4(!*QYf9r$EyKOkF2Uw?Q_y$6lLF-d$IlpEldq(<Pska->)LU4BO(<h^s7
zo69V@Yp<C{+^g>{izni_7lymHUF-YGE{BNarAP;E$?f#PYuM}S1oA~rtEG#uSV&!S
zz^Z$oUvW>WMd!=qFKhRrz_-M>x13CO3j7P^#)-d`$HBAGv1#uyvu;6<N4=t4D7seT
zxSgFl?`;E_0calu<R69XA4Osx#cH0#ZW&2#p88+*xu$RI(;oh~#+3vfyC@m%1NpVD
zA9awQ^%$QG<e!ac6q$J*sf`}rv<8uNA5xVU855q7o0(-0tM2YkU8A4ft6p4;@4XnP
zC%K+&{FW(ZR;X-WZP-|VQPt`{(O80?V`T_#WZo#M?uJ&M**_kq&KSTEdezNzIDX%c
z`PmdUH!ob9ci9EWV7t2EyibYZ_$>dg=Cm(a4KMB2#QeMpa$WaN(O6&4Z^mCfQ-6H=
z*nMe!xyQJEYcaQK!}zvCX044ztk?N$=pp&|nQfc-0$Z$x>ON3Lya#vnydQlS8sKr5
zP7l?7rXoGJc1f)&(vbKr@^*bZz^>Z-*nh=%@kV?L=Im^NK)JnvBjcLa{~ZW|L1EH9
zt0x=^Lnc<tHg6yriNa=f+&XI@9*ZOTmxyc8Xw(G;iUcAaQHM7P#$>ioZShDplg;J!
zaCQDjK9|q0his$vR6buUo<?Oe@l-LN&iqR{MWTglxr*hN{WZ|?xlg6WpvrRF65V>a
z&U_i>_XU&1YAMaGP|f92?RJ;@>&5ltYu#?2KO`)j^jrP@P&fv)?UeiNW(U>1gpJiZ
z)5%mO`y<WyyRk{V&ah*SCidlYwW?T?icQni+DcWo<4guJp?`29|0CZyfc<WFAP9xP
zwu|H8Z~|qgbnBsSa;~LJsm`{$=J3k@UzATx>y_qG!))R2Sy!9a+f|2!ZE6kfuhIL{
z$vU~8p6{=>*UQ^kmIo*5j5hp$-`M3Ej?k(QxmIU682FZrf*gCn$XsvvF4H2-n~r#7
zXN2Jdk(fjg#F^@aV$<D_C?SyllReq)A$J3j7SQpnfkh?kTAG-->^rgS$ZPmY)H7!U
ziDFb4BuP?S>m<o?pyh^9jG7+Dp5&n9c&WUu78#+)4&|hg#+e#qnP!z4WLXq4twd>h
z6P%|ea%AY_sVWN<C<$&@Sfu%`5M1T?A;_NP1%Wc}rMX^Q9~3fHiNWN>DI2JWpc$5(
z=cT_|-z$pqBeAI}iZZd0Qb062sj4D~L@BFMFF2}Veg1n86m}eRR@HW6cb5A%z+9SF
z;1d2pY#gTo&@@eRebO|~OLEh;ENf<684u@n*0gRre%7?1mB8RdEqSo+)SvGRS?OGK
z!lD9tCUEGxA2+n>bo;p2@homXw3OQSU~n0L{a`rS3<HqV+6(RTtT3q7Ka$dPJ+GSD
zj3XFU*^Hw&Ue)P6^)Re|Elwj_mn}3xTsDT5NxvQj7zcTprdSufn<U`VChcMy=OK<_
z&RVs#Mn(L*o988nyPFqee$XBUiObksG`Unco?JMrY?xQIytY}_^y12!#?psHTRe|y
zLS0;B0n;p7c9VGQ+fIv+ti5I_TSapuO}sg42C(=X`$0ImZ!5-P*C>-_UTLl#o<B0q
z+bNqioF{2kxtymz36lovf1+9&Cr(pe9?xT%csK*Y0I_eE4TF4uD-tT8;ZXHt2j^|h
z=MMK>FDwDU4&6zuS6VZ*-si(K^AGUrq3w{4<UtL>@B6<r+}r&!fT73x#>vUg_jH`(
z*Ygf4MZovT>hR<HdN)bH|K00*V{vx<6T|m&{`%AV1B#jbd|v1C$gTg49Nzbv>W*=j
z`tK(Qh2Sqm`#|*SzkE<of_IGdLGVw1q4>pnA#LkDF?a|e6v_us17(6pmvo?vD1@*U
z>_er9_hB{K2Jjl=!}zWW%C*x6dzb6O*;t5><2WdA5fW_py@~!5Pz+PRh=t4GY9cq4
z3)4C}M1>g;O~|s-T;#xcEAbGc&6kg`U=KxFc^#Udo3TAsBZTT+5#isKkMf*c`YKOI
z;2o!Df-NifS@DqIAXSV#bO0OTi*R%<Oj&UjQlt|TXmsY3M~KB`W8=KOipl>~h%uzz
zvl>ckU@5gWwp1jFl}nMH>w7SXNmi49*o&*JB~Jz)J){orN18bX#pz-Prx*3Zi-<B$
zB{&b`X$vATpioYW3{)qeYT{98QBG>qHYS(OAF*jkOs1lRQoA#jCCyc!I#()j&$3L=
zB7%Xq&p4$&8=vxCuA}-89p}7gPce&uk@|d~BtxK?jEGB23RpH3R5?>jw7-jn$2u93
zSeyvuT9C!y2N(6gB``1+D#RfK7tef|3l>J;B-1q!Q;{M`Rd7ycpigCT7?`sY!bmM=
zgr;zQSFlGw&AFl`165C=qnIK*m)ti{@-CJVlpH%|+Pj1^y5T5P>pGV_6kT$J6E4(X
zKW0l9Tq;kCFI3JuR9a>#D{Qwdd1^jpiiuJxu6ZbQkzgnkJ)5$S;LXm}GctW8Q0w`g
z6=+2qrBY&@8wjUmjHF<st8<rfK{Kl9IWraGU{IP;zpYtf*4IZ(Q_~1tE=?6G*JDSV
zThj2Zt?)iI1Le`1>wT<@skt||*qGZ`zH6kT4o4&unS|o6u*l=0#_h0O5+~rT$-}r*
zy%&<oKZ|epqp;ORRnw}Swr|w;L3K;ej{ycDX8e;ED-|0ld8WJ*I#pb{kBM!aPu+E%
zDVcKjvTnV={bg$Z#}5&Hrb@QpZ|E9N#d-L^;+oEwD>2?r{dIIDF_hGBRj<i~xgFQm
zyck+KIoN|G$=0G~8yjhxO9O;F^<g^SieOH!eJrrHk$#mKd#u&`-~2OD{-`97NQ*l+
zT+dzKEp{5ikvermSUoqxb{?bDdao0&RigM0ehptcm#Q5-PuI6fr%}hGMk!-JG<*NW
zFBVWpYUYe1MpgAe6iz)xE$np$V`dzKh19o!f^YlW&#4V$=9hlzoBGIi>kahTwYF#(
z#%Mk7O|dp*LK=wXTxc7O9aGIVHsDjtzr;hX-YR-f8!9!IrDMuPn6_(pC&e1L6{X9x
z?q;B&mD{|Rtj6bJ!=}xDDVE!+c?GRf^!mABSV~Q=>;s_jO`lm*V>)=3vUCgcEG*1(
zw%7F}Tr<MfF8E!epvA4Tcw*-}8AU>ccrm`<``VGCdhJ+7y+tBRX5U;x3LCY#^BtRk
zcAmYJ6`K_O)GFPzUvn4CoGk$}OcqBCa~kA!vJ32KA7<ub6Rn8c<Frg33XpcdqU}0@
z=kFL#8$0pYW=Y|$G1k}Pv=4~eBE#(M7;%bqQg-<A^>_BTK(JaHfWQ-Cb<>+rsC_DC
z#xtfaL*-zll+B-TydbK3oN=jru0HHa$fDs|tMHXj(d~|q;`dry%(V~k<-M@Y1D^ep
zV7qs8^0{=a<8JLnc&&`$y)h0roKJ{->96X(D+E8B&6YBg;9GSzrvLnN@B2C~g`aSQ
z@Kpp==P~Hi6ZJUqRYWECJ|Bf2nFh(5!&dh()6^51C&rs2Dfh8Hi62rH_MN6$_qp<z
z8&Eg;on|Tbxewdx*9O`1>{<7<&8!#PD+Wx7l=DUv?6q0AoxZR7DLirdVVH{$gBU~v
z-beL*9r5?RFUA3%t9rk${CYnR5r5vx@<_MKUKR=KzG-BBKK^nE@Q4#gz3rMA?*g&L
zzG(@P1x9by^FZmwAMy4A{^<X>K!L#I_o(FCKW7h$>!0xch3bR>3*FNLa_ED8h=6<k
z4Uqo}t2y)=W|WRH)e38rQANGL23*u<1jI7`+J0}Qd@nouFErN(6j`XwZ_&<ovBck5
zF0_mKf0TXG_x=b;z<?IG#6y=E6M_ne!3xd8ZX}kh>ocye7^<W*>#Shr?whx$N~S2|
z<Py@A6yT-~A-EbuzUc$i2?J=LrEqchaQjdp)RFig0GtIVGby#(N@;@o&Kg)r{TLdI
zzljG#P{|7Zc*YKXCE!C4WXeZMg)ddx2e+1_Tci+%zi)`dqZ=ncGe#KpxNO=R{}n#U
z7xpfYh(9nYD4=sq#d$FdekQ_&D1y&bg@++#ib$vN6vlhdcf{NSk}1w43_+`W74YyL
z=uv18@)2?CWavm2s*6OVx)hNr8nPoOv#KuZ!4>MG9w4z9pp2;0_Y-qr7gk>X22dW<
zR;+SdgrMpkWSSTT@Diu$6XGchlkcocL>p4|5Hf-u{$nArx!%M%&=-j}#3U1EVha|5
z38oDl3jIY)e^V&_VTgTl@Q;Z^GM7XcW|V28pnb0Z2yL8$D=B>i&wBBjuaLMAZ(oU0
zOIhSVZsU+IXSs@&h=)r{z7&IhdLy}F*^`%)Q&)|zz_5mPkxkM>MU+&joY<(Dn0Mxo
zd*;wPp-Anbs1wUj9j1hsOOzjiC{ejUx^*UEiNqPtSmXrwS2V*=DrQL>`!Fn{Ai_Xh
z)Q1EcXvlDqA@O0-mQidFYFu(|VxeQKKVV>#yJp!?@bAKq7UD0QZmGm|iK%R=iRekV
z1~x5vQP6ln<+;8nQ;{8qk+vZOfnlQR))5NRK1pN=vFtH>Ew&${0e?<PBc6)l1hE#W
zLEZI<99f3I@rgWNh{J;^7GD{gkRjIrSkINwOLGaoAyJgMp>+?Gplzb`T8W5&ro;`h
zk!h*^1G1Ma$v=)#Q&AF$1v8PrBX7wS$(d6)A#7cIGA0RA979uK=c5V=l#k|OD}+DN
zq2$q1rE%+~oDgNQi6xGOB`z1GA(}-1opRL?Vs)S)MOa`tx2JiSrcwCHs+uRMeJTZM
zE`_o^>Apjm78iszm$_CnxtBem5W*Rzs;LiIX}$}#`HVq{2c`+oTq5_tn20!@%tDXL
z6f3h(NVGV9Cm*}B%&St>mn=9SGB>cZSh$ZY7UDO-2*KYIktz$c%I{1iQ_{No;->ix
zO-(g5UQ+c03>7v~l9TfsNtK3fN<}UWULlo82+JJPa^GP!rLl6Y1#>sH;h0oP`FIIA
zWqB*1c~MhkM_hk&U#jxZ%JNvMiqy)AT&hZ6%Tl^>@p#ITkD&__Vq}X`4W{viZK~Rn
z%Gw*Mx|hm2pk>u^`QY(x6}tF+O(o1c5wNGBGJQok2>sGixUw1MviSu`pcSiGm$1p!
zs>!jcqTRCfM7Twfx+AtK2HC2;GrG-{8c=J6#%t9n8`hCZ-91AMQ)tz-A_};v0z6a+
z_*?ZX1b44c_ajuh1<Fc8TuHxK^#Tog*sOmIR1KJh_Agw%juVV5<c*lpjM`R@y3&jY
zS@t806w6)>2+>TSQ<%Z%rI%KVfLsl!UR`ifZA4r(r&f<|U=70TrgfT5K2T3lRZk^S
zPs<ie$I>Y8Rgd3P17517ruTGgD`|61{0{!ogbvMiTK@yL=|i|aL959mqtc(N^rj)y
zJUL?ZE!W4jDW<v}GAt;6pjdnX#x1^-TPC8037$~#mEzPAmeEn}S)L~#(5(<vt(e9S
zozS?>9o0xuEQsQ)mD0-N7xJjy5G9((W|}A#nkx^S8P#7O5`}D1RmbiGd(0S8C>Hx0
zstZIAQqf&XT-UU<)KZTeECWOLM{Grwu6;(xeLyKKBq@Cx%@_+aeH^J6Pip@e+W;J|
z2bpgEa?&Z&kjh>ZRgV~*6xNWq(yg<Ja_APh>e@wiE^>BKC<@;^-Dnconx6!kyqr*m
z@RgCun$=)KoP8XgL0F%^ES<NKGeh6dlp5>h9^q2miu9if<(6#|g+16(-BQ(qz|tqz
znk7Tn@1a-Rs#e%B-0lO>gC9qzgEx#bcTUzTDU@DF@*Hc!YwyAu4`s1SWIHPgMb{O{
z%v2iBvsUWlI<fN{)53`?qjKq8H^ekD&ps4uKNBfJGig!E?2xHPzC&#lkL-G4%}7$p
zwsOgJff`1lrgwCi77*p42&KkCWWK63hD3+AptS~?$G_bue;Y9bVpIBqmQK8g!ljbk
zWfo8+l38YuMcdrtKAv8?f<wApLY7%UEoMAbmaKQ0fA$zvJ7AGE-MyV;HlUe>uNZmO
zlsHUa!=s#%#yucOF)=EXk&oW0A~1G4*WC&?{84o1x+sr-y2XU8&Am5?HwE|nAO(e_
zFkqwfdw94jTm$;zTlj^l7eH4Sju_C}nYP0@e&9Mn64&}WXCDyZKJkeY+u40NE{Eb9
z{y8M$q;Eh_q9?I(jF`FAXeCY&A*X6POG0Ce0^aHPH&N~W{s{a_Bh^4tb_rYwrX4Ma
zLpR+EC1K7=79wWIt!WU9Gp0tMFB*3+M{i10qy(9?eb^|wT4=xltN+JizoO8TPUhI2
zOZgRJuTy>Agl3u0PwAO+m%T&D`Ew3igrmIBtYWDK51?#_Smy@IDiC_mjIha(eV}5`
zrygbMF>R7pr;^jJl$N+QrV1-7rBXF(QMF@L%d7lVR4rj<Rn3+|9Ys$FO08MeqFKkP
zb$T%e1Uj|jUlLMUwNBfx+U>D^W-HOxu1Y%S72#@|Rp}tU=sfDH|GU)tY%z4x)Bi_p
z!0&3{rgLz^T20q#LjH2W>e?X0W+wJ>hUeN~_+k>rwr}xL<;rI1^%4{CQWe>1mE^jS
z!B$erW>e)l(!f^I(`q}|ddkXb@(Es{9c7Qm?tszeK)~)u-sVXE|B*e}oyFRm<=9>R
zwdwx6$WKKL8nU~&z4qft33$HBg1e!wwt8&7O!~V)M!w3DNU}e&dEd5f`Lnk+vdhN5
z3Va3m-m?3>w*7y}o&+3$<n4j<|Cj6;EY=<@#}T5|9-_w)3Y2;iD1SxVc<nTI%e;8y
zgX;@Vd*cBCi70yuH{*zEYme&Xh#qZ^p5=&HZI9V?4-xzA?%6&aGeLgA9swp0f#}Z+
z|IYIV1Z1y0k)AV&y(5XAGg*u?iWoES+%4s2Fw}@S4mP)L>xh4Bknc}lMBG~fSRYUP
zJHz;(Z&inH(|cMSXLg%Mc5g@aDre4aN7m_k_GL%TBWLa{Xa1{4{!d3f23G+=XCC=S
zK6PgSGgl!!S24S1F@I;V8dr&4XOY=Qu~lb@6IZDnSNSU^$b_D>IgONhM+JEY&zZZs
zok#H-2L|Xn4{l!sN}u!}5WeINzg6MD$szu?&XC6sU>yO7KNxo?4xmA*qmiDwi5<{{
z^H#1TT+v1unEO!|l-EqonF;_4J0)}jxP||KWf1tMn~BsCzt^GwQmVWH$i3>D0D!X3
zWH7I;Teoh0?w(UX&#hMo*q$rqQ6Y9^%cocBa#Bl^rw^c0dasQe<h^}%5ah2%dR}`M
z{ad%x+whOu$iFw~YA=5~p5Cyou{fS_u}@)XFM33tRsd$3l~<}>+rT7vJI-)g5hqAE
zXCfE~=or{AfV2LTQ>OY;y4+)Q5_}$#w;RQ46cI2#=&?B2F%Ju<Xa4?$+ucduU9=d?
z^VYen$GeKyJ%{488phid<Wm;*QI^-eQ3mAQ^y=I!`rfSb*=pn6TJ7Gl<LZADsmQWJ
zsqCtu9ImM2GP!b}V(uD55lBE0C^hFEest?1=Uqeu97*vVsr9USbsaVVx~ad9F?dhC
zx{libr$#+>VSGnsz@s$aaT3pEThHa|=fpqo36$oEuzNxE&&fKssY#yj#V`K9eXi7e
z9RwlicD}<^d}nSw59IvoR=}eo-!mn?I%2>htdC!n?*g&UI?m6tmEQy8_hne`Tbv(Y
zbg=jHlUFpP^^~{rS5GT3&*XK_OzU{u513kV#|*Wv+7Zu%8~>vezrfe0+g@K^AOsQ-
z359)uKo|lJpZ1#lL4PD73KLH_Fu_PD5S`sJ848(rIFO9lRk<V4L@JHmU?iC{$y6qb
z-Qi@Z<MBAa{cY<P8g?=TC<x#EFH9=s3hp8}KZxHT0#qvbaz8pTZXkNxMFjs(*|SY&
zzcq?m%~q$=?fN7n>eheD@8Jc0O-vu(-%k|!3rzlvekkaHj*3J=K38z;H@y^}1e1};
z1Q8|uRCMCguh~)&?rIwQ7P0v{_MjbauE(?SY@8<5ZY{UltzIq2Q+V%o``wWU0{R|p
zkH@3g1TixNpHAn~l?uJO9v!dOt3IEJ94>tS?YjGol(H&(tGD8d;U;z(Il90a!QRg0
z-aJ2`-_Or0u_fg%XxzCzP$Y0m>U?lyYkv<Ylre?@D28g1dfa~!ObKuw;>3u=1Mx-m
z#*cF?hz`v2C4bnF=UdQKND_omJu2r%a2%!-M)5qZ9EQusvMkFVcVHF8%V>nD`U`26
zBB|?QLFFeXE2<YH1Memj>u6iDqv(5q&~QQ^6xwh?Bi_=`qu~qIi;V31(MmI%=haSP
zukF>h6i=PjakD)4{gpkRpfL{<|Bz&q=fP5W=H^AywC8dlMwPAc-O#fl8DO2V?`Pt#
zu27fcC1{tIloYnlLBQ2*mQ~c^JXKayld@e_$Z|CQOo(_~FR!+Nz_&^n^bVcY^@9M-
z;R!~lHj@Fj^-(Vx7TrbY8x{>UY@1ds*QuL!HSlg)4&9^}TMqNI>^ghV)~nlYWr=@w
z{{CPm&kOnePxgcke46+Bb`e{E;6#I(Rz{Ll-w(mEUE2?{ac->odaGGGpbnc>SEq{#
zSv!mqM9?@&kQkZQ{etUOKTdgv#oS9nN=7}&(5cNh$+DTjI?Zvp$vDmPLBKvM2%*b7
zD~gfDJ}*hpUFadFG}XAMm|s}Ch<UxBme=aI*|@ChN6@-z7^mC3YMPhTx^7vw-Mntw
zkJY;AIA_zkEK?}eyzL&g#5R+N$yB@Rho;}U8$^=Rz8}W2+qxemjMIJ?2U6B;Jxnr&
zVc6>wooqT))FI@o0VbWw@D>&Lb)J_r^tPW@4E%In)-3Y2Up5?ibzZkTcDG-50)BMf
z_96&&-VPG@b>ELN^mg7)3jBQE4ev)@A1^gtxXt=1EFtmTrGNOm@4CtLz8*&92)>_Z
z?RLLjm)-b%-`30YfFGx`1V7)mx4Xcf=hI#g(0D&^RQ+F&=>p(%cmD7!dthj1eNaO2
z0jSCPzsb`D;cV}`vw}1y>M;g<B4UGaiF2L`(}YlK<wIzV_hEG~|6$I^hq4y$!`q|}
zo+`x2=b-E(dX?~IIw0cjFdHHzxC@h#B}7O$8=@4v2~&zDL@G4{4bd9hMQBYEqO_h2
zG5X&`7()}HjaZESN0YIZCd61d8{ur8^+yE!33riJhQ2q)xJW?=^I6&__{J0$Kv0Yi
zAvq$1&kz@Gj17BzD8M7sASGOh_QLMkBc)B3kg`k+${so*6I>sc_f<?TAvvbx&6rTA
zTu81KKBhvW7}XI;OjVsYq<t+H*P(Mv>pnWB_ra3ZM^H-lwKm?d%#fy(K{gfkK4jj9
zlCcm?%3N$VWo__~u`x}`+I%u)@2?Qm;8V;vHlCzyFcsoOOG>{sKIPuVl5?L?%6<OY
zW~?!j^=S>s_*G?0Z2&DF(Bqh2%VI77ojDhTj#>b#Vh;RAI3XXw=j?M>e8|VBiSB&B
zm`1x4#?6PV7$2)#Oo~Uzt6(XYQkq;s?P4Ky>(Pd<%TmPpTZ;eJi8RLr7(UOlg<Qag
zQUOFt`7VnkM}ntv30X>ol#8WO!H2Sy=2EE&-lXW_c?k;BZ1Kn4g*dc6qSv3l)yCIU
z5^^7kEd$OqHYS%^+t~lS6BjG7hAE4I?-F@|&1I!ckUT?@s{IHn_}=gqdaqmxVRUST
zs4g@{Xq)O|e5#EpF;^y(S_-vC7eOx1S4s8Qow4}0)gSd?d=Q(6%ayJm!L&A-``DZ9
z6RE9DEwoyvl8dt!kF{|N=NMrhi~Y#?1Oy$UyugqBxJG3E^8T0$rxF;QbJ4WU#THwa
zhAidEo7T#L=}K);*sfK&w06FPQIErdxTDk-JaG4Gu{1LhL5OkZqYj&k=pn8LT)W=a
znrpvrt=TQdw#x39CDRzg@j*Iuf@{)C5CnNdP+W|G?|6HS{e9gbTg)DeU^SB%@Sbne
z)S)}7JRf#(d}O)Q;Z&W5D6Qyq%w0PG_)NK*2w-_X#;yKO>Yc-Jz!og*i*p_8PM7^!
z?MLis&!dozUl`;u2w3`rlJ1eejkQ`SJW>EdK)k;{h=7s(Huu)AEu%5P);s;p%dI?5
zMsYD*IS!R<9diiEh(iz4?7A#7&dZEhuNTvpCSbK3t{H1rFZH$kB_qi5191mX-i|j}
zO4SP$tA^}5Cs}25l(Y!5S6X&fS@pD5+UsN7_2j9nOwm%ls*}g{rn$<+?Sj0?bE%@#
zu3SgvVs-mtS$W>Yw+h#qdJ=sy;N&`$a{U<YCS`r_I?VHX-@NVuY+;-<Nk3zHAF9&b
z|3;FaYwVQnK1O}$mWiNE;riIV&1&nK>Tl#X<gG`}?cgQKYsY#_h1X#EF4N6x)HmK8
z80f~@1a9*(%rxL1Y%9Si{G>yHj}2&X$AbBDPPK{JtxS~W?!z`mRf_iIjf?goE<58j
z13WhcG1gJvPW$Ad&2AEG*2$o&MFVUtP#TQjtW8_lDfBn@30Spj3mB$AGb!Kw33^Ht
zajId~zM$DHC*JJ2=|Ol2z6&>T!i621;d0B(bA1|lq`n(bE}+MyN>1lmUhi`)1<IBF
zvt!n!>~nij{4RU(VNYG^?PiAR#ES>_V1=yFi<)jB>QeK#o~&cc0?%Wt46vHQpOeh!
zV;L=le_X%9Q=x|7IU2^d+%D@etzhTme&BuEyyY>K9Mf-2fPM!4hihKL%h`{_=OuLe
zCF{BDz(uZPJ0FPOH4410De}5{BLj|{f193WdHIgj^^|21@HxZ&+>g33ZRYtIDu88w
zF|+;j&eGd|oOeIFUU`iGV*$Vre)qc(-Wy&bUw7hH+s9J+j#Cl4WxCmWiaHQ}+Xwu(
zM?<<JY&j5aIS~H3C*(Ph-;lpVYNwUy!Ia{1)a$;l&YmHPPg|j;#wxpQ<IbXGUqSNm
zp8^Q9?ax=Lqo(LCBFiu4YOjZGuKVJyvJr0D5g;ROFCFc#Ms6cK?=FKGpnU8hlk9I&
z<?Vgv-e%}7?`mPLZ(wTVBi3fY{La2b&2qxSMy>0BSBO8=HTcR=1U;5Nu3@Y4HXyw4
zV3hVxP=AJx7(m4k9xvkW`D$E`>JLfc7Tsf>9^yfsr$HG-df^<vSnHACE5JJL!UW<4
z9wq|Or(VY{)=O<rx`CAhN54QGer-0>HjtcshX1*kn0`x?`;x4C8@oY0m;UUtd0Vpa
zKB0Y+p8C{u*fF0+n;%8ZKtwM={0>+6j%@gfO-N~FKyDa?1&{!3Pv`ikP>u;Vs*x5h
z1eNOH?`I-=cZPqM=s|vFf1Tdxpe7vd$uH8)!5fJkLLr@y$*-8o;&;a&UC$#SLL+A&
zd679#2+y7B%MXTH{e?t^$dHW|vW_^qyzrlccCm-Hx|@#ub7O4}wM|2qHFHg*2>m*F
zWh)PJX-$|BPe{%L+i*uBvoM?LK)^eS_3JnGG5x)$Wwm)?*OVj~8X^H+JYGfh&)q$K
zzyrB~7=gxu6YwK}g34iCRAIC06xk~db+PWtlo1Pw3bSGXvjG{aiHWLXp;5Jw;(3I$
z37iZbo_x9yCxi))H}=GviDH|H_CA54U(qgBQLqy(%a@KG5t+0~VoNbGS~8LT$C2T8
z6GO}e^(nG*4|VexGTrV2BOWso;bPhm6Jtp!-EXp&W=Cd#BXwOOGk+7a;3Bhx6AL8_
zBdwCjkYWyu2@~lfs}3`pfm1vcGph;&^G^bU%OZn^6T43ndw>&z!Xg{BDeG+^qX{#o
znG$D)6DO8LDXv6Y_#<0FO$Lh+O9L}YOA|{|5_j7o3jl?u8@ZoDjH_(XFj|Q|evvb)
ziFf@G$h+IfHtVEk|48Te$QQ)SfA7Tq+{FJA&BJZQS3$<x0t2`GD6r2gi1dVitR&!9
z!dF-5HMGc0=`2Lc!o&E)&D<=+o;(8L9E<C038ft8EG;PGEGWk!QdKSZFInv`s>Bzw
z=)04sNwcWMlW3GVhnBN~D2o-GvPb}`NC=C#N~DMzi-ImoKZo+a3}=a)C!s7<$-L%&
z7?NUfs0yB_U6Rh?9m(Q=C#gpyu7q<*YBCAD1<`p_v1JySb!VB93CZ!LRCFiVI47y@
zC)s`$x%=jjXck%03a;;SuA*c~$QJpsCHWE-1?Xjo{Uy0F5~+Iw-e+gU*JMRnR*E4Y
zOCIjC;4jv)t0o!2Wto32$|5bwljRER&-{N?6scQO=$}<0n&p(9`KM47FjN$5Sk(|+
z)ErXOjNnwvQutMuWer-?b)MA$%Bn#vCR}KBe9OuODas|RniZ@v0WKN=C1M)O>K$kr
z-DpfHXj<Easy-@eUeDTgtUA*wI+HEQwJO@HhU$LJTIbJN*D7p-Xu7Kd(nS)`z0f3O
z_L|?%kiBC>WzYImtOkH{o#z(IvnK<eW>&3JM6)p5ce^8WL^m4rP&U_iHdW9~dAz7o
zL`Vf=`Wo6>RuczmrSnPyixv$ZDf!R%>zx{OMv5=g$TxLqv#18N`<g)a)+C_&%lkmx
zllRN(5Teeii^Zmk5Y~zbD~ur_+y3ABKO(oF{Ru}5=trs5R&}Wey{%ppF9>pSR#MmS
z9j+kruBOu~E)4a?>#8>Y6?kejM#rwEq;s|^u69aPdIc*qZ>%>Us{f@oBKR~@=v8}2
z3<rK%hi*Ekv^dD|S_h+8$H^H&PDe-R7kgrM{oOeS(l-0wZcdbH#Qd*BvrCS=><(gT
z209o9b(a=Dsx(I`hTCjUGcSK!FznjcY`JX=hg<*Lu9%0ox&3M|{IOf|XLqY=Jq~4e
zKV5OpOY@L<Ic|Kh#gX%niL>j#sQq$v9SzjJC3ifRzI0C5v~S(I5(A={AURCG`aIL3
zUCRp{xA_LTV(2NLPr8|R)A*jE`yr)m?}YiS+Sne_`oz7OuR|`Ou6-uATC6_@c&WJd
z|5q%oQn<#%g|mB=uzR++dDyXgUaAHaum>^E7`i0}3#ucvu-i$Md3dN9si@m>qlfBX
zdda!F*|mFlwA*Q{@KC4Ig0hpatHBVu-7uv&MA$iKxJCR+bIO@}i^hyldbN*Gch*RA
zj%yDmcZ&jhi%?mOEL)4z!f+OG(=U^E8hvwF$8^n!3=Db;lu0%Ioe<o=65`cn6VVpS
zk7>Jz?ta}K`mP?ln`-@oxmw#6)bJ9AW$%U3p-ZSy)59Ll4;1nyelsI|OUz(PV%JC_
zY~S5$4?J!sf8<D%=?Lp~Nu+$&jb&o@NQ&6xNZoc%HPNUL!txfwN|EzObJ0ljb5GH0
zO)*JL;_pb0cu(iW%HZbAxAky!%1A5dNGr+!^TSI2Gzz!MNNwTF>hQ>_D$n?N$tdy2
zF3ZRsd@^QP&KyNEMWhi*TTf5o%-z+<*!ReVhRQBb&7Sngo6g9y5Kp1R%IfaOg7(aZ
z&y2ZWH+k;J!`jHh$@Bo>3a4GqrR>b5&CF%g%-v)yz;P|W`zRv7E_Nd?q*l*|{U}D{
zDpBwh<<!*U<tjGNEH=V+5y$o>|0rbTDx%gbbMPz!0-8$ppG!<U%gr_ltUO(1G)q!E
zOVT<kd{D}VRm!70D<ilv<38-{GRs=H$~rd6x;x9j5Gor~DyuRpr@0dAuq~4`D|<@m
zvp;GwxN0FatJ6}dAt~**j`=1$>t;WC7B)<pGO5oksr#^#9^4AgR?!icO-E}2kiDo8
zy{c%>8$QDt0UwQLT<X`F@%R>Un8U6ksfZ{@C6(;)k~1MoNQmDID*{<LlAIm_s&4BE
z<R$E_kL}j<b}LM@OBa`lKb;1v*qz?yRNezMG4(U?@t2qjFja5m3~n=DDlt}b)8*wI
zDWC1f(oVZj`h;nnNuTF4$pAFuj)Jp}Ixk?Sg?w!eMU$CJQ-YYC+9@@h2~VU~iwmF`
z<-SGD*5<GQk?|!Yj{R4SYS4RDo6~2X9>*#uPtg8nvzu457XWXSt)Ks;pYl&{JO=1{
zRx7=B^Wx#47fv5M?f^CVfDim29*>*i*ASBTAa7lt-ecP{YrWVw)umWZTwqUBmfu+#
z<fGU&k=D?ejL)Ui*kH`q;^7vYx{#Om1uC~g(TuO0^+b{Er*#85R+jGvhF{~>MAFve
zahZ7xt`ZesY<g?F7kBz_+Q%n*;uq9d1J6{|)_B0yPAtz`;n&+j*MyDh<f`{r)E8PF
z$7~kvM9^0i_u0RKBfPzRJlyVi0^s&Mmd*m9&jRuH|M)&?pGC^<MaG;({_RCpoh3n^
zrGMW`GQ7)DKFbo_%L+NmdO8bj&xS@`uJ+oamw*;x+#xraHu9A|Jnz`;mp+N?zFV9%
zG4D04nAMn^H4nVwE5It!-Ads0fFJL0#`b!__xdo~I%(G$GhG`XXGq2yNz7|qW@}Y%
zb5k&TIO}^WVS81Fxs9ZI=lXl+o_F`zXZO8(_xpSI7vJ7*-#zG_z1!`SZK#+c3VwT^
z(JHO$1wh1B3`tsCR~1Ls{O928W*28}*XZV?fbStM-@$K;gHb><tM5hS=E1BMVG9m%
z0%jLAU&r+3F~KUJ&bAZi!EopS1ZeP`F!w~YhyyGbB8hVk3u;d+)(gqH=W}|_3xMY(
zd>0kI7d1T>4Zw>QzRM2Z%kG}be&FRW-_^M9g;`E01w`=E$7Yj`(K`NM-1n-6`p&M;
zmX`L8!q;FH-ew5iZ5ZB7Qg?He&uU%HwiEl-A@HVUdtD^^j&^IU?WI*kb{i|h%@bq$
zd1vDq|85*l+iz`8kpD@<?@6NfNk(rk$&ngzvu5>m{Ly=A`)d=Vd)A=Wuj$J-MSB|h
zdmL70@>YA=D{pE)?8Ogv?izP0%<lyU@VvM+>(w>s(mVa^JyWpt9K!Dh;F*cR{Y?9r
zit(GY>Get90)80ve&yu7&i8(idikZ}uc&M<@A9u4^8?R!zpn{^w|>CKUf_N258n6H
zuK^wI0B}fbn((_lLGb%KR`0X9{ea-#zbKk1{`iZ6pmI`?v?CdDC*1I)Zkfj$PXrOl
zAS}HhlT1X@P>ys-D3Q%15a@+AuP>O5CF9tb;$|+I$t6ff>0VJTQc5I==%@-`D4Hxp
z3b7Iif6QOVq$ruu!GESukCjVX3Hex|)^4>sp9&4T<>T>%qP&8-Lvqyb^#{Y^@I`Yp
z91KU}aQnh>HXileBkVbafq-<mW^p?KuQ*xG<_o3b`24wAE|!Y5vV5<(*sj*|XgynL
zx!JFQ+nrvIz-w*}`}y`TSbkd`&WGbW7G}R%9<HbJ6#B>ERk}xR_f3G)&kZln+x@|0
z62BcE@5l4SW|QA7AK%ye!==+`6?@Zm=hy4!E#jUZXzj78KLkSfUH}Z)*xvwHzBT>e
zKU5Se!N|Ji2BB})DjD3qG7yI0M6u$A5oCO-c&7OMU~vL8oohs9j6D>@(QGT>#4%hm
zV}~)^A8SUjf<OwAcu~hz!{|&r3FD-HeB&g^BC_Yk$*PK!CMn{&6((sKzT>3n>Y?Mt
ziN>)JrD<lB8KvngrS3Yeeh!eBIor!v={cS!<K(%%JJ4sjelXbPc_9dv6a|rF6BNM0
zSbUiC!Z=Bo^Ux2IaD&ox+e(YFY~Kru^88pT%ZlP$%M1Th*SGzM+8!9I>c&v0GN*-Y
zF1*^#lZngPo)?&_x&a8OtNIc2sH=w3evO>$7hWm7<~dnvo0cVAE1TABjY^fua^Fjv
z_PtnY+m54LE8EU9s&-4gjcFLWu7?>d!y2p3h}-Uu)(-kC;K`(2-_Hx|T^}e$G($fO
zL05f00{N8v(3Iv0O$j<XHsuJ0T&2S(u3t9e7*3e<!`N13)I%p_UA5yRP4AWC6a)EM
zZP@KXl+z5??U!uL1lgvR!{WLr^&CHejq`#yeU0;?H2?LJIf_wPPOGX>6!3Xj(`@>A
z<t&Hhu}xJ43PZ(U*4uT%yspM|lX7*7YSwX9<~969^vixwk&d#+#_(Y~dnfP^-eD&g
z(boMSgg%zzFpR(UZBI$<%3(YuF8cjAGpeiOINR@rGhe@KDnUui0}VwQy&%?8qRi__
zNsVT>2W_(z5c7H6c{=kcX1}ZLb~k`%mp-e2VpioeOqs_sFKic@H8;5%O7gry5XZZ;
zVK)2yvg3xxXP2b5?eeah6$gC3Fyi%`)VL0w|CAWM{rhDrld^L2@jCMZ1it>%?0$#1
zgVX5W-Jo~)|3Yx39UqHU1s8;rthZye98Y8^BEf&Jalj4EK17BB4j@L>2N9C&L-Cpq
z5Xacb=1k(AX=8F>PSl66cpIE<l+nGbi2L%4N36pv4VEp<y8KWRfy9Il5mO=2fwJVI
z<fSto`q+8$oJT(hB=JxS)v*;79H3_ziJXVnMekA*W6he6uoN<KP)q0GtU`{mPcX)E
zXsdxmEO6nshJ=fCz-XDOakY>*#7ohT5F%!@k_kB^L<ggR%9WG$2|fgw3Kft_xsOYf
zG9+aU6_c}$kIP$D#4tA(P#UTKQ_gKnuCy-6xiF_|yq8T4uP!09vzXMD6;Ft{Dxnu7
z5xIeuiK(N+W?XfjGA44$n6M_R6XzT?A92WBs6JVJIKTkvSfZqDZI!YE#<_KYj@d`b
zQ^efR6LN)4Ifc??-0KxHt^<!b56S5!42v`mHB2ehSLFOZ9kc$S2&sEtrGl`Lb3s(j
zX=_JO(-7)2;gZS>{a^T?bdmGXx-9fFR}{?r7xVFf&c(YyWUO+Q)5(RXCE%=TrZnvd
z2(-?n&^44Yc9wq~WSz?ndCYj-k~5aeOPTmf%y_DT`{5^0f&>&V6k<Nu%R9>x<#JAy
zJA_p#WT7)bpUu>MT}ak@vR3<9o_7RNDTCk&lnQhlO5eP7+Cnq=)g2<zDv+*z&oR|G
zcToS;Vn=QtaIx{GP1F7@wVLy^Ou=wZ{O4zE?E|<^AHHu*QRP3nIK|djxb?5flBH2K
zwsRz1`^)gTQeAVwx|oH5krvY^2>CVvonvsQ(9zNgn|@{`y$N2=uBB~rPW#@oHpIqC
zs|aa7QlWjQ#l}+ab9gs*zL=`!MzSVq+v=pO9?|kjJFrr9$(p3ufwS5ejT)l{e8D%$
z2lg5?Ycz=>gv_)c@9OMw`&Fpbxk^gM`!*`|GiSK=IpkJP?EnogH<-#Ughp;E@z2IR
zJGFksrP1!F&QtBMHKuR17i_aGQSA%>))qEcrbKDFaxH>SMq9iGT(>2by;*spa+fV#
z*_Y8pig<iarQt}K;L$z62d)}C$;%l1H*nnpRoOAdAbAU&G^K(QK|6^xya*O(J}M)L
zoRnj2!qC>riKfhyqStIh`-wTuOQ)1jBYlLs&M}Ed6Ok5p)rZsOA!PwfRD3VR;$;_`
z(-lq37aUh<r1GqeMz1RBh2d&q67Q9dxQ`yc+=2PA_eH~JkY(E*?0;bFi)f)IFd*Mk
zKrwHuL?`k>lU~O=nGLii+%&ekwjjuLqb}EN2_ycpgk9}i`QdHxHHolPvfHSuDb=ep
zn!Ysmq8_HMeYxWRR2{uQ)TEU<Fgj^v75IN{?juBE7)03~aIkxp&~7}+<Di}mXtCYs
zwsk|&-q2lW?HsArwqH))E?PPOcfitK0Y#fz47KPjb-e5yX;ODvd##ZHY_xzVZre>$
z#;EI9_P!+1?aN3W00}{dYZDgRY$!Xc^)zevwWe;le<on;CR{U>*5>nIL(uDYVZ}ck
z?yNGdZn{~Id5P-Lf~dFE`juzNiw7s8tXk`Y@27fJX-jac?Xy1o!t!#P>-yQ6Vfp83
z`G}3<QeCVGXEx-t5L`3zeUDlD+Q-~qv?kaU8RpiA%o+VW#X?0`cdkIdUIWit*K7Es
zGFsQ+r>?{j5^&0D1#m!a{!TE8H5b#SkV0+e)*%OdD}nI6{~7B}_?dGn!{<YRvTZI-
z|1sZ`=5r;oItS+$MF>O+82d-|un)z)vXav?5g{gXUPnUEgG%>;7<BN2%#ZUv2K4wM
zxzazD%URK>@bwkc-m7)fd(T7QUn!^)TOP;#lq|DWPo%ecO$!;S#V0~6=@F~;gSj%i
z^+UbQz_KJ!1`}5#A=Ob*_Fr$cgC6tmbo7UR!y;63L@{?nRp(1IRl=h9+le8Ct?r_G
z8W22WEjr`}Gz+{Ja#dAPrczh28x8a;Q=x4qc2ZNJHV;BbQlWPzs~7WXI}PH63T{>7
z#0*yw!3-2L50-GJBXtjyITHtY^Cuz=`NI*SA|9e<9%4!ofHoF_z7|50;w4EDDlQ&s
zWFA^H5G-3B3Va3);c^dRgbK4&4|2i`v!e)e5f7sR_kSM}5;_ZOfehz=3u6!tHZc!3
z3l9$~53e-TxB*qLf{LgMv{7&OZ+Em$P7g^hkH{E{SZfN=g^JX}j67Ee4`*S60JV%N
zkBk_LWK9W8fQpJw2y``<NE8kdM0Rs8k8&G}YEBR9X^-lo_`|~yE{GXELJ>Zyu4;hE
zjAH7IyP{Y9=&fkLmHDEJ+a9^T7P%SDU56R9+m4wu#<H<uf4RaF>Z*zHstxk$fY}yt
zyB2W|756BPlSdKx$`ScSL0iH>B?IX!hao(nYANX!`QIyaBRu}|FlKKoet0pox!uFo
z#51!D=*d9gV;Sm!P8p5!9)*V$jlUlCw<BSwJeo8knmi)9c{DEfAP#^YuX^g#p&Ab@
zkpyXx6tNVJxE#+-86|Hnstley^IK<d*dA^))<8MpsXX~%ELrM3_9Z<|p&|~YJu#0-
z{feDmPRt-y#n3<4n;klpl`_>XDG3)D@qb!QMXJ?!s?B+-9dw!lWtx*jnu|r6TSS^i
zMk?ZaR3d6(!D~Xmds@(VLZC)^@H?58I3w6tddzux9CStkWk!-jMv6s7T0}-h2ewKD
zC2=}iE>>y*XKK;<U;9JCG7qeZh|H>r%$o7cy7SBi=&UBntQLu^HjAu|h%7)wRyS}w
ztM@$fV2uT3Ra)UJStcTTv?6<gg>!8`+w)h>EM?BTM9!i`&T>S~YDLcac+Tc|&Ng)J
zE@ke%MDC$Q?(%p>aYb(7c<$x<->O1|d&;~=iM(fvyw`}l_lmsF@x1Tzyr1>FCW=Hb
z%XIL_^xu*Bkd^t(>eLL!`G_zDNK^$Vk_Bj%1sIV9Sd|4h7y0Mwxda!ve?6173NuJ8
z3&|r3DJu)9sWJw}SzakM$0>^@C5o6Wi^deGX)24jCyID4ibyXCvK|x>HXI2pi-|mo
z+k^}GCyHe*isdp3K`&%Y+px{k80gwv!z_Y)BZSl^O29Tei~>to-%6lAlz^NRX0Vw>
z@)M;t7o~QQ*n*LS%2c}PE2?v^1i2n5fi2!lK`|KvmKcS){>x=I<i25&T-zZjktJo(
zBIwK>`ULKNi)Ha0kY#C+6&aO<bQ>(rFq-D%4zq&UDPs;(q{-&S*#ir)a}D;t+hV`j
zH0vY%$NRO0e>>D8X^jnQwNcrNoL8Q@Mi8}>W=d8MTUN(Xmc@1w?4@8IsuVM&p<kSG
zEvNfnpgV_l`tCv+=rbDXan^V&>4UHtp8QT)W%q_XDSvV+zjv#7YY`iMO>`O7y)CN|
zZ}WbIsbQ?}VjVTmMk;3<bt*flP598i;Ic{etcI?tAEqj?dN5Q#1{y&!7^!-aw2FHu
zsJd5+xobown52@%ikZi|nPW+Lgs6FniF(?&xuvC<B7qyrt*{@MCKz#<VrK>Ag&8Gb
zNGOVW`ka_rP?7klni*w!vLl<L3LEo%HfF3E1*13Cus1%lRKrTOsKAztccLnpp{7D;
zmfu$kwOQ4_)J0>f!IidvbU62fmV-jabF-uOzUVt-rO>?xFj0ylqjTG4seK<ODx}rf
zZd!(Wx?n^&9YVHAjkbbvV;JsRJAJlVR{80L)vHQ%q)ZlNduol0+vr@jFlO4;Stie;
z*-2nkH&klkoALI$*cEJ6rJZ#)XgZW^#CEfGR*Ps0W7+otsqA}QwC5I)!Pp(jH*KNK
z%xfg=S~E3^E@Gj?k}t};dNduDl`2umyCz{-l&m_|tGY8IT2KldRbafY(OTJ8YgZy`
z0;6jDqgo$X>-@QWTG89yG0L}@TAhyLyttj;w0f@qwc2F{uNdCUl$P%>t&^?gE>e10
zkT&OD?TG-LP1t@U?F{%$S?38y+!l6`PY<j~Bb=(Hw9^LuQsTH(&v>)uGPOpVlO{>-
zAgi>24vGP6&VlmL{)kgzk}J1dNO#UE680<)>S$AKm_fX1cOk1r;c8dm#6~<E)7sO1
z?2IUED|Z%}7I}((wdmpK^=|k9ubx$}eJK}4N*^GPn|G*IYmijkdzjzlq}6Dt^$A8h
z!}`c$rH}t}w2WZ6nb)YfRsDlktM{?$9)=;tuR0^?)(17VJ91}Z!TLbhit3RX_~_82
ztl<>z;q)w)1ZbMstn4n&q8#m_vE)j%@a|OWiFLrRBzWc?c!fk}x%kH4D(S#v?}--a
z4pi&>V5cb9NM+jW$zI$r;mJu;u0c&pjuPw1@$C8vxXIe9scC5?smiIv?E3Vt@dEGZ
z_2}tMZ|O1V>0P+8sjsO+xalMB;03subGWj0>8Wd;saxx*8{FADn#7&znb)b}1MQhl
z>zOa@3dHEyU*E+mZ~@u4EZvpU(9_efHNd$EgIQ4cd8*1;o5hJJ*g)XcELKhM8SXq@
zci|P>Y-_oIzr^eV+!Sfd!ejLU;`KbOPX<bj+F7L7oO-<onc)&t?MtT*=JX=AO*roL
zf?!MrI4{jnIAAI$IVd%DcDNI2bO~a64vuzN!DpI=c1bO!dg^Ur{xvQ(tKIplC*pXK
zS7xPFd{RATB_4XA#oTQR!;LPhG3gZ`MzcU(v)~%DN>;N<$t$Uvz2XO-!2s{13Eg_X
zu^eaJmZ-fF#k(R2zT^+Tj$w^gq`g$775jVC;o?kFEFyMDYFP<>BTr}97jL~J2RpF4
zeO0{1MruvCKV^ku%x_~YT4vJ*__$X3y=s*sV1k`!p1JDXz3PUy)ytb$9J84avvKgr
z-^jB$t+NSm+8m8p7M7urzt$?m+gOj;-mqR?*j^a_-kPD^+3zNpzup$C*&M9d>6_je
z*xnhkS>5*8L4w~owAnrK+5IxudAy!q;-z7z-2T<G4Jx}gLb&^dH}?#W@ef8xFKQPt
zch{_a7YbqiyoMcptK%j|0uasa1d&KbF(v*Lii@y&S+fuAyoXvl1Jlz&{i@-b*+O1A
z)=In?Sh-gI77c>qEt2*x+i-O7bi`BIkADZr1b6?#XN78Kmyc64w^B9V5-{#nDXEj)
zc)UL4ppC$OTuE9rfJy`G#!=7mIqs>_mawq@%_mA(d$h|l4<Us#MWveuGxF`#Q;}3l
zR=VhZQ#0ePXBu^SRM~!VVePs#X3pqDfbM&DF*@wplh9T3Dp})6)8<Is7qwgmgF7k)
zBtYr;Z{j{{tL7hSqau7=RM=+26IVIuRUTMRiYiYyk^v5DcLl&8sq_#g&Ve2bcioLE
zuhpOc&ME+ZP(r(@jjq)6<uV9E5T~mV4K}EXxmjB4;Fgxua_4-adNxGzk2b&&;bs{e
zt~Wlb_1SIBO)7o?!g_ve!&$12{?*bWt2dl(L<eu=2G+${daawRPc+xsF+1`PA4azC
z_3qWKU{S~ZGSEiex3gOcfZlx9FuYz0)0OXag4SE9i3&*f0d%C;we8<&)&l-%NH07B
zq^9rx<aOriJpA<&xjh;0k#tDIb6DZsBQ@CqL!774wV*ydV4(B0+`1WP?R)z4eYCxW
z&Av&h9RZ2H*`s>`R`rHmp8WH>(J=GLeW^A4?)_yoG8MB68uvKybsibCzk}{xK02uU
zb%{6m@;Cab%l4`Y<Fy^?)iLkt@6_fr-GS9?qea<kl~@y*^`&xcKSA}N4}X)lU9<h^
z3tiO(x$Qv&=eoh}JlD^O?v<C5?2Y?Wt;N(Rg6NYujh@xklQV0Dn%+?&okr!Xw-mw0
zulLaiAPrg|?&ul$QvtnY2(DkWc1>pN5s1t?sLow);keBE11rBMOWeuWt-=caSBmw!
zk@|cO!N`)`H`uS2S-S}%g7<S&kL}sj9(Z89-1XJb*M{Hlyx;dF;@wR4_gUWXVDH!C
z?AMds&!8jl4zd4Y7x+C3ynz1mhR{412GaK{7#fYvcx`U~UpNw}Y_a<Mfk-qKD_67|
zNFI04%|?F^d1CQ+BC%4ga>Rm(R631GZSlKf>2xNe)6P=FqM2MiPsk0)hg11{p<oie
zO5~D-Qn_>qUCD=Y<#MG$lkRflvXxpr4Yw~#`}~zgv&C|)iIwVK!Jup5nG~(G8yx`9
z<NjuOGwoKdH{cf{x_0`V!C(Xuz3Nu_z0qg_p<JqV#)HXZ2BY0d^}9`fkc~(jna&2w
zX2aiKeK_lx&sM7q2D7O;S!|$N9WICX;+t(Yd%Yo$<a}H14o9OY<Yqlv9!_VoC1PcK
z+nz30t1V`yJvlBHjb+1e<a)VJr|sG7IN)<T-Jh`++>>SeyS_eOug|Bay}N#XAU{rU
z-E&jScLLxj#!x&UJqMPRci0yc)iqSkb3!Q~`E!*JE(>>paB-S7rARRse}-TkJ{W}2
zmA39gPz|gVL@|tv<ppt_mhQU(1W@i8pwPG|dir)2<7;2zo#_Q8V!s;10bIahxe3?A
zU}OgJ`-z9~{_>;hZoo#;<QPK@4KqDM(bgp|-KOz^OgGe)gDlr&bGYDbrxm$)@CLWO
z(7vkG^&piFO0v8=__Wh}0_yT2rx?<;tn|ts7w1+flgXzR83Geo#ajxzC;5K{V63e#
z3@NBf;=CqLDr!dG*P`53Ez7E)eyET2jWEu)vtaegO>?XXPf;=nEY9>3CP_7of>d$A
zY%*@~Dah+WS<9Cj9bCz+>lWR{uB%2>*DLBh$)vAZj`O518kR-8s#-2hBu(_pgEFr=
zCZlkV+Wq;wYPw##ESNJvr-_fMp*SN6{n&1vah1A=A82d&veL~8Wk5;m@x$dx_>PH0
z0XmPP1QeMU;Z%hW`NK3d?fGLkE7gocIH{-fvShUfwvuF4SIT8$DLxCcyeL)d)BJ?U
zb<^}LY(|wLi7t)f3Iid|ie+Q6brN%p3r@pE3l?tCW~ahsgVs%S`qi%~)arw%0JIg2
zF0dVpy}(@;3_IIP$40w>uw^DK-{0(8w~lSU*R+R4bQkRGh)2^L-AZ_?9eXf#wRQ%l
zkGCeRTD~zH#*`3w41%>F?G4(D(tK!nOnh8B?k+|+=1e&8=u|eNz1NpSeE`Wzl2Ww3
zbH_<?$?k`Fw;Qh~uqC-{#8xOhyO*pXy7RIqI?Li0ay7}*z|#!5T@M-Z)}D`t8ZliT
z<raEhU!lh~JXPRpo6q(7Z+U-=fUL_W<N{E_U~w-gTrfOy&M_NGyX_0D9hlXQ(E@0P
zprF5JEb0A*@34UcsDzNOD*ZMR^+6~{*-&zj?Y$Z^!Nsuquxf5~OIYzP++B!Q5O4qf
zIt~$6Qfh6y75@>Ch&Cn3&{z>BX|1H3HeSwzUQTswDc7+v(#+0S@lR#RX1q6I&mfX-
zg<#8*RxlHKUq>?tWnmGriJ-YG#Edf?rHEyWl-(jm)pH!FyRJ52%Tm~gR2LWSgz^_O
zHvR)UHrVm^FaBG)F)5|QxW0}=Xi`%4`G|=ShM`ml@Fg*8Oh|%$7HcM`bgBS`o3a*T
z05&xcg|vyzOi(tqUOK62FVQrkTXp9lhyyo?Tu@yI*;O%YGPu~-drjONrr!12Yex7>
zOy*PYHgj{xls&+R&o*>1>k!q9bNoGr5T7yg(t49P<9#N0{!i|swJH3$$E@dpQeKh=
z8Ta=(LwF8t0w}L>Oz;b9AlXtp3|_f3LZ^H<n{wfA6ABSxONEva=766gidxU)T%S;u
zJYqBp2?<Zdq|#*m?<;dDHx?PEk*92?l5=SrO{MG|<ucA=N^A6U#r%V@917A($rw%L
zVtkbf2|P-vpbzCo@TWqwk_+V;uK7yC=SocAv85`YQ>88xt=e#&LU}qezkp7qMq0;8
zYyCsDEpw^DtmM*Mzf)=DO0*8@Oh)cIa<vx%y*>!d+5lQAD{n=m!A9Z|VZDhLgodHk
zzU0c7R!d`w$*DH#xLTvQQYF#`HKP01wOWPZXegg^R0$fj)#!!hTBd4i&9$W=x0hB7
z%Zkf|vOd{j%S3W#qYTB693Z!aNe&c6rg(FK!YM=JO!uWRYuLtx+)*v_!PTw5X~`f7
zrN^ojCadpo>F%tJ@22p=eN8FXZQDxyt;da{wZ+zlxNvhC^Ob%h<!WC*V?vH<#<>L?
z<?KmiN+-ou=gu<w0tAw7{5z!Y;~9w2rfJ?k@HDCM8_d?3mu4H0`l_g~#V&&2VVy`8
zj`EANMrJ^@g)DJCP8jwm`j<x&i-AL|(~~9|^m`)*lS7O)_d3Q;yQayp!YEcz;e6o=
z%ZBKCOH)o`vJouGN2dBDRKJ}mNEZhBu8lLJu|WnFyP#oBZNS)2J}m26-4C5?yUmQj
zDa&YkKQFr@s1`HDKR81HrPNL>I!0G45#57&4vsx3J-5v;zI$8C?pr4o&*@8^drv#h
z=vv*9<xPOJU)}s&lJnD_Ha^)RwVr#E=SrRJSQ?bhAssgLbk>S}ggh*#&QyH>kGmin
zU|rolwIDkLt6!OmW6j*u6_{rcF~Kj!Jtu|NTwN1oNKKs?Lw9JD6vk#`kAr2QDtwlB
zojy!+ax@Y&RMhrNA;RzJU_nStoQ#Kk#0GrZRxN!<srs_>Gh$s?X{D>#CK;E~Y)tIo
zed&CX?*GkSn_BRXp(WB|A{<sL#ZQVMgWA_XJruWN<eRB31g|DcPHTfY%&Z04SL@&C
zQf3`+x>D1}Df3YKl=GC+5d!$IiJg6XAALNh;_F;QzU@K>`C-@qf9I?8o^N#Mwp?KQ
z>@S9QsoDFX?6>nY41;%Wq~^Ik?(2%kjCbW6<1xG4<J8`(bK_9<>DAlg+8Mch<t65|
z`wo2dsl>aL_wigIY4d%n#o@cxR`Wi@`f(pJOQs>g_cnXJahn3ueatxJ@tH&Uzb)4-
zP^ACMa=p8|`>$nS==-m~1JS?h``^g_8~<<o|3mzrmh1n{!v8E+FeqH{`uzSNC=@E~
zvHF6+us_6-+2Rd_!%>*bmRn;DMWb<l|3%_TG!~C1Q7Bbvk2jV~rZE^zWJ@%aPG@mA
zU2Oe7ELR6m_00d<a#bM#0ab@)sQEuFSN*|AUJur)l`5mfN}b8pn$04U>D=FUt+m?#
z_s5HxbeD6*YV%hZeChW3{R)$B2=VIY`oqz9Vky&%^xD22a5Af%tLHkynS3c-Jl^<*
z<GFGr*ce##mdlt@DKOiw&erRUYO}na=`4e*fKD%10@*~D<C>u)*spHfJKN*AqJLji
z&(`+mgIJ5Y*64uOTPQ!^r7wc6i|xkLWK|p=7sKnt(P~hvRHw)8+r#53em8Ho?@Wpb
zS(f(Zx0$}>st&|%z$57!e!y=g3PR&^Mz#Xe6eMT-fH$2pLS3}X<^3=(6OO;ZBMIe1
z;WN+V2a#bJ<^;jCtq_MXmh)ys7Q_c{D=s4{ql7+u=<8UfWydcW32rT7X|dRa;v`AR
zd}s&pysGahu0)A#gf2*ylw|U1k{QS8%05^p(K;_7Ct182;(uava-mO^)ajm%ligk-
zHmwyF%yAukOFgo4ygD_`3Ta6x3iDsr$II3AcgoI+)6v`Zf}ASOvx_raUGdZNLoF-+
z@femClsV;msFna}KU6BKn$es0H6Z%AHp^NXOQ<WlAz+art>{KB5(h$mQ|FDddBrCN
z^Lbe}&nT)C#Sg1)R#%Tv6;rovTf(YjP5n1hWOqUAx<kyMgAQ<4$aP(PzwuP=^n60C
z&?(eYbt}7~aC+MdzUgV*FW@4HQ47VMJ=d7VRgKaHi%7%Re{EoTILt#i!Z3<awMpOo
zm)+7~{9ee5X@bRP%CVp8;PYXMW$~!^*Y$Gs<4p3jiGKshBhAy?C+MA1yD)hTi>NeV
z_tT=h*pc&+vKp<;oT^#P^NP0H_46t!JVT$bVHoYg8g3e1!UjnJUgG9QBYeV^Qyx6Z
zHp2dPJa7m5UZ#E*`d3fF9tKiv%{~O7Zu|i<BSPX~$lx~85rxuD`%#h+e%-Nw)lS<f
zg@Y{H8D@lU!?{P2Zs)~8As_oCS_i(zS-qQV%N6XtZ~RTtL$23#QEyD^n&+X+*L}ob
z&CC4+Gd<@cI8yKD-HeeW{ZkY>{hx<*yV>uj1#$xa$2COdp4UuzJ)gP@j5yBsgDg3p
zw=+MzpU0cHUOq9CK?0x0qru%DP>SA%-*Yx2|Mr0BtSv{h@_s*yyYC2Ze4q&NfiO>b
zuLtCUpJ*`r-(LA!6l>j}mUqGETl&zf92_4K41o_$f8j3K`>+b>y<n;f;A>X<aM0&M
zfiFdRf5gPuF*@Z#_?HNg_1gc5hFFDfL=hqcm<tohDn$H|K0szx>&JSSj?_#(Kz}?P
zq+xSV+)@+=b;1-S!Jm(|M<qsa6CYtByHjo)I6z*18Ky{8h!v4006E4K1A4^9)q@?P
zzn+O9RN8rZ7N(PsON>iuJ|w136_c@#kIQ-{CdR{&;(oS^Gk?G*6w;9Vtw@u^KT$|2
zl{O~6<dB>TxQ~tFCc!~s>KCnjh>rFqrjdFaH^hESACoR+O41nE{q>j-+k8w{fywa&
ztz<trRm#>jK5Z+Tm|ViLPxD(sMpqLhjo_CVA)@+>=?ZcX21{8L$-1NmvSOqQaOf`;
z=bE7FNK-DvW2pe7<XoWYLhhxs0j-jRusd)uC*z;_zm76-6;<UtP+{}(h4OhzzND0S
z=W>x>;zHq|Ndc%zr^1773XZjk#jkK?qRJOiqPYzvi1+%^3YLt6DyX6F)p)d6Wl9+z
z5r+F)W|R&Svw6VSR3x+##qIN@kQ-F*P8Jo!BrX|y2v!%k-@1_8k)p=)&SlaimNLuk
zG7Yt~Rkp!ZGFe>Wp#qD=a8ni9Rhh&26HL`YzbSS3#cP@zTXMqDOeyBi6WFO1d=B9*
z^*3L|ieRD|;A2XSOD+_fP3s#6uTY>Exu+RapUYTscJ<9PMfh9UYQph=Rp>bv+$=4r
zkr_Hv5)Du)6eDcS1rIftdN>-L2lcg1-4_=hSYxn6h^_P@Brxymvrd%G1vFRJE`-$E
zznNM)uW)c+ccFRDAesQ(#Z`v13q3PCc4=k2rw%35gJGGM-cHMu%DYlJC^HxxHZ+#@
zr>D9n2yQh2(swp>;)CUZG88R7cb4QR2GDuaHR!%oR#e&h&W7!S`YP~Yg4W{5>@R~s
zSPc;xfCJ>Vw_%3ZhG;YCL+s7B5ssOLShuOe|5>gA2#xV!(nmx%?_=V!jfrVfM`YaZ
z|Ci-@Or`Zcp+3`?+BS7e=k-3RkI<ApDt*F~^*&`T+XT#9ojPFyyieQ5Hf5hmpK@)!
z&$!Pt<-Sgx@_oL~`Xe;wL&}^9;e5=6%RUX>1(nb0UlZYZl4?XRoYC-llBA71snR}7
zkPy0X;_9fB6*ZoRifigpPmWa(>Rf~&F)z1AILG0_Tg63}FH280OHtWa>TGrzwWMyS
zc80K65?U=w^t+Ilm0U$ol&(klKH27PCqjH&uJxd|wgu`S*{+f-m%Ox=2ISZ%)KTSk
zJS=n$@iMxWWv$<cwlr`E*~n*ol8=#@HruoyTaA7a{_ME)Eq-4IXbtb3t;i2ZIkns+
zYf(+tviBhYFKkgH4=6nrT6SG5U2p)4v$5!7z(@FIHMy)6inM1ZAwI_#cG}}Y*AA0-
z+H<+ngk$R4_F)ds$F#w&)3NvFaj*%eRFv&SKK_m=8NNpuH}Cx@2lwK-mH%>C%-LBF
z>o|3fbG{4j3Gry>QW(CI{NUHwt!U@uYmQw`n9n7n#%E#4%)LS0)|Kh1`|zpGgU=<-
zt@r3lE4-;)|LOOgkC^w`F9PR;Fx<NrS)N_InYU4?o_kj@&jAHGk2*R0M`OK(1A4vl
z81|eSkwxz#!Jqd<DXZH$M4po>TU+a@o*TDauanvBJFg$@<K|V~OEftL&ws#e=b!ew
zki6pFw5{F6lkZ27-s^1Uu9H{Uu4@Az{l_ME&-;ej_kGFi`|)4Ci+a26=jUyo66UUl
z12z8F3jX`n-mTjKbicVAxyx7L-p3<Ik85_n4-CKaHs8fIKO=IVMo8aoa{mr7Pl#}w
zb4VAlQ(yN}mVGAwxl_M=4DYixe>8EwKbU@CP<~Tp0Y0k%KdXW3VF48G{spZ*KW>4H
z6an~aRxISsROLb7?e@o~Zc6{G2hD=W&4cKnf&pf}MBzcQW-fo*1Lf5NP&s_p)4Zi2
zon_M9ES3Ux&75Xit<BxsIo13b+=G)?d~w=?wai0o-JRqyf|0|6d6k`%-U3X-m<mz@
zhEHrn&BLCKT+A9>nAL+r&wPLZ=`Q$?p=x1%vh7SPm=SJJ{tl}_$sD0RW99@H1aqgZ
z*5si^Z{CvTfnjH%Ic=c|XMxJ*kp}J|j^<v@?GEngftG9GGba(b<gSa1-ht+k-5hQ?
zP=S8tp*>KpyRQ+k?LKnh0g3LR!)2BhZ~icC9+#nBmFm$PZIRkgkrr(+^kY$jW09lc
zF`A<hE8;FDXI@F^{$=WJq~);??O{Fpf#T&c%VHs#>OPt3(Z=eL+HPT!=}|otaSj|I
zza*mAIihw;qtw!a6wPBZ&m0!igSy;f(BET=D1wIEBZMgu(%wQ(ITAQH67L`rx-p^#
z+9MSI#a)iYA*M$VbO0kA$6SHpu6JiaB$SE2&wU{?;_K8CQp^*4%7edLJ^qf{(O~+D
zoF@*6`cg$C$glf|tS8XATf=+!gS{swtj2b+TP>$2BB{q+Q&@3V1Y%PJl2CXljr&7o
zP@kg5BD}{)y~iMp1%HVL>p(}Sj{5IGCDY%hT!f}3mAkq^CrO`~(_;k(oZ~>Xr(t<`
z+gJE>nuT1mI|YY%5}w&@b42x<dBncOHDRPIn@7NCL@AG_-kn+ai3P^2+6R|sCU7!{
zQlyKB+rPReF=Bb1k7blVqj-%4nY~BBdH8~R_<};a?zm?=P{!z)rAe<wiG(>Zl{uTJ
zyU4re6iZ|W1J5$?G;%c5GsxcKL9udl9TU!8v!dIB>{sIkOS9!(Gb`ME7T%+1#d4P-
zLIx_bXCh*=GV=BfvQ5HVjwCD))ld^bt$t^s%(myzMOa3dJ7lEh*E-1eoD;%!Vgtgd
zk`wchpmFBMEPlue>V8T3SriaqlebdPkF}E?uSA}7B+e#Ud8QX4511zl7C|@`^6eKc
zGP-hUhT!!VsYTEoQx*w-kPsMJFNYQ(hB|OzVPUuDK9iSlQP|2>;v#O?VN{xHZ<OeM
zl;~rZ8gi8yYnGaNmYPqP0Xk5WB})Ko#TFBERuiRrttFKZWe!wyhvK#mrTGl$Wsa6*
znIl#}Ny2h}Ny3zhJTR`jTu5ijG>_MeFfEmEiPe~Y=FWo>c?<7eDVZTR&`}>A<+1aA
zLup>UkQu@2S;vr-1RmiE?yjiN@ue^okEZS&;z5`h<sFojq=Dg&Veu>H0j-{yvCt_E
zA3-yt34RlvQ=NWm<UzG-nO~=AU0j&vXH{Gosng}*GaLbZnn}swRk)amTNpLPZ<W^W
zCCf1AB%U=kYvm@KsU(!C%3;-<6$!iNPBu_sCy{l;5_OjwRd|{4_Eg22nqEN?HCJj$
z?HhG}IqNkr>VBxIcChO`kxJG)6CT{_^Ci+=*8E>K>Vep`M<3Y;+znIZ_2`=<gq*;n
zm+;8;^#(#K&q9ydsq-{UKpk{eBhP08wG{@DTGOI?1%5}$kY*YPb?(SU;<#m1n1{oG
zdUFzcodI+$zZORId1VM?R#bWwBSkF>Y&cLeo3hNW;I&cbvo3qQKGd_N>R0XvbolB>
zj$V3p6<a>+Sh;PP+x$pd22~qdr1u49&aaD@qSMx0q+Ion;&3b8+X<XMo9(rzf$JIA
zLKjVmpJZv9`H%g@fXoi_zy_O5^uo`ge6P;(tj<b6XZ2=h?Pq5_4xo`6(5wY$^#ZhK
z0XhMIu1!GCC!i0fYk<3JNULkat7|N)YXZ<U1#A9W9>gKkFypgp3AWoB_##lR)jbOf
zGMi<31O~DIXxxzM-m>a8ed*rA0W4Ef|CaADbLH_RWZT2(S(fbC!T~wj>^2eQks<D-
zA}f8T{_}3tV?@?_PA&L&*$Kw;2Ufces3ics)d?TnyIIw1IMO?f(qGNpk9yUEzyksq
z%}3bPiL2cY4rhwVBS2i;Nvhp#9NLf7teeQ)cVaa_Z{5fE)vL?Z1KvM~(Z$Cg-Roi5
z`<t-`{mO)aMiw-*{nyr@sP~Xo>VRalUW``1$k!0vlnGEu5y&!l?KPl&HK@@#Jfos0
z{WT1ZJ0i+6@;6!+(`7_&s?YLkNKJI)Hbg<FYmlw0XN7xoNy`MN7(Ke$Qu|WX{dzg%
zByFMv*K4~q{OfZF-+MR$*F^BE@8@`|%W_D{VIZ-3B>9R*szAz4dh8Ns9D08=JKH$F
zYXG5GE-rf*Az(soq!)Wiwdkv}@oTWHy00U8z`eT1_p84)yF00R(sXJv*L!f3rhnLa
zDoA=@ym~6VtKZ<OXL4#v-FkXfdV1ZvXEA!p>S}tnWY7$I=2J`e$h!2TdfLeuP~T<B
zwAJOGJ@cSF`{F(OmOcB?HT$(S3;db|!JG3$<1sd3w+J%e${w{;W=J;TgqfCddo+Om
zp8F1Ah=1(G6`fUKng_o&K$77eaN<V2Rv`RlC%%^McmmFoD;QvJ(_s26kelc*$SmN0
zBcD$#Fze9M`xwCGEP_09lIkd173(Q1NxhjYMTK;`9oQ&)OT~)lFD$7}xh&z6EGyyB
zT&u_(ny85CEbGe1YISQLwkRs=jO+#pEiOwNz?0i@En~F^uCq?3e@(hcYjJKZtj!Y=
zDz7Mc3mf~ad>)RqH?Lf^=#QId0z%f{OvOMTw5@4NLS=L%NwibY){T<&+gT0b@CcG^
zRJu~u{DRl>csDwhL?BBQI?%LyUF6(#@OjqsgqGGCj5j(<#2i?Zl}t3UzH#NQMI4`H
zM_iP~mbEFTHN2FxEnO5poAofv<!8RP=5(a_fxIfZ%Nk|MnqfIx#35pdrs@<q+hIQ2
z0wSB_WD3Pex{M~e^D6ol7~41BJ9jdL6VFl-Hd`m%8a2Yh1!%ip+q<{$QXRZ{y~pc=
z#rj9r`j$F^4zyeCE>oZ@8+!>QkMKKGM{1_gn+&8{XgPJj?S1@O8LyJPoe=%Q<b9!>
z#T}nz@YqdLTA_uZZTKT4t7Wwn-l@&)RhjPt%@AeE8~%%JMJ$9p3j6~&+1-trP2lsQ
zSc?i1P@yH}h#lb=zI8vig@pG;_nvicd1y<(W><)B@4`m*LRr<-@%ZIQWi)1Yl=sAV
zW>eT#T{KtS(B*)%M#ElqUm*8HAyyPv=d_#qd~_|nm{D`8O{aNzux*rkOpj)`Ya)Jx
zw|8BAmgaMkT(YkIebxwn?p<<jm$O%Ca$W#9?&nn;tJxp~o}=J%C&=g>fS>dTue-w2
zS0QXT1@D8D>Qu<=DfUq0OkcbnUO2N{_Tw)YO%E?T9%@G)R{O~EO_OYv@WRUKIMIqX
z;9d9Q&qg<{>TVxU#~%CJTwm(!VEbM-;GG6PEidcpNzg5J$H-mBs;zB`LFAspxSlJ?
z-bj+3zuM~Cpq{V!a+*Wzs}SEQ2;Om+-pL2u$rjwPj@(He-iiOZXCk}*_wQcB;GRD8
zp1bHCbo(Cv=l(Cj0}=lNi5~EQ%<q9B?}4iKfoAuC?&pDl;E{>{kwx#3&F_&T?~wpU
zK)AoF_mOA!k?-eGfZ$1p|4CTyN!0I2JnspKZZ|n9c6hx_ezqfo8e4@iJf4Hm`6C*2
zBBTj2{kkJQ$g=Y{dnY?m)Ye<aT6tq07P9fK9mjaOWPjP;`TBq3i8gkYg$}QN6?L4A
zvD(~aZ4y~+Z$+MQ$eteghWrkWKS*WJ{(4wm4XLjY1a7Zw=+1hvDW45$m9+`V&zk)2
z(a;|iqc2_?$#R-+aX7{0eno|LC~0+$N0`;n?OATHd2H+Dv~4dqUM?>gF?kymL6;Sp
z9PNG+dF^uTfoGrE{Lk8QRog(U>i;Sr_s<t8zzaggXUphUR#t9sRn=QtTj*o}AUvl(
zE>9^hPMolj<+6b^qOusXMb^Vp)+%eUGV?DW(`+@Tq|^Imw#{9_69h?MPaqHk1d7F-
zL0}*V0*MP3Dq;U$2r8^(aQmErP#`wD>eSeLkx&Avgkg1g!{J0MDQ(YGyCacQCO+}V
z5EROhL?)e0k9Ik;iBvYX2hiJ{*<w11Jcg^=Be_H_fs}m2I8)_PwN|>uP(+fYWU@}a
zDEBuuGR<7Rq>ScsWJ~2nIN4>X3U@P&W{ObO4yo1Ct#ZG3PT<jInvFu2(Z9l+OZU6k
z3>yH1>y~}_TCF!27?AEOy?&=FpMHhJYs1iF9IAuK_KNN5sHA1zbtFg2O*u5n?6LL=
z>-ea<*DEsC=aa*tsW$~951yCls4%M_ZX`FS>2kOPU`02T>ghDN1AlmP?Nt0RR5u+)
zJCpk|_H4sQ-;49<{aO7w$(}aL-|I?TFYubXAzRuKjw9PXhpsHo+^|qI+xDL6N!1jJ
z2`9%tv0x?N^>gq*+t*TCDARc%dSo|ni+eQPIQdt5S{PPBy1K2+bODKfrmx9P<mw3Y
zo&oD}bE5Yx^66gW5H1*5a*D~Sar|5#SDyM0y>?A6N&xr`Jr(cM-2@bU*Nrsm>KCKP
z;|)NTFJ;OYh}09~n50yW{J0cbS@riSVVaJUXm(`ph=fH5+X*f~78i?@UQz=7$w^vp
zwODCbT;cPK7tRiqaR_twpq^Jo#JN#f_O*FVUg}c0aS=RX0(s>EeR*c$_xsS(q(GXH
ziUL6Kn{iq$U|DgDRM5pqT9-UzMe3y88(HdC8gKlRM%5RCy3#HQ6OS0-HJb8^wYJNO
z65f+5K)OE%eOBamF`JI^s?kcj(|*ay6wl8v>k8x}sq2<GqAb&v@9FamGtK^@OIfPs
z){5Tpkk;#d9a-xl7hwm0y~UEcdu=8vV|$e*tmXdz6D+}N;&1?fLrd-bb#&cM*QN=}
zP8>txm|`bR%*@Qp%*@QpjIm>8W@ct)#+VsnW@en@{GMmtw|nNB?w)T}|Iw>!<vt~;
zcG0eVBwe!Bi9DQE4078SJ$e0?fX&%De55*#eG(|~8Q`T=nLi9-=3d!1oIs&60dmv2
z?ENs#pvJ>ZG<lhhvjWRu$gmp{&8|f(v*{=95A(fY>djGqw31O~lq%HX9C*ToFVCd{
z)1#F}lWS3~jf0ILS}5(zkrfZfLIqeBan^3=nY5)-SVlC_IZ*}&E`yVe11aEC1;>;h
zqota=Ax;%`Hq_~Pr+??T*}=Yhwr5LLW31ZEt(T*t89I-xyJ}K9b-vX$?{|~ag5#CS
zE5vcUzy8Bq?si0ll%K|>R^0zmg-VFe<a$)TW^QrvHUG=gON$_<`?dXH+THb<zoyLP
z=2)A1Wp}>j^F6C6qsYZazU6}pMlNuiQIB3yE$|nl22O~fQ;8?mjD+tAOdtA6J!1}p
z?{VgHp&iD3?gH08a5C`_M^<>i@k!oE8S#9=Ad?o=O}EdH>s+WD_xq@(9c9tLi*Z5a
z_4$i79PxYu)=rq;1n(HauLizD;>bWrU!5<xO#CDY6G4hSIw-Xb{1gro!J6-Nzx6T+
z(8NuI81m_UpJ@<asGA72^wmY%W)ftXod|R6(Z#rK5ahU-2={!ihXuhb#KZH^9`g&v
zsD}~zChSBY9*NHNXJsJ~g-L&=!}WHmzzRic83jRAyaxhfVVO9apH#TmSpxfmE@0;#
zo55S~jK(4=vofCHA#3YI1_R;Vi1C9#xs*OH#-ciT2zIGSKSaEyv&Zi(1jm}yXuT7^
z8itYUyBedH8$rgdpd*Rd(5i;W-46;x74ZzvMbV`XGF$SLC!CICP5Et8tw5I<z3||3
zJUY;run0TFf=fvp++frhOQe*_pv*huiXA+KWSWa=BvsJYN_9<TF_?X8(CbH^ZP-_J
zt`5zoBcw=W57cwYoM$Jmt!l3<%o&1KbN=qq@TYZ1_J?h7B}LN|p+t@9vWRFk)rSeM
zRiSh^T4RnM+r^Q;NAhKw;}(-taDD5B^W0tM7)gg@%Sg^VCASf`29VLSOg<{B9c~Hs
z^J2%x)l!?y5ODJsQRsV=6=g3(NDZpI5ZPGN7JH7SQ^3Yew}f5ifG_FG&<K>@d)104
z^P7;`GAOp@eJVhsBO6)gQ|@q>_4&DCIDqCqUx*PVAc}9S;?Gjy%Y3NIQi>v@oxJcd
z&#neKbk2ZvOL^79A+ux@`L|HB^wf9c+N$T$HHKKyfuw5<+Ttl)-r`|V*m{MmC3DN#
zL;2Q>8HY`?VinWugawRR){ngC5(rEhjSfN-WBPJ~8$(#hf3_OQWeeBP4pucS=Gw*i
zKB;7X(CkBJ6zT{)nUP_Y$-_|6y$O=EJCCD0>_c|uPBql|s3sR?5Yrv_Y#C6vJGwYS
z7is#gfH}Qi?Cf`#`FEFXHcc}27a<OdKDsb;CgYNg=|J-2X}W_588hac6{b2IfvPX2
z$$AVFiGz|ao9da%0>qLFLoROEpURJV$;NDkHS=sfbAQ@#3PNqu6SzcGkKLgvOB}WI
zvrXA%Gh~@t`0dzdn|9q|$Z@+c=J~-c1A^U%=j-CQzkpp9a;uR5<KjfPpIr_<yRnGk
z;$(cET^@a_v4rE|RQd<|0)BQAnfS%&d;$9+`BoE!`o)=YKl>7Wc2kwP#o78k`!f4h
zQ;pljx%LkZ6~EZcbiOXl_X{{w#kQImFfJ{O`8m|&vYVSIE-lXWIn>p*np-$7Ev<cU
zZ0KdTu!&z<-W70cnrXFgc&T4nIrVdF*=DzNnOj=D?Q?9qZngBdU0Qqn;M4)ZVfFLt
z^144p2Y?uFwTzeYXI}P>3&Z2gNfJ#PWiF_j+Ji3GGG*iF<}QavB03VYWDC>sb`Un_
zBCJA9hC-0J3A4;PZoFmZv!!#7c^hKrCL8cA{cglvA|my5d54R#iOcu%Wdd&UANKHu
z$xICU!mrQ!?Cs36p=q{(lBs)Ar%hu%C)edZt@|^p&i#dDHx>Tu2e^VPbH%F;+3oH}
zn(3@7mm0U#vaBaE@vQ6398N9KDF>>QY#Y$8j=i`Zn`V-3Yw7HEorbMPap7+3Kgykk
zEL$(VHCe`vJ)H7HUpVH&HCY#~CGJM5+b&{XT?esG&ztL4uZ9iWR(?^q3^Z$8CYL{N
zz?I*x1h3xawm+Anraz`EJ>Mp3a_rl4JPmw(y(nLEyNE@19~XVSo9=I0Ox1Kc`M7qs
zHs?_-efp3oyZX>p{xaV$d3%$ec6|c(vO1M+wj;@Ytpdq$Hq7zL%UR#uUQEggeCl}C
zt$WF4&gpL7^=Z#eZa;futBh{@c*XHytK;)k2i*Hk_%EFZc%6uJok)D0U*tNG^*T}P
zI=}jMev9cu&FTDJ)A^%^Ta>5mXcGo31Q9c(27S468Q>uz?g~fh!ewg@mhBQ0?K(j1
z!Z73U3FcWTc<Cx>=n^093Q6X{IpX=b)Kv!6og7_DT>?$3*0sgUOZLP=ZPqQR+D%8-
z$QV<fo6RvT+c8(&{VLkT_QW<u+ssOe!&$?*g3G(|uAS{Y+v_14h^O~udpw$1c*Hum
zrg;VExbCZau6cWyrpx$oxNc;bW{O#4j(P<2dTKuMA8oRUJ~0*_wt|K5E0OigY_dw1
z@Ux5Jtv0vyW%s^6;+K2kWd723x5P!Y#Wye7qc+X8=h~yi*2g|v$=kwlF4}FN$FC{Y
zXI3MiaK&f)vGIwO*T79c8cp!x2S=W2ioIUHgI&L)Z@*JazjIE%%W|((3dfRZFRyPi
z44q*23$LIF8k3uEyGRJ9cS!G=ET4T%zn|TJzwbamjF7{7A%<x|>n|-HWCOl-eVk8y
zHn>8TYW(JWLL5DOS~1;h-Kjx(Fkx~69%B3<(|rkMZTdMp$t`@P$-OosgK}bnW?y>L
z-w*lZ2rT;WrEdvDqYY+03E6xUj%w*sd+N^|VM&|j&z5G6U+%xOWzL=!>~<aU?inl%
z5m{Oq{4K;%6jKer2$#kT-kJ&*>owKL4ZFLFB>E2J&<PNK5#|WasEZkTB<<&X8noEr
zX(eMaa}(A`5y>JOQ1Io07OT;t8|nKZ7I!rijK=<4Eb9Kq-$^Ij|3#cvt<~3Th>n%(
zMGdVl6s>iJPptm1x5Z7&Gr5ODPUL;fNSc{A#B!eyACrt8tL(^#Ob*}b6yK^?|0lLl
z%W7Wlqn=^C(WH{Wp=r*h6tN|~{y%2yid)>1BR%t5Vuv-NEOPbRBc16zjF)U<<u#1g
zYGc1kcrV-}Dc$(*Q^p>9#-66fp0~zcuEt*9j|0f#VEE(U^yBaN$KT73L+Foxupfu~
zH4YU!4xKv=Q#<~#cl^`LIPCWL=j(AehzWS)2?YEJMEVIN{)sR06Uh1#DE1Rye@%Rg
zoj}c<fcsTkL7nx987K2oK0-9v330BrO%5y!c3sz3gpCOddMrv??Dmba7nLmH!k46V
zmg?Cd6hik<%v5YyL>WODY-j5#RAbDeC_Do5NeWmpqT@_=;>3hbnQVmAQ)zOI4H-J*
zJOYs{s?j*oT3HBc*<NYchfWy+nn;G;97c$A?iE?-gDHBMX@sSTcU5EnO}gMH8aM2;
z+K^lbc#KP;9Nq!VQ4xtB360)Rs^J6mH>4r#>R=0#w8?t{JZ<WXLPF_MbbA^ZqeTQ5
zFrxR3<c3KzM=miz_wvK=Gt-STD!r5|*fRn$gwTjpu(GK#^c1r4lQ!Pe%C&OLrPC(*
zWsutCok2xrxrFs3W!pvH-8V=J=Mw>3%7Be8?3MYg#09M`2nEiH4)>p9Ux*98Wy>V;
z6gt9|%5^G6-xJFd&)cw*UI!t098;qhS4OY|#r~0d%%oVXg58@eu7;lXVW(UmDvwv8
zipZ58n=c4s`Mg0=$=g+wabEF6Rc?j;%@MsC<(zm6Y9V&xYoL0m9r{9ux#C9F_aVe2
zVsQkIqCA0La>37~_9;b@xn+L*R81S@a357-SCm_d;O0nDJZHXcHOy(ylnckIgn})R
zKzt@3F0-Ld>HR+6-BnuovnZZ^;eB<S2F_<+c2yLZj9}!_CK-zTB9+XQ`9DEQ-4Ipk
zVlfom)P4MvrO4^k8S$0!$(_g*xZJ98jd}al6hBuMg3T!k$(2WAWnR!BO6?&sr=S%^
zwpDx1m&)(M=R_#Bk`}u{mmW<hPZ6gwtki6ZGKX=<MrKNfvQ)bwDoUPLIPuk+5~I@1
zi_?)6N1Ik!lhmuK6t!Db`b3tP#WgSwW=Tv-gqR7ICKoQARri9F>v|WDhU9UFiKnR1
zu1Kh;5tb&s$lpz=V-zoJuTW}Nsy3>B9k(Y<wUK{0P(G5^JkBL~pVl{vK6QY<I`FI+
zmb<=3zjmFfS{6#Cg;*X9z8ZjBGzgJg(WTk7fH!AO6;4hL@1Sb;OBI$w^IHB-&Y;$J
zjitNmRR!ihUpSQFdsnUPNglJba=A5{coy$$(u?ucI1o_b1zvPGBPr2tl!9Ul7Jena
z|FDFZr&4WSo(8M9KqH6r^1Vq|ry5qb3^fUt7Mm!nkXJo24|@T#uk>RcQ8~BTdjg%O
z);K-tX<c*O*WS%ORCo^vV#Zp9peXflVP$YpZO-3w&^z<z?xa-<XaW2hCD0otG%5)&
z%PP_o!1)x>kbE-zWNb=Uj=d&ExBTt1ywdT+%r?rRcOD))qGe{#yTsY;z*#eL!i&Vd
z8fHCncS`)Y<Q{yz8f^u2d>Z4Q+sYCKhV(SzX&Ay5iPc@jh_?C07KGdPS>mBIx#E~s
z2I}-EQ?VhLT08}YNQNg5J@zjcm=GGsG=@~<nfwL}jxQ8gmLKrkZzehHm!D^_)#G-(
zB@Fc+4avH8iBx52lQX*}tME1q09+$)1|z?+dh=^J6$|oEjx_H&hLEy}2$cOug8e9l
z{b+&x7=?YL_r~PJgpv=dU!u~rk#nh8DuXum@Z}9OT-LdcCw)Dt<2W$A@}|?`j9)X2
zPr*#kXuf{Hk>#G5%<{uxeKr<FI&i`_3DlVOwa&<ilcj0eD7=|N3Nk5OHF-sl@pz$w
z;E;XSm0NscL=AJef{s-;JDvW5-#}3PHK`ID<B#c1-sms2<6o(|D|vnH2htkUw63%0
zvPZTosj~J*MtyTTxtel|`&~CHMi-mO6h!SOsV{o4249yd6iSN+2#^ibO$d+*=Fv%t
zzEc+QuP7EN`qb*#K1U?#Y_%Axcy5%~P98hA{>hCXTt}Ig2Gdz2NZoWW=etqZk{~Kk
zm~)>A_g^gCps=v{K$p_0*NL^r$FXsCVg4RT`<pWUAEok5SWD7C-L%oo7W>mBp|z~%
z#j6Wt3JcXn9Q{u>%282jCj^@a%%?o63Qs3nyYy$|VOtyGC)lgz@JmUZFvySF+WQ43
z_v{)MJAbG(w11me)fcY9ah6Grp82EH3=S^pyC1<Y?7(;~C5vy}^qvKvt{{e!Bi9#O
zUe6q(D<L(nzhWyur|G~!o~oywzx%4I>F{E0OK~PJb@YBs6M^vCp$ypv%8R?y!w+F+
z7`s-yZAD!!E6juHl40Ap;mRl!I_2a`A2n&3Z*&BUk4p#Di0dcuUn=O^t>N+}!Shxi
z9XDURkuK;pex(1Q`FcTHZcTl2F!)^=F<!Nl{19nQH}dBcsb?GvEfw1w9;4&c6S*DT
z!dZ^?A;Fv-#n*DERW0D<_?yA`;<hHNtreeXC^_cGQUo<T4a&Hr)%%k<VDpNsjwEuX
zg0iq&#nV!U+@W>C@`^&&6;}V&Z|g(7eSA_0R@yf~Oan+)J7G`F-ED+V!=FoCN`H;2
zn_$?Mnph^xqh{BhLtWY=l)`jfQv>maslMXnt?rkf9W@-WucULg0;=pLuvD#H)sFjU
zwaf|33<wG8<P9m55lu<*w~yK-?&9O*9Zd|>uT4GMXOXIR&_sXuznY@sRt;L*eegRn
zSTWvAoC#FC|Eh~TE#d5?X|6J58q<6qKI|N{bnkQM?DKg4^P|hpA1>a!&R^IbVig{8
z4IlCxAM*Vl3gRCM^B;;dYrKGeUPNZp#(JmpuNRTAu&}texU{siXlX|PFW?mbUJXXP
zyu30pGCDds*4NixUtfX$o&I<FUom0dzyF*6eIfbnJHZ9@3ZVXf`$BTk`!Eu96B^=w
zy^tK6G3E2V%7ENyCPSfE)zbrgo_<3q+fX*Hbf~U$sopA?LX4EEWUkBsHH5vn-eSH=
zC3@#rH2!eCTLNNt=JD&PW}oSgx$DE&s<j>$a>7+Nd77=^48pQd(WaXHsRG)34baK&
zaIQjkIB#F2TIaVOvSu6l_d|oey84snA;tRRv7}R$x{wIQ`L5RRwOq7sPN#hh*sPvP
zu64Jk>)nR0M-**tLKizz#hR2q*dK4R{tTx}Vp2SG^}b`(Xko4QIDY=ckYaoHysK%S
zVXwI21%45a;xo4Gk7bA7sJQm)n?XYKufy~FOcOLPtc?J?IHQd~qPzkfaI(6+jbJM9
zvp*qph`oOVAB|&lZ81pXei+QL8-5FLi=3Gag$2v#h!SJi--?zJVBUz91s~6fr7|eY
z4Ji**f)7M?R^Cjgxi45w?9q<b@>z%!T(+Or_eZnz3KhV%aT0)xOB2LyjEI6MAS%cZ
zLkz+X_BSac%BqMR@Je`}O9Y=29`vm+H##eUIR2e9NnW6yA4_5Z-9sXLhIC$0QH)5?
zH=|-Nf)7c1S*lScuZN`#QN~4LJ~s!483B_br1?3_LD9J}3PHwYBMhoDWt4#p+u%eb
zB<A3iUElYLOErj(vU*TVOR6#~Od{gbO-xR5Q-3Cw<Q$S59<^L8zCRWzD=VUmS!ioA
zk6rapHEq445IyUJYPLHSZf9W2Z7=IuG_L?RM78Mp=A*~e_swECU*a=si(XHu%@3mv
z<Yp&p(ZQj^i(yTQC7PTx98;=Mnq4uoCe|Nr`$L@d!^Wd(8*DYdtDI9Jz{I}h&~b}#
zl1oj0;%lXzk<w+ipOTOrwVxGHRj-{^bv3`?((z=!nNcZ!u9-2*U#VLbuZO)^G6`09
zSaz}%XB5!;TKh^Rbbn%cH-KwOdOrBYXZU=R7@{p=k#gZVa@%x_sF5f6qlD}q|I;PQ
z9s*1gmaT&3Y3GAKrD1V`R{avryp94xE_u||!LH3Mw;KB=9j|4qhfzzR*XNanWo$cr
zkFbsl<CN(w7Zc5)@D~`m8t&IsKXMr7jaVfaZssl99j~@Iw;p7CbaT?Z^H(Ke#v;lo
zJ<V=t?Xzz_caFi2-+o+|yikn162~*E_JMxIs^SXz5^ke%_+z?-vGEAO$|T=f9K6v7
z%O9v<PgRz%5D?<oA?u?h`0_{FsV4u+=RuYc;eb~yqEy7iZQpj`(RZ5$t>uH{ZYX?O
zH#CYI7#7C`0h2#45#tr<@l+yQCB?FCdm#Bf`JK9mv@Fe+DfLp=NC&$PuR$bE*8Cc!
z5(XE;mFp`In5>{C8e^3@2FHtpt2+;~Qv1F#|ACJ~;oNoh5O?i>fw3CF#&#_@1N+sl
zty=lq4H8Tb8*aZ}0DLk^-A&^i{zYGX$~m?JTY|sEUXtWZfLaO~CU~_&508U+a03q3
zB}0H<=&zh;m=-*K4(LcJn-X`W!dHDUJ;9NGzmgn3IAXwZnK&MjN0%QcHho5e)Al8g
zp?<$lt=F2(_6nV+Dv%mVB0Nr_=LczgLcM&MZ1|`vK3V%7Zy|Gd^80T5Lcq$)<3nCL
z09)|)jpWZUDR*+vEJ#CA9W%asA3_WG2t_!#Uo5l0p9uvRhb97WYBI54_oc3s`@@p1
za)`tWIq8cg<C?BAkb4Qq4Gn)=s@MhLjP76abdAM7e6ipNE%5j$GM$A|s}GI4&mU7X
z#Y$3}FOW(EIysJK%3K#IjUEW-E>4&2)I>|o6e)o{aDazgml%l`3$_l;`W{rta?*RL
zz?#f7E?$>8LF@_cEe*{9e)Q$&?wDGTqVruCTIKHIN4y_8=KB~JfQaJ(9^tGJcvOW7
z2lNRA{uss4?<f@k@+C$eH<Z8<Zff%Qy>t~nE&yWGiMjX1(!(aRV=&XzX~%>X%*BeU
zh;;S-*XCB4Fw3h$vvtO>$3}vxD$^`qYm3miOw~=(Hbr9UYWd3?>W5ciNb2!~kW?lt
z`e-wIhxPYizK;adQBY;tG?EyTfv1UTg7G;vRd-sbHxIA9JTMllZ5#6sA8K5pd~3a8
zJ#%$tSPe!`Xg%W(bUS=peiW!9e3+qhdL7nW->GXrJF)P>eO;EH`wRf@xB!62Or>u_
zkr}nmqLSzBm1L!IdE$5%%^R&8RPh!(f<ax#3a|HM!~hHzjV>zH3IQ()00u7|v)#Ng
z-PBNfU3n4;Mz;JX4Y^14#YVO7nl>F9*&vyQR?%k}p`XVA49x2id<)GBpY{H?OxQ(0
znVa^F5%Y-P@r8M_+A<=<Rd>sEMFyDpG(xqqhlRy)6ug!mF0Vq9qsN6^?$NR=EDXJ;
zK}~^R>VjZ3@|5&yP2g3^f!LZe&ej(>X&!Nt5)_vS2ngHKnFAx)#|MJ5pxLqs7t@Ug
zl!-oxn~Lnk!=I5xzsJMsYVyU8O;la^kWFvO6R-DQsmLFf)*TA#1b-HdCq8P*Jt%I<
z<W-r6E6i%b)N{j{FON<p6*RrvG>FTb*#3~PhEM)hH;<0%sOvj&tZs|`$JRh9&uBVm
zwKNX*x3bHjLIWbEo#Z9@j(hfddF)H%rYZMQdn7c~5B{}X2yQh<sr4-v&}Xg0i=@s=
zDGQ>BGlReM@r|#Sci%BGce1BlJQ}<1D3{)kZnNv47w4?KXvhx=^^wOMr|h}$I|)=!
zU}SABwzsRWXg8)IB88fXvV5JNey3rdS)F`jHgg_6Rk9N|%-&-38E!fHy>v38*ijQX
z%0^aNQLQZcl7-~L>YpX6S#k^l0`R9yUW@Z$4vH5X3CQhrq^~xFp%T{klFb{z9MQ33
zdlypNkz0}`4`~IWmrFP;F^K&RJ&>upuQ`g&CvJio);nZQt(dDWQt7S@Jt8;N<*hv>
zVdNWM)3w=cUj&IHpAS@DALhr}ZtBOLPh4NG8SdM<F|MC{rc-fB(`&EH6+K$()BiBA
z#y3s3xH?T}I>IOjdHZ0p{b|IDVc#+S>__~`!QceK)>hGrVM+_S-)r-|?UoFM&^5(-
zCGW7GUhnd}J_mTi*3rNxcw%38;4po`to6Vhup}hnMBYQ#7yRj|qXE~Ti2sdZAHruN
z$8!_^OXciOl3lL~1D{XPKk2GG>73{qtA9QldNBET^6$A4>~Vub`M~=*%0O}PE77qs
zI0_rlDG_-p&U>+<&`v=5Q5t%S5aAB(>G+We`q5T<vE}(0@A>Qz`aWK9v+Wt$%@a8@
zxd|j7VeO$f2zeVN_#xc+p%bx9K+>^0{POwcDPN!kKVV~_WPoBM7z(AwLL0zc9pEtM
z?HC{E{FU65=m+(+D}s|3JFc5PfoJosXXkE!{ha?su04?xRRN>7<2-(LLooHZZ_5Bp
z`?rw03r<cH{{SM|9i0#uNPmNGf#C@uPKrK#Mp`xVULyluXhf9zv0kGEew=@TyM+AL
z?|%L%K-g3Y+e-*LXb3x+4?B6i3p@K3e!&!er4(L_pnI1P{?HKqG#~zQ7Y?9CfHOyc
z8Hax$Mu8lJ?}&-`6o_m42P+aR(macxBa*<LCejWE%^@oiAu+NK3>)Ph^$TiLTO=+X
zDmvC+q#Gh8>_U{j4vLVqNV^`w$NeY<;b;Ty$mT61MjJ||7~ak;j(j^z8t7<7=NPhc
zT+TrPKkrDkDqOt8D4Q%oJ83Lzx>x}mJgg`}qQYo1oY)s?LR{sTSnn8vKt%e$Fk|O9
zvjsF5W)TNOJRR;hBj|YMg=o_SPV>h2-9NaemoYwISY8V;Dbfke*0H~we>`?Z1~8*b
z7NVn|^3dhPo>gPTp%SX36{57>na$27rY$7a-Qw&H#AijtcO}G0`MZ^5xfwdT5;7*`
z6q3^9L>cq&NbkpLIY((XCcnc$6DN*xa3<)wkI2<aqLz*>EKHKi!YSQP;+-Q}-TSpQ
z6JWjP9o(SNFz-ZukE>ruwQ?V2V~vMRLsKlD7Rryan~3uZ+#cw5vxH35gwiu5O6RNg
zhTaKP`Ih{!&%N=LCacjlq$>Rt+=R4G*kY)V#9xu+gxSR!J0OP0Z}D4b1XJMLH=il!
z%y%kw5G?LW;4F9>&TALWuZYwilgumiJuwr!)xJ^EBl-Ce`Tt7D+^*030mf2UpGGu^
z_e_u#tjhuf+0YCjiOGlaCdII7XActFrwO{|Or`z4PfJEkx3}|O4D^XtOy5ZezI!LB
zy$NrL{MDseSc645k~c3Zm$N@Ar>Z|2CdtVN(rnjJ<6BZXnM)?TK>*jcKv@6WOeH^#
zhI|zk<bW%#$Q+SGKK^wder`REY1slk--3OlLTEdoP?ADzmckFyf=ML&;Y|f7(mDP2
zQYIo!W(PT0kjdOCTr@C6ue99RJ$4k3Do%hRK4*N98Mdgw5PahzVslfm#uY!(7QZhH
z(~qs<&%G$7jY1!DwYLg>iVwIJLb<sQc)rB@hEFlO(y_DG2!_B2?`8{^Ckc(dD}2fp
zqRlOJ%;wWnDg5{)Z%4PxLRQRs8one5iB2RXX#abGNimCb`Pp9i4;gM9m;}bE@=_DD
zXIvh1?s#TlM0jS(ZWEz|p28>?(GPlsDM<z6xRvcem5EK2>biUyn+0Eb3ZnQ5@kF@?
zy18b15a#G4_7PG@zwpwsCX#RQ)D`l;eB{l!;-P=!;bM(J5a#7+{@(DN>D>>K!|x^d
zU=>E20xG&Blpm{~L~!jTeh3MZR)|E_7IoL+Sl8MzCx0^aD5;KQc&t#~H)b4QPSq>v
z6T$RZEJO;f40Yj0W39K&VGqfv#Ck0Ic%2(h!tJJ7?-E>9eO1@g^hI=-`%jMNtq*S-
z0xv#Z<FjI}D4*nkUgfnf|7uMUzjp%y4bunJ+Si;VG6w!=bUlRZL-bylCNoiGKb0mK
zusQ+NoU<uM^j~C7c4hIbl1Yyemo<$Eq>??45-pD+$2o#kqRP4-EI-#YJT=NFgQ*Ow
zw$gAn=i}(m{FKlXR3xiak9(9)36}kJAkh)rIy;P56KrRQ%&J(cDH`v5YunOGDw&|t
zzW)Q6f2b|%rnPv^s5rU3IY9I&Smq>HA>q0m8>IsrO>gfztu?=xQ)~x}n(3$Ij*}b3
z{v7o))y^o#&Tq>|_I@Ti=S4fanqQ7ONyMbF$uM(&0TcRZcqJSJYFsm4JdEWP{9>)I
zcl6nhy1CGL1{5sOZac}JFp&Cm^7Xad8S=C>SULIlRY}=;ZIL@>0-U|S{{m0y5i!$r
z%fqOO)s|!HTh_1m?V2weke-_m$}phem=rcT(<>&XK9CgN%GXDUY|R<cPY%&VZImmh
zhM-o`WBU{rN?P~il;hSifF7s2{z}*!@e2S0x}(ty-F8e!>kLD3b*|(GJd_ney9Tn<
z`sDs(xPK1{a~k?1>K~2_KvNl(mjJd5U1fPDG6XouM}wEr9gO)nu4FxZ43>d@*8Q`s
z#k>99W(cKhgOzNCRcu{i3d51|`rv@R)ND@=QM(t@(DL%Y;HR&{WTP8q!_UgUcS`J5
zQhwL{8d*!hAOWX2NHP7HXUa=9*7DST<Ytv}pZMfvJ|8!Rjb_G%Joa9_mxH=!h`Bgu
zGtXr1_vm4Zr_4CwiV?T>c#$$qnqbx^^sLXYeQigM-EP)D6i0>#CcEXW@z|YlpA{p&
zS^&>Pzi_&Xf2Hj=8WK6^1Z;Mv9n?)UFa{wNY5X+GS4-&Ku<1o0AMv4?kbRm=MJ$Gb
zq0a4QVq+(3x%)kqV4#;U^QqomXPZ>STz6V{nrw6Wi6#qdH=A>48hr&}(_yS9Zd#Mv
z;MH*YwcDAHhy2CZDZ_sjD4Ko0nUN>vSUn#IFOsj`Z;1svw|_K;QRB?`orN{X!vCua
zCrl2G(ag`(UnVUJ=47*$ozo3J+BMX5Lsmq?%qRBqvZGq(@J+Hz(SPKo=32Y|u1R&b
zf1ZaN${uE%fr$6F81Vd<5CnF|inT{kiSAoIY8jTgBsR48$$j~?(ALwEiLE2mhf(NP
zcl`1?|LhaE%kpGqT<MB5*vf^_>Zd^8N#f=6cuzfsK<cI-g+<q1@qny5!m)?`Z!j9<
z@wrc<>8$gnX{n=4x7HggYZ3##_u{2{u%(c{gY1if=Gj9~MCuHMd}oN$f31Xm$5>7<
zT8=gPqg#+K+F*cjVx#2l{rgTsNj-pXFUWkrTg`A4;st}|C5(PG?pQoku)%kxXruaW
zb0)|N?KhGFQD)+bF9HT9_h^8eN}$Q%7Tb#po$bcsC@U$`+IYfHpZiRI1M3viO8?%f
zEz{<f!nW4Sy80?Bz0(fG>iX=1RQkIRtn6lrAxn~n1-&-4Dg(52ymNn>u-*w&0=M6Y
zj2z+J=v!a|fkAg0iF-B%3Z8+hd#_*DoL$n5pnUU>HqX%KZHD%zjdsqCf2oKEnyDRl
zODw0DA7m@<oezY3D%+WO*qJ%riCbN$TMc3lTXtS8X<k+2=b$Te-1QpqNaP^i4BeOQ
zJZODE=RfgPN=UU0GN9y0Um93NRtYgJ2$3f`e4nth@Oxp)Ut<w!2U+E)wc#i*_voPD
zWN-E4<mKdS3*+>H<Mc}7^v2`#F75Q8?euB&^o8TAnREGTnG$%qKLqEQ+crjOWQ8s%
zQpTr5_{b)P$uo-Jvz9%A&oWU)S;;>K3FC-UFx$^{mM~3lBJtW25M-iQc?9DFF94eX
z7~}KifOFo%1jdhXiO?4sgR$*{vGR>EI?j>oYsn<1=ZIY~9f7f|#Fwr_wUCl2#x<mp
zV^=Kn*Mvsba+oqols{F|uRs05qk4__)`$Hi{i3-smNB@gw-8bN^!hF*h6nR1KJcm=
z^~%BXHsk3slsN@{GIbpL+<Ed=lQ|B3KZXtN%;MGa`VJ;B7Bw-bF^X(0`F`;NQs>6z
zH6a#G*QO@{*YZB8{JRTg+}-?nP4r!mXPmj^Ls!hhSpP$jr(mw#4QYDRXVshUo)wjz
zp!<4sfrp1<!5H+wauH?{<V0RfXu{4)^cH5koSHL^;rm|h2X*4aUO2pI>)6)Q$5P9I
zW==w8&MT|HXQ%QgHcqsr*XJzB7pC;fpOkR|;n!uDYry!}m8SV?$@4uuuB8kvxFrry
z`SwOK1S|$$0DK1z0FB1s3xxo@3qmH>=t+>?6bM6S_jr#gvn3RTFP_GiD6=gRN3PzM
zBLwV-CDEI&_9V*Wi2^WgFYmw0?MY?9yrO(RcD^c*_J_sg`1N3=BT*z@s?q!Rm1IIk
zhfv}5V$n)n@;Lfp#N)*()QLX54hM6!3g)T2BW1Z$jZ9H*8ofojgY^K}LkxiwrE{IW
zP~O#2qWaSLYD;q2FxFd|?K<sUf!XDS>XF}Bw5NK(=Viv@5tLP7M^3qiQO@_PvmftH
zW%8k2kTA@Y7$p3VQDMqkt?q1gMw6S<LcU*`PNq=Dr+F-1-t1Xa>tg<RCN-T;Y~}r3
z)=J~D_?x~C)A+~jQ-(<N>g~cKqgBDc$|YMFQ^<Qgu8z$RS}ErDu%c3(5X3lCJdm&1
z6+FEe(I3eMDSYAbuE>@Px+5;YbF=^?Nj`+$O^KRPJ`~T3j{>=P8{t&1Tzr8Y;DpQP
zeHi4E(ma^<Pv@P%;62pB_~nS!!i4E~g@fTjpDIL1%Rf=If2$P>>ieF3fiOhuOlH#w
z?IU;60XE|sF~YFICnLtZdnH1{dfG!P$$q<4Ey?-%o=%Dz5}%GYZY!Ho`Y}SsuKl?!
zCP+e<Ft<iVl(JW@QV@IF4twqU1)Urvb1adptmG>{y}Z04y0C~i(l7go$EGhK(=xQZ
zHq;QmK1IuGdO|qJD<bfIQE1cS4^mh&Yek+SnbRBRW*8=u5Tf-Cxmm!?-DX(QYKLG{
zyY+)0ohJR-L8HD_V@9{o5vN~AtmbTHg^RPaJTVY5-lM=o=UO@|ZVgG$uwF8-Jv6nx
zkz1wSaTTn%D!aKHH{iPF8>eAG>Q|@fP07Hd7b%zq{imc(jB)#6UVcbD0QV$TZznId
z(IDB<qPCGd6uszA9A+Ge&YBg0iu}7U0T$!jc!MV6{B%DSlfwMGCX?dwJ{Hr``n2zY
z(ZxK>`ece0bj0yKe)ko2kLc6}CJ-MAmy&H>&7n^sV2M~P<Iiqf8Y+70qRjNX%VM=_
z2TSHgKD-Nyp6eT1MjrGe&U4jlUQ3CyFfYCOrYCkk%W4<Hb=q8+>WqTcuDrGq!&zV6
z#ArQI+MBSsNd2OyxoA4Ja*;rKx?;`1&KY|Z6qW~N92}yFale^Lx$3+vj^pmqQ&Jw}
z4BuY1Z#S*2w_w)w$6mdz_WIcR?w#(b!qOG7CZ^4;>s-Ob?Y80L^TIi#!sBkD|LQ9h
z4Li8VnAayMj2n0(t~UG#?~iC&?;;hspcSZ`;nXtTQ#x_CXovqqds^pbW8y|sp!CAF
z%YYDs#6KDBab2Soxzk~4n-vzbW8{l{?TaJeK~Ji1CK=JXU?S?lbQt%AMavS9N#MqP
zDGwB`!2t7b;KRb8@*Q5n`ht+a5Bni9n50EV=t;4uyEB4_18FS;<|{E;9ksl!T$auk
zrf6mtYD=pvC=BxHu1KO|A%o@N_34I^xyEz+cv`(1#Kr-p$-r;~x5dF(Jv0Fl3!I2*
zy~pW#&d|p4sA(kOZ^BvqO%aH}SYYa3AQJe9!X{$S3vm%HzjYvs97IMeV++Y_M)G(}
zY7BJZwZYSg>Ff+AbnzL`yt*&+hbkfX!0Tlocn@?_T2L8lv>1FzzvDL_y6_(x&O$Us
z6~*YY@%@uSK!@HS0;NNn<nS~=S`Ue|*J~q*zQ0X#2r2d(-&VIb1g(xlfZE+pCZ&(}
z4->VLAcPE6rdAF<+mG+kjuO==5l=hkG)>ad3RjunPeg3&IAhKxM!Yv9dnsixlhRew
z5qS97-?WR8>Qiz(D0+<>43cDj9@~W%;Oz=>(B}S(^~YUn)Yp$Giay7)XXhm^ko0~S
znUJm_<xVY<yG%eh)<^RFTuVYBnl%H%-4||8bI|sQ0X>J}nwAhf)JWoCHgEQdju&=R
zcH5-j($2Ts3RcwgsOfcBtdS=9@Vz!`K2w*AMs#4K7#R}(K~Ja%LuFX#k#@6)e1(L9
zKcYSnbTadBMHiyHL};<lMIs5Sw?W~KwYk};$lP2Va@}s_q4|PI+@Wv3d^7#De@XUS
zl1D+sXp8~BDztQPQFYKqa%|FIqLl%an{0G-9Q)!WwlbR0<VCYG9mPOp>Y{^4Df|N!
zYPzM?o15Ara})DQT%~oMYnq<Wax>$hxrURv^65@elNH>t@hEvaD>8C)ST+?|;#1Sc
z&>xccZuQXq7M;V`l-kcp3SlL6U6?Ou0l^O13rfhX0E2}K|EKupHve{X93w~EL@hgT
z`$RmB0*B#Y3HWJkdQ$ctYjS9Z4XARZc5i+gQ-%;p{Vqf=!6O3FR#ydq8>`9@b&I&A
zd#*l;`fP`h6Bc<?J`#)B3PHD$4+yFTSe6JmYI&Q{ZY82n#j^va$CUojErwna5Rn_O
z`SRGw20eL=q2>~Q7~oh}`*0#hCfv*D3yUVmMJ1b&_;sY3iMqH{Rf24vuHI7@sWE2T
z{>BwYjFpzzy<1Mq6LcWevP`D#3%wfTHzRXwfA}qen2?q4KrcQZD*3T+5s$CVwqk7)
zTOW>aU^H*4I@RY$k9TSDb*}HG!-xzKHod2t$zDa=rgWX#aA|p$fk8!9EXuOkZpqJL
zvFr!AiZieCJX;*K!Dgu`59|5Lu0wW>PppM~vmZ7jms1y<SA$vnjn}r_5w!cfu?Hz#
zOyRO4-@f{(_&c_I@UQ3qd>hKI_~k7^&c*@R&&NWuOq)pUWPSJIMp*Gn&Gc<_dauXl
zBx?x$B!VA@esS1kCAX}weZ3itY_lu!S|;fyZko7sww$5J+2Rg&nXPTJ$#Yye>?NI>
z?d7=n_0fNw>pSb<V4FiJ=JTON*!Qy2R!hsam6On(prM7f+sgdlBa>a%^~V>(ypIpF
zvi27%$YV44A6L(z1>+VsB|ke2DyAL#);lQChiS2?xSglx+uf3l-Q<RPY$-9iAINLo
z82rF!w99AaN&Wl)$EkW+JoYf55bm;kyLt=V|3qjwrnUIBeVU~4`4qtd*iP3V8};|N
z@;-IgR7~Gh5q~*|&2t+PU3*-kbU7>K^uQIRf6Sg^zio!|xT#Oyn<n&pk|mKW{^;?z
zW*Gc<-TqoP{JQqK&DjhN&6cO#{<PWtj<4hFu^r+IH4{sFRB+3CySClv4wxFQ7$43L
z(;a-1toe~#?^-(GzjQ_ocfitd`xrBWec^8W)`?=rUB=q^tta3MsuxhvDI(k%>%?`Y
z+quTtP*Ti!`myV4O$%ZScXM_pUP&h)6bQr+7fc|ZzT?I&;Uwd3AW3Wkq?tPIJIQ=m
z$nd&`XuEKqnvl2wFfLv&F5tZs4^kyJfm>@SLNt0z3&vJE=22IbY$IDu7bzMK$0r`r
zk!~ut7HT}+Jl;q;IX-?p-Y?F)On9X>*<V=HSO>pxvpsc___A<Lcabf3iM6nk{^`NS
z>*=87OLz^a<PAi_z5062+EWDOg{0i0tjEXL(ixG-msQ;(v(>9%*CP8qLi8Z#>QBOm
za&Jf`y=YUasWW_%Gk-i4uS!m@fE%CBVDGyMB+cnQ^B6WQIets-^c7;n1?;p(WdZ9F
z`YY$YSRp=RH9iwJ-pEcQi=2KJGM*_^fe~gw8#V!4VKn;8bnByjeKo<@00GC6UVPsk
zv3sPNYQeMSD9NK9e>o1z9GDH_{-1oYK72xSzWu7p7@UPaf_yo+rklC(gfXWF?t=M|
z_J#Os_#>_Y>~%@Fg%e^*gru+dQp`Al*-}E(21Th6-UD9oa@`4PLSIN@*eWATw+8cb
zgwkQf65LW!b;OVw3q|U{UWYR50s$fsFr@%6ED^`2fnQrlTGk>3a-uFVLrn?ku{Z;m
z%4m1S!?0>R@11%8DX%y^ua=U&toK0qC(%l^0DiuqsEk2TVbOxC=1ktfTHM}Ryym9q
zpi3~J60`!dbJ~%up-8J906yTo5&!`o0BCi$T@5>Z89_!J$|4g@Q5NgN;}@ImqNo|=
zde2KW-7Ov?mYF^B`%@|?04C(T-UC5#Vxui$m@Rr<UkU{h|BSBMjSR#HA-?Blj~S4l
z6JCjtKzuJ@h9vQW517OoolpbX#D2G54bi<HaVklij~VG-9=y*PTbY(vogO@)YdRgN
zJFDS_;PUdu65kSg9czC-3`q6lY~ejxqdeP<$2^I@e3Hni=>!v!YLOfGBjyD-1;n9w
zwW;yBZSbf$k0aLhL&Zw9LQ9efk9LqrZI?8KGpFNwOCnwKoP@9()J(LAO53`2lR8ge
z$&aTbOl%iSpz{wdr3@_hOrZbj#P}uiRY$7cZn9KVW_fz_IOI181V=1Om@hCz1u?Y=
zL=%~3<FpD<Ky-1S_2NHw1;|a2rl3;fOtJJLW^zl@s>c%Zw=rE$y&I9We3!#z^KC{M
z*8p0M9r<gec0H%P9JXD!4(fEfR!pq)w+m`Ce)Bqn+W3=YnR~HD+*C32P!X8OY2ndu
zJ?NBp;UD711S|sbo%w7`WUbO<qcSSyviR;(?0E8;Vsb4J2&@n(a;;IQJjn{L_VTuu
z6@4ZBOFa^gJ!4{I&Bm?2Q_*^!%oN~_BN^ln{Pq+q?IZp6KkBl}sou-?l1`R}z$q?I
z$)O<}>P?}vD5%d&-nUGuigV!Wi=r{h%cW-0nZ!sBP7{p^dA#o*MibiW36|EM6}+Ct
zLzoT7mG$PAW6wo>LFj+_gYNK*e1|l%FNW&xK48m^7f8RrTAE3Tz0fPlzc4uDJ}s84
z-MfeMBhtQe?mVYwZ;l&6=}~LOTU<e(9q;`o<z)NzI=i{1!SH+l@CLl-eHXv$1mq=T
zRtd-HLM&#C*2z98?Y~3Ire_cPg>LwSn->A+#})rjfN);9SV*oYqpTeMusO9Apeh?V
zREED;4zWZiUnqC2SQi^BD!x#=J(lAB!|IDr&o;6<S@cit337JnR{O~&{Lk&RY7~Wt
zRbc69smLXzO6xV>8o?6#xtGHl(d}1caepljY<Ic$B9E{yjBGC#yDv!yPvoGl1lyx6
zF{?#pE?f4f@~|o2JgOr=%zgt;R}xOGLsrW~P13_(64#H_I3As^UCpr<Z3y`>->R`H
zmHN9>y=z7#hjcYPXSG$GDL_1txKS-F7CZe~ZJlWCoIL5?T+ys_#=cimwq^~Dd!_1l
zbwpodv3Hv0*Qyo|0rW(w5wp67jG$W1nm0CrC;w^({`&0x>stBLH}4C=4=2^1ch+^j
zCw>ZBFHKl)cVAPshIuCX1K$?sDYCABNATW58`0p?4~swf+3Rh0t9rx{yQA8vfvb6+
zbXYq7;LLX53T&9DZU~d9JILxp!!I@6=l*FdoC+09cG^H2+(0l+*051_z@6m$h&XSo
zBigABXQ2l1qV>~P`#XyE$nrXcN7HBBbP@pp2!WK*t<BI-W%eCi?W4_lgglR}c&{K0
zK8%6l>3%8-JvU=ao;EQkYITOX0U{1vVhZ(!#7)%C(GnIkRjGRLD1UTm{<y>RORjEm
z-=x?*36^}?R5aL@mspm=&|AIMWn|EkXcKvj&`&7UE8=_U6?4#;nn{;A(br@USX0*b
z5{8$#`6gR7vWR6MUbth*foQg)Xg+HowqqdjV9=VlA#8)f`m$jkI-#HkAF5vJ6(mQ6
zVW<&gXdIVgr67iCq2;hDCgZWg5cY@3PrF}g+b1@C(0Ys1Ld~FLo4OO7H7-S6!ElWj
z-cwC)v@-cFaXaMqw)=s8(8;EcfsSihjC9<N*YB^6d4_$kMlmnDGHu%a96OKNDGBC%
z2EXxiw(xBAFhd-6^icFh#dJ%z2<;8DG+vAa%J#)nmXlDn5(MV;c61^IHa+}Iycct#
zKC8!^?8g5x@b0TK@K9TMUV}L|D5OxfWyq;|F{piIFwLu8t0a&K#4u=@>GU<HXPHf`
z^N4a@MUj)!?d{Rc48tUg8xG6U4?{8YCNo>!-wQ)MP{BY95HMQ2-~Q!cFlb;FDzR6l
zWg5Av?-{4-Mz9;lu+11|^ot{J+}^l?yKqvY_s5`#h{ZNR^4|0+^6G-wyGYTcOtY^P
z0=f?g-Z*_ie)>ujN8t))OKtk~(}#`%+dK;TUj^`@2##S5w&n=T7t;*lzHgj(BenI#
z?!1KSpJ;h-8=yiQw$<sYuI|S4tu~-omWQ39oa~D(9tIQlD}1o5TD6=?w0tPr82G#u
z-DebzBH*l%LT_R6hvF>XV>odKGsVE*m&KW#yqsX#O-}x*8Se8b;>*@k;PKk5zEj;%
zU!UdRDms_O8G^rg2*346+u6p8QS;8(=lnI?6SKu(>mUAg=;a2OyXRP6FR%$Oa2PLe
z1uyUvFYpa72ppv@2>maJ;xCBvFG%VyNc%6y<}S#0FDPy=C?PMYzFtxjUeYjL(h6SE
zDca(Ft<W>Sq(2>DoReerzl_bXWpBM?(d=gnm*JSZ<h{DYfW6{;jptq*D7~pDH5Lu;
zv8&{!L>0(~79_Mo;=AHE3|ExBI#;3>qAU{D+z^rc_y^H`zas3(rd+!GbM67T!Xd+)
ziv5|8y&~atD^Jy7$JLz;Ws?`VOn9lHB3$a39o`3fG0kukS-3MP5z$@yyNBynobYL<
z8~w2equsEJZ)8T6<xPv9kGULbp>A+691iZv%{g!6AuHgiZw(Z0Z3!Li^KWc+$@K{x
zvkx2`)^04mhPyJN3cudGcEdj|Qt4A(H(iuUr`Jv-kS`;Kn@QfyE8UKA*>`r4f8o6g
zf~!z050l}n^BB{%`Ex5!U+2Dihw?)Hd7?V^@h%dxJ!V%Vu3XW1)7F{Q)A=DbYGcDL
zN;!0}0$RZ}BsqOB5p!)#<TlhWEJ={m)jw=OiSdr<z8`QYg|OG)wA1vz{?hDF)c@c#
z_YmTLtrvfnZQ_t-Sf0=0Xj@JhB6v3%5S0(N=m|&WHs{n}7_J=uU>EOd!D+t^?(8lI
zho9}FyX)$(mg`dg*hT4F=O|xK>EQJBDYM?Ouidpz)2+SyZm|4Tuik!W?rGTncEHoM
z+tM+U=k=+FlSGx!Z3^-^MKDx7-eJ7`c5cpj--vpF)5$;H={4zDW9)t`-`%4BaaPkI
zAJd&b)H#&w<<D)?=9=wRzwNn#$Btmrt|$M#zlT@02TjY%!B|~md~LH1^=bQM9^BpL
z*T=!N@*_{!<F8lx$&RCj?&9sx=WusD8IAx<K(oJ>kZ$UeFjtD6M!GIOkWe4MAwT13
zMF5??5O9ck4dWRdK2Z1!c0v={Ji+jo9KHdSn|ywls7}jJG&#ai-w}%R7A|tS5@-x3
zLzFHFey6ZFUL5UT5{_r^_#={=ToFy?h{V&FFP`lT#7kuhh!I!i42P2zXKfWp=?Rpe
zsViJH$(tO=mHwb_!*h+rm(OR|o-8%JrC4ooxxF|(jHgsil#|UW{nn5@S7AD4!EUNV
zqSxzRT&MnN?n1FR0h4uSKI&|8(9;;4$ozrsV7f>#ALICe{%F3+aB7G6!CEZDjCglP
z{f<U>waGgh;&@(1sZ%FB8}AbejZL5F=uYb><Mq#@#d_P*lV{hPDd;{zK<bh0;p$+n
zx_%|C_4>Aala?R$h2!PvqgeFm+FFYn7z`7ZHv}Soy0?RLjFuVHi(a}1f=C0p=Zmrt
zw$~?<25f)y-#Z!p*g;S_5+#XFI6(wqkR89sH4-udsE1yea6>sFm2ksOSDcUln7cdN
z2yPf=yhxZB1HEuT4CAdJ3Kn6E5M~i({Mhd&O89Y?*fYA3>Mq1vfgDvztI?7IiTFvz
zMf;1f0*w%hl9sC|b7HgNTgp}qwZ90}XzQ4f;x%Cwx1+d{`t+jpo1Au%LRlV&WIaDa
z?0Vx(CMFy8Ny8Xw`3NVi=0iiU5EXJ`nCwOAMim+bhe#NI=gx<KAkC>QV>T34gEgF0
z4a9etu!$~=ozWkNtyQ*3gcdE-847ipF31&eJqXV)Dk3R<X(Yif{bcuXy1p(*6u(S;
z0@|#y4JF>9eAI=3tmT;CkfIe4Hr}|PcAHhIW-{uvNG}R37+SxMvIx4kgu1ZLGAK82
zF^TJ=E2(u4e7Nhmy2EO*nf|^2fqLcLP~nM1Wa3eB+Eo(T*DC0fAC>LY??UiK1Ikp+
zJR!^Tr0Q!t9;>^N4fkxvKXnUT)qNvfk!!r67)YE-e?GWUm81MYQz<7}N}48#dQ(&N
zn?F^0?nB#AX~MgLR)!_>=Fsm;-Y6=iQLleWN`LeF4=0URqOhNjv%Y&dn{ZKWq1zBK
zHaj&^VN^;DF|>vDT8f1OxWFK!%IX5`e3ThG9eEQO|9CXR*!}TNf4N;382)0hQ7I`h
zHSak?v9wS#MdZ8~_t?g;+~I0LvKJVnfw7<a!!Fh8kO%WK(`CiS6Sku&Rm|P%g?HCB
z?bM#Ad83TMX*D<7$&y+pyGui@w^J}|v~?S6;%yJtOP-uB%XOM0Pp77?PeB)i9bkwR
zUf+W-fzh6<$rwX#-7XaHj{=<UWGa55w5+S+By@abju1m`QUE6m=tOvps_>;3(fn{r
zNOXryES$-j1_j5&KF{>Yo|+E(v+exXFSEI>BzPF3;5$5<p_GCX#TuGFXK82mD*`3-
zqP^Vic*lqfe=$s96<Zi#?GPVXeN@HqBKpAYOI+zUlRdwhaMwd$MNP<NC(^wU@SVDK
zEC}m;1_}}#J5|$(_NT)iSjmc&+nEB+qno-vkO~KqS}KV@nPK??US7fyh{3O!y70$$
zT{s5B+HN0n4kHYxGZH22bIJ6GW*P?MDXJnxopaET=^I%v4#KGDaK3dHh;SoTg{zaL
z?0*XE;XH|o?bFL9jRqfP8bXYgFWDy8?Jq?QLI^bG)5lUKWbf9l-i+^m+98RCCTEVC
zN)(>NL&$}e$ogcPdeW206iic(5=E<0J%UF!6<E#I7VYx<l#jGIDB(IZBDX__$g*88
z=|xkM`TV6oYDZbpByc~2r$q+}y=Wq|3NdRv$*7wwNlG*>FddDZSOj8EI(@`82nu$C
z`La+7x@jl6tq1xU9=a@f)<0N)x-jWegbWF^Js0V5Am2w5qR63`9D}05Kn%H&Iq_IJ
zdGy^+xGwUl$o2)y2Sr|CP0=|I!5LKiMzXXlNu~!hBJ*ajs7pyA79VUwb{6s&MwP_U
zcdnDhadQqHhF*t>y=RK)NX)!?RB(t-PSeK7(qvQLPm@z47`N4wT>1toPpjWpCOnfG
zIWx$ox?EJ}nC~jWCaYA><mJlRnTcV$4$rOAC$F&S>F=}5HEqnsxNjX%n(D}|?_89s
zvX_`x`_A{&#Z?~rkgMo7kIzp#ROr?mC)%+vt>4__rPo>*K|+i0)=4yP@lV;HYI$8(
zIb!YGQ!32`=iU@4ws8iQyKC~UHMb}V)>t3IWx7hM#?>@-&zL(SEHBX1)pmX?D|YZl
zof&bstzV8gbgG_Sd)QDUxc_Atd-Ed(j?<+3Sh_@B-DJG_GgDG2kEDXLv#PSZW3w4D
zUZ^dpQrhc_OepQm(XZCQ&HGv3o@@Dl00<t<8yNfc8+V&%gyAh*AEtIO2AY^`GELI@
z_+ftgi}>!6EppFqBf2{kagk5kB*Dt9h7Pp;++y3rgpGs*9F=BV-(^t3uL=j*4Ln1|
z^nXq}4=Q8WYL|=Y@cQ2m1++n@!lCa9(>_dKoY*Adml}y8eIE%+qseMk*=Gv>PUPq(
znU;FU4t9Ir>-n<dy1BHU5HLR#Ct;KNXURz7(1jpDf;N|)+>AIHb-w<$O(9a$kp`{n
zbUR0#q(rF6_ac=-GBHv=jn?1WBrFsBefBx6A(~{-%A*5e_LbBt`$UILOUD|Fg=5br
zl0L3G6Co(qt>@&YR!fb%L@1>}@k54Y<wjMD1erA}ACuK^@#j9pt9K!vShnIRj}hw>
z*};}|Z?@6?L5L5|PDH$L@NDtGSCnL9Bro!U+h2^Bx$6{nx=1KC+}ShMt3Nb5PvxZa
zbV*HE3lJ8eh@);9e)oW5E^&ED^vu>c+&FYtEhO_YQI}f!fcTv7hhF5zG@Ro1>EmZT
zeaA-PjJEQOY;@c&ek%-G@1{vEzuTQpq7NuR8q8d#35AP3w9)Sh&n3bdT6L=qwh;_<
zi$7hb(mn5p4l+xW_{k~^v7b8Rvra~OIFA^<dYsaoyEJ_qv!wg@aAd^s+)7C96y?8s
zl__vjkCb|2pZ$1LM);W7OKv&MnS35;3c5|RtgXL1N{H=0US_pq8o|V@Wfm*X^l3d@
zrTnpYzgl~Rd2F^c=J8nD-zs5I{&1lAI)BH&`Otkz*wo^9*AqU&Xzw=Hf$w?AKj&(|
z%)zr4%>F!j;`-+qb59%dUVpK{da2_6d!u)H&-wR!WUXxHwG!csgFk$m-Xfbq7|Y}<
zOy_aC>WfLSi&6TRg^9_3Mo}xIv2vlcqG2(>>#$<nHTInsN?K9xYLypzwXTdcTM)1S
zo<->UUytTkkTP+X`{NKOnH~_>T4YeEuN^6fG;)Xne>BB1H>p=Qs3#v=KO+ldB0K!i
zaLb(frHL~68wDl3K}}>U5UILn@W;w;h(PRb8^6#FKIX(~r>0<kFOw8H@--lmc&O2q
z{xtkDs_i|EZLZWmun>R|G}OB#qD<yn20)%uhv9LA;+y#8^#qFu^(C8yR*U^oaTCZN
z7{n~f^vBA2y-t1?_5q_WP38>q-FK`7`V8>Jj0fRCJu)3hC7nPvoJzhdOQS426kWoH
zAmOJ>D>6SSjBHvKT^fOG)G9HmC^7oay0h?!vMpJkJZ6qE(V@bU$yrcKAyks@S7S2Z
z(O|w({SKz#*kt{TIV7Y@4TD3(vq}F-p-XF$No=4){5_kE16Nx;>84P%05%CKNEw_1
z>+_8UY?|h$rgi8fR2Y<G=q}V`_KYNFC5R}D6a3ZNR1JxOEOd-tlrI|%4Vcziy0nwH
zc~IFj79xY|+0+NR;wQMGejAl;SrUlyN4e`fMeBkzIdI_kmHQfd=z0&*n2m{P&9UnO
zI12}@OC&?e<UINmQNvhic;Q5_`6XLr(_5?<x@;GC$~4*ZLEH3UxkDj3>>A<*d|B*$
zP_MbD5UcvH_<GV&>-;Qe<WX3%7`d<yxnv|uWFIn0)$w)0G9Yw>+pP2zbv{)q31GGb
zD@*8zhJ9iS^F;~^nQy=!(t@F9|4FbAK%gozcx(Qh90&h)LMu0P86d!ym(e#B$Y@*0
z6Kd12XwtZyz&JEsFn{^Z9H)DxpUe2YBcCp->)R`itxgWaZ!F<3(FJ!5bPHUQNyTKM
zT^ojcYzK79pmYfLZ0(<DkHm^m#)NZN$c{9Ic4da$=(8TiSe$jxUz+j-YV+MuAUyp3
z9G7P6u?dk{huC<*1~6&P$1b6lO?vF)OOYAj)M2}vVAG&~z{?X;0*84H-5LorWLAI|
zR!FzD!8H#saz@-mTpjZIz3ospp$L-`+=uVCp~*;+C$o{2e~ba<PUO#F7{FxoGpWGz
zj>wI#z_&~~*pGmCCsTfZ4SZ<f^X%e1tO^)%o)u0G_k}*+&Z=e>)+zQnU)9nf>JPrf
zyaHxpe;vG^2Uuo5iMy$H60cXj!t8IVXLx44>fsm<wFD4^1flFc8^MYY9}lKAAMf3p
z&F}r$*6`DXaKQ}d+o=*K+*i&4-&qe8NPYL2BzJblv=7JU3<oz02Z3bL&}2Pw74LEs
zGn|AVchN{&;NW>$AC5v_ib1~wMk}FCryTivsf0etPrMs-lUIm!vX`QYD56qSD5oa$
z0>7eym(4Up9Epv21^WHu<MliHZ<$GwCX+u}DtAI1igU`0o51oL(K9T<cBNbn%s%H@
zV&vr488k+jT2z^A4iazR7h@tCN7l)3>=5g<6-0=`*UlEiC=^w|z^}DpIr5mu%pV5)
zDVBITR4R=Q+9CD9Nb{Rjt;1OED@yhHhFwhfncrPweBnuzm-(nS3@>Sq^lP4(M^?!&
zN}_JnQCr_@$>{14lrWiO$We^S0mE$O*ha~C8{|NeL2uND5(v}og94_{rBkzLJpyE-
zWkjUcJIMza$*5RAF&2*bzjLo*$GB{z2OZCJ9Zk*tTIe#I@GD`%H}4B0PjQ&nvRO!f
zI4JsEx{P8L<FK`Wqc~PZzNAA0pml&9A&%`7Wc*ysNy}bU(a%%Hrx;oXt4lj#rq}{A
zS$iPw5-6P(=rx9?*z=><I}q>BRNW%6*i@m|nmnH8DLe2ue!pWbXK-TDt8P3$yc<+@
za#FS@p)?tYzNtdI$#JsWRodpQRXId%_nRVqlEOp+eNW{5sRZS<0_7hJi<dhyS(2Qi
zzNG_#c8Z-3CQJ_H<U!?!ET<tk$Jw7wz=X=L+bEyHEOso2A8b-@fU*Mkvd2Ek*EY%<
zn~bK}a-_m?wnV?{gSAGFFOPMn+*jrA9?Jnit4UO)AU3O07&DZ#fs>PR2*<ONm-6@i
zXV(d(V6GL=nv~W-hQ?Qvkm(g4zgjp76y1C{E{!XP+6?ceIQ!UcH9?m4xx2jer~>{g
z1ynQnB?egxgZbTR#lyfp92_+q;V4qOB|L8>GLkhy{lv;7Q4@vr;VX?b(qZoxO=?tC
zE97|U@3?1mi4<R7@qYMJJ|FFV%dWgG`}#ed8h!Wt+Ti@9wepYyKf;3=&D0cb-};GU
z5qYx`o00~l_#DYTJ>KK^Q{6dMJe=@vYFwX_*vLv8!zx10GX#!wOk8Una8vyDB3$>X
z6C4`C`U;Zviz`1H%<hxB*=@XZ8WK_@vS13=l}gf68Y<axTuTZ~J2DENR0_yyjMpj}
z#%ij|^T|6RFwAN{F>C_X>W{Rv43@TJytMS5w)R0sgtUp+jx>zv)vsw#Oy!qrqd|nx
zmo%odEMwJ>aI~yzmz(@C7}Yjxj8yEem&i-B9B@}s^UL(@RBY_G)tv9>cp>SyIqjIL
z<#^v!PKnj<t5!1dUh&2+!<<%t9og_})(G)h3z*VzKb~>7Q%)D!2!+>(!dVL^zg|(l
zqZw;B6RECYZm*F@w-OtsqkycaPdOv-sbM><k#@9_e7qv|)D?MWCxJ;Xmuw|NO3$H7
z!^vtZDp;#<dL}1(%~E~pZDXroNw0iap_pFF_RE5D>QXkoRuz|CrN4G7NJ*BIcBX}1
zBf3UyR|>eIpGPlnpP`rjYOnFN4#M$TBU^asj$YawUFz~9OSnC1Jk=A71J{omFv1%s
zWeH74E)wuMdd5q2S{i*tOJl<eW8JzFoH_%^!P5e9!^3>)cbMXYm!zUMIPn!=yB4^P
zR~YFx7TE&0K2;VU>rFhZOjY5RusTkA9BL-0P%!q)lpGi~8B84QP7LZTbz{%>9vCc5
z>mB`X*Yj?yhb?Vn;g_JiTxjc0nd*P|FxVlHg^*X-7u#4Lp1J!|nA$OVSTgFLGCIdI
zeoC(gD}@CwVEp+JaJ6O7^~7`IUGbBue;0nku*>NATIXST3vtWnuX$%;+TfK<<&7le
zLf8;U$+Xnq*fLueBE-aBUrVFP<Y&w1S$*pH$QVXR<uv6KaCjT=8hy8z&=666yJ%Nu
zXh^n86A*k^HX~LOa>-<Qd*f&5<S*+SM#(H!%@BSk2d0}akQb)*<1PY@*|nHyUHp<%
zo-yQ>DfzH6j*{4EG>8jQ(I);bA=xRCv7w>i?yR;k{oQ5q$FdOVDGcg)VlY$^?hx46
zxNqK-scX!Ua9)v`A^ME>>6$DVKN1|VAM$jSe4(3a9u(HB;<JlKy?I%F#y6%d4WSj|
z<+Zzn$XYR4f3-$^n3W!L<ewjdO?=PEQnY&?DckhYgjw>nnHI9i2>n}v&!hoyLcwlR
z_31;YU`6>_V^KLvPD4|r<zuB}eK>W(SLCMnC3!7;mTb(X(kaPiAegyG@F6EZP=x1w
zob96}r?u7CV=gYM=<!U-E0bh}Yx6tTu%2f24b~D)=a?y1eIy~)!K!vR{@U>ST1Zy^
zo@NeGx2L$9&>v65hmYMqpgOW2di;?)DM@9t-B=Wv!?W4md$v6IvgLeinTl=sO#;zh
z&)nt1G~8b`oG#fD&1{zJjKM)LTD+xl>^8L2{2TY#Bsf6)x<$I9r52LC&UJ$T#ht6J
zf0UMe?y{`^RgQw&T_%AAc+WPIPc-|3-QUc8uD&(g6)HZvc^OxR{`wV-0}=pF=mWOc
zbHbnIV%U-@T9=xi=X7JO*<CGG&^Nwv*xuML6yNTgv5$*3jZ5mJwhgTtawu*>Wrs(F
z;eY#n{n#t=02Dax7uSQYv%mYse8}1c2t^tGxZ5Ob7-^oE7P#vy?*pTJe)sW3mG&hb
zQaL4k0>M1E8_s;3^bQ=4%Yn)hkn%YE;cWcA!#KkI=VR;j-HWKH6$a#8-8;`S|HqPI
zMAb-_a>!P2s&;U_{s+!>LqX2N<PX=wZOw{plSZ#MrcNGf&Hm+VTmU@L8CR$GyN}=5
z5+byD{o$|$VwfUz_=ACOdeaS&x`N@D+<sq}qx6KM38nMo8lztIMdK;8``DPh47}cd
zv>+L1)Zzj@fO&mDhPhhjN`eBgG8SkH#PTIG4c==-n#dO`R??6)$zyl=LN$9_AJ89x
zRp^gKjW)%ZF9m+f?u%uOw@`0(Jl{cXtl1q+X8KB`<khh&)y)S9u3i*FEY%vmEn&}^
zXtQ0Til03ba#k|`E526ew^^c{aiA4;zCvq~z3E(GJoxhuEwJN7c25kHAuMX`)ym{H
z6bhRf<IR3d2Zw@`d%4>5P6vgslqT!x?n=YCwp3P)_3C$&4J%6ZQUDkLB}EzG=6Kv&
z+)v2PZg;*j*)QN(hS}!!s!(n#*#QPkCdJkE6A_^5>>HjeXvrIwwQRjaqaCk(c^QT$
zePA;+YJ$5zG^xp=BSYZ&C@m)4i@Xm`0e~4jinahoL&w}%v$$rA5qzXU{Bcxt(gWCm
zWQdJ`r<lwjexhCne})wgSIY;>Pb96Ec)sV^81*KTIar~eWJjn6eW8RYC&Xk&|D?%r
zd4s`Yg;XT@AwsdUmby_7M>Kpf65km5Bsb38&2~A)iy%%%^1j&2uAU6yTj3Z50z~w<
zDD~(xIWO|@^pvEy%LUa0T4@CyCgTQ;xF|h(RX?oiXpF3sap`NV0?Sx(3=hl?abv6v
zx#!3kCDEg3lFxz2whF3=<~L(~PW0i^GUqU}9oo^)r)>zFNRecS)%G(B)`R3<doiGU
z7?uyXV$9k{e!DoT!^S_$&bgk`E3Ua~SD~=l@779?k5U9XuK$GleAnRei`-<$A3IEG
zBM=*d$UB(QAYm<(c}KeD51=q#<-pH3y#B<4a!(QpX_v4OukE*>6Jnf~xE*HwTN&3A
zQ&f3dyz!_)E0g=jgW;4#+gV0JqJ_$ak4c!yL5_WyilJRGI}7hb)W=G_?8q6H?znUE
zrK3c!2o>|%!n(!dqROx#!^-`#r4ev2E7{Z5`;(>9cI1Ia)r^jJU)9b+<|LMP>QOD9
z<kA$AmQDtbEmUh;z{b>U+hD(vTlF9-F5C1AkKJp;;^nK^M+*9Xx*XLWQ#)%jlw<{4
z;?-=vo^)<^nWU7}RCm&GoIAXpk6d$g_zl^Qe!HB1qW-Y&eJnfqr`eD4X!~g??PMcV
zQp2q^Ua`$NB;CKw;H=Pc?Y4mx#zWl-I&9!^=!7%rxg`vf)1e!BuBF>s!d-eP{Sn@X
z-V@)<Mr}c?9)7ko+If#7BT;Mn_jda^ScK2J7Im=fcrJvn2+2M~3_~e{D$CLcqYILx
ziLR*j``kTyV0{?YI-oo248nFBR}+|k<arnM8WF(1EHh3L&-21`_KQeN6iK~-{KLzU
z*AuShXL}_t@Ok*)#_wEk(EZF<h*ANlv>T|xx1^fbkwK)szrUPc^8IY6AVZG9K39_C
zB|C}qS5y;$d)&=igs2SJ<IT=m&ljM-DGrKN!8>Sy=(PG{7)Y`e_v1L4=clu{XV;|G
z1&e>;7(!J<J!=kbxot%1Jv2!;9eS>tJ^|9ufmTe(HiV{7r?-5C$EAth9Y-MBXB3Nw
z9I`D+Nn$ib7rw}n7#On355r-dr=tBjxHlEb-}Mwo6S~OMfMiAynmFs^L9<bs&Hf?&
zGTGGMTjH$4jd?2&mNE-9h6)?T@mH}jcCW@r1II7Mth?t^F*|Cptl>~!9dvdQ3w;eY
zg9tg*ZI08BYuBP~gvSf-qq6}Bb%Bowl0JDmkws>E!qQ0+{v=;AVUFe^4U8wu>g4#n
zj|h%C?ne{dBhqou3lBN!MB>V(b57Nad5wc;Z-l3l%A@uVe&dav%wOdV4Hp8Ci&N<q
z_L`7-Bpl`Ua<iFb1-m6hM`er5x>3=^=J<-p?J#utLH1Fle6bu5&J5}hQu!w6`S9)s
z3Y`}Dk=Ch_V*4xw9XRxbkw|!4=mZf=;wU+Xo5et2qe92$xat}bv*NBKC0z0wYyH@1
zUH)odWUI`<ee_6^TWIn3ZwLBzI+~I?JN(6ynX57x?&H>sIhB!<nySv+Qm=xAsJ^g@
zlzMuEHapS8Z3eOO+a@!}Y88=%SBzUcetPq*yyOlyiHZ2e(346Me4)#I`H<S~G6UUV
z^%FP7Tw?tK>Ewl_sl+msEpuJ=vBy|G??|^9b4wM?VcFv$$D&*MA}Q<<F+&QvF1Rwv
z{<`34B%b;#REJcTk0TnzP4(pq>;yhj{Mw2vPMPB=XTj`lrAJift}f;o`GB%Ig?fF@
z87y&-;qr!@wqDbHX@v-B$nP>0p(y*}lTX&4Hd=!2{PFsV!e_qfViC#}wd#|F{83hb
z(R9*P2@{Sc&ez?Q=o?Y^lpVuOEHI~mTF1Fc1KUkH&(Qy??}x{Q?RlPF6#Tc}t2GBH
z&qeD<Ys}+6^N!P8ch>NV7JB=Tz3r~|L{oSaks|^a&J9q}O}>YTPTJ*O6-uX?9KyN`
z6=9%dA*n6*sH;rZa>TZYpsyGCF3hx+mF2Cu%~E}4oTy^JDm70v+i0m8YdTSh!s^c!
zU#pqwdATZy9W7y#gj;atqgNgATOts?mYX^;s9jUtz1B}&p%JL`NuM;OH&<Qk<REQw
zEwP}jV;v~6BTQ%=-pF)eE}+=Hje{mPbDL70IOK4OV7{=N7IKT_ExThS_plD_KK{cc
zao2izV0`EB+Pn#sdq+zfW*u5jyG^ooH^cH`VGC*dCle2MQ1`?prhGZ`hv)fk?=suW
zOUB*hQR{ME3v=(2=DkyBsZPnV%XHD_{j(jXDML|t?e6a;K(EW`o;pQ}=Zb=gq7!5w
zvt1SG%z?8SD|G*hLu0+!$wukp${LDe3$631yJFE=ZoXqjxzI-TN7l44<t}K~PwI(z
z!JFQ8PG=TNIbjMaY2>eWoxx|BL&z<=NMj?og7kxWX~RAEW4KeE&`xBuG!a*U_ntp2
zFE{XM#34>Bopw3e!EURhPF2n*^Ep;K5ZN~)TQ+jCL~cC}Cd*?utv(V~<;22q^g@_F
zFMY)*e4To2J@vNy6ZFw};J2a2j<%-jZRFAxS*X*DPuayyJLgOIrSq7ogpAk}XQt52
z%gz1iwZ`eI1k3}AB%mzu!gAV41d*B)2%wHX`3+sk9RcK4;P{{3^@fj4TRziS-65WB
zJB>cvh3}$CuB%wQDEVj?!QHRIy+aoVmo@<qDh{;HK=$B_R>1Hngki<A#kf?`*sBTE
zlbaRf1f>m2g?mH!3m^Q;G{uV?RjN(It_(bkY4NLXS!G<{hnYdhP_aiRUPxqUa9H@h
zoGbtn<^%P~ZC?1N_6n$Ui`^mk&*#Ad2b7=ssbC)Up$j3Qyu(v9q}tWQa(hN#Po>~L
zrAI8g_?0|WC~%x2yy8#b7Z4y4P7srwBhp7+Ggv3FoFm2JA#qo#2vmL%9Q`uN|3w<%
zi@N1~lvE=PJRFksy3!f)dB~l};X7Q(Iyq}(gu!Pbgx4MO1qI7@mZjHWR&a-h20ZYV
z5$9JZ<BDNN6fP5A(V>xw5$qeplKkMIrQt3d`hH{&J<SHJx{Q6}^qVu7*j6jqjTsTN
zqkL*Oh5slC?s$r3ZY^3;X_s+=@dN%_I~lwy9M&@e0(T$8==fR()%Sb7@8`vk<_N(3
z*(anZltKv<QpBzoYqS|ED9>?R<O*C|vQMZo-$4s2RsMdL@_n`h{<$TLYE%V$6eMxf
zNEB5;*a0pi`ABooE|l>k@&x>6+Y5BC3MksiZ_;H1v{8_?=XmIl5V98d&{47(QJ*WR
z2-e=+<6XScReT<kf`W`hx1DVBI{VQ`_4(@=T6n>eg(R+F1#EjT&SvG~Pn!_}DT-c7
zu*6BcRGL#?1cE=|_?j1#kW=`Vl%#MnuX|;XxaMfpkw}k|<`0oSPK!~O&L7@K!^7G3
z#q8Te6o0gyxJ0w<z=?)7#HVAgq~qSEmX}SGh^E)CqPG@fFqTa>L5j3^rDfdqtB{I*
z_gsG05gch(*^Cx-YIn&rX4aNM@$T5<0;h=az9KK8S~-v6+wl;VzcqO*0tM1UTVFT|
z^1%j^4C>$nNi!|6|0OIr1$p8Wn|%4h&?WYv&B4&rM{k6Y2%3-i)kiSJoSJ1a-@*&#
z$L`<Tkitd|!+b#>mLXoK!nm$rzomg4M8pe?BASx<5Pm_gWy?uj$^v%63-%lSkL=^5
zHJM>$ufTYBoc;(=1$1yUHTD;H?W-;{D%vGlfvKqv_7_BnRRp9FJejft3^Ba5Q|!Dn
zn<|sY!C&@@qR|I!+3Mjx8pClzPQaquK6=T3K&s&6jLW#@ex&NX<#kM(+v$B64BsFn
z_-Pd1yK`*%7@=)p(Ox9NU)DI~V^p~n<eSwb+*I9uS1M33o>r7XhDZ`{Fv7Bv66NDB
zS<^6cv}okC(yvprqk&SYmfV-WrFM@c5^La3Ev5F);X|!>KFY};$x+iIFUr`<hlk5U
zkI8G>v+B;Q7|_cXR-tCX%DK|WYs4t_mntT1Nt)KqTG(&&jmp4{$&3jrL7FR>%b(}a
zU|n9Y=FaGH$lx3!2nN#-wMyd6Rg>%6ON7gDRLjHf+ma$j5?)eYr65a~Qu9Y5J|NOz
z_DYGXPU9-uiS||=$00x-$C9GbQCd^+<QJ)D!^V=J(mq(oap%h6Le}BMN2v-=a&g<z
z30`P(+k8K^fqkykf{hbGV4!G^y80XgFIdf|{8<jwgr<2~;~M#5s773xK}^tIFBBf*
z9SSw411ChdGTd)NM};;o2Nr(@Bg|1Fb`)d#skwwY<J24DOa_x&2a{it#-%qVl?<k}
z4yKKDrmZ)ooeXBZ4rYUOW}`P|6Ab1v4(1DW<|{Ymk2F{SzzTra>H|PU^_D{c1)l-H
z;O{Rb{%ao!06xP306hFZ`$iA|Q1=!1mpv9xfDZr|=>N6{?St(4c>ZmV1sJ^t01H_F
zAbR@`;6c&?{%PkedBOarU#A26kIlCqVf6Cydb0rDGSDZmzP|qU>y1E0Mh2jzr3H9(
zfcCXO+g=%<&ff;C1!Qz|09+aCfEGw^2iMoRfb|TmzrA9;iOUOQ?*(vy>R@?wfb2Q|
zFOV|UUxAKwP!8&=qvNd}7RVOVmlqe%kpXI>Lkn~a)DB2kpnkZxK>Hx$^$t*lbuZ8{
zkhDMoKx5&`0Jz@91(Fx2pA1m@TA;CJfYbq+!`<B-;N;{41Ox;CdwYApz`y`7KR*u?
z6chjr4Glm-LIQ9Hn!lBm6Hu{!2aKQH0T~Sgp!N!YjDiYaV0<1lmOY?i{tje!2lCY&
z5E0P;YI_gp*t-L)oUB0YTLE66_9GGkK<yNO`YHe-0xCfJp!N&KfrgH8pksa=)bBb_
zG5*%p8PKqP1`L2y0BW}Z)J_Me-+7RntUzsf1pomN0iZkqurkU3wF8=;Pyyfs8k3b#
z0pR6S03>9*jSsX9>L&oyPew%p5CEEcL_r5=UL8O}!~l>`F%A?AjDzM3()c(~(J>EH
z49o)!ZvxG$1Eg_~F9I6YL3Zmv1895$ASHC{0pp<g&4c{44pIYXyaRinF^_}B3i8na
zXuJcUv95z;Wn}~!j}yobUVsy5t%aBZ03)La&~^mK4-tToQUYLPl>qWt0%%O29OUne
zj08Z4Dg!VAt(g&MepXHyARlIc)&iurc;hMnj6n0%QUc8vB%`-^gXHu!caU!b5<q1_
z6`*>cxr64P@TLrqK<iadQ2{6^HGt|hfc(_}c!6YO1o90?MpmHQs{yn&pd7S@32%B^
zql^ZiAmeSVKz;<N0Hg$vKP%n@ijfYG0s=ts3i5411t<skw*eIU5g7v@e}hyp0E%Of
zK(Uq3Fb*mQ`5mMRkl!0X>HsOCVIEXA4~k1r?1B704)T2gC`QNM;sO+>6$7An0>#GO
z*&dJq@^=Tw-{T<dz3J=>6gME>gJNYK6whaOZ)@-hikDa5_3jlga?%360Y(58lo22$
zWdvv$8G+^sk`qW;R-l-%0))6gYh>gEim$h|astH`NC8g&`&T;u8wu=xPGVwWdi(tE
zHsAm7ftBf)mG$^<Jy7-I{lAHc>Hog*55H?T+1P%wv9p49m{>oovi;@+B{rA82mUeo
zkH%S9KTL9PaU~^juzdh+yKr)FC9%9E11_lF?5wQ&Zx)~t?Ef9~@dq|GcJ@gq7G`Fy
zNf$PdF$*{|Gcyk;Nij1gad2`@vT@dMaMVn)@4t=tg9`@~=Wk997Ck){D5&H&V;-ru
z^!CZa3=ZnXfCU^J+<=3PmFWW;XFrF5jHL?{3lCHhGdTF0ZA1jmzfwd5s2@<3q@*M+
zsD6<BDhCUTJ~OzWf4J|Yze~2hp0pHClp(Erg}8V}S64^2euOkL3lwPLF6`{=ANHA6
zp+L2nBcx=0hwJKk^4v4uKhlbiDJdyAIxf4qy1Dyu-Nh#L3oQr<x%&zSFfp-nFiS=C
zMn^<kSLueUf<Goa$f2P*E-x{xsi~=}Z))zcCzyzjD7$WMx(luDfq~WJL`MtGmKw&#
z#kwD<7{y$~jG;L)F#P%zEV8}59U`ITS5UU5>9@J*>nX%43I=9TWo#j&+$nEvly6er
zm_~kSrG)0V=#B6zczat*OJw7hUsJ2{uyMSMh5hd-FD52sL7RCGm05X(mZpY=g50zi
z+X-)wIl_U+HgAa5A;T}f$u8#mhzLDqmLw=n_Wilhd5<|KSAIqDj^Wl8^P-IL32$%j
zUkB>jypkazBEcGr?Fmsyad9#)%*^1){i`$lv;1@Xb2c{B)}<w8a&m3_ON+mLZHs8}
zN=j;r@CNR9KIFw_rN_oWamli<B-J=6T3cCJ+bMQeTgl1gr^O7p{!{~bhL`uvo|ji6
zXgDS<*Ca15w)Z#NAO}>9qIr>=fPg@`TzR=bS+0pm+l-oznz}}aw&cl4sE&rF#AIbt
zQ$uc=Nn)I#;0Jd0F{|PNlU$IY3Fr!5+)}CR;UN*It|6(zcN)eQx+CGgZa+e&<j_!-
zo}WN#FMRy-=Y*A+si|p!X_IM-_)v?0l8TRphKBZ=eVB%XUv^Uef^(0u^N2%BT_J6}
z@XE^1pUcy>C05q_qx^P-wP}qie3}}Pe7byLd_fYrBUj)_H7=`coLt$Q%B^y7f_<a>
zGb_t>(@VA!PIGpRwRJ7-GvgaUe0+Smes|XU3U|yP$8#ltM;T0R?e95%NJ&XC&M7hC
z_fVUdu(oQhEoyfiT2ceq>xLU9lzWamvP8ZGc~mUNhreG)Sy=<w6r(zY>b`MX+w#Wz
zmf10-H3`k#U4LO?d4XAF^CYMwF0Rz9d^*q<m`M!m_0_<@AgkUyGc%E<xz41Ru5D~Z
zLPFEe*Nc0=BBRCCA+vOVZIZL4OyQp|`}z5;6nI=d$ium5X(mmrisQ>ZJ}SP#$Dl9v
zNT$G$Qj>sHNup6%F5N%&2A~1G-X!ET71Y%iE6A5r!8tk23GFd)bAt*4I%(=1hU)9;
z>T=D5|IgEp=oXt`Y(fjI5p8T-N{&U1{hwnoQIP!^lh_})3OTbObF+k4q5tBHwa=<5
zXrapL^1;h%mHj`RnLz(sI!Bc4?S=m@=StAN=>PT9cgD@MugWS01|}x<9|yVro)Z5_
zVE^SAQxtTFn~90(zxz!5R)_n4(naF`P5R$g@c-xZ`ZxXe=l?tXf9p>o;2)gi`p=yD
z{{NX%|7$jVW5qYFeB(yo-`ojeQZLZ%8&hI&y>X@1UuOL`PyXdd5a()vIP%~8_{O&D
zSRH>^^)K6ct^eg)um6fA-`MfrEcwQjZw&dyl5br2#+D8L;=4Cy42XyTF%pR5lq&x6
zMFog0-&pF6HQ)I0jW_?zm3Mdl+|U2z(SLEJk(Se6u5xmU_{)O<Acp$OO;#Cz(i<a5
zf%r)3KQYo9w}RNPprQc8FaL0o7N~D0tqKqaftd7PjP%Am86f7#Nce{tD?m)sG0^ds
zeJemLQ}D*E4gavqz`ywAja@PZ{>3k#c}9S^vEyId*zun@=8bVX=Ko>GdC*)7*8hWX
z2mT7gELK{e@fiK($2U%S<6bIwr@tKj#wbo+|1gS@l-ECO2~q&a4*>yQ0MoZO#ssl8
zNKQ^5fq40izu%ZSAmJYl*AfD;rxwU(AiqfwB>+-F3IDLDRszT#<VTRaBL3mh2oR4Z
zyr}?GE(MAMB@mB-xHKRDq=^6E(t?7Fzg(&W^0$@LKWyp+^0$%EKV1HoPv7|8>0g}s
z_8cJMA6|_BDFLL6w{1}TC^3Q7<856)4D0pAu^>gf<zAp;AfElp^$~B+5I}jszt|R}
zinr}I#^q`N%?ZT0Z<6{C-VFdTu9XvL8^pO@UjO1<keuF_H{c)kbppld-)9C1Z_f<=
zgMZ(+_w6}CLkGylr~@>v4$!#Xo+W^CP@KFyUkE7phl3L;{$b&Qj<+%p_ktAg#={_0
zfRq5@;*2+e*th|t0#IBvfK>1=P96s-BVim=2P9CeMS%3i&J}O$+yP?ffq$M|{F|Zw
zSKvVGcO-atc-YvWEo{7hZT+WGY&?8iP$GHTAi{-!fWReshyAbgR<4InvJ}Tgpp4%|
z2#&+X#^%C?L)b+`Bo2YQ^bY%-CO&SQvN$*aI0dNC!NCQT9PDv$zzGNlC_ruE6B6Ly
zC>d)Qi{h|5`K6W;6U)iV$2qxD5aHwNk>FwDQ@HSO+EZ9Cr*n8vuHS2Go0yuKSyY9{
zYk=-2jj_RGDFSHPxP4p9nw))hZ?*MJ$So~N$<+D`3?5!JLFJ1bsz#elLsV4!K73kQ
zx1UTbEy+zx3}z^B*uV*K^{~%WUteCR<>n^p3#PU7^-am?=*h{+XhONT{D0zr6XL5V
zPS0*p%QP2cC!gq=nvz@6)6>z>7KbNgMT!!M6XLcO2nh&COAAQ|7Cjo8l3LN*+R&5H
zo;I%b*F;f@zI&&AR41GxD3aGeJbGY6MrLKpz+gkG)TyDaemF+OTc-D<tE;my{YT|u
zq*v0wl$3#i0qfbA0|!ExD1lJ(p;b0MzFMY5SNmRZSaMA522^gr&1Vn>jsx!Qn~n!^
zeo$aAw^Vui)VQRu!kq~%t+9DUzM4X8rns2U8W=MZn4KM)Clyshgv8*aqPC%tF&>z4
z$?)|`3vqqV+S}?XD=#Hb3Q7s5M5lG5y_)}BQ0lss<ywATynjc4x#q&T-ld)<$=|qO
zVPeGF-lW-n_pegc|C@+n#KZp2PYoEsuvwT{|HBZQ1&kT{e~tUd*Z(U0&+hN-J_Y_?
z_bUIsPvHXl|9zkG{QL|&JUjtUkI%s4;}h`s1lk52dwF>QUY=h;$DTnpFTgWs|MdlQ
z-G6-o4v&t2-GgnQy=@H0P3{KjYWjipfk9w)ZSC*9$II(8FfhCfWMmEk87Y0h?#?l&
zk4M1G&kk_&bpb4O(g8!m0zgxt0Ql)$1!S~N0we1Oz`^MWkeS^Ic)2wIetyM(g<(37
z9NiD3*46=uRn0(ndOMKTJO~7(b^;c<^*~<r9MG|K35@NZ04aq%Ktf^(5FY6dWag&=
zX&FVp-0U_m{Cf_F$?XRm9cus+%_6|ov>0$ODFgh2T7Z_tU7&gU3K%+n27ceZ0*zxc
zKvq&CkQg)qc-d6~fdQpJYiBo*Qq&HlgRTv!WxYUXOf6ubng_VJRsm_ft3XQMAyBn?
z3)HRO0u3u?fVX`<pe_{zxVi)aDJk(lJ!tIl=~+N#SrrhQTmg7H<pMDg1Ar)NFz_p5
z1c<2K2J*+Qfs)lnpl#_2NRR6QvWjYf%;GAbdtd~(zP<)3%F6&BpI?B7*H56ny9a0;
z90E)XtN}|aA0Q~E42Vu`2GWbWLG!KzY)m|Xyn<?=t!EUNoLvO2K=oHwSApK%KA^C$
z2yl0E2P!Meft;KSz{A}Qu(h%QtSu}7CkF>0D?1&i0+r?EW&<7VZNTN_B``ZX3oI`$
z0~Z$;!13`hu(Z7N_ug@LcNY{RufP*1UYuAE|EdENTf8i4fF!Rxz%L;OU~x+TShD<p
zoUjBStHuq8zvXf=fSjZZKw+W{XoF(#j1lp#-eOh^B+h@uCI#?6*p?b7?mIpM(+i)0
zr~iSvOu*kib^ZNX5dEv3rLH}oZ(#>uX<LBm=>vAg7Jx0Np7~pDX9L(-+5lGne~y(4
z9`UcF{s;PetIGzm|N5_fKfLt~I_3-ZA7df^?`-eCm7u`i&Zd7qprXK`puoTagMvfA
zLc_u%B0-0sTwLAUJv_a<fBN|T^79WcF*P%{u(Yzav9+^zaCCA;QB_md(A3h_(bdy8
z09|HGM8(7<B&DQfWaZ=)6qS@!SlQS)IJvlac=`AR1cih}NXf`4D5<DvXzAz~7@3$^
z&@nKvuyJtl@CgWsh)KY};NTGuk-i|KfPMXj`uztu+P}~DpJ2g0zl{eR{M~zq50Fq`
zQ178(KK{3_1OKqy|C{seKl(5KZi)2|590sB)&B>Jid$$)H2{D^OYD7jP+V8KXVupJ
zu{B#$wN+dD&;GI1rK#OF^VXIeXU5O6W*AwPJXSIwTOP@lo2G#lO?T6Yj3h)BIcI2c
zY;w*yi<|@!2oORNLMV~(Z@+UJFp^O4ys3IqTe_;lz4zR6zVn^$eEFO%z5Vm{dV9US
z{(16TprGa_?0nv>JpcV=*US3v25&bwuln|~@m`15o8t73D7)db+xu=bC4YPSzP7f8
zm6a8)kRSC-{mynfpP#SWS$3;?{`>Q=-jo-1wr9@_XYvOzK0c1?*RNxCb{0>bJOTNP
zxO?|5?%lh`JufaUa&1|kt&7c-)lsYf@+<M+!2`_C&vWqDot1|VA98(HS68=b^Rl_T
zs-9gt-x+OLVYo89tE#Gyot=%+k`lDGwxYGA1=ZEnXlQK2wQJXK=gu9F55C=xJ+nI2
zx38}c&CSiIsi{FlMFm&N%gecYLqh|)y1FqsI?A=*n#<0$-MQYZuz7CbzguB6V|1CD
zo8xFaK{(XX*ojF=2o4KF7?r@lK=}LnBO@gh9c^tGzj+gP=I(Lp!Pcs?vlAsW*W~16
zgolU2&(9BDUS4o_cZY|E2i)AKxVpi|#~Y!cAxKC_;Aq5XF*7s6&1GwS7#_E7-NH>8
zgZ&@5Q&UqMUhErN+nw`a^JDzL+O-j0ZSC#2HZ+7$f?G$liq*u?xUR6awuYUZ9U^Hi
zY;IS(yU|E%Qe0e&l#~?0DU`$2-rgQoR#s4{R8T5akjv#<QOH%Ww4}RILElxdx3lNw
zn30je&AY6u47Ihj-1?N3mLe-F3+d_UNJ~qDR;xu_T^&Y7MmS#F!kN*I;vGy+Poul5
z3z-BfHYOSc#YLzj+EftCR9XXfqMuTs;EKDa2V!DkkPsh_kia0Ks~a309bsc_LpZBB
zT$O~QLP2;dWRO`(>2As4F0+(zbqb{=*UpM)a{2P*?KSfD_NMjm;odJ@a>B)n7jfD7
zGQ6pd(Wtq(g~ONe8(Z@hqF-TQA@U0fkV?3F`}tCPcf=<Xj}VW>Cnmzx#SJo<0vdYu
z4+wzD)()4PopHf|=&VvgMtE2<{0JwB%mNarl<sm!BuXe`c92V~A(vXiQcUY1wSq#b
zf`!-|QmF)LCACpdp}Sgbg$snQhle}-e0&iY;EzD!*RbGFBx({+ke82+j&|H8eZu&i
z$yjD)CfDB0-4hp_T%fd4!rs9N2`O0^nZAvwr;BJE8AEw(8wRIm(QvgJA))cO?Bqo_
z$)Hxrh}KfVMGlqvA}(GChm(^AuI}mZ@XSS!e>ve$gwWtpBt{n@Ii?J;QH2PONTm6@
zLLm`DMQg=ycXf3}oF<y|MIl<6o6ysJl}Z=-`v)*QJc!Zp5ll``aQwsY@9pj7WQg(f
z#S53<?&1Y&E25K}Xh>`9;O35;>UvBpEMau+2}U10L0xx0WKv7WETphj+dy_+2I+Y#
zTy%;-pidd$)r`pGE`+6YATpy1(OKPy%;`dW`4I9NMv+}ZrSTdH+eXpWJ%gyIaGd88
zUz&Ns$14c=d3k8-=to_9FB&@s(B5|q6;1tU@1MZ+>ARSkxktD!V}<yqzrUY&Dw)Gy
zLVRgydjU!5B~UxM!BT1gOA8AKjLi`huf@phA|@B8&(KYhJ7=6Xxq!0<9yq+;4(68e
zunnn$Q$z#8^ScmRF@&(<A;gv4fVOrTc~|d4+cSsEp*iIB&7*$s0h-3<&^0rU!E2*1
zJK=?Mhcgl2Uxw_$dX!WRBfn|{RV`DfzdDPu<{`B7+(1{)80nySkap$tPDV~1B4RbL
zcD%@ynA99-D?8y9lmRElP&hmJ!NJ}aQb_;`TZVCMc@cF(BT$@=h2H;l$N&6KA{_q2
z9bTGt*akHqFsB=d)z=YSH-@mv+lZ{1MoHfjWRE^YWcNeFbS)s7?qy@ks2Z6?*1!y|
z-k5~yWExEWREC^_DYT8;L(k}a)O6fJeeV<+2XCUTm)2_F8m8~u#@fc(w#^HUNkwEr
z7QBLD5Uxo_OZNzJtF9s>x)5HjnQ*y~MlzQG!MCaS_OJ$4>ROnI%W?RF82syhxrG1q
zUyb2#F&F-s-EfNQLQq~G{ECL)pqYj$U<SdZ(<ta$K~(=^gbXYqZEz8ZgUcuwT|`dP
zEaDpOqjO>w-tq#3I@O`5suKwrl?VvZ!0k#P>_{eqQW8;ERE4t2I#iNObPe`nd2xx;
zpLw;dh{`B{CZ`M~E!`;Y9zaF^6f%mtNS@Q->zt1Obt$fxmEf{bAufMk1j*M~_*O3o
zU%wZLBY$v)S8NTuv%BGuHHv`3Yj7`^fSJz-<ZjoI+r0?wz%pWnmytWUgtF^PNFH25
z(dZHqi|!z#Vh)`%v#2a=C;gHSYg;SQUBt(V^Q0RrpdvkHuU5l@^k)FsiCEItrDVUa
zT^qstgL!D{X}(33C~5COdCws7+Pab1*iZB7M`Cd!e8NlN?^A-{&_YBdRnnRi!tGKa
zY^~B@@na%P%;Mpl(hTpM9=I0YfN#Z3Tq&PGP~!}8h;Q;oA0eUtA#%r8P&>PX%84c9
z4zD18@F_}q7m<I1<Y0UX5x#{m`6dJ^OX5ZEFsSUVKyl#;9LZ*0bg(7eWJ@~E8kb1N
z1e3kV&o4qxPaon+NiP(%Bek>#n&Nh7Yr3E*YejZbE8=oW5JM%HWa3Ih9-ITUaCFar
z#5|MiP9|iMG`I&ABc`wgktC~rwKot}e+w}Uvq-o)kIa!pBn>}7){Q09-d;!5ofVW!
zFVUQqk$0V~!8~e6msEBRLH|$o5T4LLV&)55>jaqpNX672c9*=M(GYJ(g~2bt7oM&z
z@Fbn+?-vMdRyH!4y5JpC47cE7IQr+n(JLPpNlynPSHdT<n0T)cL8*DT;E@YUqPbL-
z3gLIT`0J<f`0~?WvKtl1s2oIQEAdL-U1+=SAiwt>@`e|Xb$t<;lgr4TTtw~6D(dg7
zp?u~ka_Ko|Y7rGg`_|i!kdjn~6YsdgU~ei;e;S3eM<QYJWd?*_B|t>;Nlqz6Wlc3&
zTFG}L|1X7nftc7B@+-CQ4KIL$Ezy*p3Z+F3jEz!p_WN|4`#uFqn*x}MiOyDeP+iEz
zxpT=lbF>ip2b1x`m#O&SSOh%CE@`T}iC4x^!t_bcEt1W7luSORvW(K%HB{bPMeE&l
zG*M}}w}h(uYbd?-2zBERP(N`8RTa$$bIyjdGzT7*Rk$Fk!P$?rIQ74?arS5&EF?j&
zRQtj4axmhPvN1L`fuZ36t^{l9aM?`@Yf&;}-=x9#uY}uy6#TG18D~GI`(M-WJ<;Jj
zeUs{^Lt>Z)dr=nr910P3B@ZQaJt*oOMrj}U+Sl)(a9|F(Bl9SpdW@>M71TUfL+9h4
zFz{dlEsr+PvqbZtIn+)O?&Gr<x_=LSq#q0O8jzb&2TepZ$#D<Dz1!hzTnAI4m+*TH
zzBkn1o8tj+ycmnZQnII$GkEyq5mGy6klub1!Pzaa_soN(C<SVx4A`AZhwa&Ps7@!s
zL68cU^O<loPJq{ieE9p8z{k6m>_P<uW*G=e>O<||B+3V;P<`VOO0O@VbZP-5_nxA9
zfo%Na4Ghp6+UdDv;VCMnAE0Jx4&4*;2#ZR9x4$1U^Gi|N*oTJZVbY&vs3N*FH}oJU
zvl*J;E_kWxVR^co=8^^nr$k(G@yGboZD?9XkkWY#scmCa#u3%ni=g5jxTMxV?vjoR
zJ_YcMEJJioD<bpj5L46yzm#g2&>EcnwhVvzLmJFY3Q;$36MgrWi60)I;^qPx?ku8b
zVGRS1)(HPqw9h|9-_upJ-JeI*jTwwRT0(}l8DAeW!R3pN@bmSDHa~~_#V+*p4x*{K
z0|iASdm%xH2#ZEhaRtgMI^pGB4v9DsYKIWSBxNEpyA;s{Rfs8VLTvd}q_z$~Q{M~k
z#Cn94_aLld0B-U12*|BRYGW7q0v+(z)Ij)SKKTx15Pee$H+2Cjs>hI6*pDlz?Z|4M
zMf1#KTz&8WL_oX06upmD(Yf#hLr)fo-gj}@$N{dQ1(=+Fhyagl2+rBV&PD}0l^tBj
zpA8HML_|acf&%?uf6*D1*5o()dQuEhgZW2uxKFXo%*+B>+xm!yrr;kL44;S)qH#Dp
zqod)U90w==WLOx-A)&Yhx&6b?5^wuvUxh!>%Pp!Ls>_78Wf{(VQvlhyOvD71Bd2f}
zjxNmz$sI#c-#xV4dW@dO%jhDyk3LwzjXRIv<PwTAr^ydjWuv}h0(r@;P?(WEyh5>q
ztu1VAY~kSGNWQNFZ0)Q_*SSI@4nk6D7RGN}$MVw3R@A;7YkP;2y$E&3l^_pzg<OGO
zR3Q20F|ho)km7)Bgyf_nB)=E|>FsdSRKYEw7Uxx2FeRS(k!0D^z6e>`4g@B&Av$dw
zDdhXqPS2r%_`hrR5&G{x#Ne&F6ldOscW^wMos%K>F%2o&LDZKG;j%gzE`i~QON!%s
z{h*)#gocD6DmDzZw$V7FpGfjtiKV5d+p+%I8oM(eXoK{<JuY}T;Igk1T>PBi?(YG$
zEDF{?l)yoi1er}FlujuylZWH<*+hD;hVX0wP9MsIjY&G`izc}FSHm-|1sNnu4HI*y
zp1g-fx_6R(>9{eDzOga#xi*khQii}t(s3s7aJWP=S~7_+p9aX3ac~V!L4HLE8cE03
z*R`U!tQ;5ZitybRrSK-(!~D(dc=xAuuKcv|69m$8FjWd5QVSuoli<STOXSmg!NedP
zj%O-is27Wa2g337pX2bwyKy-FX%hHHGI2>(gAh-$alr)$$ZSJw-2mzRDU=OOp>kjf
z9mA6toxFvGCr`F>Do>t1K}KE$<TeT5pG$#<OCz!pNM@w%_~C3S?7gyJ=bR4V`A~>O
zq%#kf;^ZImkq}p-%ag3LSpC`j+Lb^z_=i)x8R`iSKX*8|S`)2JVR9xMl4Dx9niIeO
zEfeZf1+e?E5SPSR@V=Y_ch^*kG1K6mSb&t)dZabABc-tudCk3Op!nwQ+&tD-*EqVb
z5$+6sZXVdc#I1XXOf1LW&W6B7T!{$3R`@w~!Scr{h)<Wn!k_|@Q*}6{r-j5g1Cu28
zKj)}6cFkk4YlV1f_Wm6-cC;ZTQ44{<8>VNXh{y9N7Kn#Z76I2w@i?#WhWawiIVK#T
zNePIEPexKsKC&z7F?f9pkBC>-$wyx!cq=sKDjS!r``S8|$nOQ#FnIF@GOB9f;+YMx
zBn6`Lv>sQg$);pOZk~#B-v&b<yn?pge%-8h<hXWT96!;ztZ(LwwnTgG;R0^oo5Aqt
zb;PCRQaq4JvD!GM@7+P`)jo_(PNQ#h7=7f&cK7vTWOx`)p6K#e&*sFy@$Pm$ipFAc
zxOFY9Em2(6i|{y#i}PwwT;GB0qDGXIwh-NKZOZG)CjDQ;|AqYAj<v?RPF1ZCAFOY7
zTisZq>h+iAc%RP&;`#CLb6#zo)?<~)1;w&=A3q>kjbrxCJ^IG<<i@7ltdXp)Zt@Md
z`}1RNY|?$5?yFmL+tAU8#rRzQZgmAq%gc0M!z$ISQXMPnJKE`V!^U<l^i_FUE?2p}
zil@s<q#IWW7L7wVuaItBB$;1cTHMSfZt>2>OY`H;z}|!p?s*d*M%PU~V>;`n_09Jk
z?O&JQ-gPX(ZGD63L7i?{U1##XuG29;fxGK?=I_`Oc%xRk?<4#jJ$I@3>4onv1HUD=
z&-3lyyYKM2y_J8&zQ+GA*V`Syx7XY2?e+F|J8yrtvwcqMzrCg7+w0lum-te@)ZcoO
zb1g4}^|F4?pK*B8vpTz-nb@rz+rMY~`fM+J{{DULjK<9EneDy(t$r*9VP_lIceeMx
zb@pRnVPX3W!1H6j3O^Pru`?D64;IkT-p-wENKH-U_UAJ*GBMEKj|UX{vNr5ILPtjj
zx3`^?l+5k7M@L5^Dk_TG2WNZzV`F378I!H^7wpdF!0=-*SREHDZpNi-zn|^dHa9n+
zpY9cv72J6WOG`_5y1R2{Lz<eKk&~T+u&{7$U*5_}&F$q|%4J+TnamOjl_hL#ZMgFa
zdAWJq`Gv}gO76Ttd_n@@n}o{BN=!~pax`RTC%U`4x$`8+sVVUF4M0_G9d|ax>Eb20
zyL;dwjdjJ#8_rHnP^neicoL}?QmGU&sRD8-)k)}1#Zn@LSbQETr4rWGHn6vMfQySW
zJlx#4a~6KSzDOsU4h;=)G+<{kLPA2|>go<#cDBOW8o4DE7?`<@n)Y6F-<U+SCIwb%
zTd0*5kjtd7wRVHEvj(o78SwTkfL}l{A|gwWs3}8Kd;!rd5-PbRR0<W1=S4IqL~~0s
zw`Nzn`!I5S6t`z@bFpzdt+kK0H>5;65AR@D+h2gWxd<LUK^V9-kGpF?L{uzH1!|np
zw}(U#4)?GIL}&LQx?~s$rPq<!FpaFPJIL#~i>m&+7?^#8*swJG_*Ed{;)_t%GKAXp
z2{d(2qo#8dL!&dq14~?-nx36cV+G=(t0%I{Ti_Ft4d)9%5TAF4lUp8YhGyY>xd89{
zcWZq1t`l6M+TfAWiI}Qu@F|!=eC-|Nj4UFe_aWl@9;0;VA<8G_kde{>*;lmo%`>QK
z8H2X$DvH|%(AYhMk@0aXtt@kL5T9Lwh?E@URyU)n?*=sK4e+?Eg{x%|6sNRMoGHL}
zhcfW-|8R!6RD*zmA^7AB<5I>LWL^_UZ+!&K&=S(e7Lj#r8QPAA(A3VMzT-L)LJMhb
z{<N-k+<6nnix&_P8iC}@4D^ybEiEk~sk9kcHSH+5I*9C+K4jN-BRsVXLBT}`iz$Jp
zYXKarwUCLD;1*sE-{K*7mEVMK<rI=SA0TVw33A4lQ8UZ-j+c?w_XOpWkC0Q|4)e2t
zu(9!im90Ni4#a;hP9z)la3r3LjEF*GLla^Po8cc<4bP}DT#2nfNM<EM(~1$0k_Q{N
zOi1OK`1V)|zW+vpSZy0pTgQ>od7C>kpdEdR^zkKB&8(v4_6qW*X#9yMXuZ1tXS);}
z``2Iy4dP(@RSJZE3no5JMM-%vva>R1{0L4KuLR~nX`Te}*%X}pIvM8-(qL+=g-DbI
zGoy5T|JO_ikEg<3nuhecZWIkoqF`W_+lwomUP9&E8d~Sp(RP0gb#p5yzsd6B4^WoZ
z3Lo2ic-quJZcvUhzt=)&6hU$uf*4H>ZV(Sl-MWdS`s)bIXoIa?4kTyOU}=~R@ySG}
ze@KOcARR91Z1{VXlP)NMUu+9%My60ZzJQYPhbX)I6wQy;(f@D*T}vBiSy)2zt%t}f
zuSH6_7BvlBC@SwlNog;#;@jZkR1NtL`7k+`0PlcgbPo(6p|KAsZNo@z8%12xAg*N8
z!zH2uUbH50#Z5@AYK8TsVjTOT0Q_%qP}e<)qP`gvU%QX1^ULUYxPrdLRn%R-h4kib
zbdTPJ@SH7dNH@mBX;4*DgHqDR;W6O|2@N4V(23ma9(eg^k&=~*z?ew*#>UZlr@=od
z8yB4NkkQeP*oJ<D6n0R3EhN^Z_+CFBftO2>oYo7sD4NsY9J(GX(%e@tHuo6zj^Qwu
zY0%I#4o77GoGv-SR&4_Z;xz{cTL{gZ5f+h%x%;!521s`{%_D?#W1uU1!rgJ<QYh4C
z^WYJhh$~5Xu=Op5+M^sl{4E=DBQ2sM>k*iE6*<k*sGFWg+w=o;Pv6G%sTl-Dq~N@H
z3NkW>5FJ#BOFrR9Opk|Fn}Kv~3PeV!2=%WaTenVncb&^WGP`GN$%m=Z7?yToDAbOS
zewPW!w_50b6^XA8XmIwgS}1>@wRb5+KvF&8>IYFaI)&=NNeoTQ;2zmuma`j~xDH2G
z;vZQ);zN4jU|9htuY7p<7UHr)J`6u29UauLnfv_NCRaC9qNcG5C6)9&F${8xP?&w4
z2pgj;D9@$9##{p%`*1k>#v(i?2Z<HcC~WS+_^lbNt*mmn(XG7Z<He_lNGjpZ5L{GO
zKxJM5(U}~a{vsKsKPKSz%snp8xbX`A<>u{aG_~{~DXkQRrA_GQ8ANq+J30q@(As$w
zgG0l3M7EmCW&iYZew^ieH&~vL{!QPxi^QyI#HLjur=$g$Sv8m-d&_da&-+1J_J8MI
zgf6qU@yd+jR?hopKT4N3-J0Jj;c=h*m8IpyZ5Uf?t}7eQ<OsKOuIuYuzLf2Ov79oS
z*V>v6zbzbJdDfTUa{1>q9X?#&)wNyw?Vi*82VQRgcDEeqzxO=$>&wsm-bO%g^9uhw
zzuVR2DgOMQ|2gC2ooD%X?o+;Ozizi!mBm?ugM-`g8N1k-+0n643=a=;=a+YyhOPcj
zC}z8H;|3ZVn<yqs=j?iJZZ;AV<KXCE4~0z5#Xi<*HN{!66nkYOIVk}()m2=)my@lf
zn9YTJU?&vUH=we$4d+cPDekxo&mb)VqstLXzK<p)7xMELC>F~{RYNCw2d{DQY-nse
zG}=4_N9N#?brOR7TJY7USKt!Y0l)lPNa=ct%o}T{8hwJ;kOsu37ebSfhx(QdZv3cp
zvPU^Bh}Jg3JE#yQXOhY1%R@}#4Ma8FL*9)g6iqCl<oW_GsmR|w=?Obq4~l6+QCwJr
zprmGsHw$q7Tsjoy8Bm|s!p*Y+71wT~{MHk+kq>xv2`KFvKzu|g!aX~1QJD)5_bgP_
z)+3r=gy)g}9$Sr=@>Y08lV2q$MsofTYNj8f>&`r)(i#vJo(W%nH=;u{`EThM8oY(}
zt3$ANRl?rc7E&XM#Y|Ii?weHdvGNdC*^7<|ivJ(XLz7U6i}ocHOJ+b~8jHxl=IwR7
zH#djdcW<G(stZZvM->$`qq?OPgX9M@`fl0Wmi95kX<88%)kOZneU67#SJz%^M>cls
zkz>a`^7FqB;e4;PjcuE{{@flX`^HT3+S;>cBL3s`)W7d{tNYEA7UBc@&4hg81N)UC
zrC4}CPr^H)7RuEkp%qVR!aFFpktwC7a=y&WX8%52lVAUe{o8LLRPuQezJ>6!J?26i
zE2-RAv4<y+N|Zv0^0Pext|L#WQcC3_zW5!UU<aff)t?_S*zu-spttjz$ize>eD{b@
zEVkfFc6|8qq(Ugz@qY5~$sKP721j?i9Xfb$#~XnX$&?}iPoR>kg)c)&?^&co=OxB`
zp?JG$&w>5>bTl)P8r$%UOa)T0RQ}nX-<WXM9-`2G6CwmpA+jave8^SoV>Ji%3y3;G
zIjb;x|HXE?*G+InVwG?Y&x9|aZ+zXjzy8%L)@OT=pGVuL8^r9xU4{}J*w5#g$%Q7L
z?XlpC#7gPEnX4=;Rea^26;c{uuSBTabKo#vZo@mcm-m%Wp%4q@`}gq)DD^aAQ#i)A
z;l2OKCx6tv{q}?3^9+PCrO?7iDCd3f-g_VaZYLtUp}_UqYGNdo3d}84Ql*eX`J)%x
z>+vj90yCb%Oe!ZD(qbBmltN=3A*&EcC5#+OGm(NP<I4yEzDy?M%N0BkF^-v#;rR*g
z5OvsWNz*^VmlzvKrRF@UIVu(K#XLQ^kk30VR1!0rE7&~W;mK4+Vv)j(hB30?>8XTr
zBR-)(K!2VpBf(ytfk+|{(olRQPbsnxzN5p1FDGUb3wdUI1y9L07fRS*e4bcjB4k*I
zlnS2IO0swF-kqf4roQi4dhFX~97Y_DZc4rpLFS7^rV^4j?(-g=5y_#DnCCr?>6DB?
zNwjtCiBy}dl~UOro|VX0Y4+Kkk3P}0-5h{1%fS=J4G$eRG~kwP$I$y#V)l27ZGIz?
zDCJVNjtAb~%lq=Uq5g@_PaQP;^2Bk%{s6}-x)t8;AXCX@QiYJ~^1)u7;gLhUlc)4g
zo-jDXJMjhYp#FC!4Nn}_*E@OSyO%*w+Q@_ouK$PB|GSeUsn7QO@*q#|=;0IkUm6}c
zX7C)8=g?P}3-%Bg!ree9kPDT><u=c0yj`ZC>qOX}WUL{0_f0y{@|&?<g!2)4<b9!%
z2pA_Sc57^9X7eFy{Lx<Cx1^Q~sanW8B;j-w<6c9dz)T{tR0$P-+O0b&W3f=e0DMdo
zBGxycB^Q~91boJz#B>bdqe6+P(u{Ryy!9Milya3q$<dflFw{R~V8}am;`2jCUqeor
zsmw}fw1+woMVU(eR%pb=Gi2a)$5hTW|A6TiIf;@~@e+y)_^jQBTQt`#l#pbLO-m^x
zIg=Rgs9;pmQz=PLkh}|b1<K7)p|Y@GfN7cr^hmmHN7Lu2!WWw|cxDzl_9NoHjO$1g
zczV0Y!7e1@D-_If?jdlDXq&IRlX4P!jzf0C-Pp{6uQX$Qh;jx}3!zT+33*?LB&3f%
zC&MffD_G@o7L<|gkhQ>!FEJJF23W4(Z$bX>HISL5{sjVHEL3bk{^)f$A2N7{_ZQN{
z<|2uy?v1T3a}>T|W>BKsol8t*3_2~#NfKqH4ezj2$_Ob^^944%-x5FmZnthC8MzXy
z<L^m>on(qYMT<-wI3MG8+)7BvAn(?fOd{*~hfOgfw`0#2d<&7-W)GVO2TDlX&zC6p
z+*)n}Q}9fra&GqDO66i>-nSxSA(NKf1`!H4^vJ>-+VWiva=y#!NX}<^^5eaq=&;i>
zRx|lG-l<3oltfrQu^XfBmY1{ZM3uB0795klM{F-r2&Dg_pzf@eUS(#Rp26;dLq4HE
ztYRjb6C5Hm*_VSyPZ^MakmY0g+u(%0p~1^kKK<2+91&Xo&=-gF4;?>9%%FGtbKV!H
z^vQ<kQ?=gbUmidFG6;<IBqUKfFnYv*CypKB9n&*B!aIJ#@X%}Ynzd9;z6X;}Mo5w$
zHW{_>-4pt}-=039|GRB%zU$CZW0hFS`hTG7PmYJKj`<h6b$vnaaEeTa`Cm?)GUTkL
z-YLT)C-k4gTi264D49QRyk+6vCj<X~Bt{C^r_X%d)fss21!v%kFAty6KlGw6Amz{$
z?{Fi3V<Iwr@BKXobQX)V)Jza|I@$lmQ*fsCU9wV}&Xs`2Ju@C;W|C*JNs_%=)`<=A
z!Z07~IbguIkTC~HCKGQd{Y{;s<Pg{~E)AmGwwj#qDRj~)kXl%%B%9q|JtEoUEh|NC
zoxn`QG&I3@b+3=ehc-OKJ7_~4Ih(^fES4IPuc<GUD&G|;6e^NQ!Oy0Q_gnHm6#{Z$
zdB^!`ktv@-j^Dj{h>y2PL2Dx?d&k_<QxcK&zM~?E%9^)jWOybbu~6}9Sij$MfGJv`
zM8HWk)4<zy@6|p3!2EM&^%cZaG$#v+82F~Iq0S$-Itg`J=}r56!kA3RGZy}mUQ7&h
zkt6dBh*n!%bA)0!vO&Zaq$pku;{7cUq(=ENg-T2ih(_CH<0RikEae-&5v&ikU@27+
z35AzT0+h^J$SA(yk&@VCRlOsxhV$VY!Z~Dc^3{NdSD6u0f5^gks!+*w^ihz+QsnZB
zIrIIGIe_~Nj~eh~o2HLsTw<&+qfqG8U5OD7JsYd@jdju6tNSrFBnBp{t}>?ajGrB5
zpH6A*&~Ao$e>wVQ%8kM;rreH+Bq9ry#SSl8M_mIO3kxBMpJ3A<zCzF#BwGA~x?BmT
zBgr{Cz4znyKH+`y;ZDc))i7w`PY@%^H(ddq-nNIz@qmGif+AE7{Bh~)VA0yMObO=+
zkZZ^JbW#f$Ib4e8NWMu!&Wh}#$ddl(qRf3<Kzd*+KBfD!A?&My{~asx3sWNdw~|ns
z!RQN-D9c!EM%F*)B6hB|>_y~0mvUN^_@1vI?V{KcZ{lJ#^VP^~m@wfYq7#Yu5~;}e
z*T0eprKE)a#5*D98MFQ`^inXlS1pv=@QnBhViei7m#@$z4y=T~{uQ6Bl7vtG1p{s*
z6pMsv;nr7zEBP1Y|Lf)If8$1y>+b^Qe_$LWk$}<2l6~u4Iq|`g?Z9`~-NVY8TObG)
zoMF!l*Bo-fCN-Y?_4nSZZhnkLw(oMuFSnLN_D6Nqt5>g!mz2(Bzfaz@f@jGLR2-5W
zFpcSNa`K*AD^bvfnSBCyB;X<Mj4~c3Xm*TkIHDW{?6uH(s%6}ed;)XK9j6OM!9R<A
z($Y97ybWtbXfq5rysH;(+HHSwGI#i`(_^*UxH79+kGJy;0SbIRQ5xiaGlv!K;KD;a
zWc%va5dr^UDOwAa%^s`R!jztabav;$`9~PF=Lmk9;J{Yg%d)OELn6R+>!oeF-zYM9
zzN{b`7<FVgi?Dcr7%L`O4?bJEfxT^Ew9Vw?80qk|t<Lv=Dot^qIkhG)PP42QtsRR_
z97P-wUp-51TG)>!9M}`fCfyBgvqst<E1h^4G_-UJW=$5oV4{zaBG}7@$B5Lx^2WPD
z`k8N0TrP6#lLO$yn38MDrIfz1`yBp3A<UK2pp226Roi@l4Nzo+`$(VbH#9k^O85qR
zc2VbZXIsx}FZ1Z60cu;UCN5qJha2PF{^au#XO3sfRtg<n^?B3Ue!j-FIu%j6-LAsS
zzhRmnUwLElwk#e`H95)L5{0aVcx0ij4oJ)j$ZZ?O&^pJ@7XBlCIypi1SXY@hCX5rT
zmP^W*$u8aV$A!??46@k+`?3Rq>lbSTm!F)#q6kd9lcjrGDeO{N5X+$lXjC)c+$YgT
z^RBU@42Sxn-QFj=szo_l<R2By9xD%rUbS$WCOSc9Ui?FNDCdSVRHa#M+L_GE5%$LQ
z!0~X%b?~~$3D*}8iXJMA!9n}(7<TKb;9<EUn;{V<jBG+5Uf94_6XFQGWsW7nHtw8;
zZm|mNDw;UXFJDfwoG0U`rbYNn5!>zDH*hkIJ)mITBxmE(;Tj|@(_-&)j0dNxl)_;X
z@F^Nu;O#tFtp$^(;!V3^5sQyB<;cw_VMm!8Sev7yipPiaQSE}(fbC`ySupND|Kqn;
zmsc;%Zecor*gtfCn5T=6tGa5-jP7J))~HwK07~%x$0@y&i@&55|1CNG_5cxSOHVj6
zm2^k#Pzf)TtO?m9VMV@{@{k37)c9Wxa0;}urH{eRt$E==NKH=S*qO9T8e0*b*NZf{
z{O;+~<Ysm|vwV(u-ma+Eq~hU(L`KTwq^!zw9|fFsj<OUPdApV;;Mu(7)6#i@-sV0b
z;u_YjtJYG(L9pA63F*!jhDu9kX_~$!evvMTv2pFYR8VuTolcdsho!h5XW1;@78RXn
z0gB-%pBQZJ()wJ3&(o$sm~IOM4H#U=IEjY`fP%VF7Ac*adUFJ@7VsOam?5au3IND}
zwu~i2z&%1@%j40(git?B?pQ#{!$~cWUEvN>;z2saadi1e$2NE#CSa;dn2*|08h{Gc
zEN?emj;BJF5xjq+L||Y9q{BN(&ZXT+P02Q4LzJC0PKKL{RBs%b$Nc@zIH7PErd!%i
zjTIjI;jx`J)%j3R8SPt#5J;C0h}4FaN}qUZ_up+Ul1J#aZNUQ9<JFnMbpQ&iE%I06
z()?PxX9`2sqJg<&B`{jGbpJvh%=mnRRCj6*=9@qZtoB(~zTvj`-y|JZ{?#F2R;Ejg
zgKymVT=XCKiQ*F=>FpO&U@p9!AfeMsnLv<yP<&a)>|FYBcBXPERFV0sphRD&w9bqi
zV%4_8x22D4p8j2NZ}8<(8NgD$2^@%GrbYdV$X#Yi6APE~%62>>H?^v}IbQp24%fZX
z)3WfJPD&B=5$98aE1JmG=rQCZifiTeI!B<V#liGHz?*8f#rY48@->F%{X_0Ik&C!~
z4W9d{MM?-fj8Y}8Ufr<?qBEHveF57ebZ{@?mVvc<i}1LOCH@K^&_;u|&k=+?gtYK1
z#jM<6HpM^c16LB!ve=jk<5#Z4K*cnOk;l}~p0x4L7^sLf6`?U*5T1DX%;h1ItST%d
z3aAuKlT&i`s5_jEs|S>Cc0CgxOdoslq4bK-b-d;#ymm!Mq~w{=3SlHx3=8?ljPf#9
z&C`~>o+l#{A!`TLRBLmr8Q~!S`&>Yz`XPXR|0e!ciSCIy#pfbq?og?U^|W=FoVLED
z_0D)qy(*{?TCaQZZn7^UB{rr?BM>ax_|~$T_C8fjFv574o6wA-)WYTrsL_63<1CD+
z-c<9K=GTFBaG<Irga9`eMM_mU_ALYgD*CFo0UC5rKGLu*0o6u*#*&=TTtz%w?z^G;
zJQS7)Q!fLQ=c>xrc`cM%R&5Pn<6|hA*}k)OM^eE4u|3|Vb!GbFoAlnz*dbDY<n3*m
z4FGRJgtQ5!$=iDusFcIwKC3G*klOt50~x;liiL!nY3tO>|KChBv>kk1&%xiqMteEK
zgQL`xLDIbeMv;OrE%!XYgOaholAa~+2KDK<73Sc~s4Ma{mN!agEV*^keYFhC2%-d6
z<N!m}K472g?+<xSA=u~|#*LSBA&g=LvD#+vb6$_`Y4{+3&Z^TfKn`~m1dOooEcd7q
zB{^YHr|&3GyX5lhdR&-3MlK%d@kmbZ{&;(Ko&4;jP)XTxLRSe3O!SX#d7!2a8xuyO
z|EV9HNj(mHFlJg>8OT2!9e><5(k+)an@+qM9;1r0E7lm3If7H|QFCOLCt=Pf$)Kd`
zRNYZZJ+NMkf^fe#ymA~zn6)Iu9wa{6cOd<1lktswvr2ruh#i8z>Qd?={2(Wot#a$3
z!xUkf_49BInOt5cf4A$!&}j7;A$!zy^$=pZ%U&~&`iY1#pYJIW7^DO1Jwn!{vGvJ*
zF&c!4aOAB_u^mDAyxY#e1*s|QSSBVhj$TiV3kMR`(!q!d9nlcucd8od7Ke654-1p%
z$u7lmJ{u?`xGsYyA*pnfHTf`Pqr!+VuV*QT$tNeAT{F7o%v9oj&d64|Lkv^hhoY}f
z_sNZ0q}UCBWo)lxY_0+MdBp0nvB)5)8s6mrb=N+<xkYEbsva|xW-vZfe@%6*=J!gO
zkt0t|xT+1SL_p%ll84BPf=YvR6k2ubz_Kqj0GTNhTm!6*iifsp$1u-VD@O%`T|+1`
zo4u9w*2%a9Zw4uxTH)N*EXrvRlf*o1FmH#K@L1=Ujd1sfr6VsU(g!A8>_@39jW-f5
z7jp6}tRcm`P5qlBHTZ+>p@zQ)HMtu-oK#z~DrfDP!A<5kg46k)zpXp1Afd{CMqQK4
zM7jtSAquFH6%;1%M3>HGl6U&5$5(y56XO;&A*Gy#TU?uLf*4JP%cd{*>O45!+*~?n
zRy5V*B>11D8G98gFcm|(DA(HhSOLcH;*Lf3^@{YzWKg?=2m8>rk(HCvLL8-ofU0{Q
zTk1nzg2<7HSxb)hxFZQl{a~1WUd=d|Dyp!}5M4Cn$PK>21;>uSt11)yjD{_X^uEIH
zSqzf((<9*m2#X*jb6;HdjGlJqisiZAmy30czx)sXcEl@jiqvr6SZ4XWiFBXD%bwS@
zTEwInQ(L5S!2z#tO#hy<hxqXASWHn&hr2xS50>?0=tI1|=yF9=T3GqQD-ny`doGKB
z;D*^HyumAs+QElG`3Ouh4E5)<wo0tA_9rd;oSW`<E3mVxGmM7pyHPDz*JQP*3(}R?
z%1hW}mDY2`K(HD~k2FQBL{3sW59|te1)6O5j!#B{hfWA3lbv4JDJ}f)*kVoJxPzmT
z*DXOVbgcmV-4cXNVjSiudmKmB>L%@BNQCjiG#ssS04%zPb{5kyfBsq5d*jt6nJxf3
z%ek?YWL7^Fbni{E=vaEG(h}Us)p?asp%~*;n23f3<WT)p;SFnUUHTQZ_0159<zo?f
z^HRvgySfm1YF!D^dWAw#9>p3p=`O;k>2>#>U#~L0E!?7^OD~dJOroy<PT$_%oM}$E
zjO9nL7(u&7?$l&49}lXT>p>zNQH!1)S(ZEmQP%ZL6zLGc42F{rfEugh$?Ur~;XM4i
zkD}HPhezHimwGtt>!Mj#?P?uvkpl_P&P;`n0eA?boEh1OZ$0J5oGhOu|K#Kzm9lH3
zmCS48$8+q6I!DtW?fC;q&^luh^MTtn_QVrCy}h{|7(UH1LEnSa*(nkO=&|G{EefMd
z4`?VMB(`f7`|}@vVzJAfO@|ELAz25ihvuS|%)7H{Fr%iT?SOVzu_;0QLD}g@rS4Wy
z(w)DQC68O`T{Ob!?Yjf#JV>1#0SQ%|(ue;-Hku_E)=r#4%`QlyYCP!(g{i)6N$B(&
z@(-!TmT_zi46mrmZSvK+32N!GEp#0%PBgk4^8An|?YM(ov{Bds+TGjLIVENM5~PcI
z)#PM{yi1M5VDs`^#4N6VYDKkOWC!&!FX7TsP1Y#~7Ksw2SVV0QCR*pq2I#c{gAJvF
zLWf&Q0u|9Fr@b;cH4N_eAJDbI-w<NQ(#!O)4&q9Bp)%5S{H0ElVM@0NPV<?YVFkP_
z=Pk~PS48*D)-iYcD!ec12fLgJAt{)oD8;h_=lZd2VAX+h{rFcpSGb%v<Oe|JMXE4K
zJFf5`gR;&0MxkbnHG<Y-%u;%M%z(rE_#irC3Z?F3-b0T$Lb;W{h<4-D9BZZ_%T%|<
zU?QA^cHxiTJ^Xb=&7rWBn#|jESj20<ugqf!=EiBhVaOiq>OXz+_U^2|K_kf9MJFHn
z<88psn5r<peT}(GrS)4EFKqn&=KKC5x))EqIbE7n@?0Yh$q(`jnEwXsA#L^jLs*AT
zPJg($J4^l(lyLMcOATw8aMnTDy&wUY{n}Mgt@e2T{oRMN|KcjJf)~R+vz)_7O)P^>
znqyHb$^fOxu_5Zrw7=fH&+VjvbP_lfR>|+aiPSW7Wf?tTS(SYATz@l=x6yb@mddOM
zkxwIir0)Xh)V8kAuXde{5eMNKRpEp%+Dq&Qp=>aGo$cf&qY$*QJ-a)6wQP2}fjoF*
z%1b*Xdn@2kZxG?ORc^w%y7IW^LfqYVUx~$AP#?Z%)IBe+LHi5yNcmY9kro(Xo194a
zvqr)c!!>Yb?L$`+9MclV4vX9;dwrjouBw@QjKT^+5tOx(#+zJTUUf&oBiE-u;qnJo
zuibATaeOlLm8p$jZxP*lfbqxBi7^<`YY<l6fak6eO&^LrB{xRp!d<BoDSlzfH!Pcb
z7w>xe5oQC{8yqc);28Tg+?CetL!}GUU!Kjry9zmg(&jstiT}RuWm<kZM1!l@ybr8*
z@BgF_AK=8Wvv=Jz+v|&qg|8PgAYn6uSuRW!H6OWH=3D!p=ii(^>;5s@X3Hn95{{nm
z=WE*D?lt;6axlqmx0~fn(a)3R_uqc^g41b+7td$wX7l8g27U4TI{Eh&W-DMG>z{rf
zy;orfTm0OWM}UvyF_imXuIk&%!K%K!)JBu<)iMuv`EeWSu;DC&Tj${cS<l9OTQGCY
z^Fm)9hVR)_=YSGb^Cp!)ba&^+*6WtbSyivN#*5fBU<&fDsNfbC81UCy5E_0T_heYg
zyu*JQUIV^k=T^7yp<k-3==wzO!}oNCO3ZZZXLqI63`}|8Ss~?osB;|FIiEUx)@Pa5
zalp834Qt?vl4z^zNptZYWqoMV{V3U&f9uKi#ZZ<2y3?RR;0=Y)%j8+abn3GG9W|@}
zzjqkWn6cL|P&{U#(1Rgfshk4{$D(BRfolfa9Xs*br?G=(h9NKTbCJS9OMbtQ`t9%Y
z?BA}go?YqVoL{(%YZD}Ti)T*VwgkYRV6C6nVMXnm0JWK0q4mx4?js7I3t?4E(@tf`
z#E#TGAfL;n6FV>VU2A-ILr}<bRH0p7J=M6Q{SSiX`%1}=t%xCL1nkd-UwZx$BW6iY
z4t<QnBkeyZy|WJb<ae{@owJ8oM|S`02au<)J12fmlJVV(X+qM$>V+*0N;B4~YJM|K
zo}XV{Tq%cjikYq^)L@2(*`#Lu)Uid)>w64=-OsbT+2bt5u0$weO&<k`&X4t(=jS#@
zt4yW#Z7iEtYTJefpa`=h9z2#7euJ_l{vSA8&h-C;p_`y|#2MrL$1(KsX*2r>{?mf#
z&(g(g?k@i6#oIdn4LiN4!&jyk<l>)*y#*p{`0XjLk;m1?kc{5AV#QX-0k0<E_(O%?
zy-68<Mo<5P+y#dHNz<B1JNhl>Qs1zJkM1lrqq(uXP&ZHZvr!1@wP0i&Su@mU*{lLC
z23q$aBC&09Qv3yVrC2)pDFA>&OTArdR~uKB{mxqahYHg(hP8x{cm<loSu(~p9g{Ey
zr>EyjRv{IrVyUFAl8ni(pR@Nl_faJYLpnVl5=*Ea_j&Gl?6Z%h2toPSJ!;9?+9m3D
z_u$aHkyzi}YhVp%UaD^1HrJ#>*$^Q$QWeNkl*kPJ+@DQs0y}&<&!~~9>}<4dTg<IT
zkaBe_&i@~gp`xSn-);GzB9s#J^5ZM0?;84af*QKGbT+8fZqj3w92amnw%vH(dPc%5
zx%uqMZ^Ag2Ihyjc%<8AZcv8~uO*yngz;Is$;d1<_a5?Q=U2jV>ccg79M%-UokDp1D
z{<r;YP?=0h9{chY|Lu17_uI2CvyGP@GGwhXg#<ZSnwhfs;mzq*f{S#2)2fj@yiM?Z
z3`XA;C1yOI8J<(&M1EXa3j^&mZnb+9XDL6$rcZnM##d~s9$;BDnU^vjJ2L+}eX#(x
zWn^?QaAf2gPt(n349H=3*9PRxX@YNf!WJW$fDnB_4wLP@F#75(YA!PM?i7Pa0=TW3
zZ0hDa?AQ+6-QACO>=px?d;>Ac>DYqEvO%$)DF5j)Jx$9|UX74@pSqO1S$cbmRNU)S
z-fJcz+W%Qrp|-*t8G1;M>`fRiS|8>i$M*feqp=%%70iT@?Lb2c`(fphZ4Uf!GS1pr
zUqtpzyPra2|5l-q1H)$Q^e3JDjw$iyaU&OWbDxKpY@WY9>up5}%aw;`B(*~ksB)P<
zi1`1RXTRlX@;=QuI)6(M2fl#z_s~)o!11oy{L^%%ID1g@RI=_)!a~JiRTC)9g@9QU
z1qxcDAN`~`_^Sp_)hn0jDXUmImwrm+7ieEEDn=Ddq4>$Kkf4|myOEV<A)u`hlxv03
z{o%B$4}9&;Lu$oHqd`DP?NaXpFmrTK|NL;e>$LTFPuGXZZHn!RK|ejp{5dQF#ME8t
zxykwLMaArhI%b&JHHN`SecWMeN98mv(EVZhS&r6R4r^$y(l`gOwZ)uMy&BB>IR0Kc
zQA)4!GepPk;ZY<y<Xcmk*9K@$2Z&abI>VD2@R4wd3=~8iWfDA5(YH`aDu-+PZZ4vd
zl2V#<y6-ng(pz7vxlLEk$BBhxklo;5!+D_&K6Q-MosVu5Bezhl@MeOdZ<rtgVyyvi
zM0jZ(1h}tSJtQF<MwlKInC*}b=Ek8mng?#V#XdJVp{977?#Vca<mI!p6k@_YV!sD`
zVjO&~+l7o^L@VW)hpvdYXrairM;6K-w&V_w`v2kdFq-xPI~QPhO-(^(WaL`%zXiDu
zWk+TIZc}R1t*r<>_(+TU@+c8{vK=$FSSH~9Hm`=Jo4>NJHKQ|to|cIamlQ;Oy_}1b
zxatp!EC&h+8t52nczq4~d{5nRkvEZ1xlvl)=}gK36^kRpAA^%}B<i_yEyAe?`-Pgy
zC45Np@y?|v=H=z-HvPgPjQYb|x=1|U$dqz<4kMVB%&@nM-M+tn<RdV)!V@<Nt>~<{
zEi-JqRCDAk6+^>rPW#H7-x9k9M`26D5Kg{vo{u^~!aen{UN&*F`$;r!*ZQqCZA%qx
z3#Tnru_*%D;lP2XKm^4wzZ=r}V74%kmHL<4QT7F~;Z|~=jYiwmocw$k1J0-j|GZyL
z!fdw^ZIGDqC1jB(MhjOcba6mB1Q}`P5RY0V%PdW1keQ=pi;hpI@1gaz#SIiGPsww2
zC*Wz@qUyDa8T8-wZ_^#vQ=?Iy?p($;lKZP^!uGAcw;}**O=31xcXtFypMQf-Ux7D2
z<sw&QRbPu~NXc)(lu<SvVgNROy1w2L^`xA(`OAf@^!bgflsr*SA|Vl_$YzW6ZC;#-
zp&^3<ds4JfYcr2}#&vykRjfiJcISnI5^yiec>Wa;l0^l)<qiR^kaz{6VbKzF`_&NU
zSXSy`jWF6S3}Qgv6;YE(;Ui#+qDMM}Ws850n!jyk?YnkM7pgo0-uG4`mB+nQn-3#;
z0EwUqZnXvMMZ-fGu{?eCWZL_-yQe2pf};svAGJs?&abZj;T1-=P~<FMHR0`+3yV2e
z!ZMYaeXE7RS`9lYoYL!S%pi^h2&T(V4(HNM+hXvFmJyInRbDw(0}uKmvjVeW3V7gZ
zS=E31^glk{k4}I2_UI5dAADQvws9yR8#5co8k<d)SyM2h_Do7&1rhoN;l9X-5(zZ}
zqrm1>@6FkVU_&JfCX{o^4dPL*k0$|*Hq`Cp7Y%2b@=aac1*&lCen+;T%(2cvH2F^#
zh?cJk9IJ?jF+IyNCi9)a<h}qw($3!7Uw`afeY`kVQK+A5g79nBn-A+FA;>95*GLiC
ze(M2r>uZ<tt9+C7K1C1>F~ekY?`}HXB4$K%<<W!TsLe0-u>i786u0DJB4Q>}VcH<=
zP;#AQ^W(+!mF#V8zY7dFb%02TINQ@_+}|ldiI?SGjybHL5h)vzUglNq*NpL0p)S&J
zrdN;I#wMqTNu6gY6rb`cmF>{}RPIz+HsJq$70K(?>e<=ruT4-*$XAQ&ClW<2Qv2fs
zq`Pq>&68>M?nKXjNH%{wzv^wNm@(7=)vUtf2)q|FPI>TS3$k9>Ov8k)S|W#^AtLrW
zo#P-P@a<V5qV7J`px*UlGWwLycB)VL^tZJC$$!wDab@3PCrWU{`*1m(gXy#qnUe*W
zpXD!lZp~Tj1_z`HiOzH!M8<k6aqpzslrG(gh3KtrUiDZO?KyY3vq}G<4+I396E)9a
z%}Qw?X;vg1O+!}AW2C!J$*TFz<!Nm%OQ@krLupv0xikE^Mv0G%0TKxA#9RV-(Ik1W
zkb&H{*XeA_LRnuU-l5Ita#<voGKm;oBaQIOQRhIFIfQWNE;NxuHYJ(zTaDUWAe|HR
zb;|CFNs#vs=D>hfz+Onp{yxlSnmnppum++zRJtB`SLi_s?@xhfteq|@>Eu4eUI6fD
ziKLKkASMwZ0hy)f`z0JgMu3ozvtk*?kUU6iIFQ#tXGBa;jwXix<^4k{3lYHf>nLLk
zu426qceeCKu}!2WM(+`FDP&Q|p4nzfd!S{`5r~?U^#nWrdz2fQR-T?m(?dcILtZLF
zMk&^w2Xf~?u7Ea>fmEMr6FsAyyqA8;=Dq_I@?kPxU&ELy5ZROUG(cjL)nMlfd3+vn
zFF(r~L=F)0Xrj#gE9m0V&~tekv|xF!_VQfS1T;ZaJ5kP#RkR-(S&?3LuSy!!W0&5b
z@LC$T^j8^?4VchH4slx*6GiUKCQ0o+E_B=|M!`M_nzem-A(NQ;mo9B<YAuy1lzX+2
z=cG;3OK}eg)3BbWX-=OKk7ams&y%r@7*256(-{+tK*>b>hLJSz4ejI~@<7c^31E2U
zkj$qZVk{@rWTeSaaMijc;`-}wF4kd?seMu=HYIL?;bSuf;uXA%BRHBAckupNA_uyr
z(u6%_*0|w9k6bU+Re`(oft7=vLIqURts56ui#|cUETK2yAq_0)*%#Sf)NlOa8cps}
zwW%8`Yhki%#b|G$4CFnBl0HN>I{Y{%NqQ$k@BBc1*ZCE*_njD%FAu-l!9U-ByL)WR
zXt%4@Nc1|n+MEQ^99}o^YlO%$fM(q4uxHH410n<PMM3KY1&N*`E@eUnLRxi$OYo0U
z@Zx3PCz{_ErV?+p>2&i3ZUq^)ieP)Uehm1>xUa4m%xl!91)S<+6-S09j;LTX{x1U+
zBe|l?Kj)SK_JDMfGMkDeCKIi~$aD!O)sUhf4T<C;{n1?iB8yLWl#i5(1Cy6=DUR!c
ziDq+SImw969oR;NW}KafhlGtm>~6HB!a8gLPBC@p6^$9kf_;5$19tEyWJdE~R;Dza
z2F&YBj&&J@NvQzo!hx-8r$#MR#>su(Ad)RA4<c7DgnL25Lk^)kJChKD$6-rxw1ReP
z*<8}#5knqrcX%sIQ{9ChcNy+e4k?a&r!Cf6<FeJsWl3tak>X9q8GZsfD6MilCrAzs
z3#BE4q(2wgiiDVD`NFlE<9p(K-zZ~((-^>P1h%fPIa&*~4rj@CH!pn;#tMN|`DQQC
zl;eR)P7rF7_XVwy`)QIXNUh8qxzWJ0w@1Jqn7e_K;MJDsSC)4yE65!&3r}j*b89`0
zEvP1ewPitHeG-w0tcX?|Jzx`Zhwx67R)cAIAzR){v~kM7P&)VwN?IfPw1ATt%VIZU
zM1dmI38~HClD8<GrhAR&Q&TGh=>h4;_(Y5nLHRx`p|O&k$OIFaf_qqe<om?xF~eC_
z4YTApt}Z*soj}ULa-SBCC{)>4z@uOcLx>3D8lOz7dor?4)&7yYUQ`jmzzLsY3)PaM
zqdWq=iHsbf{}?Zl8-e#RQB4}7jRoLYfRrKWemGG&B;V2#?Mx%@#i`@EU(oh?3azYW
z4ryq_iKgeqt+&?l`M#4x+q9CQ=A7I1(y=n0rg|>E{v^f{_MKQF52n$R7NCClCek$P
zWKmceTMHa7%M|_P=G@m)Eii1jE3<MKh<Xh2yL<**9M|l;R1V<hXJmZ1>V>om$`xa=
zoZ-BWlI=vV<7rd#)wLo_Ng%VoIKPhMcb<wSAd4aZP6m*5j=u2&PUL~d8uSKvay3lH
zxpC{f7XgmF(;LWZ)1nQ=XDGT%L8)9QIT^}M5*bzL(PVyF7pk(;wy5!9(HG!Gw6$bB
z8C;5-G<Y&n$|3|D<G1T;AfZ;^Vel*ywG-W~eu;+rnHM=^7+38!#V@5%Nrp29`wY&h
zp+++oe8O<cI~QY1gfjG=l)z(m4~T0;w21c77cF_<Y*v5-rRU58IZ^&DJSNBSZ&J0}
z>0mU*gu`N_qKG3C*jkzhV(u27%gkL|;=D$-$URx5DkZG4$Czl=W}2R_!Z`@6noM)_
zgW)AQs2niWx=bN(dY>5&T1bnxoRAWeX`cvIxs4xd2DJvo_pYyP$_tHNP?}}wa*>$Y
za*%n(Pb1X*2(5BPD6wGom^p_h&&XyTe1VnGL(8GCNmk4nxtBCa_M<G}vYdGO%USA}
zl;u$(53BSRSOu&nC9QUxu%?u1-nmyxwST(IY72*%q$J}=mi*dM7G2#P{AGR3|3t)w
zx5{lmzu8ihYZMuCP6^d!d6{d9f0o&QI_@@so_@onX-dx-x)$M@51{fXTES`E=5037
z3aQ{N&xJX6+Xl-Ro;7B2%N^bQj;&u?sz5+P4hEKVt2@+6d~S~Ed1St^baGWnJwn~{
zY)~#Re#&HNG8?3*;^$++&EzJgj-vDc`EszjLnfy}&lJ@q3rx(GytJ5Jtp;All+B<-
zlVlYQQBMUy_1VDI)^sujw<rC4SlBQx>=>Xj1Xd8w;%leAtHwm-f+kwF6fy6MI|Wed
z-m{$7kKtQx(|_*lZ69uTEm%-5JQarxJS}T|W5N~cYwfwxk6c{Ny-9?!IaR1&L8rct
z9R2O&_4d0OuTO}jH_rNE^k7N6m=j#uBnDlk4ZwHX$X!@pYn0gfYTm-IISISZo`eSe
z`d3**Fur%ho?}wRjx=3bEf*22`Pw>i<vJ1rG+$rU@R@a-ykXr{9RT)RmgwTsqJ-0{
ztF4ymtgJe)FoZHZ(^x<;9?=;2+n~!oYgF=i#q=@7)y;hR=uVVRl#T9W6O49{HuV;t
zLRdA1lU%3JlF#&F#KobdnIAk#cWz9*k=hLwbjy|9c%-5i=qOHoUe#rc5Ou75bZplP
zn#vMI6%V5NNFP6fdZ-$li>gt7&~rs`oyshq8m9xdrSwFNFTB`@>1l%1l7p43?z3nh
z@)QMb$>2czm?%}>9Uiv>O(zp+|IqS>3c(b8pYVJ6x(9Cl#q=Q8qsO)ttE7cJrTET7
ztD}&l5`KTL&Myu4u?UkioXbbkQ>Me|4_dnIdnm8+l3!V6<X3>DH(n+i*e>VhfzY^u
zG<Ji?b`(FHI%{ZE7SH4F#QS_1TKCGI3t%1|D+ZTbyE?U&`a^azs86Tvb$^D)uR$8S
zyZhc4Ti`&95>{nBT}4=io=cb}@R}(H)ZuHH;CJ;z(dlxNuT{$v!YU>#-3OD;i+<Z6
zsw)#^pV8d|2AQss|LC$eeBshgC!35nKLhErzyECrG2<Ka93r>7zIgYq2}z#&hSqYN
z7S^mb>-0XJ8T-V(9=g8nX<rwsN^bY=#7Jc*G^Cw1+PnY%*4}Sjdk?g|uB_(vE7Ezd
zm?pa=`DM4=@s7A>fQOEbV~n|cYfjt0(4!;QBgG6SXI~UxvK`fmO0FJ?S^6dFk@DkB
zhe~2TpDFv_=Lvn0EI0Le?@wyrv1{PB+Q8EqH15JYJqs;-=GNHV>mEd7EZ_dTG2ZLA
zE*#maQR|c9tOif1cjC`^dDp%CSYLkSGW&WnC05LmYZ9J5d&rKD;vti7f8vnsdLh`c
zX|I*wb%|^L^0Xfx9oG7A_$T&Z&-bCbZ0TN4P_&!*PGE-qlc(M9YfWa8MJHw~!)ft~
zb0vHKJxkAT-L8rE$5e}z(!HzV{gQR}O1VhXjh{5U8qj!Q321c>i+FlWeRKr;tKHi7
zJF0u|*t~{Oe#1`-J$z0s#qZLp{;-|js6rPgY<8R)Qcsyh<@lY`D?@{qV&InBSHsDC
z8f!=k`i>bQ9{L4!r=95SRG5BgCwvOTys`JNM*Y7Lr50C~j?K#-<McmA5aCL1)b)sy
z(4#ak4||*4!X!1E+aE+XMz&!!zv=G0|9GmFvV5o^99Io}tZ81h|0csd&Mj@+Duxuv
z`*|M~aw^C`*dBn+*S+Npe&*Oqt`Qi+97HkhNAYt@!Xt0Abcv&Uh&`v1qHa}^_IS}s
z`8tw!nD&1~@wU#9@nvj8c0d3$n=x{#W!{n_^OL@lu9JRI)@si}v8M}6*GTYeiyBd6
zOa{Ab%R(xWpC@J2A5JW~a@9_LNeeEFWb^dHDe8b%6;cY04;N!eLm3z?f2<VWz5?<=
z=RcKvyjHt%8JO_qWe*+>yoD@~e;-al?vsq|4~QlMep2Syz>(^Sy$f1AhaphB4$N;&
z)^NoAm6@`LB?Jd_@QSUkIqiF66@YNV`7JC6>M@}TfI(9Nn=+R|6@mYBrCS`t10#*#
zmBkFni&U^))`=lBm~#jaXs#gTxB+oY-pB^!U7>6SumNtbd$1ocRY?S8t)mJfc-2q~
zSLt1zf)KF7VJ5=dRcDbEPB%4vl=Fw`35S_Z<Rwl=B4l-hQLaWElqZ&$Y9gst8wDO<
zwv=pSeOG~D<EQLirmuA6K4toAHEK43^V64d`w8iQI6#5dv>KTjG&w&zJBtg;lbkF*
z%cQpxt?P)0wj+DD+9eJ1%@e(gm7VGo!Fyjv&{!&l$1Ng>!)4ypF*~x*5Xylw1CHF>
zMbY4#mNT%z(m~;p2n8EF<ceMK(3Q3iVaDN03tI*fi2)0q)e|0+ddSQqiyNVTA*-0U
z*Nxu#+C?~7ekQ;VU0-l>nv<&O;;_(1Ys2d8L^GJY$!^LyvI}JbkHQ2R65_Ou*mv2T
zrxzl<<o{ctsHR_P4eoV2Y&^i#L!=C0<>zr(5OYb)$<>(j*uelyWc(?L;-s~}=@Uq{
zSv){FAzHShkw67yKlzZ3MD$%`<)=}mo0>b$Pq3zb*x9S$d@n$fNPaYs!Xf88SI4E*
zhipi=De2r0Spim78*w@R{dZMI3G9J;lk&q*4X7~5&~!WqQC_m8Xtxqy0%1%z9{?Rd
zS~#E>KFa|%am7L8Po_G1ROTp~x!OShUf5>Ad@=#g07XE$zsy8zx>^w(g%;vK$9rS!
zj}^6gF_TB9W#I}uVMNfJ_^I$9D1>RKsr{jQy4+AGu*yP2#>K)Bu=PZ_ED*(FKQAhf
zNLk%vX4GS+xIzT~oRh`S+G-cdH?#^+PmYs}Ib-_{ya?GF%5iFBU5*2Kx2=G}EqEnD
zt=hI*Xz3Jdoq3Z4+@=A;ZDk+{ZwH7^=H=sQ@=ETLk$Er({l2B9IvEtOJX$$yn93;~
z#f8V|C%R*_s4`JX^m9r(Pm)_ur_d=zjE&CXz{Mre2(&vbSj?A~h~}z{vlfq}G_!oN
znrKOW{tO-RyfEbbsUq#GjfhKeL3EMR=JdkB9eW}HM(b;kV<#q)6Yj9~3s=gON419C
zy~CX)X#9x3aN{Fg%1Q`Yl*&shti{j(!^>a<2l+r(p22k~!1?<RUllmLBCc%ePx=<t
z$W7KV9QMT3nj@&`hxN5LuFwfE>59>%TJ+C(p3R(KQ4ypm#|HQO_@nghtta$aUu#JB
zcUd~X0%tIO^X=)o|K7p^@!1~^#6vicr7NJuBgec``64E6D_c0tmAGYXNIX?`hXEyB
zRX&DY5asdosO`XU<^$=tgZHZjHgJdJq~d#AX>o!^MQ{E+8+fQIepcZ+H1rFQ+ECe%
z!<H9wC}y&1Wj(Z$*H#=AmeG)WupCOhx(07D5R|gNz$3wseW_J(D;XOSJUi+-;#A`r
zB)*6MdU|*q(iCoZ8XvUunPQKOax(H@#(XyGMLOzFM&sn~z~HCjN*;*G!Z4dBHIk~g
z;98{OF>-uT4oT8V9#}VaJ{n+=%N3t2rlrG+2Wr{M2WpxvEof>7{7uTzYK+{-w2S}^
zawjsv4T?edW-HN{dVo^wx@4o!%h0!4pP2r6H>aI(m$_yE*P=)B*AModMYjU0X)}B8
zCnWF5>dRI0R@<Y7G}aRK4^w`LD7z}%1Nb15c&H^f9KN@hpyskC5ph*_RR?XiG4d#U
zs}Hwbu6sGyY;s+_gFAJr?`uZl>ZCQ4nsQldd+nrNz3a)zYVT@A8LjA39UtsKl+r1Y
za8;a);PC17!bC`-FS8~<vXwZR_6kfqEg~h0i57oysOD21>P)|BA*KH||B?;14Y9`J
zTA$O=oU>y`>7c2i1~BT(!?dWM0mp5*4)l#^Q6FEdws6cde3z?+5+0_;wH1JZh~v;j
zon%r&v&g2eg-(#aLo0~pdzYc?uq!c6eHV4gNOPpEX_;aXaP8H+j7pi}@){kIl@>L=
z3Z72o95$46>vIk|prk(CiB3~BF|a5O17C^n=D|u-dX~0;!SeXusl~nQ(K2D7#Fdth
z7-plXqJ~O$#`@%B-|Mdnfh7%hRii7^dp2cfG8tIX|ClLJv<6f(_`<gYw4o#%L;n8g
zCj)#~VhWuG+>dg#oP$gPAbDtW)ik53)fTa*+{{T@ul=TP^Dvc&oud8<U(nU6egHMJ
z%S0o&UQ>-iicYw-(%hp^ELjW%WFG_p-FOCY@%9*9aU20_fyYCZP8Fj2!jfk)8!ZR@
zbp^hn8)$C>SdK+^3--v^WZ~_h@;gUnap-M)Xm!K`R0BQ|KWcU(1yPtxUu;9`Uf?O;
zh!RhXZEzM4kvlY4|6pQiII~i7y=ZmWnlz6M+1D+VCK5mutC4DX6~JTT-{fGIBXL<V
z`&A2j1(w`+ME*tgeis^jP5GT{UcBClUKmgkjw=q;9k%6H^)fb_rZ#>S5hX-DSJ-nQ
z?Ux_Qw0v-)JCs*mN<4S*diOazjorO&lp>FBjMg<!R)pu7$f`kymZF5n4OFe*;ktOe
z|Gf6?cH;K!c53a5_z9fzDS~`qENGgze$=@8(J9jQM+nlGd1F=k51!fnZms>@IA)>T
z1`C}?(px3}pBZ@yN|YBFsnh7=EHfp4qXSb$^d!!pQR=N|5cW9;`0I!WFXtyvQdK#b
z@~KODgH;S}0Ru{VvqX8?(0A`$j>rqyj79%S$Ubn+Y+o%m^vCR{CeOh@7FJ<KHU{Qx
zR*suY!g5Z^`Sp5obCWT(UL$9RPa;<{+nXXIihy0c>p2)-jqO9>lw`#8w}lA#)jP0?
z$i3TLx2Z{$d)R62YGb!Tvbv7!=pnMEWoSvh+db;Ylc*TFg?6i?HM41Ro#n;0C@on<
zFjDv1{g`%0zACit4-o@PBX+|lY<o2~<#oAOhY{U6FKAK)-@>=K$k-)g^;b7kqj|-T
zByHt~gG14H@oDeKGQsiXpu21C51e&QY(__T5cPbNK8BBwxx?LcinvCG>2m^;D+sf1
zL?OsVX|_}5(`-DDnKx+lhx5y`i`R7wojV;G)_?_EJYO^+)V}rr9+Yf;=$)Ps-=JFG
zWeGV9nUS1fBshm#7$Gp{w4X!y-Jevl2Fe*ZfP1gDj}JRt_pi>ic4b@orc>Q4JyYL}
zt)wRg{{+cuIy5eQ;T2AZ%Q7pnY-Ai^o@X#wPBR!$m}-tyR&2{YWIf5cuH)5O2PggP
z*pnQX)Ovv>;y%lvV)$~`#oece-w6y&M=;sGG_lO0m8BzKL`660{nC4%Y`*JNG>Crb
zSpw91F31?v9YdS{(N6wXI(yej{?<+|^K4rF{-8Nj2xDh5(l~rgV~XJUnymqoV-Zp;
z<^|i*r#PjSwsa?fSXor<Rm{o@oTAI(+|P@0YfSrfDtdnMZZf?W3q)+VWdqIxlJ@V}
z4D4O~NqhcjXQ($g{^Lrzw=*6%&U#baOmFkDy(0K`s_N9ECF-54;C}e9=UfH*@N7R=
zh3kk6j7X9kPRt*k<~+EXpj6I-E0jos%;ku=x~a=5Xrthx=KlP^mT08lK7%$MRUf<0
zlw*RL+ixgFJSnmt>UG$c7rB?ER^4kkTMf}6?Kx-}^?hrGqN!MMm4r<Y>ebE8Mk*}p
zv<4PR<r}4y?s>F=t?Tp`auXZgBvM*}3j*coy_9WK8;$EN*N6zxXwZi=#P#U*RrC=1
z@nz{$AjS1Mt;Uwt|CC+Ix=gudyBYK5yg<6x$Vky(cZFB_%xJb(i%ZpPYHLrcIVvF9
zpj$)pvH32M&w%=BAX2%_`dRy{GryuF8dBLJ(tshe04-F@0td<<8dV|z<C)72p#f@D
zQ6YPL0nAiOr|amsgm#j{PP1~`P2Wvg<yDiDz^7NovssI~V&O*>%A?n;s7?O$(fKg~
zIyGawsnRZnrO!pU0tBCI7C<Q!o`DXulYv3NrS)O3wA@yVM{49?pMX52v8Ibafm7>w
zTr4t}`ka{;wVZc#JZS=>0bO+Z;3LP0`*|^++>?GS^p<z=kz#iktwqa9wBKY4oD+T{
z)C;3AuaUTx0qZBaa`9D@Xwly4E5fNOzl$tCb#+C2#4D$$z8Y2^3%B`QXLo~={=1tp
zlJ@F~e)-)@>z1(O+V>k>xpa0j89c~8_;G+c^6_0FdinPo+JIl_i?Q?U*FEGxw(s&=
zg*%n*HN*XvZ_eL-{BV}+idwBHhV|tarKQ)8j+sBET>9Mt)t8)#@&fcmnkfG(@jq?%
z4tvDktdC1DSLNg9p1G=bWfRa!9EJFT<8h(~atQbU0#Fnc!-tzvG=y4bl*z}+-LSGt
z7CkVFD7~tvkgs*QCcfbdFLOErA}_Ot`^7GM_hVM51y2l!52X9EE$psliRs*d1zgsV
z-@Nk6tI5sRWl=9_Ho|p4s{n<K9@9Nw!G~WW$<Vg;5M@-YD2y2wO2!nqCx;5zi}Ku+
z0u(dX3x3r0USBf^1?7;c7Z&ZYrceTTf{%tIb0tNa1Rr|XEbsi%jz`R4TpOAtULV<Z
z@)3a%&e3$%BGkcR7_LOBJun)%rCcI0jaTScJSR^+jIN`GhQ!UhQnpmpP(VjF%cgP!
zzhSuE(WY3~M@KbsQphTe=JiC*&@b?-4YS%j#NOqlWF__Sa%+E~u`NZ}#3Nbr06Wq!
zEgZsz%Li9$&f%pN$3Xe4YqTiZD&lxlmn$eMAN)H*&;_g9-5dqyIU+5O>(PRuBe9|e
zzDcZF4MWCPs`h|UMC9Bl4Lvk1W{pT3;!nZxZpdnLlg|xs>xRKjXLKiGd5PuA5S}JF
z>nxh(wS?H>bLH9bPF>YT{CAVd`#wAGeeJ<sR1Hi4w2Io!Z&+ka&Y7ny<>11kQs6^A
zqU%Jej+Hu97s2POGWMtC^fpU+ocO>a>F1@tCPfw(i@jm#$cEA>Hn=(;paK}Vg{llc
z)RWZI9xUGjx+vLcJXzifwNcT$S(B&OpAzibFjGrjN&iL<u}<rAvu&xM19R4?{hTe{
zVU3H$>o`jb4vjV?)S&kqgVA<>q6Mw>2b~RlprZQ9)3s`1E_7^ljXceQK8Lx0aRKWR
z(q>1lBn`q<Kx;iDBPG0rY}oAQWj|eCJKi}y+JXb+o<L|bBNY(r!klsOOR=jl>pl<-
zV2sDA#oQOJl7z;ZbRRzuBBgM&gP^zu+7EhN7WLCmir4OKh8ow`toipWM^d1mL)gQ1
z1RWf<<k6ukE()gnoLFvgN8@PwAp0jtYD4#Q&QMo;H20-;b@30%^xh)2&P;E<StD|{
zp#FePyh+BsIkl&)xan!X@8D4glDcBdKCC)|gPBqu;e>`|MN*ehm3^b+RLYewPJe@2
zp)5gcA2ZJpmZf8eIieH>(W91~@3VMEBnG1phl?j;x0pN~Oy>9tP*|BV>0$z){VT>X
z9SoGJ)Thma!i94<Nt1(bJ#9L~L7g_pNo_{Lqp}Mg{;BcmgKsTdoh$NI*OdKc%$r*g
zt4*35hG*Rexz+9L?%T~oakvgg&4{+hQ^K?wZ3h+<Ao3e}cu;PZlCGNbcui|SbkSxb
zLT8l_VcgILq$!Y`MQ@_l(?U?TX1@+XJTDsF4wBHYkxE6V%broL(#>5<SA-$#4L^_Y
zH;8#08Fvk9tf4fm8k$x<ok4?V+#pH@K>$J|QkdjSIx@pIoJ5R4oGM5!!gH{-l$+ET
zf+BLe8>f@rlveVl@6xqkSsRcC76Onjyxpnw0rFQRo2mj~FRMOJ#1=ew#?D_nh{cMH
z_je{+)n2EMRm;eeP+7K0unsb<;A#tw<X~#OP!HmqJC9#PGue|ZqS_VlyEOz8eBz&I
z*%Sn4-cst~{FGgvS^=O`R*xLd`M6H}XCh991&*ki-^VoDvo~*ERBps4g;f>)%A)%y
ziql9(Hy>=XoOwcDYHP`eY4jH=-NVEzMo-aVF{Ow^%Ga)kjI_h>W<I#fW}ZYTFo3Dm
zkLbWP4u%M98Z)WanL_f))n@_h&zD-_9I;j{=B;fRr6W<RO7c2}CK_sBeeLqp0jN}!
z)?9e+>sm4r?S$Z8E$kjTV(<iMk~;V*u!=|U1YqWLr-h<+$Z-kPePwFj(CK<vLJ*9{
z?9*E;hF)2w0N7o=?QQX{UU0N*Upc?GM(3#Oor;z*N2p}8cXfWcm4wicTYNeT#<2t7
z&paOu93dS&>-}Lqtpd=;oyr7on})#9mFUexb_ecZstjpzc^W~hG`dqHz3cx<$J3MR
z<mV5kJ-);Gg&9RG@-MqqkCv8FMrM3vxz?4fl1j5Nz<N!a2$P@urQ4B_k^bsq{r!00
zBM%UrEXrp=vt6=-PY`pYH+<ZF2U<n*DO+FPage;`jUzLSdY5?QShKW>9Tz0r$AQ}u
zqS%Uh5S>$BbWyAZX*w+CD`sPXsbpmwh0vKisWJK);jK!*v@ddeocB*+4nIhpKFHpS
zY^FIq#Y12Ta;*PVpeidAfUhZN=p8**V6IN1bHym(pe><C_rr<tyq3yx9bK2tzDdH^
z^+$^K)zLFx_`cWjC>sFqC@h$LKPhL!k<#x{B?j!g@;QT<5^c_lYBC+NG?f+*b3+Vv
z;)T#dtt>q<|I(aInw1kskAklwBfnol)%=DvWgr?RtjLkgFn%gW63=!58GIKd2xQe1
z;Yzr-p}qidVG%L3zu6Ems79KY<`dYcE@`yeYn-Z8xfl|MbyH4&11_;GjfqW=ae$nh
z>Z$gXJgCz(S9IM8&AXb8=%g=)_7nlx;_my6eY%(BP{F#Sr}^b|@74RWq}xs|q)X%Z
zII_*uaeU<?7FJ=kjZ|7XhQo7$w;NwTiFsd%{QZ7oS9YX<$$K{0^fwP*HZOa{vunkV
z$as%_>Q6@DC$}3<Wr@KjeJLvlo%rDV04tsuI-2}MIe?pS>|A=S41W>5@ja+VFm>)p
zbd|f#zO-tb;WaNUhQ93bL9Gp!@?KzNWk0_QgEK(Ppn-Omeijd_f4%C<35{eCG}#@&
z_&j5_;HulYqC#Y!R{wtP4Y}3V>>t!32)>_<%l^W;E2|!Y(`ogu2coZtGKT(a{-x9I
z9Br+>cJC-*zJ*?VfMev5s}DL$8~^f(S!=JLON*FUeZL%sc*7s<Sa(;>zXD#`C-tp+
z1l>n=<`X-&VrJqMc<N>1>kR3eDiHk>qe~aMzSrse_(wY~R;Sg|cv{DgMQT2*>h>dz
zJgm*{{{h*2Nc|!y0DwbF&0T9#8_AOWP6Yp<SFtxPijc&^#*ZPcCuCr3*2ZQ>c)a)1
zMk6(#i%@ITk}>n^H_yq;s_I4<Y)@?Lm+>IAs;cXem5-Ar@7<hGXzuTQt0xoR9PZZk
zw>DwAVV}e|yMG;Ck1voaD1Y8Qa{9Noj(>FapMT%v*WTuPX8-wLGy7XxyWcnc&+4b@
zz6D_EbWvF^m>;P*Qr|f0vfsZk;}5^Y*3S36#dhQQC*NA6=es`>$JJQwgD55hY0qS%
zBHdm7DW(YA{|d#r6WKP*joG1+s5I*-+dDuT)Gc>*RZwRL|I8UXxhcH-Om2BZ@Pa7{
zF|t`~jC%zuWbSNr2{J`9*<^gqBo{4CcT<G;#&KEB3!r=7=Qr6#OD{)y4`}A9KhOOU
zLBh7$=2g#w%>X)e(a<Xkyl+2Mpj;S^rsNa)8JU#n9c@Q{ttg4+aaAu7y~PJw=T_`z
zgbkJ#fU(I;CW_~tCQH8DWwO`vtyR7}Mk_*H43tQsrwP4HQdg75h+pi+R<KIo;V59(
zgC;?`+u7RQeVoBH8dt-m#uc<|jlDxK9RTBO)G}5O7|Q2qdORKNMSz;AmE}%PHk0@S
zuZm&@Zef|tgf_b7NocxGQg2k{N$a^6L$(?j7bP;r^Xzh|-a2NnYrPdRRipZR;m$%!
zn7O9NzK5QO1jzKV>icg!eUYqb@pYC*W(NyYi=Fk-Fqp`kmGi50UjY6SMV_W%x|-&0
z)%iju0LU8P*2KfLBHiZq_iPCK;&JOs>#d*%7G8PIS=Zd;vF4Av8F|b}1CA0IY0Wkx
zAyW^`K%<YLw2$SX*J{=lnz&HWOA^BBR*OJdosYkI+MN;floQq*(^|B0V*h6uzH?-`
zmyue*$zO3y2&apkt_8$cHV&<>;+P11SB<}dM+YZfK92Evgo`JWVzS4v`r2FVTpw=Y
zptA$bctEw3rd+#+cVAPrQhJb3+{~P(zYqFd(7Aika=~nlgbn58%aCuDly3qBe3yaD
zY~$%O3W|1(pd|dr1<v{!TtG><Yd9|}_1BZJZwihAg0!B}=%@newC3IGq{G*hgFo#y
zGC-g>0~HYNfEU|a+3{-y*dsg1($h4yNmmnEdQ?3gy@xObPHK~F7=inFj+-Q{#5gT(
z;9zFudRtzK-au|&tK$bJpGKf}x=%8i<BC|l&gDR&9%MoSH7z5N{A|K<B87T!;0#2-
zijW}|fuj2z4y!2g;Z@WmLk8`NnYxgg$m)OH=2n}2JiVF}J&~Ytx<4O%c=!I0dGFch
zV*IB_vndmcWso9EX(X3J#m*ig=e=laxK`gjB5w1VUvoAtG>{W2Osm71KY|a^Dck>j
zcgtLnA;~cjQF=w=vfbM1GI)BjUj+gw>K01k?|GGsp)ohVC=^_5Bml;p6;d`6{(v(r
zx1e6+xW=If5a+j-{kELLJ9QmOVx*PL9Y|mz1d5MrXSmMyJh)PqRpu0o7;9zHQG9Wz
z*5ocFb!bnDua*p~a7}b^0rlH!L8zxP-jl{RO&%;6d1W!P^a9Y@QhJi?DAP~g%RWH<
zNY@iGw=J0Ci{0s)Y-#CDvfFmIccP2T;t_Mgy^tkIZ@-?7V#KOWw(ohZL{_rOs+!dc
zr7=Ru+mJQJ$x?|dB0aCpWx!CrjRNPFZM58}`*QbhoHblbf3LE`F5(&@NkMTlt%;~!
zE87?pMfQ4*n_@7$oEBr^W>+SLAaGpF<qj`+vh?EbBCgPV`EqO5(i4=Ns{2Mh&Nhxk
zvTg5@3GXFO62%}D##*ifihH5#VO|BYHKN|>$o(EFPK+U(dCOXo33@NzF?+22u%uiB
z3g(o?Wl<)MQVkEJ0aha7FG8BRdTr~4c`H+<I$Ty=Gbmi5PR^H(ajCPbD4q~L8Lv;2
zS$?){2y_NMLXcd|ML4cZ=A3Fsk@MtfjGGF`C4o-0nNKg|)KBtF8Puf+;T=tqYMo5-
zTZR0M3M>CuTp5i&_cz~y{EBUp(U_!>E5ayNd=WWV<sHa3U^wtI#VITb!&pEwMglrx
z4Kz~f$nG$09cMHmy;Tel^QULjVU*#3r>Iuk#{<z?Mo=~6hi}i{G`q2red-N*i7#Cw
zwy41dY=B#SqSQ0<5+oTKO$SGv(n(oW<B&<J(67(sTm<iDQHPF>dYOh$75qa)x&K@Q
z4;De1`GDv{*1tyC#r$p(O=w;t<63Cpf`Bb!%`*>fQuFCXaaxz-voU#~ELNoeqOyt<
zZn7pT;~?huzs}{FSumfZqx5KiJI<ZAk>p-7_ox|RBFPGygcnvyBh2!?JyG-2K}G%=
zNWd;E(-$}s$Wqq|Er_2?y%}P#zo>N4M8PMJ$Kl;JTqy?!W{Dg>kF|=~HGwCdaa}YJ
zf??KmR$uDSq(XraS23ss)}w6|!dASZ$lli?0P-a(I%s?S(e)Vlt#*p8fdW9l2?+8P
z$NlVU-W!!eX2ZrruFZquJQw9f>1M5Gq+=(!Ue@2f?qJO)yYXTY7K^S+ZY!7+a=S%0
z$c^ZaFkw9&(lnR!%pA-Gp?4JcN%X%Oma|C8L&@~;$vj>TFC!YaZkKl~PtvyqokN<Q
z6}WOEgV|%QJcauqOHi+t7Q;yL-VcV6AZ<=8+}(E&TCxhxU8EH}L@he*Wv?gspEBOh
zJ>$*nWWV>`M`Fs?y>Mf9vQu0M<LmNzInO)UA=X7ysET(hXr+4D=P^#j!!!C((T9ps
zUX-)(u#<vFy)=80&jX_`DSY%L1xQrsB3#vyjaJm?69uqVl1B%RO=qbHfLz3iI7z)F
zoa{yoKrHQver$411DeJZ2qr}8#?tY)T39`3%lmU0!hpT9n?gZTH7cNpkFUbZ$)!Bb
z4QOiNY*)rLpiK(ID#D|i9fd(L!|jw%x|sR`qx!m7sF7td%KLFc)oTVV=B69#IMw$P
zKgIketLtBcW(cvRrLm9|A6dMg+d{+QUuTn2>yKGIL9L&o6w3!zgb#~9u%;`5T{N!>
z=cdX&VG;46(RlOeaDea#!~GlI$sh3iSwh{9zo@1>6nS2m@C4Lu<2n90Eam0@(K?$f
zixzZ#`7USqn<Rn_dd1eOr!sTDe;S--#~%+4-w)D&w*NzDaCBR*PGwwbf$PS#e;fTK
z?9Uy3>6+Km*O*R2-Y7?bdrl?fIP5MpQY(a?M|#ka)4`vFJk1W!>``Wuu#^`CiRN@9
za&8CUqYKGFnj!&KySv1xgsAa=!v{4=4_HdFM|}h=d&YMu_b+{b+DAgH7|Bjqp0Ol-
zC0v`tXa2gr_8+>x)$i&oq`4mno{ltyP>%~@h>OapzgqIMPOCYH*gITz@{wjwu*d@J
zB2gOVw{0_w@je9r@n&h9aV(F@Y7RV4(M_iq<Z3~t<B1-gl)ej0_ymZoO1`!e?kwQ+
zR@)&r>7#P*`j=)l;eB*N5Sh>-@H-AG9m|PgR^GsJV%Zb$_MN;rX=hA}@93hH6Q_lQ
zKgbF<v9Tf*UsW&RMtN7vWj;z`kdqvy8dswwXsD)~hZbcs&qr4MIcYJecvHEKtjb^B
z98+w;2!fM)t<co4(o+J-F%JToaOuVG|6b`lgke0$NN|`3g$R*^WFHu&t1<>D^RIM*
zwrrV}ir?#~I%d^_hcK@B`D1fPXBRVBb4`qR+S`^x{pN&)$z*7!7}VoZAy#gW=%?h3
zv!W)O^q$sa+cg7~In7o?oSK85?V@{)OUt%HP!5xeF;t@Kudm@%uqri8d{V;YFOSj>
zM>ffc?O6vAk9>Q0{KS~XaX_p+D;;Ya-D}ud!C9y86vYDV(E1v?b0AML^c-?-T#b3w
zO3z=f^`KliIyWh%8RyN6#7?ZSEymFm<t7chvHC`>e7enQIVZ&<eU$`%iRxz+98~>|
zvur$Jh#H2v?<5GEJ1G?ZFcf8;VzjX+Xaa0f6%>M7qFRx!;9eUHGcK8E%cAC;Cs_l{
z*9>4y_&2HKfCqA1S=g5^L|eB~CRHBta^9G#lo|q+50YwvGNx5l$3;HBm5oqML|va2
zi_NR$HSC4|mR4~;8Vd-LhrjDLTH*#iFk3z?+Ztf1X@=a2B?sbIXF(BvB3&ls(Cu$&
z>x<lSqet*DfH_ruyq}AWnX<D&$lqB4GU`xl(dP}my^v|*S&hBy?R|GIJCPQRIfpR`
z?ZZN#95mK-d~PFxkg#AFx(oH_?Sv(sDwX|ql^aSNgYsnmU$YwPNGEF@fxZnW?yA?y
z{E*pkuB?B8`}luURMdu`>OY=dxo1C;0U1v@BL3+sSvX%u4zku<sVH2p$JUb#RLqs2
zLhb*+#E9{j`J#!`F1y^3?~!xVJ7&f?iJO?icK`!NwJ5nkZpmR9r#!x$y)+&t+jXc@
zoVI;lnsWvD4wge5f2WQW=@awA-|HaR!Q;}6XXSXhsOL{X<EV8-O_<>7!jmreU|l>j
zL}5Ij$N&nP6Ou`PMdD!8RH5(C6l}!9;JGh{rI#H=XV9y8DTG4iP+*zWO~2x;y{ijb
zK1(VM)wx~TcJ43s!}O2lO{XS3vml(u!YR0+A<WAe$|$8$oA;`@QZNc#Y1RySq_S`&
zs+y|`JH5;`x5udn{<JcdgcJ^ryiwrS?)TEFoP;PyoqO^42*rj^ly)rZqlLVarQIk&
zxCL~v8lo0=fy_WgREhhy>@d@A?h5^zIUMKLw{kxqV?va!C5w#GYdFOT8fpQ8w>gZh
zjU;!;Jd5K+C!$3(+3MfgEB5&P^P_4vCuxEd&rQ2bL1;ck;ArX2&5)~%<?JrXu0L6y
z&UBEMWwpSQ__yiBi8K;aL^~1cPi#)TQN!jWdoxkqlbjQ+ilH#3OD2-(Oj*?^o-Bfr
z)nbU&<xz;s8tNb0d@7f@h-|{iMV=(hs-3E|;jxs3>30U;XOan+UyX#L6YKysfhE)7
zmR6$22HA1d5Q_pA;z4Sh?9&yHZM-|!Z+Ajgd|@7aW_Lv@cpbwAK6Kv_cS`MRi&ctw
z3+i&a4r}8H8lzkeFr%+E<1{Sb4G?WN3KT<d2bJ&W2RfT0#)(w`wxi=TJ4Gg=4~!t;
z7i92KJC|+;FsF>HkTV~Yhg6L0MVWL~MB@#*`{iwA<fq80x;59GE{Tz$Amy93lX`Vh
zf}6zGlel7L_mSK@xtm+?Skjv-JAmILym|6VlrZUm{7KT96>p4NFLX8F!QR9oX>x8!
z4LRZK4jk-H+R1ihy`cKR)uxag)>bKUIv!pX3j~6vjG+1hr*8&r!ykdj1FCdU;a$en
zrRMO|1W3Ydawgl990k)FEs%<{u*;IK;K?-^SNu|6>Y3k3<vnhT=G@ih&AN1YUF6i*
z8x(pAO{c+uVtYFLR)-|pyFUm-J~|)$0Rl^a2c_?yq;*@j=F0+UM9mi!TcPq7#CY=4
z8%<zMWU5|c(xix0hQ4&JH;ns6Rx4}p-?SB{k!K5C;R|13{TnNM+I9!Y#rR8o1T$ze
zY){k1QJKQfThf=lf;FUCr16G3;x&{o(saZ6CN#JQiM2%0=I)sxA8MqcqUW2yTso^3
z*~STZANiwFB5@fehn^6UCCQVv&rRR;!2($pC!uZbRNpl9EwgZZ*Zj*^xj}AnVpNjR
z8G(u=U1E{a;njFAuvW4nd*Ms1o;0#I;&DrcpZ-)1^SiboXp?9>S%ti6SbEyRtH=En
z4EM0%l&qa}0?KryL=Uywd#nm<8Ay!2W8qY%zRBt`M05eM_R+Jvj^+h=3M!`9d0#Yh
zb@h_+lEJ*+2Bw~HsCCD7vU_H-(_m{_F>5s?<#hD`>MLiw*pnIuUYd&8^gG%dc%u14
zi&FI$4tIhr)Jf0kkUSmW@Ld#j+7{oOb1k$i*F@2~=yhZ(7LzF^;<wY2PWJW`|Ahl2
zV35>Y)Z&3*hQdLBVbrdzwcpI;eGbo+JHhyLfux;bu@Ylhqswk^$^VBn{9`xuEyAIQ
zQ9Pa<eRn%$ci+{@)NQf?8U!qM_0;fuqS(8M$x}k~7&W&g3U7I_v7%Pr$2^3NuIq$r
z1XVB-Ah?B3)g3{VQ8tEUb$Whp4M_>;Jiskq#-gbyw%w9SuMuQ~i^fz>AnlOHsulWx
ztxbxdxh0*x?ounwiMFOxGV5!BGgDJd<M{{<6wkw!g|V`GrrlZa*#a;jp0E)n8hy|p
zA5SJRBiCHNky{u>V*Al9?W^H1cQf@#F9~60X=FfM9PtC{N$5`&<k97K(gstOzI)n5
z-NtrIc8+-sSSq}AH3JvH%E;k)?ReJif+TT3c?biH%j+E0qsMhX9E67g)RnA3u^&o{
zQaM-y#)e`w3|Jt)(hP)h%IuNRyf9p~JD{q-?9AXaPf%11<?L6B((6%w5otxov|cYX
z>&_?3u~+;U-OAd^=o9&rqVVZi>=<~-DG=#sf_sLZWm5v&4a1;O&4u}E^iJli6EvPt
zwg$fr49+~AMvGq}t}(r+qB;Q9MYd)c4@R<R?M0_&!qGUcB9kGCswJ*=n2PIb2|b8Y
zT5!)$ccYt$(M8>Ae-<NfGlS}nuVd}0=dt)Y8_x@UTLuQ$4e=FU$}1J9L#qx-TF3Gl
zR5);{msRyR24@lnxUkZw$1ph&h8kCe3xZ14b~4t=5oRl+*ik<l&Bv;zz(dEPQ&tZY
z#Xfjp4fa31?rXI`ZC&MTO7pA=!#P|{Oh3Z<Yeg9y4eJnHM#iz5qA{0><?jTJ1J0lx
zF%Y<@^bWlQb+@GJgiTWOwlH}z5s#qS)H+!cQ;ulSjTMesAv8gctnEWqI{G)D)r@ze
zIeRjtTG*Mh&jUJg=I8-SNP{FESaLGw5kjNC%u=)I`ZnlbaTe|9TT=a(;u36V&XRYe
zzRH<VFPr@r`L&KzLfjzN#7N$l(8EEKkz)eCv0k}hLC0Q{SYCwosL#1B2mvPEetr#G
zNH)wxjzcjOjX)2`k<L<z+q4<zMCyn2wSO(=<4WGt(`e{Lu`r)v=D_cFF$H<kB1D)B
z7H<vmGSw2lT*Owg6Iwni?k-j(E@A6f5U`4fSPyldZ_K@O1SgV-Zj7Uoa<D7NsS2-}
zv)bW)KFvqD+Wyy3dnbl&KGx#9o_uF?XwDGnZxW89lAws{1b7E^b`4+nzOhYaVjTnA
zGk;gTPweRRHFQ&-NAIw?l^NxVBzR|{Qe{BJ)OQ?zWk3meY5F6@+(a?6sgZW2Vo9b8
zB_!wqlzRj*i(#rTh|rO%DE;W+0}Qy7L+nV&6`{3>f-Q4i>q#{~h244CLeB+r%Ae@@
zF$=FIVXe?qeSG&JKV;z!gNf^B+e(L2RXH3}%E_C^gQ8uGtju6~O+j)`DGk1iM@ztM
zdDblNsFRSKFzn0Ekd>+dXm*%FIHV)#8Tqy0B<XnKI2k<8!-*`Y^)fh5N28}mGIO_9
zVh{oMh769q4xErWf~?YWr~o&bP$}PhLSYG`I$+}b0%t}*1Gv?GJXYk?s}gn^7paSc
z+FIZtXu_;>a`&>*+OW~(+_<Xj#A;dLq^pf4LLU*#ayg`+@tnC}n_Jt6OVF?)*^Nx4
zf}c8?Ey|KD0i6#ikW}-&G&g=S2Ce>L1C-%xf>H7AV^-stMnfm1K3!jnM7^ud3>vlq
z@-nu|eCBpc3Z!1?q<;E;=A^biFz#>qsh|Fmy*WM1_HR)bhd0WbNqHtK@OxP<x;BUD
z+sn+tnpCP5Q3^g3i%M)%lx_VozQ~b6{>Rh5(96AY${unXJO%l9WrXu*XW%-fUQ}O3
zEgVedQuB#Fb^a@y6sz%B`;p>27;`y8>RK`1bG?HCLlve(XR1%Grd!L+*0sRQ9J5TU
zaP1U@0EzZTw})rVSigQ-YvMRR@*1d3=VRcK2VM(Cj_!8;<*q6?p_sFsgn`o+H>1UR
z(ksThrE^+L_~F%^yAm*lc$l15tAP@7hw5d3q&P9MM)8@|xENk`RvbmjZH6!u`Qb{V
zzbec^ma1kRQB$aEeOXn5Lj<d3!9K-R)z0a+iLG|-A-4KaTB{v$<9WFl+?)T^+ueGZ
z{qZFAM|_*m%7g^340oETaMe?lPDV}k>etEI1t&{TtL+(;hkw^FIu~Hc$_;lO<O)IR
zBdi&`UHPPKE`94#S<oKQp7W(8TPeMQ^%<{&7sxLv6DORKnq*7R5OA!F3PvhIQ;Np}
zw3-Db?XGM*ls0JDGIz#gH@N9EE60_RH@YUL-|zPuAGki?|NI<@$~PqJY18dSoxdSf
z^;Ml8mp&g(kt+9!(D3@+r%-a!iXPdgsg|f}e7?Ts<qSPPeZYjSY~$$kQ}?t@vNU9v
zj`Uj|lO8_p*^yBx5-M!+DMggbDPhU6%)~tnj?~KJm~G7{fmScmM(GeE-o2*lXUCYN
znlx8hL2X5)I9pg>`@@dp6Q#3MHSLa37cq*blq5S3+Y_l{F;5(e&Zi$>m1C{2l2U+F
zfm`!T>saMle?97bRpX8O##o93$C^(CDwdkEjrrhZV~$=rwvm!ASK>vnDa%etrJ)-<
zSAlVW?5DY25dMYx2I(1(0H6@fu!!m0pEnFTiFA{!PyH4nQ04%&q8^yx&x)Eb$D9Id
z^XXk8{5tGX@fr3bdNV+I8wg@TMaAUT`+cKp3AN22*5*0DtX-My8;G~@dFm#_`h{{W
zN~oVse^5_sG?26C<>(xyP$#B7Bu%P2vJA-xT9x@y!w>~5u>Jn83?Kwf`<wj2YY{-h
zHoP-_{7csQr;&YXdG_@+xg9OIE}B4TqaH_>7>%;qa@lKTnm$GMz<$4q2qOpSMA{v5
zcRKBadM{^7OC0oMP`sryBobLYPg=#oNN79R>(?JT?hHA>(FW<9*ma)m`2pdvm5G~Y
z(|V4!<D@o+w;bzc>s4Jpg!<6Qj`xo`%nB|htBYh#759y{TdxkMr}3w&9+%B^vncH8
zQ~se32cHz)iaCosHJy5K*Q6!rQqTyjEfHR0)J7l(88;KXrJ1M;>RP=vA61<Phij~N
zpZua{t4W_Zj_3NCT=kSnc@}pTEyo(ez#@X|ZwXpQ@=>AWIY5t{b3n#}n#AQ>^xg#U
zd`oQpVE`<k!G~olHo3C(pBJhef$+a9uWXdki;Q?|$bV6gOmA^agIlqhjZ_Yc5zw2a
z&+9Ctb%<0MpXEjmU?;x1qeYkOw`1E`@js>N<z4~Es;D&vM4g#{RvIS+@x+i5+O0HA
zjNxYUoT-pvuvpO<S{Amvrk(F%tcLs7nu7-(sniAHIgjkb-<m5N^qOlSJ@lc83E97r
z4fY2ufLL-YI3Hx#T5$5*9Gqz^ibTZu+@ccueF)+-c#xgU;Zz!$OI*|0H}+2yEfog7
z=dJ;5+6%q9J3`jUSU%GAq^?OI6)(9Q?}}ech>M&j;g(V4^|i1}C%~Jz=4l6L41zGp
zfU6!GELG_A^7`5XreZ1&<WJclj|+klob9!SDhoz?blx)2G=vwKsui}b*-iv{qDm!h
zJDm0W)(OLJ-RxFAj-(hSLpXcNDMp-rxJKrwf~SFRXJH$Y{7ugqILvWJ&q+p552oIU
zyc$8EhOFuMT0xK?n<NG&S>6R<L$`s6=Qt}aDr5Vnz?&pi#>3L-<ju+7t9pVSMv_-N
z%APM{(bTyj0TOhso@-4RWqggS8_0AlXA?uD8SFQZd_g0jO$5uGM+*B-^JyAD^iXev
zQciA$F&W}itFuspj__AzDQN1`dEf?*b=+Dv;ACk<qAkWb@Ep)p1av{<WO=Q?npUB;
z+z##o!?tUnlhfpdG7#OxnX=HQj6%Ojj^D4A4REUjGjJp$xlZfFs<V52EeS?fVu2xB
zGt@k8)HDon??uT}diee?m=`{!w`#uVT7~mRR01`y2J~F%q_7e#w#_Z!mb*CJGA2>=
zCO5|nOJC)&fC6=LvOAcOz>P#g3`W?wE0{gTS&6yKesMIglX?jtECkskHi<$Xptenl
z(M93#Y{$wOSpc8aNxp4FNu2P6{;)B)+e1ko9IV#mc+r(N>CTtaRs%lYVC^G_XG#*P
zxQ^dte+BBlj26z&@1dZ(YQe|#wFH22G(De-?3phW#lLa#?#NNwg%Q7jQP>yL4WACf
zQFW+$a^zh#GCX`lyDOIPpv0ru2bOmmDBr-w!3Vj~z`sNG!I8V~bG;W+05^gcXSo3m
z41s141fKwD%!B$ia>GYdfpxIPxW^iC5WZ8Zqaz={+LY<Asblcbk#pIXavXw)$*H4U
zK^8h8@DDGZf@FrPmhepUvh%Sy<TwsUrE6wMl;;b&A}tbT{@N9HK&OdoR&j5wi3o&Y
zayBn>x8+=IFp-foiHuB8^V}-G7T+}OkzUzOb{Ic8K#YkqY~`sp4iApnom#!obLipn
zhRKe|Y8!$EW~oH9HMKnH8=sN_WIFQ53M9SOk58hNeZLY~7aDqyd1ytnmlBjJ*KU5J
z7i{z}p_C5ME*E7!Nm<eeJH@6+T}~@0i#+_TP9WADGx?##$|KTgN+*)-wc3--U7I;?
z$ci?#E{(yEAJV@X%*KBKfkklSR;^dNy=?#Yf1aFveDiz%<n7UZ)_?!z<L^hOZ;uDr
z(TA+Re|q%s!;f)Wtkm}?=L0b$fEEr;^rAlx)|8LKud&S08(?myihGxz#KJ$05Unf&
z-pLX8<&%i5M=10Qip42cUl5sT_Ko8e15i=@d#bX5jiI3Olw@6W)N?9#H`Se$#956Q
z(=>R^Os$x%XiPj1V$DfOMTtV`?5bb-C`IqYeTtKIYk7rjy$59IdmQ^rM3)?!QIl=i
z?1gmS-qA$wBVI}4BTrgxCTKvU&H;XJd}Ox;kMrX4AFUT#f2+kxLZsx0Xz*(ADd?~t
zHVI!~U<w1t)(|l<cQ+y@Y22h4Iblo*LtK=zFo+!tqUjwOR`X#GoL*$<f=a37J8sds
zf{6F?nP|Dw!Yw5uLSNOzGj!1h=)EhNKlYINX+F5;JTRPcr@M1pU-mTS)NOn?8l0-I
z4nK8bDkF@SX9g&&G_&-`<#c5A<6bYT%WNP9JMpg*R2!7-P@^u>YfDvppw{DQTSb`Y
z?4ID98_Jy?L1k$%8;&_#x2MnzmZGa16thK7R3M*4zY=-fQ=d>8N>N`$1{Cuy%algr
zKr2<zKLZhgzEt7fkXM_{06(au(F6!S4?&21Z49o)vw!8otM&@MtMs`8nbl66!7Baw
z-66gXlsst%Z~Kb)NcsN%s=X+$YMW7C`muZQ^s=Z=Wy*&eCR71}HbH5cvdYU|25M4T
z1cxU_`}eSt7PIk?D16;J9J7pcv-OGs(gvRG%OFUt_SyLCdU{Phde#no4<>whevm{Z
zIvlhgGcoUB^B_BUswk4&=pq@wfWA?qS2I!U7VO~N(aC@G_ut(uW}a*a#-o(||8Pof
zcusX+Em-9u-*|u6|E;Z6e90(Ca+6+$kI4mz0|I9j#f7WgdJ3IbjQs$VZ<)|u!&+^X
zSi~@t?G2>FBjs_P6c-9FrD~~>!82HeVpS&tXDn$<NZdi4_a$X~NjAiIF^RkRTu!mb
z8_=E3wqNWj`C<0k(a9i_Kg|*S7oHxKZ7S^8`Q}&z<X7YD_^lZ6Mm|bnbtjRaILhS>
zjIjM3r!A>O7_zIoR!dL$c%9LY?`~Do)Iu|%de4nPz2w0g1Io8Q;-D=y_$G+zpA%Bw
z;`}|&|7Y`Acc=Tzrx~G;KmW|L4f4>#_%-;<Daa@1`J-o6EXV!h{i8l{;j+aOmH@d1
zjg}(FGm8xQjgxAgA<BozL98ic>m3y50G_U|9rKuYqAVQ68wbY&%J!O4)RkRT41;R)
zb5kms=Q*V(X09jq&K#_Qo9v=%f7+}bokU&W#M7rXj!xvs@7bvte-RU~s^wU5H4Lv?
zZ9>vy&W!JA1xbL#Ypcv104E|hZV@f$qh@*CNNDz@lrjq7bE{H)bYmVv4zR)0bC0Z9
zod~w`bbC7{g5fU;8dEuAp9z>&u^5`y_~>4?YQ1c+mtQa!kzXOrBu@dU-_y%Zt(P74
zvc4wWG!nqy7W6-C^xw8SsmsQTPars?iyzFKz4f*J+h|Kg7@Cm^8_gh>j96DWP)Jg4
zYzN{IWI%WXbmSparg031k<E+QB)<(sSATRqp48^!iO#y;O_k?Z;mzM3_xJUrA0O-{
zcXWX6u6`Z$;P|_zRg<U6a4&O)XATD^Kl~C;YcKKiQ7<8?W_SDl*K6$7USs#3*El#F
zboXEHi$FzM;M6#Iv)8O=y^r`V&i!#YD%yOhCKaaq<Yxx?tTxDJ@c@Y`DVGIFtSR<g
zy5_eeN86B2+ex}e{S-xS!5&7Jcq9^+LQ+-LMW&H}u#F#nrRTL*dfuG(hPx62IU4le
z9iPCz{Bu3OsP+7!*|T=T`c&Y^rB@G2s@09a@e;U~qLefbEHfT|bX+fM<9ca}e46_C
z;HW=z<8I^V-C;W(rjA9bJcRr)znW<7K0^8W+2Gyb@u9LePXA?VuO~B3uBRi`a^L0U
z8I6SFlaS4t780gR!2(&rpwgTjLSV#hul|Cwn<h)+FJH-XQe7ni=)<S?@3Ym`wbmkw
zJO5h($Z2Vt=@LJAy0>fB<MvK-Lw@YPdw=-Pj>QBUjE?klCzL;~sr=|*c552J?)E+M
zaJBr~5E0pCtk%r8M1$3x(wHXcrTQMVXm`iv3jarA{665&y$w7G4b<-4V0WHemJ6iR
zsdI*jGu_6~585F1dR-PJnKG)Vz!p|Q7Ohv;RNzI1J4pH&bm1@0+R8}G&^0_4XGQe-
z2A$vO3F6N?^8a6+av&CBVqKP$QCs0~I<6Izr)CvI($i<k^{D18*lvE@#2uHt;kX)>
zicX`6EAw?Wm%C_lT;*5Sv(~F1<)Xtd3Jxwb#NTmThs1`U0NT`(@@QM4_N!1zo`}j?
zER@R}fu46`=zxlt2-Gq}(I#G5O{L0d>bG8f+eaEUc%4$>C-1tBvDp6D?S@}Z71=`4
zmFV0_s<aUHa8C>+sT1ehS_2Wb3?wnD$v9u;&X3Q-DiPb!oSW~Ese$Dg+EGwTw6a3?
zZ84e11pcfu2yZbP4SQFM%U)G%%0Jz!`PpU!S3KVFpgukduR4L_9nK?l$R(S%N&6Bw
zTCi1&VFy^1s$9+!jnI&UBaPwK7zi5;x<{{<5a3YSS*gMr3wD>32%0UC4=?uu|6n6N
zRNYIJmFP7s<mv0(UA3HCiHHqiYShWu^bXWHdC+3-E;Wgm2Fft|AS=n9vy1SR>x7el
zeI$G`C=O$cBz5MJP;D)oBHla4W0Vmr&sq8s7)WsCit>krOKEDHs8wlz5NXs@6uBwp
zw@KmFDm*E3_gRiUI8=7Fwzj;e9Ki?({Uzjc3#Qm3pO#eBGKpbWD}3-a#NM?(!%Jdh
z#b)wq_Vw3lI3E4u{BrN`L-*5Q@7?RSA3vXdlrs_FI<ND}AjTf>Z2f3AS7&?0w7abK
z{&Q#h`PR!9tyizf8Sydk359q4g#F&|VuWj{F=HHG>n|DDldWgZUbbGPt;aF#X3CqF
z{Wi%jbOVB&@8c{6(E5Y_{{8Sjjn_;6|Je4XjS^q|B_owde3?MQ8kLAvOc9dczFXmt
zTca3t-y*VQFVb9<eQ2c{a78>S%+ik-zLgBHL@%zd5!`tvm}22a4=E<!GkIqeF?Tnm
z8fO3;r}A<YZ~VcxZoh|u2>8$T%NP8&EB}*geKreZynOK^%Jg>42ehp|pr5_~i?bf0
zK3b&?`^za3H>>l?yar*B55`2!nmMv@e6as`?a%9Pi>9`+a#PjIm&2=xOiC}8x&3qV
zZ_f{B7t6)g);3~;Cr}!)H_L@cKg*(!Q-)LoTwvw2=mLeqV5_@XU`qlse@3&(YU+LG
zd>tQ&1^-dg5QEkj!-&Tp2ak&*9{62PhD5Q-aq%g*@#OH>%K!c^yzyi<`6&Q^LrcwF
z>vkK-aX$IWbNCKpM(YK%Ac(;oprwSQNQn|D(IVH@#&+TXF(hY+n=rtFTqk+9JV%}*
zfATL?UsYdb0E(d2PO?7UC4iZ}RCia`^(zR(^l@8)b(c*+^cV)@-RHkt{JEZJy2pd1
zJ=Pb30N``K9MmJBWU*qAX`O*c>jok?7-!#)a>+Pv&Tf)HGTGetr-XxPxCpGkbXUvG
z@}0;7D2uyVv|dj8Cw=qy)uFs#IFFOsv;^0yh8h=5MRo)*>Eqv~ve}3j^LTfu&RRyH
z{0f&u*y(tt0sf??ooC&kIXhRG#dzJ~-)dV$m5(xl^3JRCb3+~^L#&{Whcvzm@|1#u
zz4HsC)74mn@~Gv9PwZN9F%Hw4y=AHetB6LE`9O*d4f+?T8ug4(s$Oxb25^S_{N1c|
zRk@t29ioISt3BZXb)KJEvwq1}sq*IB9gc1oVw}jzeHVx+ti@)|jAd<gASuG}Bqz`n
zy>{WJsc7Y?6<j<;hE4Is2kO1$jvPN);`3N62d4tTfy&@SXiZ8y-vJxrcbVPsha9H+
z@!`c0IOFe0_u*ainpnt0)pL_>%-m!?4cM&JeX2JutXKU5MxVq!b;h>a<C4Ad4zpnV
z%fhE-cYT!skh-mA22u3~L8I`Z%(wTkQ?o{yukE##>9v;W^|<7P*OlO9QDDkro1g#H
z)2(MZuKOMTu9SmjG&KLHkr3);Px)9`3*ggEmez1|=@@=!#M!~cns>Qhe86ddG}PZE
zX(ZmwmB}CZYR<vA#v0Sbetv#Z3TOyMhoos{S$HWhaT2l`{)LypV}-s;2k@ZE|Eg<*
z_H3F=2JyDx<9YV|idr+Rnj6vG2PmT?Dd37Za(;O6%L7D)oPIUsSPc<9W6qdW<Rven
z{lZKA2ny8m6C@J4Bd@i<6Z^G|Uru9%iEW%8o}F<~?R=+a5^`_#ON8^uosxwa@Rz$6
zjcz6O#7|cN+s)>2WW<}z4P*!((A8LCKp7HF_D|{LfjS33I7Eo2BJs$AonKs-VQ+4D
z6!NyT33;3&)$u-SP0tQs#Wv1hIdC$dY)cqZuu~4|xt*jt&1_6x+R9cEbugrPdl?sG
zCmM1z2N6+_O1OIV;e{<1;`Sg4hSG`2cwzn);Wdj{nhUPc{qp91B2ja)N3Up^otgZ6
zo8gq#->V~s6~eRQmp#S6?lBu~$`!_KY>M4tTArF!iQkiQXVwjtA!img2`3-**jtN%
z<tTQsz)VCOWR@apeDM%B`J1glI!uP~>Qy-9BoUK}WCa^YPKVC2RuHM<DeD0##E?Bx
za?ZwwaqIvyK+L}<3pXSNKzAd8qnn&e`&8Fk%|s;eUteP_s2L+X|0Pm!)bFROf|{Ml
zR1_D*qeeQZqvl^z@4OigW3GAzb_UiTkFIypbWr1eZPWS5F7Wx7Eo^CU!ZBmCkmo0B
zuVUu1wpeBvAwVjXS%;K|%;WoBGBt2asGB);er+Ne9rG${-8U5lT!M<hr4Y3BBRb}V
zBhrJFjr&YQW5@-gJp-PKo|Bo}Gh7mm6XVgj);UWhW@mLJpu&(X7&BBfh5JY=a%7$&
zB}nRwMFW!LnNygkKazO)P94S9<5^;%>n&q4mUxSdAkH~)MLp!IQnkS`8ptlF3CPN4
zk$afi<U<RyDD-yD45PIh8Kw`Dl@3Q>eY~3|i*i#q609I7?Y(In-Ab;*m<7?RnO$n;
z3XFO^hlb{KeqzYiP*bP{xcc}uJ~?Ma@Jl)+Phf>kNhiVADO-Ov_b?={j7{0%mT<kM
zo%H(Bw=)03@v9frCcsk8u+Lu9w_ch82d^QSANY3I!ujj<&4Nzu$lQHQ67dw-SP{)Q
z@i-M?Ur@dXGJ}+&>6;o9$%qtagy?6?O5#+c{S_3#YJ0nvz*1bqZp(kgw_Bmn<Zpo3
zP;{n{0;fFFtkf$THr;z=c2gky=k<Y0jgB@qjOqRTg)I*;A0d*%a#=sn+?3xrKBmoI
zFITkshr+C(bsxSIU$Bg1b987o)v6el=~;spQpAYcP7kG8Fn4u`p0tRp=gT^cE=vsF
zbtgZCN|P1s(wzx7g1d<nWY=WftGNwn{px+2-X@bW2`=MnHCUb_lAE>0Z7)tC6F=Zd
zWABdFm&M*?EgE|1L#UM->G&+?4J|pXU@*9Mu_`4KQefj0_I^%&7L^O?9npk`7I36H
z{G^=vtwB{$4*D)1CgH0TB9{TI7>rOM%$9-6mhk^gx_tzoUBxCDqwH8b-L|!yqBOCI
z_X#A(G28SLL-Xul=$Kt1&O6D6373(p5J#ldVB%gJB>M2koTIT<PwGAZUJma!o0ZEY
z)5_8&%B90o3-ML1klf|cU>8C|)(4TYe>2f_Hpr_Fxae`ZM5M8<g#z6d>-$t7o@SKM
z!V^TqYTXZXrB9~nvM1Xj1e-B%&QHq0p%x_cg#W?=-Z(ZDvMIR0_FiVC8B<13@Kp>I
za@ay$SYfI!K4Ow3iv6!&pARhb<Tkm>tu&6|+6&5Phd@5}zz)sXlA8e;UK!*9^ZSFW
zqMR*vGK?lfONQ?*nh+Adl#<VLBveS`oosZl!W-sL=d3>ZbVGh46OY^INCw8<$enLt
zXb)p(Fz1+0C1t}QQa&YGF%#jc<$!{MkF>ZV94;+BJu1?V#->lp{hSH1Xtpwq4@#8=
zM<$>wmrc5a3Yr0iwzY9I6<pAs8YuW~vcu18<o|lePwxe<gaKSQ7<D=dhOCfdXW1k-
zRAMlpOo|Q5WgPVGQD$w1WkZ1kcn0M$MMvY2Ek#wu2FB>pq~`hk?zkwbzy?v3gZ(*+
zm#)Jp5NbwaMLsl8>vRq#Gr10L6rM|UD%xGd9GP3*%_NGH+mLu9e$mzV5}^}uKj~Ov
z!{G<hyxB~e{g;8S8wx?3!E${Fh`6>Ah<FJ*cruMS(|)fQ?8LLn9gsvkvw}Rlxd9mK
z?%Up?xxYB9e;R-PX56jN|M2yW{F@lc4&C23^z<c{bM79UHj>-kZ)f4VN~79sRI1&u
zQt3)9=~GfFuZj70VG7uh7yKqjvcBt{eBMi1r~Uiuoi~@ir50*vVUK=d5n>SE>+5*f
zf18V|caLu0ewt4{-XDGbp`Oy)A>Mw?`55n{@VdT^r~TJw<9@#z_g{bh?e}}p>z`WJ
zO?tgauZP_W`iY(6v-H;Vj;H<Ce;lVb-J|49<-_~SAJ68q@S0w4;Ptok(>%)czleKz
z5&|T8zZ@<vNl=g&vYUt`Z+Bjb*`>OBe0lD^YDw;%ybO0wC;i>i$$j^=B(5rnm7vSJ
ze(&|s;#v6YtUlkF-<-UAHmH{0oYflB!Mxe{{ov~0=g-|Rtk*k4?+*XdZFRd{OXb@i
z-$d`fsWqbZ-RWsN+Ns>04#I!9TFg%NPRsA0RNpSjt6Km)!)M{Ucf+fT`%2XM`&#+r
zq!YE@w8FvdVzg7fc~h-Mt6v6XJJFAW+tKal-P<=m-i+q0YNvfa8SNdveRuNg?M?Y+
zbi4Xx(74rUpM7}Ssm!BZvwZvPc5wFjboNa&I2}x;zyCaMKEtp()%?p?kG;k4^CX=o
z&s*)*<i}Audi(a>HxUUD(dp#3<4UXCUimVyz-ep&XIM^il?)o);9L;@W33gF08sjF
z=Oh`;?;N^`#4<gtLcwZ`8`pZSl$6HJGC0k)#9v5ULlOZyjqVY!{sL;ec|~K-GS`h@
z;Tsj1Uh)pRAf(BO*Wv|@z2a^VN2GqSggAA&HNdP)1rP&sipn1tR@`^@T**{?cNJQ2
zHH+O!{Vnz(Z3A_h`^glT+*(zMnx*@mE@aN%1iTpA<`}I&=N2>6jRt%%Y7txDyG7J2
znrX=|%*8HSVu}Muj8s_L?%mITG{TkXA&E+A2g3MR$|g|=xBfJ?VeV21JB<c2sZB$A
zR)0JMx|2lcvYj&GoG9C`t@tV)LXjkHOf4l~Cp+r7ibw#j+T7^H-aYSOl<w-=13}v3
z8drYelT^C4eFJt17+H2$Lxz8ranviFrU#qpOki3HXc`YSB`6GOME5ff2i&%I1Meb<
zG?#O6r;AWRN?ca{c%b?iu-PV)cqC<^R_s>Uhl~mbp!IDoU<h$UaNqBYtfwV7gd&%;
z?FN3T%_5F&GuSL9C)}Kz63cKTU%G>%p3I?_A;Ehfdqc{3QY;K9?w*zXAm$~4_$^zP
zqnk(Dxyf9?P_MD$%ZYtb3>}!B8GfYTzcQ%2*y#$?*ms!4A&+$houyVXtL1%D9(wEf
z77M0ZcUz8IKzuMkv1}Fxi^`KT$B0aKGEk{x$v|0N<hs~bNz~?=U746Suj^{DyassG
z!#ag$D^*@=VA<3b$9^|pin^I_KoDS8Y<7>N7l_ivextq9qOOJ_EmHGb;;;ne#kM3x
zIfZq4fTX9d>VE#GY(oLaV}7Nk;{qE;=?E4#H(ab6YDwRlLkTjEdnuc^WJxvEWyJ7I
zPK6$Fh%(cbtJDZ?pDPs%d>)A=6%!1tMl#3%Hs-=jiUxvA_n44eK;&pK=}Mh$y>#aV
zYm>Y8gemo6k5i-KmN!u%#tl8+k1vxUm;PAUOS95yg}rLE->O~K>b-tFs&+`g>0GvZ
zmCjYz*4`iIOxX(+@T|l!`x)Jg>EOUtgbA@@fkv1zwhx#v+pnaODRcBFO$6-P;J}tS
z_{Q!*1+**y?5{s&#979q_4XoaWM>8uv7>{ROI1-Qpr9_X?=d5N4aV23W_sQV52-)O
zf}^@JlZq(}Xga}H_sWrT{ZXKq$82g#Qrflv&6-bBsoZ5ibTiB+g1f?7RN*2KuCjj2
z%t}jZ(cEJOcx0}POBU>fFEq^_Dp5NQMc4p318;QB;1g`9B?+RJ9l-eN$}lQxGeDgf
zK#lUx+i?2`GDJ`?4pm(KTAh)V4f!1>OpEz(R4%?`XC5HY1u9j9IGMfkhvV9Fd|igZ
zC688RH}hhlb~W4JRT?4kUL}H2%mt3D3uiK)4#qH1W$tHzfE7DILQUu<@CS|5C4qit
z>-gl}9zee_w`@!@ngn0@(?FbSjIKf4!qqk9`JkSIW?VB#*yu7H8P=z+Thsm;5`&;D
zs@HDW0WE13!rT3&$L<}D`@FLwlfR)1&Zcp=dgqcjImPy30}P7PTL*Y%PicjEDO*59
z7@HI6Ev>5#21l=RM*t`2hB1lQzx{@~rJ>!%59T5j4&Ll36a**k@%awqcuxdAO8n>~
z8oP^bEio*e1H9Z-VfHS{hwk)9Lx=cEgp4*8DMtbWAZyE&<p*cuhMdy${4TgI$(X&F
zTqI;M#=*kYOLw6SMYqyKrpzMsH|Pf^d+*Ifytz?0iAMCHXfAUjrHtYQ4T+}0tz_#Z
z5cSf)l{=eaol%A$QU(f_dpgUPk4RiO1eYi56r>bUw98u|%e)ICc=VxlG9zKg`EOD9
z#NNNmTkaRp{jc<zHK~w12fx@uvkoyq6cg3BbRSENHp{?uj~5W!;18#$`&3_6q+C`y
z%@*aAd3-;8Z$%qf4_%Iu-@9Hnn1<nsB4*jnJWYa2GDWE1PJEvIL$SJyqCouUT9=Yh
zemKCyl0$NIIHE0@X?&~Voq04P-b9zU3UBOJgy@DdrcVIfM%q%UWaum_V|a&A8I=i5
z;|x44j~<>-))+OTbg99Tj#B8DYaui0)Yo9)qe)eH=Pyz)OVQj4jV7@ky4H(%VLg*R
zQ8LMHV~xO1%>KR8_KYg1YErJ1l09|E`t_S|`Xp3sY2|^jaBXke*&~OCeZ^&ze~zc)
zZ3gegnUe~+h4XRAa#Iy44I7hjaE%B{_k~HhT|<Jj((1}*v+|{V7H*qW&$9$tvHuuZ
zv=|(+y+Y{(F-`0VOS>Yg8pyP=o5A?e6~!zz2bf+YrkTq5Wi*<3TJnTBB6?dmwL5(G
zYI6yyb@|D(VT-hooZxQDnJIs1PN^j`VDOb=d-tK~TPuH|hGaD52xePAicKWOuwY`r
zMyM!b5#O<8Q;~umXG|Ab8PY335g}p`j<C_p$(tZQ3TA;%m4kCH3ZtaES?NKuHjEhe
zqDYNE?^by#rlX6J;{yh*XYP}|8qpiCW;$f@PxbPHP|d5srQ>k)N`d|dBwvh86{N_?
zBbQSV=(LOv!p+$01srL*vRkfSDPQ8<^gqo9JP#A584KPCTjETebJ&gMNSbxWe<qeI
zE)6&Jl@(hLXKOYleSoV_l(wuBl_C1KfbWJ}*>>PeZ{;mpQ9QkkZB-gO7+Rx+iQ}@p
zEn*Z@G9Ael(sV2?njBGIQjEltc33Kmy~;$Uhu)OycVsOZ^sIrHh^0i6E{+xNHaA$$
zp7*HbfmVl}au%N)3O5{6^+?yKKjuAzLQpac2v*F0b+P2;!DY@eyeJhSi?h8|YvZ}1
z8+1F)xMZ9n#|zr7KIrciWUlcIG3KeHslNn|9;O4Wf2u(QEE+>gF*-eCkLToo8+b@G
zWx`!(STK*!1=Q4L&6ESLJ-U#(L7T0uS4Xj%cW{0Y9=wwCQu2qsd3X?C%}5a5>$-4?
zmn(UAyYs4E-K*CR>6)ll_UNBiwf%anvEQJN^}|CQQa<EoWoM7~79Q00s{74Xomyuv
ztW?8wdRyhFU*%o5=5jSyffHFv@@Oo4?2<Ow{{@{78qH>{UaKE<nzjAIR_CC7^s3W2
zYSbEsEuupEuS@6Ve)F($v|l}ZRjoJM?Z$qm-Do!tTDASg{?UG`^$X}M)u(7<lL*5l
zcyJ<=>is0WoJ$y7wyu?2fG&vDfJ-rE7ioZq7d<`S=D&l2{_#^)!^6KS<F%Culxazz
z47*iKH(bkYm}N5y&7p*NrltbDkaJQUpyCX~kQ00jd$3XmhZ0IHk$$3>N;1c<4Yvt9
zow|mft(X95b<>%hfp773N|AAe4C0?Sb5@bCxfo541sDauFqfSSSLC9cjnkR|vmqwX
z9f>y@I*U}aD^d1K<_IbMsYNR3nm`3keoc4Cx-lR98#V%)D4i<FH(r^FBf8+G4Br$b
zgLD}jY5lrw3Yj)X3Sped&04}MUqnlpiCQ$ww^nb>rpe{)R$vyvmNxa4l`SJIF+$uj
z^~=;y%K^mWkwyBAw0gJ8D(53fTDO=@Bgtwi=fez*9f$#K752m6>%a=oOFqwOU(VBD
zkLDYTk#T?Ab5D8rLVoptU9lK*QP@o8Lkd@^?-N0u1`PWvq0CT6W)!28*d(5cbqXT8
zCr=}^h}3VA>C*mm419dur5QoT*voj`e8d!y`Q4x%ml<+&gk>cdBoMU{&IV<21%_HU
zo;V)YBpf5#62+((J0BRRu~nBj!V1a_Zy7DBCcaj#WI1Lz0-}>DQuO#WtW3sHdj0Fc
zY<G<bT-e(3)-gO1#}#S-Pnl`(D6eyI+h%v-`1WM<32#whJ*-P`02+;!c0G;m%=~UV
zbCHiYU<w&=VXoPXBeUZBv4N>UeKk5CoWky1Fud4oc$D#6^XqO9+%G$-7gCuGwq+n@
zvd@}^lVpkYn{+<m@AyBP8!v(%*|Zu+NGZ#@?h^P>w8aoTY=^YMQYptUMci3LLH3(?
zgK7D-c<Fq=0Xrd`ZHiW_UaQR#I&TFpHaGrKE!9h53IF~#)^0q^TsjZ^Qczo(_fl8j
z@UE}g%D#fX)To;#b=2Ul9^E&Ei<>xy8R16ZRY_wv&O$3Yj%CYE0jEt$9&>J5I$91I
zgx&1H<Yvmn)9C9vjP4$5RghB75xg!7;$yRT^sAzV2W&yWb|x8=3qv9jf;af2-SN4*
zw?&gfJMpj-bnu}`A8MkBw(&)qzNnOoYuNDbQI1P0IP00Gor5C}WC_|55<Q~)kZ(&;
z(qdJkG}#((a*LcLAmX^>EE|E1QJg(q;@#kWNvwS+-m#L4cMKcyMLLNtwbIZEk@ux*
zk)t4aNab=_O9z?n`Pl>EPlmDO41v6^yrS~#c`S)!G_P*(i3l!d(LRJDDW_2zmwT@p
zyrTzc82m)<CB68=BQIKkIWrCF_bVrHzdQ-hq#OL;Pvd^AY3$o+e0t=?Ulgb1bR<J3
zG45$^F1|x=@CEAseUkhB2mH*5{R4v-X5yJ_5RGC-xV&|kC`$lkoEVc)IoS7#ta5fr
zwid57xO$QL@UrnmZ7V8!ho+P}AX4aEDBRaRoJ>NeKf8C3*X=JuDe#ADY>+6@{+Zo-
zEbZ9cwzN)bIOF5#O*BDB0^7%|jTcs@n|LsR?}U%NVl3vQF11ccp=sHtvP+d`01i_a
zPASj=k$fSbH{`{cr%cc6E!`y|v$KYu9KC4C`!8zc|6g3iY}^;s2N*~VD^vAWgt@#v
zoo5=&l@Eu%gkzY)^rH44bC4m{a=kYFAv%UoUHNeMSKtQ5J!FL!zF6{S37ZGH8-%DF
zaA0Wj++4_m%&uvqDU7%r9A7Po=7m$%J2<tP<8!#aU_4S^fST7mS==ihX8hZkftCUe
zii2ekyn?qrP3Dta=s(zTvM+5ghWzELA1qBKqjXN<{3TRWRiY%U#i;tbEPNo$i<P_8
zJX9nQ(qmxNBwho>Ji3Y@E2dFmUD8%{q4qv;%Pa3b5sSw&1lt%OMqUek%?*Lab&aia
zty|~Qud<8?M%T}Cx&j_xOML#+cG*uzLlHTfgAhoV8<1`b?J*|B72Ds$hS^e$W?l;f
z7{w9_lidz(|Ei5yi_rkPemdms<Hg<d?tKeWH^*0V_PXWyWP5%Qw5lEMxl(`L3cjNg
zw7zZ>jCiLp6m2|}@)JuWaV{9OzN6-{9Izaavr%$nL5&>TB@q|oxhocW{Kw|TU6ICH
zh<f_9V%yTDjinCFWSmMVXDr&~T+4NX`m2afjb&I*G50ak!RmD@tl(Y6m0$A1)s}g}
z{>6;$dDFI6YkFHEyCOS}ZrGgm?L!G_(Iv5LSd3FCT|cA)oX#ZqYN8d`Nmqw(gpxYW
zpt)oxG1eXUMzjxW`N+r^@Rm52xMVkH0hdWLUeCHUO(WmDReQv|#Sj#d|F;dKFfZS9
zJzLlJBiJzVxLVw<9@x1l8Q>?V!YXPC(Jq4}TDdM8wJb6a7F!bTIXHo~BA1da88{77
zA;!?$k2Elu*E|$6E_j^GE#<@W8N3TyKcg6^r+pRn;^szSX&!>{@okzl<k9Zx!_z7i
z=B=0-vo6aKw?4NQX-%^TELqrrl+ZI$n8&bqm8;oa#-ZTjsT!l5)MwG3th|`5%wYOK
z_{rwR&3x1+*&WSba_Tzg>Cn>NBnnN1@M&vzge~a$X0}blT}11Iwq1;+5F<hnxj`+k
z;7j_PoL&knVmAtl1J;^kfk~R<_~XHfJ8O`<RKd%X<BDB+h5#XcE(b@t9I2!F{dkVe
zY$N@J2+Y^nKrkYXH2LgT1v!T*&nWPS12L*#?CNlP<dT8VMwL=7KypVQ0F03d5Omm6
zDRm;pMdPgP&#8;TWIHStKGVO%BBDk<NgD7JBV+sZM|ohUBjKZL@(TKHKQcd+aH+UY
z9qjzUb@r!BZ+#QxV%BS^H?uh7!Iw&3d)d|+cq8otm!L2z@p-Zv7fWO{6jXE6qPl^K
zQ{w0l<xVlzK*KA(P5Cb5_ylL|)tQSn6thWC_XHZ3^AnG_@3l6x<>rQ4l!DWei+pvH
zEt$O!caSX_S_%$IUZgy$lRSsqMxU?P=m)ePPjSu0zOw1no}Pbc8K&`NoY*)!y@=A>
z=)8$|XY{LvdrHGSz;OFd9q#+_q9k&YMA3`CJm9DxUUp8Wgz3}h8-g}$d2y-%H{x<v
zQQwBO!wwo;CqHR?tn2{p8&{9ppXqKO&>UvJXe4)7sVLVB3O06MYc7`pjf&pf5Va{*
z=mi`7gN~5mZQ6t1qiP!^F@%LkdV%8?7(|YP>5<H*sye^NHUbyk=j(6231CtRK7&6Y
z4ZN?%3FvQPI7s7>f;b_zTP|XA8;O}#bGTyke>vm&C>*@fi~4W^FhkWI)hi?M#Wy4=
zU(Ll);MaRrve2~p*i11%T!!LmAeCWFj<2kE@}ee-^P=IizzfI6m5sA>x%7y{o5a?I
zv66dR<_K}NSg7+KZLZ*q5yUSzlWaw^ecP<k+4ve(uw8*+7Cez_3BEMpY?><)hWZjl
z@FyONe$}@9WLj{yKt@l{fXM!fnoo=qn0->(R|~d5N&J@0c96WnfRw}Y!-J297p(e8
zmWKqC+1<BL0~X+JrZfL#4gS;f!huyJ4%*7&=HTs}9~>X&9PTcF$C%+<xMS~SyB0J%
zL9-RKtNcg1j=|*?gl7^@U8(}IDRJ6B9C*2ByxxUHY<z5-ujrg8W-}#7M8q*EdTi0V
z;*8K3mqx`Gv__?{Q8ep`em!Purv^sZ6aQ21<*!G*bh7(G{&VX80(QzMhx}jpokk{q
z(DugVos5Xj>FnIfRqoogW~bR|SDPInk~xWzE;VF#3Op-#xOzzs_p9w@r@E4&_A;^e
zh(}Y8F5V@g8@Ug<)RxHNBFG(8P9LPo!4g$!UqzJsJS|al3yZ3;ntr%~cpJ}$T-c?A
zT&FZ1_69E9%gt)#AzE9G+GC}(v>XmB5!u4F9pC2^*&*jfDF~yNSIZ%6sZAd>iAa6}
zyUuv9xlu2%hmbjJhhzF!bX61F!V7bc`z4$B<X=Hmai!TLAf{y--&L~)_S~JPfe@Kn
zk3~9rOQeXO%qydQc)^1{{MGd3rf8E&@FPgl2xauGW}5{M5k)UGKrmM5L*&MBB?u;_
z#&#s5WH=vs0h!u1^Nz4mt)sPFy722lidv;rl_+-cFCe^~8YL#a#=yn-9Py}1!CpTa
z2K&hKT3I;co;eR2<70#uebYLO=#8DNmtT13-|+|nj)KJ$1`^h@B&+N!o-)oWS1DwI
z*mB`KXOd24HmPA{h+6;B3oxh26AifTULg5~FqB#28Yv5xx2&~ekEJ)sM2l)62>AQ=
z$Dd5T;x7yB^MGE6c_C5p@^<Us`Bo{V12x<E<E!s>N`H>&N)NWeW^#P|eEi4n|M4%+
zc3wRDd6%yA@ubB6pO5g~8+wn!Fn)bK+uhtK{^{TTc$l81@6z{`KMdYK4+ro5(64@T
z9#wbx6@Ki~cm3ys)060*pAX)DQ~6Ur{dD);cZ1Wx`<;GziYMOEmv8STTmRa>{IiDv
z@#PS{hXSVJ)Hf;BAB&h`Sh#(Tz19>K#UeXA4}QmG=SH)1{V=LmoPFXI3~+T~0AR{d
z#633fCnIrNC5ThQO`MR_(`i*WM7%$q%v`3Dty#D~r%}#<E2+(rr2c-N+Wo_bQ_3?B
zGs0dn<2Wi7nB5BkChH*Y-yfe}klaNBJBs@ZTg0%C&U<hs$!aKeZ01sLE}z47$|2R8
z+co=#ltV%_B>pG|kq4)<-W$eKj`Vjka&vHVE9|{LKQ8j<Kh?^e>RJhOe2}R{A~2&?
z!A{MKZ4(i5Yq+_w=L6L48Ax?wf`fT)Tg$HsUy!1OF5St8yW+Z|UcwVwN>`!F%?6H|
z{p6>1r^Q4C9or!T%PH;Jq3lZ+j*5a9jKXDhw*m&UcI%_tbA7HJE1-qLgM9|;`$CD?
zk}3FfM0#ltjQHSaUs3x$Afd(nL^9$B`VHl?CJFOZx`O5KF(~RpGg_%rV>SV+vqky(
zu~_)vUz6}CGyXM}H(R^UultnR)Ca&B;-G5~B7i(#QliUyreZy7hI|_%hs~Yn#Oi~b
z68@f*aG1JM7{Uy;m)Dl4joga(&k(bU0)A=~lQXG0250or_8iS)GX?{&jtHZB+Ony7
z@ZuHs=(697U;khTNT<kD)e|@GV?luCT==^g>bXc=yn5~j5J4<}eW|<^!_3k0wmas^
zIV5z&F|yMnLQ-l^j9&(zg(NGMon`s7WONj;AD$sD!Y%(<F|FcBqlwOp*%jH|+>Ki1
z7^hdHo@6BAdE1SRw(P!d6Kd<=RER;I{=A<s`{3I=o=(S8IKVEo4vtA&%LE-Z>!!oa
z4H3h<;z(vu)OL|_rl)S;WabjR8%=2gq3H;EbD%Z|F#k>RlJmF66F6#%Pl1zbIw+3l
zWe!d*7X}g1qe~J+GQ19m_mczyU(CM%dTB>L5ECk2Cs&X~90H*ObZU0Z@xl=W-!#nj
ziSSKNp5x^4mw0TjDr&ZBmUAmpBU#x&04AfK#*ibzCRaQgi7$eV-%uBu)+=2^lhgn#
z_w*)%K`ezD1L;6<RGON9XRcmbrU?|VIRrwufwebCY#w%{*SGW;-%TPx*|vPuzY~F@
zx{GEw{0X{@wOKfGm&Mw^MX0H*;^1Ja!O6i7b$yb5+4PmCKDU_34Hko*)y<H?6;H2$
zjlo1q7(3aYFxU4kmK5tpIEwI@;rJ(YqH+)?4mg{V5-Elgm#@ph+rpIAv^r8Xutp1D
z^%>g)cp$MeTEIqSrb)H+D#wXwi#eUpI|-nTE28w!^kqt5suOXAXSgi8hZN>pb|wNa
zSX(E)z?n6ED94mpvLa(;G*vMt2o1BADsBR=PX+r$897jRB^=@eW{Zj!b@tK!<_S}F
z?y^z#4B5?UB4|#eA1g+^l8OXaW)eH};esr_2|8!Sd2O7S2ow&R0@C2+#qs4nA4F0J
z;=Zec7OQ@4#4_=b4QY~TkG4a#;9$-la}S+l9|}Hw_!wLja<7)&`EL~s<yMYjZw6os
zvHkPWvkBiKy_@(a1y~@`foSTD!hs+nu}M3+r53D5jWk8NT$IEH72-l0`DnB3od;Nz
z7Ez^eFDJ9@-aWQvd`GM+r6F$9bPF_Rm)wqSPUsk-LF=lK9BQmSR>CyO3`XT`gR6(Q
z)hpT7dM2}jcae}v(Q;78eAXiEbrA^E)J<0spK?nOJ&$_Nmn9t>dsM|FKl#6I3@n!n
z)#n+D4LAQb1&Hza<xSk54?ON#Hp@L(vDg>ZvE|MFigDD2JwV2D7s?JkW*6ExKy;Ec
zZGno;?f*qYQ#;~>pprJ`L>T^TX^K)rbepIkW+p6IQtqCy)mRIM#a+2F>9U+M=!oN|
zQX#X)S=W;|nt2-t!Wum~;X2|-NTw@SS*u<=Iw3olkJ~;1#3=ai(Fd55r%CL`{7u#v
z@3mlg4;T-)co&z1+s%z;Mwz>?QNveaEmf91f{D=H%Rzy(_TKmo_rBqx=h%<t{Flq+
zl6=!PI~Lnb`jci&=Ktn~k1b%Z#6(DdmvKIEWiDkSJJ$)CN_W-iVGbP-&2$@Sv-TLA
zZ`06)Zf0*7rp*mRQ*c>Hm&@G8ZYS`)>;q@G)6TspyhwJJmoq{nxZ&i>*Qej4LT#|L
z4P6Y|&6Zk+h9P`8Y%X16_AB$eB!=sW>zgXW${pNUyRyHrc*1#q@k3$?Z2jAz30K?P
z*qf=fnAmyA9R*EEHx!opUqa34cE<GV*&tDK>?O=YNC|Q>N)JIYne0a=-9XdlE@VBH
zr6I4YWnseKHMt2I&0i_zxsGs-%D$ZNs1G5(@?N&Pb0NFaFSn$pwMzL@8tMvJbyWaB
zzCYsOUG{&hP74n!m9P>975ujn$baZ_B@E^J(ELvS3j_Yh&sF3HI~tKCWbYs2>^pao
zxL~^C8G2|S!Rztf^>xDa<}*#2=6cqH^jJeYaGnMKfzk4$>^Bwp#{Pln;}83j%zfq5
z)RyE8=3&aB8IVkfti!0-KZL3vD@Gx7$1nO#7=}ya&><|5_rZbu_lLjxyWjk3dpoRl
zwzpsYC-aDExceXf<+YsEJVl6GX|Gw*T3`B>X|dTvkK1ilF+<p%X4Kj+SAR>>QQ6RO
zV}ihM=w7i9PT!{faajNfL$Nzh=Za1iL>j(_dQ(zVIFjztV)KCkXjuRgt&%cM)G&ro
z=5#y;?8iy8=t_xEFP?=lItCV_FXZ&K5p`D%UTdHW-_9eBNCIz_w@N$`<gfG3mvF0l
zqYV5(UeDFMt)pdGqtj~0TTGED$Ak1@SI;OjWgGvZuSdb>If{P-Y?+vI>4HdHUSF|n
zd{HH-xXw`Z#Gt+)80-OZ8~46wy5p;vlmp7dmMV-crx+q|(%unjMKY3kM*ZeY2oD~o
z6kKy0n8nHI1FZ<cQb`k3As{;Z0L?Vh!%Z7e6%!(wFlELH+1!xWC`Ge|V#C1<oJ)#3
zq^(y-q1tE`a{(ZJAnq)g<|e?qTiR&Wr4bUoI1d()Okum+pv6lVLv<jglWg0_^jMyi
z(9#3B)JI^|=3wIt2;_h>NdagGJ2ABTh@GONba!)O@;}#=T=Qcn0DwbFyj|&1BHNb!
zZ-noVZQO{mLKGEnsOodN85L1LKt=zYNFae!Adw_NeYWm*>ox5mfvU3l+<QCXMxPSM
z+{4;yui;zYlJcq3LuxV+sC5*kUA(3vDloxmj_80O0~(e$F_46eYYh^mY-hr-(M-{j
zVxXH8DR7Y~Z9hdDc`5#f)LAkO>P$(3VAMJS^=GHd+BOCq>e&X}ZZty>`2R=hC2zn4
zZ{QI5U7{_;VcZ=wLCgjSEt`y)U^Voa9%wkjxT(UVaXRh%P$nn(3l9|PFV$NLS7zbQ
z6bszMbo}%COkfILBmzA!b?Zhvb7n6>PZ=ZOTmXpdQjF-nh9#U~Uqz%EpbwZP7g-^E
zj;YY9Y+}g>UB%K!?akodBexSKHRnc{-1&1wck7R+gN!t>^bGqR&UO-zQb)0|rbNON
zdY@ndfX5i-%QBZVxgbhIrY^a0XW*8=VxLlKoY)~4&L}KfXKAPBzLQ_rIB@RK44$!n
z(FLEA*9(iQLAl_SB4BQegNLp}fAqbv)<F9+wJySLffFg0E#frfD1srT4|#l)6Tm(;
zFqbnqAh2E_4r7*@V6<SbX4CFjw9DAo6t-&RFVun+VUNTozC@g~P1S6OEfoKxNkve5
zPbXi$bGq-{k;laZW=&l7X6$uwc8Tr+ENe_)<J4A0gB-TlNNC{`DaI(k`g6r%5~C8E
zMH9^+h#tX!-j<+DRo9!!;R#J2b8-=jt+Mmqm#B4injT3A3S9Axa4s{<jm>;cHe<24
zKLCyD?cj@_;eru#_{xxVs~|doAbwpkjE>JR_|svnO+h{)4@5O7++31UM%<qcInjGQ
zCq43%ABm44MoW<#A)CSW)>VXpbebSxV&!EeUrRI0@?k<1*HXN|VyX1i>MF`4AOsDH
zx~ilE?UALcc=gz{i5USV2{j?~31~`pz+5<KxZrqzc@7U3Ja6jck%cayX!NlfjGs#D
z>zp4tva+<QbVaEJp|-Kq5XoE}|2RHAOrQ<UnF``*q0WcSt}nU)6K4|-4)=(CFFXlk
zMR1d9LBd3x(0h$g7<p8onk)!m<d5deMM%|^RB{IY^^Xj_8ic1w_-39Gy`1=GTxyD`
zP*{v(3dQ)rJmG8r=FkUkhP({k)RQ$;Y<;nXN5(#@J!lwTb-pBF$({AF9^p{&e+PEU
zPdJkrR;{;M=0LV9LY5UZonXX*4jM{!m~xYP0_94$r)ktl*130alFO(58v9{42~+%w
zL;<#J=T8ttYQOfW^T7whIvI)B{cz<@B21XVK{!va2oPr<?TR@(yijsfb!dg}1cowb
zX%*OaTss)%W)Y}3sEy#S9Yr3^fuM=&kBA+Sot$pahrfSv&emY8(m9j&MOq=x#sQFd
zteb;rdUUHI5ARtKvO4Q0bhKXN4xej|NRGys*V@%u=&NwSFZS2OpYT?!cs=YZAUmIN
zfY`;-MlXd%v$p3a(MC3*Gg3dv{h3*6Pmj_2>CJv<KsN&uz*ol!9a0QY5(NStlgYcT
z`V57ZpH3TE(Enk@rQe0<tfzS&(8%R39~hh);9<tM8?Y)Ptg(rSJ2SmQRPPpnvU==T
zqBTh?{SNm~4+;KBgj~%QB;=0f=^VRaS|j#rm?4(f$XAvvw$93Vk-IbIwCt80YA*nO
z5!mX)g6Rqg6KDdw_8CvANvD~unY6bwr}xO5rR&5@mZOx)y640T$k~pKT-gy|Ixm7n
z2FiTE;-WFC$ul|PDIDjB;9D_}yLcl4WkCjf%NsEoo16%L7z905pVAeF*)@q;${ynm
z=WW<+5qEO^DV9fgrh5vZ;L!uOw_;Cp%mZzQlSY1&JjrBIC(iEwGGzV4sxQX0EY<(_
z>|!utC^B0u{s{ZHbf6@Nx-j8tbnWT=EHddsYXJO#>&)eleM(!2IF8*OFEO2)so|#r
zxmsD%Gn>s+*ClX@Nb%q?#45gYas-g(*%vGV+uoYp+luuXVH5%-5NaYxu&`4odbZeV
zertN*cgA@wePIDdD+GfK6HjQ4Nr}}6prxS^Y!YgTr@HF+Ea1HJ(=d3fnAHf!M?9zC
z*j@(=^FW1lbV64Rcy6?dd^VU^8ST{gqwx^W#pWQhiTC(8Z4226$cLy<5*Z|!Q_yTR
zCe)VP>r{19lFq06Ia@I}KdvwK*)KP`z@aTbks#W7tR(?w&@ntZT531!aA?}VY>v$i
zuQJrx&dn)8PJ$_I`fj0EuQki9rhJc~Cm1!GGqF7dzD#66IN|X=qo9YJ8f+9Ry{|!K
zj1Uexa>2NnVkbM7I=jFW$q$i80nu_Ww1CW4r|&J*x+8#K97^W|yHuFzZ$Y(*Uh&7U
zX1irsAg`w=z__W?Y@k{wyM(<^_7%r+1(N}$7T6v?Gua5_L$@V3l}`L2;Pg+y()<LM
zm#~|9R0p!oK}W}B>Y{m%JjcvN2W|t&6xye>R2?fCO`}(gdWiH|DR%G;ohn{l1Tf;f
zB)9y+=jjL2`F6o5dk+;uq_Nl-6~(nnCIrch2JF`p6JJ54-Z8%xdmsY?Fa<Z63n4ZJ
zhft3d51gDogsT8&lLgfU|BdClLN?HM$Jm{k^1@v2wy!UII5=cR5pGaYyD&d2|7F;h
zu{)Tw6dm#ion!?P=u-Zd3|=$bxjN#ZuAP_fDwBmp9$C<hHbs7IALHt<5ZCZyc#D32
zeEK-+n*-;@orjUH8ySx1H!vl%OW*vl=5eP%eR!$~j0yhP;96|@r2IWZx`VNsLuMU~
z`{k9=tSEG-Jwr)@4glGw4%w%lMz$J+{wL6^wF%>X+0Y5-?PxLYFo(EMw$BLv#E+%r
z@Q@FTdo@jrodYHohW#lLiMsGR@zyycx3eD8{ouQXF4=#m0^V7g3AIKT3!$0OL8n8G
z;KI^yTQ3aO1tHOLq0CB_LvAtd<{}Vp*ixIhUcRfsM@%!u<n$c{an&Rt+-iYpPSl@}
zUsoC=OS=X`;EH3xsV2A~V2^{_GcMJXlWMy(I_K|G4IXt@#_T#Vdt%Q?l1@TDT1~sH
zs%MJ3t8H_+Po-FTOBJjLnRnimumB?BR2PYa(>|iZ-9Ap(JsUV8Zu+|rQqYiUa(yzH
zo*wveU@oJeQvG{7m9QHp2obkQ1@Z9|RKag^`xFUs&^~6!!LIyMP$4i%EYp=grt}|w
zDf<kAli%r|nR?Z573YrCbMX~Iu2ZX3or*KTpWD)`LhTcw_|!)EvQFqhjrmr`%_0Om
zi5^kvk-$+iwI6QLceCB@Xo&$^$*IUT+4UB`-k#rXd8s6j0_+nZBck$TX`L$QbD@f1
z$Qq*56+QOKWTom+-)8n9RcAfqz7IiX;Uh&cTtI$TvzciVY#uPpGzh(Z2eoZcFCsrf
z+6!)aA>rbW7|8>+Efq~m6CZ>G6(|S0PuDEEnCe9d=aEm=<FPdwwSR6X{zCZMM<B07
z{4stE9<5`*+4?$swGjWT5dUTV>+hY8M{_!;4lMS^yme$&PmINbv<CW3{OmkY9M!l*
zXeh1&bQ9~x?(uUyo|>Sa-5G*`oB{a5tkvn7`4TEB6;<~lIb@b&xvO<7PuW{^8|)aV
z*il{VRd5EW&AO`8mh1+rqoMN01!XJszVa>(yHILW0d`QMD`cY8vX~L(0`JX#p+&5J
zA-kI<H1>Lw<`Sp+>+cKU7bAs7ahcd4pZPCJAio%iG$P2uTbI@PmtPC#9fpVJ(S$f9
z5-`_4>R<36f`%Ir>mW$RDl$M78H1FpM5#DFrrRc>*X<*%lOV=-Zai<k?@#t&<@d*a
zuQ&2`z6ye#c2adA#K&Uk)Y>h|c&fQ{`oUeZWE++O`L85q4Reu{wSFwRx*Q0@=8ZoI
zn;D2YDj{=c)QPfPo?qwZJAdo($M)m%DpW<=kl3&$TtTkdJ?e^27uLeV^r6NO_UEdZ
z<H{iRR{x-=GBc<02V#9AZ<bmQ;WOq-Ujk@khmx<R;=Q^z8>oWVxm|MOQtb2e>p0R3
zO+);hvztO2Ke5{6kH4{218bE}wzz)sSIsZ}8O5Yvj-;r@Ptjv?xk?mb%F@^8WV|Ns
zvYiQ4<Bb|jbtMxsg&f}rUc}2F!6a+=4Z3{g9951IPUV=f7Zv0rxnL?itDklJSUA$j
zPzTE5hl=PuyOdVv1`VC}zj3WrQn9<T62E0D)-C&ccV}hO-C5aSZvNBm&b3Ri!gTAq
zNaLdHCf%%8wLUXy55x|$(Oe8f*CEx?(Ma}XMEeRhg&;P1tEou+_4*XN)kfyl#uI+m
zOv~qLfxolK=91CdSd4FSAua;>&unswJ7)3>K-QU~O8D6=%R4k}iSYCxTNJjt{fXHr
zG!&A&P>mR*uWm?;XMKu=sMjkim*g&?LLyczn{c&OQm_)0BZX_%<NA~hT=FN}KF&40
z5h+s;=qg~by0!a3uA!<x<(D7R2&f_UYPZUbL-0+hCn2mU$o3<5DB;u-!p6mU1k;Ew
zPRd5vL+VFQE{sM)N}}DxTnr52tHD&p7^9G7l(YPOzIWyU<+c^lj!MnvR(!(OEp93M
z&y~z`BS3;hVh@6{PxO1j(~mu>-<V?3h?4#q>OhNu;lCIGq*1(|X-Le$N(t_0?g!D>
z@ZW8|ns~$w%*Hoh4d5Db3UGCgf+=5DN9X4!<PWwvF31#PY;c*ZEcf4Fh@|DwNv;_b
zoR0|7uE%NJ)zoaLTQQqh4px}25CkgTIE0L0IEg0_XXw#IgKaE>kt2DMUU5xX?6_#k
zYWpO*d2aChc$hF8k4YDPq`}t1Q`Ms=D9VKC&NC8u;lag9H*-=!d}$Gf?)s^;4(0Ko
z90_qhsJ3Y6!ZYE!B)a<&*;nD%b<e%c1^~w$eZ)J{y0bvc-=|(k2pRe~45n~cRm&&Y
zj)bE+jQ8v)Gj`*Xz-cVt%tin9wi?RGvFS?=qJzAr2x>$7?2~2N)4^1cn`920Iy3cL
zV5(Dq9bhqBU`*&UtR+AEIiZIo+=(d^q=gNrfh3_T2vThEgIT!5cZDAd?Su0J*c`0&
z=mT~HJT`YSA>8B6pH3bA>Q9{~{Q=LzUkjKD5?0~lq7K0(2r-CIW~{jZwG8uN3u@u|
zBc{!v`06Mc?EBmdhvHFS1Hu;s1!wJfegrxrbc*;X@nD;NZ?$NS=!K;Gf2a6{CXUp1
z--4%#TFog&J<yt;=$`-sU7>y=>`$Os-qaWs(=r`Cp^zb19BjyovNXm4B0OOe@TSI-
zsBLwtO&z>bE+vgDqMShUGE2?t3K?cBuvmUAQemPL{_f<n%@(YSaT3TbE`z<##YI}3
zeCN8VCOx~*Y$jKTsEOvwre0>-aE)^L*K0|ANqOfbK#l5yl)cp)TpD{SK3~=+m`dT$
z8{O(_1gN}2ZV%I4KJJsjv4JA+XHpC+U4JaHI7XDtxsZTD@d6S9s}r3I?hs^k4AOto
zU1ABzK&U1L>=419o(`CgUMNg9{>*;&?~p>A?r@!nl-k8eA=bKMq*l6Pq}QpZaBb$p
zKXy(InU{*`ot%CAzg+R6T%~<#mM^Nsf^$=BHnSH+`VhW!3G(#~h4BbS?Ogg!-kk-b
z1Nzqk#d%%H7*63RfGV2>5%O5wxU)AR1@``nzMFjUFr&Hoz1h}XL%;H#563t96vej=
zf1ry}X~@jMA$%`CbZ4PA{{}Y;^6JsE{o8CZyS&R)OLx6m=AqX8$TUmys93zcdP`>W
zZg$W(Kiyj_3U?>%hvM~p@*-P(&SnR>`CWGMe361jG<*H!@zr4bRIXiDpG)59bN%q~
zEO`ST{qcO4y;CzNRtp=)uj#XxY<~Ku#kg_$&B@Y_@Fal@$thNCo{3K~T9Y3-72j2B
z*B%86g;HX!e+L(Y=q8W^)PV{xW{wY^Y>iV?Y>QtAsDa?C-z5Fm(CA_I^XpD{HBN;v
z(EY($P-z6~H)iFLSijvuh#mHL=MTR3U7VRerPQX<6(M%R?pdWamj0AX0!E2Oe6;D=
zx?z^=i$!RO$rjz!kL^f%D`-Yx>@^xp9`8y-JEBUUh5J%7Vd;If?s-r_@EyO;I8CjO
zzsKmi6(@F_PGEhzV@1hGY`;;CY*b3@rOMAR{Nvm^ESd<cbn_H^T}7}_06(oI&;Bi1
zaz$Ciwc{r>)eQ?lx$w;?WPA6y)beARo24Eb(d23QxENM4gIp!ou62@Qob+q9dfPZE
z<d%2oLb5e#ot(AXk$-oa&ldX6$3eQ2c1w@B?n5-ro(>yF4~viUS!Z#aYn(iEigzL0
zfls+|u{3{vf6e#KPhLx@vv7J|zV)xll~L7w>c1UdTsI#4m-^GPJG^VZ<@U1K%--lV
zyhs+WbBhLC!`<_?*LNSMolf@Y<m2S}rFOgL6%X6lrg!QVi}il*ZSnNfN}cxZ-~IQu
zD3@zIR<EmPx#_SsJN^J={E<A*zNC}2>&dl$)p$9~B#-Z^#mv*8yO$bu7v<K?xPRe3
zFB-#__G{2}7xh}j_a~|0;&ku+?d%NX==$0lA1C{_mruis?(O2`_38e#{dU$ISC^T=
zN3>Wz-yc0(KA(@H!bR@!@aE;&e=0Z1r|!qYB)B`@-bz*Slkv21a(G`$&kBufGZS5m
z&ij7QTzq(YuV?Mox2WS*!$Gg|5)}64xnw#@chmEa$#s8ubbY+N^_Xk!^*&04Wd_vl
zO{p22UcGqTY%^WWoj+%z^U7ZTwBE|Xk<I6-#a5x0KF_skrBdtR!Chqg#qF)Z^<%d_
z>rT>PsyOrS28-)d?W5jE*N?ixYIG91si&)#R<1Mi3qdw@Kb^c@q=s*={px#d^qPHv
zy%=9zMYow$t#jTQx~0pr$8Irs|9V&IE%!RN^I7)lq&j^rzxm0x!&1Lio(%KJPHuTR
zEnK&ArK;QB-n#6Ku5TOl+um$Ec?e%BACp=WuIJbE#q+e$x((99X})oFm2vM*=TEis
z%X;gnUAj2&8|BvF(oLUkZ)F>q$>OD03Ch{$hs>p0sQ6biKYF<C&8z8J+v`3o-b&$f
zBX#U`K2A^W&fM#1wsLlQ@l<?oedOM@w|e(`qsznL^1YROKk7c+CX1Q7rdO}0gUUlG
z9lgFrb<aDh)xFY9E=cDW(Z&1lsa;4Oot5UvOzLra>!Iv*7Ck@z8rA~0Q%OA+`@M_e
zTh}{DeH6-ve{664aWif7<;<$<Ieub)b~&G^%UN?A#qVcJU9pBlwsF2{m3tXb@=J4|
zSW0ga*M~~qIa$fkS+}~ww5#(?m%@5eyMNc6eHOd3*OrL9R_<&?7O+B}5`j0xs3of8
zjuIQ=9I9~EJej!6u)Q#&ZeZ$$ca8an=ccQWZW?XI(EF;X>@k~)!9Qz95bqlF1S+`7
z^Sj#pg;6*j)ofw<Q%%|$Ki}|dob0c<<c3q9#=(oTCQr_9ij#F^i#&Zdl*~FFsm3a%
zP$*5v6xxVFe{3z8`d!=lQa}s5_bEDzEkRWnky{y1_dhZabcT-{G$LyW*H+VPF#@NE
z#78d$^|#fs?K~(%xo)o$sxSBS5fNL@?)dG`Vh`fYoudTCMq?3)qOTv3`^NnRB>SLz
zdl7Ou4ClW^@^}6(vQ*M>e-3=J3wQROAV+AY7R^zQND)*pz+gHNj-qkxPQHW`_yzM2
z)(#C?q;-vd-$x({at-v{*^2_w9_-NL$qD?qIz9i!RfOKEGW}O8tg=DA+HKxQZ=thl
zRZCD{0wXW`Dgi%yhnu)3hgT{dcU0AxR7F{|e9cOp!3C8(tRYFOiJH;dIQGFsWH=NG
ziKreSb8r9X{0xDIm^pSQbK&1aDaIhpN<%6sqKMr}^}NP(V0EG0E)Kg6l0Rb|T}7Wt
zvG1M->PhM!nR)$<aP%-td^@%V2mLTa@_iM#0ugcXeXQ<q`YU5pM@3eJ=|rv1@h5BX
zkRR55&Z*TzUj>p-yN#kZ3<|0p6n@*|!^30P0c-KYVAP}E!2qjL)0+*$po_p1Sf}!&
zd*JL=v*oXnRXF9swxK@`y-}ZX1Or{z2j4Rl%J8xyQt4cLjqgs-H+1=^@igBVkVhUW
z-4M|fD=pQPLi``ztV_Iqv8W)jUo5D~0mGg>i^ZT5y)!C2*4znowa}bRUFr7>W7^(g
zxuWrAqX8;O9<VwO(+DO(o}iv7=w<vgAIzq(M*rz=ESR4TrV=pT@JHqzSYt!oc$O`e
zHGc{!S%ue6V9a%=slc|o<vM)$6|3{+K{ps}h_HXA6=k*7Dt;pnY%AUg)KQ7TP*}pa
zz%8_*2GY9*Lz?c`ANlUgWM6dcw;G@DUoub#)r{QZa1nW&0OKx~-4~C<VeB%`<B(s1
zA#}Wy51g9-*%IuLavf4xN2{5>Z3C7Aw`2g90tVkk-i%7)M}7wh@ssoJ)Sn`m^=Jos
zgF4xXrYFY1wes~Oyg|*z7zb*i+)LE`lLzQ*8sFmNZ;jBOE>8aP-qaxJfqbh}F|}ra
zI@T6{L;dWp`#!epZB)~hb(pGM4XL!04mI2^+gnr*&0?T&;RvCIvnsJH(qhb)!Eq8Q
zL!u-ICa#2H<Gboo=TQ@cyFxvI?*>Ix=X6Fne`AIrW%$ytUTP}N4w=K9Mx^wEl}x7k
zsh*Q<)U)8M8tS0~nI!6p5HU$Tt^3xr)IMGrT*5mctwnJ$RhpndhuC3tNd-@nfOVBH
zeQ4iBcosru_r6{YzphbBY;UzNHH#`uwji34DJ<zQz1S0vvfW6ekcd5Ed#gAZz*;i3
zamx)~u)Pr6d%NXgtMt`j8u1_2Z2R7vD}Ye?4zQLID=CwtqW0yVBAK?D(#QV+W`{4n
zV3_^?wRg2WjU-3-I}!k1K%u|?VML^pO>D1iUT*iuMe+fAps*~0Wu+*}2d{0w5^Hla
z_5mmBetW8(s_K{V7(95{<U@SA<N!}kcUN_F_0v^Pv7JIRltfKT(@~9+>-ByP{Vp(e
zCT}){^b6dhu?o4s2m3-$jYU9E(Nhj(aw;QH7>G3GoFG2zkm4C{2`Di*dd!uuB)yw*
zwDUw`LTVzs-lLZO8jVNk;BLyHp5PZWWw|BGNhg(Ji|DKJNnI%oIj}T2ZiFVn_QG9$
z=67a^mGOtQSS=U<X%%?!GzIr(u#xiOkvh0xtJ`RGySh{ux?_cQO7a)-Q=40L-K;*r
ze@EC`%}FT^u^Wlsz>f7F<Yt|}-(OI9Aie6<2mRq>oI>;HNB+0HP5#E@VL~R59!>a1
zc^e0NxV)xX;>!>qVgT7Rw>)mQR@h$|@&y>5V!%mUq7yCcg!G}+lKi(IvS%D@AEMAa
z89B@8s*;X-)2}#n1~l5kB{BoNBAC_=hKM9^u4kmQ{K7YUt?3Wz;yG)QW6B98Ttyb)
z2SMx%(xNO@S}zwg<cE1_xH=O^O_<$t;A>M^NZS;BK~8-bf326=>uYTFgd7TVNXfwS
zlc=>_f*oj|DZ`MW<TX$1HOOJy?WR`%^?-#1wNusHk<Q$dN$KpqL|X8Z;_-Km_~!WV
z;tVJ4i;k8Qz-b$y6?85f$in09L|4f}DO{ZKDUYkc@srGphhSl9inB=9*Q7$M#ZW&a
z6*{lg@5!TO#-tIMuT<PKu8(*-zDAK;>g!0IHZ9^#o6!B(cDSD0n;$c7)d#9#SC*!{
zZhkV>;GSaxpk~r8r>c>@rRh*03s;Ox_0G=;w5N{?a;TWS4&g0b9;CaG8gX}S5ZRSR
zOZ1vHM;>lPh|rOT_VCD9PYQxF(woHodobxWsvLx3cHOn2z9w{f@_5IyL`~4Cnyl<t
zBl$3^l`q43G^fFw`RSC57C(D#(ZHcKiGDS|mZqLngGJ|RJ-C-FV|6iAqz2TH-=@f^
zgC<@Ljn{UoK0y{MqkV8{##c*J50x5^wo!Le+8Edb9Mc{|igs~!jPf$dyX#(=y3kRl
zW*|qU=IMV)b_W4?+Yt;e_=1y(GlUhVG1cHL_Q+CoSLv;}HG3q-25P%ndpf}T$&IER
z+W2N$_8D*F6Yn;#X^Z^@2^QgB2_0_U66@YBM;@&kog97W?2G%%u`ZQTo!yE$D`kvo
zL5mkhoqDTeo7+*F+uA1e+&6oEe0KQZpj5kWcYX}oeapE7-BP7OTFvhh6+)k8GXH56
z{H|T_yDe*?MStERM{9>%xF3_Z$-6SYLnD8!ulNsInaNpER|o%03;z*>YbRva_-Ff^
zA6^`ue?B~j1~mJoeaV03jZqd_qujS&w=d`plYY?&=~U=b-XpZR@bl_@De=+1<bRzr
zkjRXwApV$^N_9ai->5IE&&yNTdaL=9I#|V<fFLnoBdDN6y_xf>fHtd?_6bPfpSv?`
zHG|5aif~0ogU*roNwgpG!B*>F@Da~PM=Kl##!A^aYU0*#^e^9*xwIApX&W<++iY*U
zjFw8CBW*qvmxYom_QTl+Tz!Z9smn|#`}9zb-XZ(3XGJ!+ikZ3m!sWC>`%Lp;YpZJL
zJ|8gG*WA$;Ti@@yku|!)@^ardEKo*lGh-Q;xVGstx9KC=euL(2f|fMDneWGVuf7>x
z^F(0$$iPtNL;OlWOP2@ifdoZO@lHb?O;$91sU@_GdqpZ24Dlx<?2tPrMIEk&j@jDz
zJ)#{P1#a&H!_b`?X-U*WH;Pof5ja|$mgG(Q_2lM>x2rHSEwQ8F?sO13VtJ?s2y)@1
zvK`PdWmQhL9!;}kqrK5c{)NB*O$Qh_wg%8*al**G(iP$!m;9uua7{5nGvP9jN*YH;
zopH*PA`Fh)LQznqV<06wZj{!BO!HWC=~eFjJ35BSQ6D^?JOfoy9SoTiR<5D4=@(pr
zqDGbv4b#S?i6Ce1>!7P~b3<2s3v*&=m^53sQPbiFxHdIJ>q<4=sA#y3I8-)2E^Cal
z416k%y*n?Ckn5TI9!osI6?<3?CmeD+sYt~PaA@?ist~&A2^5Tl8TGCAC~ltM*JB*4
z(ka=R#=ng;q(8XoPH!g`R{#x0GEC4_n)3&Swn(x;`k5G$h|6nz?VY4><=kbhs-BID
z1}c&j+hY`A>ucM&^>9AGQL!&80cdn<H&_g~PM5DhU{_NhLrAR}1xydP9L1#kF-XT*
z?k&%FF>V?9V!S#{TGpJGB*3hI<Jw=WgrPBHBrQn7K_}qO_b}-Ekx>@8>trW@K>UK`
zV+&_ZhzXQ=ZO+XPnE(!8aV3e-O5GCYaB(X=(+p-iKDX-aogFP7qRlC0=|EEI7BKhq
zHF3T&7`(Bf!JX4iH7B7tAw<5LPP)ysh&$j6WJ+v(K)CXRyG4%bIv0CZFNMjs20(9`
z7KS``=m)&fz=kE|!{g>NP4FZmH>{%!=%YVN)&zrQ0<j6NhmAV~Qsy$@U53%|Rn!cV
z^pCnIkX{KEXI0~D!b<dc2bV8o*p_ez3)UkiBQVLcRA1o%OKh#h8A<d=G%^W1`68m#
zN#ej3n;@BORJyz9_}HhQYgrZ;2uU{IYD=;?2us*2$Vt1vw>62Ihg&y$t}1}sRm4>d
zxVA!|3#Ny1h~EeG@Mo-m%JKf^swW{*2c_c7pW5r6lXsFisWh1M6fCiDWcLFu?byUI
zH<M-T=_2wg<D%nJfRNJi;a~>`ah&QK$wwAT&_c%U?$_?4uzKhnfnK){`i-*i%HgQj
zy~`};CNObghAWKTtOB&`MmWQ+@{>EH#RWV?;ELYA_?06xdFm}A*dm@`Nyi(}vaA_u
zo5hezP399bE5Js+jnzS!H>)BrWf~}kTK3%B4PBaa-zTuw_kY<B!}-b$c_-@ej$%fq
zmnSDLZnM>lE?b(0L*Z~kovoujbD;dCTHlGTa&}rC<?1lQ#PUsT?Y<2ZnSUw`Y_<Lm
zY<&yRq#Ts=T>zZ?Zu|P6$)diP)qV~Ga((%8MHuMMR|K}c&AiNXVkAkt(u9W!`rK+6
z8I|qZQu6|k)*W>UK-^c=mvXq_|De9SGWggs@bMWJX%Py!`<+q9)-xz1`$ZuLw!U_m
z4g6Q|cYSUN9Iy!-uw8WpTN$iNR=@$JashWjahi%0%p|L>hv4WqQcdRYLI5x20K=pR
zFQkcC3NXY~xQw9`aJX;_lcP<A!^y<qzKc%p@dUD~3%Hl*fu21fui9w1vn)7)%^$vT
zN6JAU{`jDWo;kHBnqk+uo&$b-PDLa|y^KYotow%3usQG)dx4DN7ey{4q>%T9ac?q^
z9;o+43ijv|J*-Zt7e2bKCB==~H;RP`$oMsHgIP1BZ5@122stE0iFsaznWXS=e>5^7
z2-*!wL@;5HquDiHD_<%AyPrRFqCdh2#+o|MyS$goaSOQ()!}R0GsONfik9n;m89m@
zwc}0`d_8KmtYg%C%1yj`1Tpvwm-;l_a1C<tcn~q-h9n@sVx~rh)&?AX*-Z@SMpdK~
ziOIvXU(3tejR;Xj-CHB4=IBn(93#QaSR9SyQgVX3js!?5pRcdYo%)NU9M7!kA*VOH
z++}Hy4zcZ8vQ<kOjRr^Ercxr%fJDK-qh>5Z7Yv#}?V(7Tj8@AXt~Jg}$%g1>hXVrS
zwzIqOG78lMMxx|7J(~BfP@V|!`bKX$F;?1%L%6c}h56KthVDqV59RdPELfzNduENm
zpoGaYs1lA~t^=#w=&%WL+%b_Kj%WRHLr7G?{Q&Hjnl-K~5baJrd}djI?BxdkdF1GR
zEObUl4eCg8VL+=5cZ2EmuDPx$F9>E@y&2@9$QaMm&{nPiM1uiNh_n%$`Y$@dBPwxn
zMWKB`*cO7!I36u-!z=4NET<up;ab$VII~#AcZ<f|FqS+r$2BE6{|q7<8po?$oG<O2
z40Adf4Q`hmW5CTO(RA{-&$Z-sG)Yw286_KIuGzPN*gH`!p<z=ilm%X4c<q3@kP#}?
zjGlcwe9%Io{g%t#+@d*(rsoSY_+xgWs}73~%*sG4?e7M${O!x%Kb{}|dVJbBNzOX^
z|2X`V{BrpIBOMz$XJ;q>JU;!E6kUok%LDeQKk>0|QseB%B6%m7@vS2y(NFE<Gz*VG
z{!~;!8CxiFR-LgcOW%YEnw9Cq^50$9_g(FK?zGG1m4=Z$J&YtA@odPE{fK*b>4<WJ
za{}zV|8#gB$}6dSI`5oboP9k1lzjMja9AxXz*15yBTDMqN~6!U{=@BLPyZ5{L|Tyg
z+aIncd%1VuGk8F_HK@#{vYh0E^+K(Au`1n+@5qU()BoXaVzODYN#&oOp4(Uy>3Awd
zpsv#HHTyV?MCY5Pe{;2IFE5dtI2O)#_-++efw(r4pA)}+YC&;JT=U81kH8cDFM0_Z
z<7d~%<>~3+$)W}FvU!Nt3ST0sfHqC6fzURi1r!UVaN$J1OJ<7%x{3%zfF-0?Ahb}$
z)jRVOQ3!&q()-0?C|GgcbZ^e`UCsY-HZPPwo{>Fg>4bs}|434rv5Zy{(Q^V@USh~@
za>6KFbG+K}m2}~U=~Hi<$1ko9`9_Y0cy961vv9%+p5?47shou)-0k?j@eGpLHY8I$
zPvj;=esYE}bDSchn4NxCs7d~dF_mpAx1-1+QbYON6lD?%5k7}vXx0wN2_B^%9tP_@
zZm#rW(H=EDjBRV9E?R({aiufHpAC_ekTJ#w^ouMWvn(|i?&LD{ilIhp%^{9#dKq%8
zMFCS2VI|1JT*C?H?Q;@QG#~6&YjteZV#7!nPr+9J6=cc%e*m#A#V-9M0DwbF?OkhA
z99NS4P6Yp<hKZelannFIpa&}=5Rz?;B#Z^Nc4A{=qo50D)35337RE6@e)F8n`>L*j
z#`bK?M(l?fi>|7B^S<)t^Q1ErB!QN}WSZ1pyl;xqYq<=!QI+UL)7;~kFadk*@dZ>f
ziSR1Li6FNM)?~(Gd?{iJQ>yd<dOaL-&O>t4+h*PLmMw%^=o_Z0T``7F%?WDOv&^sF
zoGG{@y*~>~oEg9ex|OUci&-qKgtbOHIuS%p|5b?qV1?ZrXM;Y##+j~$sFiX)bi}T%
zVCoi9B)xsig^@W!_>|>3SRYG9X~aAYya1Y3_g_iVdV6;I|EkviB~=U7pWj8-`c=z{
z-qTr;|KUe__{dr#@;IFz*qi{_oc#mVxZkQI)X4Ew$<OO=k+<U^wXII`t5f`HHHqI_
zkK<~@3Y_Y1|G>=SpFxIvXi;=Iz4qpnw}0SQXl_A(wAJ}t7H9cIs?qJ9xL8Z*hYzZM
zk7<80t4{snKbO$|^x!_I0RAQ+z5e_rYLGj>$)V1c+ccGvOr}?(9oBA}-+hcrozlf^
z^RR)Yp^YXx&+mTbn~%M$;a92&;%ee)=Nf*c?3q74<>d2r`wFHY`J?h%_Rl^1zt<uz
z!vZSn__SqYP*uzX9?=uKOX`WTD$R=G|903*Hwt@sR8zD_SPg}FR8w3oqT|R^D%jBO
z3e~dommGh<$J|rOTu{tnSOR=G$wapnH7V22T=F?<?y%Cf{8t7<3<ruKQQ%5Tvj*JW
zbD$)KuopScS-2wJTfT5GeEy1bfg~roe0|JN;>I){swEvQ+9n%2h0=TLZx#~T&{3Fn
z9l6W3N;SK5B#27VtSt}en7F=N8l`CMgJS7%FYN}U&YCBvgQ1MJhr)HG&(SB*gkWSr
zs$tY=853uO#pxX5M3Dr(Qh{ncY?BU0YP>8ql4fBwwzaxqjcF=Ljg_IgAuD@lb;Ylc
zo5^GqHyoHSilPPIGh-pJPep4+&6+zo8wW0MzeZUnEly95(@3B{&ydxE%12t^tTvxE
zo+>TBp=E$L2o%!5jbtP634z>zqaxjI@Dx{0h}Ae<U76-XZ^~08JK7a(c3z#$aCU>$
zYIQ|<tc6rKmuf|ax3%^2A5Tk3$LqXwg<K6Shgp9=xf<EzO>X^N<7{PMi4Z48=Nq!$
z`-e1d&{S|iU%GH^*30%d#`30FKgtjtSca19Mzb_UNs~=^yd;AlS`H*rOQaD9Wn{Tn
z2^LT_QwvZsi|%way%HHYALZADdVJ1F>ntyQ@%Tz1M43T{r+PQe7X8wV$es+HDfJT4
zaETfM46Jqz@S2z`@8Ktib1R7u=neZQUa4^-8g3K{*Rq*86WWMxgqyO|q&Ee74beiN
z1QZEj5kVTwqL6b)WW*6P0H+i<hwW(h1|!?fKH5+;_4n^{tFY#gv9-0Kkk>K>L69ln
z2g=SWMqm2V@klYVh($%5y`GlBE-#UQjHC1T0-!o$06Wfl1%ge6@!knAvY1<G8lp*y
zH^O*G3G3`=tFl&Bp`IyqHa!Sk)40C?LU)s+ZkUUTF&2gcVW+TMGF~(RYphM~Wc5#>
z@uR0P%Ew=ScXsst<LO4`DjWvvCJV?)WTY6ls)Y@3J)Qwbwx!+*gT5&S#jL1}Rxz`%
zPw&#w%7}6$vtjC`;$&&1<tmouVt|g8T94-cX(>z3l9Z)qPtVeNo;2`W(|$6Y)fk>J
zudK-837?H;mSQ@|rwB%*)Eq;H#X=F*{kx<0AKw0ri~FW<L5%1iEbo(YtrF0q9fBTh
zgy398AnE45xVOs?+%8o)Xk{*xO?t>Pu2B*%ZKV4uFO>pZY3(f^0$Lfr-}jh-x9;`z
zckkbBM6t0?+Ym33^?boOa94=sduHMIS60!xa5U>*7C$EW$V%&s2t-P-y7zC<_UX-d
zHb-r@r;xhWiI+?Mdg|WY>vWR_3^z)+n_Ffc$2fmiG^y!q6W)fN1CQTi9n=ILt$ste
zQj(}9=3+FHHgZ(6GnU}tPdP<~+=koAL^OV&ant!dd8rn_WD&kW|4Iw%E-$Nphq&J>
zic2H<OH_2I0q&ws2>D#ju+Jp*GiLbdBF-SW6w(ZC4xzT_ZK6gU!-wnf8Hs7}n=4Z9
zym-$40#H5IiqsiPQp?{2s(d2a<xY}@x}#~RB1AHG){XrpC%k&7A`r)2y7d>9cB7Gk
zqofd*t3W}gdhOJxs&EaMW4Zs?v%jUlXI58Sr9w&@Ec9vD#ps@;0pl3z++bI2iG9!_
zfZ_utxr3`F8XM&wVyHQ>R^`|Jl=b$?2>`JTi{LTT&JhRD(tYIShBK(*n@ypsh35V?
z#Lb%8vqfcu3K0ZM!xY<bIG<7Ks%$%VEWHls&L-Bz6iXm6w*!=Aa@|Jqf}_yY5z)6&
zUha1WK_$cXczotQ6*ycvD2~`mN)|n8(ffoO*<>yOlN1PHq~&Lk@r0VI!W$0Kg>9MW
zkwYABS@n8=y)by((jQ8v2!x*L-@aA=?jr4+G*aF1eXXuoXBBU(V%Hbh&OW=#)^|EA
zNUa6TQF>N?-DeS6xst64u4u}#T4h?PybW|`CX#T2=x&=On<-m=FO3K@H-o?5?4oUw
zgKE}?4ng}`PMuLx4sVKCG4ToJ4#t!j4&el%=8Bi@MV*>YDM`jb>9TY#%7f?L*sRr$
z#wuy$(L9>ZD6zz<9#ur?af2w0{DSwsdbYv!gc-?4wvD(M4l>)0#Die!4`%i~>zYrr
zta*I-A1eq%G_TGC<G-!ONf<Yj?ZQO2Z;#Htm6eM-cxeONNF*aW$!_%CG81-WRgm%p
zmRQ5i*USlAmemw6JE2Nx<4BVR4f~>8p8D$7xx-iWFdAVTfd{&3I4Bq4M+t-!Du*Jh
z0dRcg%IH{uLL!#jj%<TP=YwapQg7#BD`4%Oa*+|<NL?R5;Q}Yha^Pw{JX8LEcJ?7#
z`x-SC?$>A?P!;<;V9iH`37i@1^LQ$U<1^0P=i*|y0?g+%;O{r%VSzdXqW4Y;R<kHZ
z*IPnl7yq{@y&CMhQFS&}Jkt-f60QsF8``gziUE?<i)%5TSnJtwY&0k%D0Vs8Aysa(
zFUy81!ql_t%nh(}rg%au<r~!QD5)*`_I_dsV4Tn^`7|g_-=3cXq#Y}uH?9Z>pUgV*
zAML&E7tCT(t6ovM&>r##MvuuZ9rfg1zxDTFDj3_A1AuY1uC<=45+Tw>CWc3B`Hy@L
z=zcx-E%$VO4bUxCrwJ*J%vT}5Jm4_CbX;adnSDC$Xe*zNcl8kMZZnYyg0-`V^P?^-
zfMrszg(x)s!+do`t}FMk>i1oF#kn|k_Tz^zX_BGxsUb(>dc-oRj1|{(MmV04;UT?;
z!%7m3$GIOlc<55gBSgX;{Sql&m8K`@#87l8XDYw|0%|_$9jJ^(Yi*p7!UE(<Ms_hB
z-<9akmBiZFeG=%$?gMdBl_)9TgCsFg_@Y0Qt9E+%YE3IO{WpunZP_1kO22g5*ZnJo
zOa-4=<k8!G>897&0j>6)u)+d{UUxuG@-O{s1Osk7v2fLs%T{R-qL!nJ#iLj?Ma!vO
z$nA5>ptS7uy<WeN=M3b^ANz+(UfcjtaR90PUj1=J&&hm{B}T<vOZ33ertpo)v|r3%
z;`Ch1bi9yArVKCCtT_L01~vNEVj^{RV@xFZ%Tz9DR=sI*95Fd$0`5RZo()}nJNhAy
zcXj1K8;dmd=IpGl#(9R0Wtss627e5qVC7n#^|3n@Us|YHXDLEod_xP=jju<tt|%2|
z%h}#}((%~)jmHDN>;}jAzh4|4e|Y!y<lKR@0Q2~h#;auO>K*yv(+BVf+U7;2$I_Lu
zb}Z;*pREswmB>um5#4Lq?rwJ@tIfB_j>*5V0AnAUQ~zciiVQd#zg_Nw<8VLy<tbgf
zFYcW!ZOQMVo<0FwpqxGWp$}M!hV@32v)b8c9*It9L~-RYKg4%GvRrif^?x4olVc`=
zpNRtXUky}$4Ohxd6i>D6nl0VK;=H&%7rHtM@{q<C+9#lE;h_d=t*-nf`_3c@xP!|6
zY_0-T5U1?cEf3HgOY11;rG|wp8Ha|1<Asn9axfK^Ew*Ig8rtJEv;{^JqTrqU^iRHU
z+{L{Y#fe<xDBJ^b)@dRTQ8pAiwVhVJjKqHt?VGepVIrkjneIb*6dPoPt3cS0i-RR1
z)P@2vG;>0Yio6c4&1Ni?46RPQ*{98BI-B0BHRcwII093nIw1~vL4`@!i;RUC-io!W
zLha0#WH-?}lpDFHPNf)+Itg+Q$Ru2j<x(uBYlji*vsnYswbf*e@i@<{C}~J(Z)yC2
zNL{={OxkmBor!EV^CYVv3hqofFT7>fqt<rO8o7)Yu=_Gw?~kl}4dXO;y=*Xp1{w9H
zq1t@GU_`H(BC9Il@7}O+rU5YRf?{Q;RXf#Ux0kteNWcUNpQyq!oXoVq=w?(MhJc{`
z@x1iqTGiyCfEygEQ*>hztj1cngj?}K>psD}_eZfB9h8=|M2%Z=N5aKDZBAn@Ic$>@
z^=lVCV(_-`Y30r(KZ3DnQqTvP4761Nv5vQhi~)AAfNmS@Sj*LMHcKDnQrTtI-Q^Zg
z_YY@(L$_MUe%F>GElf?^YE_8#ocmn`TWX0u5GGJs*?I;flSlX#>RxxMqUYox$-_w2
zTojzsmZg;d=EnP$(MRpc4Y#kYg~P_yVnAio2Pzk<b{v&yjud4R6V+nM46FFt=%Wpf
z5D?d3wmZqyZ=NfhN;vdcq!_D%-AVb>kb9~kQx|jr7rDs!_d^`7#M3HLeAGK}6ExwA
z4q7>K8_}{nu!SShq%wIN5N7aR&-gHBw1!!sG;J-JoFx~>&lqia-~lcdtr$@ij$)?z
zEPIN|K?l13`Zha>ZeX0T{n&^X#Xvt~=MtFe@6nQh6Gr=kY!ao;U6H2J>ZUiENUV}?
z(R-A>im2&{OMqk2BXg50d@lkTdQ9u8M9?J@6+{+Cig_I4tHTBYtD~{d(no_9JWkSd
zNWH_3UO3vn?$G+=#bovy4l1Kz`*gL)d6R$J(uI3gr|9urQ5DfE=U`r1AX36i;)3Lf
zcdzm|QFfoQLscPI*r2|a-p>%E`z)g9L-!Q=s(#;I#oHz|7dxrXF6*Yf0WDjT{cMGF
zQz=drua_V<0(8l)J-JdWzRp5Q7cL&dqX`C#ki@FhGrc6%YG5)IEvB-93xT)pj!Ph~
zT~*5U*b!_=>>CN*RVtZz_R}maG|(3W%)aU|9#3ZRwwN(|3=vF>oz#G}ndM%SE5LLa
z{9AEo5;?gViQRw(sK;utQ9WBiMfq~UKV?;<tR0!t0;{~;4M@{-@+VD;Z$zQXuKLqq
z;Cl;3p$fybsLa9&?}qTXcsNHhyIW8tuhlf=NrX^j<<|>pUJVjiW{c3CWM-v{!!sOY
zL}6>4>vuEr8~U=97pVC$m>~GiDM-BiU?SGzzPdt7TWO-aafx1jk8025OiRFP{0X1o
zZKBX!D`+{a<0?A0e8u0WQn1xaMxS3qEE`+38+D%2@I1y5ri?x4-!jNm4#FGDBQ|l@
zPoig#+L#MJD}15ESb!~QNW_&E^D!Y_wvSt_a(p$r6FN-C4DTVDD`Hi?zvwdI<_UJh
zP-f-$$m%2a%W`fte|-Z{AMNZrp~Nigo)oQF)Spc3LNGsF{*wqa$4BL#Q@4!CsnNyP
zpGHI)av_L8z{Fh=c@n#5+F8gzkN7-AtdK9wk`K5c(g{u4oR@#d-i>61^B&VdFeEPy
zS7WDm3Ez2?GF_S}Y{s}Qd!_>%#3X3~IB^Mq@MiZC-*y%5z0#9wWsP4V-8nRFX5JB3
zvW14qaZ9ViunNzdDenDVl}i-8KV+ZbKU!V6h|84Lh;D`hSVcsWJ>4=WI^nTeG_<@Q
z%1J={&tfwygXR4~K0b!$6gS*uL7xp*M+onYQQMnmHr^|3%Xb3%_}E7*n(R1;-8Gi`
zp?glZsEhI3LO}CYd40KMfr9P4oWS>@f@k&(*YubY%k?y$+}vmDXWtxGy`=pB5E+tZ
zWI4UPhjGgmP~0mnb7CH-sD@A|$Zdl`ajo@m{oaB|1KW-Uo5->E2l9uuG|H_VN=d7T
zwHZV#BbY3P(Rc9Txodovfhnbu#+Ed)qecEnyWWjPP$&_!+&dMUP2LsxZMLpX$PMkl
zD(d!x1(pc>UO$m9Z?dBy!oc#;M%qA$qQTb;oe6EUv(J67Ph}DVgt)kgyDxHpRQULA
zi|Vpw&fXsf$ye?sIe(ZH=VHHuiyfg~Q33d<jJzzWuHwQ18nek2nK*n5Sj_%xu5L-a
z`aX+*hnG&yv*6TpVuq3_M>JZScJ_K~{D1MXWvGMqf09BA3z038k8bq^9*W$~HQq_s
zadho0IJsM~vZ@Tm38>z840o&bi=U8}Bipdj%>e;4X0b^VZeVB2aSf2f$RKGtvOJba
z39Ypf34#)bPM~vHe>(28qCa+9*&Yi+t*+3^E$i+4*YIh}t?y2LaJ_N0Rg`sW_F`}A
z#q+I`^VJpGqg3jGb5fKG;aSscx4qp8KfjA)N@E%8@7|qlpq|yX8ks(d-g=+CcpjM5
zQR&1L2;V^JRM)A-T4*h$rQ#`KvBXEMd*DVNj~lAiGa_1nhAcq;3!V1z(Itf;RHuXa
znn4-#5z^MZ1rxOQlqrkgaY3ybqwa#hvM+U%^8ZcHA=?$G5d3j-=%P62Gq{llHx55!
zPd@n5=%Sn)glC7K=M?mu<ild?#O%uM1v(t8>7EGWgQ6~6<m>a(4d<eeuPS}?4zFb3
zn-FYeW4y@zln*Bd8GhS(@nYNh>Q(#l8{?x1>_-%~L$6<UWrKV?I^BJ+>;5ojKi#H&
zKEN(`SI|26h8H#r57o}rKfF15c#MM{I@<5<H+6JkIb|n>oRQ!^4_%y`JTi@=5$0@f
zzi}+5kjlS9sq!M4r*5`>`rT>w!KNqUNf*<!*VOcRF&GuIhnkr24K&hO-d*M6G9n0_
z;_}i(f<13%ZwCW}LtbXbb72aJ01-!bO%OX_*L}-`+{FvrvarZZZ$!-7oQ*fj@c_0`
z%ik+qd=$K3KAkYa;Xc1nfeKbjxt(!|&BAkto)EmiI+}=(W<Q~>mGltOS4BU9T{g$|
zE2(>FNPj+c^`C^7wpF&o=dOl)&_NMKO5|wsb|6q${zF&T;z0DagMpN{JoU+biBBg~
zj}CY%Lrzywcs{cNm!gx*X9dzzFO}hmj&f^}g(`KNYqE%3{nS_1G|g{qb>&ZgeBRmV
z9LQ_MBw(H!Wj01LdFe!esUua@-l<Y@i5>BWC@7cVGtc*04{e%k{q6Db25$%ixQx~C
z>u&<6As5MlLH78u4|3%G8w_|az5b}t$tOTQe=i%SKl>$H|6$bUjVD(J7VxvCJj_t-
zK9f#0j3iofBt#=>m+xoThfcz9^slby0N(TwlO)o_hw*i;>vyXA6~lS+0l|77R7Fm=
zQvVmT;@I|<sln^9n7xLBu;%htJ(#}8*2P4Fssq?L@{>idc$s}84=lq0W)6`hnZTWW
z-^wfu&#eF#sRe1z1TMGG&>S^KM4g4j&u~{-#15%ARUY$7|1<i&9WC|Sr2W#WMtb0L
z>B-rTWy=>A(_CJ?E?`hlO#1@meciWulw3OESUp_#2684#<Ej^0(G3yrQU6iLVdrB|
z{JaqY?(QPBmYOIIq8drq`V~Y-pa07!&7>#-a*`9__NY3eu2QK#*(f`RT?gU<!9TaM
z`wauAmbOa|P+k08gCJhIIn~mDuhx_|L$bJM5kjj$n7zt=)}n;=_g7i|v;5yhv?k}C
z4B87FVdKHv2e!st8v;ImO2*dCj$INYQlm9CV8q0t3$--FN!22OhqA%8+bCtjUzMfi
z;SwR|uB?b+F=$Z)JXbSH#hz^Ak%^Rf^h0qwF%H+-Pr|i+uP{cr3?B|++<%#+XTe9q
zJvDSho5r|YRLFi572-=ESemz<``XjqUOb+>Z5*4Q5*+=S{8zLU%hj>c1WDT}XIFOq
zy`lA4(mP*vEY<eUc_`MY&04yR<5fG{A*UTUV`sGH%<O4)+HI*Yp0;>~-IRD6q!HOJ
zrya5nO^nLzzBY@bZ6Ud1{LGzpV<vVs&ISd{EZ1XSYcxSGa7>w8m%1zM7Fv@4qZGzY
zs=u!kJ%+s@sdB=-?5bgyY5KH<BQ>5X7ydrwwx?t|CQ&%|InxD<)3bmz*m_Wll_AEQ
z9c1`xF5EF=-gYvC?_FebFiUEtLd%_aw&dS3D>8D#qIrZo<P8>T5ry=U^IkoDe@t;q
zqvK^4nAJ!TD)e3kgy&_SbF+}-HW{PpPG1d5&KBv=L<b1yFH=AT%iEyh3Cb`}YNZLV
z7XyTlAni$$Umys<21gg2e4ibUr;~PlM(m}%L+jhxVf80h#c|}9UHKY?osp{_B*Vr{
zdo6p}f=V12LYD$vz|QP5)-X+sm`C+m%Q6W5AaawJ6`m+RZo3HYCJlC{7X0!ur=x>B
z>G1sM^@q3FZaX0XDbL58=6*>=ccHv2d|1_r-B)Ka#8~?^4AIvJti}uAg6kiVGx|5!
z$Tp&PK|oCt((+4tw24P(;S*-CL5r?lw0k>VUs`;)v&~C)S1;X%-rH|}xc73WL9MI4
z`E39BqqIDKl$P!T1KMAjmYvpiXZKNRc6J^mXMel-;j^X5>9n?YAD^7g_G9F9cD5gC
zWqEpJezvzCCFt3s%eDVdD_!oLCu{S1yV3bTbw-YdXLIJ-liLY^E6AyLhID0|WDq#6
z%*HX}by`s>^|M8n0v#f8yRd#&1!oFY9*^Y|0^krHQFFUEtRLR;DA~o(Bx+Cw$z#!#
z<2yLP3Ph_=4jL9ir*mA$|Iz41m>R=&DNHTbOna3(bvB@e-xDS3KurVhMwe~o;#(Y>
zX^%<@Crd9qV#VNAVfGckN1T_q#cQWjB00P9`*cdu#1O(e@O|(y$Jgr#oCHET;>}u)
zmXLBPcbQz6@FVv}X>B(RUebAK(bTT9(sGbdsXjj;vC{THZdXV#1_GW#mY>exm)p?9
zt-e)Z)D@E{%)>m*)$CCGJn?bF*VFMG$_w!(q!2fpm_UXv)MO*yxa;=-DjxlOSe?0u
zbZo{HIgtq-y_bO~m`^Wnw#Fmok87?VI@2Gr*&Nz=K45x_&2^nIEH6rD411xbm80I5
zd<4PaZ3qcCb4Yr;Ap1YbAH^Uwk2&=WRB4jG43Z#mlq+R;NLzFHKr*#|1yGUfXCx%4
zFZSf!**WHaG@g?HmnnS5JmK*zD~oBN!H0;%nSfhxA_vfdIN1`MQY}qcMWQhw3>153
zkR59P$}~F)#jY7q3UsvjHQYBs=ku&W+|C}P^B$cgah+_2Z?KRX!(!>w#eVz5T&tZ8
z9@`^fECV$AqQ#+C8wV?r4sP<EIUetB`m-6bqk7{z`n;}ybi(6KP2HOBY`lbETbmSR
z+os*W7^dD;IRK?1T6{eEbVi|yh0ILGw<Fi`YFaCsj%VRum-7qnW7|+A;@#_y!fkNy
zuw_I^qrbO-t}=I&==Lsw232lNFZZ`#Jp0);_^0E2N7_MCTSb}A+PCvTG5=DG+WBSs
zqS*SkXK$zdpJXF$O>OgvWE=Le4OVrZ>~%4??jwAv$cK%+Tn^fo`4G*|Z`u4$`OdCP
z=X8Q7G?%)|zg+vRC_VQlXh;Z>L3}DY($3$Gt_KVVcvnt^GQ9{+fYf(?;1rfxYGmPs
zb5HV-<`Rn<a@8+yjE-~ttBwxo|Me8;2xpf!qXHG~urt5AoQ-jEIwAqo>`ic}Qn)qU
zSuZ_5Xje=%h`OELs<(;QED9S!mg?XZ_0CI`D<Nz&VkJk>n;cG`*X>7+n_J|I-Pvnk
z^~FpL6KhH{UG`Ab5C_5NIaX&F48V{+7Z*s?fm!a$*!VaM$3BZhg#a499lR3p6=rpd
zkfO(gYi>*Ut8BGwnb+L<kPX*d0uO%7Q_|sr{}Gz#mws_4{eEZvbklSsJot^SKH2iy
zD;XDes5%#Av@#(wUjuLWvo&f({H^6;#1tn^gspe#mDZ#PWD;b!)9-cNaZ9&TGkVPq
z6TPsY^?Fv5F8|=zr(k=Xt!YQPmeCk6&!<BD;<~BgLA$wl=%QPfnX=dsGUK3hv&g6L
zU1PQ}+b1|oNF9KW9M6i<@_kG>Mb#MLm_s=p6j&8vVW7ZO<>h$lF&wog3&2}lS>Jgj
zpSH5@D`Zn_y!2U~+HfjcdnLG2>&A`Tx5(WW*70g>Z|(3Xc$yY<%bUYv9n$@x^Y_`F
zULEyMgmE`KFy>MJ)HrDULt|_8gnpyuaqnyoj>H8O<N;mkS3T-3@hBzsU6MLaXU(Hz
z?>wNI{WjVj7;H-RnTr~<ECHORW`ckB$y{azDg;B!w{X2>Nd6a?<8Ou7<>z?kpSEF_
zCio4*VzR436Wo8*e)x66SY}D;Z47oVeGYgxygDuc(_{EIyz6>;K6xQL?S=|cXBLZ{
za0@~Y>$%IB;@8*3#gwX%+>Sd>za10oy52Oun#q3%TZazxa(siIrK291WE>lH>dg?*
zWeAYF4GIrunuw>(>-`vF5i%rGim(w$2W@^8Cq;;+pgu1*5r3wqY?5E}2YmvznOcqy
zV=xkY?Sjcd#dLL)11!%<VwVHB667<72aa?gA?0$Q0wW{y2<JH-jIZz2kbwX=pcWA_
zesu-b?S7g5%1C=vkzZ_Y_E?5&s3>j4v_FP%qo=<2kMgYZqP4n$_45Ex3<P}x_|ch@
zLIBKDAkJY74+g8EiGnp|ss~07>(ZOzQq@@944i1D%je~<#4vp3Fbto?5Qe8eycS*b
zS!6HZsX!SLp=8}H)`k};VHA&jB=$nKE&`*|6>`c%Yf~i1^~Qt28eCdy(;HYQdil*@
zZ9`o+h9zg&I6ksYw3EM%b0pj2cH~U{2&13O-Y2SaF8v{irl8VJC2l@!`&~vin#Z!E
z3qJcI0vK4prrG~=S202q<=)eWFc%)w9=|7Oo$epK@#T-5_AmX(+Mx@y?YJb@_-x5(
zG3a>Ni(~`=FxI?CdMH}5c%4ngRCYAT(h|H@SBw{F=7(bKnMahR{+{zw_a#G(8Gd{~
z17YUUb5>VIST&7<2oOK$#3qPmgfr-Vn9?~}_6aCMZ(;<bSY~%q3~j``NW!QDV8yf@
zHRgq`)Uz)9u&;S03f!V*CFhhRb={7RC)o7-98<0HJB<K^JcLZhPvtRb^~PPp<0x5T
z%nXz%eX-*!rznl5K1PW*VZ`ZZ$<pXz;^tos<^|8m#l700b=Y<c9Ng)XcU$>)xjl-+
za3U&ecE+EzK1hCOUg-F&MaN8!SG(?fYwWdX&Qp4VW0G6hu*gSAs;7%(Cb*wLJ?j0S
zgT$he$6k*KqiG&xs&uLaF&xxiPg*{S*7Dx`(kbf(qnNz~$U4mga;G9a%yr|UFiJP8
zIkfn*88bNhhw(rWWnWm?jR-AKgPm*X=U%v)F^$t|y&#@lWAgLqRQ<%FWzC1)XiYeH
zeFnvQH$x_l+Q@Sz)!=2O<!gf>pV06siD6k9bXlZxS}*;P?>uV7XMN4c1*g#{oLk(2
zl~P~7MzVA4$wADBd9S-i&f2;=Z?7`N_5^)L^<?B3XJ73G4BwEe=H!COWHyMF&6R%u
zrtB&l?6$IfwL?6Y_otTa%Z#9eArj=%I3h>T0wFP?=b8H2ts<$eNrhBR^P_h*rT4ap
zUVZS}$mOb}v?5MRaa05A$E!M*>wczQ?W$aaM)5ovz`7^z)&7Pie8HSdtHhEPg}T7-
zUY+;7?zNIAmD{at#i^uRo<7-We9~!r(v6-_%E#lh%bmt9cN)9gY3y=mnJznxU3MC~
z>@;@SS*FWwW0&2=F1w9gc5Az=Q=pvYWd@p^?I;-_JYIH_+%|5K+r~|D+qg+?Yc@&x
zWVi9j-a}J<+qkiA8#mT%<HowJ*;wh5-Nq+NklAS@v(rdsr;*G~Bbl8>GCRwV*=;1V
z+el`&k<4x*ncYS*yR~H2L?%3HQAqFRiYQ|;4*BsE{CESmb|PnaFl=WJuFA#HU95M9
ze09y(Y0Ei{OwLO(_qqca*@!!96jkishbQAUC0vdL-sO{Non^VZcKDj4$H7gh;mBaQ
zwUG;m5K$16++*p($eeuW)E58nd3|WqO`yEH#w54cMr6TRY4p{CjVUJbHX*VmLgoQm
z)kAiy-CE1q!fWxA+$K}<wC;X8Daiud>H;*9vb#)okCM`K;!fZn5%G*L={XXpU8H#5
zYL~;D;X!R9-OM5Sgi;0gv{va2T0l5{r5ciGuu>!dHFRmdX`SV&tqMI9lG1|5BiLP7
zA4Ke5T@iXWsipHD(A3c}{=l@W#5oImhTv*G7T!fgnFGqphpix_S|qGvLQZB4q#y)B
z=1jDl-@-u-8`#2W6fa+QWMg^aN1c><chJd2!|%5ZzfbG=kj;1V4t`*hJ{V7^&;AF-
zHxaBzCIEm#OYL24QyWQ={!Rq{p_Yg{q#Yq7Bm}nC-V*}bj4`lCUS?ur!qJi%=s~D;
zYRRDaaKHWX$;_&*Zb=}FH*O<tCnju5>aO?7%FN1qo`uzEO51a*Ypk-X=c}W2^Ig^L
zzj$|cWdCiaPC2nlNOpvSE4G9uH$dAKN1a^sld%d^rVLfrAbMw-{l476!m7!htsY!T
zy0W*bdQ91Dv^+qYX-~TcGY*PdT3Y)ix|&>Y(!$bbK1UBNHN%%bWLv+y@i_=1(^L)}
z>GVIj56^3!{M(yk#96XGHqq;DHk+;Q(uR4ARix%}tkqYT@!E54lN1HVe1Mcdhp_<h
zlyRPBSTGc9(#b@(_;RlxlrZQEqM?N)LmY~AUBWTI5lo4nF_dibC$7fUAlA4teRGbO
zA_-+jGHcw6B6!w0dM&Pw&hn-@VlQ!4WUn{G4=Z?ZR|qWCM$I*cTbbiGQGXK7E_Qrz
ze<Q!Yzgs9(hw9~^2-q=2$D57LWON8`Kng&SagK<hv_5y)z{CuTm$1EXNZFHJ)S-<&
zlQxh}ol-@iBq~s{JW}<#nAgVjYJekc*#)N>x6b8E;&r_|PVoYIiDKM+<;G|ZO?#^w
zKd@UJtHg_s6P=tRu>>V_9E$>wYm(vu-2@2l4Qa3YiMCuivkv>6@Q6(VS;IIl<zY1i
zgbXqkx1GgJo!dZfj71bt(jLdpl8%S6giwR3mA&<~Lgk^+Ejsuc4gTyqrh=V4LyzoT
z6>Z*<^6W@~yex;fy1{p@<bAwT*)J-%)Pi#B{79`*EYGivGt%AoN+IS5v|BfLix-$=
z0pYsC*-#9cxV|QBOj7HLVeGY;(NO!4Y=UTqlpuDq#_2q%1kn{Ce%73Mha$B)Tbd=y
zNwu!IBuWxKuv4Sb?_#i$>Me6!NU}c^y<H}IhH-r~i4^Rdk!NQ{i$+G>gtLG92><OP
ze3_5%X`~T6^p^eu?E3eYT3t{oZ;yZVhU(~UF5d;4%eTSi@_n$m(ni=^z7sZ=Z-vd}
zdtq~>&9J$AH*7B74x7vO!{$mGVsrV9*j&CPHka>-&F5^2Cv7IH5-m~LAJK{MhTJN8
z+K?@0P92(4C3>^oKr!yQs8q*sx$E6{GGPrI78}=uJk?Zb68#QXH`y~WbM!1$adAn9
z0(VNLCJu@^Yc5`^2I19Yi<>6*kF9FSwA4G&s!2<8cYP(7Tl$0CqQ28%&L(a>5|Gw<
z#Oc<mt(2fw|IzVtt5w_hzo~ZrM~7mr?y#`fx}MXp$?#>kZJ&;luq0kT#hnX07auFf
z>N56jXW=(4IxfUk^(`;mw{G#it!V^F1S9&+MvObGgz)N$mbBAmm&gVaJ5}<Zp|ja!
zXszOr?C5{%bN@f}IlCa_8hFV9!TVe3e`Xl#(dB)~+7()4OIkD_wjieJNe>4(8cd;D
zG(V)M9aGr(K}FR}p|)yK-=R<DHt6QR>JEMBK3u-vm+sKjcH8&t>ZLohwsg0>bnm`c
zxm@b6Uano<MGr32%u_F2Nl)vSN^hQG$dNAS+#ygD?c)MrZ3C&mASf;vsor`SHJpr2
z(B4G(;sirvI<_x+1l62c7%6|P7qrI-!PD^;0tn409?XXET@(yBDj&e?LnPVLd$V}z
zJW2pGcH<ZLUY(L<n^D)5#=EZK&*?dTj#s#I>hu;lb>OzHfUfLq#DCT#8y_L@GE^ng
zQ<tKQoWl*m%_mTs#hHm9&T%NWn0DwqSFXIA^V+8OFiO{L^MWPMZrN4B^7RFWq!+WM
zL5Yilm8oHJ1uMO4DIdTmforf{Y7&eQ<L{<v0Vx9pqYB7#X_SSq&aSVqH<*Jptj6Vm
z<-1!9OJ6SN%Hz-mn(~bUUgj2gA)Y=t5)(q(sE#CUgJq{qHOHF7^WBrArv)K@*^>I<
zkTY2?i}_UC`3n*Oqr+<DE8^Zw*q?H2siL}PV50o!K^g*WXd33|H>&6lI`3baI}!~?
z52Ju%v=L`vvs{h;t!T_h4*u_{pdqDm!9QW=CjMPFwZ)qXji(t6rirO$h=44rlDi80
zshV8|Nf`jx9tOP<L8Z6iR1XgVr*3FXxbOFiT)xnga?zWSmLdX3ZI~MshS?YaUMa%i
zTde>`SrC)SaFO6^EN5+rTuVUiF$Yr`l^_`1UeO#=%7B2*wSR9Z--jS^s@5xNuV{2X
z^&kY21fzdHRLNMOCyLw_IPB+V5Yevn+(NC_A8I@DW;Wo~MyRf@p)P3$$Z#UYhilXy
zYf4R8vAd&{t*>!ymSH)_WJ2VMezj9sSTvGsQTDEs-Kb<bB8ygNJgD2sGX}XCC3n`d
z&lnep^0qOE!{Yo5Z&wM-3?kZP9nd)84eI|^X?+c|PVMEF{Nc_A2X_|lSt_8{n~p3p
z<5e_HCV8f%%q(ggnaA3LhKXkfN&P}5hzk&Z<jRXBc^Y|7av)QU<W-Agm)lx_c9e83
zjytbbsr%KMEc{)QAbU!ocxakgj5=mFobCP&OeHfnBnchxn+D8~P;%#1l8U57Mt6D>
zmd5iu5m{Z*3lq>2Gk**noH6O<cfmChOE@Kip4X2CyueW}krNR&>dYqdBHxrh*sqtn
zsg|^^iw0hb9&eRRw5$8h5dbZ7tvp>~^@o?Z^TSK5{qPd&KfJ`<XO<{$HRP?Q9@|^(
zvHjH^d$rnQ)yj&`Rabm&XT|4gD?V3W@wwfno-3EjPZd&Mv9kJ;mFaUU&U}5vsjsg%
z_w^Mge|N>n-_1>aHpESYI*tfm>baQ1`bNG`_k!^wc2|0#`rH?Gp8G;=)fKc_d!OCl
z>QiX@&c^W0Ue6_vnuZoS>S^DA8lYm8C34QYa!P#tG#$gd&V*Zm;K@RX)5*MbA0<pE
zP4)m(<+BUlSi1<(L?!0Ql+SRjj~Qh-+qca?F0))Z^cmT1$L5A=RPeEQy7>*3<L^wL
z1pGHi#*5f#z@UQk_p$d7X^>;Vj3qV0V%tMI0!Z#41gp5Yp2DtyI|9&37LXM*DuUwk
zC++C^nhTcehNK{}2IpY{S;(L?aWfm4Y4Q6LjB#pxrD>YK10pRjS5$;`e=G>u#0{jz
z-ta0w9AA<;8YHI;ns&~ulf@Vd6Crly6bJ#Cm)E<>_G*#VHAu>f1x;^2r2)NYY%vD)
zmQ$_$dy@%W0|hrcDQVZeYWS)#S54}+S>Dn57I!u4$nvgFbMa-qFUxA7UMm)Q(sHfx
z_9!>&m$M7&0<gIJkGmtZ-kc^czLkC&kh#zb$%Tsg*yei~Z1YET-Q66d@1h`&ztFI}
z)2a&^RrQbhpHI8Ll_bcDHjDi%tL-1B-9Hyj$3InzzZHSDca5koBM)=3>_6%ydK?Wm
znmzlLBg6378`VN0Uda2R`~<^9Tt{zBm8l2mFQoF1x2pKvxL7oKv#4L%MVk3GT~nE_
z7ghfgS4utPXTo7$Y<_%LP~oEL7M6NCmLl;01kPI-3t$ZN+3p*MOM&F~UbCbbCE>Im
z_eegif*)^T<5j9Q6UIPKgndiGq5I(-$(qSH@a<VA>D_Iu#hl+``5t)fU><vmEjjnH
zm5?G2*%K^o(0;g3zR^ni&5xJGQv1!t%vQ<tpV`oeB;}MG4FFRYK1>9ERE00T$Q${E
zxp0bX;DjJzXdp)7YGPXR-bC1d>wiuiiY}tVVqmCKOVfxo`y<21%>k{vDSory>4DkV
z>PL4%#|An=4op_q7lu8z)p(iib$f-dLa!8vmHQI8e0dVfb6MkaO}+P;Ih=2qO_OoX
zC3Sz)|6K5#dqwqRdCulS^O}k%&BuJsH9fSz29eSi+lg?EpKG+g{fdIx=pCN^S8ng>
zce?I8VNrC;&mGNX4iW%S+~1-;dtP(C%Q?|4d)o?d+IwMeXHjIUl`={Fq!)uQj(^cZ
zAP*O-Kgv><kbY7TzXe02dpP_%8Y({sb`g)r1CB8>(?7u@;;CUNOugqRRzSU!%@Vh<
zXftH>#F7EZ^XqG)AW3xc8HK@bcNxUDE*w8atiOsL1bSbdUSBH!Bl%W&*r@cM!Qg1#
z$GB8t!IO<G7eo^ayR1aQ!ZU%5K&8@$;v<8ykh8d-T=n1FUd7E)Ihuv{<J&?1=TC<p
z+g}cn>u<fF@oK+TANC&9jo=OA<qgL?+mTRgq;8l}Q_C`U54fAW-c1~{b9;SFbten?
zUlD+U-I87u0rdqqTRN8U)m6ff)v~GBKP-b;Hs`h)7aX5huig;LKy@+_wIXe;nDq+D
z?Ak}hu_ae-?mF%~^BGI-6Ms{X_Wl$VtxLuYo}}n~vdWcf0yvE<?}QcqZUi+H$UY#e
zE%QWq@r{DN3e{&>rZay8CMvl49aD;%D{$a+d!$BQ--s8KN&_Ibl?=^x>-g9oY9&a)
zZ#UtCE=E&%XjB_JjqH5|KvYfC=w&Yo7GR**D<WbcWh(;9f+!_vAuh1MBJAP@p@=8~
zA|Hy~ii(Nd{h_GX{n?F_h=C|3`_9~0b_odu-}~Qxue0~g%$ZYj=1g83xAE!yAd_~}
z5`X^a<1+Y5$%)YeMmJt})<Wmi^HZ@QntQy)o?e;y_VsA(rWba#oI2IcI?R6y|N1JQ
zygT}jnfa4jL~$;_9|<qYX)hWzBV#jf<mN!_g?&xt_}V^O_>vR3dF(Kg&UTL?3{{HG
zAN=Y&_0IO#aPDWjMEf2OF`fBiCf@pTr#QgG=+n5vH#hye`}Kcop4#6JJ6ODZ@A1Qj
z53`<qZue=b<GZ{0pME}h_?ACC?&<wUlW%Nwo1FMC^<m^rx6}b=tePG9{?%jZnF)R4
z&pEz4IH{PkZk~?D$d5lApWDUEGiY=%wrRWg@1vfKj9Ap=cwF)5^h>vjKFu1Mj-6FY
zj7!k5^Y!Y<V9lDo@b%!qe%IHu+bG&N<7Qa)dB^i@C0BQ|zxHuId-w5-CY@7<x_s^#
zH)P1CpWn>0rhnQh960=Q#~Idnl6Gwuc=&!uDHtYt(0}UrIgZ`e-0^)oG<4vEplO?L
zg&mv8+wlJU)7Z-oMiyFU`t*02cyH!0z5YF$y$hd`_-gk4zPI1(oH2ED%6Hd*&|n{v
zP8-7w?Z^GMK2vK_yQnDxm7-g=U4G-LiEoR;%U&F5)2P+(GuwB(?UwdU+<R0~Lr>nm
zEH(Xa;vV}&@X6E1K3MpS=GX2@4B(vS+NN7Ca0YhivvtVk-G@e>y=NZL@zbe&n_jLD
zoc``n>t(5{tt2VFi@D!tHO%sCELOQ4%v#n^xbbGg)TKASdEIj#`Z(+!bA4pU!@*x~
znVJsiv+Q#Ao0GhC9^zKH9`_pO`}KGf+k5h6FSGjxf(@-+XeMj+Td-e!Zcc|d$<R~(
zO><h2@Ts5g@VBvPwjT$s7r7Ul8lTr`oN4lc<sC;Rr!-hR`jxs-R*Yw6qD!ZwtA?Yr
zhiQK4WB=-M@RY@O?@h?sy1+Q=*o)qGHAj702lI<HA=ztlXYASj@Q&B1wNfqh<kVI#
zA1&m~>ptMNp_+ZN=6T}@snL1@gI-IooX<*(?exTOQ5(Ob)0>=5;y!Ud(xAbkzK?_3
zZ{D+hXw#y9RHj6#4xaqbVO{zQE5j^3e%6uU(Y+<H4s&#8M~`jTv&HRDji*E3KA-Pu
ztueIQf$3UJ#74bl-e0rm_Uz*mbO*M}NMCVvrE|cog+p&<zB|2J(_yyr^@n4RjozJk
z<htIwH;q3o)fkiOJorvRQpo5T$?Dnu)|^z;=H3HN#1D)%nC`Ch=#0-xmN-Fc?jpx2
zCkrg@Gd?Xp+xtUC<l|LOZETl!?5ox~bJNJdCz!Vd3w$#77=9mTwBqx|J<{$w+TYg?
z+|Y%8&aZ9Df98B>6=e2ttG8C-71OEdO&2`iG~dr&lG14WnGV*6Pc;l^a`koAj9Hr-
zcGwr4yR>7Tlj+su&BY6M9GX2Ka#Q}~H-f_pCJr#16WJuU!_Eo&E*UV{o+@G9Zk(>k
z-T(7#ZMf~#=MFv2eHe7Ww5#o+z)&NN4&3=!4~}N_`u5yo;wGJrYY%u#${IP(@1<~{
z`EhgOf!Sx-YCo4R?4uU-?fWFN@%_!b^omA?P4I2^ig{>rvkaw8Z5y3vH23<gABC2S
zn>I5X+Q~y#V&`si>}m46O~;i|Z?`+LT=l&)<n*pxJ+a*8NuT-Vto}Z`gZ#6u1xf-N
zbqKhxuC=X2vN&2vtIZf&?!zYE7jEj9xz??h=EQC$(?;&n?$YJWt-P-LxEi0dIa|hf
z4q0tKb-;n7*n7@b79_1t8pO(YSJ12o`<VDJvR%yW@4<8WYUwXJ=Jw>-?iFX6w#}ZA
zcPjO5`qjOjz4kd@w%ri_RDF%I>2&_=M+xR8jkL|Tx0-Gd+-0$F^iIo-?fV<H=Z)`w
zb<hLtVP+$i4sg2L-qh~joTi)FElLcXrV~5wX=jfPYYxqOxH){P|I-;qb0dZxOWwUI
zE@MmQPD9vhMDLkLj(erQ%`wW^lrcRvCh%j2?%4-<YSA_k1NMK<zdXrE?a(VfQNU?~
zhf5pm3AdYjr?=$jVXtwS%MKI|8Q`5gXGz!0NIk}9lM@5_m^vg)aoDHo`D0{ZNxwDj
z&Q2C%#JKm7H{lyjy&TTh@Bip)(fr{Ji`=7>-`vxAIY}fOc6p_B_pU+aE$*!9ndHO%
zxZZ@>r;XA<-A<k=tZpr?9WEGp_E`Is(F0G}X|N7@etZ<F@lT$?yT!wW?dQim(~b$;
z^h7(gvBq_$+-1!VEDyQyE?U~e_R{9yZ=w(Vw2s9lUpMN^!#`-f@yTCq;T`5_`eLNZ
zuyX|quRNYSI4RFEFQM?mps+b_zw8*9-*?K-A*wm~%T8W9Xl<~1TgMsQmuMeZyZf8L
ztAt|<2leheC2Ph0PXBde+`gxFtmvb~r_X0{bS1kUyo){)oNuJlPkg@X@|}!VD|9aD
zU(OyLJ;W%)KI-eRJ}dgWhpD|a9_QQ6emY}Uk6l?&zAaz%T{nM-?UeJ2J_bDN`%Sf}
zVM>=97eB2nS(*0rYbR5?le4l)lG3cb)#pFl{lpCmatl~6LC>%G!3DF==xD9@sAcxz
zq~-X>j0Gua*Ak=~I)>l@PgGNi`!qfCAe*gq`dQDuCX005vKf&J1VwX`a#LRLj~tBb
zVjg1=%NYCUQin(Dyl3Cl%}VSR_T;2b(yWjz1D{A9&J|DOpYRUje>>vZFUED1yGf^S
z13Ir>VLH!dPI|xT0e(+zNf%$4d2NXEr56pa=fqztxVA2HRhO%c`}7`f+q9L-xbrJK
zzC~&@jY~Q6af4UO-aoS)L-jB2Hodr5H;CzQ{QHV4PdEeJ-*x-h$m83Dv>P`?zWE*W
zH8}6aW*^J4JHEms{W^E-)1fiRtk7QnS?v3_zsha@=STc_Co&FfKA)ofyn$^YN1T{E
z?DnCEP;Knil3tIV7EB8s5>tF5eO$C^PPS3rB3?<{qzKJsg3}E)4Jk|?^sjR27kuRH
zK0Un`dw$EGJb(AkC$=7$nAJs<C1TGGMZ@0RIQsTff9pnX+}F&!rscbK&-21LGk5e@
zyy}?oA)$SG{Fu0-d4YzbI<M+KEFk^o-3(QhlGl+5ACEoJ$jND2aH_%F95)NM=}u}J
z3O!7E#Qn?**?7Y9!4qGR>gs!;DN5I8e_i>H-2)Gi_9vGsH|A-zF0nm4>(%Cet{yPg
zp7SYEGhx^6|1R|}x!&)GbFlG&UTch7`ELs~R~?o9eWhmMXJyHtptK1ipU3%|F<s4)
zCck|jrDS?`-lo^>64ZlS{^`Hrj80e2uQy^xCJoa$ea^qvmkvcEG&d#=p7AEK@n-kX
zFY8_PZ#Ey+>3v+2Z^>R*n@NukU4N{$CM?wP<WlyKM&ZZp;`;ZPiJM-F89D3om*l>M
z5eL^S^1Qn4?8jN39*;XQap_?H*hRZH3{O2R)X-^s()jSWm8PA$wZ7c#!TKXBhZf{I
zneW;BeV)~)!C#`!TW!93Ytl^R;M1*4Q*UMtOlx-Y-pwGN2ZgWNi%Rka1|`f89%<S8
zQO|WVQjG5PUgN#;w2g2`dfQv!zN0q2%GX=|;>eExp3|n&{LX7GU*Ftk_`lh6mTyzN
z-?yvpc*~EEx<6X8sK3qmjq|h`XZWoV<@F4E=bo49V7YYcFvFc^E_RNvd^vcjTTiEx
zdoA}fX6@#kaQ(1&-(l{OVJkl#^USpQ6670mqSXkMCyBzB9F;|DZ#HQA#eD0vpXwTi
zSe^9Rce>m9)u_}%+qwxFX!XbnfAGCH*KOh?O@4gIzri8zY_jt9ProjG7(35u+^5eI
zk2*cO7T9^jk^Q3wx+tA}J?BkAX2Qnw$Foy*ERSTFsu*^DdF1})^;+u2-X#z1V?9=$
ziR*RCyWh#q<L+o4(ChC#xJw>u$IJ<1z6|WNdg>uN@B2E!F`YU{^ykmBxBLF(Rm)X#
zc6zSbk`ZU^$TJ8JP5SK9z@uUBz4`z3`R46DZuzx_R<DQMFbOlYUElHMf+gGi_ngQ$
z7rv?A?vwrct-0E{YuhJZB}Xme#z$_w?`(NBMzwo_v)UV7Z<}3So!j!Z8657ntkca-
z#zXen<$pZSZ#pevpSfP9q^M6P+n@vX<4^VpY&|2k>Gwyi*0%U@C!zZr*OEtz@2t*y
zvT@~3zm_@6yjCqvXm9)d#cG?)af3!!F2B<~boF)jS?9vu-Yi-?;nm|w*`t5naJsnq
z--6L5d;E5VwHy~6b(in3(S4jxP)z7Xty_18yj=HC{e7do!@7L;y39*iAzEVj0ehQ#
zmVY6<S-{OHeJ8eU{-UH|pB01KDqnX>%4y?!vDMbuFNK%cMFX`ifBxr#$<0Lr4X-M#
zS<>=b+?andtgWrLFZ0?nf~&@J-4e^++^FMruUC(5EK^E7+j9As?l(-o^j<k9!7y{}
zo@KfQbNxMTA8Ky1^vTX%4rBTM+-jop=#KFq4gGX}!+zrRZ3gt1zd5tS#K-Pfn?)Xb
zr?+&_=zZ8O;N#f+PYgR}?bnw)_*O7y<23x=hps2iy7+!e9QM_{N5-@B<C2CSx;rB+
zB}ZrG$LpeK_pNcmrtZl2k@0l&yM{XM@oPl~j&7fN*XF<O9}Zq%Y`Gcn+^pd7iN2|y
z=Jwh&oY!Kr`HBP0jIfJM&s!$B+<$vjqnXi4HNm2S`5)Gtj11i5x$5%eQMWeia?jJ+
zc4(&B<0-M60Upw8sax)Ly=xFKW=gLA#|cX^KYZ%{aP0Y@zHg@<ez*JZx0_=IP7c!a
zT;-z`zLMFffm1V!c?NmP7k74<)@fOb4C^(;?A@HArTt&sWS>mwmfWF}$NWP@O*%Rx
zhs}Mu&}L1n-q=Y|t7a{A`ccw+eY?V-sF+sKvpY0z+wxIEH^(tsyWaCEoYiyV=oX&~
zmvmaUg*9sKO`W%=*Qd=tmApO7Xuz2{*YmNY(=p<#!Q+ybO?2$mmZko6a8}wAi|13X
z?R5UK>BRVOSCa-OKF=DrXvk})Qx89X&dI!PowC?+?OK=T)}Bt9{Up0|FU}mznmT&;
zhr3OBu4%e3Vok@h{}=_7*cg0dTg~hgY3^FQ=;-#e$5;PraB>INJvq+P@xSyZ$?Gid
zeSIDIHDcd|d+s+fj5V{F$J@A?zAnCWc+o0h3;u1-@rN_@N0<+f@m^S%5}7PYy-=_x
zfAxgJ-}L7eUtZYqLQn6b)48Gj_9wMA?HoFH{+<4|+MW77){kv@{@KBe#xp*OhTiGj
zaqwh^!b_)*=9=A|>fbeg>*1Bhk`_nv-i4Tb>#F)LcE)q9P96^3efII4C5F4+8m$gZ
z>G<OPH-j}v+ieq%&ig(iZ9R9lbHS*im)gwz{82sUT=#yu3x68f-&cS8{xELI*6MKg
z`kIOVxgOpoeq=b|SO=>)$KTA&iWZHzwn;sw*FT#&xkQeia&3LgRVC)eX)lc3KMicu
zo7*q7MNznhcu_%@!lAQ#itcTdhHN=@94~nkvPie<#tkP0B?a+rqn2BTo291BYx1#U
zWD}eAOTIo9HoGzUSXx%|;pU%$u8i#wV#nXHz5D1VZSDSPcSHT{VQY@<t^WBR4BCfe
z9X7g?(%x%%<V?HZWbRJKkG+q?dv|hAUD(ZYTNBTnOAizr=pM1^so5mqjC03l?3)~^
z+%u+uXw|_Mz4sO`>Sb!n-#CQVHu3y)txwS-th_WN&fy&w<Y^wYk>+)G?&Ti!b4mku
z>jcx{NvGO<QqSJtl&ji4vFl2SZPus;F+q<u&N^fIYRr8b!F-j&H+9^P^Rz8zpVroz
zG>5gk+kA|(*!OzMHhivV%DJPHn&fV5^L5ns4?lx7RDKq8y7ai^vHRV<nzlKSsoiAT
z$=2z&HV<B-5<Nt8ckSe-GrC>KxWD+L-c0e>TiKJ&I9%H7K5BCN^d(n5%r`CWbMLLS
zZiMUIpg5yPLxVc6S~_KiMvG9jaOQ%rv9Is>tkAlmG0~*kNwwxIXZs1+$`kFqPB@ME
z#P9Iz;SrtSMloZDxNMlPwY}k6%V`6;%;~?S<=_)j_Ssvs=)~IhaloJr{G-jA9@sZ=
zsO`>4#Y-%=KA#02NiRurZuZV?Z(wBNmKJl*eeK~sXH$Y%;dZm)_{WPz_Q{{zZq8k<
zg)m;PbGvJs(>@o7@_FhiO@Bsz8PR6$Wu=IJGmd=ix$H8#v(9AA&gL!PKVH{QJ@oU9
zN>h`dq9r#Te@+*?h_WAgt#A-ibD;R}ldNTF8%nwzJKq1mkKFK1OLx0Bf2;K=-F~A}
zUYyO>!N(qkEjt(BvvBN(4_&NRr>Iz*3cT@zx%RyzppD_AV8-~KEvFvnJnCD+xTL3D
zW+oUvYU{i(`n}4L3$6DzvfuEK&;A&vGg#`tZlg6_eWL1>ZZ>;(>+Zf8_OjvEeVF*!
zoYuWIg$G1j3=g~0``h}L6H~a$zV15z=K1q6uX8&#WM)3xaxP)R$@qYc|82@LYW}E8
zk=pQ9;Vp~&KLi#pI37E3d~^GLP(8goZIzT>P1-K$da>k)@4C&|QBPBrF1mH5%^Gce
zx8~U|H`-X;ShC*lW|vluGaua^zs>v9i-f1&)_o1V<vZV8{BF<FH;t!7c!X>lp0aw$
zjLsf{9m}VE_gElOz15(d$G#7{!XqQaQ^S6YdT`+SBy7Nt&hVettZiy4_%;IXFlw!T
zgwoK4`&up>A2Z`6Q~F`?BFE-?kDiL%HL(}}nd9C@MXy(7#-H5tEavFPi{HkLv_1RC
zxLFgyLpz?gy-i`)^pV2BgR<Mc*BKNsDrJPNHgoip$$ci^!(MWIH%lJg|MIEd`L#Zs
zf*wv1`{;C?qk8t~vx`B?w}<k27__~#d85Yd7kfN6bX=J#K9%8X6F2D1*qIGAPTB{l
zF3_K>%(d9F&xse%<}_>Q(gQbqj|O}wX*JI~|IL|Jk%Nxwtt=iFZaTc^g7w=Z>*fZl
zbj9EH?q2aW<%(1O<fiJao9*ASvl(w~-uljA%f9HSm?rI<a@F1TN<^mhYU?Y}T_>v^
zzVYABk=>NEFAhlPJU4S8M}6Cp_Bz_ETf6}#W)r8VYL4z=c80N(f6uC246lRJ^`75)
zr?tJA{^9cO-JkdyMmsHS{V-hV{lI2fiBZm5&jb#<s$;Bc(e}cJFDs{>_8xiswQ1{l
zomWlR5|Mf7_M&vHSBoAm`DP`W^MTpRxlnDSyK4HibIZEkDLfT^%XHzns5y?~9&Hyi
zOBr(dhG6o@!MWTAi{5KIi@m$SWN7>$rNO(#>zJ-{G*2_xlvUXC<k@BkKeib5Nm04^
zSmd1(X_*_T>v=qU>T+I^d(T}<3zA<(q_~gT_gV+HiQ5?La%%JDpx{oI`dBBhjuqPN
z%U;)XV8Q3POP@3>>0;-dlK$yn%)3GP-EK_^*|E0Sqa%Umzdks(Pc65Ivw|^(`K(Pl
zn@4RwT6+4o@B6m#_7;z$+3$vKX@B8ouP?JU9yu^xJ>_vz-?c+Wzuk7$G|TR`^RVyd
z-nCn@D1X(<(fScVymxPI>FJvcnm3^N)%inPq%^b3GhuNwbT14(>$rK3Ru{8~Tegnf
z8s2Tne3<pYZSGx5(cIp4{#fJqu%Wix(HDb8x9;V?fB!PeD^AS|Z%dN3h6|3kPFK5r
zaEp%S>}=r}=|&6dL5X?RJ^u4DR?|?s_MlJ1h@DLrEsvSE?XsW$_;2Ae*Gl#Do(+6s
z%<TN>eEPFdACBcr^ffs5Hq*i7XLn)n%V(pXZ}{xyHo0Jfduo%3(~m9q@14KTr|<2@
zj(vLJ+=$$Q<(zYjSoIO=$qOA^{5VT-=NRP$5d$@Q6+LP1(8~Ae#&x~)y9g)kY5v7%
zw72DiyG~awKMdCGcuU-MlDU})Q@zpGFDbT}4Fb9dE}LB4efFZ4@Is>>N=>z%D;tNk
zX_u@#?W4m@hoT|rp%*i`BAcEq_IKIH+wt?p2<d+l_SuaXHoWzodB<18ji0ptL`Q>V
z%x0ZeO`eS{y6Uj<N7VNwcRc#D=6Ace`ZD|<pzAKS;Wpo<byA5vkCpcC151mzep&4@
zyT^ZBz0!W_SEqT(FI>jXd-=U+wS!TBt@aIJ?-g3fgVwds+ofTakfLrgsN3Bb&g(51
zt2=eiV8z8}=v|5W@%(_hleJ&MfiB4pm2PXVT$~p+X{D3i+68B~bWE_h<Ne<WY1hIP
z`)^Im$nUghb7G6+pKoounr8Qj8uH5Y>|NFS3xdqzW=CAVIpA`U^lSGg&12uVH2k(|
z$%zS~=brbiqb{FOnKFO(b>6_8U6MOJ8j`ScmY>Gj|3-DmF#h6jz)#p?%dWNyH{H8;
z+&pxoudtQ(kt2I-x<6j!`A<>Ck4wXP-aohH4)(VB*OMb&Yp(7$H|~Dis&8tuUp=rN
z^|Jf)d4s;R?78J-GehpIudX+x7Z`$@5%UW6Y|~5nwmNLTUIT3H$EX33Pqu&SI5~Z(
zOGNW!UJqD#Y0smQZIrMmaaw%t$L$f4Ws{%bLs#y;P;jC6c+vE8(o=4k?^1^prKetL
zqWQJK4ovW&N6ta^$#q=#|1`$Mv>ZLj-(!NE%C`92&mksz|FOSq`D0wmZXxbTq8Wn5
zdHT!!GkRW$+CHy&N9`A@Hzf}=4%}xl`G(=eACunfGw)_?V)5#!j@C%EUXwgh8b1wN
z(NE>u{Wlw?Ex4}B+@_jvGCcV6Chx(W=i7c9mDAN_RmM+~)DbK5pYCkDME!m9$-$=I
z_om#_H#}$c^33{EXAg!%bFC8+cE9NV^dOvgH&?SbdL{jzPPQ3%`?%s_dz;>#qRhZ^
zktVv)LpqK3p7QqT_+1m59~<PpB{6ZZ1U5eZIklvhm0y#KsVtoqz5Cko&jlSgJ?%SV
z*^XHW*RIWftYp5B@kaI5mi4`Yv;I{{A94J^r4v3m>7&%Wat6)o)p^CpecM%9_8NNe
zL{cBMu%4%fb^Y{4{d{k`f`)^N#0G25ISc=7KftJ4-=M83qvi}=Y0K%WjA^|&aP9E?
z>xl#UXf;{h+%0n7v^}Gn?{@W?d2qzhnXKT&@dvWfIiv3W*uHUzuR&4Vkz0Gin-ruw
z&-3oH>W0^2;TX35nnnj2Nt-nJp4dQ1=^}$QD*EoA_~%`7(^`J{`g~e?{DWP|Td=vk
zKY7KtJehD~Py0Qe9F-gCEDrCIG{NSSYY30e;d#Zg4D}q%uDS0^*O+y+$!Xo>wA5D2
z7s{qPl)O{ge=lk|b)b1cyvj;tlLr0o*sW}M<aV0hcW+Av^QlT-UaI8^v0f~ew}>@K
z`1w=Q(Q#q8&YE#94SR5lTFqL&aor8(>`o_?*0jE^(s_~6u09+U-?aXrGkwi&Mk}>)
zN=a!mW~Itf>!hrC8q=1%nRIhUlO4}b?>uya*?B~W%Ffgn^@1E9?Z(f4bht70U2@kE
zjYoYPl{`!<xVifF<$+87ff7w-Y@69-K%#j;Y{(k3iF<IY9<K359yWZDm=hSt<NGoB
z+)$>7D-7Xzb49Lv_|M`4c_M$55iAt=NW8^N9{i8O!XS>AC*aHS9mzZ^ULbccbG)HP
zZzj{3>y1DlYJ{SrxZ&_>46kmSKna2}@o*RN#0ayEy$#bBii(&aC{HAZ#*!xlJOUvq
zJjla|8zg`#_G9`;f&+Qp95L62ENEwA$7Zqwd@+|VX1at2(_FB_AVoy8;mQ|s{dgiV
zSBP*BWsoo|K~S)Ok4oBD0vW{pXbC5f=gZ>?A#UX1SgHg%!w0BQr9}3eAetU68xq-^
zkRQqH8ten=0+L*Q2u~>B2O(M_G2%jG9!yF?@`z{y;vf#+hY7WT&>EFW%_)TySqTDt
z2=)w1^L>dlk+Z)*DE5|!30Y(+6H%!mSqkWq)}JdMMUdX*mCsbvKB`pSRK!z%50;Qi
ziX^KEvLfUajyNk-H<zvo!n(M^Qa(znAM_&RLEl+wjSiL;ET*?i)mBi&lvt&heIc=w
zZ3`aXhtPEx7j(e!0+FCft+{-zkmOk8E#w7@nSx*<LBJO=!Je5M(po7vt}_87vu}j3
zqN<1b=23OaBbk<ImoR8KOO{m_s?bvAgP>6Xi;AXMxvso8-jgN4q^_L=fq^K_3gmM5
zl3-`D(Gu!$7ITDz#g(>XdDAB}CaXfqY-DknrO0uwU<yQorcA-u!;vHQCL9DIu?-*E
zG-zciQW;TuK2#HiinZl=QB6!<1!8EgVC`N)4yt_l90{<ms2NIKq&GpWg=&0=CA#q$
z%N&a+92$ENlN4PTPPrF0@-n0?1ac&NZ+|c_uo>j7M6#wTvpKpn6cF&O1QKYOa_x}R
zHkTu$Q~;JF<OULsNe)V61+7IQB)x>3H=*1nlgd_*opQGT;%DPi&gLQ4Psj;k@_eAp
z5T2^EJ(X!Q<~|`@Fa{B-5ILUcWG+yErXWTh7Ae%3=f|g+HS%y)5RI~N@EUT6M3&q@
zu7a_#0y!cPvjVQk3}lng{wt_MS>vg=;uK9m(QM31eIwZsgoy_e@|cT6+#s*OaMDr~
zy*aQ+=E?PGa@9jsfqah#WGK0&O#>Gn987gK$o^bGFcD}Gb#hM5_V8xnF@3tcJ+mC_
zdZ9u@--XPLi5z`tPlDbgq$-0s-dr%HDH3QssJ|%JQP}ao00>xL(zu{U0lNclCKMo(
zFK>kMoX9#q1s4aVKy>l6Jt``^0-LiEa=A<q;+3!-^T0p>^vcN6WNnVfWeI}AQ7Rf-
z5N^Vb?8k|B<i}7Z@@2FirhS{USP&eHGRr$Mrh+vo$Wc+fDq8XsqJt-RqG}l_xRR=!
zK3!1}RaK*$-z?jMmUf^rjfg`9!pUG`#0ZS?>|F2`d^X?55?rak&ta6gPY{o9Aryp)
zxR!x_Y@tvfwDIE$gj^fq9nx4FzBe}zUYvtDp?tC&nWpC;5j*%=@<fv%3yf+Q(~xOy
zZ^<N*?FCL=+1c4y_m{*kTfKU9Vfo=^K~4_JN7<Q~<@4X=z?GeqwG49MDhKc`ivYkd
z$b`2F^0NQ}lS;At{QQdY^U#IzU%di|^5ru#SFc{O1jBNQrLUkoq6Qa+(7}bh%Y@wc
zyu7P9#o5wVugLP*Ir&(=^s7{wk74gn_O|<1a}YowS&GR2+Wsq<A0MB0|Nd1#P@G)|
zx<VI}|Jq*K{wtKn-bG-k*dA;hBbl+Dv4OFXv6-=pv751nv6r!rv7d2(agcF{aglL}
zahY+IagA}Eaf5N2afk6A<1XVK<38g7<00b_<1yn2<0<1A<2mCcBa`upk;TYn<S=p>
zd5qVL_lysWLdHi%5#tl%GozUCh4Gc~jq#oFlTpHuGP>g3@j<v1ZjbxpGw}eNg~#9_
z#2t@E;v;ZpT!{C@y>Jm8gb%~RaV|a`cfu#*L-0xXaJ(DtfrsHU@Y%R4J`tDT=D0UL
z1|N&}!VPg_+y?K5o8rE>03QHYN8#geH{21Qg<IoO@n}2_x5Y=}eeh{`FhKXfC*az+
zE<O-v<94_o9)<I83)%c-4n7#(`{Pq^eVhYtf%s6oH|~Q+;3l{O<at7x4unv6pMtx<
zn;18PUv~&SaRb~4?+K845aZ+h;ddlH5`G<^EW#Iv#{xbx0;4-X>*3?^E<{O7IUdT}
zHkm?HKh$qdF;)Fwh{!&qP{9bIpa9GR@(bmRFXt0sDI@^)8m@u@(lm%)unQ;-7l8nb
zk&My5*^p0K8pTt-R9Wtl68V&U5)hDI5)%^-*R*NVl*xR`KI!~<i)a8cUuK^O0Lm|t
z0Z`?E8IpYk*U*FM;KZ!VWjH!H*g3j5IoR4-n6pN)9GqQ-X<KRckU1D|KTh0W4o~O?
zQ!L+b@*NTlWNy$FreF5lQ20lVhY9yZ`YDzS4e6(bnlcT!-a!%=*ig>VPT<3J;)=Lp
zqLjH8Omob~az#WrCod!h(1JclRsbcj1R^mcTX6zKTs9xg2k5?~483xGQC=?wgv+c*
zeoJj<uGobm^y7+QB<ybwV|P+CAj*=6#DXB0Gr_yPK+oR6g=s_jd9DwsXex>%1IMh*
z^5^jVxY|8v{c(K4QBiIv>Ck080QEwNheU)v5{({UBu036cMcEO5K=jSgXk7eDv4>l
zCy4@jd}8qDVaMU2*)!@z(2xd7SU`8|3`09&Vnjld6>1?7iv|3eYfrBt^*L%IgF~7r
zpDR-Xnw$bh6)S5zODqgzhlquQ<%vATgG_!xu1I9$!4Bhz>1>jBP*W*@p@+Gx?RYt?
z9tw8q8tfWOj7Yhp#55)tkO4m;4|i@L%o1cBvcqHt8iF3j((5XOz1j=N+Eqm6P1Lx^
zgXrNYRvZOT7a%W<jwpvXcP2*8Oq(E%AD2W%6e9<AXf!C`Lop|=SQw7RATW`JF{!zY
zr=7Wty$fN%dUDdr*&C<~4g72@$x#IqF}Jj{u`gEy*{D1d+C8jzd{`gSbF*Q)JF%e<
zdzfJlvY4W^14=g@H`IyC@d1?y$i)#oCs%uO_`5_lEOQqd2m8v4+7k0L7@-lGgf>q+
z2|=B_h2g<sL8OtsAI~>}jCdM{a>7L@p==x$2e@I8hWh^Epa|j}y}{@cQi(SMed6YX
zi9~@R0LKmEMi3GG5HCJgjN%kMLwR~e{S6F!xN;ODP2{r`vOK96CrlhD(ua93g>Zm;
z2{gHpL+2@rPv#1}xIzJuM=<8Cz@@jypCb%bU^5`tk5&sBVGBhZeMq7dgHp);VV<mm
zp!x^YK~eo1)qhYu2$@gzWwQQFIR?s;0CMHg_y}Fl|HQ}u=>CTse__}b2D-Nq_jX1q
zV+Ug=gMp)4@oJ2tJ5laV!sYJ;_yT+hzO3Axf}?v2zEkerg_quY@$&b6y!1YdAN$4q
zFRplB!LQ(VWcPiXydUD|UWD&}`x$jFg7`BkZ4rJ$?k3^>!T*8WMfghmBCd{UV)OCU
z_y+tMo`Y}1cN2L_aryf=q|-Tw&H=cOL-}Ol{UGsv9DdPVN==^1T!21~pQP?fIC<Z~
z$$J5#^hR)qOOjKP4x)J+PsbnNPw<8KK0E_Yz+b|h0I`L{?>_tp@kXX>BVy|SG67G8
zkc_XuFTk_>jY^Yc*5RA+ZA6J}R9Y&;7UD;V-(>hb0Wp-akGkoS2tE}8O@)LwgP#LF
z_u-1q1&q>CG`59Mn#8*h|G_}m5ljNu+#UQbJ{Nz1zXI8j4Wi#;_+j{+3-=PRy{$xS
zE!f#yygh{F#C;Rb!sp?u@b&mrJR3?O=+ZK4@l8<f7^H2ba!xV!f>oYkTmh)%fNMY4
z^f7pE40gQ>xG1GI7xY0>LEJE)O`OKhg0=jMU&gQF3mCib+xUO@J^Z{}Da7>xz_kE)
z+zYL23j@))15dI}&oIdQIi88r?`Ifi8HXUY2H%b^#!tcTAzYQXOCc(Iqsy$p(VHUF
zX@VB{yNAe2gI`trG~*Helz=CxDV9Rqlue=IBo+BmBz8J~IsRD2gHjY8MFs{u>6?6K
zL@7r#g!~3nIwK0D%fr#|rB4K{0_6}~LkOkN48SBGLlAVFd_!dsO_WOKkeHRJvSptL
zu9U~pGDs#eR!S2iFTy_)4jQHzlz%QWzbHFDDV<+1VW!2z)iA`>DFzlr;jGD{qWO_*
zeu5Acl)0$+6Wu>mN{i~BD#$1LulK{H(lm9cG)e^)7;qw#U`o=`fZ-(=ro@2qAS4;0
z;F$)A?=dB%FPIWuK|tvh=Ka8MB_RA00-%#!N|+L+p`k&<^^`EIHN5FTKq*WJN|-YI
zV!u#r6qy+nMZln6c*WAv(%=a%7?490fh_TWU&H~)hQf#-(pY{N;tdPKC{B$Q=qNFC
z5y8L%MlUctLgN^;_{j4{31#Ed@TQ+UUaq&d99o4~WPf=;Gz=p+qBxMn$9Ls~`isTE
zK4`4tLA{GSy#sl$SPGeF07qt_Hy9+5!#E}hKx9+EB2Too2%A9&5QL%t<q|0X7k?hC
zu2PGwp}fFArWco9w}T~dv4AO*@X6&@u|F5qI*FA%m_nI*iGV44GOmEd7uHWjOxVzY
zrD~>t&kPqxgiIL0`7nKiyb!KF6lVGJ0)5at&YtV1P?qLE!spR*N@AxBO#uVLdm~)T
zPyxTY7_o`wy)=hBaYam0?2)`G5UPqv_)HXd7NM<5rob1ie=|iAFG^7&Sh+=WNUo1Q
z(*?95pMww+!kbhkydy^lnxmvIs{kRnIu3*@R$i_7q7b9?`${UMlrKkt2>wwE=1jUy
zN^2z4pUbD$@qO&Le2Hw|#r>BS#Ii)dEK7x&D32a&2H6@~b`O*@9GTJCqKpc0z|@sk
zEr6X7azg6^g$Quc1T1;JzFg40H`h%NC<)@CN+?Z3Ya_&NaA_u5+8$+5o)%z-wFRb}
znaa2$DcM>4S`}17Li(VLlnr}cLT)wNqFixU8=^3jrwE!Xt3^byas|RV6lzflK0u+i
zOU0yi;JD?LqflDjgRm@R#Va-fwDbT<<%Do}fv9yOaGFj9jhHqaxoW7Hw;&i|SyqOc
zs%26kmH0tQ_teAMqRMKlq)wn3iE6Qi^)~V>2i0PI<hSbd_4UbJd>cN!B2=ONDeEVF
zBH@6`+CguomqaXU+pyLKu3x5i+N%=VZi;@NV3LxyJZW;}huW^AI}SeCNsxPa<;<({
z)=p6&t(6CsLDmN>8VzPnL;ex=k0fY!aQZalrbS$|<t>`-0-#Pr`vgd`DVH{A@{O!;
zw6s}Cb;;Qv;opePu6+9{*ED3tO23p>5$d>T`&Q61**fTg6*Z6wwac<BRcv*dFPJ+`
zqdapJTRhcFSe9rtmPhPsdV}XA&X|bh1`x<Pp>u~UM=o(-rBVV=>8L9&Ym`u$sBPlM
zoYqol?a7jy$Zpc7G>cAAAW1c$N_$hpEj<*09#5fcosAGErmEEw!|<RiUscIe>k&dt
zMlQe<uvSUqDIF*%I)9=i1qN1R*_Ad5Mdu^4+~0IS)oCXb2^mQR<Dh$<Qc+2Z7FJ}^
zG8CjIlWQ=f|E;oFD|D!p`%9K(B?O>+jXQ*D3<StlTDdc+4cTAxLxdM1XtFH5!olyu
z^1D6To$UmhES9b;7b^!>I01l80qD8f*m6U-flSzL>(>LoEFIkKt)0v*+3@bfc6M=a
zVtd*;kPGzo0&(dE7UV1DLV~L!QFNHLy+E7V1&}X-@H;xO9nAqJ1qz!@aF8=_8f(Bn
z)<6?Wt3Cs*EX@0u46?B7W6m<M=wrcVvklCRO$-fL{ijpg6fD>+Lvz2uefx%nhUy2x
zdbqbfjED3&lD?cU7h7j@Cr4K&TN`^T2XhMtR~KD-0lDeo0-JN5_5#v~MAW_!72}3^
z2XcaV-fZGY?4{U1C#h=>WtgV&<sm^AwjSVwhFmI{Fl_?tzo0{k7H|}E;B<(%@Wg>!
zlrog5i+0rHilC@2xql*;N+tjS5e&NJ(#Zr}*!z%6gc$5TqO*VS!*u6Og{dR?Ya!G{
zr$wNfkpm}p@odQHBHDALv~NyMr788IBXw|wG!&g@DzmlZ!}aAz0>z$Q96p?<)b|Ps
zwjkatc;X;VFfffaf8_|02}l^OSRonW)C7cwI!ZKWC1gM<XQ3@I7>`i(Lr13#GG_Pd
zZ)D8wGr+`v)yKqS5UbCi0Rs&Bur19kER6>l4eUSAa=I?LgC$3dOptB=QCMYhvbEF3
zK*hXa<Cce5AvSPjoS|c4HYlJhifuV<(n*fxw=xY4jEyPv+JbZv*uaxxk=y`BMkNfF
zOD5tJe$WR!iZ#@w(&Rv?6p~+gmdG7wsBt6?mBAGv0SwVr7sV6oH=|S1Jkl~mG$kWK
z9Z=GV*z!cB2-i-*afM7c{L1m-h`8tor5L7pB5FG7$MYu6wxN94^cM}`sG`iF!PHqZ
zK3JQnKD1akRb|JvcX8H5yS8$om5Dlx5|SIeirc<ayBlapTBxfHYIDRcA-Umg1Y5nX
z&TJ=VLX=YLqN5~Io;PV1NKzz`P!Q<I;d28~9IYk+o0JE&VL8~-t-*&lrG;7pwM|d7
z2Er5B!O2`-I9m*dKZQ`gXyaH;G%~^1#@^Wl*t2E3v27h}Eh!4lL%>^>bJ}pM9&nNM
z4Aq1-@8QraoDd+7vO=Tu2@Hg>8o6z6$t6!aL*3fINm#k48ypBFXN@Ez8sIzdQI~;s
zk!?9%+(7cQ1X>m#LF@$xhlqwDw{R_?g2@&}v{SBZ2OS!Nmq1n)p{K11niKs>KP@;y
z87NvuK!nh<A`Q53`~^WAc|Qx*>%-x5s0VVrhQ_5E(u#Y`j;NxAT-RVYJxQD<fsYHg
zv`FO90ZtIHc}||<AWjRQy>a9fJxmM?4aUQcwWW=d2iO8#aa8w67e|A)ib~ti>vSXF
z*sd%>9JpbYJsd*x%`6uuTW8cW8&P}evIOHE%pT;XIH=Hv<<EtlMG#gaob*1u0?yJs
zdKzab71Vo{=A)Q{(2v81PDf@kNCPruF~<{*(}Oe&!la04BpkJNft5d^aUv`<*FqRu
z$UZIU>H{lGhWg$dFS!;mUaswsMhD+!i2TV^Tlijr?2XWy94e+5h*${V&`J=>886>u
zd5}GqJT$mFegvEfA>F(O!6s_|^2AZs?IE8)dT@{N@;yGB^M~_0$mvlMvf$kBWI94l
z?xCL}JSLAc4MLOpOs0)5xqQok4@J<#fExm5Czx=!+?zNq0<JY2EwvJ>74k)4VlPHV
zfkeI0LN^dYi~>HAGRY)D$ORWm&<!Pq4EoayjSQww8=x3UCyeOS78yft(<UgiwCU72
z7=#y1LCV+wIUIrWEg|S^kq<3CS7;0W*_fif$VElskSaAr4dTMdXL&uN(U^kbDb;$o
z0A+ukpMM|(^jS~{v1ln`>hXM$wt6sq1WZ1RMg2J;T=))0Ao25OA`@eZ2zsT<4CrGJ
zBnG%ywDt_kqatbnn_h1efkMZ^jNF^UXL5M}i_ZKb&(0K~H96u;bLk3u1x)oOYf>P9
zeiM{NRUi`%?8x>PM6mD-S%Jj5F0mJ&C+b0zBe?<I$>muw6ONNWl@pf3Brh6XA1P%#
zRRQGui32CJLkZgg?36JfY2my~nTnIG--EZLSp>b(b2o1o{=kBg5Qzfw2e4vfri2z0
z4S-k|BMg-;BC|(gXpQ&)Sz&pKi*Qw7qqGEy;=o=Ee1k-`FE99@hHOU)r@3gh3Ee1~
z8Z~2O$~?cEXK@(ip$pS>kc~qeSm#q~a;P$prz2{QY+b~OY$Upu><zvoBN&x4E@~M9
zzEz`aOQFd^J4Q87-pa<yk0!vGps_Xbmx_|WFdmLt!WRcbKH`lWRVWDW2%iXnv5A7Y
z-T+L<MIJks$wae8ZhJ9#=!hAyo1@^-gGu*JQb4?rR7FfKI+88|nuIJtXvGUY+=KR`
zzy`JY)(6^17_3DG@kGQ|DZsP0Kq!>JS6M{k>CKdVf<z1=W#1A2KJ<x@zT7y*sH`_q
zv_9H)z`zlAP^pLv*9Ub#NIX*OP^qFa2O^#6Q4fMt)VLE@7gYr*I?=7kdnj`Lrr@K<
zX;+!ffgHlYXOb{;qw0?GWrUGMkUA#OlliC<@{kkVko4-vcu1mXnHo-JB72lMcv=Da
z#CVKAM;4=K63rHgLsVQ@!&Fe_U+9<6aD!;(lwXxsG|YV!v`h-*QPv(nZZy4wPLYsM
zK_Z!RRIFe)+KOzWv^!GpqZK<IA=Ug~|5Luj=##@I#YFQ!utVgrVcmt=s0{-D>+MhX
z2;e)&4O^&Ms!F)R?%?pKFaDUm@Yx!2Mew1WI2`JQn3WN}ot%Kl3XyIZP9cL6S8&3B
zO(5if+k|~X;=>`-<|Kizja^EU^mfFGnylfVCXPlQ&|%2@IMf6ax>>*vos7sI(G+tg
zL*E9dgs6{&1X?6o1byT^jF4h0=pg_9=&XOyO?#uyYhm*P{1ZBwP>DP4&E$v?4B^#z
z&^edwsbn=&)1Fqoo!JZEShQ@Q^y|J17SXs|ANZ_|-j9$QW9gS!9HY7^h2}!LCSn{x
zxTflkDC&E}tmrY2lR>RQZXO}8LQ+%@`RNiHW<k1Cw+!7H)G=x;XfZ@KuouY9u28c>
z0A7MH*l~t29Np;Y)pht(7QV_9!Dx_Jp@R;U<cPqCI(ImDA%dNtvRyK`fif;@Fv}7?
z%_Mq?X#)+W!?KK{x&2ssb2~QTSy3!lukt`cVPaGb{tM2zkRFGuKwua~48(`36$}GW
z<EOhPa&$_$EkaV5D#Dk!h;s!CDK`MEsg09(X}bF6q+<m2P%oj>oC`+x@IhS};`06D
zaI{K5oUjLn4}UBHzHSzk8Jm%V2ztsxx>Istz@>E9Pt+_rSwwujPfy&mQIpk%Gc%=t
z&>lE)<9-^Rv>uqx5q42JIMpVH9oqWxRfZPRJV+LZ8g>n4I`FwnVhbR`xpev>_6OI(
zhqjEW6M6s%`V$7o!az%<Gb3Of><$`sr4vHMx}&vTrty$-S_-Yge1?=Uf@GLzGUV%E
zUGhmZn89dOfsm$hi&EsH>?Ee9Hblz-1AVAC_=lP%$tx4~xj{#Y^yo%PcgsHIRHg_|
z<A;f=4=6oY2wU`M2{AC7_(-42G-tw!ACuHUglx$T86f3SLg7mvU<E9c;7x`QP@&~7
z;8?))lfW_*^x9@4ny?Jb`&q;Jz*=36F$UHXO7?&NCkoL4!zwRhfH0t-Na`i#{uVk`
z@7OcUeJl+v4qA7!G#*hU8UmmL&~F8AIuNQ$KO9b3PH05pC+VBA_Ob`CHd`82lPXyj
z{kFguN}b@@9zu2Lj|BRMnxN7cM$(UD=UVEp`muCtMZXK+LA23DAg$u3eL4Ci!?s#g
zQK*varXW8$vDz3yb?LVT`lb-jMaqB5{7CKfk97k)?I2W_K71ftM*pT3$Ibhi8`M(&
zh%S8r>ME~C08xUD6~jf_-xLd@8rMB4uLk<3X`?4ftLnN00R5FoD3X2&OUG)jc`s;r
zIjp`l;-fXt*8@~E4^`1d`704^RAF$@_OE9twAx`_a~(kYlhLlO{HuVjV*5Kayt@8|
zU|Q}6**`6Nb?GmK@@4Jc$nqmAm)*NYx<_mv|5H=?CQwdMe%k*^&3l{gw%lGb|4YzE
z&AGbrkAnK2Gaqq}VP+%jt^6$y4|`>4%-U-~rq$$E1LQ}pv@3+_(q9M622(`LMs&3J
z&VJ1P!P2X-?h%UGw7>O0AN5!0G8=KlVypSv!G*u!e`{L*8-TtlNgkUCbukM<G=$j@
zVj#pqh=VW(LOg`I5E3B#10fN@JP7k4BtcjJVIhPPU}7;mmq1twVHt$w5LQ6g0$~+|
z)ezP|SPNktgk%WoA#8xK5kd-tO%OIiK=`)8a~p*15K<xRfUpz7E(p6J?18Ws!afN5
zAsm2k5W*n{hant+a1_EZ2*)9ufN%-|!u>Bi(;%FNkPhJ-gbWB5A)JSB3Bm;k4H}T}
zm*M>igsTv)LAVa#285dsZb7&W;SPlVAl!wJ1>rt~2M``Ycm&}wgeMT5LU;z@IfNGw
zUP8!(@CpLrEgPOW5ON{pL3j-zAHo|51rXjscn9G<gbxr3A$){T1mP2e&kztE^rgvH
zc>f0BJA@w)enKdLAccT|Y!-HOOB@La$dea?bqt1}1U3Q>Y$&wUbTu+S0aS>%067)~
zZ}fL24h+l{objK(F{zRZFyg|%9RD<S60<u4v-_i%DUK&Fun~U>FUhGV17rUYj1-4n
z49w#9@sYgwF|c93g^S`TfPoFJJsy&mAO<#|mN+Obf*F`eZ7`7ZMGVZa#-%CBAq-5v
zW@Sm5Sc~#a59*{>4RBE$U>$#11_LY9`z3@NBNT7Ca!J1^I+g*0`Rahuoc5^}G>s8+
zWnkJ>m!Nnyp^Mez30|;El@w_12UQ7K8EMRpfpz+IX-W#S%1~4{-G%{^+sc7yS^kh;
zvSwgfl~JQ48d*6rHO*l$ur`%YqviU;Jp)i|RS`u>Hm90OP&K?c18ZK6A}w7V_1ME1
z@cC*P)+h<bl}RoO_8akG46K<#aau|bh15UI05*hy!8EY+rX-ytmsFbh2j75hBN;kc
zR&QBK-H}HUHzes$vijB?F?q~`7%==q3AD7ldXSc602{=BFSQwzy#DfB)#dvTpi0s7
zt0!5pVYHO>RI8>mz5n?Va_glIvEj5ved^LSY20QswR-VA<}|hc$+E%3tgdehT92GM
zCxx+ST9fKpDodJ@XB|t0v1v;G6J?rMxAkO2>#mMRX4W(vSc<8;8}-pmX-ebkkPsSo
zQRAORG`%{N48~h3lsuR!O|ecT1d4KFS{0gR9nKnnVwqWkGEH@Coz*3bCehZ7;?1Dx
zjwzF&2=*H>pxUy6;`9i!4&@#2>v?aTNepx~E0DN!2H{>|?(bIs29#lQw4$3D&%0Ha
zSy6!+r2*Zl)->v9)(@1cTDyTo{6BvK-L{pYrER;8WbVg+o$N|QqH4NMqz1~>S(kIJ
zoV!}*U_cukys7l2<gSC&ETCM)>NG`rbmiRDG6zXry*1Z5klUDnb*_SM+S2Pla-hzv
zf;!!IIaX>ERUxP(A81#9McttiB(-G<1M1pU<D_iPzP4m4E(f%`R!v*B7WRi%s)4#r
zHK^0|{)c5Ztm#hBAC?~I>sCj4jF#WF;ySEdDp2oUJ?gUBA5~5G>M(=>{hIFZ{lQ%s
zpx&d}($HS-kILT{9crzPrU)3S_5VQ)0R7tR+uBs0=PDpE;GlOEFbevibTC38u_g%0
zzykd~Ws-i4nzjS$8kMRXC(=Oe_TjB6M_Q8{px?KKvixx!^kKk3?V2zRu#_eIAuRw0
zwLVGlr_Ra%4@NcBf=myVHB?`Pgn$F%3NwC<oVEv6Ey|X~i~$e7aUur$BYNn?!1~on
zmOrWq;G%!6xS-pHMOo$6JPthk<_Ravymm6kmBN6FfpYO0i9z`Zvl<nufEe)b8|P>!
zE{0ctxF(DtP5kz$HSD)_(Sv~v`3*_vR`T2006vEP1|M`gF|A1zl!pZ_hW!o~va$7V
zVgWu(e~S-VA4AK_Sp5{>;<xLSYAwI1kM0c2?DzB`>s^0KBf!TW@PU+0eyiO9Cl<e}
z5t&W~SKlVeLINLuWUN5x<Tv~>aANuU8j<N_U|C748wWoA(8<Q%*GV@9X7wj@^7~o=
zPX5?Di_%N2M>D|7A3kM|^{=jVD8d0Je{cp)>7|zAUEpQppRpB$h2o`_dg;o*{^;t=
z?`a0OvHf$Jk?E#Zr^SJnKfG>9>84h*Mc~H%PijV{8zaSbQk@v^^2gWmDc#g!Jps6>
zqi>I}TIi+=1FM5Qp4w{%_;LEPb|dF=460)-@-V<no$Ps1`l<1n9Ps1v=d~kiTl(^{
zSN#s$)X`2jrJowE+5$grb)lWw>ZdaUtFsd!wbKxAG^TDeB-2svs_mu}0{E%Jb3&Ak
zYP9<S9F40h4as!Wvs43By#YUUdPc4`I_k*4Ce)pdYNI9K$fGVflC9p<U@sAPnpmei
z(IaWSs%(hP2aY`JmLr*-s=eb3JWZ-&o@hPk(t7yy6F91eQ|wf`tG1rnGcd2Z)|0H|
zRZ~;IQ@wnpLFuYnwdBWuE1zmX{@M(x%%!-}sS*&F0iNpVYaNQKYMu1~u6*l5Q!=}%
zmaf_|Fu(fYO6IMqr7hsgzn=J_J(hOWwgp`A>WeFxzN&GC4)_YFH@;|nF{{!Sa5cI9
zxRU9sa}_i(;482Sn5smpQ9k7*s?=8-1{PGGd{tj#z!|?@Iiqc?)2|f`d<p88FPY9d
z{*o>RoCW_9;@5)JB3JeeN{3$+u74YoeUnp##x(2MTgbjp`lY^rt9tbKjcL38<@W)=
zQ@!=s&1jC=Rc=+lPd$ydG-z&q@zn@$Q!nG>mNYL~m1zbzsfW2uYnqR?jLI0nTGqo{
zv@OL)lX73>)d%%<6m<=`?;e3}9j{Y#q^JTV9K1c!bDgdqF)4bm2vLVCd0i<gu!CM_
zE2_E_4Ve7a(W-V2iURDX*2%6yZwfz5v+7_^r!R#a_OI#yyFn@Me|Q(un8FOUWBrH5
zKd`A!j-bKnS$_a0e8EfN`xED?hElj-A^tbc%+P=J15WDJ^3(wRHz8nCsTRAW^j}1%
z&B=B8F9N`JUyauOZ79vv<ck?wstjzsR%;c(fr2-##y5CQ6f7JE_~q!!m4fT{i?4OZ
zP%v=pLbF1P#l}()11kI*UlXWYIQ-O1p*;KrKhkywDSU13MWw<4vIYb^#-&owUpVlm
z-cu@hDgn#}DvvI|j*hF+gNoI3N+TIZ*eW`$F%8AQR?=x@IA2DmtChl{x21Htx(qJ~
zfGweOpi@`87t=Y-%Va<wyok=LU8xp|lu&FTjj?4pYCvxRom=~ot;*A6U`aIIUsL^^
zvNh%y{DW5oI;e>K-$<j@ODf<F=-12Gp5mYa>jDnybG`e2b%0^z+A;JP^=Sp={1VWw
zPa7!XFM)bJ&9<plP{xl#Us|8iH<foJK)ZfrZzAXI&==+PyMrUwtHNlbekE6-Bu9S@
zrGBMuNY*&et+!P!%F=O=8U1~qdfs^&R_~I+#~1Z1<B)n?M<weMM#J^KD+bo{7xujV
z|B)1CM1NuL4t!CNTu&h1CDqM4^*tZVAOFg}8}v4RX<rRy-}St2MxU2}-o09D3d58t
z|Et_a)%?pV2uFFtA-xui@48jX*05i30;@5))xyH~6)!N`>0Ui77^bX*{>)NsZYWv7
zOpDY8tY_&}7pbyRKg30)nuRZYYqUaDHxj{d)EfPLj;f@BRm?us)er$!M>Pejvo-vy
z8&ydLEBCcn%dDGPgH`@o{3VI1B!n~cwOsG58!4H!{`&~ZO7MR<;>ya(m@2NMtfbuP
zmn{)aeg4L3ImljaT|`;AIi%vsWm^KkR_a?|OZ&IJbyrqW!<3YP0*(V=_-`peejMah
zQdaw=^lkpY_uN2L;d~#iq@;u^m-D`eyJl!wQ+oeOBe0lgAqQGos77zfO7MS5HUK>+
zDZ_u6p#qP_ztjgfZ1(R{1q_G^Y?x6us6<h6ItSGerUt4}QlgU>ztRdULHxllGL@C!
ze{dssYlHYuMgN@_M3q&3siOvUvJVLK={_5jB~u2iLGp=Ai?l3c+Em`J^i@~i1t}{v
zBvl1}CY81?6{vK?R)b$^4|A(THbqHm9Fyq}d|qV~WZFa6fmIUj@8}O~4OfO%p#@q)
zHV6OzB922``EO|tHar;^t&{Q^L^WHQO0-*Ll<;@72mf;laxu!FJ)}JJzwCiB8!CY=
ziHyoeo^@z{aF~^$q*S5hLTB7WW|+WZW9X@nHvf|L(0@M&w$=iE8lujM&|Wj(33))o
zQ)x}pZ`8V6-L>A<NE@_Iqp32K8=*d(p^Ryu=U>$r;!Xp@RFD&f;ROc&12b^+*Yu?c
z2c1egO_|j}?I9&9w+2g8`dh6N)Pf`Zp#LBh9ETDPdV}X*(-pKeWvmVG(Lf0Uy_LC%
zvB_U*iJ&RMww0mj;i}-uKvOVY`-|<6@JniFG=$UyUKKQ>CFlBS<$*i<Yu=w2s5OTA
zM57H^KiU9U*k7|TqBB%c!g@kYk~%^bPiw2p6KWVz{*KLo@*0vp4CYD1h)oOnebkF0
ze#$Tk0@S(ZC&s;s;|t_8%5y@d5QayXX65tAx*PYB_NIj9nAE%qM!>|#?Jtje(Lkuw
z@Cct)kp|_V{)Yb0ECG0c{u9mDN!=;Ie~|K*Y)_rm5#kB;62OOc1>O$8z$Rsr*uT?q
zOKlGE0;@a?2vveD{w3|np9nys@2<2q<({Z16MYJu_IGsG492>^in2P4;E>kPsJH3g
z(p%YcG|JF*!Q@W`dRt<Qq9N-;D5d=!oi#^&E6i5V%m9seoBu6+!7^RNw+amFD$YSe
zm%riPe!cHehqF(5^{5g}{jZh?i}+tHRcRm4ZvIzG|HHKOtDWV#@=3qi6R)fB`Tuot
zrc`N2l{w~mOs8geDfLLQ)@q@7tu=yr6q4q(9!b_(Ei|vSMo^DJ(!ACq$y%$0=C#%c
z>QP9V*LoybYqik4)*3-Q3Q6-?k0fiY7Mj;uBdA9qX<qA*WUbXg^IB^J^(Z9GYdw;z
zwOVLiYmJ~Dg`|0{N0PNx3(ae-5!9oQ1h2&258D6v>(_DO+Jluofu-Xp-UO25o)`uR
z5GO$8(y8*aAOJ+aR`irgF)Ru)sue&>X)`eFIg~-=P(T;jIbbqj?-8zCIK8C{PbL$^
zFl;OA;;O+ur5?O9A(%lxo6P8n0$BPYOVhC^ilHcqFL**yT3Q-B;RQp)(L+i;;Fsiw
zVhFP2E)}U%IwM$?pi&I+;^JZ|K{a#+#HBMrL&*fyILI#vE%v=YCJ^~0aUmg80-2x7
z_w@~oLl9(scJ`dmh>XxEh!f@CX8X+uy+Fhf{*t$lP#jSvpNy0Fe!!7je)bGtD73V^
zpR`zPX(=l&jfDIwXJz@)$k5`@2r`c77nkIOhMt$pFV4;m43x{4M*8|*5to)PE)EIw
zBja(1FmcJ{OUV=@-;6NJ33K9R6r&Ur|6&a<N;BhTgsKqnB5p}Z@Q@iwb07ibzYp=u
z!4JQmHce}OFvPK$q1>YOGgSQkJ*+w(qL^yukO^H3B15Kq9H2_n(#+xu?{5gCe*1$5
z5^>cIGgPLT2tE(T?<07?@V@0q)mDO{fl)*hQ&o*Jh&HxTodeMlY=-m;rY?Pt;nL?|
zArOW`P=}xb0sm9sJ>dER;Rl2gzzvqCE{(#5E84j#hOQ`O;z9l>c$z54gk-R3;sL+#
zO4xbY<23C3rOnu#_fl-{ODQ(*jue}GUW$!4BE`CG2WluRe2igJk7AhDQVbg@!Z0I8
z>`o@YX8?REz|RMG5x~0xtSbZ?fFB0%h5+9U;M)Q`;N80y;O7DSWPl$5@ZA6wG>KsV
zj{!Ue@EE|upWx2~_zZwg1^D>@F9LXXfOmy9Xan%W0NxPby8(P#fPWA0F9H4zz@G>B
zBLKf0;I{+(LV%wN@Lm8v65x#hUJCG1fR_Ti6yT)*F9rA#xF5rP6z-*Pi{N%7;NJuM
zOMt%v@aF;k2*4xk+W~qZKu-l|FMu8i&_;ki6W}udJ{92S1H1^}-2vVe;B5eY7{D6>
zd^dn^3-Ew<?_PkP2k?^tegwdGt3*3saG3y~0r05+KOf*l0Po%nle&U7Z9tpDK%0i3
z&2FI0wgCSg;9mm#9e_U%@J9fCJHT%T_=NyJ72v%9ek8yfA(sd6Qh=8NycFQ2051i8
zpt>GIbsdH3S_;)Ag6eW~#IW}O{}SNu0Q`A?KLYUE0lpIR!7>3p1K?8uem=m90Nx$o
zD={Cydk5PK@bdtEGQf`j_-+7SnS$;}GXXvW;8Ov9KEQ*frS2eD#R|FuEqSl>CBWYS
z`11gN1mHnAl_=;AbOd`L%!4o)!Uzc6AXKKH!oor<J3AYD`0yci?b<c$%$YOTp+kqT
z?c29wYuB#D7A{<f#m2^BQ>RYF_<TO*<>iIBxw&B@M~=iyO-(T)BO^>#R~Kv7t{tYP
zriQ)$F2z!kldIcLz0S)auGg=jb(On{b22kOqwD48%$%HZAYW9nUcG!tWWUVJoRw9q
z2vJa+6F`>Ne)$;yv;(pfa1^|z%g1WJ%+$^+C@9DZki$`0J|_0Fb{t$m)A9mxir-Lt
zmX?o6(vFJ_4-X0gfSlsILJ~l(d=ilzpdBC(06-84AYVQ<HarM17$7JpF3zX&W&Fn^
zmBfa}1qEpbsN_XfSiU4Sjx3)OSwZ>PNwMKbekdPMQTe3sSkNCqKPRVx@}ILv{RK@E
zL`LS7=l^9EReqX4P!avlS+RK}{YuJzj*ZL9)7B2Cto+L?kbc@UlwBeH&lG?lG6x0{
za{9}9l}TTDaZp?(z)zn492IntCYY5K0RI%q7r)B9OI_O9pcnuT00q(YS9~|Gps?_5
z0o=$^wN+FAL{5Kq3kr)Hy@ESOqFJC>P@I*iU7QEw9J>77!h*NbS+i#4yvqyF&dkv)
zD99loDE{Bvl@ud@S44J!<gK>0W<ee@RNBA_a{>V1odim2hBpe=lxk~B3SMW@28b2p
ze-0>kSDddYc{l6TECe7457*4srpjYjLGkB+Vol9}EQ#hU;G_{?k-W`Uk>vw`re<-#
zymu}0G+#^S0TTAx;@73wfZ<I+OX<5psJw!A08!ZTO+i7~cH9yxC}^poDam~YO^nL@
ztK*a+_<soHu8PL*8X6h|gdU7nsxy9<LkF)>#J{rRnkX3DpfNl+Z{i<xT<8q~+$ahC
z(3c7^_M>AM7Fs4=CSScwT&fUPQCEnEhC-Yk@Dr%#qc}AKP{CAzlPD~dCOIFXQW#ZI
z0Av&rR0sfdA{YI<CjewoDc}r-;iy#l;|g2^K(Go?8WIo~U{I0TjZ1>_uIMBu(g21X
zp=36rp1*qBfK0W{$JDR`jjnb%qGWrui;F)`#0(Y+{Dhn!rZ<Pr7l@f&T&7UMXY%+=
zO9y9Wkidtl->g|<9SZRa<=vMzaZfL&gQwN~<y#=G8?<_PGLfFP{3JY+dFz*NCZ21S
zrx4Fo#M6oA?T^aRd^)l*%oYwiC1@sF(rM2zwJuGRR2pMykU|cMvAJ+S1RaScriJJY
zy~B(U=>c8zlbAA65i%P95iI&4p5!A*2g80s>WHprocfE)0K<|YJD7=K9ex2;E(_oT
z%O#d3=!>~wVu;>q3O|T1B&$pac!!ILVUzTQJ{&Oz!|pa96EO5OLJJ6Tml;fy^@ZF(
zfj5SoK<U6U(hd6HL;f<u;5)DXz5bupfK;rb9AGBZY{kSh(xW4ElreE*lqS{GKq(2f
zI?Bdr`M8<6xo`9!Oj4Zg?B<>jp`&4ZF-Dq@A#M`Tc*Vrx67!fe$)}i$31XdA2@k|A
z6EYy#vsfB+#=vGyE473#k^;~3%Es8l@#zVcI?DNt)lXd<VymMnZe%uBb@oNcd*d`R
zqlx-qGNY-PnQwxsZ_GtW0pvL+Owef>^T^Fz+%>^PM<eEzxP4TFjus~Nb;=zFp3EuX
zeXbKchrAy<R_tVy<_Uz<595wbxtk$%?AU}GP$btmSD%8_rC>vKjHNN3Ls}<XN=WZ@
z**BqslJ5{LiHfzE*^m<9`ynM_H6Yx|!ooLtFecfRzj=>RehSja+~#f|YEw{5Q(yH{
zw|wJUS((jkr8@hT<h^gSjukc$=}i@hYJAH#p}D)U)E5|N<CgHg*9QPrvo<#;G9Xp*
zZXy&3!#vZC)6C8^#at5ubr#QjlM7AP&HWVeR{x@A>=r+LQm$i(RO%Mb9uq%(Larse
zj~yG&c1dJUa+FHOWUxn|R`34`YE3E;$4e&VZfcBSF=^^Co1qg;WRGx6Wa~Kk-y!pJ
zXF+BndxB$P%<S({siXe|Dm{QIGzAJpPoID#^lJ(^B$RW4M?^f^M?KaMG83kU1q_i&
zd~$mNCoyTDWILaDwqv}VzgVZ&>F6)Ik~RU|M<=phIZ8D#go6F*Ji7@N&-PDXJDTM;
zPGC<+oZTP>hy%(*_G}QsKX)A=RU+FKm^E?qKS40%pTV|8vgKZYL!?Lulqc0xhD;=0
z5@eA|0A0-XUk%BQ8SF_&Yq?2K0!%YFKuIcb0WIb3`ze)1pKUrjO+3L}dKXCI8GuR^
z%0TqI^1vbIEe9$AI!hqZ%F+KHngL6K0c#Rn7ia0+M7vg_@pP&z#Lp{h^)`ba=6Opk
zB`g6%N<@n7b$SSUg8HmmAQu2de_=$bB4A6c5)84E@B=JS;*uK;&#`02drpi#7kDw<
zHQ`P4n^w@!PJ!Yux7;z13-w-<>i{na(^WxLMe*$S?zz_qX<9*4s)?!z)G-eYncQ-_
zA%ux`Z$>*FPwRqdIJ?KQRpTXZaudLyq!QKK7APOeIlJf1g`|Z0F^|+^PJ<=~vEQi2
zph19J?hD`_$o|N^4=>2pz9g~{?H}<HRsUqb>Yh6k%7T9N$&4?@=a963fHpzsi@!es
zr%S|s0JRSACWmGOk^KoyRwEW91{5NoaLNF(+}v{?K%P|c#b1Mfd_u&2K>BT>3~-Zc
z1?&Mtt|`H$RPw%58QVb+B-sXdLWX}4s_5M1P&5y%{v9ubxU)afkbCYdNOjA7^NmoP
z>S#xjb&wjE$#sTI5VZ3kwrWT_#14|wJ=Y$RohcbD;9ZV=#4oVfjx5+76>N<PBC*_a
zHBmvxZU#@p`z%Bj>LWKCUVziwDJWsA=S1VQ@fXi1V_*`aOAW#rGTjos<PIl*67DCm
ze>l3wOMWCk#UNqaayLS^9zFdBCRUC~6E|^ohZN8bSiU>0oX8IDM5A}hjR#o&=TOZ5
z4pBB7;_kWczk<o;zJ^~#HfFw2hAMPJBokwPz-lj8MAHoR59F$lW%Y&90a&gTJQChh
z5CNcAl<wvaN@pOb_7IEtEN<wQ+W_7sUQG9Y1+<~#QO#Wr3K%=qI1Qxs*U+XCqe~M(
z6%-FrO)aQDIZjU50=ygG|3B=#33wF6_C8$6q=yK|rnqut01;G(KmbFCl8^*JSt1~d
zfDn=i31k^&5)z2Ouw(&2B8Wyrj4KfkQCT9O#vK(Ey<SCe;mQ_70Tl%|`g`B1?wOt}
z2;TeC`~Mz#o-@@|b?VfqQ>Us<RaaLV{8T**D<?J12&}4r&w_15oQkOM%G(T4&-x~T
zWgI^7@{uo;AoarM*P)<4JQiO0+-GQB3!jfZ0q^RC@#|Rls)G>H!UCcsRK1Oug#*^z
zyl`&33i#d<xfYQV+l@_`w^c?i%of3lMw65`=5`}~2T^rD6M*u<x!s<TB-dFeq=SN<
zb3V`|g$`n2oCpRzjfv5psuVLUDI#Txi_AQu{~&3sFX^0DqZ6uF!A4Qu2)Wz^StL|B
zd?*Q3pCKMv#VU29!=2;&jkPXyLl%En)h!4{%W2AvqpCMNbh|Q8R=*v0V^ROUS{)L;
zD`JdPD8y8BY9pHDXcZ1P3kUpm^TLI{L5*()t<b7UOk3FhAAn8`n;2B}A^dk7?fJvJ
zoQ93(zK=jCACMD<46E8>pl)EOWbSvy7z%I_u~nN5l*K@~BmTFZue?52BU0<vC6(62
z%e9m6PHE!Zs*&vIY<pkyjX6i>oCrePuaLu(*25R})$e%erGvo>H!$tO=PAA)9=l`P
zoPXPXc=V2(hGQchIEkQ~3%t+&4mUFA+}8^jFuM2w9nM6}XfQ)e-iPST9nkS%RbRmV
zmYu;X6NPLhZ_A+)jRa#Go6Q!}PYYrJS_sCfInD(3GB2`i4zFtZldiwOVG)DDxOo`4
z1p*8kf&*?7(>l1_9B{`V(^L@+@%-yYpt7S$Myq#$Rp7G0=G^{zyjxV^yd_rhrKxeO
zD21R#=;J#tsXSR(9PeHjpUR{Vi)n1!J`W@QFKAEbqEO)pxDy9A;eXEbR8$^OUyt{Q
z*W(?q8q(j0A3=o1g?Vu9$Vs2rb6C|=;EJZly!gJ^t*(BZM#uRR+o5mTfq_{-Zm-85
z7YlQC+!5bbS{$ipA(KHC<Uk)SDPdSu2Pp(;3dIX$atwPTezY9#ha)S>Wg%kx2FD(-
zq3}B?3&Drq4)|2bmw<6c4$P6{gkjPkF>;$XJ-LdLMB+RESC1dDFg_aEJfiBcW2k;H
zY)DlTlxfbZ=g+OonGq51&c0|EiW8lX8U?{Z+EurKeMBGX>7DKo+07QlcLH|~A9vH+
z_(N#b%$c4nrZj+}kE=>!6^?{NgN9VKMQ#g2VuvME4MFITs^-c+=T&q>qNhliGcFjd
zAbsINRswC9)W)-mp<twQ@CPaMDPU)uVQ$`DHHM`@<Yq+Dpm_%Fkg7HKhqZ?e0v7q4
z*Rt8YZr9r;gE77BX!$=v{tuP^3G%<c{O>FO<K%y|{O>CN+spqB^1qY(A1D7K<bM?Y
z!O7X{v?Y*wxe%iP34l02cR+hUHh@<{!(AbS_d$RIa2EiUmG^c)Q^0h<1OO~?FM1m9
zjevfDSU_h$9{_2Ym$^2BPD3D0l(Yq0h+f?3_M~NH4#{?>Wr7}_hh^ePST;U?l8#@0
z94429`)qtlCkruH=Sj?*kdrvUiCZzKe_X=gL2<Xl4jm#A+*!#vN!h;W7_7)7h&a$2
zOjHrmZ|q>FD?KsEnLO6W(=)bznuqHry%Uor-QpSxlv`X_#Y%RLy*bC}$p%|v2WF|X
zwMJMH7_<Wuo`UX3C!UsB()%)GgeANNT_b*Qd_w=2*!Z!&@-t1s4TEFi;)RenDEU}?
zgnBUC7|3xfJ~|(d&shwC?*`nB#WKzy$Y&(WCvgWLZop}$878R;d{!Yx)>jseIgCMF
znKczBYb_Df1rCC{QaHd%Jm@DN*TKLXEOVC8$bBI4jz`!~;L$e}SPn4`)Jb<d{(A%R
z5aPhTj&Y#khTnyQZQaOmDndF){6X+1%TP09nAD^kgqa~jai51&<0MzA9Jff>kajz;
z1X&J_kBJ))KekW5{*Wj9F$oFEgPXX1P$?=#WgEpm|3lDb&`*g9OIQnpIS^KA37gHf
zg|OPLzp`Csc+$d>)6<1LXh^CvJv~0pnUs_5j1fcn#`o_Z-bKa@4DO$ml$aiqE>{JA
z47wpbYkXpQAGZ^&Z>ufclkHA-X2uAyQQjxHrs95`y3cUo{y8%oNFEXA9G^3xx7(RG
zNr;=`2M>%lvyq}O`-jlB+^wUQY|*cX3dn0G-~{0A^MrW$Vj&*5K!}yivF?fcXK-H(
zcn0^)k+u^c5^y76Bp?lt1DFj^`-XUCjfN%AdLlhBCo?J4>6V3!&B|~=0!D)~x)YD=
zA^J<a7?(>7@MH{irzNHjaC$uKgc96NSEAc#^bTS$dW|f%lTu^vA%?;~#F-6ZE)kG!
zSei3;uro1vfRkJe9uha?=q_))Hak;qEE&4G_vCpkaTtXV$&sUbyA#1;Oux}4ucHS$
z)18SP=jfEQbf;nr1#l&gC!y25FkY4cH?-3wopy9S+BvjK>n_eN4|Lhw<^3*N_+{ZS
z;cte26&}%bVApY7XLeoI^@*+@bv@kmWY>^xmv)Qj7T0ZLx5?e!@AgBt-@Ao&Kezk5
z?kl>#(EZ)+d%Cx}wqwMD5syba+@n!sWaOa8(UCckpGG$6d3Dd|p5uF#_k6SGuAaT3
zvZJO&d7}!W7DO$MDveqZ^=Q<psC7{rqqau99JMX#-Kf(o#96#QD*>2md_Y784~+7p
zYx=#pGXwlb|D2!CpCp~5E=6B@@aJ`LbDaOGC)D$)1>3hV@C3><lQ%~CqwvcFhF=z$
z2nwIkK=3^ub4kC*RRJfA$7^`rMkeIuIfWqj?9D*d^#h1}g9rd*b`o#`P$?gd^};rn
zmcL;V0@mswKih6}Bb5LzND=C|*no*+1JtWj`@vcweJ{|N33_<&X4CcEE%o+5Yyxlq
z%zcWLxUc>4s!Y9JnK%D&3pmZ^ob@EtdX1%9Pw2{zXOR>Jq$VIT%IZWtqn?h^MO{ig
z`0YIiXeN}$aJL&S66mZZgdb&XoLB@`*1~bpRkFs`8*#ERdUC)~<h$F35foDL5+qxe
zKZYTmPzl_lEiG}l#aTfZSt&KlQ(;nK0QkfGo)Q^<d>%}B;ZFte5$G9Q;o+T|`mgiC
z!@GoAuBPGPm&f_9=+5VL@%wORGyTyjIM(!sca;IAKRUdV^xMue=o#^yO}|PX-5L2S
zN-8<>SN>QtxxtVvgaJry_}g3#FOwSyB>h+<SALa0a_0rq-jb|LF8#6L;bwA~K>Ag3
zzu!pC1Tx-8Zu(X3%%Dpg^D~nx4k#<e$&1V?=KX$ua+ScJT=^}@CCk3tN#b&&?1~%{
z1fYk9w{BxbRdd-7>_)q;RPCE>+y@K;*mf&me?eg1L0~^ZV4p&m3C$z$**_o%eGY;B
z0s$@RD4{XhV@tHInL00ltG4|U4hLiYC-y&si()T%@m<BaTQ>VVusn_*&)>|2dgCfu
zG;_<UmFz3jRh)M`f0fxm1HGtdQU1!@!)A17US6J9dD!nSD)Q=$4*R<M(A*ijbs+ih
zXB=27u$#=>aS?iW+Tj;Z$oO0@`>LX~hhLmo<Si~PR{r^i4{bVrf~!Tkj1N7$Wz)==
zp@=V%eo?$-laZUNSQeE@d6{`~LkBOP{}?qmZcrY2S!jd^J$7J9O8Rz-|70#UNL&0z
zh+y%bBm(>@ztCexhycI3LXXWLf{ZVg^mB>8^bej;ej>m>?>^->`MK}sQpPKG!S5pd
zK9WR%<b|7gB@D1!0e+eAXfNn3^wbM|<+uhoDS|8@_blU#Bs2^Yys8n|jso!njytIX
zYK{91#|I%}JPVWKrvo&j0qO`hbnPMVm>0$p|K&v_eCYe7gMZwLN{k6-_djD#)Y<*d
zXZJs&fBOIN{%17)KfaC}Il^t)bzDb|?Ay2VnWgjUz&Nshzly(id2J+)9Ki1HeLI)V
zyLb8W+7P}y0EB%z8NFvuO#(*_;6euXA{JK-gd_VTf)I$rT`lqZfWhg<p+kpii$BPV
z@q70Iqh|U&dzLR>x>Se*$MwBP&)jec0fA9wNA@6g-ob<K95}vT-@8|(-+$ncILLtl
z-Xn~DV&^;9x4U2e9$DZDjGs5};Le@zfWYzn-$PcsEa}A&nH=#4jvL8Q5I=qFko^|q
z5pS)Z13$`g8O8Y;*SFs)((?aMwW>ZuX8qTG#2e*Ph=+6>Sns=Z#+&7n2#7yfP%sY{
z_E3k^8h_^!6QTC_B|e1O<L~q#81XEiSzX8<(FO$-A5cQX7x)k?=?@xMjQ1g!`QsUI
zK)ggiF^%}2Fa6mX?~_i5iof(y{nDTP>HWgRohiRde>S<~zGdqL`SS83n26O}AAxG&
zG_rC1jdqHaA<kc|`<>1CYZD+j0OmS?7x%Sa-a73VIk!EX{mv#~zP`B*p3`;BbPZ%G
z(|6h~dKTfu8bAP?3x5Lu=K9`CV2^z)#J^Xg&hVH?Kf=26yUgf+Z~pUNobLqx(mr6m
z1AoALN5)&`JMah0ci<10@4#=J?}*@E9M<^`{nq&o{U<E*9r}N^%y*=}3FZdod?#3U
z{oKSqe-NT|5d6OR4yL|AGfVvQ9U<z8rieG^JFL$l%!kbR4(E>aoAaF_tlo*E{`t<L
zqT{)X5O2<R78Rpe!*9-aiZNrshWcZ<#(c-5Z_an%56$&j`K8}K-(mc5FH`xh8h&eS
zSMO84!`x>#rZj#Kw%t%!fT#t6cH=PkqXvA3qiqRI;Kv3IoMfz^6I>l|5@9DBVlIWL
zmI+)xbO53OXXig>-~T-O{wEs3Jpepm$Ae<LFM9U<Pgp(>hX4Az<~MJ?`KCC<{ASAw
zFK<58{ASAwuWmlo{6?nVSNHrzrk8eP?eiO%zOMNVq$ktYHNTPZFK>RcuKA6T9`Uu$
zZ_M-;)-k_f{7<iLe)GbgYoFi9c;tWK&sTM<V}7&cr=PaUcu~vz2I*k}{t(3Uh_{&U
z%6@13(XW08(l7j3##f);$oK<4@N9O$^uFnfG5?YA-~S*E?Z+eq@#gGgo)LfS*fH_V
zH{TpPv>!Jzy-C5CU+n$vSk?ZjZ;l=NO2+%9FY}D}uMY0ryB`RMW_sWB#f<;y;K8r<
z;CD>rUt@lQxe0aS*gi8paDGGnc^%@M7W6HboWH18ad7`WOq%PEFL1ylC)L)u4eyQA
zoJKNz-PggdWcoT0ScF>B|J`<qmE-?C`(4PhJp4R{7Ugd#Q{JNENAYZQX6}|%Dqzt}
zmp3%;_^+E+sYd{a&kHSDl)HJQ@*}>eI4|$`W?1E<z<4}-@YbJkSo)3l#zzkyaQWhM
z4>vvv9Qqkwba>isJiw6gcwmrs=Yh3{bTeK*T2wsk@S)=;@`%m{3VC^J4{w<{lMgtg
zKR5TzLtApmH!NGk=jMjqu_f0P%I6!(-}ppv@gmNMY595)FBkjyd_(yqW&XKfDdVlt
zP-*S+`34caxmNobY3o_-eNwR6`+T?%Xzv5TV(&8>zr9Z%{dGOxFyl>o-{-g3`%G`K
z_eqas#ic}s0HeIcg3tRaPXy_eE}>UC#LP-OlLPds1LSi*#EI(QrTGmw0l+i9AUxj-
z!l)~sZSWaJt$^nkXYKd1=eL|azoqTj^IP~J^7Pm3{)7pCXrI1M%>!zGL~#hw`vjJ<
z>v%+=(jPxmmkDpAKVFv!Z>F!yg!iSd!-V&xr;Ss~BMM*oY9>6yDlci2iQ|WAeMA8a
z6@Lf_0got*)MotgL&s||;fZ9>$9W@G6P_`AeqoKbJfcv~KezyHNssA?GU3&rg?|}O
zTmkaO`Rpd(lJubxM~<j?W*TrE_|dRQB?64_zzgIJdXj>H>&soTM|y`;7Kpc)zyA4w
ziNN^U<_DxeqKr4Kd-M5-$*$x>)SMrf@zRy)O$yfh4J^c0pC43DUwwX1Bi@HlJN*JR
zf$%;5sGi;;AnW`<p-CzD#9K4ImifWoZKwFl*L%R|bCeHneaL-x$6)#N!o6Cw#NiT%
ze+8#e5Hy4nc(Ll)1986vpHt{TKO*Is{67~YI-mJboeg9zOe@YbvGAuo)1<+^wEVVV
zM?jD-<Uc9Je@bl@q%j*X2QU{<04M|$0g3_h0P_KN02Tli0`3GX0+aym0xSkB0o)B(
z3b+SwFQ61~A7B~ae!z0T1Ar9(zD!nTxV*Ol4=h*-C<i<NSOr)OSOa(xuohtAKX2SW
z3wJ$W17IV7?-5o2P|spBU<+U?z)VN??4|2Uk4?S)PqpbUriSmX*7$|k_%*NQ{N_`Q
zIA4onIq{g$uD+&)FEJTk6~vdetnIR8AO);uRr|aezBkh-Fvu#&`gj!xAH~9V-0|Hm
zezpte64ejP!P<Y-pw4d^BS$2)@?p&ZkAQID9Xu8UCFa-sLhwv2pcMW*uo`Ej#Cv{M
zOods$$ZE~Qj_r6sLCruLsC*EGf*{N)CtnUGElVz7$nf#YW#)ZAO=vO)lmcHl<NG*4
zA^fs0Tx%ZYx3VBZ3w7)uL>*}SNLvWMOkB^5vz7pqkaI(RLmpMo5cl|kpOy9{Mydcg
zv$(<hb}!UJ#Rt+v3}0Rc>4uViHJUz7nnN2+3X%@WSQ|Z1XASbJmXH}};-;DmLJdA`
z_3))XmRSV*h#64`!#9Uj23CIUtZC3i&Ec}h+A0TMJyKH*B9=PyWns}HYaY-$TzG5`
z(b@0;GwMy9x(HlJ4=H?f%{=`&gAi*DFeT0bLsIG?0viY9H$b72)>52nrDqfPZf;9o
zX;cnum1bVjwdT>l>=#f6@+*b-pk0H&9GY8mz`g25s3^^;<Tjs{n|N0GO~|$CrR10C
zngr7J)q$Dzk6kPE{~gOh@%{e-Z-0*^_=namtd&2$RtK*RUW4C4+uCZsXKgLTo{*N}
zV936ZGTR#42HR&LUxs{z-ywvkxT=sGM|P?^D`!F~Tqh3c^JFKcr^`1M!$uh|J`POG
zaE@_!oY^@phch$TnT!+uoEeGPIXEJ2DvtL{O3d*%9a$-k#7u|N?ap$CIUFOia@-Ej
zR8O`u!;zZkaj1g;otZrUFD)g_nGBqvS!RC7+j4GTVzwjE0Un%gM|N6<vxCDW-*S|v
z2v%p(kvJhSEi)`ZVdN&JWjk_H@iwHjG@z4`mYL>Bb$T4hPLR!jFLQ!pDtSy!^GtGh
zTzD7U;dV~WNkhq;nc1GOQN44rv$HaX;#57nERM2fj_K{r%0)r5vn26kz7?J+CFMxT
zN>6sW<MWcz6CoG8?deEM%F4WblqIAe0>)g?KPzhz3LTk0Ixc-epRCO6-bfiS9WR<D
zrnwyf0*_5kOPb^WDOqHs_V5Trdb07-EySLll}lcdQt=kNDsOJ$R7Z+aR*c7yo0gu=
zvlopjg~SItGqR>Y1_9aZ4f(hH?F#t<zx^R!hwKe$fs+Yahy%FWEq^V<=OLfV(7ot-
z1Fu&@4u>2K`4+z;A)($-@3~&Y`@tK8A42N9z6<$2<mKR(`7*$tygm&%5%Q^|@pABw
zAwP#4m-jz~9K+oYHTbQb$rHiqr&`bNAvz3@AZ@*kE#=pM-)|u&LkPdfpGjvW(yx+j
z@X6p{o6T0=w$N5$yUVuJcCYPG+e+J$Xq8Xfp0#bVZMMB=+iv^Nw$t{ht&8`s`?+V;
z{56^tVuVKbT@d$O{D!z|db;D<#a<ihjx$SkdhYocKdtkq(@FIxdbS7yF}m-$v3p~m
z>3ursYQw1y6NveDL?qqXaH@wrhWrN`8W-L7g5K?7FYj9&=XCvM{>+=#>7;uK`NOu5
zS9ISm;wHxLjcNZUIcSLTcK{`o`|0KXH1c<-?1dx6ot2@w!X)+9ySvtoKNp>NS|&PA
zcaAGtcHe(-7a!OmV>B8w3VrC%wCr>zJJK;%sP0YuJNj7$vfD?gK-mSG@8d^C4MkV#
z!3*?B?6BM6*xJPG)azqqZ^~YOh>VgQZkEgGR^2*=40Nm>43=3A1g2!UGs5ym;|!7H
z#LPtY<(<RPnR{|D!c34!1NvIWsNreT65YvTWY%fZ<e<qOJt@cS#;AkQR564hHVq?Z
z7*AWs^*AuRx;>}r>v8OWrJo;=lb)THo|fsvXy-|Cr@7>agz@=QSydC}01ner$*0M)
z8c?Vs=@>&LEvvP_@jtMz7`o&L>r*R-Lyc)h-N*u==F&2AAPBc37N;9H(;4c_!!S-}
z&Ah|nI7(k}3(r|loK>sf*c=?Tkb&bBa$K^OduQcY>W|~1thvO@Z2tg>i~@$o8(;>x
zkT6gZEYk!xj(F%iCa`=%vN6zl`X^!_uHE`DnU~2Vi7wSh&<3L6lL7v+6DLs}r$E!v
z9Z(+}KLH~oK*RgMu8~H-Egq-J9d<;Z?hSXQL)_9v39O8S#O$P0pFCNwuvws7Y5uXn
z91&DVqgge7Y2I7B)k6bA@ID`3)0Tiv#!E2$fo_m5yp08?9q#G3hA~}r|9MQK)%=Cl
z5*CQH#`YzCOYr*=Ht`OCrq$D)vMsRPW8?oCn_b(1u=%zSZ3}!YM6mV=-0G<ofGuk(
z(pq4fZ~MT;RQ!D+^Dy&bj{K=qOJrVV*nA_7{!f5$CRdR6d@m-&=A!zUB$c?K_>aj=
z&CYfui_36t2PEbV?LP!A{is2C@%~~!O!5@A(`2&&-XC&5Y^+Ton+!_}lXEYIRxcCP
z*S;}A>8s;{eHiSuc|*LK*Y2$c3-TOqeQyJALs*iHyp6q0yiL8$yyu~m&Ak_RFZ4RR
zt-J%~HZQoK;KG873N9|Vq~Owm76tz(xU8UMfuo>RLF<Ax1(z4JEx4kfT|xVTD+{hF
zxVoT2LC1oyf@=yo6?87>QV?FywV+!;_kwE+A_}G!Oe@GQxV>O{!Hj~L1>S;L1+xo2
zEBL(Ni-Io;VhVc~#ummE#uxS}yrHmfVZXx13Lh_ASy*29MB%E!)rD&cpDbKk_*CJ#
z!lw(LDSWnYec^_}jfI;ED+-@0++4V&aBJc7g)bDoSXf#3QsK*m=M>d1YEaa$=-i@4
zMU9IxiZY9`id;pLi`+$?qU@raqA5kWMR`S2i>4Lj7u{Yoy=X=e-a#&!RW!S3PSM<=
zf}%p~8Y(WDS2Vxqj-mxc3ybb7T2xfFXw{<ii#9CUxafWDE$vn4!1Ef<xa?u?Ztr66
zWbbId%6^5tjoo373c1+c+}_mQ(B3^H$o`x5f%dl6&R)+RZ1>rJf8PG^*&e5B|9lLs
z`0!Gt57B)G!uss?Cv%66{R#W?87TDvpZ&Ku=1gr~t0ss3iTqzc{$|5q?k@mx<G+u+
zIHq&&r=lK@d-{f|KBsFBqJKJL`P-o*9}QQffSr=)a$&A14IGbyrbLd1<_ixMg4L0V
z>3F6S4PK3xIWC+Z58rqUSsc6MvOpN;`#kU8;Y`E0?RF%kXK|*CVJ47xCdi~>6(C7Y
zZZWTRPwl|5U-|n@$i#_B4i6{T$d$>>*(*>CQ-Lh`!j)B)2(mbQi3hsLSY)l3&t+cH
z2r-r-Fpy^_x-q>sM|DSXR;JS!zhQxab)U_Wm^l^M)5Mdx#Kzs^oEo2;mK_`CxB|D4
zqZ0bX4RyjCf;`6H{-*em0}?%xoXJG$mpLUdJuTT0=T4jAjC73ZGA71Y9C2hNNpmmR
zSg6Q#r@;i8V3t&s$dWJR&P56s3$dwAED6A$A&mvBzhFH^uH9HxF;FLoQxenC6UV1x
z>4c)GE^LdTrRu}XJ8TF}z)H@6={N!M9G``cH~387NJktDV#z6G%Myh-2EgnxF~OG4
zIP|3oi|2ZfV}di=pVEWV#Zcy{kV^O%#|=)L)91;Scv4Q(BpO79Cb7n-6uxSKVT5%d
zEFER@OB2p1X<0eYLKtJxh%~jtsw8SHDa<iED<?f!8iMI*Ft$L$Al~bg<sR(JOqBM#
zS#G8T>!(xvb`VoL2daeYUx^N-6Q0y8H|$VK5tN<OMIKiuOYi8|k+hZA60<Q0fc1{*
zkjy3~tJxYGfCr0LNxpXA;71+C<0vpmBy1=U)S8r>)i@LzluaTU6xZp}4E@CFkvlO7
zA`LUFa;1MMP#{e5{(w$ymOI(#A=quOjH-lKsIp}538ZamNwUL}lY|!QNy$l1pBfh9
za6v3wJ2Pe~779iIAV-65G=_fJl&hg76w_38B+k4f^i`^lz=3oVvQr&c&&<j-dn^b}
zE=q=>IU0S7Dlt|7Ct-F0zM)+ZpG#E=_1y9yla#ESOe|dvb+h;LNncTrE0IRuX;yVo
zmJ4jDnOCjZwL@jML)kN^<8EgX`XC4906Ye>=8TF>I~|ASC9`9K%BQ1_)CwVDeA6se
zno*f(DO`L7a!yK0T2dORyU-({awo8>L{B2;c_<7hP$QN8pf1do6~MI;4p2?$;1+ca
zpPb*IR%GjCuK+ozbyBrH$w^K!RxK$vbnO9D!G_svK_M<nHql(p)evLQ;c#M5>cs+j
zT+Sr9j;s_Md}L>3InuK-C&&_1uU#_EngpI@uAKuaT+jZC_>RFinvFIyNv)Ds9|!_l
zJGxM{+G{j)*<B<hj>oiK^%Ooy8)KU4A&qg))MCgrC2c~Ev3e0u6_70@0!L0gohd0;
z2?;Z%=r}c$F(&CuEHy)d1JUcI$lAf62ktl!W#&K)r}{AEvOV<q3`&{=jW!k(lCk`r
zgzlbWLzgkJvcHx+r|c(uL~#VAYH~o5eUzb2Q1=WqBFRxcKqBLvkO_1sKp<SRQ0?2Q
zfohfFKNNwVd00rQvo{Am*~iHGRIT6PAN-(+n9yV8MKu!)dT78?pzeRzet~0*t6Z4M
zNb|4@L7SG{8PuNnRg)FF24`jxx-|6v=t)qeIhoEpv@9BUPC0TLl9fY{d`6?XNpykc
z!bMtUGL1)Adh7>abYx(q2;HviQjA`e=&)5J#Uy+HitTVzXN;iv`HV<(Psou^U1)vE
zs_(!-5Px0AOrMUntWs7poC4cRomzwpQ18f)id55FG9Iu@$w~(c#yA7THajE~!`IEL
zazR7!6a@nS%mS1aod;NT+|*lI&c-98<PMJUIWV3w(K1j5GuCI9na#{Fcu$pI7U*~q
zrzn%m$k}2YcCcD^Y>}|wU?Z~HeYqKrw;b}4qm;$w_8WtE_!VGt%O)mOW|9-dP`#&b
zjITvgrTq-ep~#Z5u%eli?Lg8n_EZ=QnDo@jY+43NcLK%;Ss*;nQcI!6h?<d@l#2ck
ztn|;Cz=047otVt0dpM3Z5&eiXf5A>B`X@{^YSM*el7fDas(40y76)O!E#@0Ip=-XO
z(P#SA7_#v|6Qe7nrCOCwzf_+l%La8dhFBDiR55OtAt)mi8VxrCOV(-7!7zVkqo!xj
z%_(W_tV}j4m}EGm7FbHTYpJ(WSBhaF)JD-0c8hES)H_aNq)pA*_m9rXh*MSt%OSfx
z=n~ru3OU|M8Q{=iEO?{$@i_C9i6G5aE>9vBf}oWc>ELr{Q0j_~p<gm?y5VLxx*rTq
z@-aXpO4xl&yXh!mtTF%Oqh$Z=R;q*4gs>q__mni)&#IQ%gPkj(vz#ALO#{}2&$LT6
z^wxa(jkSB`<Ov&|=$4P2rM6KPekt+MgTV@fl9TCcx|W(ng+uGiS+zOCgJMshw&TeG
zpJAgjLOVrg1T9M8W8%PQirnm?e3ouNJ2SP<BDJs>s2fKj4=0?wF>NzU__1Q&i|t#E
zyAT`3keGlL2-R@Q=gz9}S?O{EKpk-%WIkL_NcXqwYNS;s#yJi88L$Pr-I<h{iNPox
zthzXxa7^HuzUmDzAi^pD!+%`&$(-p*v+&FYW1}#J4d$!({CqjUt8Qlc^!&h;`RVeh
zg~KxAGR7jK$MxH*R=sdIj71CezzA~BLc?=g^hI`2KAXTYWJqxsT{=f##}KtmLk+TM
z31QQx|FO;|Dw7P=D-C+kt63jrEx;i0WMyVL)58XFR7|mMy1;yQm>hfAdNEn<=~qyx
z(P-y#c<otzJd-^ER2{9Ir;uYpjPcvD4x$!?&@vzss}XDn`VTt*EIYVde?keEu14F>
z&+mf?db%=XA{})pfjIzHn;K(`X0KG6iKB!D8N{fr)o*%nX~8#L#1l0SR=s>$gQty*
z#t7+afJWc!Uoes#Wv!M1pU+t|4XZn7aN{}F%LNT(b^c8n7FgMJ2(-4!S9-yrOimsk
zt21l-YRXZ)?VIa>=nQaFydyIwV?0{v5Vd$C2Se7ZTvo`>Z*R=+uADv{+RX*F03JB9
z$|R~b4dVtw9Q$PUl}4MaQ8`$Y!6R1I_}^MJcx>r5MmbJB%q0fc$gtS5(=dmSa}aa<
zq{(L(K}f}A5}HCNE^R>dG}>I3=J#c->k4XD7>04skjv0hrF@W3p_#T79%ebQ=H!uk
zzRWIIb=KxYkrv3HxZbgHh0R!XlU+{-6>RjHUB<|cDy;Sj;~e0RD@|o=t_MRA4ZD&{
zjWxPyXh)shbhW<OH><X^S!J#%#o$1L++>5THLtFx$jdS_t(NU+4hjEzT4C&7GzMOC
zt;*0i7@OwYFf34g>ga1!tr|-0*Csv}aQ~kw5)A<6CpY-isY)w@tv_=&T%fxOJKU^4
z?l}$oaR+K`zbAtOf5A5E58LG|SAFcA^ZyoNA6?zQ66~=H{N05;cl<4_@w*p0@v8qG
z#ooM{zm?dp7x;S;`}b=9sr`a~^#3&W{#E}yi`{^A|2AQ#AomLX@$W_KC#?S4jva>n
z--p<3Sle$W_8`{&`xJW<YyKLEhr|->XxL(FqBYZ$Zwq!rn7btzN(_eazLRzxuv+?3
z?FnIM3roo2kb@zOv?f|h?XFr<)|T52OWsya7GTfBGTWQB#n{uVX^LhqZK9T?H5Sdq
zBHMD?!?t&A2W<7U=HTEp@d$QaG{WxIhr|M;A$|*Rp+c5m56BiH)C?oOAFrQ*SzFpQ
zw)K|OiP{7oRqnoCkNwxAt@dCa3b7l!F7#n-!449Y6Z0m2b(M_en2%DJa(dqO7WSPi
z4hb=6Uaf^`-L;<DY=ib)!K@oAZEI~(7W6CbO&R*BFAfPd=nmF~YWEp5U%^h5&wVt<
zK(;MJLyf<4WnG)Tr^VB9H?ay0#8CT;RagsQrZZDE(+-B53u;y@KaPoIh6GZs&DRio
zQAhkVvn0O?m;aP2LEWnoHIw+48eEvUs!+w53agIC(CT4kPX5$dK<QLGTZ;O1HF#YV
zfaOnZa#LH$R5?@`%zTMQIh!&y^YLTVq;1OAnwM3Eex4QG;mF~ETKUZi!iE-ar&-^4
z*L$%)2>0}@_kJVq?)KhogsLzTgIH#&B8kz)n}FRwCY?42)3AG}jgOi&rHN(D&5ZZQ
zU5tH3on{^N#?QKHmhcYqCL1&__VSk;@asfeKws}%aB;p&Ns1coLnJ<FnPntr3hO9B
z{df$kJMH<9io#{;W<IKoA*(B9jgs>F7@;?L`LD|Vfe(ukHB+CuWGqJt(wQ8qJ?X-m
zX3$K-o%&G@%$;>(()QO2Llg!}exbxM`SMd2-i`*{j=1Y+NZ@hMJmjN!zPAs;e~`bg
z5$gA?@-FZa7;44v0H+UX$PAk<F=7zX*q|f49&ZPP?zLc%ib`pw3(T#i??SI#(!17s
zEz(}=eaoO3>3zpL1R81mHAde2^}z3ZZ#S7zNc?1QaUu9sw0;03#hHm^hAaTyZKq5-
z1KgOY-QF3XdaaM@Hp!{*-s;_kpBK9}RW3Kzn)j(orpjUB{NQzaAMwT@=NN<LOz%1w
zHn3LO{`yn(mSFIhE4d$I(C||i-W!atH1BNhqJUDFr5*1548I8Z%f?#_eqVj;9HdW$
z24XPWOr<b7%+etph2@^rVOI7m*Q`F!OB2ha?N4Wh1XA|<E}Et2ornF3?pfQtKY<g{
zj6zF|o~7{2|989>d0z(5f6=TPWlFc?;YOsmXjZgAD*}`h6%)%0A>NI%%+T7>-U`}g
z>d~`)^HJ@O@ZMhjyJyY8n<yW9=XjqocwOMbB4=jmQ<qGY<0AB+s&rR)`E$=oHfZkm
z?w5V&{#t1V%GY1=-ZKAaU+MjI^$#QLGjDhAFQBQUXXW?CS@^6Rc8>BV(Du*w`KTl8
zdl?#t(O!m|VV6ma%Yfb3pwj{O?CBc9HL(=!_V8OnPUT~JB3IOr4(K(=pQ2gcn`z{v
z_-+cC7kMuO(0{(Sy-e9b;^%>j#)$Xxrl^=$O+lL>3BY5yYNk~o+*@nnHUw@nP~^B|
zazM8Oc%aO>c*jbb4ZY)mVW#(|u3oZc1~w(0X_UiHTj_{jrk5cHRX4SjD^Q}u^z+yO
zT&vQX94MYuSTo=@0qx6tDU@UyqJOaon*o74)^Q%YFOECd3AO;>?sdG`CgT*Y70(*(
z&%>XWHQs-3=0QA_rx}OS3XHt0yx4qUetbXQ{(S2$o0-mZt>tEzKb-kmX`8%804KtT
zt5*%*#8C&ioAl~(gG7RnUbzZS$wHMy@t|Zvns!-!GtTdtd^hpQhiUxrCe7;f`WW<T
z;<D_go3E0YA7ABd%D~Lqbp0|i<)Y*q7+x<xA50xEX_&4`W98LfZYz$z&Kf|5c-!4q
zHj`KKf_Lky)dy)PI)1zn2vcD4%{UXxG6lLOFQ#keQ(b2M{FvUPsq!(?nyz17wet~3
zOSN6<vz4x&hT_+xZMwDd$+{7BT;GR$7g9&m-w=GM?NSuXysY<T*k9|uVC=xJnJZ($
zu}A%MuW-$ZZM{ET3a5{ED!B~<&&zA&d$e|w_7Ckst(A5G;;+)K*W%#2K)Y6A-=M|F
z&<tM~F(zv+g!)r4-C~547<8Iy_sZ0lX?JU#15)N|mj~oFPn#>_TgzN-)s`9*NHJS;
zYVF|vB;-w7Q%R4qxJ=8{(%|c__0}37_Cnx{&>Cy!Yoh?Ywf@=w?M5vgp(@QK+GScF
zEn3S1W-Q93LN7D0i0{Yit6izJ(HsG3)3veMZAjZni?F0l1qXL(Q?(w5xn0K1m$5~f
zSDU33Xk8?~m*KyycCmI5urAPA`|>_@$=uo$&7;lHI>=lv(4w@N+5)64HfUa>P1Cw*
z)3rivq&7$!sNF27o8_9MB^&7|!;V^e?F#Alb59wTY6%8bQ*DSr_ZDrLcE6US-J>nh
z#zCeHeEj0euUK1arY*5OB-9G0z<Ny({9KFUTI-is#rx96^;P0*v0aDN%O={MkTnS7
zdMj7?9uizpZ6UbYw+3sbOK=KAOT5W;Fr*Wxaixz`RLa2I=wtj2#0PTH2-KI@dSOj<
z8R)->SPg5Y3vByB7Kcof<qB*+PvNaOuCy{8IcWmimgEZSh$@8qH_`4v=oX2^HP%N!
zmus;PiGEl=GBK;C-C|2bnHPspMlDgg33yk3p=L*l#UUH8Vp;|&cv}yp{|e_WeHOAF
zIWd<*2x%m^!rB65X@XqLyz4F*S6N$#+1k~}k1M1-L8m)%|3K1gB*L^1jcc!<EX%b7
z)b9#z0xXuIx(u<h3LcsF8l+zj$|eVj`a@!{7L4+5v2m3ZsWq;uE)MzJ_6pK`B55`X
z6!ia~FH;*|i$+vu^gQ4Y{_n07P$%$8(abyL|8xI!l`JQq9Ff`#?T&zuKbPBIl}hf5
zukk4PPi-}jJC6L1l;v~Bzv-c}+EQ(7h~Ps|xe>~lET7_snR}=FuTinQYAd0~^6mt7
z%bD8%kQAE+u#pM76}Ux4?I!hY-87D&8O)t-*ydsEF;b6y<qn%a`QVp3J5Iel)7ZbG
zwkXJl%AVS{m;Bdul&IZtYP$gUsMOe+@PE34%n_q@x|xsV)uvh0RKR;EzAcI7L-~O1
zAu5gkjR0)K&0z(}E$et6FwCq+Gj+B7Sf_fV&sQSw9+A6_?IGBn<lnDYbAQ~>Q*Tzs
zE)8>cOtm+5PO%BD`s;tnk3D6U(-y+~JBW?y{U2$^K7rKsc0tV+>wDiI#u3-Qzke$s
z_Yz5o`NU^=TQOkYFSZh4cm64BiQDGP*Tt}nJ6Rrhm7gCY4-(<Ntq$0KjSfQY2<qTS
zPaE$}ls@bNnm)bmPT@aO9kX3ncG$|7znnOg3NQ5HB@*lY9AhV$+;ZvP7U)UE{!Hwr
z##S=ywU;|et^21v9Uw$(rnhL6MRDXCOX%;7j^;1!7XG}VpkJThPRx+Ui*Z{T-VZik
z*^@6fV^gWx6|N2u<4XqSOEUijO)=kPGL!{94muF-ZkNj9Z<ZeQYOYal#+EJPrDtPT
zJ@(1s9SHT}Zndq0zHvnD`?9_vWb8BJHe2Iu-5MK*)Lz6oD%845654U*I~0v=t^Y4;
zjygCFZ-o3`cQa-$Bik6d7UM;@KT;m!tq@iZwptqMB45I&rYC1mfvO*?xm&TuwpE|*
zS^FPs<MeM!RBe|hOkoqNQ@teyC6w>SBw|;82KMr!2UUEleV%xo3-9^DDueo(qjW$I
zFUR;W=&YlUJe*I8C@gTVJ6}bUlAJzWu>dpTjK>*u!qQ(m)TrZ*(4ousrP&!6Tqxn8
zDa&`~P_}Mk9Q}C`6kd$!fME?Uxn(*=UCZbQ4o3d|B_~t8DuS)G*;8FkbJUV5EjJw_
z7bwfAM@GELj*|@C(w6eQ+abkozSQhdT`L9ce=jF2td=(uF;ds{(xa(Jd<D^`MY1Bn
zA!^bzl9Zi?ozZglJjQe$H3gKq-WEgag}raF&(w<%0k4!vPK|xqN+H!NMAcrakp?NY
zgd1mR^2Hmz5{I+X<n+Pd2`|iGPcmO9XHk?LVtJo3;3Zm~<zO_9fDW2XHa4!~;6VfA
zUj5qi*R+Z#nwmC~xfwpd3{oQYvxdCo>zC#Wz<dP_rjmT2$s`F2+>@B%<U8d!c>==3
z%fjT&jPGZ>vyKS$Hm32Cpxgj1WySnXtzl9h6aDY<_!aoSp}x}Yr}mzf&KhsvKvA)Y
zT$YrtpGZBVq-Cp7%HgkW!~R6aWuBW#2}x8xl6)P26PjvzCilSqHLB7FuM5j}$=EBq
zofFkN!Q-c*y-i5tn=GER2{`<eZ-lwBaF`3<vN7MDGp3|Nc+5o-3`*H^R5ugkAsCF6
zW&h*N@x#*G*?8655of+4&ey4E?+ka2cMRdXhwKK;cP$Ni^5tGA8!8C9t;1q#yhr1&
zBXkQf{?5em3Ulr6(SVekKB4lAD)lW37=EJ@OaxK9TF>MCe8Y8EA9=in8oT6svS<Q$
z2aqSUp%7#$(h)m2RyB7u8->Oo&M#!cYC5%$Yo1Yi8m}Sv1quP5TA(!#zBAi8`cZlC
z0NywWc-^hGlJivBS__V@KoO}{cFS0mg8rIm17EzL$sz3opY35CODwO)!+J2Zm4rO(
z+@a9{mPj%VtC4F1I8~$H5DpNQ6BRIb;Jc~v{3AEIJT#6>C}~YZ^E6)L#F=FCNE8gW
z#*1crAI3aXxmE>{XNlCNAN_o1fdpuXuS4|9DB$gs(~ym++EO^`Fd->c_F3kePU=ld
z92dbMjEI(^$$nm*%7JpC=&mdr7LYjs=R?SbXPR=pvD4oL8aY?%Cj<IJih}PEVQ4Z>
zv#HTJNqYcX@IWEo!0IbP06Ab8Beb*{m3hl|4^<Dy6QIe>R1RmVGaKs0VG~$7WoI8S
zV9>@PcmCoiCBx_zIK0*I!Ya`6^NqJMeS9DzOXI<t@924rGi#7nnC}n?zQJ?qG1Pnu
zGXtxYcs<fF#5e1&Ipa6qp^`5H{#UC`>IP>4ay&r?$PtAGfHH>8ti~+THgy*3c&rB=
z6Xnw{<GnAm*8mBfZZ%+Nmus6if;7h%9@R=OdvbrLgd+4E96#ii{zD~xwK}i4=%=cf
z_V85pG-@F5P0OX(jl+)AD|1=n@hU$LUB@zv<tR2)aT(6UOsvsxeHyBVH`&dm2Rl=~
z#*cH?eFwM6Y`|(C7;5tLA?qu`=;i!ouwuxv(q&amDU<2b2T|GvA^8ruGHNWcmtF1Y
zpXC)`jT*-;IR?waz?4}pdsG_sD4Z(`79kHpsI_Lyj_^$D#aPf&N8XPbilgZHk{{2C
z7%UHj=V4cPuad1V#yI$@mH}6-3HZ%~fP$IF(L?WJOzU3S*{CSXz+>pNDmcUo1K62C
zJ>b+Aif)d9hT17TMIYkBlP5Q);D7)`@%)68oJ=`)gqNo%`0!}#Agnu&T~U)u^;)a7
z^drq@65y(?8Jc_)WQ+(r8b3_F<!3Dh`fZG~Fqq{bDvl{>n7Bwok~SU37xQqB>#n<w
z6E+O2c#5Om$p(jUcw2Og!=d<c07o^VfSHl9qh#k;$J$lEc*soUu=K~qD0_V4crx}p
z$yqRSsERTr)GXjYK@=>J=iy|@2^?R<W>HjfIh!<XrhdNp5$#o;PGJln#`2Bq(Tp~R
zo(#Pf-<UO1lXY}#7&!VQ_yz;ndGtq?><ay9ByQwr_vlP?Xw#<$iWuvkPA)*!5HU)P
zDpO;+e9;~=lw>|~QU+MybcoE#j;Pj?9%Fq^A26_BWTkW{|MBV*3(0s_8s|PRy?MTY
z#f(<xBb<@wNZVh0tH>1Z`S}UPSc-W9PfkMlxrj1oh$F!#X@3-(kX6jxAjAQ%19^ZP
zS5J_-Gf-lTbB*Bb!ZW}B`_h|$Gpxb5DL%_9)k<#Ak3T6b!@QFXf;wJfx(Yq;OH`Rf
zcyhoq2G~Jx_%`3pHq;mPCQM{3J);|ATULuJz9mx-lgseX1bIf9Z*hP+eTKEe^A);`
znVv6?k&+G$l0pRp9Ei@G&4#9?>9rgKqmE2V4m=V+u&d_LS?Zf3z9HOq>;@hnu&|H{
zWoVc@=HY-?`r({G9a0jo281E4#yXDA+^e?CgP}STJpo0^E(V=Z1`c`TJSE$WBfgo1
z>QIf<B-lRkh$vYd<_eQZ1gNz&T7PrJU?>}^(UqgN<&~fBKM6=KO3SzI<(v9AS${~s
zxDIB0JLU4O>~>fovTL-+219BZZ9t<lQAgz9k-IUz65V)8;kUO~^w>cIu6D#&mK6WU
z>XHjd)$N`z^BJCXum^YkX*Zq$@sI*c*Np=bF$f#7fEvh^=ro>O2yNz>o>=Y-7|mp^
z2EME@PMQo{-_sW!=!4@T{(Gg$&yVBz`8;QnXOB?s7=Dc7l`QM9SSU%At2od<d4exj
zsnAU1v3bxi;~}}vmWhn@nIA)pQ;r<%WleMr>vW|Y;5jP#<s*fG5>rk*#}ySVm$M8E
zW#1Uqx(7D8Y25gzL$Pt@D0CXCE``lc5d<6~%6hMnjHZU~OeMK!B#({qIJ$J|)G6$*
z+G_JZnGZfOhZFAc$u>X;!2CXDJ=})^c(QzbKm$NSz`1}%fX09(0Pcuv2H<Y4^8w8P
z+~ay7;3B}qfJ*?E0$Kq60pO0!mH-E!6@dFv+W;;Hv;|xNXa{HyxDs#`;A%hzKu16r
z;2J<DKxe?&Z+V(ue>rn^FLtPhh(<!gf3(0S2nF5>5W)CwE_k-N70xmI{B~Xg5e4k?
zg6fOq0$<Gp1$>4Pa2X&7?|e7MKcPF|a==@F#()s<p>V)uTz!NLg=>eeCEQTNPK0~D
zs3&?O^c>MjJP0=w-xAD%J3!*#JC4{@8ispK*u+h68zbaAKqL4sLg+c7iHMQ$!J?gv
zXTGgPPZ<^@u7FG2bCHJpbwGI*0P2H_b3{i`gg6cU5c~!sz8>!Fh`k2)Hv&9>`l6Yb
z0=EYsRQ?)>BzYe!+9Gu*B-9K3dcY(v7Xli9&ZThiZAWn}AVl)oRLYF<W84J@jfC4)
z#@i&X_(Gt#5>N=J58im+1hgK9%XD@C%fyni{_y2RnFsS>+H=I!kZF(%KS%P`T(pP3
zKDg`#Ix7Iz!>>V#og{v9$T3(90}KYFB5V*`p0$4tC{vECl}_-pq}RY@$OyP;xVr%0
z1h78m!)1AH1~dauUiCqRx-<#*vjCdtD(jPSCLfL9-VN7|8e;vi9$LU<>8N9C02-)J
zz6=Y6lv$puWOyT~Z`4D|h5AK4+Q_(INeADgl=7!+SkL5vvf3#9%&oDQhkMfI_pK=7
zs{vI2^272sK+5Y8_W|z7H~HHGU_OHYodGO6b)S4h0N75HT+R{2s7LBirqs1ik&pWZ
zpfnn8Ht3ONAKa7Ie@M5rxDIYI0N;FqzA`Qpv@b;+Dj6|;Ab@%r1~?BuS>6t}F<jQc
zxo~^KWnD7=QO5mbxJ^)EwoUSy0_YAL<`4n5AyP7L$}<i?{nhYW443@01yC*xLE|>K
zLjd^ZDEx{S-ct`KQ<iBRfU;nHx&f5Y`+##1LLG?(P}j%94TVej*F)N_$cM70Tv<+*
zf&6NSWg5zj{TTUR+a3&Hp6n+s0W<(89SoK<n<8aPq-ljbC@YqqIQ0?Ed!`}3Dl7<i
zly$J7d&FZrTUC$<2V4Z02<QrEg_s7QI|TSP;5gvc!`%gN>!ZX4z&Q`VbnGKY<3_**
zz-lTXSoV`wBaFIw6@c~F7cPN)3uTuNn(S{V3zk0<ZevhmpTmBYvL)U60O~K@{(ukw
zbw@+VS)b&M_0ImEe#(C?T-GmT$^MJ_-2~yS;WkE@sB>&zlojLH_Icj~ROwQt9pExg
z^1^bcv<j~=a${TR1hC?;Jv9T6rs;+v$Eom-2hF?SQfA~i9xizt1DAR|0xorgvSohM
zZMHp@xiRpg;F9m=xDSO(`7;mlcOJ^ZeuZf{-cUv+Z%TjcQuZAYeoi%D-Pl31CtSu6
z=Un(n_a6Z25$m1upgdVd>K*Hc`a<5Xg4@Wzp**OoO#!Trh5**rc}PS3ryQx54C4q+
zJ)z9m_L)|-i*v<r+_UYmU9#W30xt7n`5Gb}>zlHp?vQ8J9p%oxfjo}`uspK?4Uqd-
zxXg1J;9>xEJ`q4&q-@zAUj!a|fga^ZePlhg1k?uw>eN30Y-2aTWgSsQOivwS+0I3d
zHn@}v`Ah|<a@yq>kq$rWxF6he0W5DEfHGqJF^uJAnG)cJfEvrx2qC1&vCRdSeFN(w
z1V9-z!jJWGAwcPs>QgCahLb+!OueS=un%I~dGJ$4Z2@#cfz7tY{vro(Gk|qN*?9oW
zlXAZUE_r0zXE`|@vEI&sb~68Hd9P$bJk}juj&H0((zJ$C&&=?1AO)6@G^fL*EjIx!
z`>*HVQWsbz_BP~W5`g}hfYAV^V|nbjW1WNp>Y)Wuj?@XtfV|ov75drNaSUMoGb}DX
zuP)=SL>TpjIz^psh;Zt9DCkpu4UwMhv#E4B3O7Ot*jF|OGz2t89?gK?P~x5M!)4#C
z(y>jme`*GxtQw${N@h0P*OT|>fPx)4GMr_g9&)5$AHu$jc~Umi!KQGV%X``Z45zhB
zy(Yb2@DVJ_ay}?9U-HDXs*h)!!XZuKk{0u!T|pa*c+`K=GI1zB#uJ}1Wq!2x*dH^0
z%7|eX0_ZXwX;OyF&vY428qENtM?d4ubPCTV>$tfrZ4;EA^`i7q$%A${d){+pU2_u4
zcGyXlSCca2SVLK!1F6zwA4j(t(vWZ7Q$FV)hHbVv?%B54P8#4xouytdob8Kkk9tkH
zT!ZxNUoJ)p;#?v5XS)iPeFj~A1Bp7x^pqphQ6}uunJ?St6-ZAylo#`3Uru0MQ5Wg5
zuj1UMJ={hBwq4TTJ?n|_?5CJdV*vG)X&KHuiOaGQ-)x7>gK<p5v~0I*W4z~B$v&KN
zz7#I$kblOJSIU7hA}zK*=EZVR4kj<8b(N8Zw7US<x3mCn%$I)VO&Tl@`DS|6{*-)J
z=kzmA;wYJ_afJCYtsSw-g1HdoyGY732>FJh)aRfi4IoWBdb#n?Pqt3>2|R&~rK1i|
zH&_o$!?_y!7M6u}8~bjC+i>3qv3}j)=tS#8!<ZWieA?z+WPT0NyHe|~M#@Gg5qUTV
zE^}cUR=UmJO6hzvXn6=M4OMS;*s^R#=gT^voY>AdlVBb4o;)x=rYHC8tBA*bi2WD&
zrOedKlclUD<IhK#P1)KJe?BOxGB%cV$oix$Oup@iW&LxkV&6>Nq5iWzOqo#j%$K^t
zF!uGP{!nMAYt&s6kGjNr>JZC9T$b64H`ADYre}G~cCTto`OSOUD&(OffV4&${sOqv
zL(^@CdzOW5mt|)<(q}kb@~`><<)>t+U!=)<jy2Sgt^nfGPkE6J%fkE_&ouNW82)g$
zlsRcIEoImW_vASpK>DK%_iBWbNAkyb^29ozOPR6E%!m08HQcM<QbxpMcqag9kT;f}
zvNQQ(UZy-u_Zozm<sd%gNB3F)`5q2n{wan($?&s{P<HHR*eaMO`)~Gj?9<J0pE6;6
zGH<1~ieK_dy<#}|H(ln*d&;SLIQ@(d0WdvzARgsK9vR275|8<^k0LJ(Aw4s#DO=`E
ze9DLUu@5$JC=be?ek-4}O^8pRjQC@I<cBm!&!kU&NXL{v!&QE&j=4UhXq$K(LzTSA
zy9OXl%GJsT{fy_&<b`-F57TojC0$i+MaPsS^XHF#wga|X_9m=D>ORMA)*Jg3_Aj)H
zX*bXYst<odKqL6b1M?;y4G^aMq`^6csuS|eaM}wT*T@t3Yz3ga$S-9_K4?udx85?$
z=5uK``E935kQaF&7s`%ddtjN#2m93e(AE%WWqpifs{M3AdiM8MLH3MiZ^?RS2K)=;
zc()9G+GWg#wm~<z&5$Mpv25c_L7nAl9uy?rga0}J$1>U#z2No%Gy+x94#)i<0Pm;3
zC8uWpK#G(HdFD9EHbdYTOxZJx^};kAB`+ajHT*0G>wx;!4Z!sP+ObTdfhV>Bdr+`k
z>tOx$fuC(~6@ap4I*xJo!X;mnJ>^B0I?@9!`vTHrUexjSaMJ<Q7xKliFar0T0knCD
zMOxGW#?kJZjC;}|9_4i|WH}J`EW=;``QRD@X%aXtkWa>430MlCK2Sa^8)d<|qK+~z
z;!wWijWVSyh&vC!@-PkQ(njhGm%OzDkbm}Rlrwdb{aP^O#=2nrk`Gl5e?LM#9tDuM
zE`V$RX%L^~V7+$*Fwee#%K=${g@6HoSilMZ%g1t24$A@5l`8<O3x;n1kXA47!!*R9
zKF0y_08;@S0Sf>g0C{Hl=K|Pn)&X1qwk!6r(SQd5Ie_MXOaNs<8qAORvJ4Xelxre@
z;fn#pXMW=WcLTNnh|7F40QUf<0GJnf8w#N8lL0LOw*r{H6z~CH1Rxhs4EP8@`Ah=L
z2Ydp!4R8}+4&XQ-0nh_Ly=C721W;~afJ*@{0azDf0hAB(W*qCDJX{T6Jj>b$z%Z7R
zZIxl?0+<)a$#(&10M=a;>YruH1PlVa3Mc{$0FWl@r37#>pc^0(K)uQU+z2Qz{EOfc
zST8dHM*!3n_7}|i2Gnr`+);oF0V#lyfW`pQc^z=}3Y5U_+6nELc2xUDJD`1~eXi})
z{;6%(UejLEUeKP?)@#pb>$J7nYV8SarS_=ykhVhmhy4=!1@>n4bM2vaoBgErv-YF*
zo%XF(rR~wa&_2;V)ZWov*A8lXwJ)_#wRg2Qw3oFPwawZFEz*9iJ>0%U+o(OOJ*_>Z
zt<hF#<=SJ~!`g$|W%f($7uwIWH?p5&53%doFWOJq_u66YYi*ylTid1mOM6e-rggPn
zY!9<vZEtVC+}_Imxb}!vrnR)UuwP_9-`?0>->%t({a5X{_JejrJEZN`{;hqceWdNs
z-qc>vDz&ZJCatGE!rsl^*?x_^gZ)Z-TYGE!$J&!x6MF-@ou9rw;|tHCyM}cR>&%4a
z_p^I;?i3z=nv~uN`MY(JeR8Kx0&OEyl;ePr6mafv82(T^?Zr`GO`0e_PvqHnA)dTS
ze1|A+i&Fo?#D^bvulF|b9U>J^7c=oG@%EsJBv=Jfbl?bYef}GlMF@C?DZE}UBD`?r
zzu3KdH+XW0va&KUZrnKGt%QFZ?!9Hm9H@?QqO7t~M3?Or;{XiYy*pa$E*ppYaqt16
zy}<X1Xrys?D}h%jynwRZx~SX@*DFM2CDS>8i@dziqOuG$D#sxVbN~*=I1wEUKah7<
zBEfDi!T{p{qD+7R5k0O9JeGm?GVqIhz-t+xa`$d=;=~D&mzO7si;G27Rh8JbZJXG+
zbEhaTFBcUR6{57XRGdKhU9LQ_ZubeX<LC)dR<RBA%0*fEI<alXPViDC*6ln2yc78H
z^9fN>QUTgkqO$6QaOJr`-zB`DUs75OI_1c#T$B{AgCF$EcZiD09inpQZsfaLtlL3a
zM@7Z%qhcGN9CRx{rxN+@1mw9u%UdjpON!x^3Rh|w=%9Rk%S9e|a;26FZ(g}5EhB%p
zM?S^Kr)*t?C`Q>!$}3T>N>N&}O_Z+NA<DPyK$!tMc8GPAJH@(fJ4FQn<*EeifGmnD
zb^~v>r~rT40Hu{xVh75%6Y|;(r~tp)s=)IO@Cq4i1HaqA>u!L{l?s0HAP29=^Lj<!
zh+>hNT7vr$$e~1}jwltWu2RUX6g<I&yvxc;Mc+<kA{BL(it@Sg${@os)CHgnWsNQu
zsVMKb5hyPpmE{KHvFyc=Zz<yXu0uMM9px`2lmW`uiSl*p#E20UNLK-QRR}L2H5IY}
zq`KgGD^NFZQHP}j)=^o7C<m05LymxQKq=(8j!=QR1{4=pBCZnj;X=L@m5_DWHpm;W
zZX5I%0NpCB*nxP+9k32^uK-j6N-B0DZYT5-x(E61fb7emqdOq)ozT;D+n`U-jjE$n
zq73q`guHhEst8AqLT?~@=*mv$^HIRIDjoWw3;l#HQuD@PeJE8pLQ_RTLaG>-nu@Xl
z@&Myp&>5HL8;v?j&4YfiuJWK;fZ{xH_Byo$g8rH-A|e7A5l-uhIB2)`jQF-^&u?YA
zpooZX56Vk<tI+^)`@8FVMMb?EbzM(*B6`}th<djduBd4;fcXBD5eIwrw104Ybo8=i
z*GJiLKdsmG(aR!vr9_9mdtJ|-2Z;d=4oarKwMRu=cijh}kv)1ue=scy$dSQ4di3ax
zE1^e^W!LxW^+8mx_19m&{)6idl4tw0>qC3J+w1zs<mAZE(EEwpJAoJfd-n)NHYt(8
z!NDolNA--bNA-H+`jo+0(?TPAhc4?898BDj5)$WCQi6PtWZAN1(V=eu|BLG*Bb_~h
zZzx(c_k*Hok2sTWPUyXOLijD~1`Mct`Q^$-oFzB+hzv!+r(qAa{b0lwp-A1MBw_Ho
zi;|LN_WrrY&%cHbcyGjr5xKda<>%i%eQxxLrOV#v`$^xv)93apj)=JK`W^|3Ut3aA
z^5Zi}i$(?iTKdb-7A<l=+tvNc(WA$V*)#UQb)^#rY#*7wXV3J$UsMGJt$%dMk{dpH
za>Bj$ES>(%t*Li^fA@PWa=UjgD7fRsef#z;7&yAHeC?NG3-|1qJF{=kn}UKepGnK?
zJMyJlGE!GgeCoLs9e;3*Xp#HrtfmEb?AteP+>Kuq6mEWg<lAZY4$jPZ_n+Q~h><tA
zch0!=qg#e;-CR*o{@9AUJ@3x~deg6O+!woG+@bCTg&(}!<L8o+<Q|dBLVI0z@Z)!O
z&iFVlKYsXt%D122nz5>E$NRHp%_{hM%)Zz`3vRsej@zz%v2^jWd+r&0vPX~L```HD
zU-2Kse;og@+x_h1C)cD89r{B2u1^aJ_T4xxcF>^28)N6~pZUw<OCNr4={=#*Ln0%W
zt<M`i+2xv?J^YntT|<YiTyghX`LjnuGO@A5kBz-;{@Zu2cx>Y1k1u`g-KaOO4_!Yz
zW7W_;efm5#^r@%%tbJ_a#25ZGdd}!Ew=GB<bolVX@wbf~_`%bgH&;BiV&Z-GOt`^*
z-F5G|R+mqF42Tmkg0J5C^vD@A2F@FE+o17rNA8SUxPM^L?wsviM@*?$`{2sb@SJ|%
z&Yu0gD}B<WN#&C^Pue=*t*w1V+&bsB+ipuF{++iCEPQ0y8=p*lb>!6TQ?_n=BK+Qd
zpMO4k_Gce@*0?6ezZ0MR#D*2m-5NLcwn1@8ad*beADFcLSn#s-)4qu675zxBk<Smk
z=Z4qciT~H<pJjiz%kzHT$Jx(q*tm82zjk~zKQ1mVsqn<)gTqerfZ(H-1ustdVDG`I
zsrKc|m#00tCN+M>==a~B?Ao$n)r<LW?HUdIq(u`-pPIS-*T}o5<cpVHZ<oEnkRd5U
zmZxqU_U!9BJf5eXTe<b4_eOj<aO{BtMg7ul>GRRZjAfzAqN5*pcx6{K;E4V~x}K7f
z^6;jNhaS4G%a)B3S9g8kz0U^@99uZo8?!C5Y-|3Mho0OP^+B(#Ylo>$;=AvTCj{TK
z5)yuF#fpiWpC7*CvpI8ao!jqQ^a$G@>hso!&3#;J?n_<!SXYIg0*3UTN*~``zH!s)
zVYjS#rg2{0$9=0JVqy?q{8E=qQ{LLNapT6v()%fV{NJ=U>V~DITf<Ysm)^7d(aiNZ
z|NgfBO~5}I(f{9#*9}d7D<i#hX<r{YZw~exbwlQ;p404J?-$oudL}S6?WOG_b8`CC
z=qn*DG@t6%(U^#Xqk8ra3hECquNd}r#%1aE7=06hV;E)Po`!o<%xNI~T_~p>-Ok3U
z{hI=IJ+D7@&r0mn5;$Esns}V2IsnlC&WCw<L!_hrg8cWaATQ<^yJ0U|=cb%1a$d=K
zqY&fNyt8aKY=0r=l#Xc5E8%e<4#4@OoJR^T=6PP<{Ba!SkGma}a;_@pw%*-xe(S9a
zoJ(@<XwD@$ujCw(b4kt%Ik)6|iSs+o8H-CwFh?rIe1!88&L_6XxfJJ`oIi5DY0fK8
zz?P>yFXyAiyfSqhY<846FRuh;F9p3)HE(j2i4mM5C18F;Fy}~c%gV|zPbtUzMa`4O
zA@96#>o5<(oYa^jao$sgIZs)snlrA$oThRc=Qi6gPuzw%5auqJ!*K4x`6K5qoV%1^
z?jq+eC}&9p<YLSl<@^@)!g&nmxRpEA+;J!7FXbq!ImhL^aU13>sjhM0CsocLIZxrd
zw^I|$O)x*<93_wQ6TpZBubNw8epw7T6c>9%#6`tOTa5WkG2{ZkeA$b7;GDS_b8ybX
z$MwbBa~xy_xh1qO6$yPIH_k=Jl>#4f1b8_gC6tw74hSemd;;d5BQPJuytKF&P~xAL
zmX~9`3Ym|9yj=v$O}&tJYAWsla(?Q<{4~#)rxs%!phV4AOE70G1(X3w%0VLn^}%|{
zTL&I7j|G&_^&$-OSvjvSL0BomP-k*(3wIswImeBzK$$9pi;w^qQ6cBM#V*|E;oe&T
z`C;A)C;{XZ;~v1dZyxkit{FfFipwz91#te$c`w%yDk_1KS_!@?!B-{b$#9`3Twf^0
z9GLUqQp|%n7cR#<xVRMaUO+MD!+>>wQp}6X2$&mJ0Lr0P6@YT+7U#)30A-~+kOlx<
zD*<rsybe%~^^!8^9M>+)IW!vf-+KKw#_v|Pt1iF%@>Z>af?Bo0jlA>IMOfQ5xUS+&
z`!+c7xlMapE8_xMtK_y<?YbxGiji$!ZWr7-Dk^GPRO@yxw{Jf{YqQJN$~Lxbn|nqM
z2)-gX43Sf&Ov5!Lr*-S#E3UXA3^d!eyP|dL5ox!j-PHQJyut^byz<JSx7>11UVd2n
zwr!KIy1Z4}uxY(}<%DJSc<}le*X;f|F>&IgN$Hu-EV$)1*pq3kf`)_@cX=UZ?$-3p
zQ|BBwp6Hy|F)Qop4x?XBN%=(|i}+6~N2TuB{8pz<@pIzFjXU0OVpdkii4#-)71lZ`
zxLup%R!2waCr@@B`tkdl%0C?EbWZBnwOhxI9l9)xjxL(rI=EfiTZe!6(caF3x0F9}
z|KX%blR9Q~>(;ev`07Q=9=_|Q_5<3rdA_`FpFTI=+;`v&tA3p@>1tOukGork@FUNC
z@y7ba*W6^YC4RH9-=jC&_;|&Y?|hxwp@YlQy}LVn#7no08FT2pPO)o~e@jXl|J8^8
zzV-X<uMJ9>banUc-5tNDUEf+8*}k;h*k7I>a__y*4&IuS`1A0$2fa7?C&XvQ#HHLB
z+&Xyr+y^g*@aNCFBPQXg7yr3qP`_a(CWeQnWvp8{df3v32K4XyWl)cZpzQ3ZnVmY7
zlni|HgW-u2QqwLEN?Y^xkDqV7a?`6{vW`cN+*Nwb4GI00FIn+Q3q7M1E41^*&p+D`
z9}Dv8${72}cga5_kG-lD{gDyZUcPTnmwh%B8PwBot<JTVw}LI}3%NF^Rb-Eze#BOh
zK|O%*-?;wP#)r(6z2N`<zvjoEle(jwf~9t8tC)65w8b_NmV2ZSzyJQb_~n=1#Baa;
zE`I&>H}UIlxJTH@lPAT=-*trj4xE$Xclh;_829zx#G!A#5eL5BCtiHvJ@MH6uZWH7
z-w-cudsBS$<(G0D`=tK6*!K2kqU@nJMcMM##ex0bB9C9i?S<Lm_PNtU*7yg-gbC$h
z?67h%d)70e?D-GG_T68Lua6uS4?Xg{@ZMe_3JX_@%n1*Q`<J{S9@wx^-1p2DvFO1U
z#fmL&iun(`Br=mWiN~M)SXA!)LA-bHuvq@YtD^M2HDb|SMdG2A4~P|ItHj42?Gtam
z`?0wDu{T6+?s_qC>?+}zv|3D=xK<R+-zv6#dO&R1cTBwX-S6Vv<GOh6y?=>^mpv!$
zo4;Lnv!538ik}qEzx0Y&zUoEsAjXCV*1jed-n~JjjCx#5%YR0!c<l?Z{PjcPnJ<ou
zjk}MFiqDUVSvf1kn1uNvf7(2;eEGd%6L`P(!H2~|Yo8HI?_Vco<vk|uF4-n->UoDK
zDBCVdp4}%_zW1Y8^Tn^?g<Z$QgZI2D9$vLUJhb{5@yfRC;>RC<6ziT^E9T585Hq~9
z#imzY70<u<mYA3_S!B89i1~M~6-yr2A|71*3d;Soa8H~m9xs1ZyzuHf;)9Pq6~~bN
zi!Z(quf6uVc;bmwV*2gV#nVqeB_4gWOw5>myYRT&Vsd7d$eS`nJp9Om;u*v}{@5d;
z^2Ha#4?p}MKKke*@!4meiSNJvUVQuQw_?|4yQJ-S;J^Xsh%SDEzT`zVlTZoWij5pC
z2F2bY;s*{Dj+lYMF(h6L?Ke;i866`A&>cEh3>`FBgiTDu6L2ApUfWCpb+$jC7l2n7
z;EZUEhTc~;5+8ojNc?sNX(NE!6ToJ{w!=KLl5zx2&JcK=7yLT~UT_s2@Sj09+by!Q
z+<5Z;pYa;qq?sTjoI#$HSrqW`m`z@G{4;DWm^bCt5n-oO21TLn|4?kx2nv#ap^Jk<
zLxY0m&A($o(84<xmE08+6dF1WYmPH!dS}g^Gq<3ysCeR}^o-0b*JQURJ7-F6-qZ_5
zVR3BixWw^E$<7oEGZSy>KVaaXgqsHs8G6gG;Uh-g+B539>w87V^p1^-?{h=nem7p-
zp<~!JojP|3@7k^VwGllc|8ZGMN2}ItE^m89yY^RJ6%^FCNz-QMo!|U|pbIa$_>xP5
zTbN@-!*hcgk)PmTTZm?_7a9~Aa!&mQL9EVGUTO|~N|ah7&2-e2PJnTMAmPBj5Z<=Z
zIs1230%s*~Rs#PM5-{yU*mLGBCO9W+1rx!HH~rOJGyacUrXx=E%M3H!>hab6CLUe$
zzBU{){{Px#-X<T`yv*?GVb*Zi+cGWPUw{2o|M};iCBTjf2)E){?@60}Gt8P-ZDG~p
zO&rs;##`^nGcPmDiqCuU4SP`k^2;yv&p-cM$2y~a?AS3KHlzOa*I(<04jq#BKmGKR
z#AO=uVp*9UdtP+dmHLq*NA$yo4@-J<3EzG9ozAqs{PK%#%Esh{F6mi$GUKX;GfyiX
zWlkWk<okseUeKR<>M8xXiVFSBH{aCX+_p`B@x>SQS6_Qg|Mb&Obv&)sVS~#wOvihM
zG3`J9`A_|gH{Q@ID=YP_TenKsvSo{OUw!pe{k`{g=(~39lK5s>NW;nx?@gXqPLu!I
zT*{1c`R1E%q>OiihnJA|qmMnNFD)(AvA(M>S+YdG>#n=>)ho;O?QgxMfBEl!>j%F%
zB<q89_0Bu*=vV{RAAkID{l5F|(@RQ9^aTqR=vW`t=gpg^7Zm{ti}XA1T&UlB?>+h>
zk31q}L|N?Lzh9QctRM1$hr{~6kq6eg^*wv`NWRD;>(*KxmXW$aytlyDTW`OufBNyq
z`YzCY8M1otp)%xKsACV5o}Ztu-;c7eZ13*ap}&SY*|ceszH;SC@N}=__4eCu*K>1o
z^_-j>Jv%!`ce~vZJnkHQ@?^K}$@U;VN54J)c3H;Nt5?f%Z{ECFf9a){bk@&v&poF<
z`Q(%Os#UA>C!TmhU%Pg#{_@K&>z{n`iPS}tXX-NMJNn+ed-Wafy{E4Mtp`^;ps(Mw
zQGXu#vlTSUQ3u74U$)01p?Lm0eZ`6u`XdiNtlzWbZpgJrpD|;GJ~eMDc%CA8%?6Ji
z5BT=Dbl2o8xRWLCuE{PL=E<Hc@p2)PIdkUt>S*D@g{Yr9rGM6}**cyz=yT@I(HA0&
zGJ4~UZIWNM9o9MalIa^ZY|x)wzg{l~?+Z&70l!#(_;Kh6boAjzAJq#BigcIDqd$cE
zyB06jbEf6%v*ym#XHJKlbFy_8<U5)Cfu~GYhMt*~1=p=-W@hUiSHAAf%+uXjdHUpZ
z)JImX?#as0GtwvNSy`F-lx*O50C1;F$<=3q-+A+j^^!Xm=}Q*hr7wZLmM*<lfApb8
z^!3j?t8d@_wtfKp3H6<AY|WZA62GW;zCLqyfu5b4t=~R<w*JV<C-qPE9?<vv_>=zT
zC!gtCUV2OaXm6GN>bpDid+vQ$pEG*_cyj4ea$L}nEb!vibEbH8@67x3*|Q(g3yW9j
z^X5OT-+k8>@UT(8cj<HbqYrG<A78Oqe{lH*ed)4CQT{^RlbNpPpsvV!Vc}f8?4bwH
zUu@8~z45yK{*HG6@97_Y_%D6u&X4q6Uw)#0wRgAFAM*df2Or2bM4k4|oTV2REYS0E
zAtyIvh<cx1RIIOi@fCgd(c}8AZ;t7^jvUip-tnRC%9^aZGP3l%DN}XVM3<g5F<1A_
zUZF3!b2IpQL%;v=_w>@0+x7cbzo$R&<PQD*b?@m9Z~0h%=G9&LQ<Z?%KGiq8wM&0%
z$9{eJ^856OiO|c``TGCY&Upn_m8JK-%H;=F-AC7b@q^1ResL<7>)va-#-32Nr)Rp|
zGt-$FMAO~mBoH7q5|RKRA%t?y;V8$WqobU2mQYTh0Fn>_gb)HGAt8SEzYl#t)1Izz
zyX-2vrZ>H`_St*w6~49Bx7Pap-@k(bA}F?6>FOD#se6#t-VwToZcx)UO!x3DrsnT6
zx9~u+-{85%&+zcD##E+lPC9B_I=NjSBewz<PhXr)p1|qE3HI$jMnbBYiN!T$SM<%;
zZOuDxjvl;#!v}u6^$+Jc=9G$CR1;otEyNc0kz6xIO!*ioRnwRo=doUYh<RX%{IMmh
zL(4ReKB8@MiN1wpMsM8Y@XrI-`&K?-p;Z)?Hd9eIPI27?bscjwUtgrEeT<HQY5E2x
zrGu7bs(Q6X<XNo5C7U?sdC?Y<vMrcvd-09P!^<-oZ?6zM+=Dsk7)EKwI5#%dXd0W~
z%+X|i^ygRkqu)EiTYrC*08=+^5iNvU`bn>!BC%<bnA*F<*UeKg^pwJz&xr4TOj6$p
ziHfTxH>jIfq+n!$>(jG1|00J&Kd8b|GDp|M0|stBq@m{y&4Y8aj^3teP<=IWgZX=R
z+1lQEz2-$GWfPxPKtMziv8G%)`X?x=yG~SMDFIjV@wt$rIhV%1PqO*sEfZh5G;;WO
zHE;b*5`Xpwm-yrVwI7d*MTF+}<CW4!gms9JvN1eN^Eihs5Lr1-$<T8WhMy2MvPRD6
z8tJ1Ol-yjy(zZxS%R_o^EfRRTglMlO%IbPa%c~_U!i2AXIOjDdBeK#dEvuudwuxHJ
ziN4WcHrCc{>zcK(lZ3nyOqMF-V@P@b2sOiV<dyf~tN9n~T}+ruCH{vixco&am-m$6
z_+9~@{3wI>{yLtY{H-?u$qfV+_TyJ@ld#eoTrIi9;h+gl`%Y2RzlM2agQW2die}fT
znp!7wbe*!B>!g?6BdTVJ-i1YKOS`3CiaF=@rF56Z@tLF24JUAx9&>kb!B6@#Olx7X
z^mV1y@*6iMSbnsOxmoQktEHlQfa-x!tX=)&w+>@%945WIm7v&4LW3%Zj4mZ1qgH)V
zitnXT+`i1=#AoRoJe*2kRy%=~0j`u!6I^o}|LR*rv@T%LxGBE5O4{&aie{eExVTR3
zt#yjVpHn>gjEccEil;RXX6A?sF6H3IQ8+tkEC$BleBPfk7yR+mnt9Q~O}fcVI_?~o
zq+=qr-V_&?F)%PhN~QEdNjKS*1DMLYF*o#Ks_LY$trKBrBq>B{PWZ=J@eViRc{LBm
zWBFQl@;T+0!`1L|l1e*>*IW&0oF=CE4oNMGq+MSoe`1Y{@uw6_uhV$<1$FnHQ!&4;
zHf>;4Ka|~Era`)-ws(y8f8fr6pPO(z9E{t!G>(0ya43}XmjW=EG`16B2nh@3+7%zJ
zNhgMegkvr!B(JTHz@&0~Bg^p&wcr_0%th(xu*_P5;>$JmN{Ps}a>1_%C&~Qesca7X
zvWU08m&#AS7pZllhP>KQ@;fzFhVEnTzen-l1FUjNEtpy(e|Cf7*)<v$Hfg@MMfJin
ziga(8Tcbv@@4UN8Rz?#)|BI`9@K@RF`d$JKKZ)nyPxCnNP8vtlp3JODY8&e5=+xd(
z`@byh1(K4Jw68Q199x2in`HWVHfK***#AW~4tsLhyC;jYt|c5gE;)Z`#rZ-Zd-rCt
z`(I0W|DQ7X^rzW;`feP4T9-`q{TeGXR2ceX;Ev|zG8MB=6gH?_+@kiuCY|?R(5BGw
zV4b>$TU6dzrD^67&A0ARSJO_6cOl*<E%-Urap6b<4*$o@M}Jy~!@s6*!Z89Tmk>NJ
zN0ORR$mHZL#>Pi%A=1>uWnVMrj%0G`;~e(Ct-5_bi%<U{6Ni6R{B{m|B!{DVck=yQ
z96!v#{YU{J9;L+iTd8OoplooQ$|3Ewr|wZYvP99uGUanms9SnY!=o*FpS)z`(Ka2c
z+YGF$9cn}4oa#Qa$k@XN3`swhT3aZ}Yr+&)uX#K`Y+yIu`<pl<c^%keV$X*rKK@x4
zo)?oTt<-utyTIe8t7P{sklTHm$ifcXuUT<Al7-6`d7R&yi<?6(&b!j_*q4pZ(R@7j
zrx9?Wn9$$~f&v@0F4VB^a2_!kLo|-gQaw6H{q!o8Q!7-?tx)mc8TBh#<DYCZqBeBv
zzGLMXHS>>Xm|LR%)-o{(X#|FbkY8L$W9twt?c>s)Rn$o??JWaX^4l>*_7ULRjMJ`a
zwIv4+uXHZ?gfcUC7gNUsS-m&N?wVAXA)$4Ui1Gn^vKu(<lgovm60XHpk!a~8zPO2`
zvNl4p>N%)B*!4*jKls}mjvXweY2-FT4>vR(9#M09g_e7346JN1vbv@EZ_>T|jG<?n
zbUj?AZhC>q)phdB?Y#HyK`vkPBqTT#bFoGH#XbfGM`>&Cp`=W6FDin#m_*9TYpAN}
zCE#i`j>pq+@rWWRBcJ%fN)k)zNUCfjx%xWUog<i<2MJ7XCZ>9Tn3@rMQ=17ZY9_n2
zPkVtLLQM@E_^eoahboSIT#2ts2{rYTq?ZokpWRJC_af~JPq_Z*8H1~v^sYQ*?CF~1
zeV<)lcyJ}UgxTfCg!vV+Z?8M&U7b1ad>$X|XT!t7krOTv;UTzR^v3C&_RYc9bOvc)
zd3A}0I(sfGtkBstq%kx{XnZ6=aZ!?SEY}hf3C&EwD>Rc6`%_3O@1SUS9J9uDaN%`A
zB`@EEYMd{t-cD8Q{<wrwd-F*Ouf|e3j;BvMQALxK4LzXa&JzZnY|tmU-+c6(>3geq
z`9!mOm-gY#g*5lv!kXF1nZweD{yICjx#8yOhKGlz_P!pto&Qq0?g~eaN05<Sz|8a%
z8|%-%I%2=HAGHaL)p`+q75@l70;2p0NeI{8JPD`wN_7q>B+8OYRB<_Bx!w4h>hMi#
z<fwB2hcsqB(_FshUPghrhw!v65_4wA(%z?Weu);1|Gvdlh95p=^v->qGw%`@nToe}
zCi_0iA<H~UbJZA^T{7_rk0m7|#kSXvhzKJ(Du#sQ7~I?v+5LXH=5sCU>(5@F^|!W+
zGrzG1+Lpd|=R$x7mxI0V3Gw1;s2?t;5;*s11s={BoN|rltXCF?Psg&$Azi=gIp9#j
zu7AnL^<b{_MH{}M^;}EoAWw6t<<=7Qvkz!h+$;UkGd;u5<fQgo+Z0q(5gsoccQ6%?
zOPZq<v&00oaO!LdS7Ng$uBo6^I=;E7lk%!+E}k#rmp`r~P-~B|-+X=EeW`Q2!prTK
z>^r%aLudD){~0!?&O379@+Ix*1336WE}pw<`S3@{{L}YidGCiQ{P-_Z_}TX|`1~jN
zTsqZ2)HSVfktKxXcahvQBE3IH)z}=hBXjhO&vJA24lA-_7?)A@(`Qe~v(|9hHI2{r
zX5r`4N<o_D%*k#(b;!m&pn&t<xg0ne&G94BnQv9{i@z%-Ev3Ph$F}6Xtvc_#{KI_-
zjn#QG`Wk*ASMj)VPO?74!QHVqzH8>nF^%_M<>T^E3Fkj6<<jv20xw&*dL>(D%p5|~
zOUUYMCa0~Ntkzzv?Sr)Fd~<(knHQU~#TfPv)!nGSaY=IAy7Pee^lE<P5QXdUTH-=F
z3GwX1>9abH@2cX&2Q@f;)Wk<WGUK>Ek6F!oyG`h&Kx?}#$cT4d&o!nNAKs(2r;DU?
zGyC=ha%gvg#<*2yfmF_(isQ<qRF0kr#O1QuoD@rRMjCOcnPgasDXeK`bZU}Sjnx<0
zqi-p{=c@mv!b^qitrx6o-wRue-kv6}t`VPWg&cRx;>c0;hkw1+ltNA)%VzH<k?cF*
zPuJk^t5&Q1_ImHEv&{~qei0^bd#_<;yOtiWaQDFi<2R>B$tlu#AYW&-8Rj3{qx1R@
zle6;--5h5~``G@WVJ61MW%GJv$1*Z7@_kjFY<$K)$;t@E7%=Px_G^7>UFWJnVpDW3
zwl+}S+(ThmD;1R;lKUN7zin+jfAy`#j*-XC%bu@2-rmvI>TIKMoijDpzxr%*dtHxT
zjfI{0823gV#yGL(WyJdNYsu_wG1~V+{jsU^Pj!~P|KyQmHN)b)2Wq>aCtukk4L!5{
za#PtD@-VV{W2dy2Dc=WMJzprc^|fN7zYRGVXMCIeZu2?ovUzQ(Et`6_DSMX@jDEAH
zv-PF&H)4C<JKJKvxA)D~i%p(wtV=g;Dle6zIzN|gT+^K2SYNZ1yS=R$W0Q%!KYv{w
zUoXdKi>-VkHtJ#vlB?=u^u3|8UaB)}zinw=rMJminc3@Tk8KUv@yGt$h>g0vP%uPl
z8&{I`mQi0r$LK#JHiDAc^0n7>M|R(M`)^zMjY(g>FzWOlyZ-HW#yER(y}JLV>}};L
z$xhiAjo$hD-*a!2XHRFpe^ZB7clP)Hk@%bP{CXMxlYalV0O7u?#CH<-P6EG^5_qL6
z?S7%ZJ^q~((zj^zx0R>ir}ZZaKU8?_r)4-Bes_H*fgKVs_Df&CzG)A&Gu=0(+4+2D
z`knXoGIz#1zq3Ez`HgXJJhz__zA26Uo3H1$^E>-Hd!F{+Mr`2s2Ci>l;mh*#Fnlx?
z?#ib66}E4rF)rimWB4{0?+w2XyYI)!%F1gW0DHdnvTYxJ^~e6s9vf#R!^dLf(F#5C
z5iook#ACDJ^Z9xCj0lf>q_eM)#_&hz>FKdy+Zh>|HoQGCF;RGDf(-{ZuzvY2+k8yy
z{uf4Uw85yKk%v*9Q7_|MX#~SZ!N6?Wg<}mXuBolD`BOMKIdM%s67}`<vVFE=DYVGn
zBG!h>fBB`0u$ME!bcHJ^orvX}adwh@%hl$uU@fxR{1<9#YHj`osq(4FP`hetYnh#$
zwaL)%o#^lHxA~J~W@ix`97bJZlg&59>!NVutA1RR4}gC_pfF1>;n?zXP<f6gj|<m6
zDZKcM@GL!ZRIDJMZjK*6D%|?4d@5XVclW@@#~VNSAsBuZA;H1q%I9HhY|JJD!zUvu
zDoXhFRoo2U3i%uqRn#!DaF+(*#QnlB6HQsd7lk#QJ;CWyCxzqq%HAg&{hE9Vf=h(o
zloJ<UA$wkx@Zb{3Egt97PB@=&R(S!EK`HGW?Y2I<-ao{|)J@_1cWr0rZuNDL{2Js#
zj9*|R=iD!F?AQ_ff+85Xv&{W1h)YQ3&^{O04BdsD$8t5Mg~Y-k5-Vg=ubd*kWuAh*
zdsqkVQ#X8{5!ok`V{-WHop4f8%V_Etqp|xIZT<5!^xkCb=7Pq+y88bGxrN0lE1Zj0
zu2ERsK~R+Nk_!<WKYA4}Un>n`i+Eoy;V=I19RK*2vPC9z;g{7*Qr!)Lgz2U>-oqk1
zEN<{IsY6ew9D7W)Y>aur=uf><E?jg$SoI|4s_T?@jnLXZ#>C7F>#|K4S88Deaak6M
z>f5Osn#Ppdg5PD?*PO~Y^O2b|yG!`xzvS_M|F<{CPMQcS86(It&ZWFbP6gZ|w{sQK
z*gCnBYZTnrz})i~Q{$5C$Wx?6m#S@{>eur&e-qD(7l@0FBQrmbLCvRi*%C4;+bL-1
zrsDc2g&ji_Hun>oT}4D>88Jx}!sUcxoilUlNCv*K)dUL<45+?MaP1r!y^koEc#36a
z193%VrxgAtY_ocH6-#wD#~i|Obq(N4w@{otH2!?NG&kJw)R>HqOQ5wy*g$DJp((P{
zCRE{{TtifTEzvo$OJ`Ye_08v`@W@Zz&0^2TCX&rv!VzSP?!9aC888cb&z%wOCETvz
z?sKejD*x6~VPY$IpU>jmKa1qR2Py1-CyN8WiqtsHrlPu>!h$@NA7`73{^3^69?Rgk
zLlzG2WwQ4J;r08?91)Ik_={Zjyq(X1pUH-LGKbuze#*vXDH&O`VR4nhJZqP>=v;as
z{A7zJ;ab(gSo#(pQDyBU$gP-buEJ|RsAl*7GjrgJIL%w(BPI*e8Uu58Zj;eGMRZ=5
z?D`fQ9fawBn9K2B2uJxeTliEiJ}!lX22|s9v4W7~4jLxrXq*uSH6vex`_E`!eZlbK
zZTi-Qqsf<~{mx^o)s1B3nrUe1qpZ45HoHLzQo9K9s^|2l#T?u#Y$`01{*f`#giU32
zjgu*#k(9Pk{PUXeiK`(%eUeh%MrK_n=Ps4=?vG3O{9}uJRAz-^EKq*qA=j5T7<epS
zowZGxrtXm2-cSF{`yANohO2aAQi_Q>`EpfCAIHk38YRE7_KseP3I_-XGLuzMM0ip>
z!O1D=Z`q86L0<5(k|!UP<d$KgN_+IY5yx|t?0LVK@XM8C<_rpJQJY5PBl2iXZGX<>
z(i7Z0V>x!pL`&NYo@c}Gy5xzQd}zdb5q9Fnfy3U!$ggMV;i7Hc8OAAN4fBhVZVbO7
zJpU>eE=A+wV8t&w9sdj~Zo%ca_*L`iuVlOZ!c1a(GvVpiv9!<AG`~!j@V<WeAx+IK
z5FVGs(PLTU<&TjVQOl*ESkiM-<y)3Vu32_q;lI(L4O+uxo7^<koGsgWzTfF{;RO3}
zI)9uqE}oqHWj>Cdn0f!5c;5TI35U1MoE7E~;v?)kqnVWEQL2Oo)C-p!yS2art-prN
zZsOLId;&CnP8E|HHHe2(4PL^`1LQw&*`t^b|4}+xek{iILUum;nq1#fOG9fN6}5Vw
z9>eJq(Hwp+9oH`kI4dl{^_U4)_gK7xlZmxhNUy1<w7rj+I}2<*7hdz#p2W!a$=WmG
zGAe971Q%Uua6VSUk=+({{Wz0D!u{{cC%~{X8n#ILKEn8J=XLw;JZ&8VWaLx|&uybe
zz8CfF-SmzQ(Aj&P(Xnw>wN@LKVZ$`qZscXye76ldqyEj`yH9#SJ;^z>h|f-bL4z>8
zS>ub>?Y8eb?CbwdEW*fJwKO7KFJDDp`}@j%`KBF){n*y7uiCe%dOXyAWnF$n_B`x;
z{;KRZwqT<On|;=hrS>A5YKMV=88&63UE=52uo8P6?REc6u^|(i{dwzEeQe(v`Pgj5
zzixZ9H%U+JxBt2Ezav|t4My?5sV%?lnNeBW_g}@oE&ZGKZ@$}c6!`A;cTfUfAMpRx
zBKUfFzs}qJ6I<~={QdvxT73Kbjk#m28DGDC(=#Kjp>OPKjPcuk8Rsl<OJASQjOPZQ
zK>Skq(T>~vmv<z8trx^+WqNuV@mX~y%(boS;<F+?E8?@t7g>JFI{S#viukOE&x-i0
zh|g*}?}<yRGn<e6guH}hwjeI8{8XKE?zoJ&w1`WKxU`5%i@3CiON+R)h)Zib&x*^7
zxV(tVi@3aq%Zs?Yh|7z(yok$-xV(tVi@3aq%Zs?Yh|6m$UtD6uB}QCg#3dGvo~b>b
z6>*6Xml$!05tkToi4m6=afuO^SZCU3#3e>tX8E<3ATBfFG9xZC;xZ#HGvYEME;HgX
zBQ7)IG9xZC;xZ#HGvYEME;Zs(Yp+$0xYY7#(Y|V5IpR_yE;Zs(BQ7=KQX?+4<dCTS
zTQ1^KBQ7=Ka3c;k;&3AlH{x(>k7Y$1Zp7h69B#znMjURPCFS>aC>e3M?cI*J<A^(s
zxZ{XBj=1B9JC3;HHu)L}jWt*Nars%xM=_yI`-O+LF(eN8>wLcH##le!EMsqQWV_Bc
w#-b5ydoQhx_BGYMf3THrj9b0a5~}w``ZweD+s~N)+%N3>({G#WxBu?{1G~ub82|tP


From c8f348680f515d921f539b2ad5a6a33f633cf08c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 Jul 2006 07:16:38 +0000
Subject: [PATCH 003/301] Initial 1.00

git-svn-id: svn://svn.code.sf.net/p/axtls/code/release-1.0.0@7 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/config.h                 |  52 ++++++++++++++++++--------------
 config/scripts/config/a.exe     | Bin 8185 -> 0 bytes
 config/scripts/config/conf.exe  | Bin 91179 -> 0 bytes
 config/scripts/config/mconf.exe | Bin 138973 -> 0 bytes
 4 files changed, 30 insertions(+), 22 deletions(-)
 delete mode 100755 config/scripts/config/a.exe
 delete mode 100755 config/scripts/config/conf.exe
 delete mode 100755 config/scripts/config/mconf.exe

diff --git a/config/config.h b/config/config.h
index 785747831b..56d8e8a8df 100644
--- a/config/config.h
+++ b/config/config.h
@@ -4,19 +4,23 @@
 
 #define HAVE_DOT_CONFIG 1
 #undef CONFIG_PLATFORM_LINUX
-#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_CYGWIN
 #undef CONFIG_PLATFORM_SOLARIS
-#undef CONFIG_PLATFORM_WIN32
+#define CONFIG_PLATFORM_WIN32 1
 
 /*
  * General Configuration
  */
 #undef CONFIG_DEBUG
+
+/*
+ * Microsoft Compiler Options
+ */
 #undef CONFIG_VISUAL_STUDIO_6_0
-#undef CONFIG_VISUAL_STUDIO_7_0
+#define CONFIG_VISUAL_STUDIO_7_0 1
 #undef CONFIG_VISUAL_STUDIO_8_0
 #define CONFIG_VISUAL_STUDIO_6_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_7_0_BASE "c:\\Program Files\\Microsoft Visual Studio .NET 2003"
 #define CONFIG_VISUAL_STUDIO_8_0_BASE ""
 #define CONFIG_EXTRA_CFLAGS_OPTIONS ""
 #define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
@@ -27,22 +31,22 @@
 #undef CONFIG_SSL_SERVER_ONLY
 #undef CONFIG_SSL_CERT_VERIFICATION
 #undef CONFIG_SSL_ENABLE_CLIENT
-#undef CONFIG_SSL_FULL_MODE
-#define CONFIG_SSL_SKELETON_MODE 1
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
 #undef CONFIG_SSL_PROT_LOW
-#undef CONFIG_SSL_PROT_MEDIUM
+#define CONFIG_SSL_PROT_MEDIUM 1
 #undef CONFIG_SSL_PROT_HIGH
-#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_USE_DEFAULT_KEY 1
 #define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
-#undef CONFIG_SSL_HAS_PEM
-#undef CONFIG_SSL_USE_PKCS12
-#define CONFIG_SSL_EXPIRY_TIME 
-#define CONFIG_X509_MAX_CA_CERTS 
+#define CONFIG_SSL_HAS_PEM 1
+#define CONFIG_SSL_USE_PKCS12 1
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 4
 #define CONFIG_SSL_MAX_CERTS 2
-#define CONFIG_USE_DEV_URANDOM 1
-#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_USE_DEV_URANDOM
+#define CONFIG_WIN32_USE_CRYPTO_LIB 1
 #undef CONFIG_PERFORMANCE_TESTING
-#undef CONFIG_SSL_TEST
+#define CONFIG_SSL_TEST 1
 #define CONFIG_AWHTTPD 1
 
 /*
@@ -58,9 +62,9 @@
 #define CONFIG_HTTP_TIMEOUT 
 #define CONFIG_HTTP_INITIAL_SLOTS 10
 #define CONFIG_HTTP_MAX_USERS 100
-#define CONFIG_HTTP_HAS_CGI 1
-#define CONFIG_HTTP_CGI_EXTENSION ".php"
-#define CONFIG_HTTP_DIRECTORIES 1
+#undef CONFIG_HTTP_HAS_CGI
+#define CONFIG_HTTP_CGI_EXTENSION ""
+#undef CONFIG_HTTP_DIRECTORIES
 #undef CONFIG_HTTP_PERM_CHECK
 #undef CONFIG_HTTP_HAS_IPV6
 #define CONFIG_HTTP_VERBOSE 1
@@ -96,13 +100,17 @@
 #define CONFIG_VBNET_SAMPLES 1
 #define CONFIG_JAVA_SAMPLES 1
 #undef CONFIG_PERL_SAMPLES
+
+/*
+ * BigInt Options
+ */
 #undef CONFIG_BIGINT_CLASSICAL
 #undef CONFIG_BIGINT_MONTGOMERY
-#undef CONFIG_BIGINT_BARRETT
-#undef CONFIG_BIGINT_CRT
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
 #undef CONFIG_BIGINT_KARATSUBA
 #define MUL_KARATSUBA_THRESH 
 #define SQU_KARATSUBA_THRESH 
-#undef CONFIG_BIGINT_SLIDING_WINDOW
-#undef CONFIG_BIGINT_SQUARE
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
 #undef CONFIG_BIGINT_CHECK_ON
diff --git a/config/scripts/config/a.exe b/config/scripts/config/a.exe
deleted file mode 100755
index 57824a9867c61fb2c25b1f3b4d46d09077104d98..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8185
zcmeHMZEPGz8J@GR;Cwha(Vzq=5?9IQL$sFdT%1%2V#)d1v~`lJ?F3X3#%tf&K73!?
ztrG`=bmdZ%)g_We0f9(WDk_0ce?+1Jr~JTaew>g}BnW>(|Co;oM=_FBRH*_h$Meq2
z-t6w#PEsWS2}YisnP=Ybd1r5SeDJwh*2)+Qqt@$;&7q}Yi0Ar`GN!kD{EaQ_^$l-5
zG8Y<n>yhEfbSYXW<|m3~HaceJa(O#CYDJ6FxoA2U?LRye&E`{9S9|-$4kbF7U~C}N
z%AT(LxSwrgY#I0h`*7=~P|IFnR0{yA5mnI$>u3y|><*z)D~f?926Gk@elZr6yd;2l
zP*fua-Ha7TzymH_wl!lz=PU)E3?c^_PN0txWo)Etv{a(LL60asnoF6n`L1-zv`ys;
zd=fEh^V1rj^CSNs{jW#hi1SWmsjc$Y<yTnLU@y$up{v)wack=@6Sq3&m+SR$Cm{yy
zpF^I~;Cl8}E!>fe7;N#Yh~00l%=$}1o_LW|=C|VS@?!Y%LfA>HR1+(Uo4~dBy$0*E
z&Yvom+dfNMpcr}n2DOz9>@jL@-uU!o^qmFgYPGFugzF1Xb);vWEZ*TvuT-booa661
z{T*Q^*0DGQk?;f_w8KCQSpB1Cx()XH(meX-k9BOX{AIaDyNx-=Buf;1usAzAZeDY}
zsCU|6nw=#&D)8s%P-Q7nJ-!+GUU+-!nLhxn#lt^E(=&gGJgLRo{tm&l_~wT(aw=td
zR?mo;N6QZznCU(%nr+(<<X2{(!HGv|@fnb?YJxeXPu1cFl7eKw5KXdMG{aHRbVR`C
zwASJ~B4WIgi6*-I5fa|NK#g>I@rQVsIq}n#rEo1CqcyF?_sV9UYzzb7;_J{n2U2$4
zdjCsbKK^DK3844I;?pGH&7S$nKkN3NYx{+x&b2w==zi(we&J}(@0}OR;HbX%DxOZ|
zHV#K_Y^tMl(xUj{TRqrzv^pIbLWpl}u09*ChL91VcS9|YUoS4hwkzj<0r~9wujzT@
z4SE+k@63@im8H$ja7P=Z0J%?oy#^KDq^x(I_UWs4&IZP31LJePG1mXMH^=XGT<<LV
z<kdSb_{Xr9{G!lM`=E=_tu-cl7_%{+^k5^vE_lY8TJ~PW+(p!R)T^iqs4J*p@I_GF
zveVPQTb>@qdDcwlNR|=e>1<)TXz_ww#Q5heV`e6kAEUXOEn}x9PNs7_owKcC&ddO-
zx1=%|K3255Ie#MA(^IgD90!y!3qPx7>v++^IpN80wjpCBT(sQ5;n0(oeK4Pz&R7S`
zTq<LI9s=RpdR1D`(*><;8)%<N3?51h?CKQ&SpOSKSQ!;!QPx85gjLFRg$Wwwo?Zwf
zhSm^;M!Z}J5~WKXNJL-Ks0mNwo^A+gL2V7WwrHZR@pJ}@#J-7o3wvZDl$o)uY@ti6
zxukQ`BZ;BkLWz*%M=?h_bh#S~BVdyjYJRted>SPSzlBPkeu$;=IRe;A4aALDSs|^V
z$I$badu0zv{Uqu|)V0>swMWuWe7*?k559uy#mChZL2yJSFnL<-*wc+6>1=h8-E=1Q
zAu%I}^wH0aq(O(pP@_Wf>e=gRmo(rEB|*J|SR3VoMLux6hBQ}K0jc8m)M)aQelGo<
zCWA=df=1N$Lb*wDtVuE*EBuoCgGe8(yN=;A7)i;i#}L!(80tl#9W)J38}@{bVxA=G
zayL<pf^Dt+<wkX($@jfYzMqC1zwZZvNZ-6hR8*InBo8!6p4D99TdN~R5%KBjqYPJw
zl1xK@XxyCd*ECYj?z2HTvEd-nx1tdxInpHgK$GNinoHU2?(&8`ec=Wdh}lWhsF1vR
zCb(-MY2a7rA!75Dd$sN)lw#9;2lhys`)|(=V2^PJ_DGuhZ_m$QPx21zku>+$9yd2e
zggwyJ$oYMZ98<escNunrOw+^$f=J(0ji{V2Xvx9T1#{05QE-VjNkjXwChZrrWVJ6Q
zgGk>_&81Et-v*65fsC6|;`beZDw8=gOOTc`Zck3<rf_-&sytO*lwB{NAz1F!-cfPx
z-R5c!xjn7XU5oEGXjVCWsraPUqfzmB4K!=T$IXog=zA=)p3Umr`=i^_>=|)0A=D0P
zfB6si)k_xm_Rj7?5Q*(;LPmnf?(YPVJ#;dXk}<`8MGq88Q`%9C{ZTySNFqxL(KP=8
za#m${3*+(=ONf;xb7I&Ca`yxx<<M@UqUC%BUH2R%X`Z0Th`gtk2p3#YadRz^Q$Q$-
z>1$dd-xV}o$v<gAE&(a~v|nkWxdz02|47MyQ#3S^$a_s(J7}U|Gq-Xl(#3p^_M+zM
zmdqaC_xlje=^K`V$LrUiqS2mC2*mLCeu9vOcH%z=#62HM0WYH&5$hFIUeGCz3OOUY
zzimR^22yUUGEv_EVkizt{+?`<9Iig%>5R12R|)6h+uJNdj@JGVrKAtp4n%9`>Iz^1
z`ecrAK2HB=AlHQl(vVMp%gu0!Jgy{DBas1gZHzSXoa)Lrb9Fr+PmFHFvY<KV<N7)f
ze;&>PnQhQ;q(VxqsrK|`(73-B*gNW4A_7$Jol6+${RM$c-fBiX>%IUQDq8ZpKnT>?
zLgt+YLa6k83y`u8=_D6Ww47cbXMkv~At3GvR?6W(h(qf-351G9&H{0NktEkkO*EI9
zkl!gp+w%_~BN%FXHmC!sr1=;|{0r&aLEIn32Zx7jvuIBjD75~ux;dhYBHT84Mtm%v
z&E|8)UdB^-UMN}9Xo?nHIdNXF(!2Kdar}SFPG>C%n|8j)TnUAuMVfX6f!-j1J1(VE
zv5*;j@W`Rzrw%4~awu`6|1cj+3>=R0fv1LskvW+5nmG!mI30?3iF}j<{lkX`HGM7%
z9?$I=Ms}v8>DRs~<Ghsqn#J?uL_9VnVv?3R{1Zj1WED?XLVMQyO1{WT)1#$RC0y9>
z6IQX5&gYcrFmWcMb;B7#(mrHzs$@?IN9CN{GCX)IXT(5*|C4!n*N$A`P`@z2HGI-C
z3toq$AqB56VOl}$SiHv4IXIRt`8-Nz%?XQ-nkDIc$r`iCSu>NK$YrgZ3>JbPSOT?#
zjT_6`t+`lX6$c*oEiXmDosmwAHH|&F;bWF&^oSptv^dIgj=-c;iirsXS=uje+whLX
z#oTHRs@E31?<oVC0)-g3m#j+Usw?VGUf*(g(@eT*d)7;*9PJWev-*W_M}cc%wGrIl
z36AwPgCGzG8`np<`rZuB<joZBn#VKdL`meE2xlfeI)$rgE3>PYn=nqMk~Y{YLC!Tx
WzI|%@wBR<JK26}GNMl>&#J>SY-4;{;

diff --git a/config/scripts/config/conf.exe b/config/scripts/config/conf.exe
deleted file mode 100755
index 43dc07c0a6c1134803ceca594cca2bc38187cbc1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 91179
zcmeFa3wTu3)i-`78OT5ePJp0MgN!<8K)^%+2?iY!2vku~F5(rbpkfhtVFpkU6J|y@
z9!H}Ud($dKt!>q6t8{<@fj|OYTErVlwJ2)OVNek?2BggY_gnkSWHO|F{oeZjzUO<M
zmmzb`-h1t})?RDvwb#C!GZ$Y~r{!vz=Eh$#scCUs`7a>f-~CmC;;y~dbk$z$^x7$L
z*VxxinQ-%rdA>PwXWuk;>aD&Trp}r*JLvo2bl=?2EZ>Y-zLA%X_uV>s+Vp{4x^(tC
zsK<@cw6U%Z+T<I4HB#&D(q@90-CAC5zAI;__HzIQ@z)uD1<v2|xRN`ja}?h$+>(F!
zHx4NzUVYOg?b0-#f@KBP!9VAs5&@T1+ELy9pZp#eoW77vtN9te$Pn9_ZUpY}&!=hE
z51ckNI2HFbXqNUo{?KOam-x&07tpl&fpZn$<1<iDkH1^+_c;DC{skbofj^u#k6D3E
z_$npRWB=6<-wcIMWCIy#9>8^O3m;IFjz#c4IseZ{V50F!c%LWy@%|NB=?E=aA9TI?
z?wv>VKaD!tr+$Ajd808(5?wApzhvUwTaPxm{iVGEnl<9bnzpT>uI;}ojHXHB!}|)1
z27SF|_8dE6gqCnu>FaZwN9MRZp|6c%zqRloO)LM_Xbko+uJOBL0hck-?=dR;)}<(j
zHV1ph+~>w7C-wE?l8L;=T<s!#eUBBy)I72PI6ez+F1Y%-DGhb8;OSa;pLd1!d;pw>
zI)#T9pba@ecX+e60bFYJ;POmxiF+^a|E}%_@xF(;r$t+T!hP(;)2X!ZzG5&1_Kl#w
z(0JQe<S#PZe(UQAn$}#^$73|<QFuwMu|o++b#Cm?7Z;6<8b3$VBK3M?ElSOvWF&kz
zXa2<S;aoj(52(aO|1;c@qu;$4_u<1G^vFj5)R!)mq+5@yK{7U<tlj|j))2ih!S5FS
zO>ks_9~0b!Hy1aA54+~-WJiyjh5FVvN0Uiw$Acgo@Q~YgaBFRnv>ONo7epMd0S(C7
zZ9UAgETpkjDAkNXeyinybOTdBPD4`+0O^es;(fql?+0~AAfA)L-ZD)@5&aAq;be{;
z*~F4!|9XK4g8thM#4D<xY@0C_x%E!&J;>cKY2w6*kcYJk%%HB(Xngt27aI@t?)!4A
z@bbQILp^TmeyI@L6+Y?;-adCy_-IaWQKCy5gH((|QT?bW`%&_WCiVo@RNGRG3LoyM
zM`k6H$?)MkJvtAN_I#w2s%Ir$0v8(~Z4EZzwh9%mk@M3Kw<dn9KyORj1IA;2J_E4Y
z71A3(!e=h<CN8Zr_8ae6Klx`8)-5I!Zt1K?{sh2q%LRJm4cs^iTT8837gH5AXOMUH
z6|#QMOeI|o0_NxfGvGyyTcHhT)*BD18_x>&^8sy)DBG?BU^NXPqzWN_WD(b22FTTD
zur}i^3iG`N?I9&V-vMar8A6ihJxAK`932ZlG&8zOk5Eb}?)Lpib%P%w5B;>Po;|f@
zIJ-$_J?cZQIob;|1^(I;H)BA<E>rj>8e2qU#pYx$`?opj-)LbTTUg}=|Iv@3At=fk
zc^SIEhWn8(w62D*L>P;hHLnmBqeo85K@VK=GHSqb^hg<!@IJ?(dRe^ypY=l}>Lvkk
z1y5*W0^OX_R}=y%T@4(X81uoYs_r8wHOG6RJM`$exJA3~u7_MFfDiIHwm+_$jGb2a
z+hj5>I$wP_L(*3UhwJxK)!~+l^~iI$(eJ0Lfc+Q2TaTsLMBjm}CazTeu;n&A+Jv;@
z&y?u3ROc)Tp17X6*kFK(I0L^U#>RtB>CuN!1^k#J;qT}nHaqN>ll>~s8XwFF^m4!}
zypp3m>%RM-xhqjM+%hXT=&mK<mRt4c4~VMSvHui(prHba5)Xx2F43cX03-aC)jJR@
z)FZdS3KWC)l0iz-z6yCDcpt^qiv;5&049-1i?%$>%tI#q#VfIt&M#3U-PST>*{7;<
z)Omn)-eg`0@{sWmGa8sNUS<4*8Gm4g9~ss{+$l4<IE8XB3*SIDwysVWUYRN^V&N(j
z!dFWNxV9lJ54r<4Mi+SL5ff=4!Hdm#UYOm5?2la$wIQp-toAo=_5@E`Q3PEDR`PpH
za1`xjrm1NwpGMlM1UbMxT@cj6iwj-BP9o3AS6|m)UhPQ~IQoZW8SHc?MR$b`vJmb4
zIh)txUQJ6pTQ|`euq(*X?=i}O{2l0`knd1<7pS}&n$D3cQUikFmfYYhbF6=8bX)Ko
zbAo?pbEUsPk8;+)lv(KwTe*Oqe}U0rmBMAfpoRiTUbq7tQjR&rljsDVqG_Je00RUd
zytx7%0|Kk?TlMG&iS^E?u18LUxiWj(nRHdgCOt9_SYVEY;_TM-0~5wffAM<Wtd&#{
zBe}9@FC3J|F`7TH{ck{!_Ss}Z8as&X*P&lDV^DJ?M*2d(zI>$r9P9R*RY!gp<XLD|
z7Sd53fklteBY#A$8aZPdKvozm0fQi=oN-w*Zk0QR=r@71^2*~uA8j9G-V7(H29DCy
zC_9Cm_K)rg9$!bD7mZgOJkGvIMeYTrZNSu?xBvDYx-)pU7jnP_MoGZF!3KYX0^$D_
zPxLcAT8m;7z00B|6s?eur6o^a${9)0AN6hwXf=!c=V*GQ1%#~!n_=y@5=p?bwuViG
z#F(}wOQzcyHd4`sRfcTk(f;u@JlZN5?<z3Lm4I}l-VFNt2TS$!+tZ<)TaT<$9Z>w>
zMgue&v&M56kRxt2zH<CohDzo|-sm<xaw|Bc$UcGlXEb&#(r`DEa3SP%8R!oHeNCK0
zD_Hsm0L&`y8gM3I7u&Y+8s>Rmy*(W3wf+K&4l6^2?uLdJ7DCV`NKaR0TL&bxj%C18
zU2f?SFA&Fl#F}9R??dQFyRA#uM6lajq5vFyeMqI8jWS>}$GJInJOdQX0YrRJL<Ce^
zXI!lFLB~AFw!uO9aC!wj@*Y{-Tw%1Z8`&|8DkQL65%9+QWwBzXSZPqGeo3Ep6YhWZ
z&CyEqt^OeOC19v6iMf7(GJ8JcsMG-Jw<)21O{VW;>2<1G((;Zl^Jb#1^4b;52cG!(
zV8TwQY8S8_^OquH7D%H?4(!efF{1zwDq28v-yzN+h*AR#LkFuHY2AzF!qsf~MqG{b
z;!YQWTx&<APamU4Zvdb@ni#9RiD&3XY7w9TpI5xc8VQ^x_&w4)L4rNidX8*#N2Rp?
zo)|Bn1V51=Wsw>3V(Mh&-HkRph_CRS9@koETwCl##8oqNfF4O8WfuRE)^{^XsEnUR
z(%lViwKsD0F!~C$if_$Ycx`KW@ch;FgGOj^ei>cF@&5pBQOz)-J3_r>j9kgi8z<qF
zoD4B=a>n1XdKo>WzIE53WKxC{$n(<_wV#jEw6Yz@xjr`iD`UHOU%2_uk`)D@Nn?JR
ze4|6`Mu%YfdgxIKfucXOC8iuk^AmU0>FWcowK-rUY+Vp;8Ky7As!|f(<e^Ov=UISJ
z@#^)enm2wfKvCZ#%nPEcqVTBGzgolAIP8GVPf;N@YMDUX3<&b^DinjF$7wJlk%xO$
zvMk)29g!LeqEh2i<k+<UkGlaN(z0)2lAM+$B?ItCXx1==J-QJIV>rcWR{(TFo}?-0
z6y$#Bk#cFl)h+^z;#nqtwuk6DqE4bN-hmfGSem@aVQD<bq!68pdkMzusSuXjt<6Op
z;mfRs3tCBC=+Qr-iwK&TDKuVGwR2I+8SkyNlUNVXHsdf*5Rps=ixk<JfJ7dfZC&Q%
z9gjSj*w|fg*Jk!qS7&U*K)WiZGEyIE!PKiV+29az?9155(q*m@0QfpKBH57Tud~x;
z&+EZkd~8pc){dZO#eSqPpkOku=HF%)mY3BdzUbr>ddD=h&Zn~Rtr&OC2yJBmU*USs
z%Kf-Dv>6{(ut@UFfLq|&mP^Nwe04{3@vUG%;i`k1cMr&g48tw?3-VydL2w=)kFSRK
z)$%<%pZ8Pc{@c#HpCR`Xm|qv(*B|4e4{ncB*hT&l>qIJRq02e|^<d(4QW!>rIAzTf
zs09EOs368hN1<_@2?d+L00->HG_oYTxqm}O|7JW{Xf*;?Y>vzNrNY^?L~wdn|DHH8
zwPx@Ge6ef51#rFt&0D`B5c4O1y;gd^W7*v(QysN4EJeD|9%O|#7b1deBVVkSoHtV1
zS19c(GTs5wg5YSQ&~I%ZJA?da<x9MSC`l0Z7YAR~2nZtCAwYF+LkkOxt!QI<jU#0b
zJ*mLeG-5G_^2*}i4tnn!(zrSQ$iTgmxIbYYpoTkTpm~V-uOW@;d8>bHou32bR8XOu
zWrlxwEjn!<YDBz5Y@RGrrTrAZyB-IOzpH_O2KnQxD}uTT3PpI@5In`$*>`_%Ju*G<
zZUBXr8CJW=*F*p%R+7$IsfgIWI}KqGh(p<Gh0FdcaA)-=tapJj#~|x<Xk=v##J8Hs
zvK>a3=V|M8_%eDvj_*cl%$uz*uN8;fF)nNe2rl)wh=*FaAHFT4g2c1X?+W4q^F<<>
zYy5?-{jtfe^LmlmT^E==g<uedL^~+-ix8d!=dQu5xPry5{lXR)f}#t7N0zau2DH|_
zf{mbEegTn7i;PW*sL*h2GK5Cr=Wqis_afl%$EsYc@fvF2DmDz$Qk7xMmLCiV-bQy3
z8dY?)BL=hQcC>QEZhV>EI&(yUd6{SB9I$A*jGkH<Mdt%IE4Kmwp6yrHqbRe#3C@)T
z<&c>RQWu$JmXkl&`>4CX7Z_S|92MW%yRHSl&|eO!S|b2cH_7Zmv73WQd%W3;#1p;r
zRXbwtZD!%}nk^Xi+#_P{N>{zUVOh<#fL2w0aNY^}sveOYp`8Gd(kKxoK7f3#HnyUN
zw%WJ-3kc%7(!1K0gMSY@BPJh%L`nz@x|tUhMz@9fqCo}W&7P|hFDogQ7uSV8ZgSUw
zwwBnX+ycuRuogq*JPtcc*Lm297a<Ec{)(nb8m(qlx@i>n#vX&&g=%T4ET&|U*Hnqc
z5p<?)Mx`g%c?A_$URWD+HP}PYjU9T<dhHu9P{#vV%OF^DC_1HeA2~SL>?wGwONbZ5
z9aMvs1iLm>`<U5O?I)$C>LOmO(Li7fr5IqUX^$lHYni_@7g{VO?C-#eboWb*dEQuc
z4jcXxdL6Du1&f-h3Z*p@;NNyymyn;GSHp?Mi|IW6!jQKOME@*^X8@6SvUU7J|5wdH
zJG>$i)4c>b%9D;eU%JsykXJ?0@MwLL8?FLdX&uL`q!3Z{b*UA6+1iJ&SXpunEM1VO
zfjG5(341_OOW4%w7eg#?U`H?xxy$NTb8I;HJM=xbITFpQ^vYmsRJz4e8<oY@z!t<S
zC^ss7EA|7w(Nn$)jGp6!nrBM(cz%VV=Ow-UcebUMtLTB2;LHKlLQun{2o?g%Gq!&x
zzQ@03eB=H-d=6vEUNhTQ@UQB-*}f)?5vP(Yb~L1MMzga&VfLa)i_K$CfRhW19^7|;
z7eSDAUI*%Ve)nt>HkyrMe{8NN=6(s_YP@<6Q^b|x4^{1ox^J4?D3n<%dI-7D;>Gw1
zH@UG|xY5ojt3UWVV=!rD6R3l&u=08uy>)*Iwb5jJdBoTWV?m!1b7L1;DHy;%2P5z+
zTO0elXq5-W1soc%Fm}4-L7z|!#@feeV%f%^uvLb6P^;+zvm3Qw2Hpl`{N6B}Ru4F`
z9cEz|HvdXMs3aQnRXyp}SJ34yD=@o|w!$x2W}yjlTERiVs6<qf_;ZH;ME@gSDITqv
z=xZt7g4IH}d{8(z8DvK&vcvv&$#p`bi&CwW*`!sCiJQ@jJv6hKWJ~<DbaRRptvuan
zkNY0DpA!&B?+E6a?t8F;|2pJF_iVSIS6ZA(tl%iOS_{Au7$m}T^@7G61cKCX-;-FY
zELW{>O)T3cAyb9fbIuC^)*A{6^PoW{SL_Eu&NFsG{eqo|kC@o(l<Y^MT@TjJ@}*c>
zCoIiWEZxKDuF_G8C2I)%N*C(S5$>{X#w*5O)L5EuRq3m8V};vdg_oJ`s0^Wn<Ma*p
zcIWUJ-FDaRZ{9TqbD%Ze>wCcHS&BQ1r}~CSr}_po>D^^w9@uy^dXYr9rCMKF4TEO%
ze|+Y^pK4+BWLT(m*#fj|oLgFI^rUFf_-Fx(hOj8$SxF(-N9mq9?@0!{twDsWMW(Xt
zKByJ%1W`$V5kC&pQ!Aqx*~cS0@sIU{i=T#jV=(2PcxwflL{Gg!S_!>w!Qx#;=yDP(
zKIcqVStms}&ee#-L+gmr7{HQv7v?O%@*Vq3?4sndTw`nB{VRops6fe5U)9Z#n@eFc
zq!4Yiwt{$^3t{$9Hft<LzBiF)mqQX(=L4|q25ZlkxG*|aGlUufoi!hZbBv^fNBc8&
zJkecQbJ?!)xAoX>IzY(7rN!88OLVTTDt|+d{g}CkOlvBNI)(Nb`@_3iVsku+J#Fxk
zFg(`_B-$B^mG)ya#bc!S#aGDP4lz)%iwIJWgap#|tw_fINCbz7;5sDD0m97Az7`ji
z`a2?AmaC#C740B4^qYkbpdS^RxA%`GL&uqw1rm^oaUleP+%zKxBZ436?!~720kaET
z6D-Zx?%Jw)LHSla{Fn!DZ<!Ll2FkZ$9)^jXzT{%~Z?vBwGAb_tBSmJQgbjENj+&C`
zyYUBl^eZe?NbfC6f{f1?PG>U)yFH@CjeC2$w!hvIuCKH|XTZ>EnH{Otscd^|ULNx<
zZky*}UU}QRPR#4mHjhV4>~3xI@|pKf(A^-G-W5q>IBnCmkg3c+hnZsj_8a8zbk^C1
zJLv*Ai-3j?wbsMdR&zizB<i-~aCc(s@e^5J4Bq~6no?0KrNu<r+Qbux{ubn|6_&Wj
zV)PQ0CL&WQL0_MPsqs)f@-<{@6#AvF)6%S8gAKa^wBrm(?Ni(0E@WO;<gI7G<20&}
zj#=5$EBg9T+~_C;u0biIa+!nG7``2H!RS<MRy-`WwZM&_w0!IQS#a1;sj=Uj;tg-g
zaqWy19v7ROQ~q|sci}~t>A)<9v#tdFG7lX|gNc`qbI<+2*olzO-*-EW$h9R_>>_#7
zy~Z5pH5A%$*rs)d>vPI?>Px-oa{8*V{y`UQU<;PzV_YsZ9G?qMtK6zmq4F7a1;_GJ
z+3=neOE2E#^R89o-I@0d;m+XQXSh?s=jx0j{GG^LEgEq%Qz^LtnQJ7o12cPynw~?Z
zvK*b6%5r{|##zvcGm^&Htrh3&G|nEaIIluxtDiJp?t1{fGQ&lthMEjVnc+n<-Syo#
zdXwR<IU%x-aPjsSmvjvv?JqGL{<jIsg17XNKq4#zGI9_TBz~dR<gmRGod$i1UqZfB
zHW#Z7_4YLIm7%7d<aHeLPT?IRmpJEGb_MVH@a}Bf8H4FMQ_eIp7%eDo)bHJnqP~sc
zqn^dR;E$W&PUCQETKIF1bevgVAcQ&UxoZzBoDQ1+)|JS#KUW(7zOo%~XYi&aiB9^e
zyvotbMrotYo8T{5^yM*L*DYQ*ys&>xXp((Xj+!Q$S9oLY?r@Lyai7H)?S)N~v^iSh
zqh}#*V>DBUu5O5VOU&UCh>Mn0l!Cs4ese!~ko7wAX74xexW0gA9|vb!T!zVFFduiy
zAy+H`DsuqCjJ{jU(cD>#-iAT4X*8o~E%9)CJDd0vnh3zeea7~UR&LClWAl7PZBp}T
z+WZb1c(ERwg9$7vA-rPnk?3dLg{<&Uw;p{IVz>S)3qb!9c58P(b|WTk@J`m*C<gDI
z%vj4Tya%H}iFr92?|PXF8P<t_lL0DPzwlAzE$AsQHmR_?ur?JsE02Q~?+E$PVh%cy
zAA=Kt+W>)UYDBAT3iMB<6popo>8^F{4JWZGBcolw-RLer%hE2&bk{N1VqqhWmMNqv
zu!O$+9O^jY1>8vaR&pTLBPYSS^!tW@1s+R^uE9VJ*F-fH3nH`dPv(Vg*VdKPhc)$c
z6iWnXY&0caw6~x}{0KEt$U<4KP#nv!E2FsT@L+-CuU!knjt@fAXnph<%=8nu2&~je
zo0<Xz)Rz4gBANIEf@~njZ&Kl*d4f5vApCMp_@krIU4}T=l?;Z0!_r;wxmnaUEl>h|
zkKzSQNB2CN9IAzw(Fe)w^$ZHVe#=HBqZd>0lOYOwB^o6dWfOo^e+_uGM5dfO^lMK6
zThXK*jUooZRHHvs=X1TQ+?zE7jAx1JHo(bv?F`ieIDm;1UDyJI$ope+g<?Lu4_#_w
z%w3O_EPaDJx`aV`{au)3M(b6DP`<)#SCh8LcLc(HCFqT|j@<PA9OuVevr((KMWExu
zZa7z==I7NcI`^m+lu2<}Js{F6J19tMp?|=kltLlaPH-ekI+q)FVDvm{RC$d%JVsRk
zmTIW6CXQ-aQ<W?hHC4%SRZ|t0NRTN@Rt9$Yb}*pbDP*{i<Q(0L*A=17Zzr&-^DEBZ
z6u(?&@?%Ub0;As8tQ_=1GUqe;`>hL8+>9yPk?`oN+{Z6-_oysCu;{DCk>|LyM)x@y
z$f2^^N>WE$dhY8iDhd4psLKm%g(e7uaeOddPaZBO56{H+@xGe(ucYUb;Fm4fehUl*
zzK{14;BPp2%wDfqaWkfU8T&J0NSSF)c{0-+!7|hAnHg#L3HM5cQ_dqwn(i#Me#>%&
zQ_5G=x5Y2;Do@IJK9v0fUUwwh=Zpg0Iv!vt+lK61tOK)K<Uj_F(bLH|>zbAc@jDno
zo3MU@?y+^Rte>lHCrf5P?5vm7?qk3n?{WhA+KYaMcjk+Jp0hR{@k^9Qd17VqMaWiE
zbux7104j*u&BTz}W~({>tl;}FOdSZV*-|O^8Z4Z9IR)#5%t-7n98Y?%0${hwsW#kW
zh_o)|eM90G>HabCib-Y7STvwP_|Tst49xXadIY0;Jq$Rq%{Ux99z&<I|Dvz2uXHsc
zKE(ds!P-xg05OYS(gs7KyMjX@4=e>bUgm`vY*MHfRN$wpUjf+WDt}&RDh2PzN6xRj
zY+wsyF2Ic~Xj%o}EH@ZEVl=GQk-+J@zaRWv7!jw-_>sG*ii?5T3H9OKhdShOl2he3
zv3>;>j9f$UV(f$(Waql(E|;c9hrn9(^{>Yt$L?+T@T}m6ca_F>%RSDgoq)o`U!C@m
z!C*a3F-%8p*=OrDh{L`K_i-N#JAC-I#9y4{k2dEygV>PkH4dhm=!qjDP^d`$_cv1l
z!J*Pfx)Zt!t1lYLrXebJnnnYd2Uw%Zvw}#_4nY>)j74HJBcngG?oUx>i@_MsLI^k+
zV{HctHR2l$O#ulQQiFjLvT=u%#>~-hgls%rgQ=BlZh+76Fy=L~)WUK7R2%*Z)_o#;
z`3e~;a?R=jHBdb53Qc-CCp4|8n$vhKywzn?7sw3SsCFZGMjOC8Ik(RH2xuCtLSAU=
z&W<Ly?nM*6=0@=BY)S`kPy0c77|WPWeB|VeW6nV4Y<Co}0hHBxm*b!6Fh@$Y<$Omh
z*4mp8o{)Vd8AmR3VI$xjn*!1R483fJ45#ANxTXgTw~*-S>8&h2iu?BT?{uC9AVIao
zs1|<!Ut$ICvRRGMW|{Blk)HyF9X8&LH|(q=O-R)IF$vy04V_9^(}}bu!aV6<qp6gj
zNi?Zop_z*g_O}$wGk{6FN8GYMy7oNcb#{A!`$gjR0yl9)T4lYT`5&WUW%Z8IHXK2g
zeGZHZ`_;0(xt5^`FmvrcfLm)C>Ng^*(KsN33O9-5oc%HTlf_V=jJq6kfufLx8wELB
zVYGLEA#5KS2TXvqj*lFdGRGe|&Kv69R3&DuMqH&SnCKZ`=GYQ-{uSeYYVgFc$1xSd
z9-U!<xj;Pc;Tyn8e{M?e$6f52TvvJTxjq2;(Igos0qo;gX`&MNvVTe$qPdjgST+Q6
zfkvY@!KE7LWmlPwD#FkBc*z+M-zQT+D&ilC`!xmlqW6ZLy=KHe2uTLkFi~pWI?<tq
zqEZ&Iz0geUW+FOf{54@m2y$D`PXH56VU7v6xE7pdURW3pH^7Y@!rA4yMd3p^@hFnP
zF0K1XSZ!*E*CNvyUniAqE33!&zzE8Rh3M<`RVPPwg{DMy83%&B^;I3S^ey89&w$AI
z@Sz$XV$S$*3dRSFLeBW`0K^UR?I<p{qxi@V>9~2Opazdcgnpr~e<SU(|8bW$<+4Ld
z67Qzn@d3wiJL3sQvXPJ_)PsnWdf-8aa7za{tWj_xBI8|c4OU;}8c{J|8IF&>0>d^3
z^T85*{id>A%_BRy+`%0+hfDRyBPaskvXTB=eboei?uf{apr7^$NCo#a@hsbfUD$n@
z{%NfXHIE@!QA$j~n-wlaQ`G`KeLV<2JyMTc4mA^Nq<-0^(5Hea@uI%o6}B!8xAfPS
zo{e&>L6@LW00R`cleK623a9F_O?E%I9pS22s6Vu+VzT~FeW&eDyMmGM#vG?bb_gJ;
z^A%!0B?;Y0hZlM}1U)7d^;KDYgPeac#}#3Xzo(fKwmQ<T^07CYicbL3#y?_(2=<2)
zOQAxse=`TSoiTyLB=DfIy#XtV+Y^T}>`&l%&bR~g26~r!ojnWEn9t{XpjU4AVGG*W
z9y~F+!`K=uM2GRv)xkY+=4kc&nBghv|F7YxAnTJo4*aAx)_y7Q$<||NDzw;Ob~G>s
zy0MjuLs%HBO*B7mffqX14;`rX<)X^pkfKAk7EeJnJU+0?iV%Tg+zLfvzr>$FhaS!I
z&p?~_TPFI%UyNp^QO;<@A&V5X3-XEQ42Ev9Kc6^FiQUW(AIe+MJI+?UvHR)gL;j~b
zh6X(C33|<|-PkVsyK<UJR0Su&^S^f;ID`9Pf&KpV=mKhz_$v_M$O3vlA-xpH8i2Iw
zD@7lpk=MjYZ&$Djj(Z0e0vkdX=uaVg%i&+)Yf}89EIc$%J??@>BErM+LR&H4u06ys
zEx4%m5JRreOXQ$uD>I#O+mxG!_QB;7qN$4UkCwPs<f-VT<fZ62@>2AIHz`_rbTW~q
z>CI8}^eE3EaRKCYD9;@4Hgll#N>O?xmCmA7D6$zhV#%TQu(0c|JxpfwD0`(nrcGH-
zRTjFNO}SmrdJ?~8g6EMOA)n1~B-JjWv`+()@fei%xjD3`@g5SMn~&p|^9RDG1v}Om
zJFk@U72$>6oX~;VJ3OozvK1m@XG%8jIeK^&C}~GZE{{nHib||WowvjM6XCX+G5e@<
zj^6P5ea+)yl}A8$!JXm5Zawk@B)-5O=F@EN;x;{>z<M$&VX#O~rtxrF$Tlar!?$}~
zq21^>!^xr^c^K7(@0MFG0u2{s*Ee;{B|6CXqupQ?k116v?LOt$x9SfQ$$7POLr8J7
zq&((vWGyPXPd#sf{sYmtaNZX%<|L2OmLB;GRB8_^@?Xfk(q09?nmW?D5>c_I#cneX
zy<A^<DoW7Pe~LbXr8i+$j~oS{(+I8`tENTy{2hV=<ERz87G|0!#yVPz)!vmZ`!AG1
zyBE0OlEd|GBhTjfICF}`<r7dS@dd94R;RIAqdc$H#61@9z*tO#MNbp_I|brt%41H`
zXptG}CmNeN(jg|cJA!rl?O%~ffUdFxZ4p29_Eo4Pt!}DzQ$2Q+Ksa*a_Fta@dLa{t
z(z357Q_{{SaTGY+PC;-G6AM*lWR_9l_B$v`jW7EOVP$k-MX)-riJb~q9FH6Iq&vx5
z&=oR|g9Qg33pE5MD8LXbG?dks&vP@8Dxf%#uk1xigB{A}c|wii6cZcZ2osMn4#C!z
z@)irAS&TTxs|Bx?6rvOb!a6<XVg<QNAQNx${6!)93j;;f0-Am?xIcm1yMyEApUi$b
z2Q3N8v{(3NGlh55Z^;QI8b|u`8C|C$qhEsxp1Zk>`7V7Gz7yM=_M@$#wO~f<FPJB`
z7y7Mg*^|;(G(YhRf<5GT11StHE2~dLGFnolXsi$#iJ!Ojf1Xb*Mr%p|>;t1ip${&J
z4nk~O!jmPp!=RLIDxsU5&`mfAkH806YmZ7ViaaRys(1ZW?r9Tx<kz@&8j_m-gP1J7
z`9Q*tC|eG+g7i?{Q$LHavqX--4QzD~!Eol)-m?ofg!4@Z@Z=EpIycOm#_Z^nvlk?b
zz_mJ^p<G@uvK5!c7Clmz!P`x^4=3>;E@M4JY!1y#wle8uklM;_08+vS8B%33bUuT!
zR(c-;b?s5gBJ>a#;}OXsbTLp?{qQ<8%4o=p#~_=l-IVV`^|6I+dl5;gxhXrkb*EG?
zcG@&dMJG6__NbEl?liUZ^L(;}XdVBJFg!@w2zi3%QV};~Oxd16tgryeJO$&Z#@>aE
z`nA-u030hMyB{l$Ot+2Rhw`wNyodY-`=4w<Ytz%kH=x+&!vPs}({ia+buVLGOuCv>
z@)9IBP?)q4dk*V1BQV5KG=zwr@|S~`;}PBk=O_KkTj)U4`rn~k)gOj%_Co@}{+JG_
zyHmr5I;y*(=r(nu$AOlH=GbfYdS`gwSeZjXgaL?a99S6%lbIZCMkB{SXcHi(ieSh*
z8M?lPs^hRf2{@zmiwlejf4s0*IpO46=E>o2Jqx-d{f~}Ap5hlZJn`e0#IQ;^8W;?2
zngp2=RfQk5Ix<_Z1M?Bc1em+VOB}Qc20Vbf05}^7p2mbXkL43}tNRfMu^_NuFvZ>o
zrsP1Dd<!>g`m+$?WFaO|t%dP{4sQDn${c${t3^{|W&VpnS=#s!l?61VX*42H;P<i$
z`z51j@XY5o?ZFNzIb1D30wAd5{3Jv**rA(zOP~^e1pfH2)=XzK%)swX{4%R$@d^hX
zb<-_Fo9*9&3&5^DALW^?rJxf#vP1wtE@{@NHpWMw&f1QSr9*lc4{Q!9iZ(a#c+fmP
z${}r6A?4U3;;n5^o*!!Pt{FEC#tf08{qzk!O6TVoEM+ysS-+;c#9kt3aK!V$@CqT%
zBD2SN-SBKCb2EakIy}3+ARj#-2+|VI06_e0IzBT;xXY{PU-VV=7#v5q%XT0gydCqh
z7m%VoI4-pYElNB}1AH3?7Es_L<7Ki+xLM`+W5~hL1D-5EMWmz+pJEb4X2a*@1<Q$G
z6nCK5YBaDM_lBy{VxLE;jqsFL;mNk!alb|^YrDk4tbhqaXg$;e7DKDlDExaRN#{J8
zERf3h1w$VMSqwE7!T39t7X{BmH#YOii$axj(hRw1iyR-oQ3DBIfEitr2M{|UQZIUz
zDpa5z>oLL%2{(EYzZbD|B>T5Omk1tCHYegBZKyXYjRF;xTo0Lqzs(8uz9<-g24y`O
z#ni8}wlnK3E<IxephLCxBW3V8B}sk66prz#ddQ`xvtCWXFqL=@^IOL2*C5<hwxAB>
zV+91FSN;N_63Q7YQj`|sPY4n->`)KXX+3=Z;^`>Hz)sFjr#5rJEACI^eMeTw1aFNO
z{(buN_14w@4*jRNSLV?FIq$!VK6^su`#H?c(73N0Ph$R+4T8dP<OX-;8-oR=3lk_k
z!ZU1~rm{(G`ip^R_JHZKo}{Lw`3Y>bQ`wN8jJWx4A`P*;p$y)mRJ}z(c_DRqrUO@T
zZP%i;ST{h5?&1)*;EXrAA2+oNCDPWTd&s5GIt!->QtIFH2AiGiz^-K11H>5*D*Um_
z+*Swjcbu^kPAt61V>MH#Sxs^L3#{Dj$5Hb)2$E+Uz++J=V-qvFntAre<k4yOv&<A;
z4r04Fv)w(&58Ay;oy&9D{hES0rrn<~`ghtLJRfZimO=>f0Mms$yWoiDe2NX7ZwT|U
z_=kMh4?<0fpB?~7b%LfHsMgW`JDBD3R4P6#MQ1HxpNBng&zDQM9J8!#huJ~(=mE;P
zcdQDtSeO2jO_+Lpo2M_Yk8aYVjVuajvFg^cqpB>Zmu(9l&4qU^(xWv13xA6#@3*`;
znrmL+)+7C3OXetd*|zdcgbH0}Ug*VxZy>T@JSoUTHw<)<6KQqK;f9{%OiblS@JX0C
z%sG@3>K^_UxZjp?#H7=3gMN;15u)P*FA@*K&eI`tYJSuV2GM%h{F$(k#CAw09Y1Hl
z+dZ(Y6F!RRG9NLlz0*Tk>(OhGkfl|S^3YR3<P5B>;C6@{r0qqtJe*OXb19T10SI#=
zgo&4=EU(9dqZ?5Tvf>6Yc*UDFa<NFFN8g3A=zl3G%1QdcSp*8WW#Y>QN8blj?OhHt
zUm;=70!a912R-@<i|&;54fRF~&}p}2zX7Y^Z&8C2T_B^U4DP_qZo15;1zDX!COHoa
z@KWR?-lIe!%SF3Da1Zh@&vxeen~?3SUHk>Nse<5L&H{kxWD;rc8fPhhPZ)!1=IIeK
zgcDMOaS<;1Dg5Tep5_sL8VJ(O0p9UZ=kkquG=%G#$5GktN>PpSn3sAII~*~DeqoP8
zc?x|r2#~k{pRcl&PH#?UpP{k|qDRY^O}^y0Y9LY2ebU*7(1)Gp6*K39gV^8L*I;Eb
za?ZePg8gd;+ka+kRBIplXR3ca#iH|Lqg#uTPWQ@3_ex6l3e61v6J3ja1MvnkH^IaT
z^vIRWK}@M!E2i5xzg0+E3=M1TYG<L-1ZV#MVGK*L(v3%^qT7Sr1?OOPqa={uz;48d
z^<Q?QvLtE{K#yDmNhJ96V!QL8H?Tb#{--;1FD7T9rKuUY9+?ahjzO@~wia|_frviB
z<BTkz^!3Q65RPLlTz#rttgI!<&XL_0I{?<QUUmB7xqyJIq%RhHM_<$l2U$V}(ifkD
z9XS31f=%~FN?4CFZfBol7m-RFu+}3HhR&jVaC03kCFO%)38k5S<;>TlnpgTaafD$7
zQR!VxXqvLUE?~&^;VYd(s>&K^=*U*q_;xy*YieoH{DRp;W$#wm3i|$Z_BPzfdi)i}
zJA6b70RlonpQ)SO%HIq2Z=KIEFbtJ4z&mWnIQa@?rJF;{Ziw^B-wS<!p%Ei4M$i{n
zaslGQL>!?+cRW@DA3wia_*+-77sI?MVYTIrF~>NJ7@`*NC=Bhv0LCC%V!~&Ru(RMu
z&JLBXuz*ws+_Q0)8sI(!7e<~M{Ed?xyqRb^;N+U1F%_Dx|B*tIz?~CAB>sf`0j?i=
zxMhL^E;r%H6oeCr<5%#4p!E_12VKfR7z`E|@Zu|3V7g?x@I473H$g0D%!?3cYZ}m|
zX4PORKrjjV`p_Q?L2qmg^I(vQKPDP)Id7EVqL&XrvUy_px4{9a_|fcWddd%l&ZY+T
zQUfj4Hp&@rL(CJYf^S2+pn~uwH;SHP(XCo|izo3CM$%9RY<2{vh;&EE&glDy$`IM|
zsUHcql?Y8$xc$?VkQ#A^vxLDxIQJKN!x5J?=Vb_D6gTi`PS#W=J0@PlX4QG)+@YW0
z)ixbMPbD5mDQQF+oR*mQtJquXc{8858Tv{FHeGqX$n1@k!2wFV^9P%`<t{veM<Y6q
zdUyd$A<z{wd6M^e951t?A{rM1)F+@1L~p$lt5r^}^`PV=UTV9(hVwlz|6*q@RBGPo
zZ61xsvCH7Ry>YHfLwIdYAUuSLqV;JN92CyFV%zi#tnu~lC2QVmAL0C!>kfz(QO$a+
zIt4cWT_Rl55eU^RpZjqtYW_75E+@h%SUwD%(3ZdQ9~B2LlfB=s@hTUTpJ^Z-ym2I6
zrc+aqi+7=oq_4b!v4|)B9O(lq=v$|OHfRotcUFxkb!JNTg{TYXiq%&=!XwA}QceRH
z^F@Awq_lT+2BP;y0sbVLlTEfko?=w9PAnohA<%1px9M#~Z29eoZ6_gmrXU=i+6eYz
zLL7vWh(i_&)T#;QW{8IvXnjG5*BuBsLM_aKX=ybenhC*$3TQ@+;6%2DhcmLpu0dzk
z$(7PJc@4mOVxNuf9Euad&FLIGU_Y6n)*i>*h+@|Wku%l+<i&?$5r&&p+@Br7sD7~s
zgb|`@45LQXm||A`Wx8?!`nIK`GAgjGq-Q;**h_M<fOfRo<Wq=e67b+XEz0iP))n;_
zKITK%&Kv=85)z3g&|jSMQN8%e1`JC+E?DC+Rcy{W^IN`;CwQA!G3EyE!yUs|;4&sD
ze<desE|k5};15(o_hAn_H}omGbNd{QB!@2sz#&fK1UI*}Z=(U5uJ<?|oc(!T0d~{w
z#c~qopYySyhIdARKOC(><!Z`wl2B?-A(xQSg`floES`x>*CLK*G9}ZCDDsT-c}UAv
zWokaPBC%Tt@Ck@)`?`_@><h?_mwp9(&Dy)ZErGqDFU!ruvYI_UySLl`EQz?1C!7zb
zD}MIsI&#jDZ~`W0SOJ*;({+&x^lfV%sD|aae5EL7z12SNZy0!j>GOiJ-m$uFT7Z~%
z)PoCWj1AN4Ww-1__u%OvSub<!0mo?}pb`+XehY!{_#Fj|DHTo@8rVPLLKRNm@#LCO
z<+Gw|(da5aR8?eFm&7KOBswd6#wIxn(PEqkojQl}gpk9p?1y7`1U2>wk>EnQg$C6@
z*?i23*c)o!MmDa8u=He96@@uy*0Fxga32mrYrzhZ)!2b4m(2dC<y)wuQK(xx#?Lne
z^Q<4Au;I8RWmg8|)S-H}1jIfA<WV*k^%N2-ul?GDuuf97BUBL8&sn7K;q(v83Heqx
z7_Xeiz@X?072sq)1c&9XebUN?@a?{w&|Y=lwm)!vKE4=)ur0ixI~FFN$9;SWz7+n3
z_&vC9h(93TKa=lY$@g#h?VLX;VcQ{J97E}yg}<^G{m302Q{*zcgP|`{2U8sVV7&nH
zFGc^CH3Gy?&TK{v7GST`tn}kmVavM1G;z=$PyD`NUS3$ctp*~7L<;DKFvZ}2vP6w6
zIr>tr?3lx!M;u@dcoE;t8-04z1O^hT{ZKsI7(Wx%Vdx4yqSUyf!1z%i`^D4Z(1C6n
zut2i<Qogp#<fhDZ{^kZB))=sKW=`_q4YGRVbSy(j*(F2EUpKbS%Q3cdZK(%ANbD62
zcg;;6W3pe5Ze;Gw#pQeF=NNla;Kr8lKV6|4*;WG^?R`OhOz4Vr0M!!X1T|(`m-w5i
z<#anvc4qWHaDL3v1H*)^=I}Yv`XIh#lZVWhllfRnX>&t?aeIMrOJT56_@8J3SG@Sr
zfYR06r<Sm?G2B$Z_fGy68LU#?^Lbd59{C;9oPt&H&4#rQm(f)F4-Ia|x(pjl=H#Nb
z`lr8_a~)NlP7D3tG|@`%!U}Bpej@F?&@V45gU>h6^`67X!?JB0PnX8iw0xB42pYf#
z=GA^BQUkhZ!m6~a_be_-tw@&=&yB!ik3vtu%K%rhE2sk?w--f|!2-ms9l?dsV%~)l
z)}bFL#g-_0C%-=f-S8bAchGH~l=vKj4pHtQ^(s676x>T2iEzuS$y!I{FW^DEH-V2<
zR8?TV00pvf=2d<>#(PSBoX>t6TtW1Dw2K2^K-+h)+n{y1G%*S`P*i)7pEg6PDZ?|i
z!1V05C>|gae%{6X<f258iANt=tU+YtQXd}zo5yy`;i8YpMOl4Qr5KKV4GWy=ZXp{i
zA*wh~aq@!4!bt#iYA;N4a5YEdI|>}@x7VfGz-L7X$~OE7#37hV!Mot2-hwD1)95DV
zB}47b05=dO_6IG(jKsBkP5}VaPDiZ2W;c_RvQm3*>petgju~oiMGp7(y=6Nx?ccpz
z4m09a9xC2n=<OKHtG(WT7aI$%LZ4OE9_Fd>#cw7%)WH;1(2$WYr(?;=ZQs(P;%pkx
zVmwnjUKvaHh=P4;gPkv!+6}))PYf5n6}MKua*kV2U3%%>*`7HCc)1!7C`^3lWc?CM
z8I6vyKY&E}{&`!B{fUiE`Qps-|B~|gPojK<Q+}P43xj?4Crl?djs;Z*=d*IlC1&eE
z?o6a;MVSE8RKah+FuWxX?B}$@_ARa0rnF)knThS(3~X1Yuzj-~_!7@$oj;ZM06x9V
ziDPpL50p&68<){>t|d=jA3_sG7ntJ;qdR1n3JpP#U*0arK6fHtOxg|cnnC{zDd0Hk
z5SgZYURJMquG()xgJ`R*yJ@QT@_n}Gy~d`*V}d^Mj^n1TC`(Q<8ZpWjn3FLb3V9O4
z<tX<V7*;^{pws(h{k*EMylLKt=1E2q5AG?dn6-xT!;8H+!3ud|u6(gCm~Slhu~EBQ
z(BG>u9-nAd58{J`p_1~&LxWyp@lY0TL~$LW79PuAK_>-(dO?CoBoz2x=rYig(G=Q7
z@a_N~6I!nT{*;QJQ}K;(AM8>Gzm*s4B9i$EVFF%ni?{uV13Q&HP#oBYDBxj0+Iu_o
z-R;-^i2d)F`V-6Q5z^J}^KxK&(eJ}$S;Sw1{s#ROm=VdT8H)AI;V6p#x*@>MQ)E3f
z1P%@nV@v_#))UuGRy~V(a3PdI7rcKkeR4k|zbEqHvbIRPsz=@gJ&C1?9g6g*T`;g?
zHO#vnq%?Kz7u$@SX`t&CftGduATW&wBe526I`YOL&m8G5ULyzf)r?ua0fJq}nhNL@
z^dLlj2o%l1oYkP6i(r^eJcB?TW|PNw2(K@t-tNH$6<BQyeXQUUotYctwiO;i2nNjS
zaFkGwa7e<*>w?gSH1SWG*`@KA&TTu)JG@*2z6;^6ysUjL0C6s6!Rn-c-Pqoc7@k3^
zMia55P#paX%Nc0FhI=VW$Zr6}tY#mNu*I>#5|@HEyr1kZprKS2ZPp{5fVUPMl`4uo
z;-||D4spb}`gv4#G9|v3VANyH0y+xR0VBmTnWbJ-z2;Bk0s&^0qOEhCYOz*De+A)2
z>qVWRPG#7)SV>9OZl+y1Z<&m7P5?z@5IcId3_Q1`*gOmE68^wQB{0JODGS8$4_KWZ
ziLevU4<78>P(|`+B^n^X#{=iUh<1pHE_<k0N>GO<-}T5?)T_pvxX7-=oi!is%Kj(r
zObl0jG;ALZ*8*7DP-CwmxmK6~trQvXbQB~qk~)$%8jrY1%ihiY1=YXzS6rL)Ra!-<
z9zBTW>#Iidu=sKw7GKU&0o)<$has2H&j@tQ1>ms@vp5OEAuT*V!5;NzDuA{drKQ6#
zXu5Y&2HZ{u9Dy1fAeI|o@=Czkli4`-c0JMn9vB5jM@n8A`HmFwk__a0M@$OwP5{_*
zDPb_0D~x9F_GzlR4Jjzzg2gCbn_vNqip-^W+5#9%fLFJ$3=>Riq-Y*7OVj`X*WdAo
zT+N|t5KGh?Iu*MOa-^QWPXI~i>o-a}zfBQbm_blqpVy`^MQ{ROMz@1B^c<hW<Iqgk
zA|vqzFhD7LoQ{?R9cxf28im-LUE2%I!o4t`=u_{Y_oOD<Y^m4EK@Iyu#0+!~Tj1>Z
ze&pAkbVzOY;rA`#IqdT^Vf6dwAO$5lJ@OPmagZn8#Q{h)#Q>1K45i?KPGEyP2?eKM
z{k2ROhgB#)8hs4|zP%Let`$f9h<I=N8`PDk$$)iSgcV&$Ag+ORMCYSWBw)`Z0}x88
zS+d{=rCBBD2`Mfw=Ri!4L1U}%v*j`%Q+`%*AUG`rM5KOAF<KEC%{7S(n@QXAOW-_(
zk}*%FJ)ex4_L;E5IC0oE`_<vZOF*;wEQ*Hf6RLk$vxo+dq2mqCksF<0hg~ATiaZ8|
z_pftwE2a@QG<GQEIzVhD-jPN3E?R(Tdw>NVzR76RBfnujjdy?FoorLJk$~7)&w3qV
z&{tjRlJ{xj=|}!r3bq!1f*Sg&u1-9%EWcWnuj-0lWl=Dpy)}oX1V6zGkJNerHUH)o
zv<l1f4b~bQQa}eY4qA_MmjafNB3J{0C`t2bO@WCyj7G1Z34_rT@OS{%Ze~N{<W^Se
zK{jOAQwW(lzdb(wa6<r5@<NL{M5xRMU%^EX)iLl5W1H2}uGgrO7sP)yT3-bK=N^t+
zj>1?M3}B@-EXOYwycgcQ5U$=?D00SA^)#$IO~3Ww))Q2`eh1=x4;{>0EM`jFv#+}L
zC`YfwZ}5Hk$Hb%RStNw(aOXU@TtwT!CL~b&{&S$X$Y*RqKrkd0kTU}VFN9Mm+rd}1
zKeQ>jJ#?};9`pS9$78Jag-*i>-vbLemVY@n=Xo3qZo%_ZoCUgp)`R)97tvh<PY>+m
z4_NR-R|{SO*=9Wr@iDZ(b1!mo3>EoyQ%vd#%fAVB=i)3GtA+~7cHjtdKLiE%<$=)9
zr+rwCI+_z4XUr=GWEX1>`X%1^i9s`1Dm@S=3ykeRn2v=R@AXMycNn1ru?E=ODu3dS
z*2B=HR7z}P!BQF$`ubzIVk#w7Fx7kr{?u8&!%D6>rO@~waRPVRE)$Ed@LL1HCnEEH
z<sSr3=RRE7yxr*JD)xd{tgccX+}#>4K|;=|of6Ah3^rQg_hq{hze~->fV|CVDn#aC
z=lQW|=%-~n(9%L_Dc0<Y`NKdWvnANK(pPP7Td1$^sGinZuoY9eMRW%a_;`Seh+m)t
zp8QHpiA5;EUmAFUY-$16S+o1&nRwuGq`wDZjI1K8%wxY6|0%+I0am_WzmE?l@aeK1
z_9g624$%*`Dx!L1D04x$e<oq9fiWAz3+PtRwH)F@6!GpP-nOU>ab1WnzMO=+%X=(9
zA~pQDt^M$fkdV!zASiHf^9A+HZBV%>Z|=4>It9N)L3>o?Oe&iEvwm#yqI)2n?&uUG
zeHE&d?T{s2xL?`D5k^y0Zj>tez3%~zLX~Pg?9-6U>c6S^Mg^i(2&4q@-8kGbP8kH#
zagvmLcWg=kg3F8j%XSf93IPT^D(eN!!D_KD#OvXfj@SyE<i{^#)V{3YWMu6}cR}n3
zd5lSZJWN-OA9B&7+u%{0_m4JJ7egJ`5REp6HdNJqE6(OA(urX~WF42dFb=x0GD4ME
z+px?{^8084>k%*}!FRajs=Hnbw~WwZdx03gG8EhpZaFQq2EXV~<_rBX?gKE67@rLc
zV$DxLLY(jff7+;Nqc)WKMrcQrJU>79R47c-`4B?_CmMPr$i<+5ddL*7P!(=#Z<Kz_
zNdI!Qj`LDIGDew~^>7np1(`jEt2wC{zh8xwK`w4qfH`waarw(w)_mD<1*(DLic<~F
zZ0q}HNL!<YK+JL?{Y_uYo9LJ*#!H}svR$qHzf~U-RDWL#e_jQXw?4ATi@&+i6YAHz
z$rtKlF6MGwC+G;Plu!*-CqHJQ-_2)g)O@^o6V})MM6Riw7gE~!sRS7^r@(U;*O9Fy
zV9Vx-pB2}<5YX0Mk1t41nN#pw$B?WebeAfVmDa6OM#ZKqrw!zW8{AGgrtj*IdhKRf
zr;MP+oFa(N{xirZ{?-krVqpX#HDG*2tb-3ftVPHo$`wzu2ztjj|BMs|b5TI!;%XcB
zCzPJgV>{((T74<|3LpP~VPKf8z{Pw>x&|j;R`hf<_JDL?yl~0bTXCu${Sx#Nr`KF?
zsvda&h~TJWQ(V>^fTY=`T>8~azX!T&CHAHlZ$TCqXbLshJisF@fx^0NRxzuKd0@Q^
zwqR5j*-Jo2Uo}drxK)qvpjO3g>etjNX6aGBmCwG)0Z4p;@e_zVFl0Q_D)zw0tPD-V
zGpptpEN|l7OaXr%T0p02KTZN9KA>7w;gE&>B+%5Mw*m!wjkOVzGz>=FU_@z~vHu1j
zWY}-wYF*IBk?I7Dz<3GO`s*P!@y!f7)8gY3%cK%OgY2FVBDxd|PP3m@_h_$XKZ1Mf
zb3dAlaX0aTwFkF&$_~OQ;PwR3OEBAtbxj?qK|2om4<S~lj@Ya%sNI;S@r6E*qV?8t
zVgriRt67H;Y`Yx(5-8ff4^+h$d>V@J1((JcUlf9^B8;Ov?69DJdQhBSB!j6}22;Kg
zC;dtqSk``0mgmLkY^Gs?BE#ihRYamke+j<LA5r?&x!^W@hu4kQ1}(%k|Ibi@m5H7r
zSr|qM#O_Qvf^{%E>(|J@j+>N2&O1?^2DBU5Rz9{5Wek#6YOSH%DKqj=&qWf1nH=TW
zHnwZKiIy=8P@`Gmoz(2Yop?1f_8IvJEaqZ#nVR!ULwH?x^)XZI$PZ8&yDgUtc2o>D
zYNdfjZDGKs2UYzUO2Piy(DF*3{u9J^_1W<z-p5+D!+EF6SUl>^cPowbUk@YUMrjFF
z#;|7(YhA;$AL19d?gSxJoyOG&_>?JS&6(@n>6g14ulyzBU-iiTNVOiCihke1%2t1L
z7#;LVz$ShvW(jC0A|SBoR57Xkc=jZ<z=HS?vm}J^FJT4dGsMIQ)Wz#yRtKx`a3&^$
zn%jB^wZYuI5PHez^RQ=k=W(P1D4}H(FToj(TOp<}wuB3y6gJxrt!~^c?`yMGqJ6;M
zA4nRh?1M;y6})^){ltkACUbp~d-gcbFOMH`1^&;cz!KFw=Ly_ePoKiozp(7rl0`Ib
z6dEcSP8thNWOo;q$rFF)4%4#^ew1531)C^b&)?-*o)vGX^=k&vI4#AlEzvoLrGOrN
z5m=iyVGrtI++dBj_GOO`t(pY-f)XzBQu8`4D|b&^>DUY26QV~<!sASg)d3xFegZ4B
zR*zJTUfg;Ly@LU|AoMz-B<m0y0Nrhn&)egCAbiB%90^#@f?oJW|2H!2VDD}X_EkKs
z;CH9s?<9Zw(P`SiVpnWU7UBs2OgxF_w;*Re_DQ+>PIb118{!_^HpCC-^ZR-ERzI`R
zRr1x(Y#hgXo_3Px-P+L`wikqXjQ5H28eeQ)F2{)01OS-f2j7J{ttSAD&ca{6;K78H
zk9?M8%TNZN2|36}Nnig7vha{;d-FXSo;r&@U>pw9L5J!zI&2oFudoME-Wbe7tZ+PD
zCJ4bCvztnDdV4p9eGDrN)~me3q6JL>$F5;E9n@n){r#)Qu^k*bxj>Z*eYS@#%f4FW
z^M{jD@{yAm5Yt);hC;%i3mK$_q18~06#;ZR@`<tRW|U>gXA830m5*~C5v@TV8^k`A
z8@z5oDa>-N-|0Kpsl$vB2ad!qVM>UUr_Sj=e1`(gNx(!xU)A2>-u*nD5J;pKi=M+v
z3)oW)c<UYOxXlJw2kjDt77x3x%kXa^5Bbp;2+z-v5!InVAJwqoeV}WUQsX+WQOyvv
z1R(}4{aJn%QR3jvuAr_^jKL|(kk^>QhkK3vu#P%_t-0N?H){%l00B(=E!7_McVP1q
z+m|bZdCa+Bge7S{Fz~W;JZN#8$<n8)PiU{;fjOv=2q|g9NlraSei`rr#}!WrUsCY=
z87|Vv@P{ZW!25`3%wS{~0LYwbaX^l;-1ukYRTYZ3or=zS%EUDQPvZBnV$sRC+ptyB
zG`>@&nR_@LU{lflSjNLZ)$?&g?B;T&V$q>o+Kc-6y{?$wFAd`Nqow@r5&)#JyoC2r
zAHK~fOU)Q_%;ki?(QuhDqH^tsjqH5%yeNzGr6(cQ=__EbuM=R&57Y_`o#A7Y@72|p
zUeXQsf~oc}U(Yi?KhBF0C35po`IchWu9&+=Y@~Kdc=vv*;6xeidgI=R77$US0}z>l
z)ZwQdqVt$iDq$4_YMca^<%Ew_<%V}3F<+8~zu{^yL>%UFGG+XI<3~Ao$YOq{<_0_{
zu@+OVBgX4^`ToHtjYnBQAvI$JR#J$K9dlF>H<WB*LS$t4h>}}u<Yg(*-2E)@DLLvJ
zUetE?zyY13j|MAOP%Gh<qk80@0KhEdz6Wp}&iB|!XtW?tUsd;bcbrdpyY}cd=yrjw
zue!Uw8-AH%yE8A0Q91gm7p~X2cjZh=SKYn4E0h>55@z`=aZ}&z=5o<!#gbTcOSt9w
z1!rR%c(V@{kwH;*mduy{$gjOzfFs$eg3*N6bU>E9F!$6~t-2n_O+k*~zprB?q!N~U
zx2wLds9qt%o8E^!(*^95D;v@`baQPV&ej-WS!`2Hs!f-m{SeWRv8*6w85UGIb_l&2
zi*Dhge|9zmF!QBU#cDAMM?XRv)DIk)%S9*~UhGau$EtrgoTp0kr5_>O6p@#0Q;}!P
z3#N_b9(;??^}C-1NEtc|M7eA)?z8-XzAAE#u(}gWAV~Sv<vijv9<Wv6Z^tiwKYlO#
zk#){PkX?+3&E+Iw7RLf!@G_ymWk?22yz7LKL~LZv$u#i+$7h(h8`bp4Bp_ZRC^dlN
zcLfgp7;;V`7{6;`iqY;}QEe3j3gxuRU(g>-u6YW41v{+yBi-fJ(bfyVV-`M2uB<0<
zZ)_C)*O^fgw*CNW^3!NWlx`t0NUg6(w=Wla*CX$MV)$8h^_=jtv>UgnT)_rMwQUta
zlV6W`Rt)*2n)MW<EA$N2?JJ=5E`D5o8F*|LpjDQ%f<OJ^*kF#GfC+@xksZ8<X$l;l
zC=&th8C={?u4HerN8`@y7`wwA-s{Fgj?&x1jc$7YW^@j-$_~q=Er}kfOkurT9Om4F
z^cVato=p28=N-my!9EXIS{c^wyM-+A=Zt@Xl_s+nVK83huNJr5MY?xJOBC}i)u8Zl
zwj^of*gb&6>h{Z23%)|O<K|7bC}^~`2ggfHG1u5wk8a4FZL&+Os-c50qO>)81ajhW
z8sLEkkvtD<q})zKqmWgXvww|d#J3XeWy19UoN@4*UG^~4|K<aGEpRn=n29x%oS@Ho
z2ec6@J<khAe{8TKSo?~#kMwNafDZf&#FT%jJVI~L8#8w6Wz@2_0-yTTamT-mXd%D{
z&#+PAa4tJS)IjT|UqEzZjlh)D;X#iq1p@0*#YYJ*+~idij*^cc_^^KnAZOV0a>pKh
zK8>K72)Zf+|EO!zkS?bI!8t_0BR*h(zR-H`>kRUgt+k!i8m!;&(n`J;Ykysc+Iz6$
zgxct@_`T`O+ApKPdQjE=QQO-6S^H0{{UrCR($eE7R@vh4!iHME!pc>;H4BL`pfH}$
z7Gni5PAA6k#3;Y#W>)%u0~m|(s~A8!7BGTzIN+4awEF-WMR{nvQpp;=2M3Qr7!Vrw
zF5RSA3}R_64p6^q?iZ>2m>2Nr7)OL${JjUbcnv_n3!z|Ahd_jF`SiEwG-ELNf(>;3
ziHH+#l^~0NMAU+K7;6D(I`@#y<%-UkZRsp0odu*b9Y87hwGfqA`4zBXWl1%)JLqKF
z8Yk&uYdtf`@wL^~p8KR(f99pNSu07-LvqcqPDRd%2P?&*y=YlBm5wPYvonq2B_Ocw
zR8%IlrSd$f{Hi;s)RBtnAS2j8Jmv@*h4c{$^4d&{HxT2Q3Zokr`yF)hlt@(VwkCCH
zX6-(#{aH*}-H40*G+aSS9nk|B>i8Cxh~MuP$VYf-mCt%|ZXqbM-v*GwsWm#Y_Bz&%
zs@m7Jt^F!%|CY6Xs%m3+*Q`#NweMo>(W<tuZS8khdnRjN1)%Se+8JL7Z_>?w_hm-Q
zP9b*tUTN7TURt~PN5tNh*pI+g&@!ogYi8{|D6oE~YDaLf--g#{NB(K;J$6tqiNiQ8
z6VuO#X{y3BjF{$OoB&OMJhVT9<Jp8fS3wpK@^R2~d?229&?9-UzNUbOl1%rfVXTy+
zD(y1cH1lgV^9<}k+3XT+4P1QsnZH&i<I#Nf-mwTA(s)0DJz2jc!UijhOKV4P<cPk;
zX?{mPh-}h9<ayLUh74FMz!3V9L>u-`GEMUy;=NqqJrfuEA`bD=Eu7AW&H-lbf2s{{
z&tqgu^Hxn9T@{Xh+>@$qV%TZR+ezf@bn;fHc<axM4is&!${5RxugJy$Wk)lav4<HS
zstm{)zb6gqm}&}_=plH`qUyg#96hqvSnp@*awTe8KLT$M-$-6s`&Eo2>Ja7Givi@=
zltkngK_B)EWGYG66`AGY1?ezoI709maAh>vLkXq)ic7K8W~><ksKm|`8PuowNd1|r
zehVzusejuMdoNRJ=;C6aGjh?7OP!x$00GU-t#vYJraQx2K(*4OIs=N<y{xC^7(?y5
zkSI&q3vt=NAEvQq@s5L*J&kv6-d%+|Fb(?ny+90DWji1oF0c!aibJX)-Kt4nWLQcu
zYFi&K6E&>krBw}&Pz{|Bo!Z|V08{Obtxp4nRqV&$P(g%TDp9TBYcVjO4ux(xp#Bj!
ztXDuGZKNxhGeeQCY)g74N#BPU(_RE1r-mbzg-3AQg;fWts(GoZII`f3$DgqJrK~<2
zfMBZ`8TK*`5bd_Yi#egR;$7v5DOaZzxvCX&4b_Uz;JB;~pqOq2UtwXbTq*)w#7nCH
z13+tS%?BH+0L1mrRwHcFLqJ0r51+rX4FEd^rXtHNpJ&kf5$T<y=y}`HyOi`MlU_AZ
zC}PT4EXhPsLKOS&7M8d1(#rA_qUcE!x!GJ?kcr|GbY<&Vh2rkEC}t7G4lHik^#D@d
zS+O$Ci{C-5^w>|g`hieqs|ljDmlNN$3g3{n_-cr63Gi8u67olYjNi+=qkxk$Y<4A#
zSOWUKP&eL*aJK3aPY`M-WMqGVAP4eS>y=mwmvwEtR*z41cGM$HkpF`2e8t|avJLSM
zwc1$6g~88LJGCx-DSzUp^^AhEQ}@oVX&OX^lM`|#z$sWS1)*oLei)y8h7*Hs+Y8N{
z#8>2Tzv2>a_)rH<^AF`Z)BI4U@FA?ogy{3}7#H7YI)nG}$^uV(Ch)ZGKLay$X9WeR
zT?s%gRzCSOuA9KO?2z@w6IPfsp3a1RcQKLS1*C9X@h5;Ru{MReg{fy%8Gm42A@{_G
zmN=|;RaE}Q*%O+yD3#xAL&E$`WI1ofXQIa9<zOT6cNtfG@lIW=9_o?R5HiQ;g>Xc8
zF9qJkFbjA1QL#~APmgNwpm-WP`WYndtTql%ArF84g}8v|Ej@ZODiHup`XQD!eP*S<
zxw219sNB588~sd=TnHbFhkJCX^j~;BQjh4!O5x;tD4c3tv>MQ_<S(CbZ?>>`vn!;k
zU54K})T0AXExftE%!w6@9+^oCm;iPv3ouE>yGg)Co*CeYup+<|#rgDh8PDr_<Y$i!
zuhP(g=O8qA`MtkY*FUK99bEhkm?hvl`ZtKjevXY3Y<$$ohZ>;aw*1d>6Ge}_0T^<E
zTIxwfVBCr__}6FzWkP*}GZd-CSnk9FYA)$JOT#xhJPcGk_<^m6Fqgny0aJpFJXtWt
zRhE+HZ-mI4`}Y8Yd;Ho?uq%u+RFQfR^c-UNGcjO0>?<YYfbqF8(Je|1o@9<<gcd!S
z_BX0f9wKEG168P_7cpp~X#qUK-_39}aTcK&mwAl0)Jl(fK7#tyU})UVVx?Cp56B76
z4Z@t(GbP3(55Z!}<uk9vdb(OAG#8d&r^tCwDs|p{H2OdGc%Oh)<q_|VRPO~isPTy*
z`z<2u5wc`H=TjL;C|oDFp_Q`t-EDy*Y7563IzNfI-ohd+h7)J`b!KjCGS5<BqlL3G
zHcAC9R`+`#sa$iS*BIw%?a$^!7`Yw^kqe58=LMv5+<+Y8?L-cagm<Kru%mW~JM?AK
zC{FkQs~H`Q?Z!mS*kbQw_r!kAGwhz+%Q+XD#Sn}AEd@sjkC0ILb5;~n!vRustOyrL
zvey5gDC%f1{Rs^mhfUeYK4>KJfviX<y!3>mt@qa{IAc_yqlcGBL<HZ1{;qs>u^t(n
zlJS?SyZ;<$1LiFrD)%(-Km+<C=Mv%!z7&=(^VkPqQ&RsLHW04@e3cDk@0ia9Qj_qT
z7pTIxyRYN4u4Lf_HXlng+1CPvb|<<?uYc_T!th84-|ubjB1s5xi~TUI_s#;lnx+bY
zZ5Ts9b|f!;-)Ijqp=`JvdpWBR={S!)9+jYCZXsDA#0RttX;>wGyH2M5_pfwv*?~t4
zqF|pv7Lgg1gX{;1jFP~vk^F!$0lo#bV=VDgWZL{Ox;i{`M5yIY3FdT1j*=4e<Lo|K
zJ(+eoaQUB|`vy@_u#oS14tC|R@d4FJu!itmo{q*8oJE?T#A%J^Ru~4GMyoGzu`UVU
zyA%odC<^g;XSWPH$t-%E$?8E6eRtq+*7wx->v;G3AHk4+RRg}>S}d}g2{Aj}<BvbX
z>L5>DN!p2(;z38LkTd)wo(F;6R&EEBwTD_B9N=<fGk!c1g@CDN{buVXj{Ps5jy$dP
z{Ou{N=MV4<E>5NTf+bzF0D2jI{{_3;p^sB15nfRTKzr2zn+gjkt6yO!mD{JNn`i<p
z?&Vq%@t%~}h%{_mv)19;abN29UE*Yk8{sMc10xyEykN142gdP7b~}b|_v8jU!*57g
z$Zn`}{#|B#7~bd^&Ih&U7S!6jhC68kcum-SH{#ydZM<qS2ubcn9h^5bKH+c1hmM#b
zk8v$misUJ}@sJ<RCcwjV0khy$OZL2Z1Rh!0SC4xf-8(+KXTSPg3@R79$Cgi3LE{r|
zr1(kp8G}l7bwt2_$v$;i>H4hn=B)H&Nw?zjR<_0Ww=DQaveMUNrT?6j-kOzOn3W!x
zl@4a5XJ)12S?Q;<(k)r(C$iF!tn`bLZf*bbS?Oo8(w;2&?9amY)2y^R3tr1gAIX9*
z%qriVRlYAP{bpABtE{w@mEM_^ekdzFPSUONSd>-%YF0Xsm7bH8-kz0yJS)8{EB$d+
zx*$s)HCg5Nwn<MkKB0>%Ft7EZzcKQ76TJezEbufg_)UABv}vmHe1@)sAD+U(s%C_1
z_-!(J!_T|T`Aq<q(uHy<bi*^Om;eg$>u?JJB18SWlBTLL0Rb6XDwlCSxlAaKi(f-M
zBNsm*SN9ar74MdduSPB-H3B*71@vu3)gt^TKvUHq4P#eR)zF$3c&X4zaTc>G5WtR<
z#rd$aMbvWjb=Pk45CKCE>lPy5*5Kh}@S~<mX{hl=TpC)b8d@n0MYR0m8aCj^PvF}K
zNAUd}4KA?rG5RL^+}uXK$v%^_(l2JEpU+CG{sUU_FWE=gS1JvC;dObF%uvC2s4U?%
zFLUFao*O-`1FoF%cjw~F#kHviIySJ*#5Eem2;-CZ;~0tXFgL=F)V>UJtY^UTwzRjd
zt4sE|z70R1cWp*--T!Vn*=JfCe91n8+S(`RlTV6{*Z<r9U>q9%{?)(nv**set-o*9
zY~Rh(XU_3Woj-NP%&9+|Io)^T?76<+%`@itX3q)Em_5sP+w|Z-4zcb0t7!<Nb2IN#
znKh}Ke{rqNsGoVC0;i#V*S~N^ecrpWfR|*Yvy;(``n<<HsLj9HHmTOcQoug!)O8^{
z_16mVfB$ak4`<H}PM>xPRaZ58*1XwJ?TlG-Lcz0Uhl05Hpy9dGr_Go<{RV&y^pWGs
zL$iEm+&c9~(|xmNPP<|DtQ%+CbcQcD+ZUQMZEA43PvwN>PNiMICi=|NN-i07MPHxR
zr{BCj^MInH&pf2A?lbRNpVqn0yv`b~)8}ckwX-hJ&YGp2b(?n9ty;g%{d|{CpBJ1u
zH|U@oIB;O+en4_VXZ-n4kGBe`TyD5|_KX{*Ygd;I=rc{bb{Og1p!xcMYp~!{(fUm5
ztoei=T)+pw0b0g(4LmWRo$UObQXJ4S{|b@r*AG1P>*uSQI_r#}@5ULkrun8#zj114
zW{N?l&AwCn%scfIf_B!V!l=1((Oag4=FXUPlW)P?89`oW--!M*-8XgNgt6nZW!706
zsHB*tdFAYo@8+rVr=uqZ+1JuFrcYBS6g{#xZszo<^QQaeLQC^z-<qipFi|pn;7tR4
zr?%DJslM5Bg;AA%>-1S6MV<u?u#?djD(KfwgHng3SrA1-9x$C-XUv<2#!>0Ms|U<p
zGyp1AHDO?^bII&1nW=j7=1jj~#*H(kLphrEquv2+dat&BKW-;48|MGdw2?)>Jszh4
z=34w+oB`Vx_eW1|+m;lcUm#zbrQNFCrYRYnmD0MCgmtOA>~dP`cl{fIr8>8k3s2?O
z`e>*9%g+T`g?7Gnu6CX_Oe@z0Yo%I0?JVsa+?8m3wX^X#6ZgChcJSrEi?zj9kd;oA
zD%`_?eF$(5)%pYP>4Iwz=0gLuGuo+lvev7e+|#r&?Syvob>!x?Taw};b?ue`b!x`_
zX<BEbx}<YXN#C8O9fy0L)=BG)>xp=9i@17f-SO>_dxiTXx$lVYLam2(yrlA-@~&Dj
z?ux!kRVYi13;*iM@rJYMe^vgU<P*0We_S-<;#Ue6Pa-gU?1Vq|$y7eC`S`=mjr?Kn
z3DWyt|7F(4wqYB5|4#ky1BN_cBQ;GMb8@-ICOWjLL3<i>s6odXbgw~|n&|EXTvPOM
z<Ws}>P3TpFt!f(1J;OdU&4<5J@OLWyPQzac-k)(#`hD=n>;L@yj|^x7-{-%4^vEt+
zSA2V6=luTff4*N_1z7*;hQI7jcgg9F-q!;?uP1sP?~g~X>kg0K9bWe&d>5mqos27?
z^QFf3g{!ybL$B@qJ$&+k<NL#PD*VW4`19j0_02ne`Z(8A`n#|B0{wmAIvpeU84?@x
zLuAkwV>(Cjv+ya!7|m<j&)H7;oUHso(Bt=q>+9tA_sQ43N`7CTeC=RzFruG>$%Dyr
z<(qf^y-&V&Ao+cL@)3;<m6(jz|Ll{m?N5GRpM33$<oET-*FI0S{~0DF!w~WQd!Nsf
z`Pyg6_CLd<<X_`qT%Gy(47m0s+y4xcl1ymcSETC?Pv0q+eZZASw*MI>C9Sy5&#K#6
zqV5vFwKv)RXPA^^*GQ!=I0o}x;IfnLe}+j(s_rl?a7^viGTzz1WhLAH43m;f_z@Y{
zDl_gCj0If(NVfkOCMCnPDyP=SV`^v8A#}d>X|ny#FezyZ-!?U>4faog>yu>rpJ7tc
zw)U~9>NLJjfa~LA`=4P_GE5uoK#xh+Iu;{yJ_fEm$@V|Pq@=ap53+Dwm`-0LcYA>A
zqh$M^VN%kHtNpvNX^bBM*TwjJnB@0=`pMUJCoj=1#rJ>y$=Akde^35BIS$wV^pme$
zhR@~r`yk0X_079uQ>om4b<Nk_PkvvYeC=<^@9UGVjmKw#eDm%<`Q&TwCBLsvzV>eN
z`}*W-JCpzFGx0mh+N+bVy_5XDKKa`J*WTB_S5cjLpAb+>P-6Y8f{uy=6=Hx8a0I;p
z0s%r2LQqt6a!GFBN^<Wd_XdbXja4i4GvXIow5gx8RZIQYx~*>0R$F&#TXfysc3*${
zrd_-3+jV!@eRa2em)+U_^PF>L=G-$0Y0Gwhzuk9Ep4>D4=Q;oLIcLtyz4Odv2!HO=
z|KBx~i9hqhaJjJ;;$w@IiFf@Y70Se)`bR31iFbTEtQS`x5Kf<C3-4h5dfT^yOilRM
zc*yE)a2@cER45Za^nd7I$^R+#yM!|F1K$p^W`sxUc-5#a_XE`N`@S6{1L0AwXncdk
z`+ab|<sX@FHLhX4$Lss=`QO9(p8o&#p-lXVf26{ZUEd$cYlZLnM=F$w@A&b-Wlj7l
zA`bly#>5+bd~jJ4mr7#S1gjFc{|2~T_v3@hnvuD@BCglL^=&^sxU7liY7@yKCbBLQ
z-}2*w%bF<H#-jA?#{Rd!^-VuMxU6wS2d79G>7qI4_&32d<i`h>HQF-z*%`yT3D#xe
z8-9FnSrg?LJ^l@F{gEFZT-J=9UTQaUIsXV;ule!8WsS|1j;SG8y#}sV{rKRr#^#d9
zwHD*6;QG2BA6(Xq#1+N2Fz?sF^)){}xU7k$G2>lDCHoq<{?LyPE^Ey6;a+zU6Iqvu
zSN!<kvL;L&7t2H#Ujf%w{rKRrCXOK+VF>kK1=k<=@xf(HXggXg2lhVz*UNr<a9J}N
z1L?K~WqcW2FZuDoWsS|%6QnkEFM*4$&R#r1*J&^Cb=nL5?;hwn?JNFQj?i`5e*Z{?
z@S5+-e9b5S>#I6*PopD!mWk*6BNfWTbN+LFEB~k1?-I(yv;L6^W#UWzkqYv9=!-|_
zdgu%OkqTvEpKpgeuWSjAu6IX|@5Ax<jBf{-ity3XN43v@>uLW;g);G!ZwHwl;nAE&
zk3WTSJ?Yy)rXqaw^il1T;CjM8QlU&d?#Bn0HRjwY_X@Ey>*FZb=l%HLvc~4>jb$S1
zGBN1K2bVQA7a`kX_y)oCIX^zQtch}Mk6{S)p99xpetd9Qvjabx3GGLVJqE5v{rKRr
zCQN<ZVK^TJ*Iqw9xU3<rPacLv=C>DIpY`K|%Nl97Gs1Q~;x|P0r3G1+iAVhS;Ic+r
z#(mysFg^mVhyD2AvL=or9(x#Ed;Iv|vL-%V9J&Ww5Bc%IWldZv!upN+5%LhY9`xgb
z%bJn6O#CKrJqWG`{P^Iq#!N$dpR!6MZ5{yE{eFCKSz~h%a&rvd{ouOKj}I<uOs-pE
zIJCum;M(oS2bVS4a`ewzk;iUu-Rs8(mo*{Br$;FhS=|e+0Y5&ttO>c|W48r441nt%
zKR&puu^Dy+sZHHI;JVw74=!s=`?$T&DDJz#b(e1kd9ETnde#~}eiyjz^y7oeny@6d
zk5D&laVNO$@Z*Ea8fkgQVR*>u4shM>#|M`+I#-nPFnqUz>ob0Qa9I;_>DXN(aDE0{
zyZrdzvW6J$9wD`6zlZg^z;&A+A6(XG`_VrKz;+wBKJCW`mo+1C+-sHf)8M+*j}I<u
z;<$EOJY;n%xNh;|gUgy?uKQwn$m$kw-3-TaaRD<P@F>^)Bl3{d&EWc!A0IFqLlbg6
zFe(#Smx-JF_~5c8<T_mJCUEup@d4*8XyO?jj45M3xNh|0gUcGp^-xUO;#_V7*A0Gr
zzzPJK;uPWjo+ADmz;(SJA6(XiY3<m<2HW-E+Uds!mo*{7BSy*)*Rh@8`lKHpu!e(1
zTZW&X9f9+c;JVI_4=!sY$KDarhdGdSndtN5gUcFe{pc9D`oOirj}I<uqB%$7k6G+H
zz_s0v4=!t>=|_rxj(N9(YnvY*aCHF<u0E_1#B*)~SFax*T-Jo?K7Sa_UT_us_~5c8
z<T7KATg(M;<^A~Jvc_b1!eR*Zd2sdk@xf(HXj>e6vWT|_TwDG4fO~<^6f+d>KNT=;
z1y|0G4=!tp)6)LaLHejR2d=CiA6(XG>t|xqYb||d!IkmjgUg!Gdf#E#GT`d=<AckZ
zkgGWMg(B{5aCQ0d!DUS`!^rzx;M(HH2bVP?rTt=2smQuaT<gaNmo*{Rm#oyGj$+q>
zEA7Vzmo=t+bnn?B?libI`|-hLO*C~h{#+3gS(k}Tetd9Q6HPx-{CVcx1g=g$KDewI
zDZPz%f-B|62bVQ=8WZ_)P}dZ=I{f&6Z{?sdQ^xP@XTA<_wfphGWlfm+D?tfDEE;PE
z*G4}+xU7j<yW)jW_%?zo>Bk3`HLiGZl=RV@lHh9d<AckZsC6{{l9fXnxI8~TxU7k$
zA3g4Y>l!~kxU3mHz0|(UWxNJlSNrk7WzAT)q|Mdf+Th0rmo+1E{XtQSZ2;F*etd9Q
zV{?7Ah(lXk1+FXo_~5ceTaNbm3bS7ct}Fcb;Id{k4ypS?Rn9BGwcd{pE^7|Yr7hNj
z>vBInxUA8Z;pf*zXs^q`b(tR@T-Jmfqs6`s{>#9%&W{f+Yer&t)hgXOaJBmJ!DY=z
zT(4PNt>9Yg#|M`+_$J><70<sGTrGZla9I<dE)H!0*BU=QxU30Ned93YTLZ3UKR&pu
z3AqjzYX(=7A0J%S9F8H>H-W3sj}I<uLfgZ|8o{;Nj}I<u4#z<HA#Tal;A-&WgUgz+
za7mj6aINy=gUgz+bFBi`N<Tihtcm0LX6)!#39c1>d~jJ4$7N#QQp_vBRqw|Kmo;X(
z(e~=WwcL*n_*FVIqop==%fYqGj}I<ur2V&JTgc>E2Ch0kKDewg?MK_I1J_bNKDewI
zEp@1S9pzpMt|fkaz>^Blg!cHI+Nd>M0<Oh=d~jJ4<<jx*#BweMSFIl(T-NCHBY%EZ
zG1r1C;l~F&9Rf|r@n&pkLVW^Um-_L+Wld=N$A{s%6kM11@xf(H$Tf28PdJxLz_rMa
z4=!s$hVLDwT#LZ9(2oyzRtTDq>u|A!;JVn44=!tLhPOs2-^Ji^{SkuHjF8gK!v)tx
zetdwJ0%&5=jKF>oxEA>F!DY?ZxfXzHz8@c4*0|#PBb1{!m-*nT@#BNb8dv;aj9fL~
zn&-y{mo>$?kGww*T-APja9Lxf{oyEOtOnOyKR&puF}cFM0~YICaLw`KgUgyQ^~kZe
znRgDj@cxw8;Id|9hGNZZa8>#7!DUTxijnuLz;&S?A6(XiY2UG0DAZBxLU2|3@xf({
zX+PRt<>-E@E)XT9<0l+-^f4csSa#gxGo6{UDle>>T|IC9#fvUYEM8i-Y<W}Dl&Py%
zuXa{XnKEVS+2^fknKNgBd&$ZrE1MkJ)~s=+SDZ0pQu*;GoOsg7r=0qU(@uA$ojbRF
z#j1}3IK{bW#i|L%OrBNKIBWjG#f{FYl3DX>7dM`@W=%_rbIzJItJgH(Z%so(!<3d|
zkw-&AQ&W?(#&M2oZg%JoSv0pGf}AKj2BxJl9U?_udBn8d4BV`wGpP>I>aDI_(YU&<
zaUDhFM_uDm6<gc1u4PFbG)wB6R&WHmAikt&HSAhR-PE{j#d5_E?9|saGy|iL*1Gj%
zw_+Lofr3Am)-@xFhoQWdx;5)owA4|wskwDUQ)6udqRlN$tD7km8nkv@1I1cfR;+EU
zZKV<cjP5ROYHFyfZB&YIZ!MBEQpr|uLF?<*BYt^P%To2>ty$N^eCrxf2+p^ziA&i;
zWmwYCw6@M`u5GC!>LwI8+#zIbT|?axDp^Zy<8mriQw#ppHWIz&Yiw#2(~|A&sa!#@
zn<=reE8D&W{%yLuvl&nCkV`2ql_~V}dF%j6`M<$VcR_^ii42nn%x2Pajwjudd0pvz
zL9<9mD0flvLsBUWI~_VIx!ALm$rXjPu`GYOQ=~hY10S3opHfAI<O-<#XrC=P5>!uF
z=d-;%aA+kzBoj3h8ipGTpAsb3Y>2^AmY}HUNaaw2ysWg^5xJghcTOgtil}`-Rn2sH
z*&Z*ImF3=%>k%pXm+$M|nC%+fL&ZNIQ!D-zQu47{F$r=C<P69R$ZUuUSq5o_Tmk8X
zbVGJPu7}(Txd-wH<SEGWkXInzhP(rL5AsXM|AqV-;zN#_SSwC|Oof~SIS(=)vJ|oc
z(gL{>;z3f7Zb%;TNytr*+aUKto`Jjw`4h-rLjDdyuNEDL7miMboCcW=xd^fx(h9j8
zat)*tLa!t(KyHNWg6xJo3V9MjFD-oq@&@Dp<j){Kh5QmiuQe^fTh1mxCPPkvOo7C0
zc%>mcXN3MSs>OQtkCBFdj2f{K-jz;+1F6&T6hC>%=!KsQS9zj18@~~~5>NSGg<l8V
zBCdr$iO<6O(%hm<<nQ9L!7t=q2x3<SvFLB-@&>wF>_aZ(59bDWG<*zCqJ6XYY;pbt
z7tB=KEZ*q!Fo(9e;Z{AbX8!yIv|U7->t4KY(V|PRU7Dy}ym$$1bS9}^v2x|gRjXDt
zG^}3T*x1<A)ZDyAZY?cE^$K>!iE$+*C8ZGh#8x`46d1PB@d%}*<HwJmFm4=R27!zl
zFUFOs{Zg$cC1f1gz=9~TQ&NHm7{)<4k}ntXm&Klx$cd8p*wq_K$De%M$&)XbH{s$*
zO-qkjS>AN)@nx5<hmPDIZ`zE1Z6};malV@n4M$&!bKr@hV?IE+trH0A*1-wUDdH34
zR%+e43uji&LZs%r84EADXwiZ-&7yAk;$^k%sm_hb)lgh>4gXP0G|t7IxZ=vI>c!et
zAg5o3F>}_L4pd_HoEGowbEcdzO;lBrlOnY(#xwEL;1!I#ek_N_k57u7@cc1TtQ4!n
z4)KVnXa65{Vi|sqc^$lf+zF2$H{us}IsC?LwzyU76}O4U#OK6P@p<?%AiJmd|03}W
z#?B@1P*y4~g$Jq$@IG}kJWhQK-loX+40#nHUp9A$Jz%{7-v~^G=NC#p8y--mi<|H*
z;zNwR=J&vlz-#^lkz$5U#c+?P1;ZxsFmv4}?iUYm`s>BB;?v?Tu}geL+|CTeDeo1#
zIVJJkEi~Vk!~mmI1`;Yyhj<WeuvK(H3SxzLlu>G%WugJkKG2ip&3IzFg`acYEVkfV
z?L7K01KVwQ?)GwS#|`3Y^neHdhiziJcw9Uoo)ljYUlh-Y=kYApm&JbZ6?~)dl6V<j
z*xKQ%ExJ|BE_KFFIOFK$^%JL*AAi<yGp0<PUQxH~?8~RDT;;4jujx~3Zn@RDtzvq`
z9n&kEdj=d);sndJDN~P|JjFTtoTtyk3hcZoQycEQ0b?OzaJ6&XWM|6MROconex&)>
zmbI;CA~(6%^V*J^JmDyZ)_u;D<0el>9%ni=&T$tlxY(WKoavMwUlA<m<}YwuXTc<Q
z+PUS&)2eR4DK0I=!tJD*v!b<%#OX-=AH0=dno<ou>Dc2Y%jT1-<SA3nIMX@n>~p4_
zJH2AYd66cIMj!R7Fk?^0F;I!mO89M{|Nr3s8+_(O=k>A0r{l<+44#kUJaP%23CQ!#
zczEKt9mmoj=75YiglAU{8Qg!zdt|u`$HfZah>uW)sL0YygZ5G1W8OBD_gYnISvK+)
zG@W(DWz89AZ?N}~e-`F|n=u1#=l{D9dl<*-XR${)J?h_#*j^m9nlZ((k9?Z32>U$#
zKd!V-!1hVZUedN*ebV03D!wq2&7>|73k%sTsmvv`vcgIb|9R1ePqp9_wPz*7a>zW$
zYRFm@r~Rm0f&Ggi@SAyVhwG4|R23DXH-jY_`($-0&dpai+tYByn}LlZ7n%$LKoL4q
zJy<D9KbwWkN%(F>0)b_>^xLWYkTSRd?xiZvhqF{<B?LUcl9$qszD%+^-R^X!y0blf
z@DA%-M{8@Zy(a~CuinO9%7F%8XR?s&ayq+GJDhxbGLuR5z_^g=$pGbxty#0+M>yHe
z{(?KRxbR}1ps3sSWKRZeLtUpE&Q#O0x^Ow><O}33HO~%D^S!wo`>BOPRbgasZ4&F@
z4xwifRR+$@nH4Dpxw4fdb+X%1J)K?I?PDn~dX1Vur6ljB$jm4}t~bAV*2ZM}mXMb(
zY^a?K!%lckMq+F|l?ie8tb`bvnGi=KzIS#)JPY|&70zRG65<`m&mr@$zXEbKWGm!W
z$itA6k>)vk9)ivBa}#1Z<YLI@u)hmD%c>LNv*0IrLCH+u;~=L%z732df%u={lghCj
zpML?)4ANc+>44k-{fppy0CE=cyaS&<p?p;uomSVS8D)4L^2d<LNWTv0Z$i4)ATuDp
zhMayO#yn&LWEyNp+JWB)PLjinIT}}y5qH=zD((9UsXPYg#$<=?$zTv02Ds$uX)pAo
zQaAuEB%i_Zz(bz!_nXBvl{|>Zz3)T;kI20}`7~Ve5(oPdz7&I#yx`&}Om^Yu=;%`;
zumc*&!d`=w5ioY1tlhp=7P@nos&K)U_oT*g7daayijRR%e()-CqH+_9A=cj2+mX6Z
z8dq+1ooO>7sn44@(cE_fzrvhVQSR;C7@a>|oDiR1BITbDZ%4d2BBURSP@1vWjnzh%
z;Wx3DE#98Z^*M#U9J&SGg%foNF`y)e&weF@bwD;}x05UDP7DH_2z@8S#w<KzqnqV5
zG4(LU6g*<HAM}duic5K)_Syl0p(0c9+okK{bcy<eczZ=cJOQ~0l2StWxrh(0Oo(47
z`D=V0P(t_%kX%DT?1wn3QD4YB#7PMMH01au_$6*khz}vZgbXV=2KWrIus5?Mlii-t
zO>hZT{#OYH>r`jwPDeP?r<1S4MdGYQ!nwu~3+0*Z6139*($8s5i0dKGL*9Y>JLJ?g
z3DF4oCG^AiJiA58arhKU2>&ODWYb3n+8Q3aol7r8KRE1#o?V7JjxHl^Y~;|laAEE^
zs+%Z^(+6&e6jBtY)6k|=k0jVZAM)%%v2$d0&bDM%FB@y0-oi<DqOOj-apDMZQCmX%
z8|2JnLexUqA-6&%s&hQCsk<%kYp(9pAV%kZM_g9dvKF`VL~Cu!@;clXYgtk+P$`_r
zxv7OLksfG57hkBd<Ic_wv~O=`Lfi(q3vwUiVaQDox?$tBC%f7`t_M~NH0KEM;1;|p
z0`han(On5K6|x0F_)8Eq2b`Oy89~h>=XSt{?Zk7O+TKF88;b<ccJ(=%QaGWbJv$tB
z9xiQNrz1;~BRs?xCZ2-~FFb#ubN+}aH)Br3s(|J{Bc*fxg%fpu2eX+jTcl*0F(p^R
z={!DodR|0h;~aVamX1leL|W8mfU{}Yv<MD0Lp%7)+#oib+b%GVquA$ALX>`@EIoFp
zK)CLVB&piLc~LHKiBDeG^Qi*z;oHZYv3NI|5IcLMOu^^hZ%v3d@OgG$LNqB!;`7fT
zb09ZdhxrCV`mspUZ(utXzTYPQu<mk<^pd-G?b1Du`48<uOCQ;wdVPn3v5)L9FDBt2
zep3bwhy^STP+FM=b1KG<I^`;e$Ff}DrZd<{%lVdiLK$jU9z8OD8u!gRF+bjbu@8Ad
zNi#lcZ%T-ZAld%0$>iU_b}XE~P5w>UT>dPlUY?oSH>a@H<fHr4n-ii<Nh>}RN(irl
zpcBO9a%Fv%vy6KtT(roEDwS#Pqbm#1lgw;NVd=rIGZ6Vy7p^VPjAGyxtWP12L-s+Q
zhr9&&8stHU?1o_dF8D-?6*FId;KdR0s}-D2v)vM-QzNcFCaU|-^l}MlGZFWjGlk?1
zd8sfH(|d4*BW5}>PGd;WI|&S1DrYq9#aMmiv(C13PoWo=9_qR!wPSO#mrmKL%;`=&
zh*YihuKao+*`@b`bBe61o|v^-o*rn-sUfM}f#6gGmwXkxO5nGpRLHYU1x`SiOX*g=
z<_WAdpihI6mODtRWd8(ve5IuKaGuanoH}$Ab@YlVLK*V<Q`^vaN+K8$8jJvu9-+FW
zJ0rEAJ}A-?oncX=w^~9qpgM8t0uYUk>-S4=+fx3)TWBhb(r9}wrQVTWqj1&qtU=uB
z1vc^hC+iUAQdB2RjeMfT>`86y#T!$CHdKoOZLQY`*^EZ$TN@k^$(}sUju;uyt4X}~
zHn=(tJ17`FeC1D9O>!JkKMXyP5MPG84LJew?c3vJC3G_(&)<*r10>GwV&MOHALda=
z8gc>T?{<S9vK2BH^8I@g;u^?555V^Bgm?^}#FbN@#k^+#AHD~33M2{nSESK4UqbvJ
z9+LZSsZXt=&onT~<K;clX1Dr`+I$+=a!B2SxCT-6KmCz}D1}7rh91T`72-k&FIS%w
z_mIyz$f`&gmLfhM;y`?G{}}Q;$g_|;ASuX|kUdDxhbyfV)KH^-QS%HBT6I{d^IXNb
z6}a`0$1MuH5XPZXDy|}>4(WI<-JHzh)iGH*iQ-zO(y5ShK!uadU~wkDQgxC&n|d)2
z3wSFNZd#~ImL$%|deY*=RF>lWaSN$8pUPuVLo@$OTqpCZe`uYfc`)s28k9+Ak5ss-
z?sH-Yds4VD#4iTYU$Lt?@fiU3LFk-AZ6vGEg?lpUf(jEC&GMMaREj*8nZI(C3w7CC
z{6?Il9{O@Zk@~!Yt8=>Vg~nlebqgtM-tc%){X(mk9>*l%b)LTYq%KTives)?T|Y3=
zFA9QVle%o8SlzUAT?4+^m#_R;!gH^BWe`>Gzhp}!N`ib3)s=`uZ3*5@7h=vb>@N=Y
z17j6g2wgp7J){GYgY1Od3E2Y~gggrwg1iTLA94_K2r_<2i71CmflPzUgj7QkkOs(l
zNCzYb*$LSN*#p@Jc?I%1<SodLAj6OkARj`+(h@NVaw=pRqzbYSQV(f`v_ZNcJ0Q0}
z1|WMO`yl%vuR>^h6QA!w-iLe$8ISg%tz3Ol{C{%&PZOSpJFS^4zPq{*@l7eZcZMG)
zV4IEo?qoVc@y`gaosIwx@t+8<lkTL|R11+P@zUM7-ky|~EA&8j%sBcHLxEJ{nQ_TN
zHZ8=9<LK%$+YU(l?YQ>7P21BMk1mPnt}-xxTt`<IZbcWWJa1X^?Af_gkB1|>J(bUk
z^Gb1vfzs5JcD8qA^C{w3Qrg+sg<G~1UtZdYBIiYYDP54F8rZHb?abl6bD<OQYY^`(
zv<r_v^CDSFw}phbv9yz3;>COerJzV<wo%$=DV|H?>RE_?DNW~-g+d?2myhob>ac!1
zmZR-C#;>G!H*QD6W?+0Sn@{iXdQzLP{>h2m;eKjIs$JX{?sFj?8Xpu>{CqqYQ~V$P
z+?=Gg{D9(^H9s1US+*nFP38EP@pMm8h(q+L8g<eHOp?iNuFFFc@&W1I3Hc!56BBTC
zg>MUp<4KNhrYyu$97kcXJ;QNXuYDZP=cx0)K=F=Vw)rx}(a>c70>v|u^s5xlZS2_s
z{0}MK)6N;ZPVs{L1<KDS6w*}6laJaKbkNkJw&gRb#N#64YMe0JGP2KY8QJHyMA~57
zHI*z+6;@|Edb?8fXt=IaEeb_*<bOkvN7L*|96_ibDq18bqRy-8S{myb=FX8u)N}uT
z`|s8Q<5h)9go7Wn#MkbWsEw#Bq;~Lh0F)AxmSFVYmmJZp5-)>HDqtLGW0)&9VwzSP
zm7=snmqnv^D<e(L*gYHa@A!4mrV?6eR`MAkw8Dy1?QmWK=ZFqE6%n6ANKI!J2cm2+
zy`(WSH3Ol#$CVH&Q41M@unj&1e%FCj0O}(V{LU^zC7c1_THq6B5=a}Ggj<!7Yw>>o
z1|bi%VeaTC(huZRNXT<L_Vxt`e=&qTdO4fQU7cpDj@5bT-jVg9R{iE=A^wq41)JSF
zO@U5Fbnlb{;PRAEIn1rHC+ueG|I(6vd@M1HbPrySW|uw4Um#Z&k{gX~d;qBqK*G9z
z5qrZ1@^$PTG>|v2ho*?6dK&=sPRR2&K!#8*E}`)H`aGOcMgN2-lEH}X|5y}BXVQfn
zc+_a=>&q9id6B4(*c9m8nP|`m6@}V)aJ5E|S8h|bkfk9L<lZwIHf;tn2gq=MU`HGx
z8+1yL3eAP9LUd|?@V&sHH5#E*N1?ofEgGTR@qN1(UaJwZIRQ2fI+e!{;&Izl;0bNR
z1{FZs3}h~lW)voD=f#xDK$?LZG>|qR&hdJz67^OfZ3>~f32{A;Ap`jgki^GTnc3!H
zAoR+<@c4Qj$bJL)8X-pR-vKgUAP0a98p!_wav(swu4KO874ky?LfQWeHqMFB+&=`e
z-$3wlL2*zaNQ~`tAUT7l0!W*I%mY$&QnaQ^fixRPE0BHz*#e~e<Y;;Nfea}`=6)ZL
z{g}wZ7W*Rc7`cC!Z1BQEIk!-me*$FSv}med1F1SaiX0D)12dw?G$7^YN0IqJ5(ZKa
zq}f2$0ckUkb|5(e=>gJjAU6RSFp%9q1`XtMK=vERb3ld+<TW4%4CMPjh7II@18Ke>
zTCWd)R9&bMtR#E9Olo_1l}4xy4^b)uIR*#KfPs7*$N>X614!F!&BM&Nz!(Y;Vm==>
z&DGk5ka<7`4Wy2k4WtzaeoPn{2_BIB268Qsf%#FJPXfugQRH4ARToE*r-9&yo)PA+
z0U5$q!{Mm=KBc-eiu@SJFxrR`;{)5@Ai964w2{amLY75Sm0|uaUl~O{0ptK?<8bs|
zNC;-*F!!ZEnlaOcHdg>iV5SXix+s-_TnA(b^J-{wEAg~Oc^(BaU?4988B_=k8f@PI
zl31sC=nR9mYF9a!JHopE1#Fzlv<;>D8IU#u`4C9%s;JF`qhNzYM_8}ZfH>DgZ7Rve
zK$Zd-G>~Q>RYrL>0O?OfnX_br3Wa694#+@fG_MDM;ODno9$EJ<0%<moHz?KSsLe2t
za$E?8?fkbu61gZ+f)&%?)+llUkRby(8wh@C8)=RCK>7>ORI4bJLgW~`49IYAG*uEv
z+qP(`tw5T0M3L)(4BQ???gCQ2JBmC^$bC`dIUtUKd>hE1(aY}wIbe*RVIV_`qdflz
zWdD*VGT|8XjyiT^%bx}Wj|fCs^?b6a(TK-CA4qK-tknqY#Uj}BS4WXXAVV9XhzF$H
z7>5NQ0(Wl09=wYXgXeJ|j)A-gWN1z_)f+&{4djPF4j8lF&wvaYE%p(Rs##H<aahy!
zpBF_=1d=;Bip&5)ulx<mJQv8plcLC_K!y!uHIO0WJa`q5D&q{B1CldZ^?D%vYGlgZ
zxeLg_JED2*1%k&uBIS98QU&t{wBjp3_E$!2z6oR)7Y|`A-Ud>o&gL?&p8&}j$cI1<
zo)AqnVIsz%(S|1hIk+uqGYv?&aTLq}GF%?DsRc4*Ak9Dqj1ne+<hDms;a56h*g$Ru
zvfn^<14*dkRMzYBWMky@6(9o!@(mz41Ni|E$0*NV0Xb-#-+u|DYD%<(9|9TPq!E3!
z<uEhOUnMhc7Gfq%jlrg`w%UMDc}q)9#0(3X$fmEhhJf+BT9S~HQq)FWZS_M#%F>c!
zI>9KLK-uB$=SED{;xe9F=&j!Pi4FmxJ3w@qn-x-8g6=Nbbea26Qd#CA1MKQDQ-Nif
zZ5u)+m0|R9UQX;C23;O$L-ksZRA%*$RC#n>!@BOGGELX8)8<#<oQgl>tB`pOsJnqw
zV{u_3H63UiWuxwj*vvC6=6Z{{-eO*FF(0(bT(Fo2Eam}=xf)GtmKl%7VBUz-eg2ac
z^N__nWHG;GF_&A+`z+?yE#}uP<{w$ij%F^w5`jyP549b!(W1u2smOv`jPFoUONE;r
zEi-k0jcijrQ`dB4o0{>ueM-z3f^yWOw@TMtkJb4Hbt;X_o21L5k?Ki0ca7BS!(q$y
z3YZfX^N_{-UNKMgdnlXYku6qps>R%FG51@{doAX@7V~;*B(zz~35$7y#f*haQJMFI
zEvAm;oW(q7F~4dtziKhRZk4&;Vt&?Qe$!%p(_$XBm<KH84Hokbiy0^LqSiQMwZ@>u
zJi}tf7o{do^-_zu-eTTwF|W6n3l?+1Vm@dw4_VC37IT-yjBiBDTGYH}F(0s)_gc)a
zSj?|j%&%BIIBYTBX)*7!nD<%CJ1ype7V~=+^RF!CUs=pu*3pf}D~rw`yDa7>E#@aJ
zX1YIygme~G$6&d|yxC&D#bUn2VxD3#JDU0Ta0WSX3}=uTdW?;HcBr1AYdW$`&4;>o
zO0Xy`+H|W{{T}OHK8Cta8$;cvjiK)EkD=~~-(%e;jiK(&80zkfq3-XFq3+GP?s^R{
z{{!o2I!2dA+f*N;bJs}CUY%EPoVHoa?^?_Ui+QRKTE{8foit~FoW;D;V%}ph@3EL0
ztQnx+V*Z82Jl<-J@x^)7(D!;~nFlQ9_bq0+uu`eys;Qc$Py?yC#bO?`n1?OqL&ZGR
zhpg7vVKMKwn15w4pJ<htu4T<KziKfLS<J6n%)`Yz)x%bqr&-JgEan3i^9L652NrX^
z#XM{=zhW`JYcaoTG1H~7Y9Dn*J7_Wg$YTD`V*b!#ZnK!-kf7)+{FcT13yb*|7V|=j
zx!huY)nfjU#rz|Sd6LEKSj;;t=KC#XEM#=6sw<9!b#zy0=HJ8l{g^S#^HcP(GxE8+
zdWx>;$Tl@^>NYIFjg_KJpWhR@?s~?a-)6PyPMw#wsorU|>UgVFn=R)37V}#c^IH}(
zeRGC{k(FMX#XQYoPFTzdi+Q1L=iuCwvzS{g=A6ZxvzXtvnENf}mn`N37V`m%`9rHU
z1}x@VEapLrdC+3+u$Tue<}QnQm&LrxVy16-kucJO`z_`-E#~(v=Jze;Dm}u39vrfm
zKeU+3!`@Nn)AHiHYW7>q2Q20ei@Cp;r@G%NbGg+T!xnSSV!qR2zSCl!88Aa7K7oV&
zATy7CH&xo8cS@R($ElPw*nYeFW5)#PbtIT=u-HN-G!kUX&u_45y4kAfW~6{wn5t$d
z>_K&|Y_^yeTFmP$=JgiyofdPO#k|L2e#v5f$zt9Y^p0+goW*><#k}8Q-fuDQv6%ZU
z<^hZOS&R8ui+PvDJYX?bTg)_$0EYcl-E1-Etacu>m={>gtrl~u#k@0MhDuc7D3HwY
zM*-Q?!sY<y4x3;m3CdG)8EnuHk?l7*F3K^J;19=Fgg{00NPxqcqT^zzRrfZl?rmT(
z+PP-XsQU)gtDKqR>#lQ`HdI1lGq)pEQ)2B#d7LqnN80@7m*)nQr)mu4kv9MN<+%st
zNsOU9(&j(6JbG+2b9s<gFk{zSBeTOAnH}hDb7Vdnj7-hk7BZ_JhxUU9W|Wuu#cy!z
z1i4Sq>t~J3s}7mf*}S^AJT>KEnbq%v??Nj1E7Q*8mK2T7aNDdNbqIMn3!CA90Y6U&
z^U`<zbuEx*@phz+9d)jpb0RX}RxP1e(TpVPK97EHBW-BTF*n6iU8UQHuN{hPRQo(L
zO8e*@%>DlAUcF$nGOM~TIDFmbJ9_+-9BWn_d;bOX!Y@~fj+A)|bxrjMuU=SeQ+;Z&
z&Ad}}-F2$@hk`Lrc?@E1(RX|BB#U|kDaUsh=&a|_!$I^=(EW5KB80XtBh_G9jx~w=
z0EoV7lgM8J(RX_!^0z?lS0&`9W_sH3m`_`nmwJGxT(3?!uU{h-Z8UBrPuU~}cuyjy
z0okEO9hl{VRzj|yb(znDja~z&-0@J7ytBkL#cwa$>2ahWcY2(PsGOjLl<&ph*%Q=)
zkQG4Wy)T_tD-Z`oqa#k1upJ0(NT`q=APKd$kv4ZxDpWJ9=^h{t;((@OTJ;5DIioM0
zCgyTH%Z8^LB+oYpL0^T)kAV<th<wC0(efOPfv;DUl4puK6v8rB0@1(vkTwe}n|dH9
zPNWvCWCQa^YXIpt>fQsyK}N(XYnn%_+^Fddu+e7+*@N^5*r3rnyJ7Poc*48}fxK!U
z&jO(<MA^=sd`wT22R!;Qx<r7WDB`O~MO)ZAZveT)V15UPd0c!%se<0|)KhW&LA^M4
zRCO>Mb$A{yjYqY|2PLFjk3CL^y+&TA14$S*6+mc%8MUE$gs?fti*y&kX2{^F2hwct
ztTlKjRXY&<`vlqVSs>4ZBh#bjDCr5!=otGHY+g6=x?3^Jap<WBA?5E<94fPVlulo@
z$-JK6REfyweE~?9!Td*L6SlK_{8O|Ub$=H&`;1h74P+1r)u_YqPLKFi1^w>n$1MW{
z#^Udhs@32rnT(NXjOTJfj8>frM6Q~srnFT8F-J=SkX(?88v}MuPzz5zYMKZ}3-Mfm
zRQ)KAtOX&RK;AV<SRm$Lh9sL$0r^p2<EaN*_Xl~A&AqTm;1_-<k}C6~K=c)&ti=mJ
zXaf~&JoVtN{1p?`6eFA;iIw+B81eY|(WE((d<#6UgCorAEg*E&AJ*%~K!!OV&PzSu
z*=+RA&y4cGSo{kR{oN?agH-fL=|LmaQ5ZWrg4Uo^Cjik`wX&vDf#|zW61f0~*{UuO
z{aqy0ot{?4Y!mbsdD-FzlDRLaHE3IbRD(v#uLIH$l*f~guZpU`#`8M6vmGgJF4<yK
zFM14iz^GRTc=Q=x=CvKjlL0g3ek%~#!Z~vfkY5-!PXnnB5Kpag`;m3nUoR04G6~Nz
z-vy$7M<jFqQy}^qF|?0*l(;`=A1cRBVKW%yMaV%Q8w}(S@jw&ibv%CYI$)IN93TgR
zRJ69CN39(ruQ{+OH&QJIk~5CwH9(ezJmhg-&2<22gsX?3hl7@<zM!X&_ZxY&gGXN}
zAeDNod%&={9yZaHjC}MwXV}~U8#>-)e{o)TboxM$JGIy&uo(>M<+XRDHui4fIg|Q9
z_Qg}M$pt)=>O~+ljfSoI79;xTChcDVq4h{;^8t`w89e_F$Swmp`r|?r4CEvr`kP`|
zo^ybFVA#wCvfe=GDXumHX#}!As4123Dj+mkWKBJOTriz^6B?MQx^IC^!r-|Mi2jB}
zmghDg9fr+gKxhL99?W&@z@W|OoiD+LX07mOdJ9OifxHJ~$SCvQ0C~x<`Bxx!8pzQn
z$ehELKNARTAyNh8puv0zkXHg88Z9(5`;F1k0GlE3gza+;kTxK)4G|GtKu*M`9(8gl
zlL%)d=?*~*1PG<N38`ocOZcdTybMI&dq=CHg!GvI!GMQmi4Jfy2klJfWpaHm9N17E
zZ-8fKSX1e~K@0^paP7dp84d&prTSB(IvAuP<flN)^YZu;h0s@sa%`Li<V_>h3?Lm)
zhW%axgm%MLT|x*pBvj*YEs&w0UZlGk$gsh@1;~2_avhLz<Gg$;kb%JFKJ0myr!%YJ
zLt{xx>sorb2TpnHQzN?1PVvy-9dNbbWwQJx5T4pSemGQX=#gnJncu<=_27<!cF{|4
zG^BU>x)CGaa`FjdY0{1-sJ)(Swopg!V&Mm8r7L74hLb9<kVTR3G;I`Q0BXF9gjDUM
z^lUTKWCt6lx52;`UUT?SSsA70RuL;;l;*qOD~)#4z~WerylAi~&|WfD9)HxURf1je
z%q8SgoOmJ}uaqHgBXUkb1>mZiZwg6(9Y-rAk2P(GGX~q@a+-#qx3xEmC%1w&#1nr(
zoSGkPoxTo5<~ZlaF$s32d-#b`;U#nQqLv^fFD!yR>1Deso9u|RuWSb|gT8{dFmAxj
zaEQsfk+Sk@V9+=o`{brc4zD_*eVjs3gVeTkwl|NQxLsvN9q{}VxbxOj^njYmUAIa$
zXBVd<9hMQE$lEu2c$p8qPe!$BCQn{o%u&L*lK1QgPPLPz$xE6-*38|DIDigJ;pf+E
zG^!*$lTV&$n2rECK!P1OOpEMcvcho?DCP0PyYTU8G7%6k(T>R^PtuZ#w9$R|MaMn{
zYZl{{+128buL(SMDFXu>DzL!-B0rfj&UZs3$^%BCYA(dnrWkK>kn>|)aumUNiI9(V
z$$jd7R+B$u6_vb<@?pjv0s}KRV@zi-NaS09WMbvI&IDyza$A$^K?kZ_c+VrhKMGRE
zleX@qxrJ?0UFq(021C)qsy;tQq1R^N=_jlO?*^4Hlfc<f3=yB*$t`YZoZ4zx5+o04
zT~Y3uj$YhIlB`lo*KHmhRw><(65m9fW#Ejc%7W8Nc66XyrDIKMI6ektyU-qcMv_yI
zY`MURFS;3eTyDUrZ#tjenC?o$p-@19iE$HLC&Bx1h^c%O%G11bRRnK@(lc-+8jEpc
zhSrs!=<Mz4qB2yX^;t_tj3y&M7LdwA!x}@1W*p>?LB^F(&Xzs-9s;^cvI+gps_Z6s
zv-7m;IF+Hyg_i|vMXYE^oRG8urA@;TI%Pwi4<s9=k$ftN^^e?@XDn_v3{A|3)Eq$r
zd$QDYY<T2EQK@B=QJJ0(I_`FM!5F2M&C5-qbexWwht7-YxC<~k0&sSqeaS-g3R;Q_
z$A_aHhC6UHv=_W^Tm}H%$YmKt4hKGp;I9s6?V_RIhiZo9;g^0X0IkX6NVjD>Jep&o
zL0|GJLKRqcg58f)W$7GGjjo`n(NpxEFxihmAHok7BjoX3#)!f0V>!Ob`8F=L=^*RM
zX1CB%M^2HUgMN*$|1R^iASW_TpqiKC+Rc@u!XY46C6d^9eT8a8d80#?HW(ThRotGa
z2s{weS)F(3)F>@wOtMm(imV8^G+tplPDI>Ia-W{Zi|*?NloVV_c><RJP4N8Xjm((l
z6FDro9CCU=d+{DECn%zJNhx<D*|USOkW1$tuz?(Jii<E%TD42#S<YQScD$(4onxGK
zX$clN1gS8}m=12EpK)@Ojma74*+ef_rQ0|1@`g!WIe}xJZ{#aBn@KDXUPso;<x{=*
z=t<G-8PCh5(sLKocs)4Lz;&2}aaR#FQ4ClIk?)+j#Q@ELGDl@WQ>Fn>G2pt6Zgxs1
zX1I`SS=ZRQVl`fnxVCQH(k8sev7u>+*MN64;!cCImeZX~8M-c0N*o<@a|2A#3T{Nl
zdh{(Svci&@xxA&VO)VjHrW<J@j`Tu4@<r!a8EF@DNLA?KMWEyz*^!<+e&n)<r$U?=
zWWRc}qV=+LF+tY@)E!tbQiV+gj=faRwiIi+lh@*HgZbW#d93GC-5y@Yl22p3NU6w^
zpSPncQdw^1z@HoYZ_{S!h#97)E&0NhfFiB#@nErr@4r00)212*ea6n_ynt065b`+i
z`cgRHmlrvKOH_kd_c+~qRD0}rPd1NSM0)ssJ5nr8qPz%>Hbn69Pove~C_fi%P3BQw
z2gvN;jGxy3s>RgnADKh8nEKLBO{w(u%g|Qd{t7CDFVW=b7~LxGPm@Eyu!fWk7HH_S
zEY2X2-b!~Tu>#qc%*&4DjQN@!-48Fa)Tx*;H)SwY$U(st+UX&k9dO>jRjba+7{x*F
z$jMz_+~Fc3I2r>#kfSv%h821r{``0Wgsk{zGMYf${qwvf#(~A9)h-b|?pY&QP(nF=
zR9Cd?k;jvFczK{_MpbK+31yMvy}fwEsIM(`yU6=8xM8e3X9hjTw<y69Q*QN52<3s9
zMf&Ab>9jXaHPOuGuYPcH3p-tXY2smFi>psLAF-J(5so4Hrd1P4SDz>#oxfwcoNs=I
zrB=n3qd}dp<<Z68`p_2;G)0)BjZPVIC56Gt7Y{N?aFWO9rO63zj+H0NpnKG$!P(iZ
z5qqecGc2dnZYSm8hmzn#B1@pWi-vO^AHC5jPj)k{e)Jq3PJhAK0c}cm%`_?d@6<ce
zXKC1i<P|gA<2xa;ER+R#P*qCxT}5yNpb^!vt{3%maI2Q#TcLVae(#}aiu|r(P|>Nw
zI2uMdeW(nA;Y%xLxhj#Gpr_=aE<qKSLqX0o(Yc52i@?`wXIFAlo~AuLKghmUyz*|L
z>@k?~1vuSB*Hcdl>l|EB$zk4=-na#BWm8>q=Xgnga>@%kDw@00*`?x^3_O&o)}tbY
zlN=p7<QsLgIZK}oj3VJw7CA)a&0DbW>0kNR)%Ak2a9kj%*#(yu{B?&{TrMgJ&Hb{m
Rw7*w%Hp9|OYt)y#{{i>HgmVA@

diff --git a/config/scripts/config/mconf.exe b/config/scripts/config/mconf.exe
deleted file mode 100755
index cb7ff192a8c975b01fa24084c87a38196aab270e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 138973
zcmeFa4Rlo1x&J?t3@}3Q1PwK6)Ul45Xsn4wFOi_(ovWzSSFBj|S}UzoxjIqQfW$MS
zoF0Sps(rIoBW<-Wx7w?v15^kE6VTd5d_%dd)M|UCqb)_n2%7vq-@VV|1+f2nfB&`q
zYyH>yvov$g-p_vC_OqY;>}T(D&e>mB7AcNIA~F8&>x)FP{OVt$`TNiRET($@BUbGn
zd1}AskIY7AK7Zr|bH8$9V*U-+UvtBiUrStd<#pFxpGy4O)rlLLu1kF7y2O-o&rf{q
z`Y&DmxzVFXCPUP-rbZ$&qr)QSxXY(Rz88)BU|1xwEi$5bRJ3SZ<b8mC!2cD|NTifs
z^FP<(PS-`2Z<UCD^KY9i9DY)fkt-5OSXebs8~%kq_NKciQa0LN{=fP6bE&Hrq#)S%
z9)HA;WbGG%YyKrr#pk|sW$H?<YgAW?q{I2`;r~JZ8Y7YR&)r}Fw=Jb20o*cvdj|n=
z*~ovN`?ni!RB8Jmz&yeK`}nt5_`YKC8Qq|x$o>E>9SYwF9HsyNzyA+w;6m?h_no-=
z*7ml@6B8qu_EhvYuPy9#el@lC==SY>eP8ybnw!yQ;3RbO+Shu!V##GkH%5Z!JCVqy
zj%7pt)wVBB{9;n1V_EA{$4D*iI~86kS>~UjQg2SObamnv6C+-8vK%zB`{1;9BM~q5
zWSan1%E~|X8{FFV_kIdMf?HGJ*SWzM0ZxnC`<UxD#yi7WAS0NlfZl;AZ+JgUqyXZV
zxs6?u%mDM@!Z7KJF*tEIR1D_VA1hWen^WhvPDv*HvimE<@swnVKP8#qH}0Pq%Zgsr
zM($$%q?kW4y3vazgUcbFY4_GIazX|&Y8sst^SVW&HFZoR$oKa3Sqk}wTW^wn`stl4
zdV>jNCBLB&GfW_|$n@mVYXRQ_1Nhp(cRsyYyLJ3w5@F#4Z>Jx7Pzn!Q{+yPD5|o|{
z9vmo`tov5(ZR6%=!me~T#4qjecDDZdSeS`i=sk1sMG%?eU68Ey%96nYcN!K;eC|<&
zS1k$R*>#OZXR%-u_5Kv<=2vERdfS_vTr*z8KQ*({Nnfk0X(d?Q-_>aCi!@sOhFUf!
zg(>)LMgSFlqx4>4uDFR~M+HK`PYp;ZI8JlNjd0SBgOjE!-xHdd$yl%}O~E|+X<Dfy
zT>Y4-UsW`b`U|Lkoq90W_W848ExQ{#Cq<m}Wqo~ptt%w2H|N(i{-v?$Va@&RwVU0(
z5zhD5XS$pIl<9Mpo&+fLvN7Sq9D+k&C@Vwbt}_1_)frl<yAE0|#YN{jOFmM^f!(V}
z2E&&a@KTgmS?KhV?3fTGY{sRHc5ymc>iUT!ITAufEt5<9##pAkX;}6U+ajJls?d~X
z9?f!1uxY!fvUV#r+SxQJKMQ+NN2E@27sZD+y`SFNbR~3FpQy&D_{nJSv<nTRymFCT
z^e7zAqUpEkt*J4<4yf^7AWc6v*1^i@5_^2eL~t{8?uI#+e)00lI;dEAx+>H+f1@J*
zP|Jc?_kj~5PG$-!$<61FT2C&tt}pOlEUZp^?EDdI4OZ+}!3-uD8${CfWb0b>r~6I=
z##OhL;Typ*)p(sqT8)U~C{7CZs-H(9>2@c5hm3PkiT}k?x;edsyWqs#u-1?aK12=b
zU4MG=u~H{f1+wv{Y{!2(=~wCbzF`rD++zv<^0L%^?(QNd{V=6&bFwn(q}z+_Wl`!@
z=*Mtf=ObwFeu#Re1i@4&zgXq-RNm3{1jwtlw9bxsTR!Yw*K@>?9XqEV9d|MtA-#5v
zG*yRv$RL`NrE3!sjse4s87m;WOvsJ^S?)Lu5KH-L72Zl==al48XS=(jsZz0fUwiMy
z<j&Y}ODL7NOV(SBybm#F4Ta$QifGEDpWD^fXL(so_38pIb)j(@&aK~vsYb5ip?HR)
zR$4PK-39StC!>%B)Yplt6czH9IO}TsbPayG&Zn2$4GkTctxh_J6a}6CUJ^-u4Bfpg
zUhH)_>18m(Kxwpn5j1^-8m-VxLZ1OW+9`qDE!-O}pEhcnmy9<W!FH(0PE0!KkCyuV
zFUF%AGh0(fEZ1FOe)F~jKmG(64$W+Bde5L?lqCmqUDYkVO(QXH8LDju9b_u}>r26z
z?Dwzo2IGDveW&)TzqZ6lZ$&8v``eh4dSh3+>5a?|DzK@FD00P-;|}CFxZT~>>9(hg
z0Bs0B`CXFtXbFRg9<=6FVmP&Sf{hq~0rdsCtEaC|R*;FxWz0-gWHveJCOIqE)d0C<
zz(l{H2AgO=W7BO<b1gW3Ry?!WNuN$LcbN256x{JK*C&|k+%c3F{42nR<|^bx8<K0k
zC4}Xngq0{ZcQ}7)+Yu;fJ;NZ&Z5O9@R2_i{=n}Tag6h-lc`y4N1(Mt!<#W*O_wf<w
z_SNFT$($nc$MXl_zAwJEeMmtm1%rprc-pJ!Ri<g`MSvdxn8BpZ*y*+(r_RW|g!G{;
z=63dDcvNUV0<C{oDK0~X{VTdvgV^-Y%7pG_CQH;qasQ%Z_NTPSY{u0;&V?{T?@3{q
z43;*71mD#OHGf(%!{ur&bEjG<_Q6;%N<#f{KqxajzDyyAjp_Uqc5{b-W$^f!3V`hC
z>=yXL)8w8M00XKpd&Ld^;8+cF;yxC%3DG5}VX!~G@ZyWS&TJpuM^I70NU34AEB6`g
zp>WSixD{_grUSz=v(OUVNgukeNE+m6l`(ea@H-fPrqAnX8rD{d2?AG=dDjcLP1xIb
zR@l{Evi#yyxr_zRKWz%(gcwUxR&Fjh3*+5=r=)h1<}O5|Zz92X1adc&bo9r&)u^G;
z>q1*eyj>z#b(`U~+`qX5(JK6Dadiu>il`&jIwx7qblK?bAoeQ{zAw{2ic=TTrXlHd
z1n=C=)$2h<Y752BfzSuD4+Rue>29d*kUFw26@&r9ea*rjFR14O+VqDZqVN_4dC%Lq
zdfRDefXQB*<lkO);l*B;;=5*z^y@{Ok%z3Ws~ax=V<f`RYK#y#gz=y^VLQ4cRMf!c
zM>Ah=^9Ox>!H)Nkr6=&^5l&EX=3OU!EFIm_XM?PxxDI}Eb{NC2QJA_qaWdSb(9&3S
zQEMvM2>tTbNjv!|wY^BtZUQ2D69bTriG7^3qBZe+Xu`zc9nO-~l(;=nrn8paeOx>D
zt>3Tvv8a=Igc}o}uM|ynrW$U(NDZCzaj3ehu>_dNs!INdm}1U4YiMU}(<BIEDB_xk
zqF4oTwe2hOXsGsG_-vq~8u*R#JF$R0Mza}C+6SS#dxUe>1{(DxA52f47|H%k{RRhD
z91*haO*KZ<YyzfW<qk6#d(;EZqf~lhm##n0b?`k~*{6ahY-MZ`*LAAA-Bwnq;9gr<
zt?Prh&b7b+3T*J_mgK$yy%|pCM2c1=#>3JD0+XwQ*gURl+n+v5x}X=<jO1dqPa#oL
z37us^jNs(SV!ml54HiE=DH7bc3h<8Fox!RFrd>^DE1IlJ9pN9y(&}JzQ!_32IgBv<
zjquB!#Hr;8EXS_=4wzM2(A;Ua(7qzcv|5LaR>HDeL^Z5b27ma2sSAeRY9a?1i_~tW
zHs-C*{!Ah~sPGAM|0PW1W+9K;n{v`qi|K{luQ{31DUl9>VO->D!urgyTx7A%NPd*y
zGY4^R<{+~uS@}4)Vg=aUa(oI!0f(np@Lj5jA2V-;6~bdGT5Lsn6BTG_IOW+h`LimL
zK$kSFZ4cfhF3CLxfCkIg!D+aARB_vXP}(}}DYvK6x$91@`;wU-U_I!3!r}>1dBjOy
zXHlCDnDk%Pp1)wrhKbxUBDY#yXUQ#s9IQ}E;;+;cmuCNkJL*faqwGaI+c?g)2+o;k
zhgAA{q*|1opkdXtCifxy4dLU@6ch~M%pY1lHrq1sv8sVTD3p#`)va#YX+srCBP*}K
zAw6xFnTN57nbn4o6vn3LQR{}z#*mNQR1ffRJtX|GW)dX$I4U%7R%{EB8vWj^WNs!P
zJEtZ~QzPAlWklxF5d_m}@F#^q=<xt}-NF0n2*t~I*#^xHS7Bn_GptruFFplrFkJuf
zfS8D-#@zgc)sa(~@_UL?!&VQcPk<7@;+u^kOIK>dWW(`erXYkcqb7Bp;CjvorD>Hk
z)2vqS&$YqAvegl&xjn=3KUnoJG_n<-4{k<XIW3k}ZKG$h^(wncWm(FMJIOzaE6bdN
zm8_C6NYf!xm;Tb4=VaUU#w?D9?yA{f3C-df#YAIh>}?N@7v5n85oVfQAX*=)z6b;u
ze(;6=WH@{Pls^YeG1lreU^`i;`g2RY!!$hvU;aDZ=#TFLb3Sn)+>A?AcxB1poHjAj
zbSphD&M)%TLw_8O;H}zras`BuS>vFY0gSt*q%5mp!$oO!n!PB=I`#rHt+Nt%+nsc;
z3eoL<?-%OUk;OI{-8z}8kta71o|gre!WE_}@9je!)Un{2zrm?)Kya;fUz+c4m+V_5
zh1f;DGfT$LC`~P@&pGLDLvL`>C!9fY$3RJ4@g6<1_nh;^Swt%!LnHB3V!?Ej&GKx1
zO*2Mjm9^q=T3wlm+HW+*b@ES9`yx7G52}b6$vsi9gIrI6t{*eWDEJbh+|ok%kU8+T
z=YBdrlf+M|gauEzLdMUAd<7%9ld?3AjHWOQgu?iMcq!YC382@waj8-;x)htiLtBj7
zHX&Xy=oLrhM-NFT5)?8Sl-lMOn6B?{K8q%ePWs27a()HSa>Wd~I$*itJrm`*JqIir
zg-_t#-F5EmR|jWJhwz^vj2>5>K+{!X#SBQz8~8oAn=yr+ZhIBTUt37Z7Eq?@Y_;GA
zixb=oWI?9eXy67h!%OR=-G&na$wGXXEvL1q%+mLf+<Dl?;CS`ItdgSM+k{|Ava-Rv
zS772p{`gas<&i~x<;DKVF1U=PB9wm!Z+3zTj{h3XV+tL|e4DF^<m&&FFz?@Bm@Zkl
zSm+h<;7e&)gJOaamj7o2nCF^>^ReJq^|C}pE5R!;pxEdG8V~K?P;Ar3tD|8D1>Xdo
znk$lx<QKR$0p`^0(i+7eAs#Vwnhqe<yglr=sXL6e{L$)1tvY`Ppb7d!n-tkVmpc7j
z>fDnPx-!twqhMFxtq%LBB&!}C+F8%O4EWp9C<b8qKAct5xwKb52R{UeYh$H92G*GF
za?LEck@Of<e-zjns!-Nwb;~1MTf39772L1sWmB9xgNDm!nN!R3pq6vhQZn19mxXg?
zIIshzlKW8OY6YU~Wm>`UQw*mS)UA3LeVhK;`4TKE$_}dE$MaqcOi;uhZzuGHCaW1(
z0%tV=7zJ&IEiPigEvHB*uVcZB!Qr$av2jG$Dp>TOA(otq1UEp#zwG1M_DvmBFQX`*
zU&i`@^_-S+wF>vjeWEoMb#<&$<XX$xUOE6O(@Kr8#+6yr+}gESS?3z1tgH4I|5Rra
zusGSUwzMCx`Oj+H)<_#bBtXzYrBZbt0q#z?f|_Vsk0lotHYdxXtG2<Zl%(bPMz?*o
z+KP$Kn&zpi+XCCBZI*Cb4h{Yz0ccDei1ROZ))ZN)v0(QLqMG`bwr#dqmY(YqJffEa
z)W~%#_@#kr`j>D?+0phE(E0CpJKO&IpEX-#k#8C-s}RP6`=}xI?q8!$;a>T&g5d94
zv`%IO?2s8Li>`cIf-~|53!W>Yda(a-->GJ>R+z<h4Ft5xG^tT~P>Y%}#HxdxN_w?X
zJxp0CE8aM;G0pzFyD^KI$x_De(i0g!Z6Ax1$)&-6sABO`GPiKe-cAYEtE92)Uv0OT
z>|k)GYCzhW`kc~R2Js`5jh~k+TX>)}OD~j0*K<`iqket!Ep1yuD%FO{1_&3Ze1Vc+
z>|Vu_Rosh*@fQz<R{P*D1I2T&Uui))L2|T^L~^aUb5TH-wMEEWOS~sdo9rO*{zwVB
ztT7f5A{dwb8*&Qcp4jdMnq{>eAmF=dfQL|B-=HLzxmWS6Dn4beVzmzr->X>db8Q3D
zblBgpSA)Wn<Sn+S*VhF{L_173r;>Fq?DiUxt&=}!{c0~<OZDZ9UlOIPe(!6S0c3aB
z-YelI7R+TWqUzdqw>L^tfZUE^R8g|}Bf-gHShWX@7A_`)tuf6lN_tdnZ=EtJ3Q#<F
z{I`@e(*tPV^ui$RpHCh7y0EtW;@UoCEN0R#SI}&n@hx?jMzh*3mm}aNwQgIHhns$m
zUIVI9Q_8yp<`7TS?ySEcS<_sWKWCYHYe`Y-v}o%1@ig%|7oLPIFCbg1m1o&6xTym|
zIfcw7HZ7aF@&3O7-s?2*SV;448Eth@m*uL$q7?Y&L$A8Ndr^$>Qr(t)8Gf3R^AKn*
z_~uphfPAjEe%)V>h;}nROJC>#en#7`fs@Xvwug15d<r;cfO85k@wOhp;L9YK{5$wm
zITwsmK&1r9Jg-bSlK5&f)v0@OzcCsxnG-eK#C_YtjGx-g;z#%lM+&>YtziXE<h<<I
zPjaWFi-|!`qytS$XePZ$1+Tuv4T=GeK{<E_<c+CAgZudP7k9%1G~};iUP&@oqf&I?
z{=LZUi!4fby}`8xP(u<XEFfOxeoD`2dQ)^PPm@Z6i3akeJy5E>7SFz{iRH<q*hzhl
z;~qak<*A$7zK2L5zp5Wky~Gx^s&yV?ZQ~2U3~4tEsEz|+Bb!|nb|Mn%!Enm3@YrBy
zpOh}2e-3OgY38hg4z{Qesh?ICtkEAU!^F}oi3l?u=%_Er;h_}Mip)yz3+8Cb=c1tb
zA%`=ndfZ?b5Diq!b92MJ(V8{ch+eOLF(&jv4-8C^1dXjzilfLSzg^lo<&dZmn@OL>
z^F7Q$qO5+_aFCFjt=;J%!%CGfK8-7qS|HvCY`Jx^6-lOcP3592s&0Fc2neaYED1i-
z2#UirIp>do=mJ0XU%sN!;Cc1gSXH>~vHJBl6?xsubvJE%Dw%42$ses7gIO{`cz!68
zfl?br;Bw8(%?<?Xsx~%OX+k2*sND&U>V>C4uf`161<@UT$-M|rNkyIHW7tjuH15al
zg&BVg7!tvmtY6f!xs%)ZmN^L5gfcaPAcdH*Xg8R(z;)Zz15#p=u@a}WE_jB87(^L*
zRK=*8=Rp97-~pD&lqWm}!x@{bA$XYn$y^7A^Ji#0Eq&7snEZ~7%y;nRJ+p9<KVjKR
zcnw^Uvu4hSD2Qv^KNYo>wJam6mP-}4p1sX4^2tj^c1{@)ElL%;L85+LYUDI`eay(V
zMSq>|wYPjyjQ#azLYHEGEuR#bqIUO_<HL%kTij1hNTu9Q&Uey3hyj1kyMVZ#B%Jj9
z=60?UXrJuoq{o<xkxqIc<-xhIyhr@zesZXjIhF|?9VDfLe3#KdrF3uv1H%j<cf(A(
zIlQyLAl#f#U^D$Q*hFSFmYvKca3c9}yvy;l^P|o^c~-Q2^q6sRQj+TZvKE`Dr=U^}
z(2uov^vMBKCV~seP^0RE6#Zjyq^_SJ<AYB#UMOj#sd9~RAXCvE83BDyf|1^*ArQ&n
zH)QN};bGkEAj*wG)_tfn^%<b5XE00DIq8EW12#F$lg(1_id{_C)NW<4*GYtE4+0pr
z=a>SC5E~-Ge-PPY)SBpO%sK`x7eu#n&_#oin@X9yA9G<Xl=^a-0G^;Ec(M~7!af-x
z#?KQE;5#Qb7ZKb~ZgkR*p;+f0Wlr2rX2UkO?k97d%z=Q`?#w$z*Rfwr3zHqll4{O_
z)bM23>4rYFV33N9mj3#TAzUeAko}vbRc;sgRI}g9=oJ@0r=mNE?VQ$?O10Xaeh5T;
z>Rjy#haDZ=;$P76F(q|&H7DV1m&g1mEgvImDE*Zrn*lR@{!20OzZ&j^p`IIt@a`uI
zoOB#!oV!Pe@yy36WUt|_9<r@1pTty^zQS@l&RH@Y%|UJ)Ad8C3yfO|R=b@^CzeswF
zhwEibH~<f;yb%s_KLMNj$r(;s=^FQw8M(#$0#UP;E}{#-xj@4DW#2Yf!#T^3eP=-I
zud)dsvHP<x!k*cHgKoBg^;dL_si^#GT<4yEDwyZZ07>uww!yEbXfWpeUXxVt7dv9+
zbxtYnjpTlW?|b@CdN{XR`BJ)OErLf3cQtUg!1hq>CaUU;ZSJ#s*8gK4eEz;;fX{Wh
z4*7hB>)Z}h&$u6#GiRVsul&QGA&s>(bJXHrVM8>Lr3M}p!j-t0O-<LJcN_DK%a=-h
zU9n%#Dx8G=Ccs)2%C4ly*8yAuh6O6tjIyk@U4vGf>~lWZ#j!bgTQi>|?36kUcEMvD
z;CH#sA0WLLjtDAaPfqhDm6*{JP-eP+!+K*emFj{XYpmmPFEf|e;j#+R%?PxU>mDOe
zBSfQ6x@QEogd;HjNbm`0gFyHiOV)f2`D|DiZsN$XX{kSr<^6Ijfos`W@TeMKb!)VQ
zB+QmZE1^&s&HD}ChD;sn?)%!E742T^yLL^EuLPSG!3l}*w!~o;Gz)U6oM=&2s_raH
zGAsr!N`r3!om+#clTYy8E@Tw^(ev@o-qr8;3*)U5k8rnb56+QEFyPr3I@JBsc7?7U
zR{SWuw+Xm2RvgLJAdY5b)f{#j4W@42BMqT}P?roEA*<inVs<L$teo^csHm{AZ(A(#
z7FMzarNA|&#>zAI2ZCz9ah=-hNZLgI>=F#_3vKTxj-FQPj};D|OqfMOz%N8yG-ynf
z`4?_?*2E43h1d<+C|zdwXiE53ztej4`(}<b8H3zB`bGY-Z9ACrKN!rLVzqd1Bdx{E
z@nUA6HTfB3XBf^by67FY<$SqYj;Jv8Xyz*`$WmIkC`mcaT1E7w&f3X}^-8q5D-6Yv
zB0w|Lwe*}Q>MAVw+uErZvf%$6CG>*9yRzPPi`~$<Uo{|YO`YDq;Qs|><2jzWP@!d6
zw1>H~+__tEegA6zbU=o#-{(;h9J^QXg(@!Ht61%WkJj#qMD6KS4STI<$MIXrZ(ZR)
zz(Lf9VcWp^-(VTC{-*?KZF*yZq$QL9O)Pj+HU9+vuc$BJHwiQH0p}b18&EJf4VD&4
zf`+|{zpCP+_bOKVVE?^})joFzLoKBD>G=Se30+hf?FjP$+rxZ-*{q@O@BphO+D=uE
zm7CFs27}or!88Da@&O1?+B*4TeoC@4Y@1k6GYGE83-bojSZVfLU|Q>LLTNU|FwBB7
z!$XJUMCu813@TW-22#x?K-eo|a3poh$QRVUYsSD#{Ly@n*Acfjo6NxsGlv>y54)_`
zsjW1t_DZ{IPnl(+UA40+$Mcki%M&1{m=$}~mj2Z`_@_|b2#;#g7<PY&UA4<W;uvSv
znb9)^V1=9WXrPtFTmu}!jC&fPh@J}ZjcIrwg@v{EJX$J{2-oYR#!Qe}W>>JF)2dyk
zPvRnZ3%V<`99Xp*qPSwabPwu4uXX!>|5}4%&vpB7YO#lT?%#^s-pHa#@4dqLnBb?T
zfw5D&5=x5Z%aooqbp3AEz-7s!BYj4^SkMhnaII;-=c@jGN|oD{Kc>Hf41HO@-Eq&|
z&tzY38?vgW{%Y!_PFD0om-9v$FmwS3@!hC>=vuv+aye%jTR(+b;~ufudmJahP6k0k
zrdNfac)A$AOw?nfvXd$^oL2SoOn%fJl+Y|xmJD94rkSiF#j0Z-Ml~}zrD{9a8(H1E
z?+%Bie9k=Y1T*6?bgF{EW;JdG5F9g!MrkP<W_5p1RNT?eG44yGqd%@PdQE74V#$us
zZ>XdpX&3g|c9hAO%&8_$t?5N?@AW*qXl959r`HhIZ5q!)!yB!cY~j~@!(#r7`oG<L
znLk2A{)z@cQUA=1#a^&%xtZ{$$6?N#N)%(|bPmS_v;|c&S;!VDm~Zw^F|ZBav3MRS
z;JIOWedkTfz3urYEis~!i*N^aF7<+^uaW<lmyA_)_v^?|4IaiywULp!4426+;*7Ol
z5vV$p9uEGU>KRQ(Bb=6HHMbuM6P2xH@$m$Fi}vRv*hsDxI7@4>v5+RwTq-#uIEa>@
ztlb(Mrh(9$tgOf9IISlSgCJ-4%K7CGJ^|yxbM{ydL(K?FJX+S`Pl_)dcN&<S`%Ul!
zX9SmM1y^b|Ji?XBhpY>Pt$7`^5>nv@Of;Y(T_K$zlAK0Ew7U^&RJSVdnjr_w{Q@sc
zMMQc`l42hVkKqKCCWHWgjfo#<pD;lRJzBZaSb0LG``-{AykCIM5+1{23gu>V-Rr#l
z&^Bc&IB8iEeXKY&`mw0DgA~O@3GWq8`qTdH*XW3#ozatN_YurVZ$M=dQ8|j<AvuaR
zhE_{&AxF{MpB2bxL(uIdXF-eenHLMmiyK>d&*L_At=l`-N&m+PtzlnffV#a2C;dJb
z&OPQlb}#vh&X~$aI+-Lbki{&+X8g)@>J09iqbLL&*7&h+gi&;83c&#y`%E7>t&ahj
z!Ht$X&C(%ZcYpUXkqzozIwux(Yl0+1zp$<(Yc~hf(k!nc=Q>NxgA!zPmD_NZd?+%Y
zZjIF&DrGHp)o*P`<9;xqki^qk@!OzNNkgrojg2e_ZA4o;W=4hi8D3~7Ta+9LS1Wh3
z>j*j1$J@Aed&%dF&?;2k21`7Y!h%ZrFccHq4a(;X^jv>->G-g}(mzD|wzD{`gLoz;
zLf~APqFWIEA1by>D}Cl}CNomMt&45nDl=Z$8XLo4U*O!WgZie&nv<1{=hk<jh#F_9
zR+6ZuCifo_5mvMf-OROFcA4XSia8RfDwz07!(O5gCL7mYL7|*cL1((B!3@;ZEU!Jo
zFT2YQdz2;t2ib<r&1mvDAc#o>sbW8f<Gts=Q?C|%#;rK5FNgf)50Ma!$W*ydF5EcO
zN~d)*u!H1X_?j3p31~A-iA9fLyO8}j4RhEte&sUVHzaN5EV!II!#s+keX~5n3`|@3
z7Grh;%mY@5dO&N;=m1WBPE_JSBItCXxwspqy&ml?^}L{PzQ(ynOIo!Rud2|N-hvl)
zRdw6yw`2lZeB+wU<5ty1ht0_uRrFWxTeNn2$;DiUxXwM>fY!ObyD#F_?Y(Z%es1rL
zPG$yop@}|yLpWIkE`!`m4oBjDArVdv=mHAypp0rNf(H45a4gh3$u$CT-yCI3LIJ(u
z8dim_!94cE*(35N&OOH(mvdqk{}XZ2e>G)Ql$jGu#uvRpS#5jncS^T_uIdG5?`r;^
zkvkNPxxM6lUMiBi`nHkl#9XZ@zQsv@PUGXw{-o12U}))$VdhTyR$BBa%eZ7IR|r<;
z_7sIlCv9I2O*%1vM-C(fa|er+LguGUrW{k|M@k_@5d2-n42sSv<9j3C8@W4}m)zc~
zNxG2u$^Df-%kbvb1Q(toRV@R&`Dv}dTVn^CaS^-A?gZR>oK>c`o*G}J&YH4PGjr^m
zQW}kt!(N}L-;o-j2%)n1S7vg^yvCWW!Vq{~XU?DzPDl3nH1*Be0zDaa><&xssD654
z>7UYc(l>zG(tSMlWv=^kXDBCuPJ*c<jJReOanVhh!15P|>nG?BbqJ#@q?t@Y2N2Ht
zdpm%3Os_CG6mw+mtkl5}nUQI~{V~=~m|DbnsJ)7Db5_$|kRoB@dyh{1<r7w$x!0{y
zY_`w(E01x0zv^kxFNhk=r_eY8u2TY#dqNnL8V+@vTHV)BH)r7chx$bvn9H3_|1(w9
z<yshT;u2}9HHLZ^H@R1^6>~^7cO%s+u}x)e>T-7xlrT!oPMDMKfPJ_3mfRZ{qB)wv
zaL#S!rf?{X<LR~SN?~x?YYb<+wyoq*&Gx3NI1jXHQe^zt2!EaQMVd^y&-6^;;st$7
z@Hat`ecs-MRYUB>wn!a61iC3Vt-iPUt=37=<-+Q2C?)gKVM*jy6?9l))o=dB+n#_C
zS;nOZ>-O->mXqdj_DEYd<@FuT(nZ`1i<Gf!*|MnFwApw2Lur3xccYX3A`Se}l1IjR
znDA6>G5jdVH}qCVDv^`D4H4e_Uz{Qml&G(F(wB(3ns>%Z36>>D?lbhzhg<B4w+oUb
z-;upp&cn6ggCH@~x6wZ#^>2u4tIB-(p9}v*nuo$a1cH9yTet~@cb1mJ7_0D21k=Q=
zmON1*QW-f8u`HynwB-G<k_i=5b^jCLUuKjI2%oxQPr?6=%^B8>)r1`y{GFq#!Rxa8
z#*($H$?WDV?#?E+;Epl680Qt-|M);Q^gA>No>J3?Y}1uT({x|Q2%n&7z9U#7*c(IG
zBR>Upi(tR?;TE$$Jg8%I>^bb52tu09nM^nC-8tqdrt>-N{7$(yR^!5UdhOQ5r;Thn
zHn$zZ-p)z3Bb^nICGIko4wI=&oiOk`$Kul%IH^l`VuE>V(F-lRBXL6M@nJJz`n_+E
z+nU=)bQ&}q)6+oN6?MBg1gFal<yqmsw4-y_GI$};45Iw6{<-}ej*_sSRMYrj?KE0=
zX4Y6Z6SC>h0dvLP-=s?hb@{?UT`sH7ohc<5R&%raFLkzV5_h(@Os%=hoj_sm#!u;}
zXMb+&fu8@EE|H05nL2baaDX+)(4|1os4wtn5d1(*@3Bo+9|gQk)@W=pT7?Dh%IUI)
zA^u0XSS7VmWC=R4yfW`qTyi;CfkaTFa7hzz@J+~h>)ReiC-v)ZysEY05Y5Tf^LQkA
z?}R$PD-&WAdcoBy!1Z26!`2IX>$`7YryWAdb4!vSDS(tY*i=FqqLj&@45E4#J~x}X
z){64{13F*B^WNU87uD{><(9BLsrirgwe9u0mv2`WogGem;dx&G;@<1xItUVIr%gZ{
z1Cm|nGIZF^{p*!BWW|$NpBiRtescZp=5@%Pa5t1F(VZLf6Y_P+N5Ur0h~YI%Z&<Hu
z-3Dur+CIdppk1Z+vKhIU#;Zsjx}oo?Rb8^Jn>6{_FX?7lsks?QJ6!@Df3)l^vnh3)
z^*6?xt6q$D7^|x4XpKG48e802mH`6;<U1dJ#7U_-#f>#?u%9&2I`tENI1l(^0PrB$
znRK?*HqR?i$jrKDO0pyP8Wq88_O}a%QCHW9z)-Wf08GJwbV|YE4x&M*cAbB^==_#<
z<}kYapC#w>BR2eWGR0*l=|?jwy-bVcPpB(;$f7lk1S&?9Pnr;GS#2g`Ss{)l_^v>u
z4R75<Cw&W`|75oM8o<US-D8s^(Msf*3#-dD2DO9odn&|{>993sI1@@jJvdT?x-Czd
zu<inKU=V*V*({Mx(QzqL>ffDQKuOgfjDPVDGv}kWvu5z`GZoR!s^?zl<@g#Cn?1e;
z9rPeHWUOWTB+6{^73wb@4qrIeu=O<QJcOR?g=b^dK5F!2okf?@DZ%$tr14@AhplN`
z;s!<TUv<PwM+QVoOO?3dtl4TqAWm#pS2(@2clL8LPz58`8naG1Izdgz*y(r{v?L3d
z2J*bzl);J=!=;TV7@S<kf^SryPc`(WhbOZNkPZE5-m}5qm^vu<;791%q<NucS|3FX
zA!l`D(J@$Vb$@>MIRm+Y(O7`|h?29K{%j?hUTS|Ek^=**2Y}#S(@uHaLc4X8=%m(S
zS$s9mUp__(2(>w6Kvk3as>$lYy=w2JmX@Iss@8kmLyu{>VAC<JhJg%ia5-fPaM#FB
zuTF@LY>zHES~W5WuIqITX4|8MBztK{>FJEdaX%7al67^zz)39ia!IIEx}UpvaP7ec
zTX6ml4YhGRfXWFh?Vyct)?O@_ao9(L(GmusAX&M)>d<K7g`Pi<po{uyb6=JeXmGt2
z%R>zhN81y;O1UHeFW|x-2W>34UOXV-vHa%GT4v4%_snq8=a?keB!<1)Gl{jSx!s?H
zh})BJ(!0z>4G(Klu6&Pq=><u$`+4bwlOAciFgWiAg1^S=bkbE6E&AaEleSAA0$S&u
z)6}--S|>fq+zuP2+qq8qMMLzfO^^B~Y-8wW-femiw(Zdk(j0gr?=S`S9=XPC%TWOX
z!Hz!-Dn`U=71F{QxxiLhuxe_<zG$7bTkV2}SX&5IP#r)qpY2P1-`1LG58X*^HAtx6
zfTnxtA)_a2$Y)YtPQ7ta;_oc1$xcq({1(NVG2OC34%+PB@^}OCkypw*3<gtc1uTr;
za9+1a#u{aSs#xPu&iiP(XZ$ev%|%!I6VLo2d>GICL2=04)5iI-nIPNfXYm2x27BQs
z==;5}xv>6r4^w<g&j3A+0B+Ar$2<<`-1EBW+cTYX!jzxoWY!RN4~-AnjPRV(SWcA*
z4r<@6-P#x=l`NvG`aPif?2WcCpD2#iqf+oH3I#b}09i`H_3?7W7-4|L&L)<)bR^91
z48ujVuV%h8InKHu&2m&&MCLKt+c@Quea9*9hH;9?pG~eO#gTtB6f5vapXAq>&`dkv
zzhSNF_A+=ri!x>`SHxye2a|QYWe+7jBqo%X4U_ir0l7O+%!J`l<#Jx&(z!>Q>Jwu8
zNquL+FqLPN?=ci7C`xzkxtROLL9|}w2#Ul7Z%skqlcAOS3<wA8FF~_##Q0;SxM(*%
zE%*+tb0ww=r#k7wpy>8YcQQLz-m`4mY#k)7&X|zh>N-qgnZc_F!i>@jjdQ?SZ>D(|
z%zq_|O3XBsjcj4;(5G3sQ!WOU&lNN@W_vmfjrr}{Y~Nzc4K~{|3*dIOtLVe5KBIQk
zh&F11c2X+2lcip>U69^^jLtpJ!PEq87&sXR5eororpU-^){8l1^xU3*bJA-~lVvn<
zduBVCKUl{be1_F-zX$l&N4R-H3c*@`(<a-@eGIbD|1L;9fBOu#XI`!jTvTmQpIE0p
zLoJS@xjGG7=|6OZLl17CJcP67u3pExP0+qb?&nH__FSF27Hv+LtCF+99hAaVup0&l
zE(sm)o{n3^$z)B4iPHPWTCn2bf#6c(D|q?){AssMS63nKzLqoXAY^&_W5M2MVV|xB
zwvb^q+iao;@plCKtze;G=UUiLU2#{;;4v#5LJZCkc)bM&$xJGY1Uk7Sv+0*0R}Z*y
zM4x_s!9LIM!fsYOb$IR8$vZ#gc?ROgRf|Q*hH<6Ax5q#Yzd7jqf}Up}n#|rQI7QBy
zZs%LL7+uHn3^$2L?9Nt_nPN3~^FgpEUA*@?Aa^Hq)@#{#9w}_(OUp`Zccu+@edWD7
zK|jOW&SI^RKm;aBs&+>^y)7^F>X!H>suyL<+(*c}?LatC$ZI#NX2N*f3q#$PzDHdw
zJYvvk){wtY5lbf%dy3|uz_Y|2Fc2X)(2Qb3%vf;f0a(9@Itx#E0W<?Vg_8xZgH|Eu
z9sGtNr&*K6f+tkcoSYdx4RE-(+uIpjYQRjq8G?C~^v9diN`ra>VIs>A;u=bbA8%9K
zcqt~N^Z)6nDZ9qTl)MX!x-+PQGxRZY?|||okSL%GA3#IISg=23iUs@q7PY}^4;U={
zNB)C=0u$evV*%Dfa`uZOBDB?`FUDNVVwL94mLN5H<b0%*tO$spZhLSNej$Ib+r#1N
z{owufscz4HsY~76hdSwR%KT~iJ65-D&n3z=zC_WY&2A5y1Dm+K{aCl>x~9znx)mTZ
zPV(0i|Ck7mZ8|Q_$^U`Z4lNFM5pMor%WgBte4gEd$_1Z?rOJWhs@k8KDHV9zu^2HL
z=zRpj|E!pRtISvB%PH7T1i9w5DAgw7At_vW%j1@ZCnc)!bCWb4l--a*!-J(uDHDKo
zaB^ZonEehEHdNQP8*D215hY?U|Godkc>lELmo(m&4Ib~0jW)f!ukrq^!Q*|gg$u{~
z2PjqH;-Kf3{tla;HstT6PWctytRY>QBS{T@Dme!&SNeyUr-WuEXQP}XV`5g-d)^ka
zsx_yK%;1je5ed#8wbseD=Flm#S^uU`CZn<NXiy0%4*uf62WCfNe-7?vwpj(q&?=I_
zRyLP_u_5R)@_9j4MS$C3Y+mRWt~j;Ygp>%F@T;)YJZAsGpr0C6c>NCnG0y%1LJfIs
zWQ9ZCV2uS&s|2CLgG9%B@9lA3BDmDFG2=gM<5AK-{--kj4TKs0A;dM5@J!}y^hR(g
z)~J(0N3#N<EFAw+OI3FUb@&0PWv_!m!AT&|_~+do3H7WQ|CG_8cKojni_N?FUiy~N
znR!7-z_l6wD+#^B#PC%0(FIcc8g)0ryi~4RSmlYHVRb;y%yIL>c|{QcW-8{aZ4z^>
z(~9U>sa!{bYUHP62kQ-i7j}W9j=FN&SGIp@!V^4&r;AFwZaMF`o>P+)3*>RY8Ai~7
zXGZkwK<B=#I_ltM96ahtuUJqid48=#f|2414z^y-Y^)bcz|s{4XBt(8WkDb<h2dv?
zck_APt5x0SqPFTrR(NtNJnD6E>l13f%vljTd@@80lE-mu^>5ss&)0VjQ*A%SZw|q@
z@aHt>cfnafn&z`;F8*04Fl2PhW}JO$gW7oTZ?-l#gkQv~ISbh;@^x+>OWp*F9_OBM
zxLLQ4Qy~gkT{ex<amt6TU);V!Q)fXWIRAcN$UpXZU8!^3zPUULL#stkwDg&yD(REC
z3!k0nyPmfSfywP#(6n|B`xdG#_w_r>2IJ!FO8TBzpfCa6!iVJhzw7qg?xa6YVT<0>
z9J$>KcT2}bzeS=BtD;l2c~>2Mwq=)H8E6TQu+^sfsH$Y~Qb9L*JxkIDOL3idv`EoT
zx*kZYJS`jQm;|b21onioF@qzKSjI1whv}N%=V3h;;HTZbbM1R|oO>>TLszd8>X!co
zsOR2r1~U8FEq$71oTaB3L5Ar%^CKW_{3DgZjn+KQ(ueu00^Zq_214W13)YzNlfo_H
z@GvN4aY{I!r$xMaUh;2Lj~g3SEi7CuKF^}1T|q591#}Ze7}{FI(y)3Img%G`be9Sh
z#!E=1@_xtrfCGZ3b0C(`VX;bQ>8lii86pWoR!cbcPK|}fjT`+3VzX;qv+x8dzV#PU
zx6FN&{6@MxRqU+j7NE>Ocq#;L{(WH-J%WmbofD;Smpc%8n!o#I=YB<G5bB8l20dx=
z5A`%hs|g&58QaNlgjXc<2cxYyg>X4pxQKan=##8}lGTKH*&fo&F%xu~`q)g+>hw3{
zyMlMc6qq`v9LSR&KhwHHW5CJ0h3^<lQ&?!6Zxb}fNdg5nt4-I<NhU+G!RZhMQkhXZ
zT)WkA0?kdMBSPFuz->4-`vgEFHOu9{M_f^@E}%b5@Ko)+xa96qsoCJv@b92c48Gv1
z|0uZgHPXK@1ZPktfSeZE!M}5ttAG~V)KuA_RH+wuC31S;Nxk&BZx~D9fdxc9$B3Mp
z&X47yPQZ$k#tpK9JWY_Jnr?bdxQCcRzvufUP#T)I=W;)^_=5GUGFcu5S~(8<yD)s(
zxx$E;VmZOdeN<A;eS=QRv%j%$Duz;cKO22#?AE;F;ERySyu0XdFJH*#5>2f%`atKw
ziBzA}^v-nQX@16p1eu-I(UKlZ4Rh8`i#0+_k61&RtNtVLPtjEQMYf5`+m>mrVBKd<
zO>+^q4>L3O^rzqJ<gN}&Xp>-T(*ga(hat4Pq5RSgQ(_jK{#b)<md-S5Mq<Qx#5DH;
z*_b+_e;Q~LE@%yqm<WV18ykVcM!(tj(>og&!zC;7sIxQ$S3~`Mu$3dn_7MYfBD23`
zaevGDEw{hcUpxnJBS45oM-|F~ivZ?5N5kC>WtV=jBls6?Yj@Uerkk9#ch->(Z2f{+
zByv~7o!e;w17~fAB>hMzcUO3?FWO9#*m=CkXPlbc5cS?$_b1*a=)IO2-a^!$h<GLU
zOIdDjg|}nTOP1PDdDz7ZdO*0hD%LM$t^GVzL6$#@C&YNML8QrXH<aX##r#7w!SSd_
zWf~IjpZh7z)bXLc>G_hDcN!GVq>~r$!=pI~|JO;SKfUn5h1nW*uUUWZN8NR?)@6OY
zy}ciHAGyBe&Bgpn<vv`$crnz6ulsAMyRIm**?q0J>NPeUH!eJUs630CV+kheCcI-~
z{l@0)P`yIL?@P|+C)!@MzW!OK^-ii6HzyOJ*qFEfl!3!wwEtS>q>lsydHQ2L##5QJ
z|D1-54iU#Xc?$`HyNqo%;r7asRUZT&qpSLWH_qO300?MQK^D-yCA!$WB|0^M7u?k&
zdhi0Ety9KD>w}xBxE~mHa}5b6-Hl)3CBHnuTOT<0te2P4dD%F^%!1$=c~2;mLs^C%
zENdmY3=7RW5ko*#0uwY+Ul<?dC`L$#-3|^fLuh9$M#%Osh^N8ou*KsODVtoa;NfC)
zliF|bc;@Ig>F|~f>RA(`gx%0NC6-7unwJSqlNn4_^IgWe^1nu(eV`3>ovVRY1rX4e
z0>kBtwo)Lj%{MV9o&V}?ewn#L4hu3USrJ@I-5@r?=b2E;IA1Az>k;Lo>`O%HFFb}4
z6y_1H%V@1VC&g%OKaiW6*8iAOJo~U#cOhi4cwjT>k+3ZIFS?J)(rA|uC~MgEltsXN
z%S(J0mFstiKYhbD{#5X61Vq|?X5pPRBLEYj;AtTGtA)<=Crq_Yj}GR$X)xSgeE&c^
zh8WKRQqGx)rVNenWWX3bB~T7IMfCj+`+VTq9)n^|@2_mj>Pj8d_QYOHmRsVPOI0nv
zPhqnA>qZz0XHZ{6i=pF{{xW9?%&T5`<guY^YALFTIIYj~mu_q%bZ^jdrTkpklbu<^
z36<))=ys#H`=FJ-+}m0IA-Vb5&78WwPp@R3&nqNHGLe=$={LYfZF(WUdQB%z$K0>d
z{Z{)ZiG@@RsHeCa6U&6$1Y}1+fatAp;R)XM{kAlHE7<G-wfG5*at<Btw=w^c_zPB>
z;-@Ii{{?&3iwqi^yX^}+&Ff=343UiD^I)j~eoVl}TmKi_W{R}F%|9AkXKuFX=DWd_
z{WtXEl>NGMR|v&f1Mop`y1Dt8;J1eHGnqrQ#OSHO92=xZ?#E#f35^YgpVA49q!lWu
zD+_)N24*JN?p~)8BwyQo^fxhv;tCLzMSpM7HKg;*TOZ=VC=g`&79Hj7Hu-JLFc?P>
zzej74Vmj;9B^n2BL8H8NYIHIaralU>&rE0qprX^-FwWw`4NQh>6TUn|r3eV$5CS)a
z6>IjaxQqfwLUF~XQT)kW#_{*hU%XAmo_6t1FfU!0Vo!V?h&|MIIWAN8;Q0<-6V957
zaXY6RX3ng3B;>e=;eW)K4E{hP-4k3;^b?BQKlB9~Da8-(XHLLyptBRBJyr;cQ>HaI
zlOAsHVG9>pihX~*=uKCpi<05zj@vK_=HoCq#+BDI*gta~47JBG*^>Nd?33phT-N_h
zBPP|q-n@fWdwjs75MRoQX4)Kdn0qGYNA8)dGbuna7fM3tjTtjc&M98i5$31VZXdbl
zFA-tW14DApHZBV%v-9snRjfAjKK@v6itfVPvpI|&XABsxVDcVfU`Pf!hMkoL4-qSi
zK6~+GQOtS{JZ7PK0fqpIneJbUc&?A&-f=%**pMY2k`X?^8jv9O&Il(!wr588;|%!c
z?U51gQsLmd@hcQq#+h!4?64>;gkUAGTnRV~$GMzhhRjpi8l0D$rODwK7&ZAF0(mnE
zXP_euh(b#JF3>B#b|Sw+Q|gyd!s?@vck5sVmE_Y$85omK3ulaaO8WC@<kNF$VKMo%
z5aJ*pAScz@eIT+|Qju(6&_M`{Av^_<eWEaH&gr4w8L~eBY5o*%r_wDpJUZ8$CrDl5
zk{+=ovu(+A@+7HAYV>y(x?QAPLI8UNp=q`1mQ%-ujHz=sRL>~nhS!cny}>Dv6V$?e
zK}im?!d)vXqw~z$&MG~^)8DHTf)Tg`$!Ax&+Mw%SfO+dUs<fhL5<au1>e<#weT5f0
z7S>zqRJ$ZP5r7X`C-!yhk?+~_o)e1COp0Xh{w_xXHmBlk^Lc3>Z=3G_9*sX*^>~U+
zsr|yrk{KNg<dEK;_}bckJt?yM3I4e4@#R;r79M)uuuWB_oVQ6DxS{ptt%0W8UI|@x
z225F8%g|ly1ReBndq&+nf_D%<1?Sm&`O}eo!2ErDnXcQ+^>}mrV{?6<uEYJg1g=0s
z9m@<3QH-!48fZ6`qmF0E);M6b>MdFUP-1MIMIW1(9)9mO>M`YnuM80F>3j2GolqZk
zz10b>*7?!k`xfVivId;b%D)RID_!9PA8QliXpaSFuvtJV=LA0vqCoE~Y#~@do!vy0
zb(sPBB5ho=oU;>eNT2hZ<cB0*nUSxY^PGf*sp(!>GSKcZR*96q)RiJl2r@JDz*jI4
zMf448S9j}G8KvGvWGq8Q^MRr;jPl2-1I;Kj=1@PWBDL8gmwi<~?n{Q^E`I>rZ>tQb
z31J;H>s9_d_xZ1Dq7V5u`w%(}ngHap2rE6)4YA-P221{E^@#Cctv8w#YZg;53IY5a
zVZ8PZ?(uzUYZUc5Loj^MW=qxf)EbSj?B@Yhj~E@m*AD^8FBhHFrXfT3zhnr6E2t>p
zniKfB$0^!lJh7gIvO>t<A5dN%!Bki3mg!-10`p%U;SYzN`P-=;<4yf5s4mE>^|00#
zyt=*-5PoX-F^?WBzk-aypayHzjQ(vCE|@Pjs$qc?-QGGo%2$&pzWoe;tRbjno9v*>
z#`(X5x9BNq*rw{}cEc77(a~k#v0bcqm)WmPLde!1!t9Jhoc%RK4UOn}&(O$!7dN1M
z3pm)$j;h7GEhsIf)TknfxNVFv2X!!D@OH+^5sD0pRRiz4Ldv#T{NdFm{=`!M^YP`|
zFfl*sjh#=aH}+vHa``we@obNDQ#E+J8Jx?PJ&Vp{2}Wmw>%|}T-Xy+YXw^mP_<_;&
zpOn*oMKld2a=q*#f3(!@pCa1l`-h2m{xD|+iH}WuimUxhJxMgNH8v^Q?yOzX&I`#W
z*S~k;!On^U)0>;N0Ay-2LYV&p`nlBG_{G8e<j%s<2HAUV_2QxT{?L2)S0b79U8>G#
ziHA+b_-B>zR*xzKDs}lfR{mM5#rle6O>cF@6d?}8<NA7*KiQ<L9>&i4+k7+BKf1v2
zH*`&s(MI@!mW+bGjnRldTHVq$sY05itZP!WV0iQ3q<Cs%n>wz(tR)rg$eqeCw)pIM
z@>1``0S^?+pzr;049Z}sI5^xNYw%916kdpjsOs)W?cX&mp~9|dNm1&WR<5651PHuw
zQUj*i?~zP=E`J+SDZN-D*q_3R8SdwLH<qw@C9C|Fyv}4k(~v6fnp|e2VP(pjq|XsQ
zTP`IhmYpN#@mr?ap%B%3K>Q4d{0|4_KgO>W2RTZNN_gUnJ{n;L?oDPGjf1?cGJ<E?
zyJ85$d8*+vmP?5=eZjO!JsZ43_SIVQb}Zc>dFmJe7yKjkfT)#}1dA7;7M%FUxJwT0
znb*9(_fy7R%qJS<l|E*&^(MuPr}idQ1fL@sQoT1R(RPKr$XN5Y)EldL7F)V}&-wgf
zORq%qO81~wOd<53WpEa8RR%SF%CQizdENgMUpq_V!TkR}#W(+dhA(8y+UsEXYCf%f
zO!9R_IO`U%nvI1xh$qeS6Q%xPGHGM;%$Hi;Gt7AaW-+A%Y2$~fpKm%~PZK7;#+w0d
zh_}Xm33xbPv4~hMY+>t$Wgm9Ms5F^DMu@oJJ^cJ}yJ8=E>(=FXqt|;s^-dA3JqhT2
z&uVOTE`oassCjtcA0K;L=sd=hF*gmN<pu-%Ycc{E&ti07-$)gw+PpKBkF^~W#2FJ-
zU~=b28O!$g^kMC;!KMpljZ4g+q{AA&dH2<UII_*WBMzH?uF+7*cQ`A?%B{D}hvt$}
z-oYqAj6zM3U*=;@ZJHE#Ym>K;yxu^(ApW3K;4zrTSS#?Bnq~;s*SV?Lkez7Bp7y^b
zw;w{67o;?6#$XzoeSBH~js}Y<wv4|v!(6IG%40%#VqaJ4lR$cNs@RWxop0*AfWEM!
zOLIMp%HT;HOPgl7m61j)K|vy(>oBb-twIb^FZT8PYHPW6J$_;Brts*-*hHBLF8P2#
z>PC7{w{2H|P)|W@!3GR=-Mp!ry0B(DH~aKp#|4Q3OHUh?v`~Siufz5pECr{^uZ&jz
zh00wr#(U2Dt({Br(aFw=;?}ZFt!1BQ@4!r<WwV^McORhXGqdUTZ6ChoouY}>d%bFh
zH}(mxm`|Ox>HQ-Aib$_5G3L=(%qu-b!tI&n+%*j^uIT@JME`Q=X5ueMm^mB^4O(tN
zvRN@BsW(=tMfgmqs=lnM#`tn6A=fMStaVRcW61!n+(`fyigQPElijaCC;J&lx*P0f
z`Jm#1D9-<7jo`B8eFCRQ|M{2OB$7N`n~@SFKEv{QQ0Q`~8vfj#ff=hd1;W`QRCC|c
zLg}5Ln(Szm+~KSkrZLlcR^O6hZ)4T=<%Wdm0;@}B#h6fUQH#wpmB<)ugm|_DG`VpS
z>u$|_FHx4OM-#zFPC^qg{fYC!COWn&gmwY_?p6$EFHIR9bMI>4nZ9FZX>0u}PV0|{
zq2vihV#4|S$Z3=7UvygURVk6_;)e45n%?oYyW4tN=g0GZ8iH4Z@m&89(UH6jBKMF?
zaW5_YowLtvjm%@}*k*w!cs7A_?rYp;-xGq5gy4(Z`X?A>wp5w->sE&<TvBYKCmZb$
z8z%j-Z!rEU{9CIteNCU?%Pb}!HO55<gx(^a&cx{4P6hcamdJ7h`pRl_qa6kH8y)wd
zIB+lfCVXXUh;<l2v2(}S_;2J_h)m-<khI)y)Z3sl&*P}2nW}aF>SW#@j;ht)d>51*
zU_NsNjTzp0+l%2_pWOCIxxXo37_iLY>eeeI`#_n_8RX6$S{7GX{m?QU^UEDQv}~lx
z#tbbRrLs?;yVh9x{@i*K#A_~~(3-zCI6PzixfjKua!5ISdB_X_UKESq<AOEV+Dc7m
zo{741S=^nm_3R;PZwx+nZ$G8-0ZNO6bU?&|h5oCQtu`zr1$dZY=|T!^C-BmImd4}w
ziUhj#$_5T01dqZ-t^wLvg`~O94#lm2F}FWuYZRb_LY2ueTYGxWSu<5>9J3!?Fsi73
zik-t7(F?Ovh2QW^V_P@J2ukZW-gF(A7rK;#w3nB->x-gWTFXAuI=iU;m3-pNvsme1
zmJ`(01pQ_m%HEzI%hu0|-S7u*3n5>UFFRsH(Pvuu1|#Ho4}?Ffghy|Mc2+6*6}<*&
zi*r{AL(W;j-pg5QCBc$W%*!=i=yUP3)~(tuv_2!(pt=0B5`3)GqC@z(QMwvXx%L}#
z9}4bRUFpkFR{6@#gv#GS;Y!mZI&%|tatDR0OyMvU8h>YwkXy^q>uf?Lf2SX3=>X1j
zKTaKZ3UTVmB#Tq$R6?9zpm4xXde2tvz*i1(k%g&dkfR*rMF+d<J9#8wkh|7`DEBcj
zz}_xt4v@KjFdhCM6IPblP85xK*AN&~!UUXuz~<!i1kab~Pve&;560YR4s3i0z6N#E
zSn)bbW!hoRDRRkbjg@QA)zP{-i7W3Exz2(!O`n1U^_|Y$-BeX|y1ns5hvAP$Xtu?z
zMclu|#bt0EPc%?@`=79IIcxz0m*_EvzuB+yBx*O~&hVy{`Td*~BPLB>GBq-l*IHFJ
z|6?z&8#7+lT~J-rbW!e_BD*a1FD_|~9e{gW$|f~W5|-F~pO`=01S9{6y1nVTBf7e(
zwWQLYpkZfw*+wah9mdT)@L=+Fd?x6_SEGN&v(LiW^4Vn?j^fHX<c2#y#cRI6QT2>J
zT`!e1J7-<f6-7t#-^`Xu#2+Cdfcd353|ZV7E6V*FGigg-BoT?+G;FPYg7fH(E;S;&
zQt**KE;xfCcU;WLJc!zZ+C2cAUrj1;w>|V_7H)W_ponUCj}MNu{Iahz8&vw|N%-iq
zN@N6I_;;cojd|V}_Mr6^@)XQXHta5IDTL0};~??orX&(;(n;S7CkAdU3fImey5fDU
z)rC8YgWWocqknb#$jX@6t}$jGbm@0der%b7Emd|-!TZ~WHfWW0nd&s-@d+WOxaFFN
zo%Eqtm$UR#SaAFJa_TC*_sOPJD-0sP>{op2Ji2kY`XjiKmwfmp0`%7TCSJ@vLyK&K
zdZbL1CSMT}HdDRCu>)RPTFk$>77RO^Qj0hFkXG((Tm+dqBU4wSNrB|_YNPCZ0$D4N
z9~Z(y|6qSssrzh^`(`f(6O4mhu3#v2TK^DSdcAsE7H9(fxa9@W8J;JJLz{@1u9qvB
z#Jb1H!S7s0M<2Egjbsl;6}jaIWiZ<3SZMkv@TO<OIfMSqT@G8kkuZ}X24bn9<7<iN
zYu50CQ}vOsp{lwCI5S^|Q}qd&z>F5795-Y-srDuqHSc<dA+@eG)=nnNSsTl&SCHO*
zJBv)-m1Y_=jk36N(?r|ocOv1wRrI=?Luvo_gtb0a&c<eObtWRAk8-d!x@pAX=6~sp
zq|Bn2cVG_6>`>7cY5EHe#iVq$z>!Jmoaf!f?Ahy0F7a-Q^U)JhH5y-Cn$;p*lTEUy
zYqCjKbxl@^ghG?D@;LsoSpn@9Lq>_DFs+^KevpoSB~Mo85v|`WzsfTunN!PQw50XA
zBF3T8P6>}QcxM*4nNhnrALl^jK}%u>PO9J0{C?+@lcT)t<m3qCw5=2LsgHDarz%V;
z8TzGkR|(h(?>p$oM!pXZ=ZS}(Wvg{PP1n!$uP5PG5|qxvP;k4tz5sut#p9m&nznM5
zeS`LAj3Eua*OF)Oy=J_@_Zl~Y?(q|`<rb$&Tbp~ivqJt>^%ke8Z>t%K-@w~4Q_p(c
zSTbIBisTDtfs$oxFr8exiQ;1Nz#0}s=pZzDIhio88ThC_#L%>!{0YNj<6lkw+zvaF
zG6Qj#FKc;60ekjrwCX*@%VQazPw{#@6!|^Q^@jQ+Gx`3t;V!}9^ic?CAzC&FLt&e3
z@#!a~bVT-Cb<-K9QR;atTzfgCYYdqw>@Qp_df{=is;@zYYo^Gcl@?w{{(=7SQ8<qx
zgGlHNqYBKO6+A`bWZE&{^d@gt>L8}haR0?w(>^KMNqoru-g_;7))5E4;+KnYLu5F{
zp$}4lp_i#O+%+9W7bNBC+ko9UIXR-~N+~|nkNLFsvmRR@H^{o4L9_<og5*~tk&nHO
zl@2$YwtVBgpXxAd)Vns;HCf3(^QrHThK<l7XENU1u;3MYmKUDBurJZ*SbTdl;$%+6
zTAej7WM^@v&)s!h>W{bAWS5z1K7x8MmHFR=@`=GzJ7471ClYJlT@yhaxof!2b{qIx
z^1lt!ANGA);eJty4Y|X*G2Q%Ff3miwO?Yx5LSRwjjF56Cau>nBe#MGLR2+&1d~l<B
zW^%kuNRY!IW7~)9Ft1)3$oCHHPf2HsU<|YhiM-BW``p5e?{#!Fnt-7&8H6F5c35T1
znhht$ghA(}&E^Jto{urFGN~5L>z~cxudwbz@a1iq9lT<`RBtDW$D&OaJyz88rLJiu
z=qKWCjIuFrR?yzGn0Jb1C3qL-!T2{p(-D;EN4_K6(S+;EWWpb#BCdrcXoP>+5BImK
zZX0#^H^Y);D*3HSy2B1I`%#7c3HhXDtdR<`oF1wr*m{k^6WF)0P^cGyPsBSG-f7vW
z06$`;Q{&Z?(*wg#MD&tDEItUfef57hcsf8rvo$o!zQ7-21qVwk&bXM|j{Q=m25fc=
zzyJ)K%BAItB3Sul29>p@Lu5^Yc{{`=Q&|8LGAZ7eUQDY0zY8$$0F!@RxK~P=)#F7V
z-0cPT`@;R3t0@D=m%tHfw&o$q--1bw6WC5$+dxt7WQ>dbYLnkwt<VI_%KbNT8KmK{
zlcG*<hnZBgNkmq9U*E5UjG1>e>4Kt6W|xsp8rT94R>Kh6hu#h!uz~r})h8oy6NUc8
zry%M9U6YMj+ZosP6ejvAIQFiw&l@xU7bZ`pJ<X{cE0HrS^=~#uB2SY>cmSs(s1Yl3
zilg;M+>iiJ&o-EO65s@lwBN~oS4HkI=?-zF$B%W*TA<TALg1zu^!9Ah1eoFH{A}g1
zsPF!(AeByz<9byof8@RCXT40Lj#~xRn5cR_7%BdsMpccfkXPT6Y1tq|d(FQ-V~iko
z;QR!b{7EG`-hJ~?{+VUj4jsb!D4II>hI03#qU<x=rgSi>;EyMjc4XI47|yR3@sgZ&
zIzbUsf<*Kc&Wgj+TbnLVZ{?-7M>s2n@39|k<_DbtG4sP8?flRh&JRbL^Sp)mVGM%N
zr^AiQ9d3N&ALY1pM11k0Xr$=@XU&WKF8eRHmlRxf(;fNO`rYx4q30{HS5#p33W!M6
z4?5_;2ZYUGjak?=hlmt~^&70SB090*geAOy=Q#}9KgGVgcYW>Fol}NKW2w!Hckwm@
zo_l3hj4qjy<f)YllEo9#n^U}X{TN=_xZc7&COk{lvkUvqVE<&#c<o8Bp+=Zeb1g1Q
z)3yR1FAg3aeQb)8K96n|)^z)l^-X^^nDS3KYocy&w%b$f+;tN5<e=vw6ktG!JCl3P
zT^u%DvOag5xtthnSilj{hS`pN$!;pmx$;n=ToWLL^A*N^D)UZw?=FZBOT~S4)cdvV
z9p?OtKdYP^|5(4s4Tj6EMzJ?rh);kS;vdNnVSgObZz?nP?-y}7k_9A-!1uiF4l;_}
z`Hu$KpMlr6BZkp$&^wQ#eP+)>G<g1p{<WvC*n;LwZHMqV<&7zO#u-<Kd(z4=82gqv
z6{zzz|99|a>UsN5A^b%{to>Z@DcT6`zmk#H;Sbjw7-K8fpGN#2_Yr@@%_a0f&BGJz
z`1XrwQo$W#Hx?ZJC7PKRW!DKoXxtV>e!Gc3LC1*B&;y{&|My_@`QLgwbx*ybk&rBR
z>Rrg^f9~nEWM+Rpf0R|bKg#`R#LY*Tx#q=fk3G?pd~A5r36I57CH|!`w#(kIPSdJt
z7JLS`;)>*&Rgr7Gf+1iRiH|@;GYj;-C3*#ruL3gAUj_QiMkRhR){q*_`&Ls6z((jo
z|5;=&hx}W7U6z09+;JnEG_RPA@L_ECv=L1kS#P&|q%bYj-13n^uBKm#gRuk5jO4Pb
zcm!>5`GV-09OovIzuV~3(ktl8(hK!v>7}l*w4BUrA?>F(-_mn3I)|hLNXzA7E5>)Z
zi!pF%f08;~RbQqmr?`=nL(4A1Zn9;Um~k>1mAM&1>c-l-raL9daRzNX|EO+s9w}7v
zNeV{_atUSbD3F}bq|5;WrWQNjqv0Dy@ul^fK8H_B4PWMMxx}2W;81H((~g$g;%eEH
zvxvMc1>L+J_QQXIQj%D`JY??ZsQjwJ^H8im&BIN`->c6xd*k=3{Li#b`WV7DFLZas
z_$(S4zd7mdDt6MZaoN9~AfHSl{A>R)33u19rksCKOy7-c+Qz_{AQtUI{1cX$OC^CO
zbc^x!uHnT(hmPOe2CLIzUDIsu{wTC>J030+=hMtEM2pkSUEKeSSTi3t@8^f{gKBty
z@+x5bi{iGo`1B=IT6S6Te>c~n?_?SP>l!ZW%4du{EsFUg80F4gpQVP8zJ)PE>dmlg
zKeHYRp}esbEu+sB6CCh0#|f8VrX!58PB+Gy+uC1uBz5%e88KWkU-t7x<a9pHzud&-
zF)Be3d_0F=g4HjnS!eD+e!8^B0uPGCjI!iuQg28h@vadn>6&hIM*Dnc*Kj$+e0Qi=
zKEM2ks5Ht|&Mo+<o3KeMb=S1mEEJK;2#6y$vE;)ApwABmlD2YJh$$oIg|OK#r$O)@
z3kzFUKe%q0+Pz9$VSah13@eihD`&3Os~8op>A2BYxswq$?~l%VU?GGzUpCZn07Yi_
ztg;TCin=kT8*rEksgrVRFQzs%tp3J$lYNC^el3nL{}9AtY;9R@aWg&3jB}7pc=Z$z
z6(|Tc95H8G$gKu4|B}vMlrdfuC|U_*`aCzpLq>2POU=6JaE;UXNRl$kUc<k6<D__`
zeNRzSzH>@)l%nfGWb`Oh((S3wt32wg;BS6YC_l0`t%ez6f2k41_L_cT+<pFsMp(qp
zKOnICLT_LyQ%h>w^XWm7=pCxiXfrhO-yInL)kvdfC-(gMvHAFoPL|w?LD{~UMBkLR
z5l{Bv5s27$nZ4|SXHCqt`kIfJn`_yGlYW%zP>@2r2{Ds=OQ7u}QMNhI3ZLV2t^R2q
zcu;~lwN7B1dCmQ4D>lUWCL%fW+VQ8gFwmqM_Ni7c+?Fd5CZMnbD=4;Hde1oNWrKLT
zhHJNPn2q%a5%={#$RK)yNNv<GfRy1wv}~Q3I)6sp0KK>1v87kKXu1!^bVRb8AqHg|
zFMJW9ypF-~7`nMMCjH*m-nt-`)2sODAB{^5^kAWB;BCptFfE<b)RtbW`EC8wc!paI
zE0SglF*xW$!?50RP$7N7v!0`^#C8+X?Xkj&1?av26Lw8*D;xEzyOF>E?5(8SacVrJ
zUp9Fk=_9z~b;>((pNNqG(fg~fqB<9`owk==rrEZiS6iH7m%TlQ+qF`rY$P{dZFef(
zL}xrGTmNk8Ja^adn@{gc-aif_wf?~UsMwB&Q?>e$;#1WuhwRm7-H(RbtMbeyd*Nh3
zD?<zIb<cb!-(5CqC{);px@N)36jVB!N9X79Ht~79^FpsbZ1NAMuji=iH0@smPF|g^
zmvCe+fHx_q?`8jRcX#~e(S6AWm-X{Yi+J`T-7>8Tj7|(Lz66~LRYQ_i!&PjsgIRC0
z0rURZxglB$0}pW52xn8^X@<LDW(O53zbYVNL9j5HvNyt#+_1vMs(GqJovLIJHBgzo
zF2tR?O*&_f$mAP9r1dY8vXSvkbrxvm_oFcy1%HW}SV%KQvOwle2~lN3ix`Z`oS#Hh
zO(EUBmkm_@N$_WH9ViTE!$J6C`S0%`S++TZr)|Gv$ZTHb2kh!a)DM<ciq3D|Lj?dT
zrMcM3m~ElW>fxcK_q|M$lAI<LOIw?GI%uBFgrswmxeM))cxw}#XTDIi>WbBkcI|J+
zPeQixT_#JD4GHtta+mBSLPIlN0>djqpXL66<Hw}NP%<R=TITK=aq}ofz*CSm@eBaQ
z-}c96{=``QWce39U&!P*F;=^o`_!$h%YMO~F)lkzE=HpKgEGKZIIuuPLX7hQVz}I3
zOOmaWaP)w^Ts7p*$na+tQDW8|Kf*o>JXJeTlA5OVTzj@jPj0-lHZfj5Iqqa`<=UP}
z>Nc^k8n9q!T0{51V$%vc3qNi(8J<To2~snEVd!-j{WzZoD*fU0<*DNt#{P)<@}^00
z(h9j`i<%!0sY8U%U`5vz2Vx5<En#HYN(&kf9umx{Zf89IxKYb+vHw;2lHlQR|3VJZ
zHXT8usZdeP73jp>U6eZFtW+aCXr9oanjr;25X6J)URLTEXD){tZ0F7!UbuTxcO2uj
z?I@L}3w~38(Ov#^*0+k+=MZjNTTqfpxOwh1^cRFm)GJt&w+j@1qDWTQO$X9Oaelcm
zucwZonu%SUAEVwZhF7i+(e-dO84NxUFZ|ExYh(wP{!i%tNPA@={qO4fpV8My;4NAj
z2d|isFp?fm)bjz<-$@`koFg|}@j>WP9=GQ`2Wg#Q(=t^e4H+*U(d-UC8vIZ_ZN$&B
z)vnG)e`dxV^%D1}<wa}oaog3;Sf~=TZl3Aj*SNOJkk&k1MFzx4e*_m=@n&@Bv1NgY
zw4KbK#HFEiBBu!o-T$W-C3fF14W(Q=AlAz9TCJat1;fPOXL#8&uQFaA4|Ynadx#SH
z7py#%<f!?J0vX}$;ISxMuwDiG`y+C1iN{dx|5Tyj<vq5G2g`k+_(ATi_FP^l_wyEN
zFS*}V^so2uA$RI@WKPv^V;*2SQ)d@K^_(uXG5AhZ*&h6(AB~EpF3Zn>fD{Hn*Jhdx
z&%FV&djFXMM<M_QYo*3K_MkmqrEoQ81)Fwhfbs%Q>G=r0x+oL)7VlqocaPw~y3Bef
zLnb@oH$_^f4b=78x|CD9$?Yv>ZYy^(ive?Yv*g{ai{4`Y;uvo>!j}B0vD!`b`XFL?
z(--|SOL*`NA~&Be3g&HfF6h!aQ)WuEp=U}iER>kwQ!w*Y@=;OK0q$;azhdf%Nx#Ge
z<D762)#-tky&qP#<F|Gv3?e-?e>^sl??yW{`+(0K$hMB#%X0Zjz*-i@rE4d188;@i
z3Muod5mc_gI!JY+a!BWzWqF)YQ7}?wQUWM*9m?D#h4Cc%IvgCj(grcSmPt*sAoCiX
zCI2f;Nl#`RoG75im|6Hr;LPuVYPmgR=6!B**8$@84s$ZkscNCgZ#bDQZlJSI$$kv0
z?rvIWp$js3%G72qmdRy4W{@qj$V|yM4e(u*<X@LY(!Aq`?g7EqDPx@-uJzYb9Of>5
z%VnV=b$gfq@WVnOP0a~Y0n-NvIcYJ(D{b`hC4>Jsi{C#xzH?$y2EzT$MqQP1Rlm;3
zH1WGi0_66Ws;0*MbL08Vp&FVV$jzdjJCSrUDL_oVJa@V+?l#4Glc+5|))ot&lc`m)
z8s<c--vW;AFaC%z96ql&cs*FB@usncm6@6IE376ozBWt#<6EZ=jG<2o<LgJNI=yxJ
zKviEjyhbs+`pocZn&*DP(9+mo38%vKm{_U(kPCqnH*&2kw>iI6##MRKX#+#;L<UXj
z`hO*iQ7xHn9+}E?rw%YUPth>y1Nl`NMv7QJbr{w1nek!)IO(&{L|#uX?sFaVBHN?x
zC$XlxS)4W9RalWb>DiD74MKx<pkj<FjOxuhg;gQ#JLx~8oX}d7eQH@0cBcl%o?~$s
zutD&fa4h}{5a`N`#nOK=79GK%OLSny;?L>ua2bwb`^Td+Y~ORDF{vS98fn7P$EaQU
zETacEpYDe5f=|H`YVf{=rF-u9=S{N`Gronx#R@WJbaf$`Q9x!i4CNC1=`Yc0!CIpX
zonp~&GOzR(E2q}48hxhDn)EhXY@zSzFW$tJ*>BLtJIGNJAQ0#ze8(SC|9Yx=U_Gb6
zu!$E2#=KpgnJ1r<t{neVe++S6{p(GCU}|K>Wd{9)YR(`&%x4KD4&bpGeEdyg+}+XC
zVG8puckS*ebB?!*7=pLd;fJD4e_{e7fUtqW&py^*;YiMAd*2X%)J(W1aaEY${tOr1
z2s`<Ehlh9vqZ!7@HG{^tXg>H$0ZpE(Fowwgiv0oQkM;V4QVzIW!;>k56ZwPM^ux@2
zj>kcldI-Z{sfQO|t_nYDwhLc3A>?}0f-p~^(1ClPeV+d!6<{zK^zBXm<r(zeMpp-e
zZ2WPd_cEWXQWq%cl^{s=52@dsI-w9h`osNr{YU>7dv5|?RdN1}PZlsHksxBFHR=Hq
z2+FF6a1D@!ut*?bQ(Pc~<c36&+?abW3DqK)M7&;6v{JQotxL64Th~SqMNv>|f5p93
z+q$;*8ntdkY^~@0exEt#E+;2oE5FbG^Zwu7$>hw;GxN+d&pb2p%*;76!4p^m@3RK>
zMxG&`5pQDnd#r+g246=NbUcv`&^-h-sg9>IdLG0`8tjM7jzE=gw@h|M{|K!Nnk~Qj
z5p`R$Fsy;Q|6(&~CtP@!Fo4q!Q-d#B?25EJ3r3W21E1m)siwDo&jZ-3I;Ao_c<r8&
zyneykd#<o6sW=v$Lf!K_k+=B!W`=Y#>?^6*4B-1k;bX8eI9juJ^-1Bh$tm~*k3w_`
z>)~Dy1w~h;4!6;L5XVc0Rz%^Vf_f|J1KQg$JrC=Uw20i;IH2dj<n=ZCd>}m+8W;XS
z_MVye9D6)E?`*l656nw?1K}l16eG8nq36Q8uGlsmfi=FypURr|);BnR<+=m3MI?*-
zZH66f^&g0EOMi4vdX~RPuY!SBe<i}jL|9e8h0$dCCa=m3%$L32zlW<b06#tieUSOj
zT348cldYz+6Fr@}NJjTZ%pXk&`A7W78+lIX&P1LF9B0jxqMn&ZP?~|&SAD2e&IV2c
zsPlDR4O~**FB1?Q$3h$#<z$m(kgpi^tkXJe4P`h442ZI~6}DyR9Fy2KgfR}cV^}mL
z#mHlf&rof|A&Uii)dX`h=tG=ejAe}Htr+qOwGa!UrPPQqkumhG15i&mf)m*mzMSD?
zdl8~W{!}VulVbp06Zzbko=SFtxv80fPouZlxw%n1pD2C;6vzb2szcB`Bjr%T!=>Dx
zok*>ItuTZdqAm=zMqQY*nRr<&@jxcdL1N-UNtj>ca!SRKQInGel*6^i)x`51mIH5H
zirl3~PT!8<V>L=|%@Lp{!P9dq+Kcsm)KNUL0mG8P1#5gZip^PTep{Li+SiB_V{Y(A
zbjJ`DbQ!1V{z~4cIaT&b1G9BOKfoS%TJSGu&h8X;lEOd<D8$=1fhUvYJG29vu9sLn
zINP&-Aa>I(#c~qopR2K<meYAZ=)<d3NIZi)Jxy|QtB}i>Qzmjk3@oz=Pq#vkr`P7`
zDbqFB_8$+wY*pIxshfM=?6WA>GJ`vdNlrHV6|}X;`;R7P@EYnumYa#?VYYZ@Yq<qj
zdb%|~(eZP-lE+rP8;FS#YqSRZXwum_DcW}AL;ySFyL??y)_QC7ls7Q&1Y++C%6iAc
zH*uW|+De#9NRT(S6S!rq>74h`xAW~GSueBX0gEDFNCAcJS!BdF3&~(isqkiD2>VA&
zjJNOj=31!Kh;(g5p-b~nRYSrv3O1fr(37e0g`SXiA@+v8hdQ-h&XbHRdSyQx!y|HI
zs}K&hvz_j+S3jAToUFJ06$GPIe2Jx}P$?E+FlcUK`gKz_;T=5{=qEwAKMuYWnf<Yr
zf6h88L)!JT@)TM=-}U1cHXOGEHWCGdEa|f)z;<3g3)p=~r;$Vsa!<_|k)9$+-N_1K
z^>Y>}bXe^Jt5<lRh{7xHV_;A;f&+1V2Hvp4^4AAa${iiwH&TP|Yj<*c;QD;`qsR!`
z!fk`FF!?du-A~}3#=oQcS-5v}KQI6PAphT%|L^m^_5Mi#%MSkH#gJnh_)BmAVIaL@
z){vC&AQ1F7`^6Niet5G01`D)*StEcBWzA;vU;*;Rg-h}}x942U?~CxFKfd^VF}z^#
z`e)YZ>Kw>^2vZCWC>QFHB{gRQS9ZcvmO~E+kFLf4J&zkXU14BgX6xUQ9&T11J&}K)
zuFxXJh0YroS~ZyM;tq7eg6<h$0cUeIG%+PNWtQdb*<oOfAr=19jE;Y#;xwc*3pQ`k
z<mW?A`*E=y*Om@r6lV4t1=pTk8KEV4IbAqAQibbtC%?ZsHT1q6J@iz^zfyvAENciG
z?IV%>tl;U}5LNY5O17A7&CA<0L*8!ZVSMrS2g-XbJy1<}Iy}XY(&yp7Z1Rwp@DhI3
zGH%a~fuZjY44s3c6g&QfBD{l~cxb@5hq+HJYUR$3T?0S6J*VsE2w;-QhmS*3%<23E
z{hWf8=G`$cupaCR?OOj=g>EM@9~({KB}0<ypZ&eO*HM~raC_btyC@|%umW4Y?@4)2
z&5N!^dC}*G(Dd%X$V1pOC_>JL?pR(1Ia*8s_*3|-Jk8P&>S7mGrDeTm?GSrKdK~f8
z0Z+6HEhSts_!c$={Q}7Mhv39@oHZTk4=O@?!x!KU>)>o%u?1S*N$<7Dx8uBw^gw#}
z$excd=n&;Q%)JyJ00rKsjC69#YgdFfDumnkBHl~DM=2^D7`>MT0?)!{=0!KsP0m*u
z(N{nfSfA5%h!r7(+CGoX2Bk}*h>@{HL)Op9qs%Z@Tkt|pLG+?8lRZEt^!x$tB}00K
zgz@Ra-pB+JQep5TFh9#JFBiQ_D#mZ$RU(2DJ(~b4dAej9C?KkCpyK2OpM^66q*;Gz
zjDoW`BA++VlK$v6yA1qRlu=oRUn6rcrUJAJKGs_RAQFvc5}r3Hnu+KksEMPH7voIF
zb8^c-M9@1O8%L?=9%iMbG|Ky_EjL&fo;4}@G(xz)kAv0{<v)G1yv&HBJhZ;wp4~ri
z(E8<h7qGCPD)?c^`hO@eckN4Nzk!h9n<>Z$m$zd{%9?+&N5#8sM2qoE?|3CF;X?~H
z^aeW*m@;nBN-w(b3^*gtPT{zPs*5e%TRYxEftRZRMT2|ZvVv{^QK6lduwMbs<d6MN
zg+A_i+=8!7gr6($)wcnDvjtx!a3OHy$30;yv>OYm7S6lH$tC8<mE4)I^Xj4p!w0Ki
zB;G?t_x9cG9dD+(kbO=ZTU8v}^h9hYCt!QsV`2MZH}Lh`<9Pp6?}u=K2g)C3UQjFt
zhpYHP$)a#uHX6=S()9N)QG}TT!<B=(UXWobI1!*c%z3~*h}QQo8R<C``dWznGq`})
zStrUg<)iW2b<4HRBXrEqtk#>47KhdwdZOn>LErPL)lKpE>d;P%@&m(5FdYhJ^h}Xg
zxkq4FLB5|^>1F-AbnxU|{<p$MhIaAAJ)J9Nt--90wb`kG!pGQQPhM*TvO;SO7V6Et
zXzw#H9)B-9V*)=c3>HjYI|+)w+DQaI4)7*R6TMl+>+Qkqf&`ODRN%R2GN`A}uHZ9_
zJ_ylg1s~NBer@Z|wtgej2M*bUe(RvXA;Ou@p(gM^MXLzI*aD>kdkX-*3`lu*NuTbX
z{%y9uUg_=oKC?NnJ&<SMadBtfI<z;`A8(~($ht{bI+_AU_h0cQGvshcq;oPlIB1L;
zb!0d*x{Iuq#W1jvJop!)#opXc2wyyjJx)lU369%lke}#MxmJ$sQ4hhuj@7X2M<)WA
ze(x9CjGSqp=`LZ@tpEgTCAnA&7>=+_2n$co%iSU`>gyS^J^_MFCo&YVZ)Oid<X^J8
zK8dp$l=FNDrlrq7QHR(ZM12V5X1!g44Jwej6X%Ue{GLpP2Doj7j}QVy;bnN0FsGA4
z65hNX7<`K&{@xxoX?&)$=7sQi*<1s@0O~KlitKDfM7$T%_OO|^?b2JpPJDwl{A5tm
zh=P2G<qVYIvFFH2@b3@+tl7vLEb&J04J8F_D)RjQAP-$-JdgHZ;9ZY~$|~A;T^_s4
zz(k9k4}XlrR-owjqKsxlmH{0ZYDHs?$1^CGs@0G!UyuqYn2w5$jIfezj92vMAhc_{
zOh1A+h;;l5w~*88pQK!ccFWq)M$QRP5eb=HCaD5zY%<59TtXiRIe|srX+iM%2MEgP
z>|`TgKls_m9i_}3r9=Tl`MCKc2+<27q8DG4D-fjNo9{WD<w!RJUDuFk30#rY=&qvw
zf(ykQm#?sWI7JoVjdVTsYN6jM#2_y_8_@I-vPke&Oi-#WbX_|0ioVJAg{pt;cX;l?
zh1iATa=Jc4@pB%U$(O}9^JVePd@F!EWXEC1W$e2o_PS}H@el@a5{9<}<N}k7?ypz@
zl--w+6KLgO;GI7p54fF<cx-lQ6e98!@DPZ+6LF(USU9%!oX#Dffm(3abP0<gA7rJA
zv?n0v88J5EA&3xdC5J(1nh=^m+i*Mi<XG}RF5p{_Cjdf4;%u4@M;uImAD%=QCYX^4
z;H2m*T_I$U@@IS^x9-ccp-Zg$au{|S4&Hr7N?<X^i&1$wk3KHtJjKrN=@V^c1af)y
zHJM-o?F?^4oS802gZJ=DJPyt5T4W^FZz%$a)zGFPpUCIqkq2~hHtlTGEE*ldiT+{m
zlZD8zC)+G(cH{}9h`t4#f!)JX=<G4+>3rVu2laMeMrc=eiB$}?`>#*1OOn%hJEP)7
zp6<C;1iL7IK&0r!fPw~g0*}d;P*|df<e-qq8&V;p;H?-8_|Xj@cdK;N*Gcak{Q_x4
zYYIU+=3qrvJTfrnbgc$ZI1p_l0bq(<EP3q?l@^JNi&MFP12KCH3R__wOD+R4D<Se2
zB1Xp{M(6e|XQLFsnOu`dkeQe~_e&@^b)H0dUWSy>;~|IL#1W0MUHzlyL7;iqN7itC
zLbs2|qpT%-hK_64JL@cEhtjZ)3Hch-Ca%}6{~(t_jGN<c!pvW7Y{VH^>_S1aY`9$v
zERe-ryn6OdhEsSymU~h%W`ugccBYGb0-AFksz{Mra`5%z9^Ax-t;MU6BIlt2mOgTE
z)(j1QXh5kQC;0xlFRKFY;lLxkUcj1v=_!;7%kw)TTkw(s8d&JF$W7d(08Ms=n~)(O
zF<K*k27fI=yH2MFgHSti4I;09k_GK1wbJ7v+h8bK#h82S^_1>cFg|pA&>rCq5fbym
zS5PrsPzOA$NBy<y+4{{3;@^tWp9uVx8y&g4Iv4q!Fm4Osfz;4z9Z$BStG5=4to-!Z
z*XgnR;~%$vSL^HNLEq0{2h)nhOwoHjn6dtAj$UhDT!Jr`dg-J3TO_FK=+60m@({`n
zHX(uHmmdMe93%7u6oQExi{zbwF{h$a8UF%4Qr9QCA01wZdH(7nFjgDEWATRXr)~Ww
zf6|)zE4&!I7vEEH7MKpS8Bln$q22A^+XKJv_&QbQIeT#k<O9P|<F>xQ{Ryh9XJc%m
zW^8{Kf8OB9UjzmrNF;0qs$l#Jcs=+yC<S|-%m_}p!@zRX*QtTZkUtkO4~e{kc6rKC
zoZAG(NecwZfuY?%7<;pf`d+??-C?K_EN&5tTbkE%f8<A~OG(u83;`P`NNDRf;)$u0
zB*9ekD)gt;`W=+{aMj?@pKu`{cG~8P#24Z|8qf*N{J6<~3Jm8y+<5<+XyjV=0$U;j
z1Ri)Zt}lT@)~cOm%T{)dJ-;0Pde1NH`52HVy-fwpyu<o_>{hf>IZ%AClvG}vvUzqP
z_N{QE5!jFb%z3oG{#vW;X-wrFVRvA$cp;(-i|-`|Zu?wMiG?YF8$vih)?NU%*6eN>
zBiGp<1|7oz!pc1MYw<@Go{wm_?(MR#rIjzrJ1jbn&B@C2PfzPib2=w66d8|7%ouB6
z3`XVyk(^D-%6z!ad=N8F1|?-~j%Ma-7x1&TL2`}-vapAr^vK8P8Ns0_Uj+fc!u^^R
zx<iNBy?J`%aSQNs0NiqwcT!R0kmP#)C3us45E=!uJ`+iBQ?Ibl+Qkt<?Ifp3lAKFl
zLp&rqOp+ZIJr-U^`?cpAh0s>PkOJs;m2gr|nE=tTyyW~KY)T*omlsEkf1MGk7-7Qo
zvR<$!Fhk@E`g+IS{@4mUji;Bde^%km$n|eu0JcNr37wXQkLhL%LE^4w(4$!AkM5e0
zi|W9JD9*`$taSZ9rL(!6`E103$Tlu<VH`}y$_T40@`q8Hz7Hq@k3wNIL3hXAGcWjU
z$KK+cjqd|7Zq*Dt*0J~4;1=8pGu{Z^-)$f=UNJra7^DZtJ6^i(rvlgPRI2Q;mfMQe
zSDK$6eRg}WgQD{mh6GMDaykQC3@Xwenc@glp>}<pv}0=e3s5@FOLIDBY4M8uXcu?|
zp523I__W-Pf23e#kc*pzATB&Bck;7X)_m6L3UmQ0dE=85II*lB3Yj@wgMpZEA`Kmf
zd6Qmr!6j9wgYmD&+kd=17U}lB7X5iCL_YF%l(gjS*_jbMZqE}&Fh9JO%XJ5%j<8CJ
zs$tbd@Kr}@&PDvDM$gChJc0GKUz2Lq&b@Z+Tq8<`%qj5Q#WIq0!bm6^eB<ZlY#foX
zbs+wMds>_VCtHFP`HJ184rHQj+q6(oBKTSomW6htTX4+p^-Jow4hAA1BWS2)2-p{W
z1lef%wqdo1E3AAwPCAG=AOrd0<A<$KS)_8MnVb(W#`#eK4x|A<;o@o=_a}5cpTcs=
z*R(ks*jD)Y$L;t4FFo&k$Omt$p(tVk7Rg7wL_d`Vj02ZK?-vfs>G}lu^$cG(ZCFm{
z6+ncJdSg{eWa|hxA+~mx{!b7PdJXw*72TV?_+Cx&uHcSn4HL2?sIWty)H-Vl!$A6Y
z)O%>g5V=4+=b<uH*p$=B7qtp;CoC^LDQwQ^;;DSmGx3iRdfvnM2}BtXWPH;q@<7dO
zJc@>I{lc@byos}!it_R)0SC{>!<zuOGZxkI5MHu~-Uc+A&{~0lttRp~CTSRq4uufK
zWG4CsA|W995}pws$|_vN>Az3|3m&}*Y?Hp3YG;gn{9>88Y(n(t;b0<~6a-F1@6c|P
zS4FRbJ90FchjF*(-pFBa;ww8aXCSvHh+dT0IMyw@nHy@yLO&iUP<6x>c?vqh&Vv*W
z^tm3T7e7%v{3X*+gLS3wBP2^c4^-<H{2Ge-1($Jodir3HH3Z`*Uv_946&n;+50SwX
z_j4j1kHm=`Ndw6m2g%aki?g$-#RNr$%in2@B&X{J&>dby?nm14(WRZ2osMIJ+Of^g
z^>nOE94?%NVB7&Jttm%f6T~jE3-PhzCUEfiX}~E!n-Cny!uFwzL2{(l7V@1uBMsZR
zNCGvJqr62gC`ZXUu-&Lfvz}M&*+qKKbBVgo^!Fe!bJ1khO&u4+aosa|O|d&?1G;fd
z8VMY(3EZj1741~*MN#&kx;>*(u>Uq`a*2_1HRt9|eG})gj(@?rW2hXTy7O!$-ciae
z*z&vrtc+pL9@4tyAQVjc1+F`R2`7RHczbhuuxk9C#P#mj;Vwt${*wBy{$zi;UJtdk
z-<PqnH3|(T2l*9%%u&`U(~=1?xDRDwFupyp7g(SlVwQyUs|T?H^C5I%DC*KaFstL#
zk~1+G)Y2oJNDbmHg^(2Re!jdPe24iUmgE)6y$~-FG=WVW*b*LyN@20{P^*u>nJTSw
zAuAap1d!}xW#4ivWai0o9KL0(_Go>O>yzBG$NT*9`5{-}zoI1SdCt3VMrM&!+dE{x
zmL#HZW#Fa+SbnS)klfd?Oy2Wn?l9eLso{V}t^t_<J{mqNqi3^2-_YyVS~EA;v{Aw#
zGAtG4bUgs9d!E1^)Q{l68t?jNGYpjKG~_QRv2<GzUdCnRK|N<!@`7_hayr9|k9T4s
z{m=kc_h5xKa+sasC~iFkU&R1DF!(&Qq{x@(0MOs>3h;Y-ydQ`@BKK#S1ChC?hK{<t
zFJ#)m)*V;&HUD&c!;XIx;`ja}7`tLy9Ed;9Lr-!WzTX0$`PnD=z8qL&Yj{WZEI4;`
zd#>RBk2mqZzGh>dgzIZIPNSP|nu+!vNgW0O4?sK?8q#?!%ndJ)*NC>PL&SuBa3mr|
zUK$EQIg45ZsfqWIb3s<58!+^l;Dd~m?CW1fnhrUsqF4P<@btUrqqp-UOlzkZ^_YjZ
zudoL(d1v4t=n6;RFhTSty>?S6POrR)VIRZFj>vO#VbOx3fY+`eHvRNxM5FQ^-o$cn
z=tTb<Nke_Qp>xm|=g->^9nBwk69a78O2&{$7<9n{dl)(x#g9BdLF>(*(P%}HYXEcb
z=Ru@#<&X6~B1(fcHi2y{EwHR@9K^CU&uTl^sl$vBFC0m~gef6>8Jn#3!!s1{o&-cB
z`1$(t(l=qZIoK0hEV>7W7O<tVw|-$8x7iTaLVKY`i;vy6CG>B?54ki3%**4*h~%h2
zgVpfZAAxSCKts#2Lo=v?7C^<oV-(?Ii4rgFydKEWC}!a;%V2h>g&!t|KE`UmCPdq^
z#gey36_fyp*z<;69<+C0%Okc=ZWiJ(=YkLx#OT1lOXx!6#c{?_pE^BbXA2&PgC2?C
zlQJA>rL*{#5MSbP#Z%N5JAMyZKl8ET$M$QE5@7}*9z-B<y2M5DDofoX2rC^d?6wkG
z>nV%3Ai5cP@AQpbOW=C!Y4k)qQ)UlVx%k#fsB09K@i0&wZeS@PyqUg@U6Z)9*OkZr
z+j9B;!3q3-{W$(VWIGR|+FU?)mx2G`E<(c_84}*i_;sO_@J6Cad12%9%&$-BA}D9W
zktw)!QKCJ+O(IKp(R#@vhq_c3&(+P@Fz-;f1=IR}@OYlpS>1eux`;e{z5Ew&%Ih1`
z58F6h4efaI<H+_SWk@{+?oii2BI@i1L}5W{(X$<_%Lofp)G9Fa+M^I>GvjY8P3w5`
ztMG$T@E37;udpM$nM8&D{P^3c_{d`Q!FzV#Ly4`Ja(xwg9*6ILc3bFrCeTR38yQ)1
zVPpBMuXW}j&6|yq$@Gq|G~YH(pKr6~qPu}l^D*bK2b6Iw*4)0nK2UNqYo%lF*Eya4
zLIli0F1rHHDLltcRHL?oavs|B=GDb2<(2hcKZCk$%gK4@B87m-yRCWQMpjPFL-*cv
z6(&5G4a&6ip^FT7LtR6JSpFBiY2@zkW~tG_3pdW#+p%|f+X)y42LA$!$jDK@_O?+X
z$Zapv?qyNw5ADJ+9pL3}Q3W{<J#^C#(UA#q4F4l7Az>~Z;!elCs8aP|L57pwCw_1x
z$eFBVDCe<5Q+7{bX+k1dEYmu>O!H8FuxR3?Odw*}A*fQLL9}ixx^;a0h_xYrnJ>92
zQj1Zz>ur=lUvL!OEKGUqfkEW-#u+Q790yp=hPR<^3d_eoqczWs*(}`V4Ez_S=Uj9*
zqKrp_0V^+lA8to~kn>RIi9+h{K?IbPf2LTUI4wln(vE*FT>HoF=g=QTPP_`d+epOW
z&CDd6yKx<c*Nuw?ri3H_Z@lL)j(9dsPd%C<{>LE+BA$+9Ii05g@fJa;5FPgleECE0
z*@QBF!D5@xK?9KNAutq`<4Rv3ugl!>7tj^xx8*Z-mru`(+zUM6!Pk?j$Zc?k9vAwz
zg}az><UZuq4gR8%*e&!-(CaJG>?e!7=XAabaL3(j>Zu)fQ%=&ux+{3hs@mj=pvXT8
zeO3hd!F7+4ktxBuSl!DvQ+n6l#D&$)@<V`DOVZ7}`p1&N)MyVxpko`!!9h$_==h{E
zq2P|-;=XwcTT^r<T;cv3&r9!kKOG-AN^9@fnI0XD8J$I}mcz+XmY&1xKp}mybeOF@
z(q1-tKbL7g`20d>ieUExOPt`G%g!N5B>HNsG~vc+P=N6&>tX4Z50U1bP!dgiiY`#c
zW|qVZrA7|}lE|Sq*d_QJ!B#gPPL~Rr8F>e<mxM)JH<oAQgv1pMvq?O(?oIG9)J0i~
z79*s4F9q<^E8#r_WZ2zKry`SelZ*Zg#puqs1M!|^Jh_1UvoBtcdXWB$KSj3!*Ped4
zSVKt-7?D?zH*}?6@xjp_8>~>)CNTAN--~ZR7hQ|YbpKNF6?=<gFk_EAi&W94flt1J
zN!MLMxOguk{OK+hN;;hRUlBFXVu^#=V@9MHQ&NkDoX!nE5UJ2~6!5`KUY%en=@<+;
zqAL)|8aA`JV~;i;LokB~251C--IP?2xkT{dcY%Pf_<#iVg^?@&o{&9x8`;fdJ0f@T
z5zl@pQ*UPKcd+Ax)M&3NvM4e2vj9Y{)Tvh`r*35G)0z4<?pMXQ$5E_guSE+B8u=+!
zu41KWC&nU;@w>?w&nL!y#JG?c<vzD?i2)qIn2TF6fb>$t5v1&Ibe9>;M{Ix&Lg96l
zZ0S#DN+blPaqlvndFCRs7!{wgez#mMT=^j%pwkkLCrQNxz#jcAA^|U$f=L||5tijI
zKS!gPg~=CWAoFTrCr*_hiHHfU1?L}PEg+W9CCq1m&gb~#d|qZgM=&2RBH8@Y7e1GK
z4s3h_Qt}*xe4Mg&5P_7n!xOXPvDJ}xE|X$C!biMV?=ZVNjzD&MAe}lpOCKx|iOxpJ
zoVoP3bMYk##e+Z)`GL;mwB%eqW-cYnWfODJ4WyV2Bm)fxg_1TxMlManSVN4*YmDi5
zL|;WCw^^c7CyP`?V(NUR{&1s|dM6&yJJ1!_)zS57LUsHTk{H>cV_wHcoIhWa@{7L%
z%3nbwi_*x<#MIlEx=W{CmYg~puf|7CW$J5mY7Re<gA-F<z|=E!Y9l%I5lo%U)Mp~n
zzPL8xbD>R|`7b_6DA`bAk6tP~c!H03Gap9m_Z$xFUqMz-GD+Q(nED+6BEQh7JMoCV
zf?mUg|FPP;@iW0B9mcVVn64$JYK_T5On!_L$Wvl|`EdfpKE^y*#~jF*Hz7}}55yM_
zIh_YV`gRp%kdv|Y<YA&zo#^#&QZY|rF?S6{G1(-N1zh^{<A0{#j7Ra=dds0W#PGfi
zd5Zj;2zNv}@Q61Ai;rk)oaWD9CM%f9uaE)(GGN^dg3y*k+lXGBD4LfL?*fhYcs!zW
zIK)e{uo@p42Z*`+_9WVVg^?{r+YI6upmF^55<7Vq!%i}7XOXs@hk>@inzlv;^doE2
zbikzy_?%>Xs^#b|2E4<7w{!q_ts*BNcT6>fO0*Chv#8teS5`f;)kOZ7SeLgTbz~K2
z1N)})5pP$&WftQ|)mlWdWJ)yhIjE0l0|GTCqJ@cY>GRoPP;ex}vq4p8S9B6%>3$_e
zla(~qOhl}n-`m+Bz371?xKXFy3(2+8ulXwaK7D%V;$omRa<LzmJg>n3f;^v$r%A{&
z))-n5E1oB-vq<N4DbwjW#-!*4@QgR3?RY%Ki)o_GbaBv%*3y+u*O_pEXsL!@V89yx
z0+_=Ec0HF73Rw-YQl0j<1WCz7>d3nnOEqlcBVG+}uo~{foHP2xry$C8Y~}YoOcK2j
z9V#**m6}yscq|46)JdpY4ygA7N8~riAtt0ZGo(RhU6P#jke?&#G0ggWM6yy?Y-#@r
zue&hm7@hPWJ1JgSu*TzjCjT4umZMV;5oAq7K=fh`5U!;t2Utq+2i+5suU0AK&GwW?
zYe<*kLv&n`e#kLa3Laq*xn+Ye@O(bv3|vPt>Pf~!h{W~JxDY0_5M-x?hu>dCLx^k%
znAR+x`Y0j4Rm|^1onLlxewQ=9y*bEl22tqDbZ2p4B8mc{`1m3r`58XqB;QCB4-!S1
zlZt7HDBeR;j@+$LT$GIB9-?R^itUJ`duL5bWj5|XEy;-95$^|rnUP&!ZFDp7E!FrY
zCga;qe8Ye*ay?_NLd@>x81^;d$vbS(5(sgK3jIh_H_k*jK{tta8EX=F6#W~N9PnSS
zSMtkYu5061J$~8QKc{mS_}?~&N9;ApHpE}`YU3s@41Q$q)TZQY=tsGTy&z%j)V=yM
ziUyJ4%?WuYzydrffZ*L&KkUBdE=vb}=6%%6kvt-g`xW!DJHG74Y5tdK)-*qOaL1Qe
zkqNTT$7ftT(X@eXIkF(5`!3*#?>_@G>n;)yq|p*Y<YMJ*ci{O1=$0L_WAKF)CXK`C
z$+;+($Z!BDx`pm{fvjh%je64E@ZGIp*$mXL$#%CRTyhzpb9n=^EEeezJA6+R9Oj+K
z^1d0ri7Ln8VAEmebJZ7T>SFaUr}JSjnPYT2IwG7)fwLHz;lib2Wgsu7OQ8qF*VtVj
zg5%a|<7ln&@cI|x0-~35y6TaL5m2NRSlTqgC3$;F^4A3?htJ98{qCotkHyD5Ig;pH
zd>@(9nS&r3C(og<k{zPfA^#HIe8#=m!F!%e3F>6?ao1r^*Jvc`cyg4?iFKTu&PGbW
zB9K!u5R+t_O#(6w3K#K>upx*uM9vWy&-ZmR<l5s<wyvR1?*Y@$%fJ6~{k%`V-@(P-
zqHqD|?s^04iQdD)2{wM}WFQ6dNRQ;*%}tb?&KD7flpvM<QV|%R1`PdcS0`YS`(xHn
zq!(kk6OUM}%->oXuCr(uqiM(kwjqo&5AupQ1=wSg1!FvADS7qdV43B94RPQuK(Plv
zID>`uhoC1C!z09i?Xb@^lZ!$hg%+nvr3Q`+mr+COI-2rVHdsC)Ws(q*u#O(UppBvx
z;S>HtLn*sBi%_BY8KIZ;N{{|Ng7vF7$ww1rqUXpD@Cn}yLYy9@PlQQ6g2j}}2rtEY
zx?Uv=w-;ci$of#qe&2m2+CTPqZ$+)jC*F^<dZ*z<jrT&b-y+N|mL>C+zsN{J=32@P
zrIfAjq6jErZQ=EX%-b;6YafC`=!f)VZ3?GtT*7y$u+hTV84INqm&l+?z^SzG;_Ogm
zM!Y?T7emN%I)kKw?Be?Z(m3Qzg;#n~@k)4qatS+X^U{N#>?-4g4{=qfe`t4Tu?jsE
z{XLr}_H#a9^W<L6$=ECgTcZCY<H+G+QI$VpLJ>8*K#GRd$wd;!`X4Hab#xN@6ACz9
zHf166QAmUX*$~O$!CS>2`QtVnFH|<zs)q-ei7@^!_IHzgxjCIPZ61H3oBNM}wkUi~
z1}pbi&_DsYpK}T63_cN(=VwGeg-l8MvspkK1(<yg3dq*6ngwJ{qTigRf!)&yWaXSe
z;It?|OANEE6%CFa%x*F}Z)+3d@Rbmr?;U-eS%Q&IMSn!;{lUQK42mik_SnUY$cB`i
z7m2=uKvXumo#<vJA=1i>=t3ky6>|$I5`=!h%%xx@xVuiK{+Hikg|Yz`PatFOLJ*OK
zN+v|FBr<XWyGC+>F(dpFx%HC7zaTKm%jh=Yqa()Je7j(dHRLYlg!-{|A0vm;Z#Ce_
zk67*<QbmEmJnK0yfWyY0Sgnk<qvL{%{-G+oi?m3yGqR9dVHgi~Mn)1B(=y{rH^75F
zicI{KwOfXrWP+Zjcg6&;eh_e2>w9|qwR-o<ufvdk<_`ROd9Cp7F0k2Z9`|31)j_^>
zC4Ng+>VCkgRPY)7B)$hhz1>oYSdn*F%O`Ow2i-!~`2ZqL5!3I9tmN4Lz;J}A`1`j*
z<L@8f8(h4VY6J=nQAOx;aQ_Q-xr6W8ZzB9=E94bdS`7p?trn11KgCWew@;C_XBYC~
zUT)-H9A}Q~c^rPGk?$+5?n~eA(oK@M5pMTC5Rxej3*>5jppuvD_V4(9Mp_^f{f5AT
z(H)ztpPB#k%Oz^lCLouenP2cqvj1ZTe4qpVoCBWgfPdwHzw7Wv9RA%7|8|Ez&w)SP
z;Wr$9<?s)2_%j^-Y={3PNB)By@HZUr&mI2XJNzFw{7*XkZ#w*=lJc7$daL8{j4AxE
zzIEXGD4!h%tI>S+L`Oajcj(Q~b73lt=9{QvydN5R4`&>Nf?tJ$8KI?I*^{@^PNXXG
z0gt~s1j5C-HxJ+b5<W5dU_0D+)$)jrcRtqln6NQow?D!cIr;iYZeGuearwCvi4x_<
zaL^xdz$ZB1cR1kZJK)nD{z(r1I*0!O2fpPF_$G(H+Y!IW0k3!XJ01Qv9qBK1z`t_9
zpLF;ycKGjd_&;#?_d5K_k>5)Wc)0^U%He<75&vC>|0?mv>$}pCKF{I5&Jq76hkubH
ze!$`X+>w8-1O9sle4xPN^kqBz84iED1K$#d|6>RK76&}t;cs;KpL3+YRs3=KY8~-s
zIsD@s{<9taLWh61Bfn0EzrYdy4F`OP1Aei?KRC(1IP@Ne+=1bx+2~KG3BQEy0ykaU
zfyemm5C2Gf86RRa#YJdXa8sd<b^IUh6v(J?X}l3*+$4Dn4s62*=+}TExvj7rQAG9h
z7wjsXr6fxE$Ei$E`KCM;?UqMg3(|$saHZk)e-#0mdy_njBE`7Vw=<Hpe)T%W%~0w2
zxTIoN=>#>9@JZvaFSo0-Q2mOJqV3orjc|Ciwk-FawQT7V8AL!;IC2RQaI5+sX5j5z
zB~sAPi``Pt5?#;|DJW)dKU~KG{P0%%4|VLPzyqUM&<4$XcDjlEr*3b+AU`u-x2L#Y
zx2L#Y%YWRj<v;G%@*nqWd9?kgPaN-fS~xgxA*!?|J3K!fXV5;Lk@9Iu>f}GP;vJ!-
z_6JChG0kGUsa&K&?{&Wk%?XDOKwY-?5g8J>3q^V+rd@2>Waj@WseH(9X##lDzw0;i
zA4$Sz=1)o*AIVbEX+P=yzxg+&#@Afeu=4-rBK)t?POUic#|bgi6qOimySZD*A2oft
z8O~>-J29;tpHDm7PJ<x9V~5jk<FVa*@@L~oboWI=Vt8VF;&8*yFq?+Nv~=$;+=<_g
zk9Ct+UWsnTPyQK}mnorvN{$Sp-}y7F0Q+gf8JA&wJ&mNgWUB46iusUVqT3EzXFK|M
z^7=UYm*}>`I&DWEPhL@H|L9J!J=XI=hu`Vtop$z*Zt^(sw?5I6;NFF}{MwX1=4o3A
z`0u~}UvgkkeS_bq^Hv9ftzM(n+v07m^&7rsqq^A_sQ0!SZS@T`^+tWQ-&o=GHXC}h
zK-^jbLDfc+uQu4|9g|s1Ppj7-Yz&Mt0*N@=8X6ms)>sj2XbdDJ5`I>!_O`BW@U~@+
zwtkrleNA4QBEQj8y(XTzwxQKq6KGsxG&Bc%Ms@q5@`YmzBPl_qm7vDg)Y9k;coDhP
z+vHnKf*S+Am0p$#i5B7EHL7VF{XV0{+Zw2DXwGb@Zmn)YvR1!Ua>f8FfTX$+xGYZj
zN1;3cqbcYQfVxa?Gg2Uj2Jp=fF4i<ORW};GR-@kAUTu4ugH0=l7r`w)zrSGx&;`8h
zfianxbG^+$qaomJB9~V-G&eUiuQb{k0`<mO$1P=ovy7#npal#@Rxu(n6KVteh%p&t
zAdOvYBx(WI8difB$ZHV_TVLJ05(RHwWBBS&TfiE_Im)PSSXti)8vsR`2*faIf~|gE
zYvwBN8q{=itwCD+M&TJ#4d#rxMd^`3axR=Fp*8^xDB>Bupj4$WTc;(~!i6o>HD05n
zx>Zuttf^`AW(Mk8eZiIWB+RH@UER=Fy`s@;_*w!DzGlBs(BK_ooH2UpywOw77>V*o
z?N`^<HV_Q1gTfWQ>egD6qdDOBXy*E3;x&47rq3`Iqr^nNxMl2gUmI$zwbj?gq`<FB
zDxQ%nT$~?F!CJ~R3}X!n)Yjk!l`(#T=l<Y|Cf215@p~J=`b376QB<amA&P}MGWaP?
z&)=}JxjFzTTCv6$hQ=^;7)r-z^}g0XO)%gwDuw5yLNjB8KTaIdLEM4cD5&=ZP!jM4
ziQ_*>Ou4EybOf|r<Qsr2puM9Kq@nt~=LWs-C8xD(1WmwL-9XXRjIbL?P}o@=urO=7
zld4?DK!sNp&nz<*S56h4Xy5dT(;+azd@$2r)9Pz%Wd6ZsKf4^e;-$^As{ndb;Ub^m
zZHLIA4<g6y3=(RucjXn9A;nZS-GHx|StLku*}O$%3s5l(cCx&%Y+>nC`NxJ;ST<E2
zOQsqP(tN;1bfV1=72$j`?}C0ZJy7ohk8}<B(f!!W(M_S+U?ebA@{qnI842oKXHt#c
zrLlSqYMad(?E&>BJv8N!U0+=T8fSHLvu_PB>e3XWgJY)*^oxp1H0Kl9Bo!}B4_!#0
zjXW=0D1tk66v?o-MqU-p@;0_iwfT?E6g^yHi|!>LM{FFU_Foki7K{H{stfnY|5=*j
z(^x;53#w}ye2oqMfZs3*O6z?M5MJ?)Olajv%{;NR6fxZ@;|(dPHTzMjm|RHt7fSBJ
zz=f5?rDaA*abJ?cNOcXZ7#6J7s5@9oh<oLO=pu(;h4s?{QK+*lOv+9RJ=#P<uPE%V
zgHST#Z^nKplGLLV^WSAZ==>G}#Vq3lpfaad2dWKpimhv$l_x!=l&h7UlAm2;Lo>?S
zRL!nFUPlm6X}iQbyH0q_9u*^{x0P)#aS&cz-3U~pWUOM74H(Vd8jNJstr(1b#DJkh
zG959leFR6jx`uXkB;+qJwsHtXMa%%p$@{pp>$Zhphp;6NA5vesN0ZFrBdI0-x@)LG
zV?tiK!4^XLp;okc8yhM9i=Z<YCBAkFOabfBI2~=?*A|!l#1YOxjqY8IV9QvfXdc_>
ztqY88<zTN>BIC5#h8IIAMtWeEF1dcxIipsMYBcJC%}^r1cda-<&GDg|h&2bPjzaV<
zS{TvW5kp%&)HKvZU3F7KV?#C6Nh&psR2|sF8rL+pYkt~NICYd!xP<?t_I0Z-^VgvB
z#Xr^q`+RbtxDmC>@zN-j1&m;;mWmk-z@8{dwq6;3in^s$Ck)svEf`+?QokHS&|aY@
zTBvRPN~5kLYL*Wg3VU-DZj=;vb#-flFX*R^=tq}~Kz70yn-XQq@T2TC^_g}TTiZ}q
zhfW>pTv9H66s|a6iCe9upP^@mW+mgC);ll`OCEtXpFKXJ0xOz15M{Ck{MD=Vup^pV
z?`+7*YT%$^B~1o$TkrF67#fqg2(qrVe=VsT-H5c&hn`n72(*jUEHYGB<b;M9<5^56
z6`r9mWvelsV4Ni3wZ7&N0T~}+@smq06j{nO5@bptYlG5^s|~8jcD+G_D2z~F0)o08
zWB^x8>2E>=Z*69<g;4MVx)DeRYSO`h(pDITm7`SX(yTfkGiJ;%ySGM%fKe8W!K;z<
zDz%N(sB85#8N;l#v|%FUzF<I7SGO|b1lqxq3iKweiJe(*fz7mfGLo54Zq6{8jU`Z3
z<{}q1dlY7s7jmqL#7qr*V39NPBobv)^k)uhsPq;e^eA2X?I>~+^a(IolxItmh&72C
zU!$*ej3yQet#?!+A)+)i`h2SlG(47OMRhGiFo9HwfgU!qw!z;5odvbi8k@dB_!cZV
zZINAu72cX^mbA5fb-=LVa~cZy@-=%iL9(~m-w=@bijV~zNq1XXzqh19vb3{ntZrQi
zy4Y%DMvJZws*TLQq~x~pivB6nVve0Ot{Jo2_Xp5daYk{%Nd~70(9b80Lund=P0hwi
zFQ%(9EX?NIrxrQt9uRE?>~8b5uF|^KFn<8_`y0OR9Y#5AV*h8&9}TG>NSmF%<SOJs
z#YYb=?Uz|Ikuzfqdd9*<3o7Q#EI%W2L0M_V+_`1*rpH@GvV5S|o>#F*i-}}|5eZ7Y
zB_;mM^4ass7D_&)73GWP&Rd8cmp!Bmz9^8iCU5iVhE`uQSj%xkW?&#a(Aoga8m-cw
zsndW4_LDK>m^)M(W4(czu`R7W_C0puW{y(mTM@hx^KX>7x)~iM*u*y7TnEvpg><4L
zabhgc^bR*HYDZdq490EFywFo)iqjfIB?>!*|7?IVnZ#_d1v7F^8!20{xn}Ry7#}>~
zvYRHA15`JdB8`rdqa<z5FIuTE4&tsg{7j1DD7($b<clPt5msaA1Om|*XkZjf?7Xej
ztu^&)5IM+ldqtA9pl8Z3ifUe5S}||N?3q<_E2fu0J&DyyjOXn5NTJTXim1mJW$o4M
zCowk`*>K>Qk`OmB&rEwvmR1IWnlVG;Tuq3pZb9X>ps&G*T!VireXSrJgN7F>o3%Jl
zhcPh|?V`F7BV{eRU`g(+MTN}sA)R#QvUr4LC8B9Iycj(KL0Nji@<uf{8VF#_k_K8@
zxtPMqo?*2&vp|+P8YHT)2a$CTpch_PH+F_Lg$-Umruduzqd1wdN<ijg_;w6`#qpJa
zW{jyTSw6cmAig$F^pwJHF97%r$jMZ|XW5G>5Cd!WCkm0CDRL$#nh!?^uBB)+XbBjb
z^_tu$_R5?YVu~z`_qNwG2Em<J3>yb%aVkpCqo!$%jCvw`W3_Lgm!gG)<=&N8@bkzr
zlf4Lt3bM$kHDuu_0bpfbt9ir!i_yTzkAxKzh+6`yfX*7IAPi_SQ2iL+T7$3}3}-Gf
zGCLMdAUch{Ht-I8E>k5aoMWuz5W9p4OF&7pgcTTwkrrfVWd<j?CH^WKp|n|(1-4Rj
zVyFw5CX9(K6KUNZ>M)xU7Zde>Pl_6vTY$f=!3!A&kU@HRflGOy9U||@F)??g9QpT}
ztNd>h;mF@!th5*~qqSO;e%2uxI_FDlhBY<b7K{iGAiMhi*Ep0p17g!l!G=;GN}Me&
ztGwP8NG;Zq(Wl2XYgr*q)=1H`;!BE9rmUV3*lMs~h<0!H?$W1Q$}Qzq^j#T^8dlnq
z4QgYS5{-)IB;4vsBx8)-R+lm=J{hHeG*@F>vm{?saG6pGhtYjOW-!QRilm_^6nyBo
zy5qMpj#J6W6((kS^;#5-W@$%4J$mF7P%YMA9s<r#<Ly&X*NQhP^bDxS{(4`K;!Ltc
z@Ap!vls2@YvATH`1-*I&lmhgUGEZaFq*5hOt2u-+L5TE%DJK%ht61bHo*4OJEf&aa
zt($0*Q4vdHHI`Rep>#E%Sj1B<^f^egn%Tc0Ki^VrgcIyMERm2}cBxqwuo1%uSLk&a
zMsXVjHJwTI4z(m4vDLoh@^jM#LTArbh^r0a!TL>>b9-7CmxfrU4r$UOEi{cjBuS7W
z8;<ShIh(xIP@GX4TDUCvu*EAAU1*Yg#0F2)ftC-=65)tY%snN+oLo8!F}fJ5;U$-L
zKUJOFv0A=GQUfRhmuI<H5^w%7J>41@>>)o1Po^F#MX9%xEyKU2X@#$mwAI>^6*8xR
zHHw<020SLyR<h77aj+Ex!<Nmcs2G;HK=#Qz`%yEKbWV3q=0c&wV*ssj)|95DnU$D`
zwqUDZhL5{4e$L#b*@Nq~tx%IlC#Gtx#;nsbr*r1VE&)?6!dm@fTWT7{&e3(^nQ$^<
z*!zJVW67k6Rpk|>#pPASm9tBY;lm|lc7^tyf4(uhc;bZ2avzjGFu;S=pV3o|5>CDB
zjho8S*`tig(z&Ixi$@t{vlrt3+*165Ya|zom;iC?H5sFTp0lQ`S*oEiIENo-5uzg&
z6k^!|3&2yYhzn(D*Y7dPXP1;NC_V86)E_4TqC$AMaC-o_?&IzuR8b5<BP@oGV5ixp
zRU2;VX|7{@AiqVShh`D1kzH2E9f~XBpDa;Ww<F>a@roItbHO%dBddu`UH7JAHNaAB
znTZxkAV!sA*kR4a@x`h!5usqSWx3hw#l|nh1dY#1PLZ_<)zK_?Yzru%cm=w9;Y@a<
zoo`GSbgn?pa$p{ZLCc*r!j#04G*X^W5{gGL7NE3rfwH(>SS?i#gtZNf3&u(Z2R7gj
z<Ga*9=@KMT7ou*C*0X7Ab}b5z@J_E*Kwug$v4Enz0y@wtZvai&svcX$`rxHjm8d2K
z13s=**KkgP%rzxM%v~c8XEBv7TSyDA#DO)77z=e?BE5ZO$G!Pj`UJd~<#PQ5U6OZo
zHP(D6uV4sxFXJqFe!FkOCN<}S*eta=EwrD-3rh~3g4qIBGC2+;ODbmQzGiNibG$=T
zVJ+*(FqXk<>?<XfQ}mLU%+it*!<V<u#F(ux%UIG(wb1GU^Zk&6eE-r+W%q&k{!C>U
z@y2B2`#t%!IxN;848?$$q-Lu8<7&_k<@=T0vnZp$#yt{Ib&Y^SDibNu4aUN(K1TWT
zTNILvRK%6<2dV%<3iE5GA}Z&F$^$<f0#^Ao@EL}oV@qzxr(j;$=_46Qot0m+R5eM8
zsp|OSrz)T%UZxR;g>(#uw=sdH7DT|*UNyGYVm9nsIR;A~jS}3V=5if*E*1flhqw(@
z&cRMrK%rK|7C~Ls)YU?z7IK&`O<Hb8hmn+U2Ii{D8Zwh&G9R~aqtbrk!crCHc-LUj
ztX9p#Osg6T=8)MsU$7aA1a^8oeEJph!g3EHa9)Cq0e@hqDy`-cGZuT;6;Qbz$|<&`
z2UjCzvqZ$I0)}obM`E2~jGE28BECJ)#KF(-V$$C_RP&_|rf6pL1yqW9v?$?Ccmaew
zYG_6m(@<+|BB=#s#nb1Op{l@_dyXkmMY%=l8axYO4cLLOA0G`jY^tH*jN`PI>;vYE
z`)&Ns_mR)gp+)L*z);@Sm@<SOEdT|?kGEi;K|-I$3Kpe~%xzdXl#15u*xNH4*f<Ff
z7~>~fomAoqEBak^TG@hyvn%E)nN}IA(HxUy%dvu`5>~L3wJ@k;p-`#mvV<9%iBQj^
zirk7h5|&r_Mp5#NV;X49%slS6<FH97+c7S2#t6K$-dlsI5r*P`uVpkkU2mf?7i;q}
z!=tX5utK33VNWA14N27IOuj0ExV<T{UfbbDAo_4F;);@-sBD8)=dU2YW~A;y3Pz7q
z1;>v>E22WA3@!<w6VnX_6(u7rbQP?v@dYbXCVP)6w7{BG++Huh8zqqIHS?P1HqEM6
zPIP>=0)3&z+N<wrRqT1!G&j|&wj>fW%h=YqsKS0-cqLmDUha=TQ>|H5B?Fhv9d)7O
za{)1yz%62CtVv5_c15=DyzzE}WUX`VBj2P*1^Fk|=I4*JY3!p+SR`!@RN)mc*>n-?
zSdk_3_DzpfAJi^a_}cfw57)^1t!pQ4EgL=zmf)XW=R%homknopT{qx~Y<Wp#a>JwV
z6iOLqp#R2DhVI^=U|<(>6<n4a;m~qrsHv*(tO7N4DMnNq&Zzp=teVssr5n^(`)zj1
z3q@ADoNzmFU(aHE+Mka1uTxc?%2&tsX{Ld`sp@2P3dYmP>LfKz9jC^s6X7aQBh?8o
z$HUF%Nfy3TmEyoQ(BZdp)3~Pq`$XWLq(%YnaKSYJ-{Xx@BV5uQt&VaDJywlZ-*pYo
zLFhrQ5St47d1ykcVF~VIp+6m~4vB>fjk%6h-+|ju2diW7{2nfPAg;sJApFk|x5j;>
zxclS(V0D-}LVQ^ke1OV@3#W(e^OpkXzHBPsY5R$@uk`zZ5jWo~=STMZHo%U{_vZO|
z&%v-9@9c0svtV%;p;(-x2=49QCZ@+>l1cc!N%{j3hcw_&lUUw-BcEY7^ai!6P<sk>
zs8GiWb+1sDO6m@0-Nnj?V*nM-C`G+0$f{CD!yW@`zz&5S274^5O>bU;n|bBK^7&u;
zUmj2f4&*NjE%FdG0ROWg=luVln*)n$AijP%6xL}5Nys3yzQfS+4o9n_`v|nULFn-Z
zq1QbU|8vpOj>eO*vn0iV!gY)?&}xr40457K4jisw=tqu)&4ac7(?yeSJ#GKKpIH+7
zK;asW5qyN`2FF1&7>O~RBl%dEaTufdOg1N2{u3SH6Ht!_4%gq!181_-=jMSjS?V+M
zBxpaMnV*>_%YVB5Gn1u0H4l`@f;KiubTU4_oyk%kn+M8dslS;A%4DgJOn2iEhzA<)
zH!~lZS?WX6-FO7jHy-NMiRMG#`oMHI9)Tprrn@kfeoD-x<9q;IJ*K<y2qcaROLqG-
zJ;3$8>25p%=_~!TUU=UJuBhp5JOYX1D(aOw4x=jyToKdVcm$Fdzc>L~NrGF)i2&DM
zO?TrFh)0!LsiyZzotO_}XQ{uK?#3gK<oL<HvLx((0j~E<cjFOAa_Zi`88LkC0oS{x
zyYUFbqh?yMXT?(W#>kL&f$JU9-FO5NPdD3v>(rQkj=0_duD4Bh;}J+4m%FPxhVgCS
znhW!m$^YNhWT`jJd8z{czrD#)mFmytpUp}<zpcqq^I;ai{>h|E|EH_B&kpVDnWg?{
z9w?Kg-Y^f8$-<)iLbXW#)AemkmU_)RP$o<L!8}kVOa0#L%Pigp%q>lpdeuBoCQF?L
z^NPv;-_~TQm(932J;@gj|7NZ%^^$p@OqP1lJWwV}y<qk>OVk-K4CnKknHSK1J#Y3l
zIyJ+;86L)Z9=LX!2g+or-<iKN&y@dkeH)Xd{>SWXbjcW=SjMyV$+`bQ8Gmc`HW~xN
z6LBTF&+diyx4`wBd0@;^%wc{b`u%Ur-$1|T|Nq=%sb|dtWe%)<e<0@yyUYV+veZt~
z-FO7zu0^<o?u1M{Wx5-WK-^O4uw^l=MEjott|v`*;}J;TxT+kuo&>HPrn~V7#2wdi
zRqepU*jefc)7^Lkl89@CBYjPh{|VrF+;le{fp}D{r0^!COU%J`KMq{mO?TrFh#fQW
zS?7XxC1Pi($4qzQ5lAAAeY+n6u18IG;}OWd(`#tG(D^8EZ8P1CM<Bg%HMo?Jv9<x%
zBc{9Y2&6YI9db@DjE?}<R@2>h1kx9-#PC&ucPnshG2M+vAc<*`-Hi^)wgA_|rn~V7
zBsqQD*W|#&*jcLEbT=M>#8bPuniDW~1J|!jcjFO=8wOtjhB*A!!1a*nZae~s$K98!
z1=t?~t_Mwb;}OWdFc5ZbjK&9n>jBf<cm&cLS8FVFGVB51;_U4H12j*&Pv&X&ncv=U
zo_4Q!?*W>p{mML0CO+r;rOf&Ce|uJ!?6X7rdS<D6%mZbz)ZOOY<|6q|*S9fQ>Mrv@
znJo1S^FSFrANu(Lnh)J+9w?Kg?l5~Bzi74$Pt<q!?Y;x;@n>dlqf;?_-{}*fKLf7Y
z%>!k!)NN*Oqw`~UV$S<^-v+vFHG3PKisAcCp9sAbxNb2Il*v**HQkLzAjy5F_61yf
z)}Ml|n@xA)5lC-bd|%Sd+zebdneN6T5Vuqwwb}*SO~7@d>25p%NyOFWf*}sS5x8zJ
z-Hk^e?RaS>9)Dl18-VM2)7^Lk5>Ng8{ouSFxUMtZjYlBFb>4ok==`n&uAi9h#v>3N
z@B9R8KY)8}f?vmA>@4+T)7^LkV#joQUXX<G$G~;1>25p%al_#rb}evSW4arUK-|;0
zg<b<(SDWs}BM`S#3|p5}K89QkTt711jYlAT;Yto)4_rS2uFa;q@dzY24Sg5(qDaTt
z3|v>4?#3gK-nbaj;ezif;QFEIZae}>#?|S9!;bMo;JVUuHy(l5G57uKLLOHF*A=F_
z@dzZ2<Dz}g#8_7V*Cx~5cmxv1<?h-L%V866U2eJ?k3f23xHy(N8Fo2vU1qu)k3f>+
zyZJ&E?#qB{quJZ&v5Mh|qt?FN8-eRm)7^Lk5~t*nKFVgtxD>d;rn~V7M8^#82M=R~
zf$I{}-FO6I=L#zKgYOdH3YqT4Bak>Q+qJO|oFU-4*mO4@fe^!GeWbRrUoP;Afop^5
zZaf09<L~>q3D`CO*F~ng@d%_Z99Q(B^&;TvGTn_wAa1y>?1hK1x`3<GbT=M>IC1^Z
z6%S)|0#^qvqINUr@erPf>#9ESFjfa}U1+)+^u~b1ac$lwCdSTE>rHp#5l9@@{#@&U
zYn|zCFm3_jj^RfxG_C`#3ru(85s1chwM$xOE*AjTTGQP?0|CUDBJRJ&fqyM<{lIiL
z9)ZNu_I6#HgzX2wb-w9tJOYVh_;FIoc)0C4AGppl-3@d&K<t?D=TG{;c^+_m-*h(~
zfoL4p^^rcF17l~YHKx1q2t>!e{u|(016=K<yYUDlG3P}04ZX0p16P~rZae}>Oy8IL
zM#0+#T&qoYgV_Zjn0@r3z#Zpm;0l`V#v_n;x|{cdGYDJ()7^Lk633P7`e`rB0pRkR
z?#3gKWDK|T!Vri1fveSYHy(k+<2qfpI`Fmv*SV&<!CD|7P7F@}Z841J0#}RaZae~U
zrltS(So%b03vl^NcjFO=9s6gl>1`;VKHzFL-Hk^e@z{6l2U|06HJR?lBak>Qr|V7!
z?k3=BG~JCyAWjT@`x}94mFaFg0_iL5&mB}Tc9uHFbT=M>#Bu$iSL!&7u5*B^!E`qs
zfh5OI^xfsa-2hzmrn~V7Br$cO`)&s&#?DeJO?TrFNMicF-1i9HmB3YJx*Lx``bytB
zybid$rn~V7q<5O+kYC2i>IJS^)7@ZK4v^%O?!I3MzFOd_G2M+vAo0}q#wdt~CAw;W
zYlZ1<JOW9K?NRsb1K$eZsy5w?M<5<`|31<u=2Q(_%T0IV5lCX}ME3)|a##*rRi?Y~
z2qZE6zTH*8waj!k9)avTy@oz0G%f?KrKY>_2;`gK(s7mo*V(4K@d%`ETn{-ob~bRG
zWx5-WKzif)wF8G8<1FAh({wi;f!Hzk_3RexX9Cw5rn~V7WM4Qm>|u+}Gk|M}>25p%
z**`8j#uDH<-E=n|f!HzQ&n<oM>vZ5c&2%>&fy8m_%e58wPXn&Srn~V7q%RDQ^rCJt
za4j<3jYlAT;o8;<*COCrXu2DZK(LeFE0sI`g}}AIbT=M>xTkXqT>xD3O?TrFNIcbJ
z`=M_>a8;V_#v_n8uKl?xfvduFHy(lP4?`SY0bKJ;cjFOAJnsHn^MGrv>25p%*&hbN
zw+kod0#~`|Zaf0{Cb)E*a^RX{x*Lx`zB#Trz;&wWZae~U!}YkUbesxYvrTv75r`YE
z<gh0!%(H=Omg#Oh0!dD{FW)TSnrXTlyp;~fzEUT{W&+m?)7^LkqT}yy<xn!N8NgL$
zx*Lx`lH>2oR|Z_uO?TrF$i7m?VNZhY>A+QLx*L3{07yJO-c#FWNlSsN#B?_vfh6Lx
z-8)@zmH=0=>25p%vD5ec++|@d2CgF0-FO5N$MLi)HF0<ma7{DajYlByxX<hd*EHao
zYPuVbK;pRic0DV(Oa-nfrn~V7B#z-X`=M(Ja21;F2Hy$+634YaS0QknV!9iTKzd_%
zt`GW70WOc(htZHeQufZn16-3$cY{+30C7pv2lmOpHOX{09)WywT$6z7WYgVv1maP@
z?Sl?yE++%mMAO}P1maQu^9^xL1g?`zcjFO=GxxszCjr+4)7^LklAQK;`=D_GaGhwn
z8;?Meam9VRdtp5hxK1$LjYlBy)P1|27rZ9`*Lc(2cm&cn1}9`ZaE&wFjYlBP6n*>0
z0oPd5-FO5NPy0eI4#i<~jRmeTrn~V7Bsu=Rd}HLk&_2IYKVGGzrT6Q9P{zTTSp#y8
zF-DCZGj`ng2`8O=%9LqECDY4h%&e%$J!<aUxyIbw+}xvvjhw&WgcBxtrk+}QYK6hy
z{Q1W45l0tf4?Og+!H0k6h#}wo-jPOL{)w|@&l!Y(BaF$j=k&|S89i~{=#vXe<{5KR
zMxR_<GH>Yo`3n{p$IhQWcYZnk=9ib3=Poz|d6bt|;4sPghB2VB(%>Jms9XRCa$<H8
zkcV^FlpL(1@^ChnK5kGgs+wCodmayCqEkO`6usqISh09PX&E4;vnpnb1F)D|A6vhO
zU^&v<!VvS!Dl4x<7$1wumN4Gz8Tbbj@|<2)2`4^=s#;JsfAQ=EWpq|lF2bo%#pQ5T
zE~uDW$y8uy@#1p27A=^)a8dChQiQ-nZ%IW(d0Fv13lR6=l>OQBW+Hg@JR+D?wgmrA
zuUIhMdQ{C{Tp{=t&jS&XZ&`&<SwR{~%PSU^RaF)*C?o0$5FGa~WMNr(St$`OD4sWy
zWK}G{zv6jBZ{x$UPbyEJzpUg)9<>4oH?6|?Hcd^w<|^C6W45Yr##!r{DmiY?I{yZq
zrhwuRi27KZq$ml&63vRD52wOONdAD0MF%N;@}~9BsN$Yl+o^HMA)Qr8xDtcx$eR9!
zI@M4IgtdG~dOS6VL`ngy{OFgM;)oT`itWcyS~Xs!9~u)G1;z-&@YI1kIS($JOQ`5n
z););2(3VHF$kD2jfCaJqiexr7R{2`1ygp5LdrParx%90{pYPab%NM}J%Zk-0u*I<D
zu&2W=gRO@>7xw$G7r}0Vy%zR%*t=o7VYk6P1^YYL*I?g+{Rnn1Y})0;Y7lHL>~XLs
z!cK;r20H_GA?#Av8rTNdHrP(s5bTw(KZd;#_BPnNVeg0C3i~+hF4&h~{|fsVZ04q7
z^*z|pu&2P5z*fMX30nud26hANRj^mX-T-?$>@Q&-fPD=1Y1kKF{|Ngo?8mTsVf$TC
ztOmj!4m%9?I9LyCF>D!Z1?=gtXT!SvOfv;1XT;CPn4p%(`4|m2A7i3gfzy?~hXbUJ
z#8>=0B_oJ)GCbBv6vOb2=$ZJ+|17*6)Tz$Fc@jUt=}RX%GSTnF`C@O#-4}D66>}xN
zJLgXdy;9wQTzDSNTHGjo1HMFi+&Nktcl`0AtRGHn#E-+n3H+TH|4le);>jmZ;%_p4
z9?vO-Q>IMCZ(31tNl7Vx97$%)KK0a7=ggT?UOsp3ym|8~Dk>}I>)(O}j&jAksVX%k
zB_$1(PyEtS(-4MVS~^TxT6%hVztmI&OCUm0(^YDk<xjH#X$(na9K;|>cv4c}0EScm
z`#Q^o=Vi%BN^&~$!As9hOaIP*@8leRQomEOE2j59bzsFIhi09=1aXGLuB^wu<%b<U
z;y6!{DnDo%#=ya<_GAR=-(m%`crgwkIzoMy$4V_;Ja*KW(Qr&0Sx`82@{~#QD^=Od
zk{QJ{-ntdla{*YkO#bLn^G<|MopI(_v(&;x2s!dJ$js1V41m=56BbkrJ2v;|JT-0t
z4=J*KCHN*j52u3h)Q_1s@#8#oK2H7^rA}3IRJ;1InkDCdl&KkbAM^V-1>{nk2yy}5
zxNE^XZsS##x=w9SH>excbagY%GGM&h<o^`)Gsw<VoKTjgrr`vtemH&VAe=aLFixA|
z*)u#<glE}=)iuDn7CQntIQfO?$KwQ);c7j05wDi8ZDy+~!k01qlvgm+Sr{(IUH6Bm
zmFil-^+R=)+AQgRpzcx^sg3Gl6;hW724~7E)RmHw_%2g6zF(+K5=t6qNl&f%5qNN}
zYJ?4_+3I=;C2wZnXwtcgUzS(mi|qySopZffg<Wkw>aZDcSL3_e(}j;`tEH%cD&<ql
zak}77)h+5)b*K8dx?A0YZ@GS{ex>fkj>ZG(L7c)?gR|Naf8)ld8R`9wK4|8w%-n&8
z4joXCd(`j|Wiy7Io_p#XWA4a`3+H!s85>3n9}ylt!nk~sp;C;Px|Vy?fSg=o*s-@C
z0}X6s?os8Ju7xZlL|AGJ$T4z{^46_H;vZKYvS8t&W00Fx_NtZ-$m!SLpx$TX4#*jf
zJdQCY8UrRzI>nQ19AgYTbVN*{J9(1fF(zeu^702BO090v5gw{y@!#PShbERP!OfQX
z|L`vb-IT@f>_Z0RX!dC>Irpfek1>W0J2o$W_=p0YE$H^U-W-P>dpO#_7(B<|+y?&t
zoB1!CnUmPBe>3-Rw9Fjf8H90Us*D6Yc_$qwaa@A7bQAi3X7v@mUHK{r_lM$R%o%7G
zvz4L#4jK}zrY;ZA>&+^`yBzeMV^OVX<9R{D1?Hr+B`Gu*^Znf%iawwNJ#d@+zZkA-
z(O!Q7A9K3i?11Y!v|1aZS6qKL*<&&6X8ixD1-%7vZ$<B=<JMSD`fj(}g*=@Xhdl;-
ztGvxqsaZi2#D7ux@U#?8HNU+`oeo<DyA-y@a?_t^8{nS<E9X9Y44wyVIh6|H9AI9H
zj6<78<oid+iPAXO5=YBwMN<Ohq)YpnJ~_@(ZulTf#m*wPF7lATvvIuCnB)A&hQk$a
zo&mIWO*5`PtVuXp_50MVtMnnoRV#wbfdW{EyD)LFU!%7j*Hz&TS2+XKI+$1{Tcbxe
z<Gf{k4Wk^2jPvk#rnRT7x|K(9d-MfTqvdFNeU*(q9ND_l4F{>Cb5F|PoNDO9waV^E
zEE@EgsiPCf;OU>5QUmwjwASI8l5avUYK<(gQZ_a4QodvYT7v%i(LCohj#r;G3g#zK
zT8EpUkr=-VyNc8eokePQN0B-L?z=87QjfsCu%Sr(HdLhEhW!Gz4E{4<n_$<&Zic-R
zb~w^(!!!GmA~h6tBJ3R4Un0#lz;jx-Nc{r%X`ircA;Jg2j(~j;VYHQSzlSI3*nsC>
zfpaa=o&y_zy$tXjz<C?&c;xvLJU?N+a5Iga)-KC((C{eiA7GC`dN0ynfw;egodkRE
zMMdg(*rl+IuoDo6)(_a_$e(sUGDo>ekhuNIsE)rT;Ppd5amAlqlc*dm#7Pk_<!P-6
z;F>*%<yahTZM8P!i8Hz77+GmV!}9&ZG8GQr#;tF>lY%&S$oj}>5KbQIjaF#i5k?rU
zG5|zlkpt<iNC=YyrR`&1<?!=1&fff08e({+7-wgygMm;#GATcq)-ka-msal58ml9Z
zsrMLp1qrD~W@aY)J(<c%Dp@&luW71P>eFkB)V)8}HWg1l?D7Ol_&2dk^G)J?(>OK_
z|4w|(@fu$X?jTyzf@(qcQF&dFy2-NZ@Z4lsh6P}83kFa8u7eQRiBNY+t?>D9$ak}S
z=K(4NGR5APCu5Ij8Zk}$^wl5`7)CUY_|MX<k#v<e7OA&xDpL2uUI81lEW=NN`&Ty?
zslAr{49_<$%kU>)*WFU2w!@CQ73GC3gPWG&KY|^4dyyIdn-2Sr+i+I9Wrx6DpbCS{
ztD5C9Bh9y|(EQI*2J}<|H>K!n1BR+8YUmVYEHmO)4JdUJ(wF?KNNt3D6!vY{0e1i=
z>@wJY0RAzaC)}y+(RdEDEW=ab*5jnzI?$SU#lf^`s0Tytz{%7hHjP-=XhGfLSa!p(
zs)<hAO@t+pfR}Dwz=_K=HG+0N^yos@u{t|_XBq>r94MC=DqeH}zg{>oaOV53i_{_A
zMQSYUd{{s1X4p(?jMs_v)eH*P8Ocfwj>YEqZ^RCPUsSwcW*OGS7L?9XC=^C=VYSi}
z*@C8Q^07=Nv}0wb9dg*Utw>!Bdp+zeuy?{<0m}uOD%{jjQzbWnKwDs+qtxwB6scEX
zzkoerN0Ay0dmb#qpM<sgfP6oD1gjs(uf-X*na3K%i5Gz2rcey%yv#)3*s9}ttotf?
z>2l_=$Z+g&nZ|K_rmV-Y=g<n+|0Sg~jvI>`A1qodD(Y>20%i5+lE>gWMm(f@#)TO;
zzFDu|ve%_I-#=wdQs8(A!-1OdcsMijY;|^ijY2;TvX5m#P@k!(hld1V-kFeOT)X7O
zTyQ-AZ*0KTl*mVxk0oRE?#?20=`-4n!t?8=i`2__p0K+}Ray32JpTe)0(;r>MXDW^
z@NZ(P{*Acb1mAy>f4uBkMuNPnz-}_uRTpS(7DH|Qj+cQm9<STL#m6g~lP<Eb?vWvX
zl{MsALHbr3OPAI6Pq4pbOe>;&Ero79`l=1e{qh&lKfVmvhrQpj%kiB5`yw?P_JUWx
znLXy;i2F@&{wMiY_*(o!jahnRlKTvF>n?b$NVQnD7SBq{GQ0>Dd{U=t&3Y(q)Pkhq
zHXU1O(aXZ#=9)E}S*X_P=9ONk9@6zGeIF0lsBU^4`YG&vu-&ka!afQ6EbQ&D4*gxp
zKnsmo>a5kPn;b?-UN9|T92znI$h6j<L6H?F6YI^mlc!zZUV@A1<1-wE3kYSlLm5)M
zVJIms=}b&}3bZf354ZKU^6FK4-r{Yq#~sb+zbu*?>TDshN^N`fDt~pO?T?Kqx~z7`
zY=iaiK$){dlCuO7IwCgZ8zEYP+-)>Mk2bh(i(?a)@@+h^*mi(D3~IDeK{iO&Ps|6B
znpfIBj1#sKLx=4|8LJ!xVTPiA+Hp8e=@3YS9heZ1P$Mi`LtR2CSO*R`(Iv%jz<Y7R
zVxTo}+5`}d?KTp5%lz3JXuc*<W5*XNZI9kYk)qkX260;#yt&t(E<-#QN11HY$S0A^
zR`0n%T+S2Yp|u5L$F{t<8r%-yt_@m5HExl{UGIUU*`!kO*>SvrV&Wq+f6kh;9I_sE
ze^8_zgMAD3SlAcea<^v!RtWoO5A;h|w|H|9o&x*o`$cLE>?yGSiUL3Ede~CfKSqjF
zGi-m@l)n_Id;Y3%t+Sp^ykijlG2-0^doFAitQ}|Tdqv9pNc-Qgo;HlnH3(xKPyJ2D
z`Kk3xjPoOeoesPBL(D;}@*n?6kva@EG2ZTvp{K&03d?ZAdeZGfK3>?f5@=Wi_e|Jv
zusN_%;C~(V5!j!=24T;Ey#wi`xl&WGM2+=g^)n*0R<p9kxe@sz;+Lu0SGvZw-=yE<
zHEC_Qv>bydbn-FA2;B#a(6`L%Emho(wlWAo4B*y6ELvDo7GCpccUqE|v^ev}5)v+2
zv~Oa=_4JS^Ypl2Nu&G%(wNkO{<$A^yYYZ2JvHQhiTkQ7qi6v5T9{G6D8?W%;Rmp5@
z=(yO+qbsvg_=RTKa@C5uW|!PhRc(vD?oc#5cJDke3wmn_$*8v38*eXGy-<5;HIk8t
zo)>J<H^^HP6PK)Q-PJB1Fv``Gyys2sZ$_16D%^6uxEwqC`f{XF>3gj^lvup~{{90F
z-1S0gELHg%sjBm(RQ2YI@vsjN*8Os-T8?o0m;T38HR+X9Ri6;Xc&(#VudsqCy~A!^
z&^zoWOM8c1Q{6jk**U$#(pU8ko9YsFOhBm?2hBeQ&CalL(CiG`0-Bv+cY<bT*nObc
z8MYEMJHzrpOS^-XM?s4-EC5=ZVV{5&XV|--#ToVo(Bceh0WHq34K88Vx`e&x6842l
z*m&^Xna3=bu++xh@s@)xef^3cbLFsSQ}$p3u<Kwq!CnV@2kZl|+hL!EeF^pr*mq&~
z!VZ2lRpr7Kz>b40gq;Oj3A+S#Icy_rJ8UQHCfI9WZ-TuGwj1_I*q316h5Z~>{XSJ?
zzz&AZh0TK<2U`d`3w9Cga@a=LcG!zyuY$b^_Ac0N*e79k!@dC<f&Cm-{UKFl!w!MX
zgB=H32s;aQ5$tkU{_61zz^;S66!tpUyI>!I<?m@ccf<Z3HUj%Ota=T&VTZsPu;XA0
zVQ0ZEf?W>V2-^;OG3-^aH^JTo+YS39>~7dMVBdxP0QM``jMu>j*j!lqS75nG2Y;l6
zKjO82|E<^md+YUks;UaRMa@3!zmJ6*m%m}@7cW@hHy-{b+&D^iNLAHP@v4IREmc*=
z-GGS`lqyQ8YG`T+wtA~t0<D0Zmr~W}_j*?mc0&qYw9?U3Mk-&>3NTpRnu@6(Zp?#I
z{S0njgHrdWV(|`patzy<TGQzBd)4k#*<w>YsWod>wly?YaVe13d?JpSTHDx&Ex5qA
zs;U{4<HxsnTdSba)Zk`mH8M?OpO{vs5h4D}v^o^cuV$rj@eRerZ)sYcT;^8?_cFMH
zff`jMPrs^8;}W=1-n2SyVK9oiAg!*g6?YHQy(taoyv?iWzKiabhFZGcO~Z}5SgHIZ
zt-)6lXjC)Pd5NYj*OGMH&REm3hVjm%8#fFR*`{>fCfHup>RpMsUyHgj?)SEPYt#?p
zej)1W^cdOdujxXzipsOTnsx92-Ow1nNar<+N`1wrMa04VT5&_9WUI2_#@42kXH7pY
zO9^Y$rTzTPb`Dqf^V?2!eLsJU7eDQX6{nhNzqbYi<9CbpOP$^-?s}4<ZWFhT^D}Yl
z^4}qDe+z}{PP%J@g6EfXqk@?BKDwK6DKy*<XtyN(HQg;MS}`Q4hv~-s?9A*Dx;0Am
zB;5fYMMb^dFHnOTst!Ox{{%M{F2&uyf3O)_twf`~(|>hL7>??{I>vz6{dJY6CdfS8
zF&T$DCgZ6pxgHbzQjZCKsYj%ZwTX0Ibh?mt(CLd#vsG1dO;vS`A1#oK*`{h%pcaMJ
z7ci4*M0+6JFR5Bzu%#9a3PTw;+pX|7uuEI*uUGFWOq{Tr*63@MIm9PePjA5WmDLTc
z>Qiy!dST#6OIhVz(?V%so5p3T7M|%T%|0*Y1PrfBL0sP44Jyt{0qLy)jTx}>;jh)G
z)Y=q(aD|or#+0_|TI~EY{ZGZ+jEX^<NoiZLYGo~|LaBRG+G-k6Szc7v!zpd3Djk1Y
z3Xs70bV{3u>@z8C&6rJKT7|U*V0<>EO=PnTxSvaDi-rF#rHywct5;Im0={5PeIqzk
zkuuX8nCq(zHhO1aLfGgnMxxyq!~SbyJkY)D_%Y~N5mwTt9SolRe_=siGna3@{?U^(
zkxCVSmN{h$=9QJ7c!C{9S^IzKmu?j{MHzS@)4k+JB*sx=c=Ky4gsq>=AuTEC7<4Mt
zRtR;yG#AWcR$#dOKgC@Ekd#N2{#VhghQ#qg6qVDt9G++qGKAd)4Hd^oPNF0k6Os@`
z|5<it*$KnWWOp`fyr`pc1}~V*ot&Z)Yf_>i7c93Tp6H=YPE=IXu|lp;u^dml;|!8D
zQeM2Ex$pJs*MIlCUBoNRO%?3?-~amS*RNl{?!W(k{%1d=#nZb)7eS+F5ly%_d=>uv
z?nyl3*=3S+FEUfT6{9dhM3j-z@I>)wc@rUNhu{mI!sHKW%G&neTg@IZ0>6#Y=ka+)
zt^<;t<0Bh^P@2nx=MDh10Qn@zAPr_B^B{mmfILJp_!#?`Z$HBS*|~nHM}f2hqzjhJ
zztERC4@f&e(m>L9u$XI)2PkSsc$PAXsF$bfix?}DjWHfD0=>22z((Y+MqN@WGBPkL
zv9k<LMHk{Ig@1;bfap~?syQSc7{r5J2nP-!nZL$S1`SV2T@Pdmv<b3~5XdHVRe(T1
zG^E867MqiS%-eCE^hrwHg`?WDedfD?WX|@H-9T~<F%OV{H8tCp`5a{O@C4Q{E|$me
z;Q#t&Q2SRQ(@13O0=N#}pi<P+m~|nOaiwH5aqpndx_*b@Mr}_%dNe&FI8Tx?no{^~
z+TKNd8GaUxCd1PBM%VtA(n{U`$cVcVAdfhg1UwjZM?s#0XBumCR%8jMfM=iu_XTGY
zk0-JYA+b}C$vcGoa3ab%gk;Ww;ZpGMt_a>sKy*Ht5@}=;WIm9lMV{tj6l+LUy$Xi;
zfGI2giB;3kfas<h7h+Y{imt2_cYnpIZP=2ndbK+zU&N|!1z_VCZbu-McVJUo0YI0=
zg40{I56V`YeZ*olhftklv8k8)_92U<7W&9#Bx8}pVq7~}qx;XW>XHVSzki6uoQ7TL
zfP)UiVwt}Zi>=TyHuBR24_nM89PhB$)o6w5LBsM^Ad{FdjBmi6(|vA&O#4~RGb{bL
ze+&CO+aY*p(UeP&p+N&ox>9tw2|O)_(4&`&FtqDIU%ZE8u#;!>F&ys)(sZQ=+76`l
zYLSVDd9B<CWOhO(ofR1>H3?)Ykoh8zMj-QTAkEissic?LKGe(e(96FgGWXHFOyf8F
z$hdGV?W%W&5=k%DTrWSNdPBy=dr_Es`PRbNNV%hrdAzq)*|sYdt{EHCQ5|86?3}ce
zOHoUwFgP(JypOar14a}+Z3IY*Crnej_;U>-mm|PAUM>7pT1qj9TWX$kRUv@JX%myd
z>Ad$5$kg80*-|b=t@s)GB8)+Q?3UJDOV6FLrT4j(j#rB%)uquXv|{o`+lpzdO2pkT
zXYNhXQbL{wWa`a6@|QreYklM*Dit8F2GT_EW#1s4D}hw<K5_$)R=<x70!a<{$jw07
z0rD;&d8d!e=G-poi)*m*pxBapbYDEIS})@(@w#copq<SrVnYekHFIBl7U%7}Gqzs&
zTom02f)oOrv5(RQW7)3xS%&I*K1$3_8ijAtt`yGvzR{F9gV8kU+I3b?4;{#8>V{dk
zUFM18Mb-Xwfur3GU9wV_VR-;ZE<nBlBp)E(22u%-?*pj?$O#}6PUz3mqxjZaV{EoX
z%~$xy2(FWwi+qGu;%Vq?>_er-s^zh$hD!>^Q>9(C+RcKH(!asUHugQ7Ol5t!TFzoE
z?vPPh#We!tVjyX(`&ou~W})VWLr^=+RVw7iMFxmj?BORLUa50Ys_hWSRQd<1Q5q9-
z!u%r0WY)9)Ot+4r+FuHpoX8LmT?C{OAeR7X&X!r2WN0Nk86dBRO#U2S=1o8{!~Qtk
zK+F~)EiqFAX$8o8faHo+XCw0gASv9_N}|LrAk6^T10)^P-UJc_$Tx{6KpqB?bx4fe
zwQ5`)%Q%Fp|1o4T*d0r1KLMl}Ag6%f2XjV-+jagk&^v*B{sKrVKrRB34N6@KBp)DG
z0jUQ_0Z1C2ndtL2AT5h<?e7QD#12^^vlGZvQ2T=<Q}K2FA&>?<JSp`nAX#{Lf}H(K
zwCkNd@?s$AclpR-Ah`g!3`jmet_D&GkhcJ-1xN`<JwW~jNFzYD0+|eu4+Cii$h|;X
z0rEK@?Ev{Ykf{LqK9Kyo{dWBaknDQ}!9MS3j7`<_?ShcE{F+Jy$kWb(&H*wTNIO90
z0;y~f9>a_s)0RVsc|K(FcZduj7Xg_JkXHj~2gp@GQd|8}Hv(w}$RLo$oxaRCklNq-
z$Q?kk|KKAHASo=H65rSZr1g(J@^vcpK_7VtNG=#(Z6M8$vJ89guL-%^FZGOW_}D!@
zavqTO$Nf?-CuFBDb19JgCw!S}f#g2v%M4Me0I33LVUd)y>z%}Nzt8g_AdLX|G>}P)
z&@6%$0LkqZ9-3hagNritV7B@mWHO%;87lQ-Ae8_)0i^bTFY_eH?D6%P^DOXSF_GxJ
z07xZ3E(J0fAg>3~2=uugNPVBrTqK#Z{it3g<coe?cL7O#$wzhq$p^@nsnnN!nI8a2
z|ErJu3`p+lKJo;R$pb!e4%Th00GS6Q^-Y#x|G~rYQT<zfsmrO9MOY>WWa^+_>dinZ
z-}Xyw0FwW%k8A?c_=%6)4kZ0wKJo!Ve(odp0?7o(7lBL$z5E>@?ZAJ20HpO{pXU)E
z&5!uVlR&a|?6B9(IUClv%a@rCB>R3rV)LVl!p)Q01tG6n3Yq#HKC%)>>oY!bBan39
zha*5zO<(4ALhkU99Y8Vx@+ly#_xUnk29getZvbg;@nwDtWGb-Oqd>BoeVJ20>NOuZ
zcQ(e(MjyEVNGd=s1QG?vD}hXv{8Fz2(hBCm>wsi~8TKY1wZN*IfYiU~^V|+3`l*k6
z5J+m+NA96gyM5$-AkDw^k$(X)RrZl@0m<6goIT-(KxzSU0tkMtA0<)ZNg$Jf4WDxk
zWWM9eyckG27zGP~Os)52E&<XCkk<og1RA~>NG)J45l?`;9Y`}kwgSl=^y~U4$pm%X
z52O(wp9fM4kOM$6fj)<U;OEbtHI4$I)q7%}6F{b19Fwc9jA6z)yK4c;FQm1f`{=8!
zIbHa5qdQMu<SH_`+RAcJ@}y+%qPf7X=exRxaDBpEYvn|r{Le{el3P@yo#gpTtLRrO
z-4djCFAf8wr;R!Tr0)Qttwrp0rDmQ`%=;AcQN`Rk1Li%7`EkXZhOI-Lx4^W&Pv^~w
z`G8`kU8s=xq|&*f?0i%)FTnaQ;OWUJohe3#I@c8QZpA#Mbe^l2@%xSr=DK1&sF+hq
z=VgkyrI;Ivd5dB`sB}K5>`a3rw8o@jKCGDMDV<j+osTQ#refZ!m`^F4=PTxIin*nj
z8;bd;VxFy-S1RVVV&18kk16JqVqUG7rxf#6#oSWNkE<S>t(c=nIwR6;in*znk16KE
zY7C|nb6YXbSH7`IS)*Hx!L(v-D&|>=nW8@$l0@3R-O3sn#e76Drxo)`#e7OJXBG24
z#T+T-1&X<$m~)ExkYb*zn6rxcsAA45=KYGfTQO%8^IpYVQOpMv^K8Z3qnP(A=9*%z
zE9OJWpHC@&o~xMain*nj=O~?*E1i!h=7wV4u9%M~ooO#J^yiFXo>a_}iut5so~M}c
zn?9+_t~Z*Bd7ENBte7LkoL0;&#k@-~A6LwC6mwoNw-s|uG4EH*$CYm!Q?YJJG4D{!
zZN*G`?*P4sv|Q;N9q)|K#}xBI<#nqS^SraAE<C5Zu7FyfXPKXgXBg@E5<H3G5LvIL
zr1q{0Ng(*h`kBT%Eq15dwU+gBMfQ<s@jK1undf3XZ|X`<`wW%n!!lIY8nB>ayw4v?
zAE~P$ZFg(+70!ls_1?R+)6PA6V2ZF$*CxGV$Ihf;KCGD2APIPSRw_T7)9qwrR4V3%
zVm_vHru$7nU45mq9AcSUiut%=?om3gRm>}u&TYk<SIoPV&Uo;!L+3rp&QprHXLd)a
z-rJPUJC)A!)p(D7(K#w<M<cLd?+V3SQp^*|8Y#s*rI?o~=DcEFt(en_d6}|CO)>9M
z%o$~kjAAY+o%g67#82Kri}f8+J(yL@bCu3{rSlf0b4ytxr<hkN=DK3utC;i38hOQB
zQP$Y2tkG81IHIgkQOu7k=B(0rSm|6+)~G4ww6eyqVy-LZV~V-1n3pT&&5C)qVqUK7
z+)&Khl{MPR&fSW6jf!=Xig|_7d8^WSk78b}bZ#o<JxXV~LkaR^RnRkEF*lUXEyaAB
zV&1Qqk1Ma6qnO)@IjfkrC}w)HDriODD&@~pig{2m?^ew8v(J#ZshFb^o$-06Vm_{z
z=O{Z*C~Kq?^Q2;aTrsB=^LE9YR?M`sAGEZ$u9){KYYZ!EXy(0&nJNnE>RF(4-mP@b
zD4n+|=0i$ndTuGGt8ckt&MM|vY7DMYI#-p>+f+o#DdwX}=Y@)SwPMaF=DcFADdq#p
z8dJ&|^OQ9zig|}(KB|~!E1mO-xhBkAa2vBXoh+&UXe(;F*S$u1(ELszycCcX^>(rR
z%rZSqY1hm$eZvxayI`n}kF4<P(ssAP?-mUO>CK5gg7i#C?Sk|*lqWP4^AXiw^A+<d
z#XL_jPYUx>&|hoC8Z+CucZalMW|^M-(yp0h`siLYsBmRBbAL6T!nWtnpzVz_X#0UP
zXnW1I9hd(dAMw?ev|YSz>1@$Zklxjzk03p_N$rC4?N%PuR?G_(b5$|#P|UNX74BKb
zDaE{7je?UZYRyy3brrRuM?2^DLyCEx(s_kq?pD@FDdxIjKCE=cVy$CFTd8zT3-ePj
za!b;KGmp65-D01aWqJ-tyJnW@+b#XxmFn=_<f+%pQ`q+5Gidv+GiZD34BEcq4BDQ3
z3fn$-25sMY25moh25sMZ25rwt+a>-i&4`AA^iGIAg7h?`c0u~)N?k6t<P~#DF|Sd~
zHO0JFMSzN8-lZbIl!^dz74v2l0cwhQfzr96bl$F*k)}eTjoqEAE9QMl=UIw*p<>>v
zbZ#i-`AX-KV&0~hPbxc4D(1~f=Yz`5C)H|sfzr7t%uhk2t%x;dj*z{RVxO61dJc=l
zW|ryOC;i@anstJ-UB=GRd7_~py@R5UAU#{9c0u}%sQzjz=14KGRLm8{yhSljDduC!
z6Ecc<jbdJ|nCa)Q;qx|gl+J4v^Jc}oUooc?^GT)ia>YETnDdG`t(dnc=9U^4kE?N!
zQR5<`n3pT&&5C)qV$P}^hOA<4E9M2t8aZW+`N|qO#k@^1A5l8bQp`DJjl5!RDdxFK
z=d5Cml+G2!oK;@8MKMn*=9Mzu-K<wr%m<aua}@J(#eC9PgO+UPor~uf4fE;mzOf8l
zqvbHD@Y7}Q^MBhbfay9ua=p|3W#`D9P%Uk$em|ys^>O8^Q;K<&V&0~h_bKM8V#X_7
zI-<>L#k@l??^n!q#hg;iYZP-sF&|LOI}~$TF&|LODdkbilt&$P9wj}PQOx@l^K8Z3
zqnHmV=B#3FD&}s*oKejC6?0B8uT{)Dm7NbNJMU6<&MW4eV&1Npn~J&Sm}%g=0wb51
zrysc_a|w-ZQ#)i_Bysw5T@M+U#{2vsW4U&kJNx1ZP1W{c)%Ho%c6yB;IuW|ry}`Z%
zLEEoKyIRt&a5K@gMQUdmidw`Le*Rc3CD!%Or+o(cu*{!cp9$zQbq4yd%%5JL_d%cN
zR}>+q_f_dHmig1_BXy;WKB!B4Y-v?_=04?_N0nzDb)G5A>4e$7G9&{Y6r{TBdwbm2
zakV4GU+D9_%MxbZMeoUX>eII%(b>N9VJ>9&SG_~#9W>;h@)@=-olAIzs>4VF5=CBJ
z_PR17t(b0nb+&6dna-9@C&TT!cmWhN<GpJRzI8+-mg(&gYnZDfX%YXmQKDz9*k?K!
zYo8lWV;||kr?BlkgQwHkwte~UZ~M|&;y+#Z(((C!XxGK0LJ-4yYtmBj`JP>!qv>Mm
z|FF~^90o|wk<QtC$@0!pOL7VsRLF!vwko8d5d5Ss)Mv>7g&a``me?JoW??)8?OHNd
zAqy3fRmf_E3@hX|h13<YQz3g5a!?^{g`8AKcV{mznWvD9LRKhbjY3KasdXYf`#Qa)
zcUz}NEnU@ljn=cK(^q>lG6uzammXK8hC563R1`Ad5V%D25zLITCj-^-xev(WRtE2>
z#4n8L1*g0-NvpV+UOP&!8#Oy8gwW@oQL23>$4*8b1~T8al#!nR*%}~^0eRq!eC5J2
zNU|C2b+r@oIY8uj36^;gklP#&{SJBn@BYj?ePa9K(v)0R5>2!arRW24tMjE6Ay#I-
z638+;?=Z3!$UavWl`jI}r~8aG_+_yXKM^F>s6s|o%jR95cwuTa;$19Ligd=SQTZ;g
zlzJ~p9d~unug2+Bn*7TSQwpz%rRvg;+La8c6KzAOIo3B==X-!m1vdON5Pq^q>iPnZ
zovtq8`38{1=3OX}wZ>r}{QDg#_3uFLxy<jc6F}&LL1#<-7D)aPU&FIf@C|$A%Nkw)
zq;Wp~UYL;!fqd!Dg(tSJ4$THU%ONAb<l<6S0Qome-ZWz~as!Z4u3g4gagO&}q!k6o
z&<h8j#5)PO)H?`?(jKxM2zg2(vj<4Uyv;^ReZ`a#or&RLAaY&F%s&Tm#OXsaPpDGo
zJQwO5_j#TVgg%K?Uq&)PFZTkWy(X%M>v|24Qczb8$jJa10FpH;b15|nq!sYI1Bk>8
zX1)u^`k?K10~t;Fi(fk&O`2Autv>fbMj{gPd>%+6(C4c_+5vJ1h^%0F?9hvVTaS`8
zg!vd`WChF2zok;<nJ$r`H=wNzn4bqkcGbAl1wba9AIAJ5=qTmtk{2^)9YVcwA@Kx#
z@hTwnNn*=NAcuo7s3XaBkf{b54gd+G=zD?G1DOv13BC7zLLL)uF|8QG?_sCJVlm!U
zT|@$vs=Z$3wtp6-@`F-}wBHXTZGY*{GT#N#boL>c9|ECI;+ekyBEOeGf7zE6^Y0y`
zFMbD^l|gJd=RCXu(6tNi_byiP+BE(x1C=uGRz^Mi+=W5xtA+X3dBQvoJgq>(mjS8$
zT-r{$E(SuMMCaE4kvk*Y(kp@dXAnv9KvrGoml^@mljt1Nd&pzMoJ5J+Ad_}7baD$2
z`mjuFUnJfPM#|lg*%6fbCm_3=|Ii#ag7=5l0uSE{nO|P!Yxs4l%XwzZFM^J0E{et=
zqF1r!9`j2*j8gKOHMYjjh$qT=(eES>`F$?SL|7_6&Ag`ze@Q%g4v_s$XF^^CB%Rc5
zUo_3Xf|MS7DP$6Vj`^kV5kH?PGM7MRR$!mk1Ci%9xb_=>Gy|ENfY3faorgzZ_N13_
zXWUqh?MvCyC&(I7*EmXT4_dJWNIJ0Chk&$#x;_D<9r)n`KvJ&lWQ~1<{K~KE+f?dK
zfBt#|$bScs_J4pJ3+n1VAKn`<pATfp)owZ&^)-{0(zPdEeV=wQf%LfmrJ{i6A|MN#
z&%<Ko?c2G)K9@j7_7m9hD+viSydKEyK`RO*W7^LBfxLA<mItNY4W#)(e^qcN5ZO)T
zx;_qsK0KCVo2Gz&FGD?u=!cYW)uD{jIgZU6@cY9V_A}r)8r1$EkPkbZ`91Hjv*V#!
zTaf7qBIFN%%yT1-WKIB?3;$uSBjgDn^~4V`mg)8MIoCTRa~9q%OrIo1y#UDLfrc*w
zvfCjP6U?jggFfwpjNG|qi@g?z{MMC`Yk|m}2u9ulWR+tkJvIP|f@re|h+J`Ssk?xL
zeflvVy8@n10jW42<LnWL&w*9<LT0ZkMY&ulZ9>zGI2o1uAyW@V<wHQ)frdW@^3f~B
zhH*T!u{>Ca<o92!^COU{xw@#Or+|FnGATt!XnC?Tr5tDk{q=0T=eH5)^8z4MH+G0;
z0T8*e<JvC)5(TwiK?sA!W3Xlck_%*R0<zWB72Ex>=z0D~nIIlilFUSR0Qrbpp-~;%
zfm9qbMz=9^Ht?T&A+y`nMWsFi<Wzt>2xK_n;aBuWIoHcnss$Mo^7Q!`kOjd=c?`%=
z*I!hs3pe&sLA%ZavLLAoSEDBNhV!4;CIZL=wO@cz{C)uOpA3+f3`#E}eMo_lOXLIp
zSq_;@5a-_jWJ}QYw*Wbi=!2!zpj`vlh-4FMOgV2M|Dh}uS*J6#bOU%&LG9x}WEYgZ
z<t`xUz+xYx+U=cL#5ztm5=}Yg*rxJmxzz=dNbqP1>bj5Wa?v=p$x`x;hcx^gWaRmI
z*5_+L8iAd^2ju&2bXKL7B2Pyv;Gs95r(K`ojpBuM<Lje&uqv^l6*jd<CD8B@lsXVt
z{x?AO1jsXAKzgP;9}6Q1oqdUs5e*4hOh{rM=uC-2+D>PzKui)D{%xT6&m|~@5bo7=
z1(3Y+1Y*7c$PuSu%&91%O0X6kgv>-xY81%o0I30yJAKv@fYkAoEk<>H6v(8ji;(+(
zymZiS>F0nv<YqLI`5KUn>kC320x}yswlB<!IEy38f;sM|kl7s6^%#)tfzD3?S?G}1
zrdO#4eR|Fdu?7lw<^!QmGV3h{ax{>6HIVJj$4L4OK=vnf*)&F(AdcM#nP$NAHXw3u
zovr$JK(c`~wgE{wW~%ExAnkzXvp{AA*D?<R>2~8ZwwZ!*LEFCvnM;FGKLWBWsOuL%
z$P!5mf5wZDpXg1#eVz-1K8ef)Kq^5iGC<}yW{N))fNCxxQTa<DBX1UBYvh2W+$x1+
z-U>wSj9{GF6f^uj5E>UTCsv9k1LiT5qL01a;bcfr%8f5NcUK@o$h|<Y(51=I_+k`&
z8ORpb3X=IQki!n4c2T;Ztg~}$ljG#wh@&}f5G5O~c3Sh(qPFgIM&bmM=B5=ywx6J`
zR?zQ{0y*SrCw)!<*&HCxo)<+c9D=u~nN(LTry-S^2bue>ls=7Z(wn-|nPgr8nYvrg
z6Y@$RQwg)p%v1|}{tC!soeY(_0mzyF83Hm9v}*#0{EDAFVGEFhL8<LP!t0bT0FgUB
z@B~iR6V(G7wji@3sH+WR*o_p@@C1;W^WNB|R7wT2@Dq@cw|ujP-B{PqCy5(#fm8x(
zTmWRHYej66c~zVzQ27jG>h6jowmHKxL4REWnP$+g*8w@^+I1a{;v0%1S0Z29Yp+>-
zEhR@nMk|v)%|AxMBdkYx^%k2%D8@UHgbO}7GLFd{4n00lEtW^daIxAySS*){c++f%
z%X`NIn1%xKVAFyC8*z9;ba)oYWM?{sOC_YVD)$eXtQp1iG38^%z^2PZ$`2NtGYijn
ztpAomDD5LGGg2lV+t#r{KjM#N9x$F8Gr2ve_Cs~7>|)OQORb6Gb>qbnYlS_f@lh<R
zs>V(@8s;<Oq&wvsFBRB=X1O1a4VO2Wnqdc=rz29vDldniK^9u{c%grUddoO)JZus~
zp?1?F>yVAQTC5_64HC@3QYKpiOhUb~sW@02CS3{x8?eoS2Czu~s7YUAkC02aYPxf<
z*k3BIXK^ZTYp^W#ELDnz7uF-;9Re4)2XP1`P~}JgPC<*!<ixGj!WaiQV?2`Ko`X@|
z=5%J5l{1+VkO6FcAx8hMrv}&)$U;Ys7sXZ;vX-%*JvJ})cW1@TBCM70dRsCgY$k2w
zBihlk5G&57rN;j8YI)OWKP=B0u%$pU+P?|u+R=07+t_gbV0jZYYZONBFI9&7<p5cr
zZHJf~XEDYXb)?l|qj^)hd9^pPK@1^BAa=fB$!Zxgc;B}V8o(qqGv5a2WUR$7qM;Vb
za>{A?ifqU9GH?5p-mDF<iVWCeCCbZ&13O8XZxvb`n^HW|6UT;gkK&Yhv$Xkcaw^7V
zH3pS86h?T!7ywBd%P_b3Zj5KYlY1ChvFXj@WxP$+1qa+ua^I<c<9_xN^PO@yno(n&
zhYenZ)Ad)7$uVIumlKYMH8cSvu_(7Z9)Y_fuRFCk9xl^hrn`o=QJ~~dgOfve8)1oZ
zQBt#TOrfAMTDYZH9v`D_BR;MO6Fe>eZRZJSJdJC&P^Db)I@qc+SR8a9vQr}>l}F-2
zdB~P2jEqq(%cK<p8-#6qY}msSZN`|UTDE6JAxf1v9VAiOw1pZ;V-ve_+&BVoyDvFF
z!aMJX2CR3;;mk0>@k1s891|UcOnd>x_0U=WxKx<HF%&Js9ogn4;inBOW@!rn3=YV^
zf#`aZznlA@j2eew)c7Y%JVO4)@y)zimc0nk7O`QX0w%ghMMfrjI8dgMV$LwH`Dz9h
zf&(_s_#8rb6|*j!<kpSr918W|T^%5or6imEqi`p~XOCjaZfYSro<!PAF-EpfDsC)}
zz!hWcxs6?H#cwJjR41)4hprJ}5u{X|h6s69JK@63N|GQBlhRPrHG|{0h0MkIEKS>H
zvMY!o8DCGGMZ?YE2C<C=XN*jZ=+>eB@e<9c0LUBJE_7t_zj6p-%k`HA;#>Ml<FFf@
z$Ce$Ai(|!g#Zs|~t`iD`LQFPz?Gt&7rM2}~)J(&C$%NdFOu7ihGB_%Ob!|;U<E0Ym
zun5*SXGupPBY+j8YRIkOQWSAeKb(v}tdUGG!Q5RPrYV-r*;D29w2E*NwrQpoa|vMx
zh?U2%-}WMsY*ICpje*$^MtIG`hh~ky-2~S}JS1~C1KXvLS#WIXAH`@gr}?Wvxx5*4
zrrY7cV`6t&e)xv8=S(>=&uF<U<IZ6;0^DLstmQ0aYB$4C+;9S;VW1i(e(8W@z+!k?
zA#XUCQ8ZK@-6%|M4Bd)mCi;wGRLY77)---3wlr%C)0gNIJcq&^VV1ko^dmJHDNBn3
z;&aZ_Xs3w~roCL;BOJm`8dDR4?ql|E_IESLO6BqfT5WKM<bY4>F+qk($)sU14rHc)
zHLv*&_c9xFOobsp*AGHtwkc&&vR3399KLI@R~dVvAutoI{>&jwjV#IESY7%~DqBKR
ze_Y*!iO39YKBo7w`Nv{F+hWp^CvXNRz>{Tc#S~A-_THg!V51c+C+LfJk`KM=O*&+5
z1aV32ro1IjoQ41@YYAzba_n-|*##Es8ce%%alwJZaa&<>m7t$7Ia>dt3M86Htl&h|
zl$RPo-KMQJS*p>LjpdQ-GOSI@ab>J9jz6OXy2TO4l|pgJvc7l}6HRerfnnSMMN2FL
z)<Kkqa7iaXF_3Gt5)?86fYd;OZo1{msg&&@Z^&TYx#qg7R$p=D<#F!X%dcB;b$rd`
ztFC@+yy}W;S7Srl%5v;unj|wa?yQV2UJ^t0s>`nxQQlFv<uHn9o8BHJIhawaZ<%%Q
zkC-0ig^rX`nCgvJtiJl14mE5=KF`QTh<f?QZB=$J#~$&nggt;x^dMX8x5L;+l5bP9
zF76|HnRLeJEt_81oQPwSrWv(XOJ-Hd`np`k=4pWGvy$`B<`o;6&Z{G)c1VS0y1|6T
z?r1xY^C?3JqdG1Rk);sw$)|9AMFtB`Ab=D`ae+=}Hum3C#&ys5x-ndaAVcUah0!rw
z<e775>f)qkbPJj@QS$o1n8szbHd(B#A<cT*q>-lXq;f^C9OCbWu`1Ti?i>ww=TUaM
zD;^)CO$3vh+S0;JO=fR*NFHHCFeL_A(rq+|aZ!qDV8QC}$cDrnVc{PC2zlad*Evyp
zY}!akyg_5Wb7aKmdtFD$=xmR>vNRXJ7^!1st(4>xcY2$<vi69cm9)W}7w}vU-!hA1
zJfiNI&ZuCM(c9kVn-j3*%!Bpvt5$gCHCgHtrx-5uSA1uY?B&L#Uzs?7x7A@{<Or_D
z$hh3Ul};s-tlfraX+p$$%Oj#@Bgt%-AaF_s@q{(-3|gBZhS9DJ#(=j4MMDOC7(^R;
zpDVF4DT@U<{2iHHeMdJ&HO-bzw)b~P^To?LHMb8QT4FjfS<C5|woTR{@4c}$ja$(O
zV@dIttzYvPqb)yHFk5?A%HWa-Qw<MZqn+K77XA3Hp4Gt51uuS2myB#@`k$^^&DFab
zB)rmK378mB5O%d&Xt=(`W|t&PmuQU5tpa92TvwgO(P#{#slA;hv(KqoAF(4AdvQp(
zZr1ZC<|VW@W_Kgf1pmMd?EO<y)x};_uhr9neasj9G>!rmXA53OSU(;Jh3w-<rYcNl
z5{AtHFqh11!XWiL$8uRg@UkREW1$3(m4VK&BD73qAK`^Kk9N#T<hte{=@x!Yq7Olb
z&mcC^Eo4yRL1K6kUH4%kwK>t_WoGih(vNm*VOwn~`|K0CexQV>PYQIg%+!7;j0enx
z9&tb~JZVfjtmtzX#~1Ts9>x&n5g7@l8Fmlflw9nE2A=sB2fCU9_A#s&m#DN6ZB{Wx
zOmw7XQ<GU^`^*m%qs!fJJPnN_s0G@fEZdF?o5#y6k-asZ*q9!%LoGaSP8Ub`mM)oO
zu@^jPp~%-y2w!H)fa`Kg`_O|>8sUNs>ipE7U<2zL3)vf6@z{vDX2%fb8m613_>6rl
z0)iB&Z0}98w6c#&(ft9eC+w__QI3Esj%&sP+6Vt*Zu_`^J>r`t5Vs2yGv)Zp5FQtF
zS!LIFo2upUf#DL(y2;|itq{;*m?~Xe=E>rui|EOz<cRx=y^iJ&8ZopbUBq^>Ssa*C
z_JJbPZHQjt9%v=j3DQalSm;bU3(1y(8=v+@v(#@l#-y*!qjF*sUWt2Q)vOwW5M^&j
zkycQ{A7AznTFXUGna;4T<f@ZkL09{96(brt@A78^`+aB}%TT}8WF-rYFl_yEp5O7{
z;MvfhXNSgNT3d$pgR$dI_eI8Nwv@?-FA!O4ab&(E8{&;edNM?2xdN{5Xf&FjP%5t5
zfElV#T5@rWI{<d7PrS$1gqHzYLy0ay)D%<Q;sye%H{6eHonU=R$|o}~KU!<M$Ug1h
z`K1JDiWHc|tjpPZ6S8*Xn!I(9@mBjdj7LV#r+DjJ@mMbI4JHm1$yLkmUo!?~MF`*t
zgvV2|RHO*vrUpCZ!9H~Ri!2nIM5NGA2D)|gPLrC+3loaz@e(eZBiwIOR_3k1{{=--
B3+n&?


From 3fda66c8ae85161e248786b5f7b28ac3575e7c05 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 Jul 2006 07:26:10 +0000
Subject: [PATCH 004/301] Initial 1.00

git-svn-id: svn://svn.code.sf.net/p/axtls/code/tags/release-1.0.0@8 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From d7fc5b7f04837435ac7efadd21efa86a49fd5bc6 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 Jul 2006 07:35:12 +0000
Subject: [PATCH 005/301] Initial 1.00

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@11 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From f8e703ed65067bb5c161e23b431e552af70be6aa Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 4 Jul 2006 21:47:18 +0000
Subject: [PATCH 006/301] Updated LGPL licenses

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@12 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/Config.in |   1 -
 config/config.h    | 116 ---------------------------------------------
 ssl/Config.in      |   6 +--
 ssl/Makefile       |  10 ++--
 ssl/aes.c          |  10 ++--
 ssl/asn1.c         |   8 ++--
 ssl/bigint.c       |   8 ++--
 ssl/bigint.h       |  10 ++--
 ssl/bigint_impl.h  |   8 ++--
 ssl/crypto.h       |  10 ++--
 ssl/crypto_misc.c  |   8 ++--
 ssl/hmac.c         |   8 ++--
 ssl/loader.c       |   8 ++--
 ssl/md5.c          |   8 ++--
 ssl/os_port.c      |  10 ++--
 ssl/os_port.h      |   8 ++--
 ssl/p12.c          |   8 ++--
 ssl/rc4.c          |  10 ++--
 ssl/rsa.c          |   8 ++--
 ssl/sha1.c         |   8 ++--
 ssl/ssl.h          |  10 ++--
 ssl/tls1.c         |  10 ++--
 ssl/tls1.h         |  10 ++--
 ssl/tls1_clnt.c    |   8 ++--
 ssl/tls1_svr.c     |   8 ++--
 25 files changed, 100 insertions(+), 217 deletions(-)
 delete mode 100644 config/config.h

diff --git a/bindings/Config.in b/bindings/Config.in
index a268f80787..5af0c0ce54 100644
--- a/bindings/Config.in
+++ b/bindings/Config.in
@@ -69,7 +69,6 @@ config CONFIG_PERL_BINDINGS
         Build Perl bindings.
 
         Current Issues (see README):
-        * Doesn't work under Win32 ActiveState Perl.
         * 64 bit versions don't work at present.
         * libperl.so needs to be in the shared library path.
 
diff --git a/config/config.h b/config/config.h
deleted file mode 100644
index 56d8e8a8df..0000000000
--- a/config/config.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Automatically generated header file: don't edit
- */
-
-#define HAVE_DOT_CONFIG 1
-#undef CONFIG_PLATFORM_LINUX
-#undef CONFIG_PLATFORM_CYGWIN
-#undef CONFIG_PLATFORM_SOLARIS
-#define CONFIG_PLATFORM_WIN32 1
-
-/*
- * General Configuration
- */
-#undef CONFIG_DEBUG
-
-/*
- * Microsoft Compiler Options
- */
-#undef CONFIG_VISUAL_STUDIO_6_0
-#define CONFIG_VISUAL_STUDIO_7_0 1
-#undef CONFIG_VISUAL_STUDIO_8_0
-#define CONFIG_VISUAL_STUDIO_6_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_7_0_BASE "c:\\Program Files\\Microsoft Visual Studio .NET 2003"
-#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
-#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
-#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
-
-/*
- * SSL Library
- */
-#undef CONFIG_SSL_SERVER_ONLY
-#undef CONFIG_SSL_CERT_VERIFICATION
-#undef CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_FULL_MODE 1
-#undef CONFIG_SSL_SKELETON_MODE
-#undef CONFIG_SSL_PROT_LOW
-#define CONFIG_SSL_PROT_MEDIUM 1
-#undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY 1
-#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
-#define CONFIG_SSL_HAS_PEM 1
-#define CONFIG_SSL_USE_PKCS12 1
-#define CONFIG_SSL_EXPIRY_TIME 24
-#define CONFIG_X509_MAX_CA_CERTS 4
-#define CONFIG_SSL_MAX_CERTS 2
-#undef CONFIG_USE_DEV_URANDOM
-#define CONFIG_WIN32_USE_CRYPTO_LIB 1
-#undef CONFIG_PERFORMANCE_TESTING
-#define CONFIG_SSL_TEST 1
-#define CONFIG_AWHTTPD 1
-
-/*
- * Awhttpd Configuration
- */
-#undef CONFIG_HTTP_STATIC_BUILD
-#define CONFIG_HTTP_HAS_SSL 1
-#define CONFIG_HTTP_HTTPS_PORT 443
-#undef CONFIG_STANDARD_AWHTTPD
-#define CONFIG_HTTP_WEBROOT "www"
-#define CONFIG_HTTP_PORT 80
-#undef CONFIG_HTTP_USE_TIMEOUT
-#define CONFIG_HTTP_TIMEOUT 
-#define CONFIG_HTTP_INITIAL_SLOTS 10
-#define CONFIG_HTTP_MAX_USERS 100
-#undef CONFIG_HTTP_HAS_CGI
-#define CONFIG_HTTP_CGI_EXTENSION ""
-#undef CONFIG_HTTP_DIRECTORIES
-#undef CONFIG_HTTP_PERM_CHECK
-#undef CONFIG_HTTP_HAS_IPV6
-#define CONFIG_HTTP_VERBOSE 1
-#undef CONFIG_HTTP_IS_DAEMON
-
-/*
- * Language Bindings
- */
-#define CONFIG_BINDINGS 1
-#define CONFIG_CSHARP_BINDINGS 1
-#define CONFIG_VBNET_BINDINGS 1
-
-/*
- * .Net Framework
- */
-#define CONFIG_DOT_NET_FRAMEWORK_BASE "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-#define CONFIG_JAVA_BINDINGS 1
-
-/*
- * Java Home
- */
-#define CONFIG_JAVA_HOME "c:\\Program Files\\Java\\jdk1.5.0_06"
-#undef CONFIG_PERL_BINDINGS
-#define CONFIG_PERL_CORE ""
-#define CONFIG_PERL_LIB ""
-
-/*
- * Samples
- */
-#define CONFIG_SAMPLES 1
-#define CONFIG_C_SAMPLES 1
-#define CONFIG_CSHARP_SAMPLES 1
-#define CONFIG_VBNET_SAMPLES 1
-#define CONFIG_JAVA_SAMPLES 1
-#undef CONFIG_PERL_SAMPLES
-
-/*
- * BigInt Options
- */
-#undef CONFIG_BIGINT_CLASSICAL
-#undef CONFIG_BIGINT_MONTGOMERY
-#define CONFIG_BIGINT_BARRETT 1
-#define CONFIG_BIGINT_CRT 1
-#undef CONFIG_BIGINT_KARATSUBA
-#define MUL_KARATSUBA_THRESH 
-#define SQU_KARATSUBA_THRESH 
-#define CONFIG_BIGINT_SLIDING_WINDOW 1
-#define CONFIG_BIGINT_SQUARE 1
-#undef CONFIG_BIGINT_CHECK_ON
diff --git a/ssl/Config.in b/ssl/Config.in
index ff3aba5975..7607f750a4 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -161,16 +161,16 @@ config CONFIG_SSL_USE_PKCS12
     default y if CONFIG_SSL_FULL_MODE
     depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
-        PKCS12 certificates combine private keys and certificates together in
+        PKCS#12 certificates combine private keys and certificates together in
         one file.
 
-        PKCS8 private keys are also suppported (as it is a subset of PKCS12).
+        PKCS#8 private keys are also suppported (as it is a subset of PKCS#12).
 
         The decryption of these certificates uses RC4-128 (and these
         certificates must be encrypted using this cipher). The actual
         algorithm is "PBE-SHA1-RC4-128".
 
-        Disable if PKCS12 is not used (which will be in most cases).
+        Disable if PKCS#12 is not used (which will be in most cases).
 
 config CONFIG_SSL_EXPIRY_TIME
     int "Session expiry time (in hours)"
diff --git a/ssl/Makefile b/ssl/Makefile
index 2b0b6aa65f..476576c1ce 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -1,17 +1,17 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
+#  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
diff --git a/ssl/aes.c b/ssl/aes.c
index 7c41c753fe..9a696fc77a 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/asn1.c b/ssl/asn1.c
index fa44dfbe63..42de09ba12 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 9702dc4fcc..99c7b508db 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/bigint.h b/ssl/bigint.h
index c98b3837d0..d607174fe5 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 1897fec16d..8a0104ab1a 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/crypto.h b/ssl/crypto.h
index df25e64029..8f7dc643e6 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index b98181f025..76cc36a165 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/hmac.c b/ssl/hmac.c
index 289892a48f..8fb0439606 100644
--- a/ssl/hmac.c
+++ b/ssl/hmac.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/loader.c b/ssl/loader.c
index 5f43d4982c..a41a300934 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/md5.c b/ssl/md5.c
index 95adab8648..3f5ec030f9 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/os_port.c b/ssl/os_port.c
index b278c4a291..01ab779646 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 73f4d9be28..049dce083e 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/p12.c b/ssl/p12.c
index ec84b8b14d..54a8e4622c 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/rc4.c b/ssl/rc4.c
index a9ce82ccbb..8126b4f148 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/rsa.c b/ssl/rsa.c
index c6fe654cbf..d433730717 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/sha1.c b/ssl/sha1.c
index e1d259c6eb..5f6b2c3b2a 100644
--- a/ssl/sha1.c
+++ b/ssl/sha1.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 687104e629..bcac9ef72b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/tls1.c b/ssl/tls1.c
index f3a4a1c5dc..d70f73b346 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU General Lesser License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
@@ -1581,7 +1581,7 @@ SSL_SESS *ssl_session_update(int max_sessions,
             ssl->session_index = i;
             return ssl_sessions[i]; /* return the session object */
         }
-        else if (ssl_sessions[i]->conn_time < oldest_sess_time)
+        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
         {
             /* find the oldest session */
             oldest_sess_time = ssl_sessions[i]->conn_time;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index be8cc1f957..c0c2196027 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 7043876429..6ddd799a2c 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index ff0eb62a52..1226e85a80 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -1,17 +1,17 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2.1 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
+ *  You should have received a copy of the GNU Lesser General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */

From da46383ade9ebd4ac08725d17a3a5453cbf9b9e1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 5 Jul 2006 08:16:26 +0000
Subject: [PATCH 007/301] More LGPL license changes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@13 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 LICENSE                             | 178 ++++++++++++++++++++
 Makefile                            |  12 +-
 bindings/Makefile                   |  12 +-
 bindings/generate_SWIG_interface.pl |  12 +-
 bindings/generate_interface.pl      |  12 +-
 config/JMeter.jmx                   | 250 ++++++++++++++++++++++++++++
 config/makefile.conf                |  12 +-
 config/makefile.dotnet.conf         |  10 +-
 config/makefile.java.conf           |  10 +-
 ssl/Makefile                        |   2 +-
 ssl/aes.c                           |   2 +-
 ssl/asn1.c                          |   2 +-
 ssl/bigint.c                        |   2 +-
 ssl/bigint.h                        |   2 +-
 ssl/bigint_impl.h                   |   2 +-
 ssl/crypto.h                        |   2 +-
 ssl/crypto_misc.c                   |   2 +-
 ssl/hmac.c                          |   2 +-
 ssl/loader.c                        |   2 +-
 ssl/md5.c                           |   2 +-
 ssl/os_port.c                       |   2 +-
 ssl/os_port.h                       |   2 +-
 ssl/p12.c                           |   2 +-
 ssl/rc4.c                           |   2 +-
 ssl/rsa.c                           |   2 +-
 ssl/sha1.c                          |   2 +-
 ssl/ssl.h                           |   2 +-
 ssl/test/Makefile                   |  12 +-
 ssl/test/make_certs.sh              |  12 +-
 ssl/test/perf_bigint.c              |  12 +-
 ssl/test/ssltest.c                  |  12 +-
 ssl/test/test_axssl.sh              |  12 +-
 ssl/tls1.c                          |   2 +-
 ssl/tls1.h                          |   2 +-
 ssl/tls1_clnt.c                     |   2 +-
 ssl/tls1_svr.c                      |   2 +-
 36 files changed, 520 insertions(+), 92 deletions(-)
 create mode 100644 LICENSE
 create mode 100755 config/JMeter.jmx

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000000..32e42d5a8a
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,178 @@
+GNU LESSER GENERAL PUBLIC LICENSE
+
+Version 2.1, February 1999
+
+Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+Preamble
+
+The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
+
+This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.
+
+When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.
+
+To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.
+
+For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.
+
+We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.
+
+To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.
+
+Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.
+
+Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.
+
+When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.
+
+We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.
+
+For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.
+
+In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.
+
+Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
+
+The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
+
+A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.
+
+The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)
+
+"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.
+
+Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.
+
+1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.
+
+You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
+
+2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
+
+    * a) The modified work must itself be a software library.
+    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.
+    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
+    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.
+
+      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)
+
+      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
+
+      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.
+
+      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 
+
+3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.
+
+Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
+
+This option is useful when you wish to copy part of the code of the Library into a program that is not a library.
+
+4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
+
+If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
+
+5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
+
+However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
+
+When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.
+
+If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)
+
+Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.
+
+6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
+
+You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:
+
+    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)
+    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.
+    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.
+    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.
+    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. 
+
+For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
+
+It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.
+
+7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:
+
+    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.
+    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 
+
+8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
+
+9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.
+
+10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.
+
+11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
+
+This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
+
+12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
+
+13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
+
+14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
+
+NO WARRANTY
+
+15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+END OF TERMS AND CONDITIONS
+How to Apply These Terms to Your New Libraries
+
+If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).
+
+To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
+
+one line to give the library's name and an idea of what it does.
+Copyright (C) year  name of author
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:
+
+Yoyodyne, Inc., hereby disclaims all copyright interest in
+the library `Frob' (a library for tweaking knobs) written
+by James Random Hacker.
+
+signature of Ty Coon, 1 April 1990
+Ty Coon, President of Vice
+
diff --git a/Makefile b/Makefile
index e335b82c85..ce029b92fc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,18 +1,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This license is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/bindings/Makefile b/bindings/Makefile
index 47b48befca..8f1fc88596 100644
--- a/bindings/Makefile
+++ b/bindings/Makefile
@@ -1,18 +1,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index 7509e17cfe..c4a98ffcef 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -3,18 +3,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index a063ea2cc7..067dead21b 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -3,18 +3,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/config/JMeter.jmx b/config/JMeter.jmx
new file mode 100755
index 0000000000..0ef7c74696
--- /dev/null
+++ b/config/JMeter.jmx
@@ -0,0 +1,250 @@
+<jmeterTestPlan version="1.2" properties="1.8">
+  <hashTree>
+    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="awhttpd Test Plan" enabled="true">
+      <elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+        <collectionProp name="Arguments.arguments"/>
+      </elementProp>
+      <stringProp name="TestPlan.user_define_classpath"></stringProp>
+      <boolProp name="TestPlan.serialize_threadgroups">true</boolProp>
+      <boolProp name="TestPlan.functional_mode">false</boolProp>
+      <stringProp name="TestPlan.comments"></stringProp>
+    </TestPlan>
+    <hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 0" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="normal" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol"></stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">80</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 1" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="win32 (RC4)" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 2" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="cygwin (RC4)" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">1443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 3" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="skeleton (RC4)" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">2443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 4" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES128" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">3443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 5" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES256" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">4443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ResultCollector guiclass="StatGraphVisualizer" testclass="ResultCollector" testname="Aggregate Graph" enabled="true">
+        <objProp>
+          <value class="SampleSaveConfiguration">
+            <time>true</time>
+            <latency>true</latency>
+            <timestamp>true</timestamp>
+            <success>true</success>
+            <label>true</label>
+            <code>true</code>
+            <message>true</message>
+            <threadName>true</threadName>
+            <dataType>true</dataType>
+            <encoding>false</encoding>
+            <assertions>true</assertions>
+            <subresults>true</subresults>
+            <responseData>false</responseData>
+            <samplerData>false</samplerData>
+            <xml>false</xml>
+            <fieldNames>false</fieldNames>
+            <responseHeaders>false</responseHeaders>
+            <requestHeaders>false</requestHeaders>
+            <responseDataOnError>false</responseDataOnError>
+            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
+            <assertionsResultsToSave>0</assertionsResultsToSave>
+          </value>
+          <name>saveConfig</name>
+        </objProp>
+        <stringProp name="filename"></stringProp>
+        <boolProp name="ResultCollector.error_logging">false</boolProp>
+      </ResultCollector>
+      <hashTree/>
+    </hashTree>
+  </hashTree>
+</jmeterTestPlan>
diff --git a/config/makefile.conf b/config/makefile.conf
index 744234c4c0..c1167e5d84 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -1,18 +1,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
index 7589550c74..23baf70c5b 100644
--- a/config/makefile.dotnet.conf
+++ b/config/makefile.dotnet.conf
@@ -1,17 +1,17 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
+#  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
index 1ecce11940..59bde86139 100644
--- a/config/makefile.java.conf
+++ b/config/makefile.java.conf
@@ -1,17 +1,17 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
+#  You should have received a copy of the GNU Lesser General Public License
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
diff --git a/ssl/Makefile b/ssl/Makefile
index 476576c1ce..ab4db3d9d5 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -12,7 +12,7 @@
 #  GNU Lesser General Public License for more details.
 #
 #  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/ssl/aes.c b/ssl/aes.c
index 9a696fc77a..74e8b666ef 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 42de09ba12..6e67d3c7d4 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 99c7b508db..797ca21703 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/bigint.h b/ssl/bigint.h
index d607174fe5..2291f5c878 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 8a0104ab1a..9d48182866 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/crypto.h b/ssl/crypto.h
index 8f7dc643e6..8a79a84f15 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 76cc36a165..8591aacd9e 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/hmac.c b/ssl/hmac.c
index 8fb0439606..cafb2642a4 100644
--- a/ssl/hmac.c
+++ b/ssl/hmac.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/loader.c b/ssl/loader.c
index a41a300934..400847b856 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/md5.c b/ssl/md5.c
index 3f5ec030f9..c682e11ea6 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 01ab779646..19932293ea 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 049dce083e..b8354cb6ce 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -12,7 +12,7 @@
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/p12.c b/ssl/p12.c
index 54a8e4622c..2d198dc90e 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/rc4.c b/ssl/rc4.c
index 8126b4f148..acb5f14f2f 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/rsa.c b/ssl/rsa.c
index d433730717..f401cf2859 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/sha1.c b/ssl/sha1.c
index 5f6b2c3b2a..1f06732352 100644
--- a/ssl/sha1.c
+++ b/ssl/sha1.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index bcac9ef72b..27b1f3903b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index ddf3526b95..d8f9474511 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -1,18 +1,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This library is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
index 57d2a10f8a..0e58d73bc3 100755
--- a/ssl/test/make_certs.sh
+++ b/ssl/test/make_certs.sh
@@ -3,18 +3,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This license is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index 116a1ba013..0bd1e9f8b9 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -1,18 +1,18 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This license is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this license; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 7c547ef222..aec29106c5 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1,18 +1,18 @@
 /*
  *  Copyright(C) 2006
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
+ *  This license is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
  *  (at your option) any later version.
  *
- *  This program is distributed in the hope that it will be useful,
+ *  This license is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this license; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 4a22985fde..01ede465f9 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -3,18 +3,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This license is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index d70f73b346..41484949f3 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU General Lesser License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index c0c2196027..9f611f7750 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 6ddd799a2c..45d4bca5c2 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 1226e85a80..061cfcb387 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -12,7 +12,7 @@
  *  GNU Lesser General Public License for more details.
  *
  *  You should have received a copy of the GNU Lesser General Public License
- *  along with this program; if not, write to the Free Software
+ *  along with this library; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 

From 818037c8e3f46160a8ad731fb3548c04485b0190 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 Jul 2006 10:58:03 +0000
Subject: [PATCH 008/301] Added the health.sh CGI script

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@14 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 README                 |  4 +++-
 config/win32config     | 14 +++++++-------
 docsrc/Makefile        | 12 ++++++------
 www/test_dir/health.sh | 21 +++++++++++++++++++++
 www/test_dir/tmp       |  1 +
 5 files changed, 38 insertions(+), 14 deletions(-)
 create mode 100755 www/test_dir/health.sh
 create mode 120000 www/test_dir/tmp

diff --git a/README b/README
index 2d6d7b990a..ead37bb977 100644
--- a/README
+++ b/README
@@ -136,7 +136,9 @@ Win32 issues
   this.
 
 * The test harness appears to be broken under VC8.0. Debugging shows a problem
-  the _close() function which is weird.
+  the _close() function which is weird. CGI is also broken under VC8.0.
+
+* CGI works under Win32, but needs some more work to get it right.
 
 Solaris issues
 ==============
diff --git a/config/win32config b/config/win32config
index 5740814929..4c197c83f7 100644
--- a/config/win32config
+++ b/config/win32config
@@ -16,11 +16,11 @@ CONFIG_PLATFORM_WIN32=y
 # Microsoft Compiler Options
 #
 # CONFIG_VISUAL_STUDIO_6_0 is not set
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-CONFIG_VISUAL_STUDIO_8_0=y
+CONFIG_VISUAL_STUDIO_7_0=y
+# CONFIG_VISUAL_STUDIO_8_0 is not set
 CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
+CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
 CONFIG_EXTRA_CFLAGS_OPTIONS=""
 CONFIG_EXTRA_LDFLAGS_OPTIONS=""
 
@@ -61,9 +61,9 @@ CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=0
 CONFIG_HTTP_INITIAL_SLOTS=10
 CONFIG_HTTP_MAX_USERS=100
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSION=""
-# CONFIG_HTTP_DIRECTORIES is not set
+CONFIG_HTTP_HAS_CGI=y
+CONFIG_HTTP_CGI_EXTENSION=".php"
+CONFIG_HTTP_DIRECTORIES=y
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
 CONFIG_HTTP_VERBOSE=y
diff --git a/docsrc/Makefile b/docsrc/Makefile
index 574d5ebda9..a9a1e502c5 100644
--- a/docsrc/Makefile
+++ b/docsrc/Makefile
@@ -1,18 +1,18 @@
 #
 #  Copyright(C) 2006
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
 #  the Free Software Foundation; either version 2 of the License, or
 #  (at your option) any later version.
 #
-#  This program is distributed in the hope that it will be useful,
+#  This license is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+#  GNU Lesser General Public License for more details.
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
new file mode 100755
index 0000000000..4a4cdfb417
--- /dev/null
+++ b/www/test_dir/health.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+echo "Content-type: text/html"
+echo
+
+echo "<HTML>"
+echo "<TITLE>System Health</TITLE><BODY>"
+
+echo "<H1>System Health for '`hostname`'</H1>"
+echo "<H2>Processes</H2>"
+echo "<TABLE BORDEr=\"2\">"
+ps -ef | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+echo "</TABLE>"
+
+echo "<H2>Free FileSystem Space</H2>"
+echo "<TABLE border=\"2\">"
+df -h . | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+echo "</TABLE>"
+
+echo "</BODY></HTML>"
+
diff --git a/www/test_dir/tmp b/www/test_dir/tmp
new file mode 120000
index 0000000000..cad2309100
--- /dev/null
+++ b/www/test_dir/tmp
@@ -0,0 +1 @@
+/tmp
\ No newline at end of file

From e8254fa575391e0693806235447ca7a789b95424 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 Jul 2006 11:10:18 +0000
Subject: [PATCH 009/301] http/https directory listing issue fixed

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@15 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/awhttpd.patch | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index 932c0583ec..ab63d6416f 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-06-28 20:38:44.921875000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-07-07 20:37:30.890625000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -173,7 +173,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-06-28 20:38:44.921875000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-07-07 20:37:30.890625000 +1000
 @@ -7,29 +7,33 @@
  */
  
@@ -362,7 +362,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +#endif  /* CONFIG_HTTP_HAS_CGI */
 diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 --- awhttpd/conf.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/conf.c	2006-06-28 20:38:44.921875000 +1000
++++ axTLS/httpd/awhttpd/conf.c	2006-07-07 20:37:30.890625000 +1000
 @@ -10,11 +10,7 @@
  #include <stdio.h>
  #include <string.h>
@@ -450,7 +450,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 +#endif  /* CONFIG_STANDARD_AWHTTPD */
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-06-28 20:38:44.921875000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-07-07 20:37:30.890625000 +1000
 @@ -9,15 +9,11 @@
  
  #include <stdio.h>
@@ -525,7 +525,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
    return;
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-07-07 20:37:30.890625000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -562,7 +562,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
    char buf[1024];
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-07-07 20:37:30.890625000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -588,7 +588,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-07-07 20:37:30.890625000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -828,7 +828,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-07-07 20:37:30.890625000 +1000
 @@ -21,13 +21,14 @@
  
  
@@ -862,7 +862,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-07-07 20:37:30.890625000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1008,7 +1008,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-07-07 20:37:30.906250000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1111,7 +1111,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-06-28 20:38:44.937500000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-07-07 20:37:30.906250000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1202,7 +1202,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-06-28 20:47:25.109375000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-07-07 21:07:26.250000000 +1000
 @@ -13,14 +13,12 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -1282,8 +1282,9 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    // If the browser doesn't specify a virtual host, the client will
    // see "http://default/thedir/" instead of "http://thehost.com/thedir/"
    // Consider this punishment for using such an old browser.
-   snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of http://%s%s</H2><BR>\n", cn->virtualhostreq, cn->filereq);
+-  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of http://%s%s</H2><BR>\n", cn->virtualhostreq, cn->filereq);
 -  write(cn->networkdesc, buf, strlen(buf));
++  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of %s://%s%s</H2><BR>\n", cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
 +  special_write(cn, buf, strlen(buf));
  
    cn->state = STATE_DOING_DIR;
@@ -1660,7 +1661,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-06-28 20:38:44.953125000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-07-07 20:37:30.906250000 +1000
 @@ -8,19 +8,11 @@
  
  
@@ -1747,7 +1748,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-06-28 20:38:44.953125000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-07-07 20:37:30.906250000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From 94186b6f216734bdbd660283e95ac675f7312baa Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 Jul 2006 00:25:27 +0000
Subject: [PATCH 010/301] Now exclude svn dirs in tar

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@16 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index ce029b92fc..c1efd9e503 100644
--- a/Makefile
+++ b/Makefile
@@ -50,7 +50,7 @@ release:
 	-$(MAKE) clean
 	-@rm config/.* config/config.h
 	-@rm config/*.msi config/*.back.aip
-	cd ../; tar cvfz $(RELEASE).tar.gz axTLS; cd -;
+	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
 
 docs:
 	$(MAKE) -C docsrc doco
@@ -70,7 +70,8 @@ win32_demo:
         ./axTLS/axssl.vbnet.exe \
         ./axTLS/axtls.jar \
         ./axTLS/www/* \
-        ./axTLS/www/crypto_files/*; \
+        ./axTLS/www/crypto_files/* \
+        ./axTLS/www/test_dir/*; \
     unzip -d axTLS.release_test $(RELEASE).zip; cd -;
 
 # tidy up things
@@ -131,5 +132,3 @@ win32releaseconf: config/scripts/config/conf
 	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
 	$(MAKE)
 
-
-

From 2bab7a44a33bfe3c3bbf7658bd8eb669907297d4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 Jul 2006 00:58:36 +0000
Subject: [PATCH 011/301] removed CGI from win32 demo

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@17 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/win32config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/win32config b/config/win32config
index 4c197c83f7..ce1e485c68 100644
--- a/config/win32config
+++ b/config/win32config
@@ -61,8 +61,8 @@ CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=0
 CONFIG_HTTP_INITIAL_SLOTS=10
 CONFIG_HTTP_MAX_USERS=100
-CONFIG_HTTP_HAS_CGI=y
-CONFIG_HTTP_CGI_EXTENSION=".php"
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSION=""
 CONFIG_HTTP_DIRECTORIES=y
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set

From a10e2dcf017c173b7d5f40d2de2ae44c334a4629 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 Jul 2006 01:04:11 +0000
Subject: [PATCH 012/301] version update

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@18 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/awhttpd.aip | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/config/awhttpd.aip b/config/awhttpd.aip
index 3b68600ab9..575102d520 100755
--- a/config/awhttpd.aip
+++ b/config/awhttpd.aip
@@ -8,21 +8,25 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{C78C84DF-8FBA-49BD-AC4B-BEEE0A3411C6} "/>
+    <ROW Property="ProductCode" Value="1033:{9355EAA9-8EA4-4B4B-9A1E-F5E8EDAC1BA8} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.0.0"/>
+    <ROW Property="ProductVersion" Value="1.0.1"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
     <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
+    <ROW Directory="New_Folder_1_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
+    <ROW Directory="New_Folder_2_DIR" Directory_Parent="New_Folder_1_DIR" DefaultDir="anothe~1|another_dir"/>
+    <ROW Directory="New_Folder_DIR" Directory_Parent="APPDIR" DefaultDir="include"/>
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="New_Folder" ComponentId="{2AD064CD-A20E-40FD-9233-CF8732C8F54D}" Directory_="New_Folder_2_DIR" Attributes="0"/>
     <ROW Component="awhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="awhttpd.exe" FullKeyPath="APPDIR\awhttpd.exe"/>
     <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
     <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
@@ -30,11 +34,13 @@
     <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
     <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
+    <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
     <ROW Component="crypto_2600des.gif" ComponentId="{7C3C3A24-4053-4A9D-B040-FA671C2FA638}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
+    <ROW Component="test_cgi.php" ComponentId="{9025188F-8BED-4459-86EF-74C28A3B9301}" Directory_="New_Folder_1_DIR" Attributes="0" KeyPath="test_cgi.php" FullKeyPath="APPDIR\www\test_dir"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico bigint.h test_cgi.php New_Folder"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
@@ -47,9 +53,9 @@
     <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.lib" SelfReg="false" Sequence="7"/>
     <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.static.lib" SelfReg="false" Sequence="8"/>
     <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtlsj.dll" SelfReg="false" Sequence="9"/>
-    <ROW File="bigint.h" Component_="axtls.jar" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="25"/>
-    <ROW File="bigint_impl.h" Component_="axtls.jar" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="22"/>
-    <ROW File="crypto.h" Component_="axtls.jar" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="23"/>
+    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="25"/>
+    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="22"/>
+    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="23"/>
     <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="10"/>
     <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="11"/>
     <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="12"/>
@@ -59,10 +65,14 @@
     <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="16"/>
     <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="17"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\favicon.ico" SelfReg="false" Sequence="19"/>
+    <ROW File="health.sh" Component_="test_cgi.php" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="28"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\index.html" SelfReg="false" Sequence="20"/>
     <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="18"/>
-    <ROW File="ssl.h" Component_="axtls.jar" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="21"/>
-    <ROW File="tls1.h" Component_="axtls.jar" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="24"/>
+    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="26"/>
+    <ROW File="some_text.txt" Component_="test_cgi.php" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="29"/>
+    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="21"/>
+    <ROW File="test_cgi.php" Component_="test_cgi.php" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="27"/>
+    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="24"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
     <ROW Path="&lt;ui.ail&gt;"/>
@@ -91,6 +101,9 @@
     <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
     <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
   </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
+    <ROW Directory_="New_Folder_2_DIR" Component_="New_Folder"/>
+  </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
     <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>

From 0a18ed7e9e3258cf5ece8c66f43d2435b88b7b27 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 Jul 2006 01:04:38 +0000
Subject: [PATCH 013/301] removed tmp

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@19 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/test_dir/tmp | 1 -
 1 file changed, 1 deletion(-)
 delete mode 120000 www/test_dir/tmp

diff --git a/www/test_dir/tmp b/www/test_dir/tmp
deleted file mode 120000
index cad2309100..0000000000
--- a/www/test_dir/tmp
+++ /dev/null
@@ -1 +0,0 @@
-/tmp
\ No newline at end of file

From 5915029090f40bc7fbd1d2969d1e116c2655f811 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 12 Jul 2006 08:57:34 +0000
Subject: [PATCH 014/301] health.sh tweak

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@21 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/test_dir/health.sh | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
index 4a4cdfb417..f63013b14d 100755
--- a/www/test_dir/health.sh
+++ b/www/test_dir/health.sh
@@ -3,19 +3,13 @@
 echo "Content-type: text/html"
 echo
 
-echo "<HTML>"
-echo "<TITLE>System Health</TITLE><BODY>"
+echo "<HTML><TITLE>System Health</TITLE><BODY>"
 
 echo "<H1>System Health for '`hostname`'</H1>"
-echo "<H2>Processes</H2>"
-echo "<TABLE BORDEr=\"2\">"
+echo "<H2>Processes</H2><TABLE BORDER=\"2\">"
 ps -ef | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</TABLE>"
 
-echo "<H2>Free FileSystem Space</H2>"
-echo "<TABLE border=\"2\">"
+echo "</TABLE><H2>Free FileSystem Space</H2>"
+echo "<TABLE BORDER=\"2\">"
 df -h . | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</TABLE>"
-
-echo "</BODY></HTML>"
-
+echo "</TABLE></BODY></HTML>"

From 8578256d9ffac69b95da4c401314bc57ba7224c2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 16 Jul 2006 10:48:14 +0000
Subject: [PATCH 015/301] added a better installer

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@22 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                |  46 ++++++++-----
 README                  |  16 ++---
 bindings/java/Makefile  |  12 ++--
 bindings/perl/Makefile  |  24 +++----
 config/Config.in        |   8 ++-
 config/makefile.conf    |   5 +-
 httpd/Config.in         |   7 +-
 httpd/Makefile          |  14 ++--
 samples/c/Makefile      |  19 +++---
 samples/csharp/Makefile |   2 +-
 samples/java/Makefile   |   6 +-
 samples/perl/Makefile   |   4 +-
 samples/vbnet/Makefile  |   2 +-
 ssl/Makefile            |  22 +++---
 ssl/test/Makefile       |  24 +++----
 ssl/test/perf_bigint.c  |   8 +--
 ssl/test/ssltest.c      | 144 ++++++++++++++++++++--------------------
 ssl/test/test_axssl.sh  |  57 ++++++++++------
 www/test_dir/health.sh  |  15 ++---
 19 files changed, 238 insertions(+), 197 deletions(-)

diff --git a/Makefile b/Makefile
index c1efd9e503..ff4f43f020 100644
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ else
 all: target
 endif
 
-target : $(TARGET)
+target : $(STAGE) $(TARGET)
 
 include config/makefile.conf
 
@@ -45,11 +45,18 @@ ifdef CONFIG_SAMPLES
 	$(MAKE) -C samples
 endif
 
+$(STAGE) :
+	@mkdir -p $(STAGE)
+
+$(PREFIX) :
+	@mkdir -p $(PREFIX)/lib
+	@mkdir -p $(PREFIX)/bin
+
 release:
 	$(MAKE) -C config/scripts/config clean
 	-$(MAKE) clean
-	-@rm config/.* config/config.h
-	-@rm config/*.msi config/*.back.aip
+	-@rm config/*.msi config/*.back.aip config/config.h config/.config*
+	@rm -fr $(STAGE)
 	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
 
 docs:
@@ -59,20 +66,21 @@ docs:
 win32_demo:
 	-@rm -fr ../axTLS.release_test > /dev/null 2>&1
 	$(MAKE) win32releaseconf
-	cd ../; zip $(RELEASE).zip \
-        ./axTLS/awhttpd.exe \
-        ./axTLS/axssl.exe \
-        ./axTLS/axtls.dll \
-        ./axTLS/axtls.lib \
-        ./axTLS/axtls.static.lib \
-        ./axTLS/axtlsj.dll \
-        ./axTLS/axssl.csharp.exe \
-        ./axTLS/axssl.vbnet.exe \
-        ./axTLS/axtls.jar \
-        ./axTLS/www/* \
-        ./axTLS/www/crypto_files/* \
-        ./axTLS/www/test_dir/*; \
-    unzip -d axTLS.release_test $(RELEASE).zip; cd -;
+
+install: $(PREFIX) all
+	install -m 755 $(STAGE)/libax* $(PREFIX)/lib
+	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin
+	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
+	-install -m 755 $(STAGE)/awhttpd* $(PREFIX)/bin
+
+installclean:
+	-@rm $(PREFIX)/lib/libax*
+	-@rm $(PREFIX)/bin/ax*
+	-@rm $(PREFIX)/bin/awhttpd*
+	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm
+
+test:
+	cd $(STAGE); ssltest; ../ssl/test/test_axssl.sh; cd -;
 
 # tidy up things
 clean::
@@ -132,3 +140,7 @@ win32releaseconf: config/scripts/config/conf
 	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
 	$(MAKE)
 
+# The special debian release configuration
+debianconf: config/scripts/config/conf
+	@./config/scripts/config/conf -D config/debianconfig $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
diff --git a/README b/README
index ead37bb977..1ca2020094 100644
--- a/README
+++ b/README
@@ -33,7 +33,7 @@ Select your platform type, save the configuration, exit, and then
 type "make" again.
 
 If all goes well, you should end up with an executable called "awhttpd" (or
-awhttpd.exe) in this directory.
+awhttpd.exe) in the _stage directory.
 
 To play with all the various axTLS options, type:
 
@@ -45,7 +45,7 @@ Save the new configuration and rebuild.
 # Running it
 ########################################################################
 
-To run it, type (as superuser):
+To run it, go to the _stage directory, and type (as superuser):
 
 > awhttpd
 
@@ -64,8 +64,6 @@ to see the same page unencrypted.
 See the README in the httpd directory from more configuration information on
 Anti-Web.
 
-Note: libaxtls.so may have to in your shared library path.
-
 ########################################################################
 # The axssl utilities
 ########################################################################
@@ -82,12 +80,12 @@ axssl.pl        - Perl sample
 All the tools have identical command-line parameters. e.g. to run something
 interesting:
 
-> axssl s_server -verify -CAfile ssl/test/axTLS.ca_x509
+> axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509
 
 and
 
-> axssl s_client -cert ssl/test/axTLS.x509_1024 -key \
-  ssl/test/axTLS.key_1024 -reconnect
+> axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key \
+  ../ssl/test/axTLS.key_1024 -reconnect
 
 C#
 ==
@@ -152,7 +150,7 @@ Solaris issues
 
 Cygwin issues
 =============
-* The bindings all compile but don't run under cygwin with the exception of
-  Perl. This is due to win32 executables being incompatible with cygwin 
+* The bindings all compile but don't run under Cygwin with the exception of
+  Perl. This is due to win32 executables being incompatible with Cygwin 
   libraries.
 
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
index a81d8811f6..7e69aef521 100644
--- a/bindings/java/Makefile
+++ b/bindings/java/Makefile
@@ -22,12 +22,12 @@ include ../../config/makefile.java.conf
 
 all: lib jar
 
-JAR=../../axtls.jar
+JAR=../../$(STAGE)/axtls.jar
 
 ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../axtlsj.dll
+TARGET=../../$(STAGE)/axtlsj.dll
 else
-TARGET=../../libaxtlsj.so
+TARGET=../../$(STAGE)/libaxtlsj.so
 endif
 
 lib: $(TARGET)
@@ -54,7 +54,7 @@ JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
 ifdef CONFIG_PLATFORM_WIN32
 CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
 CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
-LDFLAGS += axtls.lib /libpath:"../../"
+LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
 
 include ../../config/makefile.post
 
@@ -71,7 +71,7 @@ CFLAGS += -I$(SSL_HOME)
 CFLAGS += -I$(CONFIG_HOME)
 
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../ $(LDSHARED) -o $@ $(OBJ) -laxtls 
+	$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls 
 endif
 
 jar: $(OBJ) $(JAR)
@@ -79,7 +79,7 @@ jar: $(OBJ) $(JAR)
 # if we are doing the samples then defer creating the jar until then
 $(JAR): $(JAVA_CLASSES)
 ifndef CONFIG_JAVA_SAMPLES
-	jar cvf $@ -C classes .
+	jar cvf $@ -C classes axTLSj
 else
 	@if [ ! -f $(JAR) ]; then touch $(JAR); fi
 endif
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
index 99b6e4d249..b1943a4764 100644
--- a/bindings/perl/Makefile
+++ b/bindings/perl/Makefile
@@ -22,9 +22,9 @@ include ../../config/makefile.conf
 all: lib
 
 ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../axtlsp.dll
+TARGET=../../$(STAGE)/axtlsp.dll
 else
-TARGET=../../libaxtlsp.so
+TARGET=../../$(STAGE)/libaxtlsp.so
 endif
 
 ifneq ($(MAKECMDGOALS), clean)
@@ -46,13 +46,13 @@ test_perl:
 endif
 
 lib: $(TARGET)
-AXOLOTLS_HOME=../..
-SSL_HOME=$(AXOLOTLS_HOME)/ssl
-CONFIG_HOME=$(AXOLOTLS_HOME)/config
+AXTLS_HOME=../..
+SSL_HOME=$(AXTLS_HOME)/ssl
+CONFIG_HOME=$(AXTLS_HOME)/config
 OBJ:=axTLSp_wrap.o
 include ../../config/makefile.post
 
-ifndef CONFIG_PLATFORM_WIN32
+ifndef CONFIG_PLATFORM_WIN32        # Linux/Unix/Cygwin
 
 #
 # Could have used libperl.a, but it increases the library to over 1MB, so just
@@ -60,22 +60,22 @@ ifndef CONFIG_PLATFORM_WIN32
 # work.
 #
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../ -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
+	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
 ifdef CONFIG_PLATFORM_CYGWIN
-	cd ../../; ln -sf $(notdir $@) axtlsp.dll
+	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll
 endif
-	@install axtlsp.pm ../../
+	@install axtlsp.pm ../../$(STAGE)
 
 CFLAGS += -D__USE_GNU -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
 else
 CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
 CFLAGS += /I"$(PERL5_CORE)"
-LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../"
+LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)"
 
 $(TARGET) : $(OBJ)
 	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
-	@install axtlsp.pm ../../
+	install axtlsp.pm ../../$(STAGE)
 endif # WIN32
 
 clean::
-	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../axtlsp.pm
+	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm
diff --git a/config/Config.in b/config/Config.in
index fea9c0a6d6..e9c3eff1e9 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -29,6 +29,12 @@ endchoice
 
 menu "General Configuration"
 
+config PREFIX
+    string "axTLS installation prefix"
+    default "/usr/local"
+    help
+      Define your directory to install axTLS files/subdirs in.
+
 config CONFIG_DEBUG
     bool "Build axTLS with Debugging symbols"
     default n
@@ -47,7 +53,7 @@ depends on CONFIG_PLATFORM_WIN32
 choice 
     prompt "Compiler"
     depends on CONFIG_PLATFORM_WIN32
-    default CONFIG_VISUAL_STUDIO_8_0
+    default CONFIG_VISUAL_STUDIO_7_0
 
 config CONFIG_VISUAL_STUDIO_6_0
     bool "Visual Studio 6.0 (VC98)"
diff --git a/config/makefile.conf b/config/makefile.conf
index c1167e5d84..713d00c59f 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -20,10 +20,13 @@
 # A standard makefile for all makefiles
 #
 
+# All executables and libraries go here
+STAGE=./_stage
+
 ifneq ($(MAKECMDGOALS), clean)
 
 # Give an initial rule
-all:
+all: 
 
 # Win32 
 ifdef CONFIG_PLATFORM_WIN32
diff --git a/httpd/Config.in b/httpd/Config.in
index 6b450f2bee..c9240864dd 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -36,11 +36,12 @@ config CONFIG_STANDARD_AWHTTPD
         
 config CONFIG_HTTP_WEBROOT
     string "Web root location"
-    default "www"
+    default "../www" if !CONFIG_PLATFORM_WIN32
+    default "..\\www" if CONFIG_PLATFORM_WIN32
     depends on !CONFIG_STANDARD_AWHTTPD
     help
-        The location of the web root. This is the directory where 
-        index.html lives.
+        The location of the web root in relation to awhttpd. This is 
+        the directory where index.html lives.
 
 config CONFIG_HTTP_PORT
     int "HTTP port"
diff --git a/httpd/Makefile b/httpd/Makefile
index 66e2908bd9..3b8f4b0895 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -24,26 +24,26 @@ include ../config/makefile.conf
 ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../awhttpd.exe
+TARGET=../$(STAGE)/awhttpd.exe
 else
-TARGET=../awhttpd
+TARGET=../$(STAGE)/awhttpd
 endif
 
 ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../libaxtls.a
+LIBS=../$(STAGE)/libaxtls.a
 else
-LIBS=-L../ -laxtls
+LIBS=-L../$(STAGE) -laxtls
 endif
 
 CFLAGS += -I../ssl
 
 else # win32 build
-TARGET=../awhttpd.exe
+TARGET=../$(STAGE)/awhttpd.exe
 
 ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../axtls.static.lib ..\config\axtls.res
+LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
 else
-LIBS=../axtls.lib ..\config\axtls.res
+LIBS=../$(STAGE)/axtls.lib ..\\config\\axtls.res
 endif
 endif
 
diff --git a/samples/c/Makefile b/samples/c/Makefile
index 656b8cb6cd..95a3381cf1 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -24,16 +24,15 @@ include ../../config/makefile.conf
 ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../../axssl.exe
+TARGET=../../$(STAGE)/axssl.exe
 else
-TARGET=../../axssl
+TARGET=../../$(STAGE)/axssl
 endif   # cygwin
 
-LIBS=../../libaxtls.a
+LIBS=../../$(STAGE)
 CFLAGS += -I../../ssl -I../../config
 else
-TARGET=../../axssl.exe
-LIBS=../../axtls.lib
+TARGET=../../$(STAGE)/axssl.exe
 CFLAGS += /I"..\..\ssl" /I"..\..\config"
 endif
 
@@ -47,8 +46,8 @@ include ../../config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32
 
-$(TARGET): $(OBJ) $(LIBS)
-	$(LD) $(LDFLAGS) -o $@ $^
+$(TARGET): $(OBJ) 
+	$(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls 
 ifndef CONFIG_DEBUG
 ifndef CONFIG_PLATFORM_SOLARIS
 	strip --remove-section=.comment $(TARGET)
@@ -56,12 +55,12 @@ endif   # SOLARIS
 endif   # CONFIG_DEBUG
 else    # Win32
 
-$(TARGET): $(OBJ) $(LIBS)
-	$(LD) $(LDFLAGS) ..\..\config\axtls.res /out:$@ $^
+$(TARGET): $(OBJ)
+	$(LD) $(LDFLAGS) ..\\..\\config\\axtls.res /out:$@ $^ /libpath:"../../$(STAGE)" axtls.lib
 endif
 
 endif    # CONFIG_C_SAMPLES
 
 clean::
-	-@rm -f ../../axssl*
+	-@rm -f ../../$(STAGE)/axssl*
 
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
index 8e299fd749..d30b37c263 100644
--- a/samples/csharp/Makefile
+++ b/samples/csharp/Makefile
@@ -21,7 +21,7 @@ include ../../config/makefile.conf
 include ../../config/makefile.dotnet.conf
 
 all : sample
-TARGET=../../axssl.csharp.exe
+TARGET=../../$(STAGE)/axssl.csharp.exe
 sample : $(TARGET)
 
 $(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs 
diff --git a/samples/java/Makefile b/samples/java/Makefile
index 0bedf52218..e8b8351023 100644
--- a/samples/java/Makefile
+++ b/samples/java/Makefile
@@ -21,14 +21,14 @@ include ../../config/makefile.conf
 include ../../config/makefile.java.conf
 
 all : sample
-JAR=../../axtls.jar
+JAR=../../$(STAGE)/axtls.jar
 CLASSES=../../bindings/java/classes
 sample : $(JAR)
 
 $(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
-	jar mcvf manifest.mf $@ -C $(CLASSES) .
+	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
 
-JAVA_FILES= axssl.java
+JAVA_FILES=axssl.java
 JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
 
 $(CLASSES)/%.class : %.java
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
index da910f9b76..0599196c40 100644
--- a/samples/perl/Makefile
+++ b/samples/perl/Makefile
@@ -20,11 +20,11 @@ include ../../config/.config
 include ../../config/makefile.conf
 
 all: samples
-TARGET=../../axssl.pl
+TARGET=../../$(STAGE)/axssl.pl
 samples: $(TARGET)
 
 $(TARGET): axssl.pl
-	@cd ../../; ln -sf samples/perl/axssl.pl axssl.pl
+	install $< $@
 
 clean::
 	-@rm -f $(TARGET)
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
index dab5f9599c..9f9adc66c1 100644
--- a/samples/vbnet/Makefile
+++ b/samples/vbnet/Makefile
@@ -23,7 +23,7 @@ include ../../config/makefile.dotnet.conf
 # only build on Win32 platforms
 ifdef GO_DOT_NET
 all : sample
-TARGET=../../axssl.vbnet.exe
+TARGET=../../$(STAGE)/axssl.vbnet.exe
 sample : $(TARGET)
 
 $(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
diff --git a/ssl/Makefile b/ssl/Makefile
index ab4db3d9d5..14d50ac93a 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -29,12 +29,17 @@ endif
 endif
 
 ifndef CONFIG_PLATFORM_WIN32
-TARGET1=../libaxtls.a
-TARGET2=../libaxtls.so
+TARGET1=../$(STAGE)/libaxtls.a
+BASETARGET=libaxtls.so
+TARGET2=../$(STAGE)/$(BASETARGET)
+
+# shared library major/minor numbers
+LIBMAJOR=$(BASETARGET).1
+LIBMINOR=$(BASETARGET).1.0
 else
-TARGET1=../axtls.lib
-TARGET2=../axtls.dll
-STATIC_LIB=../axtls.static.lib
+TARGET1=axtls.lib
+TARGET2=../$(STAGE)/axtls.dll
+STATIC_LIB=../$(STAGE)/axtls.static.lib
 endif
 
 libs: $(TARGET1) $(TARGET2)
@@ -61,13 +66,14 @@ endif
 
 include ../config/makefile.post
 
-ifndef CONFIG_PLATFORM_WIN32
+ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
 
 $(TARGET1) : $(OBJ)
 	$(AR) -r $@ $(OBJ)
 
 $(TARGET2) : $(OBJ)
-	$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $(OBJ)
+	$(LD) $(LDFLAGS) -Wl,-soname,$(LIBMAJOR) $(LDSHARED) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
+	cd ../$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
 
 else  # Win32
 
@@ -82,5 +88,5 @@ endif
 
 clean::
 	$(MAKE) -C test clean
-	-@rm -f *.pch ../*.so ../*.a ../*.dll ../*.lib ../*.exp ../*.pdb ../*.ilk
+	-@rm -f ../$(STAGE)/*.pch ../$(STAGE)/*.so* ../$(STAGE)/*.a ../$(STAGE)/*.dll ../$(STAGE)/*.lib ../$(STAGE)/*.exp ../$(STAGE)/*.pdb ../$(STAGE)/*.ilk
 
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index d8f9474511..23fcaf3bb6 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -30,19 +30,19 @@ all: ssltesting
 endif
 
 ifndef CONFIG_PLATFORM_WIN32
-performance: ../../perf_bigint
-ssltesting: ../../ssltest
-LIBS=../../libaxtls.a
+performance: ../../$(STAGE)/perf_bigint
+ssltesting: ../../$(STAGE)/ssltest
+LIBS=../../$(STAGE)
 CFLAGS += -I../../ssl -I../../config
 
-../../perf_bigint: perf_bigint.o $(LIBS)
-	$(CC) $(LDFLAGS) -o $@ $^
+../../$(STAGE)/perf_bigint: perf_bigint.o
+	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
 
-../../ssltest: ssltest.o $(LIBS)
-	$(CC) $(LDFLAGS) -o $@ -lpthread $^
+../../$(STAGE)/ssltest: ssltest.o
+	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
 else
-performance: ../../perf_bigint.exe
-ssltesting: ../../ssltest.exe
+performance: ../../$(STAGE)/perf_bigint.exe
+ssltesting: ../../$(STAGE)/ssltest.exe
 CFLAGS += /I".." /I"../../config"
 
 %.obj : %.c
@@ -52,14 +52,14 @@ OBJLIST=..\aes.obj ..\asn1.obj ..\bigint.obj ..\crypto_misc.obj ..\hmac.obj \
         ..\md5.obj ..\loader.obj ..\p12.obj ..\os_port.obj ..\rc4.obj \
         ..\rsa.obj ..\sha1.obj ..\tls1.obj ..\tls1_clnt.obj ..\tls1_svr.obj
 
-../../perf_bigint.exe: perf_bigint.obj $(OBJLIST)
+../../$(STAGE)/perf_bigint.exe: perf_bigint.obj $(OBJLIST)
 	$(LD) $(LDFLAGS) /out:$@ $^
 
-../../ssltest.exe: ssltest.obj $(OBJLIST)
+../../$(STAGE)/ssltest.exe: ssltest.obj $(OBJLIST)
 	$(LD) $(LDFLAGS) /out:$@ $^
 endif
 
 clean::
-	-@rm -f ../../perf_bigint* ../../ssltest*
+	-@rm -f ../../$(STAGE)/perf_bigint* ../../$(STAGE)/ssltest*
 
 include ../../config/makefile.post
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index 0bd1e9f8b9..4fc77fecbd 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -52,7 +52,7 @@ int main(int argc, char *argv[])
     plaintext = /* 64 byte number */
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
-    len = get_file("ssl/test/axTLS.key_512", &buf);
+    len = get_file("../ssl/test/axTLS.key_512", &buf);
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -89,7 +89,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
-    len = get_file("ssl/test/axTLS.key_1024", &buf);
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -128,7 +128,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
-    len = get_file("ssl/test/axTLS.key_2048", &buf);
+    len = get_file("../ssl/test/axTLS.key_2048", &buf);
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -170,7 +170,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
-    len = get_file("ssl/test/axTLS.key_4096", &buf);
+    len = get_file("../ssl/test/axTLS.key_4096", &buf);
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index aec29106c5..21cb63c13d 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -39,8 +39,8 @@
 
 #include "ssl.h"
 
-#define DEFAULT_CERT            "ssl/test/axTLS.x509_512.cer"
-#define DEFAULT_KEY             "ssl/test/axTLS.key_512"     
+#define DEFAULT_CERT            "../ssl/test/axTLS.x509_512.cer"
+#define DEFAULT_KEY             "../ssl/test/axTLS.key_512"     
 //#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
 #define DEFAULT_SVR_OPTION      0
 #define DEFAULT_CLNT_OPTION     0
@@ -481,7 +481,7 @@ static int RSA_test(void)
     uint8_t *buf;
 
     /* extract the private key elements */
-    len = get_file("ssl/test/axTLS.key_1024", &buf);
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
     if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
     {
         goto end;
@@ -535,7 +535,7 @@ static int cert_tests(void)
 
     /* check a bunch of 3rd party certificates */
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("ssl/test/microsoft.x509_ca", &buf);
+    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
     {
         printf("Cert #1\n");
@@ -547,7 +547,7 @@ static int cert_tests(void)
     free(buf);
 
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("ssl/test/thawte.x509_ca", &buf);
+    len = get_file("../ssl/test/thawte.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
     {
         printf("Cert #2\n");
@@ -559,7 +559,7 @@ static int cert_tests(void)
     free(buf);
 
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("ssl/test/deutsche_telecom.x509_ca", &buf);
+    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
     {
         printf("Cert #3\n");
@@ -571,7 +571,7 @@ static int cert_tests(void)
     free(buf);
 
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("ssl/test/equifax.x509_ca", &buf);
+    len = get_file("../ssl/test/equifax.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
     {
         printf("Cert #4\n");
@@ -584,7 +584,7 @@ static int cert_tests(void)
 
     /* Verisign use MD2 which is not supported */
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("ssl/test/verisign.x509_ca", &buf);
+    len = get_file("../ssl/test/verisign.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
                                     X509_VFY_ERROR_UNSUPPORTED_DIGEST)
     {
@@ -596,7 +596,7 @@ static int cert_tests(void)
     ssl_ctx_free(ssl_ctx);
     free(buf);
 
-    if (get_file("ssl/test/verisign.x509_my_cert", &buf) < 0 ||
+    if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
                                     x509_new(buf, &len, &x509_ctx))
     {
         printf("Cert #6\n");
@@ -918,8 +918,8 @@ int SSL_server_tests(void)
      * 512 bit RSA key 
      */
     if ((ret = SSL_server_test(NULL, "512 bit key", "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_512.cer", NULL, 
-                    "ssl/test/axTLS.key_512",
+                    "../ssl/test/axTLS.x509_512.cer", NULL, 
+                    "../ssl/test/axTLS.key_512",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -928,9 +928,9 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "1024 bit key", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_device.cer", 
-                    "ssl/test/axTLS.x509_512.cer", 
-                    "ssl/test/axTLS.device_key",
+                    "../ssl/test/axTLS.x509_device.cer", 
+                    "../ssl/test/axTLS.x509_512.cer", 
+                    "../ssl/test/axTLS.device_key",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -939,8 +939,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "2048 bit key", 
                     "-cipher RC4-SHA",
-                    "ssl/test/axTLS.x509_2048.cer", NULL, 
-                    "ssl/test/axTLS.key_2048",
+                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "../ssl/test/axTLS.key_2048",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -949,8 +949,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "4096 bit key", 
                     "-cipher RC4-SHA",
-                    "ssl/test/axTLS.x509_4096.cer", NULL, 
-                    "ssl/test/axTLS.key_4096",
+                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "../ssl/test/axTLS.key_4096",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -959,22 +959,22 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "Client Verification", 
                     "-cipher RC4-SHA -tls1 "
-                    "-cert ssl/test/axTLS.x509_2048.pem "
-                    "-key ssl/test/axTLS.key_2048.pem ",
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
                     NULL, NULL, NULL, 
-                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
         goto cleanup;
 
     /* this test should fail */
-    if (stat("ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
     {
         if ((ret = SSL_server_test(NULL, "Bad Before Cert", 
                     "-cipher RC4-SHA -tls1 "
-                    "-cert ssl/test/axTLS.x509_bad_before.pem "
-                    "-key ssl/test/axTLS.key_512.pem ",
+                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
                     NULL, NULL, NULL, 
-                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
             goto cleanup;
@@ -987,10 +987,10 @@ int SSL_server_tests(void)
     /* this test should fail */
     if ((ret = SSL_server_test(NULL, "Bad After Cert", 
                     "-cipher RC4-SHA -tls1 "
-                    "-cert ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ssl/test/axTLS.key_512.pem ",
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
                     NULL, NULL, NULL, 
-                    "ssl/test/axTLS.ca_x509.cer", NULL,
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
         goto cleanup;
@@ -1000,8 +1000,8 @@ int SSL_server_tests(void)
 
     /* this test should fail */
     if ((ret = SSL_server_test(NULL, "Bogus cert", "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_crud.cer", NULL,
-                    "ssl/test/axTLS.key_512", NULL,
+                    "../ssl/test/axTLS.x509_crud.cer", NULL,
+                    "../ssl/test/axTLS.key_512", NULL,
                     NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
         goto cleanup;
 
@@ -1011,8 +1011,8 @@ int SSL_server_tests(void)
     /* this test should fail */
     if ((ret = SSL_server_test(NULL, "Bogus private key",
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_device.cer", NULL,
-                    "ssl/test/axTLS.crud", NULL,
+                    "../ssl/test/axTLS.x509_device.cer", NULL,
+                    "../ssl/test/axTLS.crud", NULL,
                     NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
         goto cleanup;
 
@@ -1024,8 +1024,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "Key in PEM format",
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_512.cer", NULL, 
-                    "ssl/test/axTLS.key_512.pem", NULL,
+                    "../ssl/test/axTLS.x509_512.cer", NULL, 
+                    "../ssl/test/axTLS.key_512.pem", NULL,
                     NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1034,8 +1034,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "Cert in PEM format", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_512.pem", NULL, 
-                    "ssl/test/axTLS.key_512.pem", NULL,
+                    "../ssl/test/axTLS.x509_512.pem", NULL, 
+                    "../ssl/test/axTLS.key_512.pem", NULL,
                     NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1044,8 +1044,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "Cert chain in PEM format", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_device.pem", 
-                    NULL, "ssl/test/axTLS.device_key.pem",
+                    "../ssl/test/axTLS.x509_device.pem", 
+                    NULL, "../ssl/test/axTLS.device_key.pem",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1054,8 +1054,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "AES128 encrypted key", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "ssl/test/axTLS.key_aes128.pem",
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
                     NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1064,8 +1064,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "AES256 encrypted key", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_aes256.pem", NULL, 
-                    "ssl/test/axTLS.key_aes256.pem",
+                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes256.pem",
                     NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1074,8 +1074,8 @@ int SSL_server_tests(void)
      */
     if ((ret = SSL_server_test(NULL, "AES128 encrypted invalid key", 
                     "-cipher RC4-SHA", 
-                    "ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "ssl/test/axTLS.key_aes128.pem",
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
                     NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
         goto cleanup;
 
@@ -1086,7 +1086,7 @@ int SSL_server_tests(void)
      * PKCS 8 key (encrypted)
      */
     if ((ret = SSL_server_test(NULL, "pkcs 8 encrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "ssl/test/axTLS.encrypted.p8", NULL, "abcd",
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", NULL, "abcd",
                 DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1094,7 +1094,7 @@ int SSL_server_tests(void)
      * PKCS 8 key (unencrypted)
      */
     if ((ret = SSL_server_test(NULL, "pkcs 8 unencrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "ssl/test/axTLS.unencrypted.p8", NULL, NULL,
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", NULL, NULL,
                 DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1102,12 +1102,12 @@ int SSL_server_tests(void)
      * PKCS 12 key/certificate
      */
     if ((ret = SSL_server_test(NULL, "pkcs 12 no CA", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "ssl/test/axTLS.withoutCA.p12", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
     if ((ret = SSL_server_test(NULL, "pkcs 12 with CA", "-cipher RC4-SHA", 
-                NULL, NULL, "ssl/test/axTLS.withCA.p12", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1242,7 +1242,7 @@ static int SSL_client_test(
     }
 
     if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
-                                        "ssl/test/axTLS.ca_x509.cer", NULL))
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
     {
         printf("could not add cert auth\n");
         TTY_FLUSH();
@@ -1343,8 +1343,8 @@ int SSL_client_tests(void)
    
     if ((ret = SSL_client_test("512 bit key", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_512.pem "
-                    "-key ssl/test/axTLS.key_512.pem", &sess_resume, 
+                    "-cert ../ssl/test/axTLS.x509_512.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", &sess_resume, 
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
@@ -1370,50 +1370,50 @@ int SSL_client_tests(void)
 
     if ((ret = SSL_client_test("1024 bit key", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_1024.pem "
-                    "-key ssl/test/axTLS.key_1024.pem", NULL,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
     if ((ret = SSL_client_test("2048 bit key", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_2048.pem "
-                    "-key ssl/test/axTLS.key_2048.pem",  NULL,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
     if ((ret = SSL_client_test("4096 bit key", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_4096.pem "
-                    "-key ssl/test/axTLS.key_4096.pem", NULL,
+                    "-cert ../ssl/test/axTLS.x509_4096.pem "
+                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
     if ((ret = SSL_client_test("Server cert chaining", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_device.pem "
-                    "-key ssl/test/axTLS.device_key.pem "
-                    "-CAfile ssl/test/axTLS.x509_512.pem", NULL,
+                    "-cert ../ssl/test/axTLS.x509_device.pem "
+                    "-key ../ssl/test/axTLS.device_key.pem "
+                    "-CAfile ../ssl/test/axTLS.x509_512.pem", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
     /* Check the server can verify the client */
     if ((ret = SSL_client_test("Client peer authentication",
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_2048.pem "
-                    "-key ssl/test/axTLS.key_2048.pem "
-                    "-CAfile ssl/test/axTLS.ca_x509.pem "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
                     "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
-                    "ssl/test/axTLS.key_1024", NULL,
-                    "ssl/test/axTLS.x509_1024.cer")))
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
         goto cleanup;
 
     /* Should get an "ERROR" from openssl (as the handshake fails as soon as
      * the certificate verification fails) */
     if ((ret = SSL_client_test("Expired cert (verify now) should fail!",
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ssl/test/axTLS.key_512.pem", NULL,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
                             SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
     {
@@ -1427,8 +1427,8 @@ int SSL_client_tests(void)
     /* There is no "ERROR" from openssl */
     if ((ret = SSL_client_test("Expired cert (verify later) should fail!", 
                     &ssl_ctx,
-                    "-cert ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ssl/test/axTLS.key_512.pem", NULL,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
                     DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
                     NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
     {
@@ -1683,17 +1683,17 @@ int main(int argc, char *argv[])
         goto cleanup;
     TTY_FLUSH();
 
-    system("sh ssl/test/killopenssl.sh");
+    system("sh ../ssl/test/killopenssl.sh");
 
     if (SSL_client_tests())
         goto cleanup;
 
-    system("sh ssl/test/killopenssl.sh");
+    system("sh ../ssl/test/killopenssl.sh");
 
     if (SSL_server_tests())
         goto cleanup;
 
-    system("sh ssl/test/killopenssl.sh");
+    system("sh ../ssl/test/killopenssl.sh");
 
 #if 0
     if (multi_thread_test())
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 01ede465f9..7a7003365e 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -19,31 +19,41 @@
 #
 
 #
-# Test the various axssl bindings
+# Test the various axssl bindings. To run it, got to the _install directory
+# and run this script from there.
 #
 
-if  [ `uname -s` == "Linux" ]; then
-#    JAVA_BIN=/usr/local/jdk142/bin
-    JAVA_BIN=/usr/lib/java/bin
-    KILL_AXSSL="killall axssl"
-    KILL_CSHARP="killall mono"
-    KILL_PERL="killall /usr/bin/perl"
-    RUN_CSHARP="mono"
-    KILL_JAVA="killall $JAVA_BIN/java"
-else
+if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
     JAVA_BIN="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin"
+    PERL_BIN="/cygdrive/c/Perl/bin/perl"
     KILL_AXSSL="kill %1"
     KILL_CSHARP="kill %1"
     KILL_PERL="kill %1"
     KILL_JAVA="kill %1"
+else
+    if grep "CONFIG_PLATFORM_CYGWIN=y" "../config/.config"  > /dev/null; then
+        # no .net or java on cygwin
+        PERL_BIN=/usr/bin/perl
+        KILL_AXSSL="killall axssl"
+        KILL_PERL="killall /usr/bin/perl"
+    else     # Linux
+        JAVA_BIN=/usr/lib/java/bin
+        PERL_BIN=/usr/bin/perl
+        KILL_AXSSL="killall axssl"
+        KILL_CSHARP="killall mono"
+        KILL_PERL="killall /usr/bin/perl"
+        RUN_CSHARP="mono"
+        KILL_JAVA="killall $JAVA_BIN/java"
+    fi
 fi
 
-SERVER_ARGS="s_server -accept 15001 -verify -CAfile ./ssl/test/axTLS.ca_x509.cer"
-CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile ./ssl/test/axTLS.ca_x509.cer -key ./ssl/test/axTLS.key_1024 -cert ./ssl/test/axTLS.x509_1024.cer"
+BASE=..
+SERVER_ARGS="s_server -accept 15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer"
+CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer -key $BASE/ssl/test/axTLS.key_1024 -cert $BASE/ssl/test/axTLS.x509_1024.cer"
 
 # check pem arguments
-SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key ./ssl/test/axTLS.key_aes128.pem -cert ./ssl/test/axTLS.x509_aes128.pem"
-CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile ./ssl/test/axTLS.ca_x509.pem -key ./ssl/test/axTLS.key_1024.pem -cert ./ssl/test/axTLS.x509_1024.pem"
+SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key $BASE/ssl/test/axTLS.key_aes128.pem -cert $BASE/ssl/test/axTLS.x509_aes128.pem"
+CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile $BASE/ssl/test/axTLS.ca_x509.pem -key $BASE/ssl/test/axTLS.key_1024.pem -cert $BASE/ssl/test/axTLS.x509_1024.pem"
 
 export LD_LIBRARY_PATH=.:`perl -e 'use Config; print $Config{archlib};'`/CORE
 
@@ -57,7 +67,8 @@ sleep 1
 ./axssl $SERVER_PEM_ARGS &
 echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS
 $KILL_AXSSL
-sleep 1
+sleep 2
+echo "### C tests complete"
 fi
 
 if [ -f ./axtls.jar ]; then
@@ -71,6 +82,8 @@ sleep 1
 echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
 $KILL_JAVA
 sleep 1
+
+echo "### Java tests complete"
 fi
 
 if [ -x ./axssl.csharp.exe ]; then
@@ -86,6 +99,8 @@ echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS
 sleep 1
 $KILL_CSHARP
 sleep 1
+
+echo "### C# tests complete"
 fi
 
 if [ -x ./axssl.vbnet.exe ]; then
@@ -101,17 +116,21 @@ sleep 1
 echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS
 kill %1
 sleep 1
+echo "### VB.NET tests complete"
 fi
 
 if [ -f ./axssl.pl ]; then
 echo "########################## PERL SAMPLE ###########################"
-./axssl.pl $SERVER_ARGS &
-echo "Perl Test passed" | ./axssl.pl $CLIENT_ARGS
+"$PERL_BIN" ./axssl.pl $SERVER_ARGS &
+echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_ARGS
 $KILL_PERL
 sleep 1
 
-./axssl.pl $SERVER_PEM_ARGS &
-echo "Perl Test passed" | ./axssl.pl $CLIENT_PEM_ARGS
+"$PERL_BIN" ./axssl.pl $SERVER_PEM_ARGS &
+echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_PEM_ARGS
 $KILL_PERL
 sleep 1
+echo "### Perl tests complete"
 fi
+
+echo "########################## ALL TESTS COMPLETE ###########################"
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
index f63013b14d..0784c7e3a8 100755
--- a/www/test_dir/health.sh
+++ b/www/test_dir/health.sh
@@ -2,14 +2,11 @@
 
 echo "Content-type: text/html"
 echo
-
-echo "<HTML><TITLE>System Health</TITLE><BODY>"
-
-echo "<H1>System Health for '`hostname`'</H1>"
-echo "<H2>Processes</H2><TABLE BORDER=\"2\">"
+echo "<html><title>System Health</title><body>"
+echo "<h1>System Health for '`hostname`'</h1>"
+echo "<h2>Processes</h2><table border=\"2\">"
 ps -ef | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-
-echo "</TABLE><H2>Free FileSystem Space</H2>"
-echo "<TABLE BORDER=\"2\">"
+echo "</table><h2>Free FileSystem Space</h2>"
+echo "<table border=\"2\">"
 df -h . | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</TABLE></BODY></HTML>"
+echo "</table></body></html>"

From 3a700442f603f6fccef74f61d33885519c8c35ca Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 23 Jul 2006 12:30:37 +0000
Subject: [PATCH 016/301] Don't display false install errors

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@23 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index ff4f43f020..8183dc0672 100644
--- a/Makefile
+++ b/Makefile
@@ -24,10 +24,10 @@ else
 all: target
 endif
 
-target : $(STAGE) $(TARGET)
-
 include config/makefile.conf
 
+target : $(STAGE) $(TARGET)
+
 # VERSION has to come from the command line
 RELEASE=axTLS-$(VERSION)
 
@@ -68,16 +68,17 @@ win32_demo:
 	$(MAKE) win32releaseconf
 
 install: $(PREFIX) all
-	install -m 755 $(STAGE)/libax* $(PREFIX)/lib
-	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin
-	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
-	-install -m 755 $(STAGE)/awhttpd* $(PREFIX)/bin
+	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
+	chmod 755 $(PREFIX)/lib/libax* 
+	-@install -m 755 $(STAGE)/ax* $(PREFIX)/bin > /dev/null 2>&1
+	-@install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` > /dev/null 2>&1
+	-@install -m 755 $(STAGE)/awhttpd* $(PREFIX)/bin > /dev/null 2>&1
 
 installclean:
-	-@rm $(PREFIX)/lib/libax*
-	-@rm $(PREFIX)/bin/ax*
-	-@rm $(PREFIX)/bin/awhttpd*
-	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm
+	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
+	-@rm $(PREFIX)/bin/ax* > /dev/null 2>&1
+	-@rm $(PREFIX)/bin/awhttpd* > /dev/null 2>&1
+	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm > /dev/null 2>&1
 
 test:
 	cd $(STAGE); ssltest; ../ssl/test/test_axssl.sh; cd -;

From 3b1e1a8e79ca624f105640dc9f35b9ed2d3a8e56 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 23 Jul 2006 12:31:31 +0000
Subject: [PATCH 017/301] Now use 1024 bit key

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@24 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/cert.h             | 76 +++++++++++++++++++++------------------
 ssl/private_key.h      | 80 +++++++++++++++++++++++++++---------------
 ssl/test/make_certs.sh |  8 ++---
 3 files changed, 97 insertions(+), 67 deletions(-)

diff --git a/ssl/cert.h b/ssl/cert.h
index 21697abaa6..972a9e4b5e 100644
--- a/ssl/cert.h
+++ b/ssl/cert.h
@@ -1,37 +1,43 @@
 unsigned char default_certificate[] = {
-  0x30, 0x82, 0x01, 0x92, 0x30, 0x81, 0xfc, 0x02, 0x09, 0x00, 0xf1, 0xc3,
-  0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc2, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34, 0x31,
-  0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61, 0x78,
-  0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x20,
-  0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
-  0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-  0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36, 0x30,
-  0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x33,
-  0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x30,
-  0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d,
-  0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63,
-  0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09,
-  0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x5c, 0x30,
-  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
-  0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xd1, 0x3b,
-  0x30, 0x5f, 0xa9, 0x01, 0x42, 0x3d, 0x86, 0x6d, 0x72, 0xbe, 0x40, 0x6e,
-  0x51, 0xc1, 0x49, 0x7f, 0x57, 0x75, 0xa1, 0x2d, 0x36, 0xe5, 0xc1, 0x3d,
-  0x0f, 0x20, 0x1a, 0xd1, 0x23, 0x6d, 0xfa, 0x74, 0xd2, 0x3e, 0x23, 0xb0,
-  0x70, 0xfc, 0xa0, 0x6a, 0xde, 0xec, 0x41, 0x88, 0x84, 0xfe, 0x54, 0x15,
-  0x6b, 0x61, 0xc5, 0x16, 0x62, 0xb8, 0x93, 0x41, 0xf1, 0x4f, 0x3d, 0xff,
-  0x2e, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81,
-  0x81, 0x00, 0x0a, 0x45, 0x3e, 0x8b, 0xc0, 0x5a, 0xf5, 0xc5, 0xe7, 0x49,
-  0x6f, 0x8a, 0xab, 0xbe, 0x30, 0x7e, 0x13, 0x05, 0x7f, 0xd2, 0x9e, 0x13,
-  0x34, 0xd5, 0xd4, 0x4b, 0xd4, 0xb7, 0xd2, 0xb3, 0x12, 0x16, 0xf4, 0x5a,
-  0xaf, 0xb5, 0x71, 0xbc, 0xb3, 0xf5, 0x96, 0x96, 0x23, 0xf4, 0xf4, 0x75,
-  0x24, 0x64, 0x99, 0x30, 0x6f, 0xc1, 0xea, 0x14, 0x78, 0xca, 0xe9, 0x85,
-  0x46, 0x3c, 0x1e, 0x97, 0xd1, 0x4f, 0x80, 0xd7, 0x16, 0x09, 0x6e, 0x03,
-  0x5c, 0x05, 0xaa, 0xcf, 0x75, 0x10, 0x17, 0xba, 0x19, 0xb4, 0x92, 0xfa,
-  0x2b, 0xe5, 0xc9, 0xa5, 0x0d, 0x20, 0xc0, 0x2f, 0x8d, 0xc5, 0xcf, 0x91,
-  0x44, 0x63, 0x4b, 0x32, 0x52, 0xbb, 0x74, 0xb8, 0xaa, 0x16, 0x1f, 0xd5,
-  0xa9, 0x92, 0xde, 0x8f, 0x95, 0xf2, 0xf7, 0x73, 0x34, 0x27, 0x26, 0x41,
-  0x88, 0xb5, 0x7c, 0xf0, 0xff, 0x9c, 0xd3, 0xc8, 0x1d, 0xec
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
+  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
+  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
+  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
+  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
+  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
+  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
+  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
+  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
+  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
+  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
+  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
+  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
+  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
+  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
+  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
+  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
+  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
+  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
+  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
+  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
+  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
+  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
+  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
+  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
 };
-unsigned int default_certificate_len = 406;
+unsigned int default_certificate_len = 475;
diff --git a/ssl/private_key.h b/ssl/private_key.h
index 180d5722db..1ce34d6744 100644
--- a/ssl/private_key.h
+++ b/ssl/private_key.h
@@ -1,30 +1,54 @@
 unsigned char default_private_key[] = {
-  0x30, 0x82, 0x01, 0x3d, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, 0xd1, 0x3b,
-  0x30, 0x5f, 0xa9, 0x01, 0x42, 0x3d, 0x86, 0x6d, 0x72, 0xbe, 0x40, 0x6e,
-  0x51, 0xc1, 0x49, 0x7f, 0x57, 0x75, 0xa1, 0x2d, 0x36, 0xe5, 0xc1, 0x3d,
-  0x0f, 0x20, 0x1a, 0xd1, 0x23, 0x6d, 0xfa, 0x74, 0xd2, 0x3e, 0x23, 0xb0,
-  0x70, 0xfc, 0xa0, 0x6a, 0xde, 0xec, 0x41, 0x88, 0x84, 0xfe, 0x54, 0x15,
-  0x6b, 0x61, 0xc5, 0x16, 0x62, 0xb8, 0x93, 0x41, 0xf1, 0x4f, 0x3d, 0xff,
-  0x2e, 0xbd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x41, 0x00, 0x91, 0x79,
-  0xc4, 0xed, 0x8e, 0x35, 0xa8, 0xd7, 0xdc, 0x62, 0xb6, 0xf8, 0x1f, 0x16,
-  0x55, 0x53, 0xbe, 0x05, 0x83, 0x4a, 0xef, 0x50, 0xdf, 0xad, 0xa9, 0xc9,
-  0x09, 0x7e, 0x3a, 0x07, 0x15, 0xc8, 0xfd, 0x16, 0xbb, 0xc0, 0xe4, 0x98,
-  0xd1, 0x45, 0x99, 0x60, 0x75, 0x6c, 0x64, 0x65, 0x89, 0xc7, 0x1e, 0x35,
-  0xa2, 0xcd, 0x14, 0x05, 0x38, 0x39, 0x15, 0x1a, 0xb8, 0x0f, 0x05, 0x96,
-  0x01, 0x01, 0x02, 0x21, 0x00, 0xe8, 0xeb, 0xd7, 0xa8, 0xdf, 0xd8, 0x90,
-  0xaa, 0x3c, 0x21, 0xa4, 0x04, 0x31, 0x6a, 0xd3, 0x21, 0xd8, 0x25, 0x98,
-  0x4f, 0xb8, 0x28, 0x93, 0x2b, 0xb9, 0xe9, 0x5f, 0xb9, 0xa3, 0x65, 0x77,
-  0x7d, 0x02, 0x21, 0x00, 0xe5, 0xf6, 0x6f, 0xeb, 0x50, 0xc4, 0x3b, 0x01,
-  0xc3, 0x42, 0x7d, 0x50, 0x33, 0x7a, 0x09, 0xdc, 0x08, 0xe5, 0x76, 0xf3,
-  0xbd, 0xea, 0x0f, 0xe5, 0xf1, 0xd3, 0x3d, 0x2f, 0x63, 0xe2, 0xb8, 0x41,
-  0x02, 0x21, 0x00, 0xdd, 0xcf, 0xb2, 0xe9, 0x9c, 0x7a, 0x75, 0x91, 0xd8,
-  0x7f, 0xc4, 0xdd, 0x45, 0x5e, 0x50, 0xc0, 0x3b, 0x41, 0xda, 0x21, 0x98,
-  0xe3, 0xf2, 0xfb, 0x42, 0x29, 0xaf, 0xc2, 0x6e, 0x8b, 0x73, 0x55, 0x02,
-  0x21, 0x00, 0xc3, 0x5d, 0x6a, 0xd5, 0xb2, 0x87, 0x13, 0x4e, 0x3b, 0x11,
-  0x78, 0x9e, 0xb3, 0x2c, 0xe1, 0xc5, 0x72, 0x35, 0x67, 0xaa, 0x49, 0x54,
-  0xd9, 0x6e, 0xd3, 0xd4, 0x4f, 0x2d, 0xbc, 0xa1, 0x37, 0x41, 0x02, 0x21,
-  0x00, 0xc4, 0x69, 0x08, 0x53, 0x3b, 0x32, 0xb4, 0xb6, 0x6b, 0x1b, 0x9c,
-  0xf3, 0xf1, 0xf3, 0x1a, 0x4a, 0x96, 0xff, 0x70, 0x25, 0x20, 0x1a, 0x9d,
-  0x65, 0xb8, 0xa5, 0x8f, 0x9c, 0xc7, 0x77, 0x64, 0x74
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
+  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
+  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
+  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
+  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
+  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
+  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
+  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
+  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
+  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
+  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
+  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
+  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
+  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
+  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
+  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
+  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
+  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
+  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
+  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
+  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
+  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
+  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
+  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
+  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
+  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
+  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
+  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
+  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
+  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
+  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
+  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
+  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
+  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
+  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
+  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
+  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
+  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
+  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
+  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
+  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
+  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
+  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
+  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
+  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
+  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
+  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
+  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
+  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
+  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
 };
-unsigned int default_private_key_len = 321;
+unsigned int default_private_key_len = 609;
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
index 0e58d73bc3..f0d609580c 100755
--- a/ssl/test/make_certs.sh
+++ b/ssl/test/make_certs.sh
@@ -156,7 +156,7 @@ openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe
 cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
 
 # set default key/cert for use in the server
-xxd -i axTLS.x509_512.cer | sed -e \
-        "s/axTLS_x509_512_cer/default_certificate/" > ../../ssl/cert.h
-xxd -i axTLS.key_512 | sed -e \
-        "s/axTLS_key_512/default_private_key/" > ../../ssl/private_key.h
+xxd -i axTLS.x509_1024.cer | sed -e \
+        "s/axTLS_x509_1024_cer/default_certificate/" > ../../ssl/cert.h
+xxd -i axTLS.key_1024 | sed -e \
+        "s/axTLS_key_1024/default_private_key/" > ../../ssl/private_key.h

From d978b9a522154311ff804c3ee7eae7cf9e8f720a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 23 Jul 2006 12:32:11 +0000
Subject: [PATCH 018/301] Keep socket connections open as per v1.1 HTTP

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@25 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/awhttpd.patch | 172 ++++++++++++++++++++++++++------------------
 1 file changed, 103 insertions(+), 69 deletions(-)

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index ab63d6416f..a49d1dc4cd 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-07-22 18:09:01.968750000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -39,7 +39,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  struct connstruct {
    struct connstruct *next;
  
-@@ -46,29 +45,46 @@
+@@ -46,29 +45,48 @@
  
    int networkdesc;
    int filedesc;
@@ -72,7 +72,9 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
    long offset;
    char databuf[BLOCKSIZE];
  
-+  int is_ssl;
++  unsigned char is_ssl;
++  unsigned char close_when_done;
++  unsigned char modified_since;
  };
  
  
@@ -86,7 +88,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  };
  
  
-@@ -111,13 +127,20 @@
+@@ -111,13 +129,20 @@
  
  
  // Useful macros
@@ -108,7 +110,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void removeconnection(struct connstruct *cn);
  
  
-@@ -129,16 +152,17 @@
+@@ -129,16 +154,17 @@
  void procsendhead(struct connstruct *cn);
  void procreadfile(struct connstruct *cn);
  void procsendfile(struct connstruct *cn);
@@ -128,7 +130,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  int openlistener(int port);
  int openlistener6(int port);
  
-@@ -150,9 +174,9 @@
+@@ -150,9 +176,9 @@
  
  
  // misc.c prototypes
@@ -141,7 +143,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void stripcrlf(char *p);
  char *my_strncpy(char *dest, const char *src, size_t n);
  #ifndef __HAVE_ARCH_STRNLEN
-@@ -166,12 +190,12 @@
+@@ -166,12 +192,12 @@
  void buildactualfile(struct connstruct *cn);
  int issockwriteable(int sd);
  int isdir(char *name);
@@ -156,7 +158,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  
  
  // urldecode.c prototypes
-@@ -188,7 +212,7 @@
+@@ -188,7 +214,7 @@
  
  
  // conf.c prototypes
@@ -165,7 +167,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void procconf(char *filename);
  
  
-@@ -202,4 +226,4 @@
+@@ -202,4 +228,4 @@
  
  
  // main.c prototypes
@@ -173,7 +175,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-07-22 16:54:31.546875000 +1000
 @@ -7,29 +7,33 @@
  */
  
@@ -362,7 +364,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +#endif  /* CONFIG_HTTP_HAS_CGI */
 diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 --- awhttpd/conf.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/conf.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/conf.c	2006-07-22 16:54:31.562500000 +1000
 @@ -10,11 +10,7 @@
  #include <stdio.h>
  #include <string.h>
@@ -450,7 +452,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 +#endif  /* CONFIG_STANDARD_AWHTTPD */
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-07-22 18:08:57.687500000 +1000
 @@ -9,15 +9,11 @@
  
  #include <stdio.h>
@@ -490,7 +492,13 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
    *(tp->virtualhostreq) = '\0';
  
    tp->state = STATE_WANT_TO_READ_HEAD;
-@@ -57,7 +62,6 @@
+@@ -53,11 +58,12 @@
+   my_strncpy(tp->ip, ip, MAXIPLEN);
+ 
+   tp->offset = -1;
++  tp->close_when_done = 0;
++  tp->modified_since = 0;
+ 
    numusers++;
  
    updatetimeout(tp, time(NULL));
@@ -498,7 +506,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
    return;
  
  }
-@@ -95,10 +99,22 @@
+@@ -95,10 +101,22 @@
    freeconns = cn;
  
    // Close it all down
@@ -525,7 +533,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
    return;
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-07-22 16:54:31.562500000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -562,7 +570,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
    char buf[1024];
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-07-22 16:54:31.562500000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -588,7 +596,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-07-22 16:54:31.562500000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -828,7 +836,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-07-22 16:54:31.562500000 +1000
 @@ -21,13 +21,14 @@
  
  
@@ -862,7 +870,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-07-07 20:37:30.890625000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-07-22 16:54:31.578125000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1008,7 +1016,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-07-07 20:37:30.906250000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-07-22 16:54:31.578125000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1111,7 +1119,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-07-07 20:37:30.906250000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-07-22 16:54:31.578125000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1202,7 +1210,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-07-07 21:07:26.250000000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-07-23 10:32:07.593750000 +1000
 @@ -13,14 +13,12 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -1229,7 +1237,18 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    } else if (strcmp(words[0], "Host:")==0) {
  
-@@ -85,19 +85,22 @@
+@@ -80,24 +80,32 @@
+     if (isdigit(*words[1]) == 0) return 1;
+ 
+     cn->offset = atoi(words[1]);
+-
++  } else if (strcmp(words[0], "Connection:")==0 &&
++                strcmp(words[1], "close")==0) {
++      cn->close_when_done = 1;
++  } else if (strcmp(words[0], "If-Modified-Since:")==0) {
++      /* TODO: parse this date properly with getdate() or similar */
++      cn->modified_since = 1;
+   }
  
    return 1;
  
@@ -1254,7 +1273,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    if (cn->reqtype == TYPE_HEAD) {
      snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
-@@ -107,7 +110,17 @@
+@@ -107,7 +115,17 @@
      return;
    }
  
@@ -1273,7 +1292,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if (cn->dirp == NULL) {
      send404(cn);
      removeconnection(cn);
-@@ -116,12 +129,13 @@
+@@ -116,12 +134,13 @@
  
    // Get rid of the "."
    readdir(cn->dirp);
@@ -1289,7 +1308,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    cn->state = STATE_DOING_DIR;
  
-@@ -134,36 +148,48 @@
+@@ -134,36 +153,48 @@
  
  void procdodir(struct connstruct *cn) {
  
@@ -1347,7 +1366,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
  
  
-@@ -172,9 +198,10 @@
+@@ -172,9 +203,10 @@
    char buf[MAXREQUESTLENGTH*4], *tp, *next;
    int rv;
  
@@ -1361,14 +1380,18 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -217,36 +244,97 @@
+@@ -217,36 +249,100 @@
  void procsendhead(struct connstruct *cn) {
  
    char buf[1024];
 +  char actualfile[1024];
    struct stat stbuf;
- 
+-
 -  if (stat(cn->actualfile, &stbuf) == -1) {
++  time_t now = time(NULL);
++  char date[32];
++  strcpy(date, ctime(&now));
++
 +  strcpy(actualfile, cn->actualfile);
 +
 +#ifdef WIN32
@@ -1466,7 +1489,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
      if (cn->filereq[strlen(cn->filereq)-1] != '/') {
        send301(cn);
-@@ -256,16 +344,24 @@
+@@ -256,16 +352,24 @@
  
      // Check to see if this dir has an index file
      if (procindex(cn, &stbuf) == 0) {
@@ -1493,7 +1516,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
            isdir(cn->actualfile)) {
          send404(cn);
          removeconnection(cn);
-@@ -275,6 +371,7 @@
+@@ -275,39 +379,57 @@
        proccgi(cn,0);
        return;
      }
@@ -1501,40 +1524,45 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      // If the index isn't a CGI, we continue on with the index file
  
    }
-@@ -282,6 +379,7 @@
-   if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
-     cn->offset = -1;
  
-+#if defined (CONFIG_STANDARD_AWHTTPD)
-     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
-                VERSION,
-                quote,
-@@ -299,15 +397,41 @@
-                (long) stbuf.st_size - cn->offset,
-                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-   }
-+#else
+-  if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
++  if (cn->modified_since) {
++    snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: Anti-Web V%s\nDate: %s\n", VERSION, date);
++    special_write(cn, buf, strlen(buf));
++    cn->modified_since = 0;
++    cn->state = STATE_WANT_TO_READ_HEAD;
++    return;
++  }
++  else if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
 +#ifdef CONFIG_HTTP_VERBOSE
 +    printf("awhttpd: %s send %s\n", 
 +            cn->is_ssl ? "https" : "http", cn->actualfile);
 +    TTY_FLUSH();
 +#endif
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
-+               VERSION,
-+               getmimetype(cn->actualfile),
-+               (long) stbuf.st_size,
-+               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-+  } else {
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
-+               VERSION,
-+               getmimetype(cn->actualfile),
-+               cn->offset,
-+               (long) stbuf.st_size-1,
-+               (long) stbuf.st_size,
-+               (long) stbuf.st_size - cn->offset,
-+               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-+  }
-+#endif  /* CONFIG_HTTP_USE_QUOTE */
++
+     cn->offset = -1;
+ 
+-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
++    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
+                VERSION,
+-               quote,
+                getmimetype(cn->actualfile),
+                (long) stbuf.st_size,
++               date,
+                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+   } else {
+-    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
++    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
+                VERSION,
+-               quote,
+                getmimetype(cn->actualfile),
+                cn->offset,
+                (long) stbuf.st_size-1,
+                (long) stbuf.st_size,
+                (long) stbuf.st_size - cn->offset,
++               date,
+                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+   }
  
 -  write(cn->networkdesc, buf, strlen(buf));
 +  special_write(cn, buf, strlen(buf));
@@ -1544,7 +1572,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    } else {
 +    int flags = O_RDONLY;
-+#ifdef WIN32
++#if defined(WIN32) || defined(CYGWIN)
 +    flags |= O_BINARY;
 +#endif
  
@@ -1553,7 +1581,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      if (cn->filedesc == -1) {
        send404(cn);
        removeconnection(cn);
-@@ -318,7 +442,23 @@
+@@ -318,7 +440,23 @@
        lseek(cn->filedesc, cn->offset, SEEK_SET);
      }
  
@@ -1577,7 +1605,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -328,13 +468,13 @@
+@@ -328,13 +466,19 @@
  
  void procreadfile(struct connstruct *cn) {
  
@@ -1591,26 +1619,32 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 -    return;
 +      close(cn->filedesc);
 +      cn->filedesc = -1;
-+      removeconnection(cn);
++      if (cn->close_when_done)      /* close immediately */
++          removeconnection(cn);
++      else {                        /* keep socket open - HTTP 1.1 */
++          cn->state = STATE_WANT_TO_READ_HEAD;
++          cn->numbytes = 0;
++          cn->offset = -1;
++      }
 +      return;
    }
  
    cn->numbytes = rv;
-@@ -347,11 +487,9 @@
+@@ -347,11 +491,9 @@
  
  void procsendfile(struct connstruct *cn) {
  
 -  int rv;
+-
+-  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
 +  int rv = special_write(cn, cn->databuf, cn->numbytes);
  
--  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
--
 -  if (rv == -1)
 +  if (rv < 0)
      removeconnection(cn);
    else if (rv == cn->numbytes)
      cn->state = STATE_WANT_TO_READ_FILE;
-@@ -361,7 +499,47 @@
+@@ -361,7 +503,47 @@
      memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
      cn->numbytes -= rv;
    }
@@ -1661,7 +1695,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-07-07 20:37:30.906250000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-07-22 16:54:31.578125000 +1000
 @@ -8,19 +8,11 @@
  
  
@@ -1748,7 +1782,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-07-07 20:37:30.906250000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-07-22 16:54:31.593750000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From 202f18ffd956eaeeb48a8b0170866475a205f32c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 23 Jul 2006 12:32:55 +0000
Subject: [PATCH 019/301] New file positions.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@26 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/awhttpd.aip | 130 +++++++++++++++++++++++++++++++++------------
 1 file changed, 97 insertions(+), 33 deletions(-)

diff --git a/config/awhttpd.aip b/config/awhttpd.aip
index 575102d520..a460ecbf20 100755
--- a/config/awhttpd.aip
+++ b/config/awhttpd.aip
@@ -8,10 +8,10 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{9355EAA9-8EA4-4B4B-9A1E-F5E8EDAC1BA8} "/>
+    <ROW Property="ProductCode" Value="1033:{95CBFC63-55F3-4811-8E6A-933E33358612} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.0.1"/>
+    <ROW Property="ProductVersion" Value="1.0.2"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
@@ -23,6 +23,16 @@
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
+    <ROW Directory="prop_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_DIR" Directory_Parent="svn_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="props_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="props"/>
+    <ROW Directory="props_DIR" Directory_Parent="svn_DIR" DefaultDir="props"/>
+    <ROW Directory="svn_DIR" Directory_Parent="crypto_files_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="text_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_DIR" Directory_Parent="svn_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="tmp_DIR" Directory_Parent="svn_DIR" DefaultDir="tmp"/>
+    <ROW Directory="wcprops_1_DIR" Directory_Parent="svn_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_DIR" Directory_Parent="tmp_DIR" DefaultDir="wcprops"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
@@ -35,44 +45,94 @@
     <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
-    <ROW Component="crypto_2600des.gif" ComponentId="{7C3C3A24-4053-4A9D-B040-FA671C2FA638}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
+    <ROW Component="crypto_2600des.gif" ComponentId="{CF142350-C3E2-4F82-88AF-0706F8D8C7F9}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
+    <ROW Component="crypto_2600des.gif.svn_base" ComponentId="{5A7893BF-4CE9-440F-8212-886D5E21EA39}" Directory_="prop_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base" FullKeyPath="APPDIR\www\crypto_files\.svn\prop-base"/>
+    <ROW Component="crypto_2600des.gif.svn_base_1" ComponentId="{28160B9C-10F3-43AB-B43B-EAD04D2A62F1}" Directory_="text_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base_1" FullKeyPath="APPDIR\www\crypto_files\.svn\text-base"/>
+    <ROW Component="crypto_2600des.gif.svn_work" ComponentId="{22FF589C-8024-4A96-B101-5D05BFB226D4}" Directory_="props_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work" FullKeyPath="APPDIR\www\crypto_files\.svn\props"/>
+    <ROW Component="crypto_2600des.gif.svn_work_1" ComponentId="{8C90C876-62C5-4B00-B61C-7F79AFB316ED}" Directory_="wcprops_1_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work_1" FullKeyPath="APPDIR\www\crypto_files\.svn\wcprops"/>
+    <ROW Component="dir_wcprops" ComponentId="{466EBC3E-CFBE-4532-8D34-0CF1BD18A6B0}" Directory_="svn_DIR" Attributes="0" KeyPath="dir_wcprops" FullKeyPath="APPDIR\www\crypto_files\.svn"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
+    <ROW Component="prop_base" ComponentId="{43478899-1EF9-4375-AAA5-CDDF217F1B98}" Directory_="prop_base_1_DIR" Attributes="0"/>
+    <ROW Component="props" ComponentId="{B04545A5-3C92-4DCE-BEAB-BD380EF0C57C}" Directory_="props_1_DIR" Attributes="0"/>
     <ROW Component="test_cgi.php" ComponentId="{9025188F-8BED-4459-86EF-74C28A3B9301}" Directory_="New_Folder_1_DIR" Attributes="0" KeyPath="test_cgi.php" FullKeyPath="APPDIR\www\test_dir"/>
+    <ROW Component="text_base" ComponentId="{37B9ED8A-06B0-431B-9EB6-58ED9497E9BC}" Directory_="text_base_1_DIR" Attributes="0"/>
+    <ROW Component="wcprops" ComponentId="{4106AB01-565E-4281-97AE-96EC1F865899}" Directory_="wcprops_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll crypto_2600des.gif favicon.ico bigint.h test_cgi.php New_Folder"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
-    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\awhttpd.exe" SelfReg="false" Sequence="1"/>
-    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
-    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.exe" SelfReg="false" Sequence="3"/>
-    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
-    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.dll" SelfReg="false" Sequence="5"/>
-    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.jar" SelfReg="false" Sequence="6"/>
-    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.lib" SelfReg="false" Sequence="7"/>
-    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtls.static.lib" SelfReg="false" Sequence="8"/>
-    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\axtlsj.dll" SelfReg="false" Sequence="9"/>
-    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="25"/>
-    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="22"/>
-    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="23"/>
-    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="10"/>
-    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="11"/>
-    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="12"/>
-    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="13"/>
-    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="15"/>
-    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="16"/>
-    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="17"/>
-    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\favicon.ico" SelfReg="false" Sequence="19"/>
-    <ROW File="health.sh" Component_="test_cgi.php" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="28"/>
-    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\index.html" SelfReg="false" Sequence="20"/>
-    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\..\axTLS.release_test\axTLS\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="18"/>
-    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="26"/>
-    <ROW File="some_text.txt" Component_="test_cgi.php" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="29"/>
-    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="21"/>
-    <ROW File="test_cgi.php" Component_="test_cgi.php" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="27"/>
-    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="24"/>
+    <ROW File="README.txt" Component_="dir_wcprops" FileName="README.txt" Attributes="1" SourcePath="..\www\crypto_files\.svn\README.txt" SelfReg="false" Sequence="43"/>
+    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\_stage\awhttpd.exe" SelfReg="false" Sequence="1"/>
+    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
+    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
+    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\_stage\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
+    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="5"/>
+    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\_stage\axtls.jar" SelfReg="false" Sequence="6"/>
+    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="7"/>
+    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="8"/>
+    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\_stage\axtlsj.dll" SelfReg="false" Sequence="9"/>
+    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
+    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
+    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
+    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="62"/>
+    <ROW File="crypto_2600des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="25"/>
+    <ROW File="crypto_2600des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="44"/>
+    <ROW File="crypto_2600des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="34"/>
+    <ROW File="crypto_2600des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="53"/>
+    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="63"/>
+    <ROW File="crypto_3ways.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="26"/>
+    <ROW File="crypto_3ways.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="45"/>
+    <ROW File="crypto_3ways.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="35"/>
+    <ROW File="crypto_3ways.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="54"/>
+    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="64"/>
+    <ROW File="crypto_backrsa.jpg.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="27"/>
+    <ROW File="crypto_backrsa.jpg.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="46"/>
+    <ROW File="crypto_backrsa.jpg.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="36"/>
+    <ROW File="crypto_backrsa.jpg.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="55"/>
+    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="65"/>
+    <ROW File="crypto_cert.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="28"/>
+    <ROW File="crypto_cert.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="47"/>
+    <ROW File="crypto_cert.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_cert.gif.svn-work" SelfReg="false" Sequence="37"/>
+    <ROW File="crypto_cert.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_cert.gif.svn-work" SelfReg="false" Sequence="56"/>
+    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="66"/>
+    <ROW File="crypto_des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="29"/>
+    <ROW File="crypto_des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="48"/>
+    <ROW File="crypto_des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_des.gif.svn-work" SelfReg="false" Sequence="38"/>
+    <ROW File="crypto_des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_des.gif.svn-work" SelfReg="false" Sequence="57"/>
+    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="67"/>
+    <ROW File="crypto_ecc.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="30"/>
+    <ROW File="crypto_ecc.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="49"/>
+    <ROW File="crypto_ecc.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="39"/>
+    <ROW File="crypto_ecc.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="58"/>
+    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="68"/>
+    <ROW File="crypto_sslv3.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="31"/>
+    <ROW File="crypto_sslv3.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="50"/>
+    <ROW File="crypto_sslv3.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="40"/>
+    <ROW File="crypto_sslv3.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="59"/>
+    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="69"/>
+    <ROW File="crypto_types.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="32"/>
+    <ROW File="crypto_types.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="51"/>
+    <ROW File="crypto_types.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_types.gif.svn-work" SelfReg="false" Sequence="41"/>
+    <ROW File="crypto_types.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_types.gif.svn-work" SelfReg="false" Sequence="60"/>
+    <ROW File="dir_wcprops" Component_="dir_wcprops" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\crypto_files\.svn\dir-wcprops" SelfReg="false" Sequence="21"/>
+    <ROW File="empty_file" Component_="dir_wcprops" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\crypto_files\.svn\empty-file" SelfReg="false" Sequence="22"/>
+    <ROW File="entries" Component_="dir_wcprops" FileName="entries" Attributes="1" SourcePath="..\www\crypto_files\.svn\entries" SelfReg="false" Sequence="23"/>
+    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
+    <ROW File="format" Component_="dir_wcprops" FileName="format" Attributes="1" SourcePath="..\www\crypto_files\.svn\format" SelfReg="false" Sequence="24"/>
+    <ROW File="health.sh" Component_="test_cgi.php" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="19"/>
+    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
+    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="70"/>
+    <ROW File="kerberos.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\kerberos.gif.svn-base" SelfReg="false" Sequence="33"/>
+    <ROW File="kerberos.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\kerberos.gif.svn-base" SelfReg="false" Sequence="52"/>
+    <ROW File="kerberos.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\kerberos.gif.svn-work" SelfReg="false" Sequence="42"/>
+    <ROW File="kerberos.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\kerberos.gif.svn-work" SelfReg="false" Sequence="61"/>
+    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
+    <ROW File="some_text.txt" Component_="test_cgi.php" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="20"/>
+    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
+    <ROW File="test_cgi.php" Component_="test_cgi.php" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="18"/>
+    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
     <ROW Path="&lt;ui.ail&gt;"/>
@@ -103,6 +163,10 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
     <ROW Directory_="New_Folder_2_DIR" Component_="New_Folder"/>
+    <ROW Directory_="prop_base_1_DIR" Component_="prop_base"/>
+    <ROW Directory_="props_1_DIR" Component_="props"/>
+    <ROW Directory_="text_base_1_DIR" Component_="text_base"/>
+    <ROW Directory_="wcprops_DIR" Component_="wcprops"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>

From 415ff0ad4c0ad2d319ebfa8882a6dc634e322913 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 31 Jul 2006 08:16:20 +0000
Subject: [PATCH 020/301] new config for awhttpd

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@27 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/win32config | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/config/win32config b/config/win32config
index ce1e485c68..fe94084f5a 100644
--- a/config/win32config
+++ b/config/win32config
@@ -10,6 +10,7 @@ CONFIG_PLATFORM_WIN32=y
 #
 # General Configuration
 #
+PREFIX="/usr/local"
 # CONFIG_DEBUG is not set
 
 #
@@ -54,13 +55,9 @@ CONFIG_AWHTTPD=y
 # CONFIG_HTTP_STATIC_BUILD is not set
 CONFIG_HTTP_HAS_SSL=y
 CONFIG_HTTP_HTTPS_PORT=443
-# CONFIG_STANDARD_AWHTTPD is not set
 CONFIG_HTTP_WEBROOT="www"
 CONFIG_HTTP_PORT=80
-# CONFIG_HTTP_USE_TIMEOUT is not set
-CONFIG_HTTP_TIMEOUT=0
-CONFIG_HTTP_INITIAL_SLOTS=10
-CONFIG_HTTP_MAX_USERS=100
+CONFIG_HTTP_TIMEOUT=5
 # CONFIG_HTTP_HAS_CGI is not set
 CONFIG_HTTP_CGI_EXTENSION=""
 CONFIG_HTTP_DIRECTORIES=y

From e8ef4b4b84dc511632a8b41d0e2dbcb0f2854ca2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 31 Jul 2006 08:16:46 +0000
Subject: [PATCH 021/301] new performance script

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@28 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/JMeter.jmx | 83 +++++++++++++++++++++++------------------------
 1 file changed, 40 insertions(+), 43 deletions(-)

diff --git a/config/JMeter.jmx b/config/JMeter.jmx
index 0ef7c74696..5070760b05 100755
--- a/config/JMeter.jmx
+++ b/config/JMeter.jmx
@@ -10,7 +10,7 @@
       <stringProp name="TestPlan.comments"></stringProp>
     </TestPlan>
     <hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 0" enabled="true">
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 1" enabled="true">
         <longProp name="ThreadGroup.start_time">1152004173000</longProp>
         <stringProp name="ThreadGroup.delay"></stringProp>
         <stringProp name="ThreadGroup.duration"></stringProp>
@@ -25,7 +25,7 @@
         <stringProp name="ThreadGroup.ramp_time">0</stringProp>
       </ThreadGroup>
       <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="normal" enabled="true">
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Normal" enabled="true">
           <stringProp name="HTTPSampler.path">/index.html</stringProp>
           <stringProp name="HTTPSampler.method">GET</stringProp>
           <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
@@ -44,40 +44,6 @@
         </HTTPSampler>
         <hashTree/>
       </hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 1" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="win32 (RC4)" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">443</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
       <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 2" enabled="true">
         <longProp name="ThreadGroup.start_time">1152004173000</longProp>
         <stringProp name="ThreadGroup.delay"></stringProp>
@@ -89,17 +55,17 @@
           <boolProp name="LoopController.continue_forever">false</boolProp>
         </elementProp>
         <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
         <stringProp name="ThreadGroup.ramp_time">0</stringProp>
       </ThreadGroup>
       <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="cygwin (RC4)" enabled="true">
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="RC4" enabled="true">
           <stringProp name="HTTPSampler.path">/index.html</stringProp>
           <stringProp name="HTTPSampler.method">GET</stringProp>
           <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
           <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
           <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">1443</stringProp>
+          <stringProp name="HTTPSampler.port">443</stringProp>
           <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
             <collectionProp name="Arguments.arguments"/>
           </elementProp>
@@ -127,7 +93,7 @@
         <stringProp name="ThreadGroup.ramp_time">0</stringProp>
       </ThreadGroup>
       <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="skeleton (RC4)" enabled="true">
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES128" enabled="true">
           <stringProp name="HTTPSampler.path">/index.html</stringProp>
           <stringProp name="HTTPSampler.method">GET</stringProp>
           <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
@@ -161,7 +127,7 @@
         <stringProp name="ThreadGroup.ramp_time">0</stringProp>
       </ThreadGroup>
       <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES128" enabled="true">
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES256" enabled="true">
           <stringProp name="HTTPSampler.path">/index.html</stringProp>
           <stringProp name="HTTPSampler.method">GET</stringProp>
           <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
@@ -195,13 +161,13 @@
         <stringProp name="ThreadGroup.ramp_time">0</stringProp>
       </ThreadGroup>
       <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES256" enabled="true">
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Skeleton (RC4)" enabled="true">
           <stringProp name="HTTPSampler.path">/index.html</stringProp>
           <stringProp name="HTTPSampler.method">GET</stringProp>
           <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
           <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
           <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">4443</stringProp>
+          <stringProp name="HTTPSampler.port">1443</stringProp>
           <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
             <collectionProp name="Arguments.arguments"/>
           </elementProp>
@@ -245,6 +211,37 @@
         <boolProp name="ResultCollector.error_logging">false</boolProp>
       </ResultCollector>
       <hashTree/>
+      <ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="false">
+        <objProp>
+          <value class="SampleSaveConfiguration">
+            <time>true</time>
+            <latency>true</latency>
+            <timestamp>true</timestamp>
+            <success>true</success>
+            <label>true</label>
+            <code>true</code>
+            <message>true</message>
+            <threadName>true</threadName>
+            <dataType>true</dataType>
+            <encoding>false</encoding>
+            <assertions>true</assertions>
+            <subresults>true</subresults>
+            <responseData>false</responseData>
+            <samplerData>false</samplerData>
+            <xml>false</xml>
+            <fieldNames>false</fieldNames>
+            <responseHeaders>false</responseHeaders>
+            <requestHeaders>false</requestHeaders>
+            <responseDataOnError>false</responseDataOnError>
+            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
+            <assertionsResultsToSave>0</assertionsResultsToSave>
+          </value>
+          <name>saveConfig</name>
+        </objProp>
+        <stringProp name="filename"></stringProp>
+        <boolProp name="ResultCollector.error_logging">false</boolProp>
+      </ResultCollector>
+      <hashTree/>
     </hashTree>
   </hashTree>
 </jmeterTestPlan>

From c4e8d530cf5ef18165f2fc2a4a3f724a40b4afd3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 31 Jul 2006 08:17:13 +0000
Subject: [PATCH 022/301] New awhttpd configuration

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@29 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in     |   43 +-
 httpd/Makefile      |    3 +-
 httpd/awhttpd.patch | 1228 ++++++++++++++++++++++++++++---------------
 3 files changed, 803 insertions(+), 471 deletions(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index c9240864dd..09f0981a67 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -28,17 +28,10 @@ config CONFIG_HTTP_HTTPS_PORT
 
         You must be a root user in order to use the default port.
 
-config CONFIG_STANDARD_AWHTTPD
-    bool "Use Standard AWHTTPD Configuration"
-    default n
-    help
-        Use the configuration file that awhttpd normally uses.
-        
 config CONFIG_HTTP_WEBROOT
     string "Web root location"
     default "../www" if !CONFIG_PLATFORM_WIN32
     default "..\\www" if CONFIG_PLATFORM_WIN32
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         The location of the web root in relation to awhttpd. This is 
         the directory where index.html lives.
@@ -46,47 +39,20 @@ config CONFIG_HTTP_WEBROOT
 config CONFIG_HTTP_PORT
     int "HTTP port"
     default 80
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         The port number of the normal HTTP server. 
 
         You must be a root user in order to use the default port.
 
-config CONFIG_HTTP_USE_TIMEOUT
-    bool "Use Timeout"
-    default n
-    depends on !CONFIG_STANDARD_AWHTTPD
-    help
-        Enable timeouts to be used.
-
 config CONFIG_HTTP_TIMEOUT
     int "Timeout"
     default 5
-    depends on CONFIG_HTTP_USE_TIMEOUT
-    help
-        Set the timeout in seconds.
-
-config CONFIG_HTTP_INITIAL_SLOTS
-    int "Initial Slots"
-    default 10
-    depends on !CONFIG_STANDARD_AWHTTPD
-    help
-        Determine the number of slots.
-
-        This is just an initial value to allocate memory. This will go all the
-        way up to max usrs.
-
-config CONFIG_HTTP_MAX_USERS
-    int "Max Users"
-    default 100
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
-        Determine the maximum number of simultaneous users at any time
+        Set the timeout of a connection in seconds.
 
 config CONFIG_HTTP_HAS_CGI
     bool "Enable CGI"
     default n
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         Enable the CGI capability.
 
@@ -100,14 +66,12 @@ config CONFIG_HTTP_CGI_EXTENSION
 config CONFIG_HTTP_DIRECTORIES
     bool "Enable Directory Listing"
     default n
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         Enable directory listing.
     
 config CONFIG_HTTP_PERM_CHECK
     bool "Permissions Check"
     default n
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         Enable permissions checking on the directories before reading the
         files in them.
@@ -115,7 +79,7 @@ config CONFIG_HTTP_PERM_CHECK
 config CONFIG_HTTP_HAS_IPV6
     bool "Enable IPv6"
     default n
-    depends on !CONFIG_STANDARD_AWHTTPD && !CONFIG_PLATFORM_WIN32
+    depends on !CONFIG_PLATFORM_WIN32
     help
         Use IPv6 instead of IPv4.
     
@@ -125,14 +89,13 @@ config CONFIG_HTTP_VERBOSE
     bool "Verbose Mode"
     default y if CONFIG_SSL_FULL_MODE
     default n if !CONFIG_SSL_FULL_MODE
-    depends on !CONFIG_STANDARD_AWHTTPD
     help
         Enable extra statements used when using awhttpd.
 
 config CONFIG_HTTP_IS_DAEMON
     bool "Run as a daemon"
     default n
-    depends on !CONFIG_STANDARD_AWHTTPD && !CONFIG_PLATFORM_WIN32
+    depends on !CONFIG_PLATFORM_WIN32
     help 
         Run awhttpd as a background process.
 
diff --git a/httpd/Makefile b/httpd/Makefile
index 3b8f4b0895..07261a52cd 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -72,8 +72,7 @@ OBJ= \
 	mime_types.o \
 	index.o \
 	urlencode.o \
-    permcheck.o \
-	conf.o
+    permcheck.o
 
 %.o : awhttpd/%.c ../config/.config
 	$(CC) -c $(CFLAGS) $< 
diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index a49d1dc4cd..5ab15a0bf2 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-07-22 18:09:01.968750000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-07-26 23:09:27.343750000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -39,29 +39,28 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  struct connstruct {
    struct connstruct *next;
  
-@@ -46,29 +45,48 @@
+@@ -46,29 +45,43 @@
  
    int networkdesc;
    int filedesc;
-+
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
+-  DIR *dirp;
+ 
+-  int timeout;
++#if defined(CONFIG_HTTP_DIRECTORIES)
 +#ifdef WIN32
 +  HANDLE dirp;
 +  WIN32_FIND_DATA file_data;
 +#else
-   DIR *dirp;
++  DIR *dirp;
 +#endif
 +#endif
  
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
-   int timeout;
-+#endif
- 
++  time_t timeout;
    char ip[MAXIPLEN];
- 
+-
    char actualfile[MAXREQUESTLENGTH];
    char filereq[MAXREQUESTLENGTH];
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
    char cgiargs[MAXREQUESTLENGTH];
    char cgiscriptinfo[MAXREQUESTLENGTH];
    char cgipathinfo[MAXREQUESTLENGTH];
@@ -69,7 +68,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
    char virtualhostreq[MAXREQUESTLENGTH];
  
    int numbytes;
-   long offset;
+-  long offset;
    char databuf[BLOCKSIZE];
  
 +  unsigned char is_ssl;
@@ -88,21 +87,29 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  };
  
  
-@@ -111,13 +129,20 @@
- 
- 
- // Useful macros
-+#ifdef CONFIG_STANDARD_AWHTTPD
- #define istimedout(tp,ct) ((ct) > (tp)->timeout)
- #define updatetimeout(tp,ct) ((tp)->timeout = (ct)+usertimeout)
-+#elif CONFIG_HTTP_USE_TIMEOUT
-+#define istimedout(tp,ct) ((ct) > (tp)->timeout)
-+#define updatetimeout(tp,ct) ((tp)->timeout = (ct)+CONFIG_HTTP_TIMEOUT)
-+#else
-+#define updatetimeout(tp,ct)    /* empty macro */
-+#endif
+@@ -96,28 +109,13 @@
  
+ // Conf global prototypes
  
+-extern int usevirtualhosts;
+ extern char *webroot;
+ extern int allowdirectorylisting;
+ extern int allowcgi;
+ extern int permcheck;
+-extern int maxusers;
+-extern int usertimeout;
+-extern int initialslots;
+-extern char *quote;
+-extern int initialslots;
+-
+-extern int numusers;
+-
+-
+-// Useful macros
+-#define istimedout(tp,ct) ((ct) > (tp)->timeout)
+-#define updatetimeout(tp,ct) ((tp)->timeout = (ct)+usertimeout)
+-
+-
  
  // conn.c prototypes
 -void addconnection(int sd, char *ip);
@@ -110,7 +117,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void removeconnection(struct connstruct *cn);
  
  
-@@ -129,16 +154,17 @@
+@@ -129,30 +127,29 @@
  void procsendhead(struct connstruct *cn);
  void procreadfile(struct connstruct *cn);
  void procsendfile(struct connstruct *cn);
@@ -124,13 +131,17 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  
  
  // socket.c prototypes
- int pollsocket(int sd, long ustimeout);
+-int pollsocket(int sd, long ustimeout);
 -void handlenewconnection(int listenfd);
 +void handlenewconnection(int listenfd, int is_ssl);
  int openlistener(int port);
  int openlistener6(int port);
  
-@@ -150,9 +176,9 @@
+ 
+ // errors.c prototypes
+-void send505(int sd, char *reason);
+ void send404(struct connstruct *cn);
+ void send301(struct connstruct *cn);
  
  
  // misc.c prototypes
@@ -143,12 +154,17 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void stripcrlf(char *p);
  char *my_strncpy(char *dest, const char *src, size_t n);
  #ifndef __HAVE_ARCH_STRNLEN
-@@ -166,12 +192,12 @@
+@@ -160,18 +157,16 @@
+ #endif
+ int iscgi(char *fn);
+ int split(char *tp, char *sp[], int maxwords, char sc);
+-int confsplit(char *tp, char *sp[], int maxwords);
+ int sanitizefile(char *buf);
+ int sanitizehost(char *buf);
  void buildactualfile(struct connstruct *cn);
  int issockwriteable(int sd);
  int isdir(char *name);
 -void status();
-+void status(void);
  int trycgi_withpathinfo(struct connstruct *cn);
  
  
@@ -158,16 +174,15 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  
  
  // urldecode.c prototypes
-@@ -188,7 +214,7 @@
+@@ -188,7 +183,6 @@
  
  
  // conf.c prototypes
 -void defaultconfvals();
-+void defaultconfvals(void);
  void procconf(char *filename);
  
  
-@@ -202,4 +228,4 @@
+@@ -202,4 +196,4 @@
  
  
  // main.c prototypes
@@ -175,8 +190,8 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-07-22 16:54:31.546875000 +1000
-@@ -7,29 +7,33 @@
++++ axTLS/httpd/awhttpd/cgi.c	2006-07-26 23:05:56.890625000 +1000
+@@ -7,93 +7,46 @@
  */
  
  
@@ -190,62 +205,69 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
  
  
  
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
  void addcgiext(char *tp) {
  
    struct cgiextstruct *ex;
  
    ex = (struct cgiextstruct *) malloc(sizeof(struct cgiextstruct));
-   if (ex == NULL) {
-+#ifdef CONFIG_HTTP_VERBOSE
-     fprintf(stderr, "Serious memory error...\n");
+-  if (ex == NULL) {
+-    fprintf(stderr, "Serious memory error...\n");
 -    exit(0);
-+#endif
-+    exit(1);
-   }
- 
+-  }
+-
    ex->ext = strdup(tp);
-   if (ex->ext == NULL) {
-+#ifdef CONFIG_HTTP_VERBOSE
-     fprintf(stderr, "Serious memory error...\n");
+-  if (ex->ext == NULL) {
+-    fprintf(stderr, "Serious memory error...\n");
 -    exit(0);
-+#endif
-+    exit(1);
-   }
- 
+-  }
+-
    ex->next = cgiexts;
-@@ -43,7 +47,7 @@
- 
- void gensysenv(struct connstruct *cn) {
- 
+   cgiexts = ex;
+-
+-  return;
+-
+-}
+-
+-
+-
+-void gensysenv(struct connstruct *cn) {
+-
 -  #ifndef LIMITEDCGI
-+#if !defined (LIMITEDCGI) && !defined(WIN32)
- 
-   char buf[1024];
- 
-@@ -54,7 +58,9 @@
- 
-   setenv("AW_VERSION", VERSION, 1);
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   setenv("AW_QUOTE", quote, 1);
-+#endif
- 
- /* Commented this out because (and this is ridiculous) PHP
-    doesn't seem to work with this variable specified
-@@ -70,30 +76,39 @@
- 
-   setenv("QUERY_STRING", cn->cgiargs, 1);
- 
+-
+-  char buf[1024];
+-
+-  setenv("REMOTE_ADDR", cn->ip, 1);
+-
+-  snprintf(buf, sizeof(buf), "%d", numusers);
+-  setenv("AW_NUMUSERS", buf, 1);
+-
+-  setenv("AW_VERSION", VERSION, 1);
+-
+-  setenv("AW_QUOTE", quote, 1);
+-
+-/* Commented this out because (and this is ridiculous) PHP
+-   doesn't seem to work with this variable specified
+- */
+-/*
+-  snprintf ( buf, sizeof(buf), "Anti-Web V%s (%s)", VERSION, quote );
+-  setenv("SERVER_SOFTWARE", buf, 1);
+-*/
+-
+-  setenv("SCRIPT_NAME", cn->cgiscriptinfo, 1);
+-
+-  setenv("PATH_INFO", cn->cgipathinfo, 1);
+-
+-  setenv("QUERY_STRING", cn->cgiargs, 1);
+-
 -  return;
 -
 -  #endif
 -
-+#endif
  }
  
- 
- 
+-
+-
  void proccgi(struct connstruct *cn, int has_pathinfo) {
  
 -  int tpipe[2], fv;
@@ -253,22 +275,19 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +  int tpipe[2];
 +  char *myargs[5];
    char buf[MAXREQUESTLENGTH];
+-
+-  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\n%s",
+-                             VERSION,
+-                             quote, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+-  write(cn->networkdesc, buf, strlen(buf));
 +#ifdef WIN32
 +  int tmp_stdout;
 +#else
 +  int fv;
 +#endif
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\n%s",
-                              VERSION,
-                              quote, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
--  write(cn->networkdesc, buf, strlen(buf));
-+#else
++
 +  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\n%s",
-+                             VERSION,
-+                             (cn->reqtype == TYPE_HEAD) ? "\n" : "");
-+#endif
++                             VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
 +  special_write(cn, buf, strlen(buf));
  
    if (cn->reqtype == TYPE_HEAD) {
@@ -280,7 +299,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
    if (pipe(tpipe) == -1) {
      removeconnection(cn);
      return;
-@@ -108,7 +123,8 @@
+@@ -108,7 +61,8 @@
      return;
    }
  
@@ -290,7 +309,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
      // Close the write descriptor
      close(tpipe[1]);
      cn->filedesc = tpipe[0];
-@@ -132,19 +148,64 @@
+@@ -132,19 +86,62 @@
    close(tpipe[1]);
  
    myargs[0] = cn->actualfile;
@@ -303,20 +322,21 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 -      my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
 -      my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
 -    }
+-
+-  gensysenv(cn);
 +  if (!has_pathinfo) {
 +    my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
 +    my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
 +  }
  
-   gensysenv(cn);
- 
    execv(cn->actualfile, myargs);
 +#else /* WIN32 */
 +  if (_pipe(tpipe, 4096, O_BINARY| O_NOINHERIT) == -1) {
 +    removeconnection(cn);
 +    return;
 +  }
-+
+ 
+-  exit(0);
 +  myargs[0] = "sh";
 +  myargs[1] = "-c";
 +  myargs[2] = cn->actualfile;
@@ -331,12 +351,11 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +          *t++ = '/';
 +      }
 +  }
- 
--  exit(0);
++
 +  tmp_stdout = _dup(_fileno(stdout));
 +  _dup2(tpipe[1], _fileno(stdout));
 +  close(tpipe[1]);
- 
++
 +  /* change to suit execution method */
 +  if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
 +            myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) {
@@ -352,7 +371,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +  for (;;)
 +  {
 +    procreadfile(cn);
-+
+ 
 +    if (cn->filedesc == -1)
 +        break;
 +
@@ -364,96 +383,277 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +#endif  /* CONFIG_HTTP_HAS_CGI */
 diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 --- awhttpd/conf.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/conf.c	2006-07-22 16:54:31.562500000 +1000
-@@ -10,11 +10,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <ctype.h>
++++ axTLS/httpd/awhttpd/conf.c	1970-01-01 10:00:00.000000000 +1000
+@@ -1,265 +0,0 @@
+-/* Anti-Web HTTPD */
+-/* Hardcore Software */
+-/*
+-This software is Copyright (C) 2001-2004 By Hardcore Software and
+-others. The software is distributed under the terms of the GNU General
+-Public License. See the file 'COPYING' for more details.
+-*/
+-
+-
+-#include <stdio.h>
+-#include <string.h>
+-#include <ctype.h>
 -#include <pwd.h>
 -#include <sys/types.h>
- #include <stdlib.h>
+-#include <stdlib.h>
 -#include <unistd.h>
 -
- #include "aw3.h"
- 
- 
-@@ -23,21 +19,29 @@
- 
- int usevirtualhosts;
- char *webroot;
-+int initialslots;
-+int maxusers;
-+
-+#ifdef CONFIG_STANDARD_AWHTTPD
-+
- int allowdirectorylisting;
- int allowcgi;
- int permcheck;
+-#include "aw3.h"
+-
+-
+-
+-// CONF GLOBALS:
+-
+-int usevirtualhosts;
+-char *webroot;
+-int allowdirectorylisting;
+-int allowcgi;
+-int permcheck;
 -int maxusers;
- int usertimeout;
+-int usertimeout;
 -int initialslots;
- char *quote;
- 
-+#endif  /* CONFIG_STANDARD_AWHTTPD */
-+
-+
- int numusers;
- 
- 
- 
- void defaultconfvals() {
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   usevirtualhosts = 0;
-+  maxusers = 500;
-   allowdirectorylisting = 0;
-   allowcgi = 0;
-   permcheck = 0;
-@@ -45,6 +49,13 @@
-   usertimeout = 5;
-   initialslots = 10;
-   quote = "Fear and loathing on the WWW";
-+#else
-+  maxusers = 500;
-+  initialslots = CONFIG_HTTP_INITIAL_SLOTS;
-+  maxusers = CONFIG_HTTP_MAX_USERS;
-+  usevirtualhosts = 1;
-+#endif
-+
- 
-   // Not really conf stuff:
-   numusers = 0;
-@@ -54,6 +65,7 @@
- }
- 
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
- void procconf(char *filename) {
- 
-   FILE *fp;
-@@ -210,11 +222,11 @@
-         err++;
-       } else {
-         if (setgid(bl->pw_gid) != 0) {
+-char *quote;
+-
+-int numusers;
+-
+-
+-
+-void defaultconfvals() {
+-
+-  usevirtualhosts = 0;
+-  allowdirectorylisting = 0;
+-  allowcgi = 0;
+-  permcheck = 0;
+-  maxusers = 500;
+-  usertimeout = 5;
+-  initialslots = 10;
+-  quote = "Fear and loathing on the WWW";
+-
+-  // Not really conf stuff:
+-  numusers = 0;
+-
+-  return;
+-
+-}
+-
+-
+-void procconf(char *filename) {
+-
+-  FILE *fp;
+-  char buf[MAXREQUESTLENGTH];
+-  char *segs[10];
+-  int tp, err=0, warn=0;
+-
+-  usevirtualhosts = 1;
+-
+-  fp = fopen(filename, "r");
+-
+-  if (fp == NULL) {
+-    fprintf(stderr, "ERROR: Unable to open conf file '%s'\n", filename);
+-    exit(1);
+-  }
+-
+-
+-  while (fgets(buf, sizeof(buf), fp) != NULL) {
+-    stripcrlf(buf);
+-
+-    confsplit(buf, segs, 10);
+-
+-    if (segs[0] == NULL) continue;
+-
+-    if (segs[1] == NULL) {
+-      fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
+-      err++;
+-      continue;
+-    }
+-
+-
+-    if (strcasecmp(segs[0], "listen") == 0) {
+-      if (isdigit(*segs[1])) {
+-        if ((tp=openlistener(atoi(segs[1]))) == -1) {
+-          fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(segs[1]));
+-          err++;
+-          continue;
+-        }
+-
+-        addtoservers(tp);
+-        continue;
+-      }
+-    }
+-
+-    if (strcasecmp(segs[0], "listen6") == 0) {
+-      #ifdef HAVE_IPV6
+-        if (isdigit(*segs[1])) {
+-          if ((tp=openlistener6(atoi(segs[1]))) == -1) {
+-            fprintf(stderr, "ERR: Couldn't bind to port %d (IPv6)\n", atoi(segs[1]));
+-            err++;
+-            continue;
+-          }
+-
+-          addtoservers(tp);
+-          continue;
+-        }
+-      #else
+-        fprintf(stderr, "ERR: AW was compiled without IPv6 support!\n");
+-        err++;
+-        continue;
+-      #endif
+-    }
+-
+-    if (strcasecmp(segs[0], "maxusers") == 0) {
+-      maxusers = tp = atoi(segs[1]);
+-      if (tp < 1) {
+-        fprintf(stderr, "ERR: Bad value for maxusers\n");
+-        err++;
+-      }
+-      if (tp < 10 || tp > 10000) {
+-        fprintf(stderr, "WARN: Value for maxusers (%d) is not withing the recommended range\n", tp);
+-        warn++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "usertimeout") == 0) {
+-      usertimeout = tp = atoi(segs[1]);
+-      if (tp < 1) {
+-        fprintf(stderr, "ERR: Bad value for usertimeout\n");
+-        err++;
+-      }
+-      if (tp > 100) {
+-        fprintf(stderr, "WARN: Value for usertimeout (%d) is not withing the recommended range\n", tp);
+-        warn++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "initialslots") == 0) {
+-      initialslots = tp = atoi(segs[1]);
+-      if (tp < 1) {
+-        fprintf(stderr, "ERR: Bad value for initialslots\n");
+-        err++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "directorylisting") == 0) {
+-      if (strcasecmp(segs[1], "on") == 0) allowdirectorylisting = 1;
+-      else if (strcasecmp(segs[1], "off") == 0) allowdirectorylisting = 0;
+-      else {
+-        fprintf(stderr, "ERR: Need on or off for directorylisting\n");
+-        err++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "cgi") == 0) {
+-      if (strcasecmp(segs[1], "on") == 0) allowcgi = 1;
+-      else if (strcasecmp(segs[1], "off") == 0) allowcgi = 0;
+-      else {
+-        fprintf(stderr, "ERR: Need on or off for cgi\n");
+-        err++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "cgiext") == 0) {
+-      if (*(segs[1]) != '.' && *(segs[1]+1) != '\0') {
+-        fprintf(stderr, "ERR: CGI extensions must start with a period and be at least 2 chars long\n");
+-        err++;
+-        continue;
+-      }
+-      addcgiext(segs[1]);
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "addindex") == 0) {
+-      if (*(segs[1]) == '.') {
+-        fprintf(stderr, "ERR: Index files can't start with a dot\n");
+-        err++;
+-        continue;
+-      }
+-      addindex(segs[1]);
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "permcheck") == 0) {
+-      if (strcasecmp(segs[1], "on") == 0) permcheck = 1;
+-      else if (strcasecmp(segs[1], "off") == 0) permcheck = 0;
+-      else {
+-        fprintf(stderr, "ERR: Need on or off for permcheck\n");
+-        err++;
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "dropto") == 0) {
+-      struct passwd *bl;
+-
+-      if ((bl = getpwnam(segs[1])) == NULL) {
+-        fprintf(stderr, "ERR: Unable to look up user '%s' to drop privileges\n", segs[1]);
+-        err++;
+-      } else {
+-        if (setgid(bl->pw_gid) != 0) {
 -          fprintf(stderr, "WARN: Unable to drop GID to %d\n", bl->pw_gid);
-+          fprintf(stderr, "WARN: Unable to drop GID to %ld\n", bl->pw_gid);
-           warn++;
-         }
-         if (setuid(bl->pw_uid) != 0) {
+-          warn++;
+-        }
+-        if (setuid(bl->pw_uid) != 0) {
 -          fprintf(stderr, "WARN: Unable to drop UID to %d\n", bl->pw_uid);
-+          fprintf(stderr, "WARN: Unable to drop UID to %ld\n", bl->pw_uid);
-           warn++;
-         }
-       }
-@@ -263,3 +275,4 @@
-   return;
- 
- }
-+#endif  /* CONFIG_STANDARD_AWHTTPD */
+-          warn++;
+-        }
+-      }
+-      continue;
+-    }
+-
+-    if (strcasecmp(segs[0], "quote") == 0) {
+-      quote = strdup(segs[1]);
+-      continue;
+-    }
+-
+-
+-    if (segs[2] == NULL) {
+-      fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
+-      err++;
+-      continue;
+-    }
+-
+-
+-    // Otherwise:
+-
+-    fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
+-    err++;
+-    continue;
+-
+-  }
+-
+-
+-  if (initialslots > maxusers) {
+-    fprintf(stderr, "ERR: initialslots is greater than maxusers!\n");
+-    err++;
+-  }
+-
+-
+-  if (warn) {
+-    fprintf(stderr, "Alert! %d warnings!\n", warn);
+-  }
+-
+-  if (err) {
+-    fprintf(stderr, "Unable to start: %d errors!\n", err);
+-    exit(1);
+-  }
+-
+-  fclose(fp);
+-
+-  return;
+-
+-}
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-07-22 18:08:57.687500000 +1000
-@@ -9,15 +9,11 @@
++++ axTLS/httpd/awhttpd/conn.c	2006-07-30 22:35:55.109375000 +1000
+@@ -9,26 +9,16 @@
  
  #include <stdio.h>
  #include <string.h>
@@ -470,7 +670,18 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
    struct connstruct *tp;
  
    // Get ourselves a connstruct
-@@ -39,12 +35,21 @@
+   if (freeconns == NULL) {
+     tp = (struct connstruct *) malloc(sizeof(struct connstruct));
+-    if (tp == NULL) {
+-      send505(sd, "Out of memory");
+-      // removeconnection() should be used normally
+-      close(sd);
+-      return;
+-    }
+   } else {
+     tp = freeconns;
+     freeconns = tp->next;
+@@ -39,12 +29,21 @@
    usedconns = tp;
  
    tp->networkdesc = sd;
@@ -479,34 +690,45 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 +    ssl_server_new(servers->ssl_ctx, sd);
 +#endif
    tp->filedesc = -1;
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_DIRECTORIES)
++#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
    tp->dirp = NULL;
 +#endif
 +  tp->is_ssl = is_ssl;
  
    *(tp->actualfile) = '\0';
    *(tp->filereq) = '\0';
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_CGI)
++#if defined(CONFIG_HTTP_HAS_CGI)
    *(tp->cgiargs) = '\0';
 +#endif
    *(tp->virtualhostreq) = '\0';
  
    tp->state = STATE_WANT_TO_READ_HEAD;
-@@ -53,11 +58,12 @@
+@@ -52,21 +51,16 @@
+ 
    my_strncpy(tp->ip, ip, MAXIPLEN);
  
-   tp->offset = -1;
+-  tp->offset = -1;
+-
+-  numusers++;
+-
+-  updatetimeout(tp, time(NULL));
 +  tp->close_when_done = 0;
 +  tp->modified_since = 0;
  
-   numusers++;
- 
-   updatetimeout(tp, time(NULL));
--
++  tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
    return;
  
  }
-@@ -95,10 +101,22 @@
+ 
+ 
+ 
+-// Remove cn from the used list
+-// FIXME: This O(N) operation could be avoided if we used
+-//        doubly linked lists...
+ void removeconnection(struct connstruct *cn) {
+ 
+   struct connstruct *tp;
+@@ -95,12 +89,21 @@
    freeconns = cn;
  
    // Close it all down
@@ -520,20 +742,24 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 +      SOCKET_CLOSE(cn->networkdesc);
 +  }
    if (cn->filedesc != -1) close(cn->filedesc);
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_HAS_DIRECTORIES)
+-  if (cn->dirp != NULL) closedir(cn->dirp);
+-
+-  numusers--;
+-
+-  return;
+-
++#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
++  if (cn->dirp != NULL) 
 +#ifdef WIN32
-+  if (cn->dirp != NULL) FindClose(cn->dirp);
++    FindClose(cn->dirp);
 +#else
-   if (cn->dirp != NULL) closedir(cn->dirp);
--
++    closedir(cn->dirp);
 +#endif
 +#endif
-   numusers--;
- 
-   return;
+ }
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-07-22 16:54:31.562500000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-07-26 21:44:20.734375000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -551,26 +777,32 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
  
    return;
  
-@@ -34,7 +33,7 @@
+@@ -34,21 +33,7 @@
  
    snprintf(buf, sizeof(buf), "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n<BR><BR>Anti-Web HTTPD - Take back some simplicity.\n</BODY></HTML>\n");
  
 -  write(cn->networkdesc, buf, strlen(buf));
+-
+-  return;
+-
+-}
+-
+-
+-
+-void send505(int sd, char *reason) {
+-
+-  char buf[1024];
+-
+-  snprintf(buf, sizeof(buf), "HTTP/1.0 505 Server Error\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>505 Internal Server Error</TITLE><H1>Internal Server Error: %s</H1>\n<BR><BR>Anti-Web HTTPD - Take back some simplicity.\n</BODY></HTML>\n", reason);
+-
+-  write(sd, buf, strlen(buf));
 +  special_write(cn, buf, strlen(buf));
  
    return;
  
-@@ -42,6 +41,7 @@
- 
- 
- 
-+/* TODO: this really needs to use the connstruct object */
- void send505(int sd, char *reason) {
- 
-   char buf[1024];
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-07-22 16:54:31.562500000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-07-26 22:18:07.609375000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -579,7 +811,28 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
  #include <stdlib.h>
  
  #include "aw3.h"
-@@ -52,7 +51,13 @@
+@@ -22,20 +21,9 @@
+   struct indexstruct *ex;
+ 
+   ex = (struct indexstruct *) malloc(sizeof(struct indexstruct));
+-  if (ex == NULL) {
+-    fprintf(stderr, "Serious memory error...\n");
+-    exit(1);
+-  }
+-
+   ex->name = strdup(tp);
+-  if (ex->name == NULL) {
+-    fprintf(stderr, "Serious memory error...\n");
+-    exit(1);
+-  }
+-
+   ex->next = indexlist;
+   indexlist = ex;
+-
+   return;
+ 
+ }
+@@ -52,7 +40,13 @@
    tp = indexlist;
  
    while(tp != NULL) {
@@ -596,7 +849,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-07-22 16:54:31.562500000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-07-26 22:17:40.968750000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -605,15 +858,17 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
  #include <stdlib.h>
  
  #include "aw3.h"
-@@ -21,10 +20,40 @@
+@@ -21,10 +20,42 @@
  struct serverstruct *servers;
  struct connstruct *usedconns;
  struct connstruct *freeconns;
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
  struct cgiextstruct *cgiexts;
 +#endif
  struct indexstruct *indexlist;
  
++char *webroot = CONFIG_HTTP_WEBROOT;
+ 
 +/* clean up memory for valgrind */
 +static void sigint_cleanup(int sig)
 +{
@@ -640,17 +895,17 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +        free(freeconns);
 +        freeconns = tp;
 +    }
- 
++
 +    exit(0);
 +}
  
  void initlists() {
    int i;
-@@ -33,15 +62,19 @@
+@@ -33,108 +64,118 @@
    servers = NULL;
    usedconns = NULL;
    freeconns = NULL;
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
    cgiexts = NULL;
 +#endif
    indexlist = NULL;
@@ -658,39 +913,42 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    for(i=0; i<INITIAL_CONNECTION_SLOTS; i++) {
      tp = freeconns;
 -    freeconns = (struct connstruct *) malloc(sizeof(struct connstruct));
+-    if (freeconns == NULL) {
+-      fprintf(stderr, "Not enough memory to allocate %d connection slots!\n",
+-              INITIAL_CONNECTION_SLOTS);
+-      exit(1);
+-    }
 +    freeconns = (struct connstruct *) calloc(1, sizeof(struct connstruct));
-     if (freeconns == NULL) {
-+#ifdef CONFIG_HTTP_VERBOSE
-       fprintf(stderr, "Not enough memory to allocate %d connection slots!\n",
-               INITIAL_CONNECTION_SLOTS);
-+#endif
-       exit(1);
-     }
      freeconns->next = tp;
-@@ -49,6 +82,7 @@
- }
- 
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
- void usage(char *cmline) {
-   fprintf(stderr, "Anti-Web V%s  (C) 2001-2004 by Hardcore Software and others\n\n", VERSION);
- 
-@@ -65,76 +99,138 @@
- 
-   exit(1);
+   }
  }
-+#endif
  
  
+-void usage(char *cmline) {
+-  fprintf(stderr, "Anti-Web V%s  (C) 2001-2004 by Hardcore Software and others\n\n", VERSION);
+-
+-  fprintf(stderr, "  AW has 2 valid command lines (see README for details)\n\n");
+-
+-  fprintf(stderr, "  %s <dir> <port>\n", cmline);
+-  fprintf(stderr, "     <dir>                 The root of your HTML tree\n");
+-  fprintf(stderr, "     <port>                The port to use\n\n");
+-
+-  fprintf(stderr, "  %s <dir>\n", cmline);
+-  fprintf(stderr, "     <dir>/awhttpd.conf    Conf file\n");
+-  fprintf(stderr, "     <dir>/default/        Default HTML root\n");
+-  fprintf(stderr, "     <dir>/example.com/    Zero or more virtual host directories\n");
+-
+-  exit(1);
+-}
+-
+-
  int main(int argc, char *argv[]) {
  
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   char buf[MAXREQUESTLENGTH];
+-  char buf[MAXREQUESTLENGTH];
 -  int pid, tp;
 -
-+#endif
 +  int tp;
-+#if defined(CONFIG_HTTP_IS_DAEMON) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_IS_DAEMON)
 +  int pid;
 +#endif
 +
@@ -701,15 +959,11 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +#endif
 +  
    initlists();
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   if (argc != 2 && argc != 3) usage(argv[0]);
- 
-   webroot = strdup(argv[1]);
-+#else
-+  webroot = CONFIG_HTTP_WEBROOT;
-+#endif
- 
+-
+-  if (argc != 2 && argc != 3) usage(argv[0]);
+-
+-  webroot = strdup(argv[1]);
+-
    tp = strlen(webroot);
    if (webroot[tp-1] == '/') webroot[tp-1] = '\0';
  
@@ -720,29 +974,22 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
      exit(1);
    }
  
-   defaultconfvals();
- 
-+#ifdef CONFIG_STANDARD_AWHTTPD
-   if (argc == 2) {
-     snprintf(buf, sizeof(buf), "%s/awhttpd.conf", webroot);
-     procconf(buf);
-   } else {
-     if ((tp=openlistener(atoi(argv[2]))) == -1) {
-+#ifdef CONFIG_HTTP_VERBOSE
-       fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(argv[2]));
-+#endif
-       exit(1);
-     }
-+  }
-+#else   /* not command line */
+-  defaultconfvals();
+-
+-  if (argc == 2) {
+-    snprintf(buf, sizeof(buf), "%s/awhttpd.conf", webroot);
+-    procconf(buf);
+-  } else {
+-    if ((tp=openlistener(atoi(argv[2]))) == -1) {
+-      fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(argv[2]));
 +  if ((tp=openlistener(CONFIG_HTTP_PORT)) == -1) {
 +#ifdef CONFIG_HTTP_VERBOSE
 +    fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
 +              CONFIG_HTTP_PORT);
 +#endif
-+      exit(1);
+       exit(1);
+-    }
 +  }
-+#endif /* CONFIG_STANDARD_AWHTTPD */
  
      addindex("index.html");
      addtoservers(tp);
@@ -750,6 +997,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 -    setuid(32767);
 -  }
  
+-  if (permcheck == 1) procpermcheck(webroot);
 +#ifndef WIN32
 +    if (getuid() == 0)
 +    {
@@ -773,9 +1021,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +    servers->is_ssl = 1;
 +#endif /* CONFIG_HTTP_HAS_SSL */
 +
-+#if defined (CONFIG_STANDARD_AWHTTPD)
-   if (permcheck == 1) procpermcheck(webroot);
-+#elif defined(CONFIG_HTTP_PERM_CHECK) 
++#if defined(CONFIG_HTTP_PERM_CHECK) 
 +  procpermcheck(webroot);
 +#endif
 +#if defined(CONFIG_HTTP_HAS_CGI)
@@ -787,7 +1033,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +  TTY_FLUSH();
 +#endif
  
-+#if defined(CONFIG_HTTP_IS_DAEMON) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_IS_DAEMON)
    pid = fork();
  
    if(pid > 0) {
@@ -808,7 +1054,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 -  signal(SIGQUIT, die);
 +  signal(SIGINT, sigint_cleanup);
    signal(SIGTERM, die);
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
 +#ifndef WIN32
    signal(SIGCHLD, reaper);
 -
@@ -836,7 +1082,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-07-22 16:54:31.562500000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-07-26 23:12:35.656250000 +1000
 @@ -21,13 +21,14 @@
  
  
@@ -844,7 +1090,8 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +#include "os_port.h"
  
  
- char mime_default[] = "text/plain";
+-char mime_default[] = "text/plain";
++static const char mime_default[] = "text/plain";
  
  struct {
 -  char *ext;
@@ -870,7 +1117,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-07-22 16:54:31.578125000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-07-26 23:12:39.187500000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -903,7 +1150,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  
  
 -void reaper() {
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
 +#ifndef WIN32
 +void reaper(int sigtype) {
    wait3(NULL,WNOHANG,NULL);
@@ -917,7 +1164,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  #endif
  
  
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
  int iscgi(char *fn) {
  
    struct cgiextstruct *tp;
@@ -929,23 +1176,98 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  
  
  
-@@ -235,6 +237,7 @@
+@@ -129,63 +131,6 @@
  
- void buildactualfile(struct connstruct *cn) {
+ }
+ 
+-
+-
+-int confsplit(char *tp, char *sp[], int maxwords) {
+-
+-  int i;
+-
+-  // Skip comments
+-  i=0;
+-  while (tp[i] != '\0' && tp[i] != '#') i++;
+-  tp[i] = '\0';
+-
+-  i=0;
+-  while(1) {
+-    /* Skip leading whitespace */
+-    while(*tp == ' ') tp++;
+-
+-    if (*tp == '\0') {
+-      sp[i] = NULL;
+-      break;
+-    }
+-    if (i==maxwords-2) {
+-      sp[maxwords-2] = NULL;
+-      break;
+-    }
+-
+-    if (*tp == '"') {
+-      tp++;
+-
+-      if (*tp == '"') {
+-        tp++;
+-        continue;
+-      }
+-
+-      sp[i] = tp;
+-
+-      while(*tp != '"' && *tp != '\0') tp++;
+-      if (*tp == '"') *tp++ = '\0';
+-      i++;
+-
+-    } else {
+-      sp[i] = tp;
+-
+-      while(*tp != ' ' && *tp != '\0') tp++;
+-      if (*tp == ' ') *tp++ = '\0';
+-      i++;
+-    }
+-
+-  }
+-
+-  return i;
+-
+-}
+-
+-
+-
+-
+-
+ int sanitizefile(char *buf) {
  
-+#if 0
-   char tpbuf[MAXREQUESTLENGTH];
+   int len,i;
+@@ -231,34 +176,33 @@
  
-   if (usevirtualhosts) {
-@@ -253,6 +256,26 @@
+ }
+ 
+-
+-
+ void buildactualfile(struct connstruct *cn) {
+ 
+-  char tpbuf[MAXREQUESTLENGTH];
+-
+-  if (usevirtualhosts) {
+-    if (*(cn->virtualhostreq) == '\0')
+-      my_strncpy(cn->virtualhostreq, "default", MAXREQUESTLENGTH);
+-
+-    snprintf(tpbuf, sizeof(tpbuf), "%s/%s", webroot, cn->virtualhostreq);
+-    if (isdir(tpbuf) == 0) {
+-      my_strncpy(cn->virtualhostreq, "default", MAXREQUESTLENGTH);
+-    }
+-  } else {
+-    *(cn->virtualhostreq) = '\0';
+-  }
+-
+-  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s/%s%s",
++  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
             webroot,
-            cn->virtualhostreq,
+-           cn->virtualhostreq,
             cn->filereq);
-+#endif
-+  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
-+           webroot,
-+           cn->filereq);
-+
+ 
 +  /* Add directory slash if not there */
 +  if (isdir(cn->actualfile) && 
 +          cn->actualfile[strlen(cn->actualfile)-1] != '/')
@@ -961,10 +1283,22 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +      }
 +  }
 +#endif
- 
++
    return;
  
-@@ -279,7 +302,7 @@
+ }
+ 
+-
++#if defined(CONFIG_HTTP_DIRECTORIES)
+ int issockwriteable(int sd) {
+ 
+   fd_set wfds;
+@@ -275,11 +219,11 @@
+   return FD_ISSET(sd, &wfds);
+ 
+ }
+-
++#endif
  
  int isdir(char *tpbuf) {
  
@@ -973,50 +1307,51 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  
    if (stat(tpbuf, &st) == -1) return 0;
  
-@@ -292,6 +315,7 @@
- 
- // FIXME: Arg! This function is horrible! Rewrite it
- void status() {
-+#if defined(CONFIG_STANDARD_AWHTTPD)
- 
-   int i;
+@@ -288,26 +232,7 @@
  
-@@ -300,14 +324,16 @@
-   fprintf(stdout," [*************************************************]\n");
-   fprintf(stdout," [  DIRECTORY {%s}",webroot);
-   if(strlen(webroot)<35)
--    for(i=1;i<=35-strlen(webroot);i++) fprintf(stdout," ");
-+    for(i=1;i<=35-(int)strlen(webroot);i++) fprintf(stdout," ");
-   fprintf(stdout,"]\n");
-   fprintf(stdout," [*************************************************]\n");
- 
-+#endif
  }
  
- 
- 
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
+-
+-
+-// FIXME: Arg! This function is horrible! Rewrite it
+-void status() {
+-
+-  int i;
+-
+-  fprintf(stdout," [*************************************************]\n");
+-  fprintf(stdout," [       Anti-Web V%-6s by Hardcore Software     ]\n",VERSION);
+-  fprintf(stdout," [*************************************************]\n");
+-  fprintf(stdout," [  DIRECTORY {%s}",webroot);
+-  if(strlen(webroot)<35)
+-    for(i=1;i<=35-strlen(webroot);i++) fprintf(stdout," ");
+-  fprintf(stdout,"]\n");
+-  fprintf(stdout," [*************************************************]\n");
+-
+-}
+-
+-
+-
++#if defined(CONFIG_HTTP_HAS_CGI)
  /* This function was originally written by Nicolas Benoit
     but I've rewritten some parts of it to work under
     as many possible AW configurations as possible.
-@@ -329,7 +355,8 @@
+@@ -329,7 +254,7 @@
    while (fr_rs[i] != NULL) {
      snprintf(tpfile, sizeof(tpfile), "%s/%s%s", webroot, cn->virtualhostreq, fr_str);
  
 -    if (iscgi(tpfile) && access(tpfile, X_OK) == 0 && isdir(tpfile) == 0) {
-+    //if (iscgi(tpfile) && access(tpfile, X_OK) == 0 && isdir(tpfile) == 0) {
 +    if (iscgi(tpfile) && isdir(tpfile) == 0) {
        /* We've found our CGI file! */
        my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
        my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-@@ -349,3 +376,4 @@
+@@ -349,3 +274,4 @@
    *(cn->cgipathinfo) = '\0';
    return -1;
  }
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-07-22 16:54:31.578125000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-07-26 23:03:46.609375000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1027,54 +1362,39 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  #include <time.h>
  #include <string.h>
  #include <stdlib.h>
-@@ -23,9 +21,11 @@
+@@ -23,17 +21,10 @@
  void addtoservers(int sd) {
    struct serverstruct *tp;
  
 -  tp = (struct serverstruct *) malloc(sizeof(struct serverstruct));
+-  if (tp == NULL) {
+-    fprintf(stderr, "Serious memory error...\n");
+-    exit(1);
+-  }
+-
 +  tp = (struct serverstruct *) calloc(1, sizeof(struct serverstruct));
-   if (tp == NULL) {
-+#ifdef CONFIG_HTTP_VERBOSE
-     fprintf(stderr, "Serious memory error...\n");
-+#endif
-     exit(1);
-   }
- 
-@@ -44,7 +44,9 @@
-   struct connstruct *tp, *to;
-   struct serverstruct *sp;
-   int rnum, wnum, active;
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
-   int currtime;
-+#endif
- 
-   while(1) {   // MAIN SELECT LOOP
-     FD_ZERO(&rfds);
-@@ -61,15 +63,19 @@
+   tp->next = servers;
+   tp->sd = sd;
+-
+   servers = tp;
+-
+   return;
+ }
  
-     // Add the established sockets
-     tp = usedconns;
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
+@@ -64,7 +55,7 @@
      currtime = time(NULL);
-+#endif
      while(tp != NULL) {
  
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
-       if (istimedout(tp, currtime)) {
+-      if (istimedout(tp, currtime)) {
++      if (currtime > tp->timeout) {
          to = tp;
          tp = tp->next;
          removeconnection(to);
-         continue;
-       }
-+#endif
- 
-       if (tp->state == STATE_WANT_TO_READ_HEAD) {
-         FD_SET(tp->networkdesc, &rfds);
-@@ -87,10 +93,12 @@
+@@ -87,14 +78,15 @@
          FD_SET(tp->networkdesc, &wfds);
          if (tp->networkdesc > wnum) wnum = tp->networkdesc;
        }
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_DIRECTORIES)
        if (tp->state == STATE_DOING_DIR) {
          FD_SET(tp->networkdesc, &wfds);
          if (tp->networkdesc > wnum) wnum = tp->networkdesc;
@@ -1083,7 +1403,11 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
        tp = tp->next;
      }
  
-@@ -104,7 +112,7 @@
+-    //active = select(4, &rfds, &wfds, NULL, NULL);
+     active = select(wnum > rnum ? wnum+1 : rnum+1,
+                     rnum != -1 ? &rfds : NULL,
+                     wnum != -1 ? &wfds : NULL,
+@@ -104,7 +96,7 @@
      sp = servers;
      while(active > 0 && sp != NULL) {
        if (FD_ISSET(sp->sd, &rfds)) {
@@ -1092,24 +1416,43 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
          active--;
        }
        sp = sp->next;
-@@ -112,7 +120,9 @@
+@@ -112,41 +104,37 @@
  
      // Handle the established sockets
      tp = usedconns;
-+#if defined(CONFIG_STANDARD_AWHTTPD) || defined(CONFIG_HTTP_USE_TIMEOUT)
-     currtime = time(NULL);
-+#endif
+-    currtime = time(NULL);
      while(active > 0 && tp != NULL) {
        to = tp;
        tp = tp->next;
-@@ -141,12 +151,14 @@
+ 
+       if (to->state == STATE_WANT_TO_READ_HEAD)
+         if (FD_ISSET(to->networkdesc, &rfds)) {
+-          updatetimeout(to, currtime);
+           active--;
+           procreadhead(to);
+         } 
+       if (to->state == STATE_WANT_TO_SEND_HEAD)
+         if (FD_ISSET(to->networkdesc, &wfds)) {
+-          updatetimeout(to, currtime);
+           active--;
+           procsendhead(to);
+         } 
+       if (to->state == STATE_WANT_TO_READ_FILE)
+         if (FD_ISSET(to->filedesc, &rfds)) {
+-          updatetimeout(to, currtime);
+           active--;
+           procreadfile(to);
+         } 
+       if (to->state == STATE_WANT_TO_SEND_FILE)
+         if (FD_ISSET(to->networkdesc, &wfds)) {
+-          updatetimeout(to, currtime);
            active--;
            procsendfile(to);
          }
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_DIRECTORIES)
        if (to->state == STATE_DOING_DIR)
          if (FD_ISSET(to->networkdesc, &wfds)) {
-           updatetimeout(to, currtime);
+-          updatetimeout(to, currtime);
            active--;
            procdodir(to);
          }
@@ -1119,7 +1462,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-07-22 16:54:31.578125000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-07-26 18:46:48.233750000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1131,7 +1474,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
  
  #include "aw3.h"
  
-+#if defined(CONFIG_HTTP_PERM_CHECK) || defined (CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_PERM_CHECK)
  void procpermcheck(char *pathtocheck) {
 -
 +  char thepath[MAXREQUESTLENGTH];
@@ -1210,7 +1553,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-07-23 10:32:07.593750000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-07-30 22:35:33.453125000 +1000
 @@ -13,14 +13,12 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -1231,16 +1574,30 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
      my_strncpy(cn->filereq, segs[0], MAXREQUESTLENGTH);
  
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
      if (segs[1] != NULL) my_strncpy(cn->cgiargs, segs[1], MAXREQUESTLENGTH);
 +#endif
  
    } else if (strcmp(words[0], "Host:")==0) {
  
-@@ -80,24 +80,32 @@
-     if (isdigit(*words[1]) == 0) return 1;
+@@ -66,38 +66,32 @@
+     }
  
-     cn->offset = atoi(words[1]);
+     my_strncpy(cn->virtualhostreq, words[1], MAXREQUESTLENGTH);
+-  } else if (strcmp(words[0], "Range:")==0) {
+-
+-    cn->offset = -1;
+-
+-    if (strchr(words[1], '-') == NULL) return 1;
+-
+-    if (strchr(words[1], '=') != NULL) {
+-      while(*words[1] != '=') words[1]++;
+-      words[1]++;
+-    }
+-
+-    if (isdigit(*words[1]) == 0) return 1;
+-
+-    cn->offset = atoi(words[1]);
 -
 +  } else if (strcmp(words[0], "Connection:")==0 &&
 +                strcmp(words[1], "close")==0) {
@@ -1257,7 +1614,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
 +}
  
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_DIRECTORIES)
  void procdirlisting(struct connstruct *cn) {
  
    char buf[MAXREQUESTLENGTH];
@@ -1273,7 +1630,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    if (cn->reqtype == TYPE_HEAD) {
      snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
-@@ -107,7 +115,17 @@
+@@ -107,7 +101,17 @@
      return;
    }
  
@@ -1292,7 +1649,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if (cn->dirp == NULL) {
      send404(cn);
      removeconnection(cn);
-@@ -116,12 +134,13 @@
+@@ -116,12 +120,13 @@
  
    // Get rid of the "."
    readdir(cn->dirp);
@@ -1308,7 +1665,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    cn->state = STATE_DOING_DIR;
  
-@@ -134,36 +153,48 @@
+@@ -134,36 +139,48 @@
  
  void procdodir(struct connstruct *cn) {
  
@@ -1366,7 +1723,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
  
  
-@@ -172,9 +203,10 @@
+@@ -172,9 +189,10 @@
    char buf[MAXREQUESTLENGTH*4], *tp, *next;
    int rv;
  
@@ -1380,15 +1737,13 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -217,36 +249,100 @@
+@@ -217,36 +235,85 @@
  void procsendhead(struct connstruct *cn) {
  
    char buf[1024];
 +  char actualfile[1024];
    struct stat stbuf;
--
--  if (stat(cn->actualfile, &stbuf) == -1) {
-+  time_t now = time(NULL);
++  time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
 +  char date[32];
 +  strcpy(date, ctime(&now));
 +
@@ -1399,19 +1754,16 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +  if (actualfile[strlen(actualfile)-1] == '\\')
 +    actualfile[strlen(actualfile)-1] = 0;
 +#endif
-+
+ 
+-  if (stat(cn->actualfile, &stbuf) == -1) {
+-    if (allowcgi != 0) {
 +  if (stat(actualfile, &stbuf) == -1) {
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
-+#ifndef CONFIG_HTTP_HAS_CGI
-     if (allowcgi != 0) {
-+#endif
++#if defined(CONFIG_HTTP_HAS_CGI)
        if (trycgi_withpathinfo(cn) == 0) { // We Try To Find A CGI
          proccgi(cn,1);
          return;
        }
-+#ifndef CONFIG_HTTP_HAS_CGI
-     }
-+#endif
+-    }
 +#endif
  
      send404(cn);
@@ -1419,18 +1771,14 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
    if (iscgi(cn->actualfile)) {
 +#ifndef WIN32
      // Set up CGI script
 -    if (allowcgi == 0 ||
 -        access(cn->actualfile, X_OK) != 0 ||
 -        isdir(cn->actualfile)) {
-+    if (
-+#ifndef CONFIG_HTTP_HAS_CGI
-+        allowcgi == 0 ||
-+#endif
-+                (stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
++    if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
 +          send404(cn);
 +          removeconnection(cn);
 +          return;
@@ -1451,7 +1799,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +
 +    // Check to see if this dir has an index file
 +    if (procindex(cn, &stbuf) == 0) {
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_DIRECTORIES)
 +      // If not, we do a directory listing of it
 +      procdirlisting(cn);
 +#else
@@ -1464,16 +1812,11 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 -    proccgi(cn,0);
 -    return;
 -  }
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
 +    // If the index is a CGI file, handle it like any other CGI
 +    if (iscgi(cn->actualfile)) {
 +      // Set up CGI script
-+#ifndef CONFIG_HTTP_HAS_CGI
-+      if (allowcgi == 0 ||
-+          (stbuf.st_mode & S_IEXEC) == 0 != 0 || isdir(cn->actualfile)) {
-+#else
 +      if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
-+#endif
 +        send404(cn);
 +        removeconnection(cn);
 +        return;
@@ -1489,34 +1832,29 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
      if (cn->filereq[strlen(cn->filereq)-1] != '/') {
        send301(cn);
-@@ -256,16 +352,24 @@
+@@ -256,17 +323,18 @@
  
      // Check to see if this dir has an index file
      if (procindex(cn, &stbuf) == 0) {
-+#if defined(CONFIG_HTTP_DIRECTORIES) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_DIRECTORIES)
        // If not, we do a directory listing of it
        procdirlisting(cn);
 +#endif
        return;
      }
  
-+#if defined(CONFIG_HTTP_HAS_CGI) || defined(CONFIG_STANDARD_AWHTTPD)
++#if defined(CONFIG_HTTP_HAS_CGI)
      // If the index is a CGI file, handle it like any other CGI
      if (iscgi(cn->actualfile)) {
        // Set up CGI script
 -      if (allowcgi == 0 ||
 -          access(cn->actualfile, X_OK) != 0 ||
-+      if (
-+#ifdef CONFIG_HTTP_HAS_CGI
-+          (stbuf.st_mode & S_IEXEC) == 0 ||
-+#else
-+          allowcgi == 0 ||
-+          (stbuf.st_mode & S_IEXEC) == 0 ||
-+#endif
-           isdir(cn->actualfile)) {
+-          isdir(cn->actualfile)) {
++      if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
          send404(cn);
          removeconnection(cn);
-@@ -275,39 +379,57 @@
+         return;
+@@ -275,50 +343,68 @@
        proccgi(cn,0);
        return;
      }
@@ -1526,6 +1864,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    }
  
 -  if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
+-    cn->offset = -1;
 +  if (cn->modified_since) {
 +    snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: Anti-Web V%s\nDate: %s\n", VERSION, date);
 +    special_write(cn, buf, strlen(buf));
@@ -1533,14 +1872,12 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +    cn->state = STATE_WANT_TO_READ_HEAD;
 +    return;
 +  }
-+  else if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
++  else {
 +#ifdef CONFIG_HTTP_VERBOSE
 +    printf("awhttpd: %s send %s\n", 
 +            cn->is_ssl ? "https" : "http", cn->actualfile);
 +    TTY_FLUSH();
 +#endif
-+
-     cn->offset = -1;
  
 -    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
 +    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
@@ -1548,18 +1885,16 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 -               quote,
                 getmimetype(cn->actualfile),
                 (long) stbuf.st_size,
-+               date,
-                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-   } else {
+-               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+-  } else {
 -    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
-                VERSION,
+-               VERSION,
 -               quote,
-                getmimetype(cn->actualfile),
-                cn->offset,
-                (long) stbuf.st_size-1,
-                (long) stbuf.st_size,
-                (long) stbuf.st_size - cn->offset,
+-               getmimetype(cn->actualfile),
+-               cn->offset,
+-               (long) stbuf.st_size-1,
+-               (long) stbuf.st_size,
+-               (long) stbuf.st_size - cn->offset,
 +               date,
                 ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
    }
@@ -1581,10 +1916,11 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      if (cn->filedesc == -1) {
        send404(cn);
        removeconnection(cn);
-@@ -318,7 +440,23 @@
-       lseek(cn->filedesc, cn->offset, SEEK_SET);
+       return;
      }
  
+-    if (cn->offset != -1) {
+-      lseek(cn->filedesc, cn->offset, SEEK_SET);
 +#ifdef WIN32
 +    for (;;)
 +    {
@@ -1598,14 +1934,15 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +        {
 +            procsendfile(cn);
 +        } while (cn->state != STATE_WANT_TO_READ_FILE);
-+    }
+     }
+-
 +#else
      cn->state = STATE_WANT_TO_READ_FILE;
 +#endif
      return;
    }
  
-@@ -328,13 +466,19 @@
+@@ -328,13 +414,18 @@
  
  void procreadfile(struct connstruct *cn) {
  
@@ -1624,27 +1961,26 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +      else {                        /* keep socket open - HTTP 1.1 */
 +          cn->state = STATE_WANT_TO_READ_HEAD;
 +          cn->numbytes = 0;
-+          cn->offset = -1;
 +      }
 +      return;
    }
  
    cn->numbytes = rv;
-@@ -347,11 +491,9 @@
+@@ -347,11 +438,9 @@
  
  void procsendfile(struct connstruct *cn) {
  
 -  int rv;
--
--  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
 +  int rv = special_write(cn, cn->databuf, cn->numbytes);
  
+-  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
+-
 -  if (rv == -1)
 +  if (rv < 0)
      removeconnection(cn);
    else if (rv == cn->numbytes)
      cn->state = STATE_WANT_TO_READ_FILE;
-@@ -361,7 +503,47 @@
+@@ -361,7 +450,47 @@
      memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
      cn->numbytes -= rv;
    }
@@ -1695,8 +2031,8 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-07-22 16:54:31.578125000 +1000
-@@ -8,19 +8,11 @@
++++ axTLS/httpd/awhttpd/socket.c	2006-07-26 21:52:07.750000000 +1000
+@@ -8,61 +8,17 @@
  
  
  #include <stdio.h>
@@ -1707,7 +2043,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 -#include <sys/socket.h>
 -#include <sys/wait.h>
 -#include <arpa/inet.h>
- #include <time.h>
+-#include <time.h>
 -#include <unistd.h>
  #include <string.h>
  
@@ -1716,8 +2052,42 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
  #include "aw3.h"
  
  
-@@ -62,7 +54,7 @@
  
+-int checkmaxusers(int sd) {
+-
+-  if (maxusers <= 0) return 1;
+-
+-  if (numusers >= maxusers) {
+-    send505(sd, "Maximum user limit reached");
+-    // removeconnection() should be used normally
+-    close(sd);
+-
+-    return 0;
+-  }
+-
+-  return 1;
+-}
+-
+-
+-int pollsocket(int sd, long ustimeout) {
+-
+-  fd_set rfds;
+-  struct timeval tv;
+-
+-  tv.tv_sec = 0;
+-  tv.tv_usec = ustimeout;
+-
+-  FD_ZERO(&rfds);
+-  FD_SET(sd, &rfds);
+-
+-  select(FD_SETSIZE, &rfds, NULL, NULL, (ustimeout >= 0) ? &tv : NULL);
+-
+-  return FD_ISSET(sd, &rfds);
+-
+-}
+-
+-
+-
  #ifdef HAVE_IPV6
  
 -void handlenewconnection(int listenfd) {
@@ -1725,16 +2095,16 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
  
    struct sockaddr_in6 their_addr;
    int tp = sizeof(their_addr);
-@@ -82,7 +74,7 @@
+@@ -82,7 +38,7 @@
      *ipbuf = '\0';
    }
  
 -  if (checkmaxusers(connfd)) addconnection(connfd, ipbuf);
-+  if (checkmaxusers(connfd)) addconnection(connfd, ipbuf, is_ssl);
++  addconnection(connfd, ipbuf, is_ssl);
  
    return;
  
-@@ -90,19 +82,18 @@
+@@ -90,19 +46,17 @@
  
  #else
  
@@ -1750,13 +2120,13 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
  
    if (connfd == -1) return;
  
-   if (checkmaxusers(connfd))
+-  if (checkmaxusers(connfd))
 -    addconnection(connfd, inet_ntoa(their_addr.sin_addr));
 +    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
  
    return;
  }
-@@ -113,8 +104,12 @@
+@@ -113,8 +67,12 @@
  
  
  int openlistener(int port) {
@@ -1771,7 +2141,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    struct sockaddr_in my_addr;
  
    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return -1;
-@@ -125,7 +120,7 @@
+@@ -125,7 +83,7 @@
    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
   
    my_addr.sin_family = AF_INET;         // host byte order
@@ -1782,7 +2152,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-07-22 16:54:31.593750000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-07-26 18:46:48.233750000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From cd9b3c8865197d247ca15602e893350b5920f4c3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 10 Aug 2006 21:02:56 +0000
Subject: [PATCH 023/301] improved performance

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@30 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in     |  11 ++
 httpd/awhttpd.patch | 387 +++++++++++++++++++++++++++++++++-----------
 2 files changed, 303 insertions(+), 95 deletions(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index 09f0981a67..73e304cabf 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -28,6 +28,17 @@ config CONFIG_HTTP_HTTPS_PORT
 
         You must be a root user in order to use the default port.
 
+config CONFIG_HTTP_SESSION_CACHE_SIZE
+    int "SSL session cache size"
+    default 5
+    depends on CONFIG_HTTP_HAS_SSL
+    help
+        The size of the SSL session cache.
+        
+        This is not actually related to the number of concurrent users, but 
+        for optimum performance they should be the same (with a penalty 
+        in memory usage).
+
 config CONFIG_HTTP_WEBROOT
     string "Web root location"
     default "../www" if !CONFIG_PLATFORM_WIN32
diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index 5ab15a0bf2..ad1ed313c5 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-07-26 23:09:27.343750000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-08-10 18:33:47.609375000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -117,7 +117,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void removeconnection(struct connstruct *cn);
  
  
-@@ -129,30 +127,29 @@
+@@ -129,49 +127,47 @@
  void procsendhead(struct connstruct *cn);
  void procreadfile(struct connstruct *cn);
  void procsendfile(struct connstruct *cn);
@@ -154,11 +154,12 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void stripcrlf(char *p);
  char *my_strncpy(char *dest, const char *src, size_t n);
  #ifndef __HAVE_ARCH_STRNLEN
-@@ -160,18 +157,16 @@
+ size_t strnlen ( const char * str, size_t maxlen );
  #endif
  int iscgi(char *fn);
- int split(char *tp, char *sp[], int maxwords, char sc);
+-int split(char *tp, char *sp[], int maxwords, char sc);
 -int confsplit(char *tp, char *sp[], int maxwords);
++void split(char *tp, char *sp[], int maxwords, char sc);
  int sanitizefile(char *buf);
  int sanitizehost(char *buf);
  void buildactualfile(struct connstruct *cn);
@@ -170,11 +171,12 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  
  // mime_types.c prototypes
 -char *getmimetype(char *fn);
-+const char *getmimetype(char *fn);
++void mime_init(void);
++const char *getmimetype(const char *fn);
  
  
  // urldecode.c prototypes
-@@ -188,7 +183,6 @@
+@@ -188,7 +184,6 @@
  
  
  // conf.c prototypes
@@ -182,7 +184,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
  void procconf(char *filename);
  
  
-@@ -202,4 +196,4 @@
+@@ -202,4 +197,4 @@
  
  
  // main.c prototypes
@@ -190,7 +192,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-07-26 23:05:56.890625000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-08-10 18:33:47.625000000 +1000
 @@ -7,93 +7,46 @@
  */
  
@@ -652,7 +654,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 -}
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-07-30 22:35:55.109375000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-08-10 18:33:47.625000000 +1000
 @@ -9,26 +9,16 @@
  
  #include <stdio.h>
@@ -759,7 +761,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
  }
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-07-26 21:44:20.734375000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-08-10 18:33:47.625000000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -802,7 +804,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
  
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-07-26 22:18:07.609375000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-08-10 18:33:47.625000000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -849,7 +851,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-07-26 22:17:40.968750000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-08-11 06:46:48.437500000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -901,7 +903,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
  
  void initlists() {
    int i;
-@@ -33,108 +64,118 @@
+@@ -33,108 +64,119 @@
    servers = NULL;
    usedconns = NULL;
    freeconns = NULL;
@@ -958,6 +960,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +  WSAStartup(wVersionRequested,&wsaData);
 +#endif
 +  
++  mime_init();
    initlists();
 -
 -  if (argc != 2 && argc != 3) usage(argv[0]);
@@ -1017,7 +1020,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 +
 +    addtoservers(tp);
 +    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
-+            SSL_DEFAULT_SVR_SESS);
++            CONFIG_HTTP_SESSION_CACHE_SIZE);
 +    servers->is_ssl = 1;
 +#endif /* CONFIG_HTTP_HAS_SSL */
 +
@@ -1082,42 +1085,92 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-07-26 23:12:35.656250000 +1000
-@@ -21,13 +21,14 @@
++++ axTLS/httpd/awhttpd/mime_types.c	2006-08-10 18:33:47.625000000 +1000
+@@ -7,28 +7,21 @@
+ */
  
  
+-/*Code from mini_httpd - small HTTP server
+-**
+-** Copyright C 1999,2000 by Jef Poskanzer <jef@acme.com>.
+-*/
+-
+-/* mini_httpd code adapted for Anti-Web by zas@norz.org */
+-/* A couple TINY changes by Fractal */
+-
+-// Reformatted for aw3 -fractal
+-
+-// FIXME: Ideally this code would use a binary search or a hash table...
+-
+-
  #include <string.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <ctype.h>
 +#include "os_port.h"
  
  
 -char mime_default[] = "text/plain";
 +static const char mime_default[] = "text/plain";
  
- struct {
+-struct {
 -  char *ext;
 -  char *type;
-+  const char *ext;
-+  const char *type;
- } mime_table[] = {
+-} mime_table[] = {
++typedef struct {
++  const char * const ext;
++  const char * const type;
++} mime_table_t;
++
++static mime_table_t mime_table[] = {
  
  // Fundamentals
-@@ -161,7 +162,7 @@
+ { ".html", "text/html" },
+@@ -160,21 +153,29 @@
+ 
  };
  
++static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
++{
++    return strcasecmp(t1->ext, t2->ext);
++}
  
 -char *getmimetype(char *name) {
-+const char *getmimetype(char *name) {
-   int namelen, extlen, i;
+-  int namelen, extlen, i;
+-
+-  namelen = strlen(name);
+-
+-  for (i=0; i<sizeof(mime_table)/sizeof(*mime_table); i++) {
+-    extlen = strlen(mime_table[i].ext);
++void mime_init(void)
++{
++    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
++            sizeof(mime_table_t), 
++            (int (*)(const void *, const void *))mime_cmp);
++}
+ 
+-    if (extlen >= namelen) continue;
++const char *getmimetype(const char *name) {
++    mime_table_t *mime_type;
  
-   namelen = strlen(name);
-@@ -178,3 +179,4 @@
-   return mime_default;
+-    if (strcasecmp(name+(namelen-extlen), mime_table[i].ext) == 0)
+-      return mime_table[i].type;
+-  }
++    if ((name = strrchr(name, '.')) == NULL)
++        return mime_default;
+ 
+-  return mime_default;
++    mime_type = bsearch(&name, mime_table, 
++            sizeof(mime_table)/sizeof(mime_table_t),
++            sizeof(mime_table_t), 
++                (int (*)(const void *, const void *))mime_cmp);
  
++  return mime_type == NULL ? mime_default : mime_type->type;
  }
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-07-26 23:12:39.187500000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-08-10 18:33:47.625000000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1160,26 +1213,63 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  
  
  void stripcrlf(char *p) {
-@@ -77,6 +77,7 @@
- #endif
- 
- 
-+#if defined(CONFIG_HTTP_HAS_CGI)
- int iscgi(char *fn) {
- 
-   struct cgiextstruct *tp;
-@@ -97,6 +98,7 @@
-   return 0;
- 
- }
-+#endif
- 
- 
- 
-@@ -129,63 +131,6 @@
- 
+@@ -76,116 +76,6 @@
  }
+ #endif
  
+-
+-int iscgi(char *fn) {
+-
+-  struct cgiextstruct *tp;
+-  int fnlen, extlen;
+-
+-  fnlen = strlen(fn);
+-  tp = cgiexts;
+-
+-  while (tp != NULL) {
+-    extlen = strlen(tp->ext);
+-
+-    if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
+-      return 1;
+-
+-    tp = tp->next;
+-  }
+-
+-  return 0;
+-
+-}
+-
+-
+-
+-int split(char *tp, char *sp[], int maxwords, char sc) {
+-
+-  int i=0;
+-
+-  while(1) {
+-    /* Skip leading whitespace */
+-    while(*tp == sc) tp++;
+-
+-    if (*tp == '\0') {
+-      sp[i] = NULL;
+-      break;
+-    }
+-    if (i==maxwords-2) {
+-      sp[maxwords-2] = NULL;
+-      break;
+-    }
+-
+-    sp[i] = tp;
+-
+-    while(*tp != sc && *tp != '\0') tp++;
+-    if (*tp == sc) *tp++ = '\0';
+-    i++;
+-
+-  }
+-
+-  return i;
+-
+-}
+-
 -
 -
 -int confsplit(char *tp, char *sp[], int maxwords) {
@@ -1240,7 +1330,17 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  int sanitizefile(char *buf) {
  
    int len,i;
-@@ -231,34 +176,33 @@
+@@ -198,9 +88,6 @@
+     // Check for "/." : In other words, don't send files starting with a .
+     // Notice, GOBBLES, that this includes ".."
+     if (buf[i] == '/' && buf[i+1] == '.') return 0;
+-
+-    // Give people a "hidden prefix" for hiding private files in the HTML tree
+-    if (strncmp(buf+i, "/aw_", 4) == 0) return 0;
+   }
+ 
+   return 1;
+@@ -231,34 +118,33 @@
  
  }
  
@@ -1293,7 +1393,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  int issockwriteable(int sd) {
  
    fd_set wfds;
-@@ -275,11 +219,11 @@
+@@ -275,11 +161,11 @@
    return FD_ISSET(sd, &wfds);
  
  }
@@ -1307,17 +1407,25 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
  
    if (stat(tpbuf, &st) == -1) return 0;
  
-@@ -288,26 +232,7 @@
+@@ -288,25 +174,52 @@
  
  }
  
--
--
++#if defined(CONFIG_HTTP_HAS_CGI)
++int iscgi(char *fn) {
+ 
++  struct cgiextstruct *tp;
++  int fnlen, extlen;
+ 
 -// FIXME: Arg! This function is horrible! Rewrite it
 -void status() {
--
++  fnlen = strlen(fn);
++  tp = cgiexts;
+ 
 -  int i;
--
++  while (tp != NULL) {
++    extlen = strlen(tp->ext);
+ 
 -  fprintf(stdout," [*************************************************]\n");
 -  fprintf(stdout," [       Anti-Web V%-6s by Hardcore Software     ]\n",VERSION);
 -  fprintf(stdout," [*************************************************]\n");
@@ -1326,16 +1434,44 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 -    for(i=1;i<=35-strlen(webroot);i++) fprintf(stdout," ");
 -  fprintf(stdout,"]\n");
 -  fprintf(stdout," [*************************************************]\n");
--
--}
--
--
--
-+#if defined(CONFIG_HTTP_HAS_CGI)
++    if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
++      return 1;
++
++    tp = tp->next;
++  }
++
++  return 0;
+ 
+ }
+ 
++void split(char *tp, char *sp[], int maxwords, char sc) {
++
++  int i=0;
++  while(1) {
++    /* Skip leading whitespace */
++    while(*tp == sc) tp++;
++
++    if (*tp == '\0') {
++      sp[i] = NULL;
++      break;
++    }
+ 
++    if (i==maxwords-2) {
++      sp[maxwords-2] = NULL;
++      break;
++    }
++
++    sp[i] = tp;
++
++    while(*tp != sc && *tp != '\0') tp++;
++    if (*tp == sc) *tp++ = '\0';
++    i++;
++  }
++}
+ 
  /* This function was originally written by Nicolas Benoit
     but I've rewritten some parts of it to work under
-    as many possible AW configurations as possible.
-@@ -329,7 +254,7 @@
+@@ -329,7 +242,7 @@
    while (fr_rs[i] != NULL) {
      snprintf(tpfile, sizeof(tpfile), "%s/%s%s", webroot, cn->virtualhostreq, fr_str);
  
@@ -1344,14 +1480,14 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
        /* We've found our CGI file! */
        my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
        my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-@@ -349,3 +274,4 @@
+@@ -349,3 +262,4 @@
    *(cn->cgipathinfo) = '\0';
    return -1;
  }
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-07-26 23:03:46.609375000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-08-10 18:33:47.640625000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1462,7 +1598,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-07-26 18:46:48.233750000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-08-10 18:33:47.640625000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1553,8 +1689,8 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-07-30 22:35:33.453125000 +1000
-@@ -13,14 +13,12 @@
++++ axTLS/httpd/awhttpd/proc.c	2006-08-10 18:33:47.640625000 +1000
+@@ -13,91 +13,92 @@
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
@@ -1570,20 +1706,80 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
  // Returns 1 if elems should continue being read, 0 otherwise
  int procheadelem(struct connstruct *cn, char *buf) {
-@@ -53,7 +51,9 @@
  
-     my_strncpy(cn->filereq, segs[0], MAXREQUESTLENGTH);
+-  char *words[10];
+-
+-  split(buf, words, 10, ' ');
++  char *delim, *value;
++#if defined(CONFIG_HTTP_HAS_CGI)
++  char *cgi_delim;
++#endif
  
+-  if (words[0] == NULL) return 0;
+-
+-  if (strcmp(words[0], "GET")==0 ||
+-      strcmp(words[0], "HEAD")==0 ||
+-      strcmp(words[0], "POST")==0) {
+-    char *segs[4];
+-
+-    if (*words[0] == 'H') cn->reqtype = TYPE_HEAD;
+-    else if (*words[0] == 'P') cn->reqtype = TYPE_POST;
++  if ((delim = strchr(buf, ' ')) == NULL)
++      return 0;
+ 
+-    split(words[1], segs, 4, '?');
++  *delim = 0;
++  value = delim+1;
+ 
+-    if (segs[0] == NULL) return 0;
++  if (strcmp(buf, "GET")==0 ||
++      strcmp(buf, "HEAD")==0 ||
++      strcmp(buf, "POST")==0) 
++  {
++    if (buf[0] == 'H') 
++        cn->reqtype = TYPE_HEAD;
++    else if (buf[0] == 'P') 
++        cn->reqtype = TYPE_POST;
++
++    if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
++        return 0;
++    *delim = 0;
+ 
+-    urldecode(segs[0]);
++    urldecode(value);
+ 
+-    if (sanitizefile(segs[0]) == 0) {
++    if (sanitizefile(value) == 0) {
+       send404(cn);
+       removeconnection(cn);
+       return 0;
+     }
+ 
+-    my_strncpy(cn->filereq, segs[0], MAXREQUESTLENGTH);
+-
+-    if (segs[1] != NULL) my_strncpy(cn->cgiargs, segs[1], MAXREQUESTLENGTH);
+-
+-  } else if (strcmp(words[0], "Host:")==0) {
++    my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
 +#if defined(CONFIG_HTTP_HAS_CGI)
-     if (segs[1] != NULL) my_strncpy(cn->cgiargs, segs[1], MAXREQUESTLENGTH);
++    if ((cgi_delim = strchr(value, '?')))
++    {
++        *cgi_delim = NULL;
++        my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
++    }
 +#endif
  
-   } else if (strcmp(words[0], "Host:")==0) {
+-    if (words[1] == NULL) return 0;
++  } else if (strcmp(buf, "Host:")==0) {
  
-@@ -66,38 +66,32 @@
+-    if (sanitizehost(words[1]) == 0) {
++    if (sanitizehost(value) == 0) {
+       send404(cn);
+       removeconnection(cn);
+       return 0;
      }
  
-     my_strncpy(cn->virtualhostreq, words[1], MAXREQUESTLENGTH);
+-    my_strncpy(cn->virtualhostreq, words[1], MAXREQUESTLENGTH);
 -  } else if (strcmp(words[0], "Range:")==0) {
 -
 -    cn->offset = -1;
@@ -1599,10 +1795,11 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 -
 -    cn->offset = atoi(words[1]);
 -
-+  } else if (strcmp(words[0], "Connection:")==0 &&
-+                strcmp(words[1], "close")==0) {
++    my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
++  } else if (strcmp(buf, "Connection:")==0 &&
++                strcmp(value, "close")==0) {
 +      cn->close_when_done = 1;
-+  } else if (strcmp(words[0], "If-Modified-Since:")==0) {
++  } else if (strcmp(buf, "If-Modified-Since:") ==0 ) {
 +      /* TODO: parse this date properly with getdate() or similar */
 +      cn->modified_since = 1;
    }
@@ -1630,7 +1827,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    if (cn->reqtype == TYPE_HEAD) {
      snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
-@@ -107,7 +101,17 @@
+@@ -107,7 +108,17 @@
      return;
    }
  
@@ -1649,7 +1846,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if (cn->dirp == NULL) {
      send404(cn);
      removeconnection(cn);
-@@ -116,12 +120,13 @@
+@@ -116,12 +127,13 @@
  
    // Get rid of the "."
    readdir(cn->dirp);
@@ -1665,7 +1862,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    cn->state = STATE_DOING_DIR;
  
-@@ -134,36 +139,48 @@
+@@ -134,36 +146,48 @@
  
  void procdodir(struct connstruct *cn) {
  
@@ -1723,7 +1920,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
  
  
-@@ -172,9 +189,10 @@
+@@ -172,9 +196,10 @@
    char buf[MAXREQUESTLENGTH*4], *tp, *next;
    int rv;
  
@@ -1737,7 +1934,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -217,36 +235,85 @@
+@@ -217,36 +242,85 @@
  void procsendhead(struct connstruct *cn) {
  
    char buf[1024];
@@ -1832,7 +2029,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
      if (cn->filereq[strlen(cn->filereq)-1] != '/') {
        send301(cn);
-@@ -256,17 +323,18 @@
+@@ -256,17 +330,18 @@
  
      // Check to see if this dir has an index file
      if (procindex(cn, &stbuf) == 0) {
@@ -1854,7 +2051,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
          send404(cn);
          removeconnection(cn);
          return;
-@@ -275,50 +343,68 @@
+@@ -275,50 +350,68 @@
        proccgi(cn,0);
        return;
      }
@@ -1880,20 +2077,20 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +#endif
  
 -    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
-                VERSION,
+-               VERSION,
 -               quote,
-                getmimetype(cn->actualfile),
-                (long) stbuf.st_size,
+-               getmimetype(cn->actualfile),
+-               (long) stbuf.st_size,
 -               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
 -  } else {
 -    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
--               VERSION,
++    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
+                VERSION,
 -               quote,
--               getmimetype(cn->actualfile),
+                getmimetype(cn->actualfile),
 -               cn->offset,
 -               (long) stbuf.st_size-1,
--               (long) stbuf.st_size,
+                (long) stbuf.st_size,
 -               (long) stbuf.st_size - cn->offset,
 +               date,
                 ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
@@ -1942,7 +2139,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -328,13 +414,18 @@
+@@ -328,13 +421,18 @@
  
  void procreadfile(struct connstruct *cn) {
  
@@ -1966,21 +2163,21 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    }
  
    cn->numbytes = rv;
-@@ -347,11 +438,9 @@
+@@ -347,11 +445,9 @@
  
  void procsendfile(struct connstruct *cn) {
  
 -  int rv;
+-
+-  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
 +  int rv = special_write(cn, cn->databuf, cn->numbytes);
  
--  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
--
 -  if (rv == -1)
 +  if (rv < 0)
      removeconnection(cn);
    else if (rv == cn->numbytes)
      cn->state = STATE_WANT_TO_READ_FILE;
-@@ -361,7 +450,47 @@
+@@ -361,7 +457,47 @@
      memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
      cn->numbytes -= rv;
    }
@@ -2031,7 +2228,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-07-26 21:52:07.750000000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-08-10 18:33:47.640625000 +1000
 @@ -8,61 +8,17 @@
  
  
@@ -2152,7 +2349,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-07-26 18:46:48.233750000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-08-10 18:33:47.640625000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From e2cf04d6051956bf2b3d08202257ad11027ade98 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 02:52:36 +0000
Subject: [PATCH 024/301] Added warning when no certificate.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@31 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_svr.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 061cfcb387..9449b8b452 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -42,6 +42,15 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd)
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->next_state = HS_CLIENT_HELLO;
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ssl_ctx->chain_length == 0)
+    {
+        printf("Warning - no server certificate defined\n");
+        TTY_FLUSH();
+    }
+#endif
+
     return ssl;
 }
 

From 54984d108272c69ffeb3308f21ead4ebcf95d903 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 02:53:21 +0000
Subject: [PATCH 025/301] Additional help comments

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@32 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ssl/Config.in b/ssl/Config.in
index 7607f750a4..56c7173efa 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -55,7 +55,8 @@ config CONFIG_SSL_FULL_MODE
         The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
 
         This mode produces a library about 58kB in size. It is suggested that 
-        this mode is used only during development.
+        this mode is used only during development, or systems that have more
+        generous memory limits.
 
         It is the default to demonstrate the features of axTLS.
 
@@ -73,8 +74,8 @@ config CONFIG_SSL_SKELETON_MODE
         * Some other features/API calls may not work.
 
         This mode produces a library about 37kB in size. The main
-        disadvantage of this mode is speed - it may be several times slower
-        than the other build modes.
+        disadvantage of this mode is speed - it will be much slower than the 
+        other build modes.
 
 endchoice
 

From de7efdea2ff907de26a65119d41a7f0fc4cb9e58 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 02:53:44 +0000
Subject: [PATCH 026/301] Initial version

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@33 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/linuxconfig | 97 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 config/linuxconfig

diff --git a/config/linuxconfig b/config/linuxconfig
new file mode 100644
index 0000000000..79a3591a3a
--- /dev/null
+++ b/config/linuxconfig
@@ -0,0 +1,97 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+CONFIG_PLATFORM_LINUX=y
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+PREFIX="/usr/local"
+# CONFIG_DEBUG is not set
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+# CONFIG_SSL_USE_DEFAULT_KEY is not set
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+# CONFIG_AWHTTPD is not set
+# CONFIG_HTTP_STATIC_BUILD is not set
+# CONFIG_HTTP_HAS_SSL is not set
+CONFIG_HTTP_HTTPS_PORT=0
+CONFIG_HTTP_SESSION_CACHE_SIZE=0
+CONFIG_HTTP_WEBROOT=""
+CONFIG_HTTP_PORT=0
+CONFIG_HTTP_TIMEOUT=0
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSION=""
+# CONFIG_HTTP_DIRECTORIES is not set
+# CONFIG_HTTP_PERM_CHECK is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+# CONFIG_HTTP_VERBOSE is not set
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+# CONFIG_BINDINGS is not set
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+# CONFIG_PERL_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set

From 488d6e95a290bc3f2b1d089c47d46e69dd2bda59 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 02:54:24 +0000
Subject: [PATCH 027/301] Added dependency on Win32 for install

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@34 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/Config.in b/config/Config.in
index e9c3eff1e9..14de5c8f28 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -31,6 +31,7 @@ menu "General Configuration"
 
 config PREFIX
     string "axTLS installation prefix"
+    depends on !CONFIG_PLATFORM_WIN32
     default "/usr/local"
     help
       Define your directory to install axTLS files/subdirs in.

From 0045db57d144b6536b6154d4079a6c7827ee8dd1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 02:54:55 +0000
Subject: [PATCH 028/301] Added linuxconf as a target

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@35 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 8183dc0672..f1e1abb985 100644
--- a/Makefile
+++ b/Makefile
@@ -141,7 +141,7 @@ win32releaseconf: config/scripts/config/conf
 	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
 	$(MAKE)
 
-# The special debian release configuration
-debianconf: config/scripts/config/conf
-	@./config/scripts/config/conf -D config/debianconfig $(CONFIG_CONFIG_IN) > /dev/null
+# The special linux release configuration
+linuxconf: config/scripts/config/conf
+	@./config/scripts/config/conf -D config/linuxconfig $(CONFIG_CONFIG_IN) > /dev/null
 	$(MAKE)

From 0a53227725fb4a04fe19533d09993c16f685206c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 08:31:29 +0000
Subject: [PATCH 029/301] cgi warning fix

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@36 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/awhttpd.patch | 72 ++++++++++++++++++++++-----------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index ad1ed313c5..7560242408 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-08-10 18:33:47.609375000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-08-12 18:25:58.390625000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -192,7 +192,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-08-12 18:26:18.437500000 +1000
 @@ -7,93 +7,46 @@
  */
  
@@ -229,8 +229,8 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 -
 -  return;
 -
--}
--
+ }
+ 
 -
 -
 -void gensysenv(struct connstruct *cn) {
@@ -266,8 +266,8 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 -
 -  #endif
 -
- }
- 
+-}
+-
 -
 -
  void proccgi(struct connstruct *cn, int has_pathinfo) {
@@ -311,7 +311,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
      // Close the write descriptor
      close(tpipe[1]);
      cn->filedesc = tpipe[0];
-@@ -132,19 +86,62 @@
+@@ -132,19 +86,61 @@
    close(tpipe[1]);
  
    myargs[0] = cn->actualfile;
@@ -364,7 +364,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +    removeconnection(cn);
 +    return;
 +  }
-+
+ 
 +  _dup2(tmp_stdout, _fileno(stdout));
 +  close(tmp_stdout);
 +  cn->filedesc = tpipe[0];
@@ -373,13 +373,12 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +  for (;;)
 +  {
 +    procreadfile(cn);
- 
++
 +    if (cn->filedesc == -1)
 +        break;
 +
 +    procsendfile(cn);
 +    usleep(200000); /* don't know why this delay makes it work (yet) */
-+  }
 +#endif
  }
 +#endif  /* CONFIG_HTTP_HAS_CGI */
@@ -654,7 +653,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 -}
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-08-12 18:25:58.406250000 +1000
 @@ -9,26 +9,16 @@
  
  #include <stdio.h>
@@ -761,7 +760,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
  }
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-08-12 18:25:58.406250000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -804,7 +803,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
  
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-08-12 18:25:58.406250000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -851,7 +850,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-08-11 06:46:48.437500000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-08-12 18:25:58.406250000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -1085,7 +1084,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-08-12 18:25:58.421875000 +1000
 @@ -7,28 +7,21 @@
  */
  
@@ -1170,7 +1169,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-08-10 18:33:47.625000000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-08-12 18:25:58.421875000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1487,7 +1486,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-08-10 18:33:47.640625000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-08-12 18:25:58.421875000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1598,7 +1597,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-08-10 18:33:47.640625000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-08-12 18:25:58.421875000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1689,7 +1688,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-08-10 18:33:47.640625000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-08-12 18:26:51.093750000 +1000
 @@ -13,91 +13,92 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -1764,7 +1763,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 +#if defined(CONFIG_HTTP_HAS_CGI)
 +    if ((cgi_delim = strchr(value, '?')))
 +    {
-+        *cgi_delim = NULL;
++        *cgi_delim = 0;
 +        my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
 +    }
 +#endif
@@ -1846,15 +1845,15 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if (cn->dirp == NULL) {
      send404(cn);
      removeconnection(cn);
-@@ -116,12 +127,13 @@
+@@ -116,12 +127,10 @@
  
    // Get rid of the "."
    readdir(cn->dirp);
 +#endif
  
-   // If the browser doesn't specify a virtual host, the client will
-   // see "http://default/thedir/" instead of "http://thehost.com/thedir/"
-   // Consider this punishment for using such an old browser.
+-  // If the browser doesn't specify a virtual host, the client will
+-  // see "http://default/thedir/" instead of "http://thehost.com/thedir/"
+-  // Consider this punishment for using such an old browser.
 -  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of http://%s%s</H2><BR>\n", cn->virtualhostreq, cn->filereq);
 -  write(cn->networkdesc, buf, strlen(buf));
 +  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of %s://%s%s</H2><BR>\n", cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
@@ -1862,7 +1861,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
    cn->state = STATE_DOING_DIR;
  
-@@ -134,36 +146,48 @@
+@@ -134,36 +143,48 @@
  
  void procdodir(struct connstruct *cn) {
  
@@ -1878,13 +1877,14 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    do {
  
 -    if ((dp = readdir(cn->dirp)) == NULL) {
+-      snprintf(buf, sizeof(buf), "<BR><BR>End of Anti-Web directory listing.</BODY></HTML>\n");
+-      write(cn->networkdesc, buf, strlen(buf));
 +#ifdef WIN32
 +    if (!FindNextFile(cn->dirp, &cn->file_data)) {
 +#else
 +    if ((dp = readdir(cn->dirp)) == NULL)  {
 +#endif
-       snprintf(buf, sizeof(buf), "<BR><BR>End of Anti-Web directory listing.</BODY></HTML>\n");
--      write(cn->networkdesc, buf, strlen(buf));
++      snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
 +      special_write(cn, buf, strlen(buf));
        removeconnection(cn);
        return;
@@ -1920,7 +1920,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  
  
  
-@@ -172,9 +196,10 @@
+@@ -172,9 +193,10 @@
    char buf[MAXREQUESTLENGTH*4], *tp, *next;
    int rv;
  
@@ -1934,7 +1934,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -217,36 +242,85 @@
+@@ -217,36 +239,85 @@
  void procsendhead(struct connstruct *cn) {
  
    char buf[1024];
@@ -2029,7 +2029,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
      if (cn->filereq[strlen(cn->filereq)-1] != '/') {
        send301(cn);
-@@ -256,17 +330,18 @@
+@@ -256,17 +327,18 @@
  
      // Check to see if this dir has an index file
      if (procindex(cn, &stbuf) == 0) {
@@ -2051,7 +2051,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
          send404(cn);
          removeconnection(cn);
          return;
-@@ -275,50 +350,68 @@
+@@ -275,50 +347,68 @@
        proccgi(cn,0);
        return;
      }
@@ -2139,7 +2139,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      return;
    }
  
-@@ -328,13 +421,18 @@
+@@ -328,13 +418,18 @@
  
  void procreadfile(struct connstruct *cn) {
  
@@ -2163,7 +2163,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
    }
  
    cn->numbytes = rv;
-@@ -347,11 +445,9 @@
+@@ -347,11 +442,9 @@
  
  void procsendfile(struct connstruct *cn) {
  
@@ -2177,7 +2177,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
      removeconnection(cn);
    else if (rv == cn->numbytes)
      cn->state = STATE_WANT_TO_READ_FILE;
-@@ -361,7 +457,47 @@
+@@ -361,7 +454,47 @@
      memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
      cn->numbytes -= rv;
    }
@@ -2228,7 +2228,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-08-10 18:33:47.640625000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-08-12 18:25:58.437500000 +1000
 @@ -8,61 +8,17 @@
  
  
@@ -2349,7 +2349,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-08-10 18:33:47.640625000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-08-12 18:25:58.437500000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From 3eaa68bfdafd1b19fc78d1bb1e5d067e6c868ba6 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Aug 2006 09:21:14 +0000
Subject: [PATCH 030/301] cgi warning fix

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@37 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/awhttpd.patch | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index 7560242408..634b8b47d8 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-08-12 18:25:58.390625000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-08-12 19:16:59.687500000 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -192,7 +192,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-08-12 18:26:18.437500000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-08-12 19:17:29.171875000 +1000
 @@ -7,93 +7,46 @@
  */
  
@@ -229,8 +229,8 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 -
 -  return;
 -
- }
- 
+-}
+-
 -
 -
 -void gensysenv(struct connstruct *cn) {
@@ -266,8 +266,8 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 -
 -  #endif
 -
--}
--
+ }
+ 
 -
 -
  void proccgi(struct connstruct *cn, int has_pathinfo) {
@@ -311,7 +311,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
      // Close the write descriptor
      close(tpipe[1]);
      cn->filedesc = tpipe[0];
-@@ -132,19 +86,61 @@
+@@ -132,19 +86,62 @@
    close(tpipe[1]);
  
    myargs[0] = cn->actualfile;
@@ -364,7 +364,7 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +    removeconnection(cn);
 +    return;
 +  }
- 
++
 +  _dup2(tmp_stdout, _fileno(stdout));
 +  close(tmp_stdout);
 +  cn->filedesc = tpipe[0];
@@ -373,12 +373,13 @@ diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 +  for (;;)
 +  {
 +    procreadfile(cn);
-+
+ 
 +    if (cn->filedesc == -1)
 +        break;
 +
 +    procsendfile(cn);
 +    usleep(200000); /* don't know why this delay makes it work (yet) */
++  }
 +#endif
  }
 +#endif  /* CONFIG_HTTP_HAS_CGI */
@@ -653,7 +654,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 -}
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-08-12 18:25:58.406250000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-08-12 19:16:59.687500000 +1000
 @@ -9,26 +9,16 @@
  
  #include <stdio.h>
@@ -760,7 +761,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
  }
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-08-12 18:25:58.406250000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-08-12 19:16:59.687500000 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -803,7 +804,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
  
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-08-12 18:25:58.406250000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-08-12 19:16:59.687500000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -850,7 +851,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-08-12 18:25:58.406250000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-08-12 19:16:59.687500000 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -1084,7 +1085,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-08-12 18:25:58.421875000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-08-12 19:16:59.703125000 +1000
 @@ -7,28 +7,21 @@
  */
  
@@ -1169,7 +1170,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-08-12 18:25:58.421875000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-08-12 19:16:59.703125000 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1486,7 +1487,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-08-12 18:25:58.421875000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-08-12 19:16:59.703125000 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1597,7 +1598,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-08-12 18:25:58.421875000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-08-12 19:16:59.703125000 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1688,7 +1689,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-08-12 18:26:51.093750000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-08-12 19:16:59.703125000 +1000
 @@ -13,91 +13,92 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -2228,7 +2229,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-08-12 18:25:58.437500000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-08-12 19:16:59.718750000 +1000
 @@ -8,61 +8,17 @@
  
  
@@ -2349,7 +2350,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-08-12 18:25:58.437500000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-08-12 19:16:59.718750000 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>

From 73c11ecadb57fe067845985940b3faf5e978b533 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 19 Nov 2006 00:32:10 +0000
Subject: [PATCH 031/301] got rid of a write system call

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@39 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.c      |  6 +++---
 ssl/crypto.h      |  3 ++-
 ssl/crypto_misc.c | 14 ++++++++++----
 ssl/p12.c         |  4 ++--
 ssl/ssl.h         |  4 ++--
 ssl/tls1.c        | 16 +++++-----------
 6 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/ssl/bigint.c b/ssl/bigint.c
index 797ca21703..8d52184a81 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -165,7 +165,7 @@ void bi_permanent(bigint *bi)
 }
 
 /**
- * @brief Take a permanent object and make it elligible for freedom.
+ * @brief Take a permanent object and make it eligible for freedom.
  * @param bi [in]   The bigint to be made back to temporary.
  */
 void bi_depermanent(bigint *bi)
@@ -243,7 +243,7 @@ bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
 }
 
 /**
- * @brief Perform an additon operation between two bigints.
+ * @brief Perform an addition operation between two bigints.
  * @param ctx [in]  The bigint session context.
  * @param bia [in]  A bigint.
  * @param bib [in]  Another bigint.
@@ -1038,7 +1038,7 @@ static void more_comps(bigint *bi, int n)
 
 /*
  * Make a new empty bigint. It may just use an old one if one is available.
- * Otherwise get one of the heap.
+ * Otherwise get one off the heap.
  */
 static bigint *alloc(BI_CTX *ctx, int size)
 {
diff --git a/ssl/crypto.h b/ssl/crypto.h
index 8a79a84f15..dae5a5f3a3 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -269,7 +269,8 @@ typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
 
 typedef struct
 {
-    uint8_t *data;
+    uint8_t *pre_data;	/* include the ssl record bytes */
+    uint8_t *data;	/* the regular ssl data */
     int max_len;
     int index;
 } BUF_MEM;
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 8591aacd9e..edfe5bb7ca 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -31,6 +31,8 @@
 #include "wincrypt.h"
 #endif
 
+#define BM_RECORD_OFFSET 	5	/* same as SSL_RECORD_SIZE */
+
 #ifndef WIN32
 static int rng_fd = -1;
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
@@ -50,8 +52,9 @@ const char * const unsupported_str = "Error: feature not supported\n";
 BUF_MEM buf_new()
 {
     BUF_MEM bm;
-    bm.data = (uint8_t *)malloc(2048); /* should be enough to start with */
-    bm.max_len = 2048;
+    bm.pre_data = (uint8_t *)malloc(2048); /* should be enough to start with */
+    bm.data = bm.pre_data+BM_RECORD_OFFSET; /* some space at the start */
+    bm.max_len = 2048-BM_RECORD_OFFSET;
     bm.index = 0;
     return bm;
 }
@@ -66,7 +69,9 @@ void buf_grow(BUF_MEM *bm, int len)
         return;
     }
 
-    bm->data = (uint8_t *)realloc(bm->data, len+1024); /* just to be sure */
+    /* add 1kB just to be sure */
+    bm->pre_data = (uint8_t *)realloc(bm->pre_data, len+1024+BM_RECORD_OFFSET); 
+    bm->data = bm->pre_data+BM_RECORD_OFFSET;
     bm->max_len = len+1024;
 }
 
@@ -75,7 +80,8 @@ void buf_grow(BUF_MEM *bm, int len)
  */
 void buf_free(BUF_MEM *bm)
 {
-    free(bm->data);
+    free(bm->pre_data);
+    bm->pre_data = NULL;
     bm->data = NULL;
 }
 
diff --git a/ssl/p12.c b/ssl/p12.c
index 2d198dc90e..2189509989 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -192,7 +192,7 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter,
 }
 
 /*
- * Take a raw pkcs12 block and the decrypt it and turn it into a certificates
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
  * and keys.
  */
 int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
@@ -390,7 +390,7 @@ static int get_pbe_params(uint8_t *buf, int *offset,
         goto error;
 
     /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
-       which is the only agorithm we support */
+       which is the only algorithm we support */
     if (len != sizeof(pbeSH1RC4) || 
                     memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
     {
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 27b1f3903b..c314cbc8db 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -354,7 +354,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
  * - SSL_X509_CA_CERT_ORGANIZATION
  * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
  * @return The appropriate string (or null if not defined)
- * @note Verification mode must be enabled.
+ * @note Verification build mode must be enabled.
  */
 EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component);
 
@@ -388,7 +388,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
  * @param filename [in] The location of a file in DER/PEM format.
  * @param password [in] The password used. Can be null if not required.
  * @return SSL_OK if all ok
- * @note Not available in skeleton mode.
+ * @note Not available in skeleton build mode.
  */
 EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *filename, const char *password);
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 41484949f3..e157147a7e 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -902,7 +902,8 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
  */
 static int send_raw_packet(SSL *ssl, uint8_t protocol)
 {
-    uint8_t rec_buf[SSL_RECORD_SIZE];
+    uint8_t *rec_buf = ssl->bm_buf.pre_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_buf.index;
     int ret;
 
     rec_buf[0] = protocol;
@@ -911,17 +912,10 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
     rec_buf[3] = ssl->bm_buf.index >> 8;
     rec_buf[4] = ssl->bm_buf.index & 0xff;
 
-    DISPLAY_BYTES(ssl, "sending %d bytes", rec_buf, 5, 5);
-    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_buf.data,  
-            ssl->bm_buf.index, ssl->bm_buf.index);
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_buf.pre_data, 
+                            pkt_size, pkt_size);
 
-    /* 2 system calls, but what the hell it makes life a lot simpler */
-    ret = SOCKET_WRITE(ssl->client_fd, rec_buf, SSL_RECORD_SIZE);
-
-    if (ret > 0)
-    {
-        ret = SOCKET_WRITE(ssl->client_fd, ssl->bm_buf.data, ssl->bm_buf.index);
-    }
+    ret = SOCKET_WRITE(ssl->client_fd, ssl->bm_buf.pre_data, pkt_size);
 
     SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
     ssl->bm_buf.index = 0;

From c98ded2ecae50e3f4012f28ef9033fb480179949 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 27 Nov 2006 02:41:54 +0000
Subject: [PATCH 032/301] fixed pkcs12 mac issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@40 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/awhttpd.patch |  30 +++++-----
 samples/c/Makefile  |   2 +-
 ssl/asn1.c          |  22 +++-----
 ssl/p12.c           | 134 ++++++++++++++++++++++++++++----------------
 ssl/test/ssltest.c  |  26 ++++-----
 5 files changed, 125 insertions(+), 89 deletions(-)

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
index 634b8b47d8..59eb7eb819 100644
--- a/httpd/awhttpd.patch
+++ b/httpd/awhttpd.patch
@@ -1,6 +1,6 @@
 diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 --- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-08-12 19:16:59.687500000 +1000
++++ axTLS/httpd/awhttpd/aw3.h	2006-11-15 15:09:14.196258200 +1000
 @@ -7,17 +7,16 @@
  */
  
@@ -192,7 +192,7 @@ diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
 +void initlists(void);
 diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
 --- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-08-12 19:17:29.171875000 +1000
++++ axTLS/httpd/awhttpd/cgi.c	2006-11-15 15:09:14.211883700 +1000
 @@ -7,93 +7,46 @@
  */
  
@@ -654,7 +654,7 @@ diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
 -}
 diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
 --- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-08-12 19:16:59.687500000 +1000
++++ axTLS/httpd/awhttpd/conn.c	2006-11-15 15:09:14.243134700 +1000
 @@ -9,26 +9,16 @@
  
  #include <stdio.h>
@@ -761,7 +761,7 @@ diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
  }
 diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
 --- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-08-12 19:16:59.687500000 +1000
++++ axTLS/httpd/awhttpd/errors.c	2006-11-15 15:09:14.258760200 +1000
 @@ -8,7 +8,6 @@
  
  
@@ -804,7 +804,7 @@ diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
  
 diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
 --- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-08-12 19:16:59.687500000 +1000
++++ axTLS/httpd/awhttpd/index.c	2006-11-15 15:09:14.258760200 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -851,7 +851,7 @@ diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
 diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
 --- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-08-12 19:16:59.687500000 +1000
++++ axTLS/httpd/awhttpd/main.c	2006-11-21 16:30:37.093363800 +1000
 @@ -11,7 +11,6 @@
  #include <string.h>
  #include <sys/types.h>
@@ -903,7 +903,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
  
  void initlists() {
    int i;
-@@ -33,108 +64,119 @@
+@@ -33,108 +64,118 @@
    servers = NULL;
    usedconns = NULL;
    freeconns = NULL;
@@ -1040,7 +1040,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    pid = fork();
  
    if(pid > 0) {
-     status();
+-    status();
      exit(0);
    } else if(pid == -1) {
 +#ifdef CONFIG_HTTP_VERBOSE
@@ -1085,7 +1085,7 @@ diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
    return 0;
 diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 --- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-08-12 19:16:59.703125000 +1000
++++ axTLS/httpd/awhttpd/mime_types.c	2006-11-15 15:09:14.305636700 +1000
 @@ -7,28 +7,21 @@
  */
  
@@ -1170,7 +1170,7 @@ diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
 +
 diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 --- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-08-12 19:16:59.703125000 +1000
++++ axTLS/httpd/awhttpd/misc.c	2006-11-15 15:09:14.321262200 +1000
 @@ -7,33 +7,33 @@
  */
  
@@ -1487,7 +1487,7 @@ diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
 +#endif
 diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
 --- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-08-12 19:16:59.703125000 +1000
++++ axTLS/httpd/awhttpd/net.c	2006-11-15 15:09:14.352513200 +1000
 @@ -8,9 +8,7 @@
  
  
@@ -1598,7 +1598,7 @@ diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
  
 diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 --- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-08-12 19:16:59.703125000 +1000
++++ axTLS/httpd/awhttpd/permcheck.c	2006-11-15 15:09:14.368138700 +1000
 @@ -7,21 +7,23 @@
  */
  
@@ -1689,7 +1689,7 @@ diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
 +#endif  /* CONFIG_HTTP_PERM_CHECK */
 diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
 --- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-08-12 19:16:59.703125000 +1000
++++ axTLS/httpd/awhttpd/proc.c	2006-11-15 15:09:14.399389700 +1000
 @@ -13,91 +13,92 @@
  #include <sys/types.h>
  #include <sys/stat.h>
@@ -2229,7 +2229,7 @@ diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
  }
 diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
 --- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-08-12 19:16:59.718750000 +1000
++++ axTLS/httpd/awhttpd/socket.c	2006-11-15 15:09:14.415015200 +1000
 @@ -8,61 +8,17 @@
  
  
@@ -2350,7 +2350,7 @@ diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
 diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
 --- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-08-12 19:16:59.718750000 +1000
++++ axTLS/httpd/awhttpd/urlencode.c	2006-11-15 15:09:14.430640700 +1000
 @@ -13,7 +13,7 @@
  
  #include <ctype.h>
diff --git a/samples/c/Makefile b/samples/c/Makefile
index 95a3381cf1..c941f781db 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -46,7 +46,7 @@ include ../../config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32
 
-$(TARGET): $(OBJ) 
+$(TARGET): $(OBJ) $(LIBS)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls 
 ifndef CONFIG_DEBUG
 ifndef CONFIG_PLATFORM_SOLARIS
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 6e67d3c7d4..487d848fb8 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -42,7 +42,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
 };
 
 /* CN, O, OU */
-static uint8_t g_dn_types[] = { 3, 10, 11 };
+static const uint8_t g_dn_types[] = { 3, 10, 11 };
 
 static int get_asn1_length(const uint8_t *buf, int *offset)
 {
@@ -152,8 +152,7 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
     dQ_len = asn1_get_int(buf, &offset, &dQ);
     qInv_len = asn1_get_int(buf, &offset, &qInv);
 
-    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || 
-                                dQ_len <= 0 || qInv_len <= 0)
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
         return X509_INVALID_PRIV_KEY;
 
     RSA_priv_key_new(rsa_ctx, 
@@ -191,6 +190,7 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 
     memset(&tm, 0, sizeof(struct tm));
     tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+
     if (tm.tm_year <= 50)    /* 1951-2050 thing */
     {
         tm.tm_year += 100;
@@ -228,8 +228,8 @@ static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-        asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
-        asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
 }
 
 /**
@@ -259,15 +259,13 @@ static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
 /**
  * Obtain an ASN.1 printable string type.
  */
-static int asn1_get_printable_str(const uint8_t *buf,
-        int *offset, char **str)
+static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
 {
     int len = X509_NOT_OK;
 
     /* some certs have this awful crud in them for some reason */
     if (buf[*offset] != ASN1_PRINTABLE_STR && 
-            buf[*offset] != ASN1_TELETEX_STR &&
-            buf[*offset] != ASN1_IA5_STR)
+            buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
         goto end_pnt_str;
 
     (*offset)++;
@@ -334,8 +332,7 @@ static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
 /**
  * Read the modulus and public exponent of a certificate.
  */
-static int asn1_public_key(const uint8_t *cert, int *offset,
-        X509_CTX *x509_ctx)
+static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK, mod_len, pub_len;
     uint8_t *modulus, *pub_exp;
@@ -353,8 +350,7 @@ static int asn1_public_key(const uint8_t *cert, int *offset,
     mod_len = asn1_get_int(cert, offset, &modulus);
     pub_len = asn1_get_int(cert, offset, &pub_exp);
 
-    RSA_pub_key_new(&x509_ctx->rsa_ctx, 
-            modulus, mod_len, pub_exp, pub_len);
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
 
     free(modulus);
     free(pub_exp);
diff --git a/ssl/p12.c b/ssl/p12.c
index 2189509989..a74bdbf287 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -57,9 +57,14 @@
 #ifdef CONFIG_SSL_USE_PKCS12
 
 #define BLOCK_SIZE          64
-
-static int p8_decrypt(const char *password, const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len);
+#define PKCS12_KEY_ID       1
+#define PKCS12_IV_ID        2
+#define PKCS12_MAC_ID       3
+
+static char *make_uni_pass(const char *password, int *uni_pass_len);
+static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id);
 static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key);
 static int get_pbe_params(uint8_t *buf, int *offset, 
         const uint8_t **salt, int *iterations);
@@ -76,6 +81,8 @@ int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     uint8_t *version = NULL;
     const uint8_t *salt;
     uint8_t *priv_key;
+    int uni_pass_len;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
 
     if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
     {
@@ -100,11 +107,13 @@ int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     priv_key = &buf[offset];
 
-    p8_decrypt(password, salt, iterations, priv_key, len);
+    p8_decrypt(uni_pass, uni_pass_len, salt, 
+                        iterations, priv_key, len, PKCS12_KEY_ID);
     ret = p8_add_key(ssl_ctx, priv_key);
 
 error:
     free(version);
+    free(uni_pass);
     return ret;
 }
 
@@ -132,20 +141,12 @@ static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key)
 }
 
 /*
- * Decrypt a pkcs8 block.
+ * Create the unicode password 
  */
-static int p8_decrypt(const char *password, const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len)
+static char *make_uni_pass(const char *password, int *uni_pass_len)
 {
-    uint8_t p[BLOCK_SIZE*2];
-    uint8_t d[BLOCK_SIZE];
-    uint8_t Ai[SHA1_SIZE];
-    SHA1_CTX sha_ctx;
-    RC4_CTX rc4_ctx;
-    uint8_t *uni_pass = NULL;
-    int i;
-    int uni_pass_len = 0;
-    int id = 1;         /* key id */
+    int pass_len = 0, i;
+    char *uni_pass;
 
     if (password == NULL)
     {
@@ -157,12 +158,29 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter,
     /* modify the password into a unicode version */
     for (i = 0; i < (int)strlen(password); i++)
     {
-        uni_pass[uni_pass_len++] = 0;
-        uni_pass[uni_pass_len++] = password[i];
+        uni_pass[pass_len++] = 0;
+        uni_pass[pass_len++] = password[i];
     }
 
-    uni_pass[uni_pass_len++] = 0;       /* null terminate */
-    uni_pass[uni_pass_len++] = 0;
+    uni_pass[pass_len++] = 0;       /* null terminate */
+    uni_pass[pass_len++] = 0;
+    *uni_pass_len = pass_len;
+    return uni_pass;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *uni_pass, int uni_pass_len,
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    int i;
 
     for (i = 0; i < BLOCK_SIZE; i++)
     {
@@ -185,9 +203,14 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter,
     }
 
     /* do the decryption */
-    RC4_setup(&rc4_ctx, Ai, 16);
-    RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
-    free(uni_pass);
+    if (id == PKCS12_KEY_ID)
+    {
+        RC4_setup(&rc4_ctx, Ai, 16);
+        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    }
+    else  /* MAC */
+        memcpy(priv_key, Ai, SHA1_SIZE);
+
     return 0;
 }
 
@@ -198,13 +221,16 @@ static int p8_decrypt(const char *password, const uint8_t *salt, int iter,
 int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 {
     uint8_t *buf = ssl_obj->buf;
-    int all_ok = 0, len, iterations, key_offset, offset = 0;
+    int all_ok = 0, len, iterations, auth_safes_start, 
+              auth_safes_end, auth_safes_len, key_offset, offset = 0;
     int all_certs = 0;
-    uint8_t *version = NULL, *cert, *mac;
-    SHA1_CTX sha_ctx;
-    char sha[SHA1_SIZE];
+    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
+    char key[SHA1_SIZE];
+    char mac[SHA1_SIZE];
     const uint8_t *salt;
-    int ret;
+    int uni_pass_len, ret;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
     static const uint8_t pkcs_data[] = /* pkc7 data */
         { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
     static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
@@ -221,14 +247,10 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     }
 
     if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
+    {
+        error_code = SSL_ERROR_INVALID_VERSION;
         goto error;
-
-    /* work out the MAC of this bit */
-    key_offset = offset;
-    asn1_skip_obj(buf, &key_offset, ASN1_SEQUENCE);
-    SHA1Init(&sha_ctx);
-    SHA1Update(&sha_ctx, &buf[offset], key_offset-offset);
-    SHA1Final(&sha_ctx, sha);
+    }
 
     /* remove all the boring pcks7 bits */
     if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
@@ -240,8 +262,18 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     offset += len;
 
     if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
+        goto error;
+
+    /* work out the MAC start/end points (done on AuthSafes) */
+    auth_safes_start = offset;
+    auth_safes_end = offset;
+    asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE);
+    auth_safes_len = auth_safes_end - auth_safes_start;
+    auth_safes = malloc(auth_safes_len);
+    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
             asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
             (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
             (len != sizeof(pkcs_encrypted) || 
@@ -268,7 +300,8 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     /* decrypt the certificate */
     cert = &buf[offset];
-    if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0)
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
         goto error;
 
     offset += len;
@@ -327,7 +360,8 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     /* decrypt the private key */
     cert = &buf[offset];
-    if ((ret = p8_decrypt(password, salt, iterations, cert, len)) < 0)
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
         goto error;
 
     offset += len;
@@ -348,28 +382,34 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
             len != SHA1_SIZE)
         goto error;
 
-    mac = &buf[offset];
+    orig_mac = &buf[offset];
     offset += len;
 
     /* get the salt */
-    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
-            len != 8)
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
         goto error;
     salt = &buf[offset];
 
     /* work out what the mac should be */
-    if ((ret = p8_decrypt(password, salt, iterations, mac, SHA1_SIZE)) < 0)
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
+                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
         goto error;
 
-    /* TODO: actually memcmp the MAC - there is something wrong at the moment */
-    /* print_blob("MAC orig", sha, SHA1_SIZE); */
-    /* print_blob("MAC calc", mac, SHA1_SIZE); */
+    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
+
+    if (memcmp(mac, orig_mac, SHA1_SIZE))
+    {
+        error_code = SSL_ERROR_INVALID_HMAC;                  
+        goto error;
+    }
 
     all_ok = 1;
 
 error:
     free(version);
-    return all_ok ? SSL_OK : SSL_ERROR_NOT_SUPPORTED;
+    free(uni_pass);
+    free(auth_safes);
+    return all_ok ? SSL_OK : error_code;
 }
 
 /*
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 21cb63c13d..c1ac2f1fcf 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1083,31 +1083,31 @@ int SSL_server_tests(void)
     TTY_FLUSH();
 
     /*
-     * PKCS 8 key (encrypted)
+     * PKCS#8 key (encrypted)
      */
-    if ((ret = SSL_server_test(NULL, "pkcs 8 encrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", NULL, "abcd",
-                DEFAULT_SVR_OPTION)))
+    if ((ret = SSL_server_test(NULL, "pkcs#8 encrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
     /*
-     * PKCS 8 key (unencrypted)
+     * PKCS#8 key (unencrypted)
      */
-    if ((ret = SSL_server_test(NULL, "pkcs 8 unencrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", NULL, NULL,
-                DEFAULT_SVR_OPTION)))
+    if ((ret = SSL_server_test(NULL, "pkcs#8 unencrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
     /*
-     * PKCS 12 key/certificate
+     * PKCS#12 key/certificate
      */
-    if ((ret = SSL_server_test(NULL, "pkcs 12 no CA", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
+    if ((ret = SSL_server_test(NULL, "pkcs#12 with CA", "-cipher RC4-SHA", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
-    if ((ret = SSL_server_test(NULL, "pkcs 12 with CA", "-cipher RC4-SHA", 
-                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
+    if ((ret = SSL_server_test(NULL, "pkcs#12 no CA", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 

From 3c59f849dd5d769da13b1479333194064a54c16e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 27 Nov 2006 05:52:33 +0000
Subject: [PATCH 033/301] Fixed issue which stopped Montgomery & Classical
 reduction from being used

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@41 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.c       | 13 +++++++------
 ssl/bigint.h       |  4 ----
 ssl/test/Makefile  |  4 ++--
 ssl/test/ssltest.c | 24 ++++++++++++++++++++++++
 4 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/ssl/bigint.c b/ssl/bigint.c
index 8d52184a81..41446dde6f 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -734,8 +734,8 @@ void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
 
 #if defined(CONFIG_BIGINT_MONTGOMERY)
     /* set montgomery variables */
-    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);        /* R */
-    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);     /* R^2 */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
     ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
     ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
 
@@ -743,10 +743,11 @@ void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
     bi_permanent(ctx->bi_R_mod_m[mod_offset]);
 
     ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+
 #elif defined (CONFIG_BIGINT_BARRETT)
     ctx->bi_mu[mod_offset] = 
         bi_divide(ctx, comp_left_shift(
-               bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
     bi_permanent(ctx->bi_mu[mod_offset]);
 #endif
 }
@@ -1383,10 +1384,10 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
     if (!ctx->use_classical)
     {
         /* preconvert */
-        bi = bi_residue(ctx, 
-                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset])); /* x' */
+        bi = bi_mont(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
         bi_free(ctx, biR);
-        biR = ctx->bi_R_mod_m[mod_offset];
+        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
     }
 #endif
 
diff --git a/ssl/bigint.h b/ssl/bigint.h
index 2291f5c878..db3d112b9f 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -29,10 +29,6 @@
 #define CONFIG_SSL_CERT_VERIFICATION
 #endif
 
-#if !defined(CONFIG_BIGINT_MONTGOMERY) || !defined(CONFIG_BIGINT_BARRETT)
-#define CONFIG_BIGINT_CLASSICAL 1
-#endif
-
 #include "os_port.h"
 #include "bigint_impl.h"
 
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 23fcaf3bb6..6420503b9f 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -35,10 +35,10 @@ ssltesting: ../../$(STAGE)/ssltest
 LIBS=../../$(STAGE)
 CFLAGS += -I../../ssl -I../../config
 
-../../$(STAGE)/perf_bigint: perf_bigint.o
+../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
 	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
 
-../../$(STAGE)/ssltest: ssltest.o
+../../$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
 	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
 else
 performance: ../../$(STAGE)/perf_bigint.exe
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index c1ac2f1fcf..688e203f07 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1650,37 +1650,61 @@ int main(int argc, char *argv[])
     bi_ctx = bi_initialize();
 
     if (AES_test(bi_ctx))
+    {
+        printf("AES tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (RC4_test(bi_ctx))
+    {
+        printf("RC4 tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (MD5_test(bi_ctx))
+    {
+        printf("MD5 tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (SHA1_test(bi_ctx))
+    {
+        printf("SHA1 tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (HMAC_test(bi_ctx))
+    {
+        printf("HMAC tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (BIGINT_test(bi_ctx))
+    {
+        printf("BigInt tests failed!\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     bi_terminate(bi_ctx);
 
     if (RSA_test())
+    {
+        printf("RSA tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     if (cert_tests())
+    {
+        printf("CERT tests failed\n");
         goto cleanup;
+    }
     TTY_FLUSH();
 
     system("sh ../ssl/test/killopenssl.sh");

From d521a68821d04e3464f9fffa5f90b43db6d8382c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 28 Nov 2006 02:05:07 +0000
Subject: [PATCH 034/301] Added my name to the copyright

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@42 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                            |  2 +-
 bindings/Makefile                   |  2 +-
 bindings/csharp/Makefile            |  2 +-
 bindings/csharp/axTLS.cs            |  2 +-
 bindings/generate_SWIG_interface.pl |  2 +-
 bindings/generate_interface.pl      |  2 +-
 bindings/java/Makefile              |  2 +-
 bindings/java/SSL.java              |  2 +-
 bindings/java/SSLCTX.java           |  2 +-
 bindings/java/SSLClient.java        |  2 +-
 bindings/java/SSLReadHolder.java    |  2 +-
 bindings/java/SSLServer.java        |  2 +-
 bindings/java/SSLUtil.java          |  2 +-
 bindings/perl/Makefile              |  2 +-
 bindings/vbnet/Makefile             |  2 +-
 bindings/vbnet/axTLSvb.vb           |  2 +-
 config/makefile.conf                |  2 +-
 config/makefile.dotnet.conf         |  2 +-
 config/makefile.java.conf           |  2 +-
 docsrc/Makefile                     |  2 +-
 httpd/Makefile                      |  2 +-
 samples/Makefile                    |  2 +-
 samples/c/Makefile                  |  2 +-
 samples/c/axssl.c                   |  4 +---
 samples/csharp/Makefile             |  2 +-
 samples/csharp/axssl.cs             |  4 +---
 samples/java/Makefile               |  2 +-
 samples/java/axssl.java             |  4 +---
 samples/perl/Makefile               |  2 +-
 samples/perl/axssl.pl               |  4 +---
 samples/vbnet/Makefile              |  2 +-
 samples/vbnet/axssl.vb              |  4 +---
 ssl/Makefile                        |  2 +-
 ssl/aes.c                           |  2 +-
 ssl/asn1.c                          |  2 +-
 ssl/bigint.c                        | 24 ++++++++++++------------
 ssl/bigint.h                        |  2 +-
 ssl/bigint_impl.h                   |  2 +-
 ssl/crypto.h                        |  2 +-
 ssl/crypto_misc.c                   |  2 +-
 ssl/hmac.c                          |  2 +-
 ssl/loader.c                        |  2 +-
 ssl/md5.c                           |  2 +-
 ssl/os_port.c                       |  2 +-
 ssl/os_port.h                       |  2 +-
 ssl/p12.c                           |  2 +-
 ssl/rc4.c                           |  2 +-
 ssl/rsa.c                           | 10 ++--------
 ssl/sha1.c                          |  2 +-
 ssl/ssl.h                           |  2 +-
 ssl/test/Makefile                   |  2 +-
 ssl/test/make_certs.sh              |  2 +-
 ssl/test/perf_bigint.c              |  4 +---
 ssl/test/ssltest.c                  |  4 +---
 ssl/test/test_axssl.sh              |  2 +-
 ssl/tls1.c                          |  2 +-
 ssl/tls1.h                          |  2 +-
 ssl/tls1_clnt.c                     |  2 +-
 ssl/tls1_svr.c                      |  2 +-
 59 files changed, 71 insertions(+), 91 deletions(-)

diff --git a/Makefile b/Makefile
index f1e1abb985..1ebdcfc012 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This license is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/bindings/Makefile b/bindings/Makefile
index 8f1fc88596..322b37080a 100644
--- a/bindings/Makefile
+++ b/bindings/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/bindings/csharp/Makefile b/bindings/csharp/Makefile
index d7fbdb619f..87073f5e43 100644
--- a/bindings/csharp/Makefile
+++ b/bindings/csharp/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index 4622dc5535..5239cd688c 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006 
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index c4a98ffcef..dea277e6ec 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -1,7 +1,7 @@
 #!/usr/bin/perl
 
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index 067dead21b..4f0fc25fad 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
index 7e69aef521..a1933b92fc 100644
--- a/bindings/java/Makefile
+++ b/bindings/java/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
index 9d64206300..53ddd95a25 100644
--- a/bindings/java/SSL.java
+++ b/bindings/java/SSL.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
index dfd08ec950..34bd9e48c1 100644
--- a/bindings/java/SSLCTX.java
+++ b/bindings/java/SSLCTX.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
index ef624d60d0..02ad38c7d3 100644
--- a/bindings/java/SSLClient.java
+++ b/bindings/java/SSLClient.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSLReadHolder.java b/bindings/java/SSLReadHolder.java
index 0749ab3e85..e51e0a593d 100644
--- a/bindings/java/SSLReadHolder.java
+++ b/bindings/java/SSLReadHolder.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSLServer.java b/bindings/java/SSLServer.java
index 6f4cf00e8b..7aa7fc09b5 100644
--- a/bindings/java/SSLServer.java
+++ b/bindings/java/SSLServer.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
index 26451b20a0..d5b6ba9f23 100644
--- a/bindings/java/SSLUtil.java
+++ b/bindings/java/SSLUtil.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
index b1943a4764..e04bd3c7d2 100644
--- a/bindings/perl/Makefile
+++ b/bindings/perl/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/bindings/vbnet/Makefile b/bindings/vbnet/Makefile
index 5c7a36d6a3..bcd6cae4d2 100644
--- a/bindings/vbnet/Makefile
+++ b/bindings/vbnet/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
index 7f08195258..c07258df43 100644
--- a/bindings/vbnet/axTLSvb.vb
+++ b/bindings/vbnet/axTLSvb.vb
@@ -1,5 +1,5 @@
 '
-'  Copyright(C) 2006
+'  Copyright(C) 2006 Cameron Rich
 '
 '  This program is free software you can redistribute it and/or modify
 '  it under the terms of the GNU General Public License as published by
diff --git a/config/makefile.conf b/config/makefile.conf
index 713d00c59f..41e66702f5 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
index 23baf70c5b..110e27d3bb 100644
--- a/config/makefile.dotnet.conf
+++ b/config/makefile.dotnet.conf
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
index 59bde86139..2194ef44bd 100644
--- a/config/makefile.java.conf
+++ b/config/makefile.java.conf
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/docsrc/Makefile b/docsrc/Makefile
index a9a1e502c5..136264b08d 100644
--- a/docsrc/Makefile
+++ b/docsrc/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/httpd/Makefile b/httpd/Makefile
index 07261a52cd..22b8d0ff23 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/Makefile b/samples/Makefile
index 4a7acd7861..fbb31149a8 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/c/Makefile b/samples/c/Makefile
index c941f781db..0ab81e70f2 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 955340ca82..7575c263bb 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file axssl.c
- *
  * Demonstrate the use of the axTLS library in C with a set of 
  * command-line parameters similar to openssl. In fact, openssl clients 
  * should be able to communicate with axTLS servers and visa-versa.
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
index d30b37c263..267a49d15c 100644
--- a/samples/csharp/Makefile
+++ b/samples/csharp/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index ca8281d654..eb80146533 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /**
- * axssl.cs
- *
  * Demonstrate the use of the axTLS library in C# with a set of 
  * command-line parameters similar to openssl. In fact, openssl clients 
  * should be able to communicate with axTLS servers and visa-versa.
diff --git a/samples/java/Makefile b/samples/java/Makefile
index e8b8351023..eca097ec70 100644
--- a/samples/java/Makefile
+++ b/samples/java/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
index b193725ef0..3d138c6cf5 100644
--- a/samples/java/axssl.java
+++ b/samples/java/axssl.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /*
- * axssl.java
- *
  * Demonstrate the use of the axTLS library in Java with a set of 
  * command-line parameters similar to openssl. In fact, openssl clients 
  * should be able to communicate with axTLS servers and visa-versa.  *
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
index 0599196c40..0ad96070fd 100644
--- a/samples/perl/Makefile
+++ b/samples/perl/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index ce0266b02b..562d4747c2 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -w
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -17,8 +17,6 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-#
-# axssl.pl
 #
 # Demonstrate the use of the axTLS library in Perl with a set of 
 # command-line parameters similar to openssl. In fact, openssl clients 
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
index 9f9adc66c1..7349e67cc9 100644
--- a/samples/vbnet/Makefile
+++ b/samples/vbnet/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
index 4eb210a3f9..ce64db5e83 100644
--- a/samples/vbnet/axssl.vb
+++ b/samples/vbnet/axssl.vb
@@ -1,5 +1,5 @@
 '
-'  Copyright(C) 2006
+'  Copyright(C) 2006 Cameron Rich
 '
 '  This program is free software you can redistribute it and/or modify
 '  it under the terms of the GNU General Public License as published by
@@ -16,8 +16,6 @@
 '  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 '
 
-'
-' @file axssl.vb
 '
 ' Demonstrate the use of the axTLS library in VB.NET with a set of 
 ' command-line parameters similar to openssl. In fact, openssl clients 
diff --git a/ssl/Makefile b/ssl/Makefile
index 14d50ac93a..61864a5b72 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/aes.c b/ssl/aes.c
index 74e8b666ef..8aefbf4f6e 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 487d848fb8..44d2adf09c 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 41446dde6f..24e6a53f86 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
@@ -423,7 +423,7 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
 
         if (v->size > 1 && V2)
         {
-            /* we are implementing the following
+            /* we are implementing the following:
             if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
                     q_dash*V1)*COMP_RADIX) + U(2))) ... */
             comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
@@ -449,6 +449,7 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
             {
                 Q(j)--;
                 tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+
                 /* lop off the carry */
                 tmp_u->size--;
                 v->size--;
@@ -478,7 +479,7 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
     }
 }
 
-/**
+/*
  * Perform an integer divide on a bigint.
  */
 static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
@@ -715,7 +716,7 @@ void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
  * @param ctx [in]  The bigint session context.
  * @param bim [in]  The bigint modulus that will be used.
  * @param mod_offset [in] There are three moduluii that can be stored - the
- * standard modulus, and it's two primes p and q. This offset refers to which
+ * standard modulus, and its two primes p and q. This offset refers to which
  * modulus we are referring to.
  * @see bi_free_mod(), bi_mod_power().
  */
@@ -898,7 +899,7 @@ bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 
 #ifdef CONFIG_BIGINT_SQUARE
 /*
- * Perform the actual square operion. It takes into account overflow 
+ * Perform the actual square operion. It takes into account overflow.
  */
 static bigint *regular_square(BI_CTX *ctx, bigint *bi)
 {
@@ -940,6 +941,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
         }
 
         w[i+t] += carry;
+
         if (u)
         {
             w[i+t+1] = 1;   /* add carry */
@@ -1018,7 +1020,7 @@ int bi_compare(bigint *bia, bigint *bib)
     return r;
 }
 
-/**
+/*
  * Allocate and zero more components.  Does not consume bi. 
  */
 static void more_comps(bigint *bi, int n)
@@ -1051,6 +1053,7 @@ static bigint *alloc(BI_CTX *ctx, int size)
         biR = ctx->free_list;
         ctx->free_list = biR->next;
         ctx->free_count--;
+
         if (biR->refs != 0)
         {
 #ifdef CONFIG_SSL_FULL_MODE
@@ -1338,8 +1341,7 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
  */
 static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
 {
-    int k = 1;
-    int i;
+    int k = 1, i;
     bigint *g2;
 
     for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
@@ -1354,8 +1356,7 @@ static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
 
     for (i = 1; i < k; i++)
     {
-        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], 
-                    bi_copy(g2)));
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
         bi_permanent(ctx->g[i]);
     }
 
@@ -1442,8 +1443,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
             }
 
             part_exp = (part_exp-1)/2;  /* adjust for array */
-            biR = bi_residue(ctx, 
-                    bi_multiply(ctx, biR, ctx->g[part_exp]));
+            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
             i = l-1;
         }
         else    /* square it */
diff --git a/ssl/bigint.h b/ssl/bigint.h
index db3d112b9f..e233d79804 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 9d48182866..156e940547 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/crypto.h b/ssl/crypto.h
index dae5a5f3a3..f6277adcce 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index edfe5bb7ca..fa3f09390c 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/hmac.c b/ssl/hmac.c
index cafb2642a4..aaa499dd2c 100644
--- a/ssl/hmac.c
+++ b/ssl/hmac.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/loader.c b/ssl/loader.c
index 400847b856..c8b74f3b2f 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/md5.c b/ssl/md5.c
index c682e11ea6..f2a2ded676 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 19932293ea..56e6e3a06a 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/os_port.h b/ssl/os_port.h
index b8354cb6ce..fd9f83929f 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/p12.c b/ssl/p12.c
index a74bdbf287..4f37d08bc0 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/rc4.c b/ssl/rc4.c
index acb5f14f2f..661d027c98 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/rsa.c b/ssl/rsa.c
index f401cf2859..60b36891f2 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file rsa.c
- *
  * Implements the RSA public encryption algorithm. Uses the bigint library to
  * perform its calculations.
  */
@@ -68,8 +66,6 @@ void RSA_priv_key_new(RSA_CTX **ctx,
 #endif
 }
 
-/**
- */
 void RSA_pub_key_new(RSA_CTX **ctx, 
         const uint8_t *modulus, int mod_len,
         const uint8_t *pub_exp, int pub_len)
@@ -122,7 +118,6 @@ void RSA_free(RSA_CTX *rsa_ctx)
 }
 
 /**
- * @fn int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data)
  * @brief Use PKCS1.5 for decryption/verification.
  * @param ctx [in] The context
  * @param in_data [in] The data to encrypt (must be < modulus size-11)
@@ -145,7 +140,7 @@ int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
     dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     decrypted_bi = is_decryption ?  /* decrypt or verify? */
-        RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
 #else   /* always a decryption */
     decrypted_bi = RSA_private(ctx, dat_bi);
 #endif
@@ -183,7 +178,6 @@ int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
 }
 
 /**
- * @fn bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
  * Performs m = c^d mod n
  */
 bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
diff --git a/ssl/sha1.c b/ssl/sha1.c
index 1f06732352..80f311b18c 100644
--- a/ssl/sha1.c
+++ b/ssl/sha1.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/ssl.h b/ssl/ssl.h
index c314cbc8db..6c939c1f2b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 6420503b9f..43c9a6cef8 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
index f0d609580c..b7a872b98c 100755
--- a/ssl/test/make_certs.sh
+++ b/ssl/test/make_certs.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This license is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index 4fc77fecbd..74844a5e05 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file perf_bigint.c
- *
  * Some performance testing of bigint.
  */
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 688e203f07..7bbb58e0f6 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This license is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
@@ -17,8 +17,6 @@
  */
 
 /*
- * ssltest.c
- *
  * The testing of the crypto and ssl stuff goes here. Keeps the individual code
  * modules from being uncluttered with test code.
  *
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 7a7003365e..072ffd0cb6 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-#  Copyright(C) 2006
+#  Copyright(C) 2006 Cameron Rich
 #
 #  This license is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/tls1.c b/ssl/tls1.c
index e157147a7e..4aa6cbfa96 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 9f611f7750..fc343e512c 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 45d4bca5c2..da6034be25 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 9449b8b452..b3505c2663 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006
+ *  Copyright(C) 2006 Cameron Rich
  *
  *  This library is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU Lesser General Public License as published by

From 3064f8d199d1b1576e13039dd2c85e3cad94f852 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Nov 2006 01:47:26 +0000
Subject: [PATCH 035/301] some typo fixes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@43 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/Config.in             |   6 +++---
 bindings/generate_interface.pl |   2 +-
 samples/perl/axssl.pl          |  12 ++----------
 ssl/p12.c                      |  17 +++++++++--------
 ssl/test/axTLS.withoutCA.ya    | Bin 1576 -> 0 bytes
 5 files changed, 15 insertions(+), 22 deletions(-)
 delete mode 100644 ssl/test/axTLS.withoutCA.ya

diff --git a/bindings/Config.in b/bindings/Config.in
index 5af0c0ce54..bf916b13d6 100644
--- a/bindings/Config.in
+++ b/bindings/Config.in
@@ -10,7 +10,7 @@ config CONFIG_BINDINGS
     help
         axTLS supports language bindings in C#, VB.NET, Java and Perl.
 
-        Select Y here if you want to build the various bindings.
+        Select Y here if you want to build the various language bindings.
 
 config CONFIG_CSHARP_BINDINGS
     bool "Create C# bindings"
@@ -78,8 +78,8 @@ config CONFIG_PERL_CORE
     string "Location of Perl CORE"
     default "c:\\perl\\lib\\CORE"
     help:
-        I'm testing with:
-        "http://www.activestate.com/Products/ActivePerl" at the moment.
+        works with ActiveState
+        "http://www.activestate.com/Products/ActivePerl"
 
 config CONFIG_PERL_LIB
     string "Name of Perl Library"
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index 4f0fc25fad..fee6eb4c5f 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -200,7 +200,7 @@ sub parseFile
 
 #===============================================================
 
-# Determine which module to build from cammand-line options
+# Determine which module to build from command-line options
 use strict;
 use Getopt::Std;
 
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index 562d4747c2..e0200ea0b2 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -424,11 +424,7 @@ sub do_client
             $res = axtlsp::ssl_handshake_status($ssl);
             if ($res != $axtlsp::SSL_OK)
             {
-                if (!$quiet)
-                {
-                    axtlsp::ssl_display_error($res);
-                }
-
+                axtlsp::ssl_display_error($res) if !$quiet;
                 axtlsp::ssl_free($ssl);
                 exit 1;
             }
@@ -456,11 +452,7 @@ sub do_client
     $res = axtlsp::ssl_handshake_status($ssl);
     if ($res != $axtlsp::SSL_OK)
     {
-        if (!$quiet)
-        {
-            axtlsp::ssl_display_error($res);
-        }
-
+        axtlsp::ssl_display_error($res) if not $quiet;
         exit 1;
     }
 
diff --git a/ssl/p12.c b/ssl/p12.c
index 4f37d08bc0..f88594f194 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -268,7 +268,9 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     /* work out the MAC start/end points (done on AuthSafes) */
     auth_safes_start = offset;
     auth_safes_end = offset;
-    asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE);
+    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
+        goto error;
+
     auth_safes_len = auth_safes_end - auth_safes_start;
     auth_safes = malloc(auth_safes_len);
     memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
@@ -315,9 +317,8 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     {
         int cert_offset = key_offset;
 
-        asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE);
-
-        if (asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
                 asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
                 asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
                 asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
@@ -421,8 +422,9 @@ static int get_pbe_params(uint8_t *buf, int *offset,
     static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
             { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
 
-    int i, len, ret = SSL_NOT_OK;
+    int i, len;
     uint8_t *iter = NULL;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
 
     /* Get the PBE type */
     if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
@@ -437,7 +439,6 @@ static int get_pbe_params(uint8_t *buf, int *offset,
 #ifdef CONFIG_SSL_FULL_MODE
         printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
 #endif
-        ret = SSL_ERROR_NOT_SUPPORTED;
         goto error;
     }
 
@@ -462,10 +463,10 @@ static int get_pbe_params(uint8_t *buf, int *offset,
     }
 
     free(iter);
-    ret = SSL_OK;       /* got here - we are ok */
+    error_code = SSL_OK;       /* got here - we are ok */
 
 error:
-    return ret;
+    return error_code;
 }
 
 #endif
diff --git a/ssl/test/axTLS.withoutCA.ya b/ssl/test/axTLS.withoutCA.ya
deleted file mode 100644
index 9e1bd632a2f3b9e584064412f92364fb120cfe70..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1576
zcmY+@c|6k%90%~<W}9P-$|g6@EHuZqEb&4@lq5vXIU_vDG2~8Ti{|WL!d#;z6&*^B
zDCO>QKFm2}9Vo{<5szN4=XrXbKfbT;>-G75U*EspUmOLd0tN}-DA12E;k~pYG`<)}
z5L8TojzB2T!R@#gM*-jbHG&mWz>Mwa8W;p@xAb2V5Kayz^7jQ%5DbTa2)PYU5o{IT
zWr4v$Kq3X~iH*)GB%Pgim!ERFOj$QSunT!1Ud2@Hc2dQxKLZhqBuT-h6@^?~_f#Wp
zE4O-^ajUJ*?=w(N|HP(t4J;~F1q;`TrIX^0z3*F{fUO1Vs_6P*?9Awvc^Hkn4R^WM
zp+uZ$#+agM)Kc!^j8RsQ@~*O}sL+Je5OW8=^fsmT(z`xjcQ0!pJ7Wv~vL1<p@O`%)
z%U?|r@*CLLkLpB@WEW(FrF(WS(7_gF=vAWXU9rPY<c==A%&fEkXAZ>fBW88MFENX!
zTHA(;&e6FBA|<wKey+RYv8{8m(Vux=>lFJ(ACwsCVl@^etkfR$g=SW-psrMC3Qx7D
z4Kwq7e5+Msl_z$8OglI0b8iN;)3H>l-;~^skn@H+*hTk^ltp>u)p}_?DKC0$e{$T#
z+HmvFY<>|*smJi!{bAyYNuqgh4BfDLj_d*<g$((onjju_6eDvVHiiu)Ik>U%>Kznh
z3Fc`d-z~zQ8w3%J1YYWpYf<Z*`}3~`SHq4Ns82obnAzZn1eef>E$J(_-gqfIpkb7H
z*>)q4gN~+pg)hns3(+}z7DwM_a&KYkXo)wgaMHU*C&kJzU+--$w@J0wkb#iniVmU4
zwmO-|k;Q92q;)ZaK|C5Z*m*CtEgr_3qQt_N?s!Hz`_dv0Eo-I3jy3BpU5IKd$HVz*
zy>cHvhCR`e5ETz$2SC5Xe2ToAJCFbVZ2v4j!o+FeOI_%J+w0<8S%LQZb#EsJ9#rV3
z{SMJn<95baDG=`kk1Z<|U`bV$f@`a>s<nhbuyF=k6`QCZ5pp$f?*%H3BB1ggki`@M
zB!nWcV>=exE@2q_AD$v0@V4WMZNR1fQ!DUOt=6kM9=rif^`B}X6mVi5d6V&+Vv|#?
z&CPlw{&++2#%pXBWNi3bV_9sHY-hf_{5ZntvpI`7)JNWMh9F6opZ4cA*mwMS)z;IJ
z6);N<V)~9Rift(w+b&nQF#C;PCu4j`nSKLEhk+(q!0A{<&2VJ*22Y=ZCRaUw*tWwW
z?JKFit9fG0(Q@@=utpuQ&O9w!kc>t;<(FG(MIL?<ieKM@nF(x1eff~nOa7kM+XJeP
zt10koc4%tQy|Q!c%<*y|>NVqKTX85=%20BhInebK;6nzqw2p>K&J&|YMMAGJANg?t
z-_+K#6h_EHThXAd0!?cBb&Fex-)WdJ#S?<e@mYqTohTtD>&0RAGv0#J_}wL<h90&i
z!_A9Lr7b)@ZRwJYf;ZUsFTM}bv<+8=O(b_KIbYWiER>mBQ0mqKhOmUelk1UPleJ17
z9P1ShrXjWbLss<x{!76^ZLUt>2bRio{E0c<bjy%*N{`O+C-}Q40y46gV}cGpdd6zq
zYYSSrbmm<nEiSWO-c6$~R5KuM=;nP0FTOWTvzDzZlW<Yn@|0<%ocp;$3ixJ?g_9qC
zix6bA)d;&+k>iYV_Jkv<{%|fr<&0}vd2caL*l~4E{IV!K!SkYyD+4XR=#?O${%KQv
z)@q9zR1WHXn`eA{`c&mH%rln<Y=j1kelrK^#x+Z@+O&UPg`hjiUtzVeY0UH%%^iq-
zpHz1c!luH7Z+6U)wTaCX^75gVOzR)1%FCxV?rSnZdrRL5BeeR?{}}67^Xf1vxGpuK
z4~){^j@tj|r2AjePq}1*i~GuJDJ{_Bx8C4a!2=%0<;=qusW1AjuZf9;?=o)UAuuy2
zayZ@whyGW!FcOb~NaAbhlXW_0H=QU+>TbgR-h%0s2XN}YmL&0V3Nk<lfCmVG2XGz;
z0Kx%(AQ*_)?xw&Y93H2P6NW*t2m!DR6o5!Z<e2ZKy9NReJAkl_4pA3^sI)djsQtKq
MwzR5a>d!~`3!L7-C;$Ke


From ada6d5e41bf92324d479091746cc43a50d6b8e60 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 30 Nov 2006 05:25:19 +0000
Subject: [PATCH 036/301] some small tidy up work

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@44 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 README                    | 9 +++++++++
 bindings/csharp/axTLS.cs  | 3 +++
 bindings/java/SSLCTX.java | 2 ++
 docsrc/doco_footer.html   | 2 +-
 ssl/ssl.h                 | 2 +-
 ssl/tls1.c                | 2 +-
 6 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/README b/README
index 1ca2020094..2e4d492bbb 100644
--- a/README
+++ b/README
@@ -111,6 +111,15 @@ ActiveState's version works ok).
 # Known Issues
 ########################################################################
 
+* Firefox doesn't handle legacy SSLv2 at all well. Disabling SSLv2 still 
+  initiates a SSLv23 handshake (v1.5). And continuous pressing of the 
+  "Reload" page instigates a change to SSLv3 for some reason (even though the 
+  TLS 1.0 option is selected). This will cause a "Firefox and <server> cannot 
+  communicate securely because they have no common encryption 
+  algorithms" (v1.5), or "Firefox can't connect to <server> because the site 
+  uses a security protocol which isn't enabled" (v2.0). See bugzilla issues 
+  343543 and 359484 (Comment #7).  It's all broken (hopefully fixed soon).
+
 * Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile
   the latest version of Perl on an AMD64 box (using FC3).
 
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index 5239cd688c..78734e4366 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -340,6 +340,9 @@ public int VerifyCert(SSL ssl)
          *
          * For a client this involves sending another "client hello" message.
          * For the server is means sending a "hello request" message.
+         *
+         * This is a blocking call on the client (until the handshake 
+         * completes).
          * @param ssl [in] An SSL object reference.
          * @return SSL_OK if renegotiation instantiation was ok
          */
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
index 34bd9e48c1..2823511b1a 100644
--- a/bindings/java/SSLCTX.java
+++ b/bindings/java/SSLCTX.java
@@ -168,6 +168,8 @@ public int verifyCert(SSL ssl)
      *
      * For a client this involves sending another "client hello" message.
      * For the server is means sending a "hello request" message.
+     *
+     * This is a blocking call on the client (until the handshake completes).
      * @param ssl [in] An SSL object reference.
      * @return SSL_OK if renegotiation instantiation was ok
      */
diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html
index 84c2b81e54..e16051cba1 100644
--- a/docsrc/doco_footer.html
+++ b/docsrc/doco_footer.html
@@ -1,3 +1,3 @@
 <p></p>
 <p align="center"><img src="../images/tsbasbw.gif" width="1000" height="7"></p>
-<CITE>Copyright <sup>�</sup> 2006</CITE>
+<CITE>Copyright <sup>�</sup> 2006 Cameron Rich</CITE>
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6c939c1f2b..b9dbb83209 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -300,7 +300,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
 EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl);
 
 /**
- * @brief Retrieve various parameters about the TLS engine.
+ * @brief Retrieve various parameters about the axTLS engine.
  * @param offset [in] The configuration offset. It will be one of the following:
  * - SSL_BUILD_MODE The build mode. This will be one of the following:
  *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4aa6cbfa96..7e76e5a75b 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1150,7 +1150,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
     if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
     {
-        /* check for sslv2 "client hello" TODO: this shouldn't be here. */
+        /* check for sslv2 "client hello" */
         if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
         {
 #ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE

From df2886ed07a1e1c3836a230119c67d5fc0aec798 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 30 Nov 2006 05:56:15 +0000
Subject: [PATCH 037/301] fixed possible future version bug

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@45 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 7e76e5a75b..2194235181 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1168,17 +1168,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         version = (buf[1] << 4) + buf[2];
         ssl->need_bytes = (buf[3] << 8) + buf[4];
 
-        /* should be 3.1 (TLSv1) */
-        if (version != 0x31) 
+        /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
+        if (version < 0x31) 
         {
-            /* if we are talking to a client that talks v3.2, then we'll wear
-             * it - we'll respond in v3.1 mode anyway. */
-            if (version < 0x31 || !IS_SET_SSL_FLAG(SSL_IS_CLIENT))
-            {
-                ret = SSL_ERROR_INVALID_VERSION;
-                ssl_display_error(ret);
-                goto error;
-            }
+            ret = SSL_ERROR_INVALID_VERSION;
+            ssl_display_error(ret);
+            goto error;
         }
 
         CLR_SSL_FLAG(SSL_NEED_RECORD);

From 3d2f9ac3fd4ed04ae7dea9d19f5cd73b57e6f95b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 1 Dec 2006 03:57:08 +0000
Subject: [PATCH 038/301] adjusted version checking mechanism

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@46 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/aes.c         |  13 +--
 ssl/bigint_impl.h |   1 -
 ssl/crypto_misc.c |   3 -
 ssl/hmac.c        |   2 -
 ssl/md5.c         | 255 ++++++++++++++++++++++------------------------
 ssl/rc4.c         |  10 +-
 ssl/sha1.c        |   4 -
 ssl/tls1.c        |  35 ++-----
 ssl/tls1_clnt.c   |   5 +-
 ssl/tls1_svr.c    |  14 ++-
 10 files changed, 160 insertions(+), 182 deletions(-)

diff --git a/ssl/aes.c b/ssl/aes.c
index 8aefbf4f6e..9154a5153f 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file aes.c
- *
  * AES implementation - this is a small code version. There are much faster
  * versions around but they are much larger in size (i.e. they use large 
  * submix tables).
@@ -34,12 +32,13 @@
 #define rot2(x) (((x) << 16) | ((x) >> 16))
 #define rot3(x) (((x) <<  8) | ((x) >> 24))
 
-/* This cute trick does 4 'mul by two' at once.  Stolen from
+/* 
+ * This cute trick does 4 'mul by two' at once.  Stolen from
  * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
  * a standard graphics trick
  * The key to this is that we need to xor with 0x1b if the top bit is set.
  * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
- * b 1000 0000   0000 0000 then we shift right by 7 puting the 7bit in 0bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
  * c 0000 0001   0000 0000 we then subtract (c) from (b)
  * d 0111 1111   0000 0000 and now we and with our mask
  * e 0001 1011   0000 0000
@@ -194,7 +193,7 @@ void AES_set_key(AES_CTX *ctx, const uint8_t *key,
     ctx->rounds = i;
     ctx->key_size = words;
     W = ctx->ks;
-    for (i=0; i<words; i+=2)
+    for (i = 0; i < words; i+=2)
     {
         W[i+0]=	((uint32_t)key[ 0]<<24)|
             ((uint32_t)key[ 1]<<16)|
@@ -212,6 +211,7 @@ void AES_set_key(AES_CTX *ctx, const uint8_t *key,
     for (i = words; i<ii; i++)
     {
         tmp = W[i-1];
+
         if ((i % words) == 0)
         {
             tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
@@ -221,6 +221,7 @@ void AES_set_key(AES_CTX *ctx, const uint8_t *key,
             tmp=tmp2^(((unsigned int)*ip)<<24);
             ip++;
         }
+
         if ((words == 8) && ((i % words) == 4))
         {
             tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
@@ -247,6 +248,7 @@ void AES_convert_key(AES_CTX *ctx)
 
     k = ctx->ks;
     k += 4;
+
     for (i=ctx->rounds*4; i>4; i--)
     {
         w= *k;
@@ -474,4 +476,3 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
 }
 
 #endif
-
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 156e940547..762a7ccbb2 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -81,7 +81,6 @@ typedef struct /**< A big integer "session" context. */
     bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
     bigint **g;                 /**< Used by sliding-window. */
     int window;                 /**< The size of the sliding window */
-
     int active_count;           /**< Number of active bigints. */
     int free_count;             /**< Number of free bigints. */
 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index fa3f09390c..4d5ebd4ab4 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file misc.c
- *
  * Some misc. routines to help things out
  */
 
@@ -310,4 +308,3 @@ void print_blob(const char *format,
 void print_blob(const char *format, const unsigned char *data,
         int size, ...) {}
 #endif
-
diff --git a/ssl/hmac.c b/ssl/hmac.c
index aaa499dd2c..8ac6ad3c1c 100644
--- a/ssl/hmac.c
+++ b/ssl/hmac.c
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file hmac.c
- *
  * HMAC implementation - This code was originally taken from RFC2104
  */
 
diff --git a/ssl/md5.c b/ssl/md5.c
index f2a2ded676..87dfa04ed7 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file md5.c
- *
  * This file implements the MD5 algorithm as defined in RFC1321
  */
 
@@ -49,26 +47,24 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
 static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
 static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
 
-static uint8_t PADDING[64] = {
-  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+static uint8_t PADDING[64] = 
+{
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 
-/* F, G, H and I are basic MD5 functions.
- */
+/* F, G, H and I are basic MD5 functions.  */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
 #define I(x, y, z) ((y) ^ ((x) | (~z)))
 
-/* ROTATE_LEFT rotates x left n bits.
- */
+/* ROTATE_LEFT rotates x left n bits.  */
 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
 
 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-   Rotation is separate from addition to prevent recomputation.
- */
+   Rotation is separate from addition to prevent recomputation.  */
 #define FF(a, b, c, d, x, s, ac) { \
     (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
     (a) = ROTATE_LEFT ((a), (s)); \
@@ -117,11 +113,10 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
 
     /* Update number of bits */
-    if ((ctx->count[0] += ((uint32_t)len << 3))
-            < ((uint32_t)len << 3))
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
         ctx->count[1]++;
-    ctx->count[1] += ((uint32_t)len >> 29);
 
+    ctx->count[1] += ((uint32_t)len >> 29);
     partLen = 64 - x;
 
     /* Transform as many times as possible.  */
@@ -131,7 +126,9 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
         MD5Transform(ctx->state, ctx->buffer);
 
         for (i = partLen; i + 63 < len; i += 64)
+        {
             MD5Transform(ctx->state, &msg[i]);
+        }
 
         x = 0;
     }
@@ -147,114 +144,110 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
  */
 void MD5Final(MD5_CTX *ctx, uint8_t *digest)
 {
-  uint8_t bits[8];
-  uint32_t x, padLen;
-
-  /* Save number of bits */
-  Encode(bits, ctx->count, 8);
-
-  /* Pad out to 56 mod 64.
-   */
-  x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
-  padLen = (x < 56) ? (56 - x) : (120 - x);
-  MD5Update(ctx, PADDING, padLen);
-  
-  /* Append length (before padding) */
-  MD5Update(ctx, bits, 8);
-
-  /* Store state in digest */
-  Encode(digest, ctx->state, MD5_SIZE);
+    uint8_t bits[8];
+    uint32_t x, padlen;
+
+    /* save number of bits */
+    encode(bits, ctx->count, 8);
+
+    /* pad out to 56 mod 64.  */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+    padlen = (x < 56) ? (56 - x) : (120 - x);
+    md5update(ctx, padding, padlen);
+
+    /* append length (before padding) */
+    md5update(ctx, bits, 8);
+
+    /* store state in digest */
+    encode(digest, ctx->state, md5_size);
 }
 
 /**
- * MD5 basic transformation. Transforms state based on block.
+ * md5 basic transformation. transforms state based on block.
  */
-static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+static void md5transform(uint32_t state[4], const uint8_t block[64])
 {
-  uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[MD5_SIZE];
-  
-  Decode(x, block, 64);
-
-  /* Round 1 */
-  FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
-  FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
-  FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
-  FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
-  FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
-  FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
-  FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
-  FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
-  FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
-  FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
-  FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-  FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-  FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-  FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-  FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-  FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-  /* Round 2 */
-  GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
-  GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
-  GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-  GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
-  GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
-  GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
-  GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-  GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
-  GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
-  GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-  GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
-  GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
-  GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
-  GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
-  GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
-  GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
-  /* Round 3 */
-  HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
-  HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
-  HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-  HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-  HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
-  HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
-  HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
-  HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-  HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-  HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
-  HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
-  HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
-  HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
-  HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-  HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-  HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
-  /* Round 4 */
-  II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
-  II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
-  II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-  II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
-  II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-  II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
-  II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-  II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
-  II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
-  II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-  II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
-  II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-  II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
-  II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-  II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
-  II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
-  state[0] += a;
-  state[1] += b;
-  state[2] += c;
-  state[3] += d;
-  
-  /* Zeroize sensitive information.
-   */
-  memset(x, 0, sizeof(x));
+    uint32_t a = state[0], b = state[1], c = state[2], 
+             d = state[3], x[md5_size];
+
+    decode(x, block, 64);
+
+    /* round 1 */
+    ff(a, b, c, d, x[ 0], s11, 0xd76aa478); /* 1 */
+    ff(d, a, b, c, x[ 1], s12, 0xe8c7b756); /* 2 */
+    ff(c, d, a, b, x[ 2], s13, 0x242070db); /* 3 */
+    ff(b, c, d, a, x[ 3], s14, 0xc1bdceee); /* 4 */
+    ff(a, b, c, d, x[ 4], s11, 0xf57c0faf); /* 5 */
+    ff(d, a, b, c, x[ 5], s12, 0x4787c62a); /* 6 */
+    ff(c, d, a, b, x[ 6], s13, 0xa8304613); /* 7 */
+    ff(b, c, d, a, x[ 7], s14, 0xfd469501); /* 8 */
+    ff(a, b, c, d, x[ 8], s11, 0x698098d8); /* 9 */
+    ff(d, a, b, c, x[ 9], s12, 0x8b44f7af); /* 10 */
+    ff(c, d, a, b, x[10], s13, 0xffff5bb1); /* 11 */
+    ff(b, c, d, a, x[11], s14, 0x895cd7be); /* 12 */
+    ff(a, b, c, d, x[12], s11, 0x6b901122); /* 13 */
+    ff(d, a, b, c, x[13], s12, 0xfd987193); /* 14 */
+    ff(c, d, a, b, x[14], s13, 0xa679438e); /* 15 */
+    ff(b, c, d, a, x[15], s14, 0x49b40821); /* 16 */
+
+    /* round 2 */
+    gg(a, b, c, d, x[ 1], s21, 0xf61e2562); /* 17 */
+    gg(d, a, b, c, x[ 6], s22, 0xc040b340); /* 18 */
+    gg(c, d, a, b, x[11], s23, 0x265e5a51); /* 19 */
+    gg(b, c, d, a, x[ 0], s24, 0xe9b6c7aa); /* 20 */
+    gg(a, b, c, d, x[ 5], s21, 0xd62f105d); /* 21 */
+    gg(d, a, b, c, x[10], s22,  0x2441453); /* 22 */
+    gg(c, d, a, b, x[15], s23, 0xd8a1e681); /* 23 */
+    gg(b, c, d, a, x[ 4], s24, 0xe7d3fbc8); /* 24 */
+    gg(a, b, c, d, x[ 9], s21, 0x21e1cde6); /* 25 */
+    gg(d, a, b, c, x[14], s22, 0xc33707d6); /* 26 */
+    gg(c, d, a, b, x[ 3], s23, 0xf4d50d87); /* 27 */
+    gg(b, c, d, a, x[ 8], s24, 0x455a14ed); /* 28 */
+    gg(a, b, c, d, x[13], s21, 0xa9e3e905); /* 29 */
+    gg(d, a, b, c, x[ 2], s22, 0xfcefa3f8); /* 30 */
+    gg(c, d, a, b, x[ 7], s23, 0x676f02d9); /* 31 */
+    gg(b, c, d, a, x[12], s24, 0x8d2a4c8a); /* 32 */
+
+    /* round 3 */
+    hh(a, b, c, d, x[ 5], s31, 0xfffa3942); /* 33 */
+    hh(d, a, b, c, x[ 8], s32, 0x8771f681); /* 34 */
+    hh(c, d, a, b, x[11], s33, 0x6d9d6122); /* 35 */
+    hh(b, c, d, a, x[14], s34, 0xfde5380c); /* 36 */
+    hh(a, b, c, d, x[ 1], s31, 0xa4beea44); /* 37 */
+    hh(d, a, b, c, x[ 4], s32, 0x4bdecfa9); /* 38 */
+    hh(c, d, a, b, x[ 7], s33, 0xf6bb4b60); /* 39 */
+    hh(b, c, d, a, x[10], s34, 0xbebfbc70); /* 40 */
+    hh(a, b, c, d, x[13], s31, 0x289b7ec6); /* 41 */
+    hh(d, a, b, c, x[ 0], s32, 0xeaa127fa); /* 42 */
+    hh(c, d, a, b, x[ 3], s33, 0xd4ef3085); /* 43 */
+    hh(b, c, d, a, x[ 6], s34,  0x4881d05); /* 44 */
+    hh(a, b, c, d, x[ 9], s31, 0xd9d4d039); /* 45 */
+    hh(d, a, b, c, x[12], s32, 0xe6db99e5); /* 46 */
+    hh(c, d, a, b, x[15], s33, 0x1fa27cf8); /* 47 */
+    hh(b, c, d, a, x[ 2], s34, 0xc4ac5665); /* 48 */
+
+    /* round 4 */
+    ii(a, b, c, d, x[ 0], s41, 0xf4292244); /* 49 */
+    ii(d, a, b, c, x[ 7], s42, 0x432aff97); /* 50 */
+    ii(c, d, a, b, x[14], s43, 0xab9423a7); /* 51 */
+    ii(b, c, d, a, x[ 5], s44, 0xfc93a039); /* 52 */
+    ii(a, b, c, d, x[12], s41, 0x655b59c3); /* 53 */
+    ii(d, a, b, c, x[ 3], s42, 0x8f0ccc92); /* 54 */
+    ii(c, d, a, b, x[10], s43, 0xffeff47d); /* 55 */
+    ii(b, c, d, a, x[ 1], s44, 0x85845dd1); /* 56 */
+    ii(a, b, c, d, x[ 8], s41, 0x6fa87e4f); /* 57 */
+    ii(d, a, b, c, x[15], s42, 0xfe2ce6e0); /* 58 */
+    ii(c, d, a, b, x[ 6], s43, 0xa3014314); /* 59 */
+    ii(b, c, d, a, x[13], s44, 0x4e0811a1); /* 60 */
+    ii(a, b, c, d, x[ 4], s41, 0xf7537e82); /* 61 */
+    ii(d, a, b, c, x[11], s42, 0xbd3af235); /* 62 */
+    ii(c, d, a, b, x[ 2], s43, 0x2ad7d2bb); /* 63 */
+    ii(b, c, d, a, x[ 9], s44, 0xeb86d391); /* 64 */
+
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
 }
 
 /**
@@ -263,15 +256,15 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64])
  */
 static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
 {
-  uint32_t i, j;
-
-  for (i = 0, j = 0; j < len; i++, j += 4) 
-  {
-      output[j] = (uint8_t)(input[i] & 0xff);
-      output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
-      output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
-      output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
-  }
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4) 
+    {
+        output[j] = (uint8_t)(input[i] & 0xff);
+        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+    }
 }
 
 /**
@@ -280,9 +273,9 @@ static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
  */
 static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
 {
-  uint32_t i, j;
+    uint32_t i, j;
 
-  for (i = 0, j = 0; j < len; i++, j += 4)
-      output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
-          (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+    for (i = 0, j = 0; j < len; i++, j += 4)
+        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
 }
diff --git a/ssl/rc4.c b/ssl/rc4.c
index 661d027c98..884bcb534f 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -17,11 +17,8 @@
  */
 
 /**
- * @file rc4.c
- *
- * An implementation of the RC4/ARC4 algorithm
- *
- * Originally written by Christophe Devine
+ * An implementation of the RC4/ARC4 algorithm.
+ * Originally written by Christophe Devine.
  */
 
 #include <string.h>
@@ -47,7 +44,8 @@ void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
     {
         a = m[i];
         j = (uint8_t)(j + a + key[k]);
-        m[i] = m[j]; m[j] = a;
+        m[i] = m[j]; 
+        m[j] = a;
 
         if (++k >= length) 
         {
diff --git a/ssl/sha1.c b/ssl/sha1.c
index 80f311b18c..9a42801f25 100644
--- a/ssl/sha1.c
+++ b/ssl/sha1.c
@@ -17,8 +17,6 @@
  */
 
 /**
- * @file sha1.c
- * 
  * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
  * This code was originally taken from RFC3174
  */
@@ -179,7 +177,6 @@ static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
     ctx->Intermediate_Hash[2] += C;
     ctx->Intermediate_Hash[3] += D;
     ctx->Intermediate_Hash[4] += E;
-
     ctx->Message_Block_Index = 0;
 }
 
@@ -239,6 +236,5 @@ static void SHA1PadMessage(SHA1_CTX *ctx)
     ctx->Message_Block[61] = ctx->Length_Low >> 16;
     ctx->Message_Block[62] = ctx->Length_Low >> 8;
     ctx->Message_Block[63] = ctx->Length_Low;
-
     SHA1ProcessMessageBlock(ctx);
 }
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 2194235181..e27d911981 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -596,7 +596,8 @@ static void increment_write_sequence(SSL *ssl)
         if (++ssl->write_sequence[i])
             break;
     }                       
-}                           
+}
+
 /**
  * Work out the HMAC digest in a packet.
  */
@@ -674,7 +675,6 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
 
     ssl->record_buf[3] = hmac_offset >> 8;      /* insert size */
     ssl->record_buf[4] = hmac_offset & 0xff;
-
     add_hmac_digest(ssl, mode, buf, hmac_offset, hmac_buf);
 
     if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
@@ -974,7 +974,6 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         /* add the packet digest */
         msg_length += ssl->cipher_info->digest_size;
         ssl->bm_buf.index = msg_length;
-
         add_hmac_digest(ssl, mode, ssl->bm_buf.data, length, 
                                                 &ssl->bm_buf.data[length]);
 
@@ -1066,8 +1065,8 @@ static void set_key_block(SSL *ssl, int is_write)
     memcpy(server_key, q, ciph_info->key_size);
     q += ciph_info->key_size;
 
-#ifndef CONFIG_SSL_SKELETON_MODE /* RC4 has no IV */
-    if (ciph_info->iv_size)    
+#ifndef CONFIG_SSL_SKELETON_MODE 
+    if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
     {
         memcpy(client_iv, q, ciph_info->iv_size);
         q += ciph_info->iv_size;
@@ -1118,7 +1117,7 @@ static void set_key_block(SSL *ssl, int is_write)
  */
 int basic_read(SSL *ssl, uint8_t **in_data)
 {
-    int ret = SSL_OK, version = -1;
+    int ret = SSL_OK;
     int read_len, is_record;
     uint8_t *buf = ssl->bm_buf.data;
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
@@ -1165,17 +1164,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
             goto error; /* not an error - just get out of here */
         }
 
-        version = (buf[1] << 4) + buf[2];
         ssl->need_bytes = (buf[3] << 8) + buf[4];
-
-        /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-        if (version < 0x31) 
-        {
-            ret = SSL_ERROR_INVALID_VERSION;
-            ssl_display_error(ret);
-            goto error;
-        }
-
         CLR_SSL_FLAG(SSL_NEED_RECORD);
         memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
         is_record = 1;
@@ -1286,8 +1275,7 @@ static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
     ssl->bm_buf.index = hs_len; /* store the size and check later */
     DISPLAY_STATE(ssl, 0, handshake_type, 0);
 
-    if (handshake_type != HS_CERT_VERIFY &&
-            handshake_type != HS_HELLO_REQUEST)
+    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
     {
         add_packet(ssl, buf, hs_len); 
     }
@@ -1338,19 +1326,19 @@ int send_finished(SSL *ssl)
 
     /* now add the finished digest mac (12 bytes) */
     finished_digest(ssl, 
-        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
                     client_finished : server_finished, &buf[4]);
 
 #ifndef CONFIG_SSL_SKELETON_MODE
     /* store in the session cache */
     if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
     {
-        memcpy(ssl->session->master_secret, 
+        memcpy(ssl->session->master_secret,
                 ssl->master_secret, SSL_SECRET_SIZE);
     }
 #endif
 
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
                                 NULL, SSL_FINISHED_HASH_SIZE+4);
 }
 
@@ -1421,7 +1409,6 @@ int send_alert(SSL *ssl, int error_code)
 
     buf[0] = is_warning ? 1 : 2;
     buf[1] = alert_num;
-
     send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
     DISPLAY_ALERT(ssl, alert_num);
     return is_warning ? 0 : 1;
@@ -1505,7 +1492,6 @@ int send_certificate(SSL *ssl)
     chain_length += 3;
     buf[2] = chain_length >> 8;        /* handshake length */
     buf[3] = chain_length & 0xff;
-
     ssl->bm_buf.index = offset;
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }
@@ -1516,8 +1502,7 @@ int send_certificate(SSL *ssl)
  * master secret from this session for session resumption.
  */
 SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl,
-        const uint8_t *session_id)
+        SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id)
 {
     time_t tm = time(NULL);
     time_t oldest_sess_time = tm;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index da6034be25..b9642b34eb 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -211,11 +211,12 @@ static int process_server_hello(SSL *ssl)
     uint8_t *buf = ssl->bm_buf.data;
     int pkt_size = ssl->bm_buf.index;
     int offset;
-    int ret = SSL_OK;
+    int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
+    int ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
-    if (buf[4] != 0x03 || buf[5] != 0x01)
+    if (version != 0x31)
     {
         return SSL_ERROR_INVALID_VERSION;
     }
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index b3505c2663..ad463def35 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -108,10 +108,20 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 static int process_client_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *record_buf = ssl->record_buf;
     int pkt_size = ssl->bm_buf.index;
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int version = (record_buf[1] << 4) + record_buf[2];
     int ret = SSL_OK;
     
+    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
+    if (version < 0x31) 
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
     memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
 
     /* process the session id */
@@ -174,8 +184,8 @@ int process_sslv23_client_hello(SSL *ssl)
 
     DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
     
-    /* must be 3.1 (TLSv1) */
-    if (version != 0x31)
+    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
+    if (version < 0x31)
     {
         return SSL_ERROR_INVALID_VERSION;
     }

From e146dbca4f57360037f718f17448025a58953d21 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 2 Dec 2006 03:26:43 +0000
Subject: [PATCH 039/301] fixed valgrind initialisation issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@47 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.c      |   2 +-
 ssl/crypto_misc.c |   2 +-
 ssl/md5.c         | 185 +++++++++++++++++++++++-----------------------
 3 files changed, 95 insertions(+), 94 deletions(-)

diff --git a/ssl/bigint.c b/ssl/bigint.c
index 24e6a53f86..b525069a33 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -1068,7 +1068,7 @@ static bigint *alloc(BI_CTX *ctx, int size)
     {
         /* No free bigints available - create a new one. */
         biR = (bigint *)malloc(sizeof(bigint));
-        biR->comps = (comp*) malloc(size * COMP_BYTE_SIZE);
+        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
         biR->max_comps = size;  /* give some space to spare */
     }
 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 4d5ebd4ab4..2455e27c05 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -50,7 +50,7 @@ const char * const unsupported_str = "Error: feature not supported\n";
 BUF_MEM buf_new()
 {
     BUF_MEM bm;
-    bm.pre_data = (uint8_t *)malloc(2048); /* should be enough to start with */
+    bm.pre_data = (uint8_t *)calloc(1, 2048); /* start with this */
     bm.data = bm.pre_data+BM_RECORD_OFFSET; /* some space at the start */
     bm.max_len = 2048-BM_RECORD_OFFSET;
     bm.index = 0;
diff --git a/ssl/md5.c b/ssl/md5.c
index 87dfa04ed7..b069011b77 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -54,7 +54,8 @@ static uint8_t PADDING[64] =
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 
-/* F, G, H and I are basic MD5 functions.  */
+/* F, G, H and I are basic MD5 functions.
+ */
 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
 #define H(x, y, z) ((x) ^ (y) ^ (z))
@@ -113,10 +114,11 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
 
     /* Update number of bits */
-    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
+    if ((ctx->count[0] += ((uint32_t)len << 3))
+            < ((uint32_t)len << 3))
         ctx->count[1]++;
-
     ctx->count[1] += ((uint32_t)len >> 29);
+
     partLen = 64 - x;
 
     /* Transform as many times as possible.  */
@@ -126,9 +128,7 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
         MD5Transform(ctx->state, ctx->buffer);
 
         for (i = partLen; i + 63 < len; i += 64)
-        {
             MD5Transform(ctx->state, &msg[i]);
-        }
 
         x = 0;
     }
@@ -145,104 +145,105 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
 void MD5Final(MD5_CTX *ctx, uint8_t *digest)
 {
     uint8_t bits[8];
-    uint32_t x, padlen;
+    uint32_t x, padLen;
 
-    /* save number of bits */
-    encode(bits, ctx->count, 8);
+    /* Save number of bits */
+    Encode(bits, ctx->count, 8);
 
-    /* pad out to 56 mod 64.  */
+    /* Pad out to 56 mod 64.
+     */
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
-    padlen = (x < 56) ? (56 - x) : (120 - x);
-    md5update(ctx, padding, padlen);
+    padLen = (x < 56) ? (56 - x) : (120 - x);
+    MD5Update(ctx, PADDING, padLen);
 
-    /* append length (before padding) */
-    md5update(ctx, bits, 8);
+    /* Append length (before padding) */
+    MD5Update(ctx, bits, 8);
 
-    /* store state in digest */
-    encode(digest, ctx->state, md5_size);
+    /* Store state in digest */
+    Encode(digest, ctx->state, MD5_SIZE);
 }
 
 /**
- * md5 basic transformation. transforms state based on block.
+ * MD5 basic transformation. Transforms state based on block.
  */
-static void md5transform(uint32_t state[4], const uint8_t block[64])
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
 {
     uint32_t a = state[0], b = state[1], c = state[2], 
-             d = state[3], x[md5_size];
-
-    decode(x, block, 64);
-
-    /* round 1 */
-    ff(a, b, c, d, x[ 0], s11, 0xd76aa478); /* 1 */
-    ff(d, a, b, c, x[ 1], s12, 0xe8c7b756); /* 2 */
-    ff(c, d, a, b, x[ 2], s13, 0x242070db); /* 3 */
-    ff(b, c, d, a, x[ 3], s14, 0xc1bdceee); /* 4 */
-    ff(a, b, c, d, x[ 4], s11, 0xf57c0faf); /* 5 */
-    ff(d, a, b, c, x[ 5], s12, 0x4787c62a); /* 6 */
-    ff(c, d, a, b, x[ 6], s13, 0xa8304613); /* 7 */
-    ff(b, c, d, a, x[ 7], s14, 0xfd469501); /* 8 */
-    ff(a, b, c, d, x[ 8], s11, 0x698098d8); /* 9 */
-    ff(d, a, b, c, x[ 9], s12, 0x8b44f7af); /* 10 */
-    ff(c, d, a, b, x[10], s13, 0xffff5bb1); /* 11 */
-    ff(b, c, d, a, x[11], s14, 0x895cd7be); /* 12 */
-    ff(a, b, c, d, x[12], s11, 0x6b901122); /* 13 */
-    ff(d, a, b, c, x[13], s12, 0xfd987193); /* 14 */
-    ff(c, d, a, b, x[14], s13, 0xa679438e); /* 15 */
-    ff(b, c, d, a, x[15], s14, 0x49b40821); /* 16 */
-
-    /* round 2 */
-    gg(a, b, c, d, x[ 1], s21, 0xf61e2562); /* 17 */
-    gg(d, a, b, c, x[ 6], s22, 0xc040b340); /* 18 */
-    gg(c, d, a, b, x[11], s23, 0x265e5a51); /* 19 */
-    gg(b, c, d, a, x[ 0], s24, 0xe9b6c7aa); /* 20 */
-    gg(a, b, c, d, x[ 5], s21, 0xd62f105d); /* 21 */
-    gg(d, a, b, c, x[10], s22,  0x2441453); /* 22 */
-    gg(c, d, a, b, x[15], s23, 0xd8a1e681); /* 23 */
-    gg(b, c, d, a, x[ 4], s24, 0xe7d3fbc8); /* 24 */
-    gg(a, b, c, d, x[ 9], s21, 0x21e1cde6); /* 25 */
-    gg(d, a, b, c, x[14], s22, 0xc33707d6); /* 26 */
-    gg(c, d, a, b, x[ 3], s23, 0xf4d50d87); /* 27 */
-    gg(b, c, d, a, x[ 8], s24, 0x455a14ed); /* 28 */
-    gg(a, b, c, d, x[13], s21, 0xa9e3e905); /* 29 */
-    gg(d, a, b, c, x[ 2], s22, 0xfcefa3f8); /* 30 */
-    gg(c, d, a, b, x[ 7], s23, 0x676f02d9); /* 31 */
-    gg(b, c, d, a, x[12], s24, 0x8d2a4c8a); /* 32 */
-
-    /* round 3 */
-    hh(a, b, c, d, x[ 5], s31, 0xfffa3942); /* 33 */
-    hh(d, a, b, c, x[ 8], s32, 0x8771f681); /* 34 */
-    hh(c, d, a, b, x[11], s33, 0x6d9d6122); /* 35 */
-    hh(b, c, d, a, x[14], s34, 0xfde5380c); /* 36 */
-    hh(a, b, c, d, x[ 1], s31, 0xa4beea44); /* 37 */
-    hh(d, a, b, c, x[ 4], s32, 0x4bdecfa9); /* 38 */
-    hh(c, d, a, b, x[ 7], s33, 0xf6bb4b60); /* 39 */
-    hh(b, c, d, a, x[10], s34, 0xbebfbc70); /* 40 */
-    hh(a, b, c, d, x[13], s31, 0x289b7ec6); /* 41 */
-    hh(d, a, b, c, x[ 0], s32, 0xeaa127fa); /* 42 */
-    hh(c, d, a, b, x[ 3], s33, 0xd4ef3085); /* 43 */
-    hh(b, c, d, a, x[ 6], s34,  0x4881d05); /* 44 */
-    hh(a, b, c, d, x[ 9], s31, 0xd9d4d039); /* 45 */
-    hh(d, a, b, c, x[12], s32, 0xe6db99e5); /* 46 */
-    hh(c, d, a, b, x[15], s33, 0x1fa27cf8); /* 47 */
-    hh(b, c, d, a, x[ 2], s34, 0xc4ac5665); /* 48 */
-
-    /* round 4 */
-    ii(a, b, c, d, x[ 0], s41, 0xf4292244); /* 49 */
-    ii(d, a, b, c, x[ 7], s42, 0x432aff97); /* 50 */
-    ii(c, d, a, b, x[14], s43, 0xab9423a7); /* 51 */
-    ii(b, c, d, a, x[ 5], s44, 0xfc93a039); /* 52 */
-    ii(a, b, c, d, x[12], s41, 0x655b59c3); /* 53 */
-    ii(d, a, b, c, x[ 3], s42, 0x8f0ccc92); /* 54 */
-    ii(c, d, a, b, x[10], s43, 0xffeff47d); /* 55 */
-    ii(b, c, d, a, x[ 1], s44, 0x85845dd1); /* 56 */
-    ii(a, b, c, d, x[ 8], s41, 0x6fa87e4f); /* 57 */
-    ii(d, a, b, c, x[15], s42, 0xfe2ce6e0); /* 58 */
-    ii(c, d, a, b, x[ 6], s43, 0xa3014314); /* 59 */
-    ii(b, c, d, a, x[13], s44, 0x4e0811a1); /* 60 */
-    ii(a, b, c, d, x[ 4], s41, 0xf7537e82); /* 61 */
-    ii(d, a, b, c, x[11], s42, 0xbd3af235); /* 62 */
-    ii(c, d, a, b, x[ 2], s43, 0x2ad7d2bb); /* 63 */
-    ii(b, c, d, a, x[ 9], s44, 0xeb86d391); /* 64 */
+             d = state[3], x[MD5_SIZE];
+
+    Decode(x, block, 64);
+
+    /* Round 1 */
+    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+    /* Round 2 */
+    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+    /* Round 3 */
+    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+    /* Round 4 */
+    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
 
     state[0] += a;
     state[1] += b;

From 396d3407781c49dc38302901124526d256f333a7 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Dec 2006 04:21:08 +0000
Subject: [PATCH 040/301] Make our cert/key more compact + fix small typo

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@50 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/csharp/axTLS.cs | 2 +-
 bindings/java/SSL.java   | 2 +-
 ssl/bigint.c             | 2 +-
 ssl/rc4.c                | 5 +++--
 ssl/ssl.h                | 4 ++--
 ssl/tls1.c               | 2 ++
 6 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index 78734e4366..9362fbae2a 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -88,7 +88,7 @@ public byte GetCipherId()
         /**
          * @brief Get the session id for a handshake. 
          * 
-         * This will be a 32 byte sequence and is availabile after the first
+         * This will be a 32 byte sequence and is available after the first
          * handshaking messages are sent.
          * @return The session id as a 32 byte sequence.
          * @note A SSLv23 handshake may have only 16 valid bytes.
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
index 53ddd95a25..a2dfd370b1 100644
--- a/bindings/java/SSL.java
+++ b/bindings/java/SSL.java
@@ -88,7 +88,7 @@ public byte getCipherId()
     /**
      * @brief Get the session id for a handshake. 
      * 
-     * This will be a 32 byte sequence and is availabile after the first
+     * This will be a 32 byte sequence and is available after the first
      * handshaking messages are sent.
      * @return The session id as a 32 byte sequence.
      * @note A SSLv23 handshake may have only 16 valid bytes.
diff --git a/ssl/bigint.c b/ssl/bigint.c
index b525069a33..55482f0a8e 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -134,7 +134,7 @@ void bi_terminate(BI_CTX *ctx)
  * @brief Increment the number of references to this object. 
  * It does not do a full copy.
  * @param bi [in]   The bigint to copy.
- * @return A referent to the same bigint.
+ * @return A reference to the same bigint.
  */
 bigint *bi_copy(bigint *bi)
 {
diff --git a/ssl/rc4.c b/ssl/rc4.c
index 884bcb534f..471e15ffc0 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -69,8 +69,9 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 
     for (i = 0; i < length; i++)
     {
-        x =(uint8_t)(x + 1); a = m[x];
-        y =(uint8_t)(y + a);
+        x = (uint8_t)(x + 1); 
+        a = m[x];
+        y = (uint8_t)(y + a);
         m[x] = b = m[y];
         m[y] = a;
         out[i] ^= m[(uint8_t)(a + b)];
diff --git a/ssl/ssl.h b/ssl/ssl.h
index b9dbb83209..d8ff953b15 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -165,7 +165,7 @@ extern "C" {
  * call to ssl_verify_cert().
  * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
  * i.e. each handshake will include a "certificate request" message from the
- * server. Only availabile if verification has been enabled.
+ * server. Only available if verification has been enabled.
  * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user will
  * load the key/certificate explicitly.
  * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
@@ -272,7 +272,7 @@ EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd);
 /**
  * @brief Get the session id for a handshake. 
  * 
- * This will be a 32 byte sequence and is availabile after the first
+ * This will be a 32 byte sequence and is available after the first
  * handshaking messages are sent.
  * @param ssl [in] An SSL object reference.
  * @return The session id as a 32 byte sequence.
diff --git a/ssl/tls1.c b/ssl/tls1.c
index e27d911981..b6ba0c68b7 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -28,7 +28,9 @@
 
 /* Don't import the default key/certificate if not used */
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+static const    /* saves a few bytes and RAM */
 #include "cert.h"
+static const    /* saves a few more bytes */
 #include "private_key.h"
 #endif
          

From 8213b750a1f9a4206d712cb93fb5d4fd0c5b8411 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Dec 2006 06:32:30 +0000
Subject: [PATCH 041/301] Forked off Anti-Web and made axhttpd

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@51 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                            |    7 +-
 README                              |   11 +-
 config/Config.in                    |    4 +-
 config/JMeter.jmx                   |    2 +-
 config/{awhttpd.aip => axhttpd.aip} |    8 +-
 config/linuxconfig                  |    3 +-
 config/win32config                  |    3 +-
 httpd/Config.in                     |   22 +-
 httpd/Makefile                      |   28 +-
 httpd/README                        |    6 +
 httpd/awhttpd-3.0.7.tar             |  Bin 194560 -> 0 bytes
 httpd/awhttpd.patch                 | 2371 ---------------------------
 httpd/axhttp.h                      |  164 ++
 httpd/conn.c                        |  121 ++
 httpd/main.c                        |  323 ++++
 httpd/mime_types.c                  |  190 +++
 httpd/misc.c                        |  268 +++
 httpd/net.c                         |  176 ++
 httpd/proc.c                        |  780 +++++++++
 httpd/socket.c                      |  129 ++
 20 files changed, 2184 insertions(+), 2432 deletions(-)
 rename config/{awhttpd.aip => axhttpd.aip} (97%)
 create mode 100644 httpd/README
 delete mode 100644 httpd/awhttpd-3.0.7.tar
 delete mode 100644 httpd/awhttpd.patch
 create mode 100644 httpd/axhttp.h
 create mode 100644 httpd/conn.c
 create mode 100644 httpd/main.c
 create mode 100644 httpd/mime_types.c
 create mode 100644 httpd/misc.c
 create mode 100644 httpd/net.c
 create mode 100644 httpd/proc.c
 create mode 100644 httpd/socket.c

diff --git a/Makefile b/Makefile
index 1ebdcfc012..f4c2c86e8b 100644
--- a/Makefile
+++ b/Makefile
@@ -34,8 +34,7 @@ RELEASE=axTLS-$(VERSION)
 # standard version
 target:
 	$(MAKE) -C ssl
-ifdef CONFIG_AWHTTPD
-	$(MAKE) -C httpd untar_web_server
+ifdef CONFIG_AXHTTPD
 	$(MAKE) -C httpd
 endif
 ifdef CONFIG_BINDINGS
@@ -72,12 +71,12 @@ install: $(PREFIX) all
 	chmod 755 $(PREFIX)/lib/libax* 
 	-@install -m 755 $(STAGE)/ax* $(PREFIX)/bin > /dev/null 2>&1
 	-@install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` > /dev/null 2>&1
-	-@install -m 755 $(STAGE)/awhttpd* $(PREFIX)/bin > /dev/null 2>&1
+	-@install -m 755 $(STAGE)/axhttpd* $(PREFIX)/bin > /dev/null 2>&1
 
 installclean:
 	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
 	-@rm $(PREFIX)/bin/ax* > /dev/null 2>&1
-	-@rm $(PREFIX)/bin/awhttpd* > /dev/null 2>&1
+	-@rm $(PREFIX)/bin/axhttpd* > /dev/null 2>&1
 	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm > /dev/null 2>&1
 
 test:
diff --git a/README b/README
index 2e4d492bbb..db35888d79 100644
--- a/README
+++ b/README
@@ -9,7 +9,7 @@ This is a guide to get a small SSL web-server up and running quickly.
 ########################################################################
 The axTLS project is an SSL client/server library using the TLSv1 protocol. 
 It is designed to be small and fast, and is suited to embedded projects. A web
-server is included (called Anti-Web).
+server is included.
 
 The web server + SSL library is around 50-60kB and is configurable for
 features or size.
@@ -32,8 +32,8 @@ the extracted directory and typing:
 Select your platform type, save the configuration, exit, and then 
 type "make" again.
 
-If all goes well, you should end up with an executable called "awhttpd" (or
-awhttpd.exe) in the _stage directory.
+If all goes well, you should end up with an executable called "axhttpd" (or
+axhttpd.exe) in the _stage directory.
 
 To play with all the various axTLS options, type:
 
@@ -47,7 +47,7 @@ Save the new configuration and rebuild.
 
 To run it, go to the _stage directory, and type (as superuser):
 
-> awhttpd
+> axhttpd
 
 And then point your browser at:
 
@@ -61,9 +61,6 @@ http://127.0.0.1
 
 to see the same page unencrypted.
 
-See the README in the httpd directory from more configuration information on
-Anti-Web.
-
 ########################################################################
 # The axssl utilities
 ########################################################################
diff --git a/config/Config.in b/config/Config.in
index 14de5c8f28..de1808d8e4 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -107,11 +107,11 @@ config CONFIG_EXTRA_LDFLAGS_OPTIONS
 endmenu
 
 source ssl/Config.in
-config CONFIG_AWHTTPD
+config CONFIG_AXHTTPD
     bool "Enable HTTP/HTTPS Web Server"
     default y
     help
-        Build the AWHTTPD web server
+        Build the AXHTTPD web server
 
 source httpd/Config.in
 source bindings/Config.in
diff --git a/config/JMeter.jmx b/config/JMeter.jmx
index 5070760b05..f62c03f0ee 100755
--- a/config/JMeter.jmx
+++ b/config/JMeter.jmx
@@ -1,6 +1,6 @@
 <jmeterTestPlan version="1.2" properties="1.8">
   <hashTree>
-    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="awhttpd Test Plan" enabled="true">
+    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="axhttpd Test Plan" enabled="true">
       <elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
         <collectionProp name="Arguments.arguments"/>
       </elementProp>
diff --git a/config/awhttpd.aip b/config/axhttpd.aip
similarity index 97%
rename from config/awhttpd.aip
rename to config/axhttpd.aip
index a460ecbf20..a1806c0c0e 100755
--- a/config/awhttpd.aip
+++ b/config/axhttpd.aip
@@ -37,7 +37,7 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
     <ROW Component="New_Folder" ComponentId="{2AD064CD-A20E-40FD-9233-CF8732C8F54D}" Directory_="New_Folder_2_DIR" Attributes="0"/>
-    <ROW Component="awhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="awhttpd.exe" FullKeyPath="APPDIR\awhttpd.exe"/>
+    <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
     <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
     <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
     <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
@@ -59,12 +59,12 @@
     <ROW Component="wcprops" ComponentId="{4106AB01-565E-4281-97AE-96EC1F865899}" Directory_="wcprops_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="awhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
     <ROW File="README.txt" Component_="dir_wcprops" FileName="README.txt" Attributes="1" SourcePath="..\www\crypto_files\.svn\README.txt" SelfReg="false" Sequence="43"/>
-    <ROW File="awhttpd.exe" Component_="awhttpd.exe" FileName="awhttpd.exe" Attributes="0" SourcePath="..\_stage\awhttpd.exe" SelfReg="false" Sequence="1"/>
+    <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
     <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
     <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
     <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\_stage\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
@@ -199,7 +199,7 @@
     <ATTRIBUTE name="Package" value="1"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
-    <ROW Shortcut="awhttpd.exe" Directory_="SHORTCUTDIR" Name="awhttpd" Component_="awhttpd.exe" Target="[#awhttpd.exe]" Description="awhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axhttpd.exe" Directory_="SHORTCUTDIR" Name="axhttpd" Component_="axhttpd.exe" Target="[#axhttpd.exe]" Description="axhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
     <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
     <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
   </COMPONENT>
diff --git a/config/linuxconfig b/config/linuxconfig
index 79a3591a3a..44e5226ea8 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -43,9 +43,8 @@ CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
 # CONFIG_PERFORMANCE_TESTING is not set
 # CONFIG_SSL_TEST is not set
-# CONFIG_AWHTTPD is not set
+# CONFIG_AXHTTPD is not set
 # CONFIG_HTTP_STATIC_BUILD is not set
-# CONFIG_HTTP_HAS_SSL is not set
 CONFIG_HTTP_HTTPS_PORT=0
 CONFIG_HTTP_SESSION_CACHE_SIZE=0
 CONFIG_HTTP_WEBROOT=""
diff --git a/config/win32config b/config/win32config
index fe94084f5a..ed7efe96f4 100644
--- a/config/win32config
+++ b/config/win32config
@@ -47,13 +47,12 @@ CONFIG_SSL_MAX_CERTS=2
 CONFIG_WIN32_USE_CRYPTO_LIB=y
 # CONFIG_PERFORMANCE_TESTING is not set
 # CONFIG_SSL_TEST is not set
-CONFIG_AWHTTPD=y
+CONFIG_AXHTTPD=y
 
 #
 # Awhttpd Configuration
 #
 # CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_HAS_SSL=y
 CONFIG_HTTP_HTTPS_PORT=443
 CONFIG_HTTP_WEBROOT="www"
 CONFIG_HTTP_PORT=80
diff --git a/httpd/Config.in b/httpd/Config.in
index 73e304cabf..f720e4eea1 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -3,26 +3,19 @@
 # see scripts/config/Kconfig-language.txt
 #
 
-menu "Awhttpd Configuration"
-depends on CONFIG_AWHTTPD
+menu "Axhttpd Configuration"
+depends on CONFIG_AXHTTPD
 
 config CONFIG_HTTP_STATIC_BUILD
     bool "Static Build"
     default n
     help
-        Select y if you want awhttp to be a static build (i.e. don't use the
+        Select y if you want axhttp to be a static build (i.e. don't use the
         axtls shared library or dll).
         
-config CONFIG_HTTP_HAS_SSL
-    bool "Use SSL"
-    default y
-    help
-        Build the HTTP server with SSL capability
-
 config CONFIG_HTTP_HTTPS_PORT
     int "HTTPS port"
     default 443
-    depends on CONFIG_HTTP_HAS_SSL
     help
         The port number of the HTTPS server.
 
@@ -31,7 +24,6 @@ config CONFIG_HTTP_HTTPS_PORT
 config CONFIG_HTTP_SESSION_CACHE_SIZE
     int "SSL session cache size"
     default 5
-    depends on CONFIG_HTTP_HAS_SSL
     help
         The size of the SSL session cache.
         
@@ -44,7 +36,7 @@ config CONFIG_HTTP_WEBROOT
     default "../www" if !CONFIG_PLATFORM_WIN32
     default "..\\www" if CONFIG_PLATFORM_WIN32
     help
-        The location of the web root in relation to awhttpd. This is 
+        The location of the web root in relation to axhttpd. This is 
         the directory where index.html lives.
 
 config CONFIG_HTTP_PORT
@@ -72,7 +64,7 @@ config CONFIG_HTTP_CGI_EXTENSION
     default ".php"
     depends on CONFIG_HTTP_HAS_CGI
     help
-        Tell awhhtp what file extension is used for CGI
+        Tell axhhtp what file extension is used for CGI
 
 config CONFIG_HTTP_DIRECTORIES
     bool "Enable Directory Listing"
@@ -101,14 +93,14 @@ config CONFIG_HTTP_VERBOSE
     default y if CONFIG_SSL_FULL_MODE
     default n if !CONFIG_SSL_FULL_MODE
     help
-        Enable extra statements used when using awhttpd.
+        Enable extra statements used when using axhttpd.
 
 config CONFIG_HTTP_IS_DAEMON
     bool "Run as a daemon"
     default n
     depends on !CONFIG_PLATFORM_WIN32
     help 
-        Run awhttpd as a background process.
+        Run axhttpd as a background process.
 
         Does not work under Win32
 
diff --git a/httpd/Makefile b/httpd/Makefile
index 22b8d0ff23..b676c8f9e4 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -24,9 +24,9 @@ include ../config/makefile.conf
 ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../$(STAGE)/awhttpd.exe
+TARGET=../$(STAGE)/axhttpd.exe
 else
-TARGET=../$(STAGE)/awhttpd
+TARGET=../$(STAGE)/axhttpd
 endif
 
 ifdef CONFIG_HTTP_STATIC_BUILD
@@ -38,7 +38,7 @@ endif
 CFLAGS += -I../ssl
 
 else # win32 build
-TARGET=../$(STAGE)/awhttpd.exe
+TARGET=../$(STAGE)/axhttpd.exe
 
 ifdef CONFIG_HTTP_STATIC_BUILD
 LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
@@ -51,31 +51,16 @@ ifndef CONFIG_AWHTTPD
 web_server:
 else
 
-untar_web_server: awhttpd/Makefile
-
-awhttpd/Makefile:
-	tar xvf awhttpd-3.0.7.tar
-	cat awhttpd.patch | patch -p0
-
 web_server : $(TARGET)
 
 OBJ= \
-    cgi.o \
 	conn.o \
 	main.o \
 	net.o \
 	proc.o \
 	socket.o \
-	errors.o \
 	misc.o \
-	urldecode.o \
-	mime_types.o \
-	index.o \
-	urlencode.o \
-    permcheck.o
-
-%.o : awhttpd/%.c ../config/.config
-	$(CC) -c $(CFLAGS) $< 
+	mime_types.o
 
 ifndef CONFIG_PLATFORM_WIN32
 
@@ -91,10 +76,6 @@ endif
 endif
 else    # Win32
 
-OBJ:=$(OBJ:.o=.obj)
-%.obj : awhttpd/%.c
-	$(CC) $(CFLAGS) $< 
-
 $(TARGET): $(OBJ)
 ifdef CONFIG_HTTP_NO_SSL
 	$(LD) $(LDFLAGS) /out:$@ $(OBJ)
@@ -106,5 +87,4 @@ endif       # CONFIG_AWHTTPD
 
 clean::
 	-@rm -f $(TARGET)*
-	-@rm -fr awhttpd
 
diff --git a/httpd/README b/httpd/README
new file mode 100644
index 0000000000..cb42bfd66f
--- /dev/null
+++ b/httpd/README
@@ -0,0 +1,6 @@
+
+axhttpd is a small embedded web server using the axTLS library. 
+
+It is based quite closely on the web server written by Doug Currie (original
+version is here: http://www.hcsw.org/awhttpd).
+
diff --git a/httpd/awhttpd-3.0.7.tar b/httpd/awhttpd-3.0.7.tar
deleted file mode 100644
index 79105fbe196f7f57ab442485351d5b69b4d87e2f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 194560
zcmeFaYkM2Vk-wd{!S(+TV>*dQnP=*d$g*}JijtU6BtueGyml__5Ezh%Kmfsk2Rqr1
z{k(qeUsd-U0FaawX*atOuf!r}daApttLxm=>BZ@2)Nii*;uHR?^7HWi{a^6U+Qa*+
z<$v``KfhR8-FWce{=>D6^#{LLU0c8RVD%Tt{ZBZi9Q1fNN(V{ui)L?pl0TgB%Wdy{
z9yU3f&<qg&jE~Z={`J>KFZT`(Kgke<j|cbemDfGefxTMYxEI#{!NWDRTidw5@!%K9
z>L(e^1kiu+^{;nF?WH%_aZ(?TPJ4r4?Y|~|YPF-&_Audpqth&D^v?R7Y?LLP_HdN+
zTJ|u9@$%?s|5?%>^!}1HMoBX}&pN$+HW)4^+pXI6o%1Yd^#&)s(J1RCSG{p^nhmnW
zq&>PbOpdcgIv!>Md3KfbF1ks(tIp`F+sKxa{Z5wh`YdgCYG+xJcALreolYldwJ#Y1
zqpKg*_m`8UXKdqIt)_pHm%S@SI{$o-Hb!X&fXT4Ox5M6e(6FhTW!=$mQ3F0sk2_Zj
zQ<I;-#WjD{UZubW%E=%-JIe+(I!4+Z@&9bFoYcElNjJMlT3I?84>GzuW_S!e8?Fqp
zes7>rFk2f>ZFt%ncbZ@%88W_P)Jsm=XS5y+N6WR^L6(BjFw)xopm*MGX3gY0?Tnd2
zmW;CDsNFrWF+`Bb#VHuCzez4qRua^X^iM18Hm-p9AE~W+ZL`-M4cf=!5#Z9KJ3c#R
zDy&C89W_of`w$T6C^=_I+r4hGzP!fVN-eX?M%L*t=vtg9bn=cdK{>CsUu`9$tG;Hh
z)q8!g1BEntO&jchB^~9x`;=+d>2*(P7wyq$bwJqwIyz(cP6%-D<94S#x{5<(QhTpA
zg`?WuyR@60q}}9ow{7F5)n<=Do<PIdD1jbCc8st+NDjx{y~E_V2TAo3EsJo*uW7eO
zgF$WFh1!N!!%=od7ccgnKHb?mj6_p=I)La-?HiW9XR{t=jqyMu8}@snPFt@TI<sj(
z4rlEy$Oa!5r|rh6El$=IjGDR!$>X%i46UsVptPkltn4xcgrgTk+U{c5?3hs-dOz)T
zvf*;=b(bDT<8C_YWLJwx7<H01&)dV^;L5s<+q!d=w9*dv&<c&akZP6=Sp4R4a+qbc
z!>!HN2ir&AG5J>+?4sFjB&|X33<5tHT=mn&J1}|}rX2Bd&8E@g+99KLa?>8{WM_#j
zc4R2<g~QE*?fs+e-4{vLJ<((#Uu}0b&}fkUHJ?TeLS?bmm)9BGMt#4&QIC7%+icKo
zwIS*_X29m_64Bs9IqouFmRcJ?E96)YV;edpikRt12p64o(pGZVI2~uuV|QZCY}UVy
z*^j`}SFd-s_xHAUk0Ku^FML~kRr{Z|Oi}aDOrEF5gEnOTDjl@5D)ic+nAzDF%IRjA
zc!05-tZVxsZdxs5n!Ia6@dF`E{L+>zK(1Bxvv>LmYD}|E@^m~nfu*&o{c7FboVH;#
z?AYwAZ`?)%TkMyY`>+4Bm_#tm_OQ`o@8wvH__W2Y#l>c}e@NTOZaaejE0`?E#P^|b
zPmol9qm^t7+CGLrAfr>J)G!w6B1NcgrrBAqt9{iNq{CDCs&`-tuf~G`9IG<H+D@<c
zPE5%*@&3zw+p(olZZ$8`K{I*N8+6mihy#(=p7+Lv@G3cLoSQG}2ZvinNsqz8JB=fc
zhsOLmqYO}pD$qU{W(b4YJkv9=){xZuecDgE>_wRS<!FJyAC9vADUU=K;?3;}zT#kB
zW}Ut|VAky9UI+Pm4juKzLl$c|Y)f1eyt6$VLaV||_XN3}JRP**o1+P;D{tCvlARr=
z0}yKSC_q7Hz}ZK350br8C=Y_F;20?TJ@5-j^u~xdEg8#%6p)1K_Sm0rvGe%_?FFsh
zVXwo;hlrEofwscXIMgW<%$l`0IZ>b?)OFfqLo+ul<~;lNS*w+7vDL~8S9?~b(3~}h
zf2w~8Jr>nFOHKv|arh)Jgi<3E$z`AI=5q34kfQf=rtl`rjZaRT9Uxz`i$zJ&E6JbM
z7){2NgGb36^BJFIa{x6pW)mW9qbH^B(qt~1n?R&5c5PF`vK?jvWNUSsy$dZgQp|ay
zOBs-uo})#XvH&3pyUcLd9*LbDo%YUHffqkqwjPXrT%PQ!b|{U6si!V#ZEJuATN`y1
z1Tm0arC=UVTWAqe$SA=XwfjkWEGm!?LX1PO3`;CzIXPl*YQUfaA+*GJ_V*5s>QA?K
zTonDD=Fd@G>F6Y2>Bk?l=4?a>T}AIua8y~sgp3qX3{WWFuxt9h(#`e&jaJf9dM`r^
zvY^p}e>6l6Qb<5Q;!#`Z4I3KTuXoNe8&-wf!uI^Hn)WB(MDjJ|v@sYrB)p5w<ohxR
z#y0@pZ8yO9FnNly&>l@JQFU&k0WyWr1rjr%z>2fm(xxPaby*f6n=iJL;kd7*T&_)6
zN}vDyKZt>7|0AAuUu^wP*#B$mYik?W|LgZx*YW$T<3d^6xVN$P+5Z3UAh(U>)#V4t
z(vw8LJe*`EcawU*-;wT&vNXvmO^vKFqcU%SooBU#uh7#I@s-xN+mP;)%2dOk=w}V|
z@<!Sbk2Q`oO!n(XFW+wOKHrnb<!e{}-|p65ZJ8lvfL!H6r$R+&4|-jx&5{)oZJmy!
z9=sdT57z@kBSS19J&d)PvM5&uEU=mNGvvC<K$I)#Mv{udWXa9e^LBR8IESC#O%6~W
z&q2fC*1@-12X7Deo*%ubA8ffQT|lmmDR*j|T`>-`KIsf$ETyv9%ZA-Mqi7&A_SnBn
zZ04bE4{?HIsKmzb?*tKrmWYPtCIw>W-TZ=N=9w8}uJK?N^aeKfUiVzqppc%VeYDcF
zak`jnM~eX@AqZRy{Mb7?Zf8iN)RacIZxW;oeV~1q!g^sgCOwKG45NT-WJ7FN=@AXg
zf@X3N+!rDMJ!bC1Y{2wQjZ(XQI*=ZrUxm8>LrciiFH-zJn)bwNz+{(bDNQ^^UFgNT
zNyj5JmQf(1i?lsLX&m=`Q6uEovEd{RPim&m8UNI7?;^3uiGHkSVGxyM2L2u~5{)fP
z3Q2th;kkb-%*^yf{v%>K+<vk7a_1Qu)(NX%iYoxH7RN^UKICCBW<#P4X_P&hY!|d6
zx(7zUo3tYvtt(*YNAuF25^V9bv%pYo@3M^>ZBtxNy1jwmgn<Dl4s9rPIh8x^!d3#i
zspr&xF~F_hbOQZWH$BZqgR90#`>l+3bc|DcOFfn$fMavh#|4ziEW1tUV2EdM07W+2
ztrki@q`-y+*RA%+c)()zy3D`c8TLe0%x;if;6yP(Dtu#5myOb<j#|(31c`+J>qEfx
zuQW?OZ}z%)5XB!DM{a0aKj8NrYa|yC^GcaWyYWuC<|$+_1ZN^A8#+GBM7+vpGw#|;
zI#^B~Er>z1`_kp4$Ep$jrL=*k3F<b_j4>RiJb9hu{On^kS%Y+Ng1V0<Qlmq)X29}`
z0j<Q}a_#_TjMJUc?l{A(hj}fo#V$5xAwG`hAW2^Ln`RM+RGYm9izG9!)sbsfSVfb>
zQ$p+ek^MiIX8(m*F&quLjsBI;F@Te>ieet;y>_$Ya_aWFOWiT^$MVB9WhmCH%(QeB
z77MNc#T4M!s&c}x;Z2}StIndpdh;(h>W%B<rmI19ptc>uYH9C@mg4F~u_N@pS6`c_
z8ICOHuX3x3C*rp4^2kPLv<MzpEA2p>6-`+sJc(Qv_J&2*LCC>Z#I8VimO%8z^u*pl
zA_Ohs>~#@;unoEF_$_+knu`oKC}+$Ol;ZnHnu8wJ65eE%HeF8M$TMo|o3+w$XM|%!
z8wyJJ(Jf?P;2vn0J45Z})NQcQ=A7b(J@eWf8=LoGxj<og+ary_wqS5dceQhqQxQOy
z-bUD4!(@8NAc@?%&p|NR;|!P40JPzeZ?osJp_BmUgK|+5iaVi+_H7DbOJs@(V@;dp
zpcQPvL-1j}lZDkW+58+ox``uKVc9jXBeP63Wh|u;3uxhk<>b{Biv-(2UYHx^3=b<%
zF(IKzH;=>%;F!5!2}oVE1xRI>A#K7#_K<eay|{z!Pw$}H6sWTGn#{{^HI|KH;6^B;
zyTJ@~@}F&nx;Sm)O@bL<mwMZ|ad(Vkxie?pCe{HQ<J-6dZO(M&?<99LpI@)9E*ciw
zUFM8H#_@zkVoq!b)zJvz%eaH%BbmXV#M~4L*$C|66fW6fNG$MG7YBC4rS%p0c;iYu
z0^Y1XU&##)+$c|s;wLR~@xgvaqFApLT`-<&L<c?5;qd^~Q0fCB249ojcN4J{`yw~-
z)uWS?M~nJ6b3~BYV1Sb$Ze}>DF>NCw=TNyp&8$Fxxer5F)yIMgY~e5CoTy!aFH|Vh
z32Gw})V&!5h08O=ed7@i{JD>k%}!4!FXKfnGTL>;wZy34$HocZQo|m|K-oboqJO^2
zvOd8jw1#HpinV4**sjY)>t<5!(2K>(<gSorz#HTjFivrFCDNDX#+~*V3$)aoGyR6O
z#U(_9B}XcPHM6xW4YeZhZ3wJ+F$l2KGn(kbeu<!%n}R9Q@el;FE7GC(IXxbun@=oT
z$r%;J4~?T6QA>|D0*i|dum4ZpF3B0KBF=vaF=S;^iuRj!cVoTmNduB_eUTl@ZKlO_
zXbf$Z$F2f+!hhwI;j=zw&1Q{TyCwRc4I`;(0~ttx9V)^K6+)rz<uslc=OO2r39YI-
z?mCZ~Fybh-aOK2U1Gig`#JMqxI7@L(HwvOVGdeiU#cS@TpvlPPJBWc2rh0spOgU3g
z2j9Se(aGF7#iH};F>Yd^K#Q?S^b*d$bRgphD5o$Q#a_4J8}S?4>>gr^pCQ3VJtT}~
zE?rQ3CTbW!;i-FL*)12{PA~OvrBUnDvfeqvkGwKAz3Z)%ui^6W^bR{l(LGl*fezVT
z0T<xj(nc?B6@NS7LHo{Dxh`j)#LHSl`1&k_htU#YM$!>zj1fnLn1$L>_yx=s4shv+
z+tPVEJ@|>3wgfvH+%%K4p`EY!qpS1=n04&8ra6tJtT+o7-i>uQ<!O!Jw*&Zw$g$U5
zWED`FyUB?R@B*ZhnDy8nw9g?k+~U3y0KxYxuT09Tez5D*(OkE8+-qLV*+_+Zy!Nj6
z&Qg<6H8h4k`nWM-H%)`ZL}$k`$qU0Bt@<$d21I4X*=+5RbYZunnPIdwG1z5I%-3;N
z1T$XxzX#)FGt!45nIKZ}4169T_7%8&WI@{KK8k9bBq3Ve?!s-^*QP|8<a4t}%Axio
zL!`@z@7NCTVAqkg3130Ywm43IxxIju&>6$!m_Mr>TP=I+dkMp*)UPR?BqFd>3Q>R&
zZ>FU)P7e@GM1S$Ju;*qnrLsj5{EbdNrQ{FyNVkXRYqr&7N)qaqvgVs%HExEr>CF%{
z!4Q|46_#=$t8NSCz{Z%2dPP|v(qj`UekTX157<--gy0=kSo=bx=8JN`UlJkuEDC?E
z0_zp0Uxc)=H`69>aw`k(kcS6%wqI=@Z9Nl#T3^~kN(gbEnagx_kuM*UFtd>T$3mb)
zCn@O&kgHm?Q1cv4q`v5VGD3%yhHx8DqPb+=m>?u4D2)|i)!9~>wpj<5y`RGc{~hky
zkKRY_|KHpHjx39h4qpIo&i}*Jzoz`p)zy0>i9USz(DMJ*?tk|Gf0D(R0Q$>cCj7kE
zeVx46+TA*+?<D)LpYCjLCj5VE_i(G`4QTT%Odc+rtS=_NCr>6>``z!>YBlt(sJYB<
zF7WWTzgx6d$#XP*#A0hiwnRpN7G`8@9QSj#A?1Ug`@c($NFhO_?RU}!UgpEG6zYu)
zOwXsi;YcdPt9p{G5+hn$TH9ECh$(wmuO(Z!2Ci`HN#Brd<AM*)Cq>HKy{J7QpG=<j
zW4b=mOYEYW>wbKROEl|Z?nh%zd3nU4QRhiD!gYx5plk$l>Gdwif~tWIL)boC{|qq?
z0^qw!hcrk-Q{2uNIaXGfxn_@kkM~z%0sUH9W-2c?0%TBYfu<%YRJ<9I{^6-t?&4<v
z%Q)cW6vCx}cIOJUEmlT+8Le%9d`#E1oiGuGE58d)R_p3yoDP)2ky%$50@rt?ceOa?
zr6ooqg%#DA5lMu^SHg(ex*dX%q+CK%2N<d(Q0+x!Xh|FzE+Ya-CY=mFL2Z97SdmIR
zea5In=6{Ysi7^yW{9buNmQpRztg(CLW>DrTSUQstifZk7HHN);Q_TFcN?#?4EP7&c
zQC&kp)Vzi49ZNd7O0Jn%@M<hCB*}O9btS4bSqo}07_G9DLXB8TZ4Z|^RP#o5G*&nw
zJ$)yNG_1xs6K`Q+;2uvRjt3L8Si`=6=8CGJIV&+X*#rFSk)feY&|Y~>aYHh+nyb1}
z5*)ZNUD`XoWv0fL%$u7Pg2l>59{^Y2P7x6Xm9$#|jlXGlx*(eMu9!<B!>0$jLjo>t
z9aIT35KveM6T}Z8TK+73sy1O$RH%{9A-;rdjk%&x3P{(JZADoT?_V2F$Vc){O1_3D
zxJ|Qpfx;Zf?6B22BA-nm5A-HmKeNr0sfqH<CK8eiml%f%8Cb}|Ckir-+szupD)uB~
zX3(wrV&HV*kTh@JrNejrip{T7G>eXCg5GMGd>s3x(hFO9*ulCKfEe6l9K^gx>5^AS
z+e|u|I(3ZJX0B)%lZzTrK)<>6M81ZK=e$s+DO?&?wy*3=a6_dck{INqZV^Lz7}Owq
zoV|jtK`F5kKpNYbd~YYB2%9pVVAhd1h(%EBkt||247H8SEQ8{|i{DO=GoO&)$_B&5
z7f6i`BYE)_2A5MFaO&`td>lBqE${~?Hk>PhAs(bZuM#5|erpeEacQ)Njld?U#Qm(J
z3)Yl0z2T!|er-XbCm8rZ$r%prbHd#7>kE*s9QPWH?W7=2g6}{$8rn<6l{zl*NV=0{
z>LPEkyu!d-Vd7yK%l+AcdSFd!kr53J>{IS<CwM{C<_1+x@E6*R^kdi#1jl}7Q!5x?
zWNu+Sd5N38T0$DEhgB!Yiu{)piY|E`iq+)8hK1O67fxh;`Yv}bW17h()Mip*s0~e_
zGd7{LgNv+Y<C7R-(IW*h+^}Q})53&|=*sPS8<jhK34|i))6OD&_>?4MK!jWH$kIWt
zId0Gw!!RKtFFI0BN<j>!1^+;VRSWXy4h?WWm^5>y@?2eYAW?N<>^|%jO?Y&QN`dI6
zFT}lYsbH<m-W7=&;R)>y@CDt8w`x&50;e@@%JF4hZ4E8oq2|q%o5zqIJG4oVB8c;)
z>2c`Zv1LhkC%Haj!7H5dVuY-}8+;kE$HbX1g&4{R+u$Egj>I%$l#957xTT2~MOk1c
zNdv1sj1Uxr2{{|UxD7N<lue`=NDI0&Oo_|$Sa{Fdv9#dR`85cj?}ma(zH>#wAhHQN
z1f2#`dyp9{7V<67dd;aV#DrSJn|c?^wf`4%-y4);RM?}fgI9-1efL?ixwrdl`)GS_
z_b_?Bcfg-!Q7tCVwhxaEwx7P%D{J^_@7ebA?ajI#NEKKOj?fvZQXoguc9_2FF^WeA
z&LGVYchRs$LTQh<6j+cVZS*RlDA*3!tQLAtJu0r{guLXUk9u;G^9^dE?;MAwqd}Xq
z)eEgSP3QKV80OHP$s4{{Bp(-EW}2RcZ(<=540F)vjqgE|b2gP@a-6lBt>*}hQ$EPK
zBqPKb#uVO&3<Q^<w$IsJh!2C}gD)oBNiQDxp4RSy8K>HL-Zr2ukaJRoZ2m0Kg((w@
zwJ?C(hR_TYb}f^Pxx&P9(b8QuE9j!#$)ZREl537Gej;^k{w16dM$iJq2&?dcI%Js9
zH)mZam%!pG#zJ_<Y<y*sxpMDw(mc1s%EQhu#)}&Yr9g<q%QuH$Q9f}UP37Db1Scif
zIEvME`=T;QQzn^Dt<aEJFa{mS_G>L4wikS#kq<eQ#FkeO3SVF#6}h2^{Y3|{rV~*Q
z9PRC>Pbo~N9jqomlN;B<7^P2Yd=iIZL3DHzb*Qy9ErMUj)g5ufCN6uK&~$XlwiT)N
zo(aZBT68#;=)!U<jB&w(XN;I=C@MVT2@H+Vj0WTiI4s5WbGegGQeHP>SDc$NC5A01
z<l9t>jW}trYE-3(-x-$m7%i{VhN$sKZI-j09YR8Kdwgc++x(DN)PGq*@>kl8F-HLq
zGD0*Ki}7+~3{UzpD-keE!gPc%$Z{)SM2#kJ9)V#JjZWIuAvgvdCI8nRWn@c;0^r%2
zPR&1)<b#nL&(Jn4la!NysbEB`NVI^z0akO%L8ECmU5V6Vr|Oa-P(>YtU{kTD1?kr8
zpqcOM5~5kEe3jhNG3C`{iJJ9KuZ9Xx5ZUlBls0oT*SsgAV$)s4ZkZ=b1!~;M>pEYY
ziG-<CNn-_;Z7DxQFtnvK8|ADQlw&-=y$E4eD7)t2m>`(QG3BWTx{gY@am7IpWG#t0
zO1HR{75h#MB+x7?n#S78tjM(d5;qo>a#6y;Fq_<3%>uSF=n~RE;Xcdcy@p79?U3k@
zYmnoQBrgeEEEGmSamdF<0>_iX-FSWj)zkDjos(mG2a+=wmdIfaY+sgOUpmim2$2IR
zCKn0Mtx#JF;s#UWFxr%Sj(e>nV6_fmX9d$1p04TO$G`=~TQ;sm*Tlml*6o>s;)puU
zOK0s$1R56BVAyxO8)Utfj3CMOLQ_IQg<hB}IytkD<t`CryRkh`JcwY95|O~&b(%on
z^<nyrg{ZpcsE3G+tCC}Q2549(0TK7jfK7K#S@sWSWE6ta<Z*<+U`sZkFR5tMUb0ez
zn211zz@qd+k)C}ne^&r#u7D6`b05=y$PBtE+`<e)wiwNYHTaa0MPMZcgggoSlMOq7
z7lg2F3iISdzG$1wtiPyhi9S*T5Llosx-G(_?K4lOvR|+?Tm#GL1B{6~`#5sGw&1)^
ztkHvQ;vXfop0yJP3fQ*gG6+1aY?vTMLk^3+5jab4Wbu{ZJi!wUN?c~tl`Rg)7`u8T
z<6i*wL#GJatOF~lEUG-H212sVM0!pMj(qnLNI(@Rx21Q@Fo`lc&Zg)tY6yQFllx;X
z7>6i-TM5|m0-F0#@S9j$ORfw)Ig>ETk5&>GP>fk2Lc{hzQQ@dM%Rz9fW!c~gsJjVa
z?1=U7Pf&AM^lP`~qRA!s9@vNM0a8^6R+}qVs*xs8);mN=!;IZ0PNNQlROx$X;27gy
z{DN&#7LLBM(s+!+V%79)MDBaEdEy<d<-@nFBu$~DXs81z5Y?_h!c!Ek_(7TD^MPmI
z<Y4*QSP$5VET%YURuU>TbP0VOsK+K$3?(SsYT(S!d_$lvd=-TVC@I9Y*n=Fv7634J
zh}(It1O(;>6><bYiT=LyH7zZRXWfL|af%@1t-C{LX~w5dYk<RLpgeAPF$&Eo?hJ`(
z1SmZ4h!4@W@-TshFMi~TqzyITN#IQ}D*6A!<Z<k|gV?=FYG&l6Bn;pvmyy9jHz=X3
z-Pa*^&9N7{lIGc~WtZ8&&0hxLTuOb?$3WRFJj~ZUAiHEh;lPbqmcg7NLt=(i#+<j=
zZB3WPi->A4nQ}-NESYQ<6|gO&727<tMP>mij#5W%A_i%O)eV{mZZdjL&U+nl?^qA4
zUSdQ846DG?J>sMJx$euJ2waF`)F$g`S&Yuvrf_3ciYpuieVLToC={-!0u`8aE?l0%
z<meG%!K^+E>JQF7WK{3iYGhb)xJ1JxX**=*q6SDKn<0NW*cbTFnu&&WPkWOHs4Dla
zM8OQ?GBchfm~v@=fkJ<(H<V2xbp`r0#0w94M&hY{!5uB1vgJ0MVO^p@ElHSbkj9)#
z&Q$G0OLCG&x9U`wF%^{vFqUdys?)Ir4vW_S8izZSeJH8rj-kRyD8cXA*w-xoqHBg|
zWYaTaQNn&Qm78<7oI!GM@N=aG%N;1Eq!f}XoK#}Cq*2JZAQZ8cIq@w%haMsI1MS{5
zD0C@1fPgr+w8(*hXea^*?xTgk1YlB8*A9p)??)I>j(dYJiE-XyCx+#$E>2|~81=DF
zBL@%SW~g&<4U%i|?=$&;H9#$#UIS5ADVe8ivzm*7fvbrvkoC-iVhR)VSemk2Dn}9u
zX*fo&HM5f*m<ghKrf=>6EgR<(6eSd=#B9sKi(yCtM>hhT)`k#lYBvekXr|fTzIkmo
z<q9fv5vYzY$${%ZN!H>}`HOB69fus&1<90ZfXu1Qn5lcjge6>^vNL^4oJF#*MzpU5
zPi@sQ1D_TVeJ=8qeVKC{eP{J&eCs=M5eRs2yi2zcW{eBlflkJ<w&dOoRtuJ02Z_qY
zso|*afoo~+rl^yNBo|3bC%A-lv$H~bP0TZpEut)eEk}jPFYzVLtlKwQDaBkFRW5Y&
zZ80Ng;w1}@&yIb?Kx*Nb0ZoE3>jJbyMg=i2R15J*bOnE$qIs}@Xe>f(xl)_c5TD^m
zivG#~8B`ye1yW;K&Nw;~4{V&Jf8m{G1(#OHYu;z55&O{wS4}X7dtF6`v^i>%S#`V%
zjJG;}OQBq3*PGsAmPX!HEvW6HMDc%%$yc$5kZ%?E2--q{UCG+A_yQf#PiBM;o@zi3
z>7&NC%y1>)-_jtA8q7^?s}Qz_uuBp!E?p}iGy%Y9qX^y=mawIQ8!)grw&3BgP*}s*
zC%#^^qc~txwRTFpU8s=zl9h+>s6EBG6H^;)4kaKH?xGSh6g5badxg#*D$?iZN-{b4
zmpsj&np(`YARyy^L6<<C6QzoJvrBgSP=2~x)JJw+QdJbql!M7CveZn+Aw*;r{&n3~
zbf&5%1OL>?E~i0@73Ifa%&3<-4qc-sm_I8huQP^K%lBdQEJ%g6pis_S86TK8WH=y1
ztQ;M(RicJg%#=L@*AZG{<^qMA0z%ysvVrMPE1As@mCPGC3*rDMiGXW`t?fzvTIfz&
z=UYtOyYEXE$N<Z&ur@`KEQzW0!9Zp;VG)J}AC5>Tr1}`M&8N=`V;~m8M2?73HNnDm
zk;36L!on0JTwNHpo-DqS>MrK3nBb9Fym%s^c_U*5=}t)q5bwo$ARLlM?}MQ@Js*dI
zaIqu5q`>%qv^VKFCspT!xh<DScbA%E0;sI+M<+X3AeyWKjs)2P)i^$_T9NU$(i%(l
z6R{zX53|QR+p$@@5h(VLShyvy=OfOCZ=sX0w=@;QT49-lREG!49!DWp%-3|v;Sxc-
z&y2+|a!+(|7|J$KAbu7q(r(VuYB7);-Y{Cw;hQ*L0W)|4wWyysE|`ni6^KqAYyVps
zLltMN@^`F;JWAR}oQSnFDi*LcR`n}#9LfnN2${-MhIb@t-PjBYX<z_G*N~gMkmRtN
z_q^CiAw$JY94uRitRYG&cA)5#Z4y*%lT4aNK^V40AF7<73w9C0P)A2%WPk@ufm2=0
z6M22K)Zn{hoqBwm9HEvBLU;Jlh_M(2yK(6Lnq*$su?U=tfe;(_)2s`NQcfZjYL<>i
z3uKDe=kcEinVOW33eC?n63pe;alxs>sXtSANGK<wAf%VNnAjsGJBfnYUY58}gk1gR
zPU7pog#eK7YK((QEUQFUuuV876gNb<8n%evw$C_PO0g*q7V(wDKgR$~`6^t+$c(@h
zwP{P(gvF65ZmUsz7DT_av&td@9`)4;votE<BGNb}8*9oOp0jA>%p@yHL_f744%p=?
zq^MOiHcOPLcZHd7wPYy;rOjQ^6JjqgKk*%u1n?@M6}Bv+mAHZ#@<1sX3_^S@{Dm25
zS_Sj)DH`W7!y=@7iWnGGMDH;qC*@f<E0cN{JjOJ88IC-V&|-4#4zfkg@iRSqIchvm
z7J@#mLb8*h$-%Eww2~(6#xT<$tJgMVW_}14y<+PoIU8e+^d*h<fOC(^PEoe5R^^zp
zh++5X&k}fZPkAP4&7G1y$D)y~zB%He7dd9Gh6GA<LxAF(Ds`&}>UPED)*laygT);Z
z#{dztGNkVqsoP(^>qVR~okr{DyS|U3A5z85ZU?c<U1t#(W54FBbH{<|IntMam^a&7
zD*j!<ug=>TLKNC5jgVd}$_L})HH>JKo#33vZF?il+{sZ{Vn1aSeJ$*_yq1BBc#ADH
za)IKftkJ{SDz9uEvz}6|^OT(0iBfe{4$ioaN`IR2z<f3G3x)8}RODT2A&f&lb3P=F
z5JhS?6C)e~gG}*Qnnor21kgiLOtk&AsPW*ntyPM$WYsjk)(!x9<GwhLI`<^170#%#
zK0Ko&f`&r~f|ooR@(&+K8HA6kuwOB*Vytm|n!PV_7^HEih$+~tv%w$<-C#QHDZe(9
zzl|hCmnE`RN|f}op6z*ffhRawz8Nh^hiPMknjy<Rt};49fD{Dx6qUEW8xg;im@{1D
zGt)k2<jOP=w+|p9$D+q5x9OAcK}-%c!^n!}g=7{aQb;BfDos9xSiXIT&LBJ8gARo{
zA{E59M#v=+S2WYhDLsy3+6*v`j@OvM%bbA-SniWd{**p`!%0_6Dd`2d#$h#EVPnMk
zRFts?a*zcT?0^Gj_0oFXodXX+wp0D_1c8l(Xo!$Z7|HGL9jL%*vQ0%lrLd~xqIesy
zqCi8*@4;gfof#TKFAb4>4pl}6Bh)YQ)k(#i<pwCGy!=kNUL1!|a`Iu^QpMp2Q_5oY
z1-W#XaKf4`xeoQ=(oovxP%(V<GdnXY=m64UwVn8v=^birWf-=3Y7iz89^Z;ZpUDb=
z8O2Q~!&4hK^y<eWB%S@BA2i0kBv6f*?A1cTk#zx+^9)K*4+DS@spwLxS&~u!rrj(5
zsvP=SLe_Xp$_f9(?m}T<txP5G=-wQnchVgqw4z*bW#QZ{ZH$NJAcM(i@6U;O<32(?
z3lK<OlR^}Y$|6UjaGo2+XDQS%Nh~n62+~B0OW{gaF$sXBHHFv7fqJe}XJw}5UIaA!
zC?F<(-dm1>ipm_q>MUC0v={aKh&8#$W{)N(&eE9-Bj7c%6<H7AD(0Y;c8BQ-7Ag~U
zMvef>#E-=j6m5CgArHAyVc)i?D?7NPwMwbZkCY<zpiC!dK)ZYp-&YR3)OXwW76k-r
zQVny7mB%A<4t6`{C%U_CzkaP8SLG*blMUr~l^-%V89f>)dSpa<sLc{$mbGm@40awQ
zF9j)3fl|g#dgQ=pciZ0MIECv8hBvD{0?*>DRMWx<V2`AiSCt0{-68eP$PEpEbjV1*
zYZnZ%AVzXjnMMF`)ddenop$$<H}!*q`tH$p3bCw_yY_Tzv;O*UD>-_(mFyqvy*Q}9
zO12N<k+EmV^MkFeWbe7vynV5?sCEZiYEg!z9N7{8TJ722TYoy*+C574$*bKy;tXu^
z^t+_Kzt4HJI_0*Lo%$QFx%H>bt^K3q&C9Lb+Md9_*=9V4M|FL$y_>wDOtp$es{<wC
z9&EpOd6c}|+j+KiVA;AW^ll$ga_-=0n=;-^<lF6M)k)3O4;l7c@@AXc5nj_@K!he&
z-~BH6!}jj8#bk@OTL+A3|6uFzaO+tO*xRod@fI()cQ<!lKVvMMXamCT-Vu1R!@W${
zP!rom=nMw<wO3mQI&&Ngom%Gb^X;Quy0HA>x{rMG^-leOLwg7Ndxu+KMl%L~+aUa4
z`|uCc#jgd#{_%BP6;llm*aiQu>bsk^Q2MB}keY7t-QH`!9Wrl<m(f57vXvI1wvuOC
z&$l*@w!dY0X-PMSuU|RxHunyX3_&|P$?n!B<E<Zjm#A{y_NMSqJJ{N<Z-aj2NFN*s
z%HFQ?7P8w|Jg8*rThYMlUFxeJCI?%8e9e4jP=a98UqEe)aIduPwKv;zt`(YG{6+hO
z7scX#2N~^g%<#L!60;3KkO#xeGq<Z$0Z|mxS$_&PSX(G_+X$3_2q7ZxXZ2Tg&WtbC
zaw4!Xg_D+?cHH0E+^+8!kwAK^^^RkOgO`7NtySbf0Fu;MPS8hXd&91lOnXqYwi}A!
z3JH_@a=z$$g8oDoJA2?4Vt!UXstc6;`*cfN=U{7>&0^cBzDeD8ww7Ax3kdY^HJfdF
z*A}Iw`SR-M<@Uj|xS#Z(o;<H_@4SW->7q<y^t=ZO1=46uD`g83iR=)Mp=co4eoj}L
zFT>Uq(DK5)WGS9*(X9ULTNuEz&`*uMaJcOSg7wHC1UwpJQ<#@s;_YW7@GJLUO>o~z
zX{g(AKJ+$}?jv)k@$fq_++B3CAmxVQjzKbpt1l4FQn-S+b8or{&J?A})hvWSQ01&{
zv+_Y=`4Q9c=}3~)O}k)m%Vdx<LBfx?JVKl{s8jrpM<#<f23M5@E(0a+?ZA!_lS=*%
zMY-{+dctYc-*fk&?aiaYB|9RG*Xxeuc?EK^U@qAJY`iYvVIbRP*bUQ`rlt|+U)z~i
zHMaadp}`VxLg-A9L7R?3>3#wQZIPTo6ohl~%=Muu?<P?BIOfs%Q9lD^Fhb=rQ|w~2
z-*ou7TpgIh5+qqdIKYQwrOV9d#Dj+lqMocCkk3(QZed91G_YvovGOeJduErPW(#Z1
z@fB5r3ZO|s$w-)MW~pZDW+DcRvcjJjtj*lS(qZby%0zfV4+erST<Lk@{T^w_LpL@i
znG{iwe;vJh)m3)ww>TVTo$@eW@*-PTv$m5j*Bs}iZ%-08{lx(3lj{|w;vj{s*m|V<
zU>zy`V^HQ<BsK|N8B04<BBY`hB~?8jei8w>8p())8Kz<;tRE1WWK_D)d00+WMI(Wi
zJhv#^#e|}ON3SDPs}mS(88_+VY_W{Nc%03unBiKPkke?M?;)nSPD6xcgSY|BQfw{1
z#O*9UJ>c&9GF=DXq{vr99Z`EdVC%OM#w>^lXG}}``6d<EzJIP=U|wK9)4%w^=lOLV
zgB;IItsHaqf-iC(ojM0*)7#kraZj{m%K0_O3+PfjPMfx`D{)|aZ5;*+#$st_$YT>y
zgbBk+MTZ)~sS+~CaNoqtaQ3k|bnvZN_9N|#ImzooPy9EBq*z@R(y3l_(Xg@A<)4YB
z)q~$HPSi%wZcdyX<a^oIzw|l55V)x23Dln+?(Muj+S>W9tT%sc#!esyyHF?jPdmGM
zamR})*tQUlD)WOv_Q<HZ$U5pr?6o2UtWYa;sq7e7;XR5`4m_OP-xIoP+$j$PydSaq
zPp`Ppg|LVDbm&3_lZN^DY^{8-d>!c5#xBl*ksdRxEmoUbk+Xdqh?cz;)XphY^VV4I
zn)fFnkzs?ULhcRxOI99LR+{-2+!BQ?bY~AOoMZwv{&Cy?q*R^ZC(V``_^!y!)vnCC
z1T+b^50{q2$t7CxA1OL(+$+!@i207;gvr|Z1{LSACaQeVyW+EXHk<}+@l$h(hp)+0
zBKgD41rKUN8Sorcr7<iKU4R%3RVCQ-g(Q<JB^<z+v-J^X12BDAixvHJUh}1-8<fHx
zu;blGPUTRUz_S{LM&94`u5e~`LGm_rJ5<tZkg)}0M|_Sgnu}83BGOO-3l5z_=>J*T
zCU+DbE6SqTfnFdfSHenM4Th>S>p8G=_Is<S_)-@P4UGFgwvxrVOiR4(NOwB*x=*M)
zg04ospw%Iv%kW|m9gWlzWp%6hw`eNCuREKz3NMR06PZi&|H*VNudn9YlS6}U?Hp{x
zwrqY_QMIk%dQ2foJng16=r$9UQj0HYh0R%ZxEPeNeV0{Q>M#-%4LgNf?y=-o53GY#
zCkST1eHakF>4&Cs7^z7G1#FWTyY`CcMB-wi)<tdKvQ<is&{)BfF94alHYdu;eE#!)
z2?k>QC$6R1I@qo6e2N<&Zm$2ddhY>uf==B3@NoU%=lW0o9VAqLvw{C0ti8Nb#f5h9
zo*KI{r?&JFerjGI5_tm~Rai7$9-zA6#OlZ{M|W2hnNYbC&ZO89jK)(35$Aq33_u>p
zfrS-SjwC!RdmZ)2GSn1TpuTX1@yE4S1C@r6w6g3`q7u64fk&<nAbgvIypT49Ra@?w
zWAaG(6DkG1VKnh-OBkrC=z7?|&RaMGH@Rz<Y=w#}^2DNqR#Q4~2~)^BR>p+;x6m&r
z@$hl5{c)g(LTnw@rD1nv>Z&@rE<$n#H#(67E2Brbun00<Jk=LKH1dCBUbl9K4*_z=
zJ~KTqP3}lT^(Xd$oz*amv#3Q~3zg4QF;^i_M+$oluTSp2m7-TPb?#0wl|Z@}9s<R^
zxQj^#r?87Eqhz5qFDr>`PKzP-7>X6khDsqFSyrb8Sj)kR65W!N_e4UINok!;(-uCM
zMzEYDzr$Enn<0l`Qx8;~>Ie~tQb91mmLnw0098#1(rL#Ex$7V#rV#=>kIYr@=|`Y-
z(nZRM)VYp|I%ByIFPSGL&?|iK-0UVwKuaaoJ#vN{^;|+Do6R>5Uz5{JNR*A@l}OP<
zZLcV^6bBs`tTnv!w04yjG4699hb1razVn>tQXewfyr{m1Q%kRM97sFS(8^@;aVYxZ
zKoR}u2%qJ$bG2r23~9<XaH6Q-+Enqo^_`u&$@a?LvK1><K{t=oG12;)^^nO8ap*<`
zuQ?8Z<z^UBX>`gXF~fKefcy!VQJxShk`%@^_g_nu)|vz>R&FRF-dH?Mwl67nz8N%@
zkAsYl14Sqerhw)#M`9oQn3KwWKgL`#@99|ilTtxcE2zOvuq-C8WPj)1?$|LMb^ull
zxJ*?So<uwCk<!I8dIkEa9go4ohAa(1DNzp0#{zW<e}Od1FhaVIUDJymU(^cD$M1^~
z4>8+9`Q<l?g*q$v2YTjQV}2P@epyID6ye~zx2iw0`{JK$sj-R2BURO&UvTax@sDOe
zmJgg>=qYmrzokO?FHp6gz91{kZda9nv8+oiNB+$GHf$whKPlBMk7P){+^Ro|Z9w^+
zXhNS6FgS|O#n|}WQ~GWlnta+C>~KVyN*sBKFg_C2Kb0;R^?yQvga<!OFSqIc_q_h=
z{f+hYjfW5H{`U<`g3tHAf12f}K&_KeYWKfyC`S-QVWO(GuFI@_fA`Ngf4ml&6uhZ6
zx->SxK|Cp^ox*)f7n%OCGZJX~OS83oU83N(gGsxp;S(cs($pT(k~~!m2T5@+h<h^0
z$FqC2*~4sB1aaJ_LtTRd|47-vo-h)aN!|~#5H(3R?)qh1Gz@u8<ZmcPN`8MEH=W`d
z_715eVkOYs4v85X^v#7PV&2~=ViD5d;RuLg4&<W}`i1HaBjoGzkrYhOp+rzv6eb58
zq-Ngw{T+~JwPf=<@1>fG!&o#cR24IYVj?i$>$HgxVNI)x<o;O+Sh%V;h)zj&jY$Zq
zmq8CjA>fRW7B_f^$>!eF+FW29%K|rN`g<%+?l;+mw9?{AFSJj)*+(mdc0%3^HElXV
z1y&vY!cNvgXR+%8?EHlQ=l6kOsPU@D#iUY?Krjju3mLqHrs~_o@();&!o4ZoJkBYP
zt}0|FQm|R)NI?To>#V!t|2#+@D}&m?bFWNM2Pyt4*YxtD>}ts!Ly%xwiMDg0o%O_h
zJ6>!A9D3dxv#?-91)y^6?PI}0-;1Mwz|DUt&$@yJo@6A8z+0H!sR%{?{DGA)Gp913
zRqH;WDF{O~k@8Qr(j|0?w*J^t$83^^VK%;@XhQlwH6n0-yYsYs96%_KHlJx#I&Z7d
z<vOrg@^qzsw5p1zUEf=t!KO5F4p-Pkj=^=Vd-9+^b|kxjghjM4fT=UhnhFitb8-%2
z<eTX<?DQ~DXLqKk60ri#zI)r!L@=K89gBme!Oa+$P-k5Jh#pGU7GV)mbq1|^B#yjR
z?GX9@L;LYig$V>mM=g6;`aVWoL>4lg;|gflkMpgj6=i;Z<4V0J3NQbSW0ezYgI>>O
z<%Z!f7H)l4?Eo|!n2!CLLo)&aoT*9b8n7yms_m-kd6w%{;~`}-lE+pnLxHS`4)f=3
z^V_*y%?)biY9BKdAvEbd;RvsxD&Gpe*>G{|gUBc>OlyZ?1j$?|Ir%Hn1WoJen<~_r
z5=~`yT_%q;iivURk;N{Anm{_b4vY?<4>1w{)+Z2lzhXR2N=8Ka042(DJeD^0Ewj;>
z>94~*^3JE@o-TDQOD;?9?$i&D?y_AfNU^OaAa|c{ALQ?e9^$UBss$n!#RJTJ@tzdo
zZN=eV9=+PpqQQWnm!Ynax8Q<TP*J};#$2SAq^29^n9E~rE<-gQj>tkyQMRpM_tFso
z$**z=I&sb!<KF!1SjAK39^1c9=F}NkLJi_tiNA6ei;mY=fhOk58s)dvtG1<L;QUA@
z@he-P?MYd;Z`ZxSMM{!$F28rfBV$$RSy77qh5pF(e`K5X#HX10E&Bh)>Vy0E|JNSg
zd$6|pU`_Ww+*@0F@LB)=6l*aFb93{XlSZSq`FyAT;_#bfX^*St-pIyY+FltC2P<|t
z)C%!W-5HcDk>vJe@*0;2MKlyZlv)~V%OGfAB`}Mqm7xXLbwRZ+-y3|gL>`D;NV(LZ
zl4`Q_Y$v}7=hm*p&YBtbUg`FRQl~e}=cHEK*?y{t@06xX=(JXQy1lDwr@sk1q;|OX
z`haBCZ=~}qH&7oq;o2a-Z^VCP+VGDLonQQ}Kz`AUVEi-Y0xi4K)gGN?Z%w@M2Vz(M
zMb+h>oTc--i3<MZOZPx6H;{at&ZF8dDG#*NN`5sT2DniAb(w>?wO{^fev|Am{%ec6
zkSz5|P53p;L`^jLh1xIwJtMau{FB@%2Y%l7_dEI5;^@&Be0g-V|18jh*XocuiX+;b
z%EK?j{`FJ&+8_Ol|5m;>2Px|zr<%;dYD(Su>gw7O|G6il%YQ0gzogg~q5jg@9P=$n
z*NV>9m|`d36C*DSzL_O=v|ECaM^s)vmA+>Qt+KfnQ^5Sw$*=RL@B7QFzRd-vVIJTo
zd$kqyZNE<=uBwf_^0gViUg$(v2?;lI1&LxHR(>j9SKhqO9}{1HOX8KPB+BP~IvVvK
zt*l&JTr8h9h8N4+x49BUTmU`s_4{;KYBTxub9jyrhPLV1nWk>z^FZ~8_kR_iPkvpz
zd7s~kuitl9mfPK_5v-x6_ACx^ce$6`#gvEe`4t<jSURy3b}(=BpXIyB-T$gh3X#u$
z|F6YB+#K?4NdNPD06*?@Zqfhl-FvXE`@in3KUlxNabN!5`)lj>KI?xUcNJzs`_dzd
zarw<%R7$+7-u$<W@<)6O79UJ_ae7ta4<&D;fSJa(NJFJon{kLRKE@?sroRQ|F$TkJ
zlDJ^7eQB(t#Jb1B94~Tx#k<cj_P&fd>gG3Ssya&}eQlO{TGbFWn!Q5{0Ewl=I}Tyc
z<oJe*5Yhf#;j{o=NzvpFGH-R>CaFRcqkkWD*9>c^)w2}eA=A~+8Yp*`XdC(}>EJ=n
z_FO!jb5(o08I$?Ut2&wc0pctcq7qwGo^Ktzz~&0GN6M<BzEN|&#SoYQyn>Ng3%G<n
z{v}C;-FK}{dIF|)o<+lCQa}H)ICg32lYT7|3&hEGyBS4`g(7ci0YO)JAC)uPy8&pj
zbTDZJe2J$uFO+BJFnrPOcJE$JnFy7}-j2JYo4p?)@d<OnH1*p5j8ReBd;0re$H)bZ
z9YYZr>=?WAs=+_Oj-ev1-FeOvvtw|f<#vo7<#r4vA9jpoKeYrUx~BNu?U-JzwhZ7$
zm?qKqh-S)C17$;dx@@t?Fwwr`*}u8j!<QO0w#s{&Ka)m}eJzW}DeANFV;X0nQu60#
z<3}ZUJ{v#R+9DNdq1AKb$7kbbwqo_a<Z0CZ_xBFsN%N0B@>}%(HEsZo`u~G_YwPC!
zefT;5<D;*`EP&CelkB5(r*?hhl}<Fv7F0SMy4d*A!z;DgrXSA1!y`w6YM*tJXW22e
zo-76HAZrrYUry?{k6Xk9Ih~{0n*{B3eTRi@_WD`(>EW}L=Y*g1?`}5YpGVdBP2she
z-6bq%NJX0)x-lbUCFuB*&}+5VL;|D5;|4D&nS?HtBk7s0)lt9PfBmNbW!A@}r(8Dr
zoazb(s4a(C&hXs1?7r-vo!3YitGub@Y3=IB4j<(?<;tZw4lZ$i({Uk%4pYCGz4i)a
zw~b46>o~(vY<7YeGARV4k3_pmiPbqk%}<l1beS!TEel%e#`;aG+_*ZSe7qL`lKH0$
zYt_3Nv^g5DwcYIrD3x0|?;ewLaw5=$wG@hLygT9KlTv^EA{V-@7e%{uF`~R?&&a+>
zHn|P8osr@3s@;9@#uFN3P}JWn*Xl%8!||w`%9K!(ubB}eE<p@WRe!?*s8Op{b-`_(
zp(HZ|bk2!U3zp+K4023qLY(URm$}V8@_%>u&f*aN__Le&Kc1fl55@n>_rGu4`+WZA
zA4mLqK*;(3AIF?*T{_fNOUVnBCAy9$!=1z7Nf<%uC5#mH)3MeZ8io86IEl&56j5%x
zBhe&ykHlw{!)^s3NC;77a4!kZ9wje_G{ohgT&Bt&EQj$uQB_=PDl1VBTtr!{$x{TZ
zMxqk#i)1o;p@tojNUCpUfi1+5|MofA@r}yZ>n^;DWFBMxH0>i2IEu`bNhhr8LdZ^2
zp*qVE*@&4qthJ?zs5l|`XPK0><fq-=Bvk)7@-!WjprNIO57kl!sgMzN^??Wuj$NBO
zoUy)hl0eE+wevXT)2?_P-H%3sBN3Yo1dP%^NGUp35mS<Dg4$B;CYhT_Ek!^7RQaFz
zO$n1bxN;O-+fK+Y#p{(ZC3M<tLnM4z%>?r7bpFUx8^Y>1bkJTTEJFj3mZwPBo+q@e
z@H?qJ%5JoJ40wqtY=$7F@BjzcwIU%kOZPItD?CZRaw$a&A_f7a+e=A35~Tc2pA&q>
z2C&F&8uj`y(Nh|1uI0JM)znw#4PIP?m@ctPx(95$*PV*WMt)K^Qg>&UBiMfbOFThn
z+SB!nW|DQpziYKuDr@7|4qHTr%2*UwrhBM|J=E_o`=m$?BqLDzG(}*@0YvL5kWUtY
zpSJ_QoOH;uyu^sjr4GN=!rAYZXGKH5J)4z>4nn%BCJwATv6Fq|lw)^tSqTHJEczDR
z8ythG1DD|vE>gCtW2l*ahJawLc}W6*vd-Z2)SqRROQy?*q~jtx&}@*EI6?Wr1J!^g
zPHR$}LGfx)F)+w$JSE8z7jBY%HAq&-8CyY_>yv}I0$2AgG|-#i2?MSWg0pM8NWZ#F
z{u6oCtoD*DS$T}+e_D6jRQXYGL=<ZiDGi=OFKin!5R_i1i{F(?qZB!zvn$R-0g}W>
zA%%ldmBFv70IA9%#_R%cq*G2U>ba#)TJpAEouT~8`E6x4v+Sx>Qe^9i#IPA&Z$C>m
z)*n82$gMNA=iHjWa4VZrx9$pKkqBdiUkezq$Q-~!$PePAW6S}v<2N>wKnwPO<&Wv1
z+}Z=9@Bq?EHfpR48h06pTuPy)w=HVPA3vo37|gF=KKbn`Gtf`e0Hy_d+<8;~h64mb
ztC9BmY{BdIo)fdD>Q__beWyg?hLlx+g}V|spG<vi>RWIm0d^$Q6r8ho0SgW*AlR}Y
zwIq;8o@`=*?mI{z542tAOfn!MOXDn)RuV!mrl`nVpc<8b5WE~d8$TQ$NEGJ_X}`)6
z786v`ms#>`rxFQ7UX2!)lIuF>bItjYItZ@{w#4uv53<M~Q3I<^4Ik32l(3woWX~!<
zrJYB~w-l}Hk>cS;wIlI~C6JY%T;_05nSDLbfmbRAaX?wSKqM9UbttuA1-=z;6x*|%
zQ|!Z>aa!1o?~7N#IAoc&w;m;PVTH(>I9uUtqMrnZdrA`q?(pi2-S7?wbIM1lw&wlB
z_r4;7<QezJgL%T0o+QrqOt8l-kW>{OoqoY4vC1OCYB<N4OGGCx@fFSj=2%cZuUeO%
z0VC2PMCHdrTQbg_9s*z!jO>VTU;!B7r{Ya;ae<r*>&pD&qNsFev2<c7a;@aszE0MC
z-qcCJ*<+A@a6w9D(}POfqx%z8Vry1Fh}KOO2}c@5o}3<sB`OvOsQ}_nCa=`8fD_nz
z5#3u(4$F2%o-HgmAh4P){DA_|wykao;5@<4k%@L;vQ20Bzf~UAk%MssCgq_^+F~h0
zgLaF83`H$6q6(^tB3|;hBHz!h-V%U(>om69KkXw5mXiN@3CuA5`{im?g1(RZl;kw8
z+sodSDh524;-7XFYAQl#$&xQO58o`hXU^Ju&H#H4*UJBjCei<wv%60)>YM$4c>mTm
z@c*sfUtM1(6>OFG&&I=z&-q`UU?rwOB9S(hSBsN0H~Rj9uB@v~5Tr|%Naajdo&k>@
zSy}$*Schp-WQ00ydVi>B!Du+`l_-RA*}^NtfeSv#b_|`eWh(`ex(DH0qfSu;8!}f2
z0GOXa!rt;zZg%QZprUzghge-(n3odZK1LJ!A?aG@CByjr@Gb>TFyWNno)=p{U(~gA
z5^|Md5sZ5sGux_5tSu0{p;m|;0CpIb5HG`1gP;42oJukX(6bdb=`Q)f0ck|s40-hp
zxAlyrhP64j8I&-qIbrHKx(=%X9%6+IFBqb4(edn-M!CS~2xRQP+@Er0a5?eEAK!aa
zrZC@5P!cuNP{siin`=lowGs^~;n)j0s#6{}NuybK{Uutt;)-97lt0<8X(UC(Ds?y$
zJCvfOTrt+}@_xB?R};pO5zZ#2<Soj{#WFIC*0^hqL<;eYa_{vqcblEq=|0m_<q$JE
zf8pnwh1cW_xAMsgHf3(gdA>bjeDM&SECsEJz6y@ejo=S62P?WihseFIl5|<s2rOLL
zOegE>L>!ZVfCq9a@kA&Du30@`CpGAV?5skmJg+Fm6pNMrUYig10C%`91BCDRpJi#{
z2~<e9OF&l&x3uu+XCqvu;nFf#DOjHPf!%S~q<%6N@&F2B7@XLKu%tZ5&NeU#8bib0
z<=j30H9Oy&SpYQUP5O3Wv0=NOnZbr3V(N_i0M<?(1ePN7g~`k*mgH{}jSf*IaTVEV
zOdM`@(+Ri<A2rc4|DC(I#)Iyo|N7NT2!C1<v)kuFS&D)zJ-vFQ$*;gQm)CwvNSuju
zN9Ou@L@|KN(aP!QtOMJtLgoSP%Okt*V%@wX-1*8h<A`8hl)Qv3C{W8uO4-?Fx_G`R
zl*W!-r^XPGU;mt<mc9me(UR}RwdO0ch;=pDBe#3xr_&|#zDYv86Mb5`LstYW66!L6
zG6iMb!pjHq)ROyAWAjAVY6cC$cxX+Uz0*r@)hTupyh3?xT^3xhs3Sqy2;I*X@G;e(
z)w*_A=A{!Mxh)Z8!_;8ttFH6Hq7pCDZJleHZYV$sQ`2x!Fv7QNC(uPLI^$gO<so!L
z<#a13wvx+Q4pwxz|FWOp&|)?HK(vkUIs``_o2LtW`9+n$>%Mz}S6i+`8>{tMop|oG
zh#ldd#0gSj24(~2APUqKa#rhNK2#Z4*i^Qdw$WIID8)6)C<(Ps>u+W;xxn|_pC`<p
z$=|Ju<eY2+bzu0tOYVZF_VBJJ7qG`uD!KcWZTzd!s(!z{F-P-!3SQQ2pHl$ZP9f@e
zu;@W2@5%FJD@8w9Ed+v+xvf%lBsr73{eA$B_XgGqMFJyww5?`Au0H52Iy+0%hNTM#
z3*l~9zsD6C5f}f}+fZoeS5gi1$J=k~2ZwyY?$;iSPA4_SOA|&Ck4&+>PpdMSHTjjE
zCf_*h@8|T_+@HTj9|`V?979@D7mDV(iXOypVESeZ+^~pR%Nn;~yrMYd+xoL-2Tb4b
z=JAB>eO0GJP8p80I4*>jNw<JvgBvip^QcsfixqEi9LWj?!c%Bt;Rd$pc{@$E_s<`Q
zj_YsU?!JD-jTQ%ofjy1SNOaLsfIk!<ionQsj^GKZ5V#=WBP^B`gVfeXbZI$a!Kgx~
zFlUn$ji9S<>4uv~yr<~%4ni|{{EX?(`N;nG8hm(TKe`@2DF($Lqp$F}ihqm7Iz0kV
zj471Jc=P6s;JNwrRtHXvVL`$0``vb<*I{=&&AL6LpthSvzy+u#sb}g{0o|%P82x<`
zzKg1z7LwytsXT=K^bD_NLP_EakYTma^epIBuIf04@C>f~`q9g`+q=*A-fNg;%|7_|
zti+k++1f3$T1zX-<^lhb)GviKh!>gdP^-!NwQ_dle=Z|MYBf9lCuThTaz#$|mEmYC
zLGs4b0L4Da-`kq_J)vU7bEQw_B2j_oe5clO1c*S(<<&$AkTU;++<sGN@d!89?I*PN
zm<(a))*TUETMo?$NduIKDAl@=C{eqLrf*WS(DXmdCliQv<!JBO-n4c2ah}{_|F6o}
zpRoVeKHL8v2lux@S>m#aKe=sn_<CPiz+cF9dM2R~*?`zpv&X%!uv(9v)8dt11H~;s
z2S=~>6K*Bie|_|YK29$hr|;OO%R`bx;CShUR1bf^>sN{$#~nRfQ82)oY5Q5}9XLW)
z+LrBG?LltmUS_x1usVKo@<}>4R&^ctqppHL=EEXRc}J^521%$W|9lpk<TdA1`bZ}>
zt7%5oCH!g#ga()R%Jb|QlF9tPEhM}A{cDoc#J9tp6jn{sLJE1+^)}Jki|h_k551Sl
zf4EE!r8UUdA>m27G!+!|xP;9|nCC15rHDY7yB^9<a?hMSJlx_cCT{VvKeSxB5{hUX
zmt>Ck*Nz)q$hsVi-isl`{hwZJET7&+EFbv(mi_<m;XV2Pto{dif6D*f*w|SAeE#zT
z(fzYNTe({#?Rm9^yDK#wPM-zx=Pu;RH4v^Vu<-P11`zmxUwMvRbR<0^-g$|@%LCdd
zKYn;lB2POfS1hf1f?r59aWlb0^zKe5oZy#~RAYBcgj0sGq{(9y?(8j}J}EtdCBf>d
z&$u{vMfn}W>BqQ~CK`{~%cG`Rsw+!w%#x?|%|Gnyy-3#X=Z}KQnar75H<v$uS^swH
z?e_k+4~nl})&KN-dxx9zxS9`Pc`t9vi|zd#?m)X&z~z}P&D%OW;>C*@U%=?<2QLnR
zw3-8Yy0f?Whr{jv*h=oL{;t&X_AYlR)_2}+?(K4&pDycrd$_ZAq>qc?+0~10-*8{y
z+oQd=$|inmwN{h09DcRQA=j^kChONUF({gJl5AYl#GrVS0wdnhvprbj+h<%fnE%`_
z#(VVL{+8Kl#r*A&4Z0Y!Ju}baIxC5WMul;+R>H48!H1`x-jy2#3r%5i$uXR{Uxz<1
z8bw9<OU_-&2v+Uv*hFS`{9D7n3pw`l4?-0^`<tXZ9A*9QBMHbVRFG7rhE@F*D7~!^
z1Fb?My=Fi+v_Qkgl{~z;g=^!wxasD0vO{iZ6-*Z8Zd^04fJc=IBv?7rTsqwCj2+R!
z8JSN_b@h+Ot?zT97H<B||KlRM={LQMmFHn0!#Xy<u0Q}cEb}yk%JUq8t;$`ai}En+
zeC#xg^5Y2*I)oesQd?O`UUWEJ-%;+*sAv4CR-+Tjn?|~<PAL5K^+Y2X;9(SZv0ABt
z!{0YGQqB9>jmlWL8*niRsWLtLLq?KThZ$`u1?lA4X=zI_#1f?x19c>0&`N*HJJlCB
zzIqqp>y~?=-q32NTQJ_r!~7_7<!LP2Sa~RqM7}x05~$~LIm-M4AE@~a@@LbH<09z|
z1g{>Lt0C#N*HAc18-pI_<b#OOw9Ya-&!hQKf3ZO(_WZp5`vmL1zp(TqjBg?TVBA+(
z%J8`Orra3MlVE&Rnx7H|wNfGg)vYRM@4VMW;cpuKxL!W5!4C=9_>|lIg|BPYYCu)Z
zbEBcqFwmb-l{4DAjV`UND>-(mT?ww9>TU?`H8`7}`F-pcUJyIhM^Hkbf!Uu`+V*ID
zdo$&tYAm<6<WBYXY$=#x((ecJ#+HV~yjof06>+^r)YVn3)?rw#IDfyzfY?cYKCVPw
z<gB#pwicLT{w`l~W6WctNk}rnbi0X*QMJ+~BGH0m-By!!f=5KD>yNU5L6l81<K2Vu
zOPgh0eXTS?o2U?ffAxMoJ|{_#JnV_k@;3KY@7;`X0oqtyyS9-HBh-GI97LCtWg*jg
zYqqoecg6v`$^V3$+x^C%)0+2TYUB8CxaN7;ZS=3gE3^fr=yTk{&L9qwyTd_)+&Ri<
zzlC$~;g{`}uBu4hzBSdd&ehVo6<`<juojvLB(>&}`3fLOksK0yPb~yb0g#rh6BX`G
z+F>9q^<^8L%H5;z5Ka^}|FHl4pLMl~E=RdU?a_TZHl<-Be8(JG6#jg#Z(~=fYWV(W
z)r&%pzS(UY;iVLc%1guk@wnY-7Mjwv%PC0Ywo{nUN{TCX5NIfjp*<9f@YRug=CKo#
zxgxZr0zn;GQ1w=UjHn7-+hw4jyu?O@%X&wonW_edgnsDS&~INBg*qx9+Mx1x6@<jk
zVzt33uAWySoF8*Z-HC!MJ`NUf;)%AY!DG5rrfma|d@wB`3;<~p@FmtPYJ%t{6m3L-
zQx3@|ZzJ~dZlIbO{e;|9(G*z|!+d91FFcG`gTaPHvq9%Fe+Ec>n!gX<YcwOtp~ky7
zAX8~(e9p}6Re9o~41x6**UUUTmMOvJHiX$&LlsKCuW)qf9O9ie=NtV2h5tvT^O_dL
zz43z&czKKeXM<ZG@c*pp{)c<3>koAP|KaEJ{~v(p5BTIu3r|d!yZ;iSS)N)8fV&uu
zA*&*zN)owL7JEj$dx0tP$3M8>y}*2giuYk292fc0e|=y_N4}IeGUd7`7q1=<|KU>j
zf)WCKu3zEC&ij(@g=$wNz51r^KcF_gddIz8E{<RBOx}=+b#h(zA6_kABOrQZDOw+1
zE?-bMIYfv(;tn*H%_{dql@7^ib+PXzD(DMNv8EqfLSJAIQd2ebC#_3X-t$}(ef%=y
z9#$&sR|h1U5y^@cXOUiM^F;k_EU_;DAECy+z?4F@VE0QG&>=_WOPO>gpJL7Z>c}-z
zNzn3r4ewcWUw~5E1Eo}p(($qqdr^vvk{GYKLjV+ijI#TJazowy91$+!E!XSIiHDXl
z^JP&6t*FpnMcX6=#`L;dOY{p2xd7ySu~fM_B6<S})r$RUO6p0>HY^SSzHiC?0Iu6R
z<`!td_hg5ngui<DkQ)90P9-toRH4RlX2b_bw9lXX91KMLkNv*f_&Fc`jJCJvfA_fn
z82zu3|G)9zbN#2Ef#DBt`ZMEy|M$XwMX0VE64Wh^6M?=FS7#niJR>F;++hm!<p4PO
zOEg`1UG4@zKDazB?7rkDg=(U;SMix=msrozcjbAV*<t}HXcytib<=CjYP5hUO4y>6
z%nQyp$?oeNZod49XB=m={9=99#8tMK%pGQax;9)~Wd1W!E`I3F85E5LkIbt5@pm8F
z(i7Ab2FUoD<G#GhMStPlr|8u3lfQ}QI4s)ZxML^*Z+@>VC}gAo|0n2GSNQDCb4-=O
z9r&1iF`|#GeB(q2lqr&=psRvNtQuMCz?v(iM9$&J>MlKL<LX)i6Kd2ASms-Ips`SL
zOo8uTH)$Uo`i8g&vXt>i6Z<s63!N5;iZlrE<D%1|k)<cn#Kdf9z-FhAi67#&1bCg2
zz&`UkwJimf2%Y7y4cg6iW8C4)^@8%uMK`gG7^y9sa-sHyl6S-L3_i+pS#$famRQa}
z2^lySXP~1VuZ#Hh*CfUNdbm)YnX3sEB#{rw#NQt7JwJL=KiDcGO0oT7fl67GG|~dG
z4U1^y6x#CKzM^$>HBGfGr~Vbq6)er0=9HKu!CzXUNpnK|3|E)asJRjQ?SA(CI-b<l
zx$OYOd+(lIS)g_U5-kz!jM#5!IYf_>w5cSJm9^zH9sEr8{_sN==0ITJQIRGRSLuiD
zuZMGsfV<%*66npX0*%gVg+hQ_JSz{#FC_n#%)yNk4&6ITGC!=fF9p!UhJhtvj@VxF
zttc*dJ?NioY*W!F3q5IOaTSxqSf7At0bqIjcR}M^;#Akqgwi^PVUf@KPEJV%AgFp)
z24+`ldpF;&{@Hc_E35mq!^5@s@MjI4Zoc>?S&c(hz*R6UztqsGdhV8P+Zz~aW_Brj
z%Is5Hreerolp;O`$xF+6;7v8_BTwn@h7-7DEJ_MuYv5r&!@Z1q-ctXPgjai<{X=BI
zvPkKb<no$Aa3bXixg4f@#L;?=Am58q57!;*0NrkpUT9VCIV4rN1XwYi668b~1!8+T
zf=K_Au<~V_MOlKh;3LuN3XMvP@~I}oxCgpRot!~SM2t5gTeph+5yC01L)HxWFzfI^
zY&pFJ0{HTx1>z|`GSUH9;2NucW~DUJA{e3t3UAl+HVAq(f{BXP7)6FA>uMq$Bd6vs
zDvo-9C1H;UY!Sb5a0Qp0TY;HQa;-r7v%V~IbB#?j2@AOvhV9`(AMgOP6r8MaZpbV!
zuo&j=>y@iO@bC{;xBuzB%<Vr5p?sR*-E9An?D=pi|NH*Ewa@vVpJp|xQ2*uaKe6(O
z^iNpbl=;_Cn6+yC^)D>LGq?I4UzZ{}!*VRF&Y4yt!hvkd=gEtmy{Gk^Lk@vS@xysv
z&3f|qYo6|;HrM1i<*(q~9*oZ2hW=;ttovW3Fo8cPd)s3gf@y8=d%=#z41WfjYbyBa
z3hcxjkQ%F!G&6@?dC9=z-}%tvgE)BpzQ1blN)ymSby1!I&(^G+TNmFXb2qvnqrlc7
z0K~G&x+$oPOyp#d()Z)^eLy^jij67!7W6iKe@4*R(PAmAcUz=+-mJWbw|9pbNttV|
zZwdd(u|OmGW|i{?>7e@!lLOK;ve)c+tIt4NO0b!au6wM~fmCb0GF_Awx7hDn2M2ox
zkGKrdj^au&0-obVK$APa9^OG`$4Uv&fgr_Akjkhvg_{3fpyp9^rbRx(aE3+F>MuxP
zEjuu@K|M7_2DJ?u#DH8+9dWA$459r6b;xIBSd*?3!SM}oqOqsrmfA?;iEVyji29lG
znt%XJ|6P}Ie)N7uIYT>ls);|Eo<4?_7A@E0Q91^Luf7r<^ivE)f5~^Df3+6Owvlp>
z^{hW1Ah1{-znnAsBiH4<y^>K*@Ye()`SU_l^&>#E<8Lb2Rq3cl&V`W_ttV_6eRbXJ
zH+7~?C)PQVZ`ZObBAooXN#())^Lq=n{8iv_x`J7mzaCU^peLrT=@(c;vsq-R1%H#j
znf&bUhPv?SEf{<-g+kmw%9JWn@V%4wz^yl##O{OnDh6hv_k$4p;5G!$K=CXjSI~SD
zqGx^V$d-o#yCl%^b+b_@n3Ifo0SY;f<bl$8-+0>Ui^A(D#81%3<WdK}idx>b-cd+Q
zEqHtZPaKIcR+cN$tH_AAk8$ticFc9te2U@bWm<G%H-f)mUJ-{yC#%Wd{-)79frIgL
zW1slIc2yx!bz#aK;!0~S=p-p|Li5upxF%DXBxv&j>K3s<+C9l^pH{Y%gh;`g;`plA
zzYXCf89asa(z{QD_EHb;k9kA)&q8*ooBwHimld2TgqL4_B8->2cn_5SJYt$mu9%+S
z3`x0$k94j_6hqRSO>~`>iB=>I0=JQGWtPNnNUhebpiHaGLH%?KL)_&mKgGLY6P#bM
z-8(takB&(c>3kM(eAiET0(q{5e<;36I{ZI^BEWnKtPs$eiI}^&Y9u}M&hnk)H@`{p
zhhHHO^!SI>J2x^8(-xIvQ%dvkBBplbg2ho%<&3l`Vl7Qll~6blO>+8(!ap+ghIZ2F
zhN(}>=g7H>2xL_ABFX=}Z5T6MZbKCN4Mg3JkZrQkFGCF<j$)%p;x|Tx4CrX~Mjtv|
z%g@PI?!#uA8=5nxJE@mXa+~~X`0WSmnDXcUFjvWe-GI(WD?g7SJU?g(K_EvN+$v&m
z(M;|hcY>7`bmZd>NWtLiUywJJuafcUvY{s~ah=^2%}y)qMS7qlu~}Vm(obYJG3#J{
z<uMauKxG5$@6P=rOZ0&fmpy4W=Z`x}Px=>c`PDXiMIW0nLf6O&%h*Qqf^zGO?AJ{j
zObKG7O^v9kcS)($Q~el=&PLqK5=X<YA3hotf1etSAimFN;;4QerI@c}icq2l27*x{
z!L97c5aP(dnpWK5pTbZthjVb(X~nK1+z)jaluV%l@$`fq&VPlHvId6f5G{|$hG!3`
z@)6d;2_7!ak76lUX$(({E?H&yFp7Rfwbyo1Cm=KWLQVlS!v+}&nER=s7s!VX<ZGc6
zo5=*kBf+D6ZxEpATPNMBe~D%AxEF3DV?ia)T-6i)ulZLg{=-quPlJP-<3Fn#5AUy%
z|F?Gk{`$Rp_aEr|$Hsk90+ZEGGn^_^jwg~nk^DmC8mn)rf8F+8ljP?Y{?C8Q(5nOd
zu)jXXf8H<tQv_^^c#n=vS3^PslR}c<%&<;=`mK8KwQ@Szyh}lQg3afr@<+r5VDrcs
z)l{`Ygj@-s3a&+~AO`ZY`IEBI+*`A9;I2z3%=`CrLTA&0GAVQ8$y!ZiZV#6pMVvgF
zFs2aN(5Dhr7D~6`punjZ=s>xRS4>4e&bx<&S`yi}UP=wAXl*vXeD*F5@;}Y%p<E1=
z<}j&gL#mHPY2#E$AgDv~j@dBeUZ>Hh?;r539vi0hasGz^wT1Dfc`*-O45=64AQS-!
zi84!O38*oKzPycj(!^c-i{%6ilwq?f1;pP847m-{FEEHLA!F)`Qn;}4VHnp9IXbF?
z5{I9sWO+swMJ;W{r8EwWT)B_>e=J7g;#P0GGzWvz<moy_%j96>&#4*&Twi*Y&6^!C
zC9~0W*a8PuJAjOpqU3h5Y`mwY*(+{nv4VVi^ScX*O;J)?Wx}Y&MKxd<*V>Ix9Eua^
zH~L(V!w=m4m?)p_Z=s2(VW>nT+rU#qJY%=!Nu@L1X(zLjh}wA-R7g6+>x_PL+A`!w
ztt&R1yuwU6-+l!EBdgqf<zHwJIW*9(wTR?zO@Cq>A^xULCZcR{x5q7@456r>>AMIH
z$VR#XO^u1zgPM?vY1Nm*6#Wq=0#PyF2?_d%#)M5i!i+DA&w~YRdp_#B`P+pe;A)$C
z+t#$%h8y9rC~a<W16xiy_slHIV$PX_`py4fVvVk?0)(+?Npi3WxD%<c7v=P?Qht|^
zsC+<YT;4^_6ih?aipESOV+vDWM0QbWZtNmoAp_4NgQQo!QR2>8TC!nBW_d%(Qq=!k
zm;N*wpj4s<_wGqGT9d9<`d6>kACl~2_22GqJXqr{aL)gJuK)O9>fF!%>a+egt^du^
z_2A<nCuo*tXL8}@q9C5<VHrE*Cw#xYdhfU4G{FrA1@dHUij5?%D3{Yr_Nj-*<%ueK
z{6lxA*D$GuIXqnXq5DJk@fXkbHkCK+7p?8Te!8>0nfx%fw6e0jb@Y5?<=N3Qf3?26
zy0Wsh`@`H5zEbt@Cyyob_1DohW#gXA?DFx7zogZQHGlkc@7Z?-V(rP)0BN(vyCbx!
zSU;2^^tz5vGkIK3ULI^c|K^7|4Sw#4u3>n*Qh&1ic;5gX=)WrlA3z$R`3)lPv@Flk
zAI<@PR$_RGKgP5rE#md%UnUl@bR^{VMO>w<-aV@$`ds&{{m|VER|g!CSys9_z?RV$
zB;wX_UimyO#A7hLjZkXKcdmS5O08cZ!l<m>Tu$aI-z<dnc>MI>iT<CTyYRw~OUaQ+
zv+AC9vZ+;&SeL=J8@l>p#!7rVd|z9V=O05iV7bywhZmA9d5V5M#sy(pwOdt6zYMB^
z{aFpPAwMd%b=o|XDMCeYDwnb4xlWTO9!i9Li$sX>-;XnY8V8Vs{7v$ooIT`!<^1Qv
zwa@22Z&|sI^ZK*=pO*iHtS@{$*X8!=1n3RrUrPXPbPYw%kVh>&ua|@zXMn+mw0Gfm
z3Q3xVUpXXNX>g58r_|;X91+daI!UFt#1vFn`~2ugNHCK9Q@pG?lBOaQFkQR%_2!eQ
zligy7(ydKZrn`)~{10BtJSb{j1ziI)OjhL+;8q&@#xmCIW>kyH$3u`@nbdBP23$Ea
z<E{w@vL+y^zG4w>rM(qED0S}j{QV^*&ZptHaUA}ud;t3>++d}uk}VAopB2@hECpK$
z#s+VegHP470_licy@nLjg%zyRgCnV=lc#R%FxM>F3$92r*sVuLvgDFdd1ts1^24y|
zC_iziKkPW{PzMPoaKIg)a#wgUH9)&JLW7?VK(s%C?W~FDr{t2VViaiB^W+@O#MYNC
zF=L!Qq_$1DB<y);N=*I+yZYmB=T8qM%6~5;_G$XNMgHHPasR{T^FN<vDW;%)mjC~l
z{HG9N+NlPCX1fn=3Jf88!bzW*)u~D3x7w^<$G1hqCn;BJ4!pYjHuq%~-&Sf(5II0t
zQdD>rpD*+FaH>bi0_F{$cTcdq*lo$z8GQ#a5eARk^-xDOdJ>=I11+@+gDXABN0dLK
zYjU3F+j!8E_T%eH)${JFucGhTxO(2724D60&XS+kXj28M%K@?+cHyXx0%}UZ(UBr<
zcN(9ZhIpC6P|8!qv6CsuL0x!}++?WhQ7m~Ph&zp3Ki5q=mu{t;i0E+72N~V_$Xns!
z@5Pa&@sKN4LdlYb?y~2&yCyO<iQJK((f~=gHF|Byu8!s!tCw82$)$u@au{!WkUqm*
z_S74ew*%Q9>IAq?VG6z#k(1+SU3v9Xn2x7yyd)S&Ls_De<*&9pg*F?d?aq+X5x~9{
zBtw0S=ln_XScg`EZ^>sVJj@sbnD#FW>81b3!DTnb5cRYR`tsZOd;r%%vz|+U>{mgv
zb2Lx_;hXoHg}cVyYxpZc=KHO;bh)XsYzjKuGFoA4C7kQaBW2IBRyyvC+^HxeybqA<
zGS%g5jNr@w{YN(7{1|5?L?t0;$u&D<zS1Yu-@~5;sf5MMsaY9F;y_YftROE@Q0gAL
z`NZ$%-~Tz7P`TfAQUNq2S1|et76q17;&NtX$z%~|shjJ{{*8ZZD8QyoVx8I1E=VUF
z$b?716_wOxZ{v}BV?Vr5jf&9H_Nh7ve}9ka>qpS;tdK-I@iat*=}4b=>EQ@S94F6C
zoFZYJOp6CXN;US3b|M7PzN|M6kd@4;sneWQywEE*2a7k{Qut<AAwFe+d9D7ysq#aT
zvJ5nmN_bz>#kiPpcFhpHKI`n-6b?KO`+d)?<$xV66~u^F+KgjT^!%L3r)3odjA;+N
zn{jF_q?K;0KYZ{oOr1x{?JOP{a7{VS-PPg}S`?D<XOU!p!dM_;sIF31gkmL4ashLq
zkOeiiy1@B5>x^WM>UPV%psS*+$pjMTBENqGM;{EX?8eG>NeiaSC4tM_>|^qb0zw&%
z<A{k#l48PCw+Qu5P(u&5U+i+$Sv7+oBGaqpdA7ZKv<MeaN$v9EKfd0c`TS_>;MJ`5
zn=f~snGY4rIj&;4r^CIS`oZ>L1^WK>{uULQsMK!V#_Bzsa`VH1#W$3TSRSTty{7#D
z<m;m_)a<N3qU_XY{x_l3SvpjSXpY$VSFKKZGUS`XIydG}DCNKtE0{bDNLJANZ72e;
zXbBPex){zxdH&pteSh0DxBp1Fcx(5EeEb;j&Gz5g`udvHe_p-!@c#XW4<8c$#UuPV
z|8L4x`xFoUMeV<pyPG{K>$C>FGcFhJw%=OybFSeVD*McCi{-estghPKyZjFwsed)F
zTgW$)wcq{jcZ(>utGc80_nZ~p?+xFj-5&`wJ^oA9`uDU!ULdN?6K<EM9vLVub<t42
z@QA)H_||dF$V>(7$8`AbWWfEn+#8&D@ieQfI!0GYxasdZsWzO~9IEZ}0Zf6oly#w$
zD1e=%qX?D~gvnCN+gQ$2$cfr+dI19~^k#$c+fUIn$tC0*cRILY>gj-_I7XK$V0)Ty
znG))nZec9K-`t#*$He_+3SCF=HmC~Ut0K^xU5MWApr6elpn{S36Fkgyw2+JEe~9~V
zu@T4;D^iCB<0l_IAya&TTtL|w)_zLnT*#7am|wX*m;8M(zCp2=@nXaQulT~pq)+6u
zwMtA5cQCrl8x7ixQ^C(cXQh{yOR)Cx%hB*W|B~VJn)|M?;+ji#7<iaNX$<A=^a1Mk
zIPgo<hWK2+$LGzF>IHiH^7E5+OV8V9XrL?lBYyCg{z>uTFa7MK^oBq3Zzf+|_oh|u
zsPfUM{Dwb@G1wn@PnB2w<Flft%O%-5TJ5Fd_UJ6_=VR@k%x-ovNUtjG`m@{h+n1GQ
z-Pz63ZUx$9b#RvxgSxDCb~(|><%KPkFUjT7<pmlc_fCz^ifOg8(yHl?xN7}wX=(IF
ze36cYu5?VHnw8^p*ly%+hF$A!)~nQ4#$R17@n_MK{gH#5e%UDcn|L`$%dh&~C6z<5
zKJqaQQp0oXcy^ojXyS;T1!k$=8K1yWB7QDX+j!nof5aDO?Gk$Uqg{T}E@o1B^)4M;
z^X9C7Qkwo*d0(CN*GnH&-)vm_#`mJGx9_b?fHP8<`6d&%8E^h-%*|i?b=+>eQx<J8
z;hy2>y4UHsp~GKaE}aeSxANERQopdillBr>JUq;CU4lRB{kgH#*ufxeE>XHI%epY)
zs~m`<mwS2Jp4YU}Yj8W+5^^Jhs$y3NDMRUP?I`N@UhQmqYCGHpu=ifz8eG|K489ES
zFX?%jPv9?8uP>L>z>C@C%~B`P(x@ooKALEh^{0T%X!Tx=@U=`%@Ny|SVDeEl8}HTX
z@_kyhPJDxwrZ}U=G;owkE3T6`?F~3mmMxXJe40+70~S`a<$Pg2lQcb^o^PqG=q%D)
z>-3)5M#e7hscgQ|`-iu@zkkbnW4brMzwvVlAL)IW;#y+@(HSq$-|}G&FHHE9+p$?s
zb+c7^o-JXJmKrymDO4NlVMNLaN2eycy<D=VvB_z3Mu&QsH~6bDhH@udYKSh-J<Trf
zt>*38&f_aI(C(h25%vaoqYmoU6u8SJe;j)xeR6uxqXDNBprm5OVV)Bhy<7^dN?b2U
z*~+lac$jxKgB$~tLh<W0rx_oQB8>ht4)rL$9*m|?tVi+naiia!VqBL?{x~+8-Nv5A
zCd2c4vs=X%<%R=SAu4E5JD%swPN(rZJcXc&2D7NE+N5nluS`6Uv#PT3BEp$Tq<WY)
zm_;)pq*8+^Rtz!V(IN|@(n^0%Q_W<<8JosvA_pa6oB_uk$3cBmGJYQ_{juGj9up6j
zFm?NI8cxvU6BrGr+BS!H!}`V6x!{h%X?PcDd$=^@cw3`rX-71toBHF3j>hyRxm@C4
zhMvbZ-5DKDG$BuUvZu45t}4ud^!rmZ*Y90qgMN=NLf-0PU<{cwp{%oVJ}6mp_6IaF
z<CQF5_0CN?iYlxOT8-bXujerP>D1Vm;&2Iv@a2_+T#sO3t6d1Vi;_WkPCoEO+F#bQ
zh!1|Bf>>%->{S{Xg~;ArDYcl;MbzvjfZn_W_87Z}`MT80;p%A|;^^eZ$@M_Oh!pb{
z>0tTRM#n#{PlGuIOo81Q<n7&rd!yY+F@5Qxr6^hKLt!NSMP!F+jF%((w{4F3@EDg!
zi2M|ZP4WT7_;t9?q40n#tb|8*OV29NZ11N4T(tYX{pV%gy0_bdMWOK%xv6cO98{W7
z0<kDKsAgZyhsI0(IVoGyop|60$BuqNhE%ncyLUp+q}(DnjKI_XsmjWq!dv_CVHW=X
zA@?hPeE5QRi~pZP|MLH@J-qi|ZH;08e*XW#=kx!cW;Lo%|3&@(v+}Yl&n9a^&#3=g
zxW7wZk`F$kEP$S(`wXjzV#+C>P9E1&v?)`8rrV<*jjB(JbhE-WU%G(E&n)|;)5%W?
zS^E>adD_I51!ffk&fno}Axs)lywu}{oyJ~#v%B}QzWX9ZBJ=jbMD?m_03!=RW#7IP
zOtWluNe9KW@Akj>hU&m~bfDRPAC#(v@kI616zkNF3k(0tPYd_GHYEel7@*-d18e}|
zFRgLcBBvHvVOVxa_JV5JjFOWv?syLCWJAGCIfmZppu`Ud&d5tI$*d!OerlXTI7-Cw
zy!`G}eu17o<tpegF_<RxHZA`;^m2!=3{HV_64nQTl6Kz-h`xBk5h6xc@1WToXM+=s
z6tQnAqpEVM2&x5S`aP}|8nx3--p_KPB7s~5X#*OjMBC4FOlyd7Png{9f8rSNXhA`K
zn;5xO)#ph2WxI>#L+=kaGKtt!XQXiJf^psU&D|P2_`YiiD|x|!Am8=M>54TH08}C+
zprpx*-Pg%hyzo*ntQd~}I5(8neyaTv%_hGOoz%A4FHO@*`rj~+uT>n0!7ME~ZGPbd
zmwfeAU)P)0ei<e(pY#<J91ZmJ@A2Am&pMj8_}odJrgn36CCkz?>!cpGgn_6W(hr$o
zhLc<`v@5)IwjPZxPtK%S*h)Ol&wwk8ri2vfnT7tRta+Yk5_+x8#+YIO=~nlvdF!#z
z<>CjkG&rx<5Qby<_<+`$v+d%(Q~`I}hL(!;zL&R$EG;g6cf1KXO5)7f2H8hOcAV!Y
zH{@NruTqHIx^f~^jPPrvjm&dJ;<1CfLK=t!<j5FAj)3r{TBDK6=-Y}>#tc+pt5lf4
z8I91_{^lEq#jdMg%CnrvMd^QEJiZZ-jU#p!Qq0POW<|L~M@1!ld3~Hdhq#8N$?@w~
zUor54MUvcVh%2v3ySys03*UET$_rvpiH{oom2?Sn68E%~DiNhH$t*M?&0}P!)q^kL
z>NYyjkmK8jJptr{SNl#v5C4SAZ9>io^3GgIw3UV$B;kxkLRL|InP7Qtqlp~yyfdRg
zqv4#WCdi7eZ=kE`0Zfw?Z31!S8Dh?N-lOy6{X5qxUfX#-<(c&D%y^iRnT|A68f!>d
zRt{moT*P;^C#*imv!0Gir;SF|=b!EsvKPjpI@#!B16>^*E08J~&DIiVM&e4y48p;=
zRfYS;yhTJ!wCQ<YG1%Eoo2MCPtR;@-R+e?E*)}DBl@6^t^_pB;(6sT{4OE)YaB5h{
zbAA9t{y1rNi^+?<r%!jb4oP8^s$;rDyW8lDk-#KNEYDecO@tBJK4f#Q*!tLmuR^-1
zYPMEpXPvxgpOccD^^}H^CUd9lW)qQv&#%?SNve79NJ!(#!*k`W`=B}3#-uzmm<XO%
zhu0VoNL^iLK-XV!kM<l%p>J`|+>3RZixE^Mjl_`@K9@9M#g!&Jwc>sd?JgZez7$Bo
z=JS%s4O7wJlzfom#@Zu7?mQ~(SbtdJwz=TTOVY%}*uwpb<I+#hTckdDeXx@Z#w?+d
zXS8OTe|wmADAh7A&<o#uvub-Zj&;d*P5iUEA`wD9(pZg{=Bh-j!T<a(mMW`0)kheS
zE!VYuXaIJZMR}9v3ub!s@tFJENLm`F9owc+SIVo5C3o|>N#<=E^?^F;Tq2kh9?4lM
zRk-4&N@q=ab=NB6l-_#%E6}4t&9)L##|5jcq08Wzf;1=7#-n;w9BkB3i<6D|%a1m$
z*xAOA=In<YtNj2fV%&4NZPsxsL}oj2vat%{wxJ5X6;3LbxV;8LIicG+=JT68PC1DX
zhCmgMU)xE}fL-+(^Sdk8L<-i#1j?W2wdg}DW(?ceLD>7IC=PWOo)tk*;*h2OQzOoq
zeXIGF#H{3^)#O+cQpy!_8Rev5B_poP<mu>qd2~)Y-CYP9j}IWI@PtRtpS}H$t%JS!
z-w2eg5>F1dj^<T&AwE<OID8wUd4GAh{U2lwOQ#HN@;^rB<=F`O_TdyXaW|hKargYT
zU=fo~PVRzsBTh<x@w?5)`KnIGIwk%_CSl0pF8C?KRYN%N@^JK4A&BHR$>H1W=dZZ0
zkk<P3+4ey$1dPR%J~!@**a^vm^})#(ZZGGCH`X0-`9Yg?`GTZGzfrP1a;Jj^tmN}T
zEVpg&r37<K;l;V+`@28)=g%?Id>WP!B4>z-Yi5@oSPJFKse?&sDoBgPfuzdeoli14
z5Wcl}w0H1b^3$(}f1g_{pNSwH9|}f?$P@h^Z`^nO<vPaN*X_sOY}{9lOu5z9cHnIa
z7oLni`S=Fh{oG}^8(_Jd#&kQ<g~B;?=o~zUdC1;Ukw>dzg2O}Uth?<-kL-iwDW~Be
z7uMleH^baP^B5QvshyRjA*+((^BlGEnvHf1G1;M{>hci~2#gl~nuI%NWc{>H#$Esr
z=fg1f=8(_IHwPTO@N@q<m!@+Gb`~A;+XGg1)?Tl~nRps+tJJsbrZiDmf2&v@-xNgy
z7G1HkTRwds4LMlh-WYB4(clV*Z}oNjSPO1Ggd60d_~ZZ2-kZQvwe^kT$B>Xpn&*>b
z$~+}wq%wpO$rLhY%rVbI(V(Kp+(2EGN>bOXiHZmz3YCzAN|O2iU3;H%9Hs8?+~@hd
z|Mz`-?yc;-_8Puxt?xWcMHtDBwbrhv!sag;@Iwn%5^4Z*SJK(C!$cNwlVr3DvaN$1
z@+5{8k_B^EhqX0;2D`2_#0Vb=r)%V|r=*rhT!21#DebZGv6kcs2q1nG$B<-Q2R=ny
zvczH^$mE?$liXa;h%`hO{Ys^}e?)g7Y6XK5J|>PAag`3<FCXH{kcdDc0Zzq7+GVP(
zfm3Gml0vSrVG;JE2H60Y2|7tDba?Ts51<mnP6=wdilVmofdQG|jZi2WKIHd=7N!fw
z4t{7hfqX6}PAg??Q*H(Mdumorv?p*D0MKg@VL@1g@&syu36jC|^I<9HcG4kOi+BI4
z2~3a`v>c4xK$%V{W3T;jE||=MPlT*gz`g=lQwxz<gTpP7=n%9?L>XQj);O;-=|aOc
zQdu49Ysyk+Uy`SZa+m%uv`<p(f8Yl3?=t`Wf&EWp9i;vKKL3-1$baj<PBzs2n|_14
zL*<L`G;pAchlfA1M%Z&!jGU7waoj-KCjw(8$9*gRB<`CPkNZXj5+o>FyCD}&WD~H2
zOg+Fhx+7BzM$R$$9NA|uVvmG%WHi`f1(p=Bk8Fbky}$`?1?`6u$w~;)v*7|g!kR>$
zjoRA`)U>wnV9E(Bs@M__3dcioCM;zT#PVbP*S})Kn=rpkSOKT708&F`CR+VLvT&SZ
zo)kZdXfZD5P~{qOb_JYc01X;0-5~1$g^ifp;wOm=Xd6xBg~C;nw6vFobA*hsAoT6{
zs|lJYRs@(Kc~DIJ0;>fH#jc{H*+8JkuiycBNjMh9ZAoNV0u#HS`il$MP)Qd2TtQlc
zxZ=s;AFzNlnbZY9*XWFfg%gK3E!x#XY9s(6&iA;2k_NiM{sh_#S}@8R3wKvg6FTCB
zLvdvjvR42d11?HaNllBmW7Ae(>WN#mwYOmemnu!7`H_h@^%+&d1l<yh2Fpf+!e8W!
z*;uzqkjWU`0+fHl3Ki0T>tkUL+$z>T3GF!zL@AnJc>bNm2$O6v$rA%Q$f-0_!ucQ)
zz8wnKY(N;qCxbslAV5F(fY5Lv;WL?r0|+Q{1^XXJ=yoJqWM8G3Ejn2fxvB9kDKLdM
z2()+taQqbxVfct<DdcG&aTWjqA3)A-B>e&#Lf)K7g-^j!iytO@_DIE!J)oUGdi6tg
zZ#QQu%k>LQJemeN+DO8MoM#|O>niDPGSyeo(lyo9hVWh`6;qTj6^Xu-8Q>ZN>@y(0
zNR9z*Etpj&?+3mk__d)n0%I@Q6zbM|_nNXtxDjijho8)D$0n`6Fgu#VidI5dIn5Ga
zcIf;<<^ufS{A;trV227M{{(gj<Nq3PlonG#jq>jAfb18OqJhSQvWT+r|2B}RXamtR
z#S}Py;+Xy88#%?5qM`&Gf5Md`tIH(F=bQ{3ikb`~HuzqA{{?oK@N-X8#E#ZlQLvq$
zd$3k?l7f)}XB=?>&JYxZFR*I`A7IKk>LsMMg@0fpP@5z0{IWUL5!M|=h6Kz<V_W!Z
zh?=}y@ZvzS<y2@J9h(WY;Uwfudo@s83J7slo`~q-se^cN)J=oP@X=77cpLx}Oz}&s
zPP4Xu6tPcU`eZbZPwzYI{oO&MAq8&Ee*y<nH-8dD(WjHIEk+k<LHk3o3TGN>Ljfh4
z@%P|G&rseD@T{`5h5vacQ5ApUpIgBMp8m5dz^?c|x&maB{QE1Iz~w(*0R<yd2;o0E
zeY62+fPY~FFs%Rc=}$gF|DFw)Vg<iGK@)`G|J}qbA!VxTcW}pM12h8u_Me(}{@<u{
z`8Ub(f2UiD{)d`S=-;3P`nCVJh?uCj*!T56BqhcF>;L_C_VcfP^M79dGnM`ZDWbp=
z*j9li+X>aB8gpfsoP!Gw4MNIe2*E<WJ&0rhN&`k5c{KsrL%ac5*?<D7L65_4iK!WI
zKL=Y#72;+)mAwYO!#co{o+126I|`;M!G#HUB`;5_sR36UCpT+ePE?B)gaR2Ns`$#g
z2CU?uYjbx(c5~#tjOZcMD!@{}L2MIBK?W9-$%7!~g`$5UE9%K68eU5mdDH`%7&c8l
zOy-73ll2JTc?y0$mcXl8nmR!&5onCS843Bk&_*8pviT3KvEC<)Ksf9stU&nhR5K7b
zZ_um;T&t*ap)l<TfMin+`P&JOWAZ+O_67AtWuqti<&i}l)E&iaM46ioW;X)KLWJUa
z@-J=A<atarpgz@5_5FZ5Hf_|?QPVY;d?1v-d5oy5P1J{1*gt+a5))$r{IR7{Yf#}k
zj~zzJG5Igm{;P=i|51A?{RiRX-$44YRsEX&L)_Oo3jJRvPLBVQ`fvWX|IC5-KTrRs
zvj0#^bxas*ri%aiD^Xq67ErP4XMtN2!~Du}G-0%&@**HOfyzmT?7xDQoB*o`7|ig>
zh*ZaM2uwou0z|3>K)-~U;E+oS=4*y%9FpkKmlUHBt-S=*j=(vb2|qOacg$PaNK}Me
z$P9Dvz}z6oZp@-0;MD=H-BdmW|3HMMXgf|Yuo#j_ECZz_Fbq&{6ypIPRtzKk7$=3;
z3Ys=Zwf={VwrTIcd!o>Hd=*&9c?o<C_#F5tJtIXvk1BY_A`gr2%Alelag`6X?B?X}
zwoUyVngs?BWI{nMG5BDjCcwg2*?{Q^G^0F<WT25@0?&<p3N=tlxjI-{p<I5D2^(uk
z%i2uxjHkT+&Rd02^$gr^DO#)_>>!igA%`j4agyq}@tr>kQc++f+Q>ux+!F-xFIXe+
zL8sbxzUvKKHy{-+0EgW0XT6d01!G;}yeDNV;UKAkr??E6o%F>#zcAwk1^x&oI0rrH
zP?EQR*4v!&1?~z&IZd#i<l=FYK!u9k(P&~Pz58P@e&;8P2M8FU!!o5~&@b1ogK|fH
z2LN=ish&VoYa<1Iwyrd%lLxtpe-9(%;Z4iFPyRw4zMyWYFZuT3#ys*}!S|d8HKagw
zBJ$<?Co~*3V%Tlq@=&{>>;-x6DD#@MK65u`JL-b)JA!pd^9}q?4v<A?5#$=A#0T6t
zHDV;oc^Do6#P<^c4r9<ErN1Y1hb1%jCU-jN7XEN}etrY-`J$VOO&|3?2|>x@g_>#Y
zjZ}FF!_VaSP=wFXz0lR&CM+r>N`#!IL~V^<*2$w}bN)+p7N@YPQm?^xYeDM(Fd^G4
z)NFP_f+czc`gC&C0EVC_E5=(=t}TAR{yrRml%m?|u8=Sryi1X(of8Y3p-8xtx#1@V
zTC3r$_P9EGg5@2ecC1J!u88DfWr2!AnNLb(k3w^-pe`^}W(4naI|mfv3w@y41)M1R
ztc<WQIo?1R8p6tiIl=i7O#L9B!*nQZ;2ny1!BXc_+TlHIgm_m-B?#4=kjt$LQf%0w
zfIZ9y#+`&Y47fv9S13y5j7nhRvlfDn|Ea@4t|L0RY^4h2(1WiIc9kf_6QQQ0s+hvW
zYs#g7#ggHH!U>>?q8L`K5>rv2E%+WKqGx1kgB^~)bTrY&WUDyYWKUI<W0;L{JjsDa
zROJt@%qFXJCUZ+<r0{cf&rdJ~*>~5<$pST?gm6!&EBM7BN()_j<OYPQfuUq=*d#5T
zaeWg`szBWWx95jLOM|;9nD|%wPAL+)3H&KxN2pF>a4>NkhWVi&HQ5g}TCrU~MB&fx
z1Zw>&EJ3S)qH-J*EI{6TGKWMCYoj?8KrRucB}b<M0P!E#pedD8WULIE3W(nwck%i4
z9l^t1ekfozN!5hLq-+{&53X=R2$)Pjfro>gM?BobXAmfk9R@N$f4N;W#dJY;!>NGZ
z9VP13VP(Nqjdut-G4lBVyErEx8W|!dD9UI@o}vMH8h?IQ0o4AK$aP4XFezpS?GKHq
z3^|=abINtY$T05bh3GIk%$U*fR~PQ5RG41^*d@@z!XFf0C3J;c@lYUF5Aton2o24Y
zD8*Ir91Ccxpdtcx|A5}2uRxuL@>k&hoT!%Yr|CAj=B^$nbetL!jphfxWA<%$jll$n
z#114V5ZxgL9*Xcl1OpbP0Dpi2carpmlzn9O3hN1YFD%}Tf*x?1<!J>;y}>md(tSHX
zk_xO-0mw=2VeSOMi_j<bEnr0(t5w)-K^F}J9e#~m@w6TIT+s+lz`ap$%J)Hj7@@~{
z0sQs@vZeS(Q7zjDzUYT?5YWFdCTEI;!92iI0-qSRQphJV`2mFbVT+-#ls_zFV&3HS
zk+%X3OT<5w7sKa-dq_;kdXtxreNGdWPlem0{XwF%8ze$OM~4z)MZW*omZLt=XlN|>
zj{*d0Fb%{BW5j(To(6UivXMZUO>*2X9(#*b+1>-$bwO|ka|E7g9)eCFHU<@Rc6KMh
zF(MIpkun~HD#((@haD<ZV+s2V7bhY91H68zG!JoBfBqJdi(>=kBs*E+!D^IKjkW?2
z-tX8uF#40Qx{wG)6L$)=MpdyqK@da|1x=&{dNoxP4IDf&oP80Wr4JeOA+x=%GjTHt
z5l}(_0@x;@jYgXUJ;PiC@GFiUPQV}k4L<<n!}#~POf+9|>JYdNG>k3fETa1kY$)7z
zm?C6`fZRG0A<9%Bkg*SS31pK4x?&T33J~##6$G&f^$D;EAU*xSSX0LTn{q7WmS8iY
z0VrNwh8CCzxszEHY_I<y6ww#!5rK`Cro*X1kt#Hg06pVbC{Tz#{t><usALcA$kYo>
z<c~!1NlSt4z~l7+F(PIiCW75TfFO3ws5M>@8$z8b0svMG2%Ra~Gfi`Hacm4(2T&O#
zkRAXb|G-@#-U|<hgF}cqg%%W%bkdrTD&hNitKsqqHV<U>!z0zuJOyCtSPVRn6$d*=
zCxk*~@Dv1;d+~?o6cb;jKB@Tb{`9OO|0pc3>d&3lKRmBfp4eY+H0^mr*PDE;C!qq$
z$(`I5M+5lYA&HIxT`Z#ny0X}AQn*K=vlAW~IMEb4CvZ@(At}e2qJzPF6@jThkRd;V
zY>m`wf}{e<;ihRq<0$?sCh-SBe+O3LL}r4!M+N+N*PzmQAWfoFRD!yYw+vOYpLnv>
z%E`vf7M?j+8ar(@C%Fk~qGHH)R+e}>&L4a+$-%TgJm2RI>8^fwIw{5GBy`62Lt9=4
zXD1uJ$?*B15qR!{J2^Ly8z4RyvOy2PRE@<v;&1uzyG%3&;TTU_0mKe%5^c!*pM<Rx
zrbPK$u*Fq$2(*Imzc2=3%1-=Gg8RhT`vKZhZHeHI{<%{%`%`^EMB*<-|Cja}k)^*R
z-B4~X)if}L=I!U?hQi*_oHC4lpyeSXft=bw7(jY3jLy;0bqFa?(bn2(K&EPxiA;P(
z%RNnrAAdft@9`ZrDar_Bqy!wr1b0RxIsj#~rxIh_8=q#EAR1<q2Fjg4o-P^Nq85{t
zFBExz>L-emG#W^KuZTgSAzJk>6|_GU_bBkfV^=NBAzB5c@lf8Xy-@?Da)9~5>e1T&
z34sr-7rfQ?ctid&By@rR`iDXh@;3cZG@ith|K;WX<cy=~Q9(dE*YBYKJCB`-pB*8p
zkc0zmQdiiA=*geh`0x55JI??+&rehVDHZq?q}1dW#^fceu`kxWqm?6K@v!qaX+h*)
zAkf*>1K)D$b_l{F^68|VFHw-PPuQ8I9K`=M{w);$4?H;Q-{S%DYyS@sDRD^=@c$H%
z5R(#<6qOW({J#>SBLDUO{Es+*{MY~E$M|2+0b1^v?5ly2@=oEKF|`K>d=F|mH(@)c
zA3Gu6GjJ`PaQZ-<|Cra;+||V#x`4R+NsWJ;#UFUEPUXXjCmF(YLy*G~vL3mTCMQus
z6p!+TC`Y5MBI1Ts^d3+r_9YPn6iQo)Y=YDyk|L5=sw7TLb1yqb2xmpDLE3Z#nG>is
zjBZJ>CW18e11$lr-WHYV1%(tADGK-=>Kj7V7@UGQIFo?pTjHdN!m;2k2{f1*O&5N}
z{al<K9B}ZH*D63n(gSpkU<$#bX!6iGO&l?z&t&x#YV)TPNKw1QC^t3Cml|hFj{L+D
zNs%9-k$y}hg~hDV#>NSttY_r;BEW+>0V3PnJjj7+I5==B^<9c7$~XudDBCU=8;Pn)
zJ2#oCZQChDws}t#I)->Bq;arvvIgg23_=u*9w_v|_t(|b&PfV%B35>;rs!7$H1rXs
z(IlI(Cf;H+7QF@u8G6JxAgKC6w8L_}0U5v@aqzdmBq2?KiyJRx2C)9`Mkn&~aZhv)
zx)xBdVqnKOR%{T8E|E&Tah48E5M*myzyDpYXie1kVRQ>kq0o>EuhM2yHLXp$QfL_J
zf`!1gDupdw0AB{x85vs?9#2o>nehkX{(M*%l^5mi!h_Z)pg$P|e85}TIbrkpL14xv
z^o!}?{1ZRc41kZ@C1_O@NS#c%?7a9U!F*xc(Z9*ThWKMLEND+8Yzv&e)reF3R}b7D
zoVOog^grm_O~$(vAi}Kyz1Y-%B%eQX-pPj!-{Z*;#sCa{6V~XOV|WkAkNEY0obKr6
zp`4fGn~dL6c@Y7WcY%uQ5SAogY?NjQztref1J(ze3kQRYN6FVgfVczXCDR?cAhtpE
zZ4o#TWbHi}6OkQ@g!$1T$vMHSyezC7K!xiDiN0(gktkX_7%EU@Tk}0odDV)jY3^!=
z*`uh&XE7m^0SsgNv7WF};gA6V=Iabd0^w6A&25Tivq=~I8v^h3c7UUviVlVts3#wA
z1UeAV33+|!4x3t=JK8~3GI=6-U9xCPupb~$$m;@T2hshIqZLawM*As(DSQY4AWkG+
z48W9+;Zq=FuAt<FT?CIN`=57$04+qq;0=ALX`y+WDrp&DdMZ@k2kQGmWki%Y4P-tC
zT(RirO;p>4=oUylkf00nT(t9oqQuVN;{%SE(xC2wAD9k$hVBp0Tv!q)n9;xS8$*$H
zq5PU92F~xX4MH{K{;9zH?y^nnK8{VWI02kgqY2O)2^z$LA5d&aWu=W8TeY`P&(NRj
zh1@SX$Uh-*=&;jX2C1oT1Dqk0a%8HzAVoPWRPqAz{oyhIZTQ)3z*jOg0ATC>-Z7?J
zHPksQeBvBXw+S|%OytOqaEe58Or(A|`ceo4lUhu1!vEH3q0WJJ;(z;C{0K~%bAVGD
z3>p4MgsJ}@4nmRtsV>C-1{J^`$p2yzQkeWNBC$?V3fdz1|G)8{|Dm(=e_sBl26jvc
z<kavA;8%2!FC}uzLiW=ibDa?(&6y!MP4E(Z;7`cL3qq=okh7}|kq<uoR}!2N@dRhA
ze=orqY^xenX|u6)LpdlR&o5@5140k0AUUAt4p2x2WmvUygSs^!3)(^cd<QFRH9SH@
z!OgB<ZGe2q;QxU_OeVlUbrHcj1%?e=Rv-f#<i<i=38aEY%!HD@xR3}?dMMdJ0^70!
zl<IZ2u@yi)ncJA#fkhk}76e(~VgP<T7>IFp70SMXUpMB=g%t-uJOg4pi55uS<-sdV
zSRkbY&w3sJGkTAH$avoZ>_gB9k*`VLnPa{|_;=Pn`wkkdC5npt@Uarj$D4olF*KU^
zm^>Tk3Na%{VT}c7AT|r>tk-yX5d{_Suo~b(h)|{10t~wpZyPE$o}Abo76dE|ZZ$wM
zGe2@^1OFX<PmCk+ly{NG+-u0bQsA`ZLQ%+gkZY^pFu_VLt)X?3kjHo)1Tzw~-UHs&
zj^u^A+9PfWlrrFEiKRyU;khV0rwoTW@{q^368nN*RBA2dS7?Ys7_~xM>j9r3r9QYo
zpc)Lg^AT|kc%vg{G$_+Vjz2=|KIMnsQyv2j9|jJ}Qx|z|61aO#bdOu>$(#}OFEr>X
z7!^9<Codco+#q`5j$-H|ct!Qf!#5L?UjIXA`9C%c4gJU6PyZj#e-TL(|0yB~H2@{V
z#Km#?zwW>JAN~`E;QuE5hgD+~4OvdHT;0eb3S<mvAJoDBW3#g>R;P`~>*HeuT2CzZ
zDNs}j>71abcn)&VY=d(ZvS>m|Qb57hpy(#YZXlEeBDOhly>xK4fLxVGfX5SnPnZCx
zT*$<uU#AC!6>P%X#Zhi`@ZCc65;BV`V3Y+23Z(x6dW;Q8E^g=S3jVz0mGGi^&B*tM
zgjIoAg{=@#DNSl=IX6&vI6wk4;As#QM|B1;hdUA<ibH@!390~1$M^%x7(L;??hf35
zjT3MN7!61C>ANSG@(H3AC$~eijGXKflHP+dWpY^0KaqJ<9&@fmdGnzNoGg$}St6i)
z3eAF1fncICdR{<zkR!1RQI5zX0A!LHd5TCXv_PB(wSm%94Gd`-m`>Hel%|3CR1JJ4
z8i;r)iBh$~h}4nD=_8O&JLj4;Yed9$f%`sC`w7AaO6IllL~&V4YB8!K6AM5Ylop8Y
zvCx*8LPQVKAHe$`N#Fm%)YtzB^!h)33<~{s1eavtf75J{{J%~T>iUX6kzcU&)BKHI
zp&y|C;!;wQ>qOUK^1rx*2+)7Yf75&>b&FMzClU#eJ=SK@i|>B<qxbkau*G2u`tI}p
zslQIzf6Opp?kPmF{YR&Z;PH$77hNYMiTFQE|06Dj>OV`0OZ_+h`#-t|KkIDuDq+y|
z3zKZYE;r!@tb@{f;&t$L*n*XYxC4tqAVQnTS>At06OX#VSSv{R4Bz3=3rKeYK7lw_
z03sb&^j+OCX3HBD#;|Y&mdnx{-141(-GB~2&;;hh+yP7cjyJJ&c197bLPTYA5^e%P
zIs`0^7WfQQPLJxIPrDGL?!c4`Fdj;oEreor;X6CvN+_S>Qm5_2TQma{$UD&lG#Tbl
zS=g2eAt9*ciz_wo5;aa%9>DThc|jUIi0`$4$|<WcmwNEnheTVDkOM0ZgKE*ZLeM4*
zMb?0rJ9wIVqnI1uK3$0<b89S+2Nk+;b@hhoG|<g9T#17G93e;xLRZW!_X5&Ff-@Lg
zA&ke|6;wIE=@C7^UWW2|q5dFLW>O322q|YUV4?y#b{6gqpg{oR<3wp37!Pe8u(Eqd
z&JK`>AN(UMfTe|PAsdOv*n$X021XTPRnk{h(*j>fd0|_y%LyYK2|>)D3WAD$;_yF;
z<3*rAoubTHXp@kB$kiFdeCQLK4wO4`0oD}t1_{%q?g|_x-9Qt?%Bp0#O<PA--pt0;
z%7w_Y8#f#A5V^2#DI-E~w39W_kBEYmh=NW;QTVsHr#+F!7vr0VTw?w_W}t0C5OhOa
zJ5dm#IQ)oMr(F0DlwY^1?a<w%1w0>Gm@raC$f6}U0k>pjVe35U1uN!*2ydWgm=O*e
z^4w?}62+$K4!mfcZBS`wK{rsK;l&up7ZI3giVYNTc$fhl@qs^nphuJ04ZFkC4_Bct
zt?gLhKN@5(3IBt6(N@UC)`jN%Kk?5$!2e=W>(&uO)~%Bek(82@09pX}U-ZBEpZ*ER
z|8XCH|J_Nh!swzqV3Yv1pOsb4*3HpDfmO~8>4X(*El8e7rwxkYZK~Ul{ECo=o3pDN
z_{5<G@WCEuOK<eIt>~|s!&}tWRRR4E|5Ah_$>jyo2$9Pa()<{4dU0a9J1%5|r#$l}
zKLgV(l<)#1CQo@od4d`!qW%EIIf5M=FtepRmNy7X#O&-O&q+DjoC+}HCPZIAvFHf3
z*eTJpsD>Z14r4<=8#y~C2!STLLHLWj8;Z(B=?mq(0LePITgh|EDdN{3X0NCKouV&r
z|1G>BrKgGZ7`EV|JjXslS6B`l7Z8Sp4gqWMQX3%omvb#AA3h8x-Zyy6!Eg#|VYEN^
zQgG@o1t)z;UJF0x)T8rH-3K>vKf`J(PRxPa6GW0vxeno<^kix00U0Y0Vv-ZaSBOJ$
zO4xf(z>*Am?+Mt`d_i*GgIo;BQ`$&AtyZ8~_Cy;cCyY)B`UmYf#NdLUN&-r4VLP!8
z69xufY8%uJ{h+GqXp@LCKfJ;lz!`>Vpabg#wgE10w9=`6VBb+l0Ce{AHZ;}AX*<DZ
zA^7KJA^4|eA^3M^0Y~Z2z=Hoz&7%JA&H^Pg_&KDhJ0kq2W-;*RXF)MG;8u-^s|>+1
zoSYK}2?ZGfiwntF<v<Uoum&YyCBmQb@Q0i*dc-Nf<t2cQgaDVf06IdT*g*&m4lj;q
z<%Dqz{l^IY4_Zv3|1Nt#_;Ydkr5yYR{Y~{6(SIqZ@dbbVDF2H}0pZ8!znG{PN(Bk+
zL?uPmN&Hv;KNT$h>1Pq!w6@G-U4mG`nQE#kIs^h88p4H{9{vp2v|a`NVsTM5AQ1>N
zIMDxe)lC5-@Nl}Dn&zhIHB1ZXn7C7{7IYB^M1q=%lCD>xT)s`Bsb03?h)G`J=gT$K
z-1F(xn9qg=oeT;(6hd^Nn?G&4u8Q-#)ES4orZJu>+PyvBtuvh0SjKo|=+lj=s>Gu)
z>fF&=hx=>3Hg|dNW9sPkv({>`zt-<K{Ip_SY-V<Vr?#Bfl|ySx1TKj%er!K9f871S
z{H~T4#Kp7BHqb|~PZyLidla>D1?etJKu%)z3zd^n2?m$@TT@2fW|pqhH!EW<YYQCf
zOUW8|DQ+(nrc*uOp8odAe8Y=JWr8<w?Ju^9V-2aeY9gdrp#I=~W~W<dUGA=%z%&Qx
z3kBZX*Xmg~+*GfBRhLnO&E?tIg9<}$qfO-H?FxkU7nfvea_DeGDiKz{>ne-aeC^G}
zn6;Y2>;St%_W}2=LbsRuWIem181I=C^L#FAJ3m|g?ZH^%T$g6K#owe3xu;v!=q^00
zY|ox{G*|!XbrQiio;zD~{sP_1-#c56Efn4@CnLcX(cXKz#i*>Aus@XDkjKK}Zl7Bw
zb1^pyA=XMN(mm(HjjdiX8SC=ZA6PZ`Ue-@>dlO-iZFo1aWp?PdC+_u01(p#SJ3JyA
zrpXtSnFb7|?$A=(vSqPIkois(ww?ud>0-?3mLDhu=yaHRG#nWVNZ=CEe4ev8BjAgT
z;tR1jiw^}I$+uqyj(>@m8>Vx2AUu?HqmDZ7gSs0e<*tzfn)A|?7tKEARr~(nQYnG;
z<0JYpf@^1d>K6_iTvs%lq`7DQg00WCKREY=A@)MWBF@J$jvP8+N_BhJTZ~@aD<?Me
zF{{$pr|Q9pY({n>%f-a8Y{k)`dXdFyZ8wgj5?8sUJ4A<unswapc;VJa&^>E=epV>E
z&hmi=!U4Zqk%Ax6sl4gvNb$VOck%d1gDf@WOM8NkithWMpLfgg#ZX38Q9)M2k>^i3
zQ-<EyUn@CpG01R3Qc6v4(TyzFJBRp8l9Z+@-_k8onvDz$YK{(fZrY7|eGDESYpX4g
zZ#uBvJTfkubgd|7M7Cw9?!(xae|!00cYpotz>!Ri=>Da3MPEkxmL!TAmUnv$*PdES
z$DDS0v5HzjPqoD2rP0aP4sGfjmQs7(n7VWID&4b$5LS8*t%ZjNO%`x#RzKim**ENX
zJ7agY`W%6Ka|8`<zH685{qVk%uDD#N%#!_`tHHFhLZ?*uP54Sz-{X!<66Fd#u5RlX
z%~)>6eQuUGL-|t`QBt|Fy~Nn34<u9Rp5N~slYVnfL->V^^y%yuxw>LWkrABI3%`6}
z%`l126<|1XXwzaweztMH)}tFYZd}l+$i+plVIvgf8BJ4av?Uxb)K;nPQ&o?O%9zIf
z<%?>|xNU1mR)xH0*K^y)<w0BS2XQOM+z`Fn=dg@HwX0uo<kPXd0|!^PZ|^w$+oA&x
zbnHT^*$BrOSzP9gwzM8g@o%(q7BVU+VNMIHwpSebE!k=XFT?oTp)Sva^*g+hv+AyS
zuw<-yn3k@w!<s3p)9tw-Cx>D5aV2NrIio%GMFDNu^@*a}V=|2MN-o&#9u*Q7dQ$Dv
z<R%l4&ALJLlzx#=4B`Ij^Zabbt*0rmx&&>R$1XnvpN*ZiSmE=ncaAvAjeUDsxiadF
zW30P9<YeeK#6A{!5*qbjEIn7(wT_u@O*q|b3Fo?UhDd4Ug&O>9`;&KH)7fXYVCKxW
z{=VX-0f`ra$F>obDlYWPoNic>z(v#vqc2wOJab$7IMF&aTgK=zYnYc8m%Zc*1_oum
zn$BhJ-(Gt*xt67MjM^TH6K7b(wT+u&!&<ciw;T#P*A*G$+g4pXCini_O4I9?8$L+i
zdUYhnjxF@#Wxd4*0z7YTQ|H~J{F{iSeT|Qat)PEO(wa5y>5SHAZ$`){X&+<Vm~dZ7
z+u871*Pc&d`nz+w3WxV}Fop+joGtUN@P%`W|NCdQw!DrKs>})Z2@cC%NFN{)>@s>h
z-DjjZaFniItyU0oB(hynMMta2@%H$)>R27(G!E-yycRJ*T<SGn?rA3U<PTr%t56(&
zD_-&Y*t#OSTQ8LDUwa$mJ*i-6sd>N|%IxC<=(74tTde8VZ~}YPi7hMQj>&S~*ynKW
z;e~YlbZLuoXU}>$2z0r9&e@`#Q=WQsbDdL5e=&peHIuI3t-DJ%=x2I8j@6R3{Pem!
zG24(}Y`wE^=zU+MT<hF9BALbkt+o1!D;Dh<t~1gf9U5X#aCdQ6FRIy{&_Fk*?^bZ|
zHNXDLJSiTHpKC9#YFm9w(WzL|<81Zx!1p^U3|FP`hjOhs?KtnUvXWOaVD1jJmP$iG
zCXI|5AHl}#!*QnGU4qk8IR$NxHQD3|XzZ1|wbN_2;k9V?-D!8r;ri*c*QU5PRu42Z
zR=j$3XU4*0m%Fi-l%B2)Wt7_%Y+E*c<;aK6WdrfD10SyWk3Q%~KD^X@?gN9oXl;!e
zJ5LX`<0tJ3PCVNSr%ShF$#m{BtJ}1%jtqWDuOa*{VbPH&$)!3J+^NESsCoF6{~ksa
zx)UNLi_0p~MRd(iOD_3v<!SO4d7GJz-b0;ccNr77s%w;er6L`oth=R7hwaSO{hXU?
zY^}>K*LQ#Jy74yQF1Sk37ox%m1p23p^mMk;v0}1jCFODB10S;TDiitq6&)o;t_l$h
zvL01<*YXoY7(}+;uLzDisa{f|%6!dmnz$^Fyl{GLjIeL(Qkwt^n=C#8{ULvUVa4&0
z4-HwG%hb9X1m>&nUvGcg>Xk-!y7H=wdaFh41yU=Pn_I*g#Hve0s`AfgyxUhX@?L-C
zaH%4jS=`1|yB<Hwd1iR*p~%A2t#SS?k9oh1olM`MJ>I^qQnoi=J^f_%3&Q6@p_@)O
z4SjpFw9oH69LIC2OjyuV!KTOfmPh{e8xnzgW36}V$7<{#d`K)4GZA9==2COPC}4az
zueZQcK#l8F(77{eqoc<ZKidXoKdxi$&dk0Os=)c_sB_}r^O{O&>y&p_vI;-7tQ*S|
zmu7Ci`}R?VrI|xxZvQw?lkpbu%F|jG?+Fl&F)NoROOoop21{#}Bqk`>eSYlT^~zWw
zw4pISJV{hYQ|-}}+K^U1h3WqO7izYLDa*;Y76%OXE?cB}Cz}7%@Jb)sJ0bp-uP*j8
zsjbS6m0A+^C|Yyb#q4-CKLXb&jhdTP*Z18o=V#V0$R6?S7?&>7p}Ws^Pk@=;^0eff
zIeK?pUN`#&b_}<q)GKbX6@J$#nsiI(lpA7LTzU!wjS9ck)|hY@m8|gn@adW2xSh;$
zoyTsC23eg))~t%k+-|~e(_QC0=2nwcspx!%O*Orzps%7}fq+?uaZHphKU=l+j%jB*
zZ-!+Z$e5!Z5_)vCO_F#Vo1cl0Z!N$0b3^IUie$Hv#pA;RMMa|}OZAO?I?D~Ra_<!{
zv<$vrL6=%SCu^GAxjT+86h_ncM~+s<?l#PoNI5coV5Z&q6VCex>mPd5<qGTw3(-#}
zJX~d>b2-EKcFz^(fXmH$r>W3yQ)!VKd>gl8IBREFNrWcHQXZ+uu#QZUj;|P7gW=ii
z<56)nK25#vcRt`eomMBt3<%|jcmIQhDLzA;;p?rgE;wA7|53T1#-PBbKWdGJM~bXx
zMZWiRf!!a%IS$a@kZ8DN*E+N4+k+!~(Z>`%KlJS>Dyni&W`6B0#<s%m-L;Lt@mygJ
zD=d_^u4FQkS#HA?ZX9)?pXmgV&oN5c-Yw_K;Z4_cM3cUDX~eD=2ooOZjFc^jO63gY
zieL1tG{x(U|LrEJtfCg~%%{n0^hFmB9`*Me9ZC}}U@WFH&va=HTi7OU5?cmnLR4+N
z{m_@C&iS7@J5o|^+n!j^I+||L-L9D+V^?j?{WSRCipLcpyr%R~uK9~a_dm4ae%E=*
z{Ipa;s;+{FNlfs1&b?v`+tNOdtS3EhywYH4@%(w}&S>+ei<fP+mn2m8g?*LTzuzt^
z?%7^$t<;qdiQl?fwNvf(E{?xnb$GVy+aQLakn0-TV%h1o(_P<w)AfPTLjUoX;*}#M
z4T|5!X0CgA-QR_WFX>3Faa25S?(l_##|D>_^j1Ya4;*ig5#&AuWVD3EXx*%3LqnlD
zO}<YQTVJ#Yc^if-+kd5C_|9}y*3Mz#D*wvG=kIQ_?e-jCE^6GQoO+b$`Fe{2SA*aD
zw4=T-bPg-?c|?Y8O#p7!WG+wgZOcaqWibVVja>sxq{^}3-j%E;JZ<Tii^bNqSMBue
z?5kW!Di;;MxV6EiIX|m#tiQg+>mG32_m&+@J9^+ahsy380fv^6eTLU~&Y!nCfA-KO
zozLwpW7hf^F$~5G<%tTTvKleRk8{6Qtt=Cj5YHk3QT!->_T)!76QLJebJQOZ%{o%+
zl-DM3>DWsT+{txsksWqey5-Qrg>Q~zRmj+mkJ7=d@0wjS9N1NV%{0%azx#Gez<V{G
z{*xL+4&pTR(?;9#ztrki4pxpQW_Ki)!u?x&t$=A&Z|*o<5^3ktIfoZ!Wf3eFwLej?
zi3!lwmfpuXXV9dHD>S0@O0D5o-63cH;TPu_7zhluGV9WB51gGo?o(;vS(zffaKk?J
zqA&i}fr|2ZkGj{#X}z7JuDq--uChE)uE8qqOTmadGv8>BlZgP6ynNOL?ZD6J7gzXw
zd+k49dYa|++&%4)t&tYf1KRrQivpVmjhLn<J^HLxRuOFLr(l#IwZ!|uegj)anWUQy
zUY<`HUz_Af92X7MAx0IZ^lDqr8X5{$dHQ1Mm#^<#*LS%Y$E&vNC#Bid+%4SAv8VQu
zo^bv*Wu<MZD&}4d^Yvf)cV%eH4Lyt^RVFF=8~*05%Ehweent0^r7v>!wPwwhcYE#K
zk>S^`S7XPM9j{q^v^PImlweyaJ9u+P-=oS3mdfbh$`5xV=IZU@{W8#{Y@V`zmf=X}
zYSP^%^WE8dv!Cu3le%<xQ|#iR%L(C$k5u^@KYyvo)r|r&xK!CrPavMR`oXzvI!tGe
zp1)beo-8ac+<V3$qou~8l{dZiwqw)h6pa{%=L%<-7q5OApX%@+(}J7GKu9f*e@O42
z_GWv^@JsK7#@D}vYiE%jJ^!txDf$?_jacX4qvxkJcbM?HF-_Mm7_QJS3OFFyaNV8J
zZ9Z$I{J_iI;x_O0Ji4E`P2Kj%2Zu!F4860*vkvFeiDzx&PvJMnYm0hjonCh2>H823
zVc(J7*+!eAy-S{r@g)20y`8?JFDEr5=p_9sJ^oMcn4`V=O~-RT9Sb!6)P5sVT9iP?
zdc9cMs9$d8eY^K_B1DXH{03K$+E07PZrN9{sE_5%!er~N=Z%R{SB(0<@?A{KC6&%9
z+ZwuOm-NuL*1+E_ADun8ysja0wY_A)-q<hses&G<^SkO&Twd-oUuNXudDg4U#IsvA
zu&|{zt;|ZgwA|r{&?$$QJL}K7+jJ1s9@OQ3sV-Y+;#c+RV>q|;=DWu1Zx_wIs9iJ~
zJbjk&bwZHPsdGuP?m1U9(g67srgZ7=PK%OE;EvQ=lsH^K8XtRiUSWHQ-;mwKrf(M&
z*IT%rj@>cOL}*6FR-VW6Q!O0?oa4C<>9QYZkA)$2Xe)LHpLTiQX`1&TWQIfhY2FG$
z!CTzw)fbcf+v6^#q}P^kv5U_=vtjY?8ePdObFItcNFyvf#{T`as{w7l>+T$EnZA-;
zCu}ay@#8t_o4GceJiI+8{D!|vhiB2?ld~Qg`-gJ#l8uI<G&vSC4vObW%r|V{ny+M<
z^6_SwPC}{}n@P-px!lL+ap^VMUboOupRat@y~5Oro$LI0DXpy+{Y$%V2j*K$4?0rS
zQq%Wpxu@TC^U>+{^}F{Cw(a27b`4@=Rq^h0YwYG3AIPjJ8aZ`vY)F4;DVLs{T;j8m
zHz(%Y63VC#(@~jsEHXdKyU#P=+db=e>m$d1<GddhYn(r@!uNQ&&54J4%VVvjA~l~q
z>QpIo{q)W@QlYh~YF}0QHejDe_qx|Mx@#*8T0XYDUZdnv-!xF3q^P*CDYZjX+CJM=
zo-y)XPtW<nZx0Tx^mlu3NpIcQ*W1$t4Cf6Ma?`VOums(>l5~MhrMy<h?(55(^~n{D
z-B+5Vk|MwO!#o*T)Rf=GM`=bG^%OXp!7&nu$mP)t`1bnXxND8(jE?fm?Wr1RXPlKQ
zIE`Z(czx_^-|x^`pH}5`Y<<0l-_whV1>*t3YAvzJ)2$P@#6G&Gams1$oq6s`6TSFz
zI^F@dV>e}4NN;zsOUz-Qt9n}cqC&bewavLmQ{~e~m*!5B_;%$@b+(N1@?4>sJLWU0
z>}mMirm+2>!L&QmVvRX(!dW;wKgi4S`GttG8<v(QGafCO8EeJ=F-dg&V)kSnxzVu$
zGX+a6Dh87ShhnuYtk23{(_!(+P3u_5`ub7I_+9ydCf}-Q3oAe!#5b2`T5@mksuSWK
zeZ|FP!i8R)4`SJB-_z?7<Dcp2nJ@bCHTCF$h}Ogz*`92v{f36uY@S@OyRCL<vAB(g
zcJeaz2j#0XzP``4H;zdcxxOz^GC?Y$kB%3~OeX@4udVYwwf|0qddo25UY<wKZ5tg}
zGi3M6zIpxH%gwSISjmz487Erlx36Iv^Q%euYI>75qh4>Bsn^(G?^Od*Z;G?b(3$<#
zT1kfd^THpB&D&10eU}Jy`Q?c%g<q>RQd2usxWYPb)@;6KZ3n!Q$?bqgvjeWXyYLWZ
z%nEPsE*S9C9yb(P5PXJpnn*`Noyu|(Uhea&r6Nq?)msKG&9|;-d%G-hMkUGM)}ANv
zYZOOTm7dVnC4Q=n)-t?lrlfPZjnH&iH(y;ZRvm=@eQZj0=grSEZ%AwGuic^TJ(gKo
zcg@(lGcEQ*&T!9WKK3=`9L(Xs?VUZ#uu#zFm2;rQUFq3XhD=IV5528EuF2ui(<Eu%
zQ#9O@D7>9r&ZWhF%Q9bwr}Z6rmvgSFhqz_FyTPWy)uws7IoIB67d!Lm8^b+{zmI%=
zbCU1Uwx?-PWnxj)Ytrp*XIV$z;abDOcMq7xtHy(0A1KNQALZOc5OJ(r-`7#m54!DH
z;U$~51iI82^k(c{BUgD}l%;CL%R6<s5>M1FmWkcszV^yG%F-<5w>;x!(wN`eO+fsG
zPTla3eb>FioUZ)tKw@V3R^{s!^O;msLY^;5NZr`2rJBkTkS1o|er1{23oh=okz}W$
z%d#K3<|hY!o3mwP=yp*-YvhY-IqmORPO%agW<~gMrfefhU)Pq%b`Bv4tys=Lnsxil
ziS0`t5SLthrF>n|OkqSk<<XqvvK!NTf8W8R5bl=F$oYDZi%X3!^kRcSEVn^k_l<cV
z<mIc!g%Z;VvwVC*b(DRpYxvpp&Mw+|TI9J?N?@(t>ZHgmsS$<W28BQ5nFSxUczaHv
zxFp%@bD-R}SNoj>OoqxWjwQK$$TUfdvhXnLdU@&8T5Z|3ljo1g_zYgstGasjX4Td%
z$)yk8dXM*CHue8~-}&kD7&R~HRusHDm$%aI`o$tePf_Few0^_7POjB}`aoay2Cz$(
zwYa0CV-%M~_LbVtkF7Z0u5AR#=xCaT_W0-6=~B+K)OgM6zSu1sc{Lqm{*t$Eu6)eD
zQuUC|Nlc1gJ|%TtVan1u0ovEL?S12vXEG99rhmnF{dNCglXWe|{c@X5(lLtk#n)c0
zR2criFk9hm)y0&Gdg78Ldpc5kJ4CdH#%`=@mhLPwU12XZGm9Zo_S5})3ZtFNLT2!V
z)m0eIU*MLmqO4kJ^r<Hg&||8$<s$P{`F$4>W*O!0VhVmH<0z58x3;%ufuV2hr7!-m
zsh>VxKWY(cwbJRiOT#JstIhfAEn?2F6cmj6cV`1h|6n@)NmW~0yWE&_$<pTmpZP8-
zxV98H-0-qg@d?mbs<Agab*H^^OY)0_%Jv>t-+P<wYG09YK1nvMH%?lsWUumCkp!(5
zi=(p*y#?EkIh;G4#IP||UAD11GqWm}#In&lnSa5(h`DNyUGA!Y{v&Dz=t@J9ovvLr
z@*3L>3e?Y8YiG-Tei*mo;@6YvY#bYcRe~9V^mktQ{p}l#y8MCUh&Ntt&+ccI=@jLy
z&8Vk)T)Q_)-D~LWTrK9iPkHuc`L?&kws?0mU1=z9bnNstxP0nai33O3j3W12cAl!?
zFE{pI(o4_Q<S^k^%K(ukBnVET<vCTa70goN^~U2}+0I4XGd@RL_@X`dKseAq*Kpxs
z;^QqYLYluR+sY)VMRO+)wOw20{qAhSEr*7D{|$5scf@Y>Hueu3T)Dfby{YNKmx10w
zU!BXNeUEs?UF%I&Y!Ch|?^<u2;`rc|tfD48{!B@O%WYy7Z%$`C;mePZF$;q8zD6@I
zT9%J6CpaU^jx*Ib+oS1N;rM99!*JpyW>LGwn=PY*l_bv>nm#L7=&m0Zv%ej#5-C4&
z)hU*1cMe;-m)B{eUjmJGhbmvE_u1ac6xjjcftO8A65`gJH-Z?7^GO{QTUL0#&E!cw
zt?1m`L+WT}+7zkTvg_7|FV_P7y-H^t3uh6(pjFV*Xm3-IoV4z9V!>}BT<5OTvikV8
zm}a#f5wBdfd@<h)osdHJx^+eUNxdUR3M*0$w$?7lB&lVTe0XjkGX5sE$ZxbQcK%aq
zA^pp<n@N?y(^se}Yw^a;2GzHItl(jzCnsN@dl%O+=G<AGmRH$8a`l|8X4kkpN{5%v
zzvX75a=M<gkngKx-$sM>x!qF!LvbC67Of8#TeM1NtaD4ZJ-?_tm;Lc|Gho(titoGP
z*TNm~wDCfxB*?VB_VtEmRNcN*ZCM`pINdIbFV)gMLPbblI=a(!&5Gsjc6UpTpPb91
zz5Z?S{z&8eZ{Ox>zx1p+r@z}L-7#Yt$7W_fIgyXoY*M`K+Yb2;yr}dP3OuOHFSXfL
z@Fe4LsrWS+2^%+dH3zm#e^7E-Kz8q^*Mu9^_ZHu)vwCvjVZ5dZe~z~8xuX_mPnGG!
zUa&hKC%NR&F2R9u_Z$KFjKdEWCI^l+*d(taT6{b8ShC(&Hs^AD&6czCj9SH_rQRnk
zmvu-CV&-y)?<p|rEt3ECYVI+GT(dDhhA3~-n_qJl#s&<8%!nx({hHUcZsbd&J(qZ~
z*3(Mi9LuUZ({JAjOa#@L`1(?vun=+X#Y;6dZ*fac?7MDj8>>;h?9?UYs>`~n{GG!(
zzP&<$T?bpn#~waCPGlxt*?DdFiSsPu-$mZ_Fv%ux3yBk>0?w3K%|9@B_j<NLUQ(Vr
zS6BpR>;<VZSIu(nN3!<ybz4exu5-p`4);u7;dLfThknHgv*wQ#vOEEw4yVWuy}Ov=
z7v*Ql+h6jz?P8MO=cliT45ED}$I{2W-k!L(KzK#{R=R`>7iu0c5V_XK4(#u%Y{_?A
zN|^aRp?bVv<><r9x~>+|Es3pSR`IMEaRv(y?@oKKpV!=QbMORDN_qbp?eHwE@%MNA
z7o3)^Xv=1pCG&1<`ijI_MLjw;-uBwd`u?N#ro$!mT7iLW>Ss^d-F8g8fA8L<T}QTT
zaV{8a*IMSzLT6TWan@eP7co*xxZg8p++~?t?E_M@(0mhX*ZaS*PD{A2=2*_nC%g8f
zVZj^0>0Y5v2P*SM4jEhRX}`I<tWnT<f%>KEuWslr)KK<K)orwOWAc=?Z&+`_ukUAi
zf;pU@D>s#yd6SaWxs0xQQ_^7DN{2=jop=w~UP-C<Z@)Cgm0NYHT};~fReqE1{F_!y
zG9E%J7C+juv*L_xP3y7X@X(Wmv1MX*=U2%u|Dvh7^yt3z%9j%#Wo8-Oa#rjs7f)Ed
zdRDm7?Pk|98--Cj4tkZ{*-=N1GzzTYj9sjw6Bf4b;HpEa>3;T&(guZogThzyoJNQG
zBS=giBaX1IX<4_Oi-pDF)7`MyqpiIc=AK{|W4p0a!zbYB3wxO)TdzgsLK<l+xw7M*
z9$K!^Qvcu_e`rQkX1A<|Lvyx$X>sv;cl+_d=dI!AZ&`4<O?!QJ|E%}jUFY}Q;kMh%
z6}Ex>G}j#Nxk~SXGcv`>c-dC3`mKrS#6@@Iw@1t~<SWZ=lpE#^)#}$dHwpxW4wmoG
z9=w-vyWo~vr?b=Vuluda60;BSTJ2<HvTI3^-nZv`)o-<X8Ewz;Me`_r94K1(IbFML
zx9?ShIVYZo#a<}aQtcmld}>SJ*Q_PmHjKYj^BnCzdvBKFORI*W)m+{;HtO>Wl|5g?
zu2wlW`L<L4CE>)6X-O|`cZAeloF)D0s%&rKHlYrut&Mwq(p-UuG$?pKwA5+WXdSDC
zV~^!p<=&Hg`r~guhaFrI&qK0gza(Pp_wbJFbPsm+Z)2^M^0NNwfpT(O`$hEaT3^pu
zd?0rh<07JUX<eiAD!u~sO+(3@DoFb9w_O<2{3zPgG*fK0F$m7lhJpjTlO8=61!GZ}
z+c`_O(36kjH9M!9RWxQKIOTPxrD-s5mgWx>4olf*YZ~3AyAq*e?bR$=>NgfTH!`KM
zC1tJQheXXNP|8Yag}+N^8S}7rcqYRA^=q?7>2j`30oywVbB%YFFZ<emg8kD+)vGJj
zTA~A<Hr}e`wsU%UNyN?I(%le?v8HQR?IVv6T#jgW7xjv!jOW|k4vXTlGQ9jk;8gPL
zpt#YiPElfumrEu^w$wyRChSg2eD=P2VBvC?;w){&{<n}9X1H(d^etQHY&#m0wA8{w
zz4v$ySn2O(;bf1Kjw$3xeQW>+xajiU*3d%_yxh1zDw}>Z^l93glK!PJR}Hg2oYHR|
zes}(;k<{=$`ZEtIMC6{jEK?l)Tz3CT@PgktPq|-hb0DTNFp^4)kL%FIk%&4fkvW~l
zPKQ-0SghHnDNA>VS<|ssX_U1Lz3ET@HIe5rgRD#P@@1yJj+Sn^a}BIFg|~Wj)n(9a
zSDh!iaP6t#p1j_m98&dW`Pfqh>T6<G>n>VCv?*WL>}3IZk7V}S&3<KceeII#oWJJf
zo->iv+x0Ow_jzOBjJiR;TLuee&Tbh}T-W=&(1f1jw5Uaiqi6H_Y~T>j^hw8*u_YS)
z{_SJl!0ziK+4TYL_h!Cm4orz-c`kXq^-_wdclS!Cmp0c5@{`pom^MX)s<4op)1}i4
zj~+bey0OV1x~_{*92qLIT}AnAP)-)<;`2n?`4nFOq1ZmIvi2tlj^~qo`O@}8gsN`d
zY`N&24&TZQDb28XcXxQ}OLa@h#^^LiSGC>fbPH*2mRu^esC^Od-rfXLMT<SAy~A(_
zYsO#7NlPu@aF2SMb}_|pY^ZDDn9HNYg0EuR8Le;C-F&fLfi3%zIN^xI5(b7BHcwJ!
zZ&+mYMztZNI!&j}q1{g|<LC)pWxhHs+heKpXAW<&Inq*_l>I_j!2i>!`rXlI7UW%Z
z9ei_GXs5YZqod98iw0NkUsevz*k`ch7+Y3mt}g44Pg3TEnp<|4SkG$iILjrT;xh87
zZ{TI$7R8~e_XEvkHPZCkLa#$@!2;J!VbeIcPD*Wmd*fuB?34Do*^1Be?fR~sJ)2oo
zRr1lr@@Vv-xaqeXjfzHFy{^=ii)~U}HeDI6Dg7Sn(!^_4F^97%IL>dlE6u~qF^^e2
z@sx@;w=(_m4s{hKhvni~#6899>&;7e*5$i*)tz;G@g{L*$H+!z5sh<4ayC3OzqKL2
zeQs&d*k~`0?pj9vF!OEcC-d@#hlZ@(JT*V`3h%sBo18q*4En@M#g(FS**!d0?kgAN
zQrT_kkfB*qSC?^V+e1S^X3^v%2Z_Y&%Tia0hMRr+zMR!(b}s6xuxn~!w`^7MSuy9t
z$?6&~!<I2tDIHw)`J?>66~EE!@!a<K#)r17E7I$)jdW@U4wj8K+VoE2y8rd{Yma$z
zkB6jv4G#|`<lWp}-*%{_sit{Ml+P}j>o&dX{1?5KZdepuUb|wk_p4^#8ZJpQ`t}c5
z+I4msEhIbZ8m@PpnoEx+7F#}H5+AM=(&IgTTq=SzBjqR^i<A`cM$lE=3q4XAv1NUS
zAIu1FZRovLaI0bODb>{S&UX*p>rDfn-kF}_`k1fa!MTqkH+NUo<oR}I*T1`JGDrNz
zht~&J<bM3T7Gy{sjq2IDa&qT1)~t78y5}L&>b<o?cNN#FERPqxJ%<h)s4Ez6uGKe9
zT5>-8lDetSov>kHV_TW!1cxKyajY|13Awem)c8-jRjkQwl)kx!JxfEJBP642$xM&(
zy3H9e+|1humS(dhMn09=`1P-~N$e|_5%}f&)k1~W-Y=bIbo+n&`a)RP=<C;|&VKoJ
zH4iK981hsz1~pb}`XKjIn~r_M{c?7dhw=eFr@ewiH`q#F3|}T~L6|2}x#m!C)*@oD
zXn66rrKf{unx&}D6)TA=E({^$uFRkH)}JF}udKo}X;w3{H6QE!co|k~e{9Tj)jBe0
z`1I{LNwdneIeb2=u~+ddWhy^l%kXhsMy%H9>qgGKAp^~MGROGY&E3Al=$u%5<=MLx
zSuaeQk~(W1pW5r`>DhZfLfpF22_%$KZTU?h#cWR{%h?&3&Uy8BDAY@Tx^K}_w6eT1
za9B1W#fx+Hj1bYWN=0vz*np0_z;7>FnBr&BGbxUJt6n+&?Ock<V8gwIE#t5DtIeD9
zYCmg}3HKpY)z@|+H>??mdc4~rXCKY13t2C`DC$tSl=H~D2%hAJ#Y^7Ok0;n9Dk;l!
zeU?)dlVZ9qzL;Rb&ye`cUP{aIRaR^M*U+!kK1YL2zMjj>uAbl_n<%m`@@s(KqqIu-
z{%42uoG+?zg6S`|==0t?$okx+yf&J<dbR_{cxh&-P+)hzgr=nVlcAa3{WH?6UfE>C
zeC9uOrIu@Z#bJeaJ&#s51?b1}&pU0vAf$17cF(s5dPS;+f}A4Xb{t-i<aPH`PU8JR
zt?GEjINnS(uyXI#zpb%@y+Oj=?vloXM3(DWV$5MXg`PBfcO)IYn(sPX{PpE4kz{>0
zsYgeqC2-}mX$ShWe<}^|sCtkh-%et?0v;HvXUlyYDH^MNo?R9+*P4#C^l;+-Pmfo-
z6c!TM#rGGNUlct?H+z3wh-P#CG|qNXP+YkRVSn6-arr9!MTF#OF>@DN%N8blo~IzN
z&&jzoGB4;nVNXT4VflEZ#Knq!j^!*8L9yXXK|(~c1v%U@0ir{1&#6XuST}quCd_2}
zP{u|GS!Q9Zx0=&p2&4xd!-A0~vsLdae+#?&*0uArwLORV$odG;6`Ios+#Ja~H$(a&
z!s&(vF4KuFV&kMMiInY;wjXGUnN!f{Kv?7`G2X=!+mzKZmSlMJ4na+6`brmq?8P#G
zFMZyb+rmp4rxjn`*|&S~u_NzY4ZIr{+qZ_VN;V#<R?QP6%ouxP6FK(G{9xLX3tuF}
zZH_XjJu1)LrkbE>lXazub5-b0DXr)0Ik^1V^!V+v?5=!b=G$l#edMT*Nt0B>9j9J~
zg-?=->T}!5oO4?%PP{&Q{9#aR;pflhTb5-G-%JnCK6aF|bNY@8+Pw*K=>_fyjBBzp
z2NXxlns@uMWJH7~?U2$8?N}e(z+2sRNOSJeQhw&7?2PV}zHNtC_n*3!?+S*UnLW$O
zGgA0!-+LB%M(WDcXN>eD1E-YwSdSD$xSnNjxzpV}ljQvr^cj|~WG!5$S#%H0>@e{#
zaC8vh;(VIQx8rKj>)Q?=gs<fcbq_ROV~#o^Xmm>`=T*pHUq{N&%JIxM8Mk8!zvxsu
z%^)(!9$=6Sp+BW2?Gnt}p~E<mq)ON-F<*KS+c~H9pa%N*hYTDgHWAis(;hxozbSES
z4gEp78ak#0>&L=Hm<hWo@;9&tg`F9o3;U##9B&%Fo_<NnJh#UJL2Bisa0RA1v19ak
za}N=MjuyYzpkf&`62N$z{zcF%(#o^U>{UCT?tQbsEGVZqScTwMnm2dmb^Bdi>k<sI
z=7=)9WB$ZM5^PCRnZDfh<Cn$ac|Ja0f~QCJEE4GNzrj9OvCE|=$A7p-Lx;68YrCaP
zlD=@k$%aiU9gUyW$m^zG`K^}4*6_AZ+v9n^ajYqi&dn?Gd!JrC`?&$=xF1?Amc4j*
zO@g(O_Bx}r{*`GFtn^Y5n&PV-^a&T9?p^6Mv=qec=v}Jj(eq9=NYG_{@#B7M?opwr
z_-Uma;ckt?75;gNI(+AORn_@O+Y5J{OkR16E&62N*B8B?4-4mhsx$I*XneMB8F%N=
z@zLQv;e6W|l9F>u)`3uIm+`QTD+2|BB+8NlhT;ZiEVwRu(#Qz3Ypco)yZvI?N?oe0
zYgA4=eXLRyKeH=vurFnHZ5Qi2(aL1G&d(`h4r7Vy!Q1Sn*uE>(^N35gcn_^fd>SjY
zROrd)-&M!F><W53Jumj>e(@9Ob;u4JJAC;-X$j-2AiL2WV<R2oaSD#{ns0o2at10|
zMvHvM2SiU;tys0MXH?QYAloB@<D}t?Z5vLO@vT4fF+$Ac?uU|68Sy^DBjX;^`h?nr
z>Db1YS~WM&5oU49Bo`lfQanyr!mhHsoukU9M56r~dq2IY)!5RHbjRt<-c~!78_zk{
zZoJN%PJHf(GdEfl&aF5@x9d!Tt#kVdvzbpBABR|rTrwl{a>Ovq$>J2-K&MJr=@1-b
zyWr_2LY2=)BepH7K}_3Op6_p9*b+o1YF50dbQ&kShjd<q?dmK>WwX&6>mIzgtezG%
z@G{FkaHRF5i1F|HEW#f04i@$1&pmonFE=-rXY1+bHRASl<-!@p4ZCyR98DR!l11vU
z30_QUmn+(5VX0ZV?*x&VL%K&iC9b;3qJ~S@__)aSw|e|a&Zc#HAFMu~bMJ8-cYpkG
zbswLy3!1XGoVK5dI`cj>!nZR1RCc4XJ;z<{h@*R6ciyZb@}+f@6%T|X&kCU#X??BM
zA9fuu7yJDl-7GmvgE@muO+rsxkAgnk`_i70m);r`3d2Q#<G$iD@gZH=L(bO<zJ9zn
zYji}7XF$8##{QT>&-07PzEWy6C%wB$j;X3Mo410=gHt(RHzOgdY~!umT@p!=mv+|W
z5BKQln`EEg$wMTTC&&$U=o^c=m$1byzEx*1qusXSjDALLxk%P^?iDLmt-7;Sr|rX&
zv<Pt!t@8IuI!e?Pj*rb(9BzmSUOp(tlAC*Va8NI=JBP=}zEM#7_m#$8Rd3Em7LGRi
z#ug1;aM7BxY@>*{DhC(c)&<KrSdP;zJ;3lLKS7+qfo{ewm-255UG7T1AwEb9z9>4&
z-1^+HAm2FoRi7=`;>`$}&!_p^$(c)+V#|G<<uq$hT+r-bx$AoDZp;?u0URN#B5sMT
zBd{}CXusO_YGeEDFk5kLI?dHWL7PwC7H!-h^vrStt7Uo29Cp2+0OjEA(>;Py7mat^
zEBAI<QM_Ptf>}_gx6Jm4#i7fO%(}Chc^lKtiZ$EkmF~0m`dw=tL!PL9gkfF5=aR18
zf-#xkX%S9*Nu;gM^!U4LU-a402e<ouyc4-`w!vT>t5(#=5M9+l@Dl2-Ez(WXaZan2
zw|acPC%Iv`N7ldY%9UEqRp8Sw=x`*9X+z<=z_Buu#8mo^8xDTBowCi)R`4eHNwzed
zXI&*LwY_w0Y>jmdcY2wao<MFn;p1Z~X1Wd;Sti0F3xX<9EG9KXMEUZ~=EaI<_s*Q7
znIzhmNUF%`j4^8Lmmx%RR~CMIb3o8Yc-QBYXzPkZv3)w*1mfIuL*8!(AKz)KZq~Hj
z5ZjliugLPcTGwmE(z)G@k{nycfA6mYKbuAePyP_GlGMFzAuCf9y+3oA@UM?<<6NtD
zrw%+MSe4UH2`$Ld+7h;EY1a+iA$he7Zh6xor8=iB4#!2$GvD4lyu`v{fiZU#EFF1(
zjE@a>%-uHsP{pG8Ov4|FT2{{5_3dSib_=Oe-sqN7mYKE4Hllg)f)8`j*fc-P-SlDE
z#-QgpiH5g|XFWVkce3=L;^NX-#FF6RtwaV7f)?}iML~3Tjx(0ohG;0WZ)4Qh9A`Uk
zk#&z%GLz~#DH3x$%SnY*H{4edV$Otm^H({vi@us^R=j@tR`;tj2-jCEs@T}N;r=oX
zgAD|Q6NIm;-di($r0dfvo+G*3-fWi0iSXbjDi#~)zcSB1Gn<#4&EojB=|%@QnYZ0H
zUNEoEOTTM1D;@I^_X@(a<Jy*SvL&j-JqwPO9I$S6IY2NvcWk$Bfqdjlr44%Fv+J(~
z`ZoEnM4r}TuXvwwWBAMB;bpE5=WJP~U@^p2)A^Q%!{p?kiC*mDxmzwb8&+&EVD}x8
z?MR&ar9TJU0xcXI>YQFkSEoe@&AZ`IdQ%o$yAm^nG)-dSr9bh{za^!AD6C_;&P-AJ
z;}=sk_kiE*Q1DZk70bgc7TQQ1dY;peWh1<P;H8mso}-JKga!NSR?Ve>zI{((N55RG
zxu98Z_@I2&Z}m&}%X;<?XoEkrhWII-q6S0jonawQeM*ZXZBhcq!eV10pLKEYvg|pN
zcX5~p5QEKaun^}+WZK0<+gg6)uf5Vh<g}6G%g{($HvVo8Ut_j-eWyeGZz9HnjrOsl
zA8gbz+UJCwxjHt6eCIlAF0MJhn)^^{FW634@7a1uE6(@+u&>lR*|YV@y52^GS3#H9
z2XBeqKX8_L!AsXG8<;+Pj36kxlsE9~EuXWV$5JJT;1jeuoOuy_GhvUlW-5W<WZ1)*
z0(;bhrATzARi5oxutAuV$l$+${eq}|uwxM81;VuUC94@2q&cJsUbA;GNCyQ?D`q6F
zZY-9gA2H&7eBO@HvYf7}r`&%7)0JsVbZyea_ZAAQFFU+~-kF}EBd%NX)$%GU-MNfV
zsaM6bRO8mH8d#>zC9tTN@r)|t=A_>`pD$crdf<r_!<o*+EjMFqR~Ba)JzO;Q_I}Fr
zy|P+&6qtj|ZptR<tql16&HmXd0|(n!Za3X3Enn>0lh^Y0QS>mkW~1XV`F7pQZF_6G
z-oN2uVHPaS^K^f5dVQ9>2xtjnQ&YJ*d`{@*eApc?dM^zW^x)pFbBnt%NBmvaDJ9;U
zvDt=^8-k|EZU~zu9ed<xx(K_Dj7@4soX3l<_cyl7*^D)V&&8uBx0`a^`>Y9$rLu}6
zA3qKEj`z$SBQ-bA@c8g@F?*aqUhmn1LPaB=Us~vad#A<L7?#RD{`qq^9UE(1Sy?!8
zLz|a_WkU$}*7z^?4htu*^VCu}dqb;qt$u1R-NPj_mzIKEsAHGw>|I02nmQg@UWK5y
zPjhI>>n-wqQmgN|d9xqqjGn6=qwg<WzM$E?E=hI%;SY_2CkccOS2~TbuoIc0d!-JC
zFpC^H#~wL{!@Zcpw$CdpOl9%^N7GqGRn>M~_#8mGQ#z%jLAs?S1nKVX4(X7tL${=K
zNjLZa(%mVYhi(qvet&#_ag03}a_@bwHP@WiO5kSm+?h9`Y8Y#D)xh=+-U{{=OEPT+
znF+L#q{|Erlo4kH33uRvJ2K$+m!&|qQmc{p9GRCoA@on#ZeJpM*GyoE!<>^~Ow$c?
z;k*-$v1ib$lyLy*5={QqPn?2iGJ_Qx_Y6r94635F1yeU7lyXoG>s#0(8NzD{{dnOf
z>=l*rN8m`njV?GskEM)bkgyJw=@tE@cxZ-?g0S)*8JGkgn<O4his>`1@K-r}@YqCR
zWYl#Lo#-$KeW4&S6D&U^4gyP>jtyU2Ol<!Q>}sO9=#2VSHj&9`*4G~{OX;ayqD@w{
z_^y!#7401{0&i5f<_5zLvl3{w^3ch#r;g>$a0zi_MlM^bppcjAc>@lR5Qs8SgpH%w
z#D2kR=Cy0F#|_<9w1m**aBw>CUV9(?>E57(Jq)$HY-8E+I;Moh@08`e5xwhkVF<7}
z8f8!TAkSz$ztY63B)&T%)i$>4SQu5vYPSg6d4oa2wTwK*l852Q_m5t`v30&g6GIpT
z%-rlW-vx8)sF4CkA~_jBz$~YUD{+Fvm6w8eAsmj|Z?6FmJ~i$5>>vKKNdH8N0e)|+
zs{&Q2Y5flMadX4|yMSDx1Q;4d60`<%=@Sb|J%n`6`WePQHRxlfaDj@^F>wE&9F%Fe
z76oI}VJAvSZ%NVo<rve8+%Pc@%aoEr*pCzM2ThqQh$jtml7YojryR)f=EIlZ-iyOW
z{8F4VjqgK~_!ev-E|!Eq^#|2*+&*Xr^iEiTCnGQnjvqS%fx{$lA3ictC(iD23H*Y}
zh#lU$Ax^1^SUfhHVTHp=!z|Q-=#Arz@ryelkOMAbeC-Pz89aZY3sqbZIW}0a;Q4(=
zP^>rZw<O|TDz{MNu-IjW<gnPED5&_@O#5)5a&%+lBnMBtVu!LjB9b`C`tGJ|xIR({
z+7T-DjqWF<N@jY^osSE8CyQ0(x;x1{fbXeeGTRE05ow={3V6Z|yaj<$s;1_5QVb0Z
z35A-81Y&U1PC;2VIfTlJCBq>{yM*Q9jr+FL#8boK>Hf8<>CU~h;@fAnOe87<+~6?k
z*pTSx!pLaUm3a4iBXI|81Sw)EaXkb**o0~2D>LeE@fa>9ZZ16JZ<2DuIdkq66Rkr{
z3)cbK8n4}LS4>(4@_Ta|b|M4*Z;tr|sR#GB%Z0;P@9fSrDjka|ApF1XvsoIXsY9KU
zps)GYlW#Drz*ei11@W);WBKRZq+?C6Zu9T@a48mo@g)Zk^^xKz=2RJ3S!nl8d|;JP
zf^aQJ_iIAi!s2}}@Pjv5Q7$eXpg5LZbNjblxTsN*j4lb;t59$7`B@kl=aFX4OCpI6
z#APaVDjk{v9CijPYdcK~=kJgaGa8LyB?m@zrjG&5Q_Rsh1tWjIbgD5qwP-ML=}^oe
zg+T{a$WDX5?PmafR^2;^5bPjS{zOdB13E`!!TWr|e%&u&pgH&j_ykTBaF!3)GQhz+
zO*vYT10BiYP=^#(BZxo}`}!BB6R!L|^A<`yJWC`Y*zWzeu!9UNBy=1y?ubL4eUmLu
zW4^|3J7lmoyMoZnbvzw$ZqhAGn!X$^O02Qa+2*Uh-ac^<-55LSWn$A#2C?|~M8+eB
zF&j6Y1CmVenC>2(NRTW~Unc=RF1|H&E0*zSN2IRtn7TzVNFs+zGQ=V*mKr1u=Pv$e
zKbgyw9*M3U+NaJTNt2*G3Dclf9c0WPm}=xzNG_uc>|_i7csA1gR-X`{KEx?s5^4S(
zS)~Mm!EkahLJ&G;*``&4-^C`c>MqC}t(e!QsqNjZ49T!8hEQaLA=qdz`=kQ)1&9R~
zGeK_rx1Dme<$awETQ=>6-4M6Qu7B+(f^iWlj2V=jP?&8KZW6Zm%Gv31lU>pQ_-lp!
zM$=>5Tj%4x(rPoYWxgC7x}Y)aC5Eld92NqYP$s!B)!*wFV55*TNOa}#()TGU2y)9#
zpEOL5jY*r#q%>KMb~HP6oUd-?*(-v_6!*HjN7*}_|GRo!>#)1(C)o)Hla4QZ-TE=`
z8C1BvO%v~sr&ah%x8~6ChdA}PJwk{5C^osaK;tzy=y=TX8(mmSm4+mTcgiIRhs2z_
zB;x)n7(`w`brq?*kR~oVu762QZRPoDfwUw^hw>wlk(+e?Y%Jm;z!>!KsYpa`@brVd
zNe-eYdMlPUDmNo17JsreCI`k^UuR|;h*?rmhZIML%8cF^rw;Xy_86`f%vvZgR+;g+
z0LxjWhi1fE2IfICEo_NmZy69|UAgK6!o7I^=M?9Af!QNfaQhzeaF9W-;b<_`z;Na#
z?cifLfzRO2lIZpCrar{BXL4<&p{Id+FUB;Cd*9JgEoF-3B)!_~Cl1r5#5&rh1;K^y
z%}9*i!*8X2@hST(*}kL3z-b3B?kfsfk9pM{H}{#^v}#zZRA16Y{;8lEDe=u3J}AlN
zn|p_#e28z)I9erIa=*yU(Ok+WnTX)OjmAKmquuVhS3+cT^-2jFTFMilR;?YrKB5nG
z>)rp4HbL~MTso#`n_5B&3z(djI;`SjW9!J^Ae<-*UM7F6&FFD9nKEi=|5}nP-&jz~
z4s{QsOvIKlpOIozDT|8VvHqWT;uyZ>CcT?oc=HqJUi3n|ayk(q!P?q+t7Gx|b3y7y
z@{IrXb*62AK*L+UOW038&LqZv@5i{%5705j^SK#vU*)}dzJ0#WaFdzP4-&Fxox-BQ
z1vLjjsoQfOdH07<R)gXPU>u8UYY~sE1(Lg`Wh8QIIXF~Ppt@+{-uKsp1;*|f;E9Y%
zDOqkP)*3wj=Vu`hS}Z4mGlCh?1qoHun#r4Ip)@FHD6?f|j2$f{5-3g>LsZ<8GaeiK
zGNEv=zA7*Vqj9v)aCK;K5Tg|Zq9$hoHrN|wX@G_N6%jd#rPU1Bp0}clNXU(a%X!Uf
zjH@U`>?SwYuz<uA0x2J-X0facqPV~vMxAC41Ah#8K5Hg?*HM!xNmCZlAU;wT%Y}o(
z@)fbokA;pI?Mh_RChl7KM_km<U^G9kk7E-~o+}k$tvd5$KGa)-3wTYVZ{UB@k<z}1
zr_vlTA(DzSF$wQ^zU#k#vDJ|NKoCKv;RE|#tEQp4yJ%}zjxPSx*XN|?e_4{g@FN1D
zH^@Snc#JV4-_N8AHMDA3T`+#AtgO!-gm|add<wLSnLY01M%AcdR1$_IrpZzaE`slH
zX`FapVFB7`)b7b)@S*gROYet%T|GY=DE+sP#k1b&u=*PK)}eQ%6?)O|g-yVCyYM%s
zMI2kZLC?a$jT<lfSLWqT<H>vz50HHoYxIX0LN=oYb6||<sN5f<=Lh)w)M;D^9LC5@
zWR|(!DfE%=2T3I?GvEsk^y<PXa$(_E1R<cevi!2LDy2q@tQHBk{*d&J7nRetn(iut
zwh*}!^5|Yjae?1Rql>XCHI@U;$DK132Ax{o1&8=xZX542*QHw1PGweanOVXyOW_{2
zXR-{y8-km`S--~C-eoW{jJ13RU63$ZdP=XT_I?k_G@@Ub&>!ozf9KYh69V21GTBJ5
z4r@b2tRt`vUbFATg+JuNqou8Zv&&4!`_PLx$e09D+mFS;hAWI!CB)aef2Fk`6z{<n
zaI=x2?k9GmjFL-~Rp*eU1O2WNG3|qsO>zdHb_CKjPUa5U+0ND+Q1=m9e@&w8-U3!s
z2DJN;fl|g07_4(0^ZmPlAhg721#FsM_hk@_WUgQ8ORoH1`FwEZPPk&%u+t)QIDG#5
z_hGZ^ynXZKDm|g=BBY6zY8M@RN=)g*qxb2<f0RyL9z*fu3d7=&0=G}ko6j5D!NHx&
zr)R6_u?axyt~^t?N?q7FKUP{6?Z`*5p5ByY>?w)TquaECylG|@?I<g)I(?Fq=w$DA
z5<%*O?~})YwiW3iOJ4WA4Nu^CzQX9l%uc<$7?P2KuaJZ<sN|kp95)zSG?$UIE%2k-
z@RO7GQfe_`6)`Fg&0c{X6rOyPP~QVeT(@|{n5!DIoXt7cro-rqfT$4Ur>QoojLnWh
zd<}Aj;|8n1PjYwo&!QS*TjNwCusk^SmgoKm61B{KG_FJP#a{x0oWE4=NPLMDzhSAf
zBSbm8n?gO*9u+6oMjHeBN}U9+iw_DTng<!*v9eP!!;2OKCmw#4K!WoZC-RPOlUC<w
zsrGnZ1viB*!3Z29iv`SJ@f-RnD%-Jm{p;mgl;FMC*+@*_h*4T>$fa<UjYV&*=xecq
z8Bx>_;4qL?3ICvD75BZ<4ju^+E?l~bmsEMbTF;C0r7$TRZJ<v=gZXj3qEWVyQz9^5
zt30|_s{~ivu<i5)F!wDAqHZ#j^x9wNM6RrKJ(Jn7!fjTnhh23lNJpsR3@zXM{+5c{
zx4(>DpzNcJ&-&d7wwB~%=ypaxWTeleg+34$;gJ>aI`f6WSLAlMC?Tsb5d>dtdCk!C
zvIoNwdkMbpw3<JjrwhCIUiX2inwJY*DUFkxXeBOcoem#Fx-+GJzKh5qDDwJxQnM<`
ztBF@gBd1we)(!Qyj}_xUwoGm~^Z?8j-rdoX&4g6VWOL8!=ySFX4LJ_~z$Xjjug9d>
zepq5Wxd$Lg8irZ|ggR0fXbVS+G3XwQ(s+PBErqF{&M7O!x=)C5_RA@ja8jH2U2iPT
z7Cxxgaf^ZqiKdX*l1KPe>Q#y~BOl&%pW676g}ZgcJN5#33mzv4k&vqvyWc7x&xae-
zt8o#re74R4+S1;C1O=5vd4fI^!XamVN(52&jtz*rd9pSU^5lc|(<4d5vvoi?suR2j
z8kT+*@MB16Xwz7|SDyX9-6S}y#>VtNJZTkd>hdL$*YQw1{l6E$tW)lWh95yFS~j~H
z6!|wULMW{=MEI-t?h~QwwI-DbTkjwI#!trg?*w`YqdAfQKj5FiVUDVs`G57CKh>vC
z1adoBQ7fC!;cy<#T|tRTDjft6qv{Z3gl!*II}zaX{Ij#5w)W7|d<&x9o`gI(J6j*C
z(0{F%HrnfT8;P#azIgq7BB`)l?iH{FA4+@8)^XZUwWyRS(hp36H@jb4KLn?Mod=Pl
zVmY0<>mM2PnpyOJAJSUoH9c*GMj1CKrvC2{wx6`^VkA>X=qDSF^3VsIorj5!V+>WK
zKY*Oh)_iW~wV-6A*Wx0hG5eDp7nMc^x6PlU4JUVr<!zcgOY#~^>Meet%yem|e$i>P
zK|AQJ0`UZHhtPZxlE!H#e8(aYVFF&nM-37OXbS?~Yp#rPAk6Gj^WR|A1RXpjcqvn2
zZ_M5hwM6jug2C@3b#p6Hk<S?zUxVPkqG^B7$A}sq+z=B=(pGeTzqD;__)ZK{JrbP?
zY$~c6`6v$Vl$t|e77xxOHjR^mBj!kWq$*^tgB&W=fo&`iS*9rpFhPu9YK}j`^4e&5
zL&zZPTu=^3d}^$T?>eLa<>lS)q`GKpY;NQcFK*=sywEXbX_Pco?7`sNUb|lYN#TD6
z%{WO|3K{-z<DSQ9R(T#+>Or5sj%fz3g{g;r*eb>g*+SNgux?+@sqacxpjR5bCR!?-
za#4{^iubF~M>+O@lyV`1mkOQfG&PtzptF_g#ZW78`9#ZIDysmRa`BYdgvL+I6{$ol
z?iqgyiHf!g3|pAl+eI|kWCuP=52fbwznn4XdkoyOi{9&-wOM5L9-WIEFF`h6uLc))
zJoWDW(R|sCX0_W~>wbL-e7lEFV|`v?m|O|GG$kJbLP^(ayKU%jl`(~j1dZ-=G`Im&
zFXG{ScjMVTE_)hg&v%6A(id=V|3+*1o&TEt7$z8T(`zhTy;ZPip@jrHHQ*cfETp&S
zfl$PN7J&S||L4!~lSQ%1)5bOnB@T4(Ls-i4_|MT0SIhDDh@e;;jbh_EEYr!xK{>lG
zz&|xPG9@7{2CICz^ctOnQ*_65=GoE_V*XQY@5O<igv8a`Ck0~>J@Y6mHT!}?j;x)C
z5PGN_k(C<4^<Z51ZVZ7Z7!u^wP8cG9Ktp2*BflVXj)mlMiK#68cUTt}32OD3)9ZDm
z`rs;5E@&+#4p$@&eqWfADUro*rA;$9)^4T{DY4IcP5RbB<mT|(LZDJ2TJ99oGiVKF
zYL(*Vx=LAQV#?tfxkX33K(6t?p~@dt{kI0!msF499G#V-6QZ_6QB-Aq=%Z|@A}t~L
z=lO0z_+)VSSFu7#=Q=79q5%N{l~WV&&1I+$ohHgv#u-v0LP&{{Qsp;C3@ThidwLFs
z9-O7278S1U34c>%OgU%<kDY4SNw=K9q_-cX+;^#eXzs@=p0AHOmY(_@H@@94CC`|*
zjW-_fId%eLyOy(+aeLy#Er->Oc3As~3?bW7S>uGh%T{o}{I*&#D{8Girw{$WaJ4`V
zfy1nxUXS0rMp03b^EZJ)$Oi0gAYO20`%5@f;5Pp`BHAzkL7=Fv1KT4RSqwWbIUvzX
zkax1h!FQ*@$%uTY{v_zt)~9dkYwf&Ru5wiz`!8c;25Lmm1_pDuM3)-tylsr^{sd*_
z{qa5@ufy6du>&zd;qBId1dfEZD22AHd7ppK<XRqgr^Wg3?n&*B1#6k&-7MO8{SGg7
z==ztjjz~}3Bu-Ikcp7nSyP$MrDln6Am1Pa84;_aoYmmT}$td>*9*reiM*h2IxQ|h;
z`$R#kQrQyZ94JW~9n97r>*6xQK?Pt_@7{b+U^Cn$SlS#6KV$6mS))WT14EDU26x)c
zQGJpnDnr18u%Nvlr41_woIIR+So4Fv_3S-7qqk-3$y{)nDvd%0M(e0OvA|LjkHA21
zt7PGyiQgunl9pqi_eTEtT!%r0He;1ddusEmEew7!nwu$Q1ub9xs$QtTFK2Af{W9tG
zHM5{rg;B?w0$!jM2oWrs7XkJt#NhcA9X+7_AtM>dR{FLZ@1Dz-4U}U=LfJeJRqfxa
zI*tFe^SjPhAl;qaN)TV;{Gcc`e=jgaB=2&w{e#l&hBHCzaX0_G)6M=MzJ}8RS76n@
z!!zLE>Ezk2$=UgWT$a**Mrd<c%&Vq|jR9|G=3ZV-?JBNXueSTR!m{J6c=&a11_kPU
zFf{pKJ$=@mfdZjlxv5%^XsS`zv-fT1@lxJ!MB7VJt7`h@2f@~9EZ^~-?C#Ps^jwZN
z=%Aq)XAIwdG<s@aN^kD!b}`-D&}>{Dy_(a-9&ai|@m5QwBvY*<|LuOHIz;An@$-jf
z(Nv{6U(eHVZNS~Em63n-vdxJjRG^t)P&KTZ_!kxuQk8bQ<NE%8F@}$SRZLj9nI&_c
zHon0gV~kGMTt}N%9d~>UD7;QP`mHNgrSsDNd2hQ-s;Ua32IOp~f4S}MZs07QGi3^g
zI$^-khTZv-Mvzx$&(1#UjvK6RsJEOf^s-7iZ5Q_GDoIT<mn_|fQZc3~{8VdOxV-rt
zzvGxzvhKKWc5csuumvB2jdFyU&en*9De-uk*4u@G%T0=Cb$Szt|I-*1Szt^3H`8b1
zed^}e992A;{4=i)Kc!MQk)+<~p={5NDff;SVH8Q36FXQ6bj+V~{E#Bn<E~`OJoFsc
zHql_-8>dI19_X!|C+mbq-}YI)!IvjaIRCcCl{B@USCLXexm%q^8+~xbOG@ia|M({k
zyNXvZDtB+HSZBi#5IM))zU>-MtX3C@Qhis6FxhYvNDALv)WUxB_s?vi6y1qMqVT7i
zaLc#;?i%6=m>2(|5rj8SNw?4r$ld$)U0i%*uX(#=52$w-!n~($w<&t}J@IaCWN&m6
zR^vtP^>UfV2@2_x;4pd~pcM7od==0RP8-Yh8;|1~BPD5;t{EY~rF-oqsrIYKgEa7R
zMXTe}@9YE^^+ZdOGthq_-yjJ>?+3)PtMlh`H)TqB_Z8X6){BPG(z`PUC8gU~hvrq6
zN)78c4t!}G1POm{Z)0aF5OY(vZgpu2t^$Dzi@!=LP^oyNiQM$Q_P~x*j8<FgO<8&!
zL%Px2msU5L-Jp5Xf8|^3^tils_r+i)zjRk`#<(FuUUvWsXlkZJh6(MV`)y=a#prh2
zDSn6(Z1O(uEwxr1u<P<P4TkNx8nxkT+EJ^1h*nU2F9q1o>!YH+bYI44@i{e%i~rvL
zRWu=TkW&HGI=Qv&GA!5pZ1)@y0cTmR-ZGzKuNapQceYf&<JAMZeZnC9P9y(5N62+5
znjoChCa<i^Fzt^E8DBQ5>TX05R|j!C0)ncX6ax5g`Ll@CT@+l1O0hVO>KGX|mrVbu
zqBLhCoIDj0X~e2lE5>iUi?&amaw)-XGO3L4&lx&$`^G3&C?g(Zd0q=;q8<}k-7{iV
z@$owaJw1oFooauRK9i?T@3v{N2?UpYWrn&JLp$`}K}rRcw8#Uz{l2d;kdTo0KDAlN
z%jE*e#cNN!CkdRPnfqCp(Bk3J?CFcI{5+>HX1(41>u~4?Gc!7KeqnX@4xdVoV<gc!
zyUC46Mr62^+ZLoM&Kaznus%y4ock~}=ID&arbWZIv&n#`g&KpgDodjLkY8ri2q>Fk
zy9KF~uS-LiI)1H2O!+SRnPz@>)-t=#Z<nvoTG3tXT76!f<90$wiSoa}6~+T{+L6-I
z42P-3{H82S7q;TxKmfyUFZ`hADbDGbg?mf90<!5cbI^U|bd7|xOj4`AU{hK+g~P9p
z3!r&wRh|qt&Kh``(W@8O0){Hp^;sF=dk+6IY`YnQs2F(N&Xe*vrEP^w*QW&~Q!Nf+
zU}C);B8h1?TE;O;W2$Ufc4!jC|M8z#wt72*J^PK3@ZYXOVULr68!g7cv{!^(d8nUr
z=_Hvz@jMw`g6V-LdScK2v8&k;|4JR5tThVkjV5SjRLp~5ODcTBrwcp3m5cm64O0CI
z-R#`n146$d=eKk}@nyuiANNBsmo~pq%;4u`t?>y8iY{2U7zJLI^sIS7mv-rbvldVb
zRyN<Jf!4`-L)Z@JVQ1q8yJd<5co!U-)YC{DP^;sb2D1`>@qMJcK}K<tAC9fI@CJce
zzNi+sdtPAm(l%_RSgqkG3&=`QY<XWQ6SJYb17iJYM*j0H@xm}~jp!@O(brCQ+#m3v
zAUP)fWXEzqo~a==Zf0g~6VCgrRegNAss*~<k6R0TKC4i_tI*i?SvL?0eG&&gEP8nz
zoN{tMTHO&qxy5v0=-+dT4NFcFJvKXclL6<=5Du>O;^rG-P<3j+7DC36`T$0;Vwz5M
zxEj0Y_1NayT}yR`mzN%^2zN^O03m+t*AaoyG>U*jlb)U(l{%InvxVyC^OhRdt{%J}
z4V;4U7V62}?4jaABFQrz!hg*NKBiZ*b-HF2=g2=Sy$pU@G!$BQv>FpV6oGmVNv9jo
z3;#Dr=%VrzjE33Jj{GBH?KfJ`*O8CujhY{SErOSX0eR4*7!sCQ0`*I6$o{5d7VY_*
z2fVmeK*RdPw}E{cjbtq@@3Rj0y!Ws3y{epv2<e3r;^?Urv(A>fo*|S^Q`WUwAPJ_Y
z(YF_$vuRnh%^yW-x@dM_<V|)#awO#CPL~}NsE<m=Y<&>b)0mDG?0B)qr0xbj`v9B9
zfk!b7(f_rXG1_s6<Rtzt8h{a65IRRjPP^=zRqi-K;+s%>de3b*%Qz>mAmx(xb}0LH
z-_rByAT&yb(=5vI(DC+E+w_C%pZASKV4$#QTIurc;o;$(!?<ThD&6e3rPcSBb3Z7#
zL(@8f)!DXe%E%tgq`>4qLnn7z-*$mq%S`ZNn6u>qx@)G3F-r7u@~SHb!cVI<mSL>^
zBf4$kO)Mmdi%gZk{g}5W_Ed#WcFJES89sC=%omqyF=g|7!&I_!_*%OvY-LwWDUQ7G
zw4_lvI4Hwv_IG$VaMSe*kMM34_t7qbUS(nOmvWq7EXzuz4SPg*4~9{qZdu8oW$4M5
zveGC<sQcaNy4%8msMB>PbL2+*i865nUDyqLb3~@Wer)!_Dh(DQq5)NiGUPX7UclWl
zkU=tDy*raUY2J&~!PaLwk})Ped|ov0TI<-%RZ@WffI7u20e4~)lQ>TKfA{xC{A|7=
zvfqCD0P_VvAzZPx_FkMICo+1v-G9i)=7<HZuKEAcS@fF~y%kbF&fI4@Ogna5rxtU`
z_m9yl_4iT#kcUWYN!Hq{J~U;;s9sghXJUNL>u`$5q~0qp%X^x0n@j~#8`A3ZB=0F;
z38YT?UTgJi#xmhQX)}}5`>$)Bo=O6{PHJlQVjp+!yP$kMuqHR{Q4aUCp29_1YO<8U
zkEvA)M0s8t<2~(db^<hl#<$17i1W=*FtA&zytSzK(47pLl^LGGW<;BvcUL)2o4{XK
z@8>m07T$N(veE3?^J=-lL$l399Ci+Obhdov&6^;6zgD7Uu)NYT+0>l6y>0aJAp3*N
zJu#GuA3cv1m6sm+TPYdw_UQ`{`vlUCneIv4gcI3b_pkRh4!+~1cj_ISO?C$pN_x%q
zzOT2et1U{gaaJxYRwBM^Ttx^|r?NyK!qed2DPj*B_jx|sk7Dbv&35O12FQiokJs$&
z7lk{EHQ}7wQw4v~0OCoxyKe=Lm9i6bW2W;lpc=K8aD~%LDU00YVP)`-RH~G}^TlM#
z#<2#oecay|`-<)R+ffe26$cGAqV<}Km(2J5!d~A^Ar=x{VuvT}z9L9mrp@g{fp^^b
z8$!GkxPNP3^Vt<Pk+h|$^*k?JYV}c%J$OrbtT20}=u!?+M++I#Saq)QzHN9NKW{)G
z){3!1Hph-4i0zmKThC>I|8{8I4pxL2nB0?f4O%al_!Q@C6x5Qj>#AnwN}1j}rtGGU
z)^@#I?QM3Ka*MKw!|{}9KCf7$vu--|5U1CEqPbXpAEcOv^!n-u`VUAc;&o2~=(b+X
zAx^uqueRqHUMi`hyNy1GG(YFiCdC4G5(1=T;OQda_-f^o#Wp<-Uhg+r>|rnAqiLBu
z7IuI>M}F^lzT$D_u^Dx}MtfCw7;#dQ3&1K+KOY=qM7=pP)(dNyAQv(Kkb_aS9%0t#
zpkM0DuP^}rMeZC#YcQ~s`4lI|SfcPjO(EQ5`UHh3-{<9040i4{UdV`6|8})!^mvsn
z&*W8&GU-)Jb>t&mdoW1OJDJXE`1|}~fYSfsC!G>&!Op|w5QW&&k{QzT$+A178b>XY
zj#FoUBGMt7*TDIaZ`N~&7B>vYD?Tk1CEShdxpq;=>3mEln#lLs0)NzGGyLs4e+-Ys
z50E84e0JMUv1{sfEhmdef-+5_DNGk8wSBzbbh7nbv2_S42@O5)zYY0>MDD(;dSd9m
z6X)H|Bu-c*wEhDIYsp=02F$$f#^!&_Gv)sgGgNX)GFQg9H&72uJ^DMOC8_akzEl>j
zzWb?G>3@f2WL#9e(7x(1`FX`!+svH|-n?PVU`~?B^<Lg6F75-;Hn*T1FL}e>GDF@H
zCvPe8)jxI^<^6H1M{SINi!^uDEwcqtE6w*!&M@+@sp~lj00{}ZOi29^k?(saVCIm$
z9K>BWzt8UV_Lw9~Y0zvv{qkRoj@>pAThhp`&h*(7;N$Elk(n|=l0f`<6AH{6jeP$j
z$d&mFPe6^hk8bo*U8zOsii})^f#NzLcOa;tYVBdtq|Csul;Lb#aOjyc{QJ<|;b#f7
z(PAN-_RB$aDYJAt(I|(rOZ=qR>&-#WMYv`MMgd6KXGp$cDp#2SN%(8W^h3TM)aNMt
zb~KHpe9;yGpqG3(2t4YXmKk`2st7!;=Zik0N&3{?1@2H9K(`kJXRbHA&ze-eUsd_z
zK}Z;b5^@5b1g!F_`@c#jB}P~0Znw3EQdV_{SbBC1r7jx1y^ONs^-56+U61V~h$(w3
zFj~ya^`&>JA<&TDhh3TDmvb1K$;!xJ8hOppCJ5`&)vKi3`C^H@T$tD`VBX&&z24ea
zQ2VnxC}#0!l*~8<Jg?recT%Ci@o;fn&DXx@`A_ICkQiGfX-Hs)NmT3R^6~t(KhL3!
z7xEmJ__#=M)%+PtuhDb8ofcEXe%<5;xz|$Gj<VoUYm;4`_r6Uw9Zr;QoBOd1WrH;5
z*XnNQ-2JNX=EZ*Ypf(NeSgnKKNj*cp?`qa3G(uLzva)4eBw0?I<K`NA`DjBeM4&lB
zD{<_2+%I=rgmYuwO9(i0r?%K|<mNsJVfCAj9(St+CjJx{SZ%-Y_3(j7h<MkbdziX(
zi(L#^BUS>dYszSX2&~nlR3t&z^ooUqB+cZICEGL2bq|itAhNc@-I!I+&I3$y^yuWc
z@qL;g-HV?7n`J&WH&Q{002OM~Zz`Sgv{clT8{!3P#t+0I)S6^<Zw!;d*HiOOki6*q
zF(%)x7DJy~zMi+&P%M!Yt4!HloHPIe^Pg8Yci@IFWN-QcXhg5%mPl%KzmP(>kpHX7
z4-RuK2FW&l6eK4O=R#g@JH$rhE@ur^ksPM_{&>4M`8H^=Bjo8>MG*E1NI$nKfpEB+
zt^ckLjC`4zxSI*&wY#0S*#j;|HS+>5uk)RhRD|&Q`@>@b?naGjL?4VH78QW=Dg+jQ
zUC*g$SF5f-ilKI#gT~f+mZs-w36G9}v3^@7Mh-;fl`&G4RAQ(Y+YRnTGlaeBr7;&_
z2}6`(ul~@JKQ2*>zfve4PDEl3#@!Sp^{kKl?5pP^BEum6A@wOv8I%=4Zf;vPo}L~L
zTId;a`>J{PZ$e3(giq@}FYD$OFW;nm-8k>^gFSX$C(;qSeL(NI2l@!ZE?w_#bogu{
z08c2DYarBjI+t!^rhwR8S(eMkk()!choa(B;yQg6aDJV?D)i|Lhj8vhtm9FuW`aj&
zWU#y5Vsz4}`!SA>_rqZOQlY@-fz7t#ih%?HdZ@cP{$Gx%uDp1>T>9-^kX%sp#rNDl
zl&=>*hRRCmtS7`@(>C7>pMoz^l-0I<1kc-qzLk{^sMXcSJD`d)Fp-WA*6n4Ybg1!8
zh8;ZLKCP<oi$XnZZZgZl)$QZ7%2x`hB(Q1h6qAw#<#Y5`NoZ4MTvYydKplW9_!$7T
zHL>c^(+>*S?Bft$3~z0fiQbk2wQ8+X_pPR-k7wBc2;nO|4z@?tS>3n3DP!!;6Mv`>
zbhDdF{baS<W_B;#-+yPqKtqD55vk(t*1+vQ0wfl_EWT{Eg~8fefjR|#o(yFrAuZkM
zvt)I9j3npsIY4y3jx9#OX<Pr+LV9yM+RLzqlN58gTxT*s#NOup-F{7H|Ksaz{@ecI
zj~f234|(G;2Zr9T5xZJH0J;UPNxVSjMaD3m<)P!+YP%+S*}w0})~o)oa5wXN@vKmv
zP)*a{>6a+BRFb7*(`qe1r8u_|6Jl3_mvDOOg93bw&zjW=dP=ow1Y_M$TBTVYYOxCu
z_KL;u6h|x5CfK6e<m+s8i*5nkAF*8jyCyBeqnWn8(~XwSd3OV;>6rCds9ZT0x<{>D
zoIe1`1c+UBcsqDN4Rw6dv)yi|b>5PH15f-w&+gcMRN8Ug&fUU-0u_UWp|Q0`76YoZ
z26H(4ZPh%l4elJ$TKJCXphJ?7&1bKBw(UpzYAv>;#B=o5T^*p~R>9^FwtBb|f@b~o
zo_~j8axEz{&CTBRux?kAY1@>W7mhLtP%KVoYAM?s4Hj$x6U)vKJXN`R`JeW>!GOCR
z%1sf@pUCsu0xg@aF|)`3vAHQr`BO0^eiucgzA}Z~PO__h&xuy0Psf=?MgP4yHtGkD
z9MFYbQ$h~xr$Ld~@B1i*{=PnY-{U~p{N^e9>Uc9q$qZH%+uGY##?+QoyxjA>bi?*q
z&Lc+aPt?9?C!aqrem`j63k{VBeBHw!g`M2@1RjSInVQj2<v`Q6wj98!lM~)&wrXRf
z#E)}UV)yAn=iX-5q;Sfu5kCdox;^`}u=HJm5)~qXN$-8<ZTb0u`4ZaXs1SL&19d32
z)HJ|0a?I>>p6AXmP>Y-&{M&5eU<3OO`9sgHJ!PgM0?01ki)PPTf8MTr_~O_O0~ii9
z7A47+qY66a#LqAzX!rAv&1b`oc~h$VPr2F!WD)rfe;5!WB79whf&Z#%;FDUi%gBrd
z-fZ!443aUsdX%LQ`MIbE5=Nz~)XeqR&s@0QDKGb|%_a)h!dETPtz5JNz`d`pXoPI~
zo$m5)Yd9^l0!P0*R$H8qs6w{7{h$Us!sbm2^0+s*9j>Dvc8_>cB?|mRh{L%N9vR^p
z|6X^_`#z>>v9&+^`#tU4S04KL^Je$yiCw%PvmGxVbnS7z*6?tz4G~GgdAw<n0`S<M
zvo-l_&)eFV&D3hHPZ&l}pY)siEZFw16fRy@%-j2}n2eL>g+)#PluvKl3L6K1?}s$8
z7fz^qj%#1;td#oAKh~n>n%9MSAsN|RhDK&NRG;2HB>$_OeEz3Dcmk6a@0VD-Z0pTU
zX~@X<cZw(-VpZfMfrl*UIl&uW1JgIdrmRn;=J;*=XneZAeI!C=WIiK;nMw))i4Pdi
zf6i}Ntx#tcB-daz@Oa$A61ky@6M3%s>vr^9q0hYHu#F^LwzFufQ)vM_>tp<Kbw7tw
zlTsS&z$xHb?0y5ud4j{3lE=#WVs+7|$G)%M-gl%{Q=_~%=HE}N{Eq7y0QtIB5+lj{
z4y60B1iy9p?1KwSAA)P!5P~bbW%9oaV9vD6J(;7IFVF7*a^a)CWhS_{gaajgO%8MR
zDp}?5PF0wWG58aV4m??qgu+$mQ?gpw-zSE=hdpQj5Q3RZ;&jx~B_?^=#^57!d2#W{
zI^XE_AI;XgQ&v7FrOdZ&iIya)UJ#@3Q#8-Ch)1RvU^vDhC{df!;$Epzf_&=ou3bp*
z+wgv$BD^W5$}!{El3QvQ{4EG&-!I%+V?>^vEvQ{B9Eu^ANhtj@u1fRd_0_*=<==lX
z|Ep^Tw5nGE_eRKpd*ZK3Km+*@$x`6s)sORzNs+zg;c!a+?keQ(M~^ygS#g)PpEv-2
z#87KXyR$bKV#(ff^RFabUvS#q7Xd}B+iUQMGT=aH(`P(Y>-0Toqj>5cPKI3fzgp~6
z)avD@^fW$|dx=hTC0{Az%OTo`)Oy*m3E9GEC-9}i2GjqXRVvg4p{I?0XK9Eb-Q905
zlST(;&01_e^I7uW81#$*S5Tiwhv(~71XS$)N#<P`0^EQ0;VH6|UN7&Ao@P4#i)lP!
zBC0$12Pb+xop73)g~-AG^=*I>c1WV$Q#*NVN>4wv<m?RGn(lv%&XcX|EZ)}x^9q74
zpw*HGiolQQF^-G)j|;4NlRbx$sk|hHO{g@Bs6@G#K~>8+tRJ~8(}1X0{0N7y*=(sF
zg>PhEgldwj^F}AZN356Lzfi-aMW-1aGP0{mjY_o5Yh}^nUswSbp;c%QBKzNsnDA6g
z*?4#@>z=FmfK8Z2312FqjhV6e6p!3xS5?dZL{FM*KsP;<Rakn&Ej0?QhDL&(Jxq<4
z-5nQgl1L#b5x|J-iy3RG{?+;6p5?RGfc$+uhOhJLSbFopvUc9x)o1kA-Tm9v(+QSN
zm*CNVfFeBt0XRzk1{d#v$=IPsjO54aYR<Qu15y6s%(%dqM}mFU_48)OMZkgS(Q8^b
z;NcQj_MQP(obH#yDV)T~d(mrAYWj>uM?M6&uiTRZh1MWtPbZQ%Q{Q&#KMP9Pu*-)X
z+UGN`5fldDr<>U`y1$vU)R;PrGKgTk&k9VNS|!P=KQeg0N%Jd}>e0n)ssHZ<nEe|e
zgl~>*SzQVUM??YDGLjSlYnN{U0~lKVJER>lvIIX<Eqc1n7J4@PRLW+PsNiIqj*lpT
zwF5^;^h$DH1qI~Q-rWXNDlHjJ>M3nM#^)Gw(T0jY<k|fK{PUZ$E|Y{l(@j<8t6cCF
z<@QOkZV?`2Kv|u4Wv8*IlEq?B=M21Mubb(7oi|0mR)Dx_Cm&@K+p$p<;ehAfULT?y
zEShZ}N9!1x7PU49o)ps^`nI;eYRSnd2jRgNFW&ZwjG117(-&l*{%>r;lhBh{mw#H7
zf=aKy%&*6!kMMIRU>`Meyw@(T?B1@}+gB~@W@KoAO#=s+JZ9Av_yp^iAOe~A`;Mb|
zt-uFJewJr8vgq{X5cxB7vj_GEPlZIM;XOjF8u0s$SR6gm%jeK%$9cr%%Hu)~jI+Jk
zqpjz!_I?20<h=EctauXygb;LZS6gNqFHL}zpk9ri8_%3x0t{3=H*80!IOI)ZBqM$*
zn<C{v0ywha*yZIao8%$J1&%XgKP@|5mpQ2nHyZZ79OMa!%rm|h&}Q-&n?C9Gnb-J1
z?)i%)m9OgwXnRF&9*Po9ml`~tm$YY&O66yiXUm136D>Y<93b%{?Bi$zxmY5vjCNA0
z<_^=^!m)z5m31n>PDmMtE(NmqxL|eTL66)z$i%={KapCskWGV|yZ!Y^ZBM&Jj5(oH
zs_Ua3kb*ORd(Gw0_RdS}w;hnCPD%fieeQN)_bJGu_8@h{{`a^Wb@*R5Y`Ms!$Lj=v
zyCtRCZZ1Jin?7pQtOI4Y<9B`c-S^N+&FW^KbG3+>awa`|i7vM9lT7n33aQ1;<0vSZ
zUMn-#N&vW?3pvJf)I9UzJMqICV7QeB7@8&OuwkA2uuseY)rvV*4i!?$Q-l_##g;IZ
z?X_Z4#%j>&?7n#3x_%`tYVzECHt_2IC5_$6%;J4J*6XC#MhWB(Zbiw}53#H5&Uu;-
zU21<T)q5FzMYe&zp2r&eu#cnt&+r2YWL`EjVtOT|<oz?=Uiwj`<T|!ARy}6+ha0gZ
z{5sz3EWqlg#LF$u;j=GU7FB1pSd$OiPJ27x>p5%ETL`wOm=6>^SlizI3G|=BljQTf
z?236E$KNAzwec4+HuBbiO%_?mlSqwdSPqJxD86qw#qqn4Ab>=1es5fid_1A_b2s1a
z-}cRInph<#Mg;BU0`tYCLMocvQnqRIAfsxXqDD)+g$lLhxQHC(Rl>H5SB%>3yC$@W
ze3JEp*c6E-&)3_<e7C#hm^7do*mzGF`0p<RrT4?nmS%e!ul7H@AcC>_CW=ETaqvzr
zcQ0XKIC{b~60$Kv0T@}gpAioOZbw`}9RxN(;Yetc{~bC7=jt3424-2pQ6>)?Wk9uL
zeKfF45Rk_mUqD$|AorLHCkh<@sO6p|Cx+eablv|)q*jx*cU)TznVKLeBPkY4uT;e=
z$-I72Uterqt?x4=v}qBy{5rU=P6`h)?;A)RVSw!!*_8l9CIdwT5C`C)1Bk^)Y}sXp
zp5f}3hwn3%t<%A51B|&j=qK=02iHX%Z?0ZBr3jK+`2iz-R;<Q?(BI@joOa5PMEdv`
zWd^9b`FjA(y$LW{ubxIpb@A}Ps-`zZKm|B+J;|=y>U<vZjtg0?ViorAgGULz&~>Zl
ztqV$!$DT5l#kzhHyq&5*Kk1-~TrLOnxb&U+_#oh*;wCS*cV>33!vO_atr~qH>?ieO
z$*h=^8a)KUg&w0kG~W2X>7@Gm_@*qex61@47*L$8x2o#Gf5oIACT=^dBx1|w!`kYc
zRV_)@VmjgfyUKd7Iicr}ti~X}VS8+d1=1s8(9U3Kl7{UAUMJv<{;SzY_lsFdoq2I&
zk8U()sZL1bHQn#r|E`>Yh}A%FZWBvp!?v7}M@Lz0znT}pr=&rPNzWlHg-t;6NmO3v
ze;o46mQ_LJ7h7pY=sciU{S!Dir6B+CRjSa*`(Z!ZN%U@*c0IGWVxEuBq4R#@*-*cy
z8&XV&9hN~%l^)fl9@!>E;Y>7zeS;br^w^6%oh_cgh$w8#rkY<MI%pa40eMhzpCAl#
z`rCw<^lq>#6&-F^kQ}yY1Xz;OjetK{ftPfbI{ZBa39d=2=b0{F5d`3s5=i^F=?+E3
z`_YeE@=w|@`%mtNU#p>&D5jx`VJl?PfmJQ6t;Z`uwYtt6uwKr<e~l0BCue?820SEc
zR04XB{!=cxWRE7d&GBM|Pe)Pz6k+(^tKZX8T{V6)>%E2y<;>EOOh?cCSaKE5u&Z>(
z9BbziU6B(sBWF_#y~Bc@{IKEDGLM#z!nKiR4CStzc?fwe-hU&~`4m0cF<rSim$l#i
zJ$+uND!;$QyEqU!m;1*LFPnN?4i#J`arl=3Y&dbqd#nAhPRyc#zX#x4g=H^s@}O*F
z*;dkJMTKg-pY}XUxeJ5Q#O{550-hFLLMiE%ox-ibm1?66_t}Ji7f7{Uvw65C6}@?E
zxZ8pL!)<Ntl9SI@=no6rkeGgyn>odsI64~gA^NCw<r?c23+%ckDLRqBol*8p=UJud
zawe-m^7H@osoghy+!Kd`m%Di)BP(G#!7JnYn-t%j2R_!KqhqkIIJL=tBSxTCQq1x#
zY1nz#uTGoSmHRL-C0$$3%Z02%TC0y36({7W|KwzpnUw`62R9Hyw0W~bN!jjNqF0*5
z!VRccn*nd3SdNtB^9!~G#`xlLyDUj*hhHth!YaSh+ms?vzM#Ao$Q!e(jtMK92L*9r
zY5x(%P~^e{EQs})_2EhI2+@6TyKt3OAJU|F1`eXboM*5wI8^14`-B&)?blje>^Hmd
zHZL)cd?sk&dI7Kgq7~Yi#>hE0lb{3nQ2QdS3d)`UD~7yH!`z-B+-d5^ll+&VqPGWG
zdvY>lQN|<pynvT_4WybJZZ9cdy$wHn0XiHx1K>$;m-NnKbtRCdmp9*Hz{BHZZygSY
z4m4y7{tqHQ!@m%#(Dr?hL3DcqBgmcXgl-xb*xa79YEfh|q~PX-Sme^vD?NWH3DvB6
zPfiKtC28AB{6#P{DRw(IGO&QI{xPuox`sa<to~&WD_~1~{Y2pBua6%)0ozPBDlKlm
zZFL9v_A};=V;ncA=+OPjbEu0M;H3)#2E*Q&>s@K9z`kifZ0)FOn!b$Mgl%Jqy-g<=
z`CTi$$Dn$LH=IxiQ5JoyBr@>s4Mqa4AUlji?gsPOZ*<{1dIG4)i8CM5`|O)Ak3EuS
zKBk7HWb-<7!UjpRA&>}gzj4#k-u0wWx4AriDyCkS?_M;4)7i$lO_Tm)`7$p(Jw?FH
z^g+Ilr8(>cpdw`P+&<gVA&`DX&|q$yW)uILDo$5&k)l`XxZJSUU+eE+Z`u#fRM_YH
zItWA|w(S=9!R228*8b?r*!85?)y2S>vMeqEcQU_a5Lh|`t_zR5dwX08JdJNHU>&Ig
z?*yje>ZRZB>SeybHlxPDaX?zY#X#}RppN3&kEW9NN;M$Y$MhM80G%Omf$j5OVo@uj
z&_5Z5mA6m(<F&Pc+rPOdKzi9kGxr+!<M_WM&BxP7litC@_g_1tEf-!?rdBP_xl980
z4lY``d)kWd+oh7&T9a44rMDW(uiO88EWwaH_L{)$jGY81<*yU|;3nlaEq5Vab~#jS
zv+Fh1)J}!@|H8@{$2trMQvWB)f=T^H$-NW@>*=CHwyGxmDX3_e1q~|Enq?RTAhPV?
zqo3SK@Om__6{ar={~Mz0a@-C^a$KtWnO-`ZCM5sz=bH*;gX<o5f@qe7ja1?BGef?6
zVfGpS(NFmQIQ8`Kx$krxmRKXn5G9Bt0dGx8G)=Yzpgii{`!+MG;~(*B+Q)t(G$xLK
zjPDz?ti!e-ZyE7BT&iRGh_@L(zLXTH@WUDbxbm=gZn3M|%rXZq>Ir<auG?S$FQSy=
zDTKGwJ_&*yP@Sf%q^D=UQNI&yR|}BUK57C+H<5d{e7$aWCOd~2De38vP|T<EmRcXT
z`}6#_e?+S=qtXqbwTTMFx4=A&jppa0gWckLLu3?eDjtdGpZrUfbJI9hGW9|6Pp@%>
zA%gg_stBr9gAo|1muL!5B{?bqc{!}3zemrfux21O_iT3d@cf$oaWOUL^dmH2(f9nI
zTkL*&fGh}Jp|Az3`*pl_GrHRd84eCq{e1#VwXour(?`tB2Hbb4F@#CHh`6gbJyx6D
zdQQ(W{-$fP_9P^S=iMg&9$_LAGIy*@oiKcQrD2l`CnYsPq83R<gM=R`uFkhhB`kBJ
z9K;<3L&gSU_c{J?459~NOW$e2JCkkoAaBGheXhgY#_w09u`w3?H_fY6hmqE>&(ZO1
z)}fWeB`AZDzV3TX1U1za@$6s<10dZWAKBG(Kdo-Q?4P!|dEg)OKW2ZKREFzk=VGcR
zpDC7K+43}@RE~vk-i@$@8sE&-*>x4Ry=Xag+*Y=%acP#jhSAa%<+ol!@?ZZjOo~DE
z_3~2ZY-Ma9e;gJKa=dd5G*f0(>9~PSP9usD9c&O92i`8VAL8yf_+M#?!(~6*T6S#f
zGsSenQQ0Y}*nT?q1-1^w<DL5rw?Zb3rWW}e_NyiXk7CXryroi77y#l>?Ncmu5M0By
z1mw>`VN6b?<|tj%usK8*11DD!OdR6yxv|oP&7EwyvvceKVmsd~p+{OWCisG<Wf&F7
z-U)kB3B1`sdVBa`@O;k);SpCyke+Bg>E0<s>$wSM?>5^R{4Q#R^z|GG*ky*lZL^s8
zZTN(rrW%wPWm>1X%cD{KRraSmZqeNE(h@Ko7Ub061!0=jt3RDuiHbOF2>V^}hld!P
zAJUz(;BUIXd>Ro;f#L2viAUWp?msfgQq>%odH|muUqg=-Z^#62`^;V70sKRr-~KCG
z#!i8OEB0K}ZwIjF1Pb9^5KTz;M&2s4)9&oagDV>^@4(#6oaf%3?ZcnT`cR~nvo)Pu
z=AyF%iQPyHGkdg7Fn_!^6Ag_g+^MuX_I2bnh#n`NDxMe**9AfPE13V?7CbukEp{r%
z;o*d?AUsJ50d?gX1d5zx_rpvytD47jHjyj<UBz++5hj5W<y~FP&E3CO)mFM0uK<V%
z^~$?f$w7_@jirVV5ic@wAh_9f;yUTopp*HRq$Jm#w`LJ`5^VJ8pEf-3&hz<Se)&Sk
zy7IWc;99gzQ^6Pj1Ngyf%?=B(#6SQ66ol+pZ=Ff5OkKP4hgY(AJi<0y95@}Wm@*LF
zft?*J*d>-{@A>hO&;5M1dSiHG#WDy~+c;Xx<W(F`(^Izi$Hj7m3Qik7GM*Ly74ufi
zGZUbG)T~+pHhnP1(-kOugU}O#4-xtZ(v2pH2gqbUWiQxe@RA717ei0zG);!d7Z-|4
zo3fC(1ntW$A+Zu{ttWq}w({6Rdg-DtY3V=oJPuH*sXm-R1ECL5c&YsLHZlo6ox9u?
zt2=;`-U%Cc%V6JC%Ho*tNah-n7-VVUu2D?l9L|WRfiR!9^UmZgoD?@jnSES1<`8ZT
zeDmtL&fUJe1SQe#yS1@zT&4POTRJb^3JQ9VQ3u7FlJ2UGBNB6SOa=C}9Vnli*C;E7
zja%Bsf>V%13&)LC!*s1r2V@}-h>FPdSelk$=E9~?UIoDBh8FT*M17xp?eo89HE18R
zj*Hd%{@Wm@TyylVB}2vhqM^Tsx&7Kg@=6vu{1)v~Y+Izy;2@X~j7~*?5Q$@jeG5hi
z5{kr?8gebdM%cpd1%p6`R99!~h}L3BCQDp@aNN-KqyWZ}6sWl`nZ+MtYX9|9P^dL&
ziqdKksyuE&E<dsK<=W#lnuN39WzmeTQaI~whybR|2jTo!u=yRM<Fg4lp94>x&s`=%
zo<C-!WPwMemXYgrc$dHb$)s-2UTvTQ4+%~Z2&g|+@Ak7lrn8-7e~RgF)Gr@ajBu$b
z${0S>w4Rson*&L#{G#1au7B8~gw^?5>nZl)@aELt<up#v)11p?j=L_-%8$K=Jbv#`
z_=0Tyi-qSuY?~5YR&r^2rQm|Y_Ly|m)eeVM^(EZMnz&F}l0l%8BsqU9_=MV5tjJ8T
zyB6TNZi}+0WUE0C5vgd|Sgb}PIe1oVE|P0gv~A8UwTq8djBm8C?&0ojelpQgF`gFw
z*&@*c6aD*+-e&v1k&n-ola~6$x4yy}V6HWf8JYEwv*u02Sa~}SVuayLgM4rjrXKIv
zAlZ+Zo3jB~K!)?9FD<o4@w8I8KM;Lhwy0dx&Q(XuEY@xOYu#~Z5&uP3FV%P=`2#6?
zyY<HD@;FDb4K70P$+OPTZ3FT4bH58$4IX_I=og7AHa&AHgVFb+sDnJaL3z{^I7j}2
zoSwH~F&ZmnHg-3id3zm)#Tt%TUy;q}`unp`q&w(+EN9th49lq|4RayBF}g9EDULC#
zDps#zq4FODm-oFKis0(EgcTLxQ!t4oI(8Y32iP6Xo*Fw6Yzi5c{t7}iw&_E62&Jbg
z6t6=@B}$@QdFjBQL6uTJ-hJTbpUAA#dVUn9`eLV%TihHgYtGg07Pm0w(wagam6<4r
z3KqBI=E{D&^Xe9IIW`ZKbA_d{2l@==2$(bGPXe2p949aF%9L{z{<aSPA5CW!5LNqi
z@iXMm-60GJC?F{%F?1s!0us{QEj^@kONaDJN{2K^H`0xCmz30Z{ukfX+@JHDXZBuu
z?e&w%7)@E5uW{}j8q*tNCw;#Z91X7Apa?|)1cJ4z4jbM|m<qpNtoi#lt4jxGZu(q&
z;CJ_MAF}PUL`KoW1d{Gr9YyGfz76Xs=(^-+l+8AD23PTW6Wq#_jKxf)*N$gXQj|nR
zzwE<DK&ExFJoXD|Ay$$)Eg`~*F;Juy6FvosLN>KX#ghC1(HtcOv!(FTkETkpxe+kV
zzM=CkGECqrU_ha_r2psbHCv(YJ@YaJdo1&=vGAw7I$VwlXXzm(YX4d%<x_FeTSg?r
zXhSZ(l3c#})W5UyO|gfkoA)1I^NFmi%{)37{QGmX&HBe0l>kz0w+^ZL6x|S<!stGp
zmmeosDR0cG=F;yJDNWKVWJ_U}sTYI43dZDj(B95uOMd08hdfhrqAG-;wX~dq5l-My
zny|9ZlqX^;7%&aqeOXU=Bb@ll-|H#F!Dj<&+gXsl#*W~PvBFj+?$S%CSDhXZm6Qw}
zOjJ!s42)KaoXHYN8(g=Wwu<T|{B=X{>E^i&QOvfJ0Y`=cD3%1<<cn(%L^>CB7pcus
znm7T5?P0MppfxmeIM%v7Z1Ab}OS}mMk2oTe`CCN2C-Y3iWM4tah^Yp-^Ej%Bt>1bU
znZB#FsQ}XeN#u{Vzc6GCqrGGWrL+IkeRn2hPoKv8XNz7F5I|hr-Bz6D^oLW}HnMGS
zOs(>}1Y*lbHax+vF<IzONzDfqPWt%TSiPGQlWlIvfo}?UqG#Y=nUYMsj=OA8{`_ax
ziVRk}>5%_LFMq4bln@VzPaH44qP#&){N?xFK`$+0Xge1~L_FT#pum&;H4jeyZFM{h
zN8s!tQ2^8O<vQ$4FDZhe`nLyvvnm?K^a!B;YVbfq2*$`05}*`BkC?L;26)V$;7Gbv
zd@N;&n(}HhQ}WPCku}^9bI&)5UStYyK3t4JrjdS)?MA%MNi04w#v9)7xxr(14E=@A
z*@oC-$&9Uzj<eRAo5A<~)??ivutd;KM;ZZVN@ruRxPC&Gvd{gVA1051(8EmBrs5Ca
z>UN6;;bgYXgae%Y@`uqUW0lIM&3>ab+h4Cwf6Ul4Fk?X?qUL(eI<rL{_4QY1Xk=bB
zYV-Ol4mMRr3z1h?uxmT|xc<G$&HY9G{5Nt<QYn1OorM&q(;a~m25_RC5%wHI&3=jJ
zeGFp_s|hn(nn5M!lz~!LMVzs%vmszzLcbP(AB0w5`-^l&p@VB5xv2c(6~dt(pp%Si
z=yEVsxgjS9n9K|uPP<<!M(XP;DHLmSIvs6YDk)?!D#_j3E0%stEGkG!9H#n~pzz{$
zVO-^H#w+;yH#gP(PZmst@`N<~ud&-=rj8a|#<cxsT{wha)awui<eh~V=e$W)098Jd
zFsnBEKTtL@L6xRW?pMu+^V%+YCBlDyZC02^GTb&VzfIBa)8j9hDd$S8LqnmFfkESV
zq&VgCbaJzdfV2UW?wg}cQw{4G67ZH65D>Wi^WlB3d>{hbC~tDU-EJwcH&O^odd6C3
zDk=KgepN5c*C=tI<=R-i)SO5V&&&JxF|dU;F;E_3K&}w}OY41xrXBASldq%6(9F<v
z<Eq#8zQxe?pjGW|)9dY+-}W<#L{jFDv)z|*PFvVO$Zp})&$*ex9(;kdMvL(_kF`fI
zEkBc-mZ>5`3OezT&F`QngOuIigj7*8IHK$$Q9oj!khtC9YjfQyr&R=EcG&QL@mv&}
z#F*SEE|D*{^kkhTmNtnaz(+dDImcC!o|*auoT8RS7a`T0*u)^<ABc!zg|Fu$Ia&p5
z_NPuH0*>UR(Lf=fgoUs@g`K!8ACw9&qcjy@7Y%QbYoZqV=xfaI!}=kb^yYxE={O`4
z@X6TV6esI6Mr=cA5MO}<DP_r5suFO(0XUM@M%PC2Lhp19y$8;DXWuXl(ILT+;>?s_
zLeN(Tv;i(9z}B;^nvSkdNJwaBB&`<Y6GkPeys=1NwBvInE-@cwI#0uQY97&-HRqmH
zvH3#|_@8I2F;-}Ha<XiRdG+)!K8^z2Hy`sM@HS**#gsSR*M%vYRo@8V=^&w#)xmCI
z`NP590gK?Bk9tK()%KPP-?d@>Dx$OCGUe+FHMLYESCp=qIlV}1Fggu0M&{Lu^@4wD
zmTuGLkZmZ&zNrget<BW0L9(Mj%`c)Z1@eTAsz9HC?@6<HzI~cBCY^GE*5@x9Th%7D
zJEM37!~qTo)9s5D9zpj3IMsBU1@&{2R_Y<Z^(nu6cW~V}Kot0V<MG5}%~#y5`ZAo3
zh=@g3Fn8u82%W#<R>DD6_IcfvNV*%3O)uDqUYIPTfLEEy4Tbl0y~?x+bIh9mnlGNn
zg<QSPOGMIt@&&*<^nYSErv{&ETuVrbP5JVF69<$-4G)!%X=PE`V_-jOf3NzRGMUs7
zq(y;Dz?QF34XtuC{ifJfl8bvRi!B!8D;~>SZ{M2jtEBm~*XIAOlaM~nclqLc5e_Ph
z|MrW0Wyi?(b|p$VB~UidUq>{wUN2TOE~{sxW3stnhXEproaiH5k@ToYEXbLRI^pw@
z)96hhEJ!R2w#ej?deP-C_JqO2*3DvFB-_Dj#;(gSW(-Y;D^X^w0Qx$RCoToJr~hHX
zC;T4VX#qu0(_4|15+WzXe0crM90z+OP0W9=#!O^oMJen*J@Xion{Am_oTeHI3W9fm
ziQ^@jEIgk~j|P?;o_88Mq)niP?pinX{x|mALKQP=jvLJbOXjy-g0(3e`qvl39Q^5{
zC<8CaX=wefXF4hcUF;kjIO4dR$`hr&vM2sRz;zNqGW7Gq#EUYcJ(%;H@0#orSIJDs
z=>lhjKDtwX^^@svq-MoLvc!Nbn&6!LYu_A=A!=s3>F8Od0ZSih>}V}k@Pcg|&8dDF
zLQ#9VH>tnWP@&y0@{+Csd;uR|1#ih$aK9Ia*Q23|tO&`QGDSuO(Qh<c)eaUg)Kd8M
zYuO7v2VzyWTnt^#R@%LEdWrpskjg|Ifo;qX1H$9HZr1}Sf`TZ<zlnF!$kwMXUux81
zgeeIvySXLMzH_^<00Acs{?GSd?m)tK=_EpEXqxTGa=pd!+4ysf<+(B3*5Y_`zTg$P
zZeaw-RZ40o!$~XxK}5KcX@idYj&s#w#DcL*%yC%x>NA)W7JRKmI-}=0k7G*?FS1`Z
zO8ymT^H_G9yV5eKy^VV7jYmV7^BVb6c5T}06a&w@Z@UIQuc&Toi|`g3O0rtqS3pGb
z%()X5eN>_3;)8PZU{!<q0*o*Wx10D6ecnf4B}@@;=k5cL`-Y$#M6N`x^p$AjQuE^z
z4dQ)Lnj^HRUm#9MMz2%@_NWnQP)YYKR8z|tbtVFn7ExqkiGnD>C@MtfCFw|NwQbjf
znPRfa>FM~F&t5-OzebU^Tl~@P4?pwa4u*my{lY5CBM87<zS^NeS!dAoo&7|X>CqlS
ziWGn=+1D&@ym1fA&n<bM2<~PIyOsJ}B*B6Z^3-^C3(kEJBmq~bg19$68TMu|l6|SX
zzPIPhd75%Sn(g(e=vhFWm5~F4+^**dHc)T{7IJpm;=l>IT}}0D6i>c7;28N*v1L+C
zPA9VSl$P4(Xy1bH8xmkc770%_s`wn6F*-Ax;xz7ZfqL(|S!v?X3~Z4`%(BZYYWu)8
zM@~;vsBoB5>MvNIkM7qjl6IyB(Yo$Z^!}IA%bp=7roMkR0G*?RAok|Z&J;O1)a`k_
zgoLnqVfY1C>1#6;o2gFO)8I1V(cNIIU)^CR<X#q^ZrygZwV8kQwj|d7A@pk3c0iDj
zg4xbB!FkR^4~Tc00s+=33GZ;N7-|Kj`U>hqEe!wb4wIh@<q9=Y|1qd!m}bPJyej(k
z;RUDxO;&T=qp^eA7|$aX#Wy!CA>Ezpf0eZi+MFl<#BcV?6cu5|fBkPzqiE<y>sj~C
zZqDi95q8<k^Db-SG!rukqNhrL({Z?>@ufl*IW3ohcNj+9-G1rHuQ2*alum+QJb-i9
zE>{C89jaUaZzr(?X*JPztm+`k)bFU4DzT%<+Xj-?*novC6C9Nbi!%Tp2}<wDgdCQp
zWG>_HZ}9$owd&c$9m#OY51neC(KL%nQ2Lz#fAn1XmiK?ZLlXPIQmTnXL6kjA^ED}9
zA@kTUskuA`wiSqlVJdfc`af%I$t&b_p|RcP@#p>5q?xv3IvS}oja=>j?*(80n-dqS
ze5<QQV^RN;i*1*k@wJOS(!?Tm*o^g~+vQF#7Mc6j#Xwx$RCQba>y3LQp>ffNs)+nl
z7AUutzWb}q<$oWVHd6%}$h_VqV6IULve)M0Yq1JNnDO-&Y-N+!(acyM2vqx)6poEK
zH@Dt&LeS`df8O4|S*)!Y2xMjYliBrW#k?Cx44XFpV`-qHW1`7d_eO%QS*UBz(Gg_|
zCM*$9Kx0LpQa@_BChT!0EtIS2+&)$6xA@(4a@^QbsTbRz>V+1n_k*idYdd49_6dx8
zhja2u3a2ZLry!@JT(jt?e6}lfWLNCpAk`eZURWjsp+ac7%ueD)%th};*wUL9Lv*-9
z7VusnP2*GVpr1Kw^#aRlkG29G5^?;P*kM~ubMA&54!Z_iYLSZyP(E+faUo#s8#y_A
z{6p3*;IM-|wTOGa96u}3__*Hn;_<eh8SjX{k90#^0-qC`0&IGKx2o-`tspIYY`JP<
zuf46q|2F>XGniE;D>Gn;HzA%n-S;_yH@<%YLJfZin;{GHi*3r0qmv7)2dKix)rRJ2
z^T;5pOf?F8=!6J$%uw>eA>{ukHnYcuKx)17cG_XYonGAVJwUN`n$6`qJMyUw%(+xj
znwF78-4z@kw&1bnE6$I*hj52t+gXmiwt^QVk`n}QvC8cUaJ>cv+OlHsEQ|YF^goOK
zOI?{=n&PKnUUo^eR=#bYTx672|FKkT+}}{~?6hP@WMXptPH(`}p>-qlqhg9SgOHV(
z3FETc({|3YV7aDbo_h6dkM~J@voIawO!|mvg3dRvi69}$tULGq89u;g&LGKMunDcE
z*|Lj{61ZzsG2W7Ro8jK<{pa?4e8u$xF*Bv*_22zkQnoL53l?^j48JGOw>f;Ru8$VD
zGZZtFfs2-wkK_wmjEUVk|MD&hW;mte<f+_X>oG*{zuk?#c=-N!pgY+6CIa$bt!k^|
zW?zht-&*!cG_M_jQ)js5;Z=$OB`sA3m#<g51`47Lv@?N7$~o(qi8!gFzmFs~vp##s
zFSPwnJOR^PCnf=+Obn|8@&P*IMauzO8QFML!#&PFl|6+@r5~9yB>SSLKv_>?D0te5
zk(=T~?&L1a5QEh!pX+nk+Q0fAD#^oKaY(5%b2rfrelDwd(uM=ad#a<PM48xvcfuZ-
zCwkXl;<XN^gP*5uIp14UAOcPx$4$uzd+nNJ-*MHjJ)BZ}<@F{*x6Qb>wBCZ;?lsY-
zQzkhQZl@g<zR9Zqcsa7Iw6;7WK?+j2lpb;ufsuR0G!_x?6~b%6PJf}VAN0F;Je$Wt
z)Bm}%vu?X=F0<ZGpD*WynBOu?9x1e6M&`Hq<$-d>m~O54%BRB=w$I%2Gg)p0hhBxo
z)wTIaH?2Ne%)3Y->+LBTubGsOH?ya0-1WDKF_+!gOI}jGkbGl`&pGDz)QN1x`j;H7
zdD(mI8Ny_yUJ{`+%W~}IS}@Awp?~tTfY|vB4+RB^RsQPCr034TN68HS#&mWR!`CYp
zeaVT;Dq}ffVj1I3`+JOqyaesf;0j1`279RLkm(!W{&yN>-)0Z5pDD?CoJI=rd*a?D
zglW{4bjyXXZ`_qmPB<0x#0hej%w_6n)~CA<zC0Qkl75rneN^3_Zo~o%#`F6g{QhCL
zs^`G>0icm~0HfRTzLouKX*m*AxD9aBCkb`mUH9-9rpr&9ZvW^;{qC-{H|cg|<>8Wl
z+0cmADnBOkT}YmtRef6rcr_XbID9UjE}5K^DoG8C67|^{m}tla<7SyF&aPWdN|TC#
zPP2La*S;rfPscTp949o?QA1{FgW2YO(5zpx<;989EXTxH$;mNcLJ`vVd*FQ1c(f6K
z>+JJxS2Fm#h|k3b<ylQ=7*ouqb?@M=|Lx|B(}m_*`!EKSkUw)^p6&HWS}BRpLb-_1
z$1=0Jnk`N`!%V!f^m?bB(3h9HFT}jcKb3I-F_zv-^eSNXqD<{->N|@DVhI5i2d$fC
zD*o*1ohZFreEtlzwiwg$Aa=+^*zDpNWsMmC`HsGh3>Y&crXB31lJCWukK>ZEk8tQV
z97OTF`FYk2B0g`^4=cUb?$^Nn^<Qx$IQl5B9rv_3Y{+U^g#i%DPnlPPgUqzvu1C`)
zo-RA2Sf0!VRZ$g=u1R$b=l%d)p>1RO<j`tr^R7-TqK$enwTzufq7V0l@NLW5Q$zOa
zn7Gq@-<ywGu-z_r$C*!J5vdYmQ0FVs=EGD0dXsX-ANl`*;q*2;BmDdwD)NMcR+2>d
z4ADc=r60?F>wJ^{TDQ~w{FlLB(<vAsxaPlGq%0I+D^CqT=jw~}hh3`~&;h7e)n^C+
z3Je;hpqvi=afThKEA>~$z)b&3AJxkCl=+&AL|3@#c}HRc1{hyP^XG9&b#h`Gtkrm~
zMx{OSSS(6n#P73AI~@^YGQ~*ab9My`P}Z8^7gQvVn5S)?Wr+RlvNWb9w>fS6@Qp8H
z`SQ=8yzbJ9n9I%`nL&;7M&9u|kKj>Kz|~pP=53DW^#WP854Tl4%6FuJT^Ep=Jc>oe
zjwA^h&h%oUR1V#^7Ykldz<$eU3f{G<Q6l81NJ0x{tgy6(f>HXW%q4Fj9*nR>5y2Gj
z@Fxm{=Lx7Opmep<yraGC<tX4n>D0dwJN;>M_46vqg;gby3kC(${)y{VILcBM%CknE
z>>r$Dx7jYZaI}ZLuD3N^qMEU7Se<XU(!zUsx*E-JBOm=#-CFDay`$FUsyn3D_<V3T
z2i=Ysv0;1O>goIV7?Qo()xP=(8Ts3%+C!IJrLi=g8fUYg*CXqBkw5wDGrji<%Q#wW
zH%YYgTt?q&b=<G)X8K;Yc69};W~*C}x#-i=ggf3hcF-t)(?yBMh5RMJpyS#(Tl$&}
zk_ITii_6VjC?s&D%n`(a@Z)ps*9D1#w+S^?Qllr(s9~HLL|+y^tQRA{OD6W*d(FRA
z^`*)Uq^13|O4NP5Se5PZvlgAe41fMYX2!ZGy6CM(yt=-~N~BgLB?YbETOmw1;o0q3
zNx;cTfYt9NV)wP@d4s2fzG|cknwx}3j)qJQI=TwPg8P>q-|;8ad}0q%ogeXhhIJ$_
z?U2FFS+V1{Q&c9_9Eo`70JX65*2H9f1l{D%8QafJ`|mW_^&5N-Gb%Wxf;Gw8&mLSH
z+MgB^3KeU!-^=I<&X{+F!DR_3vNTE&hIr^Cp;0cvXG?3&<1=b(NI8PI9@L3NYR%XP
zKP_g8{Ja5h0F=4$q1f*_W6gG@RZ!BjOtsuM1o1PX*Z*<47<3CsNGS=OYb;dK$6?Wg
z%wih*qaS^Ym1C~P;TTp5jgl|@*r-uc`X6Rb$GI{E8H?2PfA5or89sc-N5@l<o}Axc
z$awxYCqoQ_E4W@SSb)p}gAsT4KrWTs|MCYC*w}{p(jgVhlYd^^(271(aQK^9TPq+h
z6qN8WO{F)o#;QUJQL>Z#s#8aIi{EE7JXbU_4Q&U@F|-~=u!=rR#s==@A3B>*SNP5i
z-ikNGrNo%1zjP6#k>yUT$Cd#bH0uRCaBu`dKVo26zhqT1eQpX<G&kpEGX*Wiv`(8g
zub1q-P5N<F`XrU0dauN8yYN=eHt;-fRlq_(s;;%Jz<RA^s3^yk@Es^8PBC%;Rqnlc
z)dim;8T@a&SG_NegOZOPd+z<~%vXd+LO)x4RZ+*HuRqc_+^IoE$bXYhD9|*Ua#ED0
zvy6%P-!=5O6M(MbvDx)-cPaKX=?|jmHY+bns2psQhutKR^|L(Id>bQRidYRF5(Z51
z&!0^w0d3i0{o+NEY>|bd_J+1G={j=qzPo|j+Z55~I~ihTI0YCS>wBY;BWSZrrQ3dU
z{4D%d^oieKu#oKY-|E;kL>LPrk%W1zP<X{==)GtOF`z0(X98(@aCyFsm3gJBhSry9
zk0iq+y=ZyBVje{>S;8Ru!s~WpZuN`gYcl``-zLS6P?m8{#O8Q0##ml9{t;NdQX*Um
z8sWBqR8^=KhRYKX2Tl<SHhPfI)dX@;NdEM7LZXBJ_mTA;kNV+|m80X|2oJc;pxb~$
zv(WgyBq<A5VK=fc{`_2q7@5L4WXdfqP9DrMrBdNL1chrk^%BQ6eXwdeV-~vuF;hAf
zb5v5mI!Q$1+I6(zn>JgY8oi8E)x|o3TX<ipLM=G3eIe>xM-jpm07+k1x`|#o)vj|?
zGw_%jxx@PB<?W4*ei?$qzc{#K$`llZH8*2rY{psz)g8B?()Y=6Qjvn*CVHRxf)U<$
z;slwXSarHqxBo))y4oy~ROEhYm?;7Sk?85&f4%$J$I9GbZM}S9!cRt|uNkL2op&SV
za0_epDkgK-RwV>9;ZDii(o&2TGVr9mcv@feDzgHFA__Tt?uJ={_4|?P`CpeVRK3$@
zqUj?i;-;pmO``7uU8-fb?4PR)Z%#yHL%+VHlTFRc6!!YNcek50OtZVuA)FqZ8<cwf
z5Xmub*%5JV3o!vE7u}i;onD!}Dc%fzmrx%+(%yEMsHr4JaI2(n@-r+7!ze+@+@-g2
ztcUqMt*DP2U|smS!m;Py70um4y4xWxt(Uj0aUeZQ-g*3FEx-N9F4nSJ@a{fK9p}r$
zUj@9*Xi@_qb2GgnWbx-2AbYwG6-Z|!Xm^N3V?8@$;dK%g;yUl-0NE!7kJhJ4=xMXv
z*TW6>XyM36aMqa5UU%E0OAVu`JdOF<jD_X6CJfvIaZyHrJpI+erY%yn%rsVZW-ovV
zr(eO06-wzsA;O$|PDk@&kLcOH59jO-?M{2Q=ip$Lyq~X$1%d%!#Hd8Q5W2m-rg?Ww
z17hL?DVQ)eqZs7o>Q`+|qmqQ0{MY6>{0;-!yfsQ;d8w8<T64!9Yi$Qn^=&KqT6%6X
zMP;jRIc+pGDx$PXOEldiAtv(gEU=()_(?y1nvbP{*~dP8ae^v3Kb*$VVWuoR6iiYX
zC#0sPOvAn$+37WkX<!aUzH+HjI$h0|QlH%{kD1~jYSniahoD!%_k{XHpcV}s9K8Ci
zO*C9gCmp+%zE^&{D=D^)?i>18=IrY`t3OhR0@(DJg4>KHRxb*YLICX<>5$wj;-{^Y
z4%=xeuDA~@t7qp_i^$|;?h>2|@tOt1arAlr>1kGwQXtFdhJe~xnkx|2a?;%!>2WN^
zDJUufaEZHEm--ui?<n4_?x$7UoX2m9aoMh)17L+E(XhDL>jCErPxyLFzD_RGXG=Ky
z^}B^~dBPe4LX&0VLDAq@S=&!J@K6jvm&H1=9A8bV3Pj)gETP@Z+DQEseI9c?*HzE2
zc(lS^7mUcZrPII8f7XuYX{7OfThP-hX$lF1B5gEg`CLz#)q$x4VwdeV3;N}w)AJOH
z=G;-W@f#a!qGz44FTSkbZuBS@GUhRHLMxM+jjhfPW<V3!&Uqs9rhq&YJD~ETf!}`b
zhyIw+RQ@0HGtyGm&`WQxikl|8K)d?jQ{8kn59<8-#Nqf^yUHKxv+JdaUoLLLAMdZ*
zZ@aP3*A_qhnDH@T%oEk;jfPHLUy~=6*6EbJ5b<=rKUo1;s(ms1jkJQEHIyML)!GO9
zAp(owj6lo2+04fnhH6bfus%Y;)9$oO!>Uyd@5<7nB`DZ@qsRFSYM}nlVh=&5cSdb0
zVNT@MfNotWq;v*M;1PNJoA{nop>W~xQH9=Njb@-Z#sq84EmE4ZuiM7#4PGDb*RP;E
z{GWveF(fT9ar^mS7hcpX=6}UMo)0}%F%UvAakX7(JRCwd!W#QKZQg2!KXc_uXuzVx
zZzBX1i%f-zJWky39r%6g7zlaj-xEcvH&_u-Q1($-y#}JV@E-p9AB>Ws4>X;mdtS=M
z(9(!FH|dr9lxRv*s?f8aJ{)nQ=@$p47TLdL`m`&58`+k#nz4l$FWT;4g|NP9v8`(K
zI6VBp3PWphSZjaFs`+qrHJ8t68+TsQtenBOu=3JFKe1@pslt1Da9cj3p-#U{r=J#Z
z6myJ}enZ0~;6Vcej}=qFh$+G3=`oRbsN$!+10mO=z4k^tdWpPgaCo}rIT^yF9P$Et
zEaN7nKPOD%fPspFcD2gM<V^-ic5z;uyg15od;y77;{IW+OGk|HhWD4f_s@ztk#v%M
z|7j))j-8ck?B@9H)aT}2oH=F|x&3Y@+={<z_qblHpL<%lLjH|5kXkoM{zJph=Q-B>
zg}^$DTz43G0_=(&44&OKYRuekAYrp9krJuAGe#^fg6~cSY-ec$!~RQ5YKZ|?4H*Yg
zcOJm0y}_6B-s7c)m!n0fj>ri12va*L5yCj6|0qqCYydcNQy9(|_4w)DQRZ9Ue^Fgs
z%sF53_&&M=Hm1RcpR1nAsq7!NBI<1*@R0bmnQwelR{5`x#NNCQrvnfb8T`-p?2XjI
ze&CvLabwm#A*Z2$nPqQY$TR4+s(9zZ?xJ_^<VtOUhL&kePff#+&u$SB_Q!eQ6)FBF
z^$M`u*JWGzn>H?dJ0aQN@vm*JV>jFT1OjYDIT`UhF)4q3KD04tK5kgKzYzq|0f3sG
zltcgDB-k{St+{<m9Ob5u=0Xn*RiPF#)u}ME$e9syXm3;Ee+_0ouQr0)2F>d?9XX-`
zw}+mWNAmNP>iO>3r<pA$nIJdu{li}ihMN`HY;<u%z&Q6pm)jw!{=b;YE^*y`6&+-8
zUco_qW;@;iRlSnsySCG|_A6x@z2oCUo6rrZLJ5E-D{HOeQsqY(7IyA>0}25U#!@kt
z7MHyJ;=S^x=2=UyXHU@N3u5A-fN@*p>9C)88bSq;e|>L^trKna7#}rw_%l6ViOq=L
z;W3V<S@FqaDj3`MSa;3qVvrdEhbf(&b{u=J=?Yl9p~z26ZOOKN+ZLm;q-2tyy>qE2
zwCr-%;rp;@DtDW$LMXM|;qdIg?9`u}o9k6L6m3PG00rW%f^f+6&i3*A_Y%rLv0%+1
zpOM9s?+olUTelTSbA&xh)he_PR79|EPL>5No&wWYwc^z$f1%t6A8K$pVN0pxf=(y)
zMdBB6lbW0SB}hocs!7dy6_fML4$rf>cCxav$Wlm2Q0z{$Ass0$1pGfL!mv;T#F`Ez
z37SqfQ$*5Vq2qQtf8N&OA#F5_suU2husoV`_t#C!;P;1vvkOlWnJ5>m<$6OwDMLN%
z<N2o_{A<Eo!q^BdH4oW-<(wziW*v&GRHdl!fUxhMvwi-?i)mTcg95H%-;~!1cSfGG
zV2Nft)`<X^OrHQyNP#XhzG`XHr$?$axx@OTPN(IZhZ}znSGV48m?gy6kUX_l_&C_u
zdLAooi%#ygRMxLw;=4$V#>aon@wphyJ-*x>&ERt}cd@o!B5QX%@?PWdzHvABqSjuf
zD4T1|S2nYldw+VGDd;lhHs`5+(zKiHE^ghzN)mtw+xhIGY;L$dF_u-qoZaa~Q#>Rf
z6v3=AvG?Db6szwY(`z{zAi(b%-+^XRVzcd{rE2<^PMzb@tliHASg>=OXo*`nFZxIe
zxC?Bs+NbW=B@!#oT&eU)3aqncFryWkH!;UuFr`5qjWH11Rwv4Q7jx!A)UO0(PDyMo
z-xgUkZnec{(`k5k7QKL?TM}AT@Y@UYvnQJ}@!0kKO)>B_E7!E6D4nLN*Zi_wq}*^n
ze9VGDb)ob@ku^cQZ!G7b_Qfq?MI}eT=holvs?6Z|05W6SC$*^Z9ZCTnmu{?fpTmk%
z0Sn3gzv9DbMiQXZ_?D4pteE4I^HVcbk(<Zqa@#u<LTNz$p)bQ>B<<ag^=4A5|MH<x
z1mf$Yir2|z>`zf#Fo4^t4HwEJ&-P&A>SGLMd3)a+LB3u5-pVBJ)a1I4!a$_L=^Da1
z38?|<;G|9+0e0eKWNxGk-XD|-Q47_+Aiu7o)ujJAA00RN^>!3`NM5BTs6ChmwXDuo
z=sNt{VlLa3M}i{+c`STxDqH?X8MNWI)2Vk|n4h2D+arfy{3=rSZoq51{rkJtV)Wo}
z-^p2U##&yis<=a0K>O!+NBv@LB`RepVfTw^j?)gYNgcYsH&?#bL^+)DQDF`LGT*7_
zlzC@mb>Flp?JU=W%Er6Pvr7Fr6_s`(C)`Q%?>%2*TiZPqb$*=s{|Ucfh~)&Yq_2(U
zqrbMcCLhsbVq%XM>RZkyB=-e(lae{aoNp)Q9sIwBc@xMg7GjD0&8_@c_A{B|RM13u
zEz~7smu9}^<zg!ZfrY;3NBbS@tb!|(eoAH)=o_JAHu}Qj$B4Q=F+|^%J}8gHTU35}
z1P$jQB~w7|)Egw^q=loRvPxsHTA$@!W6zRC5nr^OKap*mrssiRV#s6&RDU)+5m>&=
z();|D$`q7R0h83YWhXOy$GH!qMI)yFyuAD_m)4Sd2Bgbp4qrU}wTR>Tp>Z&<&7bKu
zyBRA?SX=@p7j^RK>AU1n2v?GMo8GY1t6qI{%v+)fApH0AwI27!{o9}0?`fabzJlfK
z9;HG6EU=ux`=`*jUgMKXPK)R7t2vMBD}s1k7R>RNlGn63eCbM#@G7Uo?8=kg;gr+m
zpKqh`iQ&xqth#*OF+7~ULVeZJ|1ClbX*_J>li7uT8$l78h0YhKI|55<i+6jH{^f5o
zCf@wAKh)!UZT3S5smo#y#%Wvp@~vSfKI8*ZxEun-G`|tYgj&i@NhGH1+fcYkzrhPi
zul;6==ZD+P_agsNv_RM6@N9+TJ9pvd+fA{i`<88;kJ+mZ4?W(iOAB*z*7eJ_?yKD)
zr|n+97pTS-+Ab>`OaA~rp~XzYcw*;Y3O^qjwx$>L<F)x-Ob;e*5*5qHmd%ugn{Xsr
zy*-!-A8cCq&ifeq?qs?8kR3e^VlTXVgc?bTBXT!AX}6T5N#pBV@UeD*n*BZPa-+j;
z3{6I(y-2HrfxpB1wOKoWGyDs*3RN{bbGhBq#rL_r`AP^0m%-b}bZay>cMcp0Km0q)
z|Is?-^5<7WS68Bm37*JVSu^u{q|RaNl{6l2GL90L+4a_KuTd5up^u{frW7xZ8!`U7
z{CBvr|C`z7%F-1@hyK61%@McC!^LG0BJPrp6{S$9p;CMP=Iy}1AcJiAWKR*3LV*8v
z%WALw-0>a?aB`>F2U->Li8q%IkHC?VyfG)5Aki^K`y1gk7PHfy*%%;<JB6rnm|Cl!
zOO=Z3=0K4n1`m%2P97RLSDrmN_a3e^WL)BUG+!;!;^Bgl@9JCXyy3YE`F^IiW#{sr
z{D-P-4V@AhB8U4u*{8EZgG8>`;u+2Y#LnOA)rSy{a#0IO^|De<!uEcValdfT%uVsZ
z$dtr>slrq~zI29L=TyvRj|yyIK9()O!=;ENh=2ZEb2<rSU3>IsR+oR9!JT2p@4zZ8
zqkE<;{85HpnUJU7$@%WR&koNA=9ne)6#xnxra|C1TXd920pAzpIaJ}e#-rp^-!<Wy
zom|Bk_C()<2V~w8*As=$MyJB>oeRSl5s#<Sa49<K;=P~Cmzhd^<EAwWwz6+hM$KMD
ztSvTzR)Bodx<VRm_?*k7NL%G*fhpXkP$RWeCt-x;8>uoCc_yE>b7qyE-_>MCQWC9{
z&xZ&+zpea4|655RE_zaS>-Nj6+(Q*yJS`^X45N9aKjv+dwtPLBiVf*h*7ee%DnRSN
z89AaY>oZVAfFG8GkLT3R3c`^gP0OhvQfs5zQg7x&g#M{<!_P>5%|w#zUJ6#e<&kmj
zB9El8n9LUO-5yMKb+;8>Goc2|PgeDXoP<yIpmP;OkB{ndvS)CG@yph+H(IQ7SK5T=
zArch}4`cdkv@|c60i+B3$lgC~H_JUD9D9e6tR#`lHR?+0KU~JmB!rqXF?C62JE^Vy
z1bfrQLrhfVm|hZ5<Lfdoe3mV?6Z#WVM@n?^)BoSXxP9|x%ujVfr_JWwr?YnNc&80-
znf;#oo3>rwQ#@T|VBp`Auh_ry(vPeacM{AciNl{Rb4JX2Ce>(|Z@X&8{XoeXMZ(%@
zyxku>O1|rhHoN88@}_b&X@g8xLPUDzwb!7iGG*Rl{SJtmJ%kr*{<3`OBbHry^zO@g
z%ky0p5kpV<`rk+j7_1*ev0e-vzG-m<Ew!a2&g065ZuxJ?r>rD&G8pTBmHFOZ`(DPp
zBaR2K#;fZHIRP9=&rr0^e^bFTMT^oX^Njh>B%Be5DS(cjf=?0-7=`V9L_)8&kAf%7
z)1uq;ejw$<Q-#|Sga8B*o!UKdLGHRr*y1o}Q^N0ZTljDBSxtq(MU4f379qI~X#zyy
zXoyd)0+OJ0F6_&{&R?&B$#~N4d><8Ysp*1E7LE*@@2VCut@*n42Jq1VVEj)H@J2#g
z!I5x7trO#WaxQhJEaK-PmvSrW<Z9G7ys3LaGfxbV`^5^p5l6}U!DTuijAFks2j_~H
zx+chjO{gKnxS0f)$9`y9YnH~ejH$kPUzuU_Ux91kUqSwuO@T@*MzAVRJ(Zm~C|hd0
zmr92t-z_XZKRoQl><%f(gv5_*Ck!R2>6q6lInppIVJ4O~Y(_gx4P`d4JI}>0*s517
zzMb9A`<WEAQCZfVe1?4T)2Yq<+$@ErOoMT~uDyLX=L@xp)(_;#M*EJ(T(QR=RZ=<X
z``KVHh>%0}@xGyYLA1=o8V66Bqb)XY`;Cep_jrjFaAop7e|g$;+@SlzckQ01k~t8F
z=NelX!(}Q2eRSQVH^Lh~VMLDm(DB-TB_TXS6kAA;&eZJoc2rg^ns;8V1$wyAP5_DO
zZ`IPNjkf#j=fkqg`+q|3gpP5w>vfov(_E*#?8<d~|4z#K-y9k|-whUP`wuewzZam>
z(mROE(q@)j4IKjlK}ABw54#?<dlZa7sJtH}eOUS06fuI0049+qP<~Y*8Tw|C`UC=$
z2*?;p6S)y`r}M8gz^#uL328AqH4YBrgyRyE`$E>yf+;(R4bco={h<hJLu5fw5o`oN
zp%kv<JI@nlp$JEmbzt4^7yWno&U40B%E=aVd<1I>Qx#WUnT#b|%63n)?>Auz2;oVg
zU%&=qm(4V8dR9<X(xQnSvLTil()X}rDxKh4UgKY><7Zg|&OkA~2iF!*j3={ni$&Wl
z0|NvQXASzYuj`jnfpzF)rDoZJC2xAPSG|zt8*u%$y1M$}>}>Eu&-P^eWPJQaA~WlU
z515>jrP4`A!B*;f2S<lTgrQBF0wLfGCdyn7A7S+svw20D{9C$4b8jG~<U6Abjph)T
z)u;$Z$xLd}veoYJW2OBeIjV`@UBB3`=uor?D=)B(_rOt-4CQNj=W+gLH^<+;RdXEH
zkat#3W}yA^i<*Z88Tf8Jlg|nhr}>7?PQm=w%bhV@|MQppE3UuY=JZp>caLmR>zoy7
z>`P2jW|)-0(S|_*SoE0xHt%5!A3-TlRxc4~ZXG}oijihIOpeg+{Zn+)z8m`9*ZOLR
zr2p&J*yva*J2rSkx8r?7?wum32Qe1kWUIqzyTS7XS;zh6i|5lGywmx%7R@p%6J7)g
zabR)ZbQm_gbAmL>rED7#Olpa0$nl6N2Y6xI^`_FL<8YG2<;;o@1{(!p_G~@(`<Xz|
zIN{``0_b!>Q4pt46wc6jBwYk9B_fBZ5eFENnwD}Pkcuh<2F{?9?vnSA8~P*hWt>#$
zBLM!32#5t}QH7z7#Onf`oL%H<=v_JpSSL%DdvN;W4e%u_4`)F-)(GhrKnj=#Nc?(b
zN<tUlh$@ceL`V-82>F6pjm_J6W{i0Ci(V?^J4PiM@as5CR>j{Gy-GY3iWCaz)RCfF
zMEWvK4x}P;zHlTr<bX#3Ky_{^6oTl4)O}wghlc4W6u(xkg9Rob0KHCr_mhFU)j*!H
zvrE(rU08mz3C2)3&L(A{EA_A~Zd3zFR5!Riwh+ln!N5a7(*UUMTtr<i|D|ZS3ve0>
z_OW>mXmmey$FJA?rt|m*hl(wC((+rp@%Fzf4&h5%9!#ErDb9z(iEA?~(!bX?iL)xA
z%n#r7^QC^B{+s0|W7n&*9LpTbriDpJZFm}n3C390HytL}p|}*V>-@<E!?QqZ?TBg9
zA-SFHMw?yipY~HX_XRN(9l?d8&h_=TAYkFN`RUZ_=g(_woVSU;q@(gIhi!haYu6Mo
zq`Y%Hn%C-ZTG|Lg&zGsKBu1Lg{318;>9xCu+glxW-q59bGPp5^gcQ`!_X{NN(Q95n
z5UC+d;165i9o(~%*b%b}8R#UH!1*ptSA}C-wH6Hf!`8Q><Bduu%LciQTllT=Cmv@X
z2?5WP=S9v96d2)@!iF$GWT2stB7E8K^e`Mmv=lA?5yo?+c8p*_xrpmEP1&m=b`r@G
z7l^s#4(Nq&Ns&#86GOvDGeUj?q{t{??+9=qND>$m<{WR02^=vEu@I4te1F(}(L~Xp
z8X|b`wHRQXwNMg7a2Vt#wxA&jBP4}0(+-<XRB4Md6St1C3ga(kC)fA50W@Y}cuejL
zJtG`D311$LCr-o?$R?@#)Js4q4<<~nEcn=;M5TRCIuj;9iNex-weIFtJQ{i?0uO~R
zU)e52pCNPaJewV~^&FQE{e8awba>p7+4i18umldZVoU%6fLv@OZUr^fzG`gJh=>R`
zw)uXw2?7%75(8;N8Mbw877S@Q3Cx$M^z`(D;Ktd|$$f>5NQc-gZpR(-T(4UQt3}Su
zijBy2`)RB`8>YB@vu$UrlqtYcUa#he7`O=9BxAeHx%Z<nry!^?zZB8Z6Ibv1O=5|5
zx!$>6LzE(Vbz@Ohp&8^>@p<ib*+nshor*FG0vD<b9|YoUl~kU#n8jA>%!bSFF29<O
z4Cp8uEzuzs4)^)^<5dXb=w1bzWsv)s)SwwUJASe`Adg-MqugVO)%>ZlXx&`dV)%5<
zoLRM=hI8mfTo|Q8EY{)1%66#bv8JDsj++*p(?|bWNF}%NCMr?o=f&e`F>gkCdPFyL
zgx!2|;q5==*a4;~1S1l?Nx^zuZ9R$L&PORTL$OO-iLC!(3GkiaB$oK{Fi3(FQ&a^O
zxjF4iBsEOJ5k7i)1^8FTzmOo}b>v}G9Q?L!AD|$NyAzEojh7WS?X4qh5(x=GdWj6j
zB)9v}Q&54AL%@!HLqs##3P}}6PlbgmHK|JS1SuVMMBHiT#qD`^Gfwn>VRcNc%Bt!P
zPDE<y4EjDJrJUE_g<(jbNfa7A8O%i`5Ne5Q6h<Gwhw-&4b5c<?>Xjj1Rn&jba%37V
zQ&1Kl=wTQ_6nt=3A7X*#b`4H$2QnJd$-+!=gXQWLpQeVfNU6oRg%rS;tPj0TAkA1D
zsIqGnsI-_aQpq(;3KWtLekrf>i5%0aiqh6qis^kXxg}iV@8k2`=;M_p4;|*ideEGH
zPQ5OEH!f2Cc3PX`#vhZIg(^22y&sKf#XV>HyV<(c&f6m<F=}e2yI6g0uUK0?XHbjP
zY}U`6c%OBNJwJIQ{{FV$vYYJXEw95Ek~NI6RO8~w$z!wcxe?Fs8uJq?vagy^2E4l_
zdPmADI|4RV<LEqv>7yATmpZDlX#4l(hU0VHUP*C|%BBE>`S|)$w?Ttyl&O|^puQXo
zL1|<&xbDL9y*<EtS{h`1PrG+`i5X%|9;5vJP~aR89{`FkXM!Y&xv|4OA)t)nuMBNO
zzgZ&g-gYzf8HvA9HQox>>lV-BQ_G;oK=~r&Nsl>liJ>1Q*=d0A3mj$v-rz$%2BH;?
zP-??@(Sb>oi6+6?$yd?pC*@2ij-sl7_Mw{;IuIL%0i=(J#v_lQjv)nj@}Hpqu#|z@
zwc30t5hA)dMRL?=0B4<K0_6+Nq>~g?*gphCFyG`bT<Q->Uh~LdI4%;?r#*d{Iw<AK
z5hQcW^uav_AwY?scRf-(kRE#3<q|-+iIMk+f-waIF^WT!*7I9<7fPrIxQGn{Suw&O
z0GEeX729y%^{KA!K?yOHix;U@X?H_sX1z`p8lAj6=I~VwCvh@y13OJhFdhA|&u5{^
zs-q_LYL~n6m6PvoILELUTEE-)!NHO^LG^>E5AP|mdFFnFeGzF3#pUAmzE0?keER!q
zF<f()xwIkOCP%x)XCp6u!9}~IK$9q$y@icc?X~f&LbS57-Ez$*qAcH?H1L2mXYaRs
zB>rUowW93LJhTIQZFx^?|34S9&WsxCL{XarZGjI~Z4lM>)qCEnMeMr9g`-%x0hx5b
z@Ov<EtmRbDvo~VH(<Qfl8??#~x3#UTtPl$8|ByA(wK~S{mA$k~gCaOsAWAGb(p!j7
z@R3ICp~^@@VU(uWSQ`Y!^n`ulFxV~Q$YvdRParA6R$LcOgq`CVO2>&Mk;MWdKx(JU
zu_X9{@)xZtRuy@1<d5Zh<4y;HOISB15T!ctWAara%>2VkWO90;@aCL7&ML?}I!Yk7
z43YrKAPXVIR1{+bVi*!RVg7_=grY5P{Gtk-g(#ZS){uWvsT<SqD=`NbIWgBbS~5N)
z)pR;6Jve<wHOwjRI2eDqR~v$lPgTH7kVq#XVN4nKJpq4ql0z~(c(4>qNBKl3FY#G*
zfM&BpF^RK0Mut34HLY@lf+DT)OSNm3rFBFtuT8yBTD_WWXu^&v|0RV<%-iL?@)ag9
z?OCorKIS-SNX9j_zQ@ul;@hJ4-g->R=LEWMX2<524_F+WQ)>G^U)$<7Q)6(=uXP->
zUefv>Rm+quOi_n!7=Tz)XVZt<mx|74srT6)9rxQSE%8O>ga-tC_6z^^@?%G7XlVBK
ztMxtz5`7}Iq0uUnVk{`ERcfltrJcWPt+F-gpnH|2o>FIvA9b-5tl3fR@SNrGa8dj}
zKfT}8AsG02S~4{|d8Bx0@!|5RI>_6=-`CZ(E{P-6E{tT0ZH{%@8CgU`zbH&8(LDjb
zRxo))-o#lJE=NIXnR*4IqgyPztNI?*2@kQvRm(QyDnhiGx}#QMyiwzrRGNUQVG3iI
z2Bsq<_aFo;C@)|vNQksfB*HgF3{4W<oc>`GQ(65EysuM`AwZsNfaJ92zVdB?AR8IJ
zCXpFP-I+x)w{U(v`D%ojQw5O0NDRi5gbX7D4blG!sJ)o<jEcMC%7Y3=av{&F2y|=X
z5F@^Z!(`Ch!^fCka}{^S253QbQyYoeu#cFeuo20SS_r-$b~$=9!A}a`V3;aBCjkNP
zIzh7(pEweiz?MoxRWl4*ql>739HUlwn*06*K4PxH;hoc9!bw+G`9e~=!$o-XJx3(W
zXaTS|R#7%$3zkaaO}8%@mZB@FNdDAqe%vsY6y7wImhQ4#9sBTv=ag=~?u*_xCUk$a
z3eJg$YdCpV(da||KIE>hezci=IEk0-c3&b2OfWr+<oKV;sG@!2?gpkec^^%Aw3P|H
z^|U-Pr0(Y<K<p2Oqx(I7)iUtA3zo);3~+F*RUNXu9ktX1`KRp5V@9WL9#~865z<*j
zR<$LG(_>`d(OUy8YQx2q%{ysVhs;IAHb&$&S%K`Z{u<l<YDCc#w)Xm*f&b&(E`NoP
z-A64g`Ja^-xcJFOw6qj#9^)d{skxJB0WX>mumlC03UcBgeOMw}UY7;Ix3E>iRYgM>
z`WAs8oInE!Wr9@0Yz$>VilFD^0oqRBrPL232mC^~(lkyIN;4g#DNvmd!-#<MzdJWW
zvB`oiTQv)Evmp<8fq2hX1mv4icwEkbP}7FVBGqhZ*9Lq~L+rYkX62+nEi56NROM+!
z4Ukq&O`10faAIjoO&f|r*-(ADKLj%biyPL{q1UAZ<5A1jNrz?WWKfF8x{AU(W%7EY
z(nsCLqr#PEVj2T|=!*~)bh@fY2L!wlNyrBh)8R_5voRFi!qjC3pkYYjvy)iDNV_N)
zoxCTQRpC)bV=yHtCtqXZ-l@XmUBx+)hKi5o5>ME{TJsGgTiUGeQs%78P08#_lK3b;
zwTxOFxTQoZkL-n1bXpYV*0fXPd*jhAH~6*~Hz_F3*pRgy8ykIMjMhMiOK2y@Isf<L
zw2p*z)?r@thh{WkyG~if<9%)7H><m5n;)+PPEg78ZfCJLe4LgV`1|^7CA#r-Ud*@L
zaQHtS)|d^;$jG>+BZ5h8Ut{8Qj>HAAuknvotFi6#nwbyZ9O>Er-Wh%N9L8(Ee>`3D
zyjd}7qjj<9V}?`KSq>(=c)Fd9UHh{6%4Y2I%~9=Fo41KiAnh_%?EKfnvS9znyS}I%
zZB``P{*!|PN*YS9;gaI99RBgc1F!vhEh?uGl<_c?aJD|SbpZe_HLW<^PfmwT7>)Re
z;mO1EQbUfHya=rpp_X?i1@Ix#&F?w~h(-+sf)NA(MHrraP6(_;OiE<+%K>pa^Atm(
z-Vw-#2pt4*2IPb7mzo7sVqp1w9k~Ex+O)Ovfsg=Mzf%~Ws4o={;2>y|(byh~I5f?p
zpD==<3#V9$O?ttoQc=?f%c05NO~S5up3p2^p}ZDQN(iuwPF<m7_@61jE%W312l$8=
ztECQpkT5-x;hS2fQbHOOMOZI1Ei0b^9cN3r*wr*|WWtr4GD}e%nMr*LhM9&T;A84@
zQr#aN6BYNe&@M5~9lvSYp0D{GW9Q=7ZlZb6C*5{twhSO>l^cz}MOCSkq$hQgmuKHz
zVyKx%284=uFnLw$JLo;0$5O<{j3s@;>co#3wK7NTGBj9=m?`6TSO)Dd8>+IpX9raG
zTV$eF^2Ko}l}lnKeIy`GWWPAud278ZJO~{%zr=0cR<zcBB|$ne)FNvB&PQ0EAh}l|
zG0CcSJ9*fu_7x~vpYZV`W6%fVH?(au?^c2sRQAKU7ungfIy?eq^ObWV0s=QpCStxl
z%%V<@S0X`@h9bfqtDh`>Sk<mJ+IX<a!*)0$W<}0#4ZxJ3jl7V2mtE-6J_@?$=ZQIv
zR6NZhfA{<2Xq{1dXK}%C{Z`BPjBz~E{ce^T3KZgi8hjBro*G_0HcHkvV)b=E6{0he
z{oOv#6E1%V*}*}8ES!D>4$8>N2+9RQ|GP;S!*_qg4Z+8*^mwlH@|XXO+Ir2p1P}o0
zWE8q1@)!vyL|W;bVALJLZr$z7AOOv9sM+^>MW;&M=sG`~YaLn>Hq?naLgA9pjF*Zu
z%WX^;;gs;*sFQvJu@q&2u!0BRxb27l<lf=#sX;mL@2%g7ZTtHBdB)KI9mP~*^G;^s
zuFK%MFn1($p;axyK5tjovvpeiUa1lDXiFlLu3y6G1~nWb#}FL3oeGW)pMPl<q*&6d
z&`b$>yZTt2wu|Ib=4f-BAE5Dj`~DNTe80KOqV>!AbXPr+-ac&$wr45Ry!znHzt}j>
z9p0yQ!MRBDPNL3NU(4yLT<&64CNH(k+;j1@%2cWaT&|C5!IYln-Pu#YFB1c-`W4&C
z{3`{2g2SS;{l7S#9jE9`@e9|0)=QVywPEQM*NL%W?WRxXK|#owuNX9@oM3iKC_$L7
z;NT4;-*)}5Giva>IM?p<TkG`pZv61~Z)`c3$;($B9&2t(b~zpAeTp1@ORdc=?Bn&9
zo`_&O50c2|x}BrTF#(gu-|uIrqNnMIii>FPm)1V}UDbDGXH&TBmhx5yWvV2k82D^l
z8aye~t3%|F+a!bdeNHYdvb@Jy0|L6cf;380ZvGyfoUF<l$7-S@=F;$pXc#phDFcvt
z-dG-7s!_cEayWA~@a>3P<8t41ZEHYC0Z}<X*^$2q+qj#L@GHP0F%yhCHgJRv-R&vB
zT2~<tr+xd08T$h#Hexl;6GcFxPUZ3q9WzP*c@j4k?CUy$ksz&-SQ{gX5EV|gP9y@Q
zWRUCD6KA%3g9+J5+T%Ja!$xIXPpwAL24L$(h9JA8&@jbP!G?z=F}ODE5-#@_MTln`
zQANxW6n;kD!!(4I3&{w>;EOj4&Hj$9B!zZj%6+MXTYyA<7F+7UE`bt5p+>yz<Ir3B
zv5)3`V1l`%+$(D4l9}KnKZ76Q_u9>!7sxcS?xGHc`+Zz&A{;i2nZ^W+!5i<3C=g-~
z=dsa4b;?Pv+zt+Yqu>9_-?uVamTS%&OnwVzpy@C4dFpQL5V8Be_P#1AuAu9((ctbu
zg9UeYcM`0T;L^CeLuj1f4Z(v4CqP4h;0ci65Zpb4;O=wt&6>6Tm-**q9%ijcKeXNI
z>f5`k>Yj7zoV{CwI?hwgYh+F_3$CH-Vf*}WV|{~+*=5h(PXo0^tsV!2jyW~WAPTJ}
z`-j`Y_4QWI-Bf1;?gnfE?ExO;KMS1?i$cri1*^9+9lk5@;KiX4RYovH7~)%6G72gQ
z+lxK3FDLzJni4SfAw1jC11~b|nli6kJCBC;I@fRZ<y696A3fH>K;;RF*<U&Xug;ze
z<$7F-M9|asHeAwBwgWs=Rj)L8>1?(F1G-L2xj2G{Jh%oAg8zIvE+vgG=2NWu;xUok
zcpDvkpk1-?8J~OfHcT7aJS@d359t-5M$QKDd!%f19P%V2ie%(8T+Z(7j|DH4i11)&
zBE2}{)NaVivZ!AZV({_i<<YMRJ`933$GT<G{8Z~>U+h3F5C(WO=~ZKzd7ciQUh-}{
zA${XUV$78Oz`HJ71gHx=$3+T^(T+mS!=jW!mQ`)i+aHn6$wG%v0HcPsi42!w6InEs
zS;mg1e0caCj3~{8*p4Qs1rkkhqg3X`344@z?WF9?owuF?Pop0^mUVs&)pRw-CyOBi
zoB(JF=}*YDESZOF&2-!KeM@R`#y+`?H;Dr3?s|rr^}Ogv4D?)F&Nrb-uMY(<4|hE>
zjw)WFDvRQvTSPVZNctXkhuaFdenPL%P6Be!M9OPeeXrg#Ehd|P)dGiAyjERaCN*~J
zc^&$sw%F`T8h_e2Yb+<<ucfMuh?YcYQK|?T7Iwcm1;i86Hw}>B;QiRHN9Vg8jmDkP
zeGXqon2hIwQ-Fj-j*#o)HGH;qwW(tA<3JWKr7#}5Y(@K>KJL;})_$#+?T8^#M{xE0
zTtUyUQPvF$zh?%y$?H(F)zVBe$*a$sg3c>TE^rXTuvXPWd)K|q$}hVb)2>4+npH7D
z5}xw4aF3gIV12pw_blC~4tTtgxLP9AuQKu6NvJmDyMji_MMMlx2M!lSV(tPZJHq0*
zT$yw=B;0&)WV%*gdf8)CyLqHz>(#~)UTlV(E5E0M;cj({Bx8qZ(FLFzGZR|8NZ6+3
zdI>>(OTq)j!=FH&C`c47Cp<L9rx4a0w@;wF#_li3lDmE4kgW7<coCTe_4$1v(=Q@V
z@}7JO+Jzq1qd=$HZM-810a;ZSpbCs+VwZ$lm<#YZuAs~f7k8s^BcJmsN+WQOeo6f$
zj7ZiVb1ILrX3&d~3@VHCBe0`hPRW_n4C_r)L*DVaLeA3ZMwI6MQ-Gzer2hv$qDS$(
z4ix_@FVoEBL)0XHXI5&hn(SPp?2JP=xh&cGhuCU9Sc1vmbJMm~o|S}I6lKxF@#=XX
z&$b|Eq)g#`^>mKK`77IkgRL{exfvA)_65*nfJB8J$E+H~yQT>P@z6)OzFF|H_v{a@
zkl$$xH6^B*wK+d4d)-Tp%4;&ba>*NQx!!!S+l<172P`w;S)H!UJ-@p$JHKqfq|+m6
z-99}7${Ws7k|;%aL%dLBkv&X&t#^j`#)LQ7R<HY2)L#8mRT;3TDcLuw&1p6=Y_~ya
z^$Um-SiH%-S&1-Yj@3-{_uQ=&ze$$^1S)YT>tPsKIW;qVp*KT-5XjHk*%7!HKpwg%
z6zshh2V+fy+UWWIA$!w;qssL#+7i7xa;D0trmC8jzrOysva*@U@y25#mYLniu0`%s
zpuVauQhydKeMrf6*rmB-@=np#&&0%kASI(T_64NpBO&eAPf;Q2ez30yMdP$3F+@G#
zh6+gC+qBULYZkIO9}C|t#h?@M;^J{Uqr&`2_9kp33{e{upFD$^>VU#~x0|W-Le`wb
zoQDSa5zV2HFRCt#i;h5E;P@<oN*WFIB`V)9%MYX=Et)e~8D?%0JgQd)%3k92G=5Z{
z-+x371H1`PF0CCZJ&HrOX)gkA4wu1Ce5P<wsd^R6!#@!{I9iCp+yzAu(l}7=aenMA
zjK~18Z|30JT+dO?i%ZopdV73)bULS@(e2!zm2r9RY~@A#X6K@jKS3)oyI8n7Idifv
z>=(xuPQ_CjmZsre>%GyB*UxI2P=D9VOw-(l^{ipAjI5cKSDYJzjlS{Vt1S8q*>IP?
zYg3SAf@kZnL;gnaPR`TosYWNOm&;xnwb`Bcy0il9GB>BAd3AVAGv~um7omY$DUD;I
zY(nB+)+?C1uCvAjt6+048L0vvs|{_dMeb6EIP)Y#r}p<Cr3iB}A7CEUvNJfv6)Jne
zKAh#L1_7N@dJOg{<DlHyBI2#0@3AEl25w94El*p_Pks*<xR3i?hoWAC%ml+EA9|=K
zl+9L?Tpvyb*Ffm&89yekF2(O-G#k?Zv9XnP3pO<6WY|#ab^{f%X=`=k&&Go=5lM?4
zsr--yhn6;jyY5&veN%DXFRrU{_P$qL!539@R`=cEebG2zVC(;#;!h_*7^fcF{PkzO
zy6EOj9NZBW5-Oc0JH^zdRKKEWRf-Wtm0TSPK-yZ;>o^I&QDc0VL@Udmjw~Ufo2i>o
z+Z=({q!@(=s@#(*#>Pi#Ui9Mg$a};PS5^OR=IogO^j~;|{r8A|&x=QlNqXnXvgQ#@
zc@_kuc}s|l8nb>79;faZghhmzqe<hbF<FKX&uOHC1RzM~g2-wJyj5XnShPyk+1RAk
zz3IcujASE}^Gfh2Ow!!(<;A<<saJ*{z^O}D?W@7-d<E0?va%$QQ7mRAbz*a@$4U2G
z%Lz9lL&vVJf*5G}0liYmK1EslsCHhjIkW+&93#NO&I{@%??Z~HJ6g<q%QjMW95m#f
zF!uFSqEB^bAsasFzVR+Wern1`5|>U{wX*Zp;hFKKFvH-Mk3nZaBv8LD_N{1k>bXAa
zmBjU$Z`Z{LgAVdJ3Fd6j24RxK-BOut{)|cy8OP4b;h~sIyYqZ3bN_VZ>S7-jp^lTf
z1Z$#K_Pk7Tvk?>QO?m9<VmZvR#=u_ZQ-yG|M{Co>Yj<n6(5}ak;J=z)eGDk(NM)U;
zm^We}C-IB}G&K5^A)#F=-~={+O(ts3o-|%Gb_xj7Rd|`y&lqO>{B1=@C}bRJLZlFv
z5^yLXbz@%vQ2G4y&dXm}DVZMCErZ6ePBUN#B!A-(bJ4BgZFHk#LAI$F-iFdxYmo_M
ze`0j3xjZ~rWWMTfcY6x&|C+K~<HI;4Tf<RQY)XYkmTdx(=fOi@G8}%vkdQwA;W}Z1
z7ZEKc@r47T%qK{}OR;Q`4?T$1ikzqrtH(m3YI3G;f=Udrzm0ZdgJgE7yrrWwGJFKd
zthHlLd$Ii02g7(Wd8I{Opp2@+gZarnq`k*h?cr%eZbg>-VMk9(8%HjG+!iPa$Z)0)
zZ9lJVZ6=69evNm3+0vCK5!mcS)w1NgF{w-BoBfj?B`XHoqSA)GHnzMxa{m{Dp8J;9
zj73G3it6me-R-2$e#cSZs$A0jcSZu)`}M+TO)+Pf*HX#ExJqthVVtE{L6Rff{KF~-
zOziPJfB4Ml8O@ymzkq`F`{57*S>>#6_~`a{xtbMf3KJWQYRxVSO}<Yd*!hVY13<0Z
zTE4{VA1_kn8zG60zoZ_m_9huw6Nb}&?EU7o^Ls(iT$9G{C^)6qC+{6GKf2u)i=OwD
zfkRGFmExVIa)y8I$joyf732i7KuWu!O9-?2f8_!g&??#v{lbH9T<`796nOTNmwL?a
zu|jH?QexPMhptr6_F4@aZEnKr*^4zA&iwNjG(YXzO5LyTxBHMEj7#OgckTroJ(jm?
zJ?1BkL=)>va)#phy`9;P@3lii3k}%4y<w^*5uT8%^9$drOA?HmN5jTD+l2I?<={TK
z2)RC_?MWU?QtWpL=OcOhSlF1WV`?l;YDnX46#@uvV`3{o=!G$eMepYc-^OS|^wChP
zhsp7f1o7GJ)l@QU)Uv{j>7eeDcs7t8xxBYiVE~XLh~dfvS$aSat7s~(s{&k)&O(oJ
z$Dj@ABcw}S+zTDlwJHmUeIHC9KaM4{g`wJ`Zmx&{9mY36LQL;AzaJ)wA^N;D<#_{$
zYpk^HVvl6Q&!%U6j#hx~8BAJSmVW@0%}4u<5z@>RCNIh0Hn#EEUgjlb%=~*{KtSGY
zu(uhFmJTgF(z&Z^b*prtHAuhWd<_Y=A23!=6RBvfGp{ffXAH{-(@r63vpng_5t?fI
z-eLt~3x(f|`lOHE8}65wws`sz&cK?pd%DfVO~Ua4eGZ4WJ>GsG$J&Y=j#TSj8((Yb
zIvFWd%lusGp<R`2aAoH(iKTuJBvTH|(X`eVR7&5p7918^b5~dErgRnPq=Ai~$*avh
zmOlT>fB-#$)yqDbgm>?Fl6kL4<6Ya&Qvsd7tD^aIc^xY&n%iGWU3c$XbNwdYc%_z&
zl+7;Em%y5hGH47!k_B@>UfH51jP+pm(|*VH{E)*|fVWy=EcEDZ^(eh<Lsfu`vgyp9
zin;$dE3$Aq5IkWENz^5Y2B~Lbqa)CD8!@stGD3-(ov$u-VZUjpBnp=`)3dYRlZo+$
ztaZ<&sM@rF+W{G$Y%PZFtb_Y~o6PLIQiiyg4@7sJebwm>Gy9<?Eu0Q;^|oQ4+{Sld
zuUu&1pdvQb&7;AjM)3Isgs3!|uf7jpy>m>{{@PZ--{ceHL~FtH!c&AlE0{ZR0px_o
zH_WyO;l#ive~Y7~IId0`mnA@tx8r&WlnBx}y&&wy$15Gy7<rty(*UIzp(m$c>A`)Z
zF-bXt?xga3M-@mB>OF37jREbHgT*WAxuY<jgVm=qny2e>-xYlQDlp#rCS*1=b<=n{
z(tzdVC<1e$AqYU^nN!9m$TDLmD~j_hJO!QycbIM<X3Jl#r$h2_T5Jy4?AI&LgOI@8
zYan4O)lKyWZXSqXvx~s`53)NgB^9%9%IXDj=r+I7$!Jy(QD@EZNj^?<1wGQ-;qt>T
zW6|vR)VfJ6FDmuS?iXfvhI4G8ezb8+%m=bE%7s(x&MlFQdPHe9pR`S1358WtQGnCm
za3YNxGC7Gk^AAT}mtp*l9C;%dunfQ8);9O(cy`pfn=W8m6MBDA7joM#ghL~!UMQ=-
zcL!8v-ltdqqxIdeIZR=SxT_@-K50*)p`kk4=mD6a*(LYCg*qPxqG`Tks*<~Q9KQ{H
zI)B%js#0^9p{A+Ng4tIBPRn<+WYi<86xLSx!FqOgr$>ajXgLDO%%CCHTyzFSDLKk&
z0>oAvnW>68JV4%IM#uT@sv|&T1x&=_x05hYlOwn%%qudjL=*c~duQuSmwVshN`Or9
za&s*7NDA0N8A>WB2z&fwHIQ%8&NR@^3U>$&5})~F$KlL2DJ~$wBO<X}J%c0g{6djW
zCkq!Ni?9YA>orCUgT13OG$IkNLK|xf89f=LDb~po1)rghmsu1YH`k#V>J|f#`>4GB
zsy@sai>ICd1R{`AtPas+OGF?zZ`XE?g6_@*0HNgoiRH;NJ)*<qyM7c`i7xzaasF<0
z$J<n5jR7MZu*l8ibRg3_tjCA5AhM7go4hgIi!#q<7^`L^Jry>o`soK&(Bc>I$+LWb
z&FXAaVwPW5jg-Ua>Zgtm9ze4Y!6C(sVbh|E*j=4wlm~APD(Ei=m2~F+6C_y+PB`eU
zzxxwpT0S3+bQc;t*6~XGOq~%!pl=YwLEv12JzG;%cQgZt|4xlc0L3F-Wum$+bW4XW
z#fCODdPGQWaSD5))${e_bWntn-wYYGnazu`7_bsB9@@~tZSPEyv8QvDwn{hoW~y)J
z*?`n-%DU0vLi2+h&BL#h2rEUyJ^#ZSAm{18dv+{GiY5%*2aYIJGwYp=KI@Kwl2=jl
zrp5T7^Qu&<x?5qj>+W*VHendFc5zX`&7UZi+CXShn67gA+P$R6AfR?MUDJ{vm0eBL
z$Hfm?qW&Cv@6OzL7t_9Rk0{>0iV+yMf-1?xTYuxDPmcvpJU$~sT&-J)?MDC&5yVH0
zF#?_cmV~b$v8-ImYuWqi=_)jbHK_mBFPf+OUH`M4(wZ_rjn9SwS*2oQP`s>q89W@#
z%yfCU8VWf0d$F;5Mm6Nk8qx+1hCJrwdk=u$<Rp-#HN0KxcLZz&2p`|;yqc!KM%jvO
zaxU=y@m+$RkH3-jG`4|X&q!=|OPCeoKsfveeTes?v6_*nif%?}?Y;rYhB6ytsoo%v
zGCD|q0T#2QKG+Mf>_f#<(3#pX8U?ho=F00#9~Q!SK(%;JK;fTR=U$mrlElpDu3k0;
ze}+mgZ<!}j8-GDIoQWl&X@DcsaNo^Rb}nO-2;Z<Z*Nd`GNO<q3j#=<tY4UvLY2oT4
zKq5PKc%G}8l8!3p@Y*g)E03Ro|8gr0aQY7F!DUeH<DwIXi%zjagS$VTIu?uJ^L^bf
zvICdyt5%*KT^|NQb=inf?A)-bh3$bV^tETjNJy-SONZ1EcZ`U9e~dN1X-(P*N6PXG
z9Avb;w?HGE^p-B^{bgqvhmoZICr|iv$n4(oAqrc`=l~0^dx@OyFnH}zq;dBngP_}d
z4c8a9J|!um8t`KEh?`aa;NV{>VZzM3_i(uec6w1Eo{j2h%s0&|ZhhEFti;&OGMRay
zkC~m17bO$*fZU9aH>H&Hg2Q~P@dBWrft;eLo%SgoZq(Zh-NaY~TP*JH!Ow2k<BBR+
z>dFUnKeA$!eqYEWFskBDscqS*ZWQc1jg!;;vHf@stQW6DW1%r+WdNDxoM21>ru=Ou
zdSbB4avK{!nq?QTpc`DwXZv_MDwfG*Y_}F&tw*BBni%mIl2-<-)|N+xe70HV;(0bq
z_T#^NIL0DAC@^!11+7VA<?~pb(=0acu`gdQ-6oj?U*ywo`V(;MbT@zjaTk5p+lA^v
zIzBA*eeb+d@Hh*7>1IDXdmSf>$o>68*JcwAWpchFip+w8iQBvlVKi=_e8&S)s9`&}
zRAmOIBcFP&4OFskeD^6y>bM(;dfd_{RxvsXP@qoKv(1OWja*vnV`Sue-E|3UYkZhR
znyS9C0%bbRyw(xY-`x2{EHn|;=j3}?NYWJhFz(A|C2qz@O@0pZ=KOLdH47R`ay@WM
zkHmM!05AO5R#!|O)h1?^HJCg_+7orrk1ffqoep`(Sq<7+*k8E{$GyLZg}W1>C!-?2
z#(Im%`M6sbdQr8T=RH%i`t&$>T#sU>h;zQMqtWv8tE*%efk>Zq()~|RK6?%tYhp*f
zX<hm3wWN2M@KDqDu)*|oD~QD}qWDR7-@}!QJ+7ejSmuIicwYk^f>x;S6^GPko9?qs
z2fYPNaS081W=_-l2!J?QoZtFhmG11h)iamdD=wGiruqGYl*HviWp3sRBkj7U-;a0Y
zRm9jh$_a^BT~7;+dIW%VG*SDTf4b7Mvwu3S@O!rBAV!c_=FqzYv;pt-HV}}RVMv4s
zWKMO}=^OCozE}S39k#Kz_t|KV(n{Vu-$BqEOX%Ci#?6@?S@yUYp?hu7VDbn+%bx2~
zo)>tC<hvqbYyGu4xBu#>Ya@=W`Ebd;lATb1nVnppjY+J}oJsu_C<i4|^P6$8wXj2x
z<V#C-&u)H?qFe%)aC9{==7OO811Xwchk&VCq;B)-;b6koEMO0_-6zE+%RSfRW!bwZ
zfZf@n1vYfkAz>~UdsYpv&jT0{*ofN=_*e1hH~_~Z2Ax$SX3)Ce7rUNTdgMg8)Z@tz
zR~t8RZ;43)mFPK)D_A5un^*8T*r=@*%<2sH%Fen3qTfj7`u3GYgQMHSp{dD+bExJC
z0_$I)7{Ik#%D(4q&q{unGU8&hGtwZ3Z;oURl-53lF*1E80KXYv@I;h{{3e>Me1=Q&
zcqr6$vi5X;b=?`9TY}*f<-RQA2G~yz8!LfQS6R=MY)2S|jG8^Zy>e~!-)pe(XHjn(
zJ)*gpGNTR{+~51;iF!wuYso`KEvSxTp;D86{$Ot2&5?=yeE<iMn3+`*n6BmD0bM7T
z>r;Iot2)zOa6OtHn5g&7i<<8xqM>W-BSnLFUqQK_gKkW^K0n<1exctDRFJ`<q<nsN
zUM>l@*~ct<#rwsM_#2n={Oy(ZK7;bxwYJsPo1K(LNw84>r*bl5am9B(2hr?&-uWnb
zYqa*833AO(@p?=qEl9ZyCEy<%Fwt-gnNc8r#m#l#Q$!dHgPCa(d<S=4+}N|9;w7eB
z9NoqO@n^puHsV0FwGb2cV5pcb*@svR8rf)hP5yvg0kVL<stpm9vx@ija668IpZqKw
z7n~H+(nN>4opv!9O6aU?Ez<cZsvAlslpUs<=DDv;?ZtrI36xH&MM&YHK}JPojq%~u
zwCxf=D_k{GjUH>1Ew>XKjq|Xtr!Voe5$`%_S+c7Jl>H~g3_s8M>G;H~(}wi39#a9v
zq*?LRJ(suANXdNz*8b2L(*Al78^`-?aFN~RuU|<aUi%z?oF+>q{fCN+otifV0XyW4
zM7(LfeNj9V)GbwN0r|7b&by}|-PERm0S#zl?C8jX^Im{T2dBg<TYK%gDh79nRmLCa
z6jFX}1Bc7BlkUB$Hd^U|Ip#B}=zn8lVg<f|Z3-k&hGdCUl<hYF=g@exR8!!U3#1th
zc}p1!wWrlp;>osUHDrqPDR^htu-8XfnXe^F#1YsRS#k&V^Atc4Q`}#6bP59QZg!>4
zyO9i2vrlwp9OTgQY@*62&aar?p(3LXXu0PK=E$c%rw*~WyWDrV9}avxSanDvT(Fk7
zew-&YJ$`t)9zES2iga#WUfz+kfHbfZD^xcCOZ&=w$I-(^qFA(T!U8R56ZXTlwiR;L
z|E^lsxCZo9d+B1|EM8cU;|@?tZMf%P1}?-p?1<domwh;CuyBDjW_Ie};`|l~3CxMh
z%a)>hD^vdbOuVjKh>TKKg_T{+R#m~mxaK#zGnM$<{5s(tzqcAA+i~b^<DysYwLGG*
z{q}dNdzG?D2w%K9)mX-E=?G+hoDR(D7@cd=+q^^NIcx&t{g}Ucg+&7WJvTQE=)0X%
zltY~v;gy<vAa{7>6n`z)fQ>k+?2K;yrb6Afa7uR|_M5u2A=-dj<&>_niac}2Hb+<M
zZhlVaaYU!3OaxNVkLzndM|I_0j*wWS?1BSoM1-ckzHv>q&+5@W+i2GQ#kuIWB2B{b
zsv#DbE@hT)3T!gp7W(lW#B*$=0~O1uNTXz*>{C6hvH#7s)a~9YgBVUaf>IY?Vtt<9
z8fLEv0=8glIbmPj;n~ebAkjq67kh1*pX_!$n6zj1_YhLztn!#x;|y5x7+5jJ3>xNu
zoL`l+H=UOPd1X5@y!`%oz!6c6DX>leXZRK|KsU5V<-2rS{KmKAGFzQbGCLkTy!%Qr
z_`+85s<p)=$ek{eFwrXNHN*}HVqw_ZY>R{CwAkcd1lBk25$2YBob`4zo4f7J-AtmP
zrf3K<3&{UI2v(WQI$?88)Z4qO{+U7A{5UkN-__(@RjNCf%Nuojcht6<k86B$__#t{
z`~VQ5Bccz0RV-U;c}Q#yGPdvNff)aLsVCQ0;`j;{7)^@@<@pBfevkJPn>%khpQ4{0
zrh=~?n0`_~J$$b+J5OOA6$~W|Lz60&9@>D{d9rGdpUM9lb;!nU(+3Z206&r5M2Qi-
zykg>`@)%&JjqZ-PaX9nGAWMVse(}%W-RA!-B)DKWiSdv*o@zfDRZG#WVu&dr((Z@F
z(M7Ay3Mi4XePeBm$c-zSKijPnzxWB%hepEN6udr~nzi^G#OY{~Q;;F2SlDOB;1?6m
zsyO*~ez#{#Ye{490lwj(j^^Q|JzTo}Va=-GzT|sRTov)&os8Kky5~-A!)*dQNm6v)
zX+eH!`iC5@q@T5=<%tS2?8mm9!w+%EQQjKfRPch+Lgbh4RjJKZaUNm?jh?N$Lay^C
zKiCil(<}KY0I4K8+bq}^ek^-}G8!<t1yo`T<>a0hJly@|fp@bGx<B_E%M<V{Q|V)*
zn*_&~Fc3_7N2Y`EpqtT=&d*!3>kpbtTQE_G2PT^%fozIzMxGg2x(7FEuY#@t7IL^8
zUVneTrlhl8=qI(d+E_6j0xj?lfWZilRbyL9(8(|OuKDE%#@m=Re37?`J5*;EPxmW;
zD`WP1Z^FLUkX51}W)jjjih}x+lj=?RUiaYf+fp^NmCj;GlUTS5PvcDcir;48)5Gd?
zl|JsJR~0uu%?jlrQ_bxDKB2bi>~eeP)AUj3YGL0dqz|R2r?7A_<gpRpaZ?-9)3Uyi
zWIG^=FVnYx&9{DulLcpO-~9Cr4|*OSVdVvnyUf&e0&j4%#NzV(A8#hs*8@_6*89i4
zs^lW15UoDUv}AA?_EtxxXB?&3%(v3k>Vi-|H2(a7BC3%WlwZP4_WDeKd$}?>L+2$~
zKCUe}f_>w(jK;hVGxBV6qfb2a9-tzA_%XyKCePxw{>}9+6E{e@oCUoh!kGD5n{7|n
zzLAk?K;92?h?lYMTs+mo+U@vlOXmgG(_PmTJX>S1=w&sS>&y9M({$6B$l<R|6Ye)M
zwCrz6D>Mlj*oV9|lDl9-Dzkvb=o{wW-UvT3hlG~=ioKQ+Nk(uJt}45#9D!~4F^RiB
zbLUN{73_hKGYDum*PjV=hJmrj>&k#$xbby#mt)Kp$c9?>`0gPA`wGzW0jkzrlZIts
zipB0D7qgg)B-#{$+*Rz3aH!2bKP*E+JP<G>Zu7|NHEBf8$4HIM5!V~Ib={qIPkr#-
z->D9Ks(0$+n_=a<$z^~hTJ5zNR-wH0GR8}&XkaU#+1m?&EH5O`y=P8THxAf_^)@JD
ztb0u^d1XUtGQOYUzpJQt-3WRC8ERHij9T@Xw=uh)%v7`;*<#ml5D3Hai_cp2Xz3|P
z#uFV$a1Gtt_!fHIM-y^6WX5US_A_&meUX`&x$evFN{+hwzWu!eVP=V04%o=KbY!7h
zt}T!!D3NLA<K{HXh=J_ic@^&4vH!GuGDHX&oiwcEv+?g-)Z<N=kILbonw7^*!Ru`n
zGn|rFOO&|0ELag-T6Pw%zBoB~6?B^R<gpDKflU3v9F=k$$>tkN4H*w_Dy>+YR+v1!
zyM-QHBRyo$2uBtzPH$gb7|PI6=D>KL<hi-c{qyZhN_G*)Re9#1ATk^ZHb#?7w8=B?
z4Cm$g!VyZo5-YR29$diuJW;O_j>79dWOo`UnQUKPo^+4g2i1FsSQs+#cqsbbluO+i
ze!m*o*j{HYSZZ>of1fq~5)&AxyA{HTtW!I-jfkt1uO6kP*h+g}6P|0uw2+I60M{Fr
zeFl{rjXWF83a`lqo0jEZ{nnP*ITzy{v(?}$U^y86`r4M9&3Q*{Cz&L}nU&-$t^A-l
zZ-~pJ$?lS8fIo|V=hMl_Md*_l-#&ljOmDLuQG02s%n5?9=f&?2?TcY`1^%~t&SF0G
zGd_jpMV=Zt&!pRGd-&ZmQivEz>JN&Y-3ewL?Aw8OdUm$@8;-pIb5ysJ_EjpPI2KRD
zmCqIr`LkxTs^~+gp4xS3HY#IN_LkBD4Gd6_hb*O(>!AkVcT1UhO#no2o-&$kiLjvv
zIGs156H~*a`=nw7`w#}=-W+RUo+T+-v0R_NX~<1csT$yZS+gage-z5u&kypr+4x3J
zPaoxT3+W$n6!TrVA8`#i$XTt{e3g^1*xJ`8^?5tPxASgU0x1H#_8eTW9q7|(o>f8`
zF@>~v^F;;w*H#jM5Tlc$wU^h83Nx@>bgNoJ!HeVu7ksRH?0n1t)H3r|O!@A4x|q6J
zgq#Hp99wjGnIvBDwv$1~I3u>(%CLa6BEY{beZkJ=EC@|!O*CW)Q%??$lN~zy-fU12
ze0Q~aGh~)QhINj09tzZTTe!7CD$oU|yVjwEJuF1n3n|F%89a`oMDM2pto+=}gB)%F
zZp7rU*Ym6S#=fVOQ;Ld8u~2k~z!Za60bji?H~Sc01bgGm{d$d5tx(R}wVNIwz@+8*
zF-I^HE@;wz{$>6wQN($=^5T_Luyuea5)f(`b`2a5OIQakhu)NFHX`4O)-|%Q%eL=O
zzt|6VKD#_zZVHh=aL=$YGV@#UXMm~_(4&kS{`P@&8!h0VpDZ}mIWKlD(=|0X9bI1&
zXPPjv4;_xzIK#fm8lC+7nPWz0m5PN+Bgl<lA!c8EvU3kOM#RkrL7H=kc|%=Ip1Y$|
zVg&W04Yyv~y}n;em{}ZccF%U6JcgDH$=XU&4Md+lGXm<6J|~MVfC&9928x~Ywug}o
ztBML5--d<*98kQpx7_t8L!DOn<K?}_@2R%Ujx}OPaDHhT^qui)HE^uD2Z6qO;p%oj
z(<ESzh9<<o#xPoNuQjLHsdZ!dsPkbZFvsFOFWP$v-pz8~<=_o~+_S+)Z9oOM*0$!x
zSt7xX0|M?JL;A99N`-a)?g;*7(6X@GM${pwHfTM)6Iu=GJ;9XS$(X_S{A%aetY%VT
zXj`H4GP!B6;me^5k`;DTl(I5l<o(zNthMqvV*M(n=I{H5JZauyXkHlraY>9WkzCB>
zwcmnMD&rKSIQW_y9r*cpZ=pmP_an=`?%58~h|FB3sc<=B1y_oj1b)U^@BuBe(;|zH
z$^gJv$o>4JI+4&*{qwd5$+x56E0`y0v?U}AhmyK$XTj0;&yu|h_2yOMTM+GDYxVr_
zEA{Lc%_)h%%YKy&Jp7O5hOCK`U^T|rdS?ivMvwBj&WkX;@`8{%i7RB8*F<l_pB;8w
zMUt9X_az|x0enRk+bm*aA4wW4EWd4!1*iV0DHV9OAVu}XU2W%rw~3W=;K?^q4N#lt
z?NaG}=}6i3Gb0<(A<4T^u8Z^YpZw*3nIm<%)c+15kpFXk;yk@6uLR5&^C_`b9gTS4
zu{%uXPaGS}EoiBlWvQ04tIkXmPz88C=fW>=@d-D0kkS-;WXx&BX)^jtzN!6UPj{G#
zx0_mN({#~8l0<f7Au%!}*3ldSOk{rRNzX=ZUIazcS4rD}_Eie9Xag5*Lm+h`RqZPD
z*-zrDlxlBUoV#{z_sy0Ym3T0_@nuCv|E#a4y%IZEOQ9c=ywGKfGk%Ltl5l>$1f+U#
zWQFG9gD4<X=SxlVyhdQpxkfN*f(^Cvq#YUjgGf%~Cc{OxS4Wd+W<D@8^#Hyx{&|5o
zLp%~rgX4nLyT{4Rq|C%kAK#oDT{6N(iwpY^!wmlCE)~N@m@L4)aA~Z!S4U|Y)UXAY
zs=?z1r(Z;)0sMwhg<JSNpjlHW{r2)p=Wek6mnyv)NWz!hWuGe(OcM5Sd&mn>^)C_z
z?aLCmHtz5ZqW0n1k<nfFj}6u7An8!^?hgYX@u%Ub+0c!sPxML&i;kCTYaA_04VKdt
z_Kh~L*#M8>#bC#wOCPg<++<Sd7QOFEun?%=qpjcdw~-tTfEQ6gmO?RhRGV)|s0(@p
zP|!tOt>SjmHJsg4)wcb<#SOi_M!{5f1u881i|uyL+~E$jGW4e0#VL%gh9PU?7ML%+
zy(Jn$9?Z>L7o0?I-jZA7gnX}Wt2RDtxdP%^xS?dj6u+n_?~m>d-?Umr`r|%4KKcb1
z2`AQ9H%)t}F#>}=E;7=Y8D0qn5{=*0bz||p3&E*I$o21uZ1+8M;%iSl8+^E`6FvHZ
zLnD@{qf%WohgQG+j^<v-;?3ms0lfLlpEwc_1|n*2c)69R&4_(_xA$=@Re&(zJVWdU
z!;2RdrliCJeGy1QBwROVR!Q?()`U0m+EtL6+fy~Jr%;JJ|76%UtbeRM=%{76^ynap
zq)^712kqs@Kj5#d>WnTQ4K_%Y6xI0pW499^l}tRME*0`>Y?{OA?Ff{yg9-iQG7P*g
z@#Qdoe5Pe>P^Mqj@Ldh;IxyKy@;s5scKFyHw0f6!mb>boFJTs<(v*lkfnz{s8nDvp
zyXtww!klM)YOGu3EVM>z7e6mE7||VXRc8#zSBf03$<SwAZ;fQENJ)(@bbxOibJOXj
z4+VDJo}Mrl{4^p&`~{}X69Z~zAj@qJW+6O~$r7Go#jF=sReC=}ZVR%-eMfoMY2tsT
zi)x^kHYZ<CXBU}U*uf_K!&A|OquFFa;FfW~SI6*6x&hTN!N=k5<_Ju$vc1k$S1Z#p
z_-3kfxvPKJD@f2ODe7i#9N0Eca<L%3#==Dso_7jE`t3e%hbOD#JF^?~RNeA;N}9)j
zZ2ocj_ACnf``{q7LPxApPo1(PSF9%2d(DZv5_2e_9bn+~vwK<Av`6`_NbK-4QndSA
zmxz_R7Wd)$G_8`N9~t%Re5?Itf1!_V{X%o_9p;#nl>6z{9`h@t{V&2h7HBh;l(fRT
z-*||rRjJmNDtGgrlab>?m01+XMsq~c(8EhQri^r1%LaSGKZ11|{eLXAy1LHQALY1G
zeg-#Q-0s(n<?vYPDm}AN7gQXd$Eg0srUN%JuW=Gg9wgZIcwJRU6uVG6mHkXItaz!o
zSIX=9IOA$%6V!PtcajML;b^PK%jm*uiiD4%rM`mS@s2`Yi6}jW{pN?gL)8up=}1H8
zq88))^&8PGok!M?$19zeNlEdv2O*7=RU=OT%$8?E28p^nP>!fz_@tfv<-LgakN8(o
z4-pFSva7bB(QtQZkm$<`v=j7-yT>{p6-`R~;d}|@OacCT)?t*4<QlA+wp%&96`nNG
z?jY!XKhckxN1sdQ@->KN%G-}<<1^Ibaqy_1-hULKBto@=TALNk0$O6<=CK@_@B4VO
z%lYOqC-m+ie@sfK!ES(e^96K<>}f)BYva287xn#f7{h0)p8K!?E#UxuT)7D?!fBk|
z_hxkm3!ki(9qTL>ozaGKr3wbL=9V=il3vHz!elLSCN5K>y}@kk>5btCZW$P>b<+qR
zghi2Ob|NA`)-zX~EvNIguf%H?2ap);YeG)HR{=tNHzxxJ6~-((?y*XAxb(}ashyo$
z<AvZV1q5DO3B<fytLafhpri4m47{Q<<Mbg=n5$1uZ=~aFEtQy0HEQx`By`I^WKlyX
z7=GpG^rB`)8XXrAbgaq<V;D8SGAzj*GyTl{AsykR<I_HT_TFK-ZraT}TFzIi)^EGP
zg;6|FZ!+NiWZ)I`Dt(yOYf*mT>#0ST#k+6RtjKr{ak7aC9~pXv1(={IkuPBrbS8p|
zM$d3b<dkY=K3lvc!B%9=?K2HI`34hCe2EbD?zy1TYU>nRCb|tkxtN5rL2n|E^M}Uu
zbNFU;G!OMPd&2n5d|_jpw`oNJ2aAivDQ)_@vX}Y`3HXJIs#>fSkSTkG$iXC>BBj?R
zF_@g4ewP*HPD@QHY~Rs1zlg?}TJ{64>^B#4NOO7036$0-&rmMDTq<f3ZR$^E7*`i2
z6jwt^y=Gz@VA^p(F)699i&BxNsGhb-yM#q~Um#ennzg%_P)5-ltZ0<#g6J3{XI6tA
zE;3qHP47;J;xlvkn#-R>7<y-am<hinFg-M_Kwi_WQV<z1lfGf2=8JNRdiimRqUO*$
zWBG1ejwbY8Mg1efaqvlZ$JI=G8=i}Rzozi4O1#GyTV~dAO{!_@Ms<o@ADMF8hv(bX
zBWH~0gp!YFIKQWVpR1%byDS0$Ltk11#YyY4r!VdcMG6vx%+0eRZmtqTy|tY6mn}(B
z`3$j0ACNW4q}B&!tLwG3M*S&^mlAnQH60U3`rn*i=jY#??S{@RE<PQ!e4e0#n_et6
z7W`R}@SLfxJ#+y$+rq0#w)MrvGrq^a=mo5L&7hEr_*QKMx*B$qfF6`>TJ!v9+bpw#
zdZQK@Awz@G{fpb-J-(H>&sq?2JTfx-FK`>6!UXb8Q7;US9#a<GvQRvs-dKqpk#Ot8
z<c%Ts`ZE&~s1`L8R7((rB-a;uw}yn8Y(K3!SqjuIEi1%7{wdNfgz~V8Q%A|@Gvmd1
zGdrMF&g<H5H2p}V?AfGoSEG)cmkyO2ca8gkEv}{#+_Rbb-BYU~TU>vHiO}?DXT*2a
zpLA?8`Sk%U>$j;g_3Z@o$ughS)#d{wwT#^M^P={nyV<LiU{Z_C502?m*#n>SFmSy=
z-5AJwhSfuQskF%bedDZDKlh=@2OS;3N{O_DZ)gM@9{<dDh5VV|crLi)25`3!89rMO
zkw?0`x-bctP-yo(=*>V29!f}Wm=Hz{M+b<gW#7VQ$h0bMsi@Tb#E<jfn$KyGF{gs;
z(AFEB-?Uh^dG9#YfTh-<v1_?}{qaRUoDDQ<G}Sz&6}h-LA0dQ{Qq)oDf$3VZEX^3D
z?wfCGIhlfF$&;+8Q2{lr;H?QIz1Cp_Sy|*{q<8(rT@M-_zh3i*%S+TY4lD2Zdc7~=
z)^6jsK~_ztcm`1V(L;gL2<fP$z}~ql8>~q;Q23A^<qQI`8-G6TsChGH_~o;krl=A^
z1OLNRJeR5GvUfq~EsJa&Fj=5Z0w)Dxj{bP+1zqNruaaKHAPSAEQu|+9beV3t55EnI
z#`mBZH2g%%kl??4TI4xu2&9~Rbl=q8$JmuzY&ja3HEs8t<s?Cdo_$!^gAIKivV>d8
z{^DnZl9hIgz?jhF6|54kHr{Up^@)ID6n$5{hB#y>ZAaZ{T{}+tXEbuuGqlDCsi?>l
zu%NGZFq!V%&OiQ9mQs}<(?x|EI45^nTl~^vP4}e7lt=6_qRxD|Dbu0Z(QK09#1BZD
zQaBDXi}@~{G%h~vjfy>sjwak^|EyK4^fcf(_H+bjxfr(l+<#||PA?l}af>i)23AN?
zv+GS5TW#xB9NX&rr#>x;L~7@TbZ*r2>kCnjw}ZqRCKj+$RmM7Fri7xCc!B=9>HL88
zNd7SnX$)@P9z<HGhwJYqdt8a@?gC&Rt;lAmtq3jc@@02V#4|2H_JB+BiLzYFkNCwv
z29*dRly*Qy*w@JR;Q_5La(STei0cxSRps@|rFPfV75WEMN~D*BqJSte3Gl7~9wME1
zA}9=_j*NoW|4<<%WisB9T2UNBi~h<{K<nUmg8(N&UWr)8|7`$Ou6KW&gZE{%AzOie
z+0W(WdT@9=x_{{YOdidlSAS74?~2D~$rtIBI*Op6QLu3^G0tX6NQ<h7^B*2fvUap8
zq89;v%;NXQeY0F<rW`Og!vv(Dw&1%9AntE_<pN^>JLcJlqj_grDs1KIsCXPkl9GTT
zBM2BnmzzgaOVf~HFC4ujxw|*#97cj@Y%xX0NH|QtxQt{2qMA^sJTyp5_}W*hb-T{B
zQ-zEpD*7~BMuhh*Yp%Q+#PKyzgZBDK_z#3$3~4mYb|&i3`{|*~=ydHc{vklbWQObN
zPY*K#F5*4SV2_3?0v@#z6p!|&p$-;ytj9d7^E*NR9_X$fE0~oQd6^Q_O&&4L5b~yS
z`t*lQ`Sk6@b8xNU)Svx*v4EdMk%-J;)}!Cx3p!7a(esV3&Nj&IW;t9ty!UHbLfqHF
zp3y2V)>gYE^7`B+kUs?-NdW6d8ZHhmogZbOd-YVhQi_A1KjkJLDa?DvUv#VnTsd#u
z`_wZZ|8#jn4T>rHHFB{(X3&J@8(+<1Q2OQSP;7{^?K7;5qFeMCvZlnrxn31m<M&<<
z1_nr7YmGUE9!-{IJ%P9OY>7NVw%tjP#j5$BVFYbcs`cSg-_##PCN=ES#r|y4KDBdc
zuU5pg5!@)GrYu{d3*2|Yx1H}K=nv=*h2c@JnIiX94wFZ$^s%GqRz(icfK}^^4<FVd
zo@bb45D~}`mlX(~TwuEfloAv&h)o{BR4b>EX#qCKUTiXjz3{$Z_3MKkPc8E|8@YT6
z>)$?o_as_dl=jHq7q^w&ia>f69aY!ycq<|1qwEIi4pYyPe3-u2-?x}!nycQ{f({^C
z{OJxyT9rB*?(B<}0I_}z?YjM)%ctoYt;-xMfGQ=#R{9Z)Pwvq#?6|txdIkir?w+Am
zrW=J#3{bTMT>Ms9UM|hgx7ti3I1BFe54f)XsC#U(7Qd?nMM1Q|(qoa|@0@G*ou4ed
z!=*Y!vo{J{<Y*DUt}>&Wh`>N*Oh?JfW8zY$%bQ>tiU=t845RA|sVVMgT+~9@t@r8+
zh~<Wy8Z&a}5Q!%Sw77PipAH?}-;4zY2I8Jy>=h-Ct|MMtpGdrtJo&okxl<I*nJ;IX
zAAC6kR4QHAWD)}lg+)Ui!g2M(adA>@oAvy>Z5}*$mUBYu+tf#ApWV9{HcOa?)341y
zca?NDb~GFz3IsZ=58$f2Pi}M$bE0D>GT-}-hZ%PPSxKu>hiR%t$47vq`Fkqk(a};Y
z-G%VRr+&Wyuoe&JJMMn*B)qr923i$le;)Jb6GVzzIvN#_J~%r0>d*en;_J|6`BhEW
z4;aVykH^y+bEyNL9N_Y;lwLm6nBhb3kE-~4oS#>fc+PD3&xC$ewYLc$RFo9vw%S0K
zdWbHVx61!R6AEwP5wD(Npds^`VOXW)k4%4u|14QJ)AA(^9xW83uyL3|gG|TXvSC=2
zB?mi*zH+)Gzq}DEobk8+Pr@|jSEdh3p3GzU&Xmf}7Fq$`!mF#RyJ=R<;&41Hd>fgy
z1acvtKQJ~hw=92H#%b>m=iO$3>5O5N>L;@rf>EvczAXoOMuP0WIgdA`nF0L?GPDg(
z$LqxUrZ=H?SB9nXr379+%}M3ra-3*l2(}!rdyCON@dP!47>BPaj$Y*ppX^On4Z&2W
zjGooIK80x2@aFD&YLXYfzf?f$;lOjcdw=Xlrrqz47qH!+&ndS5{)n)j<q8CPqxVCC
zO>gtp#Hz&YoHro+HgDSw^OWp~(Pl<Ne|xMHPb%d$)={omp!xEf;d@P;-uI&oEK_9?
ztw5+--<Zxl4aVC~Mv~XRkQ5L&CiQgxEq?6rcAQR!s9{1ne(ea7{F&!nHVfTX5wV}4
zz&^%H?LD{=HnFyDTxXR#g8BUEHc)q!&*xi<DBUs}@eFsxb4;RJWaUyE3tvL%6dB~U
zhyU{8ht0hfGx{Wi9ZQ4mc^|!;TpthJ3<6Sv`J;H=uKG3j`91eyOD%lHjw|t9x~Pg<
zj=U|4MA<-25#Dy(sJ3klO9`oh!8d$Wf8$BRIBJFTKz);toAeWj+%Q~uywk5buh#3Q
zh*Bd{Mkg=TP(A>>dRnUG6)7l5MLt60P{90xl73^y0);8L^YBBlUnm0VQ`veBy<6YM
zs!f9*MuhYo1cv4S_0?){)!+$D&Q}Dm{9L0+;IemdqLis<rkId8ug6ma?kTtY3=*2m
zGKs&cEjAr8H=EYJLOf|*(E3dxj}_>H+hO;5=X2LD_D7Eo>7IGJimI|K;G373o5g)c
z9}6>~Famp|Dt;p%qxWoQxE09PElZ%0vgn0+W^y{~BmvGW1<Mo7xI?7X^Vl*Q5O7mb
z(3G#0HGli}`Tv(U3tu}gFE?v0XM0a8E^jw$3oje9zjvOTo_7DY0O1C1LIMIH;DJX-
zfcw8b{yoIa&&vbi`THm&Ajror2;$}u<mVOu(Q^OaI)VSLA8$`D3lCaakhQC~?SI$q
z|8)F6zl8fgKko0-|E{b5myXfXaar2CaCzEcV9?XbxOmxf=-XJ*YTNup#mnBsmR85k
z#>t6R$I8Rr&5IUj^HPq5mKXRVIe<HUT4f6lYb#d|8(JM#h?lR0ht1z^bnWatX+8h*
zInV$3IpDRorwzp0i5BAOLHnO!_P1{@I~!UnS2uqTds{m%;Di4ec>if4qfcw$V$DwL
z3w${{@YJ8y6=>{1>*nF=U}NRQiGhLfw<q1#wDvBv=1!jGv|_Z@t{Akmo;KFB%${7p
z$?^TY<L6?gWdK@9(wdoh**LqILF}Du#DI3rKL7Qdziq@YtX*AfF#ccqbN-#nKLq|E
z@DG812>e6f9|Hdn_=mth1pXoL4}pIO{6pX$0{;;BhrmAs{vq%Wfqw}6L*O3*{}A|x
oz&`~3A@C1@e+c|T;2#425cr3{KLq|E@DG812>e6fe}lmP03`SL<^TWy

diff --git a/httpd/awhttpd.patch b/httpd/awhttpd.patch
deleted file mode 100644
index 59eb7eb819..0000000000
--- a/httpd/awhttpd.patch
+++ /dev/null
@@ -1,2371 +0,0 @@
-diff -Naur awhttpd/aw3.h axTLS/httpd/awhttpd/aw3.h
---- awhttpd/aw3.h	2005-01-23 13:17:14.000000000 +1000
-+++ axTLS/httpd/awhttpd/aw3.h	2006-11-15 15:09:14.196258200 +1000
-@@ -7,17 +7,16 @@
- */
- 
- 
--#include <stdio.h>
--#include <dirent.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <unistd.h>
-+#include "os_port.h"
-+#include "ssl.h"
- 
- 
- 
- #define BACKLOG 15
- #define VERSION "3.0.7"
-+#ifdef CONFIG_HTTP_HAS_IPV6
- #define HAVE_IPV6
-+#endif
- 
- #define MAXFILEPATH 1024
- #define MAXIPLEN 45
-@@ -26,6 +25,7 @@
- #define BLOCKSIZE 4096
- 
- #define INITIAL_CONNECTION_SLOTS 10
-+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
- 
- #define STATE_WANT_TO_READ_HEAD  1
- #define STATE_WANT_TO_SEND_HEAD  2
-@@ -37,7 +37,6 @@
- #define TYPE_HEAD 1
- #define TYPE_POST 2
- 
--
- struct connstruct {
-   struct connstruct *next;
- 
-@@ -46,29 +45,43 @@
- 
-   int networkdesc;
-   int filedesc;
--  DIR *dirp;
- 
--  int timeout;
-+#if defined(CONFIG_HTTP_DIRECTORIES)
-+#ifdef WIN32
-+  HANDLE dirp;
-+  WIN32_FIND_DATA file_data;
-+#else
-+  DIR *dirp;
-+#endif
-+#endif
- 
-+  time_t timeout;
-   char ip[MAXIPLEN];
--
-   char actualfile[MAXREQUESTLENGTH];
-   char filereq[MAXREQUESTLENGTH];
-+#if defined(CONFIG_HTTP_HAS_CGI)
-   char cgiargs[MAXREQUESTLENGTH];
-   char cgiscriptinfo[MAXREQUESTLENGTH];
-   char cgipathinfo[MAXREQUESTLENGTH];
-+#endif
-   char virtualhostreq[MAXREQUESTLENGTH];
- 
-   int numbytes;
--  long offset;
-   char databuf[BLOCKSIZE];
- 
-+  unsigned char is_ssl;
-+  unsigned char close_when_done;
-+  unsigned char modified_since;
- };
- 
- 
- struct serverstruct {
-   struct serverstruct *next;
-   int sd;
-+  int is_ssl;
-+#ifdef CONFIG_HTTP_HAS_SSL
-+  SSLCTX *ssl_ctx;
-+#endif
- };
- 
- 
-@@ -96,28 +109,13 @@
- 
- // Conf global prototypes
- 
--extern int usevirtualhosts;
- extern char *webroot;
- extern int allowdirectorylisting;
- extern int allowcgi;
- extern int permcheck;
--extern int maxusers;
--extern int usertimeout;
--extern int initialslots;
--extern char *quote;
--extern int initialslots;
--
--extern int numusers;
--
--
--// Useful macros
--#define istimedout(tp,ct) ((ct) > (tp)->timeout)
--#define updatetimeout(tp,ct) ((tp)->timeout = (ct)+usertimeout)
--
--
- 
- // conn.c prototypes
--void addconnection(int sd, char *ip);
-+void addconnection(int sd, char *ip, int is_ssl);
- void removeconnection(struct connstruct *cn);
- 
- 
-@@ -129,49 +127,47 @@
- void procsendhead(struct connstruct *cn);
- void procreadfile(struct connstruct *cn);
- void procsendfile(struct connstruct *cn);
-+int special_write(struct connstruct *cn, const uint8_t *buf, size_t count);
- 
- 
- // net.c prototypes
- void addtoservers(int sd);
--void selectloop();
-+void selectloop(void);
- 
- 
- // socket.c prototypes
--int pollsocket(int sd, long ustimeout);
--void handlenewconnection(int listenfd);
-+void handlenewconnection(int listenfd, int is_ssl);
- int openlistener(int port);
- int openlistener6(int port);
- 
- 
- // errors.c prototypes
--void send505(int sd, char *reason);
- void send404(struct connstruct *cn);
- void send301(struct connstruct *cn);
- 
- 
- // misc.c prototypes
--void nada();
--void die();
--void reaper();
-+void nada(int sigtype);
-+void die(int sigtype);
-+void reaper(int sigtype);
- void stripcrlf(char *p);
- char *my_strncpy(char *dest, const char *src, size_t n);
- #ifndef __HAVE_ARCH_STRNLEN
- size_t strnlen ( const char * str, size_t maxlen );
- #endif
- int iscgi(char *fn);
--int split(char *tp, char *sp[], int maxwords, char sc);
--int confsplit(char *tp, char *sp[], int maxwords);
-+void split(char *tp, char *sp[], int maxwords, char sc);
- int sanitizefile(char *buf);
- int sanitizehost(char *buf);
- void buildactualfile(struct connstruct *cn);
- int issockwriteable(int sd);
- int isdir(char *name);
--void status();
- int trycgi_withpathinfo(struct connstruct *cn);
- 
- 
- // mime_types.c prototypes
--char *getmimetype(char *fn);
-+void mime_init(void);
-+const char *getmimetype(const char *fn);
- 
- 
- // urldecode.c prototypes
-@@ -188,7 +184,6 @@
- 
- 
- // conf.c prototypes
--void defaultconfvals();
- void procconf(char *filename);
- 
- 
-@@ -202,4 +197,4 @@
- 
- 
- // main.c prototypes
--void initlists();
-+void initlists(void);
-diff -Naur awhttpd/cgi.c axTLS/httpd/awhttpd/cgi.c
---- awhttpd/cgi.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/cgi.c	2006-11-15 15:09:14.211883700 +1000
-@@ -7,93 +7,46 @@
- */
- 
- 
--#include <unistd.h>
- #include <string.h>
- #include <stdlib.h>
--#include <sys/socket.h>
-+#include <stdio.h>
- 
- #include "aw3.h"
- 
- 
- 
-+#if defined(CONFIG_HTTP_HAS_CGI)
- void addcgiext(char *tp) {
- 
-   struct cgiextstruct *ex;
- 
-   ex = (struct cgiextstruct *) malloc(sizeof(struct cgiextstruct));
--  if (ex == NULL) {
--    fprintf(stderr, "Serious memory error...\n");
--    exit(0);
--  }
--
-   ex->ext = strdup(tp);
--  if (ex->ext == NULL) {
--    fprintf(stderr, "Serious memory error...\n");
--    exit(0);
--  }
--
-   ex->next = cgiexts;
-   cgiexts = ex;
--
--  return;
--
--}
--
--
--
--void gensysenv(struct connstruct *cn) {
--
--  #ifndef LIMITEDCGI
--
--  char buf[1024];
--
--  setenv("REMOTE_ADDR", cn->ip, 1);
--
--  snprintf(buf, sizeof(buf), "%d", numusers);
--  setenv("AW_NUMUSERS", buf, 1);
--
--  setenv("AW_VERSION", VERSION, 1);
--
--  setenv("AW_QUOTE", quote, 1);
--
--/* Commented this out because (and this is ridiculous) PHP
--   doesn't seem to work with this variable specified
-- */
--/*
--  snprintf ( buf, sizeof(buf), "Anti-Web V%s (%s)", VERSION, quote );
--  setenv("SERVER_SOFTWARE", buf, 1);
--*/
--
--  setenv("SCRIPT_NAME", cn->cgiscriptinfo, 1);
--
--  setenv("PATH_INFO", cn->cgipathinfo, 1);
--
--  setenv("QUERY_STRING", cn->cgiargs, 1);
--
--  return;
--
--  #endif
--
- }
- 
--
--
- void proccgi(struct connstruct *cn, int has_pathinfo) {
- 
--  int tpipe[2], fv;
--  char *myargs[3];
-+  int tpipe[2];
-+  char *myargs[5];
-   char buf[MAXREQUESTLENGTH];
--
--  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\n%s",
--                             VERSION,
--                             quote, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
--  write(cn->networkdesc, buf, strlen(buf));
-+#ifdef WIN32
-+  int tmp_stdout;
-+#else
-+  int fv;
-+#endif
-+
-+  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\n%s",
-+                             VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
-+  special_write(cn, buf, strlen(buf));
- 
-   if (cn->reqtype == TYPE_HEAD) {
-     removeconnection(cn);
-     return;
-   }
- 
-+#ifndef WIN32
-   if (pipe(tpipe) == -1) {
-     removeconnection(cn);
-     return;
-@@ -108,7 +61,8 @@
-     return;
-   }
- 
--  if (fv != 0) {
-+  if (fv != 0) 
-+  {
-     // Close the write descriptor
-     close(tpipe[1]);
-     cn->filedesc = tpipe[0];
-@@ -132,19 +86,62 @@
-   close(tpipe[1]);
- 
-   myargs[0] = cn->actualfile;
--  myargs[1] = strdup(cn->cgiargs);
-+  myargs[1] = cn->cgiargs;
-   myargs[2] = NULL;
- 
--  if (!has_pathinfo)
--    {
--      my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
--      my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
--    }
--
--  gensysenv(cn);
-+  if (!has_pathinfo) {
-+    my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
-+    my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
-+  }
- 
-   execv(cn->actualfile, myargs);
-+#else /* WIN32 */
-+  if (_pipe(tpipe, 4096, O_BINARY| O_NOINHERIT) == -1) {
-+    removeconnection(cn);
-+    return;
-+  }
- 
--  exit(0);
-+  myargs[0] = "sh";
-+  myargs[1] = "-c";
-+  myargs[2] = cn->actualfile;
-+  myargs[3] = cn->cgiargs;
-+  myargs[4] = NULL;
-+
-+  /* convert all the forward slashes to back slashes */
-+  {
-+      char *t = myargs[2];
-+      while ((t = strchr(t, '\\')))
-+      {
-+          *t++ = '/';
-+      }
-+  }
-+
-+  tmp_stdout = _dup(_fileno(stdout));
-+  _dup2(tpipe[1], _fileno(stdout));
-+  close(tpipe[1]);
-+
-+  /* change to suit execution method */
-+  if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
-+            myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) {
-+    removeconnection(cn);
-+    return;
-+  }
-+
-+  _dup2(tmp_stdout, _fileno(stdout));
-+  close(tmp_stdout);
-+  cn->filedesc = tpipe[0];
-+  cn->state = STATE_WANT_TO_READ_FILE;
-+
-+  for (;;)
-+  {
-+    procreadfile(cn);
- 
-+    if (cn->filedesc == -1)
-+        break;
-+
-+    procsendfile(cn);
-+    usleep(200000); /* don't know why this delay makes it work (yet) */
-+  }
-+#endif
- }
-+#endif  /* CONFIG_HTTP_HAS_CGI */
-diff -Naur awhttpd/conf.c axTLS/httpd/awhttpd/conf.c
---- awhttpd/conf.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/conf.c	1970-01-01 10:00:00.000000000 +1000
-@@ -1,265 +0,0 @@
--/* Anti-Web HTTPD */
--/* Hardcore Software */
--/*
--This software is Copyright (C) 2001-2004 By Hardcore Software and
--others. The software is distributed under the terms of the GNU General
--Public License. See the file 'COPYING' for more details.
--*/
--
--
--#include <stdio.h>
--#include <string.h>
--#include <ctype.h>
--#include <pwd.h>
--#include <sys/types.h>
--#include <stdlib.h>
--#include <unistd.h>
--
--#include "aw3.h"
--
--
--
--// CONF GLOBALS:
--
--int usevirtualhosts;
--char *webroot;
--int allowdirectorylisting;
--int allowcgi;
--int permcheck;
--int maxusers;
--int usertimeout;
--int initialslots;
--char *quote;
--
--int numusers;
--
--
--
--void defaultconfvals() {
--
--  usevirtualhosts = 0;
--  allowdirectorylisting = 0;
--  allowcgi = 0;
--  permcheck = 0;
--  maxusers = 500;
--  usertimeout = 5;
--  initialslots = 10;
--  quote = "Fear and loathing on the WWW";
--
--  // Not really conf stuff:
--  numusers = 0;
--
--  return;
--
--}
--
--
--void procconf(char *filename) {
--
--  FILE *fp;
--  char buf[MAXREQUESTLENGTH];
--  char *segs[10];
--  int tp, err=0, warn=0;
--
--  usevirtualhosts = 1;
--
--  fp = fopen(filename, "r");
--
--  if (fp == NULL) {
--    fprintf(stderr, "ERROR: Unable to open conf file '%s'\n", filename);
--    exit(1);
--  }
--
--
--  while (fgets(buf, sizeof(buf), fp) != NULL) {
--    stripcrlf(buf);
--
--    confsplit(buf, segs, 10);
--
--    if (segs[0] == NULL) continue;
--
--    if (segs[1] == NULL) {
--      fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
--      err++;
--      continue;
--    }
--
--
--    if (strcasecmp(segs[0], "listen") == 0) {
--      if (isdigit(*segs[1])) {
--        if ((tp=openlistener(atoi(segs[1]))) == -1) {
--          fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(segs[1]));
--          err++;
--          continue;
--        }
--
--        addtoservers(tp);
--        continue;
--      }
--    }
--
--    if (strcasecmp(segs[0], "listen6") == 0) {
--      #ifdef HAVE_IPV6
--        if (isdigit(*segs[1])) {
--          if ((tp=openlistener6(atoi(segs[1]))) == -1) {
--            fprintf(stderr, "ERR: Couldn't bind to port %d (IPv6)\n", atoi(segs[1]));
--            err++;
--            continue;
--          }
--
--          addtoservers(tp);
--          continue;
--        }
--      #else
--        fprintf(stderr, "ERR: AW was compiled without IPv6 support!\n");
--        err++;
--        continue;
--      #endif
--    }
--
--    if (strcasecmp(segs[0], "maxusers") == 0) {
--      maxusers = tp = atoi(segs[1]);
--      if (tp < 1) {
--        fprintf(stderr, "ERR: Bad value for maxusers\n");
--        err++;
--      }
--      if (tp < 10 || tp > 10000) {
--        fprintf(stderr, "WARN: Value for maxusers (%d) is not withing the recommended range\n", tp);
--        warn++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "usertimeout") == 0) {
--      usertimeout = tp = atoi(segs[1]);
--      if (tp < 1) {
--        fprintf(stderr, "ERR: Bad value for usertimeout\n");
--        err++;
--      }
--      if (tp > 100) {
--        fprintf(stderr, "WARN: Value for usertimeout (%d) is not withing the recommended range\n", tp);
--        warn++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "initialslots") == 0) {
--      initialslots = tp = atoi(segs[1]);
--      if (tp < 1) {
--        fprintf(stderr, "ERR: Bad value for initialslots\n");
--        err++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "directorylisting") == 0) {
--      if (strcasecmp(segs[1], "on") == 0) allowdirectorylisting = 1;
--      else if (strcasecmp(segs[1], "off") == 0) allowdirectorylisting = 0;
--      else {
--        fprintf(stderr, "ERR: Need on or off for directorylisting\n");
--        err++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "cgi") == 0) {
--      if (strcasecmp(segs[1], "on") == 0) allowcgi = 1;
--      else if (strcasecmp(segs[1], "off") == 0) allowcgi = 0;
--      else {
--        fprintf(stderr, "ERR: Need on or off for cgi\n");
--        err++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "cgiext") == 0) {
--      if (*(segs[1]) != '.' && *(segs[1]+1) != '\0') {
--        fprintf(stderr, "ERR: CGI extensions must start with a period and be at least 2 chars long\n");
--        err++;
--        continue;
--      }
--      addcgiext(segs[1]);
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "addindex") == 0) {
--      if (*(segs[1]) == '.') {
--        fprintf(stderr, "ERR: Index files can't start with a dot\n");
--        err++;
--        continue;
--      }
--      addindex(segs[1]);
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "permcheck") == 0) {
--      if (strcasecmp(segs[1], "on") == 0) permcheck = 1;
--      else if (strcasecmp(segs[1], "off") == 0) permcheck = 0;
--      else {
--        fprintf(stderr, "ERR: Need on or off for permcheck\n");
--        err++;
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "dropto") == 0) {
--      struct passwd *bl;
--
--      if ((bl = getpwnam(segs[1])) == NULL) {
--        fprintf(stderr, "ERR: Unable to look up user '%s' to drop privileges\n", segs[1]);
--        err++;
--      } else {
--        if (setgid(bl->pw_gid) != 0) {
--          fprintf(stderr, "WARN: Unable to drop GID to %d\n", bl->pw_gid);
--          warn++;
--        }
--        if (setuid(bl->pw_uid) != 0) {
--          fprintf(stderr, "WARN: Unable to drop UID to %d\n", bl->pw_uid);
--          warn++;
--        }
--      }
--      continue;
--    }
--
--    if (strcasecmp(segs[0], "quote") == 0) {
--      quote = strdup(segs[1]);
--      continue;
--    }
--
--
--    if (segs[2] == NULL) {
--      fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
--      err++;
--      continue;
--    }
--
--
--    // Otherwise:
--
--    fprintf(stderr, "ERR: Unknown command in '%s': '%s'\n", filename, segs[0]);
--    err++;
--    continue;
--
--  }
--
--
--  if (initialslots > maxusers) {
--    fprintf(stderr, "ERR: initialslots is greater than maxusers!\n");
--    err++;
--  }
--
--
--  if (warn) {
--    fprintf(stderr, "Alert! %d warnings!\n", warn);
--  }
--
--  if (err) {
--    fprintf(stderr, "Unable to start: %d errors!\n", err);
--    exit(1);
--  }
--
--  fclose(fp);
--
--  return;
--
--}
-diff -Naur awhttpd/conn.c axTLS/httpd/awhttpd/conn.c
---- awhttpd/conn.c	2004-12-07 16:11:02.000000000 +1000
-+++ axTLS/httpd/awhttpd/conn.c	2006-11-15 15:09:14.243134700 +1000
-@@ -9,26 +9,16 @@
- 
- #include <stdio.h>
- #include <string.h>
--#include <unistd.h>
--#include <time.h>
- #include <stdlib.h>
--
- #include "aw3.h"
- 
- 
--
--void addconnection(int sd, char *ip) {
-+void addconnection(int sd, char *ip, int is_ssl) {
-   struct connstruct *tp;
- 
-   // Get ourselves a connstruct
-   if (freeconns == NULL) {
-     tp = (struct connstruct *) malloc(sizeof(struct connstruct));
--    if (tp == NULL) {
--      send505(sd, "Out of memory");
--      // removeconnection() should be used normally
--      close(sd);
--      return;
--    }
-   } else {
-     tp = freeconns;
-     freeconns = tp->next;
-@@ -39,12 +29,21 @@
-   usedconns = tp;
- 
-   tp->networkdesc = sd;
-+#ifdef CONFIG_HTTP_HAS_SSL
-+  if (is_ssl)
-+    ssl_server_new(servers->ssl_ctx, sd);
-+#endif
-   tp->filedesc = -1;
-+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-   tp->dirp = NULL;
-+#endif
-+  tp->is_ssl = is_ssl;
- 
-   *(tp->actualfile) = '\0';
-   *(tp->filereq) = '\0';
-+#if defined(CONFIG_HTTP_HAS_CGI)
-   *(tp->cgiargs) = '\0';
-+#endif
-   *(tp->virtualhostreq) = '\0';
- 
-   tp->state = STATE_WANT_TO_READ_HEAD;
-@@ -52,21 +51,16 @@
- 
-   my_strncpy(tp->ip, ip, MAXIPLEN);
- 
--  tp->offset = -1;
--
--  numusers++;
--
--  updatetimeout(tp, time(NULL));
-+  tp->close_when_done = 0;
-+  tp->modified_since = 0;
- 
-+  tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
-   return;
- 
- }
- 
- 
- 
--// Remove cn from the used list
--// FIXME: This O(N) operation could be avoided if we used
--//        doubly linked lists...
- void removeconnection(struct connstruct *cn) {
- 
-   struct connstruct *tp;
-@@ -95,12 +89,21 @@
-   freeconns = cn;
- 
-   // Close it all down
--  if (cn->networkdesc != -1) close(cn->networkdesc);
-+  if (cn->networkdesc != -1) {
-+#ifdef CONFIG_HTTP_HAS_SSL
-+      if (cn->is_ssl) {
-+        ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
-+  }
-+#endif
-+      SOCKET_CLOSE(cn->networkdesc);
-+  }
-   if (cn->filedesc != -1) close(cn->filedesc);
--  if (cn->dirp != NULL) closedir(cn->dirp);
--
--  numusers--;
--
--  return;
--
-+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-+  if (cn->dirp != NULL) 
-+#ifdef WIN32
-+    FindClose(cn->dirp);
-+#else
-+    closedir(cn->dirp);
-+#endif
-+#endif
- }
-diff -Naur awhttpd/errors.c axTLS/httpd/awhttpd/errors.c
---- awhttpd/errors.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/errors.c	2006-11-15 15:09:14.258760200 +1000
-@@ -8,7 +8,6 @@
- 
- 
- #include <stdio.h>
--#include <unistd.h>
- #include <string.h>
- 
- #include "aw3.h"
-@@ -20,7 +19,7 @@
- 
-   snprintf(buf, sizeof(buf), "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
- 
--  write(cn->networkdesc, buf, strlen(buf));
-+  special_write(cn, buf, strlen(buf));
- 
-   return;
- 
-@@ -34,21 +33,7 @@
- 
-   snprintf(buf, sizeof(buf), "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n<BR><BR>Anti-Web HTTPD - Take back some simplicity.\n</BODY></HTML>\n");
- 
--  write(cn->networkdesc, buf, strlen(buf));
--
--  return;
--
--}
--
--
--
--void send505(int sd, char *reason) {
--
--  char buf[1024];
--
--  snprintf(buf, sizeof(buf), "HTTP/1.0 505 Server Error\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>505 Internal Server Error</TITLE><H1>Internal Server Error: %s</H1>\n<BR><BR>Anti-Web HTTPD - Take back some simplicity.\n</BODY></HTML>\n", reason);
--
--  write(sd, buf, strlen(buf));
-+  special_write(cn, buf, strlen(buf));
- 
-   return;
- 
-diff -Naur awhttpd/index.c axTLS/httpd/awhttpd/index.c
---- awhttpd/index.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/index.c	2006-11-15 15:09:14.258760200 +1000
-@@ -11,7 +11,6 @@
- #include <string.h>
- #include <sys/types.h>
- #include <sys/stat.h>
--#include <unistd.h>
- #include <stdlib.h>
- 
- #include "aw3.h"
-@@ -22,20 +21,9 @@
-   struct indexstruct *ex;
- 
-   ex = (struct indexstruct *) malloc(sizeof(struct indexstruct));
--  if (ex == NULL) {
--    fprintf(stderr, "Serious memory error...\n");
--    exit(1);
--  }
--
-   ex->name = strdup(tp);
--  if (ex->name == NULL) {
--    fprintf(stderr, "Serious memory error...\n");
--    exit(1);
--  }
--
-   ex->next = indexlist;
-   indexlist = ex;
--
-   return;
- 
- }
-@@ -52,7 +40,13 @@
-   tp = indexlist;
- 
-   while(tp != NULL) {
--    snprintf(tbuf, sizeof(tbuf), "%s%s", cn->actualfile, tp->name);
-+    sprintf(tbuf, "%s%s%s", cn->actualfile, 
-+#ifdef WIN32
-+            "\\",
-+#else
-+            "/",
-+#endif
-+            tp->name);
- 
-     if (stat(tbuf, stp) != -1) {
-       my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
-diff -Naur awhttpd/main.c axTLS/httpd/awhttpd/main.c
---- awhttpd/main.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/main.c	2006-11-21 16:30:37.093363800 +1000
-@@ -11,7 +11,6 @@
- #include <string.h>
- #include <sys/types.h>
- #include <signal.h>
--#include <unistd.h>
- #include <stdlib.h>
- 
- #include "aw3.h"
-@@ -21,10 +20,42 @@
- struct serverstruct *servers;
- struct connstruct *usedconns;
- struct connstruct *freeconns;
-+#if defined(CONFIG_HTTP_HAS_CGI)
- struct cgiextstruct *cgiexts;
-+#endif
- struct indexstruct *indexlist;
- 
-+char *webroot = CONFIG_HTTP_WEBROOT;
- 
-+/* clean up memory for valgrind */
-+static void sigint_cleanup(int sig)
-+{
-+    struct serverstruct *sp;
-+    struct connstruct *tp;
-+    int i;
-+
-+    while(servers != NULL) {
-+#ifdef CONFIG_HTTP_HAS_SSL
-+        if (servers->is_ssl)
-+            ssl_ctx_free(servers->ssl_ctx);
-+#endif
-+      sp = servers->next;
-+      free(servers);
-+      servers = sp;
-+    }
-+    free(indexlist->name);
-+    free(indexlist);
-+    for(i=0; i< INITIAL_CONNECTION_SLOTS; i++) {
-+        if (freeconns == NULL)
-+            break;
-+
-+        tp = freeconns->next;
-+        free(freeconns);
-+        freeconns = tp;
-+    }
-+
-+    exit(0);
-+}
- 
- void initlists() {
-   int i;
-@@ -33,108 +64,118 @@
-   servers = NULL;
-   usedconns = NULL;
-   freeconns = NULL;
-+#if defined(CONFIG_HTTP_HAS_CGI)
-   cgiexts = NULL;
-+#endif
-   indexlist = NULL;
- 
-   for(i=0; i<INITIAL_CONNECTION_SLOTS; i++) {
-     tp = freeconns;
--    freeconns = (struct connstruct *) malloc(sizeof(struct connstruct));
--    if (freeconns == NULL) {
--      fprintf(stderr, "Not enough memory to allocate %d connection slots!\n",
--              INITIAL_CONNECTION_SLOTS);
--      exit(1);
--    }
-+    freeconns = (struct connstruct *) calloc(1, sizeof(struct connstruct));
-     freeconns->next = tp;
-   }
- }
- 
- 
--void usage(char *cmline) {
--  fprintf(stderr, "Anti-Web V%s  (C) 2001-2004 by Hardcore Software and others\n\n", VERSION);
--
--  fprintf(stderr, "  AW has 2 valid command lines (see README for details)\n\n");
--
--  fprintf(stderr, "  %s <dir> <port>\n", cmline);
--  fprintf(stderr, "     <dir>                 The root of your HTML tree\n");
--  fprintf(stderr, "     <port>                The port to use\n\n");
--
--  fprintf(stderr, "  %s <dir>\n", cmline);
--  fprintf(stderr, "     <dir>/awhttpd.conf    Conf file\n");
--  fprintf(stderr, "     <dir>/default/        Default HTML root\n");
--  fprintf(stderr, "     <dir>/example.com/    Zero or more virtual host directories\n");
--
--  exit(1);
--}
--
--
- int main(int argc, char *argv[]) {
- 
--  char buf[MAXREQUESTLENGTH];
--  int pid, tp;
--
-+  int tp;
-+#if defined(CONFIG_HTTP_IS_DAEMON)
-+  int pid;
-+#endif
-+
-+#ifdef WIN32
-+  WORD wVersionRequested = MAKEWORD(2,2);
-+  WSADATA wsaData;
-+  WSAStartup(wVersionRequested,&wsaData);
-+#endif
-+  
-+  mime_init();
-   initlists();
--
--  if (argc != 2 && argc != 3) usage(argv[0]);
--
--  webroot = strdup(argv[1]);
--
-   tp = strlen(webroot);
-   if (webroot[tp-1] == '/') webroot[tp-1] = '\0';
- 
-   if (isdir(webroot) == 0) {
-+#ifdef CONFIG_HTTP_VERBOSE
-     fprintf(stderr, "'%s' is not a directory\n", webroot);
-+#endif
-     exit(1);
-   }
- 
--  defaultconfvals();
--
--  if (argc == 2) {
--    snprintf(buf, sizeof(buf), "%s/awhttpd.conf", webroot);
--    procconf(buf);
--  } else {
--    if ((tp=openlistener(atoi(argv[2]))) == -1) {
--      fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", atoi(argv[2]));
-+  if ((tp=openlistener(CONFIG_HTTP_PORT)) == -1) {
-+#ifdef CONFIG_HTTP_VERBOSE
-+    fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
-+              CONFIG_HTTP_PORT);
-+#endif
-       exit(1);
--    }
-+  }
- 
-     addindex("index.html");
-     addtoservers(tp);
--    setgid(32767);
--    setuid(32767);
--  }
- 
--  if (permcheck == 1) procpermcheck(webroot);
-+#ifndef WIN32
-+    if (getuid() == 0)
-+    {
-+        setgid(32767);
-+        setuid(32767);
-+    }
-+#endif
-+
-+#ifdef CONFIG_HTTP_HAS_SSL
-+    if ((tp=openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) {
-+#ifdef CONFIG_HTTP_VERBOSE
-+      fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", 
-+              CONFIG_HTTP_HTTPS_PORT);
-+#endif
-+      exit(1);
-+    }
-+
-+    addtoservers(tp);
-+    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
-+            CONFIG_HTTP_SESSION_CACHE_SIZE);
-+    servers->is_ssl = 1;
-+#endif /* CONFIG_HTTP_HAS_SSL */
-+
-+#if defined(CONFIG_HTTP_PERM_CHECK) 
-+  procpermcheck(webroot);
-+#endif
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+    addcgiext(CONFIG_HTTP_CGI_EXTENSION);
-+#endif
-+#if defined(CONFIG_HTTP_VERBOSE)
-+  printf("awhttpd: listening on ports http:%d and https:%d\n", 
-+          CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
-+  TTY_FLUSH();
-+#endif
- 
-+#if defined(CONFIG_HTTP_IS_DAEMON)
-   pid = fork();
- 
-   if(pid > 0) {
--    status();
-     exit(0);
-   } else if(pid == -1) {
-+#ifdef CONFIG_HTTP_VERBOSE
-     fprintf(stderr,"Anti-Web: Sorry, fork failed... Tough dice.\n");
-+#endif
-     exit(1);
-   }
- 
-   setsid();
-+#endif
- 
-   /* SIGNALS */
--  signal(SIGINT, die);
--  signal(SIGQUIT, die);
-+  signal(SIGINT, sigint_cleanup);
-   signal(SIGTERM, die);
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+#ifndef WIN32
-   signal(SIGCHLD, reaper);
--
--  #ifndef SOLARIS
--  signal(SIGPIPE, nada);
--  #endif
--
--  #ifdef SOLARIS
--  act.sa_handler = nada;
--  sigemptyset(&act.sa_mask);
--  act.sa_flags = SA_RESTART;
--
--  sigaction(SIGPIPE,&act,NULL);
--  #endif
--
-+#endif
-+#endif
-+#ifndef WIN32
-+  signal(SIGQUIT, die);
-+  signal(SIGPIPE, SIG_IGN);
-+#endif
-+  
-   selectloop();
- 
-   return 0;
-diff -Naur awhttpd/mime_types.c axTLS/httpd/awhttpd/mime_types.c
---- awhttpd/mime_types.c	2004-01-26 01:08:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/mime_types.c	2006-11-15 15:09:14.305636700 +1000
-@@ -7,28 +7,21 @@
- */
- 
- 
--/*Code from mini_httpd - small HTTP server
--**
--** Copyright C 1999,2000 by Jef Poskanzer <jef@acme.com>.
--*/
--
--/* mini_httpd code adapted for Anti-Web by zas@norz.org */
--/* A couple TINY changes by Fractal */
--
--// Reformatted for aw3 -fractal
--
--// FIXME: Ideally this code would use a binary search or a hash table...
--
--
- #include <string.h>
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <ctype.h>
-+#include "os_port.h"
- 
- 
--char mime_default[] = "text/plain";
-+static const char mime_default[] = "text/plain";
- 
--struct {
--  char *ext;
--  char *type;
--} mime_table[] = {
-+typedef struct {
-+  const char * const ext;
-+  const char * const type;
-+} mime_table_t;
-+
-+static mime_table_t mime_table[] = {
- 
- // Fundamentals
- { ".html", "text/html" },
-@@ -160,21 +153,29 @@
- 
- };
- 
-+static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
-+{
-+    return strcasecmp(t1->ext, t2->ext);
-+}
- 
--char *getmimetype(char *name) {
--  int namelen, extlen, i;
--
--  namelen = strlen(name);
--
--  for (i=0; i<sizeof(mime_table)/sizeof(*mime_table); i++) {
--    extlen = strlen(mime_table[i].ext);
-+void mime_init(void)
-+{
-+    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
-+            sizeof(mime_table_t), 
-+            (int (*)(const void *, const void *))mime_cmp);
-+}
- 
--    if (extlen >= namelen) continue;
-+const char *getmimetype(const char *name) {
-+    mime_table_t *mime_type;
- 
--    if (strcasecmp(name+(namelen-extlen), mime_table[i].ext) == 0)
--      return mime_table[i].type;
--  }
-+    if ((name = strrchr(name, '.')) == NULL)
-+        return mime_default;
- 
--  return mime_default;
-+    mime_type = bsearch(&name, mime_table, 
-+            sizeof(mime_table)/sizeof(mime_table_t),
-+            sizeof(mime_table_t), 
-+                (int (*)(const void *, const void *))mime_cmp);
- 
-+  return mime_type == NULL ? mime_default : mime_type->type;
- }
-+
-diff -Naur awhttpd/misc.c axTLS/httpd/awhttpd/misc.c
---- awhttpd/misc.c	2005-01-23 12:59:09.000000000 +1000
-+++ axTLS/httpd/awhttpd/misc.c	2006-11-15 15:09:14.321262200 +1000
-@@ -7,33 +7,33 @@
- */
- 
- 
--#include <stdlib.h>
- #include <stdio.h>
- #include <ctype.h>
- #include <string.h>
--#include <sys/time.h>
-+#include <stdlib.h>
- #include <sys/types.h>
- #include <sys/stat.h>
--#include <sys/resource.h>
--#include <sys/wait.h>
--#include <unistd.h>
- 
- #include "aw3.h"
- 
- 
- 
- 
--void nada() { }
-+void nada(int sigtype) { }
- 
- 
--void die() {
-+void die(int sigtype) {
-   exit(0);
- }
- 
- 
--void reaper() {
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+#ifndef WIN32
-+void reaper(int sigtype) {
-   wait3(NULL,WNOHANG,NULL);
- }
-+#endif
-+#endif
- 
- 
- void stripcrlf(char *p) {
-@@ -76,116 +76,6 @@
- }
- #endif
- 
--
--int iscgi(char *fn) {
--
--  struct cgiextstruct *tp;
--  int fnlen, extlen;
--
--  fnlen = strlen(fn);
--  tp = cgiexts;
--
--  while (tp != NULL) {
--    extlen = strlen(tp->ext);
--
--    if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
--      return 1;
--
--    tp = tp->next;
--  }
--
--  return 0;
--
--}
--
--
--
--int split(char *tp, char *sp[], int maxwords, char sc) {
--
--  int i=0;
--
--  while(1) {
--    /* Skip leading whitespace */
--    while(*tp == sc) tp++;
--
--    if (*tp == '\0') {
--      sp[i] = NULL;
--      break;
--    }
--    if (i==maxwords-2) {
--      sp[maxwords-2] = NULL;
--      break;
--    }
--
--    sp[i] = tp;
--
--    while(*tp != sc && *tp != '\0') tp++;
--    if (*tp == sc) *tp++ = '\0';
--    i++;
--
--  }
--
--  return i;
--
--}
--
--
--
--int confsplit(char *tp, char *sp[], int maxwords) {
--
--  int i;
--
--  // Skip comments
--  i=0;
--  while (tp[i] != '\0' && tp[i] != '#') i++;
--  tp[i] = '\0';
--
--  i=0;
--  while(1) {
--    /* Skip leading whitespace */
--    while(*tp == ' ') tp++;
--
--    if (*tp == '\0') {
--      sp[i] = NULL;
--      break;
--    }
--    if (i==maxwords-2) {
--      sp[maxwords-2] = NULL;
--      break;
--    }
--
--    if (*tp == '"') {
--      tp++;
--
--      if (*tp == '"') {
--        tp++;
--        continue;
--      }
--
--      sp[i] = tp;
--
--      while(*tp != '"' && *tp != '\0') tp++;
--      if (*tp == '"') *tp++ = '\0';
--      i++;
--
--    } else {
--      sp[i] = tp;
--
--      while(*tp != ' ' && *tp != '\0') tp++;
--      if (*tp == ' ') *tp++ = '\0';
--      i++;
--    }
--
--  }
--
--  return i;
--
--}
--
--
--
--
--
- int sanitizefile(char *buf) {
- 
-   int len,i;
-@@ -198,9 +88,6 @@
-     // Check for "/." : In other words, don't send files starting with a .
-     // Notice, GOBBLES, that this includes ".."
-     if (buf[i] == '/' && buf[i+1] == '.') return 0;
--
--    // Give people a "hidden prefix" for hiding private files in the HTML tree
--    if (strncmp(buf+i, "/aw_", 4) == 0) return 0;
-   }
- 
-   return 1;
-@@ -231,34 +118,33 @@
- 
- }
- 
--
--
- void buildactualfile(struct connstruct *cn) {
- 
--  char tpbuf[MAXREQUESTLENGTH];
--
--  if (usevirtualhosts) {
--    if (*(cn->virtualhostreq) == '\0')
--      my_strncpy(cn->virtualhostreq, "default", MAXREQUESTLENGTH);
--
--    snprintf(tpbuf, sizeof(tpbuf), "%s/%s", webroot, cn->virtualhostreq);
--    if (isdir(tpbuf) == 0) {
--      my_strncpy(cn->virtualhostreq, "default", MAXREQUESTLENGTH);
--    }
--  } else {
--    *(cn->virtualhostreq) = '\0';
--  }
--
--  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s/%s%s",
-+  snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
-            webroot,
--           cn->virtualhostreq,
-            cn->filereq);
- 
-+  /* Add directory slash if not there */
-+  if (isdir(cn->actualfile) && 
-+          cn->actualfile[strlen(cn->actualfile)-1] != '/')
-+      strcat(cn->actualfile, "/");
-+
-+#ifdef WIN32
-+  /* convert all the forward slashes to back slashes */
-+  {
-+      char *t = cn->actualfile;
-+      while ((t = strchr(t, '/')))
-+      {
-+          *t++ = '\\';
-+      }
-+  }
-+#endif
-+
-   return;
- 
- }
- 
--
-+#if defined(CONFIG_HTTP_DIRECTORIES)
- int issockwriteable(int sd) {
- 
-   fd_set wfds;
-@@ -275,11 +161,11 @@
-   return FD_ISSET(sd, &wfds);
- 
- }
--
-+#endif
- 
- int isdir(char *tpbuf) {
- 
--  static struct stat st;
-+  struct stat st;
- 
-   if (stat(tpbuf, &st) == -1) return 0;
- 
-@@ -288,25 +174,52 @@
- 
- }
- 
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+int iscgi(char *fn) {
- 
-+  struct cgiextstruct *tp;
-+  int fnlen, extlen;
- 
--// FIXME: Arg! This function is horrible! Rewrite it
--void status() {
-+  fnlen = strlen(fn);
-+  tp = cgiexts;
- 
--  int i;
-+  while (tp != NULL) {
-+    extlen = strlen(tp->ext);
- 
--  fprintf(stdout," [*************************************************]\n");
--  fprintf(stdout," [       Anti-Web V%-6s by Hardcore Software     ]\n",VERSION);
--  fprintf(stdout," [*************************************************]\n");
--  fprintf(stdout," [  DIRECTORY {%s}",webroot);
--  if(strlen(webroot)<35)
--    for(i=1;i<=35-strlen(webroot);i++) fprintf(stdout," ");
--  fprintf(stdout,"]\n");
--  fprintf(stdout," [*************************************************]\n");
-+    if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
-+      return 1;
-+
-+    tp = tp->next;
-+  }
-+
-+  return 0;
- 
- }
- 
-+void split(char *tp, char *sp[], int maxwords, char sc) {
-+
-+  int i=0;
-+  while(1) {
-+    /* Skip leading whitespace */
-+    while(*tp == sc) tp++;
-+
-+    if (*tp == '\0') {
-+      sp[i] = NULL;
-+      break;
-+    }
- 
-+    if (i==maxwords-2) {
-+      sp[maxwords-2] = NULL;
-+      break;
-+    }
-+
-+    sp[i] = tp;
-+
-+    while(*tp != sc && *tp != '\0') tp++;
-+    if (*tp == sc) *tp++ = '\0';
-+    i++;
-+  }
-+}
- 
- /* This function was originally written by Nicolas Benoit
-    but I've rewritten some parts of it to work under
-@@ -329,7 +242,7 @@
-   while (fr_rs[i] != NULL) {
-     snprintf(tpfile, sizeof(tpfile), "%s/%s%s", webroot, cn->virtualhostreq, fr_str);
- 
--    if (iscgi(tpfile) && access(tpfile, X_OK) == 0 && isdir(tpfile) == 0) {
-+    if (iscgi(tpfile) && isdir(tpfile) == 0) {
-       /* We've found our CGI file! */
-       my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
-       my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-@@ -349,3 +262,4 @@
-   *(cn->cgipathinfo) = '\0';
-   return -1;
- }
-+#endif
-diff -Naur awhttpd/net.c axTLS/httpd/awhttpd/net.c
---- awhttpd/net.c	2005-06-04 14:09:52.000000000 +1000
-+++ axTLS/httpd/awhttpd/net.c	2006-11-15 15:09:14.352513200 +1000
-@@ -8,9 +8,7 @@
- 
- 
- #include <stdio.h>
--#include <sys/time.h>
- #include <sys/types.h>
--#include <unistd.h>
- #include <time.h>
- #include <string.h>
- #include <stdlib.h>
-@@ -23,17 +21,10 @@
- void addtoservers(int sd) {
-   struct serverstruct *tp;
- 
--  tp = (struct serverstruct *) malloc(sizeof(struct serverstruct));
--  if (tp == NULL) {
--    fprintf(stderr, "Serious memory error...\n");
--    exit(1);
--  }
--
-+  tp = (struct serverstruct *) calloc(1, sizeof(struct serverstruct));
-   tp->next = servers;
-   tp->sd = sd;
--
-   servers = tp;
--
-   return;
- }
- 
-@@ -64,7 +55,7 @@
-     currtime = time(NULL);
-     while(tp != NULL) {
- 
--      if (istimedout(tp, currtime)) {
-+      if (currtime > tp->timeout) {
-         to = tp;
-         tp = tp->next;
-         removeconnection(to);
-@@ -87,14 +78,15 @@
-         FD_SET(tp->networkdesc, &wfds);
-         if (tp->networkdesc > wnum) wnum = tp->networkdesc;
-       }
-+#if defined(CONFIG_HTTP_DIRECTORIES)
-       if (tp->state == STATE_DOING_DIR) {
-         FD_SET(tp->networkdesc, &wfds);
-         if (tp->networkdesc > wnum) wnum = tp->networkdesc;
-       }
-+#endif
-       tp = tp->next;
-     }
- 
--    //active = select(4, &rfds, &wfds, NULL, NULL);
-     active = select(wnum > rnum ? wnum+1 : rnum+1,
-                     rnum != -1 ? &rfds : NULL,
-                     wnum != -1 ? &wfds : NULL,
-@@ -104,7 +96,7 @@
-     sp = servers;
-     while(active > 0 && sp != NULL) {
-       if (FD_ISSET(sp->sd, &rfds)) {
--        handlenewconnection(sp->sd);
-+        handlenewconnection(sp->sd, sp->is_ssl);
-         active--;
-       }
-       sp = sp->next;
-@@ -112,41 +104,37 @@
- 
-     // Handle the established sockets
-     tp = usedconns;
--    currtime = time(NULL);
-     while(active > 0 && tp != NULL) {
-       to = tp;
-       tp = tp->next;
- 
-       if (to->state == STATE_WANT_TO_READ_HEAD)
-         if (FD_ISSET(to->networkdesc, &rfds)) {
--          updatetimeout(to, currtime);
-           active--;
-           procreadhead(to);
-         } 
-       if (to->state == STATE_WANT_TO_SEND_HEAD)
-         if (FD_ISSET(to->networkdesc, &wfds)) {
--          updatetimeout(to, currtime);
-           active--;
-           procsendhead(to);
-         } 
-       if (to->state == STATE_WANT_TO_READ_FILE)
-         if (FD_ISSET(to->filedesc, &rfds)) {
--          updatetimeout(to, currtime);
-           active--;
-           procreadfile(to);
-         } 
-       if (to->state == STATE_WANT_TO_SEND_FILE)
-         if (FD_ISSET(to->networkdesc, &wfds)) {
--          updatetimeout(to, currtime);
-           active--;
-           procsendfile(to);
-         }
-+#if defined(CONFIG_HTTP_DIRECTORIES)
-       if (to->state == STATE_DOING_DIR)
-         if (FD_ISSET(to->networkdesc, &wfds)) {
--          updatetimeout(to, currtime);
-           active--;
-           procdodir(to);
-         }
-+#endif
-     }
- 
- 
-diff -Naur awhttpd/permcheck.c axTLS/httpd/awhttpd/permcheck.c
---- awhttpd/permcheck.c	2005-01-23 06:49:29.000000000 +1000
-+++ axTLS/httpd/awhttpd/permcheck.c	2006-11-15 15:09:14.368138700 +1000
-@@ -7,21 +7,23 @@
- */
- 
- 
--#include <unistd.h>
- #include <string.h>
-+#include <stdio.h>
-+#include <sys/stat.h>
- 
- #include "aw3.h"
- 
-+#if defined(CONFIG_HTTP_PERM_CHECK)
- void procpermcheck(char *pathtocheck) {
--
-+  char thepath[MAXREQUESTLENGTH];
-+#ifndef WIN32
-   DIR *tpdir;
-   struct dirent *dp;
--  char thepath[MAXREQUESTLENGTH];
- 
-   tpdir=opendir(pathtocheck);
- 
-   if (tpdir==NULL) {
--    printf("WARNING: UID (%d) is unable to read %s\n", getuid(), pathtocheck);
-+    printf("WARNING: UID (%d) is unable to read %s\n", (int)getuid(), pathtocheck);
-     return;
-   }
- 
-@@ -38,14 +40,56 @@
-     }
- 
-     if (access(thepath, R_OK) != 0)
--      printf("WARNING: UID (%d) is unable to read %s\n", getuid(), thepath);
-+      printf("WARNING: UID (%d) is unable to read %s\n", (int)getuid(), thepath);
-     if (access(thepath, W_OK) == 0)
--      printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", getuid(), thepath);
-+      printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", (int)getuid(), thepath);
- 
-   }
- 
-   closedir(tpdir);
-+#else   /* Win32 */
-+  HANDLE tpdir;
-+  WIN32_FIND_DATA file_data;
-+  struct stat st;
-+  char buf2[1024];
-+
-+  strcpy(buf2, pathtocheck);
-+  strcat(buf2, "\\*");
-+  tpdir = FindFirstFile(buf2, &file_data);
-+
-+  if (tpdir == INVALID_HANDLE_VALUE) {
-+    printf("WARNING: unable to read %s\n", buf2);
-+    TTY_FLUSH();
-+    return;
-+  }
-+
-+  while (FindNextFile(tpdir, &file_data)) {
-+
-+    if (strcmp(file_data.cFileName, "..")==0) continue;
-+    if (strcmp(file_data.cFileName, ".")==0) continue;
-+
-+    snprintf(thepath, sizeof(thepath), "%s\\%s", 
-+                    pathtocheck, file_data.cFileName);
- 
--  return;
-+    if (isdir(thepath)) {
-+      procpermcheck(thepath);
-+      continue;
-+    }
-+
-+    if (stat(thepath, &st) >= 0) {
-+      if ((st.st_mode & _S_IREAD) == 0) {
-+        printf("WARNING: unable to read %s\n", thepath);
-+        TTY_FLUSH();
-+      }
-+
-+      if (st.st_mode & _S_IWRITE) {
-+        printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
-+        TTY_FLUSH();
-+      }
-+    }
-+  }
- 
-+  FindClose(tpdir);
-+#endif
- }
-+#endif  /* CONFIG_HTTP_PERM_CHECK */
-diff -Naur awhttpd/proc.c axTLS/httpd/awhttpd/proc.c
---- awhttpd/proc.c	2005-01-23 10:59:41.000000000 +1000
-+++ axTLS/httpd/awhttpd/proc.c	2006-11-15 15:09:14.399389700 +1000
-@@ -13,91 +13,92 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <fcntl.h>
--#include <unistd.h>
- #include <time.h>
- #include <string.h>
- 
- #include "aw3.h"
- 
--
--
-+static int special_read(struct connstruct *cn, void *buf, size_t count);
- 
- // Returns 1 if elems should continue being read, 0 otherwise
- int procheadelem(struct connstruct *cn, char *buf) {
- 
--  char *words[10];
--
--  split(buf, words, 10, ' ');
-+  char *delim, *value;
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+  char *cgi_delim;
-+#endif
- 
--  if (words[0] == NULL) return 0;
--
--  if (strcmp(words[0], "GET")==0 ||
--      strcmp(words[0], "HEAD")==0 ||
--      strcmp(words[0], "POST")==0) {
--    char *segs[4];
--
--    if (*words[0] == 'H') cn->reqtype = TYPE_HEAD;
--    else if (*words[0] == 'P') cn->reqtype = TYPE_POST;
-+  if ((delim = strchr(buf, ' ')) == NULL)
-+      return 0;
- 
--    split(words[1], segs, 4, '?');
-+  *delim = 0;
-+  value = delim+1;
- 
--    if (segs[0] == NULL) return 0;
-+  if (strcmp(buf, "GET")==0 ||
-+      strcmp(buf, "HEAD")==0 ||
-+      strcmp(buf, "POST")==0) 
-+  {
-+    if (buf[0] == 'H') 
-+        cn->reqtype = TYPE_HEAD;
-+    else if (buf[0] == 'P') 
-+        cn->reqtype = TYPE_POST;
-+
-+    if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
-+        return 0;
-+    *delim = 0;
- 
--    urldecode(segs[0]);
-+    urldecode(value);
- 
--    if (sanitizefile(segs[0]) == 0) {
-+    if (sanitizefile(value) == 0) {
-       send404(cn);
-       removeconnection(cn);
-       return 0;
-     }
- 
--    my_strncpy(cn->filereq, segs[0], MAXREQUESTLENGTH);
--
--    if (segs[1] != NULL) my_strncpy(cn->cgiargs, segs[1], MAXREQUESTLENGTH);
--
--  } else if (strcmp(words[0], "Host:")==0) {
-+    my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+    if ((cgi_delim = strchr(value, '?')))
-+    {
-+        *cgi_delim = 0;
-+        my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
-+    }
-+#endif
- 
--    if (words[1] == NULL) return 0;
-+  } else if (strcmp(buf, "Host:")==0) {
- 
--    if (sanitizehost(words[1]) == 0) {
-+    if (sanitizehost(value) == 0) {
-       send404(cn);
-       removeconnection(cn);
-       return 0;
-     }
- 
--    my_strncpy(cn->virtualhostreq, words[1], MAXREQUESTLENGTH);
--  } else if (strcmp(words[0], "Range:")==0) {
--
--    cn->offset = -1;
--
--    if (strchr(words[1], '-') == NULL) return 1;
--
--    if (strchr(words[1], '=') != NULL) {
--      while(*words[1] != '=') words[1]++;
--      words[1]++;
--    }
--
--    if (isdigit(*words[1]) == 0) return 1;
--
--    cn->offset = atoi(words[1]);
--
-+    my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
-+  } else if (strcmp(buf, "Connection:")==0 &&
-+                strcmp(value, "close")==0) {
-+      cn->close_when_done = 1;
-+  } else if (strcmp(buf, "If-Modified-Since:") ==0 ) {
-+      /* TODO: parse this date properly with getdate() or similar */
-+      cn->modified_since = 1;
-   }
- 
-   return 1;
- 
--}
--
- 
-+}
- 
-+#if defined(CONFIG_HTTP_DIRECTORIES)
- void procdirlisting(struct connstruct *cn) {
- 
-   char buf[MAXREQUESTLENGTH];
-+  char actualfile[1024];
- 
-+#ifndef CONFIG_HTTP_DIRECTORIES
-   if (allowdirectorylisting == 0) {
-     send404(cn);
-     removeconnection(cn);
-     return;
-   }
-+#endif
- 
-   if (cn->reqtype == TYPE_HEAD) {
-     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
-@@ -107,7 +108,17 @@
-     return;
-   }
- 
--  cn->dirp = opendir(cn->actualfile);
-+  strcpy(actualfile, cn->actualfile);
-+#ifdef WIN32
-+  strcat(actualfile, "*");
-+  cn->dirp = FindFirstFile(actualfile, &cn->file_data);
-+  if (cn->dirp == INVALID_HANDLE_VALUE) {
-+    send404(cn);
-+    removeconnection(cn);
-+    return;
-+  }
-+#else
-+  cn->dirp = opendir(actualfile);
-   if (cn->dirp == NULL) {
-     send404(cn);
-     removeconnection(cn);
-@@ -116,12 +127,10 @@
- 
-   // Get rid of the "."
-   readdir(cn->dirp);
-+#endif
- 
--  // If the browser doesn't specify a virtual host, the client will
--  // see "http://default/thedir/" instead of "http://thehost.com/thedir/"
--  // Consider this punishment for using such an old browser.
--  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of http://%s%s</H2><BR>\n", cn->virtualhostreq, cn->filereq);
--  write(cn->networkdesc, buf, strlen(buf));
-+  snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of %s://%s%s</H2><BR>\n", cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
-+  special_write(cn, buf, strlen(buf));
- 
-   cn->state = STATE_DOING_DIR;
- 
-@@ -134,36 +143,48 @@
- 
- void procdodir(struct connstruct *cn) {
- 
-+#ifndef WIN32
-   struct dirent *dp;
-+#endif
-   char buf[MAXREQUESTLENGTH];
--  char encbuf[sizeof(dp->d_name)*3+1];
-+  char encbuf[1024];
-   int putslash;
-+  char *file;
- 
-   do {
- 
--    if ((dp = readdir(cn->dirp)) == NULL) {
--      snprintf(buf, sizeof(buf), "<BR><BR>End of Anti-Web directory listing.</BODY></HTML>\n");
--      write(cn->networkdesc, buf, strlen(buf));
-+#ifdef WIN32
-+    if (!FindNextFile(cn->dirp, &cn->file_data)) {
-+#else
-+    if ((dp = readdir(cn->dirp)) == NULL)  {
-+#endif
-+      snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
-+      special_write(cn, buf, strlen(buf));
-       removeconnection(cn);
-       return;
-     }
- 
-+#ifdef WIN32
-+    file = cn->file_data.cFileName;
-+#else
-+    file = dp->d_name;
-+#endif
-     if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
--        strcmp(dp->d_name, "..") == 0) continue;
-+        strcmp(file, "..") == 0) continue;
- 
--    snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, dp->d_name);
-+    snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
-     putslash = isdir(buf);
- 
--    urlencode(dp->d_name, encbuf);
-+    urlencode(file, encbuf);
-     snprintf(buf, sizeof(buf), "<A HREF=\"%s%s\">%s%s</A><BR>\n",
--	     encbuf, putslash ? "/" : "", dp->d_name, putslash ? "/" : "");
--    write(cn->networkdesc, buf, strlen(buf));
-+	     encbuf, putslash ? "/" : "", file, putslash ? "/" : "");
-+    special_write(cn, buf, strlen(buf));
- 
-   } while (issockwriteable(cn->networkdesc));
- 
-   return;
- }
--
-+#endif
- 
- 
- 
-@@ -172,9 +193,10 @@
-   char buf[MAXREQUESTLENGTH*4], *tp, *next;
-   int rv;
- 
--  rv = read(cn->networkdesc, buf, sizeof(buf)-1);
--  if (rv == 0 || rv == -1) {
--    removeconnection(cn);
-+  rv = special_read(cn, buf, sizeof(buf)-1);
-+  if (rv <= 0) {
-+      if (rv < 0)
-+        removeconnection(cn);
-     return;
-   }
- 
-@@ -217,36 +239,85 @@
- void procsendhead(struct connstruct *cn) {
- 
-   char buf[1024];
-+  char actualfile[1024];
-   struct stat stbuf;
-+  time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
-+  char date[32];
-+  strcpy(date, ctime(&now));
-+
-+  strcpy(actualfile, cn->actualfile);
-+
-+#ifdef WIN32
-+  /* stat() under win32 can't deal with trail slash */
-+  if (actualfile[strlen(actualfile)-1] == '\\')
-+    actualfile[strlen(actualfile)-1] = 0;
-+#endif
- 
--  if (stat(cn->actualfile, &stbuf) == -1) {
--    if (allowcgi != 0) {
-+  if (stat(actualfile, &stbuf) == -1) {
-+#if defined(CONFIG_HTTP_HAS_CGI)
-       if (trycgi_withpathinfo(cn) == 0) { // We Try To Find A CGI
-         proccgi(cn,1);
-         return;
-       }
--    }
-+#endif
- 
-     send404(cn);
-     removeconnection(cn);
-     return;
-   }
- 
-+#if defined(CONFIG_HTTP_HAS_CGI)
-   if (iscgi(cn->actualfile)) {
-+#ifndef WIN32
-     // Set up CGI script
--    if (allowcgi == 0 ||
--        access(cn->actualfile, X_OK) != 0 ||
--        isdir(cn->actualfile)) {
-+    if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
-+          send404(cn);
-+          removeconnection(cn);
-+          return;
-+        }
-+#endif
-+
-+    proccgi(cn,0);
-+    return;
-+  }
-+#endif
-+
-+  if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
-+    if (cn->filereq[strlen(cn->filereq)-1] != '/') {
-+      send301(cn);
-+      removeconnection(cn);
-+      return;
-+    }
-+
-+    // Check to see if this dir has an index file
-+    if (procindex(cn, &stbuf) == 0) {
-+#if defined(CONFIG_HTTP_DIRECTORIES)
-+      // If not, we do a directory listing of it
-+      procdirlisting(cn);
-+#else
-       send404(cn);
-       removeconnection(cn);
-+#endif
-       return;
-     }
- 
--    proccgi(cn,0);
--    return;
--  }
-+#if defined(CONFIG_HTTP_HAS_CGI)
-+    // If the index is a CGI file, handle it like any other CGI
-+    if (iscgi(cn->actualfile)) {
-+      // Set up CGI script
-+      if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
-+        send404(cn);
-+        removeconnection(cn);
-+        return;
-+      }
- 
-+      proccgi(cn,0);
-+      return;
-+    }
-+#endif
-+    // If the index isn't a CGI, we continue on with the index file
- 
-+  }
-   if ((stbuf.st_mode & S_IFMT) == S_IFDIR) {
-     if (cn->filereq[strlen(cn->filereq)-1] != '/') {
-       send301(cn);
-@@ -256,17 +327,18 @@
- 
-     // Check to see if this dir has an index file
-     if (procindex(cn, &stbuf) == 0) {
-+#if defined(CONFIG_HTTP_DIRECTORIES)
-       // If not, we do a directory listing of it
-       procdirlisting(cn);
-+#endif
-       return;
-     }
- 
-+#if defined(CONFIG_HTTP_HAS_CGI)
-     // If the index is a CGI file, handle it like any other CGI
-     if (iscgi(cn->actualfile)) {
-       // Set up CGI script
--      if (allowcgi == 0 ||
--          access(cn->actualfile, X_OK) != 0 ||
--          isdir(cn->actualfile)) {
-+      if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) {
-         send404(cn);
-         removeconnection(cn);
-         return;
-@@ -275,50 +347,68 @@
-       proccgi(cn,0);
-       return;
-     }
-+#endif
-     // If the index isn't a CGI, we continue on with the index file
- 
-   }
- 
--  if (cn->offset == -1 || cn->offset >= stbuf.st_size) {
--    cn->offset = -1;
-+  if (cn->modified_since) {
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: Anti-Web V%s\nDate: %s\n", VERSION, date);
-+    special_write(cn, buf, strlen(buf));
-+    cn->modified_since = 0;
-+    cn->state = STATE_WANT_TO_READ_HEAD;
-+    return;
-+  }
-+  else {
-+#ifdef CONFIG_HTTP_VERBOSE
-+    printf("awhttpd: %s send %s\n", 
-+            cn->is_ssl ? "https" : "http", cn->actualfile);
-+    TTY_FLUSH();
-+#endif
- 
--    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Length: %ld\nLast-Modified: %s\n",
--               VERSION,
--               quote,
--               getmimetype(cn->actualfile),
--               (long) stbuf.st_size,
--               ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
--  } else {
--    snprintf(buf, sizeof(buf), "HTTP/1.1 206 OK\nServer: Anti-Web V%s (%s)\nContent-Type: %s\nContent-Range: %ld-%ld/%ld\nContent-Length: %ld\nLast-Modified: %s\n",
-+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: Anti-Web V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
-                VERSION,
--               quote,
-                getmimetype(cn->actualfile),
--               cn->offset,
--               (long) stbuf.st_size-1,
-                (long) stbuf.st_size,
--               (long) stbuf.st_size - cn->offset,
-+               date,
-                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-   }
- 
--  write(cn->networkdesc, buf, strlen(buf));
-+  special_write(cn, buf, strlen(buf));
- 
-   if (cn->reqtype == TYPE_HEAD) {
-     removeconnection(cn);
-     return;
-   } else {
-+    int flags = O_RDONLY;
-+#if defined(WIN32) || defined(CYGWIN)
-+    flags |= O_BINARY;
-+#endif
- 
--    cn->filedesc = open(cn->actualfile, O_RDONLY);
-+    cn->filedesc = open(cn->actualfile, flags);
-     if (cn->filedesc == -1) {
-       send404(cn);
-       removeconnection(cn);
-       return;
-     }
- 
--    if (cn->offset != -1) {
--      lseek(cn->filedesc, cn->offset, SEEK_SET);
-+#ifdef WIN32
-+    for (;;)
-+    {
-+        procreadfile(cn);
-+        if (cn->filedesc == -1)
-+        {
-+           break;
-+        }
-+       
-+        do 
-+        {
-+            procsendfile(cn);
-+        } while (cn->state != STATE_WANT_TO_READ_FILE);
-     }
--
-+#else
-     cn->state = STATE_WANT_TO_READ_FILE;
-+#endif
-     return;
-   }
- 
-@@ -328,13 +418,18 @@
- 
- void procreadfile(struct connstruct *cn) {
- 
--  int rv;
--
--  rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
-+  int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
- 
-   if (rv == 0 || rv == -1) {
--    removeconnection(cn);
--    return;
-+      close(cn->filedesc);
-+      cn->filedesc = -1;
-+      if (cn->close_when_done)      /* close immediately */
-+          removeconnection(cn);
-+      else {                        /* keep socket open - HTTP 1.1 */
-+          cn->state = STATE_WANT_TO_READ_HEAD;
-+          cn->numbytes = 0;
-+      }
-+      return;
-   }
- 
-   cn->numbytes = rv;
-@@ -347,11 +442,9 @@
- 
- void procsendfile(struct connstruct *cn) {
- 
--  int rv;
--
--  rv = write(cn->networkdesc, cn->databuf, cn->numbytes);
-+  int rv = special_write(cn, cn->databuf, cn->numbytes);
- 
--  if (rv == -1)
-+  if (rv < 0)
-     removeconnection(cn);
-   else if (rv == cn->numbytes)
-     cn->state = STATE_WANT_TO_READ_FILE;
-@@ -361,7 +454,47 @@
-     memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
-     cn->numbytes -= rv;
-   }
-+}
- 
--  return;
-+int special_write(struct connstruct *cn, 
-+        const uint8_t *buf, size_t count)
-+{
-+    int res;
-+
-+#ifdef CONFIG_HTTP_HAS_SSL
-+    if (cn->is_ssl)
-+    {
-+        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
-+        if (ssl)
-+        {
-+            res = ssl_write(ssl, (unsigned char *)buf, count);
-+        }
-+        else
-+            return -1;
-+    }
-+    else
-+#endif
-+        res = SOCKET_WRITE(cn->networkdesc, buf, count);
-+
-+    return res;
-+}
-+
-+static int special_read(struct connstruct *cn, void *buf, size_t count)
-+{
-+    int res;
-+
-+#ifdef CONFIG_HTTP_HAS_SSL
-+    if (cn->is_ssl)
-+    {
-+        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
-+        unsigned char *read_buf;
-+
-+        if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
-+            memcpy(buf, read_buf, res > (int)count ? count : res);
-+    }
-+    else
-+#endif
-+        res = SOCKET_READ(cn->networkdesc, buf, count);
- 
-+    return res;
- }
-diff -Naur awhttpd/socket.c axTLS/httpd/awhttpd/socket.c
---- awhttpd/socket.c	2004-04-25 13:03:05.000000000 +1000
-+++ axTLS/httpd/awhttpd/socket.c	2006-11-15 15:09:14.415015200 +1000
-@@ -8,61 +8,17 @@
- 
- 
- #include <stdio.h>
--#include <netdb.h>
--#include <sys/time.h>
- #include <sys/types.h>
--#include <netinet/in.h>
--#include <sys/socket.h>
--#include <sys/wait.h>
--#include <arpa/inet.h>
--#include <time.h>
--#include <unistd.h>
- #include <string.h>
- 
- 
--
- #include "aw3.h"
- 
- 
- 
--int checkmaxusers(int sd) {
--
--  if (maxusers <= 0) return 1;
--
--  if (numusers >= maxusers) {
--    send505(sd, "Maximum user limit reached");
--    // removeconnection() should be used normally
--    close(sd);
--
--    return 0;
--  }
--
--  return 1;
--}
--
--
--int pollsocket(int sd, long ustimeout) {
--
--  fd_set rfds;
--  struct timeval tv;
--
--  tv.tv_sec = 0;
--  tv.tv_usec = ustimeout;
--
--  FD_ZERO(&rfds);
--  FD_SET(sd, &rfds);
--
--  select(FD_SETSIZE, &rfds, NULL, NULL, (ustimeout >= 0) ? &tv : NULL);
--
--  return FD_ISSET(sd, &rfds);
--
--}
--
--
--
- #ifdef HAVE_IPV6
- 
--void handlenewconnection(int listenfd) {
-+void handlenewconnection(int listenfd, int is_ssl) {
- 
-   struct sockaddr_in6 their_addr;
-   int tp = sizeof(their_addr);
-@@ -82,7 +38,7 @@
-     *ipbuf = '\0';
-   }
- 
--  if (checkmaxusers(connfd)) addconnection(connfd, ipbuf);
-+  addconnection(connfd, ipbuf, is_ssl);
- 
-   return;
- 
-@@ -90,19 +46,17 @@
- 
- #else
- 
--void handlenewconnection(int listenfd) {
-+void handlenewconnection(int listenfd, int is_ssl) {
- 
-   struct sockaddr_in their_addr;
-   int tp = sizeof(struct sockaddr_in);
-   int connfd;
--  char ipbuf[100];
- 
-   connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
- 
-   if (connfd == -1) return;
- 
--  if (checkmaxusers(connfd))
--    addconnection(connfd, inet_ntoa(their_addr.sin_addr));
-+    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
- 
-   return;
- }
-@@ -113,8 +67,12 @@
- 
- 
- int openlistener(int port) {
--
--  int tp=0,sd;
-+  int sd;
-+#ifdef WIN32
-+  char tp=1;
-+#else
-+  int tp=1;
-+#endif
-   struct sockaddr_in my_addr;
- 
-   if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) return -1;
-@@ -125,7 +83,7 @@
-   setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-  
-   my_addr.sin_family = AF_INET;         // host byte order
--  my_addr.sin_port = htons(port);       // short, network byte order
-+  my_addr.sin_port = htons((short)port);       // short, network byte order
-   my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
- 
-   memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
-diff -Naur awhttpd/urlencode.c axTLS/httpd/awhttpd/urlencode.c
---- awhttpd/urlencode.c	2004-05-14 10:53:47.000000000 +1000
-+++ axTLS/httpd/awhttpd/urlencode.c	2006-11-15 15:09:14.430640700 +1000
-@@ -13,7 +13,7 @@
- 
- #include <ctype.h>
- #include <stdlib.h>
--
-+#include <stdio.h>
- #include "aw3.h"
- 
- 
-@@ -37,7 +37,7 @@
-        (*p > 'Z' && *p < '_') ||
-        (*p > '_' && *p < 'a') ||
-        (*p > 'z' && *p < 0xA1)) {
--        sprintf(tp, "%%%02X", *p);
-+        sprintf((char *)tp, "%%%02X", *p);
-         tp += 3; 
-       } else {
- 	*tp = *p;
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
new file mode 100644
index 0000000000..7af635a715
--- /dev/null
+++ b/httpd/axhttp.h
@@ -0,0 +1,164 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "os_port.h"
+#include "ssl.h"
+
+#define BACKLOG 15
+#define VERSION "3.0.7"
+#ifdef CONFIG_HTTP_HAS_IPV6
+#define HAVE_IPV6
+#endif
+
+#define MAXFILEPATH 1024
+#define MAXIPLEN 45
+#define MAXREQUESTLENGTH 1024
+#define MAXCGIARGS 100
+#define BLOCKSIZE 4096
+
+#define INITIAL_CONNECTION_SLOTS 10
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
+
+#define STATE_WANT_TO_READ_HEAD  1
+#define STATE_WANT_TO_SEND_HEAD  2
+#define STATE_WANT_TO_READ_FILE  3
+#define STATE_WANT_TO_SEND_FILE  4
+#define STATE_DOING_DIR          5
+
+#define TYPE_GET 0
+#define TYPE_HEAD 1
+#define TYPE_POST 2
+
+struct connstruct 
+{
+    struct connstruct *next;
+
+    int state;
+    int reqtype;
+
+    int networkdesc;
+    int filedesc;
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+#ifdef WIN32
+    HANDLE dirp;
+    WIN32_FIND_DATA file_data;
+#else
+    DIR *dirp;
+#endif
+#endif
+
+    time_t timeout;
+    char ip[MAXIPLEN];
+    char actualfile[MAXREQUESTLENGTH];
+    char filereq[MAXREQUESTLENGTH];
+#if defined(CONFIG_HTTP_HAS_CGI)
+    char cgiargs[MAXREQUESTLENGTH];
+    char cgiscriptinfo[MAXREQUESTLENGTH];
+    char cgipathinfo[MAXREQUESTLENGTH];
+#endif
+    char virtualhostreq[MAXREQUESTLENGTH];
+
+    int numbytes;
+    char databuf[BLOCKSIZE];
+
+    unsigned char is_ssl;
+    unsigned char close_when_done;
+    unsigned char modified_since;
+};
+
+struct serverstruct 
+{
+    struct serverstruct *next;
+    int sd;
+    int is_ssl;
+    SSLCTX *ssl_ctx;
+};
+
+struct cgiextstruct 
+{
+    struct cgiextstruct *next;
+    char *ext;
+};
+
+struct indexstruct 
+{
+    struct indexstruct *next;
+    char *name;
+};
+
+// Global prototypes
+extern struct serverstruct *servers;
+extern struct connstruct *usedconns;
+extern struct connstruct *freeconns;
+extern struct cgiextstruct *cgiexts;
+extern struct indexstruct *indexlist;
+
+// Conf global prototypes
+extern char *webroot;
+extern int allowdirectorylisting;
+extern int allowcgi;
+extern int permcheck;
+
+// conn.c prototypes
+void addconnection(int sd, char *ip, int is_ssl);
+void removeconnection(struct connstruct *cn);
+
+// proc.c prototypes
+int procheadelem(struct connstruct *cn, char *buf);
+void procdirlisting(struct connstruct *cn);
+void procdodir(struct connstruct *cn);
+void procreadhead(struct connstruct *cn);
+void procsendhead(struct connstruct *cn);
+void procreadfile(struct connstruct *cn);
+void procsendfile(struct connstruct *cn);
+int special_write(struct connstruct *cn, const uint8_t *buf, size_t count);
+
+// net.c prototypes
+void addtoservers(int sd);
+void selectloop(void);
+
+// socket.c prototypes
+void handlenewconnection(int listenfd, int is_ssl);
+int openlistener(int port);
+int openlistener6(int port);
+
+// misc.c prototypes
+void nada(int sigtype);
+void die(int sigtype);
+void reaper(int sigtype);
+void stripcrlf(char *p);
+char *my_strncpy(char *dest, const char *src, size_t n);
+#ifndef __HAVE_ARCH_STRNLEN
+size_t strnlen ( const char * str, size_t maxlen );
+#endif
+int iscgi(char *fn);
+void split(char *tp, char *sp[], int maxwords, char sc);
+int sanitizefile(char *buf);
+int sanitizehost(char *buf);
+void buildactualfile(struct connstruct *cn);
+int issockwriteable(int sd);
+int isdir(char *name);
+int trycgi_withpathinfo(struct connstruct *cn);
+
+// mime_types.c prototypes
+void mime_init(void);
+const char *getmimetype(const char *fn);
+
+// main.c prototypes
+void initlists(void);
diff --git a/httpd/conn.c b/httpd/conn.c
new file mode 100644
index 0000000000..a36271709f
--- /dev/null
+++ b/httpd/conn.c
@@ -0,0 +1,121 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "axhttp.h"
+
+void addconnection(int sd, char *ip, int is_ssl) 
+{
+    struct connstruct *tp;
+
+    // Get ourselves a connstruct
+    if (freeconns == NULL) 
+    {
+        tp = (struct connstruct *) malloc(sizeof(struct connstruct));
+    } 
+    else 
+    {
+        tp = freeconns;
+        freeconns = tp->next;
+    }
+
+    // Attach it to the used list
+    tp->next = usedconns;
+    usedconns = tp;
+
+    tp->networkdesc = sd;
+    if (is_ssl)
+        ssl_server_new(servers->ssl_ctx, sd);
+    tp->filedesc = -1;
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    tp->dirp = NULL;
+#endif
+    tp->is_ssl = is_ssl;
+
+    *(tp->actualfile) = '\0';
+    *(tp->filereq) = '\0';
+#if defined(CONFIG_HTTP_HAS_CGI)
+    *(tp->cgiargs) = '\0';
+#endif
+    *(tp->virtualhostreq) = '\0';
+
+    tp->state = STATE_WANT_TO_READ_HEAD;
+    tp->reqtype = TYPE_GET;
+    my_strncpy(tp->ip, ip, MAXIPLEN);
+    tp->close_when_done = 0;
+    tp->modified_since = 0;
+    tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
+}
+
+void removeconnection(struct connstruct *cn) 
+{
+    struct connstruct *tp;
+    int shouldret=0;
+
+    tp = usedconns;
+
+    if (tp == NULL || cn == NULL) 
+        shouldret=1;
+    else if (tp == cn) 
+        usedconns = tp->next;
+    else 
+    {
+        while(tp != NULL) 
+        {
+            if (tp->next == cn) 
+            {
+                tp->next = (tp->next)->next;
+                shouldret=0;
+                break;
+            }
+
+            tp = tp->next;
+            shouldret=1;
+        }
+    }
+
+    if (shouldret) 
+        return;
+
+    // If we did, add it to the free list
+    cn->next = freeconns;
+    freeconns = cn;
+
+    // Close it all down
+    if (cn->networkdesc != -1) 
+    {
+        if (cn->is_ssl) 
+        {
+            ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
+        }
+
+        SOCKET_CLOSE(cn->networkdesc);
+    }
+
+    if (cn->filedesc != -1) close(cn->filedesc);
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    if (cn->dirp != NULL) 
+#ifdef WIN32
+        FindClose(cn->dirp);
+#else
+    closedir(cn->dirp);
+#endif
+#endif
+}
diff --git a/httpd/main.c b/httpd/main.c
new file mode 100644
index 0000000000..d3e5e1aed8
--- /dev/null
+++ b/httpd/main.c
@@ -0,0 +1,323 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <stdlib.h>
+#include "axhttp.h"
+
+// GLOBALS
+struct serverstruct *servers;
+struct connstruct *usedconns;
+struct connstruct *freeconns;
+#if defined(CONFIG_HTTP_HAS_CGI)
+struct cgiextstruct *cgiexts;
+#endif
+struct indexstruct *indexlist;
+
+char *webroot = CONFIG_HTTP_WEBROOT;
+static void addindex(char *tp);
+#if defined(CONFIG_HTTP_PERM_CHECK)
+static void procpermcheck(char *pathtocheck);
+#endif
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void addcgiext(char *tp);
+#endif
+
+/* clean up memory for valgrind */
+static void sigint_cleanup(int sig)
+{
+    struct serverstruct *sp;
+    struct connstruct *tp;
+    int i;
+
+    while(servers != NULL) 
+    {
+        if (servers->is_ssl)
+            ssl_ctx_free(servers->ssl_ctx);
+
+        sp = servers->next;
+        free(servers);
+        servers = sp;
+    }
+
+    free(indexlist->name);
+    free(indexlist);
+
+    for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
+    {
+        if (freeconns == NULL)
+            break;
+
+        tp = freeconns->next;
+        free(freeconns);
+        freeconns = tp;
+    }
+
+    exit(0);
+}
+
+void initlists() 
+{
+    int i;
+    struct connstruct *tp;
+
+    servers = NULL;
+    usedconns = NULL;
+    freeconns = NULL;
+#if defined(CONFIG_HTTP_HAS_CGI)
+    cgiexts = NULL;
+#endif
+    indexlist = NULL;
+
+    for (i=0; i<INITIAL_CONNECTION_SLOTS; i++) 
+    {
+        tp = freeconns;
+        freeconns = (struct connstruct *) calloc(1, sizeof(struct connstruct));
+        freeconns->next = tp;
+    }
+}
+
+int main(int argc, char *argv[]) 
+{
+    int tp;
+#if defined(CONFIG_HTTP_IS_DAEMON)
+    int pid;
+#endif
+
+#ifdef WIN32
+    WORD wVersionRequested = MAKEWORD(2,2);
+    WSADATA wsaData;
+    WSAStartup(wVersionRequested,&wsaData);
+#endif
+
+    mime_init();
+    initlists();
+    tp = strlen(webroot);
+
+    if (webroot[tp-1] == '/') 
+        webroot[tp-1] = '\0';
+
+    if (isdir(webroot) == 0) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "'%s' is not a directory\n", webroot);
+#endif
+        exit(1);
+    }
+
+    if ((tp=openlistener(CONFIG_HTTP_PORT)) == -1) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
+                CONFIG_HTTP_PORT);
+#endif
+        exit(1);
+    }
+
+    addindex("index.html");
+    addtoservers(tp);
+
+#ifndef WIN32
+    if (getuid() == 0)
+    {
+        setgid(32767);
+        setuid(32767);
+    }
+#endif
+
+    if ((tp=openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", 
+                CONFIG_HTTP_HTTPS_PORT);
+#endif
+        exit(1);
+    }
+
+    addtoservers(tp);
+    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
+            CONFIG_HTTP_SESSION_CACHE_SIZE);
+    servers->is_ssl = 1;
+
+#if defined(CONFIG_HTTP_PERM_CHECK) 
+    procpermcheck(webroot);
+#endif
+#if defined(CONFIG_HTTP_HAS_CGI)
+    addcgiext(CONFIG_HTTP_CGI_EXTENSION);
+#endif
+#if defined(CONFIG_HTTP_VERBOSE)
+    printf("axhttpd: listening on ports http:%d and https:%d\n", 
+            CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
+    TTY_FLUSH();
+#endif
+
+#if defined(CONFIG_HTTP_IS_DAEMON)
+    pid = fork();
+
+    if (pid > 0) 
+    {
+        exit(0);
+    } 
+    else if(pid == -1) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr,"axhttpd: Sorry, fork failed... Tough dice.\n");
+#endif
+        exit(1);
+    }
+
+    setsid();
+#endif
+
+    /* SIGNALS */
+    signal(SIGINT, sigint_cleanup);
+    signal(SIGTERM, die);
+#if defined(CONFIG_HTTP_HAS_CGI)
+#ifndef WIN32
+    signal(SIGCHLD, reaper);
+#endif
+#endif
+#ifndef WIN32
+    signal(SIGQUIT, die);
+    signal(SIGPIPE, SIG_IGN);
+#endif
+
+    selectloop();
+    return 0;
+}
+
+static void addindex(char *tp) 
+{
+    struct indexstruct *ex = (struct indexstruct *)
+                        malloc(sizeof(struct indexstruct));
+    ex->name = strdup(tp);
+    ex->next = indexlist;
+    indexlist = ex;
+}
+
+#if defined(CONFIG_HTTP_PERM_CHECK)
+static void procpermcheck(char *pathtocheck) 
+{
+    char thepath[MAXREQUESTLENGTH];
+#ifndef WIN32
+    DIR *tpdir;
+    struct dirent *dp;
+
+    tpdir = opendir(pathtocheck);
+
+    if (tpdir == NULL) 
+    {
+        printf("WARNING: UID (%d) is unable to read %s\n", 
+                (int)getuid(), pathtocheck);
+        return;
+    }
+
+    while ((dp=readdir(tpdir))) 
+    {
+        if (strcmp(dp->d_name, "..")==0) 
+            continue;
+
+        if (strcmp(dp->d_name, ".")==0) 
+            continue;
+
+        snprintf(thepath, sizeof(thepath), "%s/%s", pathtocheck, dp->d_name);
+
+        if (isdir(thepath)) 
+        {
+            procpermcheck(thepath);
+            continue;
+        }
+
+        if (access(thepath, R_OK) != 0)
+            printf("WARNING: UID (%d) is unable to read %s\n", 
+                                (int)getuid(), thepath);
+        if (access(thepath, W_OK) == 0)
+            printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", 
+                                (int)getuid(), thepath);
+    }
+
+    closedir(tpdir);
+#else   /* Win32 */
+    HANDLE tpdir;
+    WIN32_FIND_DATA file_data;
+    struct stat st;
+    char buf2[1024];
+
+    strcpy(buf2, pathtocheck);
+    strcat(buf2, "\\*");
+    tpdir = FindFirstFile(buf2, &file_data);
+
+    if (tpdir == INVALID_HANDLE_VALUE) 
+    {
+        printf("WARNING: unable to read %s\n", buf2);
+        TTY_FLUSH();
+        return;
+    }
+
+    while (FindNextFile(tpdir, &file_data)) 
+    {
+        if (strcmp(file_data.cFileName, "..") == 0) 
+            continue;
+
+        if (strcmp(file_data.cFileName, ".") == 0) 
+            continue;
+
+        snprintf(thepath, sizeof(thepath), "%s\\%s", 
+                pathtocheck, file_data.cFileName);
+
+        if (isdir(thepath)) 
+        {
+            procpermcheck(thepath);
+            continue;
+        }
+
+        if (stat(thepath, &st) >= 0) 
+        {
+            if ((st.st_mode & _S_IREAD) == 0) 
+            {
+                printf("WARNING: unable to read %s\n", thepath);
+                TTY_FLUSH();
+            }
+
+            if (st.st_mode & _S_IWRITE) 
+            {
+                printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
+                TTY_FLUSH();
+            }
+        }
+    }
+
+    FindClose(tpdir);
+#endif
+}
+#endif  /* CONFIG_HTTP_PERM_CHECK */
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void addcgiext(char *tp)
+{
+    struct cgiextstruct *ex = (struct cgiextstruct *)
+                        malloc(sizeof(struct cgiextstruct));
+    ex->ext = strdup(tp);
+    ex->next = cgiexts;
+    cgiexts = ex;
+}
+#endif
+
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
new file mode 100644
index 0000000000..5bc959be4c
--- /dev/null
+++ b/httpd/mime_types.c
@@ -0,0 +1,190 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "os_port.h"
+
+static const char mime_default[] = "text/plain";
+
+typedef struct 
+{
+    const char * const ext;
+    const char * const type;
+} mime_table_t;
+
+static mime_table_t mime_table[] = 
+{
+    // Fundamentals
+    { ".html", "text/html" },
+    { ".htm", "text/html" },
+    { ".txt", "text/plain" },
+
+    // Others
+    { ".rtx", "text/richtext" },
+    { ".etx", "text/x-setext" },
+    { ".tsv", "text/tab-separated-values" },
+    { ".css", "text/css" },
+    { ".xml", "text/xml" },
+    { ".dtd", "text/xml" },
+    { ".gif", "image/gif" },
+    { ".jpg", "image/jpeg" },
+    { ".jpeg", "image/jpeg" },
+    { ".jpe", "image/jpeg" },
+    { ".jfif", "image/jpeg" },
+    { ".tif", "image/tiff" },
+    { ".tiff", "image/tiff" },
+    { ".pbm", "image/x-portable-bitmap" },
+    { ".pgm", "image/x-portable-graymap" },
+    { ".ppm", "image/x-portable-pixmap" },
+    { ".pnm", "image/x-portable-anymap" },
+    { ".xbm", "image/x-xbitmap" },
+    { ".xpm", "image/x-xpixmap" },
+    { ".xwd", "image/x-xwindowdump" },
+    { ".ief", "image/ief" },
+    { ".png", "image/png" },
+    { ".au", "audio/basic" },
+    { ".snd", "audio/basic" },
+    { ".aif", "audio/x-aiff" },
+    { ".aiff", "audio/x-aiff" },
+    { ".aifc", "audio/x-aiff" },
+    { ".ra", "audio/x-pn-realaudio" },
+    { ".ram", "audio/x-pn-realaudio" },
+    { ".rm", "audio/x-pn-realaudio" },
+    { ".rpm", "audio/x-pn-realaudio-plugin" },
+    { ".wav", "audio/wav" },
+    { ".mid", "audio/midi" },
+    { ".midi", "audio/midi" },
+    { ".kar", "audio/midi" },
+    { ".mpga", "audio/mpeg" },
+    { ".mp2", "audio/mpeg" },
+    { ".mp3", "audio/mpeg" },
+    { ".mpeg", "video/mpeg" },
+    { ".mpg", "video/mpeg" },
+    { ".mpe", "video/mpeg" },
+    { ".qt", "video/quicktime" },
+    { ".mov", "video/quicktime" },
+    { ".avi", "video/x-msvideo" },
+    { ".movie", "video/x-sgi-movie" },
+    { ".mv", "video/x-sgi-movie" },
+    { ".vx", "video/x-rad-screenplay" },
+    { ".a", "application/octet-stream" },
+    { ".bin", "application/octet-stream" },
+    { ".exe", "application/octet-stream" },
+    { ".dump", "application/octet-stream" },
+    { ".o", "application/octet-stream" },
+    { ".class", "application/java" },
+    { ".js", "application/x-javascript" },
+    { ".ai", "application/postscript" },
+    { ".eps", "application/postscript" },
+    { ".ps", "application/postscript" },
+    { ".dir", "application/x-director" },
+    { ".dcr", "application/x-director" },
+    { ".dxr", "application/x-director" },
+    { ".fgd", "application/x-director" },
+    { ".aam", "application/x-authorware-map" },
+    { ".aas", "application/x-authorware-seg" },
+    { ".aab", "application/x-authorware-bin" },
+    { ".fh4", "image/x-freehand" },
+    { ".fh7", "image/x-freehand" },
+    { ".fh5", "image/x-freehand" },
+    { ".fhc", "image/x-freehand" },
+    { ".fh", "image/x-freehand" },
+    { ".spl", "application/futuresplash" },
+    { ".swf", "application/x-shockwave-flash" },
+    { ".dvi", "application/x-dvi" },
+    { ".gtar", "application/x-gtar" },
+    { ".hdf", "application/x-hdf" },
+    { ".hqx", "application/mac-binhex40" },
+    { ".iv", "application/x-inventor" },
+    { ".latex", "application/x-latex" },
+    { ".man", "application/x-troff-man" },
+    { ".me", "application/x-troff-me" },
+    { ".mif", "application/x-mif" },
+    { ".ms", "application/x-troff-ms" },
+    { ".oda", "application/oda" },
+    { ".pdf", "application/pdf" },
+    { ".rtf", "application/rtf" },
+    { ".bcpio", "application/x-bcpio" },
+    { ".cpio", "application/x-cpio" },
+    { ".sv4cpio", "application/x-sv4cpio" },
+    { ".sv4crc", "application/x-sv4crc" },
+    { ".sh", "application/x-shar" },
+    { ".shar", "application/x-shar" },
+    { ".sit", "application/x-stuffit" },
+    { ".tar", "application/x-tar" },
+    { ".tex", "application/x-tex" },
+    { ".texi", "application/x-texinfo" },
+    { ".texinfo", "application/x-texinfo" },
+    { ".tr", "application/x-troff" },
+    { ".roff", "application/x-troff" },
+    { ".man", "application/x-troff-man" },
+    { ".me", "application/x-troff-me" },
+    { ".ms", "application/x-troff-ms" },
+    { ".zip", "application/x-zip-compressed" },
+    { ".tsp", "application/dsptype" },
+    { ".wsrc", "application/x-wais-source" },
+    { ".ustar", "application/x-ustar" },
+    { ".cdf", "application/x-netcdf" },
+    { ".nc", "application/x-netcdf" },
+    { ".doc", "application/msword" },
+    { ".ppt", "application/powerpoint" },
+    { ".wrl", "model/vrml" },
+    { ".vrml", "model/vrml" },
+    { ".mime", "message/rfc822" },
+    { ".pac", "application/x-ns-proxy-autoconfig" },
+    { ".wml", "text/vnd.wap.wml" },
+    { ".wmlc", "application/vnd.wap.wmlc" },
+    { ".wmls", "text/vnd.wap.wmlscript" },
+    { ".wmlsc", "application/vnd.wap.wmlscriptc" },
+    { ".wbmp", "image/vnd.wap.wbmp" },
+    { ".tgz", "application/x-gzip" },
+    { ".tar.gz", "application/x-gzip" },
+    { ".bz2", "application/x-bzip2" },
+    { ".zip", "application/zip" }
+};
+
+static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
+{
+    return strcasecmp(t1->ext, t2->ext);
+}
+
+void mime_init(void)
+{
+    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
+            sizeof(mime_table_t), 
+            (int (*)(const void *, const void *))mime_cmp);
+}
+
+const char *getmimetype(const char *name) 
+{
+    mime_table_t *mime_type;
+
+    if ((name = strrchr(name, '.')) == NULL)
+        return mime_default;
+
+    mime_type = bsearch(&name, mime_table, 
+            sizeof(mime_table)/sizeof(mime_table_t),
+            sizeof(mime_table_t), 
+                (int (*)(const void *, const void *))mime_cmp);
+
+    return mime_type == NULL ? mime_default : mime_type->type;
+}
+
diff --git a/httpd/misc.c b/httpd/misc.c
new file mode 100644
index 0000000000..bca059b5bf
--- /dev/null
+++ b/httpd/misc.c
@@ -0,0 +1,268 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "axhttp.h"
+
+void nada(int sigtype) { }
+
+void die(int sigtype) 
+{
+    exit(0);
+}
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+#ifndef WIN32
+void reaper(int sigtype) 
+{
+    wait3(NULL,WNOHANG,NULL);
+}
+#endif
+#endif
+
+void stripcrlf(char *p) 
+{
+    while (p && *p) 
+    {
+        if (*p=='\n' || *p=='\r') 
+        {
+            *p='\0';
+            return;
+        }
+        p++;
+    }
+}
+
+/* Wrapper function for strncpy() that guarantees
+   a null-terminated string. This is to avoid any possible
+   issues due to strncpy()'s behaviour. Thanks to
+   Werner Almesberger for pointing out this potential
+   issue. Needless to say, make sure sizeof(dest) > 0
+   and sizeof(dest) >= n.
+ */
+char *my_strncpy(char *dest, const char *src, size_t n) 
+{
+    strncpy(dest, src, n);
+    dest[n-1] = '\0';
+    return dest;
+}
+
+/* strnlen is a GNU Extension */
+#ifndef __HAVE_ARCH_STRNLEN
+size_t strnlen (const char * str, size_t maxlen)
+{
+	const char *p;
+
+	for (p=str; maxlen-- && *p!='\0'; ++p);
+	return (p - str);
+}
+#endif
+
+int sanitizefile(char *buf) 
+{
+    int len, i;
+
+    // Don't accept anything not starting with a /
+    if (*buf != '/') 
+        return 0;
+
+    len = strlen(buf);
+    for (i = 0; i < len; i++) 
+    {
+        // Check for "/." : In other words, don't send files starting with a .
+        // Notice, GOBBLES, that this includes ".."
+        if (buf[i] == '/' && buf[i+1] == '.') 
+            return 0;
+    }
+
+    return 1;
+}
+
+int sanitizehost(char *buf) 
+{
+    while(*buf != '\0') 
+    {
+        // Handle the port
+        if (*buf == ':') 
+        {
+            *buf = '\0';
+            return 1;
+        }
+
+        // Enforce some basic URL rules...
+        if (isalnum(*buf)==0 && *buf != '-' && *buf != '.') return 0;
+        if (*buf == '.' && *(buf+1) == '.') return 0;
+        if (*buf == '.' && *(buf+1) == '-') return 0;
+        if (*buf == '-' && *(buf+1) == '.') return 0;
+        buf++;
+    }
+
+    return 1;
+}
+
+void buildactualfile(struct connstruct *cn) 
+{
+    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
+            webroot,
+            cn->filereq);
+
+    /* Add directory slash if not there */
+    if (isdir(cn->actualfile) && 
+            cn->actualfile[strlen(cn->actualfile)-1] != '/')
+        strcat(cn->actualfile, "/");
+
+#ifdef WIN32
+    /* convert all the forward slashes to back slashes */
+    {
+        char *t = cn->actualfile;
+        while ((t = strchr(t, '/')))
+        {
+            *t++ = '\\';
+        }
+    }
+#endif
+}
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+int issockwriteable(int sd) 
+{
+    fd_set wfds;
+    struct timeval tv;
+
+    tv.tv_sec = 0;
+    tv.tv_usec = 0;
+
+    FD_ZERO(&wfds);
+    FD_SET(sd, &wfds);
+
+    select(FD_SETSIZE, NULL, &wfds, NULL, &tv);
+
+    return FD_ISSET(sd, &wfds);
+}
+#endif
+
+int isdir(char *tpbuf) 
+{
+    struct stat st;
+
+    if (stat(tpbuf, &st) == -1) 
+        return 0;
+
+    if ((st.st_mode & S_IFMT) == S_IFDIR) 
+        return 1;
+
+    return 0;
+}
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+int iscgi(char *fn) 
+{
+    struct cgiextstruct *tp;
+    int fnlen, extlen;
+
+    fnlen = strlen(fn);
+    tp = cgiexts;
+
+    while (tp != NULL) 
+    {
+        extlen = strlen(tp->ext);
+
+        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
+            return 1;
+
+        tp = tp->next;
+    }
+
+    return 0;
+}
+
+void split(char *tp, char *sp[], int maxwords, char sc) 
+{
+    int i = 0;
+
+    while(1) 
+    {
+        /* Skip leading whitespace */
+        while(*tp == sc) tp++;
+
+        if (*tp == '\0') 
+        {
+            sp[i] = NULL;
+            break;
+        }
+
+        if (i==maxwords-2) 
+        {
+            sp[maxwords-2] = NULL;
+            break;
+        }
+
+        sp[i] = tp;
+
+        while(*tp != sc && *tp != '\0') 
+            tp++;
+
+        if (*tp == sc) 
+            *tp++ = '\0';
+
+        i++;
+    }
+}
+
+int trycgi_withpathinfo(struct connstruct *cn) 
+{
+    char tpfile[MAXREQUESTLENGTH];
+    char fr_str[MAXREQUESTLENGTH];
+    char *fr_rs[MAXCGIARGS]; // filereq splitted
+    int i = 0, offset;
+
+    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
+    split(fr_str, fr_rs, MAXCGIARGS, '/');
+
+    while (fr_rs[i] != NULL) 
+    {
+        snprintf(tpfile, sizeof(tpfile), "%s/%s%s", 
+                            webroot, cn->virtualhostreq, fr_str);
+
+        if (iscgi(tpfile) && isdir(tpfile) == 0) 
+        {
+            /* We've found our CGI file! */
+            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
+            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
+
+            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
+            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
+
+            return 0;
+        }
+
+        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
+        i++;
+    }
+
+    /* Couldn't find any CGIs :( */
+    *(cn->cgiscriptinfo) = '\0';
+    *(cn->cgipathinfo) = '\0';
+    return -1;
+}
+#endif
diff --git a/httpd/net.c b/httpd/net.c
new file mode 100644
index 0000000000..dd325a61d4
--- /dev/null
+++ b/httpd/net.c
@@ -0,0 +1,176 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <time.h>
+#include <string.h>
+#include <stdlib.h>
+#include "axhttp.h"
+
+void addtoservers(int sd) 
+{
+    struct serverstruct *tp = (struct serverstruct *)
+                            calloc(1, sizeof(struct serverstruct));
+    tp->next = servers;
+    tp->sd = sd;
+    servers = tp;
+}
+
+void selectloop() 
+{
+    fd_set rfds, wfds;
+    struct connstruct *tp, *to;
+    struct serverstruct *sp;
+    int rnum, wnum, active;
+    int currtime;
+
+    while (1)
+    {   
+        // MAIN SELECT LOOP
+        FD_ZERO(&rfds);
+        FD_ZERO(&wfds);
+        rnum = wnum = -1;
+
+        // Add the listening sockets
+        sp = servers;
+        while (sp != NULL) 
+        {
+            FD_SET(sp->sd, &rfds);
+            if (sp->sd > rnum) rnum = sp->sd;
+            sp = sp->next;
+        }
+
+        // Add the established sockets
+        tp = usedconns;
+        currtime = time(NULL);
+
+        while (tp != NULL) 
+        {
+            if (currtime > tp->timeout) 
+            {
+                to = tp;
+                tp = tp->next;
+                removeconnection(to);
+                continue;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &rfds);
+                if (tp->networkdesc > rnum) 
+                    rnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_FILE) 
+            {
+                FD_SET(tp->filedesc, &rfds);
+                if (tp->filedesc > rnum) 
+                    rnum = tp->filedesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_FILE) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (tp->state == STATE_DOING_DIR) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+#endif
+            tp = tp->next;
+        }
+
+        active = select(wnum > rnum ? wnum+1 : rnum+1,
+                rnum != -1 ? &rfds : NULL,
+                wnum != -1 ? &wfds : NULL,
+                NULL, NULL);
+
+        // Handle the listening sockets
+        sp = servers;
+        while (active > 0 && sp != NULL) 
+        {
+            if (FD_ISSET(sp->sd, &rfds)) 
+            {
+                handlenewconnection(sp->sd, sp->is_ssl);
+                active--;
+            }
+
+            sp = sp->next;
+        }
+
+        // Handle the established sockets
+        tp = usedconns;
+
+        while (active > 0 && tp != NULL) 
+        {
+            to = tp;
+            tp = tp->next;
+
+            if (to->state == STATE_WANT_TO_READ_HEAD)
+                if (FD_ISSET(to->networkdesc, &rfds)) 
+                {
+                    active--;
+                    procreadhead(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_SEND_HEAD)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procsendhead(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_READ_FILE)
+                if (FD_ISSET(to->filedesc, &rfds)) 
+                {
+                    active--;
+                    procreadfile(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_SEND_FILE)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procsendfile(to);
+                }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (to->state == STATE_DOING_DIR)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procdodir(to);
+                }
+#endif
+        }
+    }  // MAIN SELECT LOOP
+}
diff --git a/httpd/proc.c b/httpd/proc.c
new file mode 100644
index 0000000000..3eb164f006
--- /dev/null
+++ b/httpd/proc.c
@@ -0,0 +1,780 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <time.h>
+#include <string.h>
+#include "axhttp.h"
+
+static int special_read(struct connstruct *cn, void *buf, size_t count);
+static void send301(struct connstruct *cn);
+static void send404(struct connstruct *cn);
+static int procindex(struct connstruct *cn, struct stat *stp);
+static int hexit(char c);
+static void urlencode(unsigned char *s, unsigned char *t);
+static void urldecode(char *buf);
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void proccgi(struct connstruct *cn, int has_pathinfo);
+#endif
+
+// Returns 1 if elems should continue being read, 0 otherwise
+int procheadelem(struct connstruct *cn, char *buf) 
+{
+    char *delim, *value;
+#if defined(CONFIG_HTTP_HAS_CGI)
+    char *cgi_delim;
+#endif
+
+    if ((delim = strchr(buf, ' ')) == NULL)
+        return 0;
+
+    *delim = 0;
+    value = delim+1;
+
+    if (strcmp(buf, "GET")==0 ||
+            strcmp(buf, "HEAD")==0 ||
+            strcmp(buf, "POST")==0) 
+    {
+        if (buf[0] == 'H') 
+            cn->reqtype = TYPE_HEAD;
+        else if (buf[0] == 'P') 
+            cn->reqtype = TYPE_POST;
+
+        if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
+            return 0;
+        *delim = 0;
+
+        urldecode(value);
+
+        if (sanitizefile(value) == 0) 
+        {
+            send404(cn);
+            removeconnection(cn);
+            return 0;
+        }
+
+        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
+#if defined(CONFIG_HTTP_HAS_CGI)
+        if ((cgi_delim = strchr(value, '?')))
+        {
+            *cgi_delim = 0;
+            my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
+        }
+#endif
+
+    } 
+    else if (strcmp(buf, "Host:")==0) 
+    {
+        if (sanitizehost(value) == 0) 
+        {
+            send404(cn);
+            removeconnection(cn);
+            return 0;
+        }
+
+        my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
+    } 
+    else if (strcmp(buf, "Connection:")==0 &&
+            strcmp(value, "close")==0) {
+        cn->close_when_done = 1;
+    } 
+    else if (strcmp(buf, "If-Modified-Since:") ==0 ) 
+    {
+        /* TODO: parse this date properly with getdate() or similar */
+        cn->modified_since = 1;
+    }
+
+    return 1;
+}
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+void procdirlisting(struct connstruct *cn) 
+{
+    char buf[MAXREQUESTLENGTH];
+    char actualfile[1024];
+
+#ifndef CONFIG_HTTP_DIRECTORIES
+    if (allowdirectorylisting == 0) 
+    {
+        send404(cn);
+        removeconnection(cn);
+        return;
+    }
+#endif
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
+        write(cn->networkdesc, buf, strlen(buf));
+
+        removeconnection(cn);
+        return;
+    }
+
+    strcpy(actualfile, cn->actualfile);
+#ifdef WIN32
+    strcat(actualfile, "*");
+    cn->dirp = FindFirstFile(actualfile, &cn->file_data);
+    if (cn->dirp == INVALID_HANDLE_VALUE) 
+    {
+        send404(cn);
+        removeconnection(cn);
+        return;
+    }
+#else
+
+    cn->dirp = opendir(actualfile);
+
+    if (cn->dirp == NULL) 
+    {
+        send404(cn);
+        removeconnection(cn);
+        return;
+    }
+
+    // Get rid of the "."
+    readdir(cn->dirp);
+#endif
+
+    sprintf(buf, "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of %s://%s%s</H2><BR>\n", cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
+    special_write(cn, buf, strlen(buf));
+    cn->state = STATE_DOING_DIR;
+}
+
+void procdodir(struct connstruct *cn) 
+{
+#ifndef WIN32
+    struct dirent *dp;
+#endif
+    char buf[MAXREQUESTLENGTH];
+    char encbuf[1024];
+    int putslash;
+    char *file;
+
+    do 
+    {
+#ifdef WIN32
+        if (!FindNextFile(cn->dirp, &cn->file_data)) 
+#else
+            if ((dp = readdir(cn->dirp)) == NULL)  
+#endif
+            {
+                snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
+                special_write(cn, buf, strlen(buf));
+                removeconnection(cn);
+                return;
+            }
+
+#ifdef WIN32
+        file = cn->file_data.cFileName;
+#else
+        file = dp->d_name;
+#endif
+
+        if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
+                strcmp(file, "..") == 0) continue;
+
+        snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
+        putslash = isdir(buf);
+
+        urlencode(file, encbuf);
+        snprintf(buf, sizeof(buf), "<A HREF=\"%s%s\">%s%s</A><BR>\n",
+                encbuf, putslash ? "/" : "", file, putslash ? "/" : "");
+        special_write(cn, buf, strlen(buf));
+
+    } 
+    while (issockwriteable(cn->networkdesc));
+}
+#endif
+
+void procreadhead(struct connstruct *cn) 
+{
+    char buf[MAXREQUESTLENGTH*4], *tp, *next;
+    int rv;
+
+    rv = special_read(cn, buf, sizeof(buf)-1);
+    if (rv <= 0) {
+        if (rv < 0)
+            removeconnection(cn);
+        return;
+    }
+
+    buf[rv] = '\0';
+
+    next = tp = buf;
+
+    // Split up lines and send to procheadelem()
+    while(*next != '\0') 
+    {
+        // If we have a blank line, advance to next stage!
+        if (*next == '\r' || *next == '\n') 
+        {
+            buildactualfile(cn);
+
+            cn->state = STATE_WANT_TO_SEND_HEAD;
+            return;
+        }
+
+        while(*next != '\r' && *next != '\n' && *next != '\0') 
+            next++;
+
+        if (*next == '\r') 
+        {
+            *next = '\0';
+            next+=2;
+        }
+        else if (*next == '\n') 
+            *next++ = '\0';
+
+        if (procheadelem(cn, tp) == 0) 
+            return;
+
+        tp = next;
+    }
+}
+
+/* In this function we assume that the file has been checked for
+ * maliciousness (".."s, etc) and has been decoded
+ */
+void procsendhead(struct connstruct *cn) 
+{
+    char buf[1024];
+    char actualfile[1024];
+    struct stat stbuf;
+    time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
+    char date[32];
+    strcpy(date, ctime(&now));
+
+    strcpy(actualfile, cn->actualfile);
+
+#ifdef WIN32
+    /* stat() under win32 can't deal with trail slash */
+    if (actualfile[strlen(actualfile)-1] == '\\')
+        actualfile[strlen(actualfile)-1] = 0;
+#endif
+
+    if (stat(actualfile, &stbuf) == -1) 
+    {
+#if defined(CONFIG_HTTP_HAS_CGI)
+        if (trycgi_withpathinfo(cn) == 0) 
+        { // We Try To Find A CGI
+            proccgi(cn,1);
+            return;
+        }
+#endif
+
+        send404(cn);
+        removeconnection(cn);
+        return;
+    }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    if (iscgi(cn->actualfile)) 
+    {
+#ifndef WIN32
+        // Set up CGI script
+        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+        {
+            send404(cn);
+            removeconnection(cn);
+            return;
+        }
+#endif
+
+        proccgi(cn,0);
+        return;
+    }
+#endif
+
+    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
+    {
+        if (cn->filereq[strlen(cn->filereq)-1] != '/') 
+        {
+            send301(cn);
+            removeconnection(cn);
+            return;
+        }
+
+        // Check to see if this dir has an index file
+        if (procindex(cn, &stbuf) == 0) 
+        {
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            // If not, we do a directory listing of it
+            procdirlisting(cn);
+#else
+            send404(cn);
+            removeconnection(cn);
+#endif
+            return;
+        }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+        // If the index is a CGI file, handle it like any other CGI
+        if (iscgi(cn->actualfile)) 
+        {
+            // Set up CGI script
+            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+            {
+                send404(cn);
+                removeconnection(cn);
+                return;
+            }
+
+            proccgi(cn,0);
+            return;
+        }
+#endif
+        // If the index isn't a CGI, we continue on with the index file
+    }
+
+    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
+    {
+        if (cn->filereq[strlen(cn->filereq)-1] != '/') 
+        {
+            send301(cn);
+            removeconnection(cn);
+            return;
+        }
+
+        // Check to see if this dir has an index file
+        if (procindex(cn, &stbuf) == 0) 
+        {
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            // If not, we do a directory listing of it
+            procdirlisting(cn);
+#endif
+            return;
+        }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+        // If the index is a CGI file, handle it like any other CGI
+        if (iscgi(cn->actualfile)) 
+        {
+            // Set up CGI script
+            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+            {
+                send404(cn);
+                removeconnection(cn);
+                return;
+            }
+
+            proccgi(cn,0);
+            return;
+        }
+#endif
+        // If the index isn't a CGI, we continue on with the index file
+    }
+
+    if (cn->modified_since) 
+    {
+        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: axhttpd V%s\nDate: %s\n", VERSION, date);
+        special_write(cn, buf, strlen(buf));
+        cn->modified_since = 0;
+        cn->state = STATE_WANT_TO_READ_HEAD;
+        return;
+    }
+    else 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("axhttpd: %s send %s\n", 
+                cn->is_ssl ? "https" : "http", cn->actualfile);
+        TTY_FLUSH();
+#endif
+
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
+                VERSION,
+                getmimetype(cn->actualfile),
+                (long) stbuf.st_size,
+                date,
+                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+    }
+
+    special_write(cn, buf, strlen(buf));
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        removeconnection(cn);
+        return;
+    } 
+    else 
+    {
+        int flags = O_RDONLY;
+#if defined(WIN32) || defined(CYGWIN)
+        flags |= O_BINARY;
+#endif
+
+        cn->filedesc = open(cn->actualfile, flags);
+        if (cn->filedesc == -1) 
+        {
+            send404(cn);
+            removeconnection(cn);
+            return;
+        }
+
+#ifdef WIN32
+        for (;;)
+        {
+            procreadfile(cn);
+            if (cn->filedesc == -1)
+                break;
+
+            do 
+            {
+                procsendfile(cn);
+            } while (cn->state != STATE_WANT_TO_READ_FILE);
+        }
+#else
+        cn->state = STATE_WANT_TO_READ_FILE;
+#endif
+        return;
+    }
+}
+
+void procreadfile(struct connstruct *cn) 
+{
+    int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
+
+    if (rv == 0 || rv == -1) 
+    {
+        close(cn->filedesc);
+        cn->filedesc = -1;
+        if (cn->close_when_done)      /* close immediately */
+            removeconnection(cn);
+        else 
+        {                        /* keep socket open - HTTP 1.1 */
+            cn->state = STATE_WANT_TO_READ_HEAD;
+            cn->numbytes = 0;
+        }
+
+        return;
+    }
+
+    cn->numbytes = rv;
+    cn->state = STATE_WANT_TO_SEND_FILE;
+}
+
+void procsendfile(struct connstruct *cn) 
+{
+    int rv = special_write(cn, cn->databuf, cn->numbytes);
+
+    if (rv < 0)
+        removeconnection(cn);
+    else if (rv == cn->numbytes)
+        cn->state = STATE_WANT_TO_READ_FILE;
+    else if (rv == 0)
+    { /* Do nothing */ }
+    else 
+    {
+        memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
+        cn->numbytes -= rv;
+    }
+}
+
+int special_write(struct connstruct *cn, const uint8_t *buf, size_t count)
+{
+    int res;
+
+    if (cn->is_ssl)
+    {
+        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
+        if (ssl)
+        {
+            res = ssl_write(ssl, (unsigned char *)buf, count);
+        }
+        else
+            return -1;
+    }
+    else
+        res = SOCKET_WRITE(cn->networkdesc, buf, count);
+
+    return res;
+}
+
+static int special_read(struct connstruct *cn, void *buf, size_t count)
+{
+    int res;
+
+    if (cn->is_ssl)
+    {
+        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
+        unsigned char *read_buf;
+
+        if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
+            memcpy(buf, read_buf, res > (int)count ? count : res);
+    }
+    else
+        res = SOCKET_READ(cn->networkdesc, buf, count);
+
+    return res;
+}
+
+static void send301(struct connstruct *cn)
+{
+    char buf[2048];
+    sprintf(buf, "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
+    special_write(cn, buf, strlen(buf));
+}
+
+static void send404(struct connstruct *cn)
+{
+    char buf[1024];
+    sprintf(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n</BODY></HTML>\n");
+    special_write(cn, buf, strlen(buf));
+}
+
+// Returns 0 if no index was found and doesn't modify cn->actualfile
+// Returns 1 if an index was found and puts the index in cn->actualfile
+//              and puts its stat info into stp
+static int procindex(struct connstruct *cn, struct stat *stp) 
+{
+    char tbuf[MAXREQUESTLENGTH];
+    struct indexstruct *tp;
+
+    tp = indexlist;
+
+    while(tp != NULL) {
+        sprintf(tbuf, "%s%s%s", cn->actualfile, 
+#ifdef WIN32
+                "\\",
+#else
+                "/",
+#endif
+                tp->name);
+
+        if (stat(tbuf, stp) != -1) 
+        {
+            my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
+            return 1;
+        }
+
+        tp = tp->next;
+    }
+
+    return 0;
+}
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void proccgi(struct connstruct *cn, int has_pathinfo) 
+{
+    int tpipe[2];
+    char *myargs[5];
+    char buf[MAXREQUESTLENGTH];
+#ifdef WIN32
+    int tmp_stdout;
+#else
+    int fv;
+#endif
+
+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
+            VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+    special_write(cn, buf, strlen(buf));
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+#ifndef WIN32
+    if (pipe(tpipe) == -1) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+    fv = fork();
+
+    if (fv == -1) 
+    {
+        close(tpipe[0]);
+        close(tpipe[1]);
+        removeconnection(cn);
+        return;
+    }
+
+    if (fv != 0) 
+    {
+        // Close the write descriptor
+        close(tpipe[1]);
+        cn->filedesc = tpipe[0];
+        cn->state = STATE_WANT_TO_READ_FILE;
+        return;
+    }
+
+    // The problem child...
+
+    // Our stdout/stderr goes to the socket
+    dup2(tpipe[1], 1);
+    dup2(tpipe[1], 2);
+
+    // If it was a POST request, send the socket data to our stdin
+    if (cn->reqtype == TYPE_POST) 
+        dup2(cn->networkdesc, 0);
+    else // Otherwise we can shutdown the read side of the sock
+        shutdown(cn->networkdesc, 0);
+
+    close(tpipe[0]);
+    close(tpipe[1]);
+
+    myargs[0] = cn->actualfile;
+    myargs[1] = cn->cgiargs;
+    myargs[2] = NULL;
+
+    if (!has_pathinfo) 
+    {
+        my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
+        my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
+    }
+
+    execv(cn->actualfile, myargs);
+#else /* WIN32 */
+    if (_pipe(tpipe, 4096, O_BINARY| O_NOINHERIT) == -1) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+    myargs[0] = "sh";
+    myargs[1] = "-c";
+    myargs[2] = cn->actualfile;
+    myargs[3] = cn->cgiargs;
+    myargs[4] = NULL;
+
+    /* convert all the forward slashes to back slashes */
+    {
+        char *t = myargs[2];
+        while ((t = strchr(t, '\\')))
+        {
+            *t++ = '/';
+        }
+    }
+
+    tmp_stdout = _dup(_fileno(stdout));
+    _dup2(tpipe[1], _fileno(stdout));
+    close(tpipe[1]);
+
+    /* change to suit execution method */
+    if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
+                myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+    _dup2(tmp_stdout, _fileno(stdout));
+    close(tmp_stdout);
+    cn->filedesc = tpipe[0];
+    cn->state = STATE_WANT_TO_READ_FILE;
+
+    for (;;)
+    {
+        procreadfile(cn);
+
+        if (cn->filedesc == -1)
+            break;
+
+        procsendfile(cn);
+        usleep(200000); /* don't know why this delay makes it work (yet) */
+    }
+#endif
+}
+#endif  /* CONFIG_HTTP_HAS_CGI */
+
+/* Encode funny chars -> %xx in newly allocated storage */
+/* (preserves '/' !) */
+static void urlencode(unsigned char *s, unsigned char *t) 
+{
+    uint8_t *p, *tp;
+
+    tp =t ;
+
+    for (p=s; *p; p++) 
+    {
+        if ((*p > 0x00 && *p < ',') ||
+                (*p > '9' && *p < 'A') ||
+                (*p > 'Z' && *p < '_') ||
+                (*p > '_' && *p < 'a') ||
+                (*p > 'z' && *p < 0xA1)) {
+            sprintf((char *)tp, "%%%02X", *p);
+            tp += 3; 
+        } 
+        else 
+        {
+            *tp = *p;
+            tp++;
+        }
+    }
+
+    *tp='\0';
+}
+
+/* Decode string %xx -> char (in place) */
+static void urldecode(char *buf) 
+{
+    int v;
+    char *p, *s, *w;
+
+    w = p = buf;
+
+    while (*p) 
+    {
+        v = 0;
+
+        if (*p=='%') 
+        {
+            s = p;
+            s++;
+
+            if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
+            {
+                v = hexit(s[0])*16+hexit(s[1]);
+                if (v) 
+                { /* do not decode %00 to null char */
+                    *w=(char)v;
+                    p=&s[1];
+                }
+            }
+
+        }
+
+        if (!v) 
+            *w=*p;
+        p++; w++;
+    }
+
+    *w='\0';
+}
+
+static int hexit(char c) 
+{
+    if ( c >= '0' && c <= '9' )
+        return c - '0';
+    if ( c >= 'a' && c <= 'f' )
+        return c - 'a' + 10;
+    if ( c >= 'A' && c <= 'F' )
+        return c - 'A' + 10;
+
+    return 0;
+}
+
diff --git a/httpd/socket.c b/httpd/socket.c
new file mode 100644
index 0000000000..e7faa78e8b
--- /dev/null
+++ b/httpd/socket.c
@@ -0,0 +1,129 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <string.h>
+#include "axhttp.h"
+
+#ifdef HAVE_IPV6
+
+void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in6 their_addr;
+    int tp = sizeof(their_addr);
+    char ipbuf[100];
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+
+    if (connfd == -1) 
+        return;
+
+    if (tp == sizeof(struct sockaddr_in6)) 
+    {
+        inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
+    } 
+    else if (tp == sizeof(struct sockaddr_in)) 
+    {
+        inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
+                ipbuf, sizeof(ipbuf));
+    } 
+    else 
+    {
+        *ipbuf = '\0';
+    }
+
+    addconnection(connfd, ipbuf, is_ssl);
+}
+
+#else
+void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in their_addr;
+    int tp = sizeof(struct sockaddr_in);
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+
+    if (connfd == -1) 
+        return;
+
+    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
+}
+#endif
+
+int openlistener(int port) 
+{
+    int sd;
+#ifdef WIN32
+    char tp=1;
+#else
+    int tp=1;
+#endif
+    struct sockaddr_in my_addr;
+
+    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    my_addr.sin_family = AF_INET;         // host byte order
+    my_addr.sin_port = htons((short)port);       // short, network byte order
+    my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
+    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
+
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    if (listen(sd, BACKLOG) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    return sd;
+}
+
+#ifdef HAVE_IPV6
+int openlistener6(int port) 
+{
+    int sd,tp;
+    struct sockaddr_in6 my_addr;
+
+    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin6_family = AF_INET6;
+    my_addr.sin6_port = htons(port);
+
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(my_addr)) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    if (listen(sd, BACKLOG) == -1)
+    {
+        close(sd);
+        return -1;
+    }
+
+    return sd;
+}
+#endif

From dabdec8fcc63694450e704b9cfb59886f75a06f3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 6 Dec 2006 02:20:00 +0000
Subject: [PATCH 042/301] added mime option to axhttpd. Improved cygwin library
 build

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@52 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile           |   7 +-
 config/linuxconfig |   1 +
 config/win32config |   1 +
 httpd/Config.in    |  11 ++
 httpd/Makefile     |  14 +--
 httpd/axhttp.h     |  18 +--
 httpd/main.c       | 266 ++++++++++++++++++++++++++++++++++++++++++++-
 httpd/mime_types.c |  18 +--
 httpd/net.c        | 176 ------------------------------
 httpd/proc.c       |  89 +++++++--------
 httpd/socket.c     | 129 ----------------------
 ssl/Makefile       |  13 ++-
 12 files changed, 357 insertions(+), 386 deletions(-)
 delete mode 100644 httpd/net.c
 delete mode 100644 httpd/socket.c

diff --git a/Makefile b/Makefile
index f4c2c86e8b..03a220e5fc 100644
--- a/Makefile
+++ b/Makefile
@@ -69,9 +69,10 @@ win32_demo:
 install: $(PREFIX) all
 	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
 	chmod 755 $(PREFIX)/lib/libax* 
-	-@install -m 755 $(STAGE)/ax* $(PREFIX)/bin > /dev/null 2>&1
-	-@install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` > /dev/null 2>&1
-	-@install -m 755 $(STAGE)/axhttpd* $(PREFIX)/bin > /dev/null 2>&1
+	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin > /dev/null 2>&1
+ifdef CONFIG_PERL_BINDINGS 
+	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` > /dev/null 2>&1
+endif
 
 installclean:
 	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
diff --git a/config/linuxconfig b/config/linuxconfig
index 44e5226ea8..00aaa90812 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -55,6 +55,7 @@ CONFIG_HTTP_CGI_EXTENSION=""
 # CONFIG_HTTP_DIRECTORIES is not set
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_ALL_MIME_TYPES=y
 # CONFIG_HTTP_VERBOSE is not set
 # CONFIG_HTTP_IS_DAEMON is not set
 
diff --git a/config/win32config b/config/win32config
index ed7efe96f4..a275fd2fb4 100644
--- a/config/win32config
+++ b/config/win32config
@@ -62,6 +62,7 @@ CONFIG_HTTP_CGI_EXTENSION=""
 CONFIG_HTTP_DIRECTORIES=y
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_ALL_MIME_TYPES=y
 CONFIG_HTTP_VERBOSE=y
 # CONFIG_HTTP_IS_DAEMON is not set
 
diff --git a/httpd/Config.in b/httpd/Config.in
index f720e4eea1..8d1000e026 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -88,6 +88,17 @@ config CONFIG_HTTP_HAS_IPV6
     
         Does not work under Win32
 
+config CONFIG_HTTP_ALL_MIME_TYPES
+    bool "Use all mime types"
+    default y if CONFIG_SSL_FULL_MODE
+    default n if !CONFIG_SSL_FULL_MODE
+    help
+        Use the full list of supported mime types.
+
+        Use this option if a "generic" webserver is used. However if it is
+        using only web pages (html, jpg, gif, png, css) then select this
+        option.
+
 config CONFIG_HTTP_VERBOSE
     bool "Verbose Mode"
     default y if CONFIG_SSL_FULL_MODE
diff --git a/httpd/Makefile b/httpd/Makefile
index b676c8f9e4..1b57b3c803 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -47,7 +47,7 @@ LIBS=../$(STAGE)/axtls.lib ..\\config\\axtls.res
 endif
 endif
 
-ifndef CONFIG_AWHTTPD
+ifndef CONFIG_AXHTTPD
 web_server:
 else
 
@@ -56,18 +56,13 @@ web_server : $(TARGET)
 OBJ= \
 	conn.o \
 	main.o \
-	net.o \
 	proc.o \
-	socket.o \
 	misc.o \
 	mime_types.o
 
 ifndef CONFIG_PLATFORM_WIN32
 
-$(TARGET): $(OBJ)
-ifdef CONFIG_HTTP_NO_SSL
-	$(LD) $(LDFLAGS) -o $@ $(OBJ)
-endif
+$(TARGET): $(OBJ) ../$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
 ifndef CONFIG_DEBUG
 ifndef CONFIG_PLATFORM_SOLARIS
@@ -77,13 +72,10 @@ endif
 else    # Win32
 
 $(TARGET): $(OBJ)
-ifdef CONFIG_HTTP_NO_SSL
-	$(LD) $(LDFLAGS) /out:$@ $(OBJ)
-endif
 	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
 endif
 
-endif       # CONFIG_AWHTTPD
+endif       # CONFIG_AXHTTPD
 
 clean::
 	-@rm -f $(TARGET)*
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 7af635a715..d4e62f6166 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -20,7 +20,7 @@
 #include "ssl.h"
 
 #define BACKLOG 15
-#define VERSION "3.0.7"
+#define VERSION "1.0.0"
 #ifdef CONFIG_HTTP_HAS_IPV6
 #define HAVE_IPV6
 #endif
@@ -47,10 +47,8 @@
 struct connstruct 
 {
     struct connstruct *next;
-
     int state;
     int reqtype;
-
     int networkdesc;
     int filedesc;
 
@@ -73,7 +71,6 @@ struct connstruct
     char cgipathinfo[MAXREQUESTLENGTH];
 #endif
     char virtualhostreq[MAXREQUESTLENGTH];
-
     int numbytes;
     char databuf[BLOCKSIZE];
 
@@ -90,11 +87,13 @@ struct serverstruct
     SSLCTX *ssl_ctx;
 };
 
+#if defined(CONFIG_HTTP_HAS_CGI)
 struct cgiextstruct 
 {
     struct cgiextstruct *next;
     char *ext;
 };
+#endif
 
 struct indexstruct 
 {
@@ -106,7 +105,9 @@ struct indexstruct
 extern struct serverstruct *servers;
 extern struct connstruct *usedconns;
 extern struct connstruct *freeconns;
+#if defined(CONFIG_HTTP_HAS_CGI)
 extern struct cgiextstruct *cgiexts;
+#endif
 extern struct indexstruct *indexlist;
 
 // Conf global prototypes
@@ -129,15 +130,6 @@ void procreadfile(struct connstruct *cn);
 void procsendfile(struct connstruct *cn);
 int special_write(struct connstruct *cn, const uint8_t *buf, size_t count);
 
-// net.c prototypes
-void addtoservers(int sd);
-void selectloop(void);
-
-// socket.c prototypes
-void handlenewconnection(int listenfd, int is_ssl);
-int openlistener(int port);
-int openlistener6(int port);
-
 // misc.c prototypes
 void nada(int sigtype);
 void die(int sigtype);
diff --git a/httpd/main.c b/httpd/main.c
index d3e5e1aed8..8254d3c540 100644
--- a/httpd/main.c
+++ b/httpd/main.c
@@ -33,7 +33,12 @@ struct cgiextstruct *cgiexts;
 struct indexstruct *indexlist;
 
 char *webroot = CONFIG_HTTP_WEBROOT;
+
 static void addindex(char *tp);
+static void addtoservers(int sd);
+static void selectloop(void);
+static int openlistener(int port);
+static void handlenewconnection(int listenfd, int is_ssl);
 #if defined(CONFIG_HTTP_PERM_CHECK)
 static void procpermcheck(char *pathtocheck);
 #endif
@@ -123,7 +128,7 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    if ((tp=openlistener(CONFIG_HTTP_PORT)) == -1) 
+    if ((tp = openlistener(CONFIG_HTTP_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
         fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
@@ -143,7 +148,7 @@ int main(int argc, char *argv[])
     }
 #endif
 
-    if ((tp=openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
+    if ((tp = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
         fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", 
@@ -321,3 +326,260 @@ static void addcgiext(char *tp)
 }
 #endif
 
+static void addtoservers(int sd) 
+{
+    struct serverstruct *tp = (struct serverstruct *)
+                            calloc(1, sizeof(struct serverstruct));
+    tp->next = servers;
+    tp->sd = sd;
+    servers = tp;
+}
+
+static void selectloop(void) 
+{
+    fd_set rfds, wfds;
+    struct connstruct *tp, *to;
+    struct serverstruct *sp;
+    int rnum, wnum, active;
+    int currtime;
+
+    while (1)
+    {   
+        // MAIN SELECT LOOP
+        FD_ZERO(&rfds);
+        FD_ZERO(&wfds);
+        rnum = wnum = -1;
+
+        // Add the listening sockets
+        sp = servers;
+        while (sp != NULL) 
+        {
+            FD_SET(sp->sd, &rfds);
+            if (sp->sd > rnum) rnum = sp->sd;
+            sp = sp->next;
+        }
+
+        // Add the established sockets
+        tp = usedconns;
+        currtime = time(NULL);
+
+        while (tp != NULL) 
+        {
+            if (currtime > tp->timeout) 
+            {
+                to = tp;
+                tp = tp->next;
+                removeconnection(to);
+                continue;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &rfds);
+                if (tp->networkdesc > rnum) 
+                    rnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_FILE) 
+            {
+                FD_SET(tp->filedesc, &rfds);
+                if (tp->filedesc > rnum) 
+                    rnum = tp->filedesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_FILE) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (tp->state == STATE_DOING_DIR) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+#endif
+            tp = tp->next;
+        }
+
+        active = select(wnum > rnum ? wnum+1 : rnum+1,
+                rnum != -1 ? &rfds : NULL,
+                wnum != -1 ? &wfds : NULL,
+                NULL, NULL);
+
+        // Handle the listening sockets
+        sp = servers;
+        while (active > 0 && sp != NULL) 
+        {
+            if (FD_ISSET(sp->sd, &rfds)) 
+            {
+                handlenewconnection(sp->sd, sp->is_ssl);
+                active--;
+            }
+
+            sp = sp->next;
+        }
+
+        // Handle the established sockets
+        tp = usedconns;
+
+        while (active > 0 && tp != NULL) 
+        {
+            to = tp;
+            tp = tp->next;
+
+            if (to->state == STATE_WANT_TO_READ_HEAD)
+                if (FD_ISSET(to->networkdesc, &rfds)) 
+                {
+                    active--;
+                    procreadhead(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_SEND_HEAD)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procsendhead(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_READ_FILE)
+                if (FD_ISSET(to->filedesc, &rfds)) 
+                {
+                    active--;
+                    procreadfile(to);
+                } 
+
+            if (to->state == STATE_WANT_TO_SEND_FILE)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procsendfile(to);
+                }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (to->state == STATE_DOING_DIR)
+                if (FD_ISSET(to->networkdesc, &wfds)) 
+                {
+                    active--;
+                    procdodir(to);
+                }
+#endif
+        }
+    }  // MAIN SELECT LOOP
+}
+
+#ifdef HAVE_IPV6
+static void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in6 their_addr;
+    int tp = sizeof(their_addr);
+    char ipbuf[100];
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+
+    if (connfd == -1) 
+        return;
+
+    if (tp == sizeof(struct sockaddr_in6)) 
+    {
+        inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
+    } 
+    else if (tp == sizeof(struct sockaddr_in)) 
+    {
+        inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
+                ipbuf, sizeof(ipbuf));
+    } 
+    else 
+    {
+        *ipbuf = '\0';
+    }
+
+    addconnection(connfd, ipbuf, is_ssl);
+}
+
+#else
+static void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in their_addr;
+    int tp = sizeof(struct sockaddr_in);
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+
+    if (connfd == -1) 
+        return;
+
+    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
+}
+#endif
+
+static int openlistener(int port) 
+{
+    int sd;
+#ifdef WIN32
+    char tp=1;
+#else
+    int tp=1;
+#endif
+    struct sockaddr_in my_addr;
+
+    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    my_addr.sin_family = AF_INET;         // host byte order
+    my_addr.sin_port = htons((short)port);       // short, network byte order
+    my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
+    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
+
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    if (listen(sd, BACKLOG) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    return sd;
+}
+
+#ifdef HAVE_IPV6
+static int openlistener6(int port) 
+{
+    int sd,tp;
+    struct sockaddr_in6 my_addr;
+
+    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin6_family = AF_INET6;
+    my_addr.sin6_port = htons(port);
+
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(my_addr)) == -1) 
+    {
+        close(sd);
+        return -1;
+    }
+
+    if (listen(sd, BACKLOG) == -1)
+    {
+        close(sd);
+        return -1;
+    }
+
+    return sd;
+}
+#endif
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
index 5bc959be4c..f6576f4c57 100644
--- a/httpd/mime_types.c
+++ b/httpd/mime_types.c
@@ -35,19 +35,23 @@ static mime_table_t mime_table[] =
     // Fundamentals
     { ".html", "text/html" },
     { ".htm", "text/html" },
-    { ".txt", "text/plain" },
+    { ".css", "text/css" },
 
-    // Others
+    // Basic graphics
+    { ".jpg", "image/jpeg" },
+    { ".gif", "image/gif" },
+    { ".png", "image/png" },
+
+#ifdef CONFIG_HTTP_ALL_MIME_TYPES
+    // This list is a bit expensive to maintain normally, so it's an option.
+    { ".txt", "text/plain" },
     { ".rtx", "text/richtext" },
     { ".etx", "text/x-setext" },
     { ".tsv", "text/tab-separated-values" },
-    { ".css", "text/css" },
     { ".xml", "text/xml" },
     { ".dtd", "text/xml" },
-    { ".gif", "image/gif" },
-    { ".jpg", "image/jpeg" },
-    { ".jpeg", "image/jpeg" },
     { ".jpe", "image/jpeg" },
+    { ".jpeg", "image/jpeg" },
     { ".jfif", "image/jpeg" },
     { ".tif", "image/tiff" },
     { ".tiff", "image/tiff" },
@@ -59,7 +63,6 @@ static mime_table_t mime_table[] =
     { ".xpm", "image/x-xpixmap" },
     { ".xwd", "image/x-xwindowdump" },
     { ".ief", "image/ief" },
-    { ".png", "image/png" },
     { ".au", "audio/basic" },
     { ".snd", "audio/basic" },
     { ".aif", "audio/x-aiff" },
@@ -159,6 +162,7 @@ static mime_table_t mime_table[] =
     { ".tar.gz", "application/x-gzip" },
     { ".bz2", "application/x-bzip2" },
     { ".zip", "application/zip" }
+#endif
 };
 
 static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
diff --git a/httpd/net.c b/httpd/net.c
deleted file mode 100644
index dd325a61d4..0000000000
--- a/httpd/net.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <time.h>
-#include <string.h>
-#include <stdlib.h>
-#include "axhttp.h"
-
-void addtoservers(int sd) 
-{
-    struct serverstruct *tp = (struct serverstruct *)
-                            calloc(1, sizeof(struct serverstruct));
-    tp->next = servers;
-    tp->sd = sd;
-    servers = tp;
-}
-
-void selectloop() 
-{
-    fd_set rfds, wfds;
-    struct connstruct *tp, *to;
-    struct serverstruct *sp;
-    int rnum, wnum, active;
-    int currtime;
-
-    while (1)
-    {   
-        // MAIN SELECT LOOP
-        FD_ZERO(&rfds);
-        FD_ZERO(&wfds);
-        rnum = wnum = -1;
-
-        // Add the listening sockets
-        sp = servers;
-        while (sp != NULL) 
-        {
-            FD_SET(sp->sd, &rfds);
-            if (sp->sd > rnum) rnum = sp->sd;
-            sp = sp->next;
-        }
-
-        // Add the established sockets
-        tp = usedconns;
-        currtime = time(NULL);
-
-        while (tp != NULL) 
-        {
-            if (currtime > tp->timeout) 
-            {
-                to = tp;
-                tp = tp->next;
-                removeconnection(to);
-                continue;
-            }
-
-            if (tp->state == STATE_WANT_TO_READ_HEAD) 
-            {
-                FD_SET(tp->networkdesc, &rfds);
-                if (tp->networkdesc > rnum) 
-                    rnum = tp->networkdesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_SEND_HEAD) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_READ_FILE) 
-            {
-                FD_SET(tp->filedesc, &rfds);
-                if (tp->filedesc > rnum) 
-                    rnum = tp->filedesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_SEND_FILE) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            if (tp->state == STATE_DOING_DIR) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-#endif
-            tp = tp->next;
-        }
-
-        active = select(wnum > rnum ? wnum+1 : rnum+1,
-                rnum != -1 ? &rfds : NULL,
-                wnum != -1 ? &wfds : NULL,
-                NULL, NULL);
-
-        // Handle the listening sockets
-        sp = servers;
-        while (active > 0 && sp != NULL) 
-        {
-            if (FD_ISSET(sp->sd, &rfds)) 
-            {
-                handlenewconnection(sp->sd, sp->is_ssl);
-                active--;
-            }
-
-            sp = sp->next;
-        }
-
-        // Handle the established sockets
-        tp = usedconns;
-
-        while (active > 0 && tp != NULL) 
-        {
-            to = tp;
-            tp = tp->next;
-
-            if (to->state == STATE_WANT_TO_READ_HEAD)
-                if (FD_ISSET(to->networkdesc, &rfds)) 
-                {
-                    active--;
-                    procreadhead(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_SEND_HEAD)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procsendhead(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_READ_FILE)
-                if (FD_ISSET(to->filedesc, &rfds)) 
-                {
-                    active--;
-                    procreadfile(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_SEND_FILE)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procsendfile(to);
-                }
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            if (to->state == STATE_DOING_DIR)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procdodir(to);
-                }
-#endif
-        }
-    }  // MAIN SELECT LOOP
-}
diff --git a/httpd/proc.c b/httpd/proc.c
index 3eb164f006..88c7fbab68 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -31,9 +31,11 @@ static void send301(struct connstruct *cn);
 static void send404(struct connstruct *cn);
 static int procindex(struct connstruct *cn, struct stat *stp);
 static int hexit(char c);
-static void urlencode(unsigned char *s, unsigned char *t);
 static void urldecode(char *buf);
 
+#if defined(CONFIG_HTTP_DIRECTORIES)
+static void urlencode(unsigned char *s, unsigned char *t);
+#endif
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo);
 #endif
@@ -206,6 +208,35 @@ void procdodir(struct connstruct *cn)
     } 
     while (issockwriteable(cn->networkdesc));
 }
+
+/* Encode funny chars -> %xx in newly allocated storage */
+/* (preserves '/' !) */
+static void urlencode(unsigned char *s, unsigned char *t) 
+{
+    uint8_t *p, *tp;
+
+    tp =t ;
+
+    for (p=s; *p; p++) 
+    {
+        if ((*p > 0x00 && *p < ',') ||
+                (*p > '9' && *p < 'A') ||
+                (*p > 'Z' && *p < '_') ||
+                (*p > '_' && *p < 'a') ||
+                (*p > 'z' && *p < 0xA1)) {
+            sprintf((char *)tp, "%%%02X", *p);
+            tp += 3; 
+        } 
+        else 
+        {
+            *tp = *p;
+            tp++;
+        }
+    }
+
+    *tp='\0';
+}
+
 #endif
 
 void procreadhead(struct connstruct *cn) 
@@ -529,20 +560,6 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
     return res;
 }
 
-static void send301(struct connstruct *cn)
-{
-    char buf[2048];
-    sprintf(buf, "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
-    special_write(cn, buf, strlen(buf));
-}
-
-static void send404(struct connstruct *cn)
-{
-    char buf[1024];
-    sprintf(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n</BODY></HTML>\n");
-    special_write(cn, buf, strlen(buf));
-}
-
 // Returns 0 if no index was found and doesn't modify cn->actualfile
 // Returns 1 if an index was found and puts the index in cn->actualfile
 //              and puts its stat info into stp
@@ -701,34 +718,6 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 }
 #endif  /* CONFIG_HTTP_HAS_CGI */
 
-/* Encode funny chars -> %xx in newly allocated storage */
-/* (preserves '/' !) */
-static void urlencode(unsigned char *s, unsigned char *t) 
-{
-    uint8_t *p, *tp;
-
-    tp =t ;
-
-    for (p=s; *p; p++) 
-    {
-        if ((*p > 0x00 && *p < ',') ||
-                (*p > '9' && *p < 'A') ||
-                (*p > 'Z' && *p < '_') ||
-                (*p > '_' && *p < 'a') ||
-                (*p > 'z' && *p < 0xA1)) {
-            sprintf((char *)tp, "%%%02X", *p);
-            tp += 3; 
-        } 
-        else 
-        {
-            *tp = *p;
-            tp++;
-        }
-    }
-
-    *tp='\0';
-}
-
 /* Decode string %xx -> char (in place) */
 static void urldecode(char *buf) 
 {
@@ -778,3 +767,17 @@ static int hexit(char c)
     return 0;
 }
 
+static void send301(struct connstruct *cn)
+{
+    char buf[2048];
+    snprintf(buf, sizeof(buf), "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
+    special_write(cn, buf, strlen(buf));
+}
+
+static void send404(struct connstruct *cn)
+{
+    char buf[1024];
+    sprintf(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n</BODY></HTML>\n");
+    special_write(cn, buf, strlen(buf));
+}
+
diff --git a/httpd/socket.c b/httpd/socket.c
deleted file mode 100644
index e7faa78e8b..0000000000
--- a/httpd/socket.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <string.h>
-#include "axhttp.h"
-
-#ifdef HAVE_IPV6
-
-void handlenewconnection(int listenfd, int is_ssl) 
-{
-    struct sockaddr_in6 their_addr;
-    int tp = sizeof(their_addr);
-    char ipbuf[100];
-    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
-
-    if (connfd == -1) 
-        return;
-
-    if (tp == sizeof(struct sockaddr_in6)) 
-    {
-        inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
-    } 
-    else if (tp == sizeof(struct sockaddr_in)) 
-    {
-        inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
-                ipbuf, sizeof(ipbuf));
-    } 
-    else 
-    {
-        *ipbuf = '\0';
-    }
-
-    addconnection(connfd, ipbuf, is_ssl);
-}
-
-#else
-void handlenewconnection(int listenfd, int is_ssl) 
-{
-    struct sockaddr_in their_addr;
-    int tp = sizeof(struct sockaddr_in);
-    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
-
-    if (connfd == -1) 
-        return;
-
-    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
-}
-#endif
-
-int openlistener(int port) 
-{
-    int sd;
-#ifdef WIN32
-    char tp=1;
-#else
-    int tp=1;
-#endif
-    struct sockaddr_in my_addr;
-
-    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
-        return -1;
-
-    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    my_addr.sin_family = AF_INET;         // host byte order
-    my_addr.sin_port = htons((short)port);       // short, network byte order
-    my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
-    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
-
-    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) 
-    {
-        close(sd);
-        return -1;
-    }
-
-    if (listen(sd, BACKLOG) == -1) 
-    {
-        close(sd);
-        return -1;
-    }
-
-    return sd;
-}
-
-#ifdef HAVE_IPV6
-int openlistener6(int port) 
-{
-    int sd,tp;
-    struct sockaddr_in6 my_addr;
-
-    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
-        return -1;
-
-    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    memset(&my_addr, 0, sizeof(my_addr));
-    my_addr.sin6_family = AF_INET6;
-    my_addr.sin6_port = htons(port);
-
-    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(my_addr)) == -1) 
-    {
-        close(sd);
-        return -1;
-    }
-
-    if (listen(sd, BACKLOG) == -1)
-    {
-        close(sd);
-        return -1;
-    }
-
-    return sd;
-}
-#endif
diff --git a/ssl/Makefile b/ssl/Makefile
index 61864a5b72..28a900a21c 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -31,7 +31,9 @@ endif
 ifndef CONFIG_PLATFORM_WIN32
 TARGET1=../$(STAGE)/libaxtls.a
 BASETARGET=libaxtls.so
-TARGET2=../$(STAGE)/$(BASETARGET)
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET2=../$(STAGE)/libaxtls.dll.a
+endif
 
 # shared library major/minor numbers
 LIBMAJOR=$(BASETARGET).1
@@ -72,8 +74,15 @@ $(TARGET1) : $(OBJ)
 	$(AR) -r $@ $(OBJ)
 
 $(TARGET2) : $(OBJ)
-	$(LD) $(LDFLAGS) -Wl,-soname,$(LIBMAJOR) $(LDSHARED) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
+ifndef CONFIG_PLATFORM_CYGWIN
+	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
 	cd ../$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
+else
+	$(LD) $(LDFLAGS) $(LDSHARED) -o ../$(STAGE)/cygaxtls.dll \
+    -Wl,--out-implib=../$(STAGE)/libaxtls.dll.a \
+    -Wl,--export-all-symbols \
+    -Wl,--enable-auto-import $(OBJ)
+endif
 
 else  # Win32
 

From ce893c517d7d6257f61bb19b6822dae19e66908e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 7 Dec 2006 20:33:16 +0000
Subject: [PATCH 043/301] lots of changes for axhttpd

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@53 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Makefile         |   5 +-
 httpd/README           |   6 +-
 httpd/axhttp.h         |  38 +---
 httpd/conn.c           |  26 +--
 httpd/main.c           | 501 ++++++++++++++++++-----------------------
 httpd/proc.c           | 441 ++++++++++++++++++++++--------------
 www/index.html         | 344 +++++++++++++++++-----------
 www/test_dir/health.sh |   2 +-
 8 files changed, 728 insertions(+), 635 deletions(-)

diff --git a/httpd/Makefile b/httpd/Makefile
index 1b57b3c803..a6023e7760 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -57,7 +57,6 @@ OBJ= \
 	conn.o \
 	main.o \
 	proc.o \
-	misc.o \
 	mime_types.o
 
 ifndef CONFIG_PLATFORM_WIN32
@@ -71,6 +70,10 @@ endif
 endif
 else    # Win32
 
+OBJ:=$(OBJ:.o=.obj)
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+
 $(TARGET): $(OBJ)
 	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
 endif
diff --git a/httpd/README b/httpd/README
index cb42bfd66f..ba11528b02 100644
--- a/httpd/README
+++ b/httpd/README
@@ -1,6 +1,6 @@
 
-axhttpd is a small embedded web server using the axTLS library. 
+axhttpd is a small embedded web server using the axTLS library.
 
-It is based quite closely on the web server written by Doug Currie (original
-version is here: http://www.hcsw.org/awhttpd).
+It is based originally on the web server written by Doug Currie and is at:
+http://www.hcsw.org/awhttpd).
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index d4e62f6166..06057d215f 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -74,9 +74,9 @@ struct connstruct
     int numbytes;
     char databuf[BLOCKSIZE];
 
-    unsigned char is_ssl;
-    unsigned char close_when_done;
-    unsigned char modified_since;
+    uint8_t is_ssl;
+    uint8_t close_when_done;
+    uint8_t modified_since;
 };
 
 struct serverstruct 
@@ -95,12 +95,6 @@ struct cgiextstruct
 };
 #endif
 
-struct indexstruct 
-{
-    struct indexstruct *next;
-    char *name;
-};
-
 // Global prototypes
 extern struct serverstruct *servers;
 extern struct connstruct *usedconns;
@@ -108,49 +102,25 @@ extern struct connstruct *freeconns;
 #if defined(CONFIG_HTTP_HAS_CGI)
 extern struct cgiextstruct *cgiexts;
 #endif
-extern struct indexstruct *indexlist;
 
 // Conf global prototypes
 extern char *webroot;
-extern int allowdirectorylisting;
-extern int allowcgi;
-extern int permcheck;
 
 // conn.c prototypes
 void addconnection(int sd, char *ip, int is_ssl);
 void removeconnection(struct connstruct *cn);
 
 // proc.c prototypes
-int procheadelem(struct connstruct *cn, char *buf);
-void procdirlisting(struct connstruct *cn);
 void procdodir(struct connstruct *cn);
 void procreadhead(struct connstruct *cn);
 void procsendhead(struct connstruct *cn);
 void procreadfile(struct connstruct *cn);
 void procsendfile(struct connstruct *cn);
-int special_write(struct connstruct *cn, const uint8_t *buf, size_t count);
 
 // misc.c prototypes
-void nada(int sigtype);
-void die(int sigtype);
-void reaper(int sigtype);
-void stripcrlf(char *p);
 char *my_strncpy(char *dest, const char *src, size_t n);
-#ifndef __HAVE_ARCH_STRNLEN
-size_t strnlen ( const char * str, size_t maxlen );
-#endif
-int iscgi(char *fn);
-void split(char *tp, char *sp[], int maxwords, char sc);
-int sanitizefile(char *buf);
-int sanitizehost(char *buf);
-void buildactualfile(struct connstruct *cn);
-int issockwriteable(int sd);
-int isdir(char *name);
-int trycgi_withpathinfo(struct connstruct *cn);
+int isdir(const char *name);
 
 // mime_types.c prototypes
 void mime_init(void);
 const char *getmimetype(const char *fn);
-
-// main.c prototypes
-void initlists(void);
diff --git a/httpd/conn.c b/httpd/conn.c
index a36271709f..2cbffec2d7 100644
--- a/httpd/conn.c
+++ b/httpd/conn.c
@@ -27,9 +27,7 @@ void addconnection(int sd, char *ip, int is_ssl)
 
     // Get ourselves a connstruct
     if (freeconns == NULL) 
-    {
-        tp = (struct connstruct *) malloc(sizeof(struct connstruct));
-    } 
+        tp = (struct connstruct *)malloc(sizeof(struct connstruct));
     else 
     {
         tp = freeconns;
@@ -39,23 +37,21 @@ void addconnection(int sd, char *ip, int is_ssl)
     // Attach it to the used list
     tp->next = usedconns;
     usedconns = tp;
-
     tp->networkdesc = sd;
+
     if (is_ssl)
         ssl_server_new(servers->ssl_ctx, sd);
+    tp->is_ssl = is_ssl;
     tp->filedesc = -1;
 #if defined(CONFIG_HTTP_HAS_DIRECTORIES)
     tp->dirp = NULL;
 #endif
-    tp->is_ssl = is_ssl;
-
     *(tp->actualfile) = '\0';
     *(tp->filereq) = '\0';
 #if defined(CONFIG_HTTP_HAS_CGI)
     *(tp->cgiargs) = '\0';
 #endif
     *(tp->virtualhostreq) = '\0';
-
     tp->state = STATE_WANT_TO_READ_HEAD;
     tp->reqtype = TYPE_GET;
     my_strncpy(tp->ip, ip, MAXIPLEN);
@@ -67,27 +63,27 @@ void addconnection(int sd, char *ip, int is_ssl)
 void removeconnection(struct connstruct *cn) 
 {
     struct connstruct *tp;
-    int shouldret=0;
+    int shouldret = 0;
 
     tp = usedconns;
 
     if (tp == NULL || cn == NULL) 
-        shouldret=1;
+        shouldret = 1;
     else if (tp == cn) 
         usedconns = tp->next;
     else 
     {
-        while(tp != NULL) 
+        while (tp != NULL) 
         {
             if (tp->next == cn) 
             {
                 tp->next = (tp->next)->next;
-                shouldret=0;
+                shouldret = 0;
                 break;
             }
 
             tp = tp->next;
-            shouldret=1;
+            shouldret = 1;
         }
     }
 
@@ -102,14 +98,14 @@ void removeconnection(struct connstruct *cn)
     if (cn->networkdesc != -1) 
     {
         if (cn->is_ssl) 
-        {
             ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
-        }
 
         SOCKET_CLOSE(cn->networkdesc);
     }
 
-    if (cn->filedesc != -1) close(cn->filedesc);
+    if (cn->filedesc != -1) 
+        close(cn->filedesc);
+
 #if defined(CONFIG_HTTP_HAS_DIRECTORIES)
     if (cn->dirp != NULL) 
 #ifdef WIN32
diff --git a/httpd/main.c b/httpd/main.c
index 8254d3c540..da26086529 100644
--- a/httpd/main.c
+++ b/httpd/main.c
@@ -27,23 +27,25 @@
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
-#if defined(CONFIG_HTTP_HAS_CGI)
-struct cgiextstruct *cgiexts;
-#endif
-struct indexstruct *indexlist;
-
 char *webroot = CONFIG_HTTP_WEBROOT;
 
-static void addindex(char *tp);
 static void addtoservers(int sd);
-static void selectloop(void);
 static int openlistener(int port);
 static void handlenewconnection(int listenfd, int is_ssl);
 #if defined(CONFIG_HTTP_PERM_CHECK)
-static void procpermcheck(char *pathtocheck);
+static void procpermcheck(const char *pathtocheck);
 #endif
+
 #if defined(CONFIG_HTTP_HAS_CGI)
+struct cgiextstruct *cgiexts;
 static void addcgiext(char *tp);
+
+#if !defined(WIN32)
+static void reaper(int sigtype) 
+{
+    wait3(NULL, WNOHANG, NULL);
+}
+#endif
 #endif
 
 /* clean up memory for valgrind */
@@ -53,7 +55,7 @@ static void sigint_cleanup(int sig)
     struct connstruct *tp;
     int i;
 
-    while(servers != NULL) 
+    while (servers != NULL) 
     {
         if (servers->is_ssl)
             ssl_ctx_free(servers->ssl_ctx);
@@ -63,9 +65,6 @@ static void sigint_cleanup(int sig)
         servers = sp;
     }
 
-    free(indexlist->name);
-    free(indexlist);
-
     for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
     {
         if (freeconns == NULL)
@@ -79,46 +78,52 @@ static void sigint_cleanup(int sig)
     exit(0);
 }
 
-void initlists() 
+static void die(int sigtype) 
 {
-    int i;
-    struct connstruct *tp;
-
-    servers = NULL;
-    usedconns = NULL;
-    freeconns = NULL;
-#if defined(CONFIG_HTTP_HAS_CGI)
-    cgiexts = NULL;
-#endif
-    indexlist = NULL;
-
-    for (i=0; i<INITIAL_CONNECTION_SLOTS; i++) 
-    {
-        tp = freeconns;
-        freeconns = (struct connstruct *) calloc(1, sizeof(struct connstruct));
-        freeconns->next = tp;
-    }
+    exit(0);
 }
 
 int main(int argc, char *argv[]) 
 {
-    int tp;
-#if defined(CONFIG_HTTP_IS_DAEMON)
-    int pid;
-#endif
+    fd_set rfds, wfds;
+    struct connstruct *tp, *to;
+    struct serverstruct *sp;
+    int rnum, wnum, active;
+    int webrootlen, i;
+    time_t currtime;
 
 #ifdef WIN32
-    WORD wVersionRequested = MAKEWORD(2,2);
+    WORD wVersionRequested = MAKEWORD(2, 2);
     WSADATA wsaData;
     WSAStartup(wVersionRequested,&wsaData);
-#endif
+#else
+    if (getuid() == 0)  // change our uid if we are root
+    {
+        setgid(32767);
+        setuid(32767);
+    }
 
+    signal(SIGQUIT, die);
+    signal(SIGPIPE, SIG_IGN);
+#if defined(CONFIG_HTTP_HAS_CGI)
+    signal(SIGCHLD, reaper);
+#endif
+#endif
+    signal(SIGINT, sigint_cleanup);
+    signal(SIGTERM, die);
     mime_init();
-    initlists();
-    tp = strlen(webroot);
 
-    if (webroot[tp-1] == '/') 
-        webroot[tp-1] = '\0';
+    for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
+    {
+        tp = freeconns;
+        freeconns = (struct connstruct *)calloc(1, sizeof(struct connstruct));
+        freeconns->next = tp;
+    }
+
+    webrootlen = strlen(webroot);
+
+    if (webroot[webrootlen-1] == '/') 
+        webroot[webrootlen-1] = '\0';
 
     if (isdir(webroot) == 0) 
     {
@@ -128,38 +133,29 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    if ((tp = openlistener(CONFIG_HTTP_PORT)) == -1) 
+    if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n",
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n",
                 CONFIG_HTTP_PORT);
 #endif
         exit(1);
     }
 
-    addindex("index.html");
-    addtoservers(tp);
-
-#ifndef WIN32
-    if (getuid() == 0)
-    {
-        setgid(32767);
-        setuid(32767);
-    }
-#endif
+    addtoservers(active);
 
-    if ((tp = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
+    if ((active = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d (IPv4)\n", 
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n", 
                 CONFIG_HTTP_HTTPS_PORT);
 #endif
         exit(1);
     }
 
-    addtoservers(tp);
+    addtoservers(active);
     servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
-            CONFIG_HTTP_SESSION_CACHE_SIZE);
+                                CONFIG_HTTP_SESSION_CACHE_SIZE);
     servers->is_ssl = 1;
 
 #if defined(CONFIG_HTTP_PERM_CHECK) 
@@ -173,189 +169,27 @@ int main(int argc, char *argv[])
             CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
     TTY_FLUSH();
 #endif
-
 #if defined(CONFIG_HTTP_IS_DAEMON)
-    pid = fork();
-
-    if (pid > 0) 
-    {
+    if (fork() > 0)  /* parent will die */
         exit(0);
-    } 
-    else if(pid == -1) 
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr,"axhttpd: Sorry, fork failed... Tough dice.\n");
-#endif
-        exit(1);
-    }
 
     setsid();
 #endif
 
-    /* SIGNALS */
-    signal(SIGINT, sigint_cleanup);
-    signal(SIGTERM, die);
-#if defined(CONFIG_HTTP_HAS_CGI)
-#ifndef WIN32
-    signal(SIGCHLD, reaper);
-#endif
-#endif
-#ifndef WIN32
-    signal(SIGQUIT, die);
-    signal(SIGPIPE, SIG_IGN);
-#endif
-
-    selectloop();
-    return 0;
-}
-
-static void addindex(char *tp) 
-{
-    struct indexstruct *ex = (struct indexstruct *)
-                        malloc(sizeof(struct indexstruct));
-    ex->name = strdup(tp);
-    ex->next = indexlist;
-    indexlist = ex;
-}
-
-#if defined(CONFIG_HTTP_PERM_CHECK)
-static void procpermcheck(char *pathtocheck) 
-{
-    char thepath[MAXREQUESTLENGTH];
-#ifndef WIN32
-    DIR *tpdir;
-    struct dirent *dp;
-
-    tpdir = opendir(pathtocheck);
-
-    if (tpdir == NULL) 
-    {
-        printf("WARNING: UID (%d) is unable to read %s\n", 
-                (int)getuid(), pathtocheck);
-        return;
-    }
-
-    while ((dp=readdir(tpdir))) 
-    {
-        if (strcmp(dp->d_name, "..")==0) 
-            continue;
-
-        if (strcmp(dp->d_name, ".")==0) 
-            continue;
-
-        snprintf(thepath, sizeof(thepath), "%s/%s", pathtocheck, dp->d_name);
-
-        if (isdir(thepath)) 
-        {
-            procpermcheck(thepath);
-            continue;
-        }
-
-        if (access(thepath, R_OK) != 0)
-            printf("WARNING: UID (%d) is unable to read %s\n", 
-                                (int)getuid(), thepath);
-        if (access(thepath, W_OK) == 0)
-            printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n", 
-                                (int)getuid(), thepath);
-    }
-
-    closedir(tpdir);
-#else   /* Win32 */
-    HANDLE tpdir;
-    WIN32_FIND_DATA file_data;
-    struct stat st;
-    char buf2[1024];
-
-    strcpy(buf2, pathtocheck);
-    strcat(buf2, "\\*");
-    tpdir = FindFirstFile(buf2, &file_data);
-
-    if (tpdir == INVALID_HANDLE_VALUE) 
-    {
-        printf("WARNING: unable to read %s\n", buf2);
-        TTY_FLUSH();
-        return;
-    }
-
-    while (FindNextFile(tpdir, &file_data)) 
-    {
-        if (strcmp(file_data.cFileName, "..") == 0) 
-            continue;
-
-        if (strcmp(file_data.cFileName, ".") == 0) 
-            continue;
-
-        snprintf(thepath, sizeof(thepath), "%s\\%s", 
-                pathtocheck, file_data.cFileName);
-
-        if (isdir(thepath)) 
-        {
-            procpermcheck(thepath);
-            continue;
-        }
-
-        if (stat(thepath, &st) >= 0) 
-        {
-            if ((st.st_mode & _S_IREAD) == 0) 
-            {
-                printf("WARNING: unable to read %s\n", thepath);
-                TTY_FLUSH();
-            }
-
-            if (st.st_mode & _S_IWRITE) 
-            {
-                printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
-                TTY_FLUSH();
-            }
-        }
-    }
-
-    FindClose(tpdir);
-#endif
-}
-#endif  /* CONFIG_HTTP_PERM_CHECK */
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-static void addcgiext(char *tp)
-{
-    struct cgiextstruct *ex = (struct cgiextstruct *)
-                        malloc(sizeof(struct cgiextstruct));
-    ex->ext = strdup(tp);
-    ex->next = cgiexts;
-    cgiexts = ex;
-}
-#endif
-
-static void addtoservers(int sd) 
-{
-    struct serverstruct *tp = (struct serverstruct *)
-                            calloc(1, sizeof(struct serverstruct));
-    tp->next = servers;
-    tp->sd = sd;
-    servers = tp;
-}
-
-static void selectloop(void) 
-{
-    fd_set rfds, wfds;
-    struct connstruct *tp, *to;
-    struct serverstruct *sp;
-    int rnum, wnum, active;
-    int currtime;
-
+    // main loop
     while (1)
-    {   
-        // MAIN SELECT LOOP
+    {
         FD_ZERO(&rfds);
         FD_ZERO(&wfds);
         rnum = wnum = -1;
-
-        // Add the listening sockets
         sp = servers;
-        while (sp != NULL) 
+
+        while (sp != NULL)  // read each server port
         {
             FD_SET(sp->sd, &rfds);
-            if (sp->sd > rnum) rnum = sp->sd;
+
+            if (sp->sd > rnum) 
+                rnum = sp->sd;
             sp = sp->next;
         }
 
@@ -365,7 +199,7 @@ static void selectloop(void)
 
         while (tp != NULL) 
         {
-            if (currtime > tp->timeout) 
+            if (currtime > tp->timeout)     // timed out? Kill it.
             {
                 to = tp;
                 tp = tp->next;
@@ -413,11 +247,10 @@ static void selectloop(void)
         }
 
         active = select(wnum > rnum ? wnum+1 : rnum+1,
-                rnum != -1 ? &rfds : NULL,
-                wnum != -1 ? &wfds : NULL,
+                rnum != -1 ? &rfds : NULL, wnum != -1 ? &wfds : NULL,
                 NULL, NULL);
 
-        // Handle the listening sockets
+        // New connection?
         sp = servers;
         while (active > 0 && sp != NULL) 
         {
@@ -475,7 +308,130 @@ static void selectloop(void)
                 }
 #endif
         }
-    }  // MAIN SELECT LOOP
+    } 
+
+    return 0;
+}
+
+#if defined(CONFIG_HTTP_PERM_CHECK)
+static void procpermcheck(const char *pathtocheck) 
+{
+    char thepath[MAXREQUESTLENGTH];
+#ifndef WIN32
+    DIR *tpdir;
+    struct dirent *dp;
+
+    tpdir = opendir(pathtocheck);
+
+    if (tpdir == NULL) 
+    {
+        printf("WARNING: UID (%d) is unable to read %s\n", 
+                (int)getuid(), pathtocheck);
+        TTY_FLUSH();
+        return;
+    }
+
+    while ((dp = readdir(tpdir))) 
+    {
+        if (strcmp(dp->d_name, "..") == 0)
+            continue;
+
+        if (strcmp(dp->d_name, ".") == 0)
+            continue;
+
+        snprintf(thepath, sizeof(thepath), "%s/%s", pathtocheck, dp->d_name);
+
+        if (isdir(thepath))
+        {
+            procpermcheck(thepath);
+            continue;
+        }
+
+        if (access(thepath, R_OK) != 0)
+            printf("WARNING: UID (%d) is unable to read %s\n",
+                                (int)getuid(), thepath);
+
+        if (access(thepath, W_OK) == 0)
+            printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n",
+                                (int)getuid(), thepath);
+
+        TTY_FLUSH();
+    }
+
+    closedir(tpdir);
+#else   /* Win32 */
+    HANDLE tpdir;
+    WIN32_FIND_DATA file_data;
+    struct stat st;
+    char buf2[1024];
+
+    strcpy(buf2, pathtocheck);
+    strcat(buf2, "\\*");
+    tpdir = FindFirstFile(buf2, &file_data);
+
+    if (tpdir == INVALID_HANDLE_VALUE) 
+    {
+        printf("WARNING: unable to read %s\n", buf2);
+        TTY_FLUSH();
+        return;
+    }
+
+    while (FindNextFile(tpdir, &file_data)) 
+    {
+        if (strcmp(file_data.cFileName, "..") == 0) 
+            continue;
+
+        if (strcmp(file_data.cFileName, ".") == 0) 
+            continue;
+
+        snprintf(thepath, sizeof(thepath), "%s\\%s", 
+                pathtocheck, file_data.cFileName);
+
+        if (isdir(thepath)) 
+        {
+            procpermcheck(thepath);
+            continue;
+        }
+
+        if (stat(thepath, &st) >= 0) 
+        {
+            if ((st.st_mode & _S_IREAD) == 0) 
+            {
+                printf("WARNING: unable to read %s\n", thepath);
+                TTY_FLUSH();
+            }
+
+            if (st.st_mode & _S_IWRITE) 
+            {
+                printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
+                TTY_FLUSH();
+            }
+        }
+    }
+
+    FindClose(tpdir);
+#endif
+}
+#endif  /* CONFIG_HTTP_PERM_CHECK */
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void addcgiext(char *tp)
+{
+    struct cgiextstruct *ex = (struct cgiextstruct *)
+                        malloc(sizeof(struct cgiextstruct));
+    ex->ext = strdup(tp);
+    ex->next = cgiexts;
+    cgiexts = ex;
+}
+#endif
+
+static void addtoservers(int sd) 
+{
+    struct serverstruct *tp = (struct serverstruct *)
+                            calloc(1, sizeof(struct serverstruct));
+    tp->next = servers;
+    tp->sd = sd;
+    servers = tp;
 }
 
 #ifdef HAVE_IPV6
@@ -486,9 +442,6 @@ static void handlenewconnection(int listenfd, int is_ssl)
     char ipbuf[100];
     int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
 
-    if (connfd == -1) 
-        return;
-
     if (tp == sizeof(struct sockaddr_in6)) 
     {
         inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
@@ -512,10 +465,6 @@ static void handlenewconnection(int listenfd, int is_ssl)
     struct sockaddr_in their_addr;
     int tp = sizeof(struct sockaddr_in);
     int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
-
-    if (connfd == -1) 
-        return;
-
     addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
 }
 #endif
@@ -524,62 +473,60 @@ static int openlistener(int port)
 {
     int sd;
 #ifdef WIN32
-    char tp=1;
+    char tp = 1;
 #else
-    int tp=1;
+    int tp = 1;
 #endif
+#ifndef HAVE_IPV6
     struct sockaddr_in my_addr;
 
     if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
         return -1;
 
-    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    my_addr.sin_family = AF_INET;         // host byte order
-    my_addr.sin_port = htons((short)port);       // short, network byte order
-    my_addr.sin_addr.s_addr = INADDR_ANY; // automatically fill with my IP
-    memset(&(my_addr.sin_zero), 0, 8);    // zero the rest of the struct
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin_family = AF_INET;
+    my_addr.sin_port = htons((short)port);
+    my_addr.sin_addr.s_addr = INADDR_ANY;
+#else
+    struct sockaddr_in6 my_addr;
 
-    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1) 
-    {
-        close(sd);
+    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
         return -1;
-    }
 
-    if (listen(sd, BACKLOG) == -1) 
-    {
-        close(sd);
-        return -1;
-    }
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin6_family = AF_INET6;
+    my_addr.sin6_port = htons(port);
+    my_addr.sin6_addr.s_addr = INADDR_ANY;
+#endif
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr));
+    listen(sd, BACKLOG);
 
     return sd;
 }
 
-#ifdef HAVE_IPV6
-static int openlistener6(int port) 
+/* Wrapper function for strncpy() that guarantees
+   a null-terminated string. This is to avoid any possible
+   issues due to strncpy()'s behaviour.
+ */
+char *my_strncpy(char *dest, const char *src, size_t n) 
 {
-    int sd,tp;
-    struct sockaddr_in6 my_addr;
-
-    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
-        return -1;
+    strncpy(dest, src, n);
+    dest[n-1] = '\0';
+    return dest;
+}
 
-    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    memset(&my_addr, 0, sizeof(my_addr));
-    my_addr.sin6_family = AF_INET6;
-    my_addr.sin6_port = htons(port);
+int isdir(const char *tpbuf) 
+{
+    struct stat st;
 
-    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(my_addr)) == -1) 
-    {
-        close(sd);
-        return -1;
-    }
+    if (stat(tpbuf, &st) == -1) 
+        return 0;
 
-    if (listen(sd, BACKLOG) == -1)
-    {
-        close(sd);
-        return -1;
-    }
+    if ((st.st_mode & S_IFMT) == S_IFDIR) 
+        return 1;
 
-    return sd;
+    return 0;
 }
-#endif
+
diff --git a/httpd/proc.c b/httpd/proc.c
index 88c7fbab68..d4bde5d8c8 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -27,21 +27,31 @@
 #include "axhttp.h"
 
 static int special_read(struct connstruct *cn, void *buf, size_t count);
+static int special_write(struct connstruct *cn, 
+                                        const uint8_t *buf, size_t count);
 static void send301(struct connstruct *cn);
 static void send404(struct connstruct *cn);
 static int procindex(struct connstruct *cn, struct stat *stp);
 static int hexit(char c);
 static void urldecode(char *buf);
+static void buildactualfile(struct connstruct *cn);
+static int sanitizefile(const char *buf);
+static int sanitizehost(char *buf);
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
-static void urlencode(unsigned char *s, unsigned char *t);
+static void urlencode(const uint8_t *s, uint8_t *t);
+static void procdirlisting(struct connstruct *cn);
+static int issockwriteable(int sd);
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo);
+static int trycgi_withpathinfo(struct connstruct *cn);
+static void split(char *tp, char *sp[], int maxwords, char sc);
+static int iscgi(const char *fn);
 #endif
 
 // Returns 1 if elems should continue being read, 0 otherwise
-int procheadelem(struct connstruct *cn, char *buf) 
+static int procheadelem(struct connstruct *cn, char *buf) 
 {
     char *delim, *value;
 #if defined(CONFIG_HTTP_HAS_CGI)
@@ -98,7 +108,8 @@ int procheadelem(struct connstruct *cn, char *buf)
         my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
     } 
     else if (strcmp(buf, "Connection:")==0 &&
-            strcmp(value, "close")==0) {
+            strcmp(value, "close")==0) 
+    {
         cn->close_when_done = 1;
     } 
     else if (strcmp(buf, "If-Modified-Since:") ==0 ) 
@@ -111,33 +122,26 @@ int procheadelem(struct connstruct *cn, char *buf)
 }
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
-void procdirlisting(struct connstruct *cn) 
+static void procdirlisting(struct connstruct *cn)
 {
     char buf[MAXREQUESTLENGTH];
     char actualfile[1024];
 
-#ifndef CONFIG_HTTP_DIRECTORIES
-    if (allowdirectorylisting == 0) 
-    {
-        send404(cn);
-        removeconnection(cn);
-        return;
-    }
-#endif
-
     if (cn->reqtype == TYPE_HEAD) 
     {
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
+        snprintf(buf, sizeof(buf), 
+                "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
         write(cn->networkdesc, buf, strlen(buf));
-
         removeconnection(cn);
         return;
     }
 
     strcpy(actualfile, cn->actualfile);
+
 #ifdef WIN32
     strcat(actualfile, "*");
     cn->dirp = FindFirstFile(actualfile, &cn->file_data);
+
     if (cn->dirp == INVALID_HANDLE_VALUE) 
     {
         send404(cn);
@@ -145,10 +149,7 @@ void procdirlisting(struct connstruct *cn)
         return;
     }
 #else
-
-    cn->dirp = opendir(actualfile);
-
-    if (cn->dirp == NULL) 
+    if ((cn->dirp = opendir(actualfile)) == NULL) 
     {
         send404(cn);
         removeconnection(cn);
@@ -159,7 +160,10 @@ void procdirlisting(struct connstruct *cn)
     readdir(cn->dirp);
 #endif
 
-    sprintf(buf, "HTTP/1.1 200 OK\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n<H2>Directory listing of %s://%s%s</H2><BR>\n", cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
+            "<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n"
+            "<H2>Directory listing of %s://%s%s</H2><BR>\n", 
+            cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
     special_write(cn, buf, strlen(buf));
     cn->state = STATE_DOING_DIR;
 }
@@ -179,14 +183,14 @@ void procdodir(struct connstruct *cn)
 #ifdef WIN32
         if (!FindNextFile(cn->dirp, &cn->file_data)) 
 #else
-            if ((dp = readdir(cn->dirp)) == NULL)  
+        if ((dp = readdir(cn->dirp)) == NULL)  
 #endif
-            {
-                snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
-                special_write(cn, buf, strlen(buf));
-                removeconnection(cn);
-                return;
-            }
+        {
+            snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
+            special_write(cn, buf, strlen(buf));
+            removeconnection(cn);
+            return;
+        }
 
 #ifdef WIN32
         file = cn->file_data.cFileName;
@@ -199,31 +203,45 @@ void procdodir(struct connstruct *cn)
 
         snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
         putslash = isdir(buf);
-
         urlencode(file, encbuf);
         snprintf(buf, sizeof(buf), "<A HREF=\"%s%s\">%s%s</A><BR>\n",
                 encbuf, putslash ? "/" : "", file, putslash ? "/" : "");
         special_write(cn, buf, strlen(buf));
+    } while (issockwriteable(cn->networkdesc));
+}
 
-    } 
-    while (issockwriteable(cn->networkdesc));
+static int issockwriteable(int sd)
+{
+    fd_set wfds;
+    struct timeval tv;
+
+    tv.tv_sec = 0;
+    tv.tv_usec = 0;
+
+    FD_ZERO(&wfds);
+    FD_SET(sd, &wfds);
+
+    select(FD_SETSIZE, NULL, &wfds, NULL, &tv);
+    return FD_ISSET(sd, &wfds);
 }
 
 /* Encode funny chars -> %xx in newly allocated storage */
 /* (preserves '/' !) */
-static void urlencode(unsigned char *s, unsigned char *t) 
+static void urlencode(const uint8_t *s, uint8_t *t) 
 {
-    uint8_t *p, *tp;
+    const uint8_t *p = s;
+    uint8_t *tp;
 
-    tp =t ;
+    tp = t;
 
-    for (p=s; *p; p++) 
+    for (; *p; p++) 
     {
         if ((*p > 0x00 && *p < ',') ||
                 (*p > '9' && *p < 'A') ||
                 (*p > 'Z' && *p < '_') ||
                 (*p > '_' && *p < 'a') ||
-                (*p > 'z' && *p < 0xA1)) {
+                (*p > 'z' && *p < 0xA1)) 
+        {
             sprintf((char *)tp, "%%%02X", *p);
             tp += 3; 
         } 
@@ -245,24 +263,23 @@ void procreadhead(struct connstruct *cn)
     int rv;
 
     rv = special_read(cn, buf, sizeof(buf)-1);
-    if (rv <= 0) {
-        if (rv < 0)
+    if (rv <= 0) 
+    {
+        if (rv < 0) // really dead?
             removeconnection(cn);
         return;
     }
 
     buf[rv] = '\0';
-
     next = tp = buf;
 
     // Split up lines and send to procheadelem()
-    while(*next != '\0') 
+    while (*next != '\0') 
     {
         // If we have a blank line, advance to next stage!
         if (*next == '\r' || *next == '\n') 
         {
             buildactualfile(cn);
-
             cn->state = STATE_WANT_TO_SEND_HEAD;
             return;
         }
@@ -273,7 +290,7 @@ void procreadhead(struct connstruct *cn)
         if (*next == '\r') 
         {
             *next = '\0';
-            next+=2;
+            next += 2;
         }
         else if (*next == '\n') 
             *next++ = '\0';
@@ -295,8 +312,8 @@ void procsendhead(struct connstruct *cn)
     struct stat stbuf;
     time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
     char date[32];
-    strcpy(date, ctime(&now));
 
+    strcpy(date, ctime(&now));
     strcpy(actualfile, cn->actualfile);
 
 #ifdef WIN32
@@ -309,8 +326,9 @@ void procsendhead(struct connstruct *cn)
     {
 #if defined(CONFIG_HTTP_HAS_CGI)
         if (trycgi_withpathinfo(cn) == 0) 
-        { // We Try To Find A CGI
-            proccgi(cn,1);
+        { 
+            // We Try To Find A CGI
+            proccgi(cn, 1);
             return;
         }
 #endif
@@ -321,7 +339,7 @@ void procsendhead(struct connstruct *cn)
     }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-    if (iscgi(cn->actualfile)) 
+    if (iscgi(cn->actualfile))
     {
 #ifndef WIN32
         // Set up CGI script
@@ -333,7 +351,7 @@ void procsendhead(struct connstruct *cn)
         }
 #endif
 
-        proccgi(cn,0);
+        proccgi(cn, 0);
         return;
     }
 #endif
@@ -362,7 +380,7 @@ void procsendhead(struct connstruct *cn)
 
 #if defined(CONFIG_HTTP_HAS_CGI)
         // If the index is a CGI file, handle it like any other CGI
-        if (iscgi(cn->actualfile)) 
+        if (iscgi(cn->actualfile))
         {
             // Set up CGI script
             if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
@@ -372,45 +390,7 @@ void procsendhead(struct connstruct *cn)
                 return;
             }
 
-            proccgi(cn,0);
-            return;
-        }
-#endif
-        // If the index isn't a CGI, we continue on with the index file
-    }
-
-    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
-    {
-        if (cn->filereq[strlen(cn->filereq)-1] != '/') 
-        {
-            send301(cn);
-            removeconnection(cn);
-            return;
-        }
-
-        // Check to see if this dir has an index file
-        if (procindex(cn, &stbuf) == 0) 
-        {
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            // If not, we do a directory listing of it
-            procdirlisting(cn);
-#endif
-            return;
-        }
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-        // If the index is a CGI file, handle it like any other CGI
-        if (iscgi(cn->actualfile)) 
-        {
-            // Set up CGI script
-            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
-            {
-                send404(cn);
-                removeconnection(cn);
-                return;
-            }
-
-            proccgi(cn,0);
+            proccgi(cn, 0);
             return;
         }
 #endif
@@ -419,7 +399,8 @@ void procsendhead(struct connstruct *cn)
 
     if (cn->modified_since) 
     {
-        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: axhttpd V%s\nDate: %s\n", VERSION, date);
+        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
+                "axhttpd V%s\nDate: %s\n", VERSION, date);
         special_write(cn, buf, strlen(buf));
         cn->modified_since = 0;
         cn->state = STATE_WANT_TO_READ_HEAD;
@@ -433,12 +414,11 @@ void procsendhead(struct connstruct *cn)
         TTY_FLUSH();
 #endif
 
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\nContent-Type: %s\nContent-Length: %ld\nDate: %sLast-Modified: %s\n",
-                VERSION,
-                getmimetype(cn->actualfile),
-                (long) stbuf.st_size,
-                date,
-                ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
+                "Content-Type: %s\nContent-Length: %ld\n"
+                "Date: %sLast-Modified: %s\n", VERSION,
+                getmimetype(cn->actualfile), (long) stbuf.st_size,
+                date, ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
     }
 
     special_write(cn, buf, strlen(buf));
@@ -478,7 +458,6 @@ void procsendhead(struct connstruct *cn)
 #else
         cn->state = STATE_WANT_TO_READ_FILE;
 #endif
-        return;
     }
 }
 
@@ -490,10 +469,11 @@ void procreadfile(struct connstruct *cn)
     {
         close(cn->filedesc);
         cn->filedesc = -1;
-        if (cn->close_when_done)      /* close immediately */
+
+        if (cn->close_when_done)        /* close immediately */
             removeconnection(cn);
         else 
-        {                        /* keep socket open - HTTP 1.1 */
+        {                               /* keep socket open - HTTP 1.1 */
             cn->state = STATE_WANT_TO_READ_HEAD;
             cn->numbytes = 0;
         }
@@ -514,7 +494,9 @@ void procsendfile(struct connstruct *cn)
     else if (rv == cn->numbytes)
         cn->state = STATE_WANT_TO_READ_FILE;
     else if (rv == 0)
-    { /* Do nothing */ }
+    { 
+        /* Do nothing */ 
+    }
     else 
     {
         memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
@@ -522,24 +504,16 @@ void procsendfile(struct connstruct *cn)
     }
 }
 
-int special_write(struct connstruct *cn, const uint8_t *buf, size_t count)
+static int special_write(struct connstruct *cn, 
+                                        const uint8_t *buf, size_t count)
 {
-    int res;
-
     if (cn->is_ssl)
     {
         SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
-        if (ssl)
-        {
-            res = ssl_write(ssl, (unsigned char *)buf, count);
-        }
-        else
-            return -1;
+        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
     }
     else
-        res = SOCKET_WRITE(cn->networkdesc, buf, count);
-
-    return res;
+        return SOCKET_WRITE(cn->networkdesc, buf, count);
 }
 
 static int special_read(struct connstruct *cn, void *buf, size_t count)
@@ -549,7 +523,7 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
     if (cn->is_ssl)
     {
         SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
-        unsigned char *read_buf;
+        uint8_t *read_buf;
 
         if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
             memcpy(buf, read_buf, res > (int)count ? count : res);
@@ -566,26 +540,12 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
 static int procindex(struct connstruct *cn, struct stat *stp) 
 {
     char tbuf[MAXREQUESTLENGTH];
-    struct indexstruct *tp;
-
-    tp = indexlist;
-
-    while(tp != NULL) {
-        sprintf(tbuf, "%s%s%s", cn->actualfile, 
-#ifdef WIN32
-                "\\",
-#else
-                "/",
-#endif
-                tp->name);
-
-        if (stat(tbuf, stp) != -1) 
-        {
-            my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
-            return 1;
-        }
 
-        tp = tp->next;
+    sprintf(tbuf, "%s%s", cn->actualfile, "index.html");
+    if (stat(tbuf, stp) != -1) 
+    {
+        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
+        return 1;
     }
 
     return 0;
@@ -599,8 +559,6 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
     char buf[MAXREQUESTLENGTH];
 #ifdef WIN32
     int tmp_stdout;
-#else
-    int fv;
 #endif
 
     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
@@ -614,28 +572,15 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
     }
 
 #ifndef WIN32
-    if (pipe(tpipe) == -1) 
-    {
-        removeconnection(cn);
-        return;
-    }
-
-    fv = fork();
-
-    if (fv == -1) 
-    {
-        close(tpipe[0]);
-        close(tpipe[1]);
-        removeconnection(cn);
-        return;
-    }
+    pipe(tpipe);
 
-    if (fv != 0) 
+    if (fork() > 0)  // parent
     {
         // Close the write descriptor
         close(tpipe[1]);
         cn->filedesc = tpipe[0];
         cn->state = STATE_WANT_TO_READ_FILE;
+        cn->close_when_done = 1;
         return;
     }
 
@@ -653,7 +598,6 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 
     close(tpipe[0]);
     close(tpipe[1]);
-
     myargs[0] = cn->actualfile;
     myargs[1] = cn->cgiargs;
     myargs[2] = NULL;
@@ -666,11 +610,7 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 
     execv(cn->actualfile, myargs);
 #else /* WIN32 */
-    if (_pipe(tpipe, 4096, O_BINARY| O_NOINHERIT) == -1) 
-    {
-        removeconnection(cn);
-        return;
-    }
+    _pipe(tpipe, 4096, O_BINARY| O_NOINHERIT);
 
     myargs[0] = "sh";
     myargs[1] = "-c";
@@ -703,6 +643,7 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
     close(tmp_stdout);
     cn->filedesc = tpipe[0];
     cn->state = STATE_WANT_TO_READ_FILE;
+    cn->close_when_done = 1;
 
     for (;;)
     {
@@ -716,6 +657,97 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
     }
 #endif
 }
+
+static int trycgi_withpathinfo(struct connstruct *cn)
+{
+    char tpfile[MAXREQUESTLENGTH];
+    char fr_str[MAXREQUESTLENGTH];
+    char *fr_rs[MAXCGIARGS]; // filereq splitted
+    int i = 0, offset;
+
+    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
+    split(fr_str, fr_rs, MAXCGIARGS, '/');
+
+    while (fr_rs[i] != NULL) 
+    {
+        snprintf(tpfile, sizeof(tpfile), "%s/%s%s", 
+                            webroot, cn->virtualhostreq, fr_str);
+
+        if (iscgi(tpfile) && isdir(tpfile) == 0)
+        {
+            /* We've found our CGI file! */
+            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
+            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
+
+            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
+            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
+
+            return 0;
+        }
+
+        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
+        i++;
+    }
+
+    /* Couldn't find any CGIs :( */
+    *(cn->cgiscriptinfo) = '\0';
+    *(cn->cgipathinfo) = '\0';
+    return -1;
+}
+
+static int iscgi(const char *fn)
+{
+    struct cgiextstruct *tp;
+    int fnlen, extlen;
+
+    fnlen = strlen(fn);
+    tp = cgiexts;
+
+    while (tp != NULL) 
+    {
+        extlen = strlen(tp->ext);
+
+        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
+            return 1;
+
+        tp = tp->next;
+    }
+
+    return 0;
+}
+
+static void split(char *tp, char *sp[], int maxwords, char sc)
+{
+    int i = 0;
+
+    while(1) 
+    {
+        /* Skip leading whitespace */
+        while (*tp == sc) tp++;
+
+        if (*tp == '\0') 
+        {
+            sp[i] = NULL;
+            break;
+        }
+
+        if (i==maxwords-2) 
+        {
+            sp[maxwords-2] = NULL;
+            break;
+        }
+
+        sp[i] = tp;
+
+        while(*tp != sc && *tp != '\0') 
+            tp++;
+
+        if (*tp == sc) 
+            *tp++ = '\0';
+
+        i++;
+    }
+}
 #endif  /* CONFIG_HTTP_HAS_CGI */
 
 /* Decode string %xx -> char (in place) */
@@ -730,26 +762,28 @@ static void urldecode(char *buf)
     {
         v = 0;
 
-        if (*p=='%') 
+        if (*p == '%') 
         {
             s = p;
             s++;
 
             if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
             {
-                v = hexit(s[0])*16+hexit(s[1]);
+                v = hexit(s[0])*16 + hexit(s[1]);
+
                 if (v) 
-                { /* do not decode %00 to null char */
-                    *w=(char)v;
-                    p=&s[1];
+                { 
+                    /* do not decode %00 to null char */
+                    *w = (char)v;
+                    p = &s[1];
                 }
             }
 
         }
 
-        if (!v) 
-            *w=*p;
-        p++; w++;
+        if (!v) *w=*p;
+        p++; 
+        w++;
     }
 
     *w='\0';
@@ -757,27 +791,98 @@ static void urldecode(char *buf)
 
 static int hexit(char c) 
 {
-    if ( c >= '0' && c <= '9' )
+    if (c >= '0' && c <= '9')
         return c - '0';
-    if ( c >= 'a' && c <= 'f' )
+    else if (c >= 'a' && c <= 'f')
         return c - 'a' + 10;
-    if ( c >= 'A' && c <= 'F' )
+    else if (c >= 'A' && c <= 'F')
         return c - 'A' + 10;
-
-    return 0;
+    else
+        return 0;
 }
 
 static void send301(struct connstruct *cn)
 {
     char buf[2048];
-    snprintf(buf, sizeof(buf), "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n</HEAD><BODY>\n<H1>Moved Permanently</H1>\nThe document has moved <A HREF=\"%s/\">here</A>.<P>\n<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
+    snprintf(buf, sizeof(buf), 
+            "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n"
+            "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n"
+            "<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n"
+            "</HEAD><BODY>\n<H1>Moved Permanently</H1>\n"
+            "The document has moved <A HREF=\"%s/\">here</A>.<P>\n"
+            "<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
     special_write(cn, buf, strlen(buf));
 }
 
 static void send404(struct connstruct *cn)
 {
     char buf[1024];
-    sprintf(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>It ain't there my friend. (404 Not Found)</H1>\n</BODY></HTML>\n");
+    strcpy(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n"
+            "<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>"
+            "404 Not Found</H1>\n</BODY></HTML>\n");
     special_write(cn, buf, strlen(buf));
 }
 
+static void buildactualfile(struct connstruct *cn)
+{
+    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s", webroot, cn->filereq);
+
+    /* Add directory slash if not there */
+    if (isdir(cn->actualfile) && 
+            cn->actualfile[strlen(cn->actualfile)-1] != '/')
+        strcat(cn->actualfile, "/");
+
+#ifdef WIN32
+    /* convert all the forward slashes to back slashes */
+    {
+        char *t = cn->actualfile;
+        while ((t = strchr(t, '/')))
+        {
+            *t++ = '\\';
+        }
+    }
+#endif
+}
+
+static int sanitizefile(const char *buf) 
+{
+    int len, i;
+
+    // Don't accept anything not starting with a /
+    if (*buf != '/') 
+        return 0;
+
+    len = strlen(buf);
+    for (i = 0; i < len; i++) 
+    {
+        // Check for "/." : In other words, don't send files starting with a .
+        // Notice, GOBBLES, that this includes ".."
+        if (buf[i] == '/' && buf[i+1] == '.') 
+            return 0;
+    }
+
+    return 1;
+}
+
+static int sanitizehost(char *buf)
+{
+    while (*buf != '\0') 
+    {
+        // Handle the port
+        if (*buf == ':') 
+        {
+            *buf = '\0';
+            return 1;
+        }
+
+        // Enforce some basic URL rules...
+        if (isalnum(*buf)==0 && *buf != '-' && *buf != '.') return 0;
+        if (*buf == '.' && *(buf+1) == '.') return 0;
+        if (*buf == '.' && *(buf+1) == '-') return 0;
+        if (*buf == '-' && *(buf+1) == '.') return 0;
+        buf++;
+    }
+
+    return 1;
+}
+
diff --git a/www/index.html b/www/index.html
index 86133dd771..5a391a34c9 100644
--- a/www/index.html
+++ b/www/index.html
@@ -1,7 +1,7 @@
 <html><head><title>An Overview of Cryptography</title>
 
 
-<meta name="keywords" content="crypto tutorial, cryptography tutorial, DES tutorial, RSA tutorial, Diffie-Hellman tutorial, IPsec tutorial, PGP tutorial, SSL tutorial, ECC tutorial, elliptic curve cryptography tutorial, AES tutorial, Rijndael tutorial"></head><body bgcolor="#ffffff">
+<meta name="keywords" content="crypto tutorial, cryptography tutorial, DES tutorial, RSA tutorial, Diffie-Hellman tutorial, IPsec tutorial, PGP tutorial, SSL tutorial, ECC tutorial, elliptic curve cryptography tutorial, AES tutorial, Rijndael tutorial, secret key cryptography, public key cryptography, hash functions"></head><body bgcolor="#ffffff">
 <font size="3">
 </font><center>
 <h1>
@@ -12,7 +12,7 @@ <h1>
 <h3>
 <font size="3"><i><a href="mailto:kumquat@sover.net">Gary C. Kessler</a></i><br>
 May 1998<br>
-(26 September 2005)
+(1 August 2006)
 </font></h3>
 <font size="3"><br>
 </font><blockquote>
@@ -193,7 +193,7 @@ <h4>
 </li></font></ul>
 <font size="3"><a name="fig01"></a><br>
 </font><center><table border="1"><tbody><tr><td>
-<img src="crypto_files/crypto_types.gif">
+<img src="index_files/crypto_types.gif">
 <br><br>
 <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.</h4>
 </td></tr></tbody></table>
@@ -366,7 +366,7 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 and suitability for both software and hardware implementations on
 common 32-bit processors as well as 8-bit processors (e.g., smart
 cards, cryptographic hardware, and embedded systems). Also described in
-<a href="http://www.rfc-editor.org/rfc/rfc3713.txt"> RFC 3713</a>.</p></li>
+<a href="http://www.rfc-editor.org/rfc/rfc3713.txt"> RFC 3713</a>. Camellia's application in IPsec is described in <a href="http://www.rfc-editor.org/rfc/rfc4312.txt"> RFC 4312</a>.</p></li>
 
 <li> <p><i>MISTY1:</i> Developed at Mitsubishi Electric Corp., a block
 cipher using a 128-bit key and 64-bit blocks, and a variable number of
@@ -385,7 +385,7 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 <li> <p><i><a href="http://www.kisa.or.kr/seed/seed_eng.html">SEED</a>:</i>
 A block cipher using 128-bit blocks and 128-bit keys. Developed by the
 Korea Information Security Agency (KISA) and adopted as a national
-standard encryption algorithm in South Korea. Also described in <a href="http://www.rfc-editor.org/rfc/rfc4009.txt">RFC 4009</a>.</p></li>
+standard encryption algorithm in South Korea. Also described in <a href="http://www.rfc-editor.org/rfc/rfc4269.txt">RFC 4269</a>.</p></li>
 
 <li> <p><i><a href="http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf">Skipjack</a>:</i>
 SKC scheme proposed for Capstone. Although the details of the algorithm
@@ -463,11 +463,16 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 numbers, only have two factors!) The ability for computers to factor
 large numbers, and therefore attack schemes such as RSA, is rapidly
 improving and systems today can find the prime factors of numbers with
-more than 140 digits. The presumed protection of RSA, however, is that
-users can easily increase the key size to always stay ahead of the
-computer processing curve. As an aside, the patent for RSA expired in
-September 2000 which does not appear to have affected RSA's popularity
-one way or the other. A detailed example of RSA is presented below in <a href="#rsamath">Section 5.3</a>.</p></li>
+more than 200 digits. Nevertheless, if a large number is created from
+two prime factors that are roughly the same size, there is no known
+factorization algorithm that will solve the problem in a reasonable
+amount of time; a 2005 test to factor a 200-digit number took 1.5 years
+and over 50 years of compute time (see the Wikipedia article on <a href="http://en.wikipedia.org/wiki/Integer_factorization"> integer factorization</a>.)
+Regardless, one presumed protection of RSA is that users can easily
+increase the key size to always stay ahead of the computer processing
+curve. As an aside, the patent for RSA expired in September 2000 which
+does not appear to have affected RSA's popularity one way or the other.
+A detailed example of RSA is presented below in <a href="#rsamath">Section 5.3</a>.</p></li>
 
 <li> <p><i><a href="http://www.rsasecurity.com/rsalabs/faq/3-6-1.html">Diffie-Hellman</a>:</i>
 After the RSA algorithm was published, Diffie and Hellman came up with
@@ -590,17 +595,7 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 of a file's contents, often used to ensure that the file has not been
 altered by an intruder or virus. Hash functions are also commonly
 employed by many operating systems to encrypt passwords. Hash
-functions, then, help preserve the integrity of a file.</font></p>
-<p>
-<font size="3">Hash functions are sometimes misunderstood and some
-sources claim that no two files can have the same hash value. This
-isn't true, strictly speaking. Consider a hash function that provides a
-128-bit hash value. There are, obviously, 2<sup>128</sup> possible hash values. But there are a lot more than 2<sup>128</sup> <i>possible</i>
-files. Therefore, there have to be multiple files &#8212; in fact, there have
-to be an infinite number of files! &#8212; that can have the same 128-bit
-hash value. The difficulty is <i>finding</i> two files with the same
-hash! What is, indeed, very hard to do is to try to create a file that
-has a given hash value so as to force a hash value collision.</font></p>
+functions, then, provide a measure of the integrity of a file.</font></p>
 
 <p>
 <font size="3">Hash algorithms that are in common use today include:</font></p>
@@ -616,27 +611,60 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 a large number of products although several weaknesses in the algorithm
 were demonstrated by German cryptographer Hans Dobbertin in 1996.</p></li>
 </ul>
-
 </li><li> <p><i>Secure Hash Algorithm (SHA):</i> Algorithm for NIST's
 Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was
-originally published as FIPS 180-1 and <a href="ftp://ftp.rfc-editor.org/in-notes/rfc3174.txt"> RFC 3174</a>. <a href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf"> FIPS 180-2</a>
+originally published as FIPS 180-1 and <a href="http://www.rfc-editor.org/rfc/rfc3174.txt"> RFC 3174</a>. <a href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf"> FIPS 180-2</a>
 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256,
 SHA-384, and SHA-512 which can produce hash values that are 224, 256,
-384, or 512 bits in length, respectively.</p></li>
-
+384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52
+are also described in <a href="http://www.rfc-editor.org/rfc/rfc4634.txt"> RFC 4634</a>.</p></li>
 <li> <p><i><a href="http://www.esat.kuleuven.ac.be/%7Ebosselae/ripemd160.html">RIPEMD</a>:</i> A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. <a href="http://www.esat.kuleuven.ac.be/%7Ecosicart/pdf/AB-9601/AB-9601.pdf">RIPEMD-160</a>
 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel,
 and optimized for 32-bit processors to replace the then-current 128-bit
 hash functions. Other versions include RIPEMD-256, RIPEMD-320, and
 RIPEMD-128.</p></li>
-
 <li> <p><i><a href="http://www.calyptix.com/technology/haval.php">HAVAL (HAsh of VAriable Length)</a>:</i>
 Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with
 many levels of security. HAVAL can create hash values that are 128,
 160, 192, 224, or 256 bits in length.</p></li>
+<li> <p><i><a href="http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html"> Whirlpool</a>:</i> A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2<sup>256</sup>
+bits in length, and produces a message digest of 512 bits. The design
+of this has function is very different than that of MD5 and SHA-1,
+making it immune to the same attacks as on those hashes (see below).</p></li>
+</font></ul>
+
+<p>
+<font size="3">Hash functions are sometimes misunderstood and some
+sources claim that no two files can have the same hash value. This is,
+in fact, not correct. Consider a hash function that provides a 128-bit
+hash value. There are, obviously, 2<sup>128</sup> possible hash values. But there are a lot more than 2<sup>128</sup> <i>possible</i>
+files. Therefore, there have to be multiple files &#8212; in fact, there have
+to be an infinite number of files! &#8212; that can have the same 128-bit
+hash value.</font></p>
+<p>
+<font size="3">The difficulty is <i>finding</i> two files with the same
+hash! What is, indeed, very hard to do is to try to create a file that
+has a given hash value so as to force a hash value collision &#8212; which is
+the reason that hash functions are used extensively for information
+security and computer forensics applications. Alas, researchers in 2004
+found that <i>practical</i> collision attacks could be launched on
+MD5, SHA-1, and other hash algorithms. At this time, there is no
+obvious successor to MD5 and SHA-1 that could be put into use quickly;
+there are so many products using these hash functions that it could
+take many years to flush out all use of 128- and 160-bit hashes.
+Readers interested in this problem should read the following:</font></p>
+
+<ul>
+<font size="3"><li>Burr, W. (2006, Match/April). Cryptographic hash standards: Where do we go from here? <i>IEEE Security &amp; Privacy</i>, <i>4</i>(2), 88-91.</li>
+<li>Gutman, P., Naccache, D., &amp; Palmer, C.C. (2005, May/June). When hashes collide. <i>IEEE Security &amp; Privacy</i>, <i>3</i>(3), 68-71.</li>
+<li>Klima, V. (March 2005) <a href="http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf">"Finding MD5 Collisions - a Toy For a Notebook."</a></li>
+<li>Thompson, E. (2005, February). MD5 collisions and the impact on computer forensics. <i>Digital Investigation</i>, <i>2</i>(1), 36-40.</li>
+<li>Wang, X., Feng, D., Lai, X., &amp; Yu, H. (August 2004). <a href="http://eprint.iacr.org/2004/199">"Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD."</a></li>
+<li>Wang, X., Yin, Y.L., &amp; Yu, H. (February 2005). <a href="http://theory.csail.mit.edu/%7Eyiqun/shanote.pdf">"Collision Search Attacks on SHA1."</a></li>
 </font></ul>
+
 <p>
-<font size="3">For additional information, see David Hopwood's <a href="http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html"> MessageDigest Algorithms</a> page.</font></p>
+<font size="3">An excellent review of the situation with hash collisions can be found in <a href="http://www.rfc-editor.org/rfc/rfc4270.txt">RFC 4270</a> (by P. Hoffman and B. Schneier, November 2005). And for additional information on hash functions, see David Hopwood's <a href="http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html"> MessageDigest Algorithms</a> page.</font></p>
 
 <font size="3"><a name="why3"><h3>3.4. Why Three Encryption Techniques?</h3></a>
 </font><p>
@@ -663,7 +691,7 @@ <h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash func
 </font></p>
 <font size="3"><a name="fig02"></a><br>
 </font><center><table border="1"><tbody><tr><td>
-<img src="crypto_files/crypto_3ways.gif">
+<img src="index_files/crypto_3ways.gif">
 <br><br>
 <h4>FIGURE 2: Sample application of the three cryptographic techniques for secure communication.</h4>
 </td></tr></tbody></table>
@@ -972,7 +1000,7 @@ <h4>FIGURE 2: Sample application of the three cryptographic techniques for secur
 <br>
 <a name="fig03"><br>
 </a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
-<img src="crypto_files/kerberos.gif">
+<img src="index_files/kerberos.gif">
 <br><br>
 <h4>FIGURE 3: Kerberos architecture.</h4>
 </td></tr></tbody></table>
@@ -1065,7 +1093,7 @@ <h4>FIGURE 3: Kerberos architecture.</h4>
 <br>
 <a name="fig04"><br>
 </a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
-<img src="crypto_files/crypto_cert.gif">
+<img src="index_files/crypto_cert.gif">
 <br><br>
 <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Netscape Navigator V4.</h4>
 </td></tr></tbody></table>
@@ -1238,6 +1266,11 @@ <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Nets
 </td><td valign="top" width="60%">A PCMCIA card developed by NSA that
 implements the Capstone algorithms, intended for use with the Defense
 Messaging Service (DMS).
+</td></tr><tr><td valign="top" width="20%">GOST
+</td><td valign="top" width="60%">GOST is a family of algorithms that
+is defined in the Russian cryptographic standards. Although most of the
+specifications are written in Russian, <a href="http://www.rfc-editor.org/rfc/rfc4357.txt">RFC 4357</a> provides supplemental information and specifications so that the algorithms can be used effectively in Internet applications.
+
 <a name="tab03-ipsec"></a>
 </td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/ipsec-charter.html">IP Security Protocol (IPsec)</a>
 </td><td valign="top" width="60%">The IPsec protocol suite is used to
@@ -1245,24 +1278,37 @@ <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Nets
 overview of the protocol suite and of the documents comprising IPsec
 can be found in <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a>. Other documents include:
 <ul>
-<li><a href="http://www.rfc-editor.org/rfc/rfc2401.txt">RFC 2401</a>: IP security architecture.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2402.txt">RFC 2402</a>:
+<li><a href="http://www.rfc-editor.org/rfc/rfc4301.txt">RFC 4301</a>: IP security architecture.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc4302.txt">RFC 4302</a>:
 IP Authentication Header (AH), one of the two primary IPsec functions;
 AH provides connectionless integrity and data origin authentication for
 IP datagrams and protects against replay attacks.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>: Describes use of the HMAC with MD5 algorithm for data origin authentication and integrity protection in both AH and ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>: Describes use of the HMAC with SHA-1 algorithm for data origin authentication and integrity protection in both AH and ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>: Describes use of DES-CBC (DES in Cipher Block Chaining Mode) for confidentiality in ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2406.txt">RFC 2406</a>:
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc4303.txt">RFC 4303</a>:
 IP Encapsulating Security Payload (ESP), the other primary IPsec
 function; ESP provides a variety of security services within IPsec.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a>: Describes the application of ISAKMP to IPsec.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>: Describes ISAKMP, a framework for key management and security associations.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>:
-The Internet Key Exchange (IKE) algorithm, using part of Oakley and
-part of SKEME in conjunction with ISAKMP to obtain authenticated keying
-material for use with ISAKMP, and for other security associations such
-as AH and ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc4304.txt">RFC 4304</a>:
+Extended Sequence Number (ESN) Addendum, allows for negotiation of a
+32- or 64- bit sequence number, used to detect replay attacks.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a>: Cryptographic algorithm implementation requirements for ESP and AH.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4306.txt">RFC 4306</a>:
+The Internet Key Exchange (IKE) protocol, version 2, providing for
+mutual authentication and establishing and maintaining security
+associations.</li>
+<ul>
+<li> IKE v1 was described in three separate documents, <a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a> (application of ISAKMP to IPsec), <a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a> (ISAKMP, a framework for key management and security associations), and <a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>
+(IKE, using part of Oakley and part of SKEME in conjunction with ISAKMP
+to obtain authenticated keying material for use with ISAKMP, and for
+other security associations such as AH and ESP). IKE v1 is obsoleted
+with the introdcution of IKEv2.</li>
+</ul>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4307.txt"> RFC 4307</a>: Cryptographic algoritms used with IKEv2.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4308.txt">RFC 4308</a>: Crypto suites for IPsec, IKE, and IKEv2.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4309.txt"> RFC 4309</a>: The use of AES in CBC-MAC mode with IPsec ESP.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4312.txt"> RFC 4312</a>: The use of the Camellia cipher algorithm in IPsec.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4359.txt"> RFC 4359</a>: The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH).</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc4434.txt"> RFC 4434</a>: Describes AES-XCBC-PRF-128, a pseudo-random function derived from the AES for use with IKE.</li>
+<li><a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>: Describes use of the HMAC with MD5 algorithm for data origin authentication and integrity protection in both AH and ESP.
+</li><li><a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>: Describes use of DES-CBC (DES in Cipher Block Chaining Mode) for confidentiality in ESP.
 </li><li><a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>: Defines use of the NULL encryption algorithm (i.e., provides authentication and integrity without confidentiality) in ESP.
 </li><li><a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>: Describes OAKLEY, a key determination and distribution protocol.
 </li><li><a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>: Describes use of Cipher Block Chaining (CBC) mode cipher algorithms with ESP.
@@ -1374,7 +1420,19 @@ <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Nets
 valid SGC certificate. SGC is available in 32-bit Windows versions of
 Internet Explorer (IE) 4.0, and support for Mac, Unix, and 16-bit
 Windows versions of IE is expected in the future.
-</td></tr><tr><td valign="top" width="20%"><a href="http://skip.incog.com/">Simple Key-Management for Internet Protocol (SKIP)</a>
+</td></tr><tr><td valign="top" width="20%"><a href="http://www.rfc-editor.org/rfc/rfc4422.txt">Simple Authentication and Security Layer (SASL)</a>
+</td><td valign="top" width="60%">(SASL) is a framework for providing
+authentication and data security services in connection-oriented
+protocols (a la TCP). It provides a structured interface and allows new
+protocols to reuse existing authentication mechanisms and allows old
+protocols to make use of new mechanisms.
+<p>It has been common practice on the Internet to permit anonymous
+access to various services, employing a plain-text password using a
+user name of "anonymous" and a password of an email address or some
+other identifying information. New IETF protocols disallow plain-text
+logins. The Anonymous SASL Mechanism (<a href="http://www.rfc-editor.org/rfc/rfc4505.txt">RFC 4505</a>) provides a method for anonymous logins within the SASL framework.
+
+</p></td></tr><tr><td valign="top" width="20%"><a href="http://skip.incog.com/">Simple Key-Management for Internet Protocol (SKIP)</a>
 </td><td valign="top" width="60%">Key management scheme for secure IP
 communication, specifically for IPsec, and designed by Aziz and Diffie.
 SKIP essentially defines a public key infrastructure for the Internet
@@ -1739,10 +1797,13 @@ <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Nets
 (OFB). Despite all of these options, ECB is the most commonly deployed
 mode of operation.</font></p>
 <p>
-<font size="3">Although other block ciphers will replace DES, it is
-still interesting to see how DES encryption is performed. Not only is
-it sort of interesting, but DES remains in many products and we will
-continue to see DES for some years to come.</font></p>
+<font size="3">NIST finally declared DES obsolete in 2004, and withdrew FIPS 46-3, 74, and 81 (<a href="http://csrc.nist.gov/Federal-register/July26-2004-FR-DES-Notice.pdf" target="_blank"><i>Federal Register</i>, July 26, 2004, <i>69</i>(142), 44509-44510</a>).
+Although other block ciphers will replace DES, it is still interesting
+to see how DES encryption is performed; not only is it sort of neat,
+but DES was the first crypto scheme commonly seen in non-govermental
+applications and was the catalyst for modern "public" cryptography. DES
+remains in many products &#8212; and cryptography students and cryptographers
+will continue to study DES for years to come.</font></p>
 
 <p><font size="3"><b>DES Operational Overview</b></font></p>
 <p>
@@ -1756,7 +1817,7 @@ <h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Nets
 
 <font size="3"><a name="fig06"><br>
 </a></font><center><table border="1"><tbody><tr><td>
-<img src="crypto_files/crypto_des.gif">
+<img src="index_files/crypto_des.gif">
 <br><br>
 <h4>FIGURE 6: DES enciphering algorithm.</h4>
 </td></tr></tbody></table>
@@ -2148,7 +2209,7 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 intended primarily for IP version 6 (IPv6), IPsec can also be employed
 by the current version of IP, namely IP version 4 (IPv4).</font></p>
 <p>
-<font size="3">As shown in <a href="#tab03-ipsec">Table 3</a>, IPsec is described in nearly a dozen RFCs. <a href="http://www.rfc-editor.org/rfc/rfc2401.txt"> RFC 2401</a>, in particular, describes the overall IP security architecture and <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a> provides an overview of the IPsec protocol suite and the documents describing it.</font></p>
+<font size="3">As shown in <a href="#tab03-ipsec">Table 3</a>, IPsec is described in nearly a dozen RFCs. <a href="http://www.rfc-editor.org/rfc/rfc4301.txt"> RFC 4301</a>, in particular, describes the overall IP security architecture and <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a> provides an overview of the IPsec protocol suite and the documents describing it.</font></p>
 <p>
 <font size="3">IPsec can provide either message authentication and/or
 encryption. The latter requires more processing than the former, but
@@ -2173,7 +2234,7 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 <li>security protocol (AH or ESP) identifier</li>
 </font></ul>
 <p>
-<font size="3">The IP Authentication Header (AH), described in <a href="http://www.rfc-editor.org/rfc/rfc2402.txt">RFC 2402</a>, provides a mechanism for data integrity and data origin authentication for IP packets using HMAC with MD5 (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>), HMAC with SHA-1 (<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>), or HMAC with RIPEMD (<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>).</font></p>
+<font size="3">The IP Authentication Header (AH), described in <a href="http://www.rfc-editor.org/rfc/rfc4302.txt">RFC 4302</a>, provides a mechanism for data integrity and data origin authentication for IP packets using HMAC with MD5 (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>), HMAC with SHA-1 (<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>), or HMAC with RIPEMD (<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>). See also <a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a>.</font></p>
 
 <font size="3"><a name="fig10"></a><br>
 </font><center>
@@ -2190,12 +2251,12 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
    |                    Sequence Number Field                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
-   +                Authentication Data (variable)                 |
+   +                Integrity Check Value-ICV (variable)           |
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 </pre>
 <p>
-</p><h4>FIGURE 10: IPsec Authentication Header format. <i>(From RFC 2402)</i></h4>
+</p><h4>FIGURE 10: IPsec Authentication Header format. <i>(From RFC 4302)</i></h4>
 </td></tr></tbody></table>
 </center>
 <font size="3"><br><br>
@@ -2242,38 +2303,44 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 algorithms <i>may</i> also be supported.</li>
 </font></ul>
 <p>
-<font size="3">The IP Encapsulating Security Payload (ESP), described in <a href="http://www.rfc-editor.org/rfc/rfc2406.txt">RFC 2406</a>,
+<font size="3">The IP Encapsulating Security Payload (ESP), described in <a href="http://www.rfc-editor.org/rfc/rfc4303.txt">RFC 4303</a>,
 provides message integrity and privacy mechanisms in addition to
 authentication. As in AH, ESP uses HMAC with MD5, SHA-1, or RIPEMD
-authentication (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>/<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>/<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>); privacy is provided using DES-CBC encryption (<a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>), NULL encryption (<a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>), other CBC-mode algorithms (<a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>), or AES (<a href="http://www.rfc-editor.org/rfc/rfc3686.txt">RFC 3686</a>).</font></p>
+authentication (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>/<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>/<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>); privacy is provided using DES-CBC encryption (<a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>), NULL encryption (<a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>), other CBC-mode algorithms (<a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>), or AES (<a href="http://www.rfc-editor.org/rfc/rfc3686.txt">RFC 3686</a>). See also <a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a> and <a href="http://www.rfc-editor.org/rfc/rfc4308.txt">RFC 4308</a>.</font></p>
 
 <font size="3"><a name="fig11"></a><br>
 </font><center>
 <table border="3" cellpadding="4">
-<tbody><tr><td width="600">
+<tbody><tr><td width="675">
 <pre>
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |               Security Parameters Index (SPI)                 |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                      Sequence Number                          |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                    Payload Data (variable)                    |
-   ~                                                               ~
-   |                                                               |
-   +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |               |     Padding (0-255 bytes)                     |
-   +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                               |  Pad Length   | Next Header   |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                 Authentication Data (variable)                |
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
+   |               Security Parameters Index (SPI)                 | ^Int.
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
+   |                      Sequence Number                          | |ered
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ----  
+   |                    Payload Data* (variable)                   | |   ^
+   ~                                                               ~ |   |
+   |                                                               | |Conf.
+   +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
+   |               |     Padding (0-255 bytes)                     | |ered*
+   +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |   |
+   |                               |  Pad Length   | Next Header   | v   v
+   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------
+   |         Integrity Check Value-ICV   (variable)                |
    ~                                                               ~
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+       * If included in the Payload field, cryptographic synchronization
+         data, e.g., an Initialization Vector (IV), usually is not
+         encrypted per se, although it often is referred to as being
+         being part of the ciphertext.
+
 </pre>
 <p>
-</p><h4>FIGURE 11: IPsec Encapsulating Security Payload format. <i>(From RFC 2406)</i></h4>
+</p><h4>FIGURE 11: IPsec Encapsulating Security Payload format. <i>(From RFC 4303)</i></h4>
 </td></tr></tbody></table>
 </center>
 <font size="3"><br><br>
@@ -2322,60 +2389,62 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 <font size="3"><a name="fig12"></a><br>
 </font><center>
 <table border="3" cellpadding="4">
-<tbody><tr><td width="600">
+<tbody><tr><td width="675">
 <pre>
-    <b>ORIGINAL PACKET BEFORE APPLYING AH</b>
+  <b>ORIGINAL PACKET BEFORE APPLYING AH</b>
 
-            ----------------------------
-      <b>IPv4</b>  |orig IP hdr  |     |      |
-            |(any options)| TCP | Data |
-            ----------------------------
+         ----------------------------
+   <b>IPv4</b>  |orig IP hdr  |     |      |
+         |(any options)| TCP | Data |
+         ----------------------------
 
-            ---------------------------------------
-      <b>IPv6</b>  |             | ext hdrs |     |      |
-            | orig IP hdr |if present| TCP | Data |
-            ---------------------------------------
+         ---------------------------------------
+   <b>IPv6</b>  |             | ext hdrs |     |      |
+         | orig IP hdr |if present| TCP | Data |
+         ---------------------------------------
 
+  <b>AFTER APPLYING AH (TRANSPORT MODE)</b>
 
-    <b>AFTER APPLYING AH (TRANSPORT MODE)</b>
+          -------------------------------------------------------
+    <b>IPv4</b>  |original IP hdr (any options) | AH | TCP |    Data   |
+          -------------------------------------------------------
+          |&lt;- mutable field processing -&gt;|&lt;- immutable fields -&gt;|
+          |&lt;----- authenticated except for mutable fields -----&gt;|
 
-            ---------------------------------
-      <b>IPv4</b>  |orig IP hdr  |    |     |      |
-            |(any options)| AH | TCP | Data |
-            ---------------------------------
-            |&lt;------- authenticated -------&gt;|
-                 except for mutable fields
+         ------------------------------------------------------------
+   <b>IPv6</b>  |             |hop-by-hop, dest*, |    | dest |     |      |
+         |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
+         ------------------------------------------------------------
+         |&lt;--- mutable field processing --&gt;|&lt;-- immutable fields --&gt;|
+         |&lt;---- authenticated except for mutable fields -----------&gt;|
 
-            ------------------------------------------------------------
-      <b>IPv6</b>  |             |hop-by-hop, dest*, |    | dest |     |      |
-            |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
-            ------------------------------------------------------------
-            |&lt;---- authenticated except for mutable fields -----------&gt;|
-
-                 * = if present, could be before AH, after AH, or both
+               * = if present, could be before AH, after AH, or both
 
 
-    <b>AFTER APPLYING AH (TUNNEL MODE)</b>
+  <b>AFTER APPLYING AH (TUNNEL MODE)</b>
 
-          ------------------------------------------------
-    <b>IPv4</b>  | new IP hdr* |    | orig IP hdr*  |    |      |
-          |(any options)| AH | (any options) |TCP | Data |
-          ------------------------------------------------
-          |&lt;- authenticated except for mutable fields --&gt;|
+        ----------------------------------------------------------------
+   <b>IPv4</b> |                              |    | orig IP hdr*  |   |      |
+        |new IP header * (any options) | AH | (any options) |TCP| Data |
+        ----------------------------------------------------------------
+        |&lt;- mutable field processing -&gt;|&lt;------ immutable fields -----&gt;|
+        |&lt;- authenticated except for mutable fields in the new IP hdr-&gt;|
 
-          |           in the new IP hdr                  |
+        --------------------------------------------------------------
+   <b>IPv6</b> |           | ext hdrs*|    |            | ext hdrs*|   |    |
+        |new IP hdr*|if present| AH |orig IP hdr*|if present|TCP|Data|
+        --------------------------------------------------------------
+        |&lt;--- mutable field --&gt;|&lt;--------- immutable fields --------&gt;|
+        |       processing     |
+        |&lt;-- authenticated except for mutable fields in new IP hdr -&gt;|
 
-          --------------------------------------------------------------
-    <b>IPv6</b>  |           | ext hdrs*|    |            | ext hdrs*|   |    |
-          |new IP hdr*|if present| AH |orig IP hdr*|if present|TCP|Data|
-          --------------------------------------------------------------
-          |&lt;-- authenticated except for mutable fields in new IP hdr -&gt;|
+          * = if present, construction of outer IP hdr/extensions and
+              modification of inner IP hdr/extensions is discussed in
+              the Security Architecture document.
 
-           * = construction of outer IP hdr/extensions and modification
-               of inner IP hdr/extensions is discussed below.
 </pre>
 <p>
-</p><h4>FIGURE 12: IPsec tunnel and transport modes for AH. <i>(Adapted from RFC 2402)</i></h4>
+</p><h4>FIGURE 12: IPsec tunnel and transport modes for AH. <i>(Adapted from RFC 4302)</i></h4>
 </td></tr></tbody></table>
 </center>
 <font size="3"><br><br>
@@ -2397,7 +2466,7 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 <a name="fig13"></a><br>
 </font><center>
 <table border="3" cellpadding="4">
-<tbody><tr><td width="600">
+<tbody><tr><td width="675">
 <pre>
     <b>ORIGINAL PACKET BEFORE APPLYING ESP</b>
 
@@ -2416,17 +2485,17 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 
             -------------------------------------------------
       <b>IPv4</b>  |orig IP hdr  | ESP |     |      |   ESP   | ESP|
-            |(any options)| Hdr | TCP | Data | Trailer |Auth|
+            |(any options)| Hdr | TCP | Data | Trailer | ICV|
             -------------------------------------------------
-                                |&lt;----- encrypted ----&gt;|
-                          |&lt;------ authenticated -----&gt;|
+                                |&lt;---- encryption ----&gt;|
+                          |&lt;-------- integrity -------&gt;|
 
             ---------------------------------------------------------
-      <b>IPv6</b>  | orig |hop-by-hop,dest*,|ESP|dest|   |    | ESP   | ESP|
-            |IP hdr|routing,fragment.|hdr|opt*|TCP|Data|Trailer|Auth|
+      <b>IPv6</b>  | orig |hop-by-hop,dest*,|   |dest|   |    | ESP   | ESP|
+            |IP hdr|routing,fragment.|ESP|opt*|TCP|Data|Trailer| ICV|
             ---------------------------------------------------------
-                                         |&lt;---- encrypted ----&gt;|
-                                     |&lt;---- authenticated ----&gt;|
+                                         |&lt;--- encryption ----&gt;|
+                                     |&lt;------ integrity ------&gt;|
 
                 * = if present, could be before ESP, after ESP, or both
 
@@ -2434,24 +2503,27 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
     <b>AFTER APPLYING ESP (TUNNEL MODE)</b>
 
             -----------------------------------------------------------
-      <b>IPv4</b>  | new IP hdr  | ESP | orig IP hdr   |   |    | ESP   | ESP|
-            |(any options)| hdr | (any options) |TCP|Data|Trailer|Auth|
+      <b>IPv4</b>  | new IP hdr+ |     | orig IP hdr+  |   |    | ESP   | ESP|
+            |(any options)| ESP | (any options) |TCP|Data|Trailer| ICV|
 
             -----------------------------------------------------------
-                                |&lt;--------- encrypted ----------&gt;|
-                          |&lt;----------- authenticated ----------&gt;|
+                                |&lt;--------- encryption ---------&gt;|
+                          |&lt;------------- integrity ------------&gt;|
 
             ------------------------------------------------------------
-      <b>IPv6</b>  | new+ |new ext |ESP| orig+|orig ext |   |    | ESP   | ESP|
-            |IP hdr| hdrs+  |hdr|IP hdr| hdrs+   |TCP|Data|Trailer|Auth|
+      <b>IPv6</b>  | new+ |new ext |   | orig+|orig ext |   |    | ESP   | ESP|
+            |IP hdr| hdrs+  |ESP|IP hdr| hdrs+   |TCP|Data|Trailer| ICV|
             ------------------------------------------------------------
-                                |&lt;--------- encrypted -----------&gt;|
-                            |&lt;---------- authenticated ----------&gt;|
+                                |&lt;--------- encryption ----------&gt;|
+                            |&lt;------------ integrity ------------&gt;|
+
+            + = if present, construction of outer IP hdr/extensions and
+                modification of inner IP hdr/extensions is discussed in
+                the Security Architecture document.
 
-               + = if present
 </pre>
 <p>
-</p><h4>FIGURE 13: IPsec tunnel and transport modes for ESP. <i>(Adapted from RFC 2406)</i></h4>
+</p><h4>FIGURE 13: IPsec tunnel and transport modes for ESP. <i>(Adapted from RFC 4303)</i></h4>
 </td></tr></tbody></table>
 </center>
 <font size="3"><br><br>
@@ -2563,7 +2635,7 @@ <h4>FIGURE 6: DES enciphering algorithm.</h4>
 
 <font size="3"><a name="fig14"></a><br>
 </font><center><table border="1"><tbody><tr><td>
-<img src="crypto_files/crypto_sslv3.gif">
+<img src="index_files/crypto_sslv3.gif">
 <br><br>
 <h4>FIGURE 14: SSL v3 configuration screen (Netscape Navigator).</h4>
 </td></tr></tbody></table>
@@ -2573,10 +2645,9 @@ <h4>FIGURE 14: SSL v3 configuration screen (Netscape Navigator).</h4>
 <font size="3">In 1997, SSL v3 was found to be breakable. By this time,
 the Internet Engineering Task Force (IETF) had already started work on
 a new, non-proprietary protocol called Transport Layer Security (TLS),
-described in <a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>.
-TLS extends SSL and supports additional crypto schemes, such as
-Diffie-Hellman key exchange and DSS digital signatures. TLS is backward
-compatible with SSL (and, in fact, is recognized as SSL v3.1).</font></p>
+described in <a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>. TLS extends SSL and supports additional crypto schemes, such as Diffie-Hellman key exchange and DSS digital signatures; <a href="http://www.rfc-editor.org/rfc/rfc4279.txt">RFC 4279</a>
+describes the pre-shared key crypto schemes supported by TLS. TLS is
+backward compatible with SSL (and, in fact, is recognized as SSL v3.1).</font></p>
 
 <font size="3"><a name="fig15"></a><br>
 </font><center><table border="1"><tbody><tr><td>
@@ -2773,7 +2844,7 @@ <h4>FIGURE 15: SSL/TLS protocol handshake.</h4>
 can result in major changes in the set of (x,y) solutions.</p>
 <a name="fig16"></a><br>
 <center><table border="1"><tbody><tr><td>
-<img src="crypto_files/crypto_ecc.gif">
+<img src="index_files/crypto_ecc.gif">
 <br><br>
 <h4>FIGURE 16: Elliptic curve addition.</h4>
 </td></tr></tbody></table>
@@ -3545,6 +3616,7 @@ <h4>FIGURE 17: AES pseudocode.</h4>
 </li><li>Stallings, W. <i>Cryptography and Network Security: Principles and Practice</i>, 4th ed. Englewood Cliffs (NJ): Prentice Hall, 2006.
 </li><li>_____, (ed.) <i>Practical Cryptography for Data Internetworks.</i> Los Alamitos (CA): IEEE Computer Society Press, 1996.
 </li><li>Trappe, W. &amp; Washington, L.C. <i>Introduction to Cryptography with Codin Theory</i>, 2nd ed. Upper Saddle River (NJ): Pearson Prentice Hall, 2006.
+</li><li>Young, A. &amp; Yung, M. <i>Malicious Cryptography: Exposing Cryptovirology</i>. New York: John Wiley &amp; Sons, 2004.
 <br><br>
 </li><li>On the Web:
 <ul>
@@ -3600,14 +3672,14 @@ <h4>FIGURE 17: AES pseudocode.</h4>
 
 <table align="center" border="0">
 <tbody><tr>
-<td><img src="crypto_files/crypto_2600des.gif">
+<td><img src="index_files/crypto_2600des.gif">
 </td><td>
 <p>
 Finally, I am not in the clothing business although I do have an
 impressive t-shirt collection (over 350 and counting!). If you want to
 proudly wear the DES (well, actually the IDEA) encryption algorithm, be
 sure to see <i>2600 Magazine</i>'s DES Encryption Shirt, found at <a href="http://store.yahoo.com/2600hacker/desenshir.html"> <i>http://store.yahoo.com/2600hacker/desenshir.html</i></a> (left). A t-shirt with Adam Back's RSA Perl code can be found at <a href="http://www.cypherspace.org/%7Eadam/uk-shirt.html"> <i>http://www.cypherspace.org/~adam/uk-shirt.html</i></a> (right).</p>
-</td><td><img src="crypto_files/crypto_backrsa.jpg">
+</td><td><img src="index_files/crypto_backrsa.jpg">
 </td></tr></tbody></table>
 
 <br>
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
index 0784c7e3a8..1697e2d09e 100755
--- a/www/test_dir/health.sh
+++ b/www/test_dir/health.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-echo "Content-type: text/html"
+echo "Content-Type: text/html"
 echo
 echo "<html><title>System Health</title><body>"
 echo "<h1>System Health for '`hostname`'</h1>"

From 2234c125f00a8463ca79becfa4821fbb2261a33b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 8 Dec 2006 03:25:27 +0000
Subject: [PATCH 044/301] fixed www stuff

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@54 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/linuxconfig                            | 198 ++++++-------
 httpd/main.c                                  |  82 +++---
 httpd/misc.c                                  | 268 ------------------
 httpd/proc.c                                  |   2 +-
 ssl/Makefile                                  |   4 +-
 .../crypto_2600des.gif                        | Bin
 .../crypto_3ways.gif                          | Bin
 .../crypto_backrsa.jpg                        | Bin
 .../crypto_cert.gif                           | Bin
 .../crypto_des.gif                            | Bin
 .../crypto_ecc.gif                            | Bin
 .../crypto_sslv3.gif                          | Bin
 .../crypto_types.gif                          | Bin
 .../kerberos.gif                              | Bin
 14 files changed, 148 insertions(+), 406 deletions(-)
 delete mode 100644 httpd/misc.c
 rename www/{crypto_files => index_files}/crypto_2600des.gif (100%)
 rename www/{crypto_files => index_files}/crypto_3ways.gif (100%)
 rename www/{crypto_files => index_files}/crypto_backrsa.jpg (100%)
 rename www/{crypto_files => index_files}/crypto_cert.gif (100%)
 rename www/{crypto_files => index_files}/crypto_des.gif (100%)
 rename www/{crypto_files => index_files}/crypto_ecc.gif (100%)
 rename www/{crypto_files => index_files}/crypto_sslv3.gif (100%)
 rename www/{crypto_files => index_files}/crypto_types.gif (100%)
 rename www/{crypto_files => index_files}/kerberos.gif (100%)

diff --git a/config/linuxconfig b/config/linuxconfig
index 00aaa90812..757d0f75c8 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -1,97 +1,101 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-CONFIG_PLATFORM_LINUX=y
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-# CONFIG_PLATFORM_WIN32 is not set
-
-#
-# General Configuration
-#
-PREFIX="/usr/local"
-# CONFIG_DEBUG is not set
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-# CONFIG_SSL_USE_DEFAULT_KEY is not set
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-CONFIG_USE_DEV_URANDOM=y
-# CONFIG_WIN32_USE_CRYPTO_LIB is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-# CONFIG_AXHTTPD is not set
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_HTTPS_PORT=0
-CONFIG_HTTP_SESSION_CACHE_SIZE=0
-CONFIG_HTTP_WEBROOT=""
-CONFIG_HTTP_PORT=0
-CONFIG_HTTP_TIMEOUT=0
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSION=""
-# CONFIG_HTTP_DIRECTORIES is not set
-# CONFIG_HTTP_PERM_CHECK is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_ALL_MIME_TYPES=y
-# CONFIG_HTTP_VERBOSE is not set
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-# CONFIG_BINDINGS is not set
-# CONFIG_CSHARP_BINDINGS is not set
-# CONFIG_VBNET_BINDINGS is not set
-CONFIG_DOT_NET_FRAMEWORK_BASE=""
-# CONFIG_JAVA_BINDINGS is not set
-CONFIG_JAVA_HOME=""
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-# CONFIG_CSHARP_SAMPLES is not set
-# CONFIG_VBNET_SAMPLES is not set
-# CONFIG_JAVA_SAMPLES is not set
-# CONFIG_PERL_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+CONFIG_PLATFORM_LINUX=y
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+PREFIX="/usr/local"
+# CONFIG_DEBUG is not set
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="../www"
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_TIMEOUT=5
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSION=""
+# CONFIG_HTTP_DIRECTORIES is not set
+# CONFIG_HTTP_PERM_CHECK is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_ALL_MIME_TYPES=y
+# CONFIG_HTTP_VERBOSE is not set
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+# CONFIG_PERL_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/httpd/main.c b/httpd/main.c
index da26086529..b98a1dc44a 100644
--- a/httpd/main.c
+++ b/httpd/main.c
@@ -21,6 +21,7 @@
 #include <sys/types.h>
 #include <signal.h>
 #include <stdlib.h>
+#include <sys/stat.h>
 #include "axhttp.h"
 
 // GLOBALS
@@ -247,7 +248,8 @@ int main(int argc, char *argv[])
         }
 
         active = select(wnum > rnum ? wnum+1 : rnum+1,
-                rnum != -1 ? &rfds : NULL, wnum != -1 ? &wfds : NULL,
+                rnum != -1 ? &rfds : NULL, 
+                wnum != -1 ? &wfds : NULL,
                 NULL, NULL);
 
         // New connection?
@@ -271,44 +273,44 @@ int main(int argc, char *argv[])
             to = tp;
             tp = tp->next;
 
-            if (to->state == STATE_WANT_TO_READ_HEAD)
-                if (FD_ISSET(to->networkdesc, &rfds)) 
-                {
-                    active--;
-                    procreadhead(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_SEND_HEAD)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procsendhead(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_READ_FILE)
-                if (FD_ISSET(to->filedesc, &rfds)) 
-                {
-                    active--;
-                    procreadfile(to);
-                } 
-
-            if (to->state == STATE_WANT_TO_SEND_FILE)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procsendfile(to);
-                }
+            if (to->state == STATE_WANT_TO_READ_HEAD &&
+                        FD_ISSET(to->networkdesc, &rfds)) 
+            {
+                active--;
+                procreadhead(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_SEND_HEAD &&
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procsendhead(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_READ_FILE && 
+                        FD_ISSET(to->filedesc, &rfds)) 
+            {
+                active--;
+                procreadfile(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_SEND_FILE && 
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procsendfile(to);
+            }
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
-            if (to->state == STATE_DOING_DIR)
-                if (FD_ISSET(to->networkdesc, &wfds)) 
-                {
-                    active--;
-                    procdodir(to);
-                }
+            if (to->state == STATE_DOING_DIR &&
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procdodir(to);
+            }
 #endif
         }
-    } 
+    }
 
     return 0;
 }
@@ -452,9 +454,7 @@ static void handlenewconnection(int listenfd, int is_ssl)
                 ipbuf, sizeof(ipbuf));
     } 
     else 
-    {
         *ipbuf = '\0';
-    }
 
     addconnection(connfd, ipbuf, is_ssl);
 }
@@ -500,9 +500,13 @@ static int openlistener(int port)
 #endif
 
     setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr));
-    listen(sd, BACKLOG);
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1)
+    {
+        close(sd);
+        return -1;
+    }
 
+    listen(sd, BACKLOG);
     return sd;
 }
 
diff --git a/httpd/misc.c b/httpd/misc.c
deleted file mode 100644
index bca059b5bf..0000000000
--- a/httpd/misc.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "axhttp.h"
-
-void nada(int sigtype) { }
-
-void die(int sigtype) 
-{
-    exit(0);
-}
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-#ifndef WIN32
-void reaper(int sigtype) 
-{
-    wait3(NULL,WNOHANG,NULL);
-}
-#endif
-#endif
-
-void stripcrlf(char *p) 
-{
-    while (p && *p) 
-    {
-        if (*p=='\n' || *p=='\r') 
-        {
-            *p='\0';
-            return;
-        }
-        p++;
-    }
-}
-
-/* Wrapper function for strncpy() that guarantees
-   a null-terminated string. This is to avoid any possible
-   issues due to strncpy()'s behaviour. Thanks to
-   Werner Almesberger for pointing out this potential
-   issue. Needless to say, make sure sizeof(dest) > 0
-   and sizeof(dest) >= n.
- */
-char *my_strncpy(char *dest, const char *src, size_t n) 
-{
-    strncpy(dest, src, n);
-    dest[n-1] = '\0';
-    return dest;
-}
-
-/* strnlen is a GNU Extension */
-#ifndef __HAVE_ARCH_STRNLEN
-size_t strnlen (const char * str, size_t maxlen)
-{
-	const char *p;
-
-	for (p=str; maxlen-- && *p!='\0'; ++p);
-	return (p - str);
-}
-#endif
-
-int sanitizefile(char *buf) 
-{
-    int len, i;
-
-    // Don't accept anything not starting with a /
-    if (*buf != '/') 
-        return 0;
-
-    len = strlen(buf);
-    for (i = 0; i < len; i++) 
-    {
-        // Check for "/." : In other words, don't send files starting with a .
-        // Notice, GOBBLES, that this includes ".."
-        if (buf[i] == '/' && buf[i+1] == '.') 
-            return 0;
-    }
-
-    return 1;
-}
-
-int sanitizehost(char *buf) 
-{
-    while(*buf != '\0') 
-    {
-        // Handle the port
-        if (*buf == ':') 
-        {
-            *buf = '\0';
-            return 1;
-        }
-
-        // Enforce some basic URL rules...
-        if (isalnum(*buf)==0 && *buf != '-' && *buf != '.') return 0;
-        if (*buf == '.' && *(buf+1) == '.') return 0;
-        if (*buf == '.' && *(buf+1) == '-') return 0;
-        if (*buf == '-' && *(buf+1) == '.') return 0;
-        buf++;
-    }
-
-    return 1;
-}
-
-void buildactualfile(struct connstruct *cn) 
-{
-    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s",
-            webroot,
-            cn->filereq);
-
-    /* Add directory slash if not there */
-    if (isdir(cn->actualfile) && 
-            cn->actualfile[strlen(cn->actualfile)-1] != '/')
-        strcat(cn->actualfile, "/");
-
-#ifdef WIN32
-    /* convert all the forward slashes to back slashes */
-    {
-        char *t = cn->actualfile;
-        while ((t = strchr(t, '/')))
-        {
-            *t++ = '\\';
-        }
-    }
-#endif
-}
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-int issockwriteable(int sd) 
-{
-    fd_set wfds;
-    struct timeval tv;
-
-    tv.tv_sec = 0;
-    tv.tv_usec = 0;
-
-    FD_ZERO(&wfds);
-    FD_SET(sd, &wfds);
-
-    select(FD_SETSIZE, NULL, &wfds, NULL, &tv);
-
-    return FD_ISSET(sd, &wfds);
-}
-#endif
-
-int isdir(char *tpbuf) 
-{
-    struct stat st;
-
-    if (stat(tpbuf, &st) == -1) 
-        return 0;
-
-    if ((st.st_mode & S_IFMT) == S_IFDIR) 
-        return 1;
-
-    return 0;
-}
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-int iscgi(char *fn) 
-{
-    struct cgiextstruct *tp;
-    int fnlen, extlen;
-
-    fnlen = strlen(fn);
-    tp = cgiexts;
-
-    while (tp != NULL) 
-    {
-        extlen = strlen(tp->ext);
-
-        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
-            return 1;
-
-        tp = tp->next;
-    }
-
-    return 0;
-}
-
-void split(char *tp, char *sp[], int maxwords, char sc) 
-{
-    int i = 0;
-
-    while(1) 
-    {
-        /* Skip leading whitespace */
-        while(*tp == sc) tp++;
-
-        if (*tp == '\0') 
-        {
-            sp[i] = NULL;
-            break;
-        }
-
-        if (i==maxwords-2) 
-        {
-            sp[maxwords-2] = NULL;
-            break;
-        }
-
-        sp[i] = tp;
-
-        while(*tp != sc && *tp != '\0') 
-            tp++;
-
-        if (*tp == sc) 
-            *tp++ = '\0';
-
-        i++;
-    }
-}
-
-int trycgi_withpathinfo(struct connstruct *cn) 
-{
-    char tpfile[MAXREQUESTLENGTH];
-    char fr_str[MAXREQUESTLENGTH];
-    char *fr_rs[MAXCGIARGS]; // filereq splitted
-    int i = 0, offset;
-
-    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
-    split(fr_str, fr_rs, MAXCGIARGS, '/');
-
-    while (fr_rs[i] != NULL) 
-    {
-        snprintf(tpfile, sizeof(tpfile), "%s/%s%s", 
-                            webroot, cn->virtualhostreq, fr_str);
-
-        if (iscgi(tpfile) && isdir(tpfile) == 0) 
-        {
-            /* We've found our CGI file! */
-            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
-            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-
-            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
-            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
-
-            return 0;
-        }
-
-        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
-        i++;
-    }
-
-    /* Couldn't find any CGIs :( */
-    *(cn->cgiscriptinfo) = '\0';
-    *(cn->cgipathinfo) = '\0';
-    return -1;
-}
-#endif
diff --git a/httpd/proc.c b/httpd/proc.c
index d4bde5d8c8..0d3d7ba4c2 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -284,7 +284,7 @@ void procreadhead(struct connstruct *cn)
             return;
         }
 
-        while(*next != '\r' && *next != '\n' && *next != '\0') 
+        while (*next != '\r' && *next != '\n' && *next != '\0') 
             next++;
 
         if (*next == '\r') 
diff --git a/ssl/Makefile b/ssl/Makefile
index 28a900a21c..45fb862e58 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -33,6 +33,8 @@ TARGET1=../$(STAGE)/libaxtls.a
 BASETARGET=libaxtls.so
 ifdef CONFIG_PLATFORM_CYGWIN
 TARGET2=../$(STAGE)/libaxtls.dll.a
+else
+TARGET2=../$(STAGE)/$(LIBMINOR)
 endif
 
 # shared library major/minor numbers
@@ -47,7 +49,7 @@ endif
 libs: $(TARGET1) $(TARGET2)
 
 OBJ=\
-    aes.o \
+  aes.o \
 	asn1.o \
 	bigint.o \
 	crypto_misc.o \
diff --git a/www/crypto_files/crypto_2600des.gif b/www/index_files/crypto_2600des.gif
similarity index 100%
rename from www/crypto_files/crypto_2600des.gif
rename to www/index_files/crypto_2600des.gif
diff --git a/www/crypto_files/crypto_3ways.gif b/www/index_files/crypto_3ways.gif
similarity index 100%
rename from www/crypto_files/crypto_3ways.gif
rename to www/index_files/crypto_3ways.gif
diff --git a/www/crypto_files/crypto_backrsa.jpg b/www/index_files/crypto_backrsa.jpg
similarity index 100%
rename from www/crypto_files/crypto_backrsa.jpg
rename to www/index_files/crypto_backrsa.jpg
diff --git a/www/crypto_files/crypto_cert.gif b/www/index_files/crypto_cert.gif
similarity index 100%
rename from www/crypto_files/crypto_cert.gif
rename to www/index_files/crypto_cert.gif
diff --git a/www/crypto_files/crypto_des.gif b/www/index_files/crypto_des.gif
similarity index 100%
rename from www/crypto_files/crypto_des.gif
rename to www/index_files/crypto_des.gif
diff --git a/www/crypto_files/crypto_ecc.gif b/www/index_files/crypto_ecc.gif
similarity index 100%
rename from www/crypto_files/crypto_ecc.gif
rename to www/index_files/crypto_ecc.gif
diff --git a/www/crypto_files/crypto_sslv3.gif b/www/index_files/crypto_sslv3.gif
similarity index 100%
rename from www/crypto_files/crypto_sslv3.gif
rename to www/index_files/crypto_sslv3.gif
diff --git a/www/crypto_files/crypto_types.gif b/www/index_files/crypto_types.gif
similarity index 100%
rename from www/crypto_files/crypto_types.gif
rename to www/index_files/crypto_types.gif
diff --git a/www/crypto_files/kerberos.gif b/www/index_files/kerberos.gif
similarity index 100%
rename from www/crypto_files/kerberos.gif
rename to www/index_files/kerberos.gif

From bb61a8921cec2948d96d92af2b3779e727205171 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 24 Jan 2007 08:41:30 +0000
Subject: [PATCH 045/301] more axhttpd work

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@55 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/scripts/config/lex.zconf.c | 3688 -----------------------------
 config/scripts/config/lkc_defs.h  |   40 -
 config/scripts/config/zconf.tab.c | 2130 -----------------
 config/scripts/config/zconf.tab.h |  125 -
 httpd/Makefile                    |    3 +-
 httpd/README                      |    4 +-
 httpd/axhttp.h                    |    3 +-
 httpd/main.c                      |   99 +-
 httpd/mime_types.c                |    2 +-
 httpd/proc.c                      |  111 +-
 ssl/Makefile                      |    2 +-
 ssl/bigint.c                      |   12 +-
 ssl/crypto_misc.c                 |    2 +-
 ssl/tls1.c                        |    7 +-
 14 files changed, 157 insertions(+), 6071 deletions(-)
 delete mode 100644 config/scripts/config/lex.zconf.c
 delete mode 100644 config/scripts/config/lkc_defs.h
 delete mode 100644 config/scripts/config/zconf.tab.c
 delete mode 100644 config/scripts/config/zconf.tab.h

diff --git a/config/scripts/config/lex.zconf.c b/config/scripts/config/lex.zconf.c
deleted file mode 100644
index b877bb6b3c..0000000000
--- a/config/scripts/config/lex.zconf.c
+++ /dev/null
@@ -1,3688 +0,0 @@
-
-#line 3 "lex.zconf.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 31
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE zconfrestart(zconfin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int zconfleng;
-
-extern FILE *zconfin, *zconfout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up zconftext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up zconftext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via zconfrestart()), so that the user can continue scanning by
-	 * just pointing zconfin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when zconftext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int zconfleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow zconfwrap()'s to do buffer switches
- * instead of setting up a fresh zconfin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void zconfrestart (FILE *input_file  );
-void zconf_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE zconf_create_buffer (FILE *file,int size  );
-void zconf_delete_buffer (YY_BUFFER_STATE b  );
-void zconf_flush_buffer (YY_BUFFER_STATE b  );
-void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void zconfpop_buffer_state (void );
-
-static void zconfensure_buffer_stack (void );
-static void zconf_load_buffer_state (void );
-static void zconf_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER zconf_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE zconf_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE zconf_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE zconf_scan_bytes (yyconst char *bytes,int len  );
-
-void *zconfalloc (yy_size_t  );
-void *zconfrealloc (void *,yy_size_t  );
-void zconffree (void *  );
-
-#define yy_new_buffer zconf_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        zconfensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        zconfensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-#define zconfwrap(n) 1
-#define YY_SKIP_YYWRAP
-
-typedef unsigned char YY_CHAR;
-
-FILE *zconfin = (FILE *) 0, *zconfout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int zconflineno;
-
-int zconflineno = 1;
-
-extern char *zconftext;
-#define yytext_ptr zconftext
-static yyconst flex_int16_t yy_nxt[][38] =
-    {
-    {
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0
-    },
-
-    {
-       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12
-    },
-
-    {
-       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12
-    },
-
-    {
-       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
-       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
-       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
-       27,   18,   28,   29,   30,   18,   18,   16
-    },
-
-    {
-       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
-       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
-       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
-       27,   18,   28,   29,   30,   18,   18,   16
-
-    },
-
-    {
-       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31
-    },
-
-    {
-       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31
-    },
-
-    {
-       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
-       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
-
-       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34
-    },
-
-    {
-       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
-       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34
-    },
-
-    {
-       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
-       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
-       47,   47,   47,   47,   47,   47,   47,   52
-
-    },
-
-    {
-       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
-       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
-       47,   47,   47,   47,   47,   47,   47,   52
-    },
-
-    {
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11
-    },
-
-    {
-       11,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12
-    },
-
-    {
-       11,  -13,   53,   54,  -13,  -13,   55,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13
-    },
-
-    {
-       11,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14
-
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16
-    },
-
-    {
-       11,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17
-    },
-
-    {
-       11,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,
-      -18,  -18,  -18,   58,  -18,  -18,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -18
-    },
-
-    {
-       11,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,
-      -19,  -19,  -19,   58,  -19,  -19,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   59,
-       58,   58,   58,   58,   58,   58,   58,  -19
-
-    },
-
-    {
-       11,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,
-      -20,  -20,  -20,   58,  -20,  -20,   58,   58,   58,   58,
-       58,   58,   58,   58,   60,   58,   58,   58,   58,   61,
-       58,   58,   58,   58,   58,   58,   58,  -20
-    },
-
-    {
-       11,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,
-      -21,  -21,  -21,   58,  -21,  -21,   58,   58,   58,   58,
-       58,   62,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -21
-    },
-
-    {
-       11,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,
-      -22,  -22,  -22,   58,  -22,  -22,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   63,   58,
-       58,   58,   58,   58,   58,   58,   58,  -22
-    },
-
-    {
-       11,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,
-      -23,  -23,  -23,   58,  -23,  -23,   58,   58,   58,   58,
-       58,   64,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -23
-    },
-
-    {
-       11,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,
-      -24,  -24,  -24,   58,  -24,  -24,   58,   58,   58,   58,
-       58,   58,   65,   58,   58,   58,   58,   58,   66,   58,
-       58,   58,   58,   58,   58,   58,   58,  -24
-
-    },
-
-    {
-       11,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,
-      -25,  -25,  -25,   58,  -25,  -25,   58,   67,   58,   58,
-       58,   68,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -25
-    },
-
-    {
-       11,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,
-      -26,  -26,  -26,   58,  -26,  -26,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       69,   58,   58,   58,   58,   58,   58,  -26
-    },
-
-    {
-       11,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,
-      -27,  -27,  -27,   58,  -27,  -27,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   70,   58,   58,   58,   58,  -27
-    },
-
-    {
-       11,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,
-      -28,  -28,  -28,   58,  -28,  -28,   58,   71,   58,   58,
-       58,   72,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -28
-    },
-
-    {
-       11,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,
-      -29,  -29,  -29,   58,  -29,  -29,   58,   58,   58,   58,
-       58,   73,   58,   58,   58,   58,   58,   58,   58,   74,
-       58,   58,   58,   58,   75,   58,   58,  -29
-
-    },
-
-    {
-       11,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,
-      -30,  -30,  -30,   58,  -30,  -30,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   76,   58,   58,   58,   58,  -30
-    },
-
-    {
-       11,   77,   77,  -31,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77
-    },
-
-    {
-       11,  -32,   78,   79,  -32,  -32,  -32,  -32,  -32,  -32,
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
-
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32
-    },
-
-    {
-       11,   80,  -33,  -33,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80
-    },
-
-    {
-       11,   81,   81,   82,   81,  -34,   81,   81,  -34,   81,
-       81,   81,   81,   81,   81,  -34,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81
-
-    },
-
-    {
-       11,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35
-    },
-
-    {
-       11,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36
-    },
-
-    {
-       11,   83,   83,   84,   83,   83,   83,   83,   83,   83,
-       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
-
-       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
-       83,   83,   83,   83,   83,   83,   83,   83
-    },
-
-    {
-       11,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38
-    },
-
-    {
-       11,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39
-
-    },
-
-    {
-       11,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,   85,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40
-    },
-
-    {
-       11,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41
-    },
-
-    {
-       11,   86,   86,  -42,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86
-    },
-
-    {
-       11,  -43,  -43,  -43,  -43,  -43,  -43,   87,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43
-    },
-
-    {
-       11,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44
-
-    },
-
-    {
-       11,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45
-    },
-
-    {
-       11,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,
-      -46,   88,   89,   89,  -46,  -46,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -46
-    },
-
-    {
-       11,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,
-      -47,   89,   89,   89,  -47,  -47,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -47
-    },
-
-    {
-       11,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48
-    },
-
-    {
-       11,  -49,  -49,   90,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49
-
-    },
-
-    {
-       11,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,
-      -50,   89,   89,   89,  -50,  -50,   89,   89,   89,   89,
-       89,   89,   91,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -50
-    },
-
-    {
-       11,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,
-      -51,   89,   89,   89,  -51,  -51,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   92,   89,
-       89,   89,   89,   89,   89,   89,   89,  -51
-    },
-
-    {
-       11,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,   93
-    },
-
-    {
-       11,  -53,   53,   54,  -53,  -53,   55,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53
-    },
-
-    {
-       11,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54
-
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57
-    },
-
-    {
-       11,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,
-      -58,  -58,  -58,   58,  -58,  -58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -58
-    },
-
-    {
-       11,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,
-      -59,  -59,  -59,   58,  -59,  -59,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   94,
-       58,   58,   58,   58,   58,   58,   58,  -59
-
-    },
-
-    {
-       11,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,
-      -60,  -60,  -60,   58,  -60,  -60,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   95,
-       58,   58,   58,   58,   58,   58,   58,  -60
-    },
-
-    {
-       11,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,
-      -61,  -61,  -61,   58,  -61,  -61,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   96,   97,   58,
-       58,   58,   58,   58,   58,   58,   58,  -61
-    },
-
-    {
-       11,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,
-      -62,  -62,  -62,   58,  -62,  -62,   58,   58,   58,   58,
-
-       58,   58,   98,   58,   58,   58,   58,   58,   58,   58,
-       99,   58,   58,   58,   58,   58,   58,  -62
-    },
-
-    {
-       11,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,
-      -63,  -63,  -63,   58,  -63,  -63,   58,  100,   58,   58,
-      101,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -63
-    },
-
-    {
-       11,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,
-      -64,  -64,  -64,   58,  -64,  -64,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  102,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  103,  -64
-
-    },
-
-    {
-       11,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,
-      -65,  -65,  -65,   58,  -65,  -65,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -65
-    },
-
-    {
-       11,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,
-      -66,  -66,  -66,   58,  -66,  -66,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  104,   58,   58,  -66
-    },
-
-    {
-       11,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,
-      -67,  -67,  -67,   58,  -67,  -67,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  105,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -67
-    },
-
-    {
-       11,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,
-      -68,  -68,  -68,   58,  -68,  -68,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  106,   58,
-       58,   58,   58,   58,   58,   58,   58,  -68
-    },
-
-    {
-       11,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,
-      -69,  -69,  -69,   58,  -69,  -69,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  107,   58,   58,  -69
-
-    },
-
-    {
-       11,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,
-      -70,  -70,  -70,   58,  -70,  -70,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  108,
-       58,   58,   58,   58,   58,   58,   58,  -70
-    },
-
-    {
-       11,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,
-      -71,  -71,  -71,   58,  -71,  -71,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  109,   58,
-       58,   58,   58,   58,   58,   58,   58,  -71
-    },
-
-    {
-       11,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,
-      -72,  -72,  -72,   58,  -72,  -72,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,  110,   58,   58,   58,   58,   58,  -72
-    },
-
-    {
-       11,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,
-      -73,  -73,  -73,   58,  -73,  -73,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  111,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -73
-    },
-
-    {
-       11,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,
-      -74,  -74,  -74,   58,  -74,  -74,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  112,   58,  -74
-
-    },
-
-    {
-       11,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,
-      -75,  -75,  -75,   58,  -75,  -75,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  113,   58,   58,   58,   58,  -75
-    },
-
-    {
-       11,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,
-      -76,  -76,  -76,   58,  -76,  -76,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  114,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -76
-    },
-
-    {
-       11,   77,   77,  -77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77
-    },
-
-    {
-       11,  -78,   78,   79,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78
-    },
-
-    {
-       11,   80,  -79,  -79,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80
-
-    },
-
-    {
-       11,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80
-    },
-
-    {
-       11,   81,   81,   82,   81,  -81,   81,   81,  -81,   81,
-       81,   81,   81,   81,   81,  -81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81
-    },
-
-    {
-       11,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82
-    },
-
-    {
-       11,  -83,  -83,   84,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83
-    },
-
-    {
-       11,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84
-
-    },
-
-    {
-       11,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85
-    },
-
-    {
-       11,   86,   86,  -86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86
-    },
-
-    {
-       11,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87
-    },
-
-    {
-       11,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,
-      -88,  115,   89,   89,  -88,  -88,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -88
-    },
-
-    {
-       11,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,
-      -89,   89,   89,   89,  -89,  -89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -89
-
-    },
-
-    {
-       11,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90
-    },
-
-    {
-       11,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,
-      -91,   89,   89,   89,  -91,  -91,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -91
-    },
-
-    {
-       11,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,
-      -92,   89,   89,   89,  -92,  -92,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -92
-    },
-
-    {
-       11,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93
-    },
-
-    {
-       11,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,
-      -94,  -94,  -94,   58,  -94,  -94,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  116,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -94
-
-    },
-
-    {
-       11,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,
-      -95,  -95,  -95,   58,  -95,  -95,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  117,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -95
-    },
-
-    {
-       11,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,
-      -96,  -96,  -96,   58,  -96,  -96,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  118,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -96
-    },
-
-    {
-       11,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,
-      -97,  -97,  -97,   58,  -97,  -97,   58,   58,   58,   58,
-
-       58,   58,  119,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -97
-    },
-
-    {
-       11,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,
-      -98,  -98,  -98,   58,  -98,  -98,  120,  121,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -98
-    },
-
-    {
-       11,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,
-      -99,  -99,  -99,   58,  -99,  -99,   58,   58,   58,   58,
-       58,  122,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -99
-
-    },
-
-    {
-       11, -100, -100, -100, -100, -100, -100, -100, -100, -100,
-     -100, -100, -100,   58, -100, -100,   58,   58,  123,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -100
-    },
-
-    {
-       11, -101, -101, -101, -101, -101, -101, -101, -101, -101,
-     -101, -101, -101,   58, -101, -101,   58,   58,   58,  124,
-       58,   58,   58,   58,   58,  125,   58,  126,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -101
-    },
-
-    {
-       11, -102, -102, -102, -102, -102, -102, -102, -102, -102,
-     -102, -102, -102,   58, -102, -102,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-      127,   58,   58,   58,   58,   58,   58, -102
-    },
-
-    {
-       11, -103, -103, -103, -103, -103, -103, -103, -103, -103,
-     -103, -103, -103,   58, -103, -103,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -103
-    },
-
-    {
-       11, -104, -104, -104, -104, -104, -104, -104, -104, -104,
-     -104, -104, -104,   58, -104, -104,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -104
-
-    },
-
-    {
-       11, -105, -105, -105, -105, -105, -105, -105, -105, -105,
-     -105, -105, -105,   58, -105, -105,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  128,   58,
-       58,   58,   58,   58,   58,   58,   58, -105
-    },
-
-    {
-       11, -106, -106, -106, -106, -106, -106, -106, -106, -106,
-     -106, -106, -106,   58, -106, -106,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  129,   58, -106
-    },
-
-    {
-       11, -107, -107, -107, -107, -107, -107, -107, -107, -107,
-     -107, -107, -107,   58, -107, -107,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  130,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -107
-    },
-
-    {
-       11, -108, -108, -108, -108, -108, -108, -108, -108, -108,
-     -108, -108, -108,   58, -108, -108,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  131,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -108
-    },
-
-    {
-       11, -109, -109, -109, -109, -109, -109, -109, -109, -109,
-     -109, -109, -109,   58, -109, -109,   58,   58,   58,   58,
-       58,   58,   58,  132,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -109
-
-    },
-
-    {
-       11, -110, -110, -110, -110, -110, -110, -110, -110, -110,
-     -110, -110, -110,   58, -110, -110,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  133,   58, -110
-    },
-
-    {
-       11, -111, -111, -111, -111, -111, -111, -111, -111, -111,
-     -111, -111, -111,   58, -111, -111,   58,   58,   58,   58,
-       58,  134,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -111
-    },
-
-    {
-       11, -112, -112, -112, -112, -112, -112, -112, -112, -112,
-     -112, -112, -112,   58, -112, -112,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  135,   58,   58,   58,   58, -112
-    },
-
-    {
-       11, -113, -113, -113, -113, -113, -113, -113, -113, -113,
-     -113, -113, -113,   58, -113, -113,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  136,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -113
-    },
-
-    {
-       11, -114, -114, -114, -114, -114, -114, -114, -114, -114,
-     -114, -114, -114,   58, -114, -114,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  137,   58,   58,   58, -114
-
-    },
-
-    {
-       11, -115, -115, -115, -115, -115, -115, -115, -115, -115,
-     -115,   89,   89,   89, -115, -115,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89, -115
-    },
-
-    {
-       11, -116, -116, -116, -116, -116, -116, -116, -116, -116,
-     -116, -116, -116,   58, -116, -116,   58,   58,   58,   58,
-       58,  138,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -116
-    },
-
-    {
-       11, -117, -117, -117, -117, -117, -117, -117, -117, -117,
-     -117, -117, -117,   58, -117, -117,   58,   58,   58,  139,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -117
-    },
-
-    {
-       11, -118, -118, -118, -118, -118, -118, -118, -118, -118,
-     -118, -118, -118,   58, -118, -118,   58,   58,   58,   58,
-       58,  140,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -118
-    },
-
-    {
-       11, -119, -119, -119, -119, -119, -119, -119, -119, -119,
-     -119, -119, -119,   58, -119, -119,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  141,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -119
-
-    },
-
-    {
-       11, -120, -120, -120, -120, -120, -120, -120, -120, -120,
-     -120, -120, -120,   58, -120, -120,   58,   58,  142,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  143,   58,   58, -120
-    },
-
-    {
-       11, -121, -121, -121, -121, -121, -121, -121, -121, -121,
-     -121, -121, -121,   58, -121, -121,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  144,   58, -121
-    },
-
-    {
-       11, -122, -122, -122, -122, -122, -122, -122, -122, -122,
-     -122, -122, -122,   58, -122, -122,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  145,   58,
-       58,   58,   58,   58,   58,   58,   58, -122
-    },
-
-    {
-       11, -123, -123, -123, -123, -123, -123, -123, -123, -123,
-     -123, -123, -123,   58, -123, -123,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  146,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -123
-    },
-
-    {
-       11, -124, -124, -124, -124, -124, -124, -124, -124, -124,
-     -124, -124, -124,   58, -124, -124,   58,   58,   58,   58,
-       58,   58,   58,   58,  147,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -124
-
-    },
-
-    {
-       11, -125, -125, -125, -125, -125, -125, -125, -125, -125,
-     -125, -125, -125,   58, -125, -125,   58,   58,   58,   58,
-       58,   58,  148,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -125
-    },
-
-    {
-       11, -126, -126, -126, -126, -126, -126, -126, -126, -126,
-     -126, -126, -126,   58, -126, -126,   58,   58,   58,   58,
-       58,  149,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -126
-    },
-
-    {
-       11, -127, -127, -127, -127, -127, -127, -127, -127, -127,
-     -127, -127, -127,   58, -127, -127,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -127
-    },
-
-    {
-       11, -128, -128, -128, -128, -128, -128, -128, -128, -128,
-     -128, -128, -128,   58, -128, -128,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  150,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -128
-    },
-
-    {
-       11, -129, -129, -129, -129, -129, -129, -129, -129, -129,
-     -129, -129, -129,   58, -129, -129,   58,   58,   58,  151,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -129
-
-    },
-
-    {
-       11, -130, -130, -130, -130, -130, -130, -130, -130, -130,
-     -130, -130, -130,   58, -130, -130,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  152,
-       58,   58,   58,   58,   58,   58,   58, -130
-    },
-
-    {
-       11, -131, -131, -131, -131, -131, -131, -131, -131, -131,
-     -131, -131, -131,   58, -131, -131,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-      153,   58,   58,   58,   58,   58,   58, -131
-    },
-
-    {
-       11, -132, -132, -132, -132, -132, -132, -132, -132, -132,
-     -132, -132, -132,   58, -132, -132,   58,   58,   58,   58,
-
-       58,  154,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -132
-    },
-
-    {
-       11, -133, -133, -133, -133, -133, -133, -133, -133, -133,
-     -133, -133, -133,   58, -133, -133,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  155,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -133
-    },
-
-    {
-       11, -134, -134, -134, -134, -134, -134, -134, -134, -134,
-     -134, -134, -134,   58, -134, -134,   58,   58,   58,  156,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -134
-
-    },
-
-    {
-       11, -135, -135, -135, -135, -135, -135, -135, -135, -135,
-     -135, -135, -135,   58, -135, -135,   58,   58,   58,  157,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -135
-    },
-
-    {
-       11, -136, -136, -136, -136, -136, -136, -136, -136, -136,
-     -136, -136, -136,   58, -136, -136,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  158,   58,
-       58,   58,   58,   58,   58,   58,   58, -136
-    },
-
-    {
-       11, -137, -137, -137, -137, -137, -137, -137, -137, -137,
-     -137, -137, -137,   58, -137, -137,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  159,   58,   58, -137
-    },
-
-    {
-       11, -138, -138, -138, -138, -138, -138, -138, -138, -138,
-     -138, -138, -138,   58, -138, -138,   58,  160,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -138
-    },
-
-    {
-       11, -139, -139, -139, -139, -139, -139, -139, -139, -139,
-     -139, -139, -139,   58, -139, -139,   58,   58,   58,   58,
-       58,  161,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -139
-
-    },
-
-    {
-       11, -140, -140, -140, -140, -140, -140, -140, -140, -140,
-     -140, -140, -140,   58, -140, -140,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  162,   58,
-       58,   58,   58,   58,   58,   58,   58, -140
-    },
-
-    {
-       11, -141, -141, -141, -141, -141, -141, -141, -141, -141,
-     -141, -141, -141,   58, -141, -141,   58,   58,   58,   58,
-       58,   58,   58,  163,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -141
-    },
-
-    {
-       11, -142, -142, -142, -142, -142, -142, -142, -142, -142,
-     -142, -142, -142,   58, -142, -142,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  164,
-       58,   58,   58,   58,   58,   58,   58, -142
-    },
-
-    {
-       11, -143, -143, -143, -143, -143, -143, -143, -143, -143,
-     -143, -143, -143,   58, -143, -143,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  165,   58,   58,   58,   58, -143
-    },
-
-    {
-       11, -144, -144, -144, -144, -144, -144, -144, -144, -144,
-     -144, -144, -144,   58, -144, -144,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  166,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -144
-
-    },
-
-    {
-       11, -145, -145, -145, -145, -145, -145, -145, -145, -145,
-     -145, -145, -145,   58, -145, -145,   58,   58,   58,   58,
-      167,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -145
-    },
-
-    {
-       11, -146, -146, -146, -146, -146, -146, -146, -146, -146,
-     -146, -146, -146,   58, -146, -146,   58,   58,   58,   58,
-       58,  168,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -146
-    },
-
-    {
-       11, -147, -147, -147, -147, -147, -147, -147, -147, -147,
-     -147, -147, -147,   58, -147, -147,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  169,
-       58,   58,   58,   58,   58,   58,   58, -147
-    },
-
-    {
-       11, -148, -148, -148, -148, -148, -148, -148, -148, -148,
-     -148, -148, -148,   58, -148, -148,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -148
-    },
-
-    {
-       11, -149, -149, -149, -149, -149, -149, -149, -149, -149,
-     -149, -149, -149,   58, -149, -149,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  170,   58,
-       58,   58,   58,   58,   58,   58,   58, -149
-
-    },
-
-    {
-       11, -150, -150, -150, -150, -150, -150, -150, -150, -150,
-     -150, -150, -150,   58, -150, -150,   58,   58,   58,   58,
-       58,  171,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -150
-    },
-
-    {
-       11, -151, -151, -151, -151, -151, -151, -151, -151, -151,
-     -151, -151, -151,   58, -151, -151,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  172,
-       58,   58,   58,   58,   58,   58,   58, -151
-    },
-
-    {
-       11, -152, -152, -152, -152, -152, -152, -152, -152, -152,
-     -152, -152, -152,   58, -152, -152,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  173,   58,
-       58,   58,   58,   58,   58,   58,   58, -152
-    },
-
-    {
-       11, -153, -153, -153, -153, -153, -153, -153, -153, -153,
-     -153, -153, -153,   58, -153, -153,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  174,   58,   58, -153
-    },
-
-    {
-       11, -154, -154, -154, -154, -154, -154, -154, -154, -154,
-     -154, -154, -154,   58, -154, -154,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -154
-
-    },
-
-    {
-       11, -155, -155, -155, -155, -155, -155, -155, -155, -155,
-     -155, -155, -155,   58, -155, -155,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  175,   58,   58,   58,   58, -155
-    },
-
-    {
-       11, -156, -156, -156, -156, -156, -156, -156, -156, -156,
-     -156, -156, -156,   58, -156, -156,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  176,   58,   58, -156
-    },
-
-    {
-       11, -157, -157, -157, -157, -157, -157, -157, -157, -157,
-     -157, -157, -157,   58, -157, -157,   58,   58,   58,   58,
-
-       58,  177,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -157
-    },
-
-    {
-       11, -158, -158, -158, -158, -158, -158, -158, -158, -158,
-     -158, -158, -158,   58, -158, -158,   58,   58,   58,   58,
-       58,   58,   58,  178,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -158
-    },
-
-    {
-       11, -159, -159, -159, -159, -159, -159, -159, -159, -159,
-     -159, -159, -159,   58, -159, -159,   58,  179,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -159
-
-    },
-
-    {
-       11, -160, -160, -160, -160, -160, -160, -160, -160, -160,
-     -160, -160, -160,   58, -160, -160,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  180,   58,
-       58,   58,   58,   58,   58,   58,   58, -160
-    },
-
-    {
-       11, -161, -161, -161, -161, -161, -161, -161, -161, -161,
-     -161, -161, -161,   58, -161, -161,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -161
-    },
-
-    {
-       11, -162, -162, -162, -162, -162, -162, -162, -162, -162,
-     -162, -162, -162,   58, -162, -162,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  181,   58,   58, -162
-    },
-
-    {
-       11, -163, -163, -163, -163, -163, -163, -163, -163, -163,
-     -163, -163, -163,   58, -163, -163,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -163
-    },
-
-    {
-       11, -164, -164, -164, -164, -164, -164, -164, -164, -164,
-     -164, -164, -164,   58, -164, -164,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  182,
-       58,   58,   58,   58,   58,   58,   58, -164
-
-    },
-
-    {
-       11, -165, -165, -165, -165, -165, -165, -165, -165, -165,
-     -165, -165, -165,   58, -165, -165,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  183,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -165
-    },
-
-    {
-       11, -166, -166, -166, -166, -166, -166, -166, -166, -166,
-     -166, -166, -166,   58, -166, -166,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  184,   58,   58, -166
-    },
-
-    {
-       11, -167, -167, -167, -167, -167, -167, -167, -167, -167,
-     -167, -167, -167,   58, -167, -167,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  185,   58,   58,   58, -167
-    },
-
-    {
-       11, -168, -168, -168, -168, -168, -168, -168, -168, -168,
-     -168, -168, -168,   58, -168, -168,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -168
-    },
-
-    {
-       11, -169, -169, -169, -169, -169, -169, -169, -169, -169,
-     -169, -169, -169,   58, -169, -169,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  186,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -169
-
-    },
-
-    {
-       11, -170, -170, -170, -170, -170, -170, -170, -170, -170,
-     -170, -170, -170,   58, -170, -170,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  187,   58, -170
-    },
-
-    {
-       11, -171, -171, -171, -171, -171, -171, -171, -171, -171,
-     -171, -171, -171,   58, -171, -171,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  188,   58,
-       58,   58,   58,   58,   58,   58,   58, -171
-    },
-
-    {
-       11, -172, -172, -172, -172, -172, -172, -172, -172, -172,
-     -172, -172, -172,   58, -172, -172,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  189,   58,
-       58,   58,   58,   58,   58,   58,   58, -172
-    },
-
-    {
-       11, -173, -173, -173, -173, -173, -173, -173, -173, -173,
-     -173, -173, -173,   58, -173, -173,   58,  190,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -173
-    },
-
-    {
-       11, -174, -174, -174, -174, -174, -174, -174, -174, -174,
-     -174, -174, -174,   58, -174, -174,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -174
-
-    },
-
-    {
-       11, -175, -175, -175, -175, -175, -175, -175, -175, -175,
-     -175, -175, -175,   58, -175, -175,   58,   58,   58,   58,
-       58,  191,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -175
-    },
-
-    {
-       11, -176, -176, -176, -176, -176, -176, -176, -176, -176,
-     -176, -176, -176,   58, -176, -176,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -176
-    },
-
-    {
-       11, -177, -177, -177, -177, -177, -177, -177, -177, -177,
-     -177, -177, -177,   58, -177, -177,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -177
-    },
-
-    {
-       11, -178, -178, -178, -178, -178, -178, -178, -178, -178,
-     -178, -178, -178,   58, -178, -178,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -178
-    },
-
-    {
-       11, -179, -179, -179, -179, -179, -179, -179, -179, -179,
-     -179, -179, -179,   58, -179, -179,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  192,   58,   58, -179
-
-    },
-
-    {
-       11, -180, -180, -180, -180, -180, -180, -180, -180, -180,
-     -180, -180, -180,   58, -180, -180,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -180
-    },
-
-    {
-       11, -181, -181, -181, -181, -181, -181, -181, -181, -181,
-     -181, -181, -181,   58, -181, -181,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -181
-    },
-
-    {
-       11, -182, -182, -182, -182, -182, -182, -182, -182, -182,
-     -182, -182, -182,   58, -182, -182,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,  193,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -182
-    },
-
-    {
-       11, -183, -183, -183, -183, -183, -183, -183, -183, -183,
-     -183, -183, -183,   58, -183, -183,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  194,   58,   58,   58, -183
-    },
-
-    {
-       11, -184, -184, -184, -184, -184, -184, -184, -184, -184,
-     -184, -184, -184,   58, -184, -184,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -184
-
-    },
-
-    {
-       11, -185, -185, -185, -185, -185, -185, -185, -185, -185,
-     -185, -185, -185,   58, -185, -185,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -185
-    },
-
-    {
-       11, -186, -186, -186, -186, -186, -186, -186, -186, -186,
-     -186, -186, -186,   58, -186, -186,   58,   58,   58,  195,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -186
-    },
-
-    {
-       11, -187, -187, -187, -187, -187, -187, -187, -187, -187,
-     -187, -187, -187,   58, -187, -187,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -187
-    },
-
-    {
-       11, -188, -188, -188, -188, -188, -188, -188, -188, -188,
-     -188, -188, -188,   58, -188, -188,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  196,   58, -188
-    },
-
-    {
-       11, -189, -189, -189, -189, -189, -189, -189, -189, -189,
-     -189, -189, -189,   58, -189, -189,   58,   58,   58,   58,
-       58,   58,  197,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -189
-
-    },
-
-    {
-       11, -190, -190, -190, -190, -190, -190, -190, -190, -190,
-     -190, -190, -190,   58, -190, -190,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  198,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -190
-    },
-
-    {
-       11, -191, -191, -191, -191, -191, -191, -191, -191, -191,
-     -191, -191, -191,   58, -191, -191,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  199,   58,   58,   58, -191
-    },
-
-    {
-       11, -192, -192, -192, -192, -192, -192, -192, -192, -192,
-     -192, -192, -192,   58, -192, -192,   58,   58,   58,   58,
-
-       58,  200,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -192
-    },
-
-    {
-       11, -193, -193, -193, -193, -193, -193, -193, -193, -193,
-     -193, -193, -193,   58, -193, -193,   58,   58,   58,   58,
-       58,  201,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -193
-    },
-
-    {
-       11, -194, -194, -194, -194, -194, -194, -194, -194, -194,
-     -194, -194, -194,   58, -194, -194,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  202,   58,   58, -194
-
-    },
-
-    {
-       11, -195, -195, -195, -195, -195, -195, -195, -195, -195,
-     -195, -195, -195,   58, -195, -195,   58,   58,   58,   58,
-       58,  203,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -195
-    },
-
-    {
-       11, -196, -196, -196, -196, -196, -196, -196, -196, -196,
-     -196, -196, -196,   58, -196, -196,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -196
-    },
-
-    {
-       11, -197, -197, -197, -197, -197, -197, -197, -197, -197,
-     -197, -197, -197,   58, -197, -197,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  204,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -197
-    },
-
-    {
-       11, -198, -198, -198, -198, -198, -198, -198, -198, -198,
-     -198, -198, -198,   58, -198, -198,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -198
-    },
-
-    {
-       11, -199, -199, -199, -199, -199, -199, -199, -199, -199,
-     -199, -199, -199,   58, -199, -199,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -199
-
-    },
-
-    {
-       11, -200, -200, -200, -200, -200, -200, -200, -200, -200,
-     -200, -200, -200,   58, -200, -200,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -200
-    },
-
-    {
-       11, -201, -201, -201, -201, -201, -201, -201, -201, -201,
-     -201, -201, -201,   58, -201, -201,   58,  205,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -201
-    },
-
-    {
-       11, -202, -202, -202, -202, -202, -202, -202, -202, -202,
-     -202, -202, -202,   58, -202, -202,   58,  206,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -202
-    },
-
-    {
-       11, -203, -203, -203, -203, -203, -203, -203, -203, -203,
-     -203, -203, -203,   58, -203, -203,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -203
-    },
-
-    {
-       11, -204, -204, -204, -204, -204, -204, -204, -204, -204,
-     -204, -204, -204,   58, -204, -204,   58,   58,   58,   58,
-       58,   58,   58,  207,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -204
-
-    },
-
-    {
-       11, -205, -205, -205, -205, -205, -205, -205, -205, -205,
-     -205, -205, -205,   58, -205, -205,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  208,   58,
-       58,   58,   58,   58,   58,   58,   58, -205
-    },
-
-    {
-       11, -206, -206, -206, -206, -206, -206, -206, -206, -206,
-     -206, -206, -206,   58, -206, -206,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  209,   58,   58, -206
-    },
-
-    {
-       11, -207, -207, -207, -207, -207, -207, -207, -207, -207,
-     -207, -207, -207,   58, -207, -207,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -207
-    },
-
-    {
-       11, -208, -208, -208, -208, -208, -208, -208, -208, -208,
-     -208, -208, -208,   58, -208, -208,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -208
-    },
-
-    {
-       11, -209, -209, -209, -209, -209, -209, -209, -209, -209,
-     -209, -209, -209,   58, -209, -209,   58,   58,   58,   58,
-       58,  210,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -209
-
-    },
-
-    {
-       11, -210, -210, -210, -210, -210, -210, -210, -210, -210,
-     -210, -210, -210,   58, -210, -210,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -210
-    },
-
-    } ;
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up zconftext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	zconfleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 64
-#define YY_END_OF_BUFFER 65
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[211] =
-    {   0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-       65,    5,    4,    3,    2,   36,   37,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
-       63,   60,   62,   55,   59,   58,   57,   53,   48,   42,
-       47,   51,   53,   40,   41,   50,   50,   43,   53,   50,
-       50,   53,    4,    3,    2,    2,    1,   35,   35,   35,
-       35,   35,   35,   35,   16,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   63,   60,   62,   61,
-       55,   54,   57,   56,   44,   51,   38,   50,   50,   52,
-       45,   46,   39,   35,   35,   35,   35,   35,   35,   35,
-
-       35,   35,   30,   29,   35,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   49,   25,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   15,   35,    7,   35,
-       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   35,   17,   35,   35,
-       35,   35,   35,   34,   35,   35,   35,   35,   35,   35,
-       10,   35,   13,   35,   35,   35,   35,   33,   35,   35,
-       35,   35,   35,   22,   35,   32,    9,   31,   35,   26,
-       12,   35,   35,   21,   18,   35,    8,   35,   35,   35,
-       35,   35,   27,   35,   35,    6,   35,   20,   19,   23,
-
-       35,   35,   11,   35,   35,   35,   14,   28,   35,   24
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    4,    5,    6,    1,    1,    7,    8,    9,
-       10,    1,    1,    1,   11,   12,   12,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,    1,    1,    1,
-       14,    1,    1,    1,   13,   13,   13,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
-        1,   15,    1,    1,   16,    1,   17,   18,   19,   20,
-
-       21,   22,   23,   24,   25,   13,   13,   26,   27,   28,
-       29,   30,   31,   32,   33,   34,   35,   13,   13,   36,
-       13,   13,    1,   37,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-extern int zconf_flex_debug;
-int zconf_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *zconftext;
-
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-#define START_STRSIZE	16
-
-char *text;
-static char *text_ptr;
-static int text_size, text_asize;
-
-struct buffer {
-        struct buffer *parent;
-        YY_BUFFER_STATE state;
-};
-
-struct buffer *current_buf;
-
-static int last_ts, first_ts;
-
-static void zconf_endhelp(void);
-static struct buffer *zconf_endfile(void);
-
-void new_string(void)
-{
-	text = malloc(START_STRSIZE);
-	text_asize = START_STRSIZE;
-	text_ptr = text;
-	text_size = 0;
-	*text_ptr = 0;
-}
-
-void append_string(const char *str, int size)
-{
-	int new_size = text_size + size + 1;
-	if (new_size > text_asize) {
-		text = realloc(text, new_size);
-		text_asize = new_size;
-		text_ptr = text + text_size;
-	}
-	memcpy(text_ptr, str, size);
-	text_ptr += size;
-	text_size += size;
-	*text_ptr = 0;
-}
-
-void alloc_string(const char *str, int size)
-{
-	text = malloc(size + 1);
-	memcpy(text, str, size);
-	text[size] = 0;
-}
-
-#define INITIAL 0
-#define COMMAND 1
-#define HELP 2
-#define STRING 3
-#define PARAM 4
-
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int zconfwrap (void );
-#else
-extern int zconfwrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( zconftext, zconfleng, 1, zconfout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	errno=0; \
-	while ( (result = read( fileno(zconfin), (char *) buf, max_size )) < 0 ) \
-	{ \
-		if( errno != EINTR) \
-		{ \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-			break; \
-		} \
-		errno=0; \
-		clearerr(zconfin); \
-	}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int zconflex (void);
-
-#define YY_DECL int zconflex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after zconftext and zconfleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-
-	int str = 0;
-	int ts, i;
-
-	if ( (yy_init) )
-		{
-		(yy_init) = 0;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! zconfin )
-			zconfin = stdin;
-
-		if ( ! zconfout )
-			zconfout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			zconfensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				zconf_create_buffer(zconfin,YY_BUF_SIZE );
-		}
-
-		zconf_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of zconftext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		while ( (yy_current_state = yy_nxt[yy_current_state][ yy_ec[YY_SC_TO_UI(*yy_cp)]  ]) > 0 )
-			++yy_cp;
-
-		yy_current_state = -yy_current_state;
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-case 1:
-/* rule 1 can match eol */
-YY_RULE_SETUP
-current_file->lineno++;
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-
-	YY_BREAK
-case 3:
-/* rule 3 can match eol */
-YY_RULE_SETUP
-current_file->lineno++; return T_EOL;
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-{
-	BEGIN(COMMAND);
-}
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-{
-	unput(zconftext[0]);
-	BEGIN(COMMAND);
-}
-	YY_BREAK
-
-case 6:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MAINMENU;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MENU;
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDMENU;
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SOURCE;
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_CHOICE;
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDCHOICE;
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_COMMENT;
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_CONFIG;
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MENUCONFIG;
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_HELP;
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_IF;
-	YY_BREAK
-case 17:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDIF;
-	YY_BREAK
-case 18:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEPENDS;
-	YY_BREAK
-case 19:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_REQUIRES;
-	YY_BREAK
-case 20:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_OPTIONAL;
-	YY_BREAK
-case 21:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEFAULT;
-	YY_BREAK
-case 22:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_PROMPT;
-	YY_BREAK
-case 23:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_TRISTATE;
-	YY_BREAK
-case 24:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_TRISTATE;
-	YY_BREAK
-case 25:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_BOOLEAN;
-	YY_BREAK
-case 26:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_BOOLEAN;
-	YY_BREAK
-case 27:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_BOOLEAN;
-	YY_BREAK
-case 28:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_BOOLEAN;
-	YY_BREAK
-case 29:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_INT;
-	YY_BREAK
-case 30:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_HEX;
-	YY_BREAK
-case 31:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_STRING;
-	YY_BREAK
-case 32:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SELECT;
-	YY_BREAK
-case 33:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SELECT;
-	YY_BREAK
-case 34:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_RANGE;
-	YY_BREAK
-case 35:
-YY_RULE_SETUP
-{
-		alloc_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	YY_BREAK
-case 36:
-YY_RULE_SETUP
-
-	YY_BREAK
-case 37:
-/* rule 37 can match eol */
-YY_RULE_SETUP
-current_file->lineno++; BEGIN(INITIAL);
-	YY_BREAK
-
-case 38:
-YY_RULE_SETUP
-return T_AND;
-	YY_BREAK
-case 39:
-YY_RULE_SETUP
-return T_OR;
-	YY_BREAK
-case 40:
-YY_RULE_SETUP
-return T_OPEN_PAREN;
-	YY_BREAK
-case 41:
-YY_RULE_SETUP
-return T_CLOSE_PAREN;
-	YY_BREAK
-case 42:
-YY_RULE_SETUP
-return T_NOT;
-	YY_BREAK
-case 43:
-YY_RULE_SETUP
-return T_EQUAL;
-	YY_BREAK
-case 44:
-YY_RULE_SETUP
-return T_UNEQUAL;
-	YY_BREAK
-case 45:
-YY_RULE_SETUP
-return T_IF;
-	YY_BREAK
-case 46:
-YY_RULE_SETUP
-return T_ON;
-	YY_BREAK
-case 47:
-YY_RULE_SETUP
-{
-		str = zconftext[0];
-		new_string();
-		BEGIN(STRING);
-	}
-	YY_BREAK
-case 48:
-/* rule 48 can match eol */
-YY_RULE_SETUP
-BEGIN(INITIAL); current_file->lineno++; return T_EOL;
-	YY_BREAK
-case 49:
-YY_RULE_SETUP
-/* ignore */
-	YY_BREAK
-case 50:
-YY_RULE_SETUP
-{
-		alloc_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	YY_BREAK
-case 51:
-YY_RULE_SETUP
-/* comment */
-	YY_BREAK
-case 52:
-/* rule 52 can match eol */
-YY_RULE_SETUP
-current_file->lineno++;
-	YY_BREAK
-case 53:
-YY_RULE_SETUP
-
-	YY_BREAK
-case YY_STATE_EOF(PARAM):
-{
-		BEGIN(INITIAL);
-	}
-	YY_BREAK
-
-case 54:
-/* rule 54 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	YY_BREAK
-case 55:
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-	}
-	YY_BREAK
-case 56:
-/* rule 56 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		append_string(zconftext + 1, zconfleng - 1);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	YY_BREAK
-case 57:
-YY_RULE_SETUP
-{
-		append_string(zconftext + 1, zconfleng - 1);
-	}
-	YY_BREAK
-case 58:
-YY_RULE_SETUP
-{
-		if (str == zconftext[0]) {
-			BEGIN(PARAM);
-			zconflval.string = text;
-			return T_WORD_QUOTE;
-		} else
-			append_string(zconftext, 1);
-	}
-	YY_BREAK
-case 59:
-/* rule 59 can match eol */
-YY_RULE_SETUP
-{
-		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
-		current_file->lineno++;
-		BEGIN(INITIAL);
-		return T_EOL;
-	}
-	YY_BREAK
-case YY_STATE_EOF(STRING):
-{
-		BEGIN(INITIAL);
-	}
-	YY_BREAK
-
-case 60:
-YY_RULE_SETUP
-{
-		ts = 0;
-		for (i = 0; i < zconfleng; i++) {
-			if (zconftext[i] == '\t')
-				ts = (ts & ~7) + 8;
-			else
-				ts++;
-		}
-		last_ts = ts;
-		if (first_ts) {
-			if (ts < first_ts) {
-				zconf_endhelp();
-				return T_HELPTEXT;
-			}
-			ts -= first_ts;
-			while (ts > 8) {
-				append_string("        ", 8);
-				ts -= 8;
-			}
-			append_string("        ", ts);
-		}
-	}
-	YY_BREAK
-case 61:
-/* rule 61 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		current_file->lineno++;
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-	YY_BREAK
-case 62:
-/* rule 62 can match eol */
-YY_RULE_SETUP
-{
-		current_file->lineno++;
-		append_string("\n", 1);
-	}
-	YY_BREAK
-case 63:
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-		if (!first_ts)
-			first_ts = last_ts;
-	}
-	YY_BREAK
-case YY_STATE_EOF(HELP):
-{
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-	YY_BREAK
-
-case YY_STATE_EOF(INITIAL):
-case YY_STATE_EOF(COMMAND):
-{
-	if (current_buf) {
-		zconf_endfile();
-		return T_EOF;
-	}
-	fclose(zconfin);
-	yyterminate();
-}
-	YY_BREAK
-case 64:
-YY_RULE_SETUP
-YY_FATAL_ERROR( "flex scanner jammed" );
-	YY_BREAK
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed zconfin at a new source and called
-			 * zconflex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = zconfin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( zconfwrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * zconftext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of zconflex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			size_t num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					zconfrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			zconfrestart(zconfin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		yy_current_state = yy_nxt[yy_current_state][(*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1)];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-
-	yy_current_state = yy_nxt[yy_current_state][1];
-	yy_is_jam = (yy_current_state <= 0);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up zconftext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					zconfrestart(zconfin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( zconfwrap( ) )
-						return EOF;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve zconftext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void zconfrestart  (FILE * input_file )
-{
-
-	if ( ! YY_CURRENT_BUFFER ){
-        zconfensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            zconf_create_buffer(zconfin,YY_BUF_SIZE );
-	}
-
-	zconf_init_buffer(YY_CURRENT_BUFFER,input_file );
-	zconf_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
-    void zconf_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		zconfpop_buffer_state();
-	 *		zconfpush_buffer_state(new_buffer);
-     */
-	zconfensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	zconf_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (zconfwrap()) processing, but the only time this flag
-	 * is looked at is after zconfwrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void zconf_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	zconfin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE zconf_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-
-	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) zconfalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	zconf_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with zconf_create_buffer()
- *
- */
-    void zconf_delete_buffer (YY_BUFFER_STATE  b )
-{
-
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		zconffree((void *) b->yy_ch_buf  );
-
-	zconffree((void *) b  );
-}
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a zconfrestart() or at EOF.
- */
-    static void zconf_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-
-	zconf_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then zconf_init_buffer was _probably_
-     * called from zconfrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = 0;
-
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
-    void zconf_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		zconf_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *
- */
-void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	zconfensure_buffer_stack();
-
-	/* This block is copied from zconf_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from zconf_switch_to_buffer. */
-	zconf_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *
- */
-void zconfpop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	zconf_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		zconf_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void zconfensure_buffer_stack (void)
-{
-	int num_to_alloc;
-
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)zconfalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)zconfrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE zconf_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	zconf_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to zconflex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       zconf_scan_bytes() instead.
- */
-YY_BUFFER_STATE zconf_scan_string (yyconst char * str )
-{
-
-	return zconf_scan_bytes(str,strlen(str) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to zconflex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE zconf_scan_bytes  (yyconst char * bytes, int  len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = len + 2;
-	buf = (char *) zconfalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_bytes()" );
-
-	for ( i = 0; i < len; ++i )
-		buf[i] = bytes[i];
-
-	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = zconf_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in zconf_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up zconftext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		zconftext[zconfleng] = (yy_hold_char); \
-		(yy_c_buf_p) = zconftext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		zconfleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- *
- */
-int zconfget_lineno  (void)
-{
-
-    return zconflineno;
-}
-
-/** Get the input stream.
- *
- */
-FILE *zconfget_in  (void)
-{
-        return zconfin;
-}
-
-/** Get the output stream.
- *
- */
-FILE *zconfget_out  (void)
-{
-        return zconfout;
-}
-
-/** Get the length of the current token.
- *
- */
-int zconfget_leng  (void)
-{
-        return zconfleng;
-}
-
-/** Get the current token.
- *
- */
-
-char *zconfget_text  (void)
-{
-        return zconftext;
-}
-
-/** Set the current line number.
- * @param line_number
- *
- */
-void zconfset_lineno (int  line_number )
-{
-
-    zconflineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see zconf_switch_to_buffer
- */
-void zconfset_in (FILE *  in_str )
-{
-        zconfin = in_str ;
-}
-
-void zconfset_out (FILE *  out_str )
-{
-        zconfout = out_str ;
-}
-
-int zconfget_debug  (void)
-{
-        return zconf_flex_debug;
-}
-
-void zconfset_debug (int  bdebug )
-{
-        zconf_flex_debug = bdebug ;
-}
-
-/* zconflex_destroy is for both reentrant and non-reentrant scanners. */
-int zconflex_destroy  (void)
-{
-
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		zconf_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		zconfpop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	zconffree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-    	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-    	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *zconfalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *zconfrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void zconffree (void * ptr )
-{
-	free( (char *) ptr );	/* see zconfrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#undef YY_NEW_FILE
-#undef YY_FLUSH_BUFFER
-#undef yy_set_bol
-#undef yy_new_buffer
-#undef yy_set_interactive
-#undef yytext_ptr
-#undef YY_DO_BEFORE_ACTION
-
-#ifdef YY_DECL_IS_OURS
-#undef YY_DECL_IS_OURS
-#undef YY_DECL
-#endif
-
-void zconf_starthelp(void)
-{
-	new_string();
-	last_ts = first_ts = 0;
-	BEGIN(HELP);
-}
-
-static void zconf_endhelp(void)
-{
-	zconflval.string = text;
-	BEGIN(INITIAL);
-}
-
-/*
- * Try to open specified file with following names:
- * ./name
- * $(srctree)/name
- * The latter is used when srctree is separate from objtree
- * when compiling the kernel.
- * Return NULL if file is not found.
- */
-FILE *zconf_fopen(const char *name)
-{
-	char *env, fullname[PATH_MAX+1];
-	FILE *f;
-
-	f = fopen(name, "r");
-	if (!f && name[0] != '/') {
-		env = getenv(SRCTREE);
-		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
-			f = fopen(fullname, "r");
-		}
-	}
-	return f;
-}
-
-void zconf_initscan(const char *name)
-{
-	zconfin = zconf_fopen(name);
-	if (!zconfin) {
-		printf("can't find file %s\n", name);
-		exit(1);
-	}
-
-	current_buf = malloc(sizeof(*current_buf));
-	memset(current_buf, 0, sizeof(*current_buf));
-
-	current_file = file_lookup(name);
-	current_file->lineno = 1;
-	current_file->flags = FILE_BUSY;
-}
-
-void zconf_nextfile(const char *name)
-{
-	struct file *file = file_lookup(name);
-	struct buffer *buf = malloc(sizeof(*buf));
-	memset(buf, 0, sizeof(*buf));
-
-	current_buf->state = YY_CURRENT_BUFFER;
-	zconfin = zconf_fopen(name);
-	if (!zconfin) {
-		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
-		exit(1);
-	}
-	zconf_switch_to_buffer(zconf_create_buffer(zconfin,YY_BUF_SIZE));
-	buf->parent = current_buf;
-	current_buf = buf;
-
-	if (file->flags & FILE_BUSY) {
-		printf("recursive scan (%s)?\n", name);
-		exit(1);
-	}
-	if (file->flags & FILE_SCANNED) {
-		printf("file %s already scanned?\n", name);
-		exit(1);
-	}
-	file->flags |= FILE_BUSY;
-	file->lineno = 1;
-	file->parent = current_file;
-	current_file = file;
-}
-
-static struct buffer *zconf_endfile(void)
-{
-	struct buffer *parent;
-
-	current_file->flags |= FILE_SCANNED;
-	current_file->flags &= ~FILE_BUSY;
-	current_file = current_file->parent;
-
-	parent = current_buf->parent;
-	if (parent) {
-		fclose(zconfin);
-		zconf_delete_buffer(YY_CURRENT_BUFFER);
-		zconf_switch_to_buffer(parent->state);
-	}
-	free(current_buf);
-	current_buf = parent;
-
-	return parent;
-}
-
-int zconf_lineno(void)
-{
-	if (current_buf)
-		return current_file->lineno - 1;
-	else
-		return 0;
-}
-
-char *zconf_curname(void)
-{
-	if (current_buf)
-		return current_file->name;
-	else
-		return "<none>";
-}
-
diff --git a/config/scripts/config/lkc_defs.h b/config/scripts/config/lkc_defs.h
deleted file mode 100644
index 65240dd9fc..0000000000
--- a/config/scripts/config/lkc_defs.h
+++ /dev/null
@@ -1,40 +0,0 @@
-
-/* confdata.c */
-#define conf_parse (*conf_parse_p)
-#define conf_read (*conf_read_p)
-#define conf_write (*conf_write_p)
-
-/* menu.c */
-#define rootmenu (*rootmenu_p)
-
-#define menu_is_visible (*menu_is_visible_p)
-#define menu_get_prompt (*menu_get_prompt_p)
-#define menu_get_root_menu (*menu_get_root_menu_p)
-#define menu_get_parent_menu (*menu_get_parent_menu_p)
-
-/* symbol.c */
-#define symbol_hash (*symbol_hash_p)
-#define sym_change_count (*sym_change_count_p)
-
-#define sym_lookup (*sym_lookup_p)
-#define sym_find (*sym_find_p)
-#define sym_re_search (*sym_re_search_p)
-#define sym_type_name (*sym_type_name_p)
-#define sym_calc_value (*sym_calc_value_p)
-#define sym_get_type (*sym_get_type_p)
-#define sym_tristate_within_range (*sym_tristate_within_range_p)
-#define sym_set_tristate_value (*sym_set_tristate_value_p)
-#define sym_toggle_tristate_value (*sym_toggle_tristate_value_p)
-#define sym_string_valid (*sym_string_valid_p)
-#define sym_string_within_range (*sym_string_within_range_p)
-#define sym_set_string_value (*sym_set_string_value_p)
-#define sym_is_changable (*sym_is_changable_p)
-#define sym_get_choice_prop (*sym_get_choice_prop_p)
-#define sym_get_default_prop (*sym_get_default_prop_p)
-#define sym_get_string_value (*sym_get_string_value_p)
-
-#define prop_get_type_name (*prop_get_type_name_p)
-
-/* expr.c */
-#define expr_compare_type (*expr_compare_type_p)
-#define expr_print (*expr_print_p)
diff --git a/config/scripts/config/zconf.tab.c b/config/scripts/config/zconf.tab.c
deleted file mode 100644
index cc68dcb9a3..0000000000
--- a/config/scripts/config/zconf.tab.c
+++ /dev/null
@@ -1,2130 +0,0 @@
-/* A Bison parser, made by GNU Bison 1.875a.  */
-
-/* Skeleton parser for Yacc-like parsing with Bison,
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place - Suite 330,
-   Boston, MA 02111-1307, USA.  */
-
-/* As a special exception, when this file is copied by Bison into a
-   Bison output file, you may use that output file without restriction.
-   This special exception was added by the Free Software Foundation
-   in version 1.24 of Bison.  */
-
-/* Written by Richard Stallman by simplifying the original so called
-   ``semantic'' parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-/* If NAME_PREFIX is specified substitute the variables and functions
-   names.  */
-#define yyparse zconfparse
-#define yylex   zconflex
-#define yyerror zconferror
-#define yylval  zconflval
-#define yychar  zconfchar
-#define yydebug zconfdebug
-#define yynerrs zconfnerrs
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     T_MAINMENU = 258,
-     T_MENU = 259,
-     T_ENDMENU = 260,
-     T_SOURCE = 261,
-     T_CHOICE = 262,
-     T_ENDCHOICE = 263,
-     T_COMMENT = 264,
-     T_CONFIG = 265,
-     T_MENUCONFIG = 266,
-     T_HELP = 267,
-     T_HELPTEXT = 268,
-     T_IF = 269,
-     T_ENDIF = 270,
-     T_DEPENDS = 271,
-     T_REQUIRES = 272,
-     T_OPTIONAL = 273,
-     T_PROMPT = 274,
-     T_DEFAULT = 275,
-     T_TRISTATE = 276,
-     T_DEF_TRISTATE = 277,
-     T_BOOLEAN = 278,
-     T_DEF_BOOLEAN = 279,
-     T_STRING = 280,
-     T_INT = 281,
-     T_HEX = 282,
-     T_WORD = 283,
-     T_WORD_QUOTE = 284,
-     T_UNEQUAL = 285,
-     T_EOF = 286,
-     T_EOL = 287,
-     T_CLOSE_PAREN = 288,
-     T_OPEN_PAREN = 289,
-     T_ON = 290,
-     T_SELECT = 291,
-     T_RANGE = 292,
-     T_OR = 293,
-     T_AND = 294,
-     T_EQUAL = 295,
-     T_NOT = 296
-   };
-#endif
-#define T_MAINMENU 258
-#define T_MENU 259
-#define T_ENDMENU 260
-#define T_SOURCE 261
-#define T_CHOICE 262
-#define T_ENDCHOICE 263
-#define T_COMMENT 264
-#define T_CONFIG 265
-#define T_MENUCONFIG 266
-#define T_HELP 267
-#define T_HELPTEXT 268
-#define T_IF 269
-#define T_ENDIF 270
-#define T_DEPENDS 271
-#define T_REQUIRES 272
-#define T_OPTIONAL 273
-#define T_PROMPT 274
-#define T_DEFAULT 275
-#define T_TRISTATE 276
-#define T_DEF_TRISTATE 277
-#define T_BOOLEAN 278
-#define T_DEF_BOOLEAN 279
-#define T_STRING 280
-#define T_INT 281
-#define T_HEX 282
-#define T_WORD 283
-#define T_WORD_QUOTE 284
-#define T_UNEQUAL 285
-#define T_EOF 286
-#define T_EOL 287
-#define T_CLOSE_PAREN 288
-#define T_OPEN_PAREN 289
-#define T_ON 290
-#define T_SELECT 291
-#define T_RANGE 292
-#define T_OR 293
-#define T_AND 294
-#define T_EQUAL 295
-#define T_NOT 296
-
-
-
-
-/* Copy the first part of user declarations.  */
-
-
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <ctype.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdbool.h>
-
-#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
-
-#define PRINTD		0x0001
-#define DEBUG_PARSE	0x0002
-
-int cdebug = PRINTD;
-
-extern int zconflex(void);
-static void zconfprint(const char *err, ...);
-static void zconferror(const char *err);
-static bool zconf_endtoken(int token, int starttoken, int endtoken);
-
-struct symbol *symbol_hash[257];
-
-static struct menu *current_menu, *current_entry;
-
-#define YYERROR_VERBOSE
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-
-typedef union YYSTYPE {
-	int token;
-	char *string;
-	struct symbol *symbol;
-	struct expr *expr;
-	struct menu *menu;
-} YYSTYPE;
-/* Line 191 of yacc.c.  */
-
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-
-/* Line 214 of yacc.c.  */
-
-
-#if ! defined (yyoverflow) || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# if YYSTACK_USE_ALLOCA
-#  define YYSTACK_ALLOC alloca
-# else
-#  ifndef YYSTACK_USE_ALLOCA
-#   if defined (alloca) || (defined (_ALLOCA_H) && defined (__GNUC__))
-#    define YYSTACK_ALLOC alloca
-#   else
-#    ifdef __GNUC__
-#     define YYSTACK_ALLOC __builtin_alloca
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning. */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
-# else
-#  if defined (__STDC__) || defined (__cplusplus)
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   define YYSIZE_T size_t
-#  endif
-#  define YYSTACK_ALLOC malloc
-#  define YYSTACK_FREE free
-# endif
-#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
-
-
-#if (! defined (yyoverflow) \
-     && (! defined (__cplusplus) \
-	 || (YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  short yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (short) + sizeof (YYSTYPE))				\
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  register YYSIZE_T yyi;		\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (0)
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (0)
-
-#endif
-
-#if defined (__STDC__) || defined (__cplusplus)
-   typedef signed char yysigned_char;
-#else
-   typedef short yysigned_char;
-#endif
-
-/* YYFINAL -- State number of the termination state. */
-#define YYFINAL  2
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   201
-
-/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS  42
-/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS  41
-/* YYNRULES -- Number of rules. */
-#define YYNRULES  104
-/* YYNRULES -- Number of states. */
-#define YYNSTATES  182
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   296
-
-#define YYTRANSLATE(YYX) 						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const unsigned char yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
-      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
-      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
-      35,    36,    37,    38,    39,    40,    41
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const unsigned short yyprhs[] =
-{
-       0,     0,     3,     4,     7,     9,    11,    13,    17,    19,
-      21,    23,    26,    28,    30,    32,    34,    36,    38,    42,
-      45,    49,    52,    53,    56,    59,    62,    65,    69,    74,
-      78,    83,    87,    91,    95,   100,   105,   110,   116,   119,
-     122,   124,   128,   131,   132,   135,   138,   141,   144,   149,
-     153,   157,   160,   165,   166,   169,   173,   175,   179,   182,
-     183,   186,   189,   192,   196,   199,   201,   205,   208,   209,
-     212,   215,   218,   222,   226,   228,   232,   235,   238,   241,
-     242,   245,   248,   253,   257,   261,   262,   265,   267,   269,
-     272,   275,   278,   280,   282,   283,   286,   288,   292,   296,
-     300,   303,   307,   311,   313
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS. */
-static const yysigned_char yyrhs[] =
-{
-      43,     0,    -1,    -1,    43,    44,    -1,    45,    -1,    55,
-      -1,    66,    -1,     3,    77,    79,    -1,     5,    -1,    15,
-      -1,     8,    -1,     1,    79,    -1,    61,    -1,    71,    -1,
-      47,    -1,    49,    -1,    69,    -1,    79,    -1,    10,    28,
-      32,    -1,    46,    50,    -1,    11,    28,    32,    -1,    48,
-      50,    -1,    -1,    50,    51,    -1,    50,    75,    -1,    50,
-      73,    -1,    50,    32,    -1,    21,    76,    32,    -1,    22,
-      81,    80,    32,    -1,    23,    76,    32,    -1,    24,    81,
-      80,    32,    -1,    26,    76,    32,    -1,    27,    76,    32,
-      -1,    25,    76,    32,    -1,    19,    77,    80,    32,    -1,
-      20,    81,    80,    32,    -1,    36,    28,    80,    32,    -1,
-      37,    82,    82,    80,    32,    -1,     7,    32,    -1,    52,
-      56,    -1,    78,    -1,    53,    58,    54,    -1,    53,    58,
-      -1,    -1,    56,    57,    -1,    56,    75,    -1,    56,    73,
-      -1,    56,    32,    -1,    19,    77,    80,    32,    -1,    21,
-      76,    32,    -1,    23,    76,    32,    -1,    18,    32,    -1,
-      20,    28,    80,    32,    -1,    -1,    58,    45,    -1,    14,
-      81,    32,    -1,    78,    -1,    59,    62,    60,    -1,    59,
-      62,    -1,    -1,    62,    45,    -1,    62,    66,    -1,    62,
-      55,    -1,     4,    77,    32,    -1,    63,    74,    -1,    78,
-      -1,    64,    67,    65,    -1,    64,    67,    -1,    -1,    67,
-      45,    -1,    67,    66,    -1,    67,    55,    -1,    67,     1,
-      32,    -1,     6,    77,    32,    -1,    68,    -1,     9,    77,
-      32,    -1,    70,    74,    -1,    12,    32,    -1,    72,    13,
-      -1,    -1,    74,    75,    -1,    74,    32,    -1,    16,    35,
-      81,    32,    -1,    16,    81,    32,    -1,    17,    81,    32,
-      -1,    -1,    77,    80,    -1,    28,    -1,    29,    -1,     5,
-      79,    -1,     8,    79,    -1,    15,    79,    -1,    32,    -1,
-      31,    -1,    -1,    14,    81,    -1,    82,    -1,    82,    40,
-      82,    -1,    82,    30,    82,    -1,    34,    81,    33,    -1,
-      41,    81,    -1,    81,    38,    81,    -1,    81,    39,    81,
-      -1,    28,    -1,    29,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const unsigned short yyrline[] =
-{
-       0,    94,    94,    95,    98,    99,   100,   101,   102,   103,
-     104,   105,   109,   110,   111,   112,   113,   114,   120,   128,
-     134,   142,   152,   154,   155,   156,   157,   160,   166,   173,
-     179,   186,   192,   198,   204,   210,   216,   222,   230,   239,
-     245,   254,   255,   261,   263,   264,   265,   266,   269,   275,
-     281,   287,   293,   299,   301,   306,   315,   324,   325,   331,
-     333,   334,   335,   340,   347,   353,   362,   363,   369,   371,
-     372,   373,   374,   377,   383,   390,   397,   404,   410,   417,
-     418,   419,   422,   427,   432,   440,   442,   447,   448,   451,
-     452,   453,   457,   457,   459,   460,   463,   464,   465,   466,
-     467,   468,   469,   472,   473
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE
-/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals. */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "T_MAINMENU", "T_MENU", "T_ENDMENU",
-  "T_SOURCE", "T_CHOICE", "T_ENDCHOICE", "T_COMMENT", "T_CONFIG",
-  "T_MENUCONFIG", "T_HELP", "T_HELPTEXT", "T_IF", "T_ENDIF", "T_DEPENDS",
-  "T_REQUIRES", "T_OPTIONAL", "T_PROMPT", "T_DEFAULT", "T_TRISTATE",
-  "T_DEF_TRISTATE", "T_BOOLEAN", "T_DEF_BOOLEAN", "T_STRING", "T_INT",
-  "T_HEX", "T_WORD", "T_WORD_QUOTE", "T_UNEQUAL", "T_EOF", "T_EOL",
-  "T_CLOSE_PAREN", "T_OPEN_PAREN", "T_ON", "T_SELECT", "T_RANGE", "T_OR",
-  "T_AND", "T_EQUAL", "T_NOT", "$accept", "input", "block",
-  "common_block", "config_entry_start", "config_stmt",
-  "menuconfig_entry_start", "menuconfig_stmt", "config_option_list",
-  "config_option", "choice", "choice_entry", "choice_end", "choice_stmt",
-  "choice_option_list", "choice_option", "choice_block", "if", "if_end",
-  "if_stmt", "if_block", "menu", "menu_entry", "menu_end", "menu_stmt",
-  "menu_block", "source", "source_stmt", "comment", "comment_stmt",
-  "help_start", "help", "depends_list", "depends", "prompt_stmt_opt",
-  "prompt", "end", "nl_or_eof", "if_expr", "expr", "symbol", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const unsigned short yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const unsigned char yyr1[] =
-{
-       0,    42,    43,    43,    44,    44,    44,    44,    44,    44,
-      44,    44,    45,    45,    45,    45,    45,    45,    46,    47,
-      48,    49,    50,    50,    50,    50,    50,    51,    51,    51,
-      51,    51,    51,    51,    51,    51,    51,    51,    52,    53,
-      54,    55,    55,    56,    56,    56,    56,    56,    57,    57,
-      57,    57,    57,    58,    58,    59,    60,    61,    61,    62,
-      62,    62,    62,    63,    64,    65,    66,    66,    67,    67,
-      67,    67,    67,    68,    69,    70,    71,    72,    73,    74,
-      74,    74,    75,    75,    75,    76,    76,    77,    77,    78,
-      78,    78,    79,    79,    80,    80,    81,    81,    81,    81,
-      81,    81,    81,    82,    82
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const unsigned char yyr2[] =
-{
-       0,     2,     0,     2,     1,     1,     1,     3,     1,     1,
-       1,     2,     1,     1,     1,     1,     1,     1,     3,     2,
-       3,     2,     0,     2,     2,     2,     2,     3,     4,     3,
-       4,     3,     3,     3,     4,     4,     4,     5,     2,     2,
-       1,     3,     2,     0,     2,     2,     2,     2,     4,     3,
-       3,     2,     4,     0,     2,     3,     1,     3,     2,     0,
-       2,     2,     2,     3,     2,     1,     3,     2,     0,     2,
-       2,     2,     3,     3,     1,     3,     2,     2,     2,     0,
-       2,     2,     4,     3,     3,     0,     2,     1,     1,     2,
-       2,     2,     1,     1,     0,     2,     1,     3,     3,     3,
-       2,     3,     3,     1,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const unsigned char yydefact[] =
-{
-       2,     0,     1,     0,     0,     0,     8,     0,     0,    10,
-       0,     0,     0,     0,     9,    93,    92,     3,     4,    22,
-      14,    22,    15,    43,    53,     5,    59,    12,    79,    68,
-       6,    74,    16,    79,    13,    17,    11,    87,    88,     0,
-       0,     0,    38,     0,     0,     0,   103,   104,     0,     0,
-       0,    96,    19,    21,    39,    42,    58,    64,     0,    76,
-       7,    63,    73,    75,    18,    20,     0,   100,    55,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,    85,     0,
-      85,     0,    85,    85,    85,    26,     0,     0,    23,     0,
-      25,    24,     0,     0,     0,    85,    85,    47,    44,    46,
-      45,     0,     0,     0,    54,    41,    40,    60,    62,    57,
-      61,    56,    81,    80,     0,    69,    71,    66,    70,    65,
-      99,   101,   102,    98,    97,    77,     0,     0,     0,    94,
-      94,     0,    94,    94,     0,    94,     0,     0,     0,    94,
-       0,    78,    51,    94,    94,     0,     0,    89,    90,    91,
-      72,     0,    83,    84,     0,     0,     0,    27,    86,     0,
-      29,     0,    33,    31,    32,     0,    94,     0,     0,    49,
-      50,    82,    95,    34,    35,    28,    30,    36,     0,    48,
-      52,    37
-};
-
-/* YYDEFGOTO[NTERM-NUM]. */
-static const short yydefgoto[] =
-{
-      -1,     1,    17,    18,    19,    20,    21,    22,    52,    88,
-      23,    24,   105,    25,    54,    98,    55,    26,   109,    27,
-      56,    28,    29,   117,    30,    58,    31,    32,    33,    34,
-      89,    90,    57,    91,   131,   132,   106,    35,   155,    50,
-      51
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -99
-static const short yypact[] =
-{
-     -99,    48,   -99,    38,    46,    46,   -99,    46,   -29,   -99,
-      46,   -17,    -3,   -11,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,    38,
-      12,    15,   -99,    18,    51,    62,   -99,   -99,   -11,   -11,
-       4,   -24,   138,   138,   160,   121,   110,    -4,    81,    -4,
-     -99,   -99,   -99,   -99,   -99,   -99,   -19,   -99,   -99,   -11,
-     -11,    70,    70,    73,    32,   -11,    46,   -11,    46,   -11,
-      46,   -11,    46,    46,    46,   -99,    36,    70,   -99,    95,
-     -99,   -99,    96,    46,   106,    46,    46,   -99,   -99,   -99,
-     -99,    38,    38,    38,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   112,   -99,   -99,   -99,   -99,   -99,
-     -99,   117,   -99,   -99,   -99,   -99,   -11,    33,    65,   131,
-       1,   119,   131,     1,   136,     1,   153,   154,   155,   131,
-      70,   -99,   -99,   131,   131,   156,   157,   -99,   -99,   -99,
-     -99,   101,   -99,   -99,   -11,   158,   159,   -99,   -99,   161,
-     -99,   162,   -99,   -99,   -99,   163,   131,   164,   165,   -99,
-     -99,   -99,    99,   -99,   -99,   -99,   -99,   -99,   166,   -99,
-     -99,   -99
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const short yypgoto[] =
-{
-     -99,   -99,   -99,   111,   -99,   -99,   -99,   -99,   178,   -99,
-     -99,   -99,   -99,    91,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   115,   -99,   -99,   -99,   -99,   -99,
-     -99,   146,   168,    89,    27,     0,   126,    -1,   -98,   -48,
-     -63
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -68
-static const short yytable[] =
-{
-      66,    67,    36,    42,    39,    40,    71,    41,   123,   124,
-      43,    44,    74,    75,   120,   154,    72,    46,    47,    69,
-      70,   121,   122,    48,   140,    45,   127,   128,   112,   130,
-      49,   133,   156,   135,   158,   159,    68,   161,    60,    69,
-      70,   165,    69,    70,    61,   167,   168,    62,     2,     3,
-      63,     4,     5,     6,     7,     8,     9,    10,    11,    12,
-      46,    47,    13,    14,   139,   152,    48,   126,   178,    15,
-      16,    69,    70,    49,    37,    38,   129,   166,   151,    15,
-      16,   -67,   114,    64,   -67,     5,   101,     7,     8,   102,
-      10,    11,    12,   143,    65,    13,   103,   153,    46,    47,
-     147,   148,   149,    69,    70,   125,   172,   134,   141,   136,
-     137,   138,    15,    16,     5,   101,     7,     8,   102,    10,
-      11,    12,   145,   146,    13,   103,   101,     7,   142,   102,
-      10,    11,    12,   171,   144,    13,   103,    69,    70,    69,
-      70,    15,    16,   100,   150,   154,   113,   108,   113,   116,
-      73,   157,    15,    16,    74,    75,    70,    76,    77,    78,
-      79,    80,    81,    82,    83,    84,   104,   107,   160,   115,
-      85,   110,    73,   118,    86,    87,    74,    75,    92,    93,
-      94,    95,   111,    96,   119,   162,   163,   164,   169,   170,
-     173,   174,    97,   175,   176,   177,   179,   180,   181,    53,
-      99,    59
-};
-
-static const unsigned char yycheck[] =
-{
-      48,    49,     3,    32,     4,     5,    30,     7,    71,    72,
-      10,    28,    16,    17,    33,    14,    40,    28,    29,    38,
-      39,    69,    70,    34,    87,    28,    74,    75,    32,    77,
-      41,    79,   130,    81,   132,   133,    32,   135,    39,    38,
-      39,   139,    38,    39,    32,   143,   144,    32,     0,     1,
-      32,     3,     4,     5,     6,     7,     8,     9,    10,    11,
-      28,    29,    14,    15,    28,    32,    34,    35,   166,    31,
-      32,    38,    39,    41,    28,    29,    76,   140,   126,    31,
-      32,     0,     1,    32,     3,     4,     5,     6,     7,     8,
-       9,    10,    11,    93,    32,    14,    15,    32,    28,    29,
-     101,   102,   103,    38,    39,    32,   154,    80,    13,    82,
-      83,    84,    31,    32,     4,     5,     6,     7,     8,     9,
-      10,    11,    95,    96,    14,    15,     5,     6,    32,     8,
-       9,    10,    11,    32,    28,    14,    15,    38,    39,    38,
-      39,    31,    32,    54,    32,    14,    57,    56,    59,    58,
-      12,    32,    31,    32,    16,    17,    39,    19,    20,    21,
-      22,    23,    24,    25,    26,    27,    55,    56,    32,    58,
-      32,    56,    12,    58,    36,    37,    16,    17,    18,    19,
-      20,    21,    56,    23,    58,    32,    32,    32,    32,    32,
-      32,    32,    32,    32,    32,    32,    32,    32,    32,    21,
-      54,    33
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const unsigned char yystos[] =
-{
-       0,    43,     0,     1,     3,     4,     5,     6,     7,     8,
-       9,    10,    11,    14,    15,    31,    32,    44,    45,    46,
-      47,    48,    49,    52,    53,    55,    59,    61,    63,    64,
-      66,    68,    69,    70,    71,    79,    79,    28,    29,    77,
-      77,    77,    32,    77,    28,    28,    28,    29,    34,    41,
-      81,    82,    50,    50,    56,    58,    62,    74,    67,    74,
-      79,    32,    32,    32,    32,    32,    81,    81,    32,    38,
-      39,    30,    40,    12,    16,    17,    19,    20,    21,    22,
-      23,    24,    25,    26,    27,    32,    36,    37,    51,    72,
-      73,    75,    18,    19,    20,    21,    23,    32,    57,    73,
-      75,     5,     8,    15,    45,    54,    78,    45,    55,    60,
-      66,    78,    32,    75,     1,    45,    55,    65,    66,    78,
-      33,    81,    81,    82,    82,    32,    35,    81,    81,    77,
-      81,    76,    77,    81,    76,    81,    76,    76,    76,    28,
-      82,    13,    32,    77,    28,    76,    76,    79,    79,    79,
-      32,    81,    32,    32,    14,    80,    80,    32,    80,    80,
-      32,    80,    32,    32,    32,    80,    82,    80,    80,    32,
-      32,    32,    81,    32,    32,    32,    32,    32,    80,    32,
-      32,    32
-};
-
-#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
-# define YYSIZE_T __SIZE_TYPE__
-#endif
-#if ! defined (YYSIZE_T) && defined (size_t)
-# define YYSIZE_T size_t
-#endif
-#if ! defined (YYSIZE_T)
-# if defined (__STDC__) || defined (__cplusplus)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# endif
-#endif
-#if ! defined (YYSIZE_T)
-# define YYSIZE_T unsigned int
-#endif
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrlab1
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK;						\
-      goto yybackup;						\
-    }								\
-  else								\
-    { 								\
-      yyerror ("syntax error: cannot back up");\
-      YYERROR;							\
-    }								\
-while (0)
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-/* YYLLOC_DEFAULT -- Compute the default location (before the actions
-   are run).  */
-
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)         \
-  Current.first_line   = Rhs[1].first_line;      \
-  Current.first_column = Rhs[1].first_column;    \
-  Current.last_line    = Rhs[N].last_line;       \
-  Current.last_column  = Rhs[N].last_column;
-#endif
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (0)
-
-# define YYDSYMPRINT(Args)			\
-do {						\
-  if (yydebug)					\
-    yysymprint Args;				\
-} while (0)
-
-# define YYDSYMPRINTF(Title, Token, Value, Location)		\
-do {								\
-  if (yydebug)							\
-    {								\
-      YYFPRINTF (stderr, "%s ", Title);				\
-      yysymprint (stderr, 					\
-                  Token, Value);	\
-      YYFPRINTF (stderr, "\n");					\
-    }								\
-} while (0)
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (cinluded).                                                   |
-`------------------------------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yy_stack_print (short *bottom, short *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    short *bottom;
-    short *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (/* Nothing. */; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (0)
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yy_reduce_print (int yyrule)
-#else
-static void
-yy_reduce_print (yyrule)
-    int yyrule;
-#endif
-{
-  int yyi;
-  unsigned int yylineno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
-             yyrule - 1, yylineno);
-  /* Print the symbols being reduced, and their result.  */
-  for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
-    YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
-  YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (Rule);		\
-} while (0)
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YYDSYMPRINT(Args)
-# define YYDSYMPRINTF(Title, Token, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#if YYMAXDEPTH == 0
-# undef YYMAXDEPTH
-#endif
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined (__GLIBC__) && defined (_STRING_H)
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-static YYSIZE_T
-#   if defined (__STDC__) || defined (__cplusplus)
-yystrlen (const char *yystr)
-#   else
-yystrlen (yystr)
-     const char *yystr;
-#   endif
-{
-  register const char *yys = yystr;
-
-  while (*yys++ != '\0')
-    continue;
-
-  return yys - yystr - 1;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-static char *
-#   if defined (__STDC__) || defined (__cplusplus)
-yystpcpy (char *yydest, const char *yysrc)
-#   else
-yystpcpy (yydest, yysrc)
-     char *yydest;
-     const char *yysrc;
-#   endif
-{
-  register char *yyd = yydest;
-  register const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-#endif /* !YYERROR_VERBOSE */
-
-
-
-#if YYDEBUG
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yysymprint (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  /* Pacify ``unused variable'' warnings.  */
-  (void) yyvaluep;
-
-  if (yytype < YYNTOKENS)
-    {
-      YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-# ifdef YYPRINT
-      YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# endif
-    }
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  switch (yytype)
-    {
-      default:
-        break;
-    }
-  YYFPRINTF (yyoutput, ")");
-}
-
-#endif /* ! YYDEBUG */
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yydestruct (int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yytype, yyvaluep)
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  /* Pacify ``unused variable'' warnings.  */
-  (void) yyvaluep;
-
-  switch (yytype)
-    {
-
-      default:
-        break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-# if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void *YYPARSE_PARAM);
-# else
-int yyparse ();
-# endif
-#else /* ! YYPARSE_PARAM */
-#if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The lookahead symbol.  */
-int yychar;
-
-/* The semantic value of the lookahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-# if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void *YYPARSE_PARAM)
-# else
-int yyparse (YYPARSE_PARAM)
-  void *YYPARSE_PARAM;
-# endif
-#else /* ! YYPARSE_PARAM */
-#if defined (__STDC__) || defined (__cplusplus)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-
-  register int yystate;
-  register int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Lookahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  short	yyssa[YYINITDEPTH];
-  short *yyss = yyssa;
-  register short *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  register YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK   (yyvsp--, yyssp--)
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* When reducing, the number of symbols on the RHS of the reduced
-     rule.  */
-  int yylen;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed. so pushing a state here evens the stacks.
-     */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack. Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	short *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow ("parser stack overflow",
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyoverflowlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyoverflowlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	short *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyoverflowlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-/* Do appropriate processing given the current state.  */
-/* Read a lookahead token if we need one and don't already have one.  */
-/* yyresume: */
-
-  /* First try to decide what to do without reference to lookahead token.  */
-
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a lookahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Shift the lookahead token.  */
-  YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
-
-  /* Discard the token being shifted unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  *++yyvsp = yylval;
-
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 8:
-
-    { zconfprint("unexpected 'endmenu' statement"); ;}
-    break;
-
-  case 9:
-
-    { zconfprint("unexpected 'endif' statement"); ;}
-    break;
-
-  case 10:
-
-    { zconfprint("unexpected 'endchoice' statement"); ;}
-    break;
-
-  case 11:
-
-    { zconfprint("syntax error"); yyerrok; ;}
-    break;
-
-  case 18:
-
-    {
-	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 19:
-
-    {
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 20:
-
-    {
-	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 21:
-
-    {
-	if (current_entry->prompt)
-		current_entry->prompt->type = P_MENU;
-	else
-		zconfprint("warning: menuconfig statement without prompt");
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 27:
-
-    {
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 28:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 29:
-
-    {
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 30:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 31:
-
-    {
-	menu_set_type(S_INT);
-	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 32:
-
-    {
-	menu_set_type(S_HEX);
-	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 33:
-
-    {
-	menu_set_type(S_STRING);
-	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 34:
-
-    {
-	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 35:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 36:
-
-    {
-	menu_add_symbol(P_SELECT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 37:
-
-    {
-	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,yyvsp[-3].symbol, yyvsp[-2].symbol), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 38:
-
-    {
-	struct symbol *sym = sym_lookup(NULL, 0);
-	sym->flags |= SYMBOL_CHOICE;
-	menu_add_entry(sym);
-	menu_add_expr(P_CHOICE, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 39:
-
-    {
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 40:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_CHOICE, T_ENDCHOICE)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 42:
-
-    {
-	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 48:
-
-    {
-	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 49:
-
-    {
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 50:
-
-    {
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 51:
-
-    {
-	current_entry->sym->flags |= SYMBOL_OPTIONAL;
-	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 52:
-
-    {
-	menu_add_symbol(P_DEFAULT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 55:
-
-    {
-	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
-	menu_add_entry(NULL);
-	menu_add_dep(yyvsp[-1].expr);
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 56:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_IF, T_ENDIF)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 58:
-
-    {
-	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 63:
-
-    {
-	menu_add_entry(NULL);
-	menu_add_prop(P_MENU, yyvsp[-1].string, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 64:
-
-    {
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 65:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_MENU, T_ENDMENU)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 67:
-
-    {
-	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 72:
-
-    { zconfprint("invalid menu option"); yyerrok; ;}
-    break;
-
-  case 73:
-
-    {
-	yyval.string = yyvsp[-1].string;
-	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 74:
-
-    {
-	zconf_nextfile(yyvsp[0].string);
-;}
-    break;
-
-  case 75:
-
-    {
-	menu_add_entry(NULL);
-	menu_add_prop(P_COMMENT, yyvsp[-1].string, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 76:
-
-    {
-	menu_end_entry();
-;}
-    break;
-
-  case 77:
-
-    {
-	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
-	zconf_starthelp();
-;}
-    break;
-
-  case 78:
-
-    {
-	current_entry->sym->help = yyvsp[0].string;
-;}
-    break;
-
-  case 82:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 83:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 84:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 86:
-
-    {
-	menu_add_prop(P_PROMPT, yyvsp[-1].string, NULL, yyvsp[0].expr);
-;}
-    break;
-
-  case 89:
-
-    { yyval.token = T_ENDMENU; ;}
-    break;
-
-  case 90:
-
-    { yyval.token = T_ENDCHOICE; ;}
-    break;
-
-  case 91:
-
-    { yyval.token = T_ENDIF; ;}
-    break;
-
-  case 94:
-
-    { yyval.expr = NULL; ;}
-    break;
-
-  case 95:
-
-    { yyval.expr = yyvsp[0].expr; ;}
-    break;
-
-  case 96:
-
-    { yyval.expr = expr_alloc_symbol(yyvsp[0].symbol); ;}
-    break;
-
-  case 97:
-
-    { yyval.expr = expr_alloc_comp(E_EQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
-    break;
-
-  case 98:
-
-    { yyval.expr = expr_alloc_comp(E_UNEQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
-    break;
-
-  case 99:
-
-    { yyval.expr = yyvsp[-1].expr; ;}
-    break;
-
-  case 100:
-
-    { yyval.expr = expr_alloc_one(E_NOT, yyvsp[0].expr); ;}
-    break;
-
-  case 101:
-
-    { yyval.expr = expr_alloc_two(E_OR, yyvsp[-2].expr, yyvsp[0].expr); ;}
-    break;
-
-  case 102:
-
-    { yyval.expr = expr_alloc_two(E_AND, yyvsp[-2].expr, yyvsp[0].expr); ;}
-    break;
-
-  case 103:
-
-    { yyval.symbol = sym_lookup(yyvsp[0].string, 0); free(yyvsp[0].string); ;}
-    break;
-
-  case 104:
-
-    { yyval.symbol = sym_lookup(yyvsp[0].string, 1); free(yyvsp[0].string); ;}
-    break;
-
-
-    }
-
-/* Line 999 of yacc.c.  */
-
-
-  yyvsp -= yylen;
-  yyssp -= yylen;
-
-
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if YYERROR_VERBOSE
-      yyn = yypact[yystate];
-
-      if (YYPACT_NINF < yyn && yyn < YYLAST)
-	{
-	  YYSIZE_T yysize = 0;
-	  int yytype = YYTRANSLATE (yychar);
-	  char *yymsg;
-	  int yyx, yycount;
-
-	  yycount = 0;
-	  /* Start YYX at -YYN if negative to avoid negative indexes in
-	     YYCHECK.  */
-	  for (yyx = yyn < 0 ? -yyn : 0;
-	       yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
-	    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	      yysize += yystrlen (yytname[yyx]) + 15, yycount++;
-	  yysize += yystrlen ("syntax error, unexpected ") + 1;
-	  yysize += yystrlen (yytname[yytype]);
-	  yymsg = (char *) YYSTACK_ALLOC (yysize);
-	  if (yymsg != 0)
-	    {
-	      char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
-	      yyp = yystpcpy (yyp, yytname[yytype]);
-
-	      if (yycount < 5)
-		{
-		  yycount = 0;
-		  for (yyx = yyn < 0 ? -yyn : 0;
-		       yyx < (int) (sizeof (yytname) / sizeof (char *));
-		       yyx++)
-		    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-		      {
-			const char *yyq = ! yycount ? ", expecting " : " or ";
-			yyp = yystpcpy (yyp, yyq);
-			yyp = yystpcpy (yyp, yytname[yyx]);
-			yycount++;
-		      }
-		}
-	      yyerror (yymsg);
-	      YYSTACK_FREE (yymsg);
-	    }
-	  else
-	    yyerror ("syntax error; also virtual memory exhausted");
-	}
-      else
-#endif /* YYERROR_VERBOSE */
-	yyerror ("syntax error");
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse lookahead token after an
-	 error, discard it.  */
-
-      /* Return failure if at end of input.  */
-      if (yychar == YYEOF)
-        {
-	  /* Pop the error token.  */
-          YYPOPSTACK;
-	  /* Pop the rest of the stack.  */
-	  while (yyss < yyssp)
-	    {
-	      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
-	      yydestruct (yystos[*yyssp], yyvsp);
-	      YYPOPSTACK;
-	    }
-	  YYABORT;
-        }
-
-      YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
-      yydestruct (yytoken, &yylval);
-      yychar = YYEMPTY;
-
-    }
-
-  /* Else will try to reuse lookahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*----------------------------------------------------.
-| yyerrlab1 -- error raised explicitly by an action.  |
-`----------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
-      yydestruct (yystos[yystate], yyvsp);
-      yyvsp--;
-      yystate = *--yyssp;
-
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  YYDPRINTF ((stderr, "Shifting error token, "));
-
-  *++yyvsp = yylval;
-
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*----------------------------------------------.
-| yyoverflowlab -- parser overflow comes here.  |
-`----------------------------------------------*/
-yyoverflowlab:
-  yyerror ("parser stack overflow");
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-  return yyresult;
-}
-
-
-
-
-
-void conf_parse(const char *name)
-{
-	struct symbol *sym;
-	int i;
-
-	zconf_initscan(name);
-
-	sym_init();
-	menu_init();
-	modules_sym = sym_lookup("MODULES", 0);
-	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
-
-	//zconfdebug = 1;
-	zconfparse();
-	if (zconfnerrs)
-		exit(1);
-	menu_finalize(&rootmenu);
-	for_all_symbols(i, sym) {
-                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
-                        printf("\n");
-		else
-			sym->flags |= SYMBOL_CHECK_DONE;
-        }
-
-	sym_change_count = 1;
-}
-
-const char *zconf_tokenname(int token)
-{
-	switch (token) {
-	case T_MENU:		return "menu";
-	case T_ENDMENU:		return "endmenu";
-	case T_CHOICE:		return "choice";
-	case T_ENDCHOICE:	return "endchoice";
-	case T_IF:		return "if";
-	case T_ENDIF:		return "endif";
-	}
-	return "<token>";
-}
-
-static bool zconf_endtoken(int token, int starttoken, int endtoken)
-{
-	if (token != endtoken) {
-		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	if (current_menu->file != current_file) {
-		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	return true;
-}
-
-static void zconfprint(const char *err, ...)
-{
-	va_list ap;
-
-	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
-	va_start(ap, err);
-	vfprintf(stderr, err, ap);
-	va_end(ap);
-	fprintf(stderr, "\n");
-}
-
-static void zconferror(const char *err)
-{
-	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
-}
-
-void print_quoted_string(FILE *out, const char *str)
-{
-	const char *p;
-	int len;
-
-	putc('"', out);
-	while ((p = strchr(str, '"'))) {
-		len = p - str;
-		if (len)
-			fprintf(out, "%.*s", len, str);
-		fputs("\\\"", out);
-		str = p + 1;
-	}
-	fputs(str, out);
-	putc('"', out);
-}
-
-void print_symbol(FILE *out, struct menu *menu)
-{
-	struct symbol *sym = menu->sym;
-	struct property *prop;
-
-	if (sym_is_choice(sym))
-		fprintf(out, "choice\n");
-	else
-		fprintf(out, "config %s\n", sym->name);
-	switch (sym->type) {
-	case S_BOOLEAN:
-		fputs("  boolean\n", out);
-		break;
-	case S_TRISTATE:
-		fputs("  tristate\n", out);
-		break;
-	case S_STRING:
-		fputs("  string\n", out);
-		break;
-	case S_INT:
-		fputs("  integer\n", out);
-		break;
-	case S_HEX:
-		fputs("  hex\n", out);
-		break;
-	default:
-		fputs("  ???\n", out);
-		break;
-	}
-	for (prop = sym->prop; prop; prop = prop->next) {
-		if (prop->menu != menu)
-			continue;
-		switch (prop->type) {
-		case P_PROMPT:
-			fputs("  prompt ", out);
-			print_quoted_string(out, prop->text);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_DEFAULT:
-			fputs( "  default ", out);
-			expr_fprint(prop->expr, out);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_CHOICE:
-			fputs("  #choice value\n", out);
-			break;
-		default:
-			fprintf(out, "  unknown prop %d!\n", prop->type);
-			break;
-		}
-	}
-	if (sym->help) {
-		int len = strlen(sym->help);
-		while (sym->help[--len] == '\n')
-			sym->help[len] = 0;
-		fprintf(out, "  help\n%s\n", sym->help);
-	}
-	fputc('\n', out);
-}
-
-void zconfdump(FILE *out)
-{
-	struct property *prop;
-	struct symbol *sym;
-	struct menu *menu;
-
-	menu = rootmenu.list;
-	while (menu) {
-		if ((sym = menu->sym))
-			print_symbol(out, menu);
-		else if ((prop = menu->prompt)) {
-			switch (prop->type) {
-			case P_COMMENT:
-				fputs("\ncomment ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			case P_MENU:
-				fputs("\nmenu ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			default:
-				;
-			}
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs("  depends ", out);
-				expr_fprint(prop->visible.expr, out);
-				fputc('\n', out);
-			}
-			fputs("\n", out);
-		}
-
-		if (menu->list)
-			menu = menu->list;
-		else if (menu->next)
-			menu = menu->next;
-		else while ((menu = menu->parent)) {
-			if (menu->prompt && menu->prompt->type == P_MENU)
-				fputs("\nendmenu\n", out);
-			if (menu->next) {
-				menu = menu->next;
-				break;
-			}
-		}
-	}
-}
-
-#include "lex.zconf.c"
-#include "util.c"
-#include "confdata.c"
-#include "expr.c"
-#include "symbol.c"
-#include "menu.c"
-
-
diff --git a/config/scripts/config/zconf.tab.h b/config/scripts/config/zconf.tab.h
deleted file mode 100644
index 3b191ef599..0000000000
--- a/config/scripts/config/zconf.tab.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/* A Bison parser, made from zconf.y, by GNU bison 1.75.  */
-
-/* Skeleton parser for Yacc-like parsing with Bison,
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place - Suite 330,
-   Boston, MA 02111-1307, USA.  */
-
-/* As a special exception, when this file is copied by Bison into a
-   Bison output file, you may use that output file without restriction.
-   This special exception was added by the Free Software Foundation
-   in version 1.24 of Bison.  */
-
-#ifndef BISON_ZCONF_TAB_H
-# define BISON_ZCONF_TAB_H
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     T_MAINMENU = 258,
-     T_MENU = 259,
-     T_ENDMENU = 260,
-     T_SOURCE = 261,
-     T_CHOICE = 262,
-     T_ENDCHOICE = 263,
-     T_COMMENT = 264,
-     T_CONFIG = 265,
-     T_HELP = 266,
-     T_HELPTEXT = 267,
-     T_IF = 268,
-     T_ENDIF = 269,
-     T_DEPENDS = 270,
-     T_REQUIRES = 271,
-     T_OPTIONAL = 272,
-     T_PROMPT = 273,
-     T_DEFAULT = 274,
-     T_TRISTATE = 275,
-     T_BOOLEAN = 276,
-     T_INT = 277,
-     T_HEX = 278,
-     T_WORD = 279,
-     T_STRING = 280,
-     T_UNEQUAL = 281,
-     T_EOF = 282,
-     T_EOL = 283,
-     T_CLOSE_PAREN = 284,
-     T_OPEN_PAREN = 285,
-     T_ON = 286,
-     T_OR = 287,
-     T_AND = 288,
-     T_EQUAL = 289,
-     T_NOT = 290
-   };
-#endif
-#define T_MAINMENU 258
-#define T_MENU 259
-#define T_ENDMENU 260
-#define T_SOURCE 261
-#define T_CHOICE 262
-#define T_ENDCHOICE 263
-#define T_COMMENT 264
-#define T_CONFIG 265
-#define T_HELP 266
-#define T_HELPTEXT 267
-#define T_IF 268
-#define T_ENDIF 269
-#define T_DEPENDS 270
-#define T_REQUIRES 271
-#define T_OPTIONAL 272
-#define T_PROMPT 273
-#define T_DEFAULT 274
-#define T_TRISTATE 275
-#define T_BOOLEAN 276
-#define T_INT 277
-#define T_HEX 278
-#define T_WORD 279
-#define T_STRING 280
-#define T_UNEQUAL 281
-#define T_EOF 282
-#define T_EOL 283
-#define T_CLOSE_PAREN 284
-#define T_OPEN_PAREN 285
-#define T_ON 286
-#define T_OR 287
-#define T_AND 288
-#define T_EQUAL 289
-#define T_NOT 290
-
-
-
-
-#ifndef YYSTYPE
-#line 33 "zconf.y"
-typedef union {
-	int token;
-	char *string;
-	struct symbol *symbol;
-	struct expr *expr;
-	struct menu *menu;
-} yystype;
-/* Line 1281 of /usr/share/bison/yacc.c.  */
-#line 118 "zconf.tab.h"
-# define YYSTYPE yystype
-#endif
-
-extern YYSTYPE zconflval;
-
-
-#endif /* not BISON_ZCONF_TAB_H */
-
diff --git a/httpd/Makefile b/httpd/Makefile
index a6023e7760..6e6df21556 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+#  Copyright(C) 2007 Cameron Rich
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -54,7 +54,6 @@ else
 web_server : $(TARGET)
 
 OBJ= \
-	conn.o \
 	main.o \
 	proc.o \
 	mime_types.o
diff --git a/httpd/README b/httpd/README
index ba11528b02..c8bb279b73 100644
--- a/httpd/README
+++ b/httpd/README
@@ -1,6 +1,6 @@
 
 axhttpd is a small embedded web server using the axTLS library.
 
-It is based originally on the web server written by Doug Currie and is at:
-http://www.hcsw.org/awhttpd).
+It is based originally on the web server written by Doug Currie which is at:
+http://www.hcsw.org/awhttpd.
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 06057d215f..9099317df1 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ *  Copyright(C) 2007 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -107,7 +107,6 @@ extern struct cgiextstruct *cgiexts;
 extern char *webroot;
 
 // conn.c prototypes
-void addconnection(int sd, char *ip, int is_ssl);
 void removeconnection(struct connstruct *cn);
 
 // proc.c prototypes
diff --git a/httpd/main.c b/httpd/main.c
index b98a1dc44a..8de750f457 100644
--- a/httpd/main.c
+++ b/httpd/main.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ *  Copyright(C) 2007 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -33,6 +33,7 @@ char *webroot = CONFIG_HTTP_WEBROOT;
 static void addtoservers(int sd);
 static int openlistener(int port);
 static void handlenewconnection(int listenfd, int is_ssl);
+static void addconnection(int sd, char *ip, int is_ssl);
 #if defined(CONFIG_HTTP_PERM_CHECK)
 static void procpermcheck(const char *pathtocheck);
 #endif
@@ -534,3 +535,99 @@ int isdir(const char *tpbuf)
     return 0;
 }
 
+static void addconnection(int sd, char *ip, int is_ssl) 
+{
+    struct connstruct *tp;
+
+    // Get ourselves a connstruct
+    if (freeconns == NULL) 
+        tp = (struct connstruct *)malloc(sizeof(struct connstruct));
+    else 
+    {
+        tp = freeconns;
+        freeconns = tp->next;
+    }
+
+    // Attach it to the used list
+    tp->next = usedconns;
+    usedconns = tp;
+    tp->networkdesc = sd;
+
+    if (is_ssl)
+        ssl_server_new(servers->ssl_ctx, sd);
+
+    tp->is_ssl = is_ssl;
+    tp->filedesc = -1;
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    tp->dirp = NULL;
+#endif
+    *(tp->actualfile) = '\0';
+    *(tp->filereq) = '\0';
+#if defined(CONFIG_HTTP_HAS_CGI)
+    *(tp->cgiargs) = '\0';
+#endif
+    *(tp->virtualhostreq) = '\0';
+    tp->state = STATE_WANT_TO_READ_HEAD;
+    tp->reqtype = TYPE_GET;
+    my_strncpy(tp->ip, ip, MAXIPLEN);
+    tp->close_when_done = 0;
+    tp->modified_since = 0;
+    tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
+}
+
+void removeconnection(struct connstruct *cn) 
+{
+    struct connstruct *tp;
+    int shouldret = 0;
+
+    tp = usedconns;
+
+    if (tp == NULL || cn == NULL) 
+        shouldret = 1;
+    else if (tp == cn) 
+        usedconns = tp->next;
+    else 
+    {
+        while (tp != NULL) 
+        {
+            if (tp->next == cn) 
+            {
+                tp->next = (tp->next)->next;
+                shouldret = 0;
+                break;
+            }
+
+            tp = tp->next;
+            shouldret = 1;
+        }
+    }
+
+    if (shouldret) 
+        return;
+
+    // If we did, add it to the free list
+    cn->next = freeconns;
+    freeconns = cn;
+
+    // Close it all down
+    if (cn->networkdesc != -1) 
+    {
+        if (cn->is_ssl) 
+            ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
+
+        SOCKET_CLOSE(cn->networkdesc);
+    }
+
+    if (cn->filedesc != -1) 
+        close(cn->filedesc);
+
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    if (cn->dirp != NULL) 
+#ifdef WIN32
+        FindClose(cn->dirp);
+#else
+    closedir(cn->dirp);
+#endif
+#endif
+}
+
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
index f6576f4c57..d4c88da9a0 100644
--- a/httpd/mime_types.c
+++ b/httpd/mime_types.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ *  Copyright(C) 2007 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff --git a/httpd/proc.c b/httpd/proc.c
index 0d3d7ba4c2..2b58902961 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ *  Copyright(C) 2007 Cameron Rich
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -29,7 +29,6 @@
 static int special_read(struct connstruct *cn, void *buf, size_t count);
 static int special_write(struct connstruct *cn, 
                                         const uint8_t *buf, size_t count);
-static void send301(struct connstruct *cn);
 static void send404(struct connstruct *cn);
 static int procindex(struct connstruct *cn, struct stat *stp);
 static int hexit(char c);
@@ -41,7 +40,6 @@ static int sanitizehost(char *buf);
 #if defined(CONFIG_HTTP_DIRECTORIES)
 static void urlencode(const uint8_t *s, uint8_t *t);
 static void procdirlisting(struct connstruct *cn);
-static int issockwriteable(int sd);
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo);
@@ -81,6 +79,8 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         if (sanitizefile(value) == 0) 
         {
+printf("#3\n");
+TTY_FLUSH();
             send404(cn);
             removeconnection(cn);
             return 0;
@@ -96,7 +96,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
 #endif
 
     } 
-    else if (strcmp(buf, "Host:")==0) 
+    else if (strcmp(buf, "Host:") == 0) 
     {
         if (sanitizehost(value) == 0) 
         {
@@ -107,12 +107,11 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
     } 
-    else if (strcmp(buf, "Connection:")==0 &&
-            strcmp(value, "close")==0) 
+    else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
     {
         cn->close_when_done = 1;
     } 
-    else if (strcmp(buf, "If-Modified-Since:") ==0 ) 
+    else if (strcmp(buf, "If-Modified-Since:") == 0) 
     {
         /* TODO: parse this date properly with getdate() or similar */
         cn->modified_since = 1;
@@ -161,8 +160,8 @@ static void procdirlisting(struct connstruct *cn)
 #endif
 
     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
-            "<HTML><BODY>\n<TITLE>Directory Listing</TITLE>\n"
-            "<H2>Directory listing of %s://%s%s</H2><BR>\n", 
+            "<html><body>\n<title>Directory Listing</title>\n"
+            "<h3>Directory listing of %s://%s%s</h3><br />\n", 
             cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
     special_write(cn, buf, strlen(buf));
     cn->state = STATE_DOING_DIR;
@@ -175,18 +174,19 @@ void procdodir(struct connstruct *cn)
 #endif
     char buf[MAXREQUESTLENGTH];
     char encbuf[1024];
-    int putslash;
     char *file;
 
     do 
     {
+       buf[0] = 0;
+
 #ifdef WIN32
         if (!FindNextFile(cn->dirp, &cn->file_data)) 
 #else
         if ((dp = readdir(cn->dirp)) == NULL)  
 #endif
         {
-            snprintf(buf, sizeof(buf), "</BODY></HTML>\n");
+            snprintf(buf, sizeof(buf), "</body></html>\n");
             special_write(cn, buf, strlen(buf));
             removeconnection(cn);
             return;
@@ -198,31 +198,23 @@ void procdodir(struct connstruct *cn)
         file = dp->d_name;
 #endif
 
+        // if no index file, don't display the ".." directory
         if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
-                strcmp(file, "..") == 0) continue;
+                strcmp(file, "..") == 0) 
+            continue;
+
+        // don't display files beginning with "."
+        if (file[0] == '.' && file[1] != '.')
+            continue;
 
         snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
-        putslash = isdir(buf);
+        if (isdir(buf))
+            strcat(file, "/");
         urlencode(file, encbuf);
-        snprintf(buf, sizeof(buf), "<A HREF=\"%s%s\">%s%s</A><BR>\n",
-                encbuf, putslash ? "/" : "", file, putslash ? "/" : "");
-        special_write(cn, buf, strlen(buf));
-    } while (issockwriteable(cn->networkdesc));
-}
-
-static int issockwriteable(int sd)
-{
-    fd_set wfds;
-    struct timeval tv;
 
-    tv.tv_sec = 0;
-    tv.tv_usec = 0;
-
-    FD_ZERO(&wfds);
-    FD_SET(sd, &wfds);
-
-    select(FD_SETSIZE, NULL, &wfds, NULL, &tv);
-    return FD_ISSET(sd, &wfds);
+        snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
+                cn->filereq, encbuf, file);
+    } while (special_write(cn, buf, strlen(buf)));
 }
 
 /* Encode funny chars -> %xx in newly allocated storage */
@@ -358,13 +350,6 @@ void procsendhead(struct connstruct *cn)
 
     if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
     {
-        if (cn->filereq[strlen(cn->filereq)-1] != '/') 
-        {
-            send301(cn);
-            removeconnection(cn);
-            return;
-        }
-
         // Check to see if this dir has an index file
         if (procindex(cn, &stbuf) == 0) 
         {
@@ -394,11 +379,11 @@ void procsendhead(struct connstruct *cn)
             return;
         }
 #endif
-        // If the index isn't a CGI, we continue on with the index file
     }
 
     if (cn->modified_since) 
     {
+        // file has already been read before
         snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
                 "axhttpd V%s\nDate: %s\n", VERSION, date);
         special_write(cn, buf, strlen(buf));
@@ -406,20 +391,18 @@ void procsendhead(struct connstruct *cn)
         cn->state = STATE_WANT_TO_READ_HEAD;
         return;
     }
-    else 
-    {
+
 #ifdef CONFIG_HTTP_VERBOSE
-        printf("axhttpd: %s send %s\n", 
-                cn->is_ssl ? "https" : "http", cn->actualfile);
-        TTY_FLUSH();
+    printf("axhttpd: %s send %s\n", 
+            cn->is_ssl ? "https" : "http", cn->actualfile);
+    TTY_FLUSH();
 #endif
 
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
-                "Content-Type: %s\nContent-Length: %ld\n"
-                "Date: %sLast-Modified: %s\n", VERSION,
-                getmimetype(cn->actualfile), (long) stbuf.st_size,
-                date, ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
-    }
+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
+            "Content-Type: %s\nContent-Length: %ld\n"
+            "Date: %sLast-Modified: %s\n", VERSION,
+            getmimetype(cn->actualfile), (long) stbuf.st_size,
+            date, ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
 
     special_write(cn, buf, strlen(buf));
 
@@ -801,25 +784,12 @@ static int hexit(char c)
         return 0;
 }
 
-static void send301(struct connstruct *cn)
-{
-    char buf[2048];
-    snprintf(buf, sizeof(buf), 
-            "HTTP/1.1 301 Moved Permanently\nLocation: %s/\n\n"
-            "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n"
-            "<HTML><HEAD>\n<TITLE>301 Moved Permanently</TITLE>\n"
-            "</HEAD><BODY>\n<H1>Moved Permanently</H1>\n"
-            "The document has moved <A HREF=\"%s/\">here</A>.<P>\n"
-            "<HR>\n</BODY></HTML>\n", cn->filereq, cn->filereq);
-    special_write(cn, buf, strlen(buf));
-}
-
 static void send404(struct connstruct *cn)
 {
     char buf[1024];
     strcpy(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n"
-            "<HTML><BODY>\n<TITLE>404 Not Found</TITLE><H1>"
-            "404 Not Found</H1>\n</BODY></HTML>\n");
+            "<html><body>\n<title>404 Not Found</title><h1>"
+            "404 Not Found</h1>\n</body></html>\n");
     special_write(cn, buf, strlen(buf));
 }
 
@@ -856,7 +826,6 @@ static int sanitizefile(const char *buf)
     for (i = 0; i < len; i++) 
     {
         // Check for "/." : In other words, don't send files starting with a .
-        // Notice, GOBBLES, that this includes ".."
         if (buf[i] == '/' && buf[i+1] == '.') 
             return 0;
     }
@@ -876,10 +845,12 @@ static int sanitizehost(char *buf)
         }
 
         // Enforce some basic URL rules...
-        if (isalnum(*buf)==0 && *buf != '-' && *buf != '.') return 0;
-        if (*buf == '.' && *(buf+1) == '.') return 0;
-        if (*buf == '.' && *(buf+1) == '-') return 0;
-        if (*buf == '-' && *(buf+1) == '.') return 0;
+        if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
+                (*buf == '.' && *(buf+1) == '.') ||
+                (*buf == '.' && *(buf+1) == '-') ||
+                (*buf == '-' && *(buf+1) == '.'))
+            return 0;
+
         buf++;
     }
 
diff --git a/ssl/Makefile b/ssl/Makefile
index 45fb862e58..7137fb7e0c 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -1,5 +1,5 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+#  Copyright(C) 2007 Cameron Rich
 #
 #  This library is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU Lesser General Public License as published by
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 55482f0a8e..e0427a6e53 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -285,7 +285,7 @@ bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
  * @param bia [in]  A bigint.
  * @param bib [in]  Another bigint.
  * @param is_negative [out] If defined, indicates that the result was negative.
- * is_negative may be NULL.
+ * is_negative may be null.
  * @return The result of the subtraction. The result is always positive.
  */
 bigint *bi_subtract(BI_CTX *ctx, 
@@ -1059,7 +1059,7 @@ static bigint *alloc(BI_CTX *ctx, int size)
 #ifdef CONFIG_SSL_FULL_MODE
             printf("alloc: refs was not 0\n");
 #endif
-            abort();
+            abort();    /* create a stack trace from a core dump */
         }
 
         more_comps(biR, size);
@@ -1220,7 +1220,7 @@ static bigint *comp_mod(bigint *bi, int mod)
 /*
  * Barrett reduction has no need for some parts of the product, so ignore bits
  * of the multiply. This routine gives Barrett its big performance
- * improvements over classical/Montgomery reduction methods. 
+ * improvements over Classical/Montgomery reduction methods. 
  */
 static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
         int inner_partial, int outer_partial)
@@ -1293,10 +1293,10 @@ static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
 }
 
 /**
- * @brief Perform a single barrett reduction.
+ * @brief Perform a single Barrett reduction.
  * @param ctx [in]  The bigint session context.
  * @param bi [in]  A bigint.
- * @return The result of the barrett reduction.
+ * @return The result of the Barrett reduction.
  */
 bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
 {
@@ -1308,7 +1308,7 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
     check(bi);
     check(bim);
 
-    /* use classical method instead  - Barrett cannot help here */
+    /* use Classical method instead  - Barrett cannot help here */
     if (bi->size > k*2)
     {
         return bi_mod(ctx, bi);
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 2455e27c05..a818c5f4b1 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -70,7 +70,7 @@ void buf_grow(BUF_MEM *bm, int len)
     /* add 1kB just to be sure */
     bm->pre_data = (uint8_t *)realloc(bm->pre_data, len+1024+BM_RECORD_OFFSET); 
     bm->data = bm->pre_data+BM_RECORD_OFFSET;
-    bm->max_len = len+1024;
+    bm->max_len = len + 1024;
 }
 
 /**
diff --git a/ssl/tls1.c b/ssl/tls1.c
index b6ba0c68b7..3b48147f0c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -769,7 +769,7 @@ static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
     len = sec_len/2;
     S1 = sec;
     S2 = &sec[len];
-    len += (sec_len&1); /* add for odd, make longer */
+    len += (sec_len & 1); /* add for odd, make longer */
 
     p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
     p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
@@ -842,6 +842,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
     {
         memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
     }
+
 #if 0
     printf("label: %s\n", label);
     print_blob("master secret", ssl->master_secret, 48);
@@ -1121,9 +1122,11 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 {
     int ret = SSL_OK;
     int read_len, is_record;
-    uint8_t *buf = ssl->bm_buf.data;
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf;
 
+    buf_grow(&ssl->bm_buf, ssl->need_bytes);
+    buf = ssl->bm_buf.data;
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_buf.index], 
                             ssl->need_bytes-ssl->got_bytes);
 

From f616c74150b52706ea2ca144ce359fad8c853d70 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 1 Feb 2007 08:31:32 +0000
Subject: [PATCH 046/301] added versioning/fragmentation

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@56 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                            |   7 +-
 README                              |   4 +-
 bindings/csharp/axTLS.cs            |   8 +
 bindings/generate_SWIG_interface.pl |   1 +
 bindings/generate_interface.pl      |   1 +
 bindings/java/SSLUtil.java          |   8 +
 bindings/vbnet/axTLSvb.vb           |   4 +
 config/axhttpd.aip                  |  94 ++------
 config/linuxconfig                  |   1 +
 config/win32config                  |   1 +
 docsrc/doco_footer.html             |   2 +-
 httpd/Makefile                      |   2 +
 httpd/axhttp.h                      |   2 +-
 httpd/main.c                        |  34 ++-
 httpd/mime_types.c                  |   6 +-
 httpd/proc.c                        |  62 +++---
 samples/c/axssl.c                   |  10 +-
 samples/csharp/axssl.cs             |  17 +-
 samples/java/axssl.java             |  26 +--
 samples/perl/axssl.pl               |   8 +-
 samples/vbnet/axssl.vb              |  11 +-
 ssl/Config.in                       |  13 ++
 ssl/Makefile                        |   4 +-
 ssl/aes.c                           |   1 -
 ssl/bigint.c                        |  10 +-
 ssl/bigint.h                        |  10 +-
 ssl/crypto.h                        |  21 +-
 ssl/crypto_misc.c                   |  41 ----
 ssl/loader.c                        |  28 +--
 ssl/md5.c                           |   5 +-
 ssl/p12.c                           |   1 +
 ssl/rc4.c                           |   4 -
 ssl/rsa.c                           |  19 +-
 ssl/sha1.c                          |   6 +-
 ssl/ssl.h                           |  19 +-
 ssl/test/ssltest.c                  | 330 ++++++++++++++++++----------
 ssl/tls1.c                          | 232 ++++++++++---------
 ssl/tls1.h                          |  41 +++-
 ssl/tls1_clnt.c                     |  33 +--
 ssl/tls1_svr.c                      |  29 ++-
 40 files changed, 611 insertions(+), 545 deletions(-)

diff --git a/Makefile b/Makefile
index 03a220e5fc..33c1debe44 100644
--- a/Makefile
+++ b/Makefile
@@ -44,9 +44,13 @@ ifdef CONFIG_SAMPLES
 	$(MAKE) -C samples
 endif
 
-$(STAGE) :
+$(STAGE) : ssl/version.h
 	@mkdir -p $(STAGE)
 
+# create a version file with something in it.
+ssl/version.h:
+	@echo "#define AXTLS_VERSION    \"(no version)\"" > ssl/version.h
+
 $(PREFIX) :
 	@mkdir -p $(PREFIX)/lib
 	@mkdir -p $(PREFIX)/bin
@@ -56,6 +60,7 @@ release:
 	-$(MAKE) clean
 	-@rm config/*.msi config/*.back.aip config/config.h config/.config*
 	@rm -fr $(STAGE)
+	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
 	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
 
 docs:
diff --git a/README b/README
index db35888d79..fcc18121b8 100644
--- a/README
+++ b/README
@@ -115,7 +115,7 @@ ActiveState's version works ok).
   communicate securely because they have no common encryption 
   algorithms" (v1.5), or "Firefox can't connect to <server> because the site 
   uses a security protocol which isn't enabled" (v2.0). See bugzilla issues 
-  343543 and 359484 (Comment #7).  It's all broken (hopefully fixed soon).
+  343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).
 
 * Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile
   the latest version of Perl on an AMD64 box (using FC3).
@@ -148,7 +148,7 @@ Solaris issues
 ==============
 * mconf doesn't work well - some manual tweaking is required for string values.
 
-* GNU make and GNU patch are required and need to be in $PATH.
+* GNU make is required and needs to be in $PATH.
 
 * To get swig's library dependencies to work (and for the C library to be
   found), I needed to type:
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index 9362fbae2a..a59209168d 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -185,6 +185,14 @@ public static void DisplayError(int error_code)
         {
             axtls.ssl_display_error(error_code);
         }
+
+        /**
+         * @brief Return the version of the axTLS project.
+         */
+        public static string Version()
+        {
+            return axtls.ssl_version();
+        }
     }
 
     /**
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index dea277e6ec..3732a1d38c 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -30,6 +30,7 @@ sub transformSignature
         # make API Java more 'byte' friendly
         $line =~ s/uint32_t/int/g;
         $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        $line =~ s/\(void\)/()/g;
         if ($ARGV[0] eq "-java")
         {
             $line =~ s/.*ssl_read.*//g;
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index fee6eb4c5f..193b5adf40 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -59,6 +59,7 @@ sub transformSignature
             $line =~ s/SSLCTX \* ?/IntPtr /g;
             $line =~ s/SSLObjLoader \* ?/IntPtr /g;
             $line =~ s/SSL \* ?/IntPtr /g;
+            $line =~ s/\(void\)/()/g;
         }
         elsif ($binding == $VBNET)
         {
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
index d5b6ba9f23..a59de3f1fe 100644
--- a/bindings/java/SSLUtil.java
+++ b/bindings/java/SSLUtil.java
@@ -92,5 +92,13 @@ public static void displayError(int error_code)
     {
         axtlsj.ssl_display_error(error_code);
     }
+
+    /**
+     * @brief Return the version of the axTLS project.
+     */
+    public static String version()
+    {
+        return axtlsj.ssl_version();
+    }
 }
 
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
index c07258df43..9cec32c789 100644
--- a/bindings/vbnet/axTLSvb.vb
+++ b/bindings/vbnet/axTLSvb.vb
@@ -83,6 +83,10 @@ Namespace axTLSvb
         Public Shared Sub DisplayError(ByVal error_code As Integer)
             axtls.ssl_display_error(error_code)
         End Sub
+
+        Public Shared Function Version() As String
+            Return axtls.ssl_version()
+        End Function
     End Class
 
     Public Class SSLCTX
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index a1806c0c0e..25e067abe9 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,17 +1,17 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.1.1" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.2" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
     <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
-    <ROW Property="ARPURLINFOABOUT" Value="http://www.leroc.com.au/axTLS"/>
+    <ROW Property="ARPURLINFOABOUT" Value="http://axtls.cerocclub.com.au"/>
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{95CBFC63-55F3-4811-8E6A-933E33358612} "/>
+    <ROW Property="ProductCode" Value="1033:{4708D414-9C0E-46D2-9B67-D6421C9C5F81} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
-    <ROW Property="ProductName" Value="Awhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.0.2"/>
+    <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
+    <ROW Property="ProductVersion" Value="1.1.0"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
@@ -23,16 +23,6 @@
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
-    <ROW Directory="prop_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="prop_base_DIR" Directory_Parent="svn_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="props_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="props"/>
-    <ROW Directory="props_DIR" Directory_Parent="svn_DIR" DefaultDir="props"/>
-    <ROW Directory="svn_DIR" Directory_Parent="crypto_files_DIR" DefaultDir="svn~1|.svn"/>
-    <ROW Directory="text_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="text_base_DIR" Directory_Parent="svn_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="tmp_DIR" Directory_Parent="svn_DIR" DefaultDir="tmp"/>
-    <ROW Directory="wcprops_1_DIR" Directory_Parent="svn_DIR" DefaultDir="wcprops"/>
-    <ROW Directory="wcprops_DIR" Directory_Parent="tmp_DIR" DefaultDir="wcprops"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
@@ -46,24 +36,14 @@
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
     <ROW Component="crypto_2600des.gif" ComponentId="{CF142350-C3E2-4F82-88AF-0706F8D8C7F9}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
-    <ROW Component="crypto_2600des.gif.svn_base" ComponentId="{5A7893BF-4CE9-440F-8212-886D5E21EA39}" Directory_="prop_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base" FullKeyPath="APPDIR\www\crypto_files\.svn\prop-base"/>
-    <ROW Component="crypto_2600des.gif.svn_base_1" ComponentId="{28160B9C-10F3-43AB-B43B-EAD04D2A62F1}" Directory_="text_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base_1" FullKeyPath="APPDIR\www\crypto_files\.svn\text-base"/>
-    <ROW Component="crypto_2600des.gif.svn_work" ComponentId="{22FF589C-8024-4A96-B101-5D05BFB226D4}" Directory_="props_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work" FullKeyPath="APPDIR\www\crypto_files\.svn\props"/>
-    <ROW Component="crypto_2600des.gif.svn_work_1" ComponentId="{8C90C876-62C5-4B00-B61C-7F79AFB316ED}" Directory_="wcprops_1_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work_1" FullKeyPath="APPDIR\www\crypto_files\.svn\wcprops"/>
-    <ROW Component="dir_wcprops" ComponentId="{466EBC3E-CFBE-4532-8D34-0CF1BD18A6B0}" Directory_="svn_DIR" Attributes="0" KeyPath="dir_wcprops" FullKeyPath="APPDIR\www\crypto_files\.svn"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
-    <ROW Component="prop_base" ComponentId="{43478899-1EF9-4375-AAA5-CDDF217F1B98}" Directory_="prop_base_1_DIR" Attributes="0"/>
-    <ROW Component="props" ComponentId="{B04545A5-3C92-4DCE-BEAB-BD380EF0C57C}" Directory_="props_1_DIR" Attributes="0"/>
     <ROW Component="test_cgi.php" ComponentId="{9025188F-8BED-4459-86EF-74C28A3B9301}" Directory_="New_Folder_1_DIR" Attributes="0" KeyPath="test_cgi.php" FullKeyPath="APPDIR\www\test_dir"/>
-    <ROW Component="text_base" ComponentId="{37B9ED8A-06B0-431B-9EB6-58ED9497E9BC}" Directory_="text_base_1_DIR" Attributes="0"/>
-    <ROW Component="wcprops" ComponentId="{4106AB01-565E-4281-97AE-96EC1F865899}" Directory_="wcprops_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder crypto_2600des.gif"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
-    <ROW File="README.txt" Component_="dir_wcprops" FileName="README.txt" Attributes="1" SourcePath="..\www\crypto_files\.svn\README.txt" SelfReg="false" Sequence="43"/>
     <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
     <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
     <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
@@ -76,58 +56,18 @@
     <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
     <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="62"/>
-    <ROW File="crypto_2600des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="25"/>
-    <ROW File="crypto_2600des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="44"/>
-    <ROW File="crypto_2600des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="34"/>
-    <ROW File="crypto_2600des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="53"/>
-    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="63"/>
-    <ROW File="crypto_3ways.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="26"/>
-    <ROW File="crypto_3ways.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="45"/>
-    <ROW File="crypto_3ways.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="35"/>
-    <ROW File="crypto_3ways.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="54"/>
-    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="64"/>
-    <ROW File="crypto_backrsa.jpg.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="27"/>
-    <ROW File="crypto_backrsa.jpg.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="46"/>
-    <ROW File="crypto_backrsa.jpg.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="36"/>
-    <ROW File="crypto_backrsa.jpg.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="55"/>
-    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="65"/>
-    <ROW File="crypto_cert.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="28"/>
-    <ROW File="crypto_cert.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="47"/>
-    <ROW File="crypto_cert.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_cert.gif.svn-work" SelfReg="false" Sequence="37"/>
-    <ROW File="crypto_cert.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_cert.gif.svn-work" SelfReg="false" Sequence="56"/>
-    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="66"/>
-    <ROW File="crypto_des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="29"/>
-    <ROW File="crypto_des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="48"/>
-    <ROW File="crypto_des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_des.gif.svn-work" SelfReg="false" Sequence="38"/>
-    <ROW File="crypto_des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_des.gif.svn-work" SelfReg="false" Sequence="57"/>
-    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="67"/>
-    <ROW File="crypto_ecc.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="30"/>
-    <ROW File="crypto_ecc.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="49"/>
-    <ROW File="crypto_ecc.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="39"/>
-    <ROW File="crypto_ecc.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="58"/>
-    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="68"/>
-    <ROW File="crypto_sslv3.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="31"/>
-    <ROW File="crypto_sslv3.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="50"/>
-    <ROW File="crypto_sslv3.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="40"/>
-    <ROW File="crypto_sslv3.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="59"/>
-    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="69"/>
-    <ROW File="crypto_types.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="32"/>
-    <ROW File="crypto_types.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="51"/>
-    <ROW File="crypto_types.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\crypto_types.gif.svn-work" SelfReg="false" Sequence="41"/>
-    <ROW File="crypto_types.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\crypto_types.gif.svn-work" SelfReg="false" Sequence="60"/>
-    <ROW File="dir_wcprops" Component_="dir_wcprops" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\crypto_files\.svn\dir-wcprops" SelfReg="false" Sequence="21"/>
-    <ROW File="empty_file" Component_="dir_wcprops" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\crypto_files\.svn\empty-file" SelfReg="false" Sequence="22"/>
-    <ROW File="entries" Component_="dir_wcprops" FileName="entries" Attributes="1" SourcePath="..\www\crypto_files\.svn\entries" SelfReg="false" Sequence="23"/>
+    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="21"/>
+    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="22"/>
+    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="23"/>
+    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="24"/>
+    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="25"/>
+    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="26"/>
+    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="27"/>
+    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="28"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="format" Component_="dir_wcprops" FileName="format" Attributes="1" SourcePath="..\www\crypto_files\.svn\format" SelfReg="false" Sequence="24"/>
     <ROW File="health.sh" Component_="test_cgi.php" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="19"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="70"/>
-    <ROW File="kerberos.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\prop-base\kerberos.gif.svn-base" SelfReg="false" Sequence="33"/>
-    <ROW File="kerberos.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\crypto_files\.svn\text-base\kerberos.gif.svn-base" SelfReg="false" Sequence="52"/>
-    <ROW File="kerberos.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\props\kerberos.gif.svn-work" SelfReg="false" Sequence="42"/>
-    <ROW File="kerberos.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\crypto_files\.svn\wcprops\kerberos.gif.svn-work" SelfReg="false" Sequence="61"/>
+    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="29"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
     <ROW File="some_text.txt" Component_="test_cgi.php" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="20"/>
     <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
@@ -163,10 +103,6 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
     <ROW Directory_="New_Folder_2_DIR" Component_="New_Folder"/>
-    <ROW Directory_="prop_base_1_DIR" Component_="prop_base"/>
-    <ROW Directory_="props_1_DIR" Component_="props"/>
-    <ROW Directory_="text_base_1_DIR" Component_="text_base"/>
-    <ROW Directory_="wcprops_DIR" Component_="wcprops"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
diff --git a/config/linuxconfig b/config/linuxconfig
index 757d0f75c8..1fd7cfa470 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -39,6 +39,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
 # CONFIG_PERFORMANCE_TESTING is not set
diff --git a/config/win32config b/config/win32config
index a275fd2fb4..54a6945437 100644
--- a/config/win32config
+++ b/config/win32config
@@ -43,6 +43,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
 # CONFIG_USE_DEV_URANDOM is not set
 CONFIG_WIN32_USE_CRYPTO_LIB=y
 # CONFIG_PERFORMANCE_TESTING is not set
diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html
index e16051cba1..20c4e70b7a 100644
--- a/docsrc/doco_footer.html
+++ b/docsrc/doco_footer.html
@@ -1,3 +1,3 @@
 <p></p>
 <p align="center"><img src="../images/tsbasbw.gif" width="1000" height="7"></p>
-<CITE>Copyright <sup>�</sup> 2006 Cameron Rich</CITE>
+<CITE>Copyright <sup>�</sup> 2007 Cameron Rich</CITE>
diff --git a/httpd/Makefile b/httpd/Makefile
index 6e6df21556..442dca403e 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -58,6 +58,8 @@ OBJ= \
 	proc.o \
 	mime_types.o
 
+include ../config/makefile.post
+
 ifndef CONFIG_PLATFORM_WIN32
 
 $(TARGET): $(OBJ) ../$(STAGE)/libaxtls.a
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 9099317df1..dde47e60db 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -32,7 +32,7 @@
 #define BLOCKSIZE 4096
 
 #define INITIAL_CONNECTION_SLOTS 10
-#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS 0
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0
 
 #define STATE_WANT_TO_READ_HEAD  1
 #define STATE_WANT_TO_SEND_HEAD  2
diff --git a/httpd/main.c b/httpd/main.c
index 8de750f457..dd0e09fdf8 100644
--- a/httpd/main.c
+++ b/httpd/main.c
@@ -24,7 +24,6 @@
 #include <sys/stat.h>
 #include "axhttp.h"
 
-// GLOBALS
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
@@ -99,7 +98,7 @@ int main(int argc, char *argv[])
     WSADATA wsaData;
     WSAStartup(wVersionRequested,&wsaData);
 #else
-    if (getuid() == 0)  // change our uid if we are root
+    if (getuid() == 0)  /* change our uid if we are root */
     {
         setgid(32767);
         setuid(32767);
@@ -111,6 +110,7 @@ int main(int argc, char *argv[])
     signal(SIGCHLD, reaper);
 #endif
 #endif
+
     signal(SIGINT, sigint_cleanup);
     signal(SIGTERM, die);
     mime_init();
@@ -167,8 +167,8 @@ int main(int argc, char *argv[])
     addcgiext(CONFIG_HTTP_CGI_EXTENSION);
 #endif
 #if defined(CONFIG_HTTP_VERBOSE)
-    printf("axhttpd: listening on ports http:%d and https:%d\n", 
-            CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
+    printf("axhttpd (%s): listening on ports %d (http) and %d (https)\n", 
+            ssl_version(), CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
     TTY_FLUSH();
 #endif
 #if defined(CONFIG_HTTP_IS_DAEMON)
@@ -178,7 +178,7 @@ int main(int argc, char *argv[])
     setsid();
 #endif
 
-    // main loop
+    /* main loop */
     while (1)
     {
         FD_ZERO(&rfds);
@@ -186,7 +186,7 @@ int main(int argc, char *argv[])
         rnum = wnum = -1;
         sp = servers;
 
-        while (sp != NULL)  // read each server port
+        while (sp != NULL)  /* read each server port */
         {
             FD_SET(sp->sd, &rfds);
 
@@ -195,13 +195,13 @@ int main(int argc, char *argv[])
             sp = sp->next;
         }
 
-        // Add the established sockets
+        /* Add the established sockets */
         tp = usedconns;
         currtime = time(NULL);
 
         while (tp != NULL) 
         {
-            if (currtime > tp->timeout)     // timed out? Kill it.
+            if (currtime > tp->timeout)     /* timed out? Kill it. */
             {
                 to = tp;
                 tp = tp->next;
@@ -253,7 +253,7 @@ int main(int argc, char *argv[])
                 wnum != -1 ? &wfds : NULL,
                 NULL, NULL);
 
-        // New connection?
+        /* New connection? */
         sp = servers;
         while (active > 0 && sp != NULL) 
         {
@@ -266,7 +266,7 @@ int main(int argc, char *argv[])
             sp = sp->next;
         }
 
-        // Handle the established sockets
+        /* Handle the established sockets */
         tp = usedconns;
 
         while (active > 0 && tp != NULL) 
@@ -446,14 +446,10 @@ static void handlenewconnection(int listenfd, int is_ssl)
     int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
 
     if (tp == sizeof(struct sockaddr_in6)) 
-    {
         inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
-    } 
     else if (tp == sizeof(struct sockaddr_in)) 
-    {
         inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
                 ipbuf, sizeof(ipbuf));
-    } 
     else 
         *ipbuf = '\0';
 
@@ -539,7 +535,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
 {
     struct connstruct *tp;
 
-    // Get ourselves a connstruct
+    /* Get ourselves a connstruct */
     if (freeconns == NULL) 
         tp = (struct connstruct *)malloc(sizeof(struct connstruct));
     else 
@@ -548,7 +544,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
         freeconns = tp->next;
     }
 
-    // Attach it to the used list
+    /* Attach it to the used list */
     tp->next = usedconns;
     usedconns = tp;
     tp->networkdesc = sd;
@@ -605,11 +601,11 @@ void removeconnection(struct connstruct *cn)
     if (shouldret) 
         return;
 
-    // If we did, add it to the free list
+    /* If we did, add it to the free list */
     cn->next = freeconns;
     freeconns = cn;
 
-    // Close it all down
+    /* Close it all down */
     if (cn->networkdesc != -1) 
     {
         if (cn->is_ssl) 
@@ -626,7 +622,7 @@ void removeconnection(struct connstruct *cn)
 #ifdef WIN32
         FindClose(cn->dirp);
 #else
-    closedir(cn->dirp);
+        closedir(cn->dirp);
 #endif
 #endif
 }
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
index d4c88da9a0..1335e7d0d3 100644
--- a/httpd/mime_types.c
+++ b/httpd/mime_types.c
@@ -32,18 +32,18 @@ typedef struct
 
 static mime_table_t mime_table[] = 
 {
-    // Fundamentals
+    /* Fundamental types */
     { ".html", "text/html" },
     { ".htm", "text/html" },
     { ".css", "text/css" },
 
-    // Basic graphics
+    /* Basic graphics */
     { ".jpg", "image/jpeg" },
     { ".gif", "image/gif" },
     { ".png", "image/png" },
 
 #ifdef CONFIG_HTTP_ALL_MIME_TYPES
-    // This list is a bit expensive to maintain normally, so it's an option.
+    /* This list is a bit expensive to maintain normally, so it's an option. */
     { ".txt", "text/plain" },
     { ".rtx", "text/richtext" },
     { ".etx", "text/x-setext" },
diff --git a/httpd/proc.c b/httpd/proc.c
index 2b58902961..9a59908d3e 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -48,7 +48,7 @@ static void split(char *tp, char *sp[], int maxwords, char sc);
 static int iscgi(const char *fn);
 #endif
 
-// Returns 1 if elems should continue being read, 0 otherwise
+/* Returns 1 if elems should continue being read, 0 otherwise */
 static int procheadelem(struct connstruct *cn, char *buf) 
 {
     char *delim, *value;
@@ -79,8 +79,6 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         if (sanitizefile(value) == 0) 
         {
-printf("#3\n");
-TTY_FLUSH();
             send404(cn);
             removeconnection(cn);
             return 0;
@@ -155,7 +153,7 @@ static void procdirlisting(struct connstruct *cn)
         return;
     }
 
-    // Get rid of the "."
+    /* Get rid of the "." */
     readdir(cn->dirp);
 #endif
 
@@ -198,12 +196,12 @@ void procdodir(struct connstruct *cn)
         file = dp->d_name;
 #endif
 
-        // if no index file, don't display the ".." directory
+        /* if no index file, don't display the ".." directory */
         if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
                 strcmp(file, "..") == 0) 
             continue;
 
-        // don't display files beginning with "."
+        /* don't display files beginning with "." */
         if (file[0] == '.' && file[1] != '.')
             continue;
 
@@ -257,7 +255,7 @@ void procreadhead(struct connstruct *cn)
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
-        if (rv < 0) // really dead?
+        if (rv < 0) /* really dead? */
             removeconnection(cn);
         return;
     }
@@ -265,10 +263,10 @@ void procreadhead(struct connstruct *cn)
     buf[rv] = '\0';
     next = tp = buf;
 
-    // Split up lines and send to procheadelem()
+    /* Split up lines and send to procheadelem() */
     while (*next != '\0') 
     {
-        // If we have a blank line, advance to next stage!
+        /* If we have a blank line, advance to next stage! */
         if (*next == '\r' || *next == '\n') 
         {
             buildactualfile(cn);
@@ -319,7 +317,7 @@ void procsendhead(struct connstruct *cn)
 #if defined(CONFIG_HTTP_HAS_CGI)
         if (trycgi_withpathinfo(cn) == 0) 
         { 
-            // We Try To Find A CGI
+            /* We Try To Find A CGI */
             proccgi(cn, 1);
             return;
         }
@@ -334,7 +332,7 @@ void procsendhead(struct connstruct *cn)
     if (iscgi(cn->actualfile))
     {
 #ifndef WIN32
-        // Set up CGI script
+        /* Set up CGI script */
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
         {
             send404(cn);
@@ -350,11 +348,11 @@ void procsendhead(struct connstruct *cn)
 
     if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
     {
-        // Check to see if this dir has an index file
+        /* Check to see if this dir has an index file */
         if (procindex(cn, &stbuf) == 0) 
         {
 #if defined(CONFIG_HTTP_DIRECTORIES)
-            // If not, we do a directory listing of it
+            /* If not, we do a directory listing of it */
             procdirlisting(cn);
 #else
             send404(cn);
@@ -364,10 +362,10 @@ void procsendhead(struct connstruct *cn)
         }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-        // If the index is a CGI file, handle it like any other CGI
+        /* If the index is a CGI file, handle it like any other CGI */
         if (iscgi(cn->actualfile))
         {
-            // Set up CGI script
+            /* Set up CGI script */
             if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
             {
                 send404(cn);
@@ -383,7 +381,7 @@ void procsendhead(struct connstruct *cn)
 
     if (cn->modified_since) 
     {
-        // file has already been read before
+        /* file has already been read before */
         snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
                 "axhttpd V%s\nDate: %s\n", VERSION, date);
         special_write(cn, buf, strlen(buf));
@@ -402,7 +400,7 @@ void procsendhead(struct connstruct *cn)
             "Content-Type: %s\nContent-Length: %ld\n"
             "Date: %sLast-Modified: %s\n", VERSION,
             getmimetype(cn->actualfile), (long) stbuf.st_size,
-            date, ctime(&(stbuf.st_mtime))); // ctime() has a \n on the end
+            date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */
 
     special_write(cn, buf, strlen(buf));
 
@@ -505,8 +503,8 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
 
     if (cn->is_ssl)
     {
-        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
         uint8_t *read_buf;
+        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
 
         if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
             memcpy(buf, read_buf, res > (int)count ? count : res);
@@ -517,9 +515,9 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
     return res;
 }
 
-// Returns 0 if no index was found and doesn't modify cn->actualfile
-// Returns 1 if an index was found and puts the index in cn->actualfile
-//              and puts its stat info into stp
+/* Returns 0 if no index was found and doesn't modify cn->actualfile
+   Returns 1 if an index was found and puts the index in cn->actualfile
+              and puts its stat info into stp */
 static int procindex(struct connstruct *cn, struct stat *stp) 
 {
     char tbuf[MAXREQUESTLENGTH];
@@ -557,9 +555,9 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 #ifndef WIN32
     pipe(tpipe);
 
-    if (fork() > 0)  // parent
+    if (fork() > 0)  /* parent */
     {
-        // Close the write descriptor
+        /* Close the write descriptor */
         close(tpipe[1]);
         cn->filedesc = tpipe[0];
         cn->state = STATE_WANT_TO_READ_FILE;
@@ -567,16 +565,16 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
         return;
     }
 
-    // The problem child...
+    /* The problem child... */
 
-    // Our stdout/stderr goes to the socket
+    /* Our stdout/stderr goes to the socket */
     dup2(tpipe[1], 1);
     dup2(tpipe[1], 2);
 
-    // If it was a POST request, send the socket data to our stdin
+    /* If it was a POST request, send the socket data to our stdin */
     if (cn->reqtype == TYPE_POST) 
         dup2(cn->networkdesc, 0);
-    else // Otherwise we can shutdown the read side of the sock
+    else    /* Otherwise we can shutdown the read side of the sock */
         shutdown(cn->networkdesc, 0);
 
     close(tpipe[0]);
@@ -645,7 +643,7 @@ static int trycgi_withpathinfo(struct connstruct *cn)
 {
     char tpfile[MAXREQUESTLENGTH];
     char fr_str[MAXREQUESTLENGTH];
-    char *fr_rs[MAXCGIARGS]; // filereq splitted
+    char *fr_rs[MAXCGIARGS]; /* filereq splitted */
     int i = 0, offset;
 
     my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
@@ -818,14 +816,14 @@ static int sanitizefile(const char *buf)
 {
     int len, i;
 
-    // Don't accept anything not starting with a /
+    /* Don't accept anything not starting with a / */
     if (*buf != '/') 
         return 0;
 
     len = strlen(buf);
     for (i = 0; i < len; i++) 
     {
-        // Check for "/." : In other words, don't send files starting with a .
+        /* Check for "/." i.e. don't send files starting with a . */
         if (buf[i] == '/' && buf[i+1] == '.') 
             return 0;
     }
@@ -837,14 +835,14 @@ static int sanitizehost(char *buf)
 {
     while (*buf != '\0') 
     {
-        // Handle the port
+        /* Handle the port */
         if (*buf == ':') 
         {
             *buf = '\0';
             return 1;
         }
 
-        // Enforce some basic URL rules...
+        /* Enforce some basic URL rules... */
         if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
                 (*buf == '.' && *(buf+1) == '.') ||
                 (*buf == '.' && *(buf+1) == '-') ||
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 7575c263bb..7a4e1dd189 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -63,11 +63,15 @@ int main(int argc, char *argv[])
     signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
 #endif
 
+    if (argc == 2 && strcmp(argv[1], "version") == 0)
+    {
+        printf("axssl %s\n", ssl_version());
+        exit(0);
+    }
+
     if (argc < 2 || (
                 strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
-    {
         print_options(argc > 1 ? argv[1] : "");
-    }
 
     strcmp(argv[1], "s_server") ? 
         do_client(argc, argv) : do_server(argc, argv);
@@ -733,7 +737,7 @@ static void do_client(int argc, char *argv[])
 static void print_options(char *option)
 {
     printf("axssl: Error: '%s' is an invalid command.\n", option);
-    printf("usage: axssl [s_server|s_client] [args ...]\n");
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
     exit(1);
 }
 
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index eb80146533..1f1f95b584 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -39,28 +39,28 @@
 
 public class axssl
 {
-   /*
+    /*
      * Main()
      */
     public static void Main(string[] args)
     {
+        if (args.Length == 1 && args[0] == "version")
+        {
+            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
+            Environment.Exit(0); 
+        }
+
         axssl runner = new axssl();
 
         if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
-        {
             runner.print_options(args.Length > 0 ? args[0] : "");
-        }
 
         int build_mode = SSLUtil.BuildMode();
 
         if (args[0] == "s_server")
-        {
             runner.do_server(build_mode, args);
-        }
         else 
-        {
             runner.do_client(build_mode, args);
-        }
     }
 
     /*
@@ -603,7 +603,8 @@ private void print_options(string option)
     {
         Console.WriteLine("axssl: Error: '" + option + 
                 "' is an invalid command.");
-        Console.WriteLine("usage: axssl.cs.exe [s_server|s_client] [args ...]");
+        Console.WriteLine("usage: axssl.csharp [s_server|" +
+                            "s_client|version] [args ...]");
         Environment.Exit(1);
     }
 
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
index 3d138c6cf5..a08e9a79d3 100644
--- a/samples/java/axssl.java
+++ b/samples/java/axssl.java
@@ -43,6 +43,12 @@ public class axssl
      */
     public static void main(String[] args)
     {
+        if (args.length == 1 && args[0].equals("version"))
+        {
+            System.out.println("axtls.jar " + SSLUtil.version());
+            System.exit(0);
+        }
+
         axssl runner = new axssl();
 
         try
@@ -57,13 +63,9 @@ public static void main(String[] args)
             int build_mode = SSLUtil.buildMode();
 
             if (args[0].equals("s_server"))
-            {
                 runner.do_server(build_mode, args);
-            }
             else 
-            {
                 runner.do_client(build_mode, args);
-            }
         }
         catch (Exception e) 
         {
@@ -193,9 +195,7 @@ else if (args[i].equals("-show-rsa"))
                                     axtlsj.SSL_DEFAULT_SVR_SESS);
 
         if (ssl_ctx == null)
-        {
             throw new Exception("Error: Server context is invalid");
-        }
 
         if (private_key_file != null)
         {
@@ -316,9 +316,7 @@ private void do_client(int build_mode, String[] args)
                     throws Exception
     {
         if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
-        {
             print_client_options(build_mode, args[1]);
-        }
 
         int i = 1, res;
         int port = 4433;
@@ -599,7 +597,7 @@ private void print_options(String option)
     {
         System.out.println("axssl: Error: '" + option + 
                 "' is an invalid command.");
-        System.out.println("usage: axtlsj.jar [s_server|s_client] " + 
+        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
                 "[args ...]");
         System.exit(1);
     }
@@ -701,25 +699,15 @@ private void display_cipher(SSL ssl)
         byte ciph_id = ssl.getCipherId();
 
         if (ciph_id == axtlsj.SSL_AES128_SHA)
-        {
             System.out.println("AES128-SHA");
-        }
         else if (ciph_id == axtlsj.SSL_AES256_SHA)
-        {
             System.out.println("AES256-SHA");
-        }
         else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
-        {
             System.out.println("RC4-SHA");
-        }
         else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
-        {
             System.out.println("RC4-MD5");
-        }
         else
-        {
             System.out.println("Unknown - " + ssl.getCipherId());
-        }
     }
 
     public char toHexChar(int i)
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index e0200ea0b2..cbfd58fdb7 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -62,6 +62,12 @@ sub get_native_sock
 # Main entry point. Doesn't do much except works out whether we are a client
 # or a server.
 #
+if ($#ARGV == 0 && $ARGV[0] eq "version")
+{
+    printf("axssl.pl ".axtlsp::ssl_version()."\n");
+    exit 0;
+}
+
 print_options($#ARGV > -1 ? $ARGV[0] : "")
         if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
 
@@ -87,7 +93,7 @@ sub do_server
     my $private_key_file = undef;
     my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
     my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
     my @cert;
     my @ca_cert;
 
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
index ce64db5e83..da6f71984a 100644
--- a/samples/vbnet/axssl.vb
+++ b/samples/vbnet/axssl.vb
@@ -98,7 +98,8 @@ Public Class axssl
                     If args(i) = "-verify" Then
                         options = options Or axtls.SSL_CLIENT_AUTHENTICATION
                     ElseIf args(i) = "-CAfile"
-                        If i >= args.Length-1 Or ca_cert_index >= ca_cert_size Then
+                        If i >= args.Length-1 Or _
+                                    ca_cert_index >= ca_cert_size Then
                             print_server_options(build_mode, args(i))
                         End If
 
@@ -553,7 +554,8 @@ Public Class axssl
     Public Sub print_options(ByVal options As String)
         Console.WriteLine("axssl: Error: '" & options & _
                 "' is an invalid command.")
-        Console.WriteLine("usage: axssl.vb.exe [s_server|s_client] [args ...]")
+        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
+                "version] [args ...]")
         Environment.Exit(1)
     End Sub
 
@@ -663,6 +665,11 @@ Public Module MyMain
     Function Main(ByVal args() As String) As Integer
         Dim runner As axssl = New axssl()
 
+        If args.Length = 1 And args(0) = "version" Then
+           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
+            Environment.Exit(0)
+        End If
+
         If args.Length < 1 
             runner.print_options("")
         ElseIf args(0) <> "s_server" And args(0) <> "s_client"
diff --git a/ssl/Config.in b/ssl/Config.in
index 56c7173efa..76b7f49c06 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -210,6 +210,19 @@ config CONFIG_SSL_MAX_CERTS
         The default is to allow one certificate + 1 certificate in the chain
         (which may be the certificate authority certificate).
 
+config CONFIG_SSLCTX_MUTEXING
+    bool "Enable SSLCTX mutexing"
+    default n
+    help
+        Normally mutexing is not required - each SSLCTX object can deal with
+        many SSL objects (as long as each SSLCTX object is using a single
+        thread).
+
+        If the SSLCTX object is not thread safe e.g. the case where a 
+        new thread is created for each SSL object, then mutexing is required. 
+
+        Select y when a mutex on the SSLCTX object is required.
+
 config CONFIG_USE_DEV_URANDOM
     bool "Use /dev/urandom"
     default y
diff --git a/ssl/Makefile b/ssl/Makefile
index 7137fb7e0c..69392b5916 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -39,7 +39,7 @@ endif
 
 # shared library major/minor numbers
 LIBMAJOR=$(BASETARGET).1
-LIBMINOR=$(BASETARGET).1.0
+LIBMINOR=$(BASETARGET).1.1
 else
 TARGET1=axtls.lib
 TARGET2=../$(STAGE)/axtls.dll
@@ -49,7 +49,7 @@ endif
 libs: $(TARGET1) $(TARGET2)
 
 OBJ=\
-  aes.o \
+	aes.o \
 	asn1.o \
 	bigint.o \
 	crypto_misc.o \
diff --git a/ssl/aes.c b/ssl/aes.c
index 9154a5153f..20922a46c6 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -400,7 +400,6 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
                 a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
                 a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
                 a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
-
             }
 
             tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
diff --git a/ssl/bigint.c b/ssl/bigint.c
index e0427a6e53..56c94e37bd 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -781,7 +781,9 @@ void bi_free_mod(BI_CTX *ctx, int mod_offset)
  */
 static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 {
-    int i, j, i_plus_j, n = bia->size, t = bib->size;
+    int i, j, i_plus_j;
+    int n = bia->size; 
+    int t = bib->size;
     bigint *biR = alloc(ctx, n + t);
     comp *sr = biR->comps;
     comp *sa = bia->comps;
@@ -1397,9 +1399,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
 
 #ifdef CONFIG_BIGINT_SLIDING_WINDOW
     for (j = i; j > 32; j /= 5) /* work out an optimum size */
-    {
         window_size++;
-    }
 
     /* work out the slide constants */
     precompute_slide_window(ctx, window_size, bi);
@@ -1420,15 +1420,11 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
             int part_exp = 0;
 
             if (l < 0)  /* LSB of exponent will always be 1 */
-            {
                 l = 0;
-            }
             else
             {
                 while (exp_bit_is_one(biexp, l) == 0)
-                {
                     l++;    /* go back up */
-                }
             }
 
             /* build up the section of the exponent */
diff --git a/ssl/bigint.h b/ssl/bigint.h
index e233d79804..5a13c5ae42 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -74,14 +74,14 @@ bigint *bi_str_import(BI_CTX *ctx, const char *data);
  * appropriate reduction technique (which is bi_mod() when doing classical
  * reduction).
  */
-#if defined(CONFIG_BIGINT_CLASSICAL)
-#define bi_residue(A, B)         bi_mod(A, B)
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
 #elif defined(CONFIG_BIGINT_BARRETT)
 #define bi_residue(A, B)         bi_barrett(A, B)
 bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
-#else   /* CONFIG_BIGINT_MONTGOMERY */
-#define bi_residue(A, B)         bi_mont(A, B)
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
+#define bi_residue(A, B)         bi_mod(A, B)
 #endif
 
 #ifdef CONFIG_BIGINT_SQUARE
diff --git a/ssl/crypto.h b/ssl/crypto.h
index f6277adcce..ab43972a5e 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -143,7 +143,6 @@ typedef struct
     bigint *qInv;           /* q^-1 mod p */
 #endif
     int num_octets;
-    bigint *sig_m;         /* signature modulus */
     BI_CTX *bi_ctx;
 } RSA_CTX;
 
@@ -163,15 +162,14 @@ void RSA_pub_key_new(RSA_CTX **rsa_ctx,
         const uint8_t *modulus, int mod_len,
         const uint8_t *pub_exp, int pub_len);
 void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
         int is_decryption);
-bigint *RSA_private(RSA_CTX *c, bigint *bi_msg);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
-bigint *RSA_raw_sign_verify(RSA_CTX *c, bigint *bi_msg);
 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(RSA_CTX *c, bigint *bi_msg);
-int RSA_encrypt(RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
         uint8_t *out_data, int is_signing);
 void RSA_print(const RSA_CTX *ctx);
 #endif
@@ -267,17 +265,6 @@ typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
 
-typedef struct
-{
-    uint8_t *pre_data;	/* include the ssl record bytes */
-    uint8_t *data;	/* the regular ssl data */
-    int max_len;
-    int index;
-} BUF_MEM;
-
-BUF_MEM buf_new(void);
-void buf_grow(BUF_MEM *bm, int len);
-void buf_free(BUF_MEM *bm);
 int get_file(const char *filename, uint8_t **buf);
 
 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index a818c5f4b1..030ed650c7 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -29,8 +29,6 @@
 #include "wincrypt.h"
 #endif
 
-#define BM_RECORD_OFFSET 	5	/* same as SSL_RECORD_SIZE */
-
 #ifndef WIN32
 static int rng_fd = -1;
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
@@ -44,45 +42,6 @@ static uint64_t rng_num;
 static int rng_ref_count;
 const char * const unsupported_str = "Error: feature not supported\n";
 
-/**
- * Allocate a new memory buffer 
- */
-BUF_MEM buf_new()
-{
-    BUF_MEM bm;
-    bm.pre_data = (uint8_t *)calloc(1, 2048); /* start with this */
-    bm.data = bm.pre_data+BM_RECORD_OFFSET; /* some space at the start */
-    bm.max_len = 2048-BM_RECORD_OFFSET;
-    bm.index = 0;
-    return bm;
-}
-
-/**
- * Grow a buffer if necessary
- */
-void buf_grow(BUF_MEM *bm, int len)
-{
-    if (len <= bm->max_len)
-    {
-        return;
-    }
-
-    /* add 1kB just to be sure */
-    bm->pre_data = (uint8_t *)realloc(bm->pre_data, len+1024+BM_RECORD_OFFSET); 
-    bm->data = bm->pre_data+BM_RECORD_OFFSET;
-    bm->max_len = len + 1024;
-}
-
-/**
- * Free a buffer
- */
-void buf_free(BUF_MEM *bm)
-{
-    free(bm->pre_data);
-    bm->pre_data = NULL;
-    bm->data = NULL;
-}
-
 #ifndef CONFIG_SSL_SKELETON_MODE
 /** 
  * Retrieve a file and put it into memory
diff --git a/ssl/loader.c b/ssl/loader.c
index c8b74f3b2f..1bc966515a 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -76,9 +76,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type,
 #endif
     }
     else
-    {
         ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
-    }
 
 error:
     ssl_obj_free(ssl_obj);
@@ -149,15 +147,18 @@ static int do_obj(SSLCTX *ssl_ctx, int obj_type,
 }
 
 /*
- * Release things.
+ * Clean up our mess.
  */
 void ssl_obj_free(SSLObjLoader *ssl_obj)
 {
-    free(ssl_obj->buf);
-    free(ssl_obj);
+    if (ssl_obj)
+    {
+        free(ssl_obj->buf);
+        free(ssl_obj);
+    }
 }
 
-/**
+/*
  * Support for PEM encoded keys/certificates.
  */
 #ifdef CONFIG_SSL_HAS_PEM
@@ -214,7 +215,7 @@ static int base64_decode(const uint8_t *in,  int len,
     g = 3;
     for (x = y = z = t = 0; x < len; x++) 
     {
-        if ((c = map[in[x]&0x7F]) == 0xff)
+        if ((c = map[in[x] & 0x7F]) == 0xff)
             continue;
 
         if (c == 254)   /* this is the end... */
@@ -234,14 +235,10 @@ static int base64_decode(const uint8_t *in,  int len,
             out[z++] = (uint8_t)((t>>16)&255);
 
             if (g > 1) 
-            {
                 out[z++] = (uint8_t)((t>>8)&255);
-            }
 
             if (g > 2) 
-            {
                 out[z++] = (uint8_t)(t&255);
-            }
 
             y = t = 0;
         }
@@ -256,9 +253,7 @@ static int base64_decode(const uint8_t *in,  int len,
 error:
 #ifdef CONFIG_SSL_FULL_MODE
     if (ret < 0)
-    {
         printf("Error: Invalid base64 file\n");
-    }
 #endif
     return ret;
 }
@@ -312,7 +307,7 @@ static int pem_decrypt(const uint8_t *where, const uint8_t *end,
         uint8_t c = *start++ - '0';
         iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
         c = *start++ - '0';
-        iv[i] +=(c > 9 ? c + '0' - 'A' + 10 : c);
+        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
     }
 
     while (*start == '\r' || *start == '\n')
@@ -402,10 +397,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
 
             /* In a format we can now understand - so process it */
             if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
-            {
-                ssl_obj_free(ssl_obj);
                 goto error;
-            }
 
             end += strlen(ends[i]);
             remain -= strlen(ends[i]);
@@ -415,7 +407,6 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
                 remain--;
             }
 
-            ssl_obj_free(ssl_obj);
             break;
         }
     }
@@ -428,6 +419,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
         ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
 
 error:
+    ssl_obj_free(ssl_obj);
     return ret;
 }
 
diff --git a/ssl/md5.c b/ssl/md5.c
index b069011b77..704ba05f88 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -47,7 +47,7 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
 static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
 static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
 
-static uint8_t PADDING[64] = 
+static const uint8_t PADDING[64] = 
 {
     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -114,8 +114,7 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
 
     /* Update number of bits */
-    if ((ctx->count[0] += ((uint32_t)len << 3))
-            < ((uint32_t)len << 3))
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
         ctx->count[1]++;
     ctx->count[1] += ((uint32_t)len >> 29);
 
diff --git a/ssl/p12.c b/ssl/p12.c
index f88594f194..fe0b82c71c 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -389,6 +389,7 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     /* get the salt */
     if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
         goto error;
+
     salt = &buf[offset];
 
     /* work out what the mac should be */
diff --git a/ssl/rc4.c b/ssl/rc4.c
index 471e15ffc0..7250a669b7 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -36,9 +36,7 @@ void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
     m = ctx->m;
 
     for (i = 0; i < 256; i++)
-    {
         m[i] = i;
-    }
 
     for (i = 0; i < 256; i++)
     {
@@ -48,9 +46,7 @@ void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
         m[j] = a;
 
         if (++k >= length) 
-        {
             k = 0;
-        }
     }
 }
 
diff --git a/ssl/rsa.c b/ssl/rsa.c
index 60b36891f2..ec856dfb68 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -28,7 +28,7 @@
 #include "crypto.h"
 
 #ifdef CONFIG_BIGINT_CRT
-static bigint *bi_crt(RSA_CTX *rsa, bigint *bi);
+static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
 #endif
 
 void RSA_priv_key_new(RSA_CTX **ctx, 
@@ -126,8 +126,8 @@ void RSA_free(RSA_CTX *rsa_ctx)
  * @return  The number of bytes that were originally encrypted. -1 on error.
  * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
  */
-int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int is_decryption)
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
+                            uint8_t *out_data, int is_decryption)
 {
     int byte_size = ctx->num_octets;
     uint8_t *block;
@@ -155,10 +155,9 @@ int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
     if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
     {
         while (block[i++] == 0xff && i < byte_size);
+
         if (block[i-2] != 0xff)
-        {
             i = byte_size;     /*ensure size is 0 */   
-        }
     }
     else                    /* PKCS1.5 encryption padding is random */
 #endif
@@ -169,9 +168,7 @@ int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
 
     /* get only the bit we want */
     if (size > 0)
-    {
         memcpy(out_data, &block[i], size);
-    }
     
     free(block);
     return size ? size : -1;
@@ -180,7 +177,7 @@ int RSA_decrypt(RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
 /**
  * Performs m = c^d mod n
  */
-bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
 {
 #ifdef CONFIG_BIGINT_CRT
     return bi_crt(c, bi_msg);
@@ -197,7 +194,7 @@ bigint *RSA_private(RSA_CTX *c, bigint *bi_msg)
  * This should really be in bigint.c (and was at one stage), but needs 
  * access to the RSA_CTX context...
  */
-static bigint *bi_crt(RSA_CTX *rsa, bigint *bi)
+static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
 {
     BI_CTX *ctx = rsa->bi_ctx;
     bigint *m1, *m2, *h;
@@ -245,7 +242,7 @@ void RSA_print(const RSA_CTX *rsa_ctx)
 /**
  * Performs c = m^e mod n
  */
-bigint *RSA_public(RSA_CTX *c, bigint *bi_msg)
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
 {
     c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
     return bi_mod_power(c->bi_ctx, bi_msg, c->e);
@@ -255,7 +252,7 @@ bigint *RSA_public(RSA_CTX *c, bigint *bi_msg)
  * Use PKCS1.5 for encryption/signing.
  * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
  */
-int RSA_encrypt(RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
         uint8_t *out_data, int is_signing)
 {
     int byte_size = ctx->num_octets;
diff --git a/ssl/sha1.c b/ssl/sha1.c
index 9a42801f25..3feb6d54c3 100644
--- a/ssl/sha1.c
+++ b/ssl/sha1.c
@@ -57,17 +57,13 @@ void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
     while (len--)
     {
         ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
-
         ctx->Length_Low += 8;
+
         if (ctx->Length_Low == 0)
-        {
             ctx->Length_High++;
-        }
 
         if (ctx->Message_Block_Index == 64)
-        {
             SHA1ProcessMessageBlock(ctx);
-        }
 
         msg++;
     }
diff --git a/ssl/ssl.h b/ssl/ssl.h
index d8ff953b15..9621ec5787 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -150,14 +150,17 @@ extern "C" {
  * @brief Establish a new client/server context.
  *
  * This function is called before any client/server SSL connections are made. 
- * If multiple threads are used, then each thread will have its own SSLCTX
- * context. Any number of connections may be made with a single 
- * context. 
  *
  * Each new connection will use the this context's private key and 
  * certificate chain. If a different certificate chain is required, then a 
  * different context needs to be be used.
  *
+ * There are two threading models supported - a single thread with one
+ * SSLCTX can support any number of SSL connections - and multiple threads can 
+ * support one SSLCTX object each (the default). But if a single SSLCTX 
+ * object uses many SSL objects in individual threads, then the 
+ * CONFIG_SSLCTX_MUTEXING option needs to be configured.
+ *
  * @param options [in]  Any particular options. At present the options
  * supported are:
  * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
@@ -233,6 +236,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl);
 
 /**
  * @brief Read the SSL data stream.
+ * The socket must be in blocking mode.
  * @param ssl [in] An SSL object reference.
  * @param in_data [out] If the read was successful, a pointer to the read
  * buffer will be here. Do NOT ever free this memory as this buffer is used in
@@ -248,7 +252,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl);
 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
 
 /**
- * @brief Write to the SSL data stream.
+ * @brief Write to the SSL data stream. 
+ * The socket must be in blocking mode.
  * @param ssl [in] An SSL obect reference.
  * @param out_data [in] The data to be written
  * @param out_len [in] The number of bytes to be written.
@@ -407,6 +412,12 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *fil
  */
 EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
 
+/**
+ * @brief Return the axTLS library version as a string.
+ * @note New API function for v1.1
+ */
+EXP_FUNC const char * STDCALL ssl_version(void);
+
 /** @} */
 
 #ifdef __cplusplus
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 7bbb58e0f6..557118ba4e 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1445,179 +1445,269 @@ int SSL_client_tests(void)
     return ret;
 }
 
-#if 0
 /**************************************************************************
- * Multi-Threading Tests
+ * SSL Basic Testing (test a big packet handshake)
  *
  **************************************************************************/
-#define NUM_THREADS         1
-#define NUM_THREADS_STR     "1"
+static uint8_t basic_buf[256*1024];
+
+static void do_basic(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSLCTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL);
+
+    /* check the return status */
+    if (ssl_handshake_status(ssl_clnt))
+    {
+        printf("Client ");
+        ssl_display_error(ssl_handshake_status(ssl_clnt));
+        goto error;
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    close(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_basic_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSLCTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    int clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
 
-static SSL *my_ssls[NUM_THREADS*3];      /* enough for all client fds */
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_basic, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            printf("Server ");
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL basic test passed\n" :
+                            "SSL basic test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    close(server_fd);
+    close(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         200
 
 typedef struct
 {
-    SSLCTX *ssl_ctx;
+    SSLCTX *ssl_clnt_ctx;
     int port;
     int thread_id;
 } multi_t;
 
-int do_connect(multi_t *multi_data)
+void do_multi_clnt(multi_t *multi_data)
 {
     int res = 1, client_fd, i;
     SSL *ssl = NULL;
     char tmp[5];
 
-    /* make sure other threads work before this one */
-    if (multi_data->thread_id == NUM_THREADS)
-    {
-        sleep(2);      /* sets the maximum time this test will run */
-    }
-
     if ((client_fd = client_socket_init(multi_data->port)) < 0)
         goto client_test_exit;
-    sleep(0);
 
-    ssl = ssl_client_new(multi_data->ssl_ctx, client_fd, NULL);
+    sleep(1);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL);
 
     if ((res = ssl_handshake_status(ssl)))
+    {
+        printf("Client ");
+        ssl_display_error(res);
         goto client_test_exit;
+    }
 
     sprintf(tmp, "%d\n", multi_data->thread_id);
-    for (i = 0; i < 100; i++)
-    {
+    for (i = 0; i < 10; i++)
         ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
-    }
 
-    res = 0;
 client_test_exit:
     ssl_free(ssl);
     close(client_fd);
     free(multi_data);
-    return 0;
+}
+
+void do_multi_svr(SSL *ssl)
+{
+    uint8_t *read_buf;
+    int *res_ptr = malloc(sizeof(int));
+    int res;
+
+    for (;;)
+    {
+        res = ssl_read(ssl, &read_buf);
+
+        /* kill the client */
+        if (res != SSL_OK)
+        {
+            if (res == SSL_ERROR_CONN_LOST)
+            {
+                close(ssl->client_fd);
+                ssl_free(ssl);
+                break;
+            }
+            else if (res > 0)
+            {
+                /* do nothing */
+            }
+            else /* some problem */
+            {
+                printf("Server ");
+                ssl_display_error(res);
+                goto error;
+            }
+        }
+    }
+
+    res = SSL_OK;
+error:
+    *res_ptr = res;
+    pthread_exit(res_ptr);
 }
 
 int multi_thread_test(void)
 {
     int server_fd;
-    SSLCTX *ssl_server_ctx = NULL;
-    uint8_t buf[1024];
-    pthread_t threads[NUM_THREADS];
-    int i, res = 1;
+    SSLCTX *ssl_server_ctx;
+    SSLCTX *ssl_clnt_ctx;
+    pthread_t clnt_threads[NUM_THREADS];
+    pthread_t svr_threads[NUM_THREADS];
+    int i, res = 0;
     struct sockaddr_in client_addr;
     int clnt_len = sizeof(client_addr);
-    fd_set read_set;
-    int max_fd;
-    int death_total = 0;
-    SSLCTX *ssl_client_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, 
-            SSL_DEFAULT_CLNT_SESS, NULL);
 
     printf("Do multi-threading test (takes a minute)\n");
 
-    FD_ZERO(&read_set);
+    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
 
-    if ((server_fd = server_socket_init(&g_port)) < 0)
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
         goto error;
 
-    FD_SET(server_fd, &read_set);
-    max_fd = server_fd;
-
-    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION|SSL_SERVER_VERIFY_LATER, 
-                                    SSL_DEFAULT_SVR_SESS, NULL);
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
 
     for (i = 0; i < NUM_THREADS; i++)
     {
         multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
-        multi_data->ssl_ctx = ssl_server_ctx;
+        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
         multi_data->port = g_port;
         multi_data->thread_id = i+1;
-        if (pthread_create(&threads[i], NULL, 
-                (void *(*)(void *))do_connect, (void *)multi_data) < 0)
-            goto error;
+        pthread_create(&clnt_threads[i], NULL, 
+                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
+        pthread_detach(clnt_threads[i]);
     }
 
-    sleep(1);
-
-    for (;;)
+    for (i = 0; i < NUM_THREADS; i++)
     {
-        fd_set rdfs = read_set;
-        int n;
+        SSL *ssl_svr;
+        int client_fd = accept(server_fd, 
+                      (struct sockaddr *)&client_addr, &clnt_len);
 
-        if ((n = select(max_fd+1, &rdfs, NULL, NULL, 0)) > 0)
-        {
-            while (n)
-            {
-                /* check for server */
-                if (FD_ISSET(server_fd, &rdfs))
-                {
-                    int client_fd = accept(server_fd, 
-                                  (struct sockaddr *)&client_addr, &clnt_len);
-
-                    if (client_fd < 0)
-                        goto error;
-
-                    if (client_fd > max_fd)     /* set max fd */
-                    {
-                        max_fd = client_fd;
-                    }
-
-                    my_ssls[client_fd] = ssl_server_new(
-                                    ssl_server_ctx, client_fd);
-                    FD_SET(client_fd, &read_set);
-
-                    if (--n == 0)
-                        continue;
-                }
-
-                i = server_fd;
-
-                while (++i <= max_fd && n)
-                {
-                    if (FD_ISSET(i, &rdfs))
-                    {
-                        SSL *ssl;
-                        ssl = my_ssls[i];
-                        res = ssl_read(ssl, &read_buf);
-                        n--;
-
-                        /* kill the client */
-                        if (res != SSL_OK)
-                        {
-                            if (res == SSL_ERROR_CONN_LOST)
-                            {
-                                ssl_free(ssl);
-                                my_ssls[i] = NULL;
-                                close(i);
-                                FD_CLR(i, &read_set);
-                                death_total++;
-                            }
-                            else if (res > 0)
-                            {
-                                if (strcmp(NUM_THREADS_STR "\n", 
-                                            (const char *)buf) == 0)
-                                {
-                                    sleep(1);   /* allow rest of data */
-                                    goto all_ok;
-                                }
-                            }
-                            else /* some problem */
-                            {
-                                printf("Got some problem %d\n", res);
-                                goto error;
-                            }
-                        } /* if */
-                    } /* if */
-                } /* for */
-            }
-        }
+        if (client_fd < 0)
+            goto error;
+
+        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
+
+        pthread_create(&svr_threads[i], NULL, 
+                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
     }
 
-all_ok:
-    printf("Multi-thread test passed (%d)\n", death_total);
-    res = 0;
+    /* make sure we've run all of the threads */
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        void *thread_res;
+        pthread_join(svr_threads[i], &thread_res);
+        if (*((int *)thread_res) != 0)
+            res = 1;
+        free(thread_res);
+    }
+
+    if (res) 
+        goto error;
+
+    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
 error:
     ssl_ctx_free(ssl_server_ctx);
-    ssl_ctx_free(ssl_client_ctx);
+    ssl_ctx_free(ssl_clnt_ctx);
     close(server_fd);
     return res;
 }
@@ -1705,6 +1795,14 @@ int main(int argc, char *argv[])
     }
     TTY_FLUSH();
 
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+    if (multi_thread_test())
+        goto cleanup;
+#endif
+
+    if (SSL_basic_test())
+        goto cleanup;
+
     system("sh ../ssl/test/killopenssl.sh");
 
     if (SSL_client_tests())
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 3b48147f0c..e2e9c41ef9 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -165,6 +165,8 @@ EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
     ssl_ctx->num_sessions = num_sessions;
 #endif
 
+    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
+
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
     if (~options & SSL_NO_DEFAULT_KEY)
     {
@@ -201,7 +203,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
     if (ssl_ctx == NULL)
         return;
 
-    ssl = ssl_ctx->sess_head;
+    ssl = ssl_ctx->head;
 
     /* clear out all the ssl entries */
     while (ssl)
@@ -214,9 +216,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
 #ifndef CONFIG_SSL_SKELETON_MODE
     /* clear out all the sessions */
     for (i = 0; i < ssl_ctx->num_sessions; i++)
-    {
         session_free(ssl_ctx->ssl_sessions, i);
-    }
 
     free(ssl_ctx->ssl_sessions);
 #endif
@@ -232,6 +232,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
     remove_ca_certs(ssl_ctx->ca_cert_ctx);
 #endif
     ssl_ctx->chain_length = 0;
+    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
     RSA_free(ssl_ctx->rsa_ctx);
     RNG_terminate();
     free(ssl_ctx);
@@ -252,24 +253,20 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
 
     ssl_ctx = ssl->ssl_ctx;
 
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
     /* adjust the server SSL list */
     if (ssl->prev)
-    {
         ssl->prev->next = ssl->next;
-    }
     else
-    {
-        ssl_ctx->sess_head = ssl->next;
-    }
+        ssl_ctx->head = ssl->next;
 
     if (ssl->next)
-    {
         ssl->next->prev = ssl->prev;
-    }
     else
-    {
-        ssl_ctx->sess_tail = ssl->prev;
-    }
+        ssl_ctx->tail = ssl->prev;
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
 
     /* may already be free - but be sure */
     free(ssl->all_pkts);
@@ -278,7 +275,6 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     free(ssl->encrypt_ctx);
     free(ssl->decrypt_ctx);
     free(ssl->master_secret);
-    buf_free(&ssl->bm_buf);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     x509_free(ssl->x509_ctx);
 #endif
@@ -315,15 +311,28 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
 
-    int ret = send_packet(ssl, PT_APP_PROTOCOL_DATA, out_data, out_len);
+    int n = out_len, nw, i, tot = 0;
 
-    /* make sure there is no problem with overflow due to padding etc */
-    if (ret > out_len)
+    /* maximum size of a TLS packet is around 16kB, so fragment */
+    do 
     {
-        ret = out_len;
-    }
+        nw = n;
 
-    return ret;
+        if (nw > RT_MAX_PLAIN_LENGTH)    /* fragment if necessary */
+            nw = RT_MAX_PLAIN_LENGTH;
+
+        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
+                                            &out_data[tot], nw)) <= 0)
+        {
+            out_len = i;    /* an error */
+            break;
+        }
+
+        tot += i;
+        n -= i;
+    } while (n > 0);
+
+    return out_len;
 }
 
 /**
@@ -411,9 +420,7 @@ int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
 
     /* recurse? */
     if (len > 0)
-    {
         ret = add_cert_auth(ssl_ctx, &buf[offset], len);
-    }
 
 error:
     return ret;
@@ -459,17 +466,24 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
  */
 EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd)
 {
-    SSL *ssl = ssl_ctx->sess_head;
+    SSL *ssl;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+    ssl = ssl_ctx->head;
 
     /* search through all the ssl entries */
     while (ssl)
     {
         if (ssl->client_fd == client_fd)
+        {
+            SSL_CTX_UNLOCK(ssl_ctx->mutex);
             return ssl;
+        }
 
         ssl = ssl->next;
     }
 
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
     return NULL;
 }
 
@@ -526,31 +540,33 @@ SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
     SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
     ssl->ssl_ctx = ssl_ctx;
     ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
-    ssl->bm_buf = buf_new();
     ssl->client_fd = client_fd;
     ssl->flag = SSL_NEED_RECORD;
     ssl->certs = ssl_ctx->certs;
     ssl->chain_length = ssl_ctx->chain_length;
+    ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
+    SSL_CTX_LOCK(ssl_ctx->mutex);
 
-    /* build up a linked list, so we can remove it all later */
-    if (ssl_ctx->sess_head == NULL)
+    if (ssl_ctx->head == NULL)
     {
-        ssl_ctx->sess_head = ssl;
-        ssl_ctx->sess_tail = ssl;
+        ssl_ctx->head = ssl;
+        ssl_ctx->tail = ssl;
     }
     else
     {
-        ssl->prev = ssl_ctx->sess_tail;
-        ssl_ctx->sess_tail->next = ssl;
-        ssl_ctx->sess_tail = ssl;
+        ssl->prev = ssl_ctx->tail;
+        ssl_ctx->tail->next = ssl;
+        ssl_ctx->tail = ssl;
     }
 
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+
     return ssl;
 }
 
@@ -905,32 +921,30 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
  */
 static int send_raw_packet(SSL *ssl, uint8_t protocol)
 {
-    uint8_t *rec_buf = ssl->bm_buf.pre_data;
-    int pkt_size = SSL_RECORD_SIZE+ssl->bm_buf.index;
+    uint8_t *rec_buf = ssl->bm_all_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
     int ret;
 
     rec_buf[0] = protocol;
     rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
     rec_buf[2] = 0x01;
-    rec_buf[3] = ssl->bm_buf.index >> 8;
-    rec_buf[4] = ssl->bm_buf.index & 0xff;
+    rec_buf[3] = ssl->bm_index >> 8;
+    rec_buf[4] = ssl->bm_index & 0xff;
 
-    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_buf.pre_data, 
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
                             pkt_size, pkt_size);
 
-    ret = SOCKET_WRITE(ssl->client_fd, ssl->bm_buf.pre_data, pkt_size);
+    if ((ret = SOCKET_WRITE(ssl->client_fd, 
+                    ssl->bm_all_data, pkt_size)) < 0)
+        ret = SSL_ERROR_CONN_LOST;
 
     SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
-    ssl->bm_buf.index = 0;
+    ssl->bm_index = 0;
 
-    if (ret < 0)
-    {
-        ret = SSL_ERROR_CONN_LOST;
-    }
-    else if (protocol != PT_APP_PROTOCOL_DATA)  
+    if (protocol != PT_APP_PROTOCOL_DATA)  
     {
         /* always return SSL_OK during handshake */   
-        return ret = SSL_OK;
+        ret = SSL_OK;
     }
 
     return ret;
@@ -942,18 +956,16 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 {
     int msg_length = length;
-    ssl->bm_buf.index = msg_length;
-    buf_grow(&ssl->bm_buf, msg_length+32);
+    int ret, pad_bytes = 0;
+    ssl->bm_index = msg_length;
 
     /* if our state is bad, don't bother */
     if (ssl->hs_status == SSL_ERROR_DEAD)
-    {
         return SSL_ERROR_CONN_LOST;
-    }
 
     if (in) /* has the buffer already been initialised? */
     {
-        memcpy(ssl->bm_buf.data, in, length);
+        memcpy(ssl->bm_data, in, length);
     }
 
     if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
@@ -966,55 +978,56 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 
         if (protocol == PT_HANDSHAKE_PROTOCOL)
         {
-            DISPLAY_STATE(ssl, 1, ssl->bm_buf.data[0], 0);
+            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
 
-            if (ssl->bm_buf.data[0] != HS_HELLO_REQUEST)
+            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
             {
-                add_packet(ssl, ssl->bm_buf.data, ssl->bm_buf.index);
+                add_packet(ssl, ssl->bm_data, ssl->bm_index);
             }
         }
 
         /* add the packet digest */
         msg_length += ssl->cipher_info->digest_size;
-        ssl->bm_buf.index = msg_length;
-        add_hmac_digest(ssl, mode, ssl->bm_buf.data, length, 
-                                                &ssl->bm_buf.data[length]);
+        ssl->bm_index = msg_length;
+        add_hmac_digest(ssl, mode, ssl->bm_data, length, 
+                                                &ssl->bm_data[length]);
 
         /* add padding? */
         if (ssl->cipher_info->padding_size)
         {
             int last_blk_size = msg_length%ssl->cipher_info->padding_size;
-            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+            pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
 
             /* ensure we always have at least 1 padding byte */
             if (pad_bytes == 0)
-            {
                 pad_bytes += ssl->cipher_info->padding_size;
-            }
 
-            memset(&ssl->bm_buf.data[msg_length], pad_bytes-1, pad_bytes);
+            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
             msg_length += pad_bytes;
-            ssl->bm_buf.index = msg_length;
+            ssl->bm_index = msg_length;
         }
 
-        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_buf.data, msg_length);
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
         increment_write_sequence(ssl);
 
         /* now encrypt the packet */
-        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_buf.data, 
-                                            ssl->bm_buf.data, msg_length);
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
+                                            ssl->bm_data, msg_length);
     }
     else if (protocol == PT_HANDSHAKE_PROTOCOL)
     {
-        DISPLAY_STATE(ssl, 1, ssl->bm_buf.data[0], 0);
+        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
 
-        if (ssl->bm_buf.data[0] != HS_HELLO_REQUEST)
+        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
         {
-            add_packet(ssl, ssl->bm_buf.data, ssl->bm_buf.index);
+            add_packet(ssl, ssl->bm_data, ssl->bm_index);
         }
     }
 
-    return send_raw_packet(ssl, protocol);
+    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
+        return ret;
+
+    return length;  /* just return what we wanted to send */
 }
 
 /**
@@ -1125,9 +1138,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     uint8_t *buf;
 
-    buf_grow(&ssl->bm_buf, ssl->need_bytes);
-    buf = ssl->bm_buf.data;
-    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_buf.index], 
+    buf = ssl->bm_data;
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
     /* connection has gone, so die */
@@ -1139,17 +1151,16 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     }
 
     DISPLAY_BYTES(ssl, "received %d bytes", 
-            &ssl->bm_buf.data[ssl->bm_buf.index], read_len, read_len);
+            &ssl->bm_data[ssl->bm_index], read_len, read_len);
 
     ssl->got_bytes += read_len;
-    ssl->bm_buf.index += read_len;
+    ssl->bm_index += read_len;
 
     /* haven't quite got what we want, so try again later */
     if (ssl->got_bytes < ssl->need_bytes)
-    {
         return SSL_OK;
-    }
 
+    read_len = ssl->got_bytes;
     ssl->got_bytes = 0;
 
     if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
@@ -1162,14 +1173,21 @@ int basic_read(SSL *ssl, uint8_t **in_data)
             add_packet(ssl, &buf[2], 3);
             ret = process_sslv23_client_hello(ssl); 
 #else
-            printf("Error: no SSLv23 handshaking allowed\n");
-            TTY_FLUSH();
+            printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
             ret = SSL_ERROR_NOT_SUPPORTED;
 #endif
             goto error; /* not an error - just get out of here */
         }
 
         ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            ret = SSL_ERROR_INVALID_PROT_MSG;              
+            goto error;
+        }
+
         CLR_SSL_FLAG(SSL_NEED_RECORD);
         memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
         is_record = 1;
@@ -1182,9 +1200,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     }
 
     if (is_record)
-    {
         ssl->record_type = buf[0];
-    }
     else if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
@@ -1224,8 +1240,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                 break;
 
             case PT_APP_PROTOCOL_DATA:
-                *in_data = ssl->bm_buf.data;  /* point to the work buffer */
-                (*in_data)[read_len] = 0;     /* null terminate just in case */
+                *in_data = ssl->bm_data;    /* point to the work buffer */
+                (*in_data)[read_len] = 0;   /* null terminate just in case */
                 ret = read_len;
                 break;
 
@@ -1242,12 +1258,10 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     }
 
 error:
-    ssl->bm_buf.index = 0;        /* reset to go again */
+    ssl->bm_index = 0;          /* reset to go again */
 
     if (ret < SSL_OK && in_data)  /* if all wrong, then clear this buffer ptr */
-    {
         *in_data = NULL;
-    }
 
     return ret;
 }
@@ -1277,13 +1291,11 @@ static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
     }
 
     hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
-    ssl->bm_buf.index = hs_len; /* store the size and check later */
+    ssl->bm_index = hs_len;     /* store the size and check later */
     DISPLAY_STATE(ssl, 0, handshake_type, 0);
 
     if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
-    {
         add_packet(ssl, buf, hs_len); 
-    }
 
 #if defined(CONFIG_SSL_ENABLE_CLIENT)
     ret = is_client ? 
@@ -1295,9 +1307,7 @@ static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
 
     /* just use recursion to get the rest */
     if (hs_len < read_len && ret == SSL_OK)
-    {
         ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
-    }
 
 error:
     return ret;
@@ -1322,7 +1332,7 @@ int send_change_cipher_spec(SSL *ssl)
  */
 int send_finished(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
 
     buf[0] = HS_FINISHED;
     buf[1] = 0;
@@ -1365,9 +1375,7 @@ int send_alert(SSL *ssl, int error_code)
 
 #ifdef CONFIG_SSL_FULL_MODE
     if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-    {
         ssl_display_error(error_code);
-    }
 #endif
 
     switch (error_code)
@@ -1424,25 +1432,21 @@ int send_alert(SSL *ssl, int error_code)
  */
 int process_finished(SSL *ssl, int hs_len)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     int ret = SSL_OK;
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
 
-    PARANOIA_CHECK(ssl->bm_buf.index, SSL_FINISHED_HASH_SIZE+4);
+    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
 
     /* check that we all work before we continue */
     if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
-    {
         return SSL_ERROR_FINISHED_INVALID;
-    }
 
     if ((!is_client && !resume) || (is_client && resume))
     {
         if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
-        {
             ret = send_finished(ssl);
-        }
     }
 
     /* Don't need this stuff anymore */
@@ -1470,7 +1474,7 @@ int process_finished(SSL *ssl, int hs_len)
 int send_certificate(SSL *ssl)
 {
     int i = 0;
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     int offset = 7;
     int chain_length;
 
@@ -1485,7 +1489,6 @@ int send_certificate(SSL *ssl)
         buf[offset++] = 0;        
         buf[offset++] = cert->size >> 8;        /* cert 1 length */
         buf[offset++] = cert->size & 0xff;
-        buf_grow(&ssl->bm_buf, offset + cert->size);
         memcpy(&buf[offset], cert->buf, cert->size);
         offset += cert->size;
         i++;
@@ -1497,7 +1500,7 @@ int send_certificate(SSL *ssl)
     chain_length += 3;
     buf[2] = chain_length >> 8;        /* handshake length */
     buf[3] = chain_length & 0xff;
-    ssl->bm_buf.index = offset;
+    ssl->bm_index = offset;
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }
 
@@ -1516,10 +1519,9 @@ SSL_SESS *ssl_session_update(int max_sessions,
 
     /* no sessions? Then bail */
     if (max_sessions == 0)
-    {
         return NULL;
-    }
 
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
     if (session_id)
     {
         for (i = 0; i < max_sessions; i++)
@@ -1543,6 +1545,7 @@ SSL_SESS *ssl_session_update(int max_sessions,
                     memcpy(ssl->master_secret, 
                             ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
                     SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
                     return ssl_sessions[i];  /* a session was found */
                 }
             }
@@ -1558,6 +1561,7 @@ SSL_SESS *ssl_session_update(int max_sessions,
             ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
             ssl_sessions[i]->conn_time = tm;
             ssl->session_index = i;
+            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
             return ssl_sessions[i]; /* return the session object */
         }
         else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
@@ -1573,6 +1577,7 @@ SSL_SESS *ssl_session_update(int max_sessions,
     oldest_sess->conn_time = tm;
     memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
     memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }
 
@@ -1593,11 +1598,15 @@ static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
  */
 void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
 {
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+
     if (ssl->ssl_ctx->num_sessions)
     {
         session_free(ssl_sessions, ssl->session_index);
         ssl->session = NULL;
     }
+
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 }
 #endif /* CONFIG_SSL_SKELETON_MODE */
 
@@ -1684,10 +1693,10 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
 int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 {
     int ret = SSL_OK;
-    int pkt_size = ssl->bm_buf.index;
+    int pkt_size = ssl->bm_index;
     int cert_size, offset = 5;
-    int total_cert_size = (ssl->bm_buf.data[offset]<<8) + 
-                ssl->bm_buf.data[offset+1];
+    int total_cert_size = (ssl->bm_data[offset]<<8) + 
+                ssl->bm_data[offset+1];
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     X509_CTX **chain = x509_ctx;
     offset += 2;
@@ -1697,10 +1706,10 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     while (offset < total_cert_size)
     {
         offset++;       /* skip empty char */
-        cert_size = (ssl->bm_buf.data[offset]<<8) + ssl->bm_buf.data[offset+1];
+        cert_size = (ssl->bm_data[offset]<<8) + ssl->bm_data[offset+1];
         offset += 2;
         
-        if (x509_new(&ssl->bm_buf.data[offset], NULL, chain))
+        if (x509_new(&ssl->bm_data[offset], NULL, chain))
         {
             ret = SSL_ERROR_BAD_CERTIFICATE;
             goto error;
@@ -1983,6 +1992,15 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
 
 #endif /* CONFIG_SSL_FULL_MODE */
 
+/**
+ * Return the version of this library.
+ */
+EXP_FUNC const char  * STDCALL ssl_version()
+{
+    static const char * axtls_version = AXTLS_VERSION " " __DATE__;
+    return axtls_version;
+}
+
 /**
  * Enable the various language bindings to work regardless of the
  * configuration - they just return an error statement and a bad return code.
diff --git a/ssl/tls1.h b/ssl/tls1.h
index fc343e512c..f21d9a6cd8 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -28,6 +28,31 @@
 extern "C" {
 #endif
 
+#include "version.h"
+
+/* Mutexing definitions */
+#if defined(CONFIG_SSLCTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else 
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
 #define SSL_FINISHED_HASH_SIZE      12
@@ -52,6 +77,9 @@ extern "C" {
 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
 
 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_EXTRA                    1024
+#define BM_RECORD_OFFSET            5
 
 #ifdef CONFIG_SSL_SKELETON_MODE
 #define NUM_PROTOCOLS               1
@@ -138,11 +166,13 @@ struct _SSL
     uint8_t *key_block;
     void *encrypt_ctx;
     void *decrypt_ctx;
-    BUF_MEM bm_buf;
+    uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
+    uint8_t *bm_data;
+    int bm_index;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     SSL_CERT *certs;
-    struct _SSLCTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
+    struct _SSLCTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t session_index;
     SSL_SESS *session;
@@ -172,13 +202,16 @@ struct _SSLCTX
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     CA_CERT_CTX *ca_cert_ctx;
 #endif
-    SSL *sess_head;
-    SSL *sess_tail;
+    SSL *head;
+    SSL *tail;
     SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t num_sessions;
     SSL_SESS **ssl_sessions;
 #endif
+#ifdef CONFIG_SSLCTX_MUTEXING
+    SSL_CTX_MUTEX_TYPE mutex;
+#endif
 };
 
 typedef struct _SSLCTX SSLCTX;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b9642b34eb..7dc9c4d43e 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -117,7 +117,7 @@ int do_client_connect(SSL *ssl)
     int ret = SSL_OK;
 
     send_client_hello(ssl);                 /* send the client hello */
-    ssl->bm_buf.index = 0;
+    ssl->bm_index = 0;
     ssl->next_state = HS_SERVER_HELLO;
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 
@@ -151,7 +151,7 @@ int do_client_connect(SSL *ssl)
  */
 static int send_client_hello(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     time_t tm = time(NULL);
     uint8_t *tm_ptr = &buf[6]; /* time will go here */
     int i, offset;
@@ -186,19 +186,19 @@ static int send_client_hello(SSL *ssl)
         buf[offset++] = 0;
     }
 
-    buf[offset++] = 0;   /* number of ciphers */
-    buf[offset++] = NUM_PROTOCOLS*2;   /* number of ciphers */
+    buf[offset++] = 0;              /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
 
     /* put all our supported protocols in our request */
     for (i = 0; i < NUM_PROTOCOLS; i++)
     {
-        buf[offset++] = 0;      /* cipher we are using */
+        buf[offset++] = 0;          /* cipher we are using */
         buf[offset++] = ssl_prot_prefs[i];
     }
 
-    buf[offset++] = 1;      /* no compression */
+    buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
-    buf[3] = offset - 4;    /* handshake size */
+    buf[3] = offset - 4;            /* handshake size */
 
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }
@@ -208,8 +208,8 @@ static int send_client_hello(SSL *ssl)
  */
 static int process_server_hello(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
-    int pkt_size = ssl->bm_buf.index;
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
     int offset;
     int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
@@ -217,9 +217,7 @@ static int process_server_hello(SSL *ssl)
 
     /* check that we are talking to a TLSv1 server */
     if (version != 0x31)
-    {
         return SSL_ERROR_INVALID_VERSION;
-    }
 
     /* get the server random value */
     memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
@@ -260,7 +258,7 @@ static int process_server_hello_done(SSL *ssl)
  */
 static int send_client_key_xchg(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     uint8_t premaster_secret[SSL_SECRET_SIZE];
     int enc_secret_size = -1;
 
@@ -271,8 +269,13 @@ static int send_client_key_xchg(SSL *ssl)
     premaster_secret[1] = 0x01;
     get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
     DISPLAY_RSA(ssl, "send_client_key_xchg", ssl->x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
     enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
             SSL_SECRET_SIZE, &buf[6], 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
     buf[2] = (enc_secret_size + 2) >> 8;
     buf[3] = (enc_secret_size + 2) & 0xff;
     buf[4] = enc_secret_size >> 8;
@@ -298,7 +301,7 @@ static int process_cert_req(SSL *ssl)
  */
 static int send_cert_verify(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     uint8_t dgst[MD5_SIZE+SHA1_SIZE];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
     int n, ret;
@@ -309,7 +312,11 @@ static int send_cert_verify(SSL *ssl)
     buf[1] = 0;
 
     finished_digest(ssl, NULL, dgst);   /* calculate the digest */
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
     n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (n == 0)
     {
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index ad463def35..9ad3a98d8e 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -45,10 +45,7 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd)
 
 #ifdef CONFIG_SSL_FULL_MODE
     if (ssl_ctx->chain_length == 0)
-    {
-        printf("Warning - no server certificate defined\n");
-        TTY_FLUSH();
-    }
+        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
 #endif
 
     return ssl;
@@ -67,9 +64,7 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
     {
         case HS_CLIENT_HELLO:
             if ((ret = process_client_hello(ssl)) == SSL_OK)
-            {
                 ret = send_server_hello_sequence(ssl);
-            }
             break;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
@@ -107,9 +102,9 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
  */
 static int process_client_hello(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     uint8_t *record_buf = ssl->record_buf;
-    int pkt_size = ssl->bm_buf.index;
+    int pkt_size = ssl->bm_index;
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
     int version = (record_buf[1] << 4) + record_buf[2];
     int ret = SSL_OK;
@@ -169,7 +164,7 @@ static int process_client_hello(SSL *ssl)
  */
 int process_sslv23_client_hello(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
     int version = (buf[3] << 4) + buf[4];
     int ret = SSL_OK;
@@ -291,7 +286,7 @@ static int send_server_hello_sequence(SSL *ssl)
  */
 static int send_server_hello(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
+    uint8_t *buf = ssl->bm_data;
     int offset = 0;
 
     buf[0] = HS_SERVER_HELLO;
@@ -358,8 +353,8 @@ static int send_server_hello_done(SSL *ssl)
  */
 static int process_client_key_xchg(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
-    int pkt_size = ssl->bm_buf.index;
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
     int premaster_size, secret_length = (buf[2] << 8) + buf[3];
     uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
@@ -370,12 +365,14 @@ static int process_client_key_xchg(SSL *ssl)
 
     /* is there an extra size field? */
     if ((secret_length - 2) == rsa_ctx->num_octets)
-    {
         offset += 2;
-    }
 
     PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
     premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (premaster_size != SSL_SECRET_SIZE || 
             premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
@@ -420,8 +417,8 @@ static int send_certificate_request(SSL *ssl)
  */
 static int process_cert_verify(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_buf.data;
-    int pkt_size = ssl->bm_buf.index;
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
     uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
     uint8_t dgst[MD5_SIZE+SHA1_SIZE];
     X509_CTX *x509_ctx = ssl->x509_ctx;

From 9241353c506c811cea6281a08b2e9d421c4855f5 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 1 Feb 2007 21:46:33 +0000
Subject: [PATCH 047/301] latest changes for 1.1.0

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@57 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/axhttpd.aip | 174 +++++++++++++++++++++++++++++++++++++++------
 config/linuxconfig |   2 +-
 config/win32config |   2 +-
 3 files changed, 156 insertions(+), 22 deletions(-)

diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 25e067abe9..be886602fe 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -17,16 +17,45 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
     <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
-    <ROW Directory="New_Folder_1_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
-    <ROW Directory="New_Folder_2_DIR" Directory_Parent="New_Folder_1_DIR" DefaultDir="anothe~1|another_dir"/>
     <ROW Directory="New_Folder_DIR" Directory_Parent="APPDIR" DefaultDir="include"/>
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
-    <ROW Directory="crypto_files_DIR" Directory_Parent="www_DIR" DefaultDir="crypto~1|crypto_files"/>
+    <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
+    <ROW Directory="index_files_DIR" Directory_Parent="www_DIR" DefaultDir="index_~1|index_files"/>
+    <ROW Directory="prop_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="prop_base_DIR" Directory_Parent="svn_DIR" DefaultDir="prop-b~1|prop-base"/>
+    <ROW Directory="props_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="props"/>
+    <ROW Directory="props_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="props"/>
+    <ROW Directory="props_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="props"/>
+    <ROW Directory="props_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="props"/>
+    <ROW Directory="props_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="props"/>
+    <ROW Directory="props_DIR" Directory_Parent="svn_DIR" DefaultDir="props"/>
+    <ROW Directory="svn_1_DIR" Directory_Parent="test_dir_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="svn_2_DIR" Directory_Parent="another_dir_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="svn_DIR" Directory_Parent="index_files_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
+    <ROW Directory="text_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="text_base_DIR" Directory_Parent="svn_DIR" DefaultDir="text-b~1|text-base"/>
+    <ROW Directory="tmp_1_DIR" Directory_Parent="svn_1_DIR" DefaultDir="tmp"/>
+    <ROW Directory="tmp_2_DIR" Directory_Parent="svn_2_DIR" DefaultDir="tmp"/>
+    <ROW Directory="tmp_DIR" Directory_Parent="svn_DIR" DefaultDir="tmp"/>
+    <ROW Directory="wcprops_1_DIR" Directory_Parent="svn_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_2_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_3_DIR" Directory_Parent="svn_1_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_4_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_5_DIR" Directory_Parent="svn_2_DIR" DefaultDir="wcprops"/>
+    <ROW Directory="wcprops_DIR" Directory_Parent="tmp_DIR" DefaultDir="wcprops"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="New_Folder" ComponentId="{2AD064CD-A20E-40FD-9233-CF8732C8F54D}" Directory_="New_Folder_2_DIR" Attributes="0"/>
     <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
     <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
     <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
@@ -35,15 +64,45 @@
     <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
-    <ROW Component="crypto_2600des.gif" ComponentId="{CF142350-C3E2-4F82-88AF-0706F8D8C7F9}" Directory_="crypto_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif" FullKeyPath="APPDIR\www\crypto_files"/>
+    <ROW Component="crypto_2600des.gif.svn_base" ComponentId="{CD5BA3C0-11B1-4991-8F89-8D2F79CB9F40}" Directory_="prop_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base" FullKeyPath="APPDIR\www\index_files\.svn\prop-base"/>
+    <ROW Component="crypto_2600des.gif.svn_base_1" ComponentId="{2D9375F3-AD2A-47F2-98C2-36959C3C2745}" Directory_="text_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base_1" FullKeyPath="APPDIR\www\index_files\.svn\text-base"/>
+    <ROW Component="crypto_2600des.gif.svn_work" ComponentId="{2A7C4FF1-153E-4CF8-A3B4-69D72C2EE48D}" Directory_="props_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work" FullKeyPath="APPDIR\www\index_files\.svn\props"/>
+    <ROW Component="crypto_2600des.gif.svn_work_1" ComponentId="{80DA84A9-77FD-47AA-99A7-C8A3BBFE352F}" Directory_="wcprops_1_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work_1" FullKeyPath="APPDIR\www\index_files\.svn\wcprops"/>
+    <ROW Component="crypto_2600des.gif_1" ComponentId="{F3B3E37C-D940-4899-B312-0E244D6AF720}" Directory_="index_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif_1" FullKeyPath="APPDIR\www\index_files"/>
+    <ROW Component="dir_wcprops" ComponentId="{CE7FD33B-9472-4AA5-A185-10A93A832A95}" Directory_="svn_DIR" Attributes="0" KeyPath="dir_wcprops" FullKeyPath="APPDIR\www\index_files\.svn"/>
+    <ROW Component="dir_wcprops_1" ComponentId="{D90F9ED6-AECA-47BB-8B91-EF42489D127D}" Directory_="svn_1_DIR" Attributes="0" KeyPath="dir_wcprops_1" FullKeyPath="APPDIR\www\test_dir\.svn"/>
+    <ROW Component="dir_wcprops_2" ComponentId="{C032AA32-3956-4684-86BF-2EFF2CA4B425}" Directory_="svn_2_DIR" Attributes="0" KeyPath="dir_wcprops_2" FullKeyPath="APPDIR\www\test_dir\another_dir\.svn"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
-    <ROW Component="test_cgi.php" ComponentId="{9025188F-8BED-4459-86EF-74C28A3B9301}" Directory_="New_Folder_1_DIR" Attributes="0" KeyPath="test_cgi.php" FullKeyPath="APPDIR\www\test_dir"/>
+    <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
+    <ROW Component="health.sh.svn_base" ComponentId="{01F12E83-3FEA-4F76-B490-440C94403C9B}" Directory_="prop_base_2_DIR" Attributes="0" KeyPath="health.sh.svn_base" FullKeyPath="APPDIR\www\test_dir\.svn\prop-base"/>
+    <ROW Component="health.sh.svn_base_1" ComponentId="{65301911-BF34-49C0-9702-11A561AFFC50}" Directory_="text_base_2_DIR" Attributes="0" KeyPath="health.sh.svn_base_1" FullKeyPath="APPDIR\www\test_dir\.svn\text-base"/>
+    <ROW Component="health.sh.svn_work" ComponentId="{28B54A87-690B-4E1C-9B46-EA7481EF9218}" Directory_="props_2_DIR" Attributes="0" KeyPath="health.sh.svn_work" FullKeyPath="APPDIR\www\test_dir\.svn\props"/>
+    <ROW Component="health.sh.svn_work_1" ComponentId="{E9968BAF-D707-46E8-813F-C2313CA521C8}" Directory_="wcprops_3_DIR" Attributes="0" KeyPath="health.sh.svn_work_1" FullKeyPath="APPDIR\www\test_dir\.svn\wcprops"/>
+    <ROW Component="prop_base" ComponentId="{8C6DB0CF-A719-48C3-BBBF-02599249163E}" Directory_="prop_base_1_DIR" Attributes="0"/>
+    <ROW Component="prop_base_1" ComponentId="{2CEE7EA7-BFB2-4154-9F41-DEE4A66CDF18}" Directory_="prop_base_3_DIR" Attributes="0"/>
+    <ROW Component="prop_base_2" ComponentId="{A3E2975E-C55F-458E-8443-23556A498DE8}" Directory_="prop_base_4_DIR" Attributes="0"/>
+    <ROW Component="prop_base_3" ComponentId="{84D4F8F9-D8C8-40A2-AC98-0D18C7ACC15D}" Directory_="prop_base_5_DIR" Attributes="0"/>
+    <ROW Component="props" ComponentId="{3A6D991B-1ECF-481D-94C1-E48F6B5B3929}" Directory_="props_1_DIR" Attributes="0"/>
+    <ROW Component="props_1" ComponentId="{E844B3DF-C536-439B-B599-77B73C5B2213}" Directory_="props_3_DIR" Attributes="0"/>
+    <ROW Component="props_2" ComponentId="{1EC8919C-173D-4A2E-8356-E054BD661F2B}" Directory_="props_4_DIR" Attributes="0"/>
+    <ROW Component="props_3" ComponentId="{1FA958FF-6FF6-4128-9424-4036DC68CE9F}" Directory_="props_5_DIR" Attributes="0"/>
+    <ROW Component="text_base" ComponentId="{B4978EC3-2697-4E91-A38F-A0E184FBF592}" Directory_="text_base_1_DIR" Attributes="0"/>
+    <ROW Component="text_base_1" ComponentId="{0AB5A835-B2CC-4BEF-85B8-C4073738FEF2}" Directory_="text_base_3_DIR" Attributes="0"/>
+    <ROW Component="text_base_2" ComponentId="{C99C78FE-D567-463B-84AC-F09280EC233A}" Directory_="text_base_4_DIR" Attributes="0"/>
+    <ROW Component="text_base_3" ComponentId="{C7C7D550-84BA-4B7E-83ED-526D903CD774}" Directory_="text_base_5_DIR" Attributes="0"/>
+    <ROW Component="wcprops" ComponentId="{E67C1A2D-BAE8-4E1E-AC15-B016D2C0FB5D}" Directory_="wcprops_DIR" Attributes="0"/>
+    <ROW Component="wcprops_1" ComponentId="{F6775505-3540-4D45-B774-6AEE523D2DEE}" Directory_="wcprops_2_DIR" Attributes="0"/>
+    <ROW Component="wcprops_2" ComponentId="{3974F3F6-9377-4343-9230-782F1DD91BFF}" Directory_="wcprops_4_DIR" Attributes="0"/>
+    <ROW Component="wcprops_3" ComponentId="{0A686253-B608-4CB2-A709-3A1E124C42CB}" Directory_="wcprops_5_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h test_cgi.php New_Folder crypto_2600des.gif"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif_1 dir_wcprops_1 health.sh.svn_base health.sh.svn_work health.sh.svn_base_1 prop_base_1 props_1 text_base_1 wcprops_1 health.sh.svn_work_1 dir_wcprops_2 prop_base_2 props_2 text_base_2 prop_base_3 props_3 text_base_3 wcprops_2 wcprops_3 health.sh"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="README.txt" Component_="dir_wcprops" FileName="README.txt" Attributes="1" SourcePath="..\www\index_files\.svn\README.txt" SelfReg="false" Sequence="40"/>
+    <ROW File="README.txt_1" Component_="dir_wcprops_1" FileName="README.txt" Attributes="1" SourcePath="..\www\test_dir\.svn\README.txt" SelfReg="false" Sequence="78"/>
+    <ROW File="README.txt_2" Component_="dir_wcprops_2" FileName="README.txt" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\README.txt" SelfReg="false" Sequence="89"/>
     <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
     <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
     <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
@@ -56,22 +115,82 @@
     <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
     <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_2600des.gif" Component_="crypto_2600des.gif" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_2600des.gif" SelfReg="false" Sequence="21"/>
-    <ROW File="crypto_3ways.gif" Component_="crypto_2600des.gif" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_3ways.gif" SelfReg="false" Sequence="22"/>
-    <ROW File="crypto_backrsa.jpg" Component_="crypto_2600des.gif" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\crypto_files\crypto_backrsa.jpg" SelfReg="false" Sequence="23"/>
-    <ROW File="crypto_cert.gif" Component_="crypto_2600des.gif" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_cert.gif" SelfReg="false" Sequence="24"/>
-    <ROW File="crypto_des.gif" Component_="crypto_2600des.gif" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_des.gif" SelfReg="false" Sequence="25"/>
-    <ROW File="crypto_ecc.gif" Component_="crypto_2600des.gif" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_ecc.gif" SelfReg="false" Sequence="26"/>
-    <ROW File="crypto_sslv3.gif" Component_="crypto_2600des.gif" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_sslv3.gif" SelfReg="false" Sequence="27"/>
-    <ROW File="crypto_types.gif" Component_="crypto_2600des.gif" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\crypto_files\crypto_types.gif" SelfReg="false" Sequence="28"/>
+    <ROW File="crypto_2600des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="22"/>
+    <ROW File="crypto_2600des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="41"/>
+    <ROW File="crypto_2600des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="31"/>
+    <ROW File="crypto_2600des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="50"/>
+    <ROW File="crypto_2600des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_2600des.gif" SelfReg="false" Sequence="59"/>
+    <ROW File="crypto_3ways.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="23"/>
+    <ROW File="crypto_3ways.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="42"/>
+    <ROW File="crypto_3ways.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="32"/>
+    <ROW File="crypto_3ways.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="51"/>
+    <ROW File="crypto_3ways.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\index_files\crypto_3ways.gif" SelfReg="false" Sequence="60"/>
+    <ROW File="crypto_backrsa.jpg.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="24"/>
+    <ROW File="crypto_backrsa.jpg.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="43"/>
+    <ROW File="crypto_backrsa.jpg.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="33"/>
+    <ROW File="crypto_backrsa.jpg.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="52"/>
+    <ROW File="crypto_backrsa.jpg_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\index_files\crypto_backrsa.jpg" SelfReg="false" Sequence="61"/>
+    <ROW File="crypto_cert.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="25"/>
+    <ROW File="crypto_cert.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="44"/>
+    <ROW File="crypto_cert.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_cert.gif.svn-work" SelfReg="false" Sequence="34"/>
+    <ROW File="crypto_cert.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_cert.gif.svn-work" SelfReg="false" Sequence="53"/>
+    <ROW File="crypto_cert.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\index_files\crypto_cert.gif" SelfReg="false" Sequence="62"/>
+    <ROW File="crypto_des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="26"/>
+    <ROW File="crypto_des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="45"/>
+    <ROW File="crypto_des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_des.gif.svn-work" SelfReg="false" Sequence="35"/>
+    <ROW File="crypto_des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_des.gif.svn-work" SelfReg="false" Sequence="54"/>
+    <ROW File="crypto_des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_des.gif" SelfReg="false" Sequence="63"/>
+    <ROW File="crypto_ecc.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="27"/>
+    <ROW File="crypto_ecc.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="46"/>
+    <ROW File="crypto_ecc.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="36"/>
+    <ROW File="crypto_ecc.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="55"/>
+    <ROW File="crypto_ecc.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\index_files\crypto_ecc.gif" SelfReg="false" Sequence="64"/>
+    <ROW File="crypto_sslv3.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="28"/>
+    <ROW File="crypto_sslv3.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="47"/>
+    <ROW File="crypto_sslv3.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="37"/>
+    <ROW File="crypto_sslv3.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="56"/>
+    <ROW File="crypto_sslv3.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\index_files\crypto_sslv3.gif" SelfReg="false" Sequence="65"/>
+    <ROW File="crypto_types.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="29"/>
+    <ROW File="crypto_types.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="48"/>
+    <ROW File="crypto_types.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_types.gif.svn-work" SelfReg="false" Sequence="38"/>
+    <ROW File="crypto_types.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_types.gif.svn-work" SelfReg="false" Sequence="57"/>
+    <ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="66"/>
+    <ROW File="dir_wcprops" Component_="dir_wcprops" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\index_files\.svn\dir-wcprops" SelfReg="false" Sequence="18"/>
+    <ROW File="dir_wcprops_1" Component_="dir_wcprops_1" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\test_dir\.svn\dir-wcprops" SelfReg="false" Sequence="68"/>
+    <ROW File="dir_wcprops_2" Component_="dir_wcprops_2" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\dir-wcprops" SelfReg="false" Sequence="85"/>
+    <ROW File="empty_file" Component_="dir_wcprops" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\index_files\.svn\empty-file" SelfReg="false" Sequence="19"/>
+    <ROW File="empty_file_1" Component_="dir_wcprops_1" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\test_dir\.svn\empty-file" SelfReg="false" Sequence="69"/>
+    <ROW File="empty_file_2" Component_="dir_wcprops_2" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\empty-file" SelfReg="false" Sequence="86"/>
+    <ROW File="entries" Component_="dir_wcprops" FileName="entries" Attributes="1" SourcePath="..\www\index_files\.svn\entries" SelfReg="false" Sequence="20"/>
+    <ROW File="entries_1" Component_="dir_wcprops_1" FileName="entries" Attributes="1" SourcePath="..\www\test_dir\.svn\entries" SelfReg="false" Sequence="70"/>
+    <ROW File="entries_2" Component_="dir_wcprops_2" FileName="entries" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\entries" SelfReg="false" Sequence="87"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="health.sh" Component_="test_cgi.php" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="19"/>
+    <ROW File="format" Component_="dir_wcprops" FileName="format" Attributes="1" SourcePath="..\www\index_files\.svn\format" SelfReg="false" Sequence="21"/>
+    <ROW File="format_1" Component_="dir_wcprops_1" FileName="format" Attributes="1" SourcePath="..\www\test_dir\.svn\format" SelfReg="false" Sequence="71"/>
+    <ROW File="format_2" Component_="dir_wcprops_2" FileName="format" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\format" SelfReg="false" Sequence="88"/>
+    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="90"/>
+    <ROW File="health.sh.svn_base" Component_="health.sh.svn_base" FileName="health~1.svn|health.sh.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\health.sh.svn-base" SelfReg="false" Sequence="72"/>
+    <ROW File="health.sh.svn_base_1" Component_="health.sh.svn_base_1" FileName="health~1.svn|health.sh.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\health.sh.svn-base" SelfReg="false" Sequence="79"/>
+    <ROW File="health.sh.svn_work" Component_="health.sh.svn_work" FileName="health~1.svn|health.sh.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\health.sh.svn-work" SelfReg="false" Sequence="75"/>
+    <ROW File="health.sh.svn_work_1" Component_="health.sh.svn_work_1" FileName="health~1.svn|health.sh.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\health.sh.svn-work" SelfReg="false" Sequence="82"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="kerberos.gif" Component_="crypto_2600des.gif" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\crypto_files\kerberos.gif" SelfReg="false" Sequence="29"/>
+    <ROW File="kerberos.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\kerberos.gif.svn-base" SelfReg="false" Sequence="30"/>
+    <ROW File="kerberos.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\kerberos.gif.svn-base" SelfReg="false" Sequence="49"/>
+    <ROW File="kerberos.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\kerberos.gif.svn-work" SelfReg="false" Sequence="39"/>
+    <ROW File="kerberos.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\kerberos.gif.svn-work" SelfReg="false" Sequence="58"/>
+    <ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="67"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="some_text.txt" Component_="test_cgi.php" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="20"/>
+    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="91"/>
+    <ROW File="some_text.txt.svn_base" Component_="health.sh.svn_base" FileName="some_t~1.svn|some_text.txt.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\some_text.txt.svn-base" SelfReg="false" Sequence="73"/>
+    <ROW File="some_text.txt.svn_base_1" Component_="health.sh.svn_base_1" FileName="some_t~1.svn|some_text.txt.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\some_text.txt.svn-base" SelfReg="false" Sequence="80"/>
+    <ROW File="some_text.txt.svn_work" Component_="health.sh.svn_work" FileName="some_t~1.svn|some_text.txt.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\some_text.txt.svn-work" SelfReg="false" Sequence="76"/>
+    <ROW File="some_text.txt.svn_work_1" Component_="health.sh.svn_work_1" FileName="some_t~1.svn|some_text.txt.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\some_text.txt.svn-work" SelfReg="false" Sequence="83"/>
     <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="test_cgi.php" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="18"/>
+    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="92"/>
+    <ROW File="test_cgi.php.svn_base" Component_="health.sh.svn_base" FileName="test_c~1.svn|test_cgi.php.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\test_cgi.php.svn-base" SelfReg="false" Sequence="74"/>
+    <ROW File="test_cgi.php.svn_base_1" Component_="health.sh.svn_base_1" FileName="test_c~1.svn|test_cgi.php.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\test_cgi.php.svn-base" SelfReg="false" Sequence="81"/>
+    <ROW File="test_cgi.php.svn_work" Component_="health.sh.svn_work" FileName="test_c~1.svn|test_cgi.php.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\test_cgi.php.svn-work" SelfReg="false" Sequence="77"/>
+    <ROW File="test_cgi.php.svn_work_1" Component_="health.sh.svn_work_1" FileName="test_c~1.svn|test_cgi.php.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\test_cgi.php.svn-work" SelfReg="false" Sequence="84"/>
     <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
@@ -102,7 +221,22 @@
     <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
-    <ROW Directory_="New_Folder_2_DIR" Component_="New_Folder"/>
+    <ROW Directory_="prop_base_3_DIR" Component_="prop_base_1"/>
+    <ROW Directory_="prop_base_1_DIR" Component_="prop_base"/>
+    <ROW Directory_="props_1_DIR" Component_="props"/>
+    <ROW Directory_="text_base_1_DIR" Component_="text_base"/>
+    <ROW Directory_="wcprops_DIR" Component_="wcprops"/>
+    <ROW Directory_="props_3_DIR" Component_="props_1"/>
+    <ROW Directory_="text_base_3_DIR" Component_="text_base_1"/>
+    <ROW Directory_="wcprops_2_DIR" Component_="wcprops_1"/>
+    <ROW Directory_="prop_base_4_DIR" Component_="prop_base_2"/>
+    <ROW Directory_="props_4_DIR" Component_="props_2"/>
+    <ROW Directory_="text_base_4_DIR" Component_="text_base_2"/>
+    <ROW Directory_="prop_base_5_DIR" Component_="prop_base_3"/>
+    <ROW Directory_="props_5_DIR" Component_="props_3"/>
+    <ROW Directory_="text_base_5_DIR" Component_="text_base_3"/>
+    <ROW Directory_="wcprops_4_DIR" Component_="wcprops_2"/>
+    <ROW Directory_="wcprops_5_DIR" Component_="wcprops_3"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
diff --git a/config/linuxconfig b/config/linuxconfig
index 1fd7cfa470..f73efd6644 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -39,7 +39,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_SSLCTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
 # CONFIG_PERFORMANCE_TESTING is not set
diff --git a/config/win32config b/config/win32config
index 54a6945437..fcdcdf1296 100644
--- a/config/win32config
+++ b/config/win32config
@@ -43,7 +43,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_SSLCTX_MUTEXING is not set
 # CONFIG_USE_DEV_URANDOM is not set
 CONFIG_WIN32_USE_CRYPTO_LIB=y
 # CONFIG_PERFORMANCE_TESTING is not set

From 30a1970bb2d1b236132dcf0a31a3adc3e013e96d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 7 Feb 2007 12:22:35 +0000
Subject: [PATCH 048/301] adding authentication, AES alignment issue, MACRO
 issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@59 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                   |  12 ++
 Makefile                    |  14 +-
 config/makefile.conf        |   4 +-
 httpd/Config.in             |  22 +--
 httpd/Makefile              |   2 +-
 httpd/axhttp.h              |   6 +-
 httpd/{main.c => axhttpd.c} |  23 ++--
 httpd/mime_types.c          |   2 +-
 httpd/proc.c                | 264 +++++++++++++++++++++++++++---------
 samples/c/axssl.c           |   2 +-
 ssl/aes.c                   | 145 ++++++++------------
 ssl/crypto.h                |  13 +-
 ssl/crypto_misc.c           |  75 ++++++++++
 ssl/loader.c                |  71 +---------
 ssl/md5.c                   |   6 +-
 ssl/os_port.h               |   6 +-
 ssl/tls1.c                  |   3 +
 17 files changed, 404 insertions(+), 266 deletions(-)
 create mode 100644 CHANGELOG
 rename httpd/{main.c => axhttpd.c} (97%)

diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 0000000000..974d6357e5
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,12 @@
+Changes since 1.0.0
+
+* AES should now work on 16bit processors (there was an alignment problem)
+* Various freed objects are cleared before freeing.
+* Header files now installed in /usr/local/include/axTLS
+* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris)
+
+axhttpd Changes
+* Header file issue fixed (in mime_types.c)
+* chroot() now used for better security
+* Authentication implemented
+* 
diff --git a/Makefile b/Makefile
index 33c1debe44..549fb8a88d 100644
--- a/Makefile
+++ b/Makefile
@@ -74,10 +74,20 @@ win32_demo:
 install: $(PREFIX) all
 	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
 	chmod 755 $(PREFIX)/lib/libax* 
-	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin > /dev/null 2>&1
+	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
 ifdef CONFIG_PERL_BINDINGS 
-	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'` > /dev/null 2>&1
+	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
 endif
+	@mkdir -p -m 755 $(PREFIX)/include/axTLS
+	-install -m 644 ssl/bigint.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/bigint_impl.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/crypto.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/os_port.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/bigint.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/ssl.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/tls1.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/version.h $(PREFIX)/include/axTLS
+	-install -m 644 config/config.h $(PREFIX)/include/axTLS
 
 installclean:
 	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
diff --git a/config/makefile.conf b/config/makefile.conf
index 41e66702f5..58f66f60d0 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -79,7 +79,7 @@ LD=$(CC)
 
 # Solaris
 ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -DSOLARIS
+CFLAGS += -DCONFIG_PLATFORM_SOLARIS
 LDFLAGS += -lsocket -lnsl -lc
 LDSHARED = -G
 # Linux/Cygwin
@@ -89,7 +89,7 @@ LDSHARED = -shared
 ifndef CONFIG_PLATFORM_CYGWIN
 CFLAGS += -fPIC 
 else
-CFLAGS += -DCYGWIN
+CFLAGS += -DCONFIG_PLATFORM_CYGWIN
 endif
 endif
 
diff --git a/httpd/Config.in b/httpd/Config.in
index 8d1000e026..531f9c8821 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -13,6 +13,14 @@ config CONFIG_HTTP_STATIC_BUILD
         Select y if you want axhttp to be a static build (i.e. don't use the
         axtls shared library or dll).
         
+config CONFIG_HTTP_PORT
+    int "HTTP port"
+    default 80
+    help
+        The port number of the normal HTTP server. 
+
+        You must be a root user in order to use the default port.
+
 config CONFIG_HTTP_HTTPS_PORT
     int "HTTPS port"
     default 443
@@ -39,14 +47,6 @@ config CONFIG_HTTP_WEBROOT
         The location of the web root in relation to axhttpd. This is 
         the directory where index.html lives.
 
-config CONFIG_HTTP_PORT
-    int "HTTP port"
-    default 80
-    help
-        The port number of the normal HTTP server. 
-
-        You must be a root user in order to use the default port.
-
 config CONFIG_HTTP_TIMEOUT
     int "Timeout"
     default 5
@@ -79,6 +79,12 @@ config CONFIG_HTTP_PERM_CHECK
         Enable permissions checking on the directories before reading the
         files in them.
 
+config CONFIG_HTTP_HAS_AUTHORIZATION
+    bool "Enable authorization"
+    default n
+    help
+        Pages/directories can have passwords associated with them.
+
 config CONFIG_HTTP_HAS_IPV6
     bool "Enable IPv6"
     default n
diff --git a/httpd/Makefile b/httpd/Makefile
index 442dca403e..71ea462a67 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -54,7 +54,7 @@ else
 web_server : $(TARGET)
 
 OBJ= \
-	main.o \
+	axhttpd.o \
 	proc.o \
 	mime_types.o
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index dde47e60db..cce1567b10 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -77,6 +77,9 @@ struct connstruct
     uint8_t is_ssl;
     uint8_t close_when_done;
     uint8_t modified_since;
+#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+    char authorization[MAXREQUESTLENGTH];
+#endif
 };
 
 struct serverstruct 
@@ -103,9 +106,6 @@ extern struct connstruct *freeconns;
 extern struct cgiextstruct *cgiexts;
 #endif
 
-// Conf global prototypes
-extern char *webroot;
-
 // conn.c prototypes
 void removeconnection(struct connstruct *cn);
 
diff --git a/httpd/main.c b/httpd/axhttpd.c
similarity index 97%
rename from httpd/main.c
rename to httpd/axhttpd.c
index dd0e09fdf8..cd899f9cfa 100644
--- a/httpd/main.c
+++ b/httpd/axhttpd.c
@@ -27,7 +27,6 @@
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
-char *webroot = CONFIG_HTTP_WEBROOT;
 
 static void addtoservers(int sd);
 static int openlistener(int port);
@@ -86,11 +85,12 @@ static void die(int sigtype)
 
 int main(int argc, char *argv[]) 
 {
+    static char *webroot = CONFIG_HTTP_WEBROOT;
     fd_set rfds, wfds;
     struct connstruct *tp, *to;
     struct serverstruct *sp;
     int rnum, wnum, active;
-    int webrootlen, i;
+    int i;
     time_t currtime;
 
 #ifdef WIN32
@@ -98,12 +98,6 @@ int main(int argc, char *argv[])
     WSADATA wsaData;
     WSAStartup(wVersionRequested,&wsaData);
 #else
-    if (getuid() == 0)  /* change our uid if we are root */
-    {
-        setgid(32767);
-        setuid(32767);
-    }
-
     signal(SIGQUIT, die);
     signal(SIGPIPE, SIG_IGN);
 #if defined(CONFIG_HTTP_HAS_CGI)
@@ -122,12 +116,8 @@ int main(int argc, char *argv[])
         freeconns->next = tp;
     }
 
-    webrootlen = strlen(webroot);
-
-    if (webroot[webrootlen-1] == '/') 
-        webroot[webrootlen-1] = '\0';
-
-    if (isdir(webroot) == 0) 
+    /* change to webroot for better security */
+    if (chroot(webroot))
     {
 #ifdef CONFIG_HTTP_VERBOSE
         fprintf(stderr, "'%s' is not a directory\n", webroot);
@@ -135,6 +125,11 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
+#ifndef WIN32
+    setgid(32767);
+    setuid(32767);
+#endif
+
     if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
index 1335e7d0d3..46e3c3e5e0 100644
--- a/httpd/mime_types.c
+++ b/httpd/mime_types.c
@@ -20,7 +20,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <ctype.h>
-#include "os_port.h"
+#include "axhttp.h"
 
 static const char mime_default[] = "text/plain";
 
diff --git a/httpd/proc.c b/httpd/proc.c
index 9a59908d3e..1c746cf2da 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -29,8 +29,7 @@
 static int special_read(struct connstruct *cn, void *buf, size_t count);
 static int special_write(struct connstruct *cn, 
                                         const uint8_t *buf, size_t count);
-static void send404(struct connstruct *cn);
-static int procindex(struct connstruct *cn, struct stat *stp);
+static void send_error(struct connstruct *cn, int err);
 static int hexit(char c);
 static void urldecode(char *buf);
 static void buildactualfile(struct connstruct *cn);
@@ -47,6 +46,9 @@ static int trycgi_withpathinfo(struct connstruct *cn);
 static void split(char *tp, char *sp[], int maxwords, char sc);
 static int iscgi(const char *fn);
 #endif
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+static int auth_check(struct connstruct *cn);
+#endif
 
 /* Returns 1 if elems should continue being read, 0 otherwise */
 static int procheadelem(struct connstruct *cn, char *buf) 
@@ -61,10 +63,11 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
     *delim = 0;
     value = delim+1;
+    printf("BUF %s - value %s\n", buf, value);
 
-    if (strcmp(buf, "GET")==0 ||
-            strcmp(buf, "HEAD")==0 ||
-            strcmp(buf, "POST")==0) 
+    if (strcmp(buf, "GET") == 0 ||
+            strcmp(buf, "HEAD") == 0 ||
+            strcmp(buf, "POST") == 0) 
     {
         if (buf[0] == 'H') 
             cn->reqtype = TYPE_HEAD;
@@ -79,8 +82,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         if (sanitizefile(value) == 0) 
         {
-            send404(cn);
-            removeconnection(cn);
+            send_error(cn, 404);
             return 0;
         }
 
@@ -98,7 +100,6 @@ static int procheadelem(struct connstruct *cn, char *buf)
     {
         if (sanitizehost(value) == 0) 
         {
-            send404(cn);
             removeconnection(cn);
             return 0;
         }
@@ -114,6 +115,15 @@ static int procheadelem(struct connstruct *cn, char *buf)
         /* TODO: parse this date properly with getdate() or similar */
         cn->modified_since = 1;
     }
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    else if (strcmp(buf, "Authorization:") == 0 &&
+                            strncmp(value, "Basic ", 6) == 0)
+    {
+        if (base64_decode(&value[6], strlen(&value[6]), 
+                                        cn->authorization, NULL))
+            cn->authorization[0] = 0;   /* error */
+    }
+#endif
 
     return 1;
 }
@@ -141,15 +151,13 @@ static void procdirlisting(struct connstruct *cn)
 
     if (cn->dirp == INVALID_HANDLE_VALUE) 
     {
-        send404(cn);
-        removeconnection(cn);
+        send_error(cn, 404);
         return;
     }
 #else
     if ((cn->dirp = opendir(actualfile)) == NULL) 
     {
-        send404(cn);
-        removeconnection(cn);
+        send_error(cn, 404);
         return;
     }
 
@@ -205,11 +213,16 @@ void procdodir(struct connstruct *cn)
         if (file[0] == '.' && file[1] != '.')
             continue;
 
+        /* make sure a '/' is at the end of a directory */
+        if (cn->filereq[strlen(cn->filereq)-1] != '/')
+            strcat(cn->filereq, "/");
+
+        /* see if the dir + file is another directory */
         snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
         if (isdir(buf))
             strcat(file, "/");
-        urlencode(file, encbuf);
 
+        urlencode(file, encbuf);
         snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
                 cn->filereq, encbuf, file);
     } while (special_write(cn, buf, strlen(buf)));
@@ -263,6 +276,10 @@ void procreadhead(struct connstruct *cn)
     buf[rv] = '\0';
     next = tp = buf;
 
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    cn->authorization[0] = 0;
+#endif
+
     /* Split up lines and send to procheadelem() */
     while (*next != '\0') 
     {
@@ -297,22 +314,22 @@ void procreadhead(struct connstruct *cn)
  */
 void procsendhead(struct connstruct *cn) 
 {
-    char buf[1024];
-    char actualfile[1024];
+    char buf[MAXREQUESTLENGTH];
     struct stat stbuf;
     time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
     char date[32];
 
-    strcpy(date, ctime(&now));
-    strcpy(actualfile, cn->actualfile);
-
-#ifdef WIN32
-    /* stat() under win32 can't deal with trail slash */
-    if (actualfile[strlen(actualfile)-1] == '\\')
-        actualfile[strlen(actualfile)-1] = 0;
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    if (auth_check(cn))
+    {
+        removeconnection(cn);
+        return;
+    }
 #endif
 
-    if (stat(actualfile, &stbuf) == -1) 
+    strcpy(date, ctime(&now));
+
+    if (stat(cn->actualfile, &stbuf) == -1) 
     {
 #if defined(CONFIG_HTTP_HAS_CGI)
         if (trycgi_withpathinfo(cn) == 0) 
@@ -323,8 +340,7 @@ void procsendhead(struct connstruct *cn)
         }
 #endif
 
-        send404(cn);
-        removeconnection(cn);
+        send_error(cn, 404);
         return;
     }
 
@@ -335,8 +351,7 @@ void procsendhead(struct connstruct *cn)
         /* Set up CGI script */
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
         {
-            send404(cn);
-            removeconnection(cn);
+            send_error(cn, 404);
             return;
         }
 #endif
@@ -346,17 +361,20 @@ void procsendhead(struct connstruct *cn)
     }
 #endif
 
+    /* look for "index.html"? */
     if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
     {
-        /* Check to see if this dir has an index file */
-        if (procindex(cn, &stbuf) == 0) 
+        char tbuf[MAXREQUESTLENGTH];
+        sprintf(tbuf, "%s%s", cn->actualfile, "index.html");
+        if (stat(tbuf, &stbuf) != -1) 
+            strcat(cn->actualfile, "index.html");
+        else
         {
 #if defined(CONFIG_HTTP_DIRECTORIES)
             /* If not, we do a directory listing of it */
             procdirlisting(cn);
 #else
-            send404(cn);
-            removeconnection(cn);
+            send_error(cn, 404);
 #endif
             return;
         }
@@ -368,8 +386,7 @@ void procsendhead(struct connstruct *cn)
             /* Set up CGI script */
             if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
             {
-                send404(cn);
-                removeconnection(cn);
+                send_error(cn, 404);
                 return;
             }
 
@@ -412,14 +429,14 @@ void procsendhead(struct connstruct *cn)
     else 
     {
         int flags = O_RDONLY;
-#if defined(WIN32) || defined(CYGWIN)
+#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
         flags |= O_BINARY;
 #endif
 
         cn->filedesc = open(cn->actualfile, flags);
         if (cn->filedesc == -1) 
         {
-            send404(cn);
+            send_error(cn, 404);
             removeconnection(cn);
             return;
         }
@@ -515,23 +532,6 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
     return res;
 }
 
-/* Returns 0 if no index was found and doesn't modify cn->actualfile
-   Returns 1 if an index was found and puts the index in cn->actualfile
-              and puts its stat info into stp */
-static int procindex(struct connstruct *cn, struct stat *stp) 
-{
-    char tbuf[MAXREQUESTLENGTH];
-
-    sprintf(tbuf, "%s%s", cn->actualfile, "index.html");
-    if (stat(tbuf, stp) != -1) 
-    {
-        my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
-        return 1;
-    }
-
-    return 0;
-}
-
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo) 
 {
@@ -651,8 +651,8 @@ static int trycgi_withpathinfo(struct connstruct *cn)
 
     while (fr_rs[i] != NULL) 
     {
-        snprintf(tpfile, sizeof(tpfile), "%s/%s%s", 
-                            webroot, cn->virtualhostreq, fr_str);
+        snprintf(tpfile, sizeof(tpfile), "/%s%s", 
+                            cn->virtualhostreq, fr_str);
 
         if (iscgi(tpfile) && isdir(tpfile) == 0)
         {
@@ -782,18 +782,9 @@ static int hexit(char c)
         return 0;
 }
 
-static void send404(struct connstruct *cn)
-{
-    char buf[1024];
-    strcpy(buf, "HTTP/1.0 404 Not Found\nContent-Type: text/html\n\n"
-            "<html><body>\n<title>404 Not Found</title><h1>"
-            "404 Not Found</h1>\n</body></html>\n");
-    special_write(cn, buf, strlen(buf));
-}
-
 static void buildactualfile(struct connstruct *cn)
 {
-    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s%s", webroot, cn->filereq);
+    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
 
     /* Add directory slash if not there */
     if (isdir(cn->actualfile) && 
@@ -805,9 +796,7 @@ static void buildactualfile(struct connstruct *cn)
     {
         char *t = cn->actualfile;
         while ((t = strchr(t, '/')))
-        {
             *t++ = '\\';
-        }
     }
 #endif
 }
@@ -855,3 +844,146 @@ static int sanitizehost(char *buf)
     return 1;
 }
 
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+#define AUTH_FILE       ".htpasswd"
+
+static void send_authenticate(struct connstruct *cn, const char *realm)
+{
+    char buf[1024];
+
+    snprintf(buf, sizeof(buf), "HTTP/1.1 401 Unauthorized\n"
+         "WWW-Authenticate: Basic\n"
+                 "realm=\"%s\"\n", realm);
+    special_write(cn, buf, strlen(buf));
+}
+
+static int check_digest(char *b64_file_passwd, const char *msg_passwd)
+{
+    uint8_t real_salt[MAXREQUESTLENGTH];
+    uint8_t real_passwd[MAXREQUESTLENGTH];
+    int real_passwd_size, real_salt_size;
+    char *b64_pwd;
+    uint8_t md5_result[MD5_SIZE];
+    MD5_CTX ctx;
+
+    /* retrieve the salt */
+    if ((b64_pwd = strchr(b64_file_passwd, '$')) == NULL)
+        return -1;
+
+    *b64_pwd++ = 0;
+    if (base64_decode(b64_file_passwd, strlen(b64_file_passwd), 
+                                            real_salt, &real_salt_size))
+        return -1;
+
+    if (base64_decode(b64_pwd, strlen(b64_pwd), real_passwd, &real_passwd_size))
+        return -1;
+
+    /* very simple MD5 crypt algorithm, but then the salt we use is large */
+    MD5Init(&ctx);
+    MD5Update(&ctx, real_salt, real_salt_size);     /* process the salt */
+    MD5Update(&ctx, msg_passwd, strlen(msg_passwd)); /* process the password */
+    MD5Final(&ctx, md5_result);
+    return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
+}
+
+static int auth_check(struct connstruct *cn)
+{
+    char dirname[MAXREQUESTLENGTH];
+    char authpath[MAXREQUESTLENGTH];
+    char line[MAXREQUESTLENGTH];
+    char *cp;
+    FILE *fp = NULL;
+    struct stat auth_stat;
+
+    strncpy(dirname, cn->actualfile, MAXREQUESTLENGTH);
+    cp = strrchr(dirname, '/');
+    if (cp == NULL)
+        dirname[0] = 0;
+    else
+        *cp = 0;
+
+    /* check that the file is not the AUTH_FILE itself */
+    if (strcmp(cn->actualfile, AUTH_FILE) == 0)
+    {
+        send_error(cn, 403);
+        goto error;
+    }
+
+    snprintf(authpath, MAXREQUESTLENGTH, "%s/%s", dirname, AUTH_FILE);
+    if (stat(authpath, &auth_stat) < 0)    /* no auth file, so let though */
+        return 0;
+
+    if (cn->authorization[0] == 0)
+    {
+        send_authenticate(cn, dirname);
+        return -1;
+    }
+
+    /* cn->authorization is in form "username:password" */
+    if ((cp = strchr(cn->authorization, ':')) == NULL)
+        goto error;
+    else
+        *cp++ = 0;  /* cp becomes the password */
+
+    fp = fopen(authpath, "r");
+
+    while (fgets(line, sizeof(line), fp) != NULL)
+    {
+        char *b64_file_passwd;
+        int l = strlen(line);
+
+        /* nuke newline */
+        if (line[l-1] == '\n')
+            line[l-1] = 0;
+
+        /* line is form "username:salt(b64)$password(b64)" */
+        if ((b64_file_passwd = strchr(line, ':')) == NULL)
+            continue;
+
+        *b64_file_passwd++ = 0;
+
+        if (strcmp(line, cn->authorization)) /* our user? */
+            continue;
+
+        if (check_digest(b64_file_passwd, cp) == 0)
+        {
+            fclose(fp);
+            return 0;
+        }
+    }
+
+    fclose(fp);
+
+error:
+    send_authenticate(cn, dirname);
+    return -1;
+}
+#endif
+
+static void send_error(struct connstruct *cn, int err)
+{
+    char buf[1024];
+    char *title;
+    char *text;
+
+    switch (err)
+    {
+        case 403:
+            title = "Forbidden";
+            text = "File is protected";
+            break;
+
+        case 404:
+            title = "Not Found";
+            text = title;
+            break;
+    }
+
+    sprintf(buf, "HTTP/1.1 %d %s\nContent-Type: text/html\n"
+            "<html><body>\n<title>%d %s</title>"
+            "<h1>%d %s</h1>\n</body></html>\n", 
+            err, title, err, title, err, text);
+    special_write(cn, buf, strlen(buf));
+    removeconnection(cn);
+}
+
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 7a4e1dd189..6dd794d67e 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -59,7 +59,7 @@ int main(int argc, char *argv[])
     WSADATA wsaData;
     WORD wVersionRequested = MAKEWORD(2, 2);
     WSAStartup(wVersionRequested, &wsaData);
-#elif !defined(SOLARIS)
+#elif !defined(CONFIG_PLATFORM_SOLARIS)
     signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
 #endif
 
diff --git a/ssl/aes.c b/ssl/aes.c
index 20922a46c6..520bd01a92 100644
--- a/ssl/aes.c
+++ b/ssl/aes.c
@@ -62,10 +62,6 @@
 			(f8)^=rot2(f4), \
 			(f8)^rot1(f9))
 
-/* some macros to do endian independent byte extraction */
-#define n2l(c,l) l=ntohl(*c); c++
-#define l2n(l,c) *c++=htonl(l)
-
 /*
  * AES S-box
  */
@@ -249,7 +245,7 @@ void AES_convert_key(AES_CTX *ctx)
     k = ctx->ks;
     k += 4;
 
-    for (i=ctx->rounds*4; i>4; i--)
+    for (i= ctx->rounds*4; i > 4; i--)
     {
         w= *k;
         w = inv_mix_col(w,t1,t2,t3,t4);
@@ -262,46 +258,38 @@ void AES_convert_key(AES_CTX *ctx)
  */
 void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 {
-    uint32_t tin0, tin1, tin2, tin3;
-    uint32_t tout0, tout1, tout2, tout3;
-    uint32_t tin[4];
-    uint32_t *iv = (uint32_t *)ctx->iv;
-    uint32_t *msg_32 = (uint32_t *)msg;
-    uint32_t *out_32 = (uint32_t *)out;
-
-    n2l(iv, tout0);
-    n2l(iv, tout1);
-    n2l(iv, tout2);
-    n2l(iv, tout3);
-    iv -= 4;
+    int i;
+    uint32_t tin[4], tout[4], iv[4];
 
-    for (length -= 16; length >= 0; length -= 16)
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        tout[i] = ntohl(iv[i]);
+
+    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
     {
-        n2l(msg_32, tin0);
-        n2l(msg_32, tin1);
-        n2l(msg_32, tin2);
-        n2l(msg_32, tin3);
-        tin[0] = tin0^tout0;
-        tin[1] = tin1^tout1;
-        tin[2] = tin2^tout2;
-        tin[3] = tin3^tout3;
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+            tin[i] = ntohl(msg_32[i])^tout[i];
 
         AES_encrypt(ctx, tin);
 
-        tout0 = tin[0]; 
-        l2n(tout0, out_32);
-        tout1 = tin[1]; 
-        l2n(tout1, out_32);
-        tout2 = tin[2]; 
-        l2n(tout2, out_32);
-        tout3 = tin[3]; 
-        l2n(tout3, out_32);
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = tin[i]; 
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
     }
 
-    l2n(tout0, iv);
-    l2n(tout1, iv);
-    l2n(tout2, iv);
-    l2n(tout3, iv);
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(tout[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
 }
 
 /**
@@ -309,54 +297,42 @@ void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
  */
 void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 {
-    uint32_t tin0, tin1, tin2, tin3;
-    uint32_t xor0,xor1,xor2,xor3;
-    uint32_t tout0,tout1,tout2,tout3;
-    uint32_t data[4];
-    uint32_t *iv = (uint32_t *)ctx->iv;
-    uint32_t *msg_32 = (uint32_t *)msg;
-    uint32_t *out_32 = (uint32_t *)out;
-
-    n2l(iv ,xor0);
-    n2l(iv, xor1);
-    n2l(iv, xor2);
-    n2l(iv, xor3);
-    iv -= 4;
-
-    for (length-=16; length >= 0; length -= 16)
+    int i;
+    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        xor[i] = ntohl(iv[i]);
+
+    for (length -= 16; length >= 0; length -= 16)
     {
-        n2l(msg_32, tin0);
-        n2l(msg_32, tin1);
-        n2l(msg_32, tin2);
-        n2l(msg_32, tin3);
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
 
-        data[0] = tin0;
-        data[1] = tin1;
-        data[2] = tin2;
-        data[3] = tin3;
+        for (i = 0; i < 4; i++)
+        {
+            tin[i] = ntohl(msg_32[i]);
+            data[i] = tin[i];
+        }
 
         AES_decrypt(ctx, data);
 
-        tout0 = data[0]^xor0;
-        tout1 = data[1]^xor1;
-        tout2 = data[2]^xor2;
-        tout3 = data[3]^xor3;
-
-        xor0 = tin0;
-        xor1 = tin1;
-        xor2 = tin2;
-        xor3 = tin3;
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = data[i]^xor[i];
+            xor[i] = tin[i];
+            out_32[i] = htonl(tout[i]);
+        }
 
-        l2n(tout0, out_32);
-        l2n(tout1, out_32);
-        l2n(tout2, out_32);
-        l2n(tout3, out_32);
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
     }
 
-    l2n(xor0, iv);
-    l2n(xor1, iv);
-    l2n(xor2, iv);
-    l2n(xor3, iv);
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(xor[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
 }
 
 /**
@@ -375,9 +351,7 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
 
     /* Pre-round key addition */
     for (row = 0; row < 4; row++)
-    {
         data[row] ^= *(k++);
-    }
 
     /* Encrypt one block. */
     for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
@@ -395,7 +369,6 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
             {
                 tmp1 = a0 ^ a1 ^ a2 ^ a3;
                 old_a0 = a0;
-
                 a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
                 a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
                 a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
@@ -408,9 +381,7 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
         /* KeyAddition - note that it is vital that this loop is separate from
            the MixColumn operation, which must be atomic...*/ 
         for (row = 0; row < 4; row++)
-        {
             data[row] = tmp[row] ^ *(k++);
-        }
     }
 }
 
@@ -424,16 +395,14 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
     uint32_t a0, a1, a2, a3, row;
     int curr_rnd;
     int rounds = ctx->rounds;
-    uint32_t *k = (uint32_t*)ctx->ks + ((rounds+1)*4);
+    const uint32_t *k = ctx->ks + ((rounds+1)*4);
 
     /* pre-round key addition */
     for (row=4; row > 0;row--)
-    {
         data[row-1] ^= *(--k);
-    }
 
     /* Decrypt one block */
-    for (curr_rnd=0; curr_rnd < rounds; curr_rnd++)
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
     {
         /* Perform ByteSub and ShiftRow operations together */
         for (row = 4; row > 0; row--)
@@ -468,9 +437,7 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
         }
 
         for (row = 4; row > 0; row--)
-        {
             data[row-1] = tmp[row-1] ^ *(--k);
-        }
     }
 }
 
diff --git a/ssl/crypto.h b/ssl/crypto.h
index ab43972a5e..23029f9a65 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -34,13 +34,15 @@ extern "C" {
  **************************************************************************/
 
 #define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
 
 typedef struct aes_key_st 
 {
     uint16_t rounds;
     uint16_t key_size;
     uint32_t ks[(AES_MAXROUNDS+1)*8];
-    uint8_t iv[16];
+    uint8_t iv[AES_IV_SIZE];
 } AES_CTX;
 
 typedef enum
@@ -106,9 +108,9 @@ typedef struct
   uint8_t buffer[64];       /* input buffer */
 } MD5_CTX;
 
-void MD5Init(MD5_CTX *);
-void MD5Update(MD5_CTX *, const uint8_t *msg, int len);
-void MD5Final(MD5_CTX *, uint8_t *digest);
+EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
 
 /**************************************************************************
  * HMAC declarations 
@@ -273,6 +275,9 @@ void print_blob(const char *format, const uint8_t *data, int size, ...);
     #define print_blob(...)
 #endif
 
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 030ed650c7..8eded5af99 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -267,3 +267,78 @@ void print_blob(const char *format,
 void print_blob(const char *format, const unsigned char *data,
         int size, ...) {}
 #endif
+
+#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+/* base64 to binary lookup table */
+static const uint8_t map[128] =
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+EXP_FUNC int STDCALL base64_decode(const char *in, int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++)
+    {
+        if ((c = map[in[x]&0x7F]) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0)
+                goto error;
+        }
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4)
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1)
+                out[z++] = (uint8_t)((t>>8)&255);
+
+            if (g > 2)
+                out[z++] = (uint8_t)(t&255);
+
+            y = t = 0;
+        }
+    }
+
+    if (y != 0)
+        goto error;
+
+    if (outlen)
+        *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+        printf("Error: Invalid base64\n"); TTY_FLUSH();
+#endif
+    TTY_FLUSH();
+    return ret;
+
+}
+#endif
+
diff --git a/ssl/loader.c b/ssl/loader.c
index 1bc966515a..dd7d172347 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -169,22 +169,6 @@ void ssl_obj_free(SSLObjLoader *ssl_obj)
 #define IS_ENCRYPTED_PRIVATE_KEY    1
 #define IS_CERTIFICATE              2
 
-/* base64 to binary lookup table */
-static const uint8_t map[128] = 
-{
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
-    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
-    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
-    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
-    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
-    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
-    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-    49,  50,  51, 255, 255, 255, 255, 255
-};
-
 static const char * const begins[NUM_PEM_TYPES] =
 {
     "-----BEGIN RSA PRIVATE KEY-----",
@@ -205,59 +189,6 @@ static const char * const aes_str[2] =
     "DEK-Info: AES-256-CBC," 
 };
 
-static int base64_decode(const uint8_t *in,  int len,
-                    uint8_t *out, int *outlen)
-{
-    int g, t, x, y, z;
-    uint8_t c;
-    int ret = -1;
-
-    g = 3;
-    for (x = y = z = t = 0; x < len; x++) 
-    {
-        if ((c = map[in[x] & 0x7F]) == 0xff)
-            continue;
-
-        if (c == 254)   /* this is the end... */
-        {
-            c = 0;
-
-            if (--g < 0) 
-                goto error;
-        } 
-        else if (g != 3) /* only allow = at end */
-            goto error;
-
-        t = (t<<6) | c;
-
-        if (++y == 4) 
-        {
-            out[z++] = (uint8_t)((t>>16)&255);
-
-            if (g > 1) 
-                out[z++] = (uint8_t)((t>>8)&255);
-
-            if (g > 2) 
-                out[z++] = (uint8_t)(t&255);
-
-            y = t = 0;
-        }
-    }
-
-    if (y != 0) 
-        goto error;
-
-    *outlen = z;
-    ret = 0;
-
-error:
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret < 0)
-        printf("Error: Invalid base64 file\n");
-#endif
-    return ret;
-}
-
 /**
  * Take a base64 blob of data and decrypt it (using AES) into its 
  * proper ASN.1 form.
@@ -372,7 +303,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
                         strstr((const char *)start, "4,ENCRYPTED"))
             {
                 /* check for encrypted PEM file */
-                if ((pem_size = pem_decrypt(start, end, password, ssl_obj)) < 0)
+                if (pem_decrypt(start, end, password, ssl_obj) < 0)
                     goto error;
             }
             else if (base64_decode(start, pem_size, 
diff --git a/ssl/md5.c b/ssl/md5.c
index 704ba05f88..39272d9981 100644
--- a/ssl/md5.c
+++ b/ssl/md5.c
@@ -90,7 +90,7 @@ static const uint8_t PADDING[64] =
 /**
  * MD5 initialization - begins an MD5 operation, writing a new ctx.
  */
-void MD5Init(MD5_CTX *ctx)
+EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
 {
     ctx->count[0] = ctx->count[1] = 0;
 
@@ -105,7 +105,7 @@ void MD5Init(MD5_CTX *ctx)
 /**
  * Accepts an array of octets as the next portion of the message.
  */
-void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
 {
     uint32_t x;
     int i, partLen;
@@ -141,7 +141,7 @@ void MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
 /**
  * Return the 128-bit message digest into the user's array
  */
-void MD5Final(MD5_CTX *ctx, uint8_t *digest)
+EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
 {
     uint8_t bits[8];
     uint32_t x, padLen;
diff --git a/ssl/os_port.h b/ssl/os_port.h
index fd9f83929f..89eeb6b16d 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -29,7 +29,7 @@
 extern "C" {
 #endif
 
-#if defined(WIN32) || defined(CYGWIN)
+#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
 #else
@@ -56,6 +56,7 @@ extern "C" {
 #endif      /* _WIN32_WCE */
 
 #include <winsock.h>
+#include <direct.h>
 #undef getpid
 #undef open
 #undef close
@@ -81,6 +82,7 @@ extern "C" {
 #define usleep(A)               Sleep(A/1000)
 #define lseek(A,B,C)            _lseek(A,B,C)
 #define strdup(A)               _strdup(A)
+#define chroot(A)               _chdir(A)
 
 /* This fix gets around a problem where a win32 application on a cygwin xterm
    doesn't display regular output (until a certain buffer limit) - but it works
@@ -113,7 +115,7 @@ extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
 
 #else   /* Not Win32 */
 
-#ifdef SOLARIS
+#ifdef CONFIG_PLATFORM_SOLARIS
 #include <inttypes.h>
 #else
 #include <stdint.h>
diff --git a/ssl/tls1.c b/ssl/tls1.c
index e2e9c41ef9..ccd28df873 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1123,6 +1123,7 @@ static void set_key_block(SSL *ssl, int is_write)
     /* clean up if possible */
     if (key_block_existed)
     {
+        memset(ssl->key_block, 0, ciph_info->key_block_size);
         free(ssl->key_block);
         ssl->key_block = NULL;
     }
@@ -1454,9 +1455,11 @@ int process_finished(SSL *ssl, int hs_len)
     ssl->all_pkts = NULL;
     ssl->all_pkts_len = 0;
 
+    memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
     free(ssl->master_secret);
     ssl->master_secret = NULL;
 
+    memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
     free(ssl->final_finish_mac);
     ssl->final_finish_mac = NULL;
 

From 36ac01f46af71f1c07db0c7f7662781be485e814 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 10 Feb 2007 05:31:17 +0000
Subject: [PATCH 049/301] finished authentication, implemented port/dir
 protection

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@60 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                    |   6 +-
 config/linuxconfig           |   2 +-
 config/win32config           |   2 +-
 httpd/Config.in              |  12 ++-
 httpd/Makefile               |  19 +++-
 httpd/README                 |  39 +++++++
 httpd/axhttp.h               |  27 ++---
 httpd/axhttpd.c              |  38 +++++--
 httpd/conn.c                 | 117 --------------------
 httpd/htpasswd.c             |  98 +++++++++++++++++
 httpd/proc.c                 | 199 ++++++++++++++++++++---------------
 ssl/Makefile                 |   2 +-
 ssl/crypto.h                 |   8 +-
 ssl/crypto_misc.c            |  16 +--
 www/test_dir/health.sh       |   6 +-
 www/test_dir/prot/.htaccess  |   2 +
 www/test_dir/prot/.htpasswd  |   1 +
 www/test_dir/prot/index.html |   6 ++
 www/test_dir/test_cgi.php    |   2 +-
 19 files changed, 349 insertions(+), 253 deletions(-)
 delete mode 100644 httpd/conn.c
 create mode 100644 httpd/htpasswd.c
 create mode 100644 www/test_dir/prot/.htaccess
 create mode 100644 www/test_dir/prot/.htpasswd
 create mode 100644 www/test_dir/prot/index.html

diff --git a/CHANGELOG b/CHANGELOG
index 974d6357e5..bcb7e84333 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,5 +8,7 @@ Changes since 1.0.0
 axhttpd Changes
 * Header file issue fixed (in mime_types.c)
 * chroot() now used for better security
-* Authentication implemented
-* 
+* Basic authentication implemented (with .htpasswd)
+* HTTP Port protection implemented (with .htaccess)
+* Directory access protection implemented (with .htaccess)
+
diff --git a/config/linuxconfig b/config/linuxconfig
index f73efd6644..988e05dd66 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -56,7 +56,7 @@ CONFIG_HTTP_WEBROOT="../www"
 CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=5
 # CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSION=""
+CONFIG_HTTP_CGI_EXTENSIONS=""
 # CONFIG_HTTP_DIRECTORIES is not set
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
diff --git a/config/win32config b/config/win32config
index fcdcdf1296..13bb3c46ba 100644
--- a/config/win32config
+++ b/config/win32config
@@ -59,7 +59,7 @@ CONFIG_HTTP_WEBROOT="www"
 CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=5
 # CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSION=""
+CONFIG_HTTP_CGI_EXTENSIONS=""
 CONFIG_HTTP_DIRECTORIES=y
 # CONFIG_HTTP_PERM_CHECK is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
diff --git a/httpd/Config.in b/httpd/Config.in
index 531f9c8821..417106e597 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -10,7 +10,7 @@ config CONFIG_HTTP_STATIC_BUILD
     bool "Static Build"
     default n
     help
-        Select y if you want axhttp to be a static build (i.e. don't use the
+        Select y if you want axhttpd to be a static build (i.e. don't use the
         axtls shared library or dll).
         
 config CONFIG_HTTP_PORT
@@ -59,12 +59,14 @@ config CONFIG_HTTP_HAS_CGI
     help
         Enable the CGI capability.
 
-config CONFIG_HTTP_CGI_EXTENSION
-    string "CGI File Extension"
-    default ".php"
+config CONFIG_HTTP_CGI_EXTENSIONS
+    string "CGI File Extension(s)"
+    default ".php,.sh"
     depends on CONFIG_HTTP_HAS_CGI
     help
-        Tell axhhtp what file extension is used for CGI
+        Tell axhhtpd what file extension(s) are used for CGI.
+
+        This is a comma separated list.
 
 config CONFIG_HTTP_DIRECTORIES
     bool "Enable Directory Listing"
diff --git a/httpd/Makefile b/httpd/Makefile
index 71ea462a67..2541c67afd 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -25,8 +25,10 @@ ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
 TARGET=../$(STAGE)/axhttpd.exe
+TARGET2=../$(STAGE)/htpasswd.exe
 else
 TARGET=../$(STAGE)/axhttpd
+TARGET2=../$(STAGE)/htpasswd
 endif
 
 ifdef CONFIG_HTTP_STATIC_BUILD
@@ -39,6 +41,7 @@ CFLAGS += -I../ssl
 
 else # win32 build
 TARGET=../$(STAGE)/axhttpd.exe
+TARGET2=../$(STAGE)/htpasswd.exe
 
 ifdef CONFIG_HTTP_STATIC_BUILD
 LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
@@ -51,7 +54,11 @@ ifndef CONFIG_AXHTTPD
 web_server:
 else
 
-web_server : $(TARGET)
+web_server :: $(TARGET)
+
+ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+web_server :: $(TARGET2)
+endif
 
 OBJ= \
 	axhttpd.o \
@@ -69,14 +76,24 @@ ifndef CONFIG_PLATFORM_SOLARIS
 	strip --remove-section=.comment $(TARGET)
 endif
 endif
+
+$(TARGET2): htpasswd.o ../$(STAGE)/libaxtls.a
+	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
+
 else    # Win32
 
 OBJ:=$(OBJ:.o=.obj)
 %.obj : %.c
 	$(CC) $(CFLAGS) $< 
 
+htpasswd.obj : htpasswd.c
+	$(CC) $(CFLAGS) $< 
+	
 $(TARGET): $(OBJ)
 	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
+
+$(TARGET2): htpasswd.obj
+	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
 endif
 
 endif       # CONFIG_AXHTTPD
diff --git a/httpd/README b/httpd/README
index c8bb279b73..ede9af2755 100644
--- a/httpd/README
+++ b/httpd/README
@@ -4,3 +4,42 @@ axhttpd is a small embedded web server using the axTLS library.
 It is based originally on the web server written by Doug Currie which is at:
 http://www.hcsw.org/awhttpd.
 
+Basic Authentication
+====================
+
+Basic Authentication uses a password file called  ".htpasswd", in the 
+directory to be  protected. This file is formatted as the familiar 
+colon-separated username/encrypted-password pair, records delimited by 
+newlines. The protection does not carry over to subdirectories. The 
+utility program htpasswd is included to help manually edit .htpasswd files.
+
+The encryption of this password uses a proprietary algorithm due to the 
+dependency of many crypt libraries on DES.
+
+An example is in /test_dir/prot (username 'abcd', password is '1234').
+
+Note: This is an mconf configuration option.
+
+HTTP Port Protection
+====================
+
+Directories/files can be accessed using the 'http' or 'https' uri prefix. If
+normal http access for a directory needs to be disabled, then put
+"SSLRequireSSL" into a '.htaccess' file in the directory to be protected.
+
+An example is in /test_dir/prot.
+
+CGI
+===
+
+chroot() is now used for added security. However this has the impact of
+removing the regular filesystem, so any CGI applications no longer have the 
+usual access.
+
+So any executables and libraries need to be copied into webroot (under /bin
+and /lib).
+
+Failure to do so will result in mystical blank screens (and probably hundreds
+of axhttpd instances being created...).
+
+
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index cce1567b10..229ad83975 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -25,9 +25,7 @@
 #define HAVE_IPV6
 #endif
 
-#define MAXFILEPATH 1024
-#define MAXIPLEN 45
-#define MAXREQUESTLENGTH 1024
+#define MAXREQUESTLENGTH 256
 #define MAXCGIARGS 100
 #define BLOCKSIZE 4096
 
@@ -40,9 +38,12 @@
 #define STATE_WANT_TO_SEND_FILE  4
 #define STATE_DOING_DIR          5
 
-#define TYPE_GET 0
-#define TYPE_HEAD 1
-#define TYPE_POST 2
+enum
+{
+    TYPE_GET,
+    TYPE_HEAD,
+    TYPE_POST
+};
 
 struct connstruct 
 {
@@ -62,21 +63,21 @@ struct connstruct
 #endif
 
     time_t timeout;
-    char ip[MAXIPLEN];
     char actualfile[MAXREQUESTLENGTH];
     char filereq[MAXREQUESTLENGTH];
-#if defined(CONFIG_HTTP_HAS_CGI)
-    char cgiargs[MAXREQUESTLENGTH];
-    char cgiscriptinfo[MAXREQUESTLENGTH];
-    char cgipathinfo[MAXREQUESTLENGTH];
-#endif
+    char dirname[MAXREQUESTLENGTH];
     char virtualhostreq[MAXREQUESTLENGTH];
     int numbytes;
     char databuf[BLOCKSIZE];
-
     uint8_t is_ssl;
     uint8_t close_when_done;
     uint8_t modified_since;
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    char cgiargs[MAXREQUESTLENGTH];
+    char cgiscriptinfo[MAXREQUESTLENGTH];
+    char cgipathinfo[MAXREQUESTLENGTH];
+#endif
 #if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
     char authorization[MAXREQUESTLENGTH];
 #endif
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index cd899f9cfa..e35a773876 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -38,7 +38,7 @@ static void procpermcheck(const char *pathtocheck);
 
 #if defined(CONFIG_HTTP_HAS_CGI)
 struct cgiextstruct *cgiexts;
-static void addcgiext(char *tp);
+static void addcgiext(const char *tp);
 
 #if !defined(WIN32)
 static void reaper(int sigtype) 
@@ -55,6 +55,7 @@ static void sigint_cleanup(int sig)
     struct connstruct *tp;
     int i;
 
+
     while (servers != NULL) 
     {
         if (servers->is_ssl)
@@ -75,6 +76,17 @@ static void sigint_cleanup(int sig)
         freeconns = tp;
     }
 
+#if defined(CONFIG_HTTP_HAS_CGI)
+    while (cgiexts)
+    {
+        struct cgiextstruct *cp = cgiexts->next;
+        if (cp == NULL) /* last entry */
+            free(cgiexts->ext);
+        free(cgiexts);
+        cgiexts = cp;
+    }
+#endif
+
     exit(0);
 }
 
@@ -159,7 +171,7 @@ int main(int argc, char *argv[])
     procpermcheck(webroot);
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
-    addcgiext(CONFIG_HTTP_CGI_EXTENSION);
+    addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
 #endif
 #if defined(CONFIG_HTTP_VERBOSE)
     printf("axhttpd (%s): listening on ports %d (http) and %d (https)\n", 
@@ -413,13 +425,21 @@ static void procpermcheck(const char *pathtocheck)
 #endif  /* CONFIG_HTTP_PERM_CHECK */
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-static void addcgiext(char *tp)
+static void addcgiext(const char *cgi_exts)
 {
-    struct cgiextstruct *ex = (struct cgiextstruct *)
-                        malloc(sizeof(struct cgiextstruct));
-    ex->ext = strdup(tp);
-    ex->next = cgiexts;
-    cgiexts = ex;
+    char *cp = strdup(cgi_exts);
+
+    /* extenstions are comma separated */
+    do 
+    {
+        struct cgiextstruct *ex = (struct cgiextstruct *)
+                            malloc(sizeof(struct cgiextstruct));
+        ex->ext = cp;
+        ex->next = cgiexts;
+        cgiexts = ex;
+        if ((cp = strchr(cp, ',')) != NULL)
+            *cp++ = 0;
+    } while (cp != NULL);
 }
 #endif
 
@@ -557,10 +577,8 @@ static void addconnection(int sd, char *ip, int is_ssl)
 #if defined(CONFIG_HTTP_HAS_CGI)
     *(tp->cgiargs) = '\0';
 #endif
-    *(tp->virtualhostreq) = '\0';
     tp->state = STATE_WANT_TO_READ_HEAD;
     tp->reqtype = TYPE_GET;
-    my_strncpy(tp->ip, ip, MAXIPLEN);
     tp->close_when_done = 0;
     tp->modified_since = 0;
     tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
diff --git a/httpd/conn.c b/httpd/conn.c
deleted file mode 100644
index 2cbffec2d7..0000000000
--- a/httpd/conn.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "axhttp.h"
-
-void addconnection(int sd, char *ip, int is_ssl) 
-{
-    struct connstruct *tp;
-
-    // Get ourselves a connstruct
-    if (freeconns == NULL) 
-        tp = (struct connstruct *)malloc(sizeof(struct connstruct));
-    else 
-    {
-        tp = freeconns;
-        freeconns = tp->next;
-    }
-
-    // Attach it to the used list
-    tp->next = usedconns;
-    usedconns = tp;
-    tp->networkdesc = sd;
-
-    if (is_ssl)
-        ssl_server_new(servers->ssl_ctx, sd);
-    tp->is_ssl = is_ssl;
-    tp->filedesc = -1;
-#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-    tp->dirp = NULL;
-#endif
-    *(tp->actualfile) = '\0';
-    *(tp->filereq) = '\0';
-#if defined(CONFIG_HTTP_HAS_CGI)
-    *(tp->cgiargs) = '\0';
-#endif
-    *(tp->virtualhostreq) = '\0';
-    tp->state = STATE_WANT_TO_READ_HEAD;
-    tp->reqtype = TYPE_GET;
-    my_strncpy(tp->ip, ip, MAXIPLEN);
-    tp->close_when_done = 0;
-    tp->modified_since = 0;
-    tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
-}
-
-void removeconnection(struct connstruct *cn) 
-{
-    struct connstruct *tp;
-    int shouldret = 0;
-
-    tp = usedconns;
-
-    if (tp == NULL || cn == NULL) 
-        shouldret = 1;
-    else if (tp == cn) 
-        usedconns = tp->next;
-    else 
-    {
-        while (tp != NULL) 
-        {
-            if (tp->next == cn) 
-            {
-                tp->next = (tp->next)->next;
-                shouldret = 0;
-                break;
-            }
-
-            tp = tp->next;
-            shouldret = 1;
-        }
-    }
-
-    if (shouldret) 
-        return;
-
-    // If we did, add it to the free list
-    cn->next = freeconns;
-    freeconns = cn;
-
-    // Close it all down
-    if (cn->networkdesc != -1) 
-    {
-        if (cn->is_ssl) 
-            ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
-
-        SOCKET_CLOSE(cn->networkdesc);
-    }
-
-    if (cn->filedesc != -1) 
-        close(cn->filedesc);
-
-#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-    if (cn->dirp != NULL) 
-#ifdef WIN32
-        FindClose(cn->dirp);
-#else
-    closedir(cn->dirp);
-#endif
-#endif
-}
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
new file mode 100644
index 0000000000..e4887f62ae
--- /dev/null
+++ b/httpd/htpasswd.c
@@ -0,0 +1,98 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "ssl.h"
+
+int tfd;
+
+void base64_encode(const uint8_t *in, size_t inlen, char *out, size_t outlen)
+{
+    static const char b64str[64] =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+    while (inlen && outlen)
+    {
+        *out++ = b64str[(in[0] >> 2) & 0x3f];
+        if (!--outlen)
+            break;
+
+        *out++ = b64str[((in[0] << 4)
+                + (--inlen ? in[1] >> 4 : 0)) & 0x3f];
+        if (!--outlen)
+            break;
+        *out++ = (inlen
+             ? b64str[((in[1] << 2)
+                 + (--inlen ? in[2] >> 6 : 0))
+             & 0x3f]
+             : '=');
+        if (!--outlen)
+            break;
+        *out++ = inlen ? b64str[in[2] & 0x3f] : '=';
+        if (!--outlen)
+            break;
+        if (inlen)
+            inlen--;
+        if (inlen)
+            in += 3;
+    }
+
+    if (outlen)
+        *out = '\0';
+}
+
+static void usage(void) 
+{
+    fprintf(stderr,"Usage: htpasswd username\n");
+    exit(1);
+}
+
+int main(int argc, char *argv[]) 
+{
+    char* pw;
+    uint8_t md5_salt[MD5_SIZE], md5_pass[MD5_SIZE];
+    char b64_salt[MD5_SIZE+10], b64_pass[MD5_SIZE+10];
+    MD5_CTX ctx;
+
+    if (argc != 2)
+        usage();
+
+    pw = strdup(getpass("New password:"));
+    if (strcmp(pw, getpass("Re-type new password:")) != 0)
+    {
+        fprintf(stderr, "They don't match, sorry.\n" );
+        exit(1);
+    }
+
+    RNG_initialize(pw, sizeof(pw));
+    get_random(MD5_SIZE, md5_salt);
+    RNG_terminate();
+    base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
+
+    MD5Init(&ctx);
+    MD5Update(&ctx, md5_salt, MD5_SIZE);
+    MD5Update(&ctx, pw, strlen(pw));
+    MD5Final(&ctx, md5_pass);
+    base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
+
+    printf("Add the following to your '.htpasswd' file\n");
+    printf("%s:%s$%s\n", argv[1], b64_salt, b64_pass);
+    return 0;
+}
diff --git a/httpd/proc.c b/httpd/proc.c
index 1c746cf2da..d0a4ebe71d 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -35,6 +35,7 @@ static void urldecode(char *buf);
 static void buildactualfile(struct connstruct *cn);
 static int sanitizefile(const char *buf);
 static int sanitizehost(char *buf);
+static int htaccess_check(struct connstruct *cn);
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
 static void urlencode(const uint8_t *s, uint8_t *t);
@@ -63,11 +64,10 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
     *delim = 0;
     value = delim+1;
-    printf("BUF %s - value %s\n", buf, value);
 
-    if (strcmp(buf, "GET") == 0 ||
-            strcmp(buf, "HEAD") == 0 ||
-            strcmp(buf, "POST") == 0) 
+    /* printf("name: %s, value: %s\n", buf, value); */
+    if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
+                                            strcmp(buf, "POST") == 0) 
     {
         if (buf[0] == 'H') 
             cn->reqtype = TYPE_HEAD;
@@ -76,13 +76,13 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
             return 0;
-        *delim = 0;
 
+        *delim = 0;
         urldecode(value);
 
         if (sanitizefile(value) == 0) 
         {
-            send_error(cn, 404);
+            send_error(cn, 403);
             return 0;
         }
 
@@ -94,7 +94,6 @@ static int procheadelem(struct connstruct *cn, char *buf)
             my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
         }
 #endif
-
     } 
     else if (strcmp(buf, "Host:") == 0) 
     {
@@ -117,11 +116,14 @@ static int procheadelem(struct connstruct *cn, char *buf)
     }
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
     else if (strcmp(buf, "Authorization:") == 0 &&
-                            strncmp(value, "Basic ", 6) == 0)
+                                    strncmp(value, "Basic ", 6) == 0)
     {
+        int size;
         if (base64_decode(&value[6], strlen(&value[6]), 
-                                        cn->authorization, NULL))
+                                        cn->authorization, &size))
             cn->authorization[0] = 0;   /* error */
+        else
+            cn->authorization[size] = 0;
     }
 #endif
 
@@ -319,36 +321,42 @@ void procsendhead(struct connstruct *cn)
     time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
     char date[32];
 
+    /* are we trying to access a file over the HTTP connection instead of a
+     * HTTPS connection? Or is this directory disabled? */
+    if (htaccess_check(cn))      
+    {
+        send_error(cn, 403);
+        return;
+    }
+
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-    if (auth_check(cn))
+    if (auth_check(cn))     /* see if there is a '.htpasswd' file */
     {
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("axhttpd: access to %s denied\n", cn->actualfile); TTY_FLUSH();
+#endif
         removeconnection(cn);
         return;
     }
 #endif
 
-    strcpy(date, ctime(&now));
-
-    if (stat(cn->actualfile, &stbuf) == -1) 
+    if (stat(cn->actualfile, &stbuf) == -1)
     {
 #if defined(CONFIG_HTTP_HAS_CGI)
-        if (trycgi_withpathinfo(cn) == 0) 
+        if (stat(cn->actualfile, &stbuf) == -1 && trycgi_withpathinfo(cn) == 0) 
         { 
             /* We Try To Find A CGI */
             proccgi(cn, 1);
             return;
         }
 #endif
-
-        send_error(cn, 404);
-        return;
     }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     if (iscgi(cn->actualfile))
     {
 #ifndef WIN32
-        /* Set up CGI script */
+        /* An executable file? */
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
         {
             send_error(cn, 404);
@@ -396,6 +404,8 @@ void procsendhead(struct connstruct *cn)
 #endif
     }
 
+    strcpy(date, ctime(&now));
+
     if (cn->modified_since) 
     {
         /* file has already been read before */
@@ -407,20 +417,6 @@ void procsendhead(struct connstruct *cn)
         return;
     }
 
-#ifdef CONFIG_HTTP_VERBOSE
-    printf("axhttpd: %s send %s\n", 
-            cn->is_ssl ? "https" : "http", cn->actualfile);
-    TTY_FLUSH();
-#endif
-
-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
-            "Content-Type: %s\nContent-Length: %ld\n"
-            "Date: %sLast-Modified: %s\n", VERSION,
-            getmimetype(cn->actualfile), (long) stbuf.st_size,
-            date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */
-
-    special_write(cn, buf, strlen(buf));
-
     if (cn->reqtype == TYPE_HEAD) 
     {
         removeconnection(cn);
@@ -437,10 +433,23 @@ void procsendhead(struct connstruct *cn)
         if (cn->filedesc == -1) 
         {
             send_error(cn, 404);
-            removeconnection(cn);
             return;
         }
 
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
+            "Content-Type: %s\nContent-Length: %ld\n"
+            "Date: %sLast-Modified: %s\n", VERSION,
+            getmimetype(cn->actualfile), (long) stbuf.st_size,
+            date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */
+
+        special_write(cn, buf, strlen(buf));
+
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("axhttpd: %s send %s\n", 
+                cn->is_ssl ? "https" : "http", cn->actualfile);
+        TTY_FLUSH();
+#endif
+
 #ifdef WIN32
         for (;;)
         {
@@ -659,10 +668,8 @@ static int trycgi_withpathinfo(struct connstruct *cn)
             /* We've found our CGI file! */
             my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
             my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-
             offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
             my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
-
             return 0;
         }
 
@@ -678,11 +685,10 @@ static int trycgi_withpathinfo(struct connstruct *cn)
 
 static int iscgi(const char *fn)
 {
-    struct cgiextstruct *tp;
+    struct cgiextstruct *tp = cgiexts;
     int fnlen, extlen;
 
     fnlen = strlen(fn);
-    tp = cgiexts;
 
     while (tp != NULL) 
     {
@@ -784,6 +790,7 @@ static int hexit(char c)
 
 static void buildactualfile(struct connstruct *cn)
 {
+    char *cp;
     snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
 
     /* Add directory slash if not there */
@@ -791,12 +798,23 @@ static void buildactualfile(struct connstruct *cn)
             cn->actualfile[strlen(cn->actualfile)-1] != '/')
         strcat(cn->actualfile, "/");
 
+    /* work out the directory name */
+    strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
+    if ((cp = strrchr(cn->dirname, '/')) == NULL)
+        cn->dirname[0] = 0;
+    else
+        *cp = 0;
+
 #ifdef WIN32
     /* convert all the forward slashes to back slashes */
     {
         char *t = cn->actualfile;
         while ((t = strchr(t, '/')))
             *t++ = '\\';
+
+        t = cn->dirname;
+        while ((t = strchr(t, '/')))
+            *t++ = '\\';
     }
 #endif
 }
@@ -844,9 +862,14 @@ static int sanitizehost(char *buf)
     return 1;
 }
 
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-#define AUTH_FILE       ".htpasswd"
+static FILE * exist_check(struct connstruct *cn, const char *check_file)
+{
+    char pathname[MAXREQUESTLENGTH];
+    snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
+    return fopen(pathname, "r");
+}
 
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
 static void send_authenticate(struct connstruct *cn, const char *realm)
 {
     char buf[1024];
@@ -857,30 +880,29 @@ static void send_authenticate(struct connstruct *cn, const char *realm)
     special_write(cn, buf, strlen(buf));
 }
 
-static int check_digest(char *b64_file_passwd, const char *msg_passwd)
+static int check_digest(char *salt, const char *msg_passwd)
 {
-    uint8_t real_salt[MAXREQUESTLENGTH];
-    uint8_t real_passwd[MAXREQUESTLENGTH];
-    int real_passwd_size, real_salt_size;
-    char *b64_pwd;
+    uint8_t b256_salt[MAXREQUESTLENGTH];
+    uint8_t real_passwd[MD5_SIZE];
+    int salt_size;
+    char *b64_passwd;
     uint8_t md5_result[MD5_SIZE];
     MD5_CTX ctx;
 
     /* retrieve the salt */
-    if ((b64_pwd = strchr(b64_file_passwd, '$')) == NULL)
+    if ((b64_passwd = strchr(salt, '$')) == NULL)
         return -1;
 
-    *b64_pwd++ = 0;
-    if (base64_decode(b64_file_passwd, strlen(b64_file_passwd), 
-                                            real_salt, &real_salt_size))
+    *b64_passwd++ = 0;
+    if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
         return -1;
 
-    if (base64_decode(b64_pwd, strlen(b64_pwd), real_passwd, &real_passwd_size))
+    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
         return -1;
 
     /* very simple MD5 crypt algorithm, but then the salt we use is large */
     MD5Init(&ctx);
-    MD5Update(&ctx, real_salt, real_salt_size);     /* process the salt */
+    MD5Update(&ctx, b256_salt, salt_size);           /* process the salt */
     MD5Update(&ctx, msg_passwd, strlen(msg_passwd)); /* process the password */
     MD5Final(&ctx, md5_result);
     return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
@@ -888,36 +910,15 @@ static int check_digest(char *b64_file_passwd, const char *msg_passwd)
 
 static int auth_check(struct connstruct *cn)
 {
-    char dirname[MAXREQUESTLENGTH];
-    char authpath[MAXREQUESTLENGTH];
     char line[MAXREQUESTLENGTH];
+    FILE *fp;
     char *cp;
-    FILE *fp = NULL;
-    struct stat auth_stat;
 
-    strncpy(dirname, cn->actualfile, MAXREQUESTLENGTH);
-    cp = strrchr(dirname, '/');
-    if (cp == NULL)
-        dirname[0] = 0;
-    else
-        *cp = 0;
-
-    /* check that the file is not the AUTH_FILE itself */
-    if (strcmp(cn->actualfile, AUTH_FILE) == 0)
-    {
-        send_error(cn, 403);
-        goto error;
-    }
-
-    snprintf(authpath, MAXREQUESTLENGTH, "%s/%s", dirname, AUTH_FILE);
-    if (stat(authpath, &auth_stat) < 0)    /* no auth file, so let though */
-        return 0;
+    if ((fp = exist_check(cn, ".htpasswd")) == NULL)
+        return 0;               /* no .htpasswd file, so let though */
 
     if (cn->authorization[0] == 0)
-    {
-        send_authenticate(cn, dirname);
-        return -1;
-    }
+        goto error;
 
     /* cn->authorization is in form "username:password" */
     if ((cp = strchr(cn->authorization, ':')) == NULL)
@@ -925,8 +926,6 @@ static int auth_check(struct connstruct *cn)
     else
         *cp++ = 0;  /* cp becomes the password */
 
-    fp = fopen(authpath, "r");
-
     while (fgets(line, sizeof(line), fp) != NULL)
     {
         char *b64_file_passwd;
@@ -952,14 +951,41 @@ static int auth_check(struct connstruct *cn)
         }
     }
 
-    fclose(fp);
-
 error:
-    send_authenticate(cn, dirname);
+    fclose(fp);
+    send_authenticate(cn, cn->virtualhostreq);
     return -1;
 }
 #endif
 
+static int htaccess_check(struct connstruct *cn)
+{
+    char line[MAXREQUESTLENGTH];
+    FILE *fp;
+    int ret = 0;
+
+    if ((fp = exist_check(cn, ".htaccess")) == NULL)
+        return 0;               /* no .htaccess file, so let though */
+
+    while (fgets(line, sizeof(line), fp) != NULL)
+    {
+        if (!cn->is_ssl && strstr(line, "SSLRequireSSL"))
+        {
+            ret = -1;       /* SSL port access required */
+            break;
+        }
+
+        if (strstr(line, "Deny all"))  
+        {
+            ret = -1;       /* access to this dir denied */
+            break;
+        }
+    }
+
+    fclose(fp);
+    return ret;
+}
+
 static void send_error(struct connstruct *cn, int err)
 {
     char buf[1024];
@@ -971,6 +997,10 @@ static void send_error(struct connstruct *cn, int err)
         case 403:
             title = "Forbidden";
             text = "File is protected";
+#ifdef CONFIG_HTTP_VERBOSE
+            printf("axhttpd: access to %s:/%s denied\n", 
+                    cn->is_ssl ? "https" : "http", cn->actualfile); TTY_FLUSH();
+#endif
             break;
 
         case 404:
@@ -979,9 +1009,12 @@ static void send_error(struct connstruct *cn, int err)
             break;
     }
 
-    sprintf(buf, "HTTP/1.1 %d %s\nContent-Type: text/html\n"
-            "<html><body>\n<title>%d %s</title>"
-            "<h1>%d %s</h1>\n</body></html>\n", 
+    sprintf(buf, "HTTP/1.1 %d %s\n"
+            "Content-Type: text/html\n"
+            "Cache-Control: no-cache,no-store\n"
+            "Connection: close\n\n"
+            "<html>\n<head>\n<title>%d %s</title></head>\n"
+            "<body><h1>%d %s</h1>\n</body></html>\n", 
             err, title, err, title, err, text);
     special_write(cn, buf, strlen(buf));
     removeconnection(cn);
diff --git a/ssl/Makefile b/ssl/Makefile
index 69392b5916..4ef5e347bd 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -99,5 +99,5 @@ endif
 
 clean::
 	$(MAKE) -C test clean
-	-@rm -f ../$(STAGE)/*.pch ../$(STAGE)/*.so* ../$(STAGE)/*.a ../$(STAGE)/*.dll ../$(STAGE)/*.lib ../$(STAGE)/*.exp ../$(STAGE)/*.pdb ../$(STAGE)/*.ilk
+	-@rm -f ../$(STAGE)/* *.a *.lib
 
diff --git a/ssl/crypto.h b/ssl/crypto.h
index 23029f9a65..9bf446f246 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -123,9 +123,9 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
 /**************************************************************************
  * RNG declarations 
  **************************************************************************/
-void RNG_initialize(const uint8_t *seed_buf, int size);
-void RNG_terminate(void);
-void get_random(int num_rand_bytes, uint8_t *rand_data);
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
 void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
 
 /**************************************************************************
@@ -270,7 +270,7 @@ typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
 int get_file(const char *filename, uint8_t **buf);
 
 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
-void print_blob(const char *format, const uint8_t *data, int size, ...);
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
 #else
     #define print_blob(...)
 #endif
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 8eded5af99..6f70665d9a 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -82,7 +82,7 @@ int get_file(const char *filename, uint8_t **buf)
  * - On Linux use /dev/urandom
  * - If none of these work then use a custom RNG.
  */
-void RNG_initialize(const uint8_t *seed_buf, int size)
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
 {
     if (rng_ref_count == 0)
     {
@@ -106,9 +106,7 @@ void RNG_initialize(const uint8_t *seed_buf, int size)
         int i;  
 
         for (i = 0; i < size/(int)sizeof(uint64_t); i++)
-        {
             rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
-        }
 
         srand((long)seed_buf);  /* use the stack ptr as another rnd seed */
 #endif
@@ -120,7 +118,7 @@ void RNG_initialize(const uint8_t *seed_buf, int size)
 /**
  * Terminate the RNG engine.
  */
-void RNG_terminate(void)
+EXP_FUNC void STDCALL RNG_terminate(void)
 {
     if (--rng_ref_count == 0)
     {
@@ -135,7 +133,7 @@ void RNG_terminate(void)
 /**
  * Set a series of bytes with a random number. Individual bytes can be 0
  */
-void get_random(int num_rand_bytes, uint8_t *rand_data)
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
 {   
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
     /* use the Linux default */
@@ -160,9 +158,7 @@ void get_random(int num_rand_bytes, uint8_t *rand_data)
 
     memcpy(rand_data, &big_num1, sizeof(uint64_t));
     if (num_rand_bytes > sizeof(uint64_t))
-    {
         memcpy(&rand_data[8], &big_num2, sizeof(uint64_t));
-    }
 
     if (num_rand_bytes > 16)
     {
@@ -189,9 +185,7 @@ void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
     for (i = 0; i < num_rand_bytes; i++)
     {
         while (rand_data[i] == 0)  /* can't be 0 */
-        {
             rand_data[i] = (uint8_t)(rand());
-        }
     }
 }
 
@@ -243,7 +237,7 @@ static void print_hex(uint8_t hex)
  * @param data     [in]    The start of data to use
  * @param ...      [in]    Any additional arguments
  */
-void print_blob(const char *format, 
+EXP_FUNC void STDCALL print_blob(const char *format, 
         const uint8_t *data, int size, ...)
 {
     int i;
@@ -264,7 +258,7 @@ void print_blob(const char *format,
 }
 #elif defined(WIN32)
 /* VC6.0 doesn't handle variadic macros */
-void print_blob(const char *format, const unsigned char *data,
+EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
         int size, ...) {}
 #endif
 
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
index 1697e2d09e..d5c7d766b3 100755
--- a/www/test_dir/health.sh
+++ b/www/test_dir/health.sh
@@ -3,10 +3,10 @@
 echo "Content-Type: text/html"
 echo
 echo "<html><title>System Health</title><body>"
-echo "<h1>System Health for '`hostname`'</h1>"
+echo "<h1>System Health for '`/bin/hostname`'</h1>"
 echo "<h2>Processes</h2><table border=\"2\">"
-ps -ef | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+/bin/ps -ef | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
 echo "</table><h2>Free FileSystem Space</h2>"
 echo "<table border=\"2\">"
-df -h . | sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+/bin/df -h / | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
 echo "</table></body></html>"
diff --git a/www/test_dir/prot/.htaccess b/www/test_dir/prot/.htaccess
new file mode 100644
index 0000000000..a8cf5665e0
--- /dev/null
+++ b/www/test_dir/prot/.htaccess
@@ -0,0 +1,2 @@
+SSLRequireSSL
+
diff --git a/www/test_dir/prot/.htpasswd b/www/test_dir/prot/.htpasswd
new file mode 100644
index 0000000000..16d3fe1a3b
--- /dev/null
+++ b/www/test_dir/prot/.htpasswd
@@ -0,0 +1 @@
+abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
diff --git a/www/test_dir/prot/index.html b/www/test_dir/prot/index.html
new file mode 100644
index 0000000000..65f23bce6a
--- /dev/null
+++ b/www/test_dir/prot/index.html
@@ -0,0 +1,6 @@
+<html>
+<head><title>axhttpd is running</title></head>
+<body>
+Looks like you got to this directory.
+</body>
+</htm>
diff --git a/www/test_dir/test_cgi.php b/www/test_dir/test_cgi.php
index 5171ff3e75..feecbb1ec4 100755
--- a/www/test_dir/test_cgi.php
+++ b/www/test_dir/test_cgi.php
@@ -1,4 +1,4 @@
-#!/usr/bin/php
+#!/bin/php
 
 <?
 phpinfo();

From 00fe6bca27c466ae7f2c88bbfb22b89389bd6673 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 11 Feb 2007 12:39:15 +0000
Subject: [PATCH 050/301] axhttpd now works on win32

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@61 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                   |   1 +
 Makefile                    |   4 +-
 config/axhttpd.aip          | 145 ++++++------------------------------
 config/win32config          |   8 +-
 httpd/Makefile              |   2 +-
 httpd/axhttpd.c             |   9 ++-
 httpd/htpasswd.c            |  26 +++++++
 httpd/proc.c                |  57 +++++++-------
 www/test_dir/prot/.htpasswd |   2 +
 9 files changed, 100 insertions(+), 154 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index bcb7e84333..4b88744c15 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ Changes since 1.0.0
 * -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris)
 
 axhttpd Changes
+* main.c now becomes axhttpd.c
 * Header file issue fixed (in mime_types.c)
 * chroot() now used for better security
 * Basic authentication implemented (with .htpasswd)
diff --git a/Makefile b/Makefile
index 549fb8a88d..6be5fbe5ff 100644
--- a/Makefile
+++ b/Makefile
@@ -68,13 +68,15 @@ docs:
 
 # build the Win32 demo release version
 win32_demo:
-	-@rm -fr ../axTLS.release_test > /dev/null 2>&1
 	$(MAKE) win32releaseconf
 
 install: $(PREFIX) all
 	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
 	chmod 755 $(PREFIX)/lib/libax* 
 	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
+ifdef CONFIG_AXHTTPD
+	-install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
+endif
 ifdef CONFIG_PERL_BINDINGS 
 	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
 endif
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index be886602fe..959385677b 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -22,40 +22,22 @@
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
     <ROW Directory="index_files_DIR" Directory_Parent="www_DIR" DefaultDir="index_~1|index_files"/>
-    <ROW Directory="prop_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="prop_base_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="prop_base_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="prop-b~1|prop-base"/>
     <ROW Directory="prop_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="prop-b~1|prop-base"/>
     <ROW Directory="prop_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="prop_base_DIR" Directory_Parent="svn_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="props_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="props"/>
-    <ROW Directory="props_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="props"/>
-    <ROW Directory="props_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="props"/>
     <ROW Directory="props_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="props"/>
     <ROW Directory="props_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="props"/>
-    <ROW Directory="props_DIR" Directory_Parent="svn_DIR" DefaultDir="props"/>
-    <ROW Directory="svn_1_DIR" Directory_Parent="test_dir_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="prot_DIR" Directory_Parent="test_dir_DIR" DefaultDir="prot"/>
     <ROW Directory="svn_2_DIR" Directory_Parent="another_dir_DIR" DefaultDir="svn~1|.svn"/>
-    <ROW Directory="svn_DIR" Directory_Parent="index_files_DIR" DefaultDir="svn~1|.svn"/>
     <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
-    <ROW Directory="text_base_1_DIR" Directory_Parent="tmp_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="text_base_2_DIR" Directory_Parent="svn_1_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="text_base_3_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="text-b~1|text-base"/>
     <ROW Directory="text_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="text-b~1|text-base"/>
     <ROW Directory="text_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="text_base_DIR" Directory_Parent="svn_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="tmp_1_DIR" Directory_Parent="svn_1_DIR" DefaultDir="tmp"/>
     <ROW Directory="tmp_2_DIR" Directory_Parent="svn_2_DIR" DefaultDir="tmp"/>
-    <ROW Directory="tmp_DIR" Directory_Parent="svn_DIR" DefaultDir="tmp"/>
-    <ROW Directory="wcprops_1_DIR" Directory_Parent="svn_DIR" DefaultDir="wcprops"/>
-    <ROW Directory="wcprops_2_DIR" Directory_Parent="tmp_1_DIR" DefaultDir="wcprops"/>
-    <ROW Directory="wcprops_3_DIR" Directory_Parent="svn_1_DIR" DefaultDir="wcprops"/>
     <ROW Directory="wcprops_4_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="wcprops"/>
     <ROW Directory="wcprops_5_DIR" Directory_Parent="svn_2_DIR" DefaultDir="wcprops"/>
-    <ROW Directory="wcprops_DIR" Directory_Parent="tmp_DIR" DefaultDir="wcprops"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="another_dir" ComponentId="{3F073789-DB33-40BC-BF88-922C6DF252EC}" Directory_="another_dir_DIR" Attributes="0"/>
     <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
     <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
     <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
@@ -64,45 +46,25 @@
     <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
-    <ROW Component="crypto_2600des.gif.svn_base" ComponentId="{CD5BA3C0-11B1-4991-8F89-8D2F79CB9F40}" Directory_="prop_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base" FullKeyPath="APPDIR\www\index_files\.svn\prop-base"/>
-    <ROW Component="crypto_2600des.gif.svn_base_1" ComponentId="{2D9375F3-AD2A-47F2-98C2-36959C3C2745}" Directory_="text_base_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_base_1" FullKeyPath="APPDIR\www\index_files\.svn\text-base"/>
-    <ROW Component="crypto_2600des.gif.svn_work" ComponentId="{2A7C4FF1-153E-4CF8-A3B4-69D72C2EE48D}" Directory_="props_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work" FullKeyPath="APPDIR\www\index_files\.svn\props"/>
-    <ROW Component="crypto_2600des.gif.svn_work_1" ComponentId="{80DA84A9-77FD-47AA-99A7-C8A3BBFE352F}" Directory_="wcprops_1_DIR" Attributes="0" KeyPath="crypto_2600des.gif.svn_work_1" FullKeyPath="APPDIR\www\index_files\.svn\wcprops"/>
     <ROW Component="crypto_2600des.gif_1" ComponentId="{F3B3E37C-D940-4899-B312-0E244D6AF720}" Directory_="index_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif_1" FullKeyPath="APPDIR\www\index_files"/>
-    <ROW Component="dir_wcprops" ComponentId="{CE7FD33B-9472-4AA5-A185-10A93A832A95}" Directory_="svn_DIR" Attributes="0" KeyPath="dir_wcprops" FullKeyPath="APPDIR\www\index_files\.svn"/>
-    <ROW Component="dir_wcprops_1" ComponentId="{D90F9ED6-AECA-47BB-8B91-EF42489D127D}" Directory_="svn_1_DIR" Attributes="0" KeyPath="dir_wcprops_1" FullKeyPath="APPDIR\www\test_dir\.svn"/>
-    <ROW Component="dir_wcprops_2" ComponentId="{C032AA32-3956-4684-86BF-2EFF2CA4B425}" Directory_="svn_2_DIR" Attributes="0" KeyPath="dir_wcprops_2" FullKeyPath="APPDIR\www\test_dir\another_dir\.svn"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
     <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
-    <ROW Component="health.sh.svn_base" ComponentId="{01F12E83-3FEA-4F76-B490-440C94403C9B}" Directory_="prop_base_2_DIR" Attributes="0" KeyPath="health.sh.svn_base" FullKeyPath="APPDIR\www\test_dir\.svn\prop-base"/>
-    <ROW Component="health.sh.svn_base_1" ComponentId="{65301911-BF34-49C0-9702-11A561AFFC50}" Directory_="text_base_2_DIR" Attributes="0" KeyPath="health.sh.svn_base_1" FullKeyPath="APPDIR\www\test_dir\.svn\text-base"/>
-    <ROW Component="health.sh.svn_work" ComponentId="{28B54A87-690B-4E1C-9B46-EA7481EF9218}" Directory_="props_2_DIR" Attributes="0" KeyPath="health.sh.svn_work" FullKeyPath="APPDIR\www\test_dir\.svn\props"/>
-    <ROW Component="health.sh.svn_work_1" ComponentId="{E9968BAF-D707-46E8-813F-C2313CA521C8}" Directory_="wcprops_3_DIR" Attributes="0" KeyPath="health.sh.svn_work_1" FullKeyPath="APPDIR\www\test_dir\.svn\wcprops"/>
-    <ROW Component="prop_base" ComponentId="{8C6DB0CF-A719-48C3-BBBF-02599249163E}" Directory_="prop_base_1_DIR" Attributes="0"/>
-    <ROW Component="prop_base_1" ComponentId="{2CEE7EA7-BFB2-4154-9F41-DEE4A66CDF18}" Directory_="prop_base_3_DIR" Attributes="0"/>
+    <ROW Component="htaccess" ComponentId="{A21FC953-B7B4-42EA-8F21-422969557D40}" Directory_="prot_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\prot"/>
+    <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
     <ROW Component="prop_base_2" ComponentId="{A3E2975E-C55F-458E-8443-23556A498DE8}" Directory_="prop_base_4_DIR" Attributes="0"/>
     <ROW Component="prop_base_3" ComponentId="{84D4F8F9-D8C8-40A2-AC98-0D18C7ACC15D}" Directory_="prop_base_5_DIR" Attributes="0"/>
-    <ROW Component="props" ComponentId="{3A6D991B-1ECF-481D-94C1-E48F6B5B3929}" Directory_="props_1_DIR" Attributes="0"/>
-    <ROW Component="props_1" ComponentId="{E844B3DF-C536-439B-B599-77B73C5B2213}" Directory_="props_3_DIR" Attributes="0"/>
     <ROW Component="props_2" ComponentId="{1EC8919C-173D-4A2E-8356-E054BD661F2B}" Directory_="props_4_DIR" Attributes="0"/>
     <ROW Component="props_3" ComponentId="{1FA958FF-6FF6-4128-9424-4036DC68CE9F}" Directory_="props_5_DIR" Attributes="0"/>
-    <ROW Component="text_base" ComponentId="{B4978EC3-2697-4E91-A38F-A0E184FBF592}" Directory_="text_base_1_DIR" Attributes="0"/>
-    <ROW Component="text_base_1" ComponentId="{0AB5A835-B2CC-4BEF-85B8-C4073738FEF2}" Directory_="text_base_3_DIR" Attributes="0"/>
     <ROW Component="text_base_2" ComponentId="{C99C78FE-D567-463B-84AC-F09280EC233A}" Directory_="text_base_4_DIR" Attributes="0"/>
     <ROW Component="text_base_3" ComponentId="{C7C7D550-84BA-4B7E-83ED-526D903CD774}" Directory_="text_base_5_DIR" Attributes="0"/>
-    <ROW Component="wcprops" ComponentId="{E67C1A2D-BAE8-4E1E-AC15-B016D2C0FB5D}" Directory_="wcprops_DIR" Attributes="0"/>
-    <ROW Component="wcprops_1" ComponentId="{F6775505-3540-4D45-B774-6AEE523D2DEE}" Directory_="wcprops_2_DIR" Attributes="0"/>
     <ROW Component="wcprops_2" ComponentId="{3974F3F6-9377-4343-9230-782F1DD91BFF}" Directory_="wcprops_4_DIR" Attributes="0"/>
     <ROW Component="wcprops_3" ComponentId="{0A686253-B608-4CB2-A709-3A1E124C42CB}" Directory_="wcprops_5_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h dir_wcprops crypto_2600des.gif.svn_base crypto_2600des.gif.svn_work crypto_2600des.gif.svn_base_1 prop_base props text_base wcprops crypto_2600des.gif.svn_work_1 crypto_2600des.gif_1 dir_wcprops_1 health.sh.svn_base health.sh.svn_work health.sh.svn_base_1 prop_base_1 props_1 text_base_1 wcprops_1 health.sh.svn_work_1 dir_wcprops_2 prop_base_2 props_2 text_base_2 prop_base_3 props_3 text_base_3 wcprops_2 wcprops_3 health.sh"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 prop_base_2 props_2 text_base_2 prop_base_3 props_3 text_base_3 wcprops_2 wcprops_3 health.sh htpasswd.exe another_dir htaccess"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
-    <ROW File="README.txt" Component_="dir_wcprops" FileName="README.txt" Attributes="1" SourcePath="..\www\index_files\.svn\README.txt" SelfReg="false" Sequence="40"/>
-    <ROW File="README.txt_1" Component_="dir_wcprops_1" FileName="README.txt" Attributes="1" SourcePath="..\www\test_dir\.svn\README.txt" SelfReg="false" Sequence="78"/>
-    <ROW File="README.txt_2" Component_="dir_wcprops_2" FileName="README.txt" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\README.txt" SelfReg="false" Sequence="89"/>
     <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
     <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
     <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
@@ -115,82 +77,26 @@
     <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
     <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_2600des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="22"/>
-    <ROW File="crypto_2600des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_2600des.gif.svn-base" SelfReg="false" Sequence="41"/>
-    <ROW File="crypto_2600des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="31"/>
-    <ROW File="crypto_2600des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~1.svn|crypto_2600des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_2600des.gif.svn-work" SelfReg="false" Sequence="50"/>
-    <ROW File="crypto_2600des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_2600des.gif" SelfReg="false" Sequence="59"/>
-    <ROW File="crypto_3ways.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="23"/>
-    <ROW File="crypto_3ways.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_3ways.gif.svn-base" SelfReg="false" Sequence="42"/>
-    <ROW File="crypto_3ways.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="32"/>
-    <ROW File="crypto_3ways.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~2.svn|crypto_3ways.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_3ways.gif.svn-work" SelfReg="false" Sequence="51"/>
-    <ROW File="crypto_3ways.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\index_files\crypto_3ways.gif" SelfReg="false" Sequence="60"/>
-    <ROW File="crypto_backrsa.jpg.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="24"/>
-    <ROW File="crypto_backrsa.jpg.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_backrsa.jpg.svn-base" SelfReg="false" Sequence="43"/>
-    <ROW File="crypto_backrsa.jpg.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="33"/>
-    <ROW File="crypto_backrsa.jpg.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~3.svn|crypto_backrsa.jpg.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_backrsa.jpg.svn-work" SelfReg="false" Sequence="52"/>
-    <ROW File="crypto_backrsa.jpg_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\index_files\crypto_backrsa.jpg" SelfReg="false" Sequence="61"/>
-    <ROW File="crypto_cert.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="25"/>
-    <ROW File="crypto_cert.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~4.svn|crypto_cert.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_cert.gif.svn-base" SelfReg="false" Sequence="44"/>
-    <ROW File="crypto_cert.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_cert.gif.svn-work" SelfReg="false" Sequence="34"/>
-    <ROW File="crypto_cert.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~4.svn|crypto_cert.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_cert.gif.svn-work" SelfReg="false" Sequence="53"/>
-    <ROW File="crypto_cert.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\index_files\crypto_cert.gif" SelfReg="false" Sequence="62"/>
-    <ROW File="crypto_des.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="26"/>
-    <ROW File="crypto_des.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~5.svn|crypto_des.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_des.gif.svn-base" SelfReg="false" Sequence="45"/>
-    <ROW File="crypto_des.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_des.gif.svn-work" SelfReg="false" Sequence="35"/>
-    <ROW File="crypto_des.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~5.svn|crypto_des.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_des.gif.svn-work" SelfReg="false" Sequence="54"/>
-    <ROW File="crypto_des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_des.gif" SelfReg="false" Sequence="63"/>
-    <ROW File="crypto_ecc.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="27"/>
-    <ROW File="crypto_ecc.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_ecc.gif.svn-base" SelfReg="false" Sequence="46"/>
-    <ROW File="crypto_ecc.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="36"/>
-    <ROW File="crypto_ecc.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~6.svn|crypto_ecc.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_ecc.gif.svn-work" SelfReg="false" Sequence="55"/>
-    <ROW File="crypto_ecc.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\index_files\crypto_ecc.gif" SelfReg="false" Sequence="64"/>
-    <ROW File="crypto_sslv3.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="28"/>
-    <ROW File="crypto_sslv3.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_sslv3.gif.svn-base" SelfReg="false" Sequence="47"/>
-    <ROW File="crypto_sslv3.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="37"/>
-    <ROW File="crypto_sslv3.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~7.svn|crypto_sslv3.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_sslv3.gif.svn-work" SelfReg="false" Sequence="56"/>
-    <ROW File="crypto_sslv3.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\index_files\crypto_sslv3.gif" SelfReg="false" Sequence="65"/>
-    <ROW File="crypto_types.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="29"/>
-    <ROW File="crypto_types.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="crypto~8.svn|crypto_types.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\crypto_types.gif.svn-base" SelfReg="false" Sequence="48"/>
-    <ROW File="crypto_types.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\crypto_types.gif.svn-work" SelfReg="false" Sequence="38"/>
-    <ROW File="crypto_types.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="crypto~8.svn|crypto_types.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\crypto_types.gif.svn-work" SelfReg="false" Sequence="57"/>
-    <ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="66"/>
-    <ROW File="dir_wcprops" Component_="dir_wcprops" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\index_files\.svn\dir-wcprops" SelfReg="false" Sequence="18"/>
-    <ROW File="dir_wcprops_1" Component_="dir_wcprops_1" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\test_dir\.svn\dir-wcprops" SelfReg="false" Sequence="68"/>
-    <ROW File="dir_wcprops_2" Component_="dir_wcprops_2" FileName="dir-wc~1|dir-wcprops" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\dir-wcprops" SelfReg="false" Sequence="85"/>
-    <ROW File="empty_file" Component_="dir_wcprops" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\index_files\.svn\empty-file" SelfReg="false" Sequence="19"/>
-    <ROW File="empty_file_1" Component_="dir_wcprops_1" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\test_dir\.svn\empty-file" SelfReg="false" Sequence="69"/>
-    <ROW File="empty_file_2" Component_="dir_wcprops_2" FileName="empty-~1|empty-file" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\empty-file" SelfReg="false" Sequence="86"/>
-    <ROW File="entries" Component_="dir_wcprops" FileName="entries" Attributes="1" SourcePath="..\www\index_files\.svn\entries" SelfReg="false" Sequence="20"/>
-    <ROW File="entries_1" Component_="dir_wcprops_1" FileName="entries" Attributes="1" SourcePath="..\www\test_dir\.svn\entries" SelfReg="false" Sequence="70"/>
-    <ROW File="entries_2" Component_="dir_wcprops_2" FileName="entries" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\entries" SelfReg="false" Sequence="87"/>
+    <ROW File="crypto_2600des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_2600des.gif" SelfReg="false" Sequence="18"/>
+    <ROW File="crypto_3ways.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\index_files\crypto_3ways.gif" SelfReg="false" Sequence="19"/>
+    <ROW File="crypto_backrsa.jpg_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\index_files\crypto_backrsa.jpg" SelfReg="false" Sequence="20"/>
+    <ROW File="crypto_cert.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\index_files\crypto_cert.gif" SelfReg="false" Sequence="21"/>
+    <ROW File="crypto_des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_des.gif" SelfReg="false" Sequence="22"/>
+    <ROW File="crypto_ecc.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\index_files\crypto_ecc.gif" SelfReg="false" Sequence="23"/>
+    <ROW File="crypto_sslv3.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\index_files\crypto_sslv3.gif" SelfReg="false" Sequence="24"/>
+    <ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="25"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="format" Component_="dir_wcprops" FileName="format" Attributes="1" SourcePath="..\www\index_files\.svn\format" SelfReg="false" Sequence="21"/>
-    <ROW File="format_1" Component_="dir_wcprops_1" FileName="format" Attributes="1" SourcePath="..\www\test_dir\.svn\format" SelfReg="false" Sequence="71"/>
-    <ROW File="format_2" Component_="dir_wcprops_2" FileName="format" Attributes="1" SourcePath="..\www\test_dir\another_dir\.svn\format" SelfReg="false" Sequence="88"/>
-    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="90"/>
-    <ROW File="health.sh.svn_base" Component_="health.sh.svn_base" FileName="health~1.svn|health.sh.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\health.sh.svn-base" SelfReg="false" Sequence="72"/>
-    <ROW File="health.sh.svn_base_1" Component_="health.sh.svn_base_1" FileName="health~1.svn|health.sh.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\health.sh.svn-base" SelfReg="false" Sequence="79"/>
-    <ROW File="health.sh.svn_work" Component_="health.sh.svn_work" FileName="health~1.svn|health.sh.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\health.sh.svn-work" SelfReg="false" Sequence="75"/>
-    <ROW File="health.sh.svn_work_1" Component_="health.sh.svn_work_1" FileName="health~1.svn|health.sh.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\health.sh.svn-work" SelfReg="false" Sequence="82"/>
+    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="27"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\prot\.htaccess" SelfReg="false" Sequence="31"/>
+    <ROW File="htpasswd" Component_="htaccess" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\prot\.htpasswd" SelfReg="false" Sequence="32"/>
+    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="30"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="kerberos.gif.svn_base" Component_="crypto_2600des.gif.svn_base" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\prop-base\kerberos.gif.svn-base" SelfReg="false" Sequence="30"/>
-    <ROW File="kerberos.gif.svn_base_1" Component_="crypto_2600des.gif.svn_base_1" FileName="kerber~1.svn|kerberos.gif.svn-base" Attributes="1" SourcePath="..\www\index_files\.svn\text-base\kerberos.gif.svn-base" SelfReg="false" Sequence="49"/>
-    <ROW File="kerberos.gif.svn_work" Component_="crypto_2600des.gif.svn_work" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\props\kerberos.gif.svn-work" SelfReg="false" Sequence="39"/>
-    <ROW File="kerberos.gif.svn_work_1" Component_="crypto_2600des.gif.svn_work_1" FileName="kerber~1.svn|kerberos.gif.svn-work" Attributes="1" SourcePath="..\www\index_files\.svn\wcprops\kerberos.gif.svn-work" SelfReg="false" Sequence="58"/>
-    <ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="67"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\prot\index.html" SelfReg="false" Sequence="33"/>
+    <ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="26"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="91"/>
-    <ROW File="some_text.txt.svn_base" Component_="health.sh.svn_base" FileName="some_t~1.svn|some_text.txt.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\some_text.txt.svn-base" SelfReg="false" Sequence="73"/>
-    <ROW File="some_text.txt.svn_base_1" Component_="health.sh.svn_base_1" FileName="some_t~1.svn|some_text.txt.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\some_text.txt.svn-base" SelfReg="false" Sequence="80"/>
-    <ROW File="some_text.txt.svn_work" Component_="health.sh.svn_work" FileName="some_t~1.svn|some_text.txt.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\some_text.txt.svn-work" SelfReg="false" Sequence="76"/>
-    <ROW File="some_text.txt.svn_work_1" Component_="health.sh.svn_work_1" FileName="some_t~1.svn|some_text.txt.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\some_text.txt.svn-work" SelfReg="false" Sequence="83"/>
+    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="28"/>
     <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="92"/>
-    <ROW File="test_cgi.php.svn_base" Component_="health.sh.svn_base" FileName="test_c~1.svn|test_cgi.php.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\prop-base\test_cgi.php.svn-base" SelfReg="false" Sequence="74"/>
-    <ROW File="test_cgi.php.svn_base_1" Component_="health.sh.svn_base_1" FileName="test_c~1.svn|test_cgi.php.svn-base" Attributes="1" SourcePath="..\www\test_dir\.svn\text-base\test_cgi.php.svn-base" SelfReg="false" Sequence="81"/>
-    <ROW File="test_cgi.php.svn_work" Component_="health.sh.svn_work" FileName="test_c~1.svn|test_cgi.php.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\props\test_cgi.php.svn-work" SelfReg="false" Sequence="77"/>
-    <ROW File="test_cgi.php.svn_work_1" Component_="health.sh.svn_work_1" FileName="test_c~1.svn|test_cgi.php.svn-work" Attributes="1" SourcePath="..\www\test_dir\.svn\wcprops\test_cgi.php.svn-work" SelfReg="false" Sequence="84"/>
+    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="29"/>
     <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
@@ -221,14 +127,6 @@
     <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
-    <ROW Directory_="prop_base_3_DIR" Component_="prop_base_1"/>
-    <ROW Directory_="prop_base_1_DIR" Component_="prop_base"/>
-    <ROW Directory_="props_1_DIR" Component_="props"/>
-    <ROW Directory_="text_base_1_DIR" Component_="text_base"/>
-    <ROW Directory_="wcprops_DIR" Component_="wcprops"/>
-    <ROW Directory_="props_3_DIR" Component_="props_1"/>
-    <ROW Directory_="text_base_3_DIR" Component_="text_base_1"/>
-    <ROW Directory_="wcprops_2_DIR" Component_="wcprops_1"/>
     <ROW Directory_="prop_base_4_DIR" Component_="prop_base_2"/>
     <ROW Directory_="props_4_DIR" Component_="props_2"/>
     <ROW Directory_="text_base_4_DIR" Component_="text_base_2"/>
@@ -237,6 +135,7 @@
     <ROW Directory_="text_base_5_DIR" Component_="text_base_3"/>
     <ROW Directory_="wcprops_4_DIR" Component_="wcprops_2"/>
     <ROW Directory_="wcprops_5_DIR" Component_="wcprops_3"/>
+    <ROW Directory_="another_dir_DIR" Component_="another_dir"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
diff --git a/config/win32config b/config/win32config
index 13bb3c46ba..6687e90707 100644
--- a/config/win32config
+++ b/config/win32config
@@ -10,7 +10,7 @@ CONFIG_PLATFORM_WIN32=y
 #
 # General Configuration
 #
-PREFIX="/usr/local"
+PREFIX=""
 # CONFIG_DEBUG is not set
 
 #
@@ -51,17 +51,19 @@ CONFIG_WIN32_USE_CRYPTO_LIB=y
 CONFIG_AXHTTPD=y
 
 #
-# Awhttpd Configuration
+# Axhttpd Configuration
 #
 # CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
 CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
 CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=5
 # CONFIG_HTTP_HAS_CGI is not set
 CONFIG_HTTP_CGI_EXTENSIONS=""
 CONFIG_HTTP_DIRECTORIES=y
 # CONFIG_HTTP_PERM_CHECK is not set
+CONFIG_HTTP_HAS_AUTHORIZATION=y
 # CONFIG_HTTP_HAS_IPV6 is not set
 CONFIG_HTTP_ALL_MIME_TYPES=y
 CONFIG_HTTP_VERBOSE=y
diff --git a/httpd/Makefile b/httpd/Makefile
index 2541c67afd..e86cd5505e 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -93,7 +93,7 @@ $(TARGET): $(OBJ)
 	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
 
 $(TARGET2): htpasswd.obj
-	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
+	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $<
 endif
 
 endif       # CONFIG_AXHTTPD
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index e35a773876..bca16f83f3 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -536,8 +536,15 @@ char *my_strncpy(char *dest, const char *src, size_t n)
 int isdir(const char *tpbuf) 
 {
     struct stat st;
+    char path[MAXREQUESTLENGTH];
+    strcpy(path, tpbuf);
 
-    if (stat(tpbuf, &st) == -1) 
+#ifdef WIN32        /* win32 stat() can't handle trailing '\' */
+    if (path[strlen(path)-1] == '\\')
+        path[strlen(path)-1] = 0;
+#endif
+
+    if (stat(path, &st) == -1) 
         return 0;
 
     if ((st.st_mode & S_IFMT) == S_IFDIR) 
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index e4887f62ae..54fbbfb884 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -64,6 +64,32 @@ static void usage(void)
     exit(1);
 }
 
+#ifdef WIN32
+static char * getpass(const char *prompt)
+{
+    static char buf[127];
+    FILE *fp = stdin;
+
+    printf(prompt); TTY_FLUSH();
+#if 0
+    fp = fopen("/dev/tty", "w");
+    if (fp == NULL) 
+    {
+        printf("null\n"); TTY_FLUSH();
+        fp = stdin;
+    }
+#endif
+
+    fgets(buf, sizeof(buf), fp);
+    while (buf[strlen(buf)-1] < ' ') 
+        buf[strlen(buf)-1] = '\0';
+
+    //if (fp != stdin) 
+    //    fclose(fp);
+    return buf;
+}
+#endif
+
 int main(int argc, char *argv[]) 
 {
     char* pw;
diff --git a/httpd/proc.c b/httpd/proc.c
index d0a4ebe71d..d6f6788a76 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -26,6 +26,8 @@
 #include <string.h>
 #include "axhttp.h"
 
+static const char * index_file = "index.html";
+
 static int special_read(struct connstruct *cn, void *buf, size_t count);
 static int special_write(struct connstruct *cn, 
                                         const uint8_t *buf, size_t count);
@@ -333,7 +335,7 @@ void procsendhead(struct connstruct *cn)
     if (auth_check(cn))     /* see if there is a '.htpasswd' file */
     {
 #ifdef CONFIG_HTTP_VERBOSE
-        printf("axhttpd: access to %s denied\n", cn->actualfile); TTY_FLUSH();
+        printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
 #endif
         removeconnection(cn);
         return;
@@ -370,12 +372,12 @@ void procsendhead(struct connstruct *cn)
 #endif
 
     /* look for "index.html"? */
-    if ((stbuf.st_mode & S_IFMT) == S_IFDIR) 
+    if (isdir(cn->actualfile))
     {
         char tbuf[MAXREQUESTLENGTH];
-        sprintf(tbuf, "%s%s", cn->actualfile, "index.html");
+        sprintf(tbuf, "%s%s", cn->actualfile, index_file);
         if (stat(tbuf, &stbuf) != -1) 
-            strcat(cn->actualfile, "index.html");
+            strcat(cn->actualfile, index_file);
         else
         {
 #if defined(CONFIG_HTTP_DIRECTORIES)
@@ -445,8 +447,7 @@ void procsendhead(struct connstruct *cn)
         special_write(cn, buf, strlen(buf));
 
 #ifdef CONFIG_HTTP_VERBOSE
-        printf("axhttpd: %s send %s\n", 
-                cn->is_ssl ? "https" : "http", cn->actualfile);
+        printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
         TTY_FLUSH();
 #endif
 
@@ -600,23 +601,14 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 
     execv(cn->actualfile, myargs);
 #else /* WIN32 */
-    _pipe(tpipe, 4096, O_BINARY| O_NOINHERIT);
+    _pipe(tpipe, 8192, O_BINARY| O_NOINHERIT);
 
     myargs[0] = "sh";
     myargs[1] = "-c";
-    myargs[2] = cn->actualfile;
+    myargs[2] = &cn->filereq[1];    /* ignore the inital "/" */
     myargs[3] = cn->cgiargs;
     myargs[4] = NULL;
 
-    /* convert all the forward slashes to back slashes */
-    {
-        char *t = myargs[2];
-        while ((t = strchr(t, '\\')))
-        {
-            *t++ = '/';
-        }
-    }
-
     tmp_stdout = _dup(_fileno(stdout));
     _dup2(tpipe[1], _fileno(stdout));
     close(tpipe[1]);
@@ -793,6 +785,7 @@ static void buildactualfile(struct connstruct *cn)
     char *cp;
     snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
 
+#ifndef WIN32
     /* Add directory slash if not there */
     if (isdir(cn->actualfile) && 
             cn->actualfile[strlen(cn->actualfile)-1] != '/')
@@ -804,17 +797,32 @@ static void buildactualfile(struct connstruct *cn)
         cn->dirname[0] = 0;
     else
         *cp = 0;
-
-#ifdef WIN32
-    /* convert all the forward slashes to back slashes */
+#else
     {
+        char curr_dir[MAXREQUESTLENGTH];
+        char path[MAXREQUESTLENGTH];
         char *t = cn->actualfile;
-        while ((t = strchr(t, '/')))
-            *t++ = '\\';
 
-        t = cn->dirname;
+        GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);
+
+        /* convert all the forward slashes to back slashes */
         while ((t = strchr(t, '/')))
             *t++ = '\\';
+
+        snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
+        memcpy(cn->actualfile, path, MAXREQUESTLENGTH);
+
+        /* Add directory slash if not there */
+        if (isdir(cn->actualfile) && 
+                    cn->actualfile[strlen(cn->actualfile)-1] != '\\')
+            strcat(cn->actualfile, "\\");
+
+        /* work out the directory name */
+        strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
+        if ((cp = strrchr(cn->dirname, '\\')) == NULL)
+            cn->dirname[0] = 0;
+        else
+            *cp = 0;
     }
 #endif
 }
@@ -998,8 +1006,7 @@ static void send_error(struct connstruct *cn, int err)
             title = "Forbidden";
             text = "File is protected";
 #ifdef CONFIG_HTTP_VERBOSE
-            printf("axhttpd: access to %s:/%s denied\n", 
-                    cn->is_ssl ? "https" : "http", cn->actualfile); TTY_FLUSH();
+            printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
 #endif
             break;
 
diff --git a/www/test_dir/prot/.htpasswd b/www/test_dir/prot/.htpasswd
index 16d3fe1a3b..333d9173ca 100644
--- a/www/test_dir/prot/.htpasswd
+++ b/www/test_dir/prot/.htpasswd
@@ -1 +1,3 @@
 abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
+yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw==
+

From 61fd2494410c01e177527c258845c5ab14a1a332 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 17 Feb 2007 00:42:57 +0000
Subject: [PATCH 051/301] added aborts to malloc and other system calls

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@62 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                                 |  23 +++--
 bindings/Makefile                         |   4 +-
 bindings/generate_SWIG_interface.pl       |   2 +-
 bindings/generate_interface.pl            |   6 +-
 config/axhttpd.aip                        |  42 ++-------
 config/makefile.conf                      |   3 +-
 httpd/Config.in                           |  14 ++-
 httpd/Makefile                            |   3 +-
 httpd/README                              |  35 +++++--
 httpd/axhttp.h                            |  20 ++--
 httpd/axhttpd.c                           |   2 +-
 httpd/proc.c                              |  32 +++----
 httpd/tdate_parse.c                       | 107 ++++++++++++++++++++++
 samples/c/axssl.c                         |   4 +-
 ssl/Config.in                             |  12 +--
 ssl/Makefile                              |   5 +-
 ssl/asn1.c                                |   4 +-
 ssl/bigint.c                              |   5 +-
 ssl/loader.c                              |  19 ++--
 ssl/os_port.c                             |  66 ++++++++++++-
 ssl/os_port.h                             |  43 ++++++---
 ssl/p12.c                                 |   9 +-
 ssl/rsa.c                                 |   6 +-
 ssl/ssl.h                                 |  20 ++--
 ssl/test/ssltest.c                        |  18 ++--
 ssl/tls1.c                                |  20 ++--
 ssl/tls1.h                                |  25 ++---
 ssl/tls1_clnt.c                           |   2 +-
 ssl/tls1_svr.c                            |   2 +-
 www/test_dir/{prot => no_http}/.htaccess  |   1 -
 www/test_dir/{prot => no_http}/.htpasswd  |   1 -
 www/test_dir/{prot => no_http}/index.html |   2 +-
 www/test_dir/no_ssl/.htaccess             |   1 +
 www/test_dir/no_ssl/index.html            |   6 ++
 34 files changed, 381 insertions(+), 183 deletions(-)
 create mode 100644 httpd/tdate_parse.c
 rename www/test_dir/{prot => no_http}/.htaccess (93%)
 rename www/test_dir/{prot => no_http}/.htpasswd (99%)
 rename www/test_dir/{prot => no_http}/index.html (93%)
 create mode 100644 www/test_dir/no_ssl/.htaccess
 create mode 100644 www/test_dir/no_ssl/index.html

diff --git a/CHANGELOG b/CHANGELOG
index 4b88744c15..568d44076d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,15 +1,18 @@
 Changes since 1.0.0
 
-* AES should now work on 16bit processors (there was an alignment problem)
+* AES should now work on 16bit processors (there was an alignment problem).
 * Various freed objects are cleared before freeing.
-* Header files now installed in /usr/local/include/axTLS
-* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris)
+* Header files now installed in /usr/local/include/axTLS.
+* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris).
+* removed "-noextern" option in Swig. Fixed some other warnings in Win32.
+* SSLCTX changed to SSL_CTX (to be consistent with openssl).
 
 axhttpd Changes
-* main.c now becomes axhttpd.c
-* Header file issue fixed (in mime_types.c)
-* chroot() now used for better security
-* Basic authentication implemented (with .htpasswd)
-* HTTP Port protection implemented (with .htaccess)
-* Directory access protection implemented (with .htaccess)
-
+* main.c now becomes axhttpd.c.
+* Header file issue fixed (in mime_types.c).
+* chroot() now used for better security.
+* Basic authentication implemented (with .htpasswd).
+* SSL access/denial protection implemented (with .htaccess).
+* Directory access protection implemented (with .htaccess).
+* Can now have more than one CGI file extension in mconf.
+* "If-Modified-Since" request now handled properly.
diff --git a/bindings/Makefile b/bindings/Makefile
index 322b37080a..19c896d2c0 100644
--- a/bindings/Makefile
+++ b/bindings/Makefile
@@ -47,13 +47,13 @@ java/axTLSj.i: ../ssl/ssl.h
 	@perl ./generate_SWIG_interface.pl -java
 
 java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java)
-	@cd java; swig -java -package axTLSj -noextern axTLSj.i; $(MAKE)
+	@cd java; swig -java -package axTLSj axTLSj.i; $(MAKE)
 
 perl/axTLSp.i: ../ssl/ssl.h
 	@perl ./generate_SWIG_interface.pl -perl
 
 perl/axTLSp_wrap.c: perl/axTLSp.i
-	@cd perl; swig -perl5 -noextern axTLSp.i; $(MAKE)
+	@cd perl; swig -perl5 axTLSp.i; $(MAKE)
 
 clean::
 	$(MAKE) -C csharp clean
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index 3732a1d38c..c5a7916b71 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -154,7 +154,7 @@ sub parseFile
 #ifdef SWIGJAVA
 
 %apply long { SSL * };
-%apply long { SSLCTX * };
+%apply long { SSL_CTX * };
 %apply long { SSLObjLoader * };
 
 /* allow "unsigned char []" to become "byte[]" */
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index 193b5adf40..8110d80d03 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -56,7 +56,7 @@ sub transformSignature
             $line =~ s/uint8_t \* ?/byte[] /g;
             $line =~ s/uint8_t ?/byte /g;
             $line =~ s/const char \* ?/string /g;
-            $line =~ s/SSLCTX \* ?/IntPtr /g;
+            $line =~ s/SSL_CTX \* ?/IntPtr /g;
             $line =~ s/SSLObjLoader \* ?/IntPtr /g;
             $line =~ s/SSL \* ?/IntPtr /g;
             $line =~ s/\(void\)/()/g;
@@ -74,7 +74,7 @@ sub transformSignature
 
                 $signature_ret_type =~ s/const uint8_t \*/As IntPtr/;
                 $signature_ret_type =~ s/const char \*/As String/;
-                $signature_ret_type =~ s/SSLCTX \*/As IntPtr/;
+                $signature_ret_type =~ s/SSL_CTX \*/As IntPtr/;
                 $signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/;
                 $signature_ret_type =~ s/SSL \*/As IntPtr/;
                 $signature_ret_type =~ s/uint8_t/As Byte/;
@@ -89,7 +89,7 @@ sub transformSignature
             $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
             $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
             $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
-            $line =~ s/SSLCTX \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 959385677b..d252672c4e 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -22,18 +22,9 @@
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
     <ROW Directory="index_files_DIR" Directory_Parent="www_DIR" DefaultDir="index_~1|index_files"/>
-    <ROW Directory="prop_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="prop_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="prop-b~1|prop-base"/>
-    <ROW Directory="props_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="props"/>
-    <ROW Directory="props_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="props"/>
-    <ROW Directory="prot_DIR" Directory_Parent="test_dir_DIR" DefaultDir="prot"/>
-    <ROW Directory="svn_2_DIR" Directory_Parent="another_dir_DIR" DefaultDir="svn~1|.svn"/>
+    <ROW Directory="no_ssl_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_ssl"/>
+    <ROW Directory="ssl_only_DIR" Directory_Parent="test_dir_DIR" DefaultDir="ssl_only"/>
     <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
-    <ROW Directory="text_base_4_DIR" Directory_Parent="svn_2_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="text_base_5_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="text-b~1|text-base"/>
-    <ROW Directory="tmp_2_DIR" Directory_Parent="svn_2_DIR" DefaultDir="tmp"/>
-    <ROW Directory="wcprops_4_DIR" Directory_Parent="tmp_2_DIR" DefaultDir="wcprops"/>
-    <ROW Directory="wcprops_5_DIR" Directory_Parent="svn_2_DIR" DefaultDir="wcprops"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
@@ -49,19 +40,12 @@
     <ROW Component="crypto_2600des.gif_1" ComponentId="{F3B3E37C-D940-4899-B312-0E244D6AF720}" Directory_="index_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif_1" FullKeyPath="APPDIR\www\index_files"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
     <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
-    <ROW Component="htaccess" ComponentId="{A21FC953-B7B4-42EA-8F21-422969557D40}" Directory_="prot_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\prot"/>
+    <ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
+    <ROW Component="htaccess_1" ComponentId="{83B45D66-AD6D-4E9B-8DC8-7910708E1F3A}" Directory_="ssl_only_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\ssl_only"/>
     <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
-    <ROW Component="prop_base_2" ComponentId="{A3E2975E-C55F-458E-8443-23556A498DE8}" Directory_="prop_base_4_DIR" Attributes="0"/>
-    <ROW Component="prop_base_3" ComponentId="{84D4F8F9-D8C8-40A2-AC98-0D18C7ACC15D}" Directory_="prop_base_5_DIR" Attributes="0"/>
-    <ROW Component="props_2" ComponentId="{1EC8919C-173D-4A2E-8356-E054BD661F2B}" Directory_="props_4_DIR" Attributes="0"/>
-    <ROW Component="props_3" ComponentId="{1FA958FF-6FF6-4128-9424-4036DC68CE9F}" Directory_="props_5_DIR" Attributes="0"/>
-    <ROW Component="text_base_2" ComponentId="{C99C78FE-D567-463B-84AC-F09280EC233A}" Directory_="text_base_4_DIR" Attributes="0"/>
-    <ROW Component="text_base_3" ComponentId="{C7C7D550-84BA-4B7E-83ED-526D903CD774}" Directory_="text_base_5_DIR" Attributes="0"/>
-    <ROW Component="wcprops_2" ComponentId="{3974F3F6-9377-4343-9230-782F1DD91BFF}" Directory_="wcprops_4_DIR" Attributes="0"/>
-    <ROW Component="wcprops_3" ComponentId="{0A686253-B608-4CB2-A709-3A1E124C42CB}" Directory_="wcprops_5_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 prop_base_2 props_2 text_base_2 prop_base_3 props_3 text_base_3 wcprops_2 wcprops_3 health.sh htpasswd.exe another_dir htaccess"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 health.sh htpasswd.exe another_dir htaccess htaccess_1"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
@@ -87,11 +71,13 @@
     <ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="25"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
     <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="27"/>
-    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\prot\.htaccess" SelfReg="false" Sequence="31"/>
-    <ROW File="htpasswd" Component_="htaccess" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\prot\.htpasswd" SelfReg="false" Sequence="32"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="31"/>
+    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htaccess" SelfReg="false" Sequence="33"/>
+    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htpasswd" SelfReg="false" Sequence="34"/>
     <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="30"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\prot\index.html" SelfReg="false" Sequence="33"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="32"/>
+    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\ssl_only\index.html" SelfReg="false" Sequence="35"/>
     <ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="26"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
     <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="28"/>
@@ -127,14 +113,6 @@
     <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
-    <ROW Directory_="prop_base_4_DIR" Component_="prop_base_2"/>
-    <ROW Directory_="props_4_DIR" Component_="props_2"/>
-    <ROW Directory_="text_base_4_DIR" Component_="text_base_2"/>
-    <ROW Directory_="prop_base_5_DIR" Component_="prop_base_3"/>
-    <ROW Directory_="props_5_DIR" Component_="props_3"/>
-    <ROW Directory_="text_base_5_DIR" Component_="text_base_3"/>
-    <ROW Directory_="wcprops_4_DIR" Component_="wcprops_2"/>
-    <ROW Directory_="wcprops_5_DIR" Component_="wcprops_3"/>
     <ROW Directory_="another_dir_DIR" Component_="another_dir"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
diff --git a/config/makefile.conf b/config/makefile.conf
index 58f66f60d0..ffdf33d88b 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -57,7 +57,8 @@ endif
 
 CC=cl.exe
 LD=link.exe
-CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
+CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c 
+#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
 LDFLAGS=/nologo /subsystem:console /machine:I386
 LDSHARED = /dll
 AR=lib /nologo
diff --git a/httpd/Config.in b/httpd/Config.in
index 417106e597..2dfe558f10 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -74,6 +74,12 @@ config CONFIG_HTTP_DIRECTORIES
     help
         Enable directory listing.
     
+config CONFIG_HTTP_HAS_AUTHORIZATION
+    bool "Enable authorization"
+    default n
+    help
+        Pages/directories can have passwords associated with them.
+
 config CONFIG_HTTP_PERM_CHECK
     bool "Permissions Check"
     default n
@@ -81,12 +87,6 @@ config CONFIG_HTTP_PERM_CHECK
         Enable permissions checking on the directories before reading the
         files in them.
 
-config CONFIG_HTTP_HAS_AUTHORIZATION
-    bool "Enable authorization"
-    default n
-    help
-        Pages/directories can have passwords associated with them.
-
 config CONFIG_HTTP_HAS_IPV6
     bool "Enable IPv6"
     default n
@@ -98,8 +98,6 @@ config CONFIG_HTTP_HAS_IPV6
 
 config CONFIG_HTTP_ALL_MIME_TYPES
     bool "Use all mime types"
-    default y if CONFIG_SSL_FULL_MODE
-    default n if !CONFIG_SSL_FULL_MODE
     help
         Use the full list of supported mime types.
 
diff --git a/httpd/Makefile b/httpd/Makefile
index e86cd5505e..d20f1b2b1a 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -63,7 +63,8 @@ endif
 OBJ= \
 	axhttpd.o \
 	proc.o \
-	mime_types.o
+	mime_types.o \
+	tdate_parse.o
 
 include ../config/makefile.post
 
diff --git a/httpd/README b/httpd/README
index ede9af2755..e74f66de0c 100644
--- a/httpd/README
+++ b/httpd/README
@@ -4,6 +4,10 @@ axhttpd is a small embedded web server using the axTLS library.
 It is based originally on the web server written by Doug Currie which is at:
 http://www.hcsw.org/awhttpd.
 
+*****************************************************************************
+*                       axhttpd Features                                    *
+*****************************************************************************
+
 Basic Authentication
 ====================
 
@@ -16,30 +20,49 @@ utility program htpasswd is included to help manually edit .htpasswd files.
 The encryption of this password uses a proprietary algorithm due to the 
 dependency of many crypt libraries on DES.
 
-An example is in /test_dir/prot (username 'abcd', password is '1234').
+An example is in /test_dir/ssl_only (username 'abcd', password is '1234').
 
 Note: This is an mconf configuration option.
 
-HTTP Port Protection
+SSL Protection
 ====================
 
 Directories/files can be accessed using the 'http' or 'https' uri prefix. If
 normal http access for a directory needs to be disabled, then put
 "SSLRequireSSL" into a '.htaccess' file in the directory to be protected.
 
-An example is in /test_dir/prot.
+Conversely, use "SSLDenySSL" to deny access to directories via SSL.
+
+An example is in /test_dir/ssl_only and /test_dir/no_ssl.
+
+Entire directories can be denied access with a "Deny all" directive
+(regardless of SSL or authentication).
 
 CGI
 ===
 
 chroot() is now used for added security. However this has the impact of
 removing the regular filesystem, so any CGI applications no longer have the 
-usual access.
+usual access (to things like /bin, /lib etc).
 
-So any executables and libraries need to be copied into webroot (under /bin
-and /lib).
+So any executables and libraries need to be copied into webroot.
 
 Failure to do so will result in mystical blank screens (and probably hundreds
 of axhttpd instances being created...).
 
+Directory Listing
+=================
+
+An mconf option. Allow the files in directories to be displayed.
+
+Permissions Checking
+=====================
+
+An mconf option. This will display the various file permissions to standard
+output of files in web root.
+
+Other Features
+==============
+
+Check the help options in mconf for all the other features used.
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 229ad83975..4804d56548 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -71,7 +71,7 @@ struct connstruct
     char databuf[BLOCKSIZE];
     uint8_t is_ssl;
     uint8_t close_when_done;
-    uint8_t modified_since;
+    time_t if_modified_since;
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     char cgiargs[MAXREQUESTLENGTH];
@@ -88,7 +88,7 @@ struct serverstruct
     struct serverstruct *next;
     int sd;
     int is_ssl;
-    SSLCTX *ssl_ctx;
+    SSL_CTX *ssl_ctx;
 };
 
 #if defined(CONFIG_HTTP_HAS_CGI)
@@ -99,7 +99,7 @@ struct cgiextstruct
 };
 #endif
 
-// Global prototypes
+/* global prototypes */
 extern struct serverstruct *servers;
 extern struct connstruct *usedconns;
 extern struct connstruct *freeconns;
@@ -107,20 +107,26 @@ extern struct connstruct *freeconns;
 extern struct cgiextstruct *cgiexts;
 #endif
 
-// conn.c prototypes
+/* conn.c prototypes */
 void removeconnection(struct connstruct *cn);
 
-// proc.c prototypes
+/* proc.c prototypes */
 void procdodir(struct connstruct *cn);
 void procreadhead(struct connstruct *cn);
 void procsendhead(struct connstruct *cn);
 void procreadfile(struct connstruct *cn);
 void procsendfile(struct connstruct *cn);
 
-// misc.c prototypes
+
+/* misc.c prototypes */
 char *my_strncpy(char *dest, const char *src, size_t n);
 int isdir(const char *name);
 
-// mime_types.c prototypes
+/* mime_types.c prototypes */
 void mime_init(void);
 const char *getmimetype(const char *fn);
+
+/* tdate prototypes */
+void tdate_init(void);
+time_t tdate_parse(const char* str);
+
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index bca16f83f3..a8f70e45e9 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -120,6 +120,7 @@ int main(int argc, char *argv[])
     signal(SIGINT, sigint_cleanup);
     signal(SIGTERM, die);
     mime_init();
+    tdate_init();
 
     for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
     {
@@ -587,7 +588,6 @@ static void addconnection(int sd, char *ip, int is_ssl)
     tp->state = STATE_WANT_TO_READ_HEAD;
     tp->reqtype = TYPE_GET;
     tp->close_when_done = 0;
-    tp->modified_since = 0;
     tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
 }
 
diff --git a/httpd/proc.c b/httpd/proc.c
index d6f6788a76..9f70fbbaa8 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -67,7 +67,6 @@ static int procheadelem(struct connstruct *cn, char *buf)
     *delim = 0;
     value = delim+1;
 
-    /* printf("name: %s, value: %s\n", buf, value); */
     if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
                                             strcmp(buf, "POST") == 0) 
     {
@@ -89,6 +88,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
         }
 
         my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
+        cn->if_modified_since = -1;
 #if defined(CONFIG_HTTP_HAS_CGI)
         if ((cgi_delim = strchr(value, '?')))
         {
@@ -113,8 +113,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
     } 
     else if (strcmp(buf, "If-Modified-Since:") == 0) 
     {
-        /* TODO: parse this date properly with getdate() or similar */
-        cn->modified_since = 1;
+        cn->if_modified_since = tdate_parse(value);
     }
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
     else if (strcmp(buf, "Authorization:") == 0 &&
@@ -408,13 +407,13 @@ void procsendhead(struct connstruct *cn)
 
     strcpy(date, ctime(&now));
 
-    if (cn->modified_since) 
+    /* has the file been read before? */
+    if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
+                                       cn->if_modified_since >= stbuf.st_mtime))
     {
-        /* file has already been read before */
         snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
                 "axhttpd V%s\nDate: %s\n", VERSION, date);
         special_write(cn, buf, strlen(buf));
-        cn->modified_since = 0;
         cn->state = STATE_WANT_TO_READ_HEAD;
         return;
     }
@@ -442,7 +441,7 @@ void procsendhead(struct connstruct *cn)
             "Content-Type: %s\nContent-Length: %ld\n"
             "Date: %sLast-Modified: %s\n", VERSION,
             getmimetype(cn->actualfile), (long) stbuf.st_size,
-            date, ctime(&(stbuf.st_mtime))); /* ctime() has a \n on the end */
+            date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
 
         special_write(cn, buf, strlen(buf));
 
@@ -977,15 +976,13 @@ static int htaccess_check(struct connstruct *cn)
 
     while (fgets(line, sizeof(line), fp) != NULL)
     {
-        if (!cn->is_ssl && strstr(line, "SSLRequireSSL"))
+        if (strstr(line, "Deny all") || /* access to this dir denied */
+                    /* Access will be denied unless SSL is active */
+                    (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
+                    /* Access will be denied if SSL is active */
+                    (cn->is_ssl && strstr(line, "SSLDenySSL")))
         {
-            ret = -1;       /* SSL port access required */
-            break;
-        }
-
-        if (strstr(line, "Deny all"))  
-        {
-            ret = -1;       /* access to this dir denied */
+            ret = -1;
             break;
         }
     }
@@ -996,7 +993,7 @@ static int htaccess_check(struct connstruct *cn)
 
 static void send_error(struct connstruct *cn, int err)
 {
-    char buf[1024];
+    char buf[MAXREQUESTLENGTH];
     char *title;
     char *text;
 
@@ -1016,7 +1013,7 @@ static void send_error(struct connstruct *cn, int err)
             break;
     }
 
-    sprintf(buf, "HTTP/1.1 %d %s\n"
+    snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
             "Content-Type: text/html\n"
             "Cache-Control: no-cache,no-store\n"
             "Connection: close\n\n"
@@ -1026,4 +1023,3 @@ static void send_error(struct connstruct *cn, int err)
     special_write(cn, buf, strlen(buf));
     removeconnection(cn);
 }
-
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
new file mode 100644
index 0000000000..a6cadc77e1
--- /dev/null
+++ b/httpd/tdate_parse.c
@@ -0,0 +1,107 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "axhttp.h"
+
+struct day_mon_map 
+{
+    const char* s;
+    uint8_t l;
+};
+
+static struct day_mon_map wday_tab[] = 
+{
+    { "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 },
+    { "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 }, 
+};
+
+static struct day_mon_map mon_tab[] = 
+{
+    { "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 },
+    { "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 },
+    { "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 },
+};
+
+static int day_mon_map_compare(const char *v1, const char *v2)
+{
+    return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s);
+}
+
+void tdate_init(void)
+{
+    qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map),
+            sizeof(struct day_mon_map), 
+            (int (*)(const void *, const void *))day_mon_map_compare);
+    qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map),
+            sizeof(struct day_mon_map), 
+            (int (*)(const void *, const void *))day_mon_map_compare);
+}
+
+static int8_t day_mon_map_search(const char* str, 
+                            const struct day_mon_map* tab, int n)
+{
+    struct day_mon_map *search = bsearch(&str, tab, n,
+            sizeof(struct day_mon_map), 
+                (int (*)(const void *, const void *))day_mon_map_compare);
+    return search ? search->l : -1;
+}
+
+time_t tdate_parse(const char* str)
+{
+    struct tm tm;
+    char str_mon[4], str_wday[4];
+    int tm_sec, tm_min, tm_hour, tm_mday, tm_year;
+
+    /* Initialize. */
+    memset(&tm, 0, sizeof(struct tm));
+
+    /* wdy, DD mth YY HH:MM:SS GMT */
+    if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
+                str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min,
+                    &tm_sec) == 7) ||
+    /* wdy mth DD HH:MM:SS YY */
+        (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d",
+                str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec,
+                    &tm_year) == 7))
+    {
+        int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, 
+                        sizeof(wday_tab)/sizeof(struct day_mon_map));
+        int8_t tm_mon = day_mon_map_search(str_mon, mon_tab, 
+                        sizeof(mon_tab)/sizeof(struct day_mon_map));
+
+        if (tm_wday < 0 || tm_mon < 0)
+            return -1;
+
+        tm.tm_wday = tm_wday;
+        tm.tm_mon = tm_mon;
+        tm.tm_mday = tm_mday;
+        tm.tm_hour = tm_hour;
+        tm.tm_min = tm_min;
+        tm.tm_sec = tm_sec;
+        tm.tm_year = tm_year - 1900;
+        return mktime(&tm);
+    }
+
+    return -1;  /* error */
+}
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 6dd794d67e..e11eb1c9fb 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -87,7 +87,7 @@ static void do_server(int argc, char *argv[])
     uint16_t port = 4433;
     uint32_t options = SSL_DISPLAY_CERTS;
     int client_fd;
-    SSLCTX *ssl_ctx;
+    SSL_CTX *ssl_ctx;
     int server_fd, client_len, res = 0;
 #ifndef CONFIG_SSL_SKELETON_MODE
     char *private_key_file = NULL;
@@ -416,7 +416,7 @@ static void do_client(int argc, char *argv[])
     struct hostent *hostent;
     int reconnect = 0;
     uint32_t sin_addr;
-    SSLCTX *ssl_ctx;
+    SSL_CTX *ssl_ctx;
     SSL *ssl = NULL;
     int quiet = 0;
     int cert_index = 0, ca_cert_index = 0;
diff --git a/ssl/Config.in b/ssl/Config.in
index 76b7f49c06..f79d71be89 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -210,18 +210,18 @@ config CONFIG_SSL_MAX_CERTS
         The default is to allow one certificate + 1 certificate in the chain
         (which may be the certificate authority certificate).
 
-config CONFIG_SSLCTX_MUTEXING
-    bool "Enable SSLCTX mutexing"
+config CONFIG_SSL_CTX_MUTEXING
+    bool "Enable SSL_CTX mutexing"
     default n
     help
-        Normally mutexing is not required - each SSLCTX object can deal with
-        many SSL objects (as long as each SSLCTX object is using a single
+        Normally mutexing is not required - each SSL_CTX object can deal with
+        many SSL objects (as long as each SSL_CTX object is using a single
         thread).
 
-        If the SSLCTX object is not thread safe e.g. the case where a 
+        If the SSL_CTX object is not thread safe e.g. the case where a 
         new thread is created for each SSL object, then mutexing is required. 
 
-        Select y when a mutex on the SSLCTX object is required.
+        Select y when a mutex on the SSL_CTX object is required.
 
 config CONFIG_USE_DEV_URANDOM
     bool "Use /dev/urandom"
diff --git a/ssl/Makefile b/ssl/Makefile
index 4ef5e347bd..873d19f7f1 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -54,6 +54,7 @@ OBJ=\
 	bigint.o \
 	crypto_misc.o \
 	hmac.o \
+	os_port.o \
 	loader.o \
 	md5.o \
 	p12.o \
@@ -64,10 +65,6 @@ OBJ=\
 	tls1_svr.o \
 	tls1_clnt.o
 
-ifdef CONFIG_PLATFORM_WIN32
-OBJ+=os_port.o
-endif
-
 include ../config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 44d2adf09c..45b910b9a5 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -270,9 +270,9 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
 
     (*offset)++;
     len = get_asn1_length(buf, offset);
-    *str = (char *)malloc(len+1);       /* allow for null */
+    *str = (char *)malloc(len+1);                   /* allow for null */
     memcpy(*str, &buf[*offset], len);
-    (*str)[len] = 0;                    /* null terminate */
+    (*str)[len] = 0;                                /* null terminate */
     *offset += len;
 end_pnt_str:
     return len;
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 56c94e37bd..e64375f809 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -77,8 +77,9 @@ static void check(const bigint *bi);
  */
 BI_CTX *bi_initialize(void)
 {
-    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-
+    BI_CTX *ctx;
+   
+    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
     ctx->active_list = NULL;
     ctx->active_count = 0;
     ctx->free_list = NULL;
diff --git a/ssl/loader.c b/ssl/loader.c
index dd7d172347..b332998974 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -32,17 +32,17 @@
 
 #include "ssl.h"
 
-static int do_obj(SSLCTX *ssl_ctx, int obj_type, 
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
                     SSLObjLoader *ssl_obj, const char *password);
 #ifdef CONFIG_SSL_HAS_PEM
-static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, 
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
                         SSLObjLoader *ssl_obj, const char *password);
 #endif
 
 /*
  * Load a file into memory that is in binary DER (or ascii PEM) format.
  */
-EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, 
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
                             const char *filename, const char *password)
 {
 #ifndef CONFIG_SSL_SKELETON_MODE
@@ -57,6 +57,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type,
     }
 
     ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
     ssl_obj->len = get_file(filename, &ssl_obj->buf);
 
     if (ssl_obj->len <= 0)
@@ -90,12 +91,13 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type,
 /*
  * Transfer binary data into the object loader.
  */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type, 
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
         const uint8_t *data, int len, const char *password)
 {
     int ret;
 
-    SSLObjLoader *ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    SSLObjLoader *ssl_obj;
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
     ssl_obj->buf = (uint8_t *)malloc(len);
     memcpy(ssl_obj->buf, data, len);
     ssl_obj->len = len;
@@ -107,7 +109,7 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int mem_type,
 /*
  * Actually work out what we are doing 
  */
-static int do_obj(SSLCTX *ssl_ctx, int obj_type, 
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
                     SSLObjLoader *ssl_obj, const char *password)
 {
     int ret = SSL_OK;
@@ -277,7 +279,7 @@ static int pem_decrypt(const uint8_t *where, const uint8_t *end,
 /**
  * Take a base64 blob of data and turn it into its proper ASN.1 form.
  */
-static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where, 
+static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where, 
         int remain, const char *password)
 {
     int ret = SSL_OK;
@@ -293,6 +295,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
             remain -= (int)(end-start);
             start += strlen(begins[i]);
             pem_size = (int)(end-start);
+
             ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
 
             /* 4/3 bigger than what we need but so what */
@@ -357,7 +360,7 @@ static int new_pem_obj(SSLCTX *ssl_ctx, int is_cacert, uint8_t *where,
 /*
  * Load a file into memory that is in ASCII PEM format.
  */
-static int ssl_obj_PEM_load(SSLCTX *ssl_ctx, int obj_type, 
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
                         SSLObjLoader *ssl_obj, const char *password)
 {
     uint8_t *start;
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 56e6e3a06a..109321e298 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -21,15 +21,15 @@
  *
  * OS specific functions.
  */
-#ifdef WIN32
-
 #include <time.h>
+#include <stdlib.h>
 #include "os_port.h"
 
+#ifdef WIN32
 /**
  * gettimeofday() not in Win32 
  */
-EXP_FUNC void gettimeofday(struct timeval* t, void* timezone)
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
 {       
 #if defined(_WIN32_WCE)
     t->tv_sec = time(NULL);
@@ -45,7 +45,7 @@ EXP_FUNC void gettimeofday(struct timeval* t, void* timezone)
 /**
  * strcasecmp() not in Win32
  */
-EXP_FUNC int strcasecmp(const char *s1, const char *s2)
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
 {
     while (tolower(*s1) == tolower(*s2++))
     {
@@ -59,3 +59,61 @@ EXP_FUNC int strcasecmp(const char *s1, const char *s2)
 }
 
 #endif
+
+#undef malloc
+#undef realloc
+#undef calloc
+#undef open
+#undef fopen
+
+/* some functions that call abort() on failure */
+EXP_FUNC void * STDCALL ax_malloc(size_t s)
+{
+    void *x;
+
+    if ((x = malloc(s)) == NULL)
+        abort();
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
+{
+    void *x;
+
+    if ((x = realloc(y, s)) == NULL)
+        abort();
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
+{
+    void *x;
+
+    if ((x = calloc(n, s)) == NULL)
+        abort();
+
+    return x;
+}
+
+EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type)
+{
+    FILE *f; 
+
+    if ((f = fopen(name, type)) == NULL)
+        abort();
+
+    return  f;
+}
+
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
+{
+    int x;
+
+    if ((x = open(pathname, flags)) < 0)
+        abort();
+
+    return x;
+}
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 89eeb6b16d..32e7902917 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -29,6 +29,8 @@
 extern "C" {
 #endif
 
+#include <stdio.h>
+
 #if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
@@ -72,7 +74,7 @@ extern "C" {
 #define random()                rand()
 #define getpid()                _getpid()
 #define snprintf                _snprintf
-#define open(A,B)               _open(A,B)
+//#define open(A,B)               _open(A,B)
 #define dup2(A,B)               _dup2(A,B)
 #define unlink(A)               _unlink(A)
 #define close(A)                _close(A)
@@ -80,9 +82,11 @@ extern "C" {
 #define write(A,B,C)            _write(A,B,C)
 #define sleep(A)                Sleep(A*1000)
 #define usleep(A)               Sleep(A/1000)
-#define lseek(A,B,C)            _lseek(A,B,C)
 #define strdup(A)               _strdup(A)
 #define chroot(A)               _chdir(A)
+#ifndef lseek
+#define lseek(A,B,C)            _lseek(A,B,C)
+#endif
 
 /* This fix gets around a problem where a win32 application on a cygwin xterm
    doesn't display regular output (until a certain buffer limit) - but it works
@@ -99,19 +103,17 @@ extern "C" {
 #pragma comment(lib, "AdvAPI32.lib")
 #endif
 
-#define uint8_t unsigned char
-#define uint16_t unsigned short
-#ifndef INT16
-typedef signed short INT16;
-#endif
-
-#define int16_t INT16
-#define uint32_t UINT32
-#define uint64_t UINT64
-#define int64_t INT64
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
 
-extern EXP_FUNC void gettimeofday(struct timeval* t,void* timezone);
-extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
 
 #else   /* Not Win32 */
 
@@ -140,6 +142,19 @@ extern EXP_FUNC int strcasecmp(const char *s1, const char *s2);
 
 #endif  /* Not Win32 */
 
+/* some functions to mutate the way these work */
+#define malloc(A)       ax_malloc(A)
+#define realloc(A,B)    ax_realloc(A,B)
+#define calloc(A,B)     ax_calloc(A,B)
+#define fopen(A,B)      ax_fopen(A,B)
+#define open(A,B)       ax_open(A,B)
+
+EXP_FUNC void * STDCALL ax_malloc(size_t s);
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
+EXP_FUNC FILE * STDCALL fopen(const char *name, const char *type);
+EXP_FUNC int STDCALL open(const char *pathname, int flags); 
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/ssl/p12.c b/ssl/p12.c
index fe0b82c71c..7e99bbc5ce 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -65,14 +65,14 @@ static char *make_uni_pass(const char *password, int *uni_pass_len);
 static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
                         const uint8_t *salt, int iter, 
                         uint8_t *priv_key, int priv_key_len, int id);
-static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key);
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
 static int get_pbe_params(uint8_t *buf, int *offset, 
         const uint8_t **salt, int *iterations);
 
 /*
  * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
  */
-int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 {
     uint8_t *buf = ssl_obj->buf;
     int len, offset = 0;
@@ -120,7 +120,7 @@ int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 /*
  * Take the unencrypted pkcs8 and turn it into a private key 
  */
-static int p8_add_key(SSLCTX *ssl_ctx, uint8_t *priv_key)
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
 {
     uint8_t *buf = priv_key;
     int len, offset = 0;
@@ -218,7 +218,7 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
  * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
  * and keys.
  */
-int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 {
     uint8_t *buf = ssl_obj->buf;
     int all_ok = 0, len, iterations, auth_safes_start, 
@@ -273,6 +273,7 @@ int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     auth_safes_len = auth_safes_end - auth_safes_start;
     auth_safes = malloc(auth_safes_len);
+
     memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
 
     if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
diff --git a/ssl/rsa.c b/ssl/rsa.c
index ec856dfb68..6f5c8a44a8 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -72,7 +72,7 @@ void RSA_pub_key_new(RSA_CTX **ctx,
 {
     RSA_CTX *rsa_ctx;
     BI_CTX *bi_ctx = bi_initialize();
-    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));   /* reset to all 0 */
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
     rsa_ctx = *ctx;
     rsa_ctx->bi_ctx = bi_ctx;
     rsa_ctx->num_octets = (mod_len & 0xFFF0);
@@ -290,11 +290,13 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         bigint *modulus, bigint *pub_exp)
 {
-    uint8_t *block = (uint8_t *)malloc(sig_len);
+    uint8_t *block;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
 
+    block = (uint8_t *)malloc(sig_len);
+
     /* decrypt */
     dat_bi = bi_import(ctx, sig, sig_len);
     ctx->mod_offset = BIGINT_M_OFFSET;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9621ec5787..3e366c44db 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -156,10 +156,10 @@ extern "C" {
  * different context needs to be be used.
  *
  * There are two threading models supported - a single thread with one
- * SSLCTX can support any number of SSL connections - and multiple threads can 
- * support one SSLCTX object each (the default). But if a single SSLCTX 
+ * SSL_CTX can support any number of SSL connections - and multiple threads can 
+ * support one SSL_CTX object each (the default). But if a single SSL_CTX 
  * object uses many SSL objects in individual threads, then the 
- * CONFIG_SSLCTX_MUTEXING option needs to be configured.
+ * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
  *
  * @param options [in]  Any particular options. At present the options
  * supported are:
@@ -185,7 +185,7 @@ extern "C" {
  * is not used in skeleton mode.
  * @return A client/server context.
  */
-EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
 
 /**
  * @brief Remove a client/server context.
@@ -194,7 +194,7 @@ EXP_FUNC SSLCTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
  * sent a "Close Notify" alert (if possible).
  * @param ssl_ctx [in] The client/server context.
  */
-EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx);
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
 
 /**
  * @brief (server only) Establish a new SSL connection to an SSL client.
@@ -205,7 +205,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx);
  * @param client_fd [in] The client's file descriptor. 
  * @return An SSL object reference.
  */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd);
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
 
 /**
  * @brief (client only) Establish a new SSL connection to an SSL server.
@@ -223,7 +223,7 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd);
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
 
 /**
  * @brief Free any used resources on this connection. 
@@ -272,7 +272,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
  * @return A reference to the SSL object. Returns null if the object could not 
  * be found.
  */
-EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd);
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
 
 /**
  * @brief Get the session id for a handshake. 
@@ -395,7 +395,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
  * @return SSL_OK if all ok
  * @note Not available in skeleton build mode.
  */
-EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
 
 /**
  * @brief Process binary data.
@@ -410,7 +410,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSLCTX *ssl_ctx, int obj_type, const char *fil
  * @return SSL_OK if all ok
  * @see ssl_obj_load for more details on obj_type.
  */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSLCTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
 
 /**
  * @brief Return the axTLS library version as a string.
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 557118ba4e..55ad891c9f 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -528,7 +528,7 @@ static int cert_tests(void)
 {
     int res = -1, len;
     X509_CTX *x509_ctx;
-    SSLCTX *ssl_ctx;
+    SSL_CTX *ssl_ctx;
     uint8_t *buf;
 
     /* check a bunch of 3rd party certificates */
@@ -728,7 +728,7 @@ static int SSL_server_test(
         int axolotls_option)
 {
     int server_fd, ret = 0;
-    SSLCTX *ssl_ctx = NULL;
+    SSL_CTX *ssl_ctx = NULL;
     struct sockaddr_in client_addr;
     uint8_t *read_buf;
     int clnt_len = sizeof(client_addr);
@@ -1151,7 +1151,7 @@ static void do_server(server_t *svr)
 
 static int SSL_client_test(
         const char *test,
-        SSLCTX **ssl_ctx,
+        SSL_CTX **ssl_ctx,
         const char *openssl_option, 
         CLNT_SESSION_RESUME_CTX *sess_resume,
         uint32_t client_options,
@@ -1332,7 +1332,7 @@ static int SSL_client_test(
 int SSL_client_tests(void)
 {
     int ret =  -1;
-    SSLCTX *ssl_ctx = NULL;
+    SSL_CTX *ssl_ctx = NULL;
     CLNT_SESSION_RESUME_CTX sess_resume;
     memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
 
@@ -1455,7 +1455,7 @@ static void do_basic(void)
 {
     int client_fd;
     SSL *ssl_clnt;
-    SSLCTX *ssl_clnt_ctx = ssl_ctx_new(
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
                             DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
     usleep(200000);           /* allow server to start */
 
@@ -1489,7 +1489,7 @@ static void do_basic(void)
 static int SSL_basic_test(void)
 {
     int server_fd, client_fd, ret = 0, size = 0, offset = 0;
-    SSLCTX *ssl_svr_ctx = NULL;
+    SSL_CTX *ssl_svr_ctx = NULL;
     struct sockaddr_in client_addr;
     uint8_t *read_buf;
     int clnt_len = sizeof(client_addr);
@@ -1570,7 +1570,7 @@ static int SSL_basic_test(void)
 
 typedef struct
 {
-    SSLCTX *ssl_clnt_ctx;
+    SSL_CTX *ssl_clnt_ctx;
     int port;
     int thread_id;
 } multi_t;
@@ -1645,8 +1645,8 @@ void do_multi_svr(SSL *ssl)
 int multi_thread_test(void)
 {
     int server_fd;
-    SSLCTX *ssl_server_ctx;
-    SSLCTX *ssl_clnt_ctx;
+    SSL_CTX *ssl_server_ctx;
+    SSL_CTX *ssl_clnt_ctx;
     pthread_t clnt_threads[NUM_THREADS];
     pthread_t svr_threads[NUM_THREADS];
     int i, res = 0;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index ccd28df873..6a9294feab 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -157,9 +157,9 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,
 /**
  * Establish a new client/server context.
  */
-EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 {
-    SSLCTX *ssl_ctx = (SSLCTX *)calloc(1, sizeof (SSLCTX));
+    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
     ssl_ctx->options = options;
 #ifndef CONFIG_SSL_SKELETON_MODE
     ssl_ctx->num_sessions = num_sessions;
@@ -195,7 +195,7 @@ EXP_FUNC SSLCTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 /*
  * Remove a client/server context.
  */
-EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
 {
     SSL *ssl;
     int i;
@@ -243,7 +243,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSLCTX *ssl_ctx)
  */
 EXP_FUNC void STDCALL ssl_free(SSL *ssl)
 {
-    SSLCTX *ssl_ctx;
+    SSL_CTX *ssl_ctx;
 
     if (ssl == NULL)        /* just ignore null pointers */
         return;
@@ -338,7 +338,7 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 /**
  * Add a certificate to the certificate chain.
  */
-int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
     int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
     SSL_CERT *ssl_cert;
@@ -383,7 +383,7 @@ int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
 /**
  * Add a certificate authority.
  */
-int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len)
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
     int ret = SSL_ERROR_NO_CERT_DEFINED;
     int i = 0;
@@ -464,7 +464,7 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
 /*
  * Find an ssl object based on the client's file descriptor.
  */
-EXP_FUNC SSL * STDCALL ssl_find(SSLCTX *ssl_ctx, int client_fd)
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
 {
     SSL *ssl;
 
@@ -535,7 +535,7 @@ static const cipher_info_t *get_cipher_info(uint8_t cipher)
 /*
  * Get a new ssl context for a new connection.
  */
-SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
 {
     SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
     ssl->ssl_ctx = ssl_ctx;
@@ -573,7 +573,7 @@ SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd)
 /*
  * Add a private key to a context.
  */
-int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj)
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
 {
     int ret = SSL_OK;
 
@@ -2014,7 +2014,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
 
 #ifdef CONFIG_BINDINGS
 #if !defined(CONFIG_SSL_ENABLE_CLIENT)
-EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, 
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, 
                         int client_fd, const uint8_t *session_id)
 {
     printf(unsupported_str);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index f21d9a6cd8..bb2b4d4b33 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -31,7 +31,7 @@ extern "C" {
 #include "version.h"
 
 /* Mutexing definitions */
-#if defined(CONFIG_SSLCTX_MUTEXING)
+#if defined(CONFIG_SSL_CTX_MUTEXING)
 #if defined(WIN32)
 #define SSL_CTX_MUTEX_TYPE          HANDLE
 #define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
@@ -172,7 +172,7 @@ struct _SSL
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     SSL_CERT *certs;
-    struct _SSLCTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
+    struct _SSL_CTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t session_index;
     SSL_SESS *session;
@@ -194,7 +194,7 @@ struct _SSL
 
 typedef struct _SSL SSL;
 
-struct _SSLCTX
+struct _SSL_CTX
 {
     uint32_t options;
     uint8_t chain_length;
@@ -209,16 +209,19 @@ struct _SSLCTX
     uint16_t num_sessions;
     SSL_SESS **ssl_sessions;
 #endif
-#ifdef CONFIG_SSLCTX_MUTEXING
+#ifdef CONFIG_SSL_CTX_MUTEXING
     SSL_CTX_MUTEX_TYPE mutex;
 #endif
 };
 
-typedef struct _SSLCTX SSLCTX;
+typedef struct _SSL_CTX SSL_CTX;
+
+/* backwards compatibility */
+typedef struct _SSL_CTX SSLCTX;
 
 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
 
-SSL *ssl_new(SSLCTX *ssl_ctx, int client_fd);
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
 int send_packet(SSL *ssl, uint8_t protocol, 
         const uint8_t *in, int length);
 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
@@ -233,13 +236,13 @@ int send_change_cipher_spec(SSL *ssl);
 void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
-int add_cert(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
-int add_private_key(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj);
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
 void ssl_obj_free(SSLObjLoader *ssl_obj);
-int pkcs8_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int pkcs12_decode(SSLCTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
-int add_cert_auth(SSLCTX *ssl_ctx, const uint8_t *buf, int len);
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
 #endif
 #ifdef CONFIG_SSL_ENABLE_CLIENT
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 7dc9c4d43e..b3d5a52fb6 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -35,7 +35,7 @@ static int send_cert_verify(SSL *ssl);
 /*
  * Establish a new SSL connection to an SSL server.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSLCTX *ssl_ctx, int client_fd, const uint8_t *session_id)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
 {
     int ret;
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 9ad3a98d8e..d5593e0f83 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -37,7 +37,7 @@ static int process_cert_verify(SSL *ssl);
 /*
  * Establish a new SSL connection to an SSL client.
  */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSLCTX *ssl_ctx, int client_fd)
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->next_state = HS_CLIENT_HELLO;
diff --git a/www/test_dir/prot/.htaccess b/www/test_dir/no_http/.htaccess
similarity index 93%
rename from www/test_dir/prot/.htaccess
rename to www/test_dir/no_http/.htaccess
index a8cf5665e0..3e20076a2c 100644
--- a/www/test_dir/prot/.htaccess
+++ b/www/test_dir/no_http/.htaccess
@@ -1,2 +1 @@
 SSLRequireSSL
-
diff --git a/www/test_dir/prot/.htpasswd b/www/test_dir/no_http/.htpasswd
similarity index 99%
rename from www/test_dir/prot/.htpasswd
rename to www/test_dir/no_http/.htpasswd
index 333d9173ca..0471b01400 100644
--- a/www/test_dir/prot/.htpasswd
+++ b/www/test_dir/no_http/.htpasswd
@@ -1,3 +1,2 @@
 abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
 yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw==
-
diff --git a/www/test_dir/prot/index.html b/www/test_dir/no_http/index.html
similarity index 93%
rename from www/test_dir/prot/index.html
rename to www/test_dir/no_http/index.html
index 65f23bce6a..8b86eba8ed 100644
--- a/www/test_dir/prot/index.html
+++ b/www/test_dir/no_http/index.html
@@ -3,4 +3,4 @@
 <body>
 Looks like you got to this directory.
 </body>
-</htm>
+</html>
diff --git a/www/test_dir/no_ssl/.htaccess b/www/test_dir/no_ssl/.htaccess
new file mode 100644
index 0000000000..d980d265a5
--- /dev/null
+++ b/www/test_dir/no_ssl/.htaccess
@@ -0,0 +1 @@
+SSLDenySSL
diff --git a/www/test_dir/no_ssl/index.html b/www/test_dir/no_ssl/index.html
new file mode 100644
index 0000000000..8b86eba8ed
--- /dev/null
+++ b/www/test_dir/no_ssl/index.html
@@ -0,0 +1,6 @@
+<html>
+<head><title>axhttpd is running</title></head>
+<body>
+Looks like you got to this directory.
+</body>
+</html>

From 900b0eb96e588bdd1bb99a25496ed7be59897d2c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 18 Feb 2007 08:14:01 +0000
Subject: [PATCH 052/301] fixed memory leak

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@63 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG            |  9 ++++++---
 Makefile             | 11 +++--------
 config/Config.in     |  1 +
 config/makefile.conf |  6 +++++-
 httpd/README         |  2 +-
 httpd/axhttpd.c      | 45 +++++++++++++++++++++++---------------------
 httpd/proc.c         | 13 +++++++++----
 ssl/crypto_misc.c    | 13 ++-----------
 ssl/os_port.c        | 45 ++++++++++++++++++++++++++++++++++++--------
 ssl/os_port.h        | 14 +++++++++-----
 ssl/test/ssltest.c   | 23 +---------------------
 www/bin/.htaccess    |  2 ++
 12 files changed, 100 insertions(+), 84 deletions(-)
 create mode 100644 www/bin/.htaccess

diff --git a/CHANGELOG b/CHANGELOG
index 568d44076d..fed344cdb5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,13 +6,16 @@ Changes since 1.0.0
 * -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris).
 * removed "-noextern" option in Swig. Fixed some other warnings in Win32.
 * SSLCTX changed to SSL_CTX (to be consistent with openssl).
+* malloc()/open() etc call abort() on failure.
+* Fixed a memory leak in directory listings.
 
 axhttpd Changes
 * main.c now becomes axhttpd.c.
 * Header file issue fixed (in mime_types.c).
 * chroot() now used for better security.
-* Basic authentication implemented (with .htpasswd).
-* SSL access/denial protection implemented (with .htaccess).
-* Directory access protection implemented (with .htaccess).
+* Basic authentication implemented (via .htpasswd).
+* SSL access/denial protection implemented (via .htaccess).
+* Directory access protection implemented (via .htaccess).
 * Can now have more than one CGI file extension in mconf.
 * "If-Modified-Since" request now handled properly.
+
diff --git a/Makefile b/Makefile
index 6be5fbe5ff..e78798ba01 100644
--- a/Makefile
+++ b/Makefile
@@ -81,14 +81,9 @@ ifdef CONFIG_PERL_BINDINGS
 	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
 endif
 	@mkdir -p -m 755 $(PREFIX)/include/axTLS
-	-install -m 644 ssl/bigint.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/bigint_impl.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/crypto.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/os_port.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/bigint.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/ssl.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/tls1.h $(PREFIX)/include/axTLS
-	-install -m 644 ssl/version.h $(PREFIX)/include/axTLS
+	-install -m 644 ssl/*.h $(PREFIX)/include/axTLS
+	-rm $(PREFIX)/include/axTLS/cert.h
+	-rm $(PREFIX)/include/axTLS/private_key.h
 	-install -m 644 config/config.h $(PREFIX)/include/axTLS
 
 installclean:
diff --git a/config/Config.in b/config/Config.in
index de1808d8e4..c68e95a664 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -117,3 +117,4 @@ source httpd/Config.in
 source bindings/Config.in
 source samples/Config.in
 source ssl/BigIntConfig.in
+
diff --git a/config/makefile.conf b/config/makefile.conf
index ffdf33d88b..77a341be3b 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -84,11 +84,15 @@ CFLAGS += -DCONFIG_PLATFORM_SOLARIS
 LDFLAGS += -lsocket -lnsl -lc
 LDSHARED = -G
 # Linux/Cygwin
-else # Linux
+else 
 CFLAGS += -Wall -Wstrict-prototypes -Wshadow
 LDSHARED = -shared
+
+# Linux
 ifndef CONFIG_PLATFORM_CYGWIN
 CFLAGS += -fPIC 
+
+# Cygwin
 else
 CFLAGS += -DCONFIG_PLATFORM_CYGWIN
 endif
diff --git a/httpd/README b/httpd/README
index e74f66de0c..8ab78cbd30 100644
--- a/httpd/README
+++ b/httpd/README
@@ -33,7 +33,7 @@ normal http access for a directory needs to be disabled, then put
 
 Conversely, use "SSLDenySSL" to deny access to directories via SSL.
 
-An example is in /test_dir/ssl_only and /test_dir/no_ssl.
+An example is in /test_dir/no_http and /test_dir/no_ssl.
 
 Entire directories can be denied access with a "Deny all" directive
 (regardless of SSL or authentication).
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index a8f70e45e9..3f6eaba9fc 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -53,8 +53,6 @@ static void sigint_cleanup(int sig)
 {
     struct serverstruct *sp;
     struct connstruct *tp;
-    int i;
-
 
     while (servers != NULL) 
     {
@@ -66,16 +64,20 @@ static void sigint_cleanup(int sig)
         servers = sp;
     }
 
-    for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
+    while (freeconns != NULL)
     {
-        if (freeconns == NULL)
-            break;
-
         tp = freeconns->next;
         free(freeconns);
         freeconns = tp;
     }
 
+    while (usedconns != NULL)
+    {
+        tp = usedconns->next;
+        free(usedconns);
+        usedconns = tp;
+    }
+
 #if defined(CONFIG_HTTP_HAS_CGI)
     while (cgiexts)
     {
@@ -129,20 +131,6 @@ int main(int argc, char *argv[])
         freeconns->next = tp;
     }
 
-    /* change to webroot for better security */
-    if (chroot(webroot))
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "'%s' is not a directory\n", webroot);
-#endif
-        exit(1);
-    }
-
-#ifndef WIN32
-    setgid(32767);
-    setuid(32767);
-#endif
-
     if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
@@ -179,6 +167,21 @@ int main(int argc, char *argv[])
             ssl_version(), CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
     TTY_FLUSH();
 #endif
+
+    /* change to webroot for better security */
+    if (chroot(webroot))
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "'%s' is not a directory\n", webroot);
+#endif
+        exit(1);
+    }
+
+#ifndef WIN32
+    setgid(32767);
+    setuid(32767);
+#endif
+
 #if defined(CONFIG_HTTP_IS_DAEMON)
     if (fork() > 0)  /* parent will die */
         exit(0);
@@ -560,7 +563,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
 
     /* Get ourselves a connstruct */
     if (freeconns == NULL) 
-        tp = (struct connstruct *)malloc(sizeof(struct connstruct));
+        tp = (struct connstruct *)calloc(1, sizeof(struct connstruct));
     else 
     {
         tp = freeconns;
diff --git a/httpd/proc.c b/httpd/proc.c
index 9f70fbbaa8..753304f76c 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -163,9 +163,6 @@ static void procdirlisting(struct connstruct *cn)
         send_error(cn, 404);
         return;
     }
-
-    /* Get rid of the "." */
-    readdir(cn->dirp);
 #endif
 
     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
@@ -198,6 +195,9 @@ void procdodir(struct connstruct *cn)
             snprintf(buf, sizeof(buf), "</body></html>\n");
             special_write(cn, buf, strlen(buf));
             removeconnection(cn);
+#ifndef WIN32
+            closedir(cn->dirp);
+#endif
             return;
         }
 
@@ -430,7 +430,7 @@ void procsendhead(struct connstruct *cn)
         flags |= O_BINARY;
 #endif
 
-        cn->filedesc = open(cn->actualfile, flags);
+        cn->filedesc = ax_open(cn->actualfile, flags);
         if (cn->filedesc == -1) 
         {
             send_error(cn, 404);
@@ -1011,6 +1011,11 @@ static void send_error(struct connstruct *cn, int err)
             title = "Not Found";
             text = title;
             break;
+
+        default:
+            title = "Unknown";
+            text = "Unknown";
+            break;
     }
 
     snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 6f70665d9a..4f4ffa6989 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -52,13 +52,8 @@ int get_file(const char *filename, uint8_t **buf)
     int total_bytes = 0;
     int bytes_read = 0; 
     int filesize;
-    FILE *stream = fopen(filename, "rb");
+    FILE *stream = ax_fopen(filename, "rb");
 
-    if (stream == NULL)
-    {
-        return -1;
-    }
-    
     /* Win CE doesn't support stat() */
     fseek(stream, 0, SEEK_END);
     filesize = ftell(stream);
@@ -87,11 +82,7 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
     if (rng_ref_count == 0)
     {
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-        if ((rng_fd = open("/dev/urandom", O_RDONLY)) < 0)
-        {
-            printf(unsupported_str);
-            exit(1);
-        }
+        rng_fd = ax_open("/dev/urandom", O_RDONLY);
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
         if (!CryptAcquireContext(&gCryptProv, 
                           NULL, NULL, PROV_RSA_FULL, 0))
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 109321e298..e494989075 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -23,6 +23,8 @@
  */
 #include <time.h>
 #include <stdlib.h>
+#include <errno.h>
+#include <stdarg.h>
 #include "os_port.h"
 
 #ifdef WIN32
@@ -66,13 +68,20 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
 #undef open
 #undef fopen
 
-/* some functions that call abort() on failure */
+static const char * out_of_mem_str = "out of memory";
+static const char * file_open_str = "Could not open file \"%s\"";
+
+/* 
+ * Some functions that call display some error trace and then call abort().
+ * This just makes life much easier on embedded systems, since we're 
+ * suffering major trauma...
+ */
 EXP_FUNC void * STDCALL ax_malloc(size_t s)
 {
     void *x;
 
     if ((x = malloc(s)) == NULL)
-        abort();
+        exit_now(out_of_mem_str);
 
     return x;
 }
@@ -82,7 +91,7 @@ EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
     void *x;
 
     if ((x = realloc(y, s)) == NULL)
-        abort();
+        exit_now(out_of_mem_str);
 
     return x;
 }
@@ -92,17 +101,20 @@ EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
     void *x;
 
     if ((x = calloc(n, s)) == NULL)
-        abort();
+        exit_now(out_of_mem_str);
 
     return x;
 }
 
-EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type)
+EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
 {
     FILE *f; 
 
-    if ((f = fopen(name, type)) == NULL)
-        abort();
+    if ((f = fopen(pathname, type)) == NULL)
+    {
+        perror("open: ");
+        exit_now(file_open_str, pathname);
+    }
 
     return  f;
 }
@@ -112,8 +124,25 @@ EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
     int x;
 
     if ((x = open(pathname, flags)) < 0)
-        abort();
+    {
+        perror("open: ");
+        exit_now(file_open_str, pathname);
+    }
 
     return x;
 }
 
+/**
+ * This is a call which will deliberately exit an application, but will
+ * display some information before dying.
+ */
+void exit_now(const char *format, ...)
+{
+    va_list argp;
+
+    va_start(argp, format);
+    vsprintf(stderr, format, argp);
+    va_end(argp);
+    abort();
+}
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 32e7902917..00f4ceb294 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -74,7 +74,7 @@ extern "C" {
 #define random()                rand()
 #define getpid()                _getpid()
 #define snprintf                _snprintf
-//#define open(A,B)               _open(A,B)
+#define open(A,B)               _open(A,B)
 #define dup2(A,B)               _dup2(A,B)
 #define unlink(A)               _unlink(A)
 #define close(A)                _close(A)
@@ -146,14 +146,18 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
 #define malloc(A)       ax_malloc(A)
 #define realloc(A,B)    ax_realloc(A,B)
 #define calloc(A,B)     ax_calloc(A,B)
-#define fopen(A,B)      ax_fopen(A,B)
-#define open(A,B)       ax_open(A,B)
 
 EXP_FUNC void * STDCALL ax_malloc(size_t s);
 EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
 EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
-EXP_FUNC FILE * STDCALL fopen(const char *name, const char *type);
-EXP_FUNC int STDCALL open(const char *pathname, int flags); 
+EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type);
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+
+#ifdef CONFIG_PLATFORM_LINUX
+void exit_now(const char *format, ...) __attribute((noreturn));
+#else
+void exit_now(const char *format, ...);
+#endif
 
 #ifdef __cplusplus
 }
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 55ad891c9f..d841afaa90 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -996,27 +996,6 @@ int SSL_server_tests(void)
     printf("SSL server test \"%s\" passed\n", "Bad After Cert");
     TTY_FLUSH();
 
-    /* this test should fail */
-    if ((ret = SSL_server_test(NULL, "Bogus cert", "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_crud.cer", NULL,
-                    "../ssl/test/axTLS.key_512", NULL,
-                    NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "Bogus cert");
-    TTY_FLUSH();
-
-    /* this test should fail */
-    if ((ret = SSL_server_test(NULL, "Bogus private key",
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_device.cer", NULL,
-                    "../ssl/test/axTLS.crud", NULL,
-                    NULL, DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "Bogus private key");
-    TTY_FLUSH();
-
     /* 
      * Key in PEM format
      */
@@ -1734,7 +1713,7 @@ int main(int argc, char *argv[])
     signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
     dup2(fd, 2);
 #endif
-    
+
     bi_ctx = bi_initialize();
 
     if (AES_test(bi_ctx))
diff --git a/www/bin/.htaccess b/www/bin/.htaccess
new file mode 100644
index 0000000000..4496fa9edd
--- /dev/null
+++ b/www/bin/.htaccess
@@ -0,0 +1,2 @@
+Deny all
+

From 6843c20d38e43f0f944dd16de56c32d2d2aba4cd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 21 Feb 2007 13:22:36 +0000
Subject: [PATCH 053/301] Added openssl compatibility functions

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@64 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                      |   3 +
 Makefile                       |  15 +--
 bindings/generate_interface.pl |   4 +
 config/linuxconfig             |   2 +-
 config/win32config             |   2 +-
 httpd/axhttp.h                 |   3 +-
 httpd/axhttpd.c                |  17 +++-
 httpd/proc.c                   |  15 +--
 ssl/Config.in                  |  10 ++
 ssl/Makefile                   |   1 +
 ssl/crypto_misc.c              |  10 +-
 ssl/loader.c                   |  25 ++---
 ssl/openssl.c                  | 180 +++++++++++++++++++++++++++++++++
 ssl/os_port.c                  |   8 +-
 ssl/os_port.h                  |   2 +-
 ssl/ssl.h                      |  13 +--
 ssl/tls1.c                     |  21 ++--
 ssl/tls1.h                     |   3 +
 ssl/tls1_svr.c                 |   1 -
 19 files changed, 278 insertions(+), 57 deletions(-)
 create mode 100644 ssl/openssl.c

diff --git a/CHANGELOG b/CHANGELOG
index fed344cdb5..80ba19027d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,8 @@ Changes since 1.0.0
 * SSLCTX changed to SSL_CTX (to be consistent with openssl).
 * malloc()/open() etc call abort() on failure.
 * Fixed a memory leak in directory listings.
+* Added openssl() compatibility functions.
+* Fixed cygwin 'make install' issue.
 
 axhttpd Changes
 * main.c now becomes axhttpd.c.
@@ -18,4 +20,5 @@ axhttpd Changes
 * Directory access protection implemented (via .htaccess).
 * Can now have more than one CGI file extension in mconf.
 * "If-Modified-Since" request now handled properly.
+* Performance tweaks to remove ssl_find() 
 
diff --git a/Makefile b/Makefile
index e78798ba01..568770c1e6 100644
--- a/Makefile
+++ b/Makefile
@@ -73,18 +73,21 @@ win32_demo:
 install: $(PREFIX) all
 	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
 	chmod 755 $(PREFIX)/lib/libax* 
-	-install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
-ifdef CONFIG_AXHTTPD
-	-install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
+	install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
+ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+	install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
+endif
+ifdef CONFIG_PLATFORM_CYGWIN
+	install -m 755 $(STAGE)/cygaxtls.dll $(PREFIX)/bin 
 endif
 ifdef CONFIG_PERL_BINDINGS 
-	-install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
+	install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
 endif
 	@mkdir -p -m 755 $(PREFIX)/include/axTLS
-	-install -m 644 ssl/*.h $(PREFIX)/include/axTLS
+	install -m 644 ssl/*.h $(PREFIX)/include/axTLS
 	-rm $(PREFIX)/include/axTLS/cert.h
 	-rm $(PREFIX)/include/axTLS/private_key.h
-	-install -m 644 config/config.h $(PREFIX)/include/axTLS
+	install -m 644 config/config.h $(PREFIX)/include/axTLS
 
 installclean:
 	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index 8110d80d03..816dd47752 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -56,8 +56,10 @@ sub transformSignature
             $line =~ s/uint8_t \* ?/byte[] /g;
             $line =~ s/uint8_t ?/byte /g;
             $line =~ s/const char \* ?/string /g;
+            $line =~ s/const SSL_CTX \* ?/IntPtr /g;
             $line =~ s/SSL_CTX \* ?/IntPtr /g;
             $line =~ s/SSLObjLoader \* ?/IntPtr /g;
+            $line =~ s/const SSL \* ?/IntPtr /g;
             $line =~ s/SSL \* ?/IntPtr /g;
             $line =~ s/\(void\)/()/g;
         }
@@ -89,8 +91,10 @@ sub transformSignature
             $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
             $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
             $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
+            $line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/const SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
             $line =~ s/\(void\)/()/g;
diff --git a/config/linuxconfig b/config/linuxconfig
index 988e05dd66..8d021f7f17 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -39,7 +39,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSLCTX_MUTEXING is not set
+# CONFIG_SSL_CTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
 # CONFIG_PERFORMANCE_TESTING is not set
diff --git a/config/win32config b/config/win32config
index 6687e90707..9155617c00 100644
--- a/config/win32config
+++ b/config/win32config
@@ -43,7 +43,7 @@ CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
 CONFIG_X509_MAX_CA_CERTS=4
 CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSLCTX_MUTEXING is not set
+# CONFIG_SSL_CTX_MUTEXING is not set
 # CONFIG_USE_DEV_URANDOM is not set
 CONFIG_WIN32_USE_CRYPTO_LIB=y
 # CONFIG_PERFORMANCE_TESTING is not set
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 4804d56548..d1d8bd76a6 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -30,7 +30,7 @@
 #define BLOCKSIZE 4096
 
 #define INITIAL_CONNECTION_SLOTS 10
-#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS   0
 
 #define STATE_WANT_TO_READ_HEAD  1
 #define STATE_WANT_TO_SEND_HEAD  2
@@ -52,6 +52,7 @@ struct connstruct
     int reqtype;
     int networkdesc;
     int filedesc;
+    SSL *ssl;
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
 #ifdef WIN32
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 3f6eaba9fc..0f4514482b 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -48,6 +48,7 @@ static void reaper(int sigtype)
 #endif
 #endif
 
+#ifdef CONFIG_HTTP_VERBOSE  /* should really be in debug mode or something */
 /* clean up memory for valgrind */
 static void sigint_cleanup(int sig)
 {
@@ -96,6 +97,7 @@ static void die(int sigtype)
 {
     exit(0);
 }
+#endif
 
 int main(int argc, char *argv[]) 
 {
@@ -112,15 +114,19 @@ int main(int argc, char *argv[])
     WSADATA wsaData;
     WSAStartup(wVersionRequested,&wsaData);
 #else
-    signal(SIGQUIT, die);
     signal(SIGPIPE, SIG_IGN);
 #if defined(CONFIG_HTTP_HAS_CGI)
     signal(SIGCHLD, reaper);
 #endif
+#ifdef CONFIG_HTTP_VERBOSE
+    signal(SIGQUIT, die);
+#endif
 #endif
 
-    signal(SIGINT, sigint_cleanup);
+#ifdef CONFIG_HTTP_VERBOSE
     signal(SIGTERM, die);
+    signal(SIGINT, sigint_cleanup);
+#endif
     mime_init();
     tdate_init();
 
@@ -576,7 +582,7 @@ static void addconnection(int sd, char *ip, int is_ssl)
     tp->networkdesc = sd;
 
     if (is_ssl)
-        ssl_server_new(servers->ssl_ctx, sd);
+        tp->ssl = ssl_server_new(servers->ssl_ctx, sd);
 
     tp->is_ssl = is_ssl;
     tp->filedesc = -1;
@@ -632,7 +638,10 @@ void removeconnection(struct connstruct *cn)
     if (cn->networkdesc != -1) 
     {
         if (cn->is_ssl) 
-            ssl_free(ssl_find(servers->ssl_ctx, cn->networkdesc));
+        {
+            ssl_free(cn->ssl);
+            cn->ssl = NULL;
+        }
 
         SOCKET_CLOSE(cn->networkdesc);
     }
diff --git a/httpd/proc.c b/httpd/proc.c
index 753304f76c..ae2663e7e5 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -375,6 +375,7 @@ void procsendhead(struct connstruct *cn)
     {
         char tbuf[MAXREQUESTLENGTH];
         sprintf(tbuf, "%s%s", cn->actualfile, index_file);
+
         if (stat(tbuf, &stbuf) != -1) 
             strcat(cn->actualfile, index_file);
         else
@@ -429,9 +430,9 @@ void procsendhead(struct connstruct *cn)
 #if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
         flags |= O_BINARY;
 #endif
+        cn->filedesc = open(cn->actualfile, flags);
 
-        cn->filedesc = ax_open(cn->actualfile, flags);
-        if (cn->filedesc == -1) 
+        if (cn->filedesc < 0) 
         {
             send_error(cn, 404);
             return;
@@ -472,7 +473,7 @@ void procreadfile(struct connstruct *cn)
 {
     int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
 
-    if (rv == 0 || rv == -1) 
+    if (rv <= 0) 
     {
         close(cn->filedesc);
         cn->filedesc = -1;
@@ -516,7 +517,7 @@ static int special_write(struct connstruct *cn,
 {
     if (cn->is_ssl)
     {
-        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
+        SSL *ssl = cn->ssl;
         return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
     }
     else
@@ -530,10 +531,10 @@ static int special_read(struct connstruct *cn, void *buf, size_t count)
     if (cn->is_ssl)
     {
         uint8_t *read_buf;
-        SSL *ssl = ssl_find(servers->ssl_ctx, cn->networkdesc);
-
-        if ((res = ssl_read(ssl, &read_buf)) > SSL_OK)
+        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
+        {
             memcpy(buf, read_buf, res > (int)count ? count : res);
+        }
     }
     else
         res = SOCKET_READ(cn->networkdesc, buf, count);
diff --git a/ssl/Config.in b/ssl/Config.in
index f79d71be89..189aa0a11a 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -244,6 +244,16 @@ config CONFIG_WIN32_USE_CRYPTO_LIB
         This will be the default on most Win32 systems. If using Visual Studio
         6.0, then the SDK containing the crypto libraries must be used.
 
+config CONFIG_OPENSSL_COMPATIBLE
+    bool "Enable openssl API compatibility"
+    default n
+    help 
+        To ease the porting of openssl applications, a subset of the openssl
+        API is wrapped around the axTLS API.
+
+        Note: not all the API is implemented, so parts may still break. And
+        it's definitely not 100% compatible.
+
 config CONFIG_PERFORMANCE_TESTING
     bool "Build the bigint performance test tool"
     default n
diff --git a/ssl/Makefile b/ssl/Makefile
index 873d19f7f1..139011d3d1 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -57,6 +57,7 @@ OBJ=\
 	os_port.o \
 	loader.o \
 	md5.o \
+	openssl.o \
 	p12.o \
 	rsa.o \
 	rc4.o \
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 4f4ffa6989..8bbbfbcb5e 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -52,7 +52,15 @@ int get_file(const char *filename, uint8_t **buf)
     int total_bytes = 0;
     int bytes_read = 0; 
     int filesize;
-    FILE *stream = ax_fopen(filename, "rb");
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE         
+        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
+#endif
+        return -1;
+    }
 
     /* Win CE doesn't support stat() */
     fseek(stream, 0, SEEK_END);
diff --git a/ssl/loader.c b/ssl/loader.c
index b332998974..4c8c738c2f 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -35,8 +35,8 @@
 static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
                     SSLObjLoader *ssl_obj, const char *password);
 #ifdef CONFIG_SSL_HAS_PEM
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
-                        SSLObjLoader *ssl_obj, const char *password);
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
+                    const char *password);
 #endif
 
 /*
@@ -70,7 +70,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0)
     {
 #ifdef CONFIG_SSL_HAS_PEM
-        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
+        ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
 #else
         printf(unsupported_str);
         ret = SSL_ERROR_NOT_SUPPORTED;
@@ -279,8 +279,8 @@ static int pem_decrypt(const uint8_t *where, const uint8_t *end,
 /**
  * Take a base64 blob of data and turn it into its proper ASN.1 form.
  */
-static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where, 
-        int remain, const char *password)
+static int new_pem_obj(SSL_CTX *ssl_ctx, uint8_t *where, 
+                    int remain, const char *password)
 {
     int ret = SSL_OK;
     SSLObjLoader *ssl_obj = NULL;
@@ -324,9 +324,11 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
                     break;
 
                 case IS_CERTIFICATE:
-                    obj_type = is_cacert ?  
-                                    SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                    obj_type = SSL_OBJ_X509_CERT;
                     break;
+
+                default:
+                    goto error;
             }
 
             /* In a format we can now understand - so process it */
@@ -350,7 +352,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
 
     /* more PEM stuff to process? */
     if (remain)
-        ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
+        ret = new_pem_obj(ssl_ctx, end, remain, password);
 
 error:
     ssl_obj_free(ssl_obj);
@@ -360,8 +362,8 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, uint8_t *where,
 /*
  * Load a file into memory that is in ASCII PEM format.
  */
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
-                        SSLObjLoader *ssl_obj, const char *password)
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
+                                        const char *password)
 {
     uint8_t *start;
 
@@ -370,7 +372,6 @@ static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
     ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
     ssl_obj->buf[ssl_obj->len-1] = 0;
     start = ssl_obj->buf;
-    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
-                                start, ssl_obj->len, password);
+    return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
 }
 #endif /* CONFIG_SSL_HAS_PEM */
diff --git a/ssl/openssl.c b/ssl/openssl.c
new file mode 100644
index 0000000000..61e5b0f21a
--- /dev/null
+++ b/ssl/openssl.c
@@ -0,0 +1,180 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Lesser License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * Enable some openssl compatible functions. We don't aim to be 100%
+ * compatible - just to be able to do basic ports etc.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+#include <stdlib.h>
+#include <strings.h>
+#include "ssl.h"
+
+#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+void *SSLv23_server_method(void) { return NULL; }
+void *SSLv3_server_method(void) { return NULL; }
+void *TLSv1_server_method(void) { return NULL; }
+void *SSLv23_client_method(void) { return NULL; }
+void *SSLv3_client_method(void) { return NULL; }
+void *TLSv1_client_method(void) { return NULL; }
+
+typedef void * (*ssl_func_type_t)(void);
+
+typedef struct
+{
+    ssl_func_type_t ssl_func_type;
+} OPENSSL_CTX;
+
+SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
+{
+    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
+    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
+    OPENSSL_CTX_ATTR->ssl_func_type = meth;
+    return ssl_ctx;
+}
+
+void SSL_CTX_free(SSL_CTX * ssl_ctx)
+{
+    free(ssl_ctx->bonus_attr);
+    ssl_ctx_free(ssl_ctx);
+}
+
+SSL * SSL_new(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    ssl_func_type_t ssl_func_type;
+
+    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
+    ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (ssl_func_type == SSLv23_client_method ||
+        ssl_func_type == SSLv3_client_method ||
+        ssl_func_type == TLSv1_client_method)
+    {
+        SET_SSL_FLAG(SSL_IS_CLIENT);
+    }
+    else
+#endif
+    {
+        ssl->next_state = HS_CLIENT_HELLO;
+    }
+
+    return ssl;
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+    s->client_fd = fd;
+    return 1;   /* always succeeds */
+}
+
+int SSL_accept(SSL *ssl)
+{
+    while (ssl_read(ssl, NULL) == SSL_OK)
+    {
+        if (ssl->next_state == HS_CLIENT_HELLO)
+            return 1;   /* we're done */
+    }
+
+    return -1;
+}
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int SSL_connect(SSL *ssl)
+{
+    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
+}
+#endif
+
+void SSL_free(SSL *ssl)
+{
+    ssl_free(ssl);
+}
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+    uint8_t *read_buf;
+    int ret;
+
+    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
+
+    if (ret > SSL_OK)
+    {
+        memcpy(buf, read_buf, ret > num ? num : ret);
+    }
+
+    return ret;
+}
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+    return ssl_write(ssl, buf, num);
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
+{
+    return (ssl_obj_memory_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
+}
+
+#if 0
+const uint8_t *SSL_get_session(const SSL *ssl)
+{
+    /* TODO: return SSL_SESSION type */
+    return ssl_get_session_id(ssl);
+}
+#endif
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_set_cipher_list(SSL *s, const char *str)
+{
+    return 1;
+}
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+    ssl_display_error(ret);
+    return 0;   /* TODO: return proper return code */
+}
+
+int SSL_library_init(void ) { return 1; }
+void SSL_load_error_strings(void ) {}
+void ERR_print_errors_fp(FILE *fp) {}
+long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
+                            return CONFIG_SSL_EXPIRY_TIME*3600; }
+long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
+                            return SSL_CTX_get_timeout(ssl_ctx); }
+#endif
diff --git a/ssl/os_port.c b/ssl/os_port.c
index e494989075..9b25473897 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -111,10 +111,7 @@ EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
     FILE *f; 
 
     if ((f = fopen(pathname, type)) == NULL)
-    {
-        perror("open: ");
         exit_now(file_open_str, pathname);
-    }
 
     return  f;
 }
@@ -124,10 +121,7 @@ EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
     int x;
 
     if ((x = open(pathname, flags)) < 0)
-    {
-        perror("open: ");
         exit_now(file_open_str, pathname);
-    }
 
     return x;
 }
@@ -141,7 +135,7 @@ void exit_now(const char *format, ...)
     va_list argp;
 
     va_start(argp, format);
-    vsprintf(stderr, format, argp);
+    vfprintf(stderr, format, argp);
     va_end(argp);
     abort();
 }
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 00f4ceb294..54a7370dbf 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -31,7 +31,7 @@ extern "C" {
 
 #include <stdio.h>
 
-#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
+#if defined(WIN32)
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
 #else
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 3e366c44db..1ea8a80699 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -283,7 +283,7 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
  * @return The session id as a 32 byte sequence.
  * @note A SSLv23 handshake may have only 16 valid bytes.
  */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
 
 /**
  * @brief Return the cipher id (in the SSL form).
@@ -294,7 +294,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl);
  * - SSL_RC4_128_SHA (0x05)
  * - SSL_RC4_128_MD5 (0x04)
  */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
 
 /**
  * @brief Return the status of the handshake.
@@ -302,7 +302,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl);
  * @return SSL_OK if the handshake is complete and ok. 
  * @see ssl.h for the error code list.
  */
-EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl);
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
 
 /**
  * @brief Retrieve various parameters about the axTLS engine.
@@ -337,7 +337,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
  * @param ssl [in] An SSL object reference.
  * @return SSL_OK if the certificate is verified.
  */
-EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
 
 /**
  * @brief Retrieve an X.509 distinguished name component.
@@ -361,7 +361,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl);
  * @return The appropriate string (or null if not defined)
  * @note Verification build mode must be enabled.
  */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component);
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
 
 /**
  * @brief Force the client to perform its handshake again.
@@ -389,7 +389,8 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
  * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
  * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
  *
- * PEM files are automatically detected (if supported).
+ * PEM files are automatically detected (if supported). The object type is
+ * also detected, and so is not relevant for these types of files.
  * @param filename [in] The location of a file in DER/PEM format.
  * @param password [in] The password used. Can be null if not required.
  * @return SSL_OK if all ok
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6a9294feab..47b76dc31e 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -429,7 +429,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 /*
  * Retrieve an X.509 distinguished name component
  */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
 {
     if (ssl->x509_ctx == NULL)
         return NULL;
@@ -545,6 +545,7 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->certs = ssl_ctx->certs;
     ssl->chain_length = ssl_ctx->chain_length;
     ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
@@ -566,7 +567,6 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     }
 
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
-
     return ssl;
 }
 
@@ -1241,8 +1241,11 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                 break;
 
             case PT_APP_PROTOCOL_DATA:
-                *in_data = ssl->bm_data;    /* point to the work buffer */
-                (*in_data)[read_len] = 0;   /* null terminate just in case */
+                if (in_data)
+                {
+                    *in_data = ssl->bm_data;   /* point to the work buffer */
+                    (*in_data)[read_len] = 0;  /* null terminate just in case */
+                }
                 ret = read_len;
                 break;
 
@@ -1616,7 +1619,7 @@ void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
 /*
  * Get the session id for a handshake. This will be a 32 byte sequence.
  */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
 {
     return ssl->session_id;
 }
@@ -1624,7 +1627,7 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(SSL *ssl)
 /*
  * Return the cipher id (in the SSL form).
  */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
 {
     return ssl->cipher;
 }
@@ -1632,7 +1635,7 @@ EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(SSL *ssl)
 /*
  * Return the status of the handshake.
  */
-EXP_FUNC int STDCALL ssl_handshake_status(SSL *ssl)
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
 {
     return ssl->hs_status;
 }
@@ -1678,7 +1681,7 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
 /**
  * Authenticate a received certificate.
  */
-EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 {
     int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
 
@@ -2029,7 +2032,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
     return -1;
 }
 
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(SSL *ssl, int component)
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
 {
     printf(unsupported_str);
     return NULL;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index bb2b4d4b33..d2ebeefe08 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -212,6 +212,9 @@ struct _SSL_CTX
 #ifdef CONFIG_SSL_CTX_MUTEXING
     SSL_CTX_MUTEX_TYPE mutex;
 #endif
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+    void *bonus_attr;
+#endif
 };
 
 typedef struct _SSL_CTX SSL_CTX;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index d5593e0f83..133f9db69b 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -41,7 +41,6 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->next_state = HS_CLIENT_HELLO;
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
 
 #ifdef CONFIG_SSL_FULL_MODE
     if (ssl_ctx->chain_length == 0)

From 1320185e875d5ccdb622df1fde55fa901a3cc358 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 25 Feb 2007 04:25:17 +0000
Subject: [PATCH 054/301] added TiddlyWiki page

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@65 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 CHANGELOG                          |    24 -
 LICENSE                            |   178 -
 README                             |   161 +-
 config/axhttpd.aip                 |    38 +-
 config/linuxconfig                 |     2 +-
 config/win32config                 |     2 +-
 httpd/Config.in                    |     2 +-
 httpd/README                       |    68 -
 ssl/openssl.c                      |    29 +-
 ssl/ssl.h                          |     3 +-
 www/index.html                     | 10895 +++++++++++++++++----------
 www/index_files/crypto_2600des.gif |   Bin 15768 -> 0 bytes
 www/index_files/crypto_3ways.gif   |   Bin 17993 -> 0 bytes
 www/index_files/crypto_backrsa.jpg |   Bin 6750 -> 0 bytes
 www/index_files/crypto_cert.gif    |   Bin 17873 -> 0 bytes
 www/index_files/crypto_des.gif     |   Bin 7085 -> 0 bytes
 www/index_files/crypto_ecc.gif     |   Bin 4700 -> 0 bytes
 www/index_files/crypto_sslv3.gif   |   Bin 30156 -> 0 bytes
 www/index_files/crypto_types.gif   |   Bin 11401 -> 0 bytes
 www/index_files/kerberos.gif       |   Bin 20772 -> 0 bytes
 www/test_dir/bin/.htaccess         |     1 +
 21 files changed, 7155 insertions(+), 4248 deletions(-)
 delete mode 100644 CHANGELOG
 delete mode 100644 LICENSE
 delete mode 100644 httpd/README
 delete mode 100644 www/index_files/crypto_2600des.gif
 delete mode 100644 www/index_files/crypto_3ways.gif
 delete mode 100644 www/index_files/crypto_backrsa.jpg
 delete mode 100644 www/index_files/crypto_cert.gif
 delete mode 100644 www/index_files/crypto_des.gif
 delete mode 100644 www/index_files/crypto_ecc.gif
 delete mode 100644 www/index_files/crypto_sslv3.gif
 delete mode 100644 www/index_files/crypto_types.gif
 delete mode 100644 www/index_files/kerberos.gif
 create mode 100644 www/test_dir/bin/.htaccess

diff --git a/CHANGELOG b/CHANGELOG
deleted file mode 100644
index 80ba19027d..0000000000
--- a/CHANGELOG
+++ /dev/null
@@ -1,24 +0,0 @@
-Changes since 1.0.0
-
-* AES should now work on 16bit processors (there was an alignment problem).
-* Various freed objects are cleared before freeing.
-* Header files now installed in /usr/local/include/axTLS.
-* -DCYGWIN replaced with -DCONFIG_PLATFORM_CYGWIN (and the same for solaris).
-* removed "-noextern" option in Swig. Fixed some other warnings in Win32.
-* SSLCTX changed to SSL_CTX (to be consistent with openssl).
-* malloc()/open() etc call abort() on failure.
-* Fixed a memory leak in directory listings.
-* Added openssl() compatibility functions.
-* Fixed cygwin 'make install' issue.
-
-axhttpd Changes
-* main.c now becomes axhttpd.c.
-* Header file issue fixed (in mime_types.c).
-* chroot() now used for better security.
-* Basic authentication implemented (via .htpasswd).
-* SSL access/denial protection implemented (via .htaccess).
-* Directory access protection implemented (via .htaccess).
-* Can now have more than one CGI file extension in mconf.
-* "If-Modified-Since" request now handled properly.
-* Performance tweaks to remove ssl_find() 
-
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index 32e42d5a8a..0000000000
--- a/LICENSE
+++ /dev/null
@@ -1,178 +0,0 @@
-GNU LESSER GENERAL PUBLIC LICENSE
-
-Version 2.1, February 1999
-
-Copyright (C) 1991, 1999 Free Software Foundation, Inc.
-51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-Everyone is permitted to copy and distribute verbatim copies
-of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL.  It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
-Preamble
-
-The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
-
-This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.
-
-When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.
-
-To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.
-
-For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.
-
-We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.
-
-To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.
-
-Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.
-
-Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.
-
-When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.
-
-We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.
-
-For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.
-
-In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.
-
-Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
-
-The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
-
-TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
-
-A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.
-
-The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)
-
-"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.
-
-Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.
-
-1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.
-
-You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
-
-2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
-
-    * a) The modified work must itself be a software library.
-    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.
-    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.
-    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.
-
-      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)
-
-      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
-
-      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.
-
-      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 
-
-3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.
-
-Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
-
-This option is useful when you wish to copy part of the code of the Library into a program that is not a library.
-
-4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
-
-If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
-
-5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
-
-However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
-
-When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.
-
-If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)
-
-Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.
-
-6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
-
-You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:
-
-    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)
-    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.
-    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.
-    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.
-    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. 
-
-For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
-
-It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.
-
-7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:
-
-    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.
-    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 
-
-8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
-
-9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.
-
-10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.
-
-11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
-
-This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
-
-12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
-
-13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
-
-14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
-
-NO WARRANTY
-
-15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-END OF TERMS AND CONDITIONS
-How to Apply These Terms to Your New Libraries
-
-If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).
-
-To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
-
-one line to give the library's name and an idea of what it does.
-Copyright (C) year  name of author
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:
-
-Yoyodyne, Inc., hereby disclaims all copyright interest in
-the library `Frob' (a library for tweaking knobs) written
-by James Random Hacker.
-
-signature of Ty Coon, 1 April 1990
-Ty Coon, President of Vice
-
diff --git a/README b/README
index fcc18121b8..c8926d9bfc 100644
--- a/README
+++ b/README
@@ -1,162 +1,3 @@
-########################################################################
-# axTLS Quick-Start Guide
-########################################################################
 
-This is a guide to get a small SSL web-server up and running quickly.
-
-########################################################################
-# Introduction
-########################################################################
-The axTLS project is an SSL client/server library using the TLSv1 protocol. 
-It is designed to be small and fast, and is suited to embedded projects. A web
-server is included.
-
-The web server + SSL library is around 50-60kB and is configurable for
-features or size.
-
-########################################################################
-# Compilation
-########################################################################
-
-All platforms require GNU make. This means on Win32 that Cygwin needs to be
-installed with "make" and various developer options selected. 
-
-Configuration now uses a tool called "mconf" which gives a nice way to
-configure options (similar to what is used in BusyBox and the Linux kernel).
-
-You should be able to compile axTLS simply by extracting it, change into
-the extracted directory and typing:
-
->  make
-
-Select your platform type, save the configuration, exit, and then 
-type "make" again.
-
-If all goes well, you should end up with an executable called "axhttpd" (or
-axhttpd.exe) in the _stage directory.
-
-To play with all the various axTLS options, type:
-
->  make menuconfig
-
-Save the new configuration and rebuild.
-
-########################################################################
-# Running it
-########################################################################
-
-To run it, go to the _stage directory, and type (as superuser):
-
-> axhttpd
-
-And then point your browser at:
-
-https://127.0.0.1
-
-And you should see a html page with a padlock appearing on your browser.
-
-or type:
-
-http://127.0.0.1
-
-to see the same page unencrypted.
-
-########################################################################
-# The axssl utilities
-########################################################################
-
-The axssl suite of tools are the SSL test tools in the various language
-bindings. They are:
-
-axssl           - C sample
-axssl.csharp    - C# sample
-axssl.vbnet     - VB.NET sample
-axtls.jar       - Java sample
-axssl.pl        - Perl sample
-
-All the tools have identical command-line parameters. e.g. to run something
-interesting:
-
-> axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509
-
-and
-
-> axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key \
-  ../ssl/test/axTLS.key_1024 -reconnect
-
-C#
-==
-If building under Linux or other non-Win32 platforms, Mono must be installed
-and the executable is run as:
-
-> mono axssl.csharp.exe ...
-
-Java
-====
-The java version is run as:
-
-> java -jar axtls.jar <options>
-
-Perl
-====
-> [perl] ./axssl.pl <options>
-
-If running under Win32, be sure to use the correct version of Perl (i.e.
-ActiveState's version works ok).
-
-########################################################################
-# Known Issues
-########################################################################
-
-* Firefox doesn't handle legacy SSLv2 at all well. Disabling SSLv2 still 
-  initiates a SSLv23 handshake (v1.5). And continuous pressing of the 
-  "Reload" page instigates a change to SSLv3 for some reason (even though the 
-  TLS 1.0 option is selected). This will cause a "Firefox and <server> cannot 
-  communicate securely because they have no common encryption 
-  algorithms" (v1.5), or "Firefox can't connect to <server> because the site 
-  uses a security protocol which isn't enabled" (v2.0). See bugzilla issues 
-  343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).
-
-* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile
-  the latest version of Perl on an AMD64 box (using FC3).
-
-* Java 1.4 or better is required for the Java interfaces.
-
-* Processes that fork can't use session resumption unless some form of IPC is
-  used.
-
-* Ensure libperl.so and libaxtls.so are in the shared library path when 
-  running with the perl bindings. A way to do this is with:
-
-  export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.
-
-* The default Microsoft .NET SDK is v2.0.50727. Download from:
-  http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.
-
-Win32 issues
-============
-* Be careful about doing .NET executions on network drives - .NET complains 
-  with security exceptions on the binary. TODO: Add a manifest file to prevent
-  this.
-
-* The test harness appears to be broken under VC8.0. Debugging shows a problem
-  the _close() function which is weird. CGI is also broken under VC8.0.
-
-* CGI works under Win32, but needs some more work to get it right.
-
-Solaris issues
-==============
-* mconf doesn't work well - some manual tweaking is required for string values.
-
-* GNU make is required and needs to be in $PATH.
-
-* To get swig's library dependencies to work (and for the C library to be
-  found), I needed to type:
-  > export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.
-
-Cygwin issues
-=============
-* The bindings all compile but don't run under Cygwin with the exception of
-  Perl. This is due to win32 executables being incompatible with Cygwin 
-  libraries.
+See www/index.html for the README, CHANGELOG, LICENSE and other notes.
 
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index d252672c4e..f80a1cf6f7 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -21,9 +21,9 @@
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
     <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
-    <ROW Directory="index_files_DIR" Directory_Parent="www_DIR" DefaultDir="index_~1|index_files"/>
+    <ROW Directory="bin_DIR" Directory_Parent="test_dir_DIR" DefaultDir="bin"/>
+    <ROW Directory="no_http_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_http"/>
     <ROW Directory="no_ssl_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_ssl"/>
-    <ROW Directory="ssl_only_DIR" Directory_Parent="test_dir_DIR" DefaultDir="ssl_only"/>
     <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
     <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
   </COMPONENT>
@@ -37,15 +37,15 @@
     <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
     <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
-    <ROW Component="crypto_2600des.gif_1" ComponentId="{F3B3E37C-D940-4899-B312-0E244D6AF720}" Directory_="index_files_DIR" Attributes="0" KeyPath="crypto_2600des.gif_1" FullKeyPath="APPDIR\www\index_files"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
     <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
     <ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
-    <ROW Component="htaccess_1" ComponentId="{83B45D66-AD6D-4E9B-8DC8-7910708E1F3A}" Directory_="ssl_only_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\ssl_only"/>
+    <ROW Component="htaccess_1" ComponentId="{953D1999-CC00-4F85-9B48-2CD83ACAE2F9}" Directory_="no_http_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\no_http"/>
+    <ROW Component="htaccess_2" ComponentId="{6F181A8B-B313-47E2-AF79-AABFDBD353D8}" Directory_="bin_DIR" Attributes="0" KeyPath="htaccess_2" FullKeyPath="APPDIR\www\test_dir\bin"/>
     <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h crypto_2600des.gif_1 health.sh htpasswd.exe another_dir htaccess htaccess_1"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h health.sh htpasswd.exe another_dir htaccess htaccess_2 htaccess_1"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
@@ -61,28 +61,20 @@
     <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
     <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="crypto_2600des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.gif|crypto_2600des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_2600des.gif" SelfReg="false" Sequence="18"/>
-    <ROW File="crypto_3ways.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~2.gif|crypto_3ways.gif" Attributes="0" SourcePath="..\www\index_files\crypto_3ways.gif" SelfReg="false" Sequence="19"/>
-    <ROW File="crypto_backrsa.jpg_1" Component_="crypto_2600des.gif_1" FileName="crypto~1.jpg|crypto_backrsa.jpg" Attributes="0" SourcePath="..\www\index_files\crypto_backrsa.jpg" SelfReg="false" Sequence="20"/>
-    <ROW File="crypto_cert.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~3.gif|crypto_cert.gif" Attributes="0" SourcePath="..\www\index_files\crypto_cert.gif" SelfReg="false" Sequence="21"/>
-    <ROW File="crypto_des.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~4.gif|crypto_des.gif" Attributes="0" SourcePath="..\www\index_files\crypto_des.gif" SelfReg="false" Sequence="22"/>
-    <ROW File="crypto_ecc.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~5.gif|crypto_ecc.gif" Attributes="0" SourcePath="..\www\index_files\crypto_ecc.gif" SelfReg="false" Sequence="23"/>
-    <ROW File="crypto_sslv3.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~6.gif|crypto_sslv3.gif" Attributes="0" SourcePath="..\www\index_files\crypto_sslv3.gif" SelfReg="false" Sequence="24"/>
-    <ROW File="crypto_types.gif_1" Component_="crypto_2600des.gif_1" FileName="crypto~7.gif|crypto_types.gif" Attributes="0" SourcePath="..\www\index_files\crypto_types.gif" SelfReg="false" Sequence="25"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="27"/>
-    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="31"/>
-    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htaccess" SelfReg="false" Sequence="33"/>
-    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\ssl_only\.htpasswd" SelfReg="false" Sequence="34"/>
-    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="30"/>
+    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="18"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="22"/>
+    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="25"/>
+    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="24"/>
+    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="26"/>
+    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="21"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="32"/>
-    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\ssl_only\index.html" SelfReg="false" Sequence="35"/>
-    <ROW File="kerberos.gif_1" Component_="crypto_2600des.gif_1" FileName="kerberos.gif" Attributes="0" SourcePath="..\www\index_files\kerberos.gif" SelfReg="false" Sequence="26"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="23"/>
+    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="27"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="28"/>
+    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="19"/>
     <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="29"/>
+    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="20"/>
     <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
diff --git a/config/linuxconfig b/config/linuxconfig
index 8d021f7f17..4ba7d43d25 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -54,7 +54,7 @@ CONFIG_HTTP_HTTPS_PORT=443
 CONFIG_HTTP_SESSION_CACHE_SIZE=5
 CONFIG_HTTP_WEBROOT="../www"
 CONFIG_HTTP_PORT=80
-CONFIG_HTTP_TIMEOUT=5
+CONFIG_HTTP_TIMEOUT=300
 # CONFIG_HTTP_HAS_CGI is not set
 CONFIG_HTTP_CGI_EXTENSIONS=""
 # CONFIG_HTTP_DIRECTORIES is not set
diff --git a/config/win32config b/config/win32config
index 9155617c00..a90b85a0ef 100644
--- a/config/win32config
+++ b/config/win32config
@@ -58,7 +58,7 @@ CONFIG_HTTP_PORT=80
 CONFIG_HTTP_HTTPS_PORT=443
 CONFIG_HTTP_SESSION_CACHE_SIZE=5
 CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_TIMEOUT=5
+CONFIG_HTTP_TIMEOUT=300
 # CONFIG_HTTP_HAS_CGI is not set
 CONFIG_HTTP_CGI_EXTENSIONS=""
 CONFIG_HTTP_DIRECTORIES=y
diff --git a/httpd/Config.in b/httpd/Config.in
index 2dfe558f10..cfac618611 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -49,7 +49,7 @@ config CONFIG_HTTP_WEBROOT
 
 config CONFIG_HTTP_TIMEOUT
     int "Timeout"
-    default 5
+    default 300
     help
         Set the timeout of a connection in seconds.
 
diff --git a/httpd/README b/httpd/README
deleted file mode 100644
index 8ab78cbd30..0000000000
--- a/httpd/README
+++ /dev/null
@@ -1,68 +0,0 @@
-
-axhttpd is a small embedded web server using the axTLS library.
-
-It is based originally on the web server written by Doug Currie which is at:
-http://www.hcsw.org/awhttpd.
-
-*****************************************************************************
-*                       axhttpd Features                                    *
-*****************************************************************************
-
-Basic Authentication
-====================
-
-Basic Authentication uses a password file called  ".htpasswd", in the 
-directory to be  protected. This file is formatted as the familiar 
-colon-separated username/encrypted-password pair, records delimited by 
-newlines. The protection does not carry over to subdirectories. The 
-utility program htpasswd is included to help manually edit .htpasswd files.
-
-The encryption of this password uses a proprietary algorithm due to the 
-dependency of many crypt libraries on DES.
-
-An example is in /test_dir/ssl_only (username 'abcd', password is '1234').
-
-Note: This is an mconf configuration option.
-
-SSL Protection
-====================
-
-Directories/files can be accessed using the 'http' or 'https' uri prefix. If
-normal http access for a directory needs to be disabled, then put
-"SSLRequireSSL" into a '.htaccess' file in the directory to be protected.
-
-Conversely, use "SSLDenySSL" to deny access to directories via SSL.
-
-An example is in /test_dir/no_http and /test_dir/no_ssl.
-
-Entire directories can be denied access with a "Deny all" directive
-(regardless of SSL or authentication).
-
-CGI
-===
-
-chroot() is now used for added security. However this has the impact of
-removing the regular filesystem, so any CGI applications no longer have the 
-usual access (to things like /bin, /lib etc).
-
-So any executables and libraries need to be copied into webroot.
-
-Failure to do so will result in mystical blank screens (and probably hundreds
-of axhttpd instances being created...).
-
-Directory Listing
-=================
-
-An mconf option. Allow the files in directories to be displayed.
-
-Permissions Checking
-=====================
-
-An mconf option. This will display the various file permissions to standard
-output of files in web root.
-
-Other Features
-==============
-
-Check the help options in mconf for all the other features used.
-
diff --git a/ssl/openssl.c b/ssl/openssl.c
index 61e5b0f21a..4254bc7026 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -17,8 +17,11 @@
  */
 
 /*
- * Enable some openssl compatible functions. We don't aim to be 100%
+ * Enable a subset of openssl compatible functions. We don't aim to be 100%
  * compatible - just to be able to do basic ports etc.
+ *
+ * Only really tested on mini_httpd, so I'm not too sure how extensive this
+ * port is.
  */
 
 #include "config.h"
@@ -26,9 +29,11 @@
 #ifdef CONFIG_OPENSSL_COMPATIBLE
 #include <stdlib.h>
 #include <strings.h>
+#include <stdarg.h>
 #include "ssl.h"
 
 #define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+
 void *SSLv23_server_method(void) { return NULL; }
 void *SSLv3_server_method(void) { return NULL; }
 void *TLSv1_server_method(void) { return NULL; }
@@ -37,6 +42,7 @@ void *SSLv3_client_method(void) { return NULL; }
 void *TLSv1_client_method(void) { return NULL; }
 
 typedef void * (*ssl_func_type_t)(void);
+typedef void * (*bio_func_type_t)(void);
 
 typedef struct
 {
@@ -170,6 +176,7 @@ int SSL_get_error(const SSL *ssl, int ret)
     return 0;   /* TODO: return proper return code */
 }
 
+void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
 int SSL_library_init(void ) { return 1; }
 void SSL_load_error_strings(void ) {}
 void ERR_print_errors_fp(FILE *fp) {}
@@ -177,4 +184,24 @@ long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) {
                             return CONFIG_SSL_EXPIRY_TIME*3600; }
 long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
                             return SSL_CTX_get_timeout(ssl_ctx); }
+void BIO_printf(FILE *f, const char *format, ...)
+{
+    va_list(ap);
+    va_start(ap, format);
+    vfprintf(f, format, ap);
+    va_end(ap);
+}
+
+void* BIO_s_null(void) {}
+FILE *BIO_new(bio_func_type_t func)
+{
+    if (func == BIO_s_null)
+        return fopen("/dev/null", "r");
+}
+
+FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
+int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
+
+
+
 #endif
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 1ea8a80699..7cdab2aa86 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -32,7 +32,8 @@
  * - Highly configurable compile time options.
  * - Portable across many platforms (written in ANSI C), and has language
  * bindings in C, C#, VB.NET, Java and Perl.
- * - A very small footprint for a HTTPS server (around 50-60kB in 'server-only'
+ * - Partial openssl API compatibility (via a wrapper).
+ * - A very small footprint for a HTTPS server (around 60-70kB in 'server-only'
  * mode).
  * - No dependencies on sockets - can use serial connections for example.
  * - A very simple API - ~ 20 functions/methods.
diff --git a/www/index.html b/www/index.html
index 5a391a34c9..f09fa6a3aa 100644
--- a/www/index.html
+++ b/www/index.html
@@ -1,3790 +1,7105 @@
-<html><head><title>An Overview of Cryptography</title>
-
-
-<meta name="keywords" content="crypto tutorial, cryptography tutorial, DES tutorial, RSA tutorial, Diffie-Hellman tutorial, IPsec tutorial, PGP tutorial, SSL tutorial, ECC tutorial, elliptic curve cryptography tutorial, AES tutorial, Rijndael tutorial, secret key cryptography, public key cryptography, hash functions"></head><body bgcolor="#ffffff">
-<font size="3">
-</font><center>
-<h1>
-<font size="3"><font color="blue" face="arial">
-An Overview of Cryptography
-</font>
-</font></h1>
-<h3>
-<font size="3"><i><a href="mailto:kumquat@sover.net">Gary C. Kessler</a></i><br>
-May 1998<br>
-(1 August 2006)
-</font></h3>
-<font size="3"><br>
-</font><blockquote>
-<h4>
-<font size="3">A much shorter, edited version of this paper appears in the 1999 Edition of <i>Handbook on Local Area Networks</i>, published by Auerbach in September 1998. Since that time, this article has taken on a life of its own...
-</font></h4>
-</blockquote>
-</center>
-
-<hr>
-<table align="center" border="0">
-<tbody><tr>
-<td valign="top" width="490">
-<center><h3>CONTENTS</h3></center>
-<ul>
-<a href="#intro"><b>1. INTRODUCTION</b></a><br>
-<a href="#purpose"><b>2. THE PURPOSE OF CRYPTOGRAPHY</b></a><br>
-<a href="#types"><b>3. TYPES OF CRYPTOGRAPHIC ALGORITHMS</b></a><br>
-<ul>
-<a href="#skc">3.1. Secret Key Cryptography</a><br>
-<a href="#pkc">3.2. Public-Key Cryptography</a><br>
-<a href="#hash">3.3. Hash Functions</a><br>
-<a href="#why3">3.4. Why Three Encryption Techniques?</a><br>
-<a href="#keylen">3.5. The Significance of Key Length</a>
-</ul>
-<a href="#trust"><b>4. TRUST MODELS</b></a><br>
-<ul>
-<a href="#pgpweb">4.1. PGP Web of Trust</a><br>
-<a href="#kerb">4.2. Kerberos</a><br>
-<a href="#pkcca">4.3. Public Key Certificates and Certification Authorities</a><br>
-<a href="#trustsumm">4.4. Summary</a><br>
-</ul>
-<a href="#algorithms"><b>5. CRYPTOGRAPHIC ALGORITHMS IN ACTION</b></a><br>
-
-<ul>
-<a href="#password">5.1. Password Protection</a><br>
-<a href="#dhmath">5.2. Some of the Finer Details of Diffie-Hellman Key Exchange</a><br>
-<a href="#rsamath">5.3. Some of the Finer Details of RSA Public-Key Cryptography</a><br>
-<a href="#desmath">5.4. Some of the Finer Details of DES, Breaking DES, and DES Variants</a><br>
-<a href="#pgp">5.5. Pretty Good Privacy (PGP)</a><br>
-<a href="#ipsec">5.6. IP Security (IPsec) Protocol</a><br>
-<a href="#ssl">5.7. The SSL "Family" of Secure Transaction Protocols for the World Wide Web</a><br>
-<a href="#ecc">5.8. Elliptic Curve Cryptography</a><br>
-<a href="#aes">5.9. The Advanced Encryption Standard and Rijndael</a><br>
-<a href="#stream">5.10. Cisco's Stream Cipher</a><br>
-</ul>
-<a href="#conclusion"><b>6. CONCLUSION... OF SORTS</b></a><br>
-<a href="#refs"><b>7. REFERENCES AND FURTHER READING</b></a><br>
-<a href="#mathnotes"><b>A. SOME MATH NOTES</b></a><br>
-<ul>
-<a href="#xor">A.1. The Exclusive-OR (XOR) Function</a><br>
-<a href="#modulo">A.2. The <i>modulo</i> Function</a><br>
-</ul>
-<a href="#author"><b>ABOUT THE AUTHOR</b></a><br>
-</ul>
-
-</td><td width="10">&nbsp;
-
-</td><td valign="top" width="400">
-<center><h3>FIGURES</h3></center>
-<ol>
-<li><a href="#fig01">Three types of cryptography: secret-key, public key, and hash function.</a>
-</li><li><a href="#fig02">Sample application of the three cryptographic techniques for secure communication.</a>
-</li><li><a href="#fig03">Kerberos architecture.</a>
-</li><li><a href="#fig04">GTE Cybertrust Global Root-issued certificate (Netscape Navigator).</a>
-</li><li><a href="#fig05">Sample entries in Unix/Linux password files.</a>
-</li><li><a href="#fig06">DES enciphering algorithm.</a>
-</li><li><a href="#fig07">A PGP signed message.</a>
-</li><li><a href="#fig08">A PGP encrypted message.</a>
-</li><li><a href="#fig09">The decrypted message.</a>
-</li><li><a href="#fig10">IPsec Authentication Header format.</a>
-</li><li><a href="#fig11">IPsec Encapsulating Security Payload format.</a>
-</li><li><a href="#fig12">IPsec tunnel and transport modes for AH.</a>
-</li><li><a href="#fig13">IPsec tunnel and transport modes for ESP.</a>
-</li><li><a href="#fig14">SSL v3 configuration screen (Netscape Navigator).</a>
-</li><li><a href="#fig15">SSL/TLS protocol handshake.</a>
-</li><li><a href="#fig16">Elliptic curve addition.</a>
-</li><li><a href="#fig17">AES pseudocode.</a>
-</li></ol>
-<center><h3>TABLES</h3></center>
-<ol>
-<li><a href="#tab01">Minimum Key Lengths for Symmetric Ciphers.</a>
-</li><li><a href="#tab02">Contents of an X.509 V3 Certificate.</a>
-</li><li><a href="#tab03">Other Crypto Algorithms and Systems of Note.</a>
-</li><li><a href="#tab04">ECC and RSA Key Comparison.</a>
-</li></ol>
-</td></tr></tbody></table>
-<hr>
-
-<blockquote>
-<font size="3"><br>
-</font><center><h3><font size="3"><font color="blue" face="arial"><a name="intro">1. INTRODUCTION</a></font></font></h3></center>
-<p>
-<font size="3">Does increased security provide comfort to paranoid
-people? Or does security provide some very basic protections that we
-are naive to believe that we don't need? During this time when the
-Internet provides essential communication between tens of millions of
-people and is being increasingly used as a tool for commerce, security
-becomes a tremendously important issue to deal with.
-</font></p><p>
-<font size="3">There are many aspects to security and many
-applications, ranging from secure commerce and payments to private
-communications and protecting passwords. One essential aspect for
-secure communications is that of cryptography, which is the focus of
-this chapter. But it is important to note that while cryptography is <i>necessary</i> for secure communications, it is not by itself <i>sufficient</i>.
-The reader is advised, then, that the topics covered in this chapter
-only describe the first of many steps necessary for better security in
-any number of situations.
-</font></p><p>
-<font size="3">This paper has two major purposes. The first is to
-define some of the terms and concepts behind basic cryptographic
-methods, and to offer a way to compare the myriad cryptographic schemes
-in use today. The second is to provide some real examples of
-cryptography in use today.
-</font></p><p>
-<font size="3">I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in <i>current</i>
-use and is not a treatise of the whole field. No mention is made here
-about pre-computerized crypto schemes, the difference between a
-substitution and transposition cipher, cryptanalysis, or other history.
-Interested readers should check out some of the books in the
-bibliography below for this detailed &#8212; and interesting! &#8212; background
-information.</font></p>
-
-<font size="3"><br>
-</font><center><h3><font size="3"><font color="blue" face="arial"><a name="purpose">2. THE PURPOSE OF CRYPTOGRAPHY</a></font></font></h3></center>
-<p>
-<font size="3">Cryptography is the science of writing in secret code
-and is an ancient art; the first documented use of cryptography in
-writing dates back to circa 1900 B.C. when an Egyptian scribe used
-non-standard hieroglyphs in an inscription. Some experts argue that
-cryptography appeared spontaneously sometime after writing was
-invented, with applications ranging from diplomatic missives to
-war-time battle plans. It is no surprise, then, that new forms of
-cryptography came soon after the widespread development of computer
-communications. In data and telecommunications, cryptography is
-necessary when communicating over any untrusted medium, which includes
-just about <i>any</i> network, particularly the Internet.</font></p>
-<p>
-<font size="3">Within the context of any application-to-application communication, there are some specific security requirements, including:</font></p>
-<ul>
-<font size="3"><li><i>Authentication:</i> The process of proving one's
-identity. (The primary forms of host-to-host authentication on the
-Internet today are name-based or address-based, both of which are
-notoriously weak.)</li>
-<li><i>Privacy/confidentiality:</i> Ensuring that no one can read the message except the intended receiver.</li>
-<li><i>Integrity:</i> Assuring the receiver that the received message has not been altered in any way from the original.</li>
-<li><i>Non-repudiation:</i> A mechanism to prove that the sender really sent this message.</li>
-</font></ul>
-<p>
-<font size="3">Cryptography, then, not only protects data from theft or
-alteration, but can also be used for user authentication. There are, in
-general, three types of cryptographic schemes typically used to
-accomplish these goals: secret key (or symmetric) cryptography,
-public-key (or asymmetric) cryptography, and hash functions, each of
-which is described below. In all cases, the initial unencrypted data is
-referred to as <i>plaintext</i>. It is encrypted into <i>ciphertext</i>, which will in turn (usually) be decrypted into usable plaintext.</font></p>
-<p>
-<font size="3">In many of the descriptions below, two communicating
-parties will be referred to as Alice and Bob; this is the common
-nomenclature in the crypto field and literature to make it easier to
-identify the communicating parties. If there is a third or fourth party
-to the communication, they will be referred to as Carol and Dave.
-Mallory is a malicious party, Eve is an eavesdropper, and Trent is a
-trusted third party.</font></p>
-
-<font size="3"><br>
-</font><center><h3><font size="3"><font color="blue" face="arial"><a name="types">3. TYPES OF CRYPTOGRAPHIC ALGORITHMS</a></font></font></h3></center>
-<p>
-<font size="3">There are several ways of classifying cryptographic
-algorithms. For purposes of this paper, they will be categorized based
-on the number of keys that are employed for encryption and decryption,
-and further defined by their application and use. The three types of
-algorithms that will be discussed are (Figure 1):
-</font></p><ul>
-<font size="3"><li>Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
-</li><li>Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
-</li><li>Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
-</li></font></ul>
-<font size="3"><a name="fig01"></a><br>
-</font><center><table border="1"><tbody><tr><td>
-<img src="index_files/crypto_types.gif">
-<br><br>
-<h4>FIGURE 1: Three types of cryptography: secret-key, public key, and hash function.</h4>
-</td></tr></tbody></table>
-</center>
-
-<font size="3"><br><br>
-<a name="skc"><h3>3.1. Secret Key Cryptography</h3></a>
-</font><p>
-<font size="3">With <i>secret key cryptography</i>, a single key is
-used for both encryption and decryption. As shown in Figure 1A, the
-sender uses the key (or some set of rules) to encrypt the plaintext and
-sends the ciphertext to the receiver. The receiver applies the same key
-(or ruleset) to decrypt the message and recover the plaintext. Because
-a single key is used for both functions, secret key cryptography is
-also called <i>symmetric encryption</i>.</font></p>
-<p>
-<font size="3">With this form of cryptography, it is obvious that the
-key must be known to both the sender and the receiver; that, in fact,
-is the secret. The biggest difficulty with this approach, of course, is
-the distribution of the key.</font></p>
-<p>
-<font size="3">Secret key cryptography schemes are generally categorized as being either <i>stream ciphers</i> or <i>block ciphers</i>.
-Stream ciphers operate on a single bit (byte or computer word) at a
-time and implement some form of feedback mechanism so that the key is
-constantly changing. A block cipher is so-called because the scheme
-encrypts one block of data at a time using the same key on each block.
-In general, the same plaintext block will always encrypt to the same
-ciphertext when using the same key in a block cipher whereas the same
-plaintext will encrypt to different ciphertext in a stream cipher.</font></p>
-<p>
-<font size="3">Stream ciphers come in several flavors but two are worth mentioning here. <i>Self-synchronizing stream ciphers</i> calculate each bit in the keystream as a function of the previous <i>n</i>
-bits in the keystream. It is termed "self-synchronizing" because the
-decryption process can stay synchronized with the encryption process
-merely by knowing how far into the <i>n</i>-bit keystream it is. One problem is error propagation; a garbled bit in transmission will result in <i>n</i> garbled bits at the receiving side. <i>Synchronous stream ciphers</i>
-generate the keystream in a fashion independent of the message stream
-but by using the same keystream generation function at sender and
-receiver. While stream ciphers do not propagate transmission errors,
-they are, by their nature, periodic so that the keystream will
-eventually repeat.</font></p>
-<p>
-<font size="3">Block ciphers can operate in one of several modes; the following four are the most important:</font></p>
-<ul>
-<font size="3"><li><i>Electronic Codebook (ECB) mode</i> is the
-simplest, most obvious application: the secret key is used to encrypt
-the plaintext block to form a ciphertext block. Two identical plaintext
-blocks, then, will always generate the same ciphertext block. Although
-this is the most common mode of block ciphers, it is susceptible to a
-variety of brute-force attacks.</li>
-<li><i>Cipher Block Chaining (CBC) mode</i> adds a feedback mechanism
-to the encryption scheme. In CBC, the plaintext is exclusively-ORed
-(XORed) with the previous ciphertext block prior to encryption. In this
-mode, two identical blocks of plaintext never encrypt to the same
-ciphertext.</li>
-<li><i>Cipher Feedback (CFB) mode</i> is a block cipher implementation
-as a self-synchronizing stream cipher. CFB mode allows data to be
-encrypted in units smaller than the block size, which might be useful
-in some applications such as encrypting interactive terminal input. If
-we were using 1-byte CFB mode, for example, each incoming character is
-placed into a shift register the same size as the block, encrypted, and
-the block transmitted. At the receiving side, the ciphertext is
-decrypted and the extra bits in the block (i.e., everything above and
-beyond the one byte) are discarded.</li>
-<li><i>Output Feedback (OFB) mode</i> is a block cipher implementation
-conceptually similar to a synchronous stream cipher. OFB prevents the
-same plaintext block from generating the same ciphertext block by using
-an internal feedback mechanism that is independent of both the
-plaintext and ciphertext bitstreams.</li>
-</font></ul>
-
-<p>
-<font size="3">Secret key cryptography algorithms that are in use today include:</font></p>
-<ul>
-<font size="3"><li> <p><i>Data Encryption Standard (DES):</i> The most
-common SKC scheme used today, DES was designed by IBM in the 1970s and
-adopted by the National Bureau of Standards (NBS) [now the National
-Institute for Standards and Technology (NIST)] in 1977 for commercial
-and unclassified government applications. DES is a block-cipher
-employing a 56-bit key that operates on 64-bit blocks. DES has a
-complex set of rules and transformations that were designed
-specifically to yield fast hardware implementations and slow software
-implementations, although this latter point is becoming less
-significant today since the speed of computer processors is several
-orders of magnitude faster today than twenty years ago. IBM also
-proposed a 112-bit key for DES, which was rejected at the time by the
-government; the use of 112-bit keys was considered in the 1990s,
-however, conversion was never seriously considered.</p>
-<p>
-DES is defined in American National Standard X3.92 and three Federal Information Processing Standards (FIPS):</p>
-<ul>
-<li><a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf"> FIPS 46-3: DES</a></li>
-<li><a href="http://www.itl.nist.gov/div897/pubs/fip74.htm">FIPS 74: Guidelines for Implementing and Using the NBS Data Encryption Standard</a></li>
-<li><a href="http://www.itl.nist.gov/div897/pubs/fip81.htm">FIPS 81: DES Modes of Operation</a></li>
-</ul>
-<p>
-Information about vulnerabilities of DES can be obtained from the <a href="http://www.eff.org/pub/Privacy/Crypto_misc/DES_Cracking">Electronic Frontier Foundation</a>.</p>
-<p>
-Two important variants that strengthen DES are:</p>
-<ul>
-<li> <p><i>Triple-DES (3DES):</i> A variant of DES that employs up to
-three 56-bit keys and makes three encryption/decryption passes over the
-block; 3DES is also described in <a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf"> FIPS 46-3</a> and is the recommended replacement to DES.</p></li>
-<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2232">DESX</a>:</i>
-A variant devised by Ron Rivest. By combining 64 additional key bits to
-the plaintext prior to encryption, effectively increases the keylength
-to 120 bits.</p></li>
-</ul>
-<p>
-More detail about DES, 3DES, and DESX can be found below in <a href="#desmath">Section 5.4</a>.</p></li>
-
-<li> <p><i>Advanced Encryption Standard (AES):</i> In 1997, NIST
-initiated a very public, 4-1/2 year process to develop a new secure
-cryptosystem for U.S. government applications. The result, the <a href="http://www.nist.gov/aes">Advanced Encryption Standard</a>, became the official successor to DES in December 2001. AES uses an SKC scheme called <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/index.html"> Rijndael</a>,
-a block cipher designed by Belgian cryptographers Joan Daemen and
-Vincent Rijmen. The algorithm can use a variable block length and key
-length; the latest specification allowed any combination of keys
-lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256
-bits. NIST initially selected Rijndael in October 2000 and formal
-adoption as the AES standard came in December 2001. <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">FIPS PUB 197</a>
-describes a 128-bit block cipher employing a 128-, 192-, or 256-bit
-key. The AES process and Rijndael algorithm are described in more
-detail below in <a href="#aes">Section 5.9</a>.</p></li>
-
-<li> <p><i>CAST-128/256:</i> CAST-128, described in <a href="http://www.rfc-editor.org/rfc/rfc2144.txt">Request for Comments (RFC) 2144</a>, is a DES-like substitution-permutation crypto algorithm, employing a 128-bit key operating on a 64-bit block. <a href="http://www.entrust.com/resources/pdf/cast-256.pdf">CAST-256</a> (<a href="http://www.rfc-editor.org/rfc/rfc2612.txt">RFC 2612</a>)
-is an extension of CAST-128, using a 128-bit block size and a variable
-length (128, 160, 192, 224, or 256 bit) key. CAST is named for its
-developers, Carlisle Adams and Stafford Tavares and is available
-internationally. CAST-256 was one of the Round 1 algorithms in the AES
-process.</p></li>
-
-<li> <p><i><a href="http://home.ecn.ab.ca/%7Ejsavard/crypto/co0404.htm">International Data Encryption Algorithm (IDEA)</a>:</i>
-Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992
-and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key.
-Also available internationally.</p></li>
-
-<li> <p><i>Rivest Ciphers (</i>aka<i> Ron's Code):</i> Named for Ron Rivest, a series of SKC algorithms.</p>
-<ul>
-<li> <p><i>RC1:</i> Designed on paper but never implemented.</p></li>
-<li> <p><i>RC2:</i> A 64-bit block cipher using variable-sized keys
-designed to replace DES. It's code has not been made public although
-many companies have licensed RC2 for use in their products. Described
-in <a href="http://www.rfc-editor.org/rfc/rfc2268.txt">RFC 2268</a>.</p></li>
-<li> <p><i>RC3:</i> Found to be breakable during development.</p></li>
-<li> <p><i><a href="http://ciphersaber.gurus.com/">RC4</a>:</i> A
-stream cipher using variable-sized keys; it is widely used in
-commercial cryptography products, although it can only be exported
-using keys that are 40 bits or less in length.</p><p>
-</p></li><li> <p><i>RC5:</i> A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in <a href="http://www.rfc-editor.org/rfc/rfc2040.txt">RFC 2040</a>.</p></li>
-<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2512">RC6</a>:</i> An improvement over RC5, RC6 was one of the AES Round 2 algorithms.</p></li>
-</ul>
-
-</li><li> <p><i><a href="http://www.counterpane.com/blowfish.html">Blowfish</a>:</i>
-A symmetric 64-bit block cipher invented by Bruce Schneier; optimized
-for 32-bit processors with large data caches, it is significantly
-faster than DES on a Pentium/PowerPC-class machine. Key lengths can
-vary from 32 to 448 bits in length. Blowfish, available freely and
-intended as a substitute for DES or IDEA, is in use in over 80 products.</p></li>
-
-<li> <p><i><a href="http://www.counterpane.com/twofish.html">Twofish</a>:</i>
-A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to
-be highly secure and highly flexible, well-suited for large
-microprocessors, 8-bit smart card microprocessors, and dedicated
-hardware. Designed by a team led by Bruce Schneier and was one of the
-Round 2 algorithms in the AES process.</p></li>
-
-<li> <p><i><a href="http://info.isl.ntt.co.jp/camellia/Publications/camellia.pdf">Camellia</a>:</i>
-A secret-key, block-cipher crypto algorithm developed jointly by Nippon
-Telegraph and Telephone (NTT) Corp. and Mitsubishi Electric Corporation
-(MEC) in 2000. Camellia has some characteristics in common with AES: a
-128-bit block size, support for 128-, 192-, and 256-bit key lengths,
-and suitability for both software and hardware implementations on
-common 32-bit processors as well as 8-bit processors (e.g., smart
-cards, cryptographic hardware, and embedded systems). Also described in
-<a href="http://www.rfc-editor.org/rfc/rfc3713.txt"> RFC 3713</a>. Camellia's application in IPsec is described in <a href="http://www.rfc-editor.org/rfc/rfc4312.txt"> RFC 4312</a>.</p></li>
-
-<li> <p><i>MISTY1:</i> Developed at Mitsubishi Electric Corp., a block
-cipher using a 128-bit key and 64-bit blocks, and a variable number of
-rounds. Designed for hardware and software implementations, and is
-resistant to differential and linear cryptanalysis. Described in <a href="http://www.rfc-editor.org/rfc/rfc2994.txt">RFC 2994</a>.</p></li>
-
-<li> <p><i><a href="http://fn2.freenet.edmonton.ab.ca/%7Ejsavard/co0403.html">Secure and Fast Encryption Routine (SAFER)</a>:</i> Secret-key crypto scheme designed for implementation in software. Versions have been defined for 40-, 64-, and 128-bit keys.</p></li>
-
-<li> <p><i><a href="http://networking.champlain.edu/download/3G_KASUMI.pdf">KASUMI</a>:</i>
-A block cipher using a 128-bit key that is part of the Third-Generation
-Partnership Project (3gpp), formerly known as the Universal Mobile
-Telecommunications System (UMTS). KASUMI is the intended
-confidentiality and integrity algorithm for both message content and
-signaling data for emerging mobile communications systems.</p></li>
-
-<li> <p><i><a href="http://www.kisa.or.kr/seed/seed_eng.html">SEED</a>:</i>
-A block cipher using 128-bit blocks and 128-bit keys. Developed by the
-Korea Information Security Agency (KISA) and adopted as a national
-standard encryption algorithm in South Korea. Also described in <a href="http://www.rfc-editor.org/rfc/rfc4269.txt">RFC 4269</a>.</p></li>
-
-<li> <p><i><a href="http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf">Skipjack</a>:</i>
-SKC scheme proposed for Capstone. Although the details of the algorithm
-were never made public, Skipjack was a block cipher using an 80-bit key
-and 32 iteration cycles per 64-bit block.</p></li>
-</font></ul>
-
-<font size="3"><a name="pkc"><h3>3.2. Public-Key Cryptography</h3></a>
-</font><p>
-<font size="3"><i>Public-key cryptography</i> has been said to be the
-most significant new development in cryptography in the last 300-400
-years. Modern PKC was first described publicly by Stanford University
-professor Martin Hellman and graduate student Whitfield Diffie in 1976.
-Their paper described a two-key crypto system in which two parties
-could engage in a secure communication over a non-secure communications
-channel without having to share a secret key.</font></p>
-<p>
-<font size="3">PKC depends upon the existence of so-called <i>one-way functions</i>,
-or mathematical functions that are easy to computer whereas their
-inverse function is relatively difficult to compute. Let me give you
-two simple examples:</font></p>
-<ol>
-<font size="3"><li><i>Multiplication vs. factorization:</i> Suppose I
-tell you that I have two numbers, 9 and 16, and that I want to
-calculate the product; it should take almost no time to calculate the
-product, 144. Suppose instead that I tell you that I have a number,
-144, and I need you tell me which pair of integers I multiplied
-together to obtain that number. You will eventually come up with the
-solution but whereas calculating the product took milliseconds,
-factoring will take longer because you first need to find the 8 pair of
-integer factors and then determine which one is the correct pair.</li>
-<li><i>Exponentiation vs. logarithms:</i> Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 3<sup>6</sup>=729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, <i>x</i> and <i>y</i> so that log<sub>x</sub>&nbsp;729 = y, it will take you longer to find all possible solutions and select the pair that I used.</li>
-</font></ol>
-<p>
-<font size="3">While the examples above are trivial, they do represent
-two of the functional pairs that are used with PKC; namely, the ease of
-multiplication and exponentiation versus the relative difficulty of
-factoring and calculating logarithms, respectively. The mathematical
-"trick" in PKC is to find a <i>trap door</i> in the one-way function so that the inverse calculation becomes easy given knowledge of some item of information.</font></p>
-<p>
-<font size="3">Generic PKC employs two keys that are mathematically
-related although knowledge of one key does not allow someone to easily
-determine the other key. One key is used to encrypt the plaintext and
-the other key is used to decrypt the ciphertext. The important point
-here is that it <b>does not matter which key is applied first</b>, but
-that both keys are required for the process to work (Figure 1B).
-Because a pair of keys are required, this approach is also called <i>asymmetric cryptography</i>.</font></p>
-<p>
-<font size="3">In PKC, one of the keys is designated the <i>public key</i> and may be advertised as widely as the owner wants. The other key is designated the <i>private key</i>
-and is never revealed to another party. It is straight forward to send
-messages under this scheme. Suppose Alice wants to send Bob a message.
-Alice encrypts some information using Bob's public key; Bob decrypts
-the ciphertext using his private key. This method could be also used to
-prove who sent a message; Alice, for example, could encrypt some
-plaintext with her private key; when Bob decrypts using Alice's public
-key, he knows that Alice sent the message and Alice cannot deny having
-sent the message (<i>non-repudiation</i>).</font></p>
-
-<p>
-<font size="3">Public-key cryptography algorithms that are in use today for key exchange or digital signatures include:</font></p>
-<ul>
-<font size="3"><li> <p><i>RSA:</i> The first, and still most common,
-PKC implementation, named for the three MIT mathematicians who
-developed it &#8212; Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA
-today is used in hundreds of software products and can be used for key
-exchange, digital signatures, or encryption of small blocks of data.
-RSA uses a variable size encryption block and a variable size key. The
-key-pair is derived from a very large number, <i>n</i>, that is the
-product of two prime numbers chosen according to special rules; these
-primes may be 100 or more digits in length each, yielding an <i>n</i> with roughly twice as many digits as the prime factors. The public key information includes <i>n</i> and a derivative of one of the factors of <i>n</i>; an attacker cannot determine the prime factors of <i>n</i>
-(and, therefore, the private key) from this information alone and that
-is what makes the RSA algorithm so secure. (Some descriptions of PKC
-erroneously state that RSA's safety is due to the difficulty in <i>factoring</i>
-large prime numbers. In fact, large prime numbers, like small prime
-numbers, only have two factors!) The ability for computers to factor
-large numbers, and therefore attack schemes such as RSA, is rapidly
-improving and systems today can find the prime factors of numbers with
-more than 200 digits. Nevertheless, if a large number is created from
-two prime factors that are roughly the same size, there is no known
-factorization algorithm that will solve the problem in a reasonable
-amount of time; a 2005 test to factor a 200-digit number took 1.5 years
-and over 50 years of compute time (see the Wikipedia article on <a href="http://en.wikipedia.org/wiki/Integer_factorization"> integer factorization</a>.)
-Regardless, one presumed protection of RSA is that users can easily
-increase the key size to always stay ahead of the computer processing
-curve. As an aside, the patent for RSA expired in September 2000 which
-does not appear to have affected RSA's popularity one way or the other.
-A detailed example of RSA is presented below in <a href="#rsamath">Section 5.3</a>.</p></li>
-
-<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/faq/3-6-1.html">Diffie-Hellman</a>:</i>
-After the RSA algorithm was published, Diffie and Hellman came up with
-their own algorithm. D-H is used for secret-key key exchange only, and
-not for authentication or digital signatures. More detail about
-Diffie-Hellman can be found below in <a href="#dhmath">Section 5.2</a>.</p></li>
-
-<li> <p><i><a href="http://www.nist.gov/public_affairs/releases/digsigst.htm">Digital Signature Algorithm (DSA)</a>:</i>
-The algorithm specified in NIST's Digital Signature Standard (DSS),
-provides digital signature capability for the authentication of
-messages.</p></li>
-
-<li> <p><i><a href="http://www.iusmentis.com/technology/encryption/elgamal/">ElGamal</a>:</i> Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman and used for key exchange.</p></li>
-
-<li> <p><i>Elliptic Curve Cryptography (ECC):</i> A PKC algorithm based
-upon elliptic curves. ECC can offer levels of security with small keys
-comparable to RSA and other PKC methods. It was designed for devices
-with limited compute power and/or memory, such as smartcards and PDAs.
-More detail about ECC can be found below in <a href="#ecc">Section 5.8</a>. Other references include <a href="http://www.certicom.com/index.php?action=res,ecc_intro_home"> "The Importance of ECC"</a> Web page and the <a href="http://www.certicom.com/index.php?action=ecc_tutorial,home"> "Online Elliptic Curve Cryptography Tutorial"</a>, both from Certicom.</p></li>
-
-<li> <p><i><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2124">Public-Key Cryptography Standards (PKCS)</a>:</i> A set of interoperable standards and guidelines for public-key cryptography, designed by RSA Data Security Inc.
-</p><ul>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2125">PKCS #1</a>: RSA Cryptography Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc3447.txt">RFC 3447</a>)</li>
-<li>PKCS #2: <i>Incorporated into PKCS #1.</i></li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2126">PKCS #3</a>: Diffie-Hellman Key-Agreement Standard</li>
-<li>PKCS #4: <i>Incorporated into PKCS #1.</i></li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2127">PKCS #5</a>: Password-Based Cryptography Standard (PKCS #5 V2.0 is also <a href="http://www.rfc-editor.org/rfc/rfc2898.txt">RFC 2898</a>)</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2128">PKCS #6</a>: Extended-Certificate Syntax Standard (being phased out in favor of X.509v3)</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2129">PKCS #7</a>: Cryptographic Message Syntax Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc2315.txt">RFC 2315</a>)</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2130">PKCS #8</a>: Private-Key Information Syntax Standard</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2131">PKCS #9</a>: Selected Attribute Types (Also <a href="http://www.rfc-editor.org/rfc/rfc2985.txt">RFC 2985</a>)</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2132">PKCS #10</a>: Certification Request Syntax Standard (Also <a href="http://www.rfc-editor.org/rfc/rfc2986.txt">RFC 2986</a>)</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2133">PKCS #11</a>: Cryptographic Token Interface Standard</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2138">PKCS #12</a>: Personal Information Exchange Syntax Standard</li>
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2139">PKCS #13</a>: Elliptic Curve Cryptography Standard</li>
-<li>PKCS #14: <i>Pseudorandom Number Generation Standard is no longer available</i></li>
-
-<li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2141">PKCS #15</a>: Cryptographic Token Information Format Standard</li>
-</ul>
-
-</li><li> <p><i><a href="http://www.zurich.ibm.com/Technology/Security/publications/1998/CS.pdf">Cramer-Shoup</a>:</i> A public-key cryptosystem proposed by R. Cramer and V. Shoup of IBM in 1998.</p></li>
-
-<li> <p><i><a href="http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf">Key Exchange Algorithm (KEA)</a>:</i> A variation on Diffie-Hellman; proposed as the key exchange method for Capstone.</p></li>
-
-<li> <p><i><a href="http://www.kisa.or.kr/technology/sub1/LUC.htm">LUC</a>:</i>
-A public-key cryptosystem designed by P.J. Smith and based on Lucas
-sequences. Can be used for encryption and signatures, using integer
-factoring.</p></li>
-</font></ul>
-
-<p>
-<font size="3">For additional information on PKC algorithms, see <a href="http://networking.champlain.edu/download/hac_chap08.pdf"> "Public-Key Encryption"</a>, Chapter 8 in <i>Handbook of Applied Cryptography</i>, by A. Menezes, P. van Oorschot, and S. Vanstone (CRC Press, 1996).</font></p>
-
-<hr align="center" width="50%">
-<blockquote>
-<p>
-<font size="3"><b>A digression: Who invented PKC?</b> I tried to be
-careful in the first paragraph of this section to state that Diffie and
-Hellman "first described publicly" a PKC scheme. Although I have
-categorized PKC as a two-key system, that has been merely for
-convenience; the real criteria for a PKC scheme is that it allows two
-parties to exchange a secret even though the communication with the
-shared secret might be overheard. There seems to be no question that
-Diffie and Hellman were first to publish; their method is described in
-the classic paper, "New Directions in Cryptography," published in the
-November 1976 issue of <i>IEEE Transactions on Information Theory</i>.
-As shown below, Diffie-Hellman uses the idea that finding logarithms is
-relatively harder than exponentiation. And, indeed, it is the precursor
-to modern PKC which does employ two keys. Rivest, Shamir, and Adleman
-described an implementation that extended this idea in their paper "A
-Method for Obtaining Digital Signatures and Public-Key Cryptosystems,"
-published in the February 1978 issue of the <i>Communications of the ACM (CACM)</i>.
-Their method, of course, is based upon the relative ease of finding the
-product of two large prime numbers compared to finding the prime
-factors of a large number.</font></p>
-<p>
-<font size="3">Some sources, though, credit Ralph Merkle with first
-describing a system that allows two parties to share a secret although
-it was not a two-key system, per se. A <i>Merkle Puzzle</i> works
-where Alice creates a large number of encrypted keys, sends them all to
-Bob so that Bob chooses one at random and then lets Alice know which he
-has selected. An eavesdropper will see all of the keys but can't learn
-which key Bob has selected (because he has encrypted the response with
-the chosen key). In this case, Eve's effort to break in is the square
-of the effort of Bob to choose a key. While this difference may be
-small it is often sufficient. Merkle apparently took a computer science
-course at UC Berkeley in 1974 and described his method, but had
-difficulty making people understand it; frustrated, he dropped the
-course. Meanwhile, he submitted the paper "Secure Communication Over
-Insecure Channels" which was published in the <i>CACM</i> in April
-1978; Rivest et al.'s paper even makes reference to it. Merkle's method
-certainly wasn't published first, but did he have the idea first?</font></p>
-<p>
-<font size="3">An interesting question, maybe, but who really knows?
-For some time, it was a quiet secret that a team at the UK's Government
-Communications Headquarters (GCHQ) had first developed PKC in the early
-1970s. Because of the nature of the work, GCHQ kept the original memos
-classified. In 1997, however, the GCHQ changed their posture when they
-realized that there was nothing to gain by continued silence. Documents
-show that a GCHQ mathematician named James Ellis started research into
-the key distribution problem in 1969 and that by 1975, Ellis, Clifford
-Cocks, and Malcolm Williamson had worked out all of the fundamental
-details of PKC, yet couldn't talk about their work. (They were, of
-course, barred from challenging the RSA patent!) After more than 20
-years, Ellis, Cocks, and Williamson have begun to get their due credit.</font></p>
-<p>
-<font size="3">And the National Security Agency (NSA) claims to have
-knowledge of this type of algorithm as early as 1966 but there is no
-supporting documentation... yet. So this really was a digression...</font></p>
-</blockquote>
-<hr align="center" width="50%">
-
-<font size="3"><a name="hash"><h3>3.3. Hash Functions</h3></a>
-</font><p>
-<font size="3"><i>Hash functions</i>, also called <i>message digests</i> and <i>one-way encryption</i>,
-are algorithms that, in some sense, use no key (Figure 1C). Instead, a
-fixed-length hash value is computed based upon the plaintext that makes
-it impossible for either the contents or length of the plaintext to be
-recovered. Hash algorithms are typically used to provide a <i>digital fingerprint</i>
-of a file's contents, often used to ensure that the file has not been
-altered by an intruder or virus. Hash functions are also commonly
-employed by many operating systems to encrypt passwords. Hash
-functions, then, provide a measure of the integrity of a file.</font></p>
-
-<p>
-<font size="3">Hash algorithms that are in common use today include:</font></p>
-<ul>
-<font size="3"><li> <p><i>Message Digest (MD) algorithms:</i> A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.</p>
-<ul>
-<li> <p><i>MD2 (<a href="http://www.rfc-editor.org/rfc/rfc1319.txt">RFC 1319</a>):</i> Designed for systems with limited memory, such as smart cards.</p></li>
-<li> <p><i>MD4 (<a href="http://www.rfc-editor.org/rfc/rfc1320.txt">RFC 1320</a>):</i> Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.</p></li>
-<li> <p><i>MD5 (<a href="http://www.rfc-editor.org/rfc/rfc1321.txt">RFC 1321</a>:</i>
-Also developed by Rivest after potential weaknesses were reported in
-MD4; this scheme is similar to MD4 but is slower because more
-manipulation is made to the original data. MD5 has been implemented in
-a large number of products although several weaknesses in the algorithm
-were demonstrated by German cryptographer Hans Dobbertin in 1996.</p></li>
-</ul>
-</li><li> <p><i>Secure Hash Algorithm (SHA):</i> Algorithm for NIST's
-Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was
-originally published as FIPS 180-1 and <a href="http://www.rfc-editor.org/rfc/rfc3174.txt"> RFC 3174</a>. <a href="http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf"> FIPS 180-2</a>
-describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256,
-SHA-384, and SHA-512 which can produce hash values that are 224, 256,
-384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52
-are also described in <a href="http://www.rfc-editor.org/rfc/rfc4634.txt"> RFC 4634</a>.</p></li>
-<li> <p><i><a href="http://www.esat.kuleuven.ac.be/%7Ebosselae/ripemd160.html">RIPEMD</a>:</i> A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. <a href="http://www.esat.kuleuven.ac.be/%7Ecosicart/pdf/AB-9601/AB-9601.pdf">RIPEMD-160</a>
-was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel,
-and optimized for 32-bit processors to replace the then-current 128-bit
-hash functions. Other versions include RIPEMD-256, RIPEMD-320, and
-RIPEMD-128.</p></li>
-<li> <p><i><a href="http://www.calyptix.com/technology/haval.php">HAVAL (HAsh of VAriable Length)</a>:</i>
-Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with
-many levels of security. HAVAL can create hash values that are 128,
-160, 192, 224, or 256 bits in length.</p></li>
-<li> <p><i><a href="http://paginas.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html"> Whirlpool</a>:</i> A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2<sup>256</sup>
-bits in length, and produces a message digest of 512 bits. The design
-of this has function is very different than that of MD5 and SHA-1,
-making it immune to the same attacks as on those hashes (see below).</p></li>
-</font></ul>
-
-<p>
-<font size="3">Hash functions are sometimes misunderstood and some
-sources claim that no two files can have the same hash value. This is,
-in fact, not correct. Consider a hash function that provides a 128-bit
-hash value. There are, obviously, 2<sup>128</sup> possible hash values. But there are a lot more than 2<sup>128</sup> <i>possible</i>
-files. Therefore, there have to be multiple files &#8212; in fact, there have
-to be an infinite number of files! &#8212; that can have the same 128-bit
-hash value.</font></p>
-<p>
-<font size="3">The difficulty is <i>finding</i> two files with the same
-hash! What is, indeed, very hard to do is to try to create a file that
-has a given hash value so as to force a hash value collision &#8212; which is
-the reason that hash functions are used extensively for information
-security and computer forensics applications. Alas, researchers in 2004
-found that <i>practical</i> collision attacks could be launched on
-MD5, SHA-1, and other hash algorithms. At this time, there is no
-obvious successor to MD5 and SHA-1 that could be put into use quickly;
-there are so many products using these hash functions that it could
-take many years to flush out all use of 128- and 160-bit hashes.
-Readers interested in this problem should read the following:</font></p>
-
-<ul>
-<font size="3"><li>Burr, W. (2006, Match/April). Cryptographic hash standards: Where do we go from here? <i>IEEE Security &amp; Privacy</i>, <i>4</i>(2), 88-91.</li>
-<li>Gutman, P., Naccache, D., &amp; Palmer, C.C. (2005, May/June). When hashes collide. <i>IEEE Security &amp; Privacy</i>, <i>3</i>(3), 68-71.</li>
-<li>Klima, V. (March 2005) <a href="http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf">"Finding MD5 Collisions - a Toy For a Notebook."</a></li>
-<li>Thompson, E. (2005, February). MD5 collisions and the impact on computer forensics. <i>Digital Investigation</i>, <i>2</i>(1), 36-40.</li>
-<li>Wang, X., Feng, D., Lai, X., &amp; Yu, H. (August 2004). <a href="http://eprint.iacr.org/2004/199">"Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD."</a></li>
-<li>Wang, X., Yin, Y.L., &amp; Yu, H. (February 2005). <a href="http://theory.csail.mit.edu/%7Eyiqun/shanote.pdf">"Collision Search Attacks on SHA1."</a></li>
-</font></ul>
-
-<p>
-<font size="3">An excellent review of the situation with hash collisions can be found in <a href="http://www.rfc-editor.org/rfc/rfc4270.txt">RFC 4270</a> (by P. Hoffman and B. Schneier, November 2005). And for additional information on hash functions, see David Hopwood's <a href="http://www.users.zetnet.co.uk/hopwood/crypto/scan/md.html"> MessageDigest Algorithms</a> page.</font></p>
-
-<font size="3"><a name="why3"><h3>3.4. Why Three Encryption Techniques?</h3></a>
-</font><p>
-<font size="3">So, why are there so many different types of cryptographic schemes? Why can't we do everything we need with just one?
-</font></p><p>
-<font size="3">The answer is that each scheme is optimized for some
-specific application(s). Hash functions, for example, are well-suited
-for ensuring data integrity because any change made to the contents of
-a message will result in the receiver calculating a different hash
-value than the one placed in the transmission by the sender. Since it
-is highly unlikely that two different messages will yield the same hash
-value, data integrity is ensured to a high degree of confidence.
-</font></p><p>
-<font size="3">Secret key cryptography, on the other hand, is ideally suited to encrypting messages. The sender can generate a <i>session key</i> on a per-message basis to encrypt the message; the receiver, of course, needs the same session key to decrypt the message.
-</font></p><p>
-<font size="3">Key exchange, of course, is a key application of
-public-key cryptography (no pun intended). Asymmetric schemes can also
-be used for non-repudiation; if the receiver can obtain the session key
-encrypted with the sender's private key, then only this sender could
-have sent the message. Public-key cryptography could, theoretically,
-also be used to encrypt messages although this is rarely done because
-secret-key cryptography operates about 1000 times faster than
-public-key cryptography.
-</font></p>
-<font size="3"><a name="fig02"></a><br>
-</font><center><table border="1"><tbody><tr><td>
-<img src="index_files/crypto_3ways.gif">
-<br><br>
-<h4>FIGURE 2: Sample application of the three cryptographic techniques for secure communication.</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br>
-</font><p>
-<font size="3">Figure 2 puts all of this together and shows how a <i>hybrid cryptographic</i> scheme combines all of these functions to form a secure transmission comprising <i>digital signature</i> and <i>digital envelope</i>. In this example, the sender of the message is Alice and the receiver is Bob.
-</font></p><p>
-<font size="3">A digital envelope comprises an encrypted message and an
-encrypted session key. Alice uses secret key cryptography to encrypt
-her message using the <i>session key</i>, which she generates at
-random with each session. Alice then encrypts the session key using
-Bob's public key. The encrypted message and encrypted session key
-together form the digital envelope. Upon receipt, Bob recovers the
-session secret key using his private key and then decrypts the
-encrypted message.
-</font></p><p>
-<font size="3">The digital signature is formed in two steps. First,
-Alice computes the hash value of her message; next, she encrypts the
-hash value with her private key. Upon receipt of the digital signature,
-Bob recovers the hash value calculated by Alice by decrypting the
-digital signature with Alice's public key. Bob can then apply the hash
-function to Alice's original message, which he has already decrypted
-(see previous paragraph). If the resultant hash value is not the same
-as the value supplied by Alice, then Bob knows that the message has
-been altered; if the hash values are the same, Bob should believe that
-the message he received is identical to the one that Alice sent.
-</font></p><p>
-<font size="3">This scheme also provides nonrepudiation since it proves
-that Alice sent the message; if the hash value recovered by Bob using
-Alice's public key proves that the message has not been altered, then
-only Alice could have created the digital signature. Bob also has proof
-that he is the intended receiver; if he can correctly decrypt the
-message, then he must have correctly decrypted the session key meaning
-that his is the correct private key.</font></p>
-
-<font size="3"><a name="keylen"><h3>3.5. The Significance of Key Length</h3></a>
-</font><p>
-<font size="3">In a recent article in the industry literature (circa
-9/98), a writer made the claim that 56-bit keys do not provide as
-sufficient protection for DES today as they did in 1975 because
-computers are 1000 times faster today than in 1975. Therefore, the
-writer went on, we should be using 56,000-bit keys today instead of
-56-bit keys to provide adequate protection. The conclusion was then
-drawn that because 56,000-bit keys are infeasible (<i>true</i>), we should accept the fact that we have to live with weak cryptography (<i>false!</i>).
-The major error here is that the writer did not take into account that
-the number of possible key values double whenever a single bit is added
-to the key length; thus, a 57-bit key has twice as many values as a
-56-bit key (because 2<sup>57</sup> is two times 2<sup>56</sup>). In fact, a 66-bit key would have 1024 times the possible values as a 56-bit key.</font></p>
-
-<p>
-<font size="3">But this does bring up the issue, what is the precise significance of key length as it affects the level of protection?</font></p>
-<p>
-<font size="3">In cryptography, size does matter. The larger the key,
-the harder it is to crack a block of encrypted data. The reason that
-large keys offer more protection is almost obvious; computers have made
-it easier to attack ciphertext by using brute force methods rather than
-by attacking the mathematics (which are generally well-known anyway).
-With a brute force attack, the attacker merely generates every possible
-key and applies it to the ciphertext. Any resulting plaintext that
-makes sense offers a candidate for a legitimate key. This was the
-basis, of course, of the EFF's attack on DES.</font></p>
-<p>
-<font size="3">Until the mid-1990s or so, brute force attacks were
-beyond the capabilities of computers that were within the budget of the
-attacker community. Today, however, significant compute power is
-commonly available and accessible. General purpose computers such as
-PCs are already being used for brute force attacks. For serious
-attackers with money to spend, such as some large companies or
-governments, Field Programmable Gate Array (FPGA) or
-Application-Specific Integrated Circuits (ASIC) technology offers the
-ability to build specialized chips that can provide even faster and
-cheaper solutions than a PC. Consider that an AT&amp;T ORCA chip (FPGA)
-costs $200 and can test 30 million DES keys per second, while a $10
-ASIC chip can test 200 million DES keys per second (compared to a PC
-which might be able to test 40,000 keys per second).</font></p>
-<p>
-<font size="3">The table below shows what DES key sizes are needed to
-protect data from attackers with different time and financial
-resources. This information is not merely academic; one of the basic
-tenets of any security system is to have an idea of <i>what</i> you are protecting and <i>from who</i>
-are you protecting it! The table clearly shows that a 40-bit key is
-essentially worthless today against even the most unsophisticated
-attacker. On the other hand, 56-bit keys are fairly strong unless you
-might be subject to some pretty serious corporate or government
-espionage. But note that even 56-bit keys are declining in their value
-and that the times in the table (1995 data) are worst cases.</font></p>
-
-<font size="3"><a name="tab01"></a></font><center>
-
-<table border="1" cellpadding="4">
-<caption>
-<b>TABLE 1. Minimum Key Lengths for Symmetric Ciphers.</b>
-</caption>
-<tbody><tr>
-<th rowspan="2">Type of Attacker
-</th><th rowspan="2">Budget
-</th><th rowspan="2">Tool
-</th><th colspan="2">Time and Cost<br>Per Key Recovered
-</th><th rowspan="2">Key Length Needed<br>For Protection<br>In Late-1995
-</th></tr><tr>
-<th>40 bits
-</th><th>56 bits
-</th></tr><tr>
-<td rowspan="2">Pedestrian Hacker
-</td><td align="center">Tiny
-</td><td align="center">Scavanged<br>computer<br>time
-</td><td align="center">1 week
-</td><td align="center">Infeasible
-</td><td align="center">45
-</td></tr><tr>
-<td align="center">$400
-</td><td align="center">FPGA
-</td><td align="center">5 hours<br>($0.08)
-</td><td align="center">38 years<br>($5,000)
-</td><td align="center">50
-</td></tr><tr>
-<td>Small Business
-</td><td align="center">$10,000
-</td><td align="center">FPGA
-</td><td align="center">12 minutes<br>($0.08)
-</td><td align="center">18 months<br>($5,000)
-</td><td align="center">55
-</td></tr><tr>
-<td rowspan="2">Corporate Department
-</td><td rowspan="2" align="center">$300K
-</td><td align="center">FPGA
-</td><td align="center">24 seconds<br>($0.08)
-</td><td align="center">19 days<br>($5,000)
-</td><td rowspan="2" align="center">60
-</td></tr><tr>
-<td align="center">ASIC
-</td><td align="center">0.18 seconds<br>($0.001)
-</td><td align="center">3 hours<br>($38)
-</td></tr><tr>
-<td rowspan="2">Big Company
-</td><td rowspan="2" align="center">$10M
-</td><td align="center">FPGA
-</td><td align="center">7 seconds<br>($0.08)
-</td><td align="center">13 hours<br>($5,000)
-</td><td rowspan="2" align="center">70
-</td></tr><tr>
-<td align="center">ASIC
-</td><td align="center">0.005 seconds<br>($0.001)
-</td><td align="center">6 minutes<br>($38)
-</td></tr><tr>
-<td>Intelligence Agency
-</td><td align="center">$300M
-</td><td align="center">ASIC
-</td><td align="center">0.0002 seconds<br>($0.001)
-</td><td align="center">12 seconds<br>($38)
-</td><td align="center">75
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-
-</font><p>
-<font size="3">So, how big is big enough? DES, invented in 1975, is
-still in use today, nearly 25 years later. If we take that to be a
-design criteria (i.e., a 20-plus year lifetime) and we believe Moore's
-Law ("computing power doubles every 18 months"), then a key size
-extension of 14 bits (i.e., a factor of more than 16,000) should be
-adequate. The 1975 DES proposal suggested 56-bit keys; by 1995, a
-70-bit key would have been required to offer equal protection and an
-85-bit key will be necessary by 2015.</font></p>
-<p>
-<font size="3">The discussion above suggests that a 128- or 256-bit key
-for SKC will suffice for some time because that key length keeps us
-ahead of the brute force capabilities of the attackers. While a large
-key is good, a huge key may not always be better. That is, many
-public-key cryptosystems use 1024- or 2048-bit keys; expanding the key
-to 4096 bits probably doesn't add any protection at this time but it
-does add significantly to processing time.</font></p>
-<p>
-<font size="3">The most effective large-number factoring methods today
-use a mathematical Number Field Sieve to find a certain number of
-relationships and then uses a matrix operation to solve a linear
-equation to produce the two prime factors. The sieve step actually
-involves a large number of operations of operations that can be
-performed in parallel; solving the linear equation, however, requires a
-supercomputer. Indeed, finding the solution to the RSA-140 challenge in
-February 1999 &#8212; factoring a 140-digit (465-bit) prime number &#8212; required
-200 computers across the Internet about 4 weeks for the first step and
-a Cray computer 100 hours and 810 MB of memory to do the second step.</font></p>
-<p>
-<font size="3">In early 1999, Shamir (of RSA fame) described a new
-machine that could increase factorization speed by 2-3 orders of
-magnitude. Although no detailed plans were provided nor is one known to
-have been built, the concepts of <a href="http://jya.com/twinkle.eps">TWINKLE (The Weizmann Institute Key Locating Engine)</a>
-could result in a specialized piece of hardware that would cost about
-$5000 and have the processing power of 100-1000 PCs. There still appear
-to be many engineering details that have to be worked out before such a
-machine could be built. Furthermore, the hardware improves the sieve
-step only; the matrix operation is not optimized at all by this design
-and the complexity of this step grows rapidly with key length, both in
-terms of processing time and memory requirements. Nevertheless, this
-plan conceptually puts 512-bit keys within reach of being factored.
-Although most PKC schemes allow keys that are 1024 bits and longer,
-Shamir claims that 512-bit RSA keys "protect 95% of today's E-commerce
-on the Internet." (See Bruce Schneier's <a href="http://www.counterpane.com/crypto-gram-9905.html">Crypto-Gram (May 15, 1999)</a> for more information, as well as the comments from <a href="http://www.rsasecurity.com/rsalabs/html/twinkle.html">RSA Labs</a>.)</font></p>
-<p>
-<font size="3">It is also interesting to note that while cryptography
-is good and strong cryptography is better, long keys may disrupt the
-nature of the randomness of data files. Shamir and van Someren (<a href="http://www.ncipher.com/products/files/papers/anguilla/keyhide2.pdf">"Playing hide and seek with stored keys"</a>)
-have noted that a new generation of viruses can be written that will
-find files encrypted with long keys, making them easier to find by
-intruders and, therefore, more prone to attack.</font></p>
-<p>
-<font size="3">Finally, U.S. government policy has tightly controlled
-the export of crypto products since World War II. Until recently,
-export outside of North America of cryptographic products using keys
-greater than 40 bits in length was prohibited, which made those
-products essentially worthless in the marketplace, particularly for
-electronic commerce. More recently, the U.S. Commerce Department
-relaxed the regulations, allowing the general export of 56-bit SKC and
-1024-bit PKC products (certain sectors, such as health care and
-financial, allow the export of products with even larger keys). The
-Commerce Department's Bureau of Export Administration maintains a <a href="http://www.bxa.doc.gov/Encryption/Default.htm">Commercial Encryption Export Controls</a> web page with more information. The potential impact of this policy on U.S. businesses is well beyond the scope of this paper.</font></p>
-<p>
-<font size="3">Much of the discussion above, including the table, are based on the paper <a href="http://www.counterpane.com/keylength.html">"Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security"</a> by M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener.</font></p>
-<p>
-<font size="3">On a related topic, public key crypto schemes can be
-used for several purposes, including key exchange, digital signatures,
-authentication, and more. In those PKC systems used for SKC key
-exchange, the PKC key lengths are chosen so to be resistant to some
-selected level of attack. The length of the secret keys exchanged via
-that system have to have at least the same level of attack resistance.
-Thus, the three parameters of such a system &#8212; system strength, secret
-key strength, and public key strength &#8212; must be matched. This topic is
-explored in more detail in <i>Determining Strengths For Public Keys Used For Exchanging Symmetric Keys</i> (<a href="ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt">RFC 3766</a>).</font></p>
-
-<font size="3"><br>
-</font><center><h3><font size="3"><font color="blue" face="arial"><a name="trust">4. TRUST MODELS</a></font></font></h3></center>
-<p>
-<font size="3">Secure use of cryptography requires trust. While secret
-key cryptography can ensure message confidentiality and hash codes can
-ensure integrity, none of this works without trust. In SKC, Alice and
-Bob had to share a secret key. PKC solved the secret distribution
-problem, but how does Alice really know that Bob is who he says he is?
-Just because Bob has a public and private key, and purports to be
-"Bob," how does Alice know that a malicious person (Mallory) is not
-pretending to be Bob?
-</font></p><p>
-<font size="3">There are a number of <i>trust models</i> employed by various cryptographic schemes. This section will explore three of them:
-</font></p>
-<ul>
-<font size="3"><li>The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of trusted public keys.
-</li><li>Kerberos, a secret key distribution scheme using a trusted third party.
-</li><li>Certificates, which allow a set of trusted third parties to authenticate each other and, by implication, each other's users.
-</li></font></ul>
-<p>
-<font size="3">Each of these trust models differs in complexity, general applicability, scope, and scalability.
-</font></p>
-<font size="3"><a name="pgpweb"><h3>4.1. PGP Web of Trust</h3></a>
-</font><p>
-<font size="3">Pretty Good Privacy (described more below in <a href="#pgp">Section 5.5</a>)
-is a widely used private e-mail scheme based on public key methods. A
-PGP user maintains a local keyring of all their known and trusted
-public keys. The user makes their own determination about the
-trustworthiness of a key using what is called a "web of trust."
-</font></p><p>
-<font size="3">If Alice needs Bob's public key, Alice can ask Bob for
-it in another e-mail or, in many cases, download the public key from an
-advertised server; this server might a well-known PGP key repository or
-a site that Bob maintains himself. In fact, Bob's public key might be
-stored or listed in many places. (The author's public key, for example,
-can be found at <a href="http://www.garykessler.net/kumquat_pubkey.html"> <i>http://www.garykessler.net/kumquat_pubkey.html</i></a>.) Alice is prepared to believe that Bob's public key, as stored at these locations, is valid.
-</font></p><p>
-<font size="3">Suppose Carol claims to hold Bob's public key and offers
-to give the key to Alice. How does Alice know that Carol's version of
-Bob's key is valid or if Carol is actually giving Alice a key that will
-allow Mallory access to messages? The answer is, "It depends." If Alice
-trusts Carol and Carol says that she thinks that her version of Bob's
-key is valid, then Alice <i>may</i> &#8212; at <i>her</i> option &#8212; trust
-that key. And trust is not necessarily transitive; if Dave has a copy
-of Bob's key and Carol trusts Dave, it does not necessarily follow that
-Alice trusts Dave even if she does trust Carol.
-</font></p><p>
-<font size="3">The point here is that who Alice trusts and how she
-makes that determination is strictly up to Alice. PGP makes no
-statement and has no protocol about how one user determines whether
-they trust another user or not. In any case, encryption and signatures
-based on public keys can only be used when the appropriate public key
-is on the user's keyring.
-</font></p>
-<font size="3"><a name="kerb"><h3>4.2. Kerberos</h3></a>
-</font><p>
-<font size="3">Kerberos is a commonly used authentication scheme on the
-Internet. Developed by MIT's Project Athena, Kerberos is named for the
-three-headed dog who, according to Greek mythology, guards the entrance
-of Hades (rather than the exit, for some reason!).
-</font></p><p>
-
-<font size="3">Kerberos employs a client/server architecture and
-provides user-to-server authentication rather than host-to-host
-authentication. In this model, security and authentication will be
-based on secret key technology where every host on the network has its
-own secret key. It would clearly be unmanageable if every host had to
-know the keys of all other hosts so a secure, trusted host somewhere on
-the network, known as a Key Distribution Center (KDC), knows the keys
-for all of the hosts (or at least some of the hosts within a portion of
-the network, called a <i>realm</i>). In this way, when a new node is
-brought online, only the KDC and the new node need to be configured
-with the node's key; keys can be distributed physically or by some
-other secure means.
-<br>
-<a name="fig03"><br>
-</a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
-<img src="index_files/kerberos.gif">
-<br><br>
-<h4>FIGURE 3: Kerberos architecture.</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><a name="fig03"><br>The Kerberos Server/KDC has two main
-functions (Figure 3), known as the Authentication Server (AS) and
-Ticket-Granting Server (TGS). The steps in establishing an
-authenticated session between an application client and the application
-server are:
-</a></font><p></p>
-<ol>
-<font size="3"><li><a name="fig03">The Kerberos client software
-establishes a connection with the Kerberos server's AS function. The AS
-first authenticates that the client is who it purports to be. The AS
-then provides the client with a secret key for this login session (the <i>TGS session key</i>)
-and a ticket-granting ticket (TGT), which gives the client permission
-to talk to the TGS. The ticket has a finite lifetime so that the
-authentication process is repeated periodically.
-</a></li><li><a name="fig03">The client now communicates with the TGS
-to obtain the Application Server's key so that it (the client) can
-establish a connection to the service it wants. The client supplies the
-TGS with the TGS session key and TGT; the TGS responds with an
-application session key (ASK) and an encrypted form of the Application
-Server's secret key; this secret key is <i>never</i> sent on the network in any other form.
-</a></li><li><a name="fig03">The client has now authenticated itself <i>and</i>
-can prove its identity to the Application Server by supplying the
-Kerberos ticket, application session key, and encrypted Application
-Server secret key. The Application Server responds with similarly
-encrypted information to authenticate itself to the client. At this
-point, the client can initiate the intended service requests (e.g.,
-Telnet, FTP, HTTP, or e-commerce transaction session establishment).
-</a></li></font></ol>
-<p>
-<font size="3"><a name="fig03">The current shipping version of this protocol is Kerberos V5 (described in </a><a href="http://www.rfc-editor.org/rfc/rfc1510.txt">RFC 1510</a>),
-although Kerberos V4 still exists and is seeing some use. While the
-details of their operation, functional capabilities, and message
-formats are different, the conceptual overview above pretty much holds
-for both. One primary difference is that Kerberos V4 uses only DES to
-generate keys and encrypt messages, while V5 allows other schemes to be
-employed (although DES is still the most widely algorithm used).
-</font></p>
-<font size="3"><a name="pkcca"><h3>4.3. Public Key Certificates and Certificate Authorities</h3></a>
-</font><p>
-<font size="3"><i>Certificates</i> and <i>Certificate Authorities (CA)</i>
-are necessary for widespread use of cryptography for e-commerce
-applications. While a combination of secret and public key cryptography
-can solve the business issues discussed above, crypto cannot alone
-address the trust issues that must exist between a customer and vendor
-in the very fluid, very dynamic e-commerce relationship. How, for
-example, does one site obtain another party's public key? How does a
-recipient determine if a public key really belongs to the sender? How
-does the recipient know that the sender is using their public key for a
-legitimate purpose for which they are authorized? When does a public
-key expire? How can a key be revoked in case of compromise or loss?
-</font></p><p>
-<font size="3">The basic concept of a certificate is one that is
-familiar to all of us. A driver's license, credit card, or SCUBA
-certification, for example, identify us to others, indicate something
-that we are authorized to do, have an expiration date, and identify the
-authority that granted the certificate.
-</font></p><p>
-<font size="3">As complicated as this may sound, it really isn't!
-Consider driver's licenses. I have one issued by the State of Vermont.
-The license establishes my identity, indicates the type of vehicles
-that I can operate and the fact that I must wear corrective lenses
-while doing so, identifies the issuing authority, and notes that I am
-an organ donor. When I drive outside of Vermont, the other
-jurisdictions throughout the U.S. recognize the authority of Vermont to
-issue this "certificate" and they trust the information it contains.
-Now, when I leave the U.S., everything changes. When I am in Canada and
-many other countries, they will accept not the Vermont license, per se,
-but <i>any</i> license issued in the U.S.; some other countries may
-not recognize the Vermont driver's license as sufficient bona fides
-that I can drive. This analogy represents the certificate chain, where
-even certificates carry certificates.
-</font></p><p>
-<font size="3">For purposes of electronic transactions, certificates are digital documents. The specific functions of the certificate include:
-</font></p><ul>
-<font size="3"><li><i>Establish identity:</i> Associate, or <i>bind</i>, a public key to an individual, organization, corporate position, or other entity.
-</li><li><i>Assign authority:</i> Establish what actions the holder may or may not take based upon this certificate.
-</li><li><i>Secure confidential information</i> (e.g., encrypting the session's symmetric key for data confidentiality).
-</li></font></ul>
-<p>
-<font size="3">Typically, a certificate contains a public key, a name,
-an expiration date, the name of the authority that issued the
-certificate (and, therefore, is vouching for the identity of the user),
-a serial number, any pertinent policies describing how the certificate
-was issued and/or how the certificate may be used, the digital
-signature of the certificate issuer, and perhaps other information.
-<br>
-<a name="fig04"><br>
-</a></font></p><center><table border="3" cellpadding="4"><tbody><tr><td>
-<img src="index_files/crypto_cert.gif">
-<br><br>
-<h4>FIGURE 4: GTE Cybertrust Global Root-issued certificate as viewed<br>by Netscape Navigator V4.</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><a name="fig04"><br>
-</a></font><p>
-<font size="3"><a name="fig04">A sample abbreviated certificate is
-shown in Figure 4. This is a typical certificate found in a browser;
-while this one is issued by GTE Cybertrust, many so-called root-level
-certificates can be found shipped with browsers. When the browser makes
-a connection to a secure Web site, the Web server sends its public key
-certificate to the browser. The browser then checks the certificate's
-signature against the public key that it has stored; if there is a
-match, the certificate is taken as valid and the Web site verified by
-this certificate is considered to be "trusted."
-</a></font></p>
-<font size="3"><a name="tab02"></a></font><center>
-<table border="1" cellpadding="4">
-<caption>
-<b>TABLE 2. Contents of an X.509 V3 Certificate.</b>
-</caption>
-<tbody><tr><td>
-<ul>
-version number<br>
-certificate serial number<br>
-signature algorithm identifier<br>
-issuer's name and unique identifier<br>
-validity (or operational) period<br>
-subject's name and unique identifier<br>
-subject public key information<br>
-standard extensions<br>
-<ul>
-certificate appropriate use definition<br>
-key usage limitation definition<br>
-certificate policy information<br>
-</ul>
-other extensions<br>
-<ul>
-Application-specific<br>
-CA-specific<br>
-</ul>
-</ul>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-</font><p>
-<font size="3">The most widely accepted certificate format is the one
-defined in International Telecommunication Union Telecommunication
-Standardization Sector (ITU-T) Recommendation X.509. Rec. X.509 is a
-specification used around the world and any applications complying with
-X.509 can share certificates. Most certificates today comply with X.509
-Version 3 and contain the information listed in Table 2.
-</font></p><p>
-<font size="3">Certificate authorities are the repositories for
-public-keys and can be any agency that issues certificates. A company,
-for example, may issue certificates to its employees, a
-college/university to its students, a store to its customers, an
-Internet service provider to its users, or a government to its
-constituents. </font></p><p>
-<font size="3">When a sender needs an intended receiver's public key,
-the sender must get that key from the receiver's CA. That scheme is
-straight-forward if the sender and receiver have certificates issued by
-the same CA. If not, how does the sender know to <i>trust</i> the
-foreign CA? One industry wag has noted, about trust: "You are either
-born with it or have it granted upon you." Thus, some CAs will be
-trusted because they are known to be reputable, such as the CAs
-operated by AT&amp;T, BBN, Canada Post Corp., CommerceNet, <a href="http://www.bbn.com/products/security/cytrust/">GTE Cybertrust</a>, MCI, Nortel <a href="http://www.entrust.com/">EnTrust</a>, <a href="http://www.thawte.com/">Thawte</a>, the U.S. Postal Service, and <a href="http://www.verisign.com/">VeriSign</a>.
-CAs, in turn, form trust relationships with other CAs. Thus, if a user
-queries a foreign CA for information, the user may ask to see a list of
-CAs that establish a "chain of trust" back to the user.
-</font></p><p>
-<font size="3">One major feature to look for in a CA is their
-identification policies and procedures. When a user generates a key
-pair and forwards the public key to a CA, the CA has to check the
-sender's identification and takes any steps necessary to assure itself
-that the request is really coming from the advertised sender. Different
-CAs have different identification policies and will, therefore, be
-trusted differently by other CAs. Verification of identity is just of
-many issues that are part of a CA's Certification Practice Statement
-(CPS) and policies; other issues include how the CA protects the public
-keys in its care, how lost or compromised keys are revoked, and how the
-CA protects its own private keys.
-</font></p>
-<font size="3"><a name="trustsumm"><h3>4.4. Summary</h3></a>
-</font><p>
-<font size="3">The paragraphs above describe three very different trust
-models. It is hard to say that any one is better than the others; it
-depend upon your application. One of the biggest and fastest growing
-applications of cryptography today, though, is electronic commerce
-(e-commerce), a term that itself begs for a formal definition.
-</font></p><p>
-<font size="3">PGP's web of trust is easy to maintain and very much
-based on the reality of users as people. The model, however, is
-limited; just how many public keys can a single user reliably store and
-maintain? And what if you are using the "wrong" computer when you want
-to send a message and can't access your keyring? How easy it is to
-revoke a key if it is compromised? PGP may also not scale well to an
-e-commerce scenario of secure communication between total strangers on
-short-notice.
-</font></p><p>
-<font size="3">Kerberos overcomes many of the problems of PGP's web of
-trust, in that it is scalable and its scope can be very large. However,
-it also requires that the Kerberos server have <i>a priori</i>
-knowledge of all client systems prior to any transactions, which makes
-it unfeasible for "hit-and-run" client/server relationships as seen in
-e-commerce.
-</font></p><p>
-<font size="3">Certificates and the collection of CAs will form a
-Public Key Infrastructure (PKI). In the early days of the Internet,
-every host had to maintain a list of every other host; the Domain Name
-System (DNS) introduced the idea of a distributed database for this
-purpose and the DNS is one of the key reasons that the Internet has
-grown as it has. A PKI will fill a similar void in the e-commerce and
-PKC realm.
-</font></p><p>
-<font size="3">While certificates and the benefits of a PKI are most
-often associated with electronic commerce, the applications for PKI are
-much broader and include secure electronic mail, payments and
-electronic checks, Electronic Data Interchange (EDI), secure transfer
-of Domain Name System (DNS) and routing information, electronic forms,
-and digitally signed documents. A single "global PKI" is still many
-years away, that is the ultimate goal of today's work as international
-electronic commerce changes the way in which we do business in a
-similar way in which the Internet has changed the way in which we
-communicate.
-</font></p>
-<font size="3"><br>
-
-</font><center><h3><font size="3"><font color="blue" face="arial"><a name="algorithms">5. CRYPTOGRAPHIC ALGORITHMS IN ACTION</a></font></font></h3></center>
-<p>
-<font size="3">The paragraphs above have provided an overview of the
-different types of cryptographic algorithms, as well as some examples
-of some available protocols and schemes. Table 3 provides an even
-longer list of some of the schemes employed today for a variety of
-functions, most notably electronic commerce. The paragraphs below will
-show several real cryptographic applications that many of us employ
-(knowingly or not) everyday; for password protection and private
-communication.
-</font></p>
-<font size="3"><br>
-<a name="tab03"></a>
-<table align="center" border="1" cellpadding="5" width="80%">
-<caption><b>TABLE 3. Other Crypto Algorithms and Systems of Note.<br><br></b></caption>
-
-<tbody><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/keyrecovery/cap.txt">Capstone</a>
-</td><td valign="top" width="60%">A now-defunct U.S. National Institute
-of Standards and Technology (NIST) and National Security Agency (NSA)
-project under the Bush Sr. and Clinton administrations for publicly
-available strong cryptography with keys escrowed by the government
-(NIST and the Treasury Dept.). Capstone included in one or more
-tamper-proof computer chips for implementation (Clipper), a secret key
-encryption algorithm (Skipjack), digital signature algorithm (DSA), key
-exchange algorithm (KEA), and hash algorithm (SHA).
-</td></tr><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/keyrecovery/clip.txt">Clipper</a>
-</td><td valign="top" width="60%">The computer chip that would implement the Skipjack encryption scheme. See also EPIC's <a href="http://www.epic.org/crypto/clipper/"> The Clipper Chip</a> Web page.
-
-</td></tr><tr><td valign="top" width="20%">Escrowed Encryption Standard (EES)
-</td><td valign="top" width="60%">Largely unused, a controversial
-crypto scheme employing the SKIPJACK secret key crypto algorithm and a
-Law Enforcement Access Field (LEAF) creation method. LEAF was one part
-of the key escrow system and allowed for decryption of ciphertext
-messages that had been legally intercepted by law enforcement agencies.
-Described more in <a href="http://www.itl.nist.gov/fipspubs/fip185.htm"> FIPS 185</a>.
-
-</td></tr><tr><td valign="top" width="20%"><a href="http://csrc.nist.gov/publications/fips/index.html">Federal Information Processing Standards (FIPS)</a>
-</td><td valign="top" width="60%">These computer security- and
-crypto-related FIPS are produced by the U.S. National Institute of
-Standards and Technology (NIST) as standards for the U.S. Government.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.rsasecurity.com/rsalabs/faq/6-2-6.html">Fortezza (formerly called Tessera)</a>
-</td><td valign="top" width="60%">A PCMCIA card developed by NSA that
-implements the Capstone algorithms, intended for use with the Defense
-Messaging Service (DMS).
-</td></tr><tr><td valign="top" width="20%">GOST
-</td><td valign="top" width="60%">GOST is a family of algorithms that
-is defined in the Russian cryptographic standards. Although most of the
-specifications are written in Russian, <a href="http://www.rfc-editor.org/rfc/rfc4357.txt">RFC 4357</a> provides supplemental information and specifications so that the algorithms can be used effectively in Internet applications.
-
-<a name="tab03-ipsec"></a>
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/ipsec-charter.html">IP Security Protocol (IPsec)</a>
-</td><td valign="top" width="60%">The IPsec protocol suite is used to
-provide privacy and authentication services at the IP layer. An
-overview of the protocol suite and of the documents comprising IPsec
-can be found in <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a>. Other documents include:
-<ul>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4301.txt">RFC 4301</a>: IP security architecture.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc4302.txt">RFC 4302</a>:
-IP Authentication Header (AH), one of the two primary IPsec functions;
-AH provides connectionless integrity and data origin authentication for
-IP datagrams and protects against replay attacks.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc4303.txt">RFC 4303</a>:
-IP Encapsulating Security Payload (ESP), the other primary IPsec
-function; ESP provides a variety of security services within IPsec.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc4304.txt">RFC 4304</a>:
-Extended Sequence Number (ESN) Addendum, allows for negotiation of a
-32- or 64- bit sequence number, used to detect replay attacks.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a>: Cryptographic algorithm implementation requirements for ESP and AH.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4306.txt">RFC 4306</a>:
-The Internet Key Exchange (IKE) protocol, version 2, providing for
-mutual authentication and establishing and maintaining security
-associations.</li>
-<ul>
-<li> IKE v1 was described in three separate documents, <a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a> (application of ISAKMP to IPsec), <a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a> (ISAKMP, a framework for key management and security associations), and <a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>
-(IKE, using part of Oakley and part of SKEME in conjunction with ISAKMP
-to obtain authenticated keying material for use with ISAKMP, and for
-other security associations such as AH and ESP). IKE v1 is obsoleted
-with the introdcution of IKEv2.</li>
-</ul>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4307.txt"> RFC 4307</a>: Cryptographic algoritms used with IKEv2.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4308.txt">RFC 4308</a>: Crypto suites for IPsec, IKE, and IKEv2.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4309.txt"> RFC 4309</a>: The use of AES in CBC-MAC mode with IPsec ESP.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4312.txt"> RFC 4312</a>: The use of the Camellia cipher algorithm in IPsec.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4359.txt"> RFC 4359</a>: The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH).</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc4434.txt"> RFC 4434</a>: Describes AES-XCBC-PRF-128, a pseudo-random function derived from the AES for use with IKE.</li>
-<li><a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>: Describes use of the HMAC with MD5 algorithm for data origin authentication and integrity protection in both AH and ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>: Describes use of DES-CBC (DES in Cipher Block Chaining Mode) for confidentiality in ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>: Defines use of the NULL encryption algorithm (i.e., provides authentication and integrity without confidentiality) in ESP.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>: Describes OAKLEY, a key determination and distribution protocol.
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>: Describes use of Cipher Block Chaining (CBC) mode cipher algorithms with ESP.
-</li><li>RFCs <a href="http://www.rfc-editor.org/rfc/rfc2522.txt">2522</a> and <a href="http://www.rfc-editor.org/rfc/rfc2523.txt">2523</a>: Description of Photuris, a session-key management protocol for IPsec.
-</li></ul>
-<p>
-IPsec was first proposed for use with IP version 6 (IPv6), but can also be employed with the current IP version, IPv4.
-</p><p>
-(See more detail about IPsec below in <a href="#ipsec">Section 5.6</a>.)
-
-</p></td></tr><tr><td valign="top" width="20%"><a href="http://cio.cisco.com/public/library/isakmp">Internet Security Association and Key Management Protocol (ISAKMP/OAKLEY)</a>
-</td><td valign="top" width="60%">ISAKMP/OAKLEY provide an infrastructure for Internet secure communications. ISAKMP, designed by the <a href="http://www.nsa.gov/">National Security Agency (NSA)</a> and described in <a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>,
-is a framework for key management and security associations,
-independent of the key generation and cryptographic algorithms actually
-employed. The OAKLEY Key Determination Protocol, described in <a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>, is a key determination and distribution protocol using a variation of Diffie-Hellman.
-
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.pdc.kth.se/kth-krb/">Kerberos</a>
-</td><td valign="top" width="60%">A secret-key encryption and
-authentication system, designed to authenticate requests for network
-resources within a user domain rather than to authenticate messages.
-Kerberos also uses a trusted third-party approach; a client
-communications with the Kerberos server to obtain "credentials" so that
-it may access services at the application server. Kerberos V4 uses DES
-to generate keys and encrypt messages; DES is also commonly used in
-Kerberos V5, although other schemes could be employed.
-<p>Microsoft added support for Kerberos V5 &#8212; with some proprietary
-extensions &#8212; in Windows 2000. There are many Kerberos articles posted
-at Microsoft's <a href="http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO">Knowledge Base</a>, notably "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q217098">Basic Overview of Kerberos User Authentication Protocol in Windows 2000</a>," "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q230669">Windows 2000 Kerberos 5 Ticket Flags and KDC Options for AS_REQ and TGS_REQ Messages</a>," and "<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q232179">Kerberos Administration in Windows 2000</a>."
-
-</p></td></tr><tr><td valign="top" width="20%">Keyed-Hash Message Authentication Code (HMAC)
-</td><td valign="top" width="60%">A message authentication scheme based
-upon secret key cryptography and the secret key shared between two
-parties rather than public key methods. Described in <a href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf"> FIPS 198</a> and <a href="http://www.rfc-editor.org/rfc/rfc2104.txt">RFC 2104</a>.
-
-</td></tr><tr><td valign="top" width="20%"><a href="http://web.textfiles.com/software/sfs7.txt"> Message Digest Cipher (MDC)</a>
-</td><td valign="top" width="60%">Invented by <a href="http://www.cs.auckland.ac.nz/%7Epgut001/"> Peter Gutman</a>, MDC turns a one-way hash function into a block cipher.
-
-</td></tr><tr><td valign="top" width="20%">MIME Object Security Standard (MOSS)
-</td><td valign="top" width="60%">Designed as a successor to PEM to provide PEM-based security services to MIME messages.
-
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.pgp.com/">Pretty Good Privacy (PGP)</a>
-</td><td valign="top" width="60%">A family of cryptographic routines
-for e-mail and file storage applications developed by Philip
-Zimmermann. PGP 2.6.x uses RSA for key management and digital
-signatures, IDEA for message encryption, and MD5 for computing the
-message's hash value; more information can also be found in <a href="http://www.rfc-editor.org/rfc/rfc1991.txt">RFC 1991</a>.
-PGP 5.x (formerly known as "PGP 3") uses Diffie-Hellman/DSS for key
-management and digital signatures; IDEA, CAST, or 3DES for message
-encryption; and MD5 or SHA for computing the message's hash value.
-OpenPGP, described in <a href="http://www.rfc-editor.org/rfc/rfc2440.txt">RFC 2440</a>, is an open definition of security software based on PGP 5.x.
-<p>
-(See more detail about PGP below in <a href="#pgp">Section 5.5</a>.)
-
-</p></td></tr><tr><td valign="top" width="20%">Privacy Enhanced Mail (PEM)
-</td><td valign="top" width="60%">Provides secure electronic mail over
-the Internet and includes provisions for encryption (DES),
-authentication, and key management (DES, RSA). May be superseded by
-S/MIME and PEM-MIME. Developed by IETF PEM Working Group and defined in
-four RFCs:
-<li><a href="http://www.rfc-editor.org/rfc/rfc1421.txt">RFC 1421</a>: Part I, Message Encryption and Authentication Procedures
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc1422.txt">RFC 1422</a>: Part II, Certificate-Based Key Management
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc1423.txt">RFC 1423</a>: Part III, Algorithms, Modes, and Identifiers
-</li><li><a href="http://www.rfc-editor.org/rfc/rfc1424.txt">RFC 1424</a>: Part IV, Key Certification and Related Services
-
-
-</li></td></tr><tr><td valign="top" width="20%">Private Communication Technology (PCT)
-</td><td valign="top" width="60%">Developed by Microsoft and Visa for
-secure communication on the Internet. Similar to SSL, PCT supports
-Diffie-Hellman, Fortezza, and RSA for key establishment; DES, RC2, RC4,
-and triple-DES for encryption; and DSA and RSA message signatures. A
-companion to SET.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.mastercard.com/set/">Secure Electronic Transactions (SET)</a>
-</td><td valign="top" width="60%">A merging of two other protocols:
-SEPP (Secure Electronic Payment Protocol), an open specification for
-secure bank card transactions over the Internet, developed by
-CyberCash, GTE, IBM, MasterCard, and Netscape; and STT (Secure
-Transaction Technology), a secure payment protocol developed by
-Microsoft and Visa International. Supports DES and RC4 for encryption,
-and RSA for signatures, key exchange, and public-key encryption of bank
-card numbers. SET is a companion to the PCT protocol.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/wts-charter.html">Secure Hypertext Transfer Protocol (S-HTTP)</a>
-</td><td valign="top" width="60%">An extension to HTTP to provide
-secure exchange of documents over the World Wide Web. Supported
-algorithms include RSA and Kerberos for key exchange, DES, IDEA, RC2,
-and Triple-DES for encryption.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/smime-charter.html">Secure Multipurpose Internet Mail Extensions (S/MIME)</a>
-</td><td valign="top" width="60%">An IETF secure e-mail scheme intended to supercede PEM. S/MIME, described in RFCs <a href="http://www.rfc-editor.org/rfc/rfc2311.txt">2311</a> and <a href="http://www.rfc-editor.org/rfc/rfc2312.txt">2312</a>, adds digital signature and encryption capability to Internet MIME messages.
-
-</td></tr><tr><td valign="top" width="20%"><a href="http://home.netscape.com/eng/ssl3/ssl-toc.html">Secure Sockets Layer (SSL)</a>
-</td><td valign="top" width="60%">Developed by Netscape Communications
-to provide application-independent security and privacy over the
-Internet. SSL is designed so that protocols such as HTTP, FTP (File
-Transfer Protocol), and Telnet can operate over it transparently. SSL
-allows both server authentication (mandatory) and client authentication
-(optional). RSA is used during negotiation to exchange keys and
-identify the actual cryptographic algorithm (DES, IDEA, RC2, RC4, or
-3DES) to use for the session. SSL also uses MD5 for message digests and
-X.509 public-key certificates. (Found to be breakable soon after the
-IETF announced formation of group to work on TLS.)
-<p>
-(See more detail about SSL below in <a href="#ssl">Section 5.7</a>.)
-
-</p></td></tr><tr><td valign="top" width="20%"><a href="http://www.microsoft.com/security/tech/sgc/default.asp?ID=26&amp;Parent=4"> Server Gated Cryptography (SGC)</a>
-</td><td valign="top" width="60%">Microsoft extension to SSL that
-provides strong encryption for online banking and other financial
-applications using RC2 (128-bit key), RC4 (128-bit key), DES (56-bit
-key), or 3DES (equivalent of 168-bit key). Use of SGC requires a
-Windows NT Server running Internet Information Server (IIS) 4.0 with a
-valid SGC certificate. SGC is available in 32-bit Windows versions of
-Internet Explorer (IE) 4.0, and support for Mac, Unix, and 16-bit
-Windows versions of IE is expected in the future.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.rfc-editor.org/rfc/rfc4422.txt">Simple Authentication and Security Layer (SASL)</a>
-</td><td valign="top" width="60%">(SASL) is a framework for providing
-authentication and data security services in connection-oriented
-protocols (a la TCP). It provides a structured interface and allows new
-protocols to reuse existing authentication mechanisms and allows old
-protocols to make use of new mechanisms.
-<p>It has been common practice on the Internet to permit anonymous
-access to various services, employing a plain-text password using a
-user name of "anonymous" and a password of an email address or some
-other identifying information. New IETF protocols disallow plain-text
-logins. The Anonymous SASL Mechanism (<a href="http://www.rfc-editor.org/rfc/rfc4505.txt">RFC 4505</a>) provides a method for anonymous logins within the SASL framework.
-
-</p></td></tr><tr><td valign="top" width="20%"><a href="http://skip.incog.com/">Simple Key-Management for Internet Protocol (SKIP)</a>
-</td><td valign="top" width="60%">Key management scheme for secure IP
-communication, specifically for IPsec, and designed by Aziz and Diffie.
-SKIP essentially defines a public key infrastructure for the Internet
-and even uses X.509 certificates. Most public key cryptosystems assign
-keys on a per-session basis, which is inconvenient for the Internet
-since IP is connectionless. Instead, SKIP provides a basis for secure
-communication between any pair of Internet hosts. SKIP can employ DES,
-3DES, IDEA, RC2, RC5, MD5, and SHA-1.
-</td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/tls-charter.html">Transport Layer Security (TLS)</a>
-</td><td valign="top" width="60%">IETF specification (<a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>)
-intended to replace SSL. Employs Triple-DES (secret key cryptography),
-SHA (hash), Diffie-Hellman (key exchange), and DSS (digital
-signatures).
-<p>
-(See more detail about TLS below in <a href="#ssl">Section 5.7</a>.)
-
-</p></td></tr><tr><td valign="top" width="20%"><a href="http://www.ietf.org/html.charters/pkix-charter.html">X.509</a>
-</td><td valign="top" width="60%">ITU-T recommendation for the format
-of certificates for the public key infrastructure. Certificates map
-(bind) a user identity to a public key. The IETF application of X.509
-certificates is documented in <a href="http://www.rfc-editor.org/rfc/rfc2459.txt">RFC 2459</a>. An Internet X.509 Public Key Infrastructure is further defined in <a href="http://www.rfc-editor.org/rfc/rfc2510.txt">RFC 2510</a> (Certificate Management Protocols) and <a href="http://www.rfc-editor.org/rfc/rfc2527.txt">RFC 2527</a> (Certificate Policy and Certification Practices Framework).
-</td></tr></tbody></table>
-
-<br><br>
-<a name="password"><h3>5.1. Password Protection</h3></a>
-</font><p>
-<font size="3">Nearly all modern multiuser computer and network
-operating systems employ passwords at the very least to protect and
-authenticate users accessing computer and/or network resources. But
-passwords are <i>not</i> typically kept on a host or server in plaintext, but are generally encrypted using some sort of hash scheme.</font></p>
-
-<font size="3"><a name="fig05"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td>
-<pre><b>A) /etc/passwd file</b>
-
- root:Jbw6BwE4XoUHo:0:0:root:/root:/bin/bash
- carol:FM5ikbQt1K052:502:100:Carol Monaghan:/home/carol:/bin/bash
- alex:LqAi7Mdyg/HcQ:503:100:Alex Insley:/home/alex:/bin/bash
- gary:FkJXupRyFqY4s:501:100:Gary Kessler:/home/gary:/bin/bash
- todd:edGqQUAaGv7g6:506:101:Todd Pritsky:/home/todd:/bin/bash
- josh:FiH0ONcjPut1g:505:101:Joshua Kessler:/home/webroot:/bin/bash
-
-<b>B.1) /etc/passwd file (with shadow passwords)</b>
-
- root:x:0:0:root:/root:/bin/bash
- carol:x:502:100:Carol Monaghan:/home/carol:/bin/bash
- alex:x:503:100:Alex Insley:/home/alex:/bin/bash
- gary:x:501:100:Gary Kessler:/home/gary:/bin/bash
- todd:x:506:101:Todd Pritsky:/home/todd:/bin/bash
- josh:x:505:101:Joshua Kessler:/home/webroot:/bin/bash
-
-<b>B.2) /etc/shadow file</b>
-
- root:AGFw$1$P4u/uhLK$l2.HP35rlu65WlfCzq:11449:0:99999:7:::
- carol:kjHaN%35a8xMM8a/0kMl1?fwtLAM.K&amp;kw.:11449:0:99999:7:::
- alex:1$1KKmfTy0a7#3.LL9a8H71lkwn/.hH22a:11449:0:99999:7:::
- gary:9ajlknknKJHjhnu7298ypnAIJKL$Jh.hnk:11449:0:99999:7:::
- todd:798POJ90uab6.k$klPqMt%alMlprWqu6$.:11492:0:99999:7:::
- josh:Awmqpsui*787pjnsnJJK%aappaMpQo07.8:11492:0:99999:7:::
-</pre>
-<p>
-</p><h4>FIGURE 5: Sample entries in Unix/Linux password files.</h4>
-</td></tr></tbody></table>
-</center>
-
-<p>
-<font size="3">Unix/Linux, for example, uses a well-known hash via its <i>crypt()</i> function. Passwords are stored in the <i>/etc/passwd</i>
-file (Figure 5A); each record in the file contains the username, hashed
-password, user's individual and group numbers, user's name, home
-directory, and shell program; these fields are separated by colons (:).
-Note that each password is stored as a 13-byte string. The first two
-characters are actually a <i>salt</i>, randomness added to each
-password so that if two users have the same password, they will still
-be encrypted differently; the salt, in fact, provides a means so that a
-single password might have 4096 different encryptions. The remaining 11
-bytes are the password hash, calculated using DES.</font></p>
-<p>
-<font size="3">As it happens, the <i>/etc/passwd</i> file is
-world-readable on Unix systems. This fact, coupled with the weak
-encryption of the passwords, resulted in the development of the <i>shadow password</i>
-system where passwords are kept in a separate, non-world-readable file
-used in conjunction with the normal password file. When shadow
-passwords are used, the password entry in <i>/etc/passwd</i> is replaced with a "*" or "x" (Figure 5B.1) and the MD5 hash of the passwords are stored in <i>/etc/shadow</i> along with some other account information (Figure 5B.2).</font></p>
-<font size="3"><br>
-</font><p>
-<font size="3">Windows NT uses a similar scheme to store passwords in
-the Security Access Manager (SAM) file. In the NT case, all passwords
-are hashed using the MD4 algorithm, resulting in a 128-bit (16-byte)
-hash value (they are then <i>obscured</i> using an undocumented mathematical transformation that was a secret until distributed on the Internet). The password <font face="courier">password</font>, for example, might be stored as the hash value (in hexadecimal) <font face="courier">60771b22d73c34bd4a290a79c8b09f18</font>.</font></p>
-<p>
-<font size="3">Passwords are not saved in plaintext on computer systems
-precisely so they cannot be easily compromised. For similar reasons, we
-don't want passwords sent in plaintext across a network. But for remote
-logon applications, how does a client system identify itself or a user
-to the server? One mechanism, of course, is to send the password as a
-hash value and that, indeed, may be done. A weakness of that approach,
-however, is that an intruder can grab the password off of the network
-and use an off-line attack (such as a <i>dictionary attack</i> where
-an attacker takes every known word and encrypts it with the network's
-encryption algorithm, hoping eventually to find a match with a
-purloined password hash). In some situations, an attacker only has to
-copy the hashed password value and use it later on to gain unauthorized
-entry without ever learning the actual password.</font></p>
-<p>
-<font size="3">An even stronger authentication method uses the password
-to modify a shared secret between the client and server, but never
-allows the password in any form to go across the network. This is the
-basis for the Challenge Handshake Authentication Protocol (CHAP), the
-remote logon process used by Windows NT.</font></p>
-<p>
-<font size="3">As suggested above, Windows NT passwords are stored in a
-security file on a server as a 16-byte hash value. In truth, Windows NT
-stores <i>two</i> hashes; a weak hash based upon the old LAN Manager
-(LanMan) scheme and the newer NT hash. When a user logs on to a server
-from a remote workstation, the user is identified by the username, sent
-across the network in plaintext (no worries here; it's not a secret
-anyway!). The server then generates a 64-bit random number and sends it
-to the client (also in plaintext). This number is the <i>challenge</i>.</font></p>
-<p>
-<font size="3">Using the LanMan scheme, the client system then encrypts
-the challenge using DES. Recall that DES employs a 56-bit key, acts on
-a 64-bit block of data, and produces a 64-bit output. In this case, the
-64-bit data block is the random number. The client actually uses three
-different DES keys to encrypt the random number, producing three
-different 64-bit outputs. The first key is the first seven bytes (56
-bits) of the password's hash value, the second key is the next seven
-bytes in the password's hash, and the third key is the remaining two
-bytes of the password's hash concatenated with five zero-filled bytes.
-(So, for the example above, the three DES keys would be <font face="courier">60771b22d73c34</font>, <font face="courier">bd4a290a79c8b0</font>, and <font face="courier">9f180000000000</font>.) Each key is applied to the random number resulting in three 64-bit outputs, which comprise the <i>response</i>.
-Thus, the server's 8-byte challenge yields a 24-byte response from the
-client and this is all that would be seen on the network. The server,
-for its part, does the same calculation to ensure that the values match.</font></p>
-<p>
-<font size="3">There is, however, a significant weakness to this
-system. Specifically, the response is generated in such a way as to
-effectively reduce 16-byte hash to three smaller hashes, of length
-seven, seven, and two. Thus, a password cracker has to break at most a
-7-byte hash. One Windows NT vulnerability test program that I have used
-in the past will report passwords that are "too short," defined as
-"less than 8 characters." When I asked how the program knew that
-passwords were too short, the software's salespeople suggested to me
-that the program broke the passwords to determine their length. This is
-undoubtedly not true; all the software really has to do is look at the
-second 7-byte block and some known value indicates that it is empty,
-which would indicate a password of seven or less characters.</font></p>
-<p>
-<font size="3">Consider the following example, showing the LanMan hash
-of two different short passwords (take a close look at the last 8
-bytes):</font></p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td align="left">AA:
-</td><td><font face="courier">89D42A44E77140AAAAD3B435B51404EE</font>
-</td></tr><tr>
-<td align="left">AAA:
-</td><td><font face="courier">1C3A2B6D939A1021AAD3B435B51404EE</font>
-</td></tr></tbody></table>
-
-<p>
-<font size="3">Note that the NT hash provides no such clue:</font></p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td align="left">AA:
-</td><td><font face="courier">C5663434F963BE79C8FD99F535E7AAD8</font>
-</td></tr><tr>
-<td align="left">AAA:
-</td><td><font face="courier">6B6E0FB2ED246885B98586C73B5BFB77</font>
-</td></tr></tbody></table>
-
-<p>
-<font size="3">It is worth noting that the discussion above describes the Microsoft version of CHAP, or MS-CHAP (MS-CHAPv2 is described in <a href="http://www.rfc-editor.org/rfc/rfc2759.txt">RFC 2759</a>).
-MS-CHAP assumes that it is working with hashed values of the password
-as the key to encrypting the challenge. More traditional CHAP (<a href="http://www.rfc-editor.org/rfc/rfc2510.txt">RFC 1994</a>)
-assumes that it is starting with passwords in plaintext. The relevance
-of this observation is that a CHAP client, for example, cannot be
-authenticated by an MS-CHAP server; both client and server must use the
-same CHAP version.</font></p>
-
-<font size="3"><a name="dhmath"><h3>5.2. Some of the Finer Details of Diffie-Hellman</h3></a>
-</font><p>
-<font size="3">The first published public-key crypto algorithm was
-Diffie-Hellman. The mathematical "trick" of this scheme is that it is
-relatively easy to compute exponents compared to computing discrete
-logarithms. Diffie-Hellman allows two parties &#8212; the ubiquitous Alice
-and Bob &#8212; to generate a secret key; they need to exchange some
-information over an unsecure communications channel to perform the
-calculation but an eavesdropper cannot determine the shared key based
-upon this information.</font></p>
-<p>
-<font size="3">Diffie-Hellman works like this. Alice and Bob start by agreeing on a large prime number, <i>n</i>. They also have to choose some number <i>g</i> so that g&lt;n.</font></p>
-<p>
-<font size="3">There is actually another constraint on g, specifically that it must be primitive with respect to n. <i>Primitive</i> is a definition that is a little beyond the scope of our discussion but basically g is primitive to n if we can find integers <i>i</i> so that g<sup>i</sup>
-= j mod n for all values of j from 1 to n-1. As an example, 2 is not
-primitive to 7 because the set of powers of 2 from 1 to 6, mod 7 =
-{2,4,1,2,4,1}. On the other hand, 3 is primitive to 7 because the set
-of powers of 3 from 1 to 6, mod 7 = {3,2,6,4,5,1}.</font></p>
-<p>
-<font size="3">(The definition of primitive introduced a new term to some readers, namely <i>mod</i>. The phrase <i>x mod y</i> (and read as written!) means "take the remainder after dividing x by y." Thus, 1 mod 7 = 1, 9 mod 6 = 3, and 8 mod 8 = 0.)</font></p>
-<p>
-<font size="3">Anyway, either Alice or Bob selects n and g; they then
-tell the other party what the values are. Alice and Bob then work
-independently:</font></p>
-
-<center>
-<table border="0" cellpadding="15" cellspacing="5">
-<tbody><tr>
-<td>
-<center><b>Alice...</b></center><br>
-Choose a large random number, <i>x</i><br>
-Send to Bob: X = g<sup><i>x</i></sup> mod n<br>
-Compute: K<sub>A</sub> = Y<sup><i>x</i></sup> mod n<br>
-</td><td>
-<center><b>Bob...</b></center><br>
-Choose a large random number, <i>y</i><br>
-Send to Alice: Y = g<sup><i>y</i></sup> mod n<br>
-Compute: K<sub>B</sub> = X<sup><i>y</i></sup> mod n<br>
-</td></tr></tbody></table>
-</center>
-
-<p>
-<font size="3">Note that <i>x</i> and <i>y</i> are kept secret while X
-and Y are openly shared; these are the private and public keys,
-respectively. Based on their own private key and the public key learned
-from the other party, Alice and Bob have computed their secret keys, K<sub>A</sub> and K<sub>B</sub>, respectively, which are equal to g<sup><i>xy</i></sup> mod n.</font></p>
-<p>
-<font size="3">Perhaps a small example will help here. Although Alice
-and Bob will really choose large values for n and g, I will use small
-values for example only; let's use n=7 and g=3.</font></p>
-
-<center>
-<table border="0" cellpadding="15" cellspacing="5">
-<tbody><tr>
-<td>
-<center><b>Alice...</b></center><br>
-Choose <i>x</i>=2<br>
-Send to Bob: X = 3<sup>2</sup> mod 7 = 2<br>
-K<sub>A</sub> = 6<sup>2</sup> mod 7 = 1<br>
-</td><td>
-<center><b>Bob...</b></center><br>
-Choose <i>y</i>=3<br>
-Send to Alice: Y = 3<sup>3</sup> mod 7 = 6<br>
-K<sub>B</sub> = 2<sup>3</sup> mod 7 = 1<br>
-</td></tr></tbody></table>
-</center>
-
-<p>
-<font size="3">In this example, then, Alice and Bob will both find the secret key 1 which is, indeed, 3<sup>6</sup>
-mod 7. If an eavesdropper (Mallory) was listening in on the information
-exchange between Alice and Bob, he would learn g, n, X, and Y which is
-a lot of information but insufficient to compromise the key; as long as
-<i>x</i> and <i>y</i> remain unknown, K is safe. As said above, calculating X as g<sup><i>x</i></sup> is a lot easier than finding <i>x</i> as log<sub>g</sub> X!</font></p>
-<blockquote>
-<p>
-<font size="3"><b>A short digression on modulo arithmetic.</b> In the paragraph above, we noted that 3<sup>6</sup> mod 7 = 1. This can be confirmed, of course, by noting that:</font></p>
-<p align="center">
-<font size="3">3<sup>6</sup> = 729 = 104*7 + 1</font></p>
-<p>
-<font size="3">There is a nice property of modulo arithmetic, however,
-that makes this determination a little easier, namely: (a mod x)(b mod
-x) = (ab mod x). Therefore, one possible shortcut is to note that 3<sup>6</sup> = (3<sup>3</sup>)(3<sup>3</sup>). Therefore, 3<sup>6</sup> mod 7 = (3<sup>3</sup> mod 7)(3<sup>3</sup> mod 7) = (27 mod 7)(27 mod 7) = 6*6 mod 7 = 36 mod 7 = 1.</font></p>
-</blockquote>
-<p>
-<font size="3">Diffie-Hellman can also be used to allow key sharing
-amongst multiple users. Note again that the Diffie-Hellman algorithm is
-used to generate secret keys, not to encrypt and decrypt messages. </font></p>
-
-<font size="3"><a name="rsamath"><h3>5.3. Some of the Finer Details of RSA Public-Key Cryptography</h3></a>
-</font><p>
-<font size="3">Unlike Diffie-Hellman, RSA can be used for key exchange
-as well as digital signatures and the encryption of small blocks of
-data. Today, RSA is primary used to encrypt the session key used for
-secret key encryption (message integrity) or the message's hash value
-(digital signature). RSA's mathematical hardness comes from the ease in
-calculating large numbers and the difficulty in finding the prime
-factors of those large numbers. Although employed with numbers using
-hundreds of digits, the math behind RSA is relatively straight-forward.</font></p>
-<p>
-<font size="3">To create an RSA public/private key pair, here are the basic steps:</font></p>
-<ol>
-<font size="3"><li>Choose two prime numbers, p and q. From these numbers you can calculate the modulus, n = pq.
-</li><li>Select a third number, e, that is relatively prime to (i.e.,
-it does not divide evenly into) the product (p-1)(q-1). The number e is
-the public exponent.
-</li><li>Calculate an integer d from the quotient (ed-1)/[(p-1)(q-1)]. The number d is the private exponent.
-</li></font></ol>
-<p>
-<font size="3">The public key is the number pair (n,e). Although these
-values are publicly known, it is computationally infeasible to
-determine d from n and e if p and q are large enough.</font></p>
-<p>
-<font size="3">To encrypt a message, M, with the public key, create the ciphertext, C, using the equation:</font></p>
-<ul>
-<font size="3">C = M<sup>e</sup> mod n
-</font></ul>
-<p>
-<font size="3">The receiver then decrypts the ciphertext with the private key using the equation:</font></p>
-<ul>
-<font size="3">M = C<sup>d</sup> mod n
-</font></ul>
-<p>
-<font size="3">Now, this might look a bit complex and, indeed, the
-mathematics does take a lot of computer power given the large size of
-the numbers; since p and q may be 100 digits (decimal) or more, d and e
-will be about the same size and n may be over 200 digits. Nevertheless,
-a simple example may help. In this example, the values for p, q, e, and
-d are purposely chosen to be very small and the reader will see exactly
-how badly these values perform, but hopefully the algorithm will be
-adequately demonstrated:</font></p>
-<ol>
-<font size="3"><li>Select p=3 and q=5.
-</li><li>The modulus n = pq = 15.
-</li><li>The value e must be relatively prime to (p-1)(q-1) = (2)(4) = 8. Select e=11
-</li><li>The value d must be chosen so that (ed-1)/[(p-1)(q-1)] is an
-integer. Thus, the value (11d-1)/[(2)(4)] = (11d-1)/8 must be an
-integer. Calculate one possible value, d=3.
-</li><li>Let's say we wish to send the string <b>SECRET</b>. For this
-example, we will convert the string to the decimal representation of
-the ASCII values of the characters, which would be <b>83 69 67 82 69 84</b>.
-</li><li>The sender encrypts each digit one at a time (we have to
-because the modulus is so small) using the public key value
-(e,n)=(11,15). Thus, each ciphertext character C<sub>i</sub>&nbsp;=&nbsp;M<sub>i</sub><sup>11</sup>&nbsp;mod&nbsp;15. The input digit string <b>0x836967826984</b> will be transmitted as <b>0x2c696d286924</b>.
-</li><li>The receiver decrypts each digit using the private key value (d,n)=(3,15). Thus, each plaintext character M<sub>i</sub>&nbsp;=&nbsp;C<sub>i</sub><sup>3</sup>&nbsp;mod&nbsp;15. The input digit string <b>0x2c696d286924</b> will be converted to <b>0x836967826984</b> and, presumably, reassembled as the plaintext string <b>SECRET</b>.
-</li></font></ol>
-<p>
-<font size="3">Again, the example above uses small values for
-simplicity and, in fact, shows the weakness of small values; note that
-4, 6, and 9 do not change when encrypted, and that the values 2 and 8
-encrypt to 8 and 2, respectively. Nevertheless, this simple example
-demonstrates how RSA can be used to exchange information.</font></p>
-
-<p>
-<font size="3">RSA keylengths of 512 and 768 bits are considered to be
-pretty weak. The minimum suggested RSA key is 1024 bits; 2048 and 3072
-bits are even better.</font></p>
-
-<p>
-<font size="3">As an aside, Adam Back (<a href="http://www.cypherspace.org/%7Eadam/">http://www.cypherspace.org/~adam/</a>) wrote a two-line Perl script to implement RSA. It employs <font face="courier">dc</font>, an arbitrary precision arithmetic package that ships with most UNIX systems:</font></p>
-
-<table align="center" border="0">
-<tbody><tr><td>
-<pre>print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",&lt;&gt;
-)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0&lt;X+d*lMLa^*lN%0]dsXx++lMlN/dsM0&lt;J]dsJxp"|dc`
-</pre>
-</td></tr></tbody></table>
-
-<font size="3"><a name="desmath"><h3>5.4. Some of the Finer Details of DES, Breaking DES, and DES Variants</h3></a>
-</font><p>
-<font size="3">The Data Encryption Standard (DES) has been in use since
-the mid-1970s, adopted by the National Bureau of Standards (NBS) [now
-the National Institute for Standards and Technology (NIST)] as Federal
-Information Processing Standard 46 (<a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf">FIPS 46-3</a>) and by the American National Standards Institute (ANSI) as X3.92.</font></p>
-<p>
-<font size="3">As mentioned earlier, DES uses the Data Encryption
-Algorithm (DEA), a secret key block-cipher employing a 56-bit key
-operating on 64-bit blocks. <a href="http://www.itl.nist.gov/div897/pubs/fip81.htm">FIPS 81</a>
-describes four modes of DES operation: Electronic Codebook (ECB),
-Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback
-(OFB). Despite all of these options, ECB is the most commonly deployed
-mode of operation.</font></p>
-<p>
-<font size="3">NIST finally declared DES obsolete in 2004, and withdrew FIPS 46-3, 74, and 81 (<a href="http://csrc.nist.gov/Federal-register/July26-2004-FR-DES-Notice.pdf" target="_blank"><i>Federal Register</i>, July 26, 2004, <i>69</i>(142), 44509-44510</a>).
-Although other block ciphers will replace DES, it is still interesting
-to see how DES encryption is performed; not only is it sort of neat,
-but DES was the first crypto scheme commonly seen in non-govermental
-applications and was the catalyst for modern "public" cryptography. DES
-remains in many products &#8212; and cryptography students and cryptographers
-will continue to study DES for years to come.</font></p>
-
-<p><font size="3"><b>DES Operational Overview</b></font></p>
-<p>
-<font size="3">DES uses a 56-bit key. In fact, the 56-bit key is
-divided into eight 7-bit blocks and an 8th odd parity bit is added to
-each block (i.e., a "0" or "1" is added to the block so that there are
-an odd number of 1 bits in each 8-bit block). By using the 8 parity
-bits for rudimentary error detection, a DES key is actually 64 bits in
-length for computational purposes (although it only has 56 bits worth
-of randomness, or <i>entropy</i>).</font></p>
-
-<font size="3"><a name="fig06"><br>
-</a></font><center><table border="1"><tbody><tr><td>
-<img src="index_files/crypto_des.gif">
-<br><br>
-<h4>FIGURE 6: DES enciphering algorithm.</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><a name="fig06"><br>
-</a></font><p>
-<font size="3"><a name="fig06">DES then acts on 64-bit blocks of the
-plaintext, invoking 16 rounds of permutations, swaps, and substitutes,
-as shown in Figure 6. The standard includes tables describing all of
-the selection, permutation, and expansion operations mentioned below;
-these aspects of the algorithm are not secrets. The basic DES steps are:</a></font></p>
-<ol>
-<font size="3"><li><a name="fig06">The 64-bit block to be encrypted
-undergoes an initial permutation (IP), where each bit is moved to a new
-bit position; e.g., the 1st, 2nd, and 3rd bits are moved to the 58th,
-50th, and 42nd position, respectively.<br><br>
-</a></li><li><a name="fig06">The 64-bit permuted input is divided into two 32-bit blocks, called <i>left</i> and <i>right</i>, respectively. The initial values of the left and right blocks are denoted L<sub>0</sub> and R<sub>0</sub>.<br><br>
-</a></li><li><a name="fig06">There are then 16 rounds of operation on the L and R blocks. During each iteration (where <i>n</i> ranges from 1 to 16), the following formulae apply:
-</a><ul>
-<a name="fig06">L<sub>n</sub> = R<sub>n-1</sub><br>
-R<sub>n</sub> = L<sub>n-1</sub> XOR f(R<sub>n-1</sub>,K<sub>n</sub>)
-</a></ul>
-<a name="fig06">At any given step in the process, then, the new L block
-value is merely taken from the prior R block value. The new R block is
-calculated by taking the bit-by-bit exclusive-OR (XOR) of the prior L
-block with the results of applying the DES cipher function, <i>f</i>, to the prior R block and K<sub>n</sub>. (K<sub>n</sub>
-is a 48-bit value derived from the 64-bit DES key. Each round uses a
-different 48 bits according to the standard's Key Schedule algorithm.)
-</a><p>
-<a name="fig06">The cipher function, f, combines the 32-bit R block
-value and the 48-bit subkey in the following way. First, the 32 bits in
-the R block are expanded to 48 bits by an expansion function (E); the
-extra 16 bits are found by repeating the bits in 16 predefined
-positions. The 48-bit expanded R-block is then ORed with the 48-bit
-subkey. The result is a 48-bit value that is then divided into eight
-6-bit blocks. These are fed as input into 8 selection (S) boxes,
-denoted S<sub>1</sub>,...,S<sub>8</sub>. Each 6-bit input yields a
-4-bit output using a table lookup based on the 64 possible inputs; this
-results in a 32-bit output from the S-box. The 32 bits are then
-rearranged by a permutation function (P), producing the results from
-the cipher function.
-<br><br>
-</a></p></li><li><a name="fig06">The results from the final DES round &#8212; i.e., L<sub>16</sub> and R<sub>16</sub> &#8212; are recombined into a 64-bit value and fed into an inverse initial permutation (IP<sup>-1</sup>).
-At this step, the bits are rearranged into their original positions, so
-that the 58th, 50th, and 42nd bits, for example, are moved back into
-the 1st, 2nd, and 3rd positions, respectively. The output from IP<sup>-1</sup> is the 64-bit ciphertext block.
-</a></li></font></ol>
-<p>
-<font size="3"><a name="fig06">Consider this example with the given 56-bit key and input:</a></font></p>
-<ul>
-<font size="3"><a name="fig06">Key: <b><font face="courier">1100101 0100100 1001001 0011101 0110101 0101011 1101100 0011010</font></b><br><br>
-Input character string:&nbsp;<b><font face="courier"> GoAggies</font></b><br>
-Input bit string:&nbsp;<b><font face="courier"> 11100010 11110110 10000010 11100110 11100110 10010110 10100110 11001110</font></b><br><br>
-Output bit string: <b><font face="courier">10011111 11110010 10000000 10000001 01011011 00101001 00000011 00101111</font></b><br>
-Output character string: <b><font face="courier">�O

<!--129-->�&#8221;��</font></b>
-</a></font></ul>
-
-<p><font size="3"><a name="fig06"><b>Breaking DES</b></a></font></p>
-<p>
-<font size="3"><a name="fig06">The mainstream cryptographic community
-has long held that DES's 56-bit key was too short to withstand a
-brute-force attack from modern computers. Remember Moore's Law:
-computer power doubles every 18 months. Given that increase in power, a
-key that could withstand a brute-force guessing attack in 1975 could
-hardly be expected to withstand the same attack a quarter century later.</a></font></p>
-<p>
-<font size="3"><a name="fig06">DES is even more vulnerable to a
-brute-force attack because it is often used to encrypt words, meaning
-that the entropy of the 64-bit block is, effectively, greatly reduced.
-That is, if we are encrypting random bit streams, then a given byte
-might contain any one of 2<sup>8</sup> (256) possible values and the entire 64-bit block has 2<sup>64</sup>,
-or about 18.5 quintillion, possible values. If we are encrypting words,
-however, we are most likely to find a limited set of bit patterns;
-perhaps 70 or so if we account for upper and lower case letters, the
-numbers, space, and some punctuation. This means that only about �<!--1/4--> of the bit combinations of a given byte are likely to occur. </a></font></p>
-<p>
-<font size="3"><a name="fig06">Despite this criticism, the U.S.
-government insisted throughout the mid-1990s that 56-bit DES was secure
-and virtually unbreakable if appropriate precautions were taken. In
-response, RSA Laboratories sponsored a series of </a><a href="http://www.rsasecurity.com/rsalabs/challenges/">cryptographic challenges</a> to prove that DES was no longer appropriate for use.</font></p>
-<p>
-<font size="3">DES Challenge I was launched in March 1997. It was
-completed in 84 days by R. Verser in a collaborative effort using
-thousands of computers on the Internet.</font></p>
-<p>
-<font size="3">The first DES II challenge lasted 40 days in early 1998. This problem was solved by <a href="http://www.distributed.net/">distributed.net</a>,
-a worldwide distributed computing network using the spare CPU cycles of
-computers around the Internet (participants in distributed.net's
-activities load a client program that runs in the background,
-conceptually similar to the SETI @Home "Search for Extraterrestrial
-Intelligence" project). The distributed.net systems were checking 28 <i>billion</i> keys per second by the end of the project.</font></p>
-<p>
-<font size="3">The second DES II challenge lasted less than 3 days. On
-July 17, 1998, the Electronic Frontier Foundation (EFF) announced the
-construction of hardware that could brute-force a DES key in an average
-of 4.5 days. Called Deep Crack, the device could check 90 billion keys
-per second and cost only about $220,000 including design (it was
-erroneously and widely reported that subsequent devices could be built
-for as little as $50,000). Since the design is scalable, this suggests
-that an organization could build a DES cracker that could break 56-bit
-keys in an average of a day for as little as $1,000,000. Information
-about the hardware design and all software can be obtained from the <a href="http://www.eff.org/pub/Privacy/Crypto_misc/DES_Cracking">EFF</a>.</font></p>
-<p>
-<font size="3">The DES III challenge, launched in January 1999, was
-broken is less than a day by the combined efforts of Deep Crack and
-distributed.net. This is widely considered to have been the final nail
-in DES's coffin.</font></p>
-<p>
-<font size="3">The Deep Crack algorithm is actually quite interesting.
-The general approach that the DES Cracker Project took was not to break
-the algorithm mathematically but instead to launch a brute-force attack
-by guessing every possible key. A 56-bit key yields 2<sup>56</sup>, or
-about 72 quadrillion, possible values. So the DES cracker team looked
-for any shortcuts they could find! First, they assumed that <i>some</i>
-recognizable plaintext would appear in the decrypted string even though
-they didn't have a specific known plaintext block. They then applied
-all 2<sup>56</sup> possible key values to the 64-bit block (I don't
-mean to make this sound simple!). The system checked to see if the
-decrypted value of the block was "interesting," which they defined as
-bytes containing one of the alphanumeric characters, space, or some
-punctuation. Since the likelihood of a single byte being "interesting"
-is about �, then the likelihood of the entire 8-byte stream being
-"interesting" is about �<sup>8</sup>, or 1/65536 (�<sup>16</sup>). This dropped the number of possible keys that might yield positive results to about 2<sup>40</sup>, or about a trillion.</font></p>
-<p>
-<font size="3">They then made the assumption that an "interesting"
-8-byte block would be followed by another "interesting" block. So, if
-the first block of ciphertext decrypted to something interesting, they
-decrypted the next block; otherwise, they abandoned this key. Only if
-the second block was also "interesting" did they examine the key
-closer. Looking for 16 consecutive bytes that were "interesting" meant
-that only 2<sup>24</sup>, or 16 million, keys needed to be examined
-further. This further examination was primarily to see if the text made
-any sense. Note that possible "interesting" blocks might be <font face="courier">1hJ5&amp;aB7</font> or <font face="courier">DEPOSITS</font>;
-the latter is more likely to produce a better result. And even a slow
-laptop today can search through lists of only a few million items in a
-relatively short period of time. (Interested readers are urged to read <i>Cracking DES</i> and EFF's <a href="http://www.eff.org/descracker/"> Cracking DES</a> page.)</font></p>
-<p>
-<font size="3">It is well beyond the scope of this paper to discuss
-other forms of breaking DES and other codes. Nevertheless, it is worth
-mentioning a couple of forms of cryptanalysis that have been shown to
-be effective against DES. <i>Differential cryptanalysis</i>, invented
-in 1990 by E. Biham and A. Shamir (of RSA fame), is a chosen-plaintext
-attack. By selecting pairs of plaintext with particular differences,
-the cryptanalyst examines the differences in the resultant ciphertext
-pairs. <i>Linear plaintext</i>, invented by M. Matsui, uses a linear
-approximation to analyze the actions of a block cipher (including DES).
-Both of these attacks can be more efficient than brute force.</font></p>
-
-<p><font size="3"><b>DES Variants</b></font></p>
-<p>
-<font size="3">Once DES was "officially" broken, several variants
-appeared. But none of them came overnight; work at hardening DES had
-already been underway. In the early 1990s, there was a proposal to
-increase the security of DES by effectively increasing the key length
-by using multiple keys with multiple passes. But for this scheme to
-work, it had to first be shown that the DES function is <b>not</b> a <i>group</i>,
-as defined in mathematics. If DES was a group, then we could show that
-for two DES keys, X1 and X2, applied to some plaintext (P), we can find
-a single equivalent key, X3, that would provide the same result; i.e.,:</font></p>
-<p align="center">
-<font size="3">E<sub>X2</sub>(E<sub>X1</sub>(P)) = E<sub>X3</sub>(P)</font></p>
-<p>
-<font size="3">where E<sub>X</sub>(P) represents DES encryption of some plaintext <i>P</i> using DES key <i>X</i>.
-If DES were a group, it wouldn't matter how many keys and passes we
-applied to some plaintext; we could always find a single 56-bit key
-that would provide the same result.</font></p>
-<p>
-<font size="3">As it happens, DES was proven to not be a group so that
-as we apply additional keys and passes, the effective key length
-increases. One obvious choice, then, might be to use two keys and two
-passes, yielding an effective key length of 112 bits. Let's call this
-Double-DES. The two keys, Y1 and Y2, might be applied as follows:</font></p>
-<p align="center">
-<font size="3">C = E<sub>Y2</sub>(E<sub>Y1</sub>(P))<br>
-P = D<sub>Y1</sub>(D<sub>Y2</sub>(C))</font></p>
-<p>
-<font size="3">where E<sub>Y</sub>(P) and D<sub>Y</sub>(C) represent DES encryption and decryption, respectively, of some plaintext <i>P</i> and ciphertext <i>C</i>, respectively, using DES key <i>Y</i>.</font></p>
-<p>
-<font size="3">So far, so good. But there's an interesting attack that
-can be launched against this "Double-DES" scheme. First, notice that
-the applications of the formula above can be thought of with the
-following individual steps (where C' and P' are intermediate results):</font></p>
-<p align="center">
-<font size="3">C' = E<sub>Y1</sub>(P) and C = E<sub>Y2</sub>(C')<br>
-P' = D<sub>Y2</sub>(C) and P = D<sub>Y1</sub>(P')</font></p>
-<p>
-<font size="3">Unfortunately, C'=P'. That leaves us vulnerable to a simple <i>known plaintext</i>
-attack (sometimes called "Meet-in-the-middle") where the attacker knows
-some plaintext (P) and its matching ciphertext (C). To obtain C', the
-attacker needs to try all 2<sup>56</sup> possible values of Y1 applied to P; to obtain P', the attacker needs to try all 2<sup>56</sup> possible values of Y2 applied to C. Since C'=P', the attacker knows when a match has been achieved &#8212; after only 2<sup>56</sup> + 2<sup>56</sup> = 2<sup>57</sup> key searches, only twice the work of brute-forcing DES. So "Double-DES" won't work.</font></p>
-<p>
-<font size="3">Triple-DES (3DES), based upon the Triple Data Encryption Algorithm (TDEA), is described in <a href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf">FIPS 46-3</a>.
-3DES, which is not susceptible to a meet-in-the-middle attack, employs
-three DES passes and one, two, or three keys called K1, K2, and K3.
-Generation of the ciphertext (C) from a block of plaintext (P) is
-accomplished by:</font></p>
-<p align="center">
-<font size="3">C = E<sub>K3</sub>(D<sub>K2</sub>(E<sub>K1</sub>(P)))</font></p>
-<p>
-<font size="3">where E<sub>K</sub>(P) and D<sub>K</sub>(P) represent DES encryption and decryption, respectively, of some plaintext <i>P</i> using DES key <i>K</i>. (For obvious reasons, this is sometimes referred to as an <i>encrypt-decrypt-encrypt mode</i> operation.)</font></p>
-<p>
-<font size="3">Decryption of the ciphertext into plaintext is accomplished by:</font></p>
-<p align="center">
-<font size="3">P = D<sub>K1</sub>(E<sub>K2</sub>(D<sub>K3</sub>(C)))</font></p>
-<p>
-<font size="3">The use of three, independent 56-bit keys provides 3DES
-with an effective key length of 168 bits. The specification also
-defines use of two keys where, in the operations above, K3 = K1; this
-provides an effective key length of 112 bits. Finally, a third keying
-option is to use a single key, so that K3 = K2 = K1 (in this case, the
-effective key length is 56 bits and 3DES applied to some plaintext, P,
-will yield the same ciphertext, C, as normal DES would with that same
-key). Given the relatively low cost of key storage and the modest
-increase in processing due to the use of longer keys, the best
-recommended practices are that 3DES be employed with three keys.</font></p>
-<p>
-<font size="3">Another variant of DES, called DESX, is due to Ron
-Rivest. Developed in 1996, DESX is a very simple algorithm that greatly
-increases DES's resistance to brute-force attacks without increasing
-its computational complexity. In DESX, the plaintext input is XORed
-with 64 additional key bits prior to encryption and the output is
-likewise XORed with the 64 key bits. By adding just two XOR operations,
-DESX has an effective keylength of 120 bits against an exhaustive
-key-search attack. As it happens, DESX is no more immune to other types
-of more sophisticated attacks, such as differential or linear
-cryptanalysis, but brute-force is the primary attack vector on DES.</font></p>
-
-<font size="3"><a name="pgp"><h3>5.5. Pretty Good Privacy (PGP)</h3></a>
-</font><p>
-<font size="3">Pretty Good Privacy (PGP) is one of today's most widely used public key cryptography programs. Developed by <a href="http://www.philzimmermann.com/"> Philip Zimmermann</a>
-in the early 1990s and long the subject of controversy, PGP is
-available as a plug-in for many e-mail clients, such as Claris Emailer,
-Microsoft Outlook/Outlook Express, and Qualcomm Eudora.</font></p>
-<p>
-<font size="3">PGP can be used to sign or encrypt e-mail messages with
-the mere click of the mouse. Depending upon the version of PGP, the
-software uses SHA or MD5 for calculating the message hash; CAST,
-Triple-DES, or IDEA for encryption; and RSA or DSS/Diffie-Hellman for
-key exchange and digital signatures.</font></p>
-<p>
-<font size="3">When PGP is first installed, the user has to create a
-key-pair. One key, the public key, can be advertised and widely
-circulated. The private key is protected by use of a <i>passphrase</i>. The passphrase has to be entered every time the user accesses their private key.</font></p>
-
-<font size="3"><a name="fig07"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="600">
-<pre>
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA1
-
- Hi Carol.
-
- What was that pithy Groucho Marx quote?
-
- /kess
-
- -----BEGIN PGP SIGNATURE-----
- Version: PGP for Personal Privacy 5.0
- Charset: noconv
-
- iQA/AwUBNFUdO5WOcz5SFtuEEQJx/ACaAgR97+vvDU6XWELV/GANjAAgBtUAnjG3
- Sdfw2JgmZIOLNjFe7jP0Y8/M
- =jUAU
- -----END PGP SIGNATURE-----
-</pre>
-<p>
-</p><h4>FIGURE 7: A PGP signed message. The sender uses their private
-key; at the destination, the sender's e-mail address yields the public
-key from the receiver's keyring.</h4>
-</td></tr></tbody></table>
-</center>
-
-<font size="3"><br>
-</font><p>
-<font size="3">Figure 7 shows a PGP signed message. This message will
-not be kept secret from an eavesdropper, but a recipient can be assured
-that the message has not been altered from what the sender transmitted.
-In this instance, the sender signs the message using their own private
-key. The receiver uses the sender's public key to verify the signature;
-the public key is taken from the receiver's keyring based on the
-sender's e-mail address. Note that the signature process does not work
-unless the sender's public key is on the receiver's keyring.</font></p>
-
-<font size="3"><a name="fig08"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="600">
-<pre>
------BEGIN PGP MESSAGE-----
-Version: PGP for Personal Privacy 5.0
-MessageID: DAdVB3wzpBr3YRunZwYvhK5gBKBXOb/m
-
-qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
-ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
-c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv
-z/9Ak4/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
-uLLem2/fQHZhGcQvkqZVqXx8SmNw5gzuvwjV1WHj9muDGBY0MkjiZIRI7azWnoU9
-3KCnmpR60VO4rDRAS5uGl9fioSvze+q8XqxubaNsgdKkoD+tB/4u4c4tznLfw1L2
-YBS+dzFDw5desMFSo7JkecAS4NB9jAu9K+f7PTAsesCBNETDd49BTOFFTWWavAfE
-gLYcPrcn4s3EriUgvL3OzPR4P1chNu6sa3ZJkTBbriDoA3VpnqG3hxqfNyOlqAka
-mJJuQ53Ob9ThaFH8YcE/VqUFdw+bQtrAJ6NpjIxi/x0FfOInhC/bBw7pDLXBFNaX
-HdlLQRPQdrmnWskKznOSarxq4GjpRTQo4hpCRJJ5aU7tZO9HPTZXFG6iRIT0wa47
-AR5nvkEKoIAjW5HaDKiJriuWLdtN4OXecWvxFsjR32ebz76U8aLpAK87GZEyTzBx
-dV+lH0hwyT/y1cZQ/E5USePP4oKWF4uqquPee1OPeFMBo4CvuGyhZXD/18Ft/53Y
-WIebvdiCqsOoabK3jEfdGExce63zDI0=
-=MpRf
------END PGP MESSAGE-----
-</pre>
-<p>
-</p><h4>FIGURE 8: A PGP encrypted message. The receiver's e-mail
-address is the pointer to the public key in the sender's keyring. At
-the destination side, the receiver uses their own private key.</h4>
-</td></tr></tbody></table>
-</center>
-
-<font size="3"><br>
-</font><p>
-<font size="3">Figure 8 shows a PGP encrypted message (PGP compresses
-the file, where practical, prior to encryption because encrypted files
-lose their randomness and, therefore, cannot be compressed). In this
-case, public key methods are used to exchange the session key for the
-actual message encryption using secret-key cryptography. In this case,
-the receiver's e-mail address is the pointer to the public key in the
-sender's keyring; in fact, the same message can be sent to multiple
-recipients and the message will not be significantly longer since all
-that needs to be added is the session key encrypted by each receiver's
-private key. When the message is received, the recipient must use their
-private key to extract the session secret key to successfully decrypt
-the message (Figure 9).</font></p>
-
-<font size="3"><a name="fig09"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="400">
-<pre>
- Hi Gary,
-
- "Outside of a dog, a book is man's best friend.
- Inside of a dog, it's too dark to read."
-
- Carol
-</pre>
-<p>
-</p><h4>FIGURE 9: The decrypted message.</h4>
-</td></tr></tbody></table>
-</center>
-
-<font size="3"><br>
-</font><p>
-<font size="3">It is worth noting that PGP was one of the first
-so-called "hybrid cryptosystems" that combined aspects of SKC and PKC.
-When Zimmermann was first designing PGP in the late-1980s, he wanted to
-use RSA to encrypt the entire message. The PCs of the days, however,
-suffered significant performance degradation when executing RSA so he
-hit upon the idea of using SKC to encrypt the message and PKC to
-encrypt the SKC key.</font></p>
-<p>
-<font size="3">The state of PGP is in flux as of the fall of 2002.
-Zimmermann sold PGP to Network Associates, Inc. (NAI) in 1997 and
-himself resigned from NAI in early 2001. In March 2002, NAI announced
-that they were dropping support for the commercial version of PGP
-having failed to find a buyer for the product willing to pay what NAI
-wanted. In August 2002, PGP was purchased from NAI by PGP Corp. (<i><a href="http://www.pgp.com/">http://www.pgp.com/</a></i>).</font></p>
-<font size="3"><br>
-
-<a name="ipsec"><h3>5.6. IP Security (IPsec) Protocol</h3></a>
-</font><blockquote>
-<p>
-<font size="3"><b>NOTE:</b> The information in this section assumes
-that the reader is familiar with the Internet Protocol (IP), at least
-to the extent of the packet format and header contents. More
-information about IP can be found in <a href="http://www.garykessler.net/library/tcpip.html"><i> An Overview of TCP/IP Protocols and the Internet</i></a>. More information about IPv6 can be found in <a href="http://www.garykessler.net/library/ipv6_exp.html"> IPv6: The Next Generation Internet Protocol</a>.</font></p>
-</blockquote>
-<p>
-<font size="3">The Internet and the TCP/IP protocol suite were not
-built with security in mind. This statement is not meant as a
-criticism; the baseline UDP, TCP, IP, and ICMP protocols were written
-in 1980 and built for the relatively closed ARPANET community. TCP/IP
-wasn't designed for the commercial-grade financial transactions that
-they now see nor for virtual private networks (VPNs) on the Internet.
-To bring TCP/IP up to today's security necessities, the Internet
-Engineering Task Force (IETF) formed the <a href="http://www.ietf.org/html.charters/ipsec-charter.html">IP Security Protocol Working Group</a>
-which, in turn, developed the IP Security (IPsec) protocol. IPsec is
-not a single protocol, in fact, but a suite of protocols providing a
-mechanism to provide data integrity, authentication, privacy, and
-nonrepudiation for the classic Internet Protocol (IP). Although
-intended primarily for IP version 6 (IPv6), IPsec can also be employed
-by the current version of IP, namely IP version 4 (IPv4).</font></p>
-<p>
-<font size="3">As shown in <a href="#tab03-ipsec">Table 3</a>, IPsec is described in nearly a dozen RFCs. <a href="http://www.rfc-editor.org/rfc/rfc4301.txt"> RFC 4301</a>, in particular, describes the overall IP security architecture and <a href="http://www.rfc-editor.org/rfc/rfc2411.txt">RFC 2411</a> provides an overview of the IPsec protocol suite and the documents describing it.</font></p>
-<p>
-<font size="3">IPsec can provide either message authentication and/or
-encryption. The latter requires more processing than the former, but
-will probably end up being the preferred usage for applications such as
-VPNs and secure electronic commerce.</font></p>
-<p>
-<font size="3">Central to IPsec is the concept of a <i>security association (SA)</i>.
-Authentication and confidentiality using AH or ESP use SAs and a
-primary role of IPsec key exchange it to establish and maintain SAs. An
-SA is a simplex (one-way or unidirectional) logical connection between
-two communicating IP endpoints that provides security services to the
-traffic carried by it using either AH or ESP procedures. The endpoint
-of an SA can be an IP host or IP security gateway (e.g., a proxy
-server, VPN server, etc.). Providing security to the more typical
-scenario of two-way (bi-directional) communication between two
-endpoints requires the establishment of two SAs (one in each direction).</font></p>
-<p>
-<font size="3">An SA is uniquely identified by a 3-tuple composed of:</font></p>
-<ul>
-<font size="3"><li>Security Parameter Index (SPI), a 32-bit identifier of the connection</li>
-<li>IP Destination Address</li>
-<li>security protocol (AH or ESP) identifier</li>
-</font></ul>
-<p>
-<font size="3">The IP Authentication Header (AH), described in <a href="http://www.rfc-editor.org/rfc/rfc4302.txt">RFC 4302</a>, provides a mechanism for data integrity and data origin authentication for IP packets using HMAC with MD5 (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>), HMAC with SHA-1 (<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>), or HMAC with RIPEMD (<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>). See also <a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a>.</font></p>
-
-<font size="3"><a name="fig10"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="600">
-<pre>
-    0                   1                   2                   3
-    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   | Next Header   |  Payload Len  |          RESERVED             |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                 Security Parameters Index (SPI)               |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                    Sequence Number Field                      |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-   |                                                               |
-   +                Integrity Check Value-ICV (variable)           |
-   |                                                               |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</pre>
-<p>
-</p><h4>FIGURE 10: IPsec Authentication Header format. <i>(From RFC 4302)</i></h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-</font><p>
-<font size="3">Figure 10 shows the format of the IPsec AH. The AH is
-merely an additional header in a packet, more or less representing
-another protocol layer above IP (this is shown in Figure 12 below). Use
-of the IP AH is indicated by placing the value 51 (0x33) in the IPv4
-Protocol or IPv6 Next Header field in the IP packet header. The AH
-follows mandatory IPv4/IPv6 header fields and precedes higher layer
-protocol (e.g., TCP, UDP) information. The contents of the AH are:</font></p>
-<ul>
-<font size="3"><li><i>Next Header:</i> An 8-bit field that identifies the type of the next payload after the Authentication Header.</li>
-<li><i>Payload Length:</i> An 8-bit field that indicates the length of
-AH in 32-bit words (4-byte blocks), minus "2". [The rationale for this
-is somewhat counter intuitive but technically important. All IPv6
-extension headers encode the header extension length (Hdr Ext Len)
-field by first subtracting 1 from the header length, which is measured
-in 64-bit words. Since AH was originally developed for IPv6, it is an
-IPv6 extension header. Since its length is measured in 32-bit words,
-however, the Payload Length is calculated by subtracting 2 (32 bit
-words) to maintain consistency with IPv6 coding rules.] In the default
-case, the three 32-bit word fixed portion of the AH is followed by a
-96-bit authentication value, so the Payload Length field value would be
-4.</li>
-<li><i>Reserved:</i> This 16-bit field is reserved for future use and always filled with zeros.</li>
-<li><i>Security Parameters Index (SPI):</i> An arbitrary 32-bit value
-that, in combination with the destination IP address and security
-protocol, uniquely identifies the Security Association for this
-datagram. The value 0 is reserved for local, implementation-specific
-uses and values between 1-255 are reserved by the Internet Assigned
-Numbers Authority (IANA) for future use.</li>
-<li><i>Sequence Number:</i> A 32-bit field containing a sequence number
-for each datagram; initially set to 0 at the establishment of an SA. AH
-uses sequence numbers as an anti-replay mechanism, to prevent a
-"person-in-the-middle" attack. If anti-replay is enabled (the default),
-the transmitted Sequence Number is never allowed to cycle back to 0;
-therefore, the sequence number must be reset to 0 by establishing a new
-SA prior to the transmission of the 2<sup>32</sup>nd packet.</li>
-<li><i>Authentication Data:</i> A variable-length, 32-bit aligned field
-containing the Integrity Check Value (ICV) for this packet (default
-length = 96 bits). The ICV is computed using the authentication
-algorithm specified by the SA, such as DES, MD5, or SHA-1. Other
-algorithms <i>may</i> also be supported.</li>
-</font></ul>
-<p>
-<font size="3">The IP Encapsulating Security Payload (ESP), described in <a href="http://www.rfc-editor.org/rfc/rfc4303.txt">RFC 4303</a>,
-provides message integrity and privacy mechanisms in addition to
-authentication. As in AH, ESP uses HMAC with MD5, SHA-1, or RIPEMD
-authentication (<a href="http://www.rfc-editor.org/rfc/rfc2403.txt">RFC 2403</a>/<a href="http://www.rfc-editor.org/rfc/rfc2404.txt">RFC 2404</a>/<a href="http://www.rfc-editor.org/rfc/rfc2857.txt">RFC 2857</a>); privacy is provided using DES-CBC encryption (<a href="http://www.rfc-editor.org/rfc/rfc2405.txt">RFC 2405</a>), NULL encryption (<a href="http://www.rfc-editor.org/rfc/rfc2410.txt">RFC 2410</a>), other CBC-mode algorithms (<a href="http://www.rfc-editor.org/rfc/rfc2451.txt">RFC 2451</a>), or AES (<a href="http://www.rfc-editor.org/rfc/rfc3686.txt">RFC 3686</a>). See also <a href="http://www.rfc-editor.org/rfc/rfc4305.txt">RFC 4305</a> and <a href="http://www.rfc-editor.org/rfc/rfc4308.txt">RFC 4308</a>.</font></p>
-
-<font size="3"><a name="fig11"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="675">
-<pre>
-    0                   1                   2                   3
-    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ----
-   |               Security Parameters Index (SPI)                 | ^Int.
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
-   |                      Sequence Number                          | |ered
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ----  
-   |                    Payload Data* (variable)                   | |   ^
-   ~                                                               ~ |   |
-   |                                                               | |Conf.
-   +               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Cov-
-   |               |     Padding (0-255 bytes)                     | |ered*
-   +-+-+-+-+-+-+-+-+               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |   |
-   |                               |  Pad Length   | Next Header   | v   v
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ------
-   |         Integrity Check Value-ICV   (variable)                |
-   ~                                                               ~
-   |                                                               |
-   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
-       * If included in the Payload field, cryptographic synchronization
-         data, e.g., an Initialization Vector (IV), usually is not
-         encrypted per se, although it often is referred to as being
-         being part of the ciphertext.
-
-</pre>
-<p>
-</p><h4>FIGURE 11: IPsec Encapsulating Security Payload format. <i>(From RFC 4303)</i></h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-</font><p>
-<font size="3">Figure 11 shows the format of the IPsec ESP information.
-Use of the IP ESP format is indicated by placing the value 50 (0x32) in
-the IPv4 Protocol or IPv6 Next Header field in the IP packet header.
-The ESP header (i.e., SPI and sequence number) follows mandatory
-IPv4/IPv6 header fields and precedes higher layer protocol (e.g., TCP,
-UDP) information. The contents of the ESP packet are:</font></p>
-<ul>
-<font size="3"><li><i>Security Parameters Index:</i> (see description for this field in the AH, above.)</li>
-<li><i>Sequence Number:</i> (see description for this field in the AH, above.)</li>
-<li><i>Payload Data:</i> A variable-length field containing data as
-described by the Next Header field. The contents of this field could be
-encrypted higher layer data or an encrypted IP packet.</li>
-<li><i>Padding:</i> Between 0 and 255 octets of padding may be added to
-the ESP packet. There are several applications that might use the
-padding field. First, the encryption algorithm that is used may require
-that the plaintext be a multiple of some number of bytes, such as the
-block size of a block cipher; in this case, the Padding field is used
-to fill the plaintext to the size required by the algorithm. Second,
-padding may be required to ensure that the ESP packet and resulting
-ciphertext terminate on a 4-byte boundary. Third, padding may be used
-to conceal the actual length of the payload. Unless another value is
-specified by the encryption algorithm, the Padding octets take on the
-value 1, 2, 3, ... starting with the first Padding octet. This scheme
-is used because, in addition to being simple to implement, it provides
-some protection against certain forms of "cut and paste" attacks.</li>
-<li><i>Pad Length:</i> An 8-bit field indicating the number of bytes in the Padding field; contains a value between 0-255.</li>
-<li><i>Next Header:</i> An 8-bit field that identifies the type of data
-in the Payload Data field, such as an IPv6 extension header or a higher
-layer protocol identifier.</li>
-<li><i>Authentication Data:</i> (see description for this field in the AH, above.)</li>
-</font></ul>
-<p>
-<font size="3">Two types of SAs are defined in IPsec, regardless of whether AH or ESP is employed. A <i>transport mode SA</i>
-is a security association between two hosts. Transport mode provides
-the authentication and/or encryption service to the higher layer
-protocol. This mode of operation is only supported by IPsec hosts. A <i>tunnel mode SA</i>
-is a security association applied to an IP tunnel. In this mode, there
-is an "outer" IP header that specifies the IPsec destination and an
-"inner" IP header that specifies the destination for the IP packet.
-This mode of operation is supported by both hosts and security gateways.</font></p>
-
-<font size="3"><a name="fig12"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="675">
-<pre>
-  <b>ORIGINAL PACKET BEFORE APPLYING AH</b>
-
-         ----------------------------
-   <b>IPv4</b>  |orig IP hdr  |     |      |
-         |(any options)| TCP | Data |
-         ----------------------------
-
-         ---------------------------------------
-   <b>IPv6</b>  |             | ext hdrs |     |      |
-         | orig IP hdr |if present| TCP | Data |
-         ---------------------------------------
-
-  <b>AFTER APPLYING AH (TRANSPORT MODE)</b>
-
-          -------------------------------------------------------
-    <b>IPv4</b>  |original IP hdr (any options) | AH | TCP |    Data   |
-          -------------------------------------------------------
-          |&lt;- mutable field processing -&gt;|&lt;- immutable fields -&gt;|
-          |&lt;----- authenticated except for mutable fields -----&gt;|
-
-         ------------------------------------------------------------
-   <b>IPv6</b>  |             |hop-by-hop, dest*, |    | dest |     |      |
-         |orig IP hdr  |routing, fragment. | AH | opt* | TCP | Data |
-         ------------------------------------------------------------
-         |&lt;--- mutable field processing --&gt;|&lt;-- immutable fields --&gt;|
-         |&lt;---- authenticated except for mutable fields -----------&gt;|
-
-               * = if present, could be before AH, after AH, or both
-
-
-  <b>AFTER APPLYING AH (TUNNEL MODE)</b>
-
-        ----------------------------------------------------------------
-   <b>IPv4</b> |                              |    | orig IP hdr*  |   |      |
-        |new IP header * (any options) | AH | (any options) |TCP| Data |
-        ----------------------------------------------------------------
-        |&lt;- mutable field processing -&gt;|&lt;------ immutable fields -----&gt;|
-        |&lt;- authenticated except for mutable fields in the new IP hdr-&gt;|
-
-        --------------------------------------------------------------
-   <b>IPv6</b> |           | ext hdrs*|    |            | ext hdrs*|   |    |
-        |new IP hdr*|if present| AH |orig IP hdr*|if present|TCP|Data|
-        --------------------------------------------------------------
-        |&lt;--- mutable field --&gt;|&lt;--------- immutable fields --------&gt;|
-        |       processing     |
-        |&lt;-- authenticated except for mutable fields in new IP hdr -&gt;|
-
-          * = if present, construction of outer IP hdr/extensions and
-              modification of inner IP hdr/extensions is discussed in
-              the Security Architecture document.
-
-</pre>
-<p>
-</p><h4>FIGURE 12: IPsec tunnel and transport modes for AH. <i>(Adapted from RFC 4302)</i></h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-</font><p>
-<font size="3">Figure 12 show the IPv4 and IPv6 packet formats when
-using AH in both transport and tunnel modes. Initially, an IPv4 packet
-contains a normal IPv4 header (which may contain IP options), followed
-by the higher layer protocol header (e.g., TCP or UDP), followed by the
-higher layer data itself. An IPv6 packet is similar except that the
-packet starts with the mandatory IPv6 header followed by any IPv6
-extension headers, and then followed by the higher layer data.</font></p>
-<p>
-<font size="3">Note that in both transport and tunnel modes, the <b>entire</b> IP packet is covered by the authentication <i>except for the mutable fields.</i> A field is <i>mutable</i>
-if its value might change during transit in the network; IPv4 mutable
-fields include the fragment offset, time to live, and checksum fields.
-Note, in particular, that the address fields are <i>not</i> mutable.</font></p>
-<font size="3"><br>
-
-<a name="fig13"></a><br>
-</font><center>
-<table border="3" cellpadding="4">
-<tbody><tr><td width="675">
-<pre>
-    <b>ORIGINAL PACKET BEFORE APPLYING ESP</b>
-
-            ----------------------------
-      <b>IPv4</b>  |orig IP hdr  |     |      |
-            |(any options)| TCP | Data |
-            ----------------------------
-
-            ---------------------------------------
-      <b>IPv6</b>  |             | ext hdrs |     |      |
-            | orig IP hdr |if present| TCP | Data |
-            ---------------------------------------
-
-
-    <b>AFTER APPLYING ESP (TRANSPORT MODE)</b>
-
-            -------------------------------------------------
-      <b>IPv4</b>  |orig IP hdr  | ESP |     |      |   ESP   | ESP|
-            |(any options)| Hdr | TCP | Data | Trailer | ICV|
-            -------------------------------------------------
-                                |&lt;---- encryption ----&gt;|
-                          |&lt;-------- integrity -------&gt;|
-
-            ---------------------------------------------------------
-      <b>IPv6</b>  | orig |hop-by-hop,dest*,|   |dest|   |    | ESP   | ESP|
-            |IP hdr|routing,fragment.|ESP|opt*|TCP|Data|Trailer| ICV|
-            ---------------------------------------------------------
-                                         |&lt;--- encryption ----&gt;|
-                                     |&lt;------ integrity ------&gt;|
-
-                * = if present, could be before ESP, after ESP, or both
-
-
-    <b>AFTER APPLYING ESP (TUNNEL MODE)</b>
-
-            -----------------------------------------------------------
-      <b>IPv4</b>  | new IP hdr+ |     | orig IP hdr+  |   |    | ESP   | ESP|
-            |(any options)| ESP | (any options) |TCP|Data|Trailer| ICV|
-
-            -----------------------------------------------------------
-                                |&lt;--------- encryption ---------&gt;|
-                          |&lt;------------- integrity ------------&gt;|
-
-            ------------------------------------------------------------
-      <b>IPv6</b>  | new+ |new ext |   | orig+|orig ext |   |    | ESP   | ESP|
-            |IP hdr| hdrs+  |ESP|IP hdr| hdrs+   |TCP|Data|Trailer| ICV|
-            ------------------------------------------------------------
-                                |&lt;--------- encryption ----------&gt;|
-                            |&lt;------------ integrity ------------&gt;|
-
-            + = if present, construction of outer IP hdr/extensions and
-                modification of inner IP hdr/extensions is discussed in
-                the Security Architecture document.
-
-</pre>
-<p>
-</p><h4>FIGURE 13: IPsec tunnel and transport modes for ESP. <i>(Adapted from RFC 4303)</i></h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br><br>
-</font><p>
-<font size="3">Figure 13 shows the IPv4 and IPv6 packet formats when using ESP in both transport and tunnel modes.</font></p>
-<ul>
-<font size="3"><li>As with AH, we start with a standard IPv4 or IPv6 packet.</li>
-<li>In transport mode, the higher layer header and data, as well as ESP
-trailer information, is encrypted and the entire ESP packet is
-authenticated. In the case of IPv6, some of the IPv6 extension options
-can precede or follow the ESP header.</li>
-<li>In tunnel mode, the original IP packet is encrypted and placed
-inside of an "outer" IP packet, while the entire ESP packet is
-authenticated.</li>
-</font></ul>
-<p>
-<font size="3">Note a significant difference in the scope of ESP and
-AH. AH authenticates the entire packet transmitted on the network
-whereas ESP only covers a portion of the packet transmitted on the
-network (the higher layer data in transport mode and the entire
-original packet in tunnel mode). The reason for this is
-straight-forward; in AH, the authentication data for the transmission
-fits neatly into an additional header whereas ESP creates an entirely
-new packet which is the one encrypted and/or authenticated. But the
-ramifications are significant. ESP transport mode as well as AH in both
-modes protect the IP address fields of the original transmissions.
-Thus, using IPsec in conjunction with network address translation (NAT)
-<i>might</i> be problematic because NAT changes the values of these fields <i>after</i> IPsec processing.</font></p>
-<p>
-<font size="3">The third component of IPsec is the establishment of
-security associations and key management. These tasks can be
-accomplished in one of two ways.</font></p>
-<p>
-<font size="3">The simplest form of SA and key management is manual
-management. In this method, a security administer or other individual
-manually configures each system with the key and SA management data
-necessary for secure communication with other systems. Manual
-techniques are practical for small, reasonably static environments but
-they do not scale well.</font></p>
-<p>
-<font size="3">For successful deployment of IPsec, however, a scalable,
-automated SA/key management scheme is necessary. Several protocols have
-defined for these functions:</font></p>
-<ul>
-<font size="3"><li>The Internet Security Association and Key Management
-Protocol (ISAKMP) defines procedures and packet formats to establish,
-negotiate, modify and delete security associations, and provides the
-framework for exchanging information about authentication and key
-management (<a href="http://www.rfc-editor.org/rfc/rfc2407.txt">RFC 2407</a>/<a href="http://www.rfc-editor.org/rfc/rfc2408.txt">RFC 2408</a>). ISAKMP's security association and key management is totally separate from key exchange.</li>
-<li>The OAKLEY Key Determination Protocol (<a href="http://www.rfc-editor.org/rfc/rfc2412.txt">RFC 2412</a>)
-describes a scheme by which two authenticated parties can exchange key
-information. OAKLEY uses the Diffie-Hellman key exchange algorithm.</li>
-<li>The Internet Key Exchange (IKE) algorithm (<a href="http://www.rfc-editor.org/rfc/rfc2409.txt">RFC 2409</a>) is the default automated key management protocol for IPsec.</li>
-<li>An alternative to IKE is Photuris (<a href="http://www.rfc-editor.org/rfc/rfc2522.txt">RFC 2522</a>/<a href="http://www.rfc-editor.org/rfc/rfc2523.txt">RFC 2523</a>),
-a scheme for establishing short-lived session-keys between two
-authenticated parties without passing the session-keys across the
-Internet. IKE typically creates keys that may have very long lifetimes.</li>
-</font></ul>
-<p>
-<font size="3">On a final note, IPsec authentication for both AH and ESP uses a scheme called <i>HMAC</i>, a keyed-hashing message authentication code described in <a href="http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf"> FIPS 198</a> and <a href="http://www.rfc-editor.org/rfc/rfc2104.txt">RFC 2104</a>.
-HMAC uses a shared secret key between two parties rather than public
-key methods for message authentication. The generic HMAC procedure can
-be used with just about any hash algorithm, although IPsec specifies
-support for at least MD5 and SHA-1 because of their widespread use.</font></p>
-<p>
-<font size="3">In HMAC, both parties share a secret key. The secret key
-will be employed with the hash algorithm in a way that provides mutual
-authentication without transmitting the key on the line. IPsec key
-management procedures will be used to manage key exchange between the
-two parties.</font></p>
-<p>
-<font size="3">Recall that hash functions operate on a fixed-size block
-of input at one time; MD5 and SHA-1, for example, work on 64 byte
-blocks. These functions then generate a fixed-size hash value; MD5 and
-SHA-1, in particular, produce 16 byte (128 bit) and 20 byte (160 bit)
-output strings, respectively. For use with HMAC, the secret key (K)
-should be at least as long as the hash output.</font></p>
-<p>
-<font size="3">The following steps provide a simplified, although
-reasonably accurate, description of how the HMAC scheme would work with
-a particular plaintext MESSAGE:</font></p>
-<ol>
-<font size="3"><li>Pad K so that it is as long as an input block; call this padded key K<sub>p</sub>.</li>
-<li>Compute the hash of the padded key followed by the message, i.e., HASH (K<sub>p</sub>:MESSAGE).</li>
-<li>Transmit MESSAGE and the hash value.</li>
-<li>The receiver does the same procedure to pad K to create K<sub>p</sub>.</li>
-<li>The receiver computes HASH (K<sub>p</sub>:MESSAGE).</li>
-<li>The receiver compares the computed hash value with the received
-hash value. If they match, then the sender must know the secret key and
-the message is authenticated.</li>
-</font></ol>
-<font size="3"><br>
-
-</font><p></p>
-<font size="3"><a name="ssl"><h3>5.7. The SSL "Family" of Secure Transaction Protocols for the World Wide Web</h3></a>
-</font><p>
-<font size="3">The <a href="http://home.netscape.com/eng/ssl3/ssl-toc.html">Secure Sockets Layer (SSL)</a>
-protocol was developed by Netscape Communications to provide
-application-independent secure communication over the Internet for
-protocols such as the Hypertext Transfer Protocol (HTTP). SSL employs
-RSA and X.509 certificates during an initial handshake used to
-authenticate the server (client authentication is optional). The client
-and server then agree upon an encryption scheme; SSL v2 supports RC2
-and RC4 with 40-bit keys, while SSL v3 adds support for DES, RC4 with a
-128-bit key, and 3DES with a 168-bit key, all along with either MD5 or
-SHA-1 message hashes. SSL v3 is the commonly supported version on
-servers today, although some implementations of SSL v2 will still be
-found; both are supported by most common browsers (Figure 14).</font></p>
-
-<font size="3"><a name="fig14"></a><br>
-</font><center><table border="1"><tbody><tr><td>
-<img src="index_files/crypto_sslv3.gif">
-<br><br>
-<h4>FIGURE 14: SSL v3 configuration screen (Netscape Navigator).</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br>
-</font><p>
-<font size="3">In 1997, SSL v3 was found to be breakable. By this time,
-the Internet Engineering Task Force (IETF) had already started work on
-a new, non-proprietary protocol called Transport Layer Security (TLS),
-described in <a href="http://www.rfc-editor.org/rfc/rfc2246.txt">RFC 2246</a>. TLS extends SSL and supports additional crypto schemes, such as Diffie-Hellman key exchange and DSS digital signatures; <a href="http://www.rfc-editor.org/rfc/rfc4279.txt">RFC 4279</a>
-describes the pre-shared key crypto schemes supported by TLS. TLS is
-backward compatible with SSL (and, in fact, is recognized as SSL v3.1).</font></p>
-
-<font size="3"><a name="fig15"></a><br>
-</font><center><table border="1"><tbody><tr><td>
-<pre>                       <b>CLIENT       SERVER</b>
- (using URL of form <i>https://</i>)       (listening on port 443) 
-
-                  ClientHello ----&gt;
-
-                                    ServerHello
-                                    Certificate*
-                                    ServerKeyExchange*
-                                    CertificateRequest*
-                              &lt;---- ServerHelloDone
-
-                 Certificate*
-            ClientKeyExchange
-            CertifcateVerify*
-           [ChangeCipherSpec]
-                     Finished ----&gt;
-
-                                    [ChangeCipherSpec]
-                              &lt;---- Finished
-
-             Application Data &lt;---&gt; Application Data
-
-
-
-* Optional or situation-dependent messages;
-  not always sent
-
-                                     <i>Adapted from RFC 2246</i>
-</pre>
-<br>
-<h4>FIGURE 15: SSL/TLS protocol handshake.</h4>
-</td></tr></tbody></table>
-</center>
-<font size="3"><br>
-</font><p>
-<font size="3">Figure 15 shows the basic TLS (and SSL) message exchanges:
-</font></p><ol>
-<font size="3"><li>URLs specifying the protocol <i>https://</i> are
-directed to HTTP servers secured using SSL/TLS. The client will
-automatically try to make a TCP connection to the server at port 443.
-The client initiates the secure connection by sending a <font face="courier">ClientHello</font>
-message containing a Session identifier, highest SSL version number
-supported by the client, and lists of supported crypto and compression
-schemes (in preference order).
-</li><li>The server examines the Session ID and if it is still in the
-server's cache, it will attempt to re-establish a previous session with
-this client. If the Session ID is not recognized, the server will
-continue with the handshake to establish a secure session by responding
-with a <font face="courier">ServerHello</font> message. The <font face="courier">ServerHello</font>
-repeats the Session ID, indicates the SSL version to use for this
-connection (which will be the highest SSL version supported by the
-server and client), and specifies which encryption method and
-compression method to be used for this connection.
-</li><li>There are a number of other optional messages that the server might send, including:
-<ul>
-<li><font face="courier">Certificate</font>, which carries the server's
-X.509 public key certificate (and, generally, the server's public key).
-This message will always be sent unless the client and server have
-already agreed upon some form of anonymous key exchange. (This message
-is normally sent.)
-</li><li><font face="courier">ServerKeyExchange</font>, which will carry a premaster secret when
-the server's <font face="courier">Certificate</font> message does not contain enough data for this purpose; used in some key exchange schemes.
-</li><li><font face="courier">CertificateRequest</font>, used to request the client's certificate in those scenarios where client authentication is performed.
-</li><li><font face="courier">ServerHelloDone</font>, indicating that the server has completed its portion of the key exchange handshake.
-</li></ul>
-</li><li>The client now responds with a series of mandatory and optional messages:
-<ul>
-<li><font face="courier">Certificate</font>, contains the client's public key certificate when it has been requested by the server.
-</li><li><font face="courier">ClientKeyExchange</font>, which usually carries the secret key to be used with the secret key crypto scheme.
-</li><li><font face="courier">CertificateVerify</font>, used to provide explicit verification of a client's certificate if the server is authenticating the client.
-</li></ul>
-</li><li>TLS includes the change cipher spec protocol to indicate
-changes in the encryption method. This protocol contains a single
-message, <font face="courier">ChangeCipherSpec</font>, which is encrypted and compressed using the current (rather than the new) encryption and compression schemes. The <font face="courier">ChangeCipherSpec</font>
-message is sent by both client and server to notify the other station
-that all following information will employ the newly negotiated cipher
-spec and keys.
-</li><li>The <font face="courier">Finished</font> message is sent after a <font face="courier">ChangeCipherSpec</font> message to confirm that the key exchange and authentication processes were successful.
-</li><li>At this point, both client and server can exchange application data using the session encryption and compression schemes.
-
-<p>
-
-<b>Side Note:</b> It would probably be helpful to make some mention of
-SSL as it is used today. Most of us have used SSL to engage in a
-secure, private transaction with some vendor. The steps are something
-like this. During the SSL exchange with the vendor's secure server, the
-server sends its certificate to our client software. The certificate
-includes the vendor's public key and a signature from the CA that
-issued the vendor's certificate. Our browser software is shipped with
-the major CAs' certificates which contains their public key; in that
-way we authenticate the server. Note that the server does <i>not</i>
-use a certificate to authenticate us! Instead, we are generally
-authenticated when we provide our credit card number; the server checks
-to see if the card purchase will be authorized by the credit card
-company and, if so, considers us valid and authenticated! While
-bidirectional authentication is certainly supported by SSL, this form
-of asymmetric authentication is more commonly employed today since most
-users don't have certificates.
-</p><p>
-Microsoft's <a href="http://www.microsoft.com/security/tech/sgc/default.asp">
-Server Gated Cryptography (SGC)</a>
-protocol is another extension to SSL/TLS. For several decades, it has
-been illegal to generally export products from the U.S. that employed
-secret-key cryptography with keys longer than 40 bits. For that reason,
-SSL/TLS has an exportable version with weak (40-bit) keys and a
-domestic (North American) version with strong (128-bit) keys. Within
-the last several years, however, use of strong SKC has been approved
-for the worldwide financial community. SGC is an extension to SSL that
-allows financial institutions using Windows NT servers to employ strong
-cryptography. Both the client and server must implement SGC and the
-bank must have a valid SGC certificate. During the initial handshake,
-the server will indicate support of SGC and supply its SGC certificate;
-if the client wishes to use SGC and validates the server's SGC
-certificate, the session can employ 128-bit RC2, 128-bit RC4, 56-bit
-DES, or 168-bit 3DES. Microsoft supports SGC in the Windows 95/98/NT
-versions of Internet Explorer 4.0, Internet Information Server (IIS)
-4.0, and Money 98.
-</p><p>As mentioned above, SSL was designed to provide
-application-independent transaction security for the Internet. Although
-the discussion above has focused on HTTP over SSL (https/TCP port 443),
-SSL is also applicable to:
-</p>
-<center>
-<table border="0">
-<tbody><tr>
-<th>Protocol
-</th><th width="50">&nbsp;
-</th><th>TCP Port Name/Number
-
-</th></tr><tr>
-<td>File Transfer Protocol (FTP)
-</td><th>&nbsp;
-</th><td>ftps-data/989 &amp; ftps/990
-
-</td></tr><tr>
-<td>Internet Message Access Protocol v4 (IMAP4)
-</td><th>&nbsp;
-</th><td>imaps/993
-
-</td></tr><tr>
-<td>Lightweight Directory Access Protocol (LDAP)
-</td><th>&nbsp;
-</th><td>ldaps/636
-
-</td></tr><tr>
-<td>Network News Transport Protocol (NNTP)
-</td><th>&nbsp;
-</th><td>nntps/563
-
-</td></tr><tr>
-<td>Post Office Protocol v3 (POP3)
-</td><th>&nbsp;
-</th><td>pop3s/995
-
-</td></tr><tr>
-<td>Telnet
-</td><th>&nbsp;
-</th><td>telnets/992
-</td></tr></tbody></table>
-</center>
-<br><br>
-
-<a name="ecc"><h3>5.8. Elliptic Curve Cryptography</h3></a>
-<p>In general, public-key cryptography systems use hard-to-solve
-problems as the basis of the algorithm. The most predominant algorithm
-today for public-key cryptography is RSA, based on the prime factors of
-very large integers. While RSA can be successfully attacked, the
-mathematics of the algorithm have not been comprised, per se; instead,
-computational brute-force has broken the keys. The defense is "simple"
-&#8212; keep the size of the integer to be factored ahead of the
-computational curve!</p>
-<p>
-In 1985, Elliptic Curve Cryptography (ECC) was proposed independently
-by cryptographers Victor Miller (IBM) and Neal Koblitz (University of
-Washington). ECC is based on the difficulty of solving the Elliptic
-Curve Discrete Logarithm Problem (ECDLP). Like the prime factorization
-problem, ECDLP is another "hard" problem that is deceptively simple to
-state: Given two points, P and Q, on an elliptic curve, find the
-integer <i>n</i>, if it exists, such that P&nbsp;=&nbsp;nQ.</p>
-<p>
-Elliptic curves combine number theory and algebraic geometry. These
-curves can be defined over any field of numbers (i.e., real, integer,
-complex) although we generally see them used over finite fields for
-applications in cryptography. An elliptic curve consists of the set of
-real numbers (x, y) that satisfies the equation:</p>
-<p align="center">
-y<sup>2</sup> = x<sup>3</sup> + ax + b</p>
-<p>
-The set of all of the solutions to the equation forms the elliptic curve. Changing <i>a</i> and <i>b</i>
-changes the shape of the curve, and small changes in these parameters
-can result in major changes in the set of (x,y) solutions.</p>
-<a name="fig16"></a><br>
-<center><table border="1"><tbody><tr><td>
-<img src="index_files/crypto_ecc.gif">
-<br><br>
-<h4>FIGURE 16: Elliptic curve addition.</h4>
-</td></tr></tbody></table>
-</center>
-<br>
-<p>
-Figure 16 shows the addition of two points on an elliptic curve.
-Elliptic curves have the interesting property that adding two points on
-the elliptic curve yields a third point on the curve. Therefore, adding
-two points, P1 and P2, gets us to point P3, also on the curve. Small
-changes in P1 or P2 can cause a large change in the position of P3.</p>
-<p>
-So let's go back to the original problem statement from above. The
-point Q is calculated as a multiple of the starting point, P, <i>or</i>, Q&nbsp;=&nbsp;nP. An attacker might know P and Q but finding the integer, <i>n</i>, is a difficult problem to solve. Q is the public key, then, and <i>n</i> is the private key.</p>
-<p>
-RSA has been the mainstay of PKC for over two decades. But ECC is
-exciting because of their potential to provide similar levels of
-security compared to RSA but with significantly reduced key sizes.
-Certicom Corp. (<a href="http://www.certicom.com/">www.certicom.com</a>), one of the major proponents of ECC, suggests the key size relationship between ECC and RSA per the following table:</p>
-<a name="tab04"></a><center>
-<table border="1" cellpadding="4">
-<caption>
-<b>TABLE 4. ECC and RSA Key Comparison.</b>
-</caption>
-<tbody><tr>
-<th>RSA Key Size
-</th><th>Time to Break Key<br>(MIPS Years)
-</th><th>ECC Key Size
-</th><th>RSA:ECC Key-Size<br>Ratio
-
-</th></tr><tr>
-<td align="center">512
-</td><td align="center">10<sup>4</sup>
-</td><td align="center">106
-</td><td align="center">5:1
-
-</td></tr><tr>
-<td align="center">768
-</td><td align="center">10<sup>8</sup>
-</td><td align="center">132
-</td><td align="center">6:1
-
-</td></tr><tr>
-<td align="center">1,024
-</td><td align="center">10<sup>11</sup>
-</td><td align="center">160
-</td><td align="center">7:1
-
-</td></tr><tr>
-<td align="center">2,048
-</td><td align="center">10<sup>20</sup>
-</td><td align="center">210
-</td><td align="center">10:1
-
-</td></tr><tr>
-<td align="center">21,000
-</td><td align="center">10<sup>78</sup>
-</td><td align="center">600
-</td><td align="center">35:1
-</td></tr></tbody></table>
-</center>
-<br><br>
-<p>
-Since the ECC key sizes are so much shorter than comparable RSA keys,
-the length of the public key and private key is much shorter in
-elliptic curve cryptosystems. Presumably, this translates into faster
-processing, and lower demands on memory and bandwidth. In practice, the
-final results are not yet in; RSA, Inc. notes that ECC is faster than
-RSA for signing and decryption, but slower than RSA for signature
-verification and encryption.</p>
-<p>
-Nevertheless, ECC is particularly useful in applications where memory,
-bandwidth, and/or computational power is limited (e.g., a smartcard)
-and it is in this area that ECC use is expected to grow. A major
-champion of ECC today is Certicom; readers are urged to see their <a href="http://www.certicom.com/research/online.html">ECC online tutorial</a>.</p>
-<br><br>
-
-<a name="aes"><h3>5.9. The Advanced Encryption Standard and Rijndael</h3></a>
-<p>
-The search for a replacement to DES started in January 1997 when NIST
-announced that it was looking for an Advanced Encryption Standard. In
-September of that year, they put out a formal Call for Algorithms and
-in August 1998 announced that 15 candidate algorithms were being
-considered (Round 1). In April 1999, NIST announced that the 15 had
-been whittled down to five finalists (Round 2): <i><a href="http://www.research.ibm.com/security/mars.pdf">MARS</a></i> (multiplication, addition, rotation and substitution) from IBM; Ronald Rivest's <i><a href="http://www.rsasecurity.com/rsalabs/rc6/index.html">RC6</a></i>; <i><a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/">Rijndael</a></i> from a Belgian team; <i><a href="http://www.cl.cam.ac.uk/%7Erja14/serpent.html">Serpent</a></i>, developed jointly by a team from England, Israel, and Norway; and <i><a href="http://www.counterpane.com/twofish.html">Twofish</a></i>, developed by Bruce Schneier. In October 2000, NIST announced their selection: Rijndael.</p>
-<p>
-The remarkable thing about this entire process has been the openness as
-well as the international nature of the "competition." NIST has
-maintained an excellent Web site devoted to keeping the public fully
-informed, at <i><a href="http://csrc.nist.gov/encryption/aes/"> http://csrc.nist.gov/encryption/aes/</a></i>. Their <a href="http://csrc.nist.gov/encryption/aes/index2.html#overview"> Overview of the AES Development Effort</a> has full details of the process, algorithms, and comments so I will not repeat everything here.</p>
-<p>
-In October 2000, NIST released the <a href="http://csrc.nist.gov/encryption/aes/round2/r2report.pdf"> Report on the Development of the Advanced Encryption Standard (AES)</a>
-that compared the five Round 2 algorithms in a number of categories.
-The table below summarizes the relative scores of the five schemes
-(1=low, 3=high):</p>
-
-<table align="center" border="2">
-<tbody><tr>
-<th>
-</th><th colspan="5">Algorithm
-</th></tr><tr>
-<th>Category
-</th><th width="75">MARS
-</th><th width="75">RC6
-</th><th width="75">Rijndael
-</th><th width="75">Serpent
-</th><th width="75">Twofish
-</th></tr><tr>
-<th>General security
-</th><td align="center">3
-</td><td align="center">2
-</td><td align="center">2
-</td><td align="center">3
-</td><td align="center">3
-</td></tr><tr>
-<th>Implementation of security
-</th><td align="center">1
-</td><td align="center">1
-</td><td align="center">3
-</td><td align="center">3
-</td><td align="center">2
-</td></tr><tr>
-<th>Software performance
-</th><td align="center">2
-</td><td align="center">2
-</td><td align="center">3
-</td><td align="center">1
-</td><td align="center">1
-</td></tr><tr>
-<th>Smart card performance
-</th><td align="center">1
-</td><td align="center">1
-</td><td align="center">3
-</td><td align="center">3
-</td><td align="center">2
-</td></tr><tr>
-<th>Hardware performance
-</th><td align="center">1
-</td><td align="center">2
-</td><td align="center">3
-</td><td align="center">3
-</td><td align="center">2
-</td></tr><tr>
-<th>Design features
-</th><td align="center">2
-</td><td align="center">1
-</td><td align="center">2
-</td><td align="center">1
-</td><td align="center">3
-</td></tr></tbody></table>
-
-<p>
-With the report came the recommendation that <a href="http://csrc.nist.gov/encryption/aes/rijndael/"> Rijndael</a> be named the AES. In February 2001, NIST released the <a href="http://csrc.nist.gov/publications/drafts/dfips-AES.pdf"> Draft Federal Information Processing Standard (FIPS) AES Specification</a>
-for public review and comment. AES contains a subset of Rijndael's
-capabilities (e.g., AES only supports a 128-bit block size) and uses
-some slightly different nomenclature and terminology, but to understand
-one is to understand both. The 90-day comment period ended on May 29,
-2001 and the U.S. Department of Commerce officially adopted AES in
-December 2001, published as <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"> FIPS PUB 197</a>.</p>
-
-<p><b>AES (Rijndael) Overview</b></p>
-<p>
-Rijndael (pronounced as in "rain doll" or "rhine dahl") is a block
-cipher designed by Joan Daemen and Vincent Rijmen, both cryptographers
-in Belgium. Rijndael can operate over a variable-length block using
-variable-length keys; the <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/rijndael/rijndaeldocV2.zip">version 2 specification</a>
-submitted to NIST describes use of a 128-, 192-, or 256-bit key to
-encrypt data blocks that are 128, 192, or 256 bits long; note that all
-nine combinations of key length and block length are possible. The
-algorithm is written in such a way that block length and/or key length
-can easily be extended in multiples of 32 bits and it is specifically
-designed for efficient implementation in hardware or software on a
-range of processors. The design of Rijndael was strongly influenced by
-the block cipher called <a href="http://www.esat.kuleuven.ac.be/%7Erijmen/square/index.html"><i> Square</i></a>, also designed by Daemen and Rijmen.</p>
-<p>
-Rijndael is an iterated block cipher, meaning that the initial input
-block and cipher key undergoes multiple rounds of transformation before
-producing the output. Each intermediate cipher result is called a <i>State</i>.</p>
-<p>
-For ease of description, the block and cipher key are often represented
-as an array of columns where each array has 4 rows and each column
-represents a single byte (8 bits). The number of columns in an array
-representing the state or cipher key, then, can be calculated as the
-block or key length divided by 32 (32 bits = 4 bytes). An array
-representing a State will have <b>Nb</b> columns, where <b>Nb</b>
-values of 4, 6, and 8 correspond to a 128-, 192-, and 256-bit block,
-respectively. Similarly, an array representing a Cipher Key will have <b>Nk</b> columns, where <b>Nk</b> values of 4, 6, and 8 correspond to a 128-, 192-, and 256-bit key, respectively. An example of a 128-bit State (<b>Nb</b>=4) and 192-bit Cipher Key (<b>Nk</b>=6) is shown below:</p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td>
-<table border="1">
-<tbody><tr>
-<td>s<sub>0,0</sub></td>
-<td>s<sub>0,1</sub></td>
-<td>s<sub>0,2</sub></td>
-<td>s<sub>0,3</sub></td></tr>
-<tr>
-<td>s<sub>1,0</sub></td>
-<td>s<sub>1,1</sub></td>
-<td>s<sub>1,2</sub></td>
-<td>s<sub>1,3</sub></td></tr>
-<tr>
-<td>s<sub>2,0</sub></td>
-<td>s<sub>2,1</sub></td>
-<td>s<sub>2,2</sub></td>
-<td>s<sub>2,3</sub></td></tr>
-<tr>
-<td>s<sub>3,0</sub></td>
-<td>s<sub>3,1</sub></td>
-<td>s<sub>3,2</sub></td>
-<td>s<sub>3,3</sub></td></tr>
-</tbody></table>
-
-</td><td width="100">&nbsp;
-
-</td><td>
-<table border="1">
-<tbody><tr>
-<td>k<sub>0,0</sub></td>
-<td>k<sub>0,1</sub></td>
-<td>k<sub>0,2</sub></td>
-<td>k<sub>0,3</sub></td>
-<td>k<sub>0,4</sub></td>
-<td>k<sub>0,5</sub></td></tr>
-<tr>
-<td>k<sub>1,0</sub></td>
-<td>k<sub>1,1</sub></td>
-<td>k<sub>1,2</sub></td>
-<td>k<sub>1,3</sub></td>
-<td>k<sub>1,4</sub></td>
-<td>k<sub>1,5</sub></td></tr>
-<tr>
-<td>k<sub>2,0</sub></td>
-<td>k<sub>2,1</sub></td>
-<td>k<sub>2,2</sub></td>
-<td>k<sub>2,3</sub></td>
-<td>k<sub>2,4</sub></td>
-<td>k<sub>2,5</sub></td></tr>
-<tr>
-<td>k<sub>3,0</sub></td>
-<td>k<sub>3,1</sub></td>
-<td>k<sub>3,2</sub></td>
-<td>k<sub>3,3</sub></td>
-<td>k<sub>3,4</sub></td>
-<td>k<sub>3,5</sub></td></tr>
-</tbody></table>
-</td></tr></tbody></table>
-
-<p>
-The number of transformation rounds (<b>Nr</b>) in Rijndael is a function of the block length and key length, and is given by the table below:</p>
-
-<table align="center" border="1">
-<tbody><tr>
-<th colspan="2" rowspan="2">No. of Rounds<br>Nr
-</th><th colspan="3">Block Size
-</th></tr><tr>
-<th>128 bits<br>Nb = 4
-</th><th>192 bits<br>Nb = 6
-</th><th>256 bits<br>Nb = 8
-
-</th></tr><tr>
-<th rowspan="3" valign="center">Key<br>Size
-</th><th align="center">128 bits<br>Nk = 4
-</th><td align="center">10
-</td><td align="center">12
-</td><td align="center">14
-</td></tr><tr>
-<th align="center">192 bits<br>Nk = 6
-</th><td align="center">12
-</td><td align="center">12
-</td><td align="center">14
-</td></tr><tr>
-<th align="center">256 bits<br>Nk = 8
-</th><td align="center">14
-</td><td align="center">14
-</td><td align="center">14
-</td></tr></tbody></table>
-
-<p>
-Now, having said all of this, the AES version of Rijndael does not
-support all nine combinations of block and key lengths, but only the
-subset using a 128-bit block size. NIST calls these supported variants
-AES-128, AES-192, and AES-256 where the number refers to the key size.
-The <b>Nb</b>, <b>Nk</b>, and <b>Nr</b> values supported in AES are:</p>
-
-<table align="center" border="1">
-<tbody><tr>
-<th>
-</th><th colspan="3">Parameters
-</th></tr><tr>
-<th width="100">Variant
-</th><th width="75">Nb
-</th><th width="75">Nk
-</th><th width="75">Nr
-</th></tr><tr>
-<th>AES-128
-</th><td align="center">4
-</td><td align="center">4
-</td><td align="center">10
-</td></tr><tr>
-<th>AES-192
-</th><td align="center">4
-</td><td align="center">6
-</td><td align="center">12
-</td></tr><tr>
-<th>AES-256
-</th><td align="center">4
-</td><td align="center">8
-</td><td align="center">14
-</td></tr></tbody></table>
-
-<p>
-The AES/Rijndael cipher itself has three operational stages:</p>
-<ul>
-<li> AddRound Key transformation
-</li><li> <b>Nr</b>-1 Rounds comprising:
-<ul>
-<li> SubBytes transformation
-</li><li> ShiftRows transformation
-</li><li> MixColumns transformation
-</li><li> AddRoundKey transformation
-</li></ul>
-</li><li> A final Round comprising:
-<ul>
-<li> SubBytes transformation
-</li><li> ShiftRows transformation
-</li><li> AddRoundKey transformation
-</li></ul>
-</li></ul>
-
-<p>
-The paragraphs below will describe the operations mentioned above. The
-nomenclature used below is taken from the AES specification although
-references to the Rijndael specification are made for completeness. The
-arrays <i>s</i> and <i>s'</i> refer to the State before and after a transformation, respectively (<b>NOTE:</b>
-The Rijndael specification uses the array nomenclature a and b to refer
-to the before and after States, respectively). The subscripts <i>i</i> and <i>j</i> are used to indicate byte locations within the State (or Cipher Key) array.</p>
-
-<p><b>The SubBytes transformation</b></p><p>
-</p><p>
-The substitute bytes (called <i>ByteSub</i> in Rijndael) transformation operates on each of the State bytes independently and changes the byte value. An S-box, or <i>substitution table</i>,
-controls the transformation. The characteristics of the S-box
-transformation as well as a compliant S-box table are provided in the
-AES specification; as an example, an input State byte value of 107
-(0x6b) will be replaced with a 127 (0x7f) in the output State and an
-input value of 8 (0x08) would be replaced with a 48 (0x30).</p><p>
-</p><p>
-One way to think of the SubBytes transformation is that a given byte in
-State s is given a new value in State s' according to the S-box. The
-S-box, then, is a function on a byte in State s so that:</p>
-
-<p align="center">s'<sub>i,j</sub> = S-box (s<sub>i,j</sub>)</p>
-
-<p>
-The more general depiction of this transformation is shown by:</p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td>
-<table border="1">
-<tbody><tr>
-<td>s<sub>0,0</sub></td>
-<td>s<sub>0,1</sub></td>
-<td>s<sub>0,2</sub></td>
-<td>s<sub>0,3</sub></td></tr>
-<tr>
-<td>s<sub>1,0</sub></td>
-<td>s<sub>1,1</sub></td>
-<td>s<sub>1,2</sub></td>
-<td>s<sub>1,3</sub></td></tr>
-<tr>
-<td>s<sub>2,0</sub></td>
-<td>s<sub>2,1</sub></td>
-<td>s<sub>2,2</sub></td>
-<td>s<sub>2,3</sub></td></tr>
-<tr>
-<td>s<sub>3,0</sub></td>
-<td>s<sub>3,1</sub></td>
-<td>s<sub>3,2</sub></td>
-<td>s<sub>3,3</sub></td></tr>
-</tbody></table>
-
-</td><td>
-<table border="0">
-<tbody><tr><td>====&gt;</td></tr>
-</tbody></table>
-
-</td><td>
-<table border="1">
-<tbody><tr><td>S-box</td></tr>
-</tbody></table>
-
-</td><td>
-<table border="0">
-<tbody><tr><td>====&gt;</td></tr>
-</tbody></table>
-
-</td><td>
-<table border="1">
-<tbody><tr>
-<td>s'<sub>0,0</sub></td>
-<td>s'<sub>0,1</sub></td>
-<td>s'<sub>0,2</sub></td>
-<td>s'<sub>0,3</sub></td></tr>
-<tr>
-<td>s'<sub>1,0</sub></td>
-<td>s'<sub>1,1</sub></td>
-<td>s'<sub>1,2</sub></td>
-<td>s'<sub>1,3</sub></td></tr>
-<tr>
-<td>s'<sub>2,0</sub></td>
-<td>s'<sub>2,1</sub></td>
-<td>s'<sub>2,2</sub></td>
-<td>s'<sub>2,3</sub></td></tr>
-<tr>
-<td>s'<sub>3,0</sub></td>
-<td>s'<sub>3,1</sub></td>
-<td>s'<sub>3,2</sub></td>
-<td>s'<sub>3,3</sub></td></tr>
-</tbody></table>
-</td></tr></tbody></table>
-
-<p><b>The ShiftRows transformation</b></p><p>
-</p><p>
-The shift rows (called <i>ShiftRow</i> in Rijndael)
-transformation cyclically shifts the bytes in the bottom three rows of
-the State array. According to the more general Rijndael specification,
-rows 2, 3, and 4 are cyclically left-shifted by C1, C2, and C3 bytes,
-respectively, per the table below:</p>
-
-<table align="center" border="1">
-<tbody><tr>
-<th>Nb
-</th><td align="center">C1
-</td><td align="center">C2
-</td><td align="center">C3
-</td></tr><tr>
-<td align="center">4
-</td><td align="center">1
-</td><td align="center">2
-</td><td align="center">3
-</td></tr><tr>
-<td align="center">6
-</td><td align="center">1
-</td><td align="center">2
-</td><td align="center">3
-</td></tr><tr>
-<td align="center">8
-</td><td align="center">1
-</td><td align="center">3
-</td><td align="center">4
-</td></tr></tbody></table>
-
-<p>
-The current version of AES, of course, only allows a block size of 128 bits (<b>Nb</b> = 4) so that C1=1, C2=2, and C3=3. The diagram below shows the effect of the ShiftRows transformation on State s:</p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td>
-<table border="1">
-<caption>State s</caption>
-<tbody><tr>
-<td>s<sub>0,0</sub></td>
-<td>s<sub>0,1</sub></td>
-<td>s<sub>0,2</sub></td>
-<td>s<sub>0,3</sub></td></tr>
-<tr>
-<td>s<sub>1,0</sub></td>
-<td>s<sub>1,1</sub></td>
-<td>s<sub>1,2</sub></td>
-<td>s<sub>1,3</sub></td></tr>
-<tr>
-<td>s<sub>2,0</sub></td>
-<td>s<sub>2,1</sub></td>
-<td>s<sub>2,2</sub></td>
-<td>s<sub>2,3</sub></td></tr>
-<tr>
-<td>s<sub>3,0</sub></td>
-<td>s<sub>3,1</sub></td>
-<td>s<sub>3,2</sub></td>
-<td>s<sub>3,3</sub></td></tr>
-</tbody></table>
-
-</td><td>
-<table border="0">
-<caption>&nbsp;</caption>
-<tbody><tr><td>----------- no shift -----------&gt;<sub>&nbsp;</sub></td></tr>
-<tr><td>----&gt; left-shift by C1 (1) ----&gt;<sub>&nbsp;</sub></td></tr>
-<tr><td>----&gt; left-shift by C2 (2) ----&gt;<sub>&nbsp;</sub></td></tr>
-<tr><td>----&gt; left-shift by C3 (3) ----&gt;<sub>&nbsp;</sub></td></tr>
-</tbody></table>
-
-</td><td>
-<table border="1">
-<caption>State s'</caption>
-<tbody><tr>
-<td>s<sub>0,0</sub></td>
-<td>s<sub>0,1</sub></td>
-<td>s<sub>0,2</sub></td>
-<td>s<sub>0,3</sub></td></tr>
-<tr>
-<td>s<sub>1,1</sub></td>
-<td>s<sub>1,2</sub></td>
-<td>s<sub>1,3</sub></td>
-<td>s<sub>1,0</sub></td></tr>
-<tr>
-<td>s<sub>2,2</sub></td>
-<td>s<sub>2,3</sub></td>
-<td>s<sub>2,0</sub></td>
-<td>s<sub>2,1</sub></td></tr>
-<tr>
-<td>s<sub>3,3</sub></td>
-<td>s<sub>3,0</sub></td>
-<td>s<sub>3,1</sub></td>
-<td>s<sub>3,2</sub></td></tr>
-</tbody></table>
-</td></tr></tbody></table>
-
-<p><b>The MixColumns transformation</b></p><p>
-</p><p>
-The mix columns (called <i>MixColumn</i> in Rijndael)
-transformation uses a mathematical function to transform the values of
-a given column within a State, acting on the four values at one time as
-if they represented a four-term polynomial. In essence, if you think of
-MixColumns as a function, this could be written:</p>
-
-<p align="center">s'<sub>i,c</sub> = MixColumns (s<sub>i,c</sub>)</p>
-
-<p>
-for 0&lt;=i&lt;=3 for some column, c. The column position doesn't change, merely the values within the column.</p>
-
-<p><b>Round Key generation and the AddRoundKey transformation</b></p><p>
-</p><p>
-The AES Cipher Key can be 128, 192, or 256 bits in length. The Cipher
-Key is used to derive a different key to be applied to the block during
-each round of the encryption operation. These keys are called the Round
-Keys and each will be the same length as the block, i.e., <b>Nb</b> 32-bit words (words will be denoted W).</p>
-<p>
-The AES specification defines a key schedule by which the original Cipher Key (of length <b>Nk</b> 32-bit words) is used to form an <i>Expanded Key</i>. The Expanded Key size is equal to the block size times the number of encryption rounds plus 1, which will provide <b>Nr</b>+1 different keys. (Note that there are <b>Nr</b> encipherment rounds but <b>Nr</b>+1 AddRoundKey transformations.)</p>
-<p>
-Consider that AES uses a 128-bit block and either 10, 12, or 14
-iterative rounds depending upon key length. With a 128-bit key, for
-example, we would need 1408 bits of key material (128x11=1408), or an
-Expanded Key size of 44 32-bit words (44x32=1408). Similarly, a 192-bit
-key would require 1664 bits of key material (128x13), or 52 32-bit
-words, while a 256-bit key would require 1920 bits of key material
-(128x15), or 60 32-bit words. The key expansion mechanism, then, starts
-with the 128-, 192-, or 256-bit Cipher Key and produces a 1408-, 1664-,
-or 1920-bit Expanded Key, respectively. The original Cipher Key
-occupies the first portion of the Expanded Key and is used to produce
-the remaining new key material.</p><p>
-</p><p>
-The result is an Expanded Key that can be thought of and used as 11,
-13, or 15 separate keys, each used for one AddRoundKey operation.
-These, then, are the <i>Round Keys</i>. The diagram below shows an example using a 192-bit Cipher Key (<b>Nk</b>=6), shown in <font color="magenta"><i><b>magenta italics</b></i></font>:</p>
-
-<table align="center" border="1">
-<tbody><tr>
-<th>Expanded Key:
-</th><td align="center"><font color="magenta"><b><i>W<sub>0</sub></i></b></font>
-</td><td align="center"><font color="magenta"><b><i>W<sub>1</sub></i></b></font>
-</td><td align="center"><font color="magenta"><b><i>W<sub>2</sub></i></b></font>
-</td><td align="center"><font color="magenta"><b><i>W<sub>3</sub></i></b></font>
-</td><td align="center"><font color="magenta"><b><i>W<sub>4</sub></i></b></font>
-</td><td align="center"><font color="magenta"><b><i>W<sub>5</sub></i></b></font>
-</td><td align="center">W<sub>6</sub>
-</td><td align="center">W<sub>7</sub>
-</td><td align="center">W<sub>8</sub>
-</td><td align="center">W<sub>9</sub>
-</td><td align="center">W<sub>10</sub>
-</td><td align="center">W<sub>11</sub>
-</td><td align="center">W<sub>12</sub>
-</td><td align="center">W<sub>13</sub>
-</td><td align="center">W<sub>14</sub>
-</td><td align="center">W<sub>15</sub>
-</td><td align="center">...
-</td><td align="center">W<sub>44</sub>
-</td><td align="center">W<sub>45</sub>
-</td><td align="center">W<sub>46</sub>
-</td><td align="center">W<sub>47</sub>
-</td><td align="center">W<sub>48</sub>
-</td><td align="center">W<sub>49</sub>
-</td><td align="center">W<sub>50</sub>
-</td><td align="center">W<sub>51</sub>
-</td></tr><tr>
-<th>Round keys:
-</th><td colspan="4" align="center">Round key 0
-</td><td colspan="4" align="center">Round key 1
-</td><td colspan="4" align="center">Round key 2
-</td><td colspan="4" align="center">Round key 3
-</td><td align="center">...
-</td><td colspan="4" align="center">Round key 11
-</td><td colspan="4" align="center">Round key 12
-</td></tr></tbody></table>
-<p>
-The AddRoundKey (called <i>Round Key addition</i> in Rijndael)
-transformation merely applies each Round Key, in turn, to the State by
-a simple bit-wise exclusive OR operation. Recall that each Round Key is
-the same length as the block.</p>
-
-<p><b>Summary</b></p>
-<p>
-Ok, I hope that you've enjoyed reading this as much as I've enjoyed
-writing it &#8212; and now let me guide you out of the microdetail! Recall
-from the beginning of the AES overview that the cipher itself comprises
-a number of rounds of just a few functions:</p>
-<ul>
-<li> <i>SubBytes</i> takes the value of a word within a State and substitutes it with another value by a predefined S-box
-</li><li> <i>ShiftRows</i> circularly shifts each row in the State by some number of predefined bytes
-</li><li> <i>MixColumns</i> takes the value of a 4-word column within the State and changes the four values using a predefined mathematical function
-</li><li> <i>AddRoundKey</i> XORs a key that is the same length as the block, using an Expanded Key derived from the original Cipher Key
-</li></ul>
-
-<a name="fig17"></a><br>
-<table align="center" border="5" cellpadding="1">
-<tbody><tr><td><pre>Cipher (byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])
-begin
-  byte state[4,Nb]
-
-  state = in
-
-  AddRoundKey(state, w)
-
-  for round = 1 step 1 to Nr-1
-    SubBytes(state)
-    ShiftRows(state)
-    MixColumns(state)
-    AddRoundKey(state, w+round*Nb)
-  end for
-
-  SubBytes(state)
-  ShiftRows(state)
-  AddRoundKey(state, w+Nr*Nb)
-
-  out = state
-end
-</pre>
-<br><br>
-<h4>FIGURE 17: AES pseudocode.</h4>
-</td></tr></tbody></table>
-
-<br>
-
-<p>
-As a last and final demonstration of the operation of AES, Figure 17 is
-a pseudocode listing for the operation of the AES cipher. In the code:</p>
-<ul>
-<li> <i>in[]</i> and <i>out[]</i> are 16-byte arrays with the plaintext
-and cipher text, respectively. (According to the specification, both of
-these arrays are actually 4*<b>Nb</b> bytes in length but <b>Nb</b>=4 in AES.)
-</li><li> <i>state[]</i> is a 2-dimensional array containing bytes in 4 rows and 4 columns. (According to the specification, this arrays is 4 rows by <b>Nb</b> columns.)
-</li><li> <i>w[]</i> is an array containing the key material and is 4*(<b>Nr</b>+1) words in length. (Again, according to the specification, the multiplier is actually <b>Nb</b>.)
-</li><li> <i>AddRoundKey()</i>, <i>SubBytes()</i>, <i>ShiftRows()</i>, and <i>MixColumns()</i> are functions representing the individual transformations.
-</li></ul>
-
-<br>
-<a name="stream"><h3>5.10. Cisco's Stream Cipher</h3></a>
-<p>
-Stream ciphers take advantage of the fact that:</p>
-<p align="center">
-x XOR y XOR y = x</p>
-<p>
-One of the encryption schemes employed by Cisco routers to encrypt
-passwords is a stream cipher. It uses the following fixed keystream
-(thanks also to Jason Fossen for independently extending and confirming
-this string):</p>
-<p align="center">
-<font face="courier">dsfd;kfoA,.iyewrkldJKDHSUBsgvca69834ncx</font></p>
-<p>
-When a password is to be encrypted, the password function chooses a
-number between 0 and 15, and that becomes the offset into the
-keystream. Password characters are then XORed byte-by-byte with the
-keystream according to:</p>
-<p align="center">
-C<sub>i</sub> = P<sub>i</sub> XOR K<sub>(offset+i)</sub></p>
-<p>
-where K is the keystream, P is the plaintext password, and C is the ciphertext password.</p>
-<p>
-Consider the following example. Suppose we have the password <i>abcdefgh</i>. Converting the ASCII characters yields the hex string 0x6162636465666768.</p>
-<p>
-The keystream characters and hex code that supports an offset from 0 to 15 bytes and a password length up to 24 bytes is:</p>
-<p align="center"><font face="courier">
-&nbsp; d s f d ; k f o A , . i y e w r k l d J K D H S U B s g v c a 6 9 8 3 4 n c x<br>
-0x647366643b6b666f412c2e69796577726b6c644a4b4448535542736776636136393833346e6378</font></p>
-<p>
-Let's say that the function decides upon a keystream offset of 6 bytes.
-We then start with byte 6 of the keystream (start counting the offset
-at 0) and XOR with the password:</p>
-<p align="center"><font face="courier">
- &nbsp; &nbsp; 0x666f412c2e697965<br>
-XOR 0x6162636465666768<br>
- &nbsp; &nbsp; ------------------<br>
- &nbsp; &nbsp; 0x070D22484B0F1E0D</font></p>
-<p>
-The password would now be displayed in the router configuration as:</p>
-<p align="center"><font face="courier">
-password 7 06070D22484B0F1E0D</font></p>
-<p>
-where the "7" indicates the encryption type, the leading "06" indicates
-the offset into the keystream, and the remaining bytes are the
-encrypted password characters. (Decryption is pretty trivial so that
-exercise is left to the reader. If you need some help with byte-wise
-XORing, see <a href="http://www.garykessler.net/library/byte_logic_table.html"><i> http://www.garykessler.net/library/byte_logic_table.html</i></a>.)</p>
-
-<br><br>
-<center><h3><font color="blue" face="arial"><a name="conclusion">6. CONCLUSION... OF SORTS</a></font></h3></center>
-<p>
-This paper has briefly described how cryptography works. The reader
-must beware, however, that there are a number of ways to attack every
-one of these systems; cryptanalysis and attacks on cryptosystems,
-however, are well beyond the scope of this paper. In the words of
-Sherlock Holmes (ok, Arthur Conan Doyle, really), "What one man can
-invent, another can discover" ("The Adventure of the Dancing Men").
-</p><p>Cryptography is a particularly interesting field because of the
-amount of work that is, by necessity, done in secret. The irony is that
-today, secrecy is <i>not</i>
-the key to the goodness of a cryptographic algorithm. Regardless of the
-mathematical theory behind an algorithm, the best algorithms are those
-that are well-known and well-documented because they are also
-well-tested and well-studied! In fact, <i>time</i> is the only true
-test of good cryptography; any cryptographic scheme that stays in use
-year after year is most likely a good one. The strength of cryptography
-lies in the choice (and management) of the keys; <a href="http://www.counterpane.com/keylength.html">longer keys will resist attack better than shorter keys</a>.</p>
-<p>
-The corollary to this is that consumers should run, not walk, away from
-any product that uses a proprietary cryptography scheme, ostensibly
-because the algorithm's secrecy is an advantage. This observation about
-not using "secret" crypto schemes has been a fundamental hallmark of
-cryptography for well over 100 years; it was first stated explicitly by
-Dutch linguist Auguste Kerckhoffs von Nieuwenhoff in his 1883 (yes, <b>18</b>83) text titled <i>La Cryptographie militaire</i>, and has therefore become known as "Kerckhoffs' Principle."</p>
-<br>
-
-<center><h3><font color="blue" face="arial"><a name="refs">7. REFERENCES AND FURTHER READING</a></font></h3></center>
-<ul>
-<li>Bamford, J. <i>Body of Secrets : Anatomy of the Ultra-Secret National Security Agency from the Cold War Through the Dawn of a New Century.</i> New York: Doubleday, 2001.
-</li><li>_____. <i>The Puzzle Palace: Inside the National Security Agency, America's most secret intelligence organization.</i> New York: Penguin Books, 1983.
-</li><li>Barr, T.H. <i>Invitation to Cryptology.</i> Upper Saddle River (NJ): Prentice Hall, 2002.
-</li><li>Bauer, F.L. <i>Decrypted Secrets: Methods and Maxims of Cryptology,</i> 2nd ed. New York: Springer Verlag, 2002.
-</li><li>Denning, D.E. <i>Cryptography and Data Security.</i> Reading (MA): Addison-Wesley, 1982.
-</li><li>Diffie, W. &amp; Landau, S. <i>Privacy on the Line.</i> Boston: MIT Press, 1998.
-</li><li>Electronic Frontier Foundation. <i>Cracking DES: Secrets of Encryption Research, Wiretap Politics &amp; Chip Design</i>. Sebastopol (CA): O'Reilly &amp; Associates, 1998.
-</li><li>Federal Information Processing Standards. "Security Requirements for Cryptographic Modules." <a href="http://csrc.ncsl.nist.gov/fips/fips1401.htm">FIPS 140-1 (Federal Information Processing Standards) publication</a>.
-</li><li>Ferguson, N. &amp; Schneier, B. <i>Practical Cryptography.</i> New York: John Wiley &amp; Sons, 2003.
-</li><li>Flannery, S. with Flannery, D. <i>In Code: A Mathematical Journey.</i> New York: Workman Publishing Company, 2001.
-</li><li>Ford, W. &amp; Baum, M.S. <i>Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption,</i>  2nd ed. Englewood Cliffs (NJ): Prentice Hall, 2001.
-</li><li>Garfinkel, S. <i>PGP: Pretty Good Privacy.</i> Sebastopol (CA):
-O'Reilly &amp; Associates, 1995.
-</li><li>Grant, G.L. <i>Understanding Digital Signatures: Establishing Trust over the Internet and Other Networks.</i> New York: Computing McGraw-Hill, 1997.
-</li><li>Grabbe, J.O. "<a href="http://www-swiss.ai.mit.edu/6.805/articles/money/cryptnum.htm">Cryptography and Number Theory for Digital Cash.</a>" Posted on the Internet 10/10/1997.
-</li><li>Kahn, D. <i>The Codebreakers: The Story of Secret Writing</i>, revised ed. New York: Scribner, 1996.
-</li><li>_____. <i>Kahn on Codes: Secrets of the New Cryptology.</i>
-New York: Macmillan, 1983.
-</li><li>Kaufman, C., Perlman, R., &amp; Speciner, M. <i>Network Security: Private Communication in a Public World</i>. Englewood Cliffs (NJ): Prentice Hall, 1995.
-</li><li>Kessler, G.C. "<a href="http://www.garykessler.net/library/nt_crypto.html">Basics of Cryptography and Applications for Windows NT.</a>" <i>Windows NT Magazine</i>, October 1999.
-</li><li>_____. "<a href="http://www.garykessler.net/library/roaming_pki.html">Roaming PKI.</a>" <i>Information Security Magazine</i>, February 2000.
-</li><li>_____ &amp; Pritsky, N.T. "<a href="http://www.garykessler.net/library/is_payment_systems.html">Internet Payment Systems: Status and Update on SSL/TLS, SET, and IOTP.</a>"
-<i>Information Security Magazine</i>, October 2000.
-</li><li>Koblitz, N. <i>A Course in Number Theory and Cryptography,</i> 2nd ed. New York: Springer-Verlag, 1994.
-</li><li>Levy, S. <i>Crypto: When the Code Rebels Beat the Government &#8212; Saving Privacy in the Digital Age.</i> New York: Viking Press, 2001.
-</li><li>_____. "<a href="http://www.wired.com/wired/archive/7.04/crypto.html">The Open Secret</a>." <i>WIRED Magazine</i>, April 1999.
-</li><li>Mao, W. <i>Modern Cryptography: Theory &amp; Practice</i>. Upper Saddle River (NJ): Prentice Hall Professional Technical Reference, 2004.
-</li><li>Marks, L. <i>BETWEEN SILK AND CYANIDE: A Codemaker's War, 1941-1945</i>. New York: The Free Press (Simon &amp; Schuster), 1998.
-</li><li>Schneier, B. <i>Applied Cryptography</i>, 2nd ed. New York: John Wiley &amp; Sons, 1996.
-</li><li>_____. <i>Secrets &amp; Lies: Digital Security in a Networked World</i>. New York, John Wiley &amp; Sons, 2000.
-</li><li>Singh, S. <i>The Code Book: The Evolution of Secrecy from Mary Queen of Scots to Quantum Cryptography.</i> New York: Doubleday, 1999.
-</li><li>Smith, L.D. <i>Cryptography: The Science of Secret Writing.</i> New York: Dover Publications, originally published 1943.
-</li><li>Spillman, R.J. <i>Classical and Contemporary Cryptology</i>. Upper Saddle River (NJ): Pearson Prentice-Hall, 2005.
-</li><li>Stallings, W. <i>Cryptography and Network Security: Principles and Practice</i>, 4th ed. Englewood Cliffs (NJ): Prentice Hall, 2006.
-</li><li>_____, (ed.) <i>Practical Cryptography for Data Internetworks.</i> Los Alamitos (CA): IEEE Computer Society Press, 1996.
-</li><li>Trappe, W. &amp; Washington, L.C. <i>Introduction to Cryptography with Codin Theory</i>, 2nd ed. Upper Saddle River (NJ): Pearson Prentice Hall, 2006.
-</li><li>Young, A. &amp; Yung, M. <i>Malicious Cryptography: Exposing Cryptovirology</i>. New York: John Wiley &amp; Sons, 2004.
-<br><br>
-</li><li>On the Web:
-<ul>
-<li><a href="http://www.cs.purdue.edu/coast/hotlist/">COAST Hotlist of Security Sites</a>
-</li><li><a href="http://www.counterpane.com/">Counterpane Systems</a>
-</li><li><a href="http://www.cryptography.com/">Cryptography Research Inc.'s cryptography.com Site</a>
-</li><li><a href="http://www.enter.net/%7Echronos/cryptolog1.html">CryptoLog: The Internet Guide to Cryptography</a>
-</li><li><a href="ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html">Cypherpunks WWW Page</a>
-</li><li><a href="http://www.icsa.com/">International Computer Security Association WWW Site</a>
-</li><li><a href="http://www.ietf.org/html.charters/wg-dir.html#Security_Area">Internet Engineering Task Force (IETF) Security Area</a>
-<ul>
-<li><a href="http://www.ietf.org/html.charters/openpgp-charter.html"> An Open Specification for Pretty Good Privacy (openpgp)</a>
-</li><li><a href="http://www.ietf.org/html.charters/cat-charter.html"> Common Authentication Technology (cat)</a>
-</li><li><a href="http://www.ietf.org/html.charters/ipsec-charter.html"> IP Security Protocol (ipsec)</a>
-</li><li><a href="http://www.ietf.org/html.charters/otp-charter.html"> One Time Password Authentication (otp)</a>
-</li><li><a href="http://www.ietf.org/html.charters/pkix-charter.html"> Public-Key Infrastructure (X.509) (pkix)</a>
-</li><li><a href="http://www.ietf.org/html.charters/smime-charter.html"> S/MIME Mail Security (smime)</a>
-</li><li><a href="http://www.ietf.org/html.charters/spki-charter.html"> Simple Public Key Infrastructure (spki)</a>
-</li><li><a href="http://www.ietf.org/html.charters/tls-charter.html"> Transport Layer Security (tls)</a>
-</li><li><a href="http://www.ietf.org/html.charters/wts-charter.html"> Web Transaction Security (wts)</a>
-</li><li><a href="http://www.ietf.org/html.charters/xmldsig-charter.html"> XML Digital Signatures (xmldsig)</a>
-</li></ul>
-</li><li><a href="http://www.pdc.kth.se/kth-krb/"> Kerberos Web Page</a>
-</li><li><a href="http://web.mit.edu/kerberos/www/"> Kerberos: The Network Authentication Protocol</a> (MIT)
-</li><li><a href="http://nsi.org/marketplace.html"> National Security Institute's List of Security Products &amp; Services</a>
-</li><li><a href="http://www.cs.auckland.ac.nz/%7Epgut001/tutorial/index.html"> Peter Gutman's godzilla crypto tutorial</a>
-</li><li>Pretty Good Privacy (PGP):
-<ul>
-<li><a href="http://www.pgpi.org/"> The International PGP Home Page</a>
-</li><li><a href="http://web.mit.edu/network/pgp.html"> MIT Distribution Site for PGP</a>
-</li><li><a href="http://www.openpgp.org/"> The OpenPGP Alliance</a>
-</li></ul>
-</li><li><a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2152"> RSA's Cryptography FAQ</a>
-</li><li><a href="http://theory.lcs.mit.edu/%7Erivest/crypto-security.html"> Ron Rivest's "Cryptography and Security" Page</a>
-</li><li><a href="http://www.cs.berkeley.edu/%7Edaw/people/crypto.html"> "List of Cryptographers" from U.C. Berkeley</a>
-</li><li><a href="http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/"> Yahoo! crypto pages</a>
-</li></ul>
-<br>
-</li><li>Software:
-<ul>
-<li><a href="http://www.eskimo.com/%7Eweidai/cryptlib.html"> Wei Dai's Crypto++ 3.0, a free C++ class library of cryptographic primitives</a>
-</li><li><a href="http://www.cs.auckland.ac.nz/%7Epgut001/cryptlib/index.html"> Peter Gutman's cryptlib security toolkit</a>
-</li><li> A program to decode Cisco type 7 passwords can be found at <a href="http://www.garykessler.net/download/cisco7.zip"><i> http://www.garykessler.net/download/cisco7.zip</i></a>. A version for the Palm OS can be found at @stake's Web site at <a href="http://www.atstake.com/research/tools/index.html"><i> http://www.atstake.com/research/tools/index.html</i></a>.
-</li><li><a href="http://csrc.nist.gov/encryption/aes/rijndael/">Rijndael ANSI C reference code and other implementations</a>
-</li></ul>
-</li></ul>
-
-<p>
-And for a purely enjoyable fiction book that combines cryptography and history, check out Neal Stephenson's <i><a href="http://www.cryptonomicon.com/">Crytonomicon</a></i>
-(published May 1999). You will also find in it a new secure crypto
-scheme based upon an ordinary deck of cards (ok, you need the
-jokers...) called the <a href="http://www.counterpane.com/solitaire.html">Solitaire Encryption Algorithm</a>, developed by Bruce Schneier.</p>
-
-<table align="center" border="0">
-<tbody><tr>
-<td><img src="index_files/crypto_2600des.gif">
-</td><td>
-<p>
-Finally, I am not in the clothing business although I do have an
-impressive t-shirt collection (over 350 and counting!). If you want to
-proudly wear the DES (well, actually the IDEA) encryption algorithm, be
-sure to see <i>2600 Magazine</i>'s DES Encryption Shirt, found at <a href="http://store.yahoo.com/2600hacker/desenshir.html"> <i>http://store.yahoo.com/2600hacker/desenshir.html</i></a> (left). A t-shirt with Adam Back's RSA Perl code can be found at <a href="http://www.cypherspace.org/%7Eadam/uk-shirt.html"> <i>http://www.cypherspace.org/~adam/uk-shirt.html</i></a> (right).</p>
-</td><td><img src="index_files/crypto_backrsa.jpg">
-</td></tr></tbody></table>
-
-<br>
-<center><h3><font color="blue" face="arial"><a name="mathnotes">APPENDIX. SOME MATH NOTES</a></font></h3></center>
-<p>
-A number of readers over time have asked for some rudimentary
-background on a few of the less well-known mathematical functions
-mentioned in this paper. Although this is purposely <b>not</b>
-a mathematical treatise, some of the math functions mentioned here are
-essential to grasping how modern crypto functions work. To that end,
-some of the mathematical functions mentioned in this paper are defined
-in greater detail below.</p>
-
-<a name="xor"><h3>A.1. The Exclusive-OR (XOR) Function</h3></a>
-<p>
-Exclusive OR (XOR) is one of the fundamental mathematical operations
-used in cryptography (and many other applications). George Boole, a
-mathematician in the late 1800s, invented a new form of "algebra" that
-provides the basis for building electronic computers and microprocessor
-chips. Boole defined a bunch of primitive logical operations where
-there are one or two inputs and a single output depending upon the
-operation; the input and output are either TRUE or FALSE. The most
-elemental Boolean operations are:</p>
-<ul>
-<li> NOT: The output value is the inverse of the input value (i.e., the
-output is TRUE if the input is false, FALSE if the input is true)
-</li><li> AND: The output is TRUE if all inputs are true, otherwise
-FALSE. (E.g., "the sky is blue AND the world is flat" is FALSE while
-"the sky is blue AND security is a process" is TRUE.)
-</li><li> OR: The output is TRUE if either or both inputs are true,
-otherwise FALSE. (E.g., "the sky is blue OR the world is flat" is TRUE
-and "the sky is blue OR security is a process" is TRUE.)
-</li><li> XOR (Exclusive OR): The output is TRUE if exactly one of the
-inputs is TRUE, otherwise FALSE. (E.g., "the sky is blue XOR the world
-is flat" is TRUE while "the sky is blue XOR security is a process" is
-FALSE.)
-</li></ul>
-
-<p>
-I'll only discuss XOR for now and demonstrate its function by the use of a so-called <i>truth tables</i>. In computers, Boolean logic is implemented in <i>logic gates</i>; for design purposes, XOR has two inputs and a single output, and its logic diagram looks like this:</p>
-
-<table align="center" border="1" cellpadding="4" cellspacing="4">
-<tbody><tr>
-<td align="center"><font color="red"><b>XOR</b></font></td>
-<td align="center"><b>0</b></td>
-<td align="center"><b>1</b></td>
-</tr>
-<tr>
-<td align="center"><b>0</b></td>
-<td align="center"><font color="red"><b>0</b></font></td>
-<td align="center"><font color="red"><b>1</b></font></td>
-</tr>
-<tr>
-<td align="center"><b>1</b></td>
-<td align="center"><font color="red"><b>1</b></font></td>
-<td align="center"><font color="red"><b>0</b></font></td>
-</tr>
-</tbody></table>
-
-<p>So, in an XOR operation, the output will be a 1 if one input is a 1;
-otherwise, the output is 0. The real significance of this is to look at
-the "identity properties" of XOR. In particular, any value XORed with
-itself is 0 and any value XORed with 0 is just itself. Why does this
-matter? Well, if I take my plaintext and XOR it with a key, I get a
-jumble of bits. If I then take that jumble and XOR it with the same
-key, I return to the original plaintext.</p>
-<p>
-<b>NOTE:</b> Boolean truth tables usually show the inputs and output as
-a single bit because they are based on single bit inputs, namely, TRUE
-and FALSE. In addition, we tend to apply Boolean operations bit-by-bit.
-For convenience, I have created <a href="http://www.garykessler.net/library/byte_logic_table.html">Boolean logic tables when operating on bytes</a>.</p>
-
-<a name="modulo"><h3>A.2. The <i>modulo</i> Function</h3></a>
-<p>
-The <i>modulo</i> function is, simply, the remainder function. It
-is commonly used in programming and is critical to the operation of any
-mathematical function using digital computers.</p>
-<p>
-To calculate <i>X modulo Y</i> (usually written <i>X mod Y</i>),
-you merely determine the remainder after removing all multiples of Y
-from X. Clearly, the value X mod Y will be in the range from 0 to Y-1.</p>
-<p>
-Some examples should clear up any remaining confusion:</p>
-<ul>
-<li> 15 mod 7 = 1
-</li><li> 25 mod 5 = 0
-</li><li> 33 mod 12 = 9
-</li><li> 203 mod 256 = 203
-</li></ul>
-<p>
-Modulo arithmetic is useful in crypto because it allows us to set the
-size of an operation and be sure that we will never get numbers that
-are too large. This is an important consideration when using digital
-computers.</p>
-
-<br>
-<center><h3><font color="blue" face="arial"><a name="author">ABOUT THE AUTHOR</a></font></h3></center>
-<p>
-<a href="http://www.garykessler.net/gck.html">Gary Kessler</a> is an Associate Professor at <a href="http://www.champlain.edu/">Champlain College</a> in Burlington, VT, where he is the director of the <a href="http://networking.champlain.edu/">Computer Networking</a> and <a href="http://digitalforensics.champlain.edu/">Computer &amp; Digital Forensics</a> programs. He is also the president and janitor of <a href="http://www.garykessler.net/">Gary Kessler Associates</a>,
-an independent consulting and training firm specializing in computer
-and network security, computer forensics, Internet access issues, and
-TCP/IP networking. He has written over 60 papers for industry
-publications, is co-author of <a href="http://www.garykessler.net/library/isdnbook.html">ISDN, 4th. edition</a> (McGraw-Hill, 1998), and is a contributor to <i>Information Security Magazine</i>. Gary's e-mail address is <i><a href="mailto:kumquat@sover.net">kumquat@sover.net</a></i> and his PGP public key can be found at <i><a href="http://www.garykessler.net/kumquat_pubkey.html"> http://www.garykessler.net/kumquat_pubkey.html</a></i> or on <a href="http://pgpkeys.mit.edu:11371/">MIT's PGP keyserver</a>. Some of Gary's other crypto pointers of interest on the Web can be found at his <a href="http://www.garykessler.net/library/securityurl.html#crypto">Security-related URLs</a> list.</p>
-</li></font></ol></blockquote>
-
-<font size="3"><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
-
-</font></body></html>
\ No newline at end of file
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<script type="text/javascript">
+//<![CDATA[
+var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
+//]]>
+</script>
+<!--
+TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
+
+Copyright (c) Osmosoft Limited 2004-2006
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+Neither the name of the Osmosoft Limited nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+-->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<!--PRE-HEAD-START-->
+<!--{{{-->
+<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
+<!--}}}-->
+<!--PRE-HEAD-END-->
+<title> axTLS Embedded SSL - changes, notes and errata </title>
+<script type="text/javascript">
+//<![CDATA[
+// ---------------------------------------------------------------------------------
+// Configuration repository
+// ---------------------------------------------------------------------------------
+
+// Miscellaneous options
+var config = {
+	numRssItems: 20, // Number of items in the RSS feed
+	animFast: 0.12, // Speed for animations (lower == slower)
+	animSlow: 0.01, // Speed for EasterEgg animations
+	cascadeFast: 20, // Speed for cascade animations (higher == slower)
+	cascadeSlow: 60, // Speed for EasterEgg cascade animations
+	cascadeDepth: 5, // Depth of cascade animation
+	displayStartupTime: false // Whether to display startup time
+	};
+
+// Messages
+config.messages = {
+	messageClose: {},
+	dates: {}
+};
+
+// Options that can be set in the options panel and/or cookies
+config.options = {
+	chkRegExpSearch: false,
+	chkCaseSensitiveSearch: false,
+	chkAnimate: true,
+	chkSaveBackups: true,
+	chkAutoSave: false,
+	chkGenerateAnRssFeed: false,
+	chkSaveEmptyTemplate: false,
+	chkOpenInNewWindow: true,
+	chkToggleLinks: false,
+	chkHttpReadOnly: true,
+	chkForceMinorUpdate: false,
+	chkConfirmDelete: true,
+	chkInsertTabs: false,
+	txtBackupFolder: "",
+	txtMainTab: "tabTimeline",
+	txtMoreTab: "moreTabAll",
+	txtMaxEditRows: "30"
+	};
+	
+// List of notification functions to be called when certain tiddlers are changed or deleted
+config.notifyTiddlers = [
+	{name: "StyleSheetLayout", notify: refreshStyles},
+	{name: "StyleSheetColors", notify: refreshStyles},
+	{name: "StyleSheet", notify: refreshStyles},
+	{name: "StyleSheetPrint", notify: refreshStyles},
+	{name: "PageTemplate", notify: refreshPageTemplate},
+	{name: "SiteTitle", notify: refreshPageTitle},
+	{name: "SiteSubtitle", notify: refreshPageTitle},
+	{name: "ColorPalette", notify: refreshColorPalette},
+	{name: null, notify: refreshDisplay}
+	];
+
+// Default tiddler templates
+var DEFAULT_VIEW_TEMPLATE = 1;
+var DEFAULT_EDIT_TEMPLATE = 2;
+config.tiddlerTemplates = {
+	1: "ViewTemplate",
+	2: "EditTemplate"
+	};
+
+// More messages (rather a legacy layout that shouldn't really be like this)
+config.views = {
+	wikified: {
+		tag: {}
+		},
+	editor: {
+		tagChooser: {}
+		}
+	};
+
+// Macros; each has a 'handler' member that is inserted later
+config.macros = {
+	today: {},
+	version: {},
+	search: {sizeTextbox: 15},
+	tiddler: {},
+	tag: {},
+	tags: {},
+	tagging: {},
+	timeline: {},
+	allTags: {},
+	list: {
+		all: {},
+		missing: {},
+		orphans: {},
+		shadowed: {}
+		},
+	closeAll: {},
+	permaview: {},
+	saveChanges: {},
+	slider: {},
+	option: {},
+	newTiddler: {},
+	newJournal: {},
+	sparkline: {},
+	tabs: {},
+	gradient: {},
+	message: {},
+	view: {},
+	edit: {},
+	tagChooser: {},
+	toolbar: {},
+	br: {},
+	plugins: {},
+	refreshDisplay: {},
+	importTiddlers: {}
+	};
+
+// Commands supported by the toolbar macro
+config.commands = {
+	closeTiddler: {},
+	closeOthers: {},
+	editTiddler: {},
+	saveTiddler: {hideReadOnly: true},
+	cancelTiddler: {},
+	deleteTiddler: {hideReadOnly: true},
+	permalink: {},
+	references: {},
+	jump: {}
+	};
+
+// Browser detection... In a very few places, there's nothing else for it but to
+// know what browser we're using.
+config.userAgent = navigator.userAgent.toLowerCase();
+config.browser = {
+	isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+	ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+	isSafari: config.userAgent.indexOf("applewebkit") != -1,
+	isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+	firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+	isOpera: config.userAgent.indexOf("opera") != -1,
+	isLinux: config.userAgent.indexOf("linux") != -1,
+	isUnix: config.userAgent.indexOf("x11") != -1,
+	isMac: config.userAgent.indexOf("mac") != -1,
+	isWindows: config.userAgent.indexOf("win") != -1
+	};
+
+// Basic regular expressions
+config.textPrimitives = {
+	upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+	lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+	anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+	anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+	};
+if(config.browser.isBadSafari)
+	config.textPrimitives = {
+		upperLetter: "[A-Z\u00c0-\u00de]",
+		lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+		anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+		anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+		}
+config.textPrimitives.sliceSeparator = "::";
+config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
+config.textPrimitives.unWikiLink = "~";
+config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
+												config.textPrimitives.lowerLetter + "+" +
+												config.textPrimitives.upperLetter +
+												config.textPrimitives.anyLetter + "*)|(?:" +
+												config.textPrimitives.upperLetter + "{2,}" +
+												config.textPrimitives.lowerLetter + "+))";
+
+config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
+config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
+
+config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
+config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
+config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
+	config.textPrimitives.brackettedLink + ")|(?:" + 
+	config.textPrimitives.urlPattern + ")","mg");
+config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
+	config.textPrimitives.titledBrackettedLink + ")|(?:" +
+	config.textPrimitives.brackettedLink + ")|(?:" +
+	config.textPrimitives.urlPattern + ")","mg");
+
+// ---------------------------------------------------------------------------------
+// Shadow tiddlers
+// ---------------------------------------------------------------------------------
+
+config.shadowTiddlers = {
+	ColorPalette: "Background: #fff\n" + 
+				  "Foreground: #000\n" +
+				  "PrimaryPale: #8cf\n" +
+				  "PrimaryLight: #18f\n" +
+				  "PrimaryMid: #04b\n" +
+				  "PrimaryDark: #014\n" +
+				  "SecondaryPale: #ffc\n" +
+				  "SecondaryLight: #fe8\n" +
+				  "SecondaryMid: #db4\n" +
+				  "SecondaryDark: #841\n" +
+				  "TertiaryPale: #eee\n" +
+				  "TertiaryLight: #ccc\n" +
+				  "TertiaryMid: #999\n" +
+				  "TertiaryDark: #666\n" +
+				  "Error: #f88\n",
+	StyleSheet: "",
+	StyleSheetColors: "/*{{{*/\nbody {\n	background: [[ColorPalette::Background]];\n	color: [[ColorPalette::Foreground]];\n}\n\na{\n	color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n	background: [[ColorPalette::PrimaryMid]];\n	color: [[ColorPalette::Background]];\n}\n\na img{\n	border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	color: [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n	color: [[ColorPalette::PrimaryDark]];\n	border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::SecondaryLight]];\n	border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n	font-weight: normal;\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n	color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n	font-weight: normal;\n	color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border-left: 1px solid [[ColorPalette::TertiaryLight]];\n	border-top: 1px solid [[ColorPalette::TertiaryLight]];\n	border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n	 border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n	border: none;\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n	color: [[ColorPalette::PrimaryMid]];\n	background: [[ColorPalette::Background]];\n}\n\n.wizard {\n	background: [[ColorPalette::SecondaryLight]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n	color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n	background: [[ColorPalette::Background]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n	color: [[ColorPalette::PrimaryLight]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::SecondaryMid]];\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n	padding: 0.2em 0.2em 0.2em 0.2em;\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::Background]];\n}\n\n.popup {\n	background: [[ColorPalette::PrimaryLight]];\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px;\n}\n\n.listBreak div{\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n	color: [[ColorPalette::TertiaryPale]];\n	border: none;\n}\n\n.popup li a:hover {\n	background: [[ColorPalette::PrimaryDark]];\n	color: [[ColorPalette::Background]];\n	border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n	border: 1px solid [[ColorPalette::TertiaryPale]];\n	background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n	background-color: [[ColorPalette::TertiaryLight]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n		border: none;\n}\n\n.footer {\n	color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n	background: [[ColorPalette::PrimaryPale]];\n	border: 0;\n}\n\n.sparktick {\n	background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::Error]];\n}\n\n.warning {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n	background: [[ColorPalette::TertiaryPale]];\n	color: [[ColorPalette::TertiaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n	background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n	border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n	border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n	border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n	border: 1px solid [[ColorPalette::SecondaryLight]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n	border: 0;\n	border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n	background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n	width: 100%;\n}\n\n.editorFooter {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+	StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n	font-size: .75em;\n	font-family: arial,helvetica;\n	margin: 0;\n	padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	font-weight: bold;\n	text-decoration: none;\n	padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n	height: 1px;\n}\n\na{\n	text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n	width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n	border: 0;\n}\n\n.externalLink {\n	text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n	font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n	font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n	font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n		position: relative;\n}\n\n.header a:hover {\n	background: transparent;\n}\n\n.headerShadow {\n	position: relative;\n	padding: 4.5em 0em 1em 1em;\n	left: -1px;\n	top: -1px;\n}\n\n.headerForeground {\n	position: absolute;\n	padding: 4.5em 0em 1em 1em;\n	left: 0px;\n	top: 0px;\n}\n\n.siteTitle {\n	font-size: 3em;\n}\n\n.siteSubtitle {\n	font-size: 1.2em;\n}\n\n#mainMenu {\n	position: absolute;\n	left: 0;\n	width: 10em;\n	text-align: right;\n	line-height: 1.6em;\n	padding: 1.5em 0.5em 0.5em 0.5em;\n	font-size: 1.1em;\n}\n\n#sidebar {\n	position: absolute;\n	right: 3px;\n	width: 16em;\n	font-size: .9em;\n}\n\n#sidebarOptions {\n	padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n	margin: 0em 0.2em;\n	padding: 0.2em 0.3em;\n	display: block;\n}\n\n#sidebarOptions input {\n	margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n	margin-left: 1em;\n	padding: 0.5em;\n	font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n	font-weight: bold;\n	display: inline;\n	padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n	margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n	width: 15em;\n	overflow: hidden;\n}\n\n.wizard {\n	padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n	font-size: 2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n	font-size: 1.2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n	padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n	margin: 0.5em 0em 0em 0em;\n	font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n	text-decoration: underline;\n}\n\n.popup {\n	font-size: .9em;\n	padding: 0.2em;\n	list-style: none;\n	margin: 0;\n}\n\n.popup hr {\n	display: block;\n	height: 1px;\n	width: auto;\n	padding: 0;\n	margin: 0.2em 0em;\n}\n\n.listBreak {\n	font-size: 1px;\n	line-height: 1px;\n}\n\n.listBreak div {\n	margin: 2px 0;\n}\n\n.popup li.disabled {\n	padding: 0.2em;\n}\n\n.popup li a{\n	display: block;\n	padding: 0.2em;\n}\n\n.tabset {\n	padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n	margin: 0em 0em 0em 0.25em;\n	padding: 2px;\n}\n\n.tabContents {\n	padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n	margin: 0;\n	padding: 0;\n}\n\n.txtMainTab .tabContents li {\n	list-style: none;\n}\n\n.tabContents li.listLink {\n	 margin-left: .75em;\n}\n\n#displayArea {\n	margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n	text-align: right;\n	font-size: .9em;\n	visibility: hidden;\n}\n\n.selected .toolbar {\n	visibility: visible;\n}\n\n.tiddler {\n	padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n	font-style: italic;\n}\n\n.title {\n	font-size: 1.6em;\n	font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n	font-size: 1.1em;\n}\n\n.tiddler .button {\n	padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n	font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n	width: 99%;\n	padding: 0 0 1em 0;\n}\n\n.viewer {\n	line-height: 1.4em;\n	padding-top: 0.5em;\n}\n\n.viewer .button {\n	margin: 0em 0.25em;\n	padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n	line-height: 1.5em;\n	padding-left: 0.8em;\n	margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n	margin-left: 0.5em;\n	padding-left: 1.5em;\n}\n\n.viewer table {\n	border-collapse: collapse;\n	margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n	padding: 3px;\n}\n\n.viewer table.listView {\n	font-size: 0.85em;\n	margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n	padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n	padding: 0.5em;\n	margin-left: 0.5em;\n	font-size: 1.2em;\n	line-height: 1.4em;\n	overflow: auto;\n}\n\n.viewer code {\n	font-size: 1.2em;\n	line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n	display: block;\n	width: 100%;\n	font: inherit;\n}\n\n.editorFooter {\n	padding: 0.25em 0em;\n	font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n	line-height: 1em;\n}\n\n.sparktick {\n	outline: 0;\n}\n\n.zoomer {\n	font-size: 1.1em;\n	position: absolute;\n	padding: 1em;\n}\n\n.cascade {\n	font-size: 1.1em;\n	position: absolute;\n	overflow: hidden;\n}\n/*}}}*/",
+	StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+	PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+	ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+	EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+	MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+	MarkupPostHead: "",
+	MarkupPreBody: "",
+	MarkupPostBody: ""
+	};
+
+// ---------------------------------------------------------------------------------
+// Translateable strings
+// ---------------------------------------------------------------------------------
+
+// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
+
+merge(config.options,{
+	txtUserName: "YourName"});
+
+merge(config.messages,{
+	customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+	pluginError: "Error: %0",
+	pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+	pluginForced: "Executed because forced via 'systemConfigForce' tag",
+	pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+	nothingSelected: "Nothing is selected. You must select one or more items first",
+	savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+	subtitleUnknown: "(unknown)",
+	undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+	shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+	tiddlerLinkTooltip: "%0 - %1, %2",
+	externalLinkTooltip: "External link to %0",
+	noTags: "There are no tagged tiddlers",
+	notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+	cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+	invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+	backupSaved: "Backup saved",
+	backupFailed: "Failed to save backup file",
+	rssSaved: "RSS feed saved",
+	rssFailed: "Failed to save RSS feed file",
+	emptySaved: "Empty template saved",
+	emptyFailed: "Failed to save empty template file",
+	mainSaved: "Main TiddlyWiki file saved",
+	mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+	macroError: "Error in macro <<%0>>",
+	macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+	missingMacro: "No such macro",
+	overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+	unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+	confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+	saveInstructions: "SaveChanges",
+	unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+	tiddlerSaveError: "Error when saving tiddler '%0'",
+	tiddlerLoadError: "Error when loading tiddler '%0'",
+	wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+	invalidFieldName: "Invalid field name %0",
+	fieldCannotBeChanged: "Field '%0' cannot be changed"});
+
+merge(config.messages.messageClose,{
+	text: "close",
+	tooltip: "close this message area"});
+
+config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
+config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+merge(config.views.wikified.tag,{
+	labelNoTags: "no tags",
+	labelTags: "tags: ",
+	openTag: "Open tag '%0'",
+	tooltip: "Show tiddlers tagged with '%0'",
+	openAllText: "Open all",
+	openAllTooltip: "Open all of these tiddlers",
+	popupNone: "No other tiddlers tagged with '%0'"});
+
+merge(config.views.wikified,{
+	defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+	defaultModifier: "(missing)",
+	shadowModifier: "(built-in shadow tiddler)",
+	createdPrompt: "created"});
+
+merge(config.views.editor,{
+	tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+	defaultText: "Type the text for '%0'"});
+
+merge(config.views.editor.tagChooser,{
+	text: "tags",
+	tooltip: "Choose existing tags to add to this tiddler",
+	popupNone: "There are no tags defined",
+	tagTooltip: "Add the tag '%0'"});
+
+merge(config.macros.search,{
+	label: "search",
+	prompt: "Search this TiddlyWiki",
+	accessKey: "F",
+	successMsg: "%0 tiddlers found matching %1",
+	failureMsg: "No tiddlers found matching %0"});
+
+merge(config.macros.tagging,{
+	label: "tagging: ",
+	labelNotTag: "not tagging",
+	tooltip: "List of tiddlers tagged with '%0'"});
+
+merge(config.macros.timeline,{
+	dateFormat: "DD MMM YYYY"});
+
+merge(config.macros.allTags,{
+	tooltip: "Show tiddlers tagged with '%0'",
+	noTags: "There are no tagged tiddlers"});
+
+config.macros.list.all.prompt = "All tiddlers in alphabetical order";
+config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
+config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
+config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
+
+merge(config.macros.closeAll,{
+	label: "close all",
+	prompt: "Close all displayed tiddlers (except any that are being edited)"});
+
+merge(config.macros.permaview,{
+	label: "permaview",
+	prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+
+merge(config.macros.saveChanges,{
+	label: "save changes",
+	prompt: "Save all tiddlers to create a new TiddlyWiki",
+	accessKey: "S"});
+
+merge(config.macros.newTiddler,{
+	label: "new tiddler",
+	prompt: "Create a new tiddler",
+	title: "New Tiddler",
+	accessKey: "N"});
+
+merge(config.macros.newJournal,{
+	label: "new journal",
+	prompt: "Create a new tiddler from the current date and time",
+	accessKey: "J"});
+
+merge(config.macros.plugins,{
+	skippedText: "(This plugin has not been executed because it was added since startup)",
+	noPluginText: "There are no plugins installed",
+	confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+	listViewTemplate : {
+		columns: [
+			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+			{name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+			{name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+			{name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+			{name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+			{name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+			{name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+			],
+		rowClasses: [
+			{className: 'error', field: 'error'},
+			{className: 'warning', field: 'warning'}
+			],
+		actions: [
+			{caption: "More actions...", name: ''},
+			{caption: "Remove systemConfig tag", name: 'remove'},
+			{caption: "Delete these tiddlers forever", name: 'delete'}
+			]}
+	});
+
+merge(config.macros.refreshDisplay,{
+	label: "refresh",
+	prompt: "Redraw the entire TiddlyWiki display"
+	});
+
+merge(config.macros.importTiddlers,{
+	readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+	defaultPath: "http://www.tiddlywiki.com/index.html",
+	fetchLabel: "fetch",
+	fetchPrompt: "Fetch the tiddlywiki file",
+	fetchError: "There were problems fetching the tiddlywiki file",
+	confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+	wizardTitle: "Import tiddlers from another TiddlyWiki file",
+	step1: "Step 1: Locate the TiddlyWiki file",
+	step1prompt: "Enter the URL or pathname here: ",
+	step1promptFile: "...or browse for a file: ",
+	step1promptFeeds: "...or select a pre-defined feed: ",
+	step1feedPrompt: "Choose...",
+	step2: "Step 2: Loading TiddlyWiki file",
+	step2Text: "Please wait while the file is loaded from: %0",
+	step3: "Step 3: Choose the tiddlers to import",
+	step4: "%0 tiddler(s) imported",
+	step5: "Done",
+	listViewTemplate: {
+		columns: [
+			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+			{name: 'Title', field: 'title', title: "Title", type: 'String'},
+			{name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+			{name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+			],
+		rowClasses: [
+			],
+		actions: [
+			{caption: "More actions...", name: ''},
+			{caption: "Import these tiddlers", name: 'import'}
+			]}
+	});
+
+merge(config.commands.closeTiddler,{
+	text: "close",
+	tooltip: "Close this tiddler"});
+
+merge(config.commands.closeOthers,{
+	text: "close others",
+	tooltip: "Close all other tiddlers"});
+
+merge(config.commands.editTiddler,{
+	text: "edit",
+	tooltip: "Edit this tiddler",
+	readOnlyText: "view",
+	readOnlyTooltip: "View the source of this tiddler"});
+
+merge(config.commands.saveTiddler,{
+	text: "done",
+	tooltip: "Save changes to this tiddler"});
+
+merge(config.commands.cancelTiddler,{
+	text: "cancel",
+	tooltip: "Undo changes to this tiddler",
+	warning: "Are you sure you want to abandon your changes to '%0'?",
+	readOnlyText: "done",
+	readOnlyTooltip: "View this tiddler normally"});
+
+merge(config.commands.deleteTiddler,{
+	text: "delete",
+	tooltip: "Delete this tiddler",
+	warning: "Are you sure you want to delete '%0'?"});
+
+merge(config.commands.permalink,{
+	text: "permalink",
+	tooltip: "Permalink for this tiddler"});
+
+merge(config.commands.references,{
+	text: "references",
+	tooltip: "Show tiddlers that link to this one",
+	popupNone: "No references"});
+
+merge(config.commands.jump,{
+	text: "jump",
+	tooltip: "Jump to another open tiddler"});
+
+merge(config.shadowTiddlers,{
+	DefaultTiddlers: "GettingStarted",
+	MainMenu: "GettingStarted",
+	SiteTitle: "My TiddlyWiki",
+	SiteSubtitle: "a reusable non-linear personal web notebook",
+	SiteUrl: "http://www.tiddlywiki.com/",
+	GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+	SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+	OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+	AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+	SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+	TabTimeline: "<<timeline>>",
+	TabAll: "<<list all>>",
+	TabTags: "<<allTags>>",
+	TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+	TabMoreMissing: "<<list missing>>",
+	TabMoreOrphans: "<<list orphans>>",
+	TabMoreShadowed: "<<list shadowed>>",
+	PluginManager: "<<plugins>>",
+	ImportTiddlers: "<<importTiddlers>>"});
+
+// ---------------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------------
+
+var params = null; // Command line parameters
+var store = null; // TiddlyWiki storage
+var story = null; // Main story
+var formatter = null; // Default formatters for the wikifier
+config.parsers = {}; // Hashmap of alternative parsers for the wikifier
+var anim = new Animator(); // Animation engine
+var readOnly = false; // Whether we're in readonly mode
+var highlightHack = null; // Embarrassing hack department...
+var hadConfirmExit = false; // Don't warn more than once
+var safeMode = false; // Disable all plugins and cookies
+var installedPlugins = []; // Information filled in when plugins are executed
+var startingUp = false; // Whether we're in the process of starting up
+var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
+
+// Whether to use the JavaSaver applet
+var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
+
+// Starting up
+function main()
+{
+	var now, then = new Date();
+	startingUp = true;
+	window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+	params = getParameters();
+	if(params)
+		params = params.parseParams("open",null,false);
+	store = new TiddlyWiki();
+	invokeParamifier(params,"oninit");
+	story = new Story("tiddlerDisplay","tiddler");
+	addEvent(document,"click",Popup.onDocumentClick);
+	saveTest();
+	loadOptionsCookie();
+	for(var s=0; s<config.notifyTiddlers.length; s++)
+		store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+	store.loadFromDiv("storeArea","store",true);
+	invokeParamifier(params,"onload");
+	var pluginProblem = loadPlugins();
+	formatter = new Formatter(config.formatters);
+	readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+	invokeParamifier(params,"onconfig");
+	store.notifyAll();
+	restart();
+	if(pluginProblem)
+		{
+		story.displayTiddler(null,"PluginManager");
+		displayMessage(config.messages.customConfigError);
+		}
+	now = new Date();
+	if(config.displayStartupTime)
+		displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+	startingUp = false;
+}
+
+// Restarting
+function restart()
+{
+	invokeParamifier(params,"onstart");
+	if(story.isEmpty())
+		{
+		var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+		invokeParamifier(defaultParams,"onstart");
+		}
+	window.scrollTo(0,0);
+}
+
+function saveTest()
+{
+	var saveTest = document.getElementById("saveTest");
+	if(saveTest.hasChildNodes())
+		alert(config.messages.savedSnapshotError);
+	saveTest.appendChild(document.createTextNode("savetest"));
+}
+
+function loadPlugins()
+{
+	if(safeMode)
+		return false;
+	var configTiddlers = store.getTaggedTiddlers("systemConfig");
+	installedPlugins = [];
+	var hadProblem = false;
+	for(var t=0; t<configTiddlers.length; t++)
+		{
+		tiddler = configTiddlers[t];
+		pluginInfo = getPluginInfo(tiddler);
+		if(isPluginExecutable(pluginInfo))
+			{
+			pluginInfo.executed = true;
+			pluginInfo.error = false;
+			try
+				{
+				if(tiddler.text && tiddler.text != "")
+					window.eval(tiddler.text);
+				}
+			catch(e)
+				{
+				pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+				pluginInfo.error = true;
+				hadProblem = true;
+				}
+			}
+		else
+			pluginInfo.warning = true;
+		installedPlugins.push(pluginInfo);
+		}
+	return hadProblem;
+}
+
+function getPluginInfo(tiddler)
+{
+	var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+	p.tiddler = tiddler;
+	p.title = tiddler.title;
+	p.log = [];
+	return p;
+}
+
+// Check that a particular plugin is valid for execution
+function isPluginExecutable(plugin)
+{
+	if(plugin.tiddler.isTagged("systemConfigDisable"))
+		return verifyTail(plugin,false,config.messages.pluginDisabled);
+	if(plugin.tiddler.isTagged("systemConfigForce"))
+		return verifyTail(plugin,true,config.messages.pluginForced);
+	if(plugin["CoreVersion"])
+		{
+		var coreVersion = plugin["CoreVersion"].split(".");
+		var w = parseInt(coreVersion[0]) - version.major;
+		if(w == 0 && coreVersion[1])
+			w = parseInt(coreVersion[1]) - version.minor;
+		if(w == 0 && coreVersion[2])
+		 	w = parseInt(coreVersion[2]) - version.revision;
+		if(w > 0)
+			return verifyTail(plugin,false,config.messages.pluginVersionError);
+		}
+	return true;
+}
+
+function verifyTail(plugin,result,message)
+{
+	plugin.log.push(message);
+	return result;
+}
+
+function invokeMacro(place,macro,params,wikifier,tiddler)
+{
+	try
+		{
+		var m = config.macros[macro];
+		if(m && m.handler)
+			m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+		else
+			createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+		}
+	catch(ex)
+		{
+		createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Paramifiers
+// ---------------------------------------------------------------------------------
+
+function getParameters()
+{
+	var p = null;
+	if(window.location.hash)
+		{
+		p = decodeURI(window.location.hash.substr(1));
+		if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+			p = convertUTF8ToUnicode(p);
+		}
+	return p;
+}
+
+function invokeParamifier(params,handler)
+{
+	if(!params || params.length == undefined || params.length <= 1)
+		return;
+	for(var t=1; t<params.length; t++)
+		{
+		var p = config.paramifiers[params[t].name];
+		if(p && p[handler] instanceof Function)
+			p[handler](params[t].value);
+		}
+}
+
+config.paramifiers = {};
+
+config.paramifiers.start = {
+	oninit: function(v) {
+		safeMode = v.toLowerCase() == "safe";
+		}
+};
+
+config.paramifiers.open = {
+	onstart: function(v) {
+		story.displayTiddler("bottom",v,null,false,false);
+		}
+};
+
+config.paramifiers.story = {
+	onstart: function(v) {
+		var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+		invokeParamifier(list,"onstart");
+		}
+};
+
+config.paramifiers.search = {
+	onstart: function(v) {
+		story.search(v,false,false);
+		}
+};
+
+config.paramifiers.searchRegExp = {
+	onstart: function(v) {
+		story.prototype.search(v,false,true);
+		}
+};
+
+config.paramifiers.tag = {
+	onstart: function(v) {
+		var tagged = store.getTaggedTiddlers(v,"title");
+		for(var t=0; t<tagged.length; t++)
+			story.displayTiddler("bottom",tagged[t].title,null,false,false);
+		}
+};
+
+config.paramifiers.newTiddler = {
+	onstart: function(v) {
+		if(!readOnly)
+			{
+			story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+			story.focusTiddler(v,"text");
+			}
+		}
+};
+
+config.paramifiers.newJournal = {
+	onstart: function(v) {
+		if(!readOnly)
+			{
+			var now = new Date();
+			var title = now.formatString(v.trim());
+			story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+			story.focusTiddler(title,"text");
+			}
+		}
+};
+
+// ---------------------------------------------------------------------------------
+// Formatter helpers
+// ---------------------------------------------------------------------------------
+
+function Formatter(formatters)
+{
+	this.formatters = [];
+	var pattern = [];
+	for(var n=0; n<formatters.length; n++)
+		{
+		pattern.push("(" + formatters[n].match + ")");
+		this.formatters.push(formatters[n]);
+		}
+	this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+}
+
+config.formatterHelpers = {
+
+	createElementAndWikify: function(w)
+	{
+		w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+	},
+	
+	inlineCssHelper: function(w)
+	{
+		var styles = [];
+		config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			var s,v;
+			if(lookaheadMatch[1])
+				{
+				s = lookaheadMatch[1].unDash();
+				v = lookaheadMatch[2];
+				}
+			else
+				{
+				s = lookaheadMatch[3].unDash();
+				v = lookaheadMatch[4];
+				}
+			if (s=="bgcolor")
+				s = "backgroundColor";
+			styles.push({style: s, value: v});
+			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+			config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+			}
+		return styles;
+	},
+
+	applyCssHelper: function(e,styles)
+	{
+		for(var t=0; t< styles.length; t++)
+			{
+			try
+				{
+				e.style[styles[t].style] = styles[t].value;
+				}
+			catch (ex)
+				{
+				}
+			}
+	},
+
+	enclosedTextHelper: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			var text = lookaheadMatch[1];
+			if(config.browser.isIE)
+				text = text.replace(/\n/g,"\r");
+			createTiddlyElement(w.output,this.element,null,null,text);
+			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+			}
+	},
+
+	isExternalLink: function(link)
+	{
+		if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+			{
+			//# Definitely not an external link
+			return false;
+			}
+		var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+		if(urlRegExp.exec(link))
+			{
+			// Definitely an external link
+			return true;
+			}
+		if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+			{
+			//# Link contains . / or \ so is probably an external link
+			return true;
+			}
+		//# Otherwise assume it is not an external link
+		return false;
+	}
+
+};
+
+// ---------------------------------------------------------------------------------
+// Standard formatters
+// ---------------------------------------------------------------------------------
+
+config.formatters = [
+{
+	name: "table",
+	match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+	lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+	rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+	cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+	cellTermRegExp: /((?:\x20*)\|)/mg,
+	rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+	handler: function(w)
+	{
+		var table = createTiddlyElement(w.output,"table");
+		var prevColumns = [];
+		var currRowType = null;
+		var rowContainer;
+		var rowCount = 0;
+		w.nextMatch = w.matchStart;
+		this.lookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			var nextRowType = lookaheadMatch[2];
+			if(nextRowType == "k")
+				{
+				table.className = lookaheadMatch[1];
+				w.nextMatch += lookaheadMatch[0].length+1;
+				}
+			else
+				{
+				if(nextRowType != currRowType)
+					{
+					rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+					currRowType = nextRowType;
+					}
+				if(currRowType == "c")
+					{
+					// Caption
+					w.nextMatch++;
+					if(rowContainer != table.firstChild)
+						table.insertBefore(rowContainer,table.firstChild);
+					rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+					w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+					}
+				else
+					{
+					this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+					rowCount++;
+					}
+				}
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+			}
+	},
+	rowHandler: function(w,e,prevColumns)
+	{
+		var col = 0;
+		var colSpanCount = 1;
+		var prevCell = null;
+		this.cellRegExp.lastIndex = w.nextMatch;
+		var cellMatch = this.cellRegExp.exec(w.source);
+		while(cellMatch && cellMatch.index == w.nextMatch)
+			{
+			if(cellMatch[1] == "~")
+				{
+				// Rowspan
+				var last = prevColumns[col];
+				if(last)
+					{
+					last.rowSpanCount++;
+					last.element.setAttribute("rowspan",last.rowSpanCount);
+					last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+					last.element.valign = "center";
+					}
+				w.nextMatch = this.cellRegExp.lastIndex-1;
+				}
+			else if(cellMatch[1] == ">")
+				{
+				// Colspan
+				colSpanCount++;
+				w.nextMatch = this.cellRegExp.lastIndex-1;
+				}
+			else if(cellMatch[2])
+				{
+				// End of row
+				if(prevCell && colSpanCount > 1)
+					{
+					prevCell.setAttribute("colspan",colSpanCount);
+					prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+					}
+				w.nextMatch = this.cellRegExp.lastIndex;
+				break;
+				}
+			else
+				{
+				// Cell
+				w.nextMatch++;
+				var styles = config.formatterHelpers.inlineCssHelper(w);
+				var spaceLeft = false;
+				var chr = w.source.substr(w.nextMatch,1);
+				while(chr == " ")
+					{
+					spaceLeft = true;
+					w.nextMatch++;
+					chr = w.source.substr(w.nextMatch,1);
+					}
+				var cell;
+				if(chr == "!")
+					{
+					cell = createTiddlyElement(e,"th");
+					w.nextMatch++;
+					}
+				else
+					cell = createTiddlyElement(e,"td");
+				prevCell = cell;
+				prevColumns[col] = {rowSpanCount:1, element:cell};
+				if(colSpanCount > 1)
+					{
+					cell.setAttribute("colspan",colSpanCount);
+					cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+					colSpanCount = 1;
+					}
+				config.formatterHelpers.applyCssHelper(cell,styles);
+				w.subWikifyTerm(cell,this.cellTermRegExp);
+				if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+					cell.align = spaceLeft ? "center" : "left";
+				else if(spaceLeft)
+					cell.align = "right";
+				w.nextMatch--;
+				}
+			col++;
+			this.cellRegExp.lastIndex = w.nextMatch;
+			cellMatch = this.cellRegExp.exec(w.source);
+			}
+	}
+},
+
+{
+	name: "heading",
+	match: "^!{1,5}",
+	termRegExp: /(\n)/mg,
+	handler: function(w)
+	{
+		w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+	}
+},
+
+{
+	name: "list",
+	match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+	lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+	termRegExp: /(\n)/mg,
+	handler: function(w)
+	{
+		var placeStack = [w.output];
+		var currLevel = 0, currType = null;
+		var listLevel, listType, itemType;
+		w.nextMatch = w.matchStart;
+		this.lookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			if(lookaheadMatch[1])
+				{
+				listType = "ul";
+				itemType = "li";
+				}
+			else if(lookaheadMatch[2])
+				{
+				listType = "ol";
+				itemType = "li";
+				}
+			else if(lookaheadMatch[3])
+				{
+				listType = "dl";
+				itemType = "dt";
+				}
+			else if(lookaheadMatch[4])
+				{
+				listType = "dl";
+				itemType = "dd";
+				}
+			listLevel = lookaheadMatch[0].length;
+			w.nextMatch += lookaheadMatch[0].length;
+			if(listLevel > currLevel)
+				{
+				for(var t=currLevel; t<listLevel; t++)
+					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+				}
+			else if(listLevel < currLevel)
+				{
+				for(var t=currLevel; t>listLevel; t--)
+					placeStack.pop();
+				}
+			else if(listLevel == currLevel && listType != currType)
+				{
+				placeStack.pop();
+				placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+				}
+			currLevel = listLevel;
+			currType = listType;
+			var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+			w.subWikifyTerm(e,this.termRegExp);
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		}
+	}
+},
+
+{
+	name: "quoteByBlock",
+	match: "^<<<\\n",
+	termRegExp: /(^<<<(\n|$))/mg,
+	element: "blockquote",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "quoteByLine",
+	match: "^>+",
+	lookaheadRegExp: /^>+/mg,
+	termRegExp: /(\n)/mg,
+	element: "blockquote",
+	handler: function(w)
+	{
+		var placeStack = [w.output];
+		var currLevel = 0;
+		var newLevel = w.matchLength;
+		var t;
+		do {
+			if(newLevel > currLevel)
+				{
+				for(t=currLevel; t<newLevel; t++)
+					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+				}
+			else if(newLevel < currLevel)
+				{
+				for(t=currLevel; t>newLevel; t--)
+					placeStack.pop();
+				}
+			currLevel = newLevel;
+			w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+			createTiddlyElement(placeStack[placeStack.length-1],"br");
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+			var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+			if(matched)
+				{
+				newLevel = lookaheadMatch[0].length;
+				w.nextMatch += lookaheadMatch[0].length;
+				}
+		} while(matched);
+	}
+},
+
+{
+	name: "rule",
+	match: "^----+$\\n?",
+	handler: function(w)
+	{
+		createTiddlyElement(w.output,"hr");
+	}
+},
+
+{
+	name: "monospacedByLine",
+	match: "^\\{\\{\\{\\n",
+	lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForCSS",
+	match: "^/\\*[\\{]{3}\\*/\\n",
+	lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForPlugin",
+	match: "^//\\{\\{\\{\\n",
+	lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForTemplate",
+	match: "^<!--[\\{]{3}-->\\n",
+	lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg, 
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "wikifyCommentForPlugin", 
+	match: "^/\\*\\*\\*\\n",
+	termRegExp: /(^\*\*\*\/\n)/mg,
+	handler: function(w)
+	{
+		w.subWikifyTerm(w.output,this.termRegExp);
+	}
+},
+
+{
+	name: "wikifyCommentForTemplate", 
+	match: "^<!---\\n",
+	termRegExp: /(^--->\n)/mg,
+	handler: function(w) 
+	{
+		w.subWikifyTerm(w.output,this.termRegExp);
+	}
+},
+
+{
+	name: "macro",
+	match: "<<",
+	lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+			{
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+			}
+	}
+},
+
+{
+	name: "prettyLink",
+	match: "\\[\\[",
+	lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			var e;
+			var text = lookaheadMatch[1];
+			if(lookaheadMatch[3])
+				{
+				// Pretty bracketted link
+				var link = lookaheadMatch[3];
+				e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+						? createExternalLink(w.output,link)
+						: createTiddlyLink(w.output,link,false,null,w.isStatic);
+				}
+			else
+				{
+				// Simple bracketted link
+				e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+				}
+			createTiddlyText(e,text);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "unWikiLink",
+	match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+	handler: function(w)
+	{
+		w.outputText(w.output,w.matchStart+1,w.nextMatch);
+	}
+},
+
+{
+	name: "wikiLink",
+	match: config.textPrimitives.wikiLink,
+	handler: function(w)
+	{
+		if(w.matchStart > 0)
+			{
+			var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+			preRegExp.lastIndex = w.matchStart-1;
+			var preMatch = preRegExp.exec(w.source);
+			if(preMatch.index == w.matchStart-1)
+				{
+				w.outputText(w.output,w.matchStart,w.nextMatch);
+				return;
+				}
+			}
+		if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+			{
+			var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+			w.outputText(link,w.matchStart,w.nextMatch);
+			}
+		else
+			{
+			w.outputText(w.output,w.matchStart,w.nextMatch);
+			}
+	}
+},
+
+{
+	name: "urlLink",
+	match: config.textPrimitives.urlPattern,
+	handler: function(w)
+	{
+		w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+	}
+},
+
+{
+	name: "image",
+	match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+	lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+			{
+			var e = w.output;
+			if(lookaheadMatch[5])
+				{
+				var link = lookaheadMatch[5];
+				e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+				addClass(e,"imageLink");
+				}
+			var img = createTiddlyElement(e,"img");
+			if(lookaheadMatch[1])
+				img.align = "left";
+			else if(lookaheadMatch[2])
+				img.align = "right";
+			if(lookaheadMatch[3])
+				img.title = lookaheadMatch[3];
+			img.src = lookaheadMatch[4];
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "html",
+	match: "<[Hh][Tt][Mm][Ll]>",
+	lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "commentByBlock",
+	match: "/%",
+	lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+	}
+},
+
+{
+	name: "boldByChar",
+	match: "''",
+	termRegExp: /('')/mg,
+	element: "strong",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "italicByChar",
+	match: "//",
+	termRegExp: /(\/\/)/mg,
+	element: "em",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "underlineByChar",
+	match: "__",
+	termRegExp: /(__)/mg,
+	element: "u",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "strikeByChar",
+	match: "--(?!\\s|$)",
+	termRegExp: /((?!\s)--|(?=\n\n))/mg,
+	element: "strike",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "superscriptByChar",
+	match: "\\^\\^",
+	termRegExp: /(\^\^)/mg,
+	element: "sup",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "subscriptByChar",
+	match: "~~",
+	termRegExp: /(~~)/mg,
+	element: "sub",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "monospacedByChar",
+	match: "\\{\\{\\{",
+	lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "styleByChar",
+	match: "@@",
+	termRegExp: /(@@)/mg,
+	handler:  function(w)
+	{
+		var e = createTiddlyElement(w.output,"span");
+		var styles = config.formatterHelpers.inlineCssHelper(w);
+		if(styles.length == 0)
+			e.className = "marked";
+		else
+			config.formatterHelpers.applyCssHelper(e,styles);
+		w.subWikifyTerm(e,this.termRegExp);
+	}
+},
+
+{
+	name: "lineBreak",
+	match: "\\n|<br ?/?>",
+	handler: function(w)
+	{
+		createTiddlyElement(w.output,"br");
+	}
+},
+
+{
+	name: "rawText",
+	match: "\\\"{3}|<nowiki>",
+	lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "mdash",
+	match: "--",
+	handler: function(w)
+		{
+		createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+		}
+},
+
+{
+	name: "htmlEntitiesEncoding",
+	match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+	handler: function(w)
+		{
+		createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+		}
+},
+
+{
+	name: "customClasses",
+	match: "\\{\\{",
+	termRegExp: /(\}\}\})/mg,
+	lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch)
+			{
+			var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			w.subWikifyTerm(e,this.termRegExp);
+			}
+	}
+}
+
+];
+
+// ---------------------------------------------------------------------------------
+// Wikifier
+// ---------------------------------------------------------------------------------
+
+function getParser(tiddler)
+{
+	var f = formatter;
+	if(tiddler!=null)
+		{
+		for(var i in config.parsers)
+			{
+			if(tiddler.isTagged(config.parsers[i].formatTag))
+				{
+				f = config.parsers[i];
+				break;
+				}
+			}
+		}
+	return f;
+}
+
+function wikify(source,output,highlightRegExp,tiddler)
+{
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+		wikifier.subWikifyUnterm(output);
+		}
+}
+
+function wikifyStatic(source,highlightRegExp,tiddler)
+{
+	var e = createTiddlyElement(document.body,"div");
+	e.style.display = "none";
+	var html = "";
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+		wikifier.isStatic = true;
+		wikifier.subWikifyUnterm(e);
+		html = e.innerHTML;
+		e.parentNode.removeChild(e);
+		}
+	return html;
+}
+
+// Wikify a named tiddler to plain text
+function wikifyPlain(title)
+{
+	if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+		{
+		var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+		return wikifier.wikifyPlain();
+		}
+	else
+		return "";
+}
+
+// Highlight plain text into an element
+function highlightify(source,output,highlightRegExp)
+{
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,formatter,highlightRegExp);
+		wikifier.outputText(output,0,source.length);
+		}
+}
+
+// Construct a wikifier object
+// source - source string that's going to be wikified
+// formatter - Formatter() object containing the list of formatters to be used
+// highlightRegExp - regular expression of the text string to highlight
+// tiddler - reference to the tiddler that's taken to be the container for this wikification
+function Wikifier(source,formatter,highlightRegExp,tiddler)
+{
+	this.source = source;
+	this.output = null;
+	this.formatter = formatter;
+	this.nextMatch = 0;
+	this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+	this.highlightRegExp = highlightRegExp;
+	this.highlightMatch = null;
+	this.isStatic = false;
+	if(highlightRegExp)
+		{
+		highlightRegExp.lastIndex = 0;
+		this.highlightMatch = highlightRegExp.exec(source);
+		}
+	this.tiddler = tiddler;
+}
+
+Wikifier.prototype.wikifyPlain = function()
+{
+	var e = createTiddlyElement(document.body,"div");
+	e.style.display = "none";
+	this.subWikify(e);
+	var text = getPlainText(e);
+	e.parentNode.removeChild(e);
+	return text;
+}
+
+Wikifier.prototype.subWikify = function(output,terminator)
+{
+	// Handle the terminated and unterminated cases separately
+	if (terminator)
+		this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+	else
+		this.subWikifyUnterm(output);
+}
+
+Wikifier.prototype.subWikifyUnterm = function(output)
+{
+	// subWikify() can be indirectly recursive, so we need to save the old output pointer
+	var oldOutput = this.output;
+	this.output = output;
+	// Get the first match
+	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+	var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+	while(formatterMatch)
+		{
+		// Output any text before the match
+		if(formatterMatch.index > this.nextMatch)
+			this.outputText(this.output,this.nextMatch,formatterMatch.index);
+		// Set the match parameters for the handler
+		this.matchStart = formatterMatch.index;
+		this.matchLength = formatterMatch[0].length;
+		this.matchText = formatterMatch[0];
+		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+		// Figure out which formatter matched and call its handler
+		for(var t=1; t<formatterMatch.length; t++)
+			{
+			if(formatterMatch[t])
+				{
+				this.formatter.formatters[t-1].handler(this);
+				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+				break;
+				}
+			}
+		// Get the next match
+		formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+		}
+	// Output any text after the last match
+	if(this.nextMatch < this.source.length)
+		{
+		this.outputText(this.output,this.nextMatch,this.source.length);
+		this.nextMatch = this.source.length;
+		}
+	// Restore the output pointer
+	this.output = oldOutput;
+}
+
+Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
+{
+	// subWikify() can be indirectly recursive, so we need to save the old output pointer
+	var oldOutput = this.output;
+	this.output = output;
+	// Get the first matches for the formatter and terminator RegExps
+	terminatorRegExp.lastIndex = this.nextMatch;
+	var terminatorMatch = terminatorRegExp.exec(this.source);
+	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+	var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+	while(terminatorMatch || formatterMatch)
+		{
+		// Check for a terminator match  before the next formatter match
+		if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+			{
+			// Output any text before the match
+			if(terminatorMatch.index > this.nextMatch)
+				this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+			// Set the match parameters
+			this.matchText = terminatorMatch[1];
+			this.matchLength = terminatorMatch[1].length;
+			this.matchStart = terminatorMatch.index;
+			this.nextMatch = this.matchStart + this.matchLength;
+			// Restore the output pointer
+			this.output = oldOutput;
+			return;
+			}
+		// It must be a formatter match; output any text before the match
+		if(formatterMatch.index > this.nextMatch)
+			this.outputText(this.output,this.nextMatch,formatterMatch.index);
+		// Set the match parameters
+		this.matchStart = formatterMatch.index;
+		this.matchLength = formatterMatch[0].length;
+		this.matchText = formatterMatch[0];
+		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+		// Figure out which formatter matched and call its handler
+		for(var t=1; t<formatterMatch.length; t++)
+			{
+			if(formatterMatch[t])
+				{
+				this.formatter.formatters[t-1].handler(this);
+				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+				break;
+				}
+			}
+		// Get the next match
+		terminatorRegExp.lastIndex = this.nextMatch;
+		terminatorMatch = terminatorRegExp.exec(this.source);
+		formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+		}
+	// Output any text after the last match
+	if(this.nextMatch < this.source.length)
+		{
+		this.outputText(this.output,this.nextMatch,this.source.length);
+		this.nextMatch = this.source.length;
+		}
+	// Restore the output pointer
+	this.output = oldOutput;
+}
+
+Wikifier.prototype.outputText = function(place,startPos,endPos)
+{
+	// Check for highlights
+	while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+		{
+		// Deal with any plain text before the highlight
+		if(this.highlightMatch.index > startPos)
+			{
+			createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+			startPos = this.highlightMatch.index;
+			}
+		// Deal with the highlight
+		var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+		var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+		startPos = highlightEnd;
+		// Nudge along to the next highlight if we're done with this one
+		if(startPos >= this.highlightRegExp.lastIndex)
+			this.highlightMatch = this.highlightRegExp.exec(this.source);
+		}
+	// Do the unhighlighted text left over
+	if(startPos < endPos)
+		{
+		createTiddlyText(place,this.source.substring(startPos,endPos));
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Macro definitions
+// ---------------------------------------------------------------------------------
+
+config.macros.today.handler = function(place,macroName,params)
+{
+	var now = new Date();
+	var text;
+	if(params[0])
+		text = now.formatString(params[0].trim());
+	else
+		text = now.toLocaleString();
+	createTiddlyElement(place,"span",null,null,text);
+}
+
+config.macros.version.handler = function(place)
+{
+	createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+}
+
+config.macros.list.handler = function(place,macroName,params)
+{
+	var type = params[0] ? params[0] : "all";
+	var theList = document.createElement("ul");
+	place.appendChild(theList);
+	if(this[type].prompt)
+		createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+	var results;
+	if(this[type].handler)
+		results = this[type].handler(params);
+	for(var t = 0; t < results.length; t++)
+		{
+		var theListItem = document.createElement("li")
+		theList.appendChild(theListItem);
+		if(typeof results[t] == "string")
+			createTiddlyLink(theListItem,results[t],true);
+		else
+			createTiddlyLink(theListItem,results[t].title,true);
+		}
+}
+
+config.macros.list.all.handler = function(params)
+{
+	return store.reverseLookup("tags","excludeLists",false,"title");
+}
+
+config.macros.list.missing.handler = function(params)
+{
+	return store.getMissingLinks();
+}
+
+config.macros.list.orphans.handler = function(params)
+{
+	return store.getOrphans();
+}
+
+config.macros.list.shadowed.handler = function(params)
+{
+	return store.getShadowed();
+}
+
+config.macros.allTags.handler = function(place,macroName,params)
+{
+	var tags = store.getTags();
+	var theDateList = createTiddlyElement(place,"ul");
+	if(tags.length == 0)
+		createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+	for(var t=0; t<tags.length; t++)
+		{
+		var theListItem =createTiddlyElement(theDateList,"li");
+		var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+		theTag.setAttribute("tag",tags[t][0]);
+		}
+}
+
+config.macros.timeline.handler = function(place,macroName,params)
+{
+	var field = params[0] ? params[0] : "modified";
+	var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+	var lastDay = "";
+	var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+	for(var t=tiddlers.length-1; t>=last; t--)
+		{
+		var tiddler = tiddlers[t];
+		var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+		if(theDay != lastDay)
+			{
+			var theDateList = document.createElement("ul");
+			place.appendChild(theDateList);
+			createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+			lastDay = theDay;
+			}
+		var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+		theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+		}
+}
+
+config.macros.search.handler = function(place,macroName,params)
+{
+	var searchTimeout = null;
+	var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+	var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+	if(params[0])
+		txt.value = params[0];
+	txt.onkeyup = this.onKeyPress;
+	txt.onfocus = this.onFocus;
+	txt.setAttribute("size",this.sizeTextbox);
+	txt.setAttribute("accessKey",this.accessKey);
+	txt.setAttribute("autocomplete","off");
+	txt.setAttribute("lastSearchText","");
+	if(config.browser.isSafari)
+		{
+		txt.setAttribute("type","search");
+		txt.setAttribute("results","5");
+		}
+	else
+		txt.setAttribute("type","text");
+}
+
+// Global because there's only ever one outstanding incremental search timer
+config.macros.search.timeout = null;
+
+config.macros.search.doSearch = function(txt)
+{
+	if(txt.value.length > 0)
+		{
+		story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+		txt.setAttribute("lastSearchText",txt.value);
+		}
+}
+
+config.macros.search.onClick = function(e)
+{
+	config.macros.search.doSearch(this.nextSibling);
+	return false;
+}
+
+config.macros.search.onKeyPress = function(e)
+{
+	if(!e) var e = window.event;
+	switch(e.keyCode)
+		{
+		case 13: // Ctrl-Enter
+		case 10: // Ctrl-Enter on IE PC
+			config.macros.search.doSearch(this);
+			break;
+		case 27: // Escape
+			this.value = "";
+			clearMessage();
+			break;
+		}
+	if(this.value.length > 2)
+		{
+		if(this.value != this.getAttribute("lastSearchText"))
+			{
+			if(config.macros.search.timeout)
+				clearTimeout(config.macros.search.timeout);
+			var txt = this;
+			config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+			}
+		}
+	else
+		{
+		if(config.macros.search.timeout)
+			clearTimeout(config.macros.search.timeout);
+		}
+}
+
+config.macros.search.onFocus = function(e)
+{
+	this.select();
+}
+
+config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("name",null,true,false,true);
+	var names = params[0]["name"];
+	var tiddlerName = names[0];
+	var className = names[1] ? names[1] : null;
+	var args = params[0]["with"];
+	var wrapper = createTiddlyElement(place,"span",null,className);
+	if(!args)
+		{
+		wrapper.setAttribute("refresh","content");
+		wrapper.setAttribute("tiddler",tiddlerName);
+		}
+	var text = store.getTiddlerText(tiddlerName);
+	if(text)
+		{
+		var stack = config.macros.tiddler.tiddlerStack;
+		if(stack.indexOf(tiddlerName) !== -1)
+			return;
+		stack.push(tiddlerName);
+		try
+			{
+			var n = args ? Math.min(args.length,9) : 0;
+			for(var i=0; i<n; i++) 
+				{
+				var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+				text = text.replace(placeholderRE,args[i]);
+				}
+			config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+			}
+		finally
+			{
+			stack.pop();
+			}
+		}
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params) 
+{
+	wikify(text,place,null,store.getTiddler(tiddlerName));
+}
+
+config.macros.tiddler.tiddlerStack = [];
+
+config.macros.tag.handler = function(place,macroName,params)
+{
+	createTagButton(place,params[0]);
+}
+
+config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("anon",null,true,false,false);
+	var theList = createTiddlyElement(place,"ul");
+	var title = getParam(params,"anon","");
+	if(title && store.tiddlerExists(title))
+		tiddler = store.getTiddler(title);
+	var sep = getParam(params,"sep"," ");
+	var lingo = config.views.wikified.tag;
+	var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+	for(var t=0; t<tiddler.tags.length; t++)
+		{
+		createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+		if(t<tiddler.tags.length-1)
+			createTiddlyText(theList,sep);
+		}
+}
+
+config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("anon",null,true,false,false);
+	var theList = createTiddlyElement(place,"ul");
+	var title = getParam(params,"anon","");
+	if(title == "" && tiddler instanceof Tiddler)
+		title = tiddler.title;
+	var sep = getParam(params,"sep"," ");
+	theList.setAttribute("title",this.tooltip.format([title]));
+	var tagged = store.getTaggedTiddlers(title);
+	var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+	for(var t=0; t<tagged.length; t++)
+		{
+		createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+		if(t<tagged.length-1)
+			createTiddlyText(theList,sep);
+		}
+}
+
+config.macros.closeAll.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.closeAll.onClick = function(e)
+{
+	story.closeAllTiddlers();
+	return false;
+}
+
+config.macros.permaview.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.permaview.onClick = function(e)
+{
+	story.permaView();
+	return false;
+}
+
+config.macros.saveChanges.handler = function(place)
+{
+	if(!readOnly)
+		createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+}
+
+config.macros.saveChanges.onClick = function(e)
+{
+	saveChanges();
+	return false;
+}
+
+config.macros.slider.onClickSlider = function(e)
+{
+	if(!e) var e = window.event;
+	var n = this.nextSibling;
+	var cookie = n.getAttribute("cookie");
+	var isOpen = n.style.display != "none";
+	if(anim && config.options.chkAnimate)
+		anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+	else
+		n.style.display = isOpen ? "none" : "block";
+	config.options[cookie] = !isOpen;
+	saveOptionCookie(cookie);
+	return false;
+}
+
+config.macros.slider.createSlider = function(place,cookie,title,tooltip)
+{
+	var cookie = cookie ? cookie : "";
+	var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+	var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+	panel.setAttribute("cookie",cookie);
+	panel.style.display = config.options[cookie] ? "block" : "none";
+	place.appendChild(panel);
+	return panel;
+}
+
+config.macros.slider.handler = function(place,macroName,params)
+{
+	var panel = this.createSlider(place,params[0],params[2],params[3]);
+	var text = store.getTiddlerText(params[1]);
+	panel.setAttribute("refresh", "content");
+	panel.setAttribute("tiddler", params[1]);
+	if(text)
+		wikify(text,panel,null,store.getTiddler(params[1]));
+}
+
+config.macros.option.onChangeOption = function(e)
+{
+	var opt = this.getAttribute("option");
+	var elementType,valueField;
+	if(opt)
+		{
+		switch(opt.substr(0,3))
+			{
+			case "txt":
+				elementType = "input";
+				valueField = "value";
+				break;
+			case "chk":
+				elementType = "input";
+				valueField = "checked";
+				break;
+			}
+		config.options[opt] = this[valueField];
+		saveOptionCookie(opt);
+		var nodes = document.getElementsByTagName(elementType);
+		for(var t=0; t<nodes.length; t++)
+			{
+			var optNode = nodes[t].getAttribute("option");
+			if(opt == optNode)
+				nodes[t][valueField] = this[valueField];
+			}
+		}
+	return(true);
+}
+
+config.macros.option.handler = function(place,macroName,params)
+{
+	var opt = params[0];
+	if(config.options[opt] == undefined)
+		return;
+	var c;
+	switch(opt.substr(0,3))
+		{
+		case "txt":
+			c = document.createElement("input");
+			c.onkeyup = this.onChangeOption;
+			c.setAttribute("option",opt);
+			c.className = "txtOptionInput";
+			place.appendChild(c);
+			c.value = config.options[opt];
+			break;
+		case "chk":
+			c = document.createElement("input");
+			c.setAttribute("type","checkbox");
+			c.onclick = this.onChangeOption;
+			c.setAttribute("option",opt);
+			c.className = "chkOptionInput";
+			place.appendChild(c);
+			c.checked = config.options[opt];
+			break;
+		}
+}
+
+
+
+config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
+{
+	var tags = [];
+	for(var t=1; t<params.length; t++)
+		if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+			tags.push(params[t].value);
+	label = getParam(params,"label",label);
+	prompt = getParam(params,"prompt",prompt);
+	accessKey = getParam(params,"accessKey",accessKey);
+	newFocus = getParam(params,"focus",newFocus);
+	var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+	btn.setAttribute("newTitle",title);
+	btn.setAttribute("isJournal",isJournal);
+	btn.setAttribute("params",tags.join("|"));
+	btn.setAttribute("newFocus",newFocus);
+	btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+	var text = getParam(params,"text");
+	if(text !== undefined) 
+		btn.setAttribute("newText",text);
+	return btn;
+}
+
+config.macros.newTiddler.onClickNewTiddler = function()
+{
+	var title = this.getAttribute("newTitle");
+	if(this.getAttribute("isJournal"))
+		{
+		var now = new Date();
+		title = now.formatString(title.trim());
+		}
+	var params = this.getAttribute("params").split("|");
+	var focus = this.getAttribute("newFocus");
+	var template = this.getAttribute("newTemplate");
+	story.displayTiddler(null,title,template);
+	var text = this.getAttribute("newText");
+	if(typeof text == "string")
+		story.getTiddlerField(title,"text").value = text.format([title]);
+	for(var t=0;t<params.length;t++)
+		story.setTiddlerTag(title,params[t],+1);
+	story.focusTiddler(title,focus);
+	return false;
+}
+
+config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(!readOnly)
+		{
+		params = paramString.parseParams("anon",null,true,false,false);
+		var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+		title = getParam(params,"title",title);
+		this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+		}
+}
+
+config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(!readOnly)
+		{
+		params = paramString.parseParams("anon",null,true,false,false);
+		var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+		title = getParam(params,"title",title);
+		config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+		}
+}
+
+config.macros.sparkline.handler = function(place,macroName,params)
+{
+	var data = [];
+	var min = 0;
+	var max = 0;
+	for(var t=0; t<params.length; t++)
+		{
+		var v = parseInt(params[t]);
+		if(v < min)
+			min = v;
+		if(v > max)
+			max = v;
+		data.push(v);
+		}
+	if(data.length < 1)
+		return;
+	var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+	box.title = data.join(",");
+	var w = box.offsetWidth;
+	var h = box.offsetHeight;
+	box.style.paddingRight = (data.length * 2 - w) + "px";
+	box.style.position = "relative";
+	for(var d=0; d<data.length; d++)
+		{
+		var tick = document.createElement("img");
+		tick.border = 0;
+		tick.className = "sparktick";
+		tick.style.position = "absolute";
+		tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+		tick.style.left = d*2 + "px";
+		tick.style.width = "2px";
+		var v = Math.floor(((data[d] - min)/(max-min)) * h);
+		tick.style.top = (h-v) + "px";
+		tick.style.height = v + "px";
+		box.appendChild(tick);
+		}
+}
+
+config.macros.tabs.handler = function(place,macroName,params)
+{
+	var cookie = params[0];
+	var numTabs = (params.length-1)/3;
+	var wrapper = createTiddlyElement(null,"div",null,cookie);
+	var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+	tabset.setAttribute("cookie",cookie);
+	var validTab = false;
+	for(var t=0; t<numTabs; t++)
+		{
+		var label = params[t*3+1];
+		var prompt = params[t*3+2];
+		var content = params[t*3+3];
+		var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+		tab.setAttribute("tab",label);
+		tab.setAttribute("content",content);
+		tab.title = prompt;
+		if(config.options[cookie] == label)
+			validTab = true;
+		}
+	if(!validTab)
+		config.options[cookie] = params[1];
+	place.appendChild(wrapper);
+	this.switchTab(tabset,config.options[cookie]);
+}
+
+config.macros.tabs.onClickTab = function(e)
+{
+	config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+	return false;
+}
+
+config.macros.tabs.switchTab = function(tabset,tab)
+{
+	var cookie = tabset.getAttribute("cookie");
+	var theTab = null
+	var nodes = tabset.childNodes;
+	for(var t=0; t<nodes.length; t++)
+		if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+			{
+			theTab = nodes[t];
+			theTab.className = "tab tabSelected";
+			}
+		else
+			nodes[t].className = "tab tabUnselected"
+	if(theTab)
+		{
+		if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+			tabset.parentNode.removeChild(tabset.nextSibling);
+		var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+		tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+		var contentTitle = theTab.getAttribute("content");
+		wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+		if(cookie)
+			{
+			config.options[cookie] = tab;
+			saveOptionCookie(cookie);
+			}
+		}
+}
+
+// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
+config.macros.gradient.handler = function(place,macroName,params,wikifier)
+{
+	var terminator = ">>";
+	var panel;
+	if(wikifier)
+		panel = createTiddlyElement(place,"div",null,"gradient");
+	else
+		panel = place;
+	panel.style.position = "relative";
+	panel.style.overflow = "hidden";
+	panel.style.zIndex = "0";
+	var t;
+	if(wikifier)
+		{
+		var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+		config.formatterHelpers.applyCssHelper(panel,styles);
+		}
+	var colours = [];
+	for(t=1; t<params.length; t++)
+		{
+		var c = new RGB(params[t]);
+		if(c)
+			colours.push(c);
+		}
+	drawGradient(panel,params[0] != "vert",colours);
+	if(wikifier)
+		wikifier.subWikify(panel,terminator);
+	if(document.all)
+		{
+		panel.style.height = "100%";
+		panel.style.width = "100%";
+		}
+}
+
+config.macros.message.handler = function(place,macroName,params)
+{
+	if(params[0])
+		{
+		var m = config;
+		var p = params[0].split(".");
+		for(var t=0; t<p.length; t++)
+			{
+			if(p[t] in m)
+				m = m[p[t]];
+			else
+				break;
+			}
+		createTiddlyText(place,m.toString().format(params.splice(1)));
+		}
+}
+
+config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if((tiddler instanceof Tiddler) && params[0])
+		{
+		var value = store.getValue(tiddler,params[0]);
+		if(value != undefined)
+			switch(params[1])
+				{
+				case undefined:
+					highlightify(value,place,highlightHack);
+					break;
+				case "link":
+					createTiddlyLink(place,value,true);
+					break;
+				case "wikified":
+					wikify(value,place,highlightHack,tiddler);
+					break;
+				case "date":
+					value = Date.convertFromYYYYMMDDHHMM(value);
+					if(params[2])
+						createTiddlyText(place,value.formatString(params[2]));
+					else
+						createTiddlyText(place,value);
+					break;
+				}
+		}
+}
+
+config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	var field = params[0];
+	if((tiddler instanceof Tiddler) && field)
+		{
+		story.setDirty(tiddler.title,true);
+		if(field != "text")
+			{
+				var e = createTiddlyElement(null,"input");
+				if(tiddler.isReadOnly())
+					e.setAttribute("readOnly","readOnly");
+				e.setAttribute("edit",field);
+				e.setAttribute("type","text");
+				var v = store.getValue(tiddler,field);
+				if(!v) 
+					v = "";
+				e.value = v;
+				e.setAttribute("size","40");
+				e.setAttribute("autocomplete","off");
+				place.appendChild(e);
+			}
+		else
+			{
+				var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+				var wrapper2 = createTiddlyElement(wrapper1,"div");
+				var e = createTiddlyElement(wrapper2,"textarea");
+				if(tiddler.isReadOnly())
+					e.setAttribute("readOnly","readOnly");
+				var v = store.getValue(tiddler,field);
+				if(!v) 
+					v = "";
+				e.value = v;
+				var rows = 10;
+				var lines = v.match(/\n/mg);
+				var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+				if(lines != null && lines.length > rows)
+					rows = lines.length + 5;
+				rows = Math.min(rows,maxLines);
+				e.setAttribute("rows",rows);
+				e.setAttribute("edit",field);
+				place.appendChild(wrapper1);
+			}
+		}
+}
+
+config.macros.tagChooser.onClick = function(e)
+{
+	if(!e) var e = window.event;
+	var lingo = config.views.editor.tagChooser;
+	var popup = Popup.create(this);
+	var tags = store.getTags();
+	if(tags.length == 0)
+		createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+	for(var t=0; t<tags.length; t++)
+		{
+		var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+		theTag.setAttribute("tag",tags[t][0]);
+		theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+		}
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if(e.stopPropagation) e.stopPropagation();
+	return(false);
+}
+
+config.macros.tagChooser.onTagClick = function(e)
+{
+	if(!e) var e = window.event;
+	var tag = this.getAttribute("tag");
+	var title = this.getAttribute("tiddler");
+	if(!readOnly)
+		story.setTiddlerTag(title,tag,0);
+	return(false);
+}
+
+config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(tiddler instanceof Tiddler)
+		{
+		var title = tiddler.title;
+		var lingo = config.views.editor.tagChooser;
+		var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+		btn.setAttribute("tiddler", title);
+		}
+}
+
+// Create a toolbar command button
+// place - parent DOM element
+// command - reference to config.commands[] member -or- name of member
+// tiddler - reference to tiddler that toolbar applies to
+// theClass - the class to give the button
+config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
+{
+	if(typeof commandName != "string")
+		{
+		var c = null;
+		for(var t in config.commands)
+			if(config.commands[t] == commandName)
+				c = t;
+		commandName = c;
+		}
+	if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+		{
+		var title = tiddler.title;
+		var command = config.commands[commandName];
+		var ro = tiddler.isReadOnly();
+		var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+		var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+		var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+		if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+			{
+			var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+			btn.setAttribute("commandName", commandName);
+			btn.setAttribute("tiddler", title);
+			if(theClass)
+				addClass(btn,theClass);
+			place.appendChild(btn);
+			}
+		}
+}
+
+config.macros.toolbar.onClickCommand = function(e)
+{
+	if(!e) var e = window.event;
+	var command = config.commands[this.getAttribute("commandName")];
+	return command.handler(e,this,this.getAttribute("tiddler"));
+}
+
+// Invoke the first command encountered from a given place that is tagged with a specified class
+config.macros.toolbar.invokeCommand = function(place,theClass,event)
+{
+	var children = place.getElementsByTagName("a")
+	for(var t=0; t<children.length; t++)
+		{
+		var c = children[t];
+		if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+			{
+			if(c.onclick instanceof Function)
+				c.onclick.call(c,event);
+			break;
+			}
+		}
+}
+
+config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	for(var t=0; t<params.length; t++)
+		{
+		var c = params[t];
+		var theClass = "";
+		switch(c.substr(0,1))
+			{
+			case "+":
+				theClass = "defaultCommand";
+				c = c.substr(1);
+				break;
+			case "-":
+				theClass = "cancelCommand";
+				c = c.substr(1);
+				break;
+			}
+		if(c in config.commands)
+			this.createCommand(place,c,tiddler,theClass);
+		}
+}
+
+config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	var e = createTiddlyElement(place,"div");
+	e.setAttribute("refresh","macro");
+	e.setAttribute("macroName","plugins");
+	e.setAttribute("params",paramString);
+	this.refresh(e,paramString);
+}
+
+config.macros.plugins.refresh = function(place,params)
+{
+	var selectedRows = [];
+	ListView.forEachSelector(place,function(e,rowName) {
+			if(e.checked)
+				selectedRows.push(e.getAttribute("rowName"));
+		});
+	removeChildren(place);
+	params = params.parseParams("anon");
+	var plugins = installedPlugins.slice(0);
+	var t,tiddler,p;
+	var configTiddlers = store.getTaggedTiddlers("systemConfig");
+	for(t=0; t<configTiddlers.length; t++)
+		{
+		tiddler = configTiddlers[t];
+		if(plugins.findByField("title",tiddler.title) == null)
+			{
+			p = getPluginInfo(tiddler);
+			p.executed = false;
+			p.log.splice(0,0,this.skippedText);
+			plugins.push(p);
+			}
+		}
+	for(t=0; t<plugins.length; t++)
+		{
+		var p = plugins[t];
+		p.forced = p.tiddler.isTagged("systemConfigForce");
+		p.disabled = p.tiddler.isTagged("systemConfigDisable");
+		p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+		}
+	if(plugins.length == 0)
+		createTiddlyElement(place,"em",null,null,this.noPluginText);
+	else
+		ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+}
+
+config.macros.plugins.onSelectCommand = function(command,rowNames)
+{
+	var t;
+	switch(command)
+		{
+		case "remove":
+			for(t=0; t<rowNames.length; t++)
+				store.setTiddlerTag(rowNames[t],false,"systemConfig");
+			break;
+		case "delete":
+			if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+				{
+				for(t=0; t<rowNames.length; t++)
+					{
+					store.removeTiddler(rowNames[t]);
+					story.closeTiddler(rowNames[t],true,false);
+					}
+				}
+			break;
+		}
+	if(config.options.chkAutoSave)
+		saveChanges(true);
+}
+
+config.macros.refreshDisplay.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.refreshDisplay.onClick = function(e)
+{
+	refreshAll();
+	return false;
+}
+
+config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(readOnly)
+		{
+		createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+		return;
+		}
+	var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+	createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+	createTiddlyElement(importer,"h2",null,"step1",this.step1);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	createTiddlyText(step,this.step1prompt);
+	var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+	input.type = "text";
+	input.size = 50;
+	step.appendChild(input);
+	importer.inputBox = input;
+	createTiddlyElement(step,"br");
+	createTiddlyText(step,this.step1promptFile);
+	var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+	fileInput.type = "file";
+	fileInput.size = 50;
+	fileInput.onchange = this.onBrowseChange;
+	fileInput.onkeyup = this.onBrowseChange;
+	step.appendChild(fileInput);
+	createTiddlyElement(step,"br");
+	createTiddlyText(step,this.step1promptFeeds);
+	var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+	createTiddlyDropDown(step,this.onFeedChange,feeds);
+	createTiddlyElement(step,"br");
+	createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+        place.appendChild(importer);
+}
+
+config.macros.importTiddlers.getFeeds = function(feeds)
+{
+	var tagged = store.getTaggedTiddlers("contentPublisher","title");
+	for(var t=0; t<tagged.length; t++)
+		feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+	return feeds;
+}
+
+config.macros.importTiddlers.onFeedChange = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	importer.inputBox.value = this.value;
+	this.selectedIndex = 0;
+}
+
+config.macros.importTiddlers.onBrowseChange = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	importer.inputBox.value = "file://" + this.value;
+}
+
+config.macros.importTiddlers.onFetch = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	var url = importer.inputBox.value;
+	var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+	while(cutoff)
+		{
+		var temp = cutoff.nextSibling;
+		cutoff.parentNode.removeChild(cutoff);
+		cutoff = temp;
+		}
+	createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+	loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+}
+
+config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
+{
+	if(!status)
+		{
+		displayMessage(this.fetchError);
+		return;
+		}
+	var importer = params;
+	// Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//	var p = importer;
+//	while(p.parentNode)
+//		p = p.parentNode;
+//	if(!(p instanceof HTMLDocument))
+//		return;
+	// Crack out the content - (should be refactored)
+	var posOpeningDiv = responseText.indexOf(startSaveArea);
+	var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+	var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+	if((posOpeningDiv == -1) || (posClosingDiv == -1))
+		{
+		alert(config.messages.invalidFileError.format([url]));
+		return;
+		}
+	var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+	// Create the iframe
+	var iframe = document.createElement("iframe");
+	iframe.style.display = "none";
+	importer.insertBefore(iframe,importer.firstChild);
+	var doc = iframe.document;
+	if(iframe.contentDocument)
+		doc = iframe.contentDocument; // For NS6
+	else if(iframe.contentWindow)
+		doc = iframe.contentWindow.document; // For IE5.5 and IE6
+	// Put the content in the iframe
+	doc.open();
+	doc.writeln(content);
+	doc.close();
+	// Load the content into a TiddlyWiki() object
+	var storeArea = doc.getElementById("storeArea");
+	var importStore = new TiddlyWiki();
+	importStore.loadFromDiv(storeArea,"store");
+	// Get rid of the iframe
+	iframe.parentNode.removeChild(iframe);
+	// Extract data for the listview
+	var tiddlers = [];
+	importStore.forEachTiddler(function(title,tiddler)
+		{
+		var t = {};
+		t.title = title;
+		t.modified = tiddler.modified;
+		t.modifier = tiddler.modifier;
+		t.text = tiddler.text.substr(0,50);
+		t.tags = tiddler.tags;
+		tiddlers.push(t);
+		});
+	// Display the listview
+	createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+	// Save the importer
+	importer.store = importStore;
+}
+
+config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
+{
+	var importer = findRelated(listView,"importTiddler","className","parentNode");
+	switch(command)
+		{
+		case "import":
+			config.macros.importTiddlers.doImport(importer,rowNames);
+			break;
+		}
+	if(config.options.chkAutoSave)
+		saveChanges(true);
+}
+
+config.macros.importTiddlers.doImport = function(importer,rowNames)
+{
+	var theStore = importer.store;
+	var overwrite = new Array();
+	var t;
+	for(t=0; t<rowNames.length; t++)
+		{
+		if(store.tiddlerExists(rowNames[t]))
+			overwrite.push(rowNames[t]);
+	}
+	if(overwrite.length > 0)
+		if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+			return;
+	for(t=0; t<rowNames.length; t++)
+		{
+		var inbound = theStore.fetchTiddler(rowNames[t]);
+		store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+		store.fetchTiddler(inbound.title).created = inbound.created;
+		store.notify(rowNames[t],false);
+		}
+	store.notifyAll();
+	store.setDirty(true);
+	createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	for(t=0; t<rowNames.length; t++)
+		{
+		createTiddlyLink(step,rowNames[t],true);
+		createTiddlyElement(step,"br");
+		}
+	createTiddlyElement(importer,"h2",null,"step5",this.step5);
+}
+// ---------------------------------------------------------------------------------
+// Menu and toolbar commands
+// ---------------------------------------------------------------------------------
+
+config.commands.closeTiddler.handler = function(event,src,title)
+{
+	story.closeTiddler(title,true,event.shiftKey || event.altKey);
+	return false;
+}
+
+config.commands.closeOthers.handler = function(event,src,title)
+{
+	story.closeAllTiddlers(title);
+	return false;
+}
+
+config.commands.editTiddler.handler = function(event,src,title)
+{
+	clearMessage();
+	story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+	story.focusTiddler(title,"text");
+	return false;
+}
+
+config.commands.saveTiddler.handler = function(event,src,title)
+{
+	var newTitle = story.saveTiddler(title,event.shiftKey);
+	if(newTitle)
+	   story.displayTiddler(null,newTitle);
+	return false;
+}
+
+config.commands.cancelTiddler.handler = function(event,src,title)
+{
+	if(story.hasChanges(title) && !readOnly)
+		if(!confirm(this.warning.format([title])))
+			return false;
+	story.setDirty(title,false);
+	story.displayTiddler(null,title);
+	return false;
+}
+
+config.commands.deleteTiddler.handler = function(event,src,title)
+{
+	var deleteIt = true;
+	if (config.options.chkConfirmDelete)
+		deleteIt = confirm(this.warning.format([title]));
+	if (deleteIt)
+		{
+		store.removeTiddler(title);
+		story.closeTiddler(title,true,event.shiftKey || event.altKey);
+		if(config.options.chkAutoSave)
+			saveChanges();
+		}
+	return false;
+}
+
+config.commands.permalink.handler = function(event,src,title)
+{
+	var t = encodeURIComponent(String.encodeTiddlyLink(title));
+	if(window.location.hash != t)
+		window.location.hash = t;
+	return false;
+}
+
+config.commands.references.handler = function(event,src,title)
+{
+	var popup = Popup.create(src);
+	if(popup)
+		{
+		var references = store.getReferringTiddlers(title);
+		var c = false;
+		for(var r=0; r<references.length; r++)
+			if(references[r].title != title && !references[r].isTagged("excludeLists"))
+				{
+				createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+				c = true;
+				}
+		if(!c)
+			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+		}
+	Popup.show(popup,false);
+	event.cancelBubble = true;
+	if (event.stopPropagation) event.stopPropagation();
+	return false;
+}
+
+config.commands.jump.handler = function(event,src,title)
+{
+	var popup = Popup.create(src);
+	if(popup)
+		{
+		story.forEachTiddler(function(title,element) {
+			createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+			});
+		}
+	Popup.show(popup,false);
+	event.cancelBubble = true;
+	if (event.stopPropagation) event.stopPropagation();
+	return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Tiddler() object
+// ---------------------------------------------------------------------------------
+
+function Tiddler()
+{
+	this.title = null;
+	this.text = null;
+	this.modifier = null;
+	this.modified = new Date();
+	this.created = new Date();
+	this.links = [];
+	this.linksUpdated = false;
+	this.tags = [];
+	return this;
+}
+
+Tiddler.prototype.getLinks = function()
+{
+	if(this.linksUpdated==false)
+		this.changed();
+	return this.links;
+}
+
+// Format the text for storage in an RSS item
+Tiddler.prototype.saveToRss = function(url)
+{
+	var s = [];
+	s.push("<item>");
+	s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+	s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+	for(var t=0; t<this.tags.length; t++)
+		s.push("<category>" + this.tags[t] + "</category>");
+	s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+	s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+	s.push("</item>");
+	return(s.join("\n"));
+}
+
+// Change the text and other attributes of a tiddler
+Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
+{
+	this.assign(title,text,modifier,modified,tags,created,fields);
+	this.changed();
+	return this;
+}
+
+// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
+Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
+{
+	if(title != undefined)
+		this.title = title;
+	if(text != undefined)
+		this.text = text;
+	if(modifier != undefined)
+		this.modifier = modifier;
+	if(modified != undefined)
+		this.modified = modified;
+	if(created != undefined)
+		this.created = created;
+	if(fields != undefined)
+		this.fields = fields;
+	if(tags != undefined)
+		this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+	else if(this.tags == undefined)
+		this.tags = [];
+	return this;
+}
+
+// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
+Tiddler.prototype.getTags = function()
+{
+	return String.encodeTiddlyLinkList(this.tags);
+}
+
+// Test if a tiddler carries a tag
+Tiddler.prototype.isTagged = function(tag)
+{
+	return this.tags.indexOf(tag) != -1;
+}
+
+// Static method to convert "\n" to newlines, "\s" to "\"
+Tiddler.unescapeLineBreaks = function(text)
+{
+	return text ? text.unescapeLineBreaks() : "";
+}
+
+// Convert newlines to "\n", "\" to "\s"
+Tiddler.prototype.escapeLineBreaks = function()
+{
+	return this.text.escapeLineBreaks();
+}
+
+// Updates the secondary information (like links[] array) after a change to a tiddler
+Tiddler.prototype.changed = function()
+{
+	this.links = [];
+	var t = this.autoLinkWikiWords() ? 0 : 1;
+	var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+	tiddlerLinkRegExp.lastIndex = 0;
+	var formatMatch = tiddlerLinkRegExp.exec(this.text);
+	while(formatMatch)
+		{
+		if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+			{
+			if(formatMatch.index > 0)
+				{
+				var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+				preRegExp.lastIndex = formatMatch.index-1;
+				var preMatch = preRegExp.exec(this.text);
+				if(preMatch.index != formatMatch.index-1)
+					this.links.pushUnique(formatMatch[1]);
+				}
+			else
+				this.links.pushUnique(formatMatch[1]);
+			}
+		else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+			this.links.pushUnique(formatMatch[3-t]);
+		else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+			this.links.pushUnique(formatMatch[4-t]);
+		// Do not add link if match urlPattern (formatMatch[5-t])
+		formatMatch = tiddlerLinkRegExp.exec(this.text);
+		}
+	this.linksUpdated = true;
+	return;
+}
+
+Tiddler.prototype.getSubtitle = function()
+{
+	var theModifier = this.modifier;
+	if(!theModifier)
+		theModifier = config.messages.subtitleUnknown;
+	var theModified = this.modified;
+	if(theModified)
+		theModified = theModified.toLocaleString();
+	else
+		theModified = config.messages.subtitleUnknown;
+	return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+}
+
+Tiddler.prototype.isReadOnly = function()
+{
+	return readOnly;
+}
+
+Tiddler.prototype.autoLinkWikiWords = function()
+{
+	return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+}
+
+Tiddler.prototype.generateFingerprint = function()
+{
+	return "0x" + Crypto.hexSha1Str(this.text);
+}
+
+// ---------------------------------------------------------------------------------
+// TiddlyWiki() object contains Tiddler()s
+// ---------------------------------------------------------------------------------
+
+function TiddlyWiki()
+{
+	var tiddlers = {}; // Hashmap by name of tiddlers
+	this.tiddlersUpdated = false;
+	this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+	this.notificationLevel = 0;
+	this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+	this.clear = function() {
+		tiddlers = {};
+		this.setDirty(false);
+		};
+	this.fetchTiddler = function(title) {
+		return tiddlers[title];
+		};
+	this.deleteTiddler = function(title) {
+		delete this.slices[title];
+		delete tiddlers[title];
+		};
+	this.addTiddler = function(tiddler) {
+		delete this.slices[tiddler.title];
+		tiddlers[tiddler.title] = tiddler;
+		};
+	this.forEachTiddler = function(callback) {
+		for(var t in tiddlers)
+			{
+			var tiddler = tiddlers[t];
+			if(tiddler instanceof Tiddler)
+				callback.call(this,t,tiddler);
+			}
+		};
+}
+
+// Set the dirty flag
+TiddlyWiki.prototype.setDirty = function(dirty)
+{
+	this.dirty = dirty;
+}
+
+TiddlyWiki.prototype.isDirty = function()
+{
+	return this.dirty;
+}
+
+TiddlyWiki.prototype.suspendNotifications = function()
+{
+	this.notificationLevel--;
+}
+
+TiddlyWiki.prototype.resumeNotifications = function()
+{
+	this.notificationLevel++;
+}
+
+// Invoke the notification handlers for a particular tiddler
+TiddlyWiki.prototype.notify = function(title,doBlanket)
+{
+	if(!this.notificationLevel)
+		for(var t=0; t<this.namedNotifications.length; t++)
+			{
+			var n = this.namedNotifications[t];
+			if((n.name == null && doBlanket) || (n.name == title))
+				n.notify(title);
+			}
+}
+
+// Invoke the notification handlers for all tiddlers
+TiddlyWiki.prototype.notifyAll = function()
+{
+	if(!this.notificationLevel)
+		for(var t=0; t<this.namedNotifications.length; t++)
+			{
+			var n = this.namedNotifications[t];
+			if(n.name)
+				n.notify(n.name);
+			}
+}
+
+// Add a notification handler to a tiddler
+TiddlyWiki.prototype.addNotification = function(title,fn)
+{
+	for (var i=0; i<this.namedNotifications.length; i++)
+		if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+			return this;
+	this.namedNotifications.push({name: title, notify: fn});
+	return this;
+}
+
+TiddlyWiki.prototype.removeTiddler = function(title)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		{
+		this.deleteTiddler(title);
+		this.notify(title,true);
+		this.setDirty(true);
+		}
+}
+
+TiddlyWiki.prototype.tiddlerExists = function(title)
+{
+	var t = this.fetchTiddler(title);
+	return (t != undefined);
+}
+
+TiddlyWiki.prototype.isShadowTiddler = function(title)
+{
+	return typeof config.shadowTiddlers[title] == "string";
+}
+
+TiddlyWiki.prototype.getTiddler = function(title)
+{
+	var t = this.fetchTiddler(title);
+	if(t != undefined)
+		return t;
+	else
+		return null;
+}
+
+TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		return tiddler.text;
+	if(!title)
+		return defaultText;
+	var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+	if(pos != -1)
+		{
+		var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+		if(slice)
+			return slice;
+		}
+	if(this.isShadowTiddler(title))
+		return config.shadowTiddlers[title];
+	if(defaultText != undefined)
+		return defaultText;
+	return null;
+}
+
+TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
+
+// @internal
+TiddlyWiki.prototype.calcAllSlices = function(title) 
+{
+	var slices = {};
+	var text = this.getTiddlerText(title,"");
+	this.slicesRE.lastIndex = 0;
+	do 
+		{
+			var m = this.slicesRE.exec(text);
+			if (m) 
+				{
+					if (m[1])
+						slices[m[1]] = m[2];
+					else
+						slices[m[3]] = m[4];
+				}
+		}
+	while(m);
+	return slices;
+}
+
+// Returns the slice of text of the given name
+//#
+//# A text slice is a substring in the tiddler's text that is defined
+//# either like this
+//#    aName:  textSlice
+//# or
+//#    |aName:| textSlice |
+//# or
+//#    |aName| textSlice |
+//#
+//# In the text the name (or name:) may be decorated with '' or //. I.e.
+//# this would also a possible text slice:
+//#
+//#    |''aName:''| textSlice |
+//#
+//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
+//# @return [may be undefined] the (trimmed) text of the specified slice.
+TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
+{
+	var slices = this.slices[title];
+	if (!slices) {
+		slices = this.calcAllSlices(title);
+		this.slices[title] = slices;
+	}
+	return slices[sliceName];
+}
+
+// Build an hashmap of the specified named slices of a tiddler
+TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
+{
+	var r = {};
+	for(var t=0; t<sliceNames.length; t++)
+		{
+		var slice = this.getTiddlerSlice(title,sliceNames[t]);
+		if(slice)
+			r[sliceNames[t]] = slice;
+		}
+	return r;
+}
+
+TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
+{
+	var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+	var text = this.getTiddlerText(title,null);
+	if(text == null)
+		return defaultText;
+	var textOut = [];
+	var lastPos = 0;
+	do {
+		var match = bracketRegExp.exec(text);
+		if(match)
+			{
+			textOut.push(text.substr(lastPos,match.index-lastPos));
+			if(match[1])
+				{
+				if(depth <= 0)
+					textOut.push(match[1]);
+				else
+					textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+				}
+			lastPos = match.index + match[0].length;
+			}
+		else
+			textOut.push(text.substr(lastPos));
+	} while(match);
+	return(textOut.join(""));
+}
+
+TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		{
+		var t = tiddler.tags.indexOf(tag);
+		if(t != -1)
+			tiddler.tags.splice(t,1);
+		if(status)
+			tiddler.tags.push(tag);
+		tiddler.changed();
+		this.notify(title,true);
+		this.setDirty(true);
+		}
+}
+
+TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
+{
+	var tiddler = this.fetchTiddler(title);
+	var created;
+	if(tiddler)
+		{
+		created = tiddler.created; // Preserve created date
+		this.deleteTiddler(title);
+		}
+	else
+		{
+		tiddler = new Tiddler();
+		created = modified;
+		}
+	tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+	this.addTiddler(tiddler);
+	if(title != newTitle)
+		this.notify(title,true);
+	this.notify(newTitle,true);
+	this.setDirty(true);
+	return tiddler;
+}
+
+TiddlyWiki.prototype.createTiddler = function(title)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(!tiddler)
+		{
+		tiddler = new Tiddler();
+		tiddler.title = title;
+		this.addTiddler(tiddler);
+		this.setDirty(true);
+		}
+	return tiddler;
+}
+
+// Load contents of a tiddlywiki from an HTML DIV
+TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
+{
+	this.idPrefix = idPrefix;
+	var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+	var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+	this.setDirty(false);
+	if(!noUpdate)
+		{
+		for(var i = 0;i<tiddlers.length; i++)
+			tiddlers[i].changed();
+		}
+}
+
+TiddlyWiki.prototype.updateTiddlers = function()
+{
+	this.tiddlersUpdated = true;
+	this.forEachTiddler(function(title,tiddler) {
+		tiddler.changed();
+		});
+}
+
+// Return all tiddlers formatted as an HTML string
+TiddlyWiki.prototype.allTiddlersAsHtml = function()
+{
+	return store.getSaver().externalize(store);
+}
+
+// Return an array of tiddlers matching a search regular expression
+TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
+{
+	var candidates = this.reverseLookup("tags",excludeTag,false);
+	var results = [];
+	for(var t=0; t<candidates.length; t++)
+		{
+		if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+			results.push(candidates[t]);
+		}
+	if(!sortField)
+		sortField = "title";
+	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+	return results;
+}
+
+// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
+TiddlyWiki.prototype.getTags = function()
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		for(var g=0; g<tiddler.tags.length; g++)
+			{
+			var tag = tiddler.tags[g];
+			var f = false;
+			for(var c=0; c<results.length; c++)
+				if(results[c][0] == tag)
+					{
+					f = true;
+					results[c][1]++;
+					}
+			if(!f)
+				results.push([tag,1]);
+			}
+		});
+	results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+	return results;
+}
+
+// Return an array of the tiddlers that are tagged with a given tag
+TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
+{
+	return this.reverseLookup("tags",tag,true,sortField);
+}
+
+// Return an array of the tiddlers that link to a given tiddler
+TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
+{
+	if(!this.tiddlersUpdated)
+		this.updateTiddlers();
+	return this.reverseLookup("links",title,true,sortField);
+}
+
+// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
+// lookupMatch == true to match tiddlers, false to exclude tiddlers
+TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		var f = !lookupMatch;
+		for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+			if(tiddler[lookupField][lookup] == lookupValue)
+				f = lookupMatch;
+		if(f)
+			results.push(tiddler);
+		});
+	if(!sortField)
+		sortField = "title";
+	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+	return results;
+}
+
+// Return the tiddlers as a sorted array
+TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+			results.push(tiddler);
+		});
+	if(field)
+		results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+	return results;
+}
+
+// Return array of names of tiddlers that are referred to but not defined
+TiddlyWiki.prototype.getMissingLinks = function(sortField)
+{
+	if(!this.tiddlersUpdated)
+		this.updateTiddlers();
+	var results = [];
+	this.forEachTiddler(function (title,tiddler) {
+		for(var n=0; n<tiddler.links.length;n++)
+			{
+			var link = tiddler.links[n];
+			if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+				results.pushUnique(link);
+			}
+		});
+	results.sort();
+	return results;
+}
+
+// Return an array of names of tiddlers that are defined but not referred to
+TiddlyWiki.prototype.getOrphans = function()
+{
+	var results = [];
+	this.forEachTiddler(function (title,tiddler) {
+		if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+			results.push(title);
+		});
+	results.sort();
+	return results;
+}
+
+// Return an array of names of all the shadow tiddlers
+TiddlyWiki.prototype.getShadowed = function()
+{
+	var results = [];
+	for(var t in config.shadowTiddlers)
+		if(typeof config.shadowTiddlers[t] == "string")
+			results.push(t);
+	results.sort();
+	return results;
+}
+
+// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
+TiddlyWiki.prototype.resolveTiddler = function(tiddler) 
+{
+	var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+	return t instanceof Tiddler ? t : null;
+}
+
+TiddlyWiki.prototype.getLoader = function() 
+{
+	if (!this.loader) 
+		this.loader = new TW21Loader();
+	return this.loader;
+}
+ 
+TiddlyWiki.prototype.getSaver = function() 
+{
+	if (!this.saver) 
+		this.saver = new TW21Saver();
+	return this.saver;
+}
+
+// Returns true if path is a valid field name (path),
+// i.e. a sequence of identifiers, separated by '.'
+TiddlyWiki.isValidFieldName = function (name) {
+	var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+	return match && (match[0] == name);
+}
+
+// Throws an exception when name is not a valid field name.
+TiddlyWiki.checkFieldName = function(name) {
+	if (!TiddlyWiki.isValidFieldName(name))
+		throw config.messages.invalidFieldName.format([name]);
+}
+
+function StringFieldAccess(n, readOnly) {
+	this.set = readOnly 
+		? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+		: function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+	this.get = function(t) {return t[n];};
+}
+
+function DateFieldAccess(n) {
+	this.set = function(t,v) {
+			var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v); 
+			if (d != t[n]) {
+				t[n] = d; return true;
+			}
+		};
+	this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+}
+
+function LinksFieldAccess(n) {
+	this.set = function(t,v) {
+			var s = (typeof v == "string") ? v.readBracketedList() : v; 
+			if (s.toString() != t[n].toString()) {
+				t[n] = s; return true;
+			}
+		};
+	this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+}
+
+TiddlyWiki.standardFieldAccess = {
+	// The set functions return true when setting the data has changed the value.
+	
+	"title":    new StringFieldAccess("title", true),
+	// Handle the "tiddler" field name as the title
+	"tiddler":  new StringFieldAccess("title", true),
+	
+	"text":     new StringFieldAccess("text"),
+	"modifier": new StringFieldAccess("modifier"),
+	"modified": new DateFieldAccess("modified"),
+	"created":  new DateFieldAccess("created"),
+	"tags":     new LinksFieldAccess("tags")
+};
+
+TiddlyWiki.isStandardField = function(name) {
+	return TiddlyWiki.standardFieldAccess[name] != undefined;
+}
+
+// Sets the value of the given field of the tiddler to the value. 
+// Setting an ExtendedField's value to null or undefined removes the field. 
+// Setting a namespace to undefined removes all fields of that namespace.
+// The fieldName is case-insensitive.
+// All values will be converted to a string value.
+TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
+	TiddlyWiki.checkFieldName(fieldName);
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return;
+		
+	fieldName = fieldName.toLowerCase();
+
+	var isRemove = (value === undefined) || (value === null);
+
+	if (!t.fields) 
+		t.fields = {};
+		
+	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+	if (accessor) {
+		if (isRemove)
+			// don't remove StandardFields
+			return;
+		var h = TiddlyWiki.standardFieldAccess[fieldName];
+		if (!h.set(t, value))
+			return;
+
+	} else {
+		var oldValue = t.fields[fieldName];
+		
+		if (isRemove) {
+			if (oldValue !== undefined) {
+				// deletes a single field
+				delete t.fields[fieldName];
+			} else {
+				// no concrete value is defined for the fieldName
+				// so we guess this is a namespace path.
+				
+				// delete all fields in a namespace
+				var re = new RegExp('^'+fieldName+'\\.');
+				var dirty = false;
+				for (var n in t.fields) {
+					if (n.match(re)) {
+						delete t.fields[n];
+						dirty = true;
+					}
+				}
+				if (!dirty)
+					return
+			}
+				
+		} else {
+			// the "normal" set case. value is defined (not null/undefined)
+			// For convenience provide a nicer conversion Date->String
+ 			value = value instanceof Date 
+				? value.convertToYYYYMMDDHHMMSSMMM() 
+				: String(value);
+			if (oldValue == value) 
+				return;
+			t.fields[fieldName] = value;
+		}
+	}
+	
+	// When we are here the tiddler/store really was changed.
+	this.notify(t.title,true);
+	if (!fieldName.match(/^temp\./))
+		this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler. 
+// The fieldName is case-insensitive.
+// Will only return String values (or undefined).
+TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return undefined;
+
+	fieldName = fieldName.toLowerCase();
+
+	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+	if (accessor) {
+		return accessor.get(t);
+	}
+	
+	return t.fields ? t.fields[fieldName] : undefined;
+}
+
+// Calls the callback function for every field in the tiddler.
+//
+// When callback function returns a non-false value the iteration stops 
+// and that value is returned. 
+//
+// The order of the fields is not defined.
+// 
+// @param callback a function(tiddler, fieldName, value). 
+// 
+TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return undefined;
+	
+	if (t.fields) {
+		for (var n in t.fields) {
+			var result = callback(t, n, t.fields[n]);
+			if (result)
+				return result;
+		}
+	}
+	
+	if (onlyExtendedFields)
+		return undefined;
+
+	for (var n in TiddlyWiki.standardFieldAccess) {
+		if (n == "tiddler")
+			// even though the "title" field can also be referenced through the name "tiddler"
+			// we only visit this field once.
+			continue;
+			
+		var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+		if (result)
+			return result;
+	}
+
+	return undefined;
+};
+// ---------------------------------------------------------------------------------
+// Story functions
+// ---------------------------------------------------------------------------------
+
+// A story is a HTML div containing a sequence of tiddlers that can be manipulated
+// container - id of containing element
+// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
+function Story(container,idPrefix)
+{
+	this.container = container;
+	this.idPrefix = idPrefix;
+	this.highlightRegExp = null;
+}
+
+// Iterate through all the tiddlers in a story
+// fn - callback function to be called for each tiddler. Arguments are:
+//		tiddler - reference to Tiddler object
+//		element - reference to tiddler display element
+Story.prototype.forEachTiddler = function(fn)
+{
+	var place = document.getElementById(this.container);
+	if(!place)
+		return;
+	var e = place.firstChild;
+	while(e)
+		{
+		var n = e.nextSibling;
+		var title = e.getAttribute("tiddler");
+		fn.call(this,title,e);
+		e = n;
+		}
+}
+
+// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
+// titles - array of string titles
+Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
+{
+	for(var t = titles.length-1;t>=0;t--)
+		this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+}
+
+// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
+// template, it is switched to the specified template
+// srcElement - reference to element from which this one is being opened -or-
+//              special positions "top", "bottom"
+// title - title of tiddler to display
+// template - the name of the tiddler containing the template -or-
+//			  one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//			  null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
+{
+	var place = document.getElementById(this.container);
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem)
+		this.refreshTiddler(title,template);
+	else
+		{
+		var before = this.positionTiddler(srcElement);
+		tiddlerElem = this.createTiddler(place,before,title,template);
+		}
+	if(srcElement && typeof srcElement !== "string")
+		{
+		if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+			anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+		else
+			window.scrollTo(0,ensureVisible(tiddlerElem));
+		}
+}
+
+// Figure out the appropriate position for a newly opened tiddler
+// srcElement - reference to the element containing the link to the tiddler -or-
+//              special positions "top", "bottom"
+// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
+Story.prototype.positionTiddler = function(srcElement)
+{
+	var place = document.getElementById(this.container);
+	var before;
+	if(typeof srcElement == "string")
+		{
+		switch(srcElement)
+			{
+			case "top":
+				before = place.firstChild;
+				break;
+			case "bottom":
+				before = null;
+				break;
+			}
+		}
+	else
+		{
+		var after = this.findContainingTiddler(srcElement);
+		if(after == null)
+			before = place.firstChild;
+		else if(after.nextSibling)
+			before = after.nextSibling;
+		else
+			before = null;
+		}
+	return before;
+}
+
+// Create a tiddler frame at the appropriate place in a story column
+// place - reference to parent element
+// before - null, or reference to element before which to insert new tiddler
+// title - title of new tiddler
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+Story.prototype.createTiddler = function(place,before,title,template)
+{
+	var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+	tiddlerElem.setAttribute("refresh","tiddler");
+	place.insertBefore(tiddlerElem,before);
+	this.refreshTiddler(title,template);
+	return tiddlerElem;
+}
+
+// Overridable for choosing the name of the template to apply for a tiddler
+Story.prototype.chooseTemplateForTiddler = function(title,template)
+{
+	if(!template)
+		template = DEFAULT_VIEW_TEMPLATE;
+	if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+		template = config.tiddlerTemplates[template];
+	return template;
+}
+
+// Overridable for extracting the text of a template from a tiddler
+Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
+{
+	return store.getRecursiveTiddlerText(template,null,10);
+}
+
+// Apply a template to an existing tiddler if it is not already displayed using that template
+// title - title of tiddler to update
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+// force - if true, forces the refresh even if the template hasn't changedd
+Story.prototype.refreshTiddler = function(title,template,force)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem)
+		{
+		if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+			return tiddlerElem;
+		template = this.chooseTemplateForTiddler(title,template);
+		var currTemplate = tiddlerElem.getAttribute("template");
+		if((template != currTemplate) || force)
+			{
+			var tiddler = store.getTiddler(title);
+			if(!tiddler)
+				{
+				tiddler = new Tiddler();
+				if(store.isShadowTiddler(title))
+					tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+				else
+					{
+					var text = template=="EditTemplate"
+								? config.views.editor.defaultText.format([title])
+								: config.views.wikified.defaultText.format([title]);
+					tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+					}
+				}
+			tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+			tiddlerElem.setAttribute("tiddler",title);
+			tiddlerElem.setAttribute("template",template);
+			var me = this;
+			tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+			tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+			tiddlerElem.ondblclick = this.onTiddlerDblClick;
+			tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+			var html = this.getTemplateForTiddler(title,template,tiddler);
+			tiddlerElem.innerHTML = html;
+			applyHtmlMacros(tiddlerElem,tiddler);
+			if(store.getTaggedTiddlers(title).length > 0)
+				addClass(tiddlerElem,"isTag");
+			else
+				removeClass(tiddlerElem,"isTag");
+			if(!store.tiddlerExists(title))
+				{
+				if(store.isShadowTiddler(title))
+					addClass(tiddlerElem,"shadow");
+				else
+					addClass(tiddlerElem,"missing");
+				}
+			else
+				{
+				removeClass(tiddlerElem,"shadow");
+				removeClass(tiddlerElem,"missing");
+				}
+			}
+		}
+	return tiddlerElem;
+}
+
+// Refresh all tiddlers in the Story
+Story.prototype.refreshAllTiddlers = function() 
+{
+	var place = document.getElementById(this.container);
+	var e = place.firstChild;
+	if(!e)
+		return;
+	this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+	while((e = e.nextSibling) != null) 
+		this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+}
+
+// Default tiddler onmouseover/out event handlers
+Story.prototype.onTiddlerMouseOver = function(e)
+{
+	if(window.addClass instanceof Function)
+		addClass(this,"selected");
+}
+
+Story.prototype.onTiddlerMouseOut = function(e)
+{
+	if(window.removeClass instanceof Function)
+		removeClass(this,"selected");
+}
+
+// Default tiddler ondblclick event handler
+Story.prototype.onTiddlerDblClick = function(e)
+{
+	if(!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+		{
+		if(document.selection && document.selection.empty)
+			document.selection.empty();
+		config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+		e.cancelBubble = true;
+		if (e.stopPropagation) e.stopPropagation();
+		return true;
+		}
+	else
+		return false;
+}
+
+Story.prototype.onTiddlerKeyPress = function(e)
+{
+	if(!e) var e = window.event;
+	clearMessage();
+	var consume = false; 
+	var title = this.getAttribute("tiddler");
+	var target = resolveTarget(e);
+	switch(e.keyCode)
+		{
+		case 9: // Tab
+			if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+				{
+				replaceSelection(target,String.fromCharCode(9));
+				consume = true; 
+				}
+			if(config.isOpera)
+				{
+				target.onblur = function()
+					{
+					this.focus();
+					this.onblur = null;
+					}
+				}
+			break;
+		case 13: // Ctrl-Enter
+		case 10: // Ctrl-Enter on IE PC
+		case 77: // Ctrl-Enter is "M" on some platforms
+			if(e.ctrlKey)
+				{
+				blurElement(this);
+				config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+				consume = true;
+				}
+			break; 
+		case 27: // Escape
+			blurElement(this);
+			config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+			consume = true;
+			break;
+		}
+	e.cancelBubble = consume;
+	if(consume)
+		{
+		if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+		e.returnValue = true; // Cancel The Event in IE
+		if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+		}
+	return(!consume);
+};
+
+// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
+// or null if it found no edit field at all
+Story.prototype.getTiddlerField = function(title,field)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	var e = null;
+	if(tiddlerElem != null)
+		{
+		var children = tiddlerElem.getElementsByTagName("*");
+		for (var t=0; t<children.length; t++)
+			{
+			var c = children[t];
+			if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+				{
+				if(!e)
+					e = c;
+				if(c.getAttribute("edit") == field)
+					e = c;
+				}
+			}
+		}
+	return e;
+}
+
+// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
+Story.prototype.focusTiddler = function(title,field)
+{
+	var e = this.getTiddlerField(title,field);
+	if(e)
+		{
+		e.focus();
+		e.select();
+		}
+}
+
+// Ensures that a specified tiddler does not have the focus
+Story.prototype.blurTiddler = function(title)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+		{
+		tiddlerElem.focus();
+		tiddlerElem.blur();
+		}
+}
+
+// Adds a specified value to the edit controls (if any) of a particular
+// array-formatted field of a particular tiddler (eg "tags")
+//  title - name of tiddler
+//  tag - value of field, without any [[brackets]]
+//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
+//  field - name of field (eg "tags")
+Story.prototype.setTiddlerField = function(title,tag,mode,field)
+{
+	var c = story.getTiddlerField(title,field);
+
+	var tags = c.value.readBracketedList();
+	tags.setItem(tag,mode);
+	c.value = String.encodeTiddlyLinkList(tags);
+}
+
+// The same as setTiddlerField but preset to the "tags" field
+Story.prototype.setTiddlerTag = function(title,tag,mode)
+{
+	Story.prototype.setTiddlerField(title,tag,mode,"tags");
+}
+
+// Close a specified tiddler
+// title - name of tiddler to close
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.closeTiddler = function(title,animate,slowly)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		{
+		clearMessage();
+		this.scrubTiddler(tiddlerElem);
+		if(anim && config.options.chkAnimate && animate)
+			anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+		else
+			tiddlerElem.parentNode.removeChild(tiddlerElem);
+		}
+}
+
+// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
+// does not interfere with things
+// tiddler - reference to the tiddler element
+Story.prototype.scrubTiddler = function(tiddlerElem)
+{
+	tiddlerElem.id = null;
+}
+
+// Set the 'dirty' flag of a tiddler
+// title - title of tiddler to change
+// dirty - new boolean status of flag
+Story.prototype.setDirty = function(title,dirty)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+}
+
+// Is a particular tiddler dirty (with unsaved changes)?
+Story.prototype.isDirty = function(title)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		return tiddlerElem.getAttribute("dirty") == "true";
+	return null;
+}
+
+// Determine whether any open tiddler are dirty
+Story.prototype.areAnyDirty = function()
+{
+	var r = false;
+	this.forEachTiddler(function(title,element) {
+		if(this.isDirty(title))
+			r = true;
+		});
+	return r;
+}
+
+// Close all tiddlers in the story
+Story.prototype.closeAllTiddlers = function(exclude)
+{
+	clearMessage();
+	this.forEachTiddler(function(title,element) {
+		if((title != exclude) && element.getAttribute("dirty") != "true")
+			this.closeTiddler(title);
+		});
+	window.scrollTo(0,0);
+}
+
+// Check if there are any tiddlers in the story
+Story.prototype.isEmpty = function()
+{
+	var place = document.getElementById(this.container);
+	return(place && place.firstChild == null);
+}
+
+// Perform a search and display the result
+// text - text to search for
+// useCaseSensitive - true for case sensitive matching
+// useRegExp - true to interpret text as a RegExp
+Story.prototype.search = function(text,useCaseSensitive,useRegExp)
+{
+	this.closeAllTiddlers();
+	highlightHack = new RegExp(useRegExp ?	 text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+	var matches = store.search(highlightHack,"title","excludeSearch");
+	var titles = [];
+	for(var t=matches.length-1; t>=0; t--)
+		titles.push(matches[t].title);
+	this.displayTiddlers(null,titles);
+	highlightHack = null;
+	var q = useRegExp ? "/" : "'";
+	if(matches.length > 0)
+		displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+	else
+		displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+}
+
+// Determine if the specified element is within a tiddler in this story
+// e - reference to an element
+// returns: reference to a tiddler element or null if none
+Story.prototype.findContainingTiddler = function(e)
+{
+	while(e && !hasClass(e,"tiddler"))
+		e = e.parentNode;
+	return(e);
+}
+
+// Gather any saveable fields from a tiddler element
+// e - reference to an element to scan recursively
+// fields - object to contain gathered field values
+Story.prototype.gatherSaveFields = function(e,fields)
+{
+	if(e && e.getAttribute)
+		{
+		var f = e.getAttribute("edit");
+		if(f)
+			fields[f] = e.value.replace(/\r/mg,"");;
+		if(e.hasChildNodes())
+			{
+			var c = e.childNodes;
+			for(var t=0; t<c.length; t++)
+				this.gatherSaveFields(c[t],fields)
+			}
+		}
+}
+
+// Determine whether a tiddler has any edit fields, and if so if their values have been changed
+// title - name of tiddler
+Story.prototype.hasChanges = function(title)
+{
+	var e = document.getElementById(this.idPrefix + title);
+	if(e != null)
+		{
+		var fields = {};
+		this.gatherSaveFields(e,fields);
+		var tiddler = store.fetchTiddler(title);
+		if (!tiddler)
+			return false;
+		for(var n in fields)
+			if (store.getValue(title,n) != fields[n])
+				return true;
+		}
+	return false;
+}
+
+// Save any open edit fields of a tiddler and updates the display as necessary
+// title - name of tiddler
+// minorUpdate - true if the modified date shouldn't be updated
+// returns: title of saved tiddler, or null if not saved
+Story.prototype.saveTiddler = function(title,minorUpdate)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		{
+		var fields = {};
+		this.gatherSaveFields(tiddlerElem,fields);
+		var newTitle = fields.title ? fields.title : title;
+		if(store.tiddlerExists(newTitle) && newTitle != title)
+			{
+			if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+				this.closeTiddler(newTitle,false,false);
+			else
+				return null;
+			}
+		tiddlerElem.id = this.idPrefix + newTitle;
+		tiddlerElem.setAttribute("tiddler",newTitle);
+		tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+		tiddlerElem.setAttribute("dirty","false");
+		if(config.options.chkForceMinorUpdate)
+			minorUpdate = !minorUpdate;
+		var newDate = new Date();
+		store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+		for (var n in fields) 
+			if (!TiddlyWiki.isStandardField(n))
+				store.setValue(newTitle,n,fields[n]);
+		if(config.options.chkAutoSave)
+			saveChanges();
+		return newTitle;
+		}
+	return null;
+}
+
+Story.prototype.permaView = function()
+{
+	var links = [];
+	this.forEachTiddler(function(title,element) {
+		links.push(String.encodeTiddlyLink(title));
+		});
+	var t = encodeURIComponent(links.join(" "));
+	if(t == "")
+		t = "#";
+	if(window.location.hash != t)
+		window.location.hash = t;
+}
+
+// ---------------------------------------------------------------------------------
+// Message area
+// ---------------------------------------------------------------------------------
+
+function getMessageDiv()
+{
+	var msgArea = document.getElementById("messageArea");
+	if(!msgArea)
+		return null;
+	if(!msgArea.hasChildNodes())
+		createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+			config.messages.messageClose.text,
+			config.messages.messageClose.tooltip,
+			clearMessage);
+	msgArea.style.display = "block";
+	return createTiddlyElement(msgArea,"div");
+}
+
+function displayMessage(text,linkText)
+{
+	var e = getMessageDiv();
+	if(!e)
+		{
+		alert(text);
+		return;
+		}
+	if(linkText)
+		{
+		var link = createTiddlyElement(e,"a",null,null,text);
+		link.href = linkText;
+		link.target = "_blank";
+		}
+	else
+		e.appendChild(document.createTextNode(text));
+}
+
+function clearMessage()
+{
+	var msgArea = document.getElementById("messageArea");
+	if(msgArea)
+		{
+		removeChildren(msgArea);
+		msgArea.style.display = "none";
+		}
+	return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Refresh mechanism
+// ---------------------------------------------------------------------------------
+
+config.refreshers = {
+	link: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddlyLink");
+		refreshTiddlyLink(e,title);
+		return true;
+		},
+	
+	tiddler: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddler");
+		var template = e.getAttribute("template");
+		if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+			story.refreshTiddler(title,template,true);
+		else
+			refreshElements(e,changeList);
+		return true;
+		},
+
+	content: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddler");
+		var force = e.getAttribute("force");
+		if(force != null || changeList == null || changeList.indexOf(title) != -1)
+			{
+			removeChildren(e);
+			wikify(store.getTiddlerText(title,title),e);
+			return true;
+			}
+		else
+			return false;
+		},
+
+	macro: function(e,changeList)
+		{
+		var macro = e.getAttribute("macroName");
+		var params = e.getAttribute("params");
+		if(macro)
+			macro = config.macros[macro];
+		if(macro && macro.refresh)
+			macro.refresh(e,params);
+		return true;
+		}
+};
+
+function refreshElements(root,changeList)
+{
+	var nodes = root.childNodes;
+	for(var c=0; c<nodes.length; c++)
+		{
+		var e = nodes[c],type;
+		if(e.getAttribute)
+			type = e.getAttribute("refresh");
+		else
+			type = null;
+		var refresher = config.refreshers[type];
+		var refreshed = false;
+		if(refresher != undefined)
+			refreshed = refresher(e,changeList);
+		if(e.hasChildNodes() && !refreshed)
+			refreshElements(e,changeList);
+		}
+}
+
+function applyHtmlMacros(root,tiddler)
+{
+	var e = root.firstChild;
+	while(e)
+		{
+		var nextChild = e.nextSibling;
+		if(e.getAttribute)
+			{
+			var macro = e.getAttribute("macro");
+			if(macro)
+				{
+				var params = "";
+				var p = macro.indexOf(" ");
+				if(p != -1)
+					{
+					params = macro.substr(p+1);
+					macro = macro.substr(0,p);
+					}
+				invokeMacro(e,macro,params,null,tiddler);
+				}
+			}
+		if(e.hasChildNodes())
+			applyHtmlMacros(e,tiddler);
+		e = nextChild;
+		}
+}
+
+function refreshPageTemplate(title)
+{
+	var stash = createTiddlyElement(document.body,"div");
+	stash.style.display = "none";
+	var display = document.getElementById("tiddlerDisplay");
+	var nodes,t;
+	if(display)
+		{
+		nodes = display.childNodes;
+		for(t=nodes.length-1; t>=0; t--)
+			stash.appendChild(nodes[t]);
+		}
+	var wrapper = document.getElementById("contentWrapper");
+	if(!title)
+		title = "PageTemplate";
+	var html = store.getRecursiveTiddlerText(title,null,10);
+	wrapper.innerHTML = html;
+	applyHtmlMacros(wrapper);
+	refreshElements(wrapper);
+	display = document.getElementById("tiddlerDisplay");
+	removeChildren(display);
+	if(!display)
+		display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+	nodes = stash.childNodes;
+	for(t=nodes.length-1; t>=0; t--)
+		display.appendChild(nodes[t]);
+	stash.parentNode.removeChild(stash);
+}
+
+function refreshDisplay(hint)
+{
+	var e = document.getElementById("contentWrapper");
+	if(typeof hint == "string")
+		hint = [hint];
+	refreshElements(e,hint);
+}
+
+function refreshPageTitle()
+{
+	document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+}
+
+function refreshStyles(title)
+{
+	setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+}
+
+function refreshColorPalette(title)
+{
+	if(!startingUp)
+		refreshAll();
+}
+
+function refreshAll()
+{
+	refreshPageTemplate();
+	refreshDisplay();
+	refreshStyles("StyleSheetLayout");
+	refreshStyles("StyleSheetColors");
+	refreshStyles("StyleSheet");
+	refreshStyles("StyleSheetPrint");
+}
+
+// ---------------------------------------------------------------------------------
+// Options cookie stuff
+// ---------------------------------------------------------------------------------
+
+function loadOptionsCookie()
+{
+	if(safeMode)
+		return;
+	var cookies = document.cookie.split(";");
+	for(var c=0; c<cookies.length; c++)
+		{
+		var p = cookies[c].indexOf("=");
+		if(p != -1)
+			{
+			var name = cookies[c].substr(0,p).trim();
+			var value = cookies[c].substr(p+1).trim();
+			switch(name.substr(0,3))
+				{
+				case "txt":
+					config.options[name] = unescape(value);
+					break;
+				case "chk":
+					config.options[name] = value == "true";
+					break;
+				}
+			}
+		}
+}
+
+function saveOptionCookie(name)
+{
+	if(safeMode)
+		return;
+	var c = name + "=";
+	switch(name.substr(0,3))
+		{
+		case "txt":
+			c += escape(config.options[name].toString());
+			break;
+		case "chk":
+			c += config.options[name] ? "true" : "false";
+			break;
+		}
+	c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+	document.cookie = c;
+}
+
+// ---------------------------------------------------------------------------------
+// Saving
+// ---------------------------------------------------------------------------------
+
+var saveUsingSafari = false;
+
+var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
+var endSaveArea = '</d' + 'iv>';
+
+// If there are unsaved changes, force the user to confirm before exitting
+function confirmExit()
+{
+	hadConfirmExit = true;
+	if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+		return config.messages.confirmExit;
+}
+
+// Give the user a chance to save changes before exitting
+function checkUnsavedChanges()
+{
+	if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+		{
+		if(confirm(config.messages.unsavedChangesWarning))
+			saveChanges();
+		}
+}
+
+function updateMarkupBlock(s,blockName,tiddlerName)
+{
+	return s.replaceChunk(
+			"<!--%0-START-->".format([blockName]),
+			"<!--%0-END-->".format([blockName]),
+			"\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+}
+
+// Save this tiddlywiki with the pending changes
+function saveChanges(onlyIfDirty)
+{
+	if(onlyIfDirty && !store.isDirty())
+		return;
+	clearMessage();
+	// Get the URL of the document
+	var originalPath = document.location.toString();
+	// Check we were loaded from a file URL
+	if(originalPath.substr(0,5) != "file:")
+		{
+		alert(config.messages.notFileUrlError);
+		if(store.tiddlerExists(config.messages.saveInstructions))
+			story.displayTiddler(null,config.messages.saveInstructions);
+		return;
+		}
+	var localPath = getLocalPath(originalPath);
+	// Load the original file
+	var original = loadFile(localPath);
+	if(original == null)
+		{
+		alert(config.messages.cantSaveError);
+		if(store.tiddlerExists(config.messages.saveInstructions))
+			story.displayTiddler(null,config.messages.saveInstructions);
+		return;
+		}
+	// Locate the storeArea div's
+	var posOpeningDiv = original.indexOf(startSaveArea);
+	var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+	var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+	if((posOpeningDiv == -1) || (posClosingDiv == -1))
+		{
+		alert(config.messages.invalidFileError.format([localPath]));
+		return;
+		}
+	// Save the backup
+	if(config.options.chkSaveBackups)
+		{
+		var backupPath = getBackupPath(localPath);
+		var backup = saveFile(backupPath,original);
+		if(backup)
+			displayMessage(config.messages.backupSaved,"file://" + backupPath);
+		else
+			alert(config.messages.backupFailed);
+		}
+	// Save Rss
+	if(config.options.chkGenerateAnRssFeed)
+		{
+		var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+		var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+		if(rssSave)
+			displayMessage(config.messages.rssSaved,"file://" + rssPath);
+		else
+			alert(config.messages.rssFailed);
+		}
+	// Save empty template
+	if(config.options.chkSaveEmptyTemplate)
+		{
+		var emptyPath,p;
+		if((p = localPath.lastIndexOf("/")) != -1)
+			emptyPath = localPath.substr(0,p) + "/empty.html";
+		else if((p = localPath.lastIndexOf("\\")) != -1)
+			emptyPath = localPath.substr(0,p) + "\\empty.html";
+		else
+			emptyPath = localPath + ".empty.html";
+		var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+		var emptySave = saveFile(emptyPath,empty);
+		if(emptySave)
+			displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+		else
+			alert(config.messages.emptyFailed);
+		}
+	var save;
+	try 
+		{
+		// Save new file
+		var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+					convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+					original.substr(posClosingDiv);
+		var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+		revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+		revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+		revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+		revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+		revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+		save = saveFile(localPath,revised);
+		}
+	catch (e) 
+		{
+		showException(e);
+		}
+	if(save)
+		{
+		displayMessage(config.messages.mainSaved,"file://" + localPath);
+		store.setDirty(false);
+		}
+	else
+		alert(config.messages.mainFailed);
+}
+
+function getLocalPath(originalPath)
+{
+	// Remove any location or query part of the URL
+	var argPos = originalPath.indexOf("?");
+	if(argPos != -1)
+		originalPath = originalPath.substr(0,argPos);
+	var hashPos = originalPath.indexOf("#");
+	if(hashPos != -1)
+		originalPath = originalPath.substr(0,hashPos);
+	// Convert file://localhost/ to file:///
+	if(originalPath.indexOf("file://localhost/") == 0)
+		originalPath = "file://" + originalPath.substr(16);
+	// Convert to a native file format assuming
+	// "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+	// "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+	// "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+	// "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+	var localPath;
+	if(originalPath.charAt(9) == ":") // pc local file
+		localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+	else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+		localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+	else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+		localPath = unescape(originalPath.substr(7));
+	else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+		localPath = unescape(originalPath.substr(5));
+	else // pc network file
+		localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+	return localPath;
+}
+
+function getBackupPath(localPath)
+{
+	var backSlash = true;
+	var dirPathPos = localPath.lastIndexOf("\\");
+	if(dirPathPos == -1)
+		{
+		dirPathPos = localPath.lastIndexOf("/");
+		backSlash = false;
+		}
+	var backupFolder = config.options.txtBackupFolder;
+	if(!backupFolder || backupFolder == "")
+		backupFolder = ".";
+	var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+	backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+	return backupPath;
+}
+
+function generateRss()
+{
+	var s = [];
+	var d = new Date();
+	var u = store.getTiddlerText("SiteUrl");
+	// Assemble the header
+	s.push("<" + "?xml version=\"1.0\"?" + ">");
+	s.push("<rss version=\"2.0\">");
+	s.push("<channel>");
+	s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+	if(u)
+		s.push("<link>" + u.htmlEncode() + "</link>");
+	s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+	s.push("<language>en-us</language>");
+	s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+	s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+	s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+	s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+	s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+	// The body
+	var tiddlers = store.getTiddlers("modified","excludeLists");
+	var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+	for (var t=tiddlers.length-1; t>=n; t--)
+		s.push(tiddlers[t].saveToRss(u));
+	// And footer
+	s.push("</channel>");
+	s.push("</rss>");
+	// Save it all
+	return s.join("\n");
+}
+
+
+// UTF-8 encoding rules:
+// 0x0000 - 0x007F:	0xxxxxxx
+// 0x0080 - 0x07FF:	110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF:	1110xxxx 10xxxxxx 10xxxxxx
+
+function convertUTF8ToUnicode(u)
+{
+	if(window.netscape == undefined)
+		return manualConvertUTF8ToUnicode(u);
+	else
+		return mozConvertUTF8ToUnicode(u);
+}
+
+function manualConvertUTF8ToUnicode(utf)
+{
+	var uni = utf;
+	var src = 0;
+	var dst = 0;
+	var b1, b2, b3;
+	var c;
+	while(src < utf.length)
+		{
+		b1 = utf.charCodeAt(src++);
+		if(b1 < 0x80)
+			dst++;
+		else if(b1 < 0xE0)
+			{
+			b2 = utf.charCodeAt(src++);
+			c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+			}
+		else
+			{
+			b2 = utf.charCodeAt(src++);
+			b3 = utf.charCodeAt(src++);
+			c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+			}
+	}
+	return(uni);
+}
+
+function mozConvertUTF8ToUnicode(u)
+{
+	try
+		{
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+		converter.charset = "UTF-8";
+		}
+	catch(e)
+		{
+		return manualConvertUTF8ToUnicode(u);
+		} // fallback
+	var s = converter.ConvertToUnicode(u);
+	var fin = converter.Finish();
+	return (fin.length > 0) ? s+fin : s;
+}
+
+function convertUnicodeToUTF8(s)
+{
+	if(window.netscape == undefined)
+		return manualConvertUnicodeToUTF8(s);
+	else
+		return mozConvertUnicodeToUTF8(s);
+}
+
+function manualConvertUnicodeToUTF8(s)
+{
+	var re = /[^\u0000-\u007F]/g ;
+	return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+}
+
+function mozConvertUnicodeToUTF8(s)
+{
+	try
+		{
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+		converter.charset = "UTF-8";
+		}
+	catch(e)
+		{
+		return manualConvertUnicodeToUTF8(s);
+		} // fallback
+	var u = converter.ConvertFromUnicode(s);
+	var fin = converter.Finish();
+	if(fin.length > 0)
+		return u + fin;
+	else
+		return u;
+}
+
+function saveFile(fileUrl, content)
+{
+	var r = null;
+	if((r == null) || (r == false))
+		r = mozillaSaveFile(fileUrl, content);
+	if((r == null) || (r == false))
+		r = ieSaveFile(fileUrl, content);
+	if((r == null) || (r == false))
+		r = javaSaveFile(fileUrl, content);
+	return(r);
+}
+
+function loadFile(fileUrl)
+{
+	var r = null;
+	if((r == null) || (r == false))
+		r = mozillaLoadFile(fileUrl);
+	if((r == null) || (r == false))
+		r = ieLoadFile(fileUrl);
+	if((r == null) || (r == false))
+		r = javaLoadFile(fileUrl);
+	return(r);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function ieSaveFile(filePath, content)
+{
+	try
+		{
+		var fso = new ActiveXObject("Scripting.FileSystemObject");
+		}
+	catch(e)
+		{
+		//alert("Exception while attempting to save\n\n" + e.toString());
+		return(null);
+		}
+	var file = fso.OpenTextFile(filePath,2,-1,0);
+	file.Write(content);
+	file.Close();
+	return(true);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function ieLoadFile(filePath)
+{
+	try
+		{
+		var fso = new ActiveXObject("Scripting.FileSystemObject");
+		var file = fso.OpenTextFile(filePath,1);
+		var content = file.ReadAll();
+		file.Close();
+		}
+	catch(e)
+		{
+		//alert("Exception while attempting to load\n\n" + e.toString());
+		return(null);
+		}
+	return(content);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function mozillaSaveFile(filePath, content)
+{
+	if(window.Components)
+		try
+			{
+			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+			file.initWithPath(filePath);
+			if (!file.exists())
+				file.create(0, 0664);
+			var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+			out.init(file, 0x20 | 0x02, 00004,null);
+			out.write(content, content.length);
+			out.flush();
+			out.close();
+			return(true);
+			}
+		catch(e)
+			{
+			//alert("Exception while attempting to save\n\n" + e);
+			return(false);
+			}
+	return(null);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function mozillaLoadFile(filePath)
+{
+	if(window.Components)
+		try
+			{
+			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+			file.initWithPath(filePath);
+			if (!file.exists())
+				return(null);
+			var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+			inputStream.init(file, 0x01, 00004, null);
+			var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+			sInputStream.init(inputStream);
+			return(sInputStream.read(sInputStream.available()));
+			}
+		catch(e)
+			{
+			//alert("Exception while attempting to load\n\n" + e);
+			return(false);
+			}
+	return(null);
+}
+
+function javaUrlToFilename(url)
+{
+	var f = "//localhost";
+	if(url.indexOf(f) == 0)
+		return url.substring(f.length);
+	var i = url.indexOf(":");
+	if(i > 0)
+		return url.substring(i-1);
+	return url;
+}
+
+function javaSaveFile(filePath, content)
+{
+	try
+		{
+		if(document.applets["TiddlySaver"])
+			return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+		}
+	catch(e)
+		{
+		}
+	try
+		{
+		var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+		s.print(content);
+		s.close();
+		}
+	catch(e)
+		{
+		return null;
+		}
+	return true;
+}
+
+function javaLoadFile(filePath)
+{
+	try
+		{
+	if(document.applets["TiddlySaver"])
+		return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+		}
+	catch(e)
+		{
+		}
+	var content = [];
+	try
+		{
+		var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+		var line;
+		while ((line = r.readLine()) != null)
+			content.push(new String(line));
+		r.close();
+		}
+	catch(e)
+		{
+		return null;
+		}
+	return content.join("\n");
+}
+
+
+// ---------------------------------------------------------------------------------
+// Remote HTTP requests
+// ---------------------------------------------------------------------------------
+
+// Load a file over http
+//   url - the source url
+//   callback - function to call when there's a response
+//   params - parameter object that gets passed to the callback for storing it's state
+// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
+// Callback function is called like this:
+//   callback(status,params,responseText,xhr)
+//     status - true if OK, false if error
+//     params - the parameter object provided to loadRemoteFile()
+//     responseText - the text of the file
+//     xhr - the underlying XMLHttpRequest object
+function loadRemoteFile(url,callback,params)
+{
+	// Get an xhr object
+	var x;
+	try
+		{
+		x = new XMLHttpRequest(); // Modern
+		}
+	catch(e)
+		{
+		try
+			{
+			x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+			}
+		catch (e)
+			{
+			return null;
+			}
+		}
+	// Install callback
+	x.onreadystatechange = function()
+		{
+		if (x.readyState == 4)
+			{
+			if ((x.status == 0 || x.status == 200) && callback)
+				{
+				callback(true,params,x.responseText,url,x);
+			}
+			else
+				callback(false,params,null,url,x);
+			}
+		}
+	// Send request
+	if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+		window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+	try
+		{
+		url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+		x.open("GET",url,true);
+		if (x.overrideMimeType)
+			x.overrideMimeType("text/html");
+		x.send(null);
+		}
+	catch (e)
+		{
+		alert("Error in send " + e);
+		return null;
+		}
+	return x;
+}
+// ---------------------------------------------------------------------------------
+// TiddlyWiki-specific utility functions
+// ---------------------------------------------------------------------------------
+
+function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
+{
+	var theButton = document.createElement("a");
+	if(theAction)
+		{
+		theButton.onclick = theAction;
+		theButton.setAttribute("href","javascript:;");
+		}
+	if(theTooltip)
+		theButton.setAttribute("title",theTooltip);
+	if(theText)
+		theButton.appendChild(document.createTextNode(theText));
+	if(theClass)
+		theButton.className = theClass;
+	else
+		theButton.className = "button";
+	if(theId)
+		theButton.id = theId;
+	if(theParent)
+		theParent.appendChild(theButton);
+	if(theAccessKey)
+		theButton.setAttribute("accessKey",theAccessKey);
+	return(theButton);
+}
+
+function createTiddlyLink(place,title,includeText,theClass,isStatic)
+{
+	var text = includeText ? title : null;
+	var i = getTiddlyLinkInfo(title,theClass)
+	var btn;
+	if(isStatic)
+		btn = createExternalLink(place,"#" + title);
+	else
+		btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+	btn.setAttribute("refresh","link");
+	btn.setAttribute("tiddlyLink",title);
+	return(btn);
+}
+
+function refreshTiddlyLink(e,title)
+{
+	var i = getTiddlyLinkInfo(title,e.className);
+	e.className = i.classes;
+	e.title = i.subTitle;
+}
+
+function getTiddlyLinkInfo(title,currClasses)
+{
+	var classes = currClasses ? currClasses.split(" ") : [];
+	classes.pushUnique("tiddlyLink");
+	var tiddler = store.fetchTiddler(title);
+	var subTitle;
+	if(tiddler)
+		{
+		subTitle = tiddler.getSubtitle();
+		classes.pushUnique("tiddlyLinkExisting");
+		classes.remove("tiddlyLinkNonExisting");
+		classes.remove("shadow");
+		}
+	else
+		{
+		classes.remove("tiddlyLinkExisting");
+		classes.pushUnique("tiddlyLinkNonExisting");
+		if(store.isShadowTiddler(title))
+			{
+			subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+			classes.pushUnique("shadow");
+			}
+		else
+			{
+			subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+			classes.remove("shadow");
+			}
+		}
+	return {classes: classes.join(" "), subTitle: subTitle};
+}
+
+function createExternalLink(place,url)
+{
+	var theLink = document.createElement("a");
+	theLink.className = "externalLink";
+	theLink.href = url;
+	theLink.title = config.messages.externalLinkTooltip.format([url]);
+	if(config.options.chkOpenInNewWindow)
+		theLink.target = "_blank";
+	place.appendChild(theLink);
+	return(theLink);
+}
+
+// Event handler for clicking on a tiddly link
+function onClickTiddlerLink(e)
+{
+	if (!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	var theLink = theTarget;
+	var title = null;
+	do {
+		title = theLink.getAttribute("tiddlyLink");
+		theLink = theLink.parentNode;
+	} while(title == null && theLink != null);
+	if(title)
+		{
+		var toggling = e.metaKey || e.ctrlKey;
+		if(config.options.chkToggleLinks)
+			toggling = !toggling;
+		var opening;
+		if(toggling && document.getElementById("tiddler" + title))
+			story.closeTiddler(title,true,e.shiftKey || e.altKey);
+		else
+			story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+		}
+	clearMessage();
+	return(false);
+}
+
+// Create a button for a tag with a popup listing all the tiddlers that it tags
+function createTagButton(place,tag,excludeTiddler)
+{
+	var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+	theTag.setAttribute("tag",tag);
+	if(excludeTiddler)
+		theTag.setAttribute("tiddler",excludeTiddler);
+	return(theTag);
+}
+
+// Event handler for clicking on a tiddler tag
+function onClickTag(e)
+{
+	if (!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	var popup = Popup.create(this);
+	var tag = this.getAttribute("tag");
+	var title = this.getAttribute("tiddler");
+	if(popup && tag)
+		{
+		var tagged = store.getTaggedTiddlers(tag);
+		var titles = [];
+		var li,r;
+		for(r=0;r<tagged.length;r++)
+			if(tagged[r].title != title)
+				titles.push(tagged[r].title);
+		var lingo = config.views.wikified.tag;
+		if(titles.length > 0)
+			{
+			var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+			openAll.setAttribute("tag",tag);
+			createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+			for(r=0; r<titles.length; r++)
+				{
+				createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+				}
+			}
+		else
+			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+		createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+		var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+		createTiddlyText(h,lingo.openTag.format([tag]));
+		}
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if (e.stopPropagation) e.stopPropagation();
+	return(false);
+}
+
+// Event handler for 'open all' on a tiddler popup
+function onClickTagOpenAll(e)
+{
+	if (!e) var e = window.event;
+	var tag = this.getAttribute("tag");
+	var tagged = store.getTaggedTiddlers(tag);
+	var titles = [];
+	for(var t=0; t<tagged.length; t++)
+		titles.push(tagged[t].title);
+	story.displayTiddlers(this,titles);
+	return(false);
+}
+
+function onClickError(e)
+{
+	if (!e) var e = window.event;
+	var popup = Popup.create(this);
+	var lines = this.getAttribute("errorText").split("\n");
+	for(var t=0; t<lines.length; t++)
+		createTiddlyElement(popup,"li",null,null,lines[t]);
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if (e.stopPropagation) e.stopPropagation();
+	return false;
+}
+
+function createTiddlyDropDown(place,onchange,options)
+{
+	var sel = createTiddlyElement(place,"select");
+	sel.onchange = onchange;
+	for(var t=0; t<options.length; t++)
+		{
+		var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+		e.value = options[t].name;
+		}
+}
+
+function createTiddlyError(place,title,text)
+{
+	var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+	if (text) btn.setAttribute("errorText",text);
+}
+
+function merge(dst,src,preserveExisting)
+{
+	for (p in src)
+		if (!preserveExisting || dst[p] === undefined)
+			dst[p] = src[p];
+	return dst;
+}
+
+// Returns a string containing the description of an exception, optionally prepended by a message
+function exceptionText(e, message)
+{
+	var s = e.description ? e.description : e.toString();
+	return message ? "%0:\n%1".format([message, s]) : s;
+}
+
+// Displays an alert of an exception description with optional message
+function showException(e, message)
+{
+	alert(exceptionText(e, message));
+}
+
+// ---------------------------------------------------------------------------------
+// Animation engine
+// ---------------------------------------------------------------------------------
+
+function Animator()
+{
+	this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+	this.timerID = 0; // ID of the timer used for animating
+	this.animations = []; // List of animations in progress
+	return this;
+}
+
+// Start animation engine
+Animator.prototype.startAnimating = function() // Variable number of arguments
+{
+	for(var t=0; t<arguments.length; t++)
+		this.animations.push(arguments[t]);
+	if(this.running == 0)
+		{
+		var me = this;
+		this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+		}
+	this.running += arguments.length;
+}
+
+// Perform an animation engine tick, calling each of the known animation modules
+Animator.prototype.doAnimate = function(me)
+{
+	var a = 0;
+	while(a < me.animations.length)
+		{
+		var animation = me.animations[a];
+		if(animation.tick())
+			a++;
+		else
+			{
+			me.animations.splice(a,1);
+			if(--me.running == 0)
+				window.clearInterval(me.timerID);
+			}
+		}
+}
+
+// Map a 0..1 value to 0..1, but slow down at the start and end
+Animator.slowInSlowOut = function(progress)
+{
+	return(1-((Math.cos(progress * Math.PI)+1)/2));
+}
+
+// ---------------------------------------------------------------------------------
+// Cascade animation
+// ---------------------------------------------------------------------------------
+
+function Cascade(text,startElement,targetElement,slowly)
+{
+	var winWidth = findWindowWidth();
+	var winHeight = findWindowHeight();
+	this.elements = [];
+	this.startElement = startElement;
+	this.startLeft = findPosX(this.startElement);
+	this.startTop = findPosY(this.startElement);
+	this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+	this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+	this.targetElement = targetElement;
+	targetElement.style.position = "relative";
+	targetElement.style.zIndex = 2;
+	this.targetLeft = findPosX(this.targetElement);
+	this.targetTop = findPosY(this.targetElement);
+	this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+	this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+	this.progress = -1;
+	this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+	this.text = text;
+	this.tick();
+	return this;
+}
+
+Cascade.prototype.tick = function()
+{
+	this.progress++;
+	if(this.progress >= this.steps)
+		{
+		while(this.elements.length > 0)
+			this.removeTail();
+		this.targetElement.style.position = "static";
+		this.targetElement.style.zIndex = "";
+		return false;
+		}
+	else
+		{
+		if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+			this.removeTail();
+		if(this.progress < (this.steps - config.cascadeDepth))
+			{
+			var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+			var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+			e.style.zIndex = 1;
+			e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+			e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+			e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+			e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+			e.style.display = "block";
+			this.elements.push(e);
+			}
+		return true;
+		}
+}
+
+Cascade.prototype.removeTail = function()
+{
+	var e = this.elements[0];
+	e.parentNode.removeChild(e);
+	this.elements.shift();
+}
+
+// ---------------------------------------------------------------------------------
+// Scroller animation
+// ---------------------------------------------------------------------------------
+
+function Scroller(targetElement,slowly)
+{
+	this.targetElement = targetElement;
+	this.startScroll = findScrollY();
+	this.targetScroll = ensureVisible(targetElement);
+	this.progress = 0;
+	this.step = slowly ? config.animSlow : config.animFast;
+	return this;
+}
+
+Scroller.prototype.tick = function()
+{
+	this.progress += this.step;
+	if(this.progress > 1)
+		{
+		window.scrollTo(0,this.targetScroll);
+		return false;
+		}
+	else
+		{
+		var f = Animator.slowInSlowOut(this.progress);
+		window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+		return true;
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Slider animation
+// ---------------------------------------------------------------------------------
+
+// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
+function Slider(element,opening,slowly,deleteMode)
+{
+	this.element = element;
+	element.style.display = "block";
+	this.deleteMode = deleteMode;
+	this.element.style.height = "auto";
+	this.realHeight = element.offsetHeight;
+	this.opening = opening;
+	this.step = slowly ? config.animSlow : config.animFast;
+	if(opening)
+		{
+		this.progress = 0;
+		element.style.height = "0px";
+		element.style.display = "block";
+		}
+	else
+		{
+		this.progress = 1;
+		this.step = -this.step;
+		}
+	element.style.overflow = "hidden";
+	return this;
+}
+
+Slider.prototype.stop = function()
+{
+	if(this.opening)
+		{
+		this.element.style.height = "auto";
+		this.element.style.opacity = 1;
+		this.element.style.filter = "alpha(opacity:100)";
+		}
+	else
+		{
+		switch(this.deleteMode)
+			{
+			case "none":
+				this.element.style.display = "none";
+				break;
+			case "all":
+				this.element.parentNode.removeChild(this.element);
+				break;
+			case "children":
+				removeChildren(this.element);
+				break;
+			}
+		}
+}
+
+Slider.prototype.tick = function()
+{
+	this.progress += this.step;
+	if(this.progress < 0 || this.progress > 1)
+		{
+		this.stop();
+		return false;
+		}
+	else
+		{
+		var f = Animator.slowInSlowOut(this.progress);
+		var h = this.realHeight * f;
+		this.element.style.height = h + "px";
+		this.element.style.opacity = f;
+		this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+		return true;
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Popup menu
+// ---------------------------------------------------------------------------------
+
+var Popup = {
+	stack: [] // Array of objects with members root: and popup:
+	};
+
+Popup.create = function(root)
+{
+	Popup.remove();
+	var popup = createTiddlyElement(document.body,"ol","popup","popup");
+	Popup.stack.push({root: root, popup: popup});
+	return popup;
+}
+
+Popup.onDocumentClick = function(e)
+{
+	if (!e) var e = window.event;
+	var target = resolveTarget(e);
+	if(e.eventPhase == undefined)
+		Popup.remove();
+	else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+		Popup.remove();
+	return true;
+}
+
+Popup.show = function(unused,slowly)
+{
+	var curr = Popup.stack[Popup.stack.length-1];
+	var rootLeft = findPosX(curr.root);
+	var rootTop = findPosY(curr.root);
+	var rootHeight = curr.root.offsetHeight;
+	var popupLeft = rootLeft;
+	var popupTop = rootTop + rootHeight;
+	var popupWidth = curr.popup.offsetWidth;
+	var winWidth = findWindowWidth();
+	if(popupLeft + popupWidth > winWidth)
+		popupLeft = winWidth - popupWidth;
+	curr.popup.style.left = popupLeft + "px";
+	curr.popup.style.top = popupTop + "px";
+	curr.popup.style.display = "block";
+	addClass(curr.root,"highlight");
+	if(anim && config.options.chkAnimate)
+		anim.startAnimating(new Scroller(curr.popup,slowly));
+	else
+		window.scrollTo(0,ensureVisible(curr.popup));
+}
+
+Popup.remove = function()
+{
+	if(Popup.stack.length > 0)
+		{
+		Popup.removeFrom(0);
+		}
+}
+
+Popup.removeFrom = function(from)
+{
+	for(var t=Popup.stack.length-1; t>=from; t--)
+		{
+		var p = Popup.stack[t];
+		removeClass(p.root,"highlight");
+		p.popup.parentNode.removeChild(p.popup);
+		}
+	Popup.stack = Popup.stack.slice(0,from);
+}
+
+// ---------------------------------------------------------------------------------
+// ListView gadget
+// ---------------------------------------------------------------------------------
+
+var ListView = {};
+
+// Create a listview
+//   place - where in the DOM tree to insert the listview
+//   listObject - array of objects to be included in the listview
+//   listTemplate - template for the listview
+//   callback - callback for a command being selected
+//   className - optional classname for the <table> element
+ListView.create = function(place,listObject,listTemplate,callback,className)
+{
+	var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+	var thead = createTiddlyElement(table,"thead");
+	var r = createTiddlyElement(thead,"tr");
+	for(var t=0; t<listTemplate.columns.length; t++)
+		{
+		var columnTemplate = listTemplate.columns[t];
+		var c = createTiddlyElement(r,"th");
+		var colType = ListView.columnTypes[columnTemplate.type];
+		if(colType && colType.createHeader)
+			colType.createHeader(c,columnTemplate,t);
+		}
+	var tbody = createTiddlyElement(table,"tbody");
+	for(var rc=0; rc<listObject.length; rc++)
+		{
+		rowObject = listObject[rc];
+		r = createTiddlyElement(tbody,"tr");
+		for(var c=0; c<listTemplate.rowClasses.length; c++)
+			{
+			if(rowObject[listTemplate.rowClasses[c].field])
+				addClass(r,listTemplate.rowClasses[c].className);
+			}
+		rowObject.rowElement = rowObject;
+		rowObject.colElements = {};
+		for(var cc=0; cc<listTemplate.columns.length; cc++)
+			{
+			var c = createTiddlyElement(r,"td");
+			var columnTemplate = listTemplate.columns[cc];
+			var field = columnTemplate.field;
+			var colType = ListView.columnTypes[columnTemplate.type];
+			if(colType && colType.createItem)
+				colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+			rowObject.colElements[field] = c;
+			}
+		}
+	if(callback && listTemplate.actions)
+		createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+	if(callback && listTemplate.buttons)
+		{
+		for(t=0; t<listTemplate.buttons.length; t++)
+			{
+			var a = listTemplate.buttons[t];
+			if(a && a.name != "")
+				createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+			}
+		}
+	return table;
+}
+
+ListView.getCommandHandler = function(callback,name,allowEmptySelection)
+{
+	return function(e)
+		{
+		var view = findRelated(this,"TABLE",null,"previousSibling");
+		var tiddlers = [];
+		ListView.forEachSelector(view,function(e,rowName) {
+					if(e.checked)
+						tiddlers.push(rowName);
+					});
+		if(tiddlers.length == 0 && !allowEmptySelection)
+			alert(config.messages.nothingSelected);
+		else
+			{
+			if(this.nodeName.toLowerCase() == "select")
+				{
+				callback(view,this.value,tiddlers);
+				this.selectedIndex = 0;
+				}
+			else
+				callback(view,name,tiddlers);
+			}
+		};
+}
+
+// Invoke a callback for each selector checkbox in the listview
+//   view - <table> element of listView
+//   callback(checkboxElement,rowName)
+//     where
+//       checkboxElement - DOM element of checkbox
+//       rowName - name of this row as assigned by the column template
+//   result: true if at least one selector was checked
+ListView.forEachSelector = function(view,callback)
+{
+	var checkboxes = view.getElementsByTagName("input");
+	var hadOne = false;
+	for(var t=0; t<checkboxes.length; t++)
+		{
+		var cb = checkboxes[t];
+		if(cb.getAttribute("type") == "checkbox")
+			{
+			var rn = cb.getAttribute("rowName");
+			if(rn)
+				{
+				callback(cb,rn);
+				hadOne = true;
+				}
+			}
+		}
+	return hadOne;
+}
+
+ListView.columnTypes = {};
+
+ListView.columnTypes.String = {
+	createHeader: function(place,columnTemplate,col)
+		{
+			createTiddlyText(place,columnTemplate.title);
+		},
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				createTiddlyText(place,v);
+		}
+};
+
+ListView.columnTypes.Date = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+		}
+};
+
+ListView.columnTypes.StringList = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				{
+				for(var t=0; t<v.length; t++)
+					{
+					createTiddlyText(place,v[t]);
+					createTiddlyElement(place,"br");
+					}
+				}
+		}
+};
+
+ListView.columnTypes.Selector = {
+	createHeader: function(place,columnTemplate,col)
+		{
+			createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+		},
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var e = createTiddlyCheckbox(place,null,listObject[field],null);
+			e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+		},
+	onHeaderChange: function(e)
+		{
+			var state = this.checked;
+			var view = findRelated(this,"TABLE");
+			if(!view)
+				return;
+			ListView.forEachSelector(view,function(e,rowName) {
+								e.checked = state;
+							});
+		}
+};
+
+ListView.columnTypes.Tags = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var tags = listObject[field];
+			createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+		}
+};
+
+ListView.columnTypes.Boolean = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			if(listObject[field] == true)
+				createTiddlyText(place,columnTemplate.trueText);
+			if(listObject[field] == false)
+				createTiddlyText(place,columnTemplate.falseText);
+		}
+};
+
+ListView.columnTypes.TagCheckbox = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+			e.setAttribute("tiddler",listObject.title);
+			e.setAttribute("tag",columnTemplate.tag);
+		},
+	onChange : function(e)
+		{
+			var tag = this.getAttribute("tag");
+			var tiddler = this.getAttribute("tiddler");
+			store.setTiddlerTag(tiddler,this.checked,tag);
+		}
+};
+
+ListView.columnTypes.TiddlerLink = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				{
+				var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+				createTiddlyText(link,listObject[field]);
+				}
+		}
+};
+// ---------------------------------------------------------------------------------
+// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
+// ---------------------------------------------------------------------------------
+
+// Clamp a number to a range
+Number.prototype.clamp = function(min,max)
+{
+	var c = this;
+	if(c < min)
+		c = min;
+	if(c > max)
+		c = max;
+	return c;
+}
+
+// Add indexOf function if browser does not support it
+if(!Array.indexOf) {
+Array.prototype.indexOf = function(item,from)
+{
+	if(!from)
+		from = 0;
+	for(var i=from; i<this.length; i++)
+		if(this[i] === item)
+			return i;
+	return -1;
+}}
+
+// Find an entry in a given field of the members of an array
+Array.prototype.findByField = function(field,value)
+{
+	for(var t=0; t<this.length; t++)
+		if(this[t][field] == value)
+			return t;
+	return null;
+}
+
+// Return whether an entry exists in an array
+Array.prototype.contains = function(item)
+{
+	return this.indexOf(item) != -1;
+};
+
+// Adds, removes or toggles a particular value within an array
+//  value - value to add
+//  mode - +1 to add value, -1 to remove value, 0 to toggle it
+Array.prototype.setItem = function(value,mode)
+{
+	var p = this.indexOf(value);
+	if(mode == 0)
+		mode = (p == -1) ? +1 : -1;
+	if(mode == +1)
+		{
+		if(p == -1)
+			this.push(value);
+		}
+	else if(mode == -1)
+		{
+		if(p != -1)
+			this.splice(p,1);
+		}
+}
+
+// Return whether one of a list of values exists in an array
+Array.prototype.containsAny = function(items)
+{
+	for(var i=0; i<items.length; i++)
+		if (this.indexOf(items[i]) != -1)
+			return true;
+	return false;
+};
+
+// Return whether all of a list of values exists in an array
+Array.prototype.containsAll = function(items)
+{
+	for (var i = 0; i<items.length; i++)
+		if (this.indexOf(items[i]) == -1)
+			return false;
+	return true;
+};
+
+// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
+Array.prototype.pushUnique = function(item,unique)
+{
+	if(unique != undefined && unique == false)
+		this.push(item);
+	else
+		{
+		if(this.indexOf(item) == -1)
+			this.push(item);
+		}
+}
+
+Array.prototype.remove = function(item)
+{
+	var p = this.indexOf(item);
+	if(p != -1)
+		this.splice(p,1);
+}
+
+// Get characters from the right end of a string
+String.prototype.right = function(n)
+{
+	if(n < this.length)
+		return this.slice(this.length-n);
+	else
+		return this;
+}
+
+// Trim whitespace from both ends of a string
+String.prototype.trim = function()
+{
+	return this.replace(/^\s*|\s*$/g,"");
+}
+
+// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
+String.prototype.unDash = function()
+{
+	var s = this.split("-");
+	if(s.length > 1)
+		for(var t=1; t<s.length; t++)
+			s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+	return s.join("");
+}
+
+// Substitute substrings from an array into a format string that includes '%1'-type specifiers
+String.prototype.format = function(substrings)
+{
+	var subRegExp = /(?:%(\d+))/mg;
+	var currPos = 0;
+	var r = [];
+	do {
+		var match = subRegExp.exec(this);
+		if(match && match[1])
+			{
+			if(match.index > currPos)
+				r.push(this.substring(currPos,match.index));
+			r.push(substrings[parseInt(match[1])]);
+			currPos = subRegExp.lastIndex;
+			}
+	} while(match);
+	if(currPos < this.length)
+		r.push(this.substring(currPos,this.length));
+	return r.join("");
+}
+
+// Escape any special RegExp characters with that character preceded by a backslash
+String.prototype.escapeRegExp = function()
+{
+	var s = "\\^$*+?()=!|,{}[].";
+	var c = this;
+	for(var t=0; t<s.length; t++)
+		c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+	return c;
+}
+
+// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
+String.prototype.escapeLineBreaks = function()
+{
+	return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+}
+
+// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
+String.prototype.unescapeLineBreaks = function()
+{
+	return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+}
+
+// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
+String.prototype.htmlEncode = function()
+{
+	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+}
+
+// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+String.prototype.htmlDecode = function()
+{
+	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+}
+
+// Parse a space-separated string of name:value parameters where:
+//   - the name or the value can be optional (in which case separate defaults are used instead)
+//     - in case of ambiguity, a lone word is taken to be a value
+//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
+//     - name prefixes are not allowed if the 'noNames' parameter is true
+//   - if both the name and value are present they must be separated by a colon
+//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
+//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
+//     - as long as the 'allowEval' parameter is true
+// The result is an array of objects:
+//   result[0] = object with a member for each parameter name, value of that member being an array of values
+//   result[1..n] = one object for each parameter, with 'name' and 'value' members
+String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
+{
+	var parseToken = function(match,p)
+		{
+		var n;
+		if(match[p]) // Double quoted
+			n = match[p];
+		else if(match[p+1]) // Single quoted
+			n = match[p+1];
+		else if(match[p+2]) // Double-square-bracket quoted
+			n = match[p+2];
+		else if(match[p+3]) // Double-brace quoted
+			try
+				{
+				n = match[p+3];
+				if(allowEval)
+					n = window.eval(n);
+				}
+			catch(e)
+				{
+				throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+				}
+		else if(match[p+4]) // Unquoted
+			n = match[p+4];
+		else if(match[p+5]) // empty quote
+			n = "";
+		return n;
+		};
+	var r = [{}];
+	var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+	var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+	var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+	var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+	var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+	var emptyQuote = "((?:\"\")|(?:''))";
+	var skipSpace = "(?:\\s*)";
+	var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+	var re = noNames
+		? new RegExp(token,"mg")
+		: new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+	var params = [];
+	do {
+		var match = re.exec(this);
+		if(match)
+			{
+			var n = parseToken(match,1);
+			if(noNames)
+				r.push({name: "", value: n});
+			else
+				{
+				var v = parseToken(match,8);
+				if(v == null && defaultName)
+					{
+					v = n;
+					n = defaultName;
+					}
+				else if(v == null && defaultValue)
+					v = defaultValue;
+				r.push({name: n, value: v});
+				if(cascadeDefaults)
+					{
+					defaultName = n;
+					defaultValue = v;
+					}
+				}
+			}
+	} while(match);
+	// Summarise parameters into first element
+	for(var t=1; t<r.length; t++)
+		{
+		if(r[0][r[t].name])
+			r[0][r[t].name].push(r[t].value);
+		else
+			r[0][r[t].name] = [r[t].value];
+		}
+	return r;
+}
+
+// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
+// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
+// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
+String.prototype.readMacroParams = function()
+{
+	var p = this.parseParams("list",null,true,true);
+	var n = [];
+	for(var t=1; t<p.length; t++)
+		n.push(p[t].value);
+	return n;
+}
+
+// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
+String.prototype.readBracketedList = function(unique)
+{
+	var p = this.parseParams("list",null,false,true);
+	var n = [];
+	for(var t=1; t<p.length; t++)
+		n.pushUnique(p[t].value,unique);
+	return n;
+}
+
+// Returns array with start and end index of chunk between given start and end marker, or undefined.
+String.prototype.getChunkRange = function(start,end) 
+{
+	var s = this.indexOf(start);
+	if(s != -1)
+		{
+		s += start.length;
+		var e = this.indexOf(end,s);
+		if(e != -1)
+			return [s, e];
+		}
+}
+
+// Replace a chunk of a string given start and end markers
+String.prototype.replaceChunk = function(start,end,sub)
+{
+	var r = this.getChunkRange(start,end);
+	return r 
+		? this.substring(0,r[0]) + sub + this.substring(r[1])
+		: this;
+}
+
+// Returns a chunk of a string between start and end markers, or undefined
+String.prototype.getChunk = function(start,end)
+{
+	var r = this.getChunkRange(start,end);
+	if (r)
+		return this.substring(r[0],r[1]);
+}
+
+
+// Static method to bracket a string with double square brackets if it contains a space
+String.encodeTiddlyLink = function(title)
+{
+	if(title.indexOf(" ") == -1)
+		return(title);
+	else
+		return("[[" + title + "]]");
+}
+
+// Static method to encodeTiddlyLink for every item in an array and join them with spaces
+String.encodeTiddlyLinkList = function(list)
+{
+	if(list)
+		{
+		var results = [];
+		for(var t=0; t<list.length; t++)
+			results.push(String.encodeTiddlyLink(list[t]));
+		return results.join(" ");
+		}
+	else
+		return "";
+}
+
+// Static method to left-pad a string with 0s to a certain width
+String.zeroPad = function(n,d)
+{
+	var s = n.toString();
+	if(s.length < d)
+		s = "000000000000000000000000000".substr(0,d-s.length) + s;
+	return(s);
+}
+
+String.prototype.startsWith = function(prefix) 
+{
+	return !prefix || this.substring(0,prefix.length) == prefix;
+}
+
+// Returns the first value of the given named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//# @return [may be null/undefined]
+//#
+function getParam(params, name, defaultValue) {
+	if (!params)
+		return defaultValue;
+	var p = params[0][name];
+	return p ? p[0] : defaultValue;
+}
+
+// Returns the first value of the given boolean named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//#
+function getFlag(params, name, defaultValue) {
+	return !!getParam(params, name, defaultValue);
+} 
+	
+// Substitute date components into a string
+Date.prototype.formatString = function(template)
+{
+	var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+	t = t.replace(/hh12/g,this.getHours12());
+	t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+	t = t.replace(/hh/g,this.getHours());
+	t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+	t = t.replace(/mm/g,this.getMinutes());
+	t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+	t = t.replace(/ss/g,this.getSeconds());
+	t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+	t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+	t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+	t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+	t = t.replace(/YYYY/g,this.getFullYear());
+	t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+	t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+	t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+	t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+	t = t.replace(/MM/g,this.getMonth()+1);
+	t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+	t = t.replace(/WW/g,this.getWeek());
+	t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+	t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+	t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+	t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+	t = t.replace(/DD/g,this.getDate());
+	return t;
+}
+
+Date.prototype.getWeek = function()
+{
+	var dt = new Date(this.getTime());
+	var d = dt.getDay();
+	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+	var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000); 
+	return Math.floor(n/7)+1;
+}
+
+Date.prototype.getYearForWeekNo = function()
+{
+	var dt = new Date(this.getTime());
+	var d = dt.getDay();
+	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+	return dt.getFullYear();
+}
+
+Date.prototype.getHours12 = function()
+{
+	var h = this.getHours();
+	return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+}
+
+Date.prototype.getAmPm = function()
+{
+	return this.getHours() >= 12 ? "pm" : "am";
+}
+
+Date.prototype.daySuffix = function()
+{
+	var num = this.getDate();
+	if (num >= 11 && num <= 13) return "th";
+	else if (num.toString().substr(-1)=="1") return "st";
+	else if (num.toString().substr(-1)=="2") return "nd";
+	else if (num.toString().substr(-1)=="3") return "rd";
+	return "th";
+}
+
+// Convert a date to local YYYYMMDDHHMM string format
+Date.prototype.convertToLocalYYYYMMDDHHMM = function()
+{
+	return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDDHHMM string format
+Date.prototype.convertToYYYYMMDDHHMM = function()
+{
+	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
+Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
+{
+	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+}
+
+// Static method to create a date from a UTC YYYYMMDDHHMM format string
+Date.convertFromYYYYMMDDHHMM = function(d)
+{
+	var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+							parseInt(d.substr(4,2),10)-1,
+							parseInt(d.substr(6,2),10),
+							parseInt(d.substr(8,2),10),
+							parseInt(d.substr(10,2),10),0,0));
+	return(theDate);
+}
+
+// ---------------------------------------------------------------------------------
+// Crypto functions and associated conversion routines
+// ---------------------------------------------------------------------------------
+
+// Crypto "namespace"
+function Crypto() {}
+
+// Convert a string to an array of big-endian 32-bit words
+Crypto.strToBe32s = function(str)
+{
+	var be = Array();
+	var len = Math.floor(str.length/4);
+	var i, j;
+	for(i=0, j=0; i<len; i++, j+=4)
+		{
+		be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+		}
+	while (j<str.length)
+		{
+		be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+		j++;
+		}
+	return be;
+}
+
+// Convert an array of big-endian 32-bit words to a string
+Crypto.be32sToStr = function(be)
+{
+	var str = "";
+	for(var i=0;i<be.length*32;i+=8)
+		str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+	return str;
+}
+
+// Convert an array of big-endian 32-bit words to a hex string
+Crypto.be32sToHex = function(be)
+{
+	var hex = "0123456789ABCDEF";
+	var str = "";
+	for(var i=0;i<be.length*4;i++)
+		str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+	return str;
+}
+
+// Return, in hex, the SHA-1 hash of a string
+Crypto.hexSha1Str = function(str)
+{
+	return Crypto.be32sToHex(Crypto.sha1Str(str));
+}
+
+// Return the SHA-1 hash of a string
+Crypto.sha1Str = function(str)
+{
+	return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+}
+
+// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
+Crypto.sha1 = function(x,blen)
+{
+	// Add 32-bit integers, wrapping at 32 bits
+	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+	add32 = function(a,b)
+	{
+		var lsw = (a&0xFFFF)+(b&0xFFFF);
+		var msw = (a>>16)+(b>>16)+(lsw>>16);
+		return (msw<<16)|(lsw&0xFFFF);
+	};
+	// Add five 32-bit integers, wrapping at 32 bits
+	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+	add32x5 = function(a,b,c,d,e)
+	{
+		var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+		var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+		return (msw<<16)|(lsw&0xFFFF);
+	};
+	// Bitwise rotate left a 32-bit integer by 1 bit
+	rol32 = function(n)
+	{
+		return (n>>>31)|(n<<1);
+	};
+
+	var len = blen*8;
+	// Append padding so length in bits is 448 mod 512
+	x[len>>5] |= 0x80 << (24-len%32);
+	// Append length
+	x[((len+64>>9)<<4)+15] = len;
+	var w = Array(80);
+
+	var k1 = 0x5A827999;
+	var k2 = 0x6ED9EBA1;
+	var k3 = 0x8F1BBCDC;
+	var k4 = 0xCA62C1D6;
+
+	var h0 = 0x67452301;
+	var h1 = 0xEFCDAB89;
+	var h2 = 0x98BADCFE;
+	var h3 = 0x10325476;
+	var h4 = 0xC3D2E1F0;
+
+	for(var i=0;i<x.length;i+=16)
+		{
+		var j,t;
+		var a = h0;
+		var b = h1;
+		var c = h2;
+		var d = h3;
+		var e = h4;
+		for(j = 0;j<16;j++)
+			{
+			w[j] = x[i+j];
+			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=16;j<20;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=20;j<40;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=40;j<60;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=60;j<80;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+
+		h0 = add32(h0,a);
+		h1 = add32(h1,b);
+		h2 = add32(h2,c);
+		h3 = add32(h3,d);
+		h4 = add32(h4,e);
+		}
+	return Array(h0,h1,h2,h3,h4);
+}
+
+// ---------------------------------------------------------------------------------
+// RGB colour object
+// ---------------------------------------------------------------------------------
+
+// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
+function RGB(r,g,b)
+{
+	this.r = 0;
+	this.g = 0;
+	this.b = 0;
+	if(typeof r == "string")
+		{
+		if(r.substr(0,1) == "#")
+			{
+			if(r.length == 7)
+				{
+				this.r = parseInt(r.substr(1,2),16)/255;
+				this.g = parseInt(r.substr(3,2),16)/255;
+				this.b = parseInt(r.substr(5,2),16)/255;
+				}
+			else
+				{
+				this.r = parseInt(r.substr(1,1),16)/15;
+				this.g = parseInt(r.substr(2,1),16)/15;
+				this.b = parseInt(r.substr(3,1),16)/15;
+				}
+			}
+		else
+			{
+			var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+			var c = r.match(rgbPattern);
+			if (c)
+				{
+				this.r = parseInt(c[1],10)/255;
+				this.g = parseInt(c[2],10)/255;
+				this.b = parseInt(c[3],10)/255;
+				}
+			}
+		}
+	else
+		{
+		this.r = r;
+		this.g = g;
+		this.b = b;
+		}
+	return this;
+}
+
+// Mixes this colour with another in a specified proportion
+// c = other colour to mix
+// f = 0..1 where 0 is this colour and 1 is the new colour
+// Returns an RGB object
+RGB.prototype.mix = function(c,f)
+{
+	return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+}
+
+// Return an rgb colour as a #rrggbb format hex string
+RGB.prototype.toString = function()
+{
+	var r = this.r.clamp(0,1);
+	var g = this.g.clamp(0,1);
+	var b = this.b.clamp(0,1);
+	return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+				 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+				 ("0" + Math.floor(b * 255).toString(16)).right(2));
+}
+
+// ---------------------------------------------------------------------------------
+// DOM utilities - many derived from www.quirksmode.org
+// ---------------------------------------------------------------------------------
+
+function drawGradient(place,horiz,colours)
+{
+	for(var t=0; t<= 100; t+=2)
+		{
+		var bar = document.createElement("div");
+		place.appendChild(bar);
+		bar.style.position = "absolute";
+		bar.style.left = horiz ? t + "%" : 0;
+		bar.style.top = horiz ? 0 : t + "%";
+		bar.style.width = horiz ? (101-t) + "%" : "100%";
+		bar.style.height = horiz ? "100%" : (101-t) + "%";
+		bar.style.zIndex = -1;
+		var f = t/100;
+		var p = f*(colours.length-1);
+		bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+		}
+}
+
+function createTiddlyText(theParent,theText)
+{
+	return theParent.appendChild(document.createTextNode(theText));
+}
+
+function createTiddlyCheckbox(theParent,caption,checked,onChange)
+{
+	var cb = document.createElement("input");
+	cb.setAttribute("type","checkbox");
+	cb.onclick = onChange;
+	theParent.appendChild(cb);
+	cb.checked = checked;
+	cb.className = "chkOptionInput";
+	if(caption)
+		wikify(caption,theParent);
+	return cb;
+}
+
+function createTiddlyElement(theParent,theElement,theID,theClass,theText)
+{
+	var e = document.createElement(theElement);
+	if(theClass != null)
+		e.className = theClass;
+	if(theID != null)
+		e.setAttribute("id",theID);
+	if(theText != null)
+		e.appendChild(document.createTextNode(theText));
+	if(theParent != null)
+		theParent.appendChild(e);
+	return(e);
+}
+
+// Add an event handler
+// Thanks to John Resig, via QuirksMode
+function addEvent(obj,type,fn)
+{
+	if(obj.attachEvent)
+		{
+		obj['e'+type+fn] = fn;
+		obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+		obj.attachEvent('on'+type,obj[type+fn]);
+		}
+	else
+		obj.addEventListener(type,fn,false);
+}
+
+// Remove  an event handler
+// Thanks to John Resig, via QuirksMode
+function removeEvent(obj,type,fn)
+{
+	if(obj.detachEvent)
+		{
+		obj.detachEvent('on'+type,obj[type+fn]);
+		obj[type+fn] = null;
+		}
+	else
+		obj.removeEventListener(type,fn,false);
+}
+
+function addClass(e,theClass)
+{
+	var currClass = e.className.split(" ");
+	if(currClass.indexOf(theClass) == -1)
+		e.className += " " + theClass;
+}
+
+function removeClass(e,theClass)
+{
+	var currClass = e.className.split(" ");
+	var i = currClass.indexOf(theClass);
+	while(i != -1)
+		{
+		currClass.splice(i,1);
+		i = currClass.indexOf(theClass);
+		}
+	e.className = currClass.join(" ");
+}
+
+function hasClass(e,theClass)
+{
+	if(e.className)
+		{
+		if(e.className.split(" ").indexOf(theClass) != -1)
+			return true;
+		}
+	return false;
+}
+
+// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
+function findRelated(e,value,name,relative)
+{
+	name = name ? name : "tagName";
+	relative = relative ? relative : "parentNode";
+	if(name == "className")
+		{
+		while(e && !hasClass(e,value))
+			{
+			e = e[relative];
+			}
+		}
+	else
+		{
+		while(e && e[name] != value)
+			{
+			e = e[relative];
+			}
+		}
+	return e;
+}
+
+// Resolve the target object of an event
+function resolveTarget(e)
+{
+	var obj;
+	if (e.target)
+		obj = e.target;
+	else if (e.srcElement)
+		obj = e.srcElement;
+	if (obj.nodeType == 3) // defeat Safari bug
+		obj = obj.parentNode;
+	return(obj);
+}
+
+// Return the content of an element as plain text with no formatting
+function getPlainText(e)
+{
+	var text = "";
+	if(e.innerText)
+		text = e.innerText;
+	else if(e.textContent)
+		text = e.textContent;
+	return text;
+}
+
+// Get the scroll position for window.scrollTo necessary to scroll a given element into view
+function ensureVisible(e)
+{
+	var posTop = findPosY(e);
+	var posBot = posTop + e.offsetHeight;
+	var winTop = findScrollY();
+	var winHeight = findWindowHeight();
+	var winBot = winTop + winHeight;
+	if(posTop < winTop)
+		return(posTop);
+	else if(posBot > winBot)
+		{
+		if(e.offsetHeight < winHeight)
+			return(posTop - (winHeight - e.offsetHeight));
+		else
+			return(posTop);
+		}
+	else
+		return(winTop);
+}
+
+// Get the current width of the display window
+function findWindowWidth()
+{
+	return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+}
+
+// Get the current height of the display window
+function findWindowHeight()
+{
+	return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+}
+
+// Get the current horizontal page scroll position
+function findScrollX()
+{
+	return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+}
+
+// Get the current vertical page scroll position
+function findScrollY()
+{
+	return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+}
+
+function findPosX(obj)
+{
+	var curleft = 0;
+	while (obj.offsetParent)
+		{
+		curleft += obj.offsetLeft;
+		obj = obj.offsetParent;
+		}
+	return curleft;
+}
+
+function findPosY(obj)
+{
+	var curtop = 0;
+	while (obj.offsetParent)
+		{
+		curtop += obj.offsetTop;
+		obj = obj.offsetParent;
+		}
+	return curtop;
+}
+
+// Blur a particular element
+function blurElement(e)
+{
+	if(e != null && e.focus && e.blur)
+		{
+		e.focus();
+		e.blur();
+		}
+}
+
+// Create a non-breaking space
+function insertSpacer(place)
+{
+	var e = document.createTextNode(String.fromCharCode(160));
+	if(place)
+		place.appendChild(e);
+	return e;
+}
+
+// Remove all children of a node
+function removeChildren(e)
+{
+	while(e.hasChildNodes())
+		e.removeChild(e.firstChild);
+}
+
+// Add a stylesheet, replacing any previous custom stylesheet
+function setStylesheet(s,id)
+{
+	if(!id)
+		id = "customStyleSheet";
+	var n = document.getElementById(id);
+	if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+		{
+		if(n)
+			n.parentNode.removeChild(n);
+		// This failed without the &nbsp;
+		document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+		}
+	else
+		{
+		if(n)
+			n.replaceChild(document.createTextNode(s),n.firstChild);
+		else
+			{
+			var n = document.createElement("style");
+			n.type = "text/css";
+			n.id = id;
+			n.appendChild(document.createTextNode(s));
+			document.getElementsByTagName("head")[0].appendChild(n);
+			}
+		}
+}
+
+// Replace the current selection of a textarea or text input and scroll it into view
+
+function replaceSelection(e,text)
+{
+	if (e.setSelectionRange)
+		{
+		var oldpos = e.selectionStart + 1;
+		e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+		e.setSelectionRange( oldpos, oldpos);
+		var linecount = e.value.split('\n').length;
+		var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+		e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+		}
+	else if (document.selection)
+		{
+		var range = document.selection.createRange();
+		if (range.parentElement() == e)
+			{
+			var isCollapsed = range.text == "";
+			range.text = text;
+			 if (!isCollapsed)
+				{
+				range.moveStart('character', -text.length);
+				range.select();
+				}
+			}
+		}
+}
+
+// Returns the text of the given (text) node, possibly merging subsequent text nodes
+function getNodeText(e)
+{
+	var t = ""; 
+	while (e && e.nodeName == "#text")
+		{
+		t += e.nodeValue;
+		e = e.nextSibling;
+		}
+	return t;
+}
+//# -------------------------
+//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
+//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
+//# Subclasses must implement:
+//# 			function getTitle(store, e)
+//#
+//# store must implement:
+//# 			function createTiddler(title).
+//#
+
+function LoaderBase()
+{
+}
+
+LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
+{
+	var title = this.getTitle(store, e);
+	if (title)
+		{
+		var tiddler = store.createTiddler(title);
+		this.internalizeTiddler(store, tiddler, title, e);
+		tiddlers.push(tiddler);
+		}
+}
+
+LoaderBase.prototype.loadTiddlers = function(store,nodes)
+{
+	var tiddlers = [];
+	for (var t = 0; t < nodes.length; t++)
+		{
+		try
+			{
+			this.loadTiddler(store, nodes[t], tiddlers);
+			}
+		catch(e)
+			{
+			showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+			}
+		}
+	return tiddlers;
+}
+	
+//# -------------------------
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string, 
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines 
+//# Subclasses must implement:
+//# 			function externalizeTiddler(store, tiddler)
+//#
+//# store must implement:
+//# 			function getTiddlers(sortByFieldName)
+//#
+
+function SaverBase()
+{
+}
+
+SaverBase.prototype.externalize = function(store) 
+{
+	var results = [];
+	var tiddlers = store.getTiddlers("title");
+	for (var t = 0; t < tiddlers.length; t++)
+		results.push(this.externalizeTiddler(store, tiddlers[t]));
+	return results.join("\n");
+}
+//--------------------------------
+// TW21Loader (inherits from LoaderBase)
+
+function TW21Loader() {};
+
+TW21Loader.prototype = new LoaderBase();
+
+TW21Loader.prototype.getTitle = function(store, e) {
+	var title = null;
+	if(e.getAttribute)
+		title = e.getAttribute("tiddler");
+	if(!title && e.id) {	
+		var lenPrefix = store.idPrefix.length;
+		if (e.id.substr(0,lenPrefix) == store.idPrefix)
+			title = e.id.substr(lenPrefix);
+	}
+	return title;
+}
+
+TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
+	var text = getNodeText(data.firstChild).unescapeLineBreaks();
+	var modifier = data.getAttribute("modifier");
+	var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+	var c = data.getAttribute("created");
+	var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+	var tags = data.getAttribute("tags");
+	var fields = {};
+	var attrs = data.attributes;
+	for(var i = attrs.length-1; i >= 0; i--) {
+		var name = attrs[i].name;
+		if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+			fields[name] = attrs[i].value.unescapeLineBreaks();
+		}
+	}
+	tiddler.assign(title,text,modifier,modified,tags,created, fields);
+	return tiddler;
+};
+
+//--------------------------------
+// TW21Saver (inherits from SaverBase)
+
+function TW21Saver() {};
+
+TW21Saver.prototype = new SaverBase();
+
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler) 
+{
+	try {
+		var extendedFieldAttributes = "";
+		store.forEachField(tiddler, 
+			function(tiddler, fieldName, value) {
+				// don't store stuff from the temp namespace
+				if (!fieldName.match(/^temp\./))
+					extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+			}, true);
+		return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+				tiddler.title.htmlEncode(),
+				tiddler.modifier.htmlEncode(),
+				tiddler.modified.convertToYYYYMMDDHHMM(),
+				tiddler.created.convertToYYYYMMDDHHMM(),
+				tiddler.getTags().htmlEncode(),
+				tiddler.escapeLineBreaks().htmlEncode(),
+				extendedFieldAttributes
+			]);
+	} catch (e) {
+		throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+	}
+}
+
+// ---------------------------------------------------------------------------------
+// Deprecated code
+// ---------------------------------------------------------------------------------
+
+// @Deprecated: Use createElementAndWikify and this.termRegExp instead
+config.formatterHelpers.charFormatHelper = function(w)
+{
+	w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+}
+
+// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
+config.formatterHelpers.monospacedByLineHelper = function(w)
+{
+	var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+	lookaheadRegExp.lastIndex = w.matchStart;
+	var lookaheadMatch = lookaheadRegExp.exec(w.source);
+	if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+		{
+		var text = lookaheadMatch[1];
+		if(config.browser.isIE)
+			text = text.replace(/\n/g,"\r");
+		createTiddlyElement(w.output,"pre",null,null,text);
+		w.nextMatch = lookaheadRegExp.lastIndex;
+		}
+}
+
+// @Deprecated: Use <br> or <br /> instead of <<br>>
+config.macros.br.handler = function(place)
+{
+	createTiddlyElement(place,"br");
+}
+
+// Find an entry in an array. Returns the array index or null
+// @Deprecated: Use indexOf instead
+Array.prototype.find = function(item)
+{
+	var i = this.indexOf(item);
+	return i == -1 ? null : i;
+}
+
+// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
+// @Deprecated: Use store.getLoader().internalizeTiddler instead
+Tiddler.prototype.loadFromDiv = function(divRef,title)
+{
+	return store.getLoader().internalizeTiddler(store,this,title,divRef);
+}
+
+// Format the text for storage in an HTML DIV
+// @Deprecated Use store.getSaver().externalizeTiddler instead.
+Tiddler.prototype.saveToDiv = function()
+{
+	return store.getSaver().externalizeTiddler(store,this);
+}
+
+// @Deprecated: Use store.allTiddlersAsHtml() instead
+function allTiddlersAsHtml()
+{
+	return store.allTiddlersAsHtml();
+}
+
+// @Deprecated: Use refreshPageTemplate instead
+function applyPageTemplate(title)
+{
+	refreshPageTemplate(title);
+}
+
+// @Deprecated: Use story.displayTiddlers instead
+function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
+{
+	story.displayTiddlers(srcElement,titles,template,animate,slowly);
+}
+
+// @Deprecated: Use story.displayTiddler instead
+function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
+{
+	story.displayTiddler(srcElement,title,template,animate,slowly);
+}
+
+// @Deprecated: Use functions on right hand side directly instead
+var createTiddlerPopup = Popup.create;
+var scrollToTiddlerPopup = Popup.show;
+var hideTiddlerPopup = Popup.remove;
+
+// @Deprecated: Use right hand side directly instead
+var regexpBackSlashEn = new RegExp("\\\\n","mg");
+var regexpBackSlash = new RegExp("\\\\","mg");
+var regexpBackSlashEss = new RegExp("\\\\s","mg");
+var regexpNewLine = new RegExp("\n","mg");
+var regexpCarriageReturn = new RegExp("\r","mg");
+// ---------------------------------------------------------------------------------
+// End of scripts
+merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
+merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
+merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
+merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
+merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
+// ---------------------------------------------------------------------------------
+//]]>
+</script>
+<style type="text/css">
+
+#saveTest {
+	display: none;
+}
+
+.zoomer {
+	display: none;
+}
+
+#messageArea {
+	display: none;
+}
+
+#copyright {
+	display: none;
+}
+
+.popup {
+	position: absolute;
+}
+
+#storeArea {
+	display: none;
+	margin: 4em 10em 3em;
+}
+
+#storeArea div {
+ padding: 0.5em;
+ margin: 1em 0em 0em 0em;
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0; 
+ border-style: solid; 
+ border-width: 2px;
+ overflow: auto;
+}
+
+#javascriptWarning {
+	width: 100%;
+	text-align: center;
+	font-weight: bold;
+	background-color: #dd1100;
+	color: #fff;
+	padding:1em 0em; 
+}
+
+</style>
+<!--POST-HEAD-START-->
+
+<!--POST-HEAD-END-->
+</head>
+<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
+<!--PRE-BODY-START-->
+
+<!--PRE-BODY-END-->
+	<script type="text/javascript">
+//<![CDATA[
+if (useJavaSaver)
+	document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+//]]>
+	</script>
+	<div id="copyright">
+	Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+	</div>
+	<noscript>
+		<div id="javascriptWarning">This page requires JavaScript to function properly</div>
+	</noscript>
+	<div id="saveTest"></div>
+	<div id="contentWrapper"></div>
+	<div id="contentStash"></div>
+	<div id="storeArea">
+<div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200702250319" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.0.0@@\n\n!!__SSL Library__\n\n    * AES should now work on 16bit processors (there was an alignment problem).\n    * Various freed objects are cleared before freeing.\n    * Header files now installed in ///usr/local/include/axTLS//.\n    * -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n    * removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n    * SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n    * malloc() and friends call abort() on failure.\n    * Fixed a memory leak in directory listings.\n    * Added openssl() compatibility functions.\n    * Fixed Cygwin 'make install' issue.\n\n\n!!__axhttpd__\n\n    * main.c now becomes axhttpd.c.\n    * Header file issue fixed (in mime_types.c).\n    * //chroot()// now used for better security.\n    * Basic authentication implemented (via .htpasswd).\n    * SSL access/denial protection implemented (via .htaccess).\n    * Directory access protection implemented (via .htaccess).\n    * Can now have more than one CGI file extension in mconf.\n    * &quot;~If-Modified-Since&quot; request now handled properly.\n    * Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
+<div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
+<div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="200702242333" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the _stage directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage directory//, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed\nand the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="CameronRich" modified="200702250320" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Permissions Checking__\n\nAn mconf option. This will display the various file permissions to standard output of files in web root.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+</div>
+<!--POST-BODY-START-->
+
+<!--POST-BODY-END-->
+	</body>
+</html>
diff --git a/www/index_files/crypto_2600des.gif b/www/index_files/crypto_2600des.gif
deleted file mode 100644
index 10610c126672508362a8a2b4e97fff49f4d2bf21..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 15768
zcmWk#cUV)&*S`0rlS&JrCZP!uAXMojp-V9o5roxHL`2kpsGz7fjiMl-s352TQBhep
zA}aRKgQ6P{U0iVuf{Lysc662B=Qn@MKQqtFb7sza=A8GOiHHjK@y+N4HUTey|8FRO
zLPSzYI2s9IO~f(`Q6{EnnvtHV8Ntj5#WY1(8xxooL?%_=+(O^N($tcwZ*6H{ZDnf5
zz!)=$7S<SRYm&9KfrX=yg{_%|lexLIq0M4rJ6kh*Cv!(POH;P7y}PB8qj|KGwV8_(
z-QIdJ%f@+;gT3=&cMn@ruf^t`wyvH|ZvHF}XSTa1o9^YlB*4Qvz}Lscp6B8a>SY`5
z%L?=M2n+BC3-k-;EOO>Kdxf(tLp;5synI6aeU=7zCj|O(ox?*t!$bYUqXQx${jw8+
zB7#ErOGA8Pm-;4!`X)#FB_{@^C;FzP1cZe|#e^=6SsEJ`p0O+@D={oOH8eUgI&Ni5
z-16|O)YzQZ_=LEmtmTREX^9ETQ<KwIE>BHbvob9wGbSJ-As{C`Ff%4PD=8swIe$%B
zQdUw{PI^w^s+fZG{PfJk-!gLYGlTQj1s3K6tjkKy&r8Y9%w3<oHal;9eqLT-R^sOM
zDcjet*t{lp^ZNDM^Yb?p3O8=wSX`J|T9Q^&xM|1cO*^(17UqbyY$z+<EGyknCf>MQ
zyiq7EN|EhIlx*23E8SdIQYtPIOG?Z4l$Py)3wMb3R!UaNB%Ak2i>mf)sh4hT*t@l=
zcK6XkNeAjnS`KYJwr_V^UD2^a+m0$qI@))hIlcRG*NzHl`QE*idn=FCmF;P$+EZ8F
z+E8_3UwutwQ)5FzO>=!sb8~G|eS34uiMIVU?Jf0+1D(g4PaHm0bENIWky9s59;-id
zX8);Ur_Y=@-F5s>SLgoo?Z?h{p6)z%=&bV0h4cHbUOjZ-{OPORzhAt1_WIR}XHWEX
zpY6NcHFV|bK>sCq|MkZH3!VMfF7#a=n7G-0t+(SwU$45q>GrLr;r{N?+kf0sH;)aT
zn;8A$uZR2px_9Bx!}G%fL$_~@j13LnyEFFS&*{74xBr@$c=YJ6hYy}Ue*AQ1>iYCw
z_ntnUoPPZDpXn?AOh0`5R69F!^ZCr=>sJq+%{+hg^7)5X|Ga<w@4F9A-s#?d{`mK&
z_pg2_Kl2+B{C^NI7mPwS2}=sst<5cBq-Nx9+Qei;ZOj5#|3CQuSm9t703wzR10s<G
zgK{wH5Ni8GIHr4gg|IEO5=}~q@eu%n5>$xUM1_89gdFE=J<!9R6&*w^xz%!coY9B$
z*<3d8P@XebMkgYbjsRCIMo?_+BH6ZT!&U5&grWR#95RgFEf){%GqKPo2!J}&Z4)PY
zrj-x#_=W~DgtMxCm^3?ftYBu`*)LHASI0H)A$GmkN9UzvMzW)z$lt`4D1nZ_w;gZ9
z9a`AncTfvTL`;vzP4CaEMa5)$=lSDtjqC*BE!}jRtcvOk0~zAuTro8$E>a`78dgPJ
zv{I@50j%vkW?6kpx?sWmi22LVClWr~UuL){XhERHjTgqW**9o1K9-ZFMxEwpjpp@I
zo4BTmQkOj$HGiaD`qV~nvQPq{`YE9znUQZdqZha16HiUQ)Wb#o=5Xgl%jWy0UVnkK
zc@;15sHtKA6IL=m_1or`*-2a|TQsyMLZ<Hh?Z%d^E5Ya2CvBib9imG6L)m>xnF-wj
z`98(EEhCFMIUi6YgNYRtcn;@jIZ4Jo7ULrLN6yj9Py<$YRu2bb8EzEci*EeXRpnMW
z%Rjy+yvcj@mMy6V4R^Ba0i>nHwTgN$$JVsJZFmgC=`T?;LN+94LzTw9tUYOZ6@zR^
zdtG?OFb>BS<i-&_%MG`FdXv49yI@{b7)`J$7DCjc^W%80N0feo?}b@K24oT7(2K4+
zBJaalDRm&WX-cR<5F_PHWcj@6H<U%X4r!k}h3(&NVWEO-p)Uqn=htn0Xlm}PAKsiB
z86QfRneGM@H%?ty3^_Fv-ln=t*!L5HbhR?V=geuH$*xkjL8F}gGPLcxoOmiV?^D}d
zTVq>!UR(?<o{O+r_%?NB>(7_&=$KK1Xsd1WD(SCIe2cgtqifXlCh&2ub!bY46m#aO
ztq4i8V28PFo2n3*osW#?qD+A?@g@tS_b7b}PYnk}^Qnuq-<|SzwELxi4{G{Oi}QDk
zO-fZfOeTFz-a?MeAGdm+3@-d8GGj61S>xnVEl)ooCOs5ymE!*aL341C^%J`I`4?!w
zzTV;l>3U}^j<r*?=~NKE^MZ(KE5bDF0OrU4NDKl`TiCj+>!r_D{I=P+<%kMh!(OPQ
zm#M9zWtQne@C^<5r|7YZ&%Zocm^9D|ot$J4?RvA_9i8s`#i0;&+U4if(?vb}E2r=L
zt_Z*R=lQ#SaoIIL1GXN<?*kX@&IPnrmV<W6Ospx55qEma1=YygUE6vAA<S@eq=~rM
zzI%;sS<6-_5N0!2rmu#(ub@F_F)_d2{kxX6wxFDJ%7I7H6X{u}Yd4$o`*61yRU2$2
zw1ry^OuGq28+Z9KVh1q9x}igzinPW*$n4!fXfJb}5(G@PKAvv$wzAh#ZvOdS3-Bf!
zS)S2~J+xl%(MJQFFXrln3Pe~xHiuB8MbPI|mTo$fO}2J3b8{2JT-c9^6zsg%b%)TV
zp|XmZ1YwWF@)M(~DCI+4<F$6b@m^Blr&dI?Ihp>Jjf(xzOTIpb(pP^GnW}Z(^@~aP
zI0e#6(Mw+Y1HiC_{R}0Ouy#~T2j0v23)Dc2|Ex>!UlvF;U`U^&Zad`RKz$tzo%(O;
zNr2)uc;xM-KmOxDsg%8Gxf|iDQYq`AN}N;4DR7@V@m*E97@5DeIB#LD-|{;jo7$Oa
z&>#q7WuNm-oy;_U$q0AeZe!{xJZANZjiDm>&Tp$?^vYDczX;5-Ogj!*42M!a$T2&q
zZIpa|2n{R3xK>S9qv}DDyr1>f;`mn2TVs%|@WNe71G#|~CiwBMm}dh1tXv5HS`C_%
zPFIBsvuSe*bg+V_pQl)Csi%*RRw|&PS(RnriecnJ^}cKA_89AJqMNOw4mUzn=s6*#
zpVLN>>iVO;ey`rqI72F_2xAd4FxC!S^LY-2o#`g7U5;O4#z)u^GO#x7Z;$OzcQ9-p
zmV38P6LJLzGmX65t*DpOv0P#`t|$-cV4jK2T@c}*XRxuQc2m$Z3!g`a{ENirb~pTI
zf%ayg+~(k{)w({+5l*>lm58{WkDzN5XzOh4g{|s7lh-;KyGkUyu&&pnive}L-wJbo
z2i}ApSdz8ixJ#`p56I<8F%C?$UL=fJU_f4zA(pRuFfO)BVv*U?WO^=_)>dXnkoHni
zte=}SXr!H6zvA;$poRT&S!F?n-ckWg=07EVl$j_WFjKsSzFxX`D-L&56UzLdEtgYy
z<Wp({@nMNaU_cu=auPO^Gls{WtFV!5G2TyyunL{t$kK`|mcS98y%o43pS8bxDw7|M
z+&!U><XZN~uOfRCSMHC)3+x{S`}8ds#PE3$$&7u3QITaqWJ?1_Gon^ZMJ~tkLCYeA
z)L+Ahz^MCd_pndd7Zno{G+aW0l6JXEpqHtI?wl4%)OTPK*Qa;G9-;Vo3~ABsV-|h|
zdqI68R_wbN!$Sx5*gq=;0*WWrJf4fZIQR2?(P_g+r@@0F<*to`PDdU;;afNy?&;iQ
zUPw}W-f`^f-$r;i5=E_$1=9t^zCl=t$<(5*CyZtKSv|3PRiglV5d+&L=ts32W=b8_
zc(^&<%4;z&xY<}93PX2l7OIVQ+&;b>idq_tJYu4%dj1b??H*o3X8qyr#gOCXxU1{h
z-8uI!E)Rw-s}`JXObEs;4q@wh?WJ5S=H+wT6ZNobI0KHE=%;tEL3f=S$r-D_O(`S1
zHp+=Rda{h)9S9E`XQDNqM(n=?aiGW#pFZ$QXDwdUf^h)y$)r8GNQJQaAi%PPD&YOO
zD}nLh7?xnolgL_i!jV<)?_!4ngqWngvt5hKqJ|@WZ>u?_*r+3f4Kv<YmHrmG@!-jm
zLlMtvVO-w~Lb~n_DkqbA%L-_=Fna5YW{65Pq&=>aXslwgjMdh3NlY8}c2SE6Mf|fX
z3QnS`@~4d2_(*a^dw^bU>d^WN0D3e6&EdckmawI13KvKm#-sZZLCwk6pu>v(j~5p1
zSs-!&JYBvW6S;f?303;!zkd=bac-5lBqt9BP3GRN-Gmef^b$XZ&~7M~mtQ}J<HDe=
z5`*Dz(OUBdwYYq_jfo1v_n}wIF^#ZZ2M7BkEUEGyWX|4|!?O%BprLD5JJ_!fvr#+v
zNVF16<?lM(1;xNXXIAMV4mM2#aHe<eg3%8BiN#W|NPrMN^H0$&$0*P>N=y?a_IRCP
zdAniJK|@mpwvU0|5{8xOR!Rl<^8y5hf^32HWI~Li4Am*eT4~v5p1O8Qkmq5&`ml|7
zBX1nVI-JcxYf-}t{7wMZB*$Ii5V|zwG7Y9vh`+4EEQD&IMOs7<#oguH#^-A-Z%jkU
zTKCDXsOvB`Oy#qo!1wBKZhe>keUJ6l42Y!!#r*OM2~Kn&Vyh69oa5ZLIjOVG)%v_O
z^<V*AiA)T`%3)kR8`t>@x;j)YjB<xjJyH}`ka*&OD-M8U6z`k$K#&l#gyU_jf)dz>
zi`G^&xxI@VRiuH)DrlE7;5@^lUky>^fap{5R*`Y$W-vQ(qst7mmf_y8*)QuO5NNlB
zEQG>g^lAnwI@xz`F6s{%%2x;xH5=jXyqh944O_GBneTjx-|zjv`U{|i0Aj%wHaM%C
zr%<=3#94q`&ByMZvm0SAxP~bZetcxG!Yxz_F6Luda@6fHz*2!uWp65akeu!j_{KIl
zV-P&iVSGsCG{GU<Qxa!5gpER<{shW@b%x#Zi_n^SwKTRf8ST!eEYiuhO~i`(H!ST3
z|5m4AbeLQ@pxPQ#+HIk^7rb)T{8hg@Sq_$DFL77-#4`}#0#q|LCQn6NWW?K7!kYz}
zUJ6JRoQMZqslFe;r2F7ck4*t=X)u5cQu%}nmn<1@zWvGfW-I!T)<vep$FA@@&}%u_
z?RnLcLlyu<{MB3;$bIH}wBL^=hl=F5TzUAwIJoyCrb~+n)%dSH9$~4ATlFAdwF<eV
ze*NQxhWx1{r#0xBd)Yt`AG2lokq$ZGmYkphg3hzEnsvmcfweCcq<3<Bf``?Eaf?zN
zDz-N;fCFyuqQ)uE&x`}FQv;_8l2+84ySH1YMZuQCmS?{<Uq|hOZBZS<RqF>qQw3(1
z3c4{3I>U-Crd#T9bP7;=IynLdqgqtZHB`8<1}SG)^(RMc*a9A%-sm%i{BIVst{%5d
zzFY?2&am+}Rp{0kNV^$RI**dIfkkqZi%^)E1?*7Z%Cwjk1)*P#Xv#njYcamU^$#|i
zN1X7z*cWc&7kFmo#Cln<)fN*gF_>PK#`@As*Mj3CnLj_CxLKLM>f*_T=u;;L`%adc
zCI3^>4BrE-G{HH>NjcBl%RT_HO3d~PD`W!f9-w`iPySblN?5yLv4;2&AU|iEwkV0b
zVu~-KpyhJBmwIs%7xRQooRFWnvXnR@hyu5gbvja01IgBtBtL;R(OGmpWj^M$<{77N
zTAbeLy-Dj<-iAhAvPZb_^DgNl<0;5gfk!Go%pC?(8ED5fm|a@LhyyCu9l=tdDHUz+
zyQ6Dfbu@d#dL<x#Ir&%E`1R+}8}<W>VZvu2xt!v5Df8q~4tAP>&Jd8_0pwlFB`)W|
zRh;@P7;)@7Fr$W?7^r{B+H#nvU>zby96{+v`N$U_mmSa&$SR(VO3<O)6OkR_omynv
zlr&;m6fso<Sqq`uI*a3TEK@D(pGvS^Y~OYYG*cjTi&3lORTqm|rqSpkIG{|9@tp+2
z0Hjz*%%ms;(v#2r$`_Rzn(1&~VDf^Tbd`c%r64ZA<l@`puL{yEzv3R7^p#HxWz&7#
zSFBgqJ?QepX;E+c^wtXzVOrF~duCDrE|ZNu&qilBA%twS9|aY!LZx$dtUJ@`h-m5k
z)*Nv>|Lzq(?x3eOyZP_-E9YlAov6uouXs|Fc|Xr*23_!+atDV`#QNXP%uQnr{2TkI
zJMZ$Dm{<3FO#t~ipIGMkps0m<!_(scNwaaHZprSh>#ki!CF6^hour(3Z^D`p{Wny+
z5@Tw=$gIf3a5rcacgcXFZ?;=x)a*w2*kkzPxvBM6>G8JC#fb$D+pHY81*UyBznB}G
zaWmUeAbH+v`@D70&%N8e`ENT2iV-U|QQU5_GYgwVAW6xp5veS$nW0{bVtQ@AY_+nk
zy}9C~>V?R}2D1${4K^GA@+hQN9K5Fjtkx3W!NgNq%>6Y0MS<)4j?sfrkND(EDo{)z
zeI5Zh9O64RAwXgF)L;0&M~0+UBigweu3g8N;02DB{R-S#q{DPDP~J2|o`QLR3FPsy
z+cJSD{Yt0An+tA){@_ANQ~Z`Kpy8JXkSX5Z8OBH{sFe3WA|EFOLP~_tkK3qIoRo8N
zy(mE`q(A~<bd!qEDM#=lOpq%m`cdkH^1TipIg^)|x4v#dtH1;RZSWDjN@(1*|0X2g
znz+r3%)#^(T9M^dsgy-3SZ_&!QB#3cSS{p{hV)QG$1u%2@`K9zHZcn#eUV6?4D+RI
zlm{EJ{@RYdr{ES2)^-iX)yu6>V<u5zQk0nGekOY`+qYrNwr@6~uiX`s>on485qg_N
z=BL@LwafspWd#^_Ah+$(A~z1kheIjV5%1=kMTl6<g%;5s^xu;0Am&J;PVby<L2or+
zQZ~h89NhAt_w0vU;K1U$&$9|#K3E%2GMA5AuS;;CV+{@$7zK3MGA~&(M3&6XPJ0Rh
zb>0WN4)D;T_Hs|Qp2Xd3M>nximNta=E?fv)BfKv~4Q(K)N=FK8&K@)!dZBtSTo9Dt
z+rQt!(gWYevs%U>7Q}EJHH-(D!%r*__Hy$&1N686Z>g|O_=(FGLKI4@nId{vy4R{u
zcylcfsKk{qP*!~B7mb*|1ccQ}iyF{6R)Kq{BJ^?y{>Ka#D=}ZnaS2*M3LiTlC)5jV
ztW=@f_~#Gwp?9j#$yx}n(zIwX+m-gWMTV{-q4BUO>*>w01uBxGJv=D|Vzr3%YoH5#
zP>vjzK(VSnXtCEldK$E{QeswUt0q2xF>-LMY_Y(**)qWrr$ImBH`R-F7PdkX4gQP{
zbAyk>D4OI-%u)@ujDg)NM<r@6?9yQ3<<L%`CbnWHO&;$%4wzDqP3#lNa#Y%O-x4k2
zV}_F>B{sSZxk?y*$Yay_CL4lg<G*O|z;?_jgUrI-#fx;P_4%k21u~wGxlX~SDJwT}
zF$N#j8Xs?70!Z}N`K)z-BBqh451_@z{FXkBDTey_@})A}^d&{Wbs%&CAXEyd&D#?i
zH6iD8;8H&JfNU{Q2)OHTGA-yj1}%6dA#H5Hk0&4nyZY!1OJhwqBV4fyz{yq1%2ax<
z`VK|pd#<gW41Z(2yH2oFfL-zw;;~OZ+X_4+t}r-_Y-j7?kNsW`AzL`O{yU-6_NENy
zNOcN`)(P&`U7U@lQ1hRRo~~d4ZmZ?E>o6`~hucsfYhvRoRm;yQR`>vInIEfOYzBfD
zDd$w^`{CY8x}wPn@X)bXoC0}5skc#J`)UFo|Fo=b3qdYN?*fqb`@tQOd!s}9b5-M^
zB4;ZdMXwbK)&OX2#p^Xjk6RC66_{|orl)sHmkPT(^Z~otaCB`<5ACs;7PS-Uwo8u5
z<6s9>xE*Z#C})9io?YdcgA7+l$8WE~aiCJ=VjBMiONVhfTGIOL?CyT#76m#H9^q*4
zLlnG}f5gCn(ZxY(D_`nW2bWDq-^zfcf~S*i-b@7Y#Md>ZUqAgGUA^BXEJ1~SkzI3o
z1j$pZ>iN9rep}C;z3!>Q%!M}4`5WqegK5{f3mF=St2%U@kKZGw{xxQ?vC`0%U2O~?
z^K_uO5cikj%^g2)bOO>v2O63AI`dDIhp4O(T<DE!5h;I#4V25@pvtOTaW9ds9LiPN
zC+$c1GW-|R&WHQo6#H$;e!up{<!EAA(CH}WzJq|7+~SRGn7Y*`5x^wC$S>m3!#)V&
z!aH!}3dhCJ-5kLA%2C_+$Wt2pc`g2E_m|UINxS_5M?fSM+1RKgPG}lmIimjf;mT|U
zMn3^h8p0+r0UnI<j6HKlf8WgC5x+R55J*fkOH#q2ewmaQ+@s1|L^wbu(lUEgq7b|n
z-6v8jc;CyDBJFJDKphB)Nfw-WU2h29ij~kJ{6$sna|{bos;xtpxo>=QvHDSX_1`{)
zG3QzrKkXaFRa-Ii;}vcoo}28RsS}E2c*}$z?b|<vjg;fb>~3AJwFoe2X>hh2W~I71
zxo0X<5*+upSs)#Ies(CqUL@MBD7#4u&R8d)<1X9SMbm>5Vcmjb5;nn#6z%RMmg0=t
z&sZ+bc1z&S<X>`kNsm0mwuvG*a!>q<PekAWR!WQfTyGf3)Opt}IT#vIOC27sHed1k
z%2j!z-8+W&HB3^gjThVcfDVcF!B&*IQCL=Kc5Jlpr+(HzxxPNuIFr4JNeEKhm0$w2
zDipUt@EV*p0Qg-WZOzv)>?czIgv9d|AhDm2TbCQgxmO~{lon@O33eP<M2D46_mZ(!
zR0=&ajuvn2BIq2h9bGT%(uxg9B81dK3tJhxk4Y9ibt|`U9Clk|={Vwc@>bEs(zPwl
zW&lnSSQe?WA!+6%sA_{NZ<r=2a|%SY)#QSpj2ibtaj8BDn^hCRh_|V6y}?HyhOE=-
zqDYMcTF_4n^KEcuDM_saKeg6|<X7<$d7gLMmLPJeIG+?ZQxzpmoaxl!ZF!R_MBJMF
z_Xd3F6oVCPliP5m-`k#JH3Hdn35oZE^Pnd7;=``gwfEv*9Nw{u2{EM>6E=JO?{cyX
z*W{Q!^^OW;pG}|1X0&x#SIu*fHD;$(2*!jWL{GHmb*%#Npfd>(Zm5x<qzOy)5!7};
zKiRue$ZTf^FI9*i^Q`9(rZ;*da^C6K_%p6&dsGrIzUt#Z4S!TMJVN4&Nd9ki65~wx
zl*~9ev-TM^mG^Jh;ev(*M~qd8F6xCz&P2%&x`B1;mzTLxYr8+`wGK|Oa%<$`=srHv
zp~Sw->Bl%?AZMf$UnoC5Xu&81NLKS&oL7~KM|OK4Ut_*LC6~cuM$KoN3nm@fNLBRd
znevru>w$aK$dPuk=LCg^yV~I!axwNrQdYfJsd7?}9*W)JJw*w4DH=RL=&lLUyBubk
zxhuo2zNIqbcm+OXzRx5?Da@$ZF!AkpO&b6G4Cyjqy9&-H3-{Hetz<at6TVhuQv4=*
z5Y>PE)Q;Bh2pPTk_IIWn(54!}8e<zQuR$UG(d^txoX|muVZH)xwJY)fkZE=wAPSg-
zBFY_`g)cy*HGdBSTYC?sQDHobUT+ARhp3!!H~VROm||^^mHa~D$Jk3Li$pE9XL=<I
ztqn)m1N65HiS<0!tA3t?4-%oQI$HCPz568-f(kN2g<PfV%cL+6u}W(Uy;hZ$14tdI
zOuxBXTv8hY<#bV?=Pu`D(=?4EY=K>6f*S4H?NFTy7mOx0^j0ur+*Xj7AOsENl!J7O
zVIQ~Dbga7){8WJDp6^mr+G|C)$-Kz5XE^^Zu!BNqkby&J80%F*O~ExXZ?mHRk!J>Z
z%Y@B30fakC(Ub?!IM5<ph(1MFM@BLUt2LpPy05YTnwV13BQet~P>_N7n+U5acqT*2
zFgJmSm;hMGgs9+#6gD$2duEftI`^osg58s|isU%==Eip97JI*540SlxEAC!If33)*
z9YC5C4={)n!18rLO_T!w(gi7q02oE><d}cvWBl#UHQvXK;7>7-Ouha_Q)w@P&Izf)
zewLYz!uVC#K3tpznp1NY|Dx%PI&}zoiaxeUKF1OFU#u|h<n7s>5<+`+K(E8a_Cs4-
z(Wj48Q%?{t?dyxb$#;!dlfOfTwg380JJKXYWL@<>_6fhp>XK((f>jI$pQ8nl0gNh$
zGGH&N#W1sBQV<&kud(suxmNlI{&3)tf(6O8?<#U8R$~8_aZk^)m+UR%8WvGx4lx;e
z5o-|UHy9GfVi4~x?<-d-Bo-WxQyiU$pu2EIol+k~ZftCU8pFkbs-{r2$hb;3U}yy5
z!{JqUSkOYPN<s(CIpae$VrrG0i_P_sv;+z^_J=mXkyo2+)dZMyPh&E;d@7^&(xrmT
zqxnDzRje9hwWxl1<pabU@Au`Nk{BRTN3)Za6|9a7suq=Ls5d5VFq4zy3Q4;CW-A$^
ze4pg+5IgW3>UP{0WTKphvF)d!m2Ph5xnsMP&t;CK8Mt_Ce^#{|bkz2ewyF`9U-($7
zcF>?wC&4$sxCKw0fZQwyVY-~d@VXh;Z5%gS{(J2I)^L%bLeO%129mH@QH#8%YByuw
znJ=Ve?NnIpJ47MvY@9*M=TOu+Er<&h;oX&g(C3wZ?wIN~T~a|ucQH^{OvDzffX6Hn
zK6FJg@l7c*<p&t0$<X4bb;DbRM0$=L+!UFj-?Zy<?Fh2A>S0U;zDtKXli5nH(T<)3
z_m_uKApByl0V`fD4!M*>hUbqm_Jo!Dg&G;kdk{8Otr$%yb0k;DHT@xvuPac<FOD}9
zg<x-XksRG=axO*AK-rXL7<LH;>66+kydOA&U2rI^OLx+oCWu-shnO06#>hek)38L%
zMU1`?GfDw$3yDWLq?2vQXvJ+&_g{P`K#iI9>J>)827d2l_x0QR;x8Ke^wv4zy$hL@
zo^KXt5qAfVJJ^g}VC-Q9$uGv_gmDIz1Bk}Ln?J*w%U)HddNtg-?`K<{Q@E(j3TdzB
zHN{=~?^wg-Ll;Yz`_!I!CXl(X933)CXOQc=epkQ#v{8IMp)(eDHa}0_KKAsPs=S8O
znz!b$UZJm(4pbq3)Egw7$bGi|V)vi235H@3<7`;pj&u}d1%d#-i?oh=@?TJkwW;7;
z!Ds)1vYBnu1cgp|^XgN525^%e^?}uU6(Idla?3^l?4y&O1pl$^dd<R-PxEGX{|xza
z+XItT0Q}B>hK{^>f7$_zXbbpvSxr0mdgtf%OaD#(Z{h36%+3#g(1Tu8Z`wAodf~&+
zvLCv4`%0|6R=wMC@cP@6Prmo9e=;92e)&Dlbz!=N_!%|w*Q*tqwhc!AGgbE2_2;#-
zC93+Hk&0pekIYT~yJqt8^U%SY!{#@&y1@UMgQj=f`14-C@Ud%ikFEmJpl4179y}OL
zJNC-(*Mvpa`h$@|VALk~X~m6i%>kPA!S6Q*5ar-cIsCtm0e3v$+6v%*>u-{(0=^*v
ze_jpvaW(L<P4Jhr>r?eX{pMW6B)mv24!}y-hXSW_k9<kI)?cscy&e2LYvI}}k4uzK
z*Hnhr{_;Qe_G<9VdhlQgYu#LVkpcoWz!xSuRe;cEo}sFdYhXQ|qAZOKA&RS3&B+$4
zCD}@pt>)%?!{8S-q`NZ#{WF}g9r7Rj9E4o-<{K2Gv-4Am9XhaJ1?a^$usIb3@*%%m
zc<jGx?<7ZOcigyEe}kTV@%Dc=Nd$nPK!m^u%L)KY5$AW5=TRgMI@!N!$Ut7Uon7ul
zf$b;Dwlm5te9E>9G0BktJvV%_j|3^;%t&}o1wpftfPoo*ll(rl`X&Y@wdln53Q1-g
zLiitqW5dP@$yI#ov;v{~?r#@$BfS0QH-Gr$%+2WqVEA2sxQ+fk;-qA~ye?sBd7es4
z)JV6}FxI(n>LjMH0zyn8N+Qdh*|6U)GEj%8V%a780CrmRj(J((?TFniH{75A*6V?Y
zR|C5KA-@vPRC$T*vyY8MSkkbdgQ$3lM+pVI9H33v`bg7L)JTxk88qw>5L(o`sWi}V
zf=98f>&UNt9yMTM1YooPS{Had1P(g{e6y+e>my9701auuyI%*5n8Q}_L0dzBti6>Y
z)ioR3zF&uqqnyDtLVhZUNAoyP9MNifjrpyLH4nJN04z1aUnNb8EK4dj#}q4_{Xh#h
z*pPzEjznkj%L3%!jegF8ZNbGaHU>Jw;hs9su0xWfhOn&?E(OWOBD^{zfqX;^8;RBc
zTrDz)eSoWy1~8D3N+?n-wby}u46$L$%}!hHhU`n^0Q03dd=nObI<j)V!woP7AZqM9
zdk`IkpqLF%D<Z6$U@RLT!qV&t)Me~-WG-}{gG!R4c#(%Olv7}=XvJwsX715dI*Elc
z80zSImNuFc8rv2MV^eTA7&wrEBeOw6jwLR){khJ$ws81xNX$;#-tV_nbY%VUeA3Na
zlKbXEnrJXYhv3aaBsCAg09%XTm1n>MxzbIIQa#ErvJp4BM?6?3cF+R1*AHM)7TS#j
zw`p^u!^iGE`!`z8dD*s66Zh!YokoA!3?4*Ia@vaSe6t}PWCbH>_g<xW>m>IyJLF^v
z{&3^Iy1ad~e5)MueOA>@j2@JAqg%{8GFB`7oL(CqU_>dp`OV^#X@%ILN3^5zI;Qt-
zNx(R=_}-GJSO(>H`X|+VQ{pe)$dTa`x(;M1j$kr)@6&J(2#GtZdZ}{g_TRs+*hx8O
zbI>pnFjh-b)Zl>$c-6dYl@^)YA<Ldb7xv)SG~Vs1OQ?@ZI2;KWP^8hfB<5kueLmlF
z-yd*gAj!oDMq;60pF8T}Loq^;q0wJDe+~#sgH?B@=K+=`{_3&Ytc8hS)a2Di$N1!I
z0)vf=)giq22yZnqDCtP*Ai#AfTi+;KK8F(Uk*hEGbAAURDF}o@k|K~rQrz_;0Yj}P
z4*|J+hk{kVBzb7q2!_Z}OZbK%CH#Sg+Y7h-Jw3#X$wO4Faz*tS28^^+Rl3eqS~!e_
z|6GLVgPhbNQw1VJfNIKI#?YXW=kSzu-Jg+thQt7a^jLyWYIiT%b{hCD_?7kcN6&Mf
z=8E@RkWgm>4Kxyj0uk%bHo^%PFvJxP^;jx8%K;hdAdM2FI{A=s03xPCvIOukX}n4i
z-}YWp)r6cB-v8r>gV?$Pa?(nI;S=_D;sur#nZc3y){E~yvmW}p?f#p}SRYADEKH<8
z&36vAq{Ti*OseN15EYVqHKO+AA!}biPm5TilbGrtGMnehmjo6gVl>jQNhva|I@ZC6
zsFu8MuIds?S-C#B=9gHS16jT)K|;{(WyF`+tA@oOS>PRfJ>bf*)z(ary&&z@XZmvo
zN2*R-&2(f$ns`M%SerNQ;2^eekb24W0>c`uul&-K^x(r!uHnVGDJZINm=?Ovejb^P
zElU%iQk5V=3;eQkK`ODI4)RbST<0MUpBJpV5C~XreFTKa#dbJ|%R#xxP2wD+q%nY=
zh=_E^;JmLi)Ga{o-J}5=cPeo2uu}zj`@pZ~M9hagRr;Z|=M4e;yCM;fBQqCvy(Ng%
zmx1ZI;gMsKt)C-sJ&TbHM@6&^CaT%CmV@*G;}~c^C@xii&Y4GLs`lP)fZnCw_n#Nz
zd_)AZMDt#0(&Qs;E*R+`U8rcp`v44`%wJne%sqwHfw2^{0g0F`lBPtW1rAbHBT68b
z`TLxfZ1zt0%^>?J!b{U{@6c8n53+nftsiN}zX)e}WuvabwqHD$f}L+gm^(QA5t6{t
z&a#!ye#u@Rc{!EXx@Zoy{A_#lI5KrkwuaV8)=KvLMCI3`{C>c$^O9(^LCL~LQ5vn2
z%0|XiTyi>FONg8_it<_ABMXM5%VA_u4lyPr&L9UBsXBI42iiDayAlF?oe)j$JY>(P
z)yglG?yc%>0)LyAxoSH*4vQRVFGku<f9H7|&sZ|z)1#-GOqv%5a(X^(4&qIiBo2C6
zJB&V?m2Q5JW)fNL&#*96iLK`(p^>6f>?M(1{?n~8b9VFn5v)`vV)S6Q4M3|E(jc|;
z@0T*~qPx7vr)dhQlNz$tfv3Mebsx;N(m~j7VwP?lLI9a)hkC|=)wh>j?FZZ)jv@fO
z7<d-s1KfASAywj=KS!N+{dH;=#rJxC-csOf)4@x5zfvpJ3#$~zM)c7+jZInCC0@Uv
zSa8zH7yf0*conm$#m_6=n?E`rx+|5B@WIuQWxq0^YtEsPDZ~)rk{lT6sX|!7^_P?H
ztU>tszeO!q9clNw;3SYX9J+|Ihj=64Q)tuEJQ9_0c5|&b$p?BWSbeowJSq5l-gMoZ
z)k};Jo=*^GrJ%#q2nuLrdJ(dlL}UPHLwBTq4@lREE=OM;)Bv$G$&RHkY2MZAT%zAn
z5XA;c;t`n_SMYVR<#JSv7HM!o8Ustyv}GBMwV<1kwePW04_;$>IOmtbM)Qyrw;9Ps
z<nfUfjCXb4#cR7DHyz#dF664o$*x^sdeIQ8E9Q(ct9b(1h7=jeR8ix7`EgFiwhdJl
zE>6{)^L=YjtF`DPtzFVDyCRnUce<*+vFpeVa|5m9p}bnzhOmMuR5o-<F7{_bWgUy(
zj)7pKIMrb`LyZyuW!YGCsz!{G6J89N+-NuvapkpL7lcxqAOP{-pSTgFii%nq$*0C~
z2OK#6C>A58cfe7p4Grv?!QZOL-!t!^ub2X;H3Ae*`OJb%Su`h0QCfRd=ts^UPYU)e
zYpfzVAQQ^XNdU+NWUg{U_ItoY4r!X|AJQBdjqbC+{j=*}gu@oS9f{Vy6^z2Y58TgS
z=8v8V@+CV!`U{f&GK67z1~zvH_sGxd=$!eGFWE^THXmydX^hRsjB(mp_dA@w(?%m+
z0i%0JR)+L4yurkk>c2lrB${lESo&UY=mZz5Pl>OYhaHr}a}G6^=035C+vbL@>YY8&
zcn>Sed6RxFx+g<q+zojH7e%nQ^jX_>@gM(-^!Cn!t(DN8m(`cf={H2$-H&ezH|D=!
zyaRu}w`HHA`BYlt+C)A2`YSCz(w;4AL@uq!&195^96;)0E0bSbSvn0*`<YN`9qs0k
zt9$S{eDrTUh;N7eXRfNQ7}ila2qNyY#YQ}Koe}m|^;O06_8*W9zkUeLktyin8?+{f
zvT!0Ao3Ok2sAQvUps1N~@VVet?bEh~yz%>9;w>YPn?Uko?$Em`+=m5NZxRTagNdsF
zx=Nh=xVDNxlXuicGEbhH7nL{4a_lgfg0d3=^p6Bfy;FRT*ea>|H?dCS;R7TtvmDZd
zn9Q-`Y`#BI6_=@*Hk@U<3~6GAMwu2Xx%9^8%8Mb*@*#HPQ2|JAge-vyDhm#+t$Qlb
zcl2FZ`Z8>Txo_c&x+xL!#-!CcTvJ-`e!3SEZ0RSIYqSzGN1{u*O0Iy)$<EnorNJzs
zyw-x9o~!#6$L3Ac{k-yd?;&?@jFoL9%z>bj*yQ9~O%n6~O^h+)EFf$}QcO&9=KP1S
zTb0P<=B`2Q7ZH+V;VvKGPxpZ&miyt<br-;LBx_=BR(qbe{2<On?fg&$JnEpObo)&A
z$@Htk+6C`F*xfd<3HTKG=;H5Y9<99LbNeFi);+g&S=`aIT*9(UTC#GZPXTYpB=TH^
zTUObgYBI@rWeR8@y?dA~+irK&yNK3Ia`y?~_y2BnHI#0^iPL(!B=%&cmbyP}_`M`h
zJ`~*p9F$<*(!ZP+#AhJz^a@Si8uwDT7k%{87%kZ%i6No0UQ0#k27I54s1%vq@+544
z7R0;dGeQV1-8#`4u0S6}4HNWLhu&8V5!U}6l}%c|&^0Ls5?xHSGS>m4zFyFjp8`^r
zBFFH4GXWAKx82#bGOTr}hKq{bsXYoBw66gmvtlJzFJ>L3F*|m-aylg;gCboSaOGJN
zf#n$%u{cu^UqMglQ6Z@-vPEGCcZJ(C<79`$)8N|3T0kON#|XpFJSS-<?AINqL5IWd
zKRMuG94{p}8?}ZI!eTOzhELjU#=N}}Lb9r76kE-#z190U6xr<96U!1c(3ozl6rv5b
zDH9^8$ClPU6#3qHMvcR@=wy~9vl$U^QOp>8@^IhRx)hhnK_^T3;1(u&Unx@rqAfU`
z=~lDD<EuYi8EnM3D+`A}U8+pAVB!m#FN!fM6pCc_)y6JqW?MO?co$@bl-%;NH`eQP
zyhnU!XOm&A@5_!5l6ji!*)YW!^&DX~W>q30r_93zuw|zVh_1fe4qD16A5a(%pspMb
zZgX&Hj}5#3pe42fOi6FdQSpXSB0(hHpu^ZCs`~vL7r!*6)r$<i{REuYyqz10+OY4@
zL`uw>QwNsCNk&@BS6!rp5OSr*;{0R>(|w+nn=IUQUBY^Pz{<r|BPCmL3i0|?gBN@s
z#il-cV0g4Wp@J6f`9Ot^nL2mHtdsL}&}ydF<UV*HdBedLms1(ClG@Byf|!)e&t*m~
z0>=<qekm7;x0ZV@jPJ79Lg8Unyj?*xC@SHMKVKEB*#Cl<#C~zv%(FJYvS{+$m5YCW
zpN^o*^Fw@|zHB_!GxF+M$X??5m5s2?#@aopQ`X5h+2S-GL6bEcPR!FttOm3wmLNm#
z^tgKKKOaCgC6k;tFQ&iNfhS7#1O(_2V*Wk=`~48Ov6>9gR<MXL8?iEF9Y~#|9CrG|
zB<~U+s4G>6TO$A1zG89a@f)y|lrKO;NLNh;X+?;VYG?QSrIc67D?!3@luo&fl_$~*
zru30_3uI?vl5Y++g)Dh`eoqQTfwrNDY*`!xwXg3m(np1>JM-r}C4{NBQwzmqnPs!J
zA|!Gle`7-HimcaRbr>2<@)bOKxAa3DvXO&X{j1#b$1F8EV|)!u#iQ#LU|i?5h~>9&
zap4IfS1h>Q?ctxhUfGSjsdjR~2*IM{MJ=g-gr;(^cgyTOxvX<6`*U%*->b1IeWZIx
z%sR-vjR8`#ZwKT1RfawpQd9s(zR@>cZ(AmdF|R`1D0s2sM#Pfe*<p~rK!u>?Fs}|&
zZ!DrMgJu#$<kD%<dUY>m&hemfWYD$wHYNH{mnfDkcDos^YNc&I75SS3JD_l7Vv+*w
zKc}R02~c(n5SOIjQG11l-CuF{rBK=^vPKy_TYum7#(r#K>x;_<3`7jadg1@e?)wZh
zV%|JV%3|0s-^zm+jaZbu4n}u%A9#3f5R93j*qGZOYUTxczCLzN7pHqJjPMcSo<VA;
z;@~UX?9y-Nj@TN{$+*56EVnq`=dNJP^zE$S#QdP8cV8K+g-aaCkYkh|#zyQJh&)}t
zWdbfdnW8iq;G@0Lw<Sb=>Z2sgnJju;KyFp`A{Jpszbd-Q-LMMBRJQc>5oL9#05p(k
z5lG)&y#ptB`e*!|^c!?Cx8h#C1V$gOlp!%H?xk$?;g)FoVdTQ8{dclJ!%xaRB*KIB
z=9B>z;~dHq8A~iL1p8mh>Kz~4#w7P}Kc~CX;)>5FEL_#=qX$tg8QoHHSsCWC&iU?x
z4WQqy;sNIdCO%jJ5{rDYSna~43|kxHX8lmtA3_OPAX*ld(w?k6jtO?)?wuIv1qlqy
z#wif%$*drka-`NmVp!N@f*#f}>~a7n-FObJ4A47TbnE!BC{}1j-$ha2C$8$9=?cO%
ztt^<+M$S`<owjvpY9nEiyz$OED~;4O(xJX-4>Oty1DMfRT+k1Msar;3h~nwq^9;24
zuB!N?c8FF#uR_B*Ft8&-S|r&Ee)*M_{V_!T$RtzZt~9@oJ(1*CA=-rGH5sxNak6(f
zCkH5(BY!d7%l>P*Tv|pW0!*^=!rWY3s16l}WFn^G2_@cIS%49bn8EM2^vri9HL8#s
zd&fBqFj!ahhpi<=gg-sRkMlSI9xIwfkQ8EpLFV!LMx;HVbzC72F|D9Um<euW4w`AC
zlt1h=*?gcPs(V028CZ9x9-zM#5#1X5i~^2%eLXEACC@|euc@Y_<<t0;PT~iijt@!a
z>|C4j<x$}yj81_&BB23Vlry$>70|zB7Y*fBQM)%SfJfW`Bb|)Ko{%*Bm3Ec0`=`?X
zIBJ->c*WV*Yp&)dy5IPdT$URVINn=EEtQk<wXlIIzUFsC7BbC}X68OE!T_yf`2`?7
zs6ZChbE$7#&qBV{q@paKR75J(A}lR(U%Soe@E(d0>lY6kH#vRa8LE~Mv&Ly<M^4%r
zLG3HE=NLU&v&352adbQFdY^Vt-H|^`WJCX)x-Oa^Y|%+H^QHLJqmXe~<B<Q`u{{@l
z4DW}4zPNX8q_30v9ML@?i{})$RDM7CQ+76rGgh-hDY1OTFaNkYY+p8DV{%S_V(I`)
zz<^~M@qc|ay+-@XeZ%ICeEqC(J~~gpT}OON4c0f8L@jYmb1|J%y`w$&rbwWIu?{o;
zO^H76<@gTn>z{qaa42tQB-Fw2p6U;551|(~ml-t~&vW${z-EVsh;}%^mq!nPUVZB|
zS+Gc3Y|OJZGIr`@I8F6AQzG19s`aeMeilA6cIRGFBouh0ujk>Fq$4Dk=F$=Xt-zjY
zsvz)}>nj1Y1J{VMY;7c0-&SN&3ReyQmQw?=YX&j^o#JEg*vFtJSDbel!Z2V$Bv(+(
z`6ZcQH^TF=#HoGqZu;IN85iG;vIKa$lt6MVF}Bo9R6K(7Y`)HFM&`n4#VTYmhay+J
zh8r$bw=`ZL+Nb`C!t`p13HoMSMHFb}vjXkeYg(nJ-vbl6>&e}K*+mX1J>0(us~;J^
z8!4i0%y_mOmE1G1Qn$Lt2L?SwKH3n!7%`<mMu2g64HwdI7lPFizbORNhq22L*;e(Y
zofE%K0;n_|iOsc-+>dZuN$b3O?V0GnP7&h1$SjvgZA9f{hz{o)m(I$<Dj(iRy7Q)}
zK~_bs$q$2yIgc|eEK@8Ve1p%mimY^vn@vTtjn&4pDOB4~N(zWiCt}pU@O|j-dBTEY
zDot++!RiG}c~*V;4g*J=*tgLgAepAZ<%<0%B9GIEfVoxr{F&%d&`K$?oXx0l04*m0
zxEr8Eii`p>9_{4nHQX@@<(?}3dz&%XahQ{x`s{URm`we|fjItWd<CJPEgE^ps1#&s
zL?$gT9}?4wfn)EvRtgc_hyVR`92!`-W!V9mYee{b72#U4ejz~Z01ex#)4!!-T5y3M
zu(?K{8Aog;6gy|%H4PH^%=h~!RhC6aeOmx^PUSq`YZQ>^xl}-qp%Qyws}vD!RBXv=
z%*!M)Rb10CaOG@y+Pn=`ry@jxCO@7N1~~ZQYD~Kd2Y}!O&3-qSoE-afa1c`wg>Qt>
zDMRRPPGZ|F%*22Zh4*VU^fmB(55P<@i8qDJx&hlCy-q)R>FqrGb|YJwn5I;1z5}_-
z!SDBvy4-(gqK45$u}}|(J_RImIKK!DU;aIMyND9gj)!kEX2r+`USI${Kq1bcCDfF1
zO=3Xmg3rpt4la`-y5q?;RNEb|+?z5QO4EW2N*^s!WL&JjIEH6`jXV(6`}>yr$&}yf
z@AGYr+{Mguc7H1G*f7Ea%i?TRzgXC)(SfbsRk+YzBcFqXMgv9_y);@HcMr!%3p3}%
zW+&*F82EpkW^a06OTIy!RCL-7pkzyeRT3f~Vot%vv&<4tFmNh_^qL#2>i54E;u4w}
zIVPfZlk_W&f=Ch5RzygT{^zqea843Dk8o3fc-uqvqYz8SV@-;TUW4`n5PLvuKcR&@
z4d`R3P$;aCJ^OPoY~v4*PHX;E3~nRn{mp<!S6iBSQt@iwBdzAwtt{+Usz_BxTnmTk
zTZ^P*?BcvQ6abI4sNPJxl8(kU7sGfR2NR06>_7zl`lHB&EQ=wgL!VCvf~|h+IoY>l
zqCYmMpF-m_=fkEnu&9NZmLjs8f=!G>%TL@Y>{b!FRmlS?{Oev;1(zvS;}|f&sypMY
zBHpV0Q;phj4vZ+~{&Rh%VfOIADe%``{Y_1DDQFQXG7$9HPKr#7#FlE<fF?ErK;|{*
zTmjGK(`keB19VNV{gl}DlgPLT5V1kq#(m%3=tqi{XM2X>tNNBS^#7FiyG-`Fh5j}j
zusW~`;fzJtD0_z^xm%ke9R5B5&P#s_0Bx%lL}9C7j02Yn)Z5Q<Ej7JX*<#C-ULyx?
zi2)QH*k@A#>eED6pFu?W^8b0I)<2ZZ?&46f4D%norm9i;WbeUNq}hZ8b@s7IOmEf7
zw+bH&HJj^T0P4>JWC5CYnFD+N`J8C_BlVxN775v`$uTD98uA@^RR5aKxTCD>aB(Cp
zQ$(8=8Ch_Qw_p~v^Nf5>#orx@SO*h?y+$zrI%#B04@`FWd#8$GDebrY)V5NfPWCRd
zerx!j->MS>f7lyj42N&9KRoi^*q|(TqI*v)?d|A%?17Zr{V5&gw=9ISqKwM{aN#p<
z9J*|IJ3o>AyR<Zevu{8Chn?ZU?f+)Rq1)nQq>HX+!HlTRCr<jQvi$XWX=yK>z5Q|M
z$(wW_(?SQP?RoS1SW1pMO>SXdIjDAw5m!&8Ot91DL$@o579u9->PE8$Bva*Owv@3g
zNtZj>_RrYzxPNC}zNKz5TDWm^h2PNes)VoIy0oOHRP*q%fQJ9h>P*WAOL8NVHSf#d
VKa;_<S#DUOHj(eRi30%s{|EYJPNo0=

diff --git a/www/index_files/crypto_3ways.gif b/www/index_files/crypto_3ways.gif
deleted file mode 100644
index 5da7683ebe26ff97c634e8a91b088cfff76d6df1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17993
zcmeEs^;Z<m_xBb{3M(KTOCz~7yg^(_0YO$unx#7hM9QT*L_k2gyQRS;MH=bu?i3L4
z>*v3Cet7OVb7tn8JGai<IrqNKyi|H2E@q+#9tMU2{zoS#X!HsC<mBXk>p1L590DD8
z0>H*qRaK$UXgC~>L?WG?okvGU<Kp60R#p(s2xn&m7K??!VOd#O2qXeog~VVma0DC%
zgTaw-1o9s<DlQKBZwH8ThNIx9Q4|7!KxQFPm{AlK1w+6AXe6KtgG3?WXgCUu`bU6&
za{e8G!_g~f00xa(K>=Veq;nMlgFs_ekmxKp9071fA>t75|H(oEV1R!U0EI-M(EkPs
zv+_^zKVxAC7!n<aM518-_|Yh|Ga7;VXWKue2tbxI002Y(vmT9rBmX()3`d}m=qfl2
z0La3OV*Xk3k2wwihsUAdXao%9j0M19NK_mGiT=j|h(kMLFbKpy4R8ePpCA+rg@hpy
zSZ8<^8jgvJbN=Tm>R$i=2$b``c>aI-e?I~||I2{?<pM6=JpdPvPO&PhBM^^_%b>3+
zyDJpNqMW8!ozoLZC1ktMSDpJK7A_Y-r&N>o^E0PLiNVjB{DChBv;H)t+Jd34;_vnr
ze%2O_WFi9z=#}e=#&Q)ua~by66^|F9a+TASzm-gu>eSjU_J1p#u0(f5(7&oLo2|7T
zFEJdbFQ0F4UhhwT)ljk6;(5NeIM7hJ{2c=(WKe0WTI~uW<2D*>tX}^S$MPyerKx6f
zAX&(6X|Snwdn8LPl0mh(Zg;#$qts}q`P=?<mDxasYD@j$eB-<QrJ<IF<7I4Mt$Q52
zBM|yXM@MJ4wdvi)qX>?bXn+69{h3<3<>9uL-^VNWU6G7x?RW2qI>-N{p_rO*7y+F2
zGgZv8L6nqd`^zKCenB_1000(5A&ij$5swyNFhrs|D}k^VoU1|P+SaSVRF*|1!30Iy
zCaU=8ED#RB9M<Ve*$u}=@YL_DMIvfAJ8`ZYkU2Q7q~fyd2tnwjSS0l6Mx1;I2Rf9I
zy(u0{QdI>2(8?nN@C3ANHWLv>=q>`W7Y%a(gqSPVc;zGsbsPd7WCsC1Dtz;+b8oQ)
zh5}t>W`mBv2c%eD6+ecM=m3y-l8w~c*<tNUEI2frh(+rUexe1L33`ws9GWs`nVd9_
z+btqV`_Y};OohGKyu^ZAR91@P-u-TAl{S7!5y3)JN^yF2$zBDn%qX(78p_QRm8FiB
z!AV=~PpN1X{fZ={nL%__O=u6S;V_{vKuF5d7V6ref>aC+Z5;ZrX*&W2#Chawm(q~x
zPwSXT7PrsUe63B})x4txb+SAg{+b8oqH=L+$J1!3tWUU))Ww2Ir!kMW*zK#o3CYKG
zK;k6^<EUvvc+UD*^~FIiU@wUbK-BWirvuxmaUG;b|81Sh0w7uE!&1Kw&PR~AyceVL
zln%n9fUMTSeg@gmPH0Fc&t;V;3R5-&)=oGdGkAY^IgS3CcA@Z8sC*tmt|@gn*EI|S
z5$c30jZK+MJN#ZWd5Cp*GwYuI=4=^*>v(2MWsl&U4<q>_3$17NsFihF=e^lTI4^sz
z;4_Yc1g5<|y4lVO<-6U<`{H=JTNLQ`!3I{e;<{Ev$bCK;{wxEvk+@y)XS!4^;l|)=
zA>Z9eH>K0vc3ULWAIJ8`(Os!P&?v^Vo+YSd<M9;_dTic%(RcIb%ZnC+4o0Vkn;lBV
z2P<N8bm#fW51J0rZ&uG5j!5<V+Gg}Ws@47dtiLSROZnw2{}_X(0^f%8rQn;xZJi=u
zX%KTZ0s?G6Sm#Ov6{`p>_7E{C+4pb+MM5VZVPxf)mZ)Z6pw1o)K~y$T=#S1pRy3Ha
zKMPWw*Fkx&TNO$MK}L#;f1~uNLNE#U;T?v^K4BONzw65UbzMhEHGC4GLuB}ff4rS;
zZ&X3PEDKf&>E?H=ilP+CF^SiSW6N;<xOi?H2!j1clTiG~zCcZ`Cf@U1=M+PvZg>I-
zl9sh}@z3?gf+ca}g^69F1YFHwBX~;n3R%X1CM+@w$ztMHv5vF3x%Atd{kXfIKBMPz
zWDTy9o)_@P_0i^W2V3>YmBb5DcrvnZf9N%;*$I`khf)0~k}-)G`yws8h4Z0FMJE{J
z;Xk&4ME#Uh+dJ@{DO(p|;dqHsANTgX7~mOt*{8?noVF*)$}E=~u*FvLsk@97!FZu)
ze*f!pR0j`BP~6QcOLkkcl)7d4_F0i9wi*d@e>Oxlc2u9nJJ_rxm`Ipd55Fy`1vEqr
zg0%sq45Zb`r$MZWht%pmAuh@HD#gksYym_NO-FD~rpROEaSgt@0{o!@x!=&S_N;MF
zvgl2TXVY+*&YE}R&$vKBw^RxY!y2S|HbRBX>gcoaPru6wwO`Vd;i>Saf)ep$nk-Sl
zYY7Fo&o=3u2-=-*g+smx7c#By!E>Y)-C*i)4f^q6ox_uoQ~6^4a++=*_IH^B<i*b=
zaZp%A4Y--_n##DBMt{6|Vbi>wjLvRSCTVPi2YrckEP);`O;yhJ_<<=GEC7A46kp1q
zb%3TM%>6)2R;`g}o?{NxPL9wjknXa_ADUCWpB1ik+>Erc(UETISFg)eEwQOC((7p)
z`Bs;2>-ZsDrgKlbG#tmt0sN}m>Oax4$KhpTA@ivEt+ARVdnbKHWra2#G506DhX#gE
znZ|P{;xd}DtBknS&a@L-4d{<qEW8JgnfE{x;+0P0+!}b)@4ptv?|btOYWHisg{L_T
z_`aE5-jNkc`fypPZoHe)Zu&bpAxZ$P#ASvPDb^7_R8bg(75FaY0odDQ2#t+gebX%V
z6?f5WDPF$^qTbg{wRs#ia<jbdJA)w3!dBt=jC^-&$n38ZNbaE9qPf?Igz#Pu#0Ivu
z5H@`Hd2yNh`ER2!=X^@j>mwql(Qi`$_0bXwb{;l&BDJ0jx523hf9OP%QCQV%*MjER
z*HDj5Sgl2W{vW6G+$c?5(cg7$Q1=W8GylMz;|cZhDX8MNFCuDsebjy;$I14~`NM)m
zX$3Xv8f9x-`b|R8$Zu7TefcVH8^=gK2wy8c-Pipgk%MWy+!8If%e`%$^V%e`3yt0r
zd>h%|>*8Mf<JqqAZ_Or3RWbLc=NMe7JfP3k)j6?m1@~8lg^gh`*UWou_dk;J3IE>I
zg=cYWGsq>pmtRP13n=Hm>4)FOG=|!wQ>y&^v*uYo2!RMY``=fs;NX);eB&GyZ`D*=
zfrOTIzkMwmvEH*r6)T}m3vW!FzuOXz9R<;$Y(M>x(k>+yt0Ad51wJ;I<uPt*+ShkU
zk-V?%{uDD&`1-O$|9($rq<N}g__D$~eg6p>RStDt%>0_JL2E5DJUx6>uW!A*7k#Pw
zxm{y0z2&Fc$e-PVAxh}M?(1jITUOQ+{0V&SPr}q%*C?IbzuN&0Ow~~4auUBSYJGNH
zr&_jN{&?Reg+74XG@iFUyMFu0V2A8=*s=_Xd5s6zZpHW3fn(75P+`mY2a{_gjq^$O
zhZH^H5c;E@HRq{PgPM-uXJ?7h-YpYLS9^31##aa4arb+kU+}+3>)03mS+AUqt`s|y
zO)=cKHm$G875=;N)%Xi)Iniyp-a<VyR%#fJ$|bm7`{Xh1s#&4*Y(;~-V!d{Lop!c7
zrbi3oE{|F0@=G1JQ|S3HLisTTYJ2haW7;a%h*jj`%7QpvWhhUDQPFbx3*yVhM?DSH
z#(Q(y$$*`0%Px155Ax>mmJ-BxQsWkHDLMT&E^H(fHPcs3HO>vcQwD^I1V~KzBf88u
zJ)bYh`6Xy+;3xaYPno=-3fy-O-1r=rEh0yb_b~(dHof|dy<CvErM@uK=+75Ea;){=
zZCJl(;9E}PcR%cPt^+(--zO9V<8%k7i)#7@+1-CEvXkC1;AU6kC<x4-3|5?^hGkjU
znS}(1=m!Lw%}vT&j0Xwy$ae=zZgT`zdxX*?X?P{e`drKUQ5h<*g<+CS-4(*7Mc*7z
z`WGb{XP7vD^7O6lL05~It+9!akNSS_cls-&YpD?UN!y%f$1=AsYNgw0CnW4YMGM0s
z<D8_h$Qe7&OPj#tFse;z-K0pVZk2$k$T^D`jX+D%q=02gg`u!0!Q?3V5RG?zFGs`P
zb6)v1iH6Pgg$=W5&QtkEd0KtDrk1@Hr02BenlxOnK!0frndl61?2B2ZwD}Qcu9d9q
zx)XjX5__SDO2&1#;f(uZZS_r2kD@5{#e-IS72Ye(;{P&Nk!zm%cM0l5y5TsY;Rrbp
z*Qh=@zFl^aA1!sPj0EP3`!l&I%x@jLUyad#pEe<!ac^!SBpOZGlI&8UG$*1#Q(tTY
z>(RKP;jpJXLUF*(8E3g^m`g*zDsBX#(S)xk>Wz*cj(bFTLWCN=VSr-f!c4UHb|Cm^
zv@Sl41+I`$$P13kx6H{}2s0z;-JlxnK(~g_SF>)aDG^zT(Ww%qAv<5jMUn+lfEJ2Q
zVG`>8mcC}xJog+_-FP;h!YL}|U($oW_|K*+UdMxX?QYzoIbOsgsc0rRTz9BkdEJxB
zlah$CeeN_Os&v03-niE7rqs{I-v`gwXojb_xu;JQDdaMF&5EVrQG%o7sLGq{g=W%<
zS-&z<q|Ye6nJW0Aq3h4B6!wtllA8@G@UUG<O0_2gm0cx&4a)%080>wp8RdA_tV9!$
z_o_1~j%`OuJ<gT?@-tX3n`zbw_tq(NCX68URsI*}#{{x{;X+UJa;7!2>`nuzBaCVL
zvk6jxH#gZQWFS)I3>E?jcD)=*nrLpXH@tf}`7UvSw^A`rbDWBjBy6)eODMSJaseSU
z6+(F<ET9)BnTl??4WIMC&AHy$K*!(t=w|C;e<1aVrh2nzq=xHTue_hd`Jn!M%Pv}L
zvRtcF1h=#NL}32Zdcn>EexXY<?Eo2&R;TdB75D;`d)ZaM+Fw|;Tlle=mMTs(D3xER
z3Ph1r5R+SoyPA)lD|X;0km_-ZB`D%Ti+{G|<wpX;nyH@GQzeO(RDJ@G!;1<_QmL_^
z-jpIQ=8`IcqDP3*K)q7e8X(1}8GUZ?r_++QTbg#k(oQc<N@STf0d;u^Rey8Y;4L>d
zKxSl*InoR`PD4GJN;Mr(K6nctMDZ=oG4II&dC+BF1S-PbRBRE@jtG`6=oPZY@y^Hd
z^bt^B=v7v&0v=_tKaQ&mY^anT1&z9K|GlLGa#vN$R6z%_EXBYC164Upm7$NTNx5ku
zUxCs{PCRehdtp-uP1e7<uR3J4no*J#hG8eKVwXf$R||oKWjUw-mE3=-VpePT^=Vad
z0MsaEPC*eNQs8V35QntlS!q!suudkDmJ9>z2Lhy#jOwmHwy&Hw)!@G-kkdEtCz#@*
zj+$VmZyJO}y<-3_G?0~)@%#<r!<z;VeU|eM_&_#btfRKtzdk6t-j18@&3n30e>xiH
z#!znh@4&`Drp7>hb}9fM`GP5in<|dBNog%V%eF~+o+_oZX-}XDq~5gW(&YcRIft7r
zjR27D-JCf<RnpS@-5*GE@(;fO(4d<;{hKiYEp_v>hid@93ZOlnwfzqzmbSG`rq%L+
zknZO`<-kB|%WA6yX`8P=+r(GesZ!RN0m`|SwuZ5`KH8QFulH-Tg&X@#C|c*8uk9+e
z?F?sa-jCZ)Bx%nGTMi|uue`sL>9<bXwNKr)KS=W5d}X*OrM%b2R=8l>xUn0`SfVsm
zG87$^b0fhC_&EZ^hyc+HHjJJEdQMvjKpp2?9b^l%PZj_&CtwsDu7rXpV1dFaUHT}n
zcv_c86^_UtPy^n@2#3?0fPKCK{0M3B(<lkkIzIt{_@jVlEBO*g2ptS6;ta-(>(OiN
zF<9s^@&U+Ib<rUqN&o=kD0u8sX~Cy%&+2ZKRw}YlfZ_>|2HB&HfZQ9W{qSo2VPF8#
z#sU=pIE<qp$pIRBA4<o&-rx>aUI2~+7ATGa`AGdtQ2EJ*0n^1nP@|y#T<h5vsyWO0
z3I%|gRRBg5jyR?#v9-T!@P`-%taSn;MB=<WpboXC4Cm?hk?CiQgQ&oNmeUP(w*Fwl
zLX=K`n#j)6+n>C&{mn!%k46W+OASsK41F*dtXbg8?;Nz*9~>#8#vcVUB8H|6hPM`e
z(8blfo<}UuH7?x^B?5s|CqQ{L&bH6Uby<%%5&|yljddAt|1@y2K+%2%qyr4zq>cVI
z0BM{6jlT{4;id*X8?_Y}q08zgNFV#{1ExCxwsKb-KHN1PtBggNj8T=3arzF+VS$LM
z5|`RiR$pqeDgYhk$5Y?&YXguL7W{3ngekg-g?>C32$YEf<3*1v`VJe%fi+h~><GqX
z%il0MLzE0BZw4WV(JE>Bv7a;(PW~+!G*e=QgBd`eECPqaVba!NNNyA&b29Qgz1irH
z0?j++@krc!5h;NI+bvH2_JK&mO_M!+`fiZ|eGes#n~7+fiCUbAxu1!npN)Sun_xIg
z3cv+1&!n6JUK~zmI1IDJf%V#6xZJk{4^f~Ofl)Lr3~{rCk0GWfvo(gpVxtg}^kRcY
zRfTO7#cgx9Q*!_V8X4qdt>MBX53W;r>3z^psmIuSyQ(9$d^XV^((SM?#XI;iZs7&N
zr0?p&$fEsNy5chw*p3%&WWO{SwdCguQN+wI3{fu8BURm^(uHkSd1;=ZM>Zb;wuhE?
z50^8d!H24IO^>Qu$|+8xpPe6mQnOyJpr_G;LH){?^i@_n?N@z=Aa9T>$8D7OuVvTX
z26Jz$blg)@VSyRZtGHQfWrJ(ByimSqFZ!bopq#mirx7d<mcI|FpNv8>%h$+{;D!ru
z1N$ZUqiOl7VQbx$=iVzer>kk6+9x8*+e$C<#3dw$sbK)HP5Bh^X!&tY4@`a4Y-w5!
z0DkR22~edZYa>S)Eo*yzB6>(p_@J|C@_F;CKg8#Loh-gbhIr*8-`3vYnt1vmS@Xij
z)2(9pP?{U1vrTyo9Wl=g>SxmP<YzsB#4B<YyFoGIO2eu7<*lz{C?bqhsb|AalTk-H
z5}*C3VR2y5q3!#&-IRw-^M_eB061%SBTI76>dhWk(Vi#XZo-$)vWJzgV*pOa-BiAv
z0KScpVR*yQLFN#Uv28;rgA&VtkqHm|`EuLVVjDfamvjoO=G*^zwEe4nZK&cXMfxzq
z5X1<`YFgX3tUi450aMhz7tfX=CwFupiqq?`e?WY^TX6(Eo>oQ7by4m8vOBi$KbGB!
zQDTpM;5+aDpM3rVzBfjk92%X#M~*PVyDXU}zV|p%RWV^ll%&Q{<ow%I9(#9wr!u*x
zp9FwP=tT(Q))>Ri1m8R(e9^Ib>+1zvnH6puelebqrkqLUP(jW+f|99y7EK&HsO#5n
za~|ii_TS&rZ^T=yPOH-V^IEWV+oKa_DkcSEIU<m*>PJbZk7R0@<Zqr|f;jyglp@mV
z0^(y1l25@KzKa1L$3fCF{9{*+PEKJY5-v_;?_$Z_|1SC(uO$O<0zckx`hrpDYu@VX
z@V__XK^Koe<~hgk@a2n)ShCoU<e&I&){lP2oI2xt0w`c^>MKWOD#Ozme}^squ~oZO
zGP{6*ZvVTlzI`!vTX8I+w_Hsx221q&Gx~8@A#3BE%tbfJZToZ4T#~z)%8S_%vR-5I
zzRWv=+Pjc9ZbN?oTCn>Ary;`1KL7#b3Nira5rcdf4BHt%2*h&}hp%D7pHS1(T_aXs
z#Lzz@H2@$xUdFSjX2_?It_B9vgIa^AHMUezMI4s8Q#7`R0St5x5E{)LRE|P4gF>q2
zu6hBIQrsH5iq$O9DmUs$)!NstFl_U~p`F@Kz~vgsQ23gZ3jz>Mq^2vLnszsmZZAz*
zQ*w4kI^7c!Nt_*{JA?6SAS?0ProGYh&#&;aWI_FjyvDt0y62X|>CZks5CJZBMxM|;
za5*F3B|1~(hTlWz^|?c#Ar8wg2Bvr&W8Bw&9hQEn?2YmcJ{P5>x^dm2ea!7gXLx(j
z`$<FWM~2|BE0npiG>J?9&hu<j_w!JOUz6jdYl9Wt(F4=n`uD(w<s!Pjew`!5e{m7m
z<g)cjY)Gm%;9CGgQKu9xV^CZxI~Ss=vv$UAq@jJMl%(?dzlCAhIC;|Q?$38*2!$u5
z`a6<jlZ21O@Q6#Y!ttt^_g<7z{CZQ*OzJ7n_ie7TlJob*pIx~;X>#@FOqs%X3h8t?
z;r&l47s8R8)sX@%kcge?5;~@hPbGp~ZiisX1|L#6s$g4dxs|ZbpR*-Wh<+)F-e)HW
z7G|2?lD(2~`sJ#&(L6{@AYAyL(BKP7-$N)T(c&*v<<r&#)@MSz)oN*=VEhT0m-JN%
zubt$`TNrJ1F5b`^1}BKn#fe`kyvnTOpVT9nbDIV|Yg3v41hKhK$ogKsdb@?d8+ik$
zv%OGZ_&7JlBvkwiu4i94G&RRi%1Jm&;PfP((?xRc(%=&F%_iFfi1)<ky&1@s-SoI;
zdhvsCiP$TRNv&72o9v1?lUB9AuI94HuP8WQkQ_~!gfv8>R53R!4GUR(uQ?54Qp_6I
zeOEW%8pXdl`n{MC93jT(rTZdfCN<`sip~Gaz$&3|=vw`Dm@i+gNmvVx*MqfFc>5_K
zgRLXKS%KQ+_3pfE#jg#|W#5~<_}X5*eczTP8jJFd-f+v}=grhjxCJx1oSC0OXm^9w
ziM^~Fw_}_;YpdURImzW-c_T^=zj^KZem|l)t$zND`t$?+^OVt#;NP4M8`4yry4KMl
zo{l=Z(${ZnB)(S%k#HKvDozOD_*~XOaT7K^b!pFT&f&kk+w5Xd^WjV%^teZY-|nBj
z8(prTHTkvP?)?Ez0t>&MzfD@|o+?$t_o%SK{aTb%9(7}v{PW1y=O<8y%sY%L2p&3U
z{7qkF`&sN?lbgfuj34jmd4SMM!rUeODEZ`O_`cU)?(nNt?Z!n_e4qQ}Na{oQOUYgU
ziFcCR>*$EL-|wUOK3@FET9mpLJ%<4m@$Oy$z?OWVr5|r`<+ERsQ;8mlICC`Z(@*#P
z7GFB;4w&qMyT)O_*AA~u`t}WW;@=9hZjH#i#FHh`DEd#cX%vCu!xWz9nMCa|5<<SQ
zdc{onqB{DK&)Pndsvl<?{0s_0G<HNs{ir2ochR4rN$=jf&SJu%U+8N_5{w1(u=t0;
zdnC-Aqu%9#*lnI8AREehou3y)9HZ(9m)T@CTaFz_KU;jIBbe`_ee|Nw^Rf37-acnD
zoAiOTw_6-O3$-Gb(OAUk?5m29+yO&dYqK`GO=Gyk0FLTe$bC|s`2ho!jKvur%6h}-
z+J{OR0woh0jL;JOR{TUDC^DI{#KHu+(<iz5OD@Em)K@$q!=!x&xU`{08TkZG$7dPc
zQOoXF2MckydiPZ&tW#{9xvw^=_O*|ImC?%jfZN<|)}hUIBt;d#v;Jkqxjm6^@jJEY
zO){}(RRPZxA_{cz-Lh8gO-ej>nJAJplyEJwy_jut@OgrA{xosEpzQj&>+I&v(Dn%8
zg)R9+aVf(lV&jPVk4jcF;Whj=|JB&jwB#BM)<@RL+TWTd3w0)v|7%n4_fj7E3w$Cb
zCv2<t;~j*F^)j!eT2&)<JiEBpM%q2+vn;)>_IF4x@IDV{kH*ob9_NvlF<P`WebO>h
zUZCdd)AoooCQG}&85-f}YxhL!7S-llpSIz{8M+aXmXcH?8QMc)O4Xt_Re!}1)3%Zn
zFk03>mBeit#%!5L@Ybb1p*CGL&&7395xwSKmp5rzP70YnP{{(01UtIrOB(KJPd88Z
zIC^|*G2D9)2#IU6e5{PtKQqdQNE8)0YRIAzsWdB(T~?WWi~HI_tUtk2kBVDMjUIAr
z)yVpQj|cRZST@k0dmIiY@OuNoM2Zd)X<E<4u%M^iF4zQmSu$6`)k{8+&W1W8KM5&Q
zxX~UEk$eyw?FFGig>`e9@MEbAm~g+(^xn6}pSZ$d5ay`2J@-;huq*HN*lry|AyHIx
zc&oYcX0il+9}t)4Ze8J#KNxCRqZE~9;TE1eU`+Al^Ve|<iDF9svt}T!H0&9Ia<<Ds
zG(3J)%IYDkNdgA1O&K}J60S@cW|%$81g=}uExsKMjVWzBF|cGj))i$-?!=`*n9EbL
zj)rFJqM*gxu(zpw9<NCth!Y@l(8O3p2k<ecvW*(q#;<@FPPx@i8&rc{0^KVli8MCo
zMP@2D+X@D%=Pawwu`&5E#y#pkLkT^~KLg)-Ni?P7AVz;^xY^L1xD*H*D-xxSMN!2X
zN!R7ut26ipJ741@p~Hg;hTwj@qQ0^^J%|M5-?T^3SG}8NuQx#XIz;rn%W0eA_a<*3
zV-bkBz+j1XC5vFLpwl1s=rBC=>*)IH1_R+GR1o`yv};MD{wyyuu2dEdDol{r%W#5p
z1p`*X$PzL*AIEL~8N!hXv~zENmqB6yVRS(>uTPxDyiaYHtGp3=`M|u*yb7j)gK*1E
z+I14K1azDr@_$V_k)qTtJrgH@2;oulW%0o3rT5%qyGMP);-ORMpSf}N?NtKGcKPSO
z7s+niP5JJXV2VhvR~8Vk0pBwz>gend3Zk+12g@sh0Mes@P*%*OkJ!}^3HAHo_e<xQ
zxNY0pey5*T*h(I}#G04HVs3bE7g1z*J}^H(a4>5&p27<9=-u~Vnv131(bLax3!MLu
z@W_LoqmY|z!(P008O+(Cei!-AeVf4P7X-V%45eajEh`z02P+HoO)>#Q@^699ksohA
zF)rewLbg^olxB*bf4rT3ew0f|q*PYqdvLtSM=SB)-@xxDw8+8F&;Q6_Au7l_?q|2Z
zxc?GjC*+#{aw9=y*gQ!j&II;RkTg^{yd;3ERp{A)P=!Sc^1DkL*+wPN2A0B2rr{h5
zWo6CQf7X;*Nv<hF*3m)d#!cbV!3dG9iIibz#nQ9N`k!^cH9INjI$7wDEN-2;%AIU^
zoj7&vclVL9*MXfp3pr2AI{DMSvv0@_&UXsPGx0;Zgb%RX!g43vU80(d!kS$Y2T}q-
zU2)!Bk_ikFd0o;$GNKb*l>=Q!1A6I;E;$uRNmhAx+HM6RIyw1nMRHlBTX(o!x3Uzi
zVnVl~raa&-U$#sBbF;iCP^!NOaF9y$yGvemp<C{t`|yu^6rqAYjRN6K=^3s6V~l@r
zmOt5v0wvNPP2OuF52QTlA<F`;5A<xj!u*z$(YEiA_UU=xX4OsWX_sTdl1VWDFh&p%
zIRFU5f*|l8uEIaw$-jK3;_o~GBo_xF001f~e`pcF%3Rtys#hYdxAiM_si?=U?ji1@
zJ@J_tpz|Gw91eyl{s=bj3sHH=1MoM^1JYzk4QR;t4E_*aco|hy88ZP}0rlzYr{iNW
z|MZa|fz*n?Q1hQjZb}eEpdb>+0RS*qV>ZFh8HEEg)_-P55eTDNq7Q!1^2m@8DUs*V
zea;2)0YHMDKMRBUlcM^_001UW%mASTqY6van({8JMLtjdp0I<)hyPeoS#<6z0Sp9i
z2GZ;NED9QEH18vi15yG2&_-pjn{*hWrTn1(yLnWlyks^JAI(BzELmTzc}%w^;WzVF
z)NuoS2`V9F11&0*{^QEniNPJ%U@ePEEkpwEK(U8MAm*_MjWe+CK5cN)eCS=-D;jHn
zw|w2;!r<IOaTd`ll>C3)chb46L#ZZ%3CRGaEFih(z?A&!4HY0;77z*-b<b6uPZ(C~
zP>qE(EYhhG2oEe9Al!>FIO4!bmElu5HEL(jqsBq)$l+acHSgkKzAo8Ca@B)_mq!P$
z&6O}X&i)+mk%xm3a%bQpX8|kykt^X*lMiY!jl;G?LrrI@e_E4QF2W#G{$wj^f4fm<
zkWm~e)aAmf@SOqhlQ$5YSNpBfq)|Q96aUIwdi+H^JT!(3)kl>7=FA5~Nd=r8tO3!#
z**zF+A5^uB?7_$tMVXDYxr`-ZfTv|+?5eL}7=OW&hfybuFxcVP)!kUlpFtM-YF1u6
z+!Y{P{51!g#)dqQ3aj+r`WW}(AWynHS+p9TZ~dzd09EpsV2{Q|cK{h)k(|DUD2|F4
zeG6~mIPUo`AdCy%H?Bah#<l`1TNop`fAbxpSwXG|hEK>I^7E%-*eoX06kc;4j*9*n
zSN=8u8Hy#F)FgfN3s>A<0B2GsdXQWvP&&9)T|_Irc|yfdYteNK7X{XRqCKS&C?2iJ
z^-PR=NNZ?e5`H*I`+1ZTZ^|TJ`{#szJ+qdQ)|AElfMxKw)n?5~RDf{NlxwsKHFk=>
zOUse%iBqte^N?UK-P<N2f_Dm-VDXos*6MEeIJNGFtktG(2?!`O52>_*r&S-3iY03|
z(h*4YOo#aBxK6y~&;sdO2!0%5O{vyYz9frz^dvw5PeM`$N!kZ-26;u#c&pCR80xx3
z&4ja!i%?C{cIlj%jCi?b(Smf11ZF;6YLU5M-YV#R!NCYR%=+-^C93L4xd&|L={ijQ
zGNXBucBqriJNEukm-f#~hQ`rGDZRYlS=T%KcinH3aR{pE=YxG_Dxc|x8|u{s50Iba
zMh5FKCCqsUQ1{8?&h2K;p620#X6Cc!V%zj^4s{#;17~U)^xR9t8-BU42e8ErR<X_1
zyU*8Y&4oXS7`WF<)S7c!Fc?voYfO0Xr^wPb?+J5wM4`O-RAsHWbTu#WCU2U4rc+hR
zOk@Hyy12NxxOBO=jI*@zWNDRcX-#Bl>Dj~<rZc>x2w&WPvd*B!a4x}ce$Q8btY>L>
zb74PNzv0m6IB}rBuqO2~L+~s|5VY`0aG5_Ieko$SSGO3@V+a9b*1s+P=~=#;G~S42
z<t!_%KVfHR9RC@$lvr-Gi?e);V|+NYkR-B_mv40BtK3At+)O`VMw8jbMk}aCM_j=4
z+c0aUdalE5YGHAi?8Pei@bZS?V2?sXVG)25u2$=yb3kvn`^XSF^%l3ngeFM^juxV2
zF`jZaru#JyqhMLAPRCD;Prv`xc(bVaBx&twf$5UP>gFh><JZ~%C(khz24`pPv~J1k
zn+c@XL~zOk&u?Y)i6PYSC;2FVnRabbb*+Rc?dr+uqZmW0GaWydwE)=camkttyZL>a
zX|Y84zO&Iz;tE(>AD?f1Sk<h~SO3u6{HL3LN^q4#@BDx5>r$4>bb4u044WP|>yQ0S
zA4-;GEjP6(mgFo`H<|IE=wI1vbCCAUBVTk#nz^zzdX!gB%<(4&a`9o!{L|Al^ZIqv
z)ryy?>2rxqnOB?cLgv}lo59YTtHGP8)Pi^z^N{G3-Ewo6b_0Xn%~yUKw9?xy6qa8$
z0)&05%<9dA;^|339<q|Mt<<HLf0rAQK4_PhTiWrN+YfK8EN;~$m`t%o2odWG@~uPt
zbo)ijjF*fU9=3|){oxGNOiO0;u8ZX=%dr)#Z?X+FVwU5cE#&E0+_CK}x`+82?FL*e
z21<XW81>(XGE%PJae-R)C+-+OEF2#0PC@*8*#u%js2^Ff`}bJQ7#757r#+`OcrI;|
zk#1>RzLgSV!{um`vbCH#4$%4b*4ttGOP&p3v2K;u7Bbq>AJ6<vzwO4NZC2bq=o-JN
zcdMen?n}jTOa1;Aqt(=R02-?OPCly*DPUo=6=AO?*mqBw;mLcEh0@-#a_Oathy6qb
z0&a?(!6mzqd#L^B@cu~sa;;@5#M7ut^zER7Dy8Dc6Lb5%3=W@S)t~K#){l0wRt^@o
z?1rumm$vp-rWQxp9S8V~#w${&v=1lw_6s3vlw_<)s72AC^x~L<`iHdyik^ilyTBNm
zHY1BccI#8(<73fdEO8UA;?Ab!@lSdGIdNO1wgA4WdCZ~me3J2k(dzP*<H?r88N*Q%
zpVJbt^F>7?6zPAZebP4p9FIOWC9b$}wErVLS>k7UZ@GKkyMOes|Cizf^xGM9?3`2~
zL4=yXdFfI#;s4lqmEyh2R5NI{z!})#lu%&*DRLhmc6>VJ48uKnOzHTS;^>dUQS6&z
z@|O>;Uwn>vEzj8BpK*MTI_g^+b;jfG15szX0E%5od!3p8o-pB_A+}GOiO(NXy23cl
zQsoX=t<FQ-9Cng40aa&&!>&<tXN0&r_r3c}Bn|@G$Aeqv&wsxIXNuzjz$O-lqOq?|
zeVwU67@n{>Y?<Re@r)#{`C&m19f{i_^gL<Fp8ohqi2vO>?^$fq4tu$Yfb^wKK9K&N
zUFK|S_eiI$=gi`po95Bkulj>EhIhih&&Re7q$%A8*)Q{G{ed1c&Kav(e>KG^)@Fu_
zeiXQQw7J_1yI1ylJmqtb5ja)*X063<Pv7YBS$W@E^!I=7)d;^|xGW#pzklzb_MhCn
z)kLQBO4`*zP5x@gYqtWegPxF+?Z}ICF1oVp%XY(pc^me?SoU_`DBJgTDsP+LfAJ(=
z@-Y6ufh0B)bYIsDooDDZ5bf2l`grwmdjM0I=Wl#XM6vt*N$J!*t8(X2Lq$P&;Ro4c
z(JlHg$C2^qShUcU$-5Zq7f*f{vVDMwd?<E+=UXmYR#?%W<(Ql9v1`9K7&%XExLs#x
z{M%Lx#M@6dzBHWL+*h!w`k_IC(VXGCRf@hkx7aGk+%9>d<DKDAa%ENKE3n>v+uC4S
z=5^Zs+k46@qVLix$zZ+e`)Wp}wczI4oR_q^R&-r1-tE2xfzvbjmTPBiL&XjES0&Sb
zh8xzt2b_(P_>RHue~m=(X~&6?+R<#@7!Z49Ztr%#|3!w`Rt@n`3cb71`VjAU6ARsp
z53wBj=;<-yHX`=0nnXkKdZSC+CHlFZn-SVI#CO)oaY_?(ZF$%4;`1N-bzkP5Pq7to
z`<-58d~)b@yX3=qrRVA_nXYJ<87>|KgiFd}eFB#a1OPY<I7dz7ATTyTRy-Hxo&YK`
z*8@)&VHA-0Wjv3~8Ebz6*V`KV-LrgU8~{Zl1iiAQ3IKYX9qfMI?o5{ngu?YSw@30`
zCX$LYYjUb*DW-Fk|Lcr~%b<Y9e+VmZu*&pDJTD;`(!UOeqDG<g{)%^@(RI7R{nhWI
z#bD>zwVr`Vo)s+rUjn`bQdwnOaw$Paskri<a9T!LKb|Jj-o7OIcSoM40jr}qFS`<y
zYT2~Y-jv@8_iOJ>PO4g{<v-FYaVUC|u5Q7rX{X)E-4?*+aCdFp;xK>Z@cM1#`HuVY
zSt7$*@v{S-YP;zNfa3NE?w7X(QB_h3XG#40l*dL{@zBNXaT2@cf~m=Nr~Q!V76*I4
z!#2%_x=&(gr$6~ny7!!q-!cY0j^EIBx6!hu522PWq;sRu<1`6+6kx4GuH5?GRR3{w
z=qI_SFG6&^KBxC36Ujz-vIPCkPFnUWKYWoDTZvP={6-VM?|$A+kzjUR3tK!j`Bq%n
zhA!BncrrUw*A{Ovm?1*k!rC}MNt;A)(6hjd_GcLTSBO8hE7>KcVBJGX@B>H2hozLP
z45UN~SwhcGi6R}Xt8WYLhEu_8xr1*)lXBm=*lgxLF|}Eh4Pq~}K}%sq*^6k3@y&{|
z3IJf!v=ZB8m1~@7j<RYl>#VZpyvfE{rF#+Ti3vvvONm(12+o2IQptnra6YcL{yh&|
zTNNS-+!T<Eq`88~R6{~83Mp{}ZzIQ8)30**DKEY<oK)`p@{UcKqY65%|I%wO{+qXM
zqZjR84LP4HtxWWiA>^-wv_ND?G94vZyuR{AZIMww_}C#@*Gn|{nyE8e(t7<KB&rli
z)CZsD|1|oqIIn$4U+{a!Rq4*pkY=K@KISnMmlTry)>?11lQ`R<alJIsUV2(z;g*k%
zmyV;ZC9OO)-7jp*DmkC;2~G_X7<_B)8eX{YK$o%xg-d<)6_pjd<MF7IJGbTd<uXv7
z^-DN%@G3#Aa>0HA$Y|$2bzN}ap5OUvfNcqf!%-c~k%tl8uq*_~6GrauT`4Jyv`K8M
z`VH1?!evVYS3YzY81DYPZOg8HTkGe!L)QCR9faVdlQ_zkcIgDyzKdv5N_{Wgx^O5x
z`)jd%TC92MlHs;)QozcgvZh>eS!%6)nNAq;z>*awd2P?NT7H%aGLAp#E?urZ#V|8k
z+zgOOe_y$*thl`h5Ib%@|HD;yca^FQC5U74ffAA6HNt|gQ!2G2y(Vv&i>j}94}Akn
zvpl>k8WmI>0z<(6;MRuc`z|MLf5#c1xGVoU!&Mht9}`)142S{49_;$xa?lEU2Yqiu
zfJb2FqfhG%AJ_<W!+#m$f9(0brxjtFH%<u%yarJ107A4`!-&zS5I8YGD2oy!NmpZG
zvwuwF&oNS(@uC;(6>JeQK^TxVs)w5a1r@dijt=6n^UtY-n%=Q2N?XZ1Q@4o@kuneA
zBS!}Ek~%pju+YEb0Q2FQm<G|2G2Y_>ULaispGxzrv*F~5$;ZbhXxOn3;O}B6Mv?e@
zQ5(Z<04Q_<k&x_$PKVF@H1vv(3araFd7;~HQu5f+u{94&g9KAb0h8ua=^oXgmC#3z
zzigbb@Ymk_G*%Zvbh5IGKb}?ej27}B(ZS-oohVxkD?(q7V!>xKLr*PSKhGX)i0a0-
zeu!59@7;1B!Ca&Mq;*+P!!T%!(hz>tFC0tLLQnG*5Dgv^@a`Z-gg<1+du{y7Eo4nW
zj_VhHL>)*LfRSVBr-A|ep+sTZitCyq(XQliH*~~`W+fW7NuT{;o&Ydl1;V!QIv)=k
zKx_cOJjS{eHb|-R-D_!#doO9S{c+>c9-7ghWzPaiA&ZG4Y<oCZ6QKwc5~s$iD~eQ=
z+f1C(V4Z8asn?x|p=TFovg9q1V`3z%2m^Wn0Pq2r%2v7ph%n9pDc0G=-o7QJ3GA~!
z)$41L+ITF5Bxf17E~_)54UPFF{Bf;UOVQ#$g0SXc(R={pKcqid<3AJv4+y5X=XsIs
zr8;z0-_U-~>r4$%ULbvIpPgR-CdK$eqp+C(@ecenOu$4yR`XOFpNDZIh!XjpNtnu?
zf+h~5M<Lem=@FmTc&X8aYkljH$dUJ(c+8DxRy#{0zu$SOG0sE-=seNN2VZ3TlC%*E
zT{>{S2bZA@>ECw{JJRYed#vDVG-3~Z5g}TWD@5-+%bO>ygXMTkmyH^`*oWuCHR$Sq
zv5h@^FA!o{JnNf7jlC<Tr;+c<)(QOTYDFKatwo78m_ngHB&BP@Ua4%bd4K--Iw}6s
zC!S3(_svgjhQY*IgG^4frh&cknxrl|DS^+k;s#fOsUHcq1S56(?Agy##(A~}D{h8#
zJ!;dx(QQkdr_{I)pMO3jvgST+8VT|E^$(mgm*GzR87wWFw>Z82!Y*Yjf#EEd#dk;E
zc&<0;s4iNld{_D%&4l1XU9knv-kXu8iDGGi5@X*rt=j*FDw0G(&7$py$D5~&+Ak~a
z8O!XR$)ekz6gm0wW*t}v&4cdBkHK4#L+G!0)9o38RmJ5iCO`OrKeYXEV9oxIg5aR7
z`VO35<wx$uXxyzBEJ3fTf3P_g^r(s#W9)Ef$09L57sKDc`+FK1L<`u60pRn&F~LHu
ztHdA0yQv)m2$Q|R4}<^mA8CX-{<<uA_51rGt#h?1W`$-H+4O|rG_kgIlSHh8SQ`xi
z%(Q@RhTr{omSGkb+S<s%m;z?V0x_DyL6ph<1D`7{@{O@jCis6)QOE7H{e>Q>V+qHP
z#FY?E42WC@h;LeTQT^F)mpu##^%)JQTa)Tc0mo49aQ$u?H>|LRZRFio6Ys~pMgnPO
zu*CAHs}8cIO#yhv`1HdTXQf?<iT(2A<%3RnC07bLqLVnz=z8d#-)7ivAYtBX>jvCd
znV4<14Kkh^2Mr-0MHc1}Wcg-xd}&p{QwB;gD*5a)gKxoe-<OZeZzsW02{0@GM>Okf
zPU!m$2-ZO$oQ1LBPdUYsv^$%r_~2^zslcoOILvVG?a!Gv0y97y9i%T@|L?76kEBsU
z=IYU_-9M|8-Z$sRca(V_??oKH{|SGyXOnq{Lv_E1cdY<;*kuHZGXAZ`4i!@YYM@9Q
zwAM*@IW|*kQxiyGOu&X5<3)pG;OD2yNB1)jJq4VH$I$y><ya#0k~@6=hMdqId;JMc
zJY__r=--`%KHh|>&ML20ufT3!5PH47>d7MVLf=RMa9WYXFS5^5062X={@$-p-e)|f
zSY3C?Ch#(OV~tiem?XV5xU0evgk_OetRBoFNlIuauHL|I`zR^G{qXu6oQdd(d*XMp
z9WS65y6hjUCU=QUWW6z9a{ze_6U$TvzByn%Ux&bG1y({B0LO#x1+mSo#$GdV@ZsY`
zWCuEDF<GV`OJN=_pjj%`wtA3wRTxNbHoFZIj-%<P>mM3;_?*m2A5VU0tT6Lm<vfm9
zQ;IWr>NN$ld<iZCaEr1Wt{OqOW>^J-d7%%vB1<NYR7wurQ2K`){*auL$14KNW(QSB
zh&aoC9vS#LNa5aTVJ~$y%k^gK^;jP>KAJv%&s=FExIk)<KuoR?TdqqLmboBThIHw_
zTVqUHE^I3M<B1acZH}nl`t#Xb_`?fvE+%CB`dSfEhJjTvJ{{j4Bil|X=fNW4x-LDp
z{%no;BZNgNhgF<(4SG9cl`gZmnfLl=1CKLdrU-x^l!r=6$1_JtQcNqAm@7-?N%gYE
z6|t&_=BW>}R)nov`D%z;SkT~`dpPHt@c2I>%GZfm{C9Ce*z#W~=gUv^iV|eU16V}4
z*!(d}L=-uFHf%=3pWib4FoO1i?-e@^iX(sVLIxfe0I1k!nYKEs70BZ;1ZXO~2NUT|
zbLol=UQ<&J%Pl^NKEf+ArMvZw&3tPHb>sLKHc1K~d%)qn#;>PaUDO43#OwfJIx}Sx
z2pSuxu*Jck<aoEL3B?mz%SO27=-V<Ida)~Ewv0?Rtwp!9uQ&RT032(h?IueHiY@yJ
z1ABH$4~8v|cr-N3=)>;Ttx6t%d0Uaw3i%(0w->&fdKBmYdDye{{+H!@Sp(nxEz>P4
zuyjt~CyrB0jzx)@;S?+O8%KcN4;v`;Odk9Bn3V??yZx}GzW74W9LGl^PCxA(zxFNP
zBtwYKs%*b$3ug5M?}6jh3zUBh(^I2-BgfJ6R$?PQ>txI$oFe9J8S7BNg`oIQ-=m`U
zuGZa;x7<xRL-%&Jf(wP?IeAI5n+!I#%62&CSOwcTqf%p{Y}ulrWQ|f-{CEg7Z9UM>
z+CkYmh`AsIWD{#!7^i3bK4;hW%<7lKR=l5%{!liKM@#~RS){hj)5FMj2K`21TS*iz
zvi%B<66K-E$n$FUIIrzo*}WKB>pYsL@n<_J57ygnuy6LBV77M04vL>&*;qe39f0g{
z3T)HR+kW;RfbhuY5F>GdFz5K}1-2#b?KTC<wsxeuq0r)3=x(`3#v`7Nu({%(UDBcw
zPOlK6V!rLjd#*RDWv_9cMV6T2m4bR-JC-7OF<>3++0b^S?OtAdaYfSpukzx2f~Wbe
zMntR$l7de&`0P%F_W?zPdWNL|#A9^<sK=Ml?Jr)|rv^g@zjQG0bh4Lq^6_+umUU?Z
z^i>!k*MOT%tJJfS)T5F#;?gSDgAi@o)nFuROkpb*cN?^*ZOu*_rwn_hy3#jru|YB*
z&G8v$@*=#uO#7hG%f98TB*f_8hv{CEDMzpC5;1Dm%$G|fr)UiM^jFxPmGr(>Y6)&S
z*QEjPR4VD`XV{?_h|C_(*wJ<hF>iCy{xAjasHy!|j|@B%vXyy%erTUU+p;Ltx~QOR
zV(Y=K?kx7gpgb!hUR;10V*_xHdFlZzEl=XD(kpA)+jI5YnI&bwNysZqD$~3i)z9F0
zZkcD8G(9N#W4WJb>Z1G`fvtc|ifMvzh~QRmg+oh4d8ll~sH4@V;Uxl}r!G&+RSJr>
zOj%WHIDg5O7Hg|5$5%`x^U*xAhpA#7N9Cg&d1e<2l=K{5R}oTr<v0=l)HLO1{I8r~
z&Ee#A`BRsn%RJ&UzOfS9l)(RvWu}e}f_E-D9d>^nQugLDx)zvAZ#qKpuJ-UJ*sYc-
z4wm9!Sl9_!_VKReEEvJ^Cx_)=c!?03<2|WCIqG!J9`<0wqB+H)u;<i_Irdj~n7n_8
z9!NUcz70;|bp}f!F8(FP4<}WFjwhPVmyS`+sT}gdX8N6*PPhDc->32aDB!;wnglqm
z?pP2Aoe=O>6TU+H?B~C&>X02g(XJXXcwK;*%hpUS6!YTOxH~aqFQOVhNG#_k%dGyT
zfI+)((>7Goc1=E+;r%=aeeh%cE6qmv(jxQD$qS0m#yO?3%0J_Z{Sq&~mm|R3us|@A
z)FoQO@?4PhWeuyEU>8)Y<3B+_9Z=s>hNAEEs6CHTkk?6%75Dsz%B8{|<N~i0tQDUH
zb#p<ik<25m-Qhe$xi9Dd0FLPshUdG)POIv}Q02X9l3c-)5Ck`e5Et*mZ0WH4@d79B
zOQ9~+BVMN;e8!H==8lwqYY;+gBrSQAzvBheo(giGbAgfI*6RN%g(UxugX%CoHO_>u
z&O5^a<j09eOQ(;<d7m#=TE4Ilw^|WDx4GUcm#7s4uu`(|3(JYs$vwZ2l{=7CF&-8*
zTNAb25HziBKm2eixMeBeVq2;Bz6wM7F5{%SmZA>8cp)K~GW1%7N53w`Qh0Sph}aS9
zpo+NEb~(;DK*p9R{}p)Ea1rlvSO;X|mgQ9alCB!NLe$9n@_F3PtBZxKi?-Wp4d5B7
z@Hl>R9%7E=YOc(?E%|fHRW<CGChZJXcG7(LL{!5)A)tCYbvW^!cz8dJKS}h>O2llA
zXil1uTj<>0dPKS2K4T$+-OF=fgCCb_FC9=;B8Jl<w2%1*KqXTVx(c<c#)ak0w`EOU
z2Y8Ocrmrsb`8^hNzV#EhC&{WB&42rXJ;+SbHMSE~-R7$BtDjpF#b>y(Zu$1|>(zMw
zw~=oigE4U~9O{*@aroD<w?b={ExV(09*!+fiIsszdl%2FvT?w_83@H(^0{u*N&3^&
zcd4rP;r#e&qV83?;ILwHX)$+i51&GZu`OfWhwazig6}iWj^k^&Dz8=-)TW~<TCZPK
z!#-679ldMSg|6)2MYxZ|h|F^F&GB6xPy;vpw55;V!!IAiWWJo6=f+?t5&t@lr8~R!
zy1~nXp0BD{Xb}@Wmq=f#dtQ5m<9??5wxu5#r|4b-BwJMbnB23a>|W6h^Lr%xuia?`
ziu=1RXmrneMA({4G{m*cZCdQ6qcX;-f$p`t)_DIV@WzbrgZcZ>Fxn3nMO?-~e9Jn@
zC0nz`6{`v#tv<2ywLnWB#-5rVd15?F0TB{mv`sEwod)t=8@>PeJkiq#Fh|<>p1hMU
zy|8$H*iGZhB97FS?%7RvO+F6j_G8OcR-|J@rOH4&YKrSNK&Ux4ax;-}BmezO$Zx^p
z+giQ7;`dhcF13%dx&I@@Z~jVnT5KGiBLYCjSRCGK-{S2_RN6FW&=m6To5<hRg@WC)
zSP;vvBO(}YmdZp)Z%C-YdTGy{boD*S+W`e#|JA;G{kMWm{EsKeVsj+O^Sh}xUVh_;
zFO}a@M;iiL9)++5efD;j6li{T!{gZSDALuy@!f~cmdt?LQ^66pxQ3$TKM^ew|2}5A
zj*P#>WqVd>^2X?W0hv$uS)&UDN1b<7xtJ&*w&}IarS^7no*NCM2wU>r2ON)y@6G8G
zvq^Ammj1oUpUK(vWp5ysU)%Cd!2}CMlne>25Cvff+-%d?>stnHo$JwJWILmTPGhvB
zJ(Uf`zTZHizBk#+eS1=q=i<((t_<4uxTW_#jI};0O+M3K|0DQLa~8}!Tg%(4^vv(L
zwPTuqlKbxC-St$Y)1ny1uUK-34iXP>zeKr2B##A!6|xq1kKp37H|MW*`6~bT^6p#h
z&hh^RO9Zt0B)sBU1!TbEM}FB&J_X<=k;S_I5(&_QG)Sxa;cq1FkHqPRfP<_4!?C{W
zS0Cn|UO=OZr{_NMuS5kbzy@%<@4ws%wEpM;zL!r`?c2WRU$xvP|1l;&3&39Csy^;z
z0LZ`o@N*Q?N_$mmB=@(!Nmw30tRNwPU_pZi5hhf)kYPiI1x-Ytz+%Dxix)9w)VPsj
zM~@#th7>uHWJ!z)04xv*z(7lv00P96Ig@7nO`A7y=EMnrr%s<gb+U9h6oAMD02G*1
zx|C^Cr%$0ql{%GbRjXIAGJT-J$BGLN!G;w(R)oY17$9U-yOwQ9lqy3CB?^>oUAuSj
z(v>^ZK+%v#leQH+m~dgkhY=@MoDsqU3lt)J9XpvaSQ9pkENI|hac9pX->&4_H*aav
zr%}(`OVlXR&#z&}mOY#HYzG)D0N7x|L}lNVMeGRSBSV9VwUH|h9d|U$)X$+ux4HUd
z>%hseXV<=+JN5((GWggKImU1E2`|`KL4ksT3TeB?&$=8Wb?4IY=QmBgrC*SM<qJ^2
z0SPS7BnZB<zy}IKu;Bs`&YSFl9sO3w000Y?cz`nlIc$o)kL=S=#1Zuxtv~BJOi{%Z
zS+uQ!1|9<-gYkB_ptlGG5a9w6A_!pvo-9z{f#X^%5~L43qHYYHm~7I?C!vf|$|<R=
z(#k8R9K*!EP&CrZFTo5mstLYRzyb?-+Ca?+*lg3yH+|ed1D+PJK!pY>NI=XzHA1o@
z{<aKM&_M|;)X+l_J=DLC0OZrrM<I<gfk_*v)Y3~a%`*Y`BJI>qjsQ(m)KN(-)l|L~
z^{CNKS#8zTS78nF(~Uws)z({aJvG&iR*luyUx5u)SkGqFsMcJOO;*|Fx*XQoXQ7Q&
zTF_DwZP{zF#dcSYdY#t&+i$@Q*VAg5%hud;ZQXXGZpCfa-FM*)u-J@_Mc3YYQEfKf
zefjOz-^Av{s9t;tMps>p*!@@Gg&A(xq<}9PxZsJeJvgI;9nM(ejTMI2B8e#uIaiA@
z!kFWeQBGM}j|Tu*<d;n)`6825uG!|B$At@|IkD{7=bwQNT4*LU&==>Ukxtr6mXD@c
z>8GKNIy<Iuc3SGIvCbMXs&BSh>#xBMdn&GN_FC+-(N6m#vTHV5?YH4Rn{Acdj@$0L
zqn<nEy7BJY@0#^SneV>|FTCNvPafRx#TkbeagG&lT=L0RCim;eDbHMUUmxEX^UXmI
z{n5@f{#^9aQJ*goB>)&`-SyXDk6rfJX|LV(+i}lb_uYAyou}(k4_^4uhc4du<B?C^
zXW)l#-uWUi=w15hsjuGp>v_lE`R%#y-uv&t4`2N8$uHmh^U+UV{q@;z-~IRDk6-@z
z>961Z`|;0T|NZ&z-~ays7(f9Ikbng=-~kbsKm{(4fem!v10fhe2~LoL6|~?5F_=LO
SZjgf=^xy|U7{XQs1OPjGKI}*U

diff --git a/www/index_files/crypto_backrsa.jpg b/www/index_files/crypto_backrsa.jpg
deleted file mode 100644
index 53fafd777c8aa476f699b746c94ca6488a6c1cb5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6750
zcmbW&XHe78*C+5F1PC1g!61Q9g7n@JY0?u=P`V&0O?nBvN)r@BI;d2oDgx3WbSa@1
z=`FN`s&u4@vi_fEXLn{_?e6!^y)$?2nKSd5^Wt93TrC6FbhOY~00{{Iko;S~)n7n|
znp)jJQ`Jb{;5L_;373hTr<bF<8<(`0q=Xe0mw}z{Z7xYEaVexYQihA`fsd7oqjvz8
z5|_NJ2$!L&ySul8qnrJ|y9D*sJfIFxQc!>?$SJ{KFclRgHSKjeS{fQ!HYR3<>l`;>
zoE$fyP%gL_KNpV(FBB>uFDN1*DI+5T<3}nXq!h)ZWu*SogoKKUik5~JLPrOY;)Zfd
z{Xgfb9blvc5`bV32@gQZNCILcx#|L7|IFkh{}teWhJ+MEMos~yq@t$zS5SKmASD5T
zNXbCt<YZ+3szd(017wWkOx%*H6wD8-z&x1iQsGG-DS6c@zp)s6--k<Edqz-Ev)+KP
z-Q>H)FCZu+BP%D5K;Bl@(A3gKp>+(6j7?0<9-7<O+C8&(aCGwW_VM-e4+xBW5f%ON
zRZMJhN@`mA+js9X^70D`i;6#eE~%=nsjaJTz&3Vtc6H-=di(mv#wRAHre|j7R#pkb
zwe^k7t?h%uqvKyEr)TFE|8bE3p#Nt5JO3N@f4CU`xk$;#KxE+mxJXF-{%sH=89BEk
z1(WInuoZ@xM=G51x?0l5%5PM>(gyo1)}G&~S>ZA(d<Xxb{g>?j4i@qMCHr5n|LvLs
zXh9_Zh6iE<RDjdq>BQhCXHjx*`7e0`jfPkTxRSS5krFoG0vl+AHh(cWCVL^!G{&bl
zSaxM#$J(1d{X3D{wP_){1iQgzO@Uc#Rh;zE9kO|ladF|7zV5qlC>NmIS@9EmM*_^k
z2uWV>27XhQ7YDhyMdp^NPs0d03<L2P6Yjy^nM%ll9|>h#JEkroH!pSWwwmK^ocXcB
zk3qb7(JC+Dw25Iwz{%z3c2J@=Ma{HE+J{CT?u-Rs2FV_;X2Z4s6RwG;*H@BOY~+a~
z32S11rPzzx_sta_>?5p0Xc4;%KEiitYq;X9i`3-9LSGS-Yir%}9_l(P5_TdG1l^Y@
zye=4~_bOf~F*iWG*p1zBS#bumJ>Bt=BfIMZTk5{rcQSdh9DzycxZ8qC5@-)W3#78^
zm+%Hp>7@x{jNq$2l5J(5y<b-VtRpX3TaaZ8Dg}jY=`|`lpb1L#Bs+ioKLCra_m}V+
zu(2i;va{hQbj}z&6<!qbqVX<K@##?#KCBO1?!Spr4%~?Qinq$Bq>ZwjpACl%zYag?
zZ)_CCZEto8_0N*olsgtCOf`=zC&WB4-%rgj`Z=VW+#epVznghWIYevfkvAY3Xdy77
z`pB3$uGEo34@8L16KRE_-3&ci8)KJL@Hjj0(JKaAs}+9^_}`?!C(&)QA2;WGRi^d%
zhB1q>G*>|Fz2LKj2xPZUz9dyUk-&TW<!JLFts-TlBIlMSU%HWiDNsoUg+`GP%8^?}
zz{clpx5D9UPr{C=-&<uP2V-No&!`oJ2dUm{M)%tHKfWVoQILN<(=4-TZLZ7gy6Ktu
zkoVQkB&wtsW7o`VRcbS6G6hQ?uNzgdnFFU!+kCS+Us-b{{~S*=*mt8(B=e<y3wIxw
zg88t{R4iKep?!74z_;-}KiSvw0AI36jtx6*JdZ_1!UF{guON`Qv1%MWnl&F_h$=Id
zNw{SZ!=I3u%isSd>69evJ#W7lBJ`bP=Y6R+Eje+k=-tZ)Jj02Dy}VVa)jHQ*sC%j<
zdHJE@2!7J;ov+c#i#x7g7YCeWGY2aNKsRo1ni%kVNQC-dXSxAF;J@)c!@J8bn%9SQ
zjW3|-26==v#45qh6hgf_*B8QENl=;#<?`T>iC-R5>2D?d<@$&5Gxum?+{&Yjx}tQi
zE2K8N=^g6tg$<ASeUSG4qtZDP>Q?O^IY3fy<d!_8Wz<oQdr*%VNLM16Yu>q4$2+#;
z!@;wXcaZwTLD%e7kiv%CK{cv-k?)yTbG}`|Kp&3cp49YjFSBW%K2!CoChW6@jO{72
zPNlXzHhijNFMF$+_MilXs*qkbzI$>ipQ9_3uKo9YwChU5j8rO`8!=aTEg-^$Xj{5*
zc4wjMS@$w~$J|}t!1UZt*$?TvY7<*=5QI&_+cmDE$iz;F!Q`Oj4Bla`5cf8OSrY?F
z^PfM{KjezLrcLIFK$Z#5FVXaQyYY<K$J0M_B{qmr{Z^}!cLQ_Y_a13HNVHX`dn=bD
zqps&1;;tWSy=Pw{1;>etTajn71E}%!o_@77{&i~F<pP-8;_S%A9rwiuB|7EJ?vuVj
z8liURxwQ%Hd;o40=<E5wLYjj<`Ji2RNjK5`wo9hYwd=|J0010wQOUzPcvNm)7&ji|
z_P0v!50}YBty-!Wguhd&+1_x(nW{)!u=HL!Z*hkZC{y7#eKNV0*)!{o7*x8WcvWI9
zGTuKp$#y~X_uTlciQ)`p&}y-<h*;Ve7l&QYJU3oxZBY`QR&k(u*z9gcAL{ofn?2#~
zdGf}EX;Ml`F7A^W<1p2pImTH&{Y2cEod-8s!v>;d%=G&D2%3oGRiw49W~jUjaopI&
zWZBdL4!Wy!<`x6aZS?~z-4%Ax7Qt$pZ0}!@1Be0nQ7A3F5c6jzm~GDJ_KjzAYo{Yr
z*(W-)U=eI5G`#PaGtH39x?biApnbG0cXCv?o6DpJpR;e6yIv#(AvpQ$YD4&e&s;Y-
zp}Ac-d<UAfQT4Cf^IEY|sCuTwflj#S5fc@1rpap>%prtdivBgEJhv5EPeaEy(L-KS
zUCk?1y8MFrrsS}v+T|u5=QRDY8MeyKz%-A}->$p1?V(WW9^=P*?&6#3U&WSW*Dibo
zh%7)QfMHQZQ}@D7`0WXaZq8h~%Tk*;7AfDA2&N4e!K~$m$DlknU|83ncH&sn+&SPY
zej{`6C<pm&&-yVE#Cdrh>ovjrL$mm`qN*LS)V!3aHukQo09`)_YyQ2wKikJawZXPt
zuAk?8GrE>93V+duaSl1r4vL}D@J+MswaI<!SFf676nGk0Ye|jY-R<I8sAO!cettx*
zz(TG+jCfk`lxS<6aGz-emx0eo_Rg(=r>oi-#cPm#N?h9~(Df0ICKz-IOSjwRS<~N-
zm%84ZRjfKmx-RW~UO?RSiqH+3at0+X<`qEi%x(+5Dj!rG4h%<8+=zc)l#FKM5F8py
zBn{d7YJQrj|H^#rS6a)!pE$IL(_R%TZdEGu^~7|fxcRX-H5NN+t=i;G|Gjd=KyQ!O
zQBL1+>ufskG?dBR3KQ-Ky<Ze?e%JYyioDZNmgy+$S}XmJ$NUFTyY+=jj;jhSQF&N<
zbvCm}giu+Ng4bLF`%=UrvJUHzH<s6=xg~Q0L+)O5Vt5{IAUz^^mf<TMw^1DUv-~f!
z|7!oR^OrZ|QxM~Vq^LpKJ0N}l3I9#+oDsW-vh1ql*s70<&+fsy5JOY$T<@js;Sf}!
zWbw2$dVtM8H+A2)FFr+){R!>7t_`Jf8ScO3n-aOs-wWmd*(Z0VBs4840@o}bsj{Iq
zl5Ws-U_tbS7R4pW#S_q*U+c-@7!Jy?$6fjog+*Ilq!7fP#WnI&mR!Em;3gD&dH)3q
z>)U%_man+0V*_CK9TK%)_J@7E9*+4w08R9u&QkEa4th7h3sy5uji5wuP1N%h|GA8N
zYyxkp=SwILni_1ho_{TMB6PAxHg-N%H<hGL;L|uGKp?!_)sbNn-(6ifv#;j~e6JJP
z>^8M2he!_Sd3qMF^}uc7mcwnX+2x&5WDUKxKW#4yxwSavSRAWs*I=DzmM*mrr6tlP
z%!o(B4=UoN(O(?*&1WlLfttuIoCUc!ih+7OJ}E1d4)FT%L(fJJWovcVwUd*ns?uLR
z?_gfIenj_T{=VI7v3Breg#bv=hvl<P*<;5<h--F-w7Y`WG!V)qoToy0>G>jhv>n+a
zUv~vudY1R>`*rhqZasU0H(zE_;nMzLlmgmpak|*%u+XcEHiSx3DNaJjEAG<=#+Qvx
zeN_*1<H(OvwKYmC9B{#~6X>eR!>#}`WshQS+n})}#|KaF7J5f_qv>Xh=3fpYkYvAr
zeQh0YU(*M8wBSVftyryfHWP`;at2Cc<3>U{f7?oyVH5V=7YDWR;fv_r-dN3e+fLys
z=65G@%9fpU!}KH~(%)ncraoir<%&bZa>_V!#<6u;E6F0cBAoi%9=CHpe=YYJV*e}1
z;WXT}fW~0#rL^p`*A?cZC}=9%hY?#(__xraQ~8RRCum1TI+6HTGb<989WrmW%aJle
zcpo#0el7XVESZEg!-m=bPlt8yoS&^L7>Nr_EbsZt*n-N8*@0<I0z$2iyR}E)k^sQK
zkMzoUiCB%h(A?;w&0%VCv>`*C1ogV7MnQ$e7r!Z?aZ=J5X>bK;DGon_db9z}SH4>r
zNFpj<!(i)F4*-Gq<8wZY-78yK7#v$rWJc`{kBHXXHLKG`KAz9y%&rW76C-1hD`dn;
zIW?uWl6D0I9g2NFB=mn{$BtMwunn6fZAxcF@B6l1vx}r8+FQj_1Xtu^@iiyQ%e#Ic
zMp=c1ya)tQ^P1W|P6OS*yWyFRLn&l_M)ctXPa4a98o0+AznPMV{f;ZS!|vb984GSB
zSVGOs=Vv?Y_gS&B(}Vo9)wnR1b^$da$C4Z+qQ`{pMaxG=Kf@<Gb!Q<8dY+7S4MMRC
z%Slp+AxOkGx8Kw^RG)dc`bnc(`l~@%%}z6yJskHQC9enl4$VHbjR!!vA0S(QoJW0B
zKtFC{NY@9xedp=E{uCywvz%pDA=MLR0nefjK(<dVW5<t!cvVioDI#I;49{FS&+xz2
zT~EUsA|oht_A!Z;<nMLS<5xfc1OdMQS&B|fr^|h&D-~D|=^g+j<^zlgA)Wi5M7a)=
z-oLk@E~u_2F>SraxTuNotVBh+6k5mMA*S^K%s6`Kt-j06VldJSD@(bsD;n%xs%tND
z>N%$?GIZE3iYEo=J^V<~2qk@3nq~cgSiOkF<*OMck2}_qKfQ)*A8wzfzjiJ*lLjA!
zPQ5S~x91Mr04W}Ag=b79kKpK+nrbo~2&6<Yh9VNgh40qm;>psMEx2b%cG_?>VYM|n
zN!S8jg;nthZ-<`V`J0v-aG>Vb_{OEwjxju0!)i)PsY<5;dh)n)>*0O>=N%lS;bu0%
z!_TA3i*nscnrt`%SDTxvt7pa5Z^SeQt)ed#J}btYpx|L$E2yVrF9*o=+KnRG{}5si
z_o&U;UpH;pfq$+tgDPB$gNv<?=09(Mq0E+h-89`*`^T)9HwgjC`uSR6tgzE@jZo^f
zW~5Bwrd#@^S@Ym7BS@JlijrD&K@RKof;3-w``%29CcmxoYlp)46U3UoZ8Be~2%cF;
z&yV)^32cPPQLseSN2Xq$JF>P@qs+V1H#M#&ykR+bD8c6M=+N~^*ZM|Xmsk_z$E18d
zxpOD>G$fd>4>BLwbN6ZdhW;dPP(u+mf~#NIU+WI)LGQ{@L?!4K;<Pk5L<c)%-da*u
zPlrsZo1d>Dz42Dm%})93&#6)y<J*FZl{$74wb07ZWu9brTBcnh!}%uf6=1JCTk2ot
zQZw`G)w4;ShtGT<4$$+*9zv0E8%6X=3iM8cb#h0KR3%$tx$OenLELW=_E>#GJ`mdG
zuG<$I&Wu+)+7u^Fa!(!~R=@k1wDz#g|I^pQ;7BMY>$rq9#i;`cG#j`4X7kZ(F@o>-
z8fLeXpC@i8O(%65MlUX|S}Jde<3H9OF0b+)$vmimFB3j%DV~s)JnVLp1(j+BNJgIs
zxUgt8UN)E+NuFQ8QVATJRUEUU+Xm(qU2b!0dsHYlv-!p<N$VMf^AW+UFjYdvk;*Gg
z*WKeLNK!IFWHLg6P0NJ{drW$S3n33IEYE72@%5dvrBTpyJk(Wm=t_&f%S3PN;d=!v
zX|N){@||V2D06K)v;)yxlD$2tFUys-r-%bK=DS8g#`OcNKBo2~{EFd!LdA7D@UCtT
z(ls5)Vm0D@Ul2Wg<0IL&9{vrk%G>qS0zYp}d%S(GLMF&KZb^V&MX(nMQOsG`i0~h#
z{8VlklY*UQF^;7f2+=uoPNc3+&Ew<HGP&24<AtLLVEbWi(#Cv=E>b@+w1dtg7_iz9
z9AJmw>;%nEa}HaPr&YOi20YEq$3iy{+l~Vvq`UVGxejkWMP68^Zueg_y@d$-D!nug
zN=^AW{pLMkP7wz~KB_QmV-wQDq)aP)V-efKm+M1*{WZpV(JhSXk|p=>HGfQTL23(W
z5halbe7Xiw0kXWNXMnXdAKOFK<v2g&Ycv`FaV?Bm87E|9Ysp9U34tHEkygjK{24cv
zb=8+WtCjpaRT1e+WR0*pCNJ=D!ED`pZk(G}*yteHq>=`&?0?w5=ASN0jE^MqRr*8W
z*=$kbbi3{&*+ps+T6{Lm#$O{y$K4llc(&d12|QJL=Ii@bqotO$WBKKIINd25dQL9U
z>s_1NFVb>!;pa%dw4uJW95g<-*PW(G>dVi>JlE%>@`DtsEnrAVqf38=#**W>P1FnN
z-qAOkdNY(;O<_h!<4fg&j5~!*1_uMo%>(Hxr*i9j7#xXs{2y?kXjtoO?H0Ml*dh2X
zU7eU*LR)_r(PnMLO;e4n-Us6t;7&e1n=5S)y}0|dI!o-k=VpHVqCTN%#^@xlw)~?V
z#`}am^A}~2)k)mt`mNki@82ReupRrkLTnILoHv5a)YjL4E!?O5>C&wbEEmjcM=!jV
zw_sZc{(8sagM<}<)(hT$xlum#%4;cn*rDO4G^)9_VO+#gB+sl|4Bp>dx<*xhq>t=F
zzW<9Y3A}f#C-cS1(V+q&=9b9Y)_)*D6Y(U6F>s?8`{`)axY^*;mB{wGQg<d5GO?1t
zFluYR|Am#=sqS=4F8>p;*{h0oDZc_{-yva%C;2ww)^?wManjArbw%v^+?L$WwQEH9
z7;m~NzChuA7VR;CWnG2EJF0GS#|N<%ki3nzk-i-zg$Ay*0{jVS?Bg4d^10y^m0Gy;
zw!z&4N`gb`4FR+tNHk0;GnD{$lLaS;rkL#8PRrHNxVjeVlg4<UlguCw{TTbsU620m
zIn~^%QS=r6<q#A`;g}L;7cLi}Ys;J?nR3plvX`T<j(;JH@wV<Gk)UVb&oa6oKIr^x
zu1RZUq@D;|0S>WW%3jqQG(D;`buOkZRi(+@8bAKB^<^umD`u@a@dK+Fj;cq=nf^k~
zKdt?DLCV>(G3^dPR*t56>xVn+%ugpOZ@gUm*F&<W)fQ^Ln5-N?vk#tSgS;?-UjfWw
zU6?oGx)l}b^fSc9%t2dF-l_y<)C2WZG}AoVkqQ0vZW)A|hN)W>8lHPJWO8$;v7&1v
z{+l7JT+b<F_to6N4cuJvb`H0^o!amL2oq&Yp`MJQ28fJ%KT?w2{Pjkj#{}_0MUKce
zimXTt^z=`4sn>m|TEF`rmU{$(ra|Es)H9=s_uLC-UkiVcONSu~rL>l$(i5!CgAS4=
zd`cV--&=ZdaCBP6<Tb=~djWHIRGJxApc}sjdevt*Z?Atwj1OL$*=u;&&l8+jMJmUn
zZQP?iEz1`-XS_CHuyqkVd#d&C3&<s6;yj8!st7FG|1h<S_MQ;6N$z__ZWU`_wXx1^
zOCHwOksO%iQ#!RKSywd7{zlbgcey619V^!h4D3Swto*&0DoV3*3{ZT{LiqIT+U00?
zP3ae}ti9u>ZDj^oQB7|`s|W_);Z+gIpft&+9*fvt!;6>WrLyjoLymA04{i9@mU$@;
zk6xX%hVusshNRBo6^~~vq#ivY%hJD@Tm1={!gRb4NX`o#U(=;5sGTU1zlXK0Fq<?Y
z<%^oeAQ3B&gB*<UhbCuBVRc<mF<O0v8`OO60<Lo?zC(mH@>Y%L<C9hSDDQVu0>r3Q
zLszUWOh$5mREk15bEFI;zLmb8soV70+0;3$<uGgbTf4)393=oC_&=%m|F&+~>0W51
zn94P4I^sutWYT~tXyv%pAz%WVT|&95BWz`6#(Ce%AOBrt7hu{&ulWg;lmtTQ3pR=k
zdjeO2wO3nsbcON4S`h)7OK&$8@6M~caJ~5)cLh)qm-lZk8*@v)A4A<P#PyI#(`7cm
zZBItdhjh!J&T@loovt~dOHM-(_uqQRjrpR=G1Cr6l@GF_zxtXd(mK*;+-tmYSNSi-
z>*{$f%v}4gfIJC&mg|pSEIuxSmHDAo9an$=$)cayLdZ`+P)^ImFWJ<=;FkBpItde|
z>hvul*R+}1-)Yb!_hix9AAiJiS!87#gIfeH##IZ!^(@w$8wnlxBjYkBa6+3?LaP8t
z5aap!*SQ}Vg)vX6pA3I|zWsI~f0JJGevfkM`1o83I=ofUah2S&=l%kUSi=ZguXPAk
zJ%HTF+g0?t0<;ry$FOe49};kHg?=hO^MUPG1mCO3+ZOt86z<CS*V%X;w+K)2%{DiN
z9S<?89A6X8CG#!h2oYFIc)D&k@J8+M#E=iaaLVv!t57Ud>fSZFF#%B4X-PZrd0Kt}
z-CP!M+_!aHf>O7th&MQNBP)`(s!$oZzWUMaCX4a!%zFA?HmbA-3kO**ltMCc*Yf>i
zzK^<4lEC(FvgSLhy{Jf&Jm`7XcER#+&eH?MQQ<UP=#tbPckK(+C}Y;eRKaaSG{j*h
P_wk)?#r^k2u4exSDsj5h

diff --git a/www/index_files/crypto_cert.gif b/www/index_files/crypto_cert.gif
deleted file mode 100644
index ec3d191688f269c7f22a08b92d73df232a1b1fdd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17873
zcmeEtWltOo&@HqDiWhf^yB2r%MT)z-yGtqVzWCzqzBm+jcXxNU<v#CC?vJ?1JIPGu
z>rCb(Co^-TWF)zHj7+~&K|ewLkA40>|NJle{4f0HpFaO<|J#B8pF7al*x1?G+1T0W
z;{&z1xe4`uYdJhT+&tX0wzhV0aj|x>hJx~8_#XuP4;G-lL!eN<6H3?S_6B{&pwk_$
z&Fc&MK`xsmU6(%)h0A8WK3rEY6h|T!>H0l)AKIHnrCfKUzGy6!#bh)~rlEKuliTHV
zeWameDn~d7fk?Kobf!Ss0{G3*nOLAiDMvO&)~$S@T(ib{V$`i-soJnR5?Ri@a;4sK
zs$71|y=tx5aceY2&ZByx&GYJXV(jU3Ht8M$PYeLp?(~IY(Cd$b>-L7?$>l(R*7}37
zG&Y;f@z#c;sa&xrh3MNWmELFALVY{bKc`D&Qez<b_U4N<u*=!zM0?BCKSg;sNC|$=
zDfE4Gce4~!&(+a%fn1J4XPes@YI-7OmY$<kQpqP|hkTls!v*Sbe9FbYv-9ogdT%Tz
z?yX0_@9A!DD*zQ*<pb*W=%)uXHuttrZy?t?)Fa_EKJ-^K;VG{WJkvDcPs7r*&@e2_
z^iW*q@9E(`iLY@ZqVhC%4e4f&cB5DZHS+|2y?8*y$Q@{+%ffAHlKX72Vu8Hi;)gJy
z?vyn1A|fJ|cas3-xMoQzvOHQ*^!CFPKy78tA0BGxgGJG%K&wN$#~8CcfsqsNyox}5
zD>0PH1@}}SJVGl;!Xwi3x@VOhZgHAQxwKMPkh{!rN<{24Ws2diQ_Ap|Sg*sPH1o*x
zIM$VL6FJw}Ir5mTlu`0{I|Lq7Youx^eHRE6$+co`6vC@nI1Mo!O@4BQXGIP8??_&C
zH$r<+wH%61Wpa<;=y_ewFPoyGDQ&CD+GYKUs<2h-(~Fk7BKXCO5i5zK?DL4sqgKZ+
zJSCvNWmI`i-$)!usu;-RP8y9a+xM&ACGoF&C}8Cr8x{}gue&;lZL4}=OEk~>W?;{2
z{vk0VUJep!4ABBWz%k|0g6hTsS<m9tWW(>{7^Gh$lqEp_KDF0t2Aj~mOS^w)RJu%I
z!s*dZVObEC&3rx5p{(vy$a1XaW419GQq|bVY|~8`vsXPD)H=#k+Ie9z{F~ycU-`fU
zV>8JPhsaUS-oVH{4I^jwG{a3GcMn;Ycp_qNLZ)W8{wKGU-MA1=ZNE0e970$=QsOLS
zomm_iS#DJkN$rsP0VUicbX<qyu{N{F*is*018CW)*b@M6+kd@anVsdt=ANx<7xdYT
ze7bBm-)-YbSv+i(GyH2n5VyTdGw|Qo=6>FlAA3uk><rXyoio%erdGc`uB&uB9m_YM
zTs#HmEO*YHE$LTnPPr>yT-`5iQI!2F*#~D*r>>tIY>%wp@p};au)rBSx=g)K&zFAV
zy$+;JoYNTQsCJcMvAIN7=%5J(?Kg)0nGZ5_&7#bPiM$Se<ona9KKu{+S5XLyu2GvY
zt{7A~0>=a?AW__c0`v7c3?hs~X7nu8PljG+D><Lwk=By?gG?!0DLNmsgeHTeDmqeg
zJRiHoGo2rriq;UR0Cz}w@K?r7v?ZVbe`$Cy#}Ebj<4*zMp7apUYF(^nM*;EO@Q}c3
zUEH7d0+O#X!y@?g@!|Z1WEdmE61?>Z@xFx=<T4{N+VzQP9feeEBO~(OzhdRlVgnMT
zN0l>flS=_bbQ&Y0>TS0vwb4Zk7BXYntG7V#coCBa-k1;6Va!oEoNDk3rtxH7+Av}9
zuc+2>6Hd1D@#tc<BKQd_?S_nH-(t?P)(IPTw#;>;60QOGNvDj4tmF4$-jUWxmu9x?
z^XL-31NbSg)dtWr#J5E7q;<;YkuB$aUWx{5KgSFAKKHwPsVL6qbSUqA-jA44acbF_
zNbUQ4+=)_2uF;uT@B0E0<T7a~+1bPl_Pnk}<M!YYWsBzfBBmHxfCb%L#_WAD=LD^S
zNBJD+_P#_AnNBH;ZayFVp;S_yPC2!FzWCQenL-SmY6;y!x$;B#BxWg&;sGECVXgx1
z!&+mAZm~Y}q0&&EUTdaJy(wd%%GS?D=ZJ2pZSbMmae`j&rcI-Bb)m-h!^QxPe)%8l
zW9=V#1|zg~%>n$yx@bRJ6KeXEQOU>pczIh{wM8a>@5P)P7#d3{`qf#;U1OdEqm`P?
z>U^7fQ;i*j(bj@~ZMFWfxo*Ht9j?6OFX+Cd2f5lYOm2M_{|P)SU+tV~Gc)l8qm(k;
zN~RKj;h5Nk_92Z)-J@JD&)uVa9){Vo>TUKaw54=^pxSG|M?WjErIT0h%6n&Q^L6&A
z>)$*b1|pq0nK_P(c~iBqTky(>w_5uKmZJ%Bhb9c-Vh?b_Rs)aFXw>*okN5RTn`m6)
ziv{rCci8JJGQbX^#&Z=Vu-1%c+z2c4d4MUlF2w9z;|O+IXuXl?){@V-1dy7;+gzLt
zATV`x=K={Gvc^LjuC3Rz4T}j@#U^D<l8I4{mNnHUrHq@AM}gC%F6-?x84ejU)w}b>
zXCb0^{3RYl$-TsqG?_bD1zhA20kGLjfhQf9d{20N*0A>(SNuo3M?BL`i!OP{jFvoX
zypwj4_IVq=mO>4!v+m98`S2G;5>M$<x#}+Yco&v{u+^CWriVP0jT3nr{Drbf_6ofi
ztHV`oFsFJ-faU9^pw08rotafF#<;1-Q`_<h3`?Dn^@a(ePXCl-b7PL5o>>%lg|xbv
zt?pve7?Evd?UB>p$J^G%=52|S=&`Bj!^+9!ZG9~Eq`mvX?j?g@gE8Af{z2ZseCcgd
z0M^56i}9Lx?P+^Yk{d7sP(mxg>OZ^WD&o?$Z4%{PGYENZ{i=Th-@;pY16%P2f()=w
zslZ!CyK*Z0jNTP4XdhsU^%~S8cCc-KuVm@w?jc9MN^V(}Z}RsVqJ-EBN8$goq~w{U
z6}SUP;UDavI1Z#--edG>9%{7k#@u9_6>l$RDxpvfvH~VpFp>iJfX}gE{O&Ao9m{98
z4=gq)_na@dGB!ATJtYht=Aj!GW`{RhKE(D64*VIGIZ0bP)z5=sMCq<vR3Op-i=RSW
zLuIed^H=`+ycHiq5f<%-A^z^7NiX*%3Z3aGBiEa-ym?8SJm<_4cPZVQCr!<rb5;ho
zt8@O3?cJT{VKr~-iiA)6pC3*p2EIb{?2p|R{&!_4zPn4HyZ{i#Z5+hmT~np)X{My9
zJW26bCvyv|XK>QB@o^QSvbJ><_kI|$=|4MWu=~9E+`;M}0O`j0yt8n;DR$&Junp#N
zJi`faNOd?53oyaad!qg`jr|AaDF7Dd50rGkeY3~hq51dkf1FbT;ko{P8`iIa!+lS2
zWpDZOmrBFw(STt|ufqKgU8+$9r_C9a2bo0>m$VH_sY~XOxonu8Ev3h|MOPgh6a11u
zM$O>p#~^CzAmZmgDyigbPnP|~LBw#*C~&TS7M%q=Ll742;mj=wN}WTbg3Y*Hl}p_;
zQ-d9F!{So>kL$hNaXm{t!d?o^JWIX(O2hoq!UDL%ODx<2J;Nb?(!wuY|LVH=$3BNI
z!9^r;M<fsHj%q}tdH!|<+fXb=P##C@AA03JM-*~L7HdY9(m3n_BP%^4Wd_25<Y8J|
zQI5x<&C*fzno(fSsJ7*(*5{~>@6qkt(OtOFgO*B}xPWl!@G+Y3$>r$j((oyon3>_|
zdC!=|w3w;yQC%q!o6j-ZxUsw3vHO~_-&3Nio>eQ3BTtX@j|XC}(_)#LVsAZF@4<Fg
znsGPaxYuEo^<zh5>>&I4Kx=7rMa^KUK_P7}SGqJqS2yQCm;@WJD>7Adn`J11m8+Xu
zJa%gQS9lYo7e~qG_*lw>g+b?3nD`;h=zhxtrWf^*XNZ=khh8|Gmo$~vTE8b$QIfK|
z!f2`OE_>1eMY0B`M_y6%vZkVFL^5wg@?O8ExK>i>K$6yBlD|~aA!dr!3P8>)Sw<^n
zt~BQLJ`Ri0x7GuQY6d(bweWKHjXU(QD6_Ej3UYn%UAC}tI0RNUo4Z69)rO|VmIA$2
zQjv>*HPqJL@D`3EKxdvb|CcmNt5mmEVBI4yaRrzJpI&Gln^hLk?P~JmsgmcVcQBxW
zL1X(;98ee$_mZmj6AUbc&%9OtbMk0+cl>A8EOXpFv;HKbQ_JB)GxJ6*W1lLk?Iga-
zE32e6a=104WF@m9J+nI^^H+%N+hFFjd3GHnJ?niryEj7BlvaytDS^*2M5ZMntrZ9d
z1g#8!V#_kU77cE^Ku%_fL$uCIAvw^%9N1RSyH`#nZ6*V)$sUh7*HZ#&80fS$_hKYB
zTm}T)Mtn<~cYmV(2%q_*%=R_H<rCf+vXTphkVChUNdJ;Z;hlf?BPkcg!_dW@^F*OQ
zBY9*e|ChFh>PoVPOhH*<fv%U?cWgq*R-oabyJ11fA$*}2U7=?Bf1uQ2h&1CyDA3_4
z0BRI`lPpqBFT9Q@Vx-HQWl!pIXVNPx1b8R98yAX)7i#hpo8bfP5rB@P3Z^o@TQo`%
zw9-&GEL^OBzTPEaUg>|WN={!&Ac(xBKBK88GNr-VrAO4IvFRXB?X)QC(o~tW5Z<x~
z{IZ~z+_bXNFoe>$(K1B3v}~>NA0e?aDcSw4*?oAq&xiIEURkpv<+Q08*E|)t-W97S
zS<7D8b!Fvqcomy?+5bkf2d%TZ;VbJ$Gwz48n!N+bR?Ei_D(6=#+FvRb@hb{mvinA>
z7_mUKw2_w)xv=ThcuNL~mg%sgdB@sb{t?w)W<fl-A?C|}A88ZLfq66|E|k`8QqLfK
zt(-&N9D(7GNcg;Ko**ge5KP+8_Q-?>@8GA5+&GzdvWR>t-dw!QD7x2TeOjPALOt18
zUGQ--g-^W`Z#`{PJ!vKc;6fKsXkGqGr<|3qfzziUIlO%Hw0vW=f$y!M?6g4?u~D3_
z@d&0Gf2{_$qEV*3QDLo7sl5(B-=rwl^qa2<ZLyBNy@_$GiEgdQ@U6*stls3T$uv`u
zIjX_Bz1eoH+5W8=v#3F`z1+n{bxpQXBC|!ot;JierC6)Q4-u>u(g<DVayuGykYRjQ
zZj4tJ?EX;W$dONg(DY{A<O5R|W&^_Jt^H1*6~kvjnjV@+kVjzNloHjX7S*N^rLIk{
zXscbMosq<ir=Z%J-;7mY-Bz?@S}$^1*W}autF5q>zN3+^U2#RbyFw8xSFGRGzTe*-
zk=9{^*fGZk?0|&)<?ty9e=YTB?F`jU_bDrhKB<n#@Y{qdYw)Oz%<%golO6@^3<svI
zoc(4!E6q49v4ii5r0w!rNju;R_KWoM@hWp`wR(H&Lc{8Q<?D7F({+ARSv##9h^X+P
zu7nyYXHKn}@~&F2s%X#1svXV7@~vEd@NXS$fWztaKdT@buUs<kz0|0jILVxP$!ZzR
zoQv!u?dW3${F{x;B4q#v%Bcmv84`uMg!@!Kq?bWtTrPR4F*x%`@!Gzv^xc)^L9d3u
zw^v~DwlO_}vdY_#BI6IV;$>~~0OL6d{DVrqgF%tTarBYe(Rl>CL+*qFUwAcd*80oV
zhAQ}SAys^eilfQQ8S-OM9t^zgoCxy2+lqq53lyn3gk_42QwxM>M?zW@B6JHF-iGJq
zhgV&PYY|hjmMk=1M?%hvK$Y#G(IaM~#i{GXxT6Kd48y#1g|j-%3p$-vnLVpE-5c~h
z!L;S;QC&%NzCPz;-vDJ+<KvUj<D(tpNJz>(NaLGtzC+PntK+3Bgy~2O<*03?ptdsL
zXlXD1B=UO<DxvBqUEhz6-mRuS;^+#p=)iibzUeaCJKw3Ek;*sUJ`#qEMua{nWP=Oa
zN?(Hhn%61n^A-`?K=tw7v5dZXo*881Y-qcz+pGc6^%;O#e;7=w3830+Ac5%V?<p@N
zukg*v6}|?uB*-~yM32VW7&q^Qx0M)Y@E*Zfo_-cCqaT(JM4eszwF6AQk+%ElDvdNp
z?iI==U&~t6kG7_M{+4(0Is~L2)W#W}KkI0FUkCw@8GZn!`4)|16wNjktnHdh7RCb8
zCwn+196Kjm<R{!Nn$O0op85NUH<rG)Ecp{H`wA@Y!Om({E%;|GM8qtIbuPzlEXP+Z
zCv+z2PApp3t(a%8*!ZnvRjs6Tt{5LKdI+o*>a7<0t>UFD{gpTHZC?%kSoJ|%tG`(7
zvtCZ6k59K56!}<IeP2%eSaY%kAIi+OBd>G{taME*_hhfLsIQ2uwD-}E4L}GwXxck+
z{Wcb!+e#QVhU7LJtv7OrHnU?k3}{!qGJvZ-69MVnDJ?x8?X|GuWe#3lr60c^GB;B)
zx)9bkzmIPwSy|qEY&z?0ecSw9&Nw}*UC97wAq=nT_KrjQ=p{PtYq+SQi|%Wb>3v<A
znn&2FrrW`iU&CVBoi|%EsMHXuYW0k+<*mxWTg}6i%gd%4psQNv)Ng{(-h(FClibL)
zA<TCLEZ76)GRyad{r1OV_M<P>H#!SSkv4c1_rbOuHH3xYFEs|u6{;Br`xh(KO`|i}
zixWO$;eZ2U>x0qY1I5XM^7R9IrcM1W?L)ur_2@14*vZ-VviOW~$W+G>46*Wp?a{&c
z(b#&KxBjsw%49&-F}2$^-sL22>^64Q)X(Y);N%R-WCbo@m(OP!UH2b^@HADw>Z`yh
z{`x98=rjwYLglX^*g4-OkT7tOi$)McrWH?NVI?-XF6*CPqd&;<6x7i5mnI^iMKJWX
zDwKNSOlI?(%YPpLIc!Bdnk7D3s7_e`UCeh~qzW9Rac@TxU%oJ2?r)~YR=51AIz8<=
zJ?T0<gIo%%opuUdO-`Oq>0jOZU%lF2y>CX%OkOOaT(1glelfWI7H|zc1=!TTMB2JW
z`Mi#Sq_>5hUh3am``=*a+~9sj+-~l@SBAWSu0CR~h=m|E`uw+~inp}gw={9l=vQvW
zpdy=$LwJL`uMRQ4y$?7YuKD7wxdP0W*1|C;OSe&OJml{sbMANiFB!8=2x@Lb8G0`u
z_o}E5*PA!I_P2Cfw`7V}aCB`tTMtG;j|@UrpG<e_6Qlf}cQ!&PWk@3eKc8%`?(C-I
z5p%Xe%kBg0CtRzZ{6CukQ@v<0GwKG<y;cJl+z+AM&uUXkn%(oY{<p>kkEUBgU+HI)
zb6#`}UXnf=EtsF&P+whzUh@rJUApf)KA+0FUn>o^1E-#Ax1Q^S-s%;X<F;PFQ!i~b
zFRfE=?cFbOklSpt*Svt&L4)^U#n&Ol>$0uaNyz8>bllRvIHq&6z#5r9i;8cn25)Oy
zAAE?jX+IOFr;PbOLL+^m9$x#4bY@RJ-#Ss>uRkHTSCBvkZ%<2itI-ZE;8;G)nD6r=
z6f0^EzxUlK8hiM)VQ&aL9$oOWQodLuGNWW=_|0yA3?7g5x0m0AQi(+Jp$rkX`@<=;
zTIInn%EfXSjCO;S5qF2<nXf3A-+tUv3w--}L?nQZSvFfJl8!)FdS5nICYgW`+}3!a
zT%erJdw{S|zFe*~p+8XmaJt-RvqmLBpmC|&=610;kg0K{-{toKfg#kqHvAWY{8N(u
zc~hxG=m<*ySIhR_uq-NUCjhH_fAs5_7Ni(yyTPKe0K*u>uYG?w4-_dVKE-P^oz3B?
zsUF9(xtLA%JA;MjcslO(#o$Q!>v}mKj%9O&L3F)cPv@#MhWzz>+%MNU&mQ4bX$0~M
z<IG_*UvgJUif8!L;_mB3mUK?WsA4iY7iuIof&>)>U*6A<tD#VB$LJO?F@N+vpgY%!
ze5dxU6@_PvW)VYR-d7Ss;<~RD`yusSD~=|Q#43TVX!=_MQ^U1R0@uQ~P7=>9npNsM
z4tY)8-$;Dg&SgU#d4BRMu~{-G+{8$dqFAKJk#}{m7!Y-sE_!)7tg&)FnE>7GSSWZr
zf;xMWoo(XR(t3nE`-W<RJkM4ZgiV3>s*z2R`{{gy_2*brMP<W(Osu;WmV>3D`dR0G
z`UAx;a=HUSBC1N5BWY~5pYxzmMNtTbL-n^5Ws_=$XQOk+kRu;5*HUpbv*0{rZ=zZK
zraewp!^kXVQQbs-wq;ebiKAsMxG1jq3V2biWuD{4scl)3(yVP=)5NJ`8-l1<nHRar
z!uj1qr>1jh*o;y5u4i;%>G`pbU88uNZ(bCzHRiC6@DYV0h41i9Qz`%s<=G$*k?Pqn
z1lgQ>CloEz(<qEO)>CRw6(&)UpJTB>Ay(*-dp}0v($h3aP7-fFNlhW$6lmbibLiFf
zfuXD7Fvw$(?Qz&@krM!c<+bcrdT>&+i`&GuDoQf<wkpXCeYGkpDE79ls4DQ{7p4V*
zjjMlN^4iu8LE3C<rm)w}8)v98?V8r~`Ru{SRQP)gX7*lY9Y%}oR~?^+1lOH#PkfGj
z@Hicg{VJpQe;hclc%4V6OFEp#n1}f9T2I~IrHo@TIU2PqF0r~+G6XwUH9`<O8>VVv
ztKDXeays2t9a;pQF7X3=MHwW%UTfeDOw8!&ZgGGGupcttM8s&3K>Dp?X7?S(e5(2z
z3ybFdB3}fMK%QRkm`j@%R>5)fcdM6>^UDY+w2k6rqSW5ojlqD|KRg}`dr{@{iG$_$
zg;`LJ0FU-0Xb2V##us-ASxm3(-Q6U*VDTSR2+8PU><vG@XkU}7dJRLh&i67%{9wnk
zRq@W+7ZJ>kHzCk9f<YTjaFLG>hGHkRLT~Bo6AAX%uUjdikmxR-p89QpmZK3~B3@Hk
z6aGPJ+(E(7ExiI4apO&_RZde)WzEWP{wu%W+kphN`b>mMM?NOKTIuNyrSjjuCIn;L
zL&9~`F=p`Od7Cstq%&r5Qsb%wLzV;d)|ck*ce;+E)P;LR3a))+c{n&_6_elO+{N=J
zs{I>ycg1fxWBB!Jf{z5e(cp!W*C}YEMr3}QJ13?v9Gv|vB3PkKRBJG%q_W_VQzS;@
ztn59Y4TKzw>RA5*W)p6(q!h?`L(`|V1)00~gPUOS6g`XgmEO+xnCP8VQsGYbv|?#V
zY$c_I6n!`E3N1$NCg@Yw#z6T!y9)Z*Ng|JVM;tp|iaVs1`qW>P2&=d#v8<=O-nF+Z
z4pR%IS5-t$ZI1;TyaZ4E93)US%(*(BIb#n|ZNqgJ;JTB=-0S1@_3>vDsBnc7LCM+l
z1IiMUX0sFGiGR5|(bF}TXK_VO>^a?}lLTE<7`t4^c~VFb0?R3g5FF&#&I>$+afMSs
z$-x+SJ71e#=ah_pl+kgNOX_;|l!USXO#jkq_za7|zfLP^BktnQqz#0OVku|5?&&>P
zLzbkVmBYP}Oi6E6XnH48Vtg3S@p0UiyUEH+wSpP;32h|Xm4NZ#947kI6~Hcc&IVSj
zbCQ<~O`&>;#*C&)QUMs{;o9o7T0k~=4$q{<DMoW`q$QQn%dnzoee>n6>8tD5m^Xey
zN&)79t-(X<s&SHfz3risnzWqO;%rhK5q3>7$4@Q1hSW)MO7gV>oy{*Q&Ep(Qo*q$r
zkFpjS+yCM@+M{aFBBp%4KIl1m6%9m6Cgd)$9Xw!rD*;3>*=C~lg;zKfoKP(F9)osF
z>!}Ukuh{6`kt_g9D_hi;QU3Qa%mO(4Bybb#y%_4#fH@9Dq`s*Ecs~ZBp(g_f?%CAf
z#MuuU3$QwIOG*{uyHor|a4*M<>agG?t9W?UKO*v#5#h@nAIb`CIt@IRvh4Zfs!BG7
z_TOVV)%CG!e2136^l`cNpB{u>=4?9D6Kh&7nJWN3+P&vNqRs}X8(Ry(tCcBlSXU6t
z#*r|F_cZ+6O+wzgsRS4ANUZsN0VR=@Ec5DYJgiK1Z-<qF$Ld@TtXpXU*<ooJ7}yZS
zcCO55p+42RP~+}aY4lOa8^-O&Y77eeSuBrk1n(7qf>u+eVQEOPx;!AsS(oB>Z1%H#
z1y{Ba;5Cp`_t+RBZx@k3oh{6&=e?E&`_wX^cjB1jvz8&bM^pi)O$E`{9F*(N$7kkS
z9!XC4{X5yB^UjWjWl(4S6V|f_MjuxhHMOmUL(knnyG^^!IScm4?llcho#~WoXV2`A
z$*l86%Vm9!2<~Oh`oi!B{C|tugW|{1za75bxO!XB=bT!2+P8W24I}36li5`+Sy$^v
z0&uSl1ekX9<`l)^P1fp3vI|8nY-)AA)=9Mfi&&!BCuEJyT)(yK9WvL>^x*iG1_bTp
z3f{t91^7(l?KMT+)9YDFybK4VHNBVowmpV?HXn#n|E7BE=Gh+3)0gRn(9gB$A=hkc
zz<UnVaP7x^dhU}7d5ut8>~HJ7w0AE#q|ZI8x9GFHOWSvOU_oXWo{-glpP6kMp>pd9
z;qXqGp!%#VfgW2>y(7bk-RqCa0&&hCm%EvKH&MHvhPeE1-^?F7Ka0j<?ELSGg#1q9
zUX8Qa@DB<is+UDH-cmmOpL>P;Z}^UG!8v}HGY&ovEkYkx7DDe!LIL6i-2w7U{*Z|7
zfc>-X&vy+$sQd03lde;?p0DCP-&A|rj`?m~dTxDsz6bZfCktQmb>p9;7J4R(@6|-m
z(bR|M1hl1E*VlZ3PemgT2{=tfQf<9%ZNk9pMeFN8s;ryJ?8VppL5(0X{U-bcu@jZN
z7e}>JpP(1BQ0T>_`+2N&BPk+5xjuQCln$OQNjTSc2SP&EPZ!c7WLwcjG9#M%EXu-D
z&Wcv?gBM8O|GkkekL5ilv8S6U50!hrI^0o|UZf8-k(P~6jF&=;-<2d;NsPz0?~}YA
zia|V$rl&2fzO)omNH$qK53{ATK&qc!#y3jBR(#SMaq?G{%s8eTd%X0zxD2Mm@5%y&
zeR27HRHbtSwQ+HER|!QxyoRl~s&9Xz<^at6K%Zrg886CqYm7oh9}gkWaGk;gx^9yO
zsPigeLO8hOgk`}mwg``G!Z2tWNU<G0XjMpQraEZH0Nj)=o`sTfumxYdO4^A_ZAw!a
zR!Z7aNSPM)cvT8tfQ8R#(fpxvTvl;hZi(O^1vKcHlH~g=J|`S*Wj~{Cd!6eN9!?OB
zdO-p8Af$vGE%uV{QMIp$tU3*%$iAgGQ6-RBoHzznM_EZqe$iyWzibmx8VdMq<6NF^
zV)(a-0^_3GNa6)9V$8{6oJjDrjqs(3BimzQC9^V_6r*{(eRQsUH0NTefWeIYK7_X1
zK;IE+RoQfYap?WgDnPinYk%vHoY6Lk;W`PW-~l;IISEradDpQfLJ6=cq6*R&xKKhs
zwo1BCu2FTYy|iC3d4O5&hnLHky6>2t_;}Z`#J=I6qpqZDV~UOMpquZIV~6C3?YM2_
zxa&S(ta5xj8Q}B|82&bD5<FytDG%{VMjlO;TG$^Pcb!=5mo#1<Um%=VikA1DpYXPg
z^;sV(BPp>e%>Royob*j((mM`YTsrh!nv9GZQ@r=xI|sF*6?MO-S$Yx=WAYDXxPM_B
zwr}m9TM?RHsRRJ&q(&|nIo7)@G3jr^xaT4i$%-jiihMRQV*OLl^HbI1ijZ~1nsY^{
z?DUpXLSdQluM*SW)RZQ)#y4D*HhrhRhfKq}DQy8p5cNiosuYonrcef^kzsy|v`>8^
zO`}uJU_4A=Vku#9%p^jO!Gz4<rp(|SB*PX>6QoQN4$KfO%xE+yp?oNz!pxE)&ya8^
zlVQ!0g>b&z5n@ZsV1>+L$3SMOQ)cOkW&z~Wn|U*g2eV8MvmKVg{=!hKlyj^cbH60!
z*wp6O&E`1V<~T#<xKif0i{^Nm=6DC@_!j2)59S0O<^*Bpg|Oy@Dd$Bv=0zpu#nk4-
z&E_TC=EXb1&bhn&m1bq-XXONx<t9`C60`DpXnxN$RLHbpU^qX`Xk`I46#*z!JvBA6
z1r4_aP5A{aJ2mYPHJy|N?S%!MjRoC<1%rnL!+`~(3pHaHbrY;bW3@#Sy+u>AMGLn@
zONm7*J9X<2b(@q$>xD&|jYZpoMTdt)$ALwsDs?`u8D@zkSGA@7#u?&+84tH5&yXdr
zY~as@d4+)`p9KvC$cBdEgob~17@FH`V7Bt#Cgq?`<zO|<!4YK=^l`V4<?xi{b{h@v
zCQYw_<*0?_Xd<Pu)9iqUC4ZQe1gw=rnB{mi(Ll!K6ah`3yk@H2GB8Dp;XyMjdpUDp
zB?}oGxdB-5%{bTQu)-U%U)LOTrJU%`&a;z@Wz;S%Y6>l)dPwF5j|?Ms{0Qklt1OZx
z+))raTdiqTK)RPQom&mal719fX{2098sG`UN)kbm6^I^TU&n1MAI;qU*FT~Iogtc4
zy9V0N>&6l*KgR|8t)$1S^a&*4T!<ePlJy`_Y@6mQWtFhi>(+zUwb#kFeRaVs`4pq%
z;}`409Al8##C62C$e{(fsg3oHbGcFZjVZTDDzuHx`IWV%F5)@@qkBGE)m8WP>J_Mo
zqF_M9xO@=(#Bi3pbK}3k`>qjw`MG4tS=ZvV`|;uR!D%GPWd<qTzxr2t`WJ4i#gtn$
z!P?K>rQ4<oD^NLg57J=_3V!{Q6#{FI`;+cuGP;dhAB^#{>)QJaYmb<d2}lxGg%b~Y
zqX!f@i6)bmfPq&^DHweP3}5LaH628Koi;SJ&-77HGBPcxZ0`dI^>Qt}KQbN3Xo6)2
zO;DD)7bn+rw30%q6$Vkr)#zUeXGyM1fe+7j<33zS8J50S569+aZ65*lE`{I@x2ZAv
zIz*>GWQC?#d9X;LZ(pwceN3})n4x)CCs<ea+xSAZTo;2LqrzA_|9HdrKtn-4C)EbW
z<!%?I$rB;tdeh#zU)$T>#<D3>VT{ynmHeKY{vwirH9K&OVgF3N=AdZv7;EdwPs+Vf
zU;nSEne+JUw=LPn4VmWsn}_}4CZ#vL5tUu)1a>ow_qbOHn!UhDm9Ad*FP$p-sgcfx
ze=BjY-#hR-6i|?c4bZnq_p4zfQB{i#A9^QWafhcfw_*E4klf9iIkZwjcC7|w2Oc`(
zS=Z|@jBJ3$_Qi)`+)I4GfdHRn=He`8Y>V)Nm0P=-@dAyag~1bq)}xPo?_v!fNXVgY
zm!aR}w!i<OAMEi%ytxC_aX-hgz2LEfq-6^Hk*oW0Sm?35mD0CkxX9+?$id^UwMQ}L
z7O{`Vv6mBfRdxB#L{Qi80f$Eck|%%EPk;(1V7!@p?my|pRvG%yv<LsF)wAg4ji48-
z5~O8eXE`ZU#K_jnKi^OCRga4n6>F1EGC)>CCqSo5OaMQii)6gH(7MvSOQzMh8rG&~
z__R&jgozKyb@Mb_un-woR8nn~2exu6%*YFozwk7jzA-t^wUF?RZCgA${c}_#Az#2@
z%Cly3^8H)@VyXBjpYEPjiXE9$O=ak>s}V{%-z0JjO}=2cT~2wpGcOFGLO2|qn4FE}
zGFpq-HQlV)wk1NclkC?W4XyhUW%jK=8q2u_S({-yVSB^SEaF|^7_$z+eS5ddR>I2g
zB-rTlui3o66)@DQ8S;I|J!?=?Eylht3&~vI+it9{G01(Fim4A<(3tSmDC=HEBzcXz
zc!by1_`1ue#1#3_-2tz7r;FqChWG+q-#AU&As;`lgn_qc{t{PV;!<ChK>f;!;VQ)Z
zwBPCUv=|`+bP5+M$JD&bjRH`<->nDk(fMyP2brv0>?#Ascowgb0wge>9I?4>SWzTU
z6ix6-OsWj~(Hu-h>M;q!oSO6*n^9s*nlIC1ZO%dlJs0gnfe;&cphXTN-F*MJ*dyZ(
z9hHY9@GD6Ea$$cc+O%WymR_-l0@ajC(X{(;oYYF*&{awzl$%0okgnub<?9IomemiZ
zv!UYauPi^;QBnoDh9@}_v_NA*8e1cruHPRouYy7F*!Nqm)RNSOA4IN*4g#=~2D|#M
zLd^H#(1#N`QznP5A(-ZsAzK7nlOM?2PXcbfu2#pKjcJ1}rCs(v4==S9uXToQiHK#Z
z8XaJnCtz`|Nz8Y%7_J{sx>`7lFn&GiaqY6a<m6sT8!lbp4Z2ZWI#5>h*&dPfQa;`l
zKTraV&^PT%G2P7#9N?HOyPT|5%sf=hJcek-$5Zm>Ae&@FQ;vOvHZw#UL@m1<pr?Q-
z-Nud<xsInXjseD5Yrm!XfTMNVzb0Hv600ybGj{F&T-Wi3<kUJ^VxDgBVVrm3AL45=
z`amx50NZ#zuYA4p#3gwjzX*Pt!y|pGrk7Q}s+UK%hja%w3Zi4@F>_Z%%arFAbRus&
z?RwV$$6TQn-mB+gkJl2RlsJo*GJ}`$lGlnOAn%e_`qoSJ(QD0=S4~&~NaMAT%coH4
zEmy-Q)y}fi<E=&UC}Qw9s>|}c`L%uMwPWb**5*8s(@Fs6tqRqr7U%sRs;^wgLp-%}
zyOj0qB`b*7`U7B{8Jq;-Y{^I2p~re^WcGnf3Wa}1^(qVXKvhJlxOA*U*$Do$?i4<&
z*mUf*{8-drXk^-BO!5PxW<<og4TByi!|>af^m{I~4DLU=o6ovXAZH{m#~~<e8t3~S
zJqJr~CtO<@G1}jqY%}bUMmS{@QA_{w+OGpeyu9o@oe!Y(hnEBul(D6D^bcZCU6l+*
zC;Ub9Ib$}|?+vOqRuyQfkOSsnzC+!e!e_y4lR*8wgT*J*R3iBof`W!!Nj*b05Q5Di
z8=N-1Jrsh;<&OzY$dgH+AUBRa{!u6m#IbO$9GN~G$zpf7osV!SnF0xiK^W-fEvE~`
z<9=;;UO@?Xf6to~gZe`(R*79j%neyyI14P%`pr4-ox&heg*=xp5bl1#-(<c(+(?5}
zAl7QKvg+r9V`>oSa)*u$05fkjcwYF=XEr;n^hH7sF{U?}?u`fT5g&HoUT(F4cnBo<
zR|<6oGwbk~{M2i87E?6h+%CYsY?s3=YO?t~>#l}vQ6a>BZ_oOBBMDdL)g3Rl$I~T3
zHJ9&gu4f|;zq9cd%KNX?pnbEwx1l^LcMv%-X*WN79xo0WQhx>rKwho})~?dF1pOer
zOIv=|c+2{M-(fws{~{lTZU1@0JI)RMCi?s%09Cm(=MSR!vXLYL!ZT?oyz}#R#1C08
zSrlX2Gg&n2C^vZw$0~SQ1@haA3nU@%t6$CQD4QA>_wC_1Apwa<YhN6X@<mG)APBFK
zNIRlRktq9@9X&;r?B&2h)0u}-BA?ajKu6IWugFZ!`=mJYw{?Vhmi8;nQGyw7@Ikg!
z^NLQ6>1r#bsPd&(X@+h-)j<YLkz}c*vp!F0UW&4JSy8%iTUl|o^J`g2-rsUFZyiwy
zR8K+Zm6Z4+r;;R4j#Kh%rRWU4vUKxi@|jre>8VOJ#epiCt}A*4TAgcoBc=!`-Th(}
z^}}jjBYCwrX7vJo@_e1cLivT<j(${S;8gw7d98Ge=2rdJ(NnwH&Yk&-cG)r?2bJ;D
zsG81~+xD7n=%+IkNUX9~NQzoZ)#_<H+&m|~wW}MplMZ^o;j&e#-g^2#M-k>~UpMVz
zh6P2``i+6J2q&QxdBHpNaQTho(&&#jm^*#EyM@fr#uUkPTiVo=l_?RI%A0YP7Cc?!
zpE&CEGsQ+y8}qBbv-K9VOgbMH^mIO&w2QpM%0s>%yG*TE6~u6=kt-Z41MJ<twSdmF
zzR!hx{nu#_?$j`55JC28_q6GZp}iBPqmK*z>sny>97y%(_q6Rou$i+SAT*hKK&P$H
zdiW4B%)N7mb@_b6Ro=yWR@Dx9jfT0hOvyu9^WQAZ|5fgD*?9+Pzv}%e^j_?V5Ws(9
z^l0yUJIuEQ;lH1f`}rSne`0#<H9b08@80mCXX*JGCe-z`o2n@I{50qz_;&KMsjKHc
z-=XX6eoaUSa<Nqt0C{+Fs5wXBB(Cy``7>pNzYGTUe4(5EgJMha4UeYjJ5%l7Z{j4*
z;Co?s?fAb0=Ol1KG@_`9EWwmnaF4@xM5DdcAxyrcNG3FWc(b*koE@YnE~R}$<xGF*
z_7fh;sryOLox&v<$k5|T`zd}oMJU*kVdi-DV}j_^KHJGY>yL#PFCC)v&&hD>o+VgA
z6QWG{3-IQ+B{_gjF(-GVYUu9&&@yUcNjk`hZn%d8R$1fx_X~*Mz7Go_)W-+%Q;?#y
zW?z~@Q2F_NDJaNkM`V=i6M-ERRBW`w+++-Lf}+Ag!nC7GiL*w^(PVUrWuvO~&MDQl
zlne&6W16yYk@WnLYNO%_8hJA@cJF4)fg^*4=q_o4_hzgKUH~JyhV*d;a%#A=tPs{{
z=}7i{yR2qbTiGM_?=q&uP4LYbW*3=3!MQf#1*!SjbL^+K7GGBIM4kU(WIc3Hb1@pr
zU0j4^9FZ!P0Vu?#^M)n;f)YYBkI6#FE+vTD(8Mq-raO5W^OAf^QOMhr<el#mX9_oR
z-%qe?ZsAkL#Z*&0hp2wDP9=4@l$9uGD<6EI6c32$7l@jvr2lg+YAh_fw&fkmgET^b
z(W-fmsuIMv?{oAWl`^8S2Zg;=`@f0n66Hb<5=$e^byTzAt33Y|*|kdimj4@Gu)m1j
zq)@FSCPLr3TEAd^Gg@UDQjwHsR#CN@QX!DAwR5ek4&*OX^5#h0jXz+hHE*hN!^^H+
z<xq=zj?tOSSeKytyE0ndUmc9DZvFZ=ZW_Co_EUmHqr;fkMs}PN%ZJf1nR0Ts)WvFC
zWP6B3EVCbJunA*b%f7?~YxsFF^A{r1G`kpnDW#NFUS0{m+apb0lX+|BK#W^NMOMBQ
zmo+cFx(l^)!=Y<SM+GahrRy1M;R0vQl5dSbXS1SI7j+XRnzHcHLGy<*lLI6ni6%rd
zZTb^Rvl}EgEe6L=iflL8P5fm#0GW_93R_bGmFhZ}&DU_8)wA0&#3m4ZoC}Fr(-C7+
zDH6A2Cbk||sw5*@KF|~tx&jZN2}w$HjZikbm{e5qo(CMMQXRag$_p1&q%X4Xi;Qp%
zaX-=~XZ!96WseNe%B#eh9E@aj!FT+9b&g3QEM;P*EjJxK%LWpf&i5lISs>e`l}6(=
z6sMPncQ!m65-i44MwUGbKvhz`(buA^R)jLK*Q`EtdeidOJB29g96m6D30Lc5vRxZX
zi%!t5PIcKw7K=Y$lLS=oMUE3sTfc-YOMR7C$jEN=5kz9v>P6M9fM7R8G^HGiDI%7O
z+}!_?p+CRORyXo*Cb9|XV_Rk-;3mqv=wHrku$6rSlO~P3HN;%p;9HnceTBEH=+sY#
zucDlHVw&_{J9krAYK!G%?x@S`O_vyKxoqYdV3JhGpW(}vM*Q!`nbC3jogn9$!;|=d
zfwZAY-p<NKXI~tyHHa76*>f*5^1<AxN1o8leXp_qMC>MB1?)sJxE3VP#T_B5aDaRD
ze6Wkbjp89KX6DyAOpO9Y35a!tI{=SBQ{1O%peP5=t?y`8-eYAqySJEV(uHWN@~h~1
zyMta!s_kj2Ogc}cE_s(LsvV0Qr_zI&s#b!k9viz+FYG@d?6}Zlk1Z9Qi+!NCjT3#_
z;M5;Mz8(&~s3^|`$X(a|VX?5EOwR)<?bp#7zT4Ra*F`E_x4>@xL$;ci35VN(FW<_R
z`j}p)ll<?CnFUT2YrHpO1g@$L_%?1(-j>F?9_zXVE}VqkHXNL;V&nMtgFbzBg#4ce
znFVhH1AGstx3-gx`0optKTcG-Ul%><Vg;EW=3N3FHm?MqyO|-^NuSD9N1c~;Id2aI
zIUlDELhoD5pZ9Y)G+hpm+lZ<6kN<Y2FP}mX7?MxuZ7B8WJH4M@sB*tBk$mOcK4s5N
zy#D${ngm867e<`~RzDZkoCMB37tWpJyMONYP!f1ZY%V;I1Ob$bP)veYor~B^g4C6Z
zG)RIxnTxzgg0h*5a!7)DnTvY3EdVw3G9e}eHuxCWLYvG%V<JWWm50triuoERcn>=I
zh$mbbSPdRnvD{HH&BL+Z!Eq<Wjm^UalH!1jaPvv=%JcAw^9ZVU2%1R=C-VpwNeMQM
z2zN<|PV<Nk^L}3L{Cp%OLCGh<Ci_WjOhQIRN|#Scl~2yJOU_9~p^#6p83av~`_(+3
z%ASncJ^w(&@FisTIVPV5NJb0Fr&XBwt%g=6VT9h5kMS>`evpiDGM`b9lnEVxH8`^a
zpZobj1`RQWMk!#yHen$qXQ47#uH0qx%7?HClCw(|u>bo(lb_E~yvt!u&S_u33EKTJ
zYRt4~%)Lp*4J_c!Am;&@ux|WhB{SipD`5Rsz&E(Zw@5CqS>Ve`E+kJb^jIJS*<)AV
zqfVHmiAkh&Bj=)`5M?S9<)jeH$Pv{3Ex(`0MAWYmLoS(bB3W+2>%K4PT_`z9#s?X$
zQ=1dH{3!sx#5YmU0FB;Ax+h0vVm}h>60QPJK%Tqbh1=M7E-d7S6bkSXQ^^JkeWZKe
zYXplVM^|d1uu_UPg{$yVMoAx>(JV**_^$S<fo!B2V@fH^lr5aNKNm6}GPsf^GW9qS
z@#I7#w~>5VXr_a*pa2thQ(L6H3rWLpTDk5y5aTty_uUi4EUJLgHcvn-g;5tv#?t%H
zHqKr+s$8friv=wAYr?OZGT~WMV4F7YCXybS^~R{{#ae_MHu@ItkZ4r|Qke@Z>Jp(;
z>mF)ej2hG7*ZQd&YpZFGOquy1ntG|5aYmg4V^{i7IEC(aMenO8n^sWhxbdXwb`o^5
zO1d>=&VaF<#MkUClU(tl20B8=zDp_OBQ=UkxppFXnNhbu6E5W9^z5v8e!+1Ujdmto
z;!Q#Fpj)%^!m*p6_MydbLnl_+HTiQ$Zo{s;LR0cPQ93d{O`UT&<RLX2J~@chG9njO
z9UHSmhDO;Q_b(5PYOLl2gd=TRlO`Ovydh3=;#;boPZQ#;sqBA1eQ8XM7ipMi7K4|b
zh_<NpPgUUrw{SrQ1V~BqjR3;P#$`~Z%dEtW1Q&iUOQf>O?mWsgQj=qqO%Sw7BE`!x
z!b?;iDZ)(8oG4CdQ%g80%5pma`ehqDnq5O3dPW~eAOHhsqBP93TQ#G~v5LXNWBEpi
z1!nlUmsaMFR=K>Z)fcptM06(j8Tpsuc7o*vplnkK?6Q?I+g&Sqgwvu+yiUSJqu;C5
zA#`A<H7jRRr;Kuy;ZpVs$r!4&K`^y%qE7G0U}r1ASnyh_QHg6h%z&oFm?2WlAhqAF
zg)dO2<-@X@r~*=7ZsA_01H3Hv%qywXr`~1Nkh=s{`4cqxYm7(h%$k-c!XEsIt=N|^
zUE$X4tDE@Uc06N77=WjD3Z5_@s2J}hoRuLAD_kE*Q5cTUovI4AwAY<^IqOlLpCLLA
zFpCY2S?_v9o`9}w#|HNB+8+I=?AkmVGNOq#*4NbT*K9_}3?(zDKFL@$8wq6?g%q{g
zE4u%oD34Vv#xEJm&siU-{I#+%4k~9Pqi#hgy)_F4!&XgU6Uy!8D4^KQAY9lZ9Sm|-
z%?UEj8!HbLGb|+9F6dV+m@_i8mQA`>P557o9WpFO+AVuCKH^1V5!=m@*-cgdryyip
zr?XqHhuD#^+Rbk=ZXQ-`{+pb)uG%tY+=f(b!(KjAo-b!Gu23=UGF|R)+OI?wmh11V
zcU7&cGi~TI9T;Ek+uOHd(<sj@ZH87K$1<H<N^PNEZWlA1R#%^DGcNH~@BU-j6J)v=
zw7;0V?7Xf#FlV}Qu0Fi1zItT39<AB{R^Jda-$M3InwicxnePN^?jpC&HmlFonIH6P
zF3g!PPb)7W)lUdlPp~!5C=Snw%y3u^x5YKD)ec{o9PUM#-@9tw2e0VlYaX?)K8&v(
zcdsC)S7`3c&#>3eKxSyf+82~sXbZU4dgiZOwO=hj|4DA%6>7g}u)zF``*?JK*w?~B
zJXk*cYd`bRpvYO^f7Zg|IKmfP!;|lQ5voP(W<k<W{$@}Mv&4eDRf~L<v=hn#7vzX~
zR}1&G4z>IDez_e2H4FOBI`o=r^a>V|CPyTxI!whnqzOlqJr-<(I&2JkSkyWkL{{9-
zT3k4%-B=ckoH`6@R{RPle6BiD5mv0BI>ITZbIcp;Ehp?FR^keKoG@0r&l{XLCz7wu
z%Nb4tHFX5kzsQ(xNyC^4=U6GE>M3;Uh&67Bb$(HK82m)6|A|^p?eUAorQQmQmAs*j
zmfo2>$C<X^mm7aQMfWcTDOO5@UyK&@j7z_M+x;Sqx@CI0rM|mm9s`k9IMX%MLs)Bm
z{lam9ZgXbfYGA9mV%Vx@-@9ekaCta(X0dRgdAsGbVPpA8O-tXvjlstA^Nu@{4YB5&
zt%i-S-H}~|jbEpMf2iTd<u%t98`oX~*Abi0)f7tsn=rKt52CAZj>`gz3m<i(sL%!9
zRD;;uofscGrw5zFnTy2Joy6O<5C*#xL8BDvy%f&<Z26sNYNO1VotRjotkk`1&Aqq|
zJHW&haK$E%<IEkzt`OCz;NhxpcTY-sF9X-4<YFw_(D=LM{`c0k+!(vc(mlX}UDab>
zGOSTigG0^0O|gJQ36(>`gX0S}hjN&ka#RyCbCU{}n`*&>O3ed?f}46b<Uzs2O}CE&
z!=XuIi$mXmSTl~pAj!?Zph~OcK?}9n5QkGI6{s`SWURxXH^yP|S*Ul^WUA;Mb<t#C
z@MvJtya@YfM9{1qz-i>+j!pS!lG<#N<8D&IX_~}t*3xWa12VH{wzYY*^(hbtYPJaD
zw2ykU@BV33@M!$C#j4`bv0KBmo6}itc8H0~g{#Fy$fKgt##5NfO{2vvuE=$W)6T)e
z?hM7dkiIRH%QLRUGnLCLr^V|`Oo(O5qlC-5yTxaS%QxuBJ89JJjMM+9*}ug=Q#>T#
zlj{#0_zx;~APzW?08D-&9`KVphzlGf#Qlf*dF7v`lLpw)fLjid4`*Qr6XpO8^WY8-
z0EdThN5p|6l05zRLPJxzqjJDeE!@%F&!HvUVuT*fThAzr+`(7eaZlXG3N4h6;CR%R
zz)!Hd2Uns?OL8SRdI+4v#gkmX?W4Gpq~Vop(3-T=66fgdaKz={^MZTAodEaDbut`a
zFp!1_4t5DnyYozs<H<mL$@t`SGVyd=YQ14?O&NN21%;@ddnM0t8z1uk-&%7_UP6EJ
z=FSD>7W}Z;<1X}2%`EZC%H+w=@Xn9|hXC4wOuQfUUNggZo!(#K30jG$dCKX%exSYP
z2Y~ZYQ+r9gQ*2tZYk89iV8aMrb2J94KU=Hmd4Y3n5ELIKdiNK9g16Lm;t~v=VpN<;
zi?)ohsd_eWNx?<K8}FY~__DE=y6KnffcB8R7mgM0iX-0eKHi$K*C?(w_4xMaJ?}OX
zzMAgW)>I!|_O=+Qwyv@1MpUmXgSG$-pW;uj`2AbpCtn!`+&^aD9*6e0wV{NHw*Hb=
zVQ_nAK~-z}+CTufmOf&j+sF0~LEDwLxTk%`nD>wiPg>1;T|-A3E`Q^YZ(t3NSWn0J
zR!8wta7!2;c#UUDabn1!V;ZiFAEvVn^#io`R&d2Pr<gdg$3KtpF3K-3ztvF|z{{-A
zv8cj-k1H_y(=W-xH_lUFIY1z~<lV2OW0e}hxAum*py4+@*D(akv%cgvxz#`U*0CA&
zHsvw_jY%N_E4Yo?wT&aV^RsJ*8bX65u*=o8E7Y|o1=;%qba8bav?xfJcO5zi9(i;f
zIrxY8b{)qFo+SAn8GS@Mcb+;3oMnPWYXs_ty2i%*X^sT`yZTIRbzKJd92j(6eM0!f
z-%n8k{u6}lpuaIrblvtrZd?2;*ZeP~0=BLo_XI9iUxgm8+OG+Oo-n$f2u9ENgzn<H
zpHn}jL<1g5gf1(D9&8?F|NEX8`t-5=d|C>4@(6gI>w4kphCB(K=L-psS8&CFg#W@K
zq5wRVNJYbtNq;4S<9GWau<0eoJt4ozCF6)hoH1Jy_J<Ov<U#>n%9OJIC*uMf{g*9a
zvXr@!=F6EjYsSoZQzuTJJ%RERsqa8R07r|`LjYi2Q>Ra%MwL31YE`ROv1Zk}m1|e8
zU%`eIJC<x&vuDw!RlAmLTd4Pv9tBWz-qL}04dT_Cm+xM`eF6U!9GLK6!-WwaR-Bme
zV#kdkKb9Ps@?^`EF<;i4ne%4Pok4#VZIGx@r1X?B9oTfWLDo)N$A&%ob#2$TW!uh;
zn>KIVy>|x(KKyra-^Ya;PmY{8bLGvKM~6QBd3ER4rCZOAojP~z-M5DaKmL1p@6O?(
zmP>c(PWL~Bz7HxtK79K3?dPAbzyAJy|NQ~P?>_+p<d47u4NNei(&kwYwWZvOP{Ii*
ztkA*>G0afI4LR)4tMuq`ur2^bD>1YaO-vER6;*7J#TQ+S5yly1tdYhW2V>B|)Xo#n
zJRf@`FUTK-1k%VNkt9;dA(=dKNhh03GRh~Vgwo0?$pcZu_7p5|z%CK|QcN$&46{ry
z(HzsvHPbv(%{JM5Gb9~P<I%%A@yt`tJ^Ad@&p!cuE3VT<w9!x;5j|AVL>XPw(MBPC
zRMJRKq;swZRl}0XO{eViN=`rZR8vtw9W~TbO-;4bRY`3X)!MWq6oGs6q1Dz}alKX7
zTzTEq*It4BRoGyO9oE=lk@!7U*<_hr*4bvEeOB6Nsh!r^YO%dm+ibbr*4u8u{Z?E{
zlRCiMbJ0y#-F4Y**WGvFjaS}z>8;n^d-2Uz-+lS**WZ5u4p`uU2`<>+cGV-apoI@&
z*x`mDepup&DW2HkiZQ-e<BU1p*yD~t{#fLYNgmncl2JZc<&;@o+2xjDep%+2X`b0;
zjCVv$=bd@(+2@~u4qE7;i7wjcqmfQp>7|)&+UcjEj#}!esjk}UtFg{{Xu0}9pzE)_
z4jb&T#V(udv&~K$?X}fzo9(yVjvMZ|<*u9VyY0>!@4fZzoA1B<4jk~o1uvZN!wpXy
L@x|4aD<A+nNtk3{

diff --git a/www/index_files/crypto_des.gif b/www/index_files/crypto_des.gif
deleted file mode 100644
index 8588179efcdcfe7d95f5ae609395d4daa84ad7da..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7085
zcmeHJ<yRAcqeT&EP*EBS=}@{sK)O|W1C;J&8;ov7j_!srN@Bohq*GvYN;iTulktAP
z^ZtzY?uUEs=X=f#B^5<cv2XDYzC66b`!7yTPX3qwBmN)%@4){l2e|*6fd6Izj|hi{
zPsFJFBd;r%h>8<1@FTxF{0XyamU2x&FN{{eZpq*&o>CZ|Toj{9ZP8#N`xhi&u(o(O
z^@I6PmP%d8Xr_P+=Q%>)&99t~!6Zzo^@xeW2Y%0Vo1d3qO0^4Bv*{Dcw9EC&?3Ra6
z<+HI$HIH9lQ5ExbHsSDTbc*9bBaH&<9S6t>*z#~IBV-u#-8k0&!4(r(0<Uaw*x5_H
ztR%j*e(CPF<Yegg%RRAtA|?Rznd}gqZ1|<R_?cA?zL3BR;4Qa3tomEyW!4<?dP^qL
zK@Pc?u)=BwM87J#1#CCgA4-`z0=O|7d6S@KdejO!E9fkj(dCi4IX+xy#F;wN<0@Bn
z(<f*c(I&n(^}k8A{Ioixk52854pu2eaPs%}r)<9ifDh*40|}oYeh017g}zoMQ)FK=
zxCVw|LTRlKYhjFDyKCVhx}y0Zl(7azk*qms>k;f#bA~Y9XOGRJ`6mZ{M+^TAHIKD9
z8ZeKOq1ZK#w<K42r?2=jvIu_5GWbqcQ<_*e>9eNcmd{rcvD}me%Rv?|Q@tI_G{Xdr
zr8KL{5UUJ^%0a74=Z0;oEZR{OYZnmQ$~s5)6q1`8cSO9a$wrPW%ojfnWrxBt^gkCy
z%Plagz?=2<ijILsc_rb2yL;hT$9>EZCYB^Dh)*O@Od8m9BNGkWL*#9yT7Hg7c~(l<
zSNm8lCL_E2mdVJ^Wu>(=4v08ah2k2wg3=X;<WXp*6Q-okp>}Y6y3BD*u@nJ<e8V0B
zH-?Z_sLfDICjbUQ!((osLz8ZMUNZZ#=}%6>O8f0hCWD<EE5}KBcC&qaE9^n^6OY_C
z){Cx7o}~t@gfRL_tC}dHsb){s!#|)GTuUF?-ZEJ6xBoj<<Ll6C%X}ZGD89#8H7Moa
zI&@LhTLElbvvN0o8jP)Ry>r{<AHjDHKZYsZ8@qy%qBvbAz8+v}2R<qBoDK_VE$vTQ
za+ae!kH0%G&H!X$>biiY<QEG>pwU`Xb?mZPV5g#LC2rih0|;1RmsoD-2%xEI_-R0y
zdZowcEOGeNGl9YB*Nh2tzA>@Unj5{eJq#(y)#tt4l}ua_{RP7pTU6`M0hdSB)Gm12
z)HWjDl?kuE+}tzu-){*+{guX^+&ra3pXv~=BL0T)$05!F<YW-%(9eHLFF@aOOD|pB
z-gE!e3wqUlO`oWhe?w8wQGDB5ms^EpV7|ltJD+vF-;n!Bb`QVZ>FCf~Ia9mGfm$E@
zWeb4IndSad`e@0a9QeR451(8)cS^;Do4RN6L7k^8%4J;o31EOwB0{!hnl0q*5*;zm
zBjF%N7b`9c7>O+Hhv$lvVf4{JvgwPDB*z~daCG>CcVWssPwtQr%IfO}+bnW_iHE{~
zLGjPKu0EaJv3$_>(0q|C+MDf?U|@RwohGJH;S|Ux>;3bM^N=zFRgP^mX`vxO$9h{&
z<<nSZ3>A47kwjS~MVuWL!+3*GYG1C245*kOzMJI1n|2Lz{#5jiAYDE(O+#34c%6>w
zCM)#KxQOjR8ly9n3ZEw2){XQvdnD_S^s}9~(r9z~>Mf;O!_P4fJ(ewziYkVEf8&uo
znBY8G)vp<U(}p;<-P|C;zn|2l1g;mo`9`O1bxE$JW3k1bu&2i73r|RCDUuhw88v+j
zkG6ZLMw_n8&eD9A?c}h<v!?P3q$(h3i1Sd3`a7t(SWJ>ic=!h2f3E#Cy&#C_V(ld)
zc|7noF<)@qTIAJ&HjRp4+yf?E1p#kus<mH*504N^eEkLSZXOEnc*^8x=qA95y9GNA
z&#H~U%!!|;3Iu^q)Mr^S=}zY*Qlrb7G`rf|#YuTVh8)sLVCE7{8w3Wx`EKiqE+FR|
z$(Dsw=2Lx}X*G>hyrcZeMlx01K9wPUVW;;iYP6mc1-E0e)?dAqKZ*9VBR$GCo;K7?
zq4tcGVFn6+QBFzO`WkEOxi(!-qQ*x(<7#$fX?UPmR+v(o%RHP%y%D7aeu2!Pvnw6b
zCN!dSZK#uR-+zOqQ=V?%s|}vUm2V3|w7P%J2t{jDXxiFqwysb+cZ`-hcrr|{53x6D
zIqrYcH=dpt`&$KNdFn<=w+!GBQ5<J+aJjHjIdGyWZpn1=N2>K7tQ@QGGC6~W?M*l=
zQ@xG|UfZ-|pPs_^+AdJ<lg5d}?n;O|Sc<9%H&}kh_B8rn&Z?Uy8O-pgY9VBg*8(%c
zxd}Q3e#X0<JSA=Yc4bT3NX1JX&ULYdGn<orlLL&5%lsbmiPn#+-33M}U@mZc(kocS
zcl*6Ufpnv(O4*T@LW@!UrN~~PY>F0K0lUG%aMfqz$p1NJX=7D2J>=`mR)o%ug^jmC
zzucp<liDnHzF_y^uHYJ6`UCk*U;<r}jmdOIX?Uw}oygd{{c`dP5o>`q!?8b}M}L(a
ztcTWbTAv)d6OfJ;$#g4DP+HV0uGU*$snWMzg`Ud@#Y|^xUypx7)~n`5DQJS6oAY8z
zJSJG|UT95E?du-zFjj84tc#4tsiNqF7{1=1ng>!|RI#b4IbfI3a|4&lQmA>BgPIzV
z56c$LaTg9An%F^GzaJ<=1`Ho&B5JtA^MMFTv({~zTY%alp`E9j>iuj;0<)upKtJX-
zY*GKOg$W86t&e*Pw^v$ZpnBya?KJDNT-YUyrg3r(%{5NJqhu6J-aEOVZ(Ut@>4iE(
zG$RG!t9#M=L^zH!o)*_7`(ed{?v|JnaUi|=$R}->k%k*sh`cuB0`&R4$tm#)X)O;{
zb3<?Nuz}T6NNN#mYRy$$au0AKIDkBY99!aQpue@1KrX6+?)j0dyA=SspC)4UiFF4H
zy4G3U5vpF5!C!J+2$$YD3Y*3!Q~<%@5?1={->#s(fYuRFdU7?B>q(xYL>OqI@j|52
zSkt&ZsTnZQ4nBLAW&Y`&VZGYK<s0&!ZD6nWKlV7Odu_nc%%hgxVG(d)aQk+0|GQ~(
z%I^z?emRl-*N5{CvxoHr74LVT3%y5Y+12f1YnlyzrM9TGdGBvZid)l!@77vkldrLo
zm831WrIU`^WUNbpy)|15@F?z8!4{3b1M@A$L`xWZsDFR%N`Kh)41{H`?6~>0YWw*<
z<Ni)WdG5mh;L6V>+5d-?+7)2{(SZ33n}33p1?8?U^R(YjE1Rx<05!_rzR15uK7e4?
z50(-LodKjN297EQAz6Lj&IKtJ+o$k(x`zgFfbBo^>Iu#{2p}v(n*vs*f<*=b&-#76
z2tpncS=6$HWM0UXzyk)|y$JDx@rpvylU{0qMb3nEUJn2tq-pRLI!y_^f23sePcTra
z@0kUWZ?l|dc43&PZ0L`(P~%-M=?OU%wouLdAijYR5I6wZFXG)~299vP1BF5ijBz>V
zMik1r{t*V-UM}NS5hMok!J?s(rBZ>SA?13J2DG7Lz2CFa)OlDUKb}Jr;E}v@0iIvM
zE@5UdVNr!NA<_7-OKaPrfheC;$ws2UH5810Ac#R8#-?ohlN}aAYc>EkYu}AzWsjKC
zj~Z%<j!X^cowIqt8WV6Coehr37d2ZDbu!nBIhl^RN13m)>up|3*)>GF({iuQfr6SW
z{t$h)nTh?HWZ`2KC-K;C&oh?uv7dTr9Jyc|YCCRm#*&vM{!l*NlA3`866fh@OIc>k
z^$12a$U!!5+73<#zO>w<wR*K@t!EKm7ZkIrYt1SaOLrsPB@bs$fin!?V&3;ADAmGW
z5+<I2IfToAb4rOPjZ&h9_7m=QvWCGDXo$=@JTom}bvJRhI0?RGyRemjSNu(Hk5dyO
zRlRM7S0bccmYi^w+)ER<^C12K9XzGU*f0`q&jGe33e)VfU)2wHGDsD6b?{10{ov{>
zyqyy17E%LBdeiSRpya)klJZ2%C#VdBm`#m>q+tot;}Je}w69!L(jw+r3-ruSw~fA)
zdDo=D5+l<ci=7WkKx2>K-`Pc}*xbh1p~_+@6P6iGr96Kvpk;do3(o}=K;HG%QAszM
zzXvSxR5GdA-17|$POMb(E!=2nyyL)`{p?w_hHx9(=t^s7EA9#??*7%b+bn$AGmOq&
zM_){JR=sf+2oUjBCiGa|<}swnUETB0Qp)ZS&2Gi_GTrgqgCs`N`2~FerH8uZrSgX{
zyR5&<{$ZQDQ3(0M1}a5=?0yc*69ZY|%dZaRLi&a8(Rrn3vS$R~8gxuze_p|jO-qpr
z<MV>RUa=<_F?4_aGN=Hqlu<>KFA1g}hvafY3dI{UzC2={Z16GKQND|eMHA+B(#fPm
z!d~LPks!$v6faQznLaC4{A|ClOWE|zrH?LMgnU%-AlSo5HKC|9)n-UMW01!>rNk-Y
z8AoG?Rl189ZIF9&ksmk^<P8n5E%nJL1cFOpbYVDu`Yb$%?`Eo>Co(c>0TDP95K4mZ
z9YS!wO?5#8`rDO#qAlAtOd{@qz1l777Atd8_19l;lU6RnzC#vfL_x$qKLeLtiz52Y
zbsbeAvg``@SyPfB<p5=5`9^suJ9R~~beSDjZ-%rCXL+nmd0|5Z42fh;1I%&6J&>=2
zdRG*aRKyPzE_oXgmE~34B9kmb=Dm^GSBQe9!a<Tyk9n<D@w5f{@Tq6j0wk`nEEUrj
ziA?wOx73AqQEJ7HOB?9K&#8aJDLE4?Dz6p&xFm7+v9P~gD6H#Eq_hW*G&Ayu*ATqO
zR_w0fovC_`4U%IGFv#$Dr2BoBv-%||E~0(`IhGM@;PHwER%o$@6l9SST68VHRX>j6
zc%)(_!BsZDpQ<YdeY;rOiKtlYW*O5fQ9Y||CMo}Fl&!Yt^jRW93tju&2<6&^n((gA
zA@Ql0O^9q@Q|q=hJSY+oWXsrhGs7nG+uH2cHCUIZJ+f$&ft5pAWV~B~Nh4F_%US$k
z(P~c{_lYbCQtFe!;-e3&+?$gl>>JW=o1Rmn6V)8iszqNK&@1#7p^MMEM4H};#TO@r
zrx+*RcbAvh2j*Z=>6uB@K20?e(Z`4%b;b>_$>w$Ok`TR?_j{<A%obge)=lwN&EXal
zCwCtM`_OQssa&(}c2o$qbp<!oDoNVps@fX$$xh!V9w?D&r(!l|AER?!v9TET={kL;
zr7_8%{Ub+PzDlaIQ3oy~<}$P6KNH_VQVUis$YbyLRF3*G{9T8*ZbqmokRx3W8@G|3
zrbpQIkD*y%vD4}{E%vQDZW#S!u_X3u+}K;^jdRzv;jnSLx*Nru7{iR$`k5NtnQ+0n
zHkjj0WCmwedbxGcK173}8PaZxU~O%qu5i^L>X9ew<X3hZPA|SMkh3b~pEfFBBW?R(
z+){m-{&}Iq5c-;n(_?$uMB%!#L!4$y%uUX^r<$(ls@dcS0)8tg<Og!clh1X6YW%1D
zzeRT`aTfj)@^Z>l!yRz=n1^R`knnjq<UJN2hyWC7v3B1PGhuB(7Og)Y1ighE_KT4W
zj);ob?|g6#9{gzxi6yIdbwKdix%(gfT-eK9E69IsIHWTaorD=esP`R~=R+iW+bq2K
z=+o6(hYXjBN+mk0ON&aM59g|NhYSrzxAyr0auTyfWVl9jC58sbghnd*6Kpcs7e+dl
z6e7+#SO!No4pAl<d9@YhSc&X*SW#)_j~-|jTY1O%l8X#9<@~TjF1qX#^lQDm(=W;v
z=TN)PSxKZkyg)ksc(iQ=+WF`R;buI(NHX!70Qt|M<>_5z%vLjTWho_7;`5`4{>=7=
zOI^=+qVU1Ej<-^i%gsqA61De?7~E|8SnDK@6y}ts;rBv-m{c_lFi^^OlHg`Ce0YL8
zrh<XYiTV!ksjZl0v|f623J{sBF<MK12iP6%&|j`#o=cwOo|0(OV*>uXCY%}NpJ9Yz
zlz<iv_82=~^JDuN2H&vArkMi6X|{h8^v}Jun0_^p_6usv$Q*^{OwWFfu3j#hOl+El
z&Tv`!Mn8kiVkPI!Xy#Yozm~-;Y$N8wm}Va(8mRy=Ns#b2Q}Z6;fbGFato;JUVB%Gi
zhjZK5#9?dT-KaA}r#7bVV~fNO&UrSwaCOJ_5)xVTQoP1I3=CX4H)w9e%%UTmDm22s
z<1*_hAP%!<rh`NDPR5HOS+?fbY3|L%#pfMd5<{nRV-vfq6~YnuF*A+~@Rta9=sbMs
zNEAyO`)hHfwaxwrx%$&F_5<BAEmISGcQs!xfz#%<gIw1<Q6pJwXXmBUL(Qf%2_7mx
z(*)#ial<t~&>G=!lV0)KtdylA>-xZ=EQ#&<gpcexVx0{gySu+$D*?YdS`*LycH_9g
zUzsSrvhZwVWBtySl6TH;W@AQdll(5~!k1UAJ$xFoIo8xNLb`P?zMgNjS(Md;iP_8^
zTACZO_~&b^M?957yV<U1XXv|K#*}cNu?6v6bQp>wvfq9|wgccbJ-wTg>zl{fMx{cl
zQlU3NpW2*%1#anDuY5zbib4Sak-IBa^^IJ8zgu?Wszwu!hh>iQSxdTt)ph{@8~d4b
znXukZ6!Xq6yLbSdtQvctvqq7C;fGfviH`eqeh~t<`RrLer97{oJgyyL<5kjKU)8fJ
zr<b2ljOF^}s6)l_@Ox%k^K5o@5%jh5*$2!OV=pE9)l<!NpmW#6ZA>d=w}!d1dwcVS
z{ba^HKbS^y+};1GsGf=~zB!y9ayZ=0Qi@U^tl&L>E*V>$een3lcTW+~PJtp-&p|yk
zr2R6GR`o}6&Z9FGq=7iTaeB{yEWGmDpIiYgX!?|nboa;heB16j!r_JpGu-P&jx+Ef
zaLoIuieZG{_(0LhjGq^Ob*Lv!n4i(*TpAkcaVFaFhg`J;Ns%8IJANN_uEKuEUvj<?
z9kcCZMuXqDc{n@1K4zA(*nC$OPl2|+-SHheHFHiyX(GtTk4P(btaCRvM(0B9!rVs7
zT>f09XVg%%UAk9~qcg9ZG+Ln@8`k$%-ffr2s$JiXD=+8k5YubN>Z>}gYp=WO$kl7u
zuWOj^HN0aA&~_bPeHpTP<2>4y_i8*)<|aY(5^>LgN-GCB6*}KHSFT?Ci@45Vz*fCS
zRNObXqS4LHmFV{y*dc7^YCY=D_C3#4Uz|-ZB{t3(D~G$6EUPY|onM*|iDD{f&Znnx
z;HA<bU*^%dVb%KKo7AQJ828=~H@RHiO^Ms}?^#ja**4vNh2~~}%on&{U<MAER>Bx&
zd9HGg@gCrP#0$j7XOy)0kpD4+oS6D6QNo&h1QDrtD>&h8Zxs0p-Xx;Qg1&HO8Szi)
zpSM&~XjK|Q=r9H986VhYdLji1`qPQ|F3;x$);qJ=WnL24Y1@wHO6pUyq)pkX#Az3r
z0L6uDX3BvrZ%66$xTkBxhqommdOVm+ZLJc^sAM)krDNdA#XePqY9q(hvuxXo%GFla
zMtWcb=xDtp+HlgdLg?>YHlT8-Qeu(=Sd{Wq4Hw&-`eCujzayuQl;&h-G*@3f2SDw$
zIiKj<r^q#Ru#apME6JWqKrIbJ2owEoKVSbr2mX1POR{uvKHfx!ZEzCx`LnR7b5^x-
zF1k4jHKqxtm^{WznDv{lEYH33+6%1<y3%xq;C}wwF~1tC91DXTqjCId>MiFh=5Zf4
zDbBcsZlVjTP>=35xZaVmEsejAG$|PUIKJ*P&O4#X<?@pXUEtD0^alDvfmoJG{S!|5
zQH?x>XEd=A`Na2#qVp;H@`3T7e-rN#8k#i*en<686gLWbxG`7cWx28QByYkCd0Q~Q
z`WYb(#OnOr&jkhrW-aPQdnf;mkJgPO;lA*Qu2l$VNqIJZ8Ih_hJkuh>zME2#UE~&=
zxTCNX&{llK^F>F6t+;+t@J+ABn7YW;RI8@U@|2FY63dsbpS9Ya>grwzdg|)SLxpAp
zjFVA%H8v<A{W_1W7a{;3f*H(z?sSrYxut~gJTTd^q2DUk@rjWwC@W>&v^?g*$U%47
z%h;(cw87X#<ppR-b6DtV$s<_-w5-19nW_Wcn8s*%`($6Oh?7t2&qA>Zf|>#Dcc9-w
z1i}V0K~%h+>R~#->op3R<m;&ju9xTEqt7tl4Lpg<Iq?`C7PLj8mZF$tvc47C5`M=Z
zW|1z_Cc2&O+*iLX>$+`dk_JK^i|u;*vl`hHKIO^SC=A6QYy-=naP|<N88O=&jYN|6
zf+Y#{UE~+?=60$hjALJM<qE~7MQ=%h5Op{igX71xs(1$ud&W~cv_gq-Yl9fz)aK}V
zMZ%)tMLDHxFM?N67&WV@BTI-+^UuCGX2n@&YZrfFEt7{*+hsz{aj9WKYxT)_y^i&r
o+pMXxl$XIbtwqa4=YA>BGH8csYtoXieW5>?O?oE)4^QHM08k;X6aWAK

diff --git a/www/index_files/crypto_ecc.gif b/www/index_files/crypto_ecc.gif
deleted file mode 100644
index be218e25a04a20f2ef95a1060c63967b3b4c9afe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4700
zcmeH``9Bkm<HzM{sE{Lfhnpz(86nqPxo^t3%}ve~QW$g0Im6^w!{*F3wqeTKT_kd=
z962jW<eI+k_uujTync8+9<N`YugBBW+(c93;bTTt#&m}Nvb($cZ@09xgolSC5Qu;0
z|MEWq|4#_q{Lg^@TsRM)GcW-}%vvg6KLhZ{c?`Bx^`>))1Ix`?tNY*rDv*W2)|!Fb
zYetzO=C3eA1v2(HkD*sDN07IDhs({|u<yz=qqY`?+G@vM+<nF_3MABx*O(Q^c@7im
zCu;B40MS4q?jzo%4YD{)#7{Rr=*<+hAT`XkfhKUCBc#Up_VATqw1tKw14H!Q*5b&Y
z)y3{)CJwQ0ySJ8lVLaPv4IQm31A&4@6_(^k$Dv}Cpih>(D(hpFMq|HkQV5$9H_U6i
z-j&vGjl{W+RG@#WInEQJw!1UjAv=pb&)QB!i#m2!1`ULgD7xgmb-pr<qDx(r=+sGM
z0Bsa~axm9Qr^2t&c6IFbRws5$!V0^N|1>VfUgD&kMIY^b-)_!H0{x{k*d2J^XJQ3a
z`mmf8etCL<o%FzlQ(b1s=XVI-(sO~~=qhXBfQ{?!qRYI?=@O-C)mGBQbvImOKTIxX
z-iGWigZTPEz7JG}3s<srwTa@E`Uf(r@oK{^s|Yg+AI8E$Y7=8)bt!hWz@eD$E6~}g
zUNZZpHTf&j!yk-9J}8baDv_xIua!#FgY(OR`!~7EL-J+U(ZF%7{ED~(E$$cB&uy(&
zUSvDYt9mY#z*Q}(gxjb&r%B1fAT9&JCP=5bK<t$WTzz?kN#J@drkhvJxVD%*0C%|+
zN5>U68S-x9ZART@>IiFYfyks~xA&espNxALm@nQ<ZlTCQ<c&T&(MW#S&v-YOfr<Cp
z{c{Xlh=!NlhC~r))*XBZ!_+0hH&PWEF52|V+{BHvaa<p2*tNeNnmuDJyo27m;WwYW
z^hW1Ck)e=!i?*m7>z5MiD%{vT#)#i}9ei*i-@<xFAehAC4Gn(7%K>gB3-d5XHeWCn
zi7Xd4rTp|3KAZYAoSl6d*#e%EReTpT_c$t@JN71`hdFB`3Z?h=G+>D3;r#CSofnTM
z$5f0Oy+7P?ZzML@t*<MOx~IPjo@RCekY+$97Niuo6Z!y3!lnJ3e^l0~o^F3e@r+Gq
zSjPVOw1Sq~TTGVTmW@c`_BzC)5{1i_;Yc93E!VVyR5Pi>O8#1UgR=O!+&yq(t}^|S
zXysZ_=y6m6#q{$UUYb3S+B^_SEIpVCJsI~oOBeh`4P)0eVZn)YhFd9Wp8j0e>d+l}
z8%AH*le#7JWKhfN@W(zcZD#4s!qsvgSY$eF2PSP7rdPK$pY4CLZR%+U?;m(k*1tQk
z?SFOvKYe`Qx9t5l&O!Iuta&mMA#aCkhGZy-a5_YJ(Zythr<Lv}@vaIc<j20gFqIi>
zdt7|pya+A-uJN|`Deu>~iSkR>aKjuP+cqy3*_Dp)U=7R?f)!c7L*HtFo_qT+Uh2?j
zs<YopFW8aW-x)LeGBo2|)K#1OLur{yz$n8`zNJ?n<Bp|N8;5T`oo{B0Ze&KN)v2rq
zT1Am$=Yp~WfFf5SG^I5YH@&zROGNRjg3^j%IZ)=D1%_F5L)LtQzsi_J-gq;HkMKP2
zAPKhFJ~QP==KTCs%L}%cF3Ws?pHvn~TBT6yE-AvMrttmxTHLV1t7dx-0!BWMWPF_z
zSsd|Pgkdw?;+FbwYWr`CTSH7OmsssfdVi1pRg|&tlPb`M8h%lFfx-atno*PAY~LRK
zd;6!2(!Fi0XD3;V)y=+qMPfa8qgL+`j=5lK)zP9bof=244lwPDs=ebVII?6F_2R0s
z<nC{__e`nbQGXxV8mJUV&Q*n0F{WTxmcVyl+N>Ew49Hj^Q$YJ=PNj$=r+@+A1A^7M
z#_k&*(8{f?2wND0jFh!7cHkXW3&lp~IdE{M+g}_aJas#jjY&A>x4zzlxo2fv$0|LE
zS(9|k4aV88FU!&TfH-?JkJA8_<{F}gFFBTT=8&DLN+HVoi*EOQfK0Uo_<KEZsBxd~
zoiapOHAU^)c!n7(cdqftI2P3O9UMC&pRfcdh=21i7*G}DQ@6=<1pA@(XX>q-UKSaD
z@>eQzH85eVM>k&J78b_7r*JC>Ow0#d!S$2r^;3kK4kK*d9PWxk{JBJWmUqF%^a3`3
z_zxT(rZ6#Y7I2~Cw@|3|yrIdQT&%P4JK;$B{sO39GB3TcDH4n4cI9`bavuG-kq-FO
z4U6quRoJm7L(Rn!QoDR~cifJSz4l4$-QV|%qP}n6WseS`o%U5GiQo9V&M#2s!Eqb%
z6IxdwDnQ~?lo;N^f2mT6quMdGB#1YVn!qkpksmF_dY%1c7x6AV$}=UGnB01uX2j)c
zrdqLlt-Lf9CE?C+IVN>QM$K=&TD=hp-U|<8adBk;Mr2NOmh{5eFzBgIB%0UMNAuUr
zwXw@?(5pt&Zvnr+oGNDH)fZ3zy5eksuug<Q1#xkRaOiVyYRho4(_dp<ag^p@c8;Ly
zBTI{_Oe|gv!l`iubLUo_>9$Eci$Ms@yEwqC2}n*9k;n=kgYbpuN#FU%)tmp8HwIU$
ze-Wa)a#1zR3t2x>qImig329M(03IFM9CR%0!K5~U2(_S|uM{d<s;Y3jXAt3~5H{P;
z_YC)z>dERno5)6(%DGc-C-f8gA@smHxFp1y)pb&yxTXDacDpG42fXP!>4LKe<eJ;T
z^z>O&>-fIo%ki|iB?XPHZ7U*F#eR`27t|mRvP@R7)}iNc>S)P@Kl+^YWp7f0`E{Gw
zbidB>Ua?5tpj+1j{mV(WpmUXfk!G;HdHM54*`p01;9a2vtFP1mt-GmP6sG~dN%!jb
zS8B4a5&A%E_e6;P6Gfe#voIA4pP2DI81S70eHBp+lIH$iUF;5-XCx$4LQ<mS%qPqL
zk@TAm;&Z<Vo}2&vLu5LvE?TP@z2WRoSAWAThVbV6RNNT#)1T2l-6!;&WX{en=WPz(
z2%qi3Y&w^(j2-stoc%;_9)yY891Xjl{VEyjT+<jk8ik(im3VW^_l2%U<J-P;aw9fv
z#zJ|~qTgej`81SfW7?fXe?&}2a|*Jbd=TrL6p5tFREh038nJCMqRHQD2lwXXug)YJ
ztH}o??FZ6%2G=yCyXR7$Joz@F{hc-t9SA(5&j>5NUis7U_O<@cW;Jg7WZ0d4!Ni~|
z(+*2gob?}kfV<-ppFhcJgj!ZVDPT_CjMeYCmn>Hpo*-$)F_6gRm&|@SX;eClYf!UD
z-ELG#k5|CB_PK3sfu5+0?veUqaTk+S^(eu$;N_=!>~Y3|YEsgmN1p={Z~U>i8u(Bv
zE~G6T3Q+OC=9qNyG(^uuiDf-jEX8j~H715t-%>!_#w?bi0kjo}vEOi!aM92?wB!Ha
zr!td7b9`=Qm-@-s@5-PlzW26wi3M0)>0{(g?nBcckdzXC0Hdv{--dlYHib$2_IsXi
zDCime)gSFxf6Zj6v|om>aIE~*+DH0V#B_R71z`7Y4c^n2Qh<YC(IlIYI1gWpMO2B!
zCQ)IaINev^-g=E6tR$83Ambr1GxiM#a2?)c21)5iZkKqTb!gkt0g?J8irs*>EIq7}
z$?|-a(q9ra6_Yk3;K>sMe`n@c>5wrV=gzhQ`v|yER+#NI5V8P}H{H+vqA52clT-c2
ztP7OmH*Wd0E@!F^@^&NVEm6NuCU-~D^I*{QSz+$+VdCasu8)E7cL0LJ3HH+rv0eu|
zpMlr`J-jfRd+7+V2n)SDo6F>y_aZt^;0Qk1k;g(th`A#61@c|ag-Ni9!_@Mn&$Reb
z`aI<_5H6FqZkZ!!OwRI~_5&;)Dr|_I%UK$-yw6q(^w}goNERApL>uwC>I~)DepN87
zmssscwft4MC*Uw)P&5Y%b^%}2@h^1OO1e!f^xo91dz0jQ<XT;AADB@LmUZ+2=W0zk
zgvsUt)saDD)t<GYSn}f*3=--ZqB*FZB#1~(vx}+E=~LBtW?mw|YLgDm`Te^DKJ+A8
z3w1>!J|B!aBB`boq84Bwm|7I5DB8|EvKoASm0zL)l`YayT6>h9v{u@@dFSO(DTjLU
zC*Lv?pS%5-vallK{8;mD*L?bOz20~!M#(a0{QY5aan)qG@9cg1*m8Qit@+eFbj#Be
zt8{d?0o0BS{RU>6NG=jnt8kdrUW+djXVLkx2?syFzc7@4cUtl1Ec&i%)c&S|DzZXi
zNQQ`dajwq!yKJ5|OBMs}_6}>*`7NQ-;)fjCqCR}jIfp9|YL%8Kr@vZN4Qb*0KxDL}
zp%5^FOUUcGT=j)vMM+A8UP`sBP^I`>^)FWu(c^4qwVD@Nu8B-FYSFHLt7~pKi-dfw
zQ5C3}l*ITKpiLmv2Pll38`@Gk((G8?23R<VQnDX@<TP&ToZ#j-7vWB+a)s3V*v$8V
zK%O~b<6^L0Le^-_+gF+V{b#X^Khp&HZay+m$mOr_qhKY^Y|~ZLYrm!_gllsrW@f|!
z{OCnosX$-h8lQk+FG^idUYwtidTpXWUZGlM-iEJo|BD|7Wm0U9ca-bKKuINTVyFOt
zLP(YiPkA$-EH$96_#nIjfX519AmSN$hPZn%*vkTG#q9pfD|HK3GDxK!r3v-LnP9#(
zJVD4B2~a}vJB^oSXdU4d?HgH?0vdqW86l50|5`(P2ADQJPp)>r4YSR7GZs?+ZlfWO
zy~(9e83)KkL7D;MP53FCU}+N(0w<T&HO6s4`Li?la3LhF{<**!815o9fYle|D<nmq
zOMeAXzSEEAHh{atTzLyoWZ!PhK2ZK=4o|<ZmeRPY%EIGBhPA|e1ZwQHp7ObXa1T^Z
zUYco@YI0!f$Zh!PHobW$Rge%?+jh_W>0KznFFqGYC78?;js^(#g^4ygM7u~AwIFX?
z5mA`r=i%<<9z<k<5q&s{9o<ReQZ^v>XMt3bvnC-Fj`S05kCZ1qIw8^G+m|q;1dhkN
z^X*e=?a5^=F*+TOQG~Rzz?8C%vKdlV(38}Yj%FcpK1WNEJNbQkN6AP_DV6L$)LwBy
zMhjDxH7FP=3JayguuyPtO3pk5Z$WMmrZ($P4>LPR7F1*z^|vFn^Q4)2LgnOWe*>ld
z<KB60n>q-^$5T7|JuJ#cPdYt?x&Ud^$?fKc30)tdopU3d@8`QH+Ff6^yJmH|XSOkG
zP~5w+?)s7L<?Ze%4%%mV+D{AGMi6ZqPTRrLPUmT7Co~3;9!A|BW{)1$$31}Zo?31$
H2A%%{IZk-d

diff --git a/www/index_files/crypto_sslv3.gif b/www/index_files/crypto_sslv3.gif
deleted file mode 100644
index 872cbc0b3bbb280e5a46f55ef55d0275d3dabc5c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 30156
zcmeErWltT>6D|b`6m4;*xO;JThZc8tcXxMpcRRS-!TsRw?(WXv{{AoShq%doGSALt
zlgUmdnc3Z02`O<-E(1iU9>`~i|KaQZ^6S6Z*MGx*{POz$`2P|3e<uP>O-(=`uxau?
z)wH#>1p$%m<puGd`^?PDUtg1xlmBCO_J8vA->TvNFv-kp2m#?m_rDDIUoJqvfg$#H
z(IoBj`vT!mXk<t23kE`e5=lo(Ius5?Vl!G!j5-vJ#QqkDM3izY9!sQBsFWRZECHo5
z>5WHAIhD$#LhKQ&j5U@`=LrVE6G%6e&lX80(ddjfRm_+DEt1ZWZmwJes5e?}jyD6A
zYju7d@cP&4tTvj?7wQ07=+|3q_xp2bTNySxUGMic0j-SNJ-$#-gmi68y91$Uq`FmY
z%=;s;q$0U=?JS3&R8~?<z&ru}biP0ovYcnr>0G%2Kz`D*`FyEP4-_ls)pEJkW_La{
z>D79@)$50VBJbUHyEhs~t1#u=et$HRCxbGTVa)@*(rC3k1?+sj-WdQ#5h-+cz22Y9
z1N5f5f$z^Z`=C69p6<{0m;3YW=^o$Jvs{DLX$UAxP80}e3Qm1LMD~-Npr7JYyTRzH
z=DQ)-rsc%$-(nw$AfX}u?m%3Ir|<AWL)7g?(zTrIMKKLi?MMIN4o8RJFiazb{EET&
z4f+1le#f5*k_jc@rCfbKQI`GmAnC6-HF+}ZpwVH9x-PY9iiRsroI1DXDtS7bbNPH2
z)Pz%S0Q8M01izTAnW`(1yv1>j`%%SluJ^Dcrmogr5*b7=rnGq+H+&{m2A^waoWBL(
zZ?ag3-V74ALW5@`x4g&G)3W?fnzM2bRh;$I+cu+<N`lZ+oC0t`-&=X2sb<(_gcWkU
zVLYs38m6nu+Z$EIAg0wt{U`;`c3#vTm3fJ+kPJm*P^Q>Ptu(u5Z=59LZ{tYmr^-!p
z6J!vnc`rD;rZl5;{j~kE|2($gVae(m_@ZfEX<c3!i3?FpQg;mq2^BZ3HiywLj9&=>
z7`s~Dy5|h`>T*y*I)UA8hnzKet%uQIv#v+U(yZ^sw*P6V<x6#wS0~b_MPU{#znU}f
z+rodCnhVcy)%G3Ye%QA28__&;9m5bXj>~dfKFk*)UugC~<f%S3RYaPW_ccv<9t{R#
zR*-x%`~_d*iswhgGJ@@AZ98ONCda(sylnHlDL0Id1qRL3JUSMd>Cie&+OH#0*GhZR
zrnZR<fUfqhU2*jf1W<Um<`T8Q>|5DxSFgwKmz|c21ewxr=4u1k%~jB_(KmyXPl!jY
zC`Ka=Ill(zZzp@!_?@(V=6!#=8N{;t@R*3@Z)^;T1-JG_&WW-551?j{T;Au8wgrh0
zU4K6B1Tnf;e%=AzDs<GsOtZyP-Sb=5Sw~%89+vF{Heut#ioo1=3iZ2!9q2jO92M_4
zH~w(4`fk}Hy)Z0w2FTir`@GPdYs9~O;V1H8I7Wp&&8?IO5DVZWB!!>5kXfk~qT!WB
z`!PD|LYTY@5RD`UaMtQVIlBswokj-;Y7qUw<cNho!#D?RJSJ6t$rhrfjSf<9-$wk6
zE<`Vr9HP;@jZ~i~#B3cMV(`3;(nl=99+4bo!9BBDKm+kCjSjPS+{V~P7vUdEj&QHt
z#=1`w5k8NO@W0*0`6CwphLsu>#=VOVmn|m28XFbozDo#pPJXj|LUym4O|%*`CTAQQ
zlXZ1W%0(onlBgI{^qosC6eXut7#mk^aZIU+CZ{v27}xBcOKlh=r?(peX+Jrpbt6(R
zg;jtI!E@>Tq7=+=V-v>gP8n0t6o1MpCM@~qGv@{=*lNcn)eC3sA^eLuN2I14Gw-uc
zWXrgh$EI96?sIMsi^-_V#bwr<lAgg6l>E;X)4q52d0<2;L0FoZK-7nP7&$6otjd{C
zmWKl57%EXpn%PLjheFIrDshg=*;vPiB0?l;NeP;{#KebUq|YPX{js^!j)xMam<m}l
z>G{mH<m~&8BlgDC$(%RkEWt~QzaG*HdGL?rVg!}{k|GyMxK%3t+E^-QNH3O2KUS*b
z(EL%c6lL3b0O%tD)JLS38ZsZNt|q8a|Bb6Abu?Go`vA1}rI*{+nrqyF0NwlXW#C(L
zt^X&0uYHZU3HPZkT&~Ix3$!vUtXR$0V5wS9vpR11*pNJQVa#E*I^mhxn0ZNOE<n3B
z7y8sxEOyBQ$3r{P@zh)w1Fp6<lUZ+aP08I|IIg^DuZ+c%E^bGvvj5Jrv4{HHHY~^B
zm<HH5VtH<#swT4nzKM&dsKtli8gp8KHm^LNJ9m(-35aE+lp!Gqdw>V7VVRpHs5H$t
z1l8VhczSPBYRylRjK0rWdf=_r9tf}<Raxied3O=eitdK{7u^;N&r9FWSbOy`Ed}4)
z=ick);}AA$D&(@XfM;hyJ09(^*%(gX$)v4o0ch`}<z<K=mO0vtZXb94Wf+^>9v>lE
zpYZ)<#KxO3)F)g2JA%ikwJ}qoSC!#+nU}G@u?@*(vJ&vH9LZP=j<(D1yQF2DAbrfc
z$oVK^GA-0TGh`=lBCEIlC(OzuWN2gdC(kj*{OgqKlvDO?*RkyxcC5VWZDuQIhY&>*
z6fXZKDaQNYi6&z_KDMcta#M#E%6WjC0^QTaYV&6gN1LAfeJUGpdNcBEkdU7(R?TK#
zwefASCYG(rjNVG^YqeKM^{y-~+FTqBXJ8TOxX=mdfJNzTWmLYU0c2@$pQ$!#!Oxaj
zkYoO@)@?F8)wOg$)|~zMb=?JqBX2<N${|Z@`cVA2eW?0Mb!#m~ez>L3Bj-efQav`-
z_7CvU=Gx@_eH#Mhg*(f}z%P+|AxFHqU#RPn5!P*@Ot(J6O71*T>0=Lbnsb<==2oLe
z3-r+43Ir1on4h!TAG{qs+6occ1$2HKGR1Kb{g}FvWvSa_Q*fJFuD;K`|2XD+_LvFi
zzMuBp$fmbzpGcc}DCGghLx(Yx%WOErY5~vGdpedHryi?mpHC$9Ugt;TpBl1!V*g-y
z&MwzHwV-WYip24(Z_B&259svj3v_NhPd#^Yu$<{$ckDnZy!7F9--HW%MBQIK5A%R;
z<0am0Tr{8C*MWC#)4WF<ey>wn;QP!Gu7Ez_x4A4Z<*d}Fvuf?zQX}}WCXVmIjPZSK
z9{kiY4RoyXe%pHQrsYHIMhQ{)*v0F485QWhOPc;TEHioNiR*qSD||oO2fr;%^FOtM
zYd^1?zTUS`z8*aUKJT*hs3#SA?iZ)QkDWcAH-0@I`zTl^d0*fc*vOY>6fpSy>kEwK
z55egVsqVif;rp8A|0>~kzwD3r;*X3S@RKtDRXyOT%pY6b7rHF~W+edsC4dk+@Hb~5
zNt;(vm?%zq;Jictoq7QMOCSSw5EEw*vwHxIdr*l)Ah&uT&q@&QOAtSHupkvaTzHW9
z3&x-HV3xLE>6KvFmtgr(Y<Blx<#Y^T_Yjfr5Y6-u?Y0nIDgrU}5JPi}e{dnD>Y?WD
zp_b{Ph@2sO|EOU7NmYcXWDKZ8zl9m4qwBSW>8yl#zl8Z>hihSn+EIl$bB2K(vBNkL
z!-a&x!qUUU`$DZaBNEjklHDUx;c#r*(BekJ)pjF9Zo^~XBI6~|+kOe*xl`4sQB9JD
zuc$GV4@6e>b2k=5)?m|?C3&^Lg?G6})d+?2288udMZ3a<4WEP$xko3HL}r_ZkFG?A
znTM5Nqx*fM4^t!|pW_&Yg|M9E2)q{#ypI_hiTP6;<L(e+{*TH+DAt!a)~7G_EG+g2
z8|UUE<|aJiB|Ty~O!OW-GUp`Pp)GonGya<t^*5<_*ott0+c?OK_*u!w`4zk-$*3hY
z>imSLrn1ORY=6v*gm$3>dQw_~_DGHJgdyfciqj}yTVm<A=n%Mg*fDT4N<=(zM))io
z`j=!pYexM130iPK>?$W`C@SaK3h%QzrbtH2GG}sVVX{1R9H21yK0TQQE%wYkWf?MA
zeJn<*J;i1=r3#x~Y&E&sJVnDJRlGe`2`70aJyjMbMcgA*1}9a2EagZt)tEZP#Dl7;
zjmDNbO;0K<a4bzXB1LpHSveyv@<%|{OX7ErX#V=7!nULt&d7oCB&M-wJ_}JI4{o0y
zOt>1<BwSS0Xi<6JGBI&7HAT1!A~K7mGI6DFE4iY|s54cdXzN#58Zt7QR<jx{GP}7F
z>nyTLUNcI#qRKt8#x-y&s55ILvIthQr%yBcG_sZ=vcV0RwP2Q<ChA0xM(Tz~PCNF0
zmQhvnnVap|?PG}-8vYCw@yw?YEEyTmk{RDEGSV~hc-u30Zj;tH(^M?dF5vPv;Zl}_
zW4F!ozm2B`bH$ySr@)Tqx4b4BTF@hS7JSDo2ntI6vWOuZFZf+qfQnmqTAum{m;c0B
zNKskvv!j3(w=ftdooTIr3^&%dD4%{j6)Q4T2q*RJrD$q7opm(=xgsy=M?CwF1TKxF
zx3N4P;)L9aT;GTshlqrRa$ewT=3++fP<ukPQtlvE_Rd(gK22_adkG#_!uDy-h()fI
zWeI>f$9g=|fV*riqSQ<?YrLJ!;;ppJJ-b@6bdoC>tl^pKCY`R6S$5f8zW$sGN-suy
zO`L*?VH%4l3Xe{wiJ3bo{?x$Md@Z;dEpYX~%F`%di_9<g%-=gHqRXsY6wZep$22;v
z<dROVrYW-ID(avqtm{Z^Sp!g3RyJ{0wZdbCW)z@w0LIUf8PJM2G66%Dsg!5=Q5w}}
z%jrF^3E9#<-36t3xH%mW<z>`a+m&ofQrQa?nPzV}SRUn$XJwj}Y*&`0cev#~9XZyx
zxosNdH@LK=|H_;#Gtaqe)jZ3-JZq{>vvlCgoz`kpm1@>kbLt|>IwH6c0EyVN!Pg$1
zv2E3w%-HT4=|L881(|6P7Ws(EC3!fNil<;fi}ott`~1AjbXNG}Fpu<d`1IPdBI3?U
zP3kJHvj+P20#A)57MTX9vqnU+Dv~u8!;Ji@$cCw+2Bgd;LC<FH;ObJ!XhJWH=uBLt
zPCx3`=HXv0I6O7mW-Z2@Eis;fd~?nA=SfR%v3jT8-Vx2|4sj9{p>CZqE>W#c>)x7p
zt$brGoj;<sD5K1>e5xE<B0+6hjctihA$T%vd_UUK@!B%8+Os>`eVE%)5h6l)+KYKQ
zO0_!5X}wbLI^tK_YtGwi@jC0G;_^WqhVC70Ssfi&on28K0IN<zs?L6%&H=5i!FB&;
zgf5Ad&WX;>sr9ZIp5PupmxOuO64<M2ISaUQE<7d!<iG~*ym#&4bszBf+G??Gf%4Wm
zyVpV8SL@v#v%u4=fJ3dGeXpLUte)=O#H2MZZJr*%+ipn29w_bJT-su(Gq21ay?g~d
z$k9DNKYHKJ%YR(-tc~}=WcNXL_2DA6!Fgw7RaO)^<z;AQWSm7KTmVt=`{=s*88-S0
zh580Ki$m3mIV!>vBPyUg1`w?Y2qyXjKL&(lJ3rjDgqizUz4KDq2MDqT(s1&yWPyyl
zLrk(msvkit_!&r2(SNMt<*kdUFMuMv!$R7_#<BrK+Tn0xLk~ZO74R$gCNflbN7S@O
zoV|NAK89g%l58i6dAW+ge}43uSq}&Ej)q?NX0=r$M-CEeSCCA^f8vdlQDw)y;~Mb<
zN4`Zuq>qtNdu8KCrA@RMg0exs#s`>NO7ZJ=!rFW|fezXJ{tn3tZ`h4p-p$_4bmvV}
z$)MCe5P2o&%B+z`v?)nw!lk}7oOq%kdV)PTpNXoc*4sBns-`M!e8X(=vZ8!tqq_BZ
ztdiG%9g*P2JO2I#?p7C`z4Z8++Z6uE_^h{I{YEP0coi)G<ja-L7#TB;*eoSeMLd?G
zP|;Y~k=Ak=Q(IZIR9-~SGo#?uh&kTyIZ;K+4G;xPK=BnI(>HhmX3%pQ1JLr_R`Uxr
zt5~EPhR3JR%fW@De5t~(GxOYy44;Knk;ybMO;Z-B4db&{Z~*ShS=seS8Mw)7ULT@}
z7BI`y4tM5@WzFj9!q_Y0udF&ro0{)d3x^X680Xn9k-1;8C0!9MdY82_z(s?}1x2Jq
zeVZk$iYc$mrGLOB@#>si_~jkxC3U$m%gZGUndR1qMQ58u-OXkB%Y`oLxmAs2OxoNa
z;IgM?_O!*4UQU^`&tec#R6@?8+vT#lcefVH!Xh3v6!$a{{q&UVnxECoee?wJW*V2=
ze6RM})5coqC+I6<P9ATqo_@MvbFEx%UG|ivC}tg)GxvzS(XzSTy_V|BwLb3Cgm<}C
z9<#m)Hs7e>+g$QlZ>iqsp<nxvvp&bS)-Jc{$Fsh<xluuY)i2jL>$5SOxoNKvB&N-s
zYZEL6T=Mc<^5iQw;9Jy}Sv}=l_TXDWLC6dS=BE3sd?TzoLmYpfTw0JF58vGR>WKP?
zS>>q4b@|-JVORnP?fCobM8xcD(=A64>^cBfNOX74;g`c~R<UzeNsxD#r*=&~cLH-3
zoh@@S<pQsGx96~?$09d&<<c%DHy1azdb1A><krb6*N7uFXFfqk^qXQHo2xpTb(a9Q
z)h%V)gEFM8LxMF3U~519x{2@MEX#p<?$NQ&f!@}UjPK?--$8%XkrV%x8S=tb%obP-
zdBeVYR_E#{8fUw4Z=X|r8&hkFkbfUmeg{K-5@~At`+mlL<<6sK`M0f;O6`4?+*Lf^
zJ(jDJFT*|h*k!w%ZAYZUEbwlz{3+>Hsh?blclBa)&R%`ZX^QVcJ@^Dlch%44tgU;`
z0_g&k|GW=*ub2UtO)wN{>$_;)NT_-E3n}dxf7VkspTP3+7fn8v&c=xMp^VJTcw>W8
z#oAvkZd9a&Mj9*t!2yTnjIPJ!?&b`O&lTzAOlQuOM#R?C*vvIU<EHM+Gjci-`iu$~
z03DZpDSzddaZ@CH{j56&U46W0JJ&%FAiQ}|+B!wd5WcHDiH|(B3z{mA0w+eS-@0n!
z_LjR7g#`5<UowqO@G7rgQr<&*gK`n>eG#@ovT<x*bi%sFQ@Vmgw*3-1$8<G^s;oPL
z&-~=_?kc}U=X2OHY~P1@KdR<E-ag-NVLbf(dUQj4GVJLAA*0jP{!@v2w5)x!?s*En
zy<al1c0qS!JA5?odp62@cCWptonPfou(1i1)g6{mTXM44ehR;Sis*R>lsWO;Mti0(
zjV^XRHh%W>d-aNYRqML55w|RAvC1?xM23CC5;rXEvGQ|yiR^ic-hK<4c-&lit=~2m
zgR$<VFs-+HZ)3EMGk(qZde21p=<f+q+&1;sGtCQ?DvvYB{9{@KPPLd(Fsr<NTbO=Z
z()+xGc&93R@6vm3yZ&td`fNdw>L&U)68Ja~c*;hx1YN&cry8z5ecT9q;i!HowW`hg
zeZIwgzM~Yc5g9|=B18DQLH@wRSN}=e7X**Q5X^a_-yeoduRECjZ@&|YfX^2iNAW;1
zkzAr<AWYFjI+a$ZCHPg*R5p{<W@*qv$xJ?%$L9(9P09Rkp-2p-n5VLZVyR3Hd&rxz
zrE;ZG*)Wek>Nkk0mo*y<i<{rP0oOZH$>!|D8cjCe>TD3O7{r>45!ToMKd*IxKG$!D
z=8FGq9|$D04O4e89F8L32>noZG#*c)R~z=$a5A0B;&TJTd}=tG&lSm~iTh}}SS|r{
zT0=iIU9H!2dK@PsQLIN}fXp2>Ct5G|dsqlW61ppvDo3Ckjxeycr}No-wc3cUj+g7z
zdYa*4<oda7yz%5QUmoG7XUqAI%CKo&U+=g3%Ots6J-^Y_Pm6ch8-Z_7WcGqk2%<NF
z-_eZig<$bMCR(a{=aKyDBJZo|5jhU*i$3`mraQ01(d$J~75*@bp{ps^i(%?*#P<I{
z!JZc0x_hIQz;`>486ot5zK|deBAb&45fr`Sgd;L`l%mWEzLTOZDt45n1q?O_{cu2F
zlw$0GW|d{;bF7!ep8mrs_h(tTQI37v`JM`As1s}>%X2-*st{Lmz$zo~4*j4Y1V!%r
zR|Fv@et7+8q4A#tksO0OCuK^LqBLXkA0=517l$c&;_qzA|9DX4NW399U4Dzo;DxhA
z2(v!^)le&OQPr{<dQ_ciF?Lqg^J{i05BQ7At|I57s8V6<f$O?z#1-<SVNq1#x|YYQ
zlFX~$dg$6Stt^MQ=-NA((yPiys<!O7XyT^hwjScfuIn`4qUCkXCZ%o`qk~EBM)uaK
zp{#b-O74#$-mI^*&cePJtU}MO--O7Zz865*!bu)X03%r9Q(et&94~>{esFzK(x~gL
zW~%XT+VJsACHxy)nyI}7ze>H+w8_Phy%M;({pdfFj*}1@Ob(r*gjg<%vMgI%i)^=H
zE?vO((3@p-<CEPMgBFa}VUa9(i;*v*ulk;!8A%p-01tbobrbcH`<4H>EvI4EHA9PC
z<0r$qQKuY5w($Uh#D{%yT{W}y$R!*7QWg=i=TQN17S4Sb<8;?aej2!Iam*!G({e12
z5X&Xj<H*x$Su5<*WfkkbqkqH>R#m<A>*&*VJLwbqCEygiX=@g;jrSU@BdmMfdw=C~
zJy@oe?RgGxOS<J26Fx7xa)A9Bu=_`pb2bCupYWcWHWT=qTgT#Ky&og*@qP9Jd%J!b
z9sBuxy;tRo^OF3!Mk4cuMf~*-%&x`(a*(y3BURT*=iuCdm<YfS#kNl`V}~h}b0@;r
z9pZQ8Lp7`oru?(}w~4Yh_NTo+jHo^$!h8?Rw_`t!Vq#>MbP>W9Qh)Znt#A6~1;ibH
z!x=twQIX&VNL>{oM4<~2g_8S!A;qav4U%9qr;9OET7>+A{(-LLF3OVV5N?7_ikp@`
z%+@j^4h>y|{x~lJ&1@a!R!mCxm_8!-8Bb>YXCJQsPLvdLHYV&(F)@g0gv@3(K_~ct
zlpIIu+~+pV7Tp*vVRTTA=2t?7Gl&=`gN*-bHn~LfkXj{!O(0e@K0n$BO)q^IGIB1-
zAo`GsRBTM@DKV|*!GviVY%HbLeUk)*PC^pLCC)~HmNu&W-^nCK4y`<&xm<PhO|^Ye
z*)=I^J6eZUBv4cq`7Y%+o1B|jUEWpNNq}Mv9;TB-))R6*_i^yJG~9!6r)^$d#*jFs
zsRC!G3&v;X1IG;cOfHn9sbF^kGtD}Tk?CkIPl-1Hg8q*}zB;ol^Q$>OUklptAzAUW
zXoaLwN2$-<y%!b|n&7^<pf@7=AB5`YHbPvSobhWDp6`_+A)2%f{R`!kV^qJ)JRo8d
zm5rc-bm0O<TFVG)4H5BA;keRUHbd-PME5P%2jMv~)a?TtwJM|+GndesAIj}E(b$Gg
z`ZE(v4TYmLgq<kBP0v8fS`{8DeI<_OAqZ7RPo3X}5$p^@U|E+J(CXA2$7+EpdwE)k
z;=f&ZHTO)ka5<ADrA_v=W|#P?;+XYqNtvXm7<3B6drOOgv$eTl_GYm3rA*a-uT|;z
zYOC*8b_M%OlY}az=^v6h96?HbSBveQCRI*JFssA)CH3Jy=#0HG)h@)BJA*@NoCyY4
zZ}_nqkDIMMp^8`caGM)v9^lOF8rEr-I9g${E`7K-wYJXOnjbG~ZS_D}kgcjsO?(wr
zNOW4eFw1>Nq3{mtUbFkLqU{_*8*T)&Te+!j9dQ;l@~wc~pGvL;2cI`Hq91BYVjM#W
zC3OF}p$o>%3k9M*QS$EB8xcOMceBmv!}!3e{$!6gKyyZzjjv*F^tBHvic#+=p3rY%
z(Wra~xe02{Hp!I49+}gg)87f{{-sqhz$Shly;#+Z=ckdT<w|3-+@wV}kO6WXzK`m<
zFcq)K$oFMK&&N7H{)3e{0}*Xr`;xuS!@)fr=jvRn)^IEax|s<bekftfv6yJ$%8?`~
z{`CkY(a-cRGhV#8SS9BSR!KAYcVuD3eUW6}D0ej6hI0*9wUzGt%KUKfBdfrm6r%>Z
zb(OA5LjurRvO_b*D!7FLNNG*k|7)$Fro5RCPue03C4U9FRnCj=N+&IA<4*d|xaFj{
zCb$8w8)UtYZJ{ISO3Sv@1fyqmC`D@ethM^}^xXXSi8?9WGigejravG?n{|(6=_U3E
z$m-DxA9c{58lYi4{vnrrcCm2;<MG$eM#e1+H)cP$ge9$ASp#olb9QjkYh+B>*G+lR
zg(7zn3fVr_ZWa`g%?Y%Tx-%V5Jb{aQ?uYVlwgX`tLN;5q^W^RxhHjh@DVSshfGy<%
zQCCp)+DKZjWYe&GB6htPTP$h>f4@%#$#xfR#crrjQL2yG-<v1Xhq^Uz;{e<TSXN&c
zI6JR5Zupjudr99UJhvON3w^0ub*@B<@IE6peA%vI@odV~fOULY%n@kk25~&#C9{%a
zb>Z&_CyO$w10Ftlrx{P4*M^^Gt!5@2J;P>NAf`*kPv&*?DCXHU%w7bBF3WGSFQ(Mk
z#UEneTS`o=57n=6O|g&N<}V5}qULAjs=9K<n!n@Fn5Jp(09PZ#xA|rMt^$Gj5s^IK
zE5)?-o3fhA$2hO$n2q<sRFVv(w&wRA+@y6|<21)f{BIqMXGyHkyuDBW8fc#GZ(95a
z%H41q-AEJNQm5V0P<fI2C=R3oXiz|GkscH$=CR(MHxZ#*PvEa2qMHUB)B(WRUd?Hx
z5Y|D@=e>~5t-#NT*66!>k}9s8nf#ut&U3FU;C%IO+KM7B00nDrRU(+C-|IJwb7$yk
zE%HGxBR<8D6+ZDo2@@Kk3s<8caU+rO0HJ8(Z?b_AgXXyYcJv<={rCO6&>{wJy_|?y
zx}CKAW1K=x1MGi9g9Akbc-i@k2l=cACAuQ`l|@sz2Bql+Wts*jB?qO@@gyHaC7{K`
zlSSpb(qsn*mHrGVKM-$bQ7Q7~{|z2eNFK_;6H_}#wS#K4A`wzK5L12_a#<DCI>7V+
z<nLq+8AT5nBM#jB<{akf)KKcYMiWPH;zn2>%FYyeFv1{A>{F2*_*~`0ycp8`Xs+Qw
zPC_8FKqOH^@3mkR|F&OCkB2|dH*nnE%UL18AUf=W&S|R6s|KztcRC<6qUF>=?-Rl8
z85?B~wyIhEA%TxrtK~8Jh&Q5VjHK}1O*vO=4q$gaYXQACG0Jq7c#a(N)UD(45-ZWS
zlXlbK)lnHq^*IrySo1f|NzheQayO2pSMg9s(`~gkYzhe;_VGk&NO51J)oP}f7k2h?
zRn(2s6Yr1kZZvM8bvCk&h*^@>vGNGMHB91>DYlC{DDz=#2+eBI%>_x`b624%0Y8d>
ztE_Z{*1)@lo`F54w+y<jY=J2Yq2W8)#sd&=L1x~IdC0S>X+fy5Nm6BSRJ~(d)3BqM
zHa|azJdn3?o3${}n*}bodXa@`KdE;LS`JaUE|rc6yinQer93&SJiZh?0uwCvBXM%k
zy7x3_@~d(Zf|VXFxO=s@p@O%oGI*k8w5#gRNU9gtn3BYPrT8tL%mk;*+kg-TYaf2`
zXy4f|KH|jr1U2?MDAbu~nU(R`33PQ<6RHftiUtj9j$#yZfBc(1FPwhkQFsQ75_wMq
zcz4ugwUxYcgYYFMx~RTElTLX{oqKh6EA>Jm<ig6zouSbtX=cq=R?mINZGY4*Aj(4}
z&m>(;AfitqOwN?a{$2ML{L+-$s`_i<EGo^)S<Nf&^*-%&K0dBQlTKR`BwKSrCUYIl
zw`4GJXRL5BC-fLKjTQxL<pn)!E4)VuU3Y<r$~F4Xjq9DM322*zF1$gH1&aL*ie(Op
zWEj)K4?_v8Q?8yB&VQz2Wy=6`g-6beBy|0RJpK8C<E;ZTi&A5N#4Mj(8p?-ihKau<
zjSW0><t=@}70F{f!8GaC(!K>O;lvHCM#?=&je;o+w4w|AA^qOYv&MiSiw6wWKM}64
z;?Aeh%8%j?&=P8s3apE$s)$sILun>OA}u2Q?!m=0qWF6MwM~X%|1~fEC2keeRw<$G
ziIyQ3GE%K}P&J8Jw5UeXB%d*yB-mY0H8@mdAW^mULAS(E(;!z%XjHXF%Cc2iwlPto
zc~f;>OmawBb}U)0;!$%q$#7X*b_E}*C3>iN1JSf6hO8@>19O&xfTLdDSG<VDcLZmA
zLRNe?NBnfunRjRTZvW*LE-d`*%ZU_tO<4MtAxV{x5iYutgb}Y_wZdy55$~=JOMv&6
zJexcCcTSQ<L7PT)zJ{^KZ{3)cyb}0GomIwm_4??J3$k*>Om6idCMV|dFa5<5wv`IG
zpD6@u`cgEB?ix84cs|zM5REhlp1C!LWAKxm<%89k3-h0a3zYK<|9#u#HA&F$N&yiF
z(`A|JtGkg<wSeE(dcMOK$Z<k+X<Ayx`%6p4%gy!466BxCuXza#%kiBh<5Kx-ylN|!
z_ko@eCuYCNvY1SaxGb{JD}iY~6{*Bl7s!zS^bzW`8-3=haqg?RK63Ahy_?3pFpv4Q
z<g>uTzZ*l7Ug)!YI!wqhy(jNFaG!s7jqr9<lq0@x_*TW6(zUpG=_FFEP3^09h$_Az
zDC9!UJtryNUdp`7D&E*A-22qLW^Y`F^v#BV#!{vjh7>BBw;vT(7(I%{c{@C5msVnG
zd2$%P)6cGp)g|6dY{=@*S^xXVwuP~%vzO9~LNL3#ID_%HxM3p)8@z?gkK>0g!Zh~J
zl!V8ah72`#_(D$m=euqzod&kHCUeXjQjuQgADv}D-(qLqjf&pO#V*BW9dVApYw!li
z6F%;THlgw+c`4!&J$Tf@h(cI+*XmJ(0H8#Ork|t2Qq`f{n8OdkA#Nt<k_L9tM^6$D
ztkZeZuUQL|JF{eNV7HO)!}Uv%WsOy5W^h04@TG3y{4n^{-Aol)YCWK;ME}E8V?a;~
z^loBIp^HRmyD7+EAe76cCB_~njV5upFBhwu{Zm_tV)rwJe3?Kn=nuy^3oD%svxMz|
z>eAo`J^P_|o3SOY_2q%q(Sf#aq(b-BhyJ0S>!JSeHtxSBU1SVxaZ?@DBYt@t8up`f
z)FX44Ba2WZN#7$k%_D31Bb(44y4|Mz`A7DtM-ILwhN`W0q3E`%W;Ro%cH(A9Kabrh
zjy*~V)P2o(!5YWjrpNNG$6oB(o-pPfrKVO-X8kkAL0iYjSI2=cKLU_X!eC4TO;5a~
z%!6CZU3E?(C@{j0%)?Z5B9_dHJ5Ca6P9iV{E~QW>@YtLmPhwpyg1?_qZ=rDIh$gn2
zCdP{CQXHnhET=x5rZKFft8z9QacZXS6`D$9tDa>|ohH>R9{e_;PCaAIJWx~}%p11M
zca`-bY#A-$mCil*BWGEvd)5FWlA|l}f_hlTuvF!0Rn4zdlY82PeArQQW<hq|#cnky
zaxPtZD1>>~?0QryinQU3@#{QW@VrjN6k{N94NNQ=?PcBOYvs&(ya~kyxag=b<?OFM
zElg(t>xASU_9<o43yR7`u0wWZ`$Xo%AYahZA}^h<ibqCcj;0V0Em&zz{)<Tv(^Su}
z-po~``(c|ve>DxT9(Vm&kb9o8n0B-&+{(E?ZN0F0`8&SS_5w!w=bqtts<1*#{&&T6
z82IbUSQ|k$mhSb<uE(+4Q02AIYg^Z|K0>tVD~nDV)<+F#^iG4)Uj*+K8xS0Gj449n
z4jXR?GJ{ijPg#mk%XZ{8d1&Z2GXcP|e?&h}<`Adz4vuapQqSYX6OV_l4#s#24*GeQ
zuIgh5xd|`X7;-UTv(d`(5ieE?y>E#Dw;q4Se?S6eRdXeQw?uK*#AZL%b5Ayw)Ri&8
zbM5FiU%Euoax7cO_9mCvU){7+YWCAOe<o+`XKv>ZdWcHu9eabTCpLFsB}@*lZf5mu
ze_q4=I=<yh%f&v%D^_;!!tdsByFKz4Kk>M(3$aDTdf>#m!!&c?CVF6FCnTV}6CZ&k
zH9Jw%5V>2sdAZ$ys<nqCYJyao=y$wXHDZ?ga;7G#Wq`dO=X#VGv0ub-dGNmJo2%JZ
zz1OHc2HA>nd?lt6(6%<-!*~4dN*OzkwK3orpB(#redKhy^>?m|#zermhmD?F%OM(P
z{|>B#;dc#meMs|v2sGWp)^*Z!8(??4@3C3u+jh12YPEenUhr8e|MhIYE#L@-y>)JN
zbD5@e?J@I+d-mP_<B4+Wh2`#T*Ydiw%_(MiF4m4;ay_~C9QOP?j(V2UV(B6(5mMU}
zu<Rb_SKOUy(eZTt&Dy;v@Fg+sB`4FJitvoJVf=UHVeqtUY}#wgv|AADL60~$ny%Ft
zen-dFYioaI0LEJZ<y#@gTam<Dv6^SGTSk(br~Ze1uIUTMq=!GgaV3$*Hd=;ze}2vL
zTP^H+9oBn2<$FUKRc4+?YJ<loy+LH{n@r_d#<*wXdS)5Svb+03*T_3?*^8U`wFe9R
zDA%)9z%s?m3Z4C<6&I&-M78Q?G>*{wXc@8_g*Te2yP?&4_Ls-8GZuK5QFT2XQNZ_Y
zb~=UK%?sb=Renx7*sgXc?_H`mKFj~3DeXgE!%O=)F+Z<@QrG=mJl5Cqllhy^#801I
z4qv)&?lG>PTC6SF@V;%ZSt}zEtF=CBdcS=9%r?z@!Od2KwQp#{-UHiu-uFIC^+<Ru
z$NOqu6Oo=9+vHXiX}|c-^0s|Epe|bdIKIVr@kM+J<!o(0z`4CZqvD&_{q7HfM`O`G
zsUsc?LnT$rHm@fcj>2Vi+&HNx9gQOqNyN8kFzSMW`~@KyQA+@VVlkVmvbd+1%I0>v
zyEwh4oXHo^L$y(RD4#8sOrx<Gf2f#EXZ<FdBGpW>2>A2O{t|5Y*sD@)0I=M&#I#<l
zHD84Pe#T<4TuQesTz&pfv)SeTe0B+XuHEkShecqJeW}|W49B9iop8TiZ>PDHvaxz)
zIhx4ixTiaPH8!c!8FI|g#66#^Qk7^_v1z<mSponZr!r89{eu$)?)gtUIc~Q5gV2a<
zyEyOm$I-S*H|}~tGtFg6wYI?O{R@AQD4*(<3(bZ4>B8^Rt~Srt%MNp!v>H4gBe%z(
zT7|Ff&ySbq^Xut9cTTh!t%L#JamzIvf2hLbTAk!z5n46~aqa}8a=+xeOo}zFI}%Ww
z5Qh^*Vv|IWW~vuTOafuiLSQ>yNTS(qVYdT+&0!K+gNsTyv^24EIksXsP*(_*Xs1qy
z5+!Id$dY8ZSILqUAj=J-m^D2PJt-k62~zo7Eiyt;9m>fgjWabUGR-P8D6**JT1e9L
z#<`A76eut$Q&r|F&=TBmaLDsrVYtilLr^`-3j*a{OLM)r->BrQ5`!s=Q`XQ?ATumG
zPD{VFyjB$FN8-{{6lLQ6N`cVqpaDdXh*JYn&o}|GKL1?^3fuQO05w3|j&lEc_;d3L
zeBz%d4P!K&bd8hT?{rPG(meFdi<(&%#zVOs)h(Nj@71jsCGZ4M3m$A+b*Ec{Ryt=L
z2<V;N<9Lj~`!%gv-Ck}E0*mW6Ev2>{czh;s9~7Q8Q$H-N_FUU68$7!8m$WQH_p_!p
z^DvfGHuDIcS5<m<9X#7_i{r?aMGK7(m$kt~@{hZI<^kTu3ATCfMk%B;kX>xUEX+a7
zNsG4Dh?t*u)2tLJuxU>23*&Bpw2Z?=lUtSZ!G+VxhILuXYm;q7FRr|CG<`_C+4G<}
z)Wt=<bMnuI9f*Kq(`g=-t;Z~7qiBY#kuPV(0D+KmHwaJnWyx6L5)EYLmFDW<`6cJP
znX+!fb(Ch6%XR#f05Vwp8P(D-ew_Mre;U)s%M}>b8T)cxKfvF4K}G{M9IOJhb6w}W
zZ}HspAP^C4F&x!+r8Uv&z28l;et|#kTK5^q?$luXKL0DjJ;0}aEIqy#E-nH7hr=Yl
z?pH_|BK~(ahcDmf8xWDeXOHid#mVJY4FA{Z^H<LoBzE@WX|2yakNziWc<*<b8|H1=
z-|rAqLf;ha12L<9^TWXj-7wb$AwB$t6OinIwXO5S;w6UpSKf~vC>KP&paW+_C5$s?
zA1Xt-i=ffkPtXt_#(z;zuAM&6vsf3-{)YrLj*|)>Il)H2o8)H!)esfDM7SKjCTe53
zD7~XYRG0zDxI72lSq`GN5-%ynZ29mX+`&jIuYD6tGxqx`<WSuU62j~95#FP7U*&Nr
zg2VJosKtMNR=i|*zbZ!W+QIelMR+=Arfhg~DYA(PbUHK2!=#e(v2k7>#grly5=^PL
zY=*KLI7%%I%@v6f<uc@_`W`G2(p6*-_L6EV$)MnayVRlGNHfQvI9=S}^rAi_F>%(3
z1m__FZJ}RGXw;Kp{Z$F*ngldj)F6$ThUC)O19mMbP%1_!tvhpB(o6-qbEOi`^q+Bh
z6etMyDW~*D<72+_RdgSc!<;AW304Uxa-TP}WEc#SVM!^Fpk-qLz?o{i?NvNH*2$2}
z;z&5xf+B`6xTqU3fr+{BUmS99@zjU8P+<gKGD9ON4f!vb3a-fv%!y1+19J{yc$vkF
z&=juE3XTZ48CUdVu<B8C6ibBXg8Ld;-q}Kel4JW+TbF1C5Rpo?wqwCV(IrPT;Y<zT
zZMuZXrSiD=Oy#s)rFp8d!gkY=xB6|Wm?Wj*l9x*N7d(}sXJghcB(qcXj7(oC^g8~>
zfAnIGGAXgn^~95MMl$fSRk;hfkQr5sT$ze-@Mw*xpVoh3R#!(%Q`3lD&Q1SSuEq{K
zH>VL?S`oZ!2L8ots`IfjrsY}RU}tUp^I0t$wLdJS$RZqnfkPP=HD-tFk~ofJO&P|m
z>OGfK{$6|~5QVEYqMBCaw0Whz3#nUzdDv+XVkQ7OTdG(~$us2}*8y<r-Y2$pJOFDw
zQ!*89<=uL~yNk5`_ithXES2oRpFgTS6=#tGi>o_gE+qKg^;a>KB+ydBRlPuSGh41L
zc`@`13J7}((k(?zHa4<0=LX1m>O%~^6~SCyyEss-!+k1K_BhM=-vy>*{L#r^f6Z@Q
zaX)r_Hrr_oMe5X&;B;RN*?El6>OGG?1H=jM{OUip&Q;sHA1<$zj-w9AjZ#Lz820}2
zAAcZWX<0K4m{rvW(75!NwQyINj9Kvv=2Bn!3qI|0-zU~kS)cl7uj(RSt=BN8S6ZXx
zn4|T)*Ckq&iRoaPa(~!pY?*4dvV$LDL=yM8djO1(HZ*E33y0M6@U53fPKwotOG@Wy
zz$UPvmD{YByvF-{{kqM6C6>pkX$hlJ{PMAWNJdSs?5$JdlQFZX+H~M1W#JnBQB;)o
zWT)#vw0fAmP3W`wpB9hK{E?k6D2j{*<!o%u_qjbs_0qA7c7sfw!oI1R93g6b>oYb3
z<1~9CD>f<mp+&Z9xB4cSHCqaPh$4;_{y50(XdB$!HpI%$E?yD2!)2K~7$EC_L*I3P
zB+x#VHhSc<`6q>^+E`zY%RV4(g95v!eb_11N!j7U*WcOW4B2X>ABI4f%}sCoU(G`?
zD}ga>89FB$wS4}#;~7cq{gg}1W7U3FLKYqON`<eKiY_ohM!;)+KG#0Pm+#Cr4}2mb
z#eVDP<a6#?%hLixey)t-yD|>gpG}B;>H`383ZeI>vt`Vr_?MlH8Q*{2`aX}z5GEWT
ze-y#hdJH&qN8Jy96wxTW&PEYNror;%u-Cp#HFk&QN$}-JE4;0O2t&%kKGRfd-<R%l
z18PS;(<~L<cM*F0T4B2%J!?NUS@nW@B)}<=3f|~KJvMXKled7c!Xu|IrkMx{m;n^<
zZB)<4fk4med>r@@(DQlW*Ym!Q^7UGlN4{D1G*4XnNhkO9_M2OfSCUBPW!ubn8;mph
zNl%n4IC8a`2gxvYPp}j4Q~%2a4gx;ETP5HAF?&E#|A_B5Tn9W<=#CzkQy=n84BGQ|
zz~A2pnuFirM;NG6t#C$|Rn!Y?pv8TLAuRJR?RTcice1m8|KJ{mqX^acF5dAfk@!8!
zg??WDr?PMQ&QD<}c*p{m_#b7)#E^m#2*R@nYl$VR`pm0KhAQc-I!oBOyXMWR(kaS#
zxx@@51^B6h$gT#FFZy70;sClIGWdA>_`T>b>c9A5I=Kqarc!D)mC}TEoi%Wh`mi*Z
zzmxWhp;Hw6^o$+&NFanE%KRHC6TVPoAKX%sZjnM9{<<a>k7=CngE_*m+hyI}__ydm
zzNmMBRQ#S%K>>qnD&CV}@FNL6Oc7G9DiS;?OGG-IrzpXlz9aSym_l(XVep5_M*%P2
zo*tD3F+T~9PKJ(bp}JT^s!I{Mq9F&eGMnn69%7+B`ra>g1GHh4x;|2F+``Js@14|p
zH5JR8XCdgidzmJN0eqyX`oskPhA6jIrJ@aKx`~+~_eK7Y*<7yU?dglf8)8#Pvakn>
z!3Wca4u*asWxOhsd^5y7+7n?Rlg=d*g&$#AD`?v(0RJ$~!Izf3Kw>-l&R<B{K(MPs
zt)(osr?9rqpR)*{C*kGR`df-6Fu9govFOQ1&ZVoyUtm~GKhG|0q9RVNR8DHtM9Md{
z&oi~}olvB9R@8xGs19F3$}KJcLz1XmAlot(u|VcbU@Ue7{w<ziC=;_FiMt<`Q4nFE
zF788y3pQjr%8+_9Y0W4$2sJJ_HL=h!*6%kk%3ZOnFAzC1q=)&9s9P#^Sz;=mY9f9V
zu7OLBSrjx@P<g5^&QfH@X{2okLu8n!x^aNUvP%|OLMngAQG@HpY#@-6(m<f1I8LfX
zZcux9q(G4&czE=eKg8kA6o<czUD%L&532jZ=&7khz>p-$+|arkPRKS<cBMp2P*ds(
z)yT9|{|?nlo=k+Z)Kr{IYR*h7@W5MoNqXuSQ5aX3kb*_Z6wlC9)cK%-3hk|_*b4cl
zY$#>)L}}crDHlwcd}4`XVTsFGX^3V~r%t)*FsVA&kSZ*&oX68VOw%ZQX<5ya+&-0x
zJeNw@o_yD#Op6;vo7-F~n$pXjSQz;PTh-KuqBP$H*L=#L!~@#|Y%Z0%XG}sGPhp|Q
zZHkjwC@fwazm<>MQRY>t>PrzE5Sbg;Q7qa^5exI3Xqf2tkr==Nqw+IT$&|eIwzzS2
zO;b}%jgMSC0ZWCQob2c{M_Q#GNUg}N!6&Q|31gXKTJAffrZifvHD~U|J`|Hm{Wo4p
zLHVzh@T|D0vLn7frY}u-Xk~dUO+{*DMJ`RHuVpDixnw+b$=l$W2`Q?@u?EXn{U%M#
zQDw~)P3==<E!YyUSUzyL4ZxJVt*(ThB>{KWSEes12VtIjidHtkpEo`I5^TX~(j{)R
zwQ6((RJ2*P9Emn7(zeF}Vo<HxI-*-$X*+AIF!-!G<ipxiX@OI;@P$@gOX8hZfX+LB
zpubi3TrhBnwhy_=El^$-=0f(xst0V)&2IgzAJA_a+BbLpJVrD;mp5!mH)2~g;z~Cx
zY}toATr7XlFHAR%No5AFmtI;W25~W{dU3`@vlemDlv*{mhBE-aoz`Irx}%+-shUWn
zos=(_jHOfFsT#Yg>U^q_ncUH_t)$O6^4t4O7dklIVJ!k}(~Eq0gi)PIL8CuY=}kwh
zd33<$Tdt39Q%rL?Xjo8wM>YQhj+=ifw@gG26FQ>dFU6}NE@PnHu{=#cW>_KtESbg+
z9?`kZ98^nF&57f!l+yntEaX+aB1trn&oogiG*|9FF{-=VCka`nsfyhS_LwrHQY`j2
zR2PgOreQdjx~y((uAv>?TLg#h4%><?T>1=C`an`!NK^YZm@yY-`Z&@sAJvE$+jKf!
z4zOJP=3-E$BbPrbsv0&rDy$}RWmshw=hQ87)wPT4nCI%CQWU*<xY8uCH9rb8c{-vF
z;V&bXH><{lIeFVZfw4Y)S~zW?Wc_hPS8A-6dw@@KE!KA|oLja@5_V@xb4^nRfxwtt
zW0nkKzk^wEty*EnbiE74489+x4PG<O+&WsVq*8h!%X6#=uek|p*q6sGk?*J|6kk=O
zFjHwb&04Be=)lc$ObaKmjLKznU6atrJb6>Bc~7JY&7?;wvqPmF{tUHMJh1DIH6u$Y
z+sLKV1#1|Io8B;FTELWxBbOQrQ~0V@8<Ol_L)I8*9)5SD{%*t+h)eAcSvvkCj+jbu
zlUYEMNMV^l5p8pee}8=G3JvRa4qIjgH=prPS+d$;{@!g=<$y!pc=K|US&v~BzGUQC
zUE(l~i-dMe9(VUkhK2cG8Rf{eDl#+Bx%OJL{->ft*I9Y|!!<TSP42BpyeYKj8#yE_
zl>s}o-`(9!;R@K7(84cNz2HZM;jjUtooO4Q;~TysENP9ubM_ty{sX@xsh!=2<6<bG
z;m>^vF2;IfB}OtU$B3zGjTX`rF-n@&lOzo0DDaJre<RKI_qV{`bTajHW#{0fVEU1Q
zI84)>P%_r6WMNXK-0FIvIAdC5#-cF?bIis>MQR9;?cG}0#auleRGkQ~{nEe2bPC6|
zT<VV)d!4G&Mhwe@K5EaLo9r!WuCG&sB0S}}CKXFHq)zJkh*ch_tODUX%?O(u`8yhp
zeA*F~ZqvrU>NE=am9kQo#x!ANr8KH$&8l{6YI&94imIf{tg6^^Xrma3A!#+snl)?L
zw2seaz+k5~!gFG3tCmR{HoG0R_iQD`nq_GRy&`;VGk^}tlg_=qy2!cSd$XaNp1ugJ
zfq<)lo6g=9TNOi#3FXrnn`^x=yP3q(34v?9;gd-m`>w?kz?I$7>nSGS2@u(0mE^jX
z!Cq3zZUb-~u4galZm}I`Ic8%sd55mhj<QGLaKLJHAmVVOY;|PhaN=ln65w!_XmwWL
za1m+M{d)R45j9}Q;pX<-M<65U`796ZhPmA0vHk?|cY}?5mM4?uxM%miZrSkXXldY(
zkAD{Y2=cw=@Oy6c`{MA2ZSzOr48Up&AmR+9Yzt)M4B}`D65tG$XbV>03{h(f(c=sS
z%e)AdKclQYcbL0no;~v;_J*gu@IpXDl)Z$TaYnVaMfGq-kF-TkbH*&U#caEWNPKtq
zY@3W3r#$0`fD(*A@n=PP<^2f(vD22w$d$y=o+QAPEWs5;iXC|Bmhv?aYQ!3ckXyTP
zATT<>|FbtD?j-@LmpA^EX>7n3(C*v#npVq|-RhCu)1JM|m9yQRb^Mxr-kx*Mm3z&V
z|Ll?f)t-;VT|m^4NBNdd+fl&EUC78?%;8xq&{3?$U82`fWcF5U)luTaU24Z&{>%k2
zt|x0wC!^k8LD|lG;_hzeQT)P*1^LR0-y4C}EBh0IKe^p+Su_wdDDct|a{mUdC4%sW
z;t9p;te0tTVB~4!=xoG$DOVD$Xr&I!eX9-1Yog>z?Su+DCU)y|3;%-3Ao5Q)6RRP8
ztwHNd0eA&adet>{c9y*-LwR*wy8#7wx{o`%uf0N`c3iO!3UMo&-@Q^7lbRbneL6d2
zcUpNMUfZSzAbxwK=e2b)z5r!jhQ8c}MP6j9y!`EWd&0U#<9Np;-bH1-7*TjzI<Z@=
zyi)aA`$5occtdGLToB=0iBJ%bqfkSgTy@7>a#ioL<sKs-=vi1kAez?*O6Tl=$2_Qg
z7NN6__46A(u!9j;G#||S(y^$=w~PXuLGxM;<Le6YDGPfm%LA^Jf%(?GI@XIm*K2(?
zTKP7Xfg5(*efMG&S$1fZUDeb>6}8+Z7w!|RT?1%>321_)<~&39Ze5go^C+DMGW-W>
z-OFBG`;DDI+RsBQzGJVh!`9AYqwd-;{sS}cK^piliTAv<`~3NRTm*U?t!X^$R!IFF
zRO>bY;tikw5cu8eO3U9)6q0V|I|SfAaqGUL6j-$a9~AkXDDl^lcHSfS_yK(9NPSlE
zz8<ao?qEO9!+Kug{5nSldfwmp#6wz+`6|D4w~+FJF1x2%#^S!9)RNn$XnoZVc+cDf
z?qvi7Ki=JTdV2$5evyz-*%t_gA>;9Duh{SPMWUdw@P>mEjD!O*IV_XmP)Yw!0O&Fo
z&BcNyGj>$Dl4VPmFJZ=%Ig@5hn>TUh)VcHJfq3}b0TmjQC;|XJ@c|erRH-|o41Wd%
z06;2Lpilo@jduWFJEI@Lh7~)OY+18s(WX_qmTg<NUE#KiJ6CR9x_9m7g^TZi+<)@+
z4cJFu9)N#F3H$?4_%FnR@-8YQNl>0a$OSJ;K1niTWy&HcFU*XR^a0PNMLVo4aJ5I#
zuQ!9<d^+>!$($RrR=rzy@7%vz2j>lZxNzUbi61Y%TzT{4&yh!G4t=_G=hmrTufAP-
z_w2xZ%AGnMfZeb0+LfoP9&7ld>cz7+EKe?itwF!K)xV#A{(t}f_aka40SO$?zyc8j
zYAc`w5^R8Z2ouOK!U!;|B(NMqNivZP`bZ-WBf^lQuw?VlwGVMK(WMYK64A95RV0x_
z6nU!A#v5_WQO6y5>~Y1Y$eU`Y^WF<mNT)1BD#4;G)QT&wjsj51DXFZ|N`mmpQm-ww
zoQp5N{s|0104Q7xLdJYd3CD=iY|}9};fzzxIq9r(NB6j_?<n-TY>&@8@xiLT`vQ&f
z%0m%NRM7*LJkZfbmt4@D2FFxv9(NX-iZBavobk?(?CccOP)RM-)KgL2=>P;+ZPis*
zk9t+sR+F4{)+U`=5Xwb)?bX+}01dWFVZX%ZufYKRXbm66D%+I1@34#ZS!una7TRgC
ztv1_hwe6PMZ><e?TXDT57u<2tEjL}@jBMB4cc+pN-XQ-Pl+i+e%~#)j34-*|fBkhw
z(gryd2+dRxPFUfE8E)9&hi!DStNi$_*y1aP%~)72i-p+Zk3kMu<dI3n(O&!vy;$Xy
z`3o4}ml2c{=9yitndX~q&Kc*Ob?%wxpM4G*=%Ix!n&_jAP8#W@m0r@mCn;uG>Z#Gv
z*y@e<>MKxNx$fHQufYym?6Ju%+w8N^PFwA@*>2nIx8aUk?z!nUTkEG$rdsd4#cCR7
zNsXFU@WBZ$-0;H@Ph9cE8E@S2$03hg^2z=wuiWy>F^3m$U8CmPbE&Tmo!Gm}bEh5C
zQ9oVv)LCEM_10m3UG~^%pWXJ_alc*n+<D*K_uhg3UHIUMAKv)lkw0Gf<e6XI`R1X2
ze)(eY#`p8<S@t_;z^Q5n9(YXuK78=KCtv*X$4?*q_0MnL{P)#&KYsYxr(gd1=g%Mi
z{qOJJ{{QvozW@S|e*_d@0SA~s1TOG^4K&~b73jbSLXd$JlwbuXm_ZC~@O+ztTFS5&
z!hMO3gd8KC^rDwS6s}N(Eo9*fT^K_c&QOLmq~Q&1n8W8$k5HWx;SYPIJ(_V39^Nxz
z5s`RAB_@%HOLSrrq4-28Mv;nBwEkihv3Nx-W|50q^kNsm_(d^>k&I(BV;RwSMm469
zjcasc8{6o?iGdJ^bxc$V@n{$7l@5n})Zrif7)U@4Qjmot<RJ~2NJO%ZhxhWK9U)mI
zA=Zq08ob~oEtpA5YLbJT#N;MH*~w6TQk116<taUx%2BG)l&nPMDitWlT}6_XR?6co
z_ozr+E^?Q><mE4Y8BAafQ<#2iWZr6-OeswgW<-4BGvNqLX-1Qp)3jzav3X5xW|N!S
z^kz4~sYY2oQkmss%Pp~HLOm6enC)ceJKY&ic+OLv_59s2t!GYswuPAit7I!-2~dH)
za-gm>Xg~>?(1R8fp$k=L{zD<kP>DWtedDC#J~3JrbmB3WE!2lQJ{nSxj#Q*29VtCg
zYEPA>l%*?mX-n^Uw;o<JqcsIfKLO@UIO+o)JoRZ$f%;RS29>DaG-^1JdQ_z*m8na0
zYEz;5RBKw)rd1uwM$_q~6Ee@F`ta&V31AO<5Fo5%?J7x6`ck#RbggY=>s#F#Lwu6c
zsu{&8r2hFypMtcfrn3h;#7b7d4%Qxg4QXHZI#Gu%Hlh@DEMpbhSjawBvXzbOWhq-x
zuH@>2b@l9%uo}9K9`CIBu!lYd+Yi;Mb^wGeZCc?P+qlY>wzIV@TjxsC&+7B8kJ9NE
zhx*gO5}+R+xyL>J`r(hV5`d_|jp}oy3SH?&m%7unZgsJnRI2W_s-exQTt*AL*Dja1
zK9R?H<Drk_mbD!Oc<o1*XCy%e$#mqoZR(7~I`SNEzxS=}fBjp}+;X?7y^Yjnjbh2e
zE?6J!CF=kVP!9qe7sCCJa9QEuUc_z~z88d7WsL;B{brWL@G75uH%J~5PnN}&U9pQ>
zjM*69Z@UD}sCPxX)!~hIun?B;api&B3k&viuQlGhaM-T;j_1DfLS27{2ju_*n95UL
z<bZ8#SEdaS!2m#GaNRrH0o-HALALN<+w0t)dND{x98Wk^oLy)JDT(8GW}L5^XF2Pc
z&wKV}jkEr&PaJ18yuT~$aO*Ju_3|UR{!ni{luK576dA21{hgFm$Hyh37{5$T&s0|D
zu1tIS$#&-Sr>9bCP^-E;cJ8#Rb$99~vwGC2rf;ZSP3qU(`qfm?b$+WHY%9wa%Yo+Y
zmMPig4DOZL!|jK9{o!b@>I2frC6i#8&EW{Dc!2IoAH2xtF7b_6#P2d6w^8loaJOsR
z?J6LO{Ri)Po$tfz6Zg5<jj4OXnBOw)_lx}<@B;$c*vcHV)e6nKLkqSa#|_JIp?z%v
zq`A^)^_{F`SMN=WTHo^BIIERh>+W@2(;PQ3?Jx~HC?gr<z}~pa({10A3!CP{c4@H-
zuKr8|ALzGSRC9&}JLUtdcC`Z-K(r-3@#YqlizAj|o8duc?>QaM>1N`Hr5<%VBa!NF
zHe%Ja?)9*jCyHQqBA&axb*oQZ?NDF)*p&!&FZ;RAb*KB?(@5}~)AHb0OZe{2D&~7U
z9OBj{vU@8o(u?a_<*+8X$Y~vU$fvv4l|P-7F@0)`OCII0);y_K4tmFjKGnERdCgI8
zb9mx>@3h=`%#@A6Y#$cr1Q0sWS$lMUBz^XV-S(UHr{Z-_rQM+Z9=yl??X9DG?D!`B
z#_9cL=bL+e$gjSqn;$-O3;*%QcQV_be_~MsocuF3|G&>KaQf-J^>*xg#{Q1G{)Iny
z@WwsvJtBU1Blm9erZ2hYMQ_zE&+#a)06%W>9*^^4F60_d06R|rKd<x>&;SJo0Y$FO
zR4)TlkDXYr{p{%V2Bhb<2+YW;y>5@_j869epdR#rA6#(h)~t)nF6xS?>d>z3#P03D
zkL;Wd?zj#IiSO%jaO}qKiF)wsgfIwwa0ioc?v_w+e$e>NF6;2F3hnL+tx$>B&jWwx
z{YGb<h=<2)um0>0|E#SZREr<JYX5eJ*HCQ$Jq-gXaP$Ze#pEyoM-KDqknujPcI2?*
zB#+a0jr8)60QJoRF-5-&aRW855e=yWx$uWTkU;Xvf)>p8$m-dqZ4<rzsvqP50P+Fb
zv@NkD==+Ee>dMXdl280fulUIB6zNR+z-{={ZG7e}_)N_ET5;ZJ(G}6h6qyeer4Rjx
zQT>Xs{Em^8wlEU0#|yh8{%+^cJ}MLCA=<1F(&|A|unqCfiof2)|1vKC|IY#E@Ld#<
z<KR%!F3=5QN8<<)<|a_qW=<ZxjS=n95f2FxnGt&?aVSL4=U`C7hHD@P5(b%0j6!UQ
z<m>8y&<S;L32X4pju7r_a0uNjA)C(aB2o$W%j|AY3hQhknUEnTG7GWrBu&!KmT@0F
z#~A?y8s#tXMry2RlDy1HCKV4K9grQVtpD)w9)a>FVMiZX(sTa$ktiy0*+x;@yyp^o
zj}+6d{AMv35h@s|(ipK48M87fxze&$vMBY&C9?!34GkyFvKxgm9X*cbd@?BAGA;3u
zD8W*1j#5Fo44Zx~FAowWt4Z8al8j1{FaL5d1+y@X>MQ3GbiOOJ$PzB!@-ZDVG9lBK
z<T5d(rY;30_Ox;{yK*b9k~2TEGeOfcNpmzQ3NbBHWyDgQ3S}}S^EF*FHeqv+Dl;`z
z1~dPWFm=-~d2=^?vp0crFj3PsD`qwCqA_JNIcHNjnR7WANv0f0w}|sLk*%3DQ#7$N
zG_|udvy(fw(=@viJiQXZI7d3C(_)NMFObtYo3lOH^Zq^GvNq3iUvTp-fAc<rGe7Zj
zKlQUe|BO64Yd)zaJ+%r9-Sa@<GeHsb9_3R&f2BUJqI<;CJ1KNREi^na^gA=OLN}Dg
z0CbKVbZQ7xk915yO>{v|G)1edK|_>RAQVabGe-GyMrE`{Y4k>mXgFJRQARXt3{*vd
z6h(zJNL7kOcQjF6G{HDjLz#3*o%BMR6iT18Ll;U%j}%dQ6ue4wNV$|qyYx%*5jv6S
zN-HKw9nwb86i3xGP1$r!rOHal)Rq==PLFd-z4T7OG*9ugg^V;#C8;|7={lp7N(Z%2
zr_@lTG*JoFN#WE_rzA`9VLkP9QumZnEj1{_{xqK)^+5qOr|h#$LDfw|byP*QRLiJQ
zH}yXtRZ=UpRWJ2biL_5s^*_uMQ5RKFZ8cX9bysnfS7QuSXO%xz)lOlxSY7p4yHr+#
zwPiXLuRhgOp_NpnHCm}PO@Vb;fu%=T)mXU|S-ll9l@(jvqE>xXS9|qbZ#7-bRb9)q
zl&)1=*J4<Iv|H)*TkTag!xdiF!c3z{3BL&>r*K;R^#{MmBB%9Wt2JS}>0R};YUuP~
zeY7=O=MQIx9QkkL77uqU7KS!<kTzBV+fW^g=MM)_WG}5P?=@v{D^uyJVQIBleM?aL
zknP^B7BMLN6pHv*OlOO+74fZtc(#-Nc=q|iuk?KO_rwof*L7*zbwU}|Wi<+7AvWP4
zun<M>0>P2wFc##NtZT294!^d0DE1CdPisr<4Y_sz(ROCd)^#wjWZ712yOwQNtz+eO
zW+l*WRd#PvDqo@2Eci9<09NaSFd_|?W(n7D2N!WaEpfdr2$zos$*yr@j&jS+Avtn#
z3HER!H(=k;aV58K1$T2PS0g|7BG1%vJvVVjS7BWjVXy0H|5hyIRbt&X^v?DWbr)~9
zHf}p@V#T%)@78FAcXt7?V*hW{fH!xmw&jL5c<0u5pO<+}_T{qnZW~W|O^<K67q0wv
zcE^HT?<aEUOzU)!+i<qr>_`3;Wf5`B_kHy(741+$<+px<b{Ah!7Rz^Ny)1s`7Jm_!
z-QI_P*KKa&Eq#yoXxRtU6xjQewrSb*fqPYU!S^F-*C=+4kBB#Wr8j!DcX@9&dh1q$
zp*Mpw&SH0xgh5ylwKs1|r+Il-V^vsgI~Imr7<*56cW=0RdAM&`);ueiEdn<rH&+TF
zckVKmafxqnS$By;mvf!a_>35dQ}=L*SaeyJbdR`*CwGej_=#25il^9$TNiXicVMSb
zbI15~*%)@6ih_gqf=!lW1(Afo)`fewZHc#zKNxP)7I^KrhWS{8-<E9u7}u`1gR%CH
z8E|_Oxn3bzt-d#iKmI~|Blu?}_>!46lQ&tDA-Lb*xPs-lC-XRxO}U4?b&@IhUXC(1
zd6S9TIF{XbmStI~LK%EV8I@0Ymvvc^e|VK&wv}a;lRvqbiTRj48JRmdpl*3~bD5W+
zxtF7v1AiHq`(ub}nU=LVo4I+LtEid(_L-%5oTr(b!}Me{)tbi@W)Cbvm)V$;IiBBH
znc;b!2?(5_R-DUupUs({X-JhR8JoSin+bZL4VsPd*=6;)pBdVp8=83lI*2XVo+-MX
zEt;M&TAtfAp&NFg9r~jm8l-n8qAOUS3;LuFI;By1MmbtvJvyXeTBKtdbx0a~C;Fl_
zI-@IEr*V3x{=2iK;q|3udZ=gGp=)|}O<JXudZm}TseKcu#Z{<_da8*!nveQ#Z<?pI
zI;XkXr@gwT0}iUORjR9+s?9o*uNrETTB^RLFP!?VnL4fqTCA6qtOqG@+~q#Xdauv=
zzS7!dvzjaEYAe7Rlk#_>=+_nx)n>=7ff9Qw4|}UE>9PBVvb*}S=sH;KT96)TPZ-5^
z#+DBg5v8g(kV?*l)DaK;FxEhuok}@*Kvs9zktd}$w)41bFK^Z|E!67kQvbSP*BZKf
zXexZdt&OnGkdW&b(h95is4#cV{8f!>(9Ni*xt064<xF$m2w)+Xx|93q&Xl_q61k!1
zxvzWvx@l0ZohY+sb+eI2Z&&9l3}rlud$o1Dv=i~QS8i?Nu@5o!g^xD@tyY8io40fO
zz+X7m0z8A^`?Pm^w0pZ9*EYdF_Q5F-zmOLK`J1*cT(r~U!+RUR4IIKN7Q%fE!yP<#
zQvAdbe8WAjz+dyX^);|Z$tvqdzK?>wi<^Jwmk0Al-6C7W=uLg=OUT2G$kXH83|K;Y
zeCiZCaih+DPi)GgPWx=J78#p<`WJt)+{%;O%jKtNjT}=dyU5Ml$-f-U<IR12oXP<R
z$gw=ktK7+f+}@5n_@eyy(!9!TcFWg%$cy|HpE%E(9Lj_It2^jJq2wLl;T;^k(I5WZ
z(HULRA$`&#{n9Nx(<^<`DZSG%ozp+v(=}bxL4DLi{nSl8)k}TVNxjukoz-7m(zo?u
zV|#XRT*vFXwIdwFcTKk^*1#Qnj@|aaNu0p%8`wvD*jtU)jh)ze9p&u1*Aej6g5AP@
zJ;j;b*`fW}#WvX`yx21?x4WIhO?(kYd)ZCg*I(P)L7c^#{oIk=*IhHWB)#74{oe6C
z-}Qap`Mux${oesT;01o*3BKU(-Id)4jiV?(aDB(CTkX=jiQJ7Omyf)wIK0vO!_V8i
zIi9@7+si<H<2^p&1sCGSyNoq{>Z;q~&s!n28zYezyemGr&D-T4*SoK7y8d}E<9YtO
zSw7}7zKgX;yJ;|rBc9`-uI6dkq9(o3oxbUz{^_MY>ZyL}t-k89{_3?p>$!gGy}s+g
z{_Dj)?8$!WXPt&9288tb+p}F`*&f4>{nuGo-rs%PTU_2z{KK0a+l3wPhaK*dy|k-+
z*RP%3b2r@M{_eHi*+rc2E!^0*_O?|{-5Hs8dKcaG-rDUR@W~xqf7swbKlDX^^hv+;
zO<&-Xaw`Yht=IR-^L)(R{M!J%&tboRv;2OQT+Ipn$qQY}?_AA$pUmNh_J17E?HtU9
zfA$-@_0!zXd%Vkazs>c0&Y|4(g+G70JkE_A`<MUBjepB+zkQh8{`zCT{GFfo(ZBp9
zdw-Z7)>Ylr-#^ynKmO_8{p}zA?|=UDzy9&R{~i780m5B7fdmH{EQs*nK?L#eHGJsM
z;emt&0VuR65P(Ji6ges+xDjJJk?uT}+-Q(w%7Y<I4%GM(B+85|DaO1>Qzp)lA76&F
z+0tjolpAek9GcT-PmxTEUhFB;DM^z>T~<WuQf1PLLNy{p`qAo5l~ZRf4f~ZV$f!(f
zLVar#uH3kE=R(DIpdCJj6ZZmm2RN|c!GsGNK8!fA;>C;`JAMo~vgE+=4&ZZ#006vp
zn>%y<>^U^((V|O_K7cy4>eQrLn||#&HtgA-Eqb;sJ2&nA-MV}8{_Q(BaM8Gj3qNi=
zIr8Q3G&6s$JUaC0l`r$f*Dmurc-y;k|L#3J`0?V)lRs}hJ^J<P+p~Y~K0f^U^6PWQ
zt2eXVy8QS1?+@UA0<Ps&fCdhT;DHJz$RL3WKG<M{5Gp9vgc4q8VTSnaRhc_}O$K6!
zB92I6i6%Z)9cCWE1CKx~y4WITF}^4xj5gMYBaJ%F$m5MW`q*QRLH;NtkVbO0VvL#{
zNo12lKFK7MMNa8tlvYwHWtB)?sb!a0e#s@6Scb`Dl4OpFrk7``nWmUDrg&X;e{lyG
zo!!+Ln4Nm&$tRwE-U;ZQe+n9CpM?%;D4~ib$|(M#jvfl>qK`@n>4y4ch+(FfZmMag
zoPO$QsGyE2YN@22YU+TNcKG3muD%Lutg?m(r*qQXIvuXM=F01?zV-_2ufhgP?6Afb
zi|nzc!C9T0_B~5qw9rl~ZMD>1Yi+jOS*lg4sDA5hxZsW}Zn@;1Yi_#eD!6K2+RX}Y
zyz<UlVy$bsiSNDowz)5x{^rYX!2k9O@W28Wj4;6pAH1-^4kyfT#LQaeETtAV8Y#vX
zPpWap9DkfK$Qy@D^2pq(i}JcDudH&*EWhk>%rGa|u7~f^i*wF8@BB`!$|l=eanspm
zE6_h5ZFJH|FRgUbOh4`PXcJ?nowinEi~jZ1T4&Am*65uq^S4%22p3gh&wO^;Xs@ky
z+bP%FD$jDyP4|fQM*MKYQZ6Z@ZDR7>oZf=t4RPLt4{mtkg)fdc<A*=4_~27l>~YDJ
zkBs@{nv1--<(z-+IiO&t%#l+^c@+~(7NL%MNvC`CQ&%j-z7^ZHyN&zpy64XOM{wU<
zcksdwZ<x<f6KAV)#VMaW(L`^Co6yVOh9vdYACEoM+Go%G_TG07K5vs(-F5k1n~(na
z>SH~6%USJ&(fdio?;!kcO_kQ}`uEQN{{Hv>t>68Hcmyn9@a`75fB_D6Ey>7?Rs=x@
zO0aJ=YRQr`qa+^rt#KTLoZ}J*{=yH6u!A8a;Rrow!Xu4uPMymf=v){&7|O7PG<;#_
z+NUo0RY-n3$%)wt)WfIL&vpMRA^?qu#3L#ZE&?>56Q7tf<9%;>Jn4+`K$AQxLa#QX
zq2d;sV@2tOZ;an7BN@+V#x$ZaI4ew_8`lTNH_9=NI9yi)iPAbAwuOjCxe8lmS30#M
zaga+aBq0x(wkASxk&J{D0#B$Vz(MkZW<sGQOL)mirZAJ6#H1%R$;nV^sf{zVp($fn
zLsXu!l&Wl{o$6>Vvhhxqh^(a{Z)wY1PDqiB?4>V3Bt`BCO^vT98Zp;+%w!^SnaXS?
zuShw^XvT4x(yZp!^5Pf%U1}4T+}x%&yU9CV{&Jk;RLmng3Cd5RbDg40r#soH&UV7{
zo${2JWiZn$@~twJtn4R0|GCeAh7OkC{H8$*iqL~9beGuVi_HdD&WK7>Fv0vD0xpWt
zj9xS^&g>{NKkCttf^?+cgC;dkYR#0Q6r}_;S7t1@kq#|%rU|VnO>b%-aZYrn<2+|Q
zca)jcsHQSMrDr^=guxBU6N5lf>QRmQH>kR(l24uIRJlY|sZI%+0`+HC0qRPydNr(n
zYU#OxDpUX*K&C*s<4o@Ox^4+Ff3M>YEm0-c{m?S6bh#@aTQ?H8!gXzYEtgycOV^$B
z)hICWBM|?{*!uqAFNoo6D64?S)66!qqTEBPYBaJ|j=IK}T>N77s#sdmY@{?WF)bKl
zgA(tN7C6JiqH=0$8ZXY)n6nLEZ?(7E&|L9)u7z!DTcZ)-icz@4wQXu&`^Dd$(WEM^
z?n<qT-D~Ejun%hNT!N}r)NCZQaXGAH6)P951k!$seGBaZo5zzVg(ha9pX})C-S<Ma
zbgN5UeD8~v`<=zE^@Z<WSK<{No`foIg)C3Zk`UVQH!EP7>to-?UG%QSY#4s5dkeH)
zBCgK63vLU9O{G)Ks@RD>O<YL61YWg{H?&mBs^2!4RDLmaOC!nPRk7q$AM<#DeGIGw
zlY3+q1^(H26jXAJVU*k!C6%c;4qTHph@%VsXva-T5|f>5WiYq4ITchgm0z@DE&CYB
zJuXv`txV(`**MD&EQyzb?7$nhc}r>jl2ZAm89g^g&|XH8ph3x1vMPG4j25e-zY03D
zGDyEriSdld>)s0gaDEjYFitkz!@=?~z=^dlA7LlpQ4?sgsum)96-?P3=Ffs`A=_kc
z?P(vLcPpq~wTC18Y75u8*8e@Ver1VjQ*YX@t)^eEW6kSmdn?5&uJ-UayQ}2(2CbK-
zaWQjSo1uXF+u;t17h#KT;y5>Yr7ha?P#YBJ!do`(UbnpmE$%MrTi)bWuDI*X@6&2=
z{@w$Z_q(Ip+%T>dwXZ!lxtB}u+~Br~fi^9>i#u-HW-*KHjyJ%QM&0X*Ji8<xxpuP|
zHqVAPHEhi_i0xWlsDPTg$nJ<*mMv}j;@Uxb1)`}#T|1knI=wE>dC^I%$Dxb(*Ra<0
zO6u}+W1FsQk^S_rHB4#*Yu)I;9-^qIZSAnnt;JCFtWb&C<)&U4%5*jomxUZ>C*gU|
zaIW*70WD=3shMbO4>Os;JfuRS8Sr-gyWp`r_`LUs%TyJ-<NIDo)Diy7Yu3BsCusQ}
z#~IL#w^5ZVZ+E#*3GYb`{o(tLcp>|p?@c~^C==aiNH6-)vzLABMc2>_e~Tgh5rN1<
zCi3A3H`dmjzRHP5P3f;BAHEbW_78*N^b$WC`N;lx{3PsP<xic~U8#P4L0sUjcVGFR
z4nNkRuSeC%9Q#VAY*>;nYxkFh#I7D952e0GtbYpZV()(x@0l5DBvb=PQY0l^Q&fQ2
zwr>f@fVy&k4fq)$S8@|*auirTl4esGC?L8QOBz^pUgv>?#B4^yfBt8J@j`Z1Ra7ci
zRd2_Ff2UO~xFd5{RV!$N4wF?ccqXt%d$;F<JqU!hS2-AnQ$-kpM`(mecrGP)f=%d1
z0Qi6+C4~?;g;hv}S7?Q1B!Lykg%;R_ER}moD27N#hGS@kqr!wvsD}Ra0);wwgE0t)
zZdikJ7>92thjmDYDg=P}#6m*ohqVWYKlq0*M1*B%h-Zk1hp33EVp;A2QELc^uYzq@
zxPZ8FaFm#Zn5c=F$cfmqg<c4XUl@w%QHY2%HU<J}i>Qi;$ci<UhLH%1kdcCRXi1Vp
zgFzB^c&Lka$cwa?hrYOrz$g$rIEX<Qh{h<0$5>Wj7&8-Qd>qzatn++QVLF=jUL3fJ
z+1QHPh&!(si{H2ylgKpM)^O|AJcf2!7x!EM_i-4viSO8n@d%IeNE@FhiuX8*_$V!<
zI4VsCbWayV%2sMhcZ%F-klKil`{Rw^$dJX;hP1eOZe@C!r~Y~{D1B;%c@`;*8~KYJ
z8H^s;iy*m?#HfrVnT#iijI_s(p5l+Y7LZowbGcTK2}zR&X_JZ6h!53}J1L7$Xhu{7
zl+FcR!^Ln6$BtoCiS($H^2n4+`HuFOk5Q?Q6S$I}GFa?4KTk(tj#XlSgnTy%mNhAs
zZ<CW85)WsImT9S$Ysr>v>6UK^mvJeVb4izVX_t42mwB0%5BZCd6q2F$k%9S_gUOMC
zS(t?RCVNOR1IU<->6niRnUN`(lS!GCX_=RanVGp7RjDZ>m^PjnmZ3S8quC&E;~}Sc
z8L5eytErl;$(pa}nz0F+vniXkNt?H6o4JXbyQ!PK{>hua>6+r$G!xfMQRtLSiJZr&
zoXRvg*x{Ud0iDk&ozY31(`lX6iJjM}o!QBq+v%O%37+36p5aNJ<7uAN$(f|7o}$T~
z>-iw7qEYcFpYutd^=Y5?iJ$qYpZm$5{pp|o*`Kp0k^^d(1d5miil7IoptM*kFy){R
z3ZW4yp%Y4>6>6auilG^*p&RO;>Diti>YgBaliZ@2C2FE4ilQm1qAMzy!pSuEDO$-X
zqsvL7GisyAQY$Q~qdUr@J?f(+>Y<zRQV!a3A!?)|dZf2RqCd){P3ojinxX>gPG+|n
zXqPZ9xORtWgMNuZSjwdX+IeGwr8W4a3Hnq1IVfifnxjz4rfuq`Z;Bd0iXl`gUYOQa
z(Dxsnd6j~-d@_TLnZjxpqF#X2r|u_yhe|r#g_Vk>r;J4wGkIVicz@HUkhuq^mx`&G
zs-iC1G;|7DXeV*cL7bJyam*!@Xk?ti(vHxva0R!H{We;#ih#+%Tg3%&un}9x#ap*3
za7F2==XQxAwWgX%ti@`qjwz>(x*y<`8sk-@GM5(W=Q`DxeHRvVhPr;=2Vr0_VqZC}
zdDLJ4He%)llh-$V3+AZwcc}4qt@yP^#rKkR#a{2Htw^_g_X@2sse3iYVO$ZYF~@VK
z=B|<YVCp(;mU^rStFXl?rEBtHQ4;=R2QXt+dL*_;c~Mq)tVeiRijifOC5}gEkauVq
zOL>J?dPhcjZFhH<mu3+JWKY&N;%1R!I%XQ1gP(_ElNU)+MtXhbW@#!Ue^zH>ntC@9
zXcR<bKKrtn*JFehvaL6=^)##tOSM%CrOCP!Q)d*G23n}`tU|YIu=cNv8dnUawE($v
zzJ{m*36MKC7QgmjahsJc`GGPiND>x1Zkt#A<&sgCuWs9Fh<bGwiF4xzw@b&i0y`IC
z;cRpJwrZ<?Ux%<(OSzTHqnvtM#>s76>$NeOZm(*T(G_n=8LY9YS{`RT!F6w;+pCx8
zy0KburP_|YHM*=tTtpdgzy2z4zja*D(-H$Waj4sF31?`nN^iEBTBGWY2uGCasJy;f
zan)0*6eqmP3p7(}x!J3|nu)a&qH<LVeC-vsH`lJ#imif+t$>TR^EI!4JAJkmxA_;S
z-7>aw<&S$ibog7p?7Oa9r(yROd^0I(`3knnwy1SWUt0%l>3g`6yItE0!4X`U4ckt1
z%5ogFH%0q-8OviEtFxEqu|K9GkJoyTXSAnRvTf$GN;`vVm%_Oy!WucksK>#H=OZNS
zcb*4$IjbZ$n|UjYW?Txx9jtglYqCVFc0`i09UEq@=fN78iyCWqG%U4HD8W~Z#f;g#
z4Z?fA*L&ehbulS@{ycYlhFi9SORxEdf9uO@$EIxN7q~Fl#`CIufc1<`L8xbY$7pM?
z@_V*?<yPPqViy6gV@$U4S2pk`bYwxWf(xmv#;pyEhLfAcm3+mRn>3LLEYF*qyn3UZ
zT%*X8s#l1;mTbz|yTwWbn&1SfNt&og+90b;f|Pv9wM@AbY@md5iwlZWEu7209EU{9
z%Vs*mT533@Y|F`<u&E5ouI$XsOjAp$%+s8(nEc71e9hU6&D(rT$V|=O45!Te%;OBr
z<a~tE49@8cr?^ba?L5ryY|QQ)&+sgg-mK2|%%tL6&iic6{9LIIjL!l6q}B|9oE$X0
zs?7<_%?qvm(8^)Y0u9kBs?TlH%8Ltv{@l+Qt%T?t(H*^_><rJgs6c>8&+-h+C5_Va
ztkMtd(Jg(M6RlV1ibv2`utg?f)CjKjx_ubU(;97v9PQFUjhO^JEaZs0%!8DJmX6QG
zx(LVA2HnsME!9zd%`7d{SB<R9_{!1ukB*zTbo{=F<<mV))~-m)SdG?@3DUJ_cib0u
zE}OEG_q#_d(kHFbc8%92t=B0%N>-fKe+`*14Rcxvw(;84k8HP+T-J*{)=C7_fDPFf
zY#pOq)T>*L1;=sf=vqgKj>JpVQw`dmUDbXa*`=Ktg1xxcNUd#4*hImV);P$2+SrUu
z+im{y*rxs0Yn?!48j@(5*L=O#cOBfnJ(8r2+mVgh;`=|cJloA(+q-ky$BorQO)OCD
zTcRD>*^S-WY}L};(#ieY&Mn^Iy&uu--9fF}!>!)H&ECS@-o$O!-F@B>4c_Bz-{gJY
z{9)en?a|adEHJ9w0lwV=PT<BN-~1iW^$iz83R7Q;-w&SOXSm-84$<kYHx}Hv?wv`y
zj5l)zk}fFBNc@Hz4&Upo;R$r$6t2z+zO^g&S$3MWC#J}@Bin+i*r@o702_QomqVOl
z$HV8wdQ5*m-VtRS;re~nD&F5dIYyqUR-kIT$$P3wU7WJz+01cV4mahhC9A>|EdIS4
zSet$2zN=hGX>bKTMk%i3-#pO<OA*W}UY`oa{d>NtlddMF(|GQ!&UjyDi|6F3xaR6?
zcHGElF>@ale(>tY#df}tysh_2t$HlCax1`#)vpR1$4CAj6Tar^Y~eMwS`aH^qaI!q
z3$$Y9c27*#JPUd#t9lG1!Z>VrQM<z>OvD%);$I3oukLm|Yr{Yr*Sj9WNnEqHE~aMo
z>w_0T8@#d=3xlgOv`ky#?=2;2-s#G$&xJ}5T)T1(?$rbgzmS`@^>^5JOOVnAY|+Tt
zbW6Z5_iA~YzlbizT^+{m3w3l%*u5seMxJbPoQe=W7o2|W-|XK(qq*VL{%ufxy1h%g
z7PRoO#o49`yr6sL6~C%l6uX#xySbHbx8d+wuDe57Ow#kaOU>~RpSqr1@*saj@8-$A
zN^zGRan?QHC1u<L578`MX)EXAFfM*--0s4*!1Vim^KS18obHpZ#sG}&;4bw3tG|cq
z=0kt(S!aEo_O4?6zX5B;%#GgykMqj>>57Bl-WGVM$HP?o>mAGXAdKw1ZtSZU_qYi6
za-ZxV%-hW_;%m>cX{YzAN3$ku>r}46AFRWDKeK#qv~cJ4F01M%ZsLhK*<s(&I{)Tg
z?0a)g?s&|uY0SqCM)YVbUu)d-bTz40U*wW5S*p)`OCS0H`NxU=EER$r$LJ^Yp)YEM
z9Dj^lt(uPH08RM<UGTr6$xZq4H9tl)kLJklQPv*(m2CNASkb;8#?){90|EBWZ^~mI
z`RNpS-Oty)4gQc%?d;_I+JD8-fBowZ@Xnn5=%2;Izx?yh{Pb`C!*c%c55el+{{7GX
z>Io3|4z$CE0Kfr+2^B76*wEoah!G`Dq*&47MT{9WI*fM!pF4x@+QEY-lBCI!BU7GK
ziPB|Dm@H+kr1^5D&6+WD-qeZHXHTF!h3+K!bEwgxL6aU;iqvUSs7$3UrTTQL)v8gm
zUe$`#Yge!=JAO2{(d=2YY1OV}YgQmZgY87lm0OqYUAz8y@$S{zm+xP{fdLN|T$u1-
z!-)|uR@|8JW5<ypPnKMn@@31JF>lta`E9|2ZAFhJUD`C;u^<7!8`+xmYuB-1&z4=A
zHUiwab>kjL+qZ4tzl8@UKHPY5<j0jKXTIEdbLh{dN2fmBdUfpAwP)wPoptK6r^Sya
zU!L^mxSTf|1km2S`;O{6%cnozetrD+_2=im-+zAq|8oqz(9ARNKm-$H2s{A3;%ch!
z8tN#lttxcTLX`lZ(5eP?((pkHk6Nv!5sm5)#0zoyFhmwp-0(#dVQf)G7h_~lK^$|`
z@w|aR6Y#MJ6*?%sz~0l4uJ@31FF?wU{IN*8I{u_j%65{35-=z6%JRv<sN}4@yV{e>
z$S|!eGcPcs-0M9q+ho#By$IZKPCDzfh(YhVYbQvA+B;xE;Z|$y!zx`9lu&pC&2!O_
z6xGu?M-lB#Ox6%}bhb-n%k;HPA7xHb?<gJgP(xt@HMaIJl@!!SJ!SM&S7ZI{MmuY@
z)m8$36!WmM3Uu$!1F%%H&^3|ti%pR<bT7(fldZBrDvyLVO?Qx$64^qV)$7{1I+V8A
zX}x52*JG>g)>yujCHGr$(Ixg-YNI_?TXnM}voABlP4``8#|-ma!Js`?UVGm(7|w&|
zlJi!E8^)2r8h3h+s$LKJ71*FoOtev_{z`1g<JGDSxyq72E_vjU6HWF+mQngp<Cj-l
z(d7(lR+-}rOZ1qhlvnaLrIa;xDb-|4K51v4i&h%vpplB%W|*5AF;$~UyjkU`VL~~n
z)nq2wBxqUcIbyPDG&@GLbE4H@w%Zmj*Zj;Btm2D-71mk21Kt<lg5Px)Z*J>yvTwqN
z)iPUt1vlL9a<>K8T*XCR(r<4g$Cq+<r9G^2z8BwH-owr1+{<gV{TFe_Qx800gj)x2
zVYg$KeJwm?eRjF<>c%+GWjP%#Rojew+0;gTyOh*QOD%rT<&#g8c;lb%+V|!QrJgn;
zYZJcT>otX5(M}Ux)kx}3t(49F=b2C6c}*v_zWVa5M_zqYwJ&~tLi4vBR{r<5eeKx=
zP=FVKo9pxvp#mX<NP9~h1085N$ZaWa-RfK33fH;Ep$Tz=gCOWMn89NC3xXdMAqV$W
z!EH&fgA?SO2u}yNzgf<NqzmB-S9h<}8IW~5ybtUK_(LFa#3QOHTiW=f5I{+cW+a(e
z)<h(>swvH6)tU*_mUgwMU2S7poSD{umNc9(@nbicB2cylHlIvUXF~be6=8-nG(v5O
zEbF2ek7maxjxmZ(+#?iUa>lRitYtQvQQC@FNJP2_fI(zr5DUn|xga1O_?ToRDM`s-
zT}g(Mlbq?sWkMHXONIXSlAFjvNiWYC&V#1Rp$a=Gt{1`!mVy%{vo2>rPL8llldIs8
zW|_TK-tvPu9Fr$OSV9tZQiscgq-1>9NN5VMcKv(KMEplh`$6xT+r(x!fnz>yhSQtl
z6lXcf`JEviF`Daa+asCz&V<nrp7U&G4e5E$dg4=`lX)gP{n;>xoh^|9J!Fl9_BDbg
z)Q}1ts7wyJP>42Eq6K9rMI&lawWTwG|KupHdX%1hhBTie6=_LHdQy|7lt2CKXiIlA
zO>@TdoHC{9Ol?|IoZeKYIpryA7U@!;;>evSC8|n|T2!PSRjElGDNBR;RPzM%q7|j;
zRINJEs$%u382;sIR=c`YuZ9(@V$mp6&5EF*E>*2eU29v}`c}7^)Tw8s>u6xQQ`YQ8
zuL$T(PyLG5zXletgB5IH2}_%w)>W}>N$U>TvpoPTFs^W=>|`xlS<EtXu8ZZYS){5}
zift5$y#ei4sZz&=K6Hzv6)S7U>RQ;ER<^C}YGONkTa7f<b?Q`LCeyXbl)AD_D8x^@
zp0zSh0uxQ7+tMg=nOW#w_OhGBZFMJdSDNy6cfqsNVUrWSYqkoTz~j{L=(j%ZqUw0q
zQ=WI-YgqWccR04SZha%7+szpFFWQyt;Xql+Pb$uIwFDFB^i|AVm2O?|YMkl-2QJC|
zg~0mt{uj4eXu-nt%UJ~jZgf2?-4845qoTEMi68RWB2Ek`{3WeT!dA5=lF^Su3*?Le
zd9yTOagKBJS``WTvN$qvja)m~7yr0gW#v)F8Ka`nqSiFpM)|d~owAf;3lsX9Sjz~(
zZ)O0z7Z%@bbTMRMnHe`hVy&)$$i$!vHQ2BJE>5^@&SB>?$GE{gH*x}7Gblq0Vn9=t
zx?3(Wb{R!p;;=Y4;7eb3+lM~!Zfd>nb2NI*>pby#Z+eWbUZvIByG(zt(eRUW^bof`
zPNP@8@n!X@UEPi>6S~A*HdvT7so@Tv8FRXpV7okcK{mVDSa6o1oP`;|R601=Xl8c)
zpJ|E8KSw*zOC7YVt&3tSE1Hci<71PDHe+xb8EIBT=#uT2#VqFJ#)HJ8xAiDRKYDR#
zAuA)49U9~|{`lQirt+1m{BM6_HP+U)F0I`p$xB+YlD<9my7WxJ1wXEqp+hjWih0V2
z3tN?cOE8%$eqmUK9J$8*GOvXlt%pxr+AD`=wF!P(L&wybul~)dT77ex<6P%C=Q(l)
z{_@)zoaOP1<<M1rbfYKTbuI_`VzCYIepC6NW8-(#p>FknM;+^0zxq^v-t@%^9qD6N
zdfCZ-b`LWh>~xKJ&)vRrxW8TQai{xxzrJ?5irwscM|<D-{`Y;V9q&+mde$Vje)z5%
kKJi>veB&Aac*JLvEF>O$XZ7xP%mZHYnddxx&=U{<I}NMn=>Px#

diff --git a/www/index_files/crypto_types.gif b/www/index_files/crypto_types.gif
deleted file mode 100644
index d43072b14391345fc99810be9221368eee065ffe..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 11401
zcmeHrRZ|=c(=17Vgdhp-5Q4je;1=B7-Ccq#F2UX1b#ZrF2)4Mh*y1cM!JXwi@9#KY
zU-VQ>^;K8(RP{*7Nb>NSti8v4e~<7#TwGlI$82nW|C<*G#utD8xA{N(p9B9tIKcG3
z1pF@x2%q2xA3l*t*BA5!f5K+aAE_@K2>(hcn<L#&G!#wn!**??p?Em{n^+WyOk>Gt
zGM!qb{%9j`Je|#KEJvoPbTXUA^>}Txscbr5B=|F_Y;*Z+v9$Ah?X2dC`7-5V*<4u-
zDunmiC~P%jEmcc(#sg7;UO%fAtIXyr4aQq*pv4xGc}N$nwd-A;*T*#(fFspv>-*1S
z^6mB86&A0^($%;1yTb{Ta+aAHwSRjMY3w#mZ|h8_3giq)1rr+fX3Eu2V^OtRPGU>t
zJ~+N~ww`5HTjlpmW}BP_cKV=_D<%Q<Y6g>0UqB=mj(ao3VlP#<_P>t?2<Hv$@w)E+
zeF}h|_+uCX99JjCtKx<D*zS*EOTlq+onD&{SJz8qAVHA-RH_9{wm$UL%Gh?v0C_X;
zn)-n(5Q&41!u*JxtI#qP(~T_f!Qha>5H}059qwbn^DP9NSpGd?>XvpVDm>GgJcPLw
zc{kQ})~eWsa_3<Y0M;0$@DsvYA+#*pyUR@UXpu^fBPx=nN>&%b-ANGCd`xx!p43JG
zz_g{OQPz^p+{;k+BixTMxC`CS7Sxgc8f%b;a-gQoa<iA>aTf`-SDCXWaq%zp%E|TV
z)Hy6-rlu<@xL+A9*EZfLJ1oh-YugHTtvJdl$#i!o%P0u5trQb5EiEi_&3)1Y!kM2m
zDyy3Dnzwb3`}m+`Esa3N3J@|XW|SQZ_&BLQ42dy+l*=a}DMZM}zIjSjqc~wm6Ixw8
z!cfB4x^9cAkv;LBQetyX>a0V`q=TjFqKNOT`f~NA-1T;!QKeI~r|O^LqRPR)UPP$3
zeV+(G7Qglrcg{>>I$t$*8|oJ(_P#R{%iSRXdNA8Ceif7z^o`rrdGu1$hhvP>Z^EUI
zZ|C`Hf^!~L^6m^$eLa;jY4N9l>YC|h=K1}FYr8mY4X30$1?Xm8SqkR1psvO2Fr#Tz
zbGxYTadx|egU<F>+%%kdZkZ&VG;x)xkTePU)QFzA=9-U=y^gWHo&et<x>Ts&M0wYf
zxP^~dTeFQ!VVJOk#g37*8#=I#38PcnXon@6k=5;)*ln~O&^aq|9TG(PHyn8-8+IP=
z6bW&k;C7IC9oBm&ww$7F`zM?yU*-9n75B!rE_?4Pyj(^O)ZAT;{b1$2M#SuWzL+wT
zWxa{!X8n4#;xzqwGe=AQ=X&{zde40ptC3&bF@8Mn<4(4c-@{>m(cATTe6Ns{#Q?eA
zHEdw>?LA%Z71E3YSZoW9_p=4YtQ_z*zxjyqAoLz1A?Wi>{{0T^uV>uP!mmCBYjn$?
z_qG=ycx%QeKY4hbWY~hPT)&~6aQ`JNV)gl4U5H+@^p_ZKCJcU8Z1h!1nj61UIaGLo
z0?VjfOfu9iVl|oqBhXs>yP`_uSNR>RA6k8cSCdh?DLZ)A2Lnu8&Z=vw((hdfB&o<|
zV}9dMVtYt~IcP4_8~b;#R_=!A(p2Ik<jE2C2&CX%aq;yZcJb~Hr7$X;yuFJusAy$I
zWp%HTGA2rBxJO47y_1p>(5OkC+ogXzp(hqGQGKgOmnGX*NiCH(r##`2oe8{*i|3~z
z#^mUeti6hf@ug&vyB;+qy3QDpFXc$q>EC>Jofy}=$5KJS^Ma!Gdwimlt8H}BQ86h6
z$hpmgB%@%ci=9sX&WhrT_LSu!RxmziSryfatQVGQ6aYT>je&RhmpiyA5Ba)O<fH6N
zkmg+8iM$E3nvA$7d_Ff*%v!9YOj<)zJ^#J9b@^QRtgTRT>a1J2#5-xxi1*2XIBEyt
z10E_awW=leXjYQy$8wT+4Zts##_}q*>;oD&VUN|M%!FlXnNN|X+iO<z&STU0@VGQg
zT%hXu(L(4sj&CQY#+PJ1h2O|O0cc2uANivs&1c=p<bk#d5Ko1MTIMRpkSc|2KIt%#
z`4Y5=3jM0Ap@K1vYEdM5Lt*KfCYP4n2wY3L*`q{mhB?1ov=d|Ky;Sk%=mzxIQgh(3
zYO`g1<G?BQCwBfxHqF~I&fHC7D_sfUR<4=|Qg{_!?lC`SOIlQ>0fS7#Ck;9<S99T2
z4S^A{PUlX2tt;sG_=#`?_4}7rRtc)lk1Nxz^lpVrr)K~P#&sl)*3MI6V$@9(!9(Px
zE>KC8Df3*<)P_@fnc#slkZ~Y9>%`X;La)9lXMjD0-{HVy`}^R)a38~?CQ$yup-y_B
zJV=4A#qYwF7TW|Rf3gP8zsimwXWPxReZW`)J^YuwG#2;WKrmrLq)yikR@=i6TU<ko
zmHaLd^a0E>)ez?~u}k*+Ff4-6m=G=x`%e5gBCXh%ls*BY;eQ-ej%!RQliy>|dmPiA
zYD{aJ*kkc|95=>j${3d4=g5AXuvTn>XDv<ab9FsV{*G(PIgmf#gFa4qPBrD-PaFt6
zKTiL_XfF7ua41UrG!vnCGjI`HK5cyVoz$CJCuZ)DNzj`r9ekt7d^JWz0pKMu&?qZz
zJPMQ6HDnwgsh}`84#)ffX^(V^CqcK1k12=9k2lLPIM^CMJIz|sRy8|AIc+KIAToUb
zDl6b=BwguBwEvA`!Fm$%)5&rVUTa&B0jA>;6$E(KS{j(^pi;+B&~Y`_IVi~PUY5Ob
zF4@w+BkG`>{Y*PTW7+J`f@L@SO!2k>_&fi47N|G0b-1Y9FX!5Fk)p>iS<C$w6MpQ7
zExSYSHP^BUumuoz%}>YSjli$bo3)g(7wOV(T}6dlV!4_3irhOa5}1#a4ifhm|FsYC
zcweUvbRUd7HjjQ7b4|lupBEDDm{1V9R`BrMj&}AesayQ-mc<?(_WT@W>~Sjq2<}r3
zcP@mJxhfC59R8E+9KX+X$_@8BVb^&s0#03;<gcAtE_n_e7+m?C5dZTXzH3Fdbm}{J
zz3`LrU4BRImKaWQai=J-Njmi~EZ1}CF6G^?!s1n@M0Ra%G`GWQbQH^-doD5W3;Xr<
zI4@`SukMS$ewCx6eO1r7$EMHz^!kO*oBm$&lHduhlC!rMeBJG>{US8Kq&IzSbAJEz
zTB7$X=STPcy<+#737qu_%HQ+2s`YvaoPON<CUjiy1iHOl_XGauzS_|ezON9zZ0%k9
z*N+!4ldE)cPuY77`{;GX9q@!7aMb2M-xgp->(}_vA4L17L&_UDg81koK<dEX^MG@k
z<Il`Nz&5_`VcQ>E>42{U0UtgEOjrf_Ed{<U1+9b!(s}+VZ1sEd2x6xTBwM!Qq;+E`
z4@PYNy?5ZDCT2fi6-;X#%=#&$%gX<IM6jY2;9Gl;vUVU2kN--#ulz?hg$xgyg}_ZK
z*XdS!YY$Ietv_s@A<3Nn#O)z^)}fA`uFCi!SP>zD>aJ=JffiC6g=v99`wo)U;WsdV
zRU_bsc1YNvA3QJvK=v_AD?C84or9Ag(&N(~=cV8jo-n@=YjS+@nFDuw+Ay;RUs>y*
z@WZg&wlI~$Aa&~~6VFf=Yah3EXU~iv+vSL<{m498_jz{TAnPa)k4NsOpaAQzo=@(Z
z_mOe!eo7I6NuFUtWwtgCe?GT)orL*RYRB-jMd^QvvT2KD9f=+oi5ixU)g6vplm=KF
z`Xp!kDbx0#E{{WQ5AWFyk}i*hNQLTZ`(<gzm}^JrdxVc?MEB6eJM)CTlZoc$iQX)Y
z*2)N0wT{a=be_`=?)HqudyFfl3m){06sJo}e+WC^N#x;4y7-s~!jJB6k5m<lKN*St
zk`YPX0grMSafeI0UmONg(I+7t`G3qzsMAhNwNCUa4|#F-`ZnssMBp!Rlr$*m&k&iY
zyy7RZlF007kM8y7!(&R~Qd~E;9V8<OQ#<~Q&W^t#h=?wTiq1!E^v|bE#sj=KjK^5H
z$5_mfkQeC?1C&V3;XhlSQdlojkHgZE%iY~klI0JrSqVb|kBC3DrxSYl{;u%rv<f}r
zb`1&lrZ{w3=ZWsK@``(iZ^BQ7SVw-=iB=y?yEwE7kP3=j`W;f9mB`B`NtYoZ{rlcC
znVr!4Xe1Meg6%UBZ1ot8=H-v*<^LYVeZw=ynLgIYDqVglS|Z$)qs+}h8=&l&TOyMa
z0zb?m)ydV-&ZK!vcu$yX=#qGNpB>X4{Cg>WpfpG6KC8mhZ|*UgSt@TKGPJ)UXDTu-
zJ2QXVB*!8g0F$x#qJ@+6-VP}Xd%8WJCDJz1+Bq|=pw?Nr=ZFHelc+0#Atk8*6NPwo
z#O95ru<o5~fKB0dBHC6u){%DVy~U{gj-=@%JMWAltbXg1U&Y8SMMB#}^X%??x}l_f
z#afXpd-TQPPgLZl_K>jRFJaDngoH%xdAGDcJ~~ImN|G<DPWYA9`l~?0C!jG=sVQHn
zxo)YYcd7N5RaXbLx-77ZtHfrE#cr&0s})#@T;|NcvMcR)Ra(H7QRZS>mIbzh%Tkp8
zk)=qj$p65XpZC$tHr?w!Gh9z2LS`ve%-U^0CV%eHCp9bd93}e6t2}NtU@+aM_hV+r
zO7`BzN^-9V6;F2@l!VgH71x%Y9n!%BndKeymDE8I*Wn3^M}e*0S#c<-4Nt*S!-)Z7
z-V>bx%e29@%ULf6>D_z;)`wMmnQ4>d5mP*Ye|3{nBC1FTlGgBRN**fhJ%NzVcvRjs
z4$I{hylGVQY3kwCycLO?N3IT^!uO-<C}rwSR;x&}5`Ht3Ky`hBWok~flG|77zVX)U
z;Mct|RBaH|dt(BZy%VoI>kDMk@0S1Et=7YdYGF?~82k+r<@I<_DhghB@?At!`$_|a
zop+H}?Zi<!L0270cB8;^1EU@Ocde#*&kC}R)Ir^J1jan@YSO4}Rk)Y)j&^f0cby4J
zt*{<`^-*OgeRgz46+2xmCu#&-H;29~pzyxY;JGemv_8zcrRrTC7$sr}oNJVkQ^i$)
zI#TXf<}nLy%VcQdit;_?&3$(qTYS*EiJ7PUR1#q)_-~B(E3~~9Cuk*;Nc6ZV>6s=S
zT5#Q0(v{U=9n|0e#VdL)F7W9r&+e@3>a2!#);@RE6L&T8cQxyEwfc0mXLogWb#+6#
zdY-%f5_k9WcMs}ygMGS3vb)E+x+hSrk(3df!%Q=uyBAPF_V7EAdOgrID#CQOCF}#j
zTvy|&9B9oBWO)bLBJP4PG9oGWSh)-MQ*dn&_dsNO)`$^cP>_YBfC6PN15N28<JU*K
z9y6NWBgS9XC!HSzzM|^?h3ko+taYNt^g^q8O~JjB*nQRfeK@B*7y<|%V}vNWJ4y8W
z5Ya3N1VkvSJE`?S=3#w=&4x+*fA{VBS?&L_zw{dN^&s{Q;CBnL$@hBM_9C(O;GJ5q
zF)6+eYk#*kAn7}(m)0*EV-%~`C-E}KGGPIiQ-yO5ocZ)?pAP7>4ozvO%D)UDl7J-z
zz~5pF2>@WDiNCflgIbc{f1xU(-2+_RJ&XLq3wjoC)tKR>mfE{2(EZ7vtGtCCTCd~U
z(7WeBGT)&{5{q9if8X{-x@`yLocoii!6~N#a)okE@*^k2qbS?MIXUJ9-TfFPO7S^E
z7=dF-;9jB$&El8N#+QM%>c1T^{hrl5{x5yCIiTd~am$JEJl}y~roJKjiD3Eu(dvne
z?mm;3p7DtZZTrb-`N<XEp81#wyVJ>O;D8m;)U%!;%)WHLdeYUctG?TkW3Bs7&eWCu
z^queYL(cS5_w>u!H2h^6fpo?jSHRqi+a}nAFK5_Roh`+T_w%Hj$F&Li>&$B?Tf%iO
ziR82f$1LKR38n&nzbik^nF_@#H|3dp#|?azR>g#9or%D2j@H6}O<|7g73*kX?uP*@
ztDgy4?mWURFSUWXU5Sy(g4~0}LUbs|W5+?=S1wM%cy2*+0<b_v1yLhqI@3_vwa}0>
zfEX$$>VfokTU6Bzz?;FM^ALFxbXrF~2w}^wm7kLtFXJBadc13M%d->|>WgZ=;^uyf
z&$}b-&5Nfk#-kRxU7^cpmQo1F`u5DgFa<+dD*aU46|)rM_May4q~s|M8r`YO0U;~-
zf~y@15+6%dI&k&;0ZN_*WCF`Zq6^Cn=Bu4RDQ8Y~H4B~WR}!T&371<%FhFetqEA1m
z<D;f;3s8M-Ho~`7o_bxIF_0IA3u+ibbjs9q!*katL#2`|wdr!#!~NDpB%ri3DkaH=
z>=uTz8pbyG>*uc<7YapVw{kKLYx^Lb8u6h*+|8Hu&41`}9fC%^dn*Ga#;`METZ3QD
z%xmp{iT8`ETZzDH^bH1>mSqf-jam;kw+_C(O;)Sm1KipOHQr6x7R{aC@Pi=6K`og@
z=LXl&VQO{|twq5J==zev>yB=yI{mru@wzG@#ugpf4w~ZTY7G>AJ1^Cu!2wrkiG^`v
z?4h@AhqO=$o*Q2N+=2|Qi8ySE3T+)bC?2b8y1VS%-DnKQZVn6Xn@>T-{k0|Yv`qm!
z)HOQ46}Lt5_Eq8};dQQ?dAG1L`T5M61AP|Vlbv<5yggQ2(@hI$80pqo^<lc-ehP3!
z`}MF9{m2)1<dnNrX>nB8wbv)8I#RPr0YAbf<4;sD+Ckj!5npjfXRX3mbq(1@C^e{1
z*i!AG%bh&F-#vEYJn18wGn*WmyWZ80*{$|d6q=-h0tHbO4P2R}8%WRk$fjc&mkif;
z7~}T-IGmjrY!LaMHIN>J+(00PMlvk(pjf4|IIU%<6ms6tXZIsD#dBHeqkBhV2b`m2
ze_m_kZ4Jr`m0uS;mKVyw7m9@!KfxEWyBE^$E;(o}#l$WpOfFf&F8PZu->+Yiy<L7I
zzxpnGMP&rPq6xU7%fDjiy<*zDVtKn_BfsVlzUDN#<_fsx$-n07y%yNK7J9oDA-@q7
zz7aRNkqo$z&cDHA*-VL!8(L{op6&=`B+_7yNZ?_2dy2ss3vK$Can_L#Y}<*%-N}s^
zz4p+tT;7;Zh-JR%#50;9+gJ8&wq9&B$-&9C$oW2?qK>yQPM^Q5O(whTq1Zbf%iF8K
zRM^?&4YLg8j}f6yL)v{LxyOAQo|{oz>T`ouWo@GRt*-E649Zi*@SV?UijwX_JaI{R
zKyi^1c6yx)jG!8&J=+5{pKGO@x$TbF2XL1eo4;BSd{Uvy(;hIE->%diboi_<e5<ci
zwGJn&{;vUfKHtf8-C<-tw+z2zXXk}fRXwz|g^dSxMdbFy=d0z%OH(v*o-|NLR+bR7
zD0+D-+GWpIW_|0*vRcXocKV)Aw|UBVBVdYbi3A}aeB$(E6X_2|#^fXUl(;Pxii0W}
z(mrD%8brjcIWaO@ESiWTV_IF_usaq<&D=B5?($tOi;NOH_z4>(lf~lDqhJ2RLN15j
z3-0Ur!)7v?HkJ?Ml>$^sq^1R%XK9>h*2>qIO2~2o$Lo}f^N@(Jm}UxO6?AW-S}Io~
zXiiEs_?ww@Q$@2ksO@h4srO0e2Em}|4l3PdVnw+po)^=Z4qeFZYro5vYkfa_fU~@0
z)Ngbbur5;hteRSke(K<GJmort0b91+!MS=K>S5Vd*R`jFdoWP1PgI=WGmlMEZz_I1
zx*!LvD7!EooR`~lG6d|hW0^?vb{*J2-#tHbEqNNOn+#{3%DWr6bzo=hC4TmOuD&1V
zPM;R;b*HQsxzAfwENzJ(R&1ZaQ&;}cFjqX?_L$|(&=f|1rX)NzXQ$l#wsXb&x23j7
zq4QW0=G6a>1UA_?{!M>U992fXx~<J}4pVsQZ<CY6DeV0v8{r9btoI@6=2Bu8Ed)z;
zg2S$H^vIY*nei*DeoZfSAmTYIgW%1@*eBNRbNQc3FYFT6=Us|IsT1aK%$``6WVLdv
z>xH<=s&A)>lPtX7r@>n=Do#-%SF}V$5<+TLSsC;jSNUH{C2B*`D$j?4Xihlng9Mv9
z^@0i#ZjI`S_suiPawqDI^N5jSSc}Jakf|}G$HAL%k#sW+l`hp+_DQ8ci0TOSFMzAO
zA#LcQ+<v<+mfX8^!GsB&suwnGwM{Ax0V#?zT=hG9eZZm`>5Y4rd|xi!v;<NKmx20{
z*<!ovHgIu5;BDyV;>T-h_ciM;iX3bH2e;=xn6~EuWof!=i$;(^z5DGtn$~$fijFSs
z7F$Np@>F!@`Vv!ki^dn@6x<#ha}5i4#O`7%HFm4e5yK}12m&0WBN2xLdDIDsr_pT4
z__*s_i#Yy$)bQypnYq@~OOx*;X51H><G?YM*ADF$^72reL08hYaW)=AyIw!dT{K?i
z`cgSEKUsS+y9MvoCfWw6o7K$$SL>K5R+4Y^`{vzG9ut)uz6m2zVZ70i>*#EoNR}^p
zQqwxm$;w>=NdGkVcMN`tElid8x}kq~1qfv8b2lCU+tfKZ#x7G^Z#wn=dEJ{h4Ew4Z
ze-TqIt@!Toc)QJ8=X=VAU6v=JUo{MGB&4P0@j0#AbZ|V!FT;6(cS{NT-2zVX9&R_o
zja099r+fSw2Fi?HANlRLWv@`h*N(5aMc#j(^dDk0eh<fP7e*TUr})BOkU^BegAA?-
zNI8~y{JsoCai0l(h}=RJ<`Jb&toQ#SuJoX6Es93Qq#|dQ4=7RZTWOdHL)AA)a%>kP
zyJGu;fn)N8e!2bIeq7kB*feHnyZ8xxVx&@tDGrcFf<bdON^8&*uccjr#eFu~2+@pS
zh)0qmZ8pYA+>8j)F3Ht88|xHeMzY5v#kV*c=P_tTcH1r`bT=CxfN1^=iC0=w6cs>@
zLpJGeEx3z58%f1rdW)eWEvq>f&U3QW%NAL$<*ceHrAPHdV<V%Q<`Tq4Nl_$uH0u5C
z(tkG^_LbX4R(DY~AU<Yui_UT+J`gK?Gz!QX47ZUpEyZ-p%_5flvrs(q=qNSarT-%^
z6W=P1*}}($w9fit>N+X5yvq;081=_d$)rlr5zZve{83&f(YlO(6Gii3du;0{wbpP^
zYN2O$4qHAM&(!zIipO_ktu~4|HL7^a?m+qDmzY8aIm4{_pDoJ$^F>_t1nuU-q>JrG
zdR|SjWt_Auxq^}Ao`uVT%q@+*4HYG0DEeMR-tF6<F*Rb>=mwU~d0NG0y){|6CN|{R
zKO55dUw+sK5${zcPEC}lcBQRm=~9NYj+grREO9fAsns%E1Ssuc!A5XNi)>MK^iN<?
z!(tTaX)Wyb5Sm{Sl`IziwUxyy3Cg3oa5@*qma2fsd=~Vyh3>f9lJ`&xRSwCz$3HEy
zIuf>wu3TE6QnYdsPNs=1ah<>Ji@`zbRwE?g%N1mCl5*5Gy5W5FA-pGMd^LEgCfO^f
zrEbkAu}hZxFr5v5_rmH)+$rfUm3boEmd4kbO|DeNk*r(8A64^aVpZdE=xv%sPzR@$
z6Ae%S#C_MkO4qJ9V}-1RA61N05tGNT!(EzX+CqJFXY5<{HmrkLtzwhpc*DqXsaHW9
zO}7}?2u#W?{Wta;qROvYN~Udg7p3HOnZ|ko#`XG@Yh{Y6uO4TaG7$Od6j5<7xeDP-
zwEIxbn?EdnF%{=P<h>_g#3Trp7IFl0#*y;aRPQWAGG{Mv9w(^U^X{+nw0@Ut#IegZ
z=VHkmRf6vt6s}3qE3J%q`%<9QoenWgyNnx^x?uc5+xLtj>@k<TCNxOhXRFPebP99L
z*%PqhTUwd&0K4Yhc3TPEuS^FZyA>b_T8rYZ&V)<472$%cCAn8;<HOuas0D3gwN~fS
z!EU8LK{kpWtMmEDfN}{zTh;W{g)&J%r3T1Wvuzbp7Y3-d5VX@>T3u`d18M;vJHz|c
zrCwzB`cOf8Q+(+1u%vrqD#+fF8@e(b=H3hxbg<Qet}cPyTU$U5jvi3xCbCESkf5VW
zI&|$o(xVdsa&(8cLD&C<d35gyI(aWaH}1h6J+~ky|9j}>8?xtLB%$9y_-k9?WPcH`
z(toc}<!mpjJ&2I`UwA5!nBXl%4Y2!jMmy!~oZdZ@h$<#0l2^mXo$g1`ORnPT^;KD<
zcst2!ozrHz_c5Hj1|52^Vs`})2=X5${1g*%-`4g;SUW{RFs?Hwv$qA~+vf_&02TPJ
zM}ob)i?MmGkxIFT%Ktj2gU@g4f<Z@+4X@#f+PnI2!DC7(zNM-S_u^i^Q=@$T^=rfX
zCN=(Z)pY)?E+NnE<eXzYR)HOqH;*Ao|6O|}-_3kMw>~S-X<EGR7IB^Dm=owa(1>sP
z%-^$A4lcADZ^XZHtN1X{)N_^k<}*t1@3O0H<7V8_cRiHFd!)<oI=k+5=S$t=di2IU
zu=ll&F#kCR`g)&fBy<E2dKtlgyQ<sty-FqZn~{5aSQzeE%{B5oN8NnbT=H*H`S(<)
zw(-<c2VWjmy1y&SyFLE`-<Z$0-&Yd6)%_@RF)s8bCfqjATgAwafcE#*tQB6&TQbml
z5Zqgw-FxvY(2(4NdLx7k`-^e&_X}d*SDZdfsy-~vK5X$m9Q8h2^FBPcKKzhAf|NeO
zl0Ks5KH|Y&a-uz_yPx01V3FrEldkoxA&An^_s3)RQwsD(tMyCC^&b=Vli7;~M~kkP
z!~3h-`xVCfW3olRpNa-S`)fZ9WGA<<SEKyU?}v$rF};Yg+Ycz|4RCUHaHq5Zi-i`{
z{w_5QyvcP6ya-JH=;CMmF5E1<PARtjp;rJ=;O#`<zdn7WHt65QCo2C}WI;@lQ{=H}
z@K$V)XQ5W&yU3jy52T7u^>k3ue6Sf+;&fL)?uEPR1oSROLYrw2vdgbhEg>jJwb9iB
zE*?TWl~8{X=EVU&Kt<SK;>&V_`U@h5K7+;rV8QVQv2LMDxdBUa2_t#1eY2$Ijkqgn
z#|yuhrLUw4iPRObP^n%Hz<k)<ZP+7Z*fV9=t7O=FZRmH75Y%o+ETro*r_=ykOv;vo
z$2X)`HbyuwW@uAQ9MC)*<~9-@G7^y@?T#qTwIJn;)9ueR65<9HegV5sN;~OGIEYIN
z4T>A53<wP5Mwx$(Q<wCYmxx&aXV~{xl!#_`i`QfixlD|z%a7XQ3>qMg1(!&!28-vz
zB$G)-3tyyNP-T+3!TK-5g%f;v3lhaDyy<Jh*RH(93sM6<V}XOCH8HYK=;)L*Uu8-Y
z!e^P9l+k-TnJV+nX7zDDAKA>1u@X*6dK?*{=z`Xiv1i6%;g?ZIm?(&e$KF@QFh{nC
zX+$$b97Vp_oO1$<BcFCN7EL1fS|#WAEYZg)GmN7krVk3SALHZ~f$NiiV@W^|arw5B
zp>ALKfb2mbby>vbi9CA+q&2X#IFG71zuLrvYKi#9y!eLvFq*)mQ<GTW>EO8eWLEX)
z*n)6pjyzO+c-vl33-)VnVsIHIf6^?+r{1<V(U(8SeJwCu*UWvZKRs0~cIB(Y>MQY>
zGyOa`{jxCq3Y&)COur${AmGltqn>&HbLNA@45G#ilEn-%VCG}!%%{{D6yVI~mKoHc
z88pZY`rZu2?aUXX*{`^>nAEdaKWDKeW^puTaV=)?0JHd^vjnNLguvM^p;h(lMQFU=
z3(?9jlbO!xfhH~`=$|QC`|&Y%X32hjV|AtI-KmA^7SUJ0v$pt}7RT^t{bI>;Db%o3
zrBo@roEr&k$WN1~XdLEP(3$AY3jOFaGx}7EF?0W^FdOcua^jZK$QH3prZKjtA+f6s
zsi-~msnT#Hat)PmBjx{ES5rBj|Eaow37!4W$b`U=FEvT>3w=R<Og-j(ig%_u)iK9u
zB|{hkhxu5p)e}1b_83J|w4-g_+#?N@341{Wtx63kfJ4=K74!2uI>ZiUt1QT=cS_Ww
z#`ssrLI*^5h;^L;BB@G?g4KwwmaF=cMNMPQC6HaGMV+^1!PcVoqe)#~RHZ$TwvC~7
zuad}bhp}Qg6M>R7Vh2aCp$tS{4)Vq<_tJ8I#7KqHR}d7dW{OsLpx3DPX(d0>YtS#d
z2r}MAVf&x4<JmMM@I|F=t3MaAtTv(_&Q&#`EC&m+uF%z`>#`*PHKv!#<M=Rk7#hU-
zD+?~`U)bt?lM;B4HsM{;!#=H~?%+on)VPtZ#5ic}6cLSKWzj2O`d5}phN?%u)&O!U
zm4LNj5^SA2bze|*Q`dF6E59r;<OD$QVeLzX9Cb3Oy0Pz|3`iI>^tCSRIYUIt1N}7(
zL6zx0R}h=h48LQ92<qW|E{Mjh=~QJos?;r9U*3+=9zbd|kWXP5U<XUE*5Kwh6{I(4
zWcT6LQ~uIZ?<hTTW(itfiFRPAVAh#TRfUrx)c}wR=TS5#_VflXp>>b(OR_AmtkwQl
z=(8>BKdkwJ-})|<h2!6uCLlFqMSA@S_0_NI!qf(xnMwH$Rr$DDlb!3JEQ7{IEfbI~
zSQg5wU`T$v$Y573%}WEFTe*7GJB<48{kVEMra?JQKhI8b!@$Ol37z}H{9)dJtZHR%
zoz<j4ufqU;2Edr>q5(hFIn^*a12Q1yffq^VkEu6CUX9{_TZcb4Z*%o(W0{Px>XP4Y
zMBrAAB4yY28}+YHEjh5oGc$j6*K-TiLl-i-)z~f>H6}8IKHP3-@^0e@X{QfuI0G1-
zi;RK43_C?vA6)XQsP%;~3BO9hO@$L#N$#|xQp;CDvk{S@Sf#p6fVw<%trZS+Y&cP;
zjA;|PSuJ4}<qrzFxC$|Y#8QeCa&Qf5DP7$!eMB157f_lx`+}K++1t=AnDDDV5<Pc|
zW>k_vyo}C!ITPWjC6xW;OFzcO6_N-E!)lZrTMpff&uh9WEC`qLbYmLXKj%_&;z|HU
zWCI%auNvBCvyeT!)xc6JK`f`js1KQody$Lw%(PdT;AUQP2R~NowCq7@^JWuG18NSN
zpgkQ$ORJw83VCEQj+ssURamZNHjcD=k3|Zx96$x~-<AeH@#a%w3XMg}t+1`mp9TSN
zGIAtCTn;NX=0XWeE)O`%Hz#B&zq>ghz}hQ>!XWJ+P|?cb*@~(EfKE^CM|NTVTqD(v
zB?6^&AeVJmZJWcbx~?O0tWaKHD_2bIYy#d<BF#|}*HN<MQHtgfHlhtPJ+0Ey22N7G
z2`-SGuOVvZkXpmi(0fbdY%avVDNTs{Pw7Hln$26G&A)fHBpmq2-_?FW=8D3;@xR*0
zVIO-^+eR8Lgg6(Jq^WUq?o`|@VMp24Y}meGs`|q@k%ZJf^aHEztl2-Gtdo9gU0leA
zQ@7JJ;b%3xC)>8$FP#k4KMTz@TQ3Fs9jh3!|L|EPRXcU%%T)uMT7#GNfkx`9NBwu}
z)>pgPEOfo+xo~rIOMGa(W=+)y4X&kuEe&@0GATnP5o@Kyx>luDaErO?YeJ?etlLI6
zV5i!3?#v6c4NRcj!dq5(XSzz0yX)>Cey0gjq^s6k@`J>Ouh#6aIJzKn=77xmzO9N2
z?Oa?rAYz*k=umHK*X^P^F-Dr@P40FB{z0WTi(Xf6u5?%&^*X*=pxx;tCF!5j>|*l%
z6V=mvIfotmykL%l?I@g6Y&d*{X7zo>ecm%UDnEY|G`!m1W;ZmMvi;pwvGGN?R%!Ag
z9IttFbk)M|^fTA~=KyH70_<++B7$%oE1ns*t;*>Zaz?6+-L>^bp^1`b`sL$4gWSsx
z_-01#aA#MR3(5IY#7!eiT7nZ*CS=yDhujn7xC^p_-(o$L{od=mqXtTGdzA4ycr2!M
z%urM#j;=dXsj9P@QGNQhIcj+Q&tB&*rE~8~*FSpf!UM6dei{<zZ*$;Z{it(hzdIf!
z(!omCt6@IDUNTDznr941`}~7VV2O&`<K~6gjdSIq#N>o#$&CfS?$d@b0{o1?@^W?0
z2;KF!xLqtWIcg22K9wPBTGqzn`4YnJ4O1&aBBY+RqE0u!$&}e0H0yN3V&;QxaUTXl
zZUdxeRe#GPkRrGI=;J06V05sDi8hW=<6RRvX<$p{T4U>!u}oOpa{1}nC8OqZ|1CR0
zx>at7LLJEO8pFfTgW^U72#aWRoBgKu`%V80{KMFR#@>>ard7j=MF-1{p=|H8SMeb|
zO~b?1(%{xEpm!0wX`e)nIQ-3yl(KQu@c}vP)N<WsHxm-6^@wkVyP)Xx$H+l<-Y%u<
zF@D@D3i=p);uZY-7=-E_MC=_X=7l5hl&bjzw0bJ_cq$8jDo=l^D0`|jYW{<O!2kaM
DfNEl>

diff --git a/www/index_files/kerberos.gif b/www/index_files/kerberos.gif
deleted file mode 100644
index d22b5acb321ccdc88af8d07c2712291d5e3518c6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20772
zcmeEtQ+Fl|taUl{)V6KgwrzWAYiirJ-9EMLscqZFbKdj)jBlNNk&E1AuOurgJCT%@
z;NmnU0@nh21^HhP5fKRq2^kp~v9eBs1cCrTK!6t0fq{Vq1qJ>6{d;?RK;VDA|HJ<=
z@c$tL#P1OQFDknKwf|caLeM}EY-l{GhJt}$XjB@#@rJ^oa3oTh9I3{lk!UPdo2~K2
z;<0!l(I`CWrjm(dD%C2ziKf!2bSBfu9O>q=nQShXi>-;~^0|DWU|4*amWuf-h&UR3
z8y4!ta;0LKT$$8@#bAgg3wqDx0*z|j0Dt^7_5-bAOVza6NkHvp+n;O(Ia;Qg)jD_V
z82+v{hqWf1<dbXJ^vk^=1<2FoPt04xQCr;A=gZWl-C=Kf${k;ImZPZx%DPzD&X)7V
z3f6K1dRMl~)dth4vU8nglUXx#!(M!xON&uJ+s*f+X4~~#)-4YpCV_KpuqS@E6c5Yu
zcC?+CH$ck=@Ory9WC^@t==GI)I9aSVWW?qFd@b6a%2y<0_!t}k=QZf&ZS%kW4&}&k
zdHX&!bSrSv+zteLNXH1CI}RsuCGXJO4aKs^NDjTcFE6yg10_0$AWO44h@>j3Fae_j
zoE=0nf!*!Lu%V3XOMY6Xn7R<qsNq_y@>^m>_$Dr|#3Fze^e4%2oF64CNpK$|tAhP2
zN@cRBERCs;)k2Cy_tHMhXnC*L${aRMHws=)l-zP#GY`je42+c^cJ`EjO3RZZ?np?2
zt)QwXkVA<gj}Et~q$+Ai9S_WaD5XLwiI2jnEKM%TpiT!@rYVaw3**VGVEf2KDo`$~
zs!EZG!m_Fkr1+I}R-~I`1H7zlPqMC(3x2t{EQnZ;p)D`rj!G^~(TK9Ho9576u49aB
zKL(?sp|J;R9K<=Rt~H>(DjLSHt!XN7ut`YIx3Re?&HbBMQ*udjdDZ>20dXx;S69WD
zvfkTipSt6(Yuoe2AbU3e-Q{{K-N(UK+E+KYVc!5|iS00m6>KInisi6XuJD_;+ibYj
z8P}>Gz01={c4G4KVakwUlcgk&#FlA><y6kDlNZ<bd{VG&%6dlcfUjk?$tx!TR1UL*
zO;}ElUTFzltcQ77$&}x1Q9*UaZAC^`zjaC1$NojgB!K^AS*QNHW!bKL8?YtchVZg!
z6Rq#Q<>?~NDPe}$3S^Rczp;HAC$*)$pFj(qx<90b>`mBUT>nlyww<Hu5Xpv9P~8u|
z-E<tLAhh8*s_0tsy4bIcOOyOFrr;&&Au;J)#@rn3)7AZIaDLMdtmC~*+Khd^Z?vrA
zI~n~%@L2!HnBV;{-xZ7WKwxU%_uPbA!ntO}tH|-P=Gf=)bS!xEp%QFbk{?vQqmVL}
zP|p}(_rmH{{PKHX4(Z=3+@9itX5y1PnO$=*43MZvC<-m!S?3aWshhLo3i*#sxsyCt
zM=()1NCSVawt|C%l*kF)C@TfpzOiRZIoj_Do@wa_pb=Fr%Eoa>pY#m)p+!&q1ideY
zn9&Q1rT~G%bw$JiE+I;~COer<f{&tH(d#gj7<|~Rw@mluTAkJigR^q9&(tnt=0Z#8
z43jjN9I4u9g~UPwGu0fg(lr=aA|l{E?vEbM_S!Eo0gZc~l}pmy3l7d^WM`M%=mKJ3
zSZ}lTy)P7~88PDdm;~5DlD@A2IQhe9Th2YPJ6}e)!&#Q%ON3qy9wAt>`>=?+eRMks
z(IZEMWNc_jGHf@QxByI|l5>rpRwd9}&P;OJ1m`hhT&|2IePY^z=P~nNOc`5wq}<XS
z3rR0p8AsdssNRSZpUV@zNK+&;v_gEE!Z0pvdPbXioof7y4>?`mnP??<d^W@oc_ql7
zK>uH5`5*`tLQpdQ{{BwMc~gVoL7i0UUk(xb6<Z-jDI+NS<5&dtO)0@SIUhmNQb>ew
zuJoim7MJx@LM2}*$X>OO*7;O`K0--vX*uht;~GUWbN(zcIG6r`<{%JT;r~}=sR*Oh
z9ES8<Jf&)pm!`E`BA4pF=J>Br<+)00=0d`BW2x?>C0S{?N(=Nu04(OY#!9|gvS)H7
z<f2JckUdZb!DhK*<GIcg@=Wq<b8;0VjJ+P;kI)E8c5RTrsNPThO7vI%+9(GHNW%5F
zh;-3361GNzJN~?ec#7r>4n{+SdW{v_ffi`SOG}w}ps6O@I*1%|X6bvi@|4ZW9PCna
z-ZiBIceUmY3R_$Fv;Ch!*sYz(6@WFuwUwl<&Jqu1YZbnbt-fvEp-c*(RlLr<ZE8D(
zrj1MrRcGE|l(leV%KRJ_XF3AFz*OkmL1Rq^mM3cnD(2DIJm8?;HMRTm!CA3;Y%M-@
zY4C`F)$_!A=i|k(6OEtIb0;3@d-=KbDFLATSZ4GDP8sf<0NU|x90Ey!Tk5O7K|sKT
zKtQPMbVd&}xv@tb8b#y|aW=K;)v43H4PT5(u;shSC?-sy8Ui8cs6k+bSWK~*wkbq0
zKtPd{Q;xe1mO9&8pBrytLFu;k^U#NNf1GtkpIP&X(JiuBST%#UkjF&aK|uo_!H)0(
z$$8&rRpK5Z>U@n~thlEouOIBY^tMnSpN6`h8wx<}mynya{T&>xlaP$eNJTX|J^UYB
zORu(65n$N^ELtigbJr!C(HE6>S|XovF64H-NRH6dlttuiYB0R#At7CAmoKbTKR+n$
zqE_nWy=@OZFy==UUK)xwF8?N4&Hjr6w3N$V+vxg;q1(RHXFi_;ndm<^_uMN1l7FlI
zWqul}eP|x4lr`DMYpfW;wh1HHZ_O-ZRdoKmw9Bj9xZo-{A!TC$*6>L^Ohcxx^<D7y
zT`ZK!td^p7YSTz(wY@Jj+EEBy6(8|W{E8vei67BB7yWA8Q1Ntsg|`kO`?jFwwsk+i
z-1Sgz(0Xm=tjlIDPlTG2TR(4|f^%{Y@aH{zTKk-6*S^mj^PAvTm+bx+s82|Z(x+VK
zocW4-N;EJK6di8#_37{!cjTd<#@fm9V6H8J8@LrVXJ6SZ-^VZ3oTN?hcU%2N+)9Q}
z&gPW6>ZHdwD9Wp9RmI<QP+Z^H-~6*ePe4Hd_EjkAa9=IJ@I#^ib-ag)=}Z}`;6$$2
zbr3C(oH}>*pd_4lq-gVzS0VejNz$EyGUh%Em3s;-(e%3Ul{9cVq4Vq^-0@b*_h}!N
zd1<ci8Lo+=Kfug4=6Cs#q*DC8&;@?1&Go*t&3)ha0G~PDdxr>~zk-)?Now<3pX@dL
zd)o5%Ie61Mm%4pC=M6nzHKc-q3HkOr$Wr)Etbd15!@FDDK)SeS268MK!HfkSLbx2M
zFi1T!KxhTU{S5>!3;Z1sgaBYc$_OBS@F(FyBW(329e1Rp5=1{kK9~F(U}AvSu1Su?
za1I%KP!e!Rj@G#Hm*zCE!6Fzw`7c{j0GlUUNAurrOMkB50P!;)iZfv_=wPHU4;5%3
zaV<7p4i9N7HZ7_E&9y*Y4Ayz5Fh<KD87k7rGm|hn$uQRDK)$jt>$Bi9%8<_|VZJj<
z*EK3HE?<cZRH8Escc~z&j4<T4FnlV$c_=o1_t0Rh0QCwZq;Y2lEei}Q$yjJJ9@Yrq
z<_P!IAdmD&FHCwLDqQAgA7sx!eo|j^ih!=ufPvEpx7F~2Qa373rV7p=k2Uh*_Gsq&
zknVAoKCGCx2SGuM@CYi_6O$NNsBjCc$oPyHPtD*_E2EaR!0GWoJSxWX)WDgFFv0!k
zL8<V)x4-)p$cI{SXBlx9?QvIYaW}xXxI3))2d?-ht@vtW)3=QHkM{VlwfLX6co6Ia
zFzy6U>-b;P7*G>P{V56Xk)$sBM2Vn@_C*x^i4<-uiLNAg?nQ~nnTeyI#2D|`XxK@;
ziKJxM_(T(lz9@tU>q+J&7*b9$eP+mT=SdvW$ri$iT}P;#&Wv0sq60?)<*tM*Fv*-=
zDRlRwf)f;BL5X}#q-2>%&P9~2%0$F$sS+e)L`jrXmC1G_sXxq=q}nN|K`9oIDD07O
z)?R6L>v*u-GVUm3Cc<e}FzMXu$+qi)_8sY``=qyzDZ!vbf$J$b${Afwsi9uDp96^z
z-1v%>_!!tCY$d68%|vO~lsb8p7(H)xD=V3K>zRO8lGE|@qNMb}j5MWi-<l#{OAjAP
z&a9G3T9%R|YY`FU^Hd|RB;$^3a1uOu>LhnBioy4UQnM^(<>boBEVUw%+Vd>YRjQq{
z(4*xDr?a5wc7ygcPx^OK^Gc@e_atX0GGZ2%YW2KWagx(al29-=kRe}3s9Zy6Gh3>B
zvF0F{lUN<B?2mKd15B2p4wsmwd?1(&?WnZFWF<|wCeIDGw-a$h3RTz!R%`-S<SJJ1
zB1|E;jw>XOpB5Mo*@4&YgBK8m87|Ad(L8`KBS;U6ksUQGj4C`dqwu(`5EqoEu`Q2k
zf$W>2DB6?<B+8j(5>-w;UNkF(*SL6s+AUAgr(`j2_B}5fJKxPUd?PYAT{HhABl-<o
z(fAO_5gpUJS=xX{J5jVOsZ?+*sibMF7&gn(3d-)(!vHHQpU%4w$s$4sD-t2Rv`{Nd
zpuJp&2R-6RD6vE)Q%rm>SX|glU`e$?ETrNbwGzfvDwd|wn5XjBl4KT*czkCChH}Z+
zyONEJr`<(K5mdIYjt~oM6_8c9c-WNzO2-pKlUy*p%8pppViKui1Es68+TckX^+-Gf
zmJ9c&`u7NiZHE+Gsqs<8U-@yLN@!od@qnN7koZMzA2xpe7ReY`>C<BA`Yfp#@XD`Z
zDb~_jk76-Hok}>gvJ=xf2UWSCC8U}tR5qEMsB@eOn`$2A`n$7wToqvx*bL65`dS;j
zZ&DF_;dE|k6eMoOAseZT;mRaf*<WUrIaw9|NE`d28Z$c^^-aYL4lB@xE0V-2$z+Ac
zhlEy!kyqIi&XIFy(L`B!GwF{+0F@%JaH1toBJ7_cLcA%+(xM_=IPExG;J7rGI5p&;
z4OWK|I;J#?aLr#bq;3khQqr^yGKsBKL#-rEtuEZz@V5Rn&50bJ4ch0{oa5ZNW;LTS
zguxq?sL_qF-r{(?ZB8ZpF(r*epLKB0rRg-nzPfGR(M`=yfX+@d*(u@ul7QD>(OzUx
za<YzZ%~Dx0#S62>=MeFomMZa}c4QW=U%IWpl1(}e@nn26<l;;G5!g;US?w^LP8Cpq
zgl@^*q6dB`ou_MEI<I2Zr@~`PM+U9p@TWrer_6PUWRtA6=`Y9ME$v?&D%zkrQ@TAY
z!d>MgCM<sy3?((`TJ_UD)pMd%LoXEiqkC4SP+Fp0Ezx;3TMcE?y<T0qM`#r@bo$P5
z(Zwfwi(Y!FSFNhE`??}zzoJ!cqBSy}`-n06!SKw^a9Ewh<vdgSVfAd`xB72hG{;Kx
z?{o)}JO;3~P~F08PVTEtP7Tqn2597ziRlPSLqX=v^T=uhDD;Gu(fqB|HNsMzo=?pA
zuZD#1hQ~D=@m>e$zX(uAP0G!U{W!{u4R{5`#C2);MqJSQmm|D_a6-YdhGpyweai@%
zQjOL4Mz_oxW_`+4Bl1f#VmZbQJhI|umPh2|^vAQ}d&EW=(VYZi#^@mjnXO7C^^o;y
zhF!kWVrc<io+ZBB<M?T&dqB#rgisJrkfCHeOWzY4T7YFtsmYW2xWBeW?BIBj-l*Ds
zfges(oaf}eY<N662n>^DeGP~U$6#HVjS2-x_SM9razAG|i4WcID2HQYnA6xwPxa|o
zkR5U@-$WyyWfR|^oW@k5x;Yq#xzft;FjZe5*W}jL_yj!W6y3~$-PE`C>`9I5cFrsy
zbb2?3fCh}^BFFY`nXM?@T=!SsmG7UN_slO}`?a(=Vmv!O^f?Iq5dr3^N$%>X!!n!I
z*_q4k0F{3z+g8Fs|EjcE@+6Dk@r!;VjP_o64EZ|YYEDm5EDWhTk@0(xerqOTI)Hpr
zg^~<ahvuDkSW>y0L>vy~T>$3WIipak4E|b`>t&1_IFBIHPY1Kit9~uyqEth}GM5f<
z@$u7jzs=5NSeRuj!?(Ga9Mj6!n=VN&(H$;*u@r%x77I=;;cp`!y3Y-#Eg8~V04<k*
zLtd03^gq^~1>q|oRVxsO1!Zy`&1;cJGUfVXjzkEn=U1x)Enb{BJiJj3;h5fnuq7l`
z%YSo2ZMxU(=~f&EmfCUq4D?N7wq@h&=g-TElX_OkZHjF1aZ7Vco&087a{b)C*Pteg
zr#P1()59Ic1K={EK;L+Y&KMf;L+WQ7<8n9UCO6>ywt$r`0ghaJ{kg%MQlUfXTYKUw
zUtr!_3x#R5+sdHZ4^lhuks%AzTleV!W*m{solzPaJ|prGMQ@aIA7fas2K4ErUo-i<
zYqoj0Go7za2iv;}<00?zwPy&mP_t2PRZ(mFF&HucOR11$>ip2{SR8__46ChFt9{do
za@lqZf*WTozo6MS11<dsv9l=q@gP0R9mpR7mY+EGowRHDT*>y3<*I|`x5MSAKX|jK
z8dQau+absVg2FQqYC4fNmq&a*-fS)hpEJC)T)Y1=CP)32$J%)pxwgm7c3ij)k2H>r
ze)jZtc-cKq7<TqnK9usoV~C2o7$zNQKGw~8^_nd3_Q>wTo#RI4u_=6KQ8)$ShwzU;
z$0MWO4l>W2Ei?imcg}#AyI$V;R?s2kSBH1_YtEDBOI9a$*P%M{k#>3)K?++r_7}z4
zXZPbV@O3BiA1BM#CuuwDfSoA*xGk@pnywv9aRIhUkJG?u|4aeu!`O4xfs39WeDRwQ
zt&CikC<{h`{LS$lbe$O6iWqgOONfk<_1X2KaDxr#6Lg)cp7yKA(yNP#o3ovpo1dGz
zBZAupf!im8+ZX@ax4her-rKL8+aCc;JFj|RofcSrIHcg6?=eAcVuL9yY5{yEQer2^
z!W~2OUH2KqZ<QpgqU^sDlxfsCgnjoWn}jwbiDZ2l$SO&^B9iHm4<OFtu-5lo5%;2(
z8JuuwnJ^Cq6RCX@sp=gmCSHmByV*3i_b7uY{gJ7>)Q>(?tx$?N)-AM(b5A_%&y-fr
zYJ@6UjDL0WpW#Evn1Bgbqr_<W4_zIpoY9>ll_>hR&u=9uB7{%rkxxU|PwoM)1z(S`
z+&M@Kx&Mgoy%t^#xzq5^Q}__?9Do7OZ?KuE*qKosNp!o}?;8(LCNIvwj8sHZ=iv-e
z$M>vy9B;z3x3&A0<hQ7RG<(O7!IY1=v5%?%$x_!B+We&7x-U2Z4UGZ+&Gq;aA0O9}
zDfp4~GTb!inWBU+lmm_U-P~j)Eq4M_?<2w=`qY^th-6DnsXe!!wT|Omf|T5XPk$o6
zJ?oSB1o1k7-$jZ)T=|cG8Pg=<pX&&BLH^A>8QKGDzTeqN9aTud97#YLh4zI0LLv}|
zMIiNyfWY7hgg_&MfJdRz8w_VCA4<gG^ZP?!s~kxsk;~_aWvU#@q|xj5mPmn|$YrtH
z?+j<El*xj?`u;%RsGTVl!2&UGuDzZrl*1871wudmm?%`K*BXpusb6Z;QF^$?O7B(6
zHk#6>u~(y9Z!}@gkDB$n+v_!OFP2?ttKAwD$_BBRZLnSJMW|j9NaSeUn~cVa?$lDX
z)vh%=(yPYtzOozxj87$2w$_`cXNy>G&7$w?tp6o2HpN|emR=@#z3;5Rz1^ym!+4_-
z*lBSngrQ@@*7y8*b3U2L?#he7d9+=~VNTEU-*|jEb7(dt#QmnVUCZndovrI(@!pta
z2M}80zJ3+RB=5Yge{%k*7~g*6tK*7+Fca!OjA2#chCq;28i1rGVG@A?7B`5D6ePpZ
zO)!KYmOasJRSYFOfRz}5pel+Xj~ptr)QVvQJitkmk{!e|0fodO`@tx;?nepe7nDT^
z-M;PzqQQolrOE42oTMr9$tow}rQjQ6XzSsb`mkE%qDFCwACM=hz37|=V1m_d`azdN
z5~ew}#Z=_DPoHF1cyEVU75QI}niU0s5Nt}qP~>c)X-CD3%AW})u6^IVDNzd2l%*{y
zvWz2YjgrL2uEe`I4{U0T+^JNms)|5yc6D`4d}$eZ)KIti&rY<MB^A~YXJ*Jy_+)j%
z07!RrO=M9tjb1bHD2-ja9`r?;RkMG>98+`(QmjESFYBbG#~hnReUO}buVIk1OSG8%
zEc&}Gc5LhYY32ZGJukaIq$HbL^W!o9hBdg@d}>$ZouDY%_iDzECl~h)N}KfipQ1H)
zR1de(#(j1}(hMAE!vKasj2v8MiIRCR`!xVL&f||Y^-28*(wkJXld{wfi)=@S)(-ku
z{Hpyl!ZaF_-9HpM>fmt_Jl3V@7M<4R`C&XZmE~ofHr4f`JhruMc{q~E)gs*Hbeaxq
z)ak)t?+vb>_{<hIkiRN7vz>wVFgFPZR6LI9cQ4-U4I_XgJF}p=RO8l(n$_uF;Bm>T
zqjOv669Lp^K89VpIcW~|wNF@Pa_=j=t|>ydU5&Y37<hf!yW1&(ZS|d;PSdp`8HXFp
zKbnRcwsYGL8ML?CP8|G#sZUXHWzg2qF@^;1hq;V9UdQqze%`}1^-*3(eRb!qOU7pF
zc7ywF`heEwYo|AG(_4+rCu&1N=U1QAiig)@%g^uidnk?1)6DQ4AQKBen9N)tyb{3+
zl9f;|c|s5zo)LJWrVxw<lNX|10R*F`aJO;%U%an9aXv0#6b;5eV%GvlNhtE0nPHz@
zR+%>wuHF@CIaf}xRN!bDg$RCDgBQ)T(E}INFroXu5Cps;36%_C(x3WB=@tUe@OCjG
z0;Z6uO(Hbp3~_{CiP1FOCQ@ITokIf&R062GF|e4_cmQT~Q?()!G_GWBZ)V3oN6-ZH
zOM{72*HRW+Q+rG8HLD%><ms$tFDM=3Tnmx$$i5pBD`t2SG!7&Q&1RoVZGy2K^+`*p
z(pb_(W1R^o(L|v7Xpk9VRB`hu_?4u{k68WaG8c&nTf|Z-hlwKo3kKr@WW7jiawaEJ
z8G~XLEI_~Yu~;qSU?j5w<e>2(Mh7NqgKi77{5Ns?$%pW{sUj3>Y*~U)=aBsp3O4+9
z8E6yMEcdT*+BPWEvk_-S{PSa$ODMTnau?H)7(4)t1hZe5O3tY0J{Pl=B%}&cp-~Ar
zA1;ovheC5s!q>??OQ*83##15K7Zo2r$()ysmFNr2Sx#Nbf^ySR0vUNRmT^^9TTZDz
z!-#deMV9K{YuES+vQtR`*3!SJ;iS7A=H@9?$@gS#{G#*~ia{UK^U5u>!nsvyj~U3<
z=BOdRTWJ_%i<V)9N8{aCE_&fP@Jkq;St;>jtrR|1%2uA(L=k3Gk8LU*T|?^sAjsNY
zbpog4I#{wVA&hy;xdy!rk|R6h=upKkhGS(o8slQGjJssi8x%CcQOv1evbm=k22s=%
zVymSdGHG~&EGkc&?Cox4R#yS&fYZiH`*oYN%aAekF7~DHn&Q<g|B8m06bo@(80F}y
z<|sINV%lh`?Qxx#VtjoPx9Uy4I+mI24ZAuM%}8zLs*6M=@(Ueiw#}ZGm)0wL8~a95
ztv!)vmf_fXJL}2S_8UO`(g3Z^HtF2IBz4z6boBTLd^)Psx3(RzxQgVyZ7|^u15?C|
z#@|^QaW#NJ!XLbdXm{gvE%Y7`4hL^>`1J4I@IHJJD-Y64BUdoDOfrEA_o*obq$Oi^
zTK-`tdKmWu=z6WbAaQ3~ju=JrL6ktrD+<~k9}S6@KaJD+4r!b3LZb|A#qQHLJnGnD
zG!82blD;*+kaaDH9Fa@($_|r#Yh<CTSH^Fz8N-viEdv!G6Auu|)rqq$hRZr)?G^Sp
z5P5e-NfM{${p#2&tLEut6}wQyO_aK*28DEWqFlb7AegK4IE!6oN##*el~qpPwld2k
z-D!;+vzbR@pC-iZ=sfy9W@S(^ipt&D<;P_e;VL)C!~iZ0yNAT)h?L_qWsA+Z!B=LY
zn;XE@(U*QJIuwNb;UO+J9eL;4Jz>kuty2yT9aXs`$1c~+Fo%sgTzVZZQLi<=G-iv#
zT3Zp``|VTr;+Ei42e+;;VkjZcLBzmzyY!d9W7jJfzcp)rTDFwREf2AC{abl(zH%^3
zd=R8wjL`J0BTB)Jan;|~QY&1CsC{&!@A6he>6=~by=-Q{>wB7A<S`maxXDlf*P`t1
zZ9dGGnZ#b#s=zIpG3w6wM=!@^hLR)Uc<+_gUgt88?aL9`)s+!}mr%IyJs}+4iHTnK
zTEg#3hd7+N+a5>9-tC*%;i$>=-q*(R=qsC3pS{l?%QCo+6;-!~ZS=Y2a=4v)7|FDa
zL&e{o6PkI~A#Ltj>~ThXI==V$<*u)Eb1$W_{zqDzei!P7FBZ529j@ivBDudm5CwH_
ztLHxEHR8RuUUyz$#=a;m=ZrQm`<7@rzHgBoK#ubb=w`zGpMq}P4>j{ob>x38Qp<cN
zWp_V!8NKgn1^r27**}X{`Cq#b{a@Ph&z2|yzEo)xtKs}VcP*nopZkD-Dc~;fSg;EW
zhOf-H@9VG+T&(}@vkwxDnTw|{DY_fNwf8i+AGSp(C0Ov+Qoq;&Z+W5+cy~V%+Cb7&
zKLVR@ur)U*ns5i!0EVk@9q$0va0D85AV|Z2jPyXNr_i10z%FllO|{@H+#qI4H%f|d
zSMdN@%>am0BuEN%#XR~gxG-^zAf0eKO=d5MGFSim09^<V9ogU{>mcb@C#o<AsE{bA
z5D0{l2x_A+g>O$Sax#8OH^EUK;niT1Y6oA-AT6GV0K5q8^bnJ8H#3=NnP?)LnwYqm
zD4Lfj7g?=yF&d8^?*x`G-`5aL2#?^>Al=rWTsJ@M{xC7wa6hY91~8&gG!l>W3G<$J
zxC%NDReM<5OpLR8AfZsKsCiiBXvDy^TNNTf_M+rzKVw>ZB&LvEwlmk(3n|M>Je^5Y
zr({IJS1fp91iS&&aB0*&h0jP$+)+4xn;K=EIPX(i!l{P+$!j!KO3YeM%*IzVaRAk!
zWXzjRWD#3pnp@JDPl8k$kG(M8>1xbePck(^!lPz{JY-nz9kr!d@~$gM@oG3+O~A1P
z_JDfquUKlZm=s&cnC=#VU?px;h=9;imoS+$;nMh9v^eUylz5AH!c&BsDUGmnMoNv8
z@{?GOoj^2SPK@4!EHg3$NMO3!P==lq8f^++V}k9`M0tr+K7w3^Z%(d>9BN0U3;+~3
zS>PH8LL~#L6#+^l<MA~fdW34^BvYX#>zy*$nUSALGES(C_hvnXpeF+1ISir{m}VB(
zT{Bt)0a6by+o%^IE;gA|Fd-`~Tk+IYC_2$fI?_tk)wvY)2r5;BS7CS0I(;;m_-7ad
zDFQ+Z1QIC%#AvAZY049A8XbGGh)y;~TW*w0TyANQp=Cx0LX>G~NIpfbuy}eFKKH)_
zm{$vg0EtSIo9UJ#>^2KTtCYyxpV@Jp9#4@%fe`0U8CPJF-cC_Kfl#nRRlpSkSs<I4
z*8}O5o9%m=WP_OYtjSzUnI7AkcrTgTUQ*aunz&)>yqyNzwFpBB1qKnxAISmd`XHu2
zl!i-=$UdDgzFq&Ne98a7E0nYhfJ!NKtBvo=1%h}+q~Qhj>WTRti0FC!Lunm@PF3oG
zQKXZe>8DdVuIY^D&L<C2M12;yiQ&0uneUZVcJUda^_nMA|Cf_7e_Sz-FFvuEGrl!E
zj~_Zf5UPS{qSWTPP%EplwKQ`bGfM+0kjfJm0<y>ixp)YYOl4n8(j&zHIVgZPLjFA%
zp|(hygUwK~$TNacD6Gt?pGqy>%k{hnKCS8qULxd-wX98Q0i(u`j@fA3Cg`R{>>6)^
zz0_xvlB$gLz>Ftu4?u2Bzu8iGm+K(SmBWvfflXYJo{2Yu$w`;SmA|Iokx(Bf=i{R5
zQKp+w(Xm%0_gmyAQ#X`T>rO!Ch0IawNx~M%)&RPxyF50G){JcqD|`;m$<cLL_sr(v
z4S(5bAXz7Js3C`)X*jwihMmKi@~i2-tB=qw)W#rcZY`?eAzzv;VsvZhFE6}zFX+k(
zkekcmajUE47P8r-C{HX=%}Dt}j7{N5oef7To3BVdFOeayM3kxqiL3FKV*enIeeL7B
zf1|&lE}zR`hx?7Y@RLQduk+RxG7_(k$cnE|O!_U!WgCy2q2eaG4Xoam44<tELu!2*
zEeFYKnDdiCz-wo_^#NR0J164HK|q2)0@*`0a7-e~G76id(@Y^Z3T6PRUs~tjc*X4e
zaiRE@U!-LTh+#tM9~H>=jT@Epnkw4b@gIkaM-jTJiIa8Y8}*Qzl<Jjg&zgYLR9X4;
z*5kPxKiofPQp3mSessxyh3Dz{m3!P4I>~?cwdyfcqBMc#=jEc;)N1XuV0D0IjtOtY
zb>O>gtCEIpjUNyCji68SuTLLuRr_r!NY9txZ%4b~ZF1`+7H&BX>x%GczkKQ=L#|+f
z<!edj0?_pev9rv`H|5P!4X$U_T6ap^WZPqK*Ln<glyYZl^#_-AN@#cTOLltnxgz8<
zsXO%YQi=1Q_4cTC@9DGN?KSOcm)%ATRa<uPgtwcncc#q^Hb$0MLU)WrC}8Gut+@65
zRV4LFc7uqK1H^aw$@f;yfxGpKSV0ezziyg;pX{07WWvYo)n@GV`R!^u!G2TiBlV^Q
z$n0s5Q9$?`qgcS>I_#Gh@Abazm{BL3&KT!L?v%ls@C@vetn`yg9N6d{NYm-NtC}Pu
zZFatw?srr!#>!@U9^g$JAX{e}IBUC;E(pS*tXZ4L4(KB~=t2G%{S7h3!7!fQ+GFtV
z{B4>~BOw7Pku!627#pk2e`0EUb=Zbn=6{qP7-b+vFkZbh#>8OeYfUK9D+kT2&jA>x
z5-_D^&~MK?#QvSE;K0(9YleieZ_2Xo2Ro*?b13|h<N7681AnM#ajdSerAA=3^K8n=
zVW!Y4157Z_s5Pq+`x%jQH(6ZHSGh4a<dE3aHV>3WQhC8rt()E;vXHMlu@ykEJJGaX
zv5-5lkomCa$vlvD#^C)qaEqPSFhh#fuMLb+V<NCLh_bX!EBT`#hwWhGz9XmNf5H*B
z&lP4orgR*fnm^%mMC+huQFF{ZfX|zjqpxAPON|tuXExKA{g!zgGkffJVIFmJ7;ItU
zlb52Lb`m&?=}~4mieQ!UbE?v794>J3X`GW`KWZ^cW^zR4Vn!I_eqx4UHX~<RdqnAG
zVPx=QEm3zar?ZuXag-skW_DtdC~@c?W)rkglJr|Y<>oX!)FNmUVBxQ~{k;o&Z&Ash
z?ZQ#g^kdNq<ghJk-fg5%i6pS-TpkFqXXjbT1o$U;?O>>>nT`yb7RC|MrA@_^na5$+
z1<~1Uou9>FU+55^L`Ya|ydQ`9TTEEk#VVZD8QCW8m<Obp`cj;xaU65TS%nIe{d2Q!
z5UyM>7{Q&ek#RVt$Ua-zLEl-o15cFQEVRR9kTCto2qGDk3NzPYxQf@X+w3)OTe|d+
zI2O?`$CMyTqPRw|I9jE!-^jB_!#TJKLhT(*J^6_@zcKO`w!ntG>;;(X?wqEK?zCe#
z*2mpq+?>m9Tt-umY5a0*+HqXWbo{7082^2gJZcq>A>n0^!|q_S&u~}nKb3hxm}6lP
z>Tu_(t|poHQc}KSNBVt>@^kbRdA+-0?g_XW9d(@8!51>PLk_o(5qFyIy*v1^>N>gm
zUA{|tW4AHogc}aPueTsPy(hwaAf|jE;d~&Kd?3?&Ah&#=@KAc741b_Xf1oaZplN%c
z9ebc#eV{*mV0e9CgnDGcd}OA4WZ`^dm3(B=bRolRFtdMTzn$h>RpSnSOf7NY?|I}g
z9OH{u5m<c`eR?E7coGDr3vZ0qzBJTY%f=78HVQLhOO(S%Qo5pwJ&9Y!YpOooYq3i)
zR!JKk$SA_?qqv<n#C<u}E7$)ny`a~)<XF{lyOVO$q<roXX}auxdUIy%45U|yuhrB<
z%)N6Z`{gEQ7>}Wfc&8*Id+PS~@eCx1U-Eo0pG&YhjeEeNvvREO-1vPh<lYMXLPFqv
z@m6my_@WNgfW-W2q50}U>ETxX;(SVPPU%s6;qJcs;(!_N!-*{od;tz2eQq$BGd_1d
z)GFt<&S%hXp~TxMzO8A!&Iq{;4AP^CzC|H6Xx7K62m<`)jGgyiCE5Ufr*9ZP^uOnu
zOF!Qd3Hwq`Wzy<3y$)TxcmupXQj-o2T$8k8CmLWhd}6ZmCo&0lcV%8<E#tBzX??=u
z*0ng_xZcM=ylWxd3<O;b!=KT*+^fbuJXb$r!k^93-->PA^DOJjMLb;U8Dk{hW+IZx
z5jO%5>3ml`+b!d@(?49(eH;Yc_Q1USBoWDrJxx!2+;>a8+dc;wy#OBSZH(@om|ul$
z9;1CeqlUhH^=}jPuV!s-ldE4-;jiNXK0}Tkg(ASOVL=*QO5a7O?;Ock{dD(#eXpyl
zUguWK>w=!)>7Kx>Z-cq_xpF^;vCkDl_i{o%@mQ}|x}W{m&cj`oqcN9z4gV9#&eH(#
z^Kk#bVt<zIpNly_M|x|Q3G;2=V;SPxA?D}AZv9mN!ZqfTdA7%lrJsBs%st}UaDm4o
zl&}5*?2~4Im8o|y6!b4JsNZBp2_OR@kccQ|?f(k;gQ3YeT&3oXMWT@i1wtYk55>X=
zu|2n-SxTgnaFDCa)*ng+GgvGaVzeG9W^;Hv9<I(GDgPCSgrm^gJW(x_$fUE_Z`_@X
zrz;gp$Wb?yOvTey7adh8nMu^(>1#Z7s@q(s)#9@ElKG^PtCw>eFVxz;GVFAFzdl@F
zrZZ}1s;L&$Vzn2qHrUQN@Y`z9n2m&21N7lnA2h2o2zgJ|lI|8J0<6KP>_6BpmZ~(%
z39dibuhyC@7f+}^oaAEcs83Jy-&mw~I)jQKuh&ep22A3M$>1?qoJVbEPI_iIpZ{KM
zw7J~geEYmC!i-XaD1GvMJYB3dw{7S3Jipc-vWg@82>g7($tB<J?sofv!g3J>L86G~
z2e~V!7}-JpnC1H;%e3PM{AgPd2g2L56Nlr^o)m-=M?sq?)MR>+L{Y>+^@q|MWE4g)
zPXf6}V+9hmNaJp|JyAhm-`+?QgkibK5@Ay;%;F^ptdF7?c%%tpxMjG>Q*myz$kQH)
zmrWD(y{V5P1)8*Wk`*N~$+N7h&NoseIv_U`9d|HR<yPd6wEwiXhEnRW0=QAr4PiHq
zlZ3KH&63SKJx{V?c|NFA1AarE29YgfW?PLa!&({zOK0tr!$9&-RSFZ>oF$niRa!;I
zC|KhNmqS9*mbBJ!TT1I8Sgz<slDp44Cs(E}n~$fqYCC7b$X1$6#(FMQl*;&A#Ftl9
z(NzC*(2&={yTUEC0itBd>-6Vg>>7J9(jDq&ygBH)uPH7WdQcG3tt(oOd6ilgl7Lla
zNubd%<^aYjnCcql%2CIt(#VZ0Avhmer(vXcpL>1xooYMta|sIl#<$7J8;8WqtL(g|
zEIiC6m>b;2K4$P3vYCiFox1?2`ZA@q7XQ!YA#}?#mw)g>QcnOZ+HJLt7l!f7#r*G!
zCtWp0T$V;P*;?8>MeLWBrdjb^<<(!kSG5`76+IlA_Fb_!n?V>lwMoGJn%Y_M@TshS
zjTrp*|9HWF?&iI9yV(w8tnF^CbU3wgV=P@@0yk3;L4-gdmFfVIuEE-z10JH8ocsP=
zu&(<-`9H6F5>sdn2aSp{i)#VP44dmMi&S14X`j6uTm3!`G-r`f1_bA&xURW>E=34`
zb3Hb|-SAyC=@OnkuY*53_b~@xm(6fS=e4{XXDb@roNi9`ye`7>u>uZu<$FJ#Hv<HJ
zwg84SU$?eCUr`T~{h%lffjCiwATz^73n`XCrh^z@a1w&xDh+=zy7%-+GWs#O6Xei4
zHNYq%29SYC4I%6@hQD4ZsosdGr3-oUpb@$F*SO%_nAwPbyR2cNt(5xEkP*y)oroO9
zGD^-@8yNmwVO=?Ih*U634)lE!oujS{<ya)DcCaEkp}zV9r%Mt@^@~4*x-o3Icx@-+
zZJ51@nUc>{X6PUShq-4iiU^_r1C@=Rsq@Ad{t}lcTeI=FP{M2G&=eQ7ay+ZMks98P
zC<G)hP+9>c8dzwGbp19+VnJ=}3s-WPV8L9Fso+*hXGXQ$KCaHtlql;}f``uD!9#En
z$HYd0HB=!ZjM5aZPnUBJA2}>|laxAYR!o}=HpMlGlB`~HOmR9^iyeg=X)R_>q)o{`
zWZZn1KK6A&lMF-8owS%Ky+DRs3Zqa2?~;2nT*wv8(uR@5s?$78#<m#Q%-5Uj{ry#r
zdN`rrGdZnx!iK_g+@=`F(o*=1R-tsFt!NW@ULewK0*zlaAKQddw3lTyM3<!`n--am
z$4@N-d8V8{?GgozaKQaosRYw`lH5BC^Nj>km%S1mEx}xw1)rco1LGz{dmSkTXG4`Z
znNng=RT)X3HoYpJ%BGHg3Qy{-u8Zzg!F^E`7}uFx@)2FYByOe3%9CY#!6LI}hk(7A
zCFAhRCFW$kjAKSiF8|~?>mO;!#m6LYiaKbynvKRTa9D?g`sOxojxJ9%7h;K?8QHqG
zrRFgtQhQ1N#WCZX*2;@RJ=go8xy1fd6CqotdAY1q)zwap*k@{Wk3D;v&&>RsXSMTS
zCB^UPiqY0Yb?@Y%R+qoV#wlcN7?9R@9Zaud-t}*7$-Tj}<vP=qhimWUr7XYI!3qjS
zMiijXbtJy%jBOP7+~h%Y?#8IK8eRHQrP(VOS?^~ky4%&QDcRz5jacZTtee)-F|=&&
zg}k-S0%#q8tE+Yo$6lUxe{I`Jx%6ya+Wk1tq<9Z?Ont#kK@_wZx>l}H*SGoC{F^JQ
zRzy+5%S%^V-J{D6oh;UcRx1zqqY}&dauwP$arnLxGW@I_5dkS;_yX(J_u}WAj68Kj
z8qC!v$H9_POlL^jmOdr!_K-eQb3`A2HEnv*ke2v$OcSl$W9iNsE-ZIUP1!+7A<$?i
zgrkBH|5Q1_ZxIkHXa0A|YeJjA#kgM1L^S+;GNKnI7ZLwdn)PG;Kixc&yw*w<6=ymw
zkEN(f=bS4Zhsq;NF)#O$AN2KoB;e=7=Wz2pBVuhaO~E;Lf743g(wibffwh#K-i|sM
zd#!EOxe_($%7E2psZRi)s1R#|Q>9Z$Cr2A*&@+2X!!s{F>Q>SdV@Q{*Ju@EX*2uhl
zPIcM2d2PU1`QM$SVzAH2d<@2O&prL^pUn<YDva8w^hry*daI@lio%v{xNJRA@>TeB
z{Xz5_#~w26Ick$CSA@Eu!(P^X<n-v`Oq2)rfNp<sO+`LV`l>+0^Nob%w*h(2hm2~=
zlQV0xwoAMFTtUVF@7#>t2x%FHH0JIp@DCDug~vy#Z@!MHj>*erDV3jjKyK{^%6G;-
zyA19Uq9)GL^|zV1M+bF5Z+$^AJ}Fw*Hir@T63ruy>-_@$xE7Sf@?)M<yzECW`>FJ5
zCW7UkA>D~yipe4QujgF0?-SVxZiSjKRgFphTlaF_g+za^X-lC0E!(|!C)}JP8{Eg0
zmB4ooCB0`-_|{XQ#7i4$?u%RT=T#l$XW<CF<C0+ZeWLAuW13@Y+v8P6>e%%buOrtq
zAz>@GTzz41&*csy?#BC0>l5L%-R7MCXX{vxf<yhsg&}b5jYIHb=$5jx+v9CGewowF
zceS59;8A?l$AVix<Sd&1d*;Sx|C{j4nDE_vqupt<;T@+VD1Z1KrySj=*lV{&y5M48
z>@Y~?P>NuSew*t)?NomwD|I8uoUk%8dw&MIL7Au&#wZzq01QBs;%9K~wO-SM{no0z
zF=F&&ZP<-W1R}Bl^B($XPXwis_IUme5~I)`lGun2Iv3cVgTkVQBC&5MS9r+0bHKdt
z+4CD+q7dDE-@vzUG1L%aVHN`;zg<t}C=#`Kcmj8O7BZ3;>mU^G0<I+0I5&qFr%qAo
zD#U_H;iJV^8Gh<##yDt+*j{UFd_967YI5XAMw>3A4g~6+IgU&qmfR++Y&cp*YBbv}
zwplJz$5*0!e1fp5Fr26e_?!(M_lsaOPvwpf9EWI~y#Q>Z;6r-CjLt++%OsMIq*1KM
z(W;0H!<6zPO8Tqt4_z1&K`|?jDT_ogc9R@ak{tVQ(-ovl)$SsA|K+PfeCW7rdLHar
zNS*BWos<G3JXlPo*=QDlL*CznlTxP4uq0F>hwMNGQ&yWoY6}x;oMJu!Qe*wBmrC6V
zge>SNZ7>0%-!BFTd4}+vdoWqpuo&4egV@>p1zBENkVynL<U6mq1_~8L_ynPhKL_pY
zgic1LtP7-N(8VkcG822n%onEeH>9#*2aUc(3MlGVrF$Y(dy*_Ah+yQ6=LTo^W*^Fg
z9hrGuse2M6>lZznG?Uu&BIXQ9Q$%@W@l*)qHAi(zN4x~4d=F&WEXC|m$Lw*XlQAaz
z2J#kSMf{`Cz*20;9djVLnR3#eI1e6u5|JuFDZ)o79nB`)uYy{Aa+A0MNE7MaKjxYy
z@XcBhguT()3MR5~@O*J0sBtlC?c|e2u<ZPQDb^z>bY&)9?Q!Ty$Y1A;N@KS`D9F`S
z%xxtKde_UOdJP;p4PNI7F0I$?e{i_dOz+G~IdS^S*@_0SfFv#^C6Kd3(s8ouegyaq
zq&5qh*;J>_9OcCB_>NKekbcF+fAK!4HIu9<SBcO)SS(%ZEQjz{{H=)u0WfHt<r1ys
zei)GcVf)v$#b$g`v`#V3fd~;?hHI&t_;m~ZC*?|XRwMvo?;Bzk{9j~ca#~=p-?2y2
zk(S&VNYWblPR^wE5msI(rzks<fwRZ%fO$>WlIT(LumeL*nlhDxqVj73P(P}00m}$3
ztG`(lwr^CvVih5E%F$sI)F*}N=euB&>%Uhv-Vt;_(aZjjln6hVi=FHk77^VN?};^S
zUSi{lZIo4TTZfyF{k<Tv`%68<e3JRRjR|{xs9z9J1T-VDp6rgGh>5~D{kB4op}wBT
z>$*OBw_7{gKQ;(6h4dzj7(Ho{r##m#0Xx}?mB<DEO;fsZVmnF_d`CiBM1oASU}>|L
zxI^|hLl{p(QMzGeEOGI@WRA#SuEb$p18bB4FsVn!sZ}t?_)GSpZv%wfqx-39NTRC6
zhW6~luL!HE_&Ll&AyGJ3(_lZ(zTSIt!z#>Dv{}IIZaj%~uP&*x?gTCGz%Ou!J5}<&
zu=`!=NKjG^u;@s#b!f6VoS;4+uO>vXP6Vh3oKTzfRwT$HwXRg8XjC=8BJK7Nd5GAk
ztX)RzS1Wv7YSku3ozMmo<b|#10tmK7t8xReh^r}oi~AY;TmRA(<-Qt;Bg;CY#VoV)
zFRGcs$TV%b>Kz5v%<No2OVcUFT&3t-aI6&09n}2mg&NPY7)kn718F;SQNi`Qc5wx7
zSb}b*j*9mAB>RFO8=L4a!TPm0j_?j~iuX}|)b;Y<)#6I%`k>`}SPdV!{b(G0j{BOC
z^LqZrMb&KW7KUAl`_Vdy=3E{9rU?}YUO(s+%G^ms!QY*dyy6`l^D=F6hRHopK;9KM
z!x5;>?g#y#MD3Eqh&2+!Ss26Fh5T5d?h%c{p$@~*!u6U+-G%=(#EHF{#f{B~zV+JF
zX;j_KP2HJ-)<Puyp$_$-z|GcRZEuiK<0QT7EJOMNgN*|InGD3O0^_p=<354I&zqep
zP07{h<^@F`!^tljF86x+sQOEu+nAE;V)z?Ssru($#;-Vs69?)K=iC>Nx(cMa&rwET
zFXM}ILFY<6YGplNX4vz^ZiheGC*W52sUG~Z9z^ob0=8BZ-=AApJB+;Xo11z_kGq?n
zdWi75=ZsoVp9UC1MyLPwfKQB2`3-QG4jvL!FTbv9)9RrQ<A)gT;QIc|)8+jhs_(gK
zK*D5z?xKGrpiAMff7@yJ7(YiuWJaW%LG5!y5^Y3BbwX~N-(H~VWN^9!vN)k$j-VMb
zW9$AwPiMv<y#r)2U;@c-gB!oEPO*v`pX)Gj@|p2Z@1HI1e|j1(1;`Wpnel9G5zn2z
zXg1If8;KcNFskoS-SX4@ui*jrMCpjqv&^KyH>rt@B$iE-0e8p(`GllSCSbPYeO07>
zO*bSglx+<(eGgAz&V)lZZ!5=S`7AWFsC3Z`KHH77w=7Jm^`wprhOTrB!MO}j%>=+E
z7S3j-$NPmhDp11aFgaoh-ex#fRt`rOI#E{k02jBYD@xW(Vh<M1{AOStG*|uO?o1SA
z@*|5aE6-dr6e26{?&G0&3PH0oA14z(@DY8JRRHlxX>E(WkBN`}wOJ6HO%#evSkRTL
zSxpqYaZ#>CT(^-^^hq>*3--1F^vYS>utiGLNy3&*`14M<k8!EeSt`Co7STyM8~DTw
z&NA12C)3=*-PfX!|3_|$jRC5mE$5CRxP|YwMcLzz;^z}}fT;|)s{$drTJ|3mT6O_b
z7C~MYS;<z7+dDPYXP)NUAZHg1M|SPU2F?6dzEB6o#YffjR$Wqdow3%VC@oc5*5z(?
zgX9*yQzeim_BH$pzh!o1Og95e0HnvWL9z7a8@sX}zS1KcPrMs;I@1@dyAbXRDCG;Z
zwt^v)5DgfBo%2zjmBn1s(c1FC+7xg@0<ch=xUG=4yewx1CzPjrq?LUkNpAo>bs+V4
zBFKMnD3%}%ZgPNYvkCZPtBbTr)PFnd-ZIaGL2zcL<<4=)VdLR?W6|blntFfs!Qp7z
z<`Mq7SN7sG<>;)6v<V&P&DwU$)rK3);fhKZL*L|9?d)`U=NHak>&ofx$Z3Ad>6Ok2
zpWg;rivU)^`4<kv$A!Z*fXr8PJ4~q!JpP5_lrsPb@OONLeB}%`e6z7_4=iR1LRIpn
zY>#B*+HCjeUID~Naf!FJvgmS!xo`$F-v)eg#xXK^E_y~>zD59(-!?MZ6Y5_#TmhDr
zbf+v4(T{b@axF2BT#m0VVV0iZs$Ox7+-l7n@o#FNrWxa9aeBCK35eW2)m(e>kF@HX
zF|S<NmyKzR)Sfd@LQtB{>2Dd?o{608?d@-OtsVK`kJ)f_G0KYs%xl!3*fhd12&rjU
zL5;b)+=+;RiH0%eobUODJO#KJ9>gDIrdlB|oh=_4yMNM)t7n2ldH$w%<ZVvkRg;zV
zdB>>!;dH`u!v0uMp7Ri2n?uNi5ag*keNR;F{OKgD!R%s%>a@bg$_QStpw6f`?QFjN
zsFiG}-|eWX=P7CLY;^o=RBVf9&cH<POy5*DBIhY4?5tf>>;j4Au9EyHDUXy9fk<=t
zbQE;@Gxu3a$}4-loCD-iZ1Cv<_lX<s;y>W65%fw~^f5=3;+<&fLlkd~e{Y524Il0j
zp!NMqdx^#Us=oXj!iDZH{umBNA7G?aG4|!r<c=@qg9zyU2;nP%>t0Ol{!fM+YvUda
z=9(I7`tRL(IGNin+lxSeVy5~?=h}C2vul?0+a@|f{<&MZzq=KRAK-I9f#D|v7@J|`
zUwy0_1FA6y`>AB`fI#pqms73a@`u~`t+w^V`#`4`cWsfXus;Lw1fW2`GDbm;_)Fry
zR#W)08hSRnzE@3Co%nqmw($=z1zcX-)~jDn?)d-7cK%Z|$?cuovlP%ggf5OxiX+Fu
zdHx)c`2eZ#IInI4+v5kv;=bhV1(8a!#C<!YY@hC$Uy^tms2>Go{04{n(PjNfhtkf;
zpGUTj9zwMLNBagwCgjc(0HWl7iR)zz(QlpL_xH2s`Rzy6_74Hn8vs1uF8s5m8bvqJ
zyB?|sjHwUIZ0tj@&r(wGGW*x_RBxAN?}8QZ#n#h*w=2A!PY48w>P~1N2pkTFFC)QN
zG#rswB84l_L_8V<%WSDV(Nr>?P&f>YJIPEsnNqpze*!QL&+$~blK*8(moH()JUM`7
zfCLL}D#*EDKmY~-fCd!`^x#062mm0U*)yn2r%$0~1YnVBRjXIAGAz1PA;E+QyMFcR
zHS7VfWzCY!x|VI*i5R2Cl{=SiUAuSj<`ucL=gpfq7bsYOz~@lIL<a(0s+1{Ey^rNi
zbvv1I<+NKRqt%S?tk{K@wPMa}nRIE1a3QBwy_$7v*Qu8R{TpBb?b<zm9u~?VF=5`Z
zo4yt<a<pmV#~*ffsGRv!wV%OuR*syyan!@HXV<=+J6_<k124GUShr9B0RRY4FOYn9
z?ZvCdCp|rM@#fOUMt`m!zI^{yuX9hp0SPQnK)!+!05HME%hIU4rqEMwz4IJ1(6#>l
z%MdI2JZosW5BckAw4yXD5kL!3Oi{%Z=>jeQ0ciV6yZ~s*?Lnf}BWyR2L@SC#mM}C?
z$RUX=61f0>Oj5}unPk94pm0J!yasO!D!ub0gz=*uw`$U)AdL)D%rVJ?2uUx|OjFI_
zo>V}A0T3XJu$qPv2t7Nkd@;+AxD;qj;>rwE&_TmI^Up&OO*AS5t88?)ECm>;&n^)K
zlh8{s&D1SJ746j1PfdFAFwq>Xup}Qh;xbK3H660Y4O`8WQ&4HG|Fu>+&zqD&3L8yn
zAmUX0k=0mB?2{@Ei4}8JTbXV4&&GH)kJM7}3f913ll||$5kC`=EE2PI)!A{$Ef>We
z3B)$s>Ohoizs$~hcU=va{ZrR_@ikZ9ePOZ|J9X!^PA$zYi+A9H4-WXadW9`&%7-D2
zSmKEx9w>o}FJ_qEjXCB~wBZ0&*s^v-M9bj(LKgWdjR$m?;+J8D*<y@orkUlAan4yI
ze;-R(<xRQluwbD<8~SI{ZocrKn3--`;)80ATI!^Au3Bewt35hH(UJ?XWTTPQdc&6S
zE!*sw0gzg4wW+q+?W(bk%4f0ZuG`E40dQ0Az4`9j@4pqu`&*#E0~cKIjMq-w=C>Jd
z{8XM-n%nNl?QUDOyaCT#bG{81EpWsYSKM;PNzeISl_aNJb&*Gh4D-!l&s^}nXHPo;
z+e2Tw_0oC2deSdbUtM@&ch~Fn*pc6RcFqUK9rxU)?p^xnf$dY$;k$+}?B)F1p6=p}
zPhNbzmsh@djGu?TX7H(R-}ksX3VvO1369A7%I-g!{k)DJKX$_j*Sy1lPJL0^pZgGK
zHGd^+a$MO=w-DB?lX>VqpqXIh&gH-H0g!_Oyj=mKmp~DYkWa=E9%oQyvTv=BX!0tW
z(ZZ6y`K9P}0N~3FafrjB@C9?_BVPc~2SNjq|B#49+)~ggmqPwH@P#N$OA}qVEe8JV
zfczt04s}?70@x6Xxf(zZ3CB4g5>SX4GvXOZ_bXo^k%}vX&J^+UM1r`mEESX?@mN$t
zEbftqS6oUD`{$<G1+k3iL!+YLr$#mQtBRFcB<j2c!EoVci7Mol8|{-qf_Y7U!qQ;!
zI)|Ch5weiCJESA8bC8|+2`Y~?9i@C_CKJl)V3e%o1z$+PfmN`6^J--HK8ZXI7H*KF
zEaWdwDI8aNM3JnN3M{b(%Z|bCOUGg(_OMwRWL7Jf!Yo_>n>R`_mT{ZOY|S#`$I3;n
zQ=QJ_O*_lErriZ^QrWa;R^n-w^p#R{|7jD*?fz*y=ke2&=3JFKj|dlbV&<8tglFT5
zCqG?s?Vc62-;(x8(5d;8qW}e6MhlovgQn(@s%+><QJPMNDiom#?AMWIY0+%9R7HX8
zChfra&6$0WpCTQp>pr$hmaf#K?_6m^X^J!UNz|IJlIiNsB+c&F^rp(osQ?Gs)1Pj2
zUk79=KCk&y)}gMb=d7yiuG%?cl9Q`#C07-{3N)vRb&{<_l|BV|HeCf!r)nLi5Pj-a
z!EUFKah*?0={l&uA~mUz6C^+#CXhHy7NqOrs{o0)R=^IHv$QH~tHPRCBQ5rEWtG%p
zMY90R<gRvo&Fo)6NZQWMb~V2=GOV_ACED)Q^sZ7t?Y*GaTFmaWvcaXTfT-D$#*VO@
zw>1&IbW54#HcYSgx@-rtT1wgf9`__gHErako4|Zd(U-Z6?y)K*Nb~7cjJ3nAW@F1;
z?tC|;DP^cpo7vmbnXX#oZDT#p`;|n2k$lx{Z(3i=Q|-!ks`oXjP$A4rXD&3t53VoA
zwu{sgLbswBcAa_)%wDUyx3AefCWF&OVOKhMq0pT0i#>d;>@e|rdTpSm09jowUAM&W
z4JnFe+~QPWWV-pSuu3b8&aPTWl69-@3~>zNyo&gTB*v<b)fZzRCseAvWh{*0Syl>P
zcw<_QNs}q3W9LrB%vKDeltC#**IpU6Ki)D8!z<V}$A!ile)4nireu;37|!0b>YV+m
z;1l0D(1NDzo_prsB&ylP#ub5d_2^5SLRS@#h&J(N869dGj!V*XrSz#$ooee1ddjLE
z9HJ9k+{9g4)U`g9zDgb7s)X6qy{@jN-+b0E4mZ)VHXyBSoowQ~vd_BiT9P2gqfOtm
z)5QMttd-5IJWmhVc|<i^%!b=0N%d6I?q;>$Tj%v<o82--v4fw|Yc*|K+QB|6x_hi{
zGqyX(s&prqz02aEdO4^r<@c5eEo^+#S<&l0c#t{rZ`4S9l|!!hJ1u^3jl=EXKu-9*
z^Xh5%cK^HM2&MQlGmdeMw=?A`-}u!!{%&&zbK#*RBgtd#a+I&!p&Nhk&VjCTq4PKA
z+|6;XLvC$>?z`yk2~fdLuJfNu{ps-Lc++P~Rbj&#Y5>K0@914FoPXU`T32`ni8*w#
zE7j_GTssNJ{&u;yZ0_Q%``zCbcf2!s?|oOQ-=(K_z^_Q+qYFEp&so9=dkkHfri<f&
zba?P?+oX<GTAnTc_`!?tp~@A!=M&G&BS$sKWS+~!CC?+%e+hUjGcu6$iTQsUZ}Z|M
zGED{UZ+PcEzXA8MQ14psFQ-1<z!E*<k-XxhqDuFE>e8>2KX3~tvZR#{KE(xX{o5BF
zssGdez3+i<;ff1+$j)be=3!rZ_mSJ=ERA^8gRb)Szd!zu^Lfu(PEt(MKcPtW{`UFr
z^<MA)P73-uPXJj?{yOi$C<UFGi2xbU{D#W(RO|pPZ~`R^1I3Te)NlPXaQG7N<#^5d
z_>botPvBZ^{#b)yst@_z4+9-d0#RxJ5wPlD@B$?a0yl5~%kKqeu>Ee(P@2#GYB2nK
za0k&ZayqbmxUc?15dPFI{!}oXa**dz5DIIn|AelwmWc+{$p?*0`*=eK6$t_j5XPjU
z03QklG4A)Kj|{)C2%m1}$`B6mi^%FP4974E`(+8K2MB?WonBDCTui0J%nk2Q5DcG?
z+<Jzr{IFI&?-Bnc(Iu!R5+~6qEb$UGk@YrlnmX|ll_V2Ev06s46i3Yz%|#SZ5foi-
z`I1n%G7t|Fao||+74eMtO6vn7PqtKX6%on(C=vhWZP`|D18=SMj&Kj_>t;d_Z;<iy
z7SLCY>@IrI7aa)`s}Xg$Oqzxe2~iL7cE%f{%KX-d-g?g%KZe(4(dAsM=akGxbT9n4
z?+^=50(b8mZE;Jiv2>vB9vcuCzbp`Y4<P*!5kbZU&CuV#FdF$}8u6<KZ4m(Z@C*}@
z7O74aD-y!~aU9h!2!GHc6|f^CEDRY^8uyXgP_G2%F9f4bCGl?xTavI4k_Rc0%#tvu
zj_M-^EzG;B=Ll)i710n5bMhSlun05K7*Vb!Gm;0j@gyAw1ygP%36fKwk`A#jCf@`3
zB=Y|>unx~q2nUfJbJD(m@Ef@>4j1qokEr}^Pa|ir4Zn*b<FWgKa?B=BF2yeanbIVk
zGVg>DCgG1IU-B;p(<SpSD-Tlt=&lDNZ5*?a6Z_I_`jH#&s~Owz`UH~@4|B$p>2i>(
z3vto&9CN@TlL==fG(E92LFF-3Q<+YaHD$6jaZEO8Q=e)Rk#7GpH|2(~P?H1wulT@=
zk#w=U9Fp&J^El6JzML)t?P~HOsyF$trjWB)rY;!m${>evEtL^26VblLj}{f`;y6+n
z$<ZpiGbxAj4J|G$nbSN~ulmaKA?tGL%F_#h5zLS>3#YT}3adX~u2L9}sMyc>1ad14
zk;@7c9m`TF*|Hw>us!!O4apKDjglzSQU;ImHDGf;F|9fQ?n4325aCn%(s3+jvBgHv
z!<J>tD6k2OlQAI_5MlJf956H6Ge*<X26gf%nX)D;kV2tTCN`8qwbMOAGUHm(6^j(;
zs*@ebb3C^Y3uzBQ2hj~3bNhf&2&0dv?(jfqwE4`k1aI|}zI^ZbjtWG{F9Pq9L<8|5
zHIzu@NlV2OCxvk$ug@^0ur1@WDnT&AhV)tplz(t9NM{pH4+=?B(oV0?{-V?h*E1X~
zGg1H3GtG%mTW>-0&QRy=PMNe2?{84)@eqx0LJL$<6I3xZ71~mDRgaHV3C~qwbvt9#
z-DWjasj?ZN4ODwFRbG@=$E{bH<WFn0)^2s;#?4X>&r;7xSO;xbZB_B4G9dHvJEhfQ
zK2jp>5l4$MD7{Z4*Rw5Ubxw~|KC@L2>2oU;ktg#p^qdt=YcWNU68aJ}AH`5jTht?2
zbW6pt?UoS-?UgGTG%s;5LZ_--qYafR88iBBR6(UwBL}u5my%ma(m+9TG)MAbL2?@H
zat-~pU=5Z?5jHNrlJpLg5J$5_Sq@YgYBIajUiB67%Ct>UHcUr#WQ`CW0~Rqqc0UD=
zSr5)<cUHcDb~=YPXdlgJJr-$o)7O}`X`S|Ip*Cuzc4~!BX|48Zu{LY9c5At|YrXbs
h!8UBgc5KPEY|Zv;(Kc<>c5T_VZQb^5`!XN^06S-}R*3)r

diff --git a/www/test_dir/bin/.htaccess b/www/test_dir/bin/.htaccess
new file mode 100644
index 0000000000..8fd8c463a1
--- /dev/null
+++ b/www/test_dir/bin/.htaccess
@@ -0,0 +1 @@
+Deny all

From b61d4e605eb76c21892ddfb4a74c851768cc3433 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 25 Feb 2007 12:19:32 +0000
Subject: [PATCH 055/301] index.html change

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@66 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index f09fa6a3aa..06be5cefaa 100644
--- a/www/index.html
+++ b/www/index.html
@@ -7095,7 +7095,7 @@
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
-<div tiddler="StyleSheet" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
 <div tiddler="axhttpd" modifier="CameronRich" modified="200702250320" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Permissions Checking__\n\nAn mconf option. This will display the various file permissions to standard output of files in web root.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->

From dd470db956d790bb1ac160b8109b1f39fc0f9fc7 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:34:36 +0000
Subject: [PATCH 056/301] resurrected this trunk branch

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@68 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                                      |  162 -
 README                                        |    3 -
 bindings/Config.in                            |   89 -
 bindings/Makefile                             |   63 -
 bindings/README                               |   43 -
 bindings/csharp/Makefile                      |   23 -
 bindings/csharp/axTLS.cs                      |  477 --
 bindings/generate_SWIG_interface.pl           |  328 -
 bindings/generate_interface.pl                |  307 -
 bindings/java/Makefile                        |   93 -
 bindings/java/SSL.java                        |  125 -
 bindings/java/SSLCTX.java                     |  219 -
 bindings/java/SSLClient.java                  |   66 -
 bindings/java/SSLReadHolder.java              |   49 -
 bindings/java/SSLServer.java                  |   60 -
 bindings/java/SSLUtil.java                    |  104 -
 bindings/perl/Makefile                        |   81 -
 bindings/vbnet/Makefile                       |   23 -
 bindings/vbnet/axTLSvb.vb                     |  179 -
 config/Config.in                              |  120 -
 config/JMeter.jmx                             |  247 -
 config/Rules.mak                              |  220 -
 config/axhttpd.aip                            |  149 -
 config/axtls.RES                              |  Bin 22748 -> 0 bytes
 config/axtls.rc                               |   32 -
 config/linuxconfig                            |  102 -
 config/makefile.conf                          |  121 -
 config/makefile.dotnet.conf                   |   53 -
 config/makefile.java.conf                     |   56 -
 config/makefile.post                          |   19 -
 config/scripts/config/Kconfig-language.txt    |  255 -
 config/scripts/config/Makefile                |  121 -
 config/scripts/config/conf.c                  |  583 --
 config/scripts/config/confdata.c              |  458 --
 config/scripts/config/expr.c                  | 1099 ---
 config/scripts/config/expr.h                  |  195 -
 config/scripts/config/lex.zconf.c_shipped     | 3688 ---------
 config/scripts/config/lkc.h                   |  123 -
 config/scripts/config/lkc_proto.h             |   40 -
 .../scripts/config/lxdialog/BIG.FAT.WARNING   |    4 -
 config/scripts/config/lxdialog/checklist.c    |  372 -
 config/scripts/config/lxdialog/colors.h       |  161 -
 config/scripts/config/lxdialog/dialog.h       |  199 -
 config/scripts/config/lxdialog/inputbox.c     |  240 -
 config/scripts/config/lxdialog/menubox.c      |  438 -
 config/scripts/config/lxdialog/msgbox.c       |   85 -
 config/scripts/config/lxdialog/textbox.c      |  556 --
 config/scripts/config/lxdialog/util.c         |  375 -
 config/scripts/config/lxdialog/yesno.c        |  118 -
 config/scripts/config/mconf.c                 |  977 ---
 config/scripts/config/menu.c                  |  390 -
 config/scripts/config/mkconfigs               |   67 -
 config/scripts/config/symbol.c                |  809 --
 config/scripts/config/util.c                  |  109 -
 config/scripts/config/zconf.l                 |  366 -
 config/scripts/config/zconf.tab.c_shipped     | 2130 -----
 config/scripts/config/zconf.tab.h_shipped     |  125 -
 config/scripts/config/zconf.y                 |  690 --
 config/win32config                            |  115 -
 docsrc/Makefile                               |   27 -
 docsrc/axTLS.dox                              | 1237 ---
 docsrc/doco_footer.html                       |    3 -
 docsrc/images/axolotl.jpg                     |  Bin 3041 -> 0 bytes
 docsrc/images/tsbasbw.gif                     |  Bin 2481 -> 0 bytes
 httpd/Config.in                               |  125 -
 httpd/Makefile                                |  104 -
 httpd/axhttp.h                                |  133 -
 httpd/axhttpd.c                               |  661 --
 httpd/htpasswd.c                              |  124 -
 httpd/mime_types.c                            |  194 -
 httpd/proc.c                                  | 1031 ---
 httpd/tdate_parse.c                           |  107 -
 samples/Config.in                             |   56 -
 samples/Makefile                              |   46 -
 samples/c/Makefile                            |   66 -
 samples/c/axssl.c                             |  864 --
 samples/csharp/Makefile                       |   36 -
 samples/csharp/axssl.cs                       |  743 --
 samples/java/Makefile                         |   39 -
 samples/java/axssl.java                       |  746 --
 samples/java/manifest.mf                      |    1 -
 samples/perl/Makefile                         |   31 -
 samples/perl/axssl.pl                         |  629 --
 samples/vbnet/Makefile                        |   36 -
 samples/vbnet/axssl.vb                        |  687 --
 ssl/BigIntConfig.in                           |  132 -
 ssl/Config.in                                 |  274 -
 ssl/Makefile                                  |  101 -
 ssl/aes.c                                     |  444 -
 ssl/asn1.c                                    |  864 --
 ssl/bigint.c                                  | 1506 ----
 ssl/bigint.h                                  |   93 -
 ssl/bigint_impl.h                             |  105 -
 ssl/cert.h                                    |   43 -
 ssl/crypto.h                                  |  285 -
 ssl/crypto_misc.c                             |  337 -
 ssl/hmac.c                                    |   88 -
 ssl/loader.c                                  |  377 -
 ssl/md5.c                                     |  281 -
 ssl/openssl.c                                 |  207 -
 ssl/os_port.c                                 |  142 -
 ssl/os_port.h                                 |  166 -
 ssl/p12.c                                     |  474 --
 ssl/private_key.h                             |   54 -
 ssl/rc4.c                                     |   78 -
 ssl/rsa.c                                     |  330 -
 ssl/sha1.c                                    |  236 -
 ssl/ssl.h                                     |  429 -
 ssl/test/Makefile                             |   65 -
 ssl/test/axTLS.ca_key.pem                     |   15 -
 ssl/test/axTLS.ca_x509.cer                    |  Bin 483 -> 0 bytes
 ssl/test/axTLS.ca_x509.pem                    |   13 -
 ssl/test/axTLS.device_key                     |  Bin 609 -> 0 bytes
 ssl/test/axTLS.device_key.pem                 |   15 -
 ssl/test/axTLS.encrypted.p8                   |  Bin 385 -> 0 bytes
 ssl/test/axTLS.encrypted_pem.p8               |   11 -
 ssl/test/axTLS.key_1024                       |  Bin 609 -> 0 bytes
 ssl/test/axTLS.key_1024.pem                   |   15 -
 ssl/test/axTLS.key_2048                       |  Bin 1191 -> 0 bytes
 ssl/test/axTLS.key_2048.pem                   |   27 -
 ssl/test/axTLS.key_4096                       |  Bin 2349 -> 0 bytes
 ssl/test/axTLS.key_4096.pem                   |   51 -
 ssl/test/axTLS.key_512                        |  Bin 321 -> 0 bytes
 ssl/test/axTLS.key_512.pem                    |    9 -
 ssl/test/axTLS.key_aes128.pem                 |   12 -
 ssl/test/axTLS.key_aes256.pem                 |   12 -
 ssl/test/axTLS.noname.p12                     |  Bin 1483 -> 0 bytes
 ssl/test/axTLS.unencrypted.p8                 |  Bin 347 -> 0 bytes
 ssl/test/axTLS.unencrypted_pem.p8             |   10 -
 ssl/test/axTLS.withCA.p12                     |  Bin 2089 -> 0 bytes
 ssl/test/axTLS.withoutCA.p12                  |  Bin 1573 -> 0 bytes
 ssl/test/axTLS.x509_1024.cer                  |  Bin 475 -> 0 bytes
 ssl/test/axTLS.x509_1024.pem                  |   12 -
 ssl/test/axTLS.x509_2048.cer                  |  Bin 607 -> 0 bytes
 ssl/test/axTLS.x509_2048.pem                  |   15 -
 ssl/test/axTLS.x509_4096.cer                  |  Bin 863 -> 0 bytes
 ssl/test/axTLS.x509_4096.pem                  |   20 -
 ssl/test/axTLS.x509_512.cer                   |  Bin 406 -> 0 bytes
 ssl/test/axTLS.x509_512.pem                   |   11 -
 ssl/test/axTLS.x509_aes128.pem                |   11 -
 ssl/test/axTLS.x509_aes256.pem                |   11 -
 ssl/test/axTLS.x509_bad_after.pem             |   11 -
 ssl/test/axTLS.x509_bad_before.pem            |   11 -
 ssl/test/axTLS.x509_device.cer                |  Bin 401 -> 0 bytes
 ssl/test/axTLS.x509_device.pem                |   24 -
 ssl/test/deutsche_telecom.x509_ca             |  Bin 670 -> 0 bytes
 ssl/test/equifax.x509_ca                      |  Bin 646 -> 0 bytes
 ssl/test/killopenssl.sh                       |    2 -
 ssl/test/make_certs.sh                        |  162 -
 ssl/test/microsoft.x509_ca                    |  Bin 1046 -> 0 bytes
 ssl/test/microsoft.x509_ca.pem                |   24 -
 ssl/test/perf_bigint.c                        |  216 -
 ssl/test/ssltest.c                            | 1813 -----
 ssl/test/test_axssl.sh                        |  136 -
 ssl/test/thawte.x509_ca                       |  Bin 811 -> 0 bytes
 ssl/test/verisign.x509_ca                     |  Bin 668 -> 0 bytes
 ssl/test/verisign.x509_ca.pem                 |   16 -
 ssl/test/verisign.x509_my_cert                |  Bin 1095 -> 0 bytes
 ssl/test/verisign.x509_my_cert.pem            |   25 -
 ssl/tls1.c                                    | 2044 -----
 ssl/tls1.h                                    |  288 -
 ssl/tls1_clnt.c                               |  338 -
 ssl/tls1_svr.c                                |  450 --
 www/bin/.htaccess                             |    2 -
 www/favicon.ico                               |  Bin 22486 -> 0 bytes
 www/index.html                                | 7105 -----------------
 www/test_dir/bin/.htaccess                    |    1 -
 www/test_dir/health.sh                        |   12 -
 www/test_dir/no_http/.htaccess                |    1 -
 www/test_dir/no_http/.htpasswd                |    2 -
 www/test_dir/no_http/index.html               |    6 -
 www/test_dir/no_ssl/.htaccess                 |    1 -
 www/test_dir/no_ssl/index.html                |    6 -
 www/test_dir/some_text.txt                    |    1 -
 www/test_dir/test_cgi.php                     |    6 -
 175 files changed, 46311 deletions(-)
 delete mode 100644 Makefile
 delete mode 100644 README
 delete mode 100644 bindings/Config.in
 delete mode 100644 bindings/Makefile
 delete mode 100644 bindings/README
 delete mode 100644 bindings/csharp/Makefile
 delete mode 100644 bindings/csharp/axTLS.cs
 delete mode 100755 bindings/generate_SWIG_interface.pl
 delete mode 100755 bindings/generate_interface.pl
 delete mode 100644 bindings/java/Makefile
 delete mode 100644 bindings/java/SSL.java
 delete mode 100644 bindings/java/SSLCTX.java
 delete mode 100644 bindings/java/SSLClient.java
 delete mode 100644 bindings/java/SSLReadHolder.java
 delete mode 100644 bindings/java/SSLServer.java
 delete mode 100644 bindings/java/SSLUtil.java
 delete mode 100644 bindings/perl/Makefile
 delete mode 100644 bindings/vbnet/Makefile
 delete mode 100644 bindings/vbnet/axTLSvb.vb
 delete mode 100644 config/Config.in
 delete mode 100755 config/JMeter.jmx
 delete mode 100644 config/Rules.mak
 delete mode 100755 config/axhttpd.aip
 delete mode 100644 config/axtls.RES
 delete mode 100644 config/axtls.rc
 delete mode 100644 config/linuxconfig
 delete mode 100644 config/makefile.conf
 delete mode 100644 config/makefile.dotnet.conf
 delete mode 100644 config/makefile.java.conf
 delete mode 100644 config/makefile.post
 delete mode 100644 config/scripts/config/Kconfig-language.txt
 delete mode 100644 config/scripts/config/Makefile
 delete mode 100644 config/scripts/config/conf.c
 delete mode 100644 config/scripts/config/confdata.c
 delete mode 100644 config/scripts/config/expr.c
 delete mode 100644 config/scripts/config/expr.h
 delete mode 100644 config/scripts/config/lex.zconf.c_shipped
 delete mode 100644 config/scripts/config/lkc.h
 delete mode 100644 config/scripts/config/lkc_proto.h
 delete mode 100644 config/scripts/config/lxdialog/BIG.FAT.WARNING
 delete mode 100644 config/scripts/config/lxdialog/checklist.c
 delete mode 100644 config/scripts/config/lxdialog/colors.h
 delete mode 100644 config/scripts/config/lxdialog/dialog.h
 delete mode 100644 config/scripts/config/lxdialog/inputbox.c
 delete mode 100644 config/scripts/config/lxdialog/menubox.c
 delete mode 100644 config/scripts/config/lxdialog/msgbox.c
 delete mode 100644 config/scripts/config/lxdialog/textbox.c
 delete mode 100644 config/scripts/config/lxdialog/util.c
 delete mode 100644 config/scripts/config/lxdialog/yesno.c
 delete mode 100644 config/scripts/config/mconf.c
 delete mode 100644 config/scripts/config/menu.c
 delete mode 100755 config/scripts/config/mkconfigs
 delete mode 100644 config/scripts/config/symbol.c
 delete mode 100644 config/scripts/config/util.c
 delete mode 100644 config/scripts/config/zconf.l
 delete mode 100644 config/scripts/config/zconf.tab.c_shipped
 delete mode 100644 config/scripts/config/zconf.tab.h_shipped
 delete mode 100644 config/scripts/config/zconf.y
 delete mode 100644 config/win32config
 delete mode 100644 docsrc/Makefile
 delete mode 100644 docsrc/axTLS.dox
 delete mode 100644 docsrc/doco_footer.html
 delete mode 100644 docsrc/images/axolotl.jpg
 delete mode 100644 docsrc/images/tsbasbw.gif
 delete mode 100644 httpd/Config.in
 delete mode 100644 httpd/Makefile
 delete mode 100644 httpd/axhttp.h
 delete mode 100644 httpd/axhttpd.c
 delete mode 100644 httpd/htpasswd.c
 delete mode 100644 httpd/mime_types.c
 delete mode 100644 httpd/proc.c
 delete mode 100644 httpd/tdate_parse.c
 delete mode 100644 samples/Config.in
 delete mode 100644 samples/Makefile
 delete mode 100644 samples/c/Makefile
 delete mode 100644 samples/c/axssl.c
 delete mode 100644 samples/csharp/Makefile
 delete mode 100644 samples/csharp/axssl.cs
 delete mode 100644 samples/java/Makefile
 delete mode 100644 samples/java/axssl.java
 delete mode 100644 samples/java/manifest.mf
 delete mode 100644 samples/perl/Makefile
 delete mode 100755 samples/perl/axssl.pl
 delete mode 100644 samples/vbnet/Makefile
 delete mode 100644 samples/vbnet/axssl.vb
 delete mode 100644 ssl/BigIntConfig.in
 delete mode 100644 ssl/Config.in
 delete mode 100644 ssl/Makefile
 delete mode 100644 ssl/aes.c
 delete mode 100644 ssl/asn1.c
 delete mode 100644 ssl/bigint.c
 delete mode 100644 ssl/bigint.h
 delete mode 100644 ssl/bigint_impl.h
 delete mode 100644 ssl/cert.h
 delete mode 100644 ssl/crypto.h
 delete mode 100644 ssl/crypto_misc.c
 delete mode 100644 ssl/hmac.c
 delete mode 100644 ssl/loader.c
 delete mode 100644 ssl/md5.c
 delete mode 100644 ssl/openssl.c
 delete mode 100644 ssl/os_port.c
 delete mode 100644 ssl/os_port.h
 delete mode 100644 ssl/p12.c
 delete mode 100644 ssl/private_key.h
 delete mode 100644 ssl/rc4.c
 delete mode 100644 ssl/rsa.c
 delete mode 100644 ssl/sha1.c
 delete mode 100644 ssl/ssl.h
 delete mode 100644 ssl/test/Makefile
 delete mode 100644 ssl/test/axTLS.ca_key.pem
 delete mode 100644 ssl/test/axTLS.ca_x509.cer
 delete mode 100644 ssl/test/axTLS.ca_x509.pem
 delete mode 100644 ssl/test/axTLS.device_key
 delete mode 100644 ssl/test/axTLS.device_key.pem
 delete mode 100644 ssl/test/axTLS.encrypted.p8
 delete mode 100644 ssl/test/axTLS.encrypted_pem.p8
 delete mode 100644 ssl/test/axTLS.key_1024
 delete mode 100644 ssl/test/axTLS.key_1024.pem
 delete mode 100644 ssl/test/axTLS.key_2048
 delete mode 100644 ssl/test/axTLS.key_2048.pem
 delete mode 100644 ssl/test/axTLS.key_4096
 delete mode 100644 ssl/test/axTLS.key_4096.pem
 delete mode 100644 ssl/test/axTLS.key_512
 delete mode 100644 ssl/test/axTLS.key_512.pem
 delete mode 100644 ssl/test/axTLS.key_aes128.pem
 delete mode 100644 ssl/test/axTLS.key_aes256.pem
 delete mode 100644 ssl/test/axTLS.noname.p12
 delete mode 100644 ssl/test/axTLS.unencrypted.p8
 delete mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 delete mode 100644 ssl/test/axTLS.withCA.p12
 delete mode 100644 ssl/test/axTLS.withoutCA.p12
 delete mode 100644 ssl/test/axTLS.x509_1024.cer
 delete mode 100644 ssl/test/axTLS.x509_1024.pem
 delete mode 100644 ssl/test/axTLS.x509_2048.cer
 delete mode 100644 ssl/test/axTLS.x509_2048.pem
 delete mode 100644 ssl/test/axTLS.x509_4096.cer
 delete mode 100644 ssl/test/axTLS.x509_4096.pem
 delete mode 100644 ssl/test/axTLS.x509_512.cer
 delete mode 100644 ssl/test/axTLS.x509_512.pem
 delete mode 100644 ssl/test/axTLS.x509_aes128.pem
 delete mode 100644 ssl/test/axTLS.x509_aes256.pem
 delete mode 100644 ssl/test/axTLS.x509_bad_after.pem
 delete mode 100644 ssl/test/axTLS.x509_bad_before.pem
 delete mode 100644 ssl/test/axTLS.x509_device.cer
 delete mode 100644 ssl/test/axTLS.x509_device.pem
 delete mode 100644 ssl/test/deutsche_telecom.x509_ca
 delete mode 100644 ssl/test/equifax.x509_ca
 delete mode 100755 ssl/test/killopenssl.sh
 delete mode 100755 ssl/test/make_certs.sh
 delete mode 100644 ssl/test/microsoft.x509_ca
 delete mode 100644 ssl/test/microsoft.x509_ca.pem
 delete mode 100644 ssl/test/perf_bigint.c
 delete mode 100644 ssl/test/ssltest.c
 delete mode 100755 ssl/test/test_axssl.sh
 delete mode 100644 ssl/test/thawte.x509_ca
 delete mode 100644 ssl/test/verisign.x509_ca
 delete mode 100644 ssl/test/verisign.x509_ca.pem
 delete mode 100644 ssl/test/verisign.x509_my_cert
 delete mode 100644 ssl/test/verisign.x509_my_cert.pem
 delete mode 100644 ssl/tls1.c
 delete mode 100644 ssl/tls1.h
 delete mode 100644 ssl/tls1_clnt.c
 delete mode 100644 ssl/tls1_svr.c
 delete mode 100644 www/bin/.htaccess
 delete mode 100644 www/favicon.ico
 delete mode 100644 www/index.html
 delete mode 100644 www/test_dir/bin/.htaccess
 delete mode 100755 www/test_dir/health.sh
 delete mode 100644 www/test_dir/no_http/.htaccess
 delete mode 100644 www/test_dir/no_http/.htpasswd
 delete mode 100644 www/test_dir/no_http/index.html
 delete mode 100644 www/test_dir/no_ssl/.htaccess
 delete mode 100644 www/test_dir/no_ssl/index.html
 delete mode 100644 www/test_dir/some_text.txt
 delete mode 100755 www/test_dir/test_cgi.php

diff --git a/Makefile b/Makefile
deleted file mode 100644
index 568770c1e6..0000000000
--- a/Makefile
+++ /dev/null
@@ -1,162 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
--include config/.config
-
-ifneq ($(strip $(HAVE_DOT_CONFIG)),y)
-all: menuconfig
-else
-all: target
-endif
-
-include config/makefile.conf
-
-target : $(STAGE) $(TARGET)
-
-# VERSION has to come from the command line
-RELEASE=axTLS-$(VERSION)
-
-# standard version
-target:
-	$(MAKE) -C ssl
-ifdef CONFIG_AXHTTPD
-	$(MAKE) -C httpd
-endif
-ifdef CONFIG_BINDINGS
-	$(MAKE) -C bindings
-endif
-ifdef CONFIG_SAMPLES
-	$(MAKE) -C samples
-endif
-
-$(STAGE) : ssl/version.h
-	@mkdir -p $(STAGE)
-
-# create a version file with something in it.
-ssl/version.h:
-	@echo "#define AXTLS_VERSION    \"(no version)\"" > ssl/version.h
-
-$(PREFIX) :
-	@mkdir -p $(PREFIX)/lib
-	@mkdir -p $(PREFIX)/bin
-
-release:
-	$(MAKE) -C config/scripts/config clean
-	-$(MAKE) clean
-	-@rm config/*.msi config/*.back.aip config/config.h config/.config*
-	@rm -fr $(STAGE)
-	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
-	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
-
-docs:
-	$(MAKE) -C docsrc doco
-
-# build the Win32 demo release version
-win32_demo:
-	$(MAKE) win32releaseconf
-
-install: $(PREFIX) all
-	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
-	chmod 755 $(PREFIX)/lib/libax* 
-	install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
-ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-	install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
-endif
-ifdef CONFIG_PLATFORM_CYGWIN
-	install -m 755 $(STAGE)/cygaxtls.dll $(PREFIX)/bin 
-endif
-ifdef CONFIG_PERL_BINDINGS 
-	install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
-endif
-	@mkdir -p -m 755 $(PREFIX)/include/axTLS
-	install -m 644 ssl/*.h $(PREFIX)/include/axTLS
-	-rm $(PREFIX)/include/axTLS/cert.h
-	-rm $(PREFIX)/include/axTLS/private_key.h
-	install -m 644 config/config.h $(PREFIX)/include/axTLS
-
-installclean:
-	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
-	-@rm $(PREFIX)/bin/ax* > /dev/null 2>&1
-	-@rm $(PREFIX)/bin/axhttpd* > /dev/null 2>&1
-	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm > /dev/null 2>&1
-
-test:
-	cd $(STAGE); ssltest; ../ssl/test/test_axssl.sh; cd -;
-
-# tidy up things
-clean::
-	@cd ssl; $(MAKE) clean
-	@cd httpd; $(MAKE) clean
-	@cd samples; $(MAKE) clean
-	@cd docsrc; $(MAKE) clean
-	@cd bindings; $(MAKE) clean
-
-# ---------------------------------------------------------------------------
-# mconf stuff
-# ---------------------------------------------------------------------------
-
-CONFIG_CONFIG_IN = config/Config.in
-CONFIG_DEFCONFIG = config/defconfig
-
-config/scripts/config/conf: config/scripts/config/Makefile
-	$(MAKE) -C config/scripts/config conf
-	-@if [ ! -f config/.config ] ; then \
-		cp $(CONFIG_DEFCONFIG) config/.config; \
-	fi
-
-config/scripts/config/mconf: config/scripts/config/Makefile
-	$(MAKE) -C config/scripts/config ncurses conf mconf
-	-@if [ ! -f config/.config ] ; then \
-		cp $(CONFIG_DEFCONFIG) .config; \
-	fi
-
-cleanconf:
-	$(MAKE) -C config/scripts/config clean
-	@rm -f config/.config
-
-menuconfig: config/scripts/config/mconf
-	@./config/scripts/config/mconf $(CONFIG_CONFIG_IN)
-
-config: config/scripts/config/conf
-	@./config/scripts/config/conf $(CONFIG_CONFIG_IN)
-
-oldconfig: config/scripts/config/conf
-	@./config/scripts/config/conf -o $(CONFIG_CONFIG_IN)
-
-default: config/scripts/config/conf
-	@./config/scripts/config/conf -d $(CONFIG_CONFIG_IN) > /dev/null
-	$(MAKE)
-
-randconfig: config/scripts/config/conf
-	@./config/scripts/config/conf -r $(CONFIG_CONFIG_IN)
-
-allnoconfig: config/scripts/config/conf
-	@./config/scripts/config/conf -n $(CONFIG_CONFIG_IN)
-
-allyesconfig: config/scripts/config/conf
-	@./config/scripts/config/conf -y $(CONFIG_CONFIG_IN)
-
-# The special win32 release configuration
-win32releaseconf: config/scripts/config/conf
-	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
-	$(MAKE)
-
-# The special linux release configuration
-linuxconf: config/scripts/config/conf
-	@./config/scripts/config/conf -D config/linuxconfig $(CONFIG_CONFIG_IN) > /dev/null
-	$(MAKE)
diff --git a/README b/README
deleted file mode 100644
index c8926d9bfc..0000000000
--- a/README
+++ /dev/null
@@ -1,3 +0,0 @@
-
-See www/index.html for the README, CHANGELOG, LICENSE and other notes.
-
diff --git a/bindings/Config.in b/bindings/Config.in
deleted file mode 100644
index bf916b13d6..0000000000
--- a/bindings/Config.in
+++ /dev/null
@@ -1,89 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-menu "Language Bindings"
-
-config CONFIG_BINDINGS
-    bool "Create language bindings"
-    default n
-    help
-        axTLS supports language bindings in C#, VB.NET, Java and Perl.
-
-        Select Y here if you want to build the various language bindings.
-
-config CONFIG_CSHARP_BINDINGS
-    bool "Create C# bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build C# bindings.
-
-        This requires .NET to be installed on Win32 platforms and mono to be
-        installed on all other platforms.
-
-config CONFIG_VBNET_BINDINGS
-    bool "Create VB.NET bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build VB.NET bindings.
-
-        This requires the .NET to be installed and is only built under Win32
-        platforms.
-
-menu ".Net Framework"
-depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
-config CONFIG_DOT_NET_FRAMEWORK_BASE
-    string "Location of .NET Framework"
-    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-endmenu
-
-config CONFIG_JAVA_BINDINGS
-    bool "Create Java bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build Java bindings.
-
-        Current Issues (see README): 
-        * Needs Java 1.4 or better.
-        * If building under Win32 it will use the Win32 JDK.
-
-menu "Java Home"
-depends on CONFIG_JAVA_BINDINGS
-config CONFIG_JAVA_HOME
-    string "Location of JDK"
-    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
-    default "/usr/local/jdk142" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
-    depends on CONFIG_JAVA_BINDINGS 
-    help
-        The location of Sun's JDK.
-endmenu
-
-config CONFIG_PERL_BINDINGS
-    bool "Create Perl bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build Perl bindings.
-
-        Current Issues (see README):
-        * 64 bit versions don't work at present.
-        * libperl.so needs to be in the shared library path.
-
-menu "Perl Home"
-depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
-config CONFIG_PERL_CORE
-    string "Location of Perl CORE"
-    default "c:\\perl\\lib\\CORE"
-    help:
-        works with ActiveState
-        "http://www.activestate.com/Products/ActivePerl"
-
-config CONFIG_PERL_LIB
-    string "Name of Perl Library"
-    default "perl58.lib"
-endmenu
-
-endmenu
diff --git a/bindings/Makefile b/bindings/Makefile
deleted file mode 100644
index 19c896d2c0..0000000000
--- a/bindings/Makefile
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-all:
-
-include ../config/.config
-include ../config/makefile.conf
-
-ifdef CONFIG_CSHARP_BINDINGS
-all: csharp/axInterface.cs
-endif
-
-ifdef CONFIG_VBNET_BINDINGS
-all: vbnet/axInterface.vb
-endif
-
-ifdef CONFIG_JAVA_BINDINGS
-all: java/axtlsj.java
-endif
-
-ifdef CONFIG_PERL_BINDINGS
-all: perl/axTLSp_wrap.c
-endif
-
-csharp/axInterface.cs: ../ssl/ssl.h
-	@perl ./generate_interface.pl -csharp
-
-vbnet/axInterface.vb: ../ssl/ssl.h
-	@perl ./generate_interface.pl -vbnet
-
-java/axTLSj.i: ../ssl/ssl.h
-	@perl ./generate_SWIG_interface.pl -java
-
-java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java)
-	@cd java; swig -java -package axTLSj axTLSj.i; $(MAKE)
-
-perl/axTLSp.i: ../ssl/ssl.h
-	@perl ./generate_SWIG_interface.pl -perl
-
-perl/axTLSp_wrap.c: perl/axTLSp.i
-	@cd perl; swig -perl5 axTLSp.i; $(MAKE)
-
-clean::
-	$(MAKE) -C csharp clean
-	$(MAKE) -C vbnet clean
-	$(MAKE) -C java clean
-	$(MAKE) -C perl clean
-
diff --git a/bindings/README b/bindings/README
deleted file mode 100644
index 8bc3109c12..0000000000
--- a/bindings/README
+++ /dev/null
@@ -1,43 +0,0 @@
-===============================================================================
-=                             Language Bindings                               =
-===============================================================================
-
-The tools to generate the various language bindings are done here.
-SWIG 1.3.24 or better is required for creating the Java and Perl bindings.
-
-Perl scripts are used to parse ssl.h and automagically give the appropriate 
-bindings.
-
-At present, the four languages supported are:
-
-* C#
-* VB.NET
-* Java
-* Perl
-
-To generate each binding run the following:
-
-C#:
-> generate_interface.pl -csharp
-
-VB.NET:
-> generate_interface.pl -vbnet
-
-
-Java:
-> generate_SWIG_interface.pl -java
-> cd java; swig -java -package axTLSj -noextern axTLSj.i
-
-Perl:
-> generate_SWIG_interface.pl -perl
-> cd perl; swig -noextern -perl axTLSp.i
-
-Java and Perl both create a library each called libaxtlsj.so and libaxtlsp.so 
-(or axtlsj.dll and atlsp.dll on Win32 platforms).
-
-Note: the "-noextern" is deprecated in swig 1.3.27 and newer. The "-noextern"
-option was required to get Win32 bindings to work (which is why is has probably
-been deprecated).
-
-Each binding (except for Perl) has an extra helper interface to make life 
-easier.
diff --git a/bindings/csharp/Makefile b/bindings/csharp/Makefile
deleted file mode 100644
index 87073f5e43..0000000000
--- a/bindings/csharp/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-clean::
-	@rm -f axssl* axInterface.cs
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
deleted file mode 100644
index a59209168d..0000000000
--- a/bindings/csharp/axTLS.cs
+++ /dev/null
@@ -1,477 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * A wrapper around the unmanaged interface to give a semi-decent C# API
- */
-
-using System;
-using System.Runtime.InteropServices;
-using System.Net.Sockets;
-
-/**
- * @defgroup csharp_api C# API.
- *
- * Ensure that the appropriate Dispose() methods are called when finished with
- * various objects - otherwise memory leaks will result.
- * @{
- */
-namespace axTLS
-{
-    /**
-     * @class SSL
-     * @ingroup csharp_api 
-     * @brief A representation of an SSL connection.
-     */
-    public class SSL
-    {
-        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
-
-        /**
-         * @brief Store the reference to an SSL context.
-         * @param ip [in] A reference to an SSL object.
-         */
-        public SSL(IntPtr ip)
-        {
-            m_ssl = ip;
-        }
-
-        /**
-         * @brief Free any used resources on this connection. 
-         * 
-         * A "Close Notify" message is sent on this connection (if possible). 
-         * It is up to the application to close the socket.
-         */
-        public void Dispose()
-        {
-            axtls.ssl_free(m_ssl);
-        }
-
-        /**
-         * @brief Return the result of a handshake.
-         * @return SSL_OK if the handshake is complete and ok.
-         * @see ssl.h for the error code list.
-         */
-        public int HandshakeStatus()
-        {
-            return axtls.ssl_handshake_status(m_ssl);
-        }
-
-        /**
-         * @brief Return the SSL cipher id.
-         * @return The cipher id which is one of:
-         * - SSL_AES128_SHA (0x2f)
-         * - SSL_AES256_SHA (0x35)
-         * - SSL_RC4_128_SHA (0x05)
-         * - SSL_RC4_128_MD5 (0x04)
-         */
-        public byte GetCipherId()
-        {
-            return axtls.ssl_get_cipher_id(m_ssl);
-        }
-
-        /**
-         * @brief Get the session id for a handshake. 
-         * 
-         * This will be a 32 byte sequence and is available after the first
-         * handshaking messages are sent.
-         * @return The session id as a 32 byte sequence.
-         * @note A SSLv23 handshake may have only 16 valid bytes.
-         */
-        public byte[] GetSessionId()
-        {
-            byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
-            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
-            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE);
-            return result;
-        }
-
-        /**
-         * @brief Retrieve an X.509 distinguished name component.
-         * 
-         * When a handshake is complete and a certificate has been exchanged, 
-         * then the details of the remote certificate can be retrieved.
-         *
-         * This will usually be used by a client to check that the server's 
-         * common name matches the URL.
-         *
-         * A full handshake needs to occur for this call to work.
-         *
-         * @param component [in] one of:
-         * - SSL_X509_CERT_COMMON_NAME
-         * - SSL_X509_CERT_ORGANIZATION
-         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
-         * - SSL_X509_CA_CERT_COMMON_NAME
-         * - SSL_X509_CA_CERT_ORGANIZATION
-         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
-         * @return The appropriate string (or null if not defined)
-         */
-        public string GetCertificateDN(int component)
-        {
-            return axtls.ssl_get_cert_dn(m_ssl, component);
-        }
-    }
-
-    /**
-     * @class SSLUtil
-     * @ingroup csharp_api 
-     * @brief Some global helper functions.
-     */
-    public class SSLUtil
-    {
-
-        /**
-         * @brief Return the build mode of the axTLS project.
-         * @return The build mode is one of:
-         * - SSL_BUILD_SERVER_ONLY
-         * - SSL_BUILD_ENABLE_VERIFICATION
-         * - SSL_BUILD_ENABLE_CLIENT
-         * - SSL_BUILD_FULL_MODE
-         */
-        public static int BuildMode()
-        {
-            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
-        }
-
-        /**
-         * @brief Return the number of chained certificates that the 
-         * client/server supports.
-         * @return The number of supported server certificates.
-         */
-        public static int MaxCerts()
-        {
-            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
-        }
-
-        /**
-         * @brief Return the number of CA certificates that the client/server
-         * supports.
-         * @return The number of supported CA certificates.
-         */
-        public static int MaxCACerts()
-        {
-            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
-        }
-
-        /**
-         * @brief Indicate if PEM is supported.
-         * @return true if PEM supported.
-         */
-        public static bool HasPEM()
-        {
-            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
-        }
-
-        /**
-         * @brief Display the text string of the error.
-         * @param error_code [in] The integer error code.
-         */
-        public static void DisplayError(int error_code)
-        {
-            axtls.ssl_display_error(error_code);
-        }
-
-        /**
-         * @brief Return the version of the axTLS project.
-         */
-        public static string Version()
-        {
-            return axtls.ssl_version();
-        }
-    }
-
-    /**
-     * @class SSLCTX
-     * @ingroup csharp_api 
-     * @brief A base object for SSLServer/SSLClient.
-     */
-    public class SSLCTX
-    {
-        /**
-         * @brief A reference to the real client/server context.
-         */
-        protected IntPtr m_ctx;
-
-        /**
-         * @brief Establish a new client/server context.
-         *
-         * This function is called before any client/server SSL connections are 
-         * made.  If multiple threads are used, then each thread will have its 
-         * own SSLCTX context. Any number of connections may be made with a 
-         * single context. 
-         *
-         * Each new connection will use the this context's private key and 
-         * certificate chain. If a different certificate chain is required, 
-         * then a different context needs to be be used.
-         *
-         * @param options [in]  Any particular options. At present the options
-         * supported are:
-         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
-         * the server authentication fails. The certificate can be 
-         * authenticated later with a call to VerifyCert().
-         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
-         * authentication i.e. each handshake will include a "certificate 
-         * request" message from the server.
-         * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The 
-         * user will load the key/certificate explicitly.
-         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
-         * sequences during the handshake.
-         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
-         * changes during the handshake.
-         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
-         * certificates that are passed during a handshake.
-         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
-         * details that are passed during a handshake.
-         * @param num_sessions [in] The number of sessions to be used for 
-         * session caching. If this value is 0, then there is no session 
-         * caching.
-         * @return A client/server context.
-         */
-        protected SSLCTX(uint options, int num_sessions)
-        {
-            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
-        }
-
-        /**
-         * @brief Remove a client/server context.
-         *
-         * Frees any used resources used by this context. Each connection will 
-         * be sent a "Close Notify" alert (if possible).
-         */
-        public void Dispose()
-        {
-            axtls.ssl_ctx_free(m_ctx);
-        }
-
-        /**
-         * @brief Read the SSL data stream.
-         * @param ssl [in] An SSL object reference.
-         * @param in_data [out] After a successful read, the decrypted data 
-         * will be here. It will be null otherwise.
-         * @return The number of decrypted bytes:
-         * - if > 0, then the handshaking is complete and we are returning the 
-         * number of decrypted bytes. 
-         * - SSL_OK if the handshaking stage is successful (but not yet 
-         * complete).  
-         * - < 0 if an error.
-         * @see ssl.h for the error code list.
-         * @note Use in_data before doing any successive ssl calls.
-         */
-        public int Read(SSL ssl, out byte[] in_data)
-        {
-            IntPtr ptr = IntPtr.Zero;
-            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
-
-            if (ret > axtls.SSL_OK)
-            {
-                in_data = new byte[ret];
-                Marshal.Copy(ptr, in_data, 0, ret);
-            }
-            else
-            {
-                in_data = null;
-            }
-
-            return ret;
-        }
-
-        /**
-         * @brief Write to the SSL data stream.
-         * @param ssl [in] An SSL obect reference.
-         * @param out_data [in] The data to be written
-         * @return The number of bytes sent, or if < 0 if an error.
-         * @see ssl.h for the error code list.
-         */
-        public int Write(SSL ssl, byte[] out_data)
-        {
-            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
-        }
-
-        /**
-         * @brief Write to the SSL data stream.
-         * @param ssl [in] An SSL obect reference.
-         * @param out_data [in] The data to be written
-         * @param out_len [in] The number of bytes to be written
-         * @return The number of bytes sent, or if < 0 if an error.
-         * @see ssl.h for the error code list.
-         */
-        public int Write(SSL ssl, byte[] out_data, int out_len)
-        {
-            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
-        }
-
-        /**
-         * @brief Find an ssl object based on a Socket reference.
-         *
-         * Goes through the list of SSL objects maintained in a client/server 
-         * context to look for a socket match.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @return A reference to the SSL object. Returns null if the object 
-         * could not be found.
-         */
-        public SSL Find(Socket s)
-        {
-            int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
-        }
-
-        /**
-         * @brief Authenticate a received certificate.
-         * 
-         * This call is usually made by a client after a handshake is complete 
-         * and the context is in SSL_SERVER_VERIFY_LATER mode.
-         * @param ssl [in] An SSL object reference.
-         * @return SSL_OK if the certificate is verified.
-         */
-        public int VerifyCert(SSL ssl)
-        {
-            return axtls.ssl_verify_cert(ssl.m_ssl);
-        }
-
-        /**
-         * @brief Force the client to perform its handshake again.
-         *
-         * For a client this involves sending another "client hello" message.
-         * For the server is means sending a "hello request" message.
-         *
-         * This is a blocking call on the client (until the handshake 
-         * completes).
-         * @param ssl [in] An SSL object reference.
-         * @return SSL_OK if renegotiation instantiation was ok
-         */
-        public int Renegotiate(SSL ssl)
-        {
-            return axtls.ssl_renegotiate(ssl.m_ssl);
-        }
-
-        /**
-         * @brief Load a file into memory that is in binary DER or ASCII PEM 
-         * format.
-         *
-         * These are temporary objects that are used to load private keys,
-         * certificates etc into memory.
-         * @param obj_type [in] The format of the file. Can be one of:
-         * - SSL_OBJ_X509_CERT (no password required)
-         * - SSL_OBJ_X509_CACERT (no password required)
-         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
-         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
-         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
-         *
-         * PEM files are automatically detected (if supported).
-         * @param filename [in] The location of a file in DER/PEM format.
-         * @param password [in] The password used. Can be null if not required.
-         * @return SSL_OK if all ok
-         */
-        public int ObjLoad(int obj_type, string filename, string password)
-        {
-            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
-        }
-
-        /**
-         * @brief Transfer binary data into the object loader.
-         *
-         * These are temporary objects that are used to load private keys,
-         * certificates etc into memory.
-         * @param obj_type [in] The format of the memory data.
-         * @param data [in] The binary data to be loaded.
-         * @param len [in] The amount of data to be loaded.
-         * @param password [in] The password used. Can be null if not required.
-         * @return SSL_OK if all ok
-         */
-        public int ObjLoad(int obj_type, byte[] data, int len, string password)
-        {
-            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
-                                            data, len, password);
-        }
-    }
-
-    /**
-     * @class SSLServer
-     * @ingroup csharp_api 
-     * @brief The server context.
-     *
-     * All server connections are started within a server context.
-     */
-    public class SSLServer : SSLCTX
-    {
-        /**
-         * @brief Start a new server context.
-         * 
-         * @see SSLCTX for details.
-         */
-        public SSLServer(uint options, int num_sessions) :
-                            base(options, num_sessions) {}
-
-        /**
-         * @brief Establish a new SSL connection to an SSL client.
-         *
-         * It is up to the application to establish the initial socket 
-         * connection.
-         *
-         * Call Dispose() when the connection is to be removed.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @return An SSL object reference.
-         */
-        public SSL Connect(Socket s)
-        {
-            int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
-        }
-    }
-
-    /**
-     * @class SSLClient
-     * @ingroup csharp_api
-     * @brief The client context.
-     *
-     * All client connections are started within a client context.
-     */
-    public class SSLClient : SSLCTX
-    {
-        /**
-         * @brief Start a new client context.
-         * 
-         * @see SSLCTX for details.
-         */
-        public SSLClient(uint options, int num_sessions) :
-                        base(options, num_sessions) {}
-
-        /**
-         * @brief Establish a new SSL connection to an SSL server.
-         *
-         * It is up to the application to establish the initial socket 
-         * connection.
-         *
-         * This is a blocking call - it will finish when the handshake is 
-         * complete (or has failed).
-         *
-         * Call Dispose() when the connection is to be removed.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @param session_id [in] A 32 byte session id for session resumption. 
-         * This can be null if no session resumption is not required.
-         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
-         * if a handshake succeeded.
-         */
-        public SSL Connect(Socket s, byte[] session_id)
-        {
-            int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id));
-        }
-    }
-}
-/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
deleted file mode 100755
index c5a7916b71..0000000000
--- a/bindings/generate_SWIG_interface.pl
+++ /dev/null
@@ -1,328 +0,0 @@
-#!/usr/bin/perl
-
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#===============================================================
-# Transforms function signature into SWIG format
-sub transformSignature
-{
-    foreach $item (@_)
-    { 
-        $line =~ s/STDCALL //g;
-        $line =~ s/EXP_FUNC/extern/g;
-
-        # make API Java more 'byte' friendly
-        $line =~ s/uint32_t/int/g;
-        $line =~ s/const uint8_t \* /const unsigned char \* /g;
-        $line =~ s/\(void\)/()/g;
-        if ($ARGV[0] eq "-java")
-        {
-            $line =~ s/.*ssl_read.*//g;
-            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
-            $line =~ s/uint8_t/signed char/g;
-        }
-        else
-        {
-            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
-            $line =~ s/uint8_t/unsigned char/g;
-        }
-    }
-
-    return $line;
-}
-
-# Parse input file
-sub parseFile
-{
-    foreach $line (@_)
-    {
-        # test for a #define
-        if (!$skip && $line =~ m/^#define/)
-        {
-            $splitDefine = 1 if $line =~ m/\\$/;
-            print DATA_OUT $line;
-
-            # check line is not split
-            next if $splitDefine == 1;
-        }
-
-        # pick up second line of #define statement
-        if ($splitDefine) 
-        {
-            print DATA_OUT $line;
-
-            # check line is not split
-            $splitDefine = ($line =~ m/\\$/);
-            next;
-        } 
-
-        # test for function declaration
-        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            print DATA_OUT $line;
-            next;
-        }
-
-        if ($splitFunctionDeclaration) 
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            print DATA_OUT $line;
-            next;
-        }
-    }
-}
-
-#===============================================================
-
-# Determine which module to build from cammand-line options
-use strict;
-use Getopt::Std;
-
-my $module;
-my $interfaceFile;
-my $data_file;
-my $skip;
-my $splitLine;
-my @raw_data;
-
-if (not defined  $ARGV[0])
-{
-    goto ouch;
-}
-
-if ($ARGV[0] eq "-java")
-{
-    print "Generating Java interface file\n";
-    $module = "axtlsj";
-    $interfaceFile = "java/axTLSj.i";
-}
-elsif ($ARGV[0] eq "-perl")
-{
-    print "Generating Perl interface file\n";
-    $module = "axtlsp";
-    $interfaceFile = "perl/axTLSp.i";
-}
-else
-{
-ouch:
-    die "Usage: $0 [-java | -perl]\n";
-}
-
-# Input file required to generate SWIG interface file.
-$data_file = "../ssl/ssl.h";
-
-# Open input files
-open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
-@raw_data = <DATA_IN>;
-
-# Open output file
-open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
-
-#
-# I wish I could say it was easy to generate the Perl/Java bindings, but each
-# had their own set of challenges... :-(.
-#
-print DATA_OUT << "END";
-%module $module\n
-
-/* include our own header */
-%inline %{
-#include "ssl.h"
-%}
-
-%include "typemaps.i"
-/* Some SWIG magic to make the API a bit more Java friendly */
-#ifdef SWIGJAVA
-
-%apply long { SSL * };
-%apply long { SSL_CTX * };
-%apply long { SSLObjLoader * };
-
-/* allow "unsigned char []" to become "byte[]" */
-%include "arrays_java.i"
-
-/* convert these pointers to use long */
-%apply signed char[] {unsigned char *};
-%apply signed char[] {signed char *};
-
-/* allow ssl_get_session_id() to return "byte[]" */
-%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, SSL_SESSION_ID_SIZE);\"
-
-/* allow ssl_client_new() to have a null session_id input */
-%typemap(in) const signed char session_id[] (jbyte *jarr) {
-    if (jarg3 == NULL)
-    {
-        jresult = (jint)ssl_client_new(arg1,arg2,NULL);
-        return jresult;
-    }
-    
-    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
-}   
-
-/* Lot's of work required for an ssl_read() due to its various custom
- * requirements.
- */
-%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
-%{
-JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
-    jint jresult = 0 ;
-    SSL *arg1;
-    unsigned char *arg2;
-    jbyte *jarr;
-    int result;
-    JNIEnv e = *jenv;
-    jclass holder_class;
-    jfieldID fid;
-
-    arg1 = (SSL *)jarg1;
-    result = (int)ssl_read(arg1, &arg2);
-
-    /* find the "m_buf" entry in the SSLReadHolder class */
-    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
-            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
-        return SSL_NOT_OK;
-
-    if (result > SSL_OK)
-    {
-        int i;
-
-        /* create a new byte array to hold the read data */
-        jbyteArray jarray = e->NewByteArray(jenv, result);
-
-        /* copy the bytes across to the java byte array */
-        jarr = e->GetByteArrayElements(jenv, jarray, 0);
-        for (i = 0; i < result; i++)
-            jarr[i] = (jbyte)arg2[i];
-
-        /* clean up and set the new m_buf object */
-        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
-        e->SetObjectField(jenv, jarg2, fid, jarray);
-    }
-    else    /* set to null */
-        e->SetObjectField(jenv, jarg2, fid, NULL);
-
-    jresult = (jint)result;
-    return jresult;
-}
-%}
-
-/* Big hack to get hold of a socket's file descriptor */
-%typemap (jtype) long "Object"
-%typemap (jstype) long "Object"
-%native (getFd) int getFd(long sock);
-%{
-JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
-{
-    JNIEnv e = *env;
-    jfieldID fid;
-    jobject impl;
-    jobject fdesc;
-
-    /* get the SocketImpl from the Socket */
-    if (!(jcls = e->GetObjectClass(env,sock)) ||
-            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
-            !(impl = e->GetObjectField(env,sock,fid))) return -1;
-
-    /* get the FileDescriptor from the SocketImpl */
-    if (!(jcls = e->GetObjectClass(env,impl)) ||
-            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
-            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
-
-    /* get the fd from the FileDescriptor */
-    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
-            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
-
-    /* return the descriptor */
-    return e->GetIntField(env,fdesc,fid);
-} 
-%}
-
-#endif
-
-/* Some SWIG magic to make the API a bit more Perl friendly */
-#ifdef SWIGPERL
-
-/* for ssl_session_id() */
-%typemap(out) const unsigned char * {
-    SV *svs = newSVpv((const char *)\$1, SSL_SESSION_ID_SIZE);
-    \$result = newRV(svs);
-    sv_2mortal(\$result);
-    argvi++;
-}
-
-/* for ssl_write() */
-%typemap(in) const unsigned char out_data[] {
-    SV* tempsv;
-    if (!SvROK(\$input))
-        croak("Argument \$argnum is not a reference.");
-    tempsv = SvRV(\$input);
-    if (SvTYPE(tempsv) != SVt_PV)
-        croak("Argument \$argnum is not an string.");
-    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
-}
-
-/* for ssl_read() */
-%typemap(in) unsigned char **in_data (unsigned char *buf) {
-    \$1 = &buf;
-}
-
-%typemap(argout) unsigned char **in_data { 
-    if (result > SSL_OK) {
-        SV *svs = newSVpv(*\$1, result);
-        \$result = newRV(svs);
-        sv_2mortal(\$result);
-        argvi++;
-    }
-}
-
-%typemap(freearg) unsigned char *in_data {
-    free(buf\$argnum);
-}
-
-/* for ssl_client_new() */
-%typemap(in) const unsigned char session_id[] {
-    /* check for a reference */
-    if (SvOK(\$input) && SvROK(\$input)) {
-        SV* tempsv = SvRV(\$input);
-        if (SvTYPE(tempsv) != SVt_PV)
-            croak("Argument \$argnum is not an string.");
-        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
-    } 
-    else
-        \$1 = NULL;
-}
-
-#endif
-
-END
-
-# Initialise loop variables
-$skip = 1;
-$splitLine = 0;
-
-parseFile(@raw_data);
-
-close(DATA_IN);
-close(DATA_OUT);
-
-#===============================================================
-
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
deleted file mode 100755
index 816dd47752..0000000000
--- a/bindings/generate_interface.pl
+++ /dev/null
@@ -1,307 +0,0 @@
-#!/usr/bin/perl -w
-
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#===============================================================
-# This application transforms ssl.h into interfaces that can be used by 
-# other language bindings. It is "SWIG"-like in nature in that various 
-# files are generated based on the axTLS API.
-#
-# The file produced is axInterface.? (depending on the file extension).
-#
-#===============================================================
-
-use strict;
-
-my $CSHARP = 0;
-my $VBNET = 1;
-
-my $binding;
-my $skip = 0;
-my $signature_ret_type;
-
-# Transforms function signature into an Interface format
-sub transformSignature
-{
-    my $item;
-    my ($line) = @_;
-
-    foreach $item ($line)
-    { 
-        # our very basic preprocessor
-        if ($binding == $CSHARP)
-        {
-            $line =~ s/STDCALL //;
-            $line =~ s/EXP_FUNC/        [DllImport ("axtls")]\n        public static extern/;
-            $line =~ s/uint32_t/uint/g;
-            $line =~ s/uint8_t \*\*/ref IntPtr /g;
-            $line =~ s/const uint8_t \* /IntPtr /g;
-            $line =~ s/const uint8_t \*/byte[] /g;    # note: subtle diff 
-            $line =~ s/uint8_t \* ?/byte[] /g;
-            $line =~ s/uint8_t ?/byte /g;
-            $line =~ s/const char \* ?/string /g;
-            $line =~ s/const SSL_CTX \* ?/IntPtr /g;
-            $line =~ s/SSL_CTX \* ?/IntPtr /g;
-            $line =~ s/SSLObjLoader \* ?/IntPtr /g;
-            $line =~ s/const SSL \* ?/IntPtr /g;
-            $line =~ s/SSL \* ?/IntPtr /g;
-            $line =~ s/\(void\)/()/g;
-        }
-        elsif ($binding == $VBNET)
-        {
-            if ($line =~ /EXP_FUNC/)
-            {
-                # Procedure or function?
-                my $invariant = $line =~ /void /;
-
-                my $proc = $invariant ? "Sub" : "Function";
-                ($signature_ret_type) = $line =~ /EXP_FUNC (.*) STDCALL/;
-                $line =~ s/EXP_FUNC .* STDCALL /        <DllImport("axtls")> Public Shared $proc _\n            /;
-
-                $signature_ret_type =~ s/const uint8_t \*/As IntPtr/;
-                $signature_ret_type =~ s/const char \*/As String/;
-                $signature_ret_type =~ s/SSL_CTX \*/As IntPtr/;
-                $signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/;
-                $signature_ret_type =~ s/SSL \*/As IntPtr/;
-                $signature_ret_type =~ s/uint8_t/As Byte/;
-                $signature_ret_type =~ s/int/As Integer/;
-                $signature_ret_type =~ s/void//;
-                $signature_ret_type .= "\n        End $proc\n\n";
-            }
-
-            $line =~ s/uint32_t (\w+)/ByVal $1 As Integer/g;
-            $line =~ s/int (\w+)/ByVal $1 As Integer/g;
-            $line =~ s/uint8_t \*\* ?(\w+)/ByRef $1 As IntPtr/g;
-            $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
-            $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
-            $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
-            $line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
-            $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
-            $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
-            $line =~ s/const SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
-            $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
-            $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
-            $line =~ s/\(void\)/()/g;
-            $line =~ s/void//g;
-            $line =~ s/;\n/ $signature_ret_type;/;
-        }
-    }
-
-    return $line;
-}
-
-# Parse input file
-sub parseFile
-{
-    my (@file) = @_;
-    my $line;
-    my $splitDefine = 0;
-    my $splitFunctionDeclaration;
-    my $vb_hack = " ";
-    my $vb_line_hack = 0;
-
-    $skip = 0;
-
-    foreach $line (@file)
-    {
-        # test for a #define
-        if (!$skip && $line =~ m/^#define/)
-        {
-            $splitDefine = 1 if $line =~ m/\\$/;
-
-            if ($binding == $VBNET)
-            {
-                $line =~ s/\|/Or/g;
-                $line =~ s/ 0x/ &H/;
-            }
-
-            my ($name, $value) = $line =~ /#define (\w+) +([^\\]*)[\\]?\n/;
-
-            if (defined $name && defined $value)
-            {
-                # C# constant translation
-                if ($binding == $CSHARP)
-                {
-                    $line = "        public const int $name = $value";
-                }
-                # VB.NET constant translation
-                elsif ($binding == $VBNET)
-                {
-                    $line = "        Public Const $name As Integer = $value";
-                }
-            }
-
-            next if $line =~ /#define/;  # ignore any other defines
-               
-            print DATA_OUT $line;
-
-            # check line is not split
-            next if $splitDefine == 1;
-            print DATA_OUT ";" if $binding == $CSHARP;
-            print DATA_OUT "\n";
-        }
-
-        # pick up second line of #define statement
-        if ($splitDefine) 
-        {
-            if ($line !~ /\\$/)
-            {
-                $line =~ s/$/;/ if $binding == $CSHARP;        # add the ";"
-            }
-
-            $line =~ s/ ?\| ?/ Or /g 
-                                if ($binding == $VBNET);
-
-            # check line is not split
-            $splitDefine = ($line =~ m/\\$/);
-
-            # ignore trailing "\"
-            $line =~ s/\\$// if $binding == $CSHARP;
-            $line =~ s/\\$/_/ if $binding == $VBNET;
-            print DATA_OUT $line;
-            next;
-        } 
-
-        # test for function declaration
-        if (!$skip && $line =~ /EXP_FUNC/ && $line !~ /\/\*/)
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            $line =~ s/;// if ($binding == $VBNET);
-            $line =~ s/\n$/ _\n/ if ($binding == $VBNET) && 
-                                                $splitFunctionDeclaration;
-            print DATA_OUT $line;
-            next;
-        }
-
-        if ($splitFunctionDeclaration) 
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            $line =~ s/;// if ($binding == $VBNET);
-            $line =~ s/\n/ _\n/ if ($binding == $VBNET) && 
-                                                $splitFunctionDeclaration == 1;
-            print DATA_OUT $line;
-            next;
-        }
-    }
-}
-
-#===============================================================
-
-# Determine which module to build from command-line options
-use strict;
-use Getopt::Std;
-
-my $binding_prefix;
-my $binding_suffix;
-my $data_file;
-my @raw_data;
-
-if (not defined  $ARGV[0])
-{
-    goto ouch;
-}
-
-if ($ARGV[0] eq "-csharp")
-{
-    print "Generating C# interface file\n";
-    $binding_prefix = "csharp";
-    $binding_suffix = "cs";
-    $binding = $CSHARP;
-}
-elsif ($ARGV[0] eq "-vbnet")
-{
-    print "Generating VB.NET interface file\n";
-    $binding_prefix = "vbnet";
-    $binding_suffix = "vb";
-    $binding = $VBNET;
-}
-else
-{
-ouch:
-    die "Usage: $0 [-csharp | -vbnet]\n";
-}
-
-my $interfaceFile = "$binding_prefix/axInterface.$binding_suffix";
-
-# Input file required to generate interface file.
-$data_file = "../ssl/ssl.h";
-
-# Open input files
-open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
-@raw_data = <DATA_IN>;
-
-
-# Open output file
-if ($binding == $CSHARP || $binding == $VBNET)
-{
-    open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
-}
-
-# SPEC interface file header
-if ($binding == $CSHARP)
-{
-    # generate the C#/C interface file
-    print DATA_OUT << "END";
-// The C# to C interface definition file for the axTLS project
-// Do not modify - this file is generated
-
-using System;
-using System.Runtime.InteropServices;
-
-namespace axTLS
-{
-    public class axtls
-    {
-END
-}
-elsif ($binding == $VBNET)
-{
-    # generate the VB.NET/C interface file
-    print DATA_OUT << "END";
-' The VB.NET to C interface definition file for the axTLS project
-' Do not modify - this file is generated
-
-Imports System
-Imports System.Runtime.InteropServices
-
-Namespace axTLSvb
-    Public Class axtls
-END
-}
-
-parseFile(@raw_data);
-
-# finish up
-if ($binding == $CSHARP)
-{
-    print DATA_OUT "    };\n";
-    print DATA_OUT "};\n";
-}
-elsif ($binding == $VBNET)
-{
-    print DATA_OUT "    End Class\nEnd Namespace\n";
-}
-
-close(DATA_IN);
-close(DATA_OUT);
-
-#===============================================================
-
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
deleted file mode 100644
index a1933b92fc..0000000000
--- a/bindings/java/Makefile
+++ /dev/null
@@ -1,93 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.java.conf
-
-all: lib jar
-
-JAR=../../$(STAGE)/axtls.jar
-
-ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../$(STAGE)/axtlsj.dll
-else
-TARGET=../../$(STAGE)/libaxtlsj.so
-endif
-
-lib: $(TARGET)
-axTLSj_wrap.o : axTLSj_wrap.c
-
-JAVA_FILES= \
-	axtlsjJNI.java \
-    axtlsjConstants.java \
-    axtlsj.java \
-    SSLReadHolder.java \
-    SSL.java \
-    SSLUtil.java \
-    SSLCTX.java \
-    SSLServer.java \
-    SSLClient.java
-
-OBJ=axTLSj_wrap.o
-
-AXOLOTLS_HOME=../..
-SSL_HOME=$(AXOLOTLS_HOME)/ssl
-CONFIG_HOME=$(AXOLOTLS_HOME)/config
-JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
-
-ifdef CONFIG_PLATFORM_WIN32
-CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
-CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
-LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
-
-include ../../config/makefile.post
-
-$(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
-else    # Not Win32
-
-ifdef CONFIG_PLATFORM_CYGWIN
-SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
-CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
-endif
-
-CFLAGS += -I$(SSL_HOME)
-CFLAGS += -I$(CONFIG_HOME)
-
-$(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls 
-endif
-
-jar: $(OBJ) $(JAR)
-
-# if we are doing the samples then defer creating the jar until then
-$(JAR): $(JAVA_CLASSES)
-ifndef CONFIG_JAVA_SAMPLES
-	jar cvf $@ -C classes axTLSj
-else
-	@if [ ! -f $(JAR) ]; then touch $(JAR); fi
-endif
-
-classes/axTLSj/%.class : %.java
-	javac -d classes -classpath classes $^
-
-clean::
-	@rm -f $(JAR) $(TARGET) SWIG* axtls* *.i *.c 
-	@rm -fr classes/*
-
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
deleted file mode 100644
index a2dfd370b1..0000000000
--- a/bindings/java/SSL.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * @defgroup java_api Java API.
- *
- * Ensure that the appropriate dispose() methods are called when finished with
- * various objects - otherwise memory leaks will result.
- */
-
-/**
- * @class SSL
- * @ingroup java_api 
- * @brief A representation of an SSL connection.
- *
- */
-public class SSL
-{
-    public int m_ssl;    /**< A pointer to the real SSL type */
-
-    /**
-     * @brief Store the reference to an SSL context.
-     * @param ip [in] A reference to an SSL object.
-     */
-    public SSL(int ip)
-    {
-        m_ssl = ip;
-    }
-
-    /**
-     * @brief Free any used resources on this connection. 
-     * 
-     * A "Close Notify" message is sent on this connection (if possible). It 
-     * is up to the application to close the socket.
-     */
-    public void dispose()
-    {
-        axtlsj.ssl_free(m_ssl);
-    }
-
-    /**
-     * @brief Return the result of a handshake.
-     * @return SSL_OK if the handshake is complete and ok.
-     * @see ssl.h for the error code list.
-     */
-    public int handshakeStatus()
-    {
-        return axtlsj.ssl_handshake_status(m_ssl);
-    }
-
-    /**
-     * @brief Return the SSL cipher id.
-     * @return The cipher id which is one of:
-     * - SSL_AES128_SHA (0x2f)
-     * - SSL_AES256_SHA (0x35)
-     * - SSL_RC4_128_SHA (0x05)
-     * - SSL_RC4_128_MD5 (0x04)
-     */
-    public byte getCipherId()
-    {
-        return axtlsj.ssl_get_cipher_id(m_ssl);
-    }
-
-    /**
-     * @brief Get the session id for a handshake. 
-     * 
-     * This will be a 32 byte sequence and is available after the first
-     * handshaking messages are sent.
-     * @return The session id as a 32 byte sequence.
-     * @note A SSLv23 handshake may have only 16 valid bytes.
-     */
-    public byte[] getSessionId()
-    {
-        return axtlsj.ssl_get_session_id(m_ssl);
-    }
-
-    /**
-     * @brief Retrieve an X.509 distinguished name component.
-     * 
-     * When a handshake is complete and a certificate has been exchanged, 
-     * then the details of the remote certificate can be retrieved.
-     *
-     * This will usually be used by a client to check that the server's common 
-     * name matches the URL.
-     *
-     * A full handshake needs to occur for this call to work.
-     *
-     * @param component [in] one of:
-     * - SSL_X509_CERT_COMMON_NAME
-     * - SSL_X509_CERT_ORGANIZATION
-     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
-     * - SSL_X509_CA_CERT_COMMON_NAME
-     * - SSL_X509_CA_CERT_ORGANIZATION
-     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
-     * @return The appropriate string (or null if not defined)
-     */
-    public String getCertificateDN(int component)
-    {
-        return axtlsj.ssl_get_cert_dn(m_ssl, component);
-    }
-}
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
deleted file mode 100644
index 2823511b1a..0000000000
--- a/bindings/java/SSLCTX.java
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.net.*;
-
-/**
- * @class SSLCTX
- * @ingroup java_api 
- * @brief A base object for SSLServer/SSLClient.
- */
-public class SSLCTX
-{
-    /**
-     * A reference to the real client/server context.
-     */
-    protected int m_ctx;
-
-    /**
-     * @brief Establish a new client/server context.
-     *
-     * This function is called before any client/server SSL connections are 
-     * made.  If multiple threads are used, then each thread will have its 
-     * own SSLCTX context. Any number of connections may be made with a single 
-     * context. 
-     *
-     * Each new connection will use the this context's private key and 
-     * certificate chain. If a different certificate chain is required, then a 
-     * different context needs to be be used.
-     *
-     * @param options [in]  Any particular options. At present the options
-     * supported are:
-     * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the 
-     * server authentication fails. The certificate can be authenticated later 
-     * with a call to verifyCert().
-     * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
-     * i.e. each handshake will include a "certificate request" message from 
-     * the server.
-     * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user 
-     * will load the key/certificate explicitly.
-     * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
-     * during the handshake.
-     * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
-     * during the handshake.
-     * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
-     * are passed during a handshake.
-     * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details 
-     * that are passed during a handshake.
-     *
-     * @param num_sessions [in] The number of sessions to be used for session
-     * caching. If this value is 0, then there is no session caching.
-     * 
-     * If this option is null, then the default internal private key/
-     * certificate pair is used (if CONFIG_SSL_USE_DEFAULT_KEY is set). 
-     * 
-     * The resources used by this object are automatically freed.  
-     * @return A client/server context.
-     */
-    protected SSLCTX(int options, int num_sessions)
-    {
-        m_ctx = axtlsj.ssl_ctx_new(options, num_sessions);
-    }
-
-    /**
-     * @brief Remove a client/server context.
-     *
-     * Frees any used resources used by this context. Each connection will be 
-     * sent a "Close Notify" alert (if possible).
-     */
-    public void dispose()
-    {
-        axtlsj.ssl_ctx_free(m_ctx);
-    }
-
-    /**
-     * @brief Read the SSL data stream.
-     * @param ssl [in] An SSL object reference.
-     * @param rh [out] After a successful read, the decrypted data can be 
-     * retrieved with rh.getData(). It will be null otherwise.
-     * @return The number of decrypted bytes:
-     * - if > 0, then the handshaking is complete and we are returning the 
-     * number of decrypted bytes. 
-     * - SSL_OK if the handshaking stage is successful (but not yet complete).  
-     * - < 0 if an error.
-     * @see ssl.h for the error code list.
-     * @note Use rh before doing any successive ssl calls.
-     */
-    public int read(SSL ssl, SSLReadHolder rh)
-    {
-        return axtlsj.ssl_read(ssl.m_ssl, rh);
-    }
-
-    /**
-     * @brief Write to the SSL data stream.
-     * @param ssl [in] An SSL obect reference.
-     * @param out_data [in] The data to be written
-     * @return The number of bytes sent, or if < 0 if an error.
-     * @see ssl.h for the error code list.
-     */
-    public int write(SSL ssl, byte[] out_data)
-    {
-        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_data.length);
-    }
-
-    /**
-     * @brief Write to the SSL data stream.
-     * @param ssl [in] An SSL obect reference.
-     * @param out_data [in] The data to be written
-     * @param out_len [in] The number of bytes to be written
-     * @return The number of bytes sent, or if < 0 if an error.
-     * @see ssl.h for the error code list.
-     */
-    public int write(SSL ssl, byte[] out_data, int out_len)
-    {
-        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_len);
-    }
-
-    /**
-     * @brief Find an ssl object based on a Socket reference.
-     *
-     * Goes through the list of SSL objects maintained in a client/server 
-     * context to look for a socket match.
-     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
-     * @return A reference to the SSL object. Returns null if the object 
-     * could not be found.
-     */
-    public SSL find(Socket s)
-    {
-        int client_fd = axtlsj.getFd(s);
-        return new SSL(axtlsj.ssl_find(m_ctx, client_fd));
-    }
-
-    /**
-     * @brief Authenticate a received certificate.
-     * 
-     * This call is usually made by a client after a handshake is complete 
-     * and the context is in SSL_SERVER_VERIFY_LATER mode.
-     * @param ssl [in] An SSL object reference.
-     * @return SSL_OK if the certificate is verified.
-     */
-    public int verifyCert(SSL ssl)
-    {
-        return axtlsj.ssl_verify_cert(ssl.m_ssl);
-    }
-
-    /**
-     * @brief Force the client to perform its handshake again.
-     *
-     * For a client this involves sending another "client hello" message.
-     * For the server is means sending a "hello request" message.
-     *
-     * This is a blocking call on the client (until the handshake completes).
-     * @param ssl [in] An SSL object reference.
-     * @return SSL_OK if renegotiation instantiation was ok
-     */
-    public int renegotiate(SSL ssl)
-    {
-        return axtlsj.ssl_renegotiate(ssl.m_ssl);
-    }
-
-    /**
-     * @brief Load a file into memory that is in binary DER or ASCII PEM format.
-     *
-     * These are temporary objects that are used to load private keys,
-     * certificates etc into memory.
-     * @param obj_type [in] The format of the file. Can be one of:
-     * - SSL_OBJ_X509_CERT (no password required)
-     * - SSL_OBJ_X509_CACERT (no password required)
-     * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
-     * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
-     * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
-     *
-     * PEM files are automatically detected (if supported).
-     * @param filename [in] The location of a file in DER/PEM format.
-     * @param password [in] The password used. Can be null if not required.
-     * @return SSL_OK if all ok
-     */
-    public int objLoad(int obj_type, String filename, String password)
-    {
-        return axtlsj.ssl_obj_load(m_ctx, obj_type, filename, password);
-    }
-
-    /**
-     * @brief Transfer binary data into the object loader.
-     *
-     * These are temporary objects that are used to load private keys,
-     * certificates etc into memory.
-     * @param obj_type [in] The format of the memory data.
-     * @param data [in] The binary data to be loaded.
-     * @param len [in] The amount of data to be loaded.
-     * @param password [in] The password used. Can be null if not required.
-     * @return SSL_OK if all ok
-     */
-
-    public int objLoad(int obj_type, byte[] data, int len, String password)
-    {
-        return axtlsj.ssl_obj_memory_load(m_ctx, obj_type, data, len, password);
-    }
-}
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
deleted file mode 100644
index 02ad38c7d3..0000000000
--- a/bindings/java/SSLClient.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.net.*;
-
-/**
- * @class SSLClient
- * @ingroup java_api 
- * @brief The client context.
- *
- * All client connections are started within a client context.
- */
-public class SSLClient extends SSLCTX
-{
-    /**
-     * @brief Start a new client context.
-     * 
-     * @see SSLCTX for details.
-     */
-    public SSLClient(int options, int num_sessions)
-    {
-        super(options, num_sessions);
-    }
-
-    /**
-     * @brief Establish a new SSL connection to an SSL server.
-     *
-     * It is up to the application to establish the initial socket connection.
-     *
-     * This is a blocking call - it will finish when the handshake is 
-     * complete (or has failed).
-     *
-     * Call dispose() when the connection is to be removed.
-     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
-     * @param session_id [in] A 32 byte session id for session resumption. This 
-     * can be null if no session resumption is not required.
-     * @return An SSL object reference. Use SSL.handshakeStatus() to check 
-     * if a handshake succeeded.
-     */
-    public SSL connect(Socket s, byte[] session_id)
-    {
-        int client_fd = axtlsj.getFd(s);
-        return new SSL(axtlsj.ssl_client_new(m_ctx, client_fd, session_id));
-    }
-}
diff --git a/bindings/java/SSLReadHolder.java b/bindings/java/SSLReadHolder.java
deleted file mode 100644
index e51e0a593d..0000000000
--- a/bindings/java/SSLReadHolder.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-/**
- * @class SSLReadHolder
- * @ingroup java_api 
- * @brief A holder for data read in an SSL read.
- */
-public class SSLReadHolder
-{
-    /**
-     * @brief Contruct a new read holder object.
-     */
-    public SSLReadHolder()
-    {
-        m_buf = null;
-    }
-
-    /**
-     * @brief Retrieve the reference to the read data.
-     */
-    public byte[] getData()
-    {
-        return m_buf;
-    }
-
-    private byte[] m_buf;
-}
diff --git a/bindings/java/SSLServer.java b/bindings/java/SSLServer.java
deleted file mode 100644
index 7aa7fc09b5..0000000000
--- a/bindings/java/SSLServer.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.net.*;
-
-/**
- * @class SSLServer
- * @ingroup java_api 
- * @brief The server context.
- *
- * All server connections are started within a server context.
- */
-public class SSLServer extends SSLCTX
-{
-    /**
-     * @brief Start a new server context.
-     * 
-     * @see SSLCTX for details.
-     */
-    public SSLServer(int options, int num_sessions)
-    {
-        super(options, num_sessions);
-    }
-
-    /**
-     * @brief Establish a new SSL connection to an SSL client.
-     *
-     * It is up to the application to establish the initial socket connection.
-     *
-     * Call dispose() when the connection is to be removed.
-     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
-     * @return An SSL object reference.
-     */
-    public SSL connect(Socket s)
-    {
-        int client_fd = axtlsj.getFd(s);
-        return new SSL(axtlsj.ssl_server_new(m_ctx, client_fd));
-    }
-}
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
deleted file mode 100644
index a59de3f1fe..0000000000
--- a/bindings/java/SSLUtil.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * @class SSLUtil
- * @ingroup java_api 
- * @brief Some global helper functions.
- *
- */
-public class SSLUtil
-{
-    /**
-     * @brief Load up the ddl/shared library 
-     */
-    static
-    {
-        System.loadLibrary("axtlsj");
-    }
-
-    /**
-     * @brief Return the build mode of the axTLS project.
-     * @return The build mode is one of:
-     * - SSL_BUILD_SERVER_ONLY
-     * - SSL_BUILD_ENABLE_VERIFICATION
-     * - SSL_BUILD_ENABLE_CLIENT
-     * - SSL_BUILD_FULL_MODE
-     */
-    public static int buildMode()
-    {
-        return axtlsj.ssl_get_config(axtlsj.SSL_BUILD_MODE);
-    }
-
-    /**
-     * @brief Return the number of chained certificates that the client/server 
-     * supports.
-     * @return The number of supported client/server certificates.
-     */
-    public static int maxCerts()
-    {
-        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CERT_CFG_OFFSET);
-    }
-
-    /**
-     * @brief Return the number of CA certificates that the client/server
-     * supports.
-     * @return The number of supported CA certificates.
-     */
-    public static int maxCACerts()
-    {
-        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CA_CERT_CFG_OFFSET);
-    }
-
-    /**
-     * @brief Indicate if PEM is supported.
-     * @return true if PEM supported.
-     */
-    public static boolean hasPEM()
-    {
-        return axtlsj.ssl_get_config(axtlsj.SSL_HAS_PEM) > 0 ? true : false;
-    }
-
-    /**
-     * @brief Display the text string of the error.
-     * @param error_code [in] The integer error code.
-     * @see ssl.h for the error code list.
-     */
-    public static void displayError(int error_code)
-    {
-        axtlsj.ssl_display_error(error_code);
-    }
-
-    /**
-     * @brief Return the version of the axTLS project.
-     */
-    public static String version()
-    {
-        return axtlsj.ssl_version();
-    }
-}
-
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
deleted file mode 100644
index e04bd3c7d2..0000000000
--- a/bindings/perl/Makefile
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-all: lib
-
-ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../$(STAGE)/axtlsp.dll
-else
-TARGET=../../$(STAGE)/libaxtlsp.so
-endif
-
-ifneq ($(MAKECMDGOALS), clean)
-
-ifdef CONFIG_PLATFORM_WIN32
-PERL5_CORE:=$(shell cygpath -w "$(CONFIG_PERL_CORE)")
-else
-PERL5_CORE= $(shell perl -e 'use Config; print $$Config{archlib};')/CORE
-endif
-
-all: test_perl
-
-test_perl:
-	@if ! [ -d "$(PERL5_CORE)" ]; then \
-		echo "*** Error: Perl not installed at $(CONFIG_PERL_CORE) - go to " \
-        "http://www.cpan.org/authors/id/G/GR/GRAHAMC/SiePerl-5.8.0-bin-1.0-Win32.INSTALL.exe" && exit 1; \
-	fi
-
-endif
-
-lib: $(TARGET)
-AXTLS_HOME=../..
-SSL_HOME=$(AXTLS_HOME)/ssl
-CONFIG_HOME=$(AXTLS_HOME)/config
-OBJ:=axTLSp_wrap.o
-include ../../config/makefile.post
-
-ifndef CONFIG_PLATFORM_WIN32        # Linux/Unix/Cygwin
-
-#
-# Could have used libperl.a, but it increases the library to over 1MB, so just
-# use libperl.so. But this needs to be in the shared library path for things to
-# work.
-#
-$(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
-ifdef CONFIG_PLATFORM_CYGWIN
-	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll
-endif
-	@install axtlsp.pm ../../$(STAGE)
-
-CFLAGS += -D__USE_GNU -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
-else
-CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
-CFLAGS += /I"$(PERL5_CORE)"
-LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)"
-
-$(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
-	install axtlsp.pm ../../$(STAGE)
-endif # WIN32
-
-clean::
-	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm
diff --git a/bindings/vbnet/Makefile b/bindings/vbnet/Makefile
deleted file mode 100644
index bcd6cae4d2..0000000000
--- a/bindings/vbnet/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-clean::
-	@rm -f axssl* axInterface.vb
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
deleted file mode 100644
index 9cec32c789..0000000000
--- a/bindings/vbnet/axTLSvb.vb
+++ /dev/null
@@ -1,179 +0,0 @@
-'
-'  Copyright(C) 2006 Cameron Rich
-'
-'  This program is free software you can redistribute it and/or modify
-'  it under the terms of the GNU General Public License as published by
-'  the Free Software Foundation either version 2.1 of the License, or
-'  (at your option As ) any later version.
-'
-'  This program is distributed in the hope that it will be useful,
-'  but WITHOUT ANY WARRANTY without even the implied warranty of
-'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-'  GNU Lesser General Public License for more details.
-'
-'  You should have received a copy of the GNU General Public License
-'  along with this program if not, write to the Free Software
-'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-'
-
-'
-' A wrapper around the unmanaged Integererface to give a semi-decent VB.NET API
-'
-
-Imports System
-Imports System.Runtime.InteropServices
-Imports System.Net.Sockets
-Imports axTLSvb
-
-Namespace axTLSvb
-    Public Class SSL
-        Public m_ssl As IntPtr
-
-        Public Sub New(ByRef ip As IntPtr)
-            m_ssl = ip
-        End Sub
-
-        Public Sub Dispose()
-            axtls.ssl_free(m_ssl)
-        End Sub
-
-        Public Function HandshakeStatus() As Integer
-            Return axtls.ssl_handshake_status(m_ssl)
-        End Function
-
-        Public Function GetCipherId() As Byte
-            Return axtls.ssl_get_cipher_id(m_ssl)
-        End Function
-
-        Public Function GetSessionId() As Byte()
-            Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
-            Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
-            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE)
-            Return result
-        End Function
-
-        Public Function GetCertificateDN(component As Integer) As String
-            Return axtls.ssl_get_cert_dn(m_ssl, component)
-        End Function
-    End Class
-
-    Public Class SSLUtil
-        Private dummy As Integer    ' need something here
-
-        Public Shared Function BuildMode() As Integer
-            Return axtls.ssl_get_config(axtls.SSL_BUILD_MODE)
-        End Function
-
-        Public Shared Function MaxCerts() As Integer
-            Return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET)
-        End Function
-
-        Public Shared Function MaxCACerts() As Integer
-            Return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET)
-        End Function
-
-        Public Shared Function HasPEM() As Boolean
-            If axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 Then
-                Return True
-            Else
-                Return False
-            End If
-        End Function
-        
-        Public Shared Sub DisplayError(ByVal error_code As Integer)
-            axtls.ssl_display_error(error_code)
-        End Sub
-
-        Public Shared Function Version() As String
-            Return axtls.ssl_version()
-        End Function
-    End Class
-
-    Public Class SSLCTX
-        Protected m_ctx As IntPtr
-
-        Protected Sub New(ByVal options As Integer, _
-                ByVal num_sessions As Integer)
-            m_ctx = axtls.ssl_ctx_new(options, num_sessions)
-        End Sub
-
-        Public Sub Dispose()
-            axtls.ssl_ctx_free(m_ctx)
-        End Sub
-
-        Public Function Read(ByVal ssl As SSL, ByRef in_data As Byte()) As Integer
-            Dim ptr As IntPtr = IntPtr.Zero
-            Dim ret as Integer = axtls.ssl_read(ssl.m_ssl, ptr)
-
-            If ret > axtls.SSL_OK Then
-                ReDim in_data(ret)
-                Marshal.Copy(ptr, in_data, 0, ret)
-            Else
-                in_data = Nothing
-            End If
-
-            Return ret
-        End Function
-
-        Public Function Write(ByVal ssl As SSL, _
-                ByVal data As Byte(), len As Integer) As Integer
-            Return axtls.ssl_write(ssl.m_ssl, data, len)
-        End Function
-
-        Public Function Find(ByVal s As Socket) As SSL
-            Dim client_fd As Integer = s.Handle.ToInt32()
-            Return New SSL(axtls.ssl_find(m_ctx, client_fd))
-        End Function
-
-        Public Function VerifyCert(ByVal ssl As SSL) As Integer
-            Return axtls.ssl_verify_cert(ssl.m_ssl)
-        End Function
-
-        Public Function Renegotiate(ByVal ssl As SSL) As Integer
-            Return axtls.ssl_renegotiate(ssl.m_ssl)
-        End Function
-
-        Public Function ObjLoad(ByVal obj_type As Integer, _
-                ByVal filename As String, _
-                password As String) As Integer
-            Return axtls.ssl_obj_load(m_ctx, obj_type, filename, password)
-        End Function
-
-        Public Function ObjLoad(ByVal obj_type As Integer, _
-                ByVal data As Byte(), ByVal len As Integer, _
-                password As String) As Integer
-            Return axtls.ssl_obj_memory_load( _
-                    m_ctx, obj_type, data, len, password)
-        End Function
-    End Class
-
-    Public Class SSLServer 
-            Inherits SSLCTX
-
-        Public Sub New(ByVal options As Integer, _
-                ByVal num_sessions As Integer)
-            MyBase.New(options, num_sessions)
-        End Sub
-
-        Public Function Connect(ByVal s As Socket) As SSL
-            Dim client_fd As Integer = s.Handle.ToInt32()
-            Return New SSL(axtls.ssl_server_new(m_ctx, client_fd))
-        End Function
-    End Class
-
-    Public Class SSLClient 
-            Inherits SSLCTX
-
-        Public Sub New(ByVal options As Integer, _
-                ByVal num_sessions As Integer)
-            MyBase.New(options, num_sessions)
-        End Sub
-
-        Public Function Connect(ByVal s As Socket, _
-                                ByVal session_id As Byte()) As SSL
-            Dim client_fd As Integer = s.Handle.ToInt32()
-            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id))
-        End Function
-
-    End Class
-End Namespace
diff --git a/config/Config.in b/config/Config.in
deleted file mode 100644
index c68e95a664..0000000000
--- a/config/Config.in
+++ /dev/null
@@ -1,120 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-
-mainmenu "axTLS Configuration"
-
-config HAVE_DOT_CONFIG
-    bool
-    default y
-
-choice 
-    prompt "Platform"
-    default CONFIG_PLATFORM_LINUX
-
-config CONFIG_PLATFORM_LINUX
-    bool "Linux"
-
-config CONFIG_PLATFORM_CYGWIN
-    bool "Cygwin"
-
-config CONFIG_PLATFORM_SOLARIS
-    bool "Solaris"
-
-config CONFIG_PLATFORM_WIN32
-    bool "Win32"
-
-endchoice 
-
-menu "General Configuration"
-
-config PREFIX
-    string "axTLS installation prefix"
-    depends on !CONFIG_PLATFORM_WIN32
-    default "/usr/local"
-    help
-      Define your directory to install axTLS files/subdirs in.
-
-config CONFIG_DEBUG
-    bool "Build axTLS with Debugging symbols"
-    default n
-    help
-      Say Y here if you wish to compile axTLS with debugging symbols.
-      This will allow you to use a debugger to examine axTLS internals.  
-      This increases the size of the binary considerably and should only be 
-      used when doing development.
-      If you are doing development and want to debug axTLS, answer Y.
-
-      Most people should answer N.
-
-menu "Microsoft Compiler Options"
-depends on CONFIG_PLATFORM_WIN32
-
-choice 
-    prompt "Compiler"
-    depends on CONFIG_PLATFORM_WIN32
-    default CONFIG_VISUAL_STUDIO_7_0
-
-config CONFIG_VISUAL_STUDIO_6_0
-    bool "Visual Studio 6.0 (VC98)"
-    help
-        Use Microsoft's Visual Studio 6.0 platform.
-
-config CONFIG_VISUAL_STUDIO_7_0
-    bool "Visual Studio 7.0 (2003)"
-    help 
-        Use Microsoft's Visual Studio 2003 platform.
-
-config CONFIG_VISUAL_STUDIO_8_0
-    bool "Visual Studio 8.0 (2005)"
-    help 
-        Use Microsoft's Visual Studio 2005 platform.
-
-endchoice
-
-config CONFIG_VISUAL_STUDIO_6_0_BASE
-    string "Base"
-    depends on CONFIG_VISUAL_STUDIO_6_0
-    default "c:\\Program Files\\Microsoft Visual Studio"
-
-config CONFIG_VISUAL_STUDIO_7_0_BASE
-    string "Base"
-    depends on CONFIG_VISUAL_STUDIO_7_0
-    default "c:\\Program Files\\Microsoft Visual Studio .NET 2003"
-
-config CONFIG_VISUAL_STUDIO_8_0_BASE
-    string "Base"
-    depends on CONFIG_VISUAL_STUDIO_8_0
-    default "c:\\Program Files\\Microsoft Visual Studio 8"
-
-endmenu
-
-config CONFIG_EXTRA_CFLAGS_OPTIONS
-    string "Any extra CFLAGS options for the compiler?"
-    help
-        Do you want to pass any extra CFLAGS options to the compiler as  
-        you build axTLS? If so, this is the option for you...  For
-        example, if you want to add some simple compiler switches (like
-        -march=i686), or check for warnings using -Werror, just those 
-        options here.
-
-config CONFIG_EXTRA_LDFLAGS_OPTIONS
-    string "Any extra LDFLAGS options for the compiler?"
-    help
-        Do you want to pass any extra LDFLAGS options to the compiler?
-
-endmenu
-
-source ssl/Config.in
-config CONFIG_AXHTTPD
-    bool "Enable HTTP/HTTPS Web Server"
-    default y
-    help
-        Build the AXHTTPD web server
-
-source httpd/Config.in
-source bindings/Config.in
-source samples/Config.in
-source ssl/BigIntConfig.in
-
diff --git a/config/JMeter.jmx b/config/JMeter.jmx
deleted file mode 100755
index f62c03f0ee..0000000000
--- a/config/JMeter.jmx
+++ /dev/null
@@ -1,247 +0,0 @@
-<jmeterTestPlan version="1.2" properties="1.8">
-  <hashTree>
-    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="axhttpd Test Plan" enabled="true">
-      <elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-        <collectionProp name="Arguments.arguments"/>
-      </elementProp>
-      <stringProp name="TestPlan.user_define_classpath"></stringProp>
-      <boolProp name="TestPlan.serialize_threadgroups">true</boolProp>
-      <boolProp name="TestPlan.functional_mode">false</boolProp>
-      <stringProp name="TestPlan.comments"></stringProp>
-    </TestPlan>
-    <hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 1" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Normal" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol"></stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">80</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 2" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="RC4" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">443</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 3" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES128" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">2443</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 4" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES256" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">3443</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
-      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 5" enabled="true">
-        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.delay"></stringProp>
-        <stringProp name="ThreadGroup.duration"></stringProp>
-        <stringProp name="ThreadGroup.num_threads">16</stringProp>
-        <boolProp name="ThreadGroup.scheduler">false</boolProp>
-        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
-          <stringProp name="LoopController.loops">10</stringProp>
-          <boolProp name="LoopController.continue_forever">false</boolProp>
-        </elementProp>
-        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
-        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
-        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
-      </ThreadGroup>
-      <hashTree>
-        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Skeleton (RC4)" enabled="true">
-          <stringProp name="HTTPSampler.path">/index.html</stringProp>
-          <stringProp name="HTTPSampler.method">GET</stringProp>
-          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
-          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
-          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
-          <stringProp name="HTTPSampler.port">1443</stringProp>
-          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
-            <collectionProp name="Arguments.arguments"/>
-          </elementProp>
-          <stringProp name="HTTPSampler.mimetype"></stringProp>
-          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
-          <stringProp name="HTTPSampler.monitor">false</stringProp>
-          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
-          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
-          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
-        </HTTPSampler>
-        <hashTree/>
-      </hashTree>
-      <ResultCollector guiclass="StatGraphVisualizer" testclass="ResultCollector" testname="Aggregate Graph" enabled="true">
-        <objProp>
-          <value class="SampleSaveConfiguration">
-            <time>true</time>
-            <latency>true</latency>
-            <timestamp>true</timestamp>
-            <success>true</success>
-            <label>true</label>
-            <code>true</code>
-            <message>true</message>
-            <threadName>true</threadName>
-            <dataType>true</dataType>
-            <encoding>false</encoding>
-            <assertions>true</assertions>
-            <subresults>true</subresults>
-            <responseData>false</responseData>
-            <samplerData>false</samplerData>
-            <xml>false</xml>
-            <fieldNames>false</fieldNames>
-            <responseHeaders>false</responseHeaders>
-            <requestHeaders>false</requestHeaders>
-            <responseDataOnError>false</responseDataOnError>
-            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
-            <assertionsResultsToSave>0</assertionsResultsToSave>
-          </value>
-          <name>saveConfig</name>
-        </objProp>
-        <stringProp name="filename"></stringProp>
-        <boolProp name="ResultCollector.error_logging">false</boolProp>
-      </ResultCollector>
-      <hashTree/>
-      <ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="false">
-        <objProp>
-          <value class="SampleSaveConfiguration">
-            <time>true</time>
-            <latency>true</latency>
-            <timestamp>true</timestamp>
-            <success>true</success>
-            <label>true</label>
-            <code>true</code>
-            <message>true</message>
-            <threadName>true</threadName>
-            <dataType>true</dataType>
-            <encoding>false</encoding>
-            <assertions>true</assertions>
-            <subresults>true</subresults>
-            <responseData>false</responseData>
-            <samplerData>false</samplerData>
-            <xml>false</xml>
-            <fieldNames>false</fieldNames>
-            <responseHeaders>false</responseHeaders>
-            <requestHeaders>false</requestHeaders>
-            <responseDataOnError>false</responseDataOnError>
-            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
-            <assertionsResultsToSave>0</assertionsResultsToSave>
-          </value>
-          <name>saveConfig</name>
-        </objProp>
-        <stringProp name="filename"></stringProp>
-        <boolProp name="ResultCollector.error_logging">false</boolProp>
-      </ResultCollector>
-      <hashTree/>
-    </hashTree>
-  </hashTree>
-</jmeterTestPlan>
diff --git a/config/Rules.mak b/config/Rules.mak
deleted file mode 100644
index c0308da053..0000000000
--- a/config/Rules.mak
+++ /dev/null
@@ -1,220 +0,0 @@
-# Rules.make for busybox
-#
-# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
-#
-# Licensed under GPLv2, see the file LICENSE in this tarball for details.
-#
-
-# Pull in the user's busybox configuration
-ifeq ($(filter $(noconfig_targets),$(MAKECMDGOALS)),)
--include $(top_builddir)/.config
-endif
-
-#--------------------------------------------------------
-PROG      := busybox
-MAJOR_VERSION   :=1
-MINOR_VERSION   :=1
-SUBLEVEL_VERSION:=0
-EXTRAVERSION    :=
-VERSION   :=$(MAJOR_VERSION).$(MINOR_VERSION).$(SUBLEVEL_VERSION)$(EXTRAVERSION)
-BUILDTIME := $(shell TZ=UTC date -u "+%Y.%m.%d-%H:%M%z")
-
-
-#--------------------------------------------------------
-# With a modern GNU make(1) (highly recommended, that's what all the
-# developers use), all of the following configuration values can be
-# overridden at the command line.  For example:
-#   make CROSS=powerpc-linux- top_srcdir="$HOME/busybox" PREFIX=/mnt/app
-#--------------------------------------------------------
-
-# If you are running a cross compiler, you will want to set 'CROSS'
-# to something more interesting...  Target architecture is determined
-# by asking the CC compiler what arch it compiles things for, so unless
-# your compiler is broken, you should not need to specify TARGET_ARCH
-CROSS           =$(subst ",, $(strip $(CROSS_COMPILER_PREFIX)))
-CC             = $(CROSS)gcc
-AR             = $(CROSS)ar
-AS             = $(CROSS)as
-LD             = $(CROSS)ld
-NM             = $(CROSS)nm
-STRIP          = $(CROSS)strip
-CPP            = $(CC) -E
-# MAKEFILES      = $(top_builddir)/.config
-RM             = rm
-RM_F           = $(RM) -f
-LN             = ln
-LN_S           = $(LN) -s
-MKDIR          = mkdir
-MKDIR_P        = $(MKDIR) -p
-MV             = mv
-CP             = cp
-
-
-# What OS are you compiling busybox for?  This allows you to include
-# OS specific things, syscall overrides, etc.
-TARGET_OS=linux
-
-# Select the compiler needed to build binaries for your development system
-HOSTCC    = gcc
-HOSTCFLAGS= -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
-
-# Ensure consistent sort order, 'gcc -print-search-dirs' behavior, etc.
-LC_ALL:= C
-
-# If you want to add some simple compiler switches (like -march=i686),
-# especially from the command line, use this instead of CFLAGS directly.
-# For optimization overrides, it's better still to set OPTIMIZATION.
-CFLAGS_EXTRA=$(subst ",, $(strip $(EXTRA_CFLAGS_OPTIONS)))
-
-# To compile vs some other alternative libc, you may need to use/adjust
-# the following lines to meet your needs...
-#
-# If you are using Red Hat 6.x with the compatible RPMs (for developing under
-# Red Hat 5.x and glibc 2.0) uncomment the following.  Be sure to read about
-# using the compatible RPMs (compat-*) at http://www.redhat.com !
-#LIBCDIR:=/usr/i386-glibc20-linux
-#
-# For other libraries, you are on your own.  But these may (or may not) help...
-#LDFLAGS+=-nostdlib
-#LIBRARIES:=$(LIBCDIR)/lib/libc.a -lgcc
-#CROSS_CFLAGS+=-nostdinc -I$(LIBCDIR)/include -I$(GCCINCDIR) -funsigned-char
-#GCCINCDIR:=$(shell gcc -print-search-dirs | sed -ne "s/install: \(.*\)/\1include/gp")
-
-WARNINGS=-Wall -Wstrict-prototypes -Wshadow
-CFLAGS=-I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)
-ARFLAGS=cru
-
-
-# gcc centric. Perhaps fiddle with findstring gcc,$(CC) for the rest
-# get the CC MAJOR/MINOR version
-CC_MAJOR:=$(shell printf "%02d" $(shell echo __GNUC__ | $(CC) -E -xc - | tail -n 1))
-CC_MINOR:=$(shell printf "%02d" $(shell echo __GNUC_MINOR__ | $(CC) -E -xc - | tail -n 1))
-
-#--------------------------------------------------------
-export VERSION BUILDTIME HOSTCC HOSTCFLAGS CROSS CC AR AS LD NM STRIP CPP
-ifeq ($(strip $(TARGET_ARCH)),)
-TARGET_ARCH:=$(shell $(CC) -dumpmachine | sed -e s'/-.*//' \
-		-e 's/i.86/i386/' \
-		-e 's/sparc.*/sparc/' \
-		-e 's/arm.*/arm/g' \
-		-e 's/m68k.*/m68k/' \
-		-e 's/ppc/powerpc/g' \
-		-e 's/v850.*/v850/g' \
-		-e 's/sh[234]/sh/' \
-		-e 's/mips-.*/mips/' \
-		-e 's/mipsel-.*/mipsel/' \
-		-e 's/cris.*/cris/' \
-		)
-endif
-
-# A nifty macro to make testing gcc features easier
-check_gcc=$(shell \
-	if [ "$(1)" != "" ]; then \
-		if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \
-		then echo "$(1)"; else echo "$(2)"; fi \
-	fi)
-
-# Setup some shortcuts so that silent mode is silent like it should be
-ifeq ($(subst s,,$(MAKEFLAGS)),$(MAKEFLAGS))
-export MAKE_IS_SILENT=n
-SECHO=@echo
-else
-export MAKE_IS_SILENT=y
-SECHO=-@false
-endif
-
-CFLAGS+=$(call check_gcc,-funsigned-char,)
-
-#--------------------------------------------------------
-# Arch specific compiler optimization stuff should go here.
-# Unless you want to override the defaults, do not set anything
-# for OPTIMIZATION...
-
-# use '-Os' optimization if available, else use -O2
-OPTIMIZATION:=$(call check_gcc,-Os,-O2)
-
-# Some nice architecture specific optimizations
-ifeq ($(strip $(TARGET_ARCH)),arm)
-	OPTIMIZATION+=-fstrict-aliasing
-endif
-ifeq ($(strip $(TARGET_ARCH)),i386)
-	OPTIMIZATION+=$(call check_gcc,-march=i386,)
-	OPTIMIZATION+=$(call check_gcc,-mpreferred-stack-boundary=2,)
-	OPTIMIZATION+=$(call check_gcc,-falign-functions=0 -falign-jumps=0 -falign-loops=0,\
-		-malign-functions=0 -malign-jumps=0 -malign-loops=0)
-endif
-OPTIMIZATIONS:=$(OPTIMIZATION) -fomit-frame-pointer
-
-#
-#--------------------------------------------------------
-# If you're going to do a lot of builds with a non-vanilla configuration,
-# it makes sense to adjust parameters above, so you can type "make"
-# by itself, instead of following it by the same half-dozen overrides
-# every time.  The stuff below, on the other hand, is probably less
-# prone to casual user adjustment.
-#
-
-ifeq ($(strip $(CONFIG_LFS)),y)
-    # For large file summit support
-    CFLAGS+=-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-endif
-ifeq ($(strip $(CONFIG_DMALLOC)),y)
-    # For testing mem leaks with dmalloc
-    CFLAGS+=-DDMALLOC
-    LIBRARIES:=-ldmalloc
-else
-    ifeq ($(strip $(CONFIG_EFENCE)),y)
-	LIBRARIES:=-lefence
-    endif
-endif
-ifeq ($(strip $(CONFIG_DEBUG)),y)
-    CFLAGS  +=$(WARNINGS) -g -D_GNU_SOURCE
-    LDFLAGS +=-Wl,-warn-common
-    STRIPCMD:=/bin/true -Not_stripping_since_we_are_debugging
-else
-    CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG
-    LDFLAGS += -Wl,-warn-common
-    STRIPCMD:=$(STRIP) -s --remove-section=.note --remove-section=.comment
-endif
-ifeq ($(strip $(CONFIG_STATIC)),y)
-    LDFLAGS += --static
-endif
-
-ifeq ($(strip $(CONFIG_SELINUX)),y)
-    LIBRARIES += -lselinux
-endif
-
-ifeq ($(strip $(PREFIX)),)
-    PREFIX:=`pwd`/_install
-endif
-
-# Additional complications due to support for pristine source dir.
-# Include files in the build directory should take precedence over
-# the copy in top_srcdir, both during the compilation phase and the
-# shell script that finds the list of object files.
-# Work in progress by <ldoolitt@recycle.lbl.gov>.
-
-
-OBJECTS:=$(APPLET_SOURCES:.c=.o) busybox.o usage.o applets.o
-CFLAGS    += $(CROSS_CFLAGS)
-ifdef BB_INIT_SCRIPT
-    CFLAGS += -DINIT_SCRIPT='"$(BB_INIT_SCRIPT)"'
-endif
-
-# Put user-supplied flags at the end, where they
-# have a chance of winning.
-CFLAGS += $(CFLAGS_EXTRA)
-
-#------------------------------------------------------------
-# Installation options
-ifeq ($(strip $(CONFIG_INSTALL_APPLET_HARDLINKS)),y)
-INSTALL_OPTS=--hardlinks
-endif
-ifeq ($(strip $(CONFIG_INSTALL_APPLET_SYMLINKS)),y)
-INSTALL_OPTS=--symlinks
-endif
-ifeq ($(strip $(CONFIG_INSTALL_APPLET_DONT)),y)
-INSTALL_OPTS=
-endif
-
-.PHONY: dummy
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
deleted file mode 100755
index f80a1cf6f7..0000000000
--- a/config/axhttpd.aip
+++ /dev/null
@@ -1,149 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.2" modules="freeware" RootPath="." Language="en">
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
-    <ROW Property="ALLUSERS" Value="2"/>
-    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
-    <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
-    <ROW Property="ARPURLINFOABOUT" Value="http://axtls.cerocclub.com.au"/>
-    <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
-    <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
-    <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{4708D414-9C0E-46D2-9B67-D6421C9C5F81} "/>
-    <ROW Property="ProductLanguage" Value="1033"/>
-    <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.0"/>
-    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
-    <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
-    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
-    <ROW Directory="New_Folder_DIR" Directory_Parent="APPDIR" DefaultDir="include"/>
-    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
-    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
-    <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
-    <ROW Directory="bin_DIR" Directory_Parent="test_dir_DIR" DefaultDir="bin"/>
-    <ROW Directory="no_http_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_http"/>
-    <ROW Directory="no_ssl_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_ssl"/>
-    <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
-    <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="another_dir" ComponentId="{3F073789-DB33-40BC-BF88-922C6DF252EC}" Directory_="another_dir_DIR" Attributes="0"/>
-    <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
-    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
-    <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
-    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
-    <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
-    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
-    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
-    <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
-    <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
-    <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
-    <ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
-    <ROW Component="htaccess_1" ComponentId="{953D1999-CC00-4F85-9B48-2CD83ACAE2F9}" Directory_="no_http_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\no_http"/>
-    <ROW Component="htaccess_2" ComponentId="{6F181A8B-B313-47E2-AF79-AABFDBD353D8}" Directory_="bin_DIR" Attributes="0" KeyPath="htaccess_2" FullKeyPath="APPDIR\www\test_dir\bin"/>
-    <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h health.sh htpasswd.exe another_dir htaccess htaccess_2 htaccess_1"/>
-    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
-    <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
-    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
-    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
-    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\_stage\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
-    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="5"/>
-    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\_stage\axtls.jar" SelfReg="false" Sequence="6"/>
-    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="7"/>
-    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="8"/>
-    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\_stage\axtlsj.dll" SelfReg="false" Sequence="9"/>
-    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
-    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
-    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="18"/>
-    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="22"/>
-    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="25"/>
-    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="24"/>
-    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="26"/>
-    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="21"/>
-    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="23"/>
-    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="27"/>
-    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="19"/>
-    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="20"/>
-    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
-    <ROW Path="&lt;ui.ail&gt;"/>
-    <ROW Path="&lt;ui_en.ail&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
-    <ROW Fragment="FolderDlg.aip" Path="&lt;FolderDlg.aip&gt;"/>
-    <ROW Fragment="StaticUIStrings.aip" Path="&lt;StaticUIStrings.aip&gt;"/>
-    <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
-    <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
-    <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
-    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
-    <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
-    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
-    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="3"/>
-    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
-    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="2"/>
-    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
-    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
-    <ROW Directory_="another_dir_DIR" Component_="another_dir"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
-    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
-    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
-    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
-    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
-    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
-    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
-    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
-    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
-    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
-    <ROW Action="AI_STORE_LOCATION" Condition="Not Installed" Sequence="1545"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1300"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
-    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
-    <ATTRIBUTE name="Compress" value="1"/>
-    <ATTRIBUTE name="FirstMediaSize" value="0"/>
-    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
-    <ATTRIBUTE name="InstallationType" value="0"/>
-    <ATTRIBUTE name="MediaSize" value="0"/>
-    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
-    <ATTRIBUTE name="Package" value="1"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
-    <ROW Shortcut="axhttpd.exe" Directory_="SHORTCUTDIR" Name="axhttpd" Component_="axhttpd.exe" Target="[#axhttpd.exe]" Description="axhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-    <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-    <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
-  </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
-    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
-    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
-  </COMPONENT>
-</DOCUMENT>
diff --git a/config/axtls.RES b/config/axtls.RES
deleted file mode 100644
index 2929b3b679fddfb78bb58ebbccc5c0c4a9eb37d8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22748
zcmeHv30##&mTzG?K4*D7Jw0!hH?QA&nx&IYC+SQlopu+K7&VE;M57o{F>Z(o7g<CQ
zM0OMfWV;~3WxujsSugu#QC4M90Yw4D1$SIQQUC8>A6}*Hq&q!t=JmYaq>@9`t*@3-
zr|PS({&mh#2qDIjfMH_tcY^lE#^*1vjEVB>CqMa%9~le1&cr(;3zCT#!@okf|D_TQ
z{~4~Lq`^+y-QAgXXRQ1cJv}{Q?AWnFqtOTp3k%_H;BO12-8I7<kF^jQgF%>TdV~c@
zX7==$iXM#x(-!<iGIeKpcVWspW8DobXAtfrO%H^jhq1d527|0OmSx$OyQwf}*oMJ^
zd2EL?cC3XkHRW#>?lG`Jk2~{779^n&WI&i&Xvm|6ylcoW`ysCylA)(Z3=R$oCnqQ2
z=jSK-`uap|ZLR3&=nz`1R_OJ5p;oKKAjhv#ISF0QplI$N6dHXk+tUh-RwrtkJIG6)
z&~*&5+#qE=D1w6YY`aew`UZu{NyYY6!kz60sr}fFmVIeOke`mf*}k?}=nc)n(9y$w
zdxWl8w$(56J^iAVq-DE$wqszw9V90e+j934enEbW)k0;dVLKe(EUj=NPby2TaCg!Q
zwMO#CH2d*mKN_80_;Kt(S_8*r5bB^>q1H7EZEZ8hOlocxIzxxh)piKIB#z5KYNjmw
z^gS%sBlP62mZUcHiDr(kgYxPj>B(<xA9-#juar?O`K=|dJtURNlKePP4(`Iq-CfKY
z?<XuRgP0DY9D;<UnOaz?)RdW;JTa!cH5#>;^^QhZa?UI{K9!S(GSqM`NE(jSR4Xhw
zUJEmhmt-l&O>&ZB_oIB(d^StRdK^2)ua=}CX>~%Y(+M*(J?rTyFTHRlSz1yyBuf=z
zcRlBZG3QV%NzRc*FSI1JmU1L%NovYdCrQt_Ci(dp_{_le8B@M`17)qLrMyYHTCQUf
z*Opq}%;%IlNk_TsNd{7ozJt#?xGuT&DF0^4UduJwOnG;3o$6}2p13yp`ul{2@-|T3
z&7?j_{ry}wls(r<2iJ2yskRSXFAx}nuynEz|0FEM*fEx3-aJcTVQI;+lAK5uDy|uo
zm}Sa2vUKA5l5^$6wMFuC5<i4LECG}MH(~tv@$5*__X^`LjUGK|{IyAwt||3Q#*e>t
zNeRP0pKF7Sk3Nz+ZSv$Jlc!ALkMWa6cTGMrjbXC0k|E1Kt2zGCq)DS&r<$5ZMNOSN
znrY{0Q%$2L%CN?C%#kURCS8&x$iXFr>1(4WPo6TRb<D&G6HHs3C$sRxQ4=Oi_<&*F
zgb7hor%h{}JS}(X)ZEr7mn6@lou`hOc4XSriK|vk95ZIGEd0Sd8RXv&CX8Y?YbK5w
zHEPY&$&<#9o;<B)>Y6WYoX1T3U`*76QKMwppdi_}3_(HchgG7YqD;rsuzc6li4#{(
z7&X&3(5uzgIbrpxFXnx)XYIRR>E_HaR8|@iRtJ4CVd5AL+<D5BDWflq?;69}6N2V_
zc_eV<%55LqpKyQZ-8oHWW@ei=pK@{8>gr`W7#3AC>%^>Cu3oeK#*d#eb;7(o2Sb8_
z?q;tHTrz4%{b0e*ezy5k=lk8}=1Z6MF26WMZ8fKHu}g2S>#VLm6O-J;kdT>e8EYfL
z!(6X^Z5etiwCQJ?-+$lRd*>(T&z}#NYwn}X>|XBE+v~M$)}&8OOsuolS<hNr@zqAl
z6sxSln73}L%zn1{<o3Vy-g*AKg~caly?u&G7dNbn_|n?p$Wiz4;}_4|)ZzAZ+gA%q
ziu8JIQcS2_%XSw3+smJv|1iMf%KP3vt(6n*2L-K~FfnS(v?-U`4|lk=JGsnQG{?|T
zTCy=!)7-Ls`*!ckOV5A!dB7*1>|FNSa`m35@bE7mPna-jZ%x<n8ErG#XS8qHlw+Hb
zzG1<FvKgHxy}i$WV)5bUpRf4jL;nlg9wdjw$A*QEF`YkgVpOivB3qTp)_ze{j%vYz
zl$g+Z7Y}nv=EDzV`42x_wxc05Cdn!}Iqcw($#ql5<SyEny5QrFKh9c^mGyCEl9g52
zadS`erON_Ve184<u5XqtpWAw%s7Rj_V-*>`cIN0QQ<_w1TB{@$wBi>$t>nOBH@CU|
zOP78A%||zOf3)kuT;Cpt#`nw|^_j6L>USMxU-R&2QEgbie!X^m(fX1(^(7yheeJny
z*|HU~{O)CQeG;N-PHd@Oyrt2xB!B<A5wlO9_V74$%r0GJJLB*S`~7(_g<pTPeA(w8
zt^8>BM?2=OY`ilnD%ZJd@-)+gX^Tr2gwH&5c*gP5r|ge)+O;^f+ZX2Lm$)8pKD*<i
zk3L%IGiZBh;ot-c-ZW~|o;9uKF7<609UUFLE-~G5hMRdyi><0SFSXpIzSErLR|c+C
zXKia7niwn>`JS+;qm|uY{`@ubqb>6n<{WCav&$+>DQRmm>z=#(;zi%t>%RK9ZSlsa
zF;S+b`{GmH;|o0gGZSFVnl<qS8{^_4e_fn!mG)j))9JZ$m-~3RPp`Gsl(;y?Wz<e?
zomP^$aCnord2?XisPGg@I4LH^s;G2P^C?fyuf1kp<Brf6_i?>h(Z{OvNXyKm_lC=_
zAw#&QPA<~s7o;uxDn0veoSfQc^^KoCozML$eqG>LUyz@lpR{52aC!dy^xWi`Vd|21
zE#D0bk507CbvSeFvrk#RfBa`>{zkW8L;c1L>abZ)i_65NNlRv0FPY>#+TFct%7~qb
zOgUFHE_QI3{d;>QrN!6h`OrUo{G}z6J~J`-jARVc<!<*RjM(?&<4>7AT|P3F{T}hB
z)4xZdKUa}I{B`@`DY1`)KRnlezxW4<{b31wUpX4fX$eiovPnSV*ilO3&*ND6+?4bb
z$Nq>vjKRd1Q09>5TH-{Wr$=H}i6tfOl(<p|i(y=<=^-`{3g#SZDsd-&jO8<u#G4Av
z6z;@<?oaWh1@UFiSc8IP73}NYqu^h6!|!5Ei7ky-Q{qmEF(uZNxKUzHiKis~lbF&k
zD2NzJO}rxUi^LnX3f7WXRN_mCM~%31kY{~)-dFJI6WnQO!81L_?Bo>0v8&mhdKg!!
zG{Q_`sCmRsl8hLNu|}gMj?og|4C5#Z_U&Y$BTgb_eS)DRF47PaY1G4*Qb){VsFm2K
zmN>GO7>U@17)N3oi7zF-k=RB<Y@^^Cjx$J4xjey@3jXE1NSq@vu%TlZTXqoNXgO9R
z29~(8mbk`JWkG%{6?`dijKsz7{Djzr_(ftECy8H3X7k*Ku_y7TALZcZ=Pt(olOOB)
z5%2g>E+pb<cg};v)PBV15~o|tA~v<4%qX{cudBtpS(KZ^supUNryNP{60b_qsEH9t
zT0Wmgd}>C#O5Ez_M+$m|TeVu^S<2ju@>WSAc6Fz`EiIWQDfm@I{Oa@s$NKS}AZQrR
z1`*S$Ng7g+mTipZe8_om(ve5vTvCvX-I+(ctKj}1=Bb&-Ia9DNW1UP(3~Z|BnDjy=
zX&%W;ui#-n71K^kyXz@G;#yJ=$;pptlElVNT&K#N0@r|_hFF*+@v+3k@}5C&U>Qr^
z<v1D0mw`B%G1rN_fAAwlmN;2WoGh`jmN?l@O<YX!lX#h=BdLj-HIj&(^&~CVm7b*K
z+LAcBnWRxSvkr-CEr=wswT`6aeTs%_PTp-8F*aZ9KWq56_`Z*O;f+^bd1c%<6O(b{
zm{3yB+GXCWFEhL$6R*Gg;)^f7{Q3*yo&**fx9Zh5I>RUbeDSN5uZ?<X^5n_RlV5tR
z^7Yr}y!dkG3*%l`{_4x&i|35``KY(~(9zME!O`KRmqz{k=Rbd&ZNB>2&tH1UY~8YT
zpT0E3$!A~2FMhG$tFOYHT;6{D)mK-&@yfVY-**0Bn#0@H6Jn>j{i^5wiWOGt*Ke@S
z4)|&r&ztMUnaqFN@7HD1y-GF|ZSlM~uwu2<TQ)YoeAE2Unl%rwoX<}hmRR-{)xY!3
z49|}&EC&AC%Esm`E2}lf-+pQGsMlUzHLiaN9zXt<1??>b+G7^0SFeBTz2Cg`)|<cH
zWoqi{@zSW*Uj2H}v9@#n@@26$Vej>o>({?!^PAti_uji{fl=|npT0ilwU<k^vp)X#
zi!Wx)otZkccKt6^zp>l&n>XLRQP@?JyXRM*zVO0|tNF7NXMU2b|Ha|UmT$hPvU~si
zP4AjjEL*ztO4B<ZX0Cd;a^*K?kDdAYR^!3X*R22L`|rO$_R+ejFTJ?<b@gk@AC%6I
zh{*Y}WaWzciyA&}GQY>?*3&;)vwPG_qg=gWU!m}K`0t!PFRT1$^XIb{4qCnY?z)Y-
z6!V2)adSSK)on6iyotU2<ZbV~6BIPJu65ChwU+B%F<F=1aQAe{FAA!=<s2_w+^PQ6
z%z3k;Lt?6ahK=Log#JtZ=~H<#K4kO5VdL@>H&@+Wwfv27^7q8?zkTI=@2}6lF#OPD
z(vx^(^xId)@vQqa=eH)~CQg|2tl+qbCKFiT-y-~3Up{s|e4cpr_ureJXFUz4EMMgD
zLE%H5V_s0YfBqcv6Xwb?#&eA6h_eebp9Z!l9zA*_9z1v`9u7ScLqiY6&_kw~_xSN+
z@%Ry#_lRX4i%0y8$2=F{p}2DOs<?RhyeKbg5=ncjM1F3KD6g#(ZQb3<J@{ih615Gd
zgeI;|Xrd2^ix;l3k0G(u$6jppauzn<#EP|RwPN`~t?<~MEi|RAqOs?)xP0Tfh)XCH
z?pyW3$0to#uZ<OZLu$mnynGRvT`U4)%SB9ao!GIjLRhaX5Xm|1!f@`kXu5P=MDMQ_
z>d15v80;(JQuc`$O{!>bJ1-iJw2RQB8nJnEuCQ93D(u#$2}i3;;k%<ml$^XMiqGE>
z^*0}hBLfhHO~*xiRH2C6(J0*Q4+ww13{hH9C8ATyMJ&G^`!WxTU7>km&5~r{?2;{F
z4t9y?Lsvw0*MP|H84&u@{bIXAidZ^thj4NB7tzrXqJX?d#Kw!b%xn?1S0}bRC5h0W
zTJh<mox)qwD1vg%i<G9jBE4%!ly%+_vEkJsJ~dCorDcn%+D38r?p>kF$`qcS-onk@
zLljh1i_*G!VYS9q*r+_kj?hdIvaeXgrd4s=2gD|;Z6aBlBg(1|i`KT2;tuO~b#;k@
z2M>w;`%{JMR#$Q0K$b{M)Cf1%t-?;VN!VK32q#BJ5uXq%viU4IDM1*@%f#*5w?$i9
zn>cmql(=>4mbiB9n&>>$shlk@UcAUP0`ZXR#cASC6*6#beK^rveE#8AV#eGBV(j#}
zV(k1GV!`aWV!ruwF-OJ=z7z{S|5ChdwL+}mO6>pbPZg4D_A}D7C#&;q#(z><=0g0$
z@MCf8#E-?pKcVh;mYqbBuZ7fQ$v$mXI*8TQ_G0V`Yx2KZ*srq|cI1DfjO{lGdz(!{
z#j^i5yqf;xr$W-aKcP=4v&k&~k0cpJlVqM3nK$zC7W2N(7-aoF6vm8_yS4IX%$`wW
z#+aD+@7Nh&vTJu>P_T)~m@&@0vvk|$zTLyq%iG7-&uaaKjn+0Q+f8=%4vw3hw*12q
zUal>-Sn<uuRjb$VGi3GYXLII$KJSY!=P&qb;UcreUr(AmW$HB3=^uRf(TtC0&YJzn
zFW-FY?O(m~FTZ~Gz2Ch5+wl`7{?GsQzsHVy>E%~m{rPLJ|Kbf3lfU`N-~ROP{@dUG
zgULVs(|`Zx|1s)k#&5}A|5uYAOMXU;df`Vej{YxWOve1^FaGkcOyqR_!7z-)|6q}C
zeQ2zweN~9DEHR8Hf25Rsejk2^xfUc7rKAw<tn)+oK>|NW;0Fo(N0ET>e97~kF-d^*
z_*=<X!1&zw`}x@T{Ex-5o-FfxFy<NK=bu0S+gMJ<#`L$9F+TtIj%D9QK1TLs%zr*_
zWIoU1N?jQb4GrP`{rd{>ob@~TBg>6U%eLijW8TQVzAf+h=f*O|c;xeuY00w;#=Mc`
zWm@vh^CG&tyK(yTY4DyBckbK)&y=`)`7*9txuT@+-Mgohm353kj#bvDO$~VN#Ely_
zaQ*sqr9Bx-x_R>^WZef39>6FYBQG+R?TzHg`0V+7+2_b|Qs$B*uafVwvNB|4WuZ{7
zM_pYV>S}9IUS5vsg9mZ)<VjE)4xZ7KI<lTj%RE{4=+UF7si}d%U_ePpi9*H2#Y$XV
zU5%!uW^{ITD&>u1k!_6RN2ZND$#EL_|F&4lOv>fz)vJn(d&olt`%X+sLYP_&-VY-r
zBm}|1!AMKdqOran-Dl3=($y=<e8{;veE2YUhm7RpWJE?rA}A;b0RaKv{WARh{o(6N
z^6|y)-MbJG5srj}1Vu(t78fpDP{v}MAIS%m&p5+Acvp_z-d=?-$)lXxk>inLlxstl
zt0!Oe4GlQi-i}VTTS-~P#%b8E4`^cr7Z(@o<yhp{jx;ypAm^l@pa3Z;DdZ_a;dSfQ
zt=PPIGaMWoU~lh$O`A3;WVguywzivKXK%;n4%q6lRT*PiTADKMqM{;HR8&CDPhnvp
zGBPrdnwpCJ`}ZR=GZU4Sl{j(Ygt8WmJj=CAJcM)S&Y`)f3F&MrHfA4k3-VFQ^;5z&
zwVVS#%Fo`;P9eV?{)mZ*K|*{y!b3tSS6{ffxnYab7V_+<@M=#U?d-_6oeC;j8^*Q@
z?<!lBl4oactCZVJnRt47KAodoyLNGYb}PTPZ}$Lo74Y=(#4hGZ8P(L(D*VcKN6tBI
z)sUB$hn(D8XvzDopg@-QLwqvV2-j$QVj_IJeW6m>A&%+bJ$vBb?1JrHUfAYJIXl=x
zMfuuF{>YQHY9p*|Y#48XwY5F$R4&+L?SxG>PO#m;`LNjxI~xaV+^`-tHr8;oXBj&Z
zV@Jo$*hYT+{rwQMI}jmzf)T>?st$`lVq5}pvvbhc*no@NPvm-+?^t?zx>DZPZwIz{
zc*B0PJ+``fAR#3KC(d0&@7;T-J8=rd74>L4*N5sO%?OW(ho?sXc~ZgALB%y<LtZw)
z!O<P=+alrN5eFZ?RQT^WfY9J#@{o^+utFs6%SUod5n`kB5Ehll@%zBedIKCdSCV%h
zA1`R)_Hn<+Lv76=v@{<fHR0H?<LKyULudC1oITg0tRKmLYiq0W4#_p`zHK}FyaV90
znR41h8FJoTef^*-uR>4%06MSULFbJ-sBAt4m5nV_8*Sj^xCJUJ6>O|F!`&kWA-jvn
zR}J<iH$k1!h`nh|*q70ay}BmE7q=t3x)WIj(!rC+tM5d8^94jlN5X0a*QMnS><$P;
zPIflx8;_x~p%n)YA4kK{lPEcK3=PM6aQfV3^j^3^*$?7A*UzzI$GE1Fm3Pvb>(bVF
z8<JA>aCGy9t<6T*Zrq5KtJWhrJ`*SU?%`}d>$IQYd*=nKHQQi5-ybt4yI{R-Je<QT
z;Sp7h$ebp`mb61%&<;&e7cwi(A^XTRWVT#IdizymAH9yMwi`Hf>MEKpTu0l<PFQ{(
zfaNpOu_w3)S$S2^mvtbg>;%ecdr@_y4@EWYsBP&&Q_CstLDzYeHT;c8(`6$nHV#g1
z?h3_db;v9|4ByZ+c(_Ht%OeP`TLWQZy$5-<9XL6750&jFU}qJJ>A&>DKaX06nG^gF
z5Z3_b&}xL}nvqz38v80wL0x(gd&|y2fAkKrI`3j{^G(Dw^<y97qEmw?JJE-X;}>wG
z>nt4R?Z?__MbPE;qW;7cv~*sBq47MbT6=M@?F=egIakL|;@qW+7<x4H^qUtJqs88Y
z3<QM6ATll$waq7RpzH|3_vInLCmr6~_Vb-fz{*8hESedI&5jkY+)#{}zmCBhW47ae
z{naYCx*tGrdNVvUO$g0CilF><xW=7>!=4KWD?EqXqxTVg>^8!W-^2d4dq`{>L~iFj
z=nnNkQ+*AGd-||zQ!XMrDv@7y7zt^m*b^ED-<=_F;X4_cl8C(gG8C0oqLlAMQ`<2N
z-WyQ9YuOcbh)&BzoURD8VMIamag-eEMOr}<eEI$bdgWk`V<C20>f!lK9z2)k!}^O1
zESjE#FW%XUS-<r{K&%0~vYO$a(TP2IC*had1Iyhfu*vr{4m96G=J7$qbPVFa*#Q)t
z9zb&20P;HrkeGi7;U!mb_(C5_^BTCn<iN>!Gxsj8V>>JE4IAOWeQc|vBmB94?%}sE
zmiu)fzvU-Sp1}1R*O6Jp@#dF8-_U~MmNsP9HzWPvF=SU9Lt?=}?2ar%@NPZABJvQO
zRLVKYgYWh{IB(vMjTVVmV;PTKDK*%oYk^Ne7XnMpU}td;LJwYmj_W3;^A-}0-Nb?J
z`>5y}Kxxka4s_f{PTO7RTkj#Ki|;{qFQNkTux4R69BjE3cd6mvvJ-aOcEXL{Om|mj
z?oH0z<D9UadrTO=H#s@^XlXeLO(FM%+y-b1TM$>!fJ{RZ;)?2!b*K*1!6Ake#&=?8
zR5rXqGU4Wz2J7|d{O+VfWxXGMAq9xZtHoZvt3efAP*<HtOm!a;j$B9jiF-)uxPy$Y
z0aRRkh_Xxfp+7gkF%2S{^N`<p9R}_trH9+`<+QC>{dpX$Ed$}~lz{aXq_x3t*&cwn
zIIitzHG=j8Vuz16c5qJ&4hlhLMi$ZzHDOmw0er&>;1;ZdTR;xnxliv&F2(M>1zdZ1
z2-Rj|oBsjWQsy=)Emki+fKMjHWA>ylem6>xR@#R2I<A$Ymyy|g2|2A-kWHi4jMMj!
zes&N!XYZln!UI%Y8ba}fyEwqKuJ;~FDEqpLw~&%liO=8k!~D0kFq;$&^I3bbW_B7@
zf0}@G98YpeAxaJ9sIBAKk>|e@o&{oJV|cF2L||ktT%9S?6<XMD)M3>(T9_|Q#qy;o
zu-}r4wHqks&Dn6+mWAcZld<HpJbd|KGM3HOV%eN1`189ISKiFE(ha@bPg>6N-MkL{
z+1sQ+6!s0F^vVO&U4Do|q}nS3D7!X<!t=LK*?j|5J(o~cQUkSD7QAe9@V70)wsi)W
zzn6)xUd@8}XBup@4u!2_5ZpY&5TBHVQ>S{+-f>)^u((Qi`ewpuT{2V)_hZ#3<ZWsS
zmQ7BE`A3XD*^i}^gB73Ie3=UC1^cmeT?T?&^Pt|D4Si(`@>@Glc$8=D)0dEU{3;Hd
zxQ>F}+bFwwABG!4IDGptj^B8M+FOs%GQe?g3>CfPy}J+X*RJ3w_s6{KY8*(bL|jxk
z-{TfU?rMP7s!FV-yjCxb!_ozDSU7hN+}vZ4SIF<_*$cRN=N7bwFCewy48pQ%v2{l_
zY}cj0@tZWbEKh~Ac`6*t65+a13va7*xUEV+z_uI&2kNnVR|UTdC0J>h26fU=RJ5H%
zaa%9SyKbTIbUzAv`=P&b7v=r@#@~K~;~YZ+)3yC~QF87E482#;+;bi3=mhKv4nlfP
zAu0|YMRiRF_s=4fQ7$#rEzqUcATF#40S;BLH7n*=_QTa95!=0k(cOCyakVFqa`+^)
z^`}VPh(6eg(1I3tYYo`sor-O{bFpJ@5%%fous5d?G5LoOlv0j0oCC8(MVR*6{aC*y
z50%Hy;OMnMu7?{aIn$5oOZU*yKZN7AhRFW|G+e)nqjw*m{@QhvbzQ)zTLVbTticy^
z*1*%<4MBmy$js64yx4@6);1ifX+&;5-@WiqM5*^7zn}y~C5I8<R}AY7iEwlcM@&*W
z_GT4gUv3#<3J)Q+_z1Lh#}QZ6id~6SP#3pAU2+`0@m1J!pbFZ9O*{)UA~?=~)fPEC
zI}~Bv!b12u=Axwh6cY1}VW+kM84Z1?xo{gtZrnxdtp_;Ve+TV%?or;CVfKwHd?Ipj
z_WDii@z27_<y+yh#Q`o3F7W1gHe^o-Xyl8~kRWVz_kyhx&&`25h(Qdve(Nf(5qn;^
z(2u(Mqg+G12;Lip-BIC`aU^!^+lSy}4LpLAv2m3K2?ez{aI6EFT-$+JM-WVT`9>GR
z!IOO37GcT4T&R|(BPOI6y1Wj!dDkHPz$xS(y@J~Fx6yKY5KWYO=Z*X5x^xR3-Vs=0
z#&fts7OEP1keyryJ4^0|JBb~fo#DL28LqBwJo~!B*<~~LIv=dt5Q-#i2D-aWV{qX9
z6NvrT2(_^*lHZF6KkN+kM?m;a1VxANY#syKFY<^3vJkFIMR-mD_M|qzH?9o62^Fw%
z$iP~z84JG4JGSN{BeM}93H8{wzZ)q$`&68}ifXR^roLM^cI_tG&R-_Zyog<4@$m9W
z#!8F*NXcwNRZ%-U9h2c55(!O`Mmg(;hVDT`xEj&1YB)RZ!;&u(`97CoVBqdktUoj)
zF~2+mJ>q`9725(_;Th-w?;sEO1^dHM6%D6ldbm0yLA7Ns>^)LoxhWE6=861Wj@9P5
zFq@H%Eo)M_UmSvOa5;8pYLUiwsk-MX%FkZGLB@x<zchAr<LIeVJaaulhQ0_Pd%4H0
ziHGZUzN7lHQ17mW%3cGX$Q0z1=y8yHd{t!~3W|#1?vjti9~WX5zdiE2`4sOyCXOdP
ze)JeCZI)xL{YtEJTn&|rHMV(f=b1hLYv!lIZAmE>OpnEfQzP+(sRkdvrNP`uNmwx}
z9otm~gzw-tE-V*&((4ghd7S%xFN)fGQF^==jU8vvdG<W|d5<B3?EB8$J4nke!KN(<
zSg||>{@w?Xk-&GxrUA>$wb&Yv0T-`SthS24hIQOCXBJ}K_#7l?3`!f1DDOw)d1Tlb
z;)~!&;?0O1@DK8XtB(_9y%uYhM8bMbCVbX&y?>n!$FFkXVv&dK8#1uVQwKjEEivYP
z1SjSqrLGG54>cg=;9+Ffw4$2$=JM6+c=&*KG4lR{yi5LNpybeV{tEUc7UOI4aBSI7
zim0GE1i3ZA)}jm>%!;saehI9<s>D~*Ghw|d4QKh@8}Ec3Q>ksd3zG53aGz_c@7g6C
zY^+C2VkTCu+=aDEqPfPii3Q?euZn`t_IOy??Si8x#~c%hh@=EW#U~?4mxHX5Dzu$G
zg<D*!4|zr(Vte<={{zxv(xah=7~r`V7(&~bE~J%Jz<Wm)Hdv=%ofYR}XF0zqS=h8*
zi{*>LuyXZI)VCfR9yP~r<a;E~$~_S0g*toXIhUCduHNj&#VZ%k(Rmu0{RfB#(uvi&
zaqh|`)EzmBQ)kcNXlDnG@*LZI^cYTbbnwn=_#R6(Aln`8k9U0XKgvpyTm$mnz!(OG
z28gR#5vd_A&NiT+su5ZF2ca*lrQFXe^ENbef4DB!j%;IOFt%%qAB~u6PPXivIFs-C
zlWGqh4KRCnEsShOrezy)ofzAaF@O9{G2>X|_#SdT9<cl!V%f{LZ%|g<=(}`<W0(8n
z@O`A*XC6I%z-FX8WOL8%DUE&7HbUX^A!B8(8O!;Wa*`NdxxagG9|OGe8sb<UFz*5H
zyClhZGnP~4lI_db*!IY=7}LhN8G85tcLxW!H$Grn?1wzx=iYda@BHAvJ*D4AkNCzY
zGBM8Q@5<x(e&kq`{$(tAQHXLSPjc?%p7ofMq5M|L43}4A&Bly88e?T3BmNlkWh{An
zNRlE|))i$vB>9zl4F8w0Bo<ZLHS#*5x$jK={wTk*=+g(1r+;1e{d#hpJqyF>?`mG@
zmqkX(Mh<%9@9&eA{Ta&{)6aMqP8py7YvS)}^Z7phfBO9&MGyA_A3sRo2MPS=lfdv^
zX|yZ-<MDq!3H@m!{!`_trQzXNb}?+nMdMnA=k2)0GS8Is)Q*dFeh5EEV59`(dFuJ_
zU1zM3<-V)T$o!GzN2ZN^j*LgvGv<%1Bhxb9h#|hKjIqx1?TxHwd}eIZ_*=$Ozc2Ov
zQdfSRb|BJ*<HAMWxjxbT%Q7-ZY$R<T<a22kVzdqE@9%$VBVcUT*tb&g$sgl0V=S?h
zw87}V(T_&j5J=kx`pGH!`}DMQ9H+kW2C=a$BkdI$8ygkfcT!TaqL1IVZy)uc(Tbj2
z+5*t_S+PMe+GogEjzRJ#+mQW9z9jCHByAX^PPc}7u49Z#N=p=b3tL-T?4S)rd3ibS
zMr)wU($O9xQqkLQ-t0)-j2(5p)H|^p9ou2&V9WcjEs8xu_JM50zM-_FRIx{hr_DtY
z$5mQdinC|WDl(L|70u1fioHp)HU)u!dr($Uso1V~xKpp}=MQ(<2<!~lMV+Px_1v_B
zV1L#&8>siTp+4D;`Yz^KGbYg{92+)RQLk-Jn~N>jy44ll-d^yhor1K(2nq~DDs3X#
z+uIcxNSlrD@NnwC{opKZFKCl+KwpC67cRm;J#sU3ocrQZsDGp`%6=m@scfj{@#TFW
z_3S%na}bzI{Z0X*_Ud`xS44erF6Fit4x4P@VCTU80w{w#)YR4}b9SWpC{CR2q#eLT
z1!FgGu6NV!fi}qS-xUU@t=q7E{W|#X4#n~F*Kv6Wh>DKI+LeyHQ`}13dL;bR)!3JH
z6#MkNb1yuN^y+iSXu5>#mdhwRb{WTce;KRZ4~tJjpoz~%Wo<hu8hUW3`5X*~JJH^G
zfoouZ^ZyX3Svl-01nxdNkX2lZ-Qm=yYzxH(D?fPnX2a0l2QSZDy!m%dnDQ3yDx>S+
zpK=&6Whb$lI^Xz;OVCkY7S(za@kei?u>B^Ac?X$B9lq+*0_sgKP?voQnMFrXP=6c;
zo7-`syBh<%yO1G1OOL1&9S)S&pzLTD;!>;O@5%c&+kDu4l?l5gxmY|S4Zrz&FRZtT
z!=BuB?ACQ)d)g_e0(y{IcMEat14un}4;d#1k=b|?aTQm2&wLsQ5qTV2Fz3}pu}5)p
z--f7&C?uz+p_T8`0Ph--3Tu#IXn_7m8?tJTBCDzyk=i1JhUG&Yqo>}EdM>9-sMaOH
zH?kOk)E5R6pFv=0FOm-5K*otX&~*=jzNoy%q<)aP&*HPUpet^`dh-x$*%E-w&cSeS
z<@)pX;JdLEZd{XlqoQ%Jn!1C$8U$;2j~iWtov|edPcKEpe%@QBWMhkOI&7$~Tr?*I
zOBco=HnX032HsU4zNpv~WKuVu+D*L}^?HVj_mSPp{(J6FXVwodmlVu-BMhtOYq09m
z6s-O_jO$nneQ^P@GSb+8l=3d_49SN5`Xp>HPl5Rt$yh$0`utUySVujJ<u|EV`bj!g
z&*dGf&3>d-HY30NEOL+cDZ08s>O@Pg4x#SqL+V$CP)WU4F?BFaeK$~)U5DMyIoPp<
z`keX2Sn_@*R(})4_m=vTI32pU271q*K~mLeM5NX8-d_i6bL#vTq+-K7>RFa)slQ5v
zw__H91B&6{u18R8Eet1mQPE8uRX1%BF5gAXt%o>v^AVZ`sAr?CNzM72$S$rxN@^wy
z)lJARZsMI@D>CBivD>2@o0jEZ&2s9l_9UbEcsmlPyGp6=Kr(GgG>6)-Gp!2VQ6&iA
zoM;LTA-Sv$PTLDG=i^+gSg4~7%US9<E}-D#H5|D<h?bkQ<+=9&m8Z`mwWb-(otLqC
zxihwKZ;a8zp^Ua(h1`!LdFL8VyR(|w!#I%Df`HwbNXa;WkeIy)jMZ?yd8bSr<u;FO
zq|t^Yw)z;t^BS370c)p1Ed4SEA)bXu-rq`H49C<)8<HFMIQIKEb@ev3x<z8WDh}0$
zy5VNO2Oitq;7l7E`pr<c;*8anUQpBS=jydS<-L=aSMnR?AI`lo#E1HRKWy6`0Y~#}
z_(vpSXHqtt0}J5jUyNm6^KSQ>OzhiRg^<J}(AAtn<+<yqr#`Tmc1ovvFCZi;1y<`*
zke1$#eW9h;zB>|$sqwTuOG9cV?}@1&jtDmJ8_v7S2lAUUq<qg;*{+}-VHIp$Ho(r&
z4K|C@VZA65Uw*n5UrddI`6rpMr%oiuo4WC&Drl<OP(*z}IrWz9Jr{6=-(PvBccSMs
zZ3ei0R5^$bZ-uLE2|TD%51@U4r)v%tOyM3)I~N%q@*dFmO)jr4h2dZs^rd{BsK%y^
z5wQFs5nH~=fIW2$Th_;6%hpJE1;!#$r$b^%Ir3_n(0%>_hVE0J^W;n-+r547E~1k3
zij9H0V+kDAmtfrz9n3yX##-71T%^r_yoZ!`mBw>~tT!^8xp)qTYFm)BzmWRgLujOJ
zMtMyG4!5<S?(h+`wRhkaztu9xJ5D)v*_ON$ekAW9`QN!qmywuJj@bRBpuarQGYr)E
zos~77j@x+dFn<3>>MCU0<WfcqkB6h@{tn-7J{yO;UslHTWPA_E$2Fc;255I=Y{NL`
z!+k%yE0$d-_qS4(Jc~TwIHZnD-Z{&0(Z5g8r5JfM^8RhHl!<abJv7XZQdhR4+$I0+
z-K23y%rz$eZR79JtQ>>v{@cd#$MPhzO8qDCA1nXt`LlW>vA_@M|9ld7e!>5HOW^tb
zEa`$amYojYV@S`y-@nI@*A`<*#(NCYVYfBr{KpCM-ICvw=fk(<$+B`kGJb>PZ)1=+
zjJ~T+@te$-{s{D6r5$dEV*fm%_|tuZ{<7%m>H_^`i5XLs?>_xyk(j6f{bgy(Ogm>{
zBl^pN{<5IIEa)!_`pYVKkiNRabl$Wx@}MrX8uZnrovSTzi6`i*3;ODUzPg~VF6gTZ
z`s#wdx}dMFf_LdF4EhR#zQUldFz71``U-=-!l17(=qn8R3WL7Fpsz6KD-8MygTBH_
z|MXP`eU(99WzbiddiZ3X39~_8Wzbg{^i>9Zl|f%+&{rAsRR(>PiFqSHUuDo&ns)KI
zpszIOD-HTegTB(BuQcc@4f;xhzS5wtH0Uc0`bvYo(x9(2=qnBSYJ<MoJd2fszS^{j
z;kj#N0qCm@`f7u|+MusC=&KF-YEusTc)m*oeYHVfZO}&?^brSr#6cf%&_|qSux!vr
z9P|+feZ)Z@anMJcSd(^hYhytlapSauzUiQEI_R4Y`lf@v>7Z{q=$o#{R~D4tWcsJm
zPMbE4(T8}RxTdTj`lvr`=erW}`}*uN_e>9M{3gh?C`mb+@!M(q<{HlzO8;`*@)<v|
zd@jpBTepAiH__<d`ls??toJo5O21d&$6~hlh_qZx7iMAsy}Rc>Y4n{D|9-ICjYf-i
zSVjJ81@d1T=I%81$uIt!O`~`lJN!%j%Lgw!DLGb1|JxruDal_f^Wu||V};xc<qr6N
E0E3frQ2+n{

diff --git a/config/axtls.rc b/config/axtls.rc
deleted file mode 100644
index 0f288aa91f..0000000000
--- a/config/axtls.rc
+++ /dev/null
@@ -1,32 +0,0 @@
-//Microsoft Visual C++ generated resource script.
-//
-#define APSTUDIO_READONLY_SYMBOLS
-/////////////////////////////////////////////////////////////////////////////
-//
-// Generated from the TEXTINCLUDE 2 resource.
-//
-#define APSTUDIO_HIDDEN_SYMBOLS
-#undef APSTUDIO_HIDDEN_SYMBOLS
-/////////////////////////////////////////////////////////////////////////////
-#undef APSTUDIO_READONLY_SYMBOLS
-
-#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
-LANGUAGE 9, 1
-#pragma code_page(1252)
-
-/////////////////////////////////////////////////////////////////////////////
-//
-// Icon
-//
-
-// Icon with lowest ID value placed first to ensure application icon
-// remains consistent on all systems.
-
-IDI_AXTLS       ICON         "../www/favicon.ico"
-
-
-#endif
-/////////////////////////////////////////////////////////////////////////////
-
-
-
diff --git a/config/linuxconfig b/config/linuxconfig
deleted file mode 100644
index 4ba7d43d25..0000000000
--- a/config/linuxconfig
+++ /dev/null
@@ -1,102 +0,0 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-CONFIG_PLATFORM_LINUX=y
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-# CONFIG_PLATFORM_WIN32 is not set
-
-#
-# General Configuration
-#
-PREFIX="/usr/local"
-# CONFIG_DEBUG is not set
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
-CONFIG_USE_DEV_URANDOM=y
-# CONFIG_WIN32_USE_CRYPTO_LIB is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
-
-#
-# Axhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_HTTPS_PORT=443
-CONFIG_HTTP_SESSION_CACHE_SIZE=5
-CONFIG_HTTP_WEBROOT="../www"
-CONFIG_HTTP_PORT=80
-CONFIG_HTTP_TIMEOUT=300
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-# CONFIG_HTTP_DIRECTORIES is not set
-# CONFIG_HTTP_PERM_CHECK is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_ALL_MIME_TYPES=y
-# CONFIG_HTTP_VERBOSE is not set
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-# CONFIG_CSHARP_BINDINGS is not set
-# CONFIG_VBNET_BINDINGS is not set
-CONFIG_DOT_NET_FRAMEWORK_BASE=""
-# CONFIG_JAVA_BINDINGS is not set
-CONFIG_JAVA_HOME=""
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-# CONFIG_CSHARP_SAMPLES is not set
-# CONFIG_VBNET_SAMPLES is not set
-# CONFIG_JAVA_SAMPLES is not set
-# CONFIG_PERL_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/makefile.conf b/config/makefile.conf
deleted file mode 100644
index 77a341be3b..0000000000
--- a/config/makefile.conf
+++ /dev/null
@@ -1,121 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#
-# A standard makefile for all makefiles
-#
-
-# All executables and libraries go here
-STAGE=./_stage
-
-ifneq ($(MAKECMDGOALS), clean)
-
-# Give an initial rule
-all: 
-
-# Win32 
-ifdef CONFIG_PLATFORM_WIN32
-
-ifdef CONFIG_VISUAL_STUDIO_6_0
-CONFIG_VISUAL_STUDIO_6_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_6_0_BASE))
-CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include
-export LIB=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib
-PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
-else
-ifdef CONFIG_VISUAL_STUDIO_7_0
-CONFIG_VISUAL_STUDIO_7_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_7_0_BASE))
-CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include
-export LIB=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib
-PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
-else 
-ifdef CONFIG_VISUAL_STUDIO_8_0
-CONFIG_VISUAL_STUDIO_8_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_8_0_BASE))
-CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include
-export LIB=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib
-PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
-endif
-endif
-endif
-
-CC=cl.exe
-LD=link.exe
-CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c 
-#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
-LDFLAGS=/nologo /subsystem:console /machine:I386
-LDSHARED = /dll
-AR=lib /nologo
-
-ifdef CONFIG_DEBUG
-	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
-	LDFLAGS += /debug /incremental:yes 
-else
-	CFLAGS += /O2 /D "NDEBUG"
-	LDFLAGS += /incremental:no 
-endif
-
-else    # Not Win32
-
--include .depend
-
-CFLAGS += -I../config
-LD=$(CC)
-
-# Solaris
-ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -DCONFIG_PLATFORM_SOLARIS
-LDFLAGS += -lsocket -lnsl -lc
-LDSHARED = -G
-# Linux/Cygwin
-else 
-CFLAGS += -Wall -Wstrict-prototypes -Wshadow
-LDSHARED = -shared
-
-# Linux
-ifndef CONFIG_PLATFORM_CYGWIN
-CFLAGS += -fPIC 
-
-# Cygwin
-else
-CFLAGS += -DCONFIG_PLATFORM_CYGWIN
-endif
-endif
-
-ifdef CONFIG_DEBUG
-CFLAGS += -g
-else
-LDFLAGS += -s
-ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -O 
-else
-CFLAGS += -O3
-endif
-
-endif	# CONFIG_DEBUG
-endif   # WIN32
-
-CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
-LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
-
-endif   # not 'clean'
-
-clean::
-	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
-
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
deleted file mode 100644
index 110e27d3bb..0000000000
--- a/config/makefile.dotnet.conf
+++ /dev/null
@@ -1,53 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-ifneq ($(MAKECMDGOALS), clean)
-
-ifdef CONFIG_PLATFORM_WIN32
-GO_DOT_NET=y
-endif
-
-ifdef CONFIG_PLATFORM_CYGWIN
-GO_DOT_NET=y
-endif
-
-ifdef GO_DOT_NET
-all: test_dot_net_location
-
-# find out where the C# compiler is
-CONFIG_DOT_NET_FRAMEWORK_BASE:=$(shell cygpath -u $(CONFIG_DOT_NET_FRAMEWORK_BASE))
-
-test_dot_net_location:
-	@if ! [ -d "$(CONFIG_DOT_NET_FRAMEWORK_BASE)" ]; then \
-		echo "*** Error: .NET path of $(CONFIG_DOT_NET_FRAMEWORK_BASE) doesn't exist" && exit 1; \
-    fi
-
-PATH:=$(CONFIG_DOT_NET_FRAMEWORK_BASE):$(PATH)
-
-else        # Linux?
-all: test_mcs
-
-test_mcs:
-	@if ! mcs --about > /dev/null 2>&1; then \
-        echo "Mono not installed! - go " \
-        "to http://www.mono-project.com/Main_Page" && exit 1; \
-    fi 
-
-endif   # Linux
-
-endif   # not 'clean'
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
deleted file mode 100644
index 2194ef44bd..0000000000
--- a/config/makefile.java.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-ifneq ($(MAKECMDGOALS), clean)
-
-all: test_jdk_location
-
-test_jdk_location:
-	@if ! [ -d "$(CONFIG_JAVA_HOME)" ]; then \
-		echo "*** Error: JDK path of $(CONFIG_JAVA_HOME) doesn't exist" && exit 1; \
-    fi
-
-
-ifdef CONFIG_PLATFORM_CYGWIN 
-CONFIG_JAVA_HOME:=$(shell cygpath -u $(CONFIG_JAVA_HOME))
-CFLAGS += -I"$(CONFIG_JAVA_HOME)/include"
-CFLAGS += -I"$(CONFIG_JAVA_HOME)/include/win32"
-JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
-else
-
-ifdef CONFIG_PLATFORM_WIN32
-CONFIG_JAVA_HOME:=$(shell cygpath -w $(CONFIG_JAVA_HOME))
-CFLAGS += /I"$(CONFIG_JAVA_HOME)\include"
-CFLAGS += /I"$(CONFIG_JAVA_HOME)\include\win32"
-JAVA_BIN:=$(shell cygpath -u $(CONFIG_JAVA_HOME)\bin)
-else # Linux
-CFLAGS += -I$(CONFIG_JAVA_HOME)/include
-
-ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -I$(CONFIG_JAVA_HOME)/include/solaris
-else
-CFLAGS += -I$(CONFIG_JAVA_HOME)/include/linux
-endif
-
-JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
-endif
-endif
-
-PATH:=$(JAVA_BIN):$(PATH)
-
-endif   # not 'clean'                    
diff --git a/config/makefile.post b/config/makefile.post
deleted file mode 100644
index 033981c4d1..0000000000
--- a/config/makefile.post
+++ /dev/null
@@ -1,19 +0,0 @@
-
-ifneq ($(MAKECMDGOALS), clean)
-ifndef CONFIG_PLATFORM_WIN32
-ifndef CONFIG_PLATFORM_SOLARIS
-# do dependencies
--include .depend
-all : .depend 
-.depend: $(wildcard *.c)
-	@$(CC) $(CFLAGS) -MM $^ > $@
-endif   # 'not' solaris
-endif   # 'not' win32
-
-ifdef CONFIG_PLATFORM_WIN32
-OBJ:=$(OBJ:.o=.obj)
-%.obj : %.c
-	$(CC) $(CFLAGS) $< 
-endif   # win32
-
-endif   # end of 'not' clean
diff --git a/config/scripts/config/Kconfig-language.txt b/config/scripts/config/Kconfig-language.txt
deleted file mode 100644
index 493749b32a..0000000000
--- a/config/scripts/config/Kconfig-language.txt
+++ /dev/null
@@ -1,255 +0,0 @@
-Introduction
-------------
-
-The configuration database is collection of configuration options
-organized in a tree structure:
-
-	+- Code maturity level options
-	|  +- Prompt for development and/or incomplete code/drivers
-	+- General setup
-	|  +- Networking support
-	|  +- System V IPC
-	|  +- BSD Process Accounting
-	|  +- Sysctl support
-	+- Loadable module support
-	|  +- Enable loadable module support
-	|     +- Set version information on all module symbols
-	|     +- Kernel module loader
-	+- ...
-
-Every entry has its own dependencies. These dependencies are used
-to determine the visible of an entry. Any child entry is only
-visible if its parent entry is also visible.
-
-Menu entries
-------------
-
-Most entries define a config option, all other entries help to organize
-them. A single configuration option is defined like this:
-
-config MODVERSIONS
-	bool "Set version information on all module symbols"
-	depends MODULES
-	help
-	  Usually, modules have to be recompiled whenever you switch to a new
-	  kernel.  ...
-
-Every line starts with a key word and can be followed by multiple
-arguments.  "config" starts a new config entry. The following lines
-define attributes for this config option. Attributes can be the type of
-the config option, input prompt, dependencies, help text and default
-values. A config option can be defined multiple times with the same
-name, but every definition can have only a single input prompt and the
-type must not conflict.
-
-Menu attributes
----------------
-
-A menu entry can have a number of attributes. Not all of them are
-applicable everywhere (see syntax).
-
-- type definition: "bool"/"tristate"/"string"/"hex"/"integer"
-  Every config option must have a type. There are only two basic types:
-  tristate and string, the other types base on these two. The type
-  definition optionally accepts an input prompt, so these two examples
-  are equivalent:
-
-	bool "Networking support"
-  and
-	bool
-	prompt "Networking support"
-
-- input prompt: "prompt" <prompt> ["if" <expr>]
-  Every menu entry can have at most one prompt, which is used to display
-  to the user. Optionally dependencies only for this prompt can be added
-  with "if".
-
-- default value: "default" <symbol> ["if" <expr>]
-  A config option can have any number of default values. If multiple
-  default values are visible, only the first defined one is active.
-  Default values are not limited to the menu entry, where they are
-  defined, this means the default can be defined somewhere else or be
-  overriden by an earlier definition.
-  The default value is only assigned to the config symbol if no other
-  value was set by the user (via the input prompt above). If an input
-  prompt is visible the default value is presented to the user and can
-  be overridden by him.
-  Optionally dependencies only for this default value can be added with
-  "if".
-
-- dependencies: "depends on"/"requires" <expr>
-  This defines a dependency for this menu entry. If multiple
-  dependencies are defined they are connected with '&&'. Dependencies
-  are applied to all other options within this menu entry (which also
-  accept "if" expression), so these two examples are equivalent:
-
-	bool "foo" if BAR
-	default y if BAR
-  and
-	depends on BAR
-	bool "foo"
-	default y
-
-- help text: "help"
-  This defines a help text. The end of the help text is determined by
-  the level indentation, this means it ends at the first line which has
-  a smaller indentation than the first line of the help text.
-
-
-Menu dependencies
------------------
-
-Dependencies define the visibility of a menu entry and can also reduce
-the input range of tristate symbols. The tristate logic used in the
-expressions uses one more state than normal boolean logic to express the
-module state. Dependency expressions have the following syntax:
-
-<expr> ::= <symbol>                             (1)
-           <symbol> '=' <symbol>                (2)
-           <symbol> '!=' <symbol>               (3)
-           '(' <expr> ')'                       (4)
-           '!' <expr>                           (5)
-           <expr> '||' <expr>                   (6)
-           <expr> '&&' <expr>                   (7)
-
-Expressions are listed in decreasing order of precedence.
-
-(1) Convert the symbol into an expression. Boolean and tristate symbols
-    are simply converted into the respective expression values. All
-    other symbol types result in 'n'.
-(2) If the values of both symbols are equal, it returns 'y',
-    otherwise 'n'.
-(3) If the values of both symbols are equal, it returns 'n',
-    otherwise 'y'.
-(4) Returns the value of the expression. Used to override precedence.
-(5) Returns the result of (2-/expr/).
-(6) Returns the result of min(/expr/, /expr/).
-(7) Returns the result of max(/expr/, /expr/).
-
-An expression can have a value of 'n', 'm' or 'y' (or 0, 1, 2
-respectively for calculations). A menu entry becomes visible when it's
-expression evaluates to 'm' or 'y'.
-
-There are two type of symbols: constant and nonconstant symbols.
-Nonconstant symbols are the most common ones and are defined with the
-'config' statement. Nonconstant symbols consist entirely of alphanumeric
-characters or underscores.
-Constant symbols are only part of expressions. Constant symbols are
-always surrounded by single or double quotes. Within the quote any
-other character is allowed and the quotes can be escaped using '\'.
-
-Menu structure
---------------
-
-The position of a menu entry in the tree is determined in two ways. First
-it can be specified explicitely:
-
-menu "Network device support"
-	depends NET
-
-config NETDEVICES
-	...
-
-endmenu
-
-All entries within the "menu" ... "endmenu" block become a submenu of
-"Network device support". All subentries inherit the dependencies from
-the menu entry, e.g. this means the dependency "NET" is added to the
-dependency list of the config option NETDEVICES.
-
-The other way to generate the menu structure is done by analyzing the
-dependencies. If a menu entry somehow depends on the previous entry, it
-can be made a submenu of it. First the the previous (parent) symbol must
-be part of the dependency list and then one of these two condititions
-must be true:
-- the child entry must become invisible, if the parent is set to 'n'
-- the child entry must only be visible, if the parent is visible
-
-config MODULES
-	bool "Enable loadable module support"
-
-config MODVERSIONS
-	bool "Set version information on all module symbols"
-	depends MODULES
-
-comment "module support disabled"
-	depends !MODULES
-
-MODVERSIONS directly depends on MODULES, this means it's only visible if
-MODULES is different from 'n'. The comment on the other hand is always
-visible when MODULES it's visible (the (empty) dependency of MODULES is
-also part of the comment dependencies).
-
-
-Kconfig syntax
---------------
-
-The configuration file describes a series of menu entries, where every
-line starts with a keyword (except help texts). The following keywords
-end a menu entry:
-- config
-- choice/endchoice
-- comment
-- menu/endmenu
-- if/endif
-- source
-The first four also start the definition of a menu entry.
-
-config:
-
-	"config" <symbol>
-	<config options>
-
-This defines a config symbol <symbol> and accepts any of above
-attributes as options.
-
-choices:
-
-	"choice"
-	<choice options>
-	<choice block>
-	"endchoice"
-
-This defines a choice group and accepts any of above attributes as
-options. A choice can only be of type bool or tristate, while a boolean
-choice only allows a single config entry to be selected, a tristate
-choice also allows any number of config entries to be set to 'm'. This
-can be used if multiple drivers for a single hardware exists and only a
-single driver can be compiled/loaded into the kernel, but all drivers
-can be compiled as modules.
-A choice accepts another option "optional", which allows to set the
-choice to 'n' and no entry needs to be selected.
-
-comment:
-
-	"comment" <prompt>
-	<comment options>
-
-This defines a comment which is displayed to the user during the
-configuration process and is also echoed to the output files. The only
-possible options are dependencies.
-
-menu:
-
-	"menu" <prompt>
-	<menu options>
-	<menu block>
-	"endmenu"
-
-This defines a menu block, see "Menu structure" above for more
-information. The only possible options are dependencies.
-
-if:
-
-	"if" <expr>
-	<if block>
-	"endif"
-
-This defines an if block. The dependency expression <expr> is appended
-to all enclosed menu entries.
-
-source:
-
-	"source" <prompt>
-
-This reads the specified configuration file. This file is always parsed.
diff --git a/config/scripts/config/Makefile b/config/scripts/config/Makefile
deleted file mode 100644
index 739950163b..0000000000
--- a/config/scripts/config/Makefile
+++ /dev/null
@@ -1,121 +0,0 @@
-# Makefile for axTLS
-#
-# Copyright (C) 2002 Erik Andersen <andersen@codepoet.org>
-
-top_srcdir=../..
-top_builddir=../..
-srcdir=$(top_srcdir)/scripts/config
-include $(top_srcdir)/Rules.mak
-
-all: ncurses conf mconf
-
-ifeq ($(shell uname),SunOS)
-LIBS = -lcurses
-else
-LIBS = -lncurses
-endif
-ifeq (/usr/include/ncurses/ncurses.h, $(wildcard /usr/include/ncurses/ncurses.h))
-	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses.h>"
-else
-ifeq (/usr/include/ncurses/curses.h, $(wildcard /usr/include/ncurses/curses.h))
-	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
-else
-ifeq (/usr/local/include/ncurses/ncurses.h, $(wildcard /usr/local/include/ncurses/ncurses.h))
-	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses.h>"
-else
-ifeq (/usr/local/include/ncurses/curses.h, $(wildcard /usr/local/include/ncurses/curses.h))
-	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
-else
-ifeq (/usr/include/ncurses.h, $(wildcard /usr/include/ncurses.h))
-	HOSTNCURSES += -DCURSES_LOC="<ncurses.h>"
-else
-	HOSTNCURSES += -DCURSES_LOC="<curses.h>"
-endif
-endif
-endif
-endif
-endif
-
-CONF_SRC     = conf.c
-MCONF_SRC    = mconf.c
-LXD_SRC      = lxdialog/checklist.c lxdialog/menubox.c lxdialog/textbox.c \
-               lxdialog/yesno.c lxdialog/inputbox.c lxdialog/util.c \
-               lxdialog/msgbox.c
-
-SHARED_SRC   = zconf.tab.c
-SHARED_DEPS := $(srcdir)/lkc.h $(srcdir)/lkc_proto.h \
-               lkc_defs.h $(srcdir)/expr.h zconf.tab.h
-CONF_OBJS    = $(patsubst %.c,%.o, $(CONF_SRC))
-MCONF_OBJS   = $(patsubst %.c,%.o, $(MCONF_SRC) $(LXD_SRC))
-SHARED_OBJS  = $(patsubst %.c,%.o, $(SHARED_SRC))
-
-conf: $(CONF_OBJS) $(SHARED_OBJS)
-	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@
-
-mconf: $(MCONF_OBJS) $(SHARED_OBJS)
-	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@ $(LIBS)
-
-$(CONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
-	$(HOSTCC) $(HOSTCFLAGS) -I. -c $< -o $@
-
-$(MCONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
-	@[ -d $(@D) ] || mkdir -v $(@D)
-	$(HOSTCC) $(HOSTCFLAGS) $(HOSTNCURSES) -I. -c $< -o $@
-
-lkc_defs.h: $(srcdir)/lkc_proto.h
-	@sed < $< > $@ 's/P(\([^,]*\),.*/#define \1 (\*\1_p)/'
-
-###
-# The following requires flex/bison
-# By default we use the _shipped versions, uncomment the
-# following line if you are modifying the flex/bison src.
-#LKC_GENPARSER := 1
-
-ifdef LKC_GENPARSER
-
-%.tab.c %.tab.h: $(srcdir)/%.y
-	bison -t -d -v -b $* -p $(notdir $*) $<
-
-lex.%.c: $(srcdir)/%.l
-	flex -P$(notdir $*) -o$@ $<
-else
-
-lex.zconf.o: lex.zconf.c $(SHARED_DEPS)
-	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -c $< -o $@
-
-lex.zconf.c: $(srcdir)/lex.zconf.c_shipped
-	cp $< $@
-
-zconf.tab.c: $(srcdir)/zconf.tab.c_shipped
-	cp $< $@
-
-zconf.tab.h: $(srcdir)/zconf.tab.h_shipped
-	cp $< $@
-endif
-
-zconf.tab.o: zconf.tab.c lex.zconf.c $(srcdir)/confdata.c $(srcdir)/expr.c \
-             $(srcdir)/symbol.c $(srcdir)/menu.c $(SHARED_DEPS)
-	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -I. -c $< -o $@
-
-.PHONY: ncurses
-
-ncurses:
-	@echo "main() {}" > lxtemp.c
-	@if $(HOSTCC) lxtemp.c $(LIBS) ; then \
-		rm -f lxtemp.c a.out; \
-	else \
-		rm -f lxtemp.c; \
-		echo -e "\007" ;\
-		echo ">> Unable to find the Ncurses libraries." ;\
-		echo ">>" ;\
-		echo ">> You must have Ncurses installed in order" ;\
-		echo ">> to use 'make menuconfig'" ;\
-		echo ;\
-		exit 1 ;\
-	fi
-
-clean:
-	rm -f *.o *~ ../../*~ core *.exe $(TARGETS) $(MCONF_OBJS) $(CONF_OBJS)
-	rm -f conf conf.exe mconf mconf.exe zconf.tab.c zconf.tab.h lex.zconf.c lkc_defs.h
-	rm -f ../..config.h
-
diff --git a/config/scripts/config/conf.c b/config/scripts/config/conf.c
deleted file mode 100644
index 15244678e8..0000000000
--- a/config/scripts/config/conf.c
+++ /dev/null
@@ -1,583 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <time.h>
-#include <sys/stat.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-static void conf(struct menu *menu);
-static void check_conf(struct menu *menu);
-
-enum {
-	ask_all,
-	ask_new,
-	ask_silent,
-	set_default,
-	set_yes,
-	set_mod,
-	set_no,
-	set_random
-} input_mode = ask_all;
-char *defconfig_file;
-
-static int indent = 1;
-static int valid_stdin = 1;
-static int conf_cnt;
-static char line[128];
-static struct menu *rootEntry;
-
-static char nohelp_text[] = "Sorry, no help available for this option yet.\n";
-
-static void strip(char *str)
-{
-	char *p = str;
-	int l;
-
-	while ((isspace(*p)))
-		p++;
-	l = strlen(p);
-	if (p != str)
-		memmove(str, p, l + 1);
-	if (!l)
-		return;
-	p = str + l - 1;
-	while ((isspace(*p)))
-		*p-- = 0;
-}
-
-static void check_stdin(void)
-{
-	if (!valid_stdin && input_mode == ask_silent) {
-		printf("aborted!\n\n");
-		printf("Console input/output is redirected. ");
-		printf("Run 'make oldconfig' to update configuration.\n\n");
-		exit(1);
-	}
-}
-
-static void conf_askvalue(struct symbol *sym, const char *def)
-{
-	enum symbol_type type = sym_get_type(sym);
-	tristate val;
-
-	if (!sym_has_value(sym))
-		printf("(NEW) ");
-
-	line[0] = '\n';
-	line[1] = 0;
-
-	if (!sym_is_changable(sym)) {
-		printf("%s\n", def);
-		line[0] = '\n';
-		line[1] = 0;
-		return;
-	}
-
-	switch (input_mode) {
-	case ask_new:
-	case ask_silent:
-		if (sym_has_value(sym)) {
-			printf("%s\n", def);
-			return;
-		}
-		check_stdin();
-	case ask_all:
-		fflush(stdout);
-		fgets(line, 128, stdin);
-		return;
-	case set_default:
-		printf("%s\n", def);
-		return;
-	default:
-		break;
-	}
-
-	switch (type) {
-	case S_INT:
-	case S_HEX:
-	case S_STRING:
-		printf("%s\n", def);
-		return;
-	default:
-		;
-	}
-	switch (input_mode) {
-	case set_yes:
-		if (sym_tristate_within_range(sym, yes)) {
-			line[0] = 'y';
-			line[1] = '\n';
-			line[2] = 0;
-			break;
-		}
-	case set_mod:
-		if (type == S_TRISTATE) {
-			if (sym_tristate_within_range(sym, mod)) {
-				line[0] = 'm';
-				line[1] = '\n';
-				line[2] = 0;
-				break;
-			}
-		} else {
-			if (sym_tristate_within_range(sym, yes)) {
-				line[0] = 'y';
-				line[1] = '\n';
-				line[2] = 0;
-				break;
-			}
-		}
-	case set_no:
-		if (sym_tristate_within_range(sym, no)) {
-			line[0] = 'n';
-			line[1] = '\n';
-			line[2] = 0;
-			break;
-		}
-	case set_random:
-		do {
-			val = (tristate)(random() % 3);
-		} while (!sym_tristate_within_range(sym, val));
-		switch (val) {
-		case no: line[0] = 'n'; break;
-		case mod: line[0] = 'm'; break;
-		case yes: line[0] = 'y'; break;
-		}
-		line[1] = '\n';
-		line[2] = 0;
-		break;
-	default:
-		break;
-	}
-	printf("%s", line);
-}
-
-int conf_string(struct menu *menu)
-{
-	struct symbol *sym = menu->sym;
-	const char *def, *help;
-
-	while (1) {
-		printf("%*s%s ", indent - 1, "", menu->prompt->text);
-		printf("(%s) ", sym->name);
-		def = sym_get_string_value(sym);
-		if (sym_get_string_value(sym))
-			printf("[%s] ", def);
-		conf_askvalue(sym, def);
-		switch (line[0]) {
-		case '\n':
-			break;
-		case '?':
-			/* print help */
-			if (line[1] == '\n') {
-				help = nohelp_text;
-				if (menu->sym->help)
-					help = menu->sym->help;
-				printf("\n%s\n", menu->sym->help);
-				def = NULL;
-				break;
-			}
-		default:
-			line[strlen(line)-1] = 0;
-			def = line;
-		}
-		if (def && sym_set_string_value(sym, def))
-			return 0;
-	}
-}
-
-static int conf_sym(struct menu *menu)
-{
-	struct symbol *sym = menu->sym;
-	int type;
-	tristate oldval, newval;
-	const char *help;
-
-	while (1) {
-		printf("%*s%s ", indent - 1, "", menu->prompt->text);
-		if (sym->name)
-			printf("(%s) ", sym->name);
-		type = sym_get_type(sym);
-		putchar('[');
-		oldval = sym_get_tristate_value(sym);
-		switch (oldval) {
-		case no:
-			putchar('N');
-			break;
-		case mod:
-			putchar('M');
-			break;
-		case yes:
-			putchar('Y');
-			break;
-		}
-		if (oldval != no && sym_tristate_within_range(sym, no))
-			printf("/n");
-		if (oldval != mod && sym_tristate_within_range(sym, mod))
-			printf("/m");
-		if (oldval != yes && sym_tristate_within_range(sym, yes))
-			printf("/y");
-		if (sym->help)
-			printf("/?");
-		printf("] ");
-		conf_askvalue(sym, sym_get_string_value(sym));
-		strip(line);
-
-		switch (line[0]) {
-		case 'n':
-		case 'N':
-			newval = no;
-			if (!line[1] || !strcmp(&line[1], "o"))
-				break;
-			continue;
-		case 'm':
-		case 'M':
-			newval = mod;
-			if (!line[1])
-				break;
-			continue;
-		case 'y':
-		case 'Y':
-			newval = yes;
-			if (!line[1] || !strcmp(&line[1], "es"))
-				break;
-			continue;
-		case 0:
-			newval = oldval;
-			break;
-		case '?':
-			goto help;
-		default:
-			continue;
-		}
-		if (sym_set_tristate_value(sym, newval))
-			return 0;
-help:
-		help = nohelp_text;
-		if (sym->help)
-			help = sym->help;
-		printf("\n%s\n", help);
-	}
-}
-
-static int conf_choice(struct menu *menu)
-{
-	struct symbol *sym, *def_sym;
-	struct menu *child;
-	int type;
-	bool is_new;
-
-	sym = menu->sym;
-	type = sym_get_type(sym);
-	is_new = !sym_has_value(sym);
-	if (sym_is_changable(sym)) {
-		conf_sym(menu);
-		sym_calc_value(sym);
-		switch (sym_get_tristate_value(sym)) {
-		case no:
-			return 1;
-		case mod:
-			return 0;
-		case yes:
-			break;
-		}
-	} else {
-		switch (sym_get_tristate_value(sym)) {
-		case no:
-			return 1;
-		case mod:
-			printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
-			return 0;
-		case yes:
-			break;
-		}
-	}
-
-	while (1) {
-		int cnt, def;
-
-		printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
-		def_sym = sym_get_choice_value(sym);
-		cnt = def = 0;
-		line[0] = '0';
-		line[1] = 0;
-		for (child = menu->list; child; child = child->next) {
-			if (!menu_is_visible(child))
-				continue;
-			if (!child->sym) {
-				printf("%*c %s\n", indent, '*', menu_get_prompt(child));
-				continue;
-			}
-			cnt++;
-			if (child->sym == def_sym) {
-				def = cnt;
-				printf("%*c", indent, '>');
-			} else
-				printf("%*c", indent, ' ');
-			printf(" %d. %s", cnt, menu_get_prompt(child));
-			if (child->sym->name)
-				printf(" (%s)", child->sym->name);
-			if (!sym_has_value(child->sym))
-				printf(" (NEW)");
-			printf("\n");
-		}
-		printf("%*schoice", indent - 1, "");
-		if (cnt == 1) {
-			printf("[1]: 1\n");
-			goto conf_childs;
-		}
-		printf("[1-%d", cnt);
-		if (sym->help)
-			printf("?");
-		printf("]: ");
-		switch (input_mode) {
-		case ask_new:
-		case ask_silent:
-			if (!is_new) {
-				cnt = def;
-				printf("%d\n", cnt);
-				break;
-			}
-			check_stdin();
-		case ask_all:
-			fflush(stdout);
-			fgets(line, 128, stdin);
-			strip(line);
-			if (line[0] == '?') {
-				printf("\n%s\n", menu->sym->help ?
-					menu->sym->help : nohelp_text);
-				continue;
-			}
-			if (!line[0])
-				cnt = def;
-			else if (isdigit(line[0]))
-				cnt = atoi(line);
-			else
-				continue;
-			break;
-		case set_random:
-			def = (random() % cnt) + 1;
-		case set_default:
-		case set_yes:
-		case set_mod:
-		case set_no:
-			cnt = def;
-			printf("%d\n", cnt);
-			break;
-		}
-
-	conf_childs:
-		for (child = menu->list; child; child = child->next) {
-			if (!child->sym || !menu_is_visible(child))
-				continue;
-			if (!--cnt)
-				break;
-		}
-		if (!child)
-			continue;
-		if (line[strlen(line) - 1] == '?') {
-			printf("\n%s\n", child->sym->help ?
-				child->sym->help : nohelp_text);
-			continue;
-		}
-		sym_set_choice_value(sym, child->sym);
-		if (child->list) {
-			indent += 2;
-			conf(child->list);
-			indent -= 2;
-		}
-		return 1;
-	}
-}
-
-static void conf(struct menu *menu)
-{
-	struct symbol *sym;
-	struct property *prop;
-	struct menu *child;
-
-	if (!menu_is_visible(menu))
-		return;
-
-	sym = menu->sym;
-	prop = menu->prompt;
-	if (prop) {
-		const char *prompt;
-
-		switch (prop->type) {
-		case P_MENU:
-			if (input_mode == ask_silent && rootEntry != menu) {
-				check_conf(menu);
-				return;
-			}
-		case P_COMMENT:
-			prompt = menu_get_prompt(menu);
-			if (prompt)
-				printf("%*c\n%*c %s\n%*c\n",
-					indent, '*',
-					indent, '*', prompt,
-					indent, '*');
-		default:
-			;
-		}
-	}
-
-	if (!sym)
-		goto conf_childs;
-
-	if (sym_is_choice(sym)) {
-		conf_choice(menu);
-		if (sym->curr.tri != mod)
-			return;
-		goto conf_childs;
-	}
-
-	switch (sym->type) {
-	case S_INT:
-	case S_HEX:
-	case S_STRING:
-		conf_string(menu);
-		break;
-	default:
-		conf_sym(menu);
-		break;
-	}
-
-conf_childs:
-	if (sym)
-		indent += 2;
-	for (child = menu->list; child; child = child->next)
-		conf(child);
-	if (sym)
-		indent -= 2;
-}
-
-static void check_conf(struct menu *menu)
-{
-	struct symbol *sym;
-	struct menu *child;
-
-	if (!menu_is_visible(menu))
-		return;
-
-	sym = menu->sym;
-	if (sym) {
-		if (sym_is_changable(sym) && !sym_has_value(sym)) {
-			if (!conf_cnt++)
-				printf("*\n* Restart config...\n*\n");
-			rootEntry = menu_get_parent_menu(menu);
-			conf(rootEntry);
-		}
-		if (sym_is_choice(sym) && sym_get_tristate_value(sym) != mod)
-			return;
-	}
-
-	for (child = menu->list; child; child = child->next)
-		check_conf(child);
-}
-
-int main(int ac, char **av)
-{
-	int i = 1;
-	const char *name;
-	struct stat tmpstat;
-
-	if (ac > i && av[i][0] == '-') {
-		switch (av[i++][1]) {
-		case 'o':
-			input_mode = ask_new;
-			break;
-		case 's':
-			input_mode = ask_silent;
-			valid_stdin = isatty(0) && isatty(1) && isatty(2);
-			break;
-		case 'd':
-			input_mode = set_default;
-			break;
-		case 'D':
-			input_mode = set_default;
-			defconfig_file = av[i++];
-			if (!defconfig_file) {
-				printf("%s: No default config file specified\n",
-					av[0]);
-				exit(1);
-			}
-			break;
-		case 'n':
-			input_mode = set_no;
-			break;
-		case 'm':
-			input_mode = set_mod;
-			break;
-		case 'y':
-			input_mode = set_yes;
-			break;
-		case 'r':
-			input_mode = set_random;
-			srandom(time(NULL));
-			break;
-		case 'h':
-		case '?':
-			printf("%s [-o|-s] config\n", av[0]);
-			exit(0);
-		}
-	}
-  	name = av[i];
-	if (!name) {
-		printf("%s: configuration file missing\n", av[0]);
-	}
-	conf_parse(name);
-	//zconfdump(stdout);
-	switch (input_mode) {
-	case set_default:
-		if (!defconfig_file)
-			defconfig_file = conf_get_default_confname();
-		if (conf_read(defconfig_file)) {
-			printf("***\n"
-				"*** Can't find default configuration \"%s\"!\n"
-				"***\n", defconfig_file);
-			exit(1);
-		}
-		break;
-	case ask_silent:
-		if (stat(".config", &tmpstat)) {
-			printf("***\n"
-				"*** You have not yet configured axTLS!\n"
-				"***\n"
-				"*** Please run some configurator (e.g. \"make oldconfig\" or\n"
-				"*** \"make menuconfig\" or \"make config\").\n"
-				"***\n");
-			exit(1);
-		}
-	case ask_all:
-	case ask_new:
-		conf_read(NULL);
-		break;
-	default:
-		break;
-	}
-
-	if (input_mode != ask_silent) {
-		rootEntry = &rootmenu;
-		conf(&rootmenu);
-		if (input_mode == ask_all) {
-			input_mode = ask_silent;
-			valid_stdin = 1;
-		}
-	}
-	do {
-		conf_cnt = 0;
-		check_conf(&rootmenu);
-	} while (conf_cnt);
-	if (conf_write(NULL)) {
-		fprintf(stderr, "\n*** Error during writing of the axTLS configuration.\n\n");
-		return 1;
-	}
-	return 0;
-}
diff --git a/config/scripts/config/confdata.c b/config/scripts/config/confdata.c
deleted file mode 100644
index a59e245508..0000000000
--- a/config/scripts/config/confdata.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <sys/stat.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-const char conf_def_filename[] = "config/.config";
-
-const char conf_defname[] = "config/defconfig";
-
-const char *conf_confnames[] = {
-	"config/.config",
-	conf_defname,
-	NULL,
-};
-
-static char *conf_expand_value(const char *in)
-{
-	struct symbol *sym;
-	const char *src;
-	static char res_value[SYMBOL_MAXLENGTH];
-	char *dst, name[SYMBOL_MAXLENGTH];
-
-	res_value[0] = 0;
-	dst = name;
-	while ((src = strchr(in, '$'))) {
-		strncat(res_value, in, src - in);
-		src++;
-		dst = name;
-		while (isalnum(*src) || *src == '_')
-			*dst++ = *src++;
-		*dst = 0;
-		sym = sym_lookup(name, 0);
-		sym_calc_value(sym);
-		strcat(res_value, sym_get_string_value(sym));
-		in = src;
-	}
-	strcat(res_value, in);
-
-	return res_value;
-}
-
-char *conf_get_default_confname(void)
-{
-	struct stat buf;
-	static char fullname[PATH_MAX+1];
-	char *env, *name;
-
-	name = conf_expand_value(conf_defname);
-	env = getenv(SRCTREE);
-	if (env) {
-		sprintf(fullname, "%s/%s", env, name);
-		if (!stat(fullname, &buf))
-			return fullname;
-	}
-	return name;
-}
-
-int conf_read(const char *name)
-{
-	FILE *in = NULL;
-	char line[1024];
-	char *p, *p2;
-	int lineno = 0;
-	struct symbol *sym;
-	struct property *prop;
-	struct expr *e;
-	int i;
-
-	if (name) {
-		in = zconf_fopen(name);
-	} else {
-		const char **names = conf_confnames;
-		while ((name = *names++)) {
-			name = conf_expand_value(name);
-			in = zconf_fopen(name);
-			if (in) {
-				printf("#\n"
-				       "# using defaults found in %s\n"
-				       "#\n", name);
-				break;
-			}
-		}
-	}
-
-	if (!in)
-		return 1;
-
-	for_all_symbols(i, sym) {
-		sym->flags |= SYMBOL_NEW | SYMBOL_CHANGED;
-		sym->flags &= ~SYMBOL_VALID;
-		switch (sym->type) {
-		case S_INT:
-		case S_HEX:
-		case S_STRING:
-			if (sym->user.val)
-				free(sym->user.val);
-		default:
-			sym->user.val = NULL;
-			sym->user.tri = no;
-		}
-	}
-
-	while (fgets(line, sizeof(line), in)) {
-		lineno++;
-		sym = NULL;
-		switch (line[0]) {
-		case '#':
-			if (line[1]!=' ')
-				continue;
-			p = strchr(line + 2, ' ');
-			if (!p)
-				continue;
-			*p++ = 0;
-			if (strncmp(p, "is not set", 10))
-				continue;
-			sym = sym_find(line + 2);
-			if (!sym) {
-				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line + 2);
-				break;
-			}
-			switch (sym->type) {
-			case S_BOOLEAN:
-			case S_TRISTATE:
-				sym->user.tri = no;
-				sym->flags &= ~SYMBOL_NEW;
-				break;
-			default:
-				;
-			}
-			break;
-
-		case 'A' ... 'Z':
-			p = strchr(line, '=');
-			if (!p)
-				continue;
-			*p++ = 0;
-			p2 = strchr(p, '\n');
-			if (p2)
-				*p2 = 0;
-			sym = sym_find(line);
-			if (!sym) {
-				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line);
-				break;
-			}
-			switch (sym->type) {
-			case S_TRISTATE:
-				if (p[0] == 'm') {
-					sym->user.tri = mod;
-					sym->flags &= ~SYMBOL_NEW;
-					break;
-				}
-			case S_BOOLEAN:
-				if (p[0] == 'y') {
-					sym->user.tri = yes;
-					sym->flags &= ~SYMBOL_NEW;
-					break;
-				}
-				if (p[0] == 'n') {
-					sym->user.tri = no;
-					sym->flags &= ~SYMBOL_NEW;
-					break;
-				}
-				break;
-			case S_STRING:
-				if (*p++ != '"')
-					break;
-				for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
-					if (*p2 == '"') {
-						*p2 = 0;
-						break;
-					}
-					memmove(p2, p2 + 1, strlen(p2));
-				}
-				if (!p2) {
-					fprintf(stderr, "%s:%d: invalid string found\n", name, lineno);
-					exit(1);
-				}
-			case S_INT:
-			case S_HEX:
-				if (sym_string_valid(sym, p)) {
-					sym->user.val = strdup(p);
-					sym->flags &= ~SYMBOL_NEW;
-				} else {
-					fprintf(stderr, "%s:%d: symbol value '%s' invalid for %s\n", name, lineno, p, sym->name);
-					exit(1);
-				}
-				break;
-			default:
-				;
-			}
-			break;
-		case '\n':
-			break;
-		default:
-			continue;
-		}
-		if (sym && sym_is_choice_value(sym)) {
-			struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
-			switch (sym->user.tri) {
-			case no:
-				break;
-			case mod:
-				if (cs->user.tri == yes)
-					/* warn? */;
-				break;
-			case yes:
-				if (cs->user.tri != no)
-					/* warn? */;
-				cs->user.val = sym;
-				break;
-			}
-			cs->user.tri = E_OR(cs->user.tri, sym->user.tri);
-			cs->flags &= ~SYMBOL_NEW;
-		}
-	}
-	fclose(in);
-
-	if (modules_sym)
-		sym_calc_value(modules_sym);
-	for_all_symbols(i, sym) {
-		sym_calc_value(sym);
-		if (sym_has_value(sym) && !sym_is_choice_value(sym)) {
-			if (sym->visible == no)
-				sym->flags |= SYMBOL_NEW;
-			switch (sym->type) {
-			case S_STRING:
-			case S_INT:
-			case S_HEX:
-				if (!sym_string_within_range(sym, sym->user.val))
-					sym->flags |= SYMBOL_NEW;
-			default:
-				break;
-			}
-		}
-		if (!sym_is_choice(sym))
-			continue;
-		prop = sym_get_choice_prop(sym);
-		for (e = prop->expr; e; e = e->left.expr)
-			if (e->right.sym->visible != no)
-				sym->flags |= e->right.sym->flags & SYMBOL_NEW;
-	}
-
-	sym_change_count = 1;
-
-	return 0;
-}
-
-struct menu *next_menu(struct menu *menu)
-{
-	if (menu->list) return menu->list;
-	do {
-		if (menu->next) {
-			menu = menu->next;
-			break;
-		}
-	} while ((menu = menu->parent));
-	
-	return menu;
-}
-
-#define SYMBOL_FORCEWRITE (1<<31)
-
-int conf_write(const char *name)
-{
-	FILE *out, *out_h;
-	struct symbol *sym;
-	struct menu *menu;
-	const char *basename;
-	char dirname[128], tmpname[128], newname[128];
-	int type, l;
-	const char *str;
-
-	dirname[0] = 0;
-	if (name && name[0]) {
-		struct stat st;
-		char *slash;
-
-		if (!stat(name, &st) && S_ISDIR(st.st_mode)) {
-			strcpy(dirname, name);
-			strcat(dirname, "/");
-			basename = conf_def_filename;
-		} else if ((slash = strrchr(name, '/'))) {
-			int size = slash - name + 1;
-			memcpy(dirname, name, size);
-			dirname[size] = 0;
-			if (slash[1])
-				basename = slash + 1;
-			else
-				basename = conf_def_filename;
-		} else
-			basename = name;
-	} else
-		basename = conf_def_filename;
-
-	sprintf(newname, "config/%s.tmpconfig.%d", dirname, (int)getpid());
-	out = fopen(newname, "w");
-	if (!out)
-		return 1;
-	out_h = NULL;
-	if (!name) {
-		out_h = fopen("config/.tmpconfig.h", "w");
-		if (!out_h)
-			return 1;
-	}
-	fprintf(out, "#\n"
-		     "# Automatically generated make config: don't edit\n"
-		     "#\n");
-	if (out_h) {
-		fprintf(out_h, "/*\n"
-			     " * Automatically generated header file: don't edit\n"
-			     " */\n\n");
-#if 0
-			     "/* Version Number */\n"
-			     "#define BB_VER \"%s\"\n"
-			     "#define BB_BT \"%s\"\n",
-			     getenv("VERSION"),
-			     getenv("BUILDTIME"));
-		if (getenv("EXTRA_VERSION"))
-			fprintf(out_h, "#define BB_EXTRA_VERSION \"%s\"\n",
-				     getenv("EXTRA_VERSION"));
-		fprintf(out_h, "\n");
-#endif
-	}
-
-	if (!sym_change_count)
-		sym_clear_all_valid();
-
-	/* Force write of all non-duplicate symbols. */
-
-	/* Write out everything by default. */
-	for(menu = rootmenu.list; menu; menu = next_menu(menu))
-		if (menu->sym) menu->sym->flags |= SYMBOL_FORCEWRITE;
-
-	menu = rootmenu.list;
-	while (menu) {
-		sym = menu->sym;
-		if (!sym) {
-			if (!menu_is_visible(menu))
-				goto next;
-			str = menu_get_prompt(menu);
-			fprintf(out, "\n"
-				     "#\n"
-				     "# %s\n"
-				     "#\n", str);
-			if (out_h)
-				fprintf(out_h, "\n"
-					       "/*\n"
-					       " * %s\n"
-					       " */\n", str);
-		} else if (!(sym->flags & SYMBOL_CHOICE)) {
-			sym_calc_value(sym);
-			if (!(sym->flags & SYMBOL_FORCEWRITE))
-				goto next;
-
-			sym->flags &= ~SYMBOL_FORCEWRITE;
-			type = sym->type;
-			if (type == S_TRISTATE) {
-				sym_calc_value(modules_sym);
-				if (modules_sym->curr.tri == no)
-					type = S_BOOLEAN;
-			}
-			switch (type) {
-			case S_BOOLEAN:
-			case S_TRISTATE:
-				switch (sym_get_tristate_value(sym)) {
-				case no:
-					fprintf(out, "# %s is not set\n", sym->name);
-					if (out_h)
-						fprintf(out_h, "#undef %s\n", sym->name);
-					break;
-				case mod:
-#if 0
-					fprintf(out, "%s=m\n", sym->name);
-					if (out_h)
-						fprintf(out_h, "#define %s_MODULE 1\n", sym->name);
-#endif
-					break;
-				case yes:
-					fprintf(out, "%s=y\n", sym->name);
-					if (out_h)
-						fprintf(out_h, "#define %s 1\n", sym->name);
-					break;
-				}
-				break;
-			case S_STRING:
-				// fix me
-				str = sym_get_string_value(sym);
-				fprintf(out, "%s=\"", sym->name);
-				if (out_h)
-					fprintf(out_h, "#define %s \"", sym->name);
-				do {
-					l = strcspn(str, "\"\\");
-					if (l) {
-						fwrite(str, l, 1, out);
-						if (out_h)
-							fwrite(str, l, 1, out_h);
-					}
-					str += l;
-					while (*str == '\\' || *str == '"') {
-						fprintf(out, "\\%c", *str);
-						if (out_h)
-							fprintf(out_h, "\\%c", *str);
-						str++;
-					}
-				} while (*str);
-				fputs("\"\n", out);
-				if (out_h)
-					fputs("\"\n", out_h);
-				break;
-			case S_HEX:
-				str = sym_get_string_value(sym);
-				if (str[0] != '0' || (str[1] != 'x' && str[1] != 'X')) {
-					fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
-					if (out_h)
-						fprintf(out_h, "#define %s 0x%s\n", sym->name, str);
-					break;
-				}
-			case S_INT:
-				str = sym_get_string_value(sym);
-				fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
-				if (out_h)
-					fprintf(out_h, "#define %s %s\n", sym->name, str);
-				break;
-			}
-		}
-next:
-		menu = next_menu(menu);
-	}
-	fclose(out);
-	if (out_h) {
-		fclose(out_h);
-		rename("config/.tmpconfig.h", "config/config.h");
-		file_write_dep(NULL);
-	}
-	if (!name || basename != conf_def_filename) {
-		if (!name)
-			name = conf_def_filename;
-		sprintf(tmpname, "%s.old", name);
-		rename(name, tmpname);
-	}
-	sprintf(tmpname, "%s%s", dirname, basename);
-	if (rename(newname, tmpname))
-		return 1;
-
-	sym_change_count = 0;
-
-	return 0;
-}
diff --git a/config/scripts/config/expr.c b/config/scripts/config/expr.c
deleted file mode 100644
index 30e4f9d69c..0000000000
--- a/config/scripts/config/expr.c
+++ /dev/null
@@ -1,1099 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-#define DEBUG_EXPR	0
-
-struct expr *expr_alloc_symbol(struct symbol *sym)
-{
-	struct expr *e = malloc(sizeof(*e));
-	memset(e, 0, sizeof(*e));
-	e->type = E_SYMBOL;
-	e->left.sym = sym;
-	return e;
-}
-
-struct expr *expr_alloc_one(enum expr_type type, struct expr *ce)
-{
-	struct expr *e = malloc(sizeof(*e));
-	memset(e, 0, sizeof(*e));
-	e->type = type;
-	e->left.expr = ce;
-	return e;
-}
-
-struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2)
-{
-	struct expr *e = malloc(sizeof(*e));
-	memset(e, 0, sizeof(*e));
-	e->type = type;
-	e->left.expr = e1;
-	e->right.expr = e2;
-	return e;
-}
-
-struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2)
-{
-	struct expr *e = malloc(sizeof(*e));
-	memset(e, 0, sizeof(*e));
-	e->type = type;
-	e->left.sym = s1;
-	e->right.sym = s2;
-	return e;
-}
-
-struct expr *expr_alloc_and(struct expr *e1, struct expr *e2)
-{
-	if (!e1)
-		return e2;
-	return e2 ? expr_alloc_two(E_AND, e1, e2) : e1;
-}
-
-struct expr *expr_alloc_or(struct expr *e1, struct expr *e2)
-{
-	if (!e1)
-		return e2;
-	return e2 ? expr_alloc_two(E_OR, e1, e2) : e1;
-}
-
-struct expr *expr_copy(struct expr *org)
-{
-	struct expr *e;
-
-	if (!org)
-		return NULL;
-
-	e = malloc(sizeof(*org));
-	memcpy(e, org, sizeof(*org));
-	switch (org->type) {
-	case E_SYMBOL:
-		e->left = org->left;
-		break;
-	case E_NOT:
-		e->left.expr = expr_copy(org->left.expr);
-		break;
-	case E_EQUAL:
-	case E_UNEQUAL:
-		e->left.sym = org->left.sym;
-		e->right.sym = org->right.sym;
-		break;
-	case E_AND:
-	case E_OR:
-	case E_CHOICE:
-		e->left.expr = expr_copy(org->left.expr);
-		e->right.expr = expr_copy(org->right.expr);
-		break;
-	default:
-		printf("can't copy type %d\n", e->type);
-		free(e);
-		e = NULL;
-		break;
-	}
-
-	return e;
-}
-
-void expr_free(struct expr *e)
-{
-	if (!e)
-		return;
-
-	switch (e->type) {
-	case E_SYMBOL:
-		break;
-	case E_NOT:
-		expr_free(e->left.expr);
-		return;
-	case E_EQUAL:
-	case E_UNEQUAL:
-		break;
-	case E_OR:
-	case E_AND:
-		expr_free(e->left.expr);
-		expr_free(e->right.expr);
-		break;
-	default:
-		printf("how to free type %d?\n", e->type);
-		break;
-	}
-	free(e);
-}
-
-static int trans_count;
-
-#define e1 (*ep1)
-#define e2 (*ep2)
-
-static void __expr_eliminate_eq(enum expr_type type, struct expr **ep1, struct expr **ep2)
-{
-	if (e1->type == type) {
-		__expr_eliminate_eq(type, &e1->left.expr, &e2);
-		__expr_eliminate_eq(type, &e1->right.expr, &e2);
-		return;
-	}
-	if (e2->type == type) {
-		__expr_eliminate_eq(type, &e1, &e2->left.expr);
-		__expr_eliminate_eq(type, &e1, &e2->right.expr);
-		return;
-	}
-	if (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
-	    e1->left.sym == e2->left.sym && (e1->left.sym->flags & (SYMBOL_YES|SYMBOL_NO)))
-		return;
-	if (!expr_eq(e1, e2))
-		return;
-	trans_count++;
-	expr_free(e1); expr_free(e2);
-	switch (type) {
-	case E_OR:
-		e1 = expr_alloc_symbol(&symbol_no);
-		e2 = expr_alloc_symbol(&symbol_no);
-		break;
-	case E_AND:
-		e1 = expr_alloc_symbol(&symbol_yes);
-		e2 = expr_alloc_symbol(&symbol_yes);
-		break;
-	default:
-		;
-	}
-}
-
-void expr_eliminate_eq(struct expr **ep1, struct expr **ep2)
-{
-	if (!e1 || !e2)
-		return;
-	switch (e1->type) {
-	case E_OR:
-	case E_AND:
-		__expr_eliminate_eq(e1->type, ep1, ep2);
-	default:
-		;
-	}
-	if (e1->type != e2->type) switch (e2->type) {
-	case E_OR:
-	case E_AND:
-		__expr_eliminate_eq(e2->type, ep1, ep2);
-	default:
-		;
-	}
-	e1 = expr_eliminate_yn(e1);
-	e2 = expr_eliminate_yn(e2);
-}
-
-#undef e1
-#undef e2
-
-int expr_eq(struct expr *e1, struct expr *e2)
-{
-	int res, old_count;
-
-	if (e1->type != e2->type)
-		return 0;
-	switch (e1->type) {
-	case E_EQUAL:
-	case E_UNEQUAL:
-		return e1->left.sym == e2->left.sym && e1->right.sym == e2->right.sym;
-	case E_SYMBOL:
-		return e1->left.sym == e2->left.sym;
-	case E_NOT:
-		return expr_eq(e1->left.expr, e2->left.expr);
-	case E_AND:
-	case E_OR:
-		e1 = expr_copy(e1);
-		e2 = expr_copy(e2);
-		old_count = trans_count;
-		expr_eliminate_eq(&e1, &e2);
-		res = (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
-		       e1->left.sym == e2->left.sym);
-		expr_free(e1);
-		expr_free(e2);
-		trans_count = old_count;
-		return res;
-	case E_CHOICE:
-	case E_RANGE:
-	case E_NONE:
-		/* panic */;
-	}
-
-	if (DEBUG_EXPR) {
-		expr_fprint(e1, stdout);
-		printf(" = ");
-		expr_fprint(e2, stdout);
-		printf(" ?\n");
-	}
-
-	return 0;
-}
-
-struct expr *expr_eliminate_yn(struct expr *e)
-{
-	struct expr *tmp;
-
-	if (e) switch (e->type) {
-	case E_AND:
-		e->left.expr = expr_eliminate_yn(e->left.expr);
-		e->right.expr = expr_eliminate_yn(e->right.expr);
-		if (e->left.expr->type == E_SYMBOL) {
-			if (e->left.expr->left.sym == &symbol_no) {
-				expr_free(e->left.expr);
-				expr_free(e->right.expr);
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_no;
-				e->right.expr = NULL;
-				return e;
-			} else if (e->left.expr->left.sym == &symbol_yes) {
-				free(e->left.expr);
-				tmp = e->right.expr;
-				*e = *(e->right.expr);
-				free(tmp);
-				return e;
-			}
-		}
-		if (e->right.expr->type == E_SYMBOL) {
-			if (e->right.expr->left.sym == &symbol_no) {
-				expr_free(e->left.expr);
-				expr_free(e->right.expr);
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_no;
-				e->right.expr = NULL;
-				return e;
-			} else if (e->right.expr->left.sym == &symbol_yes) {
-				free(e->right.expr);
-				tmp = e->left.expr;
-				*e = *(e->left.expr);
-				free(tmp);
-				return e;
-			}
-		}
-		break;
-	case E_OR:
-		e->left.expr = expr_eliminate_yn(e->left.expr);
-		e->right.expr = expr_eliminate_yn(e->right.expr);
-		if (e->left.expr->type == E_SYMBOL) {
-			if (e->left.expr->left.sym == &symbol_no) {
-				free(e->left.expr);
-				tmp = e->right.expr;
-				*e = *(e->right.expr);
-				free(tmp);
-				return e;
-			} else if (e->left.expr->left.sym == &symbol_yes) {
-				expr_free(e->left.expr);
-				expr_free(e->right.expr);
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_yes;
-				e->right.expr = NULL;
-				return e;
-			}
-		}
-		if (e->right.expr->type == E_SYMBOL) {
-			if (e->right.expr->left.sym == &symbol_no) {
-				free(e->right.expr);
-				tmp = e->left.expr;
-				*e = *(e->left.expr);
-				free(tmp);
-				return e;
-			} else if (e->right.expr->left.sym == &symbol_yes) {
-				expr_free(e->left.expr);
-				expr_free(e->right.expr);
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_yes;
-				e->right.expr = NULL;
-				return e;
-			}
-		}
-		break;
-	default:
-		;
-	}
-	return e;
-}
-
-/*
- * bool FOO!=n => FOO
- */
-struct expr *expr_trans_bool(struct expr *e)
-{
-	if (!e)
-		return NULL;
-	switch (e->type) {
-	case E_AND:
-	case E_OR:
-	case E_NOT:
-		e->left.expr = expr_trans_bool(e->left.expr);
-		e->right.expr = expr_trans_bool(e->right.expr);
-		break;
-	case E_UNEQUAL:
-		// FOO!=n -> FOO
-		if (e->left.sym->type == S_TRISTATE) {
-			if (e->right.sym == &symbol_no) {
-				e->type = E_SYMBOL;
-				e->right.sym = NULL;
-			}
-		}
-		break;
-	default:
-		;
-	}
-	return e;
-}
-
-/*
- * e1 || e2 -> ?
- */
-struct expr *expr_join_or(struct expr *e1, struct expr *e2)
-{
-	struct expr *tmp;
-	struct symbol *sym1, *sym2;
-
-	if (expr_eq(e1, e2))
-		return expr_copy(e1);
-	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
-		return NULL;
-	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
-		return NULL;
-	if (e1->type == E_NOT) {
-		tmp = e1->left.expr;
-		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
-			return NULL;
-		sym1 = tmp->left.sym;
-	} else
-		sym1 = e1->left.sym;
-	if (e2->type == E_NOT) {
-		if (e2->left.expr->type != E_SYMBOL)
-			return NULL;
-		sym2 = e2->left.expr->left.sym;
-	} else
-		sym2 = e2->left.sym;
-	if (sym1 != sym2)
-		return NULL;
-	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
-		return NULL;
-	if (sym1->type == S_TRISTATE) {
-		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
-		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
-		     (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes))) {
-			// (a='y') || (a='m') -> (a!='n')
-			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_no);
-		}
-		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
-		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
-		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes))) {
-			// (a='y') || (a='n') -> (a!='m')
-			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_mod);
-		}
-		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
-		    ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
-		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod))) {
-			// (a='m') || (a='n') -> (a!='y')
-			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_yes);
-		}
-	}
-	if (sym1->type == S_BOOLEAN && sym1 == sym2) {
-		if ((e1->type == E_NOT && e1->left.expr->type == E_SYMBOL && e2->type == E_SYMBOL) ||
-		    (e2->type == E_NOT && e2->left.expr->type == E_SYMBOL && e1->type == E_SYMBOL))
-			return expr_alloc_symbol(&symbol_yes);
-	}
-
-	if (DEBUG_EXPR) {
-		printf("optimize (");
-		expr_fprint(e1, stdout);
-		printf(") || (");
-		expr_fprint(e2, stdout);
-		printf(")?\n");
-	}
-	return NULL;
-}
-
-struct expr *expr_join_and(struct expr *e1, struct expr *e2)
-{
-	struct expr *tmp;
-	struct symbol *sym1, *sym2;
-
-	if (expr_eq(e1, e2))
-		return expr_copy(e1);
-	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
-		return NULL;
-	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
-		return NULL;
-	if (e1->type == E_NOT) {
-		tmp = e1->left.expr;
-		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
-			return NULL;
-		sym1 = tmp->left.sym;
-	} else
-		sym1 = e1->left.sym;
-	if (e2->type == E_NOT) {
-		if (e2->left.expr->type != E_SYMBOL)
-			return NULL;
-		sym2 = e2->left.expr->left.sym;
-	} else
-		sym2 = e2->left.sym;
-	if (sym1 != sym2)
-		return NULL;
-	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
-		return NULL;
-
-	if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_yes) ||
-	    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_yes))
-		// (a) && (a='y') -> (a='y')
-		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
-
-	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_no) ||
-	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_no))
-		// (a) && (a!='n') -> (a)
-		return expr_alloc_symbol(sym1);
-
-	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_mod) ||
-	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_mod))
-		// (a) && (a!='m') -> (a='y')
-		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
-
-	if (sym1->type == S_TRISTATE) {
-		if (e1->type == E_EQUAL && e2->type == E_UNEQUAL) {
-			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
-			sym2 = e1->right.sym;
-			if ((e2->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
-				return sym2 != e2->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
-							     : expr_alloc_symbol(&symbol_no);
-		}
-		if (e1->type == E_UNEQUAL && e2->type == E_EQUAL) {
-			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
-			sym2 = e2->right.sym;
-			if ((e1->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
-				return sym2 != e1->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
-							     : expr_alloc_symbol(&symbol_no);
-		}
-		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
-			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
-			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes)))
-			// (a!='y') && (a!='n') -> (a='m')
-			return expr_alloc_comp(E_EQUAL, sym1, &symbol_mod);
-
-		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
-			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
-			    (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes)))
-			// (a!='y') && (a!='m') -> (a='n')
-			return expr_alloc_comp(E_EQUAL, sym1, &symbol_no);
-
-		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
-			   ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
-			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod)))
-			// (a!='m') && (a!='n') -> (a='m')
-			return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
-
-		if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_mod) ||
-		    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_mod) ||
-		    (e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_yes) ||
-		    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_yes))
-			return NULL;
-	}
-
-	if (DEBUG_EXPR) {
-		printf("optimize (");
-		expr_fprint(e1, stdout);
-		printf(") && (");
-		expr_fprint(e2, stdout);
-		printf(")?\n");
-	}
-	return NULL;
-}
-
-static void expr_eliminate_dups1(enum expr_type type, struct expr **ep1, struct expr **ep2)
-{
-#define e1 (*ep1)
-#define e2 (*ep2)
-	struct expr *tmp;
-
-	if (e1->type == type) {
-		expr_eliminate_dups1(type, &e1->left.expr, &e2);
-		expr_eliminate_dups1(type, &e1->right.expr, &e2);
-		return;
-	}
-	if (e2->type == type) {
-		expr_eliminate_dups1(type, &e1, &e2->left.expr);
-		expr_eliminate_dups1(type, &e1, &e2->right.expr);
-		return;
-	}
-	if (e1 == e2)
-		return;
-
-	switch (e1->type) {
-	case E_OR: case E_AND:
-		expr_eliminate_dups1(e1->type, &e1, &e1);
-	default:
-		;
-	}
-
-	switch (type) {
-	case E_OR:
-		tmp = expr_join_or(e1, e2);
-		if (tmp) {
-			expr_free(e1); expr_free(e2);
-			e1 = expr_alloc_symbol(&symbol_no);
-			e2 = tmp;
-			trans_count++;
-		}
-		break;
-	case E_AND:
-		tmp = expr_join_and(e1, e2);
-		if (tmp) {
-			expr_free(e1); expr_free(e2);
-			e1 = expr_alloc_symbol(&symbol_yes);
-			e2 = tmp;
-			trans_count++;
-		}
-		break;
-	default:
-		;
-	}
-#undef e1
-#undef e2
-}
-
-static void expr_eliminate_dups2(enum expr_type type, struct expr **ep1, struct expr **ep2)
-{
-#define e1 (*ep1)
-#define e2 (*ep2)
-	struct expr *tmp, *tmp1, *tmp2;
-
-	if (e1->type == type) {
-		expr_eliminate_dups2(type, &e1->left.expr, &e2);
-		expr_eliminate_dups2(type, &e1->right.expr, &e2);
-		return;
-	}
-	if (e2->type == type) {
-		expr_eliminate_dups2(type, &e1, &e2->left.expr);
-		expr_eliminate_dups2(type, &e1, &e2->right.expr);
-	}
-	if (e1 == e2)
-		return;
-
-	switch (e1->type) {
-	case E_OR:
-		expr_eliminate_dups2(e1->type, &e1, &e1);
-		// (FOO || BAR) && (!FOO && !BAR) -> n
-		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
-		tmp2 = expr_copy(e2);
-		tmp = expr_extract_eq_and(&tmp1, &tmp2);
-		if (expr_is_yes(tmp1)) {
-			expr_free(e1);
-			e1 = expr_alloc_symbol(&symbol_no);
-			trans_count++;
-		}
-		expr_free(tmp2);
-		expr_free(tmp1);
-		expr_free(tmp);
-		break;
-	case E_AND:
-		expr_eliminate_dups2(e1->type, &e1, &e1);
-		// (FOO && BAR) || (!FOO || !BAR) -> y
-		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
-		tmp2 = expr_copy(e2);
-		tmp = expr_extract_eq_or(&tmp1, &tmp2);
-		if (expr_is_no(tmp1)) {
-			expr_free(e1);
-			e1 = expr_alloc_symbol(&symbol_yes);
-			trans_count++;
-		}
-		expr_free(tmp2);
-		expr_free(tmp1);
-		expr_free(tmp);
-		break;
-	default:
-		;
-	}
-#undef e1
-#undef e2
-}
-
-struct expr *expr_eliminate_dups(struct expr *e)
-{
-	int oldcount;
-	if (!e)
-		return e;
-
-	oldcount = trans_count;
-	while (1) {
-		trans_count = 0;
-		switch (e->type) {
-		case E_OR: case E_AND:
-			expr_eliminate_dups1(e->type, &e, &e);
-			expr_eliminate_dups2(e->type, &e, &e);
-		default:
-			;
-		}
-		if (!trans_count)
-			break;
-		e = expr_eliminate_yn(e);
-	}
-	trans_count = oldcount;
-	return e;
-}
-
-struct expr *expr_transform(struct expr *e)
-{
-	struct expr *tmp;
-
-	if (!e)
-		return NULL;
-	switch (e->type) {
-	case E_EQUAL:
-	case E_UNEQUAL:
-	case E_SYMBOL:
-	case E_CHOICE:
-		break;
-	default:
-		e->left.expr = expr_transform(e->left.expr);
-		e->right.expr = expr_transform(e->right.expr);
-	}
-
-	switch (e->type) {
-	case E_EQUAL:
-		if (e->left.sym->type != S_BOOLEAN)
-			break;
-		if (e->right.sym == &symbol_no) {
-			e->type = E_NOT;
-			e->left.expr = expr_alloc_symbol(e->left.sym);
-			e->right.sym = NULL;
-			break;
-		}
-		if (e->right.sym == &symbol_mod) {
-			printf("boolean symbol %s tested for 'm'? test forced to 'n'\n", e->left.sym->name);
-			e->type = E_SYMBOL;
-			e->left.sym = &symbol_no;
-			e->right.sym = NULL;
-			break;
-		}
-		if (e->right.sym == &symbol_yes) {
-			e->type = E_SYMBOL;
-			e->right.sym = NULL;
-			break;
-		}
-		break;
-	case E_UNEQUAL:
-		if (e->left.sym->type != S_BOOLEAN)
-			break;
-		if (e->right.sym == &symbol_no) {
-			e->type = E_SYMBOL;
-			e->right.sym = NULL;
-			break;
-		}
-		if (e->right.sym == &symbol_mod) {
-			printf("boolean symbol %s tested for 'm'? test forced to 'y'\n", e->left.sym->name);
-			e->type = E_SYMBOL;
-			e->left.sym = &symbol_yes;
-			e->right.sym = NULL;
-			break;
-		}
-		if (e->right.sym == &symbol_yes) {
-			e->type = E_NOT;
-			e->left.expr = expr_alloc_symbol(e->left.sym);
-			e->right.sym = NULL;
-			break;
-		}
-		break;
-	case E_NOT:
-		switch (e->left.expr->type) {
-		case E_NOT:
-			// !!a -> a
-			tmp = e->left.expr->left.expr;
-			free(e->left.expr);
-			free(e);
-			e = tmp;
-			e = expr_transform(e);
-			break;
-		case E_EQUAL:
-		case E_UNEQUAL:
-			// !a='x' -> a!='x'
-			tmp = e->left.expr;
-			free(e);
-			e = tmp;
-			e->type = e->type == E_EQUAL ? E_UNEQUAL : E_EQUAL;
-			break;
-		case E_OR:
-			// !(a || b) -> !a && !b
-			tmp = e->left.expr;
-			e->type = E_AND;
-			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
-			tmp->type = E_NOT;
-			tmp->right.expr = NULL;
-			e = expr_transform(e);
-			break;
-		case E_AND:
-			// !(a && b) -> !a || !b
-			tmp = e->left.expr;
-			e->type = E_OR;
-			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
-			tmp->type = E_NOT;
-			tmp->right.expr = NULL;
-			e = expr_transform(e);
-			break;
-		case E_SYMBOL:
-			if (e->left.expr->left.sym == &symbol_yes) {
-				// !'y' -> 'n'
-				tmp = e->left.expr;
-				free(e);
-				e = tmp;
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_no;
-				break;
-			}
-			if (e->left.expr->left.sym == &symbol_mod) {
-				// !'m' -> 'm'
-				tmp = e->left.expr;
-				free(e);
-				e = tmp;
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_mod;
-				break;
-			}
-			if (e->left.expr->left.sym == &symbol_no) {
-				// !'n' -> 'y'
-				tmp = e->left.expr;
-				free(e);
-				e = tmp;
-				e->type = E_SYMBOL;
-				e->left.sym = &symbol_yes;
-				break;
-			}
-			break;
-		default:
-			;
-		}
-		break;
-	default:
-		;
-	}
-	return e;
-}
-
-int expr_contains_symbol(struct expr *dep, struct symbol *sym)
-{
-	if (!dep)
-		return 0;
-
-	switch (dep->type) {
-	case E_AND:
-	case E_OR:
-		return expr_contains_symbol(dep->left.expr, sym) ||
-		       expr_contains_symbol(dep->right.expr, sym);
-	case E_SYMBOL:
-		return dep->left.sym == sym;
-	case E_EQUAL:
-	case E_UNEQUAL:
-		return dep->left.sym == sym ||
-		       dep->right.sym == sym;
-	case E_NOT:
-		return expr_contains_symbol(dep->left.expr, sym);
-	default:
-		;
-	}
-	return 0;
-}
-
-bool expr_depends_symbol(struct expr *dep, struct symbol *sym)
-{
-	if (!dep)
-		return false;
-
-	switch (dep->type) {
-	case E_AND:
-		return expr_depends_symbol(dep->left.expr, sym) ||
-		       expr_depends_symbol(dep->right.expr, sym);
-	case E_SYMBOL:
-		return dep->left.sym == sym;
-	case E_EQUAL:
-		if (dep->left.sym == sym) {
-			if (dep->right.sym == &symbol_yes || dep->right.sym == &symbol_mod)
-				return true;
-		}
-		break;
-	case E_UNEQUAL:
-		if (dep->left.sym == sym) {
-			if (dep->right.sym == &symbol_no)
-				return true;
-		}
-		break;
-	default:
-		;
-	}
- 	return false;
-}
-
-struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2)
-{
-	struct expr *tmp = NULL;
-	expr_extract_eq(E_AND, &tmp, ep1, ep2);
-	if (tmp) {
-		*ep1 = expr_eliminate_yn(*ep1);
-		*ep2 = expr_eliminate_yn(*ep2);
-	}
-	return tmp;
-}
-
-struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2)
-{
-	struct expr *tmp = NULL;
-	expr_extract_eq(E_OR, &tmp, ep1, ep2);
-	if (tmp) {
-		*ep1 = expr_eliminate_yn(*ep1);
-		*ep2 = expr_eliminate_yn(*ep2);
-	}
-	return tmp;
-}
-
-void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2)
-{
-#define e1 (*ep1)
-#define e2 (*ep2)
-	if (e1->type == type) {
-		expr_extract_eq(type, ep, &e1->left.expr, &e2);
-		expr_extract_eq(type, ep, &e1->right.expr, &e2);
-		return;
-	}
-	if (e2->type == type) {
-		expr_extract_eq(type, ep, ep1, &e2->left.expr);
-		expr_extract_eq(type, ep, ep1, &e2->right.expr);
-		return;
-	}
-	if (expr_eq(e1, e2)) {
-		*ep = *ep ? expr_alloc_two(type, *ep, e1) : e1;
-		expr_free(e2);
-		if (type == E_AND) {
-			e1 = expr_alloc_symbol(&symbol_yes);
-			e2 = expr_alloc_symbol(&symbol_yes);
-		} else if (type == E_OR) {
-			e1 = expr_alloc_symbol(&symbol_no);
-			e2 = expr_alloc_symbol(&symbol_no);
-		}
-	}
-#undef e1
-#undef e2
-}
-
-struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym)
-{
-	struct expr *e1, *e2;
-
-	if (!e) {
-		e = expr_alloc_symbol(sym);
-		if (type == E_UNEQUAL)
-			e = expr_alloc_one(E_NOT, e);
-		return e;
-	}
-	switch (e->type) {
-	case E_AND:
-		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
-		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
-		if (sym == &symbol_yes)
-			e = expr_alloc_two(E_AND, e1, e2);
-		if (sym == &symbol_no)
-			e = expr_alloc_two(E_OR, e1, e2);
-		if (type == E_UNEQUAL)
-			e = expr_alloc_one(E_NOT, e);
-		return e;
-	case E_OR:
-		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
-		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
-		if (sym == &symbol_yes)
-			e = expr_alloc_two(E_OR, e1, e2);
-		if (sym == &symbol_no)
-			e = expr_alloc_two(E_AND, e1, e2);
-		if (type == E_UNEQUAL)
-			e = expr_alloc_one(E_NOT, e);
-		return e;
-	case E_NOT:
-		return expr_trans_compare(e->left.expr, type == E_EQUAL ? E_UNEQUAL : E_EQUAL, sym);
-	case E_UNEQUAL:
-	case E_EQUAL:
-		if (type == E_EQUAL) {
-			if (sym == &symbol_yes)
-				return expr_copy(e);
-			if (sym == &symbol_mod)
-				return expr_alloc_symbol(&symbol_no);
-			if (sym == &symbol_no)
-				return expr_alloc_one(E_NOT, expr_copy(e));
-		} else {
-			if (sym == &symbol_yes)
-				return expr_alloc_one(E_NOT, expr_copy(e));
-			if (sym == &symbol_mod)
-				return expr_alloc_symbol(&symbol_yes);
-			if (sym == &symbol_no)
-				return expr_copy(e);
-		}
-		break;
-	case E_SYMBOL:
-		return expr_alloc_comp(type, e->left.sym, sym);
-	case E_CHOICE:
-	case E_RANGE:
-	case E_NONE:
-		/* panic */;
-	}
-	return NULL;
-}
-
-tristate expr_calc_value(struct expr *e)
-{
-	tristate val1, val2;
-	const char *str1, *str2;
-
-	if (!e)
-		return yes;
-
-	switch (e->type) {
-	case E_SYMBOL:
-		sym_calc_value(e->left.sym);
-		return e->left.sym->curr.tri;
-	case E_AND:
-		val1 = expr_calc_value(e->left.expr);
-		val2 = expr_calc_value(e->right.expr);
-		return E_AND(val1, val2);
-	case E_OR:
-		val1 = expr_calc_value(e->left.expr);
-		val2 = expr_calc_value(e->right.expr);
-		return E_OR(val1, val2);
-	case E_NOT:
-		val1 = expr_calc_value(e->left.expr);
-		return E_NOT(val1);
-	case E_EQUAL:
-		sym_calc_value(e->left.sym);
-		sym_calc_value(e->right.sym);
-		str1 = sym_get_string_value(e->left.sym);
-		str2 = sym_get_string_value(e->right.sym);
-		return !strcmp(str1, str2) ? yes : no;
-	case E_UNEQUAL:
-		sym_calc_value(e->left.sym);
-		sym_calc_value(e->right.sym);
-		str1 = sym_get_string_value(e->left.sym);
-		str2 = sym_get_string_value(e->right.sym);
-		return !strcmp(str1, str2) ? no : yes;
-	default:
-		printf("expr_calc_value: %d?\n", e->type);
-		return no;
-	}
-}
-
-int expr_compare_type(enum expr_type t1, enum expr_type t2)
-{
-#if 0
-	return 1;
-#else
-	if (t1 == t2)
-		return 0;
-	switch (t1) {
-	case E_EQUAL:
-	case E_UNEQUAL:
-		if (t2 == E_NOT)
-			return 1;
-	case E_NOT:
-		if (t2 == E_AND)
-			return 1;
-	case E_AND:
-		if (t2 == E_OR)
-			return 1;
-	case E_OR:
-		if (t2 == E_CHOICE)
-			return 1;
-	case E_CHOICE:
-		if (t2 == 0)
-			return 1;
-	default:
-		return -1;
-	}
-	printf("[%dgt%d?]", t1, t2);
-	return 0;
-#endif
-}
-
-void expr_print(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken)
-{
-	if (!e) {
-		fn(data, "y");
-		return;
-	}
-
-	if (expr_compare_type(prevtoken, e->type) > 0)
-		fn(data, "(");
-	switch (e->type) {
-	case E_SYMBOL:
-		if (e->left.sym->name)
-			fn(data, e->left.sym->name);
-		else
-			fn(data, "<choice>");
-		break;
-	case E_NOT:
-		fn(data, "!");
-		expr_print(e->left.expr, fn, data, E_NOT);
-		break;
-	case E_EQUAL:
-		fn(data, e->left.sym->name);
-		fn(data, "=");
-		fn(data, e->right.sym->name);
-		break;
-	case E_UNEQUAL:
-		fn(data, e->left.sym->name);
-		fn(data, "!=");
-		fn(data, e->right.sym->name);
-		break;
-	case E_OR:
-		expr_print(e->left.expr, fn, data, E_OR);
-		fn(data, " || ");
-		expr_print(e->right.expr, fn, data, E_OR);
-		break;
-	case E_AND:
-		expr_print(e->left.expr, fn, data, E_AND);
-		fn(data, " && ");
-		expr_print(e->right.expr, fn, data, E_AND);
-		break;
-	case E_CHOICE:
-		fn(data, e->right.sym->name);
-		if (e->left.expr) {
-			fn(data, " ^ ");
-			expr_print(e->left.expr, fn, data, E_CHOICE);
-		}
-		break;
-	case E_RANGE:
-		fn(data, "[");
-		fn(data, e->left.sym->name);
-		fn(data, " ");
-		fn(data, e->right.sym->name);
-		fn(data, "]");
-		break;
-	default:
-	  {
-		char buf[32];
-		sprintf(buf, "<unknown type %d>", e->type);
-		fn(data, buf);
-		break;
-	  }
-	}
-	if (expr_compare_type(prevtoken, e->type) > 0)
-		fn(data, ")");
-}
-
-static void expr_print_file_helper(void *data, const char *str)
-{
-	fwrite(str, strlen(str), 1, data);
-}
-
-void expr_fprint(struct expr *e, FILE *out)
-{
-	expr_print(e, expr_print_file_helper, out, E_NONE);
-}
-
-static void expr_print_gstr_helper(void *data, const char *str)
-{
-	str_append((struct gstr*)data, str);
-}
-
-void expr_gstr_print(struct expr *e, struct gstr *gs)
-{
-	expr_print(e, expr_print_gstr_helper, gs, E_NONE);
-}
diff --git a/config/scripts/config/expr.h b/config/scripts/config/expr.h
deleted file mode 100644
index 7d39ff43e6..0000000000
--- a/config/scripts/config/expr.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#ifndef EXPR_H
-#define EXPR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-#ifndef __cplusplus
-#include <stdbool.h>
-#endif
-
-struct file {
-	struct file *next;
-	struct file *parent;
-	char *name;
-	int lineno;
-	int flags;
-};
-
-#define FILE_BUSY		0x0001
-#define FILE_SCANNED		0x0002
-#define FILE_PRINTED		0x0004
-
-typedef enum tristate {
-	no, mod, yes
-} tristate;
-
-enum expr_type {
-	E_NONE, E_OR, E_AND, E_NOT, E_EQUAL, E_UNEQUAL, E_CHOICE, E_SYMBOL, E_RANGE
-};
-
-union expr_data {
-	struct expr *expr;
-	struct symbol *sym;
-};
-
-struct expr {
-	enum expr_type type;
-	union expr_data left, right;
-};
-
-#define E_OR(dep1, dep2)	(((dep1)>(dep2))?(dep1):(dep2))
-#define E_AND(dep1, dep2)	(((dep1)<(dep2))?(dep1):(dep2))
-#define E_NOT(dep)		(2-(dep))
-
-struct expr_value {
-	struct expr *expr;
-	tristate tri;
-};
-
-struct symbol_value {
-	void *val;
-	tristate tri;
-};
-
-enum symbol_type {
-	S_UNKNOWN, S_BOOLEAN, S_TRISTATE, S_INT, S_HEX, S_STRING, S_OTHER
-};
-
-struct symbol {
-	struct symbol *next;
-	char *name;
-	char *help;
-	enum symbol_type type;
-	struct symbol_value curr, user;
-	tristate visible;
-	int flags;
-	struct property *prop;
-	struct expr *dep, *dep2;
-	struct expr_value rev_dep;
-};
-
-#define for_all_symbols(i, sym) for (i = 0; i < 257; i++) for (sym = symbol_hash[i]; sym; sym = sym->next) if (sym->type != S_OTHER)
-
-#define SYMBOL_YES		0x0001
-#define SYMBOL_MOD		0x0002
-#define SYMBOL_NO		0x0004
-#define SYMBOL_CONST		0x0007
-#define SYMBOL_CHECK		0x0008
-#define SYMBOL_CHOICE		0x0010
-#define SYMBOL_CHOICEVAL	0x0020
-#define SYMBOL_PRINTED		0x0040
-#define SYMBOL_VALID		0x0080
-#define SYMBOL_OPTIONAL		0x0100
-#define SYMBOL_WRITE		0x0200
-#define SYMBOL_CHANGED		0x0400
-#define SYMBOL_NEW		0x0800
-#define SYMBOL_AUTO		0x1000
-#define SYMBOL_CHECKED		0x2000
-#define SYMBOL_CHECK_DONE	0x4000
-#define SYMBOL_WARNED		0x8000
-
-#define SYMBOL_MAXLENGTH	256
-#define SYMBOL_HASHSIZE		257
-#define SYMBOL_HASHMASK		0xff
-
-enum prop_type {
-	P_UNKNOWN, P_PROMPT, P_COMMENT, P_MENU, P_DEFAULT, P_CHOICE, P_SELECT, P_RANGE
-};
-
-struct property {
-	struct property *next;
-	struct symbol *sym;
-	enum prop_type type;
-	const char *text;
-	struct expr_value visible;
-	struct expr *expr;
-	struct menu *menu;
-	struct file *file;
-	int lineno;
-};
-
-#define for_all_properties(sym, st, tok) \
-	for (st = sym->prop; st; st = st->next) \
-		if (st->type == (tok))
-#define for_all_defaults(sym, st) for_all_properties(sym, st, P_DEFAULT)
-#define for_all_choices(sym, st) for_all_properties(sym, st, P_CHOICE)
-#define for_all_prompts(sym, st) \
-	for (st = sym->prop; st; st = st->next) \
-		if (st->text)
-
-struct menu {
-	struct menu *next;
-	struct menu *parent;
-	struct menu *list;
-	struct symbol *sym;
-	struct property *prompt;
-	struct expr *dep;
-	unsigned int flags;
-	//char *help;
-	struct file *file;
-	int lineno;
-	void *data;
-};
-
-#define MENU_CHANGED		0x0001
-#define MENU_ROOT		0x0002
-
-#ifndef SWIG
-
-extern struct file *file_list;
-extern struct file *current_file;
-struct file *lookup_file(const char *name);
-
-extern struct symbol symbol_yes, symbol_no, symbol_mod;
-extern struct symbol *modules_sym;
-extern int cdebug;
-struct expr *expr_alloc_symbol(struct symbol *sym);
-struct expr *expr_alloc_one(enum expr_type type, struct expr *ce);
-struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2);
-struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2);
-struct expr *expr_alloc_and(struct expr *e1, struct expr *e2);
-struct expr *expr_alloc_or(struct expr *e1, struct expr *e2);
-struct expr *expr_copy(struct expr *org);
-void expr_free(struct expr *e);
-int expr_eq(struct expr *e1, struct expr *e2);
-void expr_eliminate_eq(struct expr **ep1, struct expr **ep2);
-tristate expr_calc_value(struct expr *e);
-struct expr *expr_eliminate_yn(struct expr *e);
-struct expr *expr_trans_bool(struct expr *e);
-struct expr *expr_eliminate_dups(struct expr *e);
-struct expr *expr_transform(struct expr *e);
-int expr_contains_symbol(struct expr *dep, struct symbol *sym);
-bool expr_depends_symbol(struct expr *dep, struct symbol *sym);
-struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2);
-struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2);
-void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2);
-struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym);
-
-void expr_fprint(struct expr *e, FILE *out);
-struct gstr; /* forward */
-void expr_gstr_print(struct expr *e, struct gstr *gs);
-
-static inline int expr_is_yes(struct expr *e)
-{
-	return !e || (e->type == E_SYMBOL && e->left.sym == &symbol_yes);
-}
-
-static inline int expr_is_no(struct expr *e)
-{
-	return e && (e->type == E_SYMBOL && e->left.sym == &symbol_no);
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* EXPR_H */
diff --git a/config/scripts/config/lex.zconf.c_shipped b/config/scripts/config/lex.zconf.c_shipped
deleted file mode 100644
index b877bb6b3c..0000000000
--- a/config/scripts/config/lex.zconf.c_shipped
+++ /dev/null
@@ -1,3688 +0,0 @@
-
-#line 3 "lex.zconf.c"
-
-#define  YY_INT_ALIGNED short int
-
-/* A lexical scanner generated by flex */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-#define YY_FLEX_SUBMINOR_VERSION 31
-#if YY_FLEX_SUBMINOR_VERSION > 0
-#define FLEX_BETA
-#endif
-
-/* First, we deal with  platform-specific or compiler-specific issues. */
-
-/* begin standard C headers. */
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-
-/* end standard C headers. */
-
-/* flex integer type definitions */
-
-#ifndef FLEXINT_H
-#define FLEXINT_H
-
-/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
-
-#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
-#include <inttypes.h>
-typedef int8_t flex_int8_t;
-typedef uint8_t flex_uint8_t;
-typedef int16_t flex_int16_t;
-typedef uint16_t flex_uint16_t;
-typedef int32_t flex_int32_t;
-typedef uint32_t flex_uint32_t;
-#else
-typedef signed char flex_int8_t;
-typedef short int flex_int16_t;
-typedef int flex_int32_t;
-typedef unsigned char flex_uint8_t;
-typedef unsigned short int flex_uint16_t;
-typedef unsigned int flex_uint32_t;
-#endif /* ! C99 */
-
-/* Limits of integral types. */
-#ifndef INT8_MIN
-#define INT8_MIN               (-128)
-#endif
-#ifndef INT16_MIN
-#define INT16_MIN              (-32767-1)
-#endif
-#ifndef INT32_MIN
-#define INT32_MIN              (-2147483647-1)
-#endif
-#ifndef INT8_MAX
-#define INT8_MAX               (127)
-#endif
-#ifndef INT16_MAX
-#define INT16_MAX              (32767)
-#endif
-#ifndef INT32_MAX
-#define INT32_MAX              (2147483647)
-#endif
-#ifndef UINT8_MAX
-#define UINT8_MAX              (255U)
-#endif
-#ifndef UINT16_MAX
-#define UINT16_MAX             (65535U)
-#endif
-#ifndef UINT32_MAX
-#define UINT32_MAX             (4294967295U)
-#endif
-
-#endif /* ! FLEXINT_H */
-
-#ifdef __cplusplus
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else	/* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_CONST
-
-#endif	/* __STDC__ */
-#endif	/* ! __cplusplus */
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index.  If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition.  This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN (yy_start) = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state.  The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START (((yy_start) - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE zconfrestart(zconfin  )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#ifndef YY_BUF_SIZE
-#define YY_BUF_SIZE 16384
-#endif
-
-#ifndef YY_TYPEDEF_YY_BUFFER_STATE
-#define YY_TYPEDEF_YY_BUFFER_STATE
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-#endif
-
-extern int zconfleng;
-
-extern FILE *zconfin, *zconfout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-    #define YY_LESS_LINENO(n)
-
-/* Return all but the first "n" matched characters back to the input stream. */
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up zconftext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		*yy_cp = (yy_hold_char); \
-		YY_RESTORE_YY_MORE_OFFSET \
-		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
-		YY_DO_BEFORE_ACTION; /* set up zconftext again */ \
-		} \
-	while ( 0 )
-
-#define unput(c) yyunput( c, (yytext_ptr)  )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-
-#ifndef YY_TYPEDEF_YY_SIZE_T
-#define YY_TYPEDEF_YY_SIZE_T
-typedef unsigned int yy_size_t;
-#endif
-
-#ifndef YY_STRUCT_YY_BUFFER_STATE
-#define YY_STRUCT_YY_BUFFER_STATE
-struct yy_buffer_state
-	{
-	FILE *yy_input_file;
-
-	char *yy_ch_buf;		/* input buffer */
-	char *yy_buf_pos;		/* current position in input buffer */
-
-	/* Size of input buffer in bytes, not including room for EOB
-	 * characters.
-	 */
-	yy_size_t yy_buf_size;
-
-	/* Number of characters read into yy_ch_buf, not including EOB
-	 * characters.
-	 */
-	int yy_n_chars;
-
-	/* Whether we "own" the buffer - i.e., we know we created it,
-	 * and can realloc() it to grow it, and should free() it to
-	 * delete it.
-	 */
-	int yy_is_our_buffer;
-
-	/* Whether this is an "interactive" input source; if so, and
-	 * if we're using stdio for input, then we want to use getc()
-	 * instead of fread(), to make sure we stop fetching input after
-	 * each newline.
-	 */
-	int yy_is_interactive;
-
-	/* Whether we're considered to be at the beginning of a line.
-	 * If so, '^' rules will be active on the next match, otherwise
-	 * not.
-	 */
-	int yy_at_bol;
-
-    int yy_bs_lineno; /**< The line count. */
-    int yy_bs_column; /**< The column count. */
-
-	/* Whether to try to fill the input buffer when we reach the
-	 * end of it.
-	 */
-	int yy_fill_buffer;
-
-	int yy_buffer_status;
-
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
-	/* When an EOF's been seen but there's still some text to process
-	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
-	 * shouldn't try reading from the input source any more.  We might
-	 * still have a bunch of tokens to match, though, because of
-	 * possible backing-up.
-	 *
-	 * When we actually see the EOF, we change the status to "new"
-	 * (via zconfrestart()), so that the user can continue scanning by
-	 * just pointing zconfin at a new input file.
-	 */
-#define YY_BUFFER_EOF_PENDING 2
-
-	};
-#endif /* !YY_STRUCT_YY_BUFFER_STATE */
-
-/* Stack of input buffers. */
-static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
-static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- *
- * Returns the top of the stack, or NULL.
- */
-#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
-                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
-                          : NULL)
-
-/* Same as previous macro, but useful when we know that the buffer stack is not
- * NULL or when we need an lvalue. For internal use only.
- */
-#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
-
-/* yy_hold_char holds the character lost when zconftext is formed. */
-static char yy_hold_char;
-static int yy_n_chars;		/* number of characters read into yy_ch_buf */
-int zconfleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1;		/* whether we need to initialize */
-static int yy_start = 0;	/* start state number */
-
-/* Flag which is used to allow zconfwrap()'s to do buffer switches
- * instead of setting up a fresh zconfin.  A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void zconfrestart (FILE *input_file  );
-void zconf_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
-YY_BUFFER_STATE zconf_create_buffer (FILE *file,int size  );
-void zconf_delete_buffer (YY_BUFFER_STATE b  );
-void zconf_flush_buffer (YY_BUFFER_STATE b  );
-void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer  );
-void zconfpop_buffer_state (void );
-
-static void zconfensure_buffer_stack (void );
-static void zconf_load_buffer_state (void );
-static void zconf_init_buffer (YY_BUFFER_STATE b,FILE *file  );
-
-#define YY_FLUSH_BUFFER zconf_flush_buffer(YY_CURRENT_BUFFER )
-
-YY_BUFFER_STATE zconf_scan_buffer (char *base,yy_size_t size  );
-YY_BUFFER_STATE zconf_scan_string (yyconst char *yy_str  );
-YY_BUFFER_STATE zconf_scan_bytes (yyconst char *bytes,int len  );
-
-void *zconfalloc (yy_size_t  );
-void *zconfrealloc (void *,yy_size_t  );
-void zconffree (void *  );
-
-#define yy_new_buffer zconf_create_buffer
-
-#define yy_set_interactive(is_interactive) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){ \
-        zconfensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
-	}
-
-#define yy_set_bol(at_bol) \
-	{ \
-	if ( ! YY_CURRENT_BUFFER ){\
-        zconfensure_buffer_stack (); \
-		YY_CURRENT_BUFFER_LVALUE =    \
-            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
-	} \
-	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
-	}
-
-#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
-
-/* Begin user sect3 */
-
-#define zconfwrap(n) 1
-#define YY_SKIP_YYWRAP
-
-typedef unsigned char YY_CHAR;
-
-FILE *zconfin = (FILE *) 0, *zconfout = (FILE *) 0;
-
-typedef int yy_state_type;
-
-extern int zconflineno;
-
-int zconflineno = 1;
-
-extern char *zconftext;
-#define yytext_ptr zconftext
-static yyconst flex_int16_t yy_nxt[][38] =
-    {
-    {
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-        0,    0,    0,    0,    0,    0,    0,    0
-    },
-
-    {
-       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12
-    },
-
-    {
-       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-
-       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
-       12,   12,   12,   12,   12,   12,   12,   12
-    },
-
-    {
-       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
-       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
-       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
-       27,   18,   28,   29,   30,   18,   18,   16
-    },
-
-    {
-       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
-       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
-       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
-       27,   18,   28,   29,   30,   18,   18,   16
-
-    },
-
-    {
-       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31
-    },
-
-    {
-       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
-       31,   31,   31,   31,   31,   31,   31,   31
-    },
-
-    {
-       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
-       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
-
-       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34
-    },
-
-    {
-       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
-       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
-       34,   34,   34,   34,   34,   34,   34,   34
-    },
-
-    {
-       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
-       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
-       47,   47,   47,   47,   47,   47,   47,   52
-
-    },
-
-    {
-       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
-       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
-       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
-       47,   47,   47,   47,   47,   47,   47,   52
-    },
-
-    {
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
-      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11
-    },
-
-    {
-       11,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
-      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12
-    },
-
-    {
-       11,  -13,   53,   54,  -13,  -13,   55,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
-      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13
-    },
-
-    {
-       11,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
-      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14
-
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
-      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16
-    },
-
-    {
-       11,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
-      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17
-    },
-
-    {
-       11,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,
-      -18,  -18,  -18,   58,  -18,  -18,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -18
-    },
-
-    {
-       11,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,
-      -19,  -19,  -19,   58,  -19,  -19,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   59,
-       58,   58,   58,   58,   58,   58,   58,  -19
-
-    },
-
-    {
-       11,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,
-      -20,  -20,  -20,   58,  -20,  -20,   58,   58,   58,   58,
-       58,   58,   58,   58,   60,   58,   58,   58,   58,   61,
-       58,   58,   58,   58,   58,   58,   58,  -20
-    },
-
-    {
-       11,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,
-      -21,  -21,  -21,   58,  -21,  -21,   58,   58,   58,   58,
-       58,   62,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -21
-    },
-
-    {
-       11,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,
-      -22,  -22,  -22,   58,  -22,  -22,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   63,   58,
-       58,   58,   58,   58,   58,   58,   58,  -22
-    },
-
-    {
-       11,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,
-      -23,  -23,  -23,   58,  -23,  -23,   58,   58,   58,   58,
-       58,   64,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -23
-    },
-
-    {
-       11,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,
-      -24,  -24,  -24,   58,  -24,  -24,   58,   58,   58,   58,
-       58,   58,   65,   58,   58,   58,   58,   58,   66,   58,
-       58,   58,   58,   58,   58,   58,   58,  -24
-
-    },
-
-    {
-       11,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,
-      -25,  -25,  -25,   58,  -25,  -25,   58,   67,   58,   58,
-       58,   68,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -25
-    },
-
-    {
-       11,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,
-      -26,  -26,  -26,   58,  -26,  -26,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       69,   58,   58,   58,   58,   58,   58,  -26
-    },
-
-    {
-       11,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,
-      -27,  -27,  -27,   58,  -27,  -27,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   70,   58,   58,   58,   58,  -27
-    },
-
-    {
-       11,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,
-      -28,  -28,  -28,   58,  -28,  -28,   58,   71,   58,   58,
-       58,   72,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -28
-    },
-
-    {
-       11,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,
-      -29,  -29,  -29,   58,  -29,  -29,   58,   58,   58,   58,
-       58,   73,   58,   58,   58,   58,   58,   58,   58,   74,
-       58,   58,   58,   58,   75,   58,   58,  -29
-
-    },
-
-    {
-       11,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,
-      -30,  -30,  -30,   58,  -30,  -30,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   76,   58,   58,   58,   58,  -30
-    },
-
-    {
-       11,   77,   77,  -31,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77
-    },
-
-    {
-       11,  -32,   78,   79,  -32,  -32,  -32,  -32,  -32,  -32,
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
-
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
-      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32
-    },
-
-    {
-       11,   80,  -33,  -33,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80
-    },
-
-    {
-       11,   81,   81,   82,   81,  -34,   81,   81,  -34,   81,
-       81,   81,   81,   81,   81,  -34,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81
-
-    },
-
-    {
-       11,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
-      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35
-    },
-
-    {
-       11,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
-      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36
-    },
-
-    {
-       11,   83,   83,   84,   83,   83,   83,   83,   83,   83,
-       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
-
-       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
-       83,   83,   83,   83,   83,   83,   83,   83
-    },
-
-    {
-       11,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
-      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38
-    },
-
-    {
-       11,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
-      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39
-
-    },
-
-    {
-       11,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,   85,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
-      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40
-    },
-
-    {
-       11,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
-      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41
-    },
-
-    {
-       11,   86,   86,  -42,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86
-    },
-
-    {
-       11,  -43,  -43,  -43,  -43,  -43,  -43,   87,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
-      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43
-    },
-
-    {
-       11,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
-      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44
-
-    },
-
-    {
-       11,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
-      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45
-    },
-
-    {
-       11,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,
-      -46,   88,   89,   89,  -46,  -46,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -46
-    },
-
-    {
-       11,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,
-      -47,   89,   89,   89,  -47,  -47,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -47
-    },
-
-    {
-       11,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
-      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48
-    },
-
-    {
-       11,  -49,  -49,   90,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
-      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49
-
-    },
-
-    {
-       11,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,
-      -50,   89,   89,   89,  -50,  -50,   89,   89,   89,   89,
-       89,   89,   91,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -50
-    },
-
-    {
-       11,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,
-      -51,   89,   89,   89,  -51,  -51,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   92,   89,
-       89,   89,   89,   89,   89,   89,   89,  -51
-    },
-
-    {
-       11,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
-      -52,  -52,  -52,  -52,  -52,  -52,  -52,   93
-    },
-
-    {
-       11,  -53,   53,   54,  -53,  -53,   55,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
-      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53
-    },
-
-    {
-       11,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
-      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54
-
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
-       56,   56,   56,   56,   56,   56,   56,   56
-    },
-
-    {
-       11,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
-      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57
-    },
-
-    {
-       11,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,
-      -58,  -58,  -58,   58,  -58,  -58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -58
-    },
-
-    {
-       11,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,
-      -59,  -59,  -59,   58,  -59,  -59,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   94,
-       58,   58,   58,   58,   58,   58,   58,  -59
-
-    },
-
-    {
-       11,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,
-      -60,  -60,  -60,   58,  -60,  -60,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   95,
-       58,   58,   58,   58,   58,   58,   58,  -60
-    },
-
-    {
-       11,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,
-      -61,  -61,  -61,   58,  -61,  -61,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   96,   97,   58,
-       58,   58,   58,   58,   58,   58,   58,  -61
-    },
-
-    {
-       11,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,
-      -62,  -62,  -62,   58,  -62,  -62,   58,   58,   58,   58,
-
-       58,   58,   98,   58,   58,   58,   58,   58,   58,   58,
-       99,   58,   58,   58,   58,   58,   58,  -62
-    },
-
-    {
-       11,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,
-      -63,  -63,  -63,   58,  -63,  -63,   58,  100,   58,   58,
-      101,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -63
-    },
-
-    {
-       11,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,
-      -64,  -64,  -64,   58,  -64,  -64,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  102,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  103,  -64
-
-    },
-
-    {
-       11,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,
-      -65,  -65,  -65,   58,  -65,  -65,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -65
-    },
-
-    {
-       11,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,
-      -66,  -66,  -66,   58,  -66,  -66,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  104,   58,   58,  -66
-    },
-
-    {
-       11,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,
-      -67,  -67,  -67,   58,  -67,  -67,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  105,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -67
-    },
-
-    {
-       11,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,
-      -68,  -68,  -68,   58,  -68,  -68,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  106,   58,
-       58,   58,   58,   58,   58,   58,   58,  -68
-    },
-
-    {
-       11,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,
-      -69,  -69,  -69,   58,  -69,  -69,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  107,   58,   58,  -69
-
-    },
-
-    {
-       11,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,
-      -70,  -70,  -70,   58,  -70,  -70,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  108,
-       58,   58,   58,   58,   58,   58,   58,  -70
-    },
-
-    {
-       11,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,
-      -71,  -71,  -71,   58,  -71,  -71,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  109,   58,
-       58,   58,   58,   58,   58,   58,   58,  -71
-    },
-
-    {
-       11,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,
-      -72,  -72,  -72,   58,  -72,  -72,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,  110,   58,   58,   58,   58,   58,  -72
-    },
-
-    {
-       11,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,
-      -73,  -73,  -73,   58,  -73,  -73,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  111,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -73
-    },
-
-    {
-       11,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,
-      -74,  -74,  -74,   58,  -74,  -74,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  112,   58,  -74
-
-    },
-
-    {
-       11,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,
-      -75,  -75,  -75,   58,  -75,  -75,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  113,   58,   58,   58,   58,  -75
-    },
-
-    {
-       11,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,
-      -76,  -76,  -76,   58,  -76,  -76,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  114,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -76
-    },
-
-    {
-       11,   77,   77,  -77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-
-       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
-       77,   77,   77,   77,   77,   77,   77,   77
-    },
-
-    {
-       11,  -78,   78,   79,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
-      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78
-    },
-
-    {
-       11,   80,  -79,  -79,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
-       80,   80,   80,   80,   80,   80,   80,   80
-
-    },
-
-    {
-       11,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
-      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80
-    },
-
-    {
-       11,   81,   81,   82,   81,  -81,   81,   81,  -81,   81,
-       81,   81,   81,   81,   81,  -81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
-       81,   81,   81,   81,   81,   81,   81,   81
-    },
-
-    {
-       11,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
-      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82
-    },
-
-    {
-       11,  -83,  -83,   84,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
-      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83
-    },
-
-    {
-       11,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
-      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84
-
-    },
-
-    {
-       11,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
-      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85
-    },
-
-    {
-       11,   86,   86,  -86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
-       86,   86,   86,   86,   86,   86,   86,   86
-    },
-
-    {
-       11,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
-      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87
-    },
-
-    {
-       11,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,
-      -88,  115,   89,   89,  -88,  -88,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -88
-    },
-
-    {
-       11,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,
-      -89,   89,   89,   89,  -89,  -89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -89
-
-    },
-
-    {
-       11,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
-      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90
-    },
-
-    {
-       11,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,
-      -91,   89,   89,   89,  -91,  -91,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -91
-    },
-
-    {
-       11,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,
-      -92,   89,   89,   89,  -92,  -92,   89,   89,   89,   89,
-
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,  -92
-    },
-
-    {
-       11,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
-      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93
-    },
-
-    {
-       11,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,
-      -94,  -94,  -94,   58,  -94,  -94,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  116,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -94
-
-    },
-
-    {
-       11,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,
-      -95,  -95,  -95,   58,  -95,  -95,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  117,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -95
-    },
-
-    {
-       11,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,
-      -96,  -96,  -96,   58,  -96,  -96,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  118,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -96
-    },
-
-    {
-       11,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,
-      -97,  -97,  -97,   58,  -97,  -97,   58,   58,   58,   58,
-
-       58,   58,  119,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -97
-    },
-
-    {
-       11,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,
-      -98,  -98,  -98,   58,  -98,  -98,  120,  121,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -98
-    },
-
-    {
-       11,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,
-      -99,  -99,  -99,   58,  -99,  -99,   58,   58,   58,   58,
-       58,  122,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  -99
-
-    },
-
-    {
-       11, -100, -100, -100, -100, -100, -100, -100, -100, -100,
-     -100, -100, -100,   58, -100, -100,   58,   58,  123,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -100
-    },
-
-    {
-       11, -101, -101, -101, -101, -101, -101, -101, -101, -101,
-     -101, -101, -101,   58, -101, -101,   58,   58,   58,  124,
-       58,   58,   58,   58,   58,  125,   58,  126,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -101
-    },
-
-    {
-       11, -102, -102, -102, -102, -102, -102, -102, -102, -102,
-     -102, -102, -102,   58, -102, -102,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-      127,   58,   58,   58,   58,   58,   58, -102
-    },
-
-    {
-       11, -103, -103, -103, -103, -103, -103, -103, -103, -103,
-     -103, -103, -103,   58, -103, -103,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -103
-    },
-
-    {
-       11, -104, -104, -104, -104, -104, -104, -104, -104, -104,
-     -104, -104, -104,   58, -104, -104,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -104
-
-    },
-
-    {
-       11, -105, -105, -105, -105, -105, -105, -105, -105, -105,
-     -105, -105, -105,   58, -105, -105,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  128,   58,
-       58,   58,   58,   58,   58,   58,   58, -105
-    },
-
-    {
-       11, -106, -106, -106, -106, -106, -106, -106, -106, -106,
-     -106, -106, -106,   58, -106, -106,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  129,   58, -106
-    },
-
-    {
-       11, -107, -107, -107, -107, -107, -107, -107, -107, -107,
-     -107, -107, -107,   58, -107, -107,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  130,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -107
-    },
-
-    {
-       11, -108, -108, -108, -108, -108, -108, -108, -108, -108,
-     -108, -108, -108,   58, -108, -108,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  131,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -108
-    },
-
-    {
-       11, -109, -109, -109, -109, -109, -109, -109, -109, -109,
-     -109, -109, -109,   58, -109, -109,   58,   58,   58,   58,
-       58,   58,   58,  132,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -109
-
-    },
-
-    {
-       11, -110, -110, -110, -110, -110, -110, -110, -110, -110,
-     -110, -110, -110,   58, -110, -110,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  133,   58, -110
-    },
-
-    {
-       11, -111, -111, -111, -111, -111, -111, -111, -111, -111,
-     -111, -111, -111,   58, -111, -111,   58,   58,   58,   58,
-       58,  134,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -111
-    },
-
-    {
-       11, -112, -112, -112, -112, -112, -112, -112, -112, -112,
-     -112, -112, -112,   58, -112, -112,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  135,   58,   58,   58,   58, -112
-    },
-
-    {
-       11, -113, -113, -113, -113, -113, -113, -113, -113, -113,
-     -113, -113, -113,   58, -113, -113,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  136,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -113
-    },
-
-    {
-       11, -114, -114, -114, -114, -114, -114, -114, -114, -114,
-     -114, -114, -114,   58, -114, -114,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  137,   58,   58,   58, -114
-
-    },
-
-    {
-       11, -115, -115, -115, -115, -115, -115, -115, -115, -115,
-     -115,   89,   89,   89, -115, -115,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
-       89,   89,   89,   89,   89,   89,   89, -115
-    },
-
-    {
-       11, -116, -116, -116, -116, -116, -116, -116, -116, -116,
-     -116, -116, -116,   58, -116, -116,   58,   58,   58,   58,
-       58,  138,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -116
-    },
-
-    {
-       11, -117, -117, -117, -117, -117, -117, -117, -117, -117,
-     -117, -117, -117,   58, -117, -117,   58,   58,   58,  139,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -117
-    },
-
-    {
-       11, -118, -118, -118, -118, -118, -118, -118, -118, -118,
-     -118, -118, -118,   58, -118, -118,   58,   58,   58,   58,
-       58,  140,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -118
-    },
-
-    {
-       11, -119, -119, -119, -119, -119, -119, -119, -119, -119,
-     -119, -119, -119,   58, -119, -119,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  141,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -119
-
-    },
-
-    {
-       11, -120, -120, -120, -120, -120, -120, -120, -120, -120,
-     -120, -120, -120,   58, -120, -120,   58,   58,  142,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  143,   58,   58, -120
-    },
-
-    {
-       11, -121, -121, -121, -121, -121, -121, -121, -121, -121,
-     -121, -121, -121,   58, -121, -121,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  144,   58, -121
-    },
-
-    {
-       11, -122, -122, -122, -122, -122, -122, -122, -122, -122,
-     -122, -122, -122,   58, -122, -122,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  145,   58,
-       58,   58,   58,   58,   58,   58,   58, -122
-    },
-
-    {
-       11, -123, -123, -123, -123, -123, -123, -123, -123, -123,
-     -123, -123, -123,   58, -123, -123,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  146,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -123
-    },
-
-    {
-       11, -124, -124, -124, -124, -124, -124, -124, -124, -124,
-     -124, -124, -124,   58, -124, -124,   58,   58,   58,   58,
-       58,   58,   58,   58,  147,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -124
-
-    },
-
-    {
-       11, -125, -125, -125, -125, -125, -125, -125, -125, -125,
-     -125, -125, -125,   58, -125, -125,   58,   58,   58,   58,
-       58,   58,  148,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -125
-    },
-
-    {
-       11, -126, -126, -126, -126, -126, -126, -126, -126, -126,
-     -126, -126, -126,   58, -126, -126,   58,   58,   58,   58,
-       58,  149,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -126
-    },
-
-    {
-       11, -127, -127, -127, -127, -127, -127, -127, -127, -127,
-     -127, -127, -127,   58, -127, -127,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -127
-    },
-
-    {
-       11, -128, -128, -128, -128, -128, -128, -128, -128, -128,
-     -128, -128, -128,   58, -128, -128,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,  150,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -128
-    },
-
-    {
-       11, -129, -129, -129, -129, -129, -129, -129, -129, -129,
-     -129, -129, -129,   58, -129, -129,   58,   58,   58,  151,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -129
-
-    },
-
-    {
-       11, -130, -130, -130, -130, -130, -130, -130, -130, -130,
-     -130, -130, -130,   58, -130, -130,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  152,
-       58,   58,   58,   58,   58,   58,   58, -130
-    },
-
-    {
-       11, -131, -131, -131, -131, -131, -131, -131, -131, -131,
-     -131, -131, -131,   58, -131, -131,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-      153,   58,   58,   58,   58,   58,   58, -131
-    },
-
-    {
-       11, -132, -132, -132, -132, -132, -132, -132, -132, -132,
-     -132, -132, -132,   58, -132, -132,   58,   58,   58,   58,
-
-       58,  154,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -132
-    },
-
-    {
-       11, -133, -133, -133, -133, -133, -133, -133, -133, -133,
-     -133, -133, -133,   58, -133, -133,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  155,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -133
-    },
-
-    {
-       11, -134, -134, -134, -134, -134, -134, -134, -134, -134,
-     -134, -134, -134,   58, -134, -134,   58,   58,   58,  156,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -134
-
-    },
-
-    {
-       11, -135, -135, -135, -135, -135, -135, -135, -135, -135,
-     -135, -135, -135,   58, -135, -135,   58,   58,   58,  157,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -135
-    },
-
-    {
-       11, -136, -136, -136, -136, -136, -136, -136, -136, -136,
-     -136, -136, -136,   58, -136, -136,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  158,   58,
-       58,   58,   58,   58,   58,   58,   58, -136
-    },
-
-    {
-       11, -137, -137, -137, -137, -137, -137, -137, -137, -137,
-     -137, -137, -137,   58, -137, -137,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  159,   58,   58, -137
-    },
-
-    {
-       11, -138, -138, -138, -138, -138, -138, -138, -138, -138,
-     -138, -138, -138,   58, -138, -138,   58,  160,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -138
-    },
-
-    {
-       11, -139, -139, -139, -139, -139, -139, -139, -139, -139,
-     -139, -139, -139,   58, -139, -139,   58,   58,   58,   58,
-       58,  161,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -139
-
-    },
-
-    {
-       11, -140, -140, -140, -140, -140, -140, -140, -140, -140,
-     -140, -140, -140,   58, -140, -140,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  162,   58,
-       58,   58,   58,   58,   58,   58,   58, -140
-    },
-
-    {
-       11, -141, -141, -141, -141, -141, -141, -141, -141, -141,
-     -141, -141, -141,   58, -141, -141,   58,   58,   58,   58,
-       58,   58,   58,  163,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -141
-    },
-
-    {
-       11, -142, -142, -142, -142, -142, -142, -142, -142, -142,
-     -142, -142, -142,   58, -142, -142,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  164,
-       58,   58,   58,   58,   58,   58,   58, -142
-    },
-
-    {
-       11, -143, -143, -143, -143, -143, -143, -143, -143, -143,
-     -143, -143, -143,   58, -143, -143,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  165,   58,   58,   58,   58, -143
-    },
-
-    {
-       11, -144, -144, -144, -144, -144, -144, -144, -144, -144,
-     -144, -144, -144,   58, -144, -144,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  166,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -144
-
-    },
-
-    {
-       11, -145, -145, -145, -145, -145, -145, -145, -145, -145,
-     -145, -145, -145,   58, -145, -145,   58,   58,   58,   58,
-      167,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -145
-    },
-
-    {
-       11, -146, -146, -146, -146, -146, -146, -146, -146, -146,
-     -146, -146, -146,   58, -146, -146,   58,   58,   58,   58,
-       58,  168,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -146
-    },
-
-    {
-       11, -147, -147, -147, -147, -147, -147, -147, -147, -147,
-     -147, -147, -147,   58, -147, -147,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  169,
-       58,   58,   58,   58,   58,   58,   58, -147
-    },
-
-    {
-       11, -148, -148, -148, -148, -148, -148, -148, -148, -148,
-     -148, -148, -148,   58, -148, -148,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -148
-    },
-
-    {
-       11, -149, -149, -149, -149, -149, -149, -149, -149, -149,
-     -149, -149, -149,   58, -149, -149,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  170,   58,
-       58,   58,   58,   58,   58,   58,   58, -149
-
-    },
-
-    {
-       11, -150, -150, -150, -150, -150, -150, -150, -150, -150,
-     -150, -150, -150,   58, -150, -150,   58,   58,   58,   58,
-       58,  171,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -150
-    },
-
-    {
-       11, -151, -151, -151, -151, -151, -151, -151, -151, -151,
-     -151, -151, -151,   58, -151, -151,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  172,
-       58,   58,   58,   58,   58,   58,   58, -151
-    },
-
-    {
-       11, -152, -152, -152, -152, -152, -152, -152, -152, -152,
-     -152, -152, -152,   58, -152, -152,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  173,   58,
-       58,   58,   58,   58,   58,   58,   58, -152
-    },
-
-    {
-       11, -153, -153, -153, -153, -153, -153, -153, -153, -153,
-     -153, -153, -153,   58, -153, -153,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  174,   58,   58, -153
-    },
-
-    {
-       11, -154, -154, -154, -154, -154, -154, -154, -154, -154,
-     -154, -154, -154,   58, -154, -154,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -154
-
-    },
-
-    {
-       11, -155, -155, -155, -155, -155, -155, -155, -155, -155,
-     -155, -155, -155,   58, -155, -155,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,  175,   58,   58,   58,   58, -155
-    },
-
-    {
-       11, -156, -156, -156, -156, -156, -156, -156, -156, -156,
-     -156, -156, -156,   58, -156, -156,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  176,   58,   58, -156
-    },
-
-    {
-       11, -157, -157, -157, -157, -157, -157, -157, -157, -157,
-     -157, -157, -157,   58, -157, -157,   58,   58,   58,   58,
-
-       58,  177,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -157
-    },
-
-    {
-       11, -158, -158, -158, -158, -158, -158, -158, -158, -158,
-     -158, -158, -158,   58, -158, -158,   58,   58,   58,   58,
-       58,   58,   58,  178,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -158
-    },
-
-    {
-       11, -159, -159, -159, -159, -159, -159, -159, -159, -159,
-     -159, -159, -159,   58, -159, -159,   58,  179,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -159
-
-    },
-
-    {
-       11, -160, -160, -160, -160, -160, -160, -160, -160, -160,
-     -160, -160, -160,   58, -160, -160,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  180,   58,
-       58,   58,   58,   58,   58,   58,   58, -160
-    },
-
-    {
-       11, -161, -161, -161, -161, -161, -161, -161, -161, -161,
-     -161, -161, -161,   58, -161, -161,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -161
-    },
-
-    {
-       11, -162, -162, -162, -162, -162, -162, -162, -162, -162,
-     -162, -162, -162,   58, -162, -162,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  181,   58,   58, -162
-    },
-
-    {
-       11, -163, -163, -163, -163, -163, -163, -163, -163, -163,
-     -163, -163, -163,   58, -163, -163,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -163
-    },
-
-    {
-       11, -164, -164, -164, -164, -164, -164, -164, -164, -164,
-     -164, -164, -164,   58, -164, -164,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,  182,
-       58,   58,   58,   58,   58,   58,   58, -164
-
-    },
-
-    {
-       11, -165, -165, -165, -165, -165, -165, -165, -165, -165,
-     -165, -165, -165,   58, -165, -165,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  183,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -165
-    },
-
-    {
-       11, -166, -166, -166, -166, -166, -166, -166, -166, -166,
-     -166, -166, -166,   58, -166, -166,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  184,   58,   58, -166
-    },
-
-    {
-       11, -167, -167, -167, -167, -167, -167, -167, -167, -167,
-     -167, -167, -167,   58, -167, -167,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  185,   58,   58,   58, -167
-    },
-
-    {
-       11, -168, -168, -168, -168, -168, -168, -168, -168, -168,
-     -168, -168, -168,   58, -168, -168,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -168
-    },
-
-    {
-       11, -169, -169, -169, -169, -169, -169, -169, -169, -169,
-     -169, -169, -169,   58, -169, -169,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  186,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -169
-
-    },
-
-    {
-       11, -170, -170, -170, -170, -170, -170, -170, -170, -170,
-     -170, -170, -170,   58, -170, -170,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  187,   58, -170
-    },
-
-    {
-       11, -171, -171, -171, -171, -171, -171, -171, -171, -171,
-     -171, -171, -171,   58, -171, -171,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  188,   58,
-       58,   58,   58,   58,   58,   58,   58, -171
-    },
-
-    {
-       11, -172, -172, -172, -172, -172, -172, -172, -172, -172,
-     -172, -172, -172,   58, -172, -172,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,  189,   58,
-       58,   58,   58,   58,   58,   58,   58, -172
-    },
-
-    {
-       11, -173, -173, -173, -173, -173, -173, -173, -173, -173,
-     -173, -173, -173,   58, -173, -173,   58,  190,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -173
-    },
-
-    {
-       11, -174, -174, -174, -174, -174, -174, -174, -174, -174,
-     -174, -174, -174,   58, -174, -174,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -174
-
-    },
-
-    {
-       11, -175, -175, -175, -175, -175, -175, -175, -175, -175,
-     -175, -175, -175,   58, -175, -175,   58,   58,   58,   58,
-       58,  191,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -175
-    },
-
-    {
-       11, -176, -176, -176, -176, -176, -176, -176, -176, -176,
-     -176, -176, -176,   58, -176, -176,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -176
-    },
-
-    {
-       11, -177, -177, -177, -177, -177, -177, -177, -177, -177,
-     -177, -177, -177,   58, -177, -177,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -177
-    },
-
-    {
-       11, -178, -178, -178, -178, -178, -178, -178, -178, -178,
-     -178, -178, -178,   58, -178, -178,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -178
-    },
-
-    {
-       11, -179, -179, -179, -179, -179, -179, -179, -179, -179,
-     -179, -179, -179,   58, -179, -179,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  192,   58,   58, -179
-
-    },
-
-    {
-       11, -180, -180, -180, -180, -180, -180, -180, -180, -180,
-     -180, -180, -180,   58, -180, -180,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -180
-    },
-
-    {
-       11, -181, -181, -181, -181, -181, -181, -181, -181, -181,
-     -181, -181, -181,   58, -181, -181,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -181
-    },
-
-    {
-       11, -182, -182, -182, -182, -182, -182, -182, -182, -182,
-     -182, -182, -182,   58, -182, -182,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,  193,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -182
-    },
-
-    {
-       11, -183, -183, -183, -183, -183, -183, -183, -183, -183,
-     -183, -183, -183,   58, -183, -183,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  194,   58,   58,   58, -183
-    },
-
-    {
-       11, -184, -184, -184, -184, -184, -184, -184, -184, -184,
-     -184, -184, -184,   58, -184, -184,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -184
-
-    },
-
-    {
-       11, -185, -185, -185, -185, -185, -185, -185, -185, -185,
-     -185, -185, -185,   58, -185, -185,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -185
-    },
-
-    {
-       11, -186, -186, -186, -186, -186, -186, -186, -186, -186,
-     -186, -186, -186,   58, -186, -186,   58,   58,   58,  195,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -186
-    },
-
-    {
-       11, -187, -187, -187, -187, -187, -187, -187, -187, -187,
-     -187, -187, -187,   58, -187, -187,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -187
-    },
-
-    {
-       11, -188, -188, -188, -188, -188, -188, -188, -188, -188,
-     -188, -188, -188,   58, -188, -188,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,  196,   58, -188
-    },
-
-    {
-       11, -189, -189, -189, -189, -189, -189, -189, -189, -189,
-     -189, -189, -189,   58, -189, -189,   58,   58,   58,   58,
-       58,   58,  197,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -189
-
-    },
-
-    {
-       11, -190, -190, -190, -190, -190, -190, -190, -190, -190,
-     -190, -190, -190,   58, -190, -190,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,  198,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -190
-    },
-
-    {
-       11, -191, -191, -191, -191, -191, -191, -191, -191, -191,
-     -191, -191, -191,   58, -191, -191,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,  199,   58,   58,   58, -191
-    },
-
-    {
-       11, -192, -192, -192, -192, -192, -192, -192, -192, -192,
-     -192, -192, -192,   58, -192, -192,   58,   58,   58,   58,
-
-       58,  200,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -192
-    },
-
-    {
-       11, -193, -193, -193, -193, -193, -193, -193, -193, -193,
-     -193, -193, -193,   58, -193, -193,   58,   58,   58,   58,
-       58,  201,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -193
-    },
-
-    {
-       11, -194, -194, -194, -194, -194, -194, -194, -194, -194,
-     -194, -194, -194,   58, -194, -194,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  202,   58,   58, -194
-
-    },
-
-    {
-       11, -195, -195, -195, -195, -195, -195, -195, -195, -195,
-     -195, -195, -195,   58, -195, -195,   58,   58,   58,   58,
-       58,  203,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -195
-    },
-
-    {
-       11, -196, -196, -196, -196, -196, -196, -196, -196, -196,
-     -196, -196, -196,   58, -196, -196,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -196
-    },
-
-    {
-       11, -197, -197, -197, -197, -197, -197, -197, -197, -197,
-     -197, -197, -197,   58, -197, -197,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,  204,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -197
-    },
-
-    {
-       11, -198, -198, -198, -198, -198, -198, -198, -198, -198,
-     -198, -198, -198,   58, -198, -198,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -198
-    },
-
-    {
-       11, -199, -199, -199, -199, -199, -199, -199, -199, -199,
-     -199, -199, -199,   58, -199, -199,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -199
-
-    },
-
-    {
-       11, -200, -200, -200, -200, -200, -200, -200, -200, -200,
-     -200, -200, -200,   58, -200, -200,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -200
-    },
-
-    {
-       11, -201, -201, -201, -201, -201, -201, -201, -201, -201,
-     -201, -201, -201,   58, -201, -201,   58,  205,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -201
-    },
-
-    {
-       11, -202, -202, -202, -202, -202, -202, -202, -202, -202,
-     -202, -202, -202,   58, -202, -202,   58,  206,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -202
-    },
-
-    {
-       11, -203, -203, -203, -203, -203, -203, -203, -203, -203,
-     -203, -203, -203,   58, -203, -203,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -203
-    },
-
-    {
-       11, -204, -204, -204, -204, -204, -204, -204, -204, -204,
-     -204, -204, -204,   58, -204, -204,   58,   58,   58,   58,
-       58,   58,   58,  207,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -204
-
-    },
-
-    {
-       11, -205, -205, -205, -205, -205, -205, -205, -205, -205,
-     -205, -205, -205,   58, -205, -205,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,  208,   58,
-       58,   58,   58,   58,   58,   58,   58, -205
-    },
-
-    {
-       11, -206, -206, -206, -206, -206, -206, -206, -206, -206,
-     -206, -206, -206,   58, -206, -206,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,  209,   58,   58, -206
-    },
-
-    {
-       11, -207, -207, -207, -207, -207, -207, -207, -207, -207,
-     -207, -207, -207,   58, -207, -207,   58,   58,   58,   58,
-
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -207
-    },
-
-    {
-       11, -208, -208, -208, -208, -208, -208, -208, -208, -208,
-     -208, -208, -208,   58, -208, -208,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -208
-    },
-
-    {
-       11, -209, -209, -209, -209, -209, -209, -209, -209, -209,
-     -209, -209, -209,   58, -209, -209,   58,   58,   58,   58,
-       58,  210,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -209
-
-    },
-
-    {
-       11, -210, -210, -210, -210, -210, -210, -210, -210, -210,
-     -210, -210, -210,   58, -210, -210,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
-       58,   58,   58,   58,   58,   58,   58, -210
-    },
-
-    } ;
-
-static yy_state_type yy_get_previous_state (void );
-static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
-static int yy_get_next_buffer (void );
-static void yy_fatal_error (yyconst char msg[]  );
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up zconftext.
- */
-#define YY_DO_BEFORE_ACTION \
-	(yytext_ptr) = yy_bp; \
-	zconfleng = (size_t) (yy_cp - yy_bp); \
-	(yy_hold_char) = *yy_cp; \
-	*yy_cp = '\0'; \
-	(yy_c_buf_p) = yy_cp;
-
-#define YY_NUM_RULES 64
-#define YY_END_OF_BUFFER 65
-/* This struct is not used in this scanner,
-   but its presence is necessary. */
-struct yy_trans_info
-	{
-	flex_int32_t yy_verify;
-	flex_int32_t yy_nxt;
-	};
-static yyconst flex_int16_t yy_accept[211] =
-    {   0,
-        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
-       65,    5,    4,    3,    2,   36,   37,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
-       63,   60,   62,   55,   59,   58,   57,   53,   48,   42,
-       47,   51,   53,   40,   41,   50,   50,   43,   53,   50,
-       50,   53,    4,    3,    2,    2,    1,   35,   35,   35,
-       35,   35,   35,   35,   16,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   63,   60,   62,   61,
-       55,   54,   57,   56,   44,   51,   38,   50,   50,   52,
-       45,   46,   39,   35,   35,   35,   35,   35,   35,   35,
-
-       35,   35,   30,   29,   35,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   49,   25,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   15,   35,    7,   35,
-       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
-       35,   35,   35,   35,   35,   35,   35,   17,   35,   35,
-       35,   35,   35,   34,   35,   35,   35,   35,   35,   35,
-       10,   35,   13,   35,   35,   35,   35,   33,   35,   35,
-       35,   35,   35,   22,   35,   32,    9,   31,   35,   26,
-       12,   35,   35,   21,   18,   35,    8,   35,   35,   35,
-       35,   35,   27,   35,   35,    6,   35,   20,   19,   23,
-
-       35,   35,   11,   35,   35,   35,   14,   28,   35,   24
-    } ;
-
-static yyconst flex_int32_t yy_ec[256] =
-    {   0,
-        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    2,    4,    5,    6,    1,    1,    7,    8,    9,
-       10,    1,    1,    1,   11,   12,   12,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,    1,    1,    1,
-       14,    1,    1,    1,   13,   13,   13,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
-       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
-        1,   15,    1,    1,   16,    1,   17,   18,   19,   20,
-
-       21,   22,   23,   24,   25,   13,   13,   26,   27,   28,
-       29,   30,   31,   32,   33,   34,   35,   13,   13,   36,
-       13,   13,    1,   37,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1
-    } ;
-
-extern int zconf_flex_debug;
-int zconf_flex_debug = 0;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *zconftext;
-
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-#define START_STRSIZE	16
-
-char *text;
-static char *text_ptr;
-static int text_size, text_asize;
-
-struct buffer {
-        struct buffer *parent;
-        YY_BUFFER_STATE state;
-};
-
-struct buffer *current_buf;
-
-static int last_ts, first_ts;
-
-static void zconf_endhelp(void);
-static struct buffer *zconf_endfile(void);
-
-void new_string(void)
-{
-	text = malloc(START_STRSIZE);
-	text_asize = START_STRSIZE;
-	text_ptr = text;
-	text_size = 0;
-	*text_ptr = 0;
-}
-
-void append_string(const char *str, int size)
-{
-	int new_size = text_size + size + 1;
-	if (new_size > text_asize) {
-		text = realloc(text, new_size);
-		text_asize = new_size;
-		text_ptr = text + text_size;
-	}
-	memcpy(text_ptr, str, size);
-	text_ptr += size;
-	text_size += size;
-	*text_ptr = 0;
-}
-
-void alloc_string(const char *str, int size)
-{
-	text = malloc(size + 1);
-	memcpy(text, str, size);
-	text[size] = 0;
-}
-
-#define INITIAL 0
-#define COMMAND 1
-#define HELP 2
-#define STRING 3
-#define PARAM 4
-
-/* Special case for "unistd.h", since it is non-ANSI. We include it way
- * down here because we want the user's section 1 to have been scanned first.
- * The user has a chance to override it with an option.
- */
-#include <unistd.h>
-
-#ifndef YY_EXTRA_TYPE
-#define YY_EXTRA_TYPE void *
-#endif
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int zconfwrap (void );
-#else
-extern int zconfwrap (void );
-#endif
-#endif
-
-    static void yyunput (int c,char *buf_ptr  );
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char *,yyconst char *,int );
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * );
-#endif
-
-#ifndef YY_NO_INPUT
-
-#ifdef __cplusplus
-static int yyinput (void );
-#else
-static int input (void );
-#endif
-
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( zconftext, zconfleng, 1, zconfout )
-#endif
-
-/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-	errno=0; \
-	while ( (result = read( fileno(zconfin), (char *) buf, max_size )) < 0 ) \
-	{ \
-		if( errno != EINTR) \
-		{ \
-			YY_FATAL_ERROR( "input in flex scanner failed" ); \
-			break; \
-		} \
-		errno=0; \
-		clearerr(zconfin); \
-	}\
-\
-
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* end tables serialization structures and prototypes */
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL_IS_OURS 1
-
-extern int zconflex (void);
-
-#define YY_DECL int zconflex (void)
-#endif /* !YY_DECL */
-
-/* Code executed at the beginning of each rule, after zconftext and zconfleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
-	YY_USER_ACTION
-
-/** The main scanner function which does all the work.
- */
-YY_DECL
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp, *yy_bp;
-	register int yy_act;
-
-	int str = 0;
-	int ts, i;
-
-	if ( (yy_init) )
-		{
-		(yy_init) = 0;
-
-#ifdef YY_USER_INIT
-		YY_USER_INIT;
-#endif
-
-		if ( ! (yy_start) )
-			(yy_start) = 1;	/* first start state */
-
-		if ( ! zconfin )
-			zconfin = stdin;
-
-		if ( ! zconfout )
-			zconfout = stdout;
-
-		if ( ! YY_CURRENT_BUFFER ) {
-			zconfensure_buffer_stack ();
-			YY_CURRENT_BUFFER_LVALUE =
-				zconf_create_buffer(zconfin,YY_BUF_SIZE );
-		}
-
-		zconf_load_buffer_state( );
-		}
-
-	while ( 1 )		/* loops until end-of-file is reached */
-		{
-		yy_cp = (yy_c_buf_p);
-
-		/* Support of zconftext. */
-		*yy_cp = (yy_hold_char);
-
-		/* yy_bp points to the position in yy_ch_buf of the start of
-		 * the current run.
-		 */
-		yy_bp = yy_cp;
-
-		yy_current_state = (yy_start);
-yy_match:
-		while ( (yy_current_state = yy_nxt[yy_current_state][ yy_ec[YY_SC_TO_UI(*yy_cp)]  ]) > 0 )
-			++yy_cp;
-
-		yy_current_state = -yy_current_state;
-
-yy_find_action:
-		yy_act = yy_accept[yy_current_state];
-
-		YY_DO_BEFORE_ACTION;
-
-do_action:	/* This label is used only to access EOF actions. */
-
-		switch ( yy_act )
-	{ /* beginning of action switch */
-case 1:
-/* rule 1 can match eol */
-YY_RULE_SETUP
-current_file->lineno++;
-	YY_BREAK
-case 2:
-YY_RULE_SETUP
-
-	YY_BREAK
-case 3:
-/* rule 3 can match eol */
-YY_RULE_SETUP
-current_file->lineno++; return T_EOL;
-	YY_BREAK
-case 4:
-YY_RULE_SETUP
-{
-	BEGIN(COMMAND);
-}
-	YY_BREAK
-case 5:
-YY_RULE_SETUP
-{
-	unput(zconftext[0]);
-	BEGIN(COMMAND);
-}
-	YY_BREAK
-
-case 6:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MAINMENU;
-	YY_BREAK
-case 7:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MENU;
-	YY_BREAK
-case 8:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDMENU;
-	YY_BREAK
-case 9:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SOURCE;
-	YY_BREAK
-case 10:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_CHOICE;
-	YY_BREAK
-case 11:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDCHOICE;
-	YY_BREAK
-case 12:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_COMMENT;
-	YY_BREAK
-case 13:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_CONFIG;
-	YY_BREAK
-case 14:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_MENUCONFIG;
-	YY_BREAK
-case 15:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_HELP;
-	YY_BREAK
-case 16:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_IF;
-	YY_BREAK
-case 17:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_ENDIF;
-	YY_BREAK
-case 18:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEPENDS;
-	YY_BREAK
-case 19:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_REQUIRES;
-	YY_BREAK
-case 20:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_OPTIONAL;
-	YY_BREAK
-case 21:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEFAULT;
-	YY_BREAK
-case 22:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_PROMPT;
-	YY_BREAK
-case 23:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_TRISTATE;
-	YY_BREAK
-case 24:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_TRISTATE;
-	YY_BREAK
-case 25:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_BOOLEAN;
-	YY_BREAK
-case 26:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_BOOLEAN;
-	YY_BREAK
-case 27:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_BOOLEAN;
-	YY_BREAK
-case 28:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_DEF_BOOLEAN;
-	YY_BREAK
-case 29:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_INT;
-	YY_BREAK
-case 30:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_HEX;
-	YY_BREAK
-case 31:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_STRING;
-	YY_BREAK
-case 32:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SELECT;
-	YY_BREAK
-case 33:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_SELECT;
-	YY_BREAK
-case 34:
-YY_RULE_SETUP
-BEGIN(PARAM); return T_RANGE;
-	YY_BREAK
-case 35:
-YY_RULE_SETUP
-{
-		alloc_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	YY_BREAK
-case 36:
-YY_RULE_SETUP
-
-	YY_BREAK
-case 37:
-/* rule 37 can match eol */
-YY_RULE_SETUP
-current_file->lineno++; BEGIN(INITIAL);
-	YY_BREAK
-
-case 38:
-YY_RULE_SETUP
-return T_AND;
-	YY_BREAK
-case 39:
-YY_RULE_SETUP
-return T_OR;
-	YY_BREAK
-case 40:
-YY_RULE_SETUP
-return T_OPEN_PAREN;
-	YY_BREAK
-case 41:
-YY_RULE_SETUP
-return T_CLOSE_PAREN;
-	YY_BREAK
-case 42:
-YY_RULE_SETUP
-return T_NOT;
-	YY_BREAK
-case 43:
-YY_RULE_SETUP
-return T_EQUAL;
-	YY_BREAK
-case 44:
-YY_RULE_SETUP
-return T_UNEQUAL;
-	YY_BREAK
-case 45:
-YY_RULE_SETUP
-return T_IF;
-	YY_BREAK
-case 46:
-YY_RULE_SETUP
-return T_ON;
-	YY_BREAK
-case 47:
-YY_RULE_SETUP
-{
-		str = zconftext[0];
-		new_string();
-		BEGIN(STRING);
-	}
-	YY_BREAK
-case 48:
-/* rule 48 can match eol */
-YY_RULE_SETUP
-BEGIN(INITIAL); current_file->lineno++; return T_EOL;
-	YY_BREAK
-case 49:
-YY_RULE_SETUP
-/* ignore */
-	YY_BREAK
-case 50:
-YY_RULE_SETUP
-{
-		alloc_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	YY_BREAK
-case 51:
-YY_RULE_SETUP
-/* comment */
-	YY_BREAK
-case 52:
-/* rule 52 can match eol */
-YY_RULE_SETUP
-current_file->lineno++;
-	YY_BREAK
-case 53:
-YY_RULE_SETUP
-
-	YY_BREAK
-case YY_STATE_EOF(PARAM):
-{
-		BEGIN(INITIAL);
-	}
-	YY_BREAK
-
-case 54:
-/* rule 54 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	YY_BREAK
-case 55:
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-	}
-	YY_BREAK
-case 56:
-/* rule 56 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		append_string(zconftext + 1, zconfleng - 1);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	YY_BREAK
-case 57:
-YY_RULE_SETUP
-{
-		append_string(zconftext + 1, zconfleng - 1);
-	}
-	YY_BREAK
-case 58:
-YY_RULE_SETUP
-{
-		if (str == zconftext[0]) {
-			BEGIN(PARAM);
-			zconflval.string = text;
-			return T_WORD_QUOTE;
-		} else
-			append_string(zconftext, 1);
-	}
-	YY_BREAK
-case 59:
-/* rule 59 can match eol */
-YY_RULE_SETUP
-{
-		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
-		current_file->lineno++;
-		BEGIN(INITIAL);
-		return T_EOL;
-	}
-	YY_BREAK
-case YY_STATE_EOF(STRING):
-{
-		BEGIN(INITIAL);
-	}
-	YY_BREAK
-
-case 60:
-YY_RULE_SETUP
-{
-		ts = 0;
-		for (i = 0; i < zconfleng; i++) {
-			if (zconftext[i] == '\t')
-				ts = (ts & ~7) + 8;
-			else
-				ts++;
-		}
-		last_ts = ts;
-		if (first_ts) {
-			if (ts < first_ts) {
-				zconf_endhelp();
-				return T_HELPTEXT;
-			}
-			ts -= first_ts;
-			while (ts > 8) {
-				append_string("        ", 8);
-				ts -= 8;
-			}
-			append_string("        ", ts);
-		}
-	}
-	YY_BREAK
-case 61:
-/* rule 61 can match eol */
-*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
-(yy_c_buf_p) = yy_cp -= 1;
-YY_DO_BEFORE_ACTION; /* set up zconftext again */
-YY_RULE_SETUP
-{
-		current_file->lineno++;
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-	YY_BREAK
-case 62:
-/* rule 62 can match eol */
-YY_RULE_SETUP
-{
-		current_file->lineno++;
-		append_string("\n", 1);
-	}
-	YY_BREAK
-case 63:
-YY_RULE_SETUP
-{
-		append_string(zconftext, zconfleng);
-		if (!first_ts)
-			first_ts = last_ts;
-	}
-	YY_BREAK
-case YY_STATE_EOF(HELP):
-{
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-	YY_BREAK
-
-case YY_STATE_EOF(INITIAL):
-case YY_STATE_EOF(COMMAND):
-{
-	if (current_buf) {
-		zconf_endfile();
-		return T_EOF;
-	}
-	fclose(zconfin);
-	yyterminate();
-}
-	YY_BREAK
-case 64:
-YY_RULE_SETUP
-YY_FATAL_ERROR( "flex scanner jammed" );
-	YY_BREAK
-
-	case YY_END_OF_BUFFER:
-		{
-		/* Amount of text matched not including the EOB char. */
-		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
-
-		/* Undo the effects of YY_DO_BEFORE_ACTION. */
-		*yy_cp = (yy_hold_char);
-		YY_RESTORE_YY_MORE_OFFSET
-
-		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
-			{
-			/* We're scanning a new file or input source.  It's
-			 * possible that this happened because the user
-			 * just pointed zconfin at a new source and called
-			 * zconflex().  If so, then we have to assure
-			 * consistency between YY_CURRENT_BUFFER and our
-			 * globals.  Here is the right place to do so, because
-			 * this is the first action (other than possibly a
-			 * back-up) that will match for the new input source.
-			 */
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-			YY_CURRENT_BUFFER_LVALUE->yy_input_file = zconfin;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
-			}
-
-		/* Note that here we test for yy_c_buf_p "<=" to the position
-		 * of the first EOB in the buffer, since yy_c_buf_p will
-		 * already have been incremented past the NUL character
-		 * (since all states make transitions on EOB to the
-		 * end-of-buffer state).  Contrast this with the test
-		 * in input().
-		 */
-		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			{ /* This was really a NUL. */
-			yy_state_type yy_next_state;
-
-			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
-
-			yy_current_state = yy_get_previous_state(  );
-
-			/* Okay, we're now positioned to make the NUL
-			 * transition.  We couldn't have
-			 * yy_get_previous_state() go ahead and do it
-			 * for us because it doesn't know how to deal
-			 * with the possibility of jamming (and we don't
-			 * want to build jamming into it because then it
-			 * will run more slowly).
-			 */
-
-			yy_next_state = yy_try_NUL_trans( yy_current_state );
-
-			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-
-			if ( yy_next_state )
-				{
-				/* Consume the NUL. */
-				yy_cp = ++(yy_c_buf_p);
-				yy_current_state = yy_next_state;
-				goto yy_match;
-				}
-
-			else
-				{
-				yy_cp = (yy_c_buf_p);
-				goto yy_find_action;
-				}
-			}
-
-		else switch ( yy_get_next_buffer(  ) )
-			{
-			case EOB_ACT_END_OF_FILE:
-				{
-				(yy_did_buffer_switch_on_eof) = 0;
-
-				if ( zconfwrap( ) )
-					{
-					/* Note: because we've taken care in
-					 * yy_get_next_buffer() to have set up
-					 * zconftext, we can now set up
-					 * yy_c_buf_p so that if some total
-					 * hoser (like flex itself) wants to
-					 * call the scanner after we return the
-					 * YY_NULL, it'll still work - another
-					 * YY_NULL will get returned.
-					 */
-					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
-
-					yy_act = YY_STATE_EOF(YY_START);
-					goto do_action;
-					}
-
-				else
-					{
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-					}
-				break;
-				}
-
-			case EOB_ACT_CONTINUE_SCAN:
-				(yy_c_buf_p) =
-					(yytext_ptr) + yy_amount_of_matched_text;
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_match;
-
-			case EOB_ACT_LAST_MATCH:
-				(yy_c_buf_p) =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
-
-				yy_current_state = yy_get_previous_state(  );
-
-				yy_cp = (yy_c_buf_p);
-				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
-				goto yy_find_action;
-			}
-		break;
-		}
-
-	default:
-		YY_FATAL_ERROR(
-			"fatal flex scanner internal error--no action found" );
-	} /* end of action switch */
-		} /* end of scanning one token */
-} /* end of zconflex */
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- *	EOB_ACT_LAST_MATCH -
- *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- *	EOB_ACT_END_OF_FILE - end of file
- */
-static int yy_get_next_buffer (void)
-{
-    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
-	register char *source = (yytext_ptr);
-	register int number_to_move, i;
-	int ret_val;
-
-	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
-		YY_FATAL_ERROR(
-		"fatal flex scanner internal error--end of buffer missed" );
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
-		{ /* Don't try to fill the buffer, so this is an EOF. */
-		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
-			{
-			/* We matched a single character, the EOB, so
-			 * treat this as a final EOF.
-			 */
-			return EOB_ACT_END_OF_FILE;
-			}
-
-		else
-			{
-			/* We matched some text prior to the EOB, first
-			 * process it.
-			 */
-			return EOB_ACT_LAST_MATCH;
-			}
-		}
-
-	/* Try to read more data. */
-
-	/* First move last chars to start of buffer. */
-	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
-
-	for ( i = 0; i < number_to_move; ++i )
-		*(dest++) = *(source++);
-
-	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
-		/* don't do the read, it's not guaranteed to return an EOF,
-		 * just force an EOF
-		 */
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
-
-	else
-		{
-			size_t num_to_read =
-			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
-		while ( num_to_read <= 0 )
-			{ /* Not enough room in the buffer - grow it. */
-
-			/* just a shorter name for the current buffer */
-			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
-
-			int yy_c_buf_p_offset =
-				(int) ((yy_c_buf_p) - b->yy_ch_buf);
-
-			if ( b->yy_is_our_buffer )
-				{
-				int new_size = b->yy_buf_size * 2;
-
-				if ( new_size <= 0 )
-					b->yy_buf_size += b->yy_buf_size / 8;
-				else
-					b->yy_buf_size *= 2;
-
-				b->yy_ch_buf = (char *)
-					/* Include room in for 2 EOB chars. */
-					zconfrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
-				}
-			else
-				/* Can't grow it, we don't own it. */
-				b->yy_ch_buf = 0;
-
-			if ( ! b->yy_ch_buf )
-				YY_FATAL_ERROR(
-				"fatal error - scanner input buffer overflow" );
-
-			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
-
-			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
-						number_to_move - 1;
-
-			}
-
-		if ( num_to_read > YY_READ_BUF_SIZE )
-			num_to_read = YY_READ_BUF_SIZE;
-
-		/* Read in more data. */
-		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
-			(yy_n_chars), num_to_read );
-
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	if ( (yy_n_chars) == 0 )
-		{
-		if ( number_to_move == YY_MORE_ADJ )
-			{
-			ret_val = EOB_ACT_END_OF_FILE;
-			zconfrestart(zconfin  );
-			}
-
-		else
-			{
-			ret_val = EOB_ACT_LAST_MATCH;
-			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
-				YY_BUFFER_EOF_PENDING;
-			}
-		}
-
-	else
-		ret_val = EOB_ACT_CONTINUE_SCAN;
-
-	(yy_n_chars) += number_to_move;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
-	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
-
-	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
-
-	return ret_val;
-}
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-    static yy_state_type yy_get_previous_state (void)
-{
-	register yy_state_type yy_current_state;
-	register char *yy_cp;
-
-	yy_current_state = (yy_start);
-
-	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
-		{
-		yy_current_state = yy_nxt[yy_current_state][(*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1)];
-		}
-
-	return yy_current_state;
-}
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- *	next_state = yy_try_NUL_trans( current_state );
- */
-    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
-{
-	register int yy_is_jam;
-
-	yy_current_state = yy_nxt[yy_current_state][1];
-	yy_is_jam = (yy_current_state <= 0);
-
-	return yy_is_jam ? 0 : yy_current_state;
-}
-
-    static void yyunput (int c, register char * yy_bp )
-{
-	register char *yy_cp;
-
-    yy_cp = (yy_c_buf_p);
-
-	/* undo effects of setting up zconftext */
-	*yy_cp = (yy_hold_char);
-
-	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-		{ /* need to shift things up to make room */
-		/* +2 for EOB chars. */
-		register int number_to_move = (yy_n_chars) + 2;
-		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
-					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
-		register char *source =
-				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
-
-		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
-			*--dest = *--source;
-
-		yy_cp += (int) (dest - source);
-		yy_bp += (int) (dest - source);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
-			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
-
-		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
-			YY_FATAL_ERROR( "flex scanner push-back overflow" );
-		}
-
-	*--yy_cp = (char) c;
-
-	(yytext_ptr) = yy_bp;
-	(yy_hold_char) = *yy_cp;
-	(yy_c_buf_p) = yy_cp;
-}
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-    static int yyinput (void)
-#else
-    static int input  (void)
-#endif
-
-{
-	int c;
-
-	*(yy_c_buf_p) = (yy_hold_char);
-
-	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
-		{
-		/* yy_c_buf_p now points to the character we want to return.
-		 * If this occurs *before* the EOB characters, then it's a
-		 * valid NUL; if not, then we've hit the end of the buffer.
-		 */
-		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
-			/* This was really a NUL. */
-			*(yy_c_buf_p) = '\0';
-
-		else
-			{ /* need more input */
-			int offset = (yy_c_buf_p) - (yytext_ptr);
-			++(yy_c_buf_p);
-
-			switch ( yy_get_next_buffer(  ) )
-				{
-				case EOB_ACT_LAST_MATCH:
-					/* This happens because yy_g_n_b()
-					 * sees that we've accumulated a
-					 * token and flags that we need to
-					 * try matching the token before
-					 * proceeding.  But for input(),
-					 * there's no matching to consider.
-					 * So convert the EOB_ACT_LAST_MATCH
-					 * to EOB_ACT_END_OF_FILE.
-					 */
-
-					/* Reset buffer status. */
-					zconfrestart(zconfin );
-
-					/*FALLTHROUGH*/
-
-				case EOB_ACT_END_OF_FILE:
-					{
-					if ( zconfwrap( ) )
-						return EOF;
-
-					if ( ! (yy_did_buffer_switch_on_eof) )
-						YY_NEW_FILE;
-#ifdef __cplusplus
-					return yyinput();
-#else
-					return input();
-#endif
-					}
-
-				case EOB_ACT_CONTINUE_SCAN:
-					(yy_c_buf_p) = (yytext_ptr) + offset;
-					break;
-				}
-			}
-		}
-
-	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
-	*(yy_c_buf_p) = '\0';	/* preserve zconftext */
-	(yy_hold_char) = *++(yy_c_buf_p);
-
-	return c;
-}
-#endif	/* ifndef YY_NO_INPUT */
-
-/** Immediately switch to a different input stream.
- * @param input_file A readable stream.
- *
- * @note This function does not reset the start condition to @c INITIAL .
- */
-    void zconfrestart  (FILE * input_file )
-{
-
-	if ( ! YY_CURRENT_BUFFER ){
-        zconfensure_buffer_stack ();
-		YY_CURRENT_BUFFER_LVALUE =
-            zconf_create_buffer(zconfin,YY_BUF_SIZE );
-	}
-
-	zconf_init_buffer(YY_CURRENT_BUFFER,input_file );
-	zconf_load_buffer_state( );
-}
-
-/** Switch to a different input buffer.
- * @param new_buffer The new input buffer.
- *
- */
-    void zconf_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
-{
-
-	/* TODO. We should be able to replace this entire function body
-	 * with
-	 *		zconfpop_buffer_state();
-	 *		zconfpush_buffer_state(new_buffer);
-     */
-	zconfensure_buffer_stack ();
-	if ( YY_CURRENT_BUFFER == new_buffer )
-		return;
-
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-	zconf_load_buffer_state( );
-
-	/* We don't actually know whether we did this switch during
-	 * EOF (zconfwrap()) processing, but the only time this flag
-	 * is looked at is after zconfwrap() is called, so it's safe
-	 * to go ahead and always set it.
-	 */
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-static void zconf_load_buffer_state  (void)
-{
-    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
-	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
-	zconfin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
-	(yy_hold_char) = *(yy_c_buf_p);
-}
-
-/** Allocate and initialize an input buffer state.
- * @param file A readable stream.
- * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
- *
- * @return the allocated buffer state.
- */
-    YY_BUFFER_STATE zconf_create_buffer  (FILE * file, int  size )
-{
-	YY_BUFFER_STATE b;
-
-	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
-
-	b->yy_buf_size = size;
-
-	/* yy_ch_buf has to be 2 characters longer than the size given because
-	 * we need to put in 2 end-of-buffer characters.
-	 */
-	b->yy_ch_buf = (char *) zconfalloc(b->yy_buf_size + 2  );
-	if ( ! b->yy_ch_buf )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
-
-	b->yy_is_our_buffer = 1;
-
-	zconf_init_buffer(b,file );
-
-	return b;
-}
-
-/** Destroy the buffer.
- * @param b a buffer created with zconf_create_buffer()
- *
- */
-    void zconf_delete_buffer (YY_BUFFER_STATE  b )
-{
-
-	if ( ! b )
-		return;
-
-	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
-		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
-
-	if ( b->yy_is_our_buffer )
-		zconffree((void *) b->yy_ch_buf  );
-
-	zconffree((void *) b  );
-}
-
-/* Initializes or reinitializes a buffer.
- * This function is sometimes called more than once on the same buffer,
- * such as during a zconfrestart() or at EOF.
- */
-    static void zconf_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
-
-{
-	int oerrno = errno;
-
-	zconf_flush_buffer(b );
-
-	b->yy_input_file = file;
-	b->yy_fill_buffer = 1;
-
-    /* If b is the current buffer, then zconf_init_buffer was _probably_
-     * called from zconfrestart() or through yy_get_next_buffer.
-     * In that case, we don't want to reset the lineno or column.
-     */
-    if (b != YY_CURRENT_BUFFER){
-        b->yy_bs_lineno = 1;
-        b->yy_bs_column = 0;
-    }
-
-        b->yy_is_interactive = 0;
-
-	errno = oerrno;
-}
-
-/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
- * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
- *
- */
-    void zconf_flush_buffer (YY_BUFFER_STATE  b )
-{
-    	if ( ! b )
-		return;
-
-	b->yy_n_chars = 0;
-
-	/* We always need two end-of-buffer characters.  The first causes
-	 * a transition to the end-of-buffer state.  The second causes
-	 * a jam in that state.
-	 */
-	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
-	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
-	b->yy_buf_pos = &b->yy_ch_buf[0];
-
-	b->yy_at_bol = 1;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	if ( b == YY_CURRENT_BUFFER )
-		zconf_load_buffer_state( );
-}
-
-/** Pushes the new state onto the stack. The new state becomes
- *  the current state. This function will allocate the stack
- *  if necessary.
- *  @param new_buffer The new state.
- *
- */
-void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer )
-{
-    	if (new_buffer == NULL)
-		return;
-
-	zconfensure_buffer_stack();
-
-	/* This block is copied from zconf_switch_to_buffer. */
-	if ( YY_CURRENT_BUFFER )
-		{
-		/* Flush out information for old buffer. */
-		*(yy_c_buf_p) = (yy_hold_char);
-		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
-		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
-		}
-
-	/* Only push if top exists. Otherwise, replace top. */
-	if (YY_CURRENT_BUFFER)
-		(yy_buffer_stack_top)++;
-	YY_CURRENT_BUFFER_LVALUE = new_buffer;
-
-	/* copied from zconf_switch_to_buffer. */
-	zconf_load_buffer_state( );
-	(yy_did_buffer_switch_on_eof) = 1;
-}
-
-/** Removes and deletes the top of the stack, if present.
- *  The next element becomes the new top.
- *
- */
-void zconfpop_buffer_state (void)
-{
-    	if (!YY_CURRENT_BUFFER)
-		return;
-
-	zconf_delete_buffer(YY_CURRENT_BUFFER );
-	YY_CURRENT_BUFFER_LVALUE = NULL;
-	if ((yy_buffer_stack_top) > 0)
-		--(yy_buffer_stack_top);
-
-	if (YY_CURRENT_BUFFER) {
-		zconf_load_buffer_state( );
-		(yy_did_buffer_switch_on_eof) = 1;
-	}
-}
-
-/* Allocates the stack if it does not exist.
- *  Guarantees space for at least one push.
- */
-static void zconfensure_buffer_stack (void)
-{
-	int num_to_alloc;
-
-	if (!(yy_buffer_stack)) {
-
-		/* First allocation is just for 2 elements, since we don't know if this
-		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
-		 * immediate realloc on the next call.
-         */
-		num_to_alloc = 1;
-		(yy_buffer_stack) = (struct yy_buffer_state**)zconfalloc
-								(num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
-
-		(yy_buffer_stack_max) = num_to_alloc;
-		(yy_buffer_stack_top) = 0;
-		return;
-	}
-
-	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
-
-		/* Increase the buffer to prepare for a possible push. */
-		int grow_size = 8 /* arbitrary grow size */;
-
-		num_to_alloc = (yy_buffer_stack_max) + grow_size;
-		(yy_buffer_stack) = (struct yy_buffer_state**)zconfrealloc
-								((yy_buffer_stack),
-								num_to_alloc * sizeof(struct yy_buffer_state*)
-								);
-
-		/* zero only the new slots.*/
-		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
-		(yy_buffer_stack_max) = num_to_alloc;
-	}
-}
-
-/** Setup the input buffer state to scan directly from a user-specified character buffer.
- * @param base the character buffer
- * @param size the size in bytes of the character buffer
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE zconf_scan_buffer  (char * base, yy_size_t  size )
-{
-	YY_BUFFER_STATE b;
-
-	if ( size < 2 ||
-	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
-	     base[size-1] != YY_END_OF_BUFFER_CHAR )
-		/* They forgot to leave room for the EOB's. */
-		return 0;
-
-	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
-	if ( ! b )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_buffer()" );
-
-	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
-	b->yy_buf_pos = b->yy_ch_buf = base;
-	b->yy_is_our_buffer = 0;
-	b->yy_input_file = 0;
-	b->yy_n_chars = b->yy_buf_size;
-	b->yy_is_interactive = 0;
-	b->yy_at_bol = 1;
-	b->yy_fill_buffer = 0;
-	b->yy_buffer_status = YY_BUFFER_NEW;
-
-	zconf_switch_to_buffer(b  );
-
-	return b;
-}
-
-/** Setup the input buffer state to scan a string. The next call to zconflex() will
- * scan from a @e copy of @a str.
- * @param str a NUL-terminated string to scan
- *
- * @return the newly allocated buffer state object.
- * @note If you want to scan bytes that may contain NUL values, then use
- *       zconf_scan_bytes() instead.
- */
-YY_BUFFER_STATE zconf_scan_string (yyconst char * str )
-{
-
-	return zconf_scan_bytes(str,strlen(str) );
-}
-
-/** Setup the input buffer state to scan the given bytes. The next call to zconflex() will
- * scan from a @e copy of @a bytes.
- * @param bytes the byte buffer to scan
- * @param len the number of bytes in the buffer pointed to by @a bytes.
- *
- * @return the newly allocated buffer state object.
- */
-YY_BUFFER_STATE zconf_scan_bytes  (yyconst char * bytes, int  len )
-{
-	YY_BUFFER_STATE b;
-	char *buf;
-	yy_size_t n;
-	int i;
-
-	/* Get memory for full buffer, including space for trailing EOB's. */
-	n = len + 2;
-	buf = (char *) zconfalloc(n  );
-	if ( ! buf )
-		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_bytes()" );
-
-	for ( i = 0; i < len; ++i )
-		buf[i] = bytes[i];
-
-	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
-
-	b = zconf_scan_buffer(buf,n );
-	if ( ! b )
-		YY_FATAL_ERROR( "bad buffer in zconf_scan_bytes()" );
-
-	/* It's okay to grow etc. this buffer, and we should throw it
-	 * away when we're done.
-	 */
-	b->yy_is_our_buffer = 1;
-
-	return b;
-}
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-static void yy_fatal_error (yyconst char* msg )
-{
-    	(void) fprintf( stderr, "%s\n", msg );
-	exit( YY_EXIT_FAILURE );
-}
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
-	do \
-		{ \
-		/* Undo effects of setting up zconftext. */ \
-        int yyless_macro_arg = (n); \
-        YY_LESS_LINENO(yyless_macro_arg);\
-		zconftext[zconfleng] = (yy_hold_char); \
-		(yy_c_buf_p) = zconftext + yyless_macro_arg; \
-		(yy_hold_char) = *(yy_c_buf_p); \
-		*(yy_c_buf_p) = '\0'; \
-		zconfleng = yyless_macro_arg; \
-		} \
-	while ( 0 )
-
-/* Accessor  methods (get/set functions) to struct members. */
-
-/** Get the current line number.
- *
- */
-int zconfget_lineno  (void)
-{
-
-    return zconflineno;
-}
-
-/** Get the input stream.
- *
- */
-FILE *zconfget_in  (void)
-{
-        return zconfin;
-}
-
-/** Get the output stream.
- *
- */
-FILE *zconfget_out  (void)
-{
-        return zconfout;
-}
-
-/** Get the length of the current token.
- *
- */
-int zconfget_leng  (void)
-{
-        return zconfleng;
-}
-
-/** Get the current token.
- *
- */
-
-char *zconfget_text  (void)
-{
-        return zconftext;
-}
-
-/** Set the current line number.
- * @param line_number
- *
- */
-void zconfset_lineno (int  line_number )
-{
-
-    zconflineno = line_number;
-}
-
-/** Set the input stream. This does not discard the current
- * input buffer.
- * @param in_str A readable stream.
- *
- * @see zconf_switch_to_buffer
- */
-void zconfset_in (FILE *  in_str )
-{
-        zconfin = in_str ;
-}
-
-void zconfset_out (FILE *  out_str )
-{
-        zconfout = out_str ;
-}
-
-int zconfget_debug  (void)
-{
-        return zconf_flex_debug;
-}
-
-void zconfset_debug (int  bdebug )
-{
-        zconf_flex_debug = bdebug ;
-}
-
-/* zconflex_destroy is for both reentrant and non-reentrant scanners. */
-int zconflex_destroy  (void)
-{
-
-    /* Pop the buffer stack, destroying each element. */
-	while(YY_CURRENT_BUFFER){
-		zconf_delete_buffer(YY_CURRENT_BUFFER  );
-		YY_CURRENT_BUFFER_LVALUE = NULL;
-		zconfpop_buffer_state();
-	}
-
-	/* Destroy the stack itself. */
-	zconffree((yy_buffer_stack) );
-	(yy_buffer_stack) = NULL;
-
-    return 0;
-}
-
-/*
- * Internal utility routines.
- */
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
-{
-	register int i;
-    	for ( i = 0; i < n; ++i )
-		s1[i] = s2[i];
-}
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen (yyconst char * s )
-{
-	register int n;
-    	for ( n = 0; s[n]; ++n )
-		;
-
-	return n;
-}
-#endif
-
-void *zconfalloc (yy_size_t  size )
-{
-	return (void *) malloc( size );
-}
-
-void *zconfrealloc  (void * ptr, yy_size_t  size )
-{
-	/* The cast to (char *) in the following accommodates both
-	 * implementations that use char* generic pointers, and those
-	 * that use void* generic pointers.  It works with the latter
-	 * because both ANSI C and C++ allow castless assignment from
-	 * any pointer type to void*, and deal with argument conversions
-	 * as though doing an assignment.
-	 */
-	return (void *) realloc( (char *) ptr, size );
-}
-
-void zconffree (void * ptr )
-{
-	free( (char *) ptr );	/* see zconfrealloc() for (char *) cast */
-}
-
-#define YYTABLES_NAME "yytables"
-
-#undef YY_NEW_FILE
-#undef YY_FLUSH_BUFFER
-#undef yy_set_bol
-#undef yy_new_buffer
-#undef yy_set_interactive
-#undef yytext_ptr
-#undef YY_DO_BEFORE_ACTION
-
-#ifdef YY_DECL_IS_OURS
-#undef YY_DECL_IS_OURS
-#undef YY_DECL
-#endif
-
-void zconf_starthelp(void)
-{
-	new_string();
-	last_ts = first_ts = 0;
-	BEGIN(HELP);
-}
-
-static void zconf_endhelp(void)
-{
-	zconflval.string = text;
-	BEGIN(INITIAL);
-}
-
-/*
- * Try to open specified file with following names:
- * ./name
- * $(srctree)/name
- * The latter is used when srctree is separate from objtree
- * when compiling the kernel.
- * Return NULL if file is not found.
- */
-FILE *zconf_fopen(const char *name)
-{
-	char *env, fullname[PATH_MAX+1];
-	FILE *f;
-
-	f = fopen(name, "r");
-	if (!f && name[0] != '/') {
-		env = getenv(SRCTREE);
-		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
-			f = fopen(fullname, "r");
-		}
-	}
-	return f;
-}
-
-void zconf_initscan(const char *name)
-{
-	zconfin = zconf_fopen(name);
-	if (!zconfin) {
-		printf("can't find file %s\n", name);
-		exit(1);
-	}
-
-	current_buf = malloc(sizeof(*current_buf));
-	memset(current_buf, 0, sizeof(*current_buf));
-
-	current_file = file_lookup(name);
-	current_file->lineno = 1;
-	current_file->flags = FILE_BUSY;
-}
-
-void zconf_nextfile(const char *name)
-{
-	struct file *file = file_lookup(name);
-	struct buffer *buf = malloc(sizeof(*buf));
-	memset(buf, 0, sizeof(*buf));
-
-	current_buf->state = YY_CURRENT_BUFFER;
-	zconfin = zconf_fopen(name);
-	if (!zconfin) {
-		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
-		exit(1);
-	}
-	zconf_switch_to_buffer(zconf_create_buffer(zconfin,YY_BUF_SIZE));
-	buf->parent = current_buf;
-	current_buf = buf;
-
-	if (file->flags & FILE_BUSY) {
-		printf("recursive scan (%s)?\n", name);
-		exit(1);
-	}
-	if (file->flags & FILE_SCANNED) {
-		printf("file %s already scanned?\n", name);
-		exit(1);
-	}
-	file->flags |= FILE_BUSY;
-	file->lineno = 1;
-	file->parent = current_file;
-	current_file = file;
-}
-
-static struct buffer *zconf_endfile(void)
-{
-	struct buffer *parent;
-
-	current_file->flags |= FILE_SCANNED;
-	current_file->flags &= ~FILE_BUSY;
-	current_file = current_file->parent;
-
-	parent = current_buf->parent;
-	if (parent) {
-		fclose(zconfin);
-		zconf_delete_buffer(YY_CURRENT_BUFFER);
-		zconf_switch_to_buffer(parent->state);
-	}
-	free(current_buf);
-	current_buf = parent;
-
-	return parent;
-}
-
-int zconf_lineno(void)
-{
-	if (current_buf)
-		return current_file->lineno - 1;
-	else
-		return 0;
-}
-
-char *zconf_curname(void)
-{
-	if (current_buf)
-		return current_file->name;
-	else
-		return "<none>";
-}
-
diff --git a/config/scripts/config/lkc.h b/config/scripts/config/lkc.h
deleted file mode 100644
index b8a67fc9d6..0000000000
--- a/config/scripts/config/lkc.h
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#ifndef LKC_H
-#define LKC_H
-
-#include "expr.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef LKC_DIRECT_LINK
-#define P(name,type,arg)	extern type name arg
-#else
-#include "lkc_defs.h"
-#define P(name,type,arg)	extern type (*name ## _p) arg
-#endif
-#include "lkc_proto.h"
-#undef P
-
-#define SRCTREE "srctree"
-
-int zconfparse(void);
-void zconfdump(FILE *out);
-
-extern int zconfdebug;
-void zconf_starthelp(void);
-FILE *zconf_fopen(const char *name);
-void zconf_initscan(const char *name);
-void zconf_nextfile(const char *name);
-int zconf_lineno(void);
-char *zconf_curname(void);
-
-/* confdata.c */
-extern const char conf_def_filename[];
-extern char conf_filename[];
-
-char *conf_get_default_confname(void);
-
-/* kconfig_load.c */
-void kconfig_load(void);
-
-/* menu.c */
-void menu_init(void);
-void menu_add_menu(void);
-void menu_end_menu(void);
-void menu_add_entry(struct symbol *sym);
-void menu_end_entry(void);
-void menu_add_dep(struct expr *dep);
-struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep);
-void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep);
-void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep);
-void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep);
-void menu_finalize(struct menu *parent);
-void menu_set_type(int type);
-
-/* util.c */
-struct file *file_lookup(const char *name);
-int file_write_dep(const char *name);
-
-struct gstr {
-	size_t len;
-	char  *s;
-};
-struct gstr str_new(void);
-struct gstr str_assign(const char *s);
-void str_free(struct gstr *gs);
-void str_append(struct gstr *gs, const char *s);
-void str_printf(struct gstr *gs, const char *fmt, ...);
-const char *str_get(struct gstr *gs);
-
-/* symbol.c */
-void sym_init(void);
-void sym_clear_all_valid(void);
-void sym_set_changed(struct symbol *sym);
-struct symbol *sym_check_deps(struct symbol *sym);
-struct property *prop_alloc(enum prop_type type, struct symbol *sym);
-struct symbol *prop_get_symbol(struct property *prop);
-
-static inline tristate sym_get_tristate_value(struct symbol *sym)
-{
-	return sym->curr.tri;
-}
-
-
-static inline struct symbol *sym_get_choice_value(struct symbol *sym)
-{
-	return (struct symbol *)sym->curr.val;
-}
-
-static inline bool sym_set_choice_value(struct symbol *ch, struct symbol *chval)
-{
-	return sym_set_tristate_value(chval, yes);
-}
-
-static inline bool sym_is_choice(struct symbol *sym)
-{
-	return sym->flags & SYMBOL_CHOICE ? true : false;
-}
-
-static inline bool sym_is_choice_value(struct symbol *sym)
-{
-	return sym->flags & SYMBOL_CHOICEVAL ? true : false;
-}
-
-static inline bool sym_is_optional(struct symbol *sym)
-{
-	return sym->flags & SYMBOL_OPTIONAL ? true : false;
-}
-
-static inline bool sym_has_value(struct symbol *sym)
-{
-	return sym->flags & SYMBOL_NEW ? false : true;
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* LKC_H */
diff --git a/config/scripts/config/lkc_proto.h b/config/scripts/config/lkc_proto.h
deleted file mode 100644
index 6dc6d0c48e..0000000000
--- a/config/scripts/config/lkc_proto.h
+++ /dev/null
@@ -1,40 +0,0 @@
-
-/* confdata.c */
-P(conf_parse,void,(const char *name));
-P(conf_read,int,(const char *name));
-P(conf_write,int,(const char *name));
-
-/* menu.c */
-P(rootmenu,struct menu,);
-
-P(menu_is_visible,bool,(struct menu *menu));
-P(menu_get_prompt,const char *,(struct menu *menu));
-P(menu_get_root_menu,struct menu *,(struct menu *menu));
-P(menu_get_parent_menu,struct menu *,(struct menu *menu));
-
-/* symbol.c */
-P(symbol_hash,struct symbol *,[SYMBOL_HASHSIZE]);
-P(sym_change_count,int,);
-
-P(sym_lookup,struct symbol *,(const char *name, int isconst));
-P(sym_find,struct symbol *,(const char *name));
-P(sym_re_search,struct symbol **,(const char *pattern));
-P(sym_type_name,const char *,(enum symbol_type type));
-P(sym_calc_value,void,(struct symbol *sym));
-P(sym_get_type,enum symbol_type,(struct symbol *sym));
-P(sym_tristate_within_range,bool,(struct symbol *sym,tristate tri));
-P(sym_set_tristate_value,bool,(struct symbol *sym,tristate tri));
-P(sym_toggle_tristate_value,tristate,(struct symbol *sym));
-P(sym_string_valid,bool,(struct symbol *sym, const char *newval));
-P(sym_string_within_range,bool,(struct symbol *sym, const char *str));
-P(sym_set_string_value,bool,(struct symbol *sym, const char *newval));
-P(sym_is_changable,bool,(struct symbol *sym));
-P(sym_get_choice_prop,struct property *,(struct symbol *sym));
-P(sym_get_default_prop,struct property *,(struct symbol *sym));
-P(sym_get_string_value,const char *,(struct symbol *sym));
-
-P(prop_get_type_name,const char *,(enum prop_type type));
-
-/* expr.c */
-P(expr_compare_type,int,(enum expr_type t1, enum expr_type t2));
-P(expr_print,void,(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken));
diff --git a/config/scripts/config/lxdialog/BIG.FAT.WARNING b/config/scripts/config/lxdialog/BIG.FAT.WARNING
deleted file mode 100644
index a8999d82bd..0000000000
--- a/config/scripts/config/lxdialog/BIG.FAT.WARNING
+++ /dev/null
@@ -1,4 +0,0 @@
-This is NOT the official version of dialog.  This version has been
-significantly modified from the original.  It is for use by the Linux
-kernel configuration script.  Please do not bother Savio Lam with 
-questions about this program.
diff --git a/config/scripts/config/lxdialog/checklist.c b/config/scripts/config/lxdialog/checklist.c
deleted file mode 100644
index 71de4a191d..0000000000
--- a/config/scripts/config/lxdialog/checklist.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/*
- *  checklist.c -- implements the checklist box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *     Stuart Herbert - S.Herbert@sheffield.ac.uk: radiolist extension
- *     Alessandro Rubini - rubini@ipvvis.unipv.it: merged the two
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-static int list_width, check_x, item_x, checkflag;
-
-/*
- * Print list item
- */
-static void
-print_item (WINDOW * win, const char *item, int status,
-	    int choice, int selected)
-{
-    int i;
-
-    /* Clear 'residue' of last item */
-    wattrset (win, menubox_attr);
-    wmove (win, choice, 0);
-    for (i = 0; i < list_width; i++)
-	waddch (win, ' ');
-
-    wmove (win, choice, check_x);
-    wattrset (win, selected ? check_selected_attr : check_attr);
-    if (checkflag == FLAG_CHECK)
-	wprintw (win, "[%c]", status ? 'X' : ' ');
-    else
-	wprintw (win, "(%c)", status ? 'X' : ' ');
-
-    wattrset (win, selected ? tag_selected_attr : tag_attr);
-    mvwaddch(win, choice, item_x, item[0]);
-    wattrset (win, selected ? item_selected_attr : item_attr);
-    waddstr (win, (char *)item+1);
-    if (selected) {
-    	wmove (win, choice, check_x+1);
-    	wrefresh (win);
-    }
-}
-
-/*
- * Print the scroll indicators.
- */
-static void
-print_arrows (WINDOW * win, int choice, int item_no, int scroll,
-		int y, int x, int height)
-{
-    wmove(win, y, x);
-
-    if (scroll > 0) {
-	wattrset (win, uarrow_attr);
-	waddch (win, ACS_UARROW);
-	waddstr (win, "(-)");
-    }
-    else {
-	wattrset (win, menubox_attr);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-    }
-
-   y = y + height + 1;
-   wmove(win, y, x);
-
-   if ((height < item_no) && (scroll + choice < item_no - 1)) {
-	wattrset (win, darrow_attr);
-	waddch (win, ACS_DARROW);
-	waddstr (win, "(+)");
-    }
-    else {
-	wattrset (win, menubox_border_attr);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-   }
-}
-
-/*
- *  Display the termination buttons
- */
-static void
-print_buttons( WINDOW *dialog, int height, int width, int selected)
-{
-    int x = width / 2 - 11;
-    int y = height - 2;
-
-    print_button (dialog, "Select", y, x, selected == 0);
-    print_button (dialog, " Help ", y, x + 14, selected == 1);
-
-    wmove(dialog, y, x+1 + 14*selected);
-    wrefresh (dialog);
-}
-
-/*
- * Display a dialog box with a list of options that can be turned on or off
- * The `flag' parameter is used to select between radiolist and checklist.
- */
-int
-dialog_checklist (const char *title, const char *prompt, int height, int width,
-	int list_height, int item_no, struct dialog_list_item ** items,
-	int flag)
-	
-{
-    int i, x, y, box_x, box_y;
-    int key = 0, button = 0, choice = 0, scroll = 0, max_choice, *status;
-    WINDOW *dialog, *list;
-
-    checkflag = flag;
-
-    /* Allocate space for storing item on/off status */
-    if ((status = malloc (sizeof (int) * item_no)) == NULL) {
-	endwin ();
-	fprintf (stderr,
-		 "\nCan't allocate memory in dialog_checklist().\n");
-	exit (-1);
-    }
-
-    /* Initializes status */
-    for (i = 0; i < item_no; i++) {
-	status[i] = (items[i]->selected == 1); /* ON */
-	if ((!choice && status[i]) || items[i]->selected == 2) /* SELECTED */
-            choice = i + 1;
-    }
-    if (choice)
-	    choice--;
-
-    max_choice = MIN (list_height, item_no);
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-    wattrset (dialog, border_attr);
-    mvwaddch (dialog, height-3, 0, ACS_LTEE);
-    for (i = 0; i < width - 2; i++)
-	waddch (dialog, ACS_HLINE);
-    wattrset (dialog, dialog_attr);
-    waddch (dialog, ACS_RTEE);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-
-    wattrset (dialog, dialog_attr);
-    print_autowrap (dialog, prompt, width - 2, 1, 3);
-
-    list_width = width - 6;
-    box_y = height - list_height - 5;
-    box_x = (width - list_width) / 2 - 1;
-
-    /* create new window for the list */
-    list = subwin (dialog, list_height, list_width, y+box_y+1, x+box_x+1);
-
-    keypad (list, TRUE);
-
-    /* draw a box around the list items */
-    draw_box (dialog, box_y, box_x, list_height + 2, list_width + 2,
-	      menubox_border_attr, menubox_attr);
-
-    /* Find length of longest item in order to center checklist */
-    check_x = 0;
-    for (i = 0; i < item_no; i++) 
-	check_x = MAX (check_x, + strlen (items[i]->name) + 4);
-
-    check_x = (list_width - check_x) / 2;
-    item_x = check_x + 4;
-
-    if (choice >= list_height) {
-	scroll = choice - list_height + 1;
-	choice -= scroll;
-    }
-
-    /* Print the list */
-    for (i = 0; i < max_choice; i++) {
-	print_item (list, items[scroll + i]->name,
-		    status[i+scroll], i, i == choice);
-    }
-
-    print_arrows(dialog, choice, item_no, scroll,
-			box_y, box_x + check_x + 5, list_height);
-
-    print_buttons(dialog, height, width, 0);
-
-    wnoutrefresh (list);
-    wnoutrefresh (dialog);
-    doupdate ();
-
-    while (key != ESC) {
-	key = wgetch (dialog);
-
-    	for (i = 0; i < max_choice; i++)
-            if (toupper(key) == toupper(items[scroll + i]->name[0]))
-                break;
-
-
-	if ( i < max_choice || key == KEY_UP || key == KEY_DOWN || 
-	    key == '+' || key == '-' ) {
-	    if (key == KEY_UP || key == '-') {
-		if (!choice) {
-		    if (!scroll)
-			continue;
-		    /* Scroll list down */
-		    if (list_height > 1) {
-			/* De-highlight current first item */
-			print_item (list, items[scroll]->name,
-					status[scroll], 0, FALSE);
-			scrollok (list, TRUE);
-			wscrl (list, -1);
-			scrollok (list, FALSE);
-		    }
-		    scroll--;
-		    print_item (list, items[scroll]->name,
-				status[scroll], 0, TRUE);
-		    wnoutrefresh (list);
-
-    		    print_arrows(dialog, choice, item_no, scroll,
-				box_y, box_x + check_x + 5, list_height);
-
-		    wrefresh (dialog);
-
-		    continue;	/* wait for another key press */
-		} else
-		    i = choice - 1;
-	    } else if (key == KEY_DOWN || key == '+') {
-		if (choice == max_choice - 1) {
-		    if (scroll + choice >= item_no - 1)
-			continue;
-		    /* Scroll list up */
-		    if (list_height > 1) {
-			/* De-highlight current last item before scrolling up */
-			print_item (list, items[scroll + max_choice - 1]->name,
-				    status[scroll + max_choice - 1],
-				    max_choice - 1, FALSE);
-			scrollok (list, TRUE);
-			scroll (list);
-			scrollok (list, FALSE);
-		    }
-		    scroll++;
-		    print_item (list, items[scroll + max_choice - 1]->name,
-				status[scroll + max_choice - 1],
-				max_choice - 1, TRUE);
-		    wnoutrefresh (list);
-
-    		    print_arrows(dialog, choice, item_no, scroll,
-				box_y, box_x + check_x + 5, list_height);
-
-		    wrefresh (dialog);
-
-		    continue;	/* wait for another key press */
-		} else
-		    i = choice + 1;
-	    }
-	    if (i != choice) {
-		/* De-highlight current item */
-		print_item (list, items[scroll + choice]->name,
-			    status[scroll + choice], choice, FALSE);
-		/* Highlight new item */
-		choice = i;
-		print_item (list, items[scroll + choice]->name,
-			    status[scroll + choice], choice, TRUE);
-		wnoutrefresh (list);
-		wrefresh (dialog);
-	    }
-	    continue;		/* wait for another key press */
-	}
-	switch (key) {
-	case 'H':
-	case 'h':
-	case '?':
-	    for (i = 0; i < item_no; i++)
-		items[i]->selected = 0;
-	    items[scroll + choice]->selected = 1;
-	    delwin (dialog);
-	    free (status);
-	    return 1;
-	case TAB:
-	case KEY_LEFT:
-	case KEY_RIGHT:
-	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
-			? 1 : (button > 1 ? 0 : button);
-
-	    print_buttons(dialog, height, width, button);
-	    wrefresh (dialog);
-	    break;
-	case 'S':
-	case 's':
-	case ' ':
-	case '\n':
-	    if (!button) {
-		if (flag == FLAG_CHECK) {
-		    status[scroll + choice] = !status[scroll + choice];
-		    wmove (list, choice, check_x);
-		    wattrset (list, check_selected_attr);
-		    wprintw (list, "[%c]", status[scroll + choice] ? 'X' : ' ');
-		} else {
-		    if (!status[scroll + choice]) {
-			for (i = 0; i < item_no; i++)
-			    status[i] = 0;
-			status[scroll + choice] = 1;
-			for (i = 0; i < max_choice; i++)
-			    print_item (list, items[scroll + i]->name,
-					status[scroll + i], i, i == choice);
-		    }
-		}
-		wnoutrefresh (list);
-		wrefresh (dialog);
-            
-		for (i = 0; i < item_no; i++) {
-			items[i]->selected = status[i];
-		}
-            } else {
-		    for (i = 0; i < item_no; i++)
-			    items[i]->selected = 0;
-		    items[scroll + choice]->selected = 1;
-	    }
-	    delwin (dialog);
-	    free (status);
-	    return button;
-	case 'X':
-	case 'x':
-	    key = ESC;
-	case ESC:
-	    break;
-	}
-
-	/* Now, update everything... */
-	doupdate ();
-    }
-    
-
-    delwin (dialog);
-    free (status);
-    return -1;			/* ESC pressed */
-}
diff --git a/config/scripts/config/lxdialog/colors.h b/config/scripts/config/lxdialog/colors.h
deleted file mode 100644
index d34dd37c6f..0000000000
--- a/config/scripts/config/lxdialog/colors.h
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
- *  colors.h -- color attribute definitions
- *
- *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-
-/*
- *   Default color definitions
- *
- *   *_FG = foreground
- *   *_BG = background
- *   *_HL = highlight?
- */
-#define SCREEN_FG                    COLOR_CYAN
-#define SCREEN_BG                    COLOR_BLUE
-#define SCREEN_HL                    TRUE
-
-#define SHADOW_FG                    COLOR_BLACK
-#define SHADOW_BG                    COLOR_BLACK
-#define SHADOW_HL                    TRUE
-
-#define DIALOG_FG                    COLOR_BLACK
-#define DIALOG_BG                    COLOR_WHITE
-#define DIALOG_HL                    FALSE
-
-#define TITLE_FG                     COLOR_YELLOW
-#define TITLE_BG                     COLOR_WHITE
-#define TITLE_HL                     TRUE
-
-#define BORDER_FG                    COLOR_WHITE
-#define BORDER_BG                    COLOR_WHITE
-#define BORDER_HL                    TRUE
-
-#define BUTTON_ACTIVE_FG             COLOR_WHITE
-#define BUTTON_ACTIVE_BG             COLOR_BLUE
-#define BUTTON_ACTIVE_HL             TRUE
-
-#define BUTTON_INACTIVE_FG           COLOR_BLACK
-#define BUTTON_INACTIVE_BG           COLOR_WHITE
-#define BUTTON_INACTIVE_HL           FALSE
-
-#define BUTTON_KEY_ACTIVE_FG         COLOR_WHITE
-#define BUTTON_KEY_ACTIVE_BG         COLOR_BLUE
-#define BUTTON_KEY_ACTIVE_HL         TRUE
-
-#define BUTTON_KEY_INACTIVE_FG       COLOR_RED
-#define BUTTON_KEY_INACTIVE_BG       COLOR_WHITE
-#define BUTTON_KEY_INACTIVE_HL       FALSE
-
-#define BUTTON_LABEL_ACTIVE_FG       COLOR_YELLOW
-#define BUTTON_LABEL_ACTIVE_BG       COLOR_BLUE
-#define BUTTON_LABEL_ACTIVE_HL       TRUE
-
-#define BUTTON_LABEL_INACTIVE_FG     COLOR_BLACK
-#define BUTTON_LABEL_INACTIVE_BG     COLOR_WHITE
-#define BUTTON_LABEL_INACTIVE_HL     TRUE
-
-#define INPUTBOX_FG                  COLOR_BLACK
-#define INPUTBOX_BG                  COLOR_WHITE
-#define INPUTBOX_HL                  FALSE
-
-#define INPUTBOX_BORDER_FG           COLOR_BLACK
-#define INPUTBOX_BORDER_BG           COLOR_WHITE
-#define INPUTBOX_BORDER_HL           FALSE
-
-#define SEARCHBOX_FG                 COLOR_BLACK
-#define SEARCHBOX_BG                 COLOR_WHITE
-#define SEARCHBOX_HL                 FALSE
-
-#define SEARCHBOX_TITLE_FG           COLOR_YELLOW
-#define SEARCHBOX_TITLE_BG           COLOR_WHITE
-#define SEARCHBOX_TITLE_HL           TRUE
-
-#define SEARCHBOX_BORDER_FG          COLOR_WHITE
-#define SEARCHBOX_BORDER_BG          COLOR_WHITE
-#define SEARCHBOX_BORDER_HL          TRUE
-
-#define POSITION_INDICATOR_FG        COLOR_YELLOW
-#define POSITION_INDICATOR_BG        COLOR_WHITE
-#define POSITION_INDICATOR_HL        TRUE
-
-#define MENUBOX_FG                   COLOR_BLACK
-#define MENUBOX_BG                   COLOR_WHITE
-#define MENUBOX_HL                   FALSE
-
-#define MENUBOX_BORDER_FG            COLOR_WHITE
-#define MENUBOX_BORDER_BG            COLOR_WHITE
-#define MENUBOX_BORDER_HL            TRUE
-
-#define ITEM_FG                      COLOR_BLACK
-#define ITEM_BG                      COLOR_WHITE
-#define ITEM_HL                      FALSE
-
-#define ITEM_SELECTED_FG             COLOR_WHITE
-#define ITEM_SELECTED_BG             COLOR_BLUE
-#define ITEM_SELECTED_HL             TRUE
-
-#define TAG_FG                       COLOR_YELLOW
-#define TAG_BG                       COLOR_WHITE
-#define TAG_HL                       TRUE
-
-#define TAG_SELECTED_FG              COLOR_YELLOW
-#define TAG_SELECTED_BG              COLOR_BLUE
-#define TAG_SELECTED_HL              TRUE
-
-#define TAG_KEY_FG                   COLOR_YELLOW
-#define TAG_KEY_BG                   COLOR_WHITE
-#define TAG_KEY_HL                   TRUE
-
-#define TAG_KEY_SELECTED_FG          COLOR_YELLOW
-#define TAG_KEY_SELECTED_BG          COLOR_BLUE
-#define TAG_KEY_SELECTED_HL          TRUE
-
-#define CHECK_FG                     COLOR_BLACK
-#define CHECK_BG                     COLOR_WHITE
-#define CHECK_HL                     FALSE
-
-#define CHECK_SELECTED_FG            COLOR_WHITE
-#define CHECK_SELECTED_BG            COLOR_BLUE
-#define CHECK_SELECTED_HL            TRUE
-
-#define UARROW_FG                    COLOR_GREEN
-#define UARROW_BG                    COLOR_WHITE
-#define UARROW_HL                    TRUE
-
-#define DARROW_FG                    COLOR_GREEN
-#define DARROW_BG                    COLOR_WHITE
-#define DARROW_HL                    TRUE
-
-/* End of default color definitions */
-
-#define C_ATTR(x,y)                  ((x ? A_BOLD : 0) | COLOR_PAIR((y)))
-#define COLOR_NAME_LEN               10
-#define COLOR_COUNT                  8
-
-/*
- * Global variables
- */
-
-typedef struct {
-    char name[COLOR_NAME_LEN];
-    int value;
-} color_names_st;
-
-extern color_names_st color_names[];
-extern int color_table[][3];
diff --git a/config/scripts/config/lxdialog/dialog.h b/config/scripts/config/lxdialog/dialog.h
deleted file mode 100644
index 7bab3ad0e1..0000000000
--- a/config/scripts/config/lxdialog/dialog.h
+++ /dev/null
@@ -1,199 +0,0 @@
-
-/*
- *  dialog.h -- common declarations for all dialog modules
- *
- *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include <sys/types.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef CURSES_LOC
-#ifdef __sun__
-#define CURS_MACROS
-#endif
-#include CURSES_LOC
-
-/*
- * Colors in ncurses 1.9.9e do not work properly since foreground and
- * background colors are OR'd rather than separately masked.  This version
- * of dialog was hacked to work with ncurses 1.9.9e, making it incompatible
- * with standard curses.  The simplest fix (to make this work with standard
- * curses) uses the wbkgdset() function, not used in the original hack.
- * Turn it off if we're building with 1.9.9e, since it just confuses things.
- */
-#if defined(NCURSES_VERSION) && defined(_NEED_WRAP) && !defined(GCC_PRINTFLIKE)
-#define OLD_NCURSES 1
-#undef  wbkgdset
-#define wbkgdset(w,p) /*nothing*/
-#else
-#define OLD_NCURSES 0
-#endif
-
-#define TR(params) _tracef params
-
-#define ESC 27
-#define TAB 9
-#define MAX_LEN 2048
-#define BUF_SIZE (10*1024)
-#define MIN(x,y) (x < y ? x : y)
-#define MAX(x,y) (x > y ? x : y)
-
-
-#ifndef ACS_ULCORNER
-#define ACS_ULCORNER '+'
-#endif
-#ifndef ACS_LLCORNER
-#define ACS_LLCORNER '+'
-#endif
-#ifndef ACS_URCORNER
-#define ACS_URCORNER '+'
-#endif
-#ifndef ACS_LRCORNER
-#define ACS_LRCORNER '+'
-#endif
-#ifndef ACS_HLINE
-#define ACS_HLINE '-'
-#endif
-#ifndef ACS_VLINE
-#define ACS_VLINE '|'
-#endif
-#ifndef ACS_LTEE
-#define ACS_LTEE '+'
-#endif
-#ifndef ACS_RTEE
-#define ACS_RTEE '+'
-#endif
-#ifndef ACS_UARROW
-#define ACS_UARROW '^'
-#endif
-#ifndef ACS_DARROW
-#define ACS_DARROW 'v'
-#endif
-
-/* 
- * Attribute names
- */
-#define screen_attr                   attributes[0]
-#define shadow_attr                   attributes[1]
-#define dialog_attr                   attributes[2]
-#define title_attr                    attributes[3]
-#define border_attr                   attributes[4]
-#define button_active_attr            attributes[5]
-#define button_inactive_attr          attributes[6]
-#define button_key_active_attr        attributes[7]
-#define button_key_inactive_attr      attributes[8]
-#define button_label_active_attr      attributes[9]
-#define button_label_inactive_attr    attributes[10]
-#define inputbox_attr                 attributes[11]
-#define inputbox_border_attr          attributes[12]
-#define searchbox_attr                attributes[13]
-#define searchbox_title_attr          attributes[14]
-#define searchbox_border_attr         attributes[15]
-#define position_indicator_attr       attributes[16]
-#define menubox_attr                  attributes[17]
-#define menubox_border_attr           attributes[18]
-#define item_attr                     attributes[19]
-#define item_selected_attr            attributes[20]
-#define tag_attr                      attributes[21]
-#define tag_selected_attr             attributes[22]
-#define tag_key_attr                  attributes[23]
-#define tag_key_selected_attr         attributes[24]
-#define check_attr                    attributes[25]
-#define check_selected_attr           attributes[26]
-#define uarrow_attr                   attributes[27]
-#define darrow_attr                   attributes[28]
-
-/* number of attributes */
-#define ATTRIBUTE_COUNT               29
-
-/*
- * Global variables
- */
-extern bool use_colors;
-
-extern chtype attributes[];
-#endif
-
-extern const char *backtitle;
-
-struct dialog_list_item {
-	char *name;
-	int namelen;
-	char *tag;
-	int selected; /* Set to 1 by dialog_*() function. */
-};
-
-/*
- * Function prototypes
- */
-
-void init_dialog (void);
-void end_dialog (void);
-void dialog_clear (void);
-#ifdef CURSES_LOC
-void attr_clear (WINDOW * win, int height, int width, chtype attr);
-void color_setup (void);
-void print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x);
-void print_button (WINDOW * win, const char *label, int y, int x, int selected);
-void draw_box (WINDOW * win, int y, int x, int height, int width, chtype box,
-		chtype border);
-void draw_shadow (WINDOW * win, int y, int x, int height, int width);
-#endif
-
-int first_alpha (const char *string, const char *exempt);
-int dialog_yesno (const char *title, const char *prompt, int height, int width);
-int dialog_msgbox (const char *title, const char *prompt, int height,
-		int width, int pause);
-int dialog_textbox (const char *title, const char *file, int height, int width);
-int dialog_menu (const char *title, const char *prompt, int height, int width,
-		int menu_height, const char *choice, int item_no, 
-		struct dialog_list_item ** items);
-int dialog_checklist (const char *title, const char *prompt, int height,
-		int width, int list_height, int item_no,
-		struct dialog_list_item ** items, int flag);
-extern unsigned char dialog_input_result[];
-int dialog_inputbox (const char *title, const char *prompt, int height,
-		int width, const char *init);
-
-struct dialog_list_item *first_sel_item(int item_no,
-		struct dialog_list_item ** items);
-
-/*
- * This is the base for fictitious keys, which activate
- * the buttons.
- *
- * Mouse-generated keys are the following:
- *   -- the first 32 are used as numbers, in addition to '0'-'9'
- *   -- the lowercase are used to signal mouse-enter events (M_EVENT + 'o')
- *   -- uppercase chars are used to invoke the button (M_EVENT + 'O')
- */
-#ifdef CURSES_LOC
-#define M_EVENT (KEY_MAX+1)
-#endif
-
-
-/*
- * The `flag' parameter in checklist is used to select between
- * radiolist and checklist
- */
-#define FLAG_CHECK 1
-#define FLAG_RADIO 0
diff --git a/config/scripts/config/lxdialog/inputbox.c b/config/scripts/config/lxdialog/inputbox.c
deleted file mode 100644
index fa7bebc693..0000000000
--- a/config/scripts/config/lxdialog/inputbox.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
- *  inputbox.c -- implements the input box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-unsigned char dialog_input_result[MAX_LEN + 1];
-
-/*
- *  Print the termination buttons
- */
-static void
-print_buttons(WINDOW *dialog, int height, int width, int selected)
-{
-    int x = width / 2 - 11;
-    int y = height - 2;
-
-    print_button (dialog, "  Ok  ", y, x, selected==0);
-    print_button (dialog, " Help ", y, x + 14, selected==1);
-
-    wmove(dialog, y, x+1+14*selected);
-    wrefresh(dialog);
-}
-
-/*
- * Display a dialog box for inputing a string
- */
-int
-dialog_inputbox (const char *title, const char *prompt, int height, int width,
-		 const char *init)
-{
-    int i, x, y, box_y, box_x, box_width;
-    int input_x = 0, scroll = 0, key = 0, button = -1;
-    unsigned char *instr = dialog_input_result;
-    WINDOW *dialog;
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-    wattrset (dialog, border_attr);
-    mvwaddch (dialog, height-3, 0, ACS_LTEE);
-    for (i = 0; i < width - 2; i++)
-	waddch (dialog, ACS_HLINE);
-    wattrset (dialog, dialog_attr);
-    waddch (dialog, ACS_RTEE);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-
-    wattrset (dialog, dialog_attr);
-    print_autowrap (dialog, prompt, width - 2, 1, 3);
-
-    /* Draw the input field box */
-    box_width = width - 6;
-    getyx (dialog, y, x);
-    box_y = y + 2;
-    box_x = (width - box_width) / 2;
-    draw_box (dialog, y + 1, box_x - 1, 3, box_width + 2,
-	      border_attr, dialog_attr);
-
-    print_buttons(dialog, height, width, 0);
-
-    /* Set up the initial value */
-    wmove (dialog, box_y, box_x);
-    wattrset (dialog, inputbox_attr);
-
-    if (!init)
-	instr[0] = '\0';
-    else
-	strcpy (instr, init);
-
-    input_x = strlen (instr);
-
-    if (input_x >= box_width) {
-	scroll = input_x - box_width + 1;
-	input_x = box_width - 1;
-	for (i = 0; i < box_width - 1; i++)
-	    waddch (dialog, instr[scroll + i]);
-    } else
-	waddstr (dialog, instr);
-
-    wmove (dialog, box_y, box_x + input_x);
-
-    wrefresh (dialog);
-
-    while (key != ESC) {
-	key = wgetch (dialog);
-
-	if (button == -1) {	/* Input box selected */
-	    switch (key) {
-	    case TAB:
-	    case KEY_UP:
-	    case KEY_DOWN:
-		break;
-	    case KEY_LEFT:
-		continue;
-	    case KEY_RIGHT:
-		continue;
-	    case KEY_BACKSPACE:
-	    case 127:
-		if (input_x || scroll) {
-		    wattrset (dialog, inputbox_attr);
-		    if (!input_x) {
-			scroll = scroll < box_width - 1 ?
-			    0 : scroll - (box_width - 1);
-			wmove (dialog, box_y, box_x);
-			for (i = 0; i < box_width; i++)
-			    waddch (dialog, instr[scroll + input_x + i] ?
-				    instr[scroll + input_x + i] : ' ');
-			input_x = strlen (instr) - scroll;
-		    } else
-			input_x--;
-		    instr[scroll + input_x] = '\0';
-		    mvwaddch (dialog, box_y, input_x + box_x, ' ');
-		    wmove (dialog, box_y, input_x + box_x);
-		    wrefresh (dialog);
-		}
-		continue;
-	    default:
-		if (key < 0x100 && isprint (key)) {
-		    if (scroll + input_x < MAX_LEN) {
-			wattrset (dialog, inputbox_attr);
-			instr[scroll + input_x] = key;
-			instr[scroll + input_x + 1] = '\0';
-			if (input_x == box_width - 1) {
-			    scroll++;
-			    wmove (dialog, box_y, box_x);
-			    for (i = 0; i < box_width - 1; i++)
-				waddch (dialog, instr[scroll + i]);
-			} else {
-			    wmove (dialog, box_y, input_x++ + box_x);
-			    waddch (dialog, key);
-			}
-			wrefresh (dialog);
-		    } else
-			flash ();	/* Alarm user about overflow */
-		    continue;
-		}
-	    }
-	}
-	switch (key) {
-	case 'O':
-	case 'o':
-	    delwin (dialog);
-	    return 0;
-	case 'H':
-	case 'h':
-	    delwin (dialog);
-	    return 1;
-	case KEY_UP:
-	case KEY_LEFT:
-	    switch (button) {
-	    case -1:
-		button = 1;	/* Indicates "Cancel" button is selected */
-		print_buttons(dialog, height, width, 1);
-		break;
-	    case 0:
-		button = -1;	/* Indicates input box is selected */
-		print_buttons(dialog, height, width, 0);
-		wmove (dialog, box_y, box_x + input_x);
-		wrefresh (dialog);
-		break;
-	    case 1:
-		button = 0;	/* Indicates "OK" button is selected */
-		print_buttons(dialog, height, width, 0);
-		break;
-	    }
-	    break;
-	case TAB:
-	case KEY_DOWN:
-	case KEY_RIGHT:
-	    switch (button) {
-	    case -1:
-		button = 0;	/* Indicates "OK" button is selected */
-		print_buttons(dialog, height, width, 0);
-		break;
-	    case 0:
-		button = 1;	/* Indicates "Cancel" button is selected */
-		print_buttons(dialog, height, width, 1);
-		break;
-	    case 1:
-		button = -1;	/* Indicates input box is selected */
-		print_buttons(dialog, height, width, 0);
-		wmove (dialog, box_y, box_x + input_x);
-		wrefresh (dialog);
-		break;
-	    }
-	    break;
-	case ' ':
-	case '\n':
-	    delwin (dialog);
-	    return (button == -1 ? 0 : button);
-	case 'X':
-	case 'x':
-	    key = ESC;
-	case ESC:
-	    break;
-	}
-    }
-
-    delwin (dialog);
-    return -1;			/* ESC pressed */
-}
diff --git a/config/scripts/config/lxdialog/menubox.c b/config/scripts/config/lxdialog/menubox.c
deleted file mode 100644
index 873dc587b8..0000000000
--- a/config/scripts/config/lxdialog/menubox.c
+++ /dev/null
@@ -1,438 +0,0 @@
-/*
- *  menubox.c -- implements the menu box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-/*
- *  Changes by Clifford Wolf (god@clifford.at)
- *
- *  [ 1998-06-13 ]
- *
- *    *)  A bugfix for the Page-Down problem
- *
- *    *)  Formerly when I used Page Down and Page Up, the cursor would be set 
- *        to the first position in the menu box.  Now lxdialog is a bit
- *        smarter and works more like other menu systems (just have a look at
- *        it).
- *
- *    *)  Formerly if I selected something my scrolling would be broken because
- *        lxdialog is re-invoked by the Menuconfig shell script, can't
- *        remember the last scrolling position, and just sets it so that the
- *        cursor is at the bottom of the box.  Now it writes the temporary file
- *        lxdialog.scrltmp which contains this information. The file is
- *        deleted by lxdialog if the user leaves a submenu or enters a new
- *        one, but it would be nice if Menuconfig could make another "rm -f"
- *        just to be sure.  Just try it out - you will recognise a difference!
- *
- *  [ 1998-06-14 ]
- *
- *    *)  Now lxdialog is crash-safe against broken "lxdialog.scrltmp" files
- *        and menus change their size on the fly.
- *
- *    *)  If for some reason the last scrolling position is not saved by
- *        lxdialog, it sets the scrolling so that the selected item is in the
- *        middle of the menu box, not at the bottom.
- *
- * 02 January 1999, Michael Elizabeth Chastain (mec@shout.net)
- * Reset 'scroll' to 0 if the value from lxdialog.scrltmp is bogus.
- * This fixes a bug in Menuconfig where using ' ' to descend into menus
- * would leave mis-synchronized lxdialog.scrltmp files lying around,
- * fscanf would read in 'scroll', and eventually that value would get used.
- */
-
-#include "dialog.h"
-
-static int menu_width, item_x;
-
-/*
- * Print menu item
- */
-static void
-print_item (WINDOW * win, const char *item, int choice, int selected, int hotkey)
-{
-    int j;
-    char menu_item[menu_width+1];
-
-    strncpy(menu_item, item, menu_width);
-    menu_item[menu_width] = 0;
-    j = first_alpha(menu_item, "YyNnMmHh");
-
-    /* Clear 'residue' of last item */
-    wattrset (win, menubox_attr);
-    wmove (win, choice, 0);
-#if OLD_NCURSES
-    {
-        int i;
-        for (i = 0; i < menu_width; i++)
-	    waddch (win, ' ');
-    }
-#else
-    wclrtoeol(win);
-#endif
-    wattrset (win, selected ? item_selected_attr : item_attr);
-    mvwaddstr (win, choice, item_x, menu_item);
-    if (hotkey) {
-    	wattrset (win, selected ? tag_key_selected_attr : tag_key_attr);
-    	mvwaddch(win, choice, item_x+j, menu_item[j]);
-    }
-    if (selected) {
-	wmove (win, choice, item_x+1);
-	wrefresh (win);
-    }
-}
-
-/*
- * Print the scroll indicators.
- */
-static void
-print_arrows (WINDOW * win, int item_no, int scroll,
-		int y, int x, int height)
-{
-    int cur_y, cur_x;
-
-    getyx(win, cur_y, cur_x);
-
-    wmove(win, y, x);
-
-    if (scroll > 0) {
-	wattrset (win, uarrow_attr);
-	waddch (win, ACS_UARROW);
-	waddstr (win, "(-)");
-    }
-    else {
-	wattrset (win, menubox_attr);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-    }
-
-   y = y + height + 1;
-   wmove(win, y, x);
-
-   if ((height < item_no) && (scroll + height < item_no)) {
-	wattrset (win, darrow_attr);
-	waddch (win, ACS_DARROW);
-	waddstr (win, "(+)");
-    }
-    else {
-	wattrset (win, menubox_border_attr);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-	waddch (win, ACS_HLINE);
-   }
-
-   wmove(win, cur_y, cur_x);
-}
-
-/*
- * Display the termination buttons.
- */
-static void
-print_buttons (WINDOW *win, int height, int width, int selected)
-{
-    int x = width / 2 - 16;
-    int y = height - 2;
-
-    print_button (win, "Select", y, x, selected == 0);
-    print_button (win, " Exit ", y, x + 12, selected == 1);
-    print_button (win, " Help ", y, x + 24, selected == 2);
-
-    wmove(win, y, x+1+12*selected);
-    wrefresh (win);
-}
-
-/*
- * Display a menu for choosing among a number of options
- */
-int
-dialog_menu (const char *title, const char *prompt, int height, int width,
-		int menu_height, const char *current, int item_no,
-		struct dialog_list_item ** items)
-{
-    int i, j, x, y, box_x, box_y;
-    int key = 0, button = 0, scroll = 0, choice = 0, first_item = 0, max_choice;
-    WINDOW *dialog, *menu;
-    FILE *f;
-
-    max_choice = MIN (menu_height, item_no);
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-    wattrset (dialog, border_attr);
-    mvwaddch (dialog, height - 3, 0, ACS_LTEE);
-    for (i = 0; i < width - 2; i++)
-	waddch (dialog, ACS_HLINE);
-    wattrset (dialog, dialog_attr);
-    wbkgdset (dialog, dialog_attr & A_COLOR);
-    waddch (dialog, ACS_RTEE);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-
-    wattrset (dialog, dialog_attr);
-    print_autowrap (dialog, prompt, width - 2, 1, 3);
-
-    menu_width = width - 6;
-    box_y = height - menu_height - 5;
-    box_x = (width - menu_width) / 2 - 1;
-
-    /* create new window for the menu */
-    menu = subwin (dialog, menu_height, menu_width,
-		y + box_y + 1, x + box_x + 1);
-    keypad (menu, TRUE);
-
-    /* draw a box around the menu items */
-    draw_box (dialog, box_y, box_x, menu_height + 2, menu_width + 2,
-	      menubox_border_attr, menubox_attr);
-
-    /*
-     * Find length of longest item in order to center menu.
-     * Set 'choice' to default item. 
-     */
-    item_x = 0;
-    for (i = 0; i < item_no; i++) {
-	item_x = MAX (item_x, MIN(menu_width, strlen (items[i]->name) + 2));
-	if (strcmp(current, items[i]->tag) == 0) choice = i;
-    }
-
-    item_x = (menu_width - item_x) / 2;
-
-    /* get the scroll info from the temp file */
-    if ( (f=fopen("lxdialog.scrltmp","r")) != NULL ) {
-	if ( (fscanf(f,"%d\n",&scroll) == 1) && (scroll <= choice) &&
-	     (scroll+max_choice > choice) && (scroll >= 0) &&
-	     (scroll+max_choice <= item_no) ) {
-	    first_item = scroll;
-	    choice = choice - scroll;
-	    fclose(f);
-	} else {
-	    scroll=0;
-	    remove("lxdialog.scrltmp");
-	    fclose(f);
-	    f=NULL;
-	}
-    }
-    if ( (choice >= max_choice) || (f==NULL && choice >= max_choice/2) ) {
-	if (choice >= item_no-max_choice/2)
-	    scroll = first_item = item_no-max_choice;
-	else
-	    scroll = first_item = choice - max_choice/2;
-	choice = choice - scroll;
-    }
-
-    /* Print the menu */
-    for (i=0; i < max_choice; i++) {
-	print_item (menu, items[first_item + i]->name, i, i == choice,
-                    (items[first_item + i]->tag[0] != ':'));
-    }
-
-    wnoutrefresh (menu);
-
-    print_arrows(dialog, item_no, scroll,
-		 box_y, box_x+item_x+1, menu_height);
-
-    print_buttons (dialog, height, width, 0);
-    wmove (menu, choice, item_x+1);
-    wrefresh (menu);
-
-    while (key != ESC) {
-	key = wgetch(menu);
-
-	if (key < 256 && isalpha(key)) key = tolower(key);
-
-	if (strchr("ynmh", key))
-		i = max_choice;
-	else {
-        for (i = choice+1; i < max_choice; i++) {
-		j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
-		if (key == tolower(items[scroll + i]->name[j]))
-                	break;
-	}
-	if (i == max_choice)
-       		for (i = 0; i < max_choice; i++) {
-			j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
-			if (key == tolower(items[scroll + i]->name[j]))
-                		break;
-		}
-	}
-
-	if (i < max_choice || 
-            key == KEY_UP || key == KEY_DOWN ||
-            key == '-' || key == '+' ||
-            key == KEY_PPAGE || key == KEY_NPAGE) {
-
-            print_item (menu, items[scroll + choice]->name, choice, FALSE,
-                       (items[scroll + choice]->tag[0] != ':'));
-
-	    if (key == KEY_UP || key == '-') {
-                if (choice < 2 && scroll) {
-	            /* Scroll menu down */
-                    scrollok (menu, TRUE);
-                    wscrl (menu, -1);
-                    scrollok (menu, FALSE);
-
-                    scroll--;
-
-                    print_item (menu, items[scroll]->name, 0, FALSE,
-                               (items[scroll]->tag[0] != ':'));
-		} else
-		    choice = MAX(choice - 1, 0);
-
-	    } else if (key == KEY_DOWN || key == '+')  {
-
-		print_item (menu, items[scroll + choice]->name, choice, FALSE,
-                                (items[scroll + choice]->tag[0] != ':'));
-
-                if ((choice > max_choice-3) &&
-                    (scroll + max_choice < item_no)
-                   ) {
-		    /* Scroll menu up */
-		    scrollok (menu, TRUE);
-                    scroll (menu);
-                    scrollok (menu, FALSE);
-
-                    scroll++;
-
-                    print_item (menu, items[scroll + max_choice - 1]->name,
-                               max_choice-1, FALSE,
-                               (items[scroll + max_choice - 1]->tag[0] != ':'));
-                } else
-                    choice = MIN(choice+1, max_choice-1);
-
-	    } else if (key == KEY_PPAGE) {
-	        scrollok (menu, TRUE);
-                for (i=0; (i < max_choice); i++) {
-                    if (scroll > 0) {
-                	wscrl (menu, -1);
-                	scroll--;
-                	print_item (menu, items[scroll]->name, 0, FALSE,
-                	(items[scroll]->tag[0] != ':'));
-                    } else {
-                        if (choice > 0)
-                            choice--;
-                    }
-                }
-                scrollok (menu, FALSE);
-
-            } else if (key == KEY_NPAGE) {
-                for (i=0; (i < max_choice); i++) {
-                    if (scroll+max_choice < item_no) {
-			scrollok (menu, TRUE);
-			scroll(menu);
-			scrollok (menu, FALSE);
-                	scroll++;
-                	print_item (menu, items[scroll + max_choice - 1]->name,
-			            max_choice-1, FALSE,
-			            (items[scroll + max_choice - 1]->tag[0] != ':'));
-		    } else {
-			if (choice+1 < max_choice)
-			    choice++;
-		    }
-                }
-
-            } else
-                choice = i;
-
-            print_item (menu, items[scroll + choice]->name, choice, TRUE,
-                       (items[scroll + choice]->tag[0] != ':'));
-
-            print_arrows(dialog, item_no, scroll,
-                         box_y, box_x+item_x+1, menu_height);
-
-            wnoutrefresh (dialog);
-            wrefresh (menu);
-
-	    continue;		/* wait for another key press */
-        }
-
-	switch (key) {
-	case KEY_LEFT:
-	case TAB:
-	case KEY_RIGHT:
-	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
-			? 2 : (button > 2 ? 0 : button);
-
-	    print_buttons(dialog, height, width, button);
-	    wrefresh (menu);
-	    break;
-	case ' ':
-	case 's':
-	case 'y':
-	case 'n':
-	case 'm':
-	case '/':
-	    /* save scroll info */
-	    if ( (f=fopen("lxdialog.scrltmp","w")) != NULL ) {
-		fprintf(f,"%d\n",scroll);
-		fclose(f);
-	    }
-	    delwin (dialog);
-            items[scroll + choice]->selected = 1;
-            switch (key) {
-            case 's': return 3;
-            case 'y': return 3;
-            case 'n': return 4;
-            case 'm': return 5;
-            case ' ': return 6;
-            case '/': return 7;
-            }
-	    return 0;
-	case 'h':
-	case '?':
-	    button = 2;
-	case '\n':
-	    delwin (dialog);
-	    items[scroll + choice]->selected = 1;
-
-	    remove("lxdialog.scrltmp");
-	    return button;
-	case 'e':
-	case 'x':
-	    key = ESC;
-	case ESC:
-	    break;
-	}
-    }
-
-    delwin (dialog);
-    remove("lxdialog.scrltmp");
-    return -1;			/* ESC pressed */
-}
diff --git a/config/scripts/config/lxdialog/msgbox.c b/config/scripts/config/lxdialog/msgbox.c
deleted file mode 100644
index 93692e1fbc..0000000000
--- a/config/scripts/config/lxdialog/msgbox.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *  msgbox.c -- implements the message box and info box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-/*
- * Display a message box. Program will pause and display an "OK" button
- * if the parameter 'pause' is non-zero.
- */
-int
-dialog_msgbox (const char *title, const char *prompt, int height, int width,
-		int pause)
-{
-    int i, x, y, key = 0;
-    WINDOW *dialog;
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-    wattrset (dialog, dialog_attr);
-    print_autowrap (dialog, prompt, width - 2, 1, 2);
-
-    if (pause) {
-	wattrset (dialog, border_attr);
-	mvwaddch (dialog, height - 3, 0, ACS_LTEE);
-	for (i = 0; i < width - 2; i++)
-	    waddch (dialog, ACS_HLINE);
-	wattrset (dialog, dialog_attr);
-	waddch (dialog, ACS_RTEE);
-
-	print_button (dialog, "  Ok  ",
-		      height - 2, width / 2 - 4, TRUE);
-
-	wrefresh (dialog);
-	while (key != ESC && key != '\n' && key != ' ' &&
-               key != 'O' && key != 'o' && key != 'X' && key != 'x')
-	    key = wgetch (dialog);
-    } else {
-	key = '\n';
-	wrefresh (dialog);
-    }
-
-    delwin (dialog);
-    return key == ESC ? -1 : 0;
-}
diff --git a/config/scripts/config/lxdialog/textbox.c b/config/scripts/config/lxdialog/textbox.c
deleted file mode 100644
index a5a460b5cc..0000000000
--- a/config/scripts/config/lxdialog/textbox.c
+++ /dev/null
@@ -1,556 +0,0 @@
-/*
- *  textbox.c -- implements the text box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-static void back_lines (int n);
-static void print_page (WINDOW * win, int height, int width);
-static void print_line (WINDOW * win, int row, int width);
-static char *get_line (void);
-static void print_position (WINDOW * win, int height, int width);
-
-static int hscroll, fd, file_size, bytes_read;
-static int begin_reached = 1, end_reached, page_length;
-static char *buf, *page;
-
-/*
- * Display text from a file in a dialog box.
- */
-int
-dialog_textbox (const char *title, const char *file, int height, int width)
-{
-    int i, x, y, cur_x, cur_y, fpos, key = 0;
-    int passed_end;
-    char search_term[MAX_LEN + 1];
-    WINDOW *dialog, *text;
-
-    search_term[0] = '\0';	/* no search term entered yet */
-
-    /* Open input file for reading */
-    if ((fd = open (file, O_RDONLY)) == -1) {
-	endwin ();
-	fprintf (stderr,
-		 "\nCan't open input file in dialog_textbox().\n");
-	exit (-1);
-    }
-    /* Get file size. Actually, 'file_size' is the real file size - 1,
-       since it's only the last byte offset from the beginning */
-    if ((file_size = lseek (fd, 0, SEEK_END)) == -1) {
-	endwin ();
-	fprintf (stderr, "\nError getting file size in dialog_textbox().\n");
-	exit (-1);
-    }
-    /* Restore file pointer to beginning of file after getting file size */
-    if (lseek (fd, 0, SEEK_SET) == -1) {
-	endwin ();
-	fprintf (stderr, "\nError moving file pointer in dialog_textbox().\n");
-	exit (-1);
-    }
-    /* Allocate space for read buffer */
-    if ((buf = malloc (BUF_SIZE + 1)) == NULL) {
-	endwin ();
-	fprintf (stderr, "\nCan't allocate memory in dialog_textbox().\n");
-	exit (-1);
-    }
-    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-	endwin ();
-	fprintf (stderr, "\nError reading file in dialog_textbox().\n");
-	exit (-1);
-    }
-    buf[bytes_read] = '\0';	/* mark end of valid data */
-    page = buf;			/* page is pointer to start of page to be displayed */
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    /* Create window for text region, used for scrolling text */
-    text = subwin (dialog, height - 4, width - 2, y + 1, x + 1);
-    wattrset (text, dialog_attr);
-    wbkgdset (text, dialog_attr & A_COLOR);
-
-    keypad (text, TRUE);
-
-    /* register the new window, along with its borders */
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-
-    wattrset (dialog, border_attr);
-    mvwaddch (dialog, height-3, 0, ACS_LTEE);
-    for (i = 0; i < width - 2; i++)
-	waddch (dialog, ACS_HLINE);
-    wattrset (dialog, dialog_attr);
-    wbkgdset (dialog, dialog_attr & A_COLOR);
-    waddch (dialog, ACS_RTEE);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-    print_button (dialog, " Exit ", height - 2, width / 2 - 4, TRUE);
-    wnoutrefresh (dialog);
-    getyx (dialog, cur_y, cur_x);	/* Save cursor position */
-
-    /* Print first page of text */
-    attr_clear (text, height - 4, width - 2, dialog_attr);
-    print_page (text, height - 4, width - 2);
-    print_position (dialog, height, width);
-    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
-    wrefresh (dialog);
-
-    while ((key != ESC) && (key != '\n')) {
-	key = wgetch (dialog);
-	switch (key) {
-	case 'E':		/* Exit */
-	case 'e':
-	case 'X':
-	case 'x':
-	    delwin (dialog);
-	    free (buf);
-	    close (fd);
-	    return 0;
-	case 'g':		/* First page */
-	case KEY_HOME:
-	    if (!begin_reached) {
-		begin_reached = 1;
-		/* First page not in buffer? */
-		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-		    endwin ();
-		    fprintf (stderr,
-		      "\nError moving file pointer in dialog_textbox().\n");
-		    exit (-1);
-		}
-		if (fpos > bytes_read) {	/* Yes, we have to read it in */
-		    if (lseek (fd, 0, SEEK_SET) == -1) {
-			endwin ();
-			fprintf (stderr, "\nError moving file pointer in "
-				 "dialog_textbox().\n");
-			exit (-1);
-		    }
-		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-			endwin ();
-			fprintf (stderr,
-			     "\nError reading file in dialog_textbox().\n");
-			exit (-1);
-		    }
-		    buf[bytes_read] = '\0';
-		}
-		page = buf;
-		print_page (text, height - 4, width - 2);
-		print_position (dialog, height, width);
-		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
-		wrefresh (dialog);
-	    }
-	    break;
-	case 'G':		/* Last page */
-	case KEY_END:
-
-	    end_reached = 1;
-	    /* Last page not in buffer? */
-	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-		endwin ();
-		fprintf (stderr,
-		      "\nError moving file pointer in dialog_textbox().\n");
-		exit (-1);
-	    }
-	    if (fpos < file_size) {	/* Yes, we have to read it in */
-		if (lseek (fd, -BUF_SIZE, SEEK_END) == -1) {
-		    endwin ();
-		    fprintf (stderr,
-		      "\nError moving file pointer in dialog_textbox().\n");
-		    exit (-1);
-		}
-		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-		    endwin ();
-		    fprintf (stderr,
-			     "\nError reading file in dialog_textbox().\n");
-		    exit (-1);
-		}
-		buf[bytes_read] = '\0';
-	    }
-	    page = buf + bytes_read;
-	    back_lines (height - 4);
-	    print_page (text, height - 4, width - 2);
-	    print_position (dialog, height, width);
-	    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
-	    wrefresh (dialog);
-	    break;
-	case 'K':		/* Previous line */
-	case 'k':
-	case KEY_UP:
-	    if (!begin_reached) {
-		back_lines (page_length + 1);
-
-		/* We don't call print_page() here but use scrolling to ensure
-		   faster screen update. However, 'end_reached' and
-		   'page_length' should still be updated, and 'page' should
-		   point to start of next page. This is done by calling
-		   get_line() in the following 'for' loop. */
-		scrollok (text, TRUE);
-		wscrl (text, -1);	/* Scroll text region down one line */
-		scrollok (text, FALSE);
-		page_length = 0;
-		passed_end = 0;
-		for (i = 0; i < height - 4; i++) {
-		    if (!i) {
-			/* print first line of page */
-			print_line (text, 0, width - 2);
-			wnoutrefresh (text);
-		    } else
-			/* Called to update 'end_reached' and 'page' */
-			get_line ();
-		    if (!passed_end)
-			page_length++;
-		    if (end_reached && !passed_end)
-			passed_end = 1;
-		}
-
-		print_position (dialog, height, width);
-		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
-		wrefresh (dialog);
-	    }
-	    break;
-	case 'B':		/* Previous page */
-	case 'b':
-	case KEY_PPAGE:
-	    if (begin_reached)
-		break;
-	    back_lines (page_length + height - 4);
-	    print_page (text, height - 4, width - 2);
-	    print_position (dialog, height, width);
-	    wmove (dialog, cur_y, cur_x);
-	    wrefresh (dialog);
-	    break;
-	case 'J':		/* Next line */
-	case 'j':
-	case KEY_DOWN:
-	    if (!end_reached) {
-		begin_reached = 0;
-		scrollok (text, TRUE);
-		scroll (text);	/* Scroll text region up one line */
-		scrollok (text, FALSE);
-		print_line (text, height - 5, width - 2);
-		wnoutrefresh (text);
-		print_position (dialog, height, width);
-		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
-		wrefresh (dialog);
-	    }
-	    break;
-	case KEY_NPAGE:		/* Next page */
-	case ' ':
-	    if (end_reached)
-		break;
-
-	    begin_reached = 0;
-	    print_page (text, height - 4, width - 2);
-	    print_position (dialog, height, width);
-	    wmove (dialog, cur_y, cur_x);
-	    wrefresh (dialog);
-	    break;
-	case '0':		/* Beginning of line */
-	case 'H':		/* Scroll left */
-	case 'h':
-	case KEY_LEFT:
-	    if (hscroll <= 0)
-		break;
-
-	    if (key == '0')
-		hscroll = 0;
-	    else
-		hscroll--;
-	    /* Reprint current page to scroll horizontally */
-	    back_lines (page_length);
-	    print_page (text, height - 4, width - 2);
-	    wmove (dialog, cur_y, cur_x);
-	    wrefresh (dialog);
-	    break;
-	case 'L':		/* Scroll right */
-	case 'l':
-	case KEY_RIGHT:
-	    if (hscroll >= MAX_LEN)
-		break;
-	    hscroll++;
-	    /* Reprint current page to scroll horizontally */
-	    back_lines (page_length);
-	    print_page (text, height - 4, width - 2);
-	    wmove (dialog, cur_y, cur_x);
-	    wrefresh (dialog);
-	    break;
-	case ESC:
-	    break;
-	}
-    }
-
-    delwin (dialog);
-    free (buf);
-    close (fd);
-    return 1;			/* ESC pressed */
-}
-
-/*
- * Go back 'n' lines in text file. Called by dialog_textbox().
- * 'page' will be updated to point to the desired line in 'buf'.
- */
-static void
-back_lines (int n)
-{
-    int i, fpos;
-
-    begin_reached = 0;
-    /* We have to distinguish between end_reached and !end_reached
-       since at end of file, the line is not ended by a '\n'.
-       The code inside 'if' basically does a '--page' to move one
-       character backward so as to skip '\n' of the previous line */
-    if (!end_reached) {
-	/* Either beginning of buffer or beginning of file reached? */
-	if (page == buf) {
-	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-		endwin ();
-		fprintf (stderr, "\nError moving file pointer in "
-			 "back_lines().\n");
-		exit (-1);
-	    }
-	    if (fpos > bytes_read) {	/* Not beginning of file yet */
-		/* We've reached beginning of buffer, but not beginning of
-		   file yet, so read previous part of file into buffer.
-		   Note that we only move backward for BUF_SIZE/2 bytes,
-		   but not BUF_SIZE bytes to avoid re-reading again in
-		   print_page() later */
-		/* Really possible to move backward BUF_SIZE/2 bytes? */
-		if (fpos < BUF_SIZE / 2 + bytes_read) {
-		    /* No, move less then */
-		    if (lseek (fd, 0, SEEK_SET) == -1) {
-			endwin ();
-			fprintf (stderr, "\nError moving file pointer in "
-				 "back_lines().\n");
-			exit (-1);
-		    }
-		    page = buf + fpos - bytes_read;
-		} else {	/* Move backward BUF_SIZE/2 bytes */
-		    if (lseek (fd, -(BUF_SIZE / 2 + bytes_read), SEEK_CUR)
-			== -1) {
-			endwin ();
-			fprintf (stderr, "\nError moving file pointer "
-				 "in back_lines().\n");
-			exit (-1);
-		    }
-		    page = buf + BUF_SIZE / 2;
-		}
-		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-		    endwin ();
-		    fprintf (stderr, "\nError reading file in back_lines().\n");
-		    exit (-1);
-		}
-		buf[bytes_read] = '\0';
-	    } else {		/* Beginning of file reached */
-		begin_reached = 1;
-		return;
-	    }
-	}
-	if (*(--page) != '\n') {	/* '--page' here */
-	    /* Something's wrong... */
-	    endwin ();
-	    fprintf (stderr, "\nInternal error in back_lines().\n");
-	    exit (-1);
-	}
-    }
-    /* Go back 'n' lines */
-    for (i = 0; i < n; i++)
-	do {
-	    if (page == buf) {
-		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-		    endwin ();
-		    fprintf (stderr,
-			  "\nError moving file pointer in back_lines().\n");
-		    exit (-1);
-		}
-		if (fpos > bytes_read) {
-		    /* Really possible to move backward BUF_SIZE/2 bytes? */
-		    if (fpos < BUF_SIZE / 2 + bytes_read) {
-			/* No, move less then */
-			if (lseek (fd, 0, SEEK_SET) == -1) {
-			    endwin ();
-			    fprintf (stderr, "\nError moving file pointer "
-				     "in back_lines().\n");
-			    exit (-1);
-			}
-			page = buf + fpos - bytes_read;
-		    } else {	/* Move backward BUF_SIZE/2 bytes */
-			if (lseek (fd, -(BUF_SIZE / 2 + bytes_read),
-				   SEEK_CUR) == -1) {
-			    endwin ();
-			    fprintf (stderr, "\nError moving file pointer"
-				     " in back_lines().\n");
-			    exit (-1);
-			}
-			page = buf + BUF_SIZE / 2;
-		    }
-		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-			endwin ();
-			fprintf (stderr, "\nError reading file in "
-				 "back_lines().\n");
-			exit (-1);
-		    }
-		    buf[bytes_read] = '\0';
-		} else {	/* Beginning of file reached */
-		    begin_reached = 1;
-		    return;
-		}
-	    }
-	} while (*(--page) != '\n');
-    page++;
-}
-
-/*
- * Print a new page of text. Called by dialog_textbox().
- */
-static void
-print_page (WINDOW * win, int height, int width)
-{
-    int i, passed_end = 0;
-
-    page_length = 0;
-    for (i = 0; i < height; i++) {
-	print_line (win, i, width);
-	if (!passed_end)
-	    page_length++;
-	if (end_reached && !passed_end)
-	    passed_end = 1;
-    }
-    wnoutrefresh (win);
-}
-
-/*
- * Print a new line of text. Called by dialog_textbox() and print_page().
- */
-static void
-print_line (WINDOW * win, int row, int width)
-{
-    int y, x;
-    char *line;
-
-    line = get_line ();
-    line += MIN (strlen (line), hscroll);	/* Scroll horizontally */
-    wmove (win, row, 0);	/* move cursor to correct line */
-    waddch (win, ' ');
-    waddnstr (win, line, MIN (strlen (line), width - 2));
-
-    getyx (win, y, x);
-    /* Clear 'residue' of previous line */
-#if OLD_NCURSES
-    {
-        int i;
-        for (i = 0; i < width - x; i++)
-	    waddch (win, ' ');
-    }
-#else
-    wclrtoeol(win);
-#endif
-}
-
-/*
- * Return current line of text. Called by dialog_textbox() and print_line().
- * 'page' should point to start of current line before calling, and will be
- * updated to point to start of next line.
- */
-static char *
-get_line (void)
-{
-    int i = 0, fpos;
-    static char line[MAX_LEN + 1];
-
-    end_reached = 0;
-    while (*page != '\n') {
-	if (*page == '\0') {
-	    /* Either end of file or end of buffer reached */
-	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-		endwin ();
-		fprintf (stderr, "\nError moving file pointer in "
-			 "get_line().\n");
-		exit (-1);
-	    }
-	    if (fpos < file_size) {	/* Not end of file yet */
-		/* We've reached end of buffer, but not end of file yet,
-		   so read next part of file into buffer */
-		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
-		    endwin ();
-		    fprintf (stderr, "\nError reading file in get_line().\n");
-		    exit (-1);
-		}
-		buf[bytes_read] = '\0';
-		page = buf;
-	    } else {
-		if (!end_reached)
-		    end_reached = 1;
-		break;
-	    }
-	} else if (i < MAX_LEN)
-	    line[i++] = *(page++);
-	else {
-	    /* Truncate lines longer than MAX_LEN characters */
-	    if (i == MAX_LEN)
-		line[i++] = '\0';
-	    page++;
-	}
-    }
-    if (i <= MAX_LEN)
-	line[i] = '\0';
-    if (!end_reached)
-	page++;			/* move pass '\n' */
-
-    return line;
-}
-
-/*
- * Print current position
- */
-static void
-print_position (WINDOW * win, int height, int width)
-{
-    int fpos, percent;
-
-    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
-	endwin ();
-	fprintf (stderr, "\nError moving file pointer in print_position().\n");
-	exit (-1);
-    }
-    wattrset (win, position_indicator_attr);
-    wbkgdset (win, position_indicator_attr & A_COLOR);
-    percent = !file_size ?
-	100 : ((fpos - bytes_read + page - buf) * 100) / file_size;
-    wmove (win, height - 3, width - 9);
-    wprintw (win, "(%3d%%)", percent);
-}
diff --git a/config/scripts/config/lxdialog/util.c b/config/scripts/config/lxdialog/util.c
deleted file mode 100644
index 6f83951b90..0000000000
--- a/config/scripts/config/lxdialog/util.c
+++ /dev/null
@@ -1,375 +0,0 @@
-/*
- *  util.c
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-
-/* use colors by default? */
-bool use_colors = 1;
-
-const char *backtitle = NULL;
-
-const char *dialog_result;
-
-/* 
- * Attribute values, default is for mono display
- */
-chtype attributes[] =
-{
-    A_NORMAL,			/* screen_attr */
-    A_NORMAL,			/* shadow_attr */
-    A_NORMAL,			/* dialog_attr */
-    A_BOLD,			/* title_attr */
-    A_NORMAL,			/* border_attr */
-    A_REVERSE,			/* button_active_attr */
-    A_DIM,			/* button_inactive_attr */
-    A_REVERSE,			/* button_key_active_attr */
-    A_BOLD,			/* button_key_inactive_attr */
-    A_REVERSE,			/* button_label_active_attr */
-    A_NORMAL,			/* button_label_inactive_attr */
-    A_NORMAL,			/* inputbox_attr */
-    A_NORMAL,			/* inputbox_border_attr */
-    A_NORMAL,			/* searchbox_attr */
-    A_BOLD,			/* searchbox_title_attr */
-    A_NORMAL,			/* searchbox_border_attr */
-    A_BOLD,			/* position_indicator_attr */
-    A_NORMAL,			/* menubox_attr */
-    A_NORMAL,			/* menubox_border_attr */
-    A_NORMAL,			/* item_attr */
-    A_REVERSE,			/* item_selected_attr */
-    A_BOLD,			/* tag_attr */
-    A_REVERSE,			/* tag_selected_attr */
-    A_BOLD,			/* tag_key_attr */
-    A_REVERSE,			/* tag_key_selected_attr */
-    A_BOLD,			/* check_attr */
-    A_REVERSE,			/* check_selected_attr */
-    A_BOLD,			/* uarrow_attr */
-    A_BOLD			/* darrow_attr */
-};
-
-
-#include "colors.h"
-
-/*
- * Table of color values
- */
-int color_table[][3] =
-{
-    {SCREEN_FG, SCREEN_BG, SCREEN_HL},
-    {SHADOW_FG, SHADOW_BG, SHADOW_HL},
-    {DIALOG_FG, DIALOG_BG, DIALOG_HL},
-    {TITLE_FG, TITLE_BG, TITLE_HL},
-    {BORDER_FG, BORDER_BG, BORDER_HL},
-    {BUTTON_ACTIVE_FG, BUTTON_ACTIVE_BG, BUTTON_ACTIVE_HL},
-    {BUTTON_INACTIVE_FG, BUTTON_INACTIVE_BG, BUTTON_INACTIVE_HL},
-    {BUTTON_KEY_ACTIVE_FG, BUTTON_KEY_ACTIVE_BG, BUTTON_KEY_ACTIVE_HL},
-    {BUTTON_KEY_INACTIVE_FG, BUTTON_KEY_INACTIVE_BG, BUTTON_KEY_INACTIVE_HL},
-    {BUTTON_LABEL_ACTIVE_FG, BUTTON_LABEL_ACTIVE_BG, BUTTON_LABEL_ACTIVE_HL},
-    {BUTTON_LABEL_INACTIVE_FG, BUTTON_LABEL_INACTIVE_BG,
-     BUTTON_LABEL_INACTIVE_HL},
-    {INPUTBOX_FG, INPUTBOX_BG, INPUTBOX_HL},
-    {INPUTBOX_BORDER_FG, INPUTBOX_BORDER_BG, INPUTBOX_BORDER_HL},
-    {SEARCHBOX_FG, SEARCHBOX_BG, SEARCHBOX_HL},
-    {SEARCHBOX_TITLE_FG, SEARCHBOX_TITLE_BG, SEARCHBOX_TITLE_HL},
-    {SEARCHBOX_BORDER_FG, SEARCHBOX_BORDER_BG, SEARCHBOX_BORDER_HL},
-    {POSITION_INDICATOR_FG, POSITION_INDICATOR_BG, POSITION_INDICATOR_HL},
-    {MENUBOX_FG, MENUBOX_BG, MENUBOX_HL},
-    {MENUBOX_BORDER_FG, MENUBOX_BORDER_BG, MENUBOX_BORDER_HL},
-    {ITEM_FG, ITEM_BG, ITEM_HL},
-    {ITEM_SELECTED_FG, ITEM_SELECTED_BG, ITEM_SELECTED_HL},
-    {TAG_FG, TAG_BG, TAG_HL},
-    {TAG_SELECTED_FG, TAG_SELECTED_BG, TAG_SELECTED_HL},
-    {TAG_KEY_FG, TAG_KEY_BG, TAG_KEY_HL},
-    {TAG_KEY_SELECTED_FG, TAG_KEY_SELECTED_BG, TAG_KEY_SELECTED_HL},
-    {CHECK_FG, CHECK_BG, CHECK_HL},
-    {CHECK_SELECTED_FG, CHECK_SELECTED_BG, CHECK_SELECTED_HL},
-    {UARROW_FG, UARROW_BG, UARROW_HL},
-    {DARROW_FG, DARROW_BG, DARROW_HL},
-};				/* color_table */
-
-/*
- * Set window to attribute 'attr'
- */
-void
-attr_clear (WINDOW * win, int height, int width, chtype attr)
-{
-    int i, j;
-
-    wattrset (win, attr);
-    for (i = 0; i < height; i++) {
-	wmove (win, i, 0);
-	for (j = 0; j < width; j++)
-	    waddch (win, ' ');
-    }
-    touchwin (win);
-}
-
-void dialog_clear (void)
-{
-    attr_clear (stdscr, LINES, COLS, screen_attr);
-    /* Display background title if it exists ... - SLH */
-    if (backtitle != NULL) {
-        int i;
-
-        wattrset (stdscr, screen_attr);
-        mvwaddstr (stdscr, 0, 1, (char *)backtitle);
-        wmove (stdscr, 1, 1);
-        for (i = 1; i < COLS - 1; i++)
-            waddch (stdscr, ACS_HLINE);
-    }
-    wnoutrefresh (stdscr);
-}
-
-/*
- * Do some initialization for dialog
- */
-void
-init_dialog (void)
-{
-    initscr ();			/* Init curses */
-    keypad (stdscr, TRUE);
-    cbreak ();
-    noecho ();
-
-
-    if (use_colors)	/* Set up colors */
-	color_setup ();
-
-
-    dialog_clear ();
-}
-
-/*
- * Setup for color display
- */
-void
-color_setup (void)
-{
-    int i;
-
-    if (has_colors ()) {	/* Terminal supports color? */
-	start_color ();
-
-	/* Initialize color pairs */
-	for (i = 0; i < ATTRIBUTE_COUNT; i++)
-	    init_pair (i + 1, color_table[i][0], color_table[i][1]);
-
-	/* Setup color attributes */
-	for (i = 0; i < ATTRIBUTE_COUNT; i++)
-	    attributes[i] = C_ATTR (color_table[i][2], i + 1);
-    }
-}
-
-/*
- * End using dialog functions.
- */
-void
-end_dialog (void)
-{
-    endwin ();
-}
-
-
-/*
- * Print a string of text in a window, automatically wrap around to the
- * next line if the string is too long to fit on one line. Newline
- * characters '\n' are replaced by spaces.  We start on a new line
- * if there is no room for at least 4 nonblanks following a double-space.
- */
-void
-print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x)
-{
-    int newl, cur_x, cur_y;
-    int i, prompt_len, room, wlen;
-    char tempstr[MAX_LEN + 1], *word, *sp, *sp2;
-
-    strcpy (tempstr, prompt);
-
-    prompt_len = strlen(tempstr);
-	
-    /*
-     * Remove newlines
-     */
-    for(i=0; i<prompt_len; i++) {
-	if(tempstr[i] == '\n') tempstr[i] = ' ';
-    }
-
-    if (prompt_len <= width - x * 2) {	/* If prompt is short */
-	wmove (win, y, (width - prompt_len) / 2);
-	waddstr (win, tempstr);
-    } else {
-	cur_x = x;
-	cur_y = y;
-	newl = 1;
-	word = tempstr;
-	while (word && *word) {
-	    sp = index(word, ' ');
-	    if (sp)
-	        *sp++ = 0;
-
-	    /* Wrap to next line if either the word does not fit,
-	       or it is the first word of a new sentence, and it is
-	       short, and the next word does not fit. */
-	    room = width - cur_x;
-	    wlen = strlen(word);
-	    if (wlen > room ||
-	       (newl && wlen < 4 && sp && wlen+1+strlen(sp) > room
-		     && (!(sp2 = index(sp, ' ')) || wlen+1+(sp2-sp) > room))) {
-		cur_y++;
-		cur_x = x;
-	    }
-	    wmove (win, cur_y, cur_x);
-	    waddstr (win, word);
-	    getyx (win, cur_y, cur_x);
-	    cur_x++;
-	    if (sp && *sp == ' ') {
-	        cur_x++;	/* double space */
-		while (*++sp == ' ');
-		newl = 1;
-	    } else
-	        newl = 0;
-	    word = sp;
-	}
-    }
-}
-
-/*
- * Print a button
- */
-void
-print_button (WINDOW * win, const char *label, int y, int x, int selected)
-{
-    int i, temp;
-
-    wmove (win, y, x);
-    wattrset (win, selected ? button_active_attr : button_inactive_attr);
-    waddstr (win, "<");
-    temp = strspn (label, " ");
-    label += temp;
-    wattrset (win, selected ? button_label_active_attr
-	      : button_label_inactive_attr);
-    for (i = 0; i < temp; i++)
-	waddch (win, ' ');
-    wattrset (win, selected ? button_key_active_attr
-	      : button_key_inactive_attr);
-    waddch (win, label[0]);
-    wattrset (win, selected ? button_label_active_attr
-	      : button_label_inactive_attr);
-    waddstr (win, (char *)label + 1);
-    wattrset (win, selected ? button_active_attr : button_inactive_attr);
-    waddstr (win, ">");
-    wmove (win, y, x + temp + 1);
-}
-
-/*
- * Draw a rectangular box with line drawing characters
- */
-void
-draw_box (WINDOW * win, int y, int x, int height, int width,
-	  chtype box, chtype border)
-{
-    int i, j;
-
-    wattrset (win, 0);
-    for (i = 0; i < height; i++) {
-	wmove (win, y + i, x);
-	for (j = 0; j < width; j++)
-	    if (!i && !j)
-		waddch (win, border | ACS_ULCORNER);
-	    else if (i == height - 1 && !j)
-		waddch (win, border | ACS_LLCORNER);
-	    else if (!i && j == width - 1)
-		waddch (win, box | ACS_URCORNER);
-	    else if (i == height - 1 && j == width - 1)
-		waddch (win, box | ACS_LRCORNER);
-	    else if (!i)
-		waddch (win, border | ACS_HLINE);
-	    else if (i == height - 1)
-		waddch (win, box | ACS_HLINE);
-	    else if (!j)
-		waddch (win, border | ACS_VLINE);
-	    else if (j == width - 1)
-		waddch (win, box | ACS_VLINE);
-	    else
-		waddch (win, box | ' ');
-    }
-}
-
-/*
- * Draw shadows along the right and bottom edge to give a more 3D look
- * to the boxes
- */
-void
-draw_shadow (WINDOW * win, int y, int x, int height, int width)
-{
-    int i;
-
-    if (has_colors ()) {	/* Whether terminal supports color? */
-	wattrset (win, shadow_attr);
-	wmove (win, y + height, x + 2);
-	for (i = 0; i < width; i++)
-	    waddch (win, winch (win) & A_CHARTEXT);
-	for (i = y + 1; i < y + height + 1; i++) {
-	    wmove (win, i, x + width);
-	    waddch (win, winch (win) & A_CHARTEXT);
-	    waddch (win, winch (win) & A_CHARTEXT);
-	}
-	wnoutrefresh (win);
-    }
-}
-
-/*
- *  Return the position of the first alphabetic character in a string.
- */
-int
-first_alpha(const char *string, const char *exempt)
-{
-	int i, in_paren=0, c;
-
-	for (i = 0; i < strlen(string); i++) {
-		c = tolower(string[i]);
-
-		if (strchr("<[(", c)) ++in_paren;
-		if (strchr(">])", c) && in_paren > 0) --in_paren;
-
-		if ((! in_paren) && isalpha(c) && 
-		     strchr(exempt, c) == 0)
-			return i;
-	}
-
-	return 0;
-}
-
-/*
- * Get the first selected item in the dialog_list_item list.
- */
-struct dialog_list_item *
-first_sel_item(int item_no, struct dialog_list_item ** items)
-{
-	int i;
-
-	for (i = 0; i < item_no; i++) {
-		if (items[i]->selected)
-			return items[i];
-	}
-
-	return NULL;
-}
diff --git a/config/scripts/config/lxdialog/yesno.c b/config/scripts/config/lxdialog/yesno.c
deleted file mode 100644
index 11fcc25f51..0000000000
--- a/config/scripts/config/lxdialog/yesno.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- *  yesno.c -- implements the yes/no box
- *
- *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
- *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
- *
- *  This program is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU General Public License
- *  as published by the Free Software Foundation; either version 2
- *  of the License, or (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "dialog.h"
-
-/*
- * Display termination buttons
- */
-static void
-print_buttons(WINDOW *dialog, int height, int width, int selected)
-{
-    int x = width / 2 - 10;
-    int y = height - 2;
-
-    print_button (dialog, " Yes ", y, x, selected == 0);
-    print_button (dialog, "  No  ", y, x + 13, selected == 1);
-
-    wmove(dialog, y, x+1 + 13*selected );
-    wrefresh (dialog);
-}
-
-/*
- * Display a dialog box with two buttons - Yes and No
- */
-int
-dialog_yesno (const char *title, const char *prompt, int height, int width)
-{
-    int i, x, y, key = 0, button = 0;
-    WINDOW *dialog;
-
-    /* center dialog box on screen */
-    x = (COLS - width) / 2;
-    y = (LINES - height) / 2;
-
-    draw_shadow (stdscr, y, x, height, width);
-
-    dialog = newwin (height, width, y, x);
-    keypad (dialog, TRUE);
-
-    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
-    wattrset (dialog, border_attr);
-    mvwaddch (dialog, height-3, 0, ACS_LTEE);
-    for (i = 0; i < width - 2; i++)
-	waddch (dialog, ACS_HLINE);
-    wattrset (dialog, dialog_attr);
-    waddch (dialog, ACS_RTEE);
-
-    if (title != NULL && strlen(title) >= width-2 ) {
-	/* truncate long title -- mec */
-	char * title2 = malloc(width-2+1);
-	memcpy( title2, title, width-2 );
-	title2[width-2] = '\0';
-	title = title2;
-    }
-
-    if (title != NULL) {
-	wattrset (dialog, title_attr);
-	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
-	waddstr (dialog, (char *)title);
-	waddch (dialog, ' ');
-    }
-
-    wattrset (dialog, dialog_attr);
-    print_autowrap (dialog, prompt, width - 2, 1, 3);
-
-    print_buttons(dialog, height, width, 0);
-
-    while (key != ESC) {
-	key = wgetch (dialog);
-	switch (key) {
-	case 'Y':
-	case 'y':
-	    delwin (dialog);
-	    return 0;
-	case 'N':
-	case 'n':
-	    delwin (dialog);
-	    return 1;
-
-	case TAB:
-	case KEY_LEFT:
-	case KEY_RIGHT:
-	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
-			? 1 : (button > 1 ? 0 : button);
-
-	    print_buttons(dialog, height, width, button);
-	    wrefresh (dialog);
-	    break;
-	case ' ':
-	case '\n':
-	    delwin (dialog);
-	    return button;
-	case ESC:
-	    break;
-	}
-    }
-
-    delwin (dialog);
-    return -1;			/* ESC pressed */
-}
diff --git a/config/scripts/config/mconf.c b/config/scripts/config/mconf.c
deleted file mode 100644
index 406eb29c3b..0000000000
--- a/config/scripts/config/mconf.c
+++ /dev/null
@@ -1,977 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- *
- * Introduced single menu mode (show all sub-menus in one large tree).
- * 2002-11-06 Petr Baudis <pasky@ucw.cz>
- *
- * Directly use liblxdialog library routines.
- * 2002-11-14 Petr Baudis <pasky@ucw.cz>
- */
-
-#include <sys/ioctl.h>
-#include <sys/wait.h>
-#include <sys/termios.h>
-#include <ctype.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <signal.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <termios.h>
-#include <unistd.h>
-
-#include "lxdialog/dialog.h"
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-static char menu_backtitle[128];
-static const char mconf_readme[] =
-"Overview\n"
-"--------\n"
-"Some features may be built directly into axTLS.  Some features\n"
-"may be completely removed altogether.  There are also certain\n"
-"parameters which are not really features, but must be\n"
-"entered in as decimal or hexadecimal numbers or possibly text.\n"
-"\n"
-"Menu items beginning with [*] or [ ] represent features\n"
-"configured to be built in or removed respectively.\n"
-"\n"
-"To change any of these features, highlight it with the cursor\n"
-"keys and press <Y> to build it in or <N> to removed it.\n"
-"You may also press the <Space Bar> to cycle\n"
-"through the available options (ie. Y->N->Y).\n"
-"\n"
-"Some additional keyboard hints:\n"
-"\n"
-"Menus\n"
-"----------\n"
-"o  Use the Up/Down arrow keys (cursor keys) to highlight the item\n"
-"   you wish to change or submenu wish to select and press <Enter>.\n"
-"   Submenus are designated by \"--->\".\n"
-"\n"
-"   Shortcut: Press the option's highlighted letter (hotkey).\n"
-"             Pressing a hotkey more than once will sequence\n"
-"             through all visible items which use that hotkey.\n"
-"\n"
-"   You may also use the <PAGE UP> and <PAGE DOWN> keys to scroll\n"
-"   unseen options into view.\n"
-"\n"
-"o  To exit a menu use the cursor keys to highlight the <Exit> button\n"
-"   and press <ENTER>.\n"
-"\n"
-"   Shortcut: Press <ESC><ESC> or <E> or <X> if there is no hotkey\n"
-"             using those letters.  You may press a single <ESC>, but\n"
-"             there is a delayed response which you may find annoying.\n"
-"\n"
-"   Also, the <TAB> and cursor keys will cycle between <Select>,\n"
-"   <Exit> and <Help>\n"
-"\n"
-"o  To get help with an item, use the cursor keys to highlight <Help>\n"
-"   and Press <ENTER>.\n"
-"\n"
-"   Shortcut: Press <H> or <?>.\n"
-"\n"
-"\n"
-"Radiolists  (Choice lists)\n"
-"-----------\n"
-"o  Use the cursor keys to select the option you wish to set and press\n"
-"   <S> or the <SPACE BAR>.\n"
-"\n"
-"   Shortcut: Press the first letter of the option you wish to set then\n"
-"             press <S> or <SPACE BAR>.\n"
-"\n"
-"o  To see available help for the item, use the cursor keys to highlight\n"
-"   <Help> and Press <ENTER>.\n"
-"\n"
-"   Shortcut: Press <H> or <?>.\n"
-"\n"
-"   Also, the <TAB> and cursor keys will cycle between <Select> and\n"
-"   <Help>\n"
-"\n"
-"\n"
-"Data Entry\n"
-"-----------\n"
-"o  Enter the requested information and press <ENTER>\n"
-"   If you are entering hexadecimal values, it is not necessary to\n"
-"   add the '0x' prefix to the entry.\n"
-"\n"
-"o  For help, use the <TAB> or cursor keys to highlight the help option\n"
-"   and press <ENTER>.  You can try <TAB><H> as well.\n"
-"\n"
-"\n"
-"Text Box    (Help Window)\n"
-"--------\n"
-"o  Use the cursor keys to scroll up/down/left/right.  The VI editor\n"
-"   keys h,j,k,l function here as do <SPACE BAR> and <B> for those\n"
-"   who are familiar with less and lynx.\n"
-"\n"
-"o  Press <E>, <X>, <Enter> or <Esc><Esc> to exit.\n"
-"\n"
-"\n"
-"Alternate Configuration Files\n"
-"-----------------------------\n"
-"Menuconfig supports the use of alternate configuration files for\n"
-"those who, for various reasons, find it necessary to switch\n"
-"between different configurations.\n"
-"\n"
-"At the end of the main menu you will find two options.  One is\n"
-"for saving the current configuration to a file of your choosing.\n"
-"The other option is for loading a previously saved alternate\n"
-"configuration.\n"
-"\n"
-"Even if you don't use alternate configuration files, but you\n"
-"find during a Menuconfig session that you have completely messed\n"
-"up your settings, you may use the \"Load Alternate...\" option to\n"
-"restore your previously saved settings from \".config\" without\n"
-"restarting Menuconfig.\n"
-"\n"
-"Other information\n"
-"-----------------\n"
-"If you use Menuconfig in an XTERM window make sure you have your\n"
-"$TERM variable set to point to a xterm definition which supports color.\n"
-"Otherwise, Menuconfig will look rather bad.  Menuconfig will not\n"
-"display correctly in a RXVT window because rxvt displays only one\n"
-"intensity of color, bright.\n"
-"\n"
-"Menuconfig will display larger menus on screens or xterms which are\n"
-"set to display more than the standard 25 row by 80 column geometry.\n"
-"In order for this to work, the \"stty size\" command must be able to\n"
-"display the screen's current row and column geometry.  I STRONGLY\n"
-"RECOMMEND that you make sure you do NOT have the shell variables\n"
-"LINES and COLUMNS exported into your environment.  Some distributions\n"
-"export those variables via /etc/profile.  Some ncurses programs can\n"
-"become confused when those variables (LINES & COLUMNS) don't reflect\n"
-"the true screen size.\n"
-"\n"
-"Optional personality available\n"
-"------------------------------\n"
-"If you prefer to have all of the options listed in a single\n"
-"menu, rather than the default multimenu hierarchy, run the menuconfig\n"
-"with MENUCONFIG_MODE environment variable set to single_menu. Example:\n"
-"\n"
-"make MENUCONFIG_MODE=single_menu menuconfig\n"
-"\n"
-"<Enter> will then unroll the appropriate category, or enfold it if it\n"
-"is already unrolled.\n"
-"\n"
-"Note that this mode can eventually be a little more CPU expensive\n"
-"(especially with a larger number of unrolled categories) than the\n"
-"default mode.\n",
-menu_instructions[] =
-	"Arrow keys navigate the menu.  "
-	"<Enter> selects submenus --->.  "
-	"Highlighted letters are hotkeys.  "
-	"Pressing <Y> selectes a feature, while <N> will exclude a feature.  "
-	"Press <Esc><Esc> to exit, <?> for Help, </> for Search.  "
-	"Legend: [*] feature is selected  [ ] feature is excluded",
-radiolist_instructions[] =
-	"Use the arrow keys to navigate this window or "
-	"press the hotkey of the item you wish to select "
-	"followed by the <SPACE BAR>. "
-	"Press <?> for additional information about this option.",
-inputbox_instructions_int[] =
-	"Please enter a decimal value. "
-	"Fractions will not be accepted.  "
-	"Use the <TAB> key to move from the input field to the buttons below it.",
-inputbox_instructions_hex[] =
-	"Please enter a hexadecimal value. "
-	"Use the <TAB> key to move from the input field to the buttons below it.",
-inputbox_instructions_string[] =
-	"Please enter a string value. "
-	"Use the <TAB> key to move from the input field to the buttons below it.",
-setmod_text[] =
-	"This feature depends on another which has been configured as a module.\n"
-	"As a result, this feature will be built as a module.",
-nohelp_text[] =
-	"There is no help available for this option.\n",
-load_config_text[] =
-	"Enter the name of the configuration file you wish to load.  "
-	"Accept the name shown to restore the configuration you "
-	"last retrieved.  Leave blank to abort.",
-load_config_help[] =
-	"\n"
-	"For various reasons, one may wish to keep several different axTLS\n"
-	"configurations available on a single machine.\n"
-	"\n"
-	"If you have saved a previous configuration in a file other than the\n"
-	"axTLS's default, entering the name of the file here will allow you\n"
-	"to modify that configuration.\n"
-	"\n"
-	"If you are uncertain, then you have probably never used alternate\n"
-	"configuration files.  You should therefor leave this blank to abort.\n",
-save_config_text[] =
-	"Enter a filename to which this configuration should be saved "
-	"as an alternate.  Leave blank to abort.",
-save_config_help[] =
-	"\n"
-	"For various reasons, one may wish to keep different axTLS\n"
-	"configurations available on a single machine.\n"
-	"\n"
-	"Entering a file name here will allow you to later retrieve, modify\n"
-	"and use the current configuration as an alternate to whatever\n"
-	"configuration options you have selected at that time.\n"
-	"\n"
-	"If you are uncertain what all this means then you should probably\n"
-	"leave this blank.\n",
-search_help[] =
-	"\n"
-	"Search for CONFIG_ symbols and display their relations.\n"
-	"Example: search for \"^FOO\"\n"
-	"Result:\n"
-	"-----------------------------------------------------------------\n"
-	"Symbol: FOO [=m]\n"
-	"Prompt: Foo bus is used to drive the bar HW\n"
-	"Defined at drivers/pci/Kconfig:47\n"
-	"Depends on: X86_LOCAL_APIC && X86_IO_APIC || IA64\n"
-	"Location:\n"
-	"  -> Bus options (PCI, PCMCIA, EISA, MCA, ISA)\n"
-	"    -> PCI support (PCI [=y])\n"
-	"      -> PCI access mode (<choice> [=y])\n"
-	"Selects: LIBCRC32\n"
-	"Selected by: BAR\n"
-	"-----------------------------------------------------------------\n"
-	"o The line 'Prompt:' shows the text used in the menu structure for\n"
-	"  this CONFIG_ symbol\n"
-	"o The 'Defined at' line tell at what file / line number the symbol\n"
-	"  is defined\n"
-	"o The 'Depends on:' line tell what symbols needs to be defined for\n"
-	"  this symbol to be visible in the menu (selectable)\n"
-	"o The 'Location:' lines tell where in the menu structure this symbol\n"
-	"  is located\n"
-	"    A location followed by a [=y] indicate that this is a selectable\n"
-	"    menu item - and current value is displayed inside brackets.\n"
-	"o The 'Selects:' line tell what symbol will be automatically\n"
-	"  selected if this symbol is selected (y or m)\n"
-	"o The 'Selected by' line tell what symbol has selected this symbol\n"
-	"\n"
-	"Only relevant lines are shown.\n"
-	"\n\n"
-	"Search examples:\n"
-	"Examples: USB	=> find all CONFIG_ symbols containing USB\n"
-	"          ^USB => find all CONFIG_ symbols starting with USB\n"
-	"          USB$ => find all CONFIG_ symbols ending with USB\n"
-	"\n";
-
-static char filename[PATH_MAX+1] = ".config";
-static int indent;
-static struct termios ios_org;
-static int rows = 0, cols = 0;
-static struct menu *current_menu;
-static int child_count;
-static int single_menu_mode;
-
-static struct dialog_list_item *items[16384]; /* FIXME: This ought to be dynamic. */
-static int item_no;
-
-static void conf(struct menu *menu);
-static void conf_choice(struct menu *menu);
-static void conf_string(struct menu *menu);
-static void conf_load(void);
-static void conf_save(void);
-static void show_textbox(const char *title, const char *text, int r, int c);
-static void show_helptext(const char *title, const char *text);
-static void show_help(struct menu *menu);
-static void show_file(const char *filename, const char *title, int r, int c);
-
-static void init_wsize(void)
-{
-	struct winsize ws;
-	char *env;
-
-	if (!ioctl(STDIN_FILENO, TIOCGWINSZ, &ws)) {
-		rows = ws.ws_row;
-		cols = ws.ws_col;
-	}
-
-	if (!rows) {
-		env = getenv("LINES");
-		if (env)
-			rows = atoi(env);
-		if (!rows)
-			rows = 24;
-	}
-	if (!cols) {
-		env = getenv("COLUMNS");
-		if (env)
-			cols = atoi(env);
-		if (!cols)
-			cols = 80;
-	}
-
-	if (rows < 19 || cols < 80) {
-		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
-		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
-		exit(1);
-	}
-
-	rows -= 4;
-	cols -= 5;
-}
-
-static void cinit(void)
-{
-	item_no = 0;
-}
-
-static void cmake(void)
-{
-	items[item_no] = malloc(sizeof(struct dialog_list_item));
-	memset(items[item_no], 0, sizeof(struct dialog_list_item));
-	items[item_no]->tag = malloc(32); items[item_no]->tag[0] = 0;
-	items[item_no]->name = malloc(512); items[item_no]->name[0] = 0;
-	items[item_no]->namelen = 0;
-	item_no++;
-}
-
-static int cprint_name(const char *fmt, ...)
-{
-	va_list ap;
-	int res;
-
-	if (!item_no)
-		cmake();
-	va_start(ap, fmt);
-	res = vsnprintf(items[item_no - 1]->name + items[item_no - 1]->namelen,
-			512 - items[item_no - 1]->namelen, fmt, ap);
-	if (res > 0)
-		items[item_no - 1]->namelen += res;
-	va_end(ap);
-
-	return res;
-}
-
-static int cprint_tag(const char *fmt, ...)
-{
-	va_list ap;
-	int res;
-
-	if (!item_no)
-		cmake();
-	va_start(ap, fmt);
-	res = vsnprintf(items[item_no - 1]->tag, 32, fmt, ap);
-	va_end(ap);
-
-	return res;
-}
-
-static void cdone(void)
-{
-	int i;
-
-	for (i = 0; i < item_no; i++) {
-		free(items[i]->tag);
-		free(items[i]->name);
-		free(items[i]);
-	}
-
-	item_no = 0;
-}
-
-static void get_prompt_str(struct gstr *r, struct property *prop)
-{
-	int i, j;
-	struct menu *submenu[8], *menu;
-
-	str_printf(r, "Prompt: %s\n", prop->text);
-	str_printf(r, "  Defined at %s:%d\n", prop->menu->file->name,
-		prop->menu->lineno);
-	if (!expr_is_yes(prop->visible.expr)) {
-		str_append(r, "  Depends on: ");
-		expr_gstr_print(prop->visible.expr, r);
-		str_append(r, "\n");
-	}
-	menu = prop->menu->parent;
-	for (i = 0; menu != &rootmenu && i < 8; menu = menu->parent)
-		submenu[i++] = menu;
-	if (i > 0) {
-		str_printf(r, "  Location:\n");
-		for (j = 4; --i >= 0; j += 2) {
-			menu = submenu[i];
-			str_printf(r, "%*c-> %s", j, ' ', menu_get_prompt(menu));
-			if (menu->sym) {
-				str_printf(r, " (%s [=%s])", menu->sym->name ?
-					menu->sym->name : "<choice>",
-					sym_get_string_value(menu->sym));
-			}
-			str_append(r, "\n");
-		}
-	}
-}
-
-static void get_symbol_str(struct gstr *r, struct symbol *sym)
-{
-	bool hit;
-	struct property *prop;
-
-	str_printf(r, "Symbol: %s [=%s]\n", sym->name,
-	                               sym_get_string_value(sym));
-	for_all_prompts(sym, prop)
-		get_prompt_str(r, prop);
-	hit = false;
-	for_all_properties(sym, prop, P_SELECT) {
-		if (!hit) {
-			str_append(r, "  Selects: ");
-			hit = true;
-		} else
-			str_printf(r, " && ");
-		expr_gstr_print(prop->expr, r);
-	}
-	if (hit)
-		str_append(r, "\n");
-	if (sym->rev_dep.expr) {
-		str_append(r, "  Selected by: ");
-		expr_gstr_print(sym->rev_dep.expr, r);
-		str_append(r, "\n");
-	}
-	str_append(r, "\n\n");
-}
-
-static struct gstr get_relations_str(struct symbol **sym_arr)
-{
-	struct symbol *sym;
-	struct gstr res = str_new();
-	int i;
-
-	for (i = 0; sym_arr && (sym = sym_arr[i]); i++)
-		get_symbol_str(&res, sym);
-	if (!i)
-		str_append(&res, "No matches found.\n");
-	return res;
-}
-
-static void search_conf(void)
-{
-	struct symbol **sym_arr;
-	struct gstr res;
-
-again:
-	switch (dialog_inputbox("Search Configuration Parameter",
-				"Enter Keyword", 10, 75,
-				NULL)) {
-	case 0:
-		break;
-	case 1:
-		show_helptext("Search Configuration", search_help);
-		goto again;
-	default:
-		return;
-	}
-
-	sym_arr = sym_re_search(dialog_input_result);
-	res = get_relations_str(sym_arr);
-	free(sym_arr);
-	show_textbox("Search Results", str_get(&res), 0, 0);
-	str_free(&res);
-}
-
-static void build_conf(struct menu *menu)
-{
-	struct symbol *sym;
-	struct property *prop;
-	struct menu *child;
-	int type, tmp, doint = 2;
-	tristate val;
-	char ch;
-
-	if (!menu_is_visible(menu))
-		return;
-
-	sym = menu->sym;
-	prop = menu->prompt;
-	if (!sym) {
-		if (prop && menu != current_menu) {
-			const char *prompt = menu_get_prompt(menu);
-			switch (prop->type) {
-			case P_MENU:
-				child_count++;
-				cmake();
-				cprint_tag("m%p", menu);
-
-				if (single_menu_mode) {
-					cprint_name("%s%*c%s",
-						menu->data ? "-->" : "++>",
-						indent + 1, ' ', prompt);
-				} else {
-					cprint_name("   %*c%s  --->", indent + 1, ' ', prompt);
-				}
-
-				if (single_menu_mode && menu->data)
-					goto conf_childs;
-				return;
-			default:
-				if (prompt) {
-					child_count++;
-					cmake();
-					cprint_tag(":%p", menu);
-					cprint_name("---%*c%s", indent + 1, ' ', prompt);
-				}
-			}
-		} else
-			doint = 0;
-		goto conf_childs;
-	}
-
-	cmake();
-	type = sym_get_type(sym);
-	if (sym_is_choice(sym)) {
-		struct symbol *def_sym = sym_get_choice_value(sym);
-		struct menu *def_menu = NULL;
-
-		child_count++;
-		for (child = menu->list; child; child = child->next) {
-			if (menu_is_visible(child) && child->sym == def_sym)
-				def_menu = child;
-		}
-
-		val = sym_get_tristate_value(sym);
-		if (sym_is_changable(sym)) {
-			cprint_tag("t%p", menu);
-			switch (type) {
-			case S_BOOLEAN:
-				cprint_name("[%c]", val == no ? ' ' : '*');
-				break;
-			case S_TRISTATE:
-				switch (val) {
-				case yes: ch = '*'; break;
-				case mod: ch = 'M'; break;
-				default:  ch = ' '; break;
-				}
-				cprint_name("<%c>", ch);
-				break;
-			}
-		} else {
-			cprint_tag("%c%p", def_menu ? 't' : ':', menu);
-			cprint_name("   ");
-		}
-
-		cprint_name("%*c%s", indent + 1, ' ', menu_get_prompt(menu));
-		if (val == yes) {
-			if (def_menu) {
-				cprint_name(" (%s)", menu_get_prompt(def_menu));
-				cprint_name("  --->");
-				if (def_menu->list) {
-					indent += 2;
-					build_conf(def_menu);
-					indent -= 2;
-				}
-			}
-			return;
-		}
-	} else {
-		if (menu == current_menu) {
-			cprint_tag(":%p", menu);
-			cprint_name("---%*c%s", indent + 1, ' ', menu_get_prompt(menu));
-			goto conf_childs;
-		}
-		child_count++;
-		val = sym_get_tristate_value(sym);
-		if (sym_is_choice_value(sym) && val == yes) {
-			cprint_tag(":%p", menu);
-			cprint_name("   ");
-		} else {
-			switch (type) {
-			case S_BOOLEAN:
-				cprint_tag("t%p", menu);
-				if (sym_is_changable(sym))
-					cprint_name("[%c]", val == no ? ' ' : '*');
-				else
-					cprint_name("---");
-				break;
-			case S_TRISTATE:
-				cprint_tag("t%p", menu);
-				switch (val) {
-				case yes: ch = '*'; break;
-				case mod: ch = 'M'; break;
-				default:  ch = ' '; break;
-				}
-				if (sym_is_changable(sym))
-					cprint_name("<%c>", ch);
-				else
-					cprint_name("---");
-				break;
-			default:
-				cprint_tag("s%p", menu);
-				tmp = cprint_name("(%s)", sym_get_string_value(sym));
-				tmp = indent - tmp + 4;
-				if (tmp < 0)
-					tmp = 0;
-				cprint_name("%*c%s%s", tmp, ' ', menu_get_prompt(menu),
-					(sym_has_value(sym) || !sym_is_changable(sym)) ?
-					"" : " (NEW)");
-				goto conf_childs;
-			}
-		}
-		cprint_name("%*c%s%s", indent + 1, ' ', menu_get_prompt(menu),
-			(sym_has_value(sym) || !sym_is_changable(sym)) ?
-			"" : " (NEW)");
-		if (menu->prompt->type == P_MENU) {
-			cprint_name("  --->");
-			return;
-		}
-	}
-
-conf_childs:
-	indent += doint;
-	for (child = menu->list; child; child = child->next)
-		build_conf(child);
-	indent -= doint;
-}
-
-static void conf(struct menu *menu)
-{
-	struct dialog_list_item *active_item = NULL;
-	struct menu *submenu;
-	const char *prompt = menu_get_prompt(menu);
-	struct symbol *sym;
-	char active_entry[40];
-	int stat, type;
-
-	unlink("lxdialog.scrltmp");
-	active_entry[0] = 0;
-	while (1) {
-		indent = 0;
-		child_count = 0;
-		current_menu = menu;
-		cdone(); cinit();
-		build_conf(menu);
-		if (!child_count)
-			break;
-		if (menu == &rootmenu) {
-			cmake(); cprint_tag(":"); cprint_name("--- ");
-			cmake(); cprint_tag("L"); cprint_name("Load an Alternate Configuration File");
-			cmake(); cprint_tag("S"); cprint_name("Save Configuration to an Alternate File");
-		}
-		dialog_clear();
-		stat = dialog_menu(prompt ? prompt : "Main Menu",
-				menu_instructions, rows, cols, rows - 10,
-				active_entry, item_no, items);
-		if (stat < 0)
-			return;
-
-		if (stat == 1 || stat == 255)
-			break;
-
-		active_item = first_sel_item(item_no, items);
-		if (!active_item)
-			continue;
-		active_item->selected = 0;
-		strncpy(active_entry, active_item->tag, sizeof(active_entry));
-		active_entry[sizeof(active_entry)-1] = 0;
-		type = active_entry[0];
-		if (!type)
-			continue;
-
-		sym = NULL;
-		submenu = NULL;
-		if (sscanf(active_entry + 1, "%p", &submenu) == 1)
-			sym = submenu->sym;
-
-		switch (stat) {
-		case 0:
-			switch (type) {
-			case 'm':
-				if (single_menu_mode)
-					submenu->data = (void *) (long) !submenu->data;
-				else
-					conf(submenu);
-				break;
-			case 't':
-				if (sym_is_choice(sym) && sym_get_tristate_value(sym) == yes)
-					conf_choice(submenu);
-				else if (submenu->prompt->type == P_MENU)
-					conf(submenu);
-				break;
-			case 's':
-				conf_string(submenu);
-				break;
-			case 'L':
-				conf_load();
-				break;
-			case 'S':
-				conf_save();
-				break;
-			}
-			break;
-		case 2:
-			if (sym)
-				show_help(submenu);
-			else
-				show_helptext("README", mconf_readme);
-			break;
-		case 3:
-			if (type == 't') {
-				if (sym_set_tristate_value(sym, yes))
-					break;
-				if (sym_set_tristate_value(sym, mod))
-					show_textbox(NULL, setmod_text, 6, 74);
-			}
-			break;
-		case 4:
-			if (type == 't')
-				sym_set_tristate_value(sym, no);
-			break;
-		case 5:
-			if (type == 't')
-				sym_set_tristate_value(sym, mod);
-			break;
-		case 6:
-			if (type == 't')
-				sym_toggle_tristate_value(sym);
-			else if (type == 'm')
-				conf(submenu);
-			break;
-		case 7:
-			search_conf();
-			break;
-		}
-	}
-}
-
-static void show_textbox(const char *title, const char *text, int r, int c)
-{
-	int fd;
-
-	fd = creat(".help.tmp", 0777);
-	write(fd, text, strlen(text));
-	close(fd);
-	show_file(".help.tmp", title, r, c);
-	unlink(".help.tmp");
-}
-
-static void show_helptext(const char *title, const char *text)
-{
-	show_textbox(title, text, 0, 0);
-}
-
-static void show_help(struct menu *menu)
-{
-	struct gstr help = str_new();
-	struct symbol *sym = menu->sym;
-
-	if (sym->help)
-	{
-		if (sym->name) {
-			str_printf(&help, "%s:\n\n", sym->name);
-			str_append(&help, sym->help);
-			str_append(&help, "\n");
-		}
-	} else {
-		str_append(&help, nohelp_text);
-	}
-	get_symbol_str(&help, sym);
-	show_helptext(menu_get_prompt(menu), str_get(&help));
-	str_free(&help);
-}
-
-static void show_file(const char *filename, const char *title, int r, int c)
-{
-	while (dialog_textbox(title, filename, r ? r : rows, c ? c : cols) < 0)
-		;
-}
-
-static void conf_choice(struct menu *menu)
-{
-	const char *prompt = menu_get_prompt(menu);
-	struct menu *child;
-	struct symbol *active;
-
-	active = sym_get_choice_value(menu->sym);
-	while (1) {
-		current_menu = menu;
-		cdone(); cinit();
-		for (child = menu->list; child; child = child->next) {
-			if (!menu_is_visible(child))
-				continue;
-			cmake();
-			cprint_tag("%p", child);
-			cprint_name("%s", menu_get_prompt(child));
-			if (child->sym == sym_get_choice_value(menu->sym))
-				items[item_no - 1]->selected = 1; /* ON */
-			else if (child->sym == active)
-				items[item_no - 1]->selected = 2; /* SELECTED */
-			else
-				items[item_no - 1]->selected = 0; /* OFF */
-		}
-
-		switch (dialog_checklist(prompt ? prompt : "Main Menu",
-					radiolist_instructions, 15, 70, 6,
-					item_no, items, FLAG_RADIO)) {
-		case 0:
-			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) != 1)
-				break;
-			sym_set_tristate_value(child->sym, yes);
-			return;
-		case 1:
-			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) == 1) {
-				show_help(child);
-				active = child->sym;
-			} else
-				show_help(menu);
-			break;
-		case 255:
-			return;
-		}
-	}
-}
-
-static void conf_string(struct menu *menu)
-{
-	const char *prompt = menu_get_prompt(menu);
-
-	while (1) {
-		char *heading;
-
-		switch (sym_get_type(menu->sym)) {
-		case S_INT:
-			heading = (char *) inputbox_instructions_int;
-			break;
-		case S_HEX:
-			heading = (char *) inputbox_instructions_hex;
-			break;
-		case S_STRING:
-			heading = (char *) inputbox_instructions_string;
-			break;
-		default:
-			heading = "Internal mconf error!";
-			/* panic? */;
-		}
-
-		switch (dialog_inputbox(prompt ? prompt : "Main Menu",
-					heading, 10, 75,
-					sym_get_string_value(menu->sym))) {
-		case 0:
-			if (sym_set_string_value(menu->sym, dialog_input_result))
-				return;
-			show_textbox(NULL, "You have made an invalid entry.", 5, 43);
-			break;
-		case 1:
-			show_help(menu);
-			break;
-		case 255:
-			return;
-		}
-	}
-}
-
-static void conf_load(void)
-{
-	while (1) {
-		switch (dialog_inputbox(NULL, load_config_text, 11, 55,
-					filename)) {
-		case 0:
-			if (!dialog_input_result[0])
-				return;
-			if (!conf_read(dialog_input_result))
-				return;
-			show_textbox(NULL, "File does not exist!", 5, 38);
-			break;
-		case 1:
-			show_helptext("Load Alternate Configuration", load_config_help);
-			break;
-		case 255:
-			return;
-		}
-	}
-}
-
-static void conf_save(void)
-{
-	while (1) {
-		switch (dialog_inputbox(NULL, save_config_text, 11, 55,
-					filename)) {
-		case 0:
-			if (!dialog_input_result[0])
-				return;
-			if (!conf_write(dialog_input_result))
-				return;
-			show_textbox(NULL, "Can't create file!  Probably a nonexistent directory.", 5, 60);
-			break;
-		case 1:
-			show_helptext("Save Alternate Configuration", save_config_help);
-			break;
-		case 255:
-			return;
-		}
-	}
-}
-
-static void conf_cleanup(void)
-{
-	tcsetattr(1, TCSAFLUSH, &ios_org);
-	unlink(".help.tmp");
-}
-
-static void winch_handler(int sig)
-{
-	struct winsize ws;
-
-	if (ioctl(1, TIOCGWINSZ, &ws) == -1) {
-		rows = 24;
-		cols = 80;
-	} else {
-		rows = ws.ws_row;
-		cols = ws.ws_col;
-	}
-
-	if (rows < 19 || cols < 80) {
-		end_dialog();
-		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
-		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
-		exit(1);
-	}
-
-	rows -= 4;
-	cols -= 5;
-
-}
-
-int main(int ac, char **av)
-{
-	struct symbol *sym;
-	char *mode;
-	int stat;
-
-	conf_parse(av[1]);
-	conf_read(NULL);
-
-	sym = sym_lookup("VERSION", 0);
-	sym_calc_value(sym);
-	snprintf(menu_backtitle, 128, "axTLS v%s Configuration",
-		sym_get_string_value(sym));
-
-	mode = getenv("MENUCONFIG_MODE");
-	if (mode) {
-		if (!strcasecmp(mode, "single_menu"))
-			single_menu_mode = 1;
-	}
-
-	tcgetattr(1, &ios_org);
-	atexit(conf_cleanup);
-	init_wsize();
-	init_dialog();
-	signal(SIGWINCH, winch_handler);
-	conf(&rootmenu);
-	end_dialog();
-
-	/* Restart dialog to act more like when lxdialog was still separate */
-	init_dialog();
-	do {
-		stat = dialog_yesno(NULL,
-				    "Do you wish to save your new axTLS configuration?", 5, 60);
-	} while (stat < 0);
-	end_dialog();
-
-	if (stat == 0) {
-		conf_write(NULL);
-		printf("\n\n"
-			"*** End of axTLS configuration.\n"
-			"*** Check the top-level Makefile for additional configuration options.\n\n");
-	} else
-		printf("\n\nYour axTLS configuration changes were NOT saved.\n\n");
-
-	return 0;
-}
diff --git a/config/scripts/config/menu.c b/config/scripts/config/menu.c
deleted file mode 100644
index 0c13156f33..0000000000
--- a/config/scripts/config/menu.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-struct menu rootmenu;
-static struct menu **last_entry_ptr;
-
-struct file *file_list;
-struct file *current_file;
-
-static void menu_warn(struct menu *menu, const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	fprintf(stderr, "%s:%d:warning: ", menu->file->name, menu->lineno);
-	vfprintf(stderr, fmt, ap);
-	fprintf(stderr, "\n");
-	va_end(ap);
-}
-
-static void prop_warn(struct property *prop, const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	fprintf(stderr, "%s:%d:warning: ", prop->file->name, prop->lineno);
-	vfprintf(stderr, fmt, ap);
-	fprintf(stderr, "\n");
-	va_end(ap);
-}
-
-void menu_init(void)
-{
-	current_entry = current_menu = &rootmenu;
-	last_entry_ptr = &rootmenu.list;
-}
-
-void menu_add_entry(struct symbol *sym)
-{
-	struct menu *menu;
-
-	menu = malloc(sizeof(*menu));
-	memset(menu, 0, sizeof(*menu));
-	menu->sym = sym;
-	menu->parent = current_menu;
-	menu->file = current_file;
-	menu->lineno = zconf_lineno();
-
-	*last_entry_ptr = menu;
-	last_entry_ptr = &menu->next;
-	current_entry = menu;
-}
-
-void menu_end_entry(void)
-{
-}
-
-void menu_add_menu(void)
-{
-	current_menu = current_entry;
-	last_entry_ptr = &current_entry->list;
-}
-
-void menu_end_menu(void)
-{
-	last_entry_ptr = &current_menu->next;
-	current_menu = current_menu->parent;
-}
-
-struct expr *menu_check_dep(struct expr *e)
-{
-	if (!e)
-		return e;
-
-	switch (e->type) {
-	case E_NOT:
-		e->left.expr = menu_check_dep(e->left.expr);
-		break;
-	case E_OR:
-	case E_AND:
-		e->left.expr = menu_check_dep(e->left.expr);
-		e->right.expr = menu_check_dep(e->right.expr);
-		break;
-	case E_SYMBOL:
-		/* change 'm' into 'm' && MODULES */
-		if (e->left.sym == &symbol_mod)
-			return expr_alloc_and(e, expr_alloc_symbol(modules_sym));
-		break;
-	default:
-		break;
-	}
-	return e;
-}
-
-void menu_add_dep(struct expr *dep)
-{
-	current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
-}
-
-void menu_set_type(int type)
-{
-	struct symbol *sym = current_entry->sym;
-
-	if (sym->type == type)
-		return;
-	if (sym->type == S_UNKNOWN) {
-		sym->type = type;
-		return;
-	}
-	menu_warn(current_entry, "type of '%s' redefined from '%s' to '%s'\n",
-	    sym->name ? sym->name : "<choice>",
-	    sym_type_name(sym->type), sym_type_name(type));
-}
-
-struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep)
-{
-	struct property *prop = prop_alloc(type, current_entry->sym);
-
-	prop->menu = current_entry;
-	prop->text = prompt;
-	prop->expr = expr;
-	prop->visible.expr = menu_check_dep(dep);
-
-	if (prompt) {
-		if (current_entry->prompt)
-			menu_warn(current_entry, "prompt redefined\n");
-		current_entry->prompt = prop;
-	}
-
-	return prop;
-}
-
-void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep)
-{
-	menu_add_prop(type, prompt, NULL, dep);
-}
-
-void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep)
-{
-	menu_add_prop(type, NULL, expr, dep);
-}
-
-void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep)
-{
-	menu_add_prop(type, NULL, expr_alloc_symbol(sym), dep);
-}
-
-void sym_check_prop(struct symbol *sym)
-{
-	struct property *prop;
-	struct symbol *sym2;
-	for (prop = sym->prop; prop; prop = prop->next) {
-		switch (prop->type) {
-		case P_DEFAULT:
-			if ((sym->type == S_STRING || sym->type == S_INT || sym->type == S_HEX) &&
-			    prop->expr->type != E_SYMBOL)
-				prop_warn(prop,
-				    "default for config symbol '%'"
-				    " must be a single symbol", sym->name);
-			break;
-		case P_SELECT:
-			sym2 = prop_get_symbol(prop);
-			if (sym->type != S_BOOLEAN && sym->type != S_TRISTATE)
-				prop_warn(prop,
-				    "config symbol '%s' uses select, but is "
-				    "not boolean or tristate", sym->name);
-			else if (sym2->type == S_UNKNOWN)
-				prop_warn(prop,
-				    "'select' used by config symbol '%s' "
-				    "refer to undefined symbol '%s'",
-				    sym->name, sym2->name);
-			else if (sym2->type != S_BOOLEAN && sym2->type != S_TRISTATE)
-				prop_warn(prop,
-				    "'%s' has wrong type. 'select' only "
-				    "accept arguments of boolean and "
-				    "tristate type", sym2->name);
-			break;
-		case P_RANGE:
-			if (sym->type != S_INT && sym->type != S_HEX)
-				prop_warn(prop, "range is only allowed "
-				                "for int or hex symbols");
-			if (!sym_string_valid(sym, prop->expr->left.sym->name) ||
-			    !sym_string_valid(sym, prop->expr->right.sym->name))
-				prop_warn(prop, "range is invalid");
-			break;
-		default:
-			;
-		}
-	}
-}
-
-void menu_finalize(struct menu *parent)
-{
-	struct menu *menu, *last_menu;
-	struct symbol *sym;
-	struct property *prop;
-	struct expr *parentdep, *basedep, *dep, *dep2, **ep;
-
-	sym = parent->sym;
-	if (parent->list) {
-		if (sym && sym_is_choice(sym)) {
-			/* find the first choice value and find out choice type */
-			for (menu = parent->list; menu; menu = menu->next) {
-				if (menu->sym) {
-					current_entry = parent;
-					menu_set_type(menu->sym->type);
-					current_entry = menu;
-					menu_set_type(sym->type);
-					break;
-				}
-			}
-			parentdep = expr_alloc_symbol(sym);
-		} else if (parent->prompt)
-			parentdep = parent->prompt->visible.expr;
-		else
-			parentdep = parent->dep;
-
-		for (menu = parent->list; menu; menu = menu->next) {
-			basedep = expr_transform(menu->dep);
-			basedep = expr_alloc_and(expr_copy(parentdep), basedep);
-			basedep = expr_eliminate_dups(basedep);
-			menu->dep = basedep;
-			if (menu->sym)
-				prop = menu->sym->prop;
-			else
-				prop = menu->prompt;
-			for (; prop; prop = prop->next) {
-				if (prop->menu != menu)
-					continue;
-				dep = expr_transform(prop->visible.expr);
-				dep = expr_alloc_and(expr_copy(basedep), dep);
-				dep = expr_eliminate_dups(dep);
-				if (menu->sym && menu->sym->type != S_TRISTATE)
-					dep = expr_trans_bool(dep);
-				prop->visible.expr = dep;
-				if (prop->type == P_SELECT) {
-					struct symbol *es = prop_get_symbol(prop);
-					es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
-							expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
-				}
-			}
-		}
-		for (menu = parent->list; menu; menu = menu->next)
-			menu_finalize(menu);
-	} else if (sym) {
-		basedep = parent->prompt ? parent->prompt->visible.expr : NULL;
-		basedep = expr_trans_compare(basedep, E_UNEQUAL, &symbol_no);
-		basedep = expr_eliminate_dups(expr_transform(basedep));
-		last_menu = NULL;
-		for (menu = parent->next; menu; menu = menu->next) {
-			dep = menu->prompt ? menu->prompt->visible.expr : menu->dep;
-			if (!expr_contains_symbol(dep, sym))
-				break;
-			if (expr_depends_symbol(dep, sym))
-				goto next;
-			dep = expr_trans_compare(dep, E_UNEQUAL, &symbol_no);
-			dep = expr_eliminate_dups(expr_transform(dep));
-			dep2 = expr_copy(basedep);
-			expr_eliminate_eq(&dep, &dep2);
-			expr_free(dep);
-			if (!expr_is_yes(dep2)) {
-				expr_free(dep2);
-				break;
-			}
-			expr_free(dep2);
-		next:
-			menu_finalize(menu);
-			menu->parent = parent;
-			last_menu = menu;
-		}
-		if (last_menu) {
-			parent->list = parent->next;
-			parent->next = last_menu->next;
-			last_menu->next = NULL;
-		}
-	}
-	for (menu = parent->list; menu; menu = menu->next) {
-		if (sym && sym_is_choice(sym) && menu->sym) {
-			menu->sym->flags |= SYMBOL_CHOICEVAL;
-			if (!menu->prompt)
-				menu_warn(menu, "choice value must have a prompt");
-			for (prop = menu->sym->prop; prop; prop = prop->next) {
-				if (prop->type == P_PROMPT && prop->menu != menu) {
-					prop_warn(prop, "choice values "
-					    "currently only support a "
-					    "single prompt");
-				}
-				if (prop->type == P_DEFAULT)
-					prop_warn(prop, "defaults for choice "
-					    "values not supported");
-			}
-			current_entry = menu;
-			menu_set_type(sym->type);
-			menu_add_symbol(P_CHOICE, sym, NULL);
-			prop = sym_get_choice_prop(sym);
-			for (ep = &prop->expr; *ep; ep = &(*ep)->left.expr)
-				;
-			*ep = expr_alloc_one(E_CHOICE, NULL);
-			(*ep)->right.sym = menu->sym;
-		}
-		if (menu->list && (!menu->prompt || !menu->prompt->text)) {
-			for (last_menu = menu->list; ; last_menu = last_menu->next) {
-				last_menu->parent = parent;
-				if (!last_menu->next)
-					break;
-			}
-			last_menu->next = menu->next;
-			menu->next = menu->list;
-			menu->list = NULL;
-		}
-	}
-
-	if (sym && !(sym->flags & SYMBOL_WARNED)) {
-		if (sym->type == S_UNKNOWN)
-			menu_warn(parent, "config symbol defined "
-			    "without type\n");
-
-		if (sym_is_choice(sym) && !parent->prompt)
-			menu_warn(parent, "choice must have a prompt\n");
-
-		/* Check properties connected to this symbol */
-		sym_check_prop(sym);
-		sym->flags |= SYMBOL_WARNED;
-	}
-
-	if (sym && !sym_is_optional(sym) && parent->prompt) {
-		sym->rev_dep.expr = expr_alloc_or(sym->rev_dep.expr,
-				expr_alloc_and(parent->prompt->visible.expr,
-					expr_alloc_symbol(&symbol_mod)));
-	}
-}
-
-bool menu_is_visible(struct menu *menu)
-{
-	struct menu *child;
-	struct symbol *sym;
-	tristate visible;
-
-	if (!menu->prompt)
-		return false;
-	sym = menu->sym;
-	if (sym) {
-		sym_calc_value(sym);
-		visible = menu->prompt->visible.tri;
-	} else
-		visible = menu->prompt->visible.tri = expr_calc_value(menu->prompt->visible.expr);
-
-	if (visible != no)
-		return true;
-	if (!sym || sym_get_tristate_value(menu->sym) == no)
-		return false;
-
-	for (child = menu->list; child; child = child->next)
-		if (menu_is_visible(child))
-			return true;
-	return false;
-}
-
-const char *menu_get_prompt(struct menu *menu)
-{
-	if (menu->prompt)
-		return menu->prompt->text;
-	else if (menu->sym)
-		return menu->sym->name;
-	return NULL;
-}
-
-struct menu *menu_get_root_menu(struct menu *menu)
-{
-	return &rootmenu;
-}
-
-struct menu *menu_get_parent_menu(struct menu *menu)
-{
-	enum prop_type type;
-
-	for (; menu != &rootmenu; menu = menu->parent) {
-		type = menu->prompt ? menu->prompt->type : 0;
-		if (type == P_MENU)
-			break;
-	}
-	return menu;
-}
-
diff --git a/config/scripts/config/mkconfigs b/config/scripts/config/mkconfigs
deleted file mode 100755
index 3cb7bb1754..0000000000
--- a/config/scripts/config/mkconfigs
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) 2002 Khalid Aziz <khalid_aziz at hp.com>
-# Copyright (C) 2002 Randy Dunlap <rddunlap at osdl.org>
-# Copyright (C) 2002 Al Stone <ahs3 at fc.hp.com>
-# Copyright (C) 2002 Hewlett-Packard Company
-#
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program; if not, write to the Free Software
-#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-#   Busybox version by Matteo Croce <3297627799 at wind.it>
-#
-# Rules to generate bbconfig.h from .config:
-#      - Retain lines that begin with "CONFIG_"
-#      - Retain lines that begin with "# CONFIG_"
-#      - lines that use double-quotes must \\-escape-quote them
-
-if [ $# -lt 1 ]
-then
-	config=.config
-else	config=$1
-fi
-
-echo "#ifndef _BBCONFIG_H"
-echo "#define _BBCONFIG_H"
-echo \
-"/*
- * busybox configuration options.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
- * NON INFRINGEMENT.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- *
- *
- * This file is generated automatically by scripts/config/mkconfigs.
- * Do not edit.
- *
- */"
-
-echo "static char const bbconfig_config[] ="
-echo "\"CONFIG_BEGIN=n\\n\\"
-echo "`sed 's/\"/\\\\\"/g' $config | grep "^#\? \?CONFIG_" | awk '{ print $0 "\\\\n\\\\" }' `"
-echo "CONFIG_END=n\\n\";"
-echo "#endif /* _BBCONFIG_H */"
diff --git a/config/scripts/config/symbol.c b/config/scripts/config/symbol.c
deleted file mode 100644
index ea629728ac..0000000000
--- a/config/scripts/config/symbol.c
+++ /dev/null
@@ -1,809 +0,0 @@
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-#include <regex.h>
-#include <sys/utsname.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-struct symbol symbol_yes = {
-	.name = "y",
-	.curr = { "y", yes },
-	.flags = SYMBOL_YES|SYMBOL_VALID,
-}, symbol_mod = {
-	.name = "m",
-	.curr = { "m", mod },
-	.flags = SYMBOL_MOD|SYMBOL_VALID,
-}, symbol_no = {
-	.name = "n",
-	.curr = { "n", no },
-	.flags = SYMBOL_NO|SYMBOL_VALID,
-}, symbol_empty = {
-	.name = "",
-	.curr = { "", no },
-	.flags = SYMBOL_VALID,
-};
-
-int sym_change_count;
-struct symbol *modules_sym;
-tristate modules_val;
-
-void sym_add_default(struct symbol *sym, const char *def)
-{
-	struct property *prop = prop_alloc(P_DEFAULT, sym);
-
-	prop->expr = expr_alloc_symbol(sym_lookup(def, 1));
-}
-
-void sym_init(void)
-{
-	struct symbol *sym;
-	char *p;
-	static bool inited = false;
-
-	if (inited)
-		return;
-	inited = true;
-
-	sym = sym_lookup("VERSION", 0);
-	sym->type = S_STRING;
-	sym->flags |= SYMBOL_AUTO;
-	p = getenv("VERSION");
-	if (p)
-		sym_add_default(sym, p);
-
-	sym = sym_lookup("TARGET_ARCH", 0);
-	sym->type = S_STRING;
-	sym->flags |= SYMBOL_AUTO;
-	p = getenv("TARGET_ARCH");
-	if (p)
-		sym_add_default(sym, p);
-
-}
-
-enum symbol_type sym_get_type(struct symbol *sym)
-{
-	enum symbol_type type = sym->type;
-
-	if (type == S_TRISTATE) {
-		if (sym_is_choice_value(sym) && sym->visible == yes)
-			type = S_BOOLEAN;
-		else if (modules_val == no)
-			type = S_BOOLEAN;
-	}
-	return type;
-}
-
-const char *sym_type_name(enum symbol_type type)
-{
-	switch (type) {
-	case S_BOOLEAN:
-		return "boolean";
-	case S_TRISTATE:
-		return "tristate";
-	case S_INT:
-		return "integer";
-	case S_HEX:
-		return "hex";
-	case S_STRING:
-		return "string";
-	case S_UNKNOWN:
-		return "unknown";
-	case S_OTHER:
-		break;
-	}
-	return "???";
-}
-
-struct property *sym_get_choice_prop(struct symbol *sym)
-{
-	struct property *prop;
-
-	for_all_choices(sym, prop)
-		return prop;
-	return NULL;
-}
-
-struct property *sym_get_default_prop(struct symbol *sym)
-{
-	struct property *prop;
-
-	for_all_defaults(sym, prop) {
-		prop->visible.tri = expr_calc_value(prop->visible.expr);
-		if (prop->visible.tri != no)
-			return prop;
-	}
-	return NULL;
-}
-
-struct property *sym_get_range_prop(struct symbol *sym)
-{
-	struct property *prop;
-
-	for_all_properties(sym, prop, P_RANGE) {
-		prop->visible.tri = expr_calc_value(prop->visible.expr);
-		if (prop->visible.tri != no)
-			return prop;
-	}
-	return NULL;
-}
-
-static void sym_calc_visibility(struct symbol *sym)
-{
-	struct property *prop;
-	tristate tri;
-
-	/* any prompt visible? */
-	tri = no;
-	for_all_prompts(sym, prop) {
-		prop->visible.tri = expr_calc_value(prop->visible.expr);
-		tri = E_OR(tri, prop->visible.tri);
-	}
-	if (tri == mod && (sym->type != S_TRISTATE || modules_val == no))
-		tri = yes;
-	if (sym->visible != tri) {
-		sym->visible = tri;
-		sym_set_changed(sym);
-	}
-	if (sym_is_choice_value(sym))
-		return;
-	tri = no;
-	if (sym->rev_dep.expr)
-		tri = expr_calc_value(sym->rev_dep.expr);
-	if (tri == mod && sym_get_type(sym) == S_BOOLEAN)
-		tri = yes;
-	if (sym->rev_dep.tri != tri) {
-		sym->rev_dep.tri = tri;
-		sym_set_changed(sym);
-	}
-}
-
-static struct symbol *sym_calc_choice(struct symbol *sym)
-{
-	struct symbol *def_sym;
-	struct property *prop;
-	struct expr *e;
-
-	/* is the user choice visible? */
-	def_sym = sym->user.val;
-	if (def_sym) {
-		sym_calc_visibility(def_sym);
-		if (def_sym->visible != no)
-			return def_sym;
-	}
-
-	/* any of the defaults visible? */
-	for_all_defaults(sym, prop) {
-		prop->visible.tri = expr_calc_value(prop->visible.expr);
-		if (prop->visible.tri == no)
-			continue;
-		def_sym = prop_get_symbol(prop);
-		sym_calc_visibility(def_sym);
-		if (def_sym->visible != no)
-			return def_sym;
-	}
-
-	/* just get the first visible value */
-	prop = sym_get_choice_prop(sym);
-	for (e = prop->expr; e; e = e->left.expr) {
-		def_sym = e->right.sym;
-		sym_calc_visibility(def_sym);
-		if (def_sym->visible != no)
-			return def_sym;
-	}
-
-	/* no choice? reset tristate value */
-	sym->curr.tri = no;
-	return NULL;
-}
-
-void sym_calc_value(struct symbol *sym)
-{
-	struct symbol_value newval, oldval;
-	struct property *prop;
-	struct expr *e;
-
-	if (!sym)
-		return;
-
-	if (sym->flags & SYMBOL_VALID)
-		return;
-	sym->flags |= SYMBOL_VALID;
-
-	oldval = sym->curr;
-
-	switch (sym->type) {
-	case S_INT:
-	case S_HEX:
-	case S_STRING:
-		newval = symbol_empty.curr;
-		break;
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		newval = symbol_no.curr;
-		break;
-	default:
-		sym->curr.val = sym->name;
-		sym->curr.tri = no;
-		return;
-	}
-	if (!sym_is_choice_value(sym))
-		sym->flags &= ~SYMBOL_WRITE;
-
-	sym_calc_visibility(sym);
-
-	/* set default if recursively called */
-	sym->curr = newval;
-
-	switch (sym_get_type(sym)) {
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		if (sym_is_choice_value(sym) && sym->visible == yes) {
-			prop = sym_get_choice_prop(sym);
-			newval.tri = (prop_get_symbol(prop)->curr.val == sym) ? yes : no;
-		} else if (E_OR(sym->visible, sym->rev_dep.tri) != no) {
-			sym->flags |= SYMBOL_WRITE;
-			if (sym_has_value(sym))
-				newval.tri = sym->user.tri;
-			else if (!sym_is_choice(sym)) {
-				prop = sym_get_default_prop(sym);
-				if (prop)
-					newval.tri = expr_calc_value(prop->expr);
-			}
-			newval.tri = E_OR(E_AND(newval.tri, sym->visible), sym->rev_dep.tri);
-		} else if (!sym_is_choice(sym)) {
-			prop = sym_get_default_prop(sym);
-			if (prop) {
-				sym->flags |= SYMBOL_WRITE;
-				newval.tri = expr_calc_value(prop->expr);
-			}
-		}
-		if (newval.tri == mod && sym_get_type(sym) == S_BOOLEAN)
-			newval.tri = yes;
-		break;
-	case S_STRING:
-	case S_HEX:
-	case S_INT:
-		if (sym->visible != no) {
-			sym->flags |= SYMBOL_WRITE;
-			if (sym_has_value(sym)) {
-				newval.val = sym->user.val;
-				break;
-			}
-		}
-		prop = sym_get_default_prop(sym);
-		if (prop) {
-			struct symbol *ds = prop_get_symbol(prop);
-			if (ds) {
-				sym->flags |= SYMBOL_WRITE;
-				sym_calc_value(ds);
-				newval.val = ds->curr.val;
-			}
-		}
-		break;
-	default:
-		;
-	}
-
-	sym->curr = newval;
-	if (sym_is_choice(sym) && newval.tri == yes)
-		sym->curr.val = sym_calc_choice(sym);
-
-	if (memcmp(&oldval, &sym->curr, sizeof(oldval)))
-		sym_set_changed(sym);
-	if (modules_sym == sym)
-		modules_val = modules_sym->curr.tri;
-
-	if (sym_is_choice(sym)) {
-		int flags = sym->flags & (SYMBOL_CHANGED | SYMBOL_WRITE);
-		prop = sym_get_choice_prop(sym);
-		for (e = prop->expr; e; e = e->left.expr) {
-			e->right.sym->flags |= flags;
-			if (flags & SYMBOL_CHANGED)
-				sym_set_changed(e->right.sym);
-		}
-	}
-}
-
-void sym_clear_all_valid(void)
-{
-	struct symbol *sym;
-	int i;
-
-	for_all_symbols(i, sym)
-		sym->flags &= ~SYMBOL_VALID;
-	sym_change_count++;
-	if (modules_sym)
-		sym_calc_value(modules_sym);
-}
-
-void sym_set_changed(struct symbol *sym)
-{
-	struct property *prop;
-
-	sym->flags |= SYMBOL_CHANGED;
-	for (prop = sym->prop; prop; prop = prop->next) {
-		if (prop->menu)
-			prop->menu->flags |= MENU_CHANGED;
-	}
-}
-
-void sym_set_all_changed(void)
-{
-	struct symbol *sym;
-	int i;
-
-	for_all_symbols(i, sym)
-		sym_set_changed(sym);
-}
-
-bool sym_tristate_within_range(struct symbol *sym, tristate val)
-{
-	int type = sym_get_type(sym);
-
-	if (sym->visible == no)
-		return false;
-
-	if (type != S_BOOLEAN && type != S_TRISTATE)
-		return false;
-
-	if (type == S_BOOLEAN && val == mod)
-		return false;
-	if (sym->visible <= sym->rev_dep.tri)
-		return false;
-	if (sym_is_choice_value(sym) && sym->visible == yes)
-		return val == yes;
-	return val >= sym->rev_dep.tri && val <= sym->visible;
-}
-
-bool sym_set_tristate_value(struct symbol *sym, tristate val)
-{
-	tristate oldval = sym_get_tristate_value(sym);
-
-	if (oldval != val && !sym_tristate_within_range(sym, val))
-		return false;
-
-	if (sym->flags & SYMBOL_NEW) {
-		sym->flags &= ~SYMBOL_NEW;
-		sym_set_changed(sym);
-	}
-	if (sym_is_choice_value(sym) && val == yes) {
-		struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
-
-		cs->user.val = sym;
-		cs->flags &= ~SYMBOL_NEW;
-	}
-
-	sym->user.tri = val;
-	if (oldval != val) {
-		sym_clear_all_valid();
-		if (sym == modules_sym)
-			sym_set_all_changed();
-	}
-
-	return true;
-}
-
-tristate sym_toggle_tristate_value(struct symbol *sym)
-{
-	tristate oldval, newval;
-
-	oldval = newval = sym_get_tristate_value(sym);
-	do {
-		switch (newval) {
-		case no:
-			newval = mod;
-			break;
-		case mod:
-			newval = yes;
-			break;
-		case yes:
-			newval = no;
-			break;
-		}
-		if (sym_set_tristate_value(sym, newval))
-			break;
-	} while (oldval != newval);
-	return newval;
-}
-
-bool sym_string_valid(struct symbol *sym, const char *str)
-{
-	signed char ch;
-
-	switch (sym->type) {
-	case S_STRING:
-		return true;
-	case S_INT:
-		ch = *str++;
-		if (ch == '-')
-			ch = *str++;
-		if (!isdigit(ch))
-			return false;
-		if (ch == '0' && *str != 0)
-			return false;
-		while ((ch = *str++)) {
-			if (!isdigit(ch))
-				return false;
-		}
-		return true;
-	case S_HEX:
-		if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
-			str += 2;
-		ch = *str++;
-		do {
-			if (!isxdigit(ch))
-				return false;
-		} while ((ch = *str++));
-		return true;
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		switch (str[0]) {
-		case 'y': case 'Y':
-		case 'm': case 'M':
-		case 'n': case 'N':
-			return true;
-		}
-		return false;
-	default:
-		return false;
-	}
-}
-
-bool sym_string_within_range(struct symbol *sym, const char *str)
-{
-	struct property *prop;
-	int val;
-
-	switch (sym->type) {
-	case S_STRING:
-		return sym_string_valid(sym, str);
-	case S_INT:
-		if (!sym_string_valid(sym, str))
-			return false;
-		prop = sym_get_range_prop(sym);
-		if (!prop)
-			return true;
-		val = strtol(str, NULL, 10);
-		return val >= strtol(prop->expr->left.sym->name, NULL, 10) &&
-		       val <= strtol(prop->expr->right.sym->name, NULL, 10);
-	case S_HEX:
-		if (!sym_string_valid(sym, str))
-			return false;
-		prop = sym_get_range_prop(sym);
-		if (!prop)
-			return true;
-		val = strtol(str, NULL, 16);
-		return val >= strtol(prop->expr->left.sym->name, NULL, 16) &&
-		       val <= strtol(prop->expr->right.sym->name, NULL, 16);
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		switch (str[0]) {
-		case 'y': case 'Y':
-			return sym_tristate_within_range(sym, yes);
-		case 'm': case 'M':
-			return sym_tristate_within_range(sym, mod);
-		case 'n': case 'N':
-			return sym_tristate_within_range(sym, no);
-		}
-		return false;
-	default:
-		return false;
-	}
-}
-
-bool sym_set_string_value(struct symbol *sym, const char *newval)
-{
-	const char *oldval;
-	char *val;
-	int size;
-
-	switch (sym->type) {
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		switch (newval[0]) {
-		case 'y': case 'Y':
-			return sym_set_tristate_value(sym, yes);
-		case 'm': case 'M':
-			return sym_set_tristate_value(sym, mod);
-		case 'n': case 'N':
-			return sym_set_tristate_value(sym, no);
-		}
-		return false;
-	default:
-		;
-	}
-
-	if (!sym_string_within_range(sym, newval))
-		return false;
-
-	if (sym->flags & SYMBOL_NEW) {
-		sym->flags &= ~SYMBOL_NEW;
-		sym_set_changed(sym);
-	}
-
-	oldval = sym->user.val;
-	size = strlen(newval) + 1;
-	if (sym->type == S_HEX && (newval[0] != '0' || (newval[1] != 'x' && newval[1] != 'X'))) {
-		size += 2;
-		sym->user.val = val = malloc(size);
-		*val++ = '0';
-		*val++ = 'x';
-	} else if (!oldval || strcmp(oldval, newval))
-		sym->user.val = val = malloc(size);
-	else
-		return true;
-
-	strcpy(val, newval);
-	free((void *)oldval);
-	sym_clear_all_valid();
-
-	return true;
-}
-
-const char *sym_get_string_value(struct symbol *sym)
-{
-	tristate val;
-
-	switch (sym->type) {
-	case S_BOOLEAN:
-	case S_TRISTATE:
-		val = sym_get_tristate_value(sym);
-		switch (val) {
-		case no:
-			return "n";
-		case mod:
-			return "m";
-		case yes:
-			return "y";
-		}
-		break;
-	default:
-		;
-	}
-	return (const char *)sym->curr.val;
-}
-
-bool sym_is_changable(struct symbol *sym)
-{
-	return sym->visible > sym->rev_dep.tri;
-}
-
-struct symbol *sym_lookup(const char *name, int isconst)
-{
-	struct symbol *symbol;
-	const char *ptr;
-	char *new_name;
-	int hash = 0;
-
-	if (name) {
-		if (name[0] && !name[1]) {
-			switch (name[0]) {
-			case 'y': return &symbol_yes;
-			case 'm': return &symbol_mod;
-			case 'n': return &symbol_no;
-			}
-		}
-		for (ptr = name; *ptr; ptr++)
-			hash += *ptr;
-		hash &= 0xff;
-
-		for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
-			if (!strcmp(symbol->name, name)) {
-				if ((isconst && symbol->flags & SYMBOL_CONST) ||
-				    (!isconst && !(symbol->flags & SYMBOL_CONST)))
-					return symbol;
-			}
-		}
-		new_name = strdup(name);
-	} else {
-		new_name = NULL;
-		hash = 256;
-	}
-
-	symbol = malloc(sizeof(*symbol));
-	memset(symbol, 0, sizeof(*symbol));
-	symbol->name = new_name;
-	symbol->type = S_UNKNOWN;
-	symbol->flags = SYMBOL_NEW;
-	if (isconst)
-		symbol->flags |= SYMBOL_CONST;
-
-	symbol->next = symbol_hash[hash];
-	symbol_hash[hash] = symbol;
-
-	return symbol;
-}
-
-struct symbol *sym_find(const char *name)
-{
-	struct symbol *symbol = NULL;
-	const char *ptr;
-	int hash = 0;
-
-	if (!name)
-		return NULL;
-
-	if (name[0] && !name[1]) {
-		switch (name[0]) {
-		case 'y': return &symbol_yes;
-		case 'm': return &symbol_mod;
-		case 'n': return &symbol_no;
-		}
-	}
-	for (ptr = name; *ptr; ptr++)
-		hash += *ptr;
-	hash &= 0xff;
-
-	for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
-		if (!strcmp(symbol->name, name) &&
-		    !(symbol->flags & SYMBOL_CONST))
-				break;
-	}
-
-	return symbol;
-}
-
-struct symbol **sym_re_search(const char *pattern)
-{
-	struct symbol *sym, **sym_arr = NULL;
-	int i, cnt, size;
-	regex_t re;
-
-	cnt = size = 0;
-	/* Skip if empty */
-	if (strlen(pattern) == 0)
-		return NULL;
-	if (regcomp(&re, pattern, REG_EXTENDED|REG_NOSUB|REG_ICASE))
-		return NULL;
-
-	for_all_symbols(i, sym) {
-		if (sym->flags & SYMBOL_CONST || !sym->name)
-			continue;
-		if (regexec(&re, sym->name, 0, NULL, 0))
-			continue;
-		if (cnt + 1 >= size) {
-			void *tmp = sym_arr;
-			size += 16;
-			sym_arr = realloc(sym_arr, size * sizeof(struct symbol *));
-			if (!sym_arr) {
-				free(tmp);
-				return NULL;
-			}
-		}
-		sym_arr[cnt++] = sym;
-	}
-	if (sym_arr)
-		sym_arr[cnt] = NULL;
-	regfree(&re);
-
-	return sym_arr;
-}
-
-
-struct symbol *sym_check_deps(struct symbol *sym);
-
-static struct symbol *sym_check_expr_deps(struct expr *e)
-{
-	struct symbol *sym;
-
-	if (!e)
-		return NULL;
-	switch (e->type) {
-	case E_OR:
-	case E_AND:
-		sym = sym_check_expr_deps(e->left.expr);
-		if (sym)
-			return sym;
-		return sym_check_expr_deps(e->right.expr);
-	case E_NOT:
-		return sym_check_expr_deps(e->left.expr);
-	case E_EQUAL:
-	case E_UNEQUAL:
-		sym = sym_check_deps(e->left.sym);
-		if (sym)
-			return sym;
-		return sym_check_deps(e->right.sym);
-	case E_SYMBOL:
-		return sym_check_deps(e->left.sym);
-	default:
-		break;
-	}
-	printf("Oops! How to check %d?\n", e->type);
-	return NULL;
-}
-
-struct symbol *sym_check_deps(struct symbol *sym)
-{
-	struct symbol *sym2;
-	struct property *prop;
-
-	if (sym->flags & SYMBOL_CHECK_DONE)
-		return NULL;
-	if (sym->flags & SYMBOL_CHECK) {
-		printf("Warning! Found recursive dependency: %s", sym->name);
-		return sym;
-	}
-
-	sym->flags |= (SYMBOL_CHECK | SYMBOL_CHECKED);
-	sym2 = sym_check_expr_deps(sym->rev_dep.expr);
-	if (sym2)
-		goto out;
-
-	for (prop = sym->prop; prop; prop = prop->next) {
-		if (prop->type == P_CHOICE || prop->type == P_SELECT)
-			continue;
-		sym2 = sym_check_expr_deps(prop->visible.expr);
-		if (sym2)
-			goto out;
-		if (prop->type != P_DEFAULT || sym_is_choice(sym))
-			continue;
-		sym2 = sym_check_expr_deps(prop->expr);
-		if (sym2)
-			goto out;
-	}
-out:
-	if (sym2)
-		printf(" %s", sym->name);
-	sym->flags &= ~SYMBOL_CHECK;
-	return sym2;
-}
-
-struct property *prop_alloc(enum prop_type type, struct symbol *sym)
-{
-	struct property *prop;
-	struct property **propp;
-
-	prop = malloc(sizeof(*prop));
-	memset(prop, 0, sizeof(*prop));
-	prop->type = type;
-	prop->sym = sym;
-	prop->file = current_file;
-	prop->lineno = zconf_lineno();
-
-	/* append property to the prop list of symbol */
-	if (sym) {
-		for (propp = &sym->prop; *propp; propp = &(*propp)->next)
-			;
-		*propp = prop;
-	}
-
-	return prop;
-}
-
-struct symbol *prop_get_symbol(struct property *prop)
-{
-	if (prop->expr && (prop->expr->type == E_SYMBOL ||
-			   prop->expr->type == E_CHOICE))
-		return prop->expr->left.sym;
-	return NULL;
-}
-
-const char *prop_get_type_name(enum prop_type type)
-{
-	switch (type) {
-	case P_PROMPT:
-		return "prompt";
-	case P_COMMENT:
-		return "comment";
-	case P_MENU:
-		return "menu";
-	case P_DEFAULT:
-		return "default";
-	case P_CHOICE:
-		return "choice";
-	case P_SELECT:
-		return "select";
-	case P_RANGE:
-		return "range";
-	case P_UNKNOWN:
-		break;
-	}
-	return "unknown";
-}
diff --git a/config/scripts/config/util.c b/config/scripts/config/util.c
deleted file mode 100644
index 8fc95a2a70..0000000000
--- a/config/scripts/config/util.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (C) 2002-2005 Roman Zippel <zippel@linux-m68k.org>
- * Copyright (C) 2002-2005 Sam Ravnborg <sam@ravnborg.org>
- *
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <string.h>
-#include "lkc.h"
-
-/* file already present in list? If not add it */
-struct file *file_lookup(const char *name)
-{
-	struct file *file;
-
-	for (file = file_list; file; file = file->next) {
-		if (!strcmp(name, file->name))
-			return file;
-	}
-
-	file = malloc(sizeof(*file));
-	memset(file, 0, sizeof(*file));
-	file->name = strdup(name);
-	file->next = file_list;
-	file_list = file;
-	return file;
-}
-
-/* write a dependency file as used by kbuild to track dependencies */
-int file_write_dep(const char *name)
-{
-	struct file *file;
-	FILE *out;
-
-	if (!name)
-		name = "config/.config.cmd";
-	out = fopen("config/.config.tmp", "w");
-	if (!out)
-		return 1;
-	fprintf(out, "deps_config := \\\n");
-	for (file = file_list; file; file = file->next) {
-		if (file->next)
-			fprintf(out, "\t%s \\\n", file->name);
-		else
-			fprintf(out, "\t%s\n", file->name);
-	}
-	fprintf(out, "\n.config include/config.h: $(deps_config)\n\n$(deps_config):\n");
-	fclose(out);
-	rename(".config.tmp", name);
-	return 0;
-}
-
-
-/* Allocate initial growable sting */
-struct gstr str_new(void)
-{
-	struct gstr gs;
-	gs.s = malloc(sizeof(char) * 64);
-	gs.len = 16;
-	strcpy(gs.s, "\0");
-	return gs;
-}
-
-/* Allocate and assign growable string */
-struct gstr str_assign(const char *s)
-{
-	struct gstr gs;
-	gs.s = strdup(s);
-	gs.len = strlen(s) + 1;
-	return gs;
-}
-
-/* Free storage for growable string */
-void str_free(struct gstr *gs)
-{
-	if (gs->s)
-		free(gs->s);
-	gs->s = NULL;
-	gs->len = 0;
-}
-
-/* Append to growable string */
-void str_append(struct gstr *gs, const char *s)
-{
-	size_t l = strlen(gs->s) + strlen(s) + 1;
-	if (l > gs->len) {
-		gs->s   = realloc(gs->s, l);
-		gs->len = l;
-	}
-	strcat(gs->s, s);
-}
-
-/* Append printf formatted string to growable string */
-void str_printf(struct gstr *gs, const char *fmt, ...)
-{
-	va_list ap;
-	char s[10000]; /* big enough... */
-	va_start(ap, fmt);
-	vsnprintf(s, sizeof(s), fmt, ap);
-	str_append(gs, s);
-	va_end(ap);
-}
-
-/* Retreive value of growable string */
-const char *str_get(struct gstr *gs)
-{
-	return gs->s;
-}
-
diff --git a/config/scripts/config/zconf.l b/config/scripts/config/zconf.l
deleted file mode 100644
index 55517b2877..0000000000
--- a/config/scripts/config/zconf.l
+++ /dev/null
@@ -1,366 +0,0 @@
-%option backup nostdinit noyywrap never-interactive full ecs
-%option 8bit backup nodefault perf-report perf-report
-%x COMMAND HELP STRING PARAM
-%{
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-#define START_STRSIZE	16
-
-char *text;
-static char *text_ptr;
-static int text_size, text_asize;
-
-struct buffer {
-        struct buffer *parent;
-        YY_BUFFER_STATE state;
-};
-
-struct buffer *current_buf;
-
-static int last_ts, first_ts;
-
-static void zconf_endhelp(void);
-static struct buffer *zconf_endfile(void);
-
-void new_string(void)
-{
-	text = malloc(START_STRSIZE);
-	text_asize = START_STRSIZE;
-	text_ptr = text;
-	text_size = 0;
-	*text_ptr = 0;
-}
-
-void append_string(const char *str, int size)
-{
-	int new_size = text_size + size + 1;
-	if (new_size > text_asize) {
-		text = realloc(text, new_size);
-		text_asize = new_size;
-		text_ptr = text + text_size;
-	}
-	memcpy(text_ptr, str, size);
-	text_ptr += size;
-	text_size += size;
-	*text_ptr = 0;
-}
-
-void alloc_string(const char *str, int size)
-{
-	text = malloc(size + 1);
-	memcpy(text, str, size);
-	text[size] = 0;
-}
-%}
-
-ws	[ \n\t]
-n	[A-Za-z0-9_]
-
-%%
-	int str = 0;
-	int ts, i;
-
-[ \t]*#.*\n	current_file->lineno++;
-[ \t]*#.*
-
-[ \t]*\n	current_file->lineno++; return T_EOL;
-
-[ \t]+	{
-	BEGIN(COMMAND);
-}
-
-.	{
-	unput(yytext[0]);
-	BEGIN(COMMAND);
-}
-
-
-<COMMAND>{
-	"mainmenu"		BEGIN(PARAM); return T_MAINMENU;
-	"menu"			BEGIN(PARAM); return T_MENU;
-	"endmenu"		BEGIN(PARAM); return T_ENDMENU;
-	"source"		BEGIN(PARAM); return T_SOURCE;
-	"choice"		BEGIN(PARAM); return T_CHOICE;
-	"endchoice"		BEGIN(PARAM); return T_ENDCHOICE;
-	"comment"		BEGIN(PARAM); return T_COMMENT;
-	"config"		BEGIN(PARAM); return T_CONFIG;
-	"menuconfig"		BEGIN(PARAM); return T_MENUCONFIG;
-	"help"			BEGIN(PARAM); return T_HELP;
-	"if"			BEGIN(PARAM); return T_IF;
-	"endif"			BEGIN(PARAM); return T_ENDIF;
-	"depends"		BEGIN(PARAM); return T_DEPENDS;
-	"requires"		BEGIN(PARAM); return T_REQUIRES;
-	"optional"		BEGIN(PARAM); return T_OPTIONAL;
-	"default"		BEGIN(PARAM); return T_DEFAULT;
-	"prompt"		BEGIN(PARAM); return T_PROMPT;
-	"tristate"		BEGIN(PARAM); return T_TRISTATE;
-	"def_tristate"		BEGIN(PARAM); return T_DEF_TRISTATE;
-	"bool"			BEGIN(PARAM); return T_BOOLEAN;
-	"boolean"		BEGIN(PARAM); return T_BOOLEAN;
-	"def_bool"		BEGIN(PARAM); return T_DEF_BOOLEAN;
-	"def_boolean"		BEGIN(PARAM); return T_DEF_BOOLEAN;
-	"int"			BEGIN(PARAM); return T_INT;
-	"hex"			BEGIN(PARAM); return T_HEX;
-	"string"		BEGIN(PARAM); return T_STRING;
-	"select"		BEGIN(PARAM); return T_SELECT;
-	"enable"		BEGIN(PARAM); return T_SELECT;
-	"range"			BEGIN(PARAM); return T_RANGE;
-	{n}+	{
-		alloc_string(yytext, yyleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	.
-	\n	current_file->lineno++; BEGIN(INITIAL);
-}
-
-<PARAM>{
-	"&&"	return T_AND;
-	"||"	return T_OR;
-	"("	return T_OPEN_PAREN;
-	")"	return T_CLOSE_PAREN;
-	"!"	return T_NOT;
-	"="	return T_EQUAL;
-	"!="	return T_UNEQUAL;
-	"if"	return T_IF;
-	"on"	return T_ON;
-	\"|\'	{
-		str = yytext[0];
-		new_string();
-		BEGIN(STRING);
-	}
-	\n	BEGIN(INITIAL); current_file->lineno++; return T_EOL;
-	---	/* ignore */
-	({n}|[-/.])+	{
-		alloc_string(yytext, yyleng);
-		zconflval.string = text;
-		return T_WORD;
-	}
-	#.*	/* comment */
-	\\\n	current_file->lineno++;
-	.
-	<<EOF>> {
-		BEGIN(INITIAL);
-	}
-}
-
-<STRING>{
-	[^'"\\\n]+/\n	{
-		append_string(yytext, yyleng);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	[^'"\\\n]+	{
-		append_string(yytext, yyleng);
-	}
-	\\.?/\n	{
-		append_string(yytext + 1, yyleng - 1);
-		zconflval.string = text;
-		return T_WORD_QUOTE;
-	}
-	\\.?	{
-		append_string(yytext + 1, yyleng - 1);
-	}
-	\'|\"	{
-		if (str == yytext[0]) {
-			BEGIN(PARAM);
-			zconflval.string = text;
-			return T_WORD_QUOTE;
-		} else
-			append_string(yytext, 1);
-	}
-	\n	{
-		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
-		current_file->lineno++;
-		BEGIN(INITIAL);
-		return T_EOL;
-	}
-	<<EOF>>	{
-		BEGIN(INITIAL);
-	}
-}
-
-<HELP>{
-	[ \t]+	{
-		ts = 0;
-		for (i = 0; i < yyleng; i++) {
-			if (yytext[i] == '\t')
-				ts = (ts & ~7) + 8;
-			else
-				ts++;
-		}
-		last_ts = ts;
-		if (first_ts) {
-			if (ts < first_ts) {
-				zconf_endhelp();
-				return T_HELPTEXT;
-			}
-			ts -= first_ts;
-			while (ts > 8) {
-				append_string("        ", 8);
-				ts -= 8;
-			}
-			append_string("        ", ts);
-		}
-	}
-	[ \t]*\n/[^ \t\n] {
-		current_file->lineno++;
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-	[ \t]*\n	{
-		current_file->lineno++;
-		append_string("\n", 1);
-	}
-	[^ \t\n].* {
-		append_string(yytext, yyleng);
-		if (!first_ts)
-			first_ts = last_ts;
-	}
-	<<EOF>>	{
-		zconf_endhelp();
-		return T_HELPTEXT;
-	}
-}
-
-<<EOF>>	{
-	if (current_buf) {
-		zconf_endfile();
-		return T_EOF;
-	}
-	fclose(yyin);
-	yyterminate();
-}
-
-%%
-void zconf_starthelp(void)
-{
-	new_string();
-	last_ts = first_ts = 0;
-	BEGIN(HELP);
-}
-
-static void zconf_endhelp(void)
-{
-	zconflval.string = text;
-	BEGIN(INITIAL);
-}
-
-
-/*
- * Try to open specified file with following names:
- * ./name
- * $(srctree)/name
- * The latter is used when srctree is separate from objtree
- * when compiling the kernel.
- * Return NULL if file is not found.
- */
-FILE *zconf_fopen(const char *name)
-{
-	char *env, fullname[PATH_MAX+1];
-	FILE *f;
-
-	f = fopen(name, "r");
-	if (!f && name[0] != '/') {
-		env = getenv(SRCTREE);
-		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
-			f = fopen(fullname, "r");
-		}
-	}
-	return f;
-}
-
-void zconf_initscan(const char *name)
-{
-	yyin = zconf_fopen(name);
-	if (!yyin) {
-		printf("can't find file %s\n", name);
-		exit(1);
-	}
-
-	current_buf = malloc(sizeof(*current_buf));
-	memset(current_buf, 0, sizeof(*current_buf));
-
-	current_file = file_lookup(name);
-	current_file->lineno = 1;
-	current_file->flags = FILE_BUSY;
-}
-
-void zconf_nextfile(const char *name)
-{
-	struct file *file = file_lookup(name);
-	struct buffer *buf = malloc(sizeof(*buf));
-	memset(buf, 0, sizeof(*buf));
-
-	current_buf->state = YY_CURRENT_BUFFER;
-	yyin = zconf_fopen(name);
-	if (!yyin) {
-		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
-		exit(1);
-	}
-	yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
-	buf->parent = current_buf;
-	current_buf = buf;
-
-	if (file->flags & FILE_BUSY) {
-		printf("recursive scan (%s)?\n", name);
-		exit(1);
-	}
-	if (file->flags & FILE_SCANNED) {
-		printf("file %s already scanned?\n", name);
-		exit(1);
-	}
-	file->flags |= FILE_BUSY;
-	file->lineno = 1;
-	file->parent = current_file;
-	current_file = file;
-}
-
-static struct buffer *zconf_endfile(void)
-{
-	struct buffer *parent;
-
-	current_file->flags |= FILE_SCANNED;
-	current_file->flags &= ~FILE_BUSY;
-	current_file = current_file->parent;
-
-	parent = current_buf->parent;
-	if (parent) {
-		fclose(yyin);
-		yy_delete_buffer(YY_CURRENT_BUFFER);
-		yy_switch_to_buffer(parent->state);
-	}
-	free(current_buf);
-	current_buf = parent;
-
-	return parent;
-}
-
-int zconf_lineno(void)
-{
-	if (current_buf)
-		return current_file->lineno - 1;
-	else
-		return 0;
-}
-
-char *zconf_curname(void)
-{
-	if (current_buf)
-		return current_file->name;
-	else
-		return "<none>";
-}
diff --git a/config/scripts/config/zconf.tab.c_shipped b/config/scripts/config/zconf.tab.c_shipped
deleted file mode 100644
index cc68dcb9a3..0000000000
--- a/config/scripts/config/zconf.tab.c_shipped
+++ /dev/null
@@ -1,2130 +0,0 @@
-/* A Bison parser, made by GNU Bison 1.875a.  */
-
-/* Skeleton parser for Yacc-like parsing with Bison,
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place - Suite 330,
-   Boston, MA 02111-1307, USA.  */
-
-/* As a special exception, when this file is copied by Bison into a
-   Bison output file, you may use that output file without restriction.
-   This special exception was added by the Free Software Foundation
-   in version 1.24 of Bison.  */
-
-/* Written by Richard Stallman by simplifying the original so called
-   ``semantic'' parser.  */
-
-/* All symbols defined below should begin with yy or YY, to avoid
-   infringing on user name space.  This should be done even for local
-   variables, as they might otherwise be expanded by user macros.
-   There are some unavoidable exceptions within include files to
-   define necessary library symbols; they are noted "INFRINGES ON
-   USER NAME SPACE" below.  */
-
-/* Identify Bison output.  */
-#define YYBISON 1
-
-/* Skeleton name.  */
-#define YYSKELETON_NAME "yacc.c"
-
-/* Pure parsers.  */
-#define YYPURE 0
-
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
-/* If NAME_PREFIX is specified substitute the variables and functions
-   names.  */
-#define yyparse zconfparse
-#define yylex   zconflex
-#define yyerror zconferror
-#define yylval  zconflval
-#define yychar  zconfchar
-#define yydebug zconfdebug
-#define yynerrs zconfnerrs
-
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     T_MAINMENU = 258,
-     T_MENU = 259,
-     T_ENDMENU = 260,
-     T_SOURCE = 261,
-     T_CHOICE = 262,
-     T_ENDCHOICE = 263,
-     T_COMMENT = 264,
-     T_CONFIG = 265,
-     T_MENUCONFIG = 266,
-     T_HELP = 267,
-     T_HELPTEXT = 268,
-     T_IF = 269,
-     T_ENDIF = 270,
-     T_DEPENDS = 271,
-     T_REQUIRES = 272,
-     T_OPTIONAL = 273,
-     T_PROMPT = 274,
-     T_DEFAULT = 275,
-     T_TRISTATE = 276,
-     T_DEF_TRISTATE = 277,
-     T_BOOLEAN = 278,
-     T_DEF_BOOLEAN = 279,
-     T_STRING = 280,
-     T_INT = 281,
-     T_HEX = 282,
-     T_WORD = 283,
-     T_WORD_QUOTE = 284,
-     T_UNEQUAL = 285,
-     T_EOF = 286,
-     T_EOL = 287,
-     T_CLOSE_PAREN = 288,
-     T_OPEN_PAREN = 289,
-     T_ON = 290,
-     T_SELECT = 291,
-     T_RANGE = 292,
-     T_OR = 293,
-     T_AND = 294,
-     T_EQUAL = 295,
-     T_NOT = 296
-   };
-#endif
-#define T_MAINMENU 258
-#define T_MENU 259
-#define T_ENDMENU 260
-#define T_SOURCE 261
-#define T_CHOICE 262
-#define T_ENDCHOICE 263
-#define T_COMMENT 264
-#define T_CONFIG 265
-#define T_MENUCONFIG 266
-#define T_HELP 267
-#define T_HELPTEXT 268
-#define T_IF 269
-#define T_ENDIF 270
-#define T_DEPENDS 271
-#define T_REQUIRES 272
-#define T_OPTIONAL 273
-#define T_PROMPT 274
-#define T_DEFAULT 275
-#define T_TRISTATE 276
-#define T_DEF_TRISTATE 277
-#define T_BOOLEAN 278
-#define T_DEF_BOOLEAN 279
-#define T_STRING 280
-#define T_INT 281
-#define T_HEX 282
-#define T_WORD 283
-#define T_WORD_QUOTE 284
-#define T_UNEQUAL 285
-#define T_EOF 286
-#define T_EOL 287
-#define T_CLOSE_PAREN 288
-#define T_OPEN_PAREN 289
-#define T_ON 290
-#define T_SELECT 291
-#define T_RANGE 292
-#define T_OR 293
-#define T_AND 294
-#define T_EQUAL 295
-#define T_NOT 296
-
-
-
-
-/* Copy the first part of user declarations.  */
-
-
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <ctype.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdbool.h>
-
-#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
-
-#define PRINTD		0x0001
-#define DEBUG_PARSE	0x0002
-
-int cdebug = PRINTD;
-
-extern int zconflex(void);
-static void zconfprint(const char *err, ...);
-static void zconferror(const char *err);
-static bool zconf_endtoken(int token, int starttoken, int endtoken);
-
-struct symbol *symbol_hash[257];
-
-static struct menu *current_menu, *current_entry;
-
-#define YYERROR_VERBOSE
-
-
-/* Enabling traces.  */
-#ifndef YYDEBUG
-# define YYDEBUG 0
-#endif
-
-/* Enabling verbose error messages.  */
-#ifdef YYERROR_VERBOSE
-# undef YYERROR_VERBOSE
-# define YYERROR_VERBOSE 1
-#else
-# define YYERROR_VERBOSE 0
-#endif
-
-#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
-
-typedef union YYSTYPE {
-	int token;
-	char *string;
-	struct symbol *symbol;
-	struct expr *expr;
-	struct menu *menu;
-} YYSTYPE;
-/* Line 191 of yacc.c.  */
-
-# define yystype YYSTYPE /* obsolescent; will be withdrawn */
-# define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
-#endif
-
-
-
-/* Copy the second part of user declarations.  */
-
-
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-
-
-/* Line 214 of yacc.c.  */
-
-
-#if ! defined (yyoverflow) || YYERROR_VERBOSE
-
-/* The parser invokes alloca or malloc; define the necessary symbols.  */
-
-# if YYSTACK_USE_ALLOCA
-#  define YYSTACK_ALLOC alloca
-# else
-#  ifndef YYSTACK_USE_ALLOCA
-#   if defined (alloca) || (defined (_ALLOCA_H) && defined (__GNUC__))
-#    define YYSTACK_ALLOC alloca
-#   else
-#    ifdef __GNUC__
-#     define YYSTACK_ALLOC __builtin_alloca
-#    endif
-#   endif
-#  endif
-# endif
-
-# ifdef YYSTACK_ALLOC
-   /* Pacify GCC's `empty if-body' warning. */
-#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
-# else
-#  if defined (__STDC__) || defined (__cplusplus)
-#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
-#   define YYSIZE_T size_t
-#  endif
-#  define YYSTACK_ALLOC malloc
-#  define YYSTACK_FREE free
-# endif
-#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
-
-
-#if (! defined (yyoverflow) \
-     && (! defined (__cplusplus) \
-	 || (YYSTYPE_IS_TRIVIAL)))
-
-/* A type that is properly aligned for any stack member.  */
-union yyalloc
-{
-  short yyss;
-  YYSTYPE yyvs;
-  };
-
-/* The size of the maximum gap between one aligned stack and the next.  */
-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
-
-/* The size of an array large to enough to hold all stacks, each with
-   N elements.  */
-# define YYSTACK_BYTES(N) \
-     ((N) * (sizeof (short) + sizeof (YYSTYPE))				\
-      + YYSTACK_GAP_MAXIMUM)
-
-/* Copy COUNT objects from FROM to TO.  The source and destination do
-   not overlap.  */
-# ifndef YYCOPY
-#  if 1 < __GNUC__
-#   define YYCOPY(To, From, Count) \
-      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
-#  else
-#   define YYCOPY(To, From, Count)		\
-      do					\
-	{					\
-	  register YYSIZE_T yyi;		\
-	  for (yyi = 0; yyi < (Count); yyi++)	\
-	    (To)[yyi] = (From)[yyi];		\
-	}					\
-      while (0)
-#  endif
-# endif
-
-/* Relocate STACK from its old location to the new one.  The
-   local variables YYSIZE and YYSTACKSIZE give the old and new number of
-   elements in the stack, and YYPTR gives the new location of the
-   stack.  Advance YYPTR to a properly aligned location for the next
-   stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
-    do									\
-      {									\
-	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
-	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
-	yyptr += yynewbytes / sizeof (*yyptr);				\
-      }									\
-    while (0)
-
-#endif
-
-#if defined (__STDC__) || defined (__cplusplus)
-   typedef signed char yysigned_char;
-#else
-   typedef short yysigned_char;
-#endif
-
-/* YYFINAL -- State number of the termination state. */
-#define YYFINAL  2
-/* YYLAST -- Last index in YYTABLE.  */
-#define YYLAST   201
-
-/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS  42
-/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS  41
-/* YYNRULES -- Number of rules. */
-#define YYNRULES  104
-/* YYNRULES -- Number of states. */
-#define YYNSTATES  182
-
-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
-#define YYUNDEFTOK  2
-#define YYMAXUTOK   296
-
-#define YYTRANSLATE(YYX) 						\
-  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
-
-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
-static const unsigned char yytranslate[] =
-{
-       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
-       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
-       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
-      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
-      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
-      35,    36,    37,    38,    39,    40,    41
-};
-
-#if YYDEBUG
-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
-   YYRHS.  */
-static const unsigned short yyprhs[] =
-{
-       0,     0,     3,     4,     7,     9,    11,    13,    17,    19,
-      21,    23,    26,    28,    30,    32,    34,    36,    38,    42,
-      45,    49,    52,    53,    56,    59,    62,    65,    69,    74,
-      78,    83,    87,    91,    95,   100,   105,   110,   116,   119,
-     122,   124,   128,   131,   132,   135,   138,   141,   144,   149,
-     153,   157,   160,   165,   166,   169,   173,   175,   179,   182,
-     183,   186,   189,   192,   196,   199,   201,   205,   208,   209,
-     212,   215,   218,   222,   226,   228,   232,   235,   238,   241,
-     242,   245,   248,   253,   257,   261,   262,   265,   267,   269,
-     272,   275,   278,   280,   282,   283,   286,   288,   292,   296,
-     300,   303,   307,   311,   313
-};
-
-/* YYRHS -- A `-1'-separated list of the rules' RHS. */
-static const yysigned_char yyrhs[] =
-{
-      43,     0,    -1,    -1,    43,    44,    -1,    45,    -1,    55,
-      -1,    66,    -1,     3,    77,    79,    -1,     5,    -1,    15,
-      -1,     8,    -1,     1,    79,    -1,    61,    -1,    71,    -1,
-      47,    -1,    49,    -1,    69,    -1,    79,    -1,    10,    28,
-      32,    -1,    46,    50,    -1,    11,    28,    32,    -1,    48,
-      50,    -1,    -1,    50,    51,    -1,    50,    75,    -1,    50,
-      73,    -1,    50,    32,    -1,    21,    76,    32,    -1,    22,
-      81,    80,    32,    -1,    23,    76,    32,    -1,    24,    81,
-      80,    32,    -1,    26,    76,    32,    -1,    27,    76,    32,
-      -1,    25,    76,    32,    -1,    19,    77,    80,    32,    -1,
-      20,    81,    80,    32,    -1,    36,    28,    80,    32,    -1,
-      37,    82,    82,    80,    32,    -1,     7,    32,    -1,    52,
-      56,    -1,    78,    -1,    53,    58,    54,    -1,    53,    58,
-      -1,    -1,    56,    57,    -1,    56,    75,    -1,    56,    73,
-      -1,    56,    32,    -1,    19,    77,    80,    32,    -1,    21,
-      76,    32,    -1,    23,    76,    32,    -1,    18,    32,    -1,
-      20,    28,    80,    32,    -1,    -1,    58,    45,    -1,    14,
-      81,    32,    -1,    78,    -1,    59,    62,    60,    -1,    59,
-      62,    -1,    -1,    62,    45,    -1,    62,    66,    -1,    62,
-      55,    -1,     4,    77,    32,    -1,    63,    74,    -1,    78,
-      -1,    64,    67,    65,    -1,    64,    67,    -1,    -1,    67,
-      45,    -1,    67,    66,    -1,    67,    55,    -1,    67,     1,
-      32,    -1,     6,    77,    32,    -1,    68,    -1,     9,    77,
-      32,    -1,    70,    74,    -1,    12,    32,    -1,    72,    13,
-      -1,    -1,    74,    75,    -1,    74,    32,    -1,    16,    35,
-      81,    32,    -1,    16,    81,    32,    -1,    17,    81,    32,
-      -1,    -1,    77,    80,    -1,    28,    -1,    29,    -1,     5,
-      79,    -1,     8,    79,    -1,    15,    79,    -1,    32,    -1,
-      31,    -1,    -1,    14,    81,    -1,    82,    -1,    82,    40,
-      82,    -1,    82,    30,    82,    -1,    34,    81,    33,    -1,
-      41,    81,    -1,    81,    38,    81,    -1,    81,    39,    81,
-      -1,    28,    -1,    29,    -1
-};
-
-/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
-static const unsigned short yyrline[] =
-{
-       0,    94,    94,    95,    98,    99,   100,   101,   102,   103,
-     104,   105,   109,   110,   111,   112,   113,   114,   120,   128,
-     134,   142,   152,   154,   155,   156,   157,   160,   166,   173,
-     179,   186,   192,   198,   204,   210,   216,   222,   230,   239,
-     245,   254,   255,   261,   263,   264,   265,   266,   269,   275,
-     281,   287,   293,   299,   301,   306,   315,   324,   325,   331,
-     333,   334,   335,   340,   347,   353,   362,   363,   369,   371,
-     372,   373,   374,   377,   383,   390,   397,   404,   410,   417,
-     418,   419,   422,   427,   432,   440,   442,   447,   448,   451,
-     452,   453,   457,   457,   459,   460,   463,   464,   465,   466,
-     467,   468,   469,   472,   473
-};
-#endif
-
-#if YYDEBUG || YYERROR_VERBOSE
-/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
-   First, the terminals, then, starting at YYNTOKENS, nonterminals. */
-static const char *const yytname[] =
-{
-  "$end", "error", "$undefined", "T_MAINMENU", "T_MENU", "T_ENDMENU",
-  "T_SOURCE", "T_CHOICE", "T_ENDCHOICE", "T_COMMENT", "T_CONFIG",
-  "T_MENUCONFIG", "T_HELP", "T_HELPTEXT", "T_IF", "T_ENDIF", "T_DEPENDS",
-  "T_REQUIRES", "T_OPTIONAL", "T_PROMPT", "T_DEFAULT", "T_TRISTATE",
-  "T_DEF_TRISTATE", "T_BOOLEAN", "T_DEF_BOOLEAN", "T_STRING", "T_INT",
-  "T_HEX", "T_WORD", "T_WORD_QUOTE", "T_UNEQUAL", "T_EOF", "T_EOL",
-  "T_CLOSE_PAREN", "T_OPEN_PAREN", "T_ON", "T_SELECT", "T_RANGE", "T_OR",
-  "T_AND", "T_EQUAL", "T_NOT", "$accept", "input", "block",
-  "common_block", "config_entry_start", "config_stmt",
-  "menuconfig_entry_start", "menuconfig_stmt", "config_option_list",
-  "config_option", "choice", "choice_entry", "choice_end", "choice_stmt",
-  "choice_option_list", "choice_option", "choice_block", "if", "if_end",
-  "if_stmt", "if_block", "menu", "menu_entry", "menu_end", "menu_stmt",
-  "menu_block", "source", "source_stmt", "comment", "comment_stmt",
-  "help_start", "help", "depends_list", "depends", "prompt_stmt_opt",
-  "prompt", "end", "nl_or_eof", "if_expr", "expr", "symbol", 0
-};
-#endif
-
-# ifdef YYPRINT
-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
-   token YYLEX-NUM.  */
-static const unsigned short yytoknum[] =
-{
-       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
-     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
-     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
-     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
-     295,   296
-};
-# endif
-
-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
-static const unsigned char yyr1[] =
-{
-       0,    42,    43,    43,    44,    44,    44,    44,    44,    44,
-      44,    44,    45,    45,    45,    45,    45,    45,    46,    47,
-      48,    49,    50,    50,    50,    50,    50,    51,    51,    51,
-      51,    51,    51,    51,    51,    51,    51,    51,    52,    53,
-      54,    55,    55,    56,    56,    56,    56,    56,    57,    57,
-      57,    57,    57,    58,    58,    59,    60,    61,    61,    62,
-      62,    62,    62,    63,    64,    65,    66,    66,    67,    67,
-      67,    67,    67,    68,    69,    70,    71,    72,    73,    74,
-      74,    74,    75,    75,    75,    76,    76,    77,    77,    78,
-      78,    78,    79,    79,    80,    80,    81,    81,    81,    81,
-      81,    81,    81,    82,    82
-};
-
-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
-static const unsigned char yyr2[] =
-{
-       0,     2,     0,     2,     1,     1,     1,     3,     1,     1,
-       1,     2,     1,     1,     1,     1,     1,     1,     3,     2,
-       3,     2,     0,     2,     2,     2,     2,     3,     4,     3,
-       4,     3,     3,     3,     4,     4,     4,     5,     2,     2,
-       1,     3,     2,     0,     2,     2,     2,     2,     4,     3,
-       3,     2,     4,     0,     2,     3,     1,     3,     2,     0,
-       2,     2,     2,     3,     2,     1,     3,     2,     0,     2,
-       2,     2,     3,     3,     1,     3,     2,     2,     2,     0,
-       2,     2,     4,     3,     3,     0,     2,     1,     1,     2,
-       2,     2,     1,     1,     0,     2,     1,     3,     3,     3,
-       2,     3,     3,     1,     1
-};
-
-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
-   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
-   means the default is an error.  */
-static const unsigned char yydefact[] =
-{
-       2,     0,     1,     0,     0,     0,     8,     0,     0,    10,
-       0,     0,     0,     0,     9,    93,    92,     3,     4,    22,
-      14,    22,    15,    43,    53,     5,    59,    12,    79,    68,
-       6,    74,    16,    79,    13,    17,    11,    87,    88,     0,
-       0,     0,    38,     0,     0,     0,   103,   104,     0,     0,
-       0,    96,    19,    21,    39,    42,    58,    64,     0,    76,
-       7,    63,    73,    75,    18,    20,     0,   100,    55,     0,
-       0,     0,     0,     0,     0,     0,     0,     0,    85,     0,
-      85,     0,    85,    85,    85,    26,     0,     0,    23,     0,
-      25,    24,     0,     0,     0,    85,    85,    47,    44,    46,
-      45,     0,     0,     0,    54,    41,    40,    60,    62,    57,
-      61,    56,    81,    80,     0,    69,    71,    66,    70,    65,
-      99,   101,   102,    98,    97,    77,     0,     0,     0,    94,
-      94,     0,    94,    94,     0,    94,     0,     0,     0,    94,
-       0,    78,    51,    94,    94,     0,     0,    89,    90,    91,
-      72,     0,    83,    84,     0,     0,     0,    27,    86,     0,
-      29,     0,    33,    31,    32,     0,    94,     0,     0,    49,
-      50,    82,    95,    34,    35,    28,    30,    36,     0,    48,
-      52,    37
-};
-
-/* YYDEFGOTO[NTERM-NUM]. */
-static const short yydefgoto[] =
-{
-      -1,     1,    17,    18,    19,    20,    21,    22,    52,    88,
-      23,    24,   105,    25,    54,    98,    55,    26,   109,    27,
-      56,    28,    29,   117,    30,    58,    31,    32,    33,    34,
-      89,    90,    57,    91,   131,   132,   106,    35,   155,    50,
-      51
-};
-
-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
-   STATE-NUM.  */
-#define YYPACT_NINF -99
-static const short yypact[] =
-{
-     -99,    48,   -99,    38,    46,    46,   -99,    46,   -29,   -99,
-      46,   -17,    -3,   -11,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,    38,
-      12,    15,   -99,    18,    51,    62,   -99,   -99,   -11,   -11,
-       4,   -24,   138,   138,   160,   121,   110,    -4,    81,    -4,
-     -99,   -99,   -99,   -99,   -99,   -99,   -19,   -99,   -99,   -11,
-     -11,    70,    70,    73,    32,   -11,    46,   -11,    46,   -11,
-      46,   -11,    46,    46,    46,   -99,    36,    70,   -99,    95,
-     -99,   -99,    96,    46,   106,    46,    46,   -99,   -99,   -99,
-     -99,    38,    38,    38,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   112,   -99,   -99,   -99,   -99,   -99,
-     -99,   117,   -99,   -99,   -99,   -99,   -11,    33,    65,   131,
-       1,   119,   131,     1,   136,     1,   153,   154,   155,   131,
-      70,   -99,   -99,   131,   131,   156,   157,   -99,   -99,   -99,
-     -99,   101,   -99,   -99,   -11,   158,   159,   -99,   -99,   161,
-     -99,   162,   -99,   -99,   -99,   163,   131,   164,   165,   -99,
-     -99,   -99,    99,   -99,   -99,   -99,   -99,   -99,   166,   -99,
-     -99,   -99
-};
-
-/* YYPGOTO[NTERM-NUM].  */
-static const short yypgoto[] =
-{
-     -99,   -99,   -99,   111,   -99,   -99,   -99,   -99,   178,   -99,
-     -99,   -99,   -99,    91,   -99,   -99,   -99,   -99,   -99,   -99,
-     -99,   -99,   -99,   -99,   115,   -99,   -99,   -99,   -99,   -99,
-     -99,   146,   168,    89,    27,     0,   126,    -1,   -98,   -48,
-     -63
-};
-
-/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
-   positive, shift that token.  If negative, reduce the rule which
-   number is the opposite.  If zero, do what YYDEFACT says.
-   If YYTABLE_NINF, syntax error.  */
-#define YYTABLE_NINF -68
-static const short yytable[] =
-{
-      66,    67,    36,    42,    39,    40,    71,    41,   123,   124,
-      43,    44,    74,    75,   120,   154,    72,    46,    47,    69,
-      70,   121,   122,    48,   140,    45,   127,   128,   112,   130,
-      49,   133,   156,   135,   158,   159,    68,   161,    60,    69,
-      70,   165,    69,    70,    61,   167,   168,    62,     2,     3,
-      63,     4,     5,     6,     7,     8,     9,    10,    11,    12,
-      46,    47,    13,    14,   139,   152,    48,   126,   178,    15,
-      16,    69,    70,    49,    37,    38,   129,   166,   151,    15,
-      16,   -67,   114,    64,   -67,     5,   101,     7,     8,   102,
-      10,    11,    12,   143,    65,    13,   103,   153,    46,    47,
-     147,   148,   149,    69,    70,   125,   172,   134,   141,   136,
-     137,   138,    15,    16,     5,   101,     7,     8,   102,    10,
-      11,    12,   145,   146,    13,   103,   101,     7,   142,   102,
-      10,    11,    12,   171,   144,    13,   103,    69,    70,    69,
-      70,    15,    16,   100,   150,   154,   113,   108,   113,   116,
-      73,   157,    15,    16,    74,    75,    70,    76,    77,    78,
-      79,    80,    81,    82,    83,    84,   104,   107,   160,   115,
-      85,   110,    73,   118,    86,    87,    74,    75,    92,    93,
-      94,    95,   111,    96,   119,   162,   163,   164,   169,   170,
-     173,   174,    97,   175,   176,   177,   179,   180,   181,    53,
-      99,    59
-};
-
-static const unsigned char yycheck[] =
-{
-      48,    49,     3,    32,     4,     5,    30,     7,    71,    72,
-      10,    28,    16,    17,    33,    14,    40,    28,    29,    38,
-      39,    69,    70,    34,    87,    28,    74,    75,    32,    77,
-      41,    79,   130,    81,   132,   133,    32,   135,    39,    38,
-      39,   139,    38,    39,    32,   143,   144,    32,     0,     1,
-      32,     3,     4,     5,     6,     7,     8,     9,    10,    11,
-      28,    29,    14,    15,    28,    32,    34,    35,   166,    31,
-      32,    38,    39,    41,    28,    29,    76,   140,   126,    31,
-      32,     0,     1,    32,     3,     4,     5,     6,     7,     8,
-       9,    10,    11,    93,    32,    14,    15,    32,    28,    29,
-     101,   102,   103,    38,    39,    32,   154,    80,    13,    82,
-      83,    84,    31,    32,     4,     5,     6,     7,     8,     9,
-      10,    11,    95,    96,    14,    15,     5,     6,    32,     8,
-       9,    10,    11,    32,    28,    14,    15,    38,    39,    38,
-      39,    31,    32,    54,    32,    14,    57,    56,    59,    58,
-      12,    32,    31,    32,    16,    17,    39,    19,    20,    21,
-      22,    23,    24,    25,    26,    27,    55,    56,    32,    58,
-      32,    56,    12,    58,    36,    37,    16,    17,    18,    19,
-      20,    21,    56,    23,    58,    32,    32,    32,    32,    32,
-      32,    32,    32,    32,    32,    32,    32,    32,    32,    21,
-      54,    33
-};
-
-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
-   symbol of state STATE-NUM.  */
-static const unsigned char yystos[] =
-{
-       0,    43,     0,     1,     3,     4,     5,     6,     7,     8,
-       9,    10,    11,    14,    15,    31,    32,    44,    45,    46,
-      47,    48,    49,    52,    53,    55,    59,    61,    63,    64,
-      66,    68,    69,    70,    71,    79,    79,    28,    29,    77,
-      77,    77,    32,    77,    28,    28,    28,    29,    34,    41,
-      81,    82,    50,    50,    56,    58,    62,    74,    67,    74,
-      79,    32,    32,    32,    32,    32,    81,    81,    32,    38,
-      39,    30,    40,    12,    16,    17,    19,    20,    21,    22,
-      23,    24,    25,    26,    27,    32,    36,    37,    51,    72,
-      73,    75,    18,    19,    20,    21,    23,    32,    57,    73,
-      75,     5,     8,    15,    45,    54,    78,    45,    55,    60,
-      66,    78,    32,    75,     1,    45,    55,    65,    66,    78,
-      33,    81,    81,    82,    82,    32,    35,    81,    81,    77,
-      81,    76,    77,    81,    76,    81,    76,    76,    76,    28,
-      82,    13,    32,    77,    28,    76,    76,    79,    79,    79,
-      32,    81,    32,    32,    14,    80,    80,    32,    80,    80,
-      32,    80,    32,    32,    32,    80,    82,    80,    80,    32,
-      32,    32,    81,    32,    32,    32,    32,    32,    80,    32,
-      32,    32
-};
-
-#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
-# define YYSIZE_T __SIZE_TYPE__
-#endif
-#if ! defined (YYSIZE_T) && defined (size_t)
-# define YYSIZE_T size_t
-#endif
-#if ! defined (YYSIZE_T)
-# if defined (__STDC__) || defined (__cplusplus)
-#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYSIZE_T size_t
-# endif
-#endif
-#if ! defined (YYSIZE_T)
-# define YYSIZE_T unsigned int
-#endif
-
-#define yyerrok		(yyerrstatus = 0)
-#define yyclearin	(yychar = YYEMPTY)
-#define YYEMPTY		(-2)
-#define YYEOF		0
-
-#define YYACCEPT	goto yyacceptlab
-#define YYABORT		goto yyabortlab
-#define YYERROR		goto yyerrlab1
-
-
-/* Like YYERROR except do call yyerror.  This remains here temporarily
-   to ease the transition to the new meaning of YYERROR, for GCC.
-   Once GCC version 2 has supplanted version 1, this can go.  */
-
-#define YYFAIL		goto yyerrlab
-
-#define YYRECOVERING()  (!!yyerrstatus)
-
-#define YYBACKUP(Token, Value)					\
-do								\
-  if (yychar == YYEMPTY && yylen == 1)				\
-    {								\
-      yychar = (Token);						\
-      yylval = (Value);						\
-      yytoken = YYTRANSLATE (yychar);				\
-      YYPOPSTACK;						\
-      goto yybackup;						\
-    }								\
-  else								\
-    { 								\
-      yyerror ("syntax error: cannot back up");\
-      YYERROR;							\
-    }								\
-while (0)
-
-#define YYTERROR	1
-#define YYERRCODE	256
-
-/* YYLLOC_DEFAULT -- Compute the default location (before the actions
-   are run).  */
-
-#ifndef YYLLOC_DEFAULT
-# define YYLLOC_DEFAULT(Current, Rhs, N)         \
-  Current.first_line   = Rhs[1].first_line;      \
-  Current.first_column = Rhs[1].first_column;    \
-  Current.last_line    = Rhs[N].last_line;       \
-  Current.last_column  = Rhs[N].last_column;
-#endif
-
-/* YYLEX -- calling `yylex' with the right arguments.  */
-
-#ifdef YYLEX_PARAM
-# define YYLEX yylex (YYLEX_PARAM)
-#else
-# define YYLEX yylex ()
-#endif
-
-/* Enable debugging if requested.  */
-#if YYDEBUG
-
-# ifndef YYFPRINTF
-#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
-#  define YYFPRINTF fprintf
-# endif
-
-# define YYDPRINTF(Args)			\
-do {						\
-  if (yydebug)					\
-    YYFPRINTF Args;				\
-} while (0)
-
-# define YYDSYMPRINT(Args)			\
-do {						\
-  if (yydebug)					\
-    yysymprint Args;				\
-} while (0)
-
-# define YYDSYMPRINTF(Title, Token, Value, Location)		\
-do {								\
-  if (yydebug)							\
-    {								\
-      YYFPRINTF (stderr, "%s ", Title);				\
-      yysymprint (stderr, 					\
-                  Token, Value);	\
-      YYFPRINTF (stderr, "\n");					\
-    }								\
-} while (0)
-
-/*------------------------------------------------------------------.
-| yy_stack_print -- Print the state stack from its BOTTOM up to its |
-| TOP (cinluded).                                                   |
-`------------------------------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yy_stack_print (short *bottom, short *top)
-#else
-static void
-yy_stack_print (bottom, top)
-    short *bottom;
-    short *top;
-#endif
-{
-  YYFPRINTF (stderr, "Stack now");
-  for (/* Nothing. */; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
-  YYFPRINTF (stderr, "\n");
-}
-
-# define YY_STACK_PRINT(Bottom, Top)				\
-do {								\
-  if (yydebug)							\
-    yy_stack_print ((Bottom), (Top));				\
-} while (0)
-
-
-/*------------------------------------------------.
-| Report that the YYRULE is going to be reduced.  |
-`------------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yy_reduce_print (int yyrule)
-#else
-static void
-yy_reduce_print (yyrule)
-    int yyrule;
-#endif
-{
-  int yyi;
-  unsigned int yylineno = yyrline[yyrule];
-  YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
-             yyrule - 1, yylineno);
-  /* Print the symbols being reduced, and their result.  */
-  for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
-    YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
-  YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
-}
-
-# define YY_REDUCE_PRINT(Rule)		\
-do {					\
-  if (yydebug)				\
-    yy_reduce_print (Rule);		\
-} while (0)
-
-/* Nonzero means print parse trace.  It is left uninitialized so that
-   multiple parsers can coexist.  */
-int yydebug;
-#else /* !YYDEBUG */
-# define YYDPRINTF(Args)
-# define YYDSYMPRINT(Args)
-# define YYDSYMPRINTF(Title, Token, Value, Location)
-# define YY_STACK_PRINT(Bottom, Top)
-# define YY_REDUCE_PRINT(Rule)
-#endif /* !YYDEBUG */
-
-
-/* YYINITDEPTH -- initial size of the parser's stacks.  */
-#ifndef	YYINITDEPTH
-# define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
-   if the built-in stack extension method is used).
-
-   Do not make this value too large; the results are undefined if
-   SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
-   evaluated with infinite-precision integer arithmetic.  */
-
-#if YYMAXDEPTH == 0
-# undef YYMAXDEPTH
-#endif
-
-#ifndef YYMAXDEPTH
-# define YYMAXDEPTH 10000
-#endif
-
-
-
-#if YYERROR_VERBOSE
-
-# ifndef yystrlen
-#  if defined (__GLIBC__) && defined (_STRING_H)
-#   define yystrlen strlen
-#  else
-/* Return the length of YYSTR.  */
-static YYSIZE_T
-#   if defined (__STDC__) || defined (__cplusplus)
-yystrlen (const char *yystr)
-#   else
-yystrlen (yystr)
-     const char *yystr;
-#   endif
-{
-  register const char *yys = yystr;
-
-  while (*yys++ != '\0')
-    continue;
-
-  return yys - yystr - 1;
-}
-#  endif
-# endif
-
-# ifndef yystpcpy
-#  if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
-#   define yystpcpy stpcpy
-#  else
-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-   YYDEST.  */
-static char *
-#   if defined (__STDC__) || defined (__cplusplus)
-yystpcpy (char *yydest, const char *yysrc)
-#   else
-yystpcpy (yydest, yysrc)
-     char *yydest;
-     const char *yysrc;
-#   endif
-{
-  register char *yyd = yydest;
-  register const char *yys = yysrc;
-
-  while ((*yyd++ = *yys++) != '\0')
-    continue;
-
-  return yyd - 1;
-}
-#  endif
-# endif
-
-#endif /* !YYERROR_VERBOSE */
-
-
-
-#if YYDEBUG
-/*--------------------------------.
-| Print this symbol on YYOUTPUT.  |
-`--------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yysymprint (yyoutput, yytype, yyvaluep)
-    FILE *yyoutput;
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  /* Pacify ``unused variable'' warnings.  */
-  (void) yyvaluep;
-
-  if (yytype < YYNTOKENS)
-    {
-      YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
-# ifdef YYPRINT
-      YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
-# endif
-    }
-  else
-    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
-
-  switch (yytype)
-    {
-      default:
-        break;
-    }
-  YYFPRINTF (yyoutput, ")");
-}
-
-#endif /* ! YYDEBUG */
-/*-----------------------------------------------.
-| Release the memory associated to this symbol.  |
-`-----------------------------------------------*/
-
-#if defined (__STDC__) || defined (__cplusplus)
-static void
-yydestruct (int yytype, YYSTYPE *yyvaluep)
-#else
-static void
-yydestruct (yytype, yyvaluep)
-    int yytype;
-    YYSTYPE *yyvaluep;
-#endif
-{
-  /* Pacify ``unused variable'' warnings.  */
-  (void) yyvaluep;
-
-  switch (yytype)
-    {
-
-      default:
-        break;
-    }
-}
-
-
-/* Prevent warnings from -Wmissing-prototypes.  */
-
-#ifdef YYPARSE_PARAM
-# if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void *YYPARSE_PARAM);
-# else
-int yyparse ();
-# endif
-#else /* ! YYPARSE_PARAM */
-#if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void);
-#else
-int yyparse ();
-#endif
-#endif /* ! YYPARSE_PARAM */
-
-
-
-/* The lookahead symbol.  */
-int yychar;
-
-/* The semantic value of the lookahead symbol.  */
-YYSTYPE yylval;
-
-/* Number of syntax errors so far.  */
-int yynerrs;
-
-
-
-/*----------.
-| yyparse.  |
-`----------*/
-
-#ifdef YYPARSE_PARAM
-# if defined (__STDC__) || defined (__cplusplus)
-int yyparse (void *YYPARSE_PARAM)
-# else
-int yyparse (YYPARSE_PARAM)
-  void *YYPARSE_PARAM;
-# endif
-#else /* ! YYPARSE_PARAM */
-#if defined (__STDC__) || defined (__cplusplus)
-int
-yyparse (void)
-#else
-int
-yyparse ()
-
-#endif
-#endif
-{
-
-  register int yystate;
-  register int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Lookahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
-
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
-
-  /* The state stack.  */
-  short	yyssa[YYINITDEPTH];
-  short *yyss = yyssa;
-  register short *yyssp;
-
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  register YYSTYPE *yyvsp;
-
-
-
-#define YYPOPSTACK   (yyvsp--, yyssp--)
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
-
-  /* The variables used to return semantic value and location from the
-     action routines.  */
-  YYSTYPE yyval;
-
-
-  /* When reducing, the number of symbols on the RHS of the reduced
-     rule.  */
-  int yylen;
-
-  YYDPRINTF ((stderr, "Starting parse\n"));
-
-  yystate = 0;
-  yyerrstatus = 0;
-  yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
-
-  /* Initialize stack pointers.
-     Waste one element of value and location stack
-     so that they stay on the same level as the state stack.
-     The wasted elements are never initialized.  */
-
-  yyssp = yyss;
-  yyvsp = yyvs;
-
-  goto yysetstate;
-
-/*------------------------------------------------------------.
-| yynewstate -- Push a new state, which is found in yystate.  |
-`------------------------------------------------------------*/
- yynewstate:
-  /* In all cases, when you get here, the value and location stacks
-     have just been pushed. so pushing a state here evens the stacks.
-     */
-  yyssp++;
-
- yysetstate:
-  *yyssp = yystate;
-
-  if (yyss + yystacksize - 1 <= yyssp)
-    {
-      /* Get the current used size of the three stacks, in elements.  */
-      YYSIZE_T yysize = yyssp - yyss + 1;
-
-#ifdef yyoverflow
-      {
-	/* Give user a chance to reallocate the stack. Use copies of
-	   these so that the &'s don't force the real ones into
-	   memory.  */
-	YYSTYPE *yyvs1 = yyvs;
-	short *yyss1 = yyss;
-
-
-	/* Each stack pointer address is followed by the size of the
-	   data in use in that stack, in bytes.  This used to be a
-	   conditional around just the two extra args, but that might
-	   be undefined if yyoverflow is a macro.  */
-	yyoverflow ("parser stack overflow",
-		    &yyss1, yysize * sizeof (*yyssp),
-		    &yyvs1, yysize * sizeof (*yyvsp),
-
-		    &yystacksize);
-
-	yyss = yyss1;
-	yyvs = yyvs1;
-      }
-#else /* no yyoverflow */
-# ifndef YYSTACK_RELOCATE
-      goto yyoverflowlab;
-# else
-      /* Extend the stack our own way.  */
-      if (YYMAXDEPTH <= yystacksize)
-	goto yyoverflowlab;
-      yystacksize *= 2;
-      if (YYMAXDEPTH < yystacksize)
-	yystacksize = YYMAXDEPTH;
-
-      {
-	short *yyss1 = yyss;
-	union yyalloc *yyptr =
-	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
-	if (! yyptr)
-	  goto yyoverflowlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
-#  undef YYSTACK_RELOCATE
-	if (yyss1 != yyssa)
-	  YYSTACK_FREE (yyss1);
-      }
-# endif
-#endif /* no yyoverflow */
-
-      yyssp = yyss + yysize - 1;
-      yyvsp = yyvs + yysize - 1;
-
-
-      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
-		  (unsigned long int) yystacksize));
-
-      if (yyss + yystacksize - 1 <= yyssp)
-	YYABORT;
-    }
-
-  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
-
-  goto yybackup;
-
-/*-----------.
-| yybackup.  |
-`-----------*/
-yybackup:
-
-/* Do appropriate processing given the current state.  */
-/* Read a lookahead token if we need one and don't already have one.  */
-/* yyresume: */
-
-  /* First try to decide what to do without reference to lookahead token.  */
-
-  yyn = yypact[yystate];
-  if (yyn == YYPACT_NINF)
-    goto yydefault;
-
-  /* Not known => get a lookahead token if don't already have one.  */
-
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
-  if (yychar == YYEMPTY)
-    {
-      YYDPRINTF ((stderr, "Reading a token: "));
-      yychar = YYLEX;
-    }
-
-  if (yychar <= YYEOF)
-    {
-      yychar = yytoken = YYEOF;
-      YYDPRINTF ((stderr, "Now at end of input.\n"));
-    }
-  else
-    {
-      yytoken = YYTRANSLATE (yychar);
-      YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
-    }
-
-  /* If the proper action on seeing token YYTOKEN is to reduce or to
-     detect an error, take that action.  */
-  yyn += yytoken;
-  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
-    goto yydefault;
-  yyn = yytable[yyn];
-  if (yyn <= 0)
-    {
-      if (yyn == 0 || yyn == YYTABLE_NINF)
-	goto yyerrlab;
-      yyn = -yyn;
-      goto yyreduce;
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  /* Shift the lookahead token.  */
-  YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
-
-  /* Discard the token being shifted unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
-
-  *++yyvsp = yylval;
-
-
-  /* Count tokens shifted since error; after three, turn off error
-     status.  */
-  if (yyerrstatus)
-    yyerrstatus--;
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-----------------------------------------------------------.
-| yydefault -- do the default action for the current state.  |
-`-----------------------------------------------------------*/
-yydefault:
-  yyn = yydefact[yystate];
-  if (yyn == 0)
-    goto yyerrlab;
-  goto yyreduce;
-
-
-/*-----------------------------.
-| yyreduce -- Do a reduction.  |
-`-----------------------------*/
-yyreduce:
-  /* yyn is the number of a rule to reduce with.  */
-  yylen = yyr2[yyn];
-
-  /* If YYLEN is nonzero, implement the default value of the action:
-     `$$ = $1'.
-
-     Otherwise, the following line sets YYVAL to garbage.
-     This behavior is undocumented and Bison
-     users should not rely upon it.  Assigning to YYVAL
-     unconditionally makes the parser a bit smaller, and it avoids a
-     GCC warning that YYVAL may be used uninitialized.  */
-  yyval = yyvsp[1-yylen];
-
-
-  YY_REDUCE_PRINT (yyn);
-  switch (yyn)
-    {
-        case 8:
-
-    { zconfprint("unexpected 'endmenu' statement"); ;}
-    break;
-
-  case 9:
-
-    { zconfprint("unexpected 'endif' statement"); ;}
-    break;
-
-  case 10:
-
-    { zconfprint("unexpected 'endchoice' statement"); ;}
-    break;
-
-  case 11:
-
-    { zconfprint("syntax error"); yyerrok; ;}
-    break;
-
-  case 18:
-
-    {
-	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 19:
-
-    {
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 20:
-
-    {
-	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 21:
-
-    {
-	if (current_entry->prompt)
-		current_entry->prompt->type = P_MENU;
-	else
-		zconfprint("warning: menuconfig statement without prompt");
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 27:
-
-    {
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 28:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 29:
-
-    {
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 30:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 31:
-
-    {
-	menu_set_type(S_INT);
-	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 32:
-
-    {
-	menu_set_type(S_HEX);
-	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 33:
-
-    {
-	menu_set_type(S_STRING);
-	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 34:
-
-    {
-	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 35:
-
-    {
-	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 36:
-
-    {
-	menu_add_symbol(P_SELECT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 37:
-
-    {
-	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,yyvsp[-3].symbol, yyvsp[-2].symbol), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 38:
-
-    {
-	struct symbol *sym = sym_lookup(NULL, 0);
-	sym->flags |= SYMBOL_CHOICE;
-	menu_add_entry(sym);
-	menu_add_expr(P_CHOICE, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 39:
-
-    {
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 40:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_CHOICE, T_ENDCHOICE)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 42:
-
-    {
-	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 48:
-
-    {
-	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 49:
-
-    {
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 50:
-
-    {
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 51:
-
-    {
-	current_entry->sym->flags |= SYMBOL_OPTIONAL;
-	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 52:
-
-    {
-	menu_add_symbol(P_DEFAULT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 55:
-
-    {
-	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
-	menu_add_entry(NULL);
-	menu_add_dep(yyvsp[-1].expr);
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 56:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_IF, T_ENDIF)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 58:
-
-    {
-	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 63:
-
-    {
-	menu_add_entry(NULL);
-	menu_add_prop(P_MENU, yyvsp[-1].string, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 64:
-
-    {
-	menu_end_entry();
-	menu_add_menu();
-;}
-    break;
-
-  case 65:
-
-    {
-	if (zconf_endtoken(yyvsp[0].token, T_MENU, T_ENDMENU)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
-	}
-;}
-    break;
-
-  case 67:
-
-    {
-	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-;}
-    break;
-
-  case 72:
-
-    { zconfprint("invalid menu option"); yyerrok; ;}
-    break;
-
-  case 73:
-
-    {
-	yyval.string = yyvsp[-1].string;
-	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
-;}
-    break;
-
-  case 74:
-
-    {
-	zconf_nextfile(yyvsp[0].string);
-;}
-    break;
-
-  case 75:
-
-    {
-	menu_add_entry(NULL);
-	menu_add_prop(P_COMMENT, yyvsp[-1].string, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 76:
-
-    {
-	menu_end_entry();
-;}
-    break;
-
-  case 77:
-
-    {
-	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
-	zconf_starthelp();
-;}
-    break;
-
-  case 78:
-
-    {
-	current_entry->sym->help = yyvsp[0].string;
-;}
-    break;
-
-  case 82:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 83:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 84:
-
-    {
-	menu_add_dep(yyvsp[-1].expr);
-	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
-;}
-    break;
-
-  case 86:
-
-    {
-	menu_add_prop(P_PROMPT, yyvsp[-1].string, NULL, yyvsp[0].expr);
-;}
-    break;
-
-  case 89:
-
-    { yyval.token = T_ENDMENU; ;}
-    break;
-
-  case 90:
-
-    { yyval.token = T_ENDCHOICE; ;}
-    break;
-
-  case 91:
-
-    { yyval.token = T_ENDIF; ;}
-    break;
-
-  case 94:
-
-    { yyval.expr = NULL; ;}
-    break;
-
-  case 95:
-
-    { yyval.expr = yyvsp[0].expr; ;}
-    break;
-
-  case 96:
-
-    { yyval.expr = expr_alloc_symbol(yyvsp[0].symbol); ;}
-    break;
-
-  case 97:
-
-    { yyval.expr = expr_alloc_comp(E_EQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
-    break;
-
-  case 98:
-
-    { yyval.expr = expr_alloc_comp(E_UNEQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
-    break;
-
-  case 99:
-
-    { yyval.expr = yyvsp[-1].expr; ;}
-    break;
-
-  case 100:
-
-    { yyval.expr = expr_alloc_one(E_NOT, yyvsp[0].expr); ;}
-    break;
-
-  case 101:
-
-    { yyval.expr = expr_alloc_two(E_OR, yyvsp[-2].expr, yyvsp[0].expr); ;}
-    break;
-
-  case 102:
-
-    { yyval.expr = expr_alloc_two(E_AND, yyvsp[-2].expr, yyvsp[0].expr); ;}
-    break;
-
-  case 103:
-
-    { yyval.symbol = sym_lookup(yyvsp[0].string, 0); free(yyvsp[0].string); ;}
-    break;
-
-  case 104:
-
-    { yyval.symbol = sym_lookup(yyvsp[0].string, 1); free(yyvsp[0].string); ;}
-    break;
-
-
-    }
-
-/* Line 999 of yacc.c.  */
-
-
-  yyvsp -= yylen;
-  yyssp -= yylen;
-
-
-  YY_STACK_PRINT (yyss, yyssp);
-
-  *++yyvsp = yyval;
-
-
-  /* Now `shift' the result of the reduction.  Determine what state
-     that goes to, based on the state we popped back to and the rule
-     number reduced by.  */
-
-  yyn = yyr1[yyn];
-
-  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
-  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
-    yystate = yytable[yystate];
-  else
-    yystate = yydefgoto[yyn - YYNTOKENS];
-
-  goto yynewstate;
-
-
-/*------------------------------------.
-| yyerrlab -- here on detecting error |
-`------------------------------------*/
-yyerrlab:
-  /* If not already recovering from an error, report this error.  */
-  if (!yyerrstatus)
-    {
-      ++yynerrs;
-#if YYERROR_VERBOSE
-      yyn = yypact[yystate];
-
-      if (YYPACT_NINF < yyn && yyn < YYLAST)
-	{
-	  YYSIZE_T yysize = 0;
-	  int yytype = YYTRANSLATE (yychar);
-	  char *yymsg;
-	  int yyx, yycount;
-
-	  yycount = 0;
-	  /* Start YYX at -YYN if negative to avoid negative indexes in
-	     YYCHECK.  */
-	  for (yyx = yyn < 0 ? -yyn : 0;
-	       yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
-	    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-	      yysize += yystrlen (yytname[yyx]) + 15, yycount++;
-	  yysize += yystrlen ("syntax error, unexpected ") + 1;
-	  yysize += yystrlen (yytname[yytype]);
-	  yymsg = (char *) YYSTACK_ALLOC (yysize);
-	  if (yymsg != 0)
-	    {
-	      char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
-	      yyp = yystpcpy (yyp, yytname[yytype]);
-
-	      if (yycount < 5)
-		{
-		  yycount = 0;
-		  for (yyx = yyn < 0 ? -yyn : 0;
-		       yyx < (int) (sizeof (yytname) / sizeof (char *));
-		       yyx++)
-		    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
-		      {
-			const char *yyq = ! yycount ? ", expecting " : " or ";
-			yyp = yystpcpy (yyp, yyq);
-			yyp = yystpcpy (yyp, yytname[yyx]);
-			yycount++;
-		      }
-		}
-	      yyerror (yymsg);
-	      YYSTACK_FREE (yymsg);
-	    }
-	  else
-	    yyerror ("syntax error; also virtual memory exhausted");
-	}
-      else
-#endif /* YYERROR_VERBOSE */
-	yyerror ("syntax error");
-    }
-
-
-
-  if (yyerrstatus == 3)
-    {
-      /* If just tried and failed to reuse lookahead token after an
-	 error, discard it.  */
-
-      /* Return failure if at end of input.  */
-      if (yychar == YYEOF)
-        {
-	  /* Pop the error token.  */
-          YYPOPSTACK;
-	  /* Pop the rest of the stack.  */
-	  while (yyss < yyssp)
-	    {
-	      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
-	      yydestruct (yystos[*yyssp], yyvsp);
-	      YYPOPSTACK;
-	    }
-	  YYABORT;
-        }
-
-      YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
-      yydestruct (yytoken, &yylval);
-      yychar = YYEMPTY;
-
-    }
-
-  /* Else will try to reuse lookahead token after shifting the error
-     token.  */
-  goto yyerrlab1;
-
-
-/*----------------------------------------------------.
-| yyerrlab1 -- error raised explicitly by an action.  |
-`----------------------------------------------------*/
-yyerrlab1:
-  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
-
-  for (;;)
-    {
-      yyn = yypact[yystate];
-      if (yyn != YYPACT_NINF)
-	{
-	  yyn += YYTERROR;
-	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
-	    {
-	      yyn = yytable[yyn];
-	      if (0 < yyn)
-		break;
-	    }
-	}
-
-      /* Pop the current state because it cannot handle the error token.  */
-      if (yyssp == yyss)
-	YYABORT;
-
-      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
-      yydestruct (yystos[yystate], yyvsp);
-      yyvsp--;
-      yystate = *--yyssp;
-
-      YY_STACK_PRINT (yyss, yyssp);
-    }
-
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
-  YYDPRINTF ((stderr, "Shifting error token, "));
-
-  *++yyvsp = yylval;
-
-
-  yystate = yyn;
-  goto yynewstate;
-
-
-/*-------------------------------------.
-| yyacceptlab -- YYACCEPT comes here.  |
-`-------------------------------------*/
-yyacceptlab:
-  yyresult = 0;
-  goto yyreturn;
-
-/*-----------------------------------.
-| yyabortlab -- YYABORT comes here.  |
-`-----------------------------------*/
-yyabortlab:
-  yyresult = 1;
-  goto yyreturn;
-
-#ifndef yyoverflow
-/*----------------------------------------------.
-| yyoverflowlab -- parser overflow comes here.  |
-`----------------------------------------------*/
-yyoverflowlab:
-  yyerror ("parser stack overflow");
-  yyresult = 2;
-  /* Fall through.  */
-#endif
-
-yyreturn:
-#ifndef yyoverflow
-  if (yyss != yyssa)
-    YYSTACK_FREE (yyss);
-#endif
-  return yyresult;
-}
-
-
-
-
-
-void conf_parse(const char *name)
-{
-	struct symbol *sym;
-	int i;
-
-	zconf_initscan(name);
-
-	sym_init();
-	menu_init();
-	modules_sym = sym_lookup("MODULES", 0);
-	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
-
-	//zconfdebug = 1;
-	zconfparse();
-	if (zconfnerrs)
-		exit(1);
-	menu_finalize(&rootmenu);
-	for_all_symbols(i, sym) {
-                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
-                        printf("\n");
-		else
-			sym->flags |= SYMBOL_CHECK_DONE;
-        }
-
-	sym_change_count = 1;
-}
-
-const char *zconf_tokenname(int token)
-{
-	switch (token) {
-	case T_MENU:		return "menu";
-	case T_ENDMENU:		return "endmenu";
-	case T_CHOICE:		return "choice";
-	case T_ENDCHOICE:	return "endchoice";
-	case T_IF:		return "if";
-	case T_ENDIF:		return "endif";
-	}
-	return "<token>";
-}
-
-static bool zconf_endtoken(int token, int starttoken, int endtoken)
-{
-	if (token != endtoken) {
-		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	if (current_menu->file != current_file) {
-		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	return true;
-}
-
-static void zconfprint(const char *err, ...)
-{
-	va_list ap;
-
-	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
-	va_start(ap, err);
-	vfprintf(stderr, err, ap);
-	va_end(ap);
-	fprintf(stderr, "\n");
-}
-
-static void zconferror(const char *err)
-{
-	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
-}
-
-void print_quoted_string(FILE *out, const char *str)
-{
-	const char *p;
-	int len;
-
-	putc('"', out);
-	while ((p = strchr(str, '"'))) {
-		len = p - str;
-		if (len)
-			fprintf(out, "%.*s", len, str);
-		fputs("\\\"", out);
-		str = p + 1;
-	}
-	fputs(str, out);
-	putc('"', out);
-}
-
-void print_symbol(FILE *out, struct menu *menu)
-{
-	struct symbol *sym = menu->sym;
-	struct property *prop;
-
-	if (sym_is_choice(sym))
-		fprintf(out, "choice\n");
-	else
-		fprintf(out, "config %s\n", sym->name);
-	switch (sym->type) {
-	case S_BOOLEAN:
-		fputs("  boolean\n", out);
-		break;
-	case S_TRISTATE:
-		fputs("  tristate\n", out);
-		break;
-	case S_STRING:
-		fputs("  string\n", out);
-		break;
-	case S_INT:
-		fputs("  integer\n", out);
-		break;
-	case S_HEX:
-		fputs("  hex\n", out);
-		break;
-	default:
-		fputs("  ???\n", out);
-		break;
-	}
-	for (prop = sym->prop; prop; prop = prop->next) {
-		if (prop->menu != menu)
-			continue;
-		switch (prop->type) {
-		case P_PROMPT:
-			fputs("  prompt ", out);
-			print_quoted_string(out, prop->text);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_DEFAULT:
-			fputs( "  default ", out);
-			expr_fprint(prop->expr, out);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_CHOICE:
-			fputs("  #choice value\n", out);
-			break;
-		default:
-			fprintf(out, "  unknown prop %d!\n", prop->type);
-			break;
-		}
-	}
-	if (sym->help) {
-		int len = strlen(sym->help);
-		while (sym->help[--len] == '\n')
-			sym->help[len] = 0;
-		fprintf(out, "  help\n%s\n", sym->help);
-	}
-	fputc('\n', out);
-}
-
-void zconfdump(FILE *out)
-{
-	struct property *prop;
-	struct symbol *sym;
-	struct menu *menu;
-
-	menu = rootmenu.list;
-	while (menu) {
-		if ((sym = menu->sym))
-			print_symbol(out, menu);
-		else if ((prop = menu->prompt)) {
-			switch (prop->type) {
-			case P_COMMENT:
-				fputs("\ncomment ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			case P_MENU:
-				fputs("\nmenu ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			default:
-				;
-			}
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs("  depends ", out);
-				expr_fprint(prop->visible.expr, out);
-				fputc('\n', out);
-			}
-			fputs("\n", out);
-		}
-
-		if (menu->list)
-			menu = menu->list;
-		else if (menu->next)
-			menu = menu->next;
-		else while ((menu = menu->parent)) {
-			if (menu->prompt && menu->prompt->type == P_MENU)
-				fputs("\nendmenu\n", out);
-			if (menu->next) {
-				menu = menu->next;
-				break;
-			}
-		}
-	}
-}
-
-#include "lex.zconf.c"
-#include "util.c"
-#include "confdata.c"
-#include "expr.c"
-#include "symbol.c"
-#include "menu.c"
-
-
diff --git a/config/scripts/config/zconf.tab.h_shipped b/config/scripts/config/zconf.tab.h_shipped
deleted file mode 100644
index 3b191ef599..0000000000
--- a/config/scripts/config/zconf.tab.h_shipped
+++ /dev/null
@@ -1,125 +0,0 @@
-/* A Bison parser, made from zconf.y, by GNU bison 1.75.  */
-
-/* Skeleton parser for Yacc-like parsing with Bison,
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 59 Temple Place - Suite 330,
-   Boston, MA 02111-1307, USA.  */
-
-/* As a special exception, when this file is copied by Bison into a
-   Bison output file, you may use that output file without restriction.
-   This special exception was added by the Free Software Foundation
-   in version 1.24 of Bison.  */
-
-#ifndef BISON_ZCONF_TAB_H
-# define BISON_ZCONF_TAB_H
-
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     T_MAINMENU = 258,
-     T_MENU = 259,
-     T_ENDMENU = 260,
-     T_SOURCE = 261,
-     T_CHOICE = 262,
-     T_ENDCHOICE = 263,
-     T_COMMENT = 264,
-     T_CONFIG = 265,
-     T_HELP = 266,
-     T_HELPTEXT = 267,
-     T_IF = 268,
-     T_ENDIF = 269,
-     T_DEPENDS = 270,
-     T_REQUIRES = 271,
-     T_OPTIONAL = 272,
-     T_PROMPT = 273,
-     T_DEFAULT = 274,
-     T_TRISTATE = 275,
-     T_BOOLEAN = 276,
-     T_INT = 277,
-     T_HEX = 278,
-     T_WORD = 279,
-     T_STRING = 280,
-     T_UNEQUAL = 281,
-     T_EOF = 282,
-     T_EOL = 283,
-     T_CLOSE_PAREN = 284,
-     T_OPEN_PAREN = 285,
-     T_ON = 286,
-     T_OR = 287,
-     T_AND = 288,
-     T_EQUAL = 289,
-     T_NOT = 290
-   };
-#endif
-#define T_MAINMENU 258
-#define T_MENU 259
-#define T_ENDMENU 260
-#define T_SOURCE 261
-#define T_CHOICE 262
-#define T_ENDCHOICE 263
-#define T_COMMENT 264
-#define T_CONFIG 265
-#define T_HELP 266
-#define T_HELPTEXT 267
-#define T_IF 268
-#define T_ENDIF 269
-#define T_DEPENDS 270
-#define T_REQUIRES 271
-#define T_OPTIONAL 272
-#define T_PROMPT 273
-#define T_DEFAULT 274
-#define T_TRISTATE 275
-#define T_BOOLEAN 276
-#define T_INT 277
-#define T_HEX 278
-#define T_WORD 279
-#define T_STRING 280
-#define T_UNEQUAL 281
-#define T_EOF 282
-#define T_EOL 283
-#define T_CLOSE_PAREN 284
-#define T_OPEN_PAREN 285
-#define T_ON 286
-#define T_OR 287
-#define T_AND 288
-#define T_EQUAL 289
-#define T_NOT 290
-
-
-
-
-#ifndef YYSTYPE
-#line 33 "zconf.y"
-typedef union {
-	int token;
-	char *string;
-	struct symbol *symbol;
-	struct expr *expr;
-	struct menu *menu;
-} yystype;
-/* Line 1281 of /usr/share/bison/yacc.c.  */
-#line 118 "zconf.tab.h"
-# define YYSTYPE yystype
-#endif
-
-extern YYSTYPE zconflval;
-
-
-#endif /* not BISON_ZCONF_TAB_H */
-
diff --git a/config/scripts/config/zconf.y b/config/scripts/config/zconf.y
deleted file mode 100644
index cf45da0b20..0000000000
--- a/config/scripts/config/zconf.y
+++ /dev/null
@@ -1,690 +0,0 @@
-%{
-/*
- * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
- * Released under the terms of the GNU GPL v2.0.
- */
-
-#include <ctype.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdbool.h>
-
-#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
-
-#define PRINTD		0x0001
-#define DEBUG_PARSE	0x0002
-
-int cdebug = PRINTD;
-
-extern int zconflex(void);
-static void zconfprint(const char *err, ...);
-static void zconferror(const char *err);
-static bool zconf_endtoken(int token, int starttoken, int endtoken);
-
-struct symbol *symbol_hash[257];
-
-static struct menu *current_menu, *current_entry;
-
-#define YYERROR_VERBOSE
-%}
-%expect 40
-
-%union
-{
-	int token;
-	char *string;
-	struct symbol *symbol;
-	struct expr *expr;
-	struct menu *menu;
-}
-
-%token T_MAINMENU
-%token T_MENU
-%token T_ENDMENU
-%token T_SOURCE
-%token T_CHOICE
-%token T_ENDCHOICE
-%token T_COMMENT
-%token T_CONFIG
-%token T_MENUCONFIG
-%token T_HELP
-%token <string> T_HELPTEXT
-%token T_IF
-%token T_ENDIF
-%token T_DEPENDS
-%token T_REQUIRES
-%token T_OPTIONAL
-%token T_PROMPT
-%token T_DEFAULT
-%token T_TRISTATE
-%token T_DEF_TRISTATE
-%token T_BOOLEAN
-%token T_DEF_BOOLEAN
-%token T_STRING
-%token T_INT
-%token T_HEX
-%token <string> T_WORD
-%token <string> T_WORD_QUOTE
-%token T_UNEQUAL
-%token T_EOF
-%token T_EOL
-%token T_CLOSE_PAREN
-%token T_OPEN_PAREN
-%token T_ON
-%token T_SELECT
-%token T_RANGE
-
-%left T_OR
-%left T_AND
-%left T_EQUAL T_UNEQUAL
-%nonassoc T_NOT
-
-%type <string> prompt
-%type <string> source
-%type <symbol> symbol
-%type <expr> expr
-%type <expr> if_expr
-%type <token> end
-
-%{
-#define LKC_DIRECT_LINK
-#include "lkc.h"
-%}
-%%
-input:	  /* empty */
-	| input block
-;
-
-block:	  common_block
-	| choice_stmt
-	| menu_stmt
-	| T_MAINMENU prompt nl_or_eof
-	| T_ENDMENU		{ zconfprint("unexpected 'endmenu' statement"); }
-	| T_ENDIF		{ zconfprint("unexpected 'endif' statement"); }
-	| T_ENDCHOICE		{ zconfprint("unexpected 'endchoice' statement"); }
-	| error nl_or_eof	{ zconfprint("syntax error"); yyerrok; }
-;
-
-common_block:
-	  if_stmt
-	| comment_stmt
-	| config_stmt
-	| menuconfig_stmt
-	| source_stmt
-	| nl_or_eof
-;
-
-
-/* config/menuconfig entry */
-
-config_entry_start: T_CONFIG T_WORD T_EOL
-{
-	struct symbol *sym = sym_lookup($2, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), $2);
-};
-
-config_stmt: config_entry_start config_option_list
-{
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-};
-
-menuconfig_entry_start: T_MENUCONFIG T_WORD T_EOL
-{
-	struct symbol *sym = sym_lookup($2, 0);
-	sym->flags |= SYMBOL_OPTIONAL;
-	menu_add_entry(sym);
-	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), $2);
-};
-
-menuconfig_stmt: menuconfig_entry_start config_option_list
-{
-	if (current_entry->prompt)
-		current_entry->prompt->type = P_MENU;
-	else
-		zconfprint("warning: menuconfig statement without prompt");
-	menu_end_entry();
-	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
-};
-
-config_option_list:
-	  /* empty */
-	| config_option_list config_option
-	| config_option_list depends
-	| config_option_list help
-	| config_option_list T_EOL
-;
-
-config_option: T_TRISTATE prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_DEF_TRISTATE expr if_expr T_EOL
-{
-	menu_add_expr(P_DEFAULT, $2, $3);
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_BOOLEAN prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_DEF_BOOLEAN expr if_expr T_EOL
-{
-	menu_add_expr(P_DEFAULT, $2, $3);
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_INT prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_INT);
-	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_HEX prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_HEX);
-	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_STRING prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_STRING);
-	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_PROMPT prompt if_expr T_EOL
-{
-	menu_add_prompt(P_PROMPT, $2, $3);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_DEFAULT expr if_expr T_EOL
-{
-	menu_add_expr(P_DEFAULT, $2, $3);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_SELECT T_WORD if_expr T_EOL
-{
-	menu_add_symbol(P_SELECT, sym_lookup($2, 0), $3);
-	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
-};
-
-config_option: T_RANGE symbol symbol if_expr T_EOL
-{
-	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,$2, $3), $4);
-	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
-};
-
-/* choice entry */
-
-choice: T_CHOICE T_EOL
-{
-	struct symbol *sym = sym_lookup(NULL, 0);
-	sym->flags |= SYMBOL_CHOICE;
-	menu_add_entry(sym);
-	menu_add_expr(P_CHOICE, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
-};
-
-choice_entry: choice choice_option_list
-{
-	menu_end_entry();
-	menu_add_menu();
-};
-
-choice_end: end
-{
-	if (zconf_endtoken($1, T_CHOICE, T_ENDCHOICE)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
-	}
-};
-
-choice_stmt:
-	  choice_entry choice_block choice_end
-	| choice_entry choice_block
-{
-	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-};
-
-choice_option_list:
-	  /* empty */
-	| choice_option_list choice_option
-	| choice_option_list depends
-	| choice_option_list help
-	| choice_option_list T_EOL
-;
-
-choice_option: T_PROMPT prompt if_expr T_EOL
-{
-	menu_add_prompt(P_PROMPT, $2, $3);
-	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
-};
-
-choice_option: T_TRISTATE prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_TRISTATE);
-	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
-};
-
-choice_option: T_BOOLEAN prompt_stmt_opt T_EOL
-{
-	menu_set_type(S_BOOLEAN);
-	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
-};
-
-choice_option: T_OPTIONAL T_EOL
-{
-	current_entry->sym->flags |= SYMBOL_OPTIONAL;
-	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
-};
-
-choice_option: T_DEFAULT T_WORD if_expr T_EOL
-{
-	menu_add_symbol(P_DEFAULT, sym_lookup($2, 0), $3);
-	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
-};
-
-choice_block:
-	  /* empty */
-	| choice_block common_block
-;
-
-/* if entry */
-
-if: T_IF expr T_EOL
-{
-	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
-	menu_add_entry(NULL);
-	menu_add_dep($2);
-	menu_end_entry();
-	menu_add_menu();
-};
-
-if_end: end
-{
-	if (zconf_endtoken($1, T_IF, T_ENDIF)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
-	}
-};
-
-if_stmt:
-	  if if_block if_end
-	| if if_block
-{
-	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-};
-
-if_block:
-	  /* empty */
-	| if_block common_block
-	| if_block menu_stmt
-	| if_block choice_stmt
-;
-
-/* menu entry */
-
-menu: T_MENU prompt T_EOL
-{
-	menu_add_entry(NULL);
-	menu_add_prop(P_MENU, $2, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
-};
-
-menu_entry: menu depends_list
-{
-	menu_end_entry();
-	menu_add_menu();
-};
-
-menu_end: end
-{
-	if (zconf_endtoken($1, T_MENU, T_ENDMENU)) {
-		menu_end_menu();
-		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
-	}
-};
-
-menu_stmt:
-	  menu_entry menu_block menu_end
-	| menu_entry menu_block
-{
-	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
-	zconfnerrs++;
-};
-
-menu_block:
-	  /* empty */
-	| menu_block common_block
-	| menu_block menu_stmt
-	| menu_block choice_stmt
-	| menu_block error T_EOL		{ zconfprint("invalid menu option"); yyerrok; }
-;
-
-source: T_SOURCE prompt T_EOL
-{
-	$$ = $2;
-	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), $2);
-};
-
-source_stmt: source
-{
-	zconf_nextfile($1);
-};
-
-/* comment entry */
-
-comment: T_COMMENT prompt T_EOL
-{
-	menu_add_entry(NULL);
-	menu_add_prop(P_COMMENT, $2, NULL, NULL);
-	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
-};
-
-comment_stmt: comment depends_list
-{
-	menu_end_entry();
-};
-
-/* help option */
-
-help_start: T_HELP T_EOL
-{
-	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
-	zconf_starthelp();
-};
-
-help: help_start T_HELPTEXT
-{
-	current_entry->sym->help = $2;
-};
-
-/* depends option */
-
-depends_list:	  /* empty */
-		| depends_list depends
-		| depends_list T_EOL
-;
-
-depends: T_DEPENDS T_ON expr T_EOL
-{
-	menu_add_dep($3);
-	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
-}
-	| T_DEPENDS expr T_EOL
-{
-	menu_add_dep($2);
-	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
-}
-	| T_REQUIRES expr T_EOL
-{
-	menu_add_dep($2);
-	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
-};
-
-/* prompt statement */
-
-prompt_stmt_opt:
-	  /* empty */
-	| prompt if_expr
-{
-	menu_add_prop(P_PROMPT, $1, NULL, $2);
-};
-
-prompt:	  T_WORD
-	| T_WORD_QUOTE
-;
-
-end:	  T_ENDMENU nl_or_eof	{ $$ = T_ENDMENU; }
-	| T_ENDCHOICE nl_or_eof	{ $$ = T_ENDCHOICE; }
-	| T_ENDIF nl_or_eof	{ $$ = T_ENDIF; }
-;
-
-nl_or_eof:
-	T_EOL | T_EOF;
-
-if_expr:  /* empty */			{ $$ = NULL; }
-	| T_IF expr			{ $$ = $2; }
-;
-
-expr:	  symbol				{ $$ = expr_alloc_symbol($1); }
-	| symbol T_EQUAL symbol			{ $$ = expr_alloc_comp(E_EQUAL, $1, $3); }
-	| symbol T_UNEQUAL symbol		{ $$ = expr_alloc_comp(E_UNEQUAL, $1, $3); }
-	| T_OPEN_PAREN expr T_CLOSE_PAREN	{ $$ = $2; }
-	| T_NOT expr				{ $$ = expr_alloc_one(E_NOT, $2); }
-	| expr T_OR expr			{ $$ = expr_alloc_two(E_OR, $1, $3); }
-	| expr T_AND expr			{ $$ = expr_alloc_two(E_AND, $1, $3); }
-;
-
-symbol:	  T_WORD	{ $$ = sym_lookup($1, 0); free($1); }
-	| T_WORD_QUOTE	{ $$ = sym_lookup($1, 1); free($1); }
-;
-
-%%
-
-void conf_parse(const char *name)
-{
-	struct symbol *sym;
-	int i;
-
-	zconf_initscan(name);
-
-	sym_init();
-	menu_init();
-	modules_sym = sym_lookup("MODULES", 0);
-	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
-
-	//zconfdebug = 1;
-	zconfparse();
-	if (zconfnerrs)
-		exit(1);
-	menu_finalize(&rootmenu);
-	for_all_symbols(i, sym) {
-                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
-                        printf("\n");
-		else
-			sym->flags |= SYMBOL_CHECK_DONE;
-        }
-
-	sym_change_count = 1;
-}
-
-const char *zconf_tokenname(int token)
-{
-	switch (token) {
-	case T_MENU:		return "menu";
-	case T_ENDMENU:		return "endmenu";
-	case T_CHOICE:		return "choice";
-	case T_ENDCHOICE:	return "endchoice";
-	case T_IF:		return "if";
-	case T_ENDIF:		return "endif";
-	}
-	return "<token>";
-}
-
-static bool zconf_endtoken(int token, int starttoken, int endtoken)
-{
-	if (token != endtoken) {
-		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	if (current_menu->file != current_file) {
-		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
-		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
-		zconfnerrs++;
-		return false;
-	}
-	return true;
-}
-
-static void zconfprint(const char *err, ...)
-{
-	va_list ap;
-
-	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
-	va_start(ap, err);
-	vfprintf(stderr, err, ap);
-	va_end(ap);
-	fprintf(stderr, "\n");
-}
-
-static void zconferror(const char *err)
-{
-	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
-}
-
-void print_quoted_string(FILE *out, const char *str)
-{
-	const char *p;
-	int len;
-
-	putc('"', out);
-	while ((p = strchr(str, '"'))) {
-		len = p - str;
-		if (len)
-			fprintf(out, "%.*s", len, str);
-		fputs("\\\"", out);
-		str = p + 1;
-	}
-	fputs(str, out);
-	putc('"', out);
-}
-
-void print_symbol(FILE *out, struct menu *menu)
-{
-	struct symbol *sym = menu->sym;
-	struct property *prop;
-
-	if (sym_is_choice(sym))
-		fprintf(out, "choice\n");
-	else
-		fprintf(out, "config %s\n", sym->name);
-	switch (sym->type) {
-	case S_BOOLEAN:
-		fputs("  boolean\n", out);
-		break;
-	case S_TRISTATE:
-		fputs("  tristate\n", out);
-		break;
-	case S_STRING:
-		fputs("  string\n", out);
-		break;
-	case S_INT:
-		fputs("  integer\n", out);
-		break;
-	case S_HEX:
-		fputs("  hex\n", out);
-		break;
-	default:
-		fputs("  ???\n", out);
-		break;
-	}
-	for (prop = sym->prop; prop; prop = prop->next) {
-		if (prop->menu != menu)
-			continue;
-		switch (prop->type) {
-		case P_PROMPT:
-			fputs("  prompt ", out);
-			print_quoted_string(out, prop->text);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_DEFAULT:
-			fputs( "  default ", out);
-			expr_fprint(prop->expr, out);
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs(" if ", out);
-				expr_fprint(prop->visible.expr, out);
-			}
-			fputc('\n', out);
-			break;
-		case P_CHOICE:
-			fputs("  #choice value\n", out);
-			break;
-		default:
-			fprintf(out, "  unknown prop %d!\n", prop->type);
-			break;
-		}
-	}
-	if (sym->help) {
-		int len = strlen(sym->help);
-		while (sym->help[--len] == '\n')
-			sym->help[len] = 0;
-		fprintf(out, "  help\n%s\n", sym->help);
-	}
-	fputc('\n', out);
-}
-
-void zconfdump(FILE *out)
-{
-	struct property *prop;
-	struct symbol *sym;
-	struct menu *menu;
-
-	menu = rootmenu.list;
-	while (menu) {
-		if ((sym = menu->sym))
-			print_symbol(out, menu);
-		else if ((prop = menu->prompt)) {
-			switch (prop->type) {
-			case P_COMMENT:
-				fputs("\ncomment ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			case P_MENU:
-				fputs("\nmenu ", out);
-				print_quoted_string(out, prop->text);
-				fputs("\n", out);
-				break;
-			default:
-				;
-			}
-			if (!expr_is_yes(prop->visible.expr)) {
-				fputs("  depends ", out);
-				expr_fprint(prop->visible.expr, out);
-				fputc('\n', out);
-			}
-			fputs("\n", out);
-		}
-
-		if (menu->list)
-			menu = menu->list;
-		else if (menu->next)
-			menu = menu->next;
-		else while ((menu = menu->parent)) {
-			if (menu->prompt && menu->prompt->type == P_MENU)
-				fputs("\nendmenu\n", out);
-			if (menu->next) {
-				menu = menu->next;
-				break;
-			}
-		}
-	}
-}
-
-#include "lex.zconf.c"
-#include "util.c"
-#include "confdata.c"
-#include "expr.c"
-#include "symbol.c"
-#include "menu.c"
diff --git a/config/win32config b/config/win32config
deleted file mode 100644
index a90b85a0ef..0000000000
--- a/config/win32config
+++ /dev/null
@@ -1,115 +0,0 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-CONFIG_PLATFORM_WIN32=y
-
-#
-# General Configuration
-#
-PREFIX=""
-# CONFIG_DEBUG is not set
-
-#
-# Microsoft Compiler Options
-#
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-CONFIG_VISUAL_STUDIO_7_0=y
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
-# CONFIG_USE_DEV_URANDOM is not set
-CONFIG_WIN32_USE_CRYPTO_LIB=y
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
-
-#
-# Axhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_PORT=80
-CONFIG_HTTP_HTTPS_PORT=443
-CONFIG_HTTP_SESSION_CACHE_SIZE=5
-CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_TIMEOUT=300
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-CONFIG_HTTP_DIRECTORIES=y
-# CONFIG_HTTP_PERM_CHECK is not set
-CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_ALL_MIME_TYPES=y
-CONFIG_HTTP_VERBOSE=y
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-CONFIG_CSHARP_BINDINGS=y
-CONFIG_VBNET_BINDINGS=y
-
-#
-# .Net Framework
-#
-CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-CONFIG_JAVA_BINDINGS=y
-
-#
-# Java Home
-#
-CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-CONFIG_CSHARP_SAMPLES=y
-CONFIG_VBNET_SAMPLES=y
-CONFIG_JAVA_SAMPLES=y
-# CONFIG_PERL_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/docsrc/Makefile b/docsrc/Makefile
deleted file mode 100644
index 136264b08d..0000000000
--- a/docsrc/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../config/makefile.conf
-
-all:
-
-doco:
-	doxygen ./axTLS.dox
-
-clean::
-	@-rm -fr html *~
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
deleted file mode 100644
index e4763d6f34..0000000000
--- a/docsrc/axTLS.dox
+++ /dev/null
@@ -1,1237 +0,0 @@
-# Doxyfile 1.4.5
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-#       TAG = value [value, ...]
-# For lists items can also be appended using:
-#       TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
-# by quotes) that should identify the project.
-
-PROJECT_NAME           = axTLS
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
-# This could be handy for archiving the generated documentation or 
-# if some version control system is used.
-
-PROJECT_NUMBER         = 
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
-# base path where the generated documentation will be put. 
-# If a relative path is entered, it will be relative to the location 
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY       = 
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
-# 4096 sub-directories (in 2 levels) under the output directory of each output 
-# format and will distribute the generated files over these directories. 
-# Enabling this option can be useful when feeding doxygen a huge amount of 
-# source files, where putting all generated files in the same directory would 
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS         = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
-# documentation generated by doxygen is written. Doxygen will use this 
-# information to generate all constant output in the proper language. 
-# The default language is English, other supported languages are: 
-# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, 
-# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, 
-# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian, 
-# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, 
-# Swedish, and Ukrainian.
-
-OUTPUT_LANGUAGE        = English
-
-# This tag can be used to specify the encoding used in the generated output. 
-# The encoding is not always determined by the language that is chosen, 
-# but also whether or not the output is meant for Windows or non-Windows users. 
-# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
-# forces the Windows encoding (this is the default for the Windows binary), 
-# whereas setting the tag to NO uses a Unix-style encoding (the default for 
-# all platforms other than Windows).
-
-USE_WINDOWS_ENCODING   = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
-# include brief member descriptions after the members that are listed in 
-# the file and class documentation (similar to JavaDoc). 
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC      = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
-# the brief description of a member or function before the detailed description. 
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF           = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator 
-# that is used to form the text in various listings. Each string 
-# in this list, if found as the leading text of the brief description, will be 
-# stripped from the text and the result after processing the whole list, is 
-# used as the annotated text. Otherwise, the brief description is used as-is. 
-# If left blank, the following values are used ("$name" is automatically 
-# replaced with the name of the entity): "The $name class" "The $name widget" 
-# "The $name file" "is" "provides" "specifies" "contains" 
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF       = 
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
-# Doxygen will generate a detailed section even if there is only a brief 
-# description.
-
-ALWAYS_DETAILED_SEC    = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
-# inherited members of a class in the documentation of that class as if those 
-# members were ordinary class members. Constructors, destructors and assignment 
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB  = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
-# path before files name in the file list and in the header files. If set 
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES        = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
-# can be used to strip a user-defined part of the path. Stripping is 
-# only done if one of the specified strings matches the left-hand part of 
-# the path. The tag can be used to show relative paths in the file list. 
-# If left blank the directory from which doxygen is run is used as the 
-# path to strip.
-
-STRIP_FROM_PATH        = 
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
-# the path mentioned in the documentation of a class, which tells 
-# the reader which header file to include in order to use a class. 
-# If left blank only the name of the header file containing the class 
-# definition is used. Otherwise one should specify the include paths that 
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH    = 
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
-# (but less readable) file names. This can be useful is your file systems 
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES            = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
-# will interpret the first line (until the first dot) of a JavaDoc-style 
-# comment as the brief description. If set to NO, the JavaDoc 
-# comments will behave just like the Qt-style comments (thus requiring an 
-# explicit @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF      = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
-# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
-# comments) as a brief description. This used to be the default behaviour. 
-# The new default is to treat a multi-line C++ comment block as a detailed 
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member 
-# documentation.
-
-DETAILS_AT_TOP         = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
-# member inherits the documentation from any documented member that it 
-# re-implements.
-
-INHERIT_DOCS           = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
-# a new page for each member. If set to NO, the documentation of a member will 
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES  = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE               = 4
-
-# This tag can be used to specify a number of aliases that acts 
-# as commands in the documentation. An alias has the form "name=value". 
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
-# put the command \sideeffect (or @sideeffect) in the documentation, which 
-# will result in a user-defined paragraph with heading "Side Effects:". 
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES                = 
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
-# sources only. Doxygen will then generate output that is more tailored for C. 
-# For instance, some of the names that are used will be different. The list 
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C  = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
-# sources only. Doxygen will then generate output that is more tailored for Java. 
-# For instance, namespaces will be presented as packages, qualified scopes 
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA   = NO
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
-# include (a tag file for) the STL sources as input, then you should 
-# set this tag to YES in order to let doxygen match functions declarations and 
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
-# func(std::string) {}). This also make the inheritance and collaboration 
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT    = NO
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
-# tag is set to YES, then doxygen will reuse the documentation of the first 
-# member in the group (if any) for the other members of the group. By default 
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC   = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
-# the same type (for instance a group of public functions) to be put as a 
-# subgroup of that type (e.g. under the Public Functions section). Set it to 
-# NO to prevent subgrouping. Alternatively, this can be done per class using 
-# the \nosubgrouping command.
-
-SUBGROUPING            = YES
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
-# documentation are documented, even if no documentation was available. 
-# Private class members and static file members will be hidden unless 
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL            = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
-# will be included in the documentation.
-
-EXTRACT_PRIVATE        = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file 
-# will be included in the documentation.
-
-EXTRACT_STATIC         = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
-# defined locally in source files will be included in the documentation. 
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES  = YES
-
-# This flag is only useful for Objective-C code. When set to YES local 
-# methods, which are defined in the implementation section but not in 
-# the interface are included in the documentation. 
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS  = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
-# undocumented members of documented classes, files or namespaces. 
-# If set to NO (the default) these members will be included in the 
-# various overviews, but no documentation section is generated. 
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS     = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
-# undocumented classes that are normally visible in the class hierarchy. 
-# If set to NO (the default) these classes will be included in the various 
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES     = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
-# friend (class|struct|union) declarations. 
-# If set to NO (the default) these declarations will be included in the 
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS  = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
-# documentation blocks found inside the body of a function. 
-# If set to NO (the default) these blocks will be appended to the 
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS      = NO
-
-# The INTERNAL_DOCS tag determines if documentation 
-# that is typed after a \internal command is included. If the tag is set 
-# to NO (the default) then the documentation will be excluded. 
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS          = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
-# file names in lower-case letters. If set to YES upper-case letters are also 
-# allowed. This is useful if you have classes or files whose names only differ 
-# in case and if your file system supports case sensitive file names. Windows 
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES       = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
-# will show members with their full class and namespace scopes in the 
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES       = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
-# will put a list of the files that are included by a file in the documentation 
-# of that file.
-
-SHOW_INCLUDE_FILES     = NO
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
-# is inserted in the documentation for inline members.
-
-INLINE_INFO            = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
-# will sort the (detailed) documentation of file and class members 
-# alphabetically by member name. If set to NO the members will appear in 
-# declaration order.
-
-SORT_MEMBER_DOCS       = NO
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
-# brief documentation of file, namespace and class members alphabetically 
-# by member name. If set to NO (the default) the members will appear in 
-# declaration order.
-
-SORT_BRIEF_DOCS        = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
-# sorted by fully-qualified names, including namespaces. If set to 
-# NO (the default), the class list will be sorted only by class name, 
-# not including the namespace part. 
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the 
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME     = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or 
-# disable (NO) the todo list. This list is created by putting \todo 
-# commands in the documentation.
-
-GENERATE_TODOLIST      = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or 
-# disable (NO) the test list. This list is created by putting \test 
-# commands in the documentation.
-
-GENERATE_TESTLIST      = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or 
-# disable (NO) the bug list. This list is created by putting \bug 
-# commands in the documentation.
-
-GENERATE_BUGLIST       = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
-# disable (NO) the deprecated list. This list is created by putting 
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional 
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS       = 
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
-# the initial value of a variable or define consists of for it to appear in 
-# the documentation. If the initializer consists of more lines than specified 
-# here it will be hidden. Use a value of 0 to hide initializers completely. 
-# The appearance of the initializer of individual variables and defines in the 
-# documentation can be controlled using \showinitializer or \hideinitializer 
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES  = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
-# at the bottom of the documentation of classes and structs. If set to YES the 
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES        = NO
-
-# If the sources in your project are distributed over multiple directories 
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
-# in the documentation. The default is YES.
-
-SHOW_DIRECTORIES       = NO
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
-# doxygen should invoke to get the current version for each file (typically from the 
-# version control system). Doxygen will invoke the program by executing (via 
-# popen()) the command <command> <input-file>, where <command> is the value of 
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
-# provided by doxygen. Whatever the program writes to standard output 
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated 
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET                  = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are 
-# generated by doxygen. Possible values are YES and NO. If left blank 
-# NO is used.
-
-WARNINGS               = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED   = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
-# potential errors in the documentation, such as not documenting some 
-# parameters in a documented function, or documenting parameters that 
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR      = YES
-
-# This WARN_NO_PARAMDOC option can be abled to get warnings for 
-# functions that are documented, but have no documentation for their parameters 
-# or return value. If set to NO (the default) doxygen will only warn about 
-# wrong or incomplete parameter documentation, but not about the absence of 
-# documentation.
-
-WARN_NO_PARAMDOC       = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that 
-# doxygen can produce. The string should contain the $file, $line, and $text 
-# tags, which will be replaced by the file and line number from which the 
-# warning originated and the warning text. Optionally the format may contain 
-# $version, which will be replaced by the version of the file (if it could 
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT            = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning 
-# and error messages should be written. If left blank the output is written 
-# to stderr.
-
-WARN_LOGFILE           = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain 
-# documented source files. You may enter file names like "myfile.cpp" or 
-# directories like "/usr/src/myproject". Separate the files or directories 
-# with spaces.
-
-INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../ssl/bigint.c ../ssl/bigint.h 
-
-# If the value of the INPUT tag contains directories, you can use the 
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank the following patterns are tested: 
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
-# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
-
-FILE_PATTERNS          = 
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
-# should be searched for input files as well. Possible values are YES and NO. 
-# If left blank NO is used.
-
-RECURSIVE              = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should 
-# excluded from the INPUT source files. This way you can easily exclude a 
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE                = 
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
-# directories that are symbolic links (a Unix filesystem feature) are excluded 
-# from the input.
-
-EXCLUDE_SYMLINKS       = NO
-
-# If the value of the INPUT tag contains directories, you can use the 
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
-# certain files from those directories. Note that the wildcards are matched 
-# against the file with absolute path, so to exclude all test directories 
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS       = 
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or 
-# directories that contain example code fragments that are included (see 
-# the \include command).
-
-EXAMPLE_PATH           = 
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank all files are included.
-
-EXAMPLE_PATTERNS       = 
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
-# searched for input files to be used with the \include or \dontinclude 
-# commands irrespective of the value of the RECURSIVE tag. 
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE      = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or 
-# directories that contain image that are included in the documentation (see 
-# the \image command).
-
-IMAGE_PATH             = images
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should 
-# invoke to filter for each input file. Doxygen will invoke the filter program 
-# by executing (via popen()) the command <filter> <input-file>, where <filter> 
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
-# input file. Doxygen will then use the output that the filter program writes 
-# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
-# ignored.
-
-INPUT_FILTER           = 
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
-# basis.  Doxygen will compare the file name with each pattern and apply the 
-# filter if there is a match.  The filters are a list of the form: 
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
-# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
-# is applied to all files.
-
-FILTER_PATTERNS        = 
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
-# INPUT_FILTER) will be used to filter the input files when producing source 
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES    = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
-# be generated. Documented entities will be cross-referenced with these sources. 
-# Note: To get rid of all source code in the generated output, make sure also 
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER         = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body 
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES         = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
-# doxygen to hide any special comment blocks from generated source code 
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS    = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
-# then for each documented function all documented 
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default) 
-# then for each documented function all documented entities 
-# called/used by that function will be listed.
-
-REFERENCES_RELATION    = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code 
-# will point to the HTML generated by the htags(1) tool instead of doxygen 
-# built-in source browser. The htags tool is part of GNU's global source 
-# tagging system (see http://www.gnu.org/software/global/global.html). You 
-# will need version 4.8.6 or higher.
-
-USE_HTAGS              = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
-# will generate a verbatim copy of the header file for each class for 
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS       = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
-# of all compounds will be generated. Enable this if the project 
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX     = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX    = 5
-
-# In case all classes in a project start with a common prefix, all 
-# classes will be put under the same header in the alphabetical index. 
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX          = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
-# generate HTML output.
-
-GENERATE_HTML          = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT            = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION    = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard header.
-
-HTML_HEADER            = 
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard footer.
-
-HTML_FOOTER            = doco_footer.html 
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
-# style sheet that is used by each HTML page. It can be used to 
-# fine-tune the look of the HTML output. If the tag is left blank doxygen 
-# will generate a default style sheet. Note that doxygen will try to copy 
-# the style sheet file to the HTML output directory, so don't put your own 
-# stylesheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET        = 
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
-# files or namespaces will be aligned in HTML using tables. If set to 
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS     = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
-# will be generated that can be used as input for tools like the 
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP      = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
-# be used to specify the file name of the resulting .chm file. You 
-# can add a path in front of the file if the result should not be 
-# written to the html output directory.
-
-CHM_FILE               = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
-# be used to specify the location (absolute path including file name) of 
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION           = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
-# controls if a separate .chi index file is generated (YES) or that 
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI           = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
-# controls whether a binary table of contents is generated (YES) or a 
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC             = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members 
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND             = YES
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
-# top of each HTML page. The value NO (the default) enables the index and 
-# the value YES disables it.
-
-DISABLE_INDEX          = YES
-
-# This tag can be used to set the number of enum values (range [1..20]) 
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE   = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that 
-# is generated for HTML Help). For this to work a browser that supports 
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW      = YES
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
-# used to set the initial width (in pixels) of the frame in which the tree 
-# is shown.
-
-TREEVIEW_WIDTH         = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
-# generate Latex output.
-
-GENERATE_LATEX         = NO
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT           = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME         = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
-# generate index for LaTeX. If left blank `makeindex' will be used as the 
-# default command name.
-
-MAKEINDEX_CMD_NAME     = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
-# LaTeX documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_LATEX          = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used 
-# by the printer. Possible values are: a4, a4wide, letter, legal and 
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE             = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES         = 
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
-# the generated latex document. The header should contain everything until 
-# the first chapter. If it is left blank doxygen will generate a 
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER           = 
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
-# contain links (just like the HTML output) instead of page references 
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS         = NO
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
-# plain latex in the generated Makefile. Set this option to YES to get a 
-# higher quality PDF documentation.
-
-USE_PDFLATEX           = NO
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
-# command to the generated LaTeX files. This will instruct LaTeX to keep 
-# running if errors occur, instead of asking the user for help. 
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE        = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
-# include the index chapters (such as File Index, Compound Index, etc.) 
-# in the output.
-
-LATEX_HIDE_INDICES     = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
-# The RTF output is optimized for Word 97 and may not look very pretty with 
-# other RTF readers or editors.
-
-GENERATE_RTF           = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT             = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
-# RTF documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_RTF            = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
-# will contain hyperlink fields. The RTF file will 
-# contain links (just like the HTML output) instead of page references. 
-# This makes the output suitable for online browsing using WORD or other 
-# programs which support those fields. 
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS         = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's 
-# config file, i.e. a series of assignments. You only have to provide 
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE    = 
-
-# Set optional variables used in the generation of an rtf document. 
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
-# generate man pages
-
-GENERATE_MAN           = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT             = man
-
-# The MAN_EXTENSION tag determines the extension that is added to 
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION          = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
-# then it will generate one additional man file for each entity 
-# documented in the real man page(s). These additional files 
-# only source the real man page, but without them the man command 
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS              = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will 
-# generate an XML file that captures the structure of 
-# the code including all documentation.
-
-GENERATE_XML           = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT             = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_SCHEMA             = 
-
-# The XML_DTD tag can be used to specify an XML DTD, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_DTD                = 
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
-# dump the program listings (including syntax highlighting 
-# and cross-referencing information) to the XML output. Note that 
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING     = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
-# generate an AutoGen Definitions (see autogen.sf.net) file 
-# that captures the structure of the code including all 
-# documentation. Note that this feature is still experimental 
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF   = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
-# generate a Perl module file that captures the structure of 
-# the code including all documentation. Note that this 
-# feature is still experimental and incomplete at the 
-# moment.
-
-GENERATE_PERLMOD       = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX          = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
-# nicely formatted so it can be parsed by a human reader.  This is useful 
-# if you want to understand what is going on.  On the other hand, if this 
-# tag is set to NO the size of the Perl module output will be much smaller 
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY         = YES
-
-# The names of the make variables in the generated doxyrules.make file 
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
-# This is useful so different doxyrules.make files included by the same 
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX = 
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor   
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
-# evaluate all C-preprocessor directives found in the sources and include 
-# files.
-
-ENABLE_PREPROCESSING   = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
-# names in the source code. If set to NO (the default) only conditional 
-# compilation will be performed. Macro expansion can be done in a controlled 
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION        = YES
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
-# then the macro expansion is limited to the macros specified with the 
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF     = YES
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES        = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that 
-# contain include files that are not input files but should be processed by 
-# the preprocessor.
-
-INCLUDE_PATH           = 
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
-# patterns (like *.h and *.hpp) to filter out the header-files in the 
-# directories. If left blank, the patterns specified with FILE_PATTERNS will 
-# be used.
-
-INCLUDE_FILE_PATTERNS  = 
-
-# The PREDEFINED tag can be used to specify one or more macro names that 
-# are defined before the preprocessor is started (similar to the -D option of 
-# gcc). The argument of the tag is a list of macros of the form: name 
-# or name=definition (no spaces). If the definition and the = are 
-# omitted =1 is assumed. To prevent a macro definition from being 
-# undefined via #undef or recursively expanded use the := operator 
-# instead of the = operator.
-
-PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL=""
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
-# this tag can be used to specify a list of macro names that should be expanded. 
-# The macro definition that is found in the sources will be used. 
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED      = 
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
-# doxygen's preprocessor will remove all function-like macros that are alone 
-# on a line, have an all uppercase name, and do not end with a semicolon. Such 
-# function macros are typically used for boiler-plate code, and will confuse 
-# the parser if not removed.
-
-SKIP_FUNCTION_MACROS   = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references   
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. 
-# Optionally an initial location of the external documentation 
-# can be added for each tagfile. The format of a tag file without 
-# this location is as follows: 
-#   TAGFILES = file1 file2 ... 
-# Adding location for the tag files is done as follows: 
-#   TAGFILES = file1=loc1 "file2 = loc2" ... 
-# where "loc1" and "loc2" can be relative or absolute paths or 
-# URLs. If a location is present for each tag, the installdox tool 
-# does not have to be run to correct the links.
-# Note that each tag file must have a unique name
-# (where the name does NOT include the path)
-# If a tag file is not located in the directory in which doxygen 
-# is run, you must also specify the path to the tagfile here.
-
-TAGFILES               = 
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE       = 
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
-# in the class index. If set to NO only the inherited external classes 
-# will be listed.
-
-ALLEXTERNALS           = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
-# in the modules index. If set to NO, only the current project's groups will 
-# be listed.
-
-EXTERNAL_GROUPS        = NO
-
-# The PERL_PATH should be the absolute path and name of the perl script 
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH              = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool   
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
-# or super classes. Setting the tag to NO turns the diagrams off. Note that 
-# this option is superseded by the HAVE_DOT option below. This is only a 
-# fallback. It is recommended to install and use dot, since it yields more 
-# powerful graphs.
-
-CLASS_DIAGRAMS         = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide 
-# inheritance and usage relations if the target is undocumented 
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS   = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
-# available from the path. This tool is part of Graphviz, a graph visualization 
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT               = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect inheritance relations. Setting this tag to YES will force the 
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH            = NO
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect implementation dependencies (inheritance, containment, and 
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH    = NO
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS           = NO
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
-# collaboration diagrams in a style similar to the OMG's Unified Modeling 
-# Language.
-
-UML_LOOK               = NO
-
-# If set to YES, the inheritance and collaboration graphs will show the 
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS     = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
-# tags are set to YES then doxygen will generate a graph for each documented 
-# file showing the direct and indirect include dependencies of the file with 
-# other documented files.
-
-INCLUDE_GRAPH          = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
-# documented header file showing the documented files that directly or 
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH      = NO
-
-# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
-# generate a call dependency graph for every global function or class method. 
-# Note that enabling this option will significantly increase the time of a run. 
-# So in most cases it will be better to enable call graphs for selected 
-# functions only using the \callgraph command.
-
-CALL_GRAPH             = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY    = NO
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
-# then doxygen will show the dependencies a directory has on other directories 
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH        = NO
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT       = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be 
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH               = 
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that 
-# contain dot files that are included in the documentation (see the 
-# \dotfile command).
-
-DOTFILE_DIRS           = 
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_WIDTH    = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT   = 1024
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
-# graphs generated by dot. A depth value of 3 means that only nodes reachable 
-# from the root by following a path via at most 3 edges will be shown. Nodes 
-# that lay further from the root node will be omitted. Note that setting this 
-# option to 1 or 2 may greatly reduce the computation time needed for large 
-# code bases. Also note that a graph may be further truncated if the graph's 
-# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH 
-# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default), 
-# the graph is not depth-constrained.
-
-MAX_DOT_GRAPH_DEPTH    = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
-# background. This is disabled by default, which results in a white background. 
-# Warning: Depending on the platform used, enabling this option may lead to 
-# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
-# read).
-
-DOT_TRANSPARENT        = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
-# files in one run (i.e. multiple -o and -T options on the command line). This 
-# makes dot run faster, but since only newer versions of dot (>1.8.10) 
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS      = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
-# generate a legend page explaining the meaning of the various boxes and 
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND        = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
-# remove the intermediate dot files that are used to generate 
-# the various graphs.
-
-DOT_CLEANUP            = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine   
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be 
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE           = NO
diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html
deleted file mode 100644
index 20c4e70b7a..0000000000
--- a/docsrc/doco_footer.html
+++ /dev/null
@@ -1,3 +0,0 @@
-<p></p>
-<p align="center"><img src="../images/tsbasbw.gif" width="1000" height="7"></p>
-<CITE>Copyright <sup>�</sup> 2007 Cameron Rich</CITE>
diff --git a/docsrc/images/axolotl.jpg b/docsrc/images/axolotl.jpg
deleted file mode 100644
index 7352bbae836739e469c837a7fdb8114f786b2130..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3041
zcmbW3cTm%58pnSjB!MU;N>O@=NRbjk3lRun2%sWhXhPVfgr;<mzS7stQlv`}6{IUw
z1*9BBLX#RgoC^d3NSBT%$L`+j+|1n{clZ6y`#$r|cjlSTAMZT#oQ$8$0GtN8`nmw<
z)IXjYIQb3;-^6QQ7a@}Eo!vd|dpNm}eMI!#?d3$wP;v?=;A9Gj0$89>7!<++gTdge
zEO0g+cDA!;+4#?Maq@@=h=~dd2n&fzqGiM-6eNU%uV~0BD63%9F=8@WI+|)aXf=!~
zh!qZJJHy7u&d#Tb6h^B4&pP=4$^`%r1oVf1e+t9|W`;mvEUfS|AOQSlc6$Gr{!7RS
zFoD2eCT1`M!pwZyCiFA|m=Tb3q9|?Xd1G6cm=~8~c;X8d@oSYW+$MvYNVJ`I1S_0}
z_rgWKOA?nQrKFXVRaDh5>N?l)x&%FagF8f1Gjj{eyY>!bM<-_&S07)$2mS$pL6K3>
zF+V^0g_4w<lA4zOBqK97?`3{LVNr2ORrQ;<?`mr6-nX`WXs32`c6ATYhDS!n#wR9c
z=jihbjK!tp&s$%%cXs#o4-StIr^rmq%wT5N@5mq~|I-6TFhfL9&~w_xFk7$lVv6A`
zT-Op`RJO2+qfIus?Ysx!JV>S4OIyEF{{j8qF-QDg(0?)ig?!QsAXoq*;06Yr(j!1%
z1n6WEI12`yKEMb-3)nvbB!TBlVeo%1%vVZSkpMPR1+2MGqWR7gFczIJUnDw#SKbKt
z35Mb&hWO0KGyJeTHI!NRIcFpiNog)_MsCx>3cuve&<vX=3!YsREq^^68F97*bu{QJ
zW))l-T(m#cFVL0k9v8_m^yIt|2*;X;<9f?xM!RLv`=O*j7yi8VhYn;I44PlhCb5IJ
zIL6yAr03vk4mV4B(`2X@!n37zmuWf9COQkDY<hB{b<yMqVw%d*QcL(T-YC;KDI5X>
zY8_v>&G~*t+o4e7x?2ZhL>0|&)UBM;us1U2y+hqnr1zl8MlP&TeKtmuu@xzyFTbtD
z5^IB{EM;G3EEpmmqXCXWW)tsNQi5e`*4;)8rcd85vLma>Z~`hhbuC-<;K-!GCL)Jh
zEBdKs`V}XSz67XOgOjI5xZvM}`wGkrmbP7O4@qf@mW70RxAxL?nSpqg6F{rH(V+zU
zM9oUqH*GSU1=8P5FsH)k%e%`v%Opgmb1$`hxlFVsx*(Gne`&s60CX^#buRD(cy!fq
z?6)oX!6DzotoaO!ym?jfI*Z`9ATNt<^MRGTpBejEn0uX3a@0k?UfR=k;!}#J8a-_l
zYnQAqQ#}w7Wjgvx=tA&otci52@7iF4ZCmTl>vRq6omFR>h`1mj@&@FdKc8HKED|SM
zMlufH?L)6>f8(HW^EzHJ<I64%wh-#So1<U^iz~~J5fal%wPQR^Rnd9)k|Y&F)D`sU
zz+sTzQ&RCh1FbhENJ<{>67AiY3`3|uBIluZaA@EwfvIt-w0T`>aDlYNwO<imnw*ja
zt#e@8%|`>}bt8u5jd?o?J5z}+0Ypf^v>Um<d)gsBXuoCe^~^>dw)Bp7T;JrUnMvzb
zZOxlA>YX1AXRzSoc6;S+PfG*!b-#Bl4mf(`WIk3P$!y@`mh#*FWASuji|hQ)P;;gW
zG2T;z@(}-{Z7ZsN>A9r3jsTJsG4rcg>g4S#r;PZ;G_CH;QGx>_55i?%RwguO_13z+
zW_|k@&LP~Rb$2XP)hDyznX0_qa8N;BwM;!XL9;zrDz-^9hOzR%4DZcR)Nugs`?NJ)
z`ek5Vqo8}i-7O6lL>Zu8*3W(XI7x>4GpJ9JEdf0oLb&Guzvkar$Q<hiI~wD1(a(vJ
z!f3F&uTXit*Y!1L)x>+6#c3DYor~H^)#;IDGE?``QB?^dO#pSy8^8!k*Ga`&_)QNa
zd`O!9nKGw)*tOuPfQqDD*w|RUMN81N+nj!%%TIzR%cOi&$>-ANhu*)g4IW^RJZ9t?
zdyO*sxmQQBAD$mtqqMtL0=c65+TcSo6Q?I{$zT1|X3m;j?Y+;&qbDFRb2ReXjbyv5
z=Evx0in1l^6>c2+ZR?|C(~C;&ZtTDTMydE?%q+56E~IgSy<ySiLWi(T(3k_+?|FV;
zSGAtaL>p&3zw^6TUVk6j)frH~&<POD_Qr*eZPnJ5?;T~#spr~|JeG4)vmon%IuF#?
znl{KytuFffB|q+cC%3lrBh3&{a`;M^D}NI;{wbgIirIsogf<s?-=G_N>EfNuGP*;$
zePNy!P@BM|KyH1D?Ls+6J8Ng-er#uAZZxR`Xzp*)D9u^#AiCC;TK^J)_TXojbr~7r
zzJ53XaB6v0adVg4SjZJMkqk01C3f9|c6g^!bJSy?wUNeDGJ8W0tp0rFd>HTL&#=W?
zg2Sba=GQu6X735!iW;+VyyLo^WL5W#WAS=UX7Z!V%=d)nIspX=waeB?NroL_;V&T6
zt!D-?8x@E5ttq#9vJ+afZK9NI6E54I04sS`(->d16F~S|nFhN|DTc&{2}^ceoc}R!
zuLb-pXgyDMkQiusJ5=Z)OJi;LaZeo?Z|Z1f->*4R>XawF8Fgq<>7-Xt6JfiTasm*H
zwELMiamTvad2>z@@;r>b2-zDqtH~;6deu_QT9?9i_g08WSI49@db4D8jO*gE*Qo)0
zF3EPW@7pY<S>aXKSv`#odI#O&OD2ggeKJWdn_LsHS22g5=g22W-yDJod-*G7Q)e(2
zuS{1eSM5I_kT5M+#i1ol@%o{rNd{MJ+0I$Rxu)7>qtCv2zfIZBtvPz4P6x>kkJk8B
z-J&J<CxYx>XuVb`d*wGA<;3B+TOS--izD3pYJMiZFzd|?)a!ZP%3gtkIATQPdUnp=
ztj%21s>#ysY|6z=NnA!V084S|9F2h0Uy@t<N?8;!ZTWO9Nc_BYeJHwh`<AF;gB9*_
z#D`kI+(yu~1#kK)#ka1vWp-y|t!b=a`jw2t?W8t9h%R2ZKw>w0pjfVJlx*VQb)aQ}
zUQ3)CSFf=1I<QMuw-SHalIPym>RJ_s$hqkb59mKI_4&c>Zsqi(i^3F+Q{Lc(5P7cD
z^3w1Wivc4HCGht^u~tb6^&>m$qLxjV&m9NTPn}CUx1m#ktVOOhiD&L_^577Szxwac
zw~JGr$g)>$5UXkj%QbuaJ;X{<r~8<SugZl&T}@n4Cg}TV7Y^MK{NfQ8)C7(wqh0BI
zw8Cm7rC!3S7g9c3q_tvgS12{57+;@BKs<c3l()rJ2i`A1Z6qvOs_RmWmwE;R;<=g?
z+iJ=c2bNV-EKh)_%s~vg6^i;^t<_y@>^0ui$nMi_gG{ijvO44YZFF;e-rh?P*gO4<
zKVe(17IiCQB=Qkgm4nhcD;idd*ge(qQn}3$(n$;_d$y4#R^AfOs=3x^;Y8w^rT36?
zDm)H9yeKmt7WNZN<h#=F-Ai2$)YS^lNz4wtib$m<xXJK3Fb}|Fivw)k<+Lp}bHij@
zN7DwaqBB0m|N2&2%QuKaTesQE`{f*gBD-?-rMr<QKTKQ+G&p`hl9vU8V#MOY@`7j2
zl!m10P=MAf!`kRa&b<Kc#}wgOXTT~@zgY)|zH@89U0#@<g$vZk5wVV@;sF&8_-DjB
z?kp})u))B_>=WM0;7?)L70FDjXJOIvGbtc}M5qZ0C-AL5W|Tn>-g(X{+`5+quqaA0
zeJe;yqcG7a!21E+l^7#uuzDzTD1?DJG=lJKre<KqB|(D+hJ7l1EjYfkNm66^G)|If
e94`m~AY8k~I3SLI=K@yk{?qpK$4Ui0nfM1W@MwPk

diff --git a/docsrc/images/tsbasbw.gif b/docsrc/images/tsbasbw.gif
deleted file mode 100644
index cf03b121bf9662b954351cf22aff54b305d0cba4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2481
zcmb`Gc~leE9>?z_0YgBWum)r&vMBn1K~d@wkSz!lB1iz2C}aQ?8-W%|T>|<raiPIb
zVFYc}uoM*#H>6kzOH~{(BAYt}7wXaX0*FwLb>5w{=e+0tZ_b>1=H7ho@Av)uz9*rA
zki|<jUO{GpDL_3;CX>tMdU<)FD9Y#aMIsS~VQFb;GMP-NRN^>ZQ&ZE_)I<=3R;wKx
z92^=N8XX<g>2xGX;!ujB1Qfv)!w6Uc01N;e00ICKz9>p!7>VN~L69gQP(Wf(iQ@1B
z$4Cs|a0{!zpD=iWk_1lTfWT24ZV8OQ;R+7{uJ1(XI}z|)-wA`)p_l+9315^XG3bb-
zIsu#jupdsK7!;5gP67<pgpDzP!D=K*Q0?J2isEn!O#qDY3T03Ol~9dhP!An{iiDCV
z^bK7S(3Tzv5<(;Z_0T%}hE}0(Jrb%Xr@-I|Jcn0cW$Ge<!I@zg4oM&zTp<P=-v1!|
zmj~kMk)UbljIu~=p${D12YMt_Z-`=mc+dd^hSnh=HGUWl>_(yLBZA3%g7j%b6cVOK
zLaC|4h$tl3Qg2T0o{ES<g3JWP4Bb;muq&J$p`V>TB5HPU-jJM1<CBOeq`z{Y_@Qq-
zl78ec`M=Wm8%dubG(@3Nvxh6Z{eOC#{$S`Uc~UF&p8!k}AWT~kUra-2bf&qOFGdRK
z2qT*7y|MFvl?Th$3naHG=+^G;a&Y4Me!Bgv-loQpHU!~10xkdK&4QUOu1Zny^P4II
zL*}3n-@TxaY2zgo#K-^xwL8A|%D7u3vcUW31)IBS+VPn`1a2Kw4GGS0J$%?dN>6tv
zA{FDFEOC{rAdb$PesyU<-@(sjE;ewyyd~7o!eAs$syx?qz{uCoJ=#%5s|mPb=p}PZ
zyWNd!#(IB}@}pEn{)Hcnnw=Bt_N<E!zIn+d31Kt#cjukkh%o3UY17ROZyqC6#k1u=
zc4d9#5(`7|d$TWNG&}zx3~@wWbPRHSVUc!ai5K|4akIMDZHVz0m;wyXLy_8aWYQ}2
z!DE}DfBpH<K3K>9n&xdN+-Qu5`2l&>+GwePMT06Oqw=Cvey~$$G0jZ0PaAI}@>3=;
zV=z(L7N^4g+yzdIwL-T0_a)yjoCa3YS>n)Wx}CLSq97Q#ypF-?kjrQxN8)<v&I^@*
zZoKWnkE_{H)!LZP@L%tO4GYDsSim`6ZyEdb_etyIlYS+%gWmjnm65LuY~q*z%`w_?
zfNYXWzH(UqcA3t8y~(CYbwow5B_?%M@DK^zOE$Q(C9(vBvS{f&DGnAgZY;~wVnev8
z<OL_#Y^jpZcxT-TRL%-AB{^>7xx7jp<qYy^Y+<@fPNs9i{p~q(bglGwS~S=$3f^x;
zKNHemS&CX~PZX5LBt?fiS?WO6x$Unu7u7Bc&X*pi@ijraJFPgWS!>>=FigX2R2k9M
zUcz#tM@E&Gw>3VGrq|{LX*5i?GrBetzt_5UcBtoAhk5+gu}*I4nXzAOb6$^Kcii{E
zJC75|N3Oc9lzK5Z(YiOs%)-1h1Usy?kzihr`1i5gD4-!`-0?imFfUsgP`uP?en7G5
z;K3|yuuzQN37gpQvTMaeM0Verfr|5eu5PxIbo1=9nRi8gt&R7?gc*~)V$$=%!1AZ}
z>$~EUGaBz>rDSBvfTX=e*S*x?c1}-_Lq+c6#Cdg#2x+@X_B}~`i!UJ=R=g!#A8z&S
z_nF$UkkQ;_mo-!nZ=XH7ChP3Nu46y%n(SpcJjoq0NwfR9>+HN;c?|wM+lhPT73Rr7
zOJ<48A_R(OV#zg)d4*V&P&K%c_U+u?CAhbmPuJ!=lcYuqo`NC{(E-ZZ{j*EK3D#zQ
z^0DnN?yjNv%8oD!LU{QN0uP}oXdKwbs1rx-79BP{RgbWLN{_0&acNi$s(H_szfJGL
zEPKwBJS*}dhfT^u0+k-P+>f3staI*MQ7m!;0)<>|+Ez9Lq|%!5WnVI5t*5^#6dtcV
z!6*BDI1zo7u|nhiN}J)itfsK|k;6raC5K%IH9LIq`&n!FrZNNp;W3S@53Mhi`$k_O
zTid=XsOg-;34Ff5_$G&LD)q3r80zbtV2p83nO}?)BuuO{4xXiw9k!J$Ta-df82Y%`
z{!vrFZ0enTZhV=MuOscfvxy`(Mfs|jy=(dYl-*%RlvAD8!G~l)I!~zz6c!_lc8kL1
zam#8?sf&vT?-uKR-Cp%xwB!mAuzAFM?+!QTaz%>M?$!8oEEW*WVP@)5o%6$tL+1pV
zUftws=D+B?d+E6Ra=0@Bbl>@{OVDoHHc@`^k=ydpd?(4=l*Z(Z=qfu8K0ZE0*4|Qv
zCoKG?x`3N$wa8mco54A_#k0Ng(xc2EgL0yDm{(md|J~{5=91O#e69<&-3jQ>$m>{I
zP<s20Xl7YLaml!PkFQ72Jx)*U<`ABL&zQSWm_>Mo&CQZU^J&soR+>?6?ZlrZM-1J~
zF36HS{Vk>b>|E=*KnwE<(@9}=1;}xg3d-$yl?IHbJ<KYwjH3|zGpN$XMG;W5SmEtt
z%CcKB;&^naAg*P{@etly_0hgnU(D|_OUz)Y=3ktPm<}4Rof3xmcaN!y;w(!0t4nn5
z_v!;rJL%Z|=5CeG&Tl<ItdCuY&|A{ot2~U793M9BA^PUXZ?DZA4tiKnq@G*5B6!4B
zvA_3Jf=}$X$UKKV;k=<Gkyy`zH#<jfTsxh4pr}gmWYwnrL9XWT>3v6k@OgOyd=wlw
zm3HV0D>N}|x@@XtG_pQ#;MS9O%~Mx(hw68{T=n$*gQ;JpZ`bddy7lzq`>AVSR)cIt
p#1L)vbSpEep}>k5GW>j6!!Byr>lX1FD`~oo+ucz3cs3h+{vVmAG${Z8

diff --git a/httpd/Config.in b/httpd/Config.in
deleted file mode 100644
index cfac618611..0000000000
--- a/httpd/Config.in
+++ /dev/null
@@ -1,125 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-
-menu "Axhttpd Configuration"
-depends on CONFIG_AXHTTPD
-
-config CONFIG_HTTP_STATIC_BUILD
-    bool "Static Build"
-    default n
-    help
-        Select y if you want axhttpd to be a static build (i.e. don't use the
-        axtls shared library or dll).
-        
-config CONFIG_HTTP_PORT
-    int "HTTP port"
-    default 80
-    help
-        The port number of the normal HTTP server. 
-
-        You must be a root user in order to use the default port.
-
-config CONFIG_HTTP_HTTPS_PORT
-    int "HTTPS port"
-    default 443
-    help
-        The port number of the HTTPS server.
-
-        You must be a root user in order to use the default port.
-
-config CONFIG_HTTP_SESSION_CACHE_SIZE
-    int "SSL session cache size"
-    default 5
-    help
-        The size of the SSL session cache.
-        
-        This is not actually related to the number of concurrent users, but 
-        for optimum performance they should be the same (with a penalty 
-        in memory usage).
-
-config CONFIG_HTTP_WEBROOT
-    string "Web root location"
-    default "../www" if !CONFIG_PLATFORM_WIN32
-    default "..\\www" if CONFIG_PLATFORM_WIN32
-    help
-        The location of the web root in relation to axhttpd. This is 
-        the directory where index.html lives.
-
-config CONFIG_HTTP_TIMEOUT
-    int "Timeout"
-    default 300
-    help
-        Set the timeout of a connection in seconds.
-
-config CONFIG_HTTP_HAS_CGI
-    bool "Enable CGI"
-    default n
-    help
-        Enable the CGI capability.
-
-config CONFIG_HTTP_CGI_EXTENSIONS
-    string "CGI File Extension(s)"
-    default ".php,.sh"
-    depends on CONFIG_HTTP_HAS_CGI
-    help
-        Tell axhhtpd what file extension(s) are used for CGI.
-
-        This is a comma separated list.
-
-config CONFIG_HTTP_DIRECTORIES
-    bool "Enable Directory Listing"
-    default n
-    help
-        Enable directory listing.
-    
-config CONFIG_HTTP_HAS_AUTHORIZATION
-    bool "Enable authorization"
-    default n
-    help
-        Pages/directories can have passwords associated with them.
-
-config CONFIG_HTTP_PERM_CHECK
-    bool "Permissions Check"
-    default n
-    help
-        Enable permissions checking on the directories before reading the
-        files in them.
-
-config CONFIG_HTTP_HAS_IPV6
-    bool "Enable IPv6"
-    default n
-    depends on !CONFIG_PLATFORM_WIN32
-    help
-        Use IPv6 instead of IPv4.
-    
-        Does not work under Win32
-
-config CONFIG_HTTP_ALL_MIME_TYPES
-    bool "Use all mime types"
-    help
-        Use the full list of supported mime types.
-
-        Use this option if a "generic" webserver is used. However if it is
-        using only web pages (html, jpg, gif, png, css) then select this
-        option.
-
-config CONFIG_HTTP_VERBOSE
-    bool "Verbose Mode"
-    default y if CONFIG_SSL_FULL_MODE
-    default n if !CONFIG_SSL_FULL_MODE
-    help
-        Enable extra statements used when using axhttpd.
-
-config CONFIG_HTTP_IS_DAEMON
-    bool "Run as a daemon"
-    default n
-    depends on !CONFIG_PLATFORM_WIN32
-    help 
-        Run axhttpd as a background process.
-
-        Does not work under Win32
-
-endmenu
-
diff --git a/httpd/Makefile b/httpd/Makefile
deleted file mode 100644
index d20f1b2b1a..0000000000
--- a/httpd/Makefile
+++ /dev/null
@@ -1,104 +0,0 @@
-#
-#  Copyright(C) 2007 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-all : web_server
-
-include ../config/.config
-include ../config/makefile.conf
-
-ifndef CONFIG_PLATFORM_WIN32
-
-ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../$(STAGE)/axhttpd.exe
-TARGET2=../$(STAGE)/htpasswd.exe
-else
-TARGET=../$(STAGE)/axhttpd
-TARGET2=../$(STAGE)/htpasswd
-endif
-
-ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../$(STAGE)/libaxtls.a
-else
-LIBS=-L../$(STAGE) -laxtls
-endif
-
-CFLAGS += -I../ssl
-
-else # win32 build
-TARGET=../$(STAGE)/axhttpd.exe
-TARGET2=../$(STAGE)/htpasswd.exe
-
-ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
-else
-LIBS=../$(STAGE)/axtls.lib ..\\config\\axtls.res
-endif
-endif
-
-ifndef CONFIG_AXHTTPD
-web_server:
-else
-
-web_server :: $(TARGET)
-
-ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-web_server :: $(TARGET2)
-endif
-
-OBJ= \
-	axhttpd.o \
-	proc.o \
-	mime_types.o \
-	tdate_parse.o
-
-include ../config/makefile.post
-
-ifndef CONFIG_PLATFORM_WIN32
-
-$(TARGET): $(OBJ) ../$(STAGE)/libaxtls.a
-	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
-ifndef CONFIG_DEBUG
-ifndef CONFIG_PLATFORM_SOLARIS
-	strip --remove-section=.comment $(TARGET)
-endif
-endif
-
-$(TARGET2): htpasswd.o ../$(STAGE)/libaxtls.a
-	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
-
-else    # Win32
-
-OBJ:=$(OBJ:.o=.obj)
-%.obj : %.c
-	$(CC) $(CFLAGS) $< 
-
-htpasswd.obj : htpasswd.c
-	$(CC) $(CFLAGS) $< 
-	
-$(TARGET): $(OBJ)
-	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
-
-$(TARGET2): htpasswd.obj
-	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $<
-endif
-
-endif       # CONFIG_AXHTTPD
-
-clean::
-	-@rm -f $(TARGET)*
-
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
deleted file mode 100644
index d1d8bd76a6..0000000000
--- a/httpd/axhttp.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include "os_port.h"
-#include "ssl.h"
-
-#define BACKLOG 15
-#define VERSION "1.0.0"
-#ifdef CONFIG_HTTP_HAS_IPV6
-#define HAVE_IPV6
-#endif
-
-#define MAXREQUESTLENGTH 256
-#define MAXCGIARGS 100
-#define BLOCKSIZE 4096
-
-#define INITIAL_CONNECTION_SLOTS 10
-#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS   0
-
-#define STATE_WANT_TO_READ_HEAD  1
-#define STATE_WANT_TO_SEND_HEAD  2
-#define STATE_WANT_TO_READ_FILE  3
-#define STATE_WANT_TO_SEND_FILE  4
-#define STATE_DOING_DIR          5
-
-enum
-{
-    TYPE_GET,
-    TYPE_HEAD,
-    TYPE_POST
-};
-
-struct connstruct 
-{
-    struct connstruct *next;
-    int state;
-    int reqtype;
-    int networkdesc;
-    int filedesc;
-    SSL *ssl;
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-#ifdef WIN32
-    HANDLE dirp;
-    WIN32_FIND_DATA file_data;
-#else
-    DIR *dirp;
-#endif
-#endif
-
-    time_t timeout;
-    char actualfile[MAXREQUESTLENGTH];
-    char filereq[MAXREQUESTLENGTH];
-    char dirname[MAXREQUESTLENGTH];
-    char virtualhostreq[MAXREQUESTLENGTH];
-    int numbytes;
-    char databuf[BLOCKSIZE];
-    uint8_t is_ssl;
-    uint8_t close_when_done;
-    time_t if_modified_since;
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-    char cgiargs[MAXREQUESTLENGTH];
-    char cgiscriptinfo[MAXREQUESTLENGTH];
-    char cgipathinfo[MAXREQUESTLENGTH];
-#endif
-#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
-    char authorization[MAXREQUESTLENGTH];
-#endif
-};
-
-struct serverstruct 
-{
-    struct serverstruct *next;
-    int sd;
-    int is_ssl;
-    SSL_CTX *ssl_ctx;
-};
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-struct cgiextstruct 
-{
-    struct cgiextstruct *next;
-    char *ext;
-};
-#endif
-
-/* global prototypes */
-extern struct serverstruct *servers;
-extern struct connstruct *usedconns;
-extern struct connstruct *freeconns;
-#if defined(CONFIG_HTTP_HAS_CGI)
-extern struct cgiextstruct *cgiexts;
-#endif
-
-/* conn.c prototypes */
-void removeconnection(struct connstruct *cn);
-
-/* proc.c prototypes */
-void procdodir(struct connstruct *cn);
-void procreadhead(struct connstruct *cn);
-void procsendhead(struct connstruct *cn);
-void procreadfile(struct connstruct *cn);
-void procsendfile(struct connstruct *cn);
-
-
-/* misc.c prototypes */
-char *my_strncpy(char *dest, const char *src, size_t n);
-int isdir(const char *name);
-
-/* mime_types.c prototypes */
-void mime_init(void);
-const char *getmimetype(const char *fn);
-
-/* tdate prototypes */
-void tdate_init(void);
-time_t tdate_parse(const char* str);
-
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
deleted file mode 100644
index 0f4514482b..0000000000
--- a/httpd/axhttpd.c
+++ /dev/null
@@ -1,661 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include "axhttp.h"
-
-struct serverstruct *servers;
-struct connstruct *usedconns;
-struct connstruct *freeconns;
-
-static void addtoservers(int sd);
-static int openlistener(int port);
-static void handlenewconnection(int listenfd, int is_ssl);
-static void addconnection(int sd, char *ip, int is_ssl);
-#if defined(CONFIG_HTTP_PERM_CHECK)
-static void procpermcheck(const char *pathtocheck);
-#endif
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-struct cgiextstruct *cgiexts;
-static void addcgiext(const char *tp);
-
-#if !defined(WIN32)
-static void reaper(int sigtype) 
-{
-    wait3(NULL, WNOHANG, NULL);
-}
-#endif
-#endif
-
-#ifdef CONFIG_HTTP_VERBOSE  /* should really be in debug mode or something */
-/* clean up memory for valgrind */
-static void sigint_cleanup(int sig)
-{
-    struct serverstruct *sp;
-    struct connstruct *tp;
-
-    while (servers != NULL) 
-    {
-        if (servers->is_ssl)
-            ssl_ctx_free(servers->ssl_ctx);
-
-        sp = servers->next;
-        free(servers);
-        servers = sp;
-    }
-
-    while (freeconns != NULL)
-    {
-        tp = freeconns->next;
-        free(freeconns);
-        freeconns = tp;
-    }
-
-    while (usedconns != NULL)
-    {
-        tp = usedconns->next;
-        free(usedconns);
-        usedconns = tp;
-    }
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-    while (cgiexts)
-    {
-        struct cgiextstruct *cp = cgiexts->next;
-        if (cp == NULL) /* last entry */
-            free(cgiexts->ext);
-        free(cgiexts);
-        cgiexts = cp;
-    }
-#endif
-
-    exit(0);
-}
-
-static void die(int sigtype) 
-{
-    exit(0);
-}
-#endif
-
-int main(int argc, char *argv[]) 
-{
-    static char *webroot = CONFIG_HTTP_WEBROOT;
-    fd_set rfds, wfds;
-    struct connstruct *tp, *to;
-    struct serverstruct *sp;
-    int rnum, wnum, active;
-    int i;
-    time_t currtime;
-
-#ifdef WIN32
-    WORD wVersionRequested = MAKEWORD(2, 2);
-    WSADATA wsaData;
-    WSAStartup(wVersionRequested,&wsaData);
-#else
-    signal(SIGPIPE, SIG_IGN);
-#if defined(CONFIG_HTTP_HAS_CGI)
-    signal(SIGCHLD, reaper);
-#endif
-#ifdef CONFIG_HTTP_VERBOSE
-    signal(SIGQUIT, die);
-#endif
-#endif
-
-#ifdef CONFIG_HTTP_VERBOSE
-    signal(SIGTERM, die);
-    signal(SIGINT, sigint_cleanup);
-#endif
-    mime_init();
-    tdate_init();
-
-    for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
-    {
-        tp = freeconns;
-        freeconns = (struct connstruct *)calloc(1, sizeof(struct connstruct));
-        freeconns->next = tp;
-    }
-
-    if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d\n",
-                CONFIG_HTTP_PORT);
-#endif
-        exit(1);
-    }
-
-    addtoservers(active);
-
-    if ((active = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d\n", 
-                CONFIG_HTTP_HTTPS_PORT);
-#endif
-        exit(1);
-    }
-
-    addtoservers(active);
-    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
-                                CONFIG_HTTP_SESSION_CACHE_SIZE);
-    servers->is_ssl = 1;
-
-#if defined(CONFIG_HTTP_PERM_CHECK) 
-    procpermcheck(webroot);
-#endif
-#if defined(CONFIG_HTTP_HAS_CGI)
-    addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
-#endif
-#if defined(CONFIG_HTTP_VERBOSE)
-    printf("axhttpd (%s): listening on ports %d (http) and %d (https)\n", 
-            ssl_version(), CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
-    TTY_FLUSH();
-#endif
-
-    /* change to webroot for better security */
-    if (chroot(webroot))
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "'%s' is not a directory\n", webroot);
-#endif
-        exit(1);
-    }
-
-#ifndef WIN32
-    setgid(32767);
-    setuid(32767);
-#endif
-
-#if defined(CONFIG_HTTP_IS_DAEMON)
-    if (fork() > 0)  /* parent will die */
-        exit(0);
-
-    setsid();
-#endif
-
-    /* main loop */
-    while (1)
-    {
-        FD_ZERO(&rfds);
-        FD_ZERO(&wfds);
-        rnum = wnum = -1;
-        sp = servers;
-
-        while (sp != NULL)  /* read each server port */
-        {
-            FD_SET(sp->sd, &rfds);
-
-            if (sp->sd > rnum) 
-                rnum = sp->sd;
-            sp = sp->next;
-        }
-
-        /* Add the established sockets */
-        tp = usedconns;
-        currtime = time(NULL);
-
-        while (tp != NULL) 
-        {
-            if (currtime > tp->timeout)     /* timed out? Kill it. */
-            {
-                to = tp;
-                tp = tp->next;
-                removeconnection(to);
-                continue;
-            }
-
-            if (tp->state == STATE_WANT_TO_READ_HEAD) 
-            {
-                FD_SET(tp->networkdesc, &rfds);
-                if (tp->networkdesc > rnum) 
-                    rnum = tp->networkdesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_SEND_HEAD) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_READ_FILE) 
-            {
-                FD_SET(tp->filedesc, &rfds);
-                if (tp->filedesc > rnum) 
-                    rnum = tp->filedesc;
-            }
-
-            if (tp->state == STATE_WANT_TO_SEND_FILE) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            if (tp->state == STATE_DOING_DIR) 
-            {
-                FD_SET(tp->networkdesc, &wfds);
-                if (tp->networkdesc > wnum) 
-                    wnum = tp->networkdesc;
-            }
-#endif
-            tp = tp->next;
-        }
-
-        active = select(wnum > rnum ? wnum+1 : rnum+1,
-                rnum != -1 ? &rfds : NULL, 
-                wnum != -1 ? &wfds : NULL,
-                NULL, NULL);
-
-        /* New connection? */
-        sp = servers;
-        while (active > 0 && sp != NULL) 
-        {
-            if (FD_ISSET(sp->sd, &rfds)) 
-            {
-                handlenewconnection(sp->sd, sp->is_ssl);
-                active--;
-            }
-
-            sp = sp->next;
-        }
-
-        /* Handle the established sockets */
-        tp = usedconns;
-
-        while (active > 0 && tp != NULL) 
-        {
-            to = tp;
-            tp = tp->next;
-
-            if (to->state == STATE_WANT_TO_READ_HEAD &&
-                        FD_ISSET(to->networkdesc, &rfds)) 
-            {
-                active--;
-                procreadhead(to);
-            } 
-
-            if (to->state == STATE_WANT_TO_SEND_HEAD &&
-                        FD_ISSET(to->networkdesc, &wfds)) 
-            {
-                active--;
-                procsendhead(to);
-            } 
-
-            if (to->state == STATE_WANT_TO_READ_FILE && 
-                        FD_ISSET(to->filedesc, &rfds)) 
-            {
-                active--;
-                procreadfile(to);
-            } 
-
-            if (to->state == STATE_WANT_TO_SEND_FILE && 
-                        FD_ISSET(to->networkdesc, &wfds)) 
-            {
-                active--;
-                procsendfile(to);
-            }
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            if (to->state == STATE_DOING_DIR &&
-                        FD_ISSET(to->networkdesc, &wfds)) 
-            {
-                active--;
-                procdodir(to);
-            }
-#endif
-        }
-    }
-
-    return 0;
-}
-
-#if defined(CONFIG_HTTP_PERM_CHECK)
-static void procpermcheck(const char *pathtocheck) 
-{
-    char thepath[MAXREQUESTLENGTH];
-#ifndef WIN32
-    DIR *tpdir;
-    struct dirent *dp;
-
-    tpdir = opendir(pathtocheck);
-
-    if (tpdir == NULL) 
-    {
-        printf("WARNING: UID (%d) is unable to read %s\n", 
-                (int)getuid(), pathtocheck);
-        TTY_FLUSH();
-        return;
-    }
-
-    while ((dp = readdir(tpdir))) 
-    {
-        if (strcmp(dp->d_name, "..") == 0)
-            continue;
-
-        if (strcmp(dp->d_name, ".") == 0)
-            continue;
-
-        snprintf(thepath, sizeof(thepath), "%s/%s", pathtocheck, dp->d_name);
-
-        if (isdir(thepath))
-        {
-            procpermcheck(thepath);
-            continue;
-        }
-
-        if (access(thepath, R_OK) != 0)
-            printf("WARNING: UID (%d) is unable to read %s\n",
-                                (int)getuid(), thepath);
-
-        if (access(thepath, W_OK) == 0)
-            printf("SECURITY: UID (%d) is ABLE TO WRITE TO %s\n",
-                                (int)getuid(), thepath);
-
-        TTY_FLUSH();
-    }
-
-    closedir(tpdir);
-#else   /* Win32 */
-    HANDLE tpdir;
-    WIN32_FIND_DATA file_data;
-    struct stat st;
-    char buf2[1024];
-
-    strcpy(buf2, pathtocheck);
-    strcat(buf2, "\\*");
-    tpdir = FindFirstFile(buf2, &file_data);
-
-    if (tpdir == INVALID_HANDLE_VALUE) 
-    {
-        printf("WARNING: unable to read %s\n", buf2);
-        TTY_FLUSH();
-        return;
-    }
-
-    while (FindNextFile(tpdir, &file_data)) 
-    {
-        if (strcmp(file_data.cFileName, "..") == 0) 
-            continue;
-
-        if (strcmp(file_data.cFileName, ".") == 0) 
-            continue;
-
-        snprintf(thepath, sizeof(thepath), "%s\\%s", 
-                pathtocheck, file_data.cFileName);
-
-        if (isdir(thepath)) 
-        {
-            procpermcheck(thepath);
-            continue;
-        }
-
-        if (stat(thepath, &st) >= 0) 
-        {
-            if ((st.st_mode & _S_IREAD) == 0) 
-            {
-                printf("WARNING: unable to read %s\n", thepath);
-                TTY_FLUSH();
-            }
-
-            if (st.st_mode & _S_IWRITE) 
-            {
-                printf("SECURITY: ABLE TO WRITE TO %s\n", thepath);
-                TTY_FLUSH();
-            }
-        }
-    }
-
-    FindClose(tpdir);
-#endif
-}
-#endif  /* CONFIG_HTTP_PERM_CHECK */
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-static void addcgiext(const char *cgi_exts)
-{
-    char *cp = strdup(cgi_exts);
-
-    /* extenstions are comma separated */
-    do 
-    {
-        struct cgiextstruct *ex = (struct cgiextstruct *)
-                            malloc(sizeof(struct cgiextstruct));
-        ex->ext = cp;
-        ex->next = cgiexts;
-        cgiexts = ex;
-        if ((cp = strchr(cp, ',')) != NULL)
-            *cp++ = 0;
-    } while (cp != NULL);
-}
-#endif
-
-static void addtoservers(int sd) 
-{
-    struct serverstruct *tp = (struct serverstruct *)
-                            calloc(1, sizeof(struct serverstruct));
-    tp->next = servers;
-    tp->sd = sd;
-    servers = tp;
-}
-
-#ifdef HAVE_IPV6
-static void handlenewconnection(int listenfd, int is_ssl) 
-{
-    struct sockaddr_in6 their_addr;
-    int tp = sizeof(their_addr);
-    char ipbuf[100];
-    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
-
-    if (tp == sizeof(struct sockaddr_in6)) 
-        inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
-    else if (tp == sizeof(struct sockaddr_in)) 
-        inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
-                ipbuf, sizeof(ipbuf));
-    else 
-        *ipbuf = '\0';
-
-    addconnection(connfd, ipbuf, is_ssl);
-}
-
-#else
-static void handlenewconnection(int listenfd, int is_ssl) 
-{
-    struct sockaddr_in their_addr;
-    int tp = sizeof(struct sockaddr_in);
-    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
-    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
-}
-#endif
-
-static int openlistener(int port) 
-{
-    int sd;
-#ifdef WIN32
-    char tp = 1;
-#else
-    int tp = 1;
-#endif
-#ifndef HAVE_IPV6
-    struct sockaddr_in my_addr;
-
-    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
-        return -1;
-
-    memset(&my_addr, 0, sizeof(my_addr));
-    my_addr.sin_family = AF_INET;
-    my_addr.sin_port = htons((short)port);
-    my_addr.sin_addr.s_addr = INADDR_ANY;
-#else
-    struct sockaddr_in6 my_addr;
-
-    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
-        return -1;
-
-    memset(&my_addr, 0, sizeof(my_addr));
-    my_addr.sin6_family = AF_INET6;
-    my_addr.sin6_port = htons(port);
-    my_addr.sin6_addr.s_addr = INADDR_ANY;
-#endif
-
-    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
-    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1)
-    {
-        close(sd);
-        return -1;
-    }
-
-    listen(sd, BACKLOG);
-    return sd;
-}
-
-/* Wrapper function for strncpy() that guarantees
-   a null-terminated string. This is to avoid any possible
-   issues due to strncpy()'s behaviour.
- */
-char *my_strncpy(char *dest, const char *src, size_t n) 
-{
-    strncpy(dest, src, n);
-    dest[n-1] = '\0';
-    return dest;
-}
-
-int isdir(const char *tpbuf) 
-{
-    struct stat st;
-    char path[MAXREQUESTLENGTH];
-    strcpy(path, tpbuf);
-
-#ifdef WIN32        /* win32 stat() can't handle trailing '\' */
-    if (path[strlen(path)-1] == '\\')
-        path[strlen(path)-1] = 0;
-#endif
-
-    if (stat(path, &st) == -1) 
-        return 0;
-
-    if ((st.st_mode & S_IFMT) == S_IFDIR) 
-        return 1;
-
-    return 0;
-}
-
-static void addconnection(int sd, char *ip, int is_ssl) 
-{
-    struct connstruct *tp;
-
-    /* Get ourselves a connstruct */
-    if (freeconns == NULL) 
-        tp = (struct connstruct *)calloc(1, sizeof(struct connstruct));
-    else 
-    {
-        tp = freeconns;
-        freeconns = tp->next;
-    }
-
-    /* Attach it to the used list */
-    tp->next = usedconns;
-    usedconns = tp;
-    tp->networkdesc = sd;
-
-    if (is_ssl)
-        tp->ssl = ssl_server_new(servers->ssl_ctx, sd);
-
-    tp->is_ssl = is_ssl;
-    tp->filedesc = -1;
-#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-    tp->dirp = NULL;
-#endif
-    *(tp->actualfile) = '\0';
-    *(tp->filereq) = '\0';
-#if defined(CONFIG_HTTP_HAS_CGI)
-    *(tp->cgiargs) = '\0';
-#endif
-    tp->state = STATE_WANT_TO_READ_HEAD;
-    tp->reqtype = TYPE_GET;
-    tp->close_when_done = 0;
-    tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
-}
-
-void removeconnection(struct connstruct *cn) 
-{
-    struct connstruct *tp;
-    int shouldret = 0;
-
-    tp = usedconns;
-
-    if (tp == NULL || cn == NULL) 
-        shouldret = 1;
-    else if (tp == cn) 
-        usedconns = tp->next;
-    else 
-    {
-        while (tp != NULL) 
-        {
-            if (tp->next == cn) 
-            {
-                tp->next = (tp->next)->next;
-                shouldret = 0;
-                break;
-            }
-
-            tp = tp->next;
-            shouldret = 1;
-        }
-    }
-
-    if (shouldret) 
-        return;
-
-    /* If we did, add it to the free list */
-    cn->next = freeconns;
-    freeconns = cn;
-
-    /* Close it all down */
-    if (cn->networkdesc != -1) 
-    {
-        if (cn->is_ssl) 
-        {
-            ssl_free(cn->ssl);
-            cn->ssl = NULL;
-        }
-
-        SOCKET_CLOSE(cn->networkdesc);
-    }
-
-    if (cn->filedesc != -1) 
-        close(cn->filedesc);
-
-#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
-    if (cn->dirp != NULL) 
-#ifdef WIN32
-        FindClose(cn->dirp);
-#else
-        closedir(cn->dirp);
-#endif
-#endif
-}
-
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
deleted file mode 100644
index 54fbbfb884..0000000000
--- a/httpd/htpasswd.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "ssl.h"
-
-int tfd;
-
-void base64_encode(const uint8_t *in, size_t inlen, char *out, size_t outlen)
-{
-    static const char b64str[64] =
-            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-    while (inlen && outlen)
-    {
-        *out++ = b64str[(in[0] >> 2) & 0x3f];
-        if (!--outlen)
-            break;
-
-        *out++ = b64str[((in[0] << 4)
-                + (--inlen ? in[1] >> 4 : 0)) & 0x3f];
-        if (!--outlen)
-            break;
-        *out++ = (inlen
-             ? b64str[((in[1] << 2)
-                 + (--inlen ? in[2] >> 6 : 0))
-             & 0x3f]
-             : '=');
-        if (!--outlen)
-            break;
-        *out++ = inlen ? b64str[in[2] & 0x3f] : '=';
-        if (!--outlen)
-            break;
-        if (inlen)
-            inlen--;
-        if (inlen)
-            in += 3;
-    }
-
-    if (outlen)
-        *out = '\0';
-}
-
-static void usage(void) 
-{
-    fprintf(stderr,"Usage: htpasswd username\n");
-    exit(1);
-}
-
-#ifdef WIN32
-static char * getpass(const char *prompt)
-{
-    static char buf[127];
-    FILE *fp = stdin;
-
-    printf(prompt); TTY_FLUSH();
-#if 0
-    fp = fopen("/dev/tty", "w");
-    if (fp == NULL) 
-    {
-        printf("null\n"); TTY_FLUSH();
-        fp = stdin;
-    }
-#endif
-
-    fgets(buf, sizeof(buf), fp);
-    while (buf[strlen(buf)-1] < ' ') 
-        buf[strlen(buf)-1] = '\0';
-
-    //if (fp != stdin) 
-    //    fclose(fp);
-    return buf;
-}
-#endif
-
-int main(int argc, char *argv[]) 
-{
-    char* pw;
-    uint8_t md5_salt[MD5_SIZE], md5_pass[MD5_SIZE];
-    char b64_salt[MD5_SIZE+10], b64_pass[MD5_SIZE+10];
-    MD5_CTX ctx;
-
-    if (argc != 2)
-        usage();
-
-    pw = strdup(getpass("New password:"));
-    if (strcmp(pw, getpass("Re-type new password:")) != 0)
-    {
-        fprintf(stderr, "They don't match, sorry.\n" );
-        exit(1);
-    }
-
-    RNG_initialize(pw, sizeof(pw));
-    get_random(MD5_SIZE, md5_salt);
-    RNG_terminate();
-    base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
-
-    MD5Init(&ctx);
-    MD5Update(&ctx, md5_salt, MD5_SIZE);
-    MD5Update(&ctx, pw, strlen(pw));
-    MD5Final(&ctx, md5_pass);
-    base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
-
-    printf("Add the following to your '.htpasswd' file\n");
-    printf("%s:%s$%s\n", argv[1], b64_salt, b64_pass);
-    return 0;
-}
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
deleted file mode 100644
index 46e3c3e5e0..0000000000
--- a/httpd/mime_types.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include "axhttp.h"
-
-static const char mime_default[] = "text/plain";
-
-typedef struct 
-{
-    const char * const ext;
-    const char * const type;
-} mime_table_t;
-
-static mime_table_t mime_table[] = 
-{
-    /* Fundamental types */
-    { ".html", "text/html" },
-    { ".htm", "text/html" },
-    { ".css", "text/css" },
-
-    /* Basic graphics */
-    { ".jpg", "image/jpeg" },
-    { ".gif", "image/gif" },
-    { ".png", "image/png" },
-
-#ifdef CONFIG_HTTP_ALL_MIME_TYPES
-    /* This list is a bit expensive to maintain normally, so it's an option. */
-    { ".txt", "text/plain" },
-    { ".rtx", "text/richtext" },
-    { ".etx", "text/x-setext" },
-    { ".tsv", "text/tab-separated-values" },
-    { ".xml", "text/xml" },
-    { ".dtd", "text/xml" },
-    { ".jpe", "image/jpeg" },
-    { ".jpeg", "image/jpeg" },
-    { ".jfif", "image/jpeg" },
-    { ".tif", "image/tiff" },
-    { ".tiff", "image/tiff" },
-    { ".pbm", "image/x-portable-bitmap" },
-    { ".pgm", "image/x-portable-graymap" },
-    { ".ppm", "image/x-portable-pixmap" },
-    { ".pnm", "image/x-portable-anymap" },
-    { ".xbm", "image/x-xbitmap" },
-    { ".xpm", "image/x-xpixmap" },
-    { ".xwd", "image/x-xwindowdump" },
-    { ".ief", "image/ief" },
-    { ".au", "audio/basic" },
-    { ".snd", "audio/basic" },
-    { ".aif", "audio/x-aiff" },
-    { ".aiff", "audio/x-aiff" },
-    { ".aifc", "audio/x-aiff" },
-    { ".ra", "audio/x-pn-realaudio" },
-    { ".ram", "audio/x-pn-realaudio" },
-    { ".rm", "audio/x-pn-realaudio" },
-    { ".rpm", "audio/x-pn-realaudio-plugin" },
-    { ".wav", "audio/wav" },
-    { ".mid", "audio/midi" },
-    { ".midi", "audio/midi" },
-    { ".kar", "audio/midi" },
-    { ".mpga", "audio/mpeg" },
-    { ".mp2", "audio/mpeg" },
-    { ".mp3", "audio/mpeg" },
-    { ".mpeg", "video/mpeg" },
-    { ".mpg", "video/mpeg" },
-    { ".mpe", "video/mpeg" },
-    { ".qt", "video/quicktime" },
-    { ".mov", "video/quicktime" },
-    { ".avi", "video/x-msvideo" },
-    { ".movie", "video/x-sgi-movie" },
-    { ".mv", "video/x-sgi-movie" },
-    { ".vx", "video/x-rad-screenplay" },
-    { ".a", "application/octet-stream" },
-    { ".bin", "application/octet-stream" },
-    { ".exe", "application/octet-stream" },
-    { ".dump", "application/octet-stream" },
-    { ".o", "application/octet-stream" },
-    { ".class", "application/java" },
-    { ".js", "application/x-javascript" },
-    { ".ai", "application/postscript" },
-    { ".eps", "application/postscript" },
-    { ".ps", "application/postscript" },
-    { ".dir", "application/x-director" },
-    { ".dcr", "application/x-director" },
-    { ".dxr", "application/x-director" },
-    { ".fgd", "application/x-director" },
-    { ".aam", "application/x-authorware-map" },
-    { ".aas", "application/x-authorware-seg" },
-    { ".aab", "application/x-authorware-bin" },
-    { ".fh4", "image/x-freehand" },
-    { ".fh7", "image/x-freehand" },
-    { ".fh5", "image/x-freehand" },
-    { ".fhc", "image/x-freehand" },
-    { ".fh", "image/x-freehand" },
-    { ".spl", "application/futuresplash" },
-    { ".swf", "application/x-shockwave-flash" },
-    { ".dvi", "application/x-dvi" },
-    { ".gtar", "application/x-gtar" },
-    { ".hdf", "application/x-hdf" },
-    { ".hqx", "application/mac-binhex40" },
-    { ".iv", "application/x-inventor" },
-    { ".latex", "application/x-latex" },
-    { ".man", "application/x-troff-man" },
-    { ".me", "application/x-troff-me" },
-    { ".mif", "application/x-mif" },
-    { ".ms", "application/x-troff-ms" },
-    { ".oda", "application/oda" },
-    { ".pdf", "application/pdf" },
-    { ".rtf", "application/rtf" },
-    { ".bcpio", "application/x-bcpio" },
-    { ".cpio", "application/x-cpio" },
-    { ".sv4cpio", "application/x-sv4cpio" },
-    { ".sv4crc", "application/x-sv4crc" },
-    { ".sh", "application/x-shar" },
-    { ".shar", "application/x-shar" },
-    { ".sit", "application/x-stuffit" },
-    { ".tar", "application/x-tar" },
-    { ".tex", "application/x-tex" },
-    { ".texi", "application/x-texinfo" },
-    { ".texinfo", "application/x-texinfo" },
-    { ".tr", "application/x-troff" },
-    { ".roff", "application/x-troff" },
-    { ".man", "application/x-troff-man" },
-    { ".me", "application/x-troff-me" },
-    { ".ms", "application/x-troff-ms" },
-    { ".zip", "application/x-zip-compressed" },
-    { ".tsp", "application/dsptype" },
-    { ".wsrc", "application/x-wais-source" },
-    { ".ustar", "application/x-ustar" },
-    { ".cdf", "application/x-netcdf" },
-    { ".nc", "application/x-netcdf" },
-    { ".doc", "application/msword" },
-    { ".ppt", "application/powerpoint" },
-    { ".wrl", "model/vrml" },
-    { ".vrml", "model/vrml" },
-    { ".mime", "message/rfc822" },
-    { ".pac", "application/x-ns-proxy-autoconfig" },
-    { ".wml", "text/vnd.wap.wml" },
-    { ".wmlc", "application/vnd.wap.wmlc" },
-    { ".wmls", "text/vnd.wap.wmlscript" },
-    { ".wmlsc", "application/vnd.wap.wmlscriptc" },
-    { ".wbmp", "image/vnd.wap.wbmp" },
-    { ".tgz", "application/x-gzip" },
-    { ".tar.gz", "application/x-gzip" },
-    { ".bz2", "application/x-bzip2" },
-    { ".zip", "application/zip" }
-#endif
-};
-
-static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
-{
-    return strcasecmp(t1->ext, t2->ext);
-}
-
-void mime_init(void)
-{
-    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
-            sizeof(mime_table_t), 
-            (int (*)(const void *, const void *))mime_cmp);
-}
-
-const char *getmimetype(const char *name) 
-{
-    mime_table_t *mime_type;
-
-    if ((name = strrchr(name, '.')) == NULL)
-        return mime_default;
-
-    mime_type = bsearch(&name, mime_table, 
-            sizeof(mime_table)/sizeof(mime_table_t),
-            sizeof(mime_table_t), 
-                (int (*)(const void *, const void *))mime_cmp);
-
-    return mime_type == NULL ? mime_default : mime_type->type;
-}
-
diff --git a/httpd/proc.c b/httpd/proc.c
deleted file mode 100644
index ae2663e7e5..0000000000
--- a/httpd/proc.c
+++ /dev/null
@@ -1,1031 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <time.h>
-#include <string.h>
-#include "axhttp.h"
-
-static const char * index_file = "index.html";
-
-static int special_read(struct connstruct *cn, void *buf, size_t count);
-static int special_write(struct connstruct *cn, 
-                                        const uint8_t *buf, size_t count);
-static void send_error(struct connstruct *cn, int err);
-static int hexit(char c);
-static void urldecode(char *buf);
-static void buildactualfile(struct connstruct *cn);
-static int sanitizefile(const char *buf);
-static int sanitizehost(char *buf);
-static int htaccess_check(struct connstruct *cn);
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-static void urlencode(const uint8_t *s, uint8_t *t);
-static void procdirlisting(struct connstruct *cn);
-#endif
-#if defined(CONFIG_HTTP_HAS_CGI)
-static void proccgi(struct connstruct *cn, int has_pathinfo);
-static int trycgi_withpathinfo(struct connstruct *cn);
-static void split(char *tp, char *sp[], int maxwords, char sc);
-static int iscgi(const char *fn);
-#endif
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-static int auth_check(struct connstruct *cn);
-#endif
-
-/* Returns 1 if elems should continue being read, 0 otherwise */
-static int procheadelem(struct connstruct *cn, char *buf) 
-{
-    char *delim, *value;
-#if defined(CONFIG_HTTP_HAS_CGI)
-    char *cgi_delim;
-#endif
-
-    if ((delim = strchr(buf, ' ')) == NULL)
-        return 0;
-
-    *delim = 0;
-    value = delim+1;
-
-    if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
-                                            strcmp(buf, "POST") == 0) 
-    {
-        if (buf[0] == 'H') 
-            cn->reqtype = TYPE_HEAD;
-        else if (buf[0] == 'P') 
-            cn->reqtype = TYPE_POST;
-
-        if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
-            return 0;
-
-        *delim = 0;
-        urldecode(value);
-
-        if (sanitizefile(value) == 0) 
-        {
-            send_error(cn, 403);
-            return 0;
-        }
-
-        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
-        cn->if_modified_since = -1;
-#if defined(CONFIG_HTTP_HAS_CGI)
-        if ((cgi_delim = strchr(value, '?')))
-        {
-            *cgi_delim = 0;
-            my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
-        }
-#endif
-    } 
-    else if (strcmp(buf, "Host:") == 0) 
-    {
-        if (sanitizehost(value) == 0) 
-        {
-            removeconnection(cn);
-            return 0;
-        }
-
-        my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
-    } 
-    else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
-    {
-        cn->close_when_done = 1;
-    } 
-    else if (strcmp(buf, "If-Modified-Since:") == 0) 
-    {
-        cn->if_modified_since = tdate_parse(value);
-    }
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-    else if (strcmp(buf, "Authorization:") == 0 &&
-                                    strncmp(value, "Basic ", 6) == 0)
-    {
-        int size;
-        if (base64_decode(&value[6], strlen(&value[6]), 
-                                        cn->authorization, &size))
-            cn->authorization[0] = 0;   /* error */
-        else
-            cn->authorization[size] = 0;
-    }
-#endif
-
-    return 1;
-}
-
-#if defined(CONFIG_HTTP_DIRECTORIES)
-static void procdirlisting(struct connstruct *cn)
-{
-    char buf[MAXREQUESTLENGTH];
-    char actualfile[1024];
-
-    if (cn->reqtype == TYPE_HEAD) 
-    {
-        snprintf(buf, sizeof(buf), 
-                "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
-        write(cn->networkdesc, buf, strlen(buf));
-        removeconnection(cn);
-        return;
-    }
-
-    strcpy(actualfile, cn->actualfile);
-
-#ifdef WIN32
-    strcat(actualfile, "*");
-    cn->dirp = FindFirstFile(actualfile, &cn->file_data);
-
-    if (cn->dirp == INVALID_HANDLE_VALUE) 
-    {
-        send_error(cn, 404);
-        return;
-    }
-#else
-    if ((cn->dirp = opendir(actualfile)) == NULL) 
-    {
-        send_error(cn, 404);
-        return;
-    }
-#endif
-
-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
-            "<html><body>\n<title>Directory Listing</title>\n"
-            "<h3>Directory listing of %s://%s%s</h3><br />\n", 
-            cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
-    special_write(cn, buf, strlen(buf));
-    cn->state = STATE_DOING_DIR;
-}
-
-void procdodir(struct connstruct *cn) 
-{
-#ifndef WIN32
-    struct dirent *dp;
-#endif
-    char buf[MAXREQUESTLENGTH];
-    char encbuf[1024];
-    char *file;
-
-    do 
-    {
-       buf[0] = 0;
-
-#ifdef WIN32
-        if (!FindNextFile(cn->dirp, &cn->file_data)) 
-#else
-        if ((dp = readdir(cn->dirp)) == NULL)  
-#endif
-        {
-            snprintf(buf, sizeof(buf), "</body></html>\n");
-            special_write(cn, buf, strlen(buf));
-            removeconnection(cn);
-#ifndef WIN32
-            closedir(cn->dirp);
-#endif
-            return;
-        }
-
-#ifdef WIN32
-        file = cn->file_data.cFileName;
-#else
-        file = dp->d_name;
-#endif
-
-        /* if no index file, don't display the ".." directory */
-        if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
-                strcmp(file, "..") == 0) 
-            continue;
-
-        /* don't display files beginning with "." */
-        if (file[0] == '.' && file[1] != '.')
-            continue;
-
-        /* make sure a '/' is at the end of a directory */
-        if (cn->filereq[strlen(cn->filereq)-1] != '/')
-            strcat(cn->filereq, "/");
-
-        /* see if the dir + file is another directory */
-        snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
-        if (isdir(buf))
-            strcat(file, "/");
-
-        urlencode(file, encbuf);
-        snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
-                cn->filereq, encbuf, file);
-    } while (special_write(cn, buf, strlen(buf)));
-}
-
-/* Encode funny chars -> %xx in newly allocated storage */
-/* (preserves '/' !) */
-static void urlencode(const uint8_t *s, uint8_t *t) 
-{
-    const uint8_t *p = s;
-    uint8_t *tp;
-
-    tp = t;
-
-    for (; *p; p++) 
-    {
-        if ((*p > 0x00 && *p < ',') ||
-                (*p > '9' && *p < 'A') ||
-                (*p > 'Z' && *p < '_') ||
-                (*p > '_' && *p < 'a') ||
-                (*p > 'z' && *p < 0xA1)) 
-        {
-            sprintf((char *)tp, "%%%02X", *p);
-            tp += 3; 
-        } 
-        else 
-        {
-            *tp = *p;
-            tp++;
-        }
-    }
-
-    *tp='\0';
-}
-
-#endif
-
-void procreadhead(struct connstruct *cn) 
-{
-    char buf[MAXREQUESTLENGTH*4], *tp, *next;
-    int rv;
-
-    rv = special_read(cn, buf, sizeof(buf)-1);
-    if (rv <= 0) 
-    {
-        if (rv < 0) /* really dead? */
-            removeconnection(cn);
-        return;
-    }
-
-    buf[rv] = '\0';
-    next = tp = buf;
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-    cn->authorization[0] = 0;
-#endif
-
-    /* Split up lines and send to procheadelem() */
-    while (*next != '\0') 
-    {
-        /* If we have a blank line, advance to next stage! */
-        if (*next == '\r' || *next == '\n') 
-        {
-            buildactualfile(cn);
-            cn->state = STATE_WANT_TO_SEND_HEAD;
-            return;
-        }
-
-        while (*next != '\r' && *next != '\n' && *next != '\0') 
-            next++;
-
-        if (*next == '\r') 
-        {
-            *next = '\0';
-            next += 2;
-        }
-        else if (*next == '\n') 
-            *next++ = '\0';
-
-        if (procheadelem(cn, tp) == 0) 
-            return;
-
-        tp = next;
-    }
-}
-
-/* In this function we assume that the file has been checked for
- * maliciousness (".."s, etc) and has been decoded
- */
-void procsendhead(struct connstruct *cn) 
-{
-    char buf[MAXREQUESTLENGTH];
-    struct stat stbuf;
-    time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
-    char date[32];
-
-    /* are we trying to access a file over the HTTP connection instead of a
-     * HTTPS connection? Or is this directory disabled? */
-    if (htaccess_check(cn))      
-    {
-        send_error(cn, 403);
-        return;
-    }
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-    if (auth_check(cn))     /* see if there is a '.htpasswd' file */
-    {
-#ifdef CONFIG_HTTP_VERBOSE
-        printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
-#endif
-        removeconnection(cn);
-        return;
-    }
-#endif
-
-    if (stat(cn->actualfile, &stbuf) == -1)
-    {
-#if defined(CONFIG_HTTP_HAS_CGI)
-        if (stat(cn->actualfile, &stbuf) == -1 && trycgi_withpathinfo(cn) == 0) 
-        { 
-            /* We Try To Find A CGI */
-            proccgi(cn, 1);
-            return;
-        }
-#endif
-    }
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-    if (iscgi(cn->actualfile))
-    {
-#ifndef WIN32
-        /* An executable file? */
-        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
-        {
-            send_error(cn, 404);
-            return;
-        }
-#endif
-
-        proccgi(cn, 0);
-        return;
-    }
-#endif
-
-    /* look for "index.html"? */
-    if (isdir(cn->actualfile))
-    {
-        char tbuf[MAXREQUESTLENGTH];
-        sprintf(tbuf, "%s%s", cn->actualfile, index_file);
-
-        if (stat(tbuf, &stbuf) != -1) 
-            strcat(cn->actualfile, index_file);
-        else
-        {
-#if defined(CONFIG_HTTP_DIRECTORIES)
-            /* If not, we do a directory listing of it */
-            procdirlisting(cn);
-#else
-            send_error(cn, 404);
-#endif
-            return;
-        }
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-        /* If the index is a CGI file, handle it like any other CGI */
-        if (iscgi(cn->actualfile))
-        {
-            /* Set up CGI script */
-            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
-            {
-                send_error(cn, 404);
-                return;
-            }
-
-            proccgi(cn, 0);
-            return;
-        }
-#endif
-    }
-
-    strcpy(date, ctime(&now));
-
-    /* has the file been read before? */
-    if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
-                                       cn->if_modified_since >= stbuf.st_mtime))
-    {
-        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
-                "axhttpd V%s\nDate: %s\n", VERSION, date);
-        special_write(cn, buf, strlen(buf));
-        cn->state = STATE_WANT_TO_READ_HEAD;
-        return;
-    }
-
-    if (cn->reqtype == TYPE_HEAD) 
-    {
-        removeconnection(cn);
-        return;
-    } 
-    else 
-    {
-        int flags = O_RDONLY;
-#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
-        flags |= O_BINARY;
-#endif
-        cn->filedesc = open(cn->actualfile, flags);
-
-        if (cn->filedesc < 0) 
-        {
-            send_error(cn, 404);
-            return;
-        }
-
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
-            "Content-Type: %s\nContent-Length: %ld\n"
-            "Date: %sLast-Modified: %s\n", VERSION,
-            getmimetype(cn->actualfile), (long) stbuf.st_size,
-            date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
-
-        special_write(cn, buf, strlen(buf));
-
-#ifdef CONFIG_HTTP_VERBOSE
-        printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
-        TTY_FLUSH();
-#endif
-
-#ifdef WIN32
-        for (;;)
-        {
-            procreadfile(cn);
-            if (cn->filedesc == -1)
-                break;
-
-            do 
-            {
-                procsendfile(cn);
-            } while (cn->state != STATE_WANT_TO_READ_FILE);
-        }
-#else
-        cn->state = STATE_WANT_TO_READ_FILE;
-#endif
-    }
-}
-
-void procreadfile(struct connstruct *cn) 
-{
-    int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
-
-    if (rv <= 0) 
-    {
-        close(cn->filedesc);
-        cn->filedesc = -1;
-
-        if (cn->close_when_done)        /* close immediately */
-            removeconnection(cn);
-        else 
-        {                               /* keep socket open - HTTP 1.1 */
-            cn->state = STATE_WANT_TO_READ_HEAD;
-            cn->numbytes = 0;
-        }
-
-        return;
-    }
-
-    cn->numbytes = rv;
-    cn->state = STATE_WANT_TO_SEND_FILE;
-}
-
-void procsendfile(struct connstruct *cn) 
-{
-    int rv = special_write(cn, cn->databuf, cn->numbytes);
-
-    if (rv < 0)
-        removeconnection(cn);
-    else if (rv == cn->numbytes)
-        cn->state = STATE_WANT_TO_READ_FILE;
-    else if (rv == 0)
-    { 
-        /* Do nothing */ 
-    }
-    else 
-    {
-        memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
-        cn->numbytes -= rv;
-    }
-}
-
-static int special_write(struct connstruct *cn, 
-                                        const uint8_t *buf, size_t count)
-{
-    if (cn->is_ssl)
-    {
-        SSL *ssl = cn->ssl;
-        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
-    }
-    else
-        return SOCKET_WRITE(cn->networkdesc, buf, count);
-}
-
-static int special_read(struct connstruct *cn, void *buf, size_t count)
-{
-    int res;
-
-    if (cn->is_ssl)
-    {
-        uint8_t *read_buf;
-        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
-        {
-            memcpy(buf, read_buf, res > (int)count ? count : res);
-        }
-    }
-    else
-        res = SOCKET_READ(cn->networkdesc, buf, count);
-
-    return res;
-}
-
-#if defined(CONFIG_HTTP_HAS_CGI)
-static void proccgi(struct connstruct *cn, int has_pathinfo) 
-{
-    int tpipe[2];
-    char *myargs[5];
-    char buf[MAXREQUESTLENGTH];
-#ifdef WIN32
-    int tmp_stdout;
-#endif
-
-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
-            VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
-    special_write(cn, buf, strlen(buf));
-
-    if (cn->reqtype == TYPE_HEAD) 
-    {
-        removeconnection(cn);
-        return;
-    }
-
-#ifndef WIN32
-    pipe(tpipe);
-
-    if (fork() > 0)  /* parent */
-    {
-        /* Close the write descriptor */
-        close(tpipe[1]);
-        cn->filedesc = tpipe[0];
-        cn->state = STATE_WANT_TO_READ_FILE;
-        cn->close_when_done = 1;
-        return;
-    }
-
-    /* The problem child... */
-
-    /* Our stdout/stderr goes to the socket */
-    dup2(tpipe[1], 1);
-    dup2(tpipe[1], 2);
-
-    /* If it was a POST request, send the socket data to our stdin */
-    if (cn->reqtype == TYPE_POST) 
-        dup2(cn->networkdesc, 0);
-    else    /* Otherwise we can shutdown the read side of the sock */
-        shutdown(cn->networkdesc, 0);
-
-    close(tpipe[0]);
-    close(tpipe[1]);
-    myargs[0] = cn->actualfile;
-    myargs[1] = cn->cgiargs;
-    myargs[2] = NULL;
-
-    if (!has_pathinfo) 
-    {
-        my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
-        my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
-    }
-
-    execv(cn->actualfile, myargs);
-#else /* WIN32 */
-    _pipe(tpipe, 8192, O_BINARY| O_NOINHERIT);
-
-    myargs[0] = "sh";
-    myargs[1] = "-c";
-    myargs[2] = &cn->filereq[1];    /* ignore the inital "/" */
-    myargs[3] = cn->cgiargs;
-    myargs[4] = NULL;
-
-    tmp_stdout = _dup(_fileno(stdout));
-    _dup2(tpipe[1], _fileno(stdout));
-    close(tpipe[1]);
-
-    /* change to suit execution method */
-    if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
-                myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) 
-    {
-        removeconnection(cn);
-        return;
-    }
-
-    _dup2(tmp_stdout, _fileno(stdout));
-    close(tmp_stdout);
-    cn->filedesc = tpipe[0];
-    cn->state = STATE_WANT_TO_READ_FILE;
-    cn->close_when_done = 1;
-
-    for (;;)
-    {
-        procreadfile(cn);
-
-        if (cn->filedesc == -1)
-            break;
-
-        procsendfile(cn);
-        usleep(200000); /* don't know why this delay makes it work (yet) */
-    }
-#endif
-}
-
-static int trycgi_withpathinfo(struct connstruct *cn)
-{
-    char tpfile[MAXREQUESTLENGTH];
-    char fr_str[MAXREQUESTLENGTH];
-    char *fr_rs[MAXCGIARGS]; /* filereq splitted */
-    int i = 0, offset;
-
-    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
-    split(fr_str, fr_rs, MAXCGIARGS, '/');
-
-    while (fr_rs[i] != NULL) 
-    {
-        snprintf(tpfile, sizeof(tpfile), "/%s%s", 
-                            cn->virtualhostreq, fr_str);
-
-        if (iscgi(tpfile) && isdir(tpfile) == 0)
-        {
-            /* We've found our CGI file! */
-            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
-            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
-            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
-            return 0;
-        }
-
-        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
-        i++;
-    }
-
-    /* Couldn't find any CGIs :( */
-    *(cn->cgiscriptinfo) = '\0';
-    *(cn->cgipathinfo) = '\0';
-    return -1;
-}
-
-static int iscgi(const char *fn)
-{
-    struct cgiextstruct *tp = cgiexts;
-    int fnlen, extlen;
-
-    fnlen = strlen(fn);
-
-    while (tp != NULL) 
-    {
-        extlen = strlen(tp->ext);
-
-        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
-            return 1;
-
-        tp = tp->next;
-    }
-
-    return 0;
-}
-
-static void split(char *tp, char *sp[], int maxwords, char sc)
-{
-    int i = 0;
-
-    while(1) 
-    {
-        /* Skip leading whitespace */
-        while (*tp == sc) tp++;
-
-        if (*tp == '\0') 
-        {
-            sp[i] = NULL;
-            break;
-        }
-
-        if (i==maxwords-2) 
-        {
-            sp[maxwords-2] = NULL;
-            break;
-        }
-
-        sp[i] = tp;
-
-        while(*tp != sc && *tp != '\0') 
-            tp++;
-
-        if (*tp == sc) 
-            *tp++ = '\0';
-
-        i++;
-    }
-}
-#endif  /* CONFIG_HTTP_HAS_CGI */
-
-/* Decode string %xx -> char (in place) */
-static void urldecode(char *buf) 
-{
-    int v;
-    char *p, *s, *w;
-
-    w = p = buf;
-
-    while (*p) 
-    {
-        v = 0;
-
-        if (*p == '%') 
-        {
-            s = p;
-            s++;
-
-            if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
-            {
-                v = hexit(s[0])*16 + hexit(s[1]);
-
-                if (v) 
-                { 
-                    /* do not decode %00 to null char */
-                    *w = (char)v;
-                    p = &s[1];
-                }
-            }
-
-        }
-
-        if (!v) *w=*p;
-        p++; 
-        w++;
-    }
-
-    *w='\0';
-}
-
-static int hexit(char c) 
-{
-    if (c >= '0' && c <= '9')
-        return c - '0';
-    else if (c >= 'a' && c <= 'f')
-        return c - 'a' + 10;
-    else if (c >= 'A' && c <= 'F')
-        return c - 'A' + 10;
-    else
-        return 0;
-}
-
-static void buildactualfile(struct connstruct *cn)
-{
-    char *cp;
-    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
-
-#ifndef WIN32
-    /* Add directory slash if not there */
-    if (isdir(cn->actualfile) && 
-            cn->actualfile[strlen(cn->actualfile)-1] != '/')
-        strcat(cn->actualfile, "/");
-
-    /* work out the directory name */
-    strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
-    if ((cp = strrchr(cn->dirname, '/')) == NULL)
-        cn->dirname[0] = 0;
-    else
-        *cp = 0;
-#else
-    {
-        char curr_dir[MAXREQUESTLENGTH];
-        char path[MAXREQUESTLENGTH];
-        char *t = cn->actualfile;
-
-        GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);
-
-        /* convert all the forward slashes to back slashes */
-        while ((t = strchr(t, '/')))
-            *t++ = '\\';
-
-        snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
-        memcpy(cn->actualfile, path, MAXREQUESTLENGTH);
-
-        /* Add directory slash if not there */
-        if (isdir(cn->actualfile) && 
-                    cn->actualfile[strlen(cn->actualfile)-1] != '\\')
-            strcat(cn->actualfile, "\\");
-
-        /* work out the directory name */
-        strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
-        if ((cp = strrchr(cn->dirname, '\\')) == NULL)
-            cn->dirname[0] = 0;
-        else
-            *cp = 0;
-    }
-#endif
-}
-
-static int sanitizefile(const char *buf) 
-{
-    int len, i;
-
-    /* Don't accept anything not starting with a / */
-    if (*buf != '/') 
-        return 0;
-
-    len = strlen(buf);
-    for (i = 0; i < len; i++) 
-    {
-        /* Check for "/." i.e. don't send files starting with a . */
-        if (buf[i] == '/' && buf[i+1] == '.') 
-            return 0;
-    }
-
-    return 1;
-}
-
-static int sanitizehost(char *buf)
-{
-    while (*buf != '\0') 
-    {
-        /* Handle the port */
-        if (*buf == ':') 
-        {
-            *buf = '\0';
-            return 1;
-        }
-
-        /* Enforce some basic URL rules... */
-        if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
-                (*buf == '.' && *(buf+1) == '.') ||
-                (*buf == '.' && *(buf+1) == '-') ||
-                (*buf == '-' && *(buf+1) == '.'))
-            return 0;
-
-        buf++;
-    }
-
-    return 1;
-}
-
-static FILE * exist_check(struct connstruct *cn, const char *check_file)
-{
-    char pathname[MAXREQUESTLENGTH];
-    snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
-    return fopen(pathname, "r");
-}
-
-#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-static void send_authenticate(struct connstruct *cn, const char *realm)
-{
-    char buf[1024];
-
-    snprintf(buf, sizeof(buf), "HTTP/1.1 401 Unauthorized\n"
-         "WWW-Authenticate: Basic\n"
-                 "realm=\"%s\"\n", realm);
-    special_write(cn, buf, strlen(buf));
-}
-
-static int check_digest(char *salt, const char *msg_passwd)
-{
-    uint8_t b256_salt[MAXREQUESTLENGTH];
-    uint8_t real_passwd[MD5_SIZE];
-    int salt_size;
-    char *b64_passwd;
-    uint8_t md5_result[MD5_SIZE];
-    MD5_CTX ctx;
-
-    /* retrieve the salt */
-    if ((b64_passwd = strchr(salt, '$')) == NULL)
-        return -1;
-
-    *b64_passwd++ = 0;
-    if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
-        return -1;
-
-    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
-        return -1;
-
-    /* very simple MD5 crypt algorithm, but then the salt we use is large */
-    MD5Init(&ctx);
-    MD5Update(&ctx, b256_salt, salt_size);           /* process the salt */
-    MD5Update(&ctx, msg_passwd, strlen(msg_passwd)); /* process the password */
-    MD5Final(&ctx, md5_result);
-    return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
-}
-
-static int auth_check(struct connstruct *cn)
-{
-    char line[MAXREQUESTLENGTH];
-    FILE *fp;
-    char *cp;
-
-    if ((fp = exist_check(cn, ".htpasswd")) == NULL)
-        return 0;               /* no .htpasswd file, so let though */
-
-    if (cn->authorization[0] == 0)
-        goto error;
-
-    /* cn->authorization is in form "username:password" */
-    if ((cp = strchr(cn->authorization, ':')) == NULL)
-        goto error;
-    else
-        *cp++ = 0;  /* cp becomes the password */
-
-    while (fgets(line, sizeof(line), fp) != NULL)
-    {
-        char *b64_file_passwd;
-        int l = strlen(line);
-
-        /* nuke newline */
-        if (line[l-1] == '\n')
-            line[l-1] = 0;
-
-        /* line is form "username:salt(b64)$password(b64)" */
-        if ((b64_file_passwd = strchr(line, ':')) == NULL)
-            continue;
-
-        *b64_file_passwd++ = 0;
-
-        if (strcmp(line, cn->authorization)) /* our user? */
-            continue;
-
-        if (check_digest(b64_file_passwd, cp) == 0)
-        {
-            fclose(fp);
-            return 0;
-        }
-    }
-
-error:
-    fclose(fp);
-    send_authenticate(cn, cn->virtualhostreq);
-    return -1;
-}
-#endif
-
-static int htaccess_check(struct connstruct *cn)
-{
-    char line[MAXREQUESTLENGTH];
-    FILE *fp;
-    int ret = 0;
-
-    if ((fp = exist_check(cn, ".htaccess")) == NULL)
-        return 0;               /* no .htaccess file, so let though */
-
-    while (fgets(line, sizeof(line), fp) != NULL)
-    {
-        if (strstr(line, "Deny all") || /* access to this dir denied */
-                    /* Access will be denied unless SSL is active */
-                    (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
-                    /* Access will be denied if SSL is active */
-                    (cn->is_ssl && strstr(line, "SSLDenySSL")))
-        {
-            ret = -1;
-            break;
-        }
-    }
-
-    fclose(fp);
-    return ret;
-}
-
-static void send_error(struct connstruct *cn, int err)
-{
-    char buf[MAXREQUESTLENGTH];
-    char *title;
-    char *text;
-
-    switch (err)
-    {
-        case 403:
-            title = "Forbidden";
-            text = "File is protected";
-#ifdef CONFIG_HTTP_VERBOSE
-            printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
-#endif
-            break;
-
-        case 404:
-            title = "Not Found";
-            text = title;
-            break;
-
-        default:
-            title = "Unknown";
-            text = "Unknown";
-            break;
-    }
-
-    snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
-            "Content-Type: text/html\n"
-            "Cache-Control: no-cache,no-store\n"
-            "Connection: close\n\n"
-            "<html>\n<head>\n<title>%d %s</title></head>\n"
-            "<body><h1>%d %s</h1>\n</body></html>\n", 
-            err, title, err, title, err, text);
-    special_write(cn, buf, strlen(buf));
-    removeconnection(cn);
-}
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
deleted file mode 100644
index a6cadc77e1..0000000000
--- a/httpd/tdate_parse.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <sys/types.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "axhttp.h"
-
-struct day_mon_map 
-{
-    const char* s;
-    uint8_t l;
-};
-
-static struct day_mon_map wday_tab[] = 
-{
-    { "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 },
-    { "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 }, 
-};
-
-static struct day_mon_map mon_tab[] = 
-{
-    { "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 },
-    { "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 },
-    { "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 },
-};
-
-static int day_mon_map_compare(const char *v1, const char *v2)
-{
-    return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s);
-}
-
-void tdate_init(void)
-{
-    qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map),
-            sizeof(struct day_mon_map), 
-            (int (*)(const void *, const void *))day_mon_map_compare);
-    qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map),
-            sizeof(struct day_mon_map), 
-            (int (*)(const void *, const void *))day_mon_map_compare);
-}
-
-static int8_t day_mon_map_search(const char* str, 
-                            const struct day_mon_map* tab, int n)
-{
-    struct day_mon_map *search = bsearch(&str, tab, n,
-            sizeof(struct day_mon_map), 
-                (int (*)(const void *, const void *))day_mon_map_compare);
-    return search ? search->l : -1;
-}
-
-time_t tdate_parse(const char* str)
-{
-    struct tm tm;
-    char str_mon[4], str_wday[4];
-    int tm_sec, tm_min, tm_hour, tm_mday, tm_year;
-
-    /* Initialize. */
-    memset(&tm, 0, sizeof(struct tm));
-
-    /* wdy, DD mth YY HH:MM:SS GMT */
-    if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
-                str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min,
-                    &tm_sec) == 7) ||
-    /* wdy mth DD HH:MM:SS YY */
-        (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d",
-                str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec,
-                    &tm_year) == 7))
-    {
-        int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, 
-                        sizeof(wday_tab)/sizeof(struct day_mon_map));
-        int8_t tm_mon = day_mon_map_search(str_mon, mon_tab, 
-                        sizeof(mon_tab)/sizeof(struct day_mon_map));
-
-        if (tm_wday < 0 || tm_mon < 0)
-            return -1;
-
-        tm.tm_wday = tm_wday;
-        tm.tm_mon = tm_mon;
-        tm.tm_mday = tm_mday;
-        tm.tm_hour = tm_hour;
-        tm.tm_min = tm_min;
-        tm.tm_sec = tm_sec;
-        tm.tm_year = tm_year - 1900;
-        return mktime(&tm);
-    }
-
-    return -1;  /* error */
-}
diff --git a/samples/Config.in b/samples/Config.in
deleted file mode 100644
index a17f252f9d..0000000000
--- a/samples/Config.in
+++ /dev/null
@@ -1,56 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-menu "Samples"
-
-config CONFIG_SAMPLES
-    bool "Create Samples"
-    default y
-    help
-        axTLS contains various sample code.
-
-        Select Y here if you want to build the various samples.
-
-config CONFIG_C_SAMPLES
-    bool "axssl - C version"
-    default y
-    depends on CONFIG_SAMPLES
-    help
-        Build the "C" version of axssl. The features enabled are very
-        dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_CSHARP_SAMPLES
-    bool "axssl - C# version"
-    default y
-    depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS
-    help
-        Build the "C#" version of axssl. The features enabled are very
-        dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_VBNET_SAMPLES
-    bool "axssl - VB.NET version"
-    default y
-    depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS
-    help
-        Build the "VB.NET" version of axssl. The features enabled are very
-        dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_JAVA_SAMPLES
-    bool "axssl - Java version"
-    default y
-    depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS
-    help
-        Build the "Java" version of axssl. The features enabled are very
-        dependent on the build mode ('full' mode will give all features).
-
-config CONFIG_PERL_SAMPLES
-    bool "axssl - Perl version"
-    default y
-    depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS
-    help
-        Build the "Perl" version of axssl. The features enabled are very
-        dependent on the build mode ('full' mode will give all features).
-
-endmenu
-
diff --git a/samples/Makefile b/samples/Makefile
deleted file mode 100644
index fbb31149a8..0000000000
--- a/samples/Makefile
+++ /dev/null
@@ -1,46 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-all:
-
-include ../config/.config
-include ../config/makefile.conf
-
-all:
-ifdef CONFIG_C_SAMPLES
-	$(MAKE) -C c
-endif
-ifdef CONFIG_CSHARP_SAMPLES
-	$(MAKE) -C csharp
-endif
-ifdef CONFIG_VBNET_SAMPLES
-	$(MAKE) -C vbnet
-endif
-ifdef CONFIG_JAVA_SAMPLES
-	$(MAKE) -C java
-endif
-ifdef CONFIG_PERL_SAMPLES
-	$(MAKE) -C perl
-endif
-
-clean::
-	$(MAKE) -C c clean
-	$(MAKE) -C csharp clean
-	$(MAKE) -C vbnet clean
-	$(MAKE) -C java clean
-	$(MAKE) -C perl clean
diff --git a/samples/c/Makefile b/samples/c/Makefile
deleted file mode 100644
index 0ab81e70f2..0000000000
--- a/samples/c/Makefile
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-all : sample
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-ifndef CONFIG_PLATFORM_WIN32
-
-ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../../$(STAGE)/axssl.exe
-else
-TARGET=../../$(STAGE)/axssl
-endif   # cygwin
-
-LIBS=../../$(STAGE)
-CFLAGS += -I../../ssl -I../../config
-else
-TARGET=../../$(STAGE)/axssl.exe
-CFLAGS += /I"..\..\ssl" /I"..\..\config"
-endif
-
-ifndef CONFIG_C_SAMPLES
-sample:
-
-else
-sample : $(TARGET)
-OBJ= axssl.o
-include ../../config/makefile.post
-
-ifndef CONFIG_PLATFORM_WIN32
-
-$(TARGET): $(OBJ) $(LIBS)/libaxtls.a
-	$(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls 
-ifndef CONFIG_DEBUG
-ifndef CONFIG_PLATFORM_SOLARIS
-	strip --remove-section=.comment $(TARGET)
-endif   # SOLARIS
-endif   # CONFIG_DEBUG
-else    # Win32
-
-$(TARGET): $(OBJ)
-	$(LD) $(LDFLAGS) ..\\..\\config\\axtls.res /out:$@ $^ /libpath:"../../$(STAGE)" axtls.lib
-endif
-
-endif    # CONFIG_C_SAMPLES
-
-clean::
-	-@rm -f ../../$(STAGE)/axssl*
-
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
deleted file mode 100644
index e11eb1c9fb..0000000000
--- a/samples/c/axssl.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Demonstrate the use of the axTLS library in C with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl s_server -?
- * > axssl s_client -?
- *
- * The axtls shared library must be in the same directory or be found 
- * by the OS.
- */
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl.h"
-
-/* define standard input */
-#ifndef STDIN_FILENO
-#define STDIN_FILENO        0
-#endif
-
-static void do_server(int argc, char *argv[]);
-static void print_options(char *option);
-static void print_server_options(char *option);
-static void do_client(int argc, char *argv[]);
-static void print_client_options(char *option);
-static void display_cipher(SSL *ssl);
-static void display_session_id(SSL *ssl);
-
-/**
- * Main entry point. Doesn't do much except works out whether we are a client
- * or a server.
- */
-int main(int argc, char *argv[])
-{
-#ifdef WIN32
-    WSADATA wsaData;
-    WORD wVersionRequested = MAKEWORD(2, 2);
-    WSAStartup(wVersionRequested, &wsaData);
-#elif !defined(CONFIG_PLATFORM_SOLARIS)
-    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
-#endif
-
-    if (argc == 2 && strcmp(argv[1], "version") == 0)
-    {
-        printf("axssl %s\n", ssl_version());
-        exit(0);
-    }
-
-    if (argc < 2 || (
-                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
-        print_options(argc > 1 ? argv[1] : "");
-
-    strcmp(argv[1], "s_server") ? 
-        do_client(argc, argv) : do_server(argc, argv);
-    return 0;
-}
-
-/**
- * Implement the SSL server logic. 
- */
-static void do_server(int argc, char *argv[])
-{
-    int i = 2;
-    uint16_t port = 4433;
-    uint32_t options = SSL_DISPLAY_CERTS;
-    int client_fd;
-    SSL_CTX *ssl_ctx;
-    int server_fd, client_len, res = 0;
-#ifndef CONFIG_SSL_SKELETON_MODE
-    char *private_key_file = NULL;
-    const char *password = NULL;
-    char **cert;
-    int cert_index = 0;
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef WIN32
-    char yes = 1;
-#else
-    int yes = 1;
-#endif
-    struct sockaddr_in serv_addr;
-    struct sockaddr_in client_addr;
-    int quiet = 0;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    int ca_cert_index = 0;
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
-#endif
-    fd_set read_set;
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    cert = (char **)calloc(1, sizeof(char *)*cert_size);
-#endif
-
-    while (i < argc)
-    {
-        if (strcmp(argv[i], "-accept") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            port = atoi(argv[++i]);
-        }
-#ifndef CONFIG_SSL_SKELETON_MODE
-        else if (strcmp(argv[i], "-cert") == 0)
-        {
-            if (i >= argc-1 || cert_index >= cert_size)
-            {
-                print_server_options(argv[i]);
-            }
-
-            cert[cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-key") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            private_key_file = argv[++i];
-            options |= SSL_NO_DEFAULT_KEY;
-        }
-        else if (strcmp(argv[i], "-pass") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            password = argv[++i];
-        }
-#endif
-        else if (strcmp(argv[i], "-quiet") == 0)
-        {
-            quiet = 1;
-            options &= ~SSL_DISPLAY_CERTS;
-        }
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        else if (strcmp(argv[i], "-verify") == 0)
-        {
-            options |= SSL_CLIENT_AUTHENTICATION;
-        }
-        else if (strcmp(argv[i], "-CAfile") == 0)
-        {
-            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
-            {
-                print_server_options(argv[i]);
-            }
-
-            ca_cert[ca_cert_index++] = argv[++i];
-        }
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-        else if (strcmp(argv[i], "-debug") == 0)
-        {
-            options |= SSL_DISPLAY_BYTES;
-        }
-        else if (strcmp(argv[i], "-state") == 0)
-        {
-            options |= SSL_DISPLAY_STATES;
-        }
-        else if (strcmp(argv[i], "-show-rsa") == 0)
-        {
-            options |= SSL_DISPLAY_RSA;
-        }
-#endif
-        else    /* don't know what this is */
-        {
-            print_server_options(argv[i]);
-        }
-
-        i++;
-    }
-
-    /* Create socket for incoming connections */
-    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-    {
-        perror("socket");
-        return;
-    }
-      
-    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
-    /* Construct local address structure */
-    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
-    serv_addr.sin_family = AF_INET;                /* Internet address family */
-    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-    serv_addr.sin_port = htons(port);              /* Local port */
-
-    /* Bind to the local address */
-    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
-    {
-        perror("bind");
-        exit(1);
-    }
-
-    if (listen(server_fd, 5) < 0)
-    {
-        perror("listen");
-        exit(1);
-    }
-
-    client_len = sizeof(client_addr);
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
-    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
-    {
-        fprintf(stderr, "Error: Server context is invalid\n");
-        exit(1);
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (private_key_file)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-        
-        /* auto-detect the key type from the file extension */
-        if (strstr(private_key_file, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key_file, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
-        {
-            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
-                                                        private_key_file);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", cert[i]);
-            exit(1);
-        }
-    }
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    for (i = 0; i < ca_cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
-            exit(1);
-        }
-    }
-
-    free(ca_cert);
-#endif
-#ifndef CONFIG_SSL_SKELETON_MODE
-    free(cert);
-#endif
-
-    for (;;)
-    {
-        SSL *ssl;
-        int reconnected = 0;
-
-        if (!quiet)
-        {
-            printf("ACCEPT\n");
-            TTY_FLUSH();
-        }
-
-        if ((client_fd = accept(server_fd, 
-                (struct sockaddr *)&client_addr, &client_len)) < 0)
-        {
-            res = 1;
-            break;
-        }
-
-        ssl = ssl_server_new(ssl_ctx, client_fd);
-
-        /* now read (and display) whatever the client sends us */
-        for (;;)
-        {
-            /* allow parallel reading of client and standard input */
-            FD_ZERO(&read_set);
-            FD_SET(client_fd, &read_set);
-
-#ifndef WIN32
-            /* win32 doesn't like mixing up stdin and sockets */
-            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
-            {
-                FD_SET(STDIN_FILENO, &read_set);
-            }
-
-            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
-            {
-               uint8_t buf[1024];
-
-                /* read standard input? */
-                if (FD_ISSET(STDIN_FILENO, &read_set))
-                {
-                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
-                    {
-                        res = SSL_ERROR_CONN_LOST;
-                    }
-                    else
-                    {
-                        /* small hack to check renegotiation */
-                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
-                        {
-                            res = ssl_renegotiate(ssl);
-                        }
-                        else    /* write our ramblings to the client */
-                        {
-                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
-                        }
-                    }
-                }
-                else    /* a socket read */
-#endif
-                {
-                    /* keep reading until we get something interesting */
-                    uint8_t *read_buf;
-
-                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
-                    {
-                        /* are we in the middle of doing a handshake? */
-                        if (ssl_handshake_status(ssl) != SSL_OK)
-                        {
-                            reconnected = 0;
-                        }
-                        else if (!reconnected)
-                        {
-                            /* we are connected/reconnected */
-                            if (!quiet)
-                            {
-                                display_session_id(ssl);
-                                display_cipher(ssl);
-                            }
-
-                            reconnected = 1;
-                        }
-                    }
-
-                    if (res > 0)    /* display our interesting output */
-                    {
-                        printf("%s", read_buf);
-                        TTY_FLUSH();
-                    }
-                    else if (res < 0 && !quiet)
-                    {
-                        ssl_display_error(res);
-                    }
-                }
-#ifndef WIN32
-            }
-#endif
-
-            if (res < SSL_OK)
-            {
-                if (!quiet)
-                {
-                    printf("CONNECTION CLOSED\n");
-                    TTY_FLUSH();
-                }
-
-                break;
-            }
-        }
-
-        /* client was disconnected or the handshake failed. */
-        ssl_free(ssl);
-        SOCKET_CLOSE(client_fd);
-    }
-
-    ssl_ctx_free(ssl_ctx);
-}
-
-/**
- * Implement the SSL client logic.
- */
-static void do_client(int argc, char *argv[])
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    int res, i = 2;
-    uint16_t port = 4433;
-    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
-    int client_fd;
-    char *private_key_file = NULL;
-    struct sockaddr_in client_addr;
-    struct hostent *hostent;
-    int reconnect = 0;
-    uint32_t sin_addr;
-    SSL_CTX *ssl_ctx;
-    SSL *ssl = NULL;
-    int quiet = 0;
-    int cert_index = 0, ca_cert_index = 0;
-    int cert_size, ca_cert_size;
-    char **ca_cert, **cert;
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-    fd_set read_set;
-    const char *password = NULL;
-
-    FD_ZERO(&read_set);
-    sin_addr = inet_addr("127.0.0.1");
-    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
-    cert = (char **)calloc(1, sizeof(char *)*cert_size);
-
-    while (i < argc)
-    {
-        if (strcmp(argv[i], "-connect") == 0)
-        {
-            char *host, *ptr;
-
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            host = argv[++i];
-            if ((ptr = strchr(host, ':')) == NULL)
-            {
-                print_client_options(argv[i]);
-            }
-
-            *ptr++ = 0;
-            port = atoi(ptr);
-            hostent = gethostbyname(host);
-
-            if (hostent == NULL)
-            {
-                print_client_options(argv[i]);
-            }
-
-            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
-        }
-        else if (strcmp(argv[i], "-cert") == 0)
-        {
-            if (i >= argc-1 || cert_index >= cert_size)
-            {
-                print_client_options(argv[i]);
-            }
-
-            cert[cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-key") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            private_key_file = argv[++i];
-            options |= SSL_NO_DEFAULT_KEY;
-        }
-        else if (strcmp(argv[i], "-CAfile") == 0)
-        {
-            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
-            {
-                print_client_options(argv[i]);
-            }
-
-            ca_cert[ca_cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-verify") == 0)
-        {
-            options &= ~SSL_SERVER_VERIFY_LATER;
-        }
-        else if (strcmp(argv[i], "-reconnect") == 0)
-        {
-            reconnect = 4;
-        }
-        else if (strcmp(argv[i], "-quiet") == 0)
-        {
-            quiet = 1;
-            options &= ~SSL_DISPLAY_CERTS;
-        }
-        else if (strcmp(argv[i], "-pass") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            password = argv[++i];
-        }
-#ifdef CONFIG_SSL_FULL_MODE
-        else if (strcmp(argv[i], "-debug") == 0)
-        {
-            options |= SSL_DISPLAY_BYTES;
-        }
-        else if (strcmp(argv[i], "-state") == 0)
-        {
-            options |= SSL_DISPLAY_STATES;
-        }
-        else if (strcmp(argv[i], "-show-rsa") == 0)
-        {
-            options |= SSL_DISPLAY_RSA;
-        }
-#endif
-        else    /* don't know what this is */
-        {
-            print_client_options(argv[i]);
-        }
-
-        i++;
-    }
-
-    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    memset(&client_addr, 0, sizeof(client_addr));
-    client_addr.sin_family = AF_INET;
-    client_addr.sin_port = htons(port);
-    client_addr.sin_addr.s_addr = sin_addr;
-
-    if (connect(client_fd, (struct sockaddr *)&client_addr, 
-                sizeof(client_addr)) < 0)
-    {
-        perror("connect");
-        exit(1);
-    }
-
-    if (!quiet)
-    {
-        printf("CONNECTED\n");
-        TTY_FLUSH();
-    }
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
-    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
-    {
-        fprintf(stderr, "Error: Client context is invalid\n");
-        exit(1);
-    }
-
-    if (private_key_file)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-        
-        /* auto-detect the key type from the file extension */
-        if (strstr(private_key_file, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key_file, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
-        {
-            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
-                                                        private_key_file);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", cert[i]);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < ca_cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
-            exit(1);
-        }
-    }
-
-    free(cert);
-    free(ca_cert);
-
-    /* Try session resumption? */
-    if (reconnect)
-    {
-        while (reconnect--)
-        {
-            ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
-            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
-            {
-                if (!quiet)
-                {
-                    ssl_display_error(res);
-                }
-
-                ssl_free(ssl);
-                exit(1);
-            }
-
-            display_session_id(ssl);
-            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
-
-            if (reconnect)
-            {
-                ssl_free(ssl);
-                SOCKET_CLOSE(client_fd);
-
-                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-                connect(client_fd, (struct sockaddr *)&client_addr, 
-                        sizeof(client_addr));
-            }
-        }
-    }
-    else
-    {
-        ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
-    }
-
-    /* check the return status */
-    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
-    {
-        if (!quiet)
-        {
-            ssl_display_error(res);
-        }
-
-        exit(1);
-    }
-
-    if (!quiet)
-    {
-        const char *common_name = ssl_get_cert_dn(ssl,
-                SSL_X509_CERT_COMMON_NAME);
-        if (common_name)
-        {
-            printf("Common Name:\t\t%s\n", common_name);
-        }
-
-        display_session_id(ssl);
-        display_cipher(ssl);
-    }
-
-    for (;;)
-    {
-        uint8_t buf[1024];
-        res = SSL_OK;
-
-        /* allow parallel reading of server and standard input */
-        FD_SET(client_fd, &read_set);
-#ifndef WIN32
-        /* win32 doesn't like mixing up stdin and sockets */
-        FD_SET(STDIN_FILENO, &read_set);
-
-        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
-        {
-            /* read standard input? */
-            if (FD_ISSET(STDIN_FILENO, &read_set))
-#endif
-            {
-                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
-                {
-                    /* bomb out of here */
-                    ssl_free(ssl);
-                    break;
-                }
-                else
-                {
-                    /* small hack to check renegotiation */
-                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
-                    {
-                        res = ssl_renegotiate(ssl);
-                    }
-                    else
-                    {
-                        res = ssl_write(ssl, buf, strlen((char *)buf)+1);
-                    }
-                }
-            }
-#ifndef WIN32
-            else    /* a socket read */
-            {
-                uint8_t *read_buf;
-
-                res = ssl_read(ssl, &read_buf);
-
-                if (res > 0)    /* display our interesting output */
-                {
-                    printf("%s", read_buf);
-                    TTY_FLUSH();
-                }
-            }
-        }
-#endif
-
-        if (res < 0)
-        {
-            if (!quiet)
-            {
-                ssl_display_error(res);
-            }
-
-            break;      /* get outta here */
-        }
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    SOCKET_CLOSE(client_fd);
-#else
-    print_client_options(argv[1]);
-#endif
-}
-
-/**
- * We've had some sort of command-line error. Print out the basic options.
- */
-static void print_options(char *option)
-{
-    printf("axssl: Error: '%s' is an invalid command.\n", option);
-    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
-    exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the server options.
- */
-static void print_server_options(char *option)
-{
-#ifndef CONFIG_SSL_SKELETON_MODE
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
-    printf("unknown option %s\n", option);
-    printf("usage: s_server [args ...]\n");
-    printf(" -accept arg\t- port to accept on (default is 4433)\n");
-#ifndef CONFIG_SSL_SKELETON_MODE
-    printf(" -cert arg\t- certificate file to add (in addition to default)"
-                                    " to chain -\n"
-          "\t\t  Can repeat up to %d times\n", cert_size);
-    printf(" -key arg\t- Private key file to use\n");
-    printf(" -pass\t\t- private key file pass phrase source\n");
-#endif
-    printf(" -quiet\t\t- No server output\n");
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    printf(" -verify\t- turn on peer certificate verification\n");
-    printf(" -CAfile arg\t- Certificate authority\n");
-    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-    printf(" -debug\t\t- Print more output\n");
-    printf(" -state\t\t- Show state messages\n");
-    printf(" -show-rsa\t- Show RSA state\n");
-#endif
-    exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the client options.
- */
-static void print_client_options(char *option)
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
-    printf("unknown option %s\n", option);
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    printf("usage: s_client [args ...]\n");
-    printf(" -connect host:port - who to connect to (default "
-            "is localhost:4433)\n");
-    printf(" -verify\t- turn on peer certificate verification\n");
-    printf(" -cert arg\t- certificate file to use\n");
-    printf("\t\t  Can repeat up to %d times\n", cert_size);
-    printf(" -key arg\t- Private key file to use\n");
-    printf(" -CAfile arg\t- Certificate authority\n");
-    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
-    printf(" -quiet\t\t- No client output\n");
-    printf(" -reconnect\t- Drop and re-make the connection "
-            "with the same Session-ID\n");
-    printf(" -pass\t\t- private key file pass phrase source\n");
-#ifdef CONFIG_SSL_FULL_MODE
-    printf(" -debug\t\t- Print more output\n");
-    printf(" -state\t\t- Show state messages\n");
-    printf(" -show-rsa\t- Show RSA state\n");
-#endif
-#else
-    printf("Change configuration to allow this feature\n");
-#endif
-    exit(1);
-}
-
-/**
- * Display what cipher we are using 
- */
-static void display_cipher(SSL *ssl)
-{
-    printf("CIPHER is ");
-    switch (ssl_get_cipher_id(ssl))
-    {
-        case SSL_AES128_SHA:
-            printf("AES128-SHA");
-            break;
-
-        case SSL_AES256_SHA:
-            printf("AES256-SHA");
-            break;
-
-        case SSL_RC4_128_SHA:
-            printf("RC4-SHA");
-            break;
-
-        case SSL_RC4_128_MD5:
-            printf("RC4-MD5");
-            break;
-
-        default:
-            printf("Unknown - %d", ssl_get_cipher_id(ssl));
-            break;
-    }
-
-    printf("\n");
-    TTY_FLUSH();
-}
-
-/**
- * Display what session id we have.
- */
-static void display_session_id(SSL *ssl)
-{    
-    int i;
-    const uint8_t *session_id = ssl_get_session_id(ssl);
-
-    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-    for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
-    {
-        printf("%02x", session_id[i]);
-    }
-    printf("\n-----END SSL SESSION PARAMETERS-----\n");
-    TTY_FLUSH();
-}
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
deleted file mode 100644
index 267a49d15c..0000000000
--- a/samples/csharp/Makefile
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.dotnet.conf
-
-all : sample
-TARGET=../../$(STAGE)/axssl.csharp.exe
-sample : $(TARGET)
-
-$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs 
-ifdef GO_DOT_NET
-	csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
-else    # use mono to build
-	mcs -out:$@ $^
-
-endif    # ARCH
-
-clean::
-	-@rm -f $(TARGET)
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
deleted file mode 100644
index 1f1f95b584..0000000000
--- a/samples/csharp/axssl.cs
+++ /dev/null
@@ -1,743 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Demonstrate the use of the axTLS library in C# with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl.csharp.exe s_server -?
- * > axssl.csharp.exe s_client -?
- *
- * The axtls shared library must be in the same directory or be found 
- * by the OS.
- */
-
-using System;
-using System.Net;
-using System.Net.Sockets;
-using axTLS;
-
-public class axssl
-{
-    /*
-     * Main()
-     */
-    public static void Main(string[] args)
-    {
-        if (args.Length == 1 && args[0] == "version")
-        {
-            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
-            Environment.Exit(0); 
-        }
-
-        axssl runner = new axssl();
-
-        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
-            runner.print_options(args.Length > 0 ? args[0] : "");
-
-        int build_mode = SSLUtil.BuildMode();
-
-        if (args[0] == "s_server")
-            runner.do_server(build_mode, args);
-        else 
-            runner.do_client(build_mode, args);
-    }
-
-    /*
-     * do_server()
-     */
-    private void do_server(int build_mode, string[] args)
-    {
-        int i = 1;
-        int port = 4433;
-        uint options = axtls.SSL_DISPLAY_CERTS;
-        bool quiet = false;
-        string password = null;
-        string private_key_file = null;
-
-        /* organise the cert/ca_cert lists */
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-        string[] cert = new string[cert_size];
-        string[] ca_cert = new string[ca_cert_size];
-        int cert_index = 0;
-        int ca_cert_index = 0;
-
-        while (i < args.Length)
-        {
-            if (args[i] == "-accept")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                port = Int32.Parse(args[++i]);
-            }
-            else if (args[i] == "-quiet")
-            {
-                quiet = true;
-                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
-            }
-            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
-            {
-                if (args[i] == "-cert")
-                {
-                    if (i >= args.Length-1 || cert_index >= cert_size)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    cert[cert_index++] = args[++i];
-                }
-                else if (args[i] == "-key")
-                {
-                    if (i >= args.Length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    private_key_file = args[++i];
-                    options |= axtls.SSL_NO_DEFAULT_KEY;
-                }
-                else if (args[i] == "-pass")
-                {
-                    if (i >= args.Length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    password = args[++i];
-                }
-                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
-                {
-                    if (args[i] == "-verify")
-                    {
-                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
-                    }
-                    else if (args[i] == "-CAfile")
-                    {
-                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
-                        {
-                            print_server_options(build_mode, args[i]);
-                        }
-
-                        ca_cert[ca_cert_index++] = args[++i];
-                    }
-                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-                    {
-                        if (args[i] == "-debug")
-                        {
-                            options |= axtls.SSL_DISPLAY_BYTES;
-                        }
-                        else if (args[i] == "-state")
-                        {
-                            options |= axtls.SSL_DISPLAY_STATES;
-                        }
-                        else if (args[i] == "-show-rsa")
-                        {
-                            options |= axtls.SSL_DISPLAY_RSA;
-                        }
-                        else
-                            print_server_options(build_mode, args[i]);
-                    }
-                    else
-                        print_server_options(build_mode, args[i]);
-                }
-                else 
-                    print_server_options(build_mode, args[i]);
-            }
-            else
-                print_server_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        /* Create socket for incoming connections */
-        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
-        TcpListener server_sock = new TcpListener(ep);
-        server_sock.Start();      
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLServer ssl_ctx = new SSLServer(
-                                options, axtls.SSL_DEFAULT_SVR_SESS);
-
-        if (ssl_ctx == null)
-        {
-            Console.Error.WriteLine("Error: Server context is invalid");
-            Environment.Exit(1);
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.EndsWith(".p8"))
-                obj_type = axtls.SSL_OBJ_PKCS8;
-            else if (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.ObjLoad(obj_type,
-                             private_key_file, password) != axtls.SSL_OK)
-            {
-                Console.Error.WriteLine("Private key '" + private_key_file +
-                                                            "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                                                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        byte[] buf = null;
-        int res;
-
-        for (;;)
-        {
-            if (!quiet)
-            {
-                Console.WriteLine("ACCEPT");
-            }
-
-            Socket client_sock = server_sock.AcceptSocket();
-
-            SSL ssl = ssl_ctx.Connect(client_sock);
-
-            /* do the actual SSL handshake */
-            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
-            {
-                /* check when the connection has been established */
-                if (ssl.HandshakeStatus() == axtls.SSL_OK)
-                    break;
-
-                /* could do something else here */
-            }
-
-            if (res == axtls.SSL_OK) /* connection established and ok */
-            {
-                if (!quiet)
-                {
-                    display_session_id(ssl);
-                    display_cipher(ssl);
-                }
-
-                /* now read (and display) whatever the client sends us */
-                for (;;)
-                {
-                    /* keep reading until we get something interesting */
-                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
-                    {
-                        /* could do something else here */
-                    }
-
-                    if (res < axtls.SSL_OK)
-                    {
-                        if (!quiet)
-                        {
-                            Console.WriteLine("CONNECTION CLOSED");
-                        }
-
-                        break;
-                    }
-
-                    /* convert to string */
-                    char[] str = new char[res];
-                    for (i = 0; i < res; i++)
-                    {
-                        str[i] = (char)buf[i];
-                    }
-
-                    Console.Write(str);
-                }
-            }
-            else if (!quiet)
-            {
-                SSLUtil.DisplayError(res);
-            }
-
-            /* client was disconnected or the handshake failed. */
-            ssl.Dispose();
-            client_sock.Close();
-        }
-
-        /* ssl_ctx.Dispose(); */
-    }
-
-    /*
-     * do_client()
-     */
-    private void do_client(int build_mode, string[] args)
-    {
-        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
-        {
-            print_client_options(build_mode, args[1]);
-        }
-
-        int i = 1, res;
-        int port = 4433;
-        bool quiet = false;
-        string password = null;
-        int reconnect = 0;
-        string private_key_file = null;
-        string hostname = "127.0.0.1";
-
-        /* organise the cert/ca_cert lists */
-        int cert_index = 0;
-        int ca_cert_index = 0;
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-        string[] cert = new string[cert_size];
-        string[] ca_cert = new string[ca_cert_size];
-
-        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
-        byte[] session_id = null;
-
-        while (i < args.Length)
-        {
-            if (args[i] == "-connect")
-            {
-                string host_port;
-
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                host_port = args[++i];
-                int index_colon;
-
-                if ((index_colon = host_port.IndexOf(':')) < 0)
-                    print_client_options(build_mode, args[i]);
-
-                hostname = new string(host_port.ToCharArray(), 
-                        0, index_colon);
-                port = Int32.Parse(new String(host_port.ToCharArray(), 
-                            index_colon+1, host_port.Length-index_colon-1));
-            }
-            else if (args[i] == "-cert")
-            {
-                if (i >= args.Length-1 || cert_index >= cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                cert[cert_index++] = args[++i];
-            }
-            else if (args[i] == "-key")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                private_key_file = args[++i];
-                options |= axtls.SSL_NO_DEFAULT_KEY;
-            }
-            else if (args[i] == "-CAfile")
-            {
-                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                ca_cert[ca_cert_index++] = args[++i];
-            }
-            else if (args[i] == "-verify")
-            {
-                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
-            }
-            else if (args[i] == "-reconnect")
-            {
-                reconnect = 4;
-            }
-            else if (args[i] == "-quiet")
-            {
-                quiet = true;
-                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
-            }
-            else if (args[i] == "-pass")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                password = args[++i];
-            }
-            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-            {
-                if (args[i] == "-debug")
-                {
-                    options |= axtls.SSL_DISPLAY_BYTES;
-                }
-                else if (args[i] == "-state")
-                {
-                    options |= axtls.SSL_DISPLAY_STATES;
-                }
-                else if (args[i] == "-show-rsa")
-                {
-                    options |= axtls.SSL_DISPLAY_RSA;
-                }
-                else
-                    print_client_options(build_mode, args[i]);
-            }
-            else    /* don't know what this is */
-                print_client_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
-        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
-        IPAddress[] addresses = hostInfo.AddressList;
-        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
-        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
-                SocketType.Stream, ProtocolType.Tcp);
-        client_sock.Connect(ep);
-
-        if (!client_sock.Connected)
-        {
-            Console.WriteLine("could not connect");
-            Environment.Exit(1);
-        }
-
-        if (!quiet)
-        {
-            Console.WriteLine("CONNECTED");
-        }
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLClient ssl_ctx = new SSLClient(options,
-                                    axtls.SSL_DEFAULT_CLNT_SESS);
-
-        if (ssl_ctx == null)
-        {
-            Console.Error.WriteLine("Error: Client context is invalid");
-            Environment.Exit(1);
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.EndsWith(".p8"))
-                obj_type = axtls.SSL_OBJ_PKCS8;
-            else if (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.ObjLoad(obj_type,
-                             private_key_file, password) != axtls.SSL_OK)
-            {
-                Console.Error.WriteLine("Private key '" + private_key_file +
-                                                            "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                                                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
-
-        /* Try session resumption? */
-        if (reconnect > 0)
-        {
-            while (reconnect-- > 0)
-            {
-                ssl = ssl_ctx.Connect(client_sock, session_id);
-
-                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
-                {
-                    if (!quiet)
-                    {
-                        SSLUtil.DisplayError(res);
-                    }
-
-                    ssl.Dispose();
-                    Environment.Exit(1);
-                }
-
-                display_session_id(ssl);
-                session_id = ssl.GetSessionId();
-
-                if (reconnect > 0)
-                {
-                    ssl.Dispose();
-                    client_sock.Close();
-                    
-                    /* and reconnect */
-                    client_sock = new Socket(AddressFamily.InterNetwork, 
-                        SocketType.Stream, ProtocolType.Tcp);
-                    client_sock.Connect(ep);
-                }
-            }
-        }
-        else
-        {
-            ssl = ssl_ctx.Connect(client_sock, null);
-        }
-
-        /* check the return status */
-        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
-        {
-            if (!quiet)
-            {
-                SSLUtil.DisplayError(res);
-            }
-
-            Environment.Exit(1);
-        }
-
-        if (!quiet)
-        {
-            string common_name =
-                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
-
-            if (common_name != null)
-            {
-                Console.WriteLine("Common Name:\t\t" + common_name);
-            }
-
-            display_session_id(ssl);
-            display_cipher(ssl);
-        }
-
-        for (;;)
-        {
-            string user_input = Console.ReadLine();
-
-            if (user_input == null)
-                break;
-
-            byte[] buf = new byte[user_input.Length+2];
-            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
-            buf[buf.Length-1] = 0;              /* null terminate */
-
-            for (i = 0; i < buf.Length-2; i++)
-            {
-                buf[i] = (byte)user_input[i];
-            }
-
-            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
-            {
-                if (!quiet)
-                {
-                    SSLUtil.DisplayError(res);
-                }
-
-                break;
-            }
-        }
-
-        ssl_ctx.Dispose();
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the basic options.
-     */
-    private void print_options(string option)
-    {
-        Console.WriteLine("axssl: Error: '" + option + 
-                "' is an invalid command.");
-        Console.WriteLine("usage: axssl.csharp [s_server|" +
-                            "s_client|version] [args ...]");
-        Environment.Exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the server options.
-     */
-    private void print_server_options(int build_mode, string option)
-    {
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-
-        Console.WriteLine("unknown option " + option);
-        Console.WriteLine("usage: s_server [args ...]");
-        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
-                "is 4433)");
-        Console.WriteLine(" -quiet\t\t- No server output");
-
-        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
-        {
-          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
-                  "addition to default) to chain -");
-          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
-          Console.WriteLine(" -key arg\t- Private key file to use");
-          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
-        }
-
-        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
-        {
-            Console.WriteLine(" -verify\t- turn on peer certificate " +
-                    "verification");
-            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
-            Console.WriteLine("\t\t  Can repeat up to " + 
-                    ca_cert_size + "times");
-        }
-
-        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-        {
-            Console.WriteLine(" -debug\t\t- Print more output");
-            Console.WriteLine(" -state\t\t- Show state messages");
-            Console.WriteLine(" -show-rsa\t- Show RSA state");
-        }
-
-        Environment.Exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the client options.
-     */
-    private void print_client_options(int build_mode, string option)
-    {
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-
-        Console.WriteLine("unknown option " + option);
-
-        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
-        {
-            Console.WriteLine("usage: s_client [args ...]");
-            Console.WriteLine(" -connect host:port - who to connect to " + 
-                    "(default is localhost:4433)");
-            Console.WriteLine(" -verify\t- turn on peer certificate " + 
-                    "verification");
-            Console.WriteLine(" -cert arg\t- certificate file to use");
-            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
-            Console.WriteLine(" -key arg\t- Private key file to use");
-            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
-            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
-                    " times");
-            Console.WriteLine(" -quiet\t\t- No client output");
-            Console.WriteLine(" -pass\t\t- private key file pass " + 
-                    "phrase source");
-            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
-                    "connection with the same Session-ID");
-
-            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-            {
-                Console.WriteLine(" -debug\t\t- Print more output");
-                Console.WriteLine(" -state\t\t- Show state messages");
-                Console.WriteLine(" -show-rsa\t- Show RSA state");
-            }
-        }
-        else 
-        {
-            Console.WriteLine("Change configuration to allow this feature");
-        }
-
-        Environment.Exit(1);
-    }
-
-    /**
-     * Display what cipher we are using 
-     */
-    private void display_cipher(SSL ssl)
-    {
-        Console.Write("CIPHER is ");
-
-        switch (ssl.GetCipherId())
-        {
-            case axtls.SSL_AES128_SHA:
-                Console.WriteLine("AES128-SHA");
-                break;
-
-            case axtls.SSL_AES256_SHA:
-                Console.WriteLine("AES256-SHA");
-                break;
-
-            case axtls.SSL_RC4_128_SHA:
-                Console.WriteLine("RC4-SHA");
-                break;
-
-            case axtls.SSL_RC4_128_MD5:
-                Console.WriteLine("RC4-MD5");
-                break;
-
-            default:
-                Console.WriteLine("Unknown - " + ssl.GetCipherId());
-                break;
-        }
-    }
-
-    /**
-     * Display what session id we have.
-     */
-    private void display_session_id(SSL ssl)
-    {    
-        byte[] session_id = ssl.GetSessionId();
-
-        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
-        foreach (byte b in session_id)
-        {
-            Console.Write("{0:x02}", b);
-        }
-
-        Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
-    }
-}
diff --git a/samples/java/Makefile b/samples/java/Makefile
deleted file mode 100644
index eca097ec70..0000000000
--- a/samples/java/Makefile
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.java.conf
-
-all : sample
-JAR=../../$(STAGE)/axtls.jar
-CLASSES=../../bindings/java/classes
-sample : $(JAR)
-
-$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
-	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
-
-JAVA_FILES=axssl.java
-JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
-
-$(CLASSES)/%.class : %.java
-	javac -d $(CLASSES) -classpath $(CLASSES) $^
-
-clean::
-	-@rm -f $(TARGET)
-
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
deleted file mode 100644
index a08e9a79d3..0000000000
--- a/samples/java/axssl.java
+++ /dev/null
@@ -1,746 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * Demonstrate the use of the axTLS library in Java with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.  *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > java -jar axtls.jar s_server -?
- * > java -jar axtls.jar s_client -?
- *
- * The axtls/axtlsj shared libraries must be in the same directory or be found 
- * by the OS.
- */
-
-import java.io.*;
-import java.util.*;
-import java.net.*;
-import axTLSj.*;
-
-public class axssl
-{
-   /*
-     * Main()
-     */
-    public static void main(String[] args)
-    {
-        if (args.length == 1 && args[0].equals("version"))
-        {
-            System.out.println("axtls.jar " + SSLUtil.version());
-            System.exit(0);
-        }
-
-        axssl runner = new axssl();
-
-        try
-        {
-            if (args.length < 1 || 
-                    (!args[0].equals("s_server") &&
-                     !args[0].equals("s_client")))
-            {
-                runner.print_options(args.length > 0 ? args[0] : "");
-            }
-
-            int build_mode = SSLUtil.buildMode();
-
-            if (args[0].equals("s_server"))
-                runner.do_server(build_mode, args);
-            else 
-                runner.do_client(build_mode, args);
-        }
-        catch (Exception e) 
-        {
-            System.out.println(e);
-        }
-    }
-
-    /*
-     * do_server()
-     */
-    private void do_server(int build_mode, String[] args)
-                    throws Exception
-    {
-        int i = 1;
-        int port = 4433;
-        int options = axtlsj.SSL_DISPLAY_CERTS;
-        boolean quiet = false;
-        String password = null;
-        String private_key_file = null;
-
-        /* organise the cert/ca_cert lists */
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-        String[] cert = new String[cert_size];
-        String[] ca_cert = new String[ca_cert_size];
-        int cert_index = 0;
-        int ca_cert_index = 0;
-
-        while (i < args.length)
-        {
-            if (args[i].equals("-accept"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                port = Integer.parseInt(args[++i]);
-            }
-            else if (args[i].equals("-quiet"))
-            {
-                quiet = true;
-                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
-            }
-            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
-            {
-                if (args[i].equals("-cert"))
-                {
-                    if (i >= args.length-1 || cert_index >= cert_size)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    cert[cert_index++] = args[++i];
-                }
-                else if (args[i].equals("-key"))
-                {
-                    if (i >= args.length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    private_key_file = args[++i];
-                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
-                }
-                else if (args[i].equals("-pass"))
-                {
-                    if (i >= args.length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    password = args[++i];
-                }
-                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
-                {
-                    if (args[i].equals("-verify"))
-                    {
-                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
-                    }
-                    else if (args[i].equals("-CAfile"))
-                    {
-                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
-                        {
-                            print_server_options(build_mode, args[i]);
-                        }
-
-                        ca_cert[ca_cert_index++] = args[++i];
-                    }
-                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-                    {
-                        if (args[i].equals("-debug"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_BYTES;
-                        }
-                        else if (args[i].equals("-state"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_STATES;
-                        }
-                        else if (args[i].equals("-show-rsa"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_RSA;
-                        }
-                        else
-                            print_server_options(build_mode, args[i]);
-                    }
-                    else
-                        print_server_options(build_mode, args[i]);
-                }
-                else 
-                    print_server_options(build_mode, args[i]);
-            }
-            else 
-                print_server_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        /* Create socket for incoming connections */
-        ServerSocket server_sock = new ServerSocket(port);
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLServer ssl_ctx = new SSLServer(options, 
-                                    axtlsj.SSL_DEFAULT_SVR_SESS);
-
-        if (ssl_ctx == null)
-            throw new Exception("Error: Server context is invalid");
-
-        if (private_key_file != null)
-        {
-            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.endsWith(".p8"))
-                obj_type = axtlsj.SSL_OBJ_PKCS8;
-            else if (private_key_file.endsWith(".p12"))
-                obj_type = axtlsj.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.objLoad(obj_type, 
-                            private_key_file, password) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Error: Private key '" + private_key_file + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + ca_cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        int res;
-        SSLReadHolder rh = new SSLReadHolder();
-
-        for (;;)
-        {
-            if (!quiet)
-            {
-                System.out.println("ACCEPT");
-            }
-
-            Socket client_sock = server_sock.accept();
-
-            SSL ssl = ssl_ctx.connect(client_sock);
-
-            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
-            {
-                /* check when the connection has been established */
-                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
-                    break;
-
-                /* could do something else here */
-            }
-
-            if (res == axtlsj.SSL_OK) /* connection established and ok */
-            {
-                if (!quiet)
-                {
-                    display_session_id(ssl);
-                    display_cipher(ssl);
-                }
-
-                /* now read (and display) whatever the client sends us */
-                for (;;)
-                {
-                    /* keep reading until we get something interesting */
-                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
-                    {
-                        /* could do something else here */
-                    }
-
-                    if (res < axtlsj.SSL_OK)
-                    {
-                        if (!quiet)
-                        {
-                            System.out.println("CONNECTION CLOSED");
-                        }
-
-                        break;
-                    }
-
-                    /* convert to String */
-                    byte[] buf = rh.getData();
-                    char[] str = new char[res];
-
-                    for (i = 0; i < res; i++)
-                    {
-                        str[i] = (char)buf[i];
-                    }
-
-                    System.out.print(str);
-                }
-            }
-            else if (!quiet)
-            {
-                SSLUtil.displayError(res);
-            }
-
-            /* client was disconnected or the handshake failed. */
-            ssl.dispose();
-            client_sock.close();
-        }
-
-        /* ssl_ctx.dispose(); */
-    }
-
-    /*
-     * do_client()
-     */
-    private void do_client(int build_mode, String[] args)
-                    throws Exception
-    {
-        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
-            print_client_options(build_mode, args[1]);
-
-        int i = 1, res;
-        int port = 4433;
-        boolean quiet = false;
-        String password = null;
-        int reconnect = 0;
-        String private_key_file = null;
-        String hostname = "127.0.0.1";
-
-        /* organise the cert/ca_cert lists */
-        int cert_index = 0;
-        int ca_cert_index = 0;
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-        String[] cert = new String[cert_size];
-        String[] ca_cert = new String[ca_cert_size];
-
-        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
-        byte[] session_id = null;
-
-        while (i < args.length)
-        {
-            if (args[i].equals("-connect"))
-            {
-                String host_port;
-
-                if (i >= args.length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                host_port = args[++i];
-                int index_colon;
-
-                if ((index_colon = host_port.indexOf(':')) < 0)
-                    print_client_options(build_mode, args[i]);
-
-                hostname = new String(host_port.toCharArray(), 
-                        0, index_colon);
-                port = Integer.parseInt(new String(host_port.toCharArray(), 
-                            index_colon+1, host_port.length()-index_colon-1));
-            }
-            else if (args[i].equals("-cert"))
-            {
-                if (i >= args.length-1 || cert_index >= cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                cert[cert_index++] = args[++i];
-            }
-            else if (args[i].equals("-CAfile"))
-            {
-                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                ca_cert[ca_cert_index++] = args[++i];
-            }
-            else if (args[i].equals("-key"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                private_key_file = args[++i];
-                options |= axtlsj.SSL_NO_DEFAULT_KEY;
-            }
-            else if (args[i].equals("-verify"))
-            {
-                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
-            }
-            else if (args[i].equals("-reconnect"))
-            {
-                reconnect = 4;
-            }
-            else if (args[i].equals("-quiet"))
-            {
-                quiet = true;
-                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
-            }
-            else if (args[i].equals("-pass"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                password = args[++i];
-            }
-            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-            {
-                if (args[i].equals("-debug"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_BYTES;
-                }
-                else if (args[i].equals("-state"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_STATES;
-                }
-                else if (args[i].equals("-show-rsa"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_RSA;
-                }
-                else
-                    print_client_options(build_mode, args[i]);
-            }
-            else    /* don't know what this is */
-                print_client_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        Socket client_sock = new Socket(hostname, port);
-
-        if (!client_sock.isConnected())
-        {
-            System.out.println("could not connect");
-            throw new Exception();
-        }
-
-        if (!quiet)
-        {
-            System.out.println("CONNECTED");
-        }
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLClient ssl_ctx = new SSLClient(options, 
-                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
-
-        if (ssl_ctx == null)
-        {
-            throw new Exception("Error: Client context is invalid");
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.endsWith(".p8"))
-                obj_type = axtlsj.SSL_OBJ_PKCS8;
-            else if (private_key_file.endsWith(".p12"))
-                obj_type = axtlsj.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.objLoad(obj_type, 
-                            private_key_file, password) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Error: Private key '" + private_key_file + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + ca_cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        SSL ssl = null;
-
-        /* Try session resumption? */
-        if (reconnect > 0)
-        {
-            while (reconnect-- > 0)
-            {
-                ssl = ssl_ctx.connect(client_sock, session_id);
-
-                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
-                {
-                    if (!quiet)
-                    {
-                        SSLUtil.displayError(res);
-                    }
-
-                    ssl.dispose();
-                    throw new Exception();
-                }
-
-                display_session_id(ssl);
-                session_id = ssl.getSessionId();
-
-                if (reconnect > 0)
-                {
-                    ssl.dispose();
-                    client_sock.close();
-                    
-                    /* and reconnect */
-                    client_sock = new Socket(hostname, port);
-                }
-            }
-        }
-        else
-        {
-            ssl = ssl_ctx.connect(client_sock, null);
-        }
-
-        /* check the return status */
-        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
-        {
-            if (!quiet)
-            {
-                SSLUtil.displayError(res);
-            }
-
-            throw new Exception();
-        }
-
-        if (!quiet)
-        {
-            String common_name =
-                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
-
-            if (common_name != null)
-            {
-                System.out.println("Common Name:\t\t" + common_name);
-            }
-
-            display_session_id(ssl);
-            display_cipher(ssl);
-        }
-
-        BufferedReader in = new BufferedReader(
-                new InputStreamReader(System.in));
-
-        for (;;)
-        {
-            String user_input = in.readLine();
-
-            if (user_input == null)
-                break;
-
-            byte[] buf = new byte[user_input.length()+2];
-            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
-            buf[buf.length-1] = 0;              /* null terminate */
-
-            for (i = 0; i < buf.length-2; i++)
-            {
-                buf[i] = (byte)user_input.charAt(i);
-            }
-
-            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
-            {
-                if (!quiet)
-                {
-                    SSLUtil.displayError(res);
-                }
-
-                break;
-            }
-        }
-
-        ssl_ctx.dispose();
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the basic options.
-     */
-    private void print_options(String option)
-    {
-        System.out.println("axssl: Error: '" + option + 
-                "' is an invalid command.");
-        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
-                "[args ...]");
-        System.exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the server options.
-     */
-    private void print_server_options(int build_mode, String option)
-    {
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-
-        System.out.println("unknown option " + option);
-        System.out.println("usage: s_server [args ...]");
-        System.out.println(" -accept arg\t- port to accept on (default " + 
-                "is 4433)");
-        System.out.println(" -quiet\t\t- No server output");
-
-        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
-        {
-            System.out.println(" -cert arg\t- certificate file to add (in " + 
-                    "addition to default) to chain -");
-            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
-            System.out.println(" -key arg\t- Private key file to use");
-            System.out.println(" -pass\t\t- private key file pass phrase source");
-        }
-
-        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
-        {
-            System.out.println(" -verify\t- turn on peer certificate " +
-                    "verification");
-            System.out.println(" -CAfile arg\t- Certificate authority. ");
-            System.out.println("\t\t  Can repeat up to " + 
-                    ca_cert_size + " times");
-        }
-
-        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-        {
-            System.out.println(" -debug\t\t- Print more output");
-            System.out.println(" -state\t\t- Show state messages");
-            System.out.println(" -show-rsa\t- Show RSA state");
-        }
-
-        System.exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the client options.
-     */
-    private void print_client_options(int build_mode, String option)
-    {
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-
-        System.out.println("unknown option " + option);
-
-        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
-        {
-            System.out.println("usage: s_client [args ...]");
-            System.out.println(" -connect host:port - who to connect to " + 
-                    "(default is localhost:4433)");
-            System.out.println(" -verify\t- turn on peer certificate " + 
-                    "verification");
-            System.out.println(" -cert arg\t- certificate file to use");
-            System.out.println(" -key arg\t- Private key file to use");
-            System.out.println("\t\t  Can repeat up to " + cert_size + 
-                    " times");
-            System.out.println(" -CAfile arg\t- Certificate authority.");
-            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
-                    " times");
-            System.out.println(" -quiet\t\t- No client output");
-            System.out.println(" -pass\t\t- private key file pass " + 
-                        "phrase source");
-            System.out.println(" -reconnect\t- Drop and re-make the " +
-                    "connection with the same Session-ID");
-
-            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-            {
-                System.out.println(" -debug\t\t- Print more output");
-                System.out.println(" -state\t\t- Show state messages");
-                System.out.println(" -show-rsa\t- Show RSA state");
-            }
-        }
-        else 
-        {
-            System.out.println("Change configuration to allow this feature");
-        }
-
-        System.exit(1);
-    }
-
-    /**
-     * Display what cipher we are using 
-     */
-    private void display_cipher(SSL ssl)
-    {
-        System.out.print("CIPHER is ");
-
-        byte ciph_id = ssl.getCipherId();
-
-        if (ciph_id == axtlsj.SSL_AES128_SHA)
-            System.out.println("AES128-SHA");
-        else if (ciph_id == axtlsj.SSL_AES256_SHA)
-            System.out.println("AES256-SHA");
-        else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
-            System.out.println("RC4-SHA");
-        else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
-            System.out.println("RC4-MD5");
-        else
-            System.out.println("Unknown - " + ssl.getCipherId());
-    }
-
-    public char toHexChar(int i)
-    {
-        if ((0 <= i) && (i <= 9 ))
-            return (char)('0' + i);
-        else
-            return (char)('a' + (i-10));
-    }
-
-    public void bytesToHex(byte[] data) 
-    {
-        StringBuffer buf = new StringBuffer();
-        for (int i = 0; i < data.length; i++ ) 
-        {
-            buf.append(toHexChar((data[i]>>>4)&0x0F));
-            buf.append(toHexChar(data[i]&0x0F));
-        }
-
-        System.out.println(buf);
-    }
-
-
-    /**
-     * Display what session id we have.
-     */
-    private void display_session_id(SSL ssl)
-    {    
-        byte[] session_id = ssl.getSessionId();
-        int i;
-
-        System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
-        bytesToHex(session_id);
-        System.out.println("-----END SSL SESSION PARAMETERS-----");
-    }
-}
diff --git a/samples/java/manifest.mf b/samples/java/manifest.mf
deleted file mode 100644
index b906ed29ed..0000000000
--- a/samples/java/manifest.mf
+++ /dev/null
@@ -1 +0,0 @@
-Main-Class: axssl
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
deleted file mode 100644
index 0ad96070fd..0000000000
--- a/samples/perl/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-all: samples
-TARGET=../../$(STAGE)/axssl.pl
-samples: $(TARGET)
-
-$(TARGET): axssl.pl
-	install $< $@
-
-clean::
-	-@rm -f $(TARGET)
-
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
deleted file mode 100755
index cbfd58fdb7..0000000000
--- a/samples/perl/axssl.pl
+++ /dev/null
@@ -1,629 +0,0 @@
-#!/usr/bin/perl -w
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#
-# Demonstrate the use of the axTLS library in Perl with a set of 
-# command-line parameters similar to openssl. In fact, openssl clients 
-# should be able to communicate with axTLS servers and visa-versa.
-#
-# This code has various bits enabled depending on the configuration. To enable
-# the most interesting version, compile with the 'full mode' enabled.
-#
-# To see what options you have, run the following:
-# > [perl] axssl s_server -?
-# > [perl] axssl s_client -?
-#
-# The axtls/axtlsp shared libraries must be in the same directory or be found 
-# by the OS. axtlsp.pm must be in this directory or be in @INC.
-#
-# Under Win32, ActivePerl was used (see
-# http://www.activestate.com/Products/ActivePerl/?mp=1)
-#
-use axtlsp;
-use IO::Socket;
-
-# To get access to Win32 file descriptor stuff
-my $is_win32 = 0;
-
-if ($^O eq "MSWin32")
-{
-    eval("use Win32API::File 0.08 qw( :ALL )");
-    $is_win32 = 1;
-}
-
-use strict;
-
-#
-# Win32 has some problems with socket handles
-#
-sub get_native_sock
-{
-    my ($sock) = @_;
-    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
-}
-
-#
-# Main entry point. Doesn't do much except works out whether we are a client
-# or a server.
-#
-if ($#ARGV == 0 && $ARGV[0] eq "version")
-{
-    printf("axssl.pl ".axtlsp::ssl_version()."\n");
-    exit 0;
-}
-
-print_options($#ARGV > -1 ? $ARGV[0] : "")
-        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
-
-
-# Cygwin/Win32 issue - flush our output continuously
-select STDOUT;
-local $|=1;
-
-my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
-$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
-
-#
-# Implement the SSL server logic. 
-#
-sub do_server
-{
-    my ($build_mode) = @_;
-    my $i = 1;
-    my $port = 4433;
-    my $options = $axtlsp::SSL_DISPLAY_CERTS;
-    my $quiet = 0;
-    my $password = undef;
-    my $private_key_file = undef;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-    my @cert;
-    my @ca_cert;
-
-    while ($i <= $#ARGV)
-    {
-        if ($ARGV[$i] eq  "-accept")
-        {
-            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $port = $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-quiet")
-        {
-            $quiet = 1;
-            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
-        }
-        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
-        {
-            if ($ARGV[$i] eq "-cert")
-            {
-                print_server_options($build_mode, $ARGV[$i]) 
-                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
-
-                push @cert,  $ARGV[++$i];
-            }
-            elsif ($ARGV[$i] eq "-key")
-            {
-                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-                $private_key_file = $ARGV[++$i];
-                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
-            }
-            elsif ($ARGV[$i] eq "-pass")
-            {
-                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-                $password = $ARGV[++$i];
-            }
-            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
-            {
-                if ($ARGV[$i] eq "-verify")
-                {
-                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
-                }
-                elsif ($ARGV[$i] eq "-CAfile")
-                {
-                    print_server_options($build_mode, $ARGV[$i])  
-                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-                    push @ca_cert, $ARGV[++$i];
-                }
-                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-                {
-                    if ($ARGV[$i] eq "-debug")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
-                    }
-                    elsif ($ARGV[$i] eq "-state")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_STATES;
-                    }
-                    elsif ($ARGV[$i] eq "-show-rsa")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_RSA;
-                    }
-                    else
-                    {
-                        print_server_options($build_mode, $ARGV[$i]);
-                    }
-                }
-                else
-                {
-                    print_server_options($build_mode, $ARGV[$i]);
-                }
-            }
-            else 
-            {
-                print_server_options($build_mode, $ARGV[$i]);
-            }
-        }
-        else 
-        {
-            print_server_options($build_mode, $ARGV[$i]);
-        }
-
-        $i++;
-    }
-
-    # Create socket for incoming connections
-    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
-                              LocalPort => $port,
-                              Listen => 1,
-                              Reuse => 1) or die $!;
-
-    ###########################################################################
-    # This is where the interesting stuff happens. Up until now we've
-    # just been setting up sockets etc. Now we do the SSL handshake.
-    ###########################################################################
-    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
-    die "Error: Server context is invalid" if not defined $ssl_ctx;
-
-    if (defined $private_key_file)
-    {
-        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
-        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
-        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
-        die "Private key '$private_key_file' is undefined." if 
-                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
-                        $private_key_file, $password);
-    }
-
-    foreach (@cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    foreach (@ca_cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    for (;;)
-    {
-        printf("ACCEPT\n") if not $quiet;
-        my $client_sock = $server_sock->accept;
-        my $native_sock = get_native_sock($client_sock->fileno);
-
-        # This doesn't work in Win32 - need to get file descriptor from socket.
-        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
-
-        # do the actual SSL handshake
-        my $res;
-        my $buf;
-
-        while (1)
-        {
-            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
-            last if $res != $axtlsp::SSL_OK;
-
-            # check when the connection has been established
-            last if axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK;
-
-            # could do something else here
-        }
-
-        if ($res == $axtlsp::SSL_OK) # connection established and ok
-        {
-            if (!$quiet)
-            {
-                display_session_id($ssl);
-                display_cipher($ssl);
-            }
-
-            # now read (and display) whatever the client sends us
-            for (;;)
-            {
-                # keep reading until we get something interesting
-                while (1)
-                {
-                    ($res, $buf) = axtlsp::ssl_read($ssl, undef);
-                    last if $res != $axtlsp::SSL_OK;
-
-                    # could do something else here
-                }
-
-                if ($res < $axtlsp::SSL_OK)
-                {
-                    printf("CONNECTION CLOSED\n") if not $quiet;
-                    last;
-                }
-
-                printf($$buf);
-            }
-        }
-        elsif (!$quiet)
-        {
-            axtlsp::ssl_display_error($res);
-        }
-
-        # client was disconnected or the handshake failed.
-        axtlsp::ssl_free($ssl);
-        $client_sock->close;
-    }
-
-    axtlsp::ssl_ctx_free($ssl_ctx);
-}
-
-#
-# Implement the SSL client logic.
-#
-sub do_client
-{
-    my ($build_mode) = @_;
-    my $i = 1;
-    my $port = 4433;
-    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
-    my $private_key_file = undef;
-    my $reconnect = 0;
-    my $quiet = 0;
-    my $password = undef;
-    my @session_id;
-    my $host = "127.0.0.1";
-    my @cert;
-    my @ca_cert;
-    my $cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    while ($i <= $#ARGV)
-    {
-        if ($ARGV[$i] eq "-connect")
-        {
-            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            ($host, $port) = split(':', $ARGV[++$i]);
-        }
-        elsif ($ARGV[$i] eq "-cert")
-        {
-            print_client_options($build_mode, $ARGV[$i]) 
-                if $i >= $#ARGV || $#cert >= $cert_size-1;
-
-            push @cert, $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-key")
-        {
-            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $private_key_file = $ARGV[++$i];
-            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
-        }
-        elsif ($ARGV[$i] eq "-CAfile")
-        {
-            print_client_options($build_mode, $ARGV[$i]) 
-                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-
-            push @ca_cert, $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-verify")
-        {
-            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
-        }
-        elsif ($ARGV[$i] eq "-reconnect")
-        {
-            $reconnect = 4;
-        }
-        elsif ($ARGV[$i] eq "-quiet")
-        {
-            $quiet = 1;
-            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
-        }
-        elsif ($ARGV[$i] eq "-pass")
-        {
-            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $password = $ARGV[++$i];
-        }
-        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-        {
-            if ($ARGV[$i] eq "-debug")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_BYTES;
-            }
-            elsif ($ARGV[$i] eq "-state")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_STATES;
-            }
-            elsif ($ARGV[$i] eq "-show-rsa")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_RSA;
-            }
-            else    # don't know what this is
-            {
-                print_client_options($build_mode, $ARGV[$i]);
-            }
-        }
-        else    # don't know what this is
-        {
-            print_client_options($build_mode, $ARGV[$i]);
-        }
-
-        $i++;
-    }
-
-    my $client_sock = new IO::Socket::INET (
-                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
-                    || die ("no socket: $!");
-    my $ssl;
-    my $res;
-    my $native_sock = get_native_sock($client_sock->fileno);
-
-    printf("CONNECTED\n") if not $quiet;
-
-    ###########################################################################
-    # This is where the interesting stuff happens. Up until now we've
-    # just been setting up sockets etc. Now we do the SSL handshake.
-    ###########################################################################
-    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
-    die "Error: Client context is invalid" if not defined $ssl_ctx;
-
-    if (defined $private_key_file)
-    {
-        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
-        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
-        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
-        die "Private key '$private_key_file' is undefined." if 
-                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
-                        $private_key_file, $password);
-    }
-
-    foreach (@cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    foreach (@ca_cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    # Try session resumption?
-    if ($reconnect)
-    {
-        my $session_id = undef;
-        while ($reconnect--)
-        {
-            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
-
-            $res = axtlsp::ssl_handshake_status($ssl);
-            if ($res != $axtlsp::SSL_OK)
-            {
-                axtlsp::ssl_display_error($res) if !$quiet;
-                axtlsp::ssl_free($ssl);
-                exit 1;
-            }
-
-            display_session_id($ssl);
-            $session_id = axtlsp::ssl_get_session_id($ssl);
-
-            if ($reconnect)
-            {
-                axtlsp::ssl_free($ssl);
-                $client_sock->close;
-                $client_sock = new IO::Socket::INET (
-                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
-                    || die ("no socket: $!");
-
-            }
-        }
-    }
-    else
-    {
-        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
-    }
-
-    # check the return status
-    $res = axtlsp::ssl_handshake_status($ssl);
-    if ($res != $axtlsp::SSL_OK)
-    {
-        axtlsp::ssl_display_error($res) if not $quiet;
-        exit 1;
-    }
-
-    if (!$quiet)
-    {
-        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
-                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
-
-        printf("Common Name:\t\t%s\n", $common_name) if defined $common_name;
-        display_session_id($ssl);
-        display_cipher($ssl);
-    }
-
-    while (<STDIN>)
-    {
-        my $cstring = pack("a*x", $_);   # add null terminator
-        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
-        if ($res < $axtlsp::SSL_OK)
-        {
-            axtlsp::ssl_display_error($res) if not $quiet;
-            last;
-        }
-    }
-
-    axtlsp::ssl_ctx_free($ssl_ctx);
-    $client_sock->close;
-}
-
-#
-# We've had some sort of command-line error. Print out the basic options.
-#
-sub print_options
-{
-    my ($option) = @_;
-    printf("axssl: Error: '%s' is an invalid command.\n", $option);
-    printf("usage: axssl [s_server|s_client] [args ...]\n");
-    exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the server options.
-#
-sub print_server_options
-{
-    my ($build_mode, $option) = @_;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    printf("unknown option %s\n", $option);
-    printf("usage: s_server [args ...]\n");
-    printf(" -accept arg\t- port to accept on (default is 4433)\n");
-    printf(" -quiet\t\t- No server output\n");
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
-    {
-        printf(" -cert arg\t- certificate file to add (in addition to default)".
-                                        " to chain -\n".
-          "\t\t  default DER format. Can repeat up to %d times\n", $cert_size);
-        printf(" -key arg\t- Private key file to use - default DER format\n");
-        printf(" -pass\t\t- private key file pass phrase source\n");
-    }
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
-    {
-        printf(" -verify\t- turn on peer certificate verification\n");
-        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
-    }
-
-    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-    {
-        printf(" -debug\t\t- Print more output\n");
-        printf(" -state\t\t- Show state messages\n");
-        printf(" -show-rsa\t- Show RSA state\n");
-    }
-
-    exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the client options.
-#
-sub print_client_options
-{
-    my ($build_mode, $option) = @_;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    printf("unknown option %s\n", $option);
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
-    {
-        printf("usage: s_client [args ...]\n");
-        printf(" -connect host:port - who to connect to (default ".
-                "is localhost:4433)\n");
-        printf(" -verify\t- turn on peer certificate verification\n");
-        printf(" -cert arg\t- certificate file to use - default DER format\n");
-        printf(" -key arg\t- Private key file to use - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $cert_size);
-        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
-        printf(" -quiet\t\t- No client output\n");
-        printf(" -pass\t\t- private key file pass phrase source\n");
-        printf(" -reconnect\t- Drop and re-make the connection ".
-                "with the same Session-ID\n");
-
-        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-        {
-            printf(" -debug\t\t- Print more output\n");
-            printf(" -state\t\t- Show state messages\n");
-            printf(" -show-rsa\t- Show RSA state\n");
-        }
-    }
-    else
-    {
-        printf("Change configuration to allow this feature\n");
-    }
-
-    exit 1;
-}
-
-#
-# Display what cipher we are using 
-#
-sub display_cipher
-{
-    my ($ssl) = @_;
-    printf("CIPHER is ");
-    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
-
-    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
-    {
-        printf("AES128-SHA");
-    }
-    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
-    {
-        printf("AES256-SHA");
-    }
-    elsif ($axtlsp::SSL_RC4_128_SHA)
-    {
-        printf("RC4-SHA");
-    }
-    elsif ($axtlsp::SSL_RC4_128_MD5)
-    {
-        printf("RC4-MD5");
-    }
-    else 
-    {
-        printf("Unknown - %d", $cipher_id);
-    }
-
-    printf("\n");
-}
-
-#
-# Display what session id we have.
-#
-sub display_session_id
-{    
-    my ($ssl) = @_;
-    my $session_id = axtlsp::ssl_get_session_id($ssl);
-
-    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-    printf(unpack("H*", $$session_id));
-    printf("\n-----END SSL SESSION PARAMETERS-----\n");
-}
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
deleted file mode 100644
index 7349e67cc9..0000000000
--- a/samples/vbnet/Makefile
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.dotnet.conf
-
-# only build on Win32 platforms
-ifdef GO_DOT_NET
-all : sample
-TARGET=../../$(STAGE)/axssl.vbnet.exe
-sample : $(TARGET)
-
-$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
-	vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
-
-endif   # ARCH
-
-clean::
-	-@rm -f $(TARGET)
-
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
deleted file mode 100644
index da6f71984a..0000000000
--- a/samples/vbnet/axssl.vb
+++ /dev/null
@@ -1,687 +0,0 @@
-'
-'  Copyright(C) 2006 Cameron Rich
-'
-'  This program is free software you can redistribute it and/or modify
-'  it under the terms of the GNU General Public License as published by
-'  the Free Software Foundation either version 2.1 of the License, or
-'  (at your option) any later version.
-'
-'  This program is distributed in the hope that it will be useful,
-'  but WITHOUT ANY WARRANTY without even the implied warranty of
-'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-'  GNU Lesser General Public License for more details.
-'
-'  You should have received a copy of the GNU General Public License
-'  along with this program if not, write to the Free Software
-'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-'
-
-'
-' Demonstrate the use of the axTLS library in VB.NET with a set of 
-' command-line parameters similar to openssl. In fact, openssl clients 
-' should be able to communicate with axTLS servers and visa-versa.
-'
-' This code has various bits enabled depending on the configuration. To enable
-' the most interesting version, compile with the 'full mode' enabled.
-'
-' To see what options you have, run the following:
-' > axssl.vbnet.exe s_server -?
-' > axssl.vbnet.exe s_client -?
-'
-' The axtls shared library must be in the same directory or be found 
-' by the OS.
-'
-
-Imports System
-Imports System.Net
-Imports System.Net.Sockets
-Imports Microsoft.VisualBasic
-Imports axTLSvb
-
-Public Class axssl
-    ' 
-    ' do_server()
-    '
-    Public Sub do_server(ByVal build_mode As Integer, _
-                                        ByVal args() As String)
-        Dim i As Integer = 1
-        Dim port As Integer = 4433
-        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
-        Dim quiet As Boolean = False
-        Dim password As String = Nothing
-        Dim private_key_file As String = Nothing
-
-        ' organise the cert/ca_cert lists 
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-        Dim cert(cert_size) As String
-        Dim ca_cert(ca_cert_size) As String
-        Dim cert_index As Integer = 0
-        Dim ca_cert_index As Integer = 0
-
-        While i < args.Length
-            If args(i) = "-accept" Then
-                If i >= args.Length-1
-                    print_server_options(build_mode, args(i))
-                End If
-
-                i += 1
-                port = Int32.Parse(args(i))
-            ElseIf args(i) = "-quiet"
-                quiet = True
-                options = options And Not axtls.SSL_DISPLAY_CERTS
-            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
-                If args(i) = "-cert"
-                    If i >= args.Length-1 Or cert_index >= cert_size
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    cert(cert_index) = args(i)
-                    cert_index += 1
-                ElseIf args(i) = "-key"
-                    If i >= args.Length-1
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    private_key_file = args(i)
-                    options = options Or axtls.SSL_NO_DEFAULT_KEY
-                ElseIf args(i) = "-pass"
-                    If i >= args.Length-1
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    password = args(i)
-                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
-                    If args(i) = "-verify" Then
-                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
-                    ElseIf args(i) = "-CAfile"
-                        If i >= args.Length-1 Or _
-                                    ca_cert_index >= ca_cert_size Then
-                            print_server_options(build_mode, args(i))
-                        End If
-
-                        i += 1
-                        ca_cert(ca_cert_index) = args(i)
-                        ca_cert_index += 1
-                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
-                        If args(i) = "-debug" Then
-                            options = options Or axtls.SSL_DISPLAY_BYTES
-                        ElseIf args(i) = "-state"
-                            options = options Or axtls.SSL_DISPLAY_STATES
-                        ElseIf args(i) = "-show-rsa"
-                            options = options Or axtls.SSL_DISPLAY_RSA
-                        Else
-                            print_server_options(build_mode, args(i))
-                        End If
-                    Else
-                        print_server_options(build_mode, args(i))
-                    End If
-                Else
-                    print_server_options(build_mode, args(i))
-                End If
-            End If
-
-            i += 1
-        End While
-
-        ' Create socket for incoming connections
-        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
-        Dim server_sock As TcpListener = New TcpListener(ep)
-        server_sock.Start()      
-
-        '*********************************************************************
-        ' This is where the interesting stuff happens. Up until now we've
-        ' just been setting up sockets etc. Now we do the SSL handshake.
-        '*********************************************************************/
-        Dim ssl_ctx As SSLServer = New SSLServer(options, _
-                axtls.SSL_DEFAULT_SVR_SESS)
-
-        If ssl_ctx Is Nothing Then
-            Console.Error.WriteLine("Error: Server context is invalid")
-            Environment.Exit(1)
-        End If
-
-        If private_key_file <> Nothing Then
-            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
-            If private_key_file.EndsWith(".p8") Then
-                obj_type = axtls.SSL_OBJ_PKCS8
-            Else If (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12
-            End If
-
-            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
-                                            password) <> axtls.SSL_OK Then
-                Console.Error.WriteLine("Error: Private key '" & _
-                        private_key_file & "' is undefined.")
-                Environment.Exit(1)
-            End If
-        End If
-
-        For i = 0 To cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
-                            cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        For i = 0 To ca_cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
-                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & ca_cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        Dim buf As Byte() = Nothing
-        Dim res As Integer
-        Dim ssl As SSL
-
-        While 1
-            If Not quiet Then
-                Console.WriteLine("ACCEPT")
-            End If
-
-            Dim client_sock As Socket = server_sock.AcceptSocket()
-
-            ssl = ssl_ctx.Connect(client_sock)
-
-            ' do the actual SSL handshake 
-            While 1
-                res = ssl_ctx.Read(ssl, buf)
-                If  res <> axtls.SSL_OK Then
-                    Exit While
-                End If
-
-                ' check when the connection has been established 
-                If ssl.HandshakeStatus() = axtls.SSL_OK
-                    Exit While
-                End If
-
-                ' could do something else here 
-            End While
-
-            If res = axtls.SSL_OK Then  ' connection established and ok
-                If Not quiet
-                    display_session_id(ssl)
-                    display_cipher(ssl)
-                End If
-
-                ' now read (and display) whatever the client sends us
-                While 1
-                    ' keep reading until we get something interesting 
-                    While 1
-                        res = ssl_ctx.Read(ssl, buf)
-                        If res <> axtls.SSL_OK Then
-                            Exit While
-                        End If
-
-                        ' could do something else here
-                    End While
-
-                    If res < axtls.SSL_OK
-                        If Not quiet
-                            Console.WriteLine("CONNECTION CLOSED")
-                        End If
-
-                        Exit While
-                    End If
-
-                    ' convert to String 
-                    Dim str(res) As Char
-                    For i = 0 To res-1
-                        str(i) = Chr(buf(i))
-                    Next
-
-                    Console.Write(str)
-                End While
-            ElseIf Not quiet
-                SSLUtil.DisplayError(res)
-            End If
-
-            ' client was disconnected or the handshake failed. */
-            ssl.Dispose()
-            client_sock.Close()
-        End While
-
-        ssl_ctx.Dispose()
-    End Sub
-
-    ' 
-    ' do_client()
-    '
-    Public Sub do_client(ByVal build_mode As Integer, _
-                                    ByVal args() As String)
-
-        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
-            print_client_options(build_mode, args(1))
-        End If
-
-        Dim i As Integer = 1
-        Dim res As Integer
-        Dim port As Integer = 4433
-        Dim quiet As Boolean = False
-        Dim password As String = Nothing
-        Dim reconnect As Integer = 0
-        Dim private_key_file As String = Nothing
-        Dim hostname As String = "127.0.0.1"
-
-        ' organise the cert/ca_cert lists
-        Dim ssl As SSL = Nothing
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-        Dim cert(cert_size) As String
-        Dim ca_cert(ca_cert_size) As String
-        Dim cert_index As Integer = 0
-        Dim ca_cert_index As Integer = 0
-
-        Dim options As Integer = _
-                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
-        Dim session_id As Byte() = Nothing
-
-        While i < args.Length
-            If args(i) = "-connect" Then
-                Dim host_port As String
-
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                host_port = args(i)
-
-                Dim index_colon As Integer = host_port.IndexOf(":"C)
-                If index_colon < 0 Then 
-                    print_client_options(build_mode, args(i))
-                End If
-
-                hostname = New String(host_port.ToCharArray(), _
-                        0, index_colon)
-                port = Int32.Parse(New String(host_port.ToCharArray(), _
-                            index_colon+1, host_port.Length-index_colon-1))
-            ElseIf args(i) = "-cert"
-                If i >= args.Length-1 Or cert_index >= cert_size Then
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                cert(cert_index) = args(i)
-                cert_index += 1
-            ElseIf args(i) = "-key"
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                private_key_file = args(i)
-                options = options Or axtls.SSL_NO_DEFAULT_KEY
-            ElseIf args(i) = "-CAfile"
-                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                ca_cert(ca_cert_index) = args(i)
-                ca_cert_index += 1
-            ElseIf args(i) = "-verify"
-                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
-            ElseIf args(i) = "-reconnect"
-                reconnect = 4
-            ElseIf args(i) = "-quiet"
-                quiet = True
-                options = options And  Not axtls.SSL_DISPLAY_CERTS
-            ElseIf args(i) = "-pass"
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                password = args(i)
-            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
-                If args(i) = "-debug" Then
-                    options = options Or axtls.SSL_DISPLAY_BYTES
-                ElseIf args(i) = "-state"
-                    options = options Or axtls.SSL_DISPLAY_STATES
-                ElseIf args(i) = "-show-rsa"
-                    options = options Or axtls.SSL_DISPLAY_RSA
-                Else
-                    print_client_options(build_mode, args(i))
-                End If
-            Else    ' don't know what this is 
-                print_client_options(build_mode, args(i))
-            End If
-
-            i += 1
-        End While
-
-        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
-        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
-        Dim  addresses As IPAddress() = hostInfo.AddressList
-        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
-        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
-                SocketType.Stream, ProtocolType.Tcp)
-        client_sock.Connect(ep)
-
-        If Not client_sock.Connected Then
-            Console.WriteLine("could not connect")
-            Environment.Exit(1)
-        End If
-
-        If Not quiet Then
-            Console.WriteLine("CONNECTED")
-        End If
-
-        '*********************************************************************
-        ' This is where the interesting stuff happens. Up until now we've
-        ' just been setting up sockets etc. Now we do the SSL handshake.
-        '*********************************************************************/
-        Dim ssl_ctx As SSLClient = New SSLClient(options, _
-                axtls.SSL_DEFAULT_CLNT_SESS)
-
-        If ssl_ctx Is Nothing Then
-            Console.Error.WriteLine("Error: Client context is invalid")
-            Environment.Exit(1)
-        End If
-
-        If private_key_file <> Nothing Then
-            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
-            If private_key_file.EndsWith(".p8") Then
-                obj_type = axtls.SSL_OBJ_PKCS8
-            Else If (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12
-            End If
-
-            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
-                                            password) <> axtls.SSL_OK Then
-                Console.Error.WriteLine("Error: Private key '" & _
-                        private_key_file & "' is undefined.")
-                Environment.Exit(1)
-            End If
-        End If
-
-        For i = 0 To cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
-                            cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        For i = 0 To ca_cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
-                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & ca_cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        ' Try session resumption?
-        If reconnect > 0 Then
-            While reconnect > 0
-                reconnect -= 1
-                ssl = ssl_ctx.Connect(client_sock, session_id)
-
-                res = ssl.HandshakeStatus()
-                If res <> axtls.SSL_OK Then
-                    If Not quiet Then
-                        SSLUtil.DisplayError(res)
-                    End If
-
-                    ssl.Dispose()
-                    Environment.Exit(1)
-                End If
-
-                display_session_id(ssl)
-                session_id = ssl.GetSessionId()
-
-                If reconnect > 0 Then
-                    ssl.Dispose()
-                    client_sock.Close()
-                    
-                    ' and reconnect
-                    client_sock = New Socket(AddressFamily.InterNetwork, _
-                        SocketType.Stream, ProtocolType.Tcp)
-                    client_sock.Connect(ep)
-                End If
-            End While
-        Else
-            ssl = ssl_ctx.Connect(client_sock, Nothing)
-        End If
-
-        ' check the return status 
-        res = ssl.HandshakeStatus()
-        If res <> axtls.SSL_OK Then
-            If Not quiet Then
-                SSLUtil.DisplayError(res)
-            End If
-
-            Environment.Exit(1)
-        End If
-
-        If Not quiet Then
-            Dim common_name As String = _
-                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
-
-            If common_name <> Nothing
-                Console.WriteLine("Common Name:" & _
-                        ControlChars.Tab & ControlChars.Tab & common_name)
-            End If
-
-            display_session_id(ssl)
-            display_cipher(ssl)
-        End If
-
-        While (1)
-            Dim user_input As String = Console.ReadLine()
-
-            If user_input = Nothing Then
-                Exit While
-            End If
-
-            Dim buf(user_input.Length+1) As Byte
-            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
-            buf(buf.Length-1) = 0                    ' null terminate 
-
-            For i = 0 To user_input.Length-1
-                buf(i) = Asc(user_input.Chars(i))
-            Next
-
-            res = ssl_ctx.Write(ssl, buf, buf.Length)
-            If res < axtls.SSL_OK Then
-                If Not quiet Then
-                    SSLUtil.DisplayError(res)
-                End If
-
-                Exit While
-            End If
-        End While
-
-        ssl_ctx.Dispose()
-    End Sub
-
-    '
-    ' Display what cipher we are using
-    '
-    Private Sub display_cipher(ByVal ssl As SSL)
-        Console.Write("CIPHER is ")
-
-        Select ssl.GetCipherId()
-            Case axtls.SSL_AES128_SHA
-                Console.WriteLine("AES128-SHA")
-
-            Case axtls.SSL_AES256_SHA
-                Console.WriteLine("AES256-SHA")
-
-            Case axtls.SSL_RC4_128_SHA
-                Console.WriteLine("RC4-SHA")
-
-            Case axtls.SSL_RC4_128_MD5
-                Console.WriteLine("RC4-MD5")
-
-            Case Else
-                Console.WriteLine("Unknown - " & ssl.GetCipherId())
-        End Select
-    End Sub
-
-    '
-    ' Display what session id we have.
-    '
-    Private Sub display_session_id(ByVal ssl As SSL)
-        Dim session_id As Byte() = ssl.GetSessionId()
-
-        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
-        Dim b As Byte
-        For Each b In session_id
-            Console.Write("{0:x02}", b)
-        Next
-
-        Console.WriteLine()
-        Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
-    End Sub
-
-    ' 
-    ' We've had some sort of command-line error. Print out the basic options.
-    '
-    Public Sub print_options(ByVal options As String)
-        Console.WriteLine("axssl: Error: '" & options & _
-                "' is an invalid command.")
-        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
-                "version] [args ...]")
-        Environment.Exit(1)
-    End Sub
-
-    ' 
-    ' We've had some sort of command-line error. Print out the server options.
-    '
-    Private Sub print_server_options(ByVal build_mode As Integer, _
-                                    ByVal options As String)
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
-        Console.WriteLine("unknown option " & options)
-        Console.WriteLine("usage: s_server [args ...]")
-        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
-                "- port to accept on (default is 4433)")
-        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
-                "- No server output")
-        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
-            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
-               "- certificate file to add (in addition to default) to chain -")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & cert_size & " times")
-            Console.WriteLine(" -key arg" & ControlChars.Tab & _
-                        "- Private key file to use")
-            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
-                    "- private key file pass phrase source")
-        End If
-
-        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
-            Console.WriteLine(" -verify" & ControlChars.Tab & _
-                    "- turn on peer certificate verification")
-            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
-                    "- Certificate authority")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & ca_cert_size & " times")
-        End If
-
-        If build_mode = axtls.SSL_BUILD_FULL_MODE
-            Console.WriteLine(" -debug" & _
-                    ControlChars.Tab & ControlChars.Tab & _
-                    "- Print more output")
-            Console.WriteLine(" -state" & _
-                    ControlChars.Tab & ControlChars.Tab & _
-                    "- Show state messages")
-            Console.WriteLine(" -show-rsa" & _
-                    ControlChars.Tab & "- Show RSA state")
-        End If
-
-        Environment.Exit(1)
-    End Sub
-
-    '
-    ' We've had some sort of command-line error. Print out the client options.
-    '
-    Private Sub print_client_options(ByVal build_mode As Integer, _
-                                                ByVal options As String)
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
-        Console.WriteLine("unknown option " & options)
-
-        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
-            Console.WriteLine("usage: s_client [args ...]")
-            Console.WriteLine(" -connect host:port - who to connect to " & _
-                    "(default is localhost:4433)")
-            Console.WriteLine(" -verify" & ControlChars.Tab & _
-                    "- turn on peer certificate verification")
-            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
-                    "- certificate file to use")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & cert_size & " times")
-            Console.WriteLine(" -key arg" & ControlChars.Tab & _
-                    "- Private key file to use")
-            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
-                    "- Certificate authority")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & ca_cert_size & " times")
-            Console.WriteLine(" -quiet" & _
-                    ControlChars.Tab & ControlChars.Tab & "- No client output")
-            Console.WriteLine(" -pass" & ControlChars.Tab & _
-                    ControlChars.Tab & _
-                    "- private key file pass phrase source")
-            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
-                    "- Drop and re-make the " & _
-                    "connection with the same Session-ID")
-
-            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
-                Console.WriteLine(" -debug" & _
-                        ControlChars.Tab & ControlChars.Tab & _
-                        "- Print more output")
-                Console.WriteLine(" -state" & _
-                        ControlChars.Tab & ControlChars.Tab & _
-                        "- Show state messages")
-                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
-                        "- Show RSA state")
-            End If
-        Else 
-            Console.WriteLine("Change configuration to allow this feature")
-        End If
-
-        Environment.Exit(1)
-    End Sub
-
-End Class
-
-Public Module MyMain
-    Function Main(ByVal args() As String) As Integer
-        Dim runner As axssl = New axssl()
-
-        If args.Length = 1 And args(0) = "version" Then
-           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
-            Environment.Exit(0)
-        End If
-
-        If args.Length < 1 
-            runner.print_options("")
-        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
-            runner.print_options(args(0))
-        End If
-
-        Dim build_mode As Integer = SSLUtil.BuildMode()
-
-        If args(0) = "s_server" Then
-            runner.do_server(build_mode, args)
-        Else
-            runner.do_client(build_mode, args)
-        End If
-    End Function
-End Module
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
deleted file mode 100644
index 04c7438c07..0000000000
--- a/ssl/BigIntConfig.in
+++ /dev/null
@@ -1,132 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-
-menu "BigInt Options"
-    depends on !CONFIG_SSL_SKELETON_MODE
-
-choice
-    prompt "Reduction Algorithm"
-    default CONFIG_BIGINT_BARRETT 
-
-config CONFIG_BIGINT_CLASSICAL
-    bool "Classical"
-    help
-        Classical uses standard division. It has no limitations and is
-        theoretically the slowest due to the divisions used. For this particular
-        implementation it is surprisingly quite fast.
-
-config CONFIG_BIGINT_MONTGOMERY
-    bool "Montgomery"
-    help
-        Montgomery uses simple addition and multiplication to achieve its
-        performance. In this implementation it is slower than classical, 
-        and it has the limitation that 0 <= x, y < m, and so is not used 
-        when CRT is active.
-
-        This option will not be normally selected.
-
-config CONFIG_BIGINT_BARRETT
-    bool "Barrett"
-    help
-        Barrett performs expensive precomputation before reduction and partial
-        multiplies for computational speed. It can't be used with some of the
-        calculations when CRT is used, and so defaults to classical when this
-        occurs.
-
-        It is about 40% faster than Classical/Montgomery with the expense of
-        about 2kB, and so this option is normally selected.
-
-endchoice
-
-config CONFIG_BIGINT_CRT
-    bool "Chinese Remainder Theorem (CRT)"
-    default y
-    help 
-        Allow the Chinese Remainder Theorem (CRT) to be used.
-
-        Uses a number of extra coefficients from the private key to improve the
-        performance of a decryption. This feature is one of the most 
-        significant performance improvements (it reduces a decryption time by 
-        over 3 times).
-
-        This option should be selected.
-
-config CONFIG_BIGINT_KARATSUBA
-    bool "Karatsuba Multiplication"
-    default n
-    help
-        Allow Karasuba multiplication to be used.
- 
-        Uses 3 multiplications (plus a number of additions/subtractions) 
-        instead of 4. Multiplications are O(N^2) but addition/subtraction 
-        is O(N) hence for large numbers is beneficial. For this project, the 
-        effect was only useful for 4096 bit keys. As these aren't likely to 
-        be used, the feature is disabled by default. 
-        
-        It costs about 2kB to enable it.
-
-config MUL_KARATSUBA_THRESH
-    int "Karatsuba Multiplication Theshold"
-    default 20
-    depends on CONFIG_BIGINT_KARATSUBA
-    help
-        The minimum number of components needed before Karasuba muliplication
-        is used.
- 
-        This is very dependent on the speed/implementation of bi_add()/
-        bi_subtract(). There is a bit of trial and error here and will be
-        at a different point for different architectures.
-
-config SQU_KARATSUBA_THRESH
-    int "Karatsuba Square Threshold"
-    default 40
-    depends on CONFIG_BIGINT_KARATSUBA && CONFIG_BIGINT_SQUARE
-    help    
-        The minimum number of components needed before Karatsuba squaring
-        is used.
- 
-        This is very dependent on the speed/implementation of bi_add()/
-        bi_subtract(). There is a bit of trial and error here and will be
-        at a different point for different architectures.
-
-config CONFIG_BIGINT_SLIDING_WINDOW
-    bool "Sliding Window Exponentiation"
-    default y
-    help
-        Allow Sliding-Window Exponentiation to be used.
- 
-        Potentially processes more than 1 bit at a time when doing 
-        exponentiation. The sliding-window technique reduces the number of 
-        precomputations compared to other precomputed techniques.
-
-        It results in a considerable performance improvement with it enabled
-        (it halves the decryption time) and so should be selected.
-
-config CONFIG_BIGINT_SQUARE
-    bool "Square Algorithm"
-    default y
-    help
-        Allow squaring to be used instead of a multiplication.
- 
-        Squaring is theoretically 50% faster than a standard multiply 
-        (but is actually about 25% faster). 
-
-        It gives a 20% speed improvement and so should be selected.
-
-config CONFIG_BIGINT_CHECK_ON
-    bool "BigInt Integrity Checking"
-    default n if !CONFIG_DEBUG
-    default y if CONFIG_DEBUG
-    help
-        This is used when developing bigint algorithms. It performs a sanity
-        check on all operations at the expense of speed.
-        
-        This option is only selected when developing and should normally be
-        turned off.
-
-endmenu
-
-
-
diff --git a/ssl/Config.in b/ssl/Config.in
deleted file mode 100644
index 189aa0a11a..0000000000
--- a/ssl/Config.in
+++ /dev/null
@@ -1,274 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-
-menu "SSL Library"
-
-choice
-    prompt "Mode"
-    default CONFIG_SSL_FULL_MODE
-
-config CONFIG_SSL_SERVER_ONLY
-    bool "Server only - no verification"
-    help
-        Enable server functionality (no client functionality). 
-        This mode still supports sessions and chaining (which can be turned
-        off in configuration).
-
-        The axssl sample runs with the minimum of features.
-                
-        This is the most space efficient of the modes with the library 
-        about 45kB in size. Use this mode if you are doing standard SSL server
-        work.
-
-config CONFIG_SSL_CERT_VERIFICATION
-    bool "Server only - with verification"
-    help
-        Enable server functionality with client authentication (no client
-        functionality). 
-
-        The axssl sample runs with the "-verify" and "-CAfile" options.
-
-        This mode produces a library about 49kB in size. Use this mode if you
-        have an SSL server which requires client authentication (which is 
-        uncommon in browser applications).
-
-config CONFIG_SSL_ENABLE_CLIENT
-    bool "Client/Server enabled"
-    help
-        Enable client/server functionality (including peer authentication).
-
-        The axssl sample runs with the "s_client" option enabled.
-
-        This mode produces a library about 51kB in size. Use this mode if you
-        require axTLS to use SSL client functionality (the SSL server code
-        is always enabled).
-
-config CONFIG_SSL_FULL_MODE
-    bool "Client/Server enabled with diagnostics"
-    help
-        Enable client/server functionality including diagnostics. Most of the
-        extra size in this mode is due to the storage of various strings that
-        are used.
-
-        The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
-
-        This mode produces a library about 58kB in size. It is suggested that 
-        this mode is used only during development, or systems that have more
-        generous memory limits.
-
-        It is the default to demonstrate the features of axTLS.
-
-config CONFIG_SSL_SKELETON_MODE
-    bool "Skeleton mode - the smallest server mode"
-    help
-        This is an experiment to build the smallest library at the expense of
-        features and speed.
-
-        * Server mode only.
-        * The AES cipher is disabled.
-        * No session resumption.
-        * No external keys/certificates are supported.
-        * The bigint library has most of the performance features disabled.
-        * Some other features/API calls may not work.
-
-        This mode produces a library about 37kB in size. The main
-        disadvantage of this mode is speed - it will be much slower than the 
-        other build modes.
-
-endchoice
-
-choice
-    prompt "Protocol Preference"
-    depends on !CONFIG_SSL_SKELETON_MODE
-    default CONFIG_SSL_PROT_MEDIUM
-
-config CONFIG_SSL_PROT_LOW
-    bool "Low"
-    help
-        Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
-      
-        This will use the fastest cipher(s) but at the expense of security.
-
-config CONFIG_SSL_PROT_MEDIUM
-    bool "Medium"
-    help
-        Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
-       
-        This mode is a balance between speed and security and is the default.
-
-config CONFIG_SSL_PROT_HIGH
-    bool "High"
-    help
-        Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
-        
-        This will use the strongest cipher(s) at the cost of speed.
-
-endchoice
-
-config CONFIG_SSL_USE_DEFAULT_KEY
-    bool "Enable default key"
-    depends on !CONFIG_SSL_SKELETON_MODE
-    default y 
-    help
-        Some applications will not require the default private key/certificate
-        that is built in. This is one way to save on a couple of kB's if an
-        external private key/certificate is used.
-
-        The advantage of a built-in private key/certificate is that no file
-        system is required for access. 
-        
-        However this private key/certificate can never be changed (without a
-        code update).
-
-        This mode is enabled by default. Disable this mode if the 
-        built-in key/certificate is not used.
-
-config CONFIG_SSL_ENABLE_V23_HANDSHAKE
-    bool "Enable v23 Handshake"
-    default y
-    help
-        Some browsers use the v23 handshake client hello message 
-        (an SSL2 format message which all SSL servers can understand). 
-        It may be used if SSL2 is enabled in the browser.
-
-        Since this feature takes a kB or so, this feature may be disabled - at
-        the risk of making it incompatible with some browsers (IE6 is ok,
-        Firefox/Opera may be a problem - see Mozilla bug report 148876).
-
-        Disable if backwards compatibility is not an issue (i.e. the client is
-        always using TLS1.0)
-
-config CONFIG_SSL_HAS_PEM
-    bool "Enable PEM"
-    default n if !CONFIG_SSL_FULL_MODE
-    default y if CONFIG_SSL_FULL_MODE
-    depends on !CONFIG_SSL_SKELETON_MODE
-    help
-        Enable the use of PEM format for certificates and private keys.
-
-        PEM is not normally needed - PEM files can be converted into DER files
-        quite easily. However they have the convenience of allowing multiple
-        certificates/keys in the same file.
-        
-        This feature will add a couple of kB to the library. 
-
-        Disable if PEM is not used (which will be in most cases).
-
-config CONFIG_SSL_USE_PKCS12
-    bool "Use PKCS8/PKCS12"
-    default n if !CONFIG_SSL_FULL_MODE
-    default y if CONFIG_SSL_FULL_MODE
-    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
-    help
-        PKCS#12 certificates combine private keys and certificates together in
-        one file.
-
-        PKCS#8 private keys are also suppported (as it is a subset of PKCS#12).
-
-        The decryption of these certificates uses RC4-128 (and these
-        certificates must be encrypted using this cipher). The actual
-        algorithm is "PBE-SHA1-RC4-128".
-
-        Disable if PKCS#12 is not used (which will be in most cases).
-
-config CONFIG_SSL_EXPIRY_TIME
-    int "Session expiry time (in hours)"
-    depends on !CONFIG_SSL_SKELETON_MODE
-    default 24 
-    help
-        The time (in hours) before a session expires. 
-        
-        A longer time means that the expensive parts of a handshake don't 
-        need to be run when a client reconnects later.
-
-        The default is 1 day.
-
-config CONFIG_X509_MAX_CA_CERTS
-    int "Maximum number of certificate authorites"
-    default 4
-    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
-    help
-        Determines the number of CA's allowed. 
-
-        Increase this figure if more trusted sites are allowed. Each
-        certificate adds about 300 bytes (when added).
-
-        The default is to allow four certification authorities.
-
-config CONFIG_SSL_MAX_CERTS
-    int "Maximum number of chained certificates"
-    default 2
-    help
-        Determines the number of certificates used in a certificate
-        chain. The chain length must be at least 1.
-
-        Increase this figure if more certificates are to be added to the 
-        chain. Each certificate adds about 300 bytes (when added).
-
-        The default is to allow one certificate + 1 certificate in the chain
-        (which may be the certificate authority certificate).
-
-config CONFIG_SSL_CTX_MUTEXING
-    bool "Enable SSL_CTX mutexing"
-    default n
-    help
-        Normally mutexing is not required - each SSL_CTX object can deal with
-        many SSL objects (as long as each SSL_CTX object is using a single
-        thread).
-
-        If the SSL_CTX object is not thread safe e.g. the case where a 
-        new thread is created for each SSL object, then mutexing is required. 
-
-        Select y when a mutex on the SSL_CTX object is required.
-
-config CONFIG_USE_DEV_URANDOM
-    bool "Use /dev/urandom"
-    default y
-    depends on !CONFIG_PLATFORM_WIN32
-    help 
-        Use /dev/urandom. Otherwise a custom RNG is used.
-
-        This will be the default on most Linux systems.
-
-config CONFIG_WIN32_USE_CRYPTO_LIB
-    bool "Use Win32 Crypto Library"
-    default y if !CONFIG_VISUAL_STUDIO_6_0
-    default n if CONFIG_VISUAL_STUDIO_6_0
-    depends on CONFIG_PLATFORM_WIN32
-    help 
-        Microsoft produce a Crypto API which requires the Platform SDK to be
-        installed. It's used for the RNG.
-
-        This will be the default on most Win32 systems. If using Visual Studio
-        6.0, then the SDK containing the crypto libraries must be used.
-
-config CONFIG_OPENSSL_COMPATIBLE
-    bool "Enable openssl API compatibility"
-    default n
-    help 
-        To ease the porting of openssl applications, a subset of the openssl
-        API is wrapped around the axTLS API.
-
-        Note: not all the API is implemented, so parts may still break. And
-        it's definitely not 100% compatible.
-
-config CONFIG_PERFORMANCE_TESTING
-    bool "Build the bigint performance test tool"
-    default n
-    help
-        Used for performance testing of bigint.
-
-        This is a testing tool and is normally disabled.
-
-config CONFIG_SSL_TEST
-    bool "Build the SSL testing tool"
-    default n
-    depends on CONFIG_SSL_FULL_MODE
-    help
-        Used for sanity checking the SSL handshaking.
-
-        This is a testing tool and is normally disabled.
-
-endmenu
diff --git a/ssl/Makefile b/ssl/Makefile
deleted file mode 100644
index 139011d3d1..0000000000
--- a/ssl/Makefile
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-#  Copyright(C) 2007 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-include ../config/.config
-include ../config/makefile.conf
-
-all: libs
-ifdef CONFIG_PERFORMANCE_TESTING
-	$(MAKE) -C test
-else
-ifdef CONFIG_SSL_TEST
-	$(MAKE) -C test
-endif
-endif
-
-ifndef CONFIG_PLATFORM_WIN32
-TARGET1=../$(STAGE)/libaxtls.a
-BASETARGET=libaxtls.so
-ifdef CONFIG_PLATFORM_CYGWIN
-TARGET2=../$(STAGE)/libaxtls.dll.a
-else
-TARGET2=../$(STAGE)/$(LIBMINOR)
-endif
-
-# shared library major/minor numbers
-LIBMAJOR=$(BASETARGET).1
-LIBMINOR=$(BASETARGET).1.1
-else
-TARGET1=axtls.lib
-TARGET2=../$(STAGE)/axtls.dll
-STATIC_LIB=../$(STAGE)/axtls.static.lib
-endif
-
-libs: $(TARGET1) $(TARGET2)
-
-OBJ=\
-	aes.o \
-	asn1.o \
-	bigint.o \
-	crypto_misc.o \
-	hmac.o \
-	os_port.o \
-	loader.o \
-	md5.o \
-	openssl.o \
-	p12.o \
-	rsa.o \
-	rc4.o \
-	sha1.o \
-	tls1.o \
-	tls1_svr.o \
-	tls1_clnt.o
-
-include ../config/makefile.post
-
-ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
-
-$(TARGET1) : $(OBJ)
-	$(AR) -r $@ $(OBJ)
-
-$(TARGET2) : $(OBJ)
-ifndef CONFIG_PLATFORM_CYGWIN
-	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
-	cd ../$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
-else
-	$(LD) $(LDFLAGS) $(LDSHARED) -o ../$(STAGE)/cygaxtls.dll \
-    -Wl,--out-implib=../$(STAGE)/libaxtls.dll.a \
-    -Wl,--export-all-symbols \
-    -Wl,--enable-auto-import $(OBJ)
-endif
-
-else  # Win32
-
-$(TARGET1) : $(OBJ)
-	$(AR) /out:$@ $(OBJ)
-
-$(TARGET2) : $(OBJ)
-	cp $(TARGET1) $(STATIC_LIB)
-	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
-
-endif    
-
-clean::
-	$(MAKE) -C test clean
-	-@rm -f ../$(STAGE)/* *.a *.lib
-
diff --git a/ssl/aes.c b/ssl/aes.c
deleted file mode 100644
index 520bd01a92..0000000000
--- a/ssl/aes.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * AES implementation - this is a small code version. There are much faster
- * versions around but they are much larger in size (i.e. they use large 
- * submix tables).
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/* all commented out in skeleton mode */
-#ifndef CONFIG_SSL_SKELETON_MODE
-
-#define rot1(x) (((x) << 24) | ((x) >> 8))
-#define rot2(x) (((x) << 16) | ((x) >> 16))
-#define rot3(x) (((x) <<  8) | ((x) >> 24))
-
-/* 
- * This cute trick does 4 'mul by two' at once.  Stolen from
- * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
- * a standard graphics trick
- * The key to this is that we need to xor with 0x1b if the top bit is set.
- * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
- * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
- * c 0000 0001   0000 0000 we then subtract (c) from (b)
- * d 0111 1111   0000 0000 and now we and with our mask
- * e 0001 1011   0000 0000
- */
-#define mt  0x80808080
-#define ml  0x7f7f7f7f
-#define mh  0xfefefefe
-#define mm  0x1b1b1b1b
-#define mul2(x,t)	((t)=((x)&mt), \
-			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
-
-#define inv_mix_col(x,f2,f4,f8,f9) (\
-			(f2)=mul2(x,f2), \
-			(f4)=mul2(f2,f4), \
-			(f8)=mul2(f4,f8), \
-			(f9)=(x)^(f8), \
-			(f8)=((f2)^(f4)^(f8)), \
-			(f2)^=(f9), \
-			(f4)^=(f9), \
-			(f8)^=rot3(f2), \
-			(f8)^=rot2(f4), \
-			(f8)^rot1(f9))
-
-/*
- * AES S-box
- */
-static const uint8_t aes_sbox[256] =
-{
-	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
-	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
-	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
-	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
-	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
-	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
-	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
-	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
-	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
-	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
-	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
-	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
-	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
-	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
-	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
-	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
-	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
-	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
-	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
-	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
-	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
-	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
-	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
-	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
-	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
-	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
-	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
-	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
-	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
-	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
-	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
-	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
-};
-
-/*
- * AES is-box
- */
-static const uint8_t aes_isbox[256] = 
-{
-    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
-    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
-    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
-    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
-    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
-    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
-    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
-    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
-    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
-    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
-    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
-    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
-    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
-    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
-    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
-    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
-    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
-    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
-    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
-    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
-    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
-    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
-    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
-    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
-    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
-    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
-    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
-    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
-    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
-    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
-    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
-    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-};
-
-static const unsigned char Rcon[30]=
-{
-	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
-	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
-	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
-	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
-};
-
-/* ----- static functions ----- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
-
-/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
-   x^8+x^4+x^3+x+1 */
-static unsigned char AES_xtime(uint32_t x)
-{
-	return x = (x&0x80) ? (x<<1)^0x1b : x<<1;
-}
-
-/**
- * Set up AES with the key/iv and cipher size.
- */
-void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
-        const uint8_t *iv, AES_MODE mode)
-{
-    int i, ii;
-    uint32_t *W, tmp, tmp2;
-    const unsigned char *ip;
-    int words;
-
-    switch (mode)
-    {
-        case AES_MODE_128:
-            i = 10;
-            words = 4;
-            break;
-
-        case AES_MODE_256:
-            i = 14;
-            words = 8;
-            break;
-
-        default:        /* fail silently */
-            return;
-    }
-
-    ctx->rounds = i;
-    ctx->key_size = words;
-    W = ctx->ks;
-    for (i = 0; i < words; i+=2)
-    {
-        W[i+0]=	((uint32_t)key[ 0]<<24)|
-            ((uint32_t)key[ 1]<<16)|
-            ((uint32_t)key[ 2]<< 8)|
-            ((uint32_t)key[ 3]    );
-        W[i+1]=	((uint32_t)key[ 4]<<24)|
-            ((uint32_t)key[ 5]<<16)|
-            ((uint32_t)key[ 6]<< 8)|
-            ((uint32_t)key[ 7]    );
-        key += 8;
-    }
-
-    ip = Rcon;
-    ii = 4 * (ctx->rounds+1);
-    for (i = words; i<ii; i++)
-    {
-        tmp = W[i-1];
-
-        if ((i % words) == 0)
-        {
-            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
-            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
-            tmp=tmp2^(((unsigned int)*ip)<<24);
-            ip++;
-        }
-
-        if ((words == 8) && ((i % words) == 4))
-        {
-            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
-            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
-            tmp=tmp2;
-        }
-
-        W[i]=W[i-words]^tmp;
-    }
-
-    /* copy the iv across */
-    memcpy(ctx->iv, iv, 16);
-}
-
-/**
- * Change a key for decryption.
- */
-void AES_convert_key(AES_CTX *ctx)
-{
-    int i;
-    uint32_t *k,w,t1,t2,t3,t4;
-
-    k = ctx->ks;
-    k += 4;
-
-    for (i= ctx->rounds*4; i > 4; i--)
-    {
-        w= *k;
-        w = inv_mix_col(w,t1,t2,t3,t4);
-        *k++ =w;
-    }
-}
-
-/**
- * Encrypt a byte sequence (with a block size 16) using the AES cipher.
- */
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{
-    int i;
-    uint32_t tin[4], tout[4], iv[4];
-
-    memcpy(iv, ctx->iv, AES_IV_SIZE);
-    for (i = 0; i < 4; i++)
-        tout[i] = ntohl(iv[i]);
-
-    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
-    {
-        uint32_t msg_32[4];
-        uint32_t out_32[4];
-        memcpy(msg_32, msg, AES_BLOCKSIZE);
-        msg += AES_BLOCKSIZE;
-
-        for (i = 0; i < 4; i++)
-            tin[i] = ntohl(msg_32[i])^tout[i];
-
-        AES_encrypt(ctx, tin);
-
-        for (i = 0; i < 4; i++)
-        {
-            tout[i] = tin[i]; 
-            out_32[i] = htonl(tout[i]);
-        }
-
-        memcpy(out, out_32, AES_BLOCKSIZE);
-        out += AES_BLOCKSIZE;
-    }
-
-    for (i = 0; i < 4; i++)
-        iv[i] = htonl(tout[i]);
-    memcpy(ctx->iv, iv, AES_IV_SIZE);
-}
-
-/**
- * Decrypt a byte sequence (with a block size 16) using the AES cipher.
- */
-void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{
-    int i;
-    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
-
-    memcpy(iv, ctx->iv, AES_IV_SIZE);
-    for (i = 0; i < 4; i++)
-        xor[i] = ntohl(iv[i]);
-
-    for (length -= 16; length >= 0; length -= 16)
-    {
-        uint32_t msg_32[4];
-        uint32_t out_32[4];
-        memcpy(msg_32, msg, AES_BLOCKSIZE);
-        msg += AES_BLOCKSIZE;
-
-        for (i = 0; i < 4; i++)
-        {
-            tin[i] = ntohl(msg_32[i]);
-            data[i] = tin[i];
-        }
-
-        AES_decrypt(ctx, data);
-
-        for (i = 0; i < 4; i++)
-        {
-            tout[i] = data[i]^xor[i];
-            xor[i] = tin[i];
-            out_32[i] = htonl(tout[i]);
-        }
-
-        memcpy(out, out_32, AES_BLOCKSIZE);
-        out += AES_BLOCKSIZE;
-    }
-
-    for (i = 0; i < 4; i++)
-        iv[i] = htonl(xor[i]);
-    memcpy(ctx->iv, iv, AES_IV_SIZE);
-}
-
-/**
- * Encrypt a single block (16 bytes) of data
- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
-{
-    /* To make this code smaller, generate the sbox entries on the fly.
-     * This will have a really heavy effect upon performance.
-     */
-    uint32_t tmp[4];
-    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
-    int curr_rnd;
-    int rounds = ctx->rounds; 
-    const uint32_t *k = ctx->ks;
-
-    /* Pre-round key addition */
-    for (row = 0; row < 4; row++)
-        data[row] ^= *(k++);
-
-    /* Encrypt one block. */
-    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
-    {
-        /* Perform ByteSub and ShiftRow operations together */
-        for (row = 0; row < 4; row++)
-        {
-            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
-            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
-            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
-            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];
-
-            /* Perform MixColumn iff not last round */
-            if (curr_rnd < (rounds - 1))
-            {
-                tmp1 = a0 ^ a1 ^ a2 ^ a3;
-                old_a0 = a0;
-                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
-                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
-                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
-                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
-            }
-
-            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
-        }
-
-        /* KeyAddition - note that it is vital that this loop is separate from
-           the MixColumn operation, which must be atomic...*/ 
-        for (row = 0; row < 4; row++)
-            data[row] = tmp[row] ^ *(k++);
-    }
-}
-
-/**
- * Decrypt a single block (16 bytes) of data
- */
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
-{ 
-    uint32_t tmp[4];
-    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
-    uint32_t a0, a1, a2, a3, row;
-    int curr_rnd;
-    int rounds = ctx->rounds;
-    const uint32_t *k = ctx->ks + ((rounds+1)*4);
-
-    /* pre-round key addition */
-    for (row=4; row > 0;row--)
-        data[row-1] ^= *(--k);
-
-    /* Decrypt one block */
-    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
-    {
-        /* Perform ByteSub and ShiftRow operations together */
-        for (row = 4; row > 0; row--)
-        {
-            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
-            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
-            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
-            a3 = aes_isbox[(data[row%4])&0xFF];
-
-            /* Perform MixColumn iff not last round */
-            if (curr_rnd<(rounds-1))
-            {
-                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
-                   are quite large compared to encryption; this 
-                   operation slows decryption down noticeably. */
-                xt0 = AES_xtime(a0^a1);
-                xt1 = AES_xtime(a1^a2);
-                xt2 = AES_xtime(a2^a3);
-                xt3 = AES_xtime(a3^a0);
-                xt4 = AES_xtime(xt0^xt1);
-                xt5 = AES_xtime(xt1^xt2);
-                xt6 = AES_xtime(xt4^xt5);
-
-                xt0 ^= a1^a2^a3^xt4^xt6;
-                xt1 ^= a0^a2^a3^xt5^xt6;
-                xt2 ^= a0^a1^a3^xt4^xt6;
-                xt3 ^= a0^a1^a2^xt5^xt6;
-                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
-            }
-            else
-                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
-        }
-
-        for (row = 4; row > 0; row--)
-            data[row-1] = tmp[row-1] ^ *(--k);
-    }
-}
-
-#endif
diff --git a/ssl/asn1.c b/ssl/asn1.c
deleted file mode 100644
index 45b910b9a5..0000000000
--- a/ssl/asn1.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file asn1.c
- * 
- * Some primitive asn methods for extraction rsa modulus information. It also
- * is used for retrieving information from X.509 certificates.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "crypto.h"
-
-#define SIG_OID_PREFIX_SIZE     8
-
-#define SIG_TYPE_MD2            0x02
-#define SIG_TYPE_MD5            0x04
-#define SIG_TYPE_SHA1           0x05
-
-/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
-static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
-{
-    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
-};
-
-/* CN, O, OU */
-static const uint8_t g_dn_types[] = { 3, 10, 11 };
-
-static int get_asn1_length(const uint8_t *buf, int *offset)
-{
-    int len, i;
-
-    if (!(buf[*offset] & 0x80)) /* short form */
-    {
-        len = buf[(*offset)++];
-    }
-    else    /* long form */
-    {
-        int length_bytes = buf[(*offset)++]&0x7f;
-        len = 0;
-        for (i = 0; i < length_bytes; i++)
-        {
-            len <<= 8;
-            len += buf[(*offset)++];
-        }
-    }
-
-    return len;
-}
-
-/**
- * Skip the ASN1.1 object type and its length. Get ready to read the object's
- * data.
- */
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
-{
-    if (buf[*offset] != obj_type)
-        return X509_NOT_OK;
-    (*offset)++;
-    return get_asn1_length(buf, offset);
-}
-
-/**
- * Skip over an ASN.1 object type completely. Get ready to read the next
- * object.
- */
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
-{
-    int len;
-
-    if (buf[*offset] != obj_type)
-        return X509_NOT_OK;
-    (*offset)++;
-    len = get_asn1_length(buf, offset);
-    *offset += len;
-    return 0;
-}
-
-/**
- * Read an integer value for ASN.1 data
- * Note: This function allocates memory which must be freed by the user.
- */
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
-{
-    int len;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
-        goto end_int_array;
-
-    *object = (uint8_t *)malloc(len);
-    memcpy(*object, &buf[*offset], len);
-    *offset += len;
-
-end_int_array:
-    return len;
-}
-
-/**
- * Get all the RSA private key specifics from an ASN.1 encoded file 
- */
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
-{
-    int offset = 7;
-    uint8_t *modulus, *priv_exp, *pub_exp;
-    int mod_len, priv_len, pub_len;
-#ifdef CONFIG_BIGINT_CRT
-    uint8_t *p, *q, *dP, *dQ, *qInv;
-    int p_len, q_len, dP_len, dQ_len, qInv_len;
-#endif
-
-    /* not in der format */
-    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: This is not a valid ASN.1 file\n");
-#endif
-        return X509_INVALID_PRIV_KEY;
-    }
-
-    /* initialise the RNG */
-    RNG_initialize(buf, len);
-
-    mod_len = asn1_get_int(buf, &offset, &modulus);
-    pub_len = asn1_get_int(buf, &offset, &pub_exp);
-    priv_len = asn1_get_int(buf, &offset, &priv_exp);
-
-    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
-        return X509_INVALID_PRIV_KEY;
-
-#ifdef CONFIG_BIGINT_CRT
-    p_len = asn1_get_int(buf, &offset, &p);
-    q_len = asn1_get_int(buf, &offset, &q);
-    dP_len = asn1_get_int(buf, &offset, &dP);
-    dQ_len = asn1_get_int(buf, &offset, &dQ);
-    qInv_len = asn1_get_int(buf, &offset, &qInv);
-
-    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
-        return X509_INVALID_PRIV_KEY;
-
-    RSA_priv_key_new(rsa_ctx, 
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
-            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
-
-    free(p);
-    free(q);
-    free(dP);
-    free(dQ);
-    free(qInv);
-#else
-    RSA_priv_key_new(rsa_ctx, 
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
-#endif
-
-    free(modulus);
-    free(priv_exp);
-    free(pub_exp);
-    return X509_OK;
-}
-
-/**
- * Get the time of a certificate. Ignore hours/minutes/seconds.
- */
-static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
-{
-    int ret = X509_NOT_OK, len, t_offset;
-    struct tm tm;
-
-    if (buf[(*offset)++] != ASN1_UTC_TIME)
-        goto end_utc_time;
-    len = get_asn1_length(buf, offset);
-    t_offset = *offset;
-
-    memset(&tm, 0, sizeof(struct tm));
-    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
-
-    if (tm.tm_year <= 50)    /* 1951-2050 thing */
-    {
-        tm.tm_year += 100;
-    }
-
-    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
-    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
-    *t = mktime(&tm);
-    *offset += len;
-    ret = X509_OK;
-
-end_utc_time:
-    return ret;
-}
-
-/**
- * Get the version type of a certificate (which we don't actually care about)
- */
-static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK;
-
-    (*offset) += 2;        /* get past explicit tag */
-    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
-        goto end_version;
-
-    ret = X509_OK;
-end_version:
-    return ret;
-}
-
-/**
- * Retrieve the notbefore and notafter certificate times.
- */
-static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
-}
-
-/**
- * Get the components of a distinguished name 
- */
-static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
-{
-    int dn_type = 0;
-    int len;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
-        goto end_oid;
-
-    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
-       components we are interested in. */
-    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
-        dn_type = buf[(*offset)++];
-    else
-    {
-        *offset += len;     /* skip over it */
-    }
-
-end_oid:
-    return dn_type;
-}
-
-/**
- * Obtain an ASN.1 printable string type.
- */
-static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
-{
-    int len = X509_NOT_OK;
-
-    /* some certs have this awful crud in them for some reason */
-    if (buf[*offset] != ASN1_PRINTABLE_STR && 
-            buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
-        goto end_pnt_str;
-
-    (*offset)++;
-    len = get_asn1_length(buf, offset);
-    *str = (char *)malloc(len+1);                   /* allow for null */
-    memcpy(*str, &buf[*offset], len);
-    (*str)[len] = 0;                                /* null terminate */
-    *offset += len;
-end_pnt_str:
-    return len;
-}
-
-/**
- * Get the subject name (or the issuer) of a certificate.
- */
-static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
-{
-    int ret = X509_NOT_OK;
-    int dn_type;
-    char *tmp = NULL;
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
-        goto end_name;
-
-    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
-    {
-        int i, found = 0;
-
-        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
-            goto end_name;
-
-        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
-        {
-            free(tmp);
-            goto end_name;
-        }
-
-        /* find the distinguished named type */
-        for (i = 0; i < X509_NUM_DN_TYPES; i++)
-        {
-            if (dn_type == g_dn_types[i])
-            {
-                if (dn[i] == NULL)
-                {
-                    dn[i] = tmp;
-                    found = 1;
-                    break;
-                }
-            }
-        }
-
-        if (found == 0) /* not found so get rid of it */
-        {
-            free(tmp);
-        }
-    }
-
-    ret = X509_OK;
-end_name:
-    return ret;
-}
-
-/**
- * Read the modulus and public exponent of a certificate.
- */
-static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK, mod_len, pub_len;
-    uint8_t *modulus, *pub_exp;
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
-            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
-        goto end_pub_key;
-
-    (*offset)++;
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
-        goto end_pub_key;
-
-    mod_len = asn1_get_int(cert, offset, &modulus);
-    pub_len = asn1_get_int(cert, offset, &pub_exp);
-
-    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
-
-    free(modulus);
-    free(pub_exp);
-    ret = X509_OK;
-
-end_pub_key:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Read the signature of the certificate.
- */
-static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK;
-
-    if (cert[(*offset)++] != ASN1_BIT_STRING)
-        goto end_sig;
-
-    x509_ctx->sig_len = get_asn1_length(cert, offset);
-    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
-    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
-    *offset += x509_ctx->sig_len;
-    ret = X509_OK;
-
-end_sig:
-    return ret;
-}
-
-/*
- * Compare 2 distinguished name components for equality 
- * @return 0 if a match
- */
-static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
-{
-    int ret = 1;
-
-    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
-
-    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
-
-err_no_match:
-    return ret;
-}
-
-/**
- * Clean up all of the CA certificates.
- */
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
-{
-    int i = 0;
-
-    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-    {
-        x509_free(ca_cert_ctx->cert[i]);
-        ca_cert_ctx->cert[i++] = NULL;
-    }
-
-    free(ca_cert_ctx);
-}
-
-/*
- * Compare 2 distinguished names for equality 
- * @return 0 if a match
- */
-static int asn1_compare_dn(char * const dn1[], char * const dn2[])
-{
-    int i;
-
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
-    {
-        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
-        {
-            return 1;
-        }
-    }
-
-    return 0;       /* all good */
-}
-
-/**
- * Retrieve the signature from a certificate.
- */
-const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
-{
-    int offset = 0;
-    const uint8_t *ptr = NULL;
-
-    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
-            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
-        goto end_get_sig;
-
-    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
-        goto end_get_sig;
-    *len = get_asn1_length(asn1_sig, &offset);
-    ptr = &asn1_sig[offset];          /* all ok */
-
-end_get_sig:
-    return ptr;
-}
-
-#endif
-
-/**
- * Read the signature type of the certificate. We only support RSA-MD5 and
- * RSA-SHA1 signature types.
- */
-static int asn1_signature_type(const uint8_t *cert, 
-                                int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK, len;
-
-    if (cert[(*offset)++] != ASN1_OID)
-        goto end_check_sig;
-
-    len = get_asn1_length(cert, offset);
-
-    if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
-        goto end_check_sig;     /* unrecognised cert type */
-
-    x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
-
-    *offset += len;
-    if (asn1_skip_obj(cert, offset, ASN1_NULL))
-        goto end_check_sig;
-    ret = X509_OK;
-
-end_check_sig:
-    return ret;
-}
-
-/**
- * Construct a new x509 object.
- * @return 0 if ok. < 0 if there was a problem.
- */
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
-{
-    int begin_tbs, end_tbs;
-    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
-    X509_CTX *x509_ctx;
-    BI_CTX *bi_ctx;
-
-    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
-    x509_ctx = *ctx;
-
-    /* get the certificate size */
-    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    begin_tbs = offset;         /* start of the tbs */
-    end_tbs = begin_tbs;        /* work out the end of the tbs */
-    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
-    {
-        if (asn1_version(cert, &offset, x509_ctx))
-            goto end_cert;
-    }
-
-    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
-            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    /* make sure the signature is ok */
-    if (asn1_signature_type(cert, &offset, x509_ctx))
-    {
-        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
-        goto end_cert;
-    }
-
-    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
-            asn1_validity(cert, &offset, x509_ctx) ||
-            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
-            asn1_public_key(cert, &offset, x509_ctx))
-        goto end_cert;
-
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (either SHA1 or MD5) */
-    if (x509_ctx->sig_type == SIG_TYPE_MD5)
-    {
-        MD5_CTX md5_ctx;
-        uint8_t md5_dgst[MD5_SIZE];
-        MD5Init(&md5_ctx);
-        MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD5Final(&md5_ctx, md5_dgst);
-        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
-    {
-        SHA1_CTX sha_ctx;
-        uint8_t sha_dgst[SHA1_SIZE];
-        SHA1Init(&sha_ctx);
-        SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA1Final(&sha_ctx, sha_dgst);
-        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
-    }
-
-    offset = end_tbs;   /* skip the v3 data */
-    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
-            asn1_signature(cert, &offset, x509_ctx))
-        goto end_cert;
-#endif
-
-    if (len)
-    {
-        *len = cert_size;
-    }
-
-    ret = X509_OK;
-end_cert:
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret)
-    {
-        printf("Error: Invalid X509 ASN.1 file\n");
-    }
-#endif
-
-    return ret;
-}
-
-/**
- * Free an X.509 object's resources.
- */
-void x509_free(X509_CTX *x509_ctx)
-{
-    X509_CTX *next;
-    int i;
-
-    if (x509_ctx == NULL)       /* if already null, then don't bother */
-        return;
-
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
-    {
-        free(x509_ctx->ca_cert_dn[i]);
-        free(x509_ctx->cert_dn[i]);
-    }
-
-    free(x509_ctx->signature);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION 
-    if (x509_ctx->digest)
-    {
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
-    }
-#endif
-
-    RSA_free(x509_ctx->rsa_ctx);
-
-    next = x509_ctx->next;
-    free(x509_ctx);
-    x509_free(next);        /* clear the chain */
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Do some basic checks on the certificate chain.
- *
- * Certificate verification consists of a number of checks:
- * - A root certificate exists in the certificate store.
- * - The date of the certificate is after the start date.
- * - The date of the certificate is before the finish date.
- * - The certificate chain is valid.
- * - That the certificate(s) are not self-signed.
- * - The signature of the certificate is valid.
- */
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
-{
-    int ret = X509_OK, i = 0;
-    bigint *cert_sig;
-    X509_CTX *next_cert = NULL;
-    BI_CTX *ctx;
-    bigint *mod, *expn;
-    struct timeval tv;
-    int match_ca_cert = 0;
-
-    if (cert == NULL || ca_cert_ctx == NULL)
-    {
-        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-        goto end_verify;
-    }
-
-    /* last cert in the chain - look for a trusted cert */
-    if (cert->next == NULL)
-    {
-        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            if (asn1_compare_dn(cert->ca_cert_dn,
-                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
-            {
-                match_ca_cert = 1;
-                break;
-            }
-
-            i++;
-        }
-
-        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            next_cert = ca_cert_ctx->cert[i];
-        }
-        else    /* trusted cert not found */
-        {
-            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-            goto end_verify;
-        }
-    }
-    else
-    {
-        next_cert = cert->next;
-    }
-
-    gettimeofday(&tv, NULL);
-
-    /* check the not before date */
-    if (tv.tv_sec < cert->not_before)
-    {
-        ret = X509_VFY_ERROR_NOT_YET_VALID;
-        goto end_verify;
-    }
-
-    /* check the not after date */
-    if (tv.tv_sec > cert->not_after)
-    {
-        ret = X509_VFY_ERROR_EXPIRED;
-        goto end_verify;
-    }
-
-    /* check the chain integrity */
-    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
-    {
-        ret = X509_VFY_ERROR_INVALID_CHAIN;
-        goto end_verify;
-    }
-
-    /* check for self-signing */
-    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
-    {
-        ret = X509_VFY_ERROR_SELF_SIGNED;
-        goto end_verify;
-    }
-
-    /* check the signature */
-    ctx = cert->rsa_ctx->bi_ctx;
-    mod = next_cert->rsa_ctx->m;
-    expn = next_cert->rsa_ctx->e;
-    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
-            bi_clone(ctx, mod), bi_clone(ctx, expn));
-
-    if (cert_sig)
-    {
-        ret = cert->digest ?    /* check the signature */
-            bi_compare(cert_sig, cert->digest) :
-            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
-        bi_free(ctx, cert_sig);
-
-        if (ret)
-            goto end_verify;
-    }
-    else
-    {
-        ret = X509_VFY_ERROR_BAD_SIGNATURE;
-        goto end_verify;
-    }
-
-    /* go down the certificate chain using recursion. */
-    if (ret == 0 && cert->next)
-    {
-        ret = x509_verify(ca_cert_ctx, next_cert);
-    }
-
-end_verify:
-    return ret;
-}
-#endif
-
-#if defined (CONFIG_SSL_FULL_MODE)
-/**
- * Used for diagnostics.
- */
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
-{
-    if (cert == NULL)
-        return;
-
-    printf("----------------   CERT DEBUG   ----------------\n");
-    printf("* CA Cert Distinguished Name\n");
-    if (cert->ca_cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
-    }
-
-    if (cert->ca_cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
-    }
-
-    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
-
-    printf("* Cert Distinguished Name\n");
-    if (cert->cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
-    }
-
-    if (cert->cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
-    }
-
-    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
-
-    printf("Not Before:\t\t%s", ctime(&cert->not_before));
-    printf("Not After:\t\t%s", ctime(&cert->not_after));
-    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
-    printf("Sig Type:\t\t");
-    switch (cert->sig_type)
-    {
-        case SIG_TYPE_MD5:
-            printf("MD5\n");
-            break;
-        case SIG_TYPE_SHA1:
-            printf("SHA1\n");
-            break;
-        case SIG_TYPE_MD2:
-            printf("MD2\n");
-            break;
-        default:
-            printf("Unrecognized: %d\n", cert->sig_type);
-            break;
-    }
-
-    printf("Verify:\t\t\t");
-
-    if (ca_cert_ctx)
-    {
-        x509_display_error(x509_verify(ca_cert_ctx, cert));
-    }
-
-    printf("\n");
-#if 0
-    print_blob("Signature", cert->signature, cert->sig_len);
-    bi_print("Modulus", cert->rsa_ctx->m);
-    bi_print("Pub Exp", cert->rsa_ctx->e);
-#endif
-
-    if (ca_cert_ctx)
-    {
-        x509_print(ca_cert_ctx, cert->next);
-    }
-}
-
-void x509_display_error(int error)
-{
-    switch (error)
-    {
-        case X509_NOT_OK:
-            printf("X509 not ok");
-            break;
-
-        case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            printf("No trusted cert is available");
-            break;
-
-        case X509_VFY_ERROR_BAD_SIGNATURE:
-            printf("Bad signature");
-            break;
-
-        case X509_VFY_ERROR_NOT_YET_VALID:
-            printf("Cert is not yet valid");
-            break;
-
-        case X509_VFY_ERROR_EXPIRED:
-            printf("Cert has expired");
-            break;
-
-        case X509_VFY_ERROR_SELF_SIGNED:
-            printf("Cert is self-signed");
-            break;
-
-        case X509_VFY_ERROR_INVALID_CHAIN:
-            printf("Chain is invalid (check order of certs)");
-            break;
-
-        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            printf("Unsupported digest");
-            break;
-
-        case X509_INVALID_PRIV_KEY:
-            printf("Invalid private key");
-            break;
-    }
-}
-#endif      /* CONFIG_SSL_FULL_MODE */
-
diff --git a/ssl/bigint.c b/ssl/bigint.c
deleted file mode 100644
index e64375f809..0000000000
--- a/ssl/bigint.c
+++ /dev/null
@@ -1,1506 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @defgroup bigint_api Big Integer API
- * @brief The bigint implementation as used by the axTLS project.
- *
- * The bigint library is for RSA encryption/decryption as well as signing.
- * This code tries to minimise use of malloc/free by maintaining a small 
- * cache. A bigint context may maintain state by being made "permanent". 
- * It be be later released with a bi_depermanent() and bi_free() call.
- *
- * It supports the following reduction techniques:
- * - Classical
- * - Barrett
- * - Montgomery
- *
- * It also implements the following:
- * - Karatsuba multiplication
- * - Squaring
- * - Sliding window exponentiation
- * - Chinese Remainder Theorem (implemented in rsa.c).
- *
- * All the algorithms used are pretty standard, and designed for different
- * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
- * may need to be tested for negativity.
- *
- * This library steals some ideas from Jef Poskanzer
- * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
- * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
- * detail from "The Handbook of Applied Cryptography"
- * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
- * @{
- */
-
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include <time.h>
-#include "bigint.h"
-#include "crypto.h"
-
-static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
-static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
-static bigint *alloc(BI_CTX *ctx, int size);
-static bigint *trim(bigint *bi);
-static void more_comps(bigint *bi, int n);
-#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
-    defined(CONFIG_BIGINT_MONTGOMERY)
-static bigint *comp_right_shift(bigint *biR, int num_shifts);
-static bigint *comp_left_shift(bigint *biR, int num_shifts);
-#endif
-
-#ifdef CONFIG_BIGINT_CHECK_ON
-static void check(const bigint *bi);
-#endif
-
-/**
- * @brief Start a new bigint context.
- * @return A bigint context.
- */
-BI_CTX *bi_initialize(void)
-{
-    BI_CTX *ctx;
-   
-    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-    ctx->active_list = NULL;
-    ctx->active_count = 0;
-    ctx->free_list = NULL;
-    ctx->free_count = 0;
-    ctx->mod_offset = 0;
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    ctx->use_classical = 0;
-#endif
-
-    /* the radix */
-    ctx->bi_radix = alloc(ctx, 2); 
-    ctx->bi_radix->comps[0] = 0;
-    ctx->bi_radix->comps[1] = 1;
-    bi_permanent(ctx->bi_radix);
-
-    return ctx;
-}
-
-/**
- * @brief Close the bigint context and free any resources.
- *
- * Free up any used memory - a check is done if all objects were not 
- * properly freed.
- * @param ctx [in]   The bigint session context.
- */
-void bi_terminate(BI_CTX *ctx)
-{
-    bigint *p, *pn;
-
-    bi_depermanent(ctx->bi_radix); 
-    bi_free(ctx, ctx->bi_radix);
-
-    if (ctx->active_count != 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_terminate: there were %d un-freed bigints\n",
-                       ctx->active_count);
-#endif
-        abort();
-    }
-
-    for (p = ctx->free_list; p != NULL; p = pn)
-    {
-        pn = p->next;
-        free(p->comps);
-        free(p);
-    }
-
-    free(ctx);
-}
-
-/**
- * @brief Increment the number of references to this object. 
- * It does not do a full copy.
- * @param bi [in]   The bigint to copy.
- * @return A reference to the same bigint.
- */
-bigint *bi_copy(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != PERMANENT)
-        bi->refs++;
-    return bi;
-}
-
-/**
- * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
- *
- * For this object to be freed, bi_depermanent() must be called.
- * @param bi [in]   The bigint to be made permanent.
- */
-void bi_permanent(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != 1)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_permanent: refs was not 1\n");
-#endif
-        abort();
-    }
-
-    bi->refs = PERMANENT;
-}
-
-/**
- * @brief Take a permanent object and make it eligible for freedom.
- * @param bi [in]   The bigint to be made back to temporary.
- */
-void bi_depermanent(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != PERMANENT)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_depermanent: bigint was not permanent\n");
-#endif
-        abort();
-    }
-
-    bi->refs = 1;
-}
-
-/**
- * @brief Free a bigint object so it can be used again. 
- *
- * The memory itself it not actually freed, just tagged as being available 
- * @param ctx [in]   The bigint session context.
- * @param bi [in]    The bigint to be freed.
- */
-void bi_free(BI_CTX *ctx, bigint *bi)
-{
-    check(bi);
-    if (bi->refs == PERMANENT)
-    {
-        return;
-    }
-
-    if (--bi->refs > 0)
-    {
-        return;
-    }
-
-    bi->next = ctx->free_list;
-    ctx->free_list = bi;
-    ctx->free_count++;
-
-    if (--ctx->active_count < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_free: active_count went negative "
-                "- double-freed bigint?\n");
-#endif
-        abort();
-    }
-}
-
-/**
- * @brief Convert an (unsigned) integer into a bigint.
- * @param ctx [in]   The bigint session context.
- * @param i [in]     The (unsigned) integer to be converted.
- * 
- */
-bigint *int_to_bi(BI_CTX *ctx, comp i)
-{
-    bigint *biR = alloc(ctx, 1);
-    biR->comps[0] = i;
-    return biR;
-}
-
-/**
- * @brief Do a full copy of the bigint object.
- * @param ctx [in]   The bigint session context.
- * @param bi  [in]   The bigint object to be copied.
- */
-bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
-{
-    bigint *biR = alloc(ctx, bi->size);
-    check(bi);
-    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
-    return biR;
-}
-
-/**
- * @brief Perform an addition operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return The result of the addition.
- */
-bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
-{
-    int n;
-    comp carry = 0;
-    comp *pa, *pb;
-
-    check(bia);
-    check(bib);
-
-    n = max(bia->size, bib->size);
-    more_comps(bia, n+1);
-    more_comps(bib, n);
-    pa = bia->comps;
-    pb = bib->comps;
-
-    do
-    {
-        comp  sl, rl, cy1;
-        sl = *pa + *pb++;
-        rl = sl + carry;
-        cy1 = sl < *pa;
-        carry = cy1 | (rl < sl);
-        *pa++ = rl;
-    } while (--n != 0);
-
-    *pa = carry;                  /* do overflow */
-    bi_free(ctx, bib);
-    return trim(bia);
-}
-
-/**
- * @brief Perform a subtraction operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @param is_negative [out] If defined, indicates that the result was negative.
- * is_negative may be null.
- * @return The result of the subtraction. The result is always positive.
- */
-bigint *bi_subtract(BI_CTX *ctx, 
-        bigint *bia, bigint *bib, int *is_negative)
-{
-    int n = bia->size;
-    comp *pa, *pb, carry = 0;
-
-    check(bia);
-    check(bib);
-
-    more_comps(bib, n);
-    pa = bia->comps;
-    pb = bib->comps;
-
-    do 
-    {
-        comp sl, rl, cy1;
-        sl = *pa - *pb++;
-        rl = sl - carry;
-        cy1 = sl > *pa;
-        carry = cy1 | (rl > sl);
-        *pa++ = rl;
-    } while (--n != 0);
-
-    if (is_negative)    /* indicate a negative result */
-    {
-        *is_negative = carry;
-    }
-
-    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
-    return trim(bia);
-}
-
-/**
- * Perform a multiply between a bigint an an (unsigned) integer
- */
-static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
-{
-    int j = 0, n = bia->size;
-    bigint *biR = alloc(ctx, n + 1);
-    comp carry = 0;
-    comp *r = biR->comps;
-    comp *a = bia->comps;
-
-    check(bia);
-
-    /* clear things to start with */
-    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
-
-    do
-    {
-        long_comp tmp = *r + (long_comp)a[j]*b + carry;
-        *r++ = (comp)tmp;              /* downsize */
-        carry = (comp)(tmp >> COMP_BIT_SIZE);
-    } while (++j < n);
-
-    *r = carry;
-    bi_free(ctx, bia);
-    return trim(biR);
-}
-
-/**
- * @brief Does both division and modulo calculations. 
- *
- * Used extensively when doing classical reduction.
- * @param ctx [in]  The bigint session context.
- * @param u [in]    A bigint which is the numerator.
- * @param v [in]    Either the denominator or the modulus depending on the mode.
- * @param is_mod [n] Determines if this is a normal division (0) or a reduction
- * (1).
- * @return  The result of the division/reduction.
- */
-bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
-{
-    int n = v->size, m = u->size-n;
-    int j = 0, orig_u_size = u->size;
-    uint8_t mod_offset = ctx->mod_offset;
-    comp d;
-    bigint *quotient, *tmp_u;
-    comp q_dash;
-
-    check(u);
-    check(v);
-
-    /* if doing reduction and we are < mod, then return mod */
-    if (is_mod && bi_compare(v, u) > 0)
-    {
-        bi_free(ctx, v);
-        return u;
-    }
-
-    quotient = alloc(ctx, m+1);
-    tmp_u = alloc(ctx, n+1);
-    v = trim(v);        /* make sure we have no leading 0's */
-    d = (comp)((long_comp)COMP_RADIX/(V1+1));
-
-    /* clear things to start with */
-    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
-
-    /* normalise */
-    if (d > 1)
-    {
-        u = bi_int_multiply(ctx, u, d);
-
-        if (is_mod)
-        {
-            v = ctx->bi_normalised_mod[mod_offset];
-        }
-        else
-        {
-            v = bi_int_multiply(ctx, v, d);
-        }
-    }
-
-    if (orig_u_size == u->size)  /* new digit position u0 */
-    {
-        more_comps(u, orig_u_size + 1);
-    }
-
-    do
-    {
-        /* get a temporary short version of u */
-        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
-
-        /* calculate q' */
-        if (U(0) == V1)
-        {
-            q_dash = COMP_RADIX-1;
-        }
-        else
-        {
-            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
-        }
-
-        if (v->size > 1 && V2)
-        {
-            /* we are implementing the following:
-            if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
-                    q_dash*V1)*COMP_RADIX) + U(2))) ... */
-            comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
-                                        (long_comp)q_dash*V1);
-            if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
-            {
-                q_dash--;
-            }
-        }
-
-        /* multiply and subtract */
-        if (q_dash)
-        {
-            int is_negative;
-            tmp_u = bi_subtract(ctx, tmp_u, 
-                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
-            more_comps(tmp_u, n+1);
-
-            Q(j) = q_dash; 
-
-            /* add back */
-            if (is_negative)
-            {
-                Q(j)--;
-                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
-
-                /* lop off the carry */
-                tmp_u->size--;
-                v->size--;
-            }
-        }
-        else
-        {
-            Q(j) = 0; 
-        }
-
-        /* copy back to u */
-        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
-    } while (++j <= m);
-
-    bi_free(ctx, tmp_u);
-    bi_free(ctx, v);
-
-    if (is_mod)     /* get the remainder */
-    {
-        bi_free(ctx, quotient);
-        return bi_int_divide(ctx, trim(u), d);
-    }
-    else            /* get the quotient */
-    {
-        bi_free(ctx, u);
-        return trim(quotient);
-    }
-}
-
-/*
- * Perform an integer divide on a bigint.
- */
-static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
-{
-    int i = biR->size - 1;
-    long_comp r = 0;
-
-    check(biR);
-
-    do
-    {
-        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
-        biR->comps[i] = (comp)(r / denom);
-        r %= denom;
-    } while (--i != 0);
-
-    return trim(biR);
-}
-
-#ifdef CONFIG_BIGINT_MONTGOMERY
-/**
- * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
- * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
- * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
- * simple algorithm from an article by Dusse and Kaliski to efficiently 
- * find N0' from N0 and b */
-static comp modular_inverse(bigint *bim)
-{
-    int i;
-    comp t = 1;
-    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
-    long_comp two_2_i = 4;      /* 2^i */
-    comp N = bim->comps[0];
-
-    for (i = 2; i <= COMP_BIT_SIZE; i++)
-    {
-        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
-        {
-            t += two_2_i_minus_1;
-        }
-
-        two_2_i_minus_1 <<= 1;
-        two_2_i <<= 1;
-    }
-
-    return (comp)(COMP_RADIX-t);
-}
-#endif
-
-#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
-    defined(CONFIG_BIGINT_MONTGOMERY)
-/**
- * Take each component and shift down (in terms of components) 
- */
-static bigint *comp_right_shift(bigint *biR, int num_shifts)
-{
-    int i = biR->size-num_shifts;
-    comp *x = biR->comps;
-    comp *y = &biR->comps[num_shifts];
-
-    check(biR);
-
-    if (i <= 0)     /* have we completely right shifted? */
-    {
-        biR->comps[0] = 0;  /* return 0 */
-        biR->size = 1;
-        return biR;
-    }
-
-    do
-    {
-        *x++ = *y++;
-    } while (--i > 0);
-
-    biR->size -= num_shifts;
-    return biR;
-}
-
-/**
- * Take each component and shift it up (in terms of components) 
- */
-static bigint *comp_left_shift(bigint *biR, int num_shifts)
-{
-    int i = biR->size-1;
-    comp *x, *y;
-
-    check(biR);
-
-    if (num_shifts <= 0)
-    {
-        return biR;
-    }
-
-    more_comps(biR, biR->size + num_shifts);
-
-    x = &biR->comps[i+num_shifts];
-    y = &biR->comps[i];
-
-    do
-    {
-        *x-- = *y--;
-    } while (i--);
-
-    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
-    return biR;
-}
-#endif
-
-/**
- * @brief Allow a binary sequence to be imported as a bigint.
- * @param ctx [in]  The bigint session context.
- * @param data [in] The data to be converted.
- * @param size [in] The number of bytes of data.
- * @return A bigint representing this data.
- */
-bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
-{
-    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
-    int i, j = 0, offset = 0;
-
-    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
-
-    for (i = size-1; i >= 0; i--)
-    {
-        biR->comps[offset] += data[i] << (j*8);
-
-        if (++j == COMP_BYTE_SIZE)
-        {
-            j = 0;
-            offset ++;
-        }
-    }
-
-    return trim(biR);
-}
-
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * @brief The testharness uses this code to import text hex-streams and 
- * convert them into bigints.
- * @param ctx [in]  The bigint session context.
- * @param data [in] A string consisting of hex characters. The characters must
- * be in upper case.
- * @return A bigint representing this data.
- */
-bigint *bi_str_import(BI_CTX *ctx, const char *data)
-{
-    int size = strlen(data);
-    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
-    int i, j = 0, offset = 0;
-    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
-
-    for (i = size-1; i >= 0; i--)
-    {
-        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
-        biR->comps[offset] += num << (j*4);
-
-        if (++j == COMP_NUM_NIBBLES)
-        {
-            j = 0;
-            offset ++;
-        }
-    }
-
-    return biR;
-}
-
-void bi_print(const char *label, bigint *x)
-{
-    int i, j;
-
-    if (x == NULL)
-    {
-        printf("%s: (null)\n", label);
-        return;
-    }
-
-    printf("%s: (size %d)\n", label, x->size);
-    for (i = x->size-1; i >= 0; i--)
-    {
-        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
-        {
-            comp mask = 0x0f << (j*4);
-            comp num = (x->comps[i] & mask) >> (j*4);
-            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
-        }
-    }  
-
-    printf("\n");
-}
-#endif
-
-/**
- * @brief Take a bigint and convert it into a byte sequence. 
- *
- * This is useful after a decrypt operation.
- * @param ctx [in]  The bigint session context.
- * @param x [in]  The bigint to be converted.
- * @param data [out] The converted data as a byte stream.
- * @param size [in] The maximum size of the byte stream. Unused bytes will be
- * zeroed.
- */
-void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
-{
-    int i, j, k = size-1;
-
-    check(x);
-    memset(data, 0, size);  /* ensure all leading 0's are cleared */
-
-    for (i = 0; i < x->size; i++)
-    {
-        for (j = 0; j < COMP_BYTE_SIZE; j++)
-        {
-            comp mask = 0xff << (j*8);
-            int num = (x->comps[i] & mask) >> (j*8);
-            data[k--] = num;
-
-            if (k < 0)
-            {
-                break;
-            }
-        }
-    }
-
-    bi_free(ctx, x);
-}
-
-/**
- * @brief Pre-calculate some of the expensive steps in reduction. 
- *
- * This function should only be called once (normally when a session starts).
- * When the session is over, bi_free_mod() should be called. bi_mod_power()
- * relies on this function being called.
- * @param ctx [in]  The bigint session context.
- * @param bim [in]  The bigint modulus that will be used.
- * @param mod_offset [in] There are three moduluii that can be stored - the
- * standard modulus, and its two primes p and q. This offset refers to which
- * modulus we are referring to.
- * @see bi_free_mod(), bi_mod_power().
- */
-void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
-{
-    int k = bim->size;
-    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    bigint *R, *R2;
-#endif
-
-    ctx->bi_mod[mod_offset] = bim;
-    bi_permanent(ctx->bi_mod[mod_offset]);
-    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
-    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    /* set montgomery variables */
-    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
-    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
-    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
-    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
-
-    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
-    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
-
-    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
-
-#elif defined (CONFIG_BIGINT_BARRETT)
-    ctx->bi_mu[mod_offset] = 
-        bi_divide(ctx, comp_left_shift(
-            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
-    bi_permanent(ctx->bi_mu[mod_offset]);
-#endif
-}
-
-/**
- * @brief Used when cleaning various bigints at the end of a session.
- * @param ctx [in]  The bigint session context.
- * @param mod_offset [in] The offset to use.
- * @see bi_set_mod().
- */
-void bi_free_mod(BI_CTX *ctx, int mod_offset)
-{
-    bi_depermanent(ctx->bi_mod[mod_offset]);
-    bi_free(ctx, ctx->bi_mod[mod_offset]);
-#if defined (CONFIG_BIGINT_MONTGOMERY)
-    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
-    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
-    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
-    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
-#elif defined(CONFIG_BIGINT_BARRETT)
-    bi_depermanent(ctx->bi_mu[mod_offset]); 
-    bi_free(ctx, ctx->bi_mu[mod_offset]);
-#endif
-    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
-    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
-}
-
-/** 
- * Perform a standard multiplication between two bigints.
- */
-static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
-{
-    int i, j, i_plus_j;
-    int n = bia->size; 
-    int t = bib->size;
-    bigint *biR = alloc(ctx, n + t);
-    comp *sr = biR->comps;
-    comp *sa = bia->comps;
-    comp *sb = bib->comps;
-
-    check(bia);
-    check(bib);
-
-    /* clear things to start with */
-    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
-    i = 0;
-
-    do 
-    {
-        comp carry = 0;
-        comp b = *sb++;
-        i_plus_j = i;
-        j = 0;
-
-        do
-        {
-            long_comp tmp = sr[i_plus_j] + (long_comp)sa[j]*b + carry;
-            sr[i_plus_j++] = (comp)tmp;              /* downsize */
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
-        } while (++j < n);
-
-        sr[i_plus_j] = carry;
-    } while (++i < t);
-
-    bi_free(ctx, bia);
-    bi_free(ctx, bib);
-    return trim(biR);
-}
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-/*
- * Karatsuba improves on regular multiplication due to only 3 multiplications 
- * being done instead of 4. The additional additions/subtractions are O(N) 
- * rather than O(N^2) and so for big numbers it saves on a few operations 
- */
-static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
-{
-    bigint *x0, *x1;
-    bigint *p0, *p1, *p2;
-    int m;
-
-    if (is_square)
-    {
-        m = (bia->size + 1)/2;
-    }
-    else
-    {
-        m = (max(bia->size, bib->size) + 1)/2;
-    }
-
-    x0 = bi_clone(ctx, bia);
-    x0->size = m;
-    x1 = bi_clone(ctx, bia);
-    comp_right_shift(x1, m);
-    bi_free(ctx, bia);
-
-    /* work out the 3 partial products */
-    if (is_square)
-    {
-        p0 = bi_square(ctx, bi_copy(x0));
-        p2 = bi_square(ctx, bi_copy(x1));
-        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
-    }
-    else /* normal multiply */
-    {
-        bigint *y0, *y1;
-        y0 = bi_clone(ctx, bib);
-        y0->size = m;
-        y1 = bi_clone(ctx, bib);
-        comp_right_shift(y1, m);
-        bi_free(ctx, bib);
-
-        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
-        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
-        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
-    }
-
-    p1 = bi_subtract(ctx, 
-            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
-
-    comp_left_shift(p1, m);
-    comp_left_shift(p2, 2*m);
-    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
-}
-#endif
-
-/**
- * @brief Perform a multiplication operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return The result of the multiplication.
- */
-bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
-{
-    check(bia);
-    check(bib);
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-    if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
-    {
-        return regular_multiply(ctx, bia, bib);
-    }
-
-    return karatsuba(ctx, bia, bib, 0);
-#else
-    return regular_multiply(ctx, bia, bib);
-#endif
-}
-
-#ifdef CONFIG_BIGINT_SQUARE
-/*
- * Perform the actual square operion. It takes into account overflow.
- */
-static bigint *regular_square(BI_CTX *ctx, bigint *bi)
-{
-    int t = bi->size;
-    int i = 0, j;
-    bigint *biR = alloc(ctx, t*2);
-    comp *w = biR->comps;
-    comp *x = bi->comps;
-    comp carry;
-
-    memset(w, 0, biR->size*COMP_BYTE_SIZE);
-
-    do
-    {
-        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
-        comp u = 0;
-        w[2*i] = (comp)tmp;
-        carry = (comp)(tmp >> COMP_BIT_SIZE);
-
-        for (j = i+1; j < t; j++)
-        {
-            long_comp xx = (long_comp)x[i]*x[j];
-            long_comp blob = (long_comp)w[i+j]+carry;
-
-            if (u)                  /* previous overflow */
-            {
-                blob += COMP_RADIX;
-            }
-
-            u = 0;
-            if (xx & COMP_BIG_MSB)  /* check for overflow */
-            {
-                u = 1;
-            }
-
-            tmp = 2*xx + blob;
-            w[i+j] = (comp)tmp;
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
-        }
-
-        w[i+t] += carry;
-
-        if (u)
-        {
-            w[i+t+1] = 1;   /* add carry */
-        }
-    } while (++i < t);
-
-    bi_free(ctx, bi);
-    return trim(biR);
-}
-
-/**
- * @brief Perform a square operation on a bigint.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @return The result of the multiplication.
- */
-bigint *bi_square(BI_CTX *ctx, bigint *bia)
-{
-    check(bia);
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-    if (bia->size < SQU_KARATSUBA_THRESH) 
-    {
-        return regular_square(ctx, bia);
-    }
-
-    return karatsuba(ctx, bia, NULL, 1);
-#else
-    return regular_square(ctx, bia);
-#endif
-}
-#endif
-
-/**
- * @brief Compare two bigints.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return -1 if smaller, 1 if larger and 0 if equal.
- */
-int bi_compare(bigint *bia, bigint *bib)
-{
-    int r, i;
-
-    check(bia);
-    check(bib);
-
-    if (bia->size > bib->size)
-        r = 1;
-    else if (bia->size < bib->size)
-        r = -1;
-    else
-    {
-        comp *a = bia->comps; 
-        comp *b = bib->comps; 
-
-        /* Same number of components.  Compare starting from the high end
-         * and working down. */
-        r = 0;
-        i = bia->size - 1;
-
-        do 
-        {
-            if (a[i] > b[i])
-            { 
-                r = 1;
-                break; 
-            }
-            else if (a[i] < b[i])
-            { 
-                r = -1;
-                break; 
-            }
-        } while (--i >= 0);
-    }
-
-    return r;
-}
-
-/*
- * Allocate and zero more components.  Does not consume bi. 
- */
-static void more_comps(bigint *bi, int n)
-{
-    if (n > bi->max_comps)
-    {
-        bi->max_comps = max(bi->max_comps * 2, n);
-        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
-    }
-
-    if (n > bi->size)
-    {
-        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
-    }
-
-    bi->size = n;
-}
-
-/*
- * Make a new empty bigint. It may just use an old one if one is available.
- * Otherwise get one off the heap.
- */
-static bigint *alloc(BI_CTX *ctx, int size)
-{
-    bigint *biR;
-
-    /* Can we recycle an old bigint? */
-    if (ctx->free_list != NULL)
-    {
-        biR = ctx->free_list;
-        ctx->free_list = biR->next;
-        ctx->free_count--;
-
-        if (biR->refs != 0)
-        {
-#ifdef CONFIG_SSL_FULL_MODE
-            printf("alloc: refs was not 0\n");
-#endif
-            abort();    /* create a stack trace from a core dump */
-        }
-
-        more_comps(biR, size);
-    }
-    else
-    {
-        /* No free bigints available - create a new one. */
-        biR = (bigint *)malloc(sizeof(bigint));
-        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
-        biR->max_comps = size;  /* give some space to spare */
-    }
-
-    biR->size = size;
-    biR->refs = 1;
-    biR->next = NULL;
-    ctx->active_count++;
-    return biR;
-}
-
-/*
- * Work out the highest '1' bit in an exponent. Used when doing sliding-window
- * exponentiation.
- */
-static int find_max_exp_index(bigint *biexp)
-{
-    int i = COMP_BIT_SIZE-1;
-    comp shift = COMP_RADIX/2;
-    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
-
-    check(biexp);
-
-    do
-    {
-        if (test & shift)
-        {
-            return i+(biexp->size-1)*COMP_BIT_SIZE;
-        }
-
-        shift >>= 1;
-    } while (--i != 0);
-
-    return -1;      /* error - must have been a leading 0 */
-}
-
-/*
- * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
- * exponentiation.
- */
-static int exp_bit_is_one(bigint *biexp, int offset)
-{
-    comp test = biexp->comps[offset / COMP_BIT_SIZE];
-    int num_shifts = offset % COMP_BIT_SIZE;
-    comp shift = 1;
-    int i;
-
-    check(biexp);
-
-    for (i = 0; i < num_shifts; i++)
-    {
-        shift <<= 1;
-    }
-
-    return test & shift;
-}
-
-#ifdef CONFIG_BIGINT_CHECK_ON
-/*
- * Perform a sanity check on bi.
- */
-static void check(const bigint *bi)
-{
-    if (bi->refs <= 0)
-    {
-        printf("check: zero or negative refs in bigint\n");
-        abort();
-    }
-
-    if (bi->next != NULL)
-    {
-        printf("check: attempt to use a bigint from "
-                "the free list\n");
-        abort();
-    }
-}
-#endif
-
-/*
- * Delete any leading 0's (and allow for 0).
- */
-static bigint *trim(bigint *bi)
-{
-    check(bi);
-
-    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
-    {
-        bi->size--;
-    }
-
-    return bi;
-}
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-/**
- * @brief Perform a single montgomery reduction.
- * @param ctx [in]  The bigint session context.
- * @param bixy [in]  A bigint.
- * @return The result of the montgomery reduction.
- */
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
-{
-    int i = 0, n;
-    uint8_t mod_offset = ctx->mod_offset;
-    bigint *bim = ctx->bi_mod[mod_offset];
-    comp mod_inv = ctx->N0_dash[mod_offset];
-
-    check(bixy);
-
-    if (ctx->use_classical)     /* just use classical instead */
-    {
-        return bi_mod(ctx, bixy);
-    }
-
-    n = bim->size;
-
-    do
-    {
-        bixy = bi_add(ctx, bixy, comp_left_shift(
-                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
-    } while (++i < n);
-
-    comp_right_shift(bixy, n);
-
-    if (bi_compare(bixy, bim) >= 0)
-    {
-        bixy = bi_subtract(ctx, bixy, bim, NULL);
-    }
-
-    return bixy;
-}
-
-#elif defined(CONFIG_BIGINT_BARRETT)
-/*
- * Stomp on the most significant components to give the illusion of a "mod base
- * radix" operation 
- */
-static bigint *comp_mod(bigint *bi, int mod)
-{
-    check(bi);
-
-    if (bi->size > mod)
-    {
-        bi->size = mod;
-    }
-
-    return bi;
-}
-
-/*
- * Barrett reduction has no need for some parts of the product, so ignore bits
- * of the multiply. This routine gives Barrett its big performance
- * improvements over Classical/Montgomery reduction methods. 
- */
-static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
-        int inner_partial, int outer_partial)
-{
-    int i = 0, j, n = bia->size, t = bib->size;
-    bigint *biR;
-    comp carry;
-    comp *sr, *sa, *sb;
-
-    check(bia);
-    check(bib);
-
-    biR = alloc(ctx, n + t);
-    sa = bia->comps;
-    sb = bib->comps;
-    sr = biR->comps;
-
-    if (inner_partial)
-    {
-        memset(sr, 0, inner_partial*COMP_BYTE_SIZE); 
-    }
-    else    /* outer partial */
-    {
-        if (n < outer_partial || t < outer_partial) /* should we bother? */
-        {
-            bi_free(ctx, bia);
-            bi_free(ctx, bib);
-            biR->comps[0] = 0;      /* return 0 */
-            biR->size = 1;
-            return biR;
-        }
-
-        memset(&sr[outer_partial], 0, (n+t-outer_partial)*COMP_BYTE_SIZE);
-    }
-
-    do 
-    {
-        comp *a = sa;
-        comp b = *sb++;
-        long_comp tmp;
-        int i_plus_j = i;
-        carry = 0;
-        j = n;
-
-        if (outer_partial && i_plus_j < outer_partial)
-        {
-            i_plus_j = outer_partial;
-            a = &sa[outer_partial-i];
-            j = n-(outer_partial-i);
-        }
-
-        do
-        {
-            if (inner_partial && i_plus_j >= inner_partial) 
-            {
-                break;
-            }
-
-            tmp = sr[i_plus_j] + ((long_comp)*a++)*b + carry;
-            sr[i_plus_j++] = (comp)tmp;              /* downsize */
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
-        } while (--j != 0);
-
-        sr[i_plus_j] = carry;
-    } while (++i < t);
-
-    bi_free(ctx, bia);
-    bi_free(ctx, bib);
-    return trim(biR);
-}
-
-/**
- * @brief Perform a single Barrett reduction.
- * @param ctx [in]  The bigint session context.
- * @param bi [in]  A bigint.
- * @return The result of the Barrett reduction.
- */
-bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
-{
-    bigint *q1, *q2, *q3, *r1, *r2, *r;
-    uint8_t mod_offset = ctx->mod_offset;
-    bigint *bim = ctx->bi_mod[mod_offset];
-    int k = bim->size;
-
-    check(bi);
-    check(bim);
-
-    /* use Classical method instead  - Barrett cannot help here */
-    if (bi->size > k*2)
-    {
-        return bi_mod(ctx, bi);
-    }
-
-    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
-
-    /* do outer partial multiply */
-    q2 = partial_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
-    q3 = comp_right_shift(q2, k+1);
-    r1 = comp_mod(bi, k+1);
-
-    /* do inner partial multiply */
-    r2 = comp_mod(partial_multiply(ctx, q3, bim, k+1, 0), k+1);
-    r = bi_subtract(ctx, r1, r2, NULL);
-
-    /* if (r >= m) r = r - m; */
-    if (bi_compare(r, bim) >= 0)
-    {
-        r = bi_subtract(ctx, r, bim, NULL);
-    }
-
-    return r;
-}
-#endif /* CONFIG_BIGINT_BARRETT */
-
-#ifdef CONFIG_BIGINT_SLIDING_WINDOW
-/*
- * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
- */
-static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
-{
-    int k = 1, i;
-    bigint *g2;
-
-    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
-    {
-        k <<= 1;
-    }
-
-    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
-    ctx->g[0] = bi_clone(ctx, g1);
-    bi_permanent(ctx->g[0]);
-    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
-
-    for (i = 1; i < k; i++)
-    {
-        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
-        bi_permanent(ctx->g[i]);
-    }
-
-    bi_free(ctx, g2);
-    ctx->window = k;
-}
-#endif
-
-/**
- * @brief Perform a modular exponentiation.
- *
- * This function requires bi_set_mod() to have been called previously. This is 
- * one of the optimisations used for performance.
- * @param ctx [in]  The bigint session context.
- * @param bi  [in]  The bigint on which to perform the mod power operation.
- * @param biexp [in] The bigint exponent.
- * @see bi_set_mod().
- */
-bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
-{
-    int i = find_max_exp_index(biexp), j, window_size = 1;
-    bigint *biR = int_to_bi(ctx, 1);
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    uint8_t mod_offset = ctx->mod_offset;
-    if (!ctx->use_classical)
-    {
-        /* preconvert */
-        bi = bi_mont(ctx, 
-                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
-        bi_free(ctx, biR);
-        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
-    }
-#endif
-
-    check(bi);
-    check(biexp);
-
-#ifdef CONFIG_BIGINT_SLIDING_WINDOW
-    for (j = i; j > 32; j /= 5) /* work out an optimum size */
-        window_size++;
-
-    /* work out the slide constants */
-    precompute_slide_window(ctx, window_size, bi);
-#else   /* just one constant */
-    ctx->g = (bigint **)malloc(sizeof(bigint *));
-    ctx->g[0] = bi_clone(ctx, bi);
-    ctx->window = 1;
-    bi_permanent(ctx->g[0]);
-#endif
-
-    /* if sliding-window is off, then only one bit will be done at a time and
-     * will reduce to standard left-to-right exponentiation */
-    do
-    {
-        if (exp_bit_is_one(biexp, i))
-        {
-            int l = i-window_size+1;
-            int part_exp = 0;
-
-            if (l < 0)  /* LSB of exponent will always be 1 */
-                l = 0;
-            else
-            {
-                while (exp_bit_is_one(biexp, l) == 0)
-                    l++;    /* go back up */
-            }
-
-            /* build up the section of the exponent */
-            for (j = i; j >= l; j--)
-            {
-                biR = bi_residue(ctx, bi_square(ctx, biR));
-                if (exp_bit_is_one(biexp, j))
-                    part_exp++;
-
-                if (j != l)
-                    part_exp <<= 1;
-            }
-
-            part_exp = (part_exp-1)/2;  /* adjust for array */
-            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
-            i = l-1;
-        }
-        else    /* square it */
-        {
-            biR = bi_residue(ctx, bi_square(ctx, biR));
-            i--;
-        }
-    } while (i >= 0);
-     
-    /* cleanup */
-    for (i = 0; i < ctx->window; i++)
-    {
-        bi_depermanent(ctx->g[i]);
-        bi_free(ctx, ctx->g[i]);
-    }
-
-    free(ctx->g);
-    bi_free(ctx, bi);
-    bi_free(ctx, biexp);
-#if defined CONFIG_BIGINT_MONTGOMERY
-    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
-#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
-    return biR;
-#endif
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * @brief Perform a modular exponentiation using a temporary modulus.
- *
- * We need this function to check the signatures of certificates. The modulus
- * of this function is temporary as it's just used for authentication.
- * @param ctx [in]  The bigint session context.
- * @param bi  [in]  The bigint to perform the exp/mod.
- * @param bim [in]  The temporary modulus.
- * @param biexp [in] The bigint exponent.
- * @see bi_set_mod().
- */
-bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
-{
-    bigint *biR, *tmp_biR;
-
-    /* Set up a temporary bigint context and transfer what we need between
-     * them. We need to do this since we want to keep the original modulus
-     * which is already in this context. This operation is only called when
-     * doing peer verification, and so is not expensive :-) */
-    BI_CTX *tmp_ctx = bi_initialize();
-    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
-    tmp_biR = bi_mod_power(tmp_ctx, 
-                bi_clone(tmp_ctx, bi), 
-                bi_clone(tmp_ctx, biexp));
-    biR = bi_clone(ctx, tmp_biR);
-    bi_free(tmp_ctx, tmp_biR);
-    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
-    bi_terminate(tmp_ctx);
-
-    bi_free(ctx, bi);
-    bi_free(ctx, bim);
-    bi_free(ctx, biexp);
-    return biR;
-}
-#endif
-/** @} */
diff --git a/ssl/bigint.h b/ssl/bigint.h
deleted file mode 100644
index 5a13c5ae42..0000000000
--- a/ssl/bigint.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#ifndef BIGINT_HEADER
-#define BIGINT_HEADER
-
-#include "config.h"
-
-/* enable features based on a 'super-set' capbaility. */
-#if defined(CONFIG_SSL_FULL_MODE) 
-#define CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_CERT_VERIFICATION
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-#define CONFIG_SSL_CERT_VERIFICATION
-#endif
-
-#include "os_port.h"
-#include "bigint_impl.h"
-
-#ifndef CONFIG_BIGINT_CHECK_ON
-#define check(A)                /**< disappears in normal production mode */
-#endif
-BI_CTX *bi_initialize(void);
-void bi_terminate(BI_CTX *ctx);
-void bi_permanent(bigint *bi);
-void bi_depermanent(bigint *bi);
-void bi_free(BI_CTX *ctx, bigint *bi);
-bigint *bi_copy(bigint *bi);
-bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
-void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
-bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
-bigint *int_to_bi(BI_CTX *ctx, comp i);
-
-/* the functions that actually do something interesting */
-bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
-        bigint *bib, int *is_negative);
-bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
-bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
-bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
-int bi_compare(bigint *bia, bigint *bib);
-void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
-void bi_free_mod(BI_CTX *ctx, int mod_offset);
-
-#ifdef CONFIG_SSL_FULL_MODE
-void bi_print(const char *label, bigint *bi);
-bigint *bi_str_import(BI_CTX *ctx, const char *data);
-#endif
-
-/**
- * @def bi_mod
- * Find the residue of B. bi_set_mod() must be called before hand.
- */
-#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
-
-/**
- * bi_residue() is technically the same as bi_mod(), but it uses the
- * appropriate reduction technique (which is bi_mod() when doing classical
- * reduction).
- */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-#define bi_residue(A, B)         bi_mont(A, B)
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
-#elif defined(CONFIG_BIGINT_BARRETT)
-#define bi_residue(A, B)         bi_barrett(A, B)
-bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
-#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
-#define bi_residue(A, B)         bi_mod(A, B)
-#endif
-
-#ifdef CONFIG_BIGINT_SQUARE
-bigint *bi_square(BI_CTX *ctx, bigint *bi);
-#else
-#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
-#endif
-
-#endif
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
deleted file mode 100644
index 762a7ccbb2..0000000000
--- a/ssl/bigint_impl.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#ifndef BIGINT_IMPL_HEADER
-#define BIGINT_IMPL_HEADER
-
-/* Maintain a number of precomputed variables when doing reduction */
-#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
-#ifdef CONFIG_BIGINT_CRT
-#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
-#define BIGINT_Q_OFFSET     2    /**< q module offset. */
-#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
-#else
-#define BIGINT_NUM_MODS     1    
-#endif
-
-/* Architecture specific functions for big ints */
-#ifdef WIN32
-#define COMP_RADIX          4294967296i64         
-#define COMP_BIG_MSB        0x8000000000000000i64 
-#else
-#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
-#define COMP_BIG_MSB        0x8000000000000000ULL /**< (Max dbl comp + 1)/ 2 */
-#endif
-#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
-
-typedef uint32_t comp;	        /**< A single precision component. */
-typedef uint64_t long_comp;     /**< A double precision component. */
-typedef int64_t slong_comp;     /**< A signed double precision component. */
-
-/**
- * @struct  _bigint
- * @brief A big integer basic object
- */
-struct _bigint
-{
-    struct _bigint* next;       /**< The next bigint in the cache. */
-    short size;                 /**< The number of components in this bigint. */
-    short max_comps;            /**< The heapsize allocated for this bigint */
-    int refs;                   /**< An internal reference count. */
-    comp* comps;                /**< A ptr to the actual component data */
-};
-
-typedef struct _bigint bigint;  /**< An alias for _bigint */
-
-/**
- * Maintains the state of the cache, and a number of variables used in 
- * reduction.
- */
-typedef struct /**< A big integer "session" context. */
-{
-    bigint *active_list;                    /**< Bigints currently used. */
-    bigint *free_list;                      /**< Bigints not used. */
-    bigint *bi_radix;                       /**< The radix used. */
-    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
-    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
-    comp N0_dash[BIGINT_NUM_MODS];
-#elif defined(CONFIG_BIGINT_BARRETT)
-    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
-#endif
-    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
-    bigint **g;                 /**< Used by sliding-window. */
-    int window;                 /**< The size of the sliding window */
-    int active_count;           /**< Number of active bigints. */
-    int free_count;             /**< Number of free bigints. */
-
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    uint8_t use_classical;      /**< Use classical reduction. */
-#endif
-    uint8_t mod_offset;         /**< The mod offset we are using */
-} BI_CTX;
-
-#ifndef WIN32
-#define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
-#define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
-#endif
-
-#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
-
-#define V1      v->comps[v->size-1]                 /**< v1 for division */
-#define V2      v->comps[v->size-2]                 /**< v2 for division */
-#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
-#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
-
-#endif
diff --git a/ssl/cert.h b/ssl/cert.h
deleted file mode 100644
index 972a9e4b5e..0000000000
--- a/ssl/cert.h
+++ /dev/null
@@ -1,43 +0,0 @@
-unsigned char default_certificate[] = {
-  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
-  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
-  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
-  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
-  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
-  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
-  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
-  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
-  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
-  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
-  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
-  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
-  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
-  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
-  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
-  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
-  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
-  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
-  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
-  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
-  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
-  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
-  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
-  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
-  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
-  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
-  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
-  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
-  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
-  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
-  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
-  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
-  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
-  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
-};
-unsigned int default_certificate_len = 475;
diff --git a/ssl/crypto.h b/ssl/crypto.h
deleted file mode 100644
index 9bf446f246..0000000000
--- a/ssl/crypto.h
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file crypto.h
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "bigint.h"
-
-/**************************************************************************
- * AES declarations 
- **************************************************************************/
-
-#define AES_MAXROUNDS			14
-#define AES_BLOCKSIZE           16
-#define AES_IV_SIZE             16
-
-typedef struct aes_key_st 
-{
-    uint16_t rounds;
-    uint16_t key_size;
-    uint32_t ks[(AES_MAXROUNDS+1)*8];
-    uint8_t iv[AES_IV_SIZE];
-} AES_CTX;
-
-typedef enum
-{
-    AES_MODE_128,
-    AES_MODE_256
-} AES_MODE;
-
-void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
-        const uint8_t *iv, AES_MODE mode);
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
-        uint8_t *out, int length);
-void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
-void AES_convert_key(AES_CTX *ctx);
-
-/**************************************************************************
- * RC4 declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    int x, y, m[256];
-} RC4_CTX;
-
-void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
-void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
-
-/**************************************************************************
- * SHA1 declarations 
- **************************************************************************/
-
-#define SHA1_SIZE   20
-
-/*
- *  This structure will hold context information for the SHA-1
- *  hashing operation
- */
-typedef struct 
-{
-    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
-    uint32_t Length_Low;            /* Message length in bits      */
-    uint32_t Length_High;           /* Message length in bits      */
-    uint16_t Message_Block_Index;   /* Index into message block array   */
-    uint8_t Message_Block[64];      /* 512-bit message blocks      */
-} SHA1_CTX;
-
-void SHA1Init(SHA1_CTX *);
-void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
-void SHA1Final(SHA1_CTX *, uint8_t *digest);
-
-/**************************************************************************
- * MD5 declarations 
- **************************************************************************/
-
-/* MD5 context. */
-
-#define MD5_SIZE    16
-
-typedef struct 
-{
-  uint32_t state[4];        /* state (ABCD) */
-  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
-  uint8_t buffer[64];       /* input buffer */
-} MD5_CTX;
-
-EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
-EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
-EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
-
-/**************************************************************************
- * HMAC declarations 
- **************************************************************************/
-void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-/**************************************************************************
- * RNG declarations 
- **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
-EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
-
-/**************************************************************************
- * RSA declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    bigint *m;              /* modulus */
-    bigint *e;              /* public exponent */
-    bigint *d;              /* private exponent */
-#ifdef CONFIG_BIGINT_CRT
-    bigint *p;              /* p as in m = pq */
-    bigint *q;              /* q as in m = pq */
-    bigint *dP;             /* d mod (p-1) */
-    bigint *dQ;             /* d mod (q-1) */
-    bigint *qInv;           /* q^-1 mod p */
-#endif
-    int num_octets;
-    BI_CTX *bi_ctx;
-} RSA_CTX;
-
-void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#ifdef CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-        );
-void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len);
-void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int is_decryption);
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing);
-void RSA_print(const RSA_CTX *ctx);
-#endif
-
-/**************************************************************************
- * ASN1 declarations 
- **************************************************************************/
-#define X509_OK                             0
-#define X509_NOT_OK                         -1
-#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
-#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
-#define X509_VFY_ERROR_NOT_YET_VALID        -4
-#define X509_VFY_ERROR_EXPIRED              -5
-#define X509_VFY_ERROR_SELF_SIGNED          -6
-#define X509_VFY_ERROR_INVALID_CHAIN        -7
-#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
-#define X509_INVALID_PRIV_KEY               -9
-
-/*
- * The Distinguished Name
- */
-#define X509_NUM_DN_TYPES                   3
-#define X509_COMMON_NAME                    0
-#define X509_ORGANIZATION                   1
-#define X509_ORGANIZATIONAL_TYPE            2
-
-#define ASN1_INTEGER            0x02
-#define ASN1_BIT_STRING         0x03
-#define ASN1_OCTET_STRING       0x04
-#define ASN1_NULL               0x05
-#define ASN1_OID                0x06
-#define ASN1_PRINTABLE_STR      0x13
-#define ASN1_TELETEX_STR        0x14
-#define ASN1_IA5_STR            0x16
-#define ASN1_UTC_TIME           0x17
-#define ASN1_SEQUENCE           0x30
-#define ASN1_SET                0x31
-#define ASN1_IMPLICIT_TAG       0x80
-#define ASN1_EXPLICIT_TAG       0xa0
-
-#define SALT_SIZE               8
-
-struct _x509_ctx
-{
-    char *ca_cert_dn[X509_NUM_DN_TYPES];
-    char *cert_dn[X509_NUM_DN_TYPES];
-#if defined(_WIN32_WCE)
-    long not_before;
-    long not_after;
-#else
-    time_t not_before;
-    time_t not_after;
-#endif
-    uint8_t *signature;
-    uint16_t sig_len;
-    uint8_t sig_type;
-    RSA_CTX *rsa_ctx;
-    bigint *digest;
-    struct _x509_ctx *next;
-};
-
-typedef struct _x509_ctx X509_CTX;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-typedef struct 
-{
-    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
-} CA_CERT_CTX;
-#endif
-
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
-void x509_free(X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-void x509_display_error(int error);
-#endif
-
-/**************************************************************************
- * MISC declarations 
- **************************************************************************/
-
-extern const char * const unsupported_str;
-
-typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
-typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-int get_file(const char *filename, uint8_t **buf);
-
-#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
-EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
-#else
-    #define print_blob(...)
-#endif
-
-EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
-                    uint8_t *out, int *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
deleted file mode 100644
index 8bbbfbcb5e..0000000000
--- a/ssl/crypto_misc.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Some misc. routines to help things out
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include "crypto.h"
-#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
-#include "wincrypt.h"
-#endif
-
-#ifndef WIN32
-static int rng_fd = -1;
-#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-static HCRYPTPROV gCryptProv;
-#endif
-
-#if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
-static uint64_t rng_num;
-#endif
-
-static int rng_ref_count;
-const char * const unsupported_str = "Error: feature not supported\n";
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-/** 
- * Retrieve a file and put it into memory
- * @return The size of the file, or -1 on failure.
- */
-int get_file(const char *filename, uint8_t **buf)
-{
-    int total_bytes = 0;
-    int bytes_read = 0; 
-    int filesize;
-    FILE *stream = fopen(filename, "rb");
-
-    if (stream == NULL)
-    {
-#ifdef CONFIG_SSL_FULL_MODE         
-        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
-#endif
-        return -1;
-    }
-
-    /* Win CE doesn't support stat() */
-    fseek(stream, 0, SEEK_END);
-    filesize = ftell(stream);
-    *buf = (uint8_t *)malloc(filesize);
-    fseek(stream, 0, SEEK_SET);
-
-    do
-    {
-        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
-        total_bytes += bytes_read;
-    } while (total_bytes < filesize && bytes_read > 0);
-    
-    fclose(stream);
-    return filesize;
-}
-#endif
-
-/**
- * Initialise the Random Number Generator engine.
- * - On Win32 use the platform SDK's crypto engine.
- * - On Linux use /dev/urandom
- * - If none of these work then use a custom RNG.
- */
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
-{
-    if (rng_ref_count == 0)
-    {
-#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-        rng_fd = ax_open("/dev/urandom", O_RDONLY);
-#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-        if (!CryptAcquireContext(&gCryptProv, 
-                          NULL, NULL, PROV_RSA_FULL, 0))
-        {
-            printf("%s CryptoLib %x", unsupported_str, GetLastError());
-            exit(1);
-        }
-#else   
-        /* help seed with the user's private key - this is a number that 
-           should be hard to find, due to the fact that it relies on knowing 
-           the private key */
-        int i;  
-
-        for (i = 0; i < size/(int)sizeof(uint64_t); i++)
-            rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
-
-        srand((long)seed_buf);  /* use the stack ptr as another rnd seed */
-#endif
-    }
-
-    rng_ref_count++;
-}
-
-/**
- * Terminate the RNG engine.
- */
-EXP_FUNC void STDCALL RNG_terminate(void)
-{
-    if (--rng_ref_count == 0)
-    {
-#ifndef WIN32
-        close(rng_fd);
-#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-        CryptReleaseContext(gCryptProv, 0);
-#endif
-    }
-}
-
-/**
- * Set a series of bytes with a random number. Individual bytes can be 0
- */
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
-{   
-#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-    /* use the Linux default */
-    read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
-#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    /* use Microsoft Crypto Libraries */
-    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
-#else   /* nothing else to use, so use a custom RNG */
-    /* The method we use when we've got nothing better. Use RC4, time 
-       and a couple of random seeds to generate a random sequence */
-    RC4_CTX rng_ctx;
-    struct timeval tv;
-    uint64_t big_num1, big_num2;
-
-    gettimeofday(&tv, NULL);    /* yes I know we shouldn't do this */
-
-    /* all numbers by themselves are pretty simple, but combined should 
-     * be a challenge */
-    big_num1 = (uint64_t)tv.tv_sec*(tv.tv_usec+1); 
-    big_num2 = (uint64_t)rand()*big_num1;
-    big_num1 ^= rng_num;
-
-    memcpy(rand_data, &big_num1, sizeof(uint64_t));
-    if (num_rand_bytes > sizeof(uint64_t))
-        memcpy(&rand_data[8], &big_num2, sizeof(uint64_t));
-
-    if (num_rand_bytes > 16)
-    {
-        /* clear rest of data */
-        memset(&rand_data[16], 0, num_rand_bytes-16); 
-    }
-
-    RC4_setup(&rng_ctx, rand_data, 16); /* use as a key */
-    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
-    
-    /* use last 8 bytes for next time */
-    memcpy(&rng_num, &rand_data[num_rand_bytes-8], sizeof(uint64_t));    
-#endif
-}
-
-/**
- * Set a series of bytes with a random number. Individual bytes are not zero.
- */
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
-{
-    int i;
-    get_random(num_rand_bytes, rand_data);
-
-    for (i = 0; i < num_rand_bytes; i++)
-    {
-        while (rand_data[i] == 0)  /* can't be 0 */
-            rand_data[i] = (uint8_t)(rand());
-    }
-}
-
-/**
- * Some useful diagnostic routines
- */
-#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
-int hex_finish;
-int hex_index;
-
-static void print_hex_init(int finish)
-{
-    hex_finish = finish;
-    hex_index = 0;
-}
-
-static void print_hex(uint8_t hex)
-{
-    static int column;
-
-    if (hex_index == 0)
-    {
-        column = 0;
-    }
-
-    printf("%02x ", hex);
-    if (++column == 8)
-    {
-        printf(": ");
-    }
-    else if (column >= 16)
-    {
-        printf("\n");
-        column = 0;
-    }
-
-    if (++hex_index >= hex_finish && column > 0)
-    {
-        printf("\n");
-    }
-}
-
-/**
- * Spit out a blob of data for diagnostics. The data is is a nice column format
- * for easy reading.
- *
- * @param format   [in]    The string (with possible embedded format characters)
- * @param size     [in]    The number of numbers to print
- * @param data     [in]    The start of data to use
- * @param ...      [in]    Any additional arguments
- */
-EXP_FUNC void STDCALL print_blob(const char *format, 
-        const uint8_t *data, int size, ...)
-{
-    int i;
-    char tmp[80];
-    va_list(ap);
-
-    va_start(ap, size);
-    sprintf(tmp, "%s\n", format);
-    vprintf(tmp, ap);
-    print_hex_init(size);
-    for (i = 0; i < size; i++)
-    {
-        print_hex(data[i]);
-    }
-
-    va_end(ap);
-    TTY_FLUSH();
-}
-#elif defined(WIN32)
-/* VC6.0 doesn't handle variadic macros */
-EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
-        int size, ...) {}
-#endif
-
-#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
-/* base64 to binary lookup table */
-static const uint8_t map[128] =
-{
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
-    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
-    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
-    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
-    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
-    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
-    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-    49,  50,  51, 255, 255, 255, 255, 255
-};
-
-EXP_FUNC int STDCALL base64_decode(const char *in, int len,
-                    uint8_t *out, int *outlen)
-{
-    int g, t, x, y, z;
-    uint8_t c;
-    int ret = -1;
-
-    g = 3;
-    for (x = y = z = t = 0; x < len; x++)
-    {
-        if ((c = map[in[x]&0x7F]) == 0xff)
-            continue;
-
-        if (c == 254)   /* this is the end... */
-        {
-            c = 0;
-
-            if (--g < 0)
-                goto error;
-        }
-        else if (g != 3) /* only allow = at end */
-            goto error;
-
-        t = (t<<6) | c;
-
-        if (++y == 4)
-        {
-            out[z++] = (uint8_t)((t>>16)&255);
-
-            if (g > 1)
-                out[z++] = (uint8_t)((t>>8)&255);
-
-            if (g > 2)
-                out[z++] = (uint8_t)(t&255);
-
-            y = t = 0;
-        }
-    }
-
-    if (y != 0)
-        goto error;
-
-    if (outlen)
-        *outlen = z;
-    ret = 0;
-
-error:
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret < 0)
-        printf("Error: Invalid base64\n"); TTY_FLUSH();
-#endif
-    TTY_FLUSH();
-    return ret;
-
-}
-#endif
-
diff --git a/ssl/hmac.c b/ssl/hmac.c
deleted file mode 100644
index 8ac6ad3c1c..0000000000
--- a/ssl/hmac.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * HMAC implementation - This code was originally taken from RFC2104
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/**
- * Perform HMAC-MD5
- */
-void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    MD5_CTX context;
-    uint8_t k_ipad[64];
-    uint8_t k_opad[64];
-    int i;
-
-    memset(k_ipad, 0, sizeof k_ipad);
-    memset(k_opad, 0, sizeof k_opad);
-    memcpy(k_ipad, key, key_len);
-    memcpy(k_opad, key, key_len);
-
-    for (i = 0; i < 64; i++) 
-    {
-        k_ipad[i] ^= 0x36;
-        k_opad[i] ^= 0x5c;
-    }
-
-    MD5Init(&context);
-    MD5Update(&context, k_ipad, 64);
-    MD5Update(&context, msg, length);
-    MD5Final(&context, digest);
-    MD5Init(&context);
-    MD5Update(&context, k_opad, 64);
-    MD5Update(&context, digest, MD5_SIZE);
-    MD5Final(&context, digest);
-}
-
-/**
- * Perform HMAC-SHA1
- */
-void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    SHA1_CTX context;
-    uint8_t k_ipad[64];
-    uint8_t k_opad[64];
-    int i;
-
-    memset(k_ipad, 0, sizeof k_ipad);
-    memset(k_opad, 0, sizeof k_opad);
-    memcpy(k_ipad, key, key_len);
-    memcpy(k_opad, key, key_len);
-
-    for (i = 0; i < 64; i++) 
-    {
-        k_ipad[i] ^= 0x36;
-        k_opad[i] ^= 0x5c;
-    }
-
-    SHA1Init(&context);
-    SHA1Update(&context, k_ipad, 64);
-    SHA1Update(&context, msg, length);
-    SHA1Final(&context, digest);
-    SHA1Init(&context);
-    SHA1Update(&context, k_opad, 64);
-    SHA1Update(&context, digest, SHA1_SIZE);
-    SHA1Final(&context, digest);
-}
diff --git a/ssl/loader.c b/ssl/loader.c
deleted file mode 100644
index 4c8c738c2f..0000000000
--- a/ssl/loader.c
+++ /dev/null
@@ -1,377 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Load certificates/keys into memory. These can be in many different formats.
- * PEM support and other formats can be processed here.
- *
- * The PEM private keys may be optionally encrypted with AES128 or AES256. 
- * The encrypted PEM keys were generated with something like:
- *
- * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "ssl.h"
-
-static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
-                    SSLObjLoader *ssl_obj, const char *password);
-#ifdef CONFIG_SSL_HAS_PEM
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
-                    const char *password);
-#endif
-
-/*
- * Load a file into memory that is in binary DER (or ascii PEM) format.
- */
-EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
-                            const char *filename, const char *password)
-{
-#ifndef CONFIG_SSL_SKELETON_MODE
-    static const char * const begin = "-----BEGIN";
-    int ret = SSL_OK;
-    SSLObjLoader *ssl_obj = NULL;
-
-    if (filename == NULL)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-
-    ssl_obj->len = get_file(filename, &ssl_obj->buf);
-
-    if (ssl_obj->len <= 0)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    /* is the file a PEM file? */
-    if (strncmp(ssl_obj->buf, begin, strlen(begin)) == 0)
-    {
-#ifdef CONFIG_SSL_HAS_PEM
-        ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
-#else
-        printf(unsupported_str);
-        ret = SSL_ERROR_NOT_SUPPORTED;
-#endif
-    }
-    else
-        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
-
-error:
-    ssl_obj_free(ssl_obj);
-    return ret;
-#else
-    printf(unsupported_str);
-    return SSL_ERROR_NOT_SUPPORTED;
-#endif /* CONFIG_SSL_SKELETON_MODE */
-}
-
-/*
- * Transfer binary data into the object loader.
- */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
-        const uint8_t *data, int len, const char *password)
-{
-    int ret;
-
-    SSLObjLoader *ssl_obj;
-    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-    ssl_obj->buf = (uint8_t *)malloc(len);
-    memcpy(ssl_obj->buf, data, len);
-    ssl_obj->len = len;
-    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
-    ssl_obj_free(ssl_obj);
-    return ret;
-}
-
-/*
- * Actually work out what we are doing 
- */
-static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
-                    SSLObjLoader *ssl_obj, const char *password)
-{
-    int ret = SSL_OK;
-
-    switch (obj_type)
-    {
-        case SSL_OBJ_RSA_KEY:
-            ret = add_private_key(ssl_ctx, ssl_obj);
-            break;
-
-        case SSL_OBJ_X509_CERT:
-            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
-            break;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case SSL_OBJ_X509_CACERT:
-            ret = add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
-            break;
-#endif
-
-#ifdef CONFIG_SSL_USE_PKCS12
-        case SSL_OBJ_PKCS8:
-            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
-            break;
-
-        case SSL_OBJ_PKCS12:
-            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
-            break;
-#endif
-        default:
-            printf(unsupported_str);
-            ret = SSL_ERROR_NOT_SUPPORTED;
-            break;
-    }
-
-    return ret;
-}
-
-/*
- * Clean up our mess.
- */
-void ssl_obj_free(SSLObjLoader *ssl_obj)
-{
-    if (ssl_obj)
-    {
-        free(ssl_obj->buf);
-        free(ssl_obj);
-    }
-}
-
-/*
- * Support for PEM encoded keys/certificates.
- */
-#ifdef CONFIG_SSL_HAS_PEM
-
-#define NUM_PEM_TYPES               3
-#define IV_SIZE                     16
-#define IS_RSA_PRIVATE_KEY          0
-#define IS_ENCRYPTED_PRIVATE_KEY    1
-#define IS_CERTIFICATE              2
-
-static const char * const begins[NUM_PEM_TYPES] =
-{
-    "-----BEGIN RSA PRIVATE KEY-----",
-    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
-    "-----BEGIN CERTIFICATE-----",
-};
-
-static const char * const ends[NUM_PEM_TYPES] =
-{
-    "-----END RSA PRIVATE KEY-----",
-    "-----END ENCRYPTED PRIVATE KEY-----",
-    "-----END CERTIFICATE-----",
-};
-
-static const char * const aes_str[2] =
-{
-    "DEK-Info: AES-128-CBC,",
-    "DEK-Info: AES-256-CBC," 
-};
-
-/**
- * Take a base64 blob of data and decrypt it (using AES) into its 
- * proper ASN.1 form.
- */
-static int pem_decrypt(const uint8_t *where, const uint8_t *end,
-                        const char *password, SSLObjLoader *ssl_obj)
-{
-    int ret = -1;
-    int is_aes_256 = 0;
-    uint8_t *start = NULL;
-    uint8_t iv[IV_SIZE];
-    int i, pem_size;
-    MD5_CTX md5_ctx;
-    AES_CTX aes_ctx;
-    uint8_t key[32];        /* AES256 size */
-
-    if (password == NULL)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: need a password for this PEM file\n");
-#endif
-        goto error;
-    }
-
-    if ((start = (uint8_t *)strstr(
-                    (const char *)where, aes_str[0])))          /* AES128? */
-    {
-        start += strlen(aes_str[0]);
-    }
-    else if ((start = (uint8_t *)strstr(
-                    (const char *)where, aes_str[1])))          /* AES256? */
-    {
-        is_aes_256 = 1;
-        start += strlen(aes_str[1]);
-    }
-    else 
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Unsupported password cipher\n");
-#endif
-        goto error;
-    }
-
-    /* convert from hex to binary - assumes uppercase hex */
-    for (i = 0; i < IV_SIZE; i++)
-    {
-        uint8_t c = *start++ - '0';
-        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
-        c = *start++ - '0';
-        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
-    }
-
-    while (*start == '\r' || *start == '\n')
-        start++;
-
-    /* turn base64 into binary */
-    pem_size = (int)(end-start);
-    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
-        goto error;
-
-    /* work out the key */
-    MD5Init(&md5_ctx);
-    MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-    MD5Update(&md5_ctx, iv, SALT_SIZE);
-    MD5Final(&md5_ctx, key);
-
-    if (is_aes_256)
-    {
-        MD5Init(&md5_ctx);
-        MD5Update(&md5_ctx, key, MD5_SIZE);
-        MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-        MD5Update(&md5_ctx, iv, SALT_SIZE);
-        MD5Final(&md5_ctx, &key[MD5_SIZE]);
-    }
-
-    /* decrypt using the key/iv */
-    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
-    AES_convert_key(&aes_ctx);
-    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
-    ret = 0;
-
-error:
-    return ret; 
-}
-
-/**
- * Take a base64 blob of data and turn it into its proper ASN.1 form.
- */
-static int new_pem_obj(SSL_CTX *ssl_ctx, uint8_t *where, 
-                    int remain, const char *password)
-{
-    int ret = SSL_OK;
-    SSLObjLoader *ssl_obj = NULL;
-    int i, pem_size, obj_type;
-    uint8_t *start = NULL, *end = NULL;
-
-    for (i = 0; i < NUM_PEM_TYPES; i++)
-    {
-        if ((start = (uint8_t *)strstr((const char *)where, begins[i])) &&
-                (end = (uint8_t *)strstr((const char *)where, ends[i])))
-        {
-            remain -= (int)(end-start);
-            start += strlen(begins[i]);
-            pem_size = (int)(end-start);
-
-            ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-
-            /* 4/3 bigger than what we need but so what */
-            ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
-
-            if (i == IS_RSA_PRIVATE_KEY && 
-                        strstr((const char *)start, "Proc-Type:") && 
-                        strstr((const char *)start, "4,ENCRYPTED"))
-            {
-                /* check for encrypted PEM file */
-                if (pem_decrypt(start, end, password, ssl_obj) < 0)
-                    goto error;
-            }
-            else if (base64_decode(start, pem_size, 
-                        ssl_obj->buf, &ssl_obj->len) != 0)
-                goto error;
-
-            switch (i)
-            {
-                case IS_RSA_PRIVATE_KEY:
-                    obj_type = SSL_OBJ_RSA_KEY;
-                    break;
-
-                case IS_ENCRYPTED_PRIVATE_KEY:
-                    obj_type = SSL_OBJ_PKCS8;
-                    break;
-
-                case IS_CERTIFICATE:
-                    obj_type = SSL_OBJ_X509_CERT;
-                    break;
-
-                default:
-                    goto error;
-            }
-
-            /* In a format we can now understand - so process it */
-            if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
-                goto error;
-
-            end += strlen(ends[i]);
-            remain -= strlen(ends[i]);
-            while (remain > 0 && (*end == '\r' || *end == '\n'))
-            {
-                end++;
-                remain--;
-            }
-
-            break;
-        }
-    }
-
-    if (i == NUM_PEM_TYPES)
-        goto error;
-
-    /* more PEM stuff to process? */
-    if (remain)
-        ret = new_pem_obj(ssl_ctx, end, remain, password);
-
-error:
-    ssl_obj_free(ssl_obj);
-    return ret;
-}
-
-/*
- * Load a file into memory that is in ASCII PEM format.
- */
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
-                                        const char *password)
-{
-    uint8_t *start;
-
-    /* add a null terminator */
-    ssl_obj->len++;
-    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
-    ssl_obj->buf[ssl_obj->len-1] = 0;
-    start = ssl_obj->buf;
-    return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
-}
-#endif /* CONFIG_SSL_HAS_PEM */
diff --git a/ssl/md5.c b/ssl/md5.c
deleted file mode 100644
index 39272d9981..0000000000
--- a/ssl/md5.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * This file implements the MD5 algorithm as defined in RFC1321
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/* Constants for MD5Transform routine.
- */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-/* ----- static functions ----- */
-static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
-static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
-static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
-
-static const uint8_t PADDING[64] = 
-{
-    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* F, G, H and I are basic MD5 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.  */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-   Rotation is separate from addition to prevent recomputation.  */
-#define FF(a, b, c, d, x, s, ac) { \
-    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define GG(a, b, c, d, x, s, ac) { \
-    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define HH(a, b, c, d, x, s, ac) { \
-    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define II(a, b, c, d, x, s, ac) { \
-    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-
-/**
- * MD5 initialization - begins an MD5 operation, writing a new ctx.
- */
-EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
-{
-    ctx->count[0] = ctx->count[1] = 0;
-
-    /* Load magic initialization constants.
-     */
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xefcdab89;
-    ctx->state[2] = 0x98badcfe;
-    ctx->state[3] = 0x10325476;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
-{
-    uint32_t x;
-    int i, partLen;
-
-    /* Compute number of bytes mod 64 */
-    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
-
-    /* Update number of bits */
-    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
-        ctx->count[1]++;
-    ctx->count[1] += ((uint32_t)len >> 29);
-
-    partLen = 64 - x;
-
-    /* Transform as many times as possible.  */
-    if (len >= partLen) 
-    {
-        memcpy(&ctx->buffer[x], msg, partLen);
-        MD5Transform(ctx->state, ctx->buffer);
-
-        for (i = partLen; i + 63 < len; i += 64)
-            MD5Transform(ctx->state, &msg[i]);
-
-        x = 0;
-    }
-    else
-        i = 0;
-
-    /* Buffer remaining input */
-    memcpy(&ctx->buffer[x], &msg[i], len-i);
-}
-
-/**
- * Return the 128-bit message digest into the user's array
- */
-EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
-{
-    uint8_t bits[8];
-    uint32_t x, padLen;
-
-    /* Save number of bits */
-    Encode(bits, ctx->count, 8);
-
-    /* Pad out to 56 mod 64.
-     */
-    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
-    padLen = (x < 56) ? (56 - x) : (120 - x);
-    MD5Update(ctx, PADDING, padLen);
-
-    /* Append length (before padding) */
-    MD5Update(ctx, bits, 8);
-
-    /* Store state in digest */
-    Encode(digest, ctx->state, MD5_SIZE);
-}
-
-/**
- * MD5 basic transformation. Transforms state based on block.
- */
-static void MD5Transform(uint32_t state[4], const uint8_t block[64])
-{
-    uint32_t a = state[0], b = state[1], c = state[2], 
-             d = state[3], x[MD5_SIZE];
-
-    Decode(x, block, 64);
-
-    /* Round 1 */
-    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
-    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
-    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
-    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
-    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
-    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
-    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
-    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
-    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
-    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
-    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-    /* Round 2 */
-    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
-    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
-    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
-    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
-    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
-    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
-    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
-    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
-    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
-    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
-    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
-    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
-    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
-    /* Round 3 */
-    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
-    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
-    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
-    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
-    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
-    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
-    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
-    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
-    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
-    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
-    /* Round 4 */
-    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
-    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
-    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
-    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
-    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
-    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
-    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
-    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
-    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
-    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
-    state[0] += a;
-    state[1] += b;
-    state[2] += c;
-    state[3] += d;
-}
-
-/**
- * Encodes input (uint32_t) into output (uint8_t). Assumes len is
- *   a multiple of 4.
- */
-static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
-{
-    uint32_t i, j;
-
-    for (i = 0, j = 0; j < len; i++, j += 4) 
-    {
-        output[j] = (uint8_t)(input[i] & 0xff);
-        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
-        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
-        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
-    }
-}
-
-/**
- *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
- *   a multiple of 4.
- */
-static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
-{
-    uint32_t i, j;
-
-    for (i = 0, j = 0; j < len; i++, j += 4)
-        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
-            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
-}
diff --git a/ssl/openssl.c b/ssl/openssl.c
deleted file mode 100644
index 4254bc7026..0000000000
--- a/ssl/openssl.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Lesser License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * Enable a subset of openssl compatible functions. We don't aim to be 100%
- * compatible - just to be able to do basic ports etc.
- *
- * Only really tested on mini_httpd, so I'm not too sure how extensive this
- * port is.
- */
-
-#include "config.h"
-
-#ifdef CONFIG_OPENSSL_COMPATIBLE
-#include <stdlib.h>
-#include <strings.h>
-#include <stdarg.h>
-#include "ssl.h"
-
-#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
-
-void *SSLv23_server_method(void) { return NULL; }
-void *SSLv3_server_method(void) { return NULL; }
-void *TLSv1_server_method(void) { return NULL; }
-void *SSLv23_client_method(void) { return NULL; }
-void *SSLv3_client_method(void) { return NULL; }
-void *TLSv1_client_method(void) { return NULL; }
-
-typedef void * (*ssl_func_type_t)(void);
-typedef void * (*bio_func_type_t)(void);
-
-typedef struct
-{
-    ssl_func_type_t ssl_func_type;
-} OPENSSL_CTX;
-
-SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
-{
-    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
-    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
-    OPENSSL_CTX_ATTR->ssl_func_type = meth;
-    return ssl_ctx;
-}
-
-void SSL_CTX_free(SSL_CTX * ssl_ctx)
-{
-    free(ssl_ctx->bonus_attr);
-    ssl_ctx_free(ssl_ctx);
-}
-
-SSL * SSL_new(SSL_CTX *ssl_ctx)
-{
-    SSL *ssl;
-    ssl_func_type_t ssl_func_type;
-
-    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
-    ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    if (ssl_func_type == SSLv23_client_method ||
-        ssl_func_type == SSLv3_client_method ||
-        ssl_func_type == TLSv1_client_method)
-    {
-        SET_SSL_FLAG(SSL_IS_CLIENT);
-    }
-    else
-#endif
-    {
-        ssl->next_state = HS_CLIENT_HELLO;
-    }
-
-    return ssl;
-}
-
-int SSL_set_fd(SSL *s, int fd)
-{
-    s->client_fd = fd;
-    return 1;   /* always succeeds */
-}
-
-int SSL_accept(SSL *ssl)
-{
-    while (ssl_read(ssl, NULL) == SSL_OK)
-    {
-        if (ssl->next_state == HS_CLIENT_HELLO)
-            return 1;   /* we're done */
-    }
-
-    return -1;
-}
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-int SSL_connect(SSL *ssl)
-{
-    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
-}
-#endif
-
-void SSL_free(SSL *ssl)
-{
-    ssl_free(ssl);
-}
-
-int SSL_read(SSL *ssl, void *buf, int num)
-{
-    uint8_t *read_buf;
-    int ret;
-
-    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
-
-    if (ret > SSL_OK)
-    {
-        memcpy(buf, read_buf, ret > num ? num : ret);
-    }
-
-    return ret;
-}
-
-int SSL_write(SSL *ssl, const void *buf, int num)
-{
-    return ssl_write(ssl, buf, num);
-}
-
-int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
-{
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
-}
-
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
-{
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
-}
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
-{
-    return (ssl_obj_memory_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
-}
-
-#if 0
-const uint8_t *SSL_get_session(const SSL *ssl)
-{
-    /* TODO: return SSL_SESSION type */
-    return ssl_get_session_id(ssl);
-}
-#endif
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
-{
-    return 1;
-}
-
-int SSL_CTX_set_cipher_list(SSL *s, const char *str)
-{
-    return 1;
-}
-
-int SSL_get_error(const SSL *ssl, int ret)
-{
-    ssl_display_error(ret);
-    return 0;   /* TODO: return proper return code */
-}
-
-void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
-int SSL_library_init(void ) { return 1; }
-void SSL_load_error_strings(void ) {}
-void ERR_print_errors_fp(FILE *fp) {}
-long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
-                            return CONFIG_SSL_EXPIRY_TIME*3600; }
-long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
-                            return SSL_CTX_get_timeout(ssl_ctx); }
-void BIO_printf(FILE *f, const char *format, ...)
-{
-    va_list(ap);
-    va_start(ap, format);
-    vfprintf(f, format, ap);
-    va_end(ap);
-}
-
-void* BIO_s_null(void) {}
-FILE *BIO_new(bio_func_type_t func)
-{
-    if (func == BIO_s_null)
-        return fopen("/dev/null", "r");
-}
-
-FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
-int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
-
-
-
-#endif
diff --git a/ssl/os_port.c b/ssl/os_port.c
deleted file mode 100644
index 9b25473897..0000000000
--- a/ssl/os_port.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file os_port.c
- *
- * OS specific functions.
- */
-#include <time.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <stdarg.h>
-#include "os_port.h"
-
-#ifdef WIN32
-/**
- * gettimeofday() not in Win32 
- */
-EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
-{       
-#if defined(_WIN32_WCE)
-    t->tv_sec = time(NULL);
-    t->tv_usec = 0;                         /* 1sec precision only */ 
-#else
-    struct _timeb timebuffer;
-    _ftime(&timebuffer);
-    t->tv_sec = (long)timebuffer.time;
-    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
-#endif
-}
-
-/**
- * strcasecmp() not in Win32
- */
-EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
-{
-    while (tolower(*s1) == tolower(*s2++))
-    {
-        if (*s1++ == '\0')
-        {
-            return 0;
-        }
-    }
-
-    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
-}
-
-#endif
-
-#undef malloc
-#undef realloc
-#undef calloc
-#undef open
-#undef fopen
-
-static const char * out_of_mem_str = "out of memory";
-static const char * file_open_str = "Could not open file \"%s\"";
-
-/* 
- * Some functions that call display some error trace and then call abort().
- * This just makes life much easier on embedded systems, since we're 
- * suffering major trauma...
- */
-EXP_FUNC void * STDCALL ax_malloc(size_t s)
-{
-    void *x;
-
-    if ((x = malloc(s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
-{
-    void *x;
-
-    if ((x = realloc(y, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
-{
-    void *x;
-
-    if ((x = calloc(n, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
-{
-    FILE *f; 
-
-    if ((f = fopen(pathname, type)) == NULL)
-        exit_now(file_open_str, pathname);
-
-    return  f;
-}
-
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
-{
-    int x;
-
-    if ((x = open(pathname, flags)) < 0)
-        exit_now(file_open_str, pathname);
-
-    return x;
-}
-
-/**
- * This is a call which will deliberately exit an application, but will
- * display some information before dying.
- */
-void exit_now(const char *format, ...)
-{
-    va_list argp;
-
-    va_start(argp, format);
-    vfprintf(stderr, format, argp);
-    va_end(argp);
-    abort();
-}
-
diff --git a/ssl/os_port.h b/ssl/os_port.h
deleted file mode 100644
index 54a7370dbf..0000000000
--- a/ssl/os_port.h
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file os_port.h
- *
- * Some stuff to minimise the differences between windows and linux/unix
- */
-
-#ifndef HEADER_OS_PORT_H
-#define HEADER_OS_PORT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-
-#if defined(WIN32)
-#define STDCALL                 __stdcall
-#define EXP_FUNC                __declspec(dllexport)
-#else
-#define STDCALL
-#define EXP_FUNC
-#endif
-
-#if defined(_WIN32_WCE)
-#undef WIN32
-#define WIN32
-#endif
-
-#ifdef WIN32
-
-/* Windows CE stuff */
-#if defined(_WIN32_WCE)
-#include <basetsd.h>
-#define abort()                 exit(1)
-#else
-#include <io.h>
-#include <process.h>
-#include <sys/timeb.h>
-#include <fcntl.h>
-#endif      /* _WIN32_WCE */
-
-#include <winsock.h>
-#include <direct.h>
-#undef getpid
-#undef open
-#undef close
-#undef sleep
-#undef gettimeofday
-#undef dup2
-#undef unlink
-
-#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
-#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
-#define SOCKET_CLOSE(A)         closesocket(A)
-#define srandom(A)              srand(A)
-#define random()                rand()
-#define getpid()                _getpid()
-#define snprintf                _snprintf
-#define open(A,B)               _open(A,B)
-#define dup2(A,B)               _dup2(A,B)
-#define unlink(A)               _unlink(A)
-#define close(A)                _close(A)
-#define read(A,B,C)             _read(A,B,C)
-#define write(A,B,C)            _write(A,B,C)
-#define sleep(A)                Sleep(A*1000)
-#define usleep(A)               Sleep(A/1000)
-#define strdup(A)               _strdup(A)
-#define chroot(A)               _chdir(A)
-#ifndef lseek
-#define lseek(A,B,C)            _lseek(A,B,C)
-#endif
-
-/* This fix gets around a problem where a win32 application on a cygwin xterm
-   doesn't display regular output (until a certain buffer limit) - but it works
-   fine under a normal DOS window. This is a hack to get around the issue - 
-   see http://www.khngai.com/emacs/tty.php  */
-#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
-
-/*
- * automatically build some library dependencies.
- */
-#pragma comment(lib, "WS2_32.lib")
-
-#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
-#pragma comment(lib, "AdvAPI32.lib")
-#endif
-
-typedef UINT8 uint8_t;
-typedef INT8 int8_t;
-typedef UINT16 uint16_t;
-typedef INT16 int16_t;
-typedef UINT32 uint32_t;
-typedef INT32 int32_t;
-typedef UINT64 uint64_t;
-typedef INT64 int64_t;
-
-EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
-EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
-
-#else   /* Not Win32 */
-
-#ifdef CONFIG_PLATFORM_SOLARIS
-#include <inttypes.h>
-#else
-#include <stdint.h>
-#endif /* Not Solaris */
-
-#include <unistd.h>
-#include <pwd.h>
-#include <netdb.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#define SOCKET_READ(A,B,C)      read(A,B,C)
-#define SOCKET_WRITE(A,B,C)     write(A,B,C)
-#define SOCKET_CLOSE(A)         close(A)
-#define TTY_FLUSH()
-
-#endif  /* Not Win32 */
-
-/* some functions to mutate the way these work */
-#define malloc(A)       ax_malloc(A)
-#define realloc(A,B)    ax_realloc(A,B)
-#define calloc(A,B)     ax_calloc(A,B)
-
-EXP_FUNC void * STDCALL ax_malloc(size_t s);
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
-EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type);
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
-
-#ifdef CONFIG_PLATFORM_LINUX
-void exit_now(const char *format, ...) __attribute((noreturn));
-#else
-void exit_now(const char *format, ...);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/ssl/p12.c b/ssl/p12.c
deleted file mode 100644
index 7e99bbc5ce..0000000000
--- a/ssl/p12.c
+++ /dev/null
@@ -1,474 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Process PKCS#8/PKCS#12 keys.
- *
- * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
- * key generated with:
- *
- * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
- * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
- * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
- *
- * or with a certificate chain:
- *
- * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
- * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
- * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
- *
- * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
- * private/public keys/certs have to use RSA encryption. Both the integrity
- * and privacy passwords are the same.
- *
- * The PKCS#8 files were generated with something like:
- *
- * PEM format:
- * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
- * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
- *
- * DER format:
- * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
- * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "ssl.h"
-
-/* all commented out if not used */
-#ifdef CONFIG_SSL_USE_PKCS12
-
-#define BLOCK_SIZE          64
-#define PKCS12_KEY_ID       1
-#define PKCS12_IV_ID        2
-#define PKCS12_MAC_ID       3
-
-static char *make_uni_pass(const char *password, int *uni_pass_len);
-static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
-                        const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len, int id);
-static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
-static int get_pbe_params(uint8_t *buf, int *offset, 
-        const uint8_t **salt, int *iterations);
-
-/*
- * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
- */
-int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
-{
-    uint8_t *buf = ssl_obj->buf;
-    int len, offset = 0;
-    int iterations;
-    int ret = SSL_NOT_OK;
-    uint8_t *version = NULL;
-    const uint8_t *salt;
-    uint8_t *priv_key;
-    int uni_pass_len;
-    char *uni_pass = make_uni_pass(password, &uni_pass_len);
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Invalid p8 ASN.1 file\n");
-#endif
-        goto error;
-    }
-
-    /* unencrypted key? */
-    if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
-    {
-        ret = p8_add_key(ssl_ctx, buf);
-        goto error;
-    }
-
-    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
-        goto error;
-
-    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    priv_key = &buf[offset];
-
-    p8_decrypt(uni_pass, uni_pass_len, salt, 
-                        iterations, priv_key, len, PKCS12_KEY_ID);
-    ret = p8_add_key(ssl_ctx, priv_key);
-
-error:
-    free(version);
-    free(uni_pass);
-    return ret;
-}
-
-/*
- * Take the unencrypted pkcs8 and turn it into a private key 
- */
-static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
-{
-    uint8_t *buf = priv_key;
-    int len, offset = 0;
-    int ret = SSL_NOT_OK;
-
-    /* Skip the preamble and go straight to the private key.
-       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
-
-error:
-    return ret;
-}
-
-/*
- * Create the unicode password 
- */
-static char *make_uni_pass(const char *password, int *uni_pass_len)
-{
-    int pass_len = 0, i;
-    char *uni_pass;
-
-    if (password == NULL)
-    {
-        password = "";
-    }
-
-    uni_pass = (uint8_t *)malloc((strlen(password)+1)*2);
-
-    /* modify the password into a unicode version */
-    for (i = 0; i < (int)strlen(password); i++)
-    {
-        uni_pass[pass_len++] = 0;
-        uni_pass[pass_len++] = password[i];
-    }
-
-    uni_pass[pass_len++] = 0;       /* null terminate */
-    uni_pass[pass_len++] = 0;
-    *uni_pass_len = pass_len;
-    return uni_pass;
-}
-
-/*
- * Decrypt a pkcs8 block.
- */
-static int p8_decrypt(const char *uni_pass, int uni_pass_len,
-                        const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len, int id)
-{
-    uint8_t p[BLOCK_SIZE*2];
-    uint8_t d[BLOCK_SIZE];
-    uint8_t Ai[SHA1_SIZE];
-    SHA1_CTX sha_ctx;
-    RC4_CTX rc4_ctx;
-    int i;
-
-    for (i = 0; i < BLOCK_SIZE; i++)
-    {
-        p[i] = salt[i % SALT_SIZE];
-        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
-        d[i] = id;
-    }
-
-    /* get the key - no IV since we are using RC4 */
-    SHA1Init(&sha_ctx);
-    SHA1Update(&sha_ctx, d, sizeof(d));
-    SHA1Update(&sha_ctx, p, sizeof(p));
-    SHA1Final(&sha_ctx, Ai);
-
-    for (i = 1; i < iter; i++)
-    {
-        SHA1Init(&sha_ctx);
-        SHA1Update(&sha_ctx, Ai, SHA1_SIZE);
-        SHA1Final(&sha_ctx, Ai);
-    }
-
-    /* do the decryption */
-    if (id == PKCS12_KEY_ID)
-    {
-        RC4_setup(&rc4_ctx, Ai, 16);
-        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
-    }
-    else  /* MAC */
-        memcpy(priv_key, Ai, SHA1_SIZE);
-
-    return 0;
-}
-
-/*
- * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
- * and keys.
- */
-int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
-{
-    uint8_t *buf = ssl_obj->buf;
-    int all_ok = 0, len, iterations, auth_safes_start, 
-              auth_safes_end, auth_safes_len, key_offset, offset = 0;
-    int all_certs = 0;
-    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
-    char key[SHA1_SIZE];
-    char mac[SHA1_SIZE];
-    const uint8_t *salt;
-    int uni_pass_len, ret;
-    int error_code = SSL_ERROR_NOT_SUPPORTED;
-    char *uni_pass = make_uni_pass(password, &uni_pass_len);
-    static const uint8_t pkcs_data[] = /* pkc7 data */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
-    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
-    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Invalid p12 ASN.1 file\n");
-#endif
-        goto error;
-    }
-
-    if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
-    {
-        error_code = SSL_ERROR_INVALID_VERSION;
-        goto error;
-    }
-
-    /* remove all the boring pcks7 bits */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
-                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-                len != sizeof(pkcs_data) || 
-                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
-        goto error;
-
-    /* work out the MAC start/end points (done on AuthSafes) */
-    auth_safes_start = offset;
-    auth_safes_end = offset;
-    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
-        goto error;
-
-    auth_safes_len = auth_safes_end - auth_safes_start;
-    auth_safes = malloc(auth_safes_len);
-
-    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            (len != sizeof(pkcs_encrypted) || 
-            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            len != sizeof(pkcs_data) || 
-            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    /* work out the salt for the certificate */
-    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
-        goto error;
-
-    /* decrypt the certificate */
-    cert = &buf[offset];
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
-                            len, PKCS12_KEY_ID)) < 0)
-        goto error;
-
-    offset += len;
-
-    /* load the certificate */
-    key_offset = 0;
-    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
-
-    /* keep going until all certs are loaded */
-    while (key_offset < all_certs)
-    {
-        int cert_offset = key_offset;
-
-        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
-                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
-            goto error;
-
-        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
-            goto error;
-
-        key_offset = cert_offset;
-    }
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            len != sizeof(pkcs_data) || 
-            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            (len != sizeof(pkcs8_key_bag)) || 
-            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
-        goto error;
-
-    offset += len;
-
-    /* work out the salt for the private key */
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    /* decrypt the private key */
-    cert = &buf[offset];
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
-                            len, PKCS12_KEY_ID)) < 0)
-        goto error;
-
-    offset += len;
-
-    /* load the private key */
-    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
-        goto error;
-
-    /* miss out on friendly name, local key id etc */
-    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
-        goto error;
-
-    /* work out the MAC */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
-            len != SHA1_SIZE)
-        goto error;
-
-    orig_mac = &buf[offset];
-    offset += len;
-
-    /* get the salt */
-    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
-        goto error;
-
-    salt = &buf[offset];
-
-    /* work out what the mac should be */
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
-                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
-        goto error;
-
-    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
-
-    if (memcmp(mac, orig_mac, SHA1_SIZE))
-    {
-        error_code = SSL_ERROR_INVALID_HMAC;                  
-        goto error;
-    }
-
-    all_ok = 1;
-
-error:
-    free(version);
-    free(uni_pass);
-    free(auth_safes);
-    return all_ok ? SSL_OK : error_code;
-}
-
-/*
- * Retrieve the salt/iteration details from a PBE block.
- */
-static int get_pbe_params(uint8_t *buf, int *offset, 
-        const uint8_t **salt, int *iterations)
-{
-    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
-            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
-
-    int i, len;
-    uint8_t *iter = NULL;
-    int error_code = SSL_ERROR_NOT_SUPPORTED;
-
-    /* Get the PBE type */
-    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
-        goto error;
-
-    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
-       which is the only algorithm we support */
-    if (len != sizeof(pbeSH1RC4) || 
-                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
-#endif
-        goto error;
-    }
-
-    *offset += len;
-
-    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
-            len != 8)
-        goto error;
-
-    *salt = &buf[*offset];
-    *offset += len;
-
-    if ((len = asn1_get_int(buf, offset, &iter)) < 0)
-        goto error;
-
-    *iterations = 0;
-    for (i = 0; i < len; i++)
-    {
-        (*iterations) <<= 8;
-        (*iterations) += iter[i];
-    }
-
-    free(iter);
-    error_code = SSL_OK;       /* got here - we are ok */
-
-error:
-    return error_code;
-}
-
-#endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
deleted file mode 100644
index 1ce34d6744..0000000000
--- a/ssl/private_key.h
+++ /dev/null
@@ -1,54 +0,0 @@
-unsigned char default_private_key[] = {
-  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
-  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
-  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
-  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
-  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
-  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
-  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
-  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
-  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
-  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
-  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
-  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
-  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
-  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
-  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
-  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
-  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
-  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
-  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
-  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
-  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
-  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
-  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
-  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
-  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
-  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
-  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
-  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
-  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
-  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
-  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
-  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
-  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
-  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
-  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
-  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
-  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
-  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
-  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
-  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
-  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
-  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
-  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
-  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
-  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
-  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
-  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
-  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
-  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
-  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
-  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
-};
-unsigned int default_private_key_len = 609;
diff --git a/ssl/rc4.c b/ssl/rc4.c
deleted file mode 100644
index 7250a669b7..0000000000
--- a/ssl/rc4.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * An implementation of the RC4/ARC4 algorithm.
- * Originally written by Christophe Devine.
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/**
- * Get ready for an encrypt/decrypt operation
- */
-void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
-{
-    int i, j = 0, k = 0, *m, a;
-
-    ctx->x = 0;
-    ctx->y = 0;
-    m = ctx->m;
-
-    for (i = 0; i < 256; i++)
-        m[i] = i;
-
-    for (i = 0; i < 256; i++)
-    {
-        a = m[i];
-        j = (uint8_t)(j + a + key[k]);
-        m[i] = m[j]; 
-        m[j] = a;
-
-        if (++k >= length) 
-            k = 0;
-    }
-}
-
-/**
- * Perform the encrypt/decrypt operation (can use it for either since
- * this is a stream cipher).
- */
-void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{ 
-    int i, x, y, *m, a, b;
-    out = (uint8_t *)msg; 
-
-    x = ctx->x;
-    y = ctx->y;
-    m = ctx->m;
-
-    for (i = 0; i < length; i++)
-    {
-        x = (uint8_t)(x + 1); 
-        a = m[x];
-        y = (uint8_t)(y + a);
-        m[x] = b = m[y];
-        m[y] = a;
-        out[i] ^= m[(uint8_t)(a + b)];
-    }
-
-    ctx->x = x;
-    ctx->y = y;
-}
diff --git a/ssl/rsa.c b/ssl/rsa.c
deleted file mode 100644
index 6f5c8a44a8..0000000000
--- a/ssl/rsa.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Implements the RSA public encryption algorithm. Uses the bigint library to
- * perform its calculations.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <stdlib.h>
-#include "crypto.h"
-
-#ifdef CONFIG_BIGINT_CRT
-static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
-#endif
-
-void RSA_priv_key_new(RSA_CTX **ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#if CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-    )
-{
-    RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx;
-    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
-    rsa_ctx = *ctx;
-    bi_ctx = rsa_ctx->bi_ctx;
-    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
-    bi_permanent(rsa_ctx->d);
-
-#ifdef CONFIG_BIGINT_CRT
-    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
-    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
-    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
-    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
-    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
-    bi_permanent(rsa_ctx->dP);
-    bi_permanent(rsa_ctx->dQ);
-    bi_permanent(rsa_ctx->qInv);
-    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
-    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
-#endif
-}
-
-void RSA_pub_key_new(RSA_CTX **ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len)
-{
-    RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx = bi_initialize();
-    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
-    rsa_ctx = *ctx;
-    rsa_ctx->bi_ctx = bi_ctx;
-    rsa_ctx->num_octets = (mod_len & 0xFFF0);
-    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
-    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
-    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
-    bi_permanent(rsa_ctx->e);
-}
-
-/**
- * Free up any RSA context resources.
- */
-void RSA_free(RSA_CTX *rsa_ctx)
-{
-    BI_CTX *bi_ctx;
-    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
-        return;
-
-    bi_ctx = rsa_ctx->bi_ctx;
-
-    bi_depermanent(rsa_ctx->e);
-    bi_free(bi_ctx, rsa_ctx->e);
-    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
-
-    if (rsa_ctx->d)
-    {
-        bi_depermanent(rsa_ctx->d);
-        bi_free(bi_ctx, rsa_ctx->d);
-#ifdef CONFIG_BIGINT_CRT
-        bi_depermanent(rsa_ctx->dP);
-        bi_depermanent(rsa_ctx->dQ);
-        bi_depermanent(rsa_ctx->qInv);
-        bi_free(bi_ctx, rsa_ctx->dP);
-        bi_free(bi_ctx, rsa_ctx->dQ);
-        bi_free(bi_ctx, rsa_ctx->qInv);
-        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
-        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
-#endif
-    }
-
-    bi_terminate(bi_ctx);
-    free(rsa_ctx);
-}
-
-/**
- * @brief Use PKCS1.5 for decryption/verification.
- * @param ctx [in] The context
- * @param in_data [in] The data to encrypt (must be < modulus size-11)
- * @param out_data [out] The encrypted data.
- * @param is_decryption [in] Decryption or verify operation.
- * @return  The number of bytes that were originally encrypted. -1 on error.
- * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
- */
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
-                            uint8_t *out_data, int is_decryption)
-{
-    int byte_size = ctx->num_octets;
-    uint8_t *block;
-    int i, size;
-    bigint *decrypted_bi, *dat_bi;
-
-    memset(out_data, 0, byte_size); /* initialise */
-
-    /* decrypt */
-    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    decrypted_bi = is_decryption ?  /* decrypt or verify? */
-            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
-#else   /* always a decryption */
-    decrypted_bi = RSA_private(ctx, dat_bi);
-#endif
-
-    /* convert to a normal block */
-    block = (uint8_t *)malloc(byte_size);
-    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
-
-    i = 10; /* start at the first possible non-padded byte */
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
-    {
-        while (block[i++] == 0xff && i < byte_size);
-
-        if (block[i-2] != 0xff)
-            i = byte_size;     /*ensure size is 0 */   
-    }
-    else                    /* PKCS1.5 encryption padding is random */
-#endif
-    {
-        while (block[i++] && i < byte_size);
-    }
-    size = byte_size - i;
-
-    /* get only the bit we want */
-    if (size > 0)
-        memcpy(out_data, &block[i], size);
-    
-    free(block);
-    return size ? size : -1;
-}
-
-/**
- * Performs m = c^d mod n
- */
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
-{
-#ifdef CONFIG_BIGINT_CRT
-    return bi_crt(c, bi_msg);
-#else
-    BI_CTX *ctx = c->bi_ctx;
-    ctx->mod_offset = BIGINT_M_OFFSET;
-    return bi_mod_power(ctx, bi_msg, c->d);
-#endif
-}
-
-#ifdef CONFIG_BIGINT_CRT
-/**
- * Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
- * This should really be in bigint.c (and was at one stage), but needs 
- * access to the RSA_CTX context...
- */
-static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
-{
-    BI_CTX *ctx = rsa->bi_ctx;
-    bigint *m1, *m2, *h;
-
-    /* Montgomery has a condition the 0 < x, y < m and these products violate
-     * that condition. So disable Montgomery when using CRT */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 1;
-#endif
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
-
-    ctx->mod_offset = BIGINT_Q_OFFSET;
-    m2 = bi_mod_power(ctx, bi, rsa->dQ);
-
-    h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
-    h = bi_multiply(ctx, h, rsa->qInv);
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    h = bi_residue(ctx, h);
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 0;         /* reset for any further operation */
-#endif
-    return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
-}
-#endif
-
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * Used for diagnostics.
- */
-void RSA_print(const RSA_CTX *rsa_ctx) 
-{
-    if (rsa_ctx == NULL)
-        return;
-
-    printf("-----------------   RSA DEBUG   ----------------\n");
-    printf("Size:\t%d\n", rsa_ctx->num_octets);
-    bi_print("Modulus", rsa_ctx->m);
-    bi_print("Public Key", rsa_ctx->e);
-    bi_print("Private Key", rsa_ctx->d);
-}
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Performs c = m^e mod n
- */
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
-{
-    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
-    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
-}
-
-/**
- * Use PKCS1.5 for encryption/signing.
- * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
- */
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing)
-{
-    int byte_size = ctx->num_octets;
-    int num_pads_needed = byte_size-in_len-3;
-    bigint *dat_bi, *encrypt_bi;
-
-    /* note: in_len+11 must be > byte_size */
-    out_data[0] = 0;     /* ensure encryption block is < modulus */
-
-    if (is_signing)
-    {
-        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
-        memset(&out_data[2], 0xff, num_pads_needed);
-    }
-    else /* randomize the encryption padding with non-zero bytes */   
-    {
-        out_data[1] = 2;
-        get_random_NZ(num_pads_needed, &out_data[2]);
-    }
-
-    out_data[2+num_pads_needed] = 0;
-    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
-
-    /* now encrypt it */
-    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
-    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
-        RSA_public(ctx, dat_bi);
-    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
-    return byte_size;
-}
-
-/**
- * Take a signature and decrypt it.
- */
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp)
-{
-    uint8_t *block;
-    int i, size;
-    bigint *decrypted_bi, *dat_bi;
-    bigint *bir = NULL;
-
-    block = (uint8_t *)malloc(sig_len);
-
-    /* decrypt */
-    dat_bi = bi_import(ctx, sig, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    /* convert to a normal block */
-    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
-
-    bi_export(ctx, decrypted_bi, block, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    i = 10; /* start at the first possible non-padded byte */
-    while (block[i++] && i < sig_len);
-    size = sig_len - i;
-
-    /* get only the bit we want */
-    if (size > 0)
-    {
-        int len;
-        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
-
-        if (sig_ptr)
-        {
-            bir = bi_import(ctx, sig_ptr, len);
-        }
-    }
-
-    free(block);
-    return bir;
-}
-
-#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/sha1.c b/ssl/sha1.c
deleted file mode 100644
index 3feb6d54c3..0000000000
--- a/ssl/sha1.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
- * This code was originally taken from RFC3174
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/*
- *  Define the SHA1 circular left shift macro
- */
-#define SHA1CircularShift(bits,word) \
-                (((word) << (bits)) | ((word) >> (32-(bits))))
-
-/* ----- static functions ----- */
-static void SHA1PadMessage(SHA1_CTX *ctx);
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
-
-/**
- * Initialize the SHA1 context 
- */
-void SHA1Init(SHA1_CTX *ctx)
-{
-    ctx->Length_Low             = 0;
-    ctx->Length_High            = 0;
-    ctx->Message_Block_Index    = 0;
-    ctx->Intermediate_Hash[0]   = 0x67452301;
-    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
-    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
-    ctx->Intermediate_Hash[3]   = 0x10325476;
-    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
-{
-    while (len--)
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
-        ctx->Length_Low += 8;
-
-        if (ctx->Length_Low == 0)
-            ctx->Length_High++;
-
-        if (ctx->Message_Block_Index == 64)
-            SHA1ProcessMessageBlock(ctx);
-
-        msg++;
-    }
-}
-
-/**
- * Return the 160-bit message digest into the user's array
- */
-void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
-{
-    int i;
-
-    SHA1PadMessage(ctx);
-    memset(ctx->Message_Block, 0, 64);
-    ctx->Length_Low = 0;    /* and clear length */
-    ctx->Length_High = 0;
-
-    for  (i = 0; i < SHA1_SIZE; i++)
-    {
-        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
-    }
-}
-
-/**
- * Process the next 512 bits of the message stored in the array.
- */
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
-{
-    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
-                            0x5A827999,
-                            0x6ED9EBA1,
-                            0x8F1BBCDC,
-                            0xCA62C1D6
-                            };
-    int        t;                 /* Loop counter                */
-    uint32_t      temp;              /* Temporary word value        */
-    uint32_t      W[80];             /* Word sequence               */
-    uint32_t      A, B, C, D, E;     /* Word buffers                */
-
-    /*
-     *  Initialize the first 16 words in the array W
-     */
-    for  (t = 0; t < 16; t++)
-    {
-        W[t] = ctx->Message_Block[t * 4] << 24;
-        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
-        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
-        W[t] |= ctx->Message_Block[t * 4 + 3];
-    }
-
-    for (t = 16; t < 80; t++)
-    {
-       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
-    }
-
-    A = ctx->Intermediate_Hash[0];
-    B = ctx->Intermediate_Hash[1];
-    C = ctx->Intermediate_Hash[2];
-    D = ctx->Intermediate_Hash[3];
-    E = ctx->Intermediate_Hash[4];
-
-    for (t = 0; t < 20; t++)
-    {
-        temp =  SHA1CircularShift(5,A) +
-                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-
-        B = A;
-        A = temp;
-    }
-
-    for (t = 20; t < 40; t++)
-    {
-        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    for (t = 40; t < 60; t++)
-    {
-        temp = SHA1CircularShift(5,A) +
-               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    for (t = 60; t < 80; t++)
-    {
-        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    ctx->Intermediate_Hash[0] += A;
-    ctx->Intermediate_Hash[1] += B;
-    ctx->Intermediate_Hash[2] += C;
-    ctx->Intermediate_Hash[3] += D;
-    ctx->Intermediate_Hash[4] += E;
-    ctx->Message_Block_Index = 0;
-}
-
-/*
- * According to the standard, the message must be padded to an even
- * 512 bits.  The first padding bit must be a '1'.  The last 64
- * bits represent the length of the original message.  All bits in
- * between should be 0.  This function will pad the message
- * according to those rules by filling the Message_Block array
- * accordingly.  It will also call the ProcessMessageBlock function
- * provided appropriately.  When it returns, it can be assumed that
- * the message digest has been computed.
- *
- * @param ctx [in, out] The SHA1 context
- */
-static void SHA1PadMessage(SHA1_CTX *ctx)
-{
-    /*
-     *  Check to see if the current message block is too small to hold
-     *  the initial padding bits and length.  If so, we will pad the
-     *  block, process it, and then continue padding into a second
-     *  block.
-     */
-    if (ctx->Message_Block_Index > 55)
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
-        while(ctx->Message_Block_Index < 64)
-        {
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-
-        SHA1ProcessMessageBlock(ctx);
-
-        while (ctx->Message_Block_Index < 56)
-        {
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-    }
-    else
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
-        while(ctx->Message_Block_Index < 56)
-        {
-
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-    }
-
-    /*
-     *  Store the message length as the last 8 octets
-     */
-    ctx->Message_Block[56] = ctx->Length_High >> 24;
-    ctx->Message_Block[57] = ctx->Length_High >> 16;
-    ctx->Message_Block[58] = ctx->Length_High >> 8;
-    ctx->Message_Block[59] = ctx->Length_High;
-    ctx->Message_Block[60] = ctx->Length_Low >> 24;
-    ctx->Message_Block[61] = ctx->Length_Low >> 16;
-    ctx->Message_Block[62] = ctx->Length_Low >> 8;
-    ctx->Message_Block[63] = ctx->Length_Low;
-    SHA1ProcessMessageBlock(ctx);
-}
diff --git a/ssl/ssl.h b/ssl/ssl.h
deleted file mode 100644
index 7cdab2aa86..0000000000
--- a/ssl/ssl.h
+++ /dev/null
@@ -1,429 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @mainpage axTLS API
- *
- * @image html axolotl.jpg
- *
- * The axTLS library has features such as:
- * - The TLSv1 SSL client/server protocol
- * - No requirement to use any openssl libraries.
- * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
- * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
- * - Certificate chaining and peer authentication.
- * - Session resumption, session renegotiation.
- * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
- * - Highly configurable compile time options.
- * - Portable across many platforms (written in ANSI C), and has language
- * bindings in C, C#, VB.NET, Java and Perl.
- * - Partial openssl API compatibility (via a wrapper).
- * - A very small footprint for a HTTPS server (around 60-70kB in 'server-only'
- * mode).
- * - No dependencies on sockets - can use serial connections for example.
- * - A very simple API - ~ 20 functions/methods.
- *
- * A list of these functions/methods are described below.
- *
- *  @ref c_api 
- *
- *  @ref bigint_api 
- *
- *  @ref csharp_api 
- *
- *  @ref java_api 
- */
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <time.h>
-#include "crypto.h"
-
-/* need to predefine before ssl_lib.h gets to it */
-#define SSL_SESSION_ID_SIZE                     32
-
-#include "tls1.h"
-
-/* The optional parameters that can be given to the client/server SSL engine */
-#define SSL_CLIENT_AUTHENTICATION               0x00010000
-#define SSL_SERVER_VERIFY_LATER                 0x00020000
-#define SSL_NO_DEFAULT_KEY                      0x00040000
-#define SSL_DISPLAY_STATES                      0x00080000
-#define SSL_DISPLAY_BYTES                       0x00100000
-#define SSL_DISPLAY_CERTS                       0x00200000
-#define SSL_DISPLAY_RSA                         0x00400000
-
-/* errors that can be generated */
-#define SSL_OK                                  0
-#define SSL_NOT_OK                              -1
-#define SSL_ERROR_DEAD                          -2
-#define SSL_ERROR_CONN_LOST                     -256
-#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
-#define SSL_ERROR_INVALID_HANDSHAKE             -260
-#define SSL_ERROR_INVALID_PROT_MSG              -261
-#define SSL_ERROR_INVALID_HMAC                  -262
-#define SSL_ERROR_INVALID_VERSION               -263
-#define SSL_ERROR_INVALID_SESSION               -265
-#define SSL_ERROR_NO_CIPHER                     -266
-#define SSL_ERROR_BAD_CERTIFICATE               -268
-#define SSL_ERROR_INVALID_KEY                   -269
-#define SSL_ERROR_FINISHED_INVALID              -271
-#define SSL_ERROR_NO_CERT_DEFINED               -272
-#define SSL_ERROR_NOT_SUPPORTED                 -274
-#define SSL_X509_OFFSET                         -512
-#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
-
-/* these are all the alerts that are recognized */
-#define SSL_ALERT_CLOSE_NOTIFY                  0
-#define SSL_ALERT_UNEXPECTED_MESSAGE            10
-#define SSL_ALERT_BAD_RECORD_MAC                20
-#define SSL_ALERT_HANDSHAKE_FAILURE             40
-#define SSL_ALERT_BAD_CERTIFICATE               42
-#define SSL_ALERT_ILLEGAL_PARAMETER             47
-#define SSL_ALERT_DECODE_ERROR                  50
-#define SSL_ALERT_DECRYPT_ERROR                 51
-#define SSL_ALERT_INVALID_VERSION               70
-
-/* The ciphers that are supported */
-#define SSL_AES128_SHA                          0x2f
-#define SSL_AES256_SHA                          0x35
-#define SSL_RC4_128_SHA                         0x05
-#define SSL_RC4_128_MD5                         0x04
-
-/* build mode ids' */
-#define SSL_BUILD_SKELETON_MODE                 0x01
-#define SSL_BUILD_SERVER_ONLY                   0x02
-#define SSL_BUILD_ENABLE_VERIFICATION           0x03
-#define SSL_BUILD_ENABLE_CLIENT                 0x04
-#define SSL_BUILD_FULL_MODE                     0x05
-
-/* offsets to retrieve configuration information */
-#define SSL_BUILD_MODE                          0
-#define SSL_MAX_CERT_CFG_OFFSET                 1
-#define SSL_MAX_CA_CERT_CFG_OFFSET              2
-#define SSL_HAS_PEM                             3
-
-/* default session sizes */
-#define SSL_DEFAULT_SVR_SESS                    5
-#define SSL_DEFAULT_CLNT_SESS                   1
-
-/* X.509/X.520 distinguished name types */
-#define SSL_X509_CERT_COMMON_NAME               0
-#define SSL_X509_CERT_ORGANIZATION              1
-#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
-#define SSL_X509_CA_CERT_COMMON_NAME            3
-#define SSL_X509_CA_CERT_ORGANIZATION           4
-#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5
-
-/* SSL object loader types */
-#define SSL_OBJ_X509_CERT                       1
-#define SSL_OBJ_X509_CACERT                     2
-#define SSL_OBJ_RSA_KEY                         3
-#define SSL_OBJ_PKCS8                           4
-#define SSL_OBJ_PKCS12                          5
-
-/**
- * @defgroup c_api Standard C API
- * @brief The standard interface in C.
- * @{
- */
-
-/**
- * @brief Establish a new client/server context.
- *
- * This function is called before any client/server SSL connections are made. 
- *
- * Each new connection will use the this context's private key and 
- * certificate chain. If a different certificate chain is required, then a 
- * different context needs to be be used.
- *
- * There are two threading models supported - a single thread with one
- * SSL_CTX can support any number of SSL connections - and multiple threads can 
- * support one SSL_CTX object each (the default). But if a single SSL_CTX 
- * object uses many SSL objects in individual threads, then the 
- * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
- *
- * @param options [in]  Any particular options. At present the options
- * supported are:
- * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
- * authentication fails. The certificate can be authenticated later with a
- * call to ssl_verify_cert().
- * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
- * i.e. each handshake will include a "certificate request" message from the
- * server. Only available if verification has been enabled.
- * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user will
- * load the key/certificate explicitly.
- * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
- * during the handshake.
- * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
- * during the handshake.
- * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
- * are passed during a handshake.
- * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
- * are passed during a handshake.
- *
- * @param num_sessions [in] The number of sessions to be used for session
- * caching. If this value is 0, then there is no session caching. This option
- * is not used in skeleton mode.
- * @return A client/server context.
- */
-EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
-
-/**
- * @brief Remove a client/server context.
- *
- * Frees any used resources used by this context. Each connection will be 
- * sent a "Close Notify" alert (if possible).
- * @param ssl_ctx [in] The client/server context.
- */
-EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
-
-/**
- * @brief (server only) Establish a new SSL connection to an SSL client.
- *
- * It is up to the application to establish the logical connection (whether it
- * is  a socket, serial connection etc).
- * @param ssl_ctx [in] The server context.
- * @param client_fd [in] The client's file descriptor. 
- * @return An SSL object reference.
- */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief (client only) Establish a new SSL connection to an SSL server.
- *
- * It is up to the application to establish the initial logical connection 
- * (whether it is  a socket, serial connection etc).
- *
- * This is a blocking call - it will finish when the handshake is complete (or
- * has failed).
- * @param ssl_ctx [in] The client context.
- * @param client_fd [in] The client's file descriptor.
- * @param session_id [in] A 32 byte session id for session resumption. This 
- * can be null if no session resumption is being used or required. This option
- * is not used in skeleton mode.
- * @return An SSL object reference. Use ssl_handshake_status() to check 
- * if a handshake succeeded.
- */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
-
-/**
- * @brief Free any used resources on this connection. 
- 
- * A "Close Notify" message is sent on this connection (if possible). It is up 
- * to the application to close the socket or file descriptor.
- * @param ssl [in] The ssl object reference.
- */
-EXP_FUNC void STDCALL ssl_free(SSL *ssl);
-
-/**
- * @brief Read the SSL data stream.
- * The socket must be in blocking mode.
- * @param ssl [in] An SSL object reference.
- * @param in_data [out] If the read was successful, a pointer to the read
- * buffer will be here. Do NOT ever free this memory as this buffer is used in
- * sucessive calls. If the call was unsuccessful, this value will be null.
- * @return The number of decrypted bytes:
- * - if > 0, then the handshaking is complete and we are returning the number 
- *   of decrypted bytes. 
- * - SSL_OK if the handshaking stage is successful (but not yet complete).  
- * - < 0 if an error.
- * @see ssl.h for the error code list.
- * @note Use in_data before doing any successive ssl calls.
- */
-EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
-
-/**
- * @brief Write to the SSL data stream. 
- * The socket must be in blocking mode.
- * @param ssl [in] An SSL obect reference.
- * @param out_data [in] The data to be written
- * @param out_len [in] The number of bytes to be written.
- * @return The number of bytes sent, or if < 0 if an error.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
-
-/**
- * @brief Find an ssl object based on a file descriptor.
- *
- * Goes through the list of SSL objects maintained in a client/server context
- * to look for a file descriptor match.
- * @param ssl_ctx [in] The client/server context.
- * @param client_fd [in]  The file descriptor.
- * @return A reference to the SSL object. Returns null if the object could not 
- * be found.
- */
-EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief Get the session id for a handshake. 
- * 
- * This will be a 32 byte sequence and is available after the first
- * handshaking messages are sent.
- * @param ssl [in] An SSL object reference.
- * @return The session id as a 32 byte sequence.
- * @note A SSLv23 handshake may have only 16 valid bytes.
- */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
-
-/**
- * @brief Return the cipher id (in the SSL form).
- * @param ssl [in] An SSL object reference.
- * @return The cipher id. This will be one of the following:
- * - SSL_AES128_SHA (0x2f)
- * - SSL_AES256_SHA (0x35)
- * - SSL_RC4_128_SHA (0x05)
- * - SSL_RC4_128_MD5 (0x04)
- */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
-
-/**
- * @brief Return the status of the handshake.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the handshake is complete and ok. 
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
-
-/**
- * @brief Retrieve various parameters about the axTLS engine.
- * @param offset [in] The configuration offset. It will be one of the following:
- * - SSL_BUILD_MODE The build mode. This will be one of the following:
- *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
- *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
- *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
- *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
- *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
- * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
- * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
- * - SSL_HAS_PEM                        1 if supported
- * @return The value of the requested parameter.
- */
-EXP_FUNC int STDCALL ssl_get_config(int offset);
-
-/**
- * @brief Display why the handshake failed.
- *
- * This call is only useful in a 'full mode' build. The output is to stdout.
- * @param error_code [in] An error code.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC void STDCALL ssl_display_error(int error_code);
-
-/**
- * @brief Authenticate a received certificate.
- * 
- * This call is usually made by a client after a handshake is complete and the
- * context is in SSL_SERVER_VERIFY_LATER mode.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the certificate is verified.
- */
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
-
-/**
- * @brief Retrieve an X.509 distinguished name component.
- * 
- * When a handshake is complete and a certificate has been exchanged, then the
- * details of the remote certificate can be retrieved.
- *
- * This will usually be used by a client to check that the server's common 
- * name matches the URL.
- *
- * A full handshake needs to occur for this call to work properly.
- *
- * @param ssl [in] An SSL object reference.
- * @param component [in] one of:
- * - SSL_X509_CERT_COMMON_NAME
- * - SSL_X509_CERT_ORGANIZATION
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME
- * - SSL_X509_CA_CERT_COMMON_NAME
- * - SSL_X509_CA_CERT_ORGANIZATION
- * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
- * @return The appropriate string (or null if not defined)
- * @note Verification build mode must be enabled.
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
-
-/**
- * @brief Force the client to perform its handshake again.
- *
- * For a client this involves sending another "client hello" message.
- * For the server is means sending a "hello request" message.
- *
- * This is a blocking call on the client (until the handshake completes).
- *
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if renegotiation instantiation was ok
- */
-EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
-
-/**
- * @brief Process a file that is in binary DER or ASCII PEM format.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the file. Can be one of:
- * - SSL_OBJ_X509_CERT (no password required)
- * - SSL_OBJ_X509_CACERT (no password required)
- * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
- * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
- * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
- *
- * PEM files are automatically detected (if supported). The object type is
- * also detected, and so is not relevant for these types of files.
- * @param filename [in] The location of a file in DER/PEM format.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @note Not available in skeleton build mode.
- */
-EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
-
-/**
- * @brief Process binary data.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the memory data.
- * @param data [in] The binary data to be loaded.
- * @param len [in] The amount of data to be loaded.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @see ssl_obj_load for more details on obj_type.
- */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
-
-/**
- * @brief Return the axTLS library version as a string.
- * @note New API function for v1.1
- */
-EXP_FUNC const char * STDCALL ssl_version(void);
-
-/** @} */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
deleted file mode 100644
index 43c9a6cef8..0000000000
--- a/ssl/test/Makefile
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-all:
-
-include ../../config/.config
-include ../../config/makefile.conf
-
-ifdef CONFIG_PERFORMANCE_TESTING
-all: performance
-endif
-
-ifdef CONFIG_SSL_TEST
-all: ssltesting
-endif
-
-ifndef CONFIG_PLATFORM_WIN32
-performance: ../../$(STAGE)/perf_bigint
-ssltesting: ../../$(STAGE)/ssltest
-LIBS=../../$(STAGE)
-CFLAGS += -I../../ssl -I../../config
-
-../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
-	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
-
-../../$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
-	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
-else
-performance: ../../$(STAGE)/perf_bigint.exe
-ssltesting: ../../$(STAGE)/ssltest.exe
-CFLAGS += /I".." /I"../../config"
-
-%.obj : %.c
-	$(CC) $(CFLAGS) $< 
-
-OBJLIST=..\aes.obj ..\asn1.obj ..\bigint.obj ..\crypto_misc.obj ..\hmac.obj \
-        ..\md5.obj ..\loader.obj ..\p12.obj ..\os_port.obj ..\rc4.obj \
-        ..\rsa.obj ..\sha1.obj ..\tls1.obj ..\tls1_clnt.obj ..\tls1_svr.obj
-
-../../$(STAGE)/perf_bigint.exe: perf_bigint.obj $(OBJLIST)
-	$(LD) $(LDFLAGS) /out:$@ $^
-
-../../$(STAGE)/ssltest.exe: ssltest.obj $(OBJLIST)
-	$(LD) $(LDFLAGS) /out:$@ $^
-endif
-
-clean::
-	-@rm -f ../../$(STAGE)/perf_bigint* ../../$(STAGE)/ssltest*
-
-include ../../config/makefile.post
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
deleted file mode 100644
index 7c8ac8af28..0000000000
--- a/ssl/test/axTLS.ca_key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-AoGAd4Ia5SxYiBU9A0BYyT8yPUm8sYELIaAL4YYk+F6Xwhh/Whnb8MyzquzaGFP4
-Ee30jYYNHlvX5VheDDtvy8OTN5FgKNNdzvW15iA4Hxje04ZI7W87G7OIxm7aYRid
-sG4XqZBtsOdj33IRd9hgozywGJ2qRqS6nn2KxRv1w07RniECQQDZAlKxijdn+vQ7
-8/8mXzC+FwQtzeTUCuLrBJcos9I/591ABoxYkWcYLxpFqgCEVwb1qfPBJkL07JPt
-Fu6CTnBFAkEAxXmUBs47x5QM99qyBO5UwW0Ksrm/WD4guaaxzQShMt/HzgJl613z
-/x4FtxiQJHAr6r2K0t5xTJx89LVKuouYYwJAImue6DAvJ5wDfzrtXo28snn+HLHK
-uONdKL/apgcXszE4w74GJsoxWwGlniUf3d3b6b1iP2GtPyIDOJjpjduZLQJAE4jS
-VtYB3d1MZxxQLeKxqayyuTlcr0r+C79sqT5C//hZGIzuLhlOMLd0k0cvwxsBjSgQ
-2ok8pfp49fAVI1z5xwJAVmJgLc/mSti5A2q3c8HW8qvMJEDPWbpb7p8pg4ePtpa8
-EE3TO4O4J2H+k40C397km4yZXdkNQsiT1zVljJZpiw==
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
deleted file mode 100644
index 9c9936b8e98d0b7475e522377e64ee5cb7d9858c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 483
zcmXqLV!UtA#OT4q$uKvs*kYO0(kKI7HcqWJkGAi;jEt<T3<f5KMg|6K%%Ln?!kUQ{
zAwIzh0Y&*)smUb@F8L|xl?u+OMJ1VOnaPPIsS1vzB^mienI)A5a^k!OW<Y3eXlP<$
zY!oHVYiw+2U}OyCl4)w=d}P-#vNA9?_A(eWb}}_KGAvKMX?F3OSo`5!6HMM-;O>mp
zDoN<N{Wdqm<T8IuUjcJd<(JlEvrNlF?P}j2zB;?Zdd(9D^PlZD62&?k59j5&TUeXF
z65aa5I-1Xu{V_w&Uu&cN`_tz8WL=G0S+Vx*w;$X1yXqAsj!$eU>&tJf@_eyO<6*KV
zyX-GFpR#RyrAh0Vm>C%uk(~z&JZ7M~WVst|nJiE@P*UHyEW+SG%xvc~wa?bgyU%&o
z__O9cjynut$9A5`TwES67IMd>m+OQ}^u4t{;lgJg9l!sr<hS6(t0&gyeEuXn;qTl+
zqd9e9cYNGWhP3y5*xUak&Q$K_U#W+44D(rL9oX`UJ$iZ2>3OSV*OvR3NHYY8-f#GI
I<)^zO0PSqO5dZ)H

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
deleted file mode 100644
index 86f659710c..0000000000
--- a/ssl/test/axTLS.ca_x509.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
-Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
-3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
-flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
-+UcZ
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.device_key b/ssl/test/axTLS.device_key
deleted file mode 100644
index 4e981d143e1383828b8a76e18c57e0b0f59b202f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 609
zcmV-n0-pUaf&yIv0RRGlfdJGZ4h<43zjh$NmAe*gFd;CkIEWYaUz#Bpms2~d;TZ=+
zk`Pe_4BeOCv@NwmC65?N)gXrn?#|TyB9lU`OINiLyb68LKj!YuC$?l`)u2L1ZuNgc
z=Sux+ln*4$Nfhl{gttWP`YNkiPpo0p0h3)_$nwg2s|lRS$t9_kyc+@o0RRC4fq?*^
zL=H=j!{3Frp6Ni0WB0Agp#h-CLCM~qOnu)|K)UjF%r<fVRLj|liDwP<SptGae;VJ_
zMhe!}k{!Dh@96KmOI`q<?WRqvvfO61H={0;KF%Ej{gR}3kHpi(rVmH`Y?3%o`Hd9A
zgG6g{q(Yvh0YNF%rC0uB-yx7-xur1zK>+-Ic-(fn!L=2LAE_OnV2@ezYPqfv?7EVw
ztnGa>p_(hpRr+n(N$Ooc;-Ug;rmFgzfA1^_2-*k;^0%11vl#+G0M`^95MJ-`(OR-i
zBA|9yFh78sA*+l|0wMujX*I%@o4%O>ok-BGDtQP3_l0oh2@5c16ixpA!QhEf#zLZF
zQvyK%tS>_pbrT+q^2G&mI(6scS|AxC&V>TLsLms2K>j$f{xgTlW2bz`iWbV^SZp~M
zSQa|OOK(li0kpVqV}#k^0zZ3z5inI#a)-o>oxVh6us#Gh)Z2ij5G5&LpFzr;@!ous
zU+nPW;~#)v8B_>M%wA;<W+FnTDWWP&usbLS7Xm>5u?2*padHnE!MbMQTY+(0Wgg|0
v3cKQF;e2bA5N6M*E~R!7Tl|5&J97n<934}R7|5Rx8jwm@UwAr_9k^bwbVnG3

diff --git a/ssl/test/axTLS.device_key.pem b/ssl/test/axTLS.device_key.pem
deleted file mode 100644
index 2bcf5e37b3..0000000000
--- a/ssl/test/axTLS.device_key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDUIg4NEiu/diDAlbsWbTAhMKw4iBf2X5ohGJdTO6vhGQdEkhBR
-Bgzdl9+0LbVDJY8YStUghwnuztT+IpNCrUtXtRK8Cn3QP+buzSe2ZGPVoEJIbvV/
-QudK/WuUDyTNSRTtW4S3RO36KqtbT6xh1QGTXV3I8sp7qwmcysklqZW8GwIDAQAB
-AoGBAKBEDkuPw9+Ftp7pQIxj963LoQGgyEHJ3p9Mfd9TQLrydsw2cf9Uy9mKiWcN
-9VkCgkZ/Gt/VRgrW1pIduxXv6O+8S14An+2mTayy3Ga1N6MulD7OHQP9kqR4j8TT
-xaYPR/1skjhQ+Y0Uw4NEa3OkQp6lAUEp1aVX/mTfIZBguaUxAkEA/H543Ha6wbUV
-iB+pHaBgj1nzarmuEey6kqqs7X0zoZory1X6bdpJ6l0/4qICa6aq+pt/7ywJCNoI
-CPK3mL2zGQJBANcUHRBe7/HRWrJNIqB2WDA/gJshq4xOAiIBXWk1wpabvpkCnUjQ
-rip5CAL3hXDnCQswZxRN/v7B4IlSxkKiY1MCQQCsL0MUdRMejfLFBXI6defjWiAZ
-I86FAr6oziNnQP44sf4zh8pjp3zIihbK4lhsORhYFjrES29NzgG0uHBjhNnhAj97
-gBEwVVNyh8SMnb5EZbA+BDjU24CmECUpYZ9Bypzx3nyTX+zw4uMfgGAZVAhLzF5l
-DmYiQqcpoipMsDsoCBcCQQCxBYSicXIPG8G6ZuFbgXFcZR7llgq74mbhfGuVEGbP
-qS6ldhJb/IG9O3MFlRwdU44YyJ8QGpBKWF94OpIduF6w
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
deleted file mode 100644
index 8b0a7eb4117de421cfb917de7f03055fdfe2c28f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 385
zcmV-{0e=24f&qOn90m$1hDe6@4FL=R0Wb~(2zv&jLbrq;i2?!$00e>oTecB0S5Ch{
zHl7H=qA4HIOB;)ah$8h!;8it(u3j>D`liQs0*+k*%XW@PAMoO|ZVtaORrZR~IdUoh
zNf*1NZ0jCJOsIuor2Ouh<c)ot>Y5SBS)gmT$Plt&Ub|ujkSvY}HF3T6ZV$+;=Cj1_
zqiV0Xy#~l}wq>xTcs~vcY@+sZ^yo(jDeDIm8}2%S8s3H&bnWkZz@9kPK8*&28D$i9
z3|2M?_7i99)`(fX3rvXr@m91pnk>4N^QQR5XPP=(qj)V!5qKV+KU4NR01UFqcL=0O
z<WqeKmP8KC*)QM=McME}H<QCTa_BX@namc)CF_|xU$3*#>)<VdUvKAmO0=-igR~fl
z-mO`%dym`o6F9p4n$=wvn!II#&PnKR3lXVbV;jds=xH2us6!2fitgX)P5>N0{uLA$
f>0oNt1g(0Zzb?&!uhc`Lu&kDME*dK^i&ZfFoN%%v

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
deleted file mode 100644
index 19ca3c5eae..0000000000
--- a/ssl/test/axTLS.encrypted_pem.p8
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBfTAcBgoqhkiG9w0BDAEBMA4ECN+YmhCv0ILdAgIIAASCAVu0QEfMkp0xUsNq
-0Ek4Nsa/uxcs8N/2P7Ae7qCakkvsdRvvPPH0y+wuj5NgrG6WpPeeEx9fI2oNNTfC
-pwncH0Xm99ofVrgMX6XC45LDZtzXNSZd4TdBP6xvlYXbuGegp5GPJ8emzscHCFhC
-JfPHemRAcB7DhiWukPosuSUr5R8OluEMJrQLHuQtlDAvMjLEI98lSchPxF8LKCk3
-SS2uCcmc+4WiR0nHG9BOaGi38+PytHAnbfo1mfVSQzLfgLicMAVGysfQ9QOgpQOO
-ygYfM/s7Duwbl0rshyXVJP+7BpYJnPtHvO4BTiizU7ZEr4WBiEnnANDrupSdsxeH
-+cxZo70YJVdoPdgMd2ke6EIkUhp7HughFg+okldlEtJA4muKeEzwAxZu0TqxOtZ8
-UYRS4Ygk+rN7Y0qTKSYwSkrFBwUDkpctYjRUOeAZ/mYMKWmMn1ejAb5Is7bjEIxl
-tw==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
deleted file mode 100644
index 5b6ba1d037b002b0d62c9903a3582daac05f77e2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 609
zcmV-n0-pUaf&yIv0RRGlfdJUxzZKr<ujtkN3#h2G*G65ZCTt9~*}TU1z<AL1R%Q4p
zNDg}orX_ypdwFj-<+Zo;;GB_Q^ak@l9{G_OsV_%EwVNK?_Np97c_Apvs!4O%2?b07
z@=Q%^9Dt`3kwp9wv*G9CPei(m!*n_5OwiO!Bw@5bm5jg&w*omag_8mU0RRC4fq?*&
z2Xf`Ut$925Gc1k;_!?`_=#ljn2ibyLT-73>o<ahDi_O0Dg;Mq`)d|up^epxVg@F0o
z(9Ay~F%|Pk^0ne=nFIt$A={s!R9gDv+4%<r|C(i_>+(m=R>yKlNL=U?*N-L4Nht<u
zRC^cPp43zD^`3<#q3b>AFS(rd;edexK>+Roc*l5!1eeS<z19)p$2r+FQF3pJ56y@&
zGn>b!19#biHMZR!!od?jgH`Kb>w%687GkutJnIO6oO#nY%JBk00O>_vE*8v_P(ZeM
zyg1-iXi(EHbBv5C4uMLFyUg%pG)A8XeImB`MyyvOj2`RL1x=`fYG?MQv8#^3@9%x^
z!va7r##ufX=mK*A@81nDOXwG=jKS!Mks0{(q_+)5_cTxgUJ9@&6s`anfHIu5fuH0;
zf)t=Vi;POuOB0>6lS<J7KxB-AcVSv{5kI4-8;ZoBT0EqiDvD){XHGG!RY3$vodW0I
znSatS=GM4`*$gKLft$3<Se#LW4##aYiBQQ8a{@sC+TLCotQ{TKxn(8*_0;4jgoZBw
voIwCm;YX3cQUy*AFAd6@J&8fT?w_INouunUf8)!fYYO6iu!megu~88nIFuu9

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
deleted file mode 100644
index 4f5ad4ece6..0000000000
--- a/ssl/test/axTLS.key_1024.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDY4L8V3uqv6NX9C6ios9dGXacmbAy12bzG+MB40PZWZfgpSA57
-C6Ylfuh7eW845bW39OCckWD0BvNAHvmRGakvR0O1mx7c9qocSXkhKMuqSXPZCQVM
-AvJMTWwcgKcUkUT8ErPh5+NPRLqMw3Q56EzQ1EwkYbRAlYzACrcCOTGFkwIDAQAB
-AoGBAJQHcuW+rXk79zMsjgX4GmvQ6JH1FgfZglxc1SKhnkICf4vNvvSFUvYs1QnS
-LPQs9geFgPnc0Mw/IjEV80nyteJpmQQESSHbn6FUWvrk2fkHBf+aZaTr8kfOVsdy
-SUhc6BTXjyXMSSkGalR7F9ye1FPw9Z6FJaHrPekvuZz24YCBAkEA7gJ4x3iFBJfM
-Nr3WEeLHOdk0UXJvig/NiDIzm8enA3fZgjW23R/CwRNAg1XrYOuBjgwWYrS0POsI
-gJx50zjK8QJBAOlFXy4WzJNQQLZ5vDjgVmhQ0y9zjIwqDoFKirvM8GQ0Rp8HfSK2
-+UasVyOMHuvTBU2og2pn9qaxq47B7+998MMCQC/GWT4Y6AJzAe/fDTBL6BepjMHo
-iZEZ+PSktw1G9zRQA14KsCkUrgAZgDKctYGf5EKCFKA9i4xK1UsTnbSTStECQGSM
-g3dhWnMRP6OoG4rEoFo8pJsqimWMZ04xrFVBBEmdAuffmX/SMObWuITZDCcIgZu0
-zFicUYQOx200iVDJD3MCQQDa3l4arB0d17llJgD11OQohIYvAJxBAFLhR5HAUgVO
-Dy8Nyps9iUG/7p+h5p2k60V/48ukawrifrCHXECxUREd
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
deleted file mode 100644
index 0af642de231ac7143db034bbf595842a2c7c9f85..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1191
zcmV;Y1X%kpf&`-i0RRGm0RaHQpugMt&u|7rv!C9LJ=rhBH$C@fYh{Ath`JqsrwVq?
zA;rGwdz;vW#=#sA1YEwE5j|QuiSkR15=5=(@4UbWOLeF_S#o-F8XALLbhnX29W0$0
z`^6U}4UEEJE#HKhq!Uh&FZ9AsCOsK;yP?!b@<$f99GRjI+k0MRvI+F2GfIq-0(2*<
zI@+{M1%IXd(F9**b0+8=WCc3!R90Z=+`AS3+BF!K@+u=)cS!#laK$+W*UPbkBh$%E
z9O&R=BhkV~W3pb9<VuK(GMUN@H5A*RR6xg^y^H~c@T)cVq-y`~U}DSScugVtmfbA2
z%+ls>0gAIAV!eeFdnK&`0|5X50)hbn0KrYIAk0gtB;cu1_*7~DLp$s41j1L{dy$8u
z>Q{6SrHuFJ5=4!AZ6f&-rB0VNk}EF%GnIau0>!zBGX8BCm(}Gomw{5otF4q+j_!<A
zA=h{AZk~4g`j6L?T^{Yz**r_c%{<Uom4VGA)ElHC2iWJK351mkRrSyH2>p^p<y5Eb
zOBjO$UMpQTviHZfS$yQJ6M%Cfuhel4SaiLNcOaOyoHLWio(XzMG7twCcX0Y8M|39W
z+&6JA+(WFM&PHD|dMS(Io@O6sR>1sm3^l)5OV-`8fG^47KzM3=dOYqWQN}Mx08R?P
zYG(QI^V0Ya2D(mOH<Fm=JM%WORRV#50QFY9`olPt_GFIfpq;w+5p8)jmLY&XujUa(
zNK6FB1Jl9zg3g{m#gz9CDvkuEY}qmL$s~q<;8&D)3AI>Z6n3J@*&>6Q$zUudW;ASZ
zQzH5(Vi)P&Q`Izs^HP*fY*{R7YiqEtv!@<vIoO~!5U81Q>=|O8tlwC^M*Cwj0|J48
z0LvBOMMw2v^dO~mza7xFv4n50Qe?_on9muo``SJVw9twDxz;$tm3C(+A5JQ?3KbZA
zjJgHmx*IBX4Ilw`JwQ-@w86>Eta4z4TXD9^xK10mFm*b9*FGd6pGoDEYM0?EA=1$?
zAh{7-VIk);QUektIB7B1=h0D7V+h(3j{<>!Ay@B-IXxJRi!d!JY9)Q_y>BYaL$g&;
zytn>PR~(ZYzYOl@OGA*<38Cgn$53>6_^#wDST1{Xw-R%AJ5f%kWK&JFV-I!P2AUax
z?0^i4+Xou6@<J21TN1ArL(%FosgLr?w6Q0^2j_=UV^ON-YO<(4)L3Q_Ev>fpn6>Md
z0)c=X@A}4A#y*Q%XsE;Fq)6I8SgLZZ^7^m458-?+{^(mFM#e>F<Mc@jEJw)Qpabk&
zk-(@&AL%0<FcdiX7v4DpOBt9>-0j)c{*7c|js3Dusa$NJOJF%*s<_@CX`P5&9Zxl{
zJ26krm{pSK35pUk>#y4J{_H2XK9P;o*ErV#fq*qDV<*E0RC9D5w-*D^YaVVcH?W@L
z7s;4%??z;ZXmnf~khf-nE#R3RkTMy<Ys(iy6@Wfd0%%ES+FRK!(pr8S74;YA5qiqe
z9XPww4_waym1wD)8+izPSjO)UCz32VC$bSAw6U1h<^ul<(2Tl{`W7ruei79MT3KX_
FDTxquHyr=~

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
deleted file mode 100644
index beddb721bf..0000000000
--- a/ssl/test/axTLS.key_2048.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwqC/2/rPcAZEs5/ejT3ZL8Q3Pfdna2WC44i6HYCnCnbOIcW+
-6Xub2IXGwRwQBFy+mRE9WjqJ8kuOEkSt6e+8wAhLdag7WXJ6cxoag110t5FEHSyd
-GfvFFyUNjMJhLd+EmaQTTpEv9MJPJj0Zdruh1EjyRxa4HJmiD9t7XmWyCfSmM0qM
-kgJ0J6s62rRMBX+l/NEEX2VzJugdZAU671RWYOncuxX/2jUYlvIqI1l3SP8acMU5
-BtfLsYMj08lNHOjgZCPRwkdjsl6U5EqIizKZygw1FNugVEDHnL2MAYXwqzX3pGr/
-72Biy+J4TSH6lt0stszS5m8BirMgYr2FFHslrQIDAQABAoIBAQDBTa0gzEupJOCp
-UvhUagBDO+vuBMJX3XuRh6PqV3QQpYz36BJEjXttIvkTpU6XNpIrLv8zlX6bAsW5
-iTL+bRiX1eU0l4FSxqutlFiO7oxVIdd37m6edvv6j9eUXR7t09k8S8TNPNBXlYHN
-JdQbpCIH2OehCYSVC1X1z/UI/ZJF5VSn7UsYgwReK102svfHtll85K0TgHMir9Rx
-Dlh0vYx3IJi2nDOTyJ4JekkyEAcYd3D6JUd0JujcN3Ev3EOsns5GXzN6KYvinmYf
-Z1bA/HEMNb9ZS9bdsoAvyeJAeGp8ejzuJVHGL0kATgrAamb58fPS+A8Guk5eN5KY
-5zvzNrJVAoGBAPVWvPrDOJX2ZI7poJ269xFteTWWIYA+r+YRRkhMBMcD08H5gs6e
-QMWU9w8qjgSmbNkx8skkhn/gV5R3CbVYYRR2osrZIoOayWAsJmY0bHFTIvooYhfp
-3lPVNIPzUpRObFksamtrsK+zpx5qOdigNhComXLsGWKfrN9Yvkb7YzIDAoGBAMsV
-4UVH9WH0IKV1vx3QtrGEb69SZMpbmM8ZsPvaPgq00In9udY4w5V2ZygfTiq0ChUY
-fYy6BeO6Gyp2DSABdz1AUH+0wcnNrHJghFtxtsq4Thu4MHU6ftc+JCGfSeWUapfh
-KiHS0TEguRFcYSHnM1IDEiU4aTHY59FRUWMI2hKPAoGAIVfviTk9GIyLMC0qaiV9
-7L1vKsxDs1VRvLf+UFcckxu/DO7nS0OQ1Amh5krHUHR5+K7kK1gue3S3EnN3O1FO
-qGRTTbRjD3XbBpoZgeyADIrbBxqz8kITuFsSrxhD0eoyqY/yyrSxJ8AH54dSY1Gq
-52qyqD7UWGYRLa229pi165cCgYAd7/rGWMY+i1toqMPkpEjaQFiqcq3y+q+7D+F8
-Lv7oWyFGxkVn4/RJCyxHyN2gA+xckcCoRx/pIx0wFDj5F945BEsZmE7c7dnW/o1k
-YY39sk+pXGygS2A5YKq43h9pnYhdHU81rzsxT86YVZLoCYoSM+uv2vH+7Ce4PpGN
-1Nc41wKBgDUrYyfDB1RzdB63FwPRax5uLjewnuMXyZhy70ZkiGh0XBuQt2aCLeCZ
-HpAyGcJryxdDFYA+UwJoSWjaW9ku0lp+GxX1F+cResrRHTi70w9czwGVaKmcG3kI
-fFjG7w8nkiw5J7IRH7SxmNbmAv8L0Iy6jvoWLFB+EdUGWllkjCmJ
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
deleted file mode 100644
index c205382ab7aff86732f3dfe2ed465797770e4de7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2349
zcmV+|3DWj3f(a=C0RRGm0s#R0C$yPeD$39>4Ep0;5M@#wpmeJ?wh-{#-F%}3)vYB3
ztJJUoqYbWSsq{2`FhC1&(<a<tgeSWWIw25pr1RUCV&A2S4ez6)T=|?mmuADrvY&pF
zomJ1}w+D;tT#z8mUzcUMuk^h+_r*lQN?s#%9QEsbW)ZIp`UhtqP#aQ!kEnM5rgiw+
zVXhXV##-lf26+ze(d0CgK;T>maox?BB8At*_qHegN_Cm(UerlhGFqSp+Cz&}#6X`{
z2H3(|N2wGExlD97fXsOeCn^W`4Pn++s+M#D>;O(~wfl~y;qgj?b^u`WqW``cC|ig?
z96y!M7XS2>*B=ru_+Qy_9la*KLK^5a-5uR~wh=@#U7Tn=6AH}gihl`NTe>q(s6__@
z%!kaMhJ)^ct&_f>W0CD_-U+Y4I0SM3pkv<ZUM50cmf`*AW}TkzA-Px;K=#PVY$>J2
zC5#@2b&4ibCx^XoK}a?;7P^WLB95^r%-L{Z^TI${%`T)LB<vl>-5txgX;UR9*9tfG
zp0JoMr}gZ3&ElIoiQP({zW|?|<qCYxgEPW+m{-!lKyNF{i?GZ&5?H4HS_o_rv^_g}
z1|s4$-6>Q29=N}D%WseeY63jXE#yASA&jVGam|+W!jT0{up!{AH7z;XMwF|1&oLlT
zI<O0vxi@-$!>f-10|5X50)heo0Ic&e?J7A6sOJ1oEf|dfVdPFl7nV#Utbk!IcE+x|
zwzL2mzN#?8R)=NF$soY8eCHCB3H|LyF9zTm1EmhU@HP^xA!jo7)<0XT9bP4MXZ}Tg
z9vpLn130B*c(tPYd~`tvpU+SK#<q6ah=JDbVAYrknEh8M^Y1I8UO9}IVCyR#x|!&b
z>>$+(${mFip2Fs^tL+p5xrw4e0R9cryNig*Qm99AT2>K`J_ZtV`sYF+WVfz|JC5a<
z32|_d#wA0pmA>Jqt>Mq+?{md{55I*UK^tnI4QyYb3M%J`W?RySWV>v6a0W~ptFc#8
z2+k-`_?PuZljI(Z0ycu)f%7=#+3so6_4~q}&izudsVk7dFnzrcH(x^A=H{OU7it9{
zgYY)1WTAuDc>i}P!P>*jVZ-o?Z5mw5N5SWmc^m+(>O|VI_8zn(F&6&QuB}9w1$fl;
zoTz0hq;ReN$w<NtWWC!14hB^a8Xi9!BaVwUp?j%epJ~(jIRU<1{B!Qc1f+CVAfm8X
zzW7_DFc$Jt_)RoWa%U5x(ZBv-RtVCp4Ca9IE)qxU-_?f`G1C=o_xTPu?ec}uqbMeG
zwDwt>nV{J0^Im88if^GkC^Y=)-Cng#lZ*eux-L-x(rbUK01LbXkwx0H)&siZdBsGY
zPMq(uI&?)?UC^J;$pV4_0RaDqB(do1D>>Gq+(e`t>wW2jmbau)pXl!~H>zdxJy}70
zFQJ@~IHF5WD^efq<~`Y<fk&Y1BxqN_N@I^$i0n?-tb7Fb-?WQT_bb5M?{l@sb3v~5
zor|n7Y%h;Yg;T)WVfpdNj5+jQ^`+Cw6yG;WJ`5xSo8oXW1pP*do9sLY98Q=2*WS%6
z(eO|=Wc@Y6wKCe59xhIQ(j+u4zQBSk60*m!T{n|YMBStyr50qjdmS6L5*HGb1n_@^
z)IFU0YSN9^Q1r6#E2Q&)vXf7?b7S2Y9=dUrsV%6B_3nD>-ZapdE=Lvf^%`bxIV>8_
zpi17`dW!e<P0=9v--`l*0RaH~o%(S5)|8yA%@ZSn+}<+{P^X!XdlTllVU|Uu0T@tN
z@fKl-Ilj&F4kT$Ch4S8iUd!V;PV7GYdR!%(VXU?VI;vW)70*A4ocnPvw>m{S$qPsQ
zzinB>N&dd23n`lgx*LKC_VcD7mz0m(-cw6)yAq_15GEpUr!x{xm4s%+;_{m6IW3%P
zUSyYXejLf2KjE=<FLDIt@%w%ER$XQ@Tig%q&MX$6w1}w3x)8O19*~1WDbY1eQr#I5
z=|wC;T?1)bZJu%-6IZ$uv0M3f0VJOG*wd#j@&zmbI*~?~v<4w3$y7mKk16}fU|5fm
z!y0(4l>QU6-!scDoFt6`f&l<M92oL<Dyz4=P8q69xgpd|*+`ZMbpX;E3E?ju42rs9
zzy^61(O?4T5xL=g0}+_-2gHLF$OCxvt7hKfbRgoYgoM*?_`8M}-?4tgGtvwZ2kzHl
zc~<%bCm5kq8ql-T=3`3x_~20|(H|8SPB^KZHe(u6E{?<-VvV=xdzMdYm*Dj#!l$Hv
z+TA83c<SuuL$iFs>+0&(85wU;4{*%q6qPV8GmC(8`8*ZrUuiq8z;<uqrK>aBT#Uur
zDKGrMBOFWEVn`AV4MGdUv>t%IN_x}+7WbM=`KGAls{0t4O86`nN}ZmdaAZh%0M=q=
z(+Zh=EN$fYA?`prE2p~xf&l<!N?Pv@tG%xb!nN1gQvz*i`&$@+rIHszVbjH3A`wHj
zMg;j<i~Q@$cXBog=`6PPPiAFUE$JX&w!K&XT2jn0P?DMj_A<eNtn5uV8oBJGW0ZJn
zP-J3A2zzp=?#<!w>+H9=lOdxG5_)MY;GlVN!q)iERlQWT;`HHkO%rFj6$8Eo2%|Sb
z{rF3nAU+<!M5+{I6($_L6>bOCGW7&gx08o=COjKnG9OXBv*(*XA_7DIoHpF9f_YHl
z6Rf__Wk*KocnrQNJq$tmKXqr5#tV-L-)jzV4sP&t6|KgmadNx7o=1RY_L`XR=my%F
zxJ*{_68OcU5|vB!271W?f&l>lq7j)r+-H%^f<*}JSZVtPV&|7V_uzNj4B0wPZU%(I
z!-#xJMnItAM}A*#OO?#rh~@QE<UVabM)xiI?Ll>Q+PsjlRKVqeTyM#dxk0l02_r9_
zBsL~(g-PWYbR%PVYD*$Dua&VxhCu}x`T7lBNtJ2|fQF1p@+xlc!^9lFEq)(oD{-AG
zM<Ua4@j|awSC=6fyN?oZ>v3>^$8)&&Cqm9W>bB2ITLy^6lMzc_-U;tIQITU0U)4vV
zu^PNP`(&Igf`#YYx+c>R;XC3`YZg5g(tGs#J^3oGTnXfccDQZ1E2^{1-{SxQU()Tj
Tbx&XXcZMQG44N=;lHrQ{Y;S%h

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
deleted file mode 100644
index 9929467f45..0000000000
--- a/ssl/test/axTLS.key_4096.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEA/Ce0mV0qytAwDPrjXRBlUh2gdKs2thDw3N18owXVrSUFq9Sw
-AaMNrmep9DR9MEALcdMm3GCEJ7sOOiEQcqTz25di36WJDe+jo1z5nD2XZsPIsp9+
-k51Vz+W3B4vsXJAgzV+XZbmv9L0598VEwkpeI3Uc9et8ZhGvDPoHZyBQG1KAj6h3
-AKZ1+NthrhajxlrndQZ5Du/R5DSUQOBcCHHdzZgihdfF97Yn/kp1mele1ElZMlqg
-BtpDi1TEQJ9XBtjCW0epFAm5THQ3gMx5DCcqB/cNYdZWqpZ0AuwATm61+46m4fFK
-g3YAYPOi/74aKFuIQBw/lc8W//SV1x8SL/hf2XIdvSa9QhroNN0d3Xu2EUQzXZxo
-PRMKzOqKfwlZW7ozT6hFBwPMh8yfhoPugq2TvqBjke1s3gmvwTgEcf+gY97qXiZC
-X5bh/ehmnZ7vIblYFUD2yMlsKaXGJYweh3WKJlQnh71wQUg2Mxa6ig8ijrEozNlw
-YfPCQFrNLqQfJOwdx90dy7hpUyUn1wo39p6wmC6n9ex4zeKbO4ndSp+/AJ+d5Qp8
-zoMzwneYV9LBQG8ry4uwzDkSWKb/WghsEbQ9O3sGIuI13SlT/B64v3bLb5AHagI8
-zS3kPsshjKhkcc2W9MKRBU2wIeCsNS052kaUq3rPMSBROrALmLk3en/Dq48CAwEA
-AQKCAgEArPMy7So5Cqjm/FAtGI0BYeRORReWTCSsgGEudsauu7a0ABq+qjDDVodl
-y8kgwLJ85xKUCf3tRy8G4BoDpQ688DYSrCFnMvbWP1urHV4ldWf+RX4eHHODAzil
-ZHi1ovt8dEEHn89P/8a2dtqIgdbuYNWYCpj9Vyjz7yujXjmMmGDrKx26meiS7CDV
-C8odhRSewuawq+0UArmJokIA/g3Tu4uIylKoR3JaVhGOPgYSc/rnQiFkt66HO47l
-mQlxcJHGJUOulb7hqK3hz+bvc8V9D7+FH0EbaqANbF+hCirniWZb0odku2x5cAZM
-G6uxV1MIzihR+Jf1R5PkHowCNoLegfM45tnuadP1+8Kezv1SsqkrkMEwfb0QN19C
-2+bmnwYXagUgg/A2q2Shg9h4/3cpwdrDzGHD8IttGlzLR8HnlHkcAK3qRNqy9h60
-JDEW/tOurUSZBXjU9ZyoZSukcK3+yUjCDWS92wMOBlUQGh4/HCOOizahe6lhn2nT
-+jkBvl38c+7GBKR0VyCisFi++FukMBbyU/hNNFByZxOj0b/+YVYI0qwM5oDzLhJH
-69/VhxMx0xVt9/kOOO3yhdGjKCZztPZZm5mg2OzzXmf4im+hPSg0/OrdXrVNk4v/
-w7ouUQHSa3+rAAu8BJFF2rTWA7rjecVEnk6c77I6dEVYXdCfz8kCggEBAP+IJLHo
-7Cs51qPcRKQc633phJa3pFGf6O8xN6pl8z1ZQX0voZyROKJLTytSH+zmPdmggUeg
-7CRoV8BKY49YiOxO2Kx8BPfftItS9yvA3O9ztcdzQa72nYusMWwvj0yFU8DbYfnx
-yYw59F/1pdPKFN83Sj4MJAOb4nAxBP1GiZvsPAgcTpf/197NLNHwUDdk/TXDtTLa
-lx4uTn/SJDQuvsCCLBKyx7FdN5NPRN2kIKUWZLd7HRu2EhcSlATwf4TUPZz7atKN
-2FD0svErpPOAspNPtnNj3RgeunGVqS2oi/XueuveNNCYLkcV8/UaZm85LBrPoEre
-23qK9/ZN0SD534sCggEBAPyd+nD71pScrM0TI4Lc3jMNUKeZj3sT5rlhlkWlARhQ
-WPEWYYg5vs3zDiRpG4Xy3n9ey+M6Tuw+/XpcJZxhrLYFOqparxXPP4qc+3EvtzpF
-OskLR/2/bVnESf6+pQspmwW6G4IJ9vOmIJeUj9zeU0txuxKkjhAmInCnMxJOlYRm
-xeLymuo5LZxrXmSXcX4cyZ0/4bF2L3IE5vH7ffdWXWYzW9wP7M4sFp+0iKjHuhC1
-gB6Qg0Mp0TVNUt0ZEelFLEJdA2lbbZ5yHhNXuhOxW/l3ASSe9tjTpy7yBSwBOpFG
-l7QGISfJVEFfjyn7yWBYj5LDGnitlP4TtN8zyy6cJI0CggEAPRwY8ncqq7e8Thmq
-TLkh1E3ZSJYIdQDSGwnhLx4MirpiwAZ5FtFgAugRueF9AxGY7wfEgxXIA3j0q2be
-4nQg4qqEhNNv+LuGGN+xfsQz0gwRB+7XYXlW+gUnGKFTGtCz0+ZjSvv44FEn0R8V
-Fk44qZ02YxpSLo7EG2KNt+h7lk9rl+D1JsKnpH/a3SYkeOrs50OzfMLr6urWGRlv
-UQ9wzOcUlTAuM4uAc/k8FelfaTuuwHZv4qWrM9tcjMXbKS/8wCMcS9hiSBINDUIL
-w7QegL5KetQCFveaTPmmqOWq+xiaSvgsF0qdnqBwZEh5ANZiZtMKmX0sbeT4Ie5A
-OiunuwKCAQBlSlrvDqu9rwzCtdfZUwJtaftbGIGlkhdDYdPFXSIRQ7ZGBPlai/zr
-y3dyNgrpLLb2T2ZlWC3pIGC2vVf/WlLMMVCSmgX2MsGBrOxNOBq57KRjlHhrUGRi
-SAh7cqnuzeHw6+y3uZMhow0Semks4KB5ccLW+NBVvVS14vThdE0TZ7oVA74GCKM3
-Qv34S5kgPh7BRKoUZBUmHL0VbgfWMvUEU7eTh3cmPBteMh9RvbPnmz8iAkP/nDbc
-roJ5UOITrL7QZUdG6XgMvik9DEH6P3Vnk8YLjwnfaw5wDm7wdBWtxqZxcru8nkeA
-ZvaamPDoBtqauExW8xL4xaISlUv1BnrJAoIBAQCiEZk93GeRzYJFCO1YafsGYueX
-Pffgd9wM2TpObgaEw8OIfEpGQKDiR35fb0uVzNyI5fVU5D5tP0b3LfvtQXV12ryQ
-sVTA5YJcb8mRuUGy/AkjL54kNiZthUnlGHQjY3lqSyI1r5WxRIZBBRn5+g1eSZVq
-CYCGjEryKm7vw8Qcvy1+H2crcZ0rRyLTcfFCr1ZXlyEZu48ScOtxcIDHc7j4J0LO
-Peq2z0tbBojGkxFLX94J7zpRkWMPX9VHorEavDv7ZJwtgoXn3Lom0xHhO+JQaxY9
-FtJ79Ps9+SquXAnkhna4bbkrqrPM3+MAAV/S7bd1T1/8d4YiRQyaMHGS4Yr8
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_512 b/ssl/test/axTLS.key_512
deleted file mode 100644
index 7ae50f23bdc90e48f165aff330220508a99699f5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 321
zcmV-H0lxk)f&o1O0RRF)0MR=zU#S5?J%(*^zCdnK!AXBtb)hXb<-t7<AR5slZTfW5
zJ|nPj{Ge*y>_Lcx{!|rfVZ|0=xRXKgPd)!Gy#fOP009C)0Fimb?T$65*W6;Z_#YNk
zQ@#a*O7BqLt*OZgemVyg$o&?(z~q?GMVVlAY-DAL#~wAJ%@hSVITaeX4+WM10RkZa
z=<C<0-`J3<JRzh6F>2Ex*d>@xxG0k=x#?fIqh)t}0wDn9_HXM@#5)1QLVZv(dI{VJ
z<#zME>JR1d(>*U^;<!NqApqUavgw?9b&=SA#N9<+P{2Du+98<Z^7}$5uflGNb5#N%
z0K;8s)v|{ZPCF5Jp0h0B#d0-gs!3GYZqw9HExe&OK>{HF#AygqJ2JGkYa5*N@$(u=
Tmj7@iAR3)zxTTMr$9H6O@syE#

diff --git a/ssl/test/axTLS.key_512.pem b/ssl/test/axTLS.key_512.pem
deleted file mode 100644
index 1e2fb41f87..0000000000
--- a/ssl/test/axTLS.key_512.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPQIBAAJBANE7MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOw
-cPygat7sQYiE/lQVa2HFFmK4k0HxTz3/Lr0CAwEAAQJBAJF5xO2ONajX3GK2+B8W
-VVO+BYNK71DfranJCX46BxXI/Ra7wOSY0UWZYHVsZGWJxx41os0UBTg5FRq4DwWW
-AQECIQDo69eo39iQqjwhpAQxatMh2CWYT7gokyu56V+5o2V3fQIhAOX2b+tQxDsB
-w0J9UDN6CdwI5XbzveoP5fHTPS9j4rhBAiEA3c+y6Zx6dZHYf8TdRV5QwDtB2iGY
-4/L7Qimvwm6Lc1UCIQDDXWrVsocTTjsReJ6zLOHFcjVnqklU2W7T1E8tvKE3QQIh
-AMRpCFM7MrS2axuc8/HzGkqW/3AlIBqdZbilj5zHd2R0
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
deleted file mode 100644
index 8961bd9a59..0000000000
--- a/ssl/test/axTLS.key_aes128.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,B3A0D2BCEF4DE916D0BBA30A6885251B
-
-v8y74AGReaPLmDt6O8wir6hX1Ze8K4fVNkrLqfDMdW5E7jBXKO8riCMNmSjQ9fyh
-eTicej93+8krcIvSXKW18TdO+EWezQevgnLrAZQWaNPH2j4B+K5gm701uiiKFKVa
-1zngAOByePYlN6z4JLbiCyJRhxSo5zCaUYkKC2eGh8mlE64QmokPSCAj0wcCDzGh
-hdhBg1vm0GmaQwIDVn+8zMfahscXVMtBmyQf5YP4PQW2nqOt7aZHjBNdg9qnBpGw
-b6YuY7eZ4FgQvYcsNCi34NroJb9pkTrrF2F9Meb6+3So7jtMFG/YaJdCuXtf01g/
-Qm+XA5pJUtIUr/hLQjhkaOVUtXv/k0o/MR4k5CbAmboLt6YHf5V8+01vk0bvv5dI
-70pVdXMmx26xDZOGmjYzd93PWc+75jak3GN2fbWryQs=
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
deleted file mode 100644
index 7671a302fb..0000000000
--- a/ssl/test/axTLS.key_aes256.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,F076229CDC2BCB3B8722E3865855B45C
-
-WFV9QWzr4tNmD+1OeQ7BceQg5LVQHp20Jo1Ax29lq8JTPzeObhtaU2MUHlcPKHUS
-vK4FyQxJ25CyMubbnaZqCCz9pNbseFuJ1tob9UqRmXkZ8HV3snRjJRbcctD+V9x+
-Ymi1GreXoDQtMp0FtMiFjPvIYciBQnaRv2ChMAnGXNbZXCxWWA9E5S3a+yWzo+gd
-wEcowL+SUac1PEDGHokhKn7nctvI9cC4hE6JmKM1sD68/U3rRPXMGqmC7umqyT5P
-gjWBb1uu0iRjFC9eQUsaKPxey5Be710GFlyf/Ff/tep7RhkryIWEPvIzYCBf6rhk
-3pysFgTjfiUuBYUNumjXr/q5hgdtb75788XUDxKwAoUx+m8gi0nJg35CN2nmQ054
-VJxcZlNv0wqnJ+GTTZeN6fiAhTpVtHsqHQomRSfaBiw=
------END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
deleted file mode 100644
index 9d27999fa053e524fa4ca893c2d13ce9ed49bb7c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1483
zcmXqLVm;2p$ZXKW+RMhN)#lOmotKfFaX}Mn9ZM5y6;Qa$poyspA;q?!i76W>l+MJ+
z0HhKSGK>Z?Y+O(ico-QC_*gicZ@+tPGI5?Z6B7qRLlcv+>xsu7BXuG}7WFyS3yN1O
zJiB%z_haDaFJk>AMt=^4KDj&FlSO0x2d<QxS86g>f3KgsbB{=vL6^R#b?e&OS-QcS
zGCN$<U)|R-j!7>J5|-cmTV%e54S!<I%v}PPV|KXlHLx*$yLR({dh!!ry@wxHbn`4(
zrtp2X+e+Js(du58+nw_ke0kN+V{!Xvi_Fs7aa@776~ZoOpZC!@dwTJu`zsGbFtTzU
zV+vj++iuruakX9a|Bea!8F%F+h9C6ZcjM}8$+$o7GhC~-@P|jAoLB4`x8g`>)2?UI
zWu*`8Kl-TagceQVV7aLOe%rD0rav=xK9;Py<7Mxpy7}0RueYwx?_+3MS>c%f$vi$Y
z>qPY0e-jNE!}i!EIz_nZJDZx%Fa4AynB5}RZoGR%m9)iXor<N;f=u>?9S-~7oa}kp
z&%|qA>g?W->CVE3V>Q*gZY<JRHEFfbz3(d?tL<){;r=Jb)zq$UYu|_DE{+Rn%agu3
z3%yNqDAxJ&KPvBHYVlpK^9Np3U%31K+EVcXONOeVXMz#IUMYO>|2(~y2WNWEVzf?I
z<(U-KKKn^n)b)LfN?Z=|E{NH6jr(|qli}4W=1uv^j~B=u=E~*SW5W}$okLAO`S{IP
zm&N{b_Df#*<hYK*$5%h?%<kN2Ykj=tWHF{M&i$wP)aNUE=q~qX4iZd{IXV|SGrD-v
zIiS8g&5U6OdnH3-iVSmG`@wrZzP^$SjQCnA|78E~>e&uoyfd~wEuSU-w(_`~mv6zJ
zXND(%Y3vJ98Uv=jrz}lO4}rpWf%qmHH!Q_*F){%q7Xk(6VkShcPs!1(#%Z>ogb37L
z{j#quvpMaUTGqUyQ-7E)zkJ$hUr<88Ndd{X+aJDG=s(t#T=rr1MYoSPrQV;Yy}z+m
zy?`~c?A~9^kPHi*)!q-?Fa37Dv_6naZgJ(Ox~e3WYP$wqCBy$MnR+L9v<?`a5ep4p
zld((SiSlf=yCE(gW-`xKRMt!}E(zZ|gL(1NxWndoJkcy0{rF>^ugY2xd#-gtrp&?V
z<qeLLc76U^Q!xA5inNBn{EAOMlBSfKT}l^~i<*1fHfT>%1b_dxY9+VRUwb~ASsUAx
z{&$<{bAPTu(cML_!?$=aJkI&ra-Px8)p5DT#2>Fzt$sAlbPs*aYTIDLJE^z&&fe?l
z^Sk%Vzox!;X90tFQ`-xh6V7XQZrpS%wK>%Iy6xiU|AVYWX5_w_yT7M+A7@N?Xa9pO
zC+yntHF^4$pPv6HK!{B^ccmIv%Zd0HP5-EE{lWK-zxlMywZ@@flle{ob(fXKCWfJZ
z_vby)@(Da^SW$QG_ddtyKiO82(qFgbfBia<K{WUK@v0@8%M9km7`g9Ml!=JFY;&07
z;BMK#GCA+R%hYCcIoDjVkM?JaDL&9)b2@egzt_?YS=tt76H~+8`^8zdojJWSHhA^%
z%R#?3RVlUWC2Fm&Okh&DaIf!hu=-Tp`d@1<h2LteH&Eqmuql|-$1K0EC+O?j|I-Sl
zo!#B%5qNOD*)pRK5gQ#jCfw?r^|sf%cEZyiQ?*+jpV3SZ{+~MIyXvK$Be(3gd@WZ|
zFD@!s%%x_{^-aOxVSa|#GK(|ZzovbydogRlJK+t2D+C@|{!TM|Xc^|NYQ$^#)>rGH
zyBpJ1of*Za&nY)6zS(c*82^(q&7^aotL?qtXSb}Jp<BOf^9f^a&mD!Q4OI=4;R%{k
z)KH8?#Bf{p!<{BM|00^2HDfq4lGuA!Sr`}^C>n6Gv1;=%GfA;Bu!uO$<hdKxZPoGP
cR^P@Mi2?_#oJ#kwaA*sLUsS1SO#mfq04q$GivR!s

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
deleted file mode 100644
index d04694b1fdfe85f10841cadc6681a121a4c3c7eb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 347
zcmV-h0i^ygf&o_o0RS)!1_>&LNQU<f0RaI800e>oK`?>=Jpus$0zm-LJ1}3V0YW{7
zZF0UqZc)KWe^+&(EjH!BJr5un(Iaj8bkaT}uyFjKYToQYh=l%B6>DL|7Gk)QLGe#L
z|1P}(0|5X50zm+gdBp9GHK^CzVz&4n7FAQe1%pcOP~WYo$q9Zs2NlTu7Q4XYn9)U<
zV0CO{Wr@cgHKNTF1vohs8n_PymH`0*Apq#>*Qnpvkg7Z(qy#Z)(;?U;m`}JUlPkID
zU%8`YcYOjO0Oj^?>rliy0mDLlP&0Z7+z91%^S$a1<?+)!FJt1kK>{HF-OsY=oO*SU
z*nh;`MP5+AJ3-nZnB(&MLMgApZi{nO0wDmyU24^`hZ9aa5qO@nEaAm+HD{_xRM~FR
t)K4wEp*KMSAppc_2va*Uw6<#-ob&PX8cLS`a3vrbon^SCkDSMMWONLcmL~uJ

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
deleted file mode 100644
index e07375a848..0000000000
--- a/ssl/test/axTLS.unencrypted_pem.p8
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEA0TswX6kBQj2GbXK+
-QG5RwUl/V3WhLTblwT0PIBrRI236dNI+I7Bw/KBq3uxBiIT+VBVrYcUWYriTQfFP
-Pf8uvQIDAQABAkEAkXnE7Y41qNfcYrb4HxZVU74Fg0rvUN+tqckJfjoHFcj9FrvA
-5JjRRZlgdWxkZYnHHjWizRQFODkVGrgPBZYBAQIhAOjr16jf2JCqPCGkBDFq0yHY
-JZhPuCiTK7npX7mjZXd9AiEA5fZv61DEOwHDQn1QM3oJ3AjldvO96g/l8dM9L2Pi
-uEECIQDdz7LpnHp1kdh/xN1FXlDAO0HaIZjj8vtCKa/CbotzVQIhAMNdatWyhxNO
-OxF4nrMs4cVyNWeqSVTZbtPUTy28oTdBAiEAxGkIUzsytLZrG5zz8fMaSpb/cCUg
-Gp1luKWPnMd3ZHQ=
------END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
deleted file mode 100644
index ae029dee0fd45e90460d0eacd15f9be1882756ea..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2089
zcmZXUc{J3G8pmh(F~%Ok8&kYBg)D;*2FVg;ghXY@z7*Bimm!Rd?1M5&G+}5ak!8F_
zUL~QSNLh=qC5Eh7vS05x_ulR~_mAg%pY#1b=lSb<J}3eY5(0*z2(VdhxB}6PxGn&O
zfhh#o5I}$p?Atvk0#Nxo;-(OQ!hNd%0tW31`F8?FNpti5`vX51j1mNRU`q0v_oM3`
zLLfY#SOReU#>aa*<b&boMl-v45~;e*m)|5biB@)h30n6OJX#S)!Bgw3TCJy(pdUw?
zVM`g2w!@~{P2J<(fWkB|L?cATFVb==7Qr5v-51+f1@?0fPE5|9KWyV}_!$Snt{=m3
zgwb$?PfVQ=-c;7Zs;{vfHf}wiNpL@m-ava>^%q)Nk&KD<${~X$Bs$!?=aX(DX0b)`
z2=?1scbxjAy)u@r^s~g4M|A&HpVVc(WGVgvy{ikEfZFkPEVjjJr^EF8KrD`+uRA1g
zxA*y2re}A&5n``vH!1gLMon>80@oAn!BCe`J5Om7!JOHvY0haYo0>t2ZHWFv)gCwC
zcHV-}4cAM&Biz&hD-yA&@oQG74hLy%SFU#=+jVtu(u<Qf!Kaoa&$k(EC3IMsCw(rE
zPr;KtE(JZF5b&zusi5a@E;B`@T-&ALYzZ6VRa9Dk5Q^ujm5)jsH$Yj`y32if$=%Rg
z<0-|8lGI>IS_TQ<xCz;U%l9AnWR|~Fi+k^9C*&m#zTQlI-bWz44L3-MWLP4F9;DV1
zuT7>#f3c@C?6i}42hDFampl%liFBWzzf&J5c<bU0qQKpe-*mZUDNzzOKugV&-SH8P
zrbj7B^hp^%(liuyV_ym-<*#opYp}x|^mUy5ZB>(=<<RHFuqrmn6$QRHSMTAe(8$v7
z-@LjokSJo?<;J=srD`+HJ6KL<@H;0oBW<HOE&)fZnV}l*5>%^P?;lZI3p1Tu!DplU
zM4rNsQuFrc3#-z1@qd+dl9MV4j%g2~-kl!f*tk(>xkQmBR(tPOebymRY#7>NILs^G
zFd-|{;yz<Rqk?jVZDxu%H*vV0kJ!1@av<albh{+R(|842^$fgxoQHiw{6r~tVbQ~K
z<ItD)+zq%YGe24x`rw@d%Hv8>g(q7!s)AB_98U&M**RwaoN8`WRQk2%$o_`8gBYUQ
z>bS?Db1c-A-gmLeY}Ob?-;`}5!ofJtZS#IT860`^oOnbUrpyHd)iXTzc}Xntnd_EA
zzU5U9JWN7Dz-4^pns>eM`I0*SCMnzRuH}%O#6|~pMIl&Wfp@gn^DiZ-!c)6CxQYd)
zJzRNAA*1aW$MR0a5w!1vE6WIu=xKqx@7iUvpuMMs?kTPnQE%qQsw%behcY@}vw**a
z`foo$)*9kjLz9hUoP?ua1DZUDNPw}ee-$X+4*&5eOHBzATjgjS_UgHl-aJqGr={t~
zYP=pu70=og;9j?fi#@8a{zI!-#dZ+&97Xd$&R6z4v+AAQY_#P33i_0F5*2yVfg%t)
z)_nArmLs4ZQR5YVHQ7*<cfyH@^478&QGt9&>}S#SyVn-<_%!7>aQ8Hs*0VQ%t)J|~
zYM9nX7;4R-{w|0$=MJHW5-(c4O~%Dbulq%Bh;Hx)GamO2{@G~$sth9yaULz2oIPXT
z*t$vbEzQ*7lpg)IE#F_XlK&DPd@_c%yi{D8JaGDnF6iLnVfoM?n#C;?0V?%BXrd6H
z`~U&Uvu^|Y1LEfU52$#-5DEeE1Vw=4|3AO()}EQTmcLW}55E8c1n=|Zf<}W~uH4Uo
z9{nEovqoI>)r^n1_hv@)AJ%vEGgA<XL-|Th78#gJxU8P)N}7v=G-04Ulk!SY&^jvL
zW@r2lv6JwhgDup$KIY9$uhXw9);_B=bznQ(hCqQNq&?bY@YlNCt8J~7<=OYeQ)bC8
z*Usm}DMl2jt0{~AjP4K*>*~_PT3j&lA-c@fq-U_6%f2mPey71uU%KCBI%+J9&Aro_
z4B*w4n26|vcZcX8WE&_U0XIty?`^rvdtAi@Fvsm3>>P4m&}3uLbn;s5sM`=7JqPui
zS-mGzw#%6jhKm(xmU1~$5cQrmU6oQZ#>yC1FgAuU7n|qQG0mBRX7WF+kR-PoWkF*G
zVix7BqulQN2=t*;OR02T=~bpiO{+|*TjoSY-+EVCvq$Ws9yukLrI|yP?b$NA9TaX(
zmbgo4-r8v49<fi9r_Qfv{h(EM2>N~hEIpNWB_$2(I=#r?vK^#tNN~s`2UnH##Vi#=
z28)5ZrRXj+K7Q=MqC{}ba_eQ8>4@qxCdKNYjPd0UVU7lN5u5{4j0>Enr6=OGdfOFV
z>N9e~d`$HD0NLT=7J8*SA!dGDkUWFi#F{?9Y8wC8TceHzQzwxlwzkp*b1v>aNi7NU
zm2IUX6$AY*UB|5NmMy1GMaFk9O<wfwjSV)FdX+-nv;J_2=M}M%6UpN8B1y_wCL=>R
z2C*z%H2Xs#Oysq(Q-;Fo{qQzK5D)pTIX)d&`0O7%Z@aDrz)WltjghNu3G$S60F?&5
zkQBF9=)*zbx2k7asM)2?BaI8GmP?=+iOW@e;q>b=$=Su$@b>}_0*>HTII*M%RV?c0
ze+vyis45PKsn({9F;DsLUM9rLJHdV3VQKW!DCF-WF;&UK;vgJI6{H4o0fm9Cfr3H4
z`<oHS5T%NeMZvkbP6|RHhqyq1m|EG{iDfV*GP^eMwK-|VZ?BCK3h?;(36|unm8<{L
G|9=4=O4!W+

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
deleted file mode 100644
index c4eb54c444ca361efa2c3b4e4d5082607b2bb693..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1573
zcmZXTc{G#@7{<T(W{jD^5R)Pl-K-<u$TG5)rEFQtB(jZVG>k0G5y$e$Zjfb?Mzm60
zsjiZwDdM^^5@TPYX|cPNopg21y|;VL{o_5)InVQ)_pjdr!DvMgfrMb8PiU-q%HfnH
zF@!Lp3>NA`!9x5^y90v3@}Cj93<irftpX4MYzpgVf`H`ExW7M$A`lQBg}EKq92wQ%
zRS$v~AOQxwsWnbuHnE!~2n^^^tELifPhZ?7B0fA$KYos%egcv9DeU@KN5A~k-oUYf
zyUT%HSry031dhxnC09jT9+co)M$#>iD+9nZxp(!m{a{!^3zqnH?H3?JvYK&a%YB09
zJ2xN64qd9L{rE_p$ONMps@`pG@6EKNnLn~iR>6LRDy*IxtM>K<((D-bE7=NFnBwZm
zVDTkVmMC}syBOh=Jkx0xrI)=3*Ky}{1WKVFJ<xG~E?94}w5Hx5yID`gV=FCtcSgyP
zMz5$5%|Yuz#}0a&Pd%yWOW{hm-9oPG=fDr46Op%}ilB!ZrTa?cc*)V!bI@8a8^<5H
z<3{ryBc$=&p%r0UraO0*#9QZiNh|p>zh8-1K9d~&$_HC({W0Pt@N_i9?)3x-Cqr3T
zePAM(ichfVdaPV7<C!LzTF`gg>n;Cu0cwFN=i_M+Czg!NZ=B0Lz{jy3Y3K9F+L*^p
zHpP`Lof=}%FOqs<b@6i_XKgNp<{5YAADGhZ=$ttg(cnZrFC5<PIrK5X-HMUpP{BA)
z*2<KWzAr4rL=4}_TycIa-N0>{X_La@CG5<S2+Yjd;sCApgxU2Xt)cc|Ow+SusUB8?
zQECkX@CcCKFIGe?%)OQ#!LCWtN|jAZAI!8~#BUL>ckFU13_MfOQ*`js^lXj{zgSo8
zpvvyhZz0}5*o2+_@ZA>_+oOj88U4s=;$?^F*ci`49CnGbkk*(B?PcZZ=S>SPk@3ok
zHW3DNLRD|`myKc0^uUeAjmqung+^{+3d{tGYU^W{TUf3p?UXw03Irn+{{v(hjFd#d
zNc^Ua+dMQ{<R3h72ym0*%|2N2e`>XehcPNg=u$tZMZsW9R|};@aWS!k*BfVEX;Lt;
zHwbaQChOXxWnQcvd&tJ}o4rk5=geN#4DcKsZ(P$Uf9(}#!!S$J_s?VzH-9;@1v}xc
zUqgD9c3ha#A1AHv?NVY#m96HANF?^*G&yWD{q2GmcMsfa{LNbS^SV5igD{Z&Dx$B&
z?{%8u%3LI7ASp-pTao)4cVMLNg%y+2csd-s?%}d4`+cXH&-CM4bxkl%+;P(h+vu6r
z{vMBIBfcqkqD@*{Zdrmeo#r1MQq`(-v;A?#&AeL7!TDihKUhUbdC^4Ug3s4ohYm*6
zy6b@c=5^0<Pt~}q1-`p!@S3qm6FAgZ%n<t{D7KD~^io;0eNr+>()bcf`szv4@9yKC
zxN5m4Qj4KC&t`J`pr#;YGsh~~RY{EiFS$GKk*s2u`sy`QPFeMd5AuLp>V=#eYf|a!
zMt>T)w&M~9LewX345k?d$7SS;>X02`zQ1_yaA;27pcoS{8KQa?2@dfFVp=DbyxP$Z
zy@ShpXm-Z>TlR?dt0i{L`d<&*&dZT?TKZ%|ZsxQQxEgWP_tr8b4IRflERA)mm&3ZA
zqw}F{Ls$bchIiGF()LDiRUGD;5|77bcQ;p!2twN}XQGY1@j!dS6xXL#YfY1tITuQ7
zT?4)x-`W{_OS-hKMK@rylf^LPET?D**hk-8FA{YOZQJ*C$2##>vAjy(joiHwm*>m*
z^mewy#f3g$JhJN>vzJZ@4z@L3lCV1#cs^7<ajL#<44hx_J+X5e)1u8yFcc1#?xZ&i
zFrT|2y6sm?pGsP`O(}hkLe_C%rm9Zqok6`i^?2n5Brz(eRTPf(8x=qM#-8L1?fw^N
z>{gOAia>glIaaGf-=M%rY981iUt!j5GNkddL?9_B$N^yh3D5?-046{KB7q=)0Yq)8
z7hnz?fJl%cghdN!;E|xL5P%|3Be^CIZ5L9{tv0y}@`==V{HJadhB5C~zBA{V$Bz~K
E1>TCewg3PC

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
deleted file mode 100644
index fc92d056429c92b14fdc609505a5528a38ddd3da..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 475
zcmXqLV!Uq9#OT1p$?)-T`++N8!VeqpvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#G-#ZU>?%f92Ij_I
z27|^<rp88w8xQu2-g~wF#nr#uD^_g2?iRaTEr)08%{|9{9H_YPEiCnirUzd&_cGPG
z7uA*d7EiZs|MFnY#Dp(wpB?0WPLy1!@9w;Hw%na>t7JSY6*W$;@+`i|$?C)O$;UTG
zreV3rM3+B8n;$-Z?C-Lx=WvPT3!e*Dd{h#*I85z1z_p#p(y(<h6Eh<NBeL^=fyNAU
z7q`1gQ0=zliaiZ?+jA!P7$1&VKAlsB(|>l}<|sS2Nm9q#MI#?}#GK1|G;Nj9n?r9a
zx*tqPn=Ep8#%g2J%eAqATyu5`M7USYn40q6C$>rQ=PUlWS*MNEQ%>babX_=L_GM?X
j$<kY90cM_;wp%G0N84SC=b72Oebe`Dmm_h-jw_h};#;++

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
deleted file mode 100644
index 81f3eaf1c4..0000000000
--- a/ssl/test/axTLS.x509_1024.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB1zCCAUACCQDxw4fA1PRXwzANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA2OC/Fd7qr+jV/QuoqLPXRl2nJmwMtdm8xvjAeND2VmX4KUgOewumJX7oe3lv
-OOW1t/TgnJFg9AbzQB75kRmpL0dDtZse3PaqHEl5ISjLqklz2QkFTALyTE1sHICn
-FJFE/BKz4efjT0S6jMN0OehM0NRMJGG0QJWMwAq3AjkxhZMCAwEAATANBgkqhkiG
-9w0BAQUFAAOBgQALRyRSfbZjeLyA3YdskEwzw1ynlwkcCU+bbrNaPkaSGseHFVnh
-iFzOauKWqjLswu14i+CQZpMUw5irMzXTfV1RCpy5EFhHepiVZP9MXYIZ+eoPXprL
-Midkym9YitDANvS5YzSl2jZQNknStzohM1s+1l8MmYO3sveLRMRec0GpAg==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
deleted file mode 100644
index c0badf7288617f5d618a62e1ad4a1343697a98ca..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 607
zcmXqLVv06sVm!jc$?)-T`++N8!jBm6vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rc8
z{0u;GE~X|%MutNR_TT<>zJSeT^Za|gwm0>UnA?6&&rWT6+_6ixVL4aXImM&<URKY(
z(R%Eli~vi_zL|oyQC6Lwy!(V)*1mkd=KzOy=?d$}qN-vkspi;{?Gs&Ob>>R`J}R!t
z+jA&U_kPRFCBl9a^}ihQSF@EY+r99L$0v8O9WpZ)@!zhFOWnlzWtp*8&m^W2_0?9l
zw)n8tFa2|oB|f!S?S*U#tJV9Eu!NU)c8mVMWhyc4la_L1xyOI0f}@sf*H3S3R=#}F
zSLVfo6y=MD+><xOO?l$g(QP#I6pyLM?FAtY$LH+rVQl@d+VuO9tpD#5l1@LW@KyXZ
z?XJ$YGnby_Gj?rONZQ*fQmwj{iJ6gs5jli_5y#xv$Y7%%R{UjM&z~<$iCOpOTHLl-
zX13O#)auLBi#|qA7WF%dZ2i@=w_J|vQpWV(Vfo5oFY5Py%?LfWG579L8;L-TlY5Po
zy_rL7Ry6)w|M38C+PPyV(vCfEX%Y^;mu4~dqnLzDLb&InW8Lp&W%`?+J34>iH`Cet
R9GogVhX2<0z0YoW4gkCo^O*nu

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
deleted file mode 100644
index 1ed0141afb..0000000000
--- a/ssl/test/axTLS.x509_2048.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWzCCAcQCCQDxw4fA1PRXxDANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMKgv9v6z3AGRLOf3o092S/ENz33Z2tlguOIuh2Apwp2ziHFvul7m9iF
-xsEcEARcvpkRPVo6ifJLjhJErenvvMAIS3WoO1lyenMaGoNddLeRRB0snRn7xRcl
-DYzCYS3fhJmkE06RL/TCTyY9GXa7odRI8kcWuByZog/be15lsgn0pjNKjJICdCer
-Otq0TAV/pfzRBF9lcyboHWQFOu9UVmDp3LsV/9o1GJbyKiNZd0j/GnDFOQbXy7GD
-I9PJTRzo4GQj0cJHY7JelORKiIsymcoMNRTboFRAx5y9jAGF8Ks196Rq/+9gYsvi
-eE0h+pbdLLbM0uZvAYqzIGK9hRR7Ja0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQA8
-L1Zz9K6M/PQCYWrfnTjbPKY2rTB1OvSV0Uwy5KKPQRS1+oK9dx4K0miX+1ZvI1bo
-f7/1aFXOsW3dpTwYUSjJvTMjSwNUPKiB/q/xwA1mzsbIZsbnhIITU95mOJ3xFhgc
-YFdJ4saL7pppTzfOxZ+h9jWbDwgJJAwx/q+O72uE5w==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
deleted file mode 100644
index 40bbe94fdd8d5fc57dd7463e4e9530b9d661e7c6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 863
zcmXqLVvaUwVmiXa$?)-T`++N8!jBs8vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rbT
z{0u;GE~X|XMutD?TV}>;ow{Ja^XqY}Kx&Zef|Au{+XOz`xm&ZC_3Bzx*40-wFfQg@
zm%j3gNv(kccj0BVI|(i7yZNjX1&Wq@zCAtZ{?bm~_lp<D{G4MuJ?-#`P4nv}&ka5Q
zbUS<Zo0tg-XXB@*?p*(6ujTinE{DA0luKp4zOG3VT+j21JzXI{I;f$4MLEN=(jT`I
z*NH7Y7WKT8t&;Ek#V00H93I4Q6y7~ML#g%p(eK;T|9O?pd>MDeGtww(0oyI-?vNu6
z^TXM09Ex^dDZ;tar^LMBOeK%H7W;SJ#A{)zrj;<gVere_`nzx0!;fCgWef?Q7yaKS
zr4ilXAY(uEyx9LQQ?JVl>HmnoStPqxZLgEm3zNIDcdNGvx){gK$*>jXI`gWlo-;Cf
zm$Cl}S9azz?Pun<HNR_GJ9*!N<cV){?s2X^Xu(qWe?juSS8-}i@zWmueUUbI-h0KJ
z5uy&?PMplqTzX8kN3OlJOD#mbeQ$xIhncb1t}cG1zKt4ZZWbhdKI9N}R&R;C${X3^
zcV$oS$P89hzs_a;ZQh0%ddt7QsW|&+wsq%Sulf5K=Ffe~RdcS{_)z(b@Jk0B^0iNQ
zZ#ZKq6tV1o6i1HW7F+9THl;_VcQu3m$nDr)b~=9odlr+;S=}dgrxklvq!gZ=_T|t-
zR^JVZ57wCKTHbP-vbyTLp+cb52JRU<&8zAUukL4JW@KPQP9eaA%iP$=P_$vKZRN}p
zU%y;??9-n5HOxaTsQ$C=%SBbY^xh`?Z{Oox^0K1x(P9y)jt<@0`)8M3G1}1{SYvp6
zRmKV7oew&fY_?`jH!!b``uxkyKBpy2JhMHPf8rH?@ed*&W^SAl*1&h%>i3$k++BCg
c{uLH|{+cssT4etA3m$>ump}GawD^_-0G~{BVE_OC

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
deleted file mode 100644
index b7aed1caba..0000000000
--- a/ssl/test/axTLS.x509_4096.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDWzCCAsQCCQDxw4fA1PRXxTANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAPwntJldKsrQMAz6410QZVIdoHSrNrYQ8NzdfKMF1a0lBavUsAGjDa5n
-qfQ0fTBAC3HTJtxghCe7DjohEHKk89uXYt+liQ3vo6Nc+Zw9l2bDyLKffpOdVc/l
-tweL7FyQIM1fl2W5r/S9OffFRMJKXiN1HPXrfGYRrwz6B2cgUBtSgI+odwCmdfjb
-Ya4Wo8Za53UGeQ7v0eQ0lEDgXAhx3c2YIoXXxfe2J/5KdZnpXtRJWTJaoAbaQ4tU
-xECfVwbYwltHqRQJuUx0N4DMeQwnKgf3DWHWVqqWdALsAE5utfuOpuHxSoN2AGDz
-ov++GihbiEAcP5XPFv/0ldcfEi/4X9lyHb0mvUIa6DTdHd17thFEM12caD0TCszq
-in8JWVu6M0+oRQcDzIfMn4aD7oKtk76gY5HtbN4Jr8E4BHH/oGPe6l4mQl+W4f3o
-Zp2e7yG5WBVA9sjJbCmlxiWMHod1iiZUJ4e9cEFINjMWuooPIo6xKMzZcGHzwkBa
-zS6kHyTsHcfdHcu4aVMlJ9cKN/aesJgup/XseM3imzuJ3UqfvwCfneUKfM6DM8J3
-mFfSwUBvK8uLsMw5Elim/1oIbBG0PTt7BiLiNd0pU/weuL92y2+QB2oCPM0t5D7L
-IYyoZHHNlvTCkQVNsCHgrDUtOdpGlKt6zzEgUTqwC5i5N3p/w6uPAgMBAAEwDQYJ
-KoZIhvcNAQEEBQADgYEAcrCtPXmZyPX01uNMh2X1VkgmUn/zLemierou7WD/h7xL
-dOl4eeKjFBqIiC19382m1DK4h1F8MceqaMgTueCJpLM7A2cwN3ta8/pGP2yEVhdp
-h10PkdRPF/AU8JmxnFaADsc6+6xWbbrdNv5xcvP1bJKWWW+30EhRF9PxjXiETXc=
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_512.cer b/ssl/test/axTLS.x509_512.cer
deleted file mode 100644
index 48c6e13aa0af5678668c7d4a3245a3304030f01e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 406
zcmXqLVw_~q_=ky;;p5@<16RI;A2Q%&<J4;NX#38~$jHjdU|?csWMII?9LmBateIF5
z;uEY8P?VpQnp~pblAn@Zso<PiRFavNnVeXXs^C~!l96AOSyE{rC(dhN288B@h9)M)
zMp5Ft#>R#QM#fOCfsUb=fe6G@UKCReg$x8h;>^OFhDPRk20&<N5QFR}Mpg!9Zw3Po
zCP#*g)&}t_8J%p~a*Osk<OLq|tPd|;sB8B0pe?_G)J5goUnQ69ls6RoS&((_jblg4
zzYx*v#G_(KJ0?4R^tb)5x0i{Tk%1A}Y@mmk8ygw8T<y9KM14K_+%vyx^*)0-Vb=Of
z^Mp;VUh%%N{nBP3u`f~Uw-)Z%{B_zi<u6}KRZ?ae<R5$`QgP~KtDBA7^o#xt*Tp#V
zm}6L1oi7y--zB+a(l70&CztXn9MJDQdVZoyvbRyt?vfp=#N@B8oOG{$>Zk9;ChBUA
P9b0QY{GW6AgzOst>~fQg

diff --git a/ssl/test/axTLS.x509_512.pem b/ssl/test/axTLS.x509_512.pem
deleted file mode 100644
index 8191e489f3..0000000000
--- a/ssl/test/axTLS.x509_512.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAKRT6LwFr1xedJ
-b4qrvjB+EwV/0p4TNNXUS9S30rMSFvRar7VxvLP1lpYj9PR1JGSZMG/B6hR4yumF
-Rjwel9FPgNcWCW4DXAWqz3UQF7oZtJL6K+XJpQ0gwC+Nxc+RRGNLMlK7dLiqFh/V
-qZLej5Xy93M0JyZBiLV88P+c08gd7A==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
deleted file mode 100644
index 9a75fe960e..0000000000
--- a/ssl/test/axTLS.x509_aes128.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfHMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDo
-g6K2iXFftW+Qk+rrzkMGWrtfY6YSxPstPRrI7akluUEoyWGITXbK6L3QfERrf2eu
-CnWyciQiHVRoHC0EgZUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBT6YhR8x/bBteK
-lr8E0l4mATOnYlsmge+z/SFYs4bDBofqlwQCVJXNSBA4ZsEjgP9qIWTu/85QrVGq
-LrkewSM6Oeh95LGnE+uhJVtIX++O+Hsex3H1UL067dCG99XmDhqbEU9AI6YSZu2p
-cjoSowFELtOoG667+id9QObfV3EQoQ==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
deleted file mode 100644
index 4f3074e011..0000000000
--- a/ssl/test/axTLS.x509_aes256.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfIMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAW
-9PdXa5u4gWi5VB5p/eQmOtteRq9/54JkiEs8cVNrTQgZsjjU1LGedE3JwBqZ1EIW
-HGPjcGg5dVxFjkn7RekCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBmJMt0Crdd/BPn
-EdmzsVXou0zTizTC8wyUPMVpg/KzzP7fhZux/ZIrH9/RVcJd9y+B2/mXc3C+K99+
-TXQoYKsLGArfDPzmpy1wPrdEcB1A9gkWDl1Uq6xRyvrVm3gX8NTITRuGKL9njgWx
-2SrApIBtOOUOinYtfH3745cVVl5HOA==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
deleted file mode 100644
index 79eb9ccd68..0000000000
--- a/ssl/test/axTLS.x509_bad_after.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfKMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTA1MDYwNzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCmPSs9EceViMZD
-ZTXDZpQWJFcXaeInrXWgYWyVgnHBY/eSuqNCxkV/ehv/Wc5pWBGnrX+4cSvQ+TpQ
-FdZegeOjvgipjtJb/0TJCcvgcdHTntEM0h7VXjfbsJXAHwJPFzWIKxV4jeFXnaaw
-W+YHrj9GQ8PnFmapPuh4h/y6LyHAcg==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
deleted file mode 100644
index fe72b541b2..0000000000
--- a/ssl/test/axTLS.x509_bad_before.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfJMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
-MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQApbldYefE8A0ez
-SYvAuCtYxx/2KHwBRD/cR0q7widl9WGjVC/dsnbFo109vHEr3FP1HVYSI0aweiaK
-XZmpUyJ9DprbbWQqaLuDnqIH8X7kfiMuO7/LGQc812iDJI2Akxp9cIlPBFBD8GVx
-+0EphzSodDDlLD8bPqLaWTE+8Ydtjw==
------END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.cer b/ssl/test/axTLS.x509_device.cer
deleted file mode 100644
index c966743c9ca724ecb81928d0f6ad7e62b29eab92..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 401
zcmXqLV(c|&Vl-#sWcYZv{lJwk;l~Vk**LY@JlekVGBUEVG8pI>iW!KoF^95n3G*ga
zg!lw21Qg|Gr6!jc3K<B1#F>RT4UNq841mzkKu(<3zzhh@4Gm39jE$nid5w(?4UCMT
zTmx-GO#^j^X$mN&DY&GTWhSR8IHwksWTs^%CzhldG|oqM3?nN8b7L=qL1QOVV<W>A
zB|csu?fqp62d3^8%Qa9mSYy#4{w;o%qQvxI>(vh>*<B_H1hVnmoqm6d?p9~jehIIu
z3hkWl&RzMZG}&pbclcJJJzTXH?4P|mtG+EI`RW2EkG!w-PS3smW>4W)IqNC%Ho9fI
z%iCXCtE2tbBwl5l92<M$)2Zs!oO4c{R9!iBk2DiABLgF{^MGN+?8qRnJ@DK*r6kRQ
zou!f8d$dn2ktz*-u-<dx)#DCf4@GC2zl%QMx4GT9;@g7M%efZ}Rf5VD`U~Sc_su=`
KLZ@nBTsQzLwv8$P

diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
deleted file mode 100644
index e9cbaaf314..0000000000
--- a/ssl/test/axTLS.x509_device.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBjTCCATcCCQDxw4fA1PRXxjANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
-eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMDYwNjA3MTE0NDMy
-WhcNMzMxMDIzMTE0NDMyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
-ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CIODRIr
-v3YgwJW7Fm0wITCsOIgX9l+aIRiXUzur4RkHRJIQUQYM3ZfftC21QyWPGErVIIcJ
-7s7U/iKTQq1LV7USvAp90D/m7s0ntmRj1aBCSG71f0LnSv1rlA8kzUkU7VuEt0Tt
-+iqrW0+sYdUBk11dyPLKe6sJnMrJJamVvBsCAwEAATANBgkqhkiG9w0BAQUFAANB
-ABC3Uc6uImIpcLl1WYu8K8qkGnVT4K9JkdXHQFbhFZs37lvITrOHQ3j2oGXTbdAx
-JFJ3II9xXkm+nc7oLHqhXlc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
-Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
-3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
-flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
-+UcZ
------END CERTIFICATE-----
diff --git a/ssl/test/deutsche_telecom.x509_ca b/ssl/test/deutsche_telecom.x509_ca
deleted file mode 100644
index 0f4b96a0d5b66ac34b258e34a8943630d55feacc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 670
zcmXqLVwz>p#KgRSnTe5!iBZLXmyJ`a&7<u*FC!xhD}zCyA-4f18*?ZNn=q4$tD%g6
z6o|tmEbNk6T2h>xk*W}qnv<HHpR3^LZYXac3zFp)77Nh@2?wVpD})r47MCbEr{<NU
z78xoVD1sC)3rk^W56aI6DsxmYG>{YLwX`%aH?TA`G&V6Xh!W>D1apmyO)Y`kfpAje
zeB^LpWMyD(>}4=$>||<eWVmp5HqQca7Z?8ZiVnr;VIS-=GX!_tH2>7N?y$<5%!OzF
zERzTg``<m^=-}<=6*`u;6B-?tzQ267p;yA@Q4kOJ{O>9Ao-X*XBQfdA{s)V1MQHyO
zWy#)aHLqswC)*oOrXGIdcj#m4Y98-5?oH8;9tM=&_?EauBId2}0&ltI-~KIoDw&uW
z85kEk890CgUzU$Wj73Dm@KODoQ$kaJe=JbA?W-YN=#+TOfFBt2vcfDJ25gLs|CtzB
z4fsF;{6G#13o!QCki7_udS;;C=E@5EntVbwMZq<0PCjey;-LEFE80^xr_VBLt0)o^
z{eRuHSc9>xWA4OP_pWJj^Vlt(S>nKR=8eFEls^UAc3BFke~M!W*vfs)>;B68FPk|v
z8vb08JMyN$t<~qA>juWD7Hh=jyLr9SJ-zpI>PD-l%e+~<`HcU|RG(;Raeo+<;^qYa
DuXy4z

diff --git a/ssl/test/equifax.x509_ca b/ssl/test/equifax.x509_ca
deleted file mode 100644
index 79b0a3f98764a07fdf6cae1a80eebf704d1f8796..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 646
zcmXqLVrnvIVtl=TnTe5!iIK&CmyJ`a&7<u*FC!xhD}zC>A-4f18*?ZNn=n&ou%V2B
z6o|tmEbLlXnwgeZp%9#!Tw0W>;F*`KXQ*bN0+MAGmPM0Ibt)~+%u6jUR&aLIH8hYD
z=e4vnFf%eVFfjmvC~;mR10*hOENz^R>^DYM2Ij_I27|^<rp88wbNZ5d#J88<o4hhU
zidWp<M2cs|7p0q#SB_-3eb{1pw3S)m*m~Ecih-_<uf-zFjPf4^B&GcP8#rf`%FQox
zo3+}x6fX-|nB?>_<V7vG>GV!Yaq7<?pU|kI{1*OhzjA-*nO>8vdHv|ahSG);D}~qW
z>v(UKw>n<SB8h2(Q1!q5Wz0;>j0}v6(+pA!1lc$f+B_KBemDWcpM{x;f!%-~7^bqq
zjEw(TSPhtglz}`*K$%6tK&(N;tHLNq@OGq_S={}DB4!R*?lnFO4P-$I_*lePuuG#x
zF*DHrrO_*9GYdX@8Rm2L=SrUgyt6)^NzHtwT6QLK`?Zk6vS(+mk-WR5_38uLKS>J9
zTf8GuKR)_7Rnh+ImAVKy_x2FGh=p6X{?K|~_<YadZyP<`9$jCM{WPp<mimkuw<MA0
oC;#Lz3sp8)$a*yO{t^GDHBEbK(z0c?d+R4fo{iFK+GJh{0RBANs{jB1

diff --git a/ssl/test/killopenssl.sh b/ssl/test/killopenssl.sh
deleted file mode 100755
index 17950fbaef..0000000000
--- a/ssl/test/killopenssl.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
deleted file mode 100755
index b7a872b98c..0000000000
--- a/ssl/test/make_certs.sh
+++ /dev/null
@@ -1,162 +0,0 @@
-#!/bin/sh
-
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#
-# Generate the certificates and keys for testing.
-#
-
-PROJECT_NAME="axTLS Project"
-
-# Generate the openssl configuration files.
-cat > ca_cert.conf << EOF  
-[ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Dodgy Certificate Authority
-EOF
-
-cat > certs.conf << EOF  
-[ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME
- CN                     = 127.0.0.1
-EOF
-
-cat > device_cert.conf << EOF  
-[ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Device Certificate
-EOF
-
-# private key generation
-openssl genrsa -out axTLS.ca_key.pem 1024
-openssl genrsa -out axTLS.key_512.pem 512
-openssl genrsa -out axTLS.key_1024.pem 1024
-openssl genrsa -out axTLS.key_2048.pem 2048
-openssl genrsa -out axTLS.key_4096.pem 4096
-openssl genrsa -out axTLS.device_key.pem 1024
-openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
-openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
-
-# convert private keys into DER format
-openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
-openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
-openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
-openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
-openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
-
-# cert requests
-openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
-            -config ./ca_cert.conf 
-openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
-            -config ./device_cert.conf
-openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
-            -new -config ./certs.conf -passin pass:abcd
-openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
-            -new -config ./certs.conf -passin pass:abcd
-
-# generate the actual certs.
-openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
-            -sha1 -days 10000 -signkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
-            -sha1 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
-            -sha1 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
-            -md5 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-            -md5 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
-            -sha1 -CAcreateserial -days 10000 \
-            -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
-openssl x509 -req -in axTLS.x509_aes128.req \
-            -out axTLS.x509_aes128.pem \
-            -sha1 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_aes256.req \
-            -out axTLS.x509_aes256.pem \
-            -sha1 -CAcreateserial -days 10000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-
-# note: must be root to do this
-DATE_NOW=`date`
-if date -s "Jan 1 2025"; then
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
-            -sha1 -CAcreateserial -days 365 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-date -s "$DATE_NOW"
-touch axTLS.x509_bad_before.pem
-fi
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
-            -sha1 -CAcreateserial -days -365 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-
-# some cleanup
-rm axTLS*.req
-rm axTLS.srl
-rm *.conf
-
-# need this for the client tests
-openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
-openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
-openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
-openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
-openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
-openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
-
-# generate pkcs8 files (use RC4-128 for encryption)
-openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
-openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
-openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
-openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
-
-# generate pkcs12 files (use RC4-128 for encryption)
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
-
-# PEM certificate chain
-cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
-
-# set default key/cert for use in the server
-xxd -i axTLS.x509_1024.cer | sed -e \
-        "s/axTLS_x509_1024_cer/default_certificate/" > ../../ssl/cert.h
-xxd -i axTLS.key_1024 | sed -e \
-        "s/axTLS_key_1024/default_private_key/" > ../../ssl/private_key.h
diff --git a/ssl/test/microsoft.x509_ca b/ssl/test/microsoft.x509_ca
deleted file mode 100644
index b90803452b6cd92749d3e34c60420fd20e5b1c4f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1046
zcmXqLVi7WEV*0g!nTe5!iJ##hL${4hhu}rKZ^>`&I~ee?acZ@Bw0-AgWMpAwFeot8
zHqc~a4rSpMR&vfSs4U7%&nQvQNY+#^w6ru=@Xbsv$}i4OD^YOHFDlS8lrxZlC>BMP
z$uCMQ$;{6)R5XwW$ukQ}AmoGc^Gg&QOG`5Hi!w_p4dldmEzJ!K4Gj#;4S*m@oY%;}
z(8$;j${hd~H8Cn72MZ%B19KB2KZ8LNBNtN>BO}8~ro9IXo>_nLlh&9&y&}%w)uNTX
zs_{SmP4!v4{omY03U)Pti)JtCPcX{9=#*0VZcW+AkXxT#&uNqCpWl+U`Dk`klJYfK
zn|u6>lU__avR^lC)~pP*nHQ{d_Va9wP&?@MoXgH)n$AiM%N1`to1GrF@b8|L6PmcD
zsb*n<Zn@9PnOjn<X9dU@a;S*RU-^8Zw!|~r8Ob6E5v-~6WzB=yzb}73h3S~|<^7?q
zn>!o!TfGUH;<xVa@~Yetzx5Jlrg3U0GK5b^$TZ*WEyQjU_CNafk~A)kWtSSm!ryPR
zjuUGvXSwxl-@1mW|2CYhzqVYeD8}a0o(~+0l?*nswVvFpP%hkhpNW}~fpKx;3WLU_
z291k=@hi*7(m2bYae9M5^o4@=nML!I1M5UK`S$%ky|9S>@z+EkjRPZ-kzwi!?gPD_
zr%RZ=-NC4Gqg?QFOoGw;dEBS%SSNP$pR{_W_~}FVWSy-G+)pIE|8xC}wRO}=vyjYx
zD!KM2&#bz~T65R1*LJ=@LDuenLjDq&2mV}eek>TJ;QuPAdi^TN6WZpgy8BWW3U#US
zColdUBJ)%6<TcUHL2L4yjoAM-iT`+-p2HjXZSTjR<9nYUG5Dik$k`z~Ra46Msw~se
zj|~r)w?u#0c=ts3yHwBPK_T0=Flz|?pK$F1M}OUp=|@+a>pZD?vZDNP*#d?OS@s7n
znRPvI6k1`LC7pHK^x+j5mM1G*Sx!V5Tjcr5@Fs2NTGVs-YKXntS((sf1-FH)+9#LJ
IUw&x;05YnPSO5S3

diff --git a/ssl/test/microsoft.x509_ca.pem b/ssl/test/microsoft.x509_ca.pem
deleted file mode 100644
index 478e60b070..0000000000
--- a/ssl/test/microsoft.x509_ca.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
-KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
-BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
-IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
-cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
-MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
-ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
-7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
-RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
-GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
-IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
-PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
-72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
-aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
-MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
-30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
-kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
-Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
-/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
-VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
-BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
------END CERTIFICATE-----
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
deleted file mode 100644
index 74844a5e05..0000000000
--- a/ssl/test/perf_bigint.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This license is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this license; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Some performance testing of bigint.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "ssl.h"
-
-/**************************************************************************
- * BIGINT tests 
- *
- **************************************************************************/
-
-int main(int argc, char *argv[])
-{
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    RSA_CTX *rsa_ctx;
-    BI_CTX *ctx;
-    bigint *bi_data, *bi_res;
-    int diff, res = 1;
-    struct timeval tv_old, tv_new;
-    const char *plaintext;
-    uint8_t compare[MAX_KEY_BYTE_SIZE];
-    int i, max_biggie = 10;    /* really crank performance */
-    int len; 
-    uint8_t *buf;
-
-    /**
-     * 512 bit key
-     */
-    plaintext = /* 64 byte number */
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
-
-    len = get_file("../ssl/test/axTLS.key_512", &buf);
-    asn1_get_private_key(buf, len, &rsa_ctx);
-    ctx = rsa_ctx->bi_ctx;
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    bi_res = RSA_public(rsa_ctx, bi_data);
-    bi_data = bi_res;   /* reuse again */
-
-    gettimeofday(&tv_old, NULL);
-    for (i = 0; i < max_biggie; i++)
-    {
-        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
-        if (i < max_biggie-1)
-        {
-            bi_free(ctx, bi_res);
-        }
-    }
-
-    gettimeofday(&tv_new, NULL);
-    bi_free(ctx, bi_data);
-
-    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
-                (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("512 bit decrypt time: %dms\n", diff/max_biggie);
-    TTY_FLUSH();
-    bi_export(ctx, bi_res, compare, 64);
-    RSA_free(rsa_ctx);
-    free(buf);
-    if (memcmp(plaintext, compare, 64) != 0)
-        goto end;
-
-    /**
-     * 1024 bit key
-     */
-    plaintext = /* 128 byte number */
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
-
-    len = get_file("../ssl/test/axTLS.key_1024", &buf);
-    asn1_get_private_key(buf, len, &rsa_ctx);
-    ctx = rsa_ctx->bi_ctx;
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    bi_res = RSA_public(rsa_ctx, bi_data);
-    bi_data = bi_res;   /* reuse again */
-
-    gettimeofday(&tv_old, NULL);
-    for (i = 0; i < max_biggie; i++)
-    {
-        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
-        if (i < max_biggie-1)
-        {
-            bi_free(ctx, bi_res);
-        }
-    }
-
-    gettimeofday(&tv_new, NULL);
-    bi_free(ctx, bi_data);
-
-    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
-                (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("1024 bit decrypt time: %dms\n", diff/max_biggie);
-    TTY_FLUSH();
-    bi_export(ctx, bi_res, compare, 128);
-    RSA_free(rsa_ctx);
-    free(buf);
-    if (memcmp(plaintext, compare, 128) != 0)
-        goto end;
-
-    /**
-     * 2048 bit key
-     */
-    plaintext = /* 256 byte number */
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
-
-    len = get_file("../ssl/test/axTLS.key_2048", &buf);
-    asn1_get_private_key(buf, len, &rsa_ctx);
-    ctx = rsa_ctx->bi_ctx;
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    bi_res = RSA_public(rsa_ctx, bi_data);
-    bi_data = bi_res;   /* reuse again */
-
-    gettimeofday(&tv_old, NULL);
-    for (i = 0; i < max_biggie; i++)
-    {
-        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
-        if (i < max_biggie-1)
-        {
-            bi_free(ctx, bi_res);
-        }
-    }
-    gettimeofday(&tv_new, NULL);
-    bi_free(ctx, bi_data);
-
-    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
-                (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("2048 bit decrypt time: %dms\n", diff/max_biggie);
-    TTY_FLUSH();
-    bi_export(ctx, bi_res, compare, 256);
-    RSA_free(rsa_ctx);
-    free(buf);
-    if (memcmp(plaintext, compare, 256) != 0)
-        goto end;
-
-    /**
-     * 4096 bit key
-     */
-    plaintext = /* 512 byte number */
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
-        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
-
-    len = get_file("../ssl/test/axTLS.key_4096", &buf);
-    asn1_get_private_key(buf, len, &rsa_ctx);
-    ctx = rsa_ctx->bi_ctx;
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    gettimeofday(&tv_old, NULL);
-    bi_res = RSA_public(rsa_ctx, bi_data);
-    gettimeofday(&tv_new, NULL);
-    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
-                (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("4096 bit encrypt time: %dms\n", diff);
-    TTY_FLUSH();
-    bi_data = bi_res;   /* reuse again */
-
-    gettimeofday(&tv_old, NULL);
-    for (i = 0; i < max_biggie; i++)
-    {
-        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
-        if (i < max_biggie-1)
-        {
-            bi_free(ctx, bi_res);
-        }
-    }
-
-    gettimeofday(&tv_new, NULL);
-    bi_free(ctx, bi_data);
-
-    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
-                (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("4096 bit decrypt time: %dms\n", diff/max_biggie);
-    TTY_FLUSH();
-    bi_export(ctx, bi_res, compare, 512);
-    RSA_free(rsa_ctx);
-    free(buf);
-    if (memcmp(plaintext, compare, 512) != 0)
-        goto end;
-
-    /* done */
-    printf("Bigint performance testing complete\n");
-    res = 0;
-
-end:
-    return res;
-#else
-    return 0;
-#endif
-}
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
deleted file mode 100644
index d841afaa90..0000000000
--- a/ssl/test/ssltest.c
+++ /dev/null
@@ -1,1813 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This license is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This license is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this license; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * The testing of the crypto and ssl stuff goes here. Keeps the individual code
- * modules from being uncluttered with test code.
- *
- * This is test code - I make no apologies for the quality!
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#ifndef WIN32
-#include <pthread.h>
-#endif
-
-#include "ssl.h"
-
-#define DEFAULT_CERT            "../ssl/test/axTLS.x509_512.cer"
-#define DEFAULT_KEY             "../ssl/test/axTLS.key_512"     
-//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
-#define DEFAULT_SVR_OPTION      0
-#define DEFAULT_CLNT_OPTION     0
-//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
-
-static int g_port = 19001;
-
-/**************************************************************************
- * AES tests 
- * 
- * Run through a couple of the RFC3602 tests to verify that AES is correct.
- **************************************************************************/
-#define TEST1_SIZE  16
-#define TEST2_SIZE  32
-
-static int AES_test(BI_CTX *bi_ctx)
-{
-    AES_CTX aes_key;
-    int res = 1;
-    uint8_t key[TEST1_SIZE];
-    uint8_t iv[TEST1_SIZE];
-
-    {
-        /*
-            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
-            Key       : 0x06a9214036b8a15b512e03d534120006
-            IV        : 0x3dafba429d9eb430b422da802c9fac41
-            Plaintext : "Single block msg"
-            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
-
-        */
-        char *in_str =  "Single block msg";
-        uint8_t ct[TEST1_SIZE];
-        uint8_t enc_data[TEST1_SIZE];
-        uint8_t dec_data[TEST1_SIZE];
-
-        bigint *key_bi = bi_str_import(
-                bi_ctx, "06A9214036B8A15B512E03D534120006");
-        bigint *iv_bi = bi_str_import(
-                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
-        bigint *ct_bi = bi_str_import(
-                bi_ctx, "E353779C1079AEB82708942DBE77181A");
-        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
-        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
-        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
-                enc_data, sizeof(enc_data));
-        if (memcmp(enc_data, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: AES ENCRYPT #1 failed\n");
-            goto end;
-        }
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_convert_key(&aes_key);
-        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
-
-        if (memcmp(dec_data, in_str, sizeof(dec_data)))
-        {
-            fprintf(stderr, "Error: AES DECRYPT #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        /*
-            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
-            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
-            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
-            Plaintext : 0x000102030405060708090a0b0c0d0e0f
-                          101112131415161718191a1b1c1d1e1f
-            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
-                          7586602d253cfff91b8266bea6d61ab1
-        */
-        uint8_t in_data[TEST2_SIZE];
-        uint8_t ct[TEST2_SIZE];
-        uint8_t enc_data[TEST2_SIZE];
-        uint8_t dec_data[TEST2_SIZE];
-
-        bigint *in_bi = bi_str_import(bi_ctx,
-            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
-        bigint *key_bi = bi_str_import(
-                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
-        bigint *iv_bi = bi_str_import(
-                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
-        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
-        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
-        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
-        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
-                enc_data, sizeof(enc_data));
-
-        if (memcmp(enc_data, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: ENCRYPT #2 failed\n");
-            goto end;
-        }
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_convert_key(&aes_key);
-        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
-        if (memcmp(dec_data, in_data, sizeof(dec_data)))
-        {
-            fprintf(stderr, "Error: DECRYPT #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All AES tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * RC4 tests 
- *
- * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
- **************************************************************************/
-static const uint8_t keys[7][30]=
-{
-    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-    {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-    {4,0xef,0x01,0x23,0x45},
-    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-    {4,0xef,0x01,0x23,0x45},
-};
-
-static const uint8_t data_len[7]={8,8,8,20,28,10};
-static uint8_t data[7][30]=
-{
-    {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
-    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-        0x00,0x00,0x00,0x00,0xff},
-        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-            0x12,0x34,0x56,0x78,0xff},
-            {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-            {0},
-};
-
-static const uint8_t output[7][30]=
-{
-    {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
-    {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
-    {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
-    {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
-        0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
-        0x36,0xb6,0x78,0x58,0x00},
-        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
-            0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
-            0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
-            0x40,0x01,0x1e,0xcf,0x00},
-            {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
-            {0},
-};
-
-static int RC4_test(BI_CTX *bi_ctx)
-{
-    int i, res = 1;
-    RC4_CTX s;
-
-    for (i = 0; i < 6; i++)
-    {
-        RC4_setup(&s, &keys[i][1], keys[i][0]);
-        RC4_crypt(&s, data[i], data[i], data_len[i]);
-
-        if (memcmp(data[i], output[i], data_len[i]))
-        {
-            fprintf(stderr, "Error: RC4 CRYPT #%d failed\n", i);
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All RC4 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * SHA1 tests 
- *
- * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
- **************************************************************************/
-static int SHA1_test(BI_CTX *bi_ctx)
-{
-    SHA1_CTX ctx;
-    uint8_t ct[SHA1_SIZE];
-    uint8_t digest[SHA1_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str = "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-                "A9993E364706816ABA3E25717850C26C9CD0D89D");
-        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-        SHA1Init(&ctx);
-        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1Final(&ctx, digest);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: SHA1 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
-        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-        SHA1Init(&ctx);
-        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1Final(&ctx, digest);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: SHA1 #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All SHA1 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * MD5 tests 
- *
- * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
- **************************************************************************/
-static int MD5_test(BI_CTX *bi_ctx)
-{
-    MD5_CTX ctx;
-    uint8_t ct[MD5_SIZE];
-    uint8_t digest[MD5_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str =  "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx, 
-                "900150983CD24FB0D6963F7D28E17F72");
-        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-
-        MD5Init(&ctx);
-        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5Final(&ctx, digest);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: MD5 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-        bigint *ct_bi = bi_str_import(
-                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
-        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-
-        MD5Init(&ctx);
-        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5Final(&ctx, digest);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            fprintf(stderr, "Error: MD5 #2 failed\n");
-            goto end;
-        }
-    }
-    res = 0;
-    printf("All MD5 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * HMAC tests 
- *
- * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
- **************************************************************************/
-static int HMAC_test(BI_CTX *bi_ctx)
-{
-    uint8_t key[SHA1_SIZE];
-    uint8_t ct[SHA1_SIZE];
-    uint8_t dgst[SHA1_SIZE];
-    int res = 1;
-    const char *key_str;
-
-    const char *data_str = "Hi There";
-    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
-    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
-    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
-    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
-    if (memcmp(dgst, ct, MD5_SIZE))
-    {
-        printf("HMAC MD5 #1 failed\n");
-        goto end;
-    }
-
-    data_str = "what do ya want for nothing?";
-    key_str = "Jefe";
-    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
-    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
-    if (memcmp(dgst, ct, MD5_SIZE))
-    {
-        printf("HMAC MD5 #2 failed\n");
-        goto end;
-    }
-   
-    data_str = "Hi There";
-    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
-    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
-    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
-    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-    hmac_sha1((const uint8_t *)data_str, 8, 
-            (const uint8_t *)key, SHA1_SIZE, dgst);
-    if (memcmp(dgst, ct, SHA1_SIZE))
-    {
-        printf("HMAC SHA1 #1 failed\n");
-        goto end;
-    }
-
-    data_str = "what do ya want for nothing?";
-    key_str = "Jefe";
-    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
-    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
-    if (memcmp(dgst, ct, SHA1_SIZE))
-    {
-        printf("HMAC SHA1 failed\n");
-        exit(1);
-    }
-
-    res = 0;
-    printf("All HMAC tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * BIGINT tests 
- *
- **************************************************************************/
-static int BIGINT_test(BI_CTX *ctx)
-{
-    int res = 1;
-    bigint *bi_data, *bi_exp, *bi_res;
-    const char *expnt, *plaintext, *mod;
-    uint8_t compare[MAX_KEY_BYTE_SIZE];
-
-    /**
-     * 512 bit key
-     */
-    plaintext = /* 64 byte number */
-        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
-
-    mod = "C30773C8ABE09FCC279EE0E5343370DE"
-          "8B2FFDB6059271E3005A7CEEF0D35E0A"
-          "1F9915D95E63560836CC2EB2C289270D"
-          "BCAE8CAF6F5E907FC2759EE220071E1B";
-
-    expnt = "A1E556CD1738E10DF539E35101334E97"
-          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
-          "F3140F5091CC535CBAA47CEC4159EE1F"
-          "B6A3661AFF1AB758426EAB158452A9B9";
-
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    bi_exp = int_to_bi(ctx, 0x10001);
-    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
-    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
-
-    bi_data = bi_res;   /* resuse again - see if we get the original */
-
-    bi_exp = bi_str_import(ctx, expnt);
-    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
-    bi_free_mod(ctx, 0);
-
-    bi_export(ctx, bi_res, compare, 64);
-    if (memcmp(plaintext, compare, 64) != 0)
-        goto end;
-
-    printf("All BIGINT tests passed\n");
-    res = 0;
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * RSA tests 
- *
- * Use the results from openssl to verify PKCS1 etc 
- **************************************************************************/
-static int RSA_test(void)
-{
-    int res = 1;
-    const char *plaintext = /* 128 byte hex number */
-        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
-        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
-    uint8_t enc_data[128], dec_data[128];
-    RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx;
-    bigint *plaintext_bi;
-    bigint *enc_data_bi, *dec_data_bi;
-    uint8_t enc_data2[128], dec_data2[128];
-    int size;
-    int len; 
-    uint8_t *buf;
-
-    /* extract the private key elements */
-    len = get_file("../ssl/test/axTLS.key_1024", &buf);
-    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
-    {
-        goto end;
-    }
-
-    free(buf);
-    bi_ctx = rsa_ctx->bi_ctx;
-    plaintext_bi = bi_import(bi_ctx, 
-            (const uint8_t *)plaintext, strlen(plaintext));
-
-    /* basic rsa encrypt */
-    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
-    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
-
-    /* basic rsa decrypt */
-    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
-    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
-
-    if (memcmp(dec_data, plaintext, strlen(plaintext)))
-    {
-        fprintf(stderr, "Error: DECRYPT #1 failed\n");
-        goto end;
-    }
-
-    RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
-    size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
-    if (memcmp("abc", dec_data2, 3))
-    {
-        fprintf(stderr, "Error: ENCRYPT/DECRYPT #2 failed\n");
-        goto end;
-    }
-
-    RSA_free(rsa_ctx);
-    res = 0;
-    printf("All RSA tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * Cert Testing
- *
- **************************************************************************/
-static int cert_tests(void)
-{
-    int res = -1, len;
-    X509_CTX *x509_ctx;
-    SSL_CTX *ssl_ctx;
-    uint8_t *buf;
-
-    /* check a bunch of 3rd party certificates */
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #1\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/thawte.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #2\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #3\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/equifax.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #4\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    /* Verisign use MD2 which is not supported */
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/verisign.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
-                                    X509_VFY_ERROR_UNSUPPORTED_DIGEST)
-    {
-        printf("Cert #5\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
-                                    x509_new(buf, &len, &x509_ctx))
-    {
-        printf("Cert #6\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    x509_free(x509_ctx);
-    free(buf);
-    res = 0;        /* all ok */
-    printf("All Certificate tests passed\n");
-
-bad_cert:
-    return res;
-}
-
-/**
- * init a server socket.
- */
-static int server_socket_init(int *port)
-{
-    struct sockaddr_in serv_addr;
-    int server_fd;
-    char yes = 1;
-
-    /* Create socket for incoming connections */
-    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-    {
-        return -1;
-    }
-      
-    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
-go_again:
-    /* Construct local address structure */
-    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
-    serv_addr.sin_family = AF_INET;                /* Internet address family */
-    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-    serv_addr.sin_port = htons(*port);              /* Local port */
-
-    /* Bind to the local address */
-    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
-    {
-        (*port)++;
-        goto go_again;
-    }
-    /* Mark the socket so it will listen for incoming connections */
-    if (listen(server_fd, 3000) < 0)
-    {
-        return -1;
-    }
-
-    return server_fd;
-}
-
-/**
- * init a client socket.
- */
-static int client_socket_init(uint16_t port)
-{
-    struct sockaddr_in address;
-    int client_fd;
-
-    address.sin_family = AF_INET;
-    address.sin_port = htons(port);
-    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
-    client_fd = socket(AF_INET, SOCK_STREAM, 0);
-    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
-    {
-        perror("socket");
-        close(client_fd);
-        client_fd = -1;
-    }
-
-    return client_fd;
-}
-
-/**************************************************************************
- * SSL Server Testing
- *
- **************************************************************************/
-typedef struct
-{
-    /* not used as yet */
-    int dummy;
-} SVR_CTX;
-
-typedef struct
-{
-    const char *testname;
-    const char *openssl_option;
-} client_t;
-
-static void do_client(client_t *clnt)
-{
-    char openssl_buf[2048];
-
-    /* make sure the main thread goes first */
-    sleep(0);
-
-    /* show the session ids in the reconnect test */
-    if (strcmp(clnt->testname, "Session Reuse") == 0)
-    {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
-            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
-            g_port, clnt->openssl_option);
-    }
-    else
-    {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
-#ifdef WIN32
-            "-connect localhost:%d -quiet %s",
-#else
-            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
-#endif
-        g_port, clnt->openssl_option);
-    }
-
-    system(openssl_buf);
-}
-
-static int SSL_server_test(
-        SVR_CTX *svr_test_ctx,
-        const char *testname, 
-        const char *openssl_option, 
-        const char *device_cert, 
-        const char *product_cert, 
-        const char *private_key,
-        const char *ca_cert,
-        const char *password,
-        int axolotls_option)
-{
-    int server_fd, ret = 0;
-    SSL_CTX *ssl_ctx = NULL;
-    struct sockaddr_in client_addr;
-    uint8_t *read_buf;
-    int clnt_len = sizeof(client_addr);
-    client_t client_data;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-    g_port++;
-
-    client_data.testname = testname;
-    client_data.openssl_option = openssl_option;
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    if (private_key)
-    {
-        axolotls_option |= SSL_NO_DEFAULT_KEY;
-    }
-
-    if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    if (private_key)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-
-        if (strstr(private_key, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto error;
-        }
-    }
-
-    if (device_cert)             /* test chaining */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-    if (product_cert)             /* test chaining */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-    if (ca_cert)                  /* test adding certificate authorities */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_client, (void *)&client_data);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
-            (LPVOID)&client_data, 0, NULL);
-#endif
-
-    for (;;)
-    {
-        int client_fd, size = 0; 
-        SSL *ssl;
-
-        /* Wait for a client to connect */
-        if ((client_fd = accept(server_fd, 
-                        (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-        {
-            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-            goto error;
-        }
-        
-        /* we are ready to go */
-        ssl = ssl_server_new(ssl_ctx, client_fd);
-        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
-        close(client_fd);
-        
-        if (size < SSL_OK) /* got some alert or something nasty */
-        {
-            ret = size;
-
-            if (ret == SSL_ERROR_CONN_LOST)
-            {
-                ret = SSL_OK;
-                continue;
-            }
-
-            break;  /* we've got a problem */
-        }
-        else /* looks more promising */
-        {
-            if (strstr("hello client", read_buf) == NULL)
-            {
-                printf("SSL server test \"%s\" passed\n", testname);
-                TTY_FLUSH();
-                ret = 0;
-                break;
-            }
-        }
-
-        ssl_free(ssl);
-    }
-
-    close(server_fd);
-
-error:
-    ssl_ctx_free(ssl_ctx);
-    return ret;
-}
-
-int SSL_server_tests(void)
-{
-    int ret = -1;
-    struct stat stat_buf;
-    SVR_CTX svr_test_ctx;
-    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
-
-    printf("### starting server tests\n");
-
-    /* Go through the algorithms */
-
-    /* 
-     * TLS1 client hello 
-     */
-    if ((ret = SSL_server_test(NULL, "TLSv1", "-cipher RC4-SHA -tls1", 
-                    NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES128-SHA
-     */
-    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES256-SHA
-     */
-    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * RC4-SHA
-     */
-    if ((ret = SSL_server_test(NULL, "RC4-SHA", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * RC4-MD5
-     */
-    if ((ret = SSL_server_test(NULL, "RC4-MD5", "-cipher RC4-MD5", 
-                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * Session Reuse
-     * all the session id's should match for session resumption.
-     */
-    if ((ret = SSL_server_test(NULL, "Session Reuse", 
-                    "-cipher RC4-SHA -reconnect", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 512 bit RSA key 
-     */
-    if ((ret = SSL_server_test(NULL, "512 bit key", "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_512.cer", NULL, 
-                    "../ssl/test/axTLS.key_512",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 1024 bit RSA key (check certificate chaining)
-     */
-    if ((ret = SSL_server_test(NULL, "1024 bit key", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_device.cer", 
-                    "../ssl/test/axTLS.x509_512.cer", 
-                    "../ssl/test/axTLS.device_key",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 2048 bit RSA key 
-     */
-    if ((ret = SSL_server_test(NULL, "2048 bit key", 
-                    "-cipher RC4-SHA",
-                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
-                    "../ssl/test/axTLS.key_2048",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 4096 bit RSA key 
-     */
-    if ((ret = SSL_server_test(NULL, "4096 bit key", 
-                    "-cipher RC4-SHA",
-                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
-                    "../ssl/test/axTLS.key_4096",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Client Verification
-     */
-    if ((ret = SSL_server_test(NULL, "Client Verification", 
-                    "-cipher RC4-SHA -tls1 "
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem ",
-                    NULL, NULL, NULL, 
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
-        goto cleanup;
-
-    /* this test should fail */
-    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
-    {
-        if ((ret = SSL_server_test(NULL, "Bad Before Cert", 
-                    "-cipher RC4-SHA -tls1 "
-                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
-                    "-key ../ssl/test/axTLS.key_512.pem ",
-                    NULL, NULL, NULL, 
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
-            goto cleanup;
-
-        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
-        TTY_FLUSH();
-        ret = 0;    /* is ok */
-    }
-
-    /* this test should fail */
-    if ((ret = SSL_server_test(NULL, "Bad After Cert", 
-                    "-cipher RC4-SHA -tls1 "
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_512.pem ",
-                    NULL, NULL, NULL, 
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
-    TTY_FLUSH();
-
-    /* 
-     * Key in PEM format
-     */
-    if ((ret = SSL_server_test(NULL, "Key in PEM format",
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_512.cer", NULL, 
-                    "../ssl/test/axTLS.key_512.pem", NULL,
-                    NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Cert in PEM format
-     */
-    if ((ret = SSL_server_test(NULL, "Cert in PEM format", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_512.pem", NULL, 
-                    "../ssl/test/axTLS.key_512.pem", NULL,
-                    NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Cert chain in PEM format
-     */
-    if ((ret = SSL_server_test(NULL, "Cert chain in PEM format", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_device.pem", 
-                    NULL, "../ssl/test/axTLS.device_key.pem",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES128 Encrypted key 
-     */
-    if ((ret = SSL_server_test(NULL, "AES128 encrypted key", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes128.pem",
-                    NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES256 Encrypted key 
-     */
-    if ((ret = SSL_server_test(NULL, "AES256 encrypted key", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes256.pem",
-                    NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES128 Encrypted invalid key 
-     */
-    if ((ret = SSL_server_test(NULL, "AES128 encrypted invalid key", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes128.pem",
-                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
-    TTY_FLUSH();
-
-    /*
-     * PKCS#8 key (encrypted)
-     */
-    if ((ret = SSL_server_test(NULL, "pkcs#8 encrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * PKCS#8 key (unencrypted)
-     */
-    if ((ret = SSL_server_test(NULL, "pkcs#8 unencrypted", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
-                NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * PKCS#12 key/certificate
-     */
-    if ((ret = SSL_server_test(NULL, "pkcs#12 with CA", "-cipher RC4-SHA", 
-                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    if ((ret = SSL_server_test(NULL, "pkcs#12 no CA", "-cipher RC4-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    ret = 0;
-
-cleanup:
-    if (ret)
-        fprintf(stderr, "Error: A server test failed\n");
-    return ret;
-}
-
-/**************************************************************************
- * SSL Client Testing
- *
- **************************************************************************/
-typedef struct
-{
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-#ifndef WIN32
-    pthread_t server_thread;
-#endif
-    int start_server;
-    int stop_server;
-    int do_reneg;
-} CLNT_SESSION_RESUME_CTX;
-
-typedef struct
-{
-    const char *testname;
-    const char *openssl_option;
-} server_t;
-
-static void do_server(server_t *svr)
-{
-    char openssl_buf[2048];
-#ifndef WIN32
-    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-#endif
-    sprintf(openssl_buf, "openssl s_server -tls1 " 
-            "-accept %d -quiet %s ", g_port, svr->openssl_option);
-    system(openssl_buf);
-}
-
-static int SSL_client_test(
-        const char *test,
-        SSL_CTX **ssl_ctx,
-        const char *openssl_option, 
-        CLNT_SESSION_RESUME_CTX *sess_resume,
-        uint32_t client_options,
-        const char *private_key,
-        const char *password,
-        const char *cert)
-{
-    server_t server_data;
-    SSL *ssl = NULL;
-    int client_fd = -1;
-    uint8_t *session_id = NULL;
-    int ret = 1;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-
-    if (sess_resume == NULL || sess_resume->start_server)
-    {
-        g_port++;
-        server_data.openssl_option = openssl_option;
-
-#ifndef WIN32
-        pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_server, (void *)&server_data);
-        pthread_detach(thread);
-#else
-        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
-            (LPVOID)&server_data, 0, NULL);
-#endif
-    }
-    
-    usleep(200000);           /* allow server to start */
-
-    if (*ssl_ctx == NULL)
-    {
-        if (private_key)
-        {
-            client_options |= SSL_NO_DEFAULT_KEY;
-        }
-
-        if ((*ssl_ctx = ssl_ctx_new(
-                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto client_test_exit;
-        }
-
-        if (private_key)
-        {
-            int obj_type = SSL_OBJ_RSA_KEY;
-
-            if (strstr(private_key, ".p8"))
-                obj_type = SSL_OBJ_PKCS8;
-            else if (strstr(private_key, ".p12"))
-                obj_type = SSL_OBJ_PKCS12;
-
-            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
-            {
-                ret = SSL_ERROR_INVALID_KEY;
-                goto client_test_exit;
-            }
-        }
-
-        if (cert)                  
-        {
-            if ((ret = ssl_obj_load(*ssl_ctx, 
-                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
-            {
-                printf("could not add cert %s (%d)\n", cert, ret);
-                TTY_FLUSH();
-                goto client_test_exit;
-            }
-        }
-    }
-    
-    if (sess_resume && !sess_resume->start_server) 
-    {
-        session_id = sess_resume->session_id;
-    }
-
-    if ((client_fd = client_socket_init(g_port)) < 0)
-    {
-        printf("could not start socket on %d\n", g_port);
-        TTY_FLUSH();
-        goto client_test_exit;
-    }
-
-    if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-    {
-        printf("could not add cert auth\n");
-        TTY_FLUSH();
-        goto client_test_exit;
-    }
-
-    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id);
-
-    /* check the return status */
-    if ((ret = ssl_handshake_status(ssl)))
-        goto client_test_exit;
-
-    /* renegotiate client */
-    if (sess_resume && sess_resume->do_reneg) 
-    {
-        if (ssl_renegotiate(ssl) < 0)
-            goto client_test_exit;
-    }
-
-    if (sess_resume)
-    {
-        memcpy(sess_resume->session_id, 
-                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
-    }
-
-    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
-                                            (ret = ssl_verify_cert(ssl)))
-    {
-        goto client_test_exit;
-    }
-
-    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
-    if (sess_resume)
-    {
-        const uint8_t *sess_id = ssl_get_session_id(ssl);
-        int i;
-
-        printf("    Session-ID: ");
-        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
-        {
-            printf("%02X", sess_id[i]);
-        }
-        printf("\n");
-        TTY_FLUSH();
-    }
-
-    ret = 0;
-
-client_test_exit:
-    ssl_free(ssl);
-    close(client_fd);
-    usleep(200000);           /* allow openssl to say something */
-
-    if (sess_resume)
-    {
-        if (sess_resume->stop_server)
-        {
-            ssl_ctx_free(*ssl_ctx);
-            *ssl_ctx = NULL;
-#ifndef WIN32
-            pthread_cancel(sess_resume->server_thread);
-#endif
-        }
-        else if (sess_resume->start_server)
-        {
-#ifndef WIN32
-           sess_resume->server_thread = thread;
-#endif
-        }
-    }
-    else
-    {
-        ssl_ctx_free(*ssl_ctx);
-        *ssl_ctx = NULL;
-#ifndef WIN32
-        pthread_cancel(thread);
-#endif
-    }
-
-    if (ret == 0)
-    {
-        printf("SSL client test \"%s\" passed\n", test);
-        TTY_FLUSH();
-    }
-
-    return ret;
-}
-
-int SSL_client_tests(void)
-{
-    int ret =  -1;
-    SSL_CTX *ssl_ctx = NULL;
-    CLNT_SESSION_RESUME_CTX sess_resume;
-    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
-
-    sess_resume.start_server = 1;
-    printf("### starting client tests\n");
-   
-    if ((ret = SSL_client_test("512 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_512.pem "
-                    "-key ../ssl/test/axTLS.key_512.pem", &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    /* all the session id's should match for session resumption */
-    sess_resume.start_server = 0;
-    if ((ret = SSL_client_test("Client session resumption #1", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    sess_resume.do_reneg = 1;
-    if ((ret = SSL_client_test("Client renegotiation", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-    sess_resume.do_reneg = 0;
-
-    sess_resume.stop_server = 1;
-    if ((ret = SSL_client_test("Client session resumption #2", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("1024 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("2048 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("4096 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_4096.pem "
-                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("Server cert chaining", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_device.pem "
-                    "-key ../ssl/test/axTLS.device_key.pem "
-                    "-CAfile ../ssl/test/axTLS.x509_512.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    /* Check the server can verify the client */
-    if ((ret = SSL_client_test("Client peer authentication",
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem "
-                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
-                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.key_1024", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")))
-        goto cleanup;
-
-    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
-     * the certificate verification fails) */
-    if ((ret = SSL_client_test("Expired cert (verify now) should fail!",
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
-                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-    {
-        printf("*** Error: %d\n", ret);
-        goto cleanup;
-    }
-
-    printf("SSL client test \"Expired cert (verify now)\" passed\n");
-    ret = 0;
-
-    /* There is no "ERROR" from openssl */
-    if ((ret = SSL_client_test("Expired cert (verify later) should fail!", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
-                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
-                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-    {
-        printf("*** Error: %d\n", ret);
-        goto cleanup;
-    }
-
-    printf("SSL client test \"Expired cert (verify later)\" passed\n");
-
-    ret = 0;
-
-cleanup:
-    if (ret)
-        fprintf(stderr, "Error: A client test failed\n");
-
-    return ret;
-}
-
-/**************************************************************************
- * SSL Basic Testing (test a big packet handshake)
- *
- **************************************************************************/
-static uint8_t basic_buf[256*1024];
-
-static void do_basic(void)
-{
-    int client_fd;
-    SSL *ssl_clnt;
-    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
-                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-    usleep(200000);           /* allow server to start */
-
-    if ((client_fd = client_socket_init(g_port)) < 0)
-        goto error;
-
-    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-        goto error;
-
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL);
-
-    /* check the return status */
-    if (ssl_handshake_status(ssl_clnt))
-    {
-        printf("Client ");
-        ssl_display_error(ssl_handshake_status(ssl_clnt));
-        goto error;
-    }
-
-    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
-    ssl_free(ssl_clnt);
-
-error:
-    ssl_ctx_free(ssl_clnt_ctx);
-    close(client_fd);
-
-    /* exit this thread */
-}
-
-static int SSL_basic_test(void)
-{
-    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
-    SSL_CTX *ssl_svr_ctx = NULL;
-    struct sockaddr_in client_addr;
-    uint8_t *read_buf;
-    int clnt_len = sizeof(client_addr);
-    SSL *ssl_svr;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
-    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
-
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_basic, NULL);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
-#endif
-
-    /* Wait for a client to connect */
-    if ((client_fd = accept(server_fd, 
-                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-    {
-        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-        goto error;
-    }
-    
-    /* we are ready to go */
-    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
-    
-    do
-    {
-        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
-
-        if (size < SSL_OK) /* got some alert or something nasty */
-        {
-            printf("Server ");
-            ssl_display_error(size);
-            ret = size;
-            break;
-        }
-        else /* looks more promising */
-        {
-            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
-            {
-                ret = SSL_NOT_OK;
-                break;
-            }
-        }
-
-        offset += size;
-    } while (offset < sizeof(basic_buf));
-
-    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
-                            "SSL basic test passed\n" :
-                            "SSL basic test failed\n");
-    TTY_FLUSH();
-
-    ssl_free(ssl_svr);
-    close(server_fd);
-    close(client_fd);
-
-error:
-    ssl_ctx_free(ssl_svr_ctx);
-    return ret;
-}
-
-#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
-/**************************************************************************
- * Multi-Threading Tests
- *
- **************************************************************************/
-#define NUM_THREADS         200
-
-typedef struct
-{
-    SSL_CTX *ssl_clnt_ctx;
-    int port;
-    int thread_id;
-} multi_t;
-
-void do_multi_clnt(multi_t *multi_data)
-{
-    int res = 1, client_fd, i;
-    SSL *ssl = NULL;
-    char tmp[5];
-
-    if ((client_fd = client_socket_init(multi_data->port)) < 0)
-        goto client_test_exit;
-
-    sleep(1);
-    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL);
-
-    if ((res = ssl_handshake_status(ssl)))
-    {
-        printf("Client ");
-        ssl_display_error(res);
-        goto client_test_exit;
-    }
-
-    sprintf(tmp, "%d\n", multi_data->thread_id);
-    for (i = 0; i < 10; i++)
-        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
-
-client_test_exit:
-    ssl_free(ssl);
-    close(client_fd);
-    free(multi_data);
-}
-
-void do_multi_svr(SSL *ssl)
-{
-    uint8_t *read_buf;
-    int *res_ptr = malloc(sizeof(int));
-    int res;
-
-    for (;;)
-    {
-        res = ssl_read(ssl, &read_buf);
-
-        /* kill the client */
-        if (res != SSL_OK)
-        {
-            if (res == SSL_ERROR_CONN_LOST)
-            {
-                close(ssl->client_fd);
-                ssl_free(ssl);
-                break;
-            }
-            else if (res > 0)
-            {
-                /* do nothing */
-            }
-            else /* some problem */
-            {
-                printf("Server ");
-                ssl_display_error(res);
-                goto error;
-            }
-        }
-    }
-
-    res = SSL_OK;
-error:
-    *res_ptr = res;
-    pthread_exit(res_ptr);
-}
-
-int multi_thread_test(void)
-{
-    int server_fd;
-    SSL_CTX *ssl_server_ctx;
-    SSL_CTX *ssl_clnt_ctx;
-    pthread_t clnt_threads[NUM_THREADS];
-    pthread_t svr_threads[NUM_THREADS];
-    int i, res = 0;
-    struct sockaddr_in client_addr;
-    int clnt_len = sizeof(client_addr);
-
-    printf("Do multi-threading test (takes a minute)\n");
-
-    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
-    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-
-    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-        goto error;
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    for (i = 0; i < NUM_THREADS; i++)
-    {
-        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
-        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
-        multi_data->port = g_port;
-        multi_data->thread_id = i+1;
-        pthread_create(&clnt_threads[i], NULL, 
-                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
-        pthread_detach(clnt_threads[i]);
-    }
-
-    for (i = 0; i < NUM_THREADS; i++)
-    {
-        SSL *ssl_svr;
-        int client_fd = accept(server_fd, 
-                      (struct sockaddr *)&client_addr, &clnt_len);
-
-        if (client_fd < 0)
-            goto error;
-
-        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
-
-        pthread_create(&svr_threads[i], NULL, 
-                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
-    }
-
-    /* make sure we've run all of the threads */
-    for (i = 0; i < NUM_THREADS; i++)
-    {
-        void *thread_res;
-        pthread_join(svr_threads[i], &thread_res);
-        if (*((int *)thread_res) != 0)
-            res = 1;
-        free(thread_res);
-    }
-
-    if (res) 
-        goto error;
-
-    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
-error:
-    ssl_ctx_free(ssl_server_ctx);
-    ssl_ctx_free(ssl_clnt_ctx);
-    close(server_fd);
-    return res;
-}
-#endif
-
-/**************************************************************************
- * main()
- *
- **************************************************************************/
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    BI_CTX *bi_ctx;
-    int fd;
-
-#ifdef WIN32
-    WSADATA wsaData;
-    WORD wVersionRequested = MAKEWORD(2, 2);
-    WSAStartup(wVersionRequested, &wsaData);
-    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
-    dup2(fd, 2);                        /* write stderr to this file */
-#else
-    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
-    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
-    dup2(fd, 2);
-#endif
-
-    bi_ctx = bi_initialize();
-
-    if (AES_test(bi_ctx))
-    {
-        printf("AES tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (RC4_test(bi_ctx))
-    {
-        printf("RC4 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (MD5_test(bi_ctx))
-    {
-        printf("MD5 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (SHA1_test(bi_ctx))
-    {
-        printf("SHA1 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (HMAC_test(bi_ctx))
-    {
-        printf("HMAC tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (BIGINT_test(bi_ctx))
-    {
-        printf("BigInt tests failed!\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    bi_terminate(bi_ctx);
-
-    if (RSA_test())
-    {
-        printf("RSA tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (cert_tests())
-    {
-        printf("CERT tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
-    if (multi_thread_test())
-        goto cleanup;
-#endif
-
-    if (SSL_basic_test())
-        goto cleanup;
-
-    system("sh ../ssl/test/killopenssl.sh");
-
-    if (SSL_client_tests())
-        goto cleanup;
-
-    system("sh ../ssl/test/killopenssl.sh");
-
-    if (SSL_server_tests())
-        goto cleanup;
-
-    system("sh ../ssl/test/killopenssl.sh");
-
-#if 0
-    if (multi_thread_test())
-        goto cleanup;
-
-#endif
-
-    ret = 0;        /* all ok */
-cleanup:
-
-    if (ret)
-    {
-        fprintf(stderr, "Error: Some tests failed!\n");
-    }
-
-    close(fd);
-    return ret;
-}
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
deleted file mode 100755
index 072ffd0cb6..0000000000
--- a/ssl/test/test_axssl.sh
+++ /dev/null
@@ -1,136 +0,0 @@
-#!/bin/sh
-
-#
-#  Copyright(C) 2006 Cameron Rich
-#
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
-#
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#
-
-#
-# Test the various axssl bindings. To run it, got to the _install directory
-# and run this script from there.
-#
-
-if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
-    JAVA_BIN="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin"
-    PERL_BIN="/cygdrive/c/Perl/bin/perl"
-    KILL_AXSSL="kill %1"
-    KILL_CSHARP="kill %1"
-    KILL_PERL="kill %1"
-    KILL_JAVA="kill %1"
-else
-    if grep "CONFIG_PLATFORM_CYGWIN=y" "../config/.config"  > /dev/null; then
-        # no .net or java on cygwin
-        PERL_BIN=/usr/bin/perl
-        KILL_AXSSL="killall axssl"
-        KILL_PERL="killall /usr/bin/perl"
-    else     # Linux
-        JAVA_BIN=/usr/lib/java/bin
-        PERL_BIN=/usr/bin/perl
-        KILL_AXSSL="killall axssl"
-        KILL_CSHARP="killall mono"
-        KILL_PERL="killall /usr/bin/perl"
-        RUN_CSHARP="mono"
-        KILL_JAVA="killall $JAVA_BIN/java"
-    fi
-fi
-
-BASE=..
-SERVER_ARGS="s_server -accept 15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer"
-CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer -key $BASE/ssl/test/axTLS.key_1024 -cert $BASE/ssl/test/axTLS.x509_1024.cer"
-
-# check pem arguments
-SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key $BASE/ssl/test/axTLS.key_aes128.pem -cert $BASE/ssl/test/axTLS.x509_aes128.pem"
-CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile $BASE/ssl/test/axTLS.ca_x509.pem -key $BASE/ssl/test/axTLS.key_1024.pem -cert $BASE/ssl/test/axTLS.x509_1024.pem"
-
-export LD_LIBRARY_PATH=.:`perl -e 'use Config; print $Config{archlib};'`/CORE
-
-if [ -x ./axssl ]; then
-echo "############################# C SAMPLE ###########################"
-./axssl $SERVER_ARGS &
-echo "C Test passed" | ./axssl $CLIENT_ARGS
-$KILL_AXSSL
-sleep 1
-
-./axssl $SERVER_PEM_ARGS &
-echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS
-$KILL_AXSSL
-sleep 2
-echo "### C tests complete"
-fi
-
-if [ -f ./axtls.jar ]; then
-echo "########################## JAVA SAMPLE ###########################"
-"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_ARGS &
-echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_ARGS
-$KILL_JAVA
-sleep 1
-
-"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_PEM_ARGS &
-echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
-$KILL_JAVA
-sleep 1
-
-echo "### Java tests complete"
-fi
-
-if [ -x ./axssl.csharp.exe ]; then
-echo "############################ C# SAMPLE ###########################"
-$RUN_CSHARP ./axssl.csharp.exe $SERVER_ARGS &
-echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_ARGS
-sleep 1
-$KILL_CSHARP
-sleep 1
-
-$RUN_CSHARP ./axssl.csharp.exe $SERVER_PEM_ARGS &
-echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS
-sleep 1
-$KILL_CSHARP
-sleep 1
-
-echo "### C# tests complete"
-fi
-
-if [ -x ./axssl.vbnet.exe ]; then
-echo "######################## VB.NET SAMPLE ###########################"
-./axssl.vbnet $SERVER_ARGS &
-sleep 1
-echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS
-kill %1
-sleep 1
-
-./axssl.vbnet $SERVER_PEM_ARGS &
-sleep 1
-echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS
-kill %1
-sleep 1
-echo "### VB.NET tests complete"
-fi
-
-if [ -f ./axssl.pl ]; then
-echo "########################## PERL SAMPLE ###########################"
-"$PERL_BIN" ./axssl.pl $SERVER_ARGS &
-echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_ARGS
-$KILL_PERL
-sleep 1
-
-"$PERL_BIN" ./axssl.pl $SERVER_PEM_ARGS &
-echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_PEM_ARGS
-$KILL_PERL
-sleep 1
-echo "### Perl tests complete"
-fi
-
-echo "########################## ALL TESTS COMPLETE ###########################"
diff --git a/ssl/test/thawte.x509_ca b/ssl/test/thawte.x509_ca
deleted file mode 100644
index 59b1059f84086fa580dc1001303c4db4e070e572..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 811
zcmXqLVpcb3Vw$jknTe5!iILHOmyJ`a&7<u*FC!xhD}zDfIYVv(PB!LH7B*p~C`Ut4
z17Q${LzpK#wYVg;C{MvTu^`n@$Up!j%r49c;wpsXm**ME8c2i0xP(PQG7`&6QWc!@
z^NLGzN;31(6_S$;H4M~1(%i!G&Z$KunQ58Hi6xo&c?!X)MP-@Esl^H|nPr*9KoLVl
z19^~2W?>1aK><anxtXQ8V5O-=3eJvT!(i^_WE7JufT++d1{#)H<WK^3fL?Nbu7R95
zuceuRg@K^~7(|Kl8W|WG83U22rKx4q@bhrveB?M~WMyD(>;=YaCsSi1!zDAbtnTZF
zqUYUebWG~Ec<0FydhNn{8R@BF?(Zc$Os#^xXlJqYTkF3Hd%V7_cb@q7d0SFTnS9@$
z=3Jy0cw_d3^b5OqC$WhXUzvP*x)#Hn7(bppzeI!nd~(UVCFqsMF<)Qz@y}IOZN=N%
zf+J3JvhHmb+)-@5ioN%XlkanfxiaQV%!~|-i-ipY4fugEEGx{&_@9N<fEh?3yBU}c
znSqW~^Ux7H6!GhYSP9RnRq-MApRS**NQjHeGf!43H>=wue#B(wSB};{CmAjN`|kTB
z=H&c*ca+=jgU1BrKYDG@a65VUh*RyJU#lbYu5J(P5PZC(RWiHDX9<tc+Lue#*?&Cj
nnL4ZI=m|U3?Nes%o@7+W{-G`IZGieR-et-^cb{IyF5(0LRxS$7

diff --git a/ssl/test/verisign.x509_ca b/ssl/test/verisign.x509_ca
deleted file mode 100644
index d2ea1289d6f43b837eb685446af97d942a8d98e6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 668
zcmXqLVwz#l#Kg!Xps-^4y4y`m_YRsZ@Kf8{UTnb2#;Mij(e|B}k&%g&!Jx6nklTQh
zjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG%(NuNpK6RyX6-tgrpXiC<K%i
z733GE7AyGY<y7h^DEQ?oBo-H!7A58-rxxoO8W|XXbTA8R!i-V~DauUDQ3y^=E-gw0
zQblE{P@{tK^Gg(*9S!8fc@0brj0`Ldz#vMT*9gS5Fful^G_{NxY|d?*j~t$itPISJ
zy}&T-WNK_=n6LQ#sP&|<nex+F<}a8eu(B;OAjhBaM8*Mzu!XBQJ%2l2*m~(8pF%<L
ze5Fs73XhG>`CKd5-@#z5p&(TMr~SNx>{S1)iXw~p883_fotvm7>@WOHLUXNt;H*b_
z|IQe^xO{Hv`^QNljGg@tW>o80?|dhoUHjsH8z1xKWBTV_tO(!D#LURRi0nLIbTb3p
zWwp-Y-R7SHR;@y@?^|{x`0o6ab&@xk`Ta5fEloQwoG`H15dW%Sy}DTBd%Xlc@q%Y{
zucp0BS^d~*a<WyyjF~y}`}t=7nbx)GkJQtNbvM@D_`K2g<0bZ^Y3`429?vv;=phz3
lXGM?UMztI5<<-fYw^|!5);_qj<Mwqi%VXK?eIF|x0RUHq@TmX*

diff --git a/ssl/test/verisign.x509_ca.pem b/ssl/test/verisign.x509_ca.pem
deleted file mode 100644
index d5ef5d241b..0000000000
--- a/ssl/test/verisign.x509_ca.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICmDCCAgECECCol67bggLewTagTia9h3MwDQYJKoZIhvcNAQECBQAwgYwxCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9y
-IFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylW
-ZXJpU2lnbiBUcmlhbCBTZWN1cmUgU2VydmVyIFRlc3QgUm9vdCBDQTAeFw0wNTAy
-MDkwMDAwMDBaFw0yNTAyMDgyMzU5NTlaMIGMMQswCQYDVQQGEwJVUzEXMBUGA1UE
-ChMOVmVyaVNpZ24sIEluYy4xMDAuBgNVBAsTJ0ZvciBUZXN0IFB1cnBvc2VzIE9u
-bHkuICBObyBhc3N1cmFuY2VzLjEyMDAGA1UEAxMpVmVyaVNpZ24gVHJpYWwgU2Vj
-dXJlIFNlcnZlciBUZXN0IFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
-AoGBAJ8h98U7klaZH5cEn6CSEKmGWVBsTwHIaMAAVqGqCUn7Q9C10sEOIHBznyLy
-eSDjMs5M1nC/iAA7KCASf/yHz0AdlU+1IRSijwHTF/2dYSoTTxP2GCmtL1Ga4i7+
-zDDo086V7+NiFAGJj+CYey47ue4Xa33o/4YOA9PGL87oqFe7AgMBAAEwDQYJKoZI
-hvcNAQECBQADgYEAOq447rP5EDqFEl3vhLhgTbnyaskNYwPvxk+0grnQyDA4sF/q
-gK8nFlnvLmAOF3DmfuqW6WSr4zqTYzpwmJlsn48Om/yWirL8GuWRftit2POxTfHS
-B8VmR+PZx2k24UgWUZyojDGxJtiHd3tjCdqFgTit4NK429cWOcZrh47xeOI=
------END CERTIFICATE-----
diff --git a/ssl/test/verisign.x509_my_cert b/ssl/test/verisign.x509_my_cert
deleted file mode 100644
index 426c9ff7f1c0af7c2376af6a0868cc1429f06347..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1095
zcmXqLVsSQTVqUX=nTe5!Nx=PkIJd$6<5O-ul|KDSsAZ7>FB_*;n@8JsUPeY%RtAH{
z9z$*ePB!LH7B*p~&|pJx15pr%OPDV#wJ0+<Gd)j7!80#e&(Od?4<x}YtnQXyq!5x?
zT%r(AT2zo<oLa2lpO;gqr=Z}MuaH<=Tw0Wvmz-LxXJ}+#0MfxMtO+wpA*3iXF-IXd
zHMz7X6-X78r9zDg%Fi!RaCS716X!KBGcYtXGXR4q2-n!a$k^1<)H2GTaVL^<9YYOy
z47fmca0oL8=A;-38t{X7>>?aaMVZA(iFv7pk_O@+AubVt#ESf!{1BgDg@B^`tkmQZ
zLs0`^kQBEFkD-B)i9%9li9&X2rJ<F91w_~|B(*5FSRp@6p|m(vA+bcEyu4fw=;F*`
zV5sON=jZAt7ZmH407D`<Q9&bF)4<eF+CUPdmsvyzq!w&rNlr0PtzKS{LF0Vnz-MG-
zU~cRMMnET1V<W@1JCC30y{dWUu};3Q`PhSA<E~sKX&vdF`2q$tDKSA?_-?rH$=+LH
zWO}h}nSDWShjil}##eL0E00fE_ByBRVs@l!!@t=VM3{t+d^(o=Z%c#L{7Jw5lsx<4
zsKj{J|CsrT$;)?(FBO*;O5Lj1KI4T$eZkHNzxIprO-OyX<AnXYGe4P_85tNCH!+qP
zG%*%}(}S!q3zGqZ0XNV;vivM8%uK8c4BSB+c@_r)I|G{qRtqfJ%rZ(!3as??gTsO#
zk*b?ql!F>ZKq+vngJKw%B24vwDh#|p1}Oj&s-uBD8&^V`2V>h0S4MVG149FSHV$nz
zVA5n~ViZ#b8D9)EA5X{|$b!sLWf3zFf$3ysgtM3oOkiwAMivbNH3JnG-+-}A0_yzy
z<l+JpR~zKQR59|fBpSpoj9n0I5NQx@5Gux*nVXoNs-K>jW}s*wZ@|vRs?EpDB*h}q
z|Map{+nV0K?8E09vaWbY=u}JU8K^@10Q5pmetJHN9r|U(U@?$MsF{)(m>{%MIgMNe
zF3gcp;g*^HXwj|JH%sakW^XY%?K}Ip+slNyvt8M1?Uz`5cz$g&-`l2-@0b62`(fXd
z*3a*ARU9g<^p4fEd<fXn`n;x_tFOZPj(O`D$;k#WznmrR{_tfDP+B={)!l=hYVMuv
dFWzaEBw8?qo-|YCxP90BWP6ZnFyD^d69G?mT9W_(

diff --git a/ssl/test/verisign.x509_my_cert.pem b/ssl/test/verisign.x509_my_cert.pem
deleted file mode 100644
index 5b6c1ffedd..0000000000
--- a/ssl/test/verisign.x509_my_cert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEQzCCA6ygAwIBAgIQR/dXCzC/x5Ta5RvL6hKEojANBgkqhkiG9w0BAQUFADCB
-jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
-EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV
-BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgVGVzdCBSb290IENBMB4X
-DTA2MDExNjAwMDAwMFoXDTA2MDEzMDIzNTk1OVowgbkxCzAJBgNVBAYTAkFVMQww
-CgYDVQQIEwNRbGQxETAPBgNVBAcUCEJyaXNiYW5lMRkwFwYDVQQKFBBheG9sb1RM
-UyBQcm9qZWN0MRUwEwYDVQQLFAwxMDI0IGJpdCBrZXkxOjA4BgNVBAsUMVRlcm1z
-IG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUxGzAZ
-BgNVBAMUEnd3dy5heG9sb3Rscy5jby5ucjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEAttzj5S7qfOZIrh9xg8bgjTOKbSIbLBuMnxAwfGRcUrQO2EQOHd6kMjXR
-hqY/cG2IG4G8AeqdV3nHlKbrbHbRa1lFgP6b0BQCE8TyxmP+tIAqn5L6/HTm+EEi
-Ad1Pxjeok6e7F6UXHxJltSGHmOhAf3C5kPq/FQ6QZeG4yD/uzPkCAwEAAaOCAXUw
-ggFxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEcGA1UdHwRAMD4wPKA6oDiGNmh0
-dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9TVlJUcmlhbFJvb3QyMDA1
-LmNybDBKBgNVHSAEQzBBMD8GCmCGSAGG+EUBBxUwMTAvBggrBgEFBQcCARYjaHR0
-cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EwHQYDVR0lBBYwFAYIKwYB
-BQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
-cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUW
-CWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUW
-I2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEB
-BQUAA4GBACtlCTJFENCcHCQLHJfiotqr2XR+oWu0MstNm8dG6WB+zYprrT+kOPDn
-1rMO7YLx76f67fC+lIXz720kQHk6LsZ8hPBQvIXnfIsKjng73DeFzBmTMFz6Qxjd
-+E0FUCKplqrdwUkmR4kH6O4pdGE4AlXJNiUI2903yYdSRVMOuLuR
------END CERTIFICATE-----
diff --git a/ssl/tls1.c b/ssl/tls1.c
deleted file mode 100644
index 47b76dc31e..0000000000
--- a/ssl/tls1.c
+++ /dev/null
@@ -1,2044 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Lesser License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * Common ssl/tlsv1 code to both the client and server implementations.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include "ssl.h"
-
-/* Don't import the default key/certificate if not used */
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-static const    /* saves a few bytes and RAM */
-#include "cert.h"
-static const    /* saves a few more bytes */
-#include "private_key.h"
-#endif
-         
-/* The session expiry time */
-#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
-
-static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
-static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
-static const char * server_finished = "server finished";
-static const char * client_finished = "client finished";
-
-static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
-static void set_key_block(SSL *ssl, int is_write);
-static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
-static int send_raw_packet(SSL *ssl, uint8_t protocol);
-
-/**
- * The server will pick the cipher based on the order that the order that the
- * ciphers are listed. This order is defined at compile time.
- */
-#ifdef CONFIG_SSL_SKELETON_MODE
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
-{ SSL_RC4_128_SHA };
-#else
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index);
-
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
-#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
-{ SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
-#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
-{ SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };    
-#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
-#endif
-#endif /* CONFIG_SSL_SKELETON_MODE */
-
-/**
- * The cipher map containing all the essentials for each cipher.
- */
-#ifdef CONFIG_SSL_SKELETON_MODE
-static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
-{
-    {   /* RC4-SHA */
-        SSL_RC4_128_SHA,                /* RC4-SHA */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(SHA1_SIZE+16),               /* key block size */
-        0,                              /* no padding */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
-};
-#else
-static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
-{
-    {   /* AES128-SHA */
-        SSL_AES128_SHA,                 /* AES128-SHA */
-        16,                             /* key size */
-        16,                             /* iv size */ 
-        2*(SHA1_SIZE+16+16),            /* key block size */
-        16,                             /* block padding size */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },
-    {   /* AES256-SHA */
-        SSL_AES256_SHA,                 /* AES256-SHA */
-        32,                             /* key size */
-        16,                             /* iv size */ 
-        2*(SHA1_SIZE+32+16),            /* key block size */
-        16,                             /* block padding size */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },       
-    {   /* RC4-SHA */
-        SSL_RC4_128_SHA,                /* RC4-SHA */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(SHA1_SIZE+16),               /* key block size */
-        0,                              /* no padding */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
-    /*
-     * This protocol is from SSLv2 days and is unlikely to be used - but was
-     * useful for testing different possible digest algorithms.
-     */
-    {   /* RC4-MD5 */
-        SSL_RC4_128_MD5,                /* RC4-MD5 */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(MD5_SIZE+16),                /* key block size */
-        0,                              /* no padding */
-        MD5_SIZE,                       /* digest size */
-        hmac_md5,                       /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
-};
-#endif
-
-static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
-        uint8_t *out, int olen);
-static const cipher_info_t *get_cipher_info(uint8_t cipher);
-static void increment_read_sequence(SSL *ssl);
-static void increment_write_sequence(SSL *ssl);
-static void add_hmac_digest(SSL *ssl, int snd,
-        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
-
-/* win32 VC6.0 doesn't have variadic macros */
-#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...) {}
-#endif
-
-/**
- * Establish a new client/server context.
- */
-EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
-{
-    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
-    ssl_ctx->options = options;
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl_ctx->num_sessions = num_sessions;
-#endif
-
-    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
-
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-    if (~options & SSL_NO_DEFAULT_KEY)
-    {
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key, 
-                default_private_key_len, NULL);
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
-                    default_certificate, default_certificate_len, NULL);
-    }
-#endif
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (num_sessions)
-    {
-        ssl_ctx->ssl_sessions = (SSL_SESS **)
-                        calloc(1, num_sessions*sizeof(SSL_SESS *));
-    }
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
-#endif
-
-    return ssl_ctx;
-}
-
-/*
- * Remove a client/server context.
- */
-EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
-{
-    SSL *ssl;
-    int i;
-
-    if (ssl_ctx == NULL)
-        return;
-
-    ssl = ssl_ctx->head;
-
-    /* clear out all the ssl entries */
-    while (ssl)
-    {
-        SSL *next = ssl->next;
-        ssl_free(ssl);
-        ssl = next;
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    /* clear out all the sessions */
-    for (i = 0; i < ssl_ctx->num_sessions; i++)
-        session_free(ssl_ctx->ssl_sessions, i);
-
-    free(ssl_ctx->ssl_sessions);
-#endif
-
-    i = 0;
-    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
-    {
-        free(ssl_ctx->certs[i].buf);
-        ssl_ctx->certs[i++].buf = NULL;
-    }
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    remove_ca_certs(ssl_ctx->ca_cert_ctx);
-#endif
-    ssl_ctx->chain_length = 0;
-    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
-    RSA_free(ssl_ctx->rsa_ctx);
-    RNG_terminate();
-    free(ssl_ctx);
-}
-
-/*
- * Free any used resources used by this connection.
- */
-EXP_FUNC void STDCALL ssl_free(SSL *ssl)
-{
-    SSL_CTX *ssl_ctx;
-
-    if (ssl == NULL)        /* just ignore null pointers */
-        return;
-
-    /* spec says we must notify when we are dying */
-    send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
-
-    ssl_ctx = ssl->ssl_ctx;
-
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-
-    /* adjust the server SSL list */
-    if (ssl->prev)
-        ssl->prev->next = ssl->next;
-    else
-        ssl_ctx->head = ssl->next;
-
-    if (ssl->next)
-        ssl->next->prev = ssl->prev;
-    else
-        ssl_ctx->tail = ssl->prev;
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-
-    /* may already be free - but be sure */
-    free(ssl->all_pkts);
-    free(ssl->final_finish_mac);
-    free(ssl->key_block);
-    free(ssl->encrypt_ctx);
-    free(ssl->decrypt_ctx);
-    free(ssl->master_secret);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    x509_free(ssl->x509_ctx);
-#endif
-
-    free(ssl);
-}
-
-/*
- * Read the SSL connection and send any alerts for various errors.
- */
-EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
-{
-    int ret = basic_read(ssl, in_data);
-
-    /* check for return code so we can send an alert */
-    if (ret < SSL_OK)
-    {
-        if (ret != SSL_ERROR_CONN_LOST)
-        {
-            send_alert(ssl, ret);
-#ifndef CONFIG_SSL_SKELETON_MODE
-            /* something nasty happened, so get rid of this session */
-            kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
-#endif
-        }
-    }
-
-    return ret;
-}
-
-/*
- * Write application data to the client
- */
-EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
-{
-
-    int n = out_len, nw, i, tot = 0;
-
-    /* maximum size of a TLS packet is around 16kB, so fragment */
-    do 
-    {
-        nw = n;
-
-        if (nw > RT_MAX_PLAIN_LENGTH)    /* fragment if necessary */
-            nw = RT_MAX_PLAIN_LENGTH;
-
-        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
-                                            &out_data[tot], nw)) <= 0)
-        {
-            out_len = i;    /* an error */
-            break;
-        }
-
-        tot += i;
-        n -= i;
-    } while (n > 0);
-
-    return out_len;
-}
-
-/**
- * Add a certificate to the certificate chain.
- */
-int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
-{
-    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
-    SSL_CERT *ssl_cert;
-    X509_CTX *cert = NULL;
-    int offset;
-
-    while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS) 
-        i++;
-
-    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: maximum number of certs added - change of "
-                "compile-time configuration required\n");
-#endif
-        goto error;
-    }
-
-    if ((ret = x509_new(buf, &offset, &cert)))
-        goto error;
-
-    ssl_cert = &ssl_ctx->certs[i];
-    ssl_cert->size = len;
-    ssl_cert->buf = (uint8_t *)malloc(len);
-    memcpy(ssl_cert->buf, buf, len);
-    ssl_ctx->chain_length++;
-    len -= offset;
-    ret = SSL_OK;           /* ok so far */
-
-    /* recurse? */
-    if (len > 0)
-    {
-        ret = add_cert(ssl_ctx, &buf[offset], len);
-    }
-
-error:
-    x509_free(cert);        /* don't need anymore */
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Add a certificate authority.
- */
-int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
-{
-    int ret = SSL_ERROR_NO_CERT_DEFINED;
-    int i = 0;
-    int offset;
-    X509_CTX *cert = NULL;
-    CA_CERT_CTX *ca_cert_ctx = ssl_ctx->ca_cert_ctx;
-
-    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
-        i++;
-
-    if (i > CONFIG_X509_MAX_CA_CERTS)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: maximum number of CA certs added - change of "
-                "compile-time configuration required\n");
-#endif
-        goto error;
-    }
-
-    if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
-        goto error;
-
-    /* make sure the cert is valid */
-    cert = ca_cert_ctx->cert[i];
-    if ((ret = x509_verify(ca_cert_ctx, cert)))
-    {
-        x509_free(cert);        /* get rid of it */
-        ca_cert_ctx->cert[i] = NULL;
-        goto error;
-    }
-
-    len -= offset;
-    ret = SSL_OK;           /* ok so far */
-
-    /* recurse? */
-    if (len > 0)
-        ret = add_cert_auth(ssl_ctx, &buf[offset], len);
-
-error:
-    return ret;
-}
-
-/*
- * Retrieve an X.509 distinguished name component
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
-{
-    if (ssl->x509_ctx == NULL)
-        return NULL;
-
-    switch (component)
-    {
-        case SSL_X509_CERT_COMMON_NAME:
-            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
-
-        case SSL_X509_CERT_ORGANIZATION:
-            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
-
-        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_TYPE];
-
-        case SSL_X509_CA_CERT_COMMON_NAME:
-            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
-
-        case SSL_X509_CA_CERT_ORGANIZATION:
-            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
-
-        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_TYPE];
-
-        default:
-            return NULL;
-    }
-}
-
-#endif
-
-/*
- * Find an ssl object based on the client's file descriptor.
- */
-EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl;
-
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-    ssl = ssl_ctx->head;
-
-    /* search through all the ssl entries */
-    while (ssl)
-    {
-        if (ssl->client_fd == client_fd)
-        {
-            SSL_CTX_UNLOCK(ssl_ctx->mutex);
-            return ssl;
-        }
-
-        ssl = ssl->next;
-    }
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-    return NULL;
-}
-
-/*
- * Force the client to perform its handshake again.
- */
-EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
-{
-    int ret = SSL_OK;
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
-    {
-        ret = do_client_connect(ssl);
-    }
-    else
-#endif
-    {
-        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-                g_hello_request, sizeof(g_hello_request));
-        SET_SSL_FLAG(SSL_NEED_RECORD);
-    }
-
-    return ret;
-}
-
-/**
- * @brief Get what we need for key info.
- * @param cipher    [in]    The cipher information we are after
- * @param key_size  [out]   The key size for the cipher
- * @param iv_size   [out]   The iv size for the cipher
- * @return  The amount of key information we need.
- */
-static const cipher_info_t *get_cipher_info(uint8_t cipher)
-{
-    int i;
-
-    for (i = 0; i < NUM_PROTOCOLS; i++)
-    {
-        if (cipher_info[i].cipher == cipher)
-        {
-            return &cipher_info[i];
-        }
-    }
-
-    return NULL;  /* error */
-}
-
-/*
- * Get a new ssl context for a new connection.
- */
-SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
-    ssl->ssl_ctx = ssl_ctx;
-    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
-    ssl->client_fd = client_fd;
-    ssl->flag = SSL_NEED_RECORD;
-    ssl->certs = ssl_ctx->certs;
-    ssl->chain_length = ssl_ctx->chain_length;
-    ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-#ifdef CONFIG_ENABLE_VERIFICATION
-    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
-#endif
-
-    /* a bit hacky but saves a few bytes of memory */
-    ssl->flag |= ssl_ctx->options;
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-
-    if (ssl_ctx->head == NULL)
-    {
-        ssl_ctx->head = ssl;
-        ssl_ctx->tail = ssl;
-    }
-    else
-    {
-        ssl->prev = ssl_ctx->tail;
-        ssl_ctx->tail->next = ssl;
-        ssl_ctx->tail = ssl;
-    }
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-    return ssl;
-}
-
-/*
- * Add a private key to a context.
- */
-int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
-{
-    int ret = SSL_OK;
-
-    /* get the private key details */
-    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-error:
-    return ret;
-}
-
-/** 
- * Increment the read sequence number (as a 64 bit endian indepenent #)
- */     
-static void increment_read_sequence(SSL *ssl)
-{
-    int i;
-
-    for (i = 7; i >= 0; i--) 
-    {       
-        if (++ssl->read_sequence[i])
-            break;
-    }
-}
-            
-/**
- * Increment the read sequence number (as a 64 bit endian indepenent #)
- */      
-static void increment_write_sequence(SSL *ssl)
-{        
-    int i;                  
-         
-    for (i = 7; i >= 0; i--)
-    {                       
-        if (++ssl->write_sequence[i])
-            break;
-    }                       
-}
-
-/**
- * Work out the HMAC digest in a packet.
- */
-static void add_hmac_digest(SSL *ssl, int mode,
-        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
-{
-    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
-    uint8_t *t_ptr = t_buf;
-
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
-            ssl->write_sequence : ssl->read_sequence, 8);
-    t_buf += 8;
-
-    memcpy(t_buf, ssl->record_buf, SSL_RECORD_SIZE);
-    t_buf += SSL_RECORD_SIZE;
-
-    memcpy(t_buf, buf, buf_len);
-
-    ssl->cipher_info->hmac(t_ptr, hmac_len, 
-            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
-                ssl->server_mac : ssl->client_mac, 
-            ssl->cipher_info->digest_size, hmac_buf);
-
-#if 0
-    print_blob("record", ssl->record_buf, SSL_RECORD_SIZE);
-    print_blob("buf", buf, buf_len);
-    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
-    {
-        print_blob("write seq", ssl->write_sequence, 8);
-    }
-    else
-    {
-        print_blob("read seq", ssl->read_sequence, 8);
-    }
-
-    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
-    {
-        print_blob("server mac", 
-                ssl->server_mac, ssl->cipher_info->digest_size);
-    }
-    else
-    {
-        print_blob("client mac", 
-                ssl->client_mac, ssl->cipher_info->digest_size);
-    }
-    print_blob("hmac", hmac_buf, SHA1_SIZE);
-#endif
-
-    free(t_ptr);
-}
-
-/**
- * Verify that the digest of a packet is correct.
- */
-static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
-{   
-    unsigned char hmac_buf[SHA1_SIZE];
-    int hmac_offset;
-   
-    if (ssl->cipher_info->padding_size)
-    {
-        hmac_offset = read_len-buf[read_len-1]-ssl->cipher_info->digest_size-1;
-    }
-    else
-    {
-        hmac_offset = read_len - ssl->cipher_info->digest_size;
-    }
-
-    /* sanity check the offset */
-    if (hmac_offset < 0)
-    {
-        return SSL_ERROR_INVALID_HMAC;
-    }
-
-    ssl->record_buf[3] = hmac_offset >> 8;      /* insert size */
-    ssl->record_buf[4] = hmac_offset & 0xff;
-    add_hmac_digest(ssl, mode, buf, hmac_offset, hmac_buf);
-
-    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
-    {
-        return SSL_ERROR_INVALID_HMAC;
-    }
-
-    return hmac_offset;
-}
-
-/**
- * Add a packet to the end of our sent and received packets, so that we may use
- * it to calculate the hash at the end.
- */
-void add_packet(SSL *ssl, const uint8_t *pkt, int len)
-{
-    int new_len = ssl->all_pkts_len + len;
-    ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len);
-    memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
-    ssl->all_pkts_len = new_len;
-}
-
-/**
- * Work out the MD5 PRF.
- */
-static void p_hash_md5(const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len, uint8_t *out, int olen)
-{
-    uint8_t a1[128];
-
-    /* A(1) */
-    hmac_md5(seed, seed_len, sec, sec_len, a1);
-    memcpy(&a1[MD5_SIZE], seed, seed_len);
-    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
-
-    while (olen > MD5_SIZE)
-    {
-        uint8_t a2[MD5_SIZE];
-        out += MD5_SIZE;
-        olen -= MD5_SIZE;
-
-        /* A(N) */
-        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
-        memcpy(a1, a2, MD5_SIZE);
-
-        /* work out the actual hash */
-        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
-    }
-}
-
-/**
- * Work out the SHA1 PRF.
- */
-static void p_hash_sha1(const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len, uint8_t *out, int olen)
-{
-    uint8_t a1[128];
-
-    /* A(1) */
-    hmac_sha1(seed, seed_len, sec, sec_len, a1);
-    memcpy(&a1[SHA1_SIZE], seed, seed_len);
-    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
-
-    while (olen > SHA1_SIZE)
-    {
-        uint8_t a2[SHA1_SIZE];
-        out += SHA1_SIZE;
-        olen -= SHA1_SIZE;
-
-        /* A(N) */
-        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
-        memcpy(a1, a2, SHA1_SIZE);
-
-        /* work out the actual hash */
-        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
-    }
-}
-
-/**
- * Work out the PRF.
- */
-static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
-        uint8_t *out, int olen)
-{
-    int len, i;
-    const uint8_t *S1, *S2;
-    uint8_t xbuf[256]; /* needs to be > the amount of key data */
-    uint8_t ybuf[256]; /* needs to be > the amount of key data */
-
-    len = sec_len/2;
-    S1 = sec;
-    S2 = &sec[len];
-    len += (sec_len & 1); /* add for odd, make longer */
-
-    p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
-    p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
-
-    for (i=0; i < olen; i++)
-        out[i] = xbuf[i] ^ ybuf[i];
-}
-
-/**
- * Generate a master secret based on the client/server random data and the
- * premaster secret.
- */
-void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
-{
-    uint8_t buf[128];   /* needs to be > 13+32+32 in size */
-    strcpy((char *)buf, "master secret");
-    memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE);
-    memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE);
-    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
-    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
-            SSL_SECRET_SIZE);
-}
-
-/**
- * Generate a 'random' blob of data used for the generation of keys.
- */
-static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
-        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
-{
-    uint8_t buf[128];
-    strcpy((char *)buf, "key expansion");
-    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
-    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
-    prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
-}
-
-/** 
- * Calculate the digest used in the finished message. This function also
- * doubles up as a certificate verify function.
- */
-void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
-{
-    unsigned char mac_buf[128]; 
-    unsigned char *q = mac_buf;
-    MD5_CTX md5_ctx;
-    SHA1_CTX sha1_ctx;
-
-    if (label)
-    {
-        strcpy((char *)q, label);
-        q += strlen(label);
-    }
-
-    MD5Init(&md5_ctx);
-    MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
-    MD5Final(&md5_ctx, q);
-    q += MD5_SIZE;
-    
-    SHA1Init(&sha1_ctx);
-    SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
-    SHA1Final(&sha1_ctx, q);
-    q += SHA1_SIZE;
-
-    if (label)
-    {
-        prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
-            digest, SSL_FINISHED_HASH_SIZE);
-    }
-    else    /* for use in a certificate verify */
-    {
-        memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
-    }
-
-#if 0
-    printf("label: %s\n", label);
-    print_blob("master secret", ssl->master_secret, 48);
-    print_blob("mac_buf", mac_buf, q-mac_buf);
-    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
-#endif
-}   
-    
-/**
- * Retrieve (and initialise) the context of a cipher.
- */
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
-{
-    switch (ssl->cipher)
-    {
-#ifndef CONFIG_SSL_SKELETON_MODE
-        case SSL_AES128_SHA:
-            {
-                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
-                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
-
-                if (is_decrypt)
-                {
-                    AES_convert_key(aes_ctx);
-                }
-
-                return (void *)aes_ctx;
-            }
-
-        case SSL_AES256_SHA:
-            {
-                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
-                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
-
-                if (is_decrypt)
-                {
-                    AES_convert_key(aes_ctx);
-                }
-
-                return (void *)aes_ctx;
-            }
-            break;
-
-        case SSL_RC4_128_MD5:
-#endif
-        case SSL_RC4_128_SHA:
-            {
-                RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
-                RC4_setup(rc4_ctx, key, 16);
-                return (void *)rc4_ctx;
-            }
-            break;
-    }
-
-    return NULL;    /* its all gone wrong */
-}
-
-/**
- * Send a packet over the socket.
- */
-static int send_raw_packet(SSL *ssl, uint8_t protocol)
-{
-    uint8_t *rec_buf = ssl->bm_all_data;
-    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
-    int ret;
-
-    rec_buf[0] = protocol;
-    rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
-    rec_buf[2] = 0x01;
-    rec_buf[3] = ssl->bm_index >> 8;
-    rec_buf[4] = ssl->bm_index & 0xff;
-
-    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
-                            pkt_size, pkt_size);
-
-    if ((ret = SOCKET_WRITE(ssl->client_fd, 
-                    ssl->bm_all_data, pkt_size)) < 0)
-        ret = SSL_ERROR_CONN_LOST;
-
-    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
-    ssl->bm_index = 0;
-
-    if (protocol != PT_APP_PROTOCOL_DATA)  
-    {
-        /* always return SSL_OK during handshake */   
-        ret = SSL_OK;
-    }
-
-    return ret;
-}
-
-/**
- * Send an encrypted packet with padding bytes if necessary.
- */
-int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
-{
-    int msg_length = length;
-    int ret, pad_bytes = 0;
-    ssl->bm_index = msg_length;
-
-    /* if our state is bad, don't bother */
-    if (ssl->hs_status == SSL_ERROR_DEAD)
-        return SSL_ERROR_CONN_LOST;
-
-    if (in) /* has the buffer already been initialised? */
-    {
-        memcpy(ssl->bm_data, in, length);
-    }
-
-    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
-    {
-        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
-                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
-        ssl->record_buf[0] = protocol;
-        ssl->record_buf[3] = length >> 8; 
-        ssl->record_buf[4] = length & 0xff;
-
-        if (protocol == PT_HANDSHAKE_PROTOCOL)
-        {
-            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
-
-            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
-            {
-                add_packet(ssl, ssl->bm_data, ssl->bm_index);
-            }
-        }
-
-        /* add the packet digest */
-        msg_length += ssl->cipher_info->digest_size;
-        ssl->bm_index = msg_length;
-        add_hmac_digest(ssl, mode, ssl->bm_data, length, 
-                                                &ssl->bm_data[length]);
-
-        /* add padding? */
-        if (ssl->cipher_info->padding_size)
-        {
-            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
-            pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
-
-            /* ensure we always have at least 1 padding byte */
-            if (pad_bytes == 0)
-                pad_bytes += ssl->cipher_info->padding_size;
-
-            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
-            msg_length += pad_bytes;
-            ssl->bm_index = msg_length;
-        }
-
-        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
-        increment_write_sequence(ssl);
-
-        /* now encrypt the packet */
-        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
-                                            ssl->bm_data, msg_length);
-    }
-    else if (protocol == PT_HANDSHAKE_PROTOCOL)
-    {
-        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
-
-        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
-        {
-            add_packet(ssl, ssl->bm_data, ssl->bm_index);
-        }
-    }
-
-    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
-        return ret;
-
-    return length;  /* just return what we wanted to send */
-}
-
-/**
- * Work out the cipher keys we are going to use for this session based on the
- * master secret.
- */
-static void set_key_block(SSL *ssl, int is_write)
-{
-    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
-    uint8_t *q;
-    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
-    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    int key_block_existed = 1;
-
-    /* only do once in a handshake */
-    if (ssl->key_block == NULL)
-    {
-        ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
-
-#if 0
-        print_blob("client", ssl->client_random, 32);
-        print_blob("server", ssl->server_random, 32);
-        print_blob("master", ssl->master_secret, SSL_SECRET_SIZE);
-#endif
-        generate_key_block(ssl->client_random, ssl->server_random,
-            ssl->master_secret, ssl->key_block, ciph_info->key_block_size);
-#if 0
-        print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
-#endif
-        key_block_existed = 0;
-    }
-
-    q = ssl->key_block;
-
-    if ((is_client && is_write) || (!is_client && !is_write))
-    {
-        memcpy(ssl->client_mac, q, ciph_info->digest_size);
-    }
-
-    q += ciph_info->digest_size;
-
-    if ((!is_client && is_write) || (is_client && !is_write))
-    {
-        memcpy(ssl->server_mac, q, ciph_info->digest_size);
-    }
-
-    q += ciph_info->digest_size;
-    memcpy(client_key, q, ciph_info->key_size);
-    q += ciph_info->key_size;
-    memcpy(server_key, q, ciph_info->key_size);
-    q += ciph_info->key_size;
-
-#ifndef CONFIG_SSL_SKELETON_MODE 
-    if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
-    {
-        memcpy(client_iv, q, ciph_info->iv_size);
-        q += ciph_info->iv_size;
-        memcpy(server_iv, q, ciph_info->iv_size);
-        q += ciph_info->iv_size;
-    }
-#endif
-
-    free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
-
-    if (ssl->final_finish_mac == NULL)
-    {
-        ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
-    }
-
-    /* now initialise the ciphers */
-    if (is_client)
-    {
-        finished_digest(ssl, server_finished, ssl->final_finish_mac);
-
-        if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
-        else
-            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
-    }
-    else
-    {
-        finished_digest(ssl, client_finished, ssl->final_finish_mac);
-
-        if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
-        else
-            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
-    }
-
-    ssl->cipher_info = ciph_info;
-
-    /* clean up if possible */
-    if (key_block_existed)
-    {
-        memset(ssl->key_block, 0, ciph_info->key_block_size);
-        free(ssl->key_block);
-        ssl->key_block = NULL;
-    }
-}
-
-/**
- * Read the SSL connection.
- */
-int basic_read(SSL *ssl, uint8_t **in_data)
-{
-    int ret = SSL_OK;
-    int read_len, is_record;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    uint8_t *buf;
-
-    buf = ssl->bm_data;
-    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_index], 
-                            ssl->need_bytes-ssl->got_bytes);
-
-    /* connection has gone, so die */
-    if (read_len <= 0)
-    {
-        ret = SSL_ERROR_CONN_LOST;
-        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
-        goto error;
-    }
-
-    DISPLAY_BYTES(ssl, "received %d bytes", 
-            &ssl->bm_data[ssl->bm_index], read_len, read_len);
-
-    ssl->got_bytes += read_len;
-    ssl->bm_index += read_len;
-
-    /* haven't quite got what we want, so try again later */
-    if (ssl->got_bytes < ssl->need_bytes)
-        return SSL_OK;
-
-    read_len = ssl->got_bytes;
-    ssl->got_bytes = 0;
-
-    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
-    {
-        /* check for sslv2 "client hello" */
-        if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
-        {
-#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-            DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
-            add_packet(ssl, &buf[2], 3);
-            ret = process_sslv23_client_hello(ssl); 
-#else
-            printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
-            ret = SSL_ERROR_NOT_SUPPORTED;
-#endif
-            goto error; /* not an error - just get out of here */
-        }
-
-        ssl->need_bytes = (buf[3] << 8) + buf[4];
-
-        /* do we violate the spec with the message size?  */
-        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
-        {
-            ret = SSL_ERROR_INVALID_PROT_MSG;              
-            goto error;
-        }
-
-        CLR_SSL_FLAG(SSL_NEED_RECORD);
-        memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
-        is_record = 1;
-    }
-    else
-    {
-        SET_SSL_FLAG(SSL_NEED_RECORD);
-        ssl->need_bytes = SSL_RECORD_SIZE;
-        is_record = 0;
-    }
-
-    if (is_record)
-        ssl->record_type = buf[0];
-    else if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
-    {
-        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
-        read_len = verify_digest(ssl, 
-                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
-
-        /* does the hmac work? */
-        if (read_len < 0)
-        {
-            ret = read_len;
-            goto error;
-        }
-
-        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
-        increment_read_sequence(ssl);
-    }
-
-    /* The main part of the SSL packet */
-    if (!is_record)
-    {
-        switch (ssl->record_type)
-        {
-            case PT_HANDSHAKE_PROTOCOL:
-                ret = do_handshake(ssl, buf, read_len);
-                break;
-
-            case PT_CHANGE_CIPHER_SPEC:
-                if (ssl->next_state != HS_FINISHED)
-                {
-                    ret = SSL_ERROR_INVALID_HANDSHAKE;
-                    goto error;
-                }
-
-                SET_SSL_FLAG(SSL_RX_ENCRYPTED);
-                set_key_block(ssl, 0);
-                memset(ssl->read_sequence, 0, 8);
-                break;
-
-            case PT_APP_PROTOCOL_DATA:
-                if (in_data)
-                {
-                    *in_data = ssl->bm_data;   /* point to the work buffer */
-                    (*in_data)[read_len] = 0;  /* null terminate just in case */
-                }
-                ret = read_len;
-                break;
-
-            case PT_ALERT_PROTOCOL:
-                /* return the alert # with alert bit set */
-                ret = -buf[1]; 
-                DISPLAY_ALERT(ssl, buf[1]);
-                break;
-
-            default:
-                ret = SSL_ERROR_INVALID_PROT_MSG;
-                break;
-        }
-    }
-
-error:
-    ssl->bm_index = 0;          /* reset to go again */
-
-    if (ret < SSL_OK && in_data)  /* if all wrong, then clear this buffer ptr */
-        *in_data = NULL;
-
-    return ret;
-}
-
-/**
- * Do some basic checking of data and then perform the appropriate handshaking.
- */
-static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
-{
-    int hs_len = (buf[2]<<8) + buf[3];
-    uint8_t handshake_type = buf[0];
-    int ret = SSL_OK;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-
-    /* some integrity checking on the handshake */
-    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
-
-    if (handshake_type != ssl->next_state)
-    {
-        /* handle a special case on the client */
-        if (!is_client || handshake_type != HS_CERT_REQ ||
-                        ssl->next_state != HS_SERVER_HELLO_DONE)
-        {
-            ret = SSL_ERROR_INVALID_HANDSHAKE;
-            goto error;
-        }
-    }
-
-    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
-    ssl->bm_index = hs_len;     /* store the size and check later */
-    DISPLAY_STATE(ssl, 0, handshake_type, 0);
-
-    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
-        add_packet(ssl, buf, hs_len); 
-
-#if defined(CONFIG_SSL_ENABLE_CLIENT)
-    ret = is_client ? 
-        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
-        do_svr_handshake(ssl, handshake_type, buf, hs_len);
-#else
-    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
-#endif
-
-    /* just use recursion to get the rest */
-    if (hs_len < read_len && ret == SSL_OK)
-        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
-
-error:
-    return ret;
-}
-
-/**
- * Sends the change cipher spec message. We have just read a finished message
- * from the client.
- */
-int send_change_cipher_spec(SSL *ssl)
-{
-    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
-            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
-    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
-    set_key_block(ssl, 1);
-    memset(ssl->write_sequence, 0, 8);
-    return ret;
-}
-
-/**
- * Send a "finished" message
- */
-int send_finished(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-
-    buf[0] = HS_FINISHED;
-    buf[1] = 0;
-    buf[2] = 0;
-    buf[3] = SSL_FINISHED_HASH_SIZE;
-
-    /* now add the finished digest mac (12 bytes) */
-    finished_digest(ssl, 
-        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
-                    client_finished : server_finished, &buf[4]);
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    /* store in the session cache */
-    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
-    {
-        memcpy(ssl->session->master_secret,
-                ssl->master_secret, SSL_SECRET_SIZE);
-    }
-#endif
-
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
-                                NULL, SSL_FINISHED_HASH_SIZE+4);
-}
-
-/**
- * Send an alert message.
- * Return 1 if the alert was an "error".
- */
-int send_alert(SSL *ssl, int error_code)
-{
-    int alert_num = 0;
-    int is_warning = 0;
-    uint8_t buf[2];
-
-    /* Don't bother we're already dead */
-    if (ssl->hs_status == SSL_ERROR_DEAD)
-    {
-        return SSL_ERROR_CONN_LOST;
-    }
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        ssl_display_error(error_code);
-#endif
-
-    switch (error_code)
-    {
-        case SSL_ALERT_CLOSE_NOTIFY:
-            is_warning = 1;
-            alert_num = SSL_ALERT_CLOSE_NOTIFY;
-            break;
-
-        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
-            is_warning = 1;
-            break;
-
-        case SSL_ERROR_INVALID_HANDSHAKE:
-        case SSL_ERROR_INVALID_PROT_MSG:
-            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
-            break;
-
-        case SSL_ERROR_INVALID_HMAC:
-        case SSL_ERROR_FINISHED_INVALID:
-            alert_num = SSL_ALERT_BAD_RECORD_MAC;
-            break;
-
-        case SSL_ERROR_INVALID_VERSION:
-            alert_num = SSL_ALERT_INVALID_VERSION;
-            break;
-
-        case SSL_ERROR_INVALID_SESSION:
-        case SSL_ERROR_NO_CIPHER:
-        case SSL_ERROR_INVALID_KEY:
-            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
-            break;
-
-        case SSL_ERROR_BAD_CERTIFICATE:
-            alert_num = SSL_ALERT_BAD_CERTIFICATE;
-            break;
-
-        default:
-            /* a catch-all for any badly verified certificates */
-            alert_num = (error_code <= SSL_X509_OFFSET) ?  
-                SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
-            break;
-    }
-
-    buf[0] = is_warning ? 1 : 2;
-    buf[1] = alert_num;
-    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
-    DISPLAY_ALERT(ssl, alert_num);
-    return is_warning ? 0 : 1;
-}
-
-/**
- * Process a client finished message.
- */
-int process_finished(SSL *ssl, int hs_len)
-{
-    uint8_t *buf = ssl->bm_data;
-    int ret = SSL_OK;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
-
-    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
-
-    /* check that we all work before we continue */
-    if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
-        return SSL_ERROR_FINISHED_INVALID;
-
-    if ((!is_client && !resume) || (is_client && resume))
-    {
-        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
-            ret = send_finished(ssl);
-    }
-
-    /* Don't need this stuff anymore */
-    free(ssl->all_pkts);
-    ssl->all_pkts = NULL;
-    ssl->all_pkts_len = 0;
-
-    memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
-    free(ssl->master_secret);
-    ssl->master_secret = NULL;
-
-    memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
-    free(ssl->final_finish_mac);
-    ssl->final_finish_mac = NULL;
-
-    /* if we ever renegotiate */
-    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
-    ssl->hs_status = ret;  /* set the final handshake status */
-
-error:
-    return ret;
-}
-
-/**
- * Send a certificate.
- */
-int send_certificate(SSL *ssl)
-{
-    int i = 0;
-    uint8_t *buf = ssl->bm_data;
-    int offset = 7;
-    int chain_length;
-
-    buf[0] = HS_CERTIFICATE;
-    buf[1] = 0;
-    buf[4] = 0;
-    buf[7] = 0;
-
-    while (i < ssl->chain_length)
-    {
-        SSL_CERT *cert = &ssl->certs[i];
-        buf[offset++] = 0;        
-        buf[offset++] = cert->size >> 8;        /* cert 1 length */
-        buf[offset++] = cert->size & 0xff;
-        memcpy(&buf[offset], cert->buf, cert->size);
-        offset += cert->size;
-        i++;
-    }
-
-    chain_length = offset - 7;
-    buf[5] = chain_length >> 8;        /* cert chain length */
-    buf[6] = chain_length & 0xff;
-    chain_length += 3;
-    buf[2] = chain_length >> 8;        /* handshake length */
-    buf[3] = chain_length & 0xff;
-    ssl->bm_index = offset;
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-}
-
-#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
-/**
- * Find if an existing session has the same session id. If so, use the
- * master secret from this session for session resumption.
- */
-SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id)
-{
-    time_t tm = time(NULL);
-    time_t oldest_sess_time = tm;
-    SSL_SESS *oldest_sess = NULL;
-    int i;
-
-    /* no sessions? Then bail */
-    if (max_sessions == 0)
-        return NULL;
-
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    if (session_id)
-    {
-        for (i = 0; i < max_sessions; i++)
-        {
-            if (ssl_sessions[i])
-            {
-                /* kill off any expired sessions */
-                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
-                {
-                    session_free(ssl_sessions, i);
-                    continue;
-                }
-
-                /* if the session id matches, it must still be less than 
-                   the expiry time */
-                if (memcmp(ssl_sessions[i]->session_id, session_id,
-                                                SSL_SESSION_ID_SIZE) == 0)
-                {
-                    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
-                    ssl->session_index = i;
-                    memcpy(ssl->master_secret, 
-                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
-                    SET_SSL_FLAG(SSL_SESSION_RESUME);
-                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-                    return ssl_sessions[i];  /* a session was found */
-                }
-            }
-        }
-    }
-
-    /* If we've got here, no matching session was found - so create one */
-    for (i = 0; i < max_sessions; i++)
-    {
-        if (ssl_sessions[i] == NULL)
-        {
-            /* perfect, this will do */
-            ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
-            ssl_sessions[i]->conn_time = tm;
-            ssl->session_index = i;
-            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-            return ssl_sessions[i]; /* return the session object */
-        }
-        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
-        {
-            /* find the oldest session */
-            oldest_sess_time = ssl_sessions[i]->conn_time;
-            oldest_sess = ssl_sessions[i];
-            ssl->session_index = i;
-        }
-    }
-
-    /* ok, we've used up all of our sessions. So blow the oldest session away */
-    oldest_sess->conn_time = tm;
-    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-    return oldest_sess;
-}
-
-/**
- * Free an existing session.
- */
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
-{
-    if (ssl_sessions[sess_index])
-    {
-        free(ssl_sessions[sess_index]);
-        ssl_sessions[sess_index] = NULL;
-    }
-}
-
-/**
- * This ssl object doesn't want this session anymore.
- */
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
-{
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-
-    if (ssl->ssl_ctx->num_sessions)
-    {
-        session_free(ssl_sessions, ssl->session_index);
-        ssl->session = NULL;
-    }
-
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-}
-#endif /* CONFIG_SSL_SKELETON_MODE */
-
-/*
- * Get the session id for a handshake. This will be a 32 byte sequence.
- */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
-{
-    return ssl->session_id;
-}
-
-/*
- * Return the cipher id (in the SSL form).
- */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
-{
-    return ssl->cipher;
-}
-
-/*
- * Return the status of the handshake.
- */
-EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
-{
-    return ssl->hs_status;
-}
-
-/*
- * Retrieve various parameters about the SSL engine.
- */
-EXP_FUNC int STDCALL ssl_get_config(int offset)
-{
-    switch (offset)
-    {
-        /* return the appropriate build mode */
-        case SSL_BUILD_MODE:
-#if defined(CONFIG_SSL_FULL_MODE)
-            return SSL_BUILD_FULL_MODE;
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-            return SSL_BUILD_ENABLE_CLIENT;
-#elif defined(CONFIG_ENABLE_VERIFICATION)
-            return SSL_BUILD_ENABLE_VERIFICATION;
-#elif defined(CONFIG_SSL_SERVER_ONLY )
-            return SSL_BUILD_SERVER_ONLY;
-#else 
-            return SSL_BUILD_SKELETON_MODE;
-#endif
-
-        case SSL_MAX_CERT_CFG_OFFSET:
-            return CONFIG_SSL_MAX_CERTS;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case SSL_MAX_CA_CERT_CFG_OFFSET:
-            return CONFIG_X509_MAX_CA_CERTS;
-#endif
-#ifdef CONFIG_SSL_HAS_PEM
-        case SSL_HAS_PEM:
-            return 1;
-#endif
-        default:
-            return 0;
-    }
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Authenticate a received certificate.
- */
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
-{
-    int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
-
-    if (ret)        /* modify into an SSL error type */
-    {
-        ret = SSL_X509_ERROR(ret);
-    }
-
-    return ret;
-}
-
-/**
- * Process a certificate message.
- */
-int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
-{
-    int ret = SSL_OK;
-    int pkt_size = ssl->bm_index;
-    int cert_size, offset = 5;
-    int total_cert_size = (ssl->bm_data[offset]<<8) + 
-                ssl->bm_data[offset+1];
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    X509_CTX **chain = x509_ctx;
-    offset += 2;
-
-    PARANOIA_CHECK(total_cert_size, offset);
-
-    while (offset < total_cert_size)
-    {
-        offset++;       /* skip empty char */
-        cert_size = (ssl->bm_data[offset]<<8) + ssl->bm_data[offset+1];
-        offset += 2;
-        
-        if (x509_new(&ssl->bm_data[offset], NULL, chain))
-        {
-            ret = SSL_ERROR_BAD_CERTIFICATE;
-            goto error;
-        }
-
-        chain = &((*chain)->next);
-        offset += cert_size;
-    }
-
-    PARANOIA_CHECK(pkt_size, offset);
-
-    /* if we are client we can do the verify now or later */
-    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
-    {
-        ret = ssl_verify_cert(ssl);
-    }
-
-    DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
-    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
-error:
-    return ret;
-}
-
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-
-/**
- * Debugging routine to display SSL handshaking stuff.
- */
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * Debugging routine to display SSL states.
- */
-void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
-{
-    const char *str;
-
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        return;
-
-    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
-    printf(is_send ? "sending " : "receiving ");
-
-    switch (state)
-    {
-        case HS_HELLO_REQUEST:
-            str = "Hello Request (0)";
-            break;
-
-        case HS_CLIENT_HELLO:
-            str = "Client Hello (1)";
-            break;
-
-        case HS_SERVER_HELLO:
-            str = "Server Hello (2)";
-            break;
-
-        case HS_CERTIFICATE:
-            str = "Certificate (11)";
-            break;
-
-        case HS_SERVER_KEY_XCHG:
-            str = "Certificate Request (12)";
-            break;
-
-        case HS_CERT_REQ:
-            str = "Certificate Request (13)";
-            break;
-
-        case HS_SERVER_HELLO_DONE:
-            str = "Server Hello Done (14)";
-            break;
-
-        case HS_CERT_VERIFY:
-            str = "Certificate Verify (15)";
-            break;
-
-        case HS_CLIENT_KEY_XCHG:
-            str = "Client Key Exchange (16)";
-            break;
-
-        case HS_FINISHED:
-            str = "Finished (16)";
-            break;
-
-        default:
-            str = "Error (Unknown)";
-            
-            break;
-    }
-
-    printf("%s\n", str);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display X509 certificates.
- */
-void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
-        return;
-
-    x509_print(ssl->ssl_ctx->ca_cert_ctx, x509_ctx);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display RSA objects
- */
-void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
-        return;
-
-    RSA_print(rsa_ctx);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display SSL handshaking bytes.
- */
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...)
-{
-    va_list(ap);
-
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
-        return;
-
-    va_start(ap, size);
-    print_blob(format, data, size, va_arg(ap, char *));
-    va_end(ap);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display SSL handshaking errors.
- */
-EXP_FUNC void STDCALL ssl_display_error(int error_code)
-{
-    if (error_code == SSL_OK)
-        return;
-
-    printf("Error: ");
-
-    /* X509 error? */
-    if (error_code < SSL_X509_OFFSET)
-    {
-        x509_display_error(error_code - SSL_X509_OFFSET);
-        printf("\n");
-        return;
-    }
-
-    /* SSL alert error code */
-    if (error_code > SSL_ERROR_CONN_LOST)
-    {
-        printf("SSL error %d\n", -error_code);
-        return;
-    }
-
-    switch (error_code)
-    {
-        case SSL_ERROR_DEAD:
-            printf("connection dead");
-            break;
-
-        case SSL_ERROR_INVALID_HANDSHAKE:
-            printf("invalid handshake");
-            break;
-
-        case SSL_ERROR_INVALID_PROT_MSG:
-            printf("invalid protocol message");
-            break;
-
-        case SSL_ERROR_INVALID_HMAC:
-            printf("invalid mac");
-            break;
-
-        case SSL_ERROR_INVALID_VERSION:
-            printf("invalid version");
-            break;
-
-        case SSL_ERROR_INVALID_SESSION:
-            printf("invalid session");
-            break;
-
-        case SSL_ERROR_NO_CIPHER:
-            printf("no cipher");
-            break;
-
-        case SSL_ERROR_CONN_LOST:
-            printf("connection lost");
-            break;
-
-        case SSL_ERROR_BAD_CERTIFICATE:
-            printf("bad certificate");
-            break;
-
-        case SSL_ERROR_INVALID_KEY:
-            printf("invalid key");
-            break;
-
-        case SSL_ERROR_FINISHED_INVALID:
-            printf("finished invalid");
-            break;
-
-        case SSL_ERROR_NO_CERT_DEFINED:
-            printf("no certificate defined");
-            break;
-
-        case SSL_ERROR_NOT_SUPPORTED:
-            printf("Option not supported");
-            break;
-
-        default:
-            printf("undefined as yet - %d", error_code);
-            break;
-    }
-
-    printf("\n");
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display alerts.
- */
-void DISPLAY_ALERT(SSL *ssl, int alert)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        return;
-
-    printf("Alert: ");
-
-    switch (alert)
-    {
-        case SSL_ALERT_CLOSE_NOTIFY:
-            printf("close notify");
-            break;
-
-        case SSL_ALERT_INVALID_VERSION:
-            printf("invalid version");
-            break;
-
-        case SSL_ALERT_BAD_CERTIFICATE:
-            printf("bad certificate");
-            break;
-
-        case SSL_ALERT_UNEXPECTED_MESSAGE:
-            printf("unexpected message");
-            break;
-
-        case SSL_ALERT_BAD_RECORD_MAC:
-            printf("bad record mac");
-            break;
-
-        case SSL_ALERT_HANDSHAKE_FAILURE:
-            printf("handshake failure");
-            break;
-
-        case SSL_ALERT_ILLEGAL_PARAMETER:
-            printf("illegal parameter");
-            break;
-
-        case SSL_ALERT_DECODE_ERROR:
-            printf("decode error");
-            break;
-
-        case SSL_ALERT_DECRYPT_ERROR:
-            printf("decrypt error");
-            break;
-
-        default:
-            printf("alert - (unknown %d)", alert);
-            break;
-    }
-
-    printf("\n");
-    TTY_FLUSH();
-}
-
-#endif /* CONFIG_SSL_FULL_MODE */
-
-/**
- * Return the version of this library.
- */
-EXP_FUNC const char  * STDCALL ssl_version()
-{
-    static const char * axtls_version = AXTLS_VERSION " " __DATE__;
-    return axtls_version;
-}
-
-/**
- * Enable the various language bindings to work regardless of the
- * configuration - they just return an error statement and a bad return code.
- */
-#if !defined(CONFIG_SSL_FULL_MODE)
-EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
-#endif
-
-#ifdef CONFIG_BINDINGS
-#if !defined(CONFIG_SSL_ENABLE_CLIENT)
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, 
-                        int client_fd, const uint8_t *session_id)
-{
-    printf(unsupported_str);
-    return NULL;
-}
-#endif
-
-#if !defined(CONFIG_SSL_CERT_VERIFICATION)
-EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
-{
-    printf(unsupported_str);
-    return -1;
-}
-
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
-{
-    printf(unsupported_str);
-    return NULL;
-}
-
-#endif  /* CONFIG_SSL_CERT_VERIFICATION */
-
-#endif /* CONFIG_BINDINGS */
-
diff --git a/ssl/tls1.h b/ssl/tls1.h
deleted file mode 100644
index d2ebeefe08..0000000000
--- a/ssl/tls1.h
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file tls1.h
- *
- * @brief The definitions for the TLS library.
- */
-#ifndef HEADER_SSL_LIB_H
-#define HEADER_SSL_LIB_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "version.h"
-
-/* Mutexing definitions */
-#if defined(CONFIG_SSL_CTX_MUTEXING)
-#if defined(WIN32)
-#define SSL_CTX_MUTEX_TYPE          HANDLE
-#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
-#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
-#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
-#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
-#else 
-#include <pthread.h>
-#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
-#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
-#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
-#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
-#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
-#endif
-#else   /* no mutexing */
-#define SSL_CTX_MUTEX_INIT(A)
-#define SSL_CTX_MUTEX_DESTROY(A)
-#define SSL_CTX_LOCK(A)
-#define SSL_CTX_UNLOCK(A)
-#endif
-
-#define SSL_RANDOM_SIZE             32
-#define SSL_SECRET_SIZE             48
-#define SSL_FINISHED_HASH_SIZE      12
-#define SSL_RECORD_SIZE             5
-#define SSL_SERVER_READ             0
-#define SSL_SERVER_WRITE            1
-#define SSL_CLIENT_READ             2
-#define SSL_CLIENT_WRITE            3
-#define SSL_HS_HDR_SIZE             4
-
-/* the flags we use while establishing a connection */
-#define SSL_NEED_RECORD             0x0001
-#define SSL_TX_ENCRYPTED            0x0002 
-#define SSL_RX_ENCRYPTED            0x0004
-#define SSL_SESSION_RESUME          0x0008
-#define SSL_IS_CLIENT               0x0010
-#define SSL_HAS_CERT_REQ            0x0020
-
-/* some macros to muck around with flag bits */
-#define SET_SSL_FLAG(A)             (ssl->flag |= A)
-#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
-#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
-
-#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         16384
-#define RT_EXTRA                    1024
-#define BM_RECORD_OFFSET            5
-
-#ifdef CONFIG_SSL_SKELETON_MODE
-#define NUM_PROTOCOLS               1
-#else
-#define NUM_PROTOCOLS               4
-#endif
-
-#define PARANOIA_CHECK(A, B)        if (A < B) { \
-    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
-
-/* protocol types */
-enum
-{
-    PT_CHANGE_CIPHER_SPEC = 20,
-    PT_ALERT_PROTOCOL,
-    PT_HANDSHAKE_PROTOCOL,
-    PT_APP_PROTOCOL_DATA
-};
-
-/* handshaking types */
-enum
-{
-    HS_HELLO_REQUEST,
-    HS_CLIENT_HELLO,
-    HS_SERVER_HELLO,
-    HS_CERTIFICATE = 11,
-    HS_SERVER_KEY_XCHG,
-    HS_CERT_REQ,
-    HS_SERVER_HELLO_DONE,
-    HS_CERT_VERIFY,
-    HS_CLIENT_KEY_XCHG,
-    HS_FINISHED = 20
-};
-
-typedef struct 
-{
-    uint8_t cipher;
-    uint8_t key_size;
-    uint8_t iv_size;
-    uint8_t key_block_size;
-    uint8_t padding_size;
-    uint8_t digest_size;
-    hmac_func hmac;
-    crypt_func encrypt;
-    crypt_func decrypt;
-} cipher_info_t;
-
-struct _SSLObjLoader 
-{
-    uint8_t *buf;
-    int len;
-};
-
-typedef struct _SSLObjLoader SSLObjLoader;
-
-typedef struct 
-{
-    time_t conn_time;
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-    uint8_t master_secret[SSL_SECRET_SIZE];
-} SSL_SESS;
-
-typedef struct
-{
-    uint8_t *buf;
-    int size;
-} SSL_CERT;
-
-struct _SSL
-{
-    uint32_t flag;
-    uint16_t need_bytes;
-    uint16_t got_bytes;
-    uint8_t record_type;
-    uint8_t chain_length;
-    uint8_t cipher;
-    int16_t next_state;
-    int16_t hs_status;
-    uint8_t *all_pkts; 
-    int all_pkts_len;
-    int client_fd;
-    const cipher_info_t *cipher_info;
-    uint8_t *final_finish_mac;
-    uint8_t *key_block;
-    void *encrypt_ctx;
-    void *decrypt_ctx;
-    uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
-    uint8_t *bm_data;
-    int bm_index;
-    struct _SSL *next;                  /* doubly linked list */
-    struct _SSL *prev;
-    SSL_CERT *certs;
-    struct _SSL_CTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
-#ifndef CONFIG_SSL_SKELETON_MODE
-    uint16_t session_index;
-    SSL_SESS *session;
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    X509_CTX *x509_ctx;
-#endif
-
-    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
-    uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
-    uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
-    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
-    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
-    uint8_t *master_secret;
-    uint8_t read_sequence[8];       /* 64 bit sequence number */
-    uint8_t write_sequence[8];      /* 64 bit sequence number */
-    uint8_t record_buf[SSL_RECORD_SIZE];    /* storage for hmac calls later */
-};
-
-typedef struct _SSL SSL;
-
-struct _SSL_CTX
-{
-    uint32_t options;
-    uint8_t chain_length;
-    RSA_CTX *rsa_ctx;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    CA_CERT_CTX *ca_cert_ctx;
-#endif
-    SSL *head;
-    SSL *tail;
-    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
-#ifndef CONFIG_SSL_SKELETON_MODE
-    uint16_t num_sessions;
-    SSL_SESS **ssl_sessions;
-#endif
-#ifdef CONFIG_SSL_CTX_MUTEXING
-    SSL_CTX_MUTEX_TYPE mutex;
-#endif
-#ifdef CONFIG_OPENSSL_COMPATIBLE
-    void *bonus_attr;
-#endif
-};
-
-typedef struct _SSL_CTX SSL_CTX;
-
-/* backwards compatibility */
-typedef struct _SSL_CTX SSLCTX;
-
-extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
-
-SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
-int send_packet(SSL *ssl, uint8_t protocol, 
-        const uint8_t *in, int length);
-int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int process_finished(SSL *ssl, int hs_len);
-int process_sslv23_client_hello(SSL *ssl);
-int send_alert(SSL *ssl, int error_code);
-int send_finished(SSL *ssl);
-int send_certificate(SSL *ssl);
-int basic_read(SSL *ssl, uint8_t **in_data);
-int send_change_cipher_spec(SSL *ssl);
-void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
-void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
-void add_packet(SSL *ssl, const uint8_t *pkt, int len);
-int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
-void ssl_obj_free(SSLObjLoader *ssl_obj);
-int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
-#endif
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-int do_client_connect(SSL *ssl);
-#endif
-
-#ifdef CONFIG_SSL_FULL_MODE
-void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...);
-void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx);
-void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx);
-void DISPLAY_ALERT(SSL *ssl, int alert);
-#else
-#define DISPLAY_STATE(A,B,C,D)
-#define DISPLAY_CERT(A,B,C)
-#define DISPLAY_RSA(A,B,C)
-#define DISPLAY_ALERT(A, B)
-#ifdef WIN32
-void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
-        const uint8_t *data, int size, ...);
-#else
-#define DISPLAY_BYTES(A,B,C,D,...)
-#endif
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
-#endif
-
-SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl,
-        const uint8_t *session_id);
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
deleted file mode 100644
index b3d5a52fb6..0000000000
--- a/ssl/tls1_clnt.c
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <stdio.h>
-
-#include "ssl.h"
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
-
-static int send_client_hello(SSL *ssl);
-static int process_server_hello(SSL *ssl);
-static int process_server_hello_done(SSL *ssl);
-static int send_client_key_xchg(SSL *ssl);
-static int process_cert_req(SSL *ssl);
-static int send_cert_verify(SSL *ssl);
-
-/*
- * Establish a new SSL connection to an SSL server.
- */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
-{
-    int ret;
-    SSL *ssl = ssl_new(ssl_ctx, client_fd);
-
-    if (session_id && ssl_ctx->num_sessions)
-    {
-        memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE);
-        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
-    }
-
-    SET_SSL_FLAG(SSL_IS_CLIENT);
-    ret = do_client_connect(ssl);
-    return ssl;
-}
-
-/*
- * Process the handshake record.
- */
-int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
-{
-    int ret = SSL_OK;
-
-    /* To get here the state must be valid */
-    switch (handshake_type)
-    {
-        case HS_SERVER_HELLO:
-            ret = process_server_hello(ssl);
-            break;
-
-        case HS_CERTIFICATE:
-            ret = process_certificate(ssl, &ssl->x509_ctx);
-            break;
-
-        case HS_SERVER_HELLO_DONE:
-            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
-            {
-                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
-                {
-                    if ((ret = send_certificate(ssl)) == SSL_OK &&
-                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
-                    {
-                        ret = send_cert_verify(ssl);
-                    }
-                }
-                else
-                {
-                    ret = send_client_key_xchg(ssl);
-                }
-
-                if (ret == SSL_OK && 
-                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
-                {
-                    ret = send_finished(ssl);
-                }
-            }
-            break;
-
-        case HS_CERT_REQ:
-            ret = process_cert_req(ssl);
-            break;
-
-        case HS_FINISHED:
-            ret = process_finished(ssl, hs_len);
-            break;
-
-        case HS_HELLO_REQUEST:
-            ret = do_client_connect(ssl);
-            break;
-    }
-
-    return ret;
-}
-
-/*
- * Do the handshaking from the beginning.
- */
-int do_client_connect(SSL *ssl)
-{
-    int ret = SSL_OK;
-
-    send_client_hello(ssl);                 /* send the client hello */
-    ssl->bm_index = 0;
-    ssl->next_state = HS_SERVER_HELLO;
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-
-    /* sit in a loop until it all looks good */
-    while (ssl->hs_status != SSL_OK)
-    {
-        ret = basic_read(ssl, NULL);
-        
-        if (ret < SSL_OK)
-        { 
-            if (ret != SSL_ERROR_CONN_LOST)
-            {
-                /* let the server know we are dying and why */
-                if (send_alert(ssl, ret))
-                {
-                    /* something nasty happened, so get rid of it */
-                    kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
-                }
-            }
-
-            break;
-        }
-    }
-
-    ssl->hs_status = ret;            /* connected? */
-    return ret;
-}
-
-/*
- * Send the initial client hello.
- */
-static int send_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    time_t tm = time(NULL);
-    uint8_t *tm_ptr = &buf[6]; /* time will go here */
-    int i, offset;
-
-    buf[0] = HS_CLIENT_HELLO;
-    buf[1] = 0;
-    buf[2] = 0;
-    /* byte 3 is calculated later */
-    buf[4] = 0x03;
-    buf[5] = 0x01;
-
-    /* client random value - spec says that 1st 4 bytes are big endian time */
-    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
-    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
-    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 6 + SSL_RANDOM_SIZE;
-
-    /* give session resumption a go */
-    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially bu user */
-    {
-        buf[offset++] = SSL_SESSION_ID_SIZE;
-        memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE);
-        offset += SSL_SESSION_ID_SIZE;
-        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
-    }
-    else
-    {
-        /* no session id - because no session resumption just yet */
-        buf[offset++] = 0;
-    }
-
-    buf[offset++] = 0;              /* number of ciphers */
-    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
-
-    /* put all our supported protocols in our request */
-    for (i = 0; i < NUM_PROTOCOLS; i++)
-    {
-        buf[offset++] = 0;          /* cipher we are using */
-        buf[offset++] = ssl_prot_prefs[i];
-    }
-
-    buf[offset++] = 1;              /* no compression */
-    buf[offset++] = 0;
-    buf[3] = offset - 4;            /* handshake size */
-
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-}
-
-/*
- * Process the server hello.
- */
-static int process_server_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int pkt_size = ssl->bm_index;
-    int offset;
-    int version = (buf[4] << 4) + buf[5];
-    int num_sessions = ssl->ssl_ctx->num_sessions;
-    int ret = SSL_OK;
-
-    /* check that we are talking to a TLSv1 server */
-    if (version != 0x31)
-        return SSL_ERROR_INVALID_VERSION;
-
-    /* get the server random value */
-    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
-
-    if (num_sessions)
-    {
-        ssl->session = ssl_session_update(num_sessions,
-                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-    }
-
-    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-    offset += SSL_SESSION_ID_SIZE;
-
-    /* get the real cipher we are using */
-    ssl->cipher = buf[++offset];
-    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
-                                        HS_FINISHED : HS_CERTIFICATE;
-
-    PARANOIA_CHECK(pkt_size, offset);
-
-error:
-    return ret;
-}
-
-/**
- * Process the server hello done message.
- */
-static int process_server_hello_done(SSL *ssl)
-{
-    ssl->next_state = HS_FINISHED;
-    return SSL_OK;
-}
-
-/*
- * Send a client key exchange message.
- */
-static int send_client_key_xchg(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    uint8_t premaster_secret[SSL_SECRET_SIZE];
-    int enc_secret_size = -1;
-
-    buf[0] = HS_CLIENT_KEY_XCHG;
-    buf[1] = 0;
-
-    premaster_secret[0] = 0x03; /* encode the version number */
-    premaster_secret[1] = 0x01;
-    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
-    DISPLAY_RSA(ssl, "send_client_key_xchg", ssl->x509_ctx->rsa_ctx);
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
-            SSL_SECRET_SIZE, &buf[6], 0);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    buf[2] = (enc_secret_size + 2) >> 8;
-    buf[3] = (enc_secret_size + 2) & 0xff;
-    buf[4] = enc_secret_size >> 8;
-    buf[5] = enc_secret_size & 0xff;
-
-    generate_master_secret(ssl, premaster_secret);
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
-}
-
-/*
- * Process the certificate request.
- */
-static int process_cert_req(SSL *ssl)
-{
-    /* don't do any processing - we will send back an RSA certificate anyway */
-    ssl->next_state = HS_SERVER_HELLO_DONE;
-    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
-    return SSL_OK;
-}
-
-/*
- * Send a certificate verify message.
- */
-static int send_cert_verify(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
-    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int n, ret;
-
-    DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
-
-    buf[0] = HS_CERT_VERIFY;
-    buf[1] = 0;
-
-    finished_digest(ssl, NULL, dgst);   /* calculate the digest */
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (n == 0)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-    
-    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
-    buf[5] = n & 0xff;
-    n += 2;
-    buf[2] = n >> 8;
-    buf[3] = n & 0xff;
-    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
-
-error:
-    return ret;
-}
-
-#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
deleted file mode 100644
index 133f9db69b..0000000000
--- a/ssl/tls1_svr.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "ssl.h"
-
-static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
-
-static int process_client_hello(SSL *ssl);
-static int send_server_hello_sequence(SSL *ssl);
-static int send_server_hello(SSL *ssl);
-static int send_server_hello_done(SSL *ssl);
-static int process_client_key_xchg(SSL *ssl);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-static int send_certificate_request(SSL *ssl);
-static int process_cert_verify(SSL *ssl);
-#endif
-
-/*
- * Establish a new SSL connection to an SSL client.
- */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl = ssl_new(ssl_ctx, client_fd);
-    ssl->next_state = HS_CLIENT_HELLO;
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ssl_ctx->chain_length == 0)
-        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
-#endif
-
-    return ssl;
-}
-
-/*
- * Process the handshake record.
- */
-int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
-{
-    int ret = SSL_OK;
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-
-    /* To get here the state must be valid */
-    switch (handshake_type)
-    {
-        case HS_CLIENT_HELLO:
-            if ((ret = process_client_hello(ssl)) == SSL_OK)
-                ret = send_server_hello_sequence(ssl);
-            break;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case HS_CERTIFICATE:/* the client sends its cert */
-            ret = process_certificate(ssl, &ssl->x509_ctx);
-
-            if (ret == SSL_OK)    /* verify the cert */
-            { 
-                int cert_res;
-                cert_res = x509_verify(
-                        ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
-                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
-            }
-            break;
-
-        case HS_CERT_VERIFY:    
-            ret = process_cert_verify(ssl);
-            add_packet(ssl, buf, hs_len);   /* needs to be done after */
-            break;
-#endif
-        case HS_CLIENT_KEY_XCHG:
-            ret = process_client_key_xchg(ssl);
-            break;
-
-        case HS_FINISHED:
-            ret = process_finished(ssl, hs_len);
-            break;
-    }
-
-    return ret;
-}
-
-/* 
- * Process a client hello message.
- */
-static int process_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    uint8_t *record_buf = ssl->record_buf;
-    int pkt_size = ssl->bm_index;
-    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
-    int version = (record_buf[1] << 4) + record_buf[2];
-    int ret = SSL_OK;
-    
-    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31) 
-    {
-        ret = SSL_ERROR_INVALID_VERSION;
-        ssl_display_error(ret);
-        goto error;
-    }
-
-    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
-
-    /* process the session id */
-    id_len = buf[offset++];
-    if (id_len > SSL_SESSION_ID_SIZE)
-    {
-        return SSL_ERROR_INVALID_SESSION;
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
-            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
-#endif
-
-    offset += id_len;
-    cs_len = (buf[offset]<<8) + buf[offset+1];
-    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
-
-    PARANOIA_CHECK(pkt_size, offset);
-
-    /* work out what cipher suite we are going to use */
-    for (j = 0; j < NUM_PROTOCOLS; j++)
-    {
-        for (i = 0; i < cs_len; i += 2)
-        {
-            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
-            {
-                ssl->cipher = ssl_prot_prefs[j];
-                goto do_state;
-            }
-        }
-    }
-
-    /* ouch! protocol is not supported */
-    ret = SSL_ERROR_NO_CIPHER;
-
-do_state:
-error:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-/*
- * Some browsers use a hybrid SSLv2 "client hello" 
- */
-int process_sslv23_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
-    int version = (buf[3] << 4) + buf[4];
-    int ret = SSL_OK;
-
-    /* we have already read 3 extra bytes so far */
-    int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
-    int cs_len = buf[1];
-    int id_len = buf[3];
-    int ch_len = buf[5];
-    int i, j, offset = 8;   /* start at first cipher */
-    int random_offset = 0;
-
-    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
-    
-    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31)
-    {
-        return SSL_ERROR_INVALID_VERSION;
-    }
-
-    add_packet(ssl, buf, read_len);
-
-    /* connection has gone, so die */
-    if (bytes_needed < 0)
-    {
-        return SSL_ERROR_CONN_LOST;
-    }
-
-    /* now work out what cipher suite we are going to use */
-    for (j = 0; j < NUM_PROTOCOLS; j++)
-    {
-        for (i = 0; i < cs_len; i += 3)
-        {
-            if (ssl_prot_prefs[j] == buf[offset+i])
-            {
-                ssl->cipher = ssl_prot_prefs[j];
-                goto server_hello;
-            }
-        }
-    }
-
-    /* ouch! protocol is not supported */
-    ret = SSL_ERROR_NO_CIPHER;
-    goto error;
-
-server_hello:
-    /* get the session id */
-    offset += cs_len - 2;   /* we've gone 2 bytes past the end */
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
-            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
-#endif
-
-    /* get the client random data */
-    offset += id_len;
-
-    /* random can be anywhere between 16 and 32 bytes long - so it is padded
-     * with 0's to the left */
-    if (ch_len == 0x10)
-    {
-        random_offset += 0x10;
-    }
-
-    memcpy(&ssl->client_random[random_offset], &buf[offset], ch_len);
-    ret = send_server_hello_sequence(ssl);
-
-error:
-    return ret;
-}
-#endif
-
-/*
- * Send the entire server hello sequence
- */
-static int send_server_hello_sequence(SSL *ssl)
-{
-    int ret;
-
-    if ((ret = send_server_hello(ssl)) == SSL_OK)
-    {
-#ifndef CONFIG_SSL_SKELETON_MODE
-        /* resume handshake? */
-        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
-        {
-            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
-            {
-                ret = send_finished(ssl);
-                ssl->next_state = HS_FINISHED;
-            }
-        }
-        else 
-#endif
-        if ((ret = send_certificate(ssl)) == SSL_OK)
-        {
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-            /* ask the client for its certificate */
-            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
-            {
-                if ((ret = send_certificate_request(ssl)) == SSL_OK)
-                {
-                    ret = send_server_hello_done(ssl);
-                    ssl->next_state = HS_CERTIFICATE;
-                }
-            }
-            else
-#endif
-            {
-                ret = send_server_hello_done(ssl);
-                ssl->next_state = HS_CLIENT_KEY_XCHG;
-            }
-        }
-    }
-
-    return ret;
-}
-
-/*
- * Send a server hello message.
- */
-static int send_server_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int offset = 0;
-
-    buf[0] = HS_SERVER_HELLO;
-    buf[1] = 0;
-    buf[2] = 0;
-    /* byte 3 is calculated later */
-    buf[4] = 0x03;
-    buf[5] = 0x01;
-
-    /* server random value */
-    get_random(SSL_RANDOM_SIZE, &buf[6]);
-    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 6 + SSL_RANDOM_SIZE;
-
-    /* send a session id - and put it into the cache */
-    buf[offset++] = SSL_SESSION_ID_SIZE;
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
-    {
-        /* retrieve id from session cache */
-        memcpy(&buf[offset], ssl->session->session_id, 
-                SSL_SESSION_ID_SIZE);
-        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
-    }
-    else    /* generate our own session id */
-#endif
-    {
-        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
-        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-        /* store id in session cache */
-        if (ssl->ssl_ctx->num_sessions)
-        {
-            memcpy(ssl->session->session_id, 
-                    ssl->session_id, SSL_SESSION_ID_SIZE);
-        }
-#endif
-    }
-
-    offset += SSL_SESSION_ID_SIZE;
-
-    buf[offset++] = 0;      /* cipher we are using */
-    buf[offset++] = ssl->cipher;
-    buf[offset++] = 0;      /* no compression */
-    buf[3] = offset - 4;    /* handshake size */
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-}
-
-/*
- * Send the server hello done message.
- */
-static int send_server_hello_done(SSL *ssl)
-{
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-                            g_hello_done, sizeof(g_hello_done));
-}
-
-/*
- * Pull apart a client key exchange message. Decrypt the pre-master key (using
- * our RSA private key) and then work out the master key. Initialise the
- * ciphers.
- */
-static int process_client_key_xchg(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int pkt_size = ssl->bm_index;
-    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
-    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
-    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int offset = 4;
-    int ret = SSL_OK;
-    
-    DISPLAY_RSA(ssl, "process_client_key_xchg", rsa_ctx);
-
-    /* is there an extra size field? */
-    if ((secret_length - 2) == rsa_ctx->num_octets)
-        offset += 2;
-
-    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (premaster_size != SSL_SECRET_SIZE || 
-            premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
-            premaster_secret[1] != 0x01)
-    {
-        /* guard against a Bleichenbacher attack */
-        memset(premaster_secret, 0, SSL_SECRET_SIZE);
-        /* and continue - will die eventually when checking the mac */
-    }
-
-#if 0
-    print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
-#endif
-
-    generate_master_secret(ssl, premaster_secret);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
-                                            HS_CERT_VERIFY : HS_FINISHED;
-#else
-    ssl->next_state = HS_FINISHED; 
-#endif
-error:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
-
-/*
- * Send the certificate request message.
- */
-static int send_certificate_request(SSL *ssl)
-{
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-            g_cert_request, sizeof(g_cert_request));
-}
-
-/*
- * Ensure the client has the private key by first decrypting the packet and
- * then checking the packet digests.
- */
-static int process_cert_verify(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int pkt_size = ssl->bm_index;
-    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
-    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
-    X509_CTX *x509_ctx = ssl->x509_ctx;
-    int ret = SSL_OK;
-    int n;
-
-    PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
-
-    DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
-    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
-
-    if (n != SHA1_SIZE + MD5_SIZE)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto end_cert_vfy;
-    }
-
-    finished_digest(ssl, NULL, dgst);       /* calculate the digest */
-    if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-    }
-
-end_cert_vfy:
-    ssl->next_state = HS_FINISHED;
-error:
-    return ret;
-}
-
-#endif
diff --git a/www/bin/.htaccess b/www/bin/.htaccess
deleted file mode 100644
index 4496fa9edd..0000000000
--- a/www/bin/.htaccess
+++ /dev/null
@@ -1,2 +0,0 @@
-Deny all
-
diff --git a/www/favicon.ico b/www/favicon.ico
deleted file mode 100644
index 9f6f30e4c6de09f2e93be5e3cbde8a97850b1989..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22486
zcmeHu30zf2nr~sceZHA_-90^TmN&28Jk8Qcr;~KLlTO^lBt}i5G10h0RE&xU3Kv;K
z5JYwq1!TJ*!ezg*URf{uWl>gTQ2|8(#Rd0WP}KkX*TEZUC+SY+b-$VSn-qMv>YP)j
z>Z`BnRMo$}?-RmAj23UcDHx9t+MftvA%qw^_Q~}aA%5~xA%6C=;cLqu3sLZo;z|Co
zLi>^s|MI_#`FYKJ2j4U1A1f?>B!ta;AzopbtU{QRWIZx?{FM?7|Cl^Y0}vh_9=zef
zSosyby}jgVtk7sQ!ra_kco=wX&a{Vyl{4#DbD=R9gsG-in3Lqq-d<DDt1)NVoL3}M
z59ap}rhI3thk^MF!h@vgg)sCo_7K8gknfFUUe@JdDhwKyVKC=CmO~ml)?ApH@|u}@
z4Sb>3gZD`0B%u*xK$x0q$fJh5YsfF_A+H*ep|@8I4h{-uXJ_H>?=SlM`$b({o#^cB
z6k4rT==FM`R;$Gz+pkhN3tjJ^Xt^;cH2ON0rxhBlPSmw@l9zs=>l|dhK><>5u%2c2
z3q${)P&unuzDjto{9v^|%h9qftqAtl@tWmpTZG=wA`G3qthZO_T4Y%_gueHNs3U1v
zuAb!>SZ^oES;ewE{Dpt8KV!8}S!!4g+c!%qoXL~QQY$>1wL-0t{4vdX{8^7irx*Tg
zd$88Pb{T{^xK5~bEkaw@!ZwpyT7=HfDRgz6LNAH!GLTv*3x9nt^Yscn`Ku$T4gI2p
z?dznxdP#cnTh~vXTgWSAR7Za6$ZIc2rLrVH&Xj|PaQ5&Jv&Q=iOUq!UgDHn#VYyf>
zELCdCOii8`Q{EblTFiP=BP`ixmTaHOSwk6W*cT)X+iI#6mTa&2Vz!rLDcenQmTmW^
zeARq5OUL)vcD7$FNkh`=gjS~$ix=zpo}Tj33lEZ|C1pdhR5A9@vu_x)57m-nA8GVL
zOHykoN0OGLraX0$^z3VrzrTUc3@o29<*PSP)|xuXo20AbI3{sysr4;<PPvnGl)Ii}
zAO-6?`K*)Ul4FnZZ=vk99HT9icPGcGu8!l0W265@ztB+L2FkmI)Gz7A4UQYio@1qx
z<M{@ut{)sP5Ez88bT$|NBrL_)F_vQ9JWFA2Y00*doJr;?jv1AhWy(IXbmsVyedWxt
zMe=tRKZHLn0h9kXVf^^<tVq&#3ga)19zALN)k%}CD({($AAj|t5{56IDT9TNKAbmg
z^5nylr%d9-_(`L?Cm){1Fxf@9A@e_dbNt0glSa2qH8qWno;rCn(=OAdnnq8Q!NPRR
z;VF|QU6eV<!9|7XtD`4Ro-(Cv%)|*3Oxs*0GxNkz6DCY}k73?~3DHxhO>3JxEpO`7
zytXM9CC{T>rjD6*c-qv7t5;7PGiHy>{N6kn<nMbEMzI=;iK9l1vY0w~()iJnr`1li
z_}tcI%*6M`L{AtsO6Cm?mW9g@9L#$7N_2Fz>6lvP@18nw;+hGgX8HwrxB0mwu37!r
zy!Upmed`O|oH>T7DnsI$;Lj#Z9K(jYOqnue^u_VrWBB%j;CY`P4qCNp>wEVn+#h;t
zPV?f$i#KgL>FT=0&D(S^Ji2z)@maInyl4B5A3tU4gn7FUga!xS%~=(+bkvag!Gd4>
zV$;d4cY4gsmM!aBabb$uYEIJ<*S<ctS>636CV5Grp)=bv*G5K!yIuLxGVE4Z^Dj2N
z^Nx?tj*rfrI~O?D%vYP$v%<Hp&wJ~vNgtb-*yOCUnYE<yiw%~kR@p_duisWJ{>7#f
z+y2&P$GLOn<{zE$@hvV}(zq`2a~sFQM?A)lUovxJr~8-fUo0#w*6X#&v0?VD+nD`t
zFMV|G{Xp}}@A&w(RZX}b9K3qM#ON{8rd;ee)al;g>^fu797AJS>4r2-OY636+k7r9
zJNN#lfggReWBI!k>fO;15uZPvFk#f5+U{dB+Gljk=-9Y1*Df<-{elJMGrCUr_?-L5
z{QXZqUHQ@b0q3_qNC{7f3y&CMI)CEC=sf2|b}E&f!=mb3)q(}7v0)9ao@SKH`|r#A
z@4vr%dt+E^vQ<h-_<_Td>!*&%TeKl<!G|Ayn7tr7`@^hcE35KjW?p8?mIto<^xCzZ
zUoBrTw{3rMu|7H0Dk@^_%+XV(G^^6JR>{n0#T7igbpH}}_qhSfmVf%y2iJFfu=D&}
zzh1|tw--C<v*J?KZ#mAs>gn04T5oM_t+g(;E}hd*`r+a)y_PRuzEbAjwS2B`Vs!2C
z%{5ClH#wCS?0YM6_Nh~zo+ppmXQ=FE9Gc;<FF&^E%MVs8|MY`ZAME;I``lGccSc3$
zxpYsSW|}x{N!fyknFkNeICko!!_hALR_6|fqWpqVw_`15wtw)!2djJs?Jh1HoIt^w
zMvvNU(RTJ?|K`y#F){0sGAw7fo3*yusY>$GDqI`7%$R>w&{}o&)~2C}A##xK4xc(&
znGNR8x0oMeS+FqoV2izdc2R0+d-LL+xhpPQ@SDBvix1nEY=|BcZECtVA@yy3z~etL
z0W2&m5(+oO$4C9Hq`)fu?egYRbLXz`_4b%vXQL@~b&Aido7^_7G;87TByscRz`Rir
zsg!VXY^+sr*`k({US3~%&%VkTp(*~uhQ-AnsxqQ1vy$H)&Tm16a8I35tSu-^U-(5v
z&QG14J7)EdpFW+>{VRW0=+sbHP*9M(e)e#F{(gLR^2~5`>06d>g-66B+2lE%zWT|>
z%ztD2C#Qd^Td=-i!+Lf2tgo}n#KlQVXWA^C<TBdBqkGDTnTbrfR5mSfbe#RK=1NM7
zpU<=5#`N(QmrnY`#N-o_F-(`U-IFk4-jk0%=I!b7kumRgh(DhG9WwoUW%=W)+Ye8P
zeI)$hzW%$#KS=D4OW?c8(U?!-)UhN}($_fkN4ziw6JtW@Bko&?1G!%wiA^O|l(<sj
zMj_0Hai^x2dw-!|%CV*rSMp*kpOGY<RB)v5AkOpn8b6v7KlY9_C|Fg&wjR9-zV$Ht
zA(oWb(TF7_u9O&3Vo8Y$CAO4!N#Z++8U2HUiILRABNCrTJW;1$DTy^Dew29Ah${!V
zmzVo_1&=<#m6qn*v$M_4&cSTEn&qj7ag$0T7E6pYkN8NE5hF3yXtcyBTH=>soMg_r
zoy~Q`LBym_Fp|VQ8e$%edKfe6h-nOU65G@fC)N=I5xWq>NbDl<qr@)~yJ(1A6#T+=
z2J0!8C%93;x9k^*V<g5kbPi+3PU06W+iJwP5;xWnw^*vo$&aOiA0<waxcAMU5t|U7
zNQ~kv@d;`1Jda^)Nqp%~Ir#f~i1GjA&v*TaXZ$G_67jMJ`$1x6e`0Wn!_8+Adzw>b
zl-s;l)MDN&%1vTXb2al*jwBC>M<r?0#DF9%pU)%yTueMlT<Y&n3Vw=9wOZm;%6u{9
zt&&7+>Opy1S~5*i@TrRU)cFZc_2)T2@GxEtCT3NWG^AiH%NWo8kp1GUBag(fq+l6)
z@E-B3g6o5MPtAMmGX>i+*2%QQxTboxNiS5A=8+cb6};=OV%nK$4?X2a+)4^2Ir}qB
zlGxXo<5W2_;27}N5bKg8{*|~_o+IcD%wx&38fOFfG7u*-<~Wh(3;x8w5(le^gC!Q$
z5(oRMiF--@5)YGfBsFodMiQ~Ho}}ft(v!3tTM{R?kTmKRzC+?z3noeItRrc8UZUZc
zlV=x349ySw-!=R>*6(r8z53#dFOC~$Vlr+V6H4l7xxDw%3k<Ky#49iS_{Tqf;g#pc
zJqgS<ZuLvAc12A7<&u}GULN)Q<jIp=CO`jj)hn;e`SA-~&y9O-#Y-<lESWRvm!sa`
zLnkK}1}DeopC9$hU;gq9mif}lzkL4r#p{-@`}p}O&c1syfAy;cUwjea?E1zlFTJ$-
z)fdOT^oGlO(;VNhnGiSC{Wrb$SFW_Owq9?O6Zpk)?kCrcGnxN}|L@ADdzY>+-t2W@
zVC5RC*KKWo{hHZ93yTL>!RIFoOD+3~8{T|#hSvw?<^z9YWo!Gom6gS@H=dt7>g5+!
zkGruHk01YbK}Tz$_Ne)qHP)}c{rlHnf9-cWO-=ngpC9$|OJ6QJ+J5%8pO<J8_gq_L
zZT-6K?|=XH+i#@@MJI%O{K}k{UntYg`tZZgKASanX4=qN>tCyWZ@=;Puf27>sJk|A
z_isLa?zxp$3T7wG{3u2Lt3#J8Uwchu|IRxb-&$O`eA%+g&2PS+wff<zRbQPsdiu*-
zO$R=;u>SQs@4Pei(YmS6|9HtO>X%nMD4QP{nfrO^s+IQ_HGbM`c8||(rhj0uYt-|j
z+`Qvnr0}-~?3g|;yW&X8r?VFhTD|qwx(&KivxVXDb3U2XV=`g9iG#!Bt#7^=96Yza
zZPCiLmg`<LS(njx_f+Yx3Tt{~A1_(brT)##d9!0eW2=9G4dY~o{<h%M$^04bv-sh#
zVa4&At8cGf@#;8vJ#qZIFP`iB-MQz6ADT>h5|51DeQ_N3vR~hM*JRwp36q{?95>Nq
z0yF$M!oTas$I6HI3r~Ol()>KFX*ebKDLiUd_A17Gis^{Gi5QXQ8{*NUN8-VQhvMPT
zBQZ4ePz*g}n)e<*ek>k80`EOyp2y-5uko1cJ|2q8SFVT)m(Gcb@@A2|r&<)`)ryL`
zdePp~qnu+u#v@VJcv5KM>xCxfptx}UD(e^$TYMeF7H=0}`&FD+yH+b!EYu3mZ8<_y
z)+U;IFNsUnuZj4?GU2gBFMNH|h0WSHu_v@v?9DF_Q8^_dD6T@pmeh;wdn<*_szQ;H
z+aU~RZ;R%O*F?;|8ljHL5J4e+B0hDmh}EQtj`nk+@o<L-ORg20HsuMc6=}lWI$bzf
zWeLCSrK0r21yOSDj%c{~NE{x3C~7_?5~7Pl)b=Lf;jmu>_-Bf;%4!jlRw3fJHtfwh
zAa;i33yY;G!o@X5#2)AtF$XV;obCZp&^sXXr*4RCj;UhVyzRo(B|yZ)M2bT49vPP)
z;<Iu@_#U0u=A10Tg6qV`lXeInO_K=DJttC|?~07>AyM9SN5n<ch=jC!5uctTs_UA>
z-Me>%E;~zjdHD!;4^L58T_eis8-$gGov>ATiS1!oB6M$wh)b_#yZ4KYR$E1iHdmC_
z91?BqC&V4T-`(9U4jecr_U%g(Zd=^M{{7h^DM=&T-L?pO)ka}wV=J7UoJ2xmoXFv`
zl;lKVs3;e=Z{HT}?d{^^$&=#Nty|*i)vKcGWS6pcyl~+H#|Xqjju+>NKUc`WvGx8$
zGx6#BUx*oV7l^Ub=ZdlOXNU!}=Zg7e)5RPaFZf(6`1Et}hSf^3lH>HoyFXV*j@eI0
z(?~MBLHb^0nQ`13ej<(@|A~0`J>DJ9ypu@svyk78tkZUtqgZ3(AjYn=A^&TH!#W#b
zPyRQ^*kPk^u-zzB%=>@CtLe{vE+ozS9(78YO=f<o*_1Gvzw(|pnK$zCI`4g#HVl{W
z?Z0D2$=O)>8MAxTm@y_M0o!*3n(W*a6dYn=GG>em&m7&idTjIb^7ird^S82Izrn^<
zWw+7Z!O>}x^X7k8%EPf0<}1HiwR(*Oml>;%KbbT4(|MnLK7YX%3l}Y3^5vw-Q>IQc
zo&MhYAI$i0=B(Kt{ra`n-}ud&zx~}?Z~y+CcgIhd_`m+;e~%sa{0lF>^vjoD`PHi?
zCO`ez-~RmX{`=qmgULVs)BpJA|2gUx#<k*a{+r29BtN4@J@=y@kNz)XOve1^zy8%<
zo5=3`qhT0J|IsYp_|W*C94l{<%t<C<EPsXYcu9$V`1wHsKS<yQ3H*nUfN_7w{hTpL
zfb;kp$(X_T+<5(LY<&KwV)>rT^K3BQGse$8fA-p#PsYadH{~%t|4YZRZX+Kf>oVSd
z_TI?*+;1!I%6MpK2>0*bSBU$lKe#_K-^jEqTV5OQjjZdN?mhe5n8z58d_FQQd6vO=
zZ)AR%mV9$Rh@PGvoH}(1JZHq6J9of6BQ9OKgv*yNE9rap?kRcYJH{Z}D&MEg3%IYu
z_3PJh?b<b^JQ+*6dGjXZyAK{bfKfI^USurG8_ARL*|Ya$og?!}nM;zqO1{g>%aNU(
zjUv4s_4W0rud72vMFnaO9KeYaCqQjAxCd9>k?+a0yeHp1a^whVYinUJ7*JYTs!&Nu
zi4xb;)S$V!1zlZTN`7NoWEms*k!d4OvYkf$zbTe7lXAIo<%%NXUh+`Mx|5QV5w2E)
z=er0E4Mj*u2+~uvXliIc&*{^+c;&LvAF{6w9XbS_0V5?P1yNB^2o4TLU|=A4K8%2X
z0QmWleEqO%*G@!6Mj$aUQIV09#rgB+m9`lBNAf}CFix`$o^_+IuTSAi@+kXuWP4;A
z<=Bw<8pu~eV<S#<bfAmnR#8@Q@fz0a3)(=z)zuYy*cREg!!0d1z&<G~EJSK*DtU@j
zc-^vP3pQ=q1V=|lI5;?B<Hn5&*>7}&o!v&*JJ|ENBeuA1QQDZEp02dJxVRXVm6eeF
zQ&d!h%*;%rrKMrtzJ18b%0g9D6^<W2u8c(^&vGmi@8Im&vuJ5<Mh44@i`|R7!UB|W
z{FJgxE&ITq@^i4aSIB>R0Agcfk(iKxh|n;~)er9O?%3?SnLIlwygHCadwcS2uY$_X
zma(0}yUI?b+_QJEQ}S)1OuW3jzV4%)J9n~wb}84}wt0fO26%aUVJGiN8P(R-Dg4TB
zNA@{w$&jC)kKDXGXvzD|;2`GrM?wn62*+qbQWAW9{Gd|VBcADy-MiuF;)-qF-q`9!
zIXgN)MfuuE{>YP!Y6EO+Z5eNbjg15BRj$}*<BW~A&ahk0{;=Hyds|0rSZ@tmTN^kz
zFpoWnv6Is#Y$d+|0saWy6@<{;AqeGoRfk6+DLxT-Ik{+RYQzQ3Cvv>YZ!9AtL&@*w
zza3jWec-Uk0bATWk(io^<7Y3R@9sU+A3uqb$_BKb?MKbw7DPlQz{@j`JgMO1sNxv0
zB`+J{=;Q&9tx@pwjEAp(8UnWOM_5P+c_=_+coCBJ79b_I7;!QA2#-!;`+Z?=vmTD@
zE6KaBuQxRDdpTd^qptQKT3Zg2nsM~#F?4peqpRmQ&YbO4#*gH`t*uS@hUA#`*t!k=
zK7nxFL^*Aw4B78)e*Vx^RHOIC0J^T+LD%&=sA@S1m8~6A8*Jh1v>7TZ6>P0G!NW5a
zp}UI7S1tCWG((-*ggxoa*qhmcJ-TKjlyo4crVH5y(t#7mZ|Fip%X!4aM8Rq$$ED?V
z><SD+ZcYvwnvSBXu?+_f9Yf=h6DU1+6pcrFaq8?P^qs#<*$?7A$IsEDM>(calyB08
z<I>J$E0WXnaB}y9o$UtLZP<WStE~}}kcH#@_i*M0-|0Bb@6H=m7F%I9KL9f)yTaNo
z0WJ|$@QkiORBkikN;{w~?0}}Y8(EcSk#qPevRbboqvHy4j$A`^`*j>Vc?Hequc7@!
z7c4&w#EO|2*d0=g?EGrz%R7-<ejMd>eW*U%kK)=6)U|e_x%DLHpldv;8eSvPbvcNR
zi-)tjheEMh9kR*}!7nTwp6-$G_6&yGmLS;L>_&cFCr%9BLsiFd*jvS6`mg=*&!g61
z<^+EP#y7$xtOlXF79>@i!rrQrP?uf6p7OKMAGw3<uDjUNauc!5H?Ws+@yS7yAMZ!z
zvGX|GeFl#6_F?U`V(9Yv&~W@RTDz{o&~y&fZGAY<ei~J6?5krZaQ5N_3_Tk9dd&-u
z)nZR#CIZ7^5fz_?x|ZYEUw#-7d-D<Kn*pD#`}oZzV$~uo7R`*uCZ|eRt}nsN-^Jq9
zG28Gjf4v%R9{UlJ(E?9RGs1F?Ah@6dZt-W~xcfZ9i_RkN$bG~dy^V-t_pq=19+KJz
zk=Jz(x`X}D)Lg}(-hS-dn1@KuDio9-LSlLuc8A5oZ$~Ix`AvqUCLzC|9K~f-DC0NL
z+<p{;_Xd=8EvK>`G3j}T*A;^{hA3<~hSH;bNH1)LAHTmK?_BJ5D#8v+J-oikhu5+K
z*nF0WMbne<*_(SX>s@aI#u>0Py9EK6UD%y}0{(fuu-tVV8~sjUf6F~&9UDY!=OFf<
z89?!=0i?7KprC62Nd*@XQF;Z3&iA7%zmfAxE}UI9aqi+cwzuNkumO&o$F?{*A%OGe
zZmxxKoUe<xmY+Cr9M`U2Lsm80TTljlV=GEp+mX}If{X)4kyCjTNreZnE2;<~yYvW;
z%tuUe8T%w3e%tclvS}YSm?y!)G66eNYq3+;3g5zR1eKn~j*?!49XJmi$4ze6EhHYj
ziTyqIQQ1F$vfcsg@4S!P_Pfxx-9v6Szk{AWL<i-=VqpXv?Kl>9s^RFm1NK{Yz@2NR
zhnoxMCKt|e&e+B|CY<X{Zf*fuTaQ3f#CajF5!#|w#1}Rq%g~JY;(BBstOs>yh$V&d
zo7fSZ1Mko*xcjHW#yW%RP6kvq``{m1h}ir(?BTZ>T-gnE^*O}W^ds@`HDnyWhvd#X
z$m||K<%NeRzjz<|vjc3?Aad9b1zp!*;9OF6r~{u*+k!Qp#>2)k2rkZvur?>H4T0;n
zK*Yy$Y{#e(ygLZneSNT<b7DwvD6%rMk$$ilJ7Wvs7hVYW5FOkDbK${xdUr}0cI_$T
z*vm(lHV0b+_QQ@cw^eDeX32hhG${eICxvs}C`Ec%J2L7yR*qakR?9`?wp~UJjZ!mD
z-9yHiLFAsfhsyI0P<?R-CFk#AKhwItdnl#s>o43wYH}4mea#>9-_T<5q!^gZ+5?N(
z=~(k|BG$1zDXB#$GgP3io_j~`|5CXZh>eTozA_6zQF(B4p-fk5;jlr6)n930wk!=R
zmZidBa~{^Nr<^zCz;SCfR;)<D(ogd7`THqYK3j|BbD|Nzbt%50g=3`$dO4r8p5wQ9
z4f->;NrNcrA41vX2dKaF5C=(hmj_UObqGc0ZlS8@I;wjwqP(;gYVT}#+v*TtSB|ag
z3^02;3tzmH4YN-)*kBU|JEvf{dxaw*IU6TW_M)Tnm_p(4Rq*o5g7dl*s21+S>W|3V
z)Kn~=oC32C7=N@6%P0pcKC}Hi4K@q*VavKq1iR%!y(0(us#X-Vb)x79_u8i}BLCPG
z>_2`Dg?+bCe&s$4*N1TE_G28o{s?uq9-(!B?O+=!`^bAwKRT{n#u3hs`8hS%pI(Ld
z=n8(vt%%y$2=CQZSW9`WSr(6F3*xbG?ryky#38?k>*<;ExOwLmw1>_kt?@L%v+J;B
zdk*Z@rNZf}bhxfagNs=j92Y0SZIu>2RvB<#oru7#xd;i;W7p0~t_!7DWtk3j@)1<F
zpFv4`A1b<Uq3F~N6!qPJ{_<T^+~692`w@<@4UJ6K-MEX=v)5thyMmV9Yf#4|VrNJ&
zGIEPhdEf|YYCAc97NeYUsjX>+E~6Il;mrtitcKm<61HU@+&q)8%_jsseHRd4cO0pQ
zPC(mmlGKBk18oQ^Y=w{3fQ>$B*t#nZ+xHY>udW_@a;p$qa1g<%6|i6*EM8QMY47fX
zwM9Ovj-AGltAiX5*HL=<25K(eL+gzp9J@6{{vV+6+FcyE`v47Buc5sAJWk#kKzdd!
zKAU3!FAsMF2ZbOjSI7NgGg{l)aj>=tc?JCTBEk@@-iw05QWTdSLZE*MY}O~i$t?o0
z$r;#_U4*@P<%lghh`5r&(AFPAe03XkCRIaS(h7CyG594^WB2}QXb&`VFVKXLcmvj$
z=W_2*jCBi(;OCTw(u$Kv%0G%7+D2qH_M`UvZ5+OS7j3s5;Lwdb=(ux_^1g({U%A0I
zG7o32-Nf#IY^++b1+JSN;p*rLAMR&EcZY&TxCjdk#ug86*g13G9JHMn#DHtJuHY)M
z=lSzDP~UKbW2g@yd&03RI)XBe!uGv;5t5>TXGjV*tkxj0unzl=b|Q;oJ1F}wLMSi4
zm=ZX8k#D<VEM1rf)rt(nhL%8=-wAi0T14zWiGm}SQFrb(T5k`cnR4&CejnWzZ^6?i
z5=$3zAMTiq>ZV@gq}0RSlJnsXVh0x&xNLTTo0~iLzHV@F-Nd=h7wguCAz7P=p6*i^
z9Jv1kVm~%QZS0KVdJ*Z59bo|ojM#zTm{9J`V`2AMK5;-cB6Mkp$SuU~v_|;Fm%}fy
z5>}3xSj#bE&To19mI7pEH6b*y0ekoLAeDQc%ClEc!|~tTe+x&i-bDMkOT?KMuroXX
z-rgx#WxfxoS?#DU?tqt53VcGNph?y!d;PGm-H41(BPLD_7ni+Q`gsz+=Q0co-2EEs
z4-HAoFZV!?INxu<)<8FS1$n|J*c1LC0dP{qz<IeIZjQ-NZQcV1&s11$jKX5GBwklw
zjaeQR&&a@Li!{y`2jLe|f$f?)r1M*<>AixAGna9I@gdGHP2D{>a`GhiT#t~cFGlDd
z&T$qAaNEXjRDTBQT{TcSXy6-_iri8?4sedIuBu02aS1$J3$WzFBJAYaBlnwM<K4%^
z@ubI(9%Gg53aoWlg>_DApmMdrR<CW`(+9$0ej41DmSMs4IJ`eK3ZI#3@Zswk%$<~s
zm9sLiO=UpDcCK;ZdDxxNfViq-ocH@s+|h@!V|{4qJcF(?=Wv7P7&6GZ@7%qE^qf*`
z+?<G&D^d~Qa{!r%{AO$$vD{3HErFSE^-jYYt4OS0$2oIm5$280MWV)_l<|o2eng%}
zh8>}P2#F%zjNFcZV1KyzI#bqbVX-s{HgmGzYt8ZgWd@wS$b+kSKDMpT#7-|A{C%~=
znEMctl!w&%YV14Mh|~jzkW<@+8seKvSFYjV1D?gm^AGYa`Imu`L+`oE*ppO(FU=yb
zd3_n8gX<CO-V8hQa;#rmj1BWkVe>^5zL=f`o7L$!!|&dBCiIv}YvWmvj7Nt198>*Q
zFXBK`17ef1uxiy#tX&$zF`h##kN^i&G<>%uz{-9noV?iP*eFCMCn7o_1<ATxWS3T>
z{nSa^;#hsiJ^B#KyHEZfkRFpB4L!sF_r1Un+D~^Qy}S}W+q1FWCKc<f*dIG8xTa)d
zqqP<*7KLNgnjL6pJ38EIw%^G2NS>8*AodG&^2&1#GbLQPc>@<NpGRlcDQNcXCmzTk
zR_npp%NJ39_y|s(Ig2A*ojAgMY|D|OINsUGGq2%uELngocep;D@yS2RN|GD{^4!1}
z28ITRtJ)ByAui4_ps>0L*#!rnFRG*5&nf*jG<1LXU5*`D#>ikS*BCz<(bw#3Svheg
zzx5}tJ$N+0+rwjFWH~Y|%aG&5SeA@=@dw$AZISJJ$o_c1{C9|DFWtUQS@od*;$^m7
z&XdFEk#e4S^!Ndbk@AqmJw2y1)=Aq3h0lkKmA+;y`&-IMVtnQN?!kQw@XTw7ZF#_Z
z4|v`sN%osDpVF5sU&h9=N4CY7HulZX!w0xKIKa8_0n1`N<oQ15#(Vtc2M6vc^*(yU
zFGi7xu|NM%9?#Yz+oIGjW66s`lq-3XeJ|&%$LtK{TFEn<Uy(HnGxBJRm4=M?G2WN4
z<n19zic}d_l=YD0SI#l~m$4*fRmwH;I-<C5P5$dverwjRA4s15ZQ)<PC&$^-Fr5Cj
z;+1-tWu$CmqeotUm$a<Un9rDg%ENHV`261ze_NT)*75(-^?wK@+z(9rAb}qw@Sjow
z!*iw4F7!{w|0#v^JsSOe<@twxJ7blaJfyMV58($1jF5obFFhN+Z4Wgv-?!x%d4FX7
zk!fR{Bjb_p8SjsLN2cX{BS!ePJjQpPEpOy|#%IPdjn^`k`g^I@m%8w4wDXWQ8s{(Y
zO!bLwU*?fPVjpSSAfHRS52NkJjT<+<wgE7fYph#&@yU<znK71FN!nQ4xPAjov=NZD
z4fJDE^z#|%88}9L<aJ_SnMc|qG&MCTy6xoT6h+^@ckf>6J7W|*xYYI2c3H78G1_0q
zShhj(C(DraNxmemlq78wq|UaMdaR?2OUp_XdkQ-{J8Y+oL`6jf&pvCR%hu7}B1+NA
zZ`$NU-HSbSy3{K%A05kK?`X&Kt<8$PLeBmi#eSizv`n!#NT5wcGTT*FR)#ZY&L}dJ
zwi7KaEs8x!iZ&HNLAz02S*6&fczRH8>>mIR+5qeb+)16KC-vC0b6|Zow(F_awxzz<
zp871_vtdl4O*huBx1!$Kfi@MJv1N-Je0;nSKsy9!XAv9}gf!YbbaZqmGLSYI5fKs8
zZ~MbV+E&o!V86Z;$If4XfqLQ=>M-}lr&7O2U6aEGY*g7&kK@PlKI+l8)21LOkNTTJ
zMDNk_Jg=Dg;5^E04;(kz!O`B4^#xJ}`KYa{Rr>63%Mlzu)kQu31qDMlvafg1u7Nhh
z2-q18=Pg@dZM_ZwyTWkn+%;Sp0-|H$uy&Ob&kVOvcOC_Qbq)4rAHiNd&(w=fA*1Fj
zGMg_Vr}Yxbk6ywto=?W9_rd(*P-qegP*vA~%En$CY&i?Vp)PcEo#z-BVE;cvT6Qk$
z3WbO7c4U{-VOIq8C0oO=-pU`IemO97^uyaL53l{5Gp4-Gv&fhR1f(89Z21Z7qE0uV
z@*;H9hefyDM8c8VDC)S05}q-pQ%A4*xR83$^VC(JL{{-(6gC{gftC&&@9Dt+&n9F@
z$krn|Rfqi*wJ1N*jrg=01bFd$&8`6UUu404X&#o$NXPI0-W%4o@z|Z$fnB;zY)d~0
zRbVgD>Te;wV*qI<?;-QVAhMcnBEIqp&yi0dF*2WR3t_*yD)uJs9$OI|8I6>TbhPn%
z8sJ$%a#1ZZ4UNzrZbx?A5oA}lAWB<|u<!z?WA)U_QIF-E1=YG__(hc<i2A_5lG6w(
z>qGLP>&QHQ2fCg?&{ve_l+^!Gw^?%L7IY<zur>?D=FNfF<Pri$H;z9aPktL);Lb6*
zCprcPYN#8?uSJN4=d>}!*b!HXh>S8s?&G<1Y7RF0Wx$sD$VGEfv20;H;<6g3N8nlX
zp$m%5Ko)iHX+6|?QEz9sa348+tiSgTbz(Q*?V5@?uZCmId<|BAoQgGHhI1Tip)V;!
zc4j*3k5<0L9icgJuujH$vs9RUmVy=Ysjpw1g>}@USbmj;Wglf=&0L<L+U`SIRSOC_
z&LHntzoLsPqRzAI$`I<WJf!|)2vyW;l~Bjh+<zU#IrZ4(l8fz|sjrz|f~D_dVa-?3
z{BEfqiPxc<W1#QcX(U&lLS%Xa&-Hb%F{4g@K^oT2qaJ0sminnQ_&8-FB(MaY9(n}F
z)xmJQ50yRCLG{qq;L=^x-g=0mHy@#SfO<6AlGL8NiJX#3q^4!TP}7Wpl4hRSwIMU1
z0lPdauyJ`VELKoAwL1kZ$2yQm-BfBrCsJrLqB+=(9qHBZi7rJT`$SWC5Gm#LaNbsk
zIUnX><w6~8RL)S3aUO*yuHx{uLA2hat<Jp%s5*5HX|*kA>AHk9D_pRdb7QO~9_6&<
zD&l+`#WU3i+LhJT9m4+XRs`<KLTcuIgvRbcP@IPS%`;=_Ah&wvAe}ZUaWzK~k>AAo
zm9TLx!m`hE5$aWhlznZ~wXjX?v=O;}k8Qt?lUHtIi+dETRq?1f*aLTm-SFJz4j0<c
z(C>x16Bn$p^oE*tJy)*wE8m?woRVu;Km_N;P+#iv{jqghB%I805D=M!9mzRx2`YqB
zKna$A$+O$9vaokgHA0gPLsxqiRcEiEf%?7{+993lJCD%lR9IQ3B0Zx6d&A1GZC4bM
z(h_J}mX5S6o&!_=8yRBY8qTxH2Xf6BQr7d;b}OkTSPeVZ^{{txhwYLK*euGz=O6FE
zXH(;0_E8obsPhQ+q3%1m8k*{M6jL8iLA_*0?|EG2`YX@uj`yCTO#sJ_Di;Y6ZE&+I
zg(r39fwUj+a?8bnDV(Ee$0EZ+p7R;k<cgXy7!H&}U&iN2YHZvP3Cqutu=%S@I8c|c
z**YGZw?x4^C=O9N9g<2bkYC%3o^$6hbf5Z~CwmfE?(KVb5uL18YzRD@O5tc-iginM
zSo~oM)>7|(fi?m1oKc=d8ut<My^-Pcg|j$V*NWtQMbzgWL=$Z<Dry^XsJ#{ShYq8?
zqZ7BdR?8sIFlF0iS@O*HkvwPQ-`R_okd#@0xP4`yKRYrq4b<tKk#Bt6ZsWegxc-mS
zMaZ(rrHmLJ4@b}Z4xe8>ZHGKRR@(KXeGkaTRqj^?Xjfz`!`SD;bw51|mQ^U{vr?Aa
zi#%XEqz+7;Da&@zKTpw>7<n}E{!OuziE{otG|Z3kt}I76EB?c?M`M$C*O>hC#^0e>
z*#=qtH?`$Y-IL5J?>~wERQ{*WpT0K&3jC1#Pbh(B2mD`J1kcv@hkm<bmFi7@^q1!1
z`<E}j9l2&a8@}nD%q!;`;~FEcjX~lp`j&o;&*XjSPeA`t+R=6@_RAx(e?2eIpB3HR
z-Jm}!F=3jruG60t^k)VAS!s(*J7r=Y`m=)mte`(D=+6rJvnqIxzO=+_KC~0^q%N}t
z^rfYpsvU8M7wAh1`qF~Fw4g67=t~Rw(t^IUpf9b0XX(oe`tpLlyr3^H=*tWG@`Ap+
zpf4}z%M1GQg1)?<FE8lJ3;ObczPw8P^d$y;i9ugt(3hBc^c3#-azI~V(3cqWB?f(o
zL0@9fml*UV27QT%X(K^jV$heFcI|nfFEi-N4Ei#IzRaL6Gw90<`Z9yQ%%Cqb=*tZH
zGK0R%pf5A%%MAKbgTB<<YgK^0)U;{gzG_t==t~XyQiHzKpf5G(OAY!`Qx1E%e@g>>
zsX<?A(1#oJ;Rb!UK_70=hnst>9MFdw^x+15xIrIo(1)8?l6G%v<3Jy7W4D98<Dl<2
z=sOPjj)T7Apzk>7JFduAW|V6#{l{r%O&i6SgWNA%RmKo~$iFV<+Y)m9e7cN1)gv3{
wd^r{+DSI!jjm9<AxPMUUm*bYtxP<b#%>Q)Ue*Z7#&-;ea|MdHoYJBhi0G)?VF8}}l

diff --git a/www/index.html b/www/index.html
deleted file mode 100644
index 06be5cefaa..0000000000
--- a/www/index.html
+++ /dev/null
@@ -1,7105 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<script type="text/javascript">
-//<![CDATA[
-var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
-//]]>
-</script>
-<!--
-TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
-
-Copyright (c) Osmosoft Limited 2004-2006
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-Redistributions in binary form must reproduce the above copyright notice, this
-list of conditions and the following disclaimer in the documentation and/or other
-materials provided with the distribution.
-
-Neither the name of the Osmosoft Limited nor the names of its contributors may be
-used to endorse or promote products derived from this software without specific
-prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGE.
--->
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
-<!--PRE-HEAD-START-->
-<!--{{{-->
-<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
-<!--}}}-->
-<!--PRE-HEAD-END-->
-<title> axTLS Embedded SSL - changes, notes and errata </title>
-<script type="text/javascript">
-//<![CDATA[
-// ---------------------------------------------------------------------------------
-// Configuration repository
-// ---------------------------------------------------------------------------------
-
-// Miscellaneous options
-var config = {
-	numRssItems: 20, // Number of items in the RSS feed
-	animFast: 0.12, // Speed for animations (lower == slower)
-	animSlow: 0.01, // Speed for EasterEgg animations
-	cascadeFast: 20, // Speed for cascade animations (higher == slower)
-	cascadeSlow: 60, // Speed for EasterEgg cascade animations
-	cascadeDepth: 5, // Depth of cascade animation
-	displayStartupTime: false // Whether to display startup time
-	};
-
-// Messages
-config.messages = {
-	messageClose: {},
-	dates: {}
-};
-
-// Options that can be set in the options panel and/or cookies
-config.options = {
-	chkRegExpSearch: false,
-	chkCaseSensitiveSearch: false,
-	chkAnimate: true,
-	chkSaveBackups: true,
-	chkAutoSave: false,
-	chkGenerateAnRssFeed: false,
-	chkSaveEmptyTemplate: false,
-	chkOpenInNewWindow: true,
-	chkToggleLinks: false,
-	chkHttpReadOnly: true,
-	chkForceMinorUpdate: false,
-	chkConfirmDelete: true,
-	chkInsertTabs: false,
-	txtBackupFolder: "",
-	txtMainTab: "tabTimeline",
-	txtMoreTab: "moreTabAll",
-	txtMaxEditRows: "30"
-	};
-	
-// List of notification functions to be called when certain tiddlers are changed or deleted
-config.notifyTiddlers = [
-	{name: "StyleSheetLayout", notify: refreshStyles},
-	{name: "StyleSheetColors", notify: refreshStyles},
-	{name: "StyleSheet", notify: refreshStyles},
-	{name: "StyleSheetPrint", notify: refreshStyles},
-	{name: "PageTemplate", notify: refreshPageTemplate},
-	{name: "SiteTitle", notify: refreshPageTitle},
-	{name: "SiteSubtitle", notify: refreshPageTitle},
-	{name: "ColorPalette", notify: refreshColorPalette},
-	{name: null, notify: refreshDisplay}
-	];
-
-// Default tiddler templates
-var DEFAULT_VIEW_TEMPLATE = 1;
-var DEFAULT_EDIT_TEMPLATE = 2;
-config.tiddlerTemplates = {
-	1: "ViewTemplate",
-	2: "EditTemplate"
-	};
-
-// More messages (rather a legacy layout that shouldn't really be like this)
-config.views = {
-	wikified: {
-		tag: {}
-		},
-	editor: {
-		tagChooser: {}
-		}
-	};
-
-// Macros; each has a 'handler' member that is inserted later
-config.macros = {
-	today: {},
-	version: {},
-	search: {sizeTextbox: 15},
-	tiddler: {},
-	tag: {},
-	tags: {},
-	tagging: {},
-	timeline: {},
-	allTags: {},
-	list: {
-		all: {},
-		missing: {},
-		orphans: {},
-		shadowed: {}
-		},
-	closeAll: {},
-	permaview: {},
-	saveChanges: {},
-	slider: {},
-	option: {},
-	newTiddler: {},
-	newJournal: {},
-	sparkline: {},
-	tabs: {},
-	gradient: {},
-	message: {},
-	view: {},
-	edit: {},
-	tagChooser: {},
-	toolbar: {},
-	br: {},
-	plugins: {},
-	refreshDisplay: {},
-	importTiddlers: {}
-	};
-
-// Commands supported by the toolbar macro
-config.commands = {
-	closeTiddler: {},
-	closeOthers: {},
-	editTiddler: {},
-	saveTiddler: {hideReadOnly: true},
-	cancelTiddler: {},
-	deleteTiddler: {hideReadOnly: true},
-	permalink: {},
-	references: {},
-	jump: {}
-	};
-
-// Browser detection... In a very few places, there's nothing else for it but to
-// know what browser we're using.
-config.userAgent = navigator.userAgent.toLowerCase();
-config.browser = {
-	isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
-	ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
-	isSafari: config.userAgent.indexOf("applewebkit") != -1,
-	isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
-	firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
-	isOpera: config.userAgent.indexOf("opera") != -1,
-	isLinux: config.userAgent.indexOf("linux") != -1,
-	isUnix: config.userAgent.indexOf("x11") != -1,
-	isMac: config.userAgent.indexOf("mac") != -1,
-	isWindows: config.userAgent.indexOf("win") != -1
-	};
-
-// Basic regular expressions
-config.textPrimitives = {
-	upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
-	lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
-	anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
-	anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
-	};
-if(config.browser.isBadSafari)
-	config.textPrimitives = {
-		upperLetter: "[A-Z\u00c0-\u00de]",
-		lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
-		anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
-		anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
-		}
-config.textPrimitives.sliceSeparator = "::";
-config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
-config.textPrimitives.unWikiLink = "~";
-config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
-												config.textPrimitives.lowerLetter + "+" +
-												config.textPrimitives.upperLetter +
-												config.textPrimitives.anyLetter + "*)|(?:" +
-												config.textPrimitives.upperLetter + "{2,}" +
-												config.textPrimitives.lowerLetter + "+))";
-
-config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
-config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
-
-config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
-config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
-config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
-	config.textPrimitives.brackettedLink + ")|(?:" + 
-	config.textPrimitives.urlPattern + ")","mg");
-config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
-	config.textPrimitives.titledBrackettedLink + ")|(?:" +
-	config.textPrimitives.brackettedLink + ")|(?:" +
-	config.textPrimitives.urlPattern + ")","mg");
-
-// ---------------------------------------------------------------------------------
-// Shadow tiddlers
-// ---------------------------------------------------------------------------------
-
-config.shadowTiddlers = {
-	ColorPalette: "Background: #fff\n" + 
-				  "Foreground: #000\n" +
-				  "PrimaryPale: #8cf\n" +
-				  "PrimaryLight: #18f\n" +
-				  "PrimaryMid: #04b\n" +
-				  "PrimaryDark: #014\n" +
-				  "SecondaryPale: #ffc\n" +
-				  "SecondaryLight: #fe8\n" +
-				  "SecondaryMid: #db4\n" +
-				  "SecondaryDark: #841\n" +
-				  "TertiaryPale: #eee\n" +
-				  "TertiaryLight: #ccc\n" +
-				  "TertiaryMid: #999\n" +
-				  "TertiaryDark: #666\n" +
-				  "Error: #f88\n",
-	StyleSheet: "",
-	StyleSheetColors: "/*{{{*/\nbody {\n	background: [[ColorPalette::Background]];\n	color: [[ColorPalette::Foreground]];\n}\n\na{\n	color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n	background: [[ColorPalette::PrimaryMid]];\n	color: [[ColorPalette::Background]];\n}\n\na img{\n	border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	color: [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n	color: [[ColorPalette::PrimaryDark]];\n	border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::SecondaryLight]];\n	border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n	font-weight: normal;\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n	color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n	font-weight: normal;\n	color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border-left: 1px solid [[ColorPalette::TertiaryLight]];\n	border-top: 1px solid [[ColorPalette::TertiaryLight]];\n	border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n	 border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n	border: none;\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n	color: [[ColorPalette::PrimaryMid]];\n	background: [[ColorPalette::Background]];\n}\n\n.wizard {\n	background: [[ColorPalette::SecondaryLight]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n	color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n	background: [[ColorPalette::Background]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n	color: [[ColorPalette::PrimaryLight]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::SecondaryMid]];\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n	padding: 0.2em 0.2em 0.2em 0.2em;\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::Background]];\n}\n\n.popup {\n	background: [[ColorPalette::PrimaryLight]];\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px;\n}\n\n.listBreak div{\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n	color: [[ColorPalette::TertiaryPale]];\n	border: none;\n}\n\n.popup li a:hover {\n	background: [[ColorPalette::PrimaryDark]];\n	color: [[ColorPalette::Background]];\n	border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n	border: 1px solid [[ColorPalette::TertiaryPale]];\n	background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n	background-color: [[ColorPalette::TertiaryLight]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n		border: none;\n}\n\n.footer {\n	color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n	background: [[ColorPalette::PrimaryPale]];\n	border: 0;\n}\n\n.sparktick {\n	background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::Error]];\n}\n\n.warning {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n	background: [[ColorPalette::TertiaryPale]];\n	color: [[ColorPalette::TertiaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n	background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n	border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n	border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n	border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n	border: 1px solid [[ColorPalette::SecondaryLight]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n	border: 0;\n	border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n	background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n	width: 100%;\n}\n\n.editorFooter {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
-	StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n	font-size: .75em;\n	font-family: arial,helvetica;\n	margin: 0;\n	padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	font-weight: bold;\n	text-decoration: none;\n	padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n	height: 1px;\n}\n\na{\n	text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n	width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n	border: 0;\n}\n\n.externalLink {\n	text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n	font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n	font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n	font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n		position: relative;\n}\n\n.header a:hover {\n	background: transparent;\n}\n\n.headerShadow {\n	position: relative;\n	padding: 4.5em 0em 1em 1em;\n	left: -1px;\n	top: -1px;\n}\n\n.headerForeground {\n	position: absolute;\n	padding: 4.5em 0em 1em 1em;\n	left: 0px;\n	top: 0px;\n}\n\n.siteTitle {\n	font-size: 3em;\n}\n\n.siteSubtitle {\n	font-size: 1.2em;\n}\n\n#mainMenu {\n	position: absolute;\n	left: 0;\n	width: 10em;\n	text-align: right;\n	line-height: 1.6em;\n	padding: 1.5em 0.5em 0.5em 0.5em;\n	font-size: 1.1em;\n}\n\n#sidebar {\n	position: absolute;\n	right: 3px;\n	width: 16em;\n	font-size: .9em;\n}\n\n#sidebarOptions {\n	padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n	margin: 0em 0.2em;\n	padding: 0.2em 0.3em;\n	display: block;\n}\n\n#sidebarOptions input {\n	margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n	margin-left: 1em;\n	padding: 0.5em;\n	font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n	font-weight: bold;\n	display: inline;\n	padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n	margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n	width: 15em;\n	overflow: hidden;\n}\n\n.wizard {\n	padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n	font-size: 2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n	font-size: 1.2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n	padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n	margin: 0.5em 0em 0em 0em;\n	font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n	text-decoration: underline;\n}\n\n.popup {\n	font-size: .9em;\n	padding: 0.2em;\n	list-style: none;\n	margin: 0;\n}\n\n.popup hr {\n	display: block;\n	height: 1px;\n	width: auto;\n	padding: 0;\n	margin: 0.2em 0em;\n}\n\n.listBreak {\n	font-size: 1px;\n	line-height: 1px;\n}\n\n.listBreak div {\n	margin: 2px 0;\n}\n\n.popup li.disabled {\n	padding: 0.2em;\n}\n\n.popup li a{\n	display: block;\n	padding: 0.2em;\n}\n\n.tabset {\n	padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n	margin: 0em 0em 0em 0.25em;\n	padding: 2px;\n}\n\n.tabContents {\n	padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n	margin: 0;\n	padding: 0;\n}\n\n.txtMainTab .tabContents li {\n	list-style: none;\n}\n\n.tabContents li.listLink {\n	 margin-left: .75em;\n}\n\n#displayArea {\n	margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n	text-align: right;\n	font-size: .9em;\n	visibility: hidden;\n}\n\n.selected .toolbar {\n	visibility: visible;\n}\n\n.tiddler {\n	padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n	font-style: italic;\n}\n\n.title {\n	font-size: 1.6em;\n	font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n	font-size: 1.1em;\n}\n\n.tiddler .button {\n	padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n	font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n	width: 99%;\n	padding: 0 0 1em 0;\n}\n\n.viewer {\n	line-height: 1.4em;\n	padding-top: 0.5em;\n}\n\n.viewer .button {\n	margin: 0em 0.25em;\n	padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n	line-height: 1.5em;\n	padding-left: 0.8em;\n	margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n	margin-left: 0.5em;\n	padding-left: 1.5em;\n}\n\n.viewer table {\n	border-collapse: collapse;\n	margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n	padding: 3px;\n}\n\n.viewer table.listView {\n	font-size: 0.85em;\n	margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n	padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n	padding: 0.5em;\n	margin-left: 0.5em;\n	font-size: 1.2em;\n	line-height: 1.4em;\n	overflow: auto;\n}\n\n.viewer code {\n	font-size: 1.2em;\n	line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n	display: block;\n	width: 100%;\n	font: inherit;\n}\n\n.editorFooter {\n	padding: 0.25em 0em;\n	font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n	line-height: 1em;\n}\n\n.sparktick {\n	outline: 0;\n}\n\n.zoomer {\n	font-size: 1.1em;\n	position: absolute;\n	padding: 1em;\n}\n\n.cascade {\n	font-size: 1.1em;\n	position: absolute;\n	overflow: hidden;\n}\n/*}}}*/",
-	StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
-	PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
-	ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
-	EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
-	MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
-	MarkupPostHead: "",
-	MarkupPreBody: "",
-	MarkupPostBody: ""
-	};
-
-// ---------------------------------------------------------------------------------
-// Translateable strings
-// ---------------------------------------------------------------------------------
-
-// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
-
-merge(config.options,{
-	txtUserName: "YourName"});
-
-merge(config.messages,{
-	customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
-	pluginError: "Error: %0",
-	pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
-	pluginForced: "Executed because forced via 'systemConfigForce' tag",
-	pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
-	nothingSelected: "Nothing is selected. You must select one or more items first",
-	savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
-	subtitleUnknown: "(unknown)",
-	undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
-	shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
-	tiddlerLinkTooltip: "%0 - %1, %2",
-	externalLinkTooltip: "External link to %0",
-	noTags: "There are no tagged tiddlers",
-	notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
-	cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
-	invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
-	backupSaved: "Backup saved",
-	backupFailed: "Failed to save backup file",
-	rssSaved: "RSS feed saved",
-	rssFailed: "Failed to save RSS feed file",
-	emptySaved: "Empty template saved",
-	emptyFailed: "Failed to save empty template file",
-	mainSaved: "Main TiddlyWiki file saved",
-	mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
-	macroError: "Error in macro <<%0>>",
-	macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
-	missingMacro: "No such macro",
-	overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
-	unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
-	confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
-	saveInstructions: "SaveChanges",
-	unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
-	tiddlerSaveError: "Error when saving tiddler '%0'",
-	tiddlerLoadError: "Error when loading tiddler '%0'",
-	wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
-	invalidFieldName: "Invalid field name %0",
-	fieldCannotBeChanged: "Field '%0' cannot be changed"});
-
-merge(config.messages.messageClose,{
-	text: "close",
-	tooltip: "close this message area"});
-
-config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
-config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
-config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
-config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
-
-merge(config.views.wikified.tag,{
-	labelNoTags: "no tags",
-	labelTags: "tags: ",
-	openTag: "Open tag '%0'",
-	tooltip: "Show tiddlers tagged with '%0'",
-	openAllText: "Open all",
-	openAllTooltip: "Open all of these tiddlers",
-	popupNone: "No other tiddlers tagged with '%0'"});
-
-merge(config.views.wikified,{
-	defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
-	defaultModifier: "(missing)",
-	shadowModifier: "(built-in shadow tiddler)",
-	createdPrompt: "created"});
-
-merge(config.views.editor,{
-	tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
-	defaultText: "Type the text for '%0'"});
-
-merge(config.views.editor.tagChooser,{
-	text: "tags",
-	tooltip: "Choose existing tags to add to this tiddler",
-	popupNone: "There are no tags defined",
-	tagTooltip: "Add the tag '%0'"});
-
-merge(config.macros.search,{
-	label: "search",
-	prompt: "Search this TiddlyWiki",
-	accessKey: "F",
-	successMsg: "%0 tiddlers found matching %1",
-	failureMsg: "No tiddlers found matching %0"});
-
-merge(config.macros.tagging,{
-	label: "tagging: ",
-	labelNotTag: "not tagging",
-	tooltip: "List of tiddlers tagged with '%0'"});
-
-merge(config.macros.timeline,{
-	dateFormat: "DD MMM YYYY"});
-
-merge(config.macros.allTags,{
-	tooltip: "Show tiddlers tagged with '%0'",
-	noTags: "There are no tagged tiddlers"});
-
-config.macros.list.all.prompt = "All tiddlers in alphabetical order";
-config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
-config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
-config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
-
-merge(config.macros.closeAll,{
-	label: "close all",
-	prompt: "Close all displayed tiddlers (except any that are being edited)"});
-
-merge(config.macros.permaview,{
-	label: "permaview",
-	prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
-
-merge(config.macros.saveChanges,{
-	label: "save changes",
-	prompt: "Save all tiddlers to create a new TiddlyWiki",
-	accessKey: "S"});
-
-merge(config.macros.newTiddler,{
-	label: "new tiddler",
-	prompt: "Create a new tiddler",
-	title: "New Tiddler",
-	accessKey: "N"});
-
-merge(config.macros.newJournal,{
-	label: "new journal",
-	prompt: "Create a new tiddler from the current date and time",
-	accessKey: "J"});
-
-merge(config.macros.plugins,{
-	skippedText: "(This plugin has not been executed because it was added since startup)",
-	noPluginText: "There are no plugins installed",
-	confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
-	listViewTemplate : {
-		columns: [
-			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-			{name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
-			{name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
-			{name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
-			{name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
-			{name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
-			{name: 'Log', field: 'log', title: "Log", type: 'StringList'}
-			],
-		rowClasses: [
-			{className: 'error', field: 'error'},
-			{className: 'warning', field: 'warning'}
-			],
-		actions: [
-			{caption: "More actions...", name: ''},
-			{caption: "Remove systemConfig tag", name: 'remove'},
-			{caption: "Delete these tiddlers forever", name: 'delete'}
-			]}
-	});
-
-merge(config.macros.refreshDisplay,{
-	label: "refresh",
-	prompt: "Redraw the entire TiddlyWiki display"
-	});
-
-merge(config.macros.importTiddlers,{
-	readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
-	defaultPath: "http://www.tiddlywiki.com/index.html",
-	fetchLabel: "fetch",
-	fetchPrompt: "Fetch the tiddlywiki file",
-	fetchError: "There were problems fetching the tiddlywiki file",
-	confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
-	wizardTitle: "Import tiddlers from another TiddlyWiki file",
-	step1: "Step 1: Locate the TiddlyWiki file",
-	step1prompt: "Enter the URL or pathname here: ",
-	step1promptFile: "...or browse for a file: ",
-	step1promptFeeds: "...or select a pre-defined feed: ",
-	step1feedPrompt: "Choose...",
-	step2: "Step 2: Loading TiddlyWiki file",
-	step2Text: "Please wait while the file is loaded from: %0",
-	step3: "Step 3: Choose the tiddlers to import",
-	step4: "%0 tiddler(s) imported",
-	step5: "Done",
-	listViewTemplate: {
-		columns: [
-			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-			{name: 'Title', field: 'title', title: "Title", type: 'String'},
-			{name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
-			{name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
-			],
-		rowClasses: [
-			],
-		actions: [
-			{caption: "More actions...", name: ''},
-			{caption: "Import these tiddlers", name: 'import'}
-			]}
-	});
-
-merge(config.commands.closeTiddler,{
-	text: "close",
-	tooltip: "Close this tiddler"});
-
-merge(config.commands.closeOthers,{
-	text: "close others",
-	tooltip: "Close all other tiddlers"});
-
-merge(config.commands.editTiddler,{
-	text: "edit",
-	tooltip: "Edit this tiddler",
-	readOnlyText: "view",
-	readOnlyTooltip: "View the source of this tiddler"});
-
-merge(config.commands.saveTiddler,{
-	text: "done",
-	tooltip: "Save changes to this tiddler"});
-
-merge(config.commands.cancelTiddler,{
-	text: "cancel",
-	tooltip: "Undo changes to this tiddler",
-	warning: "Are you sure you want to abandon your changes to '%0'?",
-	readOnlyText: "done",
-	readOnlyTooltip: "View this tiddler normally"});
-
-merge(config.commands.deleteTiddler,{
-	text: "delete",
-	tooltip: "Delete this tiddler",
-	warning: "Are you sure you want to delete '%0'?"});
-
-merge(config.commands.permalink,{
-	text: "permalink",
-	tooltip: "Permalink for this tiddler"});
-
-merge(config.commands.references,{
-	text: "references",
-	tooltip: "Show tiddlers that link to this one",
-	popupNone: "No references"});
-
-merge(config.commands.jump,{
-	text: "jump",
-	tooltip: "Jump to another open tiddler"});
-
-merge(config.shadowTiddlers,{
-	DefaultTiddlers: "GettingStarted",
-	MainMenu: "GettingStarted",
-	SiteTitle: "My TiddlyWiki",
-	SiteSubtitle: "a reusable non-linear personal web notebook",
-	SiteUrl: "http://www.tiddlywiki.com/",
-	GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
-	SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
-	OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
-	AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
-	SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
-	TabTimeline: "<<timeline>>",
-	TabAll: "<<list all>>",
-	TabTags: "<<allTags>>",
-	TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
-	TabMoreMissing: "<<list missing>>",
-	TabMoreOrphans: "<<list orphans>>",
-	TabMoreShadowed: "<<list shadowed>>",
-	PluginManager: "<<plugins>>",
-	ImportTiddlers: "<<importTiddlers>>"});
-
-// ---------------------------------------------------------------------------------
-// Main
-// ---------------------------------------------------------------------------------
-
-var params = null; // Command line parameters
-var store = null; // TiddlyWiki storage
-var story = null; // Main story
-var formatter = null; // Default formatters for the wikifier
-config.parsers = {}; // Hashmap of alternative parsers for the wikifier
-var anim = new Animator(); // Animation engine
-var readOnly = false; // Whether we're in readonly mode
-var highlightHack = null; // Embarrassing hack department...
-var hadConfirmExit = false; // Don't warn more than once
-var safeMode = false; // Disable all plugins and cookies
-var installedPlugins = []; // Information filled in when plugins are executed
-var startingUp = false; // Whether we're in the process of starting up
-var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
-
-// Whether to use the JavaSaver applet
-var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
-
-// Starting up
-function main()
-{
-	var now, then = new Date();
-	startingUp = true;
-	window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
-	params = getParameters();
-	if(params)
-		params = params.parseParams("open",null,false);
-	store = new TiddlyWiki();
-	invokeParamifier(params,"oninit");
-	story = new Story("tiddlerDisplay","tiddler");
-	addEvent(document,"click",Popup.onDocumentClick);
-	saveTest();
-	loadOptionsCookie();
-	for(var s=0; s<config.notifyTiddlers.length; s++)
-		store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
-	store.loadFromDiv("storeArea","store",true);
-	invokeParamifier(params,"onload");
-	var pluginProblem = loadPlugins();
-	formatter = new Formatter(config.formatters);
-	readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
-	invokeParamifier(params,"onconfig");
-	store.notifyAll();
-	restart();
-	if(pluginProblem)
-		{
-		story.displayTiddler(null,"PluginManager");
-		displayMessage(config.messages.customConfigError);
-		}
-	now = new Date();
-	if(config.displayStartupTime)
-		displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
-	startingUp = false;
-}
-
-// Restarting
-function restart()
-{
-	invokeParamifier(params,"onstart");
-	if(story.isEmpty())
-		{
-		var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
-		invokeParamifier(defaultParams,"onstart");
-		}
-	window.scrollTo(0,0);
-}
-
-function saveTest()
-{
-	var saveTest = document.getElementById("saveTest");
-	if(saveTest.hasChildNodes())
-		alert(config.messages.savedSnapshotError);
-	saveTest.appendChild(document.createTextNode("savetest"));
-}
-
-function loadPlugins()
-{
-	if(safeMode)
-		return false;
-	var configTiddlers = store.getTaggedTiddlers("systemConfig");
-	installedPlugins = [];
-	var hadProblem = false;
-	for(var t=0; t<configTiddlers.length; t++)
-		{
-		tiddler = configTiddlers[t];
-		pluginInfo = getPluginInfo(tiddler);
-		if(isPluginExecutable(pluginInfo))
-			{
-			pluginInfo.executed = true;
-			pluginInfo.error = false;
-			try
-				{
-				if(tiddler.text && tiddler.text != "")
-					window.eval(tiddler.text);
-				}
-			catch(e)
-				{
-				pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
-				pluginInfo.error = true;
-				hadProblem = true;
-				}
-			}
-		else
-			pluginInfo.warning = true;
-		installedPlugins.push(pluginInfo);
-		}
-	return hadProblem;
-}
-
-function getPluginInfo(tiddler)
-{
-	var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
-	p.tiddler = tiddler;
-	p.title = tiddler.title;
-	p.log = [];
-	return p;
-}
-
-// Check that a particular plugin is valid for execution
-function isPluginExecutable(plugin)
-{
-	if(plugin.tiddler.isTagged("systemConfigDisable"))
-		return verifyTail(plugin,false,config.messages.pluginDisabled);
-	if(plugin.tiddler.isTagged("systemConfigForce"))
-		return verifyTail(plugin,true,config.messages.pluginForced);
-	if(plugin["CoreVersion"])
-		{
-		var coreVersion = plugin["CoreVersion"].split(".");
-		var w = parseInt(coreVersion[0]) - version.major;
-		if(w == 0 && coreVersion[1])
-			w = parseInt(coreVersion[1]) - version.minor;
-		if(w == 0 && coreVersion[2])
-		 	w = parseInt(coreVersion[2]) - version.revision;
-		if(w > 0)
-			return verifyTail(plugin,false,config.messages.pluginVersionError);
-		}
-	return true;
-}
-
-function verifyTail(plugin,result,message)
-{
-	plugin.log.push(message);
-	return result;
-}
-
-function invokeMacro(place,macro,params,wikifier,tiddler)
-{
-	try
-		{
-		var m = config.macros[macro];
-		if(m && m.handler)
-			m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
-		else
-			createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
-		}
-	catch(ex)
-		{
-		createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
-		}
-}
-
-// ---------------------------------------------------------------------------------
-// Paramifiers
-// ---------------------------------------------------------------------------------
-
-function getParameters()
-{
-	var p = null;
-	if(window.location.hash)
-		{
-		p = decodeURI(window.location.hash.substr(1));
-		if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
-			p = convertUTF8ToUnicode(p);
-		}
-	return p;
-}
-
-function invokeParamifier(params,handler)
-{
-	if(!params || params.length == undefined || params.length <= 1)
-		return;
-	for(var t=1; t<params.length; t++)
-		{
-		var p = config.paramifiers[params[t].name];
-		if(p && p[handler] instanceof Function)
-			p[handler](params[t].value);
-		}
-}
-
-config.paramifiers = {};
-
-config.paramifiers.start = {
-	oninit: function(v) {
-		safeMode = v.toLowerCase() == "safe";
-		}
-};
-
-config.paramifiers.open = {
-	onstart: function(v) {
-		story.displayTiddler("bottom",v,null,false,false);
-		}
-};
-
-config.paramifiers.story = {
-	onstart: function(v) {
-		var list = store.getTiddlerText(v,"").parseParams("open",null,false);
-		invokeParamifier(list,"onstart");
-		}
-};
-
-config.paramifiers.search = {
-	onstart: function(v) {
-		story.search(v,false,false);
-		}
-};
-
-config.paramifiers.searchRegExp = {
-	onstart: function(v) {
-		story.prototype.search(v,false,true);
-		}
-};
-
-config.paramifiers.tag = {
-	onstart: function(v) {
-		var tagged = store.getTaggedTiddlers(v,"title");
-		for(var t=0; t<tagged.length; t++)
-			story.displayTiddler("bottom",tagged[t].title,null,false,false);
-		}
-};
-
-config.paramifiers.newTiddler = {
-	onstart: function(v) {
-		if(!readOnly)
-			{
-			story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
-			story.focusTiddler(v,"text");
-			}
-		}
-};
-
-config.paramifiers.newJournal = {
-	onstart: function(v) {
-		if(!readOnly)
-			{
-			var now = new Date();
-			var title = now.formatString(v.trim());
-			story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-			story.focusTiddler(title,"text");
-			}
-		}
-};
-
-// ---------------------------------------------------------------------------------
-// Formatter helpers
-// ---------------------------------------------------------------------------------
-
-function Formatter(formatters)
-{
-	this.formatters = [];
-	var pattern = [];
-	for(var n=0; n<formatters.length; n++)
-		{
-		pattern.push("(" + formatters[n].match + ")");
-		this.formatters.push(formatters[n]);
-		}
-	this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
-}
-
-config.formatterHelpers = {
-
-	createElementAndWikify: function(w)
-	{
-		w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
-	},
-	
-	inlineCssHelper: function(w)
-	{
-		var styles = [];
-		config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			var s,v;
-			if(lookaheadMatch[1])
-				{
-				s = lookaheadMatch[1].unDash();
-				v = lookaheadMatch[2];
-				}
-			else
-				{
-				s = lookaheadMatch[3].unDash();
-				v = lookaheadMatch[4];
-				}
-			if (s=="bgcolor")
-				s = "backgroundColor";
-			styles.push({style: s, value: v});
-			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-			config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-			}
-		return styles;
-	},
-
-	applyCssHelper: function(e,styles)
-	{
-		for(var t=0; t< styles.length; t++)
-			{
-			try
-				{
-				e.style[styles[t].style] = styles[t].value;
-				}
-			catch (ex)
-				{
-				}
-			}
-	},
-
-	enclosedTextHelper: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			var text = lookaheadMatch[1];
-			if(config.browser.isIE)
-				text = text.replace(/\n/g,"\r");
-			createTiddlyElement(w.output,this.element,null,null,text);
-			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-			}
-	},
-
-	isExternalLink: function(link)
-	{
-		if(store.tiddlerExists(link) || store.isShadowTiddler(link))
-			{
-			//# Definitely not an external link
-			return false;
-			}
-		var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
-		if(urlRegExp.exec(link))
-			{
-			// Definitely an external link
-			return true;
-			}
-		if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
-			{
-			//# Link contains . / or \ so is probably an external link
-			return true;
-			}
-		//# Otherwise assume it is not an external link
-		return false;
-	}
-
-};
-
-// ---------------------------------------------------------------------------------
-// Standard formatters
-// ---------------------------------------------------------------------------------
-
-config.formatters = [
-{
-	name: "table",
-	match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
-	lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
-	rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
-	cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
-	cellTermRegExp: /((?:\x20*)\|)/mg,
-	rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
-
-	handler: function(w)
-	{
-		var table = createTiddlyElement(w.output,"table");
-		var prevColumns = [];
-		var currRowType = null;
-		var rowContainer;
-		var rowCount = 0;
-		w.nextMatch = w.matchStart;
-		this.lookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			var nextRowType = lookaheadMatch[2];
-			if(nextRowType == "k")
-				{
-				table.className = lookaheadMatch[1];
-				w.nextMatch += lookaheadMatch[0].length+1;
-				}
-			else
-				{
-				if(nextRowType != currRowType)
-					{
-					rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
-					currRowType = nextRowType;
-					}
-				if(currRowType == "c")
-					{
-					// Caption
-					w.nextMatch++;
-					if(rowContainer != table.firstChild)
-						table.insertBefore(rowContainer,table.firstChild);
-					rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
-					w.subWikifyTerm(rowContainer,this.rowTermRegExp);
-					}
-				else
-					{
-					this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
-					rowCount++;
-					}
-				}
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-			}
-	},
-	rowHandler: function(w,e,prevColumns)
-	{
-		var col = 0;
-		var colSpanCount = 1;
-		var prevCell = null;
-		this.cellRegExp.lastIndex = w.nextMatch;
-		var cellMatch = this.cellRegExp.exec(w.source);
-		while(cellMatch && cellMatch.index == w.nextMatch)
-			{
-			if(cellMatch[1] == "~")
-				{
-				// Rowspan
-				var last = prevColumns[col];
-				if(last)
-					{
-					last.rowSpanCount++;
-					last.element.setAttribute("rowspan",last.rowSpanCount);
-					last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
-					last.element.valign = "center";
-					}
-				w.nextMatch = this.cellRegExp.lastIndex-1;
-				}
-			else if(cellMatch[1] == ">")
-				{
-				// Colspan
-				colSpanCount++;
-				w.nextMatch = this.cellRegExp.lastIndex-1;
-				}
-			else if(cellMatch[2])
-				{
-				// End of row
-				if(prevCell && colSpanCount > 1)
-					{
-					prevCell.setAttribute("colspan",colSpanCount);
-					prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
-					}
-				w.nextMatch = this.cellRegExp.lastIndex;
-				break;
-				}
-			else
-				{
-				// Cell
-				w.nextMatch++;
-				var styles = config.formatterHelpers.inlineCssHelper(w);
-				var spaceLeft = false;
-				var chr = w.source.substr(w.nextMatch,1);
-				while(chr == " ")
-					{
-					spaceLeft = true;
-					w.nextMatch++;
-					chr = w.source.substr(w.nextMatch,1);
-					}
-				var cell;
-				if(chr == "!")
-					{
-					cell = createTiddlyElement(e,"th");
-					w.nextMatch++;
-					}
-				else
-					cell = createTiddlyElement(e,"td");
-				prevCell = cell;
-				prevColumns[col] = {rowSpanCount:1, element:cell};
-				if(colSpanCount > 1)
-					{
-					cell.setAttribute("colspan",colSpanCount);
-					cell.setAttribute("colSpan",colSpanCount); // Needed for IE
-					colSpanCount = 1;
-					}
-				config.formatterHelpers.applyCssHelper(cell,styles);
-				w.subWikifyTerm(cell,this.cellTermRegExp);
-				if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
-					cell.align = spaceLeft ? "center" : "left";
-				else if(spaceLeft)
-					cell.align = "right";
-				w.nextMatch--;
-				}
-			col++;
-			this.cellRegExp.lastIndex = w.nextMatch;
-			cellMatch = this.cellRegExp.exec(w.source);
-			}
-	}
-},
-
-{
-	name: "heading",
-	match: "^!{1,5}",
-	termRegExp: /(\n)/mg,
-	handler: function(w)
-	{
-		w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
-	}
-},
-
-{
-	name: "list",
-	match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
-	lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
-	termRegExp: /(\n)/mg,
-	handler: function(w)
-	{
-		var placeStack = [w.output];
-		var currLevel = 0, currType = null;
-		var listLevel, listType, itemType;
-		w.nextMatch = w.matchStart;
-		this.lookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			if(lookaheadMatch[1])
-				{
-				listType = "ul";
-				itemType = "li";
-				}
-			else if(lookaheadMatch[2])
-				{
-				listType = "ol";
-				itemType = "li";
-				}
-			else if(lookaheadMatch[3])
-				{
-				listType = "dl";
-				itemType = "dt";
-				}
-			else if(lookaheadMatch[4])
-				{
-				listType = "dl";
-				itemType = "dd";
-				}
-			listLevel = lookaheadMatch[0].length;
-			w.nextMatch += lookaheadMatch[0].length;
-			if(listLevel > currLevel)
-				{
-				for(var t=currLevel; t<listLevel; t++)
-					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-				}
-			else if(listLevel < currLevel)
-				{
-				for(var t=currLevel; t>listLevel; t--)
-					placeStack.pop();
-				}
-			else if(listLevel == currLevel && listType != currType)
-				{
-				placeStack.pop();
-				placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-				}
-			currLevel = listLevel;
-			currType = listType;
-			var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
-			w.subWikifyTerm(e,this.termRegExp);
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		}
-	}
-},
-
-{
-	name: "quoteByBlock",
-	match: "^<<<\\n",
-	termRegExp: /(^<<<(\n|$))/mg,
-	element: "blockquote",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "quoteByLine",
-	match: "^>+",
-	lookaheadRegExp: /^>+/mg,
-	termRegExp: /(\n)/mg,
-	element: "blockquote",
-	handler: function(w)
-	{
-		var placeStack = [w.output];
-		var currLevel = 0;
-		var newLevel = w.matchLength;
-		var t;
-		do {
-			if(newLevel > currLevel)
-				{
-				for(t=currLevel; t<newLevel; t++)
-					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
-				}
-			else if(newLevel < currLevel)
-				{
-				for(t=currLevel; t>newLevel; t--)
-					placeStack.pop();
-				}
-			currLevel = newLevel;
-			w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
-			createTiddlyElement(placeStack[placeStack.length-1],"br");
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-			var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
-			if(matched)
-				{
-				newLevel = lookaheadMatch[0].length;
-				w.nextMatch += lookaheadMatch[0].length;
-				}
-		} while(matched);
-	}
-},
-
-{
-	name: "rule",
-	match: "^----+$\\n?",
-	handler: function(w)
-	{
-		createTiddlyElement(w.output,"hr");
-	}
-},
-
-{
-	name: "monospacedByLine",
-	match: "^\\{\\{\\{\\n",
-	lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-	name: "monospacedByLineForCSS",
-	match: "^/\\*[\\{]{3}\\*/\\n",
-	lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-	name: "monospacedByLineForPlugin",
-	match: "^//\\{\\{\\{\\n",
-	lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-	name: "monospacedByLineForTemplate",
-	match: "^<!--[\\{]{3}-->\\n",
-	lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg, 
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-	name: "wikifyCommentForPlugin", 
-	match: "^/\\*\\*\\*\\n",
-	termRegExp: /(^\*\*\*\/\n)/mg,
-	handler: function(w)
-	{
-		w.subWikifyTerm(w.output,this.termRegExp);
-	}
-},
-
-{
-	name: "wikifyCommentForTemplate", 
-	match: "^<!---\\n",
-	termRegExp: /(^--->\n)/mg,
-	handler: function(w) 
-	{
-		w.subWikifyTerm(w.output,this.termRegExp);
-	}
-},
-
-{
-	name: "macro",
-	match: "<<",
-	lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
-			{
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
-			}
-	}
-},
-
-{
-	name: "prettyLink",
-	match: "\\[\\[",
-	lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			var e;
-			var text = lookaheadMatch[1];
-			if(lookaheadMatch[3])
-				{
-				// Pretty bracketted link
-				var link = lookaheadMatch[3];
-				e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
-						? createExternalLink(w.output,link)
-						: createTiddlyLink(w.output,link,false,null,w.isStatic);
-				}
-			else
-				{
-				// Simple bracketted link
-				e = createTiddlyLink(w.output,text,false,null,w.isStatic);
-				}
-			createTiddlyText(e,text);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
-},
-
-{
-	name: "unWikiLink",
-	match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
-	handler: function(w)
-	{
-		w.outputText(w.output,w.matchStart+1,w.nextMatch);
-	}
-},
-
-{
-	name: "wikiLink",
-	match: config.textPrimitives.wikiLink,
-	handler: function(w)
-	{
-		if(w.matchStart > 0)
-			{
-			var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
-			preRegExp.lastIndex = w.matchStart-1;
-			var preMatch = preRegExp.exec(w.source);
-			if(preMatch.index == w.matchStart-1)
-				{
-				w.outputText(w.output,w.matchStart,w.nextMatch);
-				return;
-				}
-			}
-		if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
-			{
-			var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
-			w.outputText(link,w.matchStart,w.nextMatch);
-			}
-		else
-			{
-			w.outputText(w.output,w.matchStart,w.nextMatch);
-			}
-	}
-},
-
-{
-	name: "urlLink",
-	match: config.textPrimitives.urlPattern,
-	handler: function(w)
-	{
-		w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
-	}
-},
-
-{
-	name: "image",
-	match: "\\[[<>]?[Ii][Mm][Gg]\\[",
-	lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
-			{
-			var e = w.output;
-			if(lookaheadMatch[5])
-				{
-				var link = lookaheadMatch[5];
-				e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
-				addClass(e,"imageLink");
-				}
-			var img = createTiddlyElement(e,"img");
-			if(lookaheadMatch[1])
-				img.align = "left";
-			else if(lookaheadMatch[2])
-				img.align = "right";
-			if(lookaheadMatch[3])
-				img.title = lookaheadMatch[3];
-			img.src = lookaheadMatch[4];
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
-},
-
-{
-	name: "html",
-	match: "<[Hh][Tt][Mm][Ll]>",
-	lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
-},
-
-{
-	name: "commentByBlock",
-	match: "/%",
-	lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-	}
-},
-
-{
-	name: "boldByChar",
-	match: "''",
-	termRegExp: /('')/mg,
-	element: "strong",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "italicByChar",
-	match: "//",
-	termRegExp: /(\/\/)/mg,
-	element: "em",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "underlineByChar",
-	match: "__",
-	termRegExp: /(__)/mg,
-	element: "u",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "strikeByChar",
-	match: "--(?!\\s|$)",
-	termRegExp: /((?!\s)--|(?=\n\n))/mg,
-	element: "strike",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "superscriptByChar",
-	match: "\\^\\^",
-	termRegExp: /(\^\^)/mg,
-	element: "sup",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "subscriptByChar",
-	match: "~~",
-	termRegExp: /(~~)/mg,
-	element: "sub",
-	handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-	name: "monospacedByChar",
-	match: "\\{\\{\\{",
-	lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
-},
-
-{
-	name: "styleByChar",
-	match: "@@",
-	termRegExp: /(@@)/mg,
-	handler:  function(w)
-	{
-		var e = createTiddlyElement(w.output,"span");
-		var styles = config.formatterHelpers.inlineCssHelper(w);
-		if(styles.length == 0)
-			e.className = "marked";
-		else
-			config.formatterHelpers.applyCssHelper(e,styles);
-		w.subWikifyTerm(e,this.termRegExp);
-	}
-},
-
-{
-	name: "lineBreak",
-	match: "\\n|<br ?/?>",
-	handler: function(w)
-	{
-		createTiddlyElement(w.output,"br");
-	}
-},
-
-{
-	name: "rawText",
-	match: "\\\"{3}|<nowiki>",
-	lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
-},
-
-{
-	name: "mdash",
-	match: "--",
-	handler: function(w)
-		{
-		createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
-		}
-},
-
-{
-	name: "htmlEntitiesEncoding",
-	match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
-	handler: function(w)
-		{
-		createTiddlyElement(w.output,"span").innerHTML = w.matchText;
-		}
-},
-
-{
-	name: "customClasses",
-	match: "\\{\\{",
-	termRegExp: /(\}\}\})/mg,
-	lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch)
-			{
-			var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			w.subWikifyTerm(e,this.termRegExp);
-			}
-	}
-}
-
-];
-
-// ---------------------------------------------------------------------------------
-// Wikifier
-// ---------------------------------------------------------------------------------
-
-function getParser(tiddler)
-{
-	var f = formatter;
-	if(tiddler!=null)
-		{
-		for(var i in config.parsers)
-			{
-			if(tiddler.isTagged(config.parsers[i].formatTag))
-				{
-				f = config.parsers[i];
-				break;
-				}
-			}
-		}
-	return f;
-}
-
-function wikify(source,output,highlightRegExp,tiddler)
-{
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-		wikifier.subWikifyUnterm(output);
-		}
-}
-
-function wikifyStatic(source,highlightRegExp,tiddler)
-{
-	var e = createTiddlyElement(document.body,"div");
-	e.style.display = "none";
-	var html = "";
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-		wikifier.isStatic = true;
-		wikifier.subWikifyUnterm(e);
-		html = e.innerHTML;
-		e.parentNode.removeChild(e);
-		}
-	return html;
-}
-
-// Wikify a named tiddler to plain text
-function wikifyPlain(title)
-{
-	if(store.tiddlerExists(title) || store.isShadowTiddler(title))
-		{
-		var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
-		return wikifier.wikifyPlain();
-		}
-	else
-		return "";
-}
-
-// Highlight plain text into an element
-function highlightify(source,output,highlightRegExp)
-{
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,formatter,highlightRegExp);
-		wikifier.outputText(output,0,source.length);
-		}
-}
-
-// Construct a wikifier object
-// source - source string that's going to be wikified
-// formatter - Formatter() object containing the list of formatters to be used
-// highlightRegExp - regular expression of the text string to highlight
-// tiddler - reference to the tiddler that's taken to be the container for this wikification
-function Wikifier(source,formatter,highlightRegExp,tiddler)
-{
-	this.source = source;
-	this.output = null;
-	this.formatter = formatter;
-	this.nextMatch = 0;
-	this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
-	this.highlightRegExp = highlightRegExp;
-	this.highlightMatch = null;
-	this.isStatic = false;
-	if(highlightRegExp)
-		{
-		highlightRegExp.lastIndex = 0;
-		this.highlightMatch = highlightRegExp.exec(source);
-		}
-	this.tiddler = tiddler;
-}
-
-Wikifier.prototype.wikifyPlain = function()
-{
-	var e = createTiddlyElement(document.body,"div");
-	e.style.display = "none";
-	this.subWikify(e);
-	var text = getPlainText(e);
-	e.parentNode.removeChild(e);
-	return text;
-}
-
-Wikifier.prototype.subWikify = function(output,terminator)
-{
-	// Handle the terminated and unterminated cases separately
-	if (terminator)
-		this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
-	else
-		this.subWikifyUnterm(output);
-}
-
-Wikifier.prototype.subWikifyUnterm = function(output)
-{
-	// subWikify() can be indirectly recursive, so we need to save the old output pointer
-	var oldOutput = this.output;
-	this.output = output;
-	// Get the first match
-	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-	var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-	while(formatterMatch)
-		{
-		// Output any text before the match
-		if(formatterMatch.index > this.nextMatch)
-			this.outputText(this.output,this.nextMatch,formatterMatch.index);
-		// Set the match parameters for the handler
-		this.matchStart = formatterMatch.index;
-		this.matchLength = formatterMatch[0].length;
-		this.matchText = formatterMatch[0];
-		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-		// Figure out which formatter matched and call its handler
-		for(var t=1; t<formatterMatch.length; t++)
-			{
-			if(formatterMatch[t])
-				{
-				this.formatter.formatters[t-1].handler(this);
-				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-				break;
-				}
-			}
-		// Get the next match
-		formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-		}
-	// Output any text after the last match
-	if(this.nextMatch < this.source.length)
-		{
-		this.outputText(this.output,this.nextMatch,this.source.length);
-		this.nextMatch = this.source.length;
-		}
-	// Restore the output pointer
-	this.output = oldOutput;
-}
-
-Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
-{
-	// subWikify() can be indirectly recursive, so we need to save the old output pointer
-	var oldOutput = this.output;
-	this.output = output;
-	// Get the first matches for the formatter and terminator RegExps
-	terminatorRegExp.lastIndex = this.nextMatch;
-	var terminatorMatch = terminatorRegExp.exec(this.source);
-	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-	var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-	while(terminatorMatch || formatterMatch)
-		{
-		// Check for a terminator match  before the next formatter match
-		if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
-			{
-			// Output any text before the match
-			if(terminatorMatch.index > this.nextMatch)
-				this.outputText(this.output,this.nextMatch,terminatorMatch.index);
-			// Set the match parameters
-			this.matchText = terminatorMatch[1];
-			this.matchLength = terminatorMatch[1].length;
-			this.matchStart = terminatorMatch.index;
-			this.nextMatch = this.matchStart + this.matchLength;
-			// Restore the output pointer
-			this.output = oldOutput;
-			return;
-			}
-		// It must be a formatter match; output any text before the match
-		if(formatterMatch.index > this.nextMatch)
-			this.outputText(this.output,this.nextMatch,formatterMatch.index);
-		// Set the match parameters
-		this.matchStart = formatterMatch.index;
-		this.matchLength = formatterMatch[0].length;
-		this.matchText = formatterMatch[0];
-		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-		// Figure out which formatter matched and call its handler
-		for(var t=1; t<formatterMatch.length; t++)
-			{
-			if(formatterMatch[t])
-				{
-				this.formatter.formatters[t-1].handler(this);
-				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-				break;
-				}
-			}
-		// Get the next match
-		terminatorRegExp.lastIndex = this.nextMatch;
-		terminatorMatch = terminatorRegExp.exec(this.source);
-		formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-		}
-	// Output any text after the last match
-	if(this.nextMatch < this.source.length)
-		{
-		this.outputText(this.output,this.nextMatch,this.source.length);
-		this.nextMatch = this.source.length;
-		}
-	// Restore the output pointer
-	this.output = oldOutput;
-}
-
-Wikifier.prototype.outputText = function(place,startPos,endPos)
-{
-	// Check for highlights
-	while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
-		{
-		// Deal with any plain text before the highlight
-		if(this.highlightMatch.index > startPos)
-			{
-			createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
-			startPos = this.highlightMatch.index;
-			}
-		// Deal with the highlight
-		var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
-		var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
-		startPos = highlightEnd;
-		// Nudge along to the next highlight if we're done with this one
-		if(startPos >= this.highlightRegExp.lastIndex)
-			this.highlightMatch = this.highlightRegExp.exec(this.source);
-		}
-	// Do the unhighlighted text left over
-	if(startPos < endPos)
-		{
-		createTiddlyText(place,this.source.substring(startPos,endPos));
-		}
-}
-
-// ---------------------------------------------------------------------------------
-// Macro definitions
-// ---------------------------------------------------------------------------------
-
-config.macros.today.handler = function(place,macroName,params)
-{
-	var now = new Date();
-	var text;
-	if(params[0])
-		text = now.formatString(params[0].trim());
-	else
-		text = now.toLocaleString();
-	createTiddlyElement(place,"span",null,null,text);
-}
-
-config.macros.version.handler = function(place)
-{
-	createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
-}
-
-config.macros.list.handler = function(place,macroName,params)
-{
-	var type = params[0] ? params[0] : "all";
-	var theList = document.createElement("ul");
-	place.appendChild(theList);
-	if(this[type].prompt)
-		createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
-	var results;
-	if(this[type].handler)
-		results = this[type].handler(params);
-	for(var t = 0; t < results.length; t++)
-		{
-		var theListItem = document.createElement("li")
-		theList.appendChild(theListItem);
-		if(typeof results[t] == "string")
-			createTiddlyLink(theListItem,results[t],true);
-		else
-			createTiddlyLink(theListItem,results[t].title,true);
-		}
-}
-
-config.macros.list.all.handler = function(params)
-{
-	return store.reverseLookup("tags","excludeLists",false,"title");
-}
-
-config.macros.list.missing.handler = function(params)
-{
-	return store.getMissingLinks();
-}
-
-config.macros.list.orphans.handler = function(params)
-{
-	return store.getOrphans();
-}
-
-config.macros.list.shadowed.handler = function(params)
-{
-	return store.getShadowed();
-}
-
-config.macros.allTags.handler = function(place,macroName,params)
-{
-	var tags = store.getTags();
-	var theDateList = createTiddlyElement(place,"ul");
-	if(tags.length == 0)
-		createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
-	for(var t=0; t<tags.length; t++)
-		{
-		var theListItem =createTiddlyElement(theDateList,"li");
-		var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
-		theTag.setAttribute("tag",tags[t][0]);
-		}
-}
-
-config.macros.timeline.handler = function(place,macroName,params)
-{
-	var field = params[0] ? params[0] : "modified";
-	var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
-	var lastDay = "";
-	var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
-	for(var t=tiddlers.length-1; t>=last; t--)
-		{
-		var tiddler = tiddlers[t];
-		var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
-		if(theDay != lastDay)
-			{
-			var theDateList = document.createElement("ul");
-			place.appendChild(theDateList);
-			createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
-			lastDay = theDay;
-			}
-		var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
-		theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
-		}
-}
-
-config.macros.search.handler = function(place,macroName,params)
-{
-	var searchTimeout = null;
-	var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
-	var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
-	if(params[0])
-		txt.value = params[0];
-	txt.onkeyup = this.onKeyPress;
-	txt.onfocus = this.onFocus;
-	txt.setAttribute("size",this.sizeTextbox);
-	txt.setAttribute("accessKey",this.accessKey);
-	txt.setAttribute("autocomplete","off");
-	txt.setAttribute("lastSearchText","");
-	if(config.browser.isSafari)
-		{
-		txt.setAttribute("type","search");
-		txt.setAttribute("results","5");
-		}
-	else
-		txt.setAttribute("type","text");
-}
-
-// Global because there's only ever one outstanding incremental search timer
-config.macros.search.timeout = null;
-
-config.macros.search.doSearch = function(txt)
-{
-	if(txt.value.length > 0)
-		{
-		story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
-		txt.setAttribute("lastSearchText",txt.value);
-		}
-}
-
-config.macros.search.onClick = function(e)
-{
-	config.macros.search.doSearch(this.nextSibling);
-	return false;
-}
-
-config.macros.search.onKeyPress = function(e)
-{
-	if(!e) var e = window.event;
-	switch(e.keyCode)
-		{
-		case 13: // Ctrl-Enter
-		case 10: // Ctrl-Enter on IE PC
-			config.macros.search.doSearch(this);
-			break;
-		case 27: // Escape
-			this.value = "";
-			clearMessage();
-			break;
-		}
-	if(this.value.length > 2)
-		{
-		if(this.value != this.getAttribute("lastSearchText"))
-			{
-			if(config.macros.search.timeout)
-				clearTimeout(config.macros.search.timeout);
-			var txt = this;
-			config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
-			}
-		}
-	else
-		{
-		if(config.macros.search.timeout)
-			clearTimeout(config.macros.search.timeout);
-		}
-}
-
-config.macros.search.onFocus = function(e)
-{
-	this.select();
-}
-
-config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	params = paramString.parseParams("name",null,true,false,true);
-	var names = params[0]["name"];
-	var tiddlerName = names[0];
-	var className = names[1] ? names[1] : null;
-	var args = params[0]["with"];
-	var wrapper = createTiddlyElement(place,"span",null,className);
-	if(!args)
-		{
-		wrapper.setAttribute("refresh","content");
-		wrapper.setAttribute("tiddler",tiddlerName);
-		}
-	var text = store.getTiddlerText(tiddlerName);
-	if(text)
-		{
-		var stack = config.macros.tiddler.tiddlerStack;
-		if(stack.indexOf(tiddlerName) !== -1)
-			return;
-		stack.push(tiddlerName);
-		try
-			{
-			var n = args ? Math.min(args.length,9) : 0;
-			for(var i=0; i<n; i++) 
-				{
-				var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
-				text = text.replace(placeholderRE,args[i]);
-				}
-			config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
-			}
-		finally
-			{
-			stack.pop();
-			}
-		}
-}
-
-config.macros.tiddler.renderText = function(place,text,tiddlerName,params) 
-{
-	wikify(text,place,null,store.getTiddler(tiddlerName));
-}
-
-config.macros.tiddler.tiddlerStack = [];
-
-config.macros.tag.handler = function(place,macroName,params)
-{
-	createTagButton(place,params[0]);
-}
-
-config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	params = paramString.parseParams("anon",null,true,false,false);
-	var theList = createTiddlyElement(place,"ul");
-	var title = getParam(params,"anon","");
-	if(title && store.tiddlerExists(title))
-		tiddler = store.getTiddler(title);
-	var sep = getParam(params,"sep"," ");
-	var lingo = config.views.wikified.tag;
-	var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
-	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
-	for(var t=0; t<tiddler.tags.length; t++)
-		{
-		createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
-		if(t<tiddler.tags.length-1)
-			createTiddlyText(theList,sep);
-		}
-}
-
-config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	params = paramString.parseParams("anon",null,true,false,false);
-	var theList = createTiddlyElement(place,"ul");
-	var title = getParam(params,"anon","");
-	if(title == "" && tiddler instanceof Tiddler)
-		title = tiddler.title;
-	var sep = getParam(params,"sep"," ");
-	theList.setAttribute("title",this.tooltip.format([title]));
-	var tagged = store.getTaggedTiddlers(title);
-	var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
-	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
-	for(var t=0; t<tagged.length; t++)
-		{
-		createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
-		if(t<tagged.length-1)
-			createTiddlyText(theList,sep);
-		}
-}
-
-config.macros.closeAll.handler = function(place)
-{
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.closeAll.onClick = function(e)
-{
-	story.closeAllTiddlers();
-	return false;
-}
-
-config.macros.permaview.handler = function(place)
-{
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.permaview.onClick = function(e)
-{
-	story.permaView();
-	return false;
-}
-
-config.macros.saveChanges.handler = function(place)
-{
-	if(!readOnly)
-		createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
-}
-
-config.macros.saveChanges.onClick = function(e)
-{
-	saveChanges();
-	return false;
-}
-
-config.macros.slider.onClickSlider = function(e)
-{
-	if(!e) var e = window.event;
-	var n = this.nextSibling;
-	var cookie = n.getAttribute("cookie");
-	var isOpen = n.style.display != "none";
-	if(anim && config.options.chkAnimate)
-		anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
-	else
-		n.style.display = isOpen ? "none" : "block";
-	config.options[cookie] = !isOpen;
-	saveOptionCookie(cookie);
-	return false;
-}
-
-config.macros.slider.createSlider = function(place,cookie,title,tooltip)
-{
-	var cookie = cookie ? cookie : "";
-	var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
-	var panel = createTiddlyElement(null,"div",null,"sliderPanel");
-	panel.setAttribute("cookie",cookie);
-	panel.style.display = config.options[cookie] ? "block" : "none";
-	place.appendChild(panel);
-	return panel;
-}
-
-config.macros.slider.handler = function(place,macroName,params)
-{
-	var panel = this.createSlider(place,params[0],params[2],params[3]);
-	var text = store.getTiddlerText(params[1]);
-	panel.setAttribute("refresh", "content");
-	panel.setAttribute("tiddler", params[1]);
-	if(text)
-		wikify(text,panel,null,store.getTiddler(params[1]));
-}
-
-config.macros.option.onChangeOption = function(e)
-{
-	var opt = this.getAttribute("option");
-	var elementType,valueField;
-	if(opt)
-		{
-		switch(opt.substr(0,3))
-			{
-			case "txt":
-				elementType = "input";
-				valueField = "value";
-				break;
-			case "chk":
-				elementType = "input";
-				valueField = "checked";
-				break;
-			}
-		config.options[opt] = this[valueField];
-		saveOptionCookie(opt);
-		var nodes = document.getElementsByTagName(elementType);
-		for(var t=0; t<nodes.length; t++)
-			{
-			var optNode = nodes[t].getAttribute("option");
-			if(opt == optNode)
-				nodes[t][valueField] = this[valueField];
-			}
-		}
-	return(true);
-}
-
-config.macros.option.handler = function(place,macroName,params)
-{
-	var opt = params[0];
-	if(config.options[opt] == undefined)
-		return;
-	var c;
-	switch(opt.substr(0,3))
-		{
-		case "txt":
-			c = document.createElement("input");
-			c.onkeyup = this.onChangeOption;
-			c.setAttribute("option",opt);
-			c.className = "txtOptionInput";
-			place.appendChild(c);
-			c.value = config.options[opt];
-			break;
-		case "chk":
-			c = document.createElement("input");
-			c.setAttribute("type","checkbox");
-			c.onclick = this.onChangeOption;
-			c.setAttribute("option",opt);
-			c.className = "chkOptionInput";
-			place.appendChild(c);
-			c.checked = config.options[opt];
-			break;
-		}
-}
-
-
-
-config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
-{
-	var tags = [];
-	for(var t=1; t<params.length; t++)
-		if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
-			tags.push(params[t].value);
-	label = getParam(params,"label",label);
-	prompt = getParam(params,"prompt",prompt);
-	accessKey = getParam(params,"accessKey",accessKey);
-	newFocus = getParam(params,"focus",newFocus);
-	var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
-	btn.setAttribute("newTitle",title);
-	btn.setAttribute("isJournal",isJournal);
-	btn.setAttribute("params",tags.join("|"));
-	btn.setAttribute("newFocus",newFocus);
-	btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
-	var text = getParam(params,"text");
-	if(text !== undefined) 
-		btn.setAttribute("newText",text);
-	return btn;
-}
-
-config.macros.newTiddler.onClickNewTiddler = function()
-{
-	var title = this.getAttribute("newTitle");
-	if(this.getAttribute("isJournal"))
-		{
-		var now = new Date();
-		title = now.formatString(title.trim());
-		}
-	var params = this.getAttribute("params").split("|");
-	var focus = this.getAttribute("newFocus");
-	var template = this.getAttribute("newTemplate");
-	story.displayTiddler(null,title,template);
-	var text = this.getAttribute("newText");
-	if(typeof text == "string")
-		story.getTiddlerField(title,"text").value = text.format([title]);
-	for(var t=0;t<params.length;t++)
-		story.setTiddlerTag(title,params[t],+1);
-	story.focusTiddler(title,focus);
-	return false;
-}
-
-config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	if(!readOnly)
-		{
-		params = paramString.parseParams("anon",null,true,false,false);
-		var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
-		title = getParam(params,"title",title);
-		this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
-		}
-}
-
-config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	if(!readOnly)
-		{
-		params = paramString.parseParams("anon",null,true,false,false);
-		var title = params[1] && params[1].name == "anon" ? params[1].value : "";
-		title = getParam(params,"title",title);
-		config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
-		}
-}
-
-config.macros.sparkline.handler = function(place,macroName,params)
-{
-	var data = [];
-	var min = 0;
-	var max = 0;
-	for(var t=0; t<params.length; t++)
-		{
-		var v = parseInt(params[t]);
-		if(v < min)
-			min = v;
-		if(v > max)
-			max = v;
-		data.push(v);
-		}
-	if(data.length < 1)
-		return;
-	var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
-	box.title = data.join(",");
-	var w = box.offsetWidth;
-	var h = box.offsetHeight;
-	box.style.paddingRight = (data.length * 2 - w) + "px";
-	box.style.position = "relative";
-	for(var d=0; d<data.length; d++)
-		{
-		var tick = document.createElement("img");
-		tick.border = 0;
-		tick.className = "sparktick";
-		tick.style.position = "absolute";
-		tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
-		tick.style.left = d*2 + "px";
-		tick.style.width = "2px";
-		var v = Math.floor(((data[d] - min)/(max-min)) * h);
-		tick.style.top = (h-v) + "px";
-		tick.style.height = v + "px";
-		box.appendChild(tick);
-		}
-}
-
-config.macros.tabs.handler = function(place,macroName,params)
-{
-	var cookie = params[0];
-	var numTabs = (params.length-1)/3;
-	var wrapper = createTiddlyElement(null,"div",null,cookie);
-	var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
-	tabset.setAttribute("cookie",cookie);
-	var validTab = false;
-	for(var t=0; t<numTabs; t++)
-		{
-		var label = params[t*3+1];
-		var prompt = params[t*3+2];
-		var content = params[t*3+3];
-		var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
-		tab.setAttribute("tab",label);
-		tab.setAttribute("content",content);
-		tab.title = prompt;
-		if(config.options[cookie] == label)
-			validTab = true;
-		}
-	if(!validTab)
-		config.options[cookie] = params[1];
-	place.appendChild(wrapper);
-	this.switchTab(tabset,config.options[cookie]);
-}
-
-config.macros.tabs.onClickTab = function(e)
-{
-	config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
-	return false;
-}
-
-config.macros.tabs.switchTab = function(tabset,tab)
-{
-	var cookie = tabset.getAttribute("cookie");
-	var theTab = null
-	var nodes = tabset.childNodes;
-	for(var t=0; t<nodes.length; t++)
-		if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
-			{
-			theTab = nodes[t];
-			theTab.className = "tab tabSelected";
-			}
-		else
-			nodes[t].className = "tab tabUnselected"
-	if(theTab)
-		{
-		if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
-			tabset.parentNode.removeChild(tabset.nextSibling);
-		var tabContent = createTiddlyElement(null,"div",null,"tabContents");
-		tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
-		var contentTitle = theTab.getAttribute("content");
-		wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
-		if(cookie)
-			{
-			config.options[cookie] = tab;
-			saveOptionCookie(cookie);
-			}
-		}
-}
-
-// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
-config.macros.gradient.handler = function(place,macroName,params,wikifier)
-{
-	var terminator = ">>";
-	var panel;
-	if(wikifier)
-		panel = createTiddlyElement(place,"div",null,"gradient");
-	else
-		panel = place;
-	panel.style.position = "relative";
-	panel.style.overflow = "hidden";
-	panel.style.zIndex = "0";
-	var t;
-	if(wikifier)
-		{
-		var styles = config.formatterHelpers.inlineCssHelper(wikifier);
-		config.formatterHelpers.applyCssHelper(panel,styles);
-		}
-	var colours = [];
-	for(t=1; t<params.length; t++)
-		{
-		var c = new RGB(params[t]);
-		if(c)
-			colours.push(c);
-		}
-	drawGradient(panel,params[0] != "vert",colours);
-	if(wikifier)
-		wikifier.subWikify(panel,terminator);
-	if(document.all)
-		{
-		panel.style.height = "100%";
-		panel.style.width = "100%";
-		}
-}
-
-config.macros.message.handler = function(place,macroName,params)
-{
-	if(params[0])
-		{
-		var m = config;
-		var p = params[0].split(".");
-		for(var t=0; t<p.length; t++)
-			{
-			if(p[t] in m)
-				m = m[p[t]];
-			else
-				break;
-			}
-		createTiddlyText(place,m.toString().format(params.splice(1)));
-		}
-}
-
-config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	if((tiddler instanceof Tiddler) && params[0])
-		{
-		var value = store.getValue(tiddler,params[0]);
-		if(value != undefined)
-			switch(params[1])
-				{
-				case undefined:
-					highlightify(value,place,highlightHack);
-					break;
-				case "link":
-					createTiddlyLink(place,value,true);
-					break;
-				case "wikified":
-					wikify(value,place,highlightHack,tiddler);
-					break;
-				case "date":
-					value = Date.convertFromYYYYMMDDHHMM(value);
-					if(params[2])
-						createTiddlyText(place,value.formatString(params[2]));
-					else
-						createTiddlyText(place,value);
-					break;
-				}
-		}
-}
-
-config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	var field = params[0];
-	if((tiddler instanceof Tiddler) && field)
-		{
-		story.setDirty(tiddler.title,true);
-		if(field != "text")
-			{
-				var e = createTiddlyElement(null,"input");
-				if(tiddler.isReadOnly())
-					e.setAttribute("readOnly","readOnly");
-				e.setAttribute("edit",field);
-				e.setAttribute("type","text");
-				var v = store.getValue(tiddler,field);
-				if(!v) 
-					v = "";
-				e.value = v;
-				e.setAttribute("size","40");
-				e.setAttribute("autocomplete","off");
-				place.appendChild(e);
-			}
-		else
-			{
-				var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
-				var wrapper2 = createTiddlyElement(wrapper1,"div");
-				var e = createTiddlyElement(wrapper2,"textarea");
-				if(tiddler.isReadOnly())
-					e.setAttribute("readOnly","readOnly");
-				var v = store.getValue(tiddler,field);
-				if(!v) 
-					v = "";
-				e.value = v;
-				var rows = 10;
-				var lines = v.match(/\n/mg);
-				var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
-				if(lines != null && lines.length > rows)
-					rows = lines.length + 5;
-				rows = Math.min(rows,maxLines);
-				e.setAttribute("rows",rows);
-				e.setAttribute("edit",field);
-				place.appendChild(wrapper1);
-			}
-		}
-}
-
-config.macros.tagChooser.onClick = function(e)
-{
-	if(!e) var e = window.event;
-	var lingo = config.views.editor.tagChooser;
-	var popup = Popup.create(this);
-	var tags = store.getTags();
-	if(tags.length == 0)
-		createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
-	for(var t=0; t<tags.length; t++)
-		{
-		var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
-		theTag.setAttribute("tag",tags[t][0]);
-		theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
-		}
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if(e.stopPropagation) e.stopPropagation();
-	return(false);
-}
-
-config.macros.tagChooser.onTagClick = function(e)
-{
-	if(!e) var e = window.event;
-	var tag = this.getAttribute("tag");
-	var title = this.getAttribute("tiddler");
-	if(!readOnly)
-		story.setTiddlerTag(title,tag,0);
-	return(false);
-}
-
-config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	if(tiddler instanceof Tiddler)
-		{
-		var title = tiddler.title;
-		var lingo = config.views.editor.tagChooser;
-		var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
-		btn.setAttribute("tiddler", title);
-		}
-}
-
-// Create a toolbar command button
-// place - parent DOM element
-// command - reference to config.commands[] member -or- name of member
-// tiddler - reference to tiddler that toolbar applies to
-// theClass - the class to give the button
-config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
-{
-	if(typeof commandName != "string")
-		{
-		var c = null;
-		for(var t in config.commands)
-			if(config.commands[t] == commandName)
-				c = t;
-		commandName = c;
-		}
-	if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
-		{
-		var title = tiddler.title;
-		var command = config.commands[commandName];
-		var ro = tiddler.isReadOnly();
-		var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
-		var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
-		var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
-		if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
-
-			{
-			var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
-			btn.setAttribute("commandName", commandName);
-			btn.setAttribute("tiddler", title);
-			if(theClass)
-				addClass(btn,theClass);
-			place.appendChild(btn);
-			}
-		}
-}
-
-config.macros.toolbar.onClickCommand = function(e)
-{
-	if(!e) var e = window.event;
-	var command = config.commands[this.getAttribute("commandName")];
-	return command.handler(e,this,this.getAttribute("tiddler"));
-}
-
-// Invoke the first command encountered from a given place that is tagged with a specified class
-config.macros.toolbar.invokeCommand = function(place,theClass,event)
-{
-	var children = place.getElementsByTagName("a")
-	for(var t=0; t<children.length; t++)
-		{
-		var c = children[t];
-		if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
-			{
-			if(c.onclick instanceof Function)
-				c.onclick.call(c,event);
-			break;
-			}
-		}
-}
-
-config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	for(var t=0; t<params.length; t++)
-		{
-		var c = params[t];
-		var theClass = "";
-		switch(c.substr(0,1))
-			{
-			case "+":
-				theClass = "defaultCommand";
-				c = c.substr(1);
-				break;
-			case "-":
-				theClass = "cancelCommand";
-				c = c.substr(1);
-				break;
-			}
-		if(c in config.commands)
-			this.createCommand(place,c,tiddler,theClass);
-		}
-}
-
-config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	var e = createTiddlyElement(place,"div");
-	e.setAttribute("refresh","macro");
-	e.setAttribute("macroName","plugins");
-	e.setAttribute("params",paramString);
-	this.refresh(e,paramString);
-}
-
-config.macros.plugins.refresh = function(place,params)
-{
-	var selectedRows = [];
-	ListView.forEachSelector(place,function(e,rowName) {
-			if(e.checked)
-				selectedRows.push(e.getAttribute("rowName"));
-		});
-	removeChildren(place);
-	params = params.parseParams("anon");
-	var plugins = installedPlugins.slice(0);
-	var t,tiddler,p;
-	var configTiddlers = store.getTaggedTiddlers("systemConfig");
-	for(t=0; t<configTiddlers.length; t++)
-		{
-		tiddler = configTiddlers[t];
-		if(plugins.findByField("title",tiddler.title) == null)
-			{
-			p = getPluginInfo(tiddler);
-			p.executed = false;
-			p.log.splice(0,0,this.skippedText);
-			plugins.push(p);
-			}
-		}
-	for(t=0; t<plugins.length; t++)
-		{
-		var p = plugins[t];
-		p.forced = p.tiddler.isTagged("systemConfigForce");
-		p.disabled = p.tiddler.isTagged("systemConfigDisable");
-		p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
-		}
-	if(plugins.length == 0)
-		createTiddlyElement(place,"em",null,null,this.noPluginText);
-	else
-		ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
-}
-
-config.macros.plugins.onSelectCommand = function(command,rowNames)
-{
-	var t;
-	switch(command)
-		{
-		case "remove":
-			for(t=0; t<rowNames.length; t++)
-				store.setTiddlerTag(rowNames[t],false,"systemConfig");
-			break;
-		case "delete":
-			if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
-				{
-				for(t=0; t<rowNames.length; t++)
-					{
-					store.removeTiddler(rowNames[t]);
-					story.closeTiddler(rowNames[t],true,false);
-					}
-				}
-			break;
-		}
-	if(config.options.chkAutoSave)
-		saveChanges(true);
-}
-
-config.macros.refreshDisplay.handler = function(place)
-{
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.refreshDisplay.onClick = function(e)
-{
-	refreshAll();
-	return false;
-}
-
-config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-	if(readOnly)
-		{
-		createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
-		return;
-		}
-	var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
-	createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
-	createTiddlyElement(importer,"h2",null,"step1",this.step1);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	createTiddlyText(step,this.step1prompt);
-	var input = createTiddlyElement(null,"input",null,"txtOptionInput");
-	input.type = "text";
-	input.size = 50;
-	step.appendChild(input);
-	importer.inputBox = input;
-	createTiddlyElement(step,"br");
-	createTiddlyText(step,this.step1promptFile);
-	var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
-	fileInput.type = "file";
-	fileInput.size = 50;
-	fileInput.onchange = this.onBrowseChange;
-	fileInput.onkeyup = this.onBrowseChange;
-	step.appendChild(fileInput);
-	createTiddlyElement(step,"br");
-	createTiddlyText(step,this.step1promptFeeds);
-	var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
-	createTiddlyDropDown(step,this.onFeedChange,feeds);
-	createTiddlyElement(step,"br");
-	createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
-        place.appendChild(importer);
-}
-
-config.macros.importTiddlers.getFeeds = function(feeds)
-{
-	var tagged = store.getTaggedTiddlers("contentPublisher","title");
-	for(var t=0; t<tagged.length; t++)
-		feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
-	return feeds;
-}
-
-config.macros.importTiddlers.onFeedChange = function(e)
-{
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	importer.inputBox.value = this.value;
-	this.selectedIndex = 0;
-}
-
-config.macros.importTiddlers.onBrowseChange = function(e)
-{
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	importer.inputBox.value = "file://" + this.value;
-}
-
-config.macros.importTiddlers.onFetch = function(e)
-{
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	var url = importer.inputBox.value;
-	var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
-	while(cutoff)
-		{
-		var temp = cutoff.nextSibling;
-		cutoff.parentNode.removeChild(cutoff);
-		cutoff = temp;
-		}
-	createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
-	loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
-}
-
-config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
-{
-	if(!status)
-		{
-		displayMessage(this.fetchError);
-		return;
-		}
-	var importer = params;
-	// Check that the tiddler we're in hasn't been closed - doesn't work on IE
-//	var p = importer;
-//	while(p.parentNode)
-//		p = p.parentNode;
-//	if(!(p instanceof HTMLDocument))
-//		return;
-	// Crack out the content - (should be refactored)
-	var posOpeningDiv = responseText.indexOf(startSaveArea);
-	var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
-	var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
-	if((posOpeningDiv == -1) || (posClosingDiv == -1))
-		{
-		alert(config.messages.invalidFileError.format([url]));
-		return;
-		}
-	var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
-	// Create the iframe
-	var iframe = document.createElement("iframe");
-	iframe.style.display = "none";
-	importer.insertBefore(iframe,importer.firstChild);
-	var doc = iframe.document;
-	if(iframe.contentDocument)
-		doc = iframe.contentDocument; // For NS6
-	else if(iframe.contentWindow)
-		doc = iframe.contentWindow.document; // For IE5.5 and IE6
-	// Put the content in the iframe
-	doc.open();
-	doc.writeln(content);
-	doc.close();
-	// Load the content into a TiddlyWiki() object
-	var storeArea = doc.getElementById("storeArea");
-	var importStore = new TiddlyWiki();
-	importStore.loadFromDiv(storeArea,"store");
-	// Get rid of the iframe
-	iframe.parentNode.removeChild(iframe);
-	// Extract data for the listview
-	var tiddlers = [];
-	importStore.forEachTiddler(function(title,tiddler)
-		{
-		var t = {};
-		t.title = title;
-		t.modified = tiddler.modified;
-		t.modifier = tiddler.modifier;
-		t.text = tiddler.text.substr(0,50);
-		t.tags = tiddler.tags;
-		tiddlers.push(t);
-		});
-	// Display the listview
-	createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
-	// Save the importer
-	importer.store = importStore;
-}
-
-config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
-{
-	var importer = findRelated(listView,"importTiddler","className","parentNode");
-	switch(command)
-		{
-		case "import":
-			config.macros.importTiddlers.doImport(importer,rowNames);
-			break;
-		}
-	if(config.options.chkAutoSave)
-		saveChanges(true);
-}
-
-config.macros.importTiddlers.doImport = function(importer,rowNames)
-{
-	var theStore = importer.store;
-	var overwrite = new Array();
-	var t;
-	for(t=0; t<rowNames.length; t++)
-		{
-		if(store.tiddlerExists(rowNames[t]))
-			overwrite.push(rowNames[t]);
-	}
-	if(overwrite.length > 0)
-		if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
-			return;
-	for(t=0; t<rowNames.length; t++)
-		{
-		var inbound = theStore.fetchTiddler(rowNames[t]);
-		store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
-		store.fetchTiddler(inbound.title).created = inbound.created;
-		store.notify(rowNames[t],false);
-		}
-	store.notifyAll();
-	store.setDirty(true);
-	createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	for(t=0; t<rowNames.length; t++)
-		{
-		createTiddlyLink(step,rowNames[t],true);
-		createTiddlyElement(step,"br");
-		}
-	createTiddlyElement(importer,"h2",null,"step5",this.step5);
-}
-// ---------------------------------------------------------------------------------
-// Menu and toolbar commands
-// ---------------------------------------------------------------------------------
-
-config.commands.closeTiddler.handler = function(event,src,title)
-{
-	story.closeTiddler(title,true,event.shiftKey || event.altKey);
-	return false;
-}
-
-config.commands.closeOthers.handler = function(event,src,title)
-{
-	story.closeAllTiddlers(title);
-	return false;
-}
-
-config.commands.editTiddler.handler = function(event,src,title)
-{
-	clearMessage();
-	story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-	story.focusTiddler(title,"text");
-	return false;
-}
-
-config.commands.saveTiddler.handler = function(event,src,title)
-{
-	var newTitle = story.saveTiddler(title,event.shiftKey);
-	if(newTitle)
-	   story.displayTiddler(null,newTitle);
-	return false;
-}
-
-config.commands.cancelTiddler.handler = function(event,src,title)
-{
-	if(story.hasChanges(title) && !readOnly)
-		if(!confirm(this.warning.format([title])))
-			return false;
-	story.setDirty(title,false);
-	story.displayTiddler(null,title);
-	return false;
-}
-
-config.commands.deleteTiddler.handler = function(event,src,title)
-{
-	var deleteIt = true;
-	if (config.options.chkConfirmDelete)
-		deleteIt = confirm(this.warning.format([title]));
-	if (deleteIt)
-		{
-		store.removeTiddler(title);
-		story.closeTiddler(title,true,event.shiftKey || event.altKey);
-		if(config.options.chkAutoSave)
-			saveChanges();
-		}
-	return false;
-}
-
-config.commands.permalink.handler = function(event,src,title)
-{
-	var t = encodeURIComponent(String.encodeTiddlyLink(title));
-	if(window.location.hash != t)
-		window.location.hash = t;
-	return false;
-}
-
-config.commands.references.handler = function(event,src,title)
-{
-	var popup = Popup.create(src);
-	if(popup)
-		{
-		var references = store.getReferringTiddlers(title);
-		var c = false;
-		for(var r=0; r<references.length; r++)
-			if(references[r].title != title && !references[r].isTagged("excludeLists"))
-				{
-				createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
-				c = true;
-				}
-		if(!c)
-			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
-		}
-	Popup.show(popup,false);
-	event.cancelBubble = true;
-	if (event.stopPropagation) event.stopPropagation();
-	return false;
-}
-
-config.commands.jump.handler = function(event,src,title)
-{
-	var popup = Popup.create(src);
-	if(popup)
-		{
-		story.forEachTiddler(function(title,element) {
-			createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
-			});
-		}
-	Popup.show(popup,false);
-	event.cancelBubble = true;
-	if (event.stopPropagation) event.stopPropagation();
-	return false;
-}
-
-// ---------------------------------------------------------------------------------
-// Tiddler() object
-// ---------------------------------------------------------------------------------
-
-function Tiddler()
-{
-	this.title = null;
-	this.text = null;
-	this.modifier = null;
-	this.modified = new Date();
-	this.created = new Date();
-	this.links = [];
-	this.linksUpdated = false;
-	this.tags = [];
-	return this;
-}
-
-Tiddler.prototype.getLinks = function()
-{
-	if(this.linksUpdated==false)
-		this.changed();
-	return this.links;
-}
-
-// Format the text for storage in an RSS item
-Tiddler.prototype.saveToRss = function(url)
-{
-	var s = [];
-	s.push("<item>");
-	s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
-	s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
-	for(var t=0; t<this.tags.length; t++)
-		s.push("<category>" + this.tags[t] + "</category>");
-	s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
-	s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
-	s.push("</item>");
-	return(s.join("\n"));
-}
-
-// Change the text and other attributes of a tiddler
-Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
-{
-	this.assign(title,text,modifier,modified,tags,created,fields);
-	this.changed();
-	return this;
-}
-
-// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
-Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
-{
-	if(title != undefined)
-		this.title = title;
-	if(text != undefined)
-		this.text = text;
-	if(modifier != undefined)
-		this.modifier = modifier;
-	if(modified != undefined)
-		this.modified = modified;
-	if(created != undefined)
-		this.created = created;
-	if(fields != undefined)
-		this.fields = fields;
-	if(tags != undefined)
-		this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
-	else if(this.tags == undefined)
-		this.tags = [];
-	return this;
-}
-
-// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
-Tiddler.prototype.getTags = function()
-{
-	return String.encodeTiddlyLinkList(this.tags);
-}
-
-// Test if a tiddler carries a tag
-Tiddler.prototype.isTagged = function(tag)
-{
-	return this.tags.indexOf(tag) != -1;
-}
-
-// Static method to convert "\n" to newlines, "\s" to "\"
-Tiddler.unescapeLineBreaks = function(text)
-{
-	return text ? text.unescapeLineBreaks() : "";
-}
-
-// Convert newlines to "\n", "\" to "\s"
-Tiddler.prototype.escapeLineBreaks = function()
-{
-	return this.text.escapeLineBreaks();
-}
-
-// Updates the secondary information (like links[] array) after a change to a tiddler
-Tiddler.prototype.changed = function()
-{
-	this.links = [];
-	var t = this.autoLinkWikiWords() ? 0 : 1;
-	var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
-	tiddlerLinkRegExp.lastIndex = 0;
-	var formatMatch = tiddlerLinkRegExp.exec(this.text);
-	while(formatMatch)
-		{
-		if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
-			{
-			if(formatMatch.index > 0)
-				{
-				var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
-				preRegExp.lastIndex = formatMatch.index-1;
-				var preMatch = preRegExp.exec(this.text);
-				if(preMatch.index != formatMatch.index-1)
-					this.links.pushUnique(formatMatch[1]);
-				}
-			else
-				this.links.pushUnique(formatMatch[1]);
-			}
-		else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
-			this.links.pushUnique(formatMatch[3-t]);
-		else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
-			this.links.pushUnique(formatMatch[4-t]);
-		// Do not add link if match urlPattern (formatMatch[5-t])
-		formatMatch = tiddlerLinkRegExp.exec(this.text);
-		}
-	this.linksUpdated = true;
-	return;
-}
-
-Tiddler.prototype.getSubtitle = function()
-{
-	var theModifier = this.modifier;
-	if(!theModifier)
-		theModifier = config.messages.subtitleUnknown;
-	var theModified = this.modified;
-	if(theModified)
-		theModified = theModified.toLocaleString();
-	else
-		theModified = config.messages.subtitleUnknown;
-	return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
-}
-
-Tiddler.prototype.isReadOnly = function()
-{
-	return readOnly;
-}
-
-Tiddler.prototype.autoLinkWikiWords = function()
-{
-	return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
-}
-
-Tiddler.prototype.generateFingerprint = function()
-{
-	return "0x" + Crypto.hexSha1Str(this.text);
-}
-
-// ---------------------------------------------------------------------------------
-// TiddlyWiki() object contains Tiddler()s
-// ---------------------------------------------------------------------------------
-
-function TiddlyWiki()
-{
-	var tiddlers = {}; // Hashmap by name of tiddlers
-	this.tiddlersUpdated = false;
-	this.namedNotifications = []; // Array of {name:,notify:} of notification functions
-	this.notificationLevel = 0;
-	this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
-	this.clear = function() {
-		tiddlers = {};
-		this.setDirty(false);
-		};
-	this.fetchTiddler = function(title) {
-		return tiddlers[title];
-		};
-	this.deleteTiddler = function(title) {
-		delete this.slices[title];
-		delete tiddlers[title];
-		};
-	this.addTiddler = function(tiddler) {
-		delete this.slices[tiddler.title];
-		tiddlers[tiddler.title] = tiddler;
-		};
-	this.forEachTiddler = function(callback) {
-		for(var t in tiddlers)
-			{
-			var tiddler = tiddlers[t];
-			if(tiddler instanceof Tiddler)
-				callback.call(this,t,tiddler);
-			}
-		};
-}
-
-// Set the dirty flag
-TiddlyWiki.prototype.setDirty = function(dirty)
-{
-	this.dirty = dirty;
-}
-
-TiddlyWiki.prototype.isDirty = function()
-{
-	return this.dirty;
-}
-
-TiddlyWiki.prototype.suspendNotifications = function()
-{
-	this.notificationLevel--;
-}
-
-TiddlyWiki.prototype.resumeNotifications = function()
-{
-	this.notificationLevel++;
-}
-
-// Invoke the notification handlers for a particular tiddler
-TiddlyWiki.prototype.notify = function(title,doBlanket)
-{
-	if(!this.notificationLevel)
-		for(var t=0; t<this.namedNotifications.length; t++)
-			{
-			var n = this.namedNotifications[t];
-			if((n.name == null && doBlanket) || (n.name == title))
-				n.notify(title);
-			}
-}
-
-// Invoke the notification handlers for all tiddlers
-TiddlyWiki.prototype.notifyAll = function()
-{
-	if(!this.notificationLevel)
-		for(var t=0; t<this.namedNotifications.length; t++)
-			{
-			var n = this.namedNotifications[t];
-			if(n.name)
-				n.notify(n.name);
-			}
-}
-
-// Add a notification handler to a tiddler
-TiddlyWiki.prototype.addNotification = function(title,fn)
-{
-	for (var i=0; i<this.namedNotifications.length; i++)
-		if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
-			return this;
-	this.namedNotifications.push({name: title, notify: fn});
-	return this;
-}
-
-TiddlyWiki.prototype.removeTiddler = function(title)
-{
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		{
-		this.deleteTiddler(title);
-		this.notify(title,true);
-		this.setDirty(true);
-		}
-}
-
-TiddlyWiki.prototype.tiddlerExists = function(title)
-{
-	var t = this.fetchTiddler(title);
-	return (t != undefined);
-}
-
-TiddlyWiki.prototype.isShadowTiddler = function(title)
-{
-	return typeof config.shadowTiddlers[title] == "string";
-}
-
-TiddlyWiki.prototype.getTiddler = function(title)
-{
-	var t = this.fetchTiddler(title);
-	if(t != undefined)
-		return t;
-	else
-		return null;
-}
-
-TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
-{
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		return tiddler.text;
-	if(!title)
-		return defaultText;
-	var pos = title.indexOf(config.textPrimitives.sliceSeparator);
-	if(pos != -1)
-		{
-		var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
-		if(slice)
-			return slice;
-		}
-	if(this.isShadowTiddler(title))
-		return config.shadowTiddlers[title];
-	if(defaultText != undefined)
-		return defaultText;
-	return null;
-}
-
-TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
-
-// @internal
-TiddlyWiki.prototype.calcAllSlices = function(title) 
-{
-	var slices = {};
-	var text = this.getTiddlerText(title,"");
-	this.slicesRE.lastIndex = 0;
-	do 
-		{
-			var m = this.slicesRE.exec(text);
-			if (m) 
-				{
-					if (m[1])
-						slices[m[1]] = m[2];
-					else
-						slices[m[3]] = m[4];
-				}
-		}
-	while(m);
-	return slices;
-}
-
-// Returns the slice of text of the given name
-//#
-//# A text slice is a substring in the tiddler's text that is defined
-//# either like this
-//#    aName:  textSlice
-//# or
-//#    |aName:| textSlice |
-//# or
-//#    |aName| textSlice |
-//#
-//# In the text the name (or name:) may be decorated with '' or //. I.e.
-//# this would also a possible text slice:
-//#
-//#    |''aName:''| textSlice |
-//#
-//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
-//# @return [may be undefined] the (trimmed) text of the specified slice.
-TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
-{
-	var slices = this.slices[title];
-	if (!slices) {
-		slices = this.calcAllSlices(title);
-		this.slices[title] = slices;
-	}
-	return slices[sliceName];
-}
-
-// Build an hashmap of the specified named slices of a tiddler
-TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
-{
-	var r = {};
-	for(var t=0; t<sliceNames.length; t++)
-		{
-		var slice = this.getTiddlerSlice(title,sliceNames[t]);
-		if(slice)
-			r[sliceNames[t]] = slice;
-		}
-	return r;
-}
-
-TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
-{
-	var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
-	var text = this.getTiddlerText(title,null);
-	if(text == null)
-		return defaultText;
-	var textOut = [];
-	var lastPos = 0;
-	do {
-		var match = bracketRegExp.exec(text);
-		if(match)
-			{
-			textOut.push(text.substr(lastPos,match.index-lastPos));
-			if(match[1])
-				{
-				if(depth <= 0)
-					textOut.push(match[1]);
-				else
-					textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
-				}
-			lastPos = match.index + match[0].length;
-			}
-		else
-			textOut.push(text.substr(lastPos));
-	} while(match);
-	return(textOut.join(""));
-}
-
-TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
-{
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		{
-		var t = tiddler.tags.indexOf(tag);
-		if(t != -1)
-			tiddler.tags.splice(t,1);
-		if(status)
-			tiddler.tags.push(tag);
-		tiddler.changed();
-		this.notify(title,true);
-		this.setDirty(true);
-		}
-}
-
-TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
-{
-	var tiddler = this.fetchTiddler(title);
-	var created;
-	if(tiddler)
-		{
-		created = tiddler.created; // Preserve created date
-		this.deleteTiddler(title);
-		}
-	else
-		{
-		tiddler = new Tiddler();
-		created = modified;
-		}
-	tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
-	this.addTiddler(tiddler);
-	if(title != newTitle)
-		this.notify(title,true);
-	this.notify(newTitle,true);
-	this.setDirty(true);
-	return tiddler;
-}
-
-TiddlyWiki.prototype.createTiddler = function(title)
-{
-	var tiddler = this.fetchTiddler(title);
-	if(!tiddler)
-		{
-		tiddler = new Tiddler();
-		tiddler.title = title;
-		this.addTiddler(tiddler);
-		this.setDirty(true);
-		}
-	return tiddler;
-}
-
-// Load contents of a tiddlywiki from an HTML DIV
-TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
-{
-	this.idPrefix = idPrefix;
-	var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
-	var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
-	this.setDirty(false);
-	if(!noUpdate)
-		{
-		for(var i = 0;i<tiddlers.length; i++)
-			tiddlers[i].changed();
-		}
-}
-
-TiddlyWiki.prototype.updateTiddlers = function()
-{
-	this.tiddlersUpdated = true;
-	this.forEachTiddler(function(title,tiddler) {
-		tiddler.changed();
-		});
-}
-
-// Return all tiddlers formatted as an HTML string
-TiddlyWiki.prototype.allTiddlersAsHtml = function()
-{
-	return store.getSaver().externalize(store);
-}
-
-// Return an array of tiddlers matching a search regular expression
-TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
-{
-	var candidates = this.reverseLookup("tags",excludeTag,false);
-	var results = [];
-	for(var t=0; t<candidates.length; t++)
-		{
-		if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
-			results.push(candidates[t]);
-		}
-	if(!sortField)
-		sortField = "title";
-	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-	return results;
-}
-
-// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
-TiddlyWiki.prototype.getTags = function()
-{
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		for(var g=0; g<tiddler.tags.length; g++)
-			{
-			var tag = tiddler.tags[g];
-			var f = false;
-			for(var c=0; c<results.length; c++)
-				if(results[c][0] == tag)
-					{
-					f = true;
-					results[c][1]++;
-					}
-			if(!f)
-				results.push([tag,1]);
-			}
-		});
-	results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
-	return results;
-}
-
-// Return an array of the tiddlers that are tagged with a given tag
-TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
-{
-	return this.reverseLookup("tags",tag,true,sortField);
-}
-
-// Return an array of the tiddlers that link to a given tiddler
-TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
-{
-	if(!this.tiddlersUpdated)
-		this.updateTiddlers();
-	return this.reverseLookup("links",title,true,sortField);
-}
-
-// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
-// lookupMatch == true to match tiddlers, false to exclude tiddlers
-TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
-{
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		var f = !lookupMatch;
-		for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
-			if(tiddler[lookupField][lookup] == lookupValue)
-				f = lookupMatch;
-		if(f)
-			results.push(tiddler);
-		});
-	if(!sortField)
-		sortField = "title";
-	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-	return results;
-}
-
-// Return the tiddlers as a sorted array
-TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
-{
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
-			results.push(tiddler);
-		});
-	if(field)
-		results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
-	return results;
-}
-
-// Return array of names of tiddlers that are referred to but not defined
-TiddlyWiki.prototype.getMissingLinks = function(sortField)
-{
-	if(!this.tiddlersUpdated)
-		this.updateTiddlers();
-	var results = [];
-	this.forEachTiddler(function (title,tiddler) {
-		for(var n=0; n<tiddler.links.length;n++)
-			{
-			var link = tiddler.links[n];
-			if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
-				results.pushUnique(link);
-			}
-		});
-	results.sort();
-	return results;
-}
-
-// Return an array of names of tiddlers that are defined but not referred to
-TiddlyWiki.prototype.getOrphans = function()
-{
-	var results = [];
-	this.forEachTiddler(function (title,tiddler) {
-		if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
-			results.push(title);
-		});
-	results.sort();
-	return results;
-}
-
-// Return an array of names of all the shadow tiddlers
-TiddlyWiki.prototype.getShadowed = function()
-{
-	var results = [];
-	for(var t in config.shadowTiddlers)
-		if(typeof config.shadowTiddlers[t] == "string")
-			results.push(t);
-	results.sort();
-	return results;
-}
-
-// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
-TiddlyWiki.prototype.resolveTiddler = function(tiddler) 
-{
-	var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
-	return t instanceof Tiddler ? t : null;
-}
-
-TiddlyWiki.prototype.getLoader = function() 
-{
-	if (!this.loader) 
-		this.loader = new TW21Loader();
-	return this.loader;
-}
- 
-TiddlyWiki.prototype.getSaver = function() 
-{
-	if (!this.saver) 
-		this.saver = new TW21Saver();
-	return this.saver;
-}
-
-// Returns true if path is a valid field name (path),
-// i.e. a sequence of identifiers, separated by '.'
-TiddlyWiki.isValidFieldName = function (name) {
-	var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
-	return match && (match[0] == name);
-}
-
-// Throws an exception when name is not a valid field name.
-TiddlyWiki.checkFieldName = function(name) {
-	if (!TiddlyWiki.isValidFieldName(name))
-		throw config.messages.invalidFieldName.format([name]);
-}
-
-function StringFieldAccess(n, readOnly) {
-	this.set = readOnly 
-		? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
-		: function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
-	this.get = function(t) {return t[n];};
-}
-
-function DateFieldAccess(n) {
-	this.set = function(t,v) {
-			var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v); 
-			if (d != t[n]) {
-				t[n] = d; return true;
-			}
-		};
-	this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
-}
-
-function LinksFieldAccess(n) {
-	this.set = function(t,v) {
-			var s = (typeof v == "string") ? v.readBracketedList() : v; 
-			if (s.toString() != t[n].toString()) {
-				t[n] = s; return true;
-			}
-		};
-	this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
-}
-
-TiddlyWiki.standardFieldAccess = {
-	// The set functions return true when setting the data has changed the value.
-	
-	"title":    new StringFieldAccess("title", true),
-	// Handle the "tiddler" field name as the title
-	"tiddler":  new StringFieldAccess("title", true),
-	
-	"text":     new StringFieldAccess("text"),
-	"modifier": new StringFieldAccess("modifier"),
-	"modified": new DateFieldAccess("modified"),
-	"created":  new DateFieldAccess("created"),
-	"tags":     new LinksFieldAccess("tags")
-};
-
-TiddlyWiki.isStandardField = function(name) {
-	return TiddlyWiki.standardFieldAccess[name] != undefined;
-}
-
-// Sets the value of the given field of the tiddler to the value. 
-// Setting an ExtendedField's value to null or undefined removes the field. 
-// Setting a namespace to undefined removes all fields of that namespace.
-// The fieldName is case-insensitive.
-// All values will be converted to a string value.
-TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
-	TiddlyWiki.checkFieldName(fieldName);
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return;
-		
-	fieldName = fieldName.toLowerCase();
-
-	var isRemove = (value === undefined) || (value === null);
-
-	if (!t.fields) 
-		t.fields = {};
-		
-	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-	if (accessor) {
-		if (isRemove)
-			// don't remove StandardFields
-			return;
-		var h = TiddlyWiki.standardFieldAccess[fieldName];
-		if (!h.set(t, value))
-			return;
-
-	} else {
-		var oldValue = t.fields[fieldName];
-		
-		if (isRemove) {
-			if (oldValue !== undefined) {
-				// deletes a single field
-				delete t.fields[fieldName];
-			} else {
-				// no concrete value is defined for the fieldName
-				// so we guess this is a namespace path.
-				
-				// delete all fields in a namespace
-				var re = new RegExp('^'+fieldName+'\\.');
-				var dirty = false;
-				for (var n in t.fields) {
-					if (n.match(re)) {
-						delete t.fields[n];
-						dirty = true;
-					}
-				}
-				if (!dirty)
-					return
-			}
-				
-		} else {
-			// the "normal" set case. value is defined (not null/undefined)
-			// For convenience provide a nicer conversion Date->String
- 			value = value instanceof Date 
-				? value.convertToYYYYMMDDHHMMSSMMM() 
-				: String(value);
-			if (oldValue == value) 
-				return;
-			t.fields[fieldName] = value;
-		}
-	}
-	
-	// When we are here the tiddler/store really was changed.
-	this.notify(t.title,true);
-	if (!fieldName.match(/^temp\./))
-		this.setDirty(true);
-}
-
-// Returns the value of the given field of the tiddler. 
-// The fieldName is case-insensitive.
-// Will only return String values (or undefined).
-TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return undefined;
-
-	fieldName = fieldName.toLowerCase();
-
-	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-	if (accessor) {
-		return accessor.get(t);
-	}
-	
-	return t.fields ? t.fields[fieldName] : undefined;
-}
-
-// Calls the callback function for every field in the tiddler.
-//
-// When callback function returns a non-false value the iteration stops 
-// and that value is returned. 
-//
-// The order of the fields is not defined.
-// 
-// @param callback a function(tiddler, fieldName, value). 
-// 
-TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return undefined;
-	
-	if (t.fields) {
-		for (var n in t.fields) {
-			var result = callback(t, n, t.fields[n]);
-			if (result)
-				return result;
-		}
-	}
-	
-	if (onlyExtendedFields)
-		return undefined;
-
-	for (var n in TiddlyWiki.standardFieldAccess) {
-		if (n == "tiddler")
-			// even though the "title" field can also be referenced through the name "tiddler"
-			// we only visit this field once.
-			continue;
-			
-		var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
-		if (result)
-			return result;
-	}
-
-	return undefined;
-};
-// ---------------------------------------------------------------------------------
-// Story functions
-// ---------------------------------------------------------------------------------
-
-// A story is a HTML div containing a sequence of tiddlers that can be manipulated
-// container - id of containing element
-// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
-function Story(container,idPrefix)
-{
-	this.container = container;
-	this.idPrefix = idPrefix;
-	this.highlightRegExp = null;
-}
-
-// Iterate through all the tiddlers in a story
-// fn - callback function to be called for each tiddler. Arguments are:
-//		tiddler - reference to Tiddler object
-//		element - reference to tiddler display element
-Story.prototype.forEachTiddler = function(fn)
-{
-	var place = document.getElementById(this.container);
-	if(!place)
-		return;
-	var e = place.firstChild;
-	while(e)
-		{
-		var n = e.nextSibling;
-		var title = e.getAttribute("tiddler");
-		fn.call(this,title,e);
-		e = n;
-		}
-}
-
-// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
-// titles - array of string titles
-Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
-{
-	for(var t = titles.length-1;t>=0;t--)
-		this.displayTiddler(srcElement,titles[t],template,animate,slowly);
-}
-
-// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
-// template, it is switched to the specified template
-// srcElement - reference to element from which this one is being opened -or-
-//              special positions "top", "bottom"
-// title - title of tiddler to display
-// template - the name of the tiddler containing the template -or-
-//			  one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
-//			  null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
-// animate - whether to perform animations
-// slowly - whether to perform animations in slomo
-Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
-{
-	var place = document.getElementById(this.container);
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem)
-		this.refreshTiddler(title,template);
-	else
-		{
-		var before = this.positionTiddler(srcElement);
-		tiddlerElem = this.createTiddler(place,before,title,template);
-		}
-	if(srcElement && typeof srcElement !== "string")
-		{
-		if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
-			anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
-		else
-			window.scrollTo(0,ensureVisible(tiddlerElem));
-		}
-}
-
-// Figure out the appropriate position for a newly opened tiddler
-// srcElement - reference to the element containing the link to the tiddler -or-
-//              special positions "top", "bottom"
-// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
-Story.prototype.positionTiddler = function(srcElement)
-{
-	var place = document.getElementById(this.container);
-	var before;
-	if(typeof srcElement == "string")
-		{
-		switch(srcElement)
-			{
-			case "top":
-				before = place.firstChild;
-				break;
-			case "bottom":
-				before = null;
-				break;
-			}
-		}
-	else
-		{
-		var after = this.findContainingTiddler(srcElement);
-		if(after == null)
-			before = place.firstChild;
-		else if(after.nextSibling)
-			before = after.nextSibling;
-		else
-			before = null;
-		}
-	return before;
-}
-
-// Create a tiddler frame at the appropriate place in a story column
-// place - reference to parent element
-// before - null, or reference to element before which to insert new tiddler
-// title - title of new tiddler
-// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
-Story.prototype.createTiddler = function(place,before,title,template)
-{
-	var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
-	tiddlerElem.setAttribute("refresh","tiddler");
-	place.insertBefore(tiddlerElem,before);
-	this.refreshTiddler(title,template);
-	return tiddlerElem;
-}
-
-// Overridable for choosing the name of the template to apply for a tiddler
-Story.prototype.chooseTemplateForTiddler = function(title,template)
-{
-	if(!template)
-		template = DEFAULT_VIEW_TEMPLATE;
-	if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
-		template = config.tiddlerTemplates[template];
-	return template;
-}
-
-// Overridable for extracting the text of a template from a tiddler
-Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
-{
-	return store.getRecursiveTiddlerText(template,null,10);
-}
-
-// Apply a template to an existing tiddler if it is not already displayed using that template
-// title - title of tiddler to update
-// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
-// force - if true, forces the refresh even if the template hasn't changedd
-Story.prototype.refreshTiddler = function(title,template,force)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem)
-		{
-		if(tiddlerElem.getAttribute("dirty") == "true" && !force)
-			return tiddlerElem;
-		template = this.chooseTemplateForTiddler(title,template);
-		var currTemplate = tiddlerElem.getAttribute("template");
-		if((template != currTemplate) || force)
-			{
-			var tiddler = store.getTiddler(title);
-			if(!tiddler)
-				{
-				tiddler = new Tiddler();
-				if(store.isShadowTiddler(title))
-					tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
-				else
-					{
-					var text = template=="EditTemplate"
-								? config.views.editor.defaultText.format([title])
-								: config.views.wikified.defaultText.format([title]);
-					tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
-					}
-				}
-			tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
-			tiddlerElem.setAttribute("tiddler",title);
-			tiddlerElem.setAttribute("template",template);
-			var me = this;
-			tiddlerElem.onmouseover = this.onTiddlerMouseOver;
-			tiddlerElem.onmouseout = this.onTiddlerMouseOut;
-			tiddlerElem.ondblclick = this.onTiddlerDblClick;
-			tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
-			var html = this.getTemplateForTiddler(title,template,tiddler);
-			tiddlerElem.innerHTML = html;
-			applyHtmlMacros(tiddlerElem,tiddler);
-			if(store.getTaggedTiddlers(title).length > 0)
-				addClass(tiddlerElem,"isTag");
-			else
-				removeClass(tiddlerElem,"isTag");
-			if(!store.tiddlerExists(title))
-				{
-				if(store.isShadowTiddler(title))
-					addClass(tiddlerElem,"shadow");
-				else
-					addClass(tiddlerElem,"missing");
-				}
-			else
-				{
-				removeClass(tiddlerElem,"shadow");
-				removeClass(tiddlerElem,"missing");
-				}
-			}
-		}
-	return tiddlerElem;
-}
-
-// Refresh all tiddlers in the Story
-Story.prototype.refreshAllTiddlers = function() 
-{
-	var place = document.getElementById(this.container);
-	var e = place.firstChild;
-	if(!e)
-		return;
-	this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
-	while((e = e.nextSibling) != null) 
-		this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
-}
-
-// Default tiddler onmouseover/out event handlers
-Story.prototype.onTiddlerMouseOver = function(e)
-{
-	if(window.addClass instanceof Function)
-		addClass(this,"selected");
-}
-
-Story.prototype.onTiddlerMouseOut = function(e)
-{
-	if(window.removeClass instanceof Function)
-		removeClass(this,"selected");
-}
-
-// Default tiddler ondblclick event handler
-Story.prototype.onTiddlerDblClick = function(e)
-{
-	if(!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
-		{
-		if(document.selection && document.selection.empty)
-			document.selection.empty();
-		config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-		e.cancelBubble = true;
-		if (e.stopPropagation) e.stopPropagation();
-		return true;
-		}
-	else
-		return false;
-}
-
-Story.prototype.onTiddlerKeyPress = function(e)
-{
-	if(!e) var e = window.event;
-	clearMessage();
-	var consume = false; 
-	var title = this.getAttribute("tiddler");
-	var target = resolveTarget(e);
-	switch(e.keyCode)
-		{
-		case 9: // Tab
-			if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
-				{
-				replaceSelection(target,String.fromCharCode(9));
-				consume = true; 
-				}
-			if(config.isOpera)
-				{
-				target.onblur = function()
-					{
-					this.focus();
-					this.onblur = null;
-					}
-				}
-			break;
-		case 13: // Ctrl-Enter
-		case 10: // Ctrl-Enter on IE PC
-		case 77: // Ctrl-Enter is "M" on some platforms
-			if(e.ctrlKey)
-				{
-				blurElement(this);
-				config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-				consume = true;
-				}
-			break; 
-		case 27: // Escape
-			blurElement(this);
-			config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
-			consume = true;
-			break;
-		}
-	e.cancelBubble = consume;
-	if(consume)
-		{
-		if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
-		e.returnValue = true; // Cancel The Event in IE
-		if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
-		}
-	return(!consume);
-};
-
-// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
-// or null if it found no edit field at all
-Story.prototype.getTiddlerField = function(title,field)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	var e = null;
-	if(tiddlerElem != null)
-		{
-		var children = tiddlerElem.getElementsByTagName("*");
-		for (var t=0; t<children.length; t++)
-			{
-			var c = children[t];
-			if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
-				{
-				if(!e)
-					e = c;
-				if(c.getAttribute("edit") == field)
-					e = c;
-				}
-			}
-		}
-	return e;
-}
-
-// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
-Story.prototype.focusTiddler = function(title,field)
-{
-	var e = this.getTiddlerField(title,field);
-	if(e)
-		{
-		e.focus();
-		e.select();
-		}
-}
-
-// Ensures that a specified tiddler does not have the focus
-Story.prototype.blurTiddler = function(title)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
-		{
-		tiddlerElem.focus();
-		tiddlerElem.blur();
-		}
-}
-
-// Adds a specified value to the edit controls (if any) of a particular
-// array-formatted field of a particular tiddler (eg "tags")
-//  title - name of tiddler
-//  tag - value of field, without any [[brackets]]
-//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
-//  field - name of field (eg "tags")
-Story.prototype.setTiddlerField = function(title,tag,mode,field)
-{
-	var c = story.getTiddlerField(title,field);
-
-	var tags = c.value.readBracketedList();
-	tags.setItem(tag,mode);
-	c.value = String.encodeTiddlyLinkList(tags);
-}
-
-// The same as setTiddlerField but preset to the "tags" field
-Story.prototype.setTiddlerTag = function(title,tag,mode)
-{
-	Story.prototype.setTiddlerField(title,tag,mode,"tags");
-}
-
-// Close a specified tiddler
-// title - name of tiddler to close
-// animate - whether to perform animations
-// slowly - whether to perform animations in slomo
-Story.prototype.closeTiddler = function(title,animate,slowly)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		{
-		clearMessage();
-		this.scrubTiddler(tiddlerElem);
-		if(anim && config.options.chkAnimate && animate)
-			anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
-		else
-			tiddlerElem.parentNode.removeChild(tiddlerElem);
-		}
-}
-
-// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
-// does not interfere with things
-// tiddler - reference to the tiddler element
-Story.prototype.scrubTiddler = function(tiddlerElem)
-{
-	tiddlerElem.id = null;
-}
-
-// Set the 'dirty' flag of a tiddler
-// title - title of tiddler to change
-// dirty - new boolean status of flag
-Story.prototype.setDirty = function(title,dirty)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
-}
-
-// Is a particular tiddler dirty (with unsaved changes)?
-Story.prototype.isDirty = function(title)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		return tiddlerElem.getAttribute("dirty") == "true";
-	return null;
-}
-
-// Determine whether any open tiddler are dirty
-Story.prototype.areAnyDirty = function()
-{
-	var r = false;
-	this.forEachTiddler(function(title,element) {
-		if(this.isDirty(title))
-			r = true;
-		});
-	return r;
-}
-
-// Close all tiddlers in the story
-Story.prototype.closeAllTiddlers = function(exclude)
-{
-	clearMessage();
-	this.forEachTiddler(function(title,element) {
-		if((title != exclude) && element.getAttribute("dirty") != "true")
-			this.closeTiddler(title);
-		});
-	window.scrollTo(0,0);
-}
-
-// Check if there are any tiddlers in the story
-Story.prototype.isEmpty = function()
-{
-	var place = document.getElementById(this.container);
-	return(place && place.firstChild == null);
-}
-
-// Perform a search and display the result
-// text - text to search for
-// useCaseSensitive - true for case sensitive matching
-// useRegExp - true to interpret text as a RegExp
-Story.prototype.search = function(text,useCaseSensitive,useRegExp)
-{
-	this.closeAllTiddlers();
-	highlightHack = new RegExp(useRegExp ?	 text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
-	var matches = store.search(highlightHack,"title","excludeSearch");
-	var titles = [];
-	for(var t=matches.length-1; t>=0; t--)
-		titles.push(matches[t].title);
-	this.displayTiddlers(null,titles);
-	highlightHack = null;
-	var q = useRegExp ? "/" : "'";
-	if(matches.length > 0)
-		displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
-	else
-		displayMessage(config.macros.search.failureMsg.format([q + text + q]));
-}
-
-// Determine if the specified element is within a tiddler in this story
-// e - reference to an element
-// returns: reference to a tiddler element or null if none
-Story.prototype.findContainingTiddler = function(e)
-{
-	while(e && !hasClass(e,"tiddler"))
-		e = e.parentNode;
-	return(e);
-}
-
-// Gather any saveable fields from a tiddler element
-// e - reference to an element to scan recursively
-// fields - object to contain gathered field values
-Story.prototype.gatherSaveFields = function(e,fields)
-{
-	if(e && e.getAttribute)
-		{
-		var f = e.getAttribute("edit");
-		if(f)
-			fields[f] = e.value.replace(/\r/mg,"");;
-		if(e.hasChildNodes())
-			{
-			var c = e.childNodes;
-			for(var t=0; t<c.length; t++)
-				this.gatherSaveFields(c[t],fields)
-			}
-		}
-}
-
-// Determine whether a tiddler has any edit fields, and if so if their values have been changed
-// title - name of tiddler
-Story.prototype.hasChanges = function(title)
-{
-	var e = document.getElementById(this.idPrefix + title);
-	if(e != null)
-		{
-		var fields = {};
-		this.gatherSaveFields(e,fields);
-		var tiddler = store.fetchTiddler(title);
-		if (!tiddler)
-			return false;
-		for(var n in fields)
-			if (store.getValue(title,n) != fields[n])
-				return true;
-		}
-	return false;
-}
-
-// Save any open edit fields of a tiddler and updates the display as necessary
-// title - name of tiddler
-// minorUpdate - true if the modified date shouldn't be updated
-// returns: title of saved tiddler, or null if not saved
-Story.prototype.saveTiddler = function(title,minorUpdate)
-{
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		{
-		var fields = {};
-		this.gatherSaveFields(tiddlerElem,fields);
-		var newTitle = fields.title ? fields.title : title;
-		if(store.tiddlerExists(newTitle) && newTitle != title)
-			{
-			if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
-				this.closeTiddler(newTitle,false,false);
-			else
-				return null;
-			}
-		tiddlerElem.id = this.idPrefix + newTitle;
-		tiddlerElem.setAttribute("tiddler",newTitle);
-		tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
-		tiddlerElem.setAttribute("dirty","false");
-		if(config.options.chkForceMinorUpdate)
-			minorUpdate = !minorUpdate;
-		var newDate = new Date();
-		store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
-		for (var n in fields) 
-			if (!TiddlyWiki.isStandardField(n))
-				store.setValue(newTitle,n,fields[n]);
-		if(config.options.chkAutoSave)
-			saveChanges();
-		return newTitle;
-		}
-	return null;
-}
-
-Story.prototype.permaView = function()
-{
-	var links = [];
-	this.forEachTiddler(function(title,element) {
-		links.push(String.encodeTiddlyLink(title));
-		});
-	var t = encodeURIComponent(links.join(" "));
-	if(t == "")
-		t = "#";
-	if(window.location.hash != t)
-		window.location.hash = t;
-}
-
-// ---------------------------------------------------------------------------------
-// Message area
-// ---------------------------------------------------------------------------------
-
-function getMessageDiv()
-{
-	var msgArea = document.getElementById("messageArea");
-	if(!msgArea)
-		return null;
-	if(!msgArea.hasChildNodes())
-		createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
-			config.messages.messageClose.text,
-			config.messages.messageClose.tooltip,
-			clearMessage);
-	msgArea.style.display = "block";
-	return createTiddlyElement(msgArea,"div");
-}
-
-function displayMessage(text,linkText)
-{
-	var e = getMessageDiv();
-	if(!e)
-		{
-		alert(text);
-		return;
-		}
-	if(linkText)
-		{
-		var link = createTiddlyElement(e,"a",null,null,text);
-		link.href = linkText;
-		link.target = "_blank";
-		}
-	else
-		e.appendChild(document.createTextNode(text));
-}
-
-function clearMessage()
-{
-	var msgArea = document.getElementById("messageArea");
-	if(msgArea)
-		{
-		removeChildren(msgArea);
-		msgArea.style.display = "none";
-		}
-	return false;
-}
-
-// ---------------------------------------------------------------------------------
-// Refresh mechanism
-// ---------------------------------------------------------------------------------
-
-config.refreshers = {
-	link: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddlyLink");
-		refreshTiddlyLink(e,title);
-		return true;
-		},
-	
-	tiddler: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddler");
-		var template = e.getAttribute("template");
-		if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
-			story.refreshTiddler(title,template,true);
-		else
-			refreshElements(e,changeList);
-		return true;
-		},
-
-	content: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddler");
-		var force = e.getAttribute("force");
-		if(force != null || changeList == null || changeList.indexOf(title) != -1)
-			{
-			removeChildren(e);
-			wikify(store.getTiddlerText(title,title),e);
-			return true;
-			}
-		else
-			return false;
-		},
-
-	macro: function(e,changeList)
-		{
-		var macro = e.getAttribute("macroName");
-		var params = e.getAttribute("params");
-		if(macro)
-			macro = config.macros[macro];
-		if(macro && macro.refresh)
-			macro.refresh(e,params);
-		return true;
-		}
-};
-
-function refreshElements(root,changeList)
-{
-	var nodes = root.childNodes;
-	for(var c=0; c<nodes.length; c++)
-		{
-		var e = nodes[c],type;
-		if(e.getAttribute)
-			type = e.getAttribute("refresh");
-		else
-			type = null;
-		var refresher = config.refreshers[type];
-		var refreshed = false;
-		if(refresher != undefined)
-			refreshed = refresher(e,changeList);
-		if(e.hasChildNodes() && !refreshed)
-			refreshElements(e,changeList);
-		}
-}
-
-function applyHtmlMacros(root,tiddler)
-{
-	var e = root.firstChild;
-	while(e)
-		{
-		var nextChild = e.nextSibling;
-		if(e.getAttribute)
-			{
-			var macro = e.getAttribute("macro");
-			if(macro)
-				{
-				var params = "";
-				var p = macro.indexOf(" ");
-				if(p != -1)
-					{
-					params = macro.substr(p+1);
-					macro = macro.substr(0,p);
-					}
-				invokeMacro(e,macro,params,null,tiddler);
-				}
-			}
-		if(e.hasChildNodes())
-			applyHtmlMacros(e,tiddler);
-		e = nextChild;
-		}
-}
-
-function refreshPageTemplate(title)
-{
-	var stash = createTiddlyElement(document.body,"div");
-	stash.style.display = "none";
-	var display = document.getElementById("tiddlerDisplay");
-	var nodes,t;
-	if(display)
-		{
-		nodes = display.childNodes;
-		for(t=nodes.length-1; t>=0; t--)
-			stash.appendChild(nodes[t]);
-		}
-	var wrapper = document.getElementById("contentWrapper");
-	if(!title)
-		title = "PageTemplate";
-	var html = store.getRecursiveTiddlerText(title,null,10);
-	wrapper.innerHTML = html;
-	applyHtmlMacros(wrapper);
-	refreshElements(wrapper);
-	display = document.getElementById("tiddlerDisplay");
-	removeChildren(display);
-	if(!display)
-		display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
-	nodes = stash.childNodes;
-	for(t=nodes.length-1; t>=0; t--)
-		display.appendChild(nodes[t]);
-	stash.parentNode.removeChild(stash);
-}
-
-function refreshDisplay(hint)
-{
-	var e = document.getElementById("contentWrapper");
-	if(typeof hint == "string")
-		hint = [hint];
-	refreshElements(e,hint);
-}
-
-function refreshPageTitle()
-{
-	document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
-}
-
-function refreshStyles(title)
-{
-	setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
-}
-
-function refreshColorPalette(title)
-{
-	if(!startingUp)
-		refreshAll();
-}
-
-function refreshAll()
-{
-	refreshPageTemplate();
-	refreshDisplay();
-	refreshStyles("StyleSheetLayout");
-	refreshStyles("StyleSheetColors");
-	refreshStyles("StyleSheet");
-	refreshStyles("StyleSheetPrint");
-}
-
-// ---------------------------------------------------------------------------------
-// Options cookie stuff
-// ---------------------------------------------------------------------------------
-
-function loadOptionsCookie()
-{
-	if(safeMode)
-		return;
-	var cookies = document.cookie.split(";");
-	for(var c=0; c<cookies.length; c++)
-		{
-		var p = cookies[c].indexOf("=");
-		if(p != -1)
-			{
-			var name = cookies[c].substr(0,p).trim();
-			var value = cookies[c].substr(p+1).trim();
-			switch(name.substr(0,3))
-				{
-				case "txt":
-					config.options[name] = unescape(value);
-					break;
-				case "chk":
-					config.options[name] = value == "true";
-					break;
-				}
-			}
-		}
-}
-
-function saveOptionCookie(name)
-{
-	if(safeMode)
-		return;
-	var c = name + "=";
-	switch(name.substr(0,3))
-		{
-		case "txt":
-			c += escape(config.options[name].toString());
-			break;
-		case "chk":
-			c += config.options[name] ? "true" : "false";
-			break;
-		}
-	c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
-	document.cookie = c;
-}
-
-// ---------------------------------------------------------------------------------
-// Saving
-// ---------------------------------------------------------------------------------
-
-var saveUsingSafari = false;
-
-var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
-var endSaveArea = '</d' + 'iv>';
-
-// If there are unsaved changes, force the user to confirm before exitting
-function confirmExit()
-{
-	hadConfirmExit = true;
-	if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
-		return config.messages.confirmExit;
-}
-
-// Give the user a chance to save changes before exitting
-function checkUnsavedChanges()
-{
-	if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
-		{
-		if(confirm(config.messages.unsavedChangesWarning))
-			saveChanges();
-		}
-}
-
-function updateMarkupBlock(s,blockName,tiddlerName)
-{
-	return s.replaceChunk(
-			"<!--%0-START-->".format([blockName]),
-			"<!--%0-END-->".format([blockName]),
-			"\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
-}
-
-// Save this tiddlywiki with the pending changes
-function saveChanges(onlyIfDirty)
-{
-	if(onlyIfDirty && !store.isDirty())
-		return;
-	clearMessage();
-	// Get the URL of the document
-	var originalPath = document.location.toString();
-	// Check we were loaded from a file URL
-	if(originalPath.substr(0,5) != "file:")
-		{
-		alert(config.messages.notFileUrlError);
-		if(store.tiddlerExists(config.messages.saveInstructions))
-			story.displayTiddler(null,config.messages.saveInstructions);
-		return;
-		}
-	var localPath = getLocalPath(originalPath);
-	// Load the original file
-	var original = loadFile(localPath);
-	if(original == null)
-		{
-		alert(config.messages.cantSaveError);
-		if(store.tiddlerExists(config.messages.saveInstructions))
-			story.displayTiddler(null,config.messages.saveInstructions);
-		return;
-		}
-	// Locate the storeArea div's
-	var posOpeningDiv = original.indexOf(startSaveArea);
-	var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
-	var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
-	if((posOpeningDiv == -1) || (posClosingDiv == -1))
-		{
-		alert(config.messages.invalidFileError.format([localPath]));
-		return;
-		}
-	// Save the backup
-	if(config.options.chkSaveBackups)
-		{
-		var backupPath = getBackupPath(localPath);
-		var backup = saveFile(backupPath,original);
-		if(backup)
-			displayMessage(config.messages.backupSaved,"file://" + backupPath);
-		else
-			alert(config.messages.backupFailed);
-		}
-	// Save Rss
-	if(config.options.chkGenerateAnRssFeed)
-		{
-		var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
-		var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
-		if(rssSave)
-			displayMessage(config.messages.rssSaved,"file://" + rssPath);
-		else
-			alert(config.messages.rssFailed);
-		}
-	// Save empty template
-	if(config.options.chkSaveEmptyTemplate)
-		{
-		var emptyPath,p;
-		if((p = localPath.lastIndexOf("/")) != -1)
-			emptyPath = localPath.substr(0,p) + "/empty.html";
-		else if((p = localPath.lastIndexOf("\\")) != -1)
-			emptyPath = localPath.substr(0,p) + "\\empty.html";
-		else
-			emptyPath = localPath + ".empty.html";
-		var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
-		var emptySave = saveFile(emptyPath,empty);
-		if(emptySave)
-			displayMessage(config.messages.emptySaved,"file://" + emptyPath);
-		else
-			alert(config.messages.emptyFailed);
-		}
-	var save;
-	try 
-		{
-		// Save new file
-		var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
-					convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
-					original.substr(posClosingDiv);
-		var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
-		revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
-		revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
-		revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
-		revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
-		revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
-		save = saveFile(localPath,revised);
-		}
-	catch (e) 
-		{
-		showException(e);
-		}
-	if(save)
-		{
-		displayMessage(config.messages.mainSaved,"file://" + localPath);
-		store.setDirty(false);
-		}
-	else
-		alert(config.messages.mainFailed);
-}
-
-function getLocalPath(originalPath)
-{
-	// Remove any location or query part of the URL
-	var argPos = originalPath.indexOf("?");
-	if(argPos != -1)
-		originalPath = originalPath.substr(0,argPos);
-	var hashPos = originalPath.indexOf("#");
-	if(hashPos != -1)
-		originalPath = originalPath.substr(0,hashPos);
-	// Convert file://localhost/ to file:///
-	if(originalPath.indexOf("file://localhost/") == 0)
-		originalPath = "file://" + originalPath.substr(16);
-	// Convert to a native file format assuming
-	// "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
-	// "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
-	// "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
-	// "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
-	var localPath;
-	if(originalPath.charAt(9) == ":") // pc local file
-		localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
-	else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
-		localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
-	else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
-		localPath = unescape(originalPath.substr(7));
-	else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
-		localPath = unescape(originalPath.substr(5));
-	else // pc network file
-		localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
-	return localPath;
-}
-
-function getBackupPath(localPath)
-{
-	var backSlash = true;
-	var dirPathPos = localPath.lastIndexOf("\\");
-	if(dirPathPos == -1)
-		{
-		dirPathPos = localPath.lastIndexOf("/");
-		backSlash = false;
-		}
-	var backupFolder = config.options.txtBackupFolder;
-	if(!backupFolder || backupFolder == "")
-		backupFolder = ".";
-	var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
-	backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
-	return backupPath;
-}
-
-function generateRss()
-{
-	var s = [];
-	var d = new Date();
-	var u = store.getTiddlerText("SiteUrl");
-	// Assemble the header
-	s.push("<" + "?xml version=\"1.0\"?" + ">");
-	s.push("<rss version=\"2.0\">");
-	s.push("<channel>");
-	s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
-	if(u)
-		s.push("<link>" + u.htmlEncode() + "</link>");
-	s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
-	s.push("<language>en-us</language>");
-	s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
-	s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
-	s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
-	s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
-	s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
-	// The body
-	var tiddlers = store.getTiddlers("modified","excludeLists");
-	var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
-	for (var t=tiddlers.length-1; t>=n; t--)
-		s.push(tiddlers[t].saveToRss(u));
-	// And footer
-	s.push("</channel>");
-	s.push("</rss>");
-	// Save it all
-	return s.join("\n");
-}
-
-
-// UTF-8 encoding rules:
-// 0x0000 - 0x007F:	0xxxxxxx
-// 0x0080 - 0x07FF:	110xxxxx 10xxxxxx
-// 0x0800 - 0xFFFF:	1110xxxx 10xxxxxx 10xxxxxx
-
-function convertUTF8ToUnicode(u)
-{
-	if(window.netscape == undefined)
-		return manualConvertUTF8ToUnicode(u);
-	else
-		return mozConvertUTF8ToUnicode(u);
-}
-
-function manualConvertUTF8ToUnicode(utf)
-{
-	var uni = utf;
-	var src = 0;
-	var dst = 0;
-	var b1, b2, b3;
-	var c;
-	while(src < utf.length)
-		{
-		b1 = utf.charCodeAt(src++);
-		if(b1 < 0x80)
-			dst++;
-		else if(b1 < 0xE0)
-			{
-			b2 = utf.charCodeAt(src++);
-			c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
-			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-			}
-		else
-			{
-			b2 = utf.charCodeAt(src++);
-			b3 = utf.charCodeAt(src++);
-			c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
-			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-			}
-	}
-	return(uni);
-}
-
-function mozConvertUTF8ToUnicode(u)
-{
-	try
-		{
-		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-		converter.charset = "UTF-8";
-		}
-	catch(e)
-		{
-		return manualConvertUTF8ToUnicode(u);
-		} // fallback
-	var s = converter.ConvertToUnicode(u);
-	var fin = converter.Finish();
-	return (fin.length > 0) ? s+fin : s;
-}
-
-function convertUnicodeToUTF8(s)
-{
-	if(window.netscape == undefined)
-		return manualConvertUnicodeToUTF8(s);
-	else
-		return mozConvertUnicodeToUTF8(s);
-}
-
-function manualConvertUnicodeToUTF8(s)
-{
-	var re = /[^\u0000-\u007F]/g ;
-	return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
-}
-
-function mozConvertUnicodeToUTF8(s)
-{
-	try
-		{
-		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-		converter.charset = "UTF-8";
-		}
-	catch(e)
-		{
-		return manualConvertUnicodeToUTF8(s);
-		} // fallback
-	var u = converter.ConvertFromUnicode(s);
-	var fin = converter.Finish();
-	if(fin.length > 0)
-		return u + fin;
-	else
-		return u;
-}
-
-function saveFile(fileUrl, content)
-{
-	var r = null;
-	if((r == null) || (r == false))
-		r = mozillaSaveFile(fileUrl, content);
-	if((r == null) || (r == false))
-		r = ieSaveFile(fileUrl, content);
-	if((r == null) || (r == false))
-		r = javaSaveFile(fileUrl, content);
-	return(r);
-}
-
-function loadFile(fileUrl)
-{
-	var r = null;
-	if((r == null) || (r == false))
-		r = mozillaLoadFile(fileUrl);
-	if((r == null) || (r == false))
-		r = ieLoadFile(fileUrl);
-	if((r == null) || (r == false))
-		r = javaLoadFile(fileUrl);
-	return(r);
-}
-
-// Returns null if it can't do it, false if there's an error, true if it saved OK
-function ieSaveFile(filePath, content)
-{
-	try
-		{
-		var fso = new ActiveXObject("Scripting.FileSystemObject");
-		}
-	catch(e)
-		{
-		//alert("Exception while attempting to save\n\n" + e.toString());
-		return(null);
-		}
-	var file = fso.OpenTextFile(filePath,2,-1,0);
-	file.Write(content);
-	file.Close();
-	return(true);
-}
-
-// Returns null if it can't do it, false if there's an error, or a string of the content if successful
-function ieLoadFile(filePath)
-{
-	try
-		{
-		var fso = new ActiveXObject("Scripting.FileSystemObject");
-		var file = fso.OpenTextFile(filePath,1);
-		var content = file.ReadAll();
-		file.Close();
-		}
-	catch(e)
-		{
-		//alert("Exception while attempting to load\n\n" + e.toString());
-		return(null);
-		}
-	return(content);
-}
-
-// Returns null if it can't do it, false if there's an error, true if it saved OK
-function mozillaSaveFile(filePath, content)
-{
-	if(window.Components)
-		try
-			{
-			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-			file.initWithPath(filePath);
-			if (!file.exists())
-				file.create(0, 0664);
-			var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
-			out.init(file, 0x20 | 0x02, 00004,null);
-			out.write(content, content.length);
-			out.flush();
-			out.close();
-			return(true);
-			}
-		catch(e)
-			{
-			//alert("Exception while attempting to save\n\n" + e);
-			return(false);
-			}
-	return(null);
-}
-
-// Returns null if it can't do it, false if there's an error, or a string of the content if successful
-function mozillaLoadFile(filePath)
-{
-	if(window.Components)
-		try
-			{
-			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-			file.initWithPath(filePath);
-			if (!file.exists())
-				return(null);
-			var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
-			inputStream.init(file, 0x01, 00004, null);
-			var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
-			sInputStream.init(inputStream);
-			return(sInputStream.read(sInputStream.available()));
-			}
-		catch(e)
-			{
-			//alert("Exception while attempting to load\n\n" + e);
-			return(false);
-			}
-	return(null);
-}
-
-function javaUrlToFilename(url)
-{
-	var f = "//localhost";
-	if(url.indexOf(f) == 0)
-		return url.substring(f.length);
-	var i = url.indexOf(":");
-	if(i > 0)
-		return url.substring(i-1);
-	return url;
-}
-
-function javaSaveFile(filePath, content)
-{
-	try
-		{
-		if(document.applets["TiddlySaver"])
-			return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
-		}
-	catch(e)
-		{
-		}
-	try
-		{
-		var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
-		s.print(content);
-		s.close();
-		}
-	catch(e)
-		{
-		return null;
-		}
-	return true;
-}
-
-function javaLoadFile(filePath)
-{
-	try
-		{
-	if(document.applets["TiddlySaver"])
-		return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
-		}
-	catch(e)
-		{
-		}
-	var content = [];
-	try
-		{
-		var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
-		var line;
-		while ((line = r.readLine()) != null)
-			content.push(new String(line));
-		r.close();
-		}
-	catch(e)
-		{
-		return null;
-		}
-	return content.join("\n");
-}
-
-
-// ---------------------------------------------------------------------------------
-// Remote HTTP requests
-// ---------------------------------------------------------------------------------
-
-// Load a file over http
-//   url - the source url
-//   callback - function to call when there's a response
-//   params - parameter object that gets passed to the callback for storing it's state
-// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
-// Callback function is called like this:
-//   callback(status,params,responseText,xhr)
-//     status - true if OK, false if error
-//     params - the parameter object provided to loadRemoteFile()
-//     responseText - the text of the file
-//     xhr - the underlying XMLHttpRequest object
-function loadRemoteFile(url,callback,params)
-{
-	// Get an xhr object
-	var x;
-	try
-		{
-		x = new XMLHttpRequest(); // Modern
-		}
-	catch(e)
-		{
-		try
-			{
-			x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
-			}
-		catch (e)
-			{
-			return null;
-			}
-		}
-	// Install callback
-	x.onreadystatechange = function()
-		{
-		if (x.readyState == 4)
-			{
-			if ((x.status == 0 || x.status == 200) && callback)
-				{
-				callback(true,params,x.responseText,url,x);
-			}
-			else
-				callback(false,params,null,url,x);
-			}
-		}
-	// Send request
-	if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
-		window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
-	try
-		{
-		url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
-		x.open("GET",url,true);
-		if (x.overrideMimeType)
-			x.overrideMimeType("text/html");
-		x.send(null);
-		}
-	catch (e)
-		{
-		alert("Error in send " + e);
-		return null;
-		}
-	return x;
-}
-// ---------------------------------------------------------------------------------
-// TiddlyWiki-specific utility functions
-// ---------------------------------------------------------------------------------
-
-function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
-{
-	var theButton = document.createElement("a");
-	if(theAction)
-		{
-		theButton.onclick = theAction;
-		theButton.setAttribute("href","javascript:;");
-		}
-	if(theTooltip)
-		theButton.setAttribute("title",theTooltip);
-	if(theText)
-		theButton.appendChild(document.createTextNode(theText));
-	if(theClass)
-		theButton.className = theClass;
-	else
-		theButton.className = "button";
-	if(theId)
-		theButton.id = theId;
-	if(theParent)
-		theParent.appendChild(theButton);
-	if(theAccessKey)
-		theButton.setAttribute("accessKey",theAccessKey);
-	return(theButton);
-}
-
-function createTiddlyLink(place,title,includeText,theClass,isStatic)
-{
-	var text = includeText ? title : null;
-	var i = getTiddlyLinkInfo(title,theClass)
-	var btn;
-	if(isStatic)
-		btn = createExternalLink(place,"#" + title);
-	else
-		btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
-	btn.setAttribute("refresh","link");
-	btn.setAttribute("tiddlyLink",title);
-	return(btn);
-}
-
-function refreshTiddlyLink(e,title)
-{
-	var i = getTiddlyLinkInfo(title,e.className);
-	e.className = i.classes;
-	e.title = i.subTitle;
-}
-
-function getTiddlyLinkInfo(title,currClasses)
-{
-	var classes = currClasses ? currClasses.split(" ") : [];
-	classes.pushUnique("tiddlyLink");
-	var tiddler = store.fetchTiddler(title);
-	var subTitle;
-	if(tiddler)
-		{
-		subTitle = tiddler.getSubtitle();
-		classes.pushUnique("tiddlyLinkExisting");
-		classes.remove("tiddlyLinkNonExisting");
-		classes.remove("shadow");
-		}
-	else
-		{
-		classes.remove("tiddlyLinkExisting");
-		classes.pushUnique("tiddlyLinkNonExisting");
-		if(store.isShadowTiddler(title))
-			{
-			subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
-			classes.pushUnique("shadow");
-			}
-		else
-			{
-			subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
-			classes.remove("shadow");
-			}
-		}
-	return {classes: classes.join(" "), subTitle: subTitle};
-}
-
-function createExternalLink(place,url)
-{
-	var theLink = document.createElement("a");
-	theLink.className = "externalLink";
-	theLink.href = url;
-	theLink.title = config.messages.externalLinkTooltip.format([url]);
-	if(config.options.chkOpenInNewWindow)
-		theLink.target = "_blank";
-	place.appendChild(theLink);
-	return(theLink);
-}
-
-// Event handler for clicking on a tiddly link
-function onClickTiddlerLink(e)
-{
-	if (!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	var theLink = theTarget;
-	var title = null;
-	do {
-		title = theLink.getAttribute("tiddlyLink");
-		theLink = theLink.parentNode;
-	} while(title == null && theLink != null);
-	if(title)
-		{
-		var toggling = e.metaKey || e.ctrlKey;
-		if(config.options.chkToggleLinks)
-			toggling = !toggling;
-		var opening;
-		if(toggling && document.getElementById("tiddler" + title))
-			story.closeTiddler(title,true,e.shiftKey || e.altKey);
-		else
-			story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
-		}
-	clearMessage();
-	return(false);
-}
-
-// Create a button for a tag with a popup listing all the tiddlers that it tags
-function createTagButton(place,tag,excludeTiddler)
-{
-	var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
-	theTag.setAttribute("tag",tag);
-	if(excludeTiddler)
-		theTag.setAttribute("tiddler",excludeTiddler);
-	return(theTag);
-}
-
-// Event handler for clicking on a tiddler tag
-function onClickTag(e)
-{
-	if (!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	var popup = Popup.create(this);
-	var tag = this.getAttribute("tag");
-	var title = this.getAttribute("tiddler");
-	if(popup && tag)
-		{
-		var tagged = store.getTaggedTiddlers(tag);
-		var titles = [];
-		var li,r;
-		for(r=0;r<tagged.length;r++)
-			if(tagged[r].title != title)
-				titles.push(tagged[r].title);
-		var lingo = config.views.wikified.tag;
-		if(titles.length > 0)
-			{
-			var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
-			openAll.setAttribute("tag",tag);
-			createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-			for(r=0; r<titles.length; r++)
-				{
-				createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
-				}
-			}
-		else
-			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
-		createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-		var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
-		createTiddlyText(h,lingo.openTag.format([tag]));
-		}
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if (e.stopPropagation) e.stopPropagation();
-	return(false);
-}
-
-// Event handler for 'open all' on a tiddler popup
-function onClickTagOpenAll(e)
-{
-	if (!e) var e = window.event;
-	var tag = this.getAttribute("tag");
-	var tagged = store.getTaggedTiddlers(tag);
-	var titles = [];
-	for(var t=0; t<tagged.length; t++)
-		titles.push(tagged[t].title);
-	story.displayTiddlers(this,titles);
-	return(false);
-}
-
-function onClickError(e)
-{
-	if (!e) var e = window.event;
-	var popup = Popup.create(this);
-	var lines = this.getAttribute("errorText").split("\n");
-	for(var t=0; t<lines.length; t++)
-		createTiddlyElement(popup,"li",null,null,lines[t]);
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if (e.stopPropagation) e.stopPropagation();
-	return false;
-}
-
-function createTiddlyDropDown(place,onchange,options)
-{
-	var sel = createTiddlyElement(place,"select");
-	sel.onchange = onchange;
-	for(var t=0; t<options.length; t++)
-		{
-		var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
-		e.value = options[t].name;
-		}
-}
-
-function createTiddlyError(place,title,text)
-{
-	var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
-	if (text) btn.setAttribute("errorText",text);
-}
-
-function merge(dst,src,preserveExisting)
-{
-	for (p in src)
-		if (!preserveExisting || dst[p] === undefined)
-			dst[p] = src[p];
-	return dst;
-}
-
-// Returns a string containing the description of an exception, optionally prepended by a message
-function exceptionText(e, message)
-{
-	var s = e.description ? e.description : e.toString();
-	return message ? "%0:\n%1".format([message, s]) : s;
-}
-
-// Displays an alert of an exception description with optional message
-function showException(e, message)
-{
-	alert(exceptionText(e, message));
-}
-
-// ---------------------------------------------------------------------------------
-// Animation engine
-// ---------------------------------------------------------------------------------
-
-function Animator()
-{
-	this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
-	this.timerID = 0; // ID of the timer used for animating
-	this.animations = []; // List of animations in progress
-	return this;
-}
-
-// Start animation engine
-Animator.prototype.startAnimating = function() // Variable number of arguments
-{
-	for(var t=0; t<arguments.length; t++)
-		this.animations.push(arguments[t]);
-	if(this.running == 0)
-		{
-		var me = this;
-		this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
-		}
-	this.running += arguments.length;
-}
-
-// Perform an animation engine tick, calling each of the known animation modules
-Animator.prototype.doAnimate = function(me)
-{
-	var a = 0;
-	while(a < me.animations.length)
-		{
-		var animation = me.animations[a];
-		if(animation.tick())
-			a++;
-		else
-			{
-			me.animations.splice(a,1);
-			if(--me.running == 0)
-				window.clearInterval(me.timerID);
-			}
-		}
-}
-
-// Map a 0..1 value to 0..1, but slow down at the start and end
-Animator.slowInSlowOut = function(progress)
-{
-	return(1-((Math.cos(progress * Math.PI)+1)/2));
-}
-
-// ---------------------------------------------------------------------------------
-// Cascade animation
-// ---------------------------------------------------------------------------------
-
-function Cascade(text,startElement,targetElement,slowly)
-{
-	var winWidth = findWindowWidth();
-	var winHeight = findWindowHeight();
-	this.elements = [];
-	this.startElement = startElement;
-	this.startLeft = findPosX(this.startElement);
-	this.startTop = findPosY(this.startElement);
-	this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
-	this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
-	this.targetElement = targetElement;
-	targetElement.style.position = "relative";
-	targetElement.style.zIndex = 2;
-	this.targetLeft = findPosX(this.targetElement);
-	this.targetTop = findPosY(this.targetElement);
-	this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
-	this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
-	this.progress = -1;
-	this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
-	this.text = text;
-	this.tick();
-	return this;
-}
-
-Cascade.prototype.tick = function()
-{
-	this.progress++;
-	if(this.progress >= this.steps)
-		{
-		while(this.elements.length > 0)
-			this.removeTail();
-		this.targetElement.style.position = "static";
-		this.targetElement.style.zIndex = "";
-		return false;
-		}
-	else
-		{
-		if(this.elements.length > 0 && this.progress > config.cascadeDepth)
-			this.removeTail();
-		if(this.progress < (this.steps - config.cascadeDepth))
-			{
-			var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
-			var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
-			e.style.zIndex = 1;
-			e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
-			e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
-			e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
-			e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
-			e.style.display = "block";
-			this.elements.push(e);
-			}
-		return true;
-		}
-}
-
-Cascade.prototype.removeTail = function()
-{
-	var e = this.elements[0];
-	e.parentNode.removeChild(e);
-	this.elements.shift();
-}
-
-// ---------------------------------------------------------------------------------
-// Scroller animation
-// ---------------------------------------------------------------------------------
-
-function Scroller(targetElement,slowly)
-{
-	this.targetElement = targetElement;
-	this.startScroll = findScrollY();
-	this.targetScroll = ensureVisible(targetElement);
-	this.progress = 0;
-	this.step = slowly ? config.animSlow : config.animFast;
-	return this;
-}
-
-Scroller.prototype.tick = function()
-{
-	this.progress += this.step;
-	if(this.progress > 1)
-		{
-		window.scrollTo(0,this.targetScroll);
-		return false;
-		}
-	else
-		{
-		var f = Animator.slowInSlowOut(this.progress);
-		window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
-		return true;
-		}
-}
-
-// ---------------------------------------------------------------------------------
-// Slider animation
-// ---------------------------------------------------------------------------------
-
-// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
-function Slider(element,opening,slowly,deleteMode)
-{
-	this.element = element;
-	element.style.display = "block";
-	this.deleteMode = deleteMode;
-	this.element.style.height = "auto";
-	this.realHeight = element.offsetHeight;
-	this.opening = opening;
-	this.step = slowly ? config.animSlow : config.animFast;
-	if(opening)
-		{
-		this.progress = 0;
-		element.style.height = "0px";
-		element.style.display = "block";
-		}
-	else
-		{
-		this.progress = 1;
-		this.step = -this.step;
-		}
-	element.style.overflow = "hidden";
-	return this;
-}
-
-Slider.prototype.stop = function()
-{
-	if(this.opening)
-		{
-		this.element.style.height = "auto";
-		this.element.style.opacity = 1;
-		this.element.style.filter = "alpha(opacity:100)";
-		}
-	else
-		{
-		switch(this.deleteMode)
-			{
-			case "none":
-				this.element.style.display = "none";
-				break;
-			case "all":
-				this.element.parentNode.removeChild(this.element);
-				break;
-			case "children":
-				removeChildren(this.element);
-				break;
-			}
-		}
-}
-
-Slider.prototype.tick = function()
-{
-	this.progress += this.step;
-	if(this.progress < 0 || this.progress > 1)
-		{
-		this.stop();
-		return false;
-		}
-	else
-		{
-		var f = Animator.slowInSlowOut(this.progress);
-		var h = this.realHeight * f;
-		this.element.style.height = h + "px";
-		this.element.style.opacity = f;
-		this.element.style.filter = "alpha(opacity:" + f * 100 +")";
-		return true;
-		}
-}
-
-// ---------------------------------------------------------------------------------
-// Popup menu
-// ---------------------------------------------------------------------------------
-
-var Popup = {
-	stack: [] // Array of objects with members root: and popup:
-	};
-
-Popup.create = function(root)
-{
-	Popup.remove();
-	var popup = createTiddlyElement(document.body,"ol","popup","popup");
-	Popup.stack.push({root: root, popup: popup});
-	return popup;
-}
-
-Popup.onDocumentClick = function(e)
-{
-	if (!e) var e = window.event;
-	var target = resolveTarget(e);
-	if(e.eventPhase == undefined)
-		Popup.remove();
-	else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
-		Popup.remove();
-	return true;
-}
-
-Popup.show = function(unused,slowly)
-{
-	var curr = Popup.stack[Popup.stack.length-1];
-	var rootLeft = findPosX(curr.root);
-	var rootTop = findPosY(curr.root);
-	var rootHeight = curr.root.offsetHeight;
-	var popupLeft = rootLeft;
-	var popupTop = rootTop + rootHeight;
-	var popupWidth = curr.popup.offsetWidth;
-	var winWidth = findWindowWidth();
-	if(popupLeft + popupWidth > winWidth)
-		popupLeft = winWidth - popupWidth;
-	curr.popup.style.left = popupLeft + "px";
-	curr.popup.style.top = popupTop + "px";
-	curr.popup.style.display = "block";
-	addClass(curr.root,"highlight");
-	if(anim && config.options.chkAnimate)
-		anim.startAnimating(new Scroller(curr.popup,slowly));
-	else
-		window.scrollTo(0,ensureVisible(curr.popup));
-}
-
-Popup.remove = function()
-{
-	if(Popup.stack.length > 0)
-		{
-		Popup.removeFrom(0);
-		}
-}
-
-Popup.removeFrom = function(from)
-{
-	for(var t=Popup.stack.length-1; t>=from; t--)
-		{
-		var p = Popup.stack[t];
-		removeClass(p.root,"highlight");
-		p.popup.parentNode.removeChild(p.popup);
-		}
-	Popup.stack = Popup.stack.slice(0,from);
-}
-
-// ---------------------------------------------------------------------------------
-// ListView gadget
-// ---------------------------------------------------------------------------------
-
-var ListView = {};
-
-// Create a listview
-//   place - where in the DOM tree to insert the listview
-//   listObject - array of objects to be included in the listview
-//   listTemplate - template for the listview
-//   callback - callback for a command being selected
-//   className - optional classname for the <table> element
-ListView.create = function(place,listObject,listTemplate,callback,className)
-{
-	var table = createTiddlyElement(place,"table",null,className ? className : "listView");
-	var thead = createTiddlyElement(table,"thead");
-	var r = createTiddlyElement(thead,"tr");
-	for(var t=0; t<listTemplate.columns.length; t++)
-		{
-		var columnTemplate = listTemplate.columns[t];
-		var c = createTiddlyElement(r,"th");
-		var colType = ListView.columnTypes[columnTemplate.type];
-		if(colType && colType.createHeader)
-			colType.createHeader(c,columnTemplate,t);
-		}
-	var tbody = createTiddlyElement(table,"tbody");
-	for(var rc=0; rc<listObject.length; rc++)
-		{
-		rowObject = listObject[rc];
-		r = createTiddlyElement(tbody,"tr");
-		for(var c=0; c<listTemplate.rowClasses.length; c++)
-			{
-			if(rowObject[listTemplate.rowClasses[c].field])
-				addClass(r,listTemplate.rowClasses[c].className);
-			}
-		rowObject.rowElement = rowObject;
-		rowObject.colElements = {};
-		for(var cc=0; cc<listTemplate.columns.length; cc++)
-			{
-			var c = createTiddlyElement(r,"td");
-			var columnTemplate = listTemplate.columns[cc];
-			var field = columnTemplate.field;
-			var colType = ListView.columnTypes[columnTemplate.type];
-			if(colType && colType.createItem)
-				colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
-			rowObject.colElements[field] = c;
-			}
-		}
-	if(callback && listTemplate.actions)
-		createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
-	if(callback && listTemplate.buttons)
-		{
-		for(t=0; t<listTemplate.buttons.length; t++)
-			{
-			var a = listTemplate.buttons[t];
-			if(a && a.name != "")
-				createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
-			}
-		}
-	return table;
-}
-
-ListView.getCommandHandler = function(callback,name,allowEmptySelection)
-{
-	return function(e)
-		{
-		var view = findRelated(this,"TABLE",null,"previousSibling");
-		var tiddlers = [];
-		ListView.forEachSelector(view,function(e,rowName) {
-					if(e.checked)
-						tiddlers.push(rowName);
-					});
-		if(tiddlers.length == 0 && !allowEmptySelection)
-			alert(config.messages.nothingSelected);
-		else
-			{
-			if(this.nodeName.toLowerCase() == "select")
-				{
-				callback(view,this.value,tiddlers);
-				this.selectedIndex = 0;
-				}
-			else
-				callback(view,name,tiddlers);
-			}
-		};
-}
-
-// Invoke a callback for each selector checkbox in the listview
-//   view - <table> element of listView
-//   callback(checkboxElement,rowName)
-//     where
-//       checkboxElement - DOM element of checkbox
-//       rowName - name of this row as assigned by the column template
-//   result: true if at least one selector was checked
-ListView.forEachSelector = function(view,callback)
-{
-	var checkboxes = view.getElementsByTagName("input");
-	var hadOne = false;
-	for(var t=0; t<checkboxes.length; t++)
-		{
-		var cb = checkboxes[t];
-		if(cb.getAttribute("type") == "checkbox")
-			{
-			var rn = cb.getAttribute("rowName");
-			if(rn)
-				{
-				callback(cb,rn);
-				hadOne = true;
-				}
-			}
-		}
-	return hadOne;
-}
-
-ListView.columnTypes = {};
-
-ListView.columnTypes.String = {
-	createHeader: function(place,columnTemplate,col)
-		{
-			createTiddlyText(place,columnTemplate.title);
-		},
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				createTiddlyText(place,v);
-		}
-};
-
-ListView.columnTypes.Date = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
-		}
-};
-
-ListView.columnTypes.StringList = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				{
-				for(var t=0; t<v.length; t++)
-					{
-					createTiddlyText(place,v[t]);
-					createTiddlyElement(place,"br");
-					}
-				}
-		}
-};
-
-ListView.columnTypes.Selector = {
-	createHeader: function(place,columnTemplate,col)
-		{
-			createTiddlyCheckbox(place,null,false,this.onHeaderChange);
-		},
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var e = createTiddlyCheckbox(place,null,listObject[field],null);
-			e.setAttribute("rowName",listObject[columnTemplate.rowName]);
-		},
-	onHeaderChange: function(e)
-		{
-			var state = this.checked;
-			var view = findRelated(this,"TABLE");
-			if(!view)
-				return;
-			ListView.forEachSelector(view,function(e,rowName) {
-								e.checked = state;
-							});
-		}
-};
-
-ListView.columnTypes.Tags = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var tags = listObject[field];
-			createTiddlyText(place,String.encodeTiddlyLinkList(tags));
-		}
-};
-
-ListView.columnTypes.Boolean = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			if(listObject[field] == true)
-				createTiddlyText(place,columnTemplate.trueText);
-			if(listObject[field] == false)
-				createTiddlyText(place,columnTemplate.falseText);
-		}
-};
-
-ListView.columnTypes.TagCheckbox = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
-			e.setAttribute("tiddler",listObject.title);
-			e.setAttribute("tag",columnTemplate.tag);
-		},
-	onChange : function(e)
-		{
-			var tag = this.getAttribute("tag");
-			var tiddler = this.getAttribute("tiddler");
-			store.setTiddlerTag(tiddler,this.checked,tag);
-		}
-};
-
-ListView.columnTypes.TiddlerLink = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				{
-				var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
-				createTiddlyText(link,listObject[field]);
-				}
-		}
-};
-// ---------------------------------------------------------------------------------
-// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
-// ---------------------------------------------------------------------------------
-
-// Clamp a number to a range
-Number.prototype.clamp = function(min,max)
-{
-	var c = this;
-	if(c < min)
-		c = min;
-	if(c > max)
-		c = max;
-	return c;
-}
-
-// Add indexOf function if browser does not support it
-if(!Array.indexOf) {
-Array.prototype.indexOf = function(item,from)
-{
-	if(!from)
-		from = 0;
-	for(var i=from; i<this.length; i++)
-		if(this[i] === item)
-			return i;
-	return -1;
-}}
-
-// Find an entry in a given field of the members of an array
-Array.prototype.findByField = function(field,value)
-{
-	for(var t=0; t<this.length; t++)
-		if(this[t][field] == value)
-			return t;
-	return null;
-}
-
-// Return whether an entry exists in an array
-Array.prototype.contains = function(item)
-{
-	return this.indexOf(item) != -1;
-};
-
-// Adds, removes or toggles a particular value within an array
-//  value - value to add
-//  mode - +1 to add value, -1 to remove value, 0 to toggle it
-Array.prototype.setItem = function(value,mode)
-{
-	var p = this.indexOf(value);
-	if(mode == 0)
-		mode = (p == -1) ? +1 : -1;
-	if(mode == +1)
-		{
-		if(p == -1)
-			this.push(value);
-		}
-	else if(mode == -1)
-		{
-		if(p != -1)
-			this.splice(p,1);
-		}
-}
-
-// Return whether one of a list of values exists in an array
-Array.prototype.containsAny = function(items)
-{
-	for(var i=0; i<items.length; i++)
-		if (this.indexOf(items[i]) != -1)
-			return true;
-	return false;
-};
-
-// Return whether all of a list of values exists in an array
-Array.prototype.containsAll = function(items)
-{
-	for (var i = 0; i<items.length; i++)
-		if (this.indexOf(items[i]) == -1)
-			return false;
-	return true;
-};
-
-// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
-Array.prototype.pushUnique = function(item,unique)
-{
-	if(unique != undefined && unique == false)
-		this.push(item);
-	else
-		{
-		if(this.indexOf(item) == -1)
-			this.push(item);
-		}
-}
-
-Array.prototype.remove = function(item)
-{
-	var p = this.indexOf(item);
-	if(p != -1)
-		this.splice(p,1);
-}
-
-// Get characters from the right end of a string
-String.prototype.right = function(n)
-{
-	if(n < this.length)
-		return this.slice(this.length-n);
-	else
-		return this;
-}
-
-// Trim whitespace from both ends of a string
-String.prototype.trim = function()
-{
-	return this.replace(/^\s*|\s*$/g,"");
-}
-
-// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
-String.prototype.unDash = function()
-{
-	var s = this.split("-");
-	if(s.length > 1)
-		for(var t=1; t<s.length; t++)
-			s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
-	return s.join("");
-}
-
-// Substitute substrings from an array into a format string that includes '%1'-type specifiers
-String.prototype.format = function(substrings)
-{
-	var subRegExp = /(?:%(\d+))/mg;
-	var currPos = 0;
-	var r = [];
-	do {
-		var match = subRegExp.exec(this);
-		if(match && match[1])
-			{
-			if(match.index > currPos)
-				r.push(this.substring(currPos,match.index));
-			r.push(substrings[parseInt(match[1])]);
-			currPos = subRegExp.lastIndex;
-			}
-	} while(match);
-	if(currPos < this.length)
-		r.push(this.substring(currPos,this.length));
-	return r.join("");
-}
-
-// Escape any special RegExp characters with that character preceded by a backslash
-String.prototype.escapeRegExp = function()
-{
-	var s = "\\^$*+?()=!|,{}[].";
-	var c = this;
-	for(var t=0; t<s.length; t++)
-		c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
-	return c;
-}
-
-// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
-String.prototype.escapeLineBreaks = function()
-{
-	return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
-}
-
-// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
-String.prototype.unescapeLineBreaks = function()
-{
-	return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
-}
-
-// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
-String.prototype.htmlEncode = function()
-{
-	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
-}
-
-// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
-String.prototype.htmlDecode = function()
-{
-	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
-}
-
-// Parse a space-separated string of name:value parameters where:
-//   - the name or the value can be optional (in which case separate defaults are used instead)
-//     - in case of ambiguity, a lone word is taken to be a value
-//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
-//     - name prefixes are not allowed if the 'noNames' parameter is true
-//   - if both the name and value are present they must be separated by a colon
-//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
-//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
-//     - as long as the 'allowEval' parameter is true
-// The result is an array of objects:
-//   result[0] = object with a member for each parameter name, value of that member being an array of values
-//   result[1..n] = one object for each parameter, with 'name' and 'value' members
-String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
-{
-	var parseToken = function(match,p)
-		{
-		var n;
-		if(match[p]) // Double quoted
-			n = match[p];
-		else if(match[p+1]) // Single quoted
-			n = match[p+1];
-		else if(match[p+2]) // Double-square-bracket quoted
-			n = match[p+2];
-		else if(match[p+3]) // Double-brace quoted
-			try
-				{
-				n = match[p+3];
-				if(allowEval)
-					n = window.eval(n);
-				}
-			catch(e)
-				{
-				throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
-				}
-		else if(match[p+4]) // Unquoted
-			n = match[p+4];
-		else if(match[p+5]) // empty quote
-			n = "";
-		return n;
-		};
-	var r = [{}];
-	var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
-	var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
-	var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
-	var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
-	var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
-	var emptyQuote = "((?:\"\")|(?:''))";
-	var skipSpace = "(?:\\s*)";
-	var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
-	var re = noNames
-		? new RegExp(token,"mg")
-		: new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
-	var params = [];
-	do {
-		var match = re.exec(this);
-		if(match)
-			{
-			var n = parseToken(match,1);
-			if(noNames)
-				r.push({name: "", value: n});
-			else
-				{
-				var v = parseToken(match,8);
-				if(v == null && defaultName)
-					{
-					v = n;
-					n = defaultName;
-					}
-				else if(v == null && defaultValue)
-					v = defaultValue;
-				r.push({name: n, value: v});
-				if(cascadeDefaults)
-					{
-					defaultName = n;
-					defaultValue = v;
-					}
-				}
-			}
-	} while(match);
-	// Summarise parameters into first element
-	for(var t=1; t<r.length; t++)
-		{
-		if(r[0][r[t].name])
-			r[0][r[t].name].push(r[t].value);
-		else
-			r[0][r[t].name] = [r[t].value];
-		}
-	return r;
-}
-
-// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
-// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
-// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
-String.prototype.readMacroParams = function()
-{
-	var p = this.parseParams("list",null,true,true);
-	var n = [];
-	for(var t=1; t<p.length; t++)
-		n.push(p[t].value);
-	return n;
-}
-
-// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
-String.prototype.readBracketedList = function(unique)
-{
-	var p = this.parseParams("list",null,false,true);
-	var n = [];
-	for(var t=1; t<p.length; t++)
-		n.pushUnique(p[t].value,unique);
-	return n;
-}
-
-// Returns array with start and end index of chunk between given start and end marker, or undefined.
-String.prototype.getChunkRange = function(start,end) 
-{
-	var s = this.indexOf(start);
-	if(s != -1)
-		{
-		s += start.length;
-		var e = this.indexOf(end,s);
-		if(e != -1)
-			return [s, e];
-		}
-}
-
-// Replace a chunk of a string given start and end markers
-String.prototype.replaceChunk = function(start,end,sub)
-{
-	var r = this.getChunkRange(start,end);
-	return r 
-		? this.substring(0,r[0]) + sub + this.substring(r[1])
-		: this;
-}
-
-// Returns a chunk of a string between start and end markers, or undefined
-String.prototype.getChunk = function(start,end)
-{
-	var r = this.getChunkRange(start,end);
-	if (r)
-		return this.substring(r[0],r[1]);
-}
-
-
-// Static method to bracket a string with double square brackets if it contains a space
-String.encodeTiddlyLink = function(title)
-{
-	if(title.indexOf(" ") == -1)
-		return(title);
-	else
-		return("[[" + title + "]]");
-}
-
-// Static method to encodeTiddlyLink for every item in an array and join them with spaces
-String.encodeTiddlyLinkList = function(list)
-{
-	if(list)
-		{
-		var results = [];
-		for(var t=0; t<list.length; t++)
-			results.push(String.encodeTiddlyLink(list[t]));
-		return results.join(" ");
-		}
-	else
-		return "";
-}
-
-// Static method to left-pad a string with 0s to a certain width
-String.zeroPad = function(n,d)
-{
-	var s = n.toString();
-	if(s.length < d)
-		s = "000000000000000000000000000".substr(0,d-s.length) + s;
-	return(s);
-}
-
-String.prototype.startsWith = function(prefix) 
-{
-	return !prefix || this.substring(0,prefix.length) == prefix;
-}
-
-// Returns the first value of the given named parameter.
-//#
-//# @param params
-//#         as returned by parseParams or null/undefined
-//# @return [may be null/undefined]
-//#
-function getParam(params, name, defaultValue) {
-	if (!params)
-		return defaultValue;
-	var p = params[0][name];
-	return p ? p[0] : defaultValue;
-}
-
-// Returns the first value of the given boolean named parameter.
-//#
-//# @param params
-//#         as returned by parseParams or null/undefined
-//#
-function getFlag(params, name, defaultValue) {
-	return !!getParam(params, name, defaultValue);
-} 
-	
-// Substitute date components into a string
-Date.prototype.formatString = function(template)
-{
-	var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
-	t = t.replace(/hh12/g,this.getHours12());
-	t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
-	t = t.replace(/hh/g,this.getHours());
-	t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
-	t = t.replace(/mm/g,this.getMinutes());
-	t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
-	t = t.replace(/ss/g,this.getSeconds());
-	t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
-	t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
-	t = t.replace(/wYYYY/g,this.getYearForWeekNo());
-	t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
-	t = t.replace(/YYYY/g,this.getFullYear());
-	t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
-	t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
-	t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
-	t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
-	t = t.replace(/MM/g,this.getMonth()+1);
-	t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
-	t = t.replace(/WW/g,this.getWeek());
-	t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
-	t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
-	t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
-	t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
-	t = t.replace(/DD/g,this.getDate());
-	return t;
-}
-
-Date.prototype.getWeek = function()
-{
-	var dt = new Date(this.getTime());
-	var d = dt.getDay();
-	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
-	var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000); 
-	return Math.floor(n/7)+1;
-}
-
-Date.prototype.getYearForWeekNo = function()
-{
-	var dt = new Date(this.getTime());
-	var d = dt.getDay();
-	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
-	return dt.getFullYear();
-}
-
-Date.prototype.getHours12 = function()
-{
-	var h = this.getHours();
-	return h > 12 ? h-12 : ( h > 0 ? h : 12 );
-}
-
-Date.prototype.getAmPm = function()
-{
-	return this.getHours() >= 12 ? "pm" : "am";
-}
-
-Date.prototype.daySuffix = function()
-{
-	var num = this.getDate();
-	if (num >= 11 && num <= 13) return "th";
-	else if (num.toString().substr(-1)=="1") return "st";
-	else if (num.toString().substr(-1)=="2") return "nd";
-	else if (num.toString().substr(-1)=="3") return "rd";
-	return "th";
-}
-
-// Convert a date to local YYYYMMDDHHMM string format
-Date.prototype.convertToLocalYYYYMMDDHHMM = function()
-{
-	return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
-}
-
-// Convert a date to UTC YYYYMMDDHHMM string format
-Date.prototype.convertToYYYYMMDDHHMM = function()
-{
-	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
-}
-
-// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
-Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
-{
-	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
-}
-
-// Static method to create a date from a UTC YYYYMMDDHHMM format string
-Date.convertFromYYYYMMDDHHMM = function(d)
-{
-	var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
-							parseInt(d.substr(4,2),10)-1,
-							parseInt(d.substr(6,2),10),
-							parseInt(d.substr(8,2),10),
-							parseInt(d.substr(10,2),10),0,0));
-	return(theDate);
-}
-
-// ---------------------------------------------------------------------------------
-// Crypto functions and associated conversion routines
-// ---------------------------------------------------------------------------------
-
-// Crypto "namespace"
-function Crypto() {}
-
-// Convert a string to an array of big-endian 32-bit words
-Crypto.strToBe32s = function(str)
-{
-	var be = Array();
-	var len = Math.floor(str.length/4);
-	var i, j;
-	for(i=0, j=0; i<len; i++, j+=4)
-		{
-		be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
-		}
-	while (j<str.length)
-		{
-		be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
-		j++;
-		}
-	return be;
-}
-
-// Convert an array of big-endian 32-bit words to a string
-Crypto.be32sToStr = function(be)
-{
-	var str = "";
-	for(var i=0;i<be.length*32;i+=8)
-		str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
-	return str;
-}
-
-// Convert an array of big-endian 32-bit words to a hex string
-Crypto.be32sToHex = function(be)
-{
-	var hex = "0123456789ABCDEF";
-	var str = "";
-	for(var i=0;i<be.length*4;i++)
-		str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
-	return str;
-}
-
-// Return, in hex, the SHA-1 hash of a string
-Crypto.hexSha1Str = function(str)
-{
-	return Crypto.be32sToHex(Crypto.sha1Str(str));
-}
-
-// Return the SHA-1 hash of a string
-Crypto.sha1Str = function(str)
-{
-	return Crypto.sha1(Crypto.strToBe32s(str),str.length);
-}
-
-// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
-Crypto.sha1 = function(x,blen)
-{
-	// Add 32-bit integers, wrapping at 32 bits
-	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-	add32 = function(a,b)
-	{
-		var lsw = (a&0xFFFF)+(b&0xFFFF);
-		var msw = (a>>16)+(b>>16)+(lsw>>16);
-		return (msw<<16)|(lsw&0xFFFF);
-	};
-	// Add five 32-bit integers, wrapping at 32 bits
-	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-	add32x5 = function(a,b,c,d,e)
-	{
-		var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
-		var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
-		return (msw<<16)|(lsw&0xFFFF);
-	};
-	// Bitwise rotate left a 32-bit integer by 1 bit
-	rol32 = function(n)
-	{
-		return (n>>>31)|(n<<1);
-	};
-
-	var len = blen*8;
-	// Append padding so length in bits is 448 mod 512
-	x[len>>5] |= 0x80 << (24-len%32);
-	// Append length
-	x[((len+64>>9)<<4)+15] = len;
-	var w = Array(80);
-
-	var k1 = 0x5A827999;
-	var k2 = 0x6ED9EBA1;
-	var k3 = 0x8F1BBCDC;
-	var k4 = 0xCA62C1D6;
-
-	var h0 = 0x67452301;
-	var h1 = 0xEFCDAB89;
-	var h2 = 0x98BADCFE;
-	var h3 = 0x10325476;
-	var h4 = 0xC3D2E1F0;
-
-	for(var i=0;i<x.length;i+=16)
-		{
-		var j,t;
-		var a = h0;
-		var b = h1;
-		var c = h2;
-		var d = h3;
-		var e = h4;
-		for(j = 0;j<16;j++)
-			{
-			w[j] = x[i+j];
-			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=16;j<20;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=20;j<40;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=40;j<60;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=60;j<80;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-
-		h0 = add32(h0,a);
-		h1 = add32(h1,b);
-		h2 = add32(h2,c);
-		h3 = add32(h3,d);
-		h4 = add32(h4,e);
-		}
-	return Array(h0,h1,h2,h3,h4);
-}
-
-// ---------------------------------------------------------------------------------
-// RGB colour object
-// ---------------------------------------------------------------------------------
-
-// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
-function RGB(r,g,b)
-{
-	this.r = 0;
-	this.g = 0;
-	this.b = 0;
-	if(typeof r == "string")
-		{
-		if(r.substr(0,1) == "#")
-			{
-			if(r.length == 7)
-				{
-				this.r = parseInt(r.substr(1,2),16)/255;
-				this.g = parseInt(r.substr(3,2),16)/255;
-				this.b = parseInt(r.substr(5,2),16)/255;
-				}
-			else
-				{
-				this.r = parseInt(r.substr(1,1),16)/15;
-				this.g = parseInt(r.substr(2,1),16)/15;
-				this.b = parseInt(r.substr(3,1),16)/15;
-				}
-			}
-		else
-			{
-			var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
-			var c = r.match(rgbPattern);
-			if (c)
-				{
-				this.r = parseInt(c[1],10)/255;
-				this.g = parseInt(c[2],10)/255;
-				this.b = parseInt(c[3],10)/255;
-				}
-			}
-		}
-	else
-		{
-		this.r = r;
-		this.g = g;
-		this.b = b;
-		}
-	return this;
-}
-
-// Mixes this colour with another in a specified proportion
-// c = other colour to mix
-// f = 0..1 where 0 is this colour and 1 is the new colour
-// Returns an RGB object
-RGB.prototype.mix = function(c,f)
-{
-	return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
-}
-
-// Return an rgb colour as a #rrggbb format hex string
-RGB.prototype.toString = function()
-{
-	var r = this.r.clamp(0,1);
-	var g = this.g.clamp(0,1);
-	var b = this.b.clamp(0,1);
-	return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
-				 ("0" + Math.floor(g * 255).toString(16)).right(2) +
-				 ("0" + Math.floor(b * 255).toString(16)).right(2));
-}
-
-// ---------------------------------------------------------------------------------
-// DOM utilities - many derived from www.quirksmode.org
-// ---------------------------------------------------------------------------------
-
-function drawGradient(place,horiz,colours)
-{
-	for(var t=0; t<= 100; t+=2)
-		{
-		var bar = document.createElement("div");
-		place.appendChild(bar);
-		bar.style.position = "absolute";
-		bar.style.left = horiz ? t + "%" : 0;
-		bar.style.top = horiz ? 0 : t + "%";
-		bar.style.width = horiz ? (101-t) + "%" : "100%";
-		bar.style.height = horiz ? "100%" : (101-t) + "%";
-		bar.style.zIndex = -1;
-		var f = t/100;
-		var p = f*(colours.length-1);
-		bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
-		}
-}
-
-function createTiddlyText(theParent,theText)
-{
-	return theParent.appendChild(document.createTextNode(theText));
-}
-
-function createTiddlyCheckbox(theParent,caption,checked,onChange)
-{
-	var cb = document.createElement("input");
-	cb.setAttribute("type","checkbox");
-	cb.onclick = onChange;
-	theParent.appendChild(cb);
-	cb.checked = checked;
-	cb.className = "chkOptionInput";
-	if(caption)
-		wikify(caption,theParent);
-	return cb;
-}
-
-function createTiddlyElement(theParent,theElement,theID,theClass,theText)
-{
-	var e = document.createElement(theElement);
-	if(theClass != null)
-		e.className = theClass;
-	if(theID != null)
-		e.setAttribute("id",theID);
-	if(theText != null)
-		e.appendChild(document.createTextNode(theText));
-	if(theParent != null)
-		theParent.appendChild(e);
-	return(e);
-}
-
-// Add an event handler
-// Thanks to John Resig, via QuirksMode
-function addEvent(obj,type,fn)
-{
-	if(obj.attachEvent)
-		{
-		obj['e'+type+fn] = fn;
-		obj[type+fn] = function(){obj['e'+type+fn](window.event);}
-		obj.attachEvent('on'+type,obj[type+fn]);
-		}
-	else
-		obj.addEventListener(type,fn,false);
-}
-
-// Remove  an event handler
-// Thanks to John Resig, via QuirksMode
-function removeEvent(obj,type,fn)
-{
-	if(obj.detachEvent)
-		{
-		obj.detachEvent('on'+type,obj[type+fn]);
-		obj[type+fn] = null;
-		}
-	else
-		obj.removeEventListener(type,fn,false);
-}
-
-function addClass(e,theClass)
-{
-	var currClass = e.className.split(" ");
-	if(currClass.indexOf(theClass) == -1)
-		e.className += " " + theClass;
-}
-
-function removeClass(e,theClass)
-{
-	var currClass = e.className.split(" ");
-	var i = currClass.indexOf(theClass);
-	while(i != -1)
-		{
-		currClass.splice(i,1);
-		i = currClass.indexOf(theClass);
-		}
-	e.className = currClass.join(" ");
-}
-
-function hasClass(e,theClass)
-{
-	if(e.className)
-		{
-		if(e.className.split(" ").indexOf(theClass) != -1)
-			return true;
-		}
-	return false;
-}
-
-// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
-function findRelated(e,value,name,relative)
-{
-	name = name ? name : "tagName";
-	relative = relative ? relative : "parentNode";
-	if(name == "className")
-		{
-		while(e && !hasClass(e,value))
-			{
-			e = e[relative];
-			}
-		}
-	else
-		{
-		while(e && e[name] != value)
-			{
-			e = e[relative];
-			}
-		}
-	return e;
-}
-
-// Resolve the target object of an event
-function resolveTarget(e)
-{
-	var obj;
-	if (e.target)
-		obj = e.target;
-	else if (e.srcElement)
-		obj = e.srcElement;
-	if (obj.nodeType == 3) // defeat Safari bug
-		obj = obj.parentNode;
-	return(obj);
-}
-
-// Return the content of an element as plain text with no formatting
-function getPlainText(e)
-{
-	var text = "";
-	if(e.innerText)
-		text = e.innerText;
-	else if(e.textContent)
-		text = e.textContent;
-	return text;
-}
-
-// Get the scroll position for window.scrollTo necessary to scroll a given element into view
-function ensureVisible(e)
-{
-	var posTop = findPosY(e);
-	var posBot = posTop + e.offsetHeight;
-	var winTop = findScrollY();
-	var winHeight = findWindowHeight();
-	var winBot = winTop + winHeight;
-	if(posTop < winTop)
-		return(posTop);
-	else if(posBot > winBot)
-		{
-		if(e.offsetHeight < winHeight)
-			return(posTop - (winHeight - e.offsetHeight));
-		else
-			return(posTop);
-		}
-	else
-		return(winTop);
-}
-
-// Get the current width of the display window
-function findWindowWidth()
-{
-	return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
-}
-
-// Get the current height of the display window
-function findWindowHeight()
-{
-	return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
-}
-
-// Get the current horizontal page scroll position
-function findScrollX()
-{
-	return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
-}
-
-// Get the current vertical page scroll position
-function findScrollY()
-{
-	return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
-}
-
-function findPosX(obj)
-{
-	var curleft = 0;
-	while (obj.offsetParent)
-		{
-		curleft += obj.offsetLeft;
-		obj = obj.offsetParent;
-		}
-	return curleft;
-}
-
-function findPosY(obj)
-{
-	var curtop = 0;
-	while (obj.offsetParent)
-		{
-		curtop += obj.offsetTop;
-		obj = obj.offsetParent;
-		}
-	return curtop;
-}
-
-// Blur a particular element
-function blurElement(e)
-{
-	if(e != null && e.focus && e.blur)
-		{
-		e.focus();
-		e.blur();
-		}
-}
-
-// Create a non-breaking space
-function insertSpacer(place)
-{
-	var e = document.createTextNode(String.fromCharCode(160));
-	if(place)
-		place.appendChild(e);
-	return e;
-}
-
-// Remove all children of a node
-function removeChildren(e)
-{
-	while(e.hasChildNodes())
-		e.removeChild(e.firstChild);
-}
-
-// Add a stylesheet, replacing any previous custom stylesheet
-function setStylesheet(s,id)
-{
-	if(!id)
-		id = "customStyleSheet";
-	var n = document.getElementById(id);
-	if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
-		{
-		if(n)
-			n.parentNode.removeChild(n);
-		// This failed without the &nbsp;
-		document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
-		}
-	else
-		{
-		if(n)
-			n.replaceChild(document.createTextNode(s),n.firstChild);
-		else
-			{
-			var n = document.createElement("style");
-			n.type = "text/css";
-			n.id = id;
-			n.appendChild(document.createTextNode(s));
-			document.getElementsByTagName("head")[0].appendChild(n);
-			}
-		}
-}
-
-// Replace the current selection of a textarea or text input and scroll it into view
-
-function replaceSelection(e,text)
-{
-	if (e.setSelectionRange)
-		{
-		var oldpos = e.selectionStart + 1;
-		e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
-		e.setSelectionRange( oldpos, oldpos);
-		var linecount = e.value.split('\n').length;
-		var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
-		e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
-		}
-	else if (document.selection)
-		{
-		var range = document.selection.createRange();
-		if (range.parentElement() == e)
-			{
-			var isCollapsed = range.text == "";
-			range.text = text;
-			 if (!isCollapsed)
-				{
-				range.moveStart('character', -text.length);
-				range.select();
-				}
-			}
-		}
-}
-
-// Returns the text of the given (text) node, possibly merging subsequent text nodes
-function getNodeText(e)
-{
-	var t = ""; 
-	while (e && e.nodeName == "#text")
-		{
-		t += e.nodeValue;
-		e = e.nextSibling;
-		}
-	return t;
-}
-//# -------------------------
-//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
-//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
-//# Subclasses must implement:
-//# 			function getTitle(store, e)
-//#
-//# store must implement:
-//# 			function createTiddler(title).
-//#
-
-function LoaderBase()
-{
-}
-
-LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
-{
-	var title = this.getTitle(store, e);
-	if (title)
-		{
-		var tiddler = store.createTiddler(title);
-		this.internalizeTiddler(store, tiddler, title, e);
-		tiddlers.push(tiddler);
-		}
-}
-
-LoaderBase.prototype.loadTiddlers = function(store,nodes)
-{
-	var tiddlers = [];
-	for (var t = 0; t < nodes.length; t++)
-		{
-		try
-			{
-			this.loadTiddler(store, nodes[t], tiddlers);
-			}
-		catch(e)
-			{
-			showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
-			}
-		}
-	return tiddlers;
-}
-	
-//# -------------------------
-//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string, 
-//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines 
-//# Subclasses must implement:
-//# 			function externalizeTiddler(store, tiddler)
-//#
-//# store must implement:
-//# 			function getTiddlers(sortByFieldName)
-//#
-
-function SaverBase()
-{
-}
-
-SaverBase.prototype.externalize = function(store) 
-{
-	var results = [];
-	var tiddlers = store.getTiddlers("title");
-	for (var t = 0; t < tiddlers.length; t++)
-		results.push(this.externalizeTiddler(store, tiddlers[t]));
-	return results.join("\n");
-}
-//--------------------------------
-// TW21Loader (inherits from LoaderBase)
-
-function TW21Loader() {};
-
-TW21Loader.prototype = new LoaderBase();
-
-TW21Loader.prototype.getTitle = function(store, e) {
-	var title = null;
-	if(e.getAttribute)
-		title = e.getAttribute("tiddler");
-	if(!title && e.id) {	
-		var lenPrefix = store.idPrefix.length;
-		if (e.id.substr(0,lenPrefix) == store.idPrefix)
-			title = e.id.substr(lenPrefix);
-	}
-	return title;
-}
-
-TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
-	var text = getNodeText(data.firstChild).unescapeLineBreaks();
-	var modifier = data.getAttribute("modifier");
-	var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
-	var c = data.getAttribute("created");
-	var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
-	var tags = data.getAttribute("tags");
-	var fields = {};
-	var attrs = data.attributes;
-	for(var i = attrs.length-1; i >= 0; i--) {
-		var name = attrs[i].name;
-		if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
-			fields[name] = attrs[i].value.unescapeLineBreaks();
-		}
-	}
-	tiddler.assign(title,text,modifier,modified,tags,created, fields);
-	return tiddler;
-};
-
-//--------------------------------
-// TW21Saver (inherits from SaverBase)
-
-function TW21Saver() {};
-
-TW21Saver.prototype = new SaverBase();
-
-TW21Saver.prototype.externalizeTiddler = function(store, tiddler) 
-{
-	try {
-		var extendedFieldAttributes = "";
-		store.forEachField(tiddler, 
-			function(tiddler, fieldName, value) {
-				// don't store stuff from the temp namespace
-				if (!fieldName.match(/^temp\./))
-					extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
-			}, true);
-		return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
-				tiddler.title.htmlEncode(),
-				tiddler.modifier.htmlEncode(),
-				tiddler.modified.convertToYYYYMMDDHHMM(),
-				tiddler.created.convertToYYYYMMDDHHMM(),
-				tiddler.getTags().htmlEncode(),
-				tiddler.escapeLineBreaks().htmlEncode(),
-				extendedFieldAttributes
-			]);
-	} catch (e) {
-		throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
-	}
-}
-
-// ---------------------------------------------------------------------------------
-// Deprecated code
-// ---------------------------------------------------------------------------------
-
-// @Deprecated: Use createElementAndWikify and this.termRegExp instead
-config.formatterHelpers.charFormatHelper = function(w)
-{
-	w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
-}
-
-// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
-config.formatterHelpers.monospacedByLineHelper = function(w)
-{
-	var lookaheadRegExp = new RegExp(this.lookahead,"mg");
-	lookaheadRegExp.lastIndex = w.matchStart;
-	var lookaheadMatch = lookaheadRegExp.exec(w.source);
-	if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-		{
-		var text = lookaheadMatch[1];
-		if(config.browser.isIE)
-			text = text.replace(/\n/g,"\r");
-		createTiddlyElement(w.output,"pre",null,null,text);
-		w.nextMatch = lookaheadRegExp.lastIndex;
-		}
-}
-
-// @Deprecated: Use <br> or <br /> instead of <<br>>
-config.macros.br.handler = function(place)
-{
-	createTiddlyElement(place,"br");
-}
-
-// Find an entry in an array. Returns the array index or null
-// @Deprecated: Use indexOf instead
-Array.prototype.find = function(item)
-{
-	var i = this.indexOf(item);
-	return i == -1 ? null : i;
-}
-
-// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
-// @Deprecated: Use store.getLoader().internalizeTiddler instead
-Tiddler.prototype.loadFromDiv = function(divRef,title)
-{
-	return store.getLoader().internalizeTiddler(store,this,title,divRef);
-}
-
-// Format the text for storage in an HTML DIV
-// @Deprecated Use store.getSaver().externalizeTiddler instead.
-Tiddler.prototype.saveToDiv = function()
-{
-	return store.getSaver().externalizeTiddler(store,this);
-}
-
-// @Deprecated: Use store.allTiddlersAsHtml() instead
-function allTiddlersAsHtml()
-{
-	return store.allTiddlersAsHtml();
-}
-
-// @Deprecated: Use refreshPageTemplate instead
-function applyPageTemplate(title)
-{
-	refreshPageTemplate(title);
-}
-
-// @Deprecated: Use story.displayTiddlers instead
-function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
-{
-	story.displayTiddlers(srcElement,titles,template,animate,slowly);
-}
-
-// @Deprecated: Use story.displayTiddler instead
-function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
-{
-	story.displayTiddler(srcElement,title,template,animate,slowly);
-}
-
-// @Deprecated: Use functions on right hand side directly instead
-var createTiddlerPopup = Popup.create;
-var scrollToTiddlerPopup = Popup.show;
-var hideTiddlerPopup = Popup.remove;
-
-// @Deprecated: Use right hand side directly instead
-var regexpBackSlashEn = new RegExp("\\\\n","mg");
-var regexpBackSlash = new RegExp("\\\\","mg");
-var regexpBackSlashEss = new RegExp("\\\\s","mg");
-var regexpNewLine = new RegExp("\n","mg");
-var regexpCarriageReturn = new RegExp("\r","mg");
-// ---------------------------------------------------------------------------------
-// End of scripts
-merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
-merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
-merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
-merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
-merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
-// ---------------------------------------------------------------------------------
-//]]>
-</script>
-<style type="text/css">
-
-#saveTest {
-	display: none;
-}
-
-.zoomer {
-	display: none;
-}
-
-#messageArea {
-	display: none;
-}
-
-#copyright {
-	display: none;
-}
-
-.popup {
-	position: absolute;
-}
-
-#storeArea {
-	display: none;
-	margin: 4em 10em 3em;
-}
-
-#storeArea div {
- padding: 0.5em;
- margin: 1em 0em 0em 0em;
- border-color: #f0f0f0 #606060 #404040 #d0d0d0; 
- border-style: solid; 
- border-width: 2px;
- overflow: auto;
-}
-
-#javascriptWarning {
-	width: 100%;
-	text-align: center;
-	font-weight: bold;
-	background-color: #dd1100;
-	color: #fff;
-	padding:1em 0em; 
-}
-
-</style>
-<!--POST-HEAD-START-->
-
-<!--POST-HEAD-END-->
-</head>
-<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
-<!--PRE-BODY-START-->
-
-<!--PRE-BODY-END-->
-	<script type="text/javascript">
-//<![CDATA[
-if (useJavaSaver)
-	document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
-//]]>
-	</script>
-	<div id="copyright">
-	Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
-	</div>
-	<noscript>
-		<div id="javascriptWarning">This page requires JavaScript to function properly</div>
-	</noscript>
-	<div id="saveTest"></div>
-	<div id="contentWrapper"></div>
-	<div id="contentStash"></div>
-	<div id="storeArea">
-<div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200702250319" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.0.0@@\n\n!!__SSL Library__\n\n    * AES should now work on 16bit processors (there was an alignment problem).\n    * Various freed objects are cleared before freeing.\n    * Header files now installed in ///usr/local/include/axTLS//.\n    * -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n    * removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n    * SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n    * malloc() and friends call abort() on failure.\n    * Fixed a memory leak in directory listings.\n    * Added openssl() compatibility functions.\n    * Fixed Cygwin 'make install' issue.\n\n\n!!__axhttpd__\n\n    * main.c now becomes axhttpd.c.\n    * Header file issue fixed (in mime_types.c).\n    * //chroot()// now used for better security.\n    * Basic authentication implemented (via .htpasswd).\n    * SSL access/denial protection implemented (via .htaccess).\n    * Directory access protection implemented (via .htaccess).\n    * Can now have more than one CGI file extension in mconf.\n    * &quot;~If-Modified-Since&quot; request now handled properly.\n    * Performance tweaks to remove //ssl_find()//.</div>
-<div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
-<div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
-<div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="200702242333" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the _stage directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage directory//, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed\nand the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
-<div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
-<div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
-<div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
-<div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="CameronRich" modified="200702250320" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Permissions Checking__\n\nAn mconf option. This will display the various file permissions to standard output of files in web root.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
-</div>
-<!--POST-BODY-START-->
-
-<!--POST-BODY-END-->
-	</body>
-</html>
diff --git a/www/test_dir/bin/.htaccess b/www/test_dir/bin/.htaccess
deleted file mode 100644
index 8fd8c463a1..0000000000
--- a/www/test_dir/bin/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-Deny all
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
deleted file mode 100755
index d5c7d766b3..0000000000
--- a/www/test_dir/health.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-echo "Content-Type: text/html"
-echo
-echo "<html><title>System Health</title><body>"
-echo "<h1>System Health for '`/bin/hostname`'</h1>"
-echo "<h2>Processes</h2><table border=\"2\">"
-/bin/ps -ef | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</table><h2>Free FileSystem Space</h2>"
-echo "<table border=\"2\">"
-/bin/df -h / | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</table></body></html>"
diff --git a/www/test_dir/no_http/.htaccess b/www/test_dir/no_http/.htaccess
deleted file mode 100644
index 3e20076a2c..0000000000
--- a/www/test_dir/no_http/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-SSLRequireSSL
diff --git a/www/test_dir/no_http/.htpasswd b/www/test_dir/no_http/.htpasswd
deleted file mode 100644
index 0471b01400..0000000000
--- a/www/test_dir/no_http/.htpasswd
+++ /dev/null
@@ -1,2 +0,0 @@
-abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
-yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw==
diff --git a/www/test_dir/no_http/index.html b/www/test_dir/no_http/index.html
deleted file mode 100644
index 8b86eba8ed..0000000000
--- a/www/test_dir/no_http/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<html>
-<head><title>axhttpd is running</title></head>
-<body>
-Looks like you got to this directory.
-</body>
-</html>
diff --git a/www/test_dir/no_ssl/.htaccess b/www/test_dir/no_ssl/.htaccess
deleted file mode 100644
index d980d265a5..0000000000
--- a/www/test_dir/no_ssl/.htaccess
+++ /dev/null
@@ -1 +0,0 @@
-SSLDenySSL
diff --git a/www/test_dir/no_ssl/index.html b/www/test_dir/no_ssl/index.html
deleted file mode 100644
index 8b86eba8ed..0000000000
--- a/www/test_dir/no_ssl/index.html
+++ /dev/null
@@ -1,6 +0,0 @@
-<html>
-<head><title>axhttpd is running</title></head>
-<body>
-Looks like you got to this directory.
-</body>
-</html>
diff --git a/www/test_dir/some_text.txt b/www/test_dir/some_text.txt
deleted file mode 100644
index 041831f7dd..0000000000
--- a/www/test_dir/some_text.txt
+++ /dev/null
@@ -1 +0,0 @@
-This is some text.
diff --git a/www/test_dir/test_cgi.php b/www/test_dir/test_cgi.php
deleted file mode 100755
index feecbb1ec4..0000000000
--- a/www/test_dir/test_cgi.php
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/php
-
-<?
-phpinfo();
-?>
-

From 367891f3baa2a0781f530a3032e6db102ea9a909 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:44:23 +0000
Subject: [PATCH 057/301] config dir

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@70 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 211f8faa6412a449be93a0558181f0ea728c518e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:45:12 +0000
Subject: [PATCH 058/301] ssl dir

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@71 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 5cd428575513ca9d985387212c1da6bf8a119082 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:47:22 +0000
Subject: [PATCH 059/301] added dirs

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@72 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 9dc0e4b86ff2ce990d204db93e64649448cc1c94 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:47:59 +0000
Subject: [PATCH 060/301] dirs

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@73 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 9d1e5189ff9c079b48e22082004894345ef86b6a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:48:39 +0000
Subject: [PATCH 061/301] new dir

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@74 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 7083a48436626726fc958d1b7b4ed0d925081fa1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:49:20 +0000
Subject: [PATCH 062/301] new dirs

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@75 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 974cf129243f985fde13316aeaf7918dd9430368 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 11:49:48 +0000
Subject: [PATCH 063/301] new dirs

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@76 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

From 73dfbb7568449145438a84f182092049e77d0db5 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 14 Mar 2007 12:03:51 +0000
Subject: [PATCH 064/301] new trunk

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@78 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                                      |  162 +
 README                                        |    3 +
 bindings/Config.in                            |   89 +
 bindings/Makefile                             |   63 +
 bindings/README                               |   43 +
 bindings/csharp/Makefile                      |   23 +
 bindings/csharp/axTLS.cs                      |  477 ++
 bindings/generate_SWIG_interface.pl           |  328 +
 bindings/generate_interface.pl                |  307 +
 bindings/java/Makefile                        |   93 +
 bindings/java/SSL.java                        |  125 +
 bindings/java/SSLCTX.java                     |  219 +
 bindings/java/SSLClient.java                  |   66 +
 bindings/java/SSLReadHolder.java              |   49 +
 bindings/java/SSLServer.java                  |   60 +
 bindings/java/SSLUtil.java                    |  104 +
 bindings/perl/Makefile                        |   81 +
 bindings/vbnet/Makefile                       |   23 +
 bindings/vbnet/axTLSvb.vb                     |  179 +
 config/.config.tmp                            |   11 +
 config/Config.in                              |  120 +
 config/JMeter.jmx                             |  247 +
 config/Rules.mak                              |  220 +
 config/axhttpd.aip                            |  149 +
 config/axtls.RES                              |  Bin 0 -> 22748 bytes
 config/axtls.rc                               |   32 +
 config/config.h                               |  106 +
 config/linuxconfig                            |  103 +
 config/makefile.conf                          |  121 +
 config/makefile.dotnet.conf                   |   53 +
 config/makefile.java.conf                     |   56 +
 config/makefile.post                          |   19 +
 config/scripts/config/Kconfig-language.txt    |  255 +
 config/scripts/config/Makefile                |  121 +
 config/scripts/config/conf.c                  |  583 ++
 config/scripts/config/confdata.c              |  458 ++
 config/scripts/config/expr.c                  | 1099 +++
 config/scripts/config/expr.h                  |  195 +
 config/scripts/config/lex.zconf.c_shipped     | 3688 +++++++++
 config/scripts/config/lkc.h                   |  123 +
 config/scripts/config/lkc_proto.h             |   40 +
 .../scripts/config/lxdialog/BIG.FAT.WARNING   |    4 +
 config/scripts/config/lxdialog/checklist.c    |  372 +
 config/scripts/config/lxdialog/colors.h       |  161 +
 config/scripts/config/lxdialog/dialog.h       |  199 +
 config/scripts/config/lxdialog/inputbox.c     |  240 +
 config/scripts/config/lxdialog/menubox.c      |  438 +
 config/scripts/config/lxdialog/msgbox.c       |   85 +
 config/scripts/config/lxdialog/textbox.c      |  556 ++
 config/scripts/config/lxdialog/util.c         |  375 +
 config/scripts/config/lxdialog/yesno.c        |  118 +
 config/scripts/config/mconf.c                 |  977 +++
 config/scripts/config/menu.c                  |  390 +
 config/scripts/config/mkconfigs               |   67 +
 config/scripts/config/symbol.c                |  809 ++
 config/scripts/config/util.c                  |  109 +
 config/scripts/config/zconf.l                 |  366 +
 config/scripts/config/zconf.tab.c_shipped     | 2130 +++++
 config/scripts/config/zconf.tab.h_shipped     |  125 +
 config/scripts/config/zconf.y                 |  690 ++
 config/win32config                            |  116 +
 docsrc/Makefile                               |   27 +
 docsrc/axTLS.dox                              | 1237 +++
 docsrc/doco_footer.html                       |    3 +
 docsrc/images/axolotl.jpg                     |  Bin 0 -> 3041 bytes
 docsrc/images/tsbasbw.gif                     |  Bin 0 -> 2481 bytes
 httpd/Config.in                               |  138 +
 httpd/Makefile                                |  104 +
 httpd/axhttp.h                                |  133 +
 httpd/axhttpd.c                               |  567 ++
 httpd/htpasswd.c                              |  124 +
 httpd/mime_types.c                            |  194 +
 httpd/proc.c                                  | 1034 +++
 httpd/tdate_parse.c                           |  107 +
 samples/Config.in                             |   56 +
 samples/Makefile                              |   46 +
 samples/c/Makefile                            |   66 +
 samples/c/axssl.c                             |  865 ++
 samples/csharp/Makefile                       |   36 +
 samples/csharp/axssl.cs                       |  743 ++
 samples/java/Makefile                         |   39 +
 samples/java/axssl.java                       |  746 ++
 samples/java/manifest.mf                      |    1 +
 samples/perl/Makefile                         |   31 +
 samples/perl/axssl.pl                         |  629 ++
 samples/vbnet/Makefile                        |   36 +
 samples/vbnet/axssl.vb                        |  687 ++
 ssl/BigIntConfig.in                           |  132 +
 ssl/Config.in                                 |  274 +
 ssl/Makefile                                  |  101 +
 ssl/aes.c                                     |  444 +
 ssl/asn1.c                                    |  864 ++
 ssl/bigint.c                                  | 1506 ++++
 ssl/bigint.h                                  |   93 +
 ssl/bigint_impl.h                             |  105 +
 ssl/cert.h                                    |   43 +
 ssl/crypto.h                                  |  285 +
 ssl/crypto_misc.c                             |  345 +
 ssl/hmac.c                                    |   88 +
 ssl/loader.c                                  |  375 +
 ssl/md5.c                                     |  281 +
 ssl/openssl.c                                 |  209 +
 ssl/os_port.c                                 |  142 +
 ssl/os_port.h                                 |  166 +
 ssl/p12.c                                     |  474 ++
 ssl/private_key.h                             |   54 +
 ssl/rc4.c                                     |   78 +
 ssl/rsa.c                                     |  330 +
 ssl/sha1.c                                    |  236 +
 ssl/ssl.h                                     |  429 +
 ssl/test/Makefile                             |   65 +
 ssl/test/axTLS.ca_key.pem                     |   15 +
 ssl/test/axTLS.ca_x509.cer                    |  Bin 0 -> 483 bytes
 ssl/test/axTLS.ca_x509.pem                    |   13 +
 ssl/test/axTLS.device_key                     |  Bin 0 -> 609 bytes
 ssl/test/axTLS.device_key.pem                 |   15 +
 ssl/test/axTLS.encrypted.p8                   |  Bin 0 -> 385 bytes
 ssl/test/axTLS.encrypted_pem.p8               |   11 +
 ssl/test/axTLS.key_1024                       |  Bin 0 -> 609 bytes
 ssl/test/axTLS.key_1024.pem                   |   15 +
 ssl/test/axTLS.key_2048                       |  Bin 0 -> 1191 bytes
 ssl/test/axTLS.key_2048.pem                   |   27 +
 ssl/test/axTLS.key_4096                       |  Bin 0 -> 2349 bytes
 ssl/test/axTLS.key_4096.pem                   |   51 +
 ssl/test/axTLS.key_512                        |  Bin 0 -> 321 bytes
 ssl/test/axTLS.key_512.pem                    |    9 +
 ssl/test/axTLS.key_aes128.pem                 |   12 +
 ssl/test/axTLS.key_aes256.pem                 |   12 +
 ssl/test/axTLS.noname.p12                     |  Bin 0 -> 1483 bytes
 ssl/test/axTLS.unencrypted.p8                 |  Bin 0 -> 347 bytes
 ssl/test/axTLS.unencrypted_pem.p8             |   10 +
 ssl/test/axTLS.withCA.p12                     |  Bin 0 -> 2089 bytes
 ssl/test/axTLS.withoutCA.p12                  |  Bin 0 -> 1573 bytes
 ssl/test/axTLS.x509_1024.cer                  |  Bin 0 -> 475 bytes
 ssl/test/axTLS.x509_1024.pem                  |   12 +
 ssl/test/axTLS.x509_2048.cer                  |  Bin 0 -> 607 bytes
 ssl/test/axTLS.x509_2048.pem                  |   15 +
 ssl/test/axTLS.x509_4096.cer                  |  Bin 0 -> 863 bytes
 ssl/test/axTLS.x509_4096.pem                  |   20 +
 ssl/test/axTLS.x509_512.cer                   |  Bin 0 -> 406 bytes
 ssl/test/axTLS.x509_512.pem                   |   11 +
 ssl/test/axTLS.x509_aes128.pem                |   11 +
 ssl/test/axTLS.x509_aes256.pem                |   11 +
 ssl/test/axTLS.x509_bad_after.pem             |   11 +
 ssl/test/axTLS.x509_bad_before.pem            |   11 +
 ssl/test/axTLS.x509_device.cer                |  Bin 0 -> 401 bytes
 ssl/test/axTLS.x509_device.pem                |   24 +
 ssl/test/deutsche_telecom.x509_ca             |  Bin 0 -> 670 bytes
 ssl/test/equifax.x509_ca                      |  Bin 0 -> 646 bytes
 ssl/test/killopenssl.sh                       |    2 +
 ssl/test/make_certs.sh                        |  162 +
 ssl/test/microsoft.x509_ca                    |  Bin 0 -> 1046 bytes
 ssl/test/microsoft.x509_ca.pem                |   24 +
 ssl/test/perf_bigint.c                        |  216 +
 ssl/test/ssltest.c                            | 1813 +++++
 ssl/test/test_axssl.sh                        |  136 +
 ssl/test/thawte.x509_ca                       |  Bin 0 -> 811 bytes
 ssl/test/verisign.x509_ca                     |  Bin 0 -> 668 bytes
 ssl/test/verisign.x509_ca.pem                 |   16 +
 ssl/test/verisign.x509_my_cert                |  Bin 0 -> 1095 bytes
 ssl/test/verisign.x509_my_cert.pem            |   25 +
 ssl/tls1.c                                    | 2045 +++++
 ssl/tls1.h                                    |  288 +
 ssl/tls1_clnt.c                               |  338 +
 ssl/tls1_svr.c                                |  450 ++
 www/bin/.htaccess                             |    2 +
 www/favicon.ico                               |  Bin 0 -> 22486 bytes
 www/index.html                                | 7105 +++++++++++++++++
 www/test_dir/bin/.htaccess                    |    1 +
 www/test_dir/health.sh                        |   12 +
 www/test_dir/no_http/.htaccess                |    1 +
 www/test_dir/no_http/.htpasswd                |    2 +
 www/test_dir/no_http/index.html               |    6 +
 www/test_dir/no_ssl/.htaccess                 |    1 +
 www/test_dir/no_ssl/index.html                |    6 +
 www/test_dir/some_text.txt                    |    1 +
 www/test_dir/test_cgi.php                     |    6 +
 177 files changed, 46362 insertions(+)
 create mode 100644 Makefile
 create mode 100644 README
 create mode 100644 bindings/Config.in
 create mode 100644 bindings/Makefile
 create mode 100644 bindings/README
 create mode 100644 bindings/csharp/Makefile
 create mode 100644 bindings/csharp/axTLS.cs
 create mode 100755 bindings/generate_SWIG_interface.pl
 create mode 100755 bindings/generate_interface.pl
 create mode 100644 bindings/java/Makefile
 create mode 100644 bindings/java/SSL.java
 create mode 100644 bindings/java/SSLCTX.java
 create mode 100644 bindings/java/SSLClient.java
 create mode 100644 bindings/java/SSLReadHolder.java
 create mode 100644 bindings/java/SSLServer.java
 create mode 100644 bindings/java/SSLUtil.java
 create mode 100644 bindings/perl/Makefile
 create mode 100644 bindings/vbnet/Makefile
 create mode 100644 bindings/vbnet/axTLSvb.vb
 create mode 100644 config/.config.tmp
 create mode 100644 config/Config.in
 create mode 100755 config/JMeter.jmx
 create mode 100644 config/Rules.mak
 create mode 100755 config/axhttpd.aip
 create mode 100644 config/axtls.RES
 create mode 100644 config/axtls.rc
 create mode 100644 config/config.h
 create mode 100644 config/linuxconfig
 create mode 100644 config/makefile.conf
 create mode 100644 config/makefile.dotnet.conf
 create mode 100644 config/makefile.java.conf
 create mode 100644 config/makefile.post
 create mode 100644 config/scripts/config/Kconfig-language.txt
 create mode 100644 config/scripts/config/Makefile
 create mode 100644 config/scripts/config/conf.c
 create mode 100644 config/scripts/config/confdata.c
 create mode 100644 config/scripts/config/expr.c
 create mode 100644 config/scripts/config/expr.h
 create mode 100644 config/scripts/config/lex.zconf.c_shipped
 create mode 100644 config/scripts/config/lkc.h
 create mode 100644 config/scripts/config/lkc_proto.h
 create mode 100644 config/scripts/config/lxdialog/BIG.FAT.WARNING
 create mode 100644 config/scripts/config/lxdialog/checklist.c
 create mode 100644 config/scripts/config/lxdialog/colors.h
 create mode 100644 config/scripts/config/lxdialog/dialog.h
 create mode 100644 config/scripts/config/lxdialog/inputbox.c
 create mode 100644 config/scripts/config/lxdialog/menubox.c
 create mode 100644 config/scripts/config/lxdialog/msgbox.c
 create mode 100644 config/scripts/config/lxdialog/textbox.c
 create mode 100644 config/scripts/config/lxdialog/util.c
 create mode 100644 config/scripts/config/lxdialog/yesno.c
 create mode 100644 config/scripts/config/mconf.c
 create mode 100644 config/scripts/config/menu.c
 create mode 100755 config/scripts/config/mkconfigs
 create mode 100644 config/scripts/config/symbol.c
 create mode 100644 config/scripts/config/util.c
 create mode 100644 config/scripts/config/zconf.l
 create mode 100644 config/scripts/config/zconf.tab.c_shipped
 create mode 100644 config/scripts/config/zconf.tab.h_shipped
 create mode 100644 config/scripts/config/zconf.y
 create mode 100644 config/win32config
 create mode 100644 docsrc/Makefile
 create mode 100644 docsrc/axTLS.dox
 create mode 100644 docsrc/doco_footer.html
 create mode 100644 docsrc/images/axolotl.jpg
 create mode 100644 docsrc/images/tsbasbw.gif
 create mode 100644 httpd/Config.in
 create mode 100644 httpd/Makefile
 create mode 100644 httpd/axhttp.h
 create mode 100644 httpd/axhttpd.c
 create mode 100644 httpd/htpasswd.c
 create mode 100644 httpd/mime_types.c
 create mode 100644 httpd/proc.c
 create mode 100644 httpd/tdate_parse.c
 create mode 100644 samples/Config.in
 create mode 100644 samples/Makefile
 create mode 100644 samples/c/Makefile
 create mode 100644 samples/c/axssl.c
 create mode 100644 samples/csharp/Makefile
 create mode 100644 samples/csharp/axssl.cs
 create mode 100644 samples/java/Makefile
 create mode 100644 samples/java/axssl.java
 create mode 100644 samples/java/manifest.mf
 create mode 100644 samples/perl/Makefile
 create mode 100755 samples/perl/axssl.pl
 create mode 100644 samples/vbnet/Makefile
 create mode 100644 samples/vbnet/axssl.vb
 create mode 100644 ssl/BigIntConfig.in
 create mode 100644 ssl/Config.in
 create mode 100644 ssl/Makefile
 create mode 100644 ssl/aes.c
 create mode 100644 ssl/asn1.c
 create mode 100644 ssl/bigint.c
 create mode 100644 ssl/bigint.h
 create mode 100644 ssl/bigint_impl.h
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/crypto.h
 create mode 100644 ssl/crypto_misc.c
 create mode 100644 ssl/hmac.c
 create mode 100644 ssl/loader.c
 create mode 100644 ssl/md5.c
 create mode 100644 ssl/openssl.c
 create mode 100644 ssl/os_port.c
 create mode 100644 ssl/os_port.h
 create mode 100644 ssl/p12.c
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/rc4.c
 create mode 100644 ssl/rsa.c
 create mode 100644 ssl/sha1.c
 create mode 100644 ssl/ssl.h
 create mode 100644 ssl/test/Makefile
 create mode 100644 ssl/test/axTLS.ca_key.pem
 create mode 100644 ssl/test/axTLS.ca_x509.cer
 create mode 100644 ssl/test/axTLS.ca_x509.pem
 create mode 100644 ssl/test/axTLS.device_key
 create mode 100644 ssl/test/axTLS.device_key.pem
 create mode 100644 ssl/test/axTLS.encrypted.p8
 create mode 100644 ssl/test/axTLS.encrypted_pem.p8
 create mode 100644 ssl/test/axTLS.key_1024
 create mode 100644 ssl/test/axTLS.key_1024.pem
 create mode 100644 ssl/test/axTLS.key_2048
 create mode 100644 ssl/test/axTLS.key_2048.pem
 create mode 100644 ssl/test/axTLS.key_4096
 create mode 100644 ssl/test/axTLS.key_4096.pem
 create mode 100644 ssl/test/axTLS.key_512
 create mode 100644 ssl/test/axTLS.key_512.pem
 create mode 100644 ssl/test/axTLS.key_aes128.pem
 create mode 100644 ssl/test/axTLS.key_aes256.pem
 create mode 100644 ssl/test/axTLS.noname.p12
 create mode 100644 ssl/test/axTLS.unencrypted.p8
 create mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 create mode 100644 ssl/test/axTLS.withCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.p12
 create mode 100644 ssl/test/axTLS.x509_1024.cer
 create mode 100644 ssl/test/axTLS.x509_1024.pem
 create mode 100644 ssl/test/axTLS.x509_2048.cer
 create mode 100644 ssl/test/axTLS.x509_2048.pem
 create mode 100644 ssl/test/axTLS.x509_4096.cer
 create mode 100644 ssl/test/axTLS.x509_4096.pem
 create mode 100644 ssl/test/axTLS.x509_512.cer
 create mode 100644 ssl/test/axTLS.x509_512.pem
 create mode 100644 ssl/test/axTLS.x509_aes128.pem
 create mode 100644 ssl/test/axTLS.x509_aes256.pem
 create mode 100644 ssl/test/axTLS.x509_bad_after.pem
 create mode 100644 ssl/test/axTLS.x509_bad_before.pem
 create mode 100644 ssl/test/axTLS.x509_device.cer
 create mode 100644 ssl/test/axTLS.x509_device.pem
 create mode 100644 ssl/test/deutsche_telecom.x509_ca
 create mode 100644 ssl/test/equifax.x509_ca
 create mode 100755 ssl/test/killopenssl.sh
 create mode 100755 ssl/test/make_certs.sh
 create mode 100644 ssl/test/microsoft.x509_ca
 create mode 100644 ssl/test/microsoft.x509_ca.pem
 create mode 100644 ssl/test/perf_bigint.c
 create mode 100644 ssl/test/ssltest.c
 create mode 100755 ssl/test/test_axssl.sh
 create mode 100644 ssl/test/thawte.x509_ca
 create mode 100644 ssl/test/verisign.x509_ca
 create mode 100644 ssl/test/verisign.x509_ca.pem
 create mode 100644 ssl/test/verisign.x509_my_cert
 create mode 100644 ssl/test/verisign.x509_my_cert.pem
 create mode 100755 ssl/tls1.c
 create mode 100755 ssl/tls1.h
 create mode 100644 ssl/tls1_clnt.c
 create mode 100644 ssl/tls1_svr.c
 create mode 100644 www/bin/.htaccess
 create mode 100644 www/favicon.ico
 create mode 100755 www/index.html
 create mode 100644 www/test_dir/bin/.htaccess
 create mode 100755 www/test_dir/health.sh
 create mode 100644 www/test_dir/no_http/.htaccess
 create mode 100644 www/test_dir/no_http/.htpasswd
 create mode 100644 www/test_dir/no_http/index.html
 create mode 100644 www/test_dir/no_ssl/.htaccess
 create mode 100644 www/test_dir/no_ssl/index.html
 create mode 100644 www/test_dir/some_text.txt
 create mode 100755 www/test_dir/test_cgi.php

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..568770c1e6
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,162 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This license is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+-include config/.config
+
+ifneq ($(strip $(HAVE_DOT_CONFIG)),y)
+all: menuconfig
+else
+all: target
+endif
+
+include config/makefile.conf
+
+target : $(STAGE) $(TARGET)
+
+# VERSION has to come from the command line
+RELEASE=axTLS-$(VERSION)
+
+# standard version
+target:
+	$(MAKE) -C ssl
+ifdef CONFIG_AXHTTPD
+	$(MAKE) -C httpd
+endif
+ifdef CONFIG_BINDINGS
+	$(MAKE) -C bindings
+endif
+ifdef CONFIG_SAMPLES
+	$(MAKE) -C samples
+endif
+
+$(STAGE) : ssl/version.h
+	@mkdir -p $(STAGE)
+
+# create a version file with something in it.
+ssl/version.h:
+	@echo "#define AXTLS_VERSION    \"(no version)\"" > ssl/version.h
+
+$(PREFIX) :
+	@mkdir -p $(PREFIX)/lib
+	@mkdir -p $(PREFIX)/bin
+
+release:
+	$(MAKE) -C config/scripts/config clean
+	-$(MAKE) clean
+	-@rm config/*.msi config/*.back.aip config/config.h config/.config*
+	@rm -fr $(STAGE)
+	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
+	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
+
+docs:
+	$(MAKE) -C docsrc doco
+
+# build the Win32 demo release version
+win32_demo:
+	$(MAKE) win32releaseconf
+
+install: $(PREFIX) all
+	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
+	chmod 755 $(PREFIX)/lib/libax* 
+	install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
+ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+	install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
+endif
+ifdef CONFIG_PLATFORM_CYGWIN
+	install -m 755 $(STAGE)/cygaxtls.dll $(PREFIX)/bin 
+endif
+ifdef CONFIG_PERL_BINDINGS 
+	install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
+endif
+	@mkdir -p -m 755 $(PREFIX)/include/axTLS
+	install -m 644 ssl/*.h $(PREFIX)/include/axTLS
+	-rm $(PREFIX)/include/axTLS/cert.h
+	-rm $(PREFIX)/include/axTLS/private_key.h
+	install -m 644 config/config.h $(PREFIX)/include/axTLS
+
+installclean:
+	-@rm $(PREFIX)/lib/libax* > /dev/null 2>&1
+	-@rm $(PREFIX)/bin/ax* > /dev/null 2>&1
+	-@rm $(PREFIX)/bin/axhttpd* > /dev/null 2>&1
+	-@rm `perl -e 'use Config; print $$Config{installarchlib};'`/axtlsp.pm > /dev/null 2>&1
+
+test:
+	cd $(STAGE); ssltest; ../ssl/test/test_axssl.sh; cd -;
+
+# tidy up things
+clean::
+	@cd ssl; $(MAKE) clean
+	@cd httpd; $(MAKE) clean
+	@cd samples; $(MAKE) clean
+	@cd docsrc; $(MAKE) clean
+	@cd bindings; $(MAKE) clean
+
+# ---------------------------------------------------------------------------
+# mconf stuff
+# ---------------------------------------------------------------------------
+
+CONFIG_CONFIG_IN = config/Config.in
+CONFIG_DEFCONFIG = config/defconfig
+
+config/scripts/config/conf: config/scripts/config/Makefile
+	$(MAKE) -C config/scripts/config conf
+	-@if [ ! -f config/.config ] ; then \
+		cp $(CONFIG_DEFCONFIG) config/.config; \
+	fi
+
+config/scripts/config/mconf: config/scripts/config/Makefile
+	$(MAKE) -C config/scripts/config ncurses conf mconf
+	-@if [ ! -f config/.config ] ; then \
+		cp $(CONFIG_DEFCONFIG) .config; \
+	fi
+
+cleanconf:
+	$(MAKE) -C config/scripts/config clean
+	@rm -f config/.config
+
+menuconfig: config/scripts/config/mconf
+	@./config/scripts/config/mconf $(CONFIG_CONFIG_IN)
+
+config: config/scripts/config/conf
+	@./config/scripts/config/conf $(CONFIG_CONFIG_IN)
+
+oldconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -o $(CONFIG_CONFIG_IN)
+
+default: config/scripts/config/conf
+	@./config/scripts/config/conf -d $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
+
+randconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -r $(CONFIG_CONFIG_IN)
+
+allnoconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -n $(CONFIG_CONFIG_IN)
+
+allyesconfig: config/scripts/config/conf
+	@./config/scripts/config/conf -y $(CONFIG_CONFIG_IN)
+
+# The special win32 release configuration
+win32releaseconf: config/scripts/config/conf
+	@./config/scripts/config/conf -D config/win32config $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
+
+# The special linux release configuration
+linuxconf: config/scripts/config/conf
+	@./config/scripts/config/conf -D config/linuxconfig $(CONFIG_CONFIG_IN) > /dev/null
+	$(MAKE)
diff --git a/README b/README
new file mode 100644
index 0000000000..c8926d9bfc
--- /dev/null
+++ b/README
@@ -0,0 +1,3 @@
+
+See www/index.html for the README, CHANGELOG, LICENSE and other notes.
+
diff --git a/bindings/Config.in b/bindings/Config.in
new file mode 100644
index 0000000000..bf916b13d6
--- /dev/null
+++ b/bindings/Config.in
@@ -0,0 +1,89 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Language Bindings"
+
+config CONFIG_BINDINGS
+    bool "Create language bindings"
+    default n
+    help
+        axTLS supports language bindings in C#, VB.NET, Java and Perl.
+
+        Select Y here if you want to build the various language bindings.
+
+config CONFIG_CSHARP_BINDINGS
+    bool "Create C# bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build C# bindings.
+
+        This requires .NET to be installed on Win32 platforms and mono to be
+        installed on all other platforms.
+
+config CONFIG_VBNET_BINDINGS
+    bool "Create VB.NET bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build VB.NET bindings.
+
+        This requires the .NET to be installed and is only built under Win32
+        platforms.
+
+menu ".Net Framework"
+depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
+config CONFIG_DOT_NET_FRAMEWORK_BASE
+    string "Location of .NET Framework"
+    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+endmenu
+
+config CONFIG_JAVA_BINDINGS
+    bool "Create Java bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Java bindings.
+
+        Current Issues (see README): 
+        * Needs Java 1.4 or better.
+        * If building under Win32 it will use the Win32 JDK.
+
+menu "Java Home"
+depends on CONFIG_JAVA_BINDINGS
+config CONFIG_JAVA_HOME
+    string "Location of JDK"
+    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
+    default "/usr/local/jdk142" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_JAVA_BINDINGS 
+    help
+        The location of Sun's JDK.
+endmenu
+
+config CONFIG_PERL_BINDINGS
+    bool "Create Perl bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Perl bindings.
+
+        Current Issues (see README):
+        * 64 bit versions don't work at present.
+        * libperl.so needs to be in the shared library path.
+
+menu "Perl Home"
+depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
+config CONFIG_PERL_CORE
+    string "Location of Perl CORE"
+    default "c:\\perl\\lib\\CORE"
+    help:
+        works with ActiveState
+        "http://www.activestate.com/Products/ActivePerl"
+
+config CONFIG_PERL_LIB
+    string "Name of Perl Library"
+    default "perl58.lib"
+endmenu
+
+endmenu
diff --git a/bindings/Makefile b/bindings/Makefile
new file mode 100644
index 0000000000..19c896d2c0
--- /dev/null
+++ b/bindings/Makefile
@@ -0,0 +1,63 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../config/.config
+include ../config/makefile.conf
+
+ifdef CONFIG_CSHARP_BINDINGS
+all: csharp/axInterface.cs
+endif
+
+ifdef CONFIG_VBNET_BINDINGS
+all: vbnet/axInterface.vb
+endif
+
+ifdef CONFIG_JAVA_BINDINGS
+all: java/axtlsj.java
+endif
+
+ifdef CONFIG_PERL_BINDINGS
+all: perl/axTLSp_wrap.c
+endif
+
+csharp/axInterface.cs: ../ssl/ssl.h
+	@perl ./generate_interface.pl -csharp
+
+vbnet/axInterface.vb: ../ssl/ssl.h
+	@perl ./generate_interface.pl -vbnet
+
+java/axTLSj.i: ../ssl/ssl.h
+	@perl ./generate_SWIG_interface.pl -java
+
+java/axtlsj.java: java/axTLSj.i $(wildcard java/SSL*.java)
+	@cd java; swig -java -package axTLSj axTLSj.i; $(MAKE)
+
+perl/axTLSp.i: ../ssl/ssl.h
+	@perl ./generate_SWIG_interface.pl -perl
+
+perl/axTLSp_wrap.c: perl/axTLSp.i
+	@cd perl; swig -perl5 axTLSp.i; $(MAKE)
+
+clean::
+	$(MAKE) -C csharp clean
+	$(MAKE) -C vbnet clean
+	$(MAKE) -C java clean
+	$(MAKE) -C perl clean
+
diff --git a/bindings/README b/bindings/README
new file mode 100644
index 0000000000..8bc3109c12
--- /dev/null
+++ b/bindings/README
@@ -0,0 +1,43 @@
+===============================================================================
+=                             Language Bindings                               =
+===============================================================================
+
+The tools to generate the various language bindings are done here.
+SWIG 1.3.24 or better is required for creating the Java and Perl bindings.
+
+Perl scripts are used to parse ssl.h and automagically give the appropriate 
+bindings.
+
+At present, the four languages supported are:
+
+* C#
+* VB.NET
+* Java
+* Perl
+
+To generate each binding run the following:
+
+C#:
+> generate_interface.pl -csharp
+
+VB.NET:
+> generate_interface.pl -vbnet
+
+
+Java:
+> generate_SWIG_interface.pl -java
+> cd java; swig -java -package axTLSj -noextern axTLSj.i
+
+Perl:
+> generate_SWIG_interface.pl -perl
+> cd perl; swig -noextern -perl axTLSp.i
+
+Java and Perl both create a library each called libaxtlsj.so and libaxtlsp.so 
+(or axtlsj.dll and atlsp.dll on Win32 platforms).
+
+Note: the "-noextern" is deprecated in swig 1.3.27 and newer. The "-noextern"
+option was required to get Win32 bindings to work (which is why is has probably
+been deprecated).
+
+Each binding (except for Perl) has an extra helper interface to make life 
+easier.
diff --git a/bindings/csharp/Makefile b/bindings/csharp/Makefile
new file mode 100644
index 0000000000..87073f5e43
--- /dev/null
+++ b/bindings/csharp/Makefile
@@ -0,0 +1,23 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+clean::
+	@rm -f axssl* axInterface.cs
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
new file mode 100644
index 0000000000..a59209168d
--- /dev/null
+++ b/bindings/csharp/axTLS.cs
@@ -0,0 +1,477 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * A wrapper around the unmanaged interface to give a semi-decent C# API
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Net.Sockets;
+
+/**
+ * @defgroup csharp_api C# API.
+ *
+ * Ensure that the appropriate Dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ * @{
+ */
+namespace axTLS
+{
+    /**
+     * @class SSL
+     * @ingroup csharp_api 
+     * @brief A representation of an SSL connection.
+     */
+    public class SSL
+    {
+        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
+
+        /**
+         * @brief Store the reference to an SSL context.
+         * @param ip [in] A reference to an SSL object.
+         */
+        public SSL(IntPtr ip)
+        {
+            m_ssl = ip;
+        }
+
+        /**
+         * @brief Free any used resources on this connection. 
+         * 
+         * A "Close Notify" message is sent on this connection (if possible). 
+         * It is up to the application to close the socket.
+         */
+        public void Dispose()
+        {
+            axtls.ssl_free(m_ssl);
+        }
+
+        /**
+         * @brief Return the result of a handshake.
+         * @return SSL_OK if the handshake is complete and ok.
+         * @see ssl.h for the error code list.
+         */
+        public int HandshakeStatus()
+        {
+            return axtls.ssl_handshake_status(m_ssl);
+        }
+
+        /**
+         * @brief Return the SSL cipher id.
+         * @return The cipher id which is one of:
+         * - SSL_AES128_SHA (0x2f)
+         * - SSL_AES256_SHA (0x35)
+         * - SSL_RC4_128_SHA (0x05)
+         * - SSL_RC4_128_MD5 (0x04)
+         */
+        public byte GetCipherId()
+        {
+            return axtls.ssl_get_cipher_id(m_ssl);
+        }
+
+        /**
+         * @brief Get the session id for a handshake. 
+         * 
+         * This will be a 32 byte sequence and is available after the first
+         * handshaking messages are sent.
+         * @return The session id as a 32 byte sequence.
+         * @note A SSLv23 handshake may have only 16 valid bytes.
+         */
+        public byte[] GetSessionId()
+        {
+            byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
+            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
+            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE);
+            return result;
+        }
+
+        /**
+         * @brief Retrieve an X.509 distinguished name component.
+         * 
+         * When a handshake is complete and a certificate has been exchanged, 
+         * then the details of the remote certificate can be retrieved.
+         *
+         * This will usually be used by a client to check that the server's 
+         * common name matches the URL.
+         *
+         * A full handshake needs to occur for this call to work.
+         *
+         * @param component [in] one of:
+         * - SSL_X509_CERT_COMMON_NAME
+         * - SSL_X509_CERT_ORGANIZATION
+         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+         * - SSL_X509_CA_CERT_COMMON_NAME
+         * - SSL_X509_CA_CERT_ORGANIZATION
+         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+         * @return The appropriate string (or null if not defined)
+         */
+        public string GetCertificateDN(int component)
+        {
+            return axtls.ssl_get_cert_dn(m_ssl, component);
+        }
+    }
+
+    /**
+     * @class SSLUtil
+     * @ingroup csharp_api 
+     * @brief Some global helper functions.
+     */
+    public class SSLUtil
+    {
+
+        /**
+         * @brief Return the build mode of the axTLS project.
+         * @return The build mode is one of:
+         * - SSL_BUILD_SERVER_ONLY
+         * - SSL_BUILD_ENABLE_VERIFICATION
+         * - SSL_BUILD_ENABLE_CLIENT
+         * - SSL_BUILD_FULL_MODE
+         */
+        public static int BuildMode()
+        {
+            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
+        }
+
+        /**
+         * @brief Return the number of chained certificates that the 
+         * client/server supports.
+         * @return The number of supported server certificates.
+         */
+        public static int MaxCerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Return the number of CA certificates that the client/server
+         * supports.
+         * @return The number of supported CA certificates.
+         */
+        public static int MaxCACerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Indicate if PEM is supported.
+         * @return true if PEM supported.
+         */
+        public static bool HasPEM()
+        {
+            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
+        }
+
+        /**
+         * @brief Display the text string of the error.
+         * @param error_code [in] The integer error code.
+         */
+        public static void DisplayError(int error_code)
+        {
+            axtls.ssl_display_error(error_code);
+        }
+
+        /**
+         * @brief Return the version of the axTLS project.
+         */
+        public static string Version()
+        {
+            return axtls.ssl_version();
+        }
+    }
+
+    /**
+     * @class SSLCTX
+     * @ingroup csharp_api 
+     * @brief A base object for SSLServer/SSLClient.
+     */
+    public class SSLCTX
+    {
+        /**
+         * @brief A reference to the real client/server context.
+         */
+        protected IntPtr m_ctx;
+
+        /**
+         * @brief Establish a new client/server context.
+         *
+         * This function is called before any client/server SSL connections are 
+         * made.  If multiple threads are used, then each thread will have its 
+         * own SSLCTX context. Any number of connections may be made with a 
+         * single context. 
+         *
+         * Each new connection will use the this context's private key and 
+         * certificate chain. If a different certificate chain is required, 
+         * then a different context needs to be be used.
+         *
+         * @param options [in]  Any particular options. At present the options
+         * supported are:
+         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
+         * the server authentication fails. The certificate can be 
+         * authenticated later with a call to VerifyCert().
+         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
+         * authentication i.e. each handshake will include a "certificate 
+         * request" message from the server.
+         * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The 
+         * user will load the key/certificate explicitly.
+         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
+         * sequences during the handshake.
+         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
+         * changes during the handshake.
+         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
+         * certificates that are passed during a handshake.
+         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
+         * details that are passed during a handshake.
+         * @param num_sessions [in] The number of sessions to be used for 
+         * session caching. If this value is 0, then there is no session 
+         * caching.
+         * @return A client/server context.
+         */
+        protected SSLCTX(uint options, int num_sessions)
+        {
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
+        }
+
+        /**
+         * @brief Remove a client/server context.
+         *
+         * Frees any used resources used by this context. Each connection will 
+         * be sent a "Close Notify" alert (if possible).
+         */
+        public void Dispose()
+        {
+            axtls.ssl_ctx_free(m_ctx);
+        }
+
+        /**
+         * @brief Read the SSL data stream.
+         * @param ssl [in] An SSL object reference.
+         * @param in_data [out] After a successful read, the decrypted data 
+         * will be here. It will be null otherwise.
+         * @return The number of decrypted bytes:
+         * - if > 0, then the handshaking is complete and we are returning the 
+         * number of decrypted bytes. 
+         * - SSL_OK if the handshaking stage is successful (but not yet 
+         * complete).  
+         * - < 0 if an error.
+         * @see ssl.h for the error code list.
+         * @note Use in_data before doing any successive ssl calls.
+         */
+        public int Read(SSL ssl, out byte[] in_data)
+        {
+            IntPtr ptr = IntPtr.Zero;
+            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
+
+            if (ret > axtls.SSL_OK)
+            {
+                in_data = new byte[ret];
+                Marshal.Copy(ptr, in_data, 0, ret);
+            }
+            else
+            {
+                in_data = null;
+            }
+
+            return ret;
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @param out_len [in] The number of bytes to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data, int out_len)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
+        }
+
+        /**
+         * @brief Find an ssl object based on a Socket reference.
+         *
+         * Goes through the list of SSL objects maintained in a client/server 
+         * context to look for a socket match.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return A reference to the SSL object. Returns null if the object 
+         * could not be found.
+         */
+        public SSL Find(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
+        }
+
+        /**
+         * @brief Authenticate a received certificate.
+         * 
+         * This call is usually made by a client after a handshake is complete 
+         * and the context is in SSL_SERVER_VERIFY_LATER mode.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if the certificate is verified.
+         */
+        public int VerifyCert(SSL ssl)
+        {
+            return axtls.ssl_verify_cert(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Force the client to perform its handshake again.
+         *
+         * For a client this involves sending another "client hello" message.
+         * For the server is means sending a "hello request" message.
+         *
+         * This is a blocking call on the client (until the handshake 
+         * completes).
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if renegotiation instantiation was ok
+         */
+        public int Renegotiate(SSL ssl)
+        {
+            return axtls.ssl_renegotiate(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Load a file into memory that is in binary DER or ASCII PEM 
+         * format.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the file. Can be one of:
+         * - SSL_OBJ_X509_CERT (no password required)
+         * - SSL_OBJ_X509_CACERT (no password required)
+         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+         *
+         * PEM files are automatically detected (if supported).
+         * @param filename [in] The location of a file in DER/PEM format.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, string filename, string password)
+        {
+            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
+        }
+
+        /**
+         * @brief Transfer binary data into the object loader.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the memory data.
+         * @param data [in] The binary data to be loaded.
+         * @param len [in] The amount of data to be loaded.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, byte[] data, int len, string password)
+        {
+            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
+                                            data, len, password);
+        }
+    }
+
+    /**
+     * @class SSLServer
+     * @ingroup csharp_api 
+     * @brief The server context.
+     *
+     * All server connections are started within a server context.
+     */
+    public class SSLServer : SSLCTX
+    {
+        /**
+         * @brief Start a new server context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLServer(uint options, int num_sessions) :
+                            base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL client.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return An SSL object reference.
+         */
+        public SSL Connect(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
+        }
+    }
+
+    /**
+     * @class SSLClient
+     * @ingroup csharp_api
+     * @brief The client context.
+     *
+     * All client connections are started within a client context.
+     */
+    public class SSLClient : SSLCTX
+    {
+        /**
+         * @brief Start a new client context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLClient(uint options, int num_sessions) :
+                        base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL server.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * This is a blocking call - it will finish when the handshake is 
+         * complete (or has failed).
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @param session_id [in] A 32 byte session id for session resumption. 
+         * This can be null if no session resumption is not required.
+         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+         * if a handshake succeeded.
+         */
+        public SSL Connect(Socket s, byte[] session_id)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id));
+        }
+    }
+}
+/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
new file mode 100755
index 0000000000..c5a7916b71
--- /dev/null
+++ b/bindings/generate_SWIG_interface.pl
@@ -0,0 +1,328 @@
+#!/usr/bin/perl
+
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#===============================================================
+# Transforms function signature into SWIG format
+sub transformSignature
+{
+    foreach $item (@_)
+    { 
+        $line =~ s/STDCALL //g;
+        $line =~ s/EXP_FUNC/extern/g;
+
+        # make API Java more 'byte' friendly
+        $line =~ s/uint32_t/int/g;
+        $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        $line =~ s/\(void\)/()/g;
+        if ($ARGV[0] eq "-java")
+        {
+            $line =~ s/.*ssl_read.*//g;
+            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
+            $line =~ s/uint8_t/signed char/g;
+        }
+        else
+        {
+            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    foreach $line (@_)
+    {
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            print DATA_OUT $line;
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $module;
+my $interfaceFile;
+my $data_file;
+my $skip;
+my $splitLine;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    goto ouch;
+}
+
+if ($ARGV[0] eq "-java")
+{
+    print "Generating Java interface file\n";
+    $module = "axtlsj";
+    $interfaceFile = "java/axTLSj.i";
+}
+elsif ($ARGV[0] eq "-perl")
+{
+    print "Generating Perl interface file\n";
+    $module = "axtlsp";
+    $interfaceFile = "perl/axTLSp.i";
+}
+else
+{
+ouch:
+    die "Usage: $0 [-java | -perl]\n";
+}
+
+# Input file required to generate SWIG interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+# Open output file
+open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+
+#
+# I wish I could say it was easy to generate the Perl/Java bindings, but each
+# had their own set of challenges... :-(.
+#
+print DATA_OUT << "END";
+%module $module\n
+
+/* include our own header */
+%inline %{
+#include "ssl.h"
+%}
+
+%include "typemaps.i"
+/* Some SWIG magic to make the API a bit more Java friendly */
+#ifdef SWIGJAVA
+
+%apply long { SSL * };
+%apply long { SSL_CTX * };
+%apply long { SSLObjLoader * };
+
+/* allow "unsigned char []" to become "byte[]" */
+%include "arrays_java.i"
+
+/* convert these pointers to use long */
+%apply signed char[] {unsigned char *};
+%apply signed char[] {signed char *};
+
+/* allow ssl_get_session_id() to return "byte[]" */
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, SSL_SESSION_ID_SIZE);\"
+
+/* allow ssl_client_new() to have a null session_id input */
+%typemap(in) const signed char session_id[] (jbyte *jarr) {
+    if (jarg3 == NULL)
+    {
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL);
+        return jresult;
+    }
+    
+    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
+}   
+
+/* Lot's of work required for an ssl_read() due to its various custom
+ * requirements.
+ */
+%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
+    jint jresult = 0 ;
+    SSL *arg1;
+    unsigned char *arg2;
+    jbyte *jarr;
+    int result;
+    JNIEnv e = *jenv;
+    jclass holder_class;
+    jfieldID fid;
+
+    arg1 = (SSL *)jarg1;
+    result = (int)ssl_read(arg1, &arg2);
+
+    /* find the "m_buf" entry in the SSLReadHolder class */
+    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
+            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
+        return SSL_NOT_OK;
+
+    if (result > SSL_OK)
+    {
+        int i;
+
+        /* create a new byte array to hold the read data */
+        jbyteArray jarray = e->NewByteArray(jenv, result);
+
+        /* copy the bytes across to the java byte array */
+        jarr = e->GetByteArrayElements(jenv, jarray, 0);
+        for (i = 0; i < result; i++)
+            jarr[i] = (jbyte)arg2[i];
+
+        /* clean up and set the new m_buf object */
+        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
+        e->SetObjectField(jenv, jarg2, fid, jarray);
+    }
+    else    /* set to null */
+        e->SetObjectField(jenv, jarg2, fid, NULL);
+
+    jresult = (jint)result;
+    return jresult;
+}
+%}
+
+/* Big hack to get hold of a socket's file descriptor */
+%typemap (jtype) long "Object"
+%typemap (jstype) long "Object"
+%native (getFd) int getFd(long sock);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
+{
+    JNIEnv e = *env;
+    jfieldID fid;
+    jobject impl;
+    jobject fdesc;
+
+    /* get the SocketImpl from the Socket */
+    if (!(jcls = e->GetObjectClass(env,sock)) ||
+            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
+            !(impl = e->GetObjectField(env,sock,fid))) return -1;
+
+    /* get the FileDescriptor from the SocketImpl */
+    if (!(jcls = e->GetObjectClass(env,impl)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
+            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
+
+    /* get the fd from the FileDescriptor */
+    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
+
+    /* return the descriptor */
+    return e->GetIntField(env,fdesc,fid);
+} 
+%}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Perl friendly */
+#ifdef SWIGPERL
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    SV *svs = newSVpv((const char *)\$1, SSL_SESSION_ID_SIZE);
+    \$result = newRV(svs);
+    sv_2mortal(\$result);
+    argvi++;
+}
+
+/* for ssl_write() */
+%typemap(in) const unsigned char out_data[] {
+    SV* tempsv;
+    if (!SvROK(\$input))
+        croak("Argument \$argnum is not a reference.");
+    tempsv = SvRV(\$input);
+    if (SvTYPE(tempsv) != SVt_PV)
+        croak("Argument \$argnum is not an string.");
+    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+        SV *svs = newSVpv(*\$1, result);
+        \$result = newRV(svs);
+        sv_2mortal(\$result);
+        argvi++;
+    }
+}
+
+%typemap(freearg) unsigned char *in_data {
+    free(buf\$argnum);
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    /* check for a reference */
+    if (SvOK(\$input) && SvROK(\$input)) {
+        SV* tempsv = SvRV(\$input);
+        if (SvTYPE(tempsv) != SVt_PV)
+            croak("Argument \$argnum is not an string.");
+        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
+    } 
+    else
+        \$1 = NULL;
+}
+
+#endif
+
+END
+
+# Initialise loop variables
+$skip = 1;
+$splitLine = 0;
+
+parseFile(@raw_data);
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
new file mode 100755
index 0000000000..816dd47752
--- /dev/null
+++ b/bindings/generate_interface.pl
@@ -0,0 +1,307 @@
+#!/usr/bin/perl -w
+
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#===============================================================
+# This application transforms ssl.h into interfaces that can be used by 
+# other language bindings. It is "SWIG"-like in nature in that various 
+# files are generated based on the axTLS API.
+#
+# The file produced is axInterface.? (depending on the file extension).
+#
+#===============================================================
+
+use strict;
+
+my $CSHARP = 0;
+my $VBNET = 1;
+
+my $binding;
+my $skip = 0;
+my $signature_ret_type;
+
+# Transforms function signature into an Interface format
+sub transformSignature
+{
+    my $item;
+    my ($line) = @_;
+
+    foreach $item ($line)
+    { 
+        # our very basic preprocessor
+        if ($binding == $CSHARP)
+        {
+            $line =~ s/STDCALL //;
+            $line =~ s/EXP_FUNC/        [DllImport ("axtls")]\n        public static extern/;
+            $line =~ s/uint32_t/uint/g;
+            $line =~ s/uint8_t \*\*/ref IntPtr /g;
+            $line =~ s/const uint8_t \* /IntPtr /g;
+            $line =~ s/const uint8_t \*/byte[] /g;    # note: subtle diff 
+            $line =~ s/uint8_t \* ?/byte[] /g;
+            $line =~ s/uint8_t ?/byte /g;
+            $line =~ s/const char \* ?/string /g;
+            $line =~ s/const SSL_CTX \* ?/IntPtr /g;
+            $line =~ s/SSL_CTX \* ?/IntPtr /g;
+            $line =~ s/SSLObjLoader \* ?/IntPtr /g;
+            $line =~ s/const SSL \* ?/IntPtr /g;
+            $line =~ s/SSL \* ?/IntPtr /g;
+            $line =~ s/\(void\)/()/g;
+        }
+        elsif ($binding == $VBNET)
+        {
+            if ($line =~ /EXP_FUNC/)
+            {
+                # Procedure or function?
+                my $invariant = $line =~ /void /;
+
+                my $proc = $invariant ? "Sub" : "Function";
+                ($signature_ret_type) = $line =~ /EXP_FUNC (.*) STDCALL/;
+                $line =~ s/EXP_FUNC .* STDCALL /        <DllImport("axtls")> Public Shared $proc _\n            /;
+
+                $signature_ret_type =~ s/const uint8_t \*/As IntPtr/;
+                $signature_ret_type =~ s/const char \*/As String/;
+                $signature_ret_type =~ s/SSL_CTX \*/As IntPtr/;
+                $signature_ret_type =~ s/SSLObjLoader \*/As IntPtr/;
+                $signature_ret_type =~ s/SSL \*/As IntPtr/;
+                $signature_ret_type =~ s/uint8_t/As Byte/;
+                $signature_ret_type =~ s/int/As Integer/;
+                $signature_ret_type =~ s/void//;
+                $signature_ret_type .= "\n        End $proc\n\n";
+            }
+
+            $line =~ s/uint32_t (\w+)/ByVal $1 As Integer/g;
+            $line =~ s/int (\w+)/ByVal $1 As Integer/g;
+            $line =~ s/uint8_t \*\* ?(\w+)/ByRef $1 As IntPtr/g;
+            $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
+            $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
+            $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
+            $line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSLObjLoader \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/const SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/SSL \* ?(\w+)/ByVal $1 As IntPtr/g;
+            $line =~ s/void \* ?(\w+)/Byval $1 As IntPtr/g;
+            $line =~ s/\(void\)/()/g;
+            $line =~ s/void//g;
+            $line =~ s/;\n/ $signature_ret_type;/;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    my (@file) = @_;
+    my $line;
+    my $splitDefine = 0;
+    my $splitFunctionDeclaration;
+    my $vb_hack = " ";
+    my $vb_line_hack = 0;
+
+    $skip = 0;
+
+    foreach $line (@file)
+    {
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+
+            if ($binding == $VBNET)
+            {
+                $line =~ s/\|/Or/g;
+                $line =~ s/ 0x/ &H/;
+            }
+
+            my ($name, $value) = $line =~ /#define (\w+) +([^\\]*)[\\]?\n/;
+
+            if (defined $name && defined $value)
+            {
+                # C# constant translation
+                if ($binding == $CSHARP)
+                {
+                    $line = "        public const int $name = $value";
+                }
+                # VB.NET constant translation
+                elsif ($binding == $VBNET)
+                {
+                    $line = "        Public Const $name As Integer = $value";
+                }
+            }
+
+            next if $line =~ /#define/;  # ignore any other defines
+               
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+            print DATA_OUT ";" if $binding == $CSHARP;
+            print DATA_OUT "\n";
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            if ($line !~ /\\$/)
+            {
+                $line =~ s/$/;/ if $binding == $CSHARP;        # add the ";"
+            }
+
+            $line =~ s/ ?\| ?/ Or /g 
+                                if ($binding == $VBNET);
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+
+            # ignore trailing "\"
+            $line =~ s/\\$// if $binding == $CSHARP;
+            $line =~ s/\\$/_/ if $binding == $VBNET;
+            print DATA_OUT $line;
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~ /\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            $line =~ s/;// if ($binding == $VBNET);
+            $line =~ s/\n$/ _\n/ if ($binding == $VBNET) && 
+                                                $splitFunctionDeclaration;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            $line =~ s/;// if ($binding == $VBNET);
+            $line =~ s/\n/ _\n/ if ($binding == $VBNET) && 
+                                                $splitFunctionDeclaration == 1;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from command-line options
+use strict;
+use Getopt::Std;
+
+my $binding_prefix;
+my $binding_suffix;
+my $data_file;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    goto ouch;
+}
+
+if ($ARGV[0] eq "-csharp")
+{
+    print "Generating C# interface file\n";
+    $binding_prefix = "csharp";
+    $binding_suffix = "cs";
+    $binding = $CSHARP;
+}
+elsif ($ARGV[0] eq "-vbnet")
+{
+    print "Generating VB.NET interface file\n";
+    $binding_prefix = "vbnet";
+    $binding_suffix = "vb";
+    $binding = $VBNET;
+}
+else
+{
+ouch:
+    die "Usage: $0 [-csharp | -vbnet]\n";
+}
+
+my $interfaceFile = "$binding_prefix/axInterface.$binding_suffix";
+
+# Input file required to generate interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+
+# Open output file
+if ($binding == $CSHARP || $binding == $VBNET)
+{
+    open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+}
+
+# SPEC interface file header
+if ($binding == $CSHARP)
+{
+    # generate the C#/C interface file
+    print DATA_OUT << "END";
+// The C# to C interface definition file for the axTLS project
+// Do not modify - this file is generated
+
+using System;
+using System.Runtime.InteropServices;
+
+namespace axTLS
+{
+    public class axtls
+    {
+END
+}
+elsif ($binding == $VBNET)
+{
+    # generate the VB.NET/C interface file
+    print DATA_OUT << "END";
+' The VB.NET to C interface definition file for the axTLS project
+' Do not modify - this file is generated
+
+Imports System
+Imports System.Runtime.InteropServices
+
+Namespace axTLSvb
+    Public Class axtls
+END
+}
+
+parseFile(@raw_data);
+
+# finish up
+if ($binding == $CSHARP)
+{
+    print DATA_OUT "    };\n";
+    print DATA_OUT "};\n";
+}
+elsif ($binding == $VBNET)
+{
+    print DATA_OUT "    End Class\nEnd Namespace\n";
+}
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
new file mode 100644
index 0000000000..a1933b92fc
--- /dev/null
+++ b/bindings/java/Makefile
@@ -0,0 +1,93 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all: lib jar
+
+JAR=../../$(STAGE)/axtls.jar
+
+ifdef CONFIG_PLATFORM_WIN32
+TARGET=../../$(STAGE)/axtlsj.dll
+else
+TARGET=../../$(STAGE)/libaxtlsj.so
+endif
+
+lib: $(TARGET)
+axTLSj_wrap.o : axTLSj_wrap.c
+
+JAVA_FILES= \
+	axtlsjJNI.java \
+    axtlsjConstants.java \
+    axtlsj.java \
+    SSLReadHolder.java \
+    SSL.java \
+    SSLUtil.java \
+    SSLCTX.java \
+    SSLServer.java \
+    SSLClient.java
+
+OBJ=axTLSj_wrap.o
+
+AXOLOTLS_HOME=../..
+SSL_HOME=$(AXOLOTLS_HOME)/ssl
+CONFIG_HOME=$(AXOLOTLS_HOME)/config
+JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
+
+ifdef CONFIG_PLATFORM_WIN32
+CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
+CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
+LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
+
+include ../../config/makefile.post
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+else    # Not Win32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
+CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
+endif
+
+CFLAGS += -I$(SSL_HOME)
+CFLAGS += -I$(CONFIG_HOME)
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls 
+endif
+
+jar: $(OBJ) $(JAR)
+
+# if we are doing the samples then defer creating the jar until then
+$(JAR): $(JAVA_CLASSES)
+ifndef CONFIG_JAVA_SAMPLES
+	jar cvf $@ -C classes axTLSj
+else
+	@if [ ! -f $(JAR) ]; then touch $(JAR); fi
+endif
+
+classes/axTLSj/%.class : %.java
+	javac -d classes -classpath classes $^
+
+clean::
+	@rm -f $(JAR) $(TARGET) SWIG* axtls* *.i *.c 
+	@rm -fr classes/*
+
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
new file mode 100644
index 0000000000..a2dfd370b1
--- /dev/null
+++ b/bindings/java/SSL.java
@@ -0,0 +1,125 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @defgroup java_api Java API.
+ *
+ * Ensure that the appropriate dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ */
+
+/**
+ * @class SSL
+ * @ingroup java_api 
+ * @brief A representation of an SSL connection.
+ *
+ */
+public class SSL
+{
+    public int m_ssl;    /**< A pointer to the real SSL type */
+
+    /**
+     * @brief Store the reference to an SSL context.
+     * @param ip [in] A reference to an SSL object.
+     */
+    public SSL(int ip)
+    {
+        m_ssl = ip;
+    }
+
+    /**
+     * @brief Free any used resources on this connection. 
+     * 
+     * A "Close Notify" message is sent on this connection (if possible). It 
+     * is up to the application to close the socket.
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_free(m_ssl);
+    }
+
+    /**
+     * @brief Return the result of a handshake.
+     * @return SSL_OK if the handshake is complete and ok.
+     * @see ssl.h for the error code list.
+     */
+    public int handshakeStatus()
+    {
+        return axtlsj.ssl_handshake_status(m_ssl);
+    }
+
+    /**
+     * @brief Return the SSL cipher id.
+     * @return The cipher id which is one of:
+     * - SSL_AES128_SHA (0x2f)
+     * - SSL_AES256_SHA (0x35)
+     * - SSL_RC4_128_SHA (0x05)
+     * - SSL_RC4_128_MD5 (0x04)
+     */
+    public byte getCipherId()
+    {
+        return axtlsj.ssl_get_cipher_id(m_ssl);
+    }
+
+    /**
+     * @brief Get the session id for a handshake. 
+     * 
+     * This will be a 32 byte sequence and is available after the first
+     * handshaking messages are sent.
+     * @return The session id as a 32 byte sequence.
+     * @note A SSLv23 handshake may have only 16 valid bytes.
+     */
+    public byte[] getSessionId()
+    {
+        return axtlsj.ssl_get_session_id(m_ssl);
+    }
+
+    /**
+     * @brief Retrieve an X.509 distinguished name component.
+     * 
+     * When a handshake is complete and a certificate has been exchanged, 
+     * then the details of the remote certificate can be retrieved.
+     *
+     * This will usually be used by a client to check that the server's common 
+     * name matches the URL.
+     *
+     * A full handshake needs to occur for this call to work.
+     *
+     * @param component [in] one of:
+     * - SSL_X509_CERT_COMMON_NAME
+     * - SSL_X509_CERT_ORGANIZATION
+     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+     * - SSL_X509_CA_CERT_COMMON_NAME
+     * - SSL_X509_CA_CERT_ORGANIZATION
+     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+     * @return The appropriate string (or null if not defined)
+     */
+    public String getCertificateDN(int component)
+    {
+        return axtlsj.ssl_get_cert_dn(m_ssl, component);
+    }
+}
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
new file mode 100644
index 0000000000..2823511b1a
--- /dev/null
+++ b/bindings/java/SSLCTX.java
@@ -0,0 +1,219 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLCTX
+ * @ingroup java_api 
+ * @brief A base object for SSLServer/SSLClient.
+ */
+public class SSLCTX
+{
+    /**
+     * A reference to the real client/server context.
+     */
+    protected int m_ctx;
+
+    /**
+     * @brief Establish a new client/server context.
+     *
+     * This function is called before any client/server SSL connections are 
+     * made.  If multiple threads are used, then each thread will have its 
+     * own SSLCTX context. Any number of connections may be made with a single 
+     * context. 
+     *
+     * Each new connection will use the this context's private key and 
+     * certificate chain. If a different certificate chain is required, then a 
+     * different context needs to be be used.
+     *
+     * @param options [in]  Any particular options. At present the options
+     * supported are:
+     * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the 
+     * server authentication fails. The certificate can be authenticated later 
+     * with a call to verifyCert().
+     * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+     * i.e. each handshake will include a "certificate request" message from 
+     * the server.
+     * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user 
+     * will load the key/certificate explicitly.
+     * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+     * during the handshake.
+     * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+     * during the handshake.
+     * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+     * are passed during a handshake.
+     * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details 
+     * that are passed during a handshake.
+     *
+     * @param num_sessions [in] The number of sessions to be used for session
+     * caching. If this value is 0, then there is no session caching.
+     * 
+     * If this option is null, then the default internal private key/
+     * certificate pair is used (if CONFIG_SSL_USE_DEFAULT_KEY is set). 
+     * 
+     * The resources used by this object are automatically freed.  
+     * @return A client/server context.
+     */
+    protected SSLCTX(int options, int num_sessions)
+    {
+        m_ctx = axtlsj.ssl_ctx_new(options, num_sessions);
+    }
+
+    /**
+     * @brief Remove a client/server context.
+     *
+     * Frees any used resources used by this context. Each connection will be 
+     * sent a "Close Notify" alert (if possible).
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_ctx_free(m_ctx);
+    }
+
+    /**
+     * @brief Read the SSL data stream.
+     * @param ssl [in] An SSL object reference.
+     * @param rh [out] After a successful read, the decrypted data can be 
+     * retrieved with rh.getData(). It will be null otherwise.
+     * @return The number of decrypted bytes:
+     * - if > 0, then the handshaking is complete and we are returning the 
+     * number of decrypted bytes. 
+     * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+     * - < 0 if an error.
+     * @see ssl.h for the error code list.
+     * @note Use rh before doing any successive ssl calls.
+     */
+    public int read(SSL ssl, SSLReadHolder rh)
+    {
+        return axtlsj.ssl_read(ssl.m_ssl, rh);
+    }
+
+    /**
+     * @brief Write to the SSL data stream.
+     * @param ssl [in] An SSL obect reference.
+     * @param out_data [in] The data to be written
+     * @return The number of bytes sent, or if < 0 if an error.
+     * @see ssl.h for the error code list.
+     */
+    public int write(SSL ssl, byte[] out_data)
+    {
+        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_data.length);
+    }
+
+    /**
+     * @brief Write to the SSL data stream.
+     * @param ssl [in] An SSL obect reference.
+     * @param out_data [in] The data to be written
+     * @param out_len [in] The number of bytes to be written
+     * @return The number of bytes sent, or if < 0 if an error.
+     * @see ssl.h for the error code list.
+     */
+    public int write(SSL ssl, byte[] out_data, int out_len)
+    {
+        return axtlsj.ssl_write(ssl.m_ssl, out_data, out_len);
+    }
+
+    /**
+     * @brief Find an ssl object based on a Socket reference.
+     *
+     * Goes through the list of SSL objects maintained in a client/server 
+     * context to look for a socket match.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @return A reference to the SSL object. Returns null if the object 
+     * could not be found.
+     */
+    public SSL find(Socket s)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_find(m_ctx, client_fd));
+    }
+
+    /**
+     * @brief Authenticate a received certificate.
+     * 
+     * This call is usually made by a client after a handshake is complete 
+     * and the context is in SSL_SERVER_VERIFY_LATER mode.
+     * @param ssl [in] An SSL object reference.
+     * @return SSL_OK if the certificate is verified.
+     */
+    public int verifyCert(SSL ssl)
+    {
+        return axtlsj.ssl_verify_cert(ssl.m_ssl);
+    }
+
+    /**
+     * @brief Force the client to perform its handshake again.
+     *
+     * For a client this involves sending another "client hello" message.
+     * For the server is means sending a "hello request" message.
+     *
+     * This is a blocking call on the client (until the handshake completes).
+     * @param ssl [in] An SSL object reference.
+     * @return SSL_OK if renegotiation instantiation was ok
+     */
+    public int renegotiate(SSL ssl)
+    {
+        return axtlsj.ssl_renegotiate(ssl.m_ssl);
+    }
+
+    /**
+     * @brief Load a file into memory that is in binary DER or ASCII PEM format.
+     *
+     * These are temporary objects that are used to load private keys,
+     * certificates etc into memory.
+     * @param obj_type [in] The format of the file. Can be one of:
+     * - SSL_OBJ_X509_CERT (no password required)
+     * - SSL_OBJ_X509_CACERT (no password required)
+     * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+     * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+     * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+     *
+     * PEM files are automatically detected (if supported).
+     * @param filename [in] The location of a file in DER/PEM format.
+     * @param password [in] The password used. Can be null if not required.
+     * @return SSL_OK if all ok
+     */
+    public int objLoad(int obj_type, String filename, String password)
+    {
+        return axtlsj.ssl_obj_load(m_ctx, obj_type, filename, password);
+    }
+
+    /**
+     * @brief Transfer binary data into the object loader.
+     *
+     * These are temporary objects that are used to load private keys,
+     * certificates etc into memory.
+     * @param obj_type [in] The format of the memory data.
+     * @param data [in] The binary data to be loaded.
+     * @param len [in] The amount of data to be loaded.
+     * @param password [in] The password used. Can be null if not required.
+     * @return SSL_OK if all ok
+     */
+
+    public int objLoad(int obj_type, byte[] data, int len, String password)
+    {
+        return axtlsj.ssl_obj_memory_load(m_ctx, obj_type, data, len, password);
+    }
+}
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
new file mode 100644
index 0000000000..02ad38c7d3
--- /dev/null
+++ b/bindings/java/SSLClient.java
@@ -0,0 +1,66 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLClient
+ * @ingroup java_api 
+ * @brief The client context.
+ *
+ * All client connections are started within a client context.
+ */
+public class SSLClient extends SSLCTX
+{
+    /**
+     * @brief Start a new client context.
+     * 
+     * @see SSLCTX for details.
+     */
+    public SSLClient(int options, int num_sessions)
+    {
+        super(options, num_sessions);
+    }
+
+    /**
+     * @brief Establish a new SSL connection to an SSL server.
+     *
+     * It is up to the application to establish the initial socket connection.
+     *
+     * This is a blocking call - it will finish when the handshake is 
+     * complete (or has failed).
+     *
+     * Call dispose() when the connection is to be removed.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @param session_id [in] A 32 byte session id for session resumption. This 
+     * can be null if no session resumption is not required.
+     * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+     * if a handshake succeeded.
+     */
+    public SSL connect(Socket s, byte[] session_id)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_client_new(m_ctx, client_fd, session_id));
+    }
+}
diff --git a/bindings/java/SSLReadHolder.java b/bindings/java/SSLReadHolder.java
new file mode 100644
index 0000000000..e51e0a593d
--- /dev/null
+++ b/bindings/java/SSLReadHolder.java
@@ -0,0 +1,49 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+/**
+ * @class SSLReadHolder
+ * @ingroup java_api 
+ * @brief A holder for data read in an SSL read.
+ */
+public class SSLReadHolder
+{
+    /**
+     * @brief Contruct a new read holder object.
+     */
+    public SSLReadHolder()
+    {
+        m_buf = null;
+    }
+
+    /**
+     * @brief Retrieve the reference to the read data.
+     */
+    public byte[] getData()
+    {
+        return m_buf;
+    }
+
+    private byte[] m_buf;
+}
diff --git a/bindings/java/SSLServer.java b/bindings/java/SSLServer.java
new file mode 100644
index 0000000000..7aa7fc09b5
--- /dev/null
+++ b/bindings/java/SSLServer.java
@@ -0,0 +1,60 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.net.*;
+
+/**
+ * @class SSLServer
+ * @ingroup java_api 
+ * @brief The server context.
+ *
+ * All server connections are started within a server context.
+ */
+public class SSLServer extends SSLCTX
+{
+    /**
+     * @brief Start a new server context.
+     * 
+     * @see SSLCTX for details.
+     */
+    public SSLServer(int options, int num_sessions)
+    {
+        super(options, num_sessions);
+    }
+
+    /**
+     * @brief Establish a new SSL connection to an SSL client.
+     *
+     * It is up to the application to establish the initial socket connection.
+     *
+     * Call dispose() when the connection is to be removed.
+     * @param s [in] A reference to a <A HREF="http://java.sun.com/j2se/1.4.2/docs/api">Socket</A> object.
+     * @return An SSL object reference.
+     */
+    public SSL connect(Socket s)
+    {
+        int client_fd = axtlsj.getFd(s);
+        return new SSL(axtlsj.ssl_server_new(m_ctx, client_fd));
+    }
+}
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
new file mode 100644
index 0000000000..a59de3f1fe
--- /dev/null
+++ b/bindings/java/SSLUtil.java
@@ -0,0 +1,104 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @class SSLUtil
+ * @ingroup java_api 
+ * @brief Some global helper functions.
+ *
+ */
+public class SSLUtil
+{
+    /**
+     * @brief Load up the ddl/shared library 
+     */
+    static
+    {
+        System.loadLibrary("axtlsj");
+    }
+
+    /**
+     * @brief Return the build mode of the axTLS project.
+     * @return The build mode is one of:
+     * - SSL_BUILD_SERVER_ONLY
+     * - SSL_BUILD_ENABLE_VERIFICATION
+     * - SSL_BUILD_ENABLE_CLIENT
+     * - SSL_BUILD_FULL_MODE
+     */
+    public static int buildMode()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_BUILD_MODE);
+    }
+
+    /**
+     * @brief Return the number of chained certificates that the client/server 
+     * supports.
+     * @return The number of supported client/server certificates.
+     */
+    public static int maxCerts()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CERT_CFG_OFFSET);
+    }
+
+    /**
+     * @brief Return the number of CA certificates that the client/server
+     * supports.
+     * @return The number of supported CA certificates.
+     */
+    public static int maxCACerts()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_MAX_CA_CERT_CFG_OFFSET);
+    }
+
+    /**
+     * @brief Indicate if PEM is supported.
+     * @return true if PEM supported.
+     */
+    public static boolean hasPEM()
+    {
+        return axtlsj.ssl_get_config(axtlsj.SSL_HAS_PEM) > 0 ? true : false;
+    }
+
+    /**
+     * @brief Display the text string of the error.
+     * @param error_code [in] The integer error code.
+     * @see ssl.h for the error code list.
+     */
+    public static void displayError(int error_code)
+    {
+        axtlsj.ssl_display_error(error_code);
+    }
+
+    /**
+     * @brief Return the version of the axTLS project.
+     */
+    public static String version()
+    {
+        return axtlsj.ssl_version();
+    }
+}
+
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
new file mode 100644
index 0000000000..e04bd3c7d2
--- /dev/null
+++ b/bindings/perl/Makefile
@@ -0,0 +1,81 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: lib
+
+ifdef CONFIG_PLATFORM_WIN32
+TARGET=../../$(STAGE)/axtlsp.dll
+else
+TARGET=../../$(STAGE)/libaxtlsp.so
+endif
+
+ifneq ($(MAKECMDGOALS), clean)
+
+ifdef CONFIG_PLATFORM_WIN32
+PERL5_CORE:=$(shell cygpath -w "$(CONFIG_PERL_CORE)")
+else
+PERL5_CORE= $(shell perl -e 'use Config; print $$Config{archlib};')/CORE
+endif
+
+all: test_perl
+
+test_perl:
+	@if ! [ -d "$(PERL5_CORE)" ]; then \
+		echo "*** Error: Perl not installed at $(CONFIG_PERL_CORE) - go to " \
+        "http://www.cpan.org/authors/id/G/GR/GRAHAMC/SiePerl-5.8.0-bin-1.0-Win32.INSTALL.exe" && exit 1; \
+	fi
+
+endif
+
+lib: $(TARGET)
+AXTLS_HOME=../..
+SSL_HOME=$(AXTLS_HOME)/ssl
+CONFIG_HOME=$(AXTLS_HOME)/config
+OBJ:=axTLSp_wrap.o
+include ../../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32        # Linux/Unix/Cygwin
+
+#
+# Could have used libperl.a, but it increases the library to over 1MB, so just
+# use libperl.so. But this needs to be in the shared library path for things to
+# work.
+#
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
+ifdef CONFIG_PLATFORM_CYGWIN
+	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll
+endif
+	@install axtlsp.pm ../../$(STAGE)
+
+CFLAGS += -D__USE_GNU -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
+else
+CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
+CFLAGS += /I"$(PERL5_CORE)"
+LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)"
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+	install axtlsp.pm ../../$(STAGE)
+endif # WIN32
+
+clean::
+	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm
diff --git a/bindings/vbnet/Makefile b/bindings/vbnet/Makefile
new file mode 100644
index 0000000000..bcd6cae4d2
--- /dev/null
+++ b/bindings/vbnet/Makefile
@@ -0,0 +1,23 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+clean::
+	@rm -f axssl* axInterface.vb
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
new file mode 100644
index 0000000000..9cec32c789
--- /dev/null
+++ b/bindings/vbnet/axTLSvb.vb
@@ -0,0 +1,179 @@
+'
+'  Copyright(C) 2006 Cameron Rich
+'
+'  This program is free software you can redistribute it and/or modify
+'  it under the terms of the GNU General Public License as published by
+'  the Free Software Foundation either version 2.1 of the License, or
+'  (at your option As ) any later version.
+'
+'  This program is distributed in the hope that it will be useful,
+'  but WITHOUT ANY WARRANTY without even the implied warranty of
+'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+'  GNU Lesser General Public License for more details.
+'
+'  You should have received a copy of the GNU General Public License
+'  along with this program if not, write to the Free Software
+'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+'
+
+'
+' A wrapper around the unmanaged Integererface to give a semi-decent VB.NET API
+'
+
+Imports System
+Imports System.Runtime.InteropServices
+Imports System.Net.Sockets
+Imports axTLSvb
+
+Namespace axTLSvb
+    Public Class SSL
+        Public m_ssl As IntPtr
+
+        Public Sub New(ByRef ip As IntPtr)
+            m_ssl = ip
+        End Sub
+
+        Public Sub Dispose()
+            axtls.ssl_free(m_ssl)
+        End Sub
+
+        Public Function HandshakeStatus() As Integer
+            Return axtls.ssl_handshake_status(m_ssl)
+        End Function
+
+        Public Function GetCipherId() As Byte
+            Return axtls.ssl_get_cipher_id(m_ssl)
+        End Function
+
+        Public Function GetSessionId() As Byte()
+            Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
+            Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
+            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE)
+            Return result
+        End Function
+
+        Public Function GetCertificateDN(component As Integer) As String
+            Return axtls.ssl_get_cert_dn(m_ssl, component)
+        End Function
+    End Class
+
+    Public Class SSLUtil
+        Private dummy As Integer    ' need something here
+
+        Public Shared Function BuildMode() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_BUILD_MODE)
+        End Function
+
+        Public Shared Function MaxCerts() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET)
+        End Function
+
+        Public Shared Function MaxCACerts() As Integer
+            Return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET)
+        End Function
+
+        Public Shared Function HasPEM() As Boolean
+            If axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 Then
+                Return True
+            Else
+                Return False
+            End If
+        End Function
+        
+        Public Shared Sub DisplayError(ByVal error_code As Integer)
+            axtls.ssl_display_error(error_code)
+        End Sub
+
+        Public Shared Function Version() As String
+            Return axtls.ssl_version()
+        End Function
+    End Class
+
+    Public Class SSLCTX
+        Protected m_ctx As IntPtr
+
+        Protected Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions)
+        End Sub
+
+        Public Sub Dispose()
+            axtls.ssl_ctx_free(m_ctx)
+        End Sub
+
+        Public Function Read(ByVal ssl As SSL, ByRef in_data As Byte()) As Integer
+            Dim ptr As IntPtr = IntPtr.Zero
+            Dim ret as Integer = axtls.ssl_read(ssl.m_ssl, ptr)
+
+            If ret > axtls.SSL_OK Then
+                ReDim in_data(ret)
+                Marshal.Copy(ptr, in_data, 0, ret)
+            Else
+                in_data = Nothing
+            End If
+
+            Return ret
+        End Function
+
+        Public Function Write(ByVal ssl As SSL, _
+                ByVal data As Byte(), len As Integer) As Integer
+            Return axtls.ssl_write(ssl.m_ssl, data, len)
+        End Function
+
+        Public Function Find(ByVal s As Socket) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL(axtls.ssl_find(m_ctx, client_fd))
+        End Function
+
+        Public Function VerifyCert(ByVal ssl As SSL) As Integer
+            Return axtls.ssl_verify_cert(ssl.m_ssl)
+        End Function
+
+        Public Function Renegotiate(ByVal ssl As SSL) As Integer
+            Return axtls.ssl_renegotiate(ssl.m_ssl)
+        End Function
+
+        Public Function ObjLoad(ByVal obj_type As Integer, _
+                ByVal filename As String, _
+                password As String) As Integer
+            Return axtls.ssl_obj_load(m_ctx, obj_type, filename, password)
+        End Function
+
+        Public Function ObjLoad(ByVal obj_type As Integer, _
+                ByVal data As Byte(), ByVal len As Integer, _
+                password As String) As Integer
+            Return axtls.ssl_obj_memory_load( _
+                    m_ctx, obj_type, data, len, password)
+        End Function
+    End Class
+
+    Public Class SSLServer 
+            Inherits SSLCTX
+
+        Public Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            MyBase.New(options, num_sessions)
+        End Sub
+
+        Public Function Connect(ByVal s As Socket) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL(axtls.ssl_server_new(m_ctx, client_fd))
+        End Function
+    End Class
+
+    Public Class SSLClient 
+            Inherits SSLCTX
+
+        Public Sub New(ByVal options As Integer, _
+                ByVal num_sessions As Integer)
+            MyBase.New(options, num_sessions)
+        End Sub
+
+        Public Function Connect(ByVal s As Socket, _
+                                ByVal session_id As Byte()) As SSL
+            Dim client_fd As Integer = s.Handle.ToInt32()
+            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id))
+        End Function
+
+    End Class
+End Namespace
diff --git a/config/.config.tmp b/config/.config.tmp
new file mode 100644
index 0000000000..eae93ecacb
--- /dev/null
+++ b/config/.config.tmp
@@ -0,0 +1,11 @@
+deps_config := \
+	ssl/BigIntConfig.in \
+	samples/Config.in \
+	bindings/Config.in \
+	httpd/Config.in \
+	ssl/Config.in \
+	config/Config.in
+
+.config include/config.h: $(deps_config)
+
+$(deps_config):
diff --git a/config/Config.in b/config/Config.in
new file mode 100644
index 0000000000..c68e95a664
--- /dev/null
+++ b/config/Config.in
@@ -0,0 +1,120 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+mainmenu "axTLS Configuration"
+
+config HAVE_DOT_CONFIG
+    bool
+    default y
+
+choice 
+    prompt "Platform"
+    default CONFIG_PLATFORM_LINUX
+
+config CONFIG_PLATFORM_LINUX
+    bool "Linux"
+
+config CONFIG_PLATFORM_CYGWIN
+    bool "Cygwin"
+
+config CONFIG_PLATFORM_SOLARIS
+    bool "Solaris"
+
+config CONFIG_PLATFORM_WIN32
+    bool "Win32"
+
+endchoice 
+
+menu "General Configuration"
+
+config PREFIX
+    string "axTLS installation prefix"
+    depends on !CONFIG_PLATFORM_WIN32
+    default "/usr/local"
+    help
+      Define your directory to install axTLS files/subdirs in.
+
+config CONFIG_DEBUG
+    bool "Build axTLS with Debugging symbols"
+    default n
+    help
+      Say Y here if you wish to compile axTLS with debugging symbols.
+      This will allow you to use a debugger to examine axTLS internals.  
+      This increases the size of the binary considerably and should only be 
+      used when doing development.
+      If you are doing development and want to debug axTLS, answer Y.
+
+      Most people should answer N.
+
+menu "Microsoft Compiler Options"
+depends on CONFIG_PLATFORM_WIN32
+
+choice 
+    prompt "Compiler"
+    depends on CONFIG_PLATFORM_WIN32
+    default CONFIG_VISUAL_STUDIO_7_0
+
+config CONFIG_VISUAL_STUDIO_6_0
+    bool "Visual Studio 6.0 (VC98)"
+    help
+        Use Microsoft's Visual Studio 6.0 platform.
+
+config CONFIG_VISUAL_STUDIO_7_0
+    bool "Visual Studio 7.0 (2003)"
+    help 
+        Use Microsoft's Visual Studio 2003 platform.
+
+config CONFIG_VISUAL_STUDIO_8_0
+    bool "Visual Studio 8.0 (2005)"
+    help 
+        Use Microsoft's Visual Studio 2005 platform.
+
+endchoice
+
+config CONFIG_VISUAL_STUDIO_6_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_6_0
+    default "c:\\Program Files\\Microsoft Visual Studio"
+
+config CONFIG_VISUAL_STUDIO_7_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_7_0
+    default "c:\\Program Files\\Microsoft Visual Studio .NET 2003"
+
+config CONFIG_VISUAL_STUDIO_8_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_8_0
+    default "c:\\Program Files\\Microsoft Visual Studio 8"
+
+endmenu
+
+config CONFIG_EXTRA_CFLAGS_OPTIONS
+    string "Any extra CFLAGS options for the compiler?"
+    help
+        Do you want to pass any extra CFLAGS options to the compiler as  
+        you build axTLS? If so, this is the option for you...  For
+        example, if you want to add some simple compiler switches (like
+        -march=i686), or check for warnings using -Werror, just those 
+        options here.
+
+config CONFIG_EXTRA_LDFLAGS_OPTIONS
+    string "Any extra LDFLAGS options for the compiler?"
+    help
+        Do you want to pass any extra LDFLAGS options to the compiler?
+
+endmenu
+
+source ssl/Config.in
+config CONFIG_AXHTTPD
+    bool "Enable HTTP/HTTPS Web Server"
+    default y
+    help
+        Build the AXHTTPD web server
+
+source httpd/Config.in
+source bindings/Config.in
+source samples/Config.in
+source ssl/BigIntConfig.in
+
diff --git a/config/JMeter.jmx b/config/JMeter.jmx
new file mode 100755
index 0000000000..f62c03f0ee
--- /dev/null
+++ b/config/JMeter.jmx
@@ -0,0 +1,247 @@
+<jmeterTestPlan version="1.2" properties="1.8">
+  <hashTree>
+    <TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="axhttpd Test Plan" enabled="true">
+      <elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+        <collectionProp name="Arguments.arguments"/>
+      </elementProp>
+      <stringProp name="TestPlan.user_define_classpath"></stringProp>
+      <boolProp name="TestPlan.serialize_threadgroups">true</boolProp>
+      <boolProp name="TestPlan.functional_mode">false</boolProp>
+      <stringProp name="TestPlan.comments"></stringProp>
+    </TestPlan>
+    <hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 1" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Normal" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol"></stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">80</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 2" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="RC4" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 3" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES128" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">2443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 4" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="AES256" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">3443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Test 5" enabled="true">
+        <longProp name="ThreadGroup.start_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.delay"></stringProp>
+        <stringProp name="ThreadGroup.duration"></stringProp>
+        <stringProp name="ThreadGroup.num_threads">16</stringProp>
+        <boolProp name="ThreadGroup.scheduler">false</boolProp>
+        <elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
+          <stringProp name="LoopController.loops">10</stringProp>
+          <boolProp name="LoopController.continue_forever">false</boolProp>
+        </elementProp>
+        <longProp name="ThreadGroup.end_time">1152004173000</longProp>
+        <stringProp name="ThreadGroup.on_sample_error">stopthread</stringProp>
+        <stringProp name="ThreadGroup.ramp_time">0</stringProp>
+      </ThreadGroup>
+      <hashTree>
+        <HTTPSampler guiclass="HttpTestSampleGui" testclass="HTTPSampler" testname="Skeleton (RC4)" enabled="true">
+          <stringProp name="HTTPSampler.path">/index.html</stringProp>
+          <stringProp name="HTTPSampler.method">GET</stringProp>
+          <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
+          <stringProp name="HTTPSampler.protocol">HTTPS</stringProp>
+          <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
+          <stringProp name="HTTPSampler.port">1443</stringProp>
+          <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
+            <collectionProp name="Arguments.arguments"/>
+          </elementProp>
+          <stringProp name="HTTPSampler.mimetype"></stringProp>
+          <stringProp name="HTTPSampler.FILE_FIELD"></stringProp>
+          <stringProp name="HTTPSampler.monitor">false</stringProp>
+          <stringProp name="HTTPSampler.domain">127.0.0.1</stringProp>
+          <stringProp name="HTTPSampler.FILE_NAME"></stringProp>
+          <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
+        </HTTPSampler>
+        <hashTree/>
+      </hashTree>
+      <ResultCollector guiclass="StatGraphVisualizer" testclass="ResultCollector" testname="Aggregate Graph" enabled="true">
+        <objProp>
+          <value class="SampleSaveConfiguration">
+            <time>true</time>
+            <latency>true</latency>
+            <timestamp>true</timestamp>
+            <success>true</success>
+            <label>true</label>
+            <code>true</code>
+            <message>true</message>
+            <threadName>true</threadName>
+            <dataType>true</dataType>
+            <encoding>false</encoding>
+            <assertions>true</assertions>
+            <subresults>true</subresults>
+            <responseData>false</responseData>
+            <samplerData>false</samplerData>
+            <xml>false</xml>
+            <fieldNames>false</fieldNames>
+            <responseHeaders>false</responseHeaders>
+            <requestHeaders>false</requestHeaders>
+            <responseDataOnError>false</responseDataOnError>
+            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
+            <assertionsResultsToSave>0</assertionsResultsToSave>
+          </value>
+          <name>saveConfig</name>
+        </objProp>
+        <stringProp name="filename"></stringProp>
+        <boolProp name="ResultCollector.error_logging">false</boolProp>
+      </ResultCollector>
+      <hashTree/>
+      <ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="false">
+        <objProp>
+          <value class="SampleSaveConfiguration">
+            <time>true</time>
+            <latency>true</latency>
+            <timestamp>true</timestamp>
+            <success>true</success>
+            <label>true</label>
+            <code>true</code>
+            <message>true</message>
+            <threadName>true</threadName>
+            <dataType>true</dataType>
+            <encoding>false</encoding>
+            <assertions>true</assertions>
+            <subresults>true</subresults>
+            <responseData>false</responseData>
+            <samplerData>false</samplerData>
+            <xml>false</xml>
+            <fieldNames>false</fieldNames>
+            <responseHeaders>false</responseHeaders>
+            <requestHeaders>false</requestHeaders>
+            <responseDataOnError>false</responseDataOnError>
+            <saveAssertionResultsFailureMessage>false</saveAssertionResultsFailureMessage>
+            <assertionsResultsToSave>0</assertionsResultsToSave>
+          </value>
+          <name>saveConfig</name>
+        </objProp>
+        <stringProp name="filename"></stringProp>
+        <boolProp name="ResultCollector.error_logging">false</boolProp>
+      </ResultCollector>
+      <hashTree/>
+    </hashTree>
+  </hashTree>
+</jmeterTestPlan>
diff --git a/config/Rules.mak b/config/Rules.mak
new file mode 100644
index 0000000000..c0308da053
--- /dev/null
+++ b/config/Rules.mak
@@ -0,0 +1,220 @@
+# Rules.make for busybox
+#
+# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
+#
+# Licensed under GPLv2, see the file LICENSE in this tarball for details.
+#
+
+# Pull in the user's busybox configuration
+ifeq ($(filter $(noconfig_targets),$(MAKECMDGOALS)),)
+-include $(top_builddir)/.config
+endif
+
+#--------------------------------------------------------
+PROG      := busybox
+MAJOR_VERSION   :=1
+MINOR_VERSION   :=1
+SUBLEVEL_VERSION:=0
+EXTRAVERSION    :=
+VERSION   :=$(MAJOR_VERSION).$(MINOR_VERSION).$(SUBLEVEL_VERSION)$(EXTRAVERSION)
+BUILDTIME := $(shell TZ=UTC date -u "+%Y.%m.%d-%H:%M%z")
+
+
+#--------------------------------------------------------
+# With a modern GNU make(1) (highly recommended, that's what all the
+# developers use), all of the following configuration values can be
+# overridden at the command line.  For example:
+#   make CROSS=powerpc-linux- top_srcdir="$HOME/busybox" PREFIX=/mnt/app
+#--------------------------------------------------------
+
+# If you are running a cross compiler, you will want to set 'CROSS'
+# to something more interesting...  Target architecture is determined
+# by asking the CC compiler what arch it compiles things for, so unless
+# your compiler is broken, you should not need to specify TARGET_ARCH
+CROSS           =$(subst ",, $(strip $(CROSS_COMPILER_PREFIX)))
+CC             = $(CROSS)gcc
+AR             = $(CROSS)ar
+AS             = $(CROSS)as
+LD             = $(CROSS)ld
+NM             = $(CROSS)nm
+STRIP          = $(CROSS)strip
+CPP            = $(CC) -E
+# MAKEFILES      = $(top_builddir)/.config
+RM             = rm
+RM_F           = $(RM) -f
+LN             = ln
+LN_S           = $(LN) -s
+MKDIR          = mkdir
+MKDIR_P        = $(MKDIR) -p
+MV             = mv
+CP             = cp
+
+
+# What OS are you compiling busybox for?  This allows you to include
+# OS specific things, syscall overrides, etc.
+TARGET_OS=linux
+
+# Select the compiler needed to build binaries for your development system
+HOSTCC    = gcc
+HOSTCFLAGS= -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
+
+# Ensure consistent sort order, 'gcc -print-search-dirs' behavior, etc.
+LC_ALL:= C
+
+# If you want to add some simple compiler switches (like -march=i686),
+# especially from the command line, use this instead of CFLAGS directly.
+# For optimization overrides, it's better still to set OPTIMIZATION.
+CFLAGS_EXTRA=$(subst ",, $(strip $(EXTRA_CFLAGS_OPTIONS)))
+
+# To compile vs some other alternative libc, you may need to use/adjust
+# the following lines to meet your needs...
+#
+# If you are using Red Hat 6.x with the compatible RPMs (for developing under
+# Red Hat 5.x and glibc 2.0) uncomment the following.  Be sure to read about
+# using the compatible RPMs (compat-*) at http://www.redhat.com !
+#LIBCDIR:=/usr/i386-glibc20-linux
+#
+# For other libraries, you are on your own.  But these may (or may not) help...
+#LDFLAGS+=-nostdlib
+#LIBRARIES:=$(LIBCDIR)/lib/libc.a -lgcc
+#CROSS_CFLAGS+=-nostdinc -I$(LIBCDIR)/include -I$(GCCINCDIR) -funsigned-char
+#GCCINCDIR:=$(shell gcc -print-search-dirs | sed -ne "s/install: \(.*\)/\1include/gp")
+
+WARNINGS=-Wall -Wstrict-prototypes -Wshadow
+CFLAGS=-I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)
+ARFLAGS=cru
+
+
+# gcc centric. Perhaps fiddle with findstring gcc,$(CC) for the rest
+# get the CC MAJOR/MINOR version
+CC_MAJOR:=$(shell printf "%02d" $(shell echo __GNUC__ | $(CC) -E -xc - | tail -n 1))
+CC_MINOR:=$(shell printf "%02d" $(shell echo __GNUC_MINOR__ | $(CC) -E -xc - | tail -n 1))
+
+#--------------------------------------------------------
+export VERSION BUILDTIME HOSTCC HOSTCFLAGS CROSS CC AR AS LD NM STRIP CPP
+ifeq ($(strip $(TARGET_ARCH)),)
+TARGET_ARCH:=$(shell $(CC) -dumpmachine | sed -e s'/-.*//' \
+		-e 's/i.86/i386/' \
+		-e 's/sparc.*/sparc/' \
+		-e 's/arm.*/arm/g' \
+		-e 's/m68k.*/m68k/' \
+		-e 's/ppc/powerpc/g' \
+		-e 's/v850.*/v850/g' \
+		-e 's/sh[234]/sh/' \
+		-e 's/mips-.*/mips/' \
+		-e 's/mipsel-.*/mipsel/' \
+		-e 's/cris.*/cris/' \
+		)
+endif
+
+# A nifty macro to make testing gcc features easier
+check_gcc=$(shell \
+	if [ "$(1)" != "" ]; then \
+		if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \
+		then echo "$(1)"; else echo "$(2)"; fi \
+	fi)
+
+# Setup some shortcuts so that silent mode is silent like it should be
+ifeq ($(subst s,,$(MAKEFLAGS)),$(MAKEFLAGS))
+export MAKE_IS_SILENT=n
+SECHO=@echo
+else
+export MAKE_IS_SILENT=y
+SECHO=-@false
+endif
+
+CFLAGS+=$(call check_gcc,-funsigned-char,)
+
+#--------------------------------------------------------
+# Arch specific compiler optimization stuff should go here.
+# Unless you want to override the defaults, do not set anything
+# for OPTIMIZATION...
+
+# use '-Os' optimization if available, else use -O2
+OPTIMIZATION:=$(call check_gcc,-Os,-O2)
+
+# Some nice architecture specific optimizations
+ifeq ($(strip $(TARGET_ARCH)),arm)
+	OPTIMIZATION+=-fstrict-aliasing
+endif
+ifeq ($(strip $(TARGET_ARCH)),i386)
+	OPTIMIZATION+=$(call check_gcc,-march=i386,)
+	OPTIMIZATION+=$(call check_gcc,-mpreferred-stack-boundary=2,)
+	OPTIMIZATION+=$(call check_gcc,-falign-functions=0 -falign-jumps=0 -falign-loops=0,\
+		-malign-functions=0 -malign-jumps=0 -malign-loops=0)
+endif
+OPTIMIZATIONS:=$(OPTIMIZATION) -fomit-frame-pointer
+
+#
+#--------------------------------------------------------
+# If you're going to do a lot of builds with a non-vanilla configuration,
+# it makes sense to adjust parameters above, so you can type "make"
+# by itself, instead of following it by the same half-dozen overrides
+# every time.  The stuff below, on the other hand, is probably less
+# prone to casual user adjustment.
+#
+
+ifeq ($(strip $(CONFIG_LFS)),y)
+    # For large file summit support
+    CFLAGS+=-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+endif
+ifeq ($(strip $(CONFIG_DMALLOC)),y)
+    # For testing mem leaks with dmalloc
+    CFLAGS+=-DDMALLOC
+    LIBRARIES:=-ldmalloc
+else
+    ifeq ($(strip $(CONFIG_EFENCE)),y)
+	LIBRARIES:=-lefence
+    endif
+endif
+ifeq ($(strip $(CONFIG_DEBUG)),y)
+    CFLAGS  +=$(WARNINGS) -g -D_GNU_SOURCE
+    LDFLAGS +=-Wl,-warn-common
+    STRIPCMD:=/bin/true -Not_stripping_since_we_are_debugging
+else
+    CFLAGS+=$(WARNINGS) $(OPTIMIZATIONS) -D_GNU_SOURCE -DNDEBUG
+    LDFLAGS += -Wl,-warn-common
+    STRIPCMD:=$(STRIP) -s --remove-section=.note --remove-section=.comment
+endif
+ifeq ($(strip $(CONFIG_STATIC)),y)
+    LDFLAGS += --static
+endif
+
+ifeq ($(strip $(CONFIG_SELINUX)),y)
+    LIBRARIES += -lselinux
+endif
+
+ifeq ($(strip $(PREFIX)),)
+    PREFIX:=`pwd`/_install
+endif
+
+# Additional complications due to support for pristine source dir.
+# Include files in the build directory should take precedence over
+# the copy in top_srcdir, both during the compilation phase and the
+# shell script that finds the list of object files.
+# Work in progress by <ldoolitt@recycle.lbl.gov>.
+
+
+OBJECTS:=$(APPLET_SOURCES:.c=.o) busybox.o usage.o applets.o
+CFLAGS    += $(CROSS_CFLAGS)
+ifdef BB_INIT_SCRIPT
+    CFLAGS += -DINIT_SCRIPT='"$(BB_INIT_SCRIPT)"'
+endif
+
+# Put user-supplied flags at the end, where they
+# have a chance of winning.
+CFLAGS += $(CFLAGS_EXTRA)
+
+#------------------------------------------------------------
+# Installation options
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_HARDLINKS)),y)
+INSTALL_OPTS=--hardlinks
+endif
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_SYMLINKS)),y)
+INSTALL_OPTS=--symlinks
+endif
+ifeq ($(strip $(CONFIG_INSTALL_APPLET_DONT)),y)
+INSTALL_OPTS=
+endif
+
+.PHONY: dummy
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
new file mode 100755
index 0000000000..f80a1cf6f7
--- /dev/null
+++ b/config/axhttpd.aip
@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.2" modules="freeware" RootPath="." Language="en">
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="ALLUSERS" Value="2"/>
+    <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
+    <ROW Property="ARPPRODUCTICON" Value="controlPanelIcon.exe"/>
+    <ROW Property="ARPURLINFOABOUT" Value="http://axtls.cerocclub.com.au"/>
+    <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
+    <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
+    <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
+    <ROW Property="ProductCode" Value="1033:{4708D414-9C0E-46D2-9B67-D6421C9C5F81} "/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
+    <ROW Property="ProductVersion" Value="1.1.0"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
+    <ROW Directory="New_Folder_DIR" Directory_Parent="APPDIR" DefaultDir="include"/>
+    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="another_dir_DIR" Directory_Parent="test_dir_DIR" DefaultDir="anothe~1|another_dir"/>
+    <ROW Directory="bin_DIR" Directory_Parent="test_dir_DIR" DefaultDir="bin"/>
+    <ROW Directory="no_http_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_http"/>
+    <ROW Directory="no_ssl_DIR" Directory_Parent="test_dir_DIR" DefaultDir="no_ssl"/>
+    <ROW Directory="test_dir_DIR" Directory_Parent="www_DIR" DefaultDir="test_dir"/>
+    <ROW Directory="www_DIR" Directory_Parent="APPDIR" DefaultDir="www"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="another_dir" ComponentId="{3F073789-DB33-40BC-BF88-922C6DF252EC}" Directory_="another_dir_DIR" Attributes="0"/>
+    <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
+    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
+    <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
+    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
+    <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
+    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
+    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
+    <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
+    <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
+    <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
+    <ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
+    <ROW Component="htaccess_1" ComponentId="{953D1999-CC00-4F85-9B48-2CD83ACAE2F9}" Directory_="no_http_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\no_http"/>
+    <ROW Component="htaccess_2" ComponentId="{6F181A8B-B313-47E2-AF79-AABFDBD353D8}" Directory_="bin_DIR" Attributes="0" KeyPath="htaccess_2" FullKeyPath="APPDIR\www\test_dir\bin"/>
+    <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h health.sh htpasswd.exe another_dir htaccess htaccess_2 htaccess_1"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
+    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
+    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
+    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\_stage\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
+    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="5"/>
+    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\_stage\axtls.jar" SelfReg="false" Sequence="6"/>
+    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="7"/>
+    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="8"/>
+    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\_stage\axtlsj.dll" SelfReg="false" Sequence="9"/>
+    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
+    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
+    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
+    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
+    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="18"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="22"/>
+    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="25"/>
+    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="24"/>
+    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="26"/>
+    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="21"/>
+    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="23"/>
+    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="27"/>
+    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
+    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="19"/>
+    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
+    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="20"/>
+    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;ui.ail&gt;"/>
+    <ROW Path="&lt;ui_en.ail&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="FolderDlg.aip" Path="&lt;FolderDlg.aip&gt;"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;StaticUIStrings.aip&gt;"/>
+    <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
+    <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
+    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
+    <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="3"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="2"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
+    <ROW Directory_="another_dir_DIR" Component_="another_dir"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="Not Installed" Sequence="1545"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1300"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
+    <ATTRIBUTE name="Compress" value="1"/>
+    <ATTRIBUTE name="FirstMediaSize" value="0"/>
+    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="InstallationType" value="0"/>
+    <ATTRIBUTE name="MediaSize" value="0"/>
+    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="Package" value="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
+    <ROW Shortcut="axhttpd.exe" Directory_="SHORTCUTDIR" Name="axhttpd" Component_="axhttpd.exe" Target="[#axhttpd.exe]" Description="axhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
+    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
+  </COMPONENT>
+</DOCUMENT>
diff --git a/config/axtls.RES b/config/axtls.RES
new file mode 100644
index 0000000000000000000000000000000000000000..2929b3b679fddfb78bb58ebbccc5c0c4a9eb37d8
GIT binary patch
literal 22748
zcmeHv30##&mTzG?K4*D7Jw0!hH?QA&nx&IYC+SQlopu+K7&VE;M57o{F>Z(o7g<CQ
zM0OMfWV;~3WxujsSugu#QC4M90Yw4D1$SIQQUC8>A6}*Hq&q!t=JmYaq>@9`t*@3-
zr|PS({&mh#2qDIjfMH_tcY^lE#^*1vjEVB>CqMa%9~le1&cr(;3zCT#!@okf|D_TQ
z{~4~Lq`^+y-QAgXXRQ1cJv}{Q?AWnFqtOTp3k%_H;BO12-8I7<kF^jQgF%>TdV~c@
zX7==$iXM#x(-!<iGIeKpcVWspW8DobXAtfrO%H^jhq1d527|0OmSx$OyQwf}*oMJ^
zd2EL?cC3XkHRW#>?lG`Jk2~{779^n&WI&i&Xvm|6ylcoW`ysCylA)(Z3=R$oCnqQ2
z=jSK-`uap|ZLR3&=nz`1R_OJ5p;oKKAjhv#ISF0QplI$N6dHXk+tUh-RwrtkJIG6)
z&~*&5+#qE=D1w6YY`aew`UZu{NyYY6!kz60sr}fFmVIeOke`mf*}k?}=nc)n(9y$w
zdxWl8w$(56J^iAVq-DE$wqszw9V90e+j934enEbW)k0;dVLKe(EUj=NPby2TaCg!Q
zwMO#CH2d*mKN_80_;Kt(S_8*r5bB^>q1H7EZEZ8hOlocxIzxxh)piKIB#z5KYNjmw
z^gS%sBlP62mZUcHiDr(kgYxPj>B(<xA9-#juar?O`K=|dJtURNlKePP4(`Iq-CfKY
z?<XuRgP0DY9D;<UnOaz?)RdW;JTa!cH5#>;^^QhZa?UI{K9!S(GSqM`NE(jSR4Xhw
zUJEmhmt-l&O>&ZB_oIB(d^StRdK^2)ua=}CX>~%Y(+M*(J?rTyFTHRlSz1yyBuf=z
zcRlBZG3QV%NzRc*FSI1JmU1L%NovYdCrQt_Ci(dp_{_le8B@M`17)qLrMyYHTCQUf
z*Opq}%;%IlNk_TsNd{7ozJt#?xGuT&DF0^4UduJwOnG;3o$6}2p13yp`ul{2@-|T3
z&7?j_{ry}wls(r<2iJ2yskRSXFAx}nuynEz|0FEM*fEx3-aJcTVQI;+lAK5uDy|uo
zm}Sa2vUKA5l5^$6wMFuC5<i4LECG}MH(~tv@$5*__X^`LjUGK|{IyAwt||3Q#*e>t
zNeRP0pKF7Sk3Nz+ZSv$Jlc!ALkMWa6cTGMrjbXC0k|E1Kt2zGCq)DS&r<$5ZMNOSN
znrY{0Q%$2L%CN?C%#kURCS8&x$iXFr>1(4WPo6TRb<D&G6HHs3C$sRxQ4=Oi_<&*F
zgb7hor%h{}JS}(X)ZEr7mn6@lou`hOc4XSriK|vk95ZIGEd0Sd8RXv&CX8Y?YbK5w
zHEPY&$&<#9o;<B)>Y6WYoX1T3U`*76QKMwppdi_}3_(HchgG7YqD;rsuzc6li4#{(
z7&X&3(5uzgIbrpxFXnx)XYIRR>E_HaR8|@iRtJ4CVd5AL+<D5BDWflq?;69}6N2V_
zc_eV<%55LqpKyQZ-8oHWW@ei=pK@{8>gr`W7#3AC>%^>Cu3oeK#*d#eb;7(o2Sb8_
z?q;tHTrz4%{b0e*ezy5k=lk8}=1Z6MF26WMZ8fKHu}g2S>#VLm6O-J;kdT>e8EYfL
z!(6X^Z5etiwCQJ?-+$lRd*>(T&z}#NYwn}X>|XBE+v~M$)}&8OOsuolS<hNr@zqAl
z6sxSln73}L%zn1{<o3Vy-g*AKg~caly?u&G7dNbn_|n?p$Wiz4;}_4|)ZzAZ+gA%q
ziu8JIQcS2_%XSw3+smJv|1iMf%KP3vt(6n*2L-K~FfnS(v?-U`4|lk=JGsnQG{?|T
zTCy=!)7-Ls`*!ckOV5A!dB7*1>|FNSa`m35@bE7mPna-jZ%x<n8ErG#XS8qHlw+Hb
zzG1<FvKgHxy}i$WV)5bUpRf4jL;nlg9wdjw$A*QEF`YkgVpOivB3qTp)_ze{j%vYz
zl$g+Z7Y}nv=EDzV`42x_wxc05Cdn!}Iqcw($#ql5<SyEny5QrFKh9c^mGyCEl9g52
zadS`erON_Ve184<u5XqtpWAw%s7Rj_V-*>`cIN0QQ<_w1TB{@$wBi>$t>nOBH@CU|
zOP78A%||zOf3)kuT;Cpt#`nw|^_j6L>USMxU-R&2QEgbie!X^m(fX1(^(7yheeJny
z*|HU~{O)CQeG;N-PHd@Oyrt2xB!B<A5wlO9_V74$%r0GJJLB*S`~7(_g<pTPeA(w8
zt^8>BM?2=OY`ilnD%ZJd@-)+gX^Tr2gwH&5c*gP5r|ge)+O;^f+ZX2Lm$)8pKD*<i
zk3L%IGiZBh;ot-c-ZW~|o;9uKF7<609UUFLE-~G5hMRdyi><0SFSXpIzSErLR|c+C
zXKia7niwn>`JS+;qm|uY{`@ubqb>6n<{WCav&$+>DQRmm>z=#(;zi%t>%RK9ZSlsa
zF;S+b`{GmH;|o0gGZSFVnl<qS8{^_4e_fn!mG)j))9JZ$m-~3RPp`Gsl(;y?Wz<e?
zomP^$aCnord2?XisPGg@I4LH^s;G2P^C?fyuf1kp<Brf6_i?>h(Z{OvNXyKm_lC=_
zAw#&QPA<~s7o;uxDn0veoSfQc^^KoCozML$eqG>LUyz@lpR{52aC!dy^xWi`Vd|21
zE#D0bk507CbvSeFvrk#RfBa`>{zkW8L;c1L>abZ)i_65NNlRv0FPY>#+TFct%7~qb
zOgUFHE_QI3{d;>QrN!6h`OrUo{G}z6J~J`-jARVc<!<*RjM(?&<4>7AT|P3F{T}hB
z)4xZdKUa}I{B`@`DY1`)KRnlezxW4<{b31wUpX4fX$eiovPnSV*ilO3&*ND6+?4bb
z$Nq>vjKRd1Q09>5TH-{Wr$=H}i6tfOl(<p|i(y=<=^-`{3g#SZDsd-&jO8<u#G4Av
z6z;@<?oaWh1@UFiSc8IP73}NYqu^h6!|!5Ei7ky-Q{qmEF(uZNxKUzHiKis~lbF&k
zD2NzJO}rxUi^LnX3f7WXRN_mCM~%31kY{~)-dFJI6WnQO!81L_?Bo>0v8&mhdKg!!
zG{Q_`sCmRsl8hLNu|}gMj?og|4C5#Z_U&Y$BTgb_eS)DRF47PaY1G4*Qb){VsFm2K
zmN>GO7>U@17)N3oi7zF-k=RB<Y@^^Cjx$J4xjey@3jXE1NSq@vu%TlZTXqoNXgO9R
z29~(8mbk`JWkG%{6?`dijKsz7{Djzr_(ftECy8H3X7k*Ku_y7TALZcZ=Pt(olOOB)
z5%2g>E+pb<cg};v)PBV15~o|tA~v<4%qX{cudBtpS(KZ^supUNryNP{60b_qsEH9t
zT0Wmgd}>C#O5Ez_M+$m|TeVu^S<2ju@>WSAc6Fz`EiIWQDfm@I{Oa@s$NKS}AZQrR
z1`*S$Ng7g+mTipZe8_om(ve5vTvCvX-I+(ctKj}1=Bb&-Ia9DNW1UP(3~Z|BnDjy=
zX&%W;ui#-n71K^kyXz@G;#yJ=$;pptlElVNT&K#N0@r|_hFF*+@v+3k@}5C&U>Qr^
z<v1D0mw`B%G1rN_fAAwlmN;2WoGh`jmN?l@O<YX!lX#h=BdLj-HIj&(^&~CVm7b*K
z+LAcBnWRxSvkr-CEr=wswT`6aeTs%_PTp-8F*aZ9KWq56_`Z*O;f+^bd1c%<6O(b{
zm{3yB+GXCWFEhL$6R*Gg;)^f7{Q3*yo&**fx9Zh5I>RUbeDSN5uZ?<X^5n_RlV5tR
z^7Yr}y!dkG3*%l`{_4x&i|35``KY(~(9zME!O`KRmqz{k=Rbd&ZNB>2&tH1UY~8YT
zpT0E3$!A~2FMhG$tFOYHT;6{D)mK-&@yfVY-**0Bn#0@H6Jn>j{i^5wiWOGt*Ke@S
z4)|&r&ztMUnaqFN@7HD1y-GF|ZSlM~uwu2<TQ)YoeAE2Unl%rwoX<}hmRR-{)xY!3
z49|}&EC&AC%Esm`E2}lf-+pQGsMlUzHLiaN9zXt<1??>b+G7^0SFeBTz2Cg`)|<cH
zWoqi{@zSW*Uj2H}v9@#n@@26$Vej>o>({?!^PAti_uji{fl=|npT0ilwU<k^vp)X#
zi!Wx)otZkccKt6^zp>l&n>XLRQP@?JyXRM*zVO0|tNF7NXMU2b|Ha|UmT$hPvU~si
zP4AjjEL*ztO4B<ZX0Cd;a^*K?kDdAYR^!3X*R22L`|rO$_R+ejFTJ?<b@gk@AC%6I
zh{*Y}WaWzciyA&}GQY>?*3&;)vwPG_qg=gWU!m}K`0t!PFRT1$^XIb{4qCnY?z)Y-
z6!V2)adSSK)on6iyotU2<ZbV~6BIPJu65ChwU+B%F<F=1aQAe{FAA!=<s2_w+^PQ6
z%z3k;Lt?6ahK=Log#JtZ=~H<#K4kO5VdL@>H&@+Wwfv27^7q8?zkTI=@2}6lF#OPD
z(vx^(^xId)@vQqa=eH)~CQg|2tl+qbCKFiT-y-~3Up{s|e4cpr_ureJXFUz4EMMgD
zLE%H5V_s0YfBqcv6Xwb?#&eA6h_eebp9Z!l9zA*_9z1v`9u7ScLqiY6&_kw~_xSN+
z@%Ry#_lRX4i%0y8$2=F{p}2DOs<?RhyeKbg5=ncjM1F3KD6g#(ZQb3<J@{ih615Gd
zgeI;|Xrd2^ix;l3k0G(u$6jppauzn<#EP|RwPN`~t?<~MEi|RAqOs?)xP0Tfh)XCH
z?pyW3$0to#uZ<OZLu$mnynGRvT`U4)%SB9ao!GIjLRhaX5Xm|1!f@`kXu5P=MDMQ_
z>d15v80;(JQuc`$O{!>bJ1-iJw2RQB8nJnEuCQ93D(u#$2}i3;;k%<ml$^XMiqGE>
z^*0}hBLfhHO~*xiRH2C6(J0*Q4+ww13{hH9C8ATyMJ&G^`!WxTU7>km&5~r{?2;{F
z4t9y?Lsvw0*MP|H84&u@{bIXAidZ^thj4NB7tzrXqJX?d#Kw!b%xn?1S0}bRC5h0W
zTJh<mox)qwD1vg%i<G9jBE4%!ly%+_vEkJsJ~dCorDcn%+D38r?p>kF$`qcS-onk@
zLljh1i_*G!VYS9q*r+_kj?hdIvaeXgrd4s=2gD|;Z6aBlBg(1|i`KT2;tuO~b#;k@
z2M>w;`%{JMR#$Q0K$b{M)Cf1%t-?;VN!VK32q#BJ5uXq%viU4IDM1*@%f#*5w?$i9
zn>cmql(=>4mbiB9n&>>$shlk@UcAUP0`ZXR#cASC6*6#beK^rveE#8AV#eGBV(j#}
zV(k1GV!`aWV!ruwF-OJ=z7z{S|5ChdwL+}mO6>pbPZg4D_A}D7C#&;q#(z><=0g0$
z@MCf8#E-?pKcVh;mYqbBuZ7fQ$v$mXI*8TQ_G0V`Yx2KZ*srq|cI1DfjO{lGdz(!{
z#j^i5yqf;xr$W-aKcP=4v&k&~k0cpJlVqM3nK$zC7W2N(7-aoF6vm8_yS4IX%$`wW
z#+aD+@7Nh&vTJu>P_T)~m@&@0vvk|$zTLyq%iG7-&uaaKjn+0Q+f8=%4vw3hw*12q
zUal>-Sn<uuRjb$VGi3GYXLII$KJSY!=P&qb;UcreUr(AmW$HB3=^uRf(TtC0&YJzn
zFW-FY?O(m~FTZ~Gz2Ch5+wl`7{?GsQzsHVy>E%~m{rPLJ|Kbf3lfU`N-~ROP{@dUG
zgULVs(|`Zx|1s)k#&5}A|5uYAOMXU;df`Vej{YxWOve1^FaGkcOyqR_!7z-)|6q}C
zeQ2zweN~9DEHR8Hf25Rsejk2^xfUc7rKAw<tn)+oK>|NW;0Fo(N0ET>e97~kF-d^*
z_*=<X!1&zw`}x@T{Ex-5o-FfxFy<NK=bu0S+gMJ<#`L$9F+TtIj%D9QK1TLs%zr*_
zWIoU1N?jQb4GrP`{rd{>ob@~TBg>6U%eLijW8TQVzAf+h=f*O|c;xeuY00w;#=Mc`
zWm@vh^CG&tyK(yTY4DyBckbK)&y=`)`7*9txuT@+-Mgohm353kj#bvDO$~VN#Ely_
zaQ*sqr9Bx-x_R>^WZef39>6FYBQG+R?TzHg`0V+7+2_b|Qs$B*uafVwvNB|4WuZ{7
zM_pYV>S}9IUS5vsg9mZ)<VjE)4xZ7KI<lTj%RE{4=+UF7si}d%U_ePpi9*H2#Y$XV
zU5%!uW^{ITD&>u1k!_6RN2ZND$#EL_|F&4lOv>fz)vJn(d&olt`%X+sLYP_&-VY-r
zBm}|1!AMKdqOran-Dl3=($y=<e8{;veE2YUhm7RpWJE?rA}A;b0RaKv{WARh{o(6N
z^6|y)-MbJG5srj}1Vu(t78fpDP{v}MAIS%m&p5+Acvp_z-d=?-$)lXxk>inLlxstl
zt0!Oe4GlQi-i}VTTS-~P#%b8E4`^cr7Z(@o<yhp{jx;ypAm^l@pa3Z;DdZ_a;dSfQ
zt=PPIGaMWoU~lh$O`A3;WVguywzivKXK%;n4%q6lRT*PiTADKMqM{;HR8&CDPhnvp
zGBPrdnwpCJ`}ZR=GZU4Sl{j(Ygt8WmJj=CAJcM)S&Y`)f3F&MrHfA4k3-VFQ^;5z&
zwVVS#%Fo`;P9eV?{)mZ*K|*{y!b3tSS6{ffxnYab7V_+<@M=#U?d-_6oeC;j8^*Q@
z?<!lBl4oactCZVJnRt47KAodoyLNGYb}PTPZ}$Lo74Y=(#4hGZ8P(L(D*VcKN6tBI
z)sUB$hn(D8XvzDopg@-QLwqvV2-j$QVj_IJeW6m>A&%+bJ$vBb?1JrHUfAYJIXl=x
zMfuuF{>YQHY9p*|Y#48XwY5F$R4&+L?SxG>PO#m;`LNjxI~xaV+^`-tHr8;oXBj&Z
zV@Jo$*hYT+{rwQMI}jmzf)T>?st$`lVq5}pvvbhc*no@NPvm-+?^t?zx>DZPZwIz{
zc*B0PJ+``fAR#3KC(d0&@7;T-J8=rd74>L4*N5sO%?OW(ho?sXc~ZgALB%y<LtZw)
z!O<P=+alrN5eFZ?RQT^WfY9J#@{o^+utFs6%SUod5n`kB5Ehll@%zBedIKCdSCV%h
zA1`R)_Hn<+Lv76=v@{<fHR0H?<LKyULudC1oITg0tRKmLYiq0W4#_p`zHK}FyaV90
znR41h8FJoTef^*-uR>4%06MSULFbJ-sBAt4m5nV_8*Sj^xCJUJ6>O|F!`&kWA-jvn
zR}J<iH$k1!h`nh|*q70ay}BmE7q=t3x)WIj(!rC+tM5d8^94jlN5X0a*QMnS><$P;
zPIflx8;_x~p%n)YA4kK{lPEcK3=PM6aQfV3^j^3^*$?7A*UzzI$GE1Fm3Pvb>(bVF
z8<JA>aCGy9t<6T*Zrq5KtJWhrJ`*SU?%`}d>$IQYd*=nKHQQi5-ybt4yI{R-Je<QT
z;Sp7h$ebp`mb61%&<;&e7cwi(A^XTRWVT#IdizymAH9yMwi`Hf>MEKpTu0l<PFQ{(
zfaNpOu_w3)S$S2^mvtbg>;%ecdr@_y4@EWYsBP&&Q_CstLDzYeHT;c8(`6$nHV#g1
z?h3_db;v9|4ByZ+c(_Ht%OeP`TLWQZy$5-<9XL6750&jFU}qJJ>A&>DKaX06nG^gF
z5Z3_b&}xL}nvqz38v80wL0x(gd&|y2fAkKrI`3j{^G(Dw^<y97qEmw?JJE-X;}>wG
z>nt4R?Z?__MbPE;qW;7cv~*sBq47MbT6=M@?F=egIakL|;@qW+7<x4H^qUtJqs88Y
z3<QM6ATll$waq7RpzH|3_vInLCmr6~_Vb-fz{*8hESedI&5jkY+)#{}zmCBhW47ae
z{naYCx*tGrdNVvUO$g0CilF><xW=7>!=4KWD?EqXqxTVg>^8!W-^2d4dq`{>L~iFj
z=nnNkQ+*AGd-||zQ!XMrDv@7y7zt^m*b^ED-<=_F;X4_cl8C(gG8C0oqLlAMQ`<2N
z-WyQ9YuOcbh)&BzoURD8VMIamag-eEMOr}<eEI$bdgWk`V<C20>f!lK9z2)k!}^O1
zESjE#FW%XUS-<r{K&%0~vYO$a(TP2IC*had1Iyhfu*vr{4m96G=J7$qbPVFa*#Q)t
z9zb&20P;HrkeGi7;U!mb_(C5_^BTCn<iN>!Gxsj8V>>JE4IAOWeQc|vBmB94?%}sE
zmiu)fzvU-Sp1}1R*O6Jp@#dF8-_U~MmNsP9HzWPvF=SU9Lt?=}?2ar%@NPZABJvQO
zRLVKYgYWh{IB(vMjTVVmV;PTKDK*%oYk^Ne7XnMpU}td;LJwYmj_W3;^A-}0-Nb?J
z`>5y}Kxxka4s_f{PTO7RTkj#Ki|;{qFQNkTux4R69BjE3cd6mvvJ-aOcEXL{Om|mj
z?oH0z<D9UadrTO=H#s@^XlXeLO(FM%+y-b1TM$>!fJ{RZ;)?2!b*K*1!6Ake#&=?8
zR5rXqGU4Wz2J7|d{O+VfWxXGMAq9xZtHoZvt3efAP*<HtOm!a;j$B9jiF-)uxPy$Y
z0aRRkh_Xxfp+7gkF%2S{^N`<p9R}_trH9+`<+QC>{dpX$Ed$}~lz{aXq_x3t*&cwn
zIIitzHG=j8Vuz16c5qJ&4hlhLMi$ZzHDOmw0er&>;1;ZdTR;xnxliv&F2(M>1zdZ1
z2-Rj|oBsjWQsy=)Emki+fKMjHWA>ylem6>xR@#R2I<A$Ymyy|g2|2A-kWHi4jMMj!
zes&N!XYZln!UI%Y8ba}fyEwqKuJ;~FDEqpLw~&%liO=8k!~D0kFq;$&^I3bbW_B7@
zf0}@G98YpeAxaJ9sIBAKk>|e@o&{oJV|cF2L||ktT%9S?6<XMD)M3>(T9_|Q#qy;o
zu-}r4wHqks&Dn6+mWAcZld<HpJbd|KGM3HOV%eN1`189ISKiFE(ha@bPg>6N-MkL{
z+1sQ+6!s0F^vVO&U4Do|q}nS3D7!X<!t=LK*?j|5J(o~cQUkSD7QAe9@V70)wsi)W
zzn6)xUd@8}XBup@4u!2_5ZpY&5TBHVQ>S{+-f>)^u((Qi`ewpuT{2V)_hZ#3<ZWsS
zmQ7BE`A3XD*^i}^gB73Ie3=UC1^cmeT?T?&^Pt|D4Si(`@>@Glc$8=D)0dEU{3;Hd
zxQ>F}+bFwwABG!4IDGptj^B8M+FOs%GQe?g3>CfPy}J+X*RJ3w_s6{KY8*(bL|jxk
z-{TfU?rMP7s!FV-yjCxb!_ozDSU7hN+}vZ4SIF<_*$cRN=N7bwFCewy48pQ%v2{l_
zY}cj0@tZWbEKh~Ac`6*t65+a13va7*xUEV+z_uI&2kNnVR|UTdC0J>h26fU=RJ5H%
zaa%9SyKbTIbUzAv`=P&b7v=r@#@~K~;~YZ+)3yC~QF87E482#;+;bi3=mhKv4nlfP
zAu0|YMRiRF_s=4fQ7$#rEzqUcATF#40S;BLH7n*=_QTa95!=0k(cOCyakVFqa`+^)
z^`}VPh(6eg(1I3tYYo`sor-O{bFpJ@5%%fous5d?G5LoOlv0j0oCC8(MVR*6{aC*y
z50%Hy;OMnMu7?{aIn$5oOZU*yKZN7AhRFW|G+e)nqjw*m{@QhvbzQ)zTLVbTticy^
z*1*%<4MBmy$js64yx4@6);1ifX+&;5-@WiqM5*^7zn}y~C5I8<R}AY7iEwlcM@&*W
z_GT4gUv3#<3J)Q+_z1Lh#}QZ6id~6SP#3pAU2+`0@m1J!pbFZ9O*{)UA~?=~)fPEC
zI}~Bv!b12u=Axwh6cY1}VW+kM84Z1?xo{gtZrnxdtp_;Ve+TV%?or;CVfKwHd?Ipj
z_WDii@z27_<y+yh#Q`o3F7W1gHe^o-Xyl8~kRWVz_kyhx&&`25h(Qdve(Nf(5qn;^
z(2u(Mqg+G12;Lip-BIC`aU^!^+lSy}4LpLAv2m3K2?ez{aI6EFT-$+JM-WVT`9>GR
z!IOO37GcT4T&R|(BPOI6y1Wj!dDkHPz$xS(y@J~Fx6yKY5KWYO=Z*X5x^xR3-Vs=0
z#&fts7OEP1keyryJ4^0|JBb~fo#DL28LqBwJo~!B*<~~LIv=dt5Q-#i2D-aWV{qX9
z6NvrT2(_^*lHZF6KkN+kM?m;a1VxANY#syKFY<^3vJkFIMR-mD_M|qzH?9o62^Fw%
z$iP~z84JG4JGSN{BeM}93H8{wzZ)q$`&68}ifXR^roLM^cI_tG&R-_Zyog<4@$m9W
z#!8F*NXcwNRZ%-U9h2c55(!O`Mmg(;hVDT`xEj&1YB)RZ!;&u(`97CoVBqdktUoj)
zF~2+mJ>q`9725(_;Th-w?;sEO1^dHM6%D6ldbm0yLA7Ns>^)LoxhWE6=861Wj@9P5
zFq@H%Eo)M_UmSvOa5;8pYLUiwsk-MX%FkZGLB@x<zchAr<LIeVJaaulhQ0_Pd%4H0
ziHGZUzN7lHQ17mW%3cGX$Q0z1=y8yHd{t!~3W|#1?vjti9~WX5zdiE2`4sOyCXOdP
ze)JeCZI)xL{YtEJTn&|rHMV(f=b1hLYv!lIZAmE>OpnEfQzP+(sRkdvrNP`uNmwx}
z9otm~gzw-tE-V*&((4ghd7S%xFN)fGQF^==jU8vvdG<W|d5<B3?EB8$J4nke!KN(<
zSg||>{@w?Xk-&GxrUA>$wb&Yv0T-`SthS24hIQOCXBJ}K_#7l?3`!f1DDOw)d1Tlb
z;)~!&;?0O1@DK8XtB(_9y%uYhM8bMbCVbX&y?>n!$FFkXVv&dK8#1uVQwKjEEivYP
z1SjSqrLGG54>cg=;9+Ffw4$2$=JM6+c=&*KG4lR{yi5LNpybeV{tEUc7UOI4aBSI7
zim0GE1i3ZA)}jm>%!;saehI9<s>D~*Ghw|d4QKh@8}Ec3Q>ksd3zG53aGz_c@7g6C
zY^+C2VkTCu+=aDEqPfPii3Q?euZn`t_IOy??Si8x#~c%hh@=EW#U~?4mxHX5Dzu$G
zg<D*!4|zr(Vte<={{zxv(xah=7~r`V7(&~bE~J%Jz<Wm)Hdv=%ofYR}XF0zqS=h8*
zi{*>LuyXZI)VCfR9yP~r<a;E~$~_S0g*toXIhUCduHNj&#VZ%k(Rmu0{RfB#(uvi&
zaqh|`)EzmBQ)kcNXlDnG@*LZI^cYTbbnwn=_#R6(Aln`8k9U0XKgvpyTm$mnz!(OG
z28gR#5vd_A&NiT+su5ZF2ca*lrQFXe^ENbef4DB!j%;IOFt%%qAB~u6PPXivIFs-C
zlWGqh4KRCnEsShOrezy)ofzAaF@O9{G2>X|_#SdT9<cl!V%f{LZ%|g<=(}`<W0(8n
z@O`A*XC6I%z-FX8WOL8%DUE&7HbUX^A!B8(8O!;Wa*`NdxxagG9|OGe8sb<UFz*5H
zyClhZGnP~4lI_db*!IY=7}LhN8G85tcLxW!H$Grn?1wzx=iYda@BHAvJ*D4AkNCzY
zGBM8Q@5<x(e&kq`{$(tAQHXLSPjc?%p7ofMq5M|L43}4A&Bly88e?T3BmNlkWh{An
zNRlE|))i$vB>9zl4F8w0Bo<ZLHS#*5x$jK={wTk*=+g(1r+;1e{d#hpJqyF>?`mG@
zmqkX(Mh<%9@9&eA{Ta&{)6aMqP8py7YvS)}^Z7phfBO9&MGyA_A3sRo2MPS=lfdv^
zX|yZ-<MDq!3H@m!{!`_trQzXNb}?+nMdMnA=k2)0GS8Is)Q*dFeh5EEV59`(dFuJ_
zU1zM3<-V)T$o!GzN2ZN^j*LgvGv<%1Bhxb9h#|hKjIqx1?TxHwd}eIZ_*=$Ozc2Ov
zQdfSRb|BJ*<HAMWxjxbT%Q7-ZY$R<T<a22kVzdqE@9%$VBVcUT*tb&g$sgl0V=S?h
zw87}V(T_&j5J=kx`pGH!`}DMQ9H+kW2C=a$BkdI$8ygkfcT!TaqL1IVZy)uc(Tbj2
z+5*t_S+PMe+GogEjzRJ#+mQW9z9jCHByAX^PPc}7u49Z#N=p=b3tL-T?4S)rd3ibS
zMr)wU($O9xQqkLQ-t0)-j2(5p)H|^p9ou2&V9WcjEs8xu_JM50zM-_FRIx{hr_DtY
z$5mQdinC|WDl(L|70u1fioHp)HU)u!dr($Uso1V~xKpp}=MQ(<2<!~lMV+Px_1v_B
zV1L#&8>siTp+4D;`Yz^KGbYg{92+)RQLk-Jn~N>jy44ll-d^yhor1K(2nq~DDs3X#
z+uIcxNSlrD@NnwC{opKZFKCl+KwpC67cRm;J#sU3ocrQZsDGp`%6=m@scfj{@#TFW
z_3S%na}bzI{Z0X*_Ud`xS44erF6Fit4x4P@VCTU80w{w#)YR4}b9SWpC{CR2q#eLT
z1!FgGu6NV!fi}qS-xUU@t=q7E{W|#X4#n~F*Kv6Wh>DKI+LeyHQ`}13dL;bR)!3JH
z6#MkNb1yuN^y+iSXu5>#mdhwRb{WTce;KRZ4~tJjpoz~%Wo<hu8hUW3`5X*~JJH^G
zfoouZ^ZyX3Svl-01nxdNkX2lZ-Qm=yYzxH(D?fPnX2a0l2QSZDy!m%dnDQ3yDx>S+
zpK=&6Whb$lI^Xz;OVCkY7S(za@kei?u>B^Ac?X$B9lq+*0_sgKP?voQnMFrXP=6c;
zo7-`syBh<%yO1G1OOL1&9S)S&pzLTD;!>;O@5%c&+kDu4l?l5gxmY|S4Zrz&FRZtT
z!=BuB?ACQ)d)g_e0(y{IcMEat14un}4;d#1k=b|?aTQm2&wLsQ5qTV2Fz3}pu}5)p
z--f7&C?uz+p_T8`0Ph--3Tu#IXn_7m8?tJTBCDzyk=i1JhUG&Yqo>}EdM>9-sMaOH
zH?kOk)E5R6pFv=0FOm-5K*otX&~*=jzNoy%q<)aP&*HPUpet^`dh-x$*%E-w&cSeS
z<@)pX;JdLEZd{XlqoQ%Jn!1C$8U$;2j~iWtov|edPcKEpe%@QBWMhkOI&7$~Tr?*I
zOBco=HnX032HsU4zNpv~WKuVu+D*L}^?HVj_mSPp{(J6FXVwodmlVu-BMhtOYq09m
z6s-O_jO$nneQ^P@GSb+8l=3d_49SN5`Xp>HPl5Rt$yh$0`utUySVujJ<u|EV`bj!g
z&*dGf&3>d-HY30NEOL+cDZ08s>O@Pg4x#SqL+V$CP)WU4F?BFaeK$~)U5DMyIoPp<
z`keX2Sn_@*R(})4_m=vTI32pU271q*K~mLeM5NX8-d_i6bL#vTq+-K7>RFa)slQ5v
zw__H91B&6{u18R8Eet1mQPE8uRX1%BF5gAXt%o>v^AVZ`sAr?CNzM72$S$rxN@^wy
z)lJARZsMI@D>CBivD>2@o0jEZ&2s9l_9UbEcsmlPyGp6=Kr(GgG>6)-Gp!2VQ6&iA
zoM;LTA-Sv$PTLDG=i^+gSg4~7%US9<E}-D#H5|D<h?bkQ<+=9&m8Z`mwWb-(otLqC
zxihwKZ;a8zp^Ua(h1`!LdFL8VyR(|w!#I%Df`HwbNXa;WkeIy)jMZ?yd8bSr<u;FO
zq|t^Yw)z;t^BS370c)p1Ed4SEA)bXu-rq`H49C<)8<HFMIQIKEb@ev3x<z8WDh}0$
zy5VNO2Oitq;7l7E`pr<c;*8anUQpBS=jydS<-L=aSMnR?AI`lo#E1HRKWy6`0Y~#}
z_(vpSXHqtt0}J5jUyNm6^KSQ>OzhiRg^<J}(AAtn<+<yqr#`Tmc1ovvFCZi;1y<`*
zke1$#eW9h;zB>|$sqwTuOG9cV?}@1&jtDmJ8_v7S2lAUUq<qg;*{+}-VHIp$Ho(r&
z4K|C@VZA65Uw*n5UrddI`6rpMr%oiuo4WC&Drl<OP(*z}IrWz9Jr{6=-(PvBccSMs
zZ3ei0R5^$bZ-uLE2|TD%51@U4r)v%tOyM3)I~N%q@*dFmO)jr4h2dZs^rd{BsK%y^
z5wQFs5nH~=fIW2$Th_;6%hpJE1;!#$r$b^%Ir3_n(0%>_hVE0J^W;n-+r547E~1k3
zij9H0V+kDAmtfrz9n3yX##-71T%^r_yoZ!`mBw>~tT!^8xp)qTYFm)BzmWRgLujOJ
zMtMyG4!5<S?(h+`wRhkaztu9xJ5D)v*_ON$ekAW9`QN!qmywuJj@bRBpuarQGYr)E
zos~77j@x+dFn<3>>MCU0<WfcqkB6h@{tn-7J{yO;UslHTWPA_E$2Fc;255I=Y{NL`
z!+k%yE0$d-_qS4(Jc~TwIHZnD-Z{&0(Z5g8r5JfM^8RhHl!<abJv7XZQdhR4+$I0+
z-K23y%rz$eZR79JtQ>>v{@cd#$MPhzO8qDCA1nXt`LlW>vA_@M|9ld7e!>5HOW^tb
zEa`$amYojYV@S`y-@nI@*A`<*#(NCYVYfBr{KpCM-ICvw=fk(<$+B`kGJb>PZ)1=+
zjJ~T+@te$-{s{D6r5$dEV*fm%_|tuZ{<7%m>H_^`i5XLs?>_xyk(j6f{bgy(Ogm>{
zBl^pN{<5IIEa)!_`pYVKkiNRabl$Wx@}MrX8uZnrovSTzi6`i*3;ODUzPg~VF6gTZ
z`s#wdx}dMFf_LdF4EhR#zQUldFz71``U-=-!l17(=qn8R3WL7Fpsz6KD-8MygTBH_
z|MXP`eU(99WzbiddiZ3X39~_8Wzbg{^i>9Zl|f%+&{rAsRR(>PiFqSHUuDo&ns)KI
zpszIOD-HTegTB(BuQcc@4f;xhzS5wtH0Uc0`bvYo(x9(2=qnBSYJ<MoJd2fszS^{j
z;kj#N0qCm@`f7u|+MusC=&KF-YEusTc)m*oeYHVfZO}&?^brSr#6cf%&_|qSux!vr
z9P|+feZ)Z@anMJcSd(^hYhytlapSauzUiQEI_R4Y`lf@v>7Z{q=$o#{R~D4tWcsJm
zPMbE4(T8}RxTdTj`lvr`=erW}`}*uN_e>9M{3gh?C`mb+@!M(q<{HlzO8;`*@)<v|
zd@jpBTepAiH__<d`ls??toJo5O21d&$6~hlh_qZx7iMAsy}Rc>Y4n{D|9-ICjYf-i
zSVjJ81@d1T=I%81$uIt!O`~`lJN!%j%Lgw!DLGb1|JxruDal_f^Wu||V};xc<qr6N
E0E3frQ2+n{

literal 0
HcmV?d00001

diff --git a/config/axtls.rc b/config/axtls.rc
new file mode 100644
index 0000000000..0f288aa91f
--- /dev/null
+++ b/config/axtls.rc
@@ -0,0 +1,32 @@
+//Microsoft Visual C++ generated resource script.
+//
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// Generated from the TEXTINCLUDE 2 resource.
+//
+#define APSTUDIO_HIDDEN_SYMBOLS
+#undef APSTUDIO_HIDDEN_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
+LANGUAGE 9, 1
+#pragma code_page(1252)
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+
+IDI_AXTLS       ICON         "../www/favicon.ico"
+
+
+#endif
+/////////////////////////////////////////////////////////////////////////////
+
+
+
diff --git a/config/config.h b/config/config.h
new file mode 100644
index 0000000000..4d0c5bd4f6
--- /dev/null
+++ b/config/config.h
@@ -0,0 +1,106 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#undef CONFIG_PLATFORM_LINUX
+#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_SOLARIS
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#define PREFIX "/usr/local"
+#undef CONFIG_DEBUG
+#undef CONFIG_VISUAL_STUDIO_6_0
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#define CONFIG_VISUAL_STUDIO_6_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#undef CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
+#undef CONFIG_SSL_PROT_LOW
+#define CONFIG_SSL_PROT_MEDIUM 1
+#undef CONFIG_SSL_PROT_HIGH
+#define CONFIG_SSL_USE_DEFAULT_KEY 1
+#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
+#define CONFIG_SSL_HAS_PEM 1
+#define CONFIG_SSL_USE_PKCS12 1
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 4
+#define CONFIG_SSL_MAX_CERTS 2
+#undef CONFIG_SSL_CTX_MUTEXING
+#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_OPENSSL_COMPATIBLE
+#undef CONFIG_PERFORMANCE_TESTING
+#undef CONFIG_SSL_TEST
+#define CONFIG_AXHTTPD 1
+
+/*
+ * Axhttpd Configuration
+ */
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_PORT 80
+#define CONFIG_HTTP_HTTPS_PORT 443
+#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
+#define CONFIG_HTTP_WEBROOT "../www"
+#define CONFIG_HTTP_TIMEOUT 300
+#undef CONFIG_HTTP_HAS_CGI
+#define CONFIG_HTTP_CGI_EXTENSIONS ""
+#undef CONFIG_HTTP_DIRECTORIES
+#undef CONFIG_HTTP_HAS_AUTHORIZATION
+#undef CONFIG_HTTP_USE_CHROOT
+#undef CONFIG_HTTP_CHANGE_UID
+#undef CONFIG_HTTP_HAS_IPV6
+#undef CONFIG_HTTP_ALL_MIME_TYPES
+#define CONFIG_HTTP_VERBOSE 1
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#undef CONFIG_BINDINGS
+#undef CONFIG_CSHARP_BINDINGS
+#undef CONFIG_VBNET_BINDINGS
+#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
+#undef CONFIG_JAVA_BINDINGS
+#define CONFIG_JAVA_HOME ""
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+
+/*
+ * Samples
+ */
+#define CONFIG_SAMPLES 1
+#define CONFIG_C_SAMPLES 1
+#undef CONFIG_CSHARP_SAMPLES
+#undef CONFIG_VBNET_SAMPLES
+#undef CONFIG_JAVA_SAMPLES
+#undef CONFIG_PERL_SAMPLES
+
+/*
+ * BigInt Options
+ */
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH 
+#define SQU_KARATSUBA_THRESH 
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
+#undef CONFIG_BIGINT_CHECK_ON
diff --git a/config/linuxconfig b/config/linuxconfig
new file mode 100644
index 0000000000..3f8bec6000
--- /dev/null
+++ b/config/linuxconfig
@@ -0,0 +1,103 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+CONFIG_PLATFORM_LINUX=y
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+# CONFIG_PLATFORM_WIN32 is not set
+
+#
+# General Configuration
+#
+PREFIX="/usr/local"
+# CONFIG_DEBUG is not set
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
+CONFIG_USE_DEV_URANDOM=y
+# CONFIG_WIN32_USE_CRYPTO_LIB is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="../www"
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_TIMEOUT=300
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSIONS=""
+# CONFIG_HTTP_DIRECTORIES is not set
+# CONFIG_HTTP_USE_CHROOT is not set
+# CONFIG_HTTP_CHANGE_UID is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_ALL_MIME_TYPES=y
+# CONFIG_HTTP_VERBOSE is not set
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+# CONFIG_PERL_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/config/makefile.conf b/config/makefile.conf
new file mode 100644
index 0000000000..77a341be3b
--- /dev/null
+++ b/config/makefile.conf
@@ -0,0 +1,121 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# A standard makefile for all makefiles
+#
+
+# All executables and libraries go here
+STAGE=./_stage
+
+ifneq ($(MAKECMDGOALS), clean)
+
+# Give an initial rule
+all: 
+
+# Win32 
+ifdef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_VISUAL_STUDIO_6_0
+CONFIG_VISUAL_STUDIO_6_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_6_0_BASE))
+CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include
+export LIB=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib
+PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
+else
+ifdef CONFIG_VISUAL_STUDIO_7_0
+CONFIG_VISUAL_STUDIO_7_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include
+export LIB=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib
+PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
+else 
+ifdef CONFIG_VISUAL_STUDIO_8_0
+CONFIG_VISUAL_STUDIO_8_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+export INCLUDE=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include
+export LIB=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib
+PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+endif
+endif
+
+CC=cl.exe
+LD=link.exe
+CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c 
+#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386
+LDSHARED = /dll
+AR=lib /nologo
+
+ifdef CONFIG_DEBUG
+	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
+	LDFLAGS += /debug /incremental:yes 
+else
+	CFLAGS += /O2 /D "NDEBUG"
+	LDFLAGS += /incremental:no 
+endif
+
+else    # Not Win32
+
+-include .depend
+
+CFLAGS += -I../config
+LD=$(CC)
+
+# Solaris
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -DCONFIG_PLATFORM_SOLARIS
+LDFLAGS += -lsocket -lnsl -lc
+LDSHARED = -G
+# Linux/Cygwin
+else 
+CFLAGS += -Wall -Wstrict-prototypes -Wshadow
+LDSHARED = -shared
+
+# Linux
+ifndef CONFIG_PLATFORM_CYGWIN
+CFLAGS += -fPIC 
+
+# Cygwin
+else
+CFLAGS += -DCONFIG_PLATFORM_CYGWIN
+endif
+endif
+
+ifdef CONFIG_DEBUG
+CFLAGS += -g
+else
+LDFLAGS += -s
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -O 
+else
+CFLAGS += -O3
+endif
+
+endif	# CONFIG_DEBUG
+endif   # WIN32
+
+CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
+LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
+
+endif   # not 'clean'
+
+clean::
+	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
+
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
new file mode 100644
index 0000000000..110e27d3bb
--- /dev/null
+++ b/config/makefile.dotnet.conf
@@ -0,0 +1,53 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+ifneq ($(MAKECMDGOALS), clean)
+
+ifdef CONFIG_PLATFORM_WIN32
+GO_DOT_NET=y
+endif
+
+ifdef CONFIG_PLATFORM_CYGWIN
+GO_DOT_NET=y
+endif
+
+ifdef GO_DOT_NET
+all: test_dot_net_location
+
+# find out where the C# compiler is
+CONFIG_DOT_NET_FRAMEWORK_BASE:=$(shell cygpath -u $(CONFIG_DOT_NET_FRAMEWORK_BASE))
+
+test_dot_net_location:
+	@if ! [ -d "$(CONFIG_DOT_NET_FRAMEWORK_BASE)" ]; then \
+		echo "*** Error: .NET path of $(CONFIG_DOT_NET_FRAMEWORK_BASE) doesn't exist" && exit 1; \
+    fi
+
+PATH:=$(CONFIG_DOT_NET_FRAMEWORK_BASE):$(PATH)
+
+else        # Linux?
+all: test_mcs
+
+test_mcs:
+	@if ! mcs --about > /dev/null 2>&1; then \
+        echo "Mono not installed! - go " \
+        "to http://www.mono-project.com/Main_Page" && exit 1; \
+    fi 
+
+endif   # Linux
+
+endif   # not 'clean'
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
new file mode 100644
index 0000000000..2194ef44bd
--- /dev/null
+++ b/config/makefile.java.conf
@@ -0,0 +1,56 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+ifneq ($(MAKECMDGOALS), clean)
+
+all: test_jdk_location
+
+test_jdk_location:
+	@if ! [ -d "$(CONFIG_JAVA_HOME)" ]; then \
+		echo "*** Error: JDK path of $(CONFIG_JAVA_HOME) doesn't exist" && exit 1; \
+    fi
+
+
+ifdef CONFIG_PLATFORM_CYGWIN 
+CONFIG_JAVA_HOME:=$(shell cygpath -u $(CONFIG_JAVA_HOME))
+CFLAGS += -I"$(CONFIG_JAVA_HOME)/include"
+CFLAGS += -I"$(CONFIG_JAVA_HOME)/include/win32"
+JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
+else
+
+ifdef CONFIG_PLATFORM_WIN32
+CONFIG_JAVA_HOME:=$(shell cygpath -w $(CONFIG_JAVA_HOME))
+CFLAGS += /I"$(CONFIG_JAVA_HOME)\include"
+CFLAGS += /I"$(CONFIG_JAVA_HOME)\include\win32"
+JAVA_BIN:=$(shell cygpath -u $(CONFIG_JAVA_HOME)\bin)
+else # Linux
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include
+
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include/solaris
+else
+CFLAGS += -I$(CONFIG_JAVA_HOME)/include/linux
+endif
+
+JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
+endif
+endif
+
+PATH:=$(JAVA_BIN):$(PATH)
+
+endif   # not 'clean'                    
diff --git a/config/makefile.post b/config/makefile.post
new file mode 100644
index 0000000000..033981c4d1
--- /dev/null
+++ b/config/makefile.post
@@ -0,0 +1,19 @@
+
+ifneq ($(MAKECMDGOALS), clean)
+ifndef CONFIG_PLATFORM_WIN32
+ifndef CONFIG_PLATFORM_SOLARIS
+# do dependencies
+-include .depend
+all : .depend 
+.depend: $(wildcard *.c)
+	@$(CC) $(CFLAGS) -MM $^ > $@
+endif   # 'not' solaris
+endif   # 'not' win32
+
+ifdef CONFIG_PLATFORM_WIN32
+OBJ:=$(OBJ:.o=.obj)
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+endif   # win32
+
+endif   # end of 'not' clean
diff --git a/config/scripts/config/Kconfig-language.txt b/config/scripts/config/Kconfig-language.txt
new file mode 100644
index 0000000000..493749b32a
--- /dev/null
+++ b/config/scripts/config/Kconfig-language.txt
@@ -0,0 +1,255 @@
+Introduction
+------------
+
+The configuration database is collection of configuration options
+organized in a tree structure:
+
+	+- Code maturity level options
+	|  +- Prompt for development and/or incomplete code/drivers
+	+- General setup
+	|  +- Networking support
+	|  +- System V IPC
+	|  +- BSD Process Accounting
+	|  +- Sysctl support
+	+- Loadable module support
+	|  +- Enable loadable module support
+	|     +- Set version information on all module symbols
+	|     +- Kernel module loader
+	+- ...
+
+Every entry has its own dependencies. These dependencies are used
+to determine the visible of an entry. Any child entry is only
+visible if its parent entry is also visible.
+
+Menu entries
+------------
+
+Most entries define a config option, all other entries help to organize
+them. A single configuration option is defined like this:
+
+config MODVERSIONS
+	bool "Set version information on all module symbols"
+	depends MODULES
+	help
+	  Usually, modules have to be recompiled whenever you switch to a new
+	  kernel.  ...
+
+Every line starts with a key word and can be followed by multiple
+arguments.  "config" starts a new config entry. The following lines
+define attributes for this config option. Attributes can be the type of
+the config option, input prompt, dependencies, help text and default
+values. A config option can be defined multiple times with the same
+name, but every definition can have only a single input prompt and the
+type must not conflict.
+
+Menu attributes
+---------------
+
+A menu entry can have a number of attributes. Not all of them are
+applicable everywhere (see syntax).
+
+- type definition: "bool"/"tristate"/"string"/"hex"/"integer"
+  Every config option must have a type. There are only two basic types:
+  tristate and string, the other types base on these two. The type
+  definition optionally accepts an input prompt, so these two examples
+  are equivalent:
+
+	bool "Networking support"
+  and
+	bool
+	prompt "Networking support"
+
+- input prompt: "prompt" <prompt> ["if" <expr>]
+  Every menu entry can have at most one prompt, which is used to display
+  to the user. Optionally dependencies only for this prompt can be added
+  with "if".
+
+- default value: "default" <symbol> ["if" <expr>]
+  A config option can have any number of default values. If multiple
+  default values are visible, only the first defined one is active.
+  Default values are not limited to the menu entry, where they are
+  defined, this means the default can be defined somewhere else or be
+  overriden by an earlier definition.
+  The default value is only assigned to the config symbol if no other
+  value was set by the user (via the input prompt above). If an input
+  prompt is visible the default value is presented to the user and can
+  be overridden by him.
+  Optionally dependencies only for this default value can be added with
+  "if".
+
+- dependencies: "depends on"/"requires" <expr>
+  This defines a dependency for this menu entry. If multiple
+  dependencies are defined they are connected with '&&'. Dependencies
+  are applied to all other options within this menu entry (which also
+  accept "if" expression), so these two examples are equivalent:
+
+	bool "foo" if BAR
+	default y if BAR
+  and
+	depends on BAR
+	bool "foo"
+	default y
+
+- help text: "help"
+  This defines a help text. The end of the help text is determined by
+  the level indentation, this means it ends at the first line which has
+  a smaller indentation than the first line of the help text.
+
+
+Menu dependencies
+-----------------
+
+Dependencies define the visibility of a menu entry and can also reduce
+the input range of tristate symbols. The tristate logic used in the
+expressions uses one more state than normal boolean logic to express the
+module state. Dependency expressions have the following syntax:
+
+<expr> ::= <symbol>                             (1)
+           <symbol> '=' <symbol>                (2)
+           <symbol> '!=' <symbol>               (3)
+           '(' <expr> ')'                       (4)
+           '!' <expr>                           (5)
+           <expr> '||' <expr>                   (6)
+           <expr> '&&' <expr>                   (7)
+
+Expressions are listed in decreasing order of precedence.
+
+(1) Convert the symbol into an expression. Boolean and tristate symbols
+    are simply converted into the respective expression values. All
+    other symbol types result in 'n'.
+(2) If the values of both symbols are equal, it returns 'y',
+    otherwise 'n'.
+(3) If the values of both symbols are equal, it returns 'n',
+    otherwise 'y'.
+(4) Returns the value of the expression. Used to override precedence.
+(5) Returns the result of (2-/expr/).
+(6) Returns the result of min(/expr/, /expr/).
+(7) Returns the result of max(/expr/, /expr/).
+
+An expression can have a value of 'n', 'm' or 'y' (or 0, 1, 2
+respectively for calculations). A menu entry becomes visible when it's
+expression evaluates to 'm' or 'y'.
+
+There are two type of symbols: constant and nonconstant symbols.
+Nonconstant symbols are the most common ones and are defined with the
+'config' statement. Nonconstant symbols consist entirely of alphanumeric
+characters or underscores.
+Constant symbols are only part of expressions. Constant symbols are
+always surrounded by single or double quotes. Within the quote any
+other character is allowed and the quotes can be escaped using '\'.
+
+Menu structure
+--------------
+
+The position of a menu entry in the tree is determined in two ways. First
+it can be specified explicitely:
+
+menu "Network device support"
+	depends NET
+
+config NETDEVICES
+	...
+
+endmenu
+
+All entries within the "menu" ... "endmenu" block become a submenu of
+"Network device support". All subentries inherit the dependencies from
+the menu entry, e.g. this means the dependency "NET" is added to the
+dependency list of the config option NETDEVICES.
+
+The other way to generate the menu structure is done by analyzing the
+dependencies. If a menu entry somehow depends on the previous entry, it
+can be made a submenu of it. First the the previous (parent) symbol must
+be part of the dependency list and then one of these two condititions
+must be true:
+- the child entry must become invisible, if the parent is set to 'n'
+- the child entry must only be visible, if the parent is visible
+
+config MODULES
+	bool "Enable loadable module support"
+
+config MODVERSIONS
+	bool "Set version information on all module symbols"
+	depends MODULES
+
+comment "module support disabled"
+	depends !MODULES
+
+MODVERSIONS directly depends on MODULES, this means it's only visible if
+MODULES is different from 'n'. The comment on the other hand is always
+visible when MODULES it's visible (the (empty) dependency of MODULES is
+also part of the comment dependencies).
+
+
+Kconfig syntax
+--------------
+
+The configuration file describes a series of menu entries, where every
+line starts with a keyword (except help texts). The following keywords
+end a menu entry:
+- config
+- choice/endchoice
+- comment
+- menu/endmenu
+- if/endif
+- source
+The first four also start the definition of a menu entry.
+
+config:
+
+	"config" <symbol>
+	<config options>
+
+This defines a config symbol <symbol> and accepts any of above
+attributes as options.
+
+choices:
+
+	"choice"
+	<choice options>
+	<choice block>
+	"endchoice"
+
+This defines a choice group and accepts any of above attributes as
+options. A choice can only be of type bool or tristate, while a boolean
+choice only allows a single config entry to be selected, a tristate
+choice also allows any number of config entries to be set to 'm'. This
+can be used if multiple drivers for a single hardware exists and only a
+single driver can be compiled/loaded into the kernel, but all drivers
+can be compiled as modules.
+A choice accepts another option "optional", which allows to set the
+choice to 'n' and no entry needs to be selected.
+
+comment:
+
+	"comment" <prompt>
+	<comment options>
+
+This defines a comment which is displayed to the user during the
+configuration process and is also echoed to the output files. The only
+possible options are dependencies.
+
+menu:
+
+	"menu" <prompt>
+	<menu options>
+	<menu block>
+	"endmenu"
+
+This defines a menu block, see "Menu structure" above for more
+information. The only possible options are dependencies.
+
+if:
+
+	"if" <expr>
+	<if block>
+	"endif"
+
+This defines an if block. The dependency expression <expr> is appended
+to all enclosed menu entries.
+
+source:
+
+	"source" <prompt>
+
+This reads the specified configuration file. This file is always parsed.
diff --git a/config/scripts/config/Makefile b/config/scripts/config/Makefile
new file mode 100644
index 0000000000..739950163b
--- /dev/null
+++ b/config/scripts/config/Makefile
@@ -0,0 +1,121 @@
+# Makefile for axTLS
+#
+# Copyright (C) 2002 Erik Andersen <andersen@codepoet.org>
+
+top_srcdir=../..
+top_builddir=../..
+srcdir=$(top_srcdir)/scripts/config
+include $(top_srcdir)/Rules.mak
+
+all: ncurses conf mconf
+
+ifeq ($(shell uname),SunOS)
+LIBS = -lcurses
+else
+LIBS = -lncurses
+endif
+ifeq (/usr/include/ncurses/ncurses.h, $(wildcard /usr/include/ncurses/ncurses.h))
+	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses.h>"
+else
+ifeq (/usr/include/ncurses/curses.h, $(wildcard /usr/include/ncurses/curses.h))
+	HOSTNCURSES += -I/usr/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
+else
+ifeq (/usr/local/include/ncurses/ncurses.h, $(wildcard /usr/local/include/ncurses/ncurses.h))
+	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses.h>"
+else
+ifeq (/usr/local/include/ncurses/curses.h, $(wildcard /usr/local/include/ncurses/curses.h))
+	HOSTCFLAGS += -I/usr/local/include/ncurses -DCURSES_LOC="<ncurses/curses.h>"
+else
+ifeq (/usr/include/ncurses.h, $(wildcard /usr/include/ncurses.h))
+	HOSTNCURSES += -DCURSES_LOC="<ncurses.h>"
+else
+	HOSTNCURSES += -DCURSES_LOC="<curses.h>"
+endif
+endif
+endif
+endif
+endif
+
+CONF_SRC     = conf.c
+MCONF_SRC    = mconf.c
+LXD_SRC      = lxdialog/checklist.c lxdialog/menubox.c lxdialog/textbox.c \
+               lxdialog/yesno.c lxdialog/inputbox.c lxdialog/util.c \
+               lxdialog/msgbox.c
+
+SHARED_SRC   = zconf.tab.c
+SHARED_DEPS := $(srcdir)/lkc.h $(srcdir)/lkc_proto.h \
+               lkc_defs.h $(srcdir)/expr.h zconf.tab.h
+CONF_OBJS    = $(patsubst %.c,%.o, $(CONF_SRC))
+MCONF_OBJS   = $(patsubst %.c,%.o, $(MCONF_SRC) $(LXD_SRC))
+SHARED_OBJS  = $(patsubst %.c,%.o, $(SHARED_SRC))
+
+conf: $(CONF_OBJS) $(SHARED_OBJS)
+	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@
+
+mconf: $(MCONF_OBJS) $(SHARED_OBJS)
+	$(HOSTCC) $(NATIVE_LDFLAGS) $^ -o $@ $(LIBS)
+
+$(CONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I. -c $< -o $@
+
+$(MCONF_OBJS): %.o : $(srcdir)/%.c $(SHARED_DEPS)
+	@[ -d $(@D) ] || mkdir -v $(@D)
+	$(HOSTCC) $(HOSTCFLAGS) $(HOSTNCURSES) -I. -c $< -o $@
+
+lkc_defs.h: $(srcdir)/lkc_proto.h
+	@sed < $< > $@ 's/P(\([^,]*\),.*/#define \1 (\*\1_p)/'
+
+###
+# The following requires flex/bison
+# By default we use the _shipped versions, uncomment the
+# following line if you are modifying the flex/bison src.
+#LKC_GENPARSER := 1
+
+ifdef LKC_GENPARSER
+
+%.tab.c %.tab.h: $(srcdir)/%.y
+	bison -t -d -v -b $* -p $(notdir $*) $<
+
+lex.%.c: $(srcdir)/%.l
+	flex -P$(notdir $*) -o$@ $<
+else
+
+lex.zconf.o: lex.zconf.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -c $< -o $@
+
+lex.zconf.c: $(srcdir)/lex.zconf.c_shipped
+	cp $< $@
+
+zconf.tab.c: $(srcdir)/zconf.tab.c_shipped
+	cp $< $@
+
+zconf.tab.h: $(srcdir)/zconf.tab.h_shipped
+	cp $< $@
+endif
+
+zconf.tab.o: zconf.tab.c lex.zconf.c $(srcdir)/confdata.c $(srcdir)/expr.c \
+             $(srcdir)/symbol.c $(srcdir)/menu.c $(SHARED_DEPS)
+	$(HOSTCC) $(HOSTCFLAGS) -I$(srcdir) -I. -c $< -o $@
+
+.PHONY: ncurses
+
+ncurses:
+	@echo "main() {}" > lxtemp.c
+	@if $(HOSTCC) lxtemp.c $(LIBS) ; then \
+		rm -f lxtemp.c a.out; \
+	else \
+		rm -f lxtemp.c; \
+		echo -e "\007" ;\
+		echo ">> Unable to find the Ncurses libraries." ;\
+		echo ">>" ;\
+		echo ">> You must have Ncurses installed in order" ;\
+		echo ">> to use 'make menuconfig'" ;\
+		echo ;\
+		exit 1 ;\
+	fi
+
+clean:
+	rm -f *.o *~ ../../*~ core *.exe $(TARGETS) $(MCONF_OBJS) $(CONF_OBJS)
+	rm -f conf conf.exe mconf mconf.exe zconf.tab.c zconf.tab.h lex.zconf.c lkc_defs.h
+	rm -f ../..config.h
+
diff --git a/config/scripts/config/conf.c b/config/scripts/config/conf.c
new file mode 100644
index 0000000000..15244678e8
--- /dev/null
+++ b/config/scripts/config/conf.c
@@ -0,0 +1,583 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <time.h>
+#include <sys/stat.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+static void conf(struct menu *menu);
+static void check_conf(struct menu *menu);
+
+enum {
+	ask_all,
+	ask_new,
+	ask_silent,
+	set_default,
+	set_yes,
+	set_mod,
+	set_no,
+	set_random
+} input_mode = ask_all;
+char *defconfig_file;
+
+static int indent = 1;
+static int valid_stdin = 1;
+static int conf_cnt;
+static char line[128];
+static struct menu *rootEntry;
+
+static char nohelp_text[] = "Sorry, no help available for this option yet.\n";
+
+static void strip(char *str)
+{
+	char *p = str;
+	int l;
+
+	while ((isspace(*p)))
+		p++;
+	l = strlen(p);
+	if (p != str)
+		memmove(str, p, l + 1);
+	if (!l)
+		return;
+	p = str + l - 1;
+	while ((isspace(*p)))
+		*p-- = 0;
+}
+
+static void check_stdin(void)
+{
+	if (!valid_stdin && input_mode == ask_silent) {
+		printf("aborted!\n\n");
+		printf("Console input/output is redirected. ");
+		printf("Run 'make oldconfig' to update configuration.\n\n");
+		exit(1);
+	}
+}
+
+static void conf_askvalue(struct symbol *sym, const char *def)
+{
+	enum symbol_type type = sym_get_type(sym);
+	tristate val;
+
+	if (!sym_has_value(sym))
+		printf("(NEW) ");
+
+	line[0] = '\n';
+	line[1] = 0;
+
+	if (!sym_is_changable(sym)) {
+		printf("%s\n", def);
+		line[0] = '\n';
+		line[1] = 0;
+		return;
+	}
+
+	switch (input_mode) {
+	case ask_new:
+	case ask_silent:
+		if (sym_has_value(sym)) {
+			printf("%s\n", def);
+			return;
+		}
+		check_stdin();
+	case ask_all:
+		fflush(stdout);
+		fgets(line, 128, stdin);
+		return;
+	case set_default:
+		printf("%s\n", def);
+		return;
+	default:
+		break;
+	}
+
+	switch (type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		printf("%s\n", def);
+		return;
+	default:
+		;
+	}
+	switch (input_mode) {
+	case set_yes:
+		if (sym_tristate_within_range(sym, yes)) {
+			line[0] = 'y';
+			line[1] = '\n';
+			line[2] = 0;
+			break;
+		}
+	case set_mod:
+		if (type == S_TRISTATE) {
+			if (sym_tristate_within_range(sym, mod)) {
+				line[0] = 'm';
+				line[1] = '\n';
+				line[2] = 0;
+				break;
+			}
+		} else {
+			if (sym_tristate_within_range(sym, yes)) {
+				line[0] = 'y';
+				line[1] = '\n';
+				line[2] = 0;
+				break;
+			}
+		}
+	case set_no:
+		if (sym_tristate_within_range(sym, no)) {
+			line[0] = 'n';
+			line[1] = '\n';
+			line[2] = 0;
+			break;
+		}
+	case set_random:
+		do {
+			val = (tristate)(random() % 3);
+		} while (!sym_tristate_within_range(sym, val));
+		switch (val) {
+		case no: line[0] = 'n'; break;
+		case mod: line[0] = 'm'; break;
+		case yes: line[0] = 'y'; break;
+		}
+		line[1] = '\n';
+		line[2] = 0;
+		break;
+	default:
+		break;
+	}
+	printf("%s", line);
+}
+
+int conf_string(struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	const char *def, *help;
+
+	while (1) {
+		printf("%*s%s ", indent - 1, "", menu->prompt->text);
+		printf("(%s) ", sym->name);
+		def = sym_get_string_value(sym);
+		if (sym_get_string_value(sym))
+			printf("[%s] ", def);
+		conf_askvalue(sym, def);
+		switch (line[0]) {
+		case '\n':
+			break;
+		case '?':
+			/* print help */
+			if (line[1] == '\n') {
+				help = nohelp_text;
+				if (menu->sym->help)
+					help = menu->sym->help;
+				printf("\n%s\n", menu->sym->help);
+				def = NULL;
+				break;
+			}
+		default:
+			line[strlen(line)-1] = 0;
+			def = line;
+		}
+		if (def && sym_set_string_value(sym, def))
+			return 0;
+	}
+}
+
+static int conf_sym(struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	int type;
+	tristate oldval, newval;
+	const char *help;
+
+	while (1) {
+		printf("%*s%s ", indent - 1, "", menu->prompt->text);
+		if (sym->name)
+			printf("(%s) ", sym->name);
+		type = sym_get_type(sym);
+		putchar('[');
+		oldval = sym_get_tristate_value(sym);
+		switch (oldval) {
+		case no:
+			putchar('N');
+			break;
+		case mod:
+			putchar('M');
+			break;
+		case yes:
+			putchar('Y');
+			break;
+		}
+		if (oldval != no && sym_tristate_within_range(sym, no))
+			printf("/n");
+		if (oldval != mod && sym_tristate_within_range(sym, mod))
+			printf("/m");
+		if (oldval != yes && sym_tristate_within_range(sym, yes))
+			printf("/y");
+		if (sym->help)
+			printf("/?");
+		printf("] ");
+		conf_askvalue(sym, sym_get_string_value(sym));
+		strip(line);
+
+		switch (line[0]) {
+		case 'n':
+		case 'N':
+			newval = no;
+			if (!line[1] || !strcmp(&line[1], "o"))
+				break;
+			continue;
+		case 'm':
+		case 'M':
+			newval = mod;
+			if (!line[1])
+				break;
+			continue;
+		case 'y':
+		case 'Y':
+			newval = yes;
+			if (!line[1] || !strcmp(&line[1], "es"))
+				break;
+			continue;
+		case 0:
+			newval = oldval;
+			break;
+		case '?':
+			goto help;
+		default:
+			continue;
+		}
+		if (sym_set_tristate_value(sym, newval))
+			return 0;
+help:
+		help = nohelp_text;
+		if (sym->help)
+			help = sym->help;
+		printf("\n%s\n", help);
+	}
+}
+
+static int conf_choice(struct menu *menu)
+{
+	struct symbol *sym, *def_sym;
+	struct menu *child;
+	int type;
+	bool is_new;
+
+	sym = menu->sym;
+	type = sym_get_type(sym);
+	is_new = !sym_has_value(sym);
+	if (sym_is_changable(sym)) {
+		conf_sym(menu);
+		sym_calc_value(sym);
+		switch (sym_get_tristate_value(sym)) {
+		case no:
+			return 1;
+		case mod:
+			return 0;
+		case yes:
+			break;
+		}
+	} else {
+		switch (sym_get_tristate_value(sym)) {
+		case no:
+			return 1;
+		case mod:
+			printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
+			return 0;
+		case yes:
+			break;
+		}
+	}
+
+	while (1) {
+		int cnt, def;
+
+		printf("%*s%s\n", indent - 1, "", menu_get_prompt(menu));
+		def_sym = sym_get_choice_value(sym);
+		cnt = def = 0;
+		line[0] = '0';
+		line[1] = 0;
+		for (child = menu->list; child; child = child->next) {
+			if (!menu_is_visible(child))
+				continue;
+			if (!child->sym) {
+				printf("%*c %s\n", indent, '*', menu_get_prompt(child));
+				continue;
+			}
+			cnt++;
+			if (child->sym == def_sym) {
+				def = cnt;
+				printf("%*c", indent, '>');
+			} else
+				printf("%*c", indent, ' ');
+			printf(" %d. %s", cnt, menu_get_prompt(child));
+			if (child->sym->name)
+				printf(" (%s)", child->sym->name);
+			if (!sym_has_value(child->sym))
+				printf(" (NEW)");
+			printf("\n");
+		}
+		printf("%*schoice", indent - 1, "");
+		if (cnt == 1) {
+			printf("[1]: 1\n");
+			goto conf_childs;
+		}
+		printf("[1-%d", cnt);
+		if (sym->help)
+			printf("?");
+		printf("]: ");
+		switch (input_mode) {
+		case ask_new:
+		case ask_silent:
+			if (!is_new) {
+				cnt = def;
+				printf("%d\n", cnt);
+				break;
+			}
+			check_stdin();
+		case ask_all:
+			fflush(stdout);
+			fgets(line, 128, stdin);
+			strip(line);
+			if (line[0] == '?') {
+				printf("\n%s\n", menu->sym->help ?
+					menu->sym->help : nohelp_text);
+				continue;
+			}
+			if (!line[0])
+				cnt = def;
+			else if (isdigit(line[0]))
+				cnt = atoi(line);
+			else
+				continue;
+			break;
+		case set_random:
+			def = (random() % cnt) + 1;
+		case set_default:
+		case set_yes:
+		case set_mod:
+		case set_no:
+			cnt = def;
+			printf("%d\n", cnt);
+			break;
+		}
+
+	conf_childs:
+		for (child = menu->list; child; child = child->next) {
+			if (!child->sym || !menu_is_visible(child))
+				continue;
+			if (!--cnt)
+				break;
+		}
+		if (!child)
+			continue;
+		if (line[strlen(line) - 1] == '?') {
+			printf("\n%s\n", child->sym->help ?
+				child->sym->help : nohelp_text);
+			continue;
+		}
+		sym_set_choice_value(sym, child->sym);
+		if (child->list) {
+			indent += 2;
+			conf(child->list);
+			indent -= 2;
+		}
+		return 1;
+	}
+}
+
+static void conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct property *prop;
+	struct menu *child;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	prop = menu->prompt;
+	if (prop) {
+		const char *prompt;
+
+		switch (prop->type) {
+		case P_MENU:
+			if (input_mode == ask_silent && rootEntry != menu) {
+				check_conf(menu);
+				return;
+			}
+		case P_COMMENT:
+			prompt = menu_get_prompt(menu);
+			if (prompt)
+				printf("%*c\n%*c %s\n%*c\n",
+					indent, '*',
+					indent, '*', prompt,
+					indent, '*');
+		default:
+			;
+		}
+	}
+
+	if (!sym)
+		goto conf_childs;
+
+	if (sym_is_choice(sym)) {
+		conf_choice(menu);
+		if (sym->curr.tri != mod)
+			return;
+		goto conf_childs;
+	}
+
+	switch (sym->type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		conf_string(menu);
+		break;
+	default:
+		conf_sym(menu);
+		break;
+	}
+
+conf_childs:
+	if (sym)
+		indent += 2;
+	for (child = menu->list; child; child = child->next)
+		conf(child);
+	if (sym)
+		indent -= 2;
+}
+
+static void check_conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct menu *child;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	if (sym) {
+		if (sym_is_changable(sym) && !sym_has_value(sym)) {
+			if (!conf_cnt++)
+				printf("*\n* Restart config...\n*\n");
+			rootEntry = menu_get_parent_menu(menu);
+			conf(rootEntry);
+		}
+		if (sym_is_choice(sym) && sym_get_tristate_value(sym) != mod)
+			return;
+	}
+
+	for (child = menu->list; child; child = child->next)
+		check_conf(child);
+}
+
+int main(int ac, char **av)
+{
+	int i = 1;
+	const char *name;
+	struct stat tmpstat;
+
+	if (ac > i && av[i][0] == '-') {
+		switch (av[i++][1]) {
+		case 'o':
+			input_mode = ask_new;
+			break;
+		case 's':
+			input_mode = ask_silent;
+			valid_stdin = isatty(0) && isatty(1) && isatty(2);
+			break;
+		case 'd':
+			input_mode = set_default;
+			break;
+		case 'D':
+			input_mode = set_default;
+			defconfig_file = av[i++];
+			if (!defconfig_file) {
+				printf("%s: No default config file specified\n",
+					av[0]);
+				exit(1);
+			}
+			break;
+		case 'n':
+			input_mode = set_no;
+			break;
+		case 'm':
+			input_mode = set_mod;
+			break;
+		case 'y':
+			input_mode = set_yes;
+			break;
+		case 'r':
+			input_mode = set_random;
+			srandom(time(NULL));
+			break;
+		case 'h':
+		case '?':
+			printf("%s [-o|-s] config\n", av[0]);
+			exit(0);
+		}
+	}
+  	name = av[i];
+	if (!name) {
+		printf("%s: configuration file missing\n", av[0]);
+	}
+	conf_parse(name);
+	//zconfdump(stdout);
+	switch (input_mode) {
+	case set_default:
+		if (!defconfig_file)
+			defconfig_file = conf_get_default_confname();
+		if (conf_read(defconfig_file)) {
+			printf("***\n"
+				"*** Can't find default configuration \"%s\"!\n"
+				"***\n", defconfig_file);
+			exit(1);
+		}
+		break;
+	case ask_silent:
+		if (stat(".config", &tmpstat)) {
+			printf("***\n"
+				"*** You have not yet configured axTLS!\n"
+				"***\n"
+				"*** Please run some configurator (e.g. \"make oldconfig\" or\n"
+				"*** \"make menuconfig\" or \"make config\").\n"
+				"***\n");
+			exit(1);
+		}
+	case ask_all:
+	case ask_new:
+		conf_read(NULL);
+		break;
+	default:
+		break;
+	}
+
+	if (input_mode != ask_silent) {
+		rootEntry = &rootmenu;
+		conf(&rootmenu);
+		if (input_mode == ask_all) {
+			input_mode = ask_silent;
+			valid_stdin = 1;
+		}
+	}
+	do {
+		conf_cnt = 0;
+		check_conf(&rootmenu);
+	} while (conf_cnt);
+	if (conf_write(NULL)) {
+		fprintf(stderr, "\n*** Error during writing of the axTLS configuration.\n\n");
+		return 1;
+	}
+	return 0;
+}
diff --git a/config/scripts/config/confdata.c b/config/scripts/config/confdata.c
new file mode 100644
index 0000000000..a59e245508
--- /dev/null
+++ b/config/scripts/config/confdata.c
@@ -0,0 +1,458 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <sys/stat.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+const char conf_def_filename[] = "config/.config";
+
+const char conf_defname[] = "config/defconfig";
+
+const char *conf_confnames[] = {
+	"config/.config",
+	conf_defname,
+	NULL,
+};
+
+static char *conf_expand_value(const char *in)
+{
+	struct symbol *sym;
+	const char *src;
+	static char res_value[SYMBOL_MAXLENGTH];
+	char *dst, name[SYMBOL_MAXLENGTH];
+
+	res_value[0] = 0;
+	dst = name;
+	while ((src = strchr(in, '$'))) {
+		strncat(res_value, in, src - in);
+		src++;
+		dst = name;
+		while (isalnum(*src) || *src == '_')
+			*dst++ = *src++;
+		*dst = 0;
+		sym = sym_lookup(name, 0);
+		sym_calc_value(sym);
+		strcat(res_value, sym_get_string_value(sym));
+		in = src;
+	}
+	strcat(res_value, in);
+
+	return res_value;
+}
+
+char *conf_get_default_confname(void)
+{
+	struct stat buf;
+	static char fullname[PATH_MAX+1];
+	char *env, *name;
+
+	name = conf_expand_value(conf_defname);
+	env = getenv(SRCTREE);
+	if (env) {
+		sprintf(fullname, "%s/%s", env, name);
+		if (!stat(fullname, &buf))
+			return fullname;
+	}
+	return name;
+}
+
+int conf_read(const char *name)
+{
+	FILE *in = NULL;
+	char line[1024];
+	char *p, *p2;
+	int lineno = 0;
+	struct symbol *sym;
+	struct property *prop;
+	struct expr *e;
+	int i;
+
+	if (name) {
+		in = zconf_fopen(name);
+	} else {
+		const char **names = conf_confnames;
+		while ((name = *names++)) {
+			name = conf_expand_value(name);
+			in = zconf_fopen(name);
+			if (in) {
+				printf("#\n"
+				       "# using defaults found in %s\n"
+				       "#\n", name);
+				break;
+			}
+		}
+	}
+
+	if (!in)
+		return 1;
+
+	for_all_symbols(i, sym) {
+		sym->flags |= SYMBOL_NEW | SYMBOL_CHANGED;
+		sym->flags &= ~SYMBOL_VALID;
+		switch (sym->type) {
+		case S_INT:
+		case S_HEX:
+		case S_STRING:
+			if (sym->user.val)
+				free(sym->user.val);
+		default:
+			sym->user.val = NULL;
+			sym->user.tri = no;
+		}
+	}
+
+	while (fgets(line, sizeof(line), in)) {
+		lineno++;
+		sym = NULL;
+		switch (line[0]) {
+		case '#':
+			if (line[1]!=' ')
+				continue;
+			p = strchr(line + 2, ' ');
+			if (!p)
+				continue;
+			*p++ = 0;
+			if (strncmp(p, "is not set", 10))
+				continue;
+			sym = sym_find(line + 2);
+			if (!sym) {
+				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line + 2);
+				break;
+			}
+			switch (sym->type) {
+			case S_BOOLEAN:
+			case S_TRISTATE:
+				sym->user.tri = no;
+				sym->flags &= ~SYMBOL_NEW;
+				break;
+			default:
+				;
+			}
+			break;
+
+		case 'A' ... 'Z':
+			p = strchr(line, '=');
+			if (!p)
+				continue;
+			*p++ = 0;
+			p2 = strchr(p, '\n');
+			if (p2)
+				*p2 = 0;
+			sym = sym_find(line);
+			if (!sym) {
+				fprintf(stderr, "%s:%d: trying to assign nonexistent symbol %s\n", name, lineno, line);
+				break;
+			}
+			switch (sym->type) {
+			case S_TRISTATE:
+				if (p[0] == 'm') {
+					sym->user.tri = mod;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+			case S_BOOLEAN:
+				if (p[0] == 'y') {
+					sym->user.tri = yes;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+				if (p[0] == 'n') {
+					sym->user.tri = no;
+					sym->flags &= ~SYMBOL_NEW;
+					break;
+				}
+				break;
+			case S_STRING:
+				if (*p++ != '"')
+					break;
+				for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) {
+					if (*p2 == '"') {
+						*p2 = 0;
+						break;
+					}
+					memmove(p2, p2 + 1, strlen(p2));
+				}
+				if (!p2) {
+					fprintf(stderr, "%s:%d: invalid string found\n", name, lineno);
+					exit(1);
+				}
+			case S_INT:
+			case S_HEX:
+				if (sym_string_valid(sym, p)) {
+					sym->user.val = strdup(p);
+					sym->flags &= ~SYMBOL_NEW;
+				} else {
+					fprintf(stderr, "%s:%d: symbol value '%s' invalid for %s\n", name, lineno, p, sym->name);
+					exit(1);
+				}
+				break;
+			default:
+				;
+			}
+			break;
+		case '\n':
+			break;
+		default:
+			continue;
+		}
+		if (sym && sym_is_choice_value(sym)) {
+			struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
+			switch (sym->user.tri) {
+			case no:
+				break;
+			case mod:
+				if (cs->user.tri == yes)
+					/* warn? */;
+				break;
+			case yes:
+				if (cs->user.tri != no)
+					/* warn? */;
+				cs->user.val = sym;
+				break;
+			}
+			cs->user.tri = E_OR(cs->user.tri, sym->user.tri);
+			cs->flags &= ~SYMBOL_NEW;
+		}
+	}
+	fclose(in);
+
+	if (modules_sym)
+		sym_calc_value(modules_sym);
+	for_all_symbols(i, sym) {
+		sym_calc_value(sym);
+		if (sym_has_value(sym) && !sym_is_choice_value(sym)) {
+			if (sym->visible == no)
+				sym->flags |= SYMBOL_NEW;
+			switch (sym->type) {
+			case S_STRING:
+			case S_INT:
+			case S_HEX:
+				if (!sym_string_within_range(sym, sym->user.val))
+					sym->flags |= SYMBOL_NEW;
+			default:
+				break;
+			}
+		}
+		if (!sym_is_choice(sym))
+			continue;
+		prop = sym_get_choice_prop(sym);
+		for (e = prop->expr; e; e = e->left.expr)
+			if (e->right.sym->visible != no)
+				sym->flags |= e->right.sym->flags & SYMBOL_NEW;
+	}
+
+	sym_change_count = 1;
+
+	return 0;
+}
+
+struct menu *next_menu(struct menu *menu)
+{
+	if (menu->list) return menu->list;
+	do {
+		if (menu->next) {
+			menu = menu->next;
+			break;
+		}
+	} while ((menu = menu->parent));
+	
+	return menu;
+}
+
+#define SYMBOL_FORCEWRITE (1<<31)
+
+int conf_write(const char *name)
+{
+	FILE *out, *out_h;
+	struct symbol *sym;
+	struct menu *menu;
+	const char *basename;
+	char dirname[128], tmpname[128], newname[128];
+	int type, l;
+	const char *str;
+
+	dirname[0] = 0;
+	if (name && name[0]) {
+		struct stat st;
+		char *slash;
+
+		if (!stat(name, &st) && S_ISDIR(st.st_mode)) {
+			strcpy(dirname, name);
+			strcat(dirname, "/");
+			basename = conf_def_filename;
+		} else if ((slash = strrchr(name, '/'))) {
+			int size = slash - name + 1;
+			memcpy(dirname, name, size);
+			dirname[size] = 0;
+			if (slash[1])
+				basename = slash + 1;
+			else
+				basename = conf_def_filename;
+		} else
+			basename = name;
+	} else
+		basename = conf_def_filename;
+
+	sprintf(newname, "config/%s.tmpconfig.%d", dirname, (int)getpid());
+	out = fopen(newname, "w");
+	if (!out)
+		return 1;
+	out_h = NULL;
+	if (!name) {
+		out_h = fopen("config/.tmpconfig.h", "w");
+		if (!out_h)
+			return 1;
+	}
+	fprintf(out, "#\n"
+		     "# Automatically generated make config: don't edit\n"
+		     "#\n");
+	if (out_h) {
+		fprintf(out_h, "/*\n"
+			     " * Automatically generated header file: don't edit\n"
+			     " */\n\n");
+#if 0
+			     "/* Version Number */\n"
+			     "#define BB_VER \"%s\"\n"
+			     "#define BB_BT \"%s\"\n",
+			     getenv("VERSION"),
+			     getenv("BUILDTIME"));
+		if (getenv("EXTRA_VERSION"))
+			fprintf(out_h, "#define BB_EXTRA_VERSION \"%s\"\n",
+				     getenv("EXTRA_VERSION"));
+		fprintf(out_h, "\n");
+#endif
+	}
+
+	if (!sym_change_count)
+		sym_clear_all_valid();
+
+	/* Force write of all non-duplicate symbols. */
+
+	/* Write out everything by default. */
+	for(menu = rootmenu.list; menu; menu = next_menu(menu))
+		if (menu->sym) menu->sym->flags |= SYMBOL_FORCEWRITE;
+
+	menu = rootmenu.list;
+	while (menu) {
+		sym = menu->sym;
+		if (!sym) {
+			if (!menu_is_visible(menu))
+				goto next;
+			str = menu_get_prompt(menu);
+			fprintf(out, "\n"
+				     "#\n"
+				     "# %s\n"
+				     "#\n", str);
+			if (out_h)
+				fprintf(out_h, "\n"
+					       "/*\n"
+					       " * %s\n"
+					       " */\n", str);
+		} else if (!(sym->flags & SYMBOL_CHOICE)) {
+			sym_calc_value(sym);
+			if (!(sym->flags & SYMBOL_FORCEWRITE))
+				goto next;
+
+			sym->flags &= ~SYMBOL_FORCEWRITE;
+			type = sym->type;
+			if (type == S_TRISTATE) {
+				sym_calc_value(modules_sym);
+				if (modules_sym->curr.tri == no)
+					type = S_BOOLEAN;
+			}
+			switch (type) {
+			case S_BOOLEAN:
+			case S_TRISTATE:
+				switch (sym_get_tristate_value(sym)) {
+				case no:
+					fprintf(out, "# %s is not set\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#undef %s\n", sym->name);
+					break;
+				case mod:
+#if 0
+					fprintf(out, "%s=m\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#define %s_MODULE 1\n", sym->name);
+#endif
+					break;
+				case yes:
+					fprintf(out, "%s=y\n", sym->name);
+					if (out_h)
+						fprintf(out_h, "#define %s 1\n", sym->name);
+					break;
+				}
+				break;
+			case S_STRING:
+				// fix me
+				str = sym_get_string_value(sym);
+				fprintf(out, "%s=\"", sym->name);
+				if (out_h)
+					fprintf(out_h, "#define %s \"", sym->name);
+				do {
+					l = strcspn(str, "\"\\");
+					if (l) {
+						fwrite(str, l, 1, out);
+						if (out_h)
+							fwrite(str, l, 1, out_h);
+					}
+					str += l;
+					while (*str == '\\' || *str == '"') {
+						fprintf(out, "\\%c", *str);
+						if (out_h)
+							fprintf(out_h, "\\%c", *str);
+						str++;
+					}
+				} while (*str);
+				fputs("\"\n", out);
+				if (out_h)
+					fputs("\"\n", out_h);
+				break;
+			case S_HEX:
+				str = sym_get_string_value(sym);
+				if (str[0] != '0' || (str[1] != 'x' && str[1] != 'X')) {
+					fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
+					if (out_h)
+						fprintf(out_h, "#define %s 0x%s\n", sym->name, str);
+					break;
+				}
+			case S_INT:
+				str = sym_get_string_value(sym);
+				fprintf(out, "%s=%s\n", sym->name, *str ? str : "0");
+				if (out_h)
+					fprintf(out_h, "#define %s %s\n", sym->name, str);
+				break;
+			}
+		}
+next:
+		menu = next_menu(menu);
+	}
+	fclose(out);
+	if (out_h) {
+		fclose(out_h);
+		rename("config/.tmpconfig.h", "config/config.h");
+		file_write_dep(NULL);
+	}
+	if (!name || basename != conf_def_filename) {
+		if (!name)
+			name = conf_def_filename;
+		sprintf(tmpname, "%s.old", name);
+		rename(name, tmpname);
+	}
+	sprintf(tmpname, "%s%s", dirname, basename);
+	if (rename(newname, tmpname))
+		return 1;
+
+	sym_change_count = 0;
+
+	return 0;
+}
diff --git a/config/scripts/config/expr.c b/config/scripts/config/expr.c
new file mode 100644
index 0000000000..30e4f9d69c
--- /dev/null
+++ b/config/scripts/config/expr.c
@@ -0,0 +1,1099 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define DEBUG_EXPR	0
+
+struct expr *expr_alloc_symbol(struct symbol *sym)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = E_SYMBOL;
+	e->left.sym = sym;
+	return e;
+}
+
+struct expr *expr_alloc_one(enum expr_type type, struct expr *ce)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.expr = ce;
+	return e;
+}
+
+struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.expr = e1;
+	e->right.expr = e2;
+	return e;
+}
+
+struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2)
+{
+	struct expr *e = malloc(sizeof(*e));
+	memset(e, 0, sizeof(*e));
+	e->type = type;
+	e->left.sym = s1;
+	e->right.sym = s2;
+	return e;
+}
+
+struct expr *expr_alloc_and(struct expr *e1, struct expr *e2)
+{
+	if (!e1)
+		return e2;
+	return e2 ? expr_alloc_two(E_AND, e1, e2) : e1;
+}
+
+struct expr *expr_alloc_or(struct expr *e1, struct expr *e2)
+{
+	if (!e1)
+		return e2;
+	return e2 ? expr_alloc_two(E_OR, e1, e2) : e1;
+}
+
+struct expr *expr_copy(struct expr *org)
+{
+	struct expr *e;
+
+	if (!org)
+		return NULL;
+
+	e = malloc(sizeof(*org));
+	memcpy(e, org, sizeof(*org));
+	switch (org->type) {
+	case E_SYMBOL:
+		e->left = org->left;
+		break;
+	case E_NOT:
+		e->left.expr = expr_copy(org->left.expr);
+		break;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		e->left.sym = org->left.sym;
+		e->right.sym = org->right.sym;
+		break;
+	case E_AND:
+	case E_OR:
+	case E_CHOICE:
+		e->left.expr = expr_copy(org->left.expr);
+		e->right.expr = expr_copy(org->right.expr);
+		break;
+	default:
+		printf("can't copy type %d\n", e->type);
+		free(e);
+		e = NULL;
+		break;
+	}
+
+	return e;
+}
+
+void expr_free(struct expr *e)
+{
+	if (!e)
+		return;
+
+	switch (e->type) {
+	case E_SYMBOL:
+		break;
+	case E_NOT:
+		expr_free(e->left.expr);
+		return;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		break;
+	case E_OR:
+	case E_AND:
+		expr_free(e->left.expr);
+		expr_free(e->right.expr);
+		break;
+	default:
+		printf("how to free type %d?\n", e->type);
+		break;
+	}
+	free(e);
+}
+
+static int trans_count;
+
+#define e1 (*ep1)
+#define e2 (*ep2)
+
+static void __expr_eliminate_eq(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+	if (e1->type == type) {
+		__expr_eliminate_eq(type, &e1->left.expr, &e2);
+		__expr_eliminate_eq(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		__expr_eliminate_eq(type, &e1, &e2->left.expr);
+		__expr_eliminate_eq(type, &e1, &e2->right.expr);
+		return;
+	}
+	if (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
+	    e1->left.sym == e2->left.sym && (e1->left.sym->flags & (SYMBOL_YES|SYMBOL_NO)))
+		return;
+	if (!expr_eq(e1, e2))
+		return;
+	trans_count++;
+	expr_free(e1); expr_free(e2);
+	switch (type) {
+	case E_OR:
+		e1 = expr_alloc_symbol(&symbol_no);
+		e2 = expr_alloc_symbol(&symbol_no);
+		break;
+	case E_AND:
+		e1 = expr_alloc_symbol(&symbol_yes);
+		e2 = expr_alloc_symbol(&symbol_yes);
+		break;
+	default:
+		;
+	}
+}
+
+void expr_eliminate_eq(struct expr **ep1, struct expr **ep2)
+{
+	if (!e1 || !e2)
+		return;
+	switch (e1->type) {
+	case E_OR:
+	case E_AND:
+		__expr_eliminate_eq(e1->type, ep1, ep2);
+	default:
+		;
+	}
+	if (e1->type != e2->type) switch (e2->type) {
+	case E_OR:
+	case E_AND:
+		__expr_eliminate_eq(e2->type, ep1, ep2);
+	default:
+		;
+	}
+	e1 = expr_eliminate_yn(e1);
+	e2 = expr_eliminate_yn(e2);
+}
+
+#undef e1
+#undef e2
+
+int expr_eq(struct expr *e1, struct expr *e2)
+{
+	int res, old_count;
+
+	if (e1->type != e2->type)
+		return 0;
+	switch (e1->type) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+		return e1->left.sym == e2->left.sym && e1->right.sym == e2->right.sym;
+	case E_SYMBOL:
+		return e1->left.sym == e2->left.sym;
+	case E_NOT:
+		return expr_eq(e1->left.expr, e2->left.expr);
+	case E_AND:
+	case E_OR:
+		e1 = expr_copy(e1);
+		e2 = expr_copy(e2);
+		old_count = trans_count;
+		expr_eliminate_eq(&e1, &e2);
+		res = (e1->type == E_SYMBOL && e2->type == E_SYMBOL &&
+		       e1->left.sym == e2->left.sym);
+		expr_free(e1);
+		expr_free(e2);
+		trans_count = old_count;
+		return res;
+	case E_CHOICE:
+	case E_RANGE:
+	case E_NONE:
+		/* panic */;
+	}
+
+	if (DEBUG_EXPR) {
+		expr_fprint(e1, stdout);
+		printf(" = ");
+		expr_fprint(e2, stdout);
+		printf(" ?\n");
+	}
+
+	return 0;
+}
+
+struct expr *expr_eliminate_yn(struct expr *e)
+{
+	struct expr *tmp;
+
+	if (e) switch (e->type) {
+	case E_AND:
+		e->left.expr = expr_eliminate_yn(e->left.expr);
+		e->right.expr = expr_eliminate_yn(e->right.expr);
+		if (e->left.expr->type == E_SYMBOL) {
+			if (e->left.expr->left.sym == &symbol_no) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				e->right.expr = NULL;
+				return e;
+			} else if (e->left.expr->left.sym == &symbol_yes) {
+				free(e->left.expr);
+				tmp = e->right.expr;
+				*e = *(e->right.expr);
+				free(tmp);
+				return e;
+			}
+		}
+		if (e->right.expr->type == E_SYMBOL) {
+			if (e->right.expr->left.sym == &symbol_no) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				e->right.expr = NULL;
+				return e;
+			} else if (e->right.expr->left.sym == &symbol_yes) {
+				free(e->right.expr);
+				tmp = e->left.expr;
+				*e = *(e->left.expr);
+				free(tmp);
+				return e;
+			}
+		}
+		break;
+	case E_OR:
+		e->left.expr = expr_eliminate_yn(e->left.expr);
+		e->right.expr = expr_eliminate_yn(e->right.expr);
+		if (e->left.expr->type == E_SYMBOL) {
+			if (e->left.expr->left.sym == &symbol_no) {
+				free(e->left.expr);
+				tmp = e->right.expr;
+				*e = *(e->right.expr);
+				free(tmp);
+				return e;
+			} else if (e->left.expr->left.sym == &symbol_yes) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				e->right.expr = NULL;
+				return e;
+			}
+		}
+		if (e->right.expr->type == E_SYMBOL) {
+			if (e->right.expr->left.sym == &symbol_no) {
+				free(e->right.expr);
+				tmp = e->left.expr;
+				*e = *(e->left.expr);
+				free(tmp);
+				return e;
+			} else if (e->right.expr->left.sym == &symbol_yes) {
+				expr_free(e->left.expr);
+				expr_free(e->right.expr);
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				e->right.expr = NULL;
+				return e;
+			}
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+/*
+ * bool FOO!=n => FOO
+ */
+struct expr *expr_trans_bool(struct expr *e)
+{
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_AND:
+	case E_OR:
+	case E_NOT:
+		e->left.expr = expr_trans_bool(e->left.expr);
+		e->right.expr = expr_trans_bool(e->right.expr);
+		break;
+	case E_UNEQUAL:
+		// FOO!=n -> FOO
+		if (e->left.sym->type == S_TRISTATE) {
+			if (e->right.sym == &symbol_no) {
+				e->type = E_SYMBOL;
+				e->right.sym = NULL;
+			}
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+/*
+ * e1 || e2 -> ?
+ */
+struct expr *expr_join_or(struct expr *e1, struct expr *e2)
+{
+	struct expr *tmp;
+	struct symbol *sym1, *sym2;
+
+	if (expr_eq(e1, e2))
+		return expr_copy(e1);
+	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
+		return NULL;
+	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
+		return NULL;
+	if (e1->type == E_NOT) {
+		tmp = e1->left.expr;
+		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
+			return NULL;
+		sym1 = tmp->left.sym;
+	} else
+		sym1 = e1->left.sym;
+	if (e2->type == E_NOT) {
+		if (e2->left.expr->type != E_SYMBOL)
+			return NULL;
+		sym2 = e2->left.expr->left.sym;
+	} else
+		sym2 = e2->left.sym;
+	if (sym1 != sym2)
+		return NULL;
+	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
+		return NULL;
+	if (sym1->type == S_TRISTATE) {
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
+		     (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes))) {
+			// (a='y') || (a='m') -> (a!='n')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_no);
+		}
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
+		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes))) {
+			// (a='y') || (a='n') -> (a!='m')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_mod);
+		}
+		if (e1->type == E_EQUAL && e2->type == E_EQUAL &&
+		    ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
+		     (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod))) {
+			// (a='m') || (a='n') -> (a!='y')
+			return expr_alloc_comp(E_UNEQUAL, sym1, &symbol_yes);
+		}
+	}
+	if (sym1->type == S_BOOLEAN && sym1 == sym2) {
+		if ((e1->type == E_NOT && e1->left.expr->type == E_SYMBOL && e2->type == E_SYMBOL) ||
+		    (e2->type == E_NOT && e2->left.expr->type == E_SYMBOL && e1->type == E_SYMBOL))
+			return expr_alloc_symbol(&symbol_yes);
+	}
+
+	if (DEBUG_EXPR) {
+		printf("optimize (");
+		expr_fprint(e1, stdout);
+		printf(") || (");
+		expr_fprint(e2, stdout);
+		printf(")?\n");
+	}
+	return NULL;
+}
+
+struct expr *expr_join_and(struct expr *e1, struct expr *e2)
+{
+	struct expr *tmp;
+	struct symbol *sym1, *sym2;
+
+	if (expr_eq(e1, e2))
+		return expr_copy(e1);
+	if (e1->type != E_EQUAL && e1->type != E_UNEQUAL && e1->type != E_SYMBOL && e1->type != E_NOT)
+		return NULL;
+	if (e2->type != E_EQUAL && e2->type != E_UNEQUAL && e2->type != E_SYMBOL && e2->type != E_NOT)
+		return NULL;
+	if (e1->type == E_NOT) {
+		tmp = e1->left.expr;
+		if (tmp->type != E_EQUAL && tmp->type != E_UNEQUAL && tmp->type != E_SYMBOL)
+			return NULL;
+		sym1 = tmp->left.sym;
+	} else
+		sym1 = e1->left.sym;
+	if (e2->type == E_NOT) {
+		if (e2->left.expr->type != E_SYMBOL)
+			return NULL;
+		sym2 = e2->left.expr->left.sym;
+	} else
+		sym2 = e2->left.sym;
+	if (sym1 != sym2)
+		return NULL;
+	if (sym1->type != S_BOOLEAN && sym1->type != S_TRISTATE)
+		return NULL;
+
+	if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_yes) ||
+	    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_yes))
+		// (a) && (a='y') -> (a='y')
+		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_no) ||
+	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_no))
+		// (a) && (a!='n') -> (a)
+		return expr_alloc_symbol(sym1);
+
+	if ((e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_mod) ||
+	    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_mod))
+		// (a) && (a!='m') -> (a='y')
+		return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+	if (sym1->type == S_TRISTATE) {
+		if (e1->type == E_EQUAL && e2->type == E_UNEQUAL) {
+			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
+			sym2 = e1->right.sym;
+			if ((e2->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
+				return sym2 != e2->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
+							     : expr_alloc_symbol(&symbol_no);
+		}
+		if (e1->type == E_UNEQUAL && e2->type == E_EQUAL) {
+			// (a='b') && (a!='c') -> 'b'='c' ? 'n' : a='b'
+			sym2 = e2->right.sym;
+			if ((e1->right.sym->flags & SYMBOL_CONST) && (sym2->flags & SYMBOL_CONST))
+				return sym2 != e1->right.sym ? expr_alloc_comp(E_EQUAL, sym1, sym2)
+							     : expr_alloc_symbol(&symbol_no);
+		}
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_no) ||
+			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_yes)))
+			// (a!='y') && (a!='n') -> (a='m')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_mod);
+
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_yes && e2->right.sym == &symbol_mod) ||
+			    (e1->right.sym == &symbol_mod && e2->right.sym == &symbol_yes)))
+			// (a!='y') && (a!='m') -> (a='n')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_no);
+
+		if (e1->type == E_UNEQUAL && e2->type == E_UNEQUAL &&
+			   ((e1->right.sym == &symbol_mod && e2->right.sym == &symbol_no) ||
+			    (e1->right.sym == &symbol_no && e2->right.sym == &symbol_mod)))
+			// (a!='m') && (a!='n') -> (a='m')
+			return expr_alloc_comp(E_EQUAL, sym1, &symbol_yes);
+
+		if ((e1->type == E_SYMBOL && e2->type == E_EQUAL && e2->right.sym == &symbol_mod) ||
+		    (e2->type == E_SYMBOL && e1->type == E_EQUAL && e1->right.sym == &symbol_mod) ||
+		    (e1->type == E_SYMBOL && e2->type == E_UNEQUAL && e2->right.sym == &symbol_yes) ||
+		    (e2->type == E_SYMBOL && e1->type == E_UNEQUAL && e1->right.sym == &symbol_yes))
+			return NULL;
+	}
+
+	if (DEBUG_EXPR) {
+		printf("optimize (");
+		expr_fprint(e1, stdout);
+		printf(") && (");
+		expr_fprint(e2, stdout);
+		printf(")?\n");
+	}
+	return NULL;
+}
+
+static void expr_eliminate_dups1(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	struct expr *tmp;
+
+	if (e1->type == type) {
+		expr_eliminate_dups1(type, &e1->left.expr, &e2);
+		expr_eliminate_dups1(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_eliminate_dups1(type, &e1, &e2->left.expr);
+		expr_eliminate_dups1(type, &e1, &e2->right.expr);
+		return;
+	}
+	if (e1 == e2)
+		return;
+
+	switch (e1->type) {
+	case E_OR: case E_AND:
+		expr_eliminate_dups1(e1->type, &e1, &e1);
+	default:
+		;
+	}
+
+	switch (type) {
+	case E_OR:
+		tmp = expr_join_or(e1, e2);
+		if (tmp) {
+			expr_free(e1); expr_free(e2);
+			e1 = expr_alloc_symbol(&symbol_no);
+			e2 = tmp;
+			trans_count++;
+		}
+		break;
+	case E_AND:
+		tmp = expr_join_and(e1, e2);
+		if (tmp) {
+			expr_free(e1); expr_free(e2);
+			e1 = expr_alloc_symbol(&symbol_yes);
+			e2 = tmp;
+			trans_count++;
+		}
+		break;
+	default:
+		;
+	}
+#undef e1
+#undef e2
+}
+
+static void expr_eliminate_dups2(enum expr_type type, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	struct expr *tmp, *tmp1, *tmp2;
+
+	if (e1->type == type) {
+		expr_eliminate_dups2(type, &e1->left.expr, &e2);
+		expr_eliminate_dups2(type, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_eliminate_dups2(type, &e1, &e2->left.expr);
+		expr_eliminate_dups2(type, &e1, &e2->right.expr);
+	}
+	if (e1 == e2)
+		return;
+
+	switch (e1->type) {
+	case E_OR:
+		expr_eliminate_dups2(e1->type, &e1, &e1);
+		// (FOO || BAR) && (!FOO && !BAR) -> n
+		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
+		tmp2 = expr_copy(e2);
+		tmp = expr_extract_eq_and(&tmp1, &tmp2);
+		if (expr_is_yes(tmp1)) {
+			expr_free(e1);
+			e1 = expr_alloc_symbol(&symbol_no);
+			trans_count++;
+		}
+		expr_free(tmp2);
+		expr_free(tmp1);
+		expr_free(tmp);
+		break;
+	case E_AND:
+		expr_eliminate_dups2(e1->type, &e1, &e1);
+		// (FOO && BAR) || (!FOO || !BAR) -> y
+		tmp1 = expr_transform(expr_alloc_one(E_NOT, expr_copy(e1)));
+		tmp2 = expr_copy(e2);
+		tmp = expr_extract_eq_or(&tmp1, &tmp2);
+		if (expr_is_no(tmp1)) {
+			expr_free(e1);
+			e1 = expr_alloc_symbol(&symbol_yes);
+			trans_count++;
+		}
+		expr_free(tmp2);
+		expr_free(tmp1);
+		expr_free(tmp);
+		break;
+	default:
+		;
+	}
+#undef e1
+#undef e2
+}
+
+struct expr *expr_eliminate_dups(struct expr *e)
+{
+	int oldcount;
+	if (!e)
+		return e;
+
+	oldcount = trans_count;
+	while (1) {
+		trans_count = 0;
+		switch (e->type) {
+		case E_OR: case E_AND:
+			expr_eliminate_dups1(e->type, &e, &e);
+			expr_eliminate_dups2(e->type, &e, &e);
+		default:
+			;
+		}
+		if (!trans_count)
+			break;
+		e = expr_eliminate_yn(e);
+	}
+	trans_count = oldcount;
+	return e;
+}
+
+struct expr *expr_transform(struct expr *e)
+{
+	struct expr *tmp;
+
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+	case E_SYMBOL:
+	case E_CHOICE:
+		break;
+	default:
+		e->left.expr = expr_transform(e->left.expr);
+		e->right.expr = expr_transform(e->right.expr);
+	}
+
+	switch (e->type) {
+	case E_EQUAL:
+		if (e->left.sym->type != S_BOOLEAN)
+			break;
+		if (e->right.sym == &symbol_no) {
+			e->type = E_NOT;
+			e->left.expr = expr_alloc_symbol(e->left.sym);
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_mod) {
+			printf("boolean symbol %s tested for 'm'? test forced to 'n'\n", e->left.sym->name);
+			e->type = E_SYMBOL;
+			e->left.sym = &symbol_no;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_yes) {
+			e->type = E_SYMBOL;
+			e->right.sym = NULL;
+			break;
+		}
+		break;
+	case E_UNEQUAL:
+		if (e->left.sym->type != S_BOOLEAN)
+			break;
+		if (e->right.sym == &symbol_no) {
+			e->type = E_SYMBOL;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_mod) {
+			printf("boolean symbol %s tested for 'm'? test forced to 'y'\n", e->left.sym->name);
+			e->type = E_SYMBOL;
+			e->left.sym = &symbol_yes;
+			e->right.sym = NULL;
+			break;
+		}
+		if (e->right.sym == &symbol_yes) {
+			e->type = E_NOT;
+			e->left.expr = expr_alloc_symbol(e->left.sym);
+			e->right.sym = NULL;
+			break;
+		}
+		break;
+	case E_NOT:
+		switch (e->left.expr->type) {
+		case E_NOT:
+			// !!a -> a
+			tmp = e->left.expr->left.expr;
+			free(e->left.expr);
+			free(e);
+			e = tmp;
+			e = expr_transform(e);
+			break;
+		case E_EQUAL:
+		case E_UNEQUAL:
+			// !a='x' -> a!='x'
+			tmp = e->left.expr;
+			free(e);
+			e = tmp;
+			e->type = e->type == E_EQUAL ? E_UNEQUAL : E_EQUAL;
+			break;
+		case E_OR:
+			// !(a || b) -> !a && !b
+			tmp = e->left.expr;
+			e->type = E_AND;
+			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
+			tmp->type = E_NOT;
+			tmp->right.expr = NULL;
+			e = expr_transform(e);
+			break;
+		case E_AND:
+			// !(a && b) -> !a || !b
+			tmp = e->left.expr;
+			e->type = E_OR;
+			e->right.expr = expr_alloc_one(E_NOT, tmp->right.expr);
+			tmp->type = E_NOT;
+			tmp->right.expr = NULL;
+			e = expr_transform(e);
+			break;
+		case E_SYMBOL:
+			if (e->left.expr->left.sym == &symbol_yes) {
+				// !'y' -> 'n'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_no;
+				break;
+			}
+			if (e->left.expr->left.sym == &symbol_mod) {
+				// !'m' -> 'm'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_mod;
+				break;
+			}
+			if (e->left.expr->left.sym == &symbol_no) {
+				// !'n' -> 'y'
+				tmp = e->left.expr;
+				free(e);
+				e = tmp;
+				e->type = E_SYMBOL;
+				e->left.sym = &symbol_yes;
+				break;
+			}
+			break;
+		default:
+			;
+		}
+		break;
+	default:
+		;
+	}
+	return e;
+}
+
+int expr_contains_symbol(struct expr *dep, struct symbol *sym)
+{
+	if (!dep)
+		return 0;
+
+	switch (dep->type) {
+	case E_AND:
+	case E_OR:
+		return expr_contains_symbol(dep->left.expr, sym) ||
+		       expr_contains_symbol(dep->right.expr, sym);
+	case E_SYMBOL:
+		return dep->left.sym == sym;
+	case E_EQUAL:
+	case E_UNEQUAL:
+		return dep->left.sym == sym ||
+		       dep->right.sym == sym;
+	case E_NOT:
+		return expr_contains_symbol(dep->left.expr, sym);
+	default:
+		;
+	}
+	return 0;
+}
+
+bool expr_depends_symbol(struct expr *dep, struct symbol *sym)
+{
+	if (!dep)
+		return false;
+
+	switch (dep->type) {
+	case E_AND:
+		return expr_depends_symbol(dep->left.expr, sym) ||
+		       expr_depends_symbol(dep->right.expr, sym);
+	case E_SYMBOL:
+		return dep->left.sym == sym;
+	case E_EQUAL:
+		if (dep->left.sym == sym) {
+			if (dep->right.sym == &symbol_yes || dep->right.sym == &symbol_mod)
+				return true;
+		}
+		break;
+	case E_UNEQUAL:
+		if (dep->left.sym == sym) {
+			if (dep->right.sym == &symbol_no)
+				return true;
+		}
+		break;
+	default:
+		;
+	}
+ 	return false;
+}
+
+struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2)
+{
+	struct expr *tmp = NULL;
+	expr_extract_eq(E_AND, &tmp, ep1, ep2);
+	if (tmp) {
+		*ep1 = expr_eliminate_yn(*ep1);
+		*ep2 = expr_eliminate_yn(*ep2);
+	}
+	return tmp;
+}
+
+struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2)
+{
+	struct expr *tmp = NULL;
+	expr_extract_eq(E_OR, &tmp, ep1, ep2);
+	if (tmp) {
+		*ep1 = expr_eliminate_yn(*ep1);
+		*ep2 = expr_eliminate_yn(*ep2);
+	}
+	return tmp;
+}
+
+void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2)
+{
+#define e1 (*ep1)
+#define e2 (*ep2)
+	if (e1->type == type) {
+		expr_extract_eq(type, ep, &e1->left.expr, &e2);
+		expr_extract_eq(type, ep, &e1->right.expr, &e2);
+		return;
+	}
+	if (e2->type == type) {
+		expr_extract_eq(type, ep, ep1, &e2->left.expr);
+		expr_extract_eq(type, ep, ep1, &e2->right.expr);
+		return;
+	}
+	if (expr_eq(e1, e2)) {
+		*ep = *ep ? expr_alloc_two(type, *ep, e1) : e1;
+		expr_free(e2);
+		if (type == E_AND) {
+			e1 = expr_alloc_symbol(&symbol_yes);
+			e2 = expr_alloc_symbol(&symbol_yes);
+		} else if (type == E_OR) {
+			e1 = expr_alloc_symbol(&symbol_no);
+			e2 = expr_alloc_symbol(&symbol_no);
+		}
+	}
+#undef e1
+#undef e2
+}
+
+struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym)
+{
+	struct expr *e1, *e2;
+
+	if (!e) {
+		e = expr_alloc_symbol(sym);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	}
+	switch (e->type) {
+	case E_AND:
+		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
+		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
+		if (sym == &symbol_yes)
+			e = expr_alloc_two(E_AND, e1, e2);
+		if (sym == &symbol_no)
+			e = expr_alloc_two(E_OR, e1, e2);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	case E_OR:
+		e1 = expr_trans_compare(e->left.expr, E_EQUAL, sym);
+		e2 = expr_trans_compare(e->right.expr, E_EQUAL, sym);
+		if (sym == &symbol_yes)
+			e = expr_alloc_two(E_OR, e1, e2);
+		if (sym == &symbol_no)
+			e = expr_alloc_two(E_AND, e1, e2);
+		if (type == E_UNEQUAL)
+			e = expr_alloc_one(E_NOT, e);
+		return e;
+	case E_NOT:
+		return expr_trans_compare(e->left.expr, type == E_EQUAL ? E_UNEQUAL : E_EQUAL, sym);
+	case E_UNEQUAL:
+	case E_EQUAL:
+		if (type == E_EQUAL) {
+			if (sym == &symbol_yes)
+				return expr_copy(e);
+			if (sym == &symbol_mod)
+				return expr_alloc_symbol(&symbol_no);
+			if (sym == &symbol_no)
+				return expr_alloc_one(E_NOT, expr_copy(e));
+		} else {
+			if (sym == &symbol_yes)
+				return expr_alloc_one(E_NOT, expr_copy(e));
+			if (sym == &symbol_mod)
+				return expr_alloc_symbol(&symbol_yes);
+			if (sym == &symbol_no)
+				return expr_copy(e);
+		}
+		break;
+	case E_SYMBOL:
+		return expr_alloc_comp(type, e->left.sym, sym);
+	case E_CHOICE:
+	case E_RANGE:
+	case E_NONE:
+		/* panic */;
+	}
+	return NULL;
+}
+
+tristate expr_calc_value(struct expr *e)
+{
+	tristate val1, val2;
+	const char *str1, *str2;
+
+	if (!e)
+		return yes;
+
+	switch (e->type) {
+	case E_SYMBOL:
+		sym_calc_value(e->left.sym);
+		return e->left.sym->curr.tri;
+	case E_AND:
+		val1 = expr_calc_value(e->left.expr);
+		val2 = expr_calc_value(e->right.expr);
+		return E_AND(val1, val2);
+	case E_OR:
+		val1 = expr_calc_value(e->left.expr);
+		val2 = expr_calc_value(e->right.expr);
+		return E_OR(val1, val2);
+	case E_NOT:
+		val1 = expr_calc_value(e->left.expr);
+		return E_NOT(val1);
+	case E_EQUAL:
+		sym_calc_value(e->left.sym);
+		sym_calc_value(e->right.sym);
+		str1 = sym_get_string_value(e->left.sym);
+		str2 = sym_get_string_value(e->right.sym);
+		return !strcmp(str1, str2) ? yes : no;
+	case E_UNEQUAL:
+		sym_calc_value(e->left.sym);
+		sym_calc_value(e->right.sym);
+		str1 = sym_get_string_value(e->left.sym);
+		str2 = sym_get_string_value(e->right.sym);
+		return !strcmp(str1, str2) ? no : yes;
+	default:
+		printf("expr_calc_value: %d?\n", e->type);
+		return no;
+	}
+}
+
+int expr_compare_type(enum expr_type t1, enum expr_type t2)
+{
+#if 0
+	return 1;
+#else
+	if (t1 == t2)
+		return 0;
+	switch (t1) {
+	case E_EQUAL:
+	case E_UNEQUAL:
+		if (t2 == E_NOT)
+			return 1;
+	case E_NOT:
+		if (t2 == E_AND)
+			return 1;
+	case E_AND:
+		if (t2 == E_OR)
+			return 1;
+	case E_OR:
+		if (t2 == E_CHOICE)
+			return 1;
+	case E_CHOICE:
+		if (t2 == 0)
+			return 1;
+	default:
+		return -1;
+	}
+	printf("[%dgt%d?]", t1, t2);
+	return 0;
+#endif
+}
+
+void expr_print(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken)
+{
+	if (!e) {
+		fn(data, "y");
+		return;
+	}
+
+	if (expr_compare_type(prevtoken, e->type) > 0)
+		fn(data, "(");
+	switch (e->type) {
+	case E_SYMBOL:
+		if (e->left.sym->name)
+			fn(data, e->left.sym->name);
+		else
+			fn(data, "<choice>");
+		break;
+	case E_NOT:
+		fn(data, "!");
+		expr_print(e->left.expr, fn, data, E_NOT);
+		break;
+	case E_EQUAL:
+		fn(data, e->left.sym->name);
+		fn(data, "=");
+		fn(data, e->right.sym->name);
+		break;
+	case E_UNEQUAL:
+		fn(data, e->left.sym->name);
+		fn(data, "!=");
+		fn(data, e->right.sym->name);
+		break;
+	case E_OR:
+		expr_print(e->left.expr, fn, data, E_OR);
+		fn(data, " || ");
+		expr_print(e->right.expr, fn, data, E_OR);
+		break;
+	case E_AND:
+		expr_print(e->left.expr, fn, data, E_AND);
+		fn(data, " && ");
+		expr_print(e->right.expr, fn, data, E_AND);
+		break;
+	case E_CHOICE:
+		fn(data, e->right.sym->name);
+		if (e->left.expr) {
+			fn(data, " ^ ");
+			expr_print(e->left.expr, fn, data, E_CHOICE);
+		}
+		break;
+	case E_RANGE:
+		fn(data, "[");
+		fn(data, e->left.sym->name);
+		fn(data, " ");
+		fn(data, e->right.sym->name);
+		fn(data, "]");
+		break;
+	default:
+	  {
+		char buf[32];
+		sprintf(buf, "<unknown type %d>", e->type);
+		fn(data, buf);
+		break;
+	  }
+	}
+	if (expr_compare_type(prevtoken, e->type) > 0)
+		fn(data, ")");
+}
+
+static void expr_print_file_helper(void *data, const char *str)
+{
+	fwrite(str, strlen(str), 1, data);
+}
+
+void expr_fprint(struct expr *e, FILE *out)
+{
+	expr_print(e, expr_print_file_helper, out, E_NONE);
+}
+
+static void expr_print_gstr_helper(void *data, const char *str)
+{
+	str_append((struct gstr*)data, str);
+}
+
+void expr_gstr_print(struct expr *e, struct gstr *gs)
+{
+	expr_print(e, expr_print_gstr_helper, gs, E_NONE);
+}
diff --git a/config/scripts/config/expr.h b/config/scripts/config/expr.h
new file mode 100644
index 0000000000..7d39ff43e6
--- /dev/null
+++ b/config/scripts/config/expr.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#ifndef EXPR_H
+#define EXPR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+#ifndef __cplusplus
+#include <stdbool.h>
+#endif
+
+struct file {
+	struct file *next;
+	struct file *parent;
+	char *name;
+	int lineno;
+	int flags;
+};
+
+#define FILE_BUSY		0x0001
+#define FILE_SCANNED		0x0002
+#define FILE_PRINTED		0x0004
+
+typedef enum tristate {
+	no, mod, yes
+} tristate;
+
+enum expr_type {
+	E_NONE, E_OR, E_AND, E_NOT, E_EQUAL, E_UNEQUAL, E_CHOICE, E_SYMBOL, E_RANGE
+};
+
+union expr_data {
+	struct expr *expr;
+	struct symbol *sym;
+};
+
+struct expr {
+	enum expr_type type;
+	union expr_data left, right;
+};
+
+#define E_OR(dep1, dep2)	(((dep1)>(dep2))?(dep1):(dep2))
+#define E_AND(dep1, dep2)	(((dep1)<(dep2))?(dep1):(dep2))
+#define E_NOT(dep)		(2-(dep))
+
+struct expr_value {
+	struct expr *expr;
+	tristate tri;
+};
+
+struct symbol_value {
+	void *val;
+	tristate tri;
+};
+
+enum symbol_type {
+	S_UNKNOWN, S_BOOLEAN, S_TRISTATE, S_INT, S_HEX, S_STRING, S_OTHER
+};
+
+struct symbol {
+	struct symbol *next;
+	char *name;
+	char *help;
+	enum symbol_type type;
+	struct symbol_value curr, user;
+	tristate visible;
+	int flags;
+	struct property *prop;
+	struct expr *dep, *dep2;
+	struct expr_value rev_dep;
+};
+
+#define for_all_symbols(i, sym) for (i = 0; i < 257; i++) for (sym = symbol_hash[i]; sym; sym = sym->next) if (sym->type != S_OTHER)
+
+#define SYMBOL_YES		0x0001
+#define SYMBOL_MOD		0x0002
+#define SYMBOL_NO		0x0004
+#define SYMBOL_CONST		0x0007
+#define SYMBOL_CHECK		0x0008
+#define SYMBOL_CHOICE		0x0010
+#define SYMBOL_CHOICEVAL	0x0020
+#define SYMBOL_PRINTED		0x0040
+#define SYMBOL_VALID		0x0080
+#define SYMBOL_OPTIONAL		0x0100
+#define SYMBOL_WRITE		0x0200
+#define SYMBOL_CHANGED		0x0400
+#define SYMBOL_NEW		0x0800
+#define SYMBOL_AUTO		0x1000
+#define SYMBOL_CHECKED		0x2000
+#define SYMBOL_CHECK_DONE	0x4000
+#define SYMBOL_WARNED		0x8000
+
+#define SYMBOL_MAXLENGTH	256
+#define SYMBOL_HASHSIZE		257
+#define SYMBOL_HASHMASK		0xff
+
+enum prop_type {
+	P_UNKNOWN, P_PROMPT, P_COMMENT, P_MENU, P_DEFAULT, P_CHOICE, P_SELECT, P_RANGE
+};
+
+struct property {
+	struct property *next;
+	struct symbol *sym;
+	enum prop_type type;
+	const char *text;
+	struct expr_value visible;
+	struct expr *expr;
+	struct menu *menu;
+	struct file *file;
+	int lineno;
+};
+
+#define for_all_properties(sym, st, tok) \
+	for (st = sym->prop; st; st = st->next) \
+		if (st->type == (tok))
+#define for_all_defaults(sym, st) for_all_properties(sym, st, P_DEFAULT)
+#define for_all_choices(sym, st) for_all_properties(sym, st, P_CHOICE)
+#define for_all_prompts(sym, st) \
+	for (st = sym->prop; st; st = st->next) \
+		if (st->text)
+
+struct menu {
+	struct menu *next;
+	struct menu *parent;
+	struct menu *list;
+	struct symbol *sym;
+	struct property *prompt;
+	struct expr *dep;
+	unsigned int flags;
+	//char *help;
+	struct file *file;
+	int lineno;
+	void *data;
+};
+
+#define MENU_CHANGED		0x0001
+#define MENU_ROOT		0x0002
+
+#ifndef SWIG
+
+extern struct file *file_list;
+extern struct file *current_file;
+struct file *lookup_file(const char *name);
+
+extern struct symbol symbol_yes, symbol_no, symbol_mod;
+extern struct symbol *modules_sym;
+extern int cdebug;
+struct expr *expr_alloc_symbol(struct symbol *sym);
+struct expr *expr_alloc_one(enum expr_type type, struct expr *ce);
+struct expr *expr_alloc_two(enum expr_type type, struct expr *e1, struct expr *e2);
+struct expr *expr_alloc_comp(enum expr_type type, struct symbol *s1, struct symbol *s2);
+struct expr *expr_alloc_and(struct expr *e1, struct expr *e2);
+struct expr *expr_alloc_or(struct expr *e1, struct expr *e2);
+struct expr *expr_copy(struct expr *org);
+void expr_free(struct expr *e);
+int expr_eq(struct expr *e1, struct expr *e2);
+void expr_eliminate_eq(struct expr **ep1, struct expr **ep2);
+tristate expr_calc_value(struct expr *e);
+struct expr *expr_eliminate_yn(struct expr *e);
+struct expr *expr_trans_bool(struct expr *e);
+struct expr *expr_eliminate_dups(struct expr *e);
+struct expr *expr_transform(struct expr *e);
+int expr_contains_symbol(struct expr *dep, struct symbol *sym);
+bool expr_depends_symbol(struct expr *dep, struct symbol *sym);
+struct expr *expr_extract_eq_and(struct expr **ep1, struct expr **ep2);
+struct expr *expr_extract_eq_or(struct expr **ep1, struct expr **ep2);
+void expr_extract_eq(enum expr_type type, struct expr **ep, struct expr **ep1, struct expr **ep2);
+struct expr *expr_trans_compare(struct expr *e, enum expr_type type, struct symbol *sym);
+
+void expr_fprint(struct expr *e, FILE *out);
+struct gstr; /* forward */
+void expr_gstr_print(struct expr *e, struct gstr *gs);
+
+static inline int expr_is_yes(struct expr *e)
+{
+	return !e || (e->type == E_SYMBOL && e->left.sym == &symbol_yes);
+}
+
+static inline int expr_is_no(struct expr *e)
+{
+	return e && (e->type == E_SYMBOL && e->left.sym == &symbol_no);
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* EXPR_H */
diff --git a/config/scripts/config/lex.zconf.c_shipped b/config/scripts/config/lex.zconf.c_shipped
new file mode 100644
index 0000000000..b877bb6b3c
--- /dev/null
+++ b/config/scripts/config/lex.zconf.c_shipped
@@ -0,0 +1,3688 @@
+
+#line 3 "lex.zconf.c"
+
+#define  YY_INT_ALIGNED short int
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+#define YY_FLEX_SUBMINOR_VERSION 31
+#if YY_FLEX_SUBMINOR_VERSION > 0
+#define FLEX_BETA
+#endif
+
+/* First, we deal with  platform-specific or compiler-specific issues. */
+
+/* begin standard C headers. */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <stdlib.h>
+
+/* end standard C headers. */
+
+/* flex integer type definitions */
+
+#ifndef FLEXINT_H
+#define FLEXINT_H
+
+/* C99 systems have <inttypes.h>. Non-C99 systems may or may not. */
+
+#if defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L
+#include <inttypes.h>
+typedef int8_t flex_int8_t;
+typedef uint8_t flex_uint8_t;
+typedef int16_t flex_int16_t;
+typedef uint16_t flex_uint16_t;
+typedef int32_t flex_int32_t;
+typedef uint32_t flex_uint32_t;
+#else
+typedef signed char flex_int8_t;
+typedef short int flex_int16_t;
+typedef int flex_int32_t;
+typedef unsigned char flex_uint8_t;
+typedef unsigned short int flex_uint16_t;
+typedef unsigned int flex_uint32_t;
+#endif /* ! C99 */
+
+/* Limits of integral types. */
+#ifndef INT8_MIN
+#define INT8_MIN               (-128)
+#endif
+#ifndef INT16_MIN
+#define INT16_MIN              (-32767-1)
+#endif
+#ifndef INT32_MIN
+#define INT32_MIN              (-2147483647-1)
+#endif
+#ifndef INT8_MAX
+#define INT8_MAX               (127)
+#endif
+#ifndef INT16_MAX
+#define INT16_MAX              (32767)
+#endif
+#ifndef INT32_MAX
+#define INT32_MAX              (2147483647)
+#endif
+#ifndef UINT8_MAX
+#define UINT8_MAX              (255U)
+#endif
+#ifndef UINT16_MAX
+#define UINT16_MAX             (65535U)
+#endif
+#ifndef UINT32_MAX
+#define UINT32_MAX             (4294967295U)
+#endif
+
+#endif /* ! FLEXINT_H */
+
+#ifdef __cplusplus
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else	/* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_CONST
+
+#endif	/* __STDC__ */
+#endif	/* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN (yy_start) = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START (((yy_start) - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE zconfrestart(zconfin  )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#ifndef YY_BUF_SIZE
+#define YY_BUF_SIZE 16384
+#endif
+
+#ifndef YY_TYPEDEF_YY_BUFFER_STATE
+#define YY_TYPEDEF_YY_BUFFER_STATE
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+#endif
+
+extern int zconfleng;
+
+extern FILE *zconfin, *zconfout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+    #define YY_LESS_LINENO(n)
+
+/* Return all but the first "n" matched characters back to the input stream. */
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		*yy_cp = (yy_hold_char); \
+		YY_RESTORE_YY_MORE_OFFSET \
+		(yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \
+		YY_DO_BEFORE_ACTION; /* set up zconftext again */ \
+		} \
+	while ( 0 )
+
+#define unput(c) yyunput( c, (yytext_ptr)  )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+
+#ifndef YY_TYPEDEF_YY_SIZE_T
+#define YY_TYPEDEF_YY_SIZE_T
+typedef unsigned int yy_size_t;
+#endif
+
+#ifndef YY_STRUCT_YY_BUFFER_STATE
+#define YY_STRUCT_YY_BUFFER_STATE
+struct yy_buffer_state
+	{
+	FILE *yy_input_file;
+
+	char *yy_ch_buf;		/* input buffer */
+	char *yy_buf_pos;		/* current position in input buffer */
+
+	/* Size of input buffer in bytes, not including room for EOB
+	 * characters.
+	 */
+	yy_size_t yy_buf_size;
+
+	/* Number of characters read into yy_ch_buf, not including EOB
+	 * characters.
+	 */
+	int yy_n_chars;
+
+	/* Whether we "own" the buffer - i.e., we know we created it,
+	 * and can realloc() it to grow it, and should free() it to
+	 * delete it.
+	 */
+	int yy_is_our_buffer;
+
+	/* Whether this is an "interactive" input source; if so, and
+	 * if we're using stdio for input, then we want to use getc()
+	 * instead of fread(), to make sure we stop fetching input after
+	 * each newline.
+	 */
+	int yy_is_interactive;
+
+	/* Whether we're considered to be at the beginning of a line.
+	 * If so, '^' rules will be active on the next match, otherwise
+	 * not.
+	 */
+	int yy_at_bol;
+
+    int yy_bs_lineno; /**< The line count. */
+    int yy_bs_column; /**< The column count. */
+
+	/* Whether to try to fill the input buffer when we reach the
+	 * end of it.
+	 */
+	int yy_fill_buffer;
+
+	int yy_buffer_status;
+
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+	/* When an EOF's been seen but there's still some text to process
+	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+	 * shouldn't try reading from the input source any more.  We might
+	 * still have a bunch of tokens to match, though, because of
+	 * possible backing-up.
+	 *
+	 * When we actually see the EOF, we change the status to "new"
+	 * (via zconfrestart()), so that the user can continue scanning by
+	 * just pointing zconfin at a new input file.
+	 */
+#define YY_BUFFER_EOF_PENDING 2
+
+	};
+#endif /* !YY_STRUCT_YY_BUFFER_STATE */
+
+/* Stack of input buffers. */
+static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */
+static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */
+static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ *
+ * Returns the top of the stack, or NULL.
+ */
+#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \
+                          ? (yy_buffer_stack)[(yy_buffer_stack_top)] \
+                          : NULL)
+
+/* Same as previous macro, but useful when we know that the buffer stack is not
+ * NULL or when we need an lvalue. For internal use only.
+ */
+#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)]
+
+/* yy_hold_char holds the character lost when zconftext is formed. */
+static char yy_hold_char;
+static int yy_n_chars;		/* number of characters read into yy_ch_buf */
+int zconfleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 1;		/* whether we need to initialize */
+static int yy_start = 0;	/* start state number */
+
+/* Flag which is used to allow zconfwrap()'s to do buffer switches
+ * instead of setting up a fresh zconfin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void zconfrestart (FILE *input_file  );
+void zconf_switch_to_buffer (YY_BUFFER_STATE new_buffer  );
+YY_BUFFER_STATE zconf_create_buffer (FILE *file,int size  );
+void zconf_delete_buffer (YY_BUFFER_STATE b  );
+void zconf_flush_buffer (YY_BUFFER_STATE b  );
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer  );
+void zconfpop_buffer_state (void );
+
+static void zconfensure_buffer_stack (void );
+static void zconf_load_buffer_state (void );
+static void zconf_init_buffer (YY_BUFFER_STATE b,FILE *file  );
+
+#define YY_FLUSH_BUFFER zconf_flush_buffer(YY_CURRENT_BUFFER )
+
+YY_BUFFER_STATE zconf_scan_buffer (char *base,yy_size_t size  );
+YY_BUFFER_STATE zconf_scan_string (yyconst char *yy_str  );
+YY_BUFFER_STATE zconf_scan_bytes (yyconst char *bytes,int len  );
+
+void *zconfalloc (yy_size_t  );
+void *zconfrealloc (void *,yy_size_t  );
+void zconffree (void *  );
+
+#define yy_new_buffer zconf_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){ \
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \
+	}
+
+#define yy_set_bol(at_bol) \
+	{ \
+	if ( ! YY_CURRENT_BUFFER ){\
+        zconfensure_buffer_stack (); \
+		YY_CURRENT_BUFFER_LVALUE =    \
+            zconf_create_buffer(zconfin,YY_BUF_SIZE ); \
+	} \
+	YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \
+	}
+
+#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol)
+
+/* Begin user sect3 */
+
+#define zconfwrap(n) 1
+#define YY_SKIP_YYWRAP
+
+typedef unsigned char YY_CHAR;
+
+FILE *zconfin = (FILE *) 0, *zconfout = (FILE *) 0;
+
+typedef int yy_state_type;
+
+extern int zconflineno;
+
+int zconflineno = 1;
+
+extern char *zconftext;
+#define yytext_ptr zconftext
+static yyconst flex_int16_t yy_nxt[][38] =
+    {
+    {
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   12,   13,   14,   12,   12,   15,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+
+       12,   12,   12,   12,   12,   12,   12,   12,   12,   12,
+       12,   12,   12,   12,   12,   12,   12,   12
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+    },
+
+    {
+       11,   16,   16,   17,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   18,   16,   16,   18,   18,   19,   20,
+       21,   22,   18,   18,   23,   24,   18,   25,   18,   26,
+       27,   18,   28,   29,   30,   18,   18,   16
+
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   31,   32,   33,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   34,   34,   35,   34,   36,   34,   34,   36,   34,
+       34,   34,   34,   34,   34,   37,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,   34,   34,   34,   34
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+
+    },
+
+    {
+       11,   38,   38,   39,   40,   41,   42,   43,   41,   44,
+       45,   46,   47,   47,   48,   49,   47,   47,   47,   47,
+       47,   47,   47,   47,   47,   50,   47,   47,   47,   51,
+       47,   47,   47,   47,   47,   47,   47,   52
+    },
+
+    {
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11,
+      -11,  -11,  -11,  -11,  -11,  -11,  -11,  -11
+    },
+
+    {
+       11,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12,
+      -12,  -12,  -12,  -12,  -12,  -12,  -12,  -12
+    },
+
+    {
+       11,  -13,   53,   54,  -13,  -13,   55,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13,
+      -13,  -13,  -13,  -13,  -13,  -13,  -13,  -13
+    },
+
+    {
+       11,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14,
+      -14,  -14,  -14,  -14,  -14,  -14,  -14,  -14
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16,
+      -16,  -16,  -16,  -16,  -16,  -16,  -16,  -16
+    },
+
+    {
+       11,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17,
+      -17,  -17,  -17,  -17,  -17,  -17,  -17,  -17
+    },
+
+    {
+       11,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,  -18,
+      -18,  -18,  -18,   58,  -18,  -18,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -18
+    },
+
+    {
+       11,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,  -19,
+      -19,  -19,  -19,   58,  -19,  -19,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   59,
+       58,   58,   58,   58,   58,   58,   58,  -19
+
+    },
+
+    {
+       11,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,  -20,
+      -20,  -20,  -20,   58,  -20,  -20,   58,   58,   58,   58,
+       58,   58,   58,   58,   60,   58,   58,   58,   58,   61,
+       58,   58,   58,   58,   58,   58,   58,  -20
+    },
+
+    {
+       11,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,  -21,
+      -21,  -21,  -21,   58,  -21,  -21,   58,   58,   58,   58,
+       58,   62,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -21
+    },
+
+    {
+       11,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,  -22,
+      -22,  -22,  -22,   58,  -22,  -22,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   63,   58,
+       58,   58,   58,   58,   58,   58,   58,  -22
+    },
+
+    {
+       11,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,  -23,
+      -23,  -23,  -23,   58,  -23,  -23,   58,   58,   58,   58,
+       58,   64,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -23
+    },
+
+    {
+       11,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,  -24,
+      -24,  -24,  -24,   58,  -24,  -24,   58,   58,   58,   58,
+       58,   58,   65,   58,   58,   58,   58,   58,   66,   58,
+       58,   58,   58,   58,   58,   58,   58,  -24
+
+    },
+
+    {
+       11,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,  -25,
+      -25,  -25,  -25,   58,  -25,  -25,   58,   67,   58,   58,
+       58,   68,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -25
+    },
+
+    {
+       11,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,  -26,
+      -26,  -26,  -26,   58,  -26,  -26,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       69,   58,   58,   58,   58,   58,   58,  -26
+    },
+
+    {
+       11,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,  -27,
+      -27,  -27,  -27,   58,  -27,  -27,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   70,   58,   58,   58,   58,  -27
+    },
+
+    {
+       11,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,  -28,
+      -28,  -28,  -28,   58,  -28,  -28,   58,   71,   58,   58,
+       58,   72,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -28
+    },
+
+    {
+       11,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,  -29,
+      -29,  -29,  -29,   58,  -29,  -29,   58,   58,   58,   58,
+       58,   73,   58,   58,   58,   58,   58,   58,   58,   74,
+       58,   58,   58,   58,   75,   58,   58,  -29
+
+    },
+
+    {
+       11,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,  -30,
+      -30,  -30,  -30,   58,  -30,  -30,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   76,   58,   58,   58,   58,  -30
+    },
+
+    {
+       11,   77,   77,  -31,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -32,   78,   79,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32,
+      -32,  -32,  -32,  -32,  -32,  -32,  -32,  -32
+    },
+
+    {
+       11,   80,  -33,  -33,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -34,   81,   81,  -34,   81,
+       81,   81,   81,   81,   81,  -34,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+
+    },
+
+    {
+       11,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35,
+      -35,  -35,  -35,  -35,  -35,  -35,  -35,  -35
+    },
+
+    {
+       11,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36,
+      -36,  -36,  -36,  -36,  -36,  -36,  -36,  -36
+    },
+
+    {
+       11,   83,   83,   84,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83
+    },
+
+    {
+       11,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38,
+      -38,  -38,  -38,  -38,  -38,  -38,  -38,  -38
+    },
+
+    {
+       11,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39,
+      -39,  -39,  -39,  -39,  -39,  -39,  -39,  -39
+
+    },
+
+    {
+       11,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,   85,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40,
+      -40,  -40,  -40,  -40,  -40,  -40,  -40,  -40
+    },
+
+    {
+       11,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41,
+      -41,  -41,  -41,  -41,  -41,  -41,  -41,  -41
+    },
+
+    {
+       11,   86,   86,  -42,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -43,  -43,  -43,  -43,  -43,  -43,   87,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43,
+      -43,  -43,  -43,  -43,  -43,  -43,  -43,  -43
+    },
+
+    {
+       11,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44,
+      -44,  -44,  -44,  -44,  -44,  -44,  -44,  -44
+
+    },
+
+    {
+       11,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45,
+      -45,  -45,  -45,  -45,  -45,  -45,  -45,  -45
+    },
+
+    {
+       11,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,  -46,
+      -46,   88,   89,   89,  -46,  -46,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -46
+    },
+
+    {
+       11,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,  -47,
+      -47,   89,   89,   89,  -47,  -47,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -47
+    },
+
+    {
+       11,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48,
+      -48,  -48,  -48,  -48,  -48,  -48,  -48,  -48
+    },
+
+    {
+       11,  -49,  -49,   90,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49,
+      -49,  -49,  -49,  -49,  -49,  -49,  -49,  -49
+
+    },
+
+    {
+       11,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,  -50,
+      -50,   89,   89,   89,  -50,  -50,   89,   89,   89,   89,
+       89,   89,   91,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -50
+    },
+
+    {
+       11,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,  -51,
+      -51,   89,   89,   89,  -51,  -51,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   92,   89,
+       89,   89,   89,   89,   89,   89,   89,  -51
+    },
+
+    {
+       11,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,  -52,
+      -52,  -52,  -52,  -52,  -52,  -52,  -52,   93
+    },
+
+    {
+       11,  -53,   53,   54,  -53,  -53,   55,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53,
+      -53,  -53,  -53,  -53,  -53,  -53,  -53,  -53
+    },
+
+    {
+       11,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54,
+      -54,  -54,  -54,  -54,  -54,  -54,  -54,  -54
+
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,   56,   56,   57,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56,   56,   56,
+       56,   56,   56,   56,   56,   56,   56,   56
+    },
+
+    {
+       11,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57,
+      -57,  -57,  -57,  -57,  -57,  -57,  -57,  -57
+    },
+
+    {
+       11,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,  -58,
+      -58,  -58,  -58,   58,  -58,  -58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -58
+    },
+
+    {
+       11,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,  -59,
+      -59,  -59,  -59,   58,  -59,  -59,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   94,
+       58,   58,   58,   58,   58,   58,   58,  -59
+
+    },
+
+    {
+       11,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,  -60,
+      -60,  -60,  -60,   58,  -60,  -60,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   95,
+       58,   58,   58,   58,   58,   58,   58,  -60
+    },
+
+    {
+       11,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,  -61,
+      -61,  -61,  -61,   58,  -61,  -61,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   96,   97,   58,
+       58,   58,   58,   58,   58,   58,   58,  -61
+    },
+
+    {
+       11,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,  -62,
+      -62,  -62,  -62,   58,  -62,  -62,   58,   58,   58,   58,
+
+       58,   58,   98,   58,   58,   58,   58,   58,   58,   58,
+       99,   58,   58,   58,   58,   58,   58,  -62
+    },
+
+    {
+       11,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,  -63,
+      -63,  -63,  -63,   58,  -63,  -63,   58,  100,   58,   58,
+      101,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -63
+    },
+
+    {
+       11,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,  -64,
+      -64,  -64,  -64,   58,  -64,  -64,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  102,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  103,  -64
+
+    },
+
+    {
+       11,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,  -65,
+      -65,  -65,  -65,   58,  -65,  -65,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -65
+    },
+
+    {
+       11,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,  -66,
+      -66,  -66,  -66,   58,  -66,  -66,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  104,   58,   58,  -66
+    },
+
+    {
+       11,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,  -67,
+      -67,  -67,  -67,   58,  -67,  -67,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -67
+    },
+
+    {
+       11,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,  -68,
+      -68,  -68,  -68,   58,  -68,  -68,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  106,   58,
+       58,   58,   58,   58,   58,   58,   58,  -68
+    },
+
+    {
+       11,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,  -69,
+      -69,  -69,  -69,   58,  -69,  -69,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  107,   58,   58,  -69
+
+    },
+
+    {
+       11,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,  -70,
+      -70,  -70,  -70,   58,  -70,  -70,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  108,
+       58,   58,   58,   58,   58,   58,   58,  -70
+    },
+
+    {
+       11,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,  -71,
+      -71,  -71,  -71,   58,  -71,  -71,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  109,   58,
+       58,   58,   58,   58,   58,   58,   58,  -71
+    },
+
+    {
+       11,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,  -72,
+      -72,  -72,  -72,   58,  -72,  -72,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,  110,   58,   58,   58,   58,   58,  -72
+    },
+
+    {
+       11,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,  -73,
+      -73,  -73,  -73,   58,  -73,  -73,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  111,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -73
+    },
+
+    {
+       11,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,  -74,
+      -74,  -74,  -74,   58,  -74,  -74,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  112,   58,  -74
+
+    },
+
+    {
+       11,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,  -75,
+      -75,  -75,  -75,   58,  -75,  -75,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  113,   58,   58,   58,   58,  -75
+    },
+
+    {
+       11,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,  -76,
+      -76,  -76,  -76,   58,  -76,  -76,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -76
+    },
+
+    {
+       11,   77,   77,  -77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+
+       77,   77,   77,   77,   77,   77,   77,   77,   77,   77,
+       77,   77,   77,   77,   77,   77,   77,   77
+    },
+
+    {
+       11,  -78,   78,   79,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78,
+      -78,  -78,  -78,  -78,  -78,  -78,  -78,  -78
+    },
+
+    {
+       11,   80,  -79,  -79,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
+
+    },
+
+    {
+       11,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80,
+      -80,  -80,  -80,  -80,  -80,  -80,  -80,  -80
+    },
+
+    {
+       11,   81,   81,   82,   81,  -81,   81,   81,  -81,   81,
+       81,   81,   81,   81,   81,  -81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81,   81,   81,
+       81,   81,   81,   81,   81,   81,   81,   81
+    },
+
+    {
+       11,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82,
+      -82,  -82,  -82,  -82,  -82,  -82,  -82,  -82
+    },
+
+    {
+       11,  -83,  -83,   84,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83,
+      -83,  -83,  -83,  -83,  -83,  -83,  -83,  -83
+    },
+
+    {
+       11,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84,
+      -84,  -84,  -84,  -84,  -84,  -84,  -84,  -84
+
+    },
+
+    {
+       11,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85,
+      -85,  -85,  -85,  -85,  -85,  -85,  -85,  -85
+    },
+
+    {
+       11,   86,   86,  -86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86,   86,   86,
+       86,   86,   86,   86,   86,   86,   86,   86
+    },
+
+    {
+       11,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87,
+      -87,  -87,  -87,  -87,  -87,  -87,  -87,  -87
+    },
+
+    {
+       11,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,  -88,
+      -88,  115,   89,   89,  -88,  -88,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -88
+    },
+
+    {
+       11,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,  -89,
+      -89,   89,   89,   89,  -89,  -89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -89
+
+    },
+
+    {
+       11,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90,
+      -90,  -90,  -90,  -90,  -90,  -90,  -90,  -90
+    },
+
+    {
+       11,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,  -91,
+      -91,   89,   89,   89,  -91,  -91,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -91
+    },
+
+    {
+       11,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,  -92,
+      -92,   89,   89,   89,  -92,  -92,   89,   89,   89,   89,
+
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,  -92
+    },
+
+    {
+       11,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93,
+      -93,  -93,  -93,  -93,  -93,  -93,  -93,  -93
+    },
+
+    {
+       11,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,  -94,
+      -94,  -94,  -94,   58,  -94,  -94,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  116,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -94
+
+    },
+
+    {
+       11,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,  -95,
+      -95,  -95,  -95,   58,  -95,  -95,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  117,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -95
+    },
+
+    {
+       11,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,  -96,
+      -96,  -96,  -96,   58,  -96,  -96,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  118,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -96
+    },
+
+    {
+       11,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,  -97,
+      -97,  -97,  -97,   58,  -97,  -97,   58,   58,   58,   58,
+
+       58,   58,  119,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -97
+    },
+
+    {
+       11,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,  -98,
+      -98,  -98,  -98,   58,  -98,  -98,  120,  121,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -98
+    },
+
+    {
+       11,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,  -99,
+      -99,  -99,  -99,   58,  -99,  -99,   58,   58,   58,   58,
+       58,  122,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  -99
+
+    },
+
+    {
+       11, -100, -100, -100, -100, -100, -100, -100, -100, -100,
+     -100, -100, -100,   58, -100, -100,   58,   58,  123,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -100
+    },
+
+    {
+       11, -101, -101, -101, -101, -101, -101, -101, -101, -101,
+     -101, -101, -101,   58, -101, -101,   58,   58,   58,  124,
+       58,   58,   58,   58,   58,  125,   58,  126,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -101
+    },
+
+    {
+       11, -102, -102, -102, -102, -102, -102, -102, -102, -102,
+     -102, -102, -102,   58, -102, -102,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      127,   58,   58,   58,   58,   58,   58, -102
+    },
+
+    {
+       11, -103, -103, -103, -103, -103, -103, -103, -103, -103,
+     -103, -103, -103,   58, -103, -103,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -103
+    },
+
+    {
+       11, -104, -104, -104, -104, -104, -104, -104, -104, -104,
+     -104, -104, -104,   58, -104, -104,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -104
+
+    },
+
+    {
+       11, -105, -105, -105, -105, -105, -105, -105, -105, -105,
+     -105, -105, -105,   58, -105, -105,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  128,   58,
+       58,   58,   58,   58,   58,   58,   58, -105
+    },
+
+    {
+       11, -106, -106, -106, -106, -106, -106, -106, -106, -106,
+     -106, -106, -106,   58, -106, -106,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  129,   58, -106
+    },
+
+    {
+       11, -107, -107, -107, -107, -107, -107, -107, -107, -107,
+     -107, -107, -107,   58, -107, -107,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -107
+    },
+
+    {
+       11, -108, -108, -108, -108, -108, -108, -108, -108, -108,
+     -108, -108, -108,   58, -108, -108,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  131,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -108
+    },
+
+    {
+       11, -109, -109, -109, -109, -109, -109, -109, -109, -109,
+     -109, -109, -109,   58, -109, -109,   58,   58,   58,   58,
+       58,   58,   58,  132,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -109
+
+    },
+
+    {
+       11, -110, -110, -110, -110, -110, -110, -110, -110, -110,
+     -110, -110, -110,   58, -110, -110,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  133,   58, -110
+    },
+
+    {
+       11, -111, -111, -111, -111, -111, -111, -111, -111, -111,
+     -111, -111, -111,   58, -111, -111,   58,   58,   58,   58,
+       58,  134,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -111
+    },
+
+    {
+       11, -112, -112, -112, -112, -112, -112, -112, -112, -112,
+     -112, -112, -112,   58, -112, -112,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  135,   58,   58,   58,   58, -112
+    },
+
+    {
+       11, -113, -113, -113, -113, -113, -113, -113, -113, -113,
+     -113, -113, -113,   58, -113, -113,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -113
+    },
+
+    {
+       11, -114, -114, -114, -114, -114, -114, -114, -114, -114,
+     -114, -114, -114,   58, -114, -114,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  137,   58,   58,   58, -114
+
+    },
+
+    {
+       11, -115, -115, -115, -115, -115, -115, -115, -115, -115,
+     -115,   89,   89,   89, -115, -115,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89,   89,   89,   89,
+       89,   89,   89,   89,   89,   89,   89, -115
+    },
+
+    {
+       11, -116, -116, -116, -116, -116, -116, -116, -116, -116,
+     -116, -116, -116,   58, -116, -116,   58,   58,   58,   58,
+       58,  138,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -116
+    },
+
+    {
+       11, -117, -117, -117, -117, -117, -117, -117, -117, -117,
+     -117, -117, -117,   58, -117, -117,   58,   58,   58,  139,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -117
+    },
+
+    {
+       11, -118, -118, -118, -118, -118, -118, -118, -118, -118,
+     -118, -118, -118,   58, -118, -118,   58,   58,   58,   58,
+       58,  140,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -118
+    },
+
+    {
+       11, -119, -119, -119, -119, -119, -119, -119, -119, -119,
+     -119, -119, -119,   58, -119, -119,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  141,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -119
+
+    },
+
+    {
+       11, -120, -120, -120, -120, -120, -120, -120, -120, -120,
+     -120, -120, -120,   58, -120, -120,   58,   58,  142,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  143,   58,   58, -120
+    },
+
+    {
+       11, -121, -121, -121, -121, -121, -121, -121, -121, -121,
+     -121, -121, -121,   58, -121, -121,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  144,   58, -121
+    },
+
+    {
+       11, -122, -122, -122, -122, -122, -122, -122, -122, -122,
+     -122, -122, -122,   58, -122, -122,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  145,   58,
+       58,   58,   58,   58,   58,   58,   58, -122
+    },
+
+    {
+       11, -123, -123, -123, -123, -123, -123, -123, -123, -123,
+     -123, -123, -123,   58, -123, -123,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  146,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -123
+    },
+
+    {
+       11, -124, -124, -124, -124, -124, -124, -124, -124, -124,
+     -124, -124, -124,   58, -124, -124,   58,   58,   58,   58,
+       58,   58,   58,   58,  147,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -124
+
+    },
+
+    {
+       11, -125, -125, -125, -125, -125, -125, -125, -125, -125,
+     -125, -125, -125,   58, -125, -125,   58,   58,   58,   58,
+       58,   58,  148,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -125
+    },
+
+    {
+       11, -126, -126, -126, -126, -126, -126, -126, -126, -126,
+     -126, -126, -126,   58, -126, -126,   58,   58,   58,   58,
+       58,  149,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -126
+    },
+
+    {
+       11, -127, -127, -127, -127, -127, -127, -127, -127, -127,
+     -127, -127, -127,   58, -127, -127,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -127
+    },
+
+    {
+       11, -128, -128, -128, -128, -128, -128, -128, -128, -128,
+     -128, -128, -128,   58, -128, -128,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,  150,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -128
+    },
+
+    {
+       11, -129, -129, -129, -129, -129, -129, -129, -129, -129,
+     -129, -129, -129,   58, -129, -129,   58,   58,   58,  151,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -129
+
+    },
+
+    {
+       11, -130, -130, -130, -130, -130, -130, -130, -130, -130,
+     -130, -130, -130,   58, -130, -130,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  152,
+       58,   58,   58,   58,   58,   58,   58, -130
+    },
+
+    {
+       11, -131, -131, -131, -131, -131, -131, -131, -131, -131,
+     -131, -131, -131,   58, -131, -131,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+      153,   58,   58,   58,   58,   58,   58, -131
+    },
+
+    {
+       11, -132, -132, -132, -132, -132, -132, -132, -132, -132,
+     -132, -132, -132,   58, -132, -132,   58,   58,   58,   58,
+
+       58,  154,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -132
+    },
+
+    {
+       11, -133, -133, -133, -133, -133, -133, -133, -133, -133,
+     -133, -133, -133,   58, -133, -133,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -133
+    },
+
+    {
+       11, -134, -134, -134, -134, -134, -134, -134, -134, -134,
+     -134, -134, -134,   58, -134, -134,   58,   58,   58,  156,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -134
+
+    },
+
+    {
+       11, -135, -135, -135, -135, -135, -135, -135, -135, -135,
+     -135, -135, -135,   58, -135, -135,   58,   58,   58,  157,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -135
+    },
+
+    {
+       11, -136, -136, -136, -136, -136, -136, -136, -136, -136,
+     -136, -136, -136,   58, -136, -136,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  158,   58,
+       58,   58,   58,   58,   58,   58,   58, -136
+    },
+
+    {
+       11, -137, -137, -137, -137, -137, -137, -137, -137, -137,
+     -137, -137, -137,   58, -137, -137,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  159,   58,   58, -137
+    },
+
+    {
+       11, -138, -138, -138, -138, -138, -138, -138, -138, -138,
+     -138, -138, -138,   58, -138, -138,   58,  160,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -138
+    },
+
+    {
+       11, -139, -139, -139, -139, -139, -139, -139, -139, -139,
+     -139, -139, -139,   58, -139, -139,   58,   58,   58,   58,
+       58,  161,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -139
+
+    },
+
+    {
+       11, -140, -140, -140, -140, -140, -140, -140, -140, -140,
+     -140, -140, -140,   58, -140, -140,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  162,   58,
+       58,   58,   58,   58,   58,   58,   58, -140
+    },
+
+    {
+       11, -141, -141, -141, -141, -141, -141, -141, -141, -141,
+     -141, -141, -141,   58, -141, -141,   58,   58,   58,   58,
+       58,   58,   58,  163,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -141
+    },
+
+    {
+       11, -142, -142, -142, -142, -142, -142, -142, -142, -142,
+     -142, -142, -142,   58, -142, -142,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  164,
+       58,   58,   58,   58,   58,   58,   58, -142
+    },
+
+    {
+       11, -143, -143, -143, -143, -143, -143, -143, -143, -143,
+     -143, -143, -143,   58, -143, -143,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  165,   58,   58,   58,   58, -143
+    },
+
+    {
+       11, -144, -144, -144, -144, -144, -144, -144, -144, -144,
+     -144, -144, -144,   58, -144, -144,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  166,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -144
+
+    },
+
+    {
+       11, -145, -145, -145, -145, -145, -145, -145, -145, -145,
+     -145, -145, -145,   58, -145, -145,   58,   58,   58,   58,
+      167,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -145
+    },
+
+    {
+       11, -146, -146, -146, -146, -146, -146, -146, -146, -146,
+     -146, -146, -146,   58, -146, -146,   58,   58,   58,   58,
+       58,  168,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -146
+    },
+
+    {
+       11, -147, -147, -147, -147, -147, -147, -147, -147, -147,
+     -147, -147, -147,   58, -147, -147,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  169,
+       58,   58,   58,   58,   58,   58,   58, -147
+    },
+
+    {
+       11, -148, -148, -148, -148, -148, -148, -148, -148, -148,
+     -148, -148, -148,   58, -148, -148,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -148
+    },
+
+    {
+       11, -149, -149, -149, -149, -149, -149, -149, -149, -149,
+     -149, -149, -149,   58, -149, -149,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  170,   58,
+       58,   58,   58,   58,   58,   58,   58, -149
+
+    },
+
+    {
+       11, -150, -150, -150, -150, -150, -150, -150, -150, -150,
+     -150, -150, -150,   58, -150, -150,   58,   58,   58,   58,
+       58,  171,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -150
+    },
+
+    {
+       11, -151, -151, -151, -151, -151, -151, -151, -151, -151,
+     -151, -151, -151,   58, -151, -151,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  172,
+       58,   58,   58,   58,   58,   58,   58, -151
+    },
+
+    {
+       11, -152, -152, -152, -152, -152, -152, -152, -152, -152,
+     -152, -152, -152,   58, -152, -152,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  173,   58,
+       58,   58,   58,   58,   58,   58,   58, -152
+    },
+
+    {
+       11, -153, -153, -153, -153, -153, -153, -153, -153, -153,
+     -153, -153, -153,   58, -153, -153,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  174,   58,   58, -153
+    },
+
+    {
+       11, -154, -154, -154, -154, -154, -154, -154, -154, -154,
+     -154, -154, -154,   58, -154, -154,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -154
+
+    },
+
+    {
+       11, -155, -155, -155, -155, -155, -155, -155, -155, -155,
+     -155, -155, -155,   58, -155, -155,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,  175,   58,   58,   58,   58, -155
+    },
+
+    {
+       11, -156, -156, -156, -156, -156, -156, -156, -156, -156,
+     -156, -156, -156,   58, -156, -156,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  176,   58,   58, -156
+    },
+
+    {
+       11, -157, -157, -157, -157, -157, -157, -157, -157, -157,
+     -157, -157, -157,   58, -157, -157,   58,   58,   58,   58,
+
+       58,  177,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -157
+    },
+
+    {
+       11, -158, -158, -158, -158, -158, -158, -158, -158, -158,
+     -158, -158, -158,   58, -158, -158,   58,   58,   58,   58,
+       58,   58,   58,  178,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -158
+    },
+
+    {
+       11, -159, -159, -159, -159, -159, -159, -159, -159, -159,
+     -159, -159, -159,   58, -159, -159,   58,  179,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -159
+
+    },
+
+    {
+       11, -160, -160, -160, -160, -160, -160, -160, -160, -160,
+     -160, -160, -160,   58, -160, -160,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  180,   58,
+       58,   58,   58,   58,   58,   58,   58, -160
+    },
+
+    {
+       11, -161, -161, -161, -161, -161, -161, -161, -161, -161,
+     -161, -161, -161,   58, -161, -161,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -161
+    },
+
+    {
+       11, -162, -162, -162, -162, -162, -162, -162, -162, -162,
+     -162, -162, -162,   58, -162, -162,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  181,   58,   58, -162
+    },
+
+    {
+       11, -163, -163, -163, -163, -163, -163, -163, -163, -163,
+     -163, -163, -163,   58, -163, -163,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -163
+    },
+
+    {
+       11, -164, -164, -164, -164, -164, -164, -164, -164, -164,
+     -164, -164, -164,   58, -164, -164,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,  182,
+       58,   58,   58,   58,   58,   58,   58, -164
+
+    },
+
+    {
+       11, -165, -165, -165, -165, -165, -165, -165, -165, -165,
+     -165, -165, -165,   58, -165, -165,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -165
+    },
+
+    {
+       11, -166, -166, -166, -166, -166, -166, -166, -166, -166,
+     -166, -166, -166,   58, -166, -166,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  184,   58,   58, -166
+    },
+
+    {
+       11, -167, -167, -167, -167, -167, -167, -167, -167, -167,
+     -167, -167, -167,   58, -167, -167,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  185,   58,   58,   58, -167
+    },
+
+    {
+       11, -168, -168, -168, -168, -168, -168, -168, -168, -168,
+     -168, -168, -168,   58, -168, -168,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -168
+    },
+
+    {
+       11, -169, -169, -169, -169, -169, -169, -169, -169, -169,
+     -169, -169, -169,   58, -169, -169,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  186,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -169
+
+    },
+
+    {
+       11, -170, -170, -170, -170, -170, -170, -170, -170, -170,
+     -170, -170, -170,   58, -170, -170,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  187,   58, -170
+    },
+
+    {
+       11, -171, -171, -171, -171, -171, -171, -171, -171, -171,
+     -171, -171, -171,   58, -171, -171,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  188,   58,
+       58,   58,   58,   58,   58,   58,   58, -171
+    },
+
+    {
+       11, -172, -172, -172, -172, -172, -172, -172, -172, -172,
+     -172, -172, -172,   58, -172, -172,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,  189,   58,
+       58,   58,   58,   58,   58,   58,   58, -172
+    },
+
+    {
+       11, -173, -173, -173, -173, -173, -173, -173, -173, -173,
+     -173, -173, -173,   58, -173, -173,   58,  190,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -173
+    },
+
+    {
+       11, -174, -174, -174, -174, -174, -174, -174, -174, -174,
+     -174, -174, -174,   58, -174, -174,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -174
+
+    },
+
+    {
+       11, -175, -175, -175, -175, -175, -175, -175, -175, -175,
+     -175, -175, -175,   58, -175, -175,   58,   58,   58,   58,
+       58,  191,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -175
+    },
+
+    {
+       11, -176, -176, -176, -176, -176, -176, -176, -176, -176,
+     -176, -176, -176,   58, -176, -176,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -176
+    },
+
+    {
+       11, -177, -177, -177, -177, -177, -177, -177, -177, -177,
+     -177, -177, -177,   58, -177, -177,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -177
+    },
+
+    {
+       11, -178, -178, -178, -178, -178, -178, -178, -178, -178,
+     -178, -178, -178,   58, -178, -178,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -178
+    },
+
+    {
+       11, -179, -179, -179, -179, -179, -179, -179, -179, -179,
+     -179, -179, -179,   58, -179, -179,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  192,   58,   58, -179
+
+    },
+
+    {
+       11, -180, -180, -180, -180, -180, -180, -180, -180, -180,
+     -180, -180, -180,   58, -180, -180,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -180
+    },
+
+    {
+       11, -181, -181, -181, -181, -181, -181, -181, -181, -181,
+     -181, -181, -181,   58, -181, -181,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -181
+    },
+
+    {
+       11, -182, -182, -182, -182, -182, -182, -182, -182, -182,
+     -182, -182, -182,   58, -182, -182,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,  193,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -182
+    },
+
+    {
+       11, -183, -183, -183, -183, -183, -183, -183, -183, -183,
+     -183, -183, -183,   58, -183, -183,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  194,   58,   58,   58, -183
+    },
+
+    {
+       11, -184, -184, -184, -184, -184, -184, -184, -184, -184,
+     -184, -184, -184,   58, -184, -184,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -184
+
+    },
+
+    {
+       11, -185, -185, -185, -185, -185, -185, -185, -185, -185,
+     -185, -185, -185,   58, -185, -185,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -185
+    },
+
+    {
+       11, -186, -186, -186, -186, -186, -186, -186, -186, -186,
+     -186, -186, -186,   58, -186, -186,   58,   58,   58,  195,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -186
+    },
+
+    {
+       11, -187, -187, -187, -187, -187, -187, -187, -187, -187,
+     -187, -187, -187,   58, -187, -187,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -187
+    },
+
+    {
+       11, -188, -188, -188, -188, -188, -188, -188, -188, -188,
+     -188, -188, -188,   58, -188, -188,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,  196,   58, -188
+    },
+
+    {
+       11, -189, -189, -189, -189, -189, -189, -189, -189, -189,
+     -189, -189, -189,   58, -189, -189,   58,   58,   58,   58,
+       58,   58,  197,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -189
+
+    },
+
+    {
+       11, -190, -190, -190, -190, -190, -190, -190, -190, -190,
+     -190, -190, -190,   58, -190, -190,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,  198,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -190
+    },
+
+    {
+       11, -191, -191, -191, -191, -191, -191, -191, -191, -191,
+     -191, -191, -191,   58, -191, -191,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,  199,   58,   58,   58, -191
+    },
+
+    {
+       11, -192, -192, -192, -192, -192, -192, -192, -192, -192,
+     -192, -192, -192,   58, -192, -192,   58,   58,   58,   58,
+
+       58,  200,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -192
+    },
+
+    {
+       11, -193, -193, -193, -193, -193, -193, -193, -193, -193,
+     -193, -193, -193,   58, -193, -193,   58,   58,   58,   58,
+       58,  201,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -193
+    },
+
+    {
+       11, -194, -194, -194, -194, -194, -194, -194, -194, -194,
+     -194, -194, -194,   58, -194, -194,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  202,   58,   58, -194
+
+    },
+
+    {
+       11, -195, -195, -195, -195, -195, -195, -195, -195, -195,
+     -195, -195, -195,   58, -195, -195,   58,   58,   58,   58,
+       58,  203,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -195
+    },
+
+    {
+       11, -196, -196, -196, -196, -196, -196, -196, -196, -196,
+     -196, -196, -196,   58, -196, -196,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -196
+    },
+
+    {
+       11, -197, -197, -197, -197, -197, -197, -197, -197, -197,
+     -197, -197, -197,   58, -197, -197,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,  204,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -197
+    },
+
+    {
+       11, -198, -198, -198, -198, -198, -198, -198, -198, -198,
+     -198, -198, -198,   58, -198, -198,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -198
+    },
+
+    {
+       11, -199, -199, -199, -199, -199, -199, -199, -199, -199,
+     -199, -199, -199,   58, -199, -199,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -199
+
+    },
+
+    {
+       11, -200, -200, -200, -200, -200, -200, -200, -200, -200,
+     -200, -200, -200,   58, -200, -200,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -200
+    },
+
+    {
+       11, -201, -201, -201, -201, -201, -201, -201, -201, -201,
+     -201, -201, -201,   58, -201, -201,   58,  205,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -201
+    },
+
+    {
+       11, -202, -202, -202, -202, -202, -202, -202, -202, -202,
+     -202, -202, -202,   58, -202, -202,   58,  206,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -202
+    },
+
+    {
+       11, -203, -203, -203, -203, -203, -203, -203, -203, -203,
+     -203, -203, -203,   58, -203, -203,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -203
+    },
+
+    {
+       11, -204, -204, -204, -204, -204, -204, -204, -204, -204,
+     -204, -204, -204,   58, -204, -204,   58,   58,   58,   58,
+       58,   58,   58,  207,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -204
+
+    },
+
+    {
+       11, -205, -205, -205, -205, -205, -205, -205, -205, -205,
+     -205, -205, -205,   58, -205, -205,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,  208,   58,
+       58,   58,   58,   58,   58,   58,   58, -205
+    },
+
+    {
+       11, -206, -206, -206, -206, -206, -206, -206, -206, -206,
+     -206, -206, -206,   58, -206, -206,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,  209,   58,   58, -206
+    },
+
+    {
+       11, -207, -207, -207, -207, -207, -207, -207, -207, -207,
+     -207, -207, -207,   58, -207, -207,   58,   58,   58,   58,
+
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -207
+    },
+
+    {
+       11, -208, -208, -208, -208, -208, -208, -208, -208, -208,
+     -208, -208, -208,   58, -208, -208,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -208
+    },
+
+    {
+       11, -209, -209, -209, -209, -209, -209, -209, -209, -209,
+     -209, -209, -209,   58, -209, -209,   58,   58,   58,   58,
+       58,  210,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -209
+
+    },
+
+    {
+       11, -210, -210, -210, -210, -210, -210, -210, -210, -210,
+     -210, -210, -210,   58, -210, -210,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58,   58,   58,   58,
+       58,   58,   58,   58,   58,   58,   58, -210
+    },
+
+    } ;
+
+static yy_state_type yy_get_previous_state (void );
+static yy_state_type yy_try_NUL_trans (yy_state_type current_state  );
+static int yy_get_next_buffer (void );
+static void yy_fatal_error (yyconst char msg[]  );
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up zconftext.
+ */
+#define YY_DO_BEFORE_ACTION \
+	(yytext_ptr) = yy_bp; \
+	zconfleng = (size_t) (yy_cp - yy_bp); \
+	(yy_hold_char) = *yy_cp; \
+	*yy_cp = '\0'; \
+	(yy_c_buf_p) = yy_cp;
+
+#define YY_NUM_RULES 64
+#define YY_END_OF_BUFFER 65
+/* This struct is not used in this scanner,
+   but its presence is necessary. */
+struct yy_trans_info
+	{
+	flex_int32_t yy_verify;
+	flex_int32_t yy_nxt;
+	};
+static yyconst flex_int16_t yy_accept[211] =
+    {   0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+       65,    5,    4,    3,    2,   36,   37,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       63,   60,   62,   55,   59,   58,   57,   53,   48,   42,
+       47,   51,   53,   40,   41,   50,   50,   43,   53,   50,
+       50,   53,    4,    3,    2,    2,    1,   35,   35,   35,
+       35,   35,   35,   35,   16,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   63,   60,   62,   61,
+       55,   54,   57,   56,   44,   51,   38,   50,   50,   52,
+       45,   46,   39,   35,   35,   35,   35,   35,   35,   35,
+
+       35,   35,   30,   29,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   49,   25,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   15,   35,    7,   35,
+       35,   35,   35,   35,   35,   35,   35,   35,   35,   35,
+       35,   35,   35,   35,   35,   35,   35,   17,   35,   35,
+       35,   35,   35,   34,   35,   35,   35,   35,   35,   35,
+       10,   35,   13,   35,   35,   35,   35,   33,   35,   35,
+       35,   35,   35,   22,   35,   32,    9,   31,   35,   26,
+       12,   35,   35,   21,   18,   35,    8,   35,   35,   35,
+       35,   35,   27,   35,   35,    6,   35,   20,   19,   23,
+
+       35,   35,   11,   35,   35,   35,   14,   28,   35,   24
+    } ;
+
+static yyconst flex_int32_t yy_ec[256] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    2,    4,    5,    6,    1,    1,    7,    8,    9,
+       10,    1,    1,    1,   11,   12,   12,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,    1,    1,    1,
+       14,    1,    1,    1,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+       13,   13,   13,   13,   13,   13,   13,   13,   13,   13,
+        1,   15,    1,    1,   16,    1,   17,   18,   19,   20,
+
+       21,   22,   23,   24,   25,   13,   13,   26,   27,   28,
+       29,   30,   31,   32,   33,   34,   35,   13,   13,   36,
+       13,   13,    1,   37,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1
+    } ;
+
+extern int zconf_flex_debug;
+int zconf_flex_debug = 0;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *zconftext;
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define START_STRSIZE	16
+
+char *text;
+static char *text_ptr;
+static int text_size, text_asize;
+
+struct buffer {
+        struct buffer *parent;
+        YY_BUFFER_STATE state;
+};
+
+struct buffer *current_buf;
+
+static int last_ts, first_ts;
+
+static void zconf_endhelp(void);
+static struct buffer *zconf_endfile(void);
+
+void new_string(void)
+{
+	text = malloc(START_STRSIZE);
+	text_asize = START_STRSIZE;
+	text_ptr = text;
+	text_size = 0;
+	*text_ptr = 0;
+}
+
+void append_string(const char *str, int size)
+{
+	int new_size = text_size + size + 1;
+	if (new_size > text_asize) {
+		text = realloc(text, new_size);
+		text_asize = new_size;
+		text_ptr = text + text_size;
+	}
+	memcpy(text_ptr, str, size);
+	text_ptr += size;
+	text_size += size;
+	*text_ptr = 0;
+}
+
+void alloc_string(const char *str, int size)
+{
+	text = malloc(size + 1);
+	memcpy(text, str, size);
+	text[size] = 0;
+}
+
+#define INITIAL 0
+#define COMMAND 1
+#define HELP 2
+#define STRING 3
+#define PARAM 4
+
+/* Special case for "unistd.h", since it is non-ANSI. We include it way
+ * down here because we want the user's section 1 to have been scanned first.
+ * The user has a chance to override it with an option.
+ */
+#include <unistd.h>
+
+#ifndef YY_EXTRA_TYPE
+#define YY_EXTRA_TYPE void *
+#endif
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int zconfwrap (void );
+#else
+extern int zconfwrap (void );
+#endif
+#endif
+
+    static void yyunput (int c,char *buf_ptr  );
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char *,yyconst char *,int );
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * );
+#endif
+
+#ifndef YY_NO_INPUT
+
+#ifdef __cplusplus
+static int yyinput (void );
+#else
+static int input (void );
+#endif
+
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( zconftext, zconfleng, 1, zconfout )
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+	errno=0; \
+	while ( (result = read( fileno(zconfin), (char *) buf, max_size )) < 0 ) \
+	{ \
+		if( errno != EINTR) \
+		{ \
+			YY_FATAL_ERROR( "input in flex scanner failed" ); \
+			break; \
+		} \
+		errno=0; \
+		clearerr(zconfin); \
+	}\
+\
+
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* end tables serialization structures and prototypes */
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL_IS_OURS 1
+
+extern int zconflex (void);
+
+#define YY_DECL int zconflex (void)
+#endif /* !YY_DECL */
+
+/* Code executed at the beginning of each rule, after zconftext and zconfleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+	YY_USER_ACTION
+
+/** The main scanner function which does all the work.
+ */
+YY_DECL
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp, *yy_bp;
+	register int yy_act;
+
+	int str = 0;
+	int ts, i;
+
+	if ( (yy_init) )
+		{
+		(yy_init) = 0;
+
+#ifdef YY_USER_INIT
+		YY_USER_INIT;
+#endif
+
+		if ( ! (yy_start) )
+			(yy_start) = 1;	/* first start state */
+
+		if ( ! zconfin )
+			zconfin = stdin;
+
+		if ( ! zconfout )
+			zconfout = stdout;
+
+		if ( ! YY_CURRENT_BUFFER ) {
+			zconfensure_buffer_stack ();
+			YY_CURRENT_BUFFER_LVALUE =
+				zconf_create_buffer(zconfin,YY_BUF_SIZE );
+		}
+
+		zconf_load_buffer_state( );
+		}
+
+	while ( 1 )		/* loops until end-of-file is reached */
+		{
+		yy_cp = (yy_c_buf_p);
+
+		/* Support of zconftext. */
+		*yy_cp = (yy_hold_char);
+
+		/* yy_bp points to the position in yy_ch_buf of the start of
+		 * the current run.
+		 */
+		yy_bp = yy_cp;
+
+		yy_current_state = (yy_start);
+yy_match:
+		while ( (yy_current_state = yy_nxt[yy_current_state][ yy_ec[YY_SC_TO_UI(*yy_cp)]  ]) > 0 )
+			++yy_cp;
+
+		yy_current_state = -yy_current_state;
+
+yy_find_action:
+		yy_act = yy_accept[yy_current_state];
+
+		YY_DO_BEFORE_ACTION;
+
+do_action:	/* This label is used only to access EOF actions. */
+
+		switch ( yy_act )
+	{ /* beginning of action switch */
+case 1:
+/* rule 1 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 2:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 3:
+/* rule 3 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 4:
+YY_RULE_SETUP
+{
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+case 5:
+YY_RULE_SETUP
+{
+	unput(zconftext[0]);
+	BEGIN(COMMAND);
+}
+	YY_BREAK
+
+case 6:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MAINMENU;
+	YY_BREAK
+case 7:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENU;
+	YY_BREAK
+case 8:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDMENU;
+	YY_BREAK
+case 9:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SOURCE;
+	YY_BREAK
+case 10:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CHOICE;
+	YY_BREAK
+case 11:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDCHOICE;
+	YY_BREAK
+case 12:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_COMMENT;
+	YY_BREAK
+case 13:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_CONFIG;
+	YY_BREAK
+case 14:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_MENUCONFIG;
+	YY_BREAK
+case 15:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HELP;
+	YY_BREAK
+case 16:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_IF;
+	YY_BREAK
+case 17:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_ENDIF;
+	YY_BREAK
+case 18:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEPENDS;
+	YY_BREAK
+case 19:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_REQUIRES;
+	YY_BREAK
+case 20:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_OPTIONAL;
+	YY_BREAK
+case 21:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEFAULT;
+	YY_BREAK
+case 22:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_PROMPT;
+	YY_BREAK
+case 23:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_TRISTATE;
+	YY_BREAK
+case 24:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_TRISTATE;
+	YY_BREAK
+case 25:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 26:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_BOOLEAN;
+	YY_BREAK
+case 27:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 28:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_DEF_BOOLEAN;
+	YY_BREAK
+case 29:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_INT;
+	YY_BREAK
+case 30:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_HEX;
+	YY_BREAK
+case 31:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_STRING;
+	YY_BREAK
+case 32:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 33:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_SELECT;
+	YY_BREAK
+case 34:
+YY_RULE_SETUP
+BEGIN(PARAM); return T_RANGE;
+	YY_BREAK
+case 35:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 36:
+YY_RULE_SETUP
+
+	YY_BREAK
+case 37:
+/* rule 37 can match eol */
+YY_RULE_SETUP
+current_file->lineno++; BEGIN(INITIAL);
+	YY_BREAK
+
+case 38:
+YY_RULE_SETUP
+return T_AND;
+	YY_BREAK
+case 39:
+YY_RULE_SETUP
+return T_OR;
+	YY_BREAK
+case 40:
+YY_RULE_SETUP
+return T_OPEN_PAREN;
+	YY_BREAK
+case 41:
+YY_RULE_SETUP
+return T_CLOSE_PAREN;
+	YY_BREAK
+case 42:
+YY_RULE_SETUP
+return T_NOT;
+	YY_BREAK
+case 43:
+YY_RULE_SETUP
+return T_EQUAL;
+	YY_BREAK
+case 44:
+YY_RULE_SETUP
+return T_UNEQUAL;
+	YY_BREAK
+case 45:
+YY_RULE_SETUP
+return T_IF;
+	YY_BREAK
+case 46:
+YY_RULE_SETUP
+return T_ON;
+	YY_BREAK
+case 47:
+YY_RULE_SETUP
+{
+		str = zconftext[0];
+		new_string();
+		BEGIN(STRING);
+	}
+	YY_BREAK
+case 48:
+/* rule 48 can match eol */
+YY_RULE_SETUP
+BEGIN(INITIAL); current_file->lineno++; return T_EOL;
+	YY_BREAK
+case 49:
+YY_RULE_SETUP
+/* ignore */
+	YY_BREAK
+case 50:
+YY_RULE_SETUP
+{
+		alloc_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	YY_BREAK
+case 51:
+YY_RULE_SETUP
+/* comment */
+	YY_BREAK
+case 52:
+/* rule 52 can match eol */
+YY_RULE_SETUP
+current_file->lineno++;
+	YY_BREAK
+case 53:
+YY_RULE_SETUP
+
+	YY_BREAK
+case YY_STATE_EOF(PARAM):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 54:
+/* rule 54 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 55:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+	}
+	YY_BREAK
+case 56:
+/* rule 56 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	YY_BREAK
+case 57:
+YY_RULE_SETUP
+{
+		append_string(zconftext + 1, zconfleng - 1);
+	}
+	YY_BREAK
+case 58:
+YY_RULE_SETUP
+{
+		if (str == zconftext[0]) {
+			BEGIN(PARAM);
+			zconflval.string = text;
+			return T_WORD_QUOTE;
+		} else
+			append_string(zconftext, 1);
+	}
+	YY_BREAK
+case 59:
+/* rule 59 can match eol */
+YY_RULE_SETUP
+{
+		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
+		current_file->lineno++;
+		BEGIN(INITIAL);
+		return T_EOL;
+	}
+	YY_BREAK
+case YY_STATE_EOF(STRING):
+{
+		BEGIN(INITIAL);
+	}
+	YY_BREAK
+
+case 60:
+YY_RULE_SETUP
+{
+		ts = 0;
+		for (i = 0; i < zconfleng; i++) {
+			if (zconftext[i] == '\t')
+				ts = (ts & ~7) + 8;
+			else
+				ts++;
+		}
+		last_ts = ts;
+		if (first_ts) {
+			if (ts < first_ts) {
+				zconf_endhelp();
+				return T_HELPTEXT;
+			}
+			ts -= first_ts;
+			while (ts > 8) {
+				append_string("        ", 8);
+				ts -= 8;
+			}
+			append_string("        ", ts);
+		}
+	}
+	YY_BREAK
+case 61:
+/* rule 61 can match eol */
+*yy_cp = (yy_hold_char); /* undo effects of setting up zconftext */
+(yy_c_buf_p) = yy_cp -= 1;
+YY_DO_BEFORE_ACTION; /* set up zconftext again */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+case 62:
+/* rule 62 can match eol */
+YY_RULE_SETUP
+{
+		current_file->lineno++;
+		append_string("\n", 1);
+	}
+	YY_BREAK
+case 63:
+YY_RULE_SETUP
+{
+		append_string(zconftext, zconfleng);
+		if (!first_ts)
+			first_ts = last_ts;
+	}
+	YY_BREAK
+case YY_STATE_EOF(HELP):
+{
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	YY_BREAK
+
+case YY_STATE_EOF(INITIAL):
+case YY_STATE_EOF(COMMAND):
+{
+	if (current_buf) {
+		zconf_endfile();
+		return T_EOF;
+	}
+	fclose(zconfin);
+	yyterminate();
+}
+	YY_BREAK
+case 64:
+YY_RULE_SETUP
+YY_FATAL_ERROR( "flex scanner jammed" );
+	YY_BREAK
+
+	case YY_END_OF_BUFFER:
+		{
+		/* Amount of text matched not including the EOB char. */
+		int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1;
+
+		/* Undo the effects of YY_DO_BEFORE_ACTION. */
+		*yy_cp = (yy_hold_char);
+		YY_RESTORE_YY_MORE_OFFSET
+
+		if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
+			{
+			/* We're scanning a new file or input source.  It's
+			 * possible that this happened because the user
+			 * just pointed zconfin at a new source and called
+			 * zconflex().  If so, then we have to assure
+			 * consistency between YY_CURRENT_BUFFER and our
+			 * globals.  Here is the right place to do so, because
+			 * this is the first action (other than possibly a
+			 * back-up) that will match for the new input source.
+			 */
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+			YY_CURRENT_BUFFER_LVALUE->yy_input_file = zconfin;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
+			}
+
+		/* Note that here we test for yy_c_buf_p "<=" to the position
+		 * of the first EOB in the buffer, since yy_c_buf_p will
+		 * already have been incremented past the NUL character
+		 * (since all states make transitions on EOB to the
+		 * end-of-buffer state).  Contrast this with the test
+		 * in input().
+		 */
+		if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			{ /* This was really a NUL. */
+			yy_state_type yy_next_state;
+
+			(yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text;
+
+			yy_current_state = yy_get_previous_state(  );
+
+			/* Okay, we're now positioned to make the NUL
+			 * transition.  We couldn't have
+			 * yy_get_previous_state() go ahead and do it
+			 * for us because it doesn't know how to deal
+			 * with the possibility of jamming (and we don't
+			 * want to build jamming into it because then it
+			 * will run more slowly).
+			 */
+
+			yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+			yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+
+			if ( yy_next_state )
+				{
+				/* Consume the NUL. */
+				yy_cp = ++(yy_c_buf_p);
+				yy_current_state = yy_next_state;
+				goto yy_match;
+				}
+
+			else
+				{
+				yy_cp = (yy_c_buf_p);
+				goto yy_find_action;
+				}
+			}
+
+		else switch ( yy_get_next_buffer(  ) )
+			{
+			case EOB_ACT_END_OF_FILE:
+				{
+				(yy_did_buffer_switch_on_eof) = 0;
+
+				if ( zconfwrap( ) )
+					{
+					/* Note: because we've taken care in
+					 * yy_get_next_buffer() to have set up
+					 * zconftext, we can now set up
+					 * yy_c_buf_p so that if some total
+					 * hoser (like flex itself) wants to
+					 * call the scanner after we return the
+					 * YY_NULL, it'll still work - another
+					 * YY_NULL will get returned.
+					 */
+					(yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ;
+
+					yy_act = YY_STATE_EOF(YY_START);
+					goto do_action;
+					}
+
+				else
+					{
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+					}
+				break;
+				}
+
+			case EOB_ACT_CONTINUE_SCAN:
+				(yy_c_buf_p) =
+					(yytext_ptr) + yy_amount_of_matched_text;
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_match;
+
+			case EOB_ACT_LAST_MATCH:
+				(yy_c_buf_p) =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
+
+				yy_current_state = yy_get_previous_state(  );
+
+				yy_cp = (yy_c_buf_p);
+				yy_bp = (yytext_ptr) + YY_MORE_ADJ;
+				goto yy_find_action;
+			}
+		break;
+		}
+
+	default:
+		YY_FATAL_ERROR(
+			"fatal flex scanner internal error--no action found" );
+	} /* end of action switch */
+		} /* end of scanning one token */
+} /* end of zconflex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *	EOB_ACT_LAST_MATCH -
+ *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *	EOB_ACT_END_OF_FILE - end of file
+ */
+static int yy_get_next_buffer (void)
+{
+    	register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
+	register char *source = (yytext_ptr);
+	register int number_to_move, i;
+	int ret_val;
+
+	if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
+		YY_FATAL_ERROR(
+		"fatal flex scanner internal error--end of buffer missed" );
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
+		{ /* Don't try to fill the buffer, so this is an EOF. */
+		if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 )
+			{
+			/* We matched a single character, the EOB, so
+			 * treat this as a final EOF.
+			 */
+			return EOB_ACT_END_OF_FILE;
+			}
+
+		else
+			{
+			/* We matched some text prior to the EOB, first
+			 * process it.
+			 */
+			return EOB_ACT_LAST_MATCH;
+			}
+		}
+
+	/* Try to read more data. */
+
+	/* First move last chars to start of buffer. */
+	number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1;
+
+	for ( i = 0; i < number_to_move; ++i )
+		*(dest++) = *(source++);
+
+	if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+		/* don't do the read, it's not guaranteed to return an EOF,
+		 * just force an EOF
+		 */
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
+
+	else
+		{
+			size_t num_to_read =
+			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+		while ( num_to_read <= 0 )
+			{ /* Not enough room in the buffer - grow it. */
+
+			/* just a shorter name for the current buffer */
+			YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
+
+			int yy_c_buf_p_offset =
+				(int) ((yy_c_buf_p) - b->yy_ch_buf);
+
+			if ( b->yy_is_our_buffer )
+				{
+				int new_size = b->yy_buf_size * 2;
+
+				if ( new_size <= 0 )
+					b->yy_buf_size += b->yy_buf_size / 8;
+				else
+					b->yy_buf_size *= 2;
+
+				b->yy_ch_buf = (char *)
+					/* Include room in for 2 EOB chars. */
+					zconfrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2  );
+				}
+			else
+				/* Can't grow it, we don't own it. */
+				b->yy_ch_buf = 0;
+
+			if ( ! b->yy_ch_buf )
+				YY_FATAL_ERROR(
+				"fatal error - scanner input buffer overflow" );
+
+			(yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+			num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
+						number_to_move - 1;
+
+			}
+
+		if ( num_to_read > YY_READ_BUF_SIZE )
+			num_to_read = YY_READ_BUF_SIZE;
+
+		/* Read in more data. */
+		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
+			(yy_n_chars), num_to_read );
+
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	if ( (yy_n_chars) == 0 )
+		{
+		if ( number_to_move == YY_MORE_ADJ )
+			{
+			ret_val = EOB_ACT_END_OF_FILE;
+			zconfrestart(zconfin  );
+			}
+
+		else
+			{
+			ret_val = EOB_ACT_LAST_MATCH;
+			YY_CURRENT_BUFFER_LVALUE->yy_buffer_status =
+				YY_BUFFER_EOF_PENDING;
+			}
+		}
+
+	else
+		ret_val = EOB_ACT_CONTINUE_SCAN;
+
+	(yy_n_chars) += number_to_move;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR;
+	YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR;
+
+	(yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0];
+
+	return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+    static yy_state_type yy_get_previous_state (void)
+{
+	register yy_state_type yy_current_state;
+	register char *yy_cp;
+
+	yy_current_state = (yy_start);
+
+	for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp )
+		{
+		yy_current_state = yy_nxt[yy_current_state][(*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1)];
+		}
+
+	return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *	next_state = yy_try_NUL_trans( current_state );
+ */
+    static yy_state_type yy_try_NUL_trans  (yy_state_type yy_current_state )
+{
+	register int yy_is_jam;
+
+	yy_current_state = yy_nxt[yy_current_state][1];
+	yy_is_jam = (yy_current_state <= 0);
+
+	return yy_is_jam ? 0 : yy_current_state;
+}
+
+    static void yyunput (int c, register char * yy_bp )
+{
+	register char *yy_cp;
+
+    yy_cp = (yy_c_buf_p);
+
+	/* undo effects of setting up zconftext */
+	*yy_cp = (yy_hold_char);
+
+	if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+		{ /* need to shift things up to make room */
+		/* +2 for EOB chars. */
+		register int number_to_move = (yy_n_chars) + 2;
+		register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
+					YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
+		register char *source =
+				&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
+
+		while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
+			*--dest = *--source;
+
+		yy_cp += (int) (dest - source);
+		yy_bp += (int) (dest - source);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
+			(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
+
+		if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
+			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+		}
+
+	*--yy_cp = (char) c;
+
+	(yytext_ptr) = yy_bp;
+	(yy_hold_char) = *yy_cp;
+	(yy_c_buf_p) = yy_cp;
+}
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+    static int yyinput (void)
+#else
+    static int input  (void)
+#endif
+
+{
+	int c;
+
+	*(yy_c_buf_p) = (yy_hold_char);
+
+	if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR )
+		{
+		/* yy_c_buf_p now points to the character we want to return.
+		 * If this occurs *before* the EOB characters, then it's a
+		 * valid NUL; if not, then we've hit the end of the buffer.
+		 */
+		if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
+			/* This was really a NUL. */
+			*(yy_c_buf_p) = '\0';
+
+		else
+			{ /* need more input */
+			int offset = (yy_c_buf_p) - (yytext_ptr);
+			++(yy_c_buf_p);
+
+			switch ( yy_get_next_buffer(  ) )
+				{
+				case EOB_ACT_LAST_MATCH:
+					/* This happens because yy_g_n_b()
+					 * sees that we've accumulated a
+					 * token and flags that we need to
+					 * try matching the token before
+					 * proceeding.  But for input(),
+					 * there's no matching to consider.
+					 * So convert the EOB_ACT_LAST_MATCH
+					 * to EOB_ACT_END_OF_FILE.
+					 */
+
+					/* Reset buffer status. */
+					zconfrestart(zconfin );
+
+					/*FALLTHROUGH*/
+
+				case EOB_ACT_END_OF_FILE:
+					{
+					if ( zconfwrap( ) )
+						return EOF;
+
+					if ( ! (yy_did_buffer_switch_on_eof) )
+						YY_NEW_FILE;
+#ifdef __cplusplus
+					return yyinput();
+#else
+					return input();
+#endif
+					}
+
+				case EOB_ACT_CONTINUE_SCAN:
+					(yy_c_buf_p) = (yytext_ptr) + offset;
+					break;
+				}
+			}
+		}
+
+	c = *(unsigned char *) (yy_c_buf_p);	/* cast for 8-bit char's */
+	*(yy_c_buf_p) = '\0';	/* preserve zconftext */
+	(yy_hold_char) = *++(yy_c_buf_p);
+
+	return c;
+}
+#endif	/* ifndef YY_NO_INPUT */
+
+/** Immediately switch to a different input stream.
+ * @param input_file A readable stream.
+ *
+ * @note This function does not reset the start condition to @c INITIAL .
+ */
+    void zconfrestart  (FILE * input_file )
+{
+
+	if ( ! YY_CURRENT_BUFFER ){
+        zconfensure_buffer_stack ();
+		YY_CURRENT_BUFFER_LVALUE =
+            zconf_create_buffer(zconfin,YY_BUF_SIZE );
+	}
+
+	zconf_init_buffer(YY_CURRENT_BUFFER,input_file );
+	zconf_load_buffer_state( );
+}
+
+/** Switch to a different input buffer.
+ * @param new_buffer The new input buffer.
+ *
+ */
+    void zconf_switch_to_buffer  (YY_BUFFER_STATE  new_buffer )
+{
+
+	/* TODO. We should be able to replace this entire function body
+	 * with
+	 *		zconfpop_buffer_state();
+	 *		zconfpush_buffer_state(new_buffer);
+     */
+	zconfensure_buffer_stack ();
+	if ( YY_CURRENT_BUFFER == new_buffer )
+		return;
+
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+	zconf_load_buffer_state( );
+
+	/* We don't actually know whether we did this switch during
+	 * EOF (zconfwrap()) processing, but the only time this flag
+	 * is looked at is after zconfwrap() is called, so it's safe
+	 * to go ahead and always set it.
+	 */
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+static void zconf_load_buffer_state  (void)
+{
+    	(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
+	(yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos;
+	zconfin = YY_CURRENT_BUFFER_LVALUE->yy_input_file;
+	(yy_hold_char) = *(yy_c_buf_p);
+}
+
+/** Allocate and initialize an input buffer state.
+ * @param file A readable stream.
+ * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE.
+ *
+ * @return the allocated buffer state.
+ */
+    YY_BUFFER_STATE zconf_create_buffer  (FILE * file, int  size )
+{
+	YY_BUFFER_STATE b;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_buf_size = size;
+
+	/* yy_ch_buf has to be 2 characters longer than the size given because
+	 * we need to put in 2 end-of-buffer characters.
+	 */
+	b->yy_ch_buf = (char *) zconfalloc(b->yy_buf_size + 2  );
+	if ( ! b->yy_ch_buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_create_buffer()" );
+
+	b->yy_is_our_buffer = 1;
+
+	zconf_init_buffer(b,file );
+
+	return b;
+}
+
+/** Destroy the buffer.
+ * @param b a buffer created with zconf_create_buffer()
+ *
+ */
+    void zconf_delete_buffer (YY_BUFFER_STATE  b )
+{
+
+	if ( ! b )
+		return;
+
+	if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */
+		YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0;
+
+	if ( b->yy_is_our_buffer )
+		zconffree((void *) b->yy_ch_buf  );
+
+	zconffree((void *) b  );
+}
+
+/* Initializes or reinitializes a buffer.
+ * This function is sometimes called more than once on the same buffer,
+ * such as during a zconfrestart() or at EOF.
+ */
+    static void zconf_init_buffer  (YY_BUFFER_STATE  b, FILE * file )
+
+{
+	int oerrno = errno;
+
+	zconf_flush_buffer(b );
+
+	b->yy_input_file = file;
+	b->yy_fill_buffer = 1;
+
+    /* If b is the current buffer, then zconf_init_buffer was _probably_
+     * called from zconfrestart() or through yy_get_next_buffer.
+     * In that case, we don't want to reset the lineno or column.
+     */
+    if (b != YY_CURRENT_BUFFER){
+        b->yy_bs_lineno = 1;
+        b->yy_bs_column = 0;
+    }
+
+        b->yy_is_interactive = 0;
+
+	errno = oerrno;
+}
+
+/** Discard all buffered characters. On the next scan, YY_INPUT will be called.
+ * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER.
+ *
+ */
+    void zconf_flush_buffer (YY_BUFFER_STATE  b )
+{
+    	if ( ! b )
+		return;
+
+	b->yy_n_chars = 0;
+
+	/* We always need two end-of-buffer characters.  The first causes
+	 * a transition to the end-of-buffer state.  The second causes
+	 * a jam in that state.
+	 */
+	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+	b->yy_buf_pos = &b->yy_ch_buf[0];
+
+	b->yy_at_bol = 1;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	if ( b == YY_CURRENT_BUFFER )
+		zconf_load_buffer_state( );
+}
+
+/** Pushes the new state onto the stack. The new state becomes
+ *  the current state. This function will allocate the stack
+ *  if necessary.
+ *  @param new_buffer The new state.
+ *
+ */
+void zconfpush_buffer_state (YY_BUFFER_STATE new_buffer )
+{
+    	if (new_buffer == NULL)
+		return;
+
+	zconfensure_buffer_stack();
+
+	/* This block is copied from zconf_switch_to_buffer. */
+	if ( YY_CURRENT_BUFFER )
+		{
+		/* Flush out information for old buffer. */
+		*(yy_c_buf_p) = (yy_hold_char);
+		YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
+		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars);
+		}
+
+	/* Only push if top exists. Otherwise, replace top. */
+	if (YY_CURRENT_BUFFER)
+		(yy_buffer_stack_top)++;
+	YY_CURRENT_BUFFER_LVALUE = new_buffer;
+
+	/* copied from zconf_switch_to_buffer. */
+	zconf_load_buffer_state( );
+	(yy_did_buffer_switch_on_eof) = 1;
+}
+
+/** Removes and deletes the top of the stack, if present.
+ *  The next element becomes the new top.
+ *
+ */
+void zconfpop_buffer_state (void)
+{
+    	if (!YY_CURRENT_BUFFER)
+		return;
+
+	zconf_delete_buffer(YY_CURRENT_BUFFER );
+	YY_CURRENT_BUFFER_LVALUE = NULL;
+	if ((yy_buffer_stack_top) > 0)
+		--(yy_buffer_stack_top);
+
+	if (YY_CURRENT_BUFFER) {
+		zconf_load_buffer_state( );
+		(yy_did_buffer_switch_on_eof) = 1;
+	}
+}
+
+/* Allocates the stack if it does not exist.
+ *  Guarantees space for at least one push.
+ */
+static void zconfensure_buffer_stack (void)
+{
+	int num_to_alloc;
+
+	if (!(yy_buffer_stack)) {
+
+		/* First allocation is just for 2 elements, since we don't know if this
+		 * scanner will even need a stack. We use 2 instead of 1 to avoid an
+		 * immediate realloc on the next call.
+         */
+		num_to_alloc = 1;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfalloc
+								(num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*));
+
+		(yy_buffer_stack_max) = num_to_alloc;
+		(yy_buffer_stack_top) = 0;
+		return;
+	}
+
+	if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){
+
+		/* Increase the buffer to prepare for a possible push. */
+		int grow_size = 8 /* arbitrary grow size */;
+
+		num_to_alloc = (yy_buffer_stack_max) + grow_size;
+		(yy_buffer_stack) = (struct yy_buffer_state**)zconfrealloc
+								((yy_buffer_stack),
+								num_to_alloc * sizeof(struct yy_buffer_state*)
+								);
+
+		/* zero only the new slots.*/
+		memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*));
+		(yy_buffer_stack_max) = num_to_alloc;
+	}
+}
+
+/** Setup the input buffer state to scan directly from a user-specified character buffer.
+ * @param base the character buffer
+ * @param size the size in bytes of the character buffer
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_buffer  (char * base, yy_size_t  size )
+{
+	YY_BUFFER_STATE b;
+
+	if ( size < 2 ||
+	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+		/* They forgot to leave room for the EOB's. */
+		return 0;
+
+	b = (YY_BUFFER_STATE) zconfalloc(sizeof( struct yy_buffer_state )  );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_buffer()" );
+
+	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
+	b->yy_buf_pos = b->yy_ch_buf = base;
+	b->yy_is_our_buffer = 0;
+	b->yy_input_file = 0;
+	b->yy_n_chars = b->yy_buf_size;
+	b->yy_is_interactive = 0;
+	b->yy_at_bol = 1;
+	b->yy_fill_buffer = 0;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	zconf_switch_to_buffer(b  );
+
+	return b;
+}
+
+/** Setup the input buffer state to scan a string. The next call to zconflex() will
+ * scan from a @e copy of @a str.
+ * @param str a NUL-terminated string to scan
+ *
+ * @return the newly allocated buffer state object.
+ * @note If you want to scan bytes that may contain NUL values, then use
+ *       zconf_scan_bytes() instead.
+ */
+YY_BUFFER_STATE zconf_scan_string (yyconst char * str )
+{
+
+	return zconf_scan_bytes(str,strlen(str) );
+}
+
+/** Setup the input buffer state to scan the given bytes. The next call to zconflex() will
+ * scan from a @e copy of @a bytes.
+ * @param bytes the byte buffer to scan
+ * @param len the number of bytes in the buffer pointed to by @a bytes.
+ *
+ * @return the newly allocated buffer state object.
+ */
+YY_BUFFER_STATE zconf_scan_bytes  (yyconst char * bytes, int  len )
+{
+	YY_BUFFER_STATE b;
+	char *buf;
+	yy_size_t n;
+	int i;
+
+	/* Get memory for full buffer, including space for trailing EOB's. */
+	n = len + 2;
+	buf = (char *) zconfalloc(n  );
+	if ( ! buf )
+		YY_FATAL_ERROR( "out of dynamic memory in zconf_scan_bytes()" );
+
+	for ( i = 0; i < len; ++i )
+		buf[i] = bytes[i];
+
+	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+
+	b = zconf_scan_buffer(buf,n );
+	if ( ! b )
+		YY_FATAL_ERROR( "bad buffer in zconf_scan_bytes()" );
+
+	/* It's okay to grow etc. this buffer, and we should throw it
+	 * away when we're done.
+	 */
+	b->yy_is_our_buffer = 1;
+
+	return b;
+}
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+static void yy_fatal_error (yyconst char* msg )
+{
+    	(void) fprintf( stderr, "%s\n", msg );
+	exit( YY_EXIT_FAILURE );
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up zconftext. */ \
+        int yyless_macro_arg = (n); \
+        YY_LESS_LINENO(yyless_macro_arg);\
+		zconftext[zconfleng] = (yy_hold_char); \
+		(yy_c_buf_p) = zconftext + yyless_macro_arg; \
+		(yy_hold_char) = *(yy_c_buf_p); \
+		*(yy_c_buf_p) = '\0'; \
+		zconfleng = yyless_macro_arg; \
+		} \
+	while ( 0 )
+
+/* Accessor  methods (get/set functions) to struct members. */
+
+/** Get the current line number.
+ *
+ */
+int zconfget_lineno  (void)
+{
+
+    return zconflineno;
+}
+
+/** Get the input stream.
+ *
+ */
+FILE *zconfget_in  (void)
+{
+        return zconfin;
+}
+
+/** Get the output stream.
+ *
+ */
+FILE *zconfget_out  (void)
+{
+        return zconfout;
+}
+
+/** Get the length of the current token.
+ *
+ */
+int zconfget_leng  (void)
+{
+        return zconfleng;
+}
+
+/** Get the current token.
+ *
+ */
+
+char *zconfget_text  (void)
+{
+        return zconftext;
+}
+
+/** Set the current line number.
+ * @param line_number
+ *
+ */
+void zconfset_lineno (int  line_number )
+{
+
+    zconflineno = line_number;
+}
+
+/** Set the input stream. This does not discard the current
+ * input buffer.
+ * @param in_str A readable stream.
+ *
+ * @see zconf_switch_to_buffer
+ */
+void zconfset_in (FILE *  in_str )
+{
+        zconfin = in_str ;
+}
+
+void zconfset_out (FILE *  out_str )
+{
+        zconfout = out_str ;
+}
+
+int zconfget_debug  (void)
+{
+        return zconf_flex_debug;
+}
+
+void zconfset_debug (int  bdebug )
+{
+        zconf_flex_debug = bdebug ;
+}
+
+/* zconflex_destroy is for both reentrant and non-reentrant scanners. */
+int zconflex_destroy  (void)
+{
+
+    /* Pop the buffer stack, destroying each element. */
+	while(YY_CURRENT_BUFFER){
+		zconf_delete_buffer(YY_CURRENT_BUFFER  );
+		YY_CURRENT_BUFFER_LVALUE = NULL;
+		zconfpop_buffer_state();
+	}
+
+	/* Destroy the stack itself. */
+	zconffree((yy_buffer_stack) );
+	(yy_buffer_stack) = NULL;
+
+    return 0;
+}
+
+/*
+ * Internal utility routines.
+ */
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy (char* s1, yyconst char * s2, int n )
+{
+	register int i;
+    	for ( i = 0; i < n; ++i )
+		s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen (yyconst char * s )
+{
+	register int n;
+    	for ( n = 0; s[n]; ++n )
+		;
+
+	return n;
+}
+#endif
+
+void *zconfalloc (yy_size_t  size )
+{
+	return (void *) malloc( size );
+}
+
+void *zconfrealloc  (void * ptr, yy_size_t  size )
+{
+	/* The cast to (char *) in the following accommodates both
+	 * implementations that use char* generic pointers, and those
+	 * that use void* generic pointers.  It works with the latter
+	 * because both ANSI C and C++ allow castless assignment from
+	 * any pointer type to void*, and deal with argument conversions
+	 * as though doing an assignment.
+	 */
+	return (void *) realloc( (char *) ptr, size );
+}
+
+void zconffree (void * ptr )
+{
+	free( (char *) ptr );	/* see zconfrealloc() for (char *) cast */
+}
+
+#define YYTABLES_NAME "yytables"
+
+#undef YY_NEW_FILE
+#undef YY_FLUSH_BUFFER
+#undef yy_set_bol
+#undef yy_new_buffer
+#undef yy_set_interactive
+#undef yytext_ptr
+#undef YY_DO_BEFORE_ACTION
+
+#ifdef YY_DECL_IS_OURS
+#undef YY_DECL_IS_OURS
+#undef YY_DECL
+#endif
+
+void zconf_starthelp(void)
+{
+	new_string();
+	last_ts = first_ts = 0;
+	BEGIN(HELP);
+}
+
+static void zconf_endhelp(void)
+{
+	zconflval.string = text;
+	BEGIN(INITIAL);
+}
+
+/*
+ * Try to open specified file with following names:
+ * ./name
+ * $(srctree)/name
+ * The latter is used when srctree is separate from objtree
+ * when compiling the kernel.
+ * Return NULL if file is not found.
+ */
+FILE *zconf_fopen(const char *name)
+{
+	char *env, fullname[PATH_MAX+1];
+	FILE *f;
+
+	f = fopen(name, "r");
+	if (!f && name[0] != '/') {
+		env = getenv(SRCTREE);
+		if (env) {
+			sprintf(fullname, "%s/%s", env, name);
+			f = fopen(fullname, "r");
+		}
+	}
+	return f;
+}
+
+void zconf_initscan(const char *name)
+{
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("can't find file %s\n", name);
+		exit(1);
+	}
+
+	current_buf = malloc(sizeof(*current_buf));
+	memset(current_buf, 0, sizeof(*current_buf));
+
+	current_file = file_lookup(name);
+	current_file->lineno = 1;
+	current_file->flags = FILE_BUSY;
+}
+
+void zconf_nextfile(const char *name)
+{
+	struct file *file = file_lookup(name);
+	struct buffer *buf = malloc(sizeof(*buf));
+	memset(buf, 0, sizeof(*buf));
+
+	current_buf->state = YY_CURRENT_BUFFER;
+	zconfin = zconf_fopen(name);
+	if (!zconfin) {
+		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
+		exit(1);
+	}
+	zconf_switch_to_buffer(zconf_create_buffer(zconfin,YY_BUF_SIZE));
+	buf->parent = current_buf;
+	current_buf = buf;
+
+	if (file->flags & FILE_BUSY) {
+		printf("recursive scan (%s)?\n", name);
+		exit(1);
+	}
+	if (file->flags & FILE_SCANNED) {
+		printf("file %s already scanned?\n", name);
+		exit(1);
+	}
+	file->flags |= FILE_BUSY;
+	file->lineno = 1;
+	file->parent = current_file;
+	current_file = file;
+}
+
+static struct buffer *zconf_endfile(void)
+{
+	struct buffer *parent;
+
+	current_file->flags |= FILE_SCANNED;
+	current_file->flags &= ~FILE_BUSY;
+	current_file = current_file->parent;
+
+	parent = current_buf->parent;
+	if (parent) {
+		fclose(zconfin);
+		zconf_delete_buffer(YY_CURRENT_BUFFER);
+		zconf_switch_to_buffer(parent->state);
+	}
+	free(current_buf);
+	current_buf = parent;
+
+	return parent;
+}
+
+int zconf_lineno(void)
+{
+	if (current_buf)
+		return current_file->lineno - 1;
+	else
+		return 0;
+}
+
+char *zconf_curname(void)
+{
+	if (current_buf)
+		return current_file->name;
+	else
+		return "<none>";
+}
+
diff --git a/config/scripts/config/lkc.h b/config/scripts/config/lkc.h
new file mode 100644
index 0000000000..b8a67fc9d6
--- /dev/null
+++ b/config/scripts/config/lkc.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#ifndef LKC_H
+#define LKC_H
+
+#include "expr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef LKC_DIRECT_LINK
+#define P(name,type,arg)	extern type name arg
+#else
+#include "lkc_defs.h"
+#define P(name,type,arg)	extern type (*name ## _p) arg
+#endif
+#include "lkc_proto.h"
+#undef P
+
+#define SRCTREE "srctree"
+
+int zconfparse(void);
+void zconfdump(FILE *out);
+
+extern int zconfdebug;
+void zconf_starthelp(void);
+FILE *zconf_fopen(const char *name);
+void zconf_initscan(const char *name);
+void zconf_nextfile(const char *name);
+int zconf_lineno(void);
+char *zconf_curname(void);
+
+/* confdata.c */
+extern const char conf_def_filename[];
+extern char conf_filename[];
+
+char *conf_get_default_confname(void);
+
+/* kconfig_load.c */
+void kconfig_load(void);
+
+/* menu.c */
+void menu_init(void);
+void menu_add_menu(void);
+void menu_end_menu(void);
+void menu_add_entry(struct symbol *sym);
+void menu_end_entry(void);
+void menu_add_dep(struct expr *dep);
+struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep);
+void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep);
+void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep);
+void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep);
+void menu_finalize(struct menu *parent);
+void menu_set_type(int type);
+
+/* util.c */
+struct file *file_lookup(const char *name);
+int file_write_dep(const char *name);
+
+struct gstr {
+	size_t len;
+	char  *s;
+};
+struct gstr str_new(void);
+struct gstr str_assign(const char *s);
+void str_free(struct gstr *gs);
+void str_append(struct gstr *gs, const char *s);
+void str_printf(struct gstr *gs, const char *fmt, ...);
+const char *str_get(struct gstr *gs);
+
+/* symbol.c */
+void sym_init(void);
+void sym_clear_all_valid(void);
+void sym_set_changed(struct symbol *sym);
+struct symbol *sym_check_deps(struct symbol *sym);
+struct property *prop_alloc(enum prop_type type, struct symbol *sym);
+struct symbol *prop_get_symbol(struct property *prop);
+
+static inline tristate sym_get_tristate_value(struct symbol *sym)
+{
+	return sym->curr.tri;
+}
+
+
+static inline struct symbol *sym_get_choice_value(struct symbol *sym)
+{
+	return (struct symbol *)sym->curr.val;
+}
+
+static inline bool sym_set_choice_value(struct symbol *ch, struct symbol *chval)
+{
+	return sym_set_tristate_value(chval, yes);
+}
+
+static inline bool sym_is_choice(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_CHOICE ? true : false;
+}
+
+static inline bool sym_is_choice_value(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_CHOICEVAL ? true : false;
+}
+
+static inline bool sym_is_optional(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_OPTIONAL ? true : false;
+}
+
+static inline bool sym_has_value(struct symbol *sym)
+{
+	return sym->flags & SYMBOL_NEW ? false : true;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LKC_H */
diff --git a/config/scripts/config/lkc_proto.h b/config/scripts/config/lkc_proto.h
new file mode 100644
index 0000000000..6dc6d0c48e
--- /dev/null
+++ b/config/scripts/config/lkc_proto.h
@@ -0,0 +1,40 @@
+
+/* confdata.c */
+P(conf_parse,void,(const char *name));
+P(conf_read,int,(const char *name));
+P(conf_write,int,(const char *name));
+
+/* menu.c */
+P(rootmenu,struct menu,);
+
+P(menu_is_visible,bool,(struct menu *menu));
+P(menu_get_prompt,const char *,(struct menu *menu));
+P(menu_get_root_menu,struct menu *,(struct menu *menu));
+P(menu_get_parent_menu,struct menu *,(struct menu *menu));
+
+/* symbol.c */
+P(symbol_hash,struct symbol *,[SYMBOL_HASHSIZE]);
+P(sym_change_count,int,);
+
+P(sym_lookup,struct symbol *,(const char *name, int isconst));
+P(sym_find,struct symbol *,(const char *name));
+P(sym_re_search,struct symbol **,(const char *pattern));
+P(sym_type_name,const char *,(enum symbol_type type));
+P(sym_calc_value,void,(struct symbol *sym));
+P(sym_get_type,enum symbol_type,(struct symbol *sym));
+P(sym_tristate_within_range,bool,(struct symbol *sym,tristate tri));
+P(sym_set_tristate_value,bool,(struct symbol *sym,tristate tri));
+P(sym_toggle_tristate_value,tristate,(struct symbol *sym));
+P(sym_string_valid,bool,(struct symbol *sym, const char *newval));
+P(sym_string_within_range,bool,(struct symbol *sym, const char *str));
+P(sym_set_string_value,bool,(struct symbol *sym, const char *newval));
+P(sym_is_changable,bool,(struct symbol *sym));
+P(sym_get_choice_prop,struct property *,(struct symbol *sym));
+P(sym_get_default_prop,struct property *,(struct symbol *sym));
+P(sym_get_string_value,const char *,(struct symbol *sym));
+
+P(prop_get_type_name,const char *,(enum prop_type type));
+
+/* expr.c */
+P(expr_compare_type,int,(enum expr_type t1, enum expr_type t2));
+P(expr_print,void,(struct expr *e, void (*fn)(void *, const char *), void *data, int prevtoken));
diff --git a/config/scripts/config/lxdialog/BIG.FAT.WARNING b/config/scripts/config/lxdialog/BIG.FAT.WARNING
new file mode 100644
index 0000000000..a8999d82bd
--- /dev/null
+++ b/config/scripts/config/lxdialog/BIG.FAT.WARNING
@@ -0,0 +1,4 @@
+This is NOT the official version of dialog.  This version has been
+significantly modified from the original.  It is for use by the Linux
+kernel configuration script.  Please do not bother Savio Lam with 
+questions about this program.
diff --git a/config/scripts/config/lxdialog/checklist.c b/config/scripts/config/lxdialog/checklist.c
new file mode 100644
index 0000000000..71de4a191d
--- /dev/null
+++ b/config/scripts/config/lxdialog/checklist.c
@@ -0,0 +1,372 @@
+/*
+ *  checklist.c -- implements the checklist box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *     Stuart Herbert - S.Herbert@sheffield.ac.uk: radiolist extension
+ *     Alessandro Rubini - rubini@ipvvis.unipv.it: merged the two
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+static int list_width, check_x, item_x, checkflag;
+
+/*
+ * Print list item
+ */
+static void
+print_item (WINDOW * win, const char *item, int status,
+	    int choice, int selected)
+{
+    int i;
+
+    /* Clear 'residue' of last item */
+    wattrset (win, menubox_attr);
+    wmove (win, choice, 0);
+    for (i = 0; i < list_width; i++)
+	waddch (win, ' ');
+
+    wmove (win, choice, check_x);
+    wattrset (win, selected ? check_selected_attr : check_attr);
+    if (checkflag == FLAG_CHECK)
+	wprintw (win, "[%c]", status ? 'X' : ' ');
+    else
+	wprintw (win, "(%c)", status ? 'X' : ' ');
+
+    wattrset (win, selected ? tag_selected_attr : tag_attr);
+    mvwaddch(win, choice, item_x, item[0]);
+    wattrset (win, selected ? item_selected_attr : item_attr);
+    waddstr (win, (char *)item+1);
+    if (selected) {
+    	wmove (win, choice, check_x+1);
+    	wrefresh (win);
+    }
+}
+
+/*
+ * Print the scroll indicators.
+ */
+static void
+print_arrows (WINDOW * win, int choice, int item_no, int scroll,
+		int y, int x, int height)
+{
+    wmove(win, y, x);
+
+    if (scroll > 0) {
+	wattrset (win, uarrow_attr);
+	waddch (win, ACS_UARROW);
+	waddstr (win, "(-)");
+    }
+    else {
+	wattrset (win, menubox_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+    }
+
+   y = y + height + 1;
+   wmove(win, y, x);
+
+   if ((height < item_no) && (scroll + choice < item_no - 1)) {
+	wattrset (win, darrow_attr);
+	waddch (win, ACS_DARROW);
+	waddstr (win, "(+)");
+    }
+    else {
+	wattrset (win, menubox_border_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+   }
+}
+
+/*
+ *  Display the termination buttons
+ */
+static void
+print_buttons( WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 11;
+    int y = height - 2;
+
+    print_button (dialog, "Select", y, x, selected == 0);
+    print_button (dialog, " Help ", y, x + 14, selected == 1);
+
+    wmove(dialog, y, x+1 + 14*selected);
+    wrefresh (dialog);
+}
+
+/*
+ * Display a dialog box with a list of options that can be turned on or off
+ * The `flag' parameter is used to select between radiolist and checklist.
+ */
+int
+dialog_checklist (const char *title, const char *prompt, int height, int width,
+	int list_height, int item_no, struct dialog_list_item ** items,
+	int flag)
+	
+{
+    int i, x, y, box_x, box_y;
+    int key = 0, button = 0, choice = 0, scroll = 0, max_choice, *status;
+    WINDOW *dialog, *list;
+
+    checkflag = flag;
+
+    /* Allocate space for storing item on/off status */
+    if ((status = malloc (sizeof (int) * item_no)) == NULL) {
+	endwin ();
+	fprintf (stderr,
+		 "\nCan't allocate memory in dialog_checklist().\n");
+	exit (-1);
+    }
+
+    /* Initializes status */
+    for (i = 0; i < item_no; i++) {
+	status[i] = (items[i]->selected == 1); /* ON */
+	if ((!choice && status[i]) || items[i]->selected == 2) /* SELECTED */
+            choice = i + 1;
+    }
+    if (choice)
+	    choice--;
+
+    max_choice = MIN (list_height, item_no);
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    list_width = width - 6;
+    box_y = height - list_height - 5;
+    box_x = (width - list_width) / 2 - 1;
+
+    /* create new window for the list */
+    list = subwin (dialog, list_height, list_width, y+box_y+1, x+box_x+1);
+
+    keypad (list, TRUE);
+
+    /* draw a box around the list items */
+    draw_box (dialog, box_y, box_x, list_height + 2, list_width + 2,
+	      menubox_border_attr, menubox_attr);
+
+    /* Find length of longest item in order to center checklist */
+    check_x = 0;
+    for (i = 0; i < item_no; i++) 
+	check_x = MAX (check_x, + strlen (items[i]->name) + 4);
+
+    check_x = (list_width - check_x) / 2;
+    item_x = check_x + 4;
+
+    if (choice >= list_height) {
+	scroll = choice - list_height + 1;
+	choice -= scroll;
+    }
+
+    /* Print the list */
+    for (i = 0; i < max_choice; i++) {
+	print_item (list, items[scroll + i]->name,
+		    status[i+scroll], i, i == choice);
+    }
+
+    print_arrows(dialog, choice, item_no, scroll,
+			box_y, box_x + check_x + 5, list_height);
+
+    print_buttons(dialog, height, width, 0);
+
+    wnoutrefresh (list);
+    wnoutrefresh (dialog);
+    doupdate ();
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+
+    	for (i = 0; i < max_choice; i++)
+            if (toupper(key) == toupper(items[scroll + i]->name[0]))
+                break;
+
+
+	if ( i < max_choice || key == KEY_UP || key == KEY_DOWN || 
+	    key == '+' || key == '-' ) {
+	    if (key == KEY_UP || key == '-') {
+		if (!choice) {
+		    if (!scroll)
+			continue;
+		    /* Scroll list down */
+		    if (list_height > 1) {
+			/* De-highlight current first item */
+			print_item (list, items[scroll]->name,
+					status[scroll], 0, FALSE);
+			scrollok (list, TRUE);
+			wscrl (list, -1);
+			scrollok (list, FALSE);
+		    }
+		    scroll--;
+		    print_item (list, items[scroll]->name,
+				status[scroll], 0, TRUE);
+		    wnoutrefresh (list);
+
+    		    print_arrows(dialog, choice, item_no, scroll,
+				box_y, box_x + check_x + 5, list_height);
+
+		    wrefresh (dialog);
+
+		    continue;	/* wait for another key press */
+		} else
+		    i = choice - 1;
+	    } else if (key == KEY_DOWN || key == '+') {
+		if (choice == max_choice - 1) {
+		    if (scroll + choice >= item_no - 1)
+			continue;
+		    /* Scroll list up */
+		    if (list_height > 1) {
+			/* De-highlight current last item before scrolling up */
+			print_item (list, items[scroll + max_choice - 1]->name,
+				    status[scroll + max_choice - 1],
+				    max_choice - 1, FALSE);
+			scrollok (list, TRUE);
+			scroll (list);
+			scrollok (list, FALSE);
+		    }
+		    scroll++;
+		    print_item (list, items[scroll + max_choice - 1]->name,
+				status[scroll + max_choice - 1],
+				max_choice - 1, TRUE);
+		    wnoutrefresh (list);
+
+    		    print_arrows(dialog, choice, item_no, scroll,
+				box_y, box_x + check_x + 5, list_height);
+
+		    wrefresh (dialog);
+
+		    continue;	/* wait for another key press */
+		} else
+		    i = choice + 1;
+	    }
+	    if (i != choice) {
+		/* De-highlight current item */
+		print_item (list, items[scroll + choice]->name,
+			    status[scroll + choice], choice, FALSE);
+		/* Highlight new item */
+		choice = i;
+		print_item (list, items[scroll + choice]->name,
+			    status[scroll + choice], choice, TRUE);
+		wnoutrefresh (list);
+		wrefresh (dialog);
+	    }
+	    continue;		/* wait for another key press */
+	}
+	switch (key) {
+	case 'H':
+	case 'h':
+	case '?':
+	    for (i = 0; i < item_no; i++)
+		items[i]->selected = 0;
+	    items[scroll + choice]->selected = 1;
+	    delwin (dialog);
+	    free (status);
+	    return 1;
+	case TAB:
+	case KEY_LEFT:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 1 : (button > 1 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (dialog);
+	    break;
+	case 'S':
+	case 's':
+	case ' ':
+	case '\n':
+	    if (!button) {
+		if (flag == FLAG_CHECK) {
+		    status[scroll + choice] = !status[scroll + choice];
+		    wmove (list, choice, check_x);
+		    wattrset (list, check_selected_attr);
+		    wprintw (list, "[%c]", status[scroll + choice] ? 'X' : ' ');
+		} else {
+		    if (!status[scroll + choice]) {
+			for (i = 0; i < item_no; i++)
+			    status[i] = 0;
+			status[scroll + choice] = 1;
+			for (i = 0; i < max_choice; i++)
+			    print_item (list, items[scroll + i]->name,
+					status[scroll + i], i, i == choice);
+		    }
+		}
+		wnoutrefresh (list);
+		wrefresh (dialog);
+            
+		for (i = 0; i < item_no; i++) {
+			items[i]->selected = status[i];
+		}
+            } else {
+		    for (i = 0; i < item_no; i++)
+			    items[i]->selected = 0;
+		    items[scroll + choice]->selected = 1;
+	    }
+	    delwin (dialog);
+	    free (status);
+	    return button;
+	case 'X':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+
+	/* Now, update everything... */
+	doupdate ();
+    }
+    
+
+    delwin (dialog);
+    free (status);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/colors.h b/config/scripts/config/lxdialog/colors.h
new file mode 100644
index 0000000000..d34dd37c6f
--- /dev/null
+++ b/config/scripts/config/lxdialog/colors.h
@@ -0,0 +1,161 @@
+/*
+ *  colors.h -- color attribute definitions
+ *
+ *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+/*
+ *   Default color definitions
+ *
+ *   *_FG = foreground
+ *   *_BG = background
+ *   *_HL = highlight?
+ */
+#define SCREEN_FG                    COLOR_CYAN
+#define SCREEN_BG                    COLOR_BLUE
+#define SCREEN_HL                    TRUE
+
+#define SHADOW_FG                    COLOR_BLACK
+#define SHADOW_BG                    COLOR_BLACK
+#define SHADOW_HL                    TRUE
+
+#define DIALOG_FG                    COLOR_BLACK
+#define DIALOG_BG                    COLOR_WHITE
+#define DIALOG_HL                    FALSE
+
+#define TITLE_FG                     COLOR_YELLOW
+#define TITLE_BG                     COLOR_WHITE
+#define TITLE_HL                     TRUE
+
+#define BORDER_FG                    COLOR_WHITE
+#define BORDER_BG                    COLOR_WHITE
+#define BORDER_HL                    TRUE
+
+#define BUTTON_ACTIVE_FG             COLOR_WHITE
+#define BUTTON_ACTIVE_BG             COLOR_BLUE
+#define BUTTON_ACTIVE_HL             TRUE
+
+#define BUTTON_INACTIVE_FG           COLOR_BLACK
+#define BUTTON_INACTIVE_BG           COLOR_WHITE
+#define BUTTON_INACTIVE_HL           FALSE
+
+#define BUTTON_KEY_ACTIVE_FG         COLOR_WHITE
+#define BUTTON_KEY_ACTIVE_BG         COLOR_BLUE
+#define BUTTON_KEY_ACTIVE_HL         TRUE
+
+#define BUTTON_KEY_INACTIVE_FG       COLOR_RED
+#define BUTTON_KEY_INACTIVE_BG       COLOR_WHITE
+#define BUTTON_KEY_INACTIVE_HL       FALSE
+
+#define BUTTON_LABEL_ACTIVE_FG       COLOR_YELLOW
+#define BUTTON_LABEL_ACTIVE_BG       COLOR_BLUE
+#define BUTTON_LABEL_ACTIVE_HL       TRUE
+
+#define BUTTON_LABEL_INACTIVE_FG     COLOR_BLACK
+#define BUTTON_LABEL_INACTIVE_BG     COLOR_WHITE
+#define BUTTON_LABEL_INACTIVE_HL     TRUE
+
+#define INPUTBOX_FG                  COLOR_BLACK
+#define INPUTBOX_BG                  COLOR_WHITE
+#define INPUTBOX_HL                  FALSE
+
+#define INPUTBOX_BORDER_FG           COLOR_BLACK
+#define INPUTBOX_BORDER_BG           COLOR_WHITE
+#define INPUTBOX_BORDER_HL           FALSE
+
+#define SEARCHBOX_FG                 COLOR_BLACK
+#define SEARCHBOX_BG                 COLOR_WHITE
+#define SEARCHBOX_HL                 FALSE
+
+#define SEARCHBOX_TITLE_FG           COLOR_YELLOW
+#define SEARCHBOX_TITLE_BG           COLOR_WHITE
+#define SEARCHBOX_TITLE_HL           TRUE
+
+#define SEARCHBOX_BORDER_FG          COLOR_WHITE
+#define SEARCHBOX_BORDER_BG          COLOR_WHITE
+#define SEARCHBOX_BORDER_HL          TRUE
+
+#define POSITION_INDICATOR_FG        COLOR_YELLOW
+#define POSITION_INDICATOR_BG        COLOR_WHITE
+#define POSITION_INDICATOR_HL        TRUE
+
+#define MENUBOX_FG                   COLOR_BLACK
+#define MENUBOX_BG                   COLOR_WHITE
+#define MENUBOX_HL                   FALSE
+
+#define MENUBOX_BORDER_FG            COLOR_WHITE
+#define MENUBOX_BORDER_BG            COLOR_WHITE
+#define MENUBOX_BORDER_HL            TRUE
+
+#define ITEM_FG                      COLOR_BLACK
+#define ITEM_BG                      COLOR_WHITE
+#define ITEM_HL                      FALSE
+
+#define ITEM_SELECTED_FG             COLOR_WHITE
+#define ITEM_SELECTED_BG             COLOR_BLUE
+#define ITEM_SELECTED_HL             TRUE
+
+#define TAG_FG                       COLOR_YELLOW
+#define TAG_BG                       COLOR_WHITE
+#define TAG_HL                       TRUE
+
+#define TAG_SELECTED_FG              COLOR_YELLOW
+#define TAG_SELECTED_BG              COLOR_BLUE
+#define TAG_SELECTED_HL              TRUE
+
+#define TAG_KEY_FG                   COLOR_YELLOW
+#define TAG_KEY_BG                   COLOR_WHITE
+#define TAG_KEY_HL                   TRUE
+
+#define TAG_KEY_SELECTED_FG          COLOR_YELLOW
+#define TAG_KEY_SELECTED_BG          COLOR_BLUE
+#define TAG_KEY_SELECTED_HL          TRUE
+
+#define CHECK_FG                     COLOR_BLACK
+#define CHECK_BG                     COLOR_WHITE
+#define CHECK_HL                     FALSE
+
+#define CHECK_SELECTED_FG            COLOR_WHITE
+#define CHECK_SELECTED_BG            COLOR_BLUE
+#define CHECK_SELECTED_HL            TRUE
+
+#define UARROW_FG                    COLOR_GREEN
+#define UARROW_BG                    COLOR_WHITE
+#define UARROW_HL                    TRUE
+
+#define DARROW_FG                    COLOR_GREEN
+#define DARROW_BG                    COLOR_WHITE
+#define DARROW_HL                    TRUE
+
+/* End of default color definitions */
+
+#define C_ATTR(x,y)                  ((x ? A_BOLD : 0) | COLOR_PAIR((y)))
+#define COLOR_NAME_LEN               10
+#define COLOR_COUNT                  8
+
+/*
+ * Global variables
+ */
+
+typedef struct {
+    char name[COLOR_NAME_LEN];
+    int value;
+} color_names_st;
+
+extern color_names_st color_names[];
+extern int color_table[][3];
diff --git a/config/scripts/config/lxdialog/dialog.h b/config/scripts/config/lxdialog/dialog.h
new file mode 100644
index 0000000000..7bab3ad0e1
--- /dev/null
+++ b/config/scripts/config/lxdialog/dialog.h
@@ -0,0 +1,199 @@
+
+/*
+ *  dialog.h -- common declarations for all dialog modules
+ *
+ *  AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef CURSES_LOC
+#ifdef __sun__
+#define CURS_MACROS
+#endif
+#include CURSES_LOC
+
+/*
+ * Colors in ncurses 1.9.9e do not work properly since foreground and
+ * background colors are OR'd rather than separately masked.  This version
+ * of dialog was hacked to work with ncurses 1.9.9e, making it incompatible
+ * with standard curses.  The simplest fix (to make this work with standard
+ * curses) uses the wbkgdset() function, not used in the original hack.
+ * Turn it off if we're building with 1.9.9e, since it just confuses things.
+ */
+#if defined(NCURSES_VERSION) && defined(_NEED_WRAP) && !defined(GCC_PRINTFLIKE)
+#define OLD_NCURSES 1
+#undef  wbkgdset
+#define wbkgdset(w,p) /*nothing*/
+#else
+#define OLD_NCURSES 0
+#endif
+
+#define TR(params) _tracef params
+
+#define ESC 27
+#define TAB 9
+#define MAX_LEN 2048
+#define BUF_SIZE (10*1024)
+#define MIN(x,y) (x < y ? x : y)
+#define MAX(x,y) (x > y ? x : y)
+
+
+#ifndef ACS_ULCORNER
+#define ACS_ULCORNER '+'
+#endif
+#ifndef ACS_LLCORNER
+#define ACS_LLCORNER '+'
+#endif
+#ifndef ACS_URCORNER
+#define ACS_URCORNER '+'
+#endif
+#ifndef ACS_LRCORNER
+#define ACS_LRCORNER '+'
+#endif
+#ifndef ACS_HLINE
+#define ACS_HLINE '-'
+#endif
+#ifndef ACS_VLINE
+#define ACS_VLINE '|'
+#endif
+#ifndef ACS_LTEE
+#define ACS_LTEE '+'
+#endif
+#ifndef ACS_RTEE
+#define ACS_RTEE '+'
+#endif
+#ifndef ACS_UARROW
+#define ACS_UARROW '^'
+#endif
+#ifndef ACS_DARROW
+#define ACS_DARROW 'v'
+#endif
+
+/* 
+ * Attribute names
+ */
+#define screen_attr                   attributes[0]
+#define shadow_attr                   attributes[1]
+#define dialog_attr                   attributes[2]
+#define title_attr                    attributes[3]
+#define border_attr                   attributes[4]
+#define button_active_attr            attributes[5]
+#define button_inactive_attr          attributes[6]
+#define button_key_active_attr        attributes[7]
+#define button_key_inactive_attr      attributes[8]
+#define button_label_active_attr      attributes[9]
+#define button_label_inactive_attr    attributes[10]
+#define inputbox_attr                 attributes[11]
+#define inputbox_border_attr          attributes[12]
+#define searchbox_attr                attributes[13]
+#define searchbox_title_attr          attributes[14]
+#define searchbox_border_attr         attributes[15]
+#define position_indicator_attr       attributes[16]
+#define menubox_attr                  attributes[17]
+#define menubox_border_attr           attributes[18]
+#define item_attr                     attributes[19]
+#define item_selected_attr            attributes[20]
+#define tag_attr                      attributes[21]
+#define tag_selected_attr             attributes[22]
+#define tag_key_attr                  attributes[23]
+#define tag_key_selected_attr         attributes[24]
+#define check_attr                    attributes[25]
+#define check_selected_attr           attributes[26]
+#define uarrow_attr                   attributes[27]
+#define darrow_attr                   attributes[28]
+
+/* number of attributes */
+#define ATTRIBUTE_COUNT               29
+
+/*
+ * Global variables
+ */
+extern bool use_colors;
+
+extern chtype attributes[];
+#endif
+
+extern const char *backtitle;
+
+struct dialog_list_item {
+	char *name;
+	int namelen;
+	char *tag;
+	int selected; /* Set to 1 by dialog_*() function. */
+};
+
+/*
+ * Function prototypes
+ */
+
+void init_dialog (void);
+void end_dialog (void);
+void dialog_clear (void);
+#ifdef CURSES_LOC
+void attr_clear (WINDOW * win, int height, int width, chtype attr);
+void color_setup (void);
+void print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x);
+void print_button (WINDOW * win, const char *label, int y, int x, int selected);
+void draw_box (WINDOW * win, int y, int x, int height, int width, chtype box,
+		chtype border);
+void draw_shadow (WINDOW * win, int y, int x, int height, int width);
+#endif
+
+int first_alpha (const char *string, const char *exempt);
+int dialog_yesno (const char *title, const char *prompt, int height, int width);
+int dialog_msgbox (const char *title, const char *prompt, int height,
+		int width, int pause);
+int dialog_textbox (const char *title, const char *file, int height, int width);
+int dialog_menu (const char *title, const char *prompt, int height, int width,
+		int menu_height, const char *choice, int item_no, 
+		struct dialog_list_item ** items);
+int dialog_checklist (const char *title, const char *prompt, int height,
+		int width, int list_height, int item_no,
+		struct dialog_list_item ** items, int flag);
+extern unsigned char dialog_input_result[];
+int dialog_inputbox (const char *title, const char *prompt, int height,
+		int width, const char *init);
+
+struct dialog_list_item *first_sel_item(int item_no,
+		struct dialog_list_item ** items);
+
+/*
+ * This is the base for fictitious keys, which activate
+ * the buttons.
+ *
+ * Mouse-generated keys are the following:
+ *   -- the first 32 are used as numbers, in addition to '0'-'9'
+ *   -- the lowercase are used to signal mouse-enter events (M_EVENT + 'o')
+ *   -- uppercase chars are used to invoke the button (M_EVENT + 'O')
+ */
+#ifdef CURSES_LOC
+#define M_EVENT (KEY_MAX+1)
+#endif
+
+
+/*
+ * The `flag' parameter in checklist is used to select between
+ * radiolist and checklist
+ */
+#define FLAG_CHECK 1
+#define FLAG_RADIO 0
diff --git a/config/scripts/config/lxdialog/inputbox.c b/config/scripts/config/lxdialog/inputbox.c
new file mode 100644
index 0000000000..fa7bebc693
--- /dev/null
+++ b/config/scripts/config/lxdialog/inputbox.c
@@ -0,0 +1,240 @@
+/*
+ *  inputbox.c -- implements the input box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+unsigned char dialog_input_result[MAX_LEN + 1];
+
+/*
+ *  Print the termination buttons
+ */
+static void
+print_buttons(WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 11;
+    int y = height - 2;
+
+    print_button (dialog, "  Ok  ", y, x, selected==0);
+    print_button (dialog, " Help ", y, x + 14, selected==1);
+
+    wmove(dialog, y, x+1+14*selected);
+    wrefresh(dialog);
+}
+
+/*
+ * Display a dialog box for inputing a string
+ */
+int
+dialog_inputbox (const char *title, const char *prompt, int height, int width,
+		 const char *init)
+{
+    int i, x, y, box_y, box_x, box_width;
+    int input_x = 0, scroll = 0, key = 0, button = -1;
+    unsigned char *instr = dialog_input_result;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    /* Draw the input field box */
+    box_width = width - 6;
+    getyx (dialog, y, x);
+    box_y = y + 2;
+    box_x = (width - box_width) / 2;
+    draw_box (dialog, y + 1, box_x - 1, 3, box_width + 2,
+	      border_attr, dialog_attr);
+
+    print_buttons(dialog, height, width, 0);
+
+    /* Set up the initial value */
+    wmove (dialog, box_y, box_x);
+    wattrset (dialog, inputbox_attr);
+
+    if (!init)
+	instr[0] = '\0';
+    else
+	strcpy (instr, init);
+
+    input_x = strlen (instr);
+
+    if (input_x >= box_width) {
+	scroll = input_x - box_width + 1;
+	input_x = box_width - 1;
+	for (i = 0; i < box_width - 1; i++)
+	    waddch (dialog, instr[scroll + i]);
+    } else
+	waddstr (dialog, instr);
+
+    wmove (dialog, box_y, box_x + input_x);
+
+    wrefresh (dialog);
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+
+	if (button == -1) {	/* Input box selected */
+	    switch (key) {
+	    case TAB:
+	    case KEY_UP:
+	    case KEY_DOWN:
+		break;
+	    case KEY_LEFT:
+		continue;
+	    case KEY_RIGHT:
+		continue;
+	    case KEY_BACKSPACE:
+	    case 127:
+		if (input_x || scroll) {
+		    wattrset (dialog, inputbox_attr);
+		    if (!input_x) {
+			scroll = scroll < box_width - 1 ?
+			    0 : scroll - (box_width - 1);
+			wmove (dialog, box_y, box_x);
+			for (i = 0; i < box_width; i++)
+			    waddch (dialog, instr[scroll + input_x + i] ?
+				    instr[scroll + input_x + i] : ' ');
+			input_x = strlen (instr) - scroll;
+		    } else
+			input_x--;
+		    instr[scroll + input_x] = '\0';
+		    mvwaddch (dialog, box_y, input_x + box_x, ' ');
+		    wmove (dialog, box_y, input_x + box_x);
+		    wrefresh (dialog);
+		}
+		continue;
+	    default:
+		if (key < 0x100 && isprint (key)) {
+		    if (scroll + input_x < MAX_LEN) {
+			wattrset (dialog, inputbox_attr);
+			instr[scroll + input_x] = key;
+			instr[scroll + input_x + 1] = '\0';
+			if (input_x == box_width - 1) {
+			    scroll++;
+			    wmove (dialog, box_y, box_x);
+			    for (i = 0; i < box_width - 1; i++)
+				waddch (dialog, instr[scroll + i]);
+			} else {
+			    wmove (dialog, box_y, input_x++ + box_x);
+			    waddch (dialog, key);
+			}
+			wrefresh (dialog);
+		    } else
+			flash ();	/* Alarm user about overflow */
+		    continue;
+		}
+	    }
+	}
+	switch (key) {
+	case 'O':
+	case 'o':
+	    delwin (dialog);
+	    return 0;
+	case 'H':
+	case 'h':
+	    delwin (dialog);
+	    return 1;
+	case KEY_UP:
+	case KEY_LEFT:
+	    switch (button) {
+	    case -1:
+		button = 1;	/* Indicates "Cancel" button is selected */
+		print_buttons(dialog, height, width, 1);
+		break;
+	    case 0:
+		button = -1;	/* Indicates input box is selected */
+		print_buttons(dialog, height, width, 0);
+		wmove (dialog, box_y, box_x + input_x);
+		wrefresh (dialog);
+		break;
+	    case 1:
+		button = 0;	/* Indicates "OK" button is selected */
+		print_buttons(dialog, height, width, 0);
+		break;
+	    }
+	    break;
+	case TAB:
+	case KEY_DOWN:
+	case KEY_RIGHT:
+	    switch (button) {
+	    case -1:
+		button = 0;	/* Indicates "OK" button is selected */
+		print_buttons(dialog, height, width, 0);
+		break;
+	    case 0:
+		button = 1;	/* Indicates "Cancel" button is selected */
+		print_buttons(dialog, height, width, 1);
+		break;
+	    case 1:
+		button = -1;	/* Indicates input box is selected */
+		print_buttons(dialog, height, width, 0);
+		wmove (dialog, box_y, box_x + input_x);
+		wrefresh (dialog);
+		break;
+	    }
+	    break;
+	case ' ':
+	case '\n':
+	    delwin (dialog);
+	    return (button == -1 ? 0 : button);
+	case 'X':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/menubox.c b/config/scripts/config/lxdialog/menubox.c
new file mode 100644
index 0000000000..873dc587b8
--- /dev/null
+++ b/config/scripts/config/lxdialog/menubox.c
@@ -0,0 +1,438 @@
+/*
+ *  menubox.c -- implements the menu box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/*
+ *  Changes by Clifford Wolf (god@clifford.at)
+ *
+ *  [ 1998-06-13 ]
+ *
+ *    *)  A bugfix for the Page-Down problem
+ *
+ *    *)  Formerly when I used Page Down and Page Up, the cursor would be set 
+ *        to the first position in the menu box.  Now lxdialog is a bit
+ *        smarter and works more like other menu systems (just have a look at
+ *        it).
+ *
+ *    *)  Formerly if I selected something my scrolling would be broken because
+ *        lxdialog is re-invoked by the Menuconfig shell script, can't
+ *        remember the last scrolling position, and just sets it so that the
+ *        cursor is at the bottom of the box.  Now it writes the temporary file
+ *        lxdialog.scrltmp which contains this information. The file is
+ *        deleted by lxdialog if the user leaves a submenu or enters a new
+ *        one, but it would be nice if Menuconfig could make another "rm -f"
+ *        just to be sure.  Just try it out - you will recognise a difference!
+ *
+ *  [ 1998-06-14 ]
+ *
+ *    *)  Now lxdialog is crash-safe against broken "lxdialog.scrltmp" files
+ *        and menus change their size on the fly.
+ *
+ *    *)  If for some reason the last scrolling position is not saved by
+ *        lxdialog, it sets the scrolling so that the selected item is in the
+ *        middle of the menu box, not at the bottom.
+ *
+ * 02 January 1999, Michael Elizabeth Chastain (mec@shout.net)
+ * Reset 'scroll' to 0 if the value from lxdialog.scrltmp is bogus.
+ * This fixes a bug in Menuconfig where using ' ' to descend into menus
+ * would leave mis-synchronized lxdialog.scrltmp files lying around,
+ * fscanf would read in 'scroll', and eventually that value would get used.
+ */
+
+#include "dialog.h"
+
+static int menu_width, item_x;
+
+/*
+ * Print menu item
+ */
+static void
+print_item (WINDOW * win, const char *item, int choice, int selected, int hotkey)
+{
+    int j;
+    char menu_item[menu_width+1];
+
+    strncpy(menu_item, item, menu_width);
+    menu_item[menu_width] = 0;
+    j = first_alpha(menu_item, "YyNnMmHh");
+
+    /* Clear 'residue' of last item */
+    wattrset (win, menubox_attr);
+    wmove (win, choice, 0);
+#if OLD_NCURSES
+    {
+        int i;
+        for (i = 0; i < menu_width; i++)
+	    waddch (win, ' ');
+    }
+#else
+    wclrtoeol(win);
+#endif
+    wattrset (win, selected ? item_selected_attr : item_attr);
+    mvwaddstr (win, choice, item_x, menu_item);
+    if (hotkey) {
+    	wattrset (win, selected ? tag_key_selected_attr : tag_key_attr);
+    	mvwaddch(win, choice, item_x+j, menu_item[j]);
+    }
+    if (selected) {
+	wmove (win, choice, item_x+1);
+	wrefresh (win);
+    }
+}
+
+/*
+ * Print the scroll indicators.
+ */
+static void
+print_arrows (WINDOW * win, int item_no, int scroll,
+		int y, int x, int height)
+{
+    int cur_y, cur_x;
+
+    getyx(win, cur_y, cur_x);
+
+    wmove(win, y, x);
+
+    if (scroll > 0) {
+	wattrset (win, uarrow_attr);
+	waddch (win, ACS_UARROW);
+	waddstr (win, "(-)");
+    }
+    else {
+	wattrset (win, menubox_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+    }
+
+   y = y + height + 1;
+   wmove(win, y, x);
+
+   if ((height < item_no) && (scroll + height < item_no)) {
+	wattrset (win, darrow_attr);
+	waddch (win, ACS_DARROW);
+	waddstr (win, "(+)");
+    }
+    else {
+	wattrset (win, menubox_border_attr);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+	waddch (win, ACS_HLINE);
+   }
+
+   wmove(win, cur_y, cur_x);
+}
+
+/*
+ * Display the termination buttons.
+ */
+static void
+print_buttons (WINDOW *win, int height, int width, int selected)
+{
+    int x = width / 2 - 16;
+    int y = height - 2;
+
+    print_button (win, "Select", y, x, selected == 0);
+    print_button (win, " Exit ", y, x + 12, selected == 1);
+    print_button (win, " Help ", y, x + 24, selected == 2);
+
+    wmove(win, y, x+1+12*selected);
+    wrefresh (win);
+}
+
+/*
+ * Display a menu for choosing among a number of options
+ */
+int
+dialog_menu (const char *title, const char *prompt, int height, int width,
+		int menu_height, const char *current, int item_no,
+		struct dialog_list_item ** items)
+{
+    int i, j, x, y, box_x, box_y;
+    int key = 0, button = 0, scroll = 0, choice = 0, first_item = 0, max_choice;
+    WINDOW *dialog, *menu;
+    FILE *f;
+
+    max_choice = MIN (menu_height, item_no);
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height - 3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    wbkgdset (dialog, dialog_attr & A_COLOR);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    menu_width = width - 6;
+    box_y = height - menu_height - 5;
+    box_x = (width - menu_width) / 2 - 1;
+
+    /* create new window for the menu */
+    menu = subwin (dialog, menu_height, menu_width,
+		y + box_y + 1, x + box_x + 1);
+    keypad (menu, TRUE);
+
+    /* draw a box around the menu items */
+    draw_box (dialog, box_y, box_x, menu_height + 2, menu_width + 2,
+	      menubox_border_attr, menubox_attr);
+
+    /*
+     * Find length of longest item in order to center menu.
+     * Set 'choice' to default item. 
+     */
+    item_x = 0;
+    for (i = 0; i < item_no; i++) {
+	item_x = MAX (item_x, MIN(menu_width, strlen (items[i]->name) + 2));
+	if (strcmp(current, items[i]->tag) == 0) choice = i;
+    }
+
+    item_x = (menu_width - item_x) / 2;
+
+    /* get the scroll info from the temp file */
+    if ( (f=fopen("lxdialog.scrltmp","r")) != NULL ) {
+	if ( (fscanf(f,"%d\n",&scroll) == 1) && (scroll <= choice) &&
+	     (scroll+max_choice > choice) && (scroll >= 0) &&
+	     (scroll+max_choice <= item_no) ) {
+	    first_item = scroll;
+	    choice = choice - scroll;
+	    fclose(f);
+	} else {
+	    scroll=0;
+	    remove("lxdialog.scrltmp");
+	    fclose(f);
+	    f=NULL;
+	}
+    }
+    if ( (choice >= max_choice) || (f==NULL && choice >= max_choice/2) ) {
+	if (choice >= item_no-max_choice/2)
+	    scroll = first_item = item_no-max_choice;
+	else
+	    scroll = first_item = choice - max_choice/2;
+	choice = choice - scroll;
+    }
+
+    /* Print the menu */
+    for (i=0; i < max_choice; i++) {
+	print_item (menu, items[first_item + i]->name, i, i == choice,
+                    (items[first_item + i]->tag[0] != ':'));
+    }
+
+    wnoutrefresh (menu);
+
+    print_arrows(dialog, item_no, scroll,
+		 box_y, box_x+item_x+1, menu_height);
+
+    print_buttons (dialog, height, width, 0);
+    wmove (menu, choice, item_x+1);
+    wrefresh (menu);
+
+    while (key != ESC) {
+	key = wgetch(menu);
+
+	if (key < 256 && isalpha(key)) key = tolower(key);
+
+	if (strchr("ynmh", key))
+		i = max_choice;
+	else {
+        for (i = choice+1; i < max_choice; i++) {
+		j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
+		if (key == tolower(items[scroll + i]->name[j]))
+                	break;
+	}
+	if (i == max_choice)
+       		for (i = 0; i < max_choice; i++) {
+			j = first_alpha(items[scroll + i]->name, "YyNnMmHh");
+			if (key == tolower(items[scroll + i]->name[j]))
+                		break;
+		}
+	}
+
+	if (i < max_choice || 
+            key == KEY_UP || key == KEY_DOWN ||
+            key == '-' || key == '+' ||
+            key == KEY_PPAGE || key == KEY_NPAGE) {
+
+            print_item (menu, items[scroll + choice]->name, choice, FALSE,
+                       (items[scroll + choice]->tag[0] != ':'));
+
+	    if (key == KEY_UP || key == '-') {
+                if (choice < 2 && scroll) {
+	            /* Scroll menu down */
+                    scrollok (menu, TRUE);
+                    wscrl (menu, -1);
+                    scrollok (menu, FALSE);
+
+                    scroll--;
+
+                    print_item (menu, items[scroll]->name, 0, FALSE,
+                               (items[scroll]->tag[0] != ':'));
+		} else
+		    choice = MAX(choice - 1, 0);
+
+	    } else if (key == KEY_DOWN || key == '+')  {
+
+		print_item (menu, items[scroll + choice]->name, choice, FALSE,
+                                (items[scroll + choice]->tag[0] != ':'));
+
+                if ((choice > max_choice-3) &&
+                    (scroll + max_choice < item_no)
+                   ) {
+		    /* Scroll menu up */
+		    scrollok (menu, TRUE);
+                    scroll (menu);
+                    scrollok (menu, FALSE);
+
+                    scroll++;
+
+                    print_item (menu, items[scroll + max_choice - 1]->name,
+                               max_choice-1, FALSE,
+                               (items[scroll + max_choice - 1]->tag[0] != ':'));
+                } else
+                    choice = MIN(choice+1, max_choice-1);
+
+	    } else if (key == KEY_PPAGE) {
+	        scrollok (menu, TRUE);
+                for (i=0; (i < max_choice); i++) {
+                    if (scroll > 0) {
+                	wscrl (menu, -1);
+                	scroll--;
+                	print_item (menu, items[scroll]->name, 0, FALSE,
+                	(items[scroll]->tag[0] != ':'));
+                    } else {
+                        if (choice > 0)
+                            choice--;
+                    }
+                }
+                scrollok (menu, FALSE);
+
+            } else if (key == KEY_NPAGE) {
+                for (i=0; (i < max_choice); i++) {
+                    if (scroll+max_choice < item_no) {
+			scrollok (menu, TRUE);
+			scroll(menu);
+			scrollok (menu, FALSE);
+                	scroll++;
+                	print_item (menu, items[scroll + max_choice - 1]->name,
+			            max_choice-1, FALSE,
+			            (items[scroll + max_choice - 1]->tag[0] != ':'));
+		    } else {
+			if (choice+1 < max_choice)
+			    choice++;
+		    }
+                }
+
+            } else
+                choice = i;
+
+            print_item (menu, items[scroll + choice]->name, choice, TRUE,
+                       (items[scroll + choice]->tag[0] != ':'));
+
+            print_arrows(dialog, item_no, scroll,
+                         box_y, box_x+item_x+1, menu_height);
+
+            wnoutrefresh (dialog);
+            wrefresh (menu);
+
+	    continue;		/* wait for another key press */
+        }
+
+	switch (key) {
+	case KEY_LEFT:
+	case TAB:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 2 : (button > 2 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (menu);
+	    break;
+	case ' ':
+	case 's':
+	case 'y':
+	case 'n':
+	case 'm':
+	case '/':
+	    /* save scroll info */
+	    if ( (f=fopen("lxdialog.scrltmp","w")) != NULL ) {
+		fprintf(f,"%d\n",scroll);
+		fclose(f);
+	    }
+	    delwin (dialog);
+            items[scroll + choice]->selected = 1;
+            switch (key) {
+            case 's': return 3;
+            case 'y': return 3;
+            case 'n': return 4;
+            case 'm': return 5;
+            case ' ': return 6;
+            case '/': return 7;
+            }
+	    return 0;
+	case 'h':
+	case '?':
+	    button = 2;
+	case '\n':
+	    delwin (dialog);
+	    items[scroll + choice]->selected = 1;
+
+	    remove("lxdialog.scrltmp");
+	    return button;
+	case 'e':
+	case 'x':
+	    key = ESC;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    remove("lxdialog.scrltmp");
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/lxdialog/msgbox.c b/config/scripts/config/lxdialog/msgbox.c
new file mode 100644
index 0000000000..93692e1fbc
--- /dev/null
+++ b/config/scripts/config/lxdialog/msgbox.c
@@ -0,0 +1,85 @@
+/*
+ *  msgbox.c -- implements the message box and info box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcapw@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+/*
+ * Display a message box. Program will pause and display an "OK" button
+ * if the parameter 'pause' is non-zero.
+ */
+int
+dialog_msgbox (const char *title, const char *prompt, int height, int width,
+		int pause)
+{
+    int i, x, y, key = 0;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 2);
+
+    if (pause) {
+	wattrset (dialog, border_attr);
+	mvwaddch (dialog, height - 3, 0, ACS_LTEE);
+	for (i = 0; i < width - 2; i++)
+	    waddch (dialog, ACS_HLINE);
+	wattrset (dialog, dialog_attr);
+	waddch (dialog, ACS_RTEE);
+
+	print_button (dialog, "  Ok  ",
+		      height - 2, width / 2 - 4, TRUE);
+
+	wrefresh (dialog);
+	while (key != ESC && key != '\n' && key != ' ' &&
+               key != 'O' && key != 'o' && key != 'X' && key != 'x')
+	    key = wgetch (dialog);
+    } else {
+	key = '\n';
+	wrefresh (dialog);
+    }
+
+    delwin (dialog);
+    return key == ESC ? -1 : 0;
+}
diff --git a/config/scripts/config/lxdialog/textbox.c b/config/scripts/config/lxdialog/textbox.c
new file mode 100644
index 0000000000..a5a460b5cc
--- /dev/null
+++ b/config/scripts/config/lxdialog/textbox.c
@@ -0,0 +1,556 @@
+/*
+ *  textbox.c -- implements the text box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+static void back_lines (int n);
+static void print_page (WINDOW * win, int height, int width);
+static void print_line (WINDOW * win, int row, int width);
+static char *get_line (void);
+static void print_position (WINDOW * win, int height, int width);
+
+static int hscroll, fd, file_size, bytes_read;
+static int begin_reached = 1, end_reached, page_length;
+static char *buf, *page;
+
+/*
+ * Display text from a file in a dialog box.
+ */
+int
+dialog_textbox (const char *title, const char *file, int height, int width)
+{
+    int i, x, y, cur_x, cur_y, fpos, key = 0;
+    int passed_end;
+    char search_term[MAX_LEN + 1];
+    WINDOW *dialog, *text;
+
+    search_term[0] = '\0';	/* no search term entered yet */
+
+    /* Open input file for reading */
+    if ((fd = open (file, O_RDONLY)) == -1) {
+	endwin ();
+	fprintf (stderr,
+		 "\nCan't open input file in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Get file size. Actually, 'file_size' is the real file size - 1,
+       since it's only the last byte offset from the beginning */
+    if ((file_size = lseek (fd, 0, SEEK_END)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError getting file size in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Restore file pointer to beginning of file after getting file size */
+    if (lseek (fd, 0, SEEK_SET) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError moving file pointer in dialog_textbox().\n");
+	exit (-1);
+    }
+    /* Allocate space for read buffer */
+    if ((buf = malloc (BUF_SIZE + 1)) == NULL) {
+	endwin ();
+	fprintf (stderr, "\nCan't allocate memory in dialog_textbox().\n");
+	exit (-1);
+    }
+    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError reading file in dialog_textbox().\n");
+	exit (-1);
+    }
+    buf[bytes_read] = '\0';	/* mark end of valid data */
+    page = buf;			/* page is pointer to start of page to be displayed */
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    /* Create window for text region, used for scrolling text */
+    text = subwin (dialog, height - 4, width - 2, y + 1, x + 1);
+    wattrset (text, dialog_attr);
+    wbkgdset (text, dialog_attr & A_COLOR);
+
+    keypad (text, TRUE);
+
+    /* register the new window, along with its borders */
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    wbkgdset (dialog, dialog_attr & A_COLOR);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+    print_button (dialog, " Exit ", height - 2, width / 2 - 4, TRUE);
+    wnoutrefresh (dialog);
+    getyx (dialog, cur_y, cur_x);	/* Save cursor position */
+
+    /* Print first page of text */
+    attr_clear (text, height - 4, width - 2, dialog_attr);
+    print_page (text, height - 4, width - 2);
+    print_position (dialog, height, width);
+    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+    wrefresh (dialog);
+
+    while ((key != ESC) && (key != '\n')) {
+	key = wgetch (dialog);
+	switch (key) {
+	case 'E':		/* Exit */
+	case 'e':
+	case 'X':
+	case 'x':
+	    delwin (dialog);
+	    free (buf);
+	    close (fd);
+	    return 0;
+	case 'g':		/* First page */
+	case KEY_HOME:
+	    if (!begin_reached) {
+		begin_reached = 1;
+		/* First page not in buffer? */
+		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		    exit (-1);
+		}
+		if (fpos > bytes_read) {	/* Yes, we have to read it in */
+		    if (lseek (fd, 0, SEEK_SET) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer in "
+				 "dialog_textbox().\n");
+			exit (-1);
+		    }
+		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+			endwin ();
+			fprintf (stderr,
+			     "\nError reading file in dialog_textbox().\n");
+			exit (-1);
+		    }
+		    buf[bytes_read] = '\0';
+		}
+		page = buf;
+		print_page (text, height - 4, width - 2);
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case 'G':		/* Last page */
+	case KEY_END:
+
+	    end_reached = 1;
+	    /* Last page not in buffer? */
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		exit (-1);
+	    }
+	    if (fpos < file_size) {	/* Yes, we have to read it in */
+		if (lseek (fd, -BUF_SIZE, SEEK_END) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+		      "\nError moving file pointer in dialog_textbox().\n");
+		    exit (-1);
+		}
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+			     "\nError reading file in dialog_textbox().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+	    }
+	    page = buf + bytes_read;
+	    back_lines (height - 4);
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+	    wrefresh (dialog);
+	    break;
+	case 'K':		/* Previous line */
+	case 'k':
+	case KEY_UP:
+	    if (!begin_reached) {
+		back_lines (page_length + 1);
+
+		/* We don't call print_page() here but use scrolling to ensure
+		   faster screen update. However, 'end_reached' and
+		   'page_length' should still be updated, and 'page' should
+		   point to start of next page. This is done by calling
+		   get_line() in the following 'for' loop. */
+		scrollok (text, TRUE);
+		wscrl (text, -1);	/* Scroll text region down one line */
+		scrollok (text, FALSE);
+		page_length = 0;
+		passed_end = 0;
+		for (i = 0; i < height - 4; i++) {
+		    if (!i) {
+			/* print first line of page */
+			print_line (text, 0, width - 2);
+			wnoutrefresh (text);
+		    } else
+			/* Called to update 'end_reached' and 'page' */
+			get_line ();
+		    if (!passed_end)
+			page_length++;
+		    if (end_reached && !passed_end)
+			passed_end = 1;
+		}
+
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case 'B':		/* Previous page */
+	case 'b':
+	case KEY_PPAGE:
+	    if (begin_reached)
+		break;
+	    back_lines (page_length + height - 4);
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case 'J':		/* Next line */
+	case 'j':
+	case KEY_DOWN:
+	    if (!end_reached) {
+		begin_reached = 0;
+		scrollok (text, TRUE);
+		scroll (text);	/* Scroll text region up one line */
+		scrollok (text, FALSE);
+		print_line (text, height - 5, width - 2);
+		wnoutrefresh (text);
+		print_position (dialog, height, width);
+		wmove (dialog, cur_y, cur_x);	/* Restore cursor position */
+		wrefresh (dialog);
+	    }
+	    break;
+	case KEY_NPAGE:		/* Next page */
+	case ' ':
+	    if (end_reached)
+		break;
+
+	    begin_reached = 0;
+	    print_page (text, height - 4, width - 2);
+	    print_position (dialog, height, width);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case '0':		/* Beginning of line */
+	case 'H':		/* Scroll left */
+	case 'h':
+	case KEY_LEFT:
+	    if (hscroll <= 0)
+		break;
+
+	    if (key == '0')
+		hscroll = 0;
+	    else
+		hscroll--;
+	    /* Reprint current page to scroll horizontally */
+	    back_lines (page_length);
+	    print_page (text, height - 4, width - 2);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case 'L':		/* Scroll right */
+	case 'l':
+	case KEY_RIGHT:
+	    if (hscroll >= MAX_LEN)
+		break;
+	    hscroll++;
+	    /* Reprint current page to scroll horizontally */
+	    back_lines (page_length);
+	    print_page (text, height - 4, width - 2);
+	    wmove (dialog, cur_y, cur_x);
+	    wrefresh (dialog);
+	    break;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    free (buf);
+    close (fd);
+    return 1;			/* ESC pressed */
+}
+
+/*
+ * Go back 'n' lines in text file. Called by dialog_textbox().
+ * 'page' will be updated to point to the desired line in 'buf'.
+ */
+static void
+back_lines (int n)
+{
+    int i, fpos;
+
+    begin_reached = 0;
+    /* We have to distinguish between end_reached and !end_reached
+       since at end of file, the line is not ended by a '\n'.
+       The code inside 'if' basically does a '--page' to move one
+       character backward so as to skip '\n' of the previous line */
+    if (!end_reached) {
+	/* Either beginning of buffer or beginning of file reached? */
+	if (page == buf) {
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr, "\nError moving file pointer in "
+			 "back_lines().\n");
+		exit (-1);
+	    }
+	    if (fpos > bytes_read) {	/* Not beginning of file yet */
+		/* We've reached beginning of buffer, but not beginning of
+		   file yet, so read previous part of file into buffer.
+		   Note that we only move backward for BUF_SIZE/2 bytes,
+		   but not BUF_SIZE bytes to avoid re-reading again in
+		   print_page() later */
+		/* Really possible to move backward BUF_SIZE/2 bytes? */
+		if (fpos < BUF_SIZE / 2 + bytes_read) {
+		    /* No, move less then */
+		    if (lseek (fd, 0, SEEK_SET) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer in "
+				 "back_lines().\n");
+			exit (-1);
+		    }
+		    page = buf + fpos - bytes_read;
+		} else {	/* Move backward BUF_SIZE/2 bytes */
+		    if (lseek (fd, -(BUF_SIZE / 2 + bytes_read), SEEK_CUR)
+			== -1) {
+			endwin ();
+			fprintf (stderr, "\nError moving file pointer "
+				 "in back_lines().\n");
+			exit (-1);
+		    }
+		    page = buf + BUF_SIZE / 2;
+		}
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr, "\nError reading file in back_lines().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+	    } else {		/* Beginning of file reached */
+		begin_reached = 1;
+		return;
+	    }
+	}
+	if (*(--page) != '\n') {	/* '--page' here */
+	    /* Something's wrong... */
+	    endwin ();
+	    fprintf (stderr, "\nInternal error in back_lines().\n");
+	    exit (-1);
+	}
+    }
+    /* Go back 'n' lines */
+    for (i = 0; i < n; i++)
+	do {
+	    if (page == buf) {
+		if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		    endwin ();
+		    fprintf (stderr,
+			  "\nError moving file pointer in back_lines().\n");
+		    exit (-1);
+		}
+		if (fpos > bytes_read) {
+		    /* Really possible to move backward BUF_SIZE/2 bytes? */
+		    if (fpos < BUF_SIZE / 2 + bytes_read) {
+			/* No, move less then */
+			if (lseek (fd, 0, SEEK_SET) == -1) {
+			    endwin ();
+			    fprintf (stderr, "\nError moving file pointer "
+				     "in back_lines().\n");
+			    exit (-1);
+			}
+			page = buf + fpos - bytes_read;
+		    } else {	/* Move backward BUF_SIZE/2 bytes */
+			if (lseek (fd, -(BUF_SIZE / 2 + bytes_read),
+				   SEEK_CUR) == -1) {
+			    endwin ();
+			    fprintf (stderr, "\nError moving file pointer"
+				     " in back_lines().\n");
+			    exit (-1);
+			}
+			page = buf + BUF_SIZE / 2;
+		    }
+		    if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+			endwin ();
+			fprintf (stderr, "\nError reading file in "
+				 "back_lines().\n");
+			exit (-1);
+		    }
+		    buf[bytes_read] = '\0';
+		} else {	/* Beginning of file reached */
+		    begin_reached = 1;
+		    return;
+		}
+	    }
+	} while (*(--page) != '\n');
+    page++;
+}
+
+/*
+ * Print a new page of text. Called by dialog_textbox().
+ */
+static void
+print_page (WINDOW * win, int height, int width)
+{
+    int i, passed_end = 0;
+
+    page_length = 0;
+    for (i = 0; i < height; i++) {
+	print_line (win, i, width);
+	if (!passed_end)
+	    page_length++;
+	if (end_reached && !passed_end)
+	    passed_end = 1;
+    }
+    wnoutrefresh (win);
+}
+
+/*
+ * Print a new line of text. Called by dialog_textbox() and print_page().
+ */
+static void
+print_line (WINDOW * win, int row, int width)
+{
+    int y, x;
+    char *line;
+
+    line = get_line ();
+    line += MIN (strlen (line), hscroll);	/* Scroll horizontally */
+    wmove (win, row, 0);	/* move cursor to correct line */
+    waddch (win, ' ');
+    waddnstr (win, line, MIN (strlen (line), width - 2));
+
+    getyx (win, y, x);
+    /* Clear 'residue' of previous line */
+#if OLD_NCURSES
+    {
+        int i;
+        for (i = 0; i < width - x; i++)
+	    waddch (win, ' ');
+    }
+#else
+    wclrtoeol(win);
+#endif
+}
+
+/*
+ * Return current line of text. Called by dialog_textbox() and print_line().
+ * 'page' should point to start of current line before calling, and will be
+ * updated to point to start of next line.
+ */
+static char *
+get_line (void)
+{
+    int i = 0, fpos;
+    static char line[MAX_LEN + 1];
+
+    end_reached = 0;
+    while (*page != '\n') {
+	if (*page == '\0') {
+	    /* Either end of file or end of buffer reached */
+	    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+		endwin ();
+		fprintf (stderr, "\nError moving file pointer in "
+			 "get_line().\n");
+		exit (-1);
+	    }
+	    if (fpos < file_size) {	/* Not end of file yet */
+		/* We've reached end of buffer, but not end of file yet,
+		   so read next part of file into buffer */
+		if ((bytes_read = read (fd, buf, BUF_SIZE)) == -1) {
+		    endwin ();
+		    fprintf (stderr, "\nError reading file in get_line().\n");
+		    exit (-1);
+		}
+		buf[bytes_read] = '\0';
+		page = buf;
+	    } else {
+		if (!end_reached)
+		    end_reached = 1;
+		break;
+	    }
+	} else if (i < MAX_LEN)
+	    line[i++] = *(page++);
+	else {
+	    /* Truncate lines longer than MAX_LEN characters */
+	    if (i == MAX_LEN)
+		line[i++] = '\0';
+	    page++;
+	}
+    }
+    if (i <= MAX_LEN)
+	line[i] = '\0';
+    if (!end_reached)
+	page++;			/* move pass '\n' */
+
+    return line;
+}
+
+/*
+ * Print current position
+ */
+static void
+print_position (WINDOW * win, int height, int width)
+{
+    int fpos, percent;
+
+    if ((fpos = lseek (fd, 0, SEEK_CUR)) == -1) {
+	endwin ();
+	fprintf (stderr, "\nError moving file pointer in print_position().\n");
+	exit (-1);
+    }
+    wattrset (win, position_indicator_attr);
+    wbkgdset (win, position_indicator_attr & A_COLOR);
+    percent = !file_size ?
+	100 : ((fpos - bytes_read + page - buf) * 100) / file_size;
+    wmove (win, height - 3, width - 9);
+    wprintw (win, "(%3d%%)", percent);
+}
diff --git a/config/scripts/config/lxdialog/util.c b/config/scripts/config/lxdialog/util.c
new file mode 100644
index 0000000000..6f83951b90
--- /dev/null
+++ b/config/scripts/config/lxdialog/util.c
@@ -0,0 +1,375 @@
+/*
+ *  util.c
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+
+/* use colors by default? */
+bool use_colors = 1;
+
+const char *backtitle = NULL;
+
+const char *dialog_result;
+
+/* 
+ * Attribute values, default is for mono display
+ */
+chtype attributes[] =
+{
+    A_NORMAL,			/* screen_attr */
+    A_NORMAL,			/* shadow_attr */
+    A_NORMAL,			/* dialog_attr */
+    A_BOLD,			/* title_attr */
+    A_NORMAL,			/* border_attr */
+    A_REVERSE,			/* button_active_attr */
+    A_DIM,			/* button_inactive_attr */
+    A_REVERSE,			/* button_key_active_attr */
+    A_BOLD,			/* button_key_inactive_attr */
+    A_REVERSE,			/* button_label_active_attr */
+    A_NORMAL,			/* button_label_inactive_attr */
+    A_NORMAL,			/* inputbox_attr */
+    A_NORMAL,			/* inputbox_border_attr */
+    A_NORMAL,			/* searchbox_attr */
+    A_BOLD,			/* searchbox_title_attr */
+    A_NORMAL,			/* searchbox_border_attr */
+    A_BOLD,			/* position_indicator_attr */
+    A_NORMAL,			/* menubox_attr */
+    A_NORMAL,			/* menubox_border_attr */
+    A_NORMAL,			/* item_attr */
+    A_REVERSE,			/* item_selected_attr */
+    A_BOLD,			/* tag_attr */
+    A_REVERSE,			/* tag_selected_attr */
+    A_BOLD,			/* tag_key_attr */
+    A_REVERSE,			/* tag_key_selected_attr */
+    A_BOLD,			/* check_attr */
+    A_REVERSE,			/* check_selected_attr */
+    A_BOLD,			/* uarrow_attr */
+    A_BOLD			/* darrow_attr */
+};
+
+
+#include "colors.h"
+
+/*
+ * Table of color values
+ */
+int color_table[][3] =
+{
+    {SCREEN_FG, SCREEN_BG, SCREEN_HL},
+    {SHADOW_FG, SHADOW_BG, SHADOW_HL},
+    {DIALOG_FG, DIALOG_BG, DIALOG_HL},
+    {TITLE_FG, TITLE_BG, TITLE_HL},
+    {BORDER_FG, BORDER_BG, BORDER_HL},
+    {BUTTON_ACTIVE_FG, BUTTON_ACTIVE_BG, BUTTON_ACTIVE_HL},
+    {BUTTON_INACTIVE_FG, BUTTON_INACTIVE_BG, BUTTON_INACTIVE_HL},
+    {BUTTON_KEY_ACTIVE_FG, BUTTON_KEY_ACTIVE_BG, BUTTON_KEY_ACTIVE_HL},
+    {BUTTON_KEY_INACTIVE_FG, BUTTON_KEY_INACTIVE_BG, BUTTON_KEY_INACTIVE_HL},
+    {BUTTON_LABEL_ACTIVE_FG, BUTTON_LABEL_ACTIVE_BG, BUTTON_LABEL_ACTIVE_HL},
+    {BUTTON_LABEL_INACTIVE_FG, BUTTON_LABEL_INACTIVE_BG,
+     BUTTON_LABEL_INACTIVE_HL},
+    {INPUTBOX_FG, INPUTBOX_BG, INPUTBOX_HL},
+    {INPUTBOX_BORDER_FG, INPUTBOX_BORDER_BG, INPUTBOX_BORDER_HL},
+    {SEARCHBOX_FG, SEARCHBOX_BG, SEARCHBOX_HL},
+    {SEARCHBOX_TITLE_FG, SEARCHBOX_TITLE_BG, SEARCHBOX_TITLE_HL},
+    {SEARCHBOX_BORDER_FG, SEARCHBOX_BORDER_BG, SEARCHBOX_BORDER_HL},
+    {POSITION_INDICATOR_FG, POSITION_INDICATOR_BG, POSITION_INDICATOR_HL},
+    {MENUBOX_FG, MENUBOX_BG, MENUBOX_HL},
+    {MENUBOX_BORDER_FG, MENUBOX_BORDER_BG, MENUBOX_BORDER_HL},
+    {ITEM_FG, ITEM_BG, ITEM_HL},
+    {ITEM_SELECTED_FG, ITEM_SELECTED_BG, ITEM_SELECTED_HL},
+    {TAG_FG, TAG_BG, TAG_HL},
+    {TAG_SELECTED_FG, TAG_SELECTED_BG, TAG_SELECTED_HL},
+    {TAG_KEY_FG, TAG_KEY_BG, TAG_KEY_HL},
+    {TAG_KEY_SELECTED_FG, TAG_KEY_SELECTED_BG, TAG_KEY_SELECTED_HL},
+    {CHECK_FG, CHECK_BG, CHECK_HL},
+    {CHECK_SELECTED_FG, CHECK_SELECTED_BG, CHECK_SELECTED_HL},
+    {UARROW_FG, UARROW_BG, UARROW_HL},
+    {DARROW_FG, DARROW_BG, DARROW_HL},
+};				/* color_table */
+
+/*
+ * Set window to attribute 'attr'
+ */
+void
+attr_clear (WINDOW * win, int height, int width, chtype attr)
+{
+    int i, j;
+
+    wattrset (win, attr);
+    for (i = 0; i < height; i++) {
+	wmove (win, i, 0);
+	for (j = 0; j < width; j++)
+	    waddch (win, ' ');
+    }
+    touchwin (win);
+}
+
+void dialog_clear (void)
+{
+    attr_clear (stdscr, LINES, COLS, screen_attr);
+    /* Display background title if it exists ... - SLH */
+    if (backtitle != NULL) {
+        int i;
+
+        wattrset (stdscr, screen_attr);
+        mvwaddstr (stdscr, 0, 1, (char *)backtitle);
+        wmove (stdscr, 1, 1);
+        for (i = 1; i < COLS - 1; i++)
+            waddch (stdscr, ACS_HLINE);
+    }
+    wnoutrefresh (stdscr);
+}
+
+/*
+ * Do some initialization for dialog
+ */
+void
+init_dialog (void)
+{
+    initscr ();			/* Init curses */
+    keypad (stdscr, TRUE);
+    cbreak ();
+    noecho ();
+
+
+    if (use_colors)	/* Set up colors */
+	color_setup ();
+
+
+    dialog_clear ();
+}
+
+/*
+ * Setup for color display
+ */
+void
+color_setup (void)
+{
+    int i;
+
+    if (has_colors ()) {	/* Terminal supports color? */
+	start_color ();
+
+	/* Initialize color pairs */
+	for (i = 0; i < ATTRIBUTE_COUNT; i++)
+	    init_pair (i + 1, color_table[i][0], color_table[i][1]);
+
+	/* Setup color attributes */
+	for (i = 0; i < ATTRIBUTE_COUNT; i++)
+	    attributes[i] = C_ATTR (color_table[i][2], i + 1);
+    }
+}
+
+/*
+ * End using dialog functions.
+ */
+void
+end_dialog (void)
+{
+    endwin ();
+}
+
+
+/*
+ * Print a string of text in a window, automatically wrap around to the
+ * next line if the string is too long to fit on one line. Newline
+ * characters '\n' are replaced by spaces.  We start on a new line
+ * if there is no room for at least 4 nonblanks following a double-space.
+ */
+void
+print_autowrap (WINDOW * win, const char *prompt, int width, int y, int x)
+{
+    int newl, cur_x, cur_y;
+    int i, prompt_len, room, wlen;
+    char tempstr[MAX_LEN + 1], *word, *sp, *sp2;
+
+    strcpy (tempstr, prompt);
+
+    prompt_len = strlen(tempstr);
+	
+    /*
+     * Remove newlines
+     */
+    for(i=0; i<prompt_len; i++) {
+	if(tempstr[i] == '\n') tempstr[i] = ' ';
+    }
+
+    if (prompt_len <= width - x * 2) {	/* If prompt is short */
+	wmove (win, y, (width - prompt_len) / 2);
+	waddstr (win, tempstr);
+    } else {
+	cur_x = x;
+	cur_y = y;
+	newl = 1;
+	word = tempstr;
+	while (word && *word) {
+	    sp = index(word, ' ');
+	    if (sp)
+	        *sp++ = 0;
+
+	    /* Wrap to next line if either the word does not fit,
+	       or it is the first word of a new sentence, and it is
+	       short, and the next word does not fit. */
+	    room = width - cur_x;
+	    wlen = strlen(word);
+	    if (wlen > room ||
+	       (newl && wlen < 4 && sp && wlen+1+strlen(sp) > room
+		     && (!(sp2 = index(sp, ' ')) || wlen+1+(sp2-sp) > room))) {
+		cur_y++;
+		cur_x = x;
+	    }
+	    wmove (win, cur_y, cur_x);
+	    waddstr (win, word);
+	    getyx (win, cur_y, cur_x);
+	    cur_x++;
+	    if (sp && *sp == ' ') {
+	        cur_x++;	/* double space */
+		while (*++sp == ' ');
+		newl = 1;
+	    } else
+	        newl = 0;
+	    word = sp;
+	}
+    }
+}
+
+/*
+ * Print a button
+ */
+void
+print_button (WINDOW * win, const char *label, int y, int x, int selected)
+{
+    int i, temp;
+
+    wmove (win, y, x);
+    wattrset (win, selected ? button_active_attr : button_inactive_attr);
+    waddstr (win, "<");
+    temp = strspn (label, " ");
+    label += temp;
+    wattrset (win, selected ? button_label_active_attr
+	      : button_label_inactive_attr);
+    for (i = 0; i < temp; i++)
+	waddch (win, ' ');
+    wattrset (win, selected ? button_key_active_attr
+	      : button_key_inactive_attr);
+    waddch (win, label[0]);
+    wattrset (win, selected ? button_label_active_attr
+	      : button_label_inactive_attr);
+    waddstr (win, (char *)label + 1);
+    wattrset (win, selected ? button_active_attr : button_inactive_attr);
+    waddstr (win, ">");
+    wmove (win, y, x + temp + 1);
+}
+
+/*
+ * Draw a rectangular box with line drawing characters
+ */
+void
+draw_box (WINDOW * win, int y, int x, int height, int width,
+	  chtype box, chtype border)
+{
+    int i, j;
+
+    wattrset (win, 0);
+    for (i = 0; i < height; i++) {
+	wmove (win, y + i, x);
+	for (j = 0; j < width; j++)
+	    if (!i && !j)
+		waddch (win, border | ACS_ULCORNER);
+	    else if (i == height - 1 && !j)
+		waddch (win, border | ACS_LLCORNER);
+	    else if (!i && j == width - 1)
+		waddch (win, box | ACS_URCORNER);
+	    else if (i == height - 1 && j == width - 1)
+		waddch (win, box | ACS_LRCORNER);
+	    else if (!i)
+		waddch (win, border | ACS_HLINE);
+	    else if (i == height - 1)
+		waddch (win, box | ACS_HLINE);
+	    else if (!j)
+		waddch (win, border | ACS_VLINE);
+	    else if (j == width - 1)
+		waddch (win, box | ACS_VLINE);
+	    else
+		waddch (win, box | ' ');
+    }
+}
+
+/*
+ * Draw shadows along the right and bottom edge to give a more 3D look
+ * to the boxes
+ */
+void
+draw_shadow (WINDOW * win, int y, int x, int height, int width)
+{
+    int i;
+
+    if (has_colors ()) {	/* Whether terminal supports color? */
+	wattrset (win, shadow_attr);
+	wmove (win, y + height, x + 2);
+	for (i = 0; i < width; i++)
+	    waddch (win, winch (win) & A_CHARTEXT);
+	for (i = y + 1; i < y + height + 1; i++) {
+	    wmove (win, i, x + width);
+	    waddch (win, winch (win) & A_CHARTEXT);
+	    waddch (win, winch (win) & A_CHARTEXT);
+	}
+	wnoutrefresh (win);
+    }
+}
+
+/*
+ *  Return the position of the first alphabetic character in a string.
+ */
+int
+first_alpha(const char *string, const char *exempt)
+{
+	int i, in_paren=0, c;
+
+	for (i = 0; i < strlen(string); i++) {
+		c = tolower(string[i]);
+
+		if (strchr("<[(", c)) ++in_paren;
+		if (strchr(">])", c) && in_paren > 0) --in_paren;
+
+		if ((! in_paren) && isalpha(c) && 
+		     strchr(exempt, c) == 0)
+			return i;
+	}
+
+	return 0;
+}
+
+/*
+ * Get the first selected item in the dialog_list_item list.
+ */
+struct dialog_list_item *
+first_sel_item(int item_no, struct dialog_list_item ** items)
+{
+	int i;
+
+	for (i = 0; i < item_no; i++) {
+		if (items[i]->selected)
+			return items[i];
+	}
+
+	return NULL;
+}
diff --git a/config/scripts/config/lxdialog/yesno.c b/config/scripts/config/lxdialog/yesno.c
new file mode 100644
index 0000000000..11fcc25f51
--- /dev/null
+++ b/config/scripts/config/lxdialog/yesno.c
@@ -0,0 +1,118 @@
+/*
+ *  yesno.c -- implements the yes/no box
+ *
+ *  ORIGINAL AUTHOR: Savio Lam (lam836@cs.cuhk.hk)
+ *  MODIFIED FOR LINUX KERNEL CONFIG BY: William Roadcap (roadcap@cfw.com)
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "dialog.h"
+
+/*
+ * Display termination buttons
+ */
+static void
+print_buttons(WINDOW *dialog, int height, int width, int selected)
+{
+    int x = width / 2 - 10;
+    int y = height - 2;
+
+    print_button (dialog, " Yes ", y, x, selected == 0);
+    print_button (dialog, "  No  ", y, x + 13, selected == 1);
+
+    wmove(dialog, y, x+1 + 13*selected );
+    wrefresh (dialog);
+}
+
+/*
+ * Display a dialog box with two buttons - Yes and No
+ */
+int
+dialog_yesno (const char *title, const char *prompt, int height, int width)
+{
+    int i, x, y, key = 0, button = 0;
+    WINDOW *dialog;
+
+    /* center dialog box on screen */
+    x = (COLS - width) / 2;
+    y = (LINES - height) / 2;
+
+    draw_shadow (stdscr, y, x, height, width);
+
+    dialog = newwin (height, width, y, x);
+    keypad (dialog, TRUE);
+
+    draw_box (dialog, 0, 0, height, width, dialog_attr, border_attr);
+    wattrset (dialog, border_attr);
+    mvwaddch (dialog, height-3, 0, ACS_LTEE);
+    for (i = 0; i < width - 2; i++)
+	waddch (dialog, ACS_HLINE);
+    wattrset (dialog, dialog_attr);
+    waddch (dialog, ACS_RTEE);
+
+    if (title != NULL && strlen(title) >= width-2 ) {
+	/* truncate long title -- mec */
+	char * title2 = malloc(width-2+1);
+	memcpy( title2, title, width-2 );
+	title2[width-2] = '\0';
+	title = title2;
+    }
+
+    if (title != NULL) {
+	wattrset (dialog, title_attr);
+	mvwaddch (dialog, 0, (width - strlen(title))/2 - 1, ' ');
+	waddstr (dialog, (char *)title);
+	waddch (dialog, ' ');
+    }
+
+    wattrset (dialog, dialog_attr);
+    print_autowrap (dialog, prompt, width - 2, 1, 3);
+
+    print_buttons(dialog, height, width, 0);
+
+    while (key != ESC) {
+	key = wgetch (dialog);
+	switch (key) {
+	case 'Y':
+	case 'y':
+	    delwin (dialog);
+	    return 0;
+	case 'N':
+	case 'n':
+	    delwin (dialog);
+	    return 1;
+
+	case TAB:
+	case KEY_LEFT:
+	case KEY_RIGHT:
+	    button = ((key == KEY_LEFT ? --button : ++button) < 0)
+			? 1 : (button > 1 ? 0 : button);
+
+	    print_buttons(dialog, height, width, button);
+	    wrefresh (dialog);
+	    break;
+	case ' ':
+	case '\n':
+	    delwin (dialog);
+	    return button;
+	case ESC:
+	    break;
+	}
+    }
+
+    delwin (dialog);
+    return -1;			/* ESC pressed */
+}
diff --git a/config/scripts/config/mconf.c b/config/scripts/config/mconf.c
new file mode 100644
index 0000000000..406eb29c3b
--- /dev/null
+++ b/config/scripts/config/mconf.c
@@ -0,0 +1,977 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ *
+ * Introduced single menu mode (show all sub-menus in one large tree).
+ * 2002-11-06 Petr Baudis <pasky@ucw.cz>
+ *
+ * Directly use liblxdialog library routines.
+ * 2002-11-14 Petr Baudis <pasky@ucw.cz>
+ */
+
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/termios.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include "lxdialog/dialog.h"
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+static char menu_backtitle[128];
+static const char mconf_readme[] =
+"Overview\n"
+"--------\n"
+"Some features may be built directly into axTLS.  Some features\n"
+"may be completely removed altogether.  There are also certain\n"
+"parameters which are not really features, but must be\n"
+"entered in as decimal or hexadecimal numbers or possibly text.\n"
+"\n"
+"Menu items beginning with [*] or [ ] represent features\n"
+"configured to be built in or removed respectively.\n"
+"\n"
+"To change any of these features, highlight it with the cursor\n"
+"keys and press <Y> to build it in or <N> to removed it.\n"
+"You may also press the <Space Bar> to cycle\n"
+"through the available options (ie. Y->N->Y).\n"
+"\n"
+"Some additional keyboard hints:\n"
+"\n"
+"Menus\n"
+"----------\n"
+"o  Use the Up/Down arrow keys (cursor keys) to highlight the item\n"
+"   you wish to change or submenu wish to select and press <Enter>.\n"
+"   Submenus are designated by \"--->\".\n"
+"\n"
+"   Shortcut: Press the option's highlighted letter (hotkey).\n"
+"             Pressing a hotkey more than once will sequence\n"
+"             through all visible items which use that hotkey.\n"
+"\n"
+"   You may also use the <PAGE UP> and <PAGE DOWN> keys to scroll\n"
+"   unseen options into view.\n"
+"\n"
+"o  To exit a menu use the cursor keys to highlight the <Exit> button\n"
+"   and press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <ESC><ESC> or <E> or <X> if there is no hotkey\n"
+"             using those letters.  You may press a single <ESC>, but\n"
+"             there is a delayed response which you may find annoying.\n"
+"\n"
+"   Also, the <TAB> and cursor keys will cycle between <Select>,\n"
+"   <Exit> and <Help>\n"
+"\n"
+"o  To get help with an item, use the cursor keys to highlight <Help>\n"
+"   and Press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <H> or <?>.\n"
+"\n"
+"\n"
+"Radiolists  (Choice lists)\n"
+"-----------\n"
+"o  Use the cursor keys to select the option you wish to set and press\n"
+"   <S> or the <SPACE BAR>.\n"
+"\n"
+"   Shortcut: Press the first letter of the option you wish to set then\n"
+"             press <S> or <SPACE BAR>.\n"
+"\n"
+"o  To see available help for the item, use the cursor keys to highlight\n"
+"   <Help> and Press <ENTER>.\n"
+"\n"
+"   Shortcut: Press <H> or <?>.\n"
+"\n"
+"   Also, the <TAB> and cursor keys will cycle between <Select> and\n"
+"   <Help>\n"
+"\n"
+"\n"
+"Data Entry\n"
+"-----------\n"
+"o  Enter the requested information and press <ENTER>\n"
+"   If you are entering hexadecimal values, it is not necessary to\n"
+"   add the '0x' prefix to the entry.\n"
+"\n"
+"o  For help, use the <TAB> or cursor keys to highlight the help option\n"
+"   and press <ENTER>.  You can try <TAB><H> as well.\n"
+"\n"
+"\n"
+"Text Box    (Help Window)\n"
+"--------\n"
+"o  Use the cursor keys to scroll up/down/left/right.  The VI editor\n"
+"   keys h,j,k,l function here as do <SPACE BAR> and <B> for those\n"
+"   who are familiar with less and lynx.\n"
+"\n"
+"o  Press <E>, <X>, <Enter> or <Esc><Esc> to exit.\n"
+"\n"
+"\n"
+"Alternate Configuration Files\n"
+"-----------------------------\n"
+"Menuconfig supports the use of alternate configuration files for\n"
+"those who, for various reasons, find it necessary to switch\n"
+"between different configurations.\n"
+"\n"
+"At the end of the main menu you will find two options.  One is\n"
+"for saving the current configuration to a file of your choosing.\n"
+"The other option is for loading a previously saved alternate\n"
+"configuration.\n"
+"\n"
+"Even if you don't use alternate configuration files, but you\n"
+"find during a Menuconfig session that you have completely messed\n"
+"up your settings, you may use the \"Load Alternate...\" option to\n"
+"restore your previously saved settings from \".config\" without\n"
+"restarting Menuconfig.\n"
+"\n"
+"Other information\n"
+"-----------------\n"
+"If you use Menuconfig in an XTERM window make sure you have your\n"
+"$TERM variable set to point to a xterm definition which supports color.\n"
+"Otherwise, Menuconfig will look rather bad.  Menuconfig will not\n"
+"display correctly in a RXVT window because rxvt displays only one\n"
+"intensity of color, bright.\n"
+"\n"
+"Menuconfig will display larger menus on screens or xterms which are\n"
+"set to display more than the standard 25 row by 80 column geometry.\n"
+"In order for this to work, the \"stty size\" command must be able to\n"
+"display the screen's current row and column geometry.  I STRONGLY\n"
+"RECOMMEND that you make sure you do NOT have the shell variables\n"
+"LINES and COLUMNS exported into your environment.  Some distributions\n"
+"export those variables via /etc/profile.  Some ncurses programs can\n"
+"become confused when those variables (LINES & COLUMNS) don't reflect\n"
+"the true screen size.\n"
+"\n"
+"Optional personality available\n"
+"------------------------------\n"
+"If you prefer to have all of the options listed in a single\n"
+"menu, rather than the default multimenu hierarchy, run the menuconfig\n"
+"with MENUCONFIG_MODE environment variable set to single_menu. Example:\n"
+"\n"
+"make MENUCONFIG_MODE=single_menu menuconfig\n"
+"\n"
+"<Enter> will then unroll the appropriate category, or enfold it if it\n"
+"is already unrolled.\n"
+"\n"
+"Note that this mode can eventually be a little more CPU expensive\n"
+"(especially with a larger number of unrolled categories) than the\n"
+"default mode.\n",
+menu_instructions[] =
+	"Arrow keys navigate the menu.  "
+	"<Enter> selects submenus --->.  "
+	"Highlighted letters are hotkeys.  "
+	"Pressing <Y> selectes a feature, while <N> will exclude a feature.  "
+	"Press <Esc><Esc> to exit, <?> for Help, </> for Search.  "
+	"Legend: [*] feature is selected  [ ] feature is excluded",
+radiolist_instructions[] =
+	"Use the arrow keys to navigate this window or "
+	"press the hotkey of the item you wish to select "
+	"followed by the <SPACE BAR>. "
+	"Press <?> for additional information about this option.",
+inputbox_instructions_int[] =
+	"Please enter a decimal value. "
+	"Fractions will not be accepted.  "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+inputbox_instructions_hex[] =
+	"Please enter a hexadecimal value. "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+inputbox_instructions_string[] =
+	"Please enter a string value. "
+	"Use the <TAB> key to move from the input field to the buttons below it.",
+setmod_text[] =
+	"This feature depends on another which has been configured as a module.\n"
+	"As a result, this feature will be built as a module.",
+nohelp_text[] =
+	"There is no help available for this option.\n",
+load_config_text[] =
+	"Enter the name of the configuration file you wish to load.  "
+	"Accept the name shown to restore the configuration you "
+	"last retrieved.  Leave blank to abort.",
+load_config_help[] =
+	"\n"
+	"For various reasons, one may wish to keep several different axTLS\n"
+	"configurations available on a single machine.\n"
+	"\n"
+	"If you have saved a previous configuration in a file other than the\n"
+	"axTLS's default, entering the name of the file here will allow you\n"
+	"to modify that configuration.\n"
+	"\n"
+	"If you are uncertain, then you have probably never used alternate\n"
+	"configuration files.  You should therefor leave this blank to abort.\n",
+save_config_text[] =
+	"Enter a filename to which this configuration should be saved "
+	"as an alternate.  Leave blank to abort.",
+save_config_help[] =
+	"\n"
+	"For various reasons, one may wish to keep different axTLS\n"
+	"configurations available on a single machine.\n"
+	"\n"
+	"Entering a file name here will allow you to later retrieve, modify\n"
+	"and use the current configuration as an alternate to whatever\n"
+	"configuration options you have selected at that time.\n"
+	"\n"
+	"If you are uncertain what all this means then you should probably\n"
+	"leave this blank.\n",
+search_help[] =
+	"\n"
+	"Search for CONFIG_ symbols and display their relations.\n"
+	"Example: search for \"^FOO\"\n"
+	"Result:\n"
+	"-----------------------------------------------------------------\n"
+	"Symbol: FOO [=m]\n"
+	"Prompt: Foo bus is used to drive the bar HW\n"
+	"Defined at drivers/pci/Kconfig:47\n"
+	"Depends on: X86_LOCAL_APIC && X86_IO_APIC || IA64\n"
+	"Location:\n"
+	"  -> Bus options (PCI, PCMCIA, EISA, MCA, ISA)\n"
+	"    -> PCI support (PCI [=y])\n"
+	"      -> PCI access mode (<choice> [=y])\n"
+	"Selects: LIBCRC32\n"
+	"Selected by: BAR\n"
+	"-----------------------------------------------------------------\n"
+	"o The line 'Prompt:' shows the text used in the menu structure for\n"
+	"  this CONFIG_ symbol\n"
+	"o The 'Defined at' line tell at what file / line number the symbol\n"
+	"  is defined\n"
+	"o The 'Depends on:' line tell what symbols needs to be defined for\n"
+	"  this symbol to be visible in the menu (selectable)\n"
+	"o The 'Location:' lines tell where in the menu structure this symbol\n"
+	"  is located\n"
+	"    A location followed by a [=y] indicate that this is a selectable\n"
+	"    menu item - and current value is displayed inside brackets.\n"
+	"o The 'Selects:' line tell what symbol will be automatically\n"
+	"  selected if this symbol is selected (y or m)\n"
+	"o The 'Selected by' line tell what symbol has selected this symbol\n"
+	"\n"
+	"Only relevant lines are shown.\n"
+	"\n\n"
+	"Search examples:\n"
+	"Examples: USB	=> find all CONFIG_ symbols containing USB\n"
+	"          ^USB => find all CONFIG_ symbols starting with USB\n"
+	"          USB$ => find all CONFIG_ symbols ending with USB\n"
+	"\n";
+
+static char filename[PATH_MAX+1] = ".config";
+static int indent;
+static struct termios ios_org;
+static int rows = 0, cols = 0;
+static struct menu *current_menu;
+static int child_count;
+static int single_menu_mode;
+
+static struct dialog_list_item *items[16384]; /* FIXME: This ought to be dynamic. */
+static int item_no;
+
+static void conf(struct menu *menu);
+static void conf_choice(struct menu *menu);
+static void conf_string(struct menu *menu);
+static void conf_load(void);
+static void conf_save(void);
+static void show_textbox(const char *title, const char *text, int r, int c);
+static void show_helptext(const char *title, const char *text);
+static void show_help(struct menu *menu);
+static void show_file(const char *filename, const char *title, int r, int c);
+
+static void init_wsize(void)
+{
+	struct winsize ws;
+	char *env;
+
+	if (!ioctl(STDIN_FILENO, TIOCGWINSZ, &ws)) {
+		rows = ws.ws_row;
+		cols = ws.ws_col;
+	}
+
+	if (!rows) {
+		env = getenv("LINES");
+		if (env)
+			rows = atoi(env);
+		if (!rows)
+			rows = 24;
+	}
+	if (!cols) {
+		env = getenv("COLUMNS");
+		if (env)
+			cols = atoi(env);
+		if (!cols)
+			cols = 80;
+	}
+
+	if (rows < 19 || cols < 80) {
+		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
+		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
+		exit(1);
+	}
+
+	rows -= 4;
+	cols -= 5;
+}
+
+static void cinit(void)
+{
+	item_no = 0;
+}
+
+static void cmake(void)
+{
+	items[item_no] = malloc(sizeof(struct dialog_list_item));
+	memset(items[item_no], 0, sizeof(struct dialog_list_item));
+	items[item_no]->tag = malloc(32); items[item_no]->tag[0] = 0;
+	items[item_no]->name = malloc(512); items[item_no]->name[0] = 0;
+	items[item_no]->namelen = 0;
+	item_no++;
+}
+
+static int cprint_name(const char *fmt, ...)
+{
+	va_list ap;
+	int res;
+
+	if (!item_no)
+		cmake();
+	va_start(ap, fmt);
+	res = vsnprintf(items[item_no - 1]->name + items[item_no - 1]->namelen,
+			512 - items[item_no - 1]->namelen, fmt, ap);
+	if (res > 0)
+		items[item_no - 1]->namelen += res;
+	va_end(ap);
+
+	return res;
+}
+
+static int cprint_tag(const char *fmt, ...)
+{
+	va_list ap;
+	int res;
+
+	if (!item_no)
+		cmake();
+	va_start(ap, fmt);
+	res = vsnprintf(items[item_no - 1]->tag, 32, fmt, ap);
+	va_end(ap);
+
+	return res;
+}
+
+static void cdone(void)
+{
+	int i;
+
+	for (i = 0; i < item_no; i++) {
+		free(items[i]->tag);
+		free(items[i]->name);
+		free(items[i]);
+	}
+
+	item_no = 0;
+}
+
+static void get_prompt_str(struct gstr *r, struct property *prop)
+{
+	int i, j;
+	struct menu *submenu[8], *menu;
+
+	str_printf(r, "Prompt: %s\n", prop->text);
+	str_printf(r, "  Defined at %s:%d\n", prop->menu->file->name,
+		prop->menu->lineno);
+	if (!expr_is_yes(prop->visible.expr)) {
+		str_append(r, "  Depends on: ");
+		expr_gstr_print(prop->visible.expr, r);
+		str_append(r, "\n");
+	}
+	menu = prop->menu->parent;
+	for (i = 0; menu != &rootmenu && i < 8; menu = menu->parent)
+		submenu[i++] = menu;
+	if (i > 0) {
+		str_printf(r, "  Location:\n");
+		for (j = 4; --i >= 0; j += 2) {
+			menu = submenu[i];
+			str_printf(r, "%*c-> %s", j, ' ', menu_get_prompt(menu));
+			if (menu->sym) {
+				str_printf(r, " (%s [=%s])", menu->sym->name ?
+					menu->sym->name : "<choice>",
+					sym_get_string_value(menu->sym));
+			}
+			str_append(r, "\n");
+		}
+	}
+}
+
+static void get_symbol_str(struct gstr *r, struct symbol *sym)
+{
+	bool hit;
+	struct property *prop;
+
+	str_printf(r, "Symbol: %s [=%s]\n", sym->name,
+	                               sym_get_string_value(sym));
+	for_all_prompts(sym, prop)
+		get_prompt_str(r, prop);
+	hit = false;
+	for_all_properties(sym, prop, P_SELECT) {
+		if (!hit) {
+			str_append(r, "  Selects: ");
+			hit = true;
+		} else
+			str_printf(r, " && ");
+		expr_gstr_print(prop->expr, r);
+	}
+	if (hit)
+		str_append(r, "\n");
+	if (sym->rev_dep.expr) {
+		str_append(r, "  Selected by: ");
+		expr_gstr_print(sym->rev_dep.expr, r);
+		str_append(r, "\n");
+	}
+	str_append(r, "\n\n");
+}
+
+static struct gstr get_relations_str(struct symbol **sym_arr)
+{
+	struct symbol *sym;
+	struct gstr res = str_new();
+	int i;
+
+	for (i = 0; sym_arr && (sym = sym_arr[i]); i++)
+		get_symbol_str(&res, sym);
+	if (!i)
+		str_append(&res, "No matches found.\n");
+	return res;
+}
+
+static void search_conf(void)
+{
+	struct symbol **sym_arr;
+	struct gstr res;
+
+again:
+	switch (dialog_inputbox("Search Configuration Parameter",
+				"Enter Keyword", 10, 75,
+				NULL)) {
+	case 0:
+		break;
+	case 1:
+		show_helptext("Search Configuration", search_help);
+		goto again;
+	default:
+		return;
+	}
+
+	sym_arr = sym_re_search(dialog_input_result);
+	res = get_relations_str(sym_arr);
+	free(sym_arr);
+	show_textbox("Search Results", str_get(&res), 0, 0);
+	str_free(&res);
+}
+
+static void build_conf(struct menu *menu)
+{
+	struct symbol *sym;
+	struct property *prop;
+	struct menu *child;
+	int type, tmp, doint = 2;
+	tristate val;
+	char ch;
+
+	if (!menu_is_visible(menu))
+		return;
+
+	sym = menu->sym;
+	prop = menu->prompt;
+	if (!sym) {
+		if (prop && menu != current_menu) {
+			const char *prompt = menu_get_prompt(menu);
+			switch (prop->type) {
+			case P_MENU:
+				child_count++;
+				cmake();
+				cprint_tag("m%p", menu);
+
+				if (single_menu_mode) {
+					cprint_name("%s%*c%s",
+						menu->data ? "-->" : "++>",
+						indent + 1, ' ', prompt);
+				} else {
+					cprint_name("   %*c%s  --->", indent + 1, ' ', prompt);
+				}
+
+				if (single_menu_mode && menu->data)
+					goto conf_childs;
+				return;
+			default:
+				if (prompt) {
+					child_count++;
+					cmake();
+					cprint_tag(":%p", menu);
+					cprint_name("---%*c%s", indent + 1, ' ', prompt);
+				}
+			}
+		} else
+			doint = 0;
+		goto conf_childs;
+	}
+
+	cmake();
+	type = sym_get_type(sym);
+	if (sym_is_choice(sym)) {
+		struct symbol *def_sym = sym_get_choice_value(sym);
+		struct menu *def_menu = NULL;
+
+		child_count++;
+		for (child = menu->list; child; child = child->next) {
+			if (menu_is_visible(child) && child->sym == def_sym)
+				def_menu = child;
+		}
+
+		val = sym_get_tristate_value(sym);
+		if (sym_is_changable(sym)) {
+			cprint_tag("t%p", menu);
+			switch (type) {
+			case S_BOOLEAN:
+				cprint_name("[%c]", val == no ? ' ' : '*');
+				break;
+			case S_TRISTATE:
+				switch (val) {
+				case yes: ch = '*'; break;
+				case mod: ch = 'M'; break;
+				default:  ch = ' '; break;
+				}
+				cprint_name("<%c>", ch);
+				break;
+			}
+		} else {
+			cprint_tag("%c%p", def_menu ? 't' : ':', menu);
+			cprint_name("   ");
+		}
+
+		cprint_name("%*c%s", indent + 1, ' ', menu_get_prompt(menu));
+		if (val == yes) {
+			if (def_menu) {
+				cprint_name(" (%s)", menu_get_prompt(def_menu));
+				cprint_name("  --->");
+				if (def_menu->list) {
+					indent += 2;
+					build_conf(def_menu);
+					indent -= 2;
+				}
+			}
+			return;
+		}
+	} else {
+		if (menu == current_menu) {
+			cprint_tag(":%p", menu);
+			cprint_name("---%*c%s", indent + 1, ' ', menu_get_prompt(menu));
+			goto conf_childs;
+		}
+		child_count++;
+		val = sym_get_tristate_value(sym);
+		if (sym_is_choice_value(sym) && val == yes) {
+			cprint_tag(":%p", menu);
+			cprint_name("   ");
+		} else {
+			switch (type) {
+			case S_BOOLEAN:
+				cprint_tag("t%p", menu);
+				if (sym_is_changable(sym))
+					cprint_name("[%c]", val == no ? ' ' : '*');
+				else
+					cprint_name("---");
+				break;
+			case S_TRISTATE:
+				cprint_tag("t%p", menu);
+				switch (val) {
+				case yes: ch = '*'; break;
+				case mod: ch = 'M'; break;
+				default:  ch = ' '; break;
+				}
+				if (sym_is_changable(sym))
+					cprint_name("<%c>", ch);
+				else
+					cprint_name("---");
+				break;
+			default:
+				cprint_tag("s%p", menu);
+				tmp = cprint_name("(%s)", sym_get_string_value(sym));
+				tmp = indent - tmp + 4;
+				if (tmp < 0)
+					tmp = 0;
+				cprint_name("%*c%s%s", tmp, ' ', menu_get_prompt(menu),
+					(sym_has_value(sym) || !sym_is_changable(sym)) ?
+					"" : " (NEW)");
+				goto conf_childs;
+			}
+		}
+		cprint_name("%*c%s%s", indent + 1, ' ', menu_get_prompt(menu),
+			(sym_has_value(sym) || !sym_is_changable(sym)) ?
+			"" : " (NEW)");
+		if (menu->prompt->type == P_MENU) {
+			cprint_name("  --->");
+			return;
+		}
+	}
+
+conf_childs:
+	indent += doint;
+	for (child = menu->list; child; child = child->next)
+		build_conf(child);
+	indent -= doint;
+}
+
+static void conf(struct menu *menu)
+{
+	struct dialog_list_item *active_item = NULL;
+	struct menu *submenu;
+	const char *prompt = menu_get_prompt(menu);
+	struct symbol *sym;
+	char active_entry[40];
+	int stat, type;
+
+	unlink("lxdialog.scrltmp");
+	active_entry[0] = 0;
+	while (1) {
+		indent = 0;
+		child_count = 0;
+		current_menu = menu;
+		cdone(); cinit();
+		build_conf(menu);
+		if (!child_count)
+			break;
+		if (menu == &rootmenu) {
+			cmake(); cprint_tag(":"); cprint_name("--- ");
+			cmake(); cprint_tag("L"); cprint_name("Load an Alternate Configuration File");
+			cmake(); cprint_tag("S"); cprint_name("Save Configuration to an Alternate File");
+		}
+		dialog_clear();
+		stat = dialog_menu(prompt ? prompt : "Main Menu",
+				menu_instructions, rows, cols, rows - 10,
+				active_entry, item_no, items);
+		if (stat < 0)
+			return;
+
+		if (stat == 1 || stat == 255)
+			break;
+
+		active_item = first_sel_item(item_no, items);
+		if (!active_item)
+			continue;
+		active_item->selected = 0;
+		strncpy(active_entry, active_item->tag, sizeof(active_entry));
+		active_entry[sizeof(active_entry)-1] = 0;
+		type = active_entry[0];
+		if (!type)
+			continue;
+
+		sym = NULL;
+		submenu = NULL;
+		if (sscanf(active_entry + 1, "%p", &submenu) == 1)
+			sym = submenu->sym;
+
+		switch (stat) {
+		case 0:
+			switch (type) {
+			case 'm':
+				if (single_menu_mode)
+					submenu->data = (void *) (long) !submenu->data;
+				else
+					conf(submenu);
+				break;
+			case 't':
+				if (sym_is_choice(sym) && sym_get_tristate_value(sym) == yes)
+					conf_choice(submenu);
+				else if (submenu->prompt->type == P_MENU)
+					conf(submenu);
+				break;
+			case 's':
+				conf_string(submenu);
+				break;
+			case 'L':
+				conf_load();
+				break;
+			case 'S':
+				conf_save();
+				break;
+			}
+			break;
+		case 2:
+			if (sym)
+				show_help(submenu);
+			else
+				show_helptext("README", mconf_readme);
+			break;
+		case 3:
+			if (type == 't') {
+				if (sym_set_tristate_value(sym, yes))
+					break;
+				if (sym_set_tristate_value(sym, mod))
+					show_textbox(NULL, setmod_text, 6, 74);
+			}
+			break;
+		case 4:
+			if (type == 't')
+				sym_set_tristate_value(sym, no);
+			break;
+		case 5:
+			if (type == 't')
+				sym_set_tristate_value(sym, mod);
+			break;
+		case 6:
+			if (type == 't')
+				sym_toggle_tristate_value(sym);
+			else if (type == 'm')
+				conf(submenu);
+			break;
+		case 7:
+			search_conf();
+			break;
+		}
+	}
+}
+
+static void show_textbox(const char *title, const char *text, int r, int c)
+{
+	int fd;
+
+	fd = creat(".help.tmp", 0777);
+	write(fd, text, strlen(text));
+	close(fd);
+	show_file(".help.tmp", title, r, c);
+	unlink(".help.tmp");
+}
+
+static void show_helptext(const char *title, const char *text)
+{
+	show_textbox(title, text, 0, 0);
+}
+
+static void show_help(struct menu *menu)
+{
+	struct gstr help = str_new();
+	struct symbol *sym = menu->sym;
+
+	if (sym->help)
+	{
+		if (sym->name) {
+			str_printf(&help, "%s:\n\n", sym->name);
+			str_append(&help, sym->help);
+			str_append(&help, "\n");
+		}
+	} else {
+		str_append(&help, nohelp_text);
+	}
+	get_symbol_str(&help, sym);
+	show_helptext(menu_get_prompt(menu), str_get(&help));
+	str_free(&help);
+}
+
+static void show_file(const char *filename, const char *title, int r, int c)
+{
+	while (dialog_textbox(title, filename, r ? r : rows, c ? c : cols) < 0)
+		;
+}
+
+static void conf_choice(struct menu *menu)
+{
+	const char *prompt = menu_get_prompt(menu);
+	struct menu *child;
+	struct symbol *active;
+
+	active = sym_get_choice_value(menu->sym);
+	while (1) {
+		current_menu = menu;
+		cdone(); cinit();
+		for (child = menu->list; child; child = child->next) {
+			if (!menu_is_visible(child))
+				continue;
+			cmake();
+			cprint_tag("%p", child);
+			cprint_name("%s", menu_get_prompt(child));
+			if (child->sym == sym_get_choice_value(menu->sym))
+				items[item_no - 1]->selected = 1; /* ON */
+			else if (child->sym == active)
+				items[item_no - 1]->selected = 2; /* SELECTED */
+			else
+				items[item_no - 1]->selected = 0; /* OFF */
+		}
+
+		switch (dialog_checklist(prompt ? prompt : "Main Menu",
+					radiolist_instructions, 15, 70, 6,
+					item_no, items, FLAG_RADIO)) {
+		case 0:
+			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) != 1)
+				break;
+			sym_set_tristate_value(child->sym, yes);
+			return;
+		case 1:
+			if (sscanf(first_sel_item(item_no, items)->tag, "%p", &child) == 1) {
+				show_help(child);
+				active = child->sym;
+			} else
+				show_help(menu);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_string(struct menu *menu)
+{
+	const char *prompt = menu_get_prompt(menu);
+
+	while (1) {
+		char *heading;
+
+		switch (sym_get_type(menu->sym)) {
+		case S_INT:
+			heading = (char *) inputbox_instructions_int;
+			break;
+		case S_HEX:
+			heading = (char *) inputbox_instructions_hex;
+			break;
+		case S_STRING:
+			heading = (char *) inputbox_instructions_string;
+			break;
+		default:
+			heading = "Internal mconf error!";
+			/* panic? */;
+		}
+
+		switch (dialog_inputbox(prompt ? prompt : "Main Menu",
+					heading, 10, 75,
+					sym_get_string_value(menu->sym))) {
+		case 0:
+			if (sym_set_string_value(menu->sym, dialog_input_result))
+				return;
+			show_textbox(NULL, "You have made an invalid entry.", 5, 43);
+			break;
+		case 1:
+			show_help(menu);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_load(void)
+{
+	while (1) {
+		switch (dialog_inputbox(NULL, load_config_text, 11, 55,
+					filename)) {
+		case 0:
+			if (!dialog_input_result[0])
+				return;
+			if (!conf_read(dialog_input_result))
+				return;
+			show_textbox(NULL, "File does not exist!", 5, 38);
+			break;
+		case 1:
+			show_helptext("Load Alternate Configuration", load_config_help);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_save(void)
+{
+	while (1) {
+		switch (dialog_inputbox(NULL, save_config_text, 11, 55,
+					filename)) {
+		case 0:
+			if (!dialog_input_result[0])
+				return;
+			if (!conf_write(dialog_input_result))
+				return;
+			show_textbox(NULL, "Can't create file!  Probably a nonexistent directory.", 5, 60);
+			break;
+		case 1:
+			show_helptext("Save Alternate Configuration", save_config_help);
+			break;
+		case 255:
+			return;
+		}
+	}
+}
+
+static void conf_cleanup(void)
+{
+	tcsetattr(1, TCSAFLUSH, &ios_org);
+	unlink(".help.tmp");
+}
+
+static void winch_handler(int sig)
+{
+	struct winsize ws;
+
+	if (ioctl(1, TIOCGWINSZ, &ws) == -1) {
+		rows = 24;
+		cols = 80;
+	} else {
+		rows = ws.ws_row;
+		cols = ws.ws_col;
+	}
+
+	if (rows < 19 || cols < 80) {
+		end_dialog();
+		fprintf(stderr, "Your display is too small to run Menuconfig!\n");
+		fprintf(stderr, "It must be at least 19 lines by 80 columns.\n");
+		exit(1);
+	}
+
+	rows -= 4;
+	cols -= 5;
+
+}
+
+int main(int ac, char **av)
+{
+	struct symbol *sym;
+	char *mode;
+	int stat;
+
+	conf_parse(av[1]);
+	conf_read(NULL);
+
+	sym = sym_lookup("VERSION", 0);
+	sym_calc_value(sym);
+	snprintf(menu_backtitle, 128, "axTLS v%s Configuration",
+		sym_get_string_value(sym));
+
+	mode = getenv("MENUCONFIG_MODE");
+	if (mode) {
+		if (!strcasecmp(mode, "single_menu"))
+			single_menu_mode = 1;
+	}
+
+	tcgetattr(1, &ios_org);
+	atexit(conf_cleanup);
+	init_wsize();
+	init_dialog();
+	signal(SIGWINCH, winch_handler);
+	conf(&rootmenu);
+	end_dialog();
+
+	/* Restart dialog to act more like when lxdialog was still separate */
+	init_dialog();
+	do {
+		stat = dialog_yesno(NULL,
+				    "Do you wish to save your new axTLS configuration?", 5, 60);
+	} while (stat < 0);
+	end_dialog();
+
+	if (stat == 0) {
+		conf_write(NULL);
+		printf("\n\n"
+			"*** End of axTLS configuration.\n"
+			"*** Check the top-level Makefile for additional configuration options.\n\n");
+	} else
+		printf("\n\nYour axTLS configuration changes were NOT saved.\n\n");
+
+	return 0;
+}
diff --git a/config/scripts/config/menu.c b/config/scripts/config/menu.c
new file mode 100644
index 0000000000..0c13156f33
--- /dev/null
+++ b/config/scripts/config/menu.c
@@ -0,0 +1,390 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+struct menu rootmenu;
+static struct menu **last_entry_ptr;
+
+struct file *file_list;
+struct file *current_file;
+
+static void menu_warn(struct menu *menu, const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	fprintf(stderr, "%s:%d:warning: ", menu->file->name, menu->lineno);
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+static void prop_warn(struct property *prop, const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	fprintf(stderr, "%s:%d:warning: ", prop->file->name, prop->lineno);
+	vfprintf(stderr, fmt, ap);
+	fprintf(stderr, "\n");
+	va_end(ap);
+}
+
+void menu_init(void)
+{
+	current_entry = current_menu = &rootmenu;
+	last_entry_ptr = &rootmenu.list;
+}
+
+void menu_add_entry(struct symbol *sym)
+{
+	struct menu *menu;
+
+	menu = malloc(sizeof(*menu));
+	memset(menu, 0, sizeof(*menu));
+	menu->sym = sym;
+	menu->parent = current_menu;
+	menu->file = current_file;
+	menu->lineno = zconf_lineno();
+
+	*last_entry_ptr = menu;
+	last_entry_ptr = &menu->next;
+	current_entry = menu;
+}
+
+void menu_end_entry(void)
+{
+}
+
+void menu_add_menu(void)
+{
+	current_menu = current_entry;
+	last_entry_ptr = &current_entry->list;
+}
+
+void menu_end_menu(void)
+{
+	last_entry_ptr = &current_menu->next;
+	current_menu = current_menu->parent;
+}
+
+struct expr *menu_check_dep(struct expr *e)
+{
+	if (!e)
+		return e;
+
+	switch (e->type) {
+	case E_NOT:
+		e->left.expr = menu_check_dep(e->left.expr);
+		break;
+	case E_OR:
+	case E_AND:
+		e->left.expr = menu_check_dep(e->left.expr);
+		e->right.expr = menu_check_dep(e->right.expr);
+		break;
+	case E_SYMBOL:
+		/* change 'm' into 'm' && MODULES */
+		if (e->left.sym == &symbol_mod)
+			return expr_alloc_and(e, expr_alloc_symbol(modules_sym));
+		break;
+	default:
+		break;
+	}
+	return e;
+}
+
+void menu_add_dep(struct expr *dep)
+{
+	current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
+}
+
+void menu_set_type(int type)
+{
+	struct symbol *sym = current_entry->sym;
+
+	if (sym->type == type)
+		return;
+	if (sym->type == S_UNKNOWN) {
+		sym->type = type;
+		return;
+	}
+	menu_warn(current_entry, "type of '%s' redefined from '%s' to '%s'\n",
+	    sym->name ? sym->name : "<choice>",
+	    sym_type_name(sym->type), sym_type_name(type));
+}
+
+struct property *menu_add_prop(enum prop_type type, char *prompt, struct expr *expr, struct expr *dep)
+{
+	struct property *prop = prop_alloc(type, current_entry->sym);
+
+	prop->menu = current_entry;
+	prop->text = prompt;
+	prop->expr = expr;
+	prop->visible.expr = menu_check_dep(dep);
+
+	if (prompt) {
+		if (current_entry->prompt)
+			menu_warn(current_entry, "prompt redefined\n");
+		current_entry->prompt = prop;
+	}
+
+	return prop;
+}
+
+void menu_add_prompt(enum prop_type type, char *prompt, struct expr *dep)
+{
+	menu_add_prop(type, prompt, NULL, dep);
+}
+
+void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep)
+{
+	menu_add_prop(type, NULL, expr, dep);
+}
+
+void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep)
+{
+	menu_add_prop(type, NULL, expr_alloc_symbol(sym), dep);
+}
+
+void sym_check_prop(struct symbol *sym)
+{
+	struct property *prop;
+	struct symbol *sym2;
+	for (prop = sym->prop; prop; prop = prop->next) {
+		switch (prop->type) {
+		case P_DEFAULT:
+			if ((sym->type == S_STRING || sym->type == S_INT || sym->type == S_HEX) &&
+			    prop->expr->type != E_SYMBOL)
+				prop_warn(prop,
+				    "default for config symbol '%'"
+				    " must be a single symbol", sym->name);
+			break;
+		case P_SELECT:
+			sym2 = prop_get_symbol(prop);
+			if (sym->type != S_BOOLEAN && sym->type != S_TRISTATE)
+				prop_warn(prop,
+				    "config symbol '%s' uses select, but is "
+				    "not boolean or tristate", sym->name);
+			else if (sym2->type == S_UNKNOWN)
+				prop_warn(prop,
+				    "'select' used by config symbol '%s' "
+				    "refer to undefined symbol '%s'",
+				    sym->name, sym2->name);
+			else if (sym2->type != S_BOOLEAN && sym2->type != S_TRISTATE)
+				prop_warn(prop,
+				    "'%s' has wrong type. 'select' only "
+				    "accept arguments of boolean and "
+				    "tristate type", sym2->name);
+			break;
+		case P_RANGE:
+			if (sym->type != S_INT && sym->type != S_HEX)
+				prop_warn(prop, "range is only allowed "
+				                "for int or hex symbols");
+			if (!sym_string_valid(sym, prop->expr->left.sym->name) ||
+			    !sym_string_valid(sym, prop->expr->right.sym->name))
+				prop_warn(prop, "range is invalid");
+			break;
+		default:
+			;
+		}
+	}
+}
+
+void menu_finalize(struct menu *parent)
+{
+	struct menu *menu, *last_menu;
+	struct symbol *sym;
+	struct property *prop;
+	struct expr *parentdep, *basedep, *dep, *dep2, **ep;
+
+	sym = parent->sym;
+	if (parent->list) {
+		if (sym && sym_is_choice(sym)) {
+			/* find the first choice value and find out choice type */
+			for (menu = parent->list; menu; menu = menu->next) {
+				if (menu->sym) {
+					current_entry = parent;
+					menu_set_type(menu->sym->type);
+					current_entry = menu;
+					menu_set_type(sym->type);
+					break;
+				}
+			}
+			parentdep = expr_alloc_symbol(sym);
+		} else if (parent->prompt)
+			parentdep = parent->prompt->visible.expr;
+		else
+			parentdep = parent->dep;
+
+		for (menu = parent->list; menu; menu = menu->next) {
+			basedep = expr_transform(menu->dep);
+			basedep = expr_alloc_and(expr_copy(parentdep), basedep);
+			basedep = expr_eliminate_dups(basedep);
+			menu->dep = basedep;
+			if (menu->sym)
+				prop = menu->sym->prop;
+			else
+				prop = menu->prompt;
+			for (; prop; prop = prop->next) {
+				if (prop->menu != menu)
+					continue;
+				dep = expr_transform(prop->visible.expr);
+				dep = expr_alloc_and(expr_copy(basedep), dep);
+				dep = expr_eliminate_dups(dep);
+				if (menu->sym && menu->sym->type != S_TRISTATE)
+					dep = expr_trans_bool(dep);
+				prop->visible.expr = dep;
+				if (prop->type == P_SELECT) {
+					struct symbol *es = prop_get_symbol(prop);
+					es->rev_dep.expr = expr_alloc_or(es->rev_dep.expr,
+							expr_alloc_and(expr_alloc_symbol(menu->sym), expr_copy(dep)));
+				}
+			}
+		}
+		for (menu = parent->list; menu; menu = menu->next)
+			menu_finalize(menu);
+	} else if (sym) {
+		basedep = parent->prompt ? parent->prompt->visible.expr : NULL;
+		basedep = expr_trans_compare(basedep, E_UNEQUAL, &symbol_no);
+		basedep = expr_eliminate_dups(expr_transform(basedep));
+		last_menu = NULL;
+		for (menu = parent->next; menu; menu = menu->next) {
+			dep = menu->prompt ? menu->prompt->visible.expr : menu->dep;
+			if (!expr_contains_symbol(dep, sym))
+				break;
+			if (expr_depends_symbol(dep, sym))
+				goto next;
+			dep = expr_trans_compare(dep, E_UNEQUAL, &symbol_no);
+			dep = expr_eliminate_dups(expr_transform(dep));
+			dep2 = expr_copy(basedep);
+			expr_eliminate_eq(&dep, &dep2);
+			expr_free(dep);
+			if (!expr_is_yes(dep2)) {
+				expr_free(dep2);
+				break;
+			}
+			expr_free(dep2);
+		next:
+			menu_finalize(menu);
+			menu->parent = parent;
+			last_menu = menu;
+		}
+		if (last_menu) {
+			parent->list = parent->next;
+			parent->next = last_menu->next;
+			last_menu->next = NULL;
+		}
+	}
+	for (menu = parent->list; menu; menu = menu->next) {
+		if (sym && sym_is_choice(sym) && menu->sym) {
+			menu->sym->flags |= SYMBOL_CHOICEVAL;
+			if (!menu->prompt)
+				menu_warn(menu, "choice value must have a prompt");
+			for (prop = menu->sym->prop; prop; prop = prop->next) {
+				if (prop->type == P_PROMPT && prop->menu != menu) {
+					prop_warn(prop, "choice values "
+					    "currently only support a "
+					    "single prompt");
+				}
+				if (prop->type == P_DEFAULT)
+					prop_warn(prop, "defaults for choice "
+					    "values not supported");
+			}
+			current_entry = menu;
+			menu_set_type(sym->type);
+			menu_add_symbol(P_CHOICE, sym, NULL);
+			prop = sym_get_choice_prop(sym);
+			for (ep = &prop->expr; *ep; ep = &(*ep)->left.expr)
+				;
+			*ep = expr_alloc_one(E_CHOICE, NULL);
+			(*ep)->right.sym = menu->sym;
+		}
+		if (menu->list && (!menu->prompt || !menu->prompt->text)) {
+			for (last_menu = menu->list; ; last_menu = last_menu->next) {
+				last_menu->parent = parent;
+				if (!last_menu->next)
+					break;
+			}
+			last_menu->next = menu->next;
+			menu->next = menu->list;
+			menu->list = NULL;
+		}
+	}
+
+	if (sym && !(sym->flags & SYMBOL_WARNED)) {
+		if (sym->type == S_UNKNOWN)
+			menu_warn(parent, "config symbol defined "
+			    "without type\n");
+
+		if (sym_is_choice(sym) && !parent->prompt)
+			menu_warn(parent, "choice must have a prompt\n");
+
+		/* Check properties connected to this symbol */
+		sym_check_prop(sym);
+		sym->flags |= SYMBOL_WARNED;
+	}
+
+	if (sym && !sym_is_optional(sym) && parent->prompt) {
+		sym->rev_dep.expr = expr_alloc_or(sym->rev_dep.expr,
+				expr_alloc_and(parent->prompt->visible.expr,
+					expr_alloc_symbol(&symbol_mod)));
+	}
+}
+
+bool menu_is_visible(struct menu *menu)
+{
+	struct menu *child;
+	struct symbol *sym;
+	tristate visible;
+
+	if (!menu->prompt)
+		return false;
+	sym = menu->sym;
+	if (sym) {
+		sym_calc_value(sym);
+		visible = menu->prompt->visible.tri;
+	} else
+		visible = menu->prompt->visible.tri = expr_calc_value(menu->prompt->visible.expr);
+
+	if (visible != no)
+		return true;
+	if (!sym || sym_get_tristate_value(menu->sym) == no)
+		return false;
+
+	for (child = menu->list; child; child = child->next)
+		if (menu_is_visible(child))
+			return true;
+	return false;
+}
+
+const char *menu_get_prompt(struct menu *menu)
+{
+	if (menu->prompt)
+		return menu->prompt->text;
+	else if (menu->sym)
+		return menu->sym->name;
+	return NULL;
+}
+
+struct menu *menu_get_root_menu(struct menu *menu)
+{
+	return &rootmenu;
+}
+
+struct menu *menu_get_parent_menu(struct menu *menu)
+{
+	enum prop_type type;
+
+	for (; menu != &rootmenu; menu = menu->parent) {
+		type = menu->prompt ? menu->prompt->type : 0;
+		if (type == P_MENU)
+			break;
+	}
+	return menu;
+}
+
diff --git a/config/scripts/config/mkconfigs b/config/scripts/config/mkconfigs
new file mode 100755
index 0000000000..3cb7bb1754
--- /dev/null
+++ b/config/scripts/config/mkconfigs
@@ -0,0 +1,67 @@
+#!/bin/sh
+#
+# Copyright (C) 2002 Khalid Aziz <khalid_aziz at hp.com>
+# Copyright (C) 2002 Randy Dunlap <rddunlap at osdl.org>
+# Copyright (C) 2002 Al Stone <ahs3 at fc.hp.com>
+# Copyright (C) 2002 Hewlett-Packard Company
+#
+#   This program is free software; you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation; either version 2 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program; if not, write to the Free Software
+#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#   Busybox version by Matteo Croce <3297627799 at wind.it>
+#
+# Rules to generate bbconfig.h from .config:
+#      - Retain lines that begin with "CONFIG_"
+#      - Retain lines that begin with "# CONFIG_"
+#      - lines that use double-quotes must \\-escape-quote them
+
+if [ $# -lt 1 ]
+then
+	config=.config
+else	config=$1
+fi
+
+echo "#ifndef _BBCONFIG_H"
+echo "#define _BBCONFIG_H"
+echo \
+"/*
+ * busybox configuration options.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
+ * NON INFRINGEMENT.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ *
+ *
+ * This file is generated automatically by scripts/config/mkconfigs.
+ * Do not edit.
+ *
+ */"
+
+echo "static char const bbconfig_config[] ="
+echo "\"CONFIG_BEGIN=n\\n\\"
+echo "`sed 's/\"/\\\\\"/g' $config | grep "^#\? \?CONFIG_" | awk '{ print $0 "\\\\n\\\\" }' `"
+echo "CONFIG_END=n\\n\";"
+echo "#endif /* _BBCONFIG_H */"
diff --git a/config/scripts/config/symbol.c b/config/scripts/config/symbol.c
new file mode 100644
index 0000000000..ea629728ac
--- /dev/null
+++ b/config/scripts/config/symbol.c
@@ -0,0 +1,809 @@
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <regex.h>
+#include <sys/utsname.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+struct symbol symbol_yes = {
+	.name = "y",
+	.curr = { "y", yes },
+	.flags = SYMBOL_YES|SYMBOL_VALID,
+}, symbol_mod = {
+	.name = "m",
+	.curr = { "m", mod },
+	.flags = SYMBOL_MOD|SYMBOL_VALID,
+}, symbol_no = {
+	.name = "n",
+	.curr = { "n", no },
+	.flags = SYMBOL_NO|SYMBOL_VALID,
+}, symbol_empty = {
+	.name = "",
+	.curr = { "", no },
+	.flags = SYMBOL_VALID,
+};
+
+int sym_change_count;
+struct symbol *modules_sym;
+tristate modules_val;
+
+void sym_add_default(struct symbol *sym, const char *def)
+{
+	struct property *prop = prop_alloc(P_DEFAULT, sym);
+
+	prop->expr = expr_alloc_symbol(sym_lookup(def, 1));
+}
+
+void sym_init(void)
+{
+	struct symbol *sym;
+	char *p;
+	static bool inited = false;
+
+	if (inited)
+		return;
+	inited = true;
+
+	sym = sym_lookup("VERSION", 0);
+	sym->type = S_STRING;
+	sym->flags |= SYMBOL_AUTO;
+	p = getenv("VERSION");
+	if (p)
+		sym_add_default(sym, p);
+
+	sym = sym_lookup("TARGET_ARCH", 0);
+	sym->type = S_STRING;
+	sym->flags |= SYMBOL_AUTO;
+	p = getenv("TARGET_ARCH");
+	if (p)
+		sym_add_default(sym, p);
+
+}
+
+enum symbol_type sym_get_type(struct symbol *sym)
+{
+	enum symbol_type type = sym->type;
+
+	if (type == S_TRISTATE) {
+		if (sym_is_choice_value(sym) && sym->visible == yes)
+			type = S_BOOLEAN;
+		else if (modules_val == no)
+			type = S_BOOLEAN;
+	}
+	return type;
+}
+
+const char *sym_type_name(enum symbol_type type)
+{
+	switch (type) {
+	case S_BOOLEAN:
+		return "boolean";
+	case S_TRISTATE:
+		return "tristate";
+	case S_INT:
+		return "integer";
+	case S_HEX:
+		return "hex";
+	case S_STRING:
+		return "string";
+	case S_UNKNOWN:
+		return "unknown";
+	case S_OTHER:
+		break;
+	}
+	return "???";
+}
+
+struct property *sym_get_choice_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_choices(sym, prop)
+		return prop;
+	return NULL;
+}
+
+struct property *sym_get_default_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_defaults(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri != no)
+			return prop;
+	}
+	return NULL;
+}
+
+struct property *sym_get_range_prop(struct symbol *sym)
+{
+	struct property *prop;
+
+	for_all_properties(sym, prop, P_RANGE) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri != no)
+			return prop;
+	}
+	return NULL;
+}
+
+static void sym_calc_visibility(struct symbol *sym)
+{
+	struct property *prop;
+	tristate tri;
+
+	/* any prompt visible? */
+	tri = no;
+	for_all_prompts(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		tri = E_OR(tri, prop->visible.tri);
+	}
+	if (tri == mod && (sym->type != S_TRISTATE || modules_val == no))
+		tri = yes;
+	if (sym->visible != tri) {
+		sym->visible = tri;
+		sym_set_changed(sym);
+	}
+	if (sym_is_choice_value(sym))
+		return;
+	tri = no;
+	if (sym->rev_dep.expr)
+		tri = expr_calc_value(sym->rev_dep.expr);
+	if (tri == mod && sym_get_type(sym) == S_BOOLEAN)
+		tri = yes;
+	if (sym->rev_dep.tri != tri) {
+		sym->rev_dep.tri = tri;
+		sym_set_changed(sym);
+	}
+}
+
+static struct symbol *sym_calc_choice(struct symbol *sym)
+{
+	struct symbol *def_sym;
+	struct property *prop;
+	struct expr *e;
+
+	/* is the user choice visible? */
+	def_sym = sym->user.val;
+	if (def_sym) {
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* any of the defaults visible? */
+	for_all_defaults(sym, prop) {
+		prop->visible.tri = expr_calc_value(prop->visible.expr);
+		if (prop->visible.tri == no)
+			continue;
+		def_sym = prop_get_symbol(prop);
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* just get the first visible value */
+	prop = sym_get_choice_prop(sym);
+	for (e = prop->expr; e; e = e->left.expr) {
+		def_sym = e->right.sym;
+		sym_calc_visibility(def_sym);
+		if (def_sym->visible != no)
+			return def_sym;
+	}
+
+	/* no choice? reset tristate value */
+	sym->curr.tri = no;
+	return NULL;
+}
+
+void sym_calc_value(struct symbol *sym)
+{
+	struct symbol_value newval, oldval;
+	struct property *prop;
+	struct expr *e;
+
+	if (!sym)
+		return;
+
+	if (sym->flags & SYMBOL_VALID)
+		return;
+	sym->flags |= SYMBOL_VALID;
+
+	oldval = sym->curr;
+
+	switch (sym->type) {
+	case S_INT:
+	case S_HEX:
+	case S_STRING:
+		newval = symbol_empty.curr;
+		break;
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		newval = symbol_no.curr;
+		break;
+	default:
+		sym->curr.val = sym->name;
+		sym->curr.tri = no;
+		return;
+	}
+	if (!sym_is_choice_value(sym))
+		sym->flags &= ~SYMBOL_WRITE;
+
+	sym_calc_visibility(sym);
+
+	/* set default if recursively called */
+	sym->curr = newval;
+
+	switch (sym_get_type(sym)) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		if (sym_is_choice_value(sym) && sym->visible == yes) {
+			prop = sym_get_choice_prop(sym);
+			newval.tri = (prop_get_symbol(prop)->curr.val == sym) ? yes : no;
+		} else if (E_OR(sym->visible, sym->rev_dep.tri) != no) {
+			sym->flags |= SYMBOL_WRITE;
+			if (sym_has_value(sym))
+				newval.tri = sym->user.tri;
+			else if (!sym_is_choice(sym)) {
+				prop = sym_get_default_prop(sym);
+				if (prop)
+					newval.tri = expr_calc_value(prop->expr);
+			}
+			newval.tri = E_OR(E_AND(newval.tri, sym->visible), sym->rev_dep.tri);
+		} else if (!sym_is_choice(sym)) {
+			prop = sym_get_default_prop(sym);
+			if (prop) {
+				sym->flags |= SYMBOL_WRITE;
+				newval.tri = expr_calc_value(prop->expr);
+			}
+		}
+		if (newval.tri == mod && sym_get_type(sym) == S_BOOLEAN)
+			newval.tri = yes;
+		break;
+	case S_STRING:
+	case S_HEX:
+	case S_INT:
+		if (sym->visible != no) {
+			sym->flags |= SYMBOL_WRITE;
+			if (sym_has_value(sym)) {
+				newval.val = sym->user.val;
+				break;
+			}
+		}
+		prop = sym_get_default_prop(sym);
+		if (prop) {
+			struct symbol *ds = prop_get_symbol(prop);
+			if (ds) {
+				sym->flags |= SYMBOL_WRITE;
+				sym_calc_value(ds);
+				newval.val = ds->curr.val;
+			}
+		}
+		break;
+	default:
+		;
+	}
+
+	sym->curr = newval;
+	if (sym_is_choice(sym) && newval.tri == yes)
+		sym->curr.val = sym_calc_choice(sym);
+
+	if (memcmp(&oldval, &sym->curr, sizeof(oldval)))
+		sym_set_changed(sym);
+	if (modules_sym == sym)
+		modules_val = modules_sym->curr.tri;
+
+	if (sym_is_choice(sym)) {
+		int flags = sym->flags & (SYMBOL_CHANGED | SYMBOL_WRITE);
+		prop = sym_get_choice_prop(sym);
+		for (e = prop->expr; e; e = e->left.expr) {
+			e->right.sym->flags |= flags;
+			if (flags & SYMBOL_CHANGED)
+				sym_set_changed(e->right.sym);
+		}
+	}
+}
+
+void sym_clear_all_valid(void)
+{
+	struct symbol *sym;
+	int i;
+
+	for_all_symbols(i, sym)
+		sym->flags &= ~SYMBOL_VALID;
+	sym_change_count++;
+	if (modules_sym)
+		sym_calc_value(modules_sym);
+}
+
+void sym_set_changed(struct symbol *sym)
+{
+	struct property *prop;
+
+	sym->flags |= SYMBOL_CHANGED;
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu)
+			prop->menu->flags |= MENU_CHANGED;
+	}
+}
+
+void sym_set_all_changed(void)
+{
+	struct symbol *sym;
+	int i;
+
+	for_all_symbols(i, sym)
+		sym_set_changed(sym);
+}
+
+bool sym_tristate_within_range(struct symbol *sym, tristate val)
+{
+	int type = sym_get_type(sym);
+
+	if (sym->visible == no)
+		return false;
+
+	if (type != S_BOOLEAN && type != S_TRISTATE)
+		return false;
+
+	if (type == S_BOOLEAN && val == mod)
+		return false;
+	if (sym->visible <= sym->rev_dep.tri)
+		return false;
+	if (sym_is_choice_value(sym) && sym->visible == yes)
+		return val == yes;
+	return val >= sym->rev_dep.tri && val <= sym->visible;
+}
+
+bool sym_set_tristate_value(struct symbol *sym, tristate val)
+{
+	tristate oldval = sym_get_tristate_value(sym);
+
+	if (oldval != val && !sym_tristate_within_range(sym, val))
+		return false;
+
+	if (sym->flags & SYMBOL_NEW) {
+		sym->flags &= ~SYMBOL_NEW;
+		sym_set_changed(sym);
+	}
+	if (sym_is_choice_value(sym) && val == yes) {
+		struct symbol *cs = prop_get_symbol(sym_get_choice_prop(sym));
+
+		cs->user.val = sym;
+		cs->flags &= ~SYMBOL_NEW;
+	}
+
+	sym->user.tri = val;
+	if (oldval != val) {
+		sym_clear_all_valid();
+		if (sym == modules_sym)
+			sym_set_all_changed();
+	}
+
+	return true;
+}
+
+tristate sym_toggle_tristate_value(struct symbol *sym)
+{
+	tristate oldval, newval;
+
+	oldval = newval = sym_get_tristate_value(sym);
+	do {
+		switch (newval) {
+		case no:
+			newval = mod;
+			break;
+		case mod:
+			newval = yes;
+			break;
+		case yes:
+			newval = no;
+			break;
+		}
+		if (sym_set_tristate_value(sym, newval))
+			break;
+	} while (oldval != newval);
+	return newval;
+}
+
+bool sym_string_valid(struct symbol *sym, const char *str)
+{
+	signed char ch;
+
+	switch (sym->type) {
+	case S_STRING:
+		return true;
+	case S_INT:
+		ch = *str++;
+		if (ch == '-')
+			ch = *str++;
+		if (!isdigit(ch))
+			return false;
+		if (ch == '0' && *str != 0)
+			return false;
+		while ((ch = *str++)) {
+			if (!isdigit(ch))
+				return false;
+		}
+		return true;
+	case S_HEX:
+		if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
+			str += 2;
+		ch = *str++;
+		do {
+			if (!isxdigit(ch))
+				return false;
+		} while ((ch = *str++));
+		return true;
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (str[0]) {
+		case 'y': case 'Y':
+		case 'm': case 'M':
+		case 'n': case 'N':
+			return true;
+		}
+		return false;
+	default:
+		return false;
+	}
+}
+
+bool sym_string_within_range(struct symbol *sym, const char *str)
+{
+	struct property *prop;
+	int val;
+
+	switch (sym->type) {
+	case S_STRING:
+		return sym_string_valid(sym, str);
+	case S_INT:
+		if (!sym_string_valid(sym, str))
+			return false;
+		prop = sym_get_range_prop(sym);
+		if (!prop)
+			return true;
+		val = strtol(str, NULL, 10);
+		return val >= strtol(prop->expr->left.sym->name, NULL, 10) &&
+		       val <= strtol(prop->expr->right.sym->name, NULL, 10);
+	case S_HEX:
+		if (!sym_string_valid(sym, str))
+			return false;
+		prop = sym_get_range_prop(sym);
+		if (!prop)
+			return true;
+		val = strtol(str, NULL, 16);
+		return val >= strtol(prop->expr->left.sym->name, NULL, 16) &&
+		       val <= strtol(prop->expr->right.sym->name, NULL, 16);
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (str[0]) {
+		case 'y': case 'Y':
+			return sym_tristate_within_range(sym, yes);
+		case 'm': case 'M':
+			return sym_tristate_within_range(sym, mod);
+		case 'n': case 'N':
+			return sym_tristate_within_range(sym, no);
+		}
+		return false;
+	default:
+		return false;
+	}
+}
+
+bool sym_set_string_value(struct symbol *sym, const char *newval)
+{
+	const char *oldval;
+	char *val;
+	int size;
+
+	switch (sym->type) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		switch (newval[0]) {
+		case 'y': case 'Y':
+			return sym_set_tristate_value(sym, yes);
+		case 'm': case 'M':
+			return sym_set_tristate_value(sym, mod);
+		case 'n': case 'N':
+			return sym_set_tristate_value(sym, no);
+		}
+		return false;
+	default:
+		;
+	}
+
+	if (!sym_string_within_range(sym, newval))
+		return false;
+
+	if (sym->flags & SYMBOL_NEW) {
+		sym->flags &= ~SYMBOL_NEW;
+		sym_set_changed(sym);
+	}
+
+	oldval = sym->user.val;
+	size = strlen(newval) + 1;
+	if (sym->type == S_HEX && (newval[0] != '0' || (newval[1] != 'x' && newval[1] != 'X'))) {
+		size += 2;
+		sym->user.val = val = malloc(size);
+		*val++ = '0';
+		*val++ = 'x';
+	} else if (!oldval || strcmp(oldval, newval))
+		sym->user.val = val = malloc(size);
+	else
+		return true;
+
+	strcpy(val, newval);
+	free((void *)oldval);
+	sym_clear_all_valid();
+
+	return true;
+}
+
+const char *sym_get_string_value(struct symbol *sym)
+{
+	tristate val;
+
+	switch (sym->type) {
+	case S_BOOLEAN:
+	case S_TRISTATE:
+		val = sym_get_tristate_value(sym);
+		switch (val) {
+		case no:
+			return "n";
+		case mod:
+			return "m";
+		case yes:
+			return "y";
+		}
+		break;
+	default:
+		;
+	}
+	return (const char *)sym->curr.val;
+}
+
+bool sym_is_changable(struct symbol *sym)
+{
+	return sym->visible > sym->rev_dep.tri;
+}
+
+struct symbol *sym_lookup(const char *name, int isconst)
+{
+	struct symbol *symbol;
+	const char *ptr;
+	char *new_name;
+	int hash = 0;
+
+	if (name) {
+		if (name[0] && !name[1]) {
+			switch (name[0]) {
+			case 'y': return &symbol_yes;
+			case 'm': return &symbol_mod;
+			case 'n': return &symbol_no;
+			}
+		}
+		for (ptr = name; *ptr; ptr++)
+			hash += *ptr;
+		hash &= 0xff;
+
+		for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
+			if (!strcmp(symbol->name, name)) {
+				if ((isconst && symbol->flags & SYMBOL_CONST) ||
+				    (!isconst && !(symbol->flags & SYMBOL_CONST)))
+					return symbol;
+			}
+		}
+		new_name = strdup(name);
+	} else {
+		new_name = NULL;
+		hash = 256;
+	}
+
+	symbol = malloc(sizeof(*symbol));
+	memset(symbol, 0, sizeof(*symbol));
+	symbol->name = new_name;
+	symbol->type = S_UNKNOWN;
+	symbol->flags = SYMBOL_NEW;
+	if (isconst)
+		symbol->flags |= SYMBOL_CONST;
+
+	symbol->next = symbol_hash[hash];
+	symbol_hash[hash] = symbol;
+
+	return symbol;
+}
+
+struct symbol *sym_find(const char *name)
+{
+	struct symbol *symbol = NULL;
+	const char *ptr;
+	int hash = 0;
+
+	if (!name)
+		return NULL;
+
+	if (name[0] && !name[1]) {
+		switch (name[0]) {
+		case 'y': return &symbol_yes;
+		case 'm': return &symbol_mod;
+		case 'n': return &symbol_no;
+		}
+	}
+	for (ptr = name; *ptr; ptr++)
+		hash += *ptr;
+	hash &= 0xff;
+
+	for (symbol = symbol_hash[hash]; symbol; symbol = symbol->next) {
+		if (!strcmp(symbol->name, name) &&
+		    !(symbol->flags & SYMBOL_CONST))
+				break;
+	}
+
+	return symbol;
+}
+
+struct symbol **sym_re_search(const char *pattern)
+{
+	struct symbol *sym, **sym_arr = NULL;
+	int i, cnt, size;
+	regex_t re;
+
+	cnt = size = 0;
+	/* Skip if empty */
+	if (strlen(pattern) == 0)
+		return NULL;
+	if (regcomp(&re, pattern, REG_EXTENDED|REG_NOSUB|REG_ICASE))
+		return NULL;
+
+	for_all_symbols(i, sym) {
+		if (sym->flags & SYMBOL_CONST || !sym->name)
+			continue;
+		if (regexec(&re, sym->name, 0, NULL, 0))
+			continue;
+		if (cnt + 1 >= size) {
+			void *tmp = sym_arr;
+			size += 16;
+			sym_arr = realloc(sym_arr, size * sizeof(struct symbol *));
+			if (!sym_arr) {
+				free(tmp);
+				return NULL;
+			}
+		}
+		sym_arr[cnt++] = sym;
+	}
+	if (sym_arr)
+		sym_arr[cnt] = NULL;
+	regfree(&re);
+
+	return sym_arr;
+}
+
+
+struct symbol *sym_check_deps(struct symbol *sym);
+
+static struct symbol *sym_check_expr_deps(struct expr *e)
+{
+	struct symbol *sym;
+
+	if (!e)
+		return NULL;
+	switch (e->type) {
+	case E_OR:
+	case E_AND:
+		sym = sym_check_expr_deps(e->left.expr);
+		if (sym)
+			return sym;
+		return sym_check_expr_deps(e->right.expr);
+	case E_NOT:
+		return sym_check_expr_deps(e->left.expr);
+	case E_EQUAL:
+	case E_UNEQUAL:
+		sym = sym_check_deps(e->left.sym);
+		if (sym)
+			return sym;
+		return sym_check_deps(e->right.sym);
+	case E_SYMBOL:
+		return sym_check_deps(e->left.sym);
+	default:
+		break;
+	}
+	printf("Oops! How to check %d?\n", e->type);
+	return NULL;
+}
+
+struct symbol *sym_check_deps(struct symbol *sym)
+{
+	struct symbol *sym2;
+	struct property *prop;
+
+	if (sym->flags & SYMBOL_CHECK_DONE)
+		return NULL;
+	if (sym->flags & SYMBOL_CHECK) {
+		printf("Warning! Found recursive dependency: %s", sym->name);
+		return sym;
+	}
+
+	sym->flags |= (SYMBOL_CHECK | SYMBOL_CHECKED);
+	sym2 = sym_check_expr_deps(sym->rev_dep.expr);
+	if (sym2)
+		goto out;
+
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->type == P_CHOICE || prop->type == P_SELECT)
+			continue;
+		sym2 = sym_check_expr_deps(prop->visible.expr);
+		if (sym2)
+			goto out;
+		if (prop->type != P_DEFAULT || sym_is_choice(sym))
+			continue;
+		sym2 = sym_check_expr_deps(prop->expr);
+		if (sym2)
+			goto out;
+	}
+out:
+	if (sym2)
+		printf(" %s", sym->name);
+	sym->flags &= ~SYMBOL_CHECK;
+	return sym2;
+}
+
+struct property *prop_alloc(enum prop_type type, struct symbol *sym)
+{
+	struct property *prop;
+	struct property **propp;
+
+	prop = malloc(sizeof(*prop));
+	memset(prop, 0, sizeof(*prop));
+	prop->type = type;
+	prop->sym = sym;
+	prop->file = current_file;
+	prop->lineno = zconf_lineno();
+
+	/* append property to the prop list of symbol */
+	if (sym) {
+		for (propp = &sym->prop; *propp; propp = &(*propp)->next)
+			;
+		*propp = prop;
+	}
+
+	return prop;
+}
+
+struct symbol *prop_get_symbol(struct property *prop)
+{
+	if (prop->expr && (prop->expr->type == E_SYMBOL ||
+			   prop->expr->type == E_CHOICE))
+		return prop->expr->left.sym;
+	return NULL;
+}
+
+const char *prop_get_type_name(enum prop_type type)
+{
+	switch (type) {
+	case P_PROMPT:
+		return "prompt";
+	case P_COMMENT:
+		return "comment";
+	case P_MENU:
+		return "menu";
+	case P_DEFAULT:
+		return "default";
+	case P_CHOICE:
+		return "choice";
+	case P_SELECT:
+		return "select";
+	case P_RANGE:
+		return "range";
+	case P_UNKNOWN:
+		break;
+	}
+	return "unknown";
+}
diff --git a/config/scripts/config/util.c b/config/scripts/config/util.c
new file mode 100644
index 0000000000..8fc95a2a70
--- /dev/null
+++ b/config/scripts/config/util.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2002-2005 Roman Zippel <zippel@linux-m68k.org>
+ * Copyright (C) 2002-2005 Sam Ravnborg <sam@ravnborg.org>
+ *
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <string.h>
+#include "lkc.h"
+
+/* file already present in list? If not add it */
+struct file *file_lookup(const char *name)
+{
+	struct file *file;
+
+	for (file = file_list; file; file = file->next) {
+		if (!strcmp(name, file->name))
+			return file;
+	}
+
+	file = malloc(sizeof(*file));
+	memset(file, 0, sizeof(*file));
+	file->name = strdup(name);
+	file->next = file_list;
+	file_list = file;
+	return file;
+}
+
+/* write a dependency file as used by kbuild to track dependencies */
+int file_write_dep(const char *name)
+{
+	struct file *file;
+	FILE *out;
+
+	if (!name)
+		name = "config/.config.cmd";
+	out = fopen("config/.config.tmp", "w");
+	if (!out)
+		return 1;
+	fprintf(out, "deps_config := \\\n");
+	for (file = file_list; file; file = file->next) {
+		if (file->next)
+			fprintf(out, "\t%s \\\n", file->name);
+		else
+			fprintf(out, "\t%s\n", file->name);
+	}
+	fprintf(out, "\n.config include/config.h: $(deps_config)\n\n$(deps_config):\n");
+	fclose(out);
+	rename(".config.tmp", name);
+	return 0;
+}
+
+
+/* Allocate initial growable sting */
+struct gstr str_new(void)
+{
+	struct gstr gs;
+	gs.s = malloc(sizeof(char) * 64);
+	gs.len = 16;
+	strcpy(gs.s, "\0");
+	return gs;
+}
+
+/* Allocate and assign growable string */
+struct gstr str_assign(const char *s)
+{
+	struct gstr gs;
+	gs.s = strdup(s);
+	gs.len = strlen(s) + 1;
+	return gs;
+}
+
+/* Free storage for growable string */
+void str_free(struct gstr *gs)
+{
+	if (gs->s)
+		free(gs->s);
+	gs->s = NULL;
+	gs->len = 0;
+}
+
+/* Append to growable string */
+void str_append(struct gstr *gs, const char *s)
+{
+	size_t l = strlen(gs->s) + strlen(s) + 1;
+	if (l > gs->len) {
+		gs->s   = realloc(gs->s, l);
+		gs->len = l;
+	}
+	strcat(gs->s, s);
+}
+
+/* Append printf formatted string to growable string */
+void str_printf(struct gstr *gs, const char *fmt, ...)
+{
+	va_list ap;
+	char s[10000]; /* big enough... */
+	va_start(ap, fmt);
+	vsnprintf(s, sizeof(s), fmt, ap);
+	str_append(gs, s);
+	va_end(ap);
+}
+
+/* Retreive value of growable string */
+const char *str_get(struct gstr *gs)
+{
+	return gs->s;
+}
+
diff --git a/config/scripts/config/zconf.l b/config/scripts/config/zconf.l
new file mode 100644
index 0000000000..55517b2877
--- /dev/null
+++ b/config/scripts/config/zconf.l
@@ -0,0 +1,366 @@
+%option backup nostdinit noyywrap never-interactive full ecs
+%option 8bit backup nodefault perf-report perf-report
+%x COMMAND HELP STRING PARAM
+%{
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+#define START_STRSIZE	16
+
+char *text;
+static char *text_ptr;
+static int text_size, text_asize;
+
+struct buffer {
+        struct buffer *parent;
+        YY_BUFFER_STATE state;
+};
+
+struct buffer *current_buf;
+
+static int last_ts, first_ts;
+
+static void zconf_endhelp(void);
+static struct buffer *zconf_endfile(void);
+
+void new_string(void)
+{
+	text = malloc(START_STRSIZE);
+	text_asize = START_STRSIZE;
+	text_ptr = text;
+	text_size = 0;
+	*text_ptr = 0;
+}
+
+void append_string(const char *str, int size)
+{
+	int new_size = text_size + size + 1;
+	if (new_size > text_asize) {
+		text = realloc(text, new_size);
+		text_asize = new_size;
+		text_ptr = text + text_size;
+	}
+	memcpy(text_ptr, str, size);
+	text_ptr += size;
+	text_size += size;
+	*text_ptr = 0;
+}
+
+void alloc_string(const char *str, int size)
+{
+	text = malloc(size + 1);
+	memcpy(text, str, size);
+	text[size] = 0;
+}
+%}
+
+ws	[ \n\t]
+n	[A-Za-z0-9_]
+
+%%
+	int str = 0;
+	int ts, i;
+
+[ \t]*#.*\n	current_file->lineno++;
+[ \t]*#.*
+
+[ \t]*\n	current_file->lineno++; return T_EOL;
+
+[ \t]+	{
+	BEGIN(COMMAND);
+}
+
+.	{
+	unput(yytext[0]);
+	BEGIN(COMMAND);
+}
+
+
+<COMMAND>{
+	"mainmenu"		BEGIN(PARAM); return T_MAINMENU;
+	"menu"			BEGIN(PARAM); return T_MENU;
+	"endmenu"		BEGIN(PARAM); return T_ENDMENU;
+	"source"		BEGIN(PARAM); return T_SOURCE;
+	"choice"		BEGIN(PARAM); return T_CHOICE;
+	"endchoice"		BEGIN(PARAM); return T_ENDCHOICE;
+	"comment"		BEGIN(PARAM); return T_COMMENT;
+	"config"		BEGIN(PARAM); return T_CONFIG;
+	"menuconfig"		BEGIN(PARAM); return T_MENUCONFIG;
+	"help"			BEGIN(PARAM); return T_HELP;
+	"if"			BEGIN(PARAM); return T_IF;
+	"endif"			BEGIN(PARAM); return T_ENDIF;
+	"depends"		BEGIN(PARAM); return T_DEPENDS;
+	"requires"		BEGIN(PARAM); return T_REQUIRES;
+	"optional"		BEGIN(PARAM); return T_OPTIONAL;
+	"default"		BEGIN(PARAM); return T_DEFAULT;
+	"prompt"		BEGIN(PARAM); return T_PROMPT;
+	"tristate"		BEGIN(PARAM); return T_TRISTATE;
+	"def_tristate"		BEGIN(PARAM); return T_DEF_TRISTATE;
+	"bool"			BEGIN(PARAM); return T_BOOLEAN;
+	"boolean"		BEGIN(PARAM); return T_BOOLEAN;
+	"def_bool"		BEGIN(PARAM); return T_DEF_BOOLEAN;
+	"def_boolean"		BEGIN(PARAM); return T_DEF_BOOLEAN;
+	"int"			BEGIN(PARAM); return T_INT;
+	"hex"			BEGIN(PARAM); return T_HEX;
+	"string"		BEGIN(PARAM); return T_STRING;
+	"select"		BEGIN(PARAM); return T_SELECT;
+	"enable"		BEGIN(PARAM); return T_SELECT;
+	"range"			BEGIN(PARAM); return T_RANGE;
+	{n}+	{
+		alloc_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	.
+	\n	current_file->lineno++; BEGIN(INITIAL);
+}
+
+<PARAM>{
+	"&&"	return T_AND;
+	"||"	return T_OR;
+	"("	return T_OPEN_PAREN;
+	")"	return T_CLOSE_PAREN;
+	"!"	return T_NOT;
+	"="	return T_EQUAL;
+	"!="	return T_UNEQUAL;
+	"if"	return T_IF;
+	"on"	return T_ON;
+	\"|\'	{
+		str = yytext[0];
+		new_string();
+		BEGIN(STRING);
+	}
+	\n	BEGIN(INITIAL); current_file->lineno++; return T_EOL;
+	---	/* ignore */
+	({n}|[-/.])+	{
+		alloc_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD;
+	}
+	#.*	/* comment */
+	\\\n	current_file->lineno++;
+	.
+	<<EOF>> {
+		BEGIN(INITIAL);
+	}
+}
+
+<STRING>{
+	[^'"\\\n]+/\n	{
+		append_string(yytext, yyleng);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	[^'"\\\n]+	{
+		append_string(yytext, yyleng);
+	}
+	\\.?/\n	{
+		append_string(yytext + 1, yyleng - 1);
+		zconflval.string = text;
+		return T_WORD_QUOTE;
+	}
+	\\.?	{
+		append_string(yytext + 1, yyleng - 1);
+	}
+	\'|\"	{
+		if (str == yytext[0]) {
+			BEGIN(PARAM);
+			zconflval.string = text;
+			return T_WORD_QUOTE;
+		} else
+			append_string(yytext, 1);
+	}
+	\n	{
+		printf("%s:%d:warning: multi-line strings not supported\n", zconf_curname(), zconf_lineno());
+		current_file->lineno++;
+		BEGIN(INITIAL);
+		return T_EOL;
+	}
+	<<EOF>>	{
+		BEGIN(INITIAL);
+	}
+}
+
+<HELP>{
+	[ \t]+	{
+		ts = 0;
+		for (i = 0; i < yyleng; i++) {
+			if (yytext[i] == '\t')
+				ts = (ts & ~7) + 8;
+			else
+				ts++;
+		}
+		last_ts = ts;
+		if (first_ts) {
+			if (ts < first_ts) {
+				zconf_endhelp();
+				return T_HELPTEXT;
+			}
+			ts -= first_ts;
+			while (ts > 8) {
+				append_string("        ", 8);
+				ts -= 8;
+			}
+			append_string("        ", ts);
+		}
+	}
+	[ \t]*\n/[^ \t\n] {
+		current_file->lineno++;
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+	[ \t]*\n	{
+		current_file->lineno++;
+		append_string("\n", 1);
+	}
+	[^ \t\n].* {
+		append_string(yytext, yyleng);
+		if (!first_ts)
+			first_ts = last_ts;
+	}
+	<<EOF>>	{
+		zconf_endhelp();
+		return T_HELPTEXT;
+	}
+}
+
+<<EOF>>	{
+	if (current_buf) {
+		zconf_endfile();
+		return T_EOF;
+	}
+	fclose(yyin);
+	yyterminate();
+}
+
+%%
+void zconf_starthelp(void)
+{
+	new_string();
+	last_ts = first_ts = 0;
+	BEGIN(HELP);
+}
+
+static void zconf_endhelp(void)
+{
+	zconflval.string = text;
+	BEGIN(INITIAL);
+}
+
+
+/*
+ * Try to open specified file with following names:
+ * ./name
+ * $(srctree)/name
+ * The latter is used when srctree is separate from objtree
+ * when compiling the kernel.
+ * Return NULL if file is not found.
+ */
+FILE *zconf_fopen(const char *name)
+{
+	char *env, fullname[PATH_MAX+1];
+	FILE *f;
+
+	f = fopen(name, "r");
+	if (!f && name[0] != '/') {
+		env = getenv(SRCTREE);
+		if (env) {
+			sprintf(fullname, "%s/%s", env, name);
+			f = fopen(fullname, "r");
+		}
+	}
+	return f;
+}
+
+void zconf_initscan(const char *name)
+{
+	yyin = zconf_fopen(name);
+	if (!yyin) {
+		printf("can't find file %s\n", name);
+		exit(1);
+	}
+
+	current_buf = malloc(sizeof(*current_buf));
+	memset(current_buf, 0, sizeof(*current_buf));
+
+	current_file = file_lookup(name);
+	current_file->lineno = 1;
+	current_file->flags = FILE_BUSY;
+}
+
+void zconf_nextfile(const char *name)
+{
+	struct file *file = file_lookup(name);
+	struct buffer *buf = malloc(sizeof(*buf));
+	memset(buf, 0, sizeof(*buf));
+
+	current_buf->state = YY_CURRENT_BUFFER;
+	yyin = zconf_fopen(name);
+	if (!yyin) {
+		printf("%s:%d: can't open file \"%s\"\n", zconf_curname(), zconf_lineno(), name);
+		exit(1);
+	}
+	yy_switch_to_buffer(yy_create_buffer(yyin, YY_BUF_SIZE));
+	buf->parent = current_buf;
+	current_buf = buf;
+
+	if (file->flags & FILE_BUSY) {
+		printf("recursive scan (%s)?\n", name);
+		exit(1);
+	}
+	if (file->flags & FILE_SCANNED) {
+		printf("file %s already scanned?\n", name);
+		exit(1);
+	}
+	file->flags |= FILE_BUSY;
+	file->lineno = 1;
+	file->parent = current_file;
+	current_file = file;
+}
+
+static struct buffer *zconf_endfile(void)
+{
+	struct buffer *parent;
+
+	current_file->flags |= FILE_SCANNED;
+	current_file->flags &= ~FILE_BUSY;
+	current_file = current_file->parent;
+
+	parent = current_buf->parent;
+	if (parent) {
+		fclose(yyin);
+		yy_delete_buffer(YY_CURRENT_BUFFER);
+		yy_switch_to_buffer(parent->state);
+	}
+	free(current_buf);
+	current_buf = parent;
+
+	return parent;
+}
+
+int zconf_lineno(void)
+{
+	if (current_buf)
+		return current_file->lineno - 1;
+	else
+		return 0;
+}
+
+char *zconf_curname(void)
+{
+	if (current_buf)
+		return current_file->name;
+	else
+		return "<none>";
+}
diff --git a/config/scripts/config/zconf.tab.c_shipped b/config/scripts/config/zconf.tab.c_shipped
new file mode 100644
index 0000000000..cc68dcb9a3
--- /dev/null
+++ b/config/scripts/config/zconf.tab.c_shipped
@@ -0,0 +1,2130 @@
+/* A Bison parser, made by GNU Bison 1.875a.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+/* Written by Richard Stallman by simplifying the original so called
+   ``semantic'' parser.  */
+
+/* All symbols defined below should begin with yy or YY, to avoid
+   infringing on user name space.  This should be done even for local
+   variables, as they might otherwise be expanded by user macros.
+   There are some unavoidable exceptions within include files to
+   define necessary library symbols; they are noted "INFRINGES ON
+   USER NAME SPACE" below.  */
+
+/* Identify Bison output.  */
+#define YYBISON 1
+
+/* Skeleton name.  */
+#define YYSKELETON_NAME "yacc.c"
+
+/* Pure parsers.  */
+#define YYPURE 0
+
+/* Using locations.  */
+#define YYLSP_NEEDED 0
+
+/* If NAME_PREFIX is specified substitute the variables and functions
+   names.  */
+#define yyparse zconfparse
+#define yylex   zconflex
+#define yyerror zconferror
+#define yylval  zconflval
+#define yychar  zconfchar
+#define yydebug zconfdebug
+#define yynerrs zconfnerrs
+
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_MENUCONFIG = 266,
+     T_HELP = 267,
+     T_HELPTEXT = 268,
+     T_IF = 269,
+     T_ENDIF = 270,
+     T_DEPENDS = 271,
+     T_REQUIRES = 272,
+     T_OPTIONAL = 273,
+     T_PROMPT = 274,
+     T_DEFAULT = 275,
+     T_TRISTATE = 276,
+     T_DEF_TRISTATE = 277,
+     T_BOOLEAN = 278,
+     T_DEF_BOOLEAN = 279,
+     T_STRING = 280,
+     T_INT = 281,
+     T_HEX = 282,
+     T_WORD = 283,
+     T_WORD_QUOTE = 284,
+     T_UNEQUAL = 285,
+     T_EOF = 286,
+     T_EOL = 287,
+     T_CLOSE_PAREN = 288,
+     T_OPEN_PAREN = 289,
+     T_ON = 290,
+     T_SELECT = 291,
+     T_RANGE = 292,
+     T_OR = 293,
+     T_AND = 294,
+     T_EQUAL = 295,
+     T_NOT = 296
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_MENUCONFIG 266
+#define T_HELP 267
+#define T_HELPTEXT 268
+#define T_IF 269
+#define T_ENDIF 270
+#define T_DEPENDS 271
+#define T_REQUIRES 272
+#define T_OPTIONAL 273
+#define T_PROMPT 274
+#define T_DEFAULT 275
+#define T_TRISTATE 276
+#define T_DEF_TRISTATE 277
+#define T_BOOLEAN 278
+#define T_DEF_BOOLEAN 279
+#define T_STRING 280
+#define T_INT 281
+#define T_HEX 282
+#define T_WORD 283
+#define T_WORD_QUOTE 284
+#define T_UNEQUAL 285
+#define T_EOF 286
+#define T_EOL 287
+#define T_CLOSE_PAREN 288
+#define T_OPEN_PAREN 289
+#define T_ON 290
+#define T_SELECT 291
+#define T_RANGE 292
+#define T_OR 293
+#define T_AND 294
+#define T_EQUAL 295
+#define T_NOT 296
+
+
+
+
+/* Copy the first part of user declarations.  */
+
+
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
+
+#define PRINTD		0x0001
+#define DEBUG_PARSE	0x0002
+
+int cdebug = PRINTD;
+
+extern int zconflex(void);
+static void zconfprint(const char *err, ...);
+static void zconferror(const char *err);
+static bool zconf_endtoken(int token, int starttoken, int endtoken);
+
+struct symbol *symbol_hash[257];
+
+static struct menu *current_menu, *current_entry;
+
+#define YYERROR_VERBOSE
+
+
+/* Enabling traces.  */
+#ifndef YYDEBUG
+# define YYDEBUG 0
+#endif
+
+/* Enabling verbose error messages.  */
+#ifdef YYERROR_VERBOSE
+# undef YYERROR_VERBOSE
+# define YYERROR_VERBOSE 1
+#else
+# define YYERROR_VERBOSE 0
+#endif
+
+#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
+
+typedef union YYSTYPE {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} YYSTYPE;
+/* Line 191 of yacc.c.  */
+
+# define yystype YYSTYPE /* obsolescent; will be withdrawn */
+# define YYSTYPE_IS_DECLARED 1
+# define YYSTYPE_IS_TRIVIAL 1
+#endif
+
+
+
+/* Copy the second part of user declarations.  */
+
+
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+
+
+/* Line 214 of yacc.c.  */
+
+
+#if ! defined (yyoverflow) || YYERROR_VERBOSE
+
+/* The parser invokes alloca or malloc; define the necessary symbols.  */
+
+# if YYSTACK_USE_ALLOCA
+#  define YYSTACK_ALLOC alloca
+# else
+#  ifndef YYSTACK_USE_ALLOCA
+#   if defined (alloca) || (defined (_ALLOCA_H) && defined (__GNUC__))
+#    define YYSTACK_ALLOC alloca
+#   else
+#    ifdef __GNUC__
+#     define YYSTACK_ALLOC __builtin_alloca
+#    endif
+#   endif
+#  endif
+# endif
+
+# ifdef YYSTACK_ALLOC
+   /* Pacify GCC's `empty if-body' warning. */
+#  define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
+# else
+#  if defined (__STDC__) || defined (__cplusplus)
+#   include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
+#   define YYSIZE_T size_t
+#  endif
+#  define YYSTACK_ALLOC malloc
+#  define YYSTACK_FREE free
+# endif
+#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
+
+
+#if (! defined (yyoverflow) \
+     && (! defined (__cplusplus) \
+	 || (YYSTYPE_IS_TRIVIAL)))
+
+/* A type that is properly aligned for any stack member.  */
+union yyalloc
+{
+  short yyss;
+  YYSTYPE yyvs;
+  };
+
+/* The size of the maximum gap between one aligned stack and the next.  */
+# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
+
+/* The size of an array large to enough to hold all stacks, each with
+   N elements.  */
+# define YYSTACK_BYTES(N) \
+     ((N) * (sizeof (short) + sizeof (YYSTYPE))				\
+      + YYSTACK_GAP_MAXIMUM)
+
+/* Copy COUNT objects from FROM to TO.  The source and destination do
+   not overlap.  */
+# ifndef YYCOPY
+#  if 1 < __GNUC__
+#   define YYCOPY(To, From, Count) \
+      __builtin_memcpy (To, From, (Count) * sizeof (*(From)))
+#  else
+#   define YYCOPY(To, From, Count)		\
+      do					\
+	{					\
+	  register YYSIZE_T yyi;		\
+	  for (yyi = 0; yyi < (Count); yyi++)	\
+	    (To)[yyi] = (From)[yyi];		\
+	}					\
+      while (0)
+#  endif
+# endif
+
+/* Relocate STACK from its old location to the new one.  The
+   local variables YYSIZE and YYSTACKSIZE give the old and new number of
+   elements in the stack, and YYPTR gives the new location of the
+   stack.  Advance YYPTR to a properly aligned location for the next
+   stack.  */
+# define YYSTACK_RELOCATE(Stack)					\
+    do									\
+      {									\
+	YYSIZE_T yynewbytes;						\
+	YYCOPY (&yyptr->Stack, Stack, yysize);				\
+	Stack = &yyptr->Stack;						\
+	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
+	yyptr += yynewbytes / sizeof (*yyptr);				\
+      }									\
+    while (0)
+
+#endif
+
+#if defined (__STDC__) || defined (__cplusplus)
+   typedef signed char yysigned_char;
+#else
+   typedef short yysigned_char;
+#endif
+
+/* YYFINAL -- State number of the termination state. */
+#define YYFINAL  2
+/* YYLAST -- Last index in YYTABLE.  */
+#define YYLAST   201
+
+/* YYNTOKENS -- Number of terminals. */
+#define YYNTOKENS  42
+/* YYNNTS -- Number of nonterminals. */
+#define YYNNTS  41
+/* YYNRULES -- Number of rules. */
+#define YYNRULES  104
+/* YYNRULES -- Number of states. */
+#define YYNSTATES  182
+
+/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX.  */
+#define YYUNDEFTOK  2
+#define YYMAXUTOK   296
+
+#define YYTRANSLATE(YYX) 						\
+  ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
+
+/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX.  */
+static const unsigned char yytranslate[] =
+{
+       0,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     2,     2,     2,     2,
+       2,     2,     2,     2,     2,     2,     1,     2,     3,     4,
+       5,     6,     7,     8,     9,    10,    11,    12,    13,    14,
+      15,    16,    17,    18,    19,    20,    21,    22,    23,    24,
+      25,    26,    27,    28,    29,    30,    31,    32,    33,    34,
+      35,    36,    37,    38,    39,    40,    41
+};
+
+#if YYDEBUG
+/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in
+   YYRHS.  */
+static const unsigned short yyprhs[] =
+{
+       0,     0,     3,     4,     7,     9,    11,    13,    17,    19,
+      21,    23,    26,    28,    30,    32,    34,    36,    38,    42,
+      45,    49,    52,    53,    56,    59,    62,    65,    69,    74,
+      78,    83,    87,    91,    95,   100,   105,   110,   116,   119,
+     122,   124,   128,   131,   132,   135,   138,   141,   144,   149,
+     153,   157,   160,   165,   166,   169,   173,   175,   179,   182,
+     183,   186,   189,   192,   196,   199,   201,   205,   208,   209,
+     212,   215,   218,   222,   226,   228,   232,   235,   238,   241,
+     242,   245,   248,   253,   257,   261,   262,   265,   267,   269,
+     272,   275,   278,   280,   282,   283,   286,   288,   292,   296,
+     300,   303,   307,   311,   313
+};
+
+/* YYRHS -- A `-1'-separated list of the rules' RHS. */
+static const yysigned_char yyrhs[] =
+{
+      43,     0,    -1,    -1,    43,    44,    -1,    45,    -1,    55,
+      -1,    66,    -1,     3,    77,    79,    -1,     5,    -1,    15,
+      -1,     8,    -1,     1,    79,    -1,    61,    -1,    71,    -1,
+      47,    -1,    49,    -1,    69,    -1,    79,    -1,    10,    28,
+      32,    -1,    46,    50,    -1,    11,    28,    32,    -1,    48,
+      50,    -1,    -1,    50,    51,    -1,    50,    75,    -1,    50,
+      73,    -1,    50,    32,    -1,    21,    76,    32,    -1,    22,
+      81,    80,    32,    -1,    23,    76,    32,    -1,    24,    81,
+      80,    32,    -1,    26,    76,    32,    -1,    27,    76,    32,
+      -1,    25,    76,    32,    -1,    19,    77,    80,    32,    -1,
+      20,    81,    80,    32,    -1,    36,    28,    80,    32,    -1,
+      37,    82,    82,    80,    32,    -1,     7,    32,    -1,    52,
+      56,    -1,    78,    -1,    53,    58,    54,    -1,    53,    58,
+      -1,    -1,    56,    57,    -1,    56,    75,    -1,    56,    73,
+      -1,    56,    32,    -1,    19,    77,    80,    32,    -1,    21,
+      76,    32,    -1,    23,    76,    32,    -1,    18,    32,    -1,
+      20,    28,    80,    32,    -1,    -1,    58,    45,    -1,    14,
+      81,    32,    -1,    78,    -1,    59,    62,    60,    -1,    59,
+      62,    -1,    -1,    62,    45,    -1,    62,    66,    -1,    62,
+      55,    -1,     4,    77,    32,    -1,    63,    74,    -1,    78,
+      -1,    64,    67,    65,    -1,    64,    67,    -1,    -1,    67,
+      45,    -1,    67,    66,    -1,    67,    55,    -1,    67,     1,
+      32,    -1,     6,    77,    32,    -1,    68,    -1,     9,    77,
+      32,    -1,    70,    74,    -1,    12,    32,    -1,    72,    13,
+      -1,    -1,    74,    75,    -1,    74,    32,    -1,    16,    35,
+      81,    32,    -1,    16,    81,    32,    -1,    17,    81,    32,
+      -1,    -1,    77,    80,    -1,    28,    -1,    29,    -1,     5,
+      79,    -1,     8,    79,    -1,    15,    79,    -1,    32,    -1,
+      31,    -1,    -1,    14,    81,    -1,    82,    -1,    82,    40,
+      82,    -1,    82,    30,    82,    -1,    34,    81,    33,    -1,
+      41,    81,    -1,    81,    38,    81,    -1,    81,    39,    81,
+      -1,    28,    -1,    29,    -1
+};
+
+/* YYRLINE[YYN] -- source line where rule number YYN was defined.  */
+static const unsigned short yyrline[] =
+{
+       0,    94,    94,    95,    98,    99,   100,   101,   102,   103,
+     104,   105,   109,   110,   111,   112,   113,   114,   120,   128,
+     134,   142,   152,   154,   155,   156,   157,   160,   166,   173,
+     179,   186,   192,   198,   204,   210,   216,   222,   230,   239,
+     245,   254,   255,   261,   263,   264,   265,   266,   269,   275,
+     281,   287,   293,   299,   301,   306,   315,   324,   325,   331,
+     333,   334,   335,   340,   347,   353,   362,   363,   369,   371,
+     372,   373,   374,   377,   383,   390,   397,   404,   410,   417,
+     418,   419,   422,   427,   432,   440,   442,   447,   448,   451,
+     452,   453,   457,   457,   459,   460,   463,   464,   465,   466,
+     467,   468,   469,   472,   473
+};
+#endif
+
+#if YYDEBUG || YYERROR_VERBOSE
+/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
+   First, the terminals, then, starting at YYNTOKENS, nonterminals. */
+static const char *const yytname[] =
+{
+  "$end", "error", "$undefined", "T_MAINMENU", "T_MENU", "T_ENDMENU",
+  "T_SOURCE", "T_CHOICE", "T_ENDCHOICE", "T_COMMENT", "T_CONFIG",
+  "T_MENUCONFIG", "T_HELP", "T_HELPTEXT", "T_IF", "T_ENDIF", "T_DEPENDS",
+  "T_REQUIRES", "T_OPTIONAL", "T_PROMPT", "T_DEFAULT", "T_TRISTATE",
+  "T_DEF_TRISTATE", "T_BOOLEAN", "T_DEF_BOOLEAN", "T_STRING", "T_INT",
+  "T_HEX", "T_WORD", "T_WORD_QUOTE", "T_UNEQUAL", "T_EOF", "T_EOL",
+  "T_CLOSE_PAREN", "T_OPEN_PAREN", "T_ON", "T_SELECT", "T_RANGE", "T_OR",
+  "T_AND", "T_EQUAL", "T_NOT", "$accept", "input", "block",
+  "common_block", "config_entry_start", "config_stmt",
+  "menuconfig_entry_start", "menuconfig_stmt", "config_option_list",
+  "config_option", "choice", "choice_entry", "choice_end", "choice_stmt",
+  "choice_option_list", "choice_option", "choice_block", "if", "if_end",
+  "if_stmt", "if_block", "menu", "menu_entry", "menu_end", "menu_stmt",
+  "menu_block", "source", "source_stmt", "comment", "comment_stmt",
+  "help_start", "help", "depends_list", "depends", "prompt_stmt_opt",
+  "prompt", "end", "nl_or_eof", "if_expr", "expr", "symbol", 0
+};
+#endif
+
+# ifdef YYPRINT
+/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to
+   token YYLEX-NUM.  */
+static const unsigned short yytoknum[] =
+{
+       0,   256,   257,   258,   259,   260,   261,   262,   263,   264,
+     265,   266,   267,   268,   269,   270,   271,   272,   273,   274,
+     275,   276,   277,   278,   279,   280,   281,   282,   283,   284,
+     285,   286,   287,   288,   289,   290,   291,   292,   293,   294,
+     295,   296
+};
+# endif
+
+/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives.  */
+static const unsigned char yyr1[] =
+{
+       0,    42,    43,    43,    44,    44,    44,    44,    44,    44,
+      44,    44,    45,    45,    45,    45,    45,    45,    46,    47,
+      48,    49,    50,    50,    50,    50,    50,    51,    51,    51,
+      51,    51,    51,    51,    51,    51,    51,    51,    52,    53,
+      54,    55,    55,    56,    56,    56,    56,    56,    57,    57,
+      57,    57,    57,    58,    58,    59,    60,    61,    61,    62,
+      62,    62,    62,    63,    64,    65,    66,    66,    67,    67,
+      67,    67,    67,    68,    69,    70,    71,    72,    73,    74,
+      74,    74,    75,    75,    75,    76,    76,    77,    77,    78,
+      78,    78,    79,    79,    80,    80,    81,    81,    81,    81,
+      81,    81,    81,    82,    82
+};
+
+/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN.  */
+static const unsigned char yyr2[] =
+{
+       0,     2,     0,     2,     1,     1,     1,     3,     1,     1,
+       1,     2,     1,     1,     1,     1,     1,     1,     3,     2,
+       3,     2,     0,     2,     2,     2,     2,     3,     4,     3,
+       4,     3,     3,     3,     4,     4,     4,     5,     2,     2,
+       1,     3,     2,     0,     2,     2,     2,     2,     4,     3,
+       3,     2,     4,     0,     2,     3,     1,     3,     2,     0,
+       2,     2,     2,     3,     2,     1,     3,     2,     0,     2,
+       2,     2,     3,     3,     1,     3,     2,     2,     2,     0,
+       2,     2,     4,     3,     3,     0,     2,     1,     1,     2,
+       2,     2,     1,     1,     0,     2,     1,     3,     3,     3,
+       2,     3,     3,     1,     1
+};
+
+/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
+   STATE-NUM when YYTABLE doesn't specify something else to do.  Zero
+   means the default is an error.  */
+static const unsigned char yydefact[] =
+{
+       2,     0,     1,     0,     0,     0,     8,     0,     0,    10,
+       0,     0,     0,     0,     9,    93,    92,     3,     4,    22,
+      14,    22,    15,    43,    53,     5,    59,    12,    79,    68,
+       6,    74,    16,    79,    13,    17,    11,    87,    88,     0,
+       0,     0,    38,     0,     0,     0,   103,   104,     0,     0,
+       0,    96,    19,    21,    39,    42,    58,    64,     0,    76,
+       7,    63,    73,    75,    18,    20,     0,   100,    55,     0,
+       0,     0,     0,     0,     0,     0,     0,     0,    85,     0,
+      85,     0,    85,    85,    85,    26,     0,     0,    23,     0,
+      25,    24,     0,     0,     0,    85,    85,    47,    44,    46,
+      45,     0,     0,     0,    54,    41,    40,    60,    62,    57,
+      61,    56,    81,    80,     0,    69,    71,    66,    70,    65,
+      99,   101,   102,    98,    97,    77,     0,     0,     0,    94,
+      94,     0,    94,    94,     0,    94,     0,     0,     0,    94,
+       0,    78,    51,    94,    94,     0,     0,    89,    90,    91,
+      72,     0,    83,    84,     0,     0,     0,    27,    86,     0,
+      29,     0,    33,    31,    32,     0,    94,     0,     0,    49,
+      50,    82,    95,    34,    35,    28,    30,    36,     0,    48,
+      52,    37
+};
+
+/* YYDEFGOTO[NTERM-NUM]. */
+static const short yydefgoto[] =
+{
+      -1,     1,    17,    18,    19,    20,    21,    22,    52,    88,
+      23,    24,   105,    25,    54,    98,    55,    26,   109,    27,
+      56,    28,    29,   117,    30,    58,    31,    32,    33,    34,
+      89,    90,    57,    91,   131,   132,   106,    35,   155,    50,
+      51
+};
+
+/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
+   STATE-NUM.  */
+#define YYPACT_NINF -99
+static const short yypact[] =
+{
+     -99,    48,   -99,    38,    46,    46,   -99,    46,   -29,   -99,
+      46,   -17,    -3,   -11,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,   -99,    38,
+      12,    15,   -99,    18,    51,    62,   -99,   -99,   -11,   -11,
+       4,   -24,   138,   138,   160,   121,   110,    -4,    81,    -4,
+     -99,   -99,   -99,   -99,   -99,   -99,   -19,   -99,   -99,   -11,
+     -11,    70,    70,    73,    32,   -11,    46,   -11,    46,   -11,
+      46,   -11,    46,    46,    46,   -99,    36,    70,   -99,    95,
+     -99,   -99,    96,    46,   106,    46,    46,   -99,   -99,   -99,
+     -99,    38,    38,    38,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   112,   -99,   -99,   -99,   -99,   -99,
+     -99,   117,   -99,   -99,   -99,   -99,   -11,    33,    65,   131,
+       1,   119,   131,     1,   136,     1,   153,   154,   155,   131,
+      70,   -99,   -99,   131,   131,   156,   157,   -99,   -99,   -99,
+     -99,   101,   -99,   -99,   -11,   158,   159,   -99,   -99,   161,
+     -99,   162,   -99,   -99,   -99,   163,   131,   164,   165,   -99,
+     -99,   -99,    99,   -99,   -99,   -99,   -99,   -99,   166,   -99,
+     -99,   -99
+};
+
+/* YYPGOTO[NTERM-NUM].  */
+static const short yypgoto[] =
+{
+     -99,   -99,   -99,   111,   -99,   -99,   -99,   -99,   178,   -99,
+     -99,   -99,   -99,    91,   -99,   -99,   -99,   -99,   -99,   -99,
+     -99,   -99,   -99,   -99,   115,   -99,   -99,   -99,   -99,   -99,
+     -99,   146,   168,    89,    27,     0,   126,    -1,   -98,   -48,
+     -63
+};
+
+/* YYTABLE[YYPACT[STATE-NUM]].  What to do in state STATE-NUM.  If
+   positive, shift that token.  If negative, reduce the rule which
+   number is the opposite.  If zero, do what YYDEFACT says.
+   If YYTABLE_NINF, syntax error.  */
+#define YYTABLE_NINF -68
+static const short yytable[] =
+{
+      66,    67,    36,    42,    39,    40,    71,    41,   123,   124,
+      43,    44,    74,    75,   120,   154,    72,    46,    47,    69,
+      70,   121,   122,    48,   140,    45,   127,   128,   112,   130,
+      49,   133,   156,   135,   158,   159,    68,   161,    60,    69,
+      70,   165,    69,    70,    61,   167,   168,    62,     2,     3,
+      63,     4,     5,     6,     7,     8,     9,    10,    11,    12,
+      46,    47,    13,    14,   139,   152,    48,   126,   178,    15,
+      16,    69,    70,    49,    37,    38,   129,   166,   151,    15,
+      16,   -67,   114,    64,   -67,     5,   101,     7,     8,   102,
+      10,    11,    12,   143,    65,    13,   103,   153,    46,    47,
+     147,   148,   149,    69,    70,   125,   172,   134,   141,   136,
+     137,   138,    15,    16,     5,   101,     7,     8,   102,    10,
+      11,    12,   145,   146,    13,   103,   101,     7,   142,   102,
+      10,    11,    12,   171,   144,    13,   103,    69,    70,    69,
+      70,    15,    16,   100,   150,   154,   113,   108,   113,   116,
+      73,   157,    15,    16,    74,    75,    70,    76,    77,    78,
+      79,    80,    81,    82,    83,    84,   104,   107,   160,   115,
+      85,   110,    73,   118,    86,    87,    74,    75,    92,    93,
+      94,    95,   111,    96,   119,   162,   163,   164,   169,   170,
+     173,   174,    97,   175,   176,   177,   179,   180,   181,    53,
+      99,    59
+};
+
+static const unsigned char yycheck[] =
+{
+      48,    49,     3,    32,     4,     5,    30,     7,    71,    72,
+      10,    28,    16,    17,    33,    14,    40,    28,    29,    38,
+      39,    69,    70,    34,    87,    28,    74,    75,    32,    77,
+      41,    79,   130,    81,   132,   133,    32,   135,    39,    38,
+      39,   139,    38,    39,    32,   143,   144,    32,     0,     1,
+      32,     3,     4,     5,     6,     7,     8,     9,    10,    11,
+      28,    29,    14,    15,    28,    32,    34,    35,   166,    31,
+      32,    38,    39,    41,    28,    29,    76,   140,   126,    31,
+      32,     0,     1,    32,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    93,    32,    14,    15,    32,    28,    29,
+     101,   102,   103,    38,    39,    32,   154,    80,    13,    82,
+      83,    84,    31,    32,     4,     5,     6,     7,     8,     9,
+      10,    11,    95,    96,    14,    15,     5,     6,    32,     8,
+       9,    10,    11,    32,    28,    14,    15,    38,    39,    38,
+      39,    31,    32,    54,    32,    14,    57,    56,    59,    58,
+      12,    32,    31,    32,    16,    17,    39,    19,    20,    21,
+      22,    23,    24,    25,    26,    27,    55,    56,    32,    58,
+      32,    56,    12,    58,    36,    37,    16,    17,    18,    19,
+      20,    21,    56,    23,    58,    32,    32,    32,    32,    32,
+      32,    32,    32,    32,    32,    32,    32,    32,    32,    21,
+      54,    33
+};
+
+/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
+   symbol of state STATE-NUM.  */
+static const unsigned char yystos[] =
+{
+       0,    43,     0,     1,     3,     4,     5,     6,     7,     8,
+       9,    10,    11,    14,    15,    31,    32,    44,    45,    46,
+      47,    48,    49,    52,    53,    55,    59,    61,    63,    64,
+      66,    68,    69,    70,    71,    79,    79,    28,    29,    77,
+      77,    77,    32,    77,    28,    28,    28,    29,    34,    41,
+      81,    82,    50,    50,    56,    58,    62,    74,    67,    74,
+      79,    32,    32,    32,    32,    32,    81,    81,    32,    38,
+      39,    30,    40,    12,    16,    17,    19,    20,    21,    22,
+      23,    24,    25,    26,    27,    32,    36,    37,    51,    72,
+      73,    75,    18,    19,    20,    21,    23,    32,    57,    73,
+      75,     5,     8,    15,    45,    54,    78,    45,    55,    60,
+      66,    78,    32,    75,     1,    45,    55,    65,    66,    78,
+      33,    81,    81,    82,    82,    32,    35,    81,    81,    77,
+      81,    76,    77,    81,    76,    81,    76,    76,    76,    28,
+      82,    13,    32,    77,    28,    76,    76,    79,    79,    79,
+      32,    81,    32,    32,    14,    80,    80,    32,    80,    80,
+      32,    80,    32,    32,    32,    80,    82,    80,    80,    32,
+      32,    32,    81,    32,    32,    32,    32,    32,    80,    32,
+      32,    32
+};
+
+#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
+# define YYSIZE_T __SIZE_TYPE__
+#endif
+#if ! defined (YYSIZE_T) && defined (size_t)
+# define YYSIZE_T size_t
+#endif
+#if ! defined (YYSIZE_T)
+# if defined (__STDC__) || defined (__cplusplus)
+#  include <stddef.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYSIZE_T size_t
+# endif
+#endif
+#if ! defined (YYSIZE_T)
+# define YYSIZE_T unsigned int
+#endif
+
+#define yyerrok		(yyerrstatus = 0)
+#define yyclearin	(yychar = YYEMPTY)
+#define YYEMPTY		(-2)
+#define YYEOF		0
+
+#define YYACCEPT	goto yyacceptlab
+#define YYABORT		goto yyabortlab
+#define YYERROR		goto yyerrlab1
+
+
+/* Like YYERROR except do call yyerror.  This remains here temporarily
+   to ease the transition to the new meaning of YYERROR, for GCC.
+   Once GCC version 2 has supplanted version 1, this can go.  */
+
+#define YYFAIL		goto yyerrlab
+
+#define YYRECOVERING()  (!!yyerrstatus)
+
+#define YYBACKUP(Token, Value)					\
+do								\
+  if (yychar == YYEMPTY && yylen == 1)				\
+    {								\
+      yychar = (Token);						\
+      yylval = (Value);						\
+      yytoken = YYTRANSLATE (yychar);				\
+      YYPOPSTACK;						\
+      goto yybackup;						\
+    }								\
+  else								\
+    { 								\
+      yyerror ("syntax error: cannot back up");\
+      YYERROR;							\
+    }								\
+while (0)
+
+#define YYTERROR	1
+#define YYERRCODE	256
+
+/* YYLLOC_DEFAULT -- Compute the default location (before the actions
+   are run).  */
+
+#ifndef YYLLOC_DEFAULT
+# define YYLLOC_DEFAULT(Current, Rhs, N)         \
+  Current.first_line   = Rhs[1].first_line;      \
+  Current.first_column = Rhs[1].first_column;    \
+  Current.last_line    = Rhs[N].last_line;       \
+  Current.last_column  = Rhs[N].last_column;
+#endif
+
+/* YYLEX -- calling `yylex' with the right arguments.  */
+
+#ifdef YYLEX_PARAM
+# define YYLEX yylex (YYLEX_PARAM)
+#else
+# define YYLEX yylex ()
+#endif
+
+/* Enable debugging if requested.  */
+#if YYDEBUG
+
+# ifndef YYFPRINTF
+#  include <stdio.h> /* INFRINGES ON USER NAME SPACE */
+#  define YYFPRINTF fprintf
+# endif
+
+# define YYDPRINTF(Args)			\
+do {						\
+  if (yydebug)					\
+    YYFPRINTF Args;				\
+} while (0)
+
+# define YYDSYMPRINT(Args)			\
+do {						\
+  if (yydebug)					\
+    yysymprint Args;				\
+} while (0)
+
+# define YYDSYMPRINTF(Title, Token, Value, Location)		\
+do {								\
+  if (yydebug)							\
+    {								\
+      YYFPRINTF (stderr, "%s ", Title);				\
+      yysymprint (stderr, 					\
+                  Token, Value);	\
+      YYFPRINTF (stderr, "\n");					\
+    }								\
+} while (0)
+
+/*------------------------------------------------------------------.
+| yy_stack_print -- Print the state stack from its BOTTOM up to its |
+| TOP (cinluded).                                                   |
+`------------------------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_stack_print (short *bottom, short *top)
+#else
+static void
+yy_stack_print (bottom, top)
+    short *bottom;
+    short *top;
+#endif
+{
+  YYFPRINTF (stderr, "Stack now");
+  for (/* Nothing. */; bottom <= top; ++bottom)
+    YYFPRINTF (stderr, " %d", *bottom);
+  YYFPRINTF (stderr, "\n");
+}
+
+# define YY_STACK_PRINT(Bottom, Top)				\
+do {								\
+  if (yydebug)							\
+    yy_stack_print ((Bottom), (Top));				\
+} while (0)
+
+
+/*------------------------------------------------.
+| Report that the YYRULE is going to be reduced.  |
+`------------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yy_reduce_print (int yyrule)
+#else
+static void
+yy_reduce_print (yyrule)
+    int yyrule;
+#endif
+{
+  int yyi;
+  unsigned int yylineno = yyrline[yyrule];
+  YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
+             yyrule - 1, yylineno);
+  /* Print the symbols being reduced, and their result.  */
+  for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
+    YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
+  YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
+}
+
+# define YY_REDUCE_PRINT(Rule)		\
+do {					\
+  if (yydebug)				\
+    yy_reduce_print (Rule);		\
+} while (0)
+
+/* Nonzero means print parse trace.  It is left uninitialized so that
+   multiple parsers can coexist.  */
+int yydebug;
+#else /* !YYDEBUG */
+# define YYDPRINTF(Args)
+# define YYDSYMPRINT(Args)
+# define YYDSYMPRINTF(Title, Token, Value, Location)
+# define YY_STACK_PRINT(Bottom, Top)
+# define YY_REDUCE_PRINT(Rule)
+#endif /* !YYDEBUG */
+
+
+/* YYINITDEPTH -- initial size of the parser's stacks.  */
+#ifndef	YYINITDEPTH
+# define YYINITDEPTH 200
+#endif
+
+/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only
+   if the built-in stack extension method is used).
+
+   Do not make this value too large; the results are undefined if
+   SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
+   evaluated with infinite-precision integer arithmetic.  */
+
+#if YYMAXDEPTH == 0
+# undef YYMAXDEPTH
+#endif
+
+#ifndef YYMAXDEPTH
+# define YYMAXDEPTH 10000
+#endif
+
+
+
+#if YYERROR_VERBOSE
+
+# ifndef yystrlen
+#  if defined (__GLIBC__) && defined (_STRING_H)
+#   define yystrlen strlen
+#  else
+/* Return the length of YYSTR.  */
+static YYSIZE_T
+#   if defined (__STDC__) || defined (__cplusplus)
+yystrlen (const char *yystr)
+#   else
+yystrlen (yystr)
+     const char *yystr;
+#   endif
+{
+  register const char *yys = yystr;
+
+  while (*yys++ != '\0')
+    continue;
+
+  return yys - yystr - 1;
+}
+#  endif
+# endif
+
+# ifndef yystpcpy
+#  if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE)
+#   define yystpcpy stpcpy
+#  else
+/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+   YYDEST.  */
+static char *
+#   if defined (__STDC__) || defined (__cplusplus)
+yystpcpy (char *yydest, const char *yysrc)
+#   else
+yystpcpy (yydest, yysrc)
+     char *yydest;
+     const char *yysrc;
+#   endif
+{
+  register char *yyd = yydest;
+  register const char *yys = yysrc;
+
+  while ((*yyd++ = *yys++) != '\0')
+    continue;
+
+  return yyd - 1;
+}
+#  endif
+# endif
+
+#endif /* !YYERROR_VERBOSE */
+
+
+
+#if YYDEBUG
+/*--------------------------------.
+| Print this symbol on YYOUTPUT.  |
+`--------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yysymprint (FILE *yyoutput, int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yysymprint (yyoutput, yytype, yyvaluep)
+    FILE *yyoutput;
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  if (yytype < YYNTOKENS)
+    {
+      YYFPRINTF (yyoutput, "token %s (", yytname[yytype]);
+# ifdef YYPRINT
+      YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep);
+# endif
+    }
+  else
+    YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]);
+
+  switch (yytype)
+    {
+      default:
+        break;
+    }
+  YYFPRINTF (yyoutput, ")");
+}
+
+#endif /* ! YYDEBUG */
+/*-----------------------------------------------.
+| Release the memory associated to this symbol.  |
+`-----------------------------------------------*/
+
+#if defined (__STDC__) || defined (__cplusplus)
+static void
+yydestruct (int yytype, YYSTYPE *yyvaluep)
+#else
+static void
+yydestruct (yytype, yyvaluep)
+    int yytype;
+    YYSTYPE *yyvaluep;
+#endif
+{
+  /* Pacify ``unused variable'' warnings.  */
+  (void) yyvaluep;
+
+  switch (yytype)
+    {
+
+      default:
+        break;
+    }
+}
+
+
+/* Prevent warnings from -Wmissing-prototypes.  */
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM);
+# else
+int yyparse ();
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void);
+#else
+int yyparse ();
+#endif
+#endif /* ! YYPARSE_PARAM */
+
+
+
+/* The lookahead symbol.  */
+int yychar;
+
+/* The semantic value of the lookahead symbol.  */
+YYSTYPE yylval;
+
+/* Number of syntax errors so far.  */
+int yynerrs;
+
+
+
+/*----------.
+| yyparse.  |
+`----------*/
+
+#ifdef YYPARSE_PARAM
+# if defined (__STDC__) || defined (__cplusplus)
+int yyparse (void *YYPARSE_PARAM)
+# else
+int yyparse (YYPARSE_PARAM)
+  void *YYPARSE_PARAM;
+# endif
+#else /* ! YYPARSE_PARAM */
+#if defined (__STDC__) || defined (__cplusplus)
+int
+yyparse (void)
+#else
+int
+yyparse ()
+
+#endif
+#endif
+{
+
+  register int yystate;
+  register int yyn;
+  int yyresult;
+  /* Number of tokens to shift before error messages enabled.  */
+  int yyerrstatus;
+  /* Lookahead token as an internal (translated) token number.  */
+  int yytoken = 0;
+
+  /* Three stacks and their tools:
+     `yyss': related to states,
+     `yyvs': related to semantic values,
+     `yyls': related to locations.
+
+     Refer to the stacks thru separate pointers, to allow yyoverflow
+     to reallocate them elsewhere.  */
+
+  /* The state stack.  */
+  short	yyssa[YYINITDEPTH];
+  short *yyss = yyssa;
+  register short *yyssp;
+
+  /* The semantic value stack.  */
+  YYSTYPE yyvsa[YYINITDEPTH];
+  YYSTYPE *yyvs = yyvsa;
+  register YYSTYPE *yyvsp;
+
+
+
+#define YYPOPSTACK   (yyvsp--, yyssp--)
+
+  YYSIZE_T yystacksize = YYINITDEPTH;
+
+  /* The variables used to return semantic value and location from the
+     action routines.  */
+  YYSTYPE yyval;
+
+
+  /* When reducing, the number of symbols on the RHS of the reduced
+     rule.  */
+  int yylen;
+
+  YYDPRINTF ((stderr, "Starting parse\n"));
+
+  yystate = 0;
+  yyerrstatus = 0;
+  yynerrs = 0;
+  yychar = YYEMPTY;		/* Cause a token to be read.  */
+
+  /* Initialize stack pointers.
+     Waste one element of value and location stack
+     so that they stay on the same level as the state stack.
+     The wasted elements are never initialized.  */
+
+  yyssp = yyss;
+  yyvsp = yyvs;
+
+  goto yysetstate;
+
+/*------------------------------------------------------------.
+| yynewstate -- Push a new state, which is found in yystate.  |
+`------------------------------------------------------------*/
+ yynewstate:
+  /* In all cases, when you get here, the value and location stacks
+     have just been pushed. so pushing a state here evens the stacks.
+     */
+  yyssp++;
+
+ yysetstate:
+  *yyssp = yystate;
+
+  if (yyss + yystacksize - 1 <= yyssp)
+    {
+      /* Get the current used size of the three stacks, in elements.  */
+      YYSIZE_T yysize = yyssp - yyss + 1;
+
+#ifdef yyoverflow
+      {
+	/* Give user a chance to reallocate the stack. Use copies of
+	   these so that the &'s don't force the real ones into
+	   memory.  */
+	YYSTYPE *yyvs1 = yyvs;
+	short *yyss1 = yyss;
+
+
+	/* Each stack pointer address is followed by the size of the
+	   data in use in that stack, in bytes.  This used to be a
+	   conditional around just the two extra args, but that might
+	   be undefined if yyoverflow is a macro.  */
+	yyoverflow ("parser stack overflow",
+		    &yyss1, yysize * sizeof (*yyssp),
+		    &yyvs1, yysize * sizeof (*yyvsp),
+
+		    &yystacksize);
+
+	yyss = yyss1;
+	yyvs = yyvs1;
+      }
+#else /* no yyoverflow */
+# ifndef YYSTACK_RELOCATE
+      goto yyoverflowlab;
+# else
+      /* Extend the stack our own way.  */
+      if (YYMAXDEPTH <= yystacksize)
+	goto yyoverflowlab;
+      yystacksize *= 2;
+      if (YYMAXDEPTH < yystacksize)
+	yystacksize = YYMAXDEPTH;
+
+      {
+	short *yyss1 = yyss;
+	union yyalloc *yyptr =
+	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
+	if (! yyptr)
+	  goto yyoverflowlab;
+	YYSTACK_RELOCATE (yyss);
+	YYSTACK_RELOCATE (yyvs);
+
+#  undef YYSTACK_RELOCATE
+	if (yyss1 != yyssa)
+	  YYSTACK_FREE (yyss1);
+      }
+# endif
+#endif /* no yyoverflow */
+
+      yyssp = yyss + yysize - 1;
+      yyvsp = yyvs + yysize - 1;
+
+
+      YYDPRINTF ((stderr, "Stack size increased to %lu\n",
+		  (unsigned long int) yystacksize));
+
+      if (yyss + yystacksize - 1 <= yyssp)
+	YYABORT;
+    }
+
+  YYDPRINTF ((stderr, "Entering state %d\n", yystate));
+
+  goto yybackup;
+
+/*-----------.
+| yybackup.  |
+`-----------*/
+yybackup:
+
+/* Do appropriate processing given the current state.  */
+/* Read a lookahead token if we need one and don't already have one.  */
+/* yyresume: */
+
+  /* First try to decide what to do without reference to lookahead token.  */
+
+  yyn = yypact[yystate];
+  if (yyn == YYPACT_NINF)
+    goto yydefault;
+
+  /* Not known => get a lookahead token if don't already have one.  */
+
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
+  if (yychar == YYEMPTY)
+    {
+      YYDPRINTF ((stderr, "Reading a token: "));
+      yychar = YYLEX;
+    }
+
+  if (yychar <= YYEOF)
+    {
+      yychar = yytoken = YYEOF;
+      YYDPRINTF ((stderr, "Now at end of input.\n"));
+    }
+  else
+    {
+      yytoken = YYTRANSLATE (yychar);
+      YYDSYMPRINTF ("Next token is", yytoken, &yylval, &yylloc);
+    }
+
+  /* If the proper action on seeing token YYTOKEN is to reduce or to
+     detect an error, take that action.  */
+  yyn += yytoken;
+  if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken)
+    goto yydefault;
+  yyn = yytable[yyn];
+  if (yyn <= 0)
+    {
+      if (yyn == 0 || yyn == YYTABLE_NINF)
+	goto yyerrlab;
+      yyn = -yyn;
+      goto yyreduce;
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  /* Shift the lookahead token.  */
+  YYDPRINTF ((stderr, "Shifting token %s, ", yytname[yytoken]));
+
+  /* Discard the token being shifted unless it is eof.  */
+  if (yychar != YYEOF)
+    yychar = YYEMPTY;
+
+  *++yyvsp = yylval;
+
+
+  /* Count tokens shifted since error; after three, turn off error
+     status.  */
+  if (yyerrstatus)
+    yyerrstatus--;
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-----------------------------------------------------------.
+| yydefault -- do the default action for the current state.  |
+`-----------------------------------------------------------*/
+yydefault:
+  yyn = yydefact[yystate];
+  if (yyn == 0)
+    goto yyerrlab;
+  goto yyreduce;
+
+
+/*-----------------------------.
+| yyreduce -- Do a reduction.  |
+`-----------------------------*/
+yyreduce:
+  /* yyn is the number of a rule to reduce with.  */
+  yylen = yyr2[yyn];
+
+  /* If YYLEN is nonzero, implement the default value of the action:
+     `$$ = $1'.
+
+     Otherwise, the following line sets YYVAL to garbage.
+     This behavior is undocumented and Bison
+     users should not rely upon it.  Assigning to YYVAL
+     unconditionally makes the parser a bit smaller, and it avoids a
+     GCC warning that YYVAL may be used uninitialized.  */
+  yyval = yyvsp[1-yylen];
+
+
+  YY_REDUCE_PRINT (yyn);
+  switch (yyn)
+    {
+        case 8:
+
+    { zconfprint("unexpected 'endmenu' statement"); ;}
+    break;
+
+  case 9:
+
+    { zconfprint("unexpected 'endif' statement"); ;}
+    break;
+
+  case 10:
+
+    { zconfprint("unexpected 'endchoice' statement"); ;}
+    break;
+
+  case 11:
+
+    { zconfprint("syntax error"); yyerrok; ;}
+    break;
+
+  case 18:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 19:
+
+    {
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 20:
+
+    {
+	struct symbol *sym = sym_lookup(yyvsp[-1].string, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 21:
+
+    {
+	if (current_entry->prompt)
+		current_entry->prompt->type = P_MENU;
+	else
+		zconfprint("warning: menuconfig statement without prompt");
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 27:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 28:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 29:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 30:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 31:
+
+    {
+	menu_set_type(S_INT);
+	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 32:
+
+    {
+	menu_set_type(S_HEX);
+	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 33:
+
+    {
+	menu_set_type(S_STRING);
+	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 34:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 35:
+
+    {
+	menu_add_expr(P_DEFAULT, yyvsp[-2].expr, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 36:
+
+    {
+	menu_add_symbol(P_SELECT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 37:
+
+    {
+	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,yyvsp[-3].symbol, yyvsp[-2].symbol), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 38:
+
+    {
+	struct symbol *sym = sym_lookup(NULL, 0);
+	sym->flags |= SYMBOL_CHOICE;
+	menu_add_entry(sym);
+	menu_add_expr(P_CHOICE, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 39:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 40:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_CHOICE, T_ENDCHOICE)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 42:
+
+    {
+	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 48:
+
+    {
+	menu_add_prompt(P_PROMPT, yyvsp[-2].string, yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 49:
+
+    {
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 50:
+
+    {
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 51:
+
+    {
+	current_entry->sym->flags |= SYMBOL_OPTIONAL;
+	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 52:
+
+    {
+	menu_add_symbol(P_DEFAULT, sym_lookup(yyvsp[-2].string, 0), yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 55:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+	menu_add_entry(NULL);
+	menu_add_dep(yyvsp[-1].expr);
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 56:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_IF, T_ENDIF)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 58:
+
+    {
+	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 63:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_MENU, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 64:
+
+    {
+	menu_end_entry();
+	menu_add_menu();
+;}
+    break;
+
+  case 65:
+
+    {
+	if (zconf_endtoken(yyvsp[0].token, T_MENU, T_ENDMENU)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
+	}
+;}
+    break;
+
+  case 67:
+
+    {
+	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+;}
+    break;
+
+  case 72:
+
+    { zconfprint("invalid menu option"); yyerrok; ;}
+    break;
+
+  case 73:
+
+    {
+	yyval.string = yyvsp[-1].string;
+	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), yyvsp[-1].string);
+;}
+    break;
+
+  case 74:
+
+    {
+	zconf_nextfile(yyvsp[0].string);
+;}
+    break;
+
+  case 75:
+
+    {
+	menu_add_entry(NULL);
+	menu_add_prop(P_COMMENT, yyvsp[-1].string, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 76:
+
+    {
+	menu_end_entry();
+;}
+    break;
+
+  case 77:
+
+    {
+	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
+	zconf_starthelp();
+;}
+    break;
+
+  case 78:
+
+    {
+	current_entry->sym->help = yyvsp[0].string;
+;}
+    break;
+
+  case 82:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 83:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 84:
+
+    {
+	menu_add_dep(yyvsp[-1].expr);
+	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
+;}
+    break;
+
+  case 86:
+
+    {
+	menu_add_prop(P_PROMPT, yyvsp[-1].string, NULL, yyvsp[0].expr);
+;}
+    break;
+
+  case 89:
+
+    { yyval.token = T_ENDMENU; ;}
+    break;
+
+  case 90:
+
+    { yyval.token = T_ENDCHOICE; ;}
+    break;
+
+  case 91:
+
+    { yyval.token = T_ENDIF; ;}
+    break;
+
+  case 94:
+
+    { yyval.expr = NULL; ;}
+    break;
+
+  case 95:
+
+    { yyval.expr = yyvsp[0].expr; ;}
+    break;
+
+  case 96:
+
+    { yyval.expr = expr_alloc_symbol(yyvsp[0].symbol); ;}
+    break;
+
+  case 97:
+
+    { yyval.expr = expr_alloc_comp(E_EQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 98:
+
+    { yyval.expr = expr_alloc_comp(E_UNEQUAL, yyvsp[-2].symbol, yyvsp[0].symbol); ;}
+    break;
+
+  case 99:
+
+    { yyval.expr = yyvsp[-1].expr; ;}
+    break;
+
+  case 100:
+
+    { yyval.expr = expr_alloc_one(E_NOT, yyvsp[0].expr); ;}
+    break;
+
+  case 101:
+
+    { yyval.expr = expr_alloc_two(E_OR, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 102:
+
+    { yyval.expr = expr_alloc_two(E_AND, yyvsp[-2].expr, yyvsp[0].expr); ;}
+    break;
+
+  case 103:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 0); free(yyvsp[0].string); ;}
+    break;
+
+  case 104:
+
+    { yyval.symbol = sym_lookup(yyvsp[0].string, 1); free(yyvsp[0].string); ;}
+    break;
+
+
+    }
+
+/* Line 999 of yacc.c.  */
+
+
+  yyvsp -= yylen;
+  yyssp -= yylen;
+
+
+  YY_STACK_PRINT (yyss, yyssp);
+
+  *++yyvsp = yyval;
+
+
+  /* Now `shift' the result of the reduction.  Determine what state
+     that goes to, based on the state we popped back to and the rule
+     number reduced by.  */
+
+  yyn = yyr1[yyn];
+
+  yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
+  if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
+    yystate = yytable[yystate];
+  else
+    yystate = yydefgoto[yyn - YYNTOKENS];
+
+  goto yynewstate;
+
+
+/*------------------------------------.
+| yyerrlab -- here on detecting error |
+`------------------------------------*/
+yyerrlab:
+  /* If not already recovering from an error, report this error.  */
+  if (!yyerrstatus)
+    {
+      ++yynerrs;
+#if YYERROR_VERBOSE
+      yyn = yypact[yystate];
+
+      if (YYPACT_NINF < yyn && yyn < YYLAST)
+	{
+	  YYSIZE_T yysize = 0;
+	  int yytype = YYTRANSLATE (yychar);
+	  char *yymsg;
+	  int yyx, yycount;
+
+	  yycount = 0;
+	  /* Start YYX at -YYN if negative to avoid negative indexes in
+	     YYCHECK.  */
+	  for (yyx = yyn < 0 ? -yyn : 0;
+	       yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++)
+	    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+	      yysize += yystrlen (yytname[yyx]) + 15, yycount++;
+	  yysize += yystrlen ("syntax error, unexpected ") + 1;
+	  yysize += yystrlen (yytname[yytype]);
+	  yymsg = (char *) YYSTACK_ALLOC (yysize);
+	  if (yymsg != 0)
+	    {
+	      char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
+	      yyp = yystpcpy (yyp, yytname[yytype]);
+
+	      if (yycount < 5)
+		{
+		  yycount = 0;
+		  for (yyx = yyn < 0 ? -yyn : 0;
+		       yyx < (int) (sizeof (yytname) / sizeof (char *));
+		       yyx++)
+		    if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
+		      {
+			const char *yyq = ! yycount ? ", expecting " : " or ";
+			yyp = yystpcpy (yyp, yyq);
+			yyp = yystpcpy (yyp, yytname[yyx]);
+			yycount++;
+		      }
+		}
+	      yyerror (yymsg);
+	      YYSTACK_FREE (yymsg);
+	    }
+	  else
+	    yyerror ("syntax error; also virtual memory exhausted");
+	}
+      else
+#endif /* YYERROR_VERBOSE */
+	yyerror ("syntax error");
+    }
+
+
+
+  if (yyerrstatus == 3)
+    {
+      /* If just tried and failed to reuse lookahead token after an
+	 error, discard it.  */
+
+      /* Return failure if at end of input.  */
+      if (yychar == YYEOF)
+        {
+	  /* Pop the error token.  */
+          YYPOPSTACK;
+	  /* Pop the rest of the stack.  */
+	  while (yyss < yyssp)
+	    {
+	      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+	      yydestruct (yystos[*yyssp], yyvsp);
+	      YYPOPSTACK;
+	    }
+	  YYABORT;
+        }
+
+      YYDSYMPRINTF ("Error: discarding", yytoken, &yylval, &yylloc);
+      yydestruct (yytoken, &yylval);
+      yychar = YYEMPTY;
+
+    }
+
+  /* Else will try to reuse lookahead token after shifting the error
+     token.  */
+  goto yyerrlab1;
+
+
+/*----------------------------------------------------.
+| yyerrlab1 -- error raised explicitly by an action.  |
+`----------------------------------------------------*/
+yyerrlab1:
+  yyerrstatus = 3;	/* Each real token shifted decrements this.  */
+
+  for (;;)
+    {
+      yyn = yypact[yystate];
+      if (yyn != YYPACT_NINF)
+	{
+	  yyn += YYTERROR;
+	  if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR)
+	    {
+	      yyn = yytable[yyn];
+	      if (0 < yyn)
+		break;
+	    }
+	}
+
+      /* Pop the current state because it cannot handle the error token.  */
+      if (yyssp == yyss)
+	YYABORT;
+
+      YYDSYMPRINTF ("Error: popping", yystos[*yyssp], yyvsp, yylsp);
+      yydestruct (yystos[yystate], yyvsp);
+      yyvsp--;
+      yystate = *--yyssp;
+
+      YY_STACK_PRINT (yyss, yyssp);
+    }
+
+  if (yyn == YYFINAL)
+    YYACCEPT;
+
+  YYDPRINTF ((stderr, "Shifting error token, "));
+
+  *++yyvsp = yylval;
+
+
+  yystate = yyn;
+  goto yynewstate;
+
+
+/*-------------------------------------.
+| yyacceptlab -- YYACCEPT comes here.  |
+`-------------------------------------*/
+yyacceptlab:
+  yyresult = 0;
+  goto yyreturn;
+
+/*-----------------------------------.
+| yyabortlab -- YYABORT comes here.  |
+`-----------------------------------*/
+yyabortlab:
+  yyresult = 1;
+  goto yyreturn;
+
+#ifndef yyoverflow
+/*----------------------------------------------.
+| yyoverflowlab -- parser overflow comes here.  |
+`----------------------------------------------*/
+yyoverflowlab:
+  yyerror ("parser stack overflow");
+  yyresult = 2;
+  /* Fall through.  */
+#endif
+
+yyreturn:
+#ifndef yyoverflow
+  if (yyss != yyssa)
+    YYSTACK_FREE (yyss);
+#endif
+  return yyresult;
+}
+
+
+
+
+
+void conf_parse(const char *name)
+{
+	struct symbol *sym;
+	int i;
+
+	zconf_initscan(name);
+
+	sym_init();
+	menu_init();
+	modules_sym = sym_lookup("MODULES", 0);
+	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
+
+	//zconfdebug = 1;
+	zconfparse();
+	if (zconfnerrs)
+		exit(1);
+	menu_finalize(&rootmenu);
+	for_all_symbols(i, sym) {
+                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
+                        printf("\n");
+		else
+			sym->flags |= SYMBOL_CHECK_DONE;
+        }
+
+	sym_change_count = 1;
+}
+
+const char *zconf_tokenname(int token)
+{
+	switch (token) {
+	case T_MENU:		return "menu";
+	case T_ENDMENU:		return "endmenu";
+	case T_CHOICE:		return "choice";
+	case T_ENDCHOICE:	return "endchoice";
+	case T_IF:		return "if";
+	case T_ENDIF:		return "endif";
+	}
+	return "<token>";
+}
+
+static bool zconf_endtoken(int token, int starttoken, int endtoken)
+{
+	if (token != endtoken) {
+		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	if (current_menu->file != current_file) {
+		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	return true;
+}
+
+static void zconfprint(const char *err, ...)
+{
+	va_list ap;
+
+	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
+	va_start(ap, err);
+	vfprintf(stderr, err, ap);
+	va_end(ap);
+	fprintf(stderr, "\n");
+}
+
+static void zconferror(const char *err)
+{
+	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
+}
+
+void print_quoted_string(FILE *out, const char *str)
+{
+	const char *p;
+	int len;
+
+	putc('"', out);
+	while ((p = strchr(str, '"'))) {
+		len = p - str;
+		if (len)
+			fprintf(out, "%.*s", len, str);
+		fputs("\\\"", out);
+		str = p + 1;
+	}
+	fputs(str, out);
+	putc('"', out);
+}
+
+void print_symbol(FILE *out, struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	struct property *prop;
+
+	if (sym_is_choice(sym))
+		fprintf(out, "choice\n");
+	else
+		fprintf(out, "config %s\n", sym->name);
+	switch (sym->type) {
+	case S_BOOLEAN:
+		fputs("  boolean\n", out);
+		break;
+	case S_TRISTATE:
+		fputs("  tristate\n", out);
+		break;
+	case S_STRING:
+		fputs("  string\n", out);
+		break;
+	case S_INT:
+		fputs("  integer\n", out);
+		break;
+	case S_HEX:
+		fputs("  hex\n", out);
+		break;
+	default:
+		fputs("  ???\n", out);
+		break;
+	}
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu != menu)
+			continue;
+		switch (prop->type) {
+		case P_PROMPT:
+			fputs("  prompt ", out);
+			print_quoted_string(out, prop->text);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_DEFAULT:
+			fputs( "  default ", out);
+			expr_fprint(prop->expr, out);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_CHOICE:
+			fputs("  #choice value\n", out);
+			break;
+		default:
+			fprintf(out, "  unknown prop %d!\n", prop->type);
+			break;
+		}
+	}
+	if (sym->help) {
+		int len = strlen(sym->help);
+		while (sym->help[--len] == '\n')
+			sym->help[len] = 0;
+		fprintf(out, "  help\n%s\n", sym->help);
+	}
+	fputc('\n', out);
+}
+
+void zconfdump(FILE *out)
+{
+	struct property *prop;
+	struct symbol *sym;
+	struct menu *menu;
+
+	menu = rootmenu.list;
+	while (menu) {
+		if ((sym = menu->sym))
+			print_symbol(out, menu);
+		else if ((prop = menu->prompt)) {
+			switch (prop->type) {
+			case P_COMMENT:
+				fputs("\ncomment ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			case P_MENU:
+				fputs("\nmenu ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			default:
+				;
+			}
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs("  depends ", out);
+				expr_fprint(prop->visible.expr, out);
+				fputc('\n', out);
+			}
+			fputs("\n", out);
+		}
+
+		if (menu->list)
+			menu = menu->list;
+		else if (menu->next)
+			menu = menu->next;
+		else while ((menu = menu->parent)) {
+			if (menu->prompt && menu->prompt->type == P_MENU)
+				fputs("\nendmenu\n", out);
+			if (menu->next) {
+				menu = menu->next;
+				break;
+			}
+		}
+	}
+}
+
+#include "lex.zconf.c"
+#include "util.c"
+#include "confdata.c"
+#include "expr.c"
+#include "symbol.c"
+#include "menu.c"
+
+
diff --git a/config/scripts/config/zconf.tab.h_shipped b/config/scripts/config/zconf.tab.h_shipped
new file mode 100644
index 0000000000..3b191ef599
--- /dev/null
+++ b/config/scripts/config/zconf.tab.h_shipped
@@ -0,0 +1,125 @@
+/* A Bison parser, made from zconf.y, by GNU bison 1.75.  */
+
+/* Skeleton parser for Yacc-like parsing with Bison,
+   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software Foundation, Inc.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+/* As a special exception, when this file is copied by Bison into a
+   Bison output file, you may use that output file without restriction.
+   This special exception was added by the Free Software Foundation
+   in version 1.24 of Bison.  */
+
+#ifndef BISON_ZCONF_TAB_H
+# define BISON_ZCONF_TAB_H
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     T_MAINMENU = 258,
+     T_MENU = 259,
+     T_ENDMENU = 260,
+     T_SOURCE = 261,
+     T_CHOICE = 262,
+     T_ENDCHOICE = 263,
+     T_COMMENT = 264,
+     T_CONFIG = 265,
+     T_HELP = 266,
+     T_HELPTEXT = 267,
+     T_IF = 268,
+     T_ENDIF = 269,
+     T_DEPENDS = 270,
+     T_REQUIRES = 271,
+     T_OPTIONAL = 272,
+     T_PROMPT = 273,
+     T_DEFAULT = 274,
+     T_TRISTATE = 275,
+     T_BOOLEAN = 276,
+     T_INT = 277,
+     T_HEX = 278,
+     T_WORD = 279,
+     T_STRING = 280,
+     T_UNEQUAL = 281,
+     T_EOF = 282,
+     T_EOL = 283,
+     T_CLOSE_PAREN = 284,
+     T_OPEN_PAREN = 285,
+     T_ON = 286,
+     T_OR = 287,
+     T_AND = 288,
+     T_EQUAL = 289,
+     T_NOT = 290
+   };
+#endif
+#define T_MAINMENU 258
+#define T_MENU 259
+#define T_ENDMENU 260
+#define T_SOURCE 261
+#define T_CHOICE 262
+#define T_ENDCHOICE 263
+#define T_COMMENT 264
+#define T_CONFIG 265
+#define T_HELP 266
+#define T_HELPTEXT 267
+#define T_IF 268
+#define T_ENDIF 269
+#define T_DEPENDS 270
+#define T_REQUIRES 271
+#define T_OPTIONAL 272
+#define T_PROMPT 273
+#define T_DEFAULT 274
+#define T_TRISTATE 275
+#define T_BOOLEAN 276
+#define T_INT 277
+#define T_HEX 278
+#define T_WORD 279
+#define T_STRING 280
+#define T_UNEQUAL 281
+#define T_EOF 282
+#define T_EOL 283
+#define T_CLOSE_PAREN 284
+#define T_OPEN_PAREN 285
+#define T_ON 286
+#define T_OR 287
+#define T_AND 288
+#define T_EQUAL 289
+#define T_NOT 290
+
+
+
+
+#ifndef YYSTYPE
+#line 33 "zconf.y"
+typedef union {
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+} yystype;
+/* Line 1281 of /usr/share/bison/yacc.c.  */
+#line 118 "zconf.tab.h"
+# define YYSTYPE yystype
+#endif
+
+extern YYSTYPE zconflval;
+
+
+#endif /* not BISON_ZCONF_TAB_H */
+
diff --git a/config/scripts/config/zconf.y b/config/scripts/config/zconf.y
new file mode 100644
index 0000000000..cf45da0b20
--- /dev/null
+++ b/config/scripts/config/zconf.y
@@ -0,0 +1,690 @@
+%{
+/*
+ * Copyright (C) 2002 Roman Zippel <zippel@linux-m68k.org>
+ * Released under the terms of the GNU GPL v2.0.
+ */
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#define printd(mask, fmt...) if (cdebug & (mask)) printf(fmt)
+
+#define PRINTD		0x0001
+#define DEBUG_PARSE	0x0002
+
+int cdebug = PRINTD;
+
+extern int zconflex(void);
+static void zconfprint(const char *err, ...);
+static void zconferror(const char *err);
+static bool zconf_endtoken(int token, int starttoken, int endtoken);
+
+struct symbol *symbol_hash[257];
+
+static struct menu *current_menu, *current_entry;
+
+#define YYERROR_VERBOSE
+%}
+%expect 40
+
+%union
+{
+	int token;
+	char *string;
+	struct symbol *symbol;
+	struct expr *expr;
+	struct menu *menu;
+}
+
+%token T_MAINMENU
+%token T_MENU
+%token T_ENDMENU
+%token T_SOURCE
+%token T_CHOICE
+%token T_ENDCHOICE
+%token T_COMMENT
+%token T_CONFIG
+%token T_MENUCONFIG
+%token T_HELP
+%token <string> T_HELPTEXT
+%token T_IF
+%token T_ENDIF
+%token T_DEPENDS
+%token T_REQUIRES
+%token T_OPTIONAL
+%token T_PROMPT
+%token T_DEFAULT
+%token T_TRISTATE
+%token T_DEF_TRISTATE
+%token T_BOOLEAN
+%token T_DEF_BOOLEAN
+%token T_STRING
+%token T_INT
+%token T_HEX
+%token <string> T_WORD
+%token <string> T_WORD_QUOTE
+%token T_UNEQUAL
+%token T_EOF
+%token T_EOL
+%token T_CLOSE_PAREN
+%token T_OPEN_PAREN
+%token T_ON
+%token T_SELECT
+%token T_RANGE
+
+%left T_OR
+%left T_AND
+%left T_EQUAL T_UNEQUAL
+%nonassoc T_NOT
+
+%type <string> prompt
+%type <string> source
+%type <symbol> symbol
+%type <expr> expr
+%type <expr> if_expr
+%type <token> end
+
+%{
+#define LKC_DIRECT_LINK
+#include "lkc.h"
+%}
+%%
+input:	  /* empty */
+	| input block
+;
+
+block:	  common_block
+	| choice_stmt
+	| menu_stmt
+	| T_MAINMENU prompt nl_or_eof
+	| T_ENDMENU		{ zconfprint("unexpected 'endmenu' statement"); }
+	| T_ENDIF		{ zconfprint("unexpected 'endif' statement"); }
+	| T_ENDCHOICE		{ zconfprint("unexpected 'endchoice' statement"); }
+	| error nl_or_eof	{ zconfprint("syntax error"); yyerrok; }
+;
+
+common_block:
+	  if_stmt
+	| comment_stmt
+	| config_stmt
+	| menuconfig_stmt
+	| source_stmt
+	| nl_or_eof
+;
+
+
+/* config/menuconfig entry */
+
+config_entry_start: T_CONFIG T_WORD T_EOL
+{
+	struct symbol *sym = sym_lookup($2, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:config %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+config_stmt: config_entry_start config_option_list
+{
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+};
+
+menuconfig_entry_start: T_MENUCONFIG T_WORD T_EOL
+{
+	struct symbol *sym = sym_lookup($2, 0);
+	sym->flags |= SYMBOL_OPTIONAL;
+	menu_add_entry(sym);
+	printd(DEBUG_PARSE, "%s:%d:menuconfig %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+menuconfig_stmt: menuconfig_entry_start config_option_list
+{
+	if (current_entry->prompt)
+		current_entry->prompt->type = P_MENU;
+	else
+		zconfprint("warning: menuconfig statement without prompt");
+	menu_end_entry();
+	printd(DEBUG_PARSE, "%s:%d:endconfig\n", zconf_curname(), zconf_lineno());
+};
+
+config_option_list:
+	  /* empty */
+	| config_option_list config_option
+	| config_option_list depends
+	| config_option_list help
+	| config_option_list T_EOL
+;
+
+config_option: T_TRISTATE prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEF_TRISTATE expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_BOOLEAN prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEF_BOOLEAN expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:def_boolean\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_INT prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_INT);
+	printd(DEBUG_PARSE, "%s:%d:int\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_HEX prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_HEX);
+	printd(DEBUG_PARSE, "%s:%d:hex\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_STRING prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_STRING);
+	printd(DEBUG_PARSE, "%s:%d:string\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_PROMPT prompt if_expr T_EOL
+{
+	menu_add_prompt(P_PROMPT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_DEFAULT expr if_expr T_EOL
+{
+	menu_add_expr(P_DEFAULT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_SELECT T_WORD if_expr T_EOL
+{
+	menu_add_symbol(P_SELECT, sym_lookup($2, 0), $3);
+	printd(DEBUG_PARSE, "%s:%d:select\n", zconf_curname(), zconf_lineno());
+};
+
+config_option: T_RANGE symbol symbol if_expr T_EOL
+{
+	menu_add_expr(P_RANGE, expr_alloc_comp(E_RANGE,$2, $3), $4);
+	printd(DEBUG_PARSE, "%s:%d:range\n", zconf_curname(), zconf_lineno());
+};
+
+/* choice entry */
+
+choice: T_CHOICE T_EOL
+{
+	struct symbol *sym = sym_lookup(NULL, 0);
+	sym->flags |= SYMBOL_CHOICE;
+	menu_add_entry(sym);
+	menu_add_expr(P_CHOICE, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:choice\n", zconf_curname(), zconf_lineno());
+};
+
+choice_entry: choice choice_option_list
+{
+	menu_end_entry();
+	menu_add_menu();
+};
+
+choice_end: end
+{
+	if (zconf_endtoken($1, T_CHOICE, T_ENDCHOICE)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endchoice\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+choice_stmt:
+	  choice_entry choice_block choice_end
+	| choice_entry choice_block
+{
+	printf("%s:%d: missing 'endchoice' for this 'choice' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+choice_option_list:
+	  /* empty */
+	| choice_option_list choice_option
+	| choice_option_list depends
+	| choice_option_list help
+	| choice_option_list T_EOL
+;
+
+choice_option: T_PROMPT prompt if_expr T_EOL
+{
+	menu_add_prompt(P_PROMPT, $2, $3);
+	printd(DEBUG_PARSE, "%s:%d:prompt\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_TRISTATE prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_TRISTATE);
+	printd(DEBUG_PARSE, "%s:%d:tristate\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_BOOLEAN prompt_stmt_opt T_EOL
+{
+	menu_set_type(S_BOOLEAN);
+	printd(DEBUG_PARSE, "%s:%d:boolean\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_OPTIONAL T_EOL
+{
+	current_entry->sym->flags |= SYMBOL_OPTIONAL;
+	printd(DEBUG_PARSE, "%s:%d:optional\n", zconf_curname(), zconf_lineno());
+};
+
+choice_option: T_DEFAULT T_WORD if_expr T_EOL
+{
+	menu_add_symbol(P_DEFAULT, sym_lookup($2, 0), $3);
+	printd(DEBUG_PARSE, "%s:%d:default\n", zconf_curname(), zconf_lineno());
+};
+
+choice_block:
+	  /* empty */
+	| choice_block common_block
+;
+
+/* if entry */
+
+if: T_IF expr T_EOL
+{
+	printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+	menu_add_entry(NULL);
+	menu_add_dep($2);
+	menu_end_entry();
+	menu_add_menu();
+};
+
+if_end: end
+{
+	if (zconf_endtoken($1, T_IF, T_ENDIF)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endif\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+if_stmt:
+	  if if_block if_end
+	| if if_block
+{
+	printf("%s:%d: missing 'endif' for this 'if' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+if_block:
+	  /* empty */
+	| if_block common_block
+	| if_block menu_stmt
+	| if_block choice_stmt
+;
+
+/* menu entry */
+
+menu: T_MENU prompt T_EOL
+{
+	menu_add_entry(NULL);
+	menu_add_prop(P_MENU, $2, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:menu\n", zconf_curname(), zconf_lineno());
+};
+
+menu_entry: menu depends_list
+{
+	menu_end_entry();
+	menu_add_menu();
+};
+
+menu_end: end
+{
+	if (zconf_endtoken($1, T_MENU, T_ENDMENU)) {
+		menu_end_menu();
+		printd(DEBUG_PARSE, "%s:%d:endmenu\n", zconf_curname(), zconf_lineno());
+	}
+};
+
+menu_stmt:
+	  menu_entry menu_block menu_end
+	| menu_entry menu_block
+{
+	printf("%s:%d: missing 'endmenu' for this 'menu' statement\n", current_menu->file->name, current_menu->lineno);
+	zconfnerrs++;
+};
+
+menu_block:
+	  /* empty */
+	| menu_block common_block
+	| menu_block menu_stmt
+	| menu_block choice_stmt
+	| menu_block error T_EOL		{ zconfprint("invalid menu option"); yyerrok; }
+;
+
+source: T_SOURCE prompt T_EOL
+{
+	$$ = $2;
+	printd(DEBUG_PARSE, "%s:%d:source %s\n", zconf_curname(), zconf_lineno(), $2);
+};
+
+source_stmt: source
+{
+	zconf_nextfile($1);
+};
+
+/* comment entry */
+
+comment: T_COMMENT prompt T_EOL
+{
+	menu_add_entry(NULL);
+	menu_add_prop(P_COMMENT, $2, NULL, NULL);
+	printd(DEBUG_PARSE, "%s:%d:comment\n", zconf_curname(), zconf_lineno());
+};
+
+comment_stmt: comment depends_list
+{
+	menu_end_entry();
+};
+
+/* help option */
+
+help_start: T_HELP T_EOL
+{
+	printd(DEBUG_PARSE, "%s:%d:help\n", zconf_curname(), zconf_lineno());
+	zconf_starthelp();
+};
+
+help: help_start T_HELPTEXT
+{
+	current_entry->sym->help = $2;
+};
+
+/* depends option */
+
+depends_list:	  /* empty */
+		| depends_list depends
+		| depends_list T_EOL
+;
+
+depends: T_DEPENDS T_ON expr T_EOL
+{
+	menu_add_dep($3);
+	printd(DEBUG_PARSE, "%s:%d:depends on\n", zconf_curname(), zconf_lineno());
+}
+	| T_DEPENDS expr T_EOL
+{
+	menu_add_dep($2);
+	printd(DEBUG_PARSE, "%s:%d:depends\n", zconf_curname(), zconf_lineno());
+}
+	| T_REQUIRES expr T_EOL
+{
+	menu_add_dep($2);
+	printd(DEBUG_PARSE, "%s:%d:requires\n", zconf_curname(), zconf_lineno());
+};
+
+/* prompt statement */
+
+prompt_stmt_opt:
+	  /* empty */
+	| prompt if_expr
+{
+	menu_add_prop(P_PROMPT, $1, NULL, $2);
+};
+
+prompt:	  T_WORD
+	| T_WORD_QUOTE
+;
+
+end:	  T_ENDMENU nl_or_eof	{ $$ = T_ENDMENU; }
+	| T_ENDCHOICE nl_or_eof	{ $$ = T_ENDCHOICE; }
+	| T_ENDIF nl_or_eof	{ $$ = T_ENDIF; }
+;
+
+nl_or_eof:
+	T_EOL | T_EOF;
+
+if_expr:  /* empty */			{ $$ = NULL; }
+	| T_IF expr			{ $$ = $2; }
+;
+
+expr:	  symbol				{ $$ = expr_alloc_symbol($1); }
+	| symbol T_EQUAL symbol			{ $$ = expr_alloc_comp(E_EQUAL, $1, $3); }
+	| symbol T_UNEQUAL symbol		{ $$ = expr_alloc_comp(E_UNEQUAL, $1, $3); }
+	| T_OPEN_PAREN expr T_CLOSE_PAREN	{ $$ = $2; }
+	| T_NOT expr				{ $$ = expr_alloc_one(E_NOT, $2); }
+	| expr T_OR expr			{ $$ = expr_alloc_two(E_OR, $1, $3); }
+	| expr T_AND expr			{ $$ = expr_alloc_two(E_AND, $1, $3); }
+;
+
+symbol:	  T_WORD	{ $$ = sym_lookup($1, 0); free($1); }
+	| T_WORD_QUOTE	{ $$ = sym_lookup($1, 1); free($1); }
+;
+
+%%
+
+void conf_parse(const char *name)
+{
+	struct symbol *sym;
+	int i;
+
+	zconf_initscan(name);
+
+	sym_init();
+	menu_init();
+	modules_sym = sym_lookup("MODULES", 0);
+	rootmenu.prompt = menu_add_prop(P_MENU, "axTLS Configuration", NULL, NULL);
+
+	//zconfdebug = 1;
+	zconfparse();
+	if (zconfnerrs)
+		exit(1);
+	menu_finalize(&rootmenu);
+	for_all_symbols(i, sym) {
+                if (!(sym->flags & SYMBOL_CHECKED) && sym_check_deps(sym))
+                        printf("\n");
+		else
+			sym->flags |= SYMBOL_CHECK_DONE;
+        }
+
+	sym_change_count = 1;
+}
+
+const char *zconf_tokenname(int token)
+{
+	switch (token) {
+	case T_MENU:		return "menu";
+	case T_ENDMENU:		return "endmenu";
+	case T_CHOICE:		return "choice";
+	case T_ENDCHOICE:	return "endchoice";
+	case T_IF:		return "if";
+	case T_ENDIF:		return "endif";
+	}
+	return "<token>";
+}
+
+static bool zconf_endtoken(int token, int starttoken, int endtoken)
+{
+	if (token != endtoken) {
+		zconfprint("unexpected '%s' within %s block", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	if (current_menu->file != current_file) {
+		zconfprint("'%s' in different file than '%s'", zconf_tokenname(token), zconf_tokenname(starttoken));
+		zconfprint("location of the '%s'", zconf_tokenname(starttoken));
+		zconfnerrs++;
+		return false;
+	}
+	return true;
+}
+
+static void zconfprint(const char *err, ...)
+{
+	va_list ap;
+
+	fprintf(stderr, "%s:%d: ", zconf_curname(), zconf_lineno() + 1);
+	va_start(ap, err);
+	vfprintf(stderr, err, ap);
+	va_end(ap);
+	fprintf(stderr, "\n");
+}
+
+static void zconferror(const char *err)
+{
+	fprintf(stderr, "%s:%d: %s\n", zconf_curname(), zconf_lineno() + 1, err);
+}
+
+void print_quoted_string(FILE *out, const char *str)
+{
+	const char *p;
+	int len;
+
+	putc('"', out);
+	while ((p = strchr(str, '"'))) {
+		len = p - str;
+		if (len)
+			fprintf(out, "%.*s", len, str);
+		fputs("\\\"", out);
+		str = p + 1;
+	}
+	fputs(str, out);
+	putc('"', out);
+}
+
+void print_symbol(FILE *out, struct menu *menu)
+{
+	struct symbol *sym = menu->sym;
+	struct property *prop;
+
+	if (sym_is_choice(sym))
+		fprintf(out, "choice\n");
+	else
+		fprintf(out, "config %s\n", sym->name);
+	switch (sym->type) {
+	case S_BOOLEAN:
+		fputs("  boolean\n", out);
+		break;
+	case S_TRISTATE:
+		fputs("  tristate\n", out);
+		break;
+	case S_STRING:
+		fputs("  string\n", out);
+		break;
+	case S_INT:
+		fputs("  integer\n", out);
+		break;
+	case S_HEX:
+		fputs("  hex\n", out);
+		break;
+	default:
+		fputs("  ???\n", out);
+		break;
+	}
+	for (prop = sym->prop; prop; prop = prop->next) {
+		if (prop->menu != menu)
+			continue;
+		switch (prop->type) {
+		case P_PROMPT:
+			fputs("  prompt ", out);
+			print_quoted_string(out, prop->text);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_DEFAULT:
+			fputs( "  default ", out);
+			expr_fprint(prop->expr, out);
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs(" if ", out);
+				expr_fprint(prop->visible.expr, out);
+			}
+			fputc('\n', out);
+			break;
+		case P_CHOICE:
+			fputs("  #choice value\n", out);
+			break;
+		default:
+			fprintf(out, "  unknown prop %d!\n", prop->type);
+			break;
+		}
+	}
+	if (sym->help) {
+		int len = strlen(sym->help);
+		while (sym->help[--len] == '\n')
+			sym->help[len] = 0;
+		fprintf(out, "  help\n%s\n", sym->help);
+	}
+	fputc('\n', out);
+}
+
+void zconfdump(FILE *out)
+{
+	struct property *prop;
+	struct symbol *sym;
+	struct menu *menu;
+
+	menu = rootmenu.list;
+	while (menu) {
+		if ((sym = menu->sym))
+			print_symbol(out, menu);
+		else if ((prop = menu->prompt)) {
+			switch (prop->type) {
+			case P_COMMENT:
+				fputs("\ncomment ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			case P_MENU:
+				fputs("\nmenu ", out);
+				print_quoted_string(out, prop->text);
+				fputs("\n", out);
+				break;
+			default:
+				;
+			}
+			if (!expr_is_yes(prop->visible.expr)) {
+				fputs("  depends ", out);
+				expr_fprint(prop->visible.expr, out);
+				fputc('\n', out);
+			}
+			fputs("\n", out);
+		}
+
+		if (menu->list)
+			menu = menu->list;
+		else if (menu->next)
+			menu = menu->next;
+		else while ((menu = menu->parent)) {
+			if (menu->prompt && menu->prompt->type == P_MENU)
+				fputs("\nendmenu\n", out);
+			if (menu->next) {
+				menu = menu->next;
+				break;
+			}
+		}
+	}
+}
+
+#include "lex.zconf.c"
+#include "util.c"
+#include "confdata.c"
+#include "expr.c"
+#include "symbol.c"
+#include "menu.c"
diff --git a/config/win32config b/config/win32config
new file mode 100644
index 0000000000..08806d97b5
--- /dev/null
+++ b/config/win32config
@@ -0,0 +1,116 @@
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+CONFIG_PLATFORM_WIN32=y
+
+#
+# General Configuration
+#
+PREFIX=""
+# CONFIG_DEBUG is not set
+
+#
+# Microsoft Compiler Options
+#
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+CONFIG_VISUAL_STUDIO_7_0=y
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_USE_DEV_URANDOM is not set
+CONFIG_WIN32_USE_CRYPTO_LIB=y
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_TIMEOUT=300
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSIONS=""
+CONFIG_HTTP_DIRECTORIES=y
+# CONFIG_HTTP_USE_CHROOT is not set
+# CONFIG_HTTP_CHANGE_UID is not set
+CONFIG_HTTP_HAS_AUTHORIZATION=y
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_ALL_MIME_TYPES=y
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+CONFIG_CSHARP_BINDINGS=y
+CONFIG_VBNET_BINDINGS=y
+
+#
+# .Net Framework
+#
+CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+CONFIG_JAVA_BINDINGS=y
+
+#
+# Java Home
+#
+CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+CONFIG_CSHARP_SAMPLES=y
+CONFIG_VBNET_SAMPLES=y
+CONFIG_JAVA_SAMPLES=y
+# CONFIG_PERL_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/docsrc/Makefile b/docsrc/Makefile
new file mode 100644
index 0000000000..136264b08d
--- /dev/null
+++ b/docsrc/Makefile
@@ -0,0 +1,27 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This license is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../config/makefile.conf
+
+all:
+
+doco:
+	doxygen ./axTLS.dox
+
+clean::
+	@-rm -fr html *~
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
new file mode 100644
index 0000000000..e4763d6f34
--- /dev/null
+++ b/docsrc/axTLS.dox
@@ -0,0 +1,1237 @@
+# Doxyfile 1.4.5
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = axTLS
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = 
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of 
+# source files, where putting all generated files in the same directory would 
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, 
+# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, 
+# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian, 
+# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, 
+# Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# This tag can be used to specify the encoding used in the generated output. 
+# The encoding is not always determined by the language that is chosen, 
+# but also whether or not the output is meant for Windows or non-Windows users. 
+# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
+# forces the Windows encoding (this is the default for the Windows binary), 
+# whereas setting the tag to NO uses a Unix-style encoding (the default for 
+# all platforms other than Windows).
+
+USE_WINDOWS_ENCODING   = NO
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is 
+# used as the annotated text. Otherwise, the brief description is used as-is. 
+# If left blank, the following values are used ("$name" is automatically 
+# replaced with the name of the entity): "The $name class" "The $name widget" 
+# "The $name file" "is" "provides" "specifies" "contains" 
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = 
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
+# inherited members of a class in the documentation of that class as if those 
+# members were ordinary class members. Constructors, destructors and assignment 
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip.
+
+STRIP_FROM_PATH        = 
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = 
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful is your file systems 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like the Qt-style comments (thus requiring an 
+# explicit @brief command for a brief description.
+
+JAVADOC_AUTOBRIEF      = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member 
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
+# a new page for each member. If set to NO, the documentation of a member will 
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
+# sources only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
+# sources only. Doxygen will then generate output that is more tailored for Java. 
+# For instance, namespaces will be presented as packages, qualified scopes 
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
+# include (a tag file for) the STL sources as input, then you should 
+# set this tag to YES in order to let doxygen match functions declarations and 
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
+# func(std::string) {}). This also make the inheritance and collaboration 
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = NO
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or define consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and defines in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = NO
+
+# If the sources in your project are distributed over multiple directories 
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
+# in the documentation. The default is YES.
+
+SHOW_DIRECTORIES       = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
+# doxygen should invoke to get the current version for each file (typically from the 
+# version control system). Doxygen will invoke the program by executing (via 
+# popen()) the command <command> <input-file>, where <command> is the value of 
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
+# provided by doxygen. Whatever the program writes to standard output 
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for 
+# functions that are documented, but have no documentation for their parameters 
+# or return value. If set to NO (the default) doxygen will only warn about 
+# wrong or incomplete parameter documentation, but not about the absence of 
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text. Optionally the format may contain 
+# $version, which will be replaced by the version of the file (if it could 
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../ssl/bigint.c ../ssl/bigint.h 
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
+
+FILE_PATTERNS          = 
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
+# directories that are symbolic links (a Unix filesystem feature) are excluded 
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories. Note that the wildcards are matched 
+# against the file with absolute path, so to exclude all test directories 
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = 
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = images
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
+# is applied to all files.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default) 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code 
+# will point to the HTML generated by the htags(1) tool instead of doxygen 
+# built-in source browser. The htags tool is part of GNU's global source 
+# tagging system (see http://www.gnu.org/software/global/global.html). You 
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header.
+
+HTML_HEADER            = 
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = doco_footer.html 
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If the tag is left blank doxygen 
+# will generate a default style sheet. Note that doxygen will try to copy 
+# the style sheet file to the HTML output directory, so don't put your own 
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        = 
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = YES
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
+# top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it.
+
+DISABLE_INDEX          = YES
+
+# This tag can be used to set the number of enum values (range [1..20]) 
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, a4wide, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = YES
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = 
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL=""
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all function-like macros that are alone 
+# on a line, have an all uppercase name, and do not end with a semicolon. Such 
+# function macros are typically used for boiler-plate code, and will confuse 
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. 
+# Optionally an initial location of the external documentation 
+# can be added for each tagfile. The format of a tag file without 
+# this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths or 
+# URLs. If a location is present for each tag, the installdox tool 
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen 
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = NO
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
+# or super classes. Setting the tag to NO turns the diagrams off. Note that 
+# this option is superseded by the HAVE_DOT option below. This is only a 
+# fallback. It is recommended to install and use dot, since it yields more 
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = NO
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = NO
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = NO
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = NO
+
+# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
+# generate a call dependency graph for every global function or class method. 
+# Note that enabling this option will significantly increase the time of a run. 
+# So in most cases it will be better to enable call graphs for selected 
+# functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = NO
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
+# then doxygen will show the dependencies a directory has on other directories 
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = NO
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_WIDTH    = 1024
+
+# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
+# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
+# this value, doxygen will try to truncate the graph, so that it fits within 
+# the specified constraint. Beware that most browsers cannot cope with very 
+# large images.
+
+MAX_DOT_GRAPH_HEIGHT   = 1024
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes 
+# that lay further from the root node will be omitted. Note that setting this 
+# option to 1 or 2 may greatly reduce the computation time needed for large 
+# code bases. Also note that a graph may be further truncated if the graph's 
+# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH 
+# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default), 
+# the graph is not depth-constrained.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
+# background. This is disabled by default, which results in a white background. 
+# Warning: Depending on the platform used, enabling this option may lead to 
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
+# read).
+
+DOT_TRANSPARENT        = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
+# files in one run (i.e. multiple -o and -T options on the command line). This 
+# makes dot run faster, but since only newer versions of dot (>1.8.10) 
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be 
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
diff --git a/docsrc/doco_footer.html b/docsrc/doco_footer.html
new file mode 100644
index 0000000000..20c4e70b7a
--- /dev/null
+++ b/docsrc/doco_footer.html
@@ -0,0 +1,3 @@
+<p></p>
+<p align="center"><img src="../images/tsbasbw.gif" width="1000" height="7"></p>
+<CITE>Copyright <sup>�</sup> 2007 Cameron Rich</CITE>
diff --git a/docsrc/images/axolotl.jpg b/docsrc/images/axolotl.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..7352bbae836739e469c837a7fdb8114f786b2130
GIT binary patch
literal 3041
zcmbW3cTm%58pnSjB!MU;N>O@=NRbjk3lRun2%sWhXhPVfgr;<mzS7stQlv`}6{IUw
z1*9BBLX#RgoC^d3NSBT%$L`+j+|1n{clZ6y`#$r|cjlSTAMZT#oQ$8$0GtN8`nmw<
z)IXjYIQb3;-^6QQ7a@}Eo!vd|dpNm}eMI!#?d3$wP;v?=;A9Gj0$89>7!<++gTdge
zEO0g+cDA!;+4#?Maq@@=h=~dd2n&fzqGiM-6eNU%uV~0BD63%9F=8@WI+|)aXf=!~
zh!qZJJHy7u&d#Tb6h^B4&pP=4$^`%r1oVf1e+t9|W`;mvEUfS|AOQSlc6$Gr{!7RS
zFoD2eCT1`M!pwZyCiFA|m=Tb3q9|?Xd1G6cm=~8~c;X8d@oSYW+$MvYNVJ`I1S_0}
z_rgWKOA?nQrKFXVRaDh5>N?l)x&%FagF8f1Gjj{eyY>!bM<-_&S07)$2mS$pL6K3>
zF+V^0g_4w<lA4zOBqK97?`3{LVNr2ORrQ;<?`mr6-nX`WXs32`c6ATYhDS!n#wR9c
z=jihbjK!tp&s$%%cXs#o4-StIr^rmq%wT5N@5mq~|I-6TFhfL9&~w_xFk7$lVv6A`
zT-Op`RJO2+qfIus?Ysx!JV>S4OIyEF{{j8qF-QDg(0?)ig?!QsAXoq*;06Yr(j!1%
z1n6WEI12`yKEMb-3)nvbB!TBlVeo%1%vVZSkpMPR1+2MGqWR7gFczIJUnDw#SKbKt
z35Mb&hWO0KGyJeTHI!NRIcFpiNog)_MsCx>3cuve&<vX=3!YsREq^^68F97*bu{QJ
zW))l-T(m#cFVL0k9v8_m^yIt|2*;X;<9f?xM!RLv`=O*j7yi8VhYn;I44PlhCb5IJ
zIL6yAr03vk4mV4B(`2X@!n37zmuWf9COQkDY<hB{b<yMqVw%d*QcL(T-YC;KDI5X>
zY8_v>&G~*t+o4e7x?2ZhL>0|&)UBM;us1U2y+hqnr1zl8MlP&TeKtmuu@xzyFTbtD
z5^IB{EM;G3EEpmmqXCXWW)tsNQi5e`*4;)8rcd85vLma>Z~`hhbuC-<;K-!GCL)Jh
zEBdKs`V}XSz67XOgOjI5xZvM}`wGkrmbP7O4@qf@mW70RxAxL?nSpqg6F{rH(V+zU
zM9oUqH*GSU1=8P5FsH)k%e%`v%Opgmb1$`hxlFVsx*(Gne`&s60CX^#buRD(cy!fq
z?6)oX!6DzotoaO!ym?jfI*Z`9ATNt<^MRGTpBejEn0uX3a@0k?UfR=k;!}#J8a-_l
zYnQAqQ#}w7Wjgvx=tA&otci52@7iF4ZCmTl>vRq6omFR>h`1mj@&@FdKc8HKED|SM
zMlufH?L)6>f8(HW^EzHJ<I64%wh-#So1<U^iz~~J5fal%wPQR^Rnd9)k|Y&F)D`sU
zz+sTzQ&RCh1FbhENJ<{>67AiY3`3|uBIluZaA@EwfvIt-w0T`>aDlYNwO<imnw*ja
zt#e@8%|`>}bt8u5jd?o?J5z}+0Ypf^v>Um<d)gsBXuoCe^~^>dw)Bp7T;JrUnMvzb
zZOxlA>YX1AXRzSoc6;S+PfG*!b-#Bl4mf(`WIk3P$!y@`mh#*FWASuji|hQ)P;;gW
zG2T;z@(}-{Z7ZsN>A9r3jsTJsG4rcg>g4S#r;PZ;G_CH;QGx>_55i?%RwguO_13z+
zW_|k@&LP~Rb$2XP)hDyznX0_qa8N;BwM;!XL9;zrDz-^9hOzR%4DZcR)Nugs`?NJ)
z`ek5Vqo8}i-7O6lL>Zu8*3W(XI7x>4GpJ9JEdf0oLb&Guzvkar$Q<hiI~wD1(a(vJ
z!f3F&uTXit*Y!1L)x>+6#c3DYor~H^)#;IDGE?``QB?^dO#pSy8^8!k*Ga`&_)QNa
zd`O!9nKGw)*tOuPfQqDD*w|RUMN81N+nj!%%TIzR%cOi&$>-ANhu*)g4IW^RJZ9t?
zdyO*sxmQQBAD$mtqqMtL0=c65+TcSo6Q?I{$zT1|X3m;j?Y+;&qbDFRb2ReXjbyv5
z=Evx0in1l^6>c2+ZR?|C(~C;&ZtTDTMydE?%q+56E~IgSy<ySiLWi(T(3k_+?|FV;
zSGAtaL>p&3zw^6TUVk6j)frH~&<POD_Qr*eZPnJ5?;T~#spr~|JeG4)vmon%IuF#?
znl{KytuFffB|q+cC%3lrBh3&{a`;M^D}NI;{wbgIirIsogf<s?-=G_N>EfNuGP*;$
zePNy!P@BM|KyH1D?Ls+6J8Ng-er#uAZZxR`Xzp*)D9u^#AiCC;TK^J)_TXojbr~7r
zzJ53XaB6v0adVg4SjZJMkqk01C3f9|c6g^!bJSy?wUNeDGJ8W0tp0rFd>HTL&#=W?
zg2Sba=GQu6X735!iW;+VyyLo^WL5W#WAS=UX7Z!V%=d)nIspX=waeB?NroL_;V&T6
zt!D-?8x@E5ttq#9vJ+afZK9NI6E54I04sS`(->d16F~S|nFhN|DTc&{2}^ceoc}R!
zuLb-pXgyDMkQiusJ5=Z)OJi;LaZeo?Z|Z1f->*4R>XawF8Fgq<>7-Xt6JfiTasm*H
zwELMiamTvad2>z@@;r>b2-zDqtH~;6deu_QT9?9i_g08WSI49@db4D8jO*gE*Qo)0
zF3EPW@7pY<S>aXKSv`#odI#O&OD2ggeKJWdn_LsHS22g5=g22W-yDJod-*G7Q)e(2
zuS{1eSM5I_kT5M+#i1ol@%o{rNd{MJ+0I$Rxu)7>qtCv2zfIZBtvPz4P6x>kkJk8B
z-J&J<CxYx>XuVb`d*wGA<;3B+TOS--izD3pYJMiZFzd|?)a!ZP%3gtkIATQPdUnp=
ztj%21s>#ysY|6z=NnA!V084S|9F2h0Uy@t<N?8;!ZTWO9Nc_BYeJHwh`<AF;gB9*_
z#D`kI+(yu~1#kK)#ka1vWp-y|t!b=a`jw2t?W8t9h%R2ZKw>w0pjfVJlx*VQb)aQ}
zUQ3)CSFf=1I<QMuw-SHalIPym>RJ_s$hqkb59mKI_4&c>Zsqi(i^3F+Q{Lc(5P7cD
z^3w1Wivc4HCGht^u~tb6^&>m$qLxjV&m9NTPn}CUx1m#ktVOOhiD&L_^577Szxwac
zw~JGr$g)>$5UXkj%QbuaJ;X{<r~8<SugZl&T}@n4Cg}TV7Y^MK{NfQ8)C7(wqh0BI
zw8Cm7rC!3S7g9c3q_tvgS12{57+;@BKs<c3l()rJ2i`A1Z6qvOs_RmWmwE;R;<=g?
z+iJ=c2bNV-EKh)_%s~vg6^i;^t<_y@>^0ui$nMi_gG{ijvO44YZFF;e-rh?P*gO4<
zKVe(17IiCQB=Qkgm4nhcD;idd*ge(qQn}3$(n$;_d$y4#R^AfOs=3x^;Y8w^rT36?
zDm)H9yeKmt7WNZN<h#=F-Ai2$)YS^lNz4wtib$m<xXJK3Fb}|Fivw)k<+Lp}bHij@
zN7DwaqBB0m|N2&2%QuKaTesQE`{f*gBD-?-rMr<QKTKQ+G&p`hl9vU8V#MOY@`7j2
zl!m10P=MAf!`kRa&b<Kc#}wgOXTT~@zgY)|zH@89U0#@<g$vZk5wVV@;sF&8_-DjB
z?kp})u))B_>=WM0;7?)L70FDjXJOIvGbtc}M5qZ0C-AL5W|Tn>-g(X{+`5+quqaA0
zeJe;yqcG7a!21E+l^7#uuzDzTD1?DJG=lJKre<KqB|(D+hJ7l1EjYfkNm66^G)|If
e94`m~AY8k~I3SLI=K@yk{?qpK$4Ui0nfM1W@MwPk

literal 0
HcmV?d00001

diff --git a/docsrc/images/tsbasbw.gif b/docsrc/images/tsbasbw.gif
new file mode 100644
index 0000000000000000000000000000000000000000..cf03b121bf9662b954351cf22aff54b305d0cba4
GIT binary patch
literal 2481
zcmb`Gc~leE9>?z_0YgBWum)r&vMBn1K~d@wkSz!lB1iz2C}aQ?8-W%|T>|<raiPIb
zVFYc}uoM*#H>6kzOH~{(BAYt}7wXaX0*FwLb>5w{=e+0tZ_b>1=H7ho@Av)uz9*rA
zki|<jUO{GpDL_3;CX>tMdU<)FD9Y#aMIsS~VQFb;GMP-NRN^>ZQ&ZE_)I<=3R;wKx
z92^=N8XX<g>2xGX;!ujB1Qfv)!w6Uc01N;e00ICKz9>p!7>VN~L69gQP(Wf(iQ@1B
z$4Cs|a0{!zpD=iWk_1lTfWT24ZV8OQ;R+7{uJ1(XI}z|)-wA`)p_l+9315^XG3bb-
zIsu#jupdsK7!;5gP67<pgpDzP!D=K*Q0?J2isEn!O#qDY3T03Ol~9dhP!An{iiDCV
z^bK7S(3Tzv5<(;Z_0T%}hE}0(Jrb%Xr@-I|Jcn0cW$Ge<!I@zg4oM&zTp<P=-v1!|
zmj~kMk)UbljIu~=p${D12YMt_Z-`=mc+dd^hSnh=HGUWl>_(yLBZA3%g7j%b6cVOK
zLaC|4h$tl3Qg2T0o{ES<g3JWP4Bb;muq&J$p`V>TB5HPU-jJM1<CBOeq`z{Y_@Qq-
zl78ec`M=Wm8%dubG(@3Nvxh6Z{eOC#{$S`Uc~UF&p8!k}AWT~kUra-2bf&qOFGdRK
z2qT*7y|MFvl?Th$3naHG=+^G;a&Y4Me!Bgv-loQpHU!~10xkdK&4QUOu1Zny^P4II
zL*}3n-@TxaY2zgo#K-^xwL8A|%D7u3vcUW31)IBS+VPn`1a2Kw4GGS0J$%?dN>6tv
zA{FDFEOC{rAdb$PesyU<-@(sjE;ewyyd~7o!eAs$syx?qz{uCoJ=#%5s|mPb=p}PZ
zyWNd!#(IB}@}pEn{)Hcnnw=Bt_N<E!zIn+d31Kt#cjukkh%o3UY17ROZyqC6#k1u=
zc4d9#5(`7|d$TWNG&}zx3~@wWbPRHSVUc!ai5K|4akIMDZHVz0m;wyXLy_8aWYQ}2
z!DE}DfBpH<K3K>9n&xdN+-Qu5`2l&>+GwePMT06Oqw=Cvey~$$G0jZ0PaAI}@>3=;
zV=z(L7N^4g+yzdIwL-T0_a)yjoCa3YS>n)Wx}CLSq97Q#ypF-?kjrQxN8)<v&I^@*
zZoKWnkE_{H)!LZP@L%tO4GYDsSim`6ZyEdb_etyIlYS+%gWmjnm65LuY~q*z%`w_?
zfNYXWzH(UqcA3t8y~(CYbwow5B_?%M@DK^zOE$Q(C9(vBvS{f&DGnAgZY;~wVnev8
z<OL_#Y^jpZcxT-TRL%-AB{^>7xx7jp<qYy^Y+<@fPNs9i{p~q(bglGwS~S=$3f^x;
zKNHemS&CX~PZX5LBt?fiS?WO6x$Unu7u7Bc&X*pi@ijraJFPgWS!>>=FigX2R2k9M
zUcz#tM@E&Gw>3VGrq|{LX*5i?GrBetzt_5UcBtoAhk5+gu}*I4nXzAOb6$^Kcii{E
zJC75|N3Oc9lzK5Z(YiOs%)-1h1Usy?kzihr`1i5gD4-!`-0?imFfUsgP`uP?en7G5
z;K3|yuuzQN37gpQvTMaeM0Verfr|5eu5PxIbo1=9nRi8gt&R7?gc*~)V$$=%!1AZ}
z>$~EUGaBz>rDSBvfTX=e*S*x?c1}-_Lq+c6#Cdg#2x+@X_B}~`i!UJ=R=g!#A8z&S
z_nF$UkkQ;_mo-!nZ=XH7ChP3Nu46y%n(SpcJjoq0NwfR9>+HN;c?|wM+lhPT73Rr7
zOJ<48A_R(OV#zg)d4*V&P&K%c_U+u?CAhbmPuJ!=lcYuqo`NC{(E-ZZ{j*EK3D#zQ
z^0DnN?yjNv%8oD!LU{QN0uP}oXdKwbs1rx-79BP{RgbWLN{_0&acNi$s(H_szfJGL
zEPKwBJS*}dhfT^u0+k-P+>f3staI*MQ7m!;0)<>|+Ez9Lq|%!5WnVI5t*5^#6dtcV
z!6*BDI1zo7u|nhiN}J)itfsK|k;6raC5K%IH9LIq`&n!FrZNNp;W3S@53Mhi`$k_O
zTid=XsOg-;34Ff5_$G&LD)q3r80zbtV2p83nO}?)BuuO{4xXiw9k!J$Ta-df82Y%`
z{!vrFZ0enTZhV=MuOscfvxy`(Mfs|jy=(dYl-*%RlvAD8!G~l)I!~zz6c!_lc8kL1
zam#8?sf&vT?-uKR-Cp%xwB!mAuzAFM?+!QTaz%>M?$!8oEEW*WVP@)5o%6$tL+1pV
zUftws=D+B?d+E6Ra=0@Bbl>@{OVDoHHc@`^k=ydpd?(4=l*Z(Z=qfu8K0ZE0*4|Qv
zCoKG?x`3N$wa8mco54A_#k0Ng(xc2EgL0yDm{(md|J~{5=91O#e69<&-3jQ>$m>{I
zP<s20Xl7YLaml!PkFQ72Jx)*U<`ABL&zQSWm_>Mo&CQZU^J&soR+>?6?ZlrZM-1J~
zF36HS{Vk>b>|E=*KnwE<(@9}=1;}xg3d-$yl?IHbJ<KYwjH3|zGpN$XMG;W5SmEtt
z%CcKB;&^naAg*P{@etly_0hgnU(D|_OUz)Y=3ktPm<}4Rof3xmcaN!y;w(!0t4nn5
z_v!;rJL%Z|=5CeG&Tl<ItdCuY&|A{ot2~U793M9BA^PUXZ?DZA4tiKnq@G*5B6!4B
zvA_3Jf=}$X$UKKV;k=<Gkyy`zH#<jfTsxh4pr}gmWYwnrL9XWT>3v6k@OgOyd=wlw
zm3HV0D>N}|x@@XtG_pQ#;MS9O%~Mx(hw68{T=n$*gQ;JpZ`bddy7lzq`>AVSR)cIt
p#1L)vbSpEep}>k5GW>j6!!Byr>lX1FD`~oo+ucz3cs3h+{vVmAG${Z8

literal 0
HcmV?d00001

diff --git a/httpd/Config.in b/httpd/Config.in
new file mode 100644
index 0000000000..c7b94ede15
--- /dev/null
+++ b/httpd/Config.in
@@ -0,0 +1,138 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "Axhttpd Configuration"
+depends on CONFIG_AXHTTPD
+
+config CONFIG_HTTP_STATIC_BUILD
+    bool "Static Build"
+    default n
+    help
+        Select y if you want axhttpd to be a static build (i.e. don't use the
+        axtls shared library or dll).
+        
+config CONFIG_HTTP_PORT
+    int "HTTP port"
+    default 80
+    help
+        The port number of the normal HTTP server. 
+
+        You must be a root user in order to use the default port.
+
+config CONFIG_HTTP_HTTPS_PORT
+    int "HTTPS port"
+    default 443
+    help
+        The port number of the HTTPS server.
+
+        You must be a root user in order to use the default port.
+
+config CONFIG_HTTP_SESSION_CACHE_SIZE
+    int "SSL session cache size"
+    default 5
+    help
+        The size of the SSL session cache.
+        
+        This is not actually related to the number of concurrent users, but 
+        for optimum performance they should be the same (with a penalty 
+        in memory usage).
+
+config CONFIG_HTTP_WEBROOT
+    string "Web root location"
+    default "../www" if !CONFIG_PLATFORM_WIN32
+    default "..\\www" if CONFIG_PLATFORM_WIN32
+    help
+        The location of the web root in relation to axhttpd. This is 
+        the directory where index.html lives.
+
+config CONFIG_HTTP_TIMEOUT
+    int "Timeout"
+    default 300
+    help
+        Set the timeout of a connection in seconds.
+
+config CONFIG_HTTP_HAS_CGI
+    bool "Enable CGI"
+    default n
+    help
+        Enable the CGI capability.
+
+config CONFIG_HTTP_CGI_EXTENSIONS
+    string "CGI File Extension(s)"
+    default ".php,.sh"
+    depends on CONFIG_HTTP_HAS_CGI
+    help
+        Tell axhhtpd what file extension(s) are used for CGI.
+
+        This is a comma separated list.
+
+config CONFIG_HTTP_DIRECTORIES
+    bool "Enable Directory Listing"
+    default n
+    help
+        Enable directory listing.
+    
+config CONFIG_HTTP_HAS_AUTHORIZATION
+    bool "Enable authorization"
+    default n
+    help
+        Pages/directories can have passwords associated with them.
+
+config CONFIG_HTTP_USE_CHROOT
+    bool "Use chroot()"
+    default n
+    depends on !CONFIG_PLATFORM_WIN32
+    help
+        Use chroot() to switch directories with a certain degree of
+        protection. However access to /bin and /lib have to replaced with
+        duplicate binaries.
+        
+        This feature is normally disabled.
+
+config CONFIG_HTTP_CHANGE_UID
+    bool "Change UID"
+    default n
+    depends on !CONFIG_PLATFORM_WIN32
+    help
+        Call setgid()/setuid() to disable access to protected files.
+        
+        This feature is normally disabled.
+
+config CONFIG_HTTP_HAS_IPV6
+    bool "Enable IPv6"
+    default n
+    depends on !CONFIG_PLATFORM_WIN32
+    help
+        Use IPv6 instead of IPv4.
+    
+        Does not work under Win32
+
+config CONFIG_HTTP_ALL_MIME_TYPES
+    bool "Use all mime types"
+    help
+        Use the full list of supported mime types.
+
+        Use this option if a "generic" webserver is used. However if it is
+        using only web pages (html, jpg, gif, png, css) then select this
+        option.
+
+config CONFIG_HTTP_VERBOSE
+    bool "Verbose Mode"
+    default y if CONFIG_SSL_FULL_MODE
+    default n if !CONFIG_SSL_FULL_MODE
+    help
+        Enable extra statements used when using axhttpd.
+
+config CONFIG_HTTP_IS_DAEMON
+    bool "Run as a daemon"
+    default n
+    depends on !CONFIG_PLATFORM_WIN32
+    help 
+        Run axhttpd as a background process.
+
+        Does not work under Win32
+
+endmenu
+
diff --git a/httpd/Makefile b/httpd/Makefile
new file mode 100644
index 0000000000..d20f1b2b1a
--- /dev/null
+++ b/httpd/Makefile
@@ -0,0 +1,104 @@
+#
+#  Copyright(C) 2007 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all : web_server
+
+include ../config/.config
+include ../config/makefile.conf
+
+ifndef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET=../$(STAGE)/axhttpd.exe
+TARGET2=../$(STAGE)/htpasswd.exe
+else
+TARGET=../$(STAGE)/axhttpd
+TARGET2=../$(STAGE)/htpasswd
+endif
+
+ifdef CONFIG_HTTP_STATIC_BUILD
+LIBS=../$(STAGE)/libaxtls.a
+else
+LIBS=-L../$(STAGE) -laxtls
+endif
+
+CFLAGS += -I../ssl
+
+else # win32 build
+TARGET=../$(STAGE)/axhttpd.exe
+TARGET2=../$(STAGE)/htpasswd.exe
+
+ifdef CONFIG_HTTP_STATIC_BUILD
+LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
+else
+LIBS=../$(STAGE)/axtls.lib ..\\config\\axtls.res
+endif
+endif
+
+ifndef CONFIG_AXHTTPD
+web_server:
+else
+
+web_server :: $(TARGET)
+
+ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+web_server :: $(TARGET2)
+endif
+
+OBJ= \
+	axhttpd.o \
+	proc.o \
+	mime_types.o \
+	tdate_parse.o
+
+include ../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32
+
+$(TARGET): $(OBJ) ../$(STAGE)/libaxtls.a
+	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
+ifndef CONFIG_DEBUG
+ifndef CONFIG_PLATFORM_SOLARIS
+	strip --remove-section=.comment $(TARGET)
+endif
+endif
+
+$(TARGET2): htpasswd.o ../$(STAGE)/libaxtls.a
+	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
+
+else    # Win32
+
+OBJ:=$(OBJ:.o=.obj)
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+
+htpasswd.obj : htpasswd.c
+	$(CC) $(CFLAGS) $< 
+	
+$(TARGET): $(OBJ)
+	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
+
+$(TARGET2): htpasswd.obj
+	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $<
+endif
+
+endif       # CONFIG_AXHTTPD
+
+clean::
+	-@rm -f $(TARGET)*
+
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
new file mode 100644
index 0000000000..82d839febc
--- /dev/null
+++ b/httpd/axhttp.h
@@ -0,0 +1,133 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "os_port.h"
+#include "ssl.h"
+
+#define BACKLOG 15
+#define VERSION "1.0.0"
+#ifdef CONFIG_HTTP_HAS_IPV6
+#define HAVE_IPV6
+#endif
+
+#define MAXREQUESTLENGTH                    256
+#define MAXCGIARGS                          100
+#define BLOCKSIZE                           4096
+
+#define INITIAL_CONNECTION_SLOTS            10
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0
+
+#define STATE_WANT_TO_READ_HEAD  1
+#define STATE_WANT_TO_SEND_HEAD  2
+#define STATE_WANT_TO_READ_FILE  3
+#define STATE_WANT_TO_SEND_FILE  4
+#define STATE_DOING_DIR          5
+
+enum
+{
+    TYPE_GET,
+    TYPE_HEAD,
+    TYPE_POST
+};
+
+struct connstruct 
+{
+    struct connstruct *next;
+    int state;
+    int reqtype;
+    int networkdesc;
+    int filedesc;
+    SSL *ssl;
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+#ifdef WIN32
+    HANDLE dirp;
+    WIN32_FIND_DATA file_data;
+#else
+    DIR *dirp;
+#endif
+#endif
+
+    time_t timeout;
+    char actualfile[MAXREQUESTLENGTH];
+    char filereq[MAXREQUESTLENGTH];
+    char dirname[MAXREQUESTLENGTH];
+    char virtualhostreq[MAXREQUESTLENGTH];
+    int numbytes;
+    char databuf[BLOCKSIZE];
+    uint8_t is_ssl;
+    uint8_t close_when_done;
+    time_t if_modified_since;
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    char cgiargs[MAXREQUESTLENGTH];
+    char cgiscriptinfo[MAXREQUESTLENGTH];
+    char cgipathinfo[MAXREQUESTLENGTH];
+#endif
+#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+    char authorization[MAXREQUESTLENGTH];
+#endif
+};
+
+struct serverstruct 
+{
+    struct serverstruct *next;
+    int sd;
+    int is_ssl;
+    SSL_CTX *ssl_ctx;
+};
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+struct cgiextstruct 
+{
+    struct cgiextstruct *next;
+    char *ext;
+};
+#endif
+
+/* global prototypes */
+extern struct serverstruct *servers;
+extern struct connstruct *usedconns;
+extern struct connstruct *freeconns;
+#if defined(CONFIG_HTTP_HAS_CGI)
+extern struct cgiextstruct *cgiexts;
+#endif
+
+/* conn.c prototypes */
+void removeconnection(struct connstruct *cn);
+
+/* proc.c prototypes */
+void procdodir(struct connstruct *cn);
+void procreadhead(struct connstruct *cn);
+void procsendhead(struct connstruct *cn);
+void procreadfile(struct connstruct *cn);
+void procsendfile(struct connstruct *cn);
+
+
+/* misc.c prototypes */
+char *my_strncpy(char *dest, const char *src, size_t n);
+int isdir(const char *name);
+
+/* mime_types.c prototypes */
+void mime_init(void);
+const char *getmimetype(const char *fn);
+
+/* tdate prototypes */
+void tdate_init(void);
+time_t tdate_parse(const char* str);
+
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
new file mode 100644
index 0000000000..bbf2af1d1f
--- /dev/null
+++ b/httpd/axhttpd.c
@@ -0,0 +1,567 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include "axhttp.h"
+
+struct serverstruct *servers;
+struct connstruct *usedconns;
+struct connstruct *freeconns;
+
+static void addtoservers(int sd);
+static int openlistener(int port);
+static void handlenewconnection(int listenfd, int is_ssl);
+static void addconnection(int sd, char *ip, int is_ssl);
+static void ax_chdir(void);
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+struct cgiextstruct *cgiexts;
+static void addcgiext(const char *tp);
+
+#if !defined(WIN32)
+static void reaper(int sigtype) 
+{
+    wait3(NULL, WNOHANG, NULL);
+}
+#endif
+#endif
+
+#ifdef CONFIG_HTTP_VERBOSE  /* should really be in debug mode or something */
+/* clean up memory for valgrind */
+static void sigint_cleanup(int sig)
+{
+    struct serverstruct *sp;
+    struct connstruct *tp;
+
+    while (servers != NULL) 
+    {
+        if (servers->is_ssl)
+            ssl_ctx_free(servers->ssl_ctx);
+
+        sp = servers->next;
+        free(servers);
+        servers = sp;
+    }
+
+    while (freeconns != NULL)
+    {
+        tp = freeconns->next;
+        free(freeconns);
+        freeconns = tp;
+    }
+
+    while (usedconns != NULL)
+    {
+        tp = usedconns->next;
+        free(usedconns);
+        usedconns = tp;
+    }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    while (cgiexts)
+    {
+        struct cgiextstruct *cp = cgiexts->next;
+        if (cp == NULL) /* last entry */
+            free(cgiexts->ext);
+        free(cgiexts);
+        cgiexts = cp;
+    }
+#endif
+
+    exit(0);
+}
+
+static void die(int sigtype) 
+{
+    exit(0);
+}
+#endif
+
+int main(int argc, char *argv[]) 
+{
+    fd_set rfds, wfds;
+    struct connstruct *tp, *to;
+    struct serverstruct *sp;
+    int rnum, wnum, active;
+    int i;
+    time_t currtime;
+
+#ifdef WIN32
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSADATA wsaData;
+    WSAStartup(wVersionRequested,&wsaData);
+#else
+    signal(SIGPIPE, SIG_IGN);
+#if defined(CONFIG_HTTP_HAS_CGI)
+    signal(SIGCHLD, reaper);
+#endif
+#ifdef CONFIG_HTTP_VERBOSE
+    signal(SIGQUIT, die);
+#endif
+#endif
+
+#ifdef CONFIG_HTTP_VERBOSE
+    signal(SIGTERM, die);
+    signal(SIGINT, sigint_cleanup);
+#endif
+    mime_init();
+    tdate_init();
+
+    for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
+    {
+        tp = freeconns;
+        freeconns = (struct connstruct *)calloc(1, sizeof(struct connstruct));
+        freeconns->next = tp;
+    }
+
+    if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n",
+                CONFIG_HTTP_PORT);
+#endif
+        exit(1);
+    }
+
+    addtoservers(active);
+
+    if ((active = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n", 
+                CONFIG_HTTP_HTTPS_PORT);
+#endif
+        exit(1);
+    }
+
+    addtoservers(active);
+    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
+                                CONFIG_HTTP_SESSION_CACHE_SIZE);
+    servers->is_ssl = 1;
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
+#endif
+#if defined(CONFIG_HTTP_VERBOSE)
+    printf("axhttpd (%s): listening on ports %d (http) and %d (https)\n", 
+            ssl_version(), CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
+    TTY_FLUSH();
+#endif
+
+    ax_chdir();
+
+#ifndef WIN32 
+#ifdef CONFIG_HTTP_CHANGE_UID
+    setgid(32767);
+    setuid(32767);
+#endif
+#ifdef CONFIG_HTTP_IS_DAEMON
+    if (fork() > 0)  /* parent will die */
+        exit(0);
+
+    setsid();
+#endif
+#endif
+
+    /* main loop */
+    while (1)
+    {
+        FD_ZERO(&rfds);
+        FD_ZERO(&wfds);
+        rnum = wnum = -1;
+        sp = servers;
+
+        while (sp != NULL)  /* read each server port */
+        {
+            FD_SET(sp->sd, &rfds);
+
+            if (sp->sd > rnum) 
+                rnum = sp->sd;
+            sp = sp->next;
+        }
+
+        /* Add the established sockets */
+        tp = usedconns;
+        currtime = time(NULL);
+
+        while (tp != NULL) 
+        {
+            if (currtime > tp->timeout)     /* timed out? Kill it. */
+            {
+                to = tp;
+                tp = tp->next;
+                removeconnection(to);
+                continue;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &rfds);
+                if (tp->networkdesc > rnum) 
+                    rnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_HEAD) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_READ_FILE) 
+            {
+                FD_SET(tp->filedesc, &rfds);
+                if (tp->filedesc > rnum) 
+                    rnum = tp->filedesc;
+            }
+
+            if (tp->state == STATE_WANT_TO_SEND_FILE) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (tp->state == STATE_DOING_DIR) 
+            {
+                FD_SET(tp->networkdesc, &wfds);
+                if (tp->networkdesc > wnum) 
+                    wnum = tp->networkdesc;
+            }
+#endif
+            tp = tp->next;
+        }
+
+        active = select(wnum > rnum ? wnum+1 : rnum+1,
+                rnum != -1 ? &rfds : NULL, 
+                wnum != -1 ? &wfds : NULL,
+                NULL, NULL);
+
+        /* New connection? */
+        sp = servers;
+        while (active > 0 && sp != NULL) 
+        {
+            if (FD_ISSET(sp->sd, &rfds)) 
+            {
+                handlenewconnection(sp->sd, sp->is_ssl);
+                active--;
+            }
+
+            sp = sp->next;
+        }
+
+        /* Handle the established sockets */
+        tp = usedconns;
+
+        while (active > 0 && tp != NULL) 
+        {
+            to = tp;
+            tp = tp->next;
+
+            if (to->state == STATE_WANT_TO_READ_HEAD &&
+                        FD_ISSET(to->networkdesc, &rfds)) 
+            {
+                active--;
+                procreadhead(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_SEND_HEAD &&
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procsendhead(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_READ_FILE && 
+                        FD_ISSET(to->filedesc, &rfds)) 
+            {
+                active--;
+                procreadfile(to);
+            } 
+
+            if (to->state == STATE_WANT_TO_SEND_FILE && 
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procsendfile(to);
+            }
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            if (to->state == STATE_DOING_DIR &&
+                        FD_ISSET(to->networkdesc, &wfds)) 
+            {
+                active--;
+                procdodir(to);
+            }
+#endif
+        }
+    }
+
+    return 0;
+}
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void addcgiext(const char *cgi_exts)
+{
+    char *cp = strdup(cgi_exts);
+
+    /* extenstions are comma separated */
+    do 
+    {
+        struct cgiextstruct *ex = (struct cgiextstruct *)
+                            malloc(sizeof(struct cgiextstruct));
+        ex->ext = cp;
+        ex->next = cgiexts;
+        cgiexts = ex;
+        if ((cp = strchr(cp, ',')) != NULL)
+            *cp++ = 0;
+    } while (cp != NULL);
+}
+#endif
+
+static void addtoservers(int sd) 
+{
+    struct serverstruct *tp = (struct serverstruct *)
+                            calloc(1, sizeof(struct serverstruct));
+    tp->next = servers;
+    tp->sd = sd;
+    servers = tp;
+}
+
+#ifdef HAVE_IPV6
+static void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in6 their_addr;
+    int tp = sizeof(their_addr);
+    char ipbuf[100];
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+
+    if (tp == sizeof(struct sockaddr_in6)) 
+        inet_ntop(AF_INET6, &their_addr.sin6_addr, ipbuf, sizeof(ipbuf));
+    else if (tp == sizeof(struct sockaddr_in)) 
+        inet_ntop(AF_INET, &(((struct sockaddr_in *)&their_addr)->sin_addr),
+                ipbuf, sizeof(ipbuf));
+    else 
+        *ipbuf = '\0';
+
+    addconnection(connfd, ipbuf, is_ssl);
+}
+
+#else
+static void handlenewconnection(int listenfd, int is_ssl) 
+{
+    struct sockaddr_in their_addr;
+    socklen_t tp = sizeof(struct sockaddr_in);
+    int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
+    addconnection(connfd, inet_ntoa(their_addr.sin_addr), is_ssl);
+}
+#endif
+
+static int openlistener(int port) 
+{
+    int sd;
+#ifdef WIN32
+    char tp = 1;
+#else
+    int tp = 1;
+#endif
+#ifndef HAVE_IPV6
+    struct sockaddr_in my_addr;
+
+    if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin_family = AF_INET;
+    my_addr.sin_port = htons((short)port);
+    my_addr.sin_addr.s_addr = INADDR_ANY;
+#else
+    struct sockaddr_in6 my_addr;
+
+    if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
+        return -1;
+
+    memset(&my_addr, 0, sizeof(my_addr));
+    my_addr.sin6_family = AF_INET6;
+    my_addr.sin6_port = htons(port);
+    my_addr.sin6_addr.s_addr = INADDR_ANY;
+#endif
+
+    setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
+    if (bind(sd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr)) == -1)
+    {
+        close(sd);
+        return -1;
+    }
+
+    listen(sd, BACKLOG);
+    return sd;
+}
+
+/* Wrapper function for strncpy() that guarantees
+   a null-terminated string. This is to avoid any possible
+   issues due to strncpy()'s behaviour.
+ */
+char *my_strncpy(char *dest, const char *src, size_t n) 
+{
+    strncpy(dest, src, n);
+    dest[n-1] = '\0';
+    return dest;
+}
+
+int isdir(const char *tpbuf) 
+{
+    struct stat st;
+    char path[MAXREQUESTLENGTH];
+    strcpy(path, tpbuf);
+
+#ifdef WIN32        /* win32 stat() can't handle trailing '\' */
+    if (path[strlen(path)-1] == '\\')
+        path[strlen(path)-1] = 0;
+#endif
+
+    if (stat(path, &st) == -1) 
+        return 0;
+
+    if ((st.st_mode & S_IFMT) == S_IFDIR) 
+        return 1;
+
+    return 0;
+}
+
+static void addconnection(int sd, char *ip, int is_ssl) 
+{
+    struct connstruct *tp;
+
+    /* Get ourselves a connstruct */
+    if (freeconns == NULL) 
+        tp = (struct connstruct *)calloc(1, sizeof(struct connstruct));
+    else 
+    {
+        tp = freeconns;
+        freeconns = tp->next;
+    }
+
+    /* Attach it to the used list */
+    tp->next = usedconns;
+    usedconns = tp;
+    tp->networkdesc = sd;
+
+    if (is_ssl)
+        tp->ssl = ssl_server_new(servers->ssl_ctx, sd);
+
+    tp->is_ssl = is_ssl;
+    tp->filedesc = -1;
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    tp->dirp = NULL;
+#endif
+    *(tp->actualfile) = '\0';
+    *(tp->filereq) = '\0';
+#if defined(CONFIG_HTTP_HAS_CGI)
+    *(tp->cgiargs) = '\0';
+#endif
+    tp->state = STATE_WANT_TO_READ_HEAD;
+    tp->reqtype = TYPE_GET;
+    tp->close_when_done = 0;
+    tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
+}
+
+void removeconnection(struct connstruct *cn) 
+{
+    struct connstruct *tp;
+    int shouldret = 0;
+
+    tp = usedconns;
+
+    if (tp == NULL || cn == NULL) 
+        shouldret = 1;
+    else if (tp == cn) 
+        usedconns = tp->next;
+    else 
+    {
+        while (tp != NULL) 
+        {
+            if (tp->next == cn) 
+            {
+                tp->next = (tp->next)->next;
+                shouldret = 0;
+                break;
+            }
+
+            tp = tp->next;
+            shouldret = 1;
+        }
+    }
+
+    if (shouldret) 
+        return;
+
+    /* If we did, add it to the free list */
+    cn->next = freeconns;
+    freeconns = cn;
+
+    /* Close it all down */
+    if (cn->networkdesc != -1) 
+    {
+        if (cn->is_ssl) 
+        {
+            ssl_free(cn->ssl);
+            cn->ssl = NULL;
+        }
+
+        SOCKET_CLOSE(cn->networkdesc);
+    }
+
+    if (cn->filedesc != -1) 
+        close(cn->filedesc);
+
+#if defined(CONFIG_HTTP_HAS_DIRECTORIES)
+    if (cn->dirp != NULL) 
+#ifdef WIN32
+        FindClose(cn->dirp);
+#else
+        closedir(cn->dirp);
+#endif
+#endif
+}
+
+/*
+ * Change directories one way or the other.
+ */
+static void ax_chdir(void)
+{
+    static char *webroot = CONFIG_HTTP_WEBROOT;
+
+#if defined(WIN32) || !defined(CONFIG_HTTP_USE_CHROOT)
+    if (chdir(webroot))
+#else   /* use chroot() instead */
+    if (chroot(webroot))
+#endif
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        fprintf(stderr, "'%s' is not a directory\n", webroot);
+#endif
+        exit(1);
+    }
+}
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
new file mode 100644
index 0000000000..f188cdd149
--- /dev/null
+++ b/httpd/htpasswd.c
@@ -0,0 +1,124 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "ssl.h"
+
+int tfd;
+
+void base64_encode(const uint8_t *in, size_t inlen, char *out, size_t outlen)
+{
+    static const char b64str[64] =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+    while (inlen && outlen)
+    {
+        *out++ = b64str[(in[0] >> 2) & 0x3f];
+        if (!--outlen)
+            break;
+
+        *out++ = b64str[((in[0] << 4)
+                + (--inlen ? in[1] >> 4 : 0)) & 0x3f];
+        if (!--outlen)
+            break;
+        *out++ = (inlen
+             ? b64str[((in[1] << 2)
+                 + (--inlen ? in[2] >> 6 : 0))
+             & 0x3f]
+             : '=');
+        if (!--outlen)
+            break;
+        *out++ = inlen ? b64str[in[2] & 0x3f] : '=';
+        if (!--outlen)
+            break;
+        if (inlen)
+            inlen--;
+        if (inlen)
+            in += 3;
+    }
+
+    if (outlen)
+        *out = '\0';
+}
+
+static void usage(void) 
+{
+    fprintf(stderr,"Usage: htpasswd username\n");
+    exit(1);
+}
+
+#ifdef WIN32
+static char * getpass(const char *prompt)
+{
+    static char buf[127];
+    FILE *fp = stdin;
+
+    printf(prompt); TTY_FLUSH();
+#if 0
+    fp = fopen("/dev/tty", "w");
+    if (fp == NULL) 
+    {
+        printf("null\n"); TTY_FLUSH();
+        fp = stdin;
+    }
+#endif
+
+    fgets(buf, sizeof(buf), fp);
+    while (buf[strlen(buf)-1] < ' ') 
+        buf[strlen(buf)-1] = '\0';
+
+    //if (fp != stdin) 
+    //    fclose(fp);
+    return buf;
+}
+#endif
+
+int main(int argc, char *argv[]) 
+{
+    char* pw;
+    uint8_t md5_salt[MD5_SIZE], md5_pass[MD5_SIZE];
+    char b64_salt[MD5_SIZE+10], b64_pass[MD5_SIZE+10];
+    MD5_CTX ctx;
+
+    if (argc != 2)
+        usage();
+
+    pw = strdup(getpass("New password:"));
+    if (strcmp(pw, getpass("Re-type new password:")) != 0)
+    {
+        fprintf(stderr, "They don't match, sorry.\n" );
+        exit(1);
+    }
+
+    RNG_initialize((uint8_t *)pw, sizeof(pw));
+    get_random(MD5_SIZE, md5_salt);
+    RNG_terminate();
+    base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
+
+    MD5Init(&ctx);
+    MD5Update(&ctx, md5_salt, MD5_SIZE);
+    MD5Update(&ctx, (uint8_t *)pw, strlen(pw));
+    MD5Final(&ctx, md5_pass);
+    base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
+
+    printf("Add the following to your '.htpasswd' file\n");
+    printf("%s:%s$%s\n", argv[1], b64_salt, b64_pass);
+    return 0;
+}
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
new file mode 100644
index 0000000000..46e3c3e5e0
--- /dev/null
+++ b/httpd/mime_types.c
@@ -0,0 +1,194 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "axhttp.h"
+
+static const char mime_default[] = "text/plain";
+
+typedef struct 
+{
+    const char * const ext;
+    const char * const type;
+} mime_table_t;
+
+static mime_table_t mime_table[] = 
+{
+    /* Fundamental types */
+    { ".html", "text/html" },
+    { ".htm", "text/html" },
+    { ".css", "text/css" },
+
+    /* Basic graphics */
+    { ".jpg", "image/jpeg" },
+    { ".gif", "image/gif" },
+    { ".png", "image/png" },
+
+#ifdef CONFIG_HTTP_ALL_MIME_TYPES
+    /* This list is a bit expensive to maintain normally, so it's an option. */
+    { ".txt", "text/plain" },
+    { ".rtx", "text/richtext" },
+    { ".etx", "text/x-setext" },
+    { ".tsv", "text/tab-separated-values" },
+    { ".xml", "text/xml" },
+    { ".dtd", "text/xml" },
+    { ".jpe", "image/jpeg" },
+    { ".jpeg", "image/jpeg" },
+    { ".jfif", "image/jpeg" },
+    { ".tif", "image/tiff" },
+    { ".tiff", "image/tiff" },
+    { ".pbm", "image/x-portable-bitmap" },
+    { ".pgm", "image/x-portable-graymap" },
+    { ".ppm", "image/x-portable-pixmap" },
+    { ".pnm", "image/x-portable-anymap" },
+    { ".xbm", "image/x-xbitmap" },
+    { ".xpm", "image/x-xpixmap" },
+    { ".xwd", "image/x-xwindowdump" },
+    { ".ief", "image/ief" },
+    { ".au", "audio/basic" },
+    { ".snd", "audio/basic" },
+    { ".aif", "audio/x-aiff" },
+    { ".aiff", "audio/x-aiff" },
+    { ".aifc", "audio/x-aiff" },
+    { ".ra", "audio/x-pn-realaudio" },
+    { ".ram", "audio/x-pn-realaudio" },
+    { ".rm", "audio/x-pn-realaudio" },
+    { ".rpm", "audio/x-pn-realaudio-plugin" },
+    { ".wav", "audio/wav" },
+    { ".mid", "audio/midi" },
+    { ".midi", "audio/midi" },
+    { ".kar", "audio/midi" },
+    { ".mpga", "audio/mpeg" },
+    { ".mp2", "audio/mpeg" },
+    { ".mp3", "audio/mpeg" },
+    { ".mpeg", "video/mpeg" },
+    { ".mpg", "video/mpeg" },
+    { ".mpe", "video/mpeg" },
+    { ".qt", "video/quicktime" },
+    { ".mov", "video/quicktime" },
+    { ".avi", "video/x-msvideo" },
+    { ".movie", "video/x-sgi-movie" },
+    { ".mv", "video/x-sgi-movie" },
+    { ".vx", "video/x-rad-screenplay" },
+    { ".a", "application/octet-stream" },
+    { ".bin", "application/octet-stream" },
+    { ".exe", "application/octet-stream" },
+    { ".dump", "application/octet-stream" },
+    { ".o", "application/octet-stream" },
+    { ".class", "application/java" },
+    { ".js", "application/x-javascript" },
+    { ".ai", "application/postscript" },
+    { ".eps", "application/postscript" },
+    { ".ps", "application/postscript" },
+    { ".dir", "application/x-director" },
+    { ".dcr", "application/x-director" },
+    { ".dxr", "application/x-director" },
+    { ".fgd", "application/x-director" },
+    { ".aam", "application/x-authorware-map" },
+    { ".aas", "application/x-authorware-seg" },
+    { ".aab", "application/x-authorware-bin" },
+    { ".fh4", "image/x-freehand" },
+    { ".fh7", "image/x-freehand" },
+    { ".fh5", "image/x-freehand" },
+    { ".fhc", "image/x-freehand" },
+    { ".fh", "image/x-freehand" },
+    { ".spl", "application/futuresplash" },
+    { ".swf", "application/x-shockwave-flash" },
+    { ".dvi", "application/x-dvi" },
+    { ".gtar", "application/x-gtar" },
+    { ".hdf", "application/x-hdf" },
+    { ".hqx", "application/mac-binhex40" },
+    { ".iv", "application/x-inventor" },
+    { ".latex", "application/x-latex" },
+    { ".man", "application/x-troff-man" },
+    { ".me", "application/x-troff-me" },
+    { ".mif", "application/x-mif" },
+    { ".ms", "application/x-troff-ms" },
+    { ".oda", "application/oda" },
+    { ".pdf", "application/pdf" },
+    { ".rtf", "application/rtf" },
+    { ".bcpio", "application/x-bcpio" },
+    { ".cpio", "application/x-cpio" },
+    { ".sv4cpio", "application/x-sv4cpio" },
+    { ".sv4crc", "application/x-sv4crc" },
+    { ".sh", "application/x-shar" },
+    { ".shar", "application/x-shar" },
+    { ".sit", "application/x-stuffit" },
+    { ".tar", "application/x-tar" },
+    { ".tex", "application/x-tex" },
+    { ".texi", "application/x-texinfo" },
+    { ".texinfo", "application/x-texinfo" },
+    { ".tr", "application/x-troff" },
+    { ".roff", "application/x-troff" },
+    { ".man", "application/x-troff-man" },
+    { ".me", "application/x-troff-me" },
+    { ".ms", "application/x-troff-ms" },
+    { ".zip", "application/x-zip-compressed" },
+    { ".tsp", "application/dsptype" },
+    { ".wsrc", "application/x-wais-source" },
+    { ".ustar", "application/x-ustar" },
+    { ".cdf", "application/x-netcdf" },
+    { ".nc", "application/x-netcdf" },
+    { ".doc", "application/msword" },
+    { ".ppt", "application/powerpoint" },
+    { ".wrl", "model/vrml" },
+    { ".vrml", "model/vrml" },
+    { ".mime", "message/rfc822" },
+    { ".pac", "application/x-ns-proxy-autoconfig" },
+    { ".wml", "text/vnd.wap.wml" },
+    { ".wmlc", "application/vnd.wap.wmlc" },
+    { ".wmls", "text/vnd.wap.wmlscript" },
+    { ".wmlsc", "application/vnd.wap.wmlscriptc" },
+    { ".wbmp", "image/vnd.wap.wbmp" },
+    { ".tgz", "application/x-gzip" },
+    { ".tar.gz", "application/x-gzip" },
+    { ".bz2", "application/x-bzip2" },
+    { ".zip", "application/zip" }
+#endif
+};
+
+static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
+{
+    return strcasecmp(t1->ext, t2->ext);
+}
+
+void mime_init(void)
+{
+    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
+            sizeof(mime_table_t), 
+            (int (*)(const void *, const void *))mime_cmp);
+}
+
+const char *getmimetype(const char *name) 
+{
+    mime_table_t *mime_type;
+
+    if ((name = strrchr(name, '.')) == NULL)
+        return mime_default;
+
+    mime_type = bsearch(&name, mime_table, 
+            sizeof(mime_table)/sizeof(mime_table_t),
+            sizeof(mime_table_t), 
+                (int (*)(const void *, const void *))mime_cmp);
+
+    return mime_type == NULL ? mime_default : mime_type->type;
+}
+
diff --git a/httpd/proc.c b/httpd/proc.c
new file mode 100644
index 0000000000..8f3f745eaf
--- /dev/null
+++ b/httpd/proc.c
@@ -0,0 +1,1034 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <time.h>
+#include <string.h>
+#include "axhttp.h"
+
+static const char * index_file = "index.html";
+
+static int special_read(struct connstruct *cn, void *buf, size_t count);
+static int special_write(struct connstruct *cn, 
+                                        const char *buf, size_t count);
+static void send_error(struct connstruct *cn, int err);
+static int hexit(char c);
+static void urldecode(char *buf);
+static void buildactualfile(struct connstruct *cn);
+static int sanitizefile(const char *buf);
+static int sanitizehost(char *buf);
+static int htaccess_check(struct connstruct *cn);
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+static void urlencode(const uint8_t *s, char *t);
+static void procdirlisting(struct connstruct *cn);
+#endif
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void proccgi(struct connstruct *cn, int has_pathinfo);
+static int trycgi_withpathinfo(struct connstruct *cn);
+static void split(char *tp, char *sp[], int maxwords, char sc);
+static int iscgi(const char *fn);
+#endif
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+static int auth_check(struct connstruct *cn);
+#endif
+
+/* Returns 1 if elems should continue being read, 0 otherwise */
+static int procheadelem(struct connstruct *cn, char *buf) 
+{
+    char *delim, *value;
+#if defined(CONFIG_HTTP_HAS_CGI)
+    char *cgi_delim;
+#endif
+
+    if ((delim = strchr(buf, ' ')) == NULL)
+        return 0;
+
+    *delim = 0;
+    value = delim+1;
+
+    if (strcmp(buf, "GET") == 0 || strcmp(buf, "HEAD") == 0 ||
+                                            strcmp(buf, "POST") == 0) 
+    {
+        if (buf[0] == 'H') 
+            cn->reqtype = TYPE_HEAD;
+        else if (buf[0] == 'P') 
+            cn->reqtype = TYPE_POST;
+
+        if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
+            return 0;
+
+        *delim = 0;
+        urldecode(value);
+
+        if (sanitizefile(value) == 0) 
+        {
+            send_error(cn, 403);
+            return 0;
+        }
+
+        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
+        cn->if_modified_since = -1;
+#if defined(CONFIG_HTTP_HAS_CGI)
+        if ((cgi_delim = strchr(value, '?')))
+        {
+            *cgi_delim = 0;
+            my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
+        }
+#endif
+    } 
+    else if (strcmp(buf, "Host:") == 0) 
+    {
+        if (sanitizehost(value) == 0) 
+        {
+            removeconnection(cn);
+            return 0;
+        }
+
+        my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
+    } 
+    else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
+    {
+        cn->close_when_done = 1;
+    } 
+    else if (strcmp(buf, "If-Modified-Since:") == 0) 
+    {
+        cn->if_modified_since = tdate_parse(value);
+    }
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    else if (strcmp(buf, "Authorization:") == 0 &&
+                                    strncmp(value, "Basic ", 6) == 0)
+    {
+        int size;
+        if (base64_decode(&value[6], strlen(&value[6]), 
+                                        (uint8_t *)cn->authorization, &size))
+            cn->authorization[0] = 0;   /* error */
+        else
+            cn->authorization[size] = 0;
+    }
+#endif
+
+    return 1;
+}
+
+#if defined(CONFIG_HTTP_DIRECTORIES)
+static void procdirlisting(struct connstruct *cn)
+{
+    char buf[MAXREQUESTLENGTH];
+    char actualfile[1024];
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        snprintf(buf, sizeof(buf), 
+                "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
+        write(cn->networkdesc, buf, strlen(buf));
+        removeconnection(cn);
+        return;
+    }
+
+    strcpy(actualfile, cn->actualfile);
+
+#ifdef WIN32
+    strcat(actualfile, "*");
+    cn->dirp = FindFirstFile(actualfile, &cn->file_data);
+
+    if (cn->dirp == INVALID_HANDLE_VALUE) 
+    {
+        send_error(cn, 404);
+        return;
+    }
+#else
+    if ((cn->dirp = opendir(actualfile)) == NULL) 
+    {
+        send_error(cn, 404);
+        return;
+    }
+#endif
+
+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
+            "<html><body>\n<title>Directory Listing</title>\n"
+            "<h3>Directory listing of %s://%s%s</h3><br />\n", 
+            cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
+    special_write(cn, buf, strlen(buf));
+    cn->state = STATE_DOING_DIR;
+}
+
+void procdodir(struct connstruct *cn) 
+{
+#ifndef WIN32
+    struct dirent *dp;
+#endif
+    char buf[MAXREQUESTLENGTH];
+    char encbuf[1024];
+    char *file;
+
+    do 
+    {
+       buf[0] = 0;
+
+#ifdef WIN32
+        if (!FindNextFile(cn->dirp, &cn->file_data)) 
+#else
+        if ((dp = readdir(cn->dirp)) == NULL)  
+#endif
+        {
+            snprintf(buf, sizeof(buf), "</body></html>\n");
+            special_write(cn, buf, strlen(buf));
+            removeconnection(cn);
+#ifndef WIN32
+            closedir(cn->dirp);
+#endif
+            return;
+        }
+
+#ifdef WIN32
+        file = cn->file_data.cFileName;
+#else
+        file = dp->d_name;
+#endif
+
+        /* if no index file, don't display the ".." directory */
+        if (cn->filereq[0] == '/' && cn->filereq[1] == '\0' &&
+                strcmp(file, "..") == 0) 
+            continue;
+
+        /* don't display files beginning with "." */
+        if (file[0] == '.' && file[1] != '.')
+            continue;
+
+        /* make sure a '/' is at the end of a directory */
+        if (cn->filereq[strlen(cn->filereq)-1] != '/')
+            strcat(cn->filereq, "/");
+
+        /* see if the dir + file is another directory */
+        snprintf(buf, sizeof(buf), "%s%s", cn->actualfile, file);
+        if (isdir(buf))
+            strcat(file, "/");
+
+        urlencode((uint8_t *)file, encbuf);
+        snprintf(buf, sizeof(buf), "<a href=\"%s%s\">%s</a><br />\n",
+                cn->filereq, encbuf, file);
+    } while (special_write(cn, buf, strlen(buf)));
+}
+
+/* Encode funny chars -> %xx in newly allocated storage */
+/* (preserves '/' !) */
+static void urlencode(const uint8_t *s, char *t) 
+{
+    const uint8_t *p = s;
+    char *tp = t;
+
+    for (; *p; p++) 
+    {
+        if ((*p > 0x00 && *p < ',') ||
+                (*p > '9' && *p < 'A') ||
+                (*p > 'Z' && *p < '_') ||
+                (*p > '_' && *p < 'a') ||
+                (*p > 'z' && *p < 0xA1)) 
+        {
+            sprintf((char *)tp, "%%%02X", *p);
+            tp += 3; 
+        } 
+        else 
+        {
+            *tp = *p;
+            tp++;
+        }
+    }
+
+    *tp='\0';
+}
+
+#endif
+
+void procreadhead(struct connstruct *cn) 
+{
+    char buf[MAXREQUESTLENGTH*4], *tp, *next;
+    int rv;
+
+    rv = special_read(cn, buf, sizeof(buf)-1);
+    if (rv <= 0) 
+    {
+        if (rv < 0) /* really dead? */
+            removeconnection(cn);
+        return;
+    }
+
+    buf[rv] = '\0';
+    next = tp = buf;
+
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    cn->authorization[0] = 0;
+#endif
+
+    /* Split up lines and send to procheadelem() */
+    while (*next != '\0') 
+    {
+        /* If we have a blank line, advance to next stage! */
+        if (*next == '\r' || *next == '\n') 
+        {
+            buildactualfile(cn);
+            cn->state = STATE_WANT_TO_SEND_HEAD;
+            return;
+        }
+
+        while (*next != '\r' && *next != '\n' && *next != '\0') 
+            next++;
+
+        if (*next == '\r') 
+        {
+            *next = '\0';
+            next += 2;
+        }
+        else if (*next == '\n') 
+            *next++ = '\0';
+
+        if (procheadelem(cn, tp) == 0) 
+            return;
+
+        tp = next;
+    }
+}
+
+/* In this function we assume that the file has been checked for
+ * maliciousness (".."s, etc) and has been decoded
+ */
+void procsendhead(struct connstruct *cn) 
+{
+    char buf[MAXREQUESTLENGTH];
+    struct stat stbuf;
+    time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
+    char date[32];
+
+    /* are we trying to access a file over the HTTP connection instead of a
+     * HTTPS connection? Or is this directory disabled? */
+    if (htaccess_check(cn))      
+    {
+        send_error(cn, 403);
+        return;
+    }
+
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+    if (auth_check(cn))     /* see if there is a '.htpasswd' file */
+    {
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
+#endif
+        removeconnection(cn);
+        return;
+    }
+#endif
+
+    if (stat(cn->actualfile, &stbuf) == -1)
+    {
+#if defined(CONFIG_HTTP_HAS_CGI)
+        if (stat(cn->actualfile, &stbuf) == -1 && trycgi_withpathinfo(cn) == 0) 
+        { 
+            /* We Try To Find A CGI */
+            proccgi(cn, 1);
+            return;
+        }
+#endif
+    }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+    if (iscgi(cn->actualfile))
+    {
+#ifndef WIN32
+        /* An executable file? */
+        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+        {
+            send_error(cn, 404);
+            return;
+        }
+#endif
+
+        proccgi(cn, 0);
+        return;
+    }
+#endif
+
+    /* look for "index.html"? */
+    if (isdir(cn->actualfile))
+    {
+        char tbuf[MAXREQUESTLENGTH];
+        sprintf(tbuf, "%s%s", cn->actualfile, index_file);
+
+        if (stat(tbuf, &stbuf) != -1) 
+            strcat(cn->actualfile, index_file);
+        else
+        {
+#if defined(CONFIG_HTTP_DIRECTORIES)
+            /* If not, we do a directory listing of it */
+            procdirlisting(cn);
+#else
+            send_error(cn, 404);
+#endif
+            return;
+        }
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+        /* If the index is a CGI file, handle it like any other CGI */
+        if (iscgi(cn->actualfile))
+        {
+            /* Set up CGI script */
+            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+            {
+                send_error(cn, 404);
+                return;
+            }
+
+            proccgi(cn, 0);
+            return;
+        }
+#endif
+    }
+
+    strcpy(date, ctime(&now));
+
+    /* has the file been read before? */
+    if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
+                                       cn->if_modified_since >= stbuf.st_mtime))
+    {
+        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
+                "axhttpd V%s\nDate: %s\n", VERSION, date);
+        special_write(cn, buf, strlen(buf));
+        cn->state = STATE_WANT_TO_READ_HEAD;
+        return;
+    }
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        removeconnection(cn);
+        return;
+    } 
+    else 
+    {
+        int flags = O_RDONLY;
+#if defined(WIN32) || defined(CONFIG_PLATFORM_CYGWIN)
+        flags |= O_BINARY;
+#endif
+        cn->filedesc = open(cn->actualfile, flags);
+
+        if (cn->filedesc < 0) 
+        {
+            send_error(cn, 404);
+            return;
+        }
+
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
+            "Content-Type: %s\nContent-Length: %ld\n"
+            "Date: %sLast-Modified: %s\n", VERSION,
+            getmimetype(cn->actualfile), (long) stbuf.st_size,
+            date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
+
+        special_write(cn, buf, strlen(buf));
+
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("axhttpd: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
+        TTY_FLUSH();
+#endif
+
+#ifdef WIN32
+        for (;;)
+        {
+            procreadfile(cn);
+            if (cn->filedesc == -1)
+                break;
+
+            do 
+            {
+                procsendfile(cn);
+            } while (cn->state != STATE_WANT_TO_READ_FILE);
+        }
+#else
+        cn->state = STATE_WANT_TO_READ_FILE;
+#endif
+    }
+}
+
+void procreadfile(struct connstruct *cn) 
+{
+    int rv = read(cn->filedesc, cn->databuf, BLOCKSIZE);
+
+    if (rv <= 0) 
+    {
+        close(cn->filedesc);
+        cn->filedesc = -1;
+
+        if (cn->close_when_done)        /* close immediately */
+            removeconnection(cn);
+        else 
+        {                               /* keep socket open - HTTP 1.1 */
+            cn->state = STATE_WANT_TO_READ_HEAD;
+            cn->numbytes = 0;
+        }
+
+        return;
+    }
+
+    cn->numbytes = rv;
+    cn->state = STATE_WANT_TO_SEND_FILE;
+}
+
+void procsendfile(struct connstruct *cn) 
+{
+    int rv = special_write(cn, cn->databuf, cn->numbytes);
+
+    if (rv < 0)
+        removeconnection(cn);
+    else if (rv == cn->numbytes)
+        cn->state = STATE_WANT_TO_READ_FILE;
+    else if (rv == 0)
+    { 
+        /* Do nothing */ 
+    }
+    else 
+    {
+        memmove(cn->databuf, cn->databuf + rv, cn->numbytes - rv);
+        cn->numbytes -= rv;
+    }
+}
+
+static int special_write(struct connstruct *cn, 
+                                        const char *buf, size_t count)
+{
+    if (cn->is_ssl)
+    {
+        SSL *ssl = cn->ssl;
+        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
+    }
+    else
+        return SOCKET_WRITE(cn->networkdesc, buf, count);
+}
+
+static int special_read(struct connstruct *cn, void *buf, size_t count)
+{
+    int res;
+
+    if (cn->is_ssl)
+    {
+        uint8_t *read_buf;
+        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
+        {
+            memcpy(buf, read_buf, res > (int)count ? count : res);
+        }
+    }
+    else
+        res = SOCKET_READ(cn->networkdesc, buf, count);
+
+    return res;
+}
+
+#if defined(CONFIG_HTTP_HAS_CGI)
+static void proccgi(struct connstruct *cn, int has_pathinfo) 
+{
+    int tpipe[2];
+    char *myargs[5];
+    char buf[MAXREQUESTLENGTH];
+#ifdef WIN32
+    int tmp_stdout;
+#endif
+
+    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
+            VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+    special_write(cn, buf, strlen(buf));
+
+    if (cn->reqtype == TYPE_HEAD) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+#ifndef WIN32
+    pipe(tpipe);
+
+    if (fork() > 0)  /* parent */
+    {
+        /* Close the write descriptor */
+        close(tpipe[1]);
+        cn->filedesc = tpipe[0];
+        cn->state = STATE_WANT_TO_READ_FILE;
+        cn->close_when_done = 1;
+        return;
+    }
+
+    /* The problem child... */
+
+    /* Our stdout/stderr goes to the socket */
+    dup2(tpipe[1], 1);
+    dup2(tpipe[1], 2);
+
+    /* If it was a POST request, send the socket data to our stdin */
+    if (cn->reqtype == TYPE_POST) 
+        dup2(cn->networkdesc, 0);
+    else    /* Otherwise we can shutdown the read side of the sock */
+        shutdown(cn->networkdesc, 0);
+
+    close(tpipe[0]);
+    close(tpipe[1]);
+    myargs[0] = cn->actualfile;
+    myargs[1] = cn->cgiargs;
+    myargs[2] = NULL;
+
+    if (!has_pathinfo) 
+    {
+        my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
+        my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
+    }
+
+    execv(cn->actualfile, myargs);
+#else /* WIN32 */
+    _pipe(tpipe, 8192, O_BINARY| O_NOINHERIT);
+
+    myargs[0] = "sh";
+    myargs[1] = "-c";
+    myargs[2] = &cn->filereq[1];    /* ignore the inital "/" */
+    myargs[3] = cn->cgiargs;
+    myargs[4] = NULL;
+
+    tmp_stdout = _dup(_fileno(stdout));
+    _dup2(tpipe[1], _fileno(stdout));
+    close(tpipe[1]);
+
+    /* change to suit execution method */
+    if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
+                myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) 
+    {
+        removeconnection(cn);
+        return;
+    }
+
+    _dup2(tmp_stdout, _fileno(stdout));
+    close(tmp_stdout);
+    cn->filedesc = tpipe[0];
+    cn->state = STATE_WANT_TO_READ_FILE;
+    cn->close_when_done = 1;
+
+    for (;;)
+    {
+        procreadfile(cn);
+
+        if (cn->filedesc == -1)
+            break;
+
+        procsendfile(cn);
+        usleep(200000); /* don't know why this delay makes it work (yet) */
+    }
+#endif
+}
+
+static int trycgi_withpathinfo(struct connstruct *cn)
+{
+    char tpfile[MAXREQUESTLENGTH];
+    char fr_str[MAXREQUESTLENGTH];
+    char *fr_rs[MAXCGIARGS]; /* filereq splitted */
+    int i = 0, offset;
+
+    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
+    split(fr_str, fr_rs, MAXCGIARGS, '/');
+
+    while (fr_rs[i] != NULL) 
+    {
+        snprintf(tpfile, sizeof(tpfile), "/%s%s", 
+                            cn->virtualhostreq, fr_str);
+
+        if (iscgi(tpfile) && isdir(tpfile) == 0)
+        {
+            /* We've found our CGI file! */
+            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
+            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
+            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
+            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
+            return 0;
+        }
+
+        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
+        i++;
+    }
+
+    /* Couldn't find any CGIs :( */
+    *(cn->cgiscriptinfo) = '\0';
+    *(cn->cgipathinfo) = '\0';
+    return -1;
+}
+
+static int iscgi(const char *fn)
+{
+    struct cgiextstruct *tp = cgiexts;
+    int fnlen, extlen;
+
+    fnlen = strlen(fn);
+
+    while (tp != NULL) 
+    {
+        extlen = strlen(tp->ext);
+
+        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
+            return 1;
+
+        tp = tp->next;
+    }
+
+    return 0;
+}
+
+static void split(char *tp, char *sp[], int maxwords, char sc)
+{
+    int i = 0;
+
+    while(1) 
+    {
+        /* Skip leading whitespace */
+        while (*tp == sc) tp++;
+
+        if (*tp == '\0') 
+        {
+            sp[i] = NULL;
+            break;
+        }
+
+        if (i==maxwords-2) 
+        {
+            sp[maxwords-2] = NULL;
+            break;
+        }
+
+        sp[i] = tp;
+
+        while(*tp != sc && *tp != '\0') 
+            tp++;
+
+        if (*tp == sc) 
+            *tp++ = '\0';
+
+        i++;
+    }
+}
+#endif  /* CONFIG_HTTP_HAS_CGI */
+
+/* Decode string %xx -> char (in place) */
+static void urldecode(char *buf) 
+{
+    int v;
+    char *p, *s, *w;
+
+    w = p = buf;
+
+    while (*p) 
+    {
+        v = 0;
+
+        if (*p == '%') 
+        {
+            s = p;
+            s++;
+
+            if (isxdigit((int) s[0]) && isxdigit((int) s[1]))
+            {
+                v = hexit(s[0])*16 + hexit(s[1]);
+
+                if (v) 
+                { 
+                    /* do not decode %00 to null char */
+                    *w = (char)v;
+                    p = &s[1];
+                }
+            }
+
+        }
+
+        if (!v) *w=*p;
+        p++; 
+        w++;
+    }
+
+    *w='\0';
+}
+
+static int hexit(char c) 
+{
+    if (c >= '0' && c <= '9')
+        return c - '0';
+    else if (c >= 'a' && c <= 'f')
+        return c - 'a' + 10;
+    else if (c >= 'A' && c <= 'F')
+        return c - 'A' + 10;
+    else
+        return 0;
+}
+
+static void buildactualfile(struct connstruct *cn)
+{
+    char *cp;
+
+#ifdef CONFIG_HTTP_USE_CHROOT
+    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
+#else
+    snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);
+#endif
+
+#ifndef WIN32
+    /* Add directory slash if not there */
+    if (isdir(cn->actualfile) && 
+            cn->actualfile[strlen(cn->actualfile)-1] != '/')
+        strcat(cn->actualfile, "/");
+
+    /* work out the directory name */
+    strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
+    if ((cp = strrchr(cn->dirname, '/')) == NULL)
+        cn->dirname[0] = 0;
+    else
+        *cp = 0;
+#else
+    {
+        char curr_dir[MAXREQUESTLENGTH];
+        char path[MAXREQUESTLENGTH];
+        char *t = cn->actualfile;
+
+        GetCurrentDirectory(MAXREQUESTLENGTH, curr_dir);
+
+        /* convert all the forward slashes to back slashes */
+        while ((t = strchr(t, '/')))
+            *t++ = '\\';
+
+        snprintf(path, MAXREQUESTLENGTH, "%s%s", curr_dir, cn->actualfile);
+        memcpy(cn->actualfile, path, MAXREQUESTLENGTH);
+
+        /* Add directory slash if not there */
+        if (isdir(cn->actualfile) && 
+                    cn->actualfile[strlen(cn->actualfile)-1] != '\\')
+            strcat(cn->actualfile, "\\");
+
+        /* work out the directory name */
+        strncpy(cn->dirname, cn->actualfile, MAXREQUESTLENGTH);
+        if ((cp = strrchr(cn->dirname, '\\')) == NULL)
+            cn->dirname[0] = 0;
+        else
+            *cp = 0;
+    }
+#endif
+}
+
+static int sanitizefile(const char *buf) 
+{
+    int len, i;
+
+    /* Don't accept anything not starting with a / */
+    if (*buf != '/') 
+        return 0;
+
+    len = strlen(buf);
+    for (i = 0; i < len; i++) 
+    {
+        /* Check for "/." i.e. don't send files starting with a . */
+        if (buf[i] == '/' && buf[i+1] == '.') 
+            return 0;
+    }
+
+    return 1;
+}
+
+static int sanitizehost(char *buf)
+{
+    while (*buf != '\0') 
+    {
+        /* Handle the port */
+        if (*buf == ':') 
+        {
+            *buf = '\0';
+            return 1;
+        }
+
+        /* Enforce some basic URL rules... */
+        if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
+                (*buf == '.' && *(buf+1) == '.') ||
+                (*buf == '.' && *(buf+1) == '-') ||
+                (*buf == '-' && *(buf+1) == '.'))
+            return 0;
+
+        buf++;
+    }
+
+    return 1;
+}
+
+static FILE * exist_check(struct connstruct *cn, const char *check_file)
+{
+    char pathname[MAXREQUESTLENGTH];
+    snprintf(pathname, MAXREQUESTLENGTH, "%s/%s", cn->dirname, check_file);
+    return fopen(pathname, "r");
+}
+
+#ifdef CONFIG_HTTP_HAS_AUTHORIZATION
+static void send_authenticate(struct connstruct *cn, const char *realm)
+{
+    char buf[1024];
+
+    snprintf(buf, sizeof(buf), "HTTP/1.1 401 Unauthorized\n"
+         "WWW-Authenticate: Basic\n"
+                 "realm=\"%s\"\n", realm);
+    special_write(cn, buf, strlen(buf));
+}
+
+static int check_digest(char *salt, const char *msg_passwd)
+{
+    uint8_t b256_salt[MAXREQUESTLENGTH];
+    uint8_t real_passwd[MD5_SIZE];
+    int salt_size;
+    char *b64_passwd;
+    uint8_t md5_result[MD5_SIZE];
+    MD5_CTX ctx;
+
+    /* retrieve the salt */
+    if ((b64_passwd = strchr(salt, '$')) == NULL)
+        return -1;
+
+    *b64_passwd++ = 0;
+    if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
+        return -1;
+
+    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
+        return -1;
+
+    /* very simple MD5 crypt algorithm, but then the salt we use is large */
+    MD5Init(&ctx);
+    MD5Update(&ctx, b256_salt, salt_size);           /* process the salt */
+    MD5Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); 
+    MD5Final(&ctx, md5_result);
+    return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
+}
+
+static int auth_check(struct connstruct *cn)
+{
+    char line[MAXREQUESTLENGTH];
+    FILE *fp;
+    char *cp;
+
+    if ((fp = exist_check(cn, ".htpasswd")) == NULL)
+        return 0;               /* no .htpasswd file, so let though */
+
+    if (cn->authorization[0] == 0)
+        goto error;
+
+    /* cn->authorization is in form "username:password" */
+    if ((cp = strchr(cn->authorization, ':')) == NULL)
+        goto error;
+    else
+        *cp++ = 0;  /* cp becomes the password */
+
+    while (fgets(line, sizeof(line), fp) != NULL)
+    {
+        char *b64_file_passwd;
+        int l = strlen(line);
+
+        /* nuke newline */
+        if (line[l-1] == '\n')
+            line[l-1] = 0;
+
+        /* line is form "username:salt(b64)$password(b64)" */
+        if ((b64_file_passwd = strchr(line, ':')) == NULL)
+            continue;
+
+        *b64_file_passwd++ = 0;
+
+        if (strcmp(line, cn->authorization)) /* our user? */
+            continue;
+
+        if (check_digest(b64_file_passwd, cp) == 0)
+        {
+            fclose(fp);
+            return 0;
+        }
+    }
+
+error:
+    fclose(fp);
+    send_authenticate(cn, cn->virtualhostreq);
+    return -1;
+}
+#endif
+
+static int htaccess_check(struct connstruct *cn)
+{
+    char line[MAXREQUESTLENGTH];
+    FILE *fp;
+    int ret = 0;
+
+    if ((fp = exist_check(cn, ".htaccess")) == NULL)
+        return 0;               /* no .htaccess file, so let though */
+
+    while (fgets(line, sizeof(line), fp) != NULL)
+    {
+        if (strstr(line, "Deny all") || /* access to this dir denied */
+                    /* Access will be denied unless SSL is active */
+                    (!cn->is_ssl && strstr(line, "SSLRequireSSL")) ||
+                    /* Access will be denied if SSL is active */
+                    (cn->is_ssl && strstr(line, "SSLDenySSL")))
+        {
+            ret = -1;
+            break;
+        }
+    }
+
+    fclose(fp);
+    return ret;
+}
+
+static void send_error(struct connstruct *cn, int err)
+{
+    char buf[MAXREQUESTLENGTH];
+    char *title;
+    char *text;
+
+    switch (err)
+    {
+        case 403:
+            title = "Forbidden";
+            text = "File is protected";
+#ifdef CONFIG_HTTP_VERBOSE
+            printf("axhttpd: access to %s denied\n", cn->filereq); TTY_FLUSH();
+#endif
+            break;
+
+        case 404:
+            title = "Not Found";
+            text = title;
+            break;
+
+        default:
+            title = "Unknown";
+            text = "Unknown";
+            break;
+    }
+
+    snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
+            "Content-Type: text/html\n"
+            "Cache-Control: no-cache,no-store\n"
+            "Connection: close\n\n"
+            "<html>\n<head>\n<title>%d %s</title></head>\n"
+            "<body><h1>%d %s</h1>\n</body></html>\n", 
+            err, title, err, title, err, text);
+    special_write(cn, buf, strlen(buf));
+    removeconnection(cn);
+}
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
new file mode 100644
index 0000000000..a6cadc77e1
--- /dev/null
+++ b/httpd/tdate_parse.c
@@ -0,0 +1,107 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <sys/types.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "axhttp.h"
+
+struct day_mon_map 
+{
+    const char* s;
+    uint8_t l;
+};
+
+static struct day_mon_map wday_tab[] = 
+{
+    { "Sun", 0 }, { "Mon", 1 }, { "Tue", 2 }, { "Wed", 3 },
+    { "Thu", 4 }, { "Fri", 5 }, { "Sat", 6 }, 
+};
+
+static struct day_mon_map mon_tab[] = 
+{
+    { "Jan", 0 }, { "Feb", 1 }, { "Mar", 2 }, { "Apr", 3 },
+    { "May", 4 }, { "Jun", 5 }, { "Jul", 6 }, { "Aug", 7 },
+    { "Sep", 8 }, { "Oct", 9 }, { "Nov", 10 }, { "Dec", 11 },
+};
+
+static int day_mon_map_compare(const char *v1, const char *v2)
+{
+    return strcmp(((struct day_mon_map*)v1)->s, ((struct day_mon_map*)v2)->s);
+}
+
+void tdate_init(void)
+{
+    qsort(wday_tab, sizeof(wday_tab)/sizeof(struct day_mon_map),
+            sizeof(struct day_mon_map), 
+            (int (*)(const void *, const void *))day_mon_map_compare);
+    qsort(mon_tab, sizeof(mon_tab)/sizeof(struct day_mon_map),
+            sizeof(struct day_mon_map), 
+            (int (*)(const void *, const void *))day_mon_map_compare);
+}
+
+static int8_t day_mon_map_search(const char* str, 
+                            const struct day_mon_map* tab, int n)
+{
+    struct day_mon_map *search = bsearch(&str, tab, n,
+            sizeof(struct day_mon_map), 
+                (int (*)(const void *, const void *))day_mon_map_compare);
+    return search ? search->l : -1;
+}
+
+time_t tdate_parse(const char* str)
+{
+    struct tm tm;
+    char str_mon[4], str_wday[4];
+    int tm_sec, tm_min, tm_hour, tm_mday, tm_year;
+
+    /* Initialize. */
+    memset(&tm, 0, sizeof(struct tm));
+
+    /* wdy, DD mth YY HH:MM:SS GMT */
+    if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
+                str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min,
+                    &tm_sec) == 7) ||
+    /* wdy mth DD HH:MM:SS YY */
+        (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d",
+                str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec,
+                    &tm_year) == 7))
+    {
+        int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, 
+                        sizeof(wday_tab)/sizeof(struct day_mon_map));
+        int8_t tm_mon = day_mon_map_search(str_mon, mon_tab, 
+                        sizeof(mon_tab)/sizeof(struct day_mon_map));
+
+        if (tm_wday < 0 || tm_mon < 0)
+            return -1;
+
+        tm.tm_wday = tm_wday;
+        tm.tm_mon = tm_mon;
+        tm.tm_mday = tm_mday;
+        tm.tm_hour = tm_hour;
+        tm.tm_min = tm_min;
+        tm.tm_sec = tm_sec;
+        tm.tm_year = tm_year - 1900;
+        return mktime(&tm);
+    }
+
+    return -1;  /* error */
+}
diff --git a/samples/Config.in b/samples/Config.in
new file mode 100644
index 0000000000..a17f252f9d
--- /dev/null
+++ b/samples/Config.in
@@ -0,0 +1,56 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Samples"
+
+config CONFIG_SAMPLES
+    bool "Create Samples"
+    default y
+    help
+        axTLS contains various sample code.
+
+        Select Y here if you want to build the various samples.
+
+config CONFIG_C_SAMPLES
+    bool "axssl - C version"
+    default y
+    depends on CONFIG_SAMPLES
+    help
+        Build the "C" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_CSHARP_SAMPLES
+    bool "axssl - C# version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_CSHARP_BINDINGS
+    help
+        Build the "C#" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_VBNET_SAMPLES
+    bool "axssl - VB.NET version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_VBNET_BINDINGS
+    help
+        Build the "VB.NET" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_JAVA_SAMPLES
+    bool "axssl - Java version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_JAVA_BINDINGS
+    help
+        Build the "Java" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+config CONFIG_PERL_SAMPLES
+    bool "axssl - Perl version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_PERL_BINDINGS
+    help
+        Build the "Perl" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
+
+endmenu
+
diff --git a/samples/Makefile b/samples/Makefile
new file mode 100644
index 0000000000..fbb31149a8
--- /dev/null
+++ b/samples/Makefile
@@ -0,0 +1,46 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../config/.config
+include ../config/makefile.conf
+
+all:
+ifdef CONFIG_C_SAMPLES
+	$(MAKE) -C c
+endif
+ifdef CONFIG_CSHARP_SAMPLES
+	$(MAKE) -C csharp
+endif
+ifdef CONFIG_VBNET_SAMPLES
+	$(MAKE) -C vbnet
+endif
+ifdef CONFIG_JAVA_SAMPLES
+	$(MAKE) -C java
+endif
+ifdef CONFIG_PERL_SAMPLES
+	$(MAKE) -C perl
+endif
+
+clean::
+	$(MAKE) -C c clean
+	$(MAKE) -C csharp clean
+	$(MAKE) -C vbnet clean
+	$(MAKE) -C java clean
+	$(MAKE) -C perl clean
diff --git a/samples/c/Makefile b/samples/c/Makefile
new file mode 100644
index 0000000000..0ab81e70f2
--- /dev/null
+++ b/samples/c/Makefile
@@ -0,0 +1,66 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all : sample
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+ifndef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET=../../$(STAGE)/axssl.exe
+else
+TARGET=../../$(STAGE)/axssl
+endif   # cygwin
+
+LIBS=../../$(STAGE)
+CFLAGS += -I../../ssl -I../../config
+else
+TARGET=../../$(STAGE)/axssl.exe
+CFLAGS += /I"..\..\ssl" /I"..\..\config"
+endif
+
+ifndef CONFIG_C_SAMPLES
+sample:
+
+else
+sample : $(TARGET)
+OBJ= axssl.o
+include ../../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32
+
+$(TARGET): $(OBJ) $(LIBS)/libaxtls.a
+	$(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls 
+ifndef CONFIG_DEBUG
+ifndef CONFIG_PLATFORM_SOLARIS
+	strip --remove-section=.comment $(TARGET)
+endif   # SOLARIS
+endif   # CONFIG_DEBUG
+else    # Win32
+
+$(TARGET): $(OBJ)
+	$(LD) $(LDFLAGS) ..\\..\\config\\axtls.res /out:$@ $^ /libpath:"../../$(STAGE)" axtls.lib
+endif
+
+endif    # CONFIG_C_SAMPLES
+
+clean::
+	-@rm -f ../../$(STAGE)/axssl*
+
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
new file mode 100644
index 0000000000..c8e1375945
--- /dev/null
+++ b/samples/c/axssl.c
@@ -0,0 +1,865 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl s_server -?
+ * > axssl s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl.h"
+
+/* define standard input */
+#ifndef STDIN_FILENO
+#define STDIN_FILENO        0
+#endif
+
+static void do_server(int argc, char *argv[]);
+static void print_options(char *option);
+static void print_server_options(char *option);
+static void do_client(int argc, char *argv[]);
+static void print_client_options(char *option);
+static void display_cipher(SSL *ssl);
+static void display_session_id(SSL *ssl);
+
+/**
+ * Main entry point. Doesn't do much except works out whether we are a client
+ * or a server.
+ */
+int main(int argc, char *argv[])
+{
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+#elif !defined(CONFIG_PLATFORM_SOLARIS)
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+#endif
+
+    if (argc == 2 && strcmp(argv[1], "version") == 0)
+    {
+        printf("axssl %s\n", ssl_version());
+        exit(0);
+    }
+
+    if (argc < 2 || (
+                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
+        print_options(argc > 1 ? argv[1] : "");
+
+    strcmp(argv[1], "s_server") ? 
+        do_client(argc, argv) : do_server(argc, argv);
+    return 0;
+}
+
+/**
+ * Implement the SSL server logic. 
+ */
+static void do_server(int argc, char *argv[])
+{
+    int i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_DISPLAY_CERTS;
+    int client_fd;
+    SSL_CTX *ssl_ctx;
+    int server_fd, res = 0;
+    socklen_t client_len;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    char *private_key_file = NULL;
+    const char *password = NULL;
+    char **cert;
+    int cert_index = 0;
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef WIN32
+    char yes = 1;
+#else
+    int yes = 1;
+#endif
+    struct sockaddr_in serv_addr;
+    struct sockaddr_in client_addr;
+    int quiet = 0;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_index = 0;
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+#endif
+    fd_set read_set;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+#endif
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-accept") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            port = atoi(argv[++i]);
+        }
+#ifndef CONFIG_SSL_SKELETON_MODE
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#endif
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options |= SSL_CLIENT_AUTHENTICATION;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_server_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Server context is invalid\n");
+        exit(1);
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(ca_cert);
+#endif
+#ifndef CONFIG_SSL_SKELETON_MODE
+    free(cert);
+#endif
+
+    for (;;)
+    {
+        SSL *ssl;
+        int reconnected = 0;
+
+        if (!quiet)
+        {
+            printf("ACCEPT\n");
+            TTY_FLUSH();
+        }
+
+        if ((client_fd = accept(server_fd, 
+                (struct sockaddr *)&client_addr, &client_len)) < 0)
+        {
+            res = 1;
+            break;
+        }
+
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+
+        /* now read (and display) whatever the client sends us */
+        for (;;)
+        {
+            /* allow parallel reading of client and standard input */
+            FD_ZERO(&read_set);
+            FD_SET(client_fd, &read_set);
+
+#ifndef WIN32
+            /* win32 doesn't like mixing up stdin and sockets */
+            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
+            {
+                FD_SET(STDIN_FILENO, &read_set);
+            }
+
+            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+            {
+               uint8_t buf[1024];
+
+                /* read standard input? */
+                if (FD_ISSET(STDIN_FILENO, &read_set))
+                {
+                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                    {
+                        res = SSL_ERROR_CONN_LOST;
+                    }
+                    else
+                    {
+                        /* small hack to check renegotiation */
+                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
+                        {
+                            res = ssl_renegotiate(ssl);
+                        }
+                        else    /* write our ramblings to the client */
+                        {
+                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        }
+                    }
+                }
+                else    /* a socket read */
+#endif
+                {
+                    /* keep reading until we get something interesting */
+                    uint8_t *read_buf;
+
+                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
+                    {
+                        /* are we in the middle of doing a handshake? */
+                        if (ssl_handshake_status(ssl) != SSL_OK)
+                        {
+                            reconnected = 0;
+                        }
+                        else if (!reconnected)
+                        {
+                            /* we are connected/reconnected */
+                            if (!quiet)
+                            {
+                                display_session_id(ssl);
+                                display_cipher(ssl);
+                            }
+
+                            reconnected = 1;
+                        }
+                    }
+
+                    if (res > 0)    /* display our interesting output */
+                    {
+                        printf("%s", read_buf);
+                        TTY_FLUSH();
+                    }
+                    else if (res < 0 && !quiet)
+                    {
+                        ssl_display_error(res);
+                    }
+                }
+#ifndef WIN32
+            }
+#endif
+
+            if (res < SSL_OK)
+            {
+                if (!quiet)
+                {
+                    printf("CONNECTION CLOSED\n");
+                    TTY_FLUSH();
+                }
+
+                break;
+            }
+        }
+
+        /* client was disconnected or the handshake failed. */
+        ssl_free(ssl);
+        SOCKET_CLOSE(client_fd);
+    }
+
+    ssl_ctx_free(ssl_ctx);
+}
+
+/**
+ * Implement the SSL client logic.
+ */
+static void do_client(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int res, i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
+    int client_fd;
+    char *private_key_file = NULL;
+    struct sockaddr_in client_addr;
+    struct hostent *hostent;
+    int reconnect = 0;
+    uint32_t sin_addr;
+    SSL_CTX *ssl_ctx;
+    SSL *ssl = NULL;
+    int quiet = 0;
+    int cert_index = 0, ca_cert_index = 0;
+    int cert_size, ca_cert_size;
+    char **ca_cert, **cert;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    fd_set read_set;
+    const char *password = NULL;
+
+    FD_ZERO(&read_set);
+    sin_addr = inet_addr("127.0.0.1");
+    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-connect") == 0)
+        {
+            char *host, *ptr;
+
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            host = argv[++i];
+            if ((ptr = strchr(host, ':')) == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            *ptr++ = 0;
+            port = atoi(ptr);
+            hostent = gethostbyname(host);
+
+            if (hostent == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
+        }
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options &= ~SSL_SERVER_VERIFY_LATER;
+        }
+        else if (strcmp(argv[i], "-reconnect") == 0)
+        {
+            reconnect = 4;
+        }
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_client_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Client context is invalid\n");
+        exit(1);
+    }
+
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(cert);
+    free(ca_cert);
+
+    /* Try session resumption? */
+    if (reconnect)
+    {
+        while (reconnect--)
+        {
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
+            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+            {
+                if (!quiet)
+                {
+                    ssl_display_error(res);
+                }
+
+                ssl_free(ssl);
+                exit(1);
+            }
+
+            display_session_id(ssl);
+            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+
+            if (reconnect)
+            {
+                ssl_free(ssl);
+                SOCKET_CLOSE(client_fd);
+
+                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+                connect(client_fd, (struct sockaddr *)&client_addr, 
+                        sizeof(client_addr));
+            }
+        }
+    }
+    else
+    {
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
+    }
+
+    /* check the return status */
+    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+    {
+        if (!quiet)
+        {
+            ssl_display_error(res);
+        }
+
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        const char *common_name = ssl_get_cert_dn(ssl,
+                SSL_X509_CERT_COMMON_NAME);
+        if (common_name)
+        {
+            printf("Common Name:\t\t%s\n", common_name);
+        }
+
+        display_session_id(ssl);
+        display_cipher(ssl);
+    }
+
+    for (;;)
+    {
+        uint8_t buf[1024];
+        res = SSL_OK;
+
+        /* allow parallel reading of server and standard input */
+        FD_SET(client_fd, &read_set);
+#ifndef WIN32
+        /* win32 doesn't like mixing up stdin and sockets */
+        FD_SET(STDIN_FILENO, &read_set);
+
+        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+        {
+            /* read standard input? */
+            if (FD_ISSET(STDIN_FILENO, &read_set))
+#endif
+            {
+                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                {
+                    /* bomb out of here */
+                    ssl_free(ssl);
+                    break;
+                }
+                else
+                {
+                    /* small hack to check renegotiation */
+                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
+                    {
+                        res = ssl_renegotiate(ssl);
+                    }
+                    else
+                    {
+                        res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                    }
+                }
+            }
+#ifndef WIN32
+            else    /* a socket read */
+            {
+                uint8_t *read_buf;
+
+                res = ssl_read(ssl, &read_buf);
+
+                if (res > 0)    /* display our interesting output */
+                {
+                    printf("%s", read_buf);
+                    TTY_FLUSH();
+                }
+            }
+        }
+#endif
+
+        if (res < 0)
+        {
+            if (!quiet)
+            {
+                ssl_display_error(res);
+            }
+
+            break;      /* get outta here */
+        }
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    SOCKET_CLOSE(client_fd);
+#else
+    print_client_options(argv[1]);
+#endif
+}
+
+/**
+ * We've had some sort of command-line error. Print out the basic options.
+ */
+static void print_options(char *option)
+{
+    printf("axssl: Error: '%s' is an invalid command.\n", option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the server options.
+ */
+static void print_server_options(char *option)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+#ifndef CONFIG_SSL_SKELETON_MODE
+    printf(" -cert arg\t- certificate file to add (in addition to default)"
+                                    " to chain -\n"
+          "\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#endif
+    printf(" -quiet\t\t- No server output\n");
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the client options.
+ */
+static void print_client_options(char *option)
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    printf("usage: s_client [args ...]\n");
+    printf(" -connect host:port - who to connect to (default "
+            "is localhost:4433)\n");
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -cert arg\t- certificate file to use\n");
+    printf("\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+    printf(" -quiet\t\t- No client output\n");
+    printf(" -reconnect\t- Drop and re-make the connection "
+            "with the same Session-ID\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+#else
+    printf("Change configuration to allow this feature\n");
+#endif
+    exit(1);
+}
+
+/**
+ * Display what cipher we are using 
+ */
+static void display_cipher(SSL *ssl)
+{
+    printf("CIPHER is ");
+    switch (ssl_get_cipher_id(ssl))
+    {
+        case SSL_AES128_SHA:
+            printf("AES128-SHA");
+            break;
+
+        case SSL_AES256_SHA:
+            printf("AES256-SHA");
+            break;
+
+        case SSL_RC4_128_SHA:
+            printf("RC4-SHA");
+            break;
+
+        case SSL_RC4_128_MD5:
+            printf("RC4-MD5");
+            break;
+
+        default:
+            printf("Unknown - %d", ssl_get_cipher_id(ssl));
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Display what session id we have.
+ */
+static void display_session_id(SSL *ssl)
+{    
+    int i;
+    const uint8_t *session_id = ssl_get_session_id(ssl);
+
+    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+    for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+    {
+        printf("%02x", session_id[i]);
+    }
+    printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    TTY_FLUSH();
+}
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
new file mode 100644
index 0000000000..267a49d15c
--- /dev/null
+++ b/samples/csharp/Makefile
@@ -0,0 +1,36 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.dotnet.conf
+
+all : sample
+TARGET=../../$(STAGE)/axssl.csharp.exe
+sample : $(TARGET)
+
+$(TARGET): ../../bindings/csharp/axTLS.cs ../../bindings/csharp/axInterface.cs axssl.cs 
+ifdef GO_DOT_NET
+	csc.exe /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
+else    # use mono to build
+	mcs -out:$@ $^
+
+endif    # ARCH
+
+clean::
+	-@rm -f $(TARGET)
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
new file mode 100644
index 0000000000..1f1f95b584
--- /dev/null
+++ b/samples/csharp/axssl.cs
@@ -0,0 +1,743 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C# with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl.csharp.exe s_server -?
+ * > axssl.csharp.exe s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+
+using System;
+using System.Net;
+using System.Net.Sockets;
+using axTLS;
+
+public class axssl
+{
+    /*
+     * Main()
+     */
+    public static void Main(string[] args)
+    {
+        if (args.Length == 1 && args[0] == "version")
+        {
+            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
+            Environment.Exit(0); 
+        }
+
+        axssl runner = new axssl();
+
+        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
+            runner.print_options(args.Length > 0 ? args[0] : "");
+
+        int build_mode = SSLUtil.BuildMode();
+
+        if (args[0] == "s_server")
+            runner.do_server(build_mode, args);
+        else 
+            runner.do_client(build_mode, args);
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, string[] args)
+    {
+        int i = 1;
+        int port = 4433;
+        uint options = axtls.SSL_DISPLAY_CERTS;
+        bool quiet = false;
+        string password = null;
+        string private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-accept")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Int32.Parse(args[++i]);
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i] == "-cert")
+                {
+                    if (i >= args.Length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i] == "-key")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtls.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i] == "-pass")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i] == "-verify")
+                    {
+                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i] == "-CAfile")
+                    {
+                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i] == "-debug")
+                        {
+                            options |= axtls.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i] == "-state")
+                        {
+                            options |= axtls.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i] == "-show-rsa")
+                        {
+                            options |= axtls.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
+        TcpListener server_sock = new TcpListener(ep);
+        server_sock.Start();      
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(
+                                options, axtls.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Server context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        byte[] buf = null;
+        int res;
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                Console.WriteLine("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.AcceptSocket();
+
+            SSL ssl = ssl_ctx.Connect(client_sock);
+
+            /* do the actual SSL handshake */
+            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.HandshakeStatus() == axtls.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtls.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtls.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            Console.WriteLine("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to string */
+                    char[] str = new char[res];
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    Console.Write(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.Dispose();
+            client_sock.Close();
+        }
+
+        /* ssl_ctx.Dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, string[] args)
+    {
+        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        bool quiet = false;
+        string password = null;
+        int reconnect = 0;
+        string private_key_file = null;
+        string hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+
+        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-connect")
+            {
+                string host_port;
+
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.IndexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new string(host_port.ToCharArray(), 
+                        0, index_colon);
+                port = Int32.Parse(new String(host_port.ToCharArray(), 
+                            index_colon+1, host_port.Length-index_colon-1));
+            }
+            else if (args[i] == "-cert")
+            {
+                if (i >= args.Length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i] == "-key")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtls.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i] == "-CAfile")
+            {
+                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i] == "-verify")
+            {
+                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i] == "-reconnect")
+            {
+                reconnect = 4;
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i] == "-pass")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i] == "-debug")
+                {
+                    options |= axtls.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i] == "-state")
+                {
+                    options |= axtls.SSL_DISPLAY_STATES;
+                }
+                else if (args[i] == "-show-rsa")
+                {
+                    options |= axtls.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
+        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
+        IPAddress[] addresses = hostInfo.AddressList;
+        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
+        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
+                SocketType.Stream, ProtocolType.Tcp);
+        client_sock.Connect(ep);
+
+        if (!client_sock.Connected)
+        {
+            Console.WriteLine("could not connect");
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            Console.WriteLine("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options,
+                                    axtls.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Client context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.Connect(client_sock, session_id);
+
+                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.DisplayError(res);
+                    }
+
+                    ssl.Dispose();
+                    Environment.Exit(1);
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.GetSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.Dispose();
+                    client_sock.Close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(AddressFamily.InterNetwork, 
+                        SocketType.Stream, ProtocolType.Tcp);
+                    client_sock.Connect(ep);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.Connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            string common_name =
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                Console.WriteLine("Common Name:\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        for (;;)
+        {
+            string user_input = Console.ReadLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.Length+2];
+            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.Length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.Length-2; i++)
+            {
+                buf[i] = (byte)user_input[i];
+            }
+
+            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.DisplayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.Dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(string option)
+    {
+        Console.WriteLine("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        Console.WriteLine("usage: axssl.csharp [s_server|" +
+                            "s_client|version] [args ...]");
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+        Console.WriteLine("usage: s_server [args ...]");
+        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        Console.WriteLine(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+        {
+          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
+                  "addition to default) to chain -");
+          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
+          Console.WriteLine(" -key arg\t- Private key file to use");
+          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            Console.WriteLine(" -verify\t- turn on peer certificate " +
+                    "verification");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + 
+                    ca_cert_size + "times");
+        }
+
+        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+        {
+            Console.WriteLine(" -debug\t\t- Print more output");
+            Console.WriteLine(" -state\t\t- Show state messages");
+            Console.WriteLine(" -show-rsa\t- Show RSA state");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            Console.WriteLine("usage: s_client [args ...]");
+            Console.WriteLine(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            Console.WriteLine(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            Console.WriteLine(" -cert arg\t- certificate file to use");
+            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
+            Console.WriteLine(" -key arg\t- Private key file to use");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            Console.WriteLine(" -quiet\t\t- No client output");
+            Console.WriteLine(" -pass\t\t- private key file pass " + 
+                    "phrase source");
+            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                Console.WriteLine(" -debug\t\t- Print more output");
+                Console.WriteLine(" -state\t\t- Show state messages");
+                Console.WriteLine(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            Console.WriteLine("Change configuration to allow this feature");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        Console.Write("CIPHER is ");
+
+        switch (ssl.GetCipherId())
+        {
+            case axtls.SSL_AES128_SHA:
+                Console.WriteLine("AES128-SHA");
+                break;
+
+            case axtls.SSL_AES256_SHA:
+                Console.WriteLine("AES256-SHA");
+                break;
+
+            case axtls.SSL_RC4_128_SHA:
+                Console.WriteLine("RC4-SHA");
+                break;
+
+            case axtls.SSL_RC4_128_MD5:
+                Console.WriteLine("RC4-MD5");
+                break;
+
+            default:
+                Console.WriteLine("Unknown - " + ssl.GetCipherId());
+                break;
+        }
+    }
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.GetSessionId();
+
+        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+        foreach (byte b in session_id)
+        {
+            Console.Write("{0:x02}", b);
+        }
+
+        Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+    }
+}
diff --git a/samples/java/Makefile b/samples/java/Makefile
new file mode 100644
index 0000000000..eca097ec70
--- /dev/null
+++ b/samples/java/Makefile
@@ -0,0 +1,39 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all : sample
+JAR=../../$(STAGE)/axtls.jar
+CLASSES=../../bindings/java/classes
+sample : $(JAR)
+
+$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
+	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
+
+JAVA_FILES=axssl.java
+JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
+
+$(CLASSES)/%.class : %.java
+	javac -d $(CLASSES) -classpath $(CLASSES) $^
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
new file mode 100644
index 0000000000..a08e9a79d3
--- /dev/null
+++ b/samples/java/axssl.java
@@ -0,0 +1,746 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * Demonstrate the use of the axTLS library in Java with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.  *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > java -jar axtls.jar s_server -?
+ * > java -jar axtls.jar s_client -?
+ *
+ * The axtls/axtlsj shared libraries must be in the same directory or be found 
+ * by the OS.
+ */
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import axTLSj.*;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void main(String[] args)
+    {
+        if (args.length == 1 && args[0].equals("version"))
+        {
+            System.out.println("axtls.jar " + SSLUtil.version());
+            System.exit(0);
+        }
+
+        axssl runner = new axssl();
+
+        try
+        {
+            if (args.length < 1 || 
+                    (!args[0].equals("s_server") &&
+                     !args[0].equals("s_client")))
+            {
+                runner.print_options(args.length > 0 ? args[0] : "");
+            }
+
+            int build_mode = SSLUtil.buildMode();
+
+            if (args[0].equals("s_server"))
+                runner.do_server(build_mode, args);
+            else 
+                runner.do_client(build_mode, args);
+        }
+        catch (Exception e) 
+        {
+            System.out.println(e);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, String[] args)
+                    throws Exception
+    {
+        int i = 1;
+        int port = 4433;
+        int options = axtlsj.SSL_DISPLAY_CERTS;
+        boolean quiet = false;
+        String password = null;
+        String private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-accept"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Integer.parseInt(args[++i]);
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i].equals("-cert"))
+                {
+                    if (i >= args.length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i].equals("-key"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i].equals("-pass"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i].equals("-verify"))
+                    {
+                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i].equals("-CAfile"))
+                    {
+                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i].equals("-debug"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i].equals("-state"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i].equals("-show-rsa"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else 
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        ServerSocket server_sock = new ServerSocket(port);
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(options, 
+                                    axtlsj.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+            throw new Exception("Error: Server context is invalid");
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        int res;
+        SSLReadHolder rh = new SSLReadHolder();
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                System.out.println("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.accept();
+
+            SSL ssl = ssl_ctx.connect(client_sock);
+
+            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtlsj.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtlsj.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            System.out.println("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to String */
+                    byte[] buf = rh.getData();
+                    char[] str = new char[res];
+
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    System.out.print(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.dispose();
+            client_sock.close();
+        }
+
+        /* ssl_ctx.dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, String[] args)
+                    throws Exception
+    {
+        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
+            print_client_options(build_mode, args[1]);
+
+        int i = 1, res;
+        int port = 4433;
+        boolean quiet = false;
+        String password = null;
+        int reconnect = 0;
+        String private_key_file = null;
+        String hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+
+        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-connect"))
+            {
+                String host_port;
+
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.indexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new String(host_port.toCharArray(), 
+                        0, index_colon);
+                port = Integer.parseInt(new String(host_port.toCharArray(), 
+                            index_colon+1, host_port.length()-index_colon-1));
+            }
+            else if (args[i].equals("-cert"))
+            {
+                if (i >= args.length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-CAfile"))
+            {
+                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-key"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtlsj.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i].equals("-verify"))
+            {
+                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i].equals("-reconnect"))
+            {
+                reconnect = 4;
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i].equals("-pass"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i].equals("-debug"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i].equals("-state"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_STATES;
+                }
+                else if (args[i].equals("-show-rsa"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        Socket client_sock = new Socket(hostname, port);
+
+        if (!client_sock.isConnected())
+        {
+            System.out.println("could not connect");
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            System.out.println("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options, 
+                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Client context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        SSL ssl = null;
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.connect(client_sock, session_id);
+
+                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.displayError(res);
+                    }
+
+                    ssl.dispose();
+                    throw new Exception();
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.getSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.dispose();
+                    client_sock.close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(hostname, port);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            String common_name =
+                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                System.out.println("Common Name:\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        BufferedReader in = new BufferedReader(
+                new InputStreamReader(System.in));
+
+        for (;;)
+        {
+            String user_input = in.readLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.length()+2];
+            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.length-2; i++)
+            {
+                buf[i] = (byte)user_input.charAt(i);
+            }
+
+            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.displayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(String option)
+    {
+        System.out.println("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
+                "[args ...]");
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+        System.out.println("usage: s_server [args ...]");
+        System.out.println(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        System.out.println(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+        {
+            System.out.println(" -cert arg\t- certificate file to add (in " + 
+                    "addition to default) to chain -");
+            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            System.out.println(" -verify\t- turn on peer certificate " +
+                    "verification");
+            System.out.println(" -CAfile arg\t- Certificate authority. ");
+            System.out.println("\t\t  Can repeat up to " + 
+                    ca_cert_size + " times");
+        }
+
+        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+        {
+            System.out.println(" -debug\t\t- Print more output");
+            System.out.println(" -state\t\t- Show state messages");
+            System.out.println(" -show-rsa\t- Show RSA state");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            System.out.println("usage: s_client [args ...]");
+            System.out.println(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            System.out.println(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            System.out.println(" -cert arg\t- certificate file to use");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println("\t\t  Can repeat up to " + cert_size + 
+                    " times");
+            System.out.println(" -CAfile arg\t- Certificate authority.");
+            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            System.out.println(" -quiet\t\t- No client output");
+            System.out.println(" -pass\t\t- private key file pass " + 
+                        "phrase source");
+            System.out.println(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                System.out.println(" -debug\t\t- Print more output");
+                System.out.println(" -state\t\t- Show state messages");
+                System.out.println(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            System.out.println("Change configuration to allow this feature");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        System.out.print("CIPHER is ");
+
+        byte ciph_id = ssl.getCipherId();
+
+        if (ciph_id == axtlsj.SSL_AES128_SHA)
+            System.out.println("AES128-SHA");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA)
+            System.out.println("AES256-SHA");
+        else if (ciph_id == axtlsj.SSL_RC4_128_SHA)
+            System.out.println("RC4-SHA");
+        else if (ciph_id == axtlsj.SSL_RC4_128_MD5)
+            System.out.println("RC4-MD5");
+        else
+            System.out.println("Unknown - " + ssl.getCipherId());
+    }
+
+    public char toHexChar(int i)
+    {
+        if ((0 <= i) && (i <= 9 ))
+            return (char)('0' + i);
+        else
+            return (char)('a' + (i-10));
+    }
+
+    public void bytesToHex(byte[] data) 
+    {
+        StringBuffer buf = new StringBuffer();
+        for (int i = 0; i < data.length; i++ ) 
+        {
+            buf.append(toHexChar((data[i]>>>4)&0x0F));
+            buf.append(toHexChar(data[i]&0x0F));
+        }
+
+        System.out.println(buf);
+    }
+
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.getSessionId();
+        int i;
+
+        System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+        bytesToHex(session_id);
+        System.out.println("-----END SSL SESSION PARAMETERS-----");
+    }
+}
diff --git a/samples/java/manifest.mf b/samples/java/manifest.mf
new file mode 100644
index 0000000000..b906ed29ed
--- /dev/null
+++ b/samples/java/manifest.mf
@@ -0,0 +1 @@
+Main-Class: axssl
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
new file mode 100644
index 0000000000..0ad96070fd
--- /dev/null
+++ b/samples/perl/Makefile
@@ -0,0 +1,31 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: samples
+TARGET=../../$(STAGE)/axssl.pl
+samples: $(TARGET)
+
+$(TARGET): axssl.pl
+	install $< $@
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
new file mode 100755
index 0000000000..cbfd58fdb7
--- /dev/null
+++ b/samples/perl/axssl.pl
@@ -0,0 +1,629 @@
+#!/usr/bin/perl -w
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# Demonstrate the use of the axTLS library in Perl with a set of 
+# command-line parameters similar to openssl. In fact, openssl clients 
+# should be able to communicate with axTLS servers and visa-versa.
+#
+# This code has various bits enabled depending on the configuration. To enable
+# the most interesting version, compile with the 'full mode' enabled.
+#
+# To see what options you have, run the following:
+# > [perl] axssl s_server -?
+# > [perl] axssl s_client -?
+#
+# The axtls/axtlsp shared libraries must be in the same directory or be found 
+# by the OS. axtlsp.pm must be in this directory or be in @INC.
+#
+# Under Win32, ActivePerl was used (see
+# http://www.activestate.com/Products/ActivePerl/?mp=1)
+#
+use axtlsp;
+use IO::Socket;
+
+# To get access to Win32 file descriptor stuff
+my $is_win32 = 0;
+
+if ($^O eq "MSWin32")
+{
+    eval("use Win32API::File 0.08 qw( :ALL )");
+    $is_win32 = 1;
+}
+
+use strict;
+
+#
+# Win32 has some problems with socket handles
+#
+sub get_native_sock
+{
+    my ($sock) = @_;
+    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
+}
+
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
+if ($#ARGV == 0 && $ARGV[0] eq "version")
+{
+    printf("axssl.pl ".axtlsp::ssl_version()."\n");
+    exit 0;
+}
+
+print_options($#ARGV > -1 ? $ARGV[0] : "")
+        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
+
+
+# Cygwin/Win32 issue - flush our output continuously
+select STDOUT;
+local $|=1;
+
+my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
+$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
+
+#
+# Implement the SSL server logic. 
+#
+sub do_server
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_DISPLAY_CERTS;
+    my $quiet = 0;
+    my $password = undef;
+    my $private_key_file = undef;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+    my @cert;
+    my @ca_cert;
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq  "-accept")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $port = $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+        {
+            if ($ARGV[$i] eq "-cert")
+            {
+                print_server_options($build_mode, $ARGV[$i]) 
+                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+                push @cert,  $ARGV[++$i];
+            }
+            elsif ($ARGV[$i] eq "-key")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $private_key_file = $ARGV[++$i];
+                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+            }
+            elsif ($ARGV[$i] eq "-pass")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $password = $ARGV[++$i];
+            }
+            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+            {
+                if ($ARGV[$i] eq "-verify")
+                {
+                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
+                }
+                elsif ($ARGV[$i] eq "-CAfile")
+                {
+                    print_server_options($build_mode, $ARGV[$i])  
+                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+                    push @ca_cert, $ARGV[++$i];
+                }
+                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+                {
+                    if ($ARGV[$i] eq "-debug")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
+                    }
+                    elsif ($ARGV[$i] eq "-state")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_STATES;
+                    }
+                    elsif ($ARGV[$i] eq "-show-rsa")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_RSA;
+                    }
+                    else
+                    {
+                        print_server_options($build_mode, $ARGV[$i]);
+                    }
+                }
+                else
+                {
+                    print_server_options($build_mode, $ARGV[$i]);
+                }
+            }
+            else 
+            {
+                print_server_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else 
+        {
+            print_server_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    # Create socket for incoming connections
+    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => $port,
+                              Listen => 1,
+                              Reuse => 1) or die $!;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
+    die "Error: Server context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    for (;;)
+    {
+        printf("ACCEPT\n") if not $quiet;
+        my $client_sock = $server_sock->accept;
+        my $native_sock = get_native_sock($client_sock->fileno);
+
+        # This doesn't work in Win32 - need to get file descriptor from socket.
+        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
+
+        # do the actual SSL handshake
+        my $res;
+        my $buf;
+
+        while (1)
+        {
+            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+            last if $res != $axtlsp::SSL_OK;
+
+            # check when the connection has been established
+            last if axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK;
+
+            # could do something else here
+        }
+
+        if ($res == $axtlsp::SSL_OK) # connection established and ok
+        {
+            if (!$quiet)
+            {
+                display_session_id($ssl);
+                display_cipher($ssl);
+            }
+
+            # now read (and display) whatever the client sends us
+            for (;;)
+            {
+                # keep reading until we get something interesting
+                while (1)
+                {
+                    ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+                    last if $res != $axtlsp::SSL_OK;
+
+                    # could do something else here
+                }
+
+                if ($res < $axtlsp::SSL_OK)
+                {
+                    printf("CONNECTION CLOSED\n") if not $quiet;
+                    last;
+                }
+
+                printf($$buf);
+            }
+        }
+        elsif (!$quiet)
+        {
+            axtlsp::ssl_display_error($res);
+        }
+
+        # client was disconnected or the handshake failed.
+        axtlsp::ssl_free($ssl);
+        $client_sock->close;
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+}
+
+#
+# Implement the SSL client logic.
+#
+sub do_client
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
+    my $private_key_file = undef;
+    my $reconnect = 0;
+    my $quiet = 0;
+    my $password = undef;
+    my @session_id;
+    my $host = "127.0.0.1";
+    my @cert;
+    my @ca_cert;
+    my $cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq "-connect")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            ($host, $port) = split(':', $ARGV[++$i]);
+        }
+        elsif ($ARGV[$i] eq "-cert")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+            push @cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-key")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $private_key_file = $ARGV[++$i];
+            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+        }
+        elsif ($ARGV[$i] eq "-CAfile")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+
+            push @ca_cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-verify")
+        {
+            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
+        }
+        elsif ($ARGV[$i] eq "-reconnect")
+        {
+            $reconnect = 4;
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($ARGV[$i] eq "-pass")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $password = $ARGV[++$i];
+        }
+        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            if ($ARGV[$i] eq "-debug")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_BYTES;
+            }
+            elsif ($ARGV[$i] eq "-state")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_STATES;
+            }
+            elsif ($ARGV[$i] eq "-show-rsa")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_RSA;
+            }
+            else    # don't know what this is
+            {
+                print_client_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else    # don't know what this is
+        {
+            print_client_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    my $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+    my $ssl;
+    my $res;
+    my $native_sock = get_native_sock($client_sock->fileno);
+
+    printf("CONNECTED\n") if not $quiet;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
+    die "Error: Client context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    # Try session resumption?
+    if ($reconnect)
+    {
+        my $session_id = undef;
+        while ($reconnect--)
+        {
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
+
+            $res = axtlsp::ssl_handshake_status($ssl);
+            if ($res != $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if !$quiet;
+                axtlsp::ssl_free($ssl);
+                exit 1;
+            }
+
+            display_session_id($ssl);
+            $session_id = axtlsp::ssl_get_session_id($ssl);
+
+            if ($reconnect)
+            {
+                axtlsp::ssl_free($ssl);
+                $client_sock->close;
+                $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+
+            }
+        }
+    }
+    else
+    {
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
+    }
+
+    # check the return status
+    $res = axtlsp::ssl_handshake_status($ssl);
+    if ($res != $axtlsp::SSL_OK)
+    {
+        axtlsp::ssl_display_error($res) if not $quiet;
+        exit 1;
+    }
+
+    if (!$quiet)
+    {
+        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
+                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
+
+        printf("Common Name:\t\t%s\n", $common_name) if defined $common_name;
+        display_session_id($ssl);
+        display_cipher($ssl);
+    }
+
+    while (<STDIN>)
+    {
+        my $cstring = pack("a*x", $_);   # add null terminator
+        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
+        if ($res < $axtlsp::SSL_OK)
+        {
+            axtlsp::ssl_display_error($res) if not $quiet;
+            last;
+        }
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+    $client_sock->close;
+}
+
+#
+# We've had some sort of command-line error. Print out the basic options.
+#
+sub print_options
+{
+    my ($option) = @_;
+    printf("axssl: Error: '%s' is an invalid command.\n", $option);
+    printf("usage: axssl [s_server|s_client] [args ...]\n");
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the server options.
+#
+sub print_server_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+    printf(" -quiet\t\t- No server output\n");
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+    {
+        printf(" -cert arg\t- certificate file to add (in addition to default)".
+                                        " to chain -\n".
+          "\t\t  default DER format. Can repeat up to %d times\n", $cert_size);
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+    }
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+    {
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+    }
+
+    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+    {
+        printf(" -debug\t\t- Print more output\n");
+        printf(" -state\t\t- Show state messages\n");
+        printf(" -show-rsa\t- Show RSA state\n");
+    }
+
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the client options.
+#
+sub print_client_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
+    {
+        printf("usage: s_client [args ...]\n");
+        printf(" -connect host:port - who to connect to (default ".
+                "is localhost:4433)\n");
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -cert arg\t- certificate file to use - default DER format\n");
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+        printf(" -quiet\t\t- No client output\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+        printf(" -reconnect\t- Drop and re-make the connection ".
+                "with the same Session-ID\n");
+
+        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            printf(" -debug\t\t- Print more output\n");
+            printf(" -state\t\t- Show state messages\n");
+            printf(" -show-rsa\t- Show RSA state\n");
+        }
+    }
+    else
+    {
+        printf("Change configuration to allow this feature\n");
+    }
+
+    exit 1;
+}
+
+#
+# Display what cipher we are using 
+#
+sub display_cipher
+{
+    my ($ssl) = @_;
+    printf("CIPHER is ");
+    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
+
+    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
+    {
+        printf("AES128-SHA");
+    }
+    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
+    {
+        printf("AES256-SHA");
+    }
+    elsif ($axtlsp::SSL_RC4_128_SHA)
+    {
+        printf("RC4-SHA");
+    }
+    elsif ($axtlsp::SSL_RC4_128_MD5)
+    {
+        printf("RC4-MD5");
+    }
+    else 
+    {
+        printf("Unknown - %d", $cipher_id);
+    }
+
+    printf("\n");
+}
+
+#
+# Display what session id we have.
+#
+sub display_session_id
+{    
+    my ($ssl) = @_;
+    my $session_id = axtlsp::ssl_get_session_id($ssl);
+
+    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+    printf(unpack("H*", $$session_id));
+    printf("\n-----END SSL SESSION PARAMETERS-----\n");
+}
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
new file mode 100644
index 0000000000..7349e67cc9
--- /dev/null
+++ b/samples/vbnet/Makefile
@@ -0,0 +1,36 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.dotnet.conf
+
+# only build on Win32 platforms
+ifdef GO_DOT_NET
+all : sample
+TARGET=../../$(STAGE)/axssl.vbnet.exe
+sample : $(TARGET)
+
+$(TARGET): ../../bindings/vbnet/axTLSvb.vb ../../bindings/vbnet/axInterface.vb axssl.vb
+	vbc.exe /r:"`cygpath -w "$(CONFIG_DOT_NET_FRAMEWORK_BASE)/System.dll"`" /nologo /t:exe /out:"`cygpath -w $@`" $(foreach file, $^, "`cygpath -w $(file)`")
+
+endif   # ARCH
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
new file mode 100644
index 0000000000..da6f71984a
--- /dev/null
+++ b/samples/vbnet/axssl.vb
@@ -0,0 +1,687 @@
+'
+'  Copyright(C) 2006 Cameron Rich
+'
+'  This program is free software you can redistribute it and/or modify
+'  it under the terms of the GNU General Public License as published by
+'  the Free Software Foundation either version 2.1 of the License, or
+'  (at your option) any later version.
+'
+'  This program is distributed in the hope that it will be useful,
+'  but WITHOUT ANY WARRANTY without even the implied warranty of
+'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+'  GNU Lesser General Public License for more details.
+'
+'  You should have received a copy of the GNU General Public License
+'  along with this program if not, write to the Free Software
+'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+'
+
+'
+' Demonstrate the use of the axTLS library in VB.NET with a set of 
+' command-line parameters similar to openssl. In fact, openssl clients 
+' should be able to communicate with axTLS servers and visa-versa.
+'
+' This code has various bits enabled depending on the configuration. To enable
+' the most interesting version, compile with the 'full mode' enabled.
+'
+' To see what options you have, run the following:
+' > axssl.vbnet.exe s_server -?
+' > axssl.vbnet.exe s_client -?
+'
+' The axtls shared library must be in the same directory or be found 
+' by the OS.
+'
+
+Imports System
+Imports System.Net
+Imports System.Net.Sockets
+Imports Microsoft.VisualBasic
+Imports axTLSvb
+
+Public Class axssl
+    ' 
+    ' do_server()
+    '
+    Public Sub do_server(ByVal build_mode As Integer, _
+                                        ByVal args() As String)
+        Dim i As Integer = 1
+        Dim port As Integer = 4433
+        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim private_key_file As String = Nothing
+
+        ' organise the cert/ca_cert lists 
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        While i < args.Length
+            If args(i) = "-accept" Then
+                If i >= args.Length-1
+                    print_server_options(build_mode, args(i))
+                End If
+
+                i += 1
+                port = Int32.Parse(args(i))
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And Not axtls.SSL_DISPLAY_CERTS
+            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
+                If args(i) = "-cert"
+                    If i >= args.Length-1 Or cert_index >= cert_size
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    cert(cert_index) = args(i)
+                    cert_index += 1
+                ElseIf args(i) = "-key"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    private_key_file = args(i)
+                    options = options Or axtls.SSL_NO_DEFAULT_KEY
+                ElseIf args(i) = "-pass"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    password = args(i)
+                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+                    If args(i) = "-verify" Then
+                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
+                    ElseIf args(i) = "-CAfile"
+                        If i >= args.Length-1 Or _
+                                    ca_cert_index >= ca_cert_size Then
+                            print_server_options(build_mode, args(i))
+                        End If
+
+                        i += 1
+                        ca_cert(ca_cert_index) = args(i)
+                        ca_cert_index += 1
+                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                        If args(i) = "-debug" Then
+                            options = options Or axtls.SSL_DISPLAY_BYTES
+                        ElseIf args(i) = "-state"
+                            options = options Or axtls.SSL_DISPLAY_STATES
+                        ElseIf args(i) = "-show-rsa"
+                            options = options Or axtls.SSL_DISPLAY_RSA
+                        Else
+                            print_server_options(build_mode, args(i))
+                        End If
+                    Else
+                        print_server_options(build_mode, args(i))
+                    End If
+                Else
+                    print_server_options(build_mode, args(i))
+                End If
+            End If
+
+            i += 1
+        End While
+
+        ' Create socket for incoming connections
+        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
+        Dim server_sock As TcpListener = New TcpListener(ep)
+        server_sock.Start()      
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLServer = New SSLServer(options, _
+                axtls.SSL_DEFAULT_SVR_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Server context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        Dim buf As Byte() = Nothing
+        Dim res As Integer
+        Dim ssl As SSL
+
+        While 1
+            If Not quiet Then
+                Console.WriteLine("ACCEPT")
+            End If
+
+            Dim client_sock As Socket = server_sock.AcceptSocket()
+
+            ssl = ssl_ctx.Connect(client_sock)
+
+            ' do the actual SSL handshake 
+            While 1
+                res = ssl_ctx.Read(ssl, buf)
+                If  res <> axtls.SSL_OK Then
+                    Exit While
+                End If
+
+                ' check when the connection has been established 
+                If ssl.HandshakeStatus() = axtls.SSL_OK
+                    Exit While
+                End If
+
+                ' could do something else here 
+            End While
+
+            If res = axtls.SSL_OK Then  ' connection established and ok
+                If Not quiet
+                    display_session_id(ssl)
+                    display_cipher(ssl)
+                End If
+
+                ' now read (and display) whatever the client sends us
+                While 1
+                    ' keep reading until we get something interesting 
+                    While 1
+                        res = ssl_ctx.Read(ssl, buf)
+                        If res <> axtls.SSL_OK Then
+                            Exit While
+                        End If
+
+                        ' could do something else here
+                    End While
+
+                    If res < axtls.SSL_OK
+                        If Not quiet
+                            Console.WriteLine("CONNECTION CLOSED")
+                        End If
+
+                        Exit While
+                    End If
+
+                    ' convert to String 
+                    Dim str(res) As Char
+                    For i = 0 To res-1
+                        str(i) = Chr(buf(i))
+                    Next
+
+                    Console.Write(str)
+                End While
+            ElseIf Not quiet
+                SSLUtil.DisplayError(res)
+            End If
+
+            ' client was disconnected or the handshake failed. */
+            ssl.Dispose()
+            client_sock.Close()
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    ' 
+    ' do_client()
+    '
+    Public Sub do_client(ByVal build_mode As Integer, _
+                                    ByVal args() As String)
+
+        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
+            print_client_options(build_mode, args(1))
+        End If
+
+        Dim i As Integer = 1
+        Dim res As Integer
+        Dim port As Integer = 4433
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim reconnect As Integer = 0
+        Dim private_key_file As String = Nothing
+        Dim hostname As String = "127.0.0.1"
+
+        ' organise the cert/ca_cert lists
+        Dim ssl As SSL = Nothing
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        Dim options As Integer = _
+                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
+        Dim session_id As Byte() = Nothing
+
+        While i < args.Length
+            If args(i) = "-connect" Then
+                Dim host_port As String
+
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                host_port = args(i)
+
+                Dim index_colon As Integer = host_port.IndexOf(":"C)
+                If index_colon < 0 Then 
+                    print_client_options(build_mode, args(i))
+                End If
+
+                hostname = New String(host_port.ToCharArray(), _
+                        0, index_colon)
+                port = Int32.Parse(New String(host_port.ToCharArray(), _
+                            index_colon+1, host_port.Length-index_colon-1))
+            ElseIf args(i) = "-cert"
+                If i >= args.Length-1 Or cert_index >= cert_size Then
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                cert(cert_index) = args(i)
+                cert_index += 1
+            ElseIf args(i) = "-key"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                private_key_file = args(i)
+                options = options Or axtls.SSL_NO_DEFAULT_KEY
+            ElseIf args(i) = "-CAfile"
+                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                ca_cert(ca_cert_index) = args(i)
+                ca_cert_index += 1
+            ElseIf args(i) = "-verify"
+                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
+            ElseIf args(i) = "-reconnect"
+                reconnect = 4
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And  Not axtls.SSL_DISPLAY_CERTS
+            ElseIf args(i) = "-pass"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                password = args(i)
+            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                If args(i) = "-debug" Then
+                    options = options Or axtls.SSL_DISPLAY_BYTES
+                ElseIf args(i) = "-state"
+                    options = options Or axtls.SSL_DISPLAY_STATES
+                ElseIf args(i) = "-show-rsa"
+                    options = options Or axtls.SSL_DISPLAY_RSA
+                Else
+                    print_client_options(build_mode, args(i))
+                End If
+            Else    ' don't know what this is 
+                print_client_options(build_mode, args(i))
+            End If
+
+            i += 1
+        End While
+
+        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
+        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
+        Dim  addresses As IPAddress() = hostInfo.AddressList
+        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
+        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
+                SocketType.Stream, ProtocolType.Tcp)
+        client_sock.Connect(ep)
+
+        If Not client_sock.Connected Then
+            Console.WriteLine("could not connect")
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Console.WriteLine("CONNECTED")
+        End If
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLClient = New SSLClient(options, _
+                axtls.SSL_DEFAULT_CLNT_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Client context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        ' Try session resumption?
+        If reconnect > 0 Then
+            While reconnect > 0
+                reconnect -= 1
+                ssl = ssl_ctx.Connect(client_sock, session_id)
+
+                res = ssl.HandshakeStatus()
+                If res <> axtls.SSL_OK Then
+                    If Not quiet Then
+                        SSLUtil.DisplayError(res)
+                    End If
+
+                    ssl.Dispose()
+                    Environment.Exit(1)
+                End If
+
+                display_session_id(ssl)
+                session_id = ssl.GetSessionId()
+
+                If reconnect > 0 Then
+                    ssl.Dispose()
+                    client_sock.Close()
+                    
+                    ' and reconnect
+                    client_sock = New Socket(AddressFamily.InterNetwork, _
+                        SocketType.Stream, ProtocolType.Tcp)
+                    client_sock.Connect(ep)
+                End If
+            End While
+        Else
+            ssl = ssl_ctx.Connect(client_sock, Nothing)
+        End If
+
+        ' check the return status 
+        res = ssl.HandshakeStatus()
+        If res <> axtls.SSL_OK Then
+            If Not quiet Then
+                SSLUtil.DisplayError(res)
+            End If
+
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Dim common_name As String = _
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
+
+            If common_name <> Nothing
+                Console.WriteLine("Common Name:" & _
+                        ControlChars.Tab & ControlChars.Tab & common_name)
+            End If
+
+            display_session_id(ssl)
+            display_cipher(ssl)
+        End If
+
+        While (1)
+            Dim user_input As String = Console.ReadLine()
+
+            If user_input = Nothing Then
+                Exit While
+            End If
+
+            Dim buf(user_input.Length+1) As Byte
+            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
+            buf(buf.Length-1) = 0                    ' null terminate 
+
+            For i = 0 To user_input.Length-1
+                buf(i) = Asc(user_input.Chars(i))
+            Next
+
+            res = ssl_ctx.Write(ssl, buf, buf.Length)
+            If res < axtls.SSL_OK Then
+                If Not quiet Then
+                    SSLUtil.DisplayError(res)
+                End If
+
+                Exit While
+            End If
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    '
+    ' Display what cipher we are using
+    '
+    Private Sub display_cipher(ByVal ssl As SSL)
+        Console.Write("CIPHER is ")
+
+        Select ssl.GetCipherId()
+            Case axtls.SSL_AES128_SHA
+                Console.WriteLine("AES128-SHA")
+
+            Case axtls.SSL_AES256_SHA
+                Console.WriteLine("AES256-SHA")
+
+            Case axtls.SSL_RC4_128_SHA
+                Console.WriteLine("RC4-SHA")
+
+            Case axtls.SSL_RC4_128_MD5
+                Console.WriteLine("RC4-MD5")
+
+            Case Else
+                Console.WriteLine("Unknown - " & ssl.GetCipherId())
+        End Select
+    End Sub
+
+    '
+    ' Display what session id we have.
+    '
+    Private Sub display_session_id(ByVal ssl As SSL)
+        Dim session_id As Byte() = ssl.GetSessionId()
+
+        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+        Dim b As Byte
+        For Each b In session_id
+            Console.Write("{0:x02}", b)
+        Next
+
+        Console.WriteLine()
+        Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the basic options.
+    '
+    Public Sub print_options(ByVal options As String)
+        Console.WriteLine("axssl: Error: '" & options & _
+                "' is an invalid command.")
+        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
+                "version] [args ...]")
+        Environment.Exit(1)
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the server options.
+    '
+    Private Sub print_server_options(ByVal build_mode As Integer, _
+                                    ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+        Console.WriteLine("usage: s_server [args ...]")
+        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
+                "- port to accept on (default is 4433)")
+        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
+                "- No server output")
+        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+               "- certificate file to add (in addition to default) to chain -")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                        "- Private key file to use")
+            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
+                    "- private key file pass phrase source")
+        End If
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+        End If
+
+        If build_mode = axtls.SSL_BUILD_FULL_MODE
+            Console.WriteLine(" -debug" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Print more output")
+            Console.WriteLine(" -state" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Show state messages")
+            Console.WriteLine(" -show-rsa" & _
+                    ControlChars.Tab & "- Show RSA state")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+    '
+    ' We've had some sort of command-line error. Print out the client options.
+    '
+    Private Sub print_client_options(ByVal build_mode As Integer, _
+                                                ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
+            Console.WriteLine("usage: s_client [args ...]")
+            Console.WriteLine(" -connect host:port - who to connect to " & _
+                    "(default is localhost:4433)")
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+                    "- certificate file to use")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                    "- Private key file to use")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+            Console.WriteLine(" -quiet" & _
+                    ControlChars.Tab & ControlChars.Tab & "- No client output")
+            Console.WriteLine(" -pass" & ControlChars.Tab & _
+                    ControlChars.Tab & _
+                    "- private key file pass phrase source")
+            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
+                    "- Drop and re-make the " & _
+                    "connection with the same Session-ID")
+
+            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
+                Console.WriteLine(" -debug" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Print more output")
+                Console.WriteLine(" -state" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Show state messages")
+                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
+                        "- Show RSA state")
+            End If
+        Else 
+            Console.WriteLine("Change configuration to allow this feature")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+End Class
+
+Public Module MyMain
+    Function Main(ByVal args() As String) As Integer
+        Dim runner As axssl = New axssl()
+
+        If args.Length = 1 And args(0) = "version" Then
+           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
+            Environment.Exit(0)
+        End If
+
+        If args.Length < 1 
+            runner.print_options("")
+        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
+            runner.print_options(args(0))
+        End If
+
+        Dim build_mode As Integer = SSLUtil.BuildMode()
+
+        If args(0) = "s_server" Then
+            runner.do_server(build_mode, args)
+        Else
+            runner.do_client(build_mode, args)
+        End If
+    End Function
+End Module
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
new file mode 100644
index 0000000000..04c7438c07
--- /dev/null
+++ b/ssl/BigIntConfig.in
@@ -0,0 +1,132 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "BigInt Options"
+    depends on !CONFIG_SSL_SKELETON_MODE
+
+choice
+    prompt "Reduction Algorithm"
+    default CONFIG_BIGINT_BARRETT 
+
+config CONFIG_BIGINT_CLASSICAL
+    bool "Classical"
+    help
+        Classical uses standard division. It has no limitations and is
+        theoretically the slowest due to the divisions used. For this particular
+        implementation it is surprisingly quite fast.
+
+config CONFIG_BIGINT_MONTGOMERY
+    bool "Montgomery"
+    help
+        Montgomery uses simple addition and multiplication to achieve its
+        performance. In this implementation it is slower than classical, 
+        and it has the limitation that 0 <= x, y < m, and so is not used 
+        when CRT is active.
+
+        This option will not be normally selected.
+
+config CONFIG_BIGINT_BARRETT
+    bool "Barrett"
+    help
+        Barrett performs expensive precomputation before reduction and partial
+        multiplies for computational speed. It can't be used with some of the
+        calculations when CRT is used, and so defaults to classical when this
+        occurs.
+
+        It is about 40% faster than Classical/Montgomery with the expense of
+        about 2kB, and so this option is normally selected.
+
+endchoice
+
+config CONFIG_BIGINT_CRT
+    bool "Chinese Remainder Theorem (CRT)"
+    default y
+    help 
+        Allow the Chinese Remainder Theorem (CRT) to be used.
+
+        Uses a number of extra coefficients from the private key to improve the
+        performance of a decryption. This feature is one of the most 
+        significant performance improvements (it reduces a decryption time by 
+        over 3 times).
+
+        This option should be selected.
+
+config CONFIG_BIGINT_KARATSUBA
+    bool "Karatsuba Multiplication"
+    default n
+    help
+        Allow Karasuba multiplication to be used.
+ 
+        Uses 3 multiplications (plus a number of additions/subtractions) 
+        instead of 4. Multiplications are O(N^2) but addition/subtraction 
+        is O(N) hence for large numbers is beneficial. For this project, the 
+        effect was only useful for 4096 bit keys. As these aren't likely to 
+        be used, the feature is disabled by default. 
+        
+        It costs about 2kB to enable it.
+
+config MUL_KARATSUBA_THRESH
+    int "Karatsuba Multiplication Theshold"
+    default 20
+    depends on CONFIG_BIGINT_KARATSUBA
+    help
+        The minimum number of components needed before Karasuba muliplication
+        is used.
+ 
+        This is very dependent on the speed/implementation of bi_add()/
+        bi_subtract(). There is a bit of trial and error here and will be
+        at a different point for different architectures.
+
+config SQU_KARATSUBA_THRESH
+    int "Karatsuba Square Threshold"
+    default 40
+    depends on CONFIG_BIGINT_KARATSUBA && CONFIG_BIGINT_SQUARE
+    help    
+        The minimum number of components needed before Karatsuba squaring
+        is used.
+ 
+        This is very dependent on the speed/implementation of bi_add()/
+        bi_subtract(). There is a bit of trial and error here and will be
+        at a different point for different architectures.
+
+config CONFIG_BIGINT_SLIDING_WINDOW
+    bool "Sliding Window Exponentiation"
+    default y
+    help
+        Allow Sliding-Window Exponentiation to be used.
+ 
+        Potentially processes more than 1 bit at a time when doing 
+        exponentiation. The sliding-window technique reduces the number of 
+        precomputations compared to other precomputed techniques.
+
+        It results in a considerable performance improvement with it enabled
+        (it halves the decryption time) and so should be selected.
+
+config CONFIG_BIGINT_SQUARE
+    bool "Square Algorithm"
+    default y
+    help
+        Allow squaring to be used instead of a multiplication.
+ 
+        Squaring is theoretically 50% faster than a standard multiply 
+        (but is actually about 25% faster). 
+
+        It gives a 20% speed improvement and so should be selected.
+
+config CONFIG_BIGINT_CHECK_ON
+    bool "BigInt Integrity Checking"
+    default n if !CONFIG_DEBUG
+    default y if CONFIG_DEBUG
+    help
+        This is used when developing bigint algorithms. It performs a sanity
+        check on all operations at the expense of speed.
+        
+        This option is only selected when developing and should normally be
+        turned off.
+
+endmenu
+
+
+
diff --git a/ssl/Config.in b/ssl/Config.in
new file mode 100644
index 0000000000..1b6f4641bf
--- /dev/null
+++ b/ssl/Config.in
@@ -0,0 +1,274 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+
+menu "SSL Library"
+
+choice
+    prompt "Mode"
+    default CONFIG_SSL_FULL_MODE
+
+config CONFIG_SSL_SERVER_ONLY
+    bool "Server only - no verification"
+    help
+        Enable server functionality (no client functionality). 
+        This mode still supports sessions and chaining (which can be turned
+        off in configuration).
+
+        The axssl sample runs with the minimum of features.
+                
+        This is the most space efficient of the modes with the library 
+        about 45kB in size. Use this mode if you are doing standard SSL server
+        work.
+
+config CONFIG_SSL_CERT_VERIFICATION
+    bool "Server only - with verification"
+    help
+        Enable server functionality with client authentication (no client
+        functionality). 
+
+        The axssl sample runs with the "-verify" and "-CAfile" options.
+
+        This mode produces a library about 49kB in size. Use this mode if you
+        have an SSL server which requires client authentication (which is 
+        uncommon in browser applications).
+
+config CONFIG_SSL_ENABLE_CLIENT
+    bool "Client/Server enabled"
+    help
+        Enable client/server functionality (including peer authentication).
+
+        The axssl sample runs with the "s_client" option enabled.
+
+        This mode produces a library about 51kB in size. Use this mode if you
+        require axTLS to use SSL client functionality (the SSL server code
+        is always enabled).
+
+config CONFIG_SSL_FULL_MODE
+    bool "Client/Server enabled with diagnostics"
+    help
+        Enable client/server functionality including diagnostics. Most of the
+        extra size in this mode is due to the storage of various strings that
+        are used.
+
+        The axssl sample has 3 more options, "-debug", "-state" and "-show-rsa"
+
+        This mode produces a library about 58kB in size. It is suggested that 
+        this mode is used only during development, or systems that have more
+        generous memory limits.
+
+        It is the default to demonstrate the features of axTLS.
+
+config CONFIG_SSL_SKELETON_MODE
+    bool "Skeleton mode - the smallest server mode"
+    help
+        This is an experiment to build the smallest library at the expense of
+        features and speed.
+
+        * Server mode only.
+        * The AES cipher is disabled.
+        * No session resumption.
+        * No external keys/certificates are supported.
+        * The bigint library has most of the performance features disabled.
+        * Some other features/API calls may not work.
+
+        This mode produces a library about 37kB in size. The main
+        disadvantage of this mode is speed - it will be much slower than the 
+        other build modes.
+
+endchoice
+
+choice
+    prompt "Protocol Preference"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default CONFIG_SSL_PROT_MEDIUM
+
+config CONFIG_SSL_PROT_LOW
+    bool "Low"
+    help
+        Chooses the cipher in the order of RC4-SHA, AES128-SHA, AES256-SHA.
+      
+        This will use the fastest cipher(s) but at the expense of security.
+
+config CONFIG_SSL_PROT_MEDIUM
+    bool "Medium"
+    help
+        Chooses the cipher in the order of AES128-SHA, AES256-SHA, RC4-SHA.
+       
+        This mode is a balance between speed and security and is the default.
+
+config CONFIG_SSL_PROT_HIGH
+    bool "High"
+    help
+        Chooses the cipher in the order of AES256-SHA, AES128-SHA, RC4-SHA.
+        
+        This will use the strongest cipher(s) at the cost of speed.
+
+endchoice
+
+config CONFIG_SSL_USE_DEFAULT_KEY
+    bool "Enable default key"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default y 
+    help
+        Some applications will not require the default private key/certificate
+        that is built in. This is one way to save on a couple of kB's if an
+        external private key/certificate is used.
+
+        The advantage of a built-in private key/certificate is that no file
+        system is required for access. 
+        
+        However this private key/certificate can never be changed (without a
+        code update).
+
+        This mode is enabled by default. Disable this mode if the 
+        built-in key/certificate is not used.
+
+config CONFIG_SSL_ENABLE_V23_HANDSHAKE
+    bool "Enable v23 Handshake"
+    default y
+    help
+        Some browsers use the v23 handshake client hello message 
+        (an SSL2 format message which all SSL servers can understand). 
+        It may be used if SSL2 is enabled in the browser.
+
+        Since this feature takes a kB or so, this feature may be disabled - at
+        the risk of making it incompatible with some browsers (IE6 is ok,
+        Firefox 1.5 and below use it).
+
+        Disable if backwards compatibility is not an issue (i.e. the client is
+        always using TLS1.0)
+
+config CONFIG_SSL_HAS_PEM
+    bool "Enable PEM"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SKELETON_MODE
+    help
+        Enable the use of PEM format for certificates and private keys.
+
+        PEM is not normally needed - PEM files can be converted into DER files
+        quite easily. However they have the convenience of allowing multiple
+        certificates/keys in the same file.
+        
+        This feature will add a couple of kB to the library. 
+
+        Disable if PEM is not used (which will be in most cases).
+
+config CONFIG_SSL_USE_PKCS12
+    bool "Use PKCS8/PKCS12"
+    default n if !CONFIG_SSL_FULL_MODE
+    default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        PKCS#12 certificates combine private keys and certificates together in
+        one file.
+
+        PKCS#8 private keys are also suppported (as it is a subset of PKCS#12).
+
+        The decryption of these certificates uses RC4-128 (and these
+        certificates must be encrypted using this cipher). The actual
+        algorithm is "PBE-SHA1-RC4-128".
+
+        Disable if PKCS#12 is not used (which will be in most cases).
+
+config CONFIG_SSL_EXPIRY_TIME
+    int "Session expiry time (in hours)"
+    depends on !CONFIG_SSL_SKELETON_MODE
+    default 24 
+    help
+        The time (in hours) before a session expires. 
+        
+        A longer time means that the expensive parts of a handshake don't 
+        need to be run when a client reconnects later.
+
+        The default is 1 day.
+
+config CONFIG_X509_MAX_CA_CERTS
+    int "Maximum number of certificate authorites"
+    default 4
+    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+    help
+        Determines the number of CA's allowed. 
+
+        Increase this figure if more trusted sites are allowed. Each
+        certificate adds about 300 bytes (when added).
+
+        The default is to allow four certification authorities.
+
+config CONFIG_SSL_MAX_CERTS
+    int "Maximum number of chained certificates"
+    default 2
+    help
+        Determines the number of certificates used in a certificate
+        chain. The chain length must be at least 1.
+
+        Increase this figure if more certificates are to be added to the 
+        chain. Each certificate adds about 300 bytes (when added).
+
+        The default is to allow one certificate + 1 certificate in the chain
+        (which may be the certificate authority certificate).
+
+config CONFIG_SSL_CTX_MUTEXING
+    bool "Enable SSL_CTX mutexing"
+    default n
+    help
+        Normally mutexing is not required - each SSL_CTX object can deal with
+        many SSL objects (as long as each SSL_CTX object is using a single
+        thread).
+
+        If the SSL_CTX object is not thread safe e.g. the case where a 
+        new thread is created for each SSL object, then mutexing is required. 
+
+        Select y when a mutex on the SSL_CTX object is required.
+
+config CONFIG_USE_DEV_URANDOM
+    bool "Use /dev/urandom"
+    default y
+    depends on !CONFIG_PLATFORM_WIN32
+    help 
+        Use /dev/urandom. Otherwise a custom RNG is used.
+
+        This will be the default on most Linux systems.
+
+config CONFIG_WIN32_USE_CRYPTO_LIB
+    bool "Use Win32 Crypto Library"
+    default y if !CONFIG_VISUAL_STUDIO_6_0
+    default n if CONFIG_VISUAL_STUDIO_6_0
+    depends on CONFIG_PLATFORM_WIN32
+    help 
+        Microsoft produce a Crypto API which requires the Platform SDK to be
+        installed. It's used for the RNG.
+
+        This will be the default on most Win32 systems. If using Visual Studio
+        6.0, then the SDK containing the crypto libraries must be used.
+
+config CONFIG_OPENSSL_COMPATIBLE
+    bool "Enable openssl API compatibility"
+    default n
+    help 
+        To ease the porting of openssl applications, a subset of the openssl
+        API is wrapped around the axTLS API.
+
+        Note: not all the API is implemented, so parts may still break. And
+        it's definitely not 100% compatible.
+
+config CONFIG_PERFORMANCE_TESTING
+    bool "Build the bigint performance test tool"
+    default n
+    help
+        Used for performance testing of bigint.
+
+        This is a testing tool and is normally disabled.
+
+config CONFIG_SSL_TEST
+    bool "Build the SSL testing tool"
+    default n
+    depends on CONFIG_SSL_FULL_MODE
+    help
+        Used for sanity checking the SSL handshaking.
+
+        This is a testing tool and is normally disabled.
+
+endmenu
diff --git a/ssl/Makefile b/ssl/Makefile
new file mode 100644
index 0000000000..139011d3d1
--- /dev/null
+++ b/ssl/Makefile
@@ -0,0 +1,101 @@
+#
+#  Copyright(C) 2007 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../config/.config
+include ../config/makefile.conf
+
+all: libs
+ifdef CONFIG_PERFORMANCE_TESTING
+	$(MAKE) -C test
+else
+ifdef CONFIG_SSL_TEST
+	$(MAKE) -C test
+endif
+endif
+
+ifndef CONFIG_PLATFORM_WIN32
+TARGET1=../$(STAGE)/libaxtls.a
+BASETARGET=libaxtls.so
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET2=../$(STAGE)/libaxtls.dll.a
+else
+TARGET2=../$(STAGE)/$(LIBMINOR)
+endif
+
+# shared library major/minor numbers
+LIBMAJOR=$(BASETARGET).1
+LIBMINOR=$(BASETARGET).1.1
+else
+TARGET1=axtls.lib
+TARGET2=../$(STAGE)/axtls.dll
+STATIC_LIB=../$(STAGE)/axtls.static.lib
+endif
+
+libs: $(TARGET1) $(TARGET2)
+
+OBJ=\
+	aes.o \
+	asn1.o \
+	bigint.o \
+	crypto_misc.o \
+	hmac.o \
+	os_port.o \
+	loader.o \
+	md5.o \
+	openssl.o \
+	p12.o \
+	rsa.o \
+	rc4.o \
+	sha1.o \
+	tls1.o \
+	tls1_svr.o \
+	tls1_clnt.o
+
+include ../config/makefile.post
+
+ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
+
+$(TARGET1) : $(OBJ)
+	$(AR) -r $@ $(OBJ)
+
+$(TARGET2) : $(OBJ)
+ifndef CONFIG_PLATFORM_CYGWIN
+	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
+	cd ../$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
+else
+	$(LD) $(LDFLAGS) $(LDSHARED) -o ../$(STAGE)/cygaxtls.dll \
+    -Wl,--out-implib=../$(STAGE)/libaxtls.dll.a \
+    -Wl,--export-all-symbols \
+    -Wl,--enable-auto-import $(OBJ)
+endif
+
+else  # Win32
+
+$(TARGET1) : $(OBJ)
+	$(AR) /out:$@ $(OBJ)
+
+$(TARGET2) : $(OBJ)
+	cp $(TARGET1) $(STATIC_LIB)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+
+endif    
+
+clean::
+	$(MAKE) -C test clean
+	-@rm -f ../$(STAGE)/* *.a *.lib
+
diff --git a/ssl/aes.c b/ssl/aes.c
new file mode 100644
index 0000000000..520bd01a92
--- /dev/null
+++ b/ssl/aes.c
@@ -0,0 +1,444 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * AES implementation - this is a small code version. There are much faster
+ * versions around but they are much larger in size (i.e. they use large 
+ * submix tables).
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/* all commented out in skeleton mode */
+#ifndef CONFIG_SSL_SKELETON_MODE
+
+#define rot1(x) (((x) << 24) | ((x) >> 8))
+#define rot2(x) (((x) << 16) | ((x) >> 16))
+#define rot3(x) (((x) <<  8) | ((x) >> 24))
+
+/* 
+ * This cute trick does 4 'mul by two' at once.  Stolen from
+ * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
+ * a standard graphics trick
+ * The key to this is that we need to xor with 0x1b if the top bit is set.
+ * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
+ * c 0000 0001   0000 0000 we then subtract (c) from (b)
+ * d 0111 1111   0000 0000 and now we and with our mask
+ * e 0001 1011   0000 0000
+ */
+#define mt  0x80808080
+#define ml  0x7f7f7f7f
+#define mh  0xfefefefe
+#define mm  0x1b1b1b1b
+#define mul2(x,t)	((t)=((x)&mt), \
+			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
+
+#define inv_mix_col(x,f2,f4,f8,f9) (\
+			(f2)=mul2(x,f2), \
+			(f4)=mul2(f2,f4), \
+			(f8)=mul2(f4,f8), \
+			(f9)=(x)^(f8), \
+			(f8)=((f2)^(f4)^(f8)), \
+			(f2)^=(f9), \
+			(f4)^=(f9), \
+			(f8)^=rot3(f2), \
+			(f8)^=rot2(f4), \
+			(f8)^rot1(f9))
+
+/*
+ * AES S-box
+ */
+static const uint8_t aes_sbox[256] =
+{
+	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
+	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
+	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
+	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
+	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
+	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
+	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
+	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
+	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
+	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
+	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
+	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
+	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
+	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
+	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
+	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
+	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
+	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
+	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
+	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
+	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
+	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
+	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
+	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
+	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
+	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
+	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
+	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
+	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
+	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
+	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
+	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
+};
+
+/*
+ * AES is-box
+ */
+static const uint8_t aes_isbox[256] = 
+{
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const unsigned char Rcon[30]=
+{
+	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
+	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
+	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
+	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
+};
+
+/* ----- static functions ----- */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
+
+/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
+   x^8+x^4+x^3+x+1 */
+static unsigned char AES_xtime(uint32_t x)
+{
+	return x = (x&0x80) ? (x<<1)^0x1b : x<<1;
+}
+
+/**
+ * Set up AES with the key/iv and cipher size.
+ */
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode)
+{
+    int i, ii;
+    uint32_t *W, tmp, tmp2;
+    const unsigned char *ip;
+    int words;
+
+    switch (mode)
+    {
+        case AES_MODE_128:
+            i = 10;
+            words = 4;
+            break;
+
+        case AES_MODE_256:
+            i = 14;
+            words = 8;
+            break;
+
+        default:        /* fail silently */
+            return;
+    }
+
+    ctx->rounds = i;
+    ctx->key_size = words;
+    W = ctx->ks;
+    for (i = 0; i < words; i+=2)
+    {
+        W[i+0]=	((uint32_t)key[ 0]<<24)|
+            ((uint32_t)key[ 1]<<16)|
+            ((uint32_t)key[ 2]<< 8)|
+            ((uint32_t)key[ 3]    );
+        W[i+1]=	((uint32_t)key[ 4]<<24)|
+            ((uint32_t)key[ 5]<<16)|
+            ((uint32_t)key[ 6]<< 8)|
+            ((uint32_t)key[ 7]    );
+        key += 8;
+    }
+
+    ip = Rcon;
+    ii = 4 * (ctx->rounds+1);
+    for (i = words; i<ii; i++)
+    {
+        tmp = W[i-1];
+
+        if ((i % words) == 0)
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
+            tmp=tmp2^(((unsigned int)*ip)<<24);
+            ip++;
+        }
+
+        if ((words == 8) && ((i % words) == 4))
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
+            tmp=tmp2;
+        }
+
+        W[i]=W[i-words]^tmp;
+    }
+
+    /* copy the iv across */
+    memcpy(ctx->iv, iv, 16);
+}
+
+/**
+ * Change a key for decryption.
+ */
+void AES_convert_key(AES_CTX *ctx)
+{
+    int i;
+    uint32_t *k,w,t1,t2,t3,t4;
+
+    k = ctx->ks;
+    k += 4;
+
+    for (i= ctx->rounds*4; i > 4; i--)
+    {
+        w= *k;
+        w = inv_mix_col(w,t1,t2,t3,t4);
+        *k++ =w;
+    }
+}
+
+/**
+ * Encrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], tout[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        tout[i] = ntohl(iv[i]);
+
+    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+            tin[i] = ntohl(msg_32[i])^tout[i];
+
+        AES_encrypt(ctx, tin);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = tin[i]; 
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(tout[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Decrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        xor[i] = ntohl(iv[i]);
+
+    for (length -= 16; length >= 0; length -= 16)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+        {
+            tin[i] = ntohl(msg_32[i]);
+            data[i] = tin[i];
+        }
+
+        AES_decrypt(ctx, data);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = data[i]^xor[i];
+            xor[i] = tin[i];
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(xor[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Encrypt a single block (16 bytes) of data
+ */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+{
+    /* To make this code smaller, generate the sbox entries on the fly.
+     * This will have a really heavy effect upon performance.
+     */
+    uint32_t tmp[4];
+    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds; 
+    const uint32_t *k = ctx->ks;
+
+    /* Pre-round key addition */
+    for (row = 0; row < 4; row++)
+        data[row] ^= *(k++);
+
+    /* Encrypt one block. */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 0; row < 4; row++)
+        {
+            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
+            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
+            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
+            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd < (rounds - 1))
+            {
+                tmp1 = a0 ^ a1 ^ a2 ^ a3;
+                old_a0 = a0;
+                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
+                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
+                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
+                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
+            }
+
+            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
+        }
+
+        /* KeyAddition - note that it is vital that this loop is separate from
+           the MixColumn operation, which must be atomic...*/ 
+        for (row = 0; row < 4; row++)
+            data[row] = tmp[row] ^ *(k++);
+    }
+}
+
+/**
+ * Decrypt a single block (16 bytes) of data
+ */
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+{ 
+    uint32_t tmp[4];
+    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
+    uint32_t a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds;
+    const uint32_t *k = ctx->ks + ((rounds+1)*4);
+
+    /* pre-round key addition */
+    for (row=4; row > 0;row--)
+        data[row-1] ^= *(--k);
+
+    /* Decrypt one block */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 4; row > 0; row--)
+        {
+            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
+            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
+            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
+            a3 = aes_isbox[(data[row%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd<(rounds-1))
+            {
+                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
+                   are quite large compared to encryption; this 
+                   operation slows decryption down noticeably. */
+                xt0 = AES_xtime(a0^a1);
+                xt1 = AES_xtime(a1^a2);
+                xt2 = AES_xtime(a2^a3);
+                xt3 = AES_xtime(a3^a0);
+                xt4 = AES_xtime(xt0^xt1);
+                xt5 = AES_xtime(xt1^xt2);
+                xt6 = AES_xtime(xt4^xt5);
+
+                xt0 ^= a1^a2^a3^xt4^xt6;
+                xt1 ^= a0^a2^a3^xt5^xt6;
+                xt2 ^= a0^a1^a3^xt4^xt6;
+                xt3 ^= a0^a1^a2^xt5^xt6;
+                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
+            }
+            else
+                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
+        }
+
+        for (row = 4; row > 0; row--)
+            data[row-1] = tmp[row-1] ^ *(--k);
+    }
+}
+
+#endif
diff --git a/ssl/asn1.c b/ssl/asn1.c
new file mode 100644
index 0000000000..45b910b9a5
--- /dev/null
+++ b/ssl/asn1.c
@@ -0,0 +1,864 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file asn1.c
+ * 
+ * Some primitive asn methods for extraction rsa modulus information. It also
+ * is used for retrieving information from X.509 certificates.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "crypto.h"
+
+#define SIG_OID_PREFIX_SIZE     8
+
+#define SIG_TYPE_MD2            0x02
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+
+/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
+static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
+};
+
+/* CN, O, OU */
+static const uint8_t g_dn_types[] = { 3, 10, 11 };
+
+static int get_asn1_length(const uint8_t *buf, int *offset)
+{
+    int len, i;
+
+    if (!(buf[*offset] & 0x80)) /* short form */
+    {
+        len = buf[(*offset)++];
+    }
+    else    /* long form */
+    {
+        int length_bytes = buf[(*offset)++]&0x7f;
+        len = 0;
+        for (i = 0; i < length_bytes; i++)
+        {
+            len <<= 8;
+            len += buf[(*offset)++];
+        }
+    }
+
+    return len;
+}
+
+/**
+ * Skip the ASN1.1 object type and its length. Get ready to read the object's
+ * data.
+ */
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    return get_asn1_length(buf, offset);
+}
+
+/**
+ * Skip over an ASN.1 object type completely. Get ready to read the next
+ * object.
+ */
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    int len;
+
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *offset += len;
+    return 0;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ * Note: This function allocates memory which must be freed by the user.
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
+{
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
+        goto end_int_array;
+
+    *object = (uint8_t *)malloc(len);
+    memcpy(*object, &buf[*offset], len);
+    *offset += len;
+
+end_int_array:
+    return len;
+}
+
+/**
+ * Get all the RSA private key specifics from an ASN.1 encoded file 
+ */
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
+{
+    int offset = 7;
+    uint8_t *modulus, *priv_exp, *pub_exp;
+    int mod_len, priv_len, pub_len;
+#ifdef CONFIG_BIGINT_CRT
+    uint8_t *p, *q, *dP, *dQ, *qInv;
+    int p_len, q_len, dP_len, dQ_len, qInv_len;
+#endif
+
+    /* not in der format */
+    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: This is not a valid ASN.1 file\n");
+#endif
+        return X509_INVALID_PRIV_KEY;
+    }
+
+    /* initialise the RNG */
+    RNG_initialize(buf, len);
+
+    mod_len = asn1_get_int(buf, &offset, &modulus);
+    pub_len = asn1_get_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_int(buf, &offset, &priv_exp);
+
+    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+#ifdef CONFIG_BIGINT_CRT
+    p_len = asn1_get_int(buf, &offset, &p);
+    q_len = asn1_get_int(buf, &offset, &q);
+    dP_len = asn1_get_int(buf, &offset, &dP);
+    dQ_len = asn1_get_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_int(buf, &offset, &qInv);
+
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
+            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
+
+    free(p);
+    free(q);
+    free(dP);
+    free(dQ);
+    free(qInv);
+#else
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
+#endif
+
+    free(modulus);
+    free(priv_exp);
+    free(pub_exp);
+    return X509_OK;
+}
+
+/**
+ * Get the time of a certificate. Ignore hours/minutes/seconds.
+ */
+static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
+{
+    int ret = X509_NOT_OK, len, t_offset;
+    struct tm tm;
+
+    if (buf[(*offset)++] != ASN1_UTC_TIME)
+        goto end_utc_time;
+    len = get_asn1_length(buf, offset);
+    t_offset = *offset;
+
+    memset(&tm, 0, sizeof(struct tm));
+    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+
+    if (tm.tm_year <= 50)    /* 1951-2050 thing */
+    {
+        tm.tm_year += 100;
+    }
+
+    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+    *t = mktime(&tm);
+    *offset += len;
+    ret = X509_OK;
+
+end_utc_time:
+    return ret;
+}
+
+/**
+ * Get the version type of a certificate (which we don't actually care about)
+ */
+static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    (*offset) += 2;        /* get past explicit tag */
+    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
+        goto end_version;
+
+    ret = X509_OK;
+end_version:
+    return ret;
+}
+
+/**
+ * Retrieve the notbefore and notafter certificate times.
+ */
+static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+}
+
+/**
+ * Get the components of a distinguished name 
+ */
+static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
+{
+    int dn_type = 0;
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto end_oid;
+
+    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
+       components we are interested in. */
+    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
+        dn_type = buf[(*offset)++];
+    else
+    {
+        *offset += len;     /* skip over it */
+    }
+
+end_oid:
+    return dn_type;
+}
+
+/**
+ * Obtain an ASN.1 printable string type.
+ */
+static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
+{
+    int len = X509_NOT_OK;
+
+    /* some certs have this awful crud in them for some reason */
+    if (buf[*offset] != ASN1_PRINTABLE_STR && 
+            buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
+        goto end_pnt_str;
+
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *str = (char *)malloc(len+1);                   /* allow for null */
+    memcpy(*str, &buf[*offset], len);
+    (*str)[len] = 0;                                /* null terminate */
+    *offset += len;
+end_pnt_str:
+    return len;
+}
+
+/**
+ * Get the subject name (or the issuer) of a certificate.
+ */
+static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+{
+    int ret = X509_NOT_OK;
+    int dn_type;
+    char *tmp = NULL;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_name;
+
+    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
+    {
+        int i, found = 0;
+
+        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
+            goto end_name;
+
+        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
+        {
+            free(tmp);
+            goto end_name;
+        }
+
+        /* find the distinguished named type */
+        for (i = 0; i < X509_NUM_DN_TYPES; i++)
+        {
+            if (dn_type == g_dn_types[i])
+            {
+                if (dn[i] == NULL)
+                {
+                    dn[i] = tmp;
+                    found = 1;
+                    break;
+                }
+            }
+        }
+
+        if (found == 0) /* not found so get rid of it */
+        {
+            free(tmp);
+        }
+    }
+
+    ret = X509_OK;
+end_name:
+    return ret;
+}
+
+/**
+ * Read the modulus and public exponent of a certificate.
+ */
+static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, mod_len, pub_len;
+    uint8_t *modulus, *pub_exp;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
+            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
+        goto end_pub_key;
+
+    (*offset)++;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_pub_key;
+
+    mod_len = asn1_get_int(cert, offset, &modulus);
+    pub_len = asn1_get_int(cert, offset, &pub_exp);
+
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
+
+    free(modulus);
+    free(pub_exp);
+    ret = X509_OK;
+
+end_pub_key:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Read the signature of the certificate.
+ */
+static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    if (cert[(*offset)++] != ASN1_BIT_STRING)
+        goto end_sig;
+
+    x509_ctx->sig_len = get_asn1_length(cert, offset);
+    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
+    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
+    *offset += x509_ctx->sig_len;
+    ret = X509_OK;
+
+end_sig:
+    return ret;
+}
+
+/*
+ * Compare 2 distinguished name components for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
+{
+    int ret = 1;
+
+    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
+
+    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
+
+err_no_match:
+    return ret;
+}
+
+/**
+ * Clean up all of the CA certificates.
+ */
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
+{
+    int i = 0;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+    {
+        x509_free(ca_cert_ctx->cert[i]);
+        ca_cert_ctx->cert[i++] = NULL;
+    }
+
+    free(ca_cert_ctx);
+}
+
+/*
+ * Compare 2 distinguished names for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn(char * const dn1[], char * const dn2[])
+{
+    int i;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
+        {
+            return 1;
+        }
+    }
+
+    return 0;       /* all good */
+}
+
+/**
+ * Retrieve the signature from a certificate.
+ */
+const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Read the signature type of the certificate. We only support RSA-MD5 and
+ * RSA-SHA1 signature types.
+ */
+static int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, len;
+
+    if (cert[(*offset)++] != ASN1_OID)
+        goto end_check_sig;
+
+    len = get_asn1_length(cert, offset);
+
+    if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
+        goto end_check_sig;     /* unrecognised cert type */
+
+    x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+
+    *offset += len;
+    if (asn1_skip_obj(cert, offset, ASN1_NULL))
+        goto end_check_sig;
+    ret = X509_OK;
+
+end_check_sig:
+    return ret;
+}
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    X509_CTX *x509_ctx;
+    BI_CTX *bi_ctx;
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
+    {
+        if (asn1_version(cert, &offset, x509_ctx))
+            goto end_cert;
+    }
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
+            asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    /* use the appropriate signature algorithm (either SHA1 or MD5) */
+    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    {
+        MD5_CTX md5_ctx;
+        uint8_t md5_dgst[MD5_SIZE];
+        MD5Init(&md5_ctx);
+        MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD5Final(&md5_ctx, md5_dgst);
+        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+    }
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
+    {
+        SHA1_CTX sha_ctx;
+        uint8_t sha_dgst[SHA1_SIZE];
+        SHA1Init(&sha_ctx);
+        SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA1Final(&sha_ctx, sha_dgst);
+        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+    }
+
+    offset = end_tbs;   /* skip the v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    ret = X509_OK;
+end_cert:
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Invalid X509 ASN.1 file\n");
+    }
+#endif
+
+    return ret;
+}
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - A root certificate exists in the certificate store.
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - The certificate chain is valid.
+ * - That the certificate(s) are not self-signed.
+ * - The signature of the certificate is valid.
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx;
+    bigint *mod, *expn;
+    struct timeval tv;
+    int match_ca_cert = 0;
+
+    if (cert == NULL || ca_cert_ctx == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* last cert in the chain - look for a trusted cert */
+    if (cert->next == NULL)
+    {
+        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            if (asn1_compare_dn(cert->ca_cert_dn,
+                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
+            {
+                match_ca_cert = 1;
+                break;
+            }
+
+            i++;
+        }
+
+        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            next_cert = ca_cert_ctx->cert[i];
+        }
+        else    /* trusted cert not found */
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else
+    {
+        next_cert = cert->next;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    /* check the chain integrity */
+    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
+    {
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+
+    /* check for self-signing */
+    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    ctx = cert->rsa_ctx->bi_ctx;
+    mod = next_cert->rsa_ctx->m;
+    expn = next_cert->rsa_ctx->e;
+    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
+            bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig)
+    {
+        ret = cert->digest ?    /* check the signature */
+            bi_compare(cert_sig, cert->digest) :
+            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        bi_free(ctx, cert_sig);
+
+        if (ret)
+            goto end_verify;
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+        goto end_verify;
+    }
+
+    /* go down the certificate chain using recursion. */
+    if (ret == 0 && cert->next)
+    {
+        ret = x509_verify(ca_cert_ctx, next_cert);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("----------------   CERT DEBUG   ----------------\n");
+    printf("* CA Cert Distinguished Name\n");
+    if (cert->ca_cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("* Cert Distinguished Name\n");
+    if (cert->cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("Not Before:\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    printf("Verify:\t\t\t");
+
+    if (ca_cert_ctx)
+    {
+        x509_display_error(x509_verify(ca_cert_ctx, cert));
+    }
+
+    printf("\n");
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(ca_cert_ctx, cert->next);
+    }
+}
+
+void x509_display_error(int error)
+{
+    switch (error)
+    {
+        case X509_NOT_OK:
+            printf("X509 not ok");
+            break;
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            printf("No trusted cert is available");
+            break;
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            printf("Bad signature");
+            break;
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            printf("Cert is not yet valid");
+            break;
+
+        case X509_VFY_ERROR_EXPIRED:
+            printf("Cert has expired");
+            break;
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            printf("Cert is self-signed");
+            break;
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            printf("Chain is invalid (check order of certs)");
+            break;
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            printf("Unsupported digest");
+            break;
+
+        case X509_INVALID_PRIV_KEY:
+            printf("Invalid private key");
+            break;
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+
diff --git a/ssl/bigint.c b/ssl/bigint.c
new file mode 100644
index 0000000000..e64375f809
--- /dev/null
+++ b/ssl/bigint.c
@@ -0,0 +1,1506 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @defgroup bigint_api Big Integer API
+ * @brief The bigint implementation as used by the axTLS project.
+ *
+ * The bigint library is for RSA encryption/decryption as well as signing.
+ * This code tries to minimise use of malloc/free by maintaining a small 
+ * cache. A bigint context may maintain state by being made "permanent". 
+ * It be be later released with a bi_depermanent() and bi_free() call.
+ *
+ * It supports the following reduction techniques:
+ * - Classical
+ * - Barrett
+ * - Montgomery
+ *
+ * It also implements the following:
+ * - Karatsuba multiplication
+ * - Squaring
+ * - Sliding window exponentiation
+ * - Chinese Remainder Theorem (implemented in rsa.c).
+ *
+ * All the algorithms used are pretty standard, and designed for different
+ * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
+ * may need to be tested for negativity.
+ *
+ * This library steals some ideas from Jef Poskanzer
+ * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
+ * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
+ * detail from "The Handbook of Applied Cryptography"
+ * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
+ * @{
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "bigint.h"
+#include "crypto.h"
+
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
+static bigint *alloc(BI_CTX *ctx, int size);
+static bigint *trim(bigint *bi);
+static void more_comps(bigint *bi, int n);
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+static bigint *comp_right_shift(bigint *biR, int num_shifts);
+static bigint *comp_left_shift(bigint *biR, int num_shifts);
+#endif
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+static void check(const bigint *bi);
+#endif
+
+/**
+ * @brief Start a new bigint context.
+ * @return A bigint context.
+ */
+BI_CTX *bi_initialize(void)
+{
+    BI_CTX *ctx;
+   
+    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
+    ctx->active_list = NULL;
+    ctx->active_count = 0;
+    ctx->free_list = NULL;
+    ctx->free_count = 0;
+    ctx->mod_offset = 0;
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    ctx->use_classical = 0;
+#endif
+
+    /* the radix */
+    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix->comps[0] = 0;
+    ctx->bi_radix->comps[1] = 1;
+    bi_permanent(ctx->bi_radix);
+
+    return ctx;
+}
+
+/**
+ * @brief Close the bigint context and free any resources.
+ *
+ * Free up any used memory - a check is done if all objects were not 
+ * properly freed.
+ * @param ctx [in]   The bigint session context.
+ */
+void bi_terminate(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    bi_depermanent(ctx->bi_radix); 
+    bi_free(ctx, ctx->bi_radix);
+
+    if (ctx->active_count != 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_terminate: there were %d un-freed bigints\n",
+                       ctx->active_count);
+#endif
+        abort();
+    }
+
+    for (p = ctx->free_list; p != NULL; p = pn)
+    {
+        pn = p->next;
+        free(p->comps);
+        free(p);
+    }
+
+    free(ctx);
+}
+
+/**
+ * @brief Increment the number of references to this object. 
+ * It does not do a full copy.
+ * @param bi [in]   The bigint to copy.
+ * @return A reference to the same bigint.
+ */
+bigint *bi_copy(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+        bi->refs++;
+    return bi;
+}
+
+/**
+ * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
+ *
+ * For this object to be freed, bi_depermanent() must be called.
+ * @param bi [in]   The bigint to be made permanent.
+ */
+void bi_permanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != 1)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_permanent: refs was not 1\n");
+#endif
+        abort();
+    }
+
+    bi->refs = PERMANENT;
+}
+
+/**
+ * @brief Take a permanent object and make it eligible for freedom.
+ * @param bi [in]   The bigint to be made back to temporary.
+ */
+void bi_depermanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_depermanent: bigint was not permanent\n");
+#endif
+        abort();
+    }
+
+    bi->refs = 1;
+}
+
+/**
+ * @brief Free a bigint object so it can be used again. 
+ *
+ * The memory itself it not actually freed, just tagged as being available 
+ * @param ctx [in]   The bigint session context.
+ * @param bi [in]    The bigint to be freed.
+ */
+void bi_free(BI_CTX *ctx, bigint *bi)
+{
+    check(bi);
+    if (bi->refs == PERMANENT)
+    {
+        return;
+    }
+
+    if (--bi->refs > 0)
+    {
+        return;
+    }
+
+    bi->next = ctx->free_list;
+    ctx->free_list = bi;
+    ctx->free_count++;
+
+    if (--ctx->active_count < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_free: active_count went negative "
+                "- double-freed bigint?\n");
+#endif
+        abort();
+    }
+}
+
+/**
+ * @brief Convert an (unsigned) integer into a bigint.
+ * @param ctx [in]   The bigint session context.
+ * @param i [in]     The (unsigned) integer to be converted.
+ * 
+ */
+bigint *int_to_bi(BI_CTX *ctx, comp i)
+{
+    bigint *biR = alloc(ctx, 1);
+    biR->comps[0] = i;
+    return biR;
+}
+
+/**
+ * @brief Do a full copy of the bigint object.
+ * @param ctx [in]   The bigint session context.
+ * @param bi  [in]   The bigint object to be copied.
+ */
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
+{
+    bigint *biR = alloc(ctx, bi->size);
+    check(bi);
+    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
+    return biR;
+}
+
+/**
+ * @brief Perform an addition operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the addition.
+ */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int n;
+    comp carry = 0;
+    comp *pa, *pb;
+
+    check(bia);
+    check(bib);
+
+    n = max(bia->size, bib->size);
+    more_comps(bia, n+1);
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do
+    {
+        comp  sl, rl, cy1;
+        sl = *pa + *pb++;
+        rl = sl + carry;
+        cy1 = sl < *pa;
+        carry = cy1 | (rl < sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    *pa = carry;                  /* do overflow */
+    bi_free(ctx, bib);
+    return trim(bia);
+}
+
+/**
+ * @brief Perform a subtraction operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @param is_negative [out] If defined, indicates that the result was negative.
+ * is_negative may be null.
+ * @return The result of the subtraction. The result is always positive.
+ */
+bigint *bi_subtract(BI_CTX *ctx, 
+        bigint *bia, bigint *bib, int *is_negative)
+{
+    int n = bia->size;
+    comp *pa, *pb, carry = 0;
+
+    check(bia);
+    check(bib);
+
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do 
+    {
+        comp sl, rl, cy1;
+        sl = *pa - *pb++;
+        rl = sl - carry;
+        cy1 = sl > *pa;
+        carry = cy1 | (rl > sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    if (is_negative)    /* indicate a negative result */
+    {
+        *is_negative = carry;
+    }
+
+    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
+    return trim(bia);
+}
+
+/**
+ * Perform a multiply between a bigint an an (unsigned) integer
+ */
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
+{
+    int j = 0, n = bia->size;
+    bigint *biR = alloc(ctx, n + 1);
+    comp carry = 0;
+    comp *r = biR->comps;
+    comp *a = bia->comps;
+
+    check(bia);
+
+    /* clear things to start with */
+    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
+
+    do
+    {
+        long_comp tmp = *r + (long_comp)a[j]*b + carry;
+        *r++ = (comp)tmp;              /* downsize */
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+    } while (++j < n);
+
+    *r = carry;
+    bi_free(ctx, bia);
+    return trim(biR);
+}
+
+/**
+ * @brief Does both division and modulo calculations. 
+ *
+ * Used extensively when doing classical reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param u [in]    A bigint which is the numerator.
+ * @param v [in]    Either the denominator or the modulus depending on the mode.
+ * @param is_mod [n] Determines if this is a normal division (0) or a reduction
+ * (1).
+ * @return  The result of the division/reduction.
+ */
+bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
+{
+    int n = v->size, m = u->size-n;
+    int j = 0, orig_u_size = u->size;
+    uint8_t mod_offset = ctx->mod_offset;
+    comp d;
+    bigint *quotient, *tmp_u;
+    comp q_dash;
+
+    check(u);
+    check(v);
+
+    /* if doing reduction and we are < mod, then return mod */
+    if (is_mod && bi_compare(v, u) > 0)
+    {
+        bi_free(ctx, v);
+        return u;
+    }
+
+    quotient = alloc(ctx, m+1);
+    tmp_u = alloc(ctx, n+1);
+    v = trim(v);        /* make sure we have no leading 0's */
+    d = (comp)((long_comp)COMP_RADIX/(V1+1));
+
+    /* clear things to start with */
+    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
+
+    /* normalise */
+    if (d > 1)
+    {
+        u = bi_int_multiply(ctx, u, d);
+
+        if (is_mod)
+        {
+            v = ctx->bi_normalised_mod[mod_offset];
+        }
+        else
+        {
+            v = bi_int_multiply(ctx, v, d);
+        }
+    }
+
+    if (orig_u_size == u->size)  /* new digit position u0 */
+    {
+        more_comps(u, orig_u_size + 1);
+    }
+
+    do
+    {
+        /* get a temporary short version of u */
+        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
+
+        /* calculate q' */
+        if (U(0) == V1)
+        {
+            q_dash = COMP_RADIX-1;
+        }
+        else
+        {
+            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
+        }
+
+        if (v->size > 1 && V2)
+        {
+            /* we are implementing the following:
+            if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                    q_dash*V1)*COMP_RADIX) + U(2))) ... */
+            comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                        (long_comp)q_dash*V1);
+            if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+            {
+                q_dash--;
+            }
+        }
+
+        /* multiply and subtract */
+        if (q_dash)
+        {
+            int is_negative;
+            tmp_u = bi_subtract(ctx, tmp_u, 
+                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
+            more_comps(tmp_u, n+1);
+
+            Q(j) = q_dash; 
+
+            /* add back */
+            if (is_negative)
+            {
+                Q(j)--;
+                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+
+                /* lop off the carry */
+                tmp_u->size--;
+                v->size--;
+            }
+        }
+        else
+        {
+            Q(j) = 0; 
+        }
+
+        /* copy back to u */
+        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
+    } while (++j <= m);
+
+    bi_free(ctx, tmp_u);
+    bi_free(ctx, v);
+
+    if (is_mod)     /* get the remainder */
+    {
+        bi_free(ctx, quotient);
+        return bi_int_divide(ctx, trim(u), d);
+    }
+    else            /* get the quotient */
+    {
+        bi_free(ctx, u);
+        return trim(quotient);
+    }
+}
+
+/*
+ * Perform an integer divide on a bigint.
+ */
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
+{
+    int i = biR->size - 1;
+    long_comp r = 0;
+
+    check(biR);
+
+    do
+    {
+        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
+        biR->comps[i] = (comp)(r / denom);
+        r %= denom;
+    } while (--i != 0);
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+/**
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
+ * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * find N0' from N0 and b */
+static comp modular_inverse(bigint *bim)
+{
+    int i;
+    comp t = 1;
+    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    long_comp two_2_i = 4;      /* 2^i */
+    comp N = bim->comps[0];
+
+    for (i = 2; i <= COMP_BIT_SIZE; i++)
+    {
+        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
+        {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (comp)(COMP_RADIX-t);
+}
+#endif
+
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * Take each component and shift down (in terms of components) 
+ */
+static bigint *comp_right_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-num_shifts;
+    comp *x = biR->comps;
+    comp *y = &biR->comps[num_shifts];
+
+    check(biR);
+
+    if (i <= 0)     /* have we completely right shifted? */
+    {
+        biR->comps[0] = 0;  /* return 0 */
+        biR->size = 1;
+        return biR;
+    }
+
+    do
+    {
+        *x++ = *y++;
+    } while (--i > 0);
+
+    biR->size -= num_shifts;
+    return biR;
+}
+
+/**
+ * Take each component and shift it up (in terms of components) 
+ */
+static bigint *comp_left_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-1;
+    comp *x, *y;
+
+    check(biR);
+
+    if (num_shifts <= 0)
+    {
+        return biR;
+    }
+
+    more_comps(biR, biR->size + num_shifts);
+
+    x = &biR->comps[i+num_shifts];
+    y = &biR->comps[i];
+
+    do
+    {
+        *x-- = *y--;
+    } while (i--);
+
+    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
+    return biR;
+}
+#endif
+
+/**
+ * @brief Allow a binary sequence to be imported as a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] The data to be converted.
+ * @param size [in] The number of bytes of data.
+ * @return A bigint representing this data.
+ */
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
+{
+    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
+    int i, j = 0, offset = 0;
+
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        biR->comps[offset] += data[i] << (j*8);
+
+        if (++j == COMP_BYTE_SIZE)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * @brief The testharness uses this code to import text hex-streams and 
+ * convert them into bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] A string consisting of hex characters. The characters must
+ * be in upper case.
+ * @return A bigint representing this data.
+ */
+bigint *bi_str_import(BI_CTX *ctx, const char *data)
+{
+    int size = strlen(data);
+    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
+    int i, j = 0, offset = 0;
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
+        biR->comps[offset] += num << (j*4);
+
+        if (++j == COMP_NUM_NIBBLES)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return biR;
+}
+
+void bi_print(const char *label, bigint *x)
+{
+    int i, j;
+
+    if (x == NULL)
+    {
+        printf("%s: (null)\n", label);
+        return;
+    }
+
+    printf("%s: (size %d)\n", label, x->size);
+    for (i = x->size-1; i >= 0; i--)
+    {
+        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
+        {
+            comp mask = 0x0f << (j*4);
+            comp num = (x->comps[i] & mask) >> (j*4);
+            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
+        }
+    }  
+
+    printf("\n");
+}
+#endif
+
+/**
+ * @brief Take a bigint and convert it into a byte sequence. 
+ *
+ * This is useful after a decrypt operation.
+ * @param ctx [in]  The bigint session context.
+ * @param x [in]  The bigint to be converted.
+ * @param data [out] The converted data as a byte stream.
+ * @param size [in] The maximum size of the byte stream. Unused bytes will be
+ * zeroed.
+ */
+void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
+{
+    int i, j, k = size-1;
+
+    check(x);
+    memset(data, 0, size);  /* ensure all leading 0's are cleared */
+
+    for (i = 0; i < x->size; i++)
+    {
+        for (j = 0; j < COMP_BYTE_SIZE; j++)
+        {
+            comp mask = 0xff << (j*8);
+            int num = (x->comps[i] & mask) >> (j*8);
+            data[k--] = num;
+
+            if (k < 0)
+            {
+                break;
+            }
+        }
+    }
+
+    bi_free(ctx, x);
+}
+
+/**
+ * @brief Pre-calculate some of the expensive steps in reduction. 
+ *
+ * This function should only be called once (normally when a session starts).
+ * When the session is over, bi_free_mod() should be called. bi_mod_power()
+ * relies on this function being called.
+ * @param ctx [in]  The bigint session context.
+ * @param bim [in]  The bigint modulus that will be used.
+ * @param mod_offset [in] There are three moduluii that can be stored - the
+ * standard modulus, and its two primes p and q. This offset refers to which
+ * modulus we are referring to.
+ * @see bi_free_mod(), bi_mod_power().
+ */
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
+{
+    int k = bim->size;
+    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    bigint *R, *R2;
+#endif
+
+    ctx->bi_mod[mod_offset] = bim;
+    bi_permanent(ctx->bi_mod[mod_offset]);
+    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
+    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    /* set montgomery variables */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
+    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
+    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
+
+    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
+
+    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+
+#elif defined (CONFIG_BIGINT_BARRETT)
+    ctx->bi_mu[mod_offset] = 
+        bi_divide(ctx, comp_left_shift(
+            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+    bi_permanent(ctx->bi_mu[mod_offset]);
+#endif
+}
+
+/**
+ * @brief Used when cleaning various bigints at the end of a session.
+ * @param ctx [in]  The bigint session context.
+ * @param mod_offset [in] The offset to use.
+ * @see bi_set_mod().
+ */
+void bi_free_mod(BI_CTX *ctx, int mod_offset)
+{
+    bi_depermanent(ctx->bi_mod[mod_offset]);
+    bi_free(ctx, ctx->bi_mod[mod_offset]);
+#if defined (CONFIG_BIGINT_MONTGOMERY)
+    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_free(ctx, ctx->bi_mu[mod_offset]);
+#endif
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
+}
+
+/** 
+ * Perform a standard multiplication between two bigints.
+ */
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int i, j, i_plus_j;
+    int n = bia->size; 
+    int t = bib->size;
+    bigint *biR = alloc(ctx, n + t);
+    comp *sr = biR->comps;
+    comp *sa = bia->comps;
+    comp *sb = bib->comps;
+
+    check(bia);
+    check(bib);
+
+    /* clear things to start with */
+    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
+    i = 0;
+
+    do 
+    {
+        comp carry = 0;
+        comp b = *sb++;
+        i_plus_j = i;
+        j = 0;
+
+        do
+        {
+            long_comp tmp = sr[i_plus_j] + (long_comp)sa[j]*b + carry;
+            sr[i_plus_j++] = (comp)tmp;              /* downsize */
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        } while (++j < n);
+
+        sr[i_plus_j] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+/*
+ * Karatsuba improves on regular multiplication due to only 3 multiplications 
+ * being done instead of 4. The additional additions/subtractions are O(N) 
+ * rather than O(N^2) and so for big numbers it saves on a few operations 
+ */
+static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
+{
+    bigint *x0, *x1;
+    bigint *p0, *p1, *p2;
+    int m;
+
+    if (is_square)
+    {
+        m = (bia->size + 1)/2;
+    }
+    else
+    {
+        m = (max(bia->size, bib->size) + 1)/2;
+    }
+
+    x0 = bi_clone(ctx, bia);
+    x0->size = m;
+    x1 = bi_clone(ctx, bia);
+    comp_right_shift(x1, m);
+    bi_free(ctx, bia);
+
+    /* work out the 3 partial products */
+    if (is_square)
+    {
+        p0 = bi_square(ctx, bi_copy(x0));
+        p2 = bi_square(ctx, bi_copy(x1));
+        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
+    }
+    else /* normal multiply */
+    {
+        bigint *y0, *y1;
+        y0 = bi_clone(ctx, bib);
+        y0->size = m;
+        y1 = bi_clone(ctx, bib);
+        comp_right_shift(y1, m);
+        bi_free(ctx, bib);
+
+        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
+        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
+        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
+    }
+
+    p1 = bi_subtract(ctx, 
+            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
+
+    comp_left_shift(p1, m);
+    comp_left_shift(p2, 2*m);
+    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
+}
+#endif
+
+/**
+ * @brief Perform a multiplication operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    check(bia);
+    check(bib);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    {
+        return regular_multiply(ctx, bia, bib);
+    }
+
+    return karatsuba(ctx, bia, bib, 0);
+#else
+    return regular_multiply(ctx, bia, bib);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_SQUARE
+/*
+ * Perform the actual square operion. It takes into account overflow.
+ */
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+{
+    int t = bi->size;
+    int i = 0, j;
+    bigint *biR = alloc(ctx, t*2);
+    comp *w = biR->comps;
+    comp *x = bi->comps;
+    comp carry;
+
+    memset(w, 0, biR->size*COMP_BYTE_SIZE);
+
+    do
+    {
+        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
+        comp u = 0;
+        w[2*i] = (comp)tmp;
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+
+        for (j = i+1; j < t; j++)
+        {
+            long_comp xx = (long_comp)x[i]*x[j];
+            long_comp blob = (long_comp)w[i+j]+carry;
+
+            if (u)                  /* previous overflow */
+            {
+                blob += COMP_RADIX;
+            }
+
+            u = 0;
+            if (xx & COMP_BIG_MSB)  /* check for overflow */
+            {
+                u = 1;
+            }
+
+            tmp = 2*xx + blob;
+            w[i+j] = (comp)tmp;
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        }
+
+        w[i+t] += carry;
+
+        if (u)
+        {
+            w[i+t+1] = 1;   /* add carry */
+        }
+    } while (++i < t);
+
+    bi_free(ctx, bi);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a square operation on a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_square(BI_CTX *ctx, bigint *bia)
+{
+    check(bia);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (bia->size < SQU_KARATSUBA_THRESH) 
+    {
+        return regular_square(ctx, bia);
+    }
+
+    return karatsuba(ctx, bia, NULL, 1);
+#else
+    return regular_square(ctx, bia);
+#endif
+}
+#endif
+
+/**
+ * @brief Compare two bigints.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return -1 if smaller, 1 if larger and 0 if equal.
+ */
+int bi_compare(bigint *bia, bigint *bib)
+{
+    int r, i;
+
+    check(bia);
+    check(bib);
+
+    if (bia->size > bib->size)
+        r = 1;
+    else if (bia->size < bib->size)
+        r = -1;
+    else
+    {
+        comp *a = bia->comps; 
+        comp *b = bib->comps; 
+
+        /* Same number of components.  Compare starting from the high end
+         * and working down. */
+        r = 0;
+        i = bia->size - 1;
+
+        do 
+        {
+            if (a[i] > b[i])
+            { 
+                r = 1;
+                break; 
+            }
+            else if (a[i] < b[i])
+            { 
+                r = -1;
+                break; 
+            }
+        } while (--i >= 0);
+    }
+
+    return r;
+}
+
+/*
+ * Allocate and zero more components.  Does not consume bi. 
+ */
+static void more_comps(bigint *bi, int n)
+{
+    if (n > bi->max_comps)
+    {
+        bi->max_comps = max(bi->max_comps * 2, n);
+        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
+    }
+
+    if (n > bi->size)
+    {
+        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
+    }
+
+    bi->size = n;
+}
+
+/*
+ * Make a new empty bigint. It may just use an old one if one is available.
+ * Otherwise get one off the heap.
+ */
+static bigint *alloc(BI_CTX *ctx, int size)
+{
+    bigint *biR;
+
+    /* Can we recycle an old bigint? */
+    if (ctx->free_list != NULL)
+    {
+        biR = ctx->free_list;
+        ctx->free_list = biR->next;
+        ctx->free_count--;
+
+        if (biR->refs != 0)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("alloc: refs was not 0\n");
+#endif
+            abort();    /* create a stack trace from a core dump */
+        }
+
+        more_comps(biR, size);
+    }
+    else
+    {
+        /* No free bigints available - create a new one. */
+        biR = (bigint *)malloc(sizeof(bigint));
+        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
+        biR->max_comps = size;  /* give some space to spare */
+    }
+
+    biR->size = size;
+    biR->refs = 1;
+    biR->next = NULL;
+    ctx->active_count++;
+    return biR;
+}
+
+/*
+ * Work out the highest '1' bit in an exponent. Used when doing sliding-window
+ * exponentiation.
+ */
+static int find_max_exp_index(bigint *biexp)
+{
+    int i = COMP_BIT_SIZE-1;
+    comp shift = COMP_RADIX/2;
+    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
+
+    check(biexp);
+
+    do
+    {
+        if (test & shift)
+        {
+            return i+(biexp->size-1)*COMP_BIT_SIZE;
+        }
+
+        shift >>= 1;
+    } while (--i != 0);
+
+    return -1;      /* error - must have been a leading 0 */
+}
+
+/*
+ * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
+ * exponentiation.
+ */
+static int exp_bit_is_one(bigint *biexp, int offset)
+{
+    comp test = biexp->comps[offset / COMP_BIT_SIZE];
+    int num_shifts = offset % COMP_BIT_SIZE;
+    comp shift = 1;
+    int i;
+
+    check(biexp);
+
+    for (i = 0; i < num_shifts; i++)
+    {
+        shift <<= 1;
+    }
+
+    return test & shift;
+}
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+/*
+ * Perform a sanity check on bi.
+ */
+static void check(const bigint *bi)
+{
+    if (bi->refs <= 0)
+    {
+        printf("check: zero or negative refs in bigint\n");
+        abort();
+    }
+
+    if (bi->next != NULL)
+    {
+        printf("check: attempt to use a bigint from "
+                "the free list\n");
+        abort();
+    }
+}
+#endif
+
+/*
+ * Delete any leading 0's (and allow for 0).
+ */
+static bigint *trim(bigint *bi)
+{
+    check(bi);
+
+    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
+    {
+        bi->size--;
+    }
+
+    return bi;
+}
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * @brief Perform a single montgomery reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bixy [in]  A bigint.
+ * @return The result of the montgomery reduction.
+ */
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
+{
+    int i = 0, n;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    comp mod_inv = ctx->N0_dash[mod_offset];
+
+    check(bixy);
+
+    if (ctx->use_classical)     /* just use classical instead */
+    {
+        return bi_mod(ctx, bixy);
+    }
+
+    n = bim->size;
+
+    do
+    {
+        bixy = bi_add(ctx, bixy, comp_left_shift(
+                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
+    } while (++i < n);
+
+    comp_right_shift(bixy, n);
+
+    if (bi_compare(bixy, bim) >= 0)
+    {
+        bixy = bi_subtract(ctx, bixy, bim, NULL);
+    }
+
+    return bixy;
+}
+
+#elif defined(CONFIG_BIGINT_BARRETT)
+/*
+ * Stomp on the most significant components to give the illusion of a "mod base
+ * radix" operation 
+ */
+static bigint *comp_mod(bigint *bi, int mod)
+{
+    check(bi);
+
+    if (bi->size > mod)
+    {
+        bi->size = mod;
+    }
+
+    return bi;
+}
+
+/*
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over Classical/Montgomery reduction methods. 
+ */
+static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
+{
+    int i = 0, j, n = bia->size, t = bib->size;
+    bigint *biR;
+    comp carry;
+    comp *sr, *sa, *sb;
+
+    check(bia);
+    check(bib);
+
+    biR = alloc(ctx, n + t);
+    sa = bia->comps;
+    sb = bib->comps;
+    sr = biR->comps;
+
+    if (inner_partial)
+    {
+        memset(sr, 0, inner_partial*COMP_BYTE_SIZE); 
+    }
+    else    /* outer partial */
+    {
+        if (n < outer_partial || t < outer_partial) /* should we bother? */
+        {
+            bi_free(ctx, bia);
+            bi_free(ctx, bib);
+            biR->comps[0] = 0;      /* return 0 */
+            biR->size = 1;
+            return biR;
+        }
+
+        memset(&sr[outer_partial], 0, (n+t-outer_partial)*COMP_BYTE_SIZE);
+    }
+
+    do 
+    {
+        comp *a = sa;
+        comp b = *sb++;
+        long_comp tmp;
+        int i_plus_j = i;
+        carry = 0;
+        j = n;
+
+        if (outer_partial && i_plus_j < outer_partial)
+        {
+            i_plus_j = outer_partial;
+            a = &sa[outer_partial-i];
+            j = n-(outer_partial-i);
+        }
+
+        do
+        {
+            if (inner_partial && i_plus_j >= inner_partial) 
+            {
+                break;
+            }
+
+            tmp = sr[i_plus_j] + ((long_comp)*a++)*b + carry;
+            sr[i_plus_j++] = (comp)tmp;              /* downsize */
+            carry = (comp)(tmp >> COMP_BIT_SIZE);
+        } while (--j != 0);
+
+        sr[i_plus_j] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a single Barrett reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bi [in]  A bigint.
+ * @return The result of the Barrett reduction.
+ */
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
+{
+    bigint *q1, *q2, *q3, *r1, *r2, *r;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    int k = bim->size;
+
+    check(bi);
+    check(bim);
+
+    /* use Classical method instead  - Barrett cannot help here */
+    if (bi->size > k*2)
+    {
+        return bi_mod(ctx, bi);
+    }
+
+    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
+
+    /* do outer partial multiply */
+    q2 = partial_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q3 = comp_right_shift(q2, k+1);
+    r1 = comp_mod(bi, k+1);
+
+    /* do inner partial multiply */
+    r2 = comp_mod(partial_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r = bi_subtract(ctx, r1, r2, NULL);
+
+    /* if (r >= m) r = r - m; */
+    if (bi_compare(r, bim) >= 0)
+    {
+        r = bi_subtract(ctx, r, bim, NULL);
+    }
+
+    return r;
+}
+#endif /* CONFIG_BIGINT_BARRETT */
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+/*
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ */
+static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
+{
+    int k = 1, i;
+    bigint *g2;
+
+    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
+    {
+        k <<= 1;
+    }
+
+    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, g1);
+    bi_permanent(ctx->g[0]);
+    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
+
+    for (i = 1; i < k; i++)
+    {
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
+        bi_permanent(ctx->g[i]);
+    }
+
+    bi_free(ctx, g2);
+    ctx->window = k;
+}
+#endif
+
+/**
+ * @brief Perform a modular exponentiation.
+ *
+ * This function requires bi_set_mod() to have been called previously. This is 
+ * one of the optimisations used for performance.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint on which to perform the mod power operation.
+ * @param biexp [in] The bigint exponent.
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
+{
+    int i = find_max_exp_index(biexp), j, window_size = 1;
+    bigint *biR = int_to_bi(ctx, 1);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    uint8_t mod_offset = ctx->mod_offset;
+    if (!ctx->use_classical)
+    {
+        /* preconvert */
+        bi = bi_mont(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
+        bi_free(ctx, biR);
+        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
+    }
+#endif
+
+    check(bi);
+    check(biexp);
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+    for (j = i; j > 32; j /= 5) /* work out an optimum size */
+        window_size++;
+
+    /* work out the slide constants */
+    precompute_slide_window(ctx, window_size, bi);
+#else   /* just one constant */
+    ctx->g = (bigint **)malloc(sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, bi);
+    ctx->window = 1;
+    bi_permanent(ctx->g[0]);
+#endif
+
+    /* if sliding-window is off, then only one bit will be done at a time and
+     * will reduce to standard left-to-right exponentiation */
+    do
+    {
+        if (exp_bit_is_one(biexp, i))
+        {
+            int l = i-window_size+1;
+            int part_exp = 0;
+
+            if (l < 0)  /* LSB of exponent will always be 1 */
+                l = 0;
+            else
+            {
+                while (exp_bit_is_one(biexp, l) == 0)
+                    l++;    /* go back up */
+            }
+
+            /* build up the section of the exponent */
+            for (j = i; j >= l; j--)
+            {
+                biR = bi_residue(ctx, bi_square(ctx, biR));
+                if (exp_bit_is_one(biexp, j))
+                    part_exp++;
+
+                if (j != l)
+                    part_exp <<= 1;
+            }
+
+            part_exp = (part_exp-1)/2;  /* adjust for array */
+            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
+            i = l-1;
+        }
+        else    /* square it */
+        {
+            biR = bi_residue(ctx, bi_square(ctx, biR));
+            i--;
+        }
+    } while (i >= 0);
+     
+    /* cleanup */
+    for (i = 0; i < ctx->window; i++)
+    {
+        bi_depermanent(ctx->g[i]);
+        bi_free(ctx, ctx->g[i]);
+    }
+
+    free(ctx->g);
+    bi_free(ctx, bi);
+    bi_free(ctx, biexp);
+#if defined CONFIG_BIGINT_MONTGOMERY
+    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
+#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
+    return biR;
+#endif
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * @brief Perform a modular exponentiation using a temporary modulus.
+ *
+ * We need this function to check the signatures of certificates. The modulus
+ * of this function is temporary as it's just used for authentication.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param bim [in]  The temporary modulus.
+ * @param biexp [in] The bigint exponent.
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
+{
+    bigint *biR, *tmp_biR;
+
+    /* Set up a temporary bigint context and transfer what we need between
+     * them. We need to do this since we want to keep the original modulus
+     * which is already in this context. This operation is only called when
+     * doing peer verification, and so is not expensive :-) */
+    BI_CTX *tmp_ctx = bi_initialize();
+    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
+    tmp_biR = bi_mod_power(tmp_ctx, 
+                bi_clone(tmp_ctx, bi), 
+                bi_clone(tmp_ctx, biexp));
+    biR = bi_clone(ctx, tmp_biR);
+    bi_free(tmp_ctx, tmp_biR);
+    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
+    bi_terminate(tmp_ctx);
+
+    bi_free(ctx, bi);
+    bi_free(ctx, bim);
+    bi_free(ctx, biexp);
+    return biR;
+}
+#endif
+/** @} */
diff --git a/ssl/bigint.h b/ssl/bigint.h
new file mode 100644
index 0000000000..5a13c5ae42
--- /dev/null
+++ b/ssl/bigint.h
@@ -0,0 +1,93 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef BIGINT_HEADER
+#define BIGINT_HEADER
+
+#include "config.h"
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
+
+#include "os_port.h"
+#include "bigint_impl.h"
+
+#ifndef CONFIG_BIGINT_CHECK_ON
+#define check(A)                /**< disappears in normal production mode */
+#endif
+BI_CTX *bi_initialize(void);
+void bi_terminate(BI_CTX *ctx);
+void bi_permanent(bigint *bi);
+void bi_depermanent(bigint *bi);
+void bi_free(BI_CTX *ctx, bigint *bi);
+bigint *bi_copy(bigint *bi);
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
+void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
+bigint *int_to_bi(BI_CTX *ctx, comp i);
+
+/* the functions that actually do something interesting */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
+        bigint *bib, int *is_negative);
+bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
+int bi_compare(bigint *bia, bigint *bib);
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
+void bi_free_mod(BI_CTX *ctx, int mod_offset);
+
+#ifdef CONFIG_SSL_FULL_MODE
+void bi_print(const char *label, bigint *bi);
+bigint *bi_str_import(BI_CTX *ctx, const char *data);
+#endif
+
+/**
+ * @def bi_mod
+ * Find the residue of B. bi_set_mod() must be called before hand.
+ */
+#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
+
+/**
+ * bi_residue() is technically the same as bi_mod(), but it uses the
+ * appropriate reduction technique (which is bi_mod() when doing classical
+ * reduction).
+ */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#elif defined(CONFIG_BIGINT_BARRETT)
+#define bi_residue(A, B)         bi_barrett(A, B)
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
+#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
+#define bi_residue(A, B)         bi_mod(A, B)
+#endif
+
+#ifdef CONFIG_BIGINT_SQUARE
+bigint *bi_square(BI_CTX *ctx, bigint *bi);
+#else
+#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
+#endif
+
+#endif
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
new file mode 100644
index 0000000000..762a7ccbb2
--- /dev/null
+++ b/ssl/bigint_impl.h
@@ -0,0 +1,105 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef BIGINT_IMPL_HEADER
+#define BIGINT_IMPL_HEADER
+
+/* Maintain a number of precomputed variables when doing reduction */
+#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
+#ifdef CONFIG_BIGINT_CRT
+#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
+#define BIGINT_Q_OFFSET     2    /**< q module offset. */
+#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
+#else
+#define BIGINT_NUM_MODS     1    
+#endif
+
+/* Architecture specific functions for big ints */
+#ifdef WIN32
+#define COMP_RADIX          4294967296i64         
+#define COMP_BIG_MSB        0x8000000000000000i64 
+#else
+#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
+#define COMP_BIG_MSB        0x8000000000000000ULL /**< (Max dbl comp + 1)/ 2 */
+#endif
+#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
+
+typedef uint32_t comp;	        /**< A single precision component. */
+typedef uint64_t long_comp;     /**< A double precision component. */
+typedef int64_t slong_comp;     /**< A signed double precision component. */
+
+/**
+ * @struct  _bigint
+ * @brief A big integer basic object
+ */
+struct _bigint
+{
+    struct _bigint* next;       /**< The next bigint in the cache. */
+    short size;                 /**< The number of components in this bigint. */
+    short max_comps;            /**< The heapsize allocated for this bigint */
+    int refs;                   /**< An internal reference count. */
+    comp* comps;                /**< A ptr to the actual component data */
+};
+
+typedef struct _bigint bigint;  /**< An alias for _bigint */
+
+/**
+ * Maintains the state of the cache, and a number of variables used in 
+ * reduction.
+ */
+typedef struct /**< A big integer "session" context. */
+{
+    bigint *active_list;                    /**< Bigints currently used. */
+    bigint *free_list;                      /**< Bigints not used. */
+    bigint *bi_radix;                       /**< The radix used. */
+    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
+    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
+    comp N0_dash[BIGINT_NUM_MODS];
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
+#endif
+    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
+    bigint **g;                 /**< Used by sliding-window. */
+    int window;                 /**< The size of the sliding window */
+    int active_count;           /**< Number of active bigints. */
+    int free_count;             /**< Number of free bigints. */
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    uint8_t use_classical;      /**< Use classical reduction. */
+#endif
+    uint8_t mod_offset;         /**< The mod offset we are using */
+} BI_CTX;
+
+#ifndef WIN32
+#define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
+#endif
+
+#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
+
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
+#endif
diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..972a9e4b5e
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,43 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
+  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
+  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
+  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
+  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
+  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
+  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
+  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
+  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
+  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
+  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
+  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
+  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
+  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
+  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
+  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
+  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
+  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
+  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
+  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
+  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
+  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
+  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
+  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
+  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
+};
+unsigned int default_certificate_len = 475;
diff --git a/ssl/crypto.h b/ssl/crypto.h
new file mode 100644
index 0000000000..9bf446f246
--- /dev/null
+++ b/ssl/crypto.h
@@ -0,0 +1,285 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bigint.h"
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[AES_IV_SIZE];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    int x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
+    uint32_t Length_Low;            /* Message length in bits      */
+    uint32_t Length_High;           /* Message length in bits      */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks      */
+} SHA1_CTX;
+
+void SHA1Init(SHA1_CTX *);
+void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1Final(SHA1_CTX *, uint8_t *digest);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+/* MD5 context. */
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   3
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_TYPE            2
+
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_SEQUENCE           0x30
+#define ASN1_SET                0x31
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_EXPLICIT_TAG       0xa0
+
+#define SALT_SIZE               8
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+#if defined(_WIN32_WCE)
+    long not_before;
+    long not_after;
+#else
+    time_t not_before;
+    time_t not_after;
+#endif
+    uint8_t *signature;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+void x509_display_error(int error);
+#endif
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
new file mode 100644
index 0000000000..fec3620893
--- /dev/null
+++ b/ssl/crypto_misc.c
@@ -0,0 +1,345 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Some misc. routines to help things out
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "crypto.h"
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#include "wincrypt.h"
+#endif
+
+#ifndef WIN32
+static int rng_fd = -1;
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+static HCRYPTPROV gCryptProv;
+#endif
+
+#if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+static uint64_t rng_num;
+#endif
+
+static int rng_ref_count;
+const char * const unsupported_str = "Error: feature not supported\n";
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+/** 
+ * Retrieve a file and put it into memory
+ * @return The size of the file, or -1 on failure.
+ */
+int get_file(const char *filename, uint8_t **buf)
+{
+    int total_bytes = 0;
+    int bytes_read = 0; 
+    int filesize;
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE         
+        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
+#endif
+        return -1;
+    }
+
+    /* Win CE doesn't support stat() */
+    fseek(stream, 0, SEEK_END);
+    filesize = ftell(stream);
+    *buf = (uint8_t *)malloc(filesize);
+    fseek(stream, 0, SEEK_SET);
+
+    do
+    {
+        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
+        total_bytes += bytes_read;
+    } while (total_bytes < filesize && bytes_read > 0);
+    
+    fclose(stream);
+    return filesize;
+}
+#endif
+
+/**
+ * Initialise the Random Number Generator engine.
+ * - On Win32 use the platform SDK's crypto engine.
+ * - On Linux use /dev/urandom
+ * - If none of these work then use a custom RNG.
+ */
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
+{
+    if (rng_ref_count == 0)
+    {
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+        rng_fd = ax_open("/dev/urandom", O_RDONLY);
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+        if (!CryptAcquireContext(&gCryptProv, 
+                          NULL, NULL, PROV_RSA_FULL, 0))
+        {
+            if (GetLastError() == NTE_BAD_KEYSET &&
+                    !CryptAcquireContext(&gCryptProv, 
+                           NULL, 
+                           NULL, 
+                           PROV_RSA_FULL, 
+                           CRYPT_NEWKEYSET))
+            {
+                printf("CryptoLib: %x\n", unsupported_str, GetLastError());
+                exit(1);
+            }
+        }
+#else   
+        /* help seed with the user's private key - this is a number that 
+           should be hard to find, due to the fact that it relies on knowing 
+           the private key */
+        int i;  
+
+        for (i = 0; i < size/(int)sizeof(uint64_t); i++)
+            rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
+
+        srand((long)seed_buf);  /* use the stack ptr as another rnd seed */
+#endif
+    }
+
+    rng_ref_count++;
+}
+
+/**
+ * Terminate the RNG engine.
+ */
+EXP_FUNC void STDCALL RNG_terminate(void)
+{
+    if (--rng_ref_count == 0)
+    {
+#ifndef WIN32
+        close(rng_fd);
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+        CryptReleaseContext(gCryptProv, 0);
+#endif
+    }
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes can be 0
+ */
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
+{   
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    /* use the Linux default */
+    read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    /* use Microsoft Crypto Libraries */
+    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#else   /* nothing else to use, so use a custom RNG */
+    /* The method we use when we've got nothing better. Use RC4, time 
+       and a couple of random seeds to generate a random sequence */
+    RC4_CTX rng_ctx;
+    struct timeval tv;
+    uint64_t big_num1, big_num2;
+
+    gettimeofday(&tv, NULL);    /* yes I know we shouldn't do this */
+
+    /* all numbers by themselves are pretty simple, but combined should 
+     * be a challenge */
+    big_num1 = (uint64_t)tv.tv_sec*(tv.tv_usec+1); 
+    big_num2 = (uint64_t)rand()*big_num1;
+    big_num1 ^= rng_num;
+
+    memcpy(rand_data, &big_num1, sizeof(uint64_t));
+    if (num_rand_bytes > sizeof(uint64_t))
+        memcpy(&rand_data[8], &big_num2, sizeof(uint64_t));
+
+    if (num_rand_bytes > 16)
+    {
+        /* clear rest of data */
+        memset(&rand_data[16], 0, num_rand_bytes-16); 
+    }
+
+    RC4_setup(&rng_ctx, rand_data, 16); /* use as a key */
+    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+    
+    /* use last 8 bytes for next time */
+    memcpy(&rng_num, &rand_data[num_rand_bytes-8], sizeof(uint64_t));    
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes are not zero.
+ */
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+{
+    int i;
+    get_random(num_rand_bytes, rand_data);
+
+    for (i = 0; i < num_rand_bytes; i++)
+    {
+        while (rand_data[i] == 0)  /* can't be 0 */
+            rand_data[i] = (uint8_t)(rand());
+    }
+}
+
+/**
+ * Some useful diagnostic routines
+ */
+#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
+int hex_finish;
+int hex_index;
+
+static void print_hex_init(int finish)
+{
+    hex_finish = finish;
+    hex_index = 0;
+}
+
+static void print_hex(uint8_t hex)
+{
+    static int column;
+
+    if (hex_index == 0)
+    {
+        column = 0;
+    }
+
+    printf("%02x ", hex);
+    if (++column == 8)
+    {
+        printf(": ");
+    }
+    else if (column >= 16)
+    {
+        printf("\n");
+        column = 0;
+    }
+
+    if (++hex_index >= hex_finish && column > 0)
+    {
+        printf("\n");
+    }
+}
+
+/**
+ * Spit out a blob of data for diagnostics. The data is is a nice column format
+ * for easy reading.
+ *
+ * @param format   [in]    The string (with possible embedded format characters)
+ * @param size     [in]    The number of numbers to print
+ * @param data     [in]    The start of data to use
+ * @param ...      [in]    Any additional arguments
+ */
+EXP_FUNC void STDCALL print_blob(const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    int i;
+    char tmp[80];
+    va_list(ap);
+
+    va_start(ap, size);
+    sprintf(tmp, "%s\n", format);
+    vprintf(tmp, ap);
+    print_hex_init(size);
+    for (i = 0; i < size; i++)
+    {
+        print_hex(data[i]);
+    }
+
+    va_end(ap);
+    TTY_FLUSH();
+}
+#elif defined(WIN32)
+/* VC6.0 doesn't handle variadic macros */
+EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
+        int size, ...) {}
+#endif
+
+#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+/* base64 to binary lookup table */
+static const uint8_t map[128] =
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+EXP_FUNC int STDCALL base64_decode(const char *in, int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++)
+    {
+        if ((c = map[in[x]&0x7F]) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0)
+                goto error;
+        }
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4)
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1)
+                out[z++] = (uint8_t)((t>>8)&255);
+
+            if (g > 2)
+                out[z++] = (uint8_t)(t&255);
+
+            y = t = 0;
+        }
+    }
+
+    if (y != 0)
+        goto error;
+
+    if (outlen)
+        *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+        printf("Error: Invalid base64\n"); TTY_FLUSH();
+#endif
+    TTY_FLUSH();
+    return ret;
+
+}
+#endif
+
diff --git a/ssl/hmac.c b/ssl/hmac.c
new file mode 100644
index 0000000000..8ac6ad3c1c
--- /dev/null
+++ b/ssl/hmac.c
@@ -0,0 +1,88 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * HMAC implementation - This code was originally taken from RFC2104
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/**
+ * Perform HMAC-MD5
+ */
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    MD5_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5Init(&context);
+    MD5Update(&context, k_ipad, 64);
+    MD5Update(&context, msg, length);
+    MD5Final(&context, digest);
+    MD5Init(&context);
+    MD5Update(&context, k_opad, 64);
+    MD5Update(&context, digest, MD5_SIZE);
+    MD5Final(&context, digest);
+}
+
+/**
+ * Perform HMAC-SHA1
+ */
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA1_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA1Init(&context);
+    SHA1Update(&context, k_ipad, 64);
+    SHA1Update(&context, msg, length);
+    SHA1Final(&context, digest);
+    SHA1Init(&context);
+    SHA1Update(&context, k_opad, 64);
+    SHA1Update(&context, digest, SHA1_SIZE);
+    SHA1Final(&context, digest);
+}
diff --git a/ssl/loader.c b/ssl/loader.c
new file mode 100644
index 0000000000..c3d8373d9f
--- /dev/null
+++ b/ssl/loader.c
@@ -0,0 +1,375 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Load certificates/keys into memory. These can be in many different formats.
+ * PEM support and other formats can be processed here.
+ *
+ * The PEM private keys may be optionally encrypted with AES128 or AES256. 
+ * The encrypted PEM keys were generated with something like:
+ *
+ * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_HAS_PEM
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
+                    const char *password);
+#endif
+
+/*
+ * Load a file into memory that is in binary DER (or ascii PEM) format.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
+                            const char *filename, const char *password)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    static const char * const begin = "-----BEGIN";
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+
+    if (filename == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+    ssl_obj->len = get_file(filename, &ssl_obj->buf);
+
+    if (ssl_obj->len <= 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    /* is the file a PEM file? */
+    if (strncmp((char *)ssl_obj->buf, begin, strlen(begin)) == 0)
+    {
+#ifdef CONFIG_SSL_HAS_PEM
+        ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
+#else
+        printf(unsupported_str);
+        ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    else
+        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+#else
+    printf(unsupported_str);
+    return SSL_ERROR_NOT_SUPPORTED;
+#endif /* CONFIG_SSL_SKELETON_MODE */
+}
+
+/*
+ * Transfer binary data into the object loader.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
+        const uint8_t *data, int len, const char *password)
+{
+    int ret;
+
+    SSLObjLoader *ssl_obj;
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_obj->buf, data, len);
+    ssl_obj->len = len;
+    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Actually work out what we are doing 
+ */
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password)
+{
+    int ret = SSL_OK;
+
+    switch (obj_type)
+    {
+        case SSL_OBJ_RSA_KEY:
+            ret = add_private_key(ssl_ctx, ssl_obj);
+            break;
+
+        case SSL_OBJ_X509_CERT:
+            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_OBJ_X509_CACERT:
+            ret = add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+#endif
+
+#ifdef CONFIG_SSL_USE_PKCS12
+        case SSL_OBJ_PKCS8:
+            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
+            break;
+
+        case SSL_OBJ_PKCS12:
+            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
+            break;
+#endif
+        default:
+            printf(unsupported_str);
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Clean up our mess.
+ */
+void ssl_obj_free(SSLObjLoader *ssl_obj)
+{
+    if (ssl_obj)
+    {
+        free(ssl_obj->buf);
+        free(ssl_obj);
+    }
+}
+
+/*
+ * Support for PEM encoded keys/certificates.
+ */
+#ifdef CONFIG_SSL_HAS_PEM
+
+#define NUM_PEM_TYPES               3
+#define IV_SIZE                     16
+#define IS_RSA_PRIVATE_KEY          0
+#define IS_ENCRYPTED_PRIVATE_KEY    1
+#define IS_CERTIFICATE              2
+
+static const char * const begins[NUM_PEM_TYPES] =
+{
+    "-----BEGIN RSA PRIVATE KEY-----",
+    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN CERTIFICATE-----",
+};
+
+static const char * const ends[NUM_PEM_TYPES] =
+{
+    "-----END RSA PRIVATE KEY-----",
+    "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END CERTIFICATE-----",
+};
+
+static const char * const aes_str[2] =
+{
+    "DEK-Info: AES-128-CBC,",
+    "DEK-Info: AES-256-CBC," 
+};
+
+/**
+ * Take a base64 blob of data and decrypt it (using AES) into its 
+ * proper ASN.1 form.
+ */
+static int pem_decrypt(const char *where, const char *end,
+                        const char *password, SSLObjLoader *ssl_obj)
+{
+    int ret = -1;
+    int is_aes_256 = 0;
+    char *start = NULL;
+    uint8_t iv[IV_SIZE];
+    int i, pem_size;
+    MD5_CTX md5_ctx;
+    AES_CTX aes_ctx;
+    uint8_t key[32];        /* AES256 size */
+
+    if (password == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: need a password for this PEM file\n");
+#endif
+        goto error;
+    }
+
+    if ((start = strstr((const char *)where, aes_str[0])))         /* AES128? */
+    {
+        start += strlen(aes_str[0]);
+    }
+    else if ((start = strstr((const char *)where, aes_str[1])))    /* AES256? */
+    {
+        is_aes_256 = 1;
+        start += strlen(aes_str[1]);
+    }
+    else 
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Unsupported password cipher\n");
+#endif
+        goto error;
+    }
+
+    /* convert from hex to binary - assumes uppercase hex */
+    for (i = 0; i < IV_SIZE; i++)
+    {
+        char c = *start++ - '0';
+        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
+        c = *start++ - '0';
+        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
+    }
+
+    while (*start == '\r' || *start == '\n')
+        start++;
+
+    /* turn base64 into binary */
+    pem_size = (int)(end-start);
+    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
+        goto error;
+
+    /* work out the key */
+    MD5Init(&md5_ctx);
+    MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5Update(&md5_ctx, iv, SALT_SIZE);
+    MD5Final(&md5_ctx, key);
+
+    if (is_aes_256)
+    {
+        MD5Init(&md5_ctx);
+        MD5Update(&md5_ctx, key, MD5_SIZE);
+        MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5Update(&md5_ctx, iv, SALT_SIZE);
+        MD5Final(&md5_ctx, &key[MD5_SIZE]);
+    }
+
+    /* decrypt using the key/iv */
+    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
+    AES_convert_key(&aes_ctx);
+    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
+    ret = 0;
+
+error:
+    return ret; 
+}
+
+/**
+ * Take a base64 blob of data and turn it into its proper ASN.1 form.
+ */
+static int new_pem_obj(SSL_CTX *ssl_ctx, char *where, 
+                    int remain, const char *password)
+{
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+    int i, pem_size, obj_type;
+    char *start = NULL, *end = NULL;
+
+    for (i = 0; i < NUM_PEM_TYPES; i++)
+    {
+        if ((start = strstr(where, begins[i])) &&
+                (end = strstr(where, ends[i])))
+        {
+            remain -= (int)(end-start);
+            start += strlen(begins[i]);
+            pem_size = (int)(end-start);
+
+            ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+            /* 4/3 bigger than what we need but so what */
+            ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+
+            if (i == IS_RSA_PRIVATE_KEY && 
+                        strstr(start, "Proc-Type:") && 
+                        strstr(start, "4,ENCRYPTED"))
+            {
+                /* check for encrypted PEM file */
+                if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                    goto error;
+            }
+            else if (base64_decode(start, pem_size, 
+                        ssl_obj->buf, &ssl_obj->len) != 0)
+                goto error;
+
+            switch (i)
+            {
+                case IS_RSA_PRIVATE_KEY:
+                    obj_type = SSL_OBJ_RSA_KEY;
+                    break;
+
+                case IS_ENCRYPTED_PRIVATE_KEY:
+                    obj_type = SSL_OBJ_PKCS8;
+                    break;
+
+                case IS_CERTIFICATE:
+                    obj_type = SSL_OBJ_X509_CERT;
+                    break;
+
+                default:
+                    goto error;
+            }
+
+            /* In a format we can now understand - so process it */
+            if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
+                goto error;
+
+            end += strlen(ends[i]);
+            remain -= strlen(ends[i]);
+            while (remain > 0 && (*end == '\r' || *end == '\n'))
+            {
+                end++;
+                remain--;
+            }
+
+            break;
+        }
+    }
+
+    if (i == NUM_PEM_TYPES)
+        goto error;
+
+    /* more PEM stuff to process? */
+    if (remain)
+        ret = new_pem_obj(ssl_ctx, end, remain, password);
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Load a file into memory that is in ASCII PEM format.
+ */
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
+                                        const char *password)
+{
+    char *start;
+
+    /* add a null terminator */
+    ssl_obj->len++;
+    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
+    ssl_obj->buf[ssl_obj->len-1] = 0;
+    start = (char *)ssl_obj->buf;
+    return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
+}
+#endif /* CONFIG_SSL_HAS_PEM */
diff --git a/ssl/md5.c b/ssl/md5.c
new file mode 100644
index 0000000000..39272d9981
--- /dev/null
+++ b/ssl/md5.c
@@ -0,0 +1,281 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * This file implements the MD5 algorithm as defined in RFC1321
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+/* ----- static functions ----- */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
+
+static const uint8_t PADDING[64] = 
+{
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.  */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.  */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/**
+ * MD5 initialization - begins an MD5 operation, writing a new ctx.
+ */
+EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
+{
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Load magic initialization constants.
+     */
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xefcdab89;
+    ctx->state[2] = 0x98badcfe;
+    ctx->state[3] = 0x10325476;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t x;
+    int i, partLen;
+
+    /* Compute number of bytes mod 64 */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
+
+    /* Update number of bits */
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
+        ctx->count[1]++;
+    ctx->count[1] += ((uint32_t)len >> 29);
+
+    partLen = 64 - x;
+
+    /* Transform as many times as possible.  */
+    if (len >= partLen) 
+    {
+        memcpy(&ctx->buffer[x], msg, partLen);
+        MD5Transform(ctx->state, ctx->buffer);
+
+        for (i = partLen; i + 63 < len; i += 64)
+            MD5Transform(ctx->state, &msg[i]);
+
+        x = 0;
+    }
+    else
+        i = 0;
+
+    /* Buffer remaining input */
+    memcpy(&ctx->buffer[x], &msg[i], len-i);
+}
+
+/**
+ * Return the 128-bit message digest into the user's array
+ */
+EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
+{
+    uint8_t bits[8];
+    uint32_t x, padLen;
+
+    /* Save number of bits */
+    Encode(bits, ctx->count, 8);
+
+    /* Pad out to 56 mod 64.
+     */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+    padLen = (x < 56) ? (56 - x) : (120 - x);
+    MD5Update(ctx, PADDING, padLen);
+
+    /* Append length (before padding) */
+    MD5Update(ctx, bits, 8);
+
+    /* Store state in digest */
+    Encode(digest, ctx->state, MD5_SIZE);
+}
+
+/**
+ * MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+{
+    uint32_t a = state[0], b = state[1], c = state[2], 
+             d = state[3], x[MD5_SIZE];
+
+    Decode(x, block, 64);
+
+    /* Round 1 */
+    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+    /* Round 2 */
+    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+    /* Round 3 */
+    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+    /* Round 4 */
+    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+}
+
+/**
+ * Encodes input (uint32_t) into output (uint8_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4) 
+    {
+        output[j] = (uint8_t)(input[i] & 0xff);
+        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+    }
+}
+
+/**
+ *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4)
+        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+}
diff --git a/ssl/openssl.c b/ssl/openssl.c
new file mode 100644
index 0000000000..1c5ddf7e11
--- /dev/null
+++ b/ssl/openssl.c
@@ -0,0 +1,209 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Lesser License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * Enable a subset of openssl compatible functions. We don't aim to be 100%
+ * compatible - just to be able to do basic ports etc.
+ *
+ * Only really tested on mini_httpd, so I'm not too sure how extensive this
+ * port is.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include "ssl.h"
+
+#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+
+void *SSLv23_server_method(void) { return NULL; }
+void *SSLv3_server_method(void) { return NULL; }
+void *TLSv1_server_method(void) { return NULL; }
+void *SSLv23_client_method(void) { return NULL; }
+void *SSLv3_client_method(void) { return NULL; }
+void *TLSv1_client_method(void) { return NULL; }
+
+typedef void * (*ssl_func_type_t)(void);
+typedef void * (*bio_func_type_t)(void);
+
+typedef struct
+{
+    ssl_func_type_t ssl_func_type;
+} OPENSSL_CTX;
+
+SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
+{
+    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
+    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
+    OPENSSL_CTX_ATTR->ssl_func_type = meth;
+    return ssl_ctx;
+}
+
+void SSL_CTX_free(SSL_CTX * ssl_ctx)
+{
+    free(ssl_ctx->bonus_attr);
+    ssl_ctx_free(ssl_ctx);
+}
+
+SSL * SSL_new(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    ssl_func_type_t ssl_func_type;
+
+    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
+    ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (ssl_func_type == SSLv23_client_method ||
+        ssl_func_type == SSLv3_client_method ||
+        ssl_func_type == TLSv1_client_method)
+    {
+        SET_SSL_FLAG(SSL_IS_CLIENT);
+    }
+    else
+#endif
+    {
+        ssl->next_state = HS_CLIENT_HELLO;
+    }
+
+    return ssl;
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+    s->client_fd = fd;
+    return 1;   /* always succeeds */
+}
+
+int SSL_accept(SSL *ssl)
+{
+    while (ssl_read(ssl, NULL) == SSL_OK)
+    {
+        if (ssl->next_state == HS_CLIENT_HELLO)
+            return 1;   /* we're done */
+    }
+
+    return -1;
+}
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int SSL_connect(SSL *ssl)
+{
+    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
+}
+#endif
+
+void SSL_free(SSL *ssl)
+{
+    ssl_free(ssl);
+}
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+    uint8_t *read_buf;
+    int ret;
+
+    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
+
+    if (ret > SSL_OK)
+    {
+        memcpy(buf, read_buf, ret > num ? num : ret);
+    }
+
+    return ret;
+}
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+    return ssl_write(ssl, buf, num);
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
+{
+    return (ssl_obj_memory_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
+}
+
+#if 0
+const uint8_t *SSL_get_session(const SSL *ssl)
+{
+    /* TODO: return SSL_SESSION type */
+    return ssl_get_session_id(ssl);
+}
+#endif
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_set_cipher_list(SSL *s, const char *str)
+{
+    return 1;
+}
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+    ssl_display_error(ret);
+    return 0;   /* TODO: return proper return code */
+}
+
+void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
+int SSL_library_init(void ) { return 1; }
+void SSL_load_error_strings(void ) {}
+void ERR_print_errors_fp(FILE *fp) {}
+long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
+                            return CONFIG_SSL_EXPIRY_TIME*3600; }
+long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
+                            return SSL_CTX_get_timeout(ssl_ctx); }
+void BIO_printf(FILE *f, const char *format, ...)
+{
+    va_list(ap);
+    va_start(ap, format);
+    vfprintf(f, format, ap);
+    va_end(ap);
+}
+
+void* BIO_s_null(void) { return NULL; }
+FILE *BIO_new(bio_func_type_t func)
+{
+    if (func == BIO_s_null)
+        return fopen("/dev/null", "r");
+    else
+        return NULL;
+}
+
+FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
+int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
+
+
+
+#endif
diff --git a/ssl/os_port.c b/ssl/os_port.c
new file mode 100644
index 0000000000..9b25473897
--- /dev/null
+++ b/ssl/os_port.c
@@ -0,0 +1,142 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file os_port.c
+ *
+ * OS specific functions.
+ */
+#include <time.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdarg.h>
+#include "os_port.h"
+
+#ifdef WIN32
+/**
+ * gettimeofday() not in Win32 
+ */
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
+{       
+#if defined(_WIN32_WCE)
+    t->tv_sec = time(NULL);
+    t->tv_usec = 0;                         /* 1sec precision only */ 
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    t->tv_sec = (long)timebuffer.time;
+    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
+#endif
+}
+
+/**
+ * strcasecmp() not in Win32
+ */
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
+{
+    while (tolower(*s1) == tolower(*s2++))
+    {
+        if (*s1++ == '\0')
+        {
+            return 0;
+        }
+    }
+
+    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
+}
+
+#endif
+
+#undef malloc
+#undef realloc
+#undef calloc
+#undef open
+#undef fopen
+
+static const char * out_of_mem_str = "out of memory";
+static const char * file_open_str = "Could not open file \"%s\"";
+
+/* 
+ * Some functions that call display some error trace and then call abort().
+ * This just makes life much easier on embedded systems, since we're 
+ * suffering major trauma...
+ */
+EXP_FUNC void * STDCALL ax_malloc(size_t s)
+{
+    void *x;
+
+    if ((x = malloc(s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
+{
+    void *x;
+
+    if ((x = realloc(y, s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
+{
+    void *x;
+
+    if ((x = calloc(n, s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
+{
+    FILE *f; 
+
+    if ((f = fopen(pathname, type)) == NULL)
+        exit_now(file_open_str, pathname);
+
+    return  f;
+}
+
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
+{
+    int x;
+
+    if ((x = open(pathname, flags)) < 0)
+        exit_now(file_open_str, pathname);
+
+    return x;
+}
+
+/**
+ * This is a call which will deliberately exit an application, but will
+ * display some information before dying.
+ */
+void exit_now(const char *format, ...)
+{
+    va_list argp;
+
+    va_start(argp, format);
+    vfprintf(stderr, format, argp);
+    va_end(argp);
+    abort();
+}
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
new file mode 100644
index 0000000000..54a7370dbf
--- /dev/null
+++ b/ssl/os_port.h
@@ -0,0 +1,166 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file os_port.h
+ *
+ * Some stuff to minimise the differences between windows and linux/unix
+ */
+
+#ifndef HEADER_OS_PORT_H
+#define HEADER_OS_PORT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+
+#if defined(WIN32)
+#define STDCALL                 __stdcall
+#define EXP_FUNC                __declspec(dllexport)
+#else
+#define STDCALL
+#define EXP_FUNC
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WIN32
+#define WIN32
+#endif
+
+#ifdef WIN32
+
+/* Windows CE stuff */
+#if defined(_WIN32_WCE)
+#include <basetsd.h>
+#define abort()                 exit(1)
+#else
+#include <io.h>
+#include <process.h>
+#include <sys/timeb.h>
+#include <fcntl.h>
+#endif      /* _WIN32_WCE */
+
+#include <winsock.h>
+#include <direct.h>
+#undef getpid
+#undef open
+#undef close
+#undef sleep
+#undef gettimeofday
+#undef dup2
+#undef unlink
+
+#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
+#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
+#define SOCKET_CLOSE(A)         closesocket(A)
+#define srandom(A)              srand(A)
+#define random()                rand()
+#define getpid()                _getpid()
+#define snprintf                _snprintf
+#define open(A,B)               _open(A,B)
+#define dup2(A,B)               _dup2(A,B)
+#define unlink(A)               _unlink(A)
+#define close(A)                _close(A)
+#define read(A,B,C)             _read(A,B,C)
+#define write(A,B,C)            _write(A,B,C)
+#define sleep(A)                Sleep(A*1000)
+#define usleep(A)               Sleep(A/1000)
+#define strdup(A)               _strdup(A)
+#define chroot(A)               _chdir(A)
+#ifndef lseek
+#define lseek(A,B,C)            _lseek(A,B,C)
+#endif
+
+/* This fix gets around a problem where a win32 application on a cygwin xterm
+   doesn't display regular output (until a certain buffer limit) - but it works
+   fine under a normal DOS window. This is a hack to get around the issue - 
+   see http://www.khngai.com/emacs/tty.php  */
+#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
+
+/*
+ * automatically build some library dependencies.
+ */
+#pragma comment(lib, "WS2_32.lib")
+
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#pragma comment(lib, "AdvAPI32.lib")
+#endif
+
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
+
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
+
+#else   /* Not Win32 */
+
+#ifdef CONFIG_PLATFORM_SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#include <unistd.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#define SOCKET_READ(A,B,C)      read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     write(A,B,C)
+#define SOCKET_CLOSE(A)         close(A)
+#define TTY_FLUSH()
+
+#endif  /* Not Win32 */
+
+/* some functions to mutate the way these work */
+#define malloc(A)       ax_malloc(A)
+#define realloc(A,B)    ax_realloc(A,B)
+#define calloc(A,B)     ax_calloc(A,B)
+
+EXP_FUNC void * STDCALL ax_malloc(size_t s);
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
+EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type);
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+
+#ifdef CONFIG_PLATFORM_LINUX
+void exit_now(const char *format, ...) __attribute((noreturn));
+#else
+void exit_now(const char *format, ...);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/p12.c b/ssl/p12.c
new file mode 100644
index 0000000000..19b00b8727
--- /dev/null
+++ b/ssl/p12.c
@@ -0,0 +1,474 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Process PKCS#8/PKCS#12 keys.
+ *
+ * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
+ * key generated with:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
+ * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
+ *
+ * or with a certificate chain:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
+ * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
+ *
+ * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
+ * private/public keys/certs have to use RSA encryption. Both the integrity
+ * and privacy passwords are the same.
+ *
+ * The PKCS#8 files were generated with something like:
+ *
+ * PEM format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
+ * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+ *
+ * DER format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
+ * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+/* all commented out if not used */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+#define BLOCK_SIZE          64
+#define PKCS12_KEY_ID       1
+#define PKCS12_IV_ID        2
+#define PKCS12_MAC_ID       3
+
+static char *make_uni_pass(const char *password, int *uni_pass_len);
+static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id);
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations);
+
+/*
+ * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
+ */
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, offset = 0;
+    int iterations;
+    int ret = SSL_NOT_OK;
+    uint8_t *version = NULL;
+    const uint8_t *salt;
+    uint8_t *priv_key;
+    int uni_pass_len;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p8 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    /* unencrypted key? */
+    if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
+    {
+        ret = p8_add_key(ssl_ctx, buf);
+        goto error;
+    }
+
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
+        goto error;
+
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    priv_key = &buf[offset];
+
+    p8_decrypt(uni_pass, uni_pass_len, salt, 
+                        iterations, priv_key, len, PKCS12_KEY_ID);
+    ret = p8_add_key(ssl_ctx, priv_key);
+
+error:
+    free(version);
+    free(uni_pass);
+    return ret;
+}
+
+/*
+ * Take the unencrypted pkcs8 and turn it into a private key 
+ */
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
+{
+    uint8_t *buf = priv_key;
+    int len, offset = 0;
+    int ret = SSL_NOT_OK;
+
+    /* Skip the preamble and go straight to the private key.
+       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
+
+error:
+    return ret;
+}
+
+/*
+ * Create the unicode password 
+ */
+static char *make_uni_pass(const char *password, int *uni_pass_len)
+{
+    int pass_len = 0, i;
+    char *uni_pass;
+
+    if (password == NULL)
+    {
+        password = "";
+    }
+
+    uni_pass = (char *)malloc((strlen(password)+1)*2);
+
+    /* modify the password into a unicode version */
+    for (i = 0; i < (int)strlen(password); i++)
+    {
+        uni_pass[pass_len++] = 0;
+        uni_pass[pass_len++] = password[i];
+    }
+
+    uni_pass[pass_len++] = 0;       /* null terminate */
+    uni_pass[pass_len++] = 0;
+    *uni_pass_len = pass_len;
+    return uni_pass;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *uni_pass, int uni_pass_len,
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    int i;
+
+    for (i = 0; i < BLOCK_SIZE; i++)
+    {
+        p[i] = salt[i % SALT_SIZE];
+        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
+        d[i] = id;
+    }
+
+    /* get the key - no IV since we are using RC4 */
+    SHA1Init(&sha_ctx);
+    SHA1Update(&sha_ctx, d, sizeof(d));
+    SHA1Update(&sha_ctx, p, sizeof(p));
+    SHA1Final(&sha_ctx, Ai);
+
+    for (i = 1; i < iter; i++)
+    {
+        SHA1Init(&sha_ctx);
+        SHA1Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1Final(&sha_ctx, Ai);
+    }
+
+    /* do the decryption */
+    if (id == PKCS12_KEY_ID)
+    {
+        RC4_setup(&rc4_ctx, Ai, 16);
+        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    }
+    else  /* MAC */
+        memcpy(priv_key, Ai, SHA1_SIZE);
+
+    return 0;
+}
+
+/*
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
+ * and keys.
+ */
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int all_ok = 0, len, iterations, auth_safes_start, 
+              auth_safes_end, auth_safes_len, key_offset, offset = 0;
+    int all_certs = 0;
+    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
+    uint8_t key[SHA1_SIZE];
+    uint8_t mac[SHA1_SIZE];
+    const uint8_t *salt;
+    int uni_pass_len, ret;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+    static const uint8_t pkcs_data[] = /* pkc7 data */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
+    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
+    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p12 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
+    {
+        error_code = SSL_ERROR_INVALID_VERSION;
+        goto error;
+    }
+
+    /* remove all the boring pcks7 bits */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
+                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+                len != sizeof(pkcs_data) || 
+                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
+        goto error;
+
+    /* work out the MAC start/end points (done on AuthSafes) */
+    auth_safes_start = offset;
+    auth_safes_end = offset;
+    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
+        goto error;
+
+    auth_safes_len = auth_safes_end - auth_safes_start;
+    auth_safes = malloc(auth_safes_len);
+
+    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs_encrypted) || 
+            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the certificate */
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
+        goto error;
+
+    /* decrypt the certificate */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the certificate */
+    key_offset = 0;
+    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
+
+    /* keep going until all certs are loaded */
+    while (key_offset < all_certs)
+    {
+        int cert_offset = key_offset;
+
+        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
+            goto error;
+
+        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
+            goto error;
+
+        key_offset = cert_offset;
+    }
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs8_key_bag)) || 
+            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the private key */
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    /* decrypt the private key */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the private key */
+    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
+        goto error;
+
+    /* miss out on friendly name, local key id etc */
+    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
+        goto error;
+
+    /* work out the MAC */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != SHA1_SIZE)
+        goto error;
+
+    orig_mac = &buf[offset];
+    offset += len;
+
+    /* get the salt */
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
+        goto error;
+
+    salt = &buf[offset];
+
+    /* work out what the mac should be */
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
+                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
+        goto error;
+
+    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
+
+    if (memcmp(mac, orig_mac, SHA1_SIZE))
+    {
+        error_code = SSL_ERROR_INVALID_HMAC;                  
+        goto error;
+    }
+
+    all_ok = 1;
+
+error:
+    free(version);
+    free(uni_pass);
+    free(auth_safes);
+    return all_ok ? SSL_OK : error_code;
+}
+
+/*
+ * Retrieve the salt/iteration details from a PBE block.
+ */
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations)
+{
+    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
+            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
+
+    int i, len;
+    uint8_t *iter = NULL;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+
+    /* Get the PBE type */
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto error;
+
+    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
+       which is the only algorithm we support */
+    if (len != sizeof(pbeSH1RC4) || 
+                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
+#endif
+        goto error;
+    }
+
+    *offset += len;
+
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
+            len != 8)
+        goto error;
+
+    *salt = &buf[*offset];
+    *offset += len;
+
+    if ((len = asn1_get_int(buf, offset, &iter)) < 0)
+        goto error;
+
+    *iterations = 0;
+    for (i = 0; i < len; i++)
+    {
+        (*iterations) <<= 8;
+        (*iterations) += iter[i];
+    }
+
+    free(iter);
+    error_code = SSL_OK;       /* got here - we are ok */
+
+error:
+    return error_code;
+}
+
+#endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..1ce34d6744
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,54 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
+  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
+  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
+  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
+  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
+  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
+  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
+  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
+  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
+  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
+  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
+  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
+  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
+  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
+  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
+  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
+  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
+  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
+  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
+  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
+  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
+  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
+  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
+  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
+  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
+  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
+  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
+  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
+  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
+  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
+  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
+  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
+  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
+  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
+  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
+  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
+  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
+  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
+  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
+  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
+  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
+  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
+  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
+  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
+  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
+  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
+  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
+  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
+  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
+  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/rc4.c b/ssl/rc4.c
new file mode 100644
index 0000000000..7250a669b7
--- /dev/null
+++ b/ssl/rc4.c
@@ -0,0 +1,78 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * An implementation of the RC4/ARC4 algorithm.
+ * Originally written by Christophe Devine.
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/**
+ * Get ready for an encrypt/decrypt operation
+ */
+void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
+{
+    int i, j = 0, k = 0, *m, a;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for (i = 0; i < 256; i++)
+        m[i] = i;
+
+    for (i = 0; i < 256; i++)
+    {
+        a = m[i];
+        j = (uint8_t)(j + a + key[k]);
+        m[i] = m[j]; 
+        m[j] = a;
+
+        if (++k >= length) 
+            k = 0;
+    }
+}
+
+/**
+ * Perform the encrypt/decrypt operation (can use it for either since
+ * this is a stream cipher).
+ */
+void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{ 
+    int i, x, y, *m, a, b;
+    out = (uint8_t *)msg; 
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for (i = 0; i < length; i++)
+    {
+        x = (uint8_t)(x + 1); 
+        a = m[x];
+        y = (uint8_t)(y + a);
+        m[x] = b = m[y];
+        m[y] = a;
+        out[i] ^= m[(uint8_t)(a + b)];
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+}
diff --git a/ssl/rsa.c b/ssl/rsa.c
new file mode 100644
index 0000000000..6f5c8a44a8
--- /dev/null
+++ b/ssl/rsa.c
@@ -0,0 +1,330 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Implements the RSA public encryption algorithm. Uses the bigint library to
+ * perform its calculations.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <stdlib.h>
+#include "crypto.h"
+
+#ifdef CONFIG_BIGINT_CRT
+static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
+#endif
+
+void RSA_priv_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#if CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+    )
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
+    rsa_ctx = *ctx;
+    bi_ctx = rsa_ctx->bi_ctx;
+    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
+    bi_permanent(rsa_ctx->d);
+
+#ifdef CONFIG_BIGINT_CRT
+    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
+    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
+    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
+    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
+    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
+    bi_permanent(rsa_ctx->dP);
+    bi_permanent(rsa_ctx->dQ);
+    bi_permanent(rsa_ctx->qInv);
+    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
+    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
+#endif
+}
+
+void RSA_pub_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len)
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx = bi_initialize();
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
+    rsa_ctx = *ctx;
+    rsa_ctx->bi_ctx = bi_ctx;
+    rsa_ctx->num_octets = (mod_len & 0xFFF0);
+    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
+    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
+    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
+    bi_permanent(rsa_ctx->e);
+}
+
+/**
+ * Free up any RSA context resources.
+ */
+void RSA_free(RSA_CTX *rsa_ctx)
+{
+    BI_CTX *bi_ctx;
+    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
+        return;
+
+    bi_ctx = rsa_ctx->bi_ctx;
+
+    bi_depermanent(rsa_ctx->e);
+    bi_free(bi_ctx, rsa_ctx->e);
+    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
+
+    if (rsa_ctx->d)
+    {
+        bi_depermanent(rsa_ctx->d);
+        bi_free(bi_ctx, rsa_ctx->d);
+#ifdef CONFIG_BIGINT_CRT
+        bi_depermanent(rsa_ctx->dP);
+        bi_depermanent(rsa_ctx->dQ);
+        bi_depermanent(rsa_ctx->qInv);
+        bi_free(bi_ctx, rsa_ctx->dP);
+        bi_free(bi_ctx, rsa_ctx->dQ);
+        bi_free(bi_ctx, rsa_ctx->qInv);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
+#endif
+    }
+
+    bi_terminate(bi_ctx);
+    free(rsa_ctx);
+}
+
+/**
+ * @brief Use PKCS1.5 for decryption/verification.
+ * @param ctx [in] The context
+ * @param in_data [in] The data to encrypt (must be < modulus size-11)
+ * @param out_data [out] The encrypted data.
+ * @param is_decryption [in] Decryption or verify operation.
+ * @return  The number of bytes that were originally encrypted. -1 on error.
+ * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
+                            uint8_t *out_data, int is_decryption)
+{
+    int byte_size = ctx->num_octets;
+    uint8_t *block;
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+
+    memset(out_data, 0, byte_size); /* initialise */
+
+    /* decrypt */
+    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    decrypted_bi = is_decryption ?  /* decrypt or verify? */
+            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+#else   /* always a decryption */
+    decrypted_bi = RSA_private(ctx, dat_bi);
+#endif
+
+    /* convert to a normal block */
+    block = (uint8_t *)malloc(byte_size);
+    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
+
+    i = 10; /* start at the first possible non-padded byte */
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
+    {
+        while (block[i++] == 0xff && i < byte_size);
+
+        if (block[i-2] != 0xff)
+            i = byte_size;     /*ensure size is 0 */   
+    }
+    else                    /* PKCS1.5 encryption padding is random */
+#endif
+    {
+        while (block[i++] && i < byte_size);
+    }
+    size = byte_size - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+        memcpy(out_data, &block[i], size);
+    
+    free(block);
+    return size ? size : -1;
+}
+
+/**
+ * Performs m = c^d mod n
+ */
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
+{
+#ifdef CONFIG_BIGINT_CRT
+    return bi_crt(c, bi_msg);
+#else
+    BI_CTX *ctx = c->bi_ctx;
+    ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(ctx, bi_msg, c->d);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ * This should really be in bigint.c (and was at one stage), but needs 
+ * access to the RSA_CTX context...
+ */
+static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
+{
+    BI_CTX *ctx = rsa->bi_ctx;
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, rsa->dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, rsa->qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
+}
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Used for diagnostics.
+ */
+void RSA_print(const RSA_CTX *rsa_ctx) 
+{
+    if (rsa_ctx == NULL)
+        return;
+
+    printf("-----------------   RSA DEBUG   ----------------\n");
+    printf("Size:\t%d\n", rsa_ctx->num_octets);
+    bi_print("Modulus", rsa_ctx->m);
+    bi_print("Public Key", rsa_ctx->e);
+    bi_print("Private Key", rsa_ctx->d);
+}
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Performs c = m^e mod n
+ */
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
+{
+    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
+}
+
+/**
+ * Use PKCS1.5 for encryption/signing.
+ * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing)
+{
+    int byte_size = ctx->num_octets;
+    int num_pads_needed = byte_size-in_len-3;
+    bigint *dat_bi, *encrypt_bi;
+
+    /* note: in_len+11 must be > byte_size */
+    out_data[0] = 0;     /* ensure encryption block is < modulus */
+
+    if (is_signing)
+    {
+        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
+        memset(&out_data[2], 0xff, num_pads_needed);
+    }
+    else /* randomize the encryption padding with non-zero bytes */   
+    {
+        out_data[1] = 2;
+        get_random_NZ(num_pads_needed, &out_data[2]);
+    }
+
+    out_data[2+num_pads_needed] = 0;
+    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
+
+    /* now encrypt it */
+    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
+    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
+        RSA_public(ctx, dat_bi);
+    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+    return byte_size;
+}
+
+/**
+ * Take a signature and decrypt it.
+ */
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    uint8_t *block;
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+
+    block = (uint8_t *)malloc(sig_len);
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+
+    free(block);
+    return bir;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/sha1.c b/ssl/sha1.c
new file mode 100644
index 0000000000..3feb6d54c3
--- /dev/null
+++ b/ssl/sha1.c
@@ -0,0 +1,236 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
+ * This code was originally taken from RFC3174
+ */
+
+#include <string.h>
+#include "crypto.h"
+
+/*
+ *  Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* ----- static functions ----- */
+static void SHA1PadMessage(SHA1_CTX *ctx);
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
+
+/**
+ * Initialize the SHA1 context 
+ */
+void SHA1Init(SHA1_CTX *ctx)
+{
+    ctx->Length_Low             = 0;
+    ctx->Length_High            = 0;
+    ctx->Message_Block_Index    = 0;
+    ctx->Intermediate_Hash[0]   = 0x67452301;
+    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
+    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
+    ctx->Intermediate_Hash[3]   = 0x10325476;
+    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+{
+    while (len--)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
+        ctx->Length_Low += 8;
+
+        if (ctx->Length_Low == 0)
+            ctx->Length_High++;
+
+        if (ctx->Message_Block_Index == 64)
+            SHA1ProcessMessageBlock(ctx);
+
+        msg++;
+    }
+}
+
+/**
+ * Return the 160-bit message digest into the user's array
+ */
+void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
+{
+    int i;
+
+    SHA1PadMessage(ctx);
+    memset(ctx->Message_Block, 0, 64);
+    ctx->Length_Low = 0;    /* and clear length */
+    ctx->Length_High = 0;
+
+    for  (i = 0; i < SHA1_SIZE; i++)
+    {
+        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
+    }
+}
+
+/**
+ * Process the next 512 bits of the message stored in the array.
+ */
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
+{
+    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
+                            0x5A827999,
+                            0x6ED9EBA1,
+                            0x8F1BBCDC,
+                            0xCA62C1D6
+                            };
+    int        t;                 /* Loop counter                */
+    uint32_t      temp;              /* Temporary word value        */
+    uint32_t      W[80];             /* Word sequence               */
+    uint32_t      A, B, C, D, E;     /* Word buffers                */
+
+    /*
+     *  Initialize the first 16 words in the array W
+     */
+    for  (t = 0; t < 16; t++)
+    {
+        W[t] = ctx->Message_Block[t * 4] << 24;
+        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
+        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
+        W[t] |= ctx->Message_Block[t * 4 + 3];
+    }
+
+    for (t = 16; t < 80; t++)
+    {
+       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->Intermediate_Hash[0];
+    B = ctx->Intermediate_Hash[1];
+    C = ctx->Intermediate_Hash[2];
+    D = ctx->Intermediate_Hash[3];
+    E = ctx->Intermediate_Hash[4];
+
+    for (t = 0; t < 20; t++)
+    {
+        temp =  SHA1CircularShift(5,A) +
+                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+
+        B = A;
+        A = temp;
+    }
+
+    for (t = 20; t < 40; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 40; t < 60; t++)
+    {
+        temp = SHA1CircularShift(5,A) +
+               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 60; t < 80; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    ctx->Intermediate_Hash[0] += A;
+    ctx->Intermediate_Hash[1] += B;
+    ctx->Intermediate_Hash[2] += C;
+    ctx->Intermediate_Hash[3] += D;
+    ctx->Intermediate_Hash[4] += E;
+    ctx->Message_Block_Index = 0;
+}
+
+/*
+ * According to the standard, the message must be padded to an even
+ * 512 bits.  The first padding bit must be a '1'.  The last 64
+ * bits represent the length of the original message.  All bits in
+ * between should be 0.  This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly.  It will also call the ProcessMessageBlock function
+ * provided appropriately.  When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * @param ctx [in, out] The SHA1 context
+ */
+static void SHA1PadMessage(SHA1_CTX *ctx)
+{
+    /*
+     *  Check to see if the current message block is too small to hold
+     *  the initial padding bits and length.  If so, we will pad the
+     *  block, process it, and then continue padding into a second
+     *  block.
+     */
+    if (ctx->Message_Block_Index > 55)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 64)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+
+        SHA1ProcessMessageBlock(ctx);
+
+        while (ctx->Message_Block_Index < 56)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+    else
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 56)
+        {
+
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+
+    /*
+     *  Store the message length as the last 8 octets
+     */
+    ctx->Message_Block[56] = ctx->Length_High >> 24;
+    ctx->Message_Block[57] = ctx->Length_High >> 16;
+    ctx->Message_Block[58] = ctx->Length_High >> 8;
+    ctx->Message_Block[59] = ctx->Length_High;
+    ctx->Message_Block[60] = ctx->Length_Low >> 24;
+    ctx->Message_Block[61] = ctx->Length_Low >> 16;
+    ctx->Message_Block[62] = ctx->Length_Low >> 8;
+    ctx->Message_Block[63] = ctx->Length_Low;
+    SHA1ProcessMessageBlock(ctx);
+}
diff --git a/ssl/ssl.h b/ssl/ssl.h
new file mode 100644
index 0000000000..7cdab2aa86
--- /dev/null
+++ b/ssl/ssl.h
@@ -0,0 +1,429 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @mainpage axTLS API
+ *
+ * @image html axolotl.jpg
+ *
+ * The axTLS library has features such as:
+ * - The TLSv1 SSL client/server protocol
+ * - No requirement to use any openssl libraries.
+ * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
+ * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
+ * - Certificate chaining and peer authentication.
+ * - Session resumption, session renegotiation.
+ * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
+ * - Highly configurable compile time options.
+ * - Portable across many platforms (written in ANSI C), and has language
+ * bindings in C, C#, VB.NET, Java and Perl.
+ * - Partial openssl API compatibility (via a wrapper).
+ * - A very small footprint for a HTTPS server (around 60-70kB in 'server-only'
+ * mode).
+ * - No dependencies on sockets - can use serial connections for example.
+ * - A very simple API - ~ 20 functions/methods.
+ *
+ * A list of these functions/methods are described below.
+ *
+ *  @ref c_api 
+ *
+ *  @ref bigint_api 
+ *
+ *  @ref csharp_api 
+ *
+ *  @ref java_api 
+ */
+#ifndef HEADER_SSL_H
+#define HEADER_SSL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <time.h>
+#include "crypto.h"
+
+/* need to predefine before ssl_lib.h gets to it */
+#define SSL_SESSION_ID_SIZE                     32
+
+#include "tls1.h"
+
+/* The optional parameters that can be given to the client/server SSL engine */
+#define SSL_CLIENT_AUTHENTICATION               0x00010000
+#define SSL_SERVER_VERIFY_LATER                 0x00020000
+#define SSL_NO_DEFAULT_KEY                      0x00040000
+#define SSL_DISPLAY_STATES                      0x00080000
+#define SSL_DISPLAY_BYTES                       0x00100000
+#define SSL_DISPLAY_CERTS                       0x00200000
+#define SSL_DISPLAY_RSA                         0x00400000
+
+/* errors that can be generated */
+#define SSL_OK                                  0
+#define SSL_NOT_OK                              -1
+#define SSL_ERROR_DEAD                          -2
+#define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
+#define SSL_ERROR_INVALID_HANDSHAKE             -260
+#define SSL_ERROR_INVALID_PROT_MSG              -261
+#define SSL_ERROR_INVALID_HMAC                  -262
+#define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_INVALID_SESSION               -265
+#define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_BAD_CERTIFICATE               -268
+#define SSL_ERROR_INVALID_KEY                   -269
+#define SSL_ERROR_FINISHED_INVALID              -271
+#define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NOT_SUPPORTED                 -274
+#define SSL_X509_OFFSET                         -512
+#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
+
+/* these are all the alerts that are recognized */
+#define SSL_ALERT_CLOSE_NOTIFY                  0
+#define SSL_ALERT_UNEXPECTED_MESSAGE            10
+#define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_HANDSHAKE_FAILURE             40
+#define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_DECODE_ERROR                  50
+#define SSL_ALERT_DECRYPT_ERROR                 51
+#define SSL_ALERT_INVALID_VERSION               70
+
+/* The ciphers that are supported */
+#define SSL_AES128_SHA                          0x2f
+#define SSL_AES256_SHA                          0x35
+#define SSL_RC4_128_SHA                         0x05
+#define SSL_RC4_128_MD5                         0x04
+
+/* build mode ids' */
+#define SSL_BUILD_SKELETON_MODE                 0x01
+#define SSL_BUILD_SERVER_ONLY                   0x02
+#define SSL_BUILD_ENABLE_VERIFICATION           0x03
+#define SSL_BUILD_ENABLE_CLIENT                 0x04
+#define SSL_BUILD_FULL_MODE                     0x05
+
+/* offsets to retrieve configuration information */
+#define SSL_BUILD_MODE                          0
+#define SSL_MAX_CERT_CFG_OFFSET                 1
+#define SSL_MAX_CA_CERT_CFG_OFFSET              2
+#define SSL_HAS_PEM                             3
+
+/* default session sizes */
+#define SSL_DEFAULT_SVR_SESS                    5
+#define SSL_DEFAULT_CLNT_SESS                   1
+
+/* X.509/X.520 distinguished name types */
+#define SSL_X509_CERT_COMMON_NAME               0
+#define SSL_X509_CERT_ORGANIZATION              1
+#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
+#define SSL_X509_CA_CERT_COMMON_NAME            3
+#define SSL_X509_CA_CERT_ORGANIZATION           4
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5
+
+/* SSL object loader types */
+#define SSL_OBJ_X509_CERT                       1
+#define SSL_OBJ_X509_CACERT                     2
+#define SSL_OBJ_RSA_KEY                         3
+#define SSL_OBJ_PKCS8                           4
+#define SSL_OBJ_PKCS12                          5
+
+/**
+ * @defgroup c_api Standard C API
+ * @brief The standard interface in C.
+ * @{
+ */
+
+/**
+ * @brief Establish a new client/server context.
+ *
+ * This function is called before any client/server SSL connections are made. 
+ *
+ * Each new connection will use the this context's private key and 
+ * certificate chain. If a different certificate chain is required, then a 
+ * different context needs to be be used.
+ *
+ * There are two threading models supported - a single thread with one
+ * SSL_CTX can support any number of SSL connections - and multiple threads can 
+ * support one SSL_CTX object each (the default). But if a single SSL_CTX 
+ * object uses many SSL objects in individual threads, then the 
+ * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
+ *
+ * @param options [in]  Any particular options. At present the options
+ * supported are:
+ * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
+ * authentication fails. The certificate can be authenticated later with a
+ * call to ssl_verify_cert().
+ * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+ * i.e. each handshake will include a "certificate request" message from the
+ * server. Only available if verification has been enabled.
+ * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user will
+ * load the key/certificate explicitly.
+ * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+ * during the handshake.
+ * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+ * during the handshake.
+ * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+ * are passed during a handshake.
+ * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
+ * are passed during a handshake.
+ *
+ * @param num_sessions [in] The number of sessions to be used for session
+ * caching. If this value is 0, then there is no session caching. This option
+ * is not used in skeleton mode.
+ * @return A client/server context.
+ */
+EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+
+/**
+ * @brief Remove a client/server context.
+ *
+ * Frees any used resources used by this context. Each connection will be 
+ * sent a "Close Notify" alert (if possible).
+ * @param ssl_ctx [in] The client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
+
+/**
+ * @brief (server only) Establish a new SSL connection to an SSL client.
+ *
+ * It is up to the application to establish the logical connection (whether it
+ * is  a socket, serial connection etc).
+ * @param ssl_ctx [in] The server context.
+ * @param client_fd [in] The client's file descriptor. 
+ * @return An SSL object reference.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief (client only) Establish a new SSL connection to an SSL server.
+ *
+ * It is up to the application to establish the initial logical connection 
+ * (whether it is  a socket, serial connection etc).
+ *
+ * This is a blocking call - it will finish when the handshake is complete (or
+ * has failed).
+ * @param ssl_ctx [in] The client context.
+ * @param client_fd [in] The client's file descriptor.
+ * @param session_id [in] A 32 byte session id for session resumption. This 
+ * can be null if no session resumption is being used or required. This option
+ * is not used in skeleton mode.
+ * @return An SSL object reference. Use ssl_handshake_status() to check 
+ * if a handshake succeeded.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
+
+/**
+ * @brief Free any used resources on this connection. 
+ 
+ * A "Close Notify" message is sent on this connection (if possible). It is up 
+ * to the application to close the socket or file descriptor.
+ * @param ssl [in] The ssl object reference.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl);
+
+/**
+ * @brief Read the SSL data stream.
+ * The socket must be in blocking mode.
+ * @param ssl [in] An SSL object reference.
+ * @param in_data [out] If the read was successful, a pointer to the read
+ * buffer will be here. Do NOT ever free this memory as this buffer is used in
+ * sucessive calls. If the call was unsuccessful, this value will be null.
+ * @return The number of decrypted bytes:
+ * - if > 0, then the handshaking is complete and we are returning the number 
+ *   of decrypted bytes. 
+ * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+ * - < 0 if an error.
+ * @see ssl.h for the error code list.
+ * @note Use in_data before doing any successive ssl calls.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
+
+/**
+ * @brief Write to the SSL data stream. 
+ * The socket must be in blocking mode.
+ * @param ssl [in] An SSL obect reference.
+ * @param out_data [in] The data to be written
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
+
+/**
+ * @brief Find an ssl object based on a file descriptor.
+ *
+ * Goes through the list of SSL objects maintained in a client/server context
+ * to look for a file descriptor match.
+ * @param ssl_ctx [in] The client/server context.
+ * @param client_fd [in]  The file descriptor.
+ * @return A reference to the SSL object. Returns null if the object could not 
+ * be found.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief Get the session id for a handshake. 
+ * 
+ * This will be a 32 byte sequence and is available after the first
+ * handshaking messages are sent.
+ * @param ssl [in] An SSL object reference.
+ * @return The session id as a 32 byte sequence.
+ * @note A SSLv23 handshake may have only 16 valid bytes.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
+
+/**
+ * @brief Return the cipher id (in the SSL form).
+ * @param ssl [in] An SSL object reference.
+ * @return The cipher id. This will be one of the following:
+ * - SSL_AES128_SHA (0x2f)
+ * - SSL_AES256_SHA (0x35)
+ * - SSL_RC4_128_SHA (0x05)
+ * - SSL_RC4_128_MD5 (0x04)
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
+
+/**
+ * @brief Return the status of the handshake.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the handshake is complete and ok. 
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
+
+/**
+ * @brief Retrieve various parameters about the axTLS engine.
+ * @param offset [in] The configuration offset. It will be one of the following:
+ * - SSL_BUILD_MODE The build mode. This will be one of the following:
+ *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
+ *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
+ *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
+ *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
+ *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
+ * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
+ * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
+ * - SSL_HAS_PEM                        1 if supported
+ * @return The value of the requested parameter.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset);
+
+/**
+ * @brief Display why the handshake failed.
+ *
+ * This call is only useful in a 'full mode' build. The output is to stdout.
+ * @param error_code [in] An error code.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code);
+
+/**
+ * @brief Authenticate a received certificate.
+ * 
+ * This call is usually made by a client after a handshake is complete and the
+ * context is in SSL_SERVER_VERIFY_LATER mode.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
+
+/**
+ * @brief Retrieve an X.509 distinguished name component.
+ * 
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * A full handshake needs to occur for this call to work properly.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param component [in] one of:
+ * - SSL_X509_CERT_COMMON_NAME
+ * - SSL_X509_CERT_ORGANIZATION
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_COMMON_NAME
+ * - SSL_X509_CA_CERT_ORGANIZATION
+ * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
+
+/**
+ * @brief Force the client to perform its handshake again.
+ *
+ * For a client this involves sending another "client hello" message.
+ * For the server is means sending a "hello request" message.
+ *
+ * This is a blocking call on the client (until the handshake completes).
+ *
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if renegotiation instantiation was ok
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
+
+/**
+ * @brief Process a file that is in binary DER or ASCII PEM format.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the file. Can be one of:
+ * - SSL_OBJ_X509_CERT (no password required)
+ * - SSL_OBJ_X509_CACERT (no password required)
+ * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+ * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
+ * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
+ *
+ * PEM files are automatically detected (if supported). The object type is
+ * also detected, and so is not relevant for these types of files.
+ * @param filename [in] The location of a file in DER/PEM format.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @note Not available in skeleton build mode.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+
+/**
+ * @brief Process binary data.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the memory data.
+ * @param data [in] The binary data to be loaded.
+ * @param len [in] The amount of data to be loaded.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @see ssl_obj_load for more details on obj_type.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+
+/**
+ * @brief Return the axTLS library version as a string.
+ * @note New API function for v1.1
+ */
+EXP_FUNC const char * STDCALL ssl_version(void);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
new file mode 100644
index 0000000000..43c9a6cef8
--- /dev/null
+++ b/ssl/test/Makefile
@@ -0,0 +1,65 @@
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+all:
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+ifdef CONFIG_PERFORMANCE_TESTING
+all: performance
+endif
+
+ifdef CONFIG_SSL_TEST
+all: ssltesting
+endif
+
+ifndef CONFIG_PLATFORM_WIN32
+performance: ../../$(STAGE)/perf_bigint
+ssltesting: ../../$(STAGE)/ssltest
+LIBS=../../$(STAGE)
+CFLAGS += -I../../ssl -I../../config
+
+../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
+	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
+
+../../$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
+	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
+else
+performance: ../../$(STAGE)/perf_bigint.exe
+ssltesting: ../../$(STAGE)/ssltest.exe
+CFLAGS += /I".." /I"../../config"
+
+%.obj : %.c
+	$(CC) $(CFLAGS) $< 
+
+OBJLIST=..\aes.obj ..\asn1.obj ..\bigint.obj ..\crypto_misc.obj ..\hmac.obj \
+        ..\md5.obj ..\loader.obj ..\p12.obj ..\os_port.obj ..\rc4.obj \
+        ..\rsa.obj ..\sha1.obj ..\tls1.obj ..\tls1_clnt.obj ..\tls1_svr.obj
+
+../../$(STAGE)/perf_bigint.exe: perf_bigint.obj $(OBJLIST)
+	$(LD) $(LDFLAGS) /out:$@ $^
+
+../../$(STAGE)/ssltest.exe: ssltest.obj $(OBJLIST)
+	$(LD) $(LDFLAGS) /out:$@ $^
+endif
+
+clean::
+	-@rm -f ../../$(STAGE)/perf_bigint* ../../$(STAGE)/ssltest*
+
+include ../../config/makefile.post
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
new file mode 100644
index 0000000000..7c8ac8af28
--- /dev/null
+++ b/ssl/test/axTLS.ca_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+AoGAd4Ia5SxYiBU9A0BYyT8yPUm8sYELIaAL4YYk+F6Xwhh/Whnb8MyzquzaGFP4
+Ee30jYYNHlvX5VheDDtvy8OTN5FgKNNdzvW15iA4Hxje04ZI7W87G7OIxm7aYRid
+sG4XqZBtsOdj33IRd9hgozywGJ2qRqS6nn2KxRv1w07RniECQQDZAlKxijdn+vQ7
+8/8mXzC+FwQtzeTUCuLrBJcos9I/591ABoxYkWcYLxpFqgCEVwb1qfPBJkL07JPt
+Fu6CTnBFAkEAxXmUBs47x5QM99qyBO5UwW0Ksrm/WD4guaaxzQShMt/HzgJl613z
+/x4FtxiQJHAr6r2K0t5xTJx89LVKuouYYwJAImue6DAvJ5wDfzrtXo28snn+HLHK
+uONdKL/apgcXszE4w74GJsoxWwGlniUf3d3b6b1iP2GtPyIDOJjpjduZLQJAE4jS
+VtYB3d1MZxxQLeKxqayyuTlcr0r+C79sqT5C//hZGIzuLhlOMLd0k0cvwxsBjSgQ
+2ok8pfp49fAVI1z5xwJAVmJgLc/mSti5A2q3c8HW8qvMJEDPWbpb7p8pg4ePtpa8
+EE3TO4O4J2H+k40C397km4yZXdkNQsiT1zVljJZpiw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
new file mode 100644
index 0000000000000000000000000000000000000000..9c9936b8e98d0b7475e522377e64ee5cb7d9858c
GIT binary patch
literal 483
zcmXqLV!UtA#OT4q$uKvs*kYO0(kKI7HcqWJkGAi;jEt<T3<f5KMg|6K%%Ln?!kUQ{
zAwIzh0Y&*)smUb@F8L|xl?u+OMJ1VOnaPPIsS1vzB^mienI)A5a^k!OW<Y3eXlP<$
zY!oHVYiw+2U}OyCl4)w=d}P-#vNA9?_A(eWb}}_KGAvKMX?F3OSo`5!6HMM-;O>mp
zDoN<N{Wdqm<T8IuUjcJd<(JlEvrNlF?P}j2zB;?Zdd(9D^PlZD62&?k59j5&TUeXF
z65aa5I-1Xu{V_w&Uu&cN`_tz8WL=G0S+Vx*w;$X1yXqAsj!$eU>&tJf@_eyO<6*KV
zyX-GFpR#RyrAh0Vm>C%uk(~z&JZ7M~WVst|nJiE@P*UHyEW+SG%xvc~wa?bgyU%&o
z__O9cjynut$9A5`TwES67IMd>m+OQ}^u4t{;lgJg9l!sr<hS6(t0&gyeEuXn;qTl+
zqd9e9cYNGWhP3y5*xUak&Q$K_U#W+44D(rL9oX`UJ$iZ2>3OSV*OvR3NHYY8-f#GI
I<)^zO0PSqO5dZ)H

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
new file mode 100644
index 0000000000..86f659710c
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
+3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
+flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
++UcZ
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.device_key b/ssl/test/axTLS.device_key
new file mode 100644
index 0000000000000000000000000000000000000000..4e981d143e1383828b8a76e18c57e0b0f59b202f
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdJGZ4h<43zjh$NmAe*gFd;CkIEWYaUz#Bpms2~d;TZ=+
zk`Pe_4BeOCv@NwmC65?N)gXrn?#|TyB9lU`OINiLyb68LKj!YuC$?l`)u2L1ZuNgc
z=Sux+ln*4$Nfhl{gttWP`YNkiPpo0p0h3)_$nwg2s|lRS$t9_kyc+@o0RRC4fq?*^
zL=H=j!{3Frp6Ni0WB0Agp#h-CLCM~qOnu)|K)UjF%r<fVRLj|liDwP<SptGae;VJ_
zMhe!}k{!Dh@96KmOI`q<?WRqvvfO61H={0;KF%Ej{gR}3kHpi(rVmH`Y?3%o`Hd9A
zgG6g{q(Yvh0YNF%rC0uB-yx7-xur1zK>+-Ic-(fn!L=2LAE_OnV2@ezYPqfv?7EVw
ztnGa>p_(hpRr+n(N$Ooc;-Ug;rmFgzfA1^_2-*k;^0%11vl#+G0M`^95MJ-`(OR-i
zBA|9yFh78sA*+l|0wMujX*I%@o4%O>ok-BGDtQP3_l0oh2@5c16ixpA!QhEf#zLZF
zQvyK%tS>_pbrT+q^2G&mI(6scS|AxC&V>TLsLms2K>j$f{xgTlW2bz`iWbV^SZp~M
zSQa|OOK(li0kpVqV}#k^0zZ3z5inI#a)-o>oxVh6us#Gh)Z2ij5G5&LpFzr;@!ous
zU+nPW;~#)v8B_>M%wA;<W+FnTDWWP&usbLS7Xm>5u?2*padHnE!MbMQTY+(0Wgg|0
v3cKQF;e2bA5N6M*E~R!7Tl|5&J97n<934}R7|5Rx8jwm@UwAr_9k^bwbVnG3

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.device_key.pem b/ssl/test/axTLS.device_key.pem
new file mode 100644
index 0000000000..2bcf5e37b3
--- /dev/null
+++ b/ssl/test/axTLS.device_key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDUIg4NEiu/diDAlbsWbTAhMKw4iBf2X5ohGJdTO6vhGQdEkhBR
+Bgzdl9+0LbVDJY8YStUghwnuztT+IpNCrUtXtRK8Cn3QP+buzSe2ZGPVoEJIbvV/
+QudK/WuUDyTNSRTtW4S3RO36KqtbT6xh1QGTXV3I8sp7qwmcysklqZW8GwIDAQAB
+AoGBAKBEDkuPw9+Ftp7pQIxj963LoQGgyEHJ3p9Mfd9TQLrydsw2cf9Uy9mKiWcN
+9VkCgkZ/Gt/VRgrW1pIduxXv6O+8S14An+2mTayy3Ga1N6MulD7OHQP9kqR4j8TT
+xaYPR/1skjhQ+Y0Uw4NEa3OkQp6lAUEp1aVX/mTfIZBguaUxAkEA/H543Ha6wbUV
+iB+pHaBgj1nzarmuEey6kqqs7X0zoZory1X6bdpJ6l0/4qICa6aq+pt/7ywJCNoI
+CPK3mL2zGQJBANcUHRBe7/HRWrJNIqB2WDA/gJshq4xOAiIBXWk1wpabvpkCnUjQ
+rip5CAL3hXDnCQswZxRN/v7B4IlSxkKiY1MCQQCsL0MUdRMejfLFBXI6defjWiAZ
+I86FAr6oziNnQP44sf4zh8pjp3zIihbK4lhsORhYFjrES29NzgG0uHBjhNnhAj97
+gBEwVVNyh8SMnb5EZbA+BDjU24CmECUpYZ9Bypzx3nyTX+zw4uMfgGAZVAhLzF5l
+DmYiQqcpoipMsDsoCBcCQQCxBYSicXIPG8G6ZuFbgXFcZR7llgq74mbhfGuVEGbP
+qS6ldhJb/IG9O3MFlRwdU44YyJ8QGpBKWF94OpIduF6w
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..8b0a7eb4117de421cfb917de7f03055fdfe2c28f
GIT binary patch
literal 385
zcmV-{0e=24f&qOn90m$1hDe6@4FL=R0Wb~(2zv&jLbrq;i2?!$00e>oTecB0S5Ch{
zHl7H=qA4HIOB;)ah$8h!;8it(u3j>D`liQs0*+k*%XW@PAMoO|ZVtaORrZR~IdUoh
zNf*1NZ0jCJOsIuor2Ouh<c)ot>Y5SBS)gmT$Plt&Ub|ujkSvY}HF3T6ZV$+;=Cj1_
zqiV0Xy#~l}wq>xTcs~vcY@+sZ^yo(jDeDIm8}2%S8s3H&bnWkZz@9kPK8*&28D$i9
z3|2M?_7i99)`(fX3rvXr@m91pnk>4N^QQR5XPP=(qj)V!5qKV+KU4NR01UFqcL=0O
z<WqeKmP8KC*)QM=McME}H<QCTa_BX@namc)CF_|xU$3*#>)<VdUvKAmO0=-igR~fl
z-mO`%dym`o6F9p4n$=wvn!II#&PnKR3lXVbV;jds=xH2us6!2fitgX)P5>N0{uLA$
f>0oNt1g(0Zzb?&!uhc`Lu&kDME*dK^i&ZfFoN%%v

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
new file mode 100644
index 0000000000..19ca3c5eae
--- /dev/null
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBfTAcBgoqhkiG9w0BDAEBMA4ECN+YmhCv0ILdAgIIAASCAVu0QEfMkp0xUsNq
+0Ek4Nsa/uxcs8N/2P7Ae7qCakkvsdRvvPPH0y+wuj5NgrG6WpPeeEx9fI2oNNTfC
+pwncH0Xm99ofVrgMX6XC45LDZtzXNSZd4TdBP6xvlYXbuGegp5GPJ8emzscHCFhC
+JfPHemRAcB7DhiWukPosuSUr5R8OluEMJrQLHuQtlDAvMjLEI98lSchPxF8LKCk3
+SS2uCcmc+4WiR0nHG9BOaGi38+PytHAnbfo1mfVSQzLfgLicMAVGysfQ9QOgpQOO
+ygYfM/s7Duwbl0rshyXVJP+7BpYJnPtHvO4BTiizU7ZEr4WBiEnnANDrupSdsxeH
++cxZo70YJVdoPdgMd2ke6EIkUhp7HughFg+okldlEtJA4muKeEzwAxZu0TqxOtZ8
+UYRS4Ygk+rN7Y0qTKSYwSkrFBwUDkpctYjRUOeAZ/mYMKWmMn1ejAb5Is7bjEIxl
+tw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
new file mode 100644
index 0000000000000000000000000000000000000000..5b6ba1d037b002b0d62c9903a3582daac05f77e2
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdJUxzZKr<ujtkN3#h2G*G65ZCTt9~*}TU1z<AL1R%Q4p
zNDg}orX_ypdwFj-<+Zo;;GB_Q^ak@l9{G_OsV_%EwVNK?_Np97c_Apvs!4O%2?b07
z@=Q%^9Dt`3kwp9wv*G9CPei(m!*n_5OwiO!Bw@5bm5jg&w*omag_8mU0RRC4fq?*&
z2Xf`Ut$925Gc1k;_!?`_=#ljn2ibyLT-73>o<ahDi_O0Dg;Mq`)d|up^epxVg@F0o
z(9Ay~F%|Pk^0ne=nFIt$A={s!R9gDv+4%<r|C(i_>+(m=R>yKlNL=U?*N-L4Nht<u
zRC^cPp43zD^`3<#q3b>AFS(rd;edexK>+Roc*l5!1eeS<z19)p$2r+FQF3pJ56y@&
zGn>b!19#biHMZR!!od?jgH`Kb>w%687GkutJnIO6oO#nY%JBk00O>_vE*8v_P(ZeM
zyg1-iXi(EHbBv5C4uMLFyUg%pG)A8XeImB`MyyvOj2`RL1x=`fYG?MQv8#^3@9%x^
z!va7r##ufX=mK*A@81nDOXwG=jKS!Mks0{(q_+)5_cTxgUJ9@&6s`anfHIu5fuH0;
zf)t=Vi;POuOB0>6lS<J7KxB-AcVSv{5kI4-8;ZoBT0EqiDvD){XHGG!RY3$vodW0I
znSatS=GM4`*$gKLft$3<Se#LW4##aYiBQQ8a{@sC+TLCotQ{TKxn(8*_0;4jgoZBw
voIwCm;YX3cQUy*AFAd6@J&8fT?w_INouunUf8)!fYYO6iu!megu~88nIFuu9

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
new file mode 100644
index 0000000000..4f5ad4ece6
--- /dev/null
+++ b/ssl/test/axTLS.key_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDY4L8V3uqv6NX9C6ios9dGXacmbAy12bzG+MB40PZWZfgpSA57
+C6Ylfuh7eW845bW39OCckWD0BvNAHvmRGakvR0O1mx7c9qocSXkhKMuqSXPZCQVM
+AvJMTWwcgKcUkUT8ErPh5+NPRLqMw3Q56EzQ1EwkYbRAlYzACrcCOTGFkwIDAQAB
+AoGBAJQHcuW+rXk79zMsjgX4GmvQ6JH1FgfZglxc1SKhnkICf4vNvvSFUvYs1QnS
+LPQs9geFgPnc0Mw/IjEV80nyteJpmQQESSHbn6FUWvrk2fkHBf+aZaTr8kfOVsdy
+SUhc6BTXjyXMSSkGalR7F9ye1FPw9Z6FJaHrPekvuZz24YCBAkEA7gJ4x3iFBJfM
+Nr3WEeLHOdk0UXJvig/NiDIzm8enA3fZgjW23R/CwRNAg1XrYOuBjgwWYrS0POsI
+gJx50zjK8QJBAOlFXy4WzJNQQLZ5vDjgVmhQ0y9zjIwqDoFKirvM8GQ0Rp8HfSK2
++UasVyOMHuvTBU2og2pn9qaxq47B7+998MMCQC/GWT4Y6AJzAe/fDTBL6BepjMHo
+iZEZ+PSktw1G9zRQA14KsCkUrgAZgDKctYGf5EKCFKA9i4xK1UsTnbSTStECQGSM
+g3dhWnMRP6OoG4rEoFo8pJsqimWMZ04xrFVBBEmdAuffmX/SMObWuITZDCcIgZu0
+zFicUYQOx200iVDJD3MCQQDa3l4arB0d17llJgD11OQohIYvAJxBAFLhR5HAUgVO
+Dy8Nyps9iUG/7p+h5p2k60V/48ukawrifrCHXECxUREd
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
new file mode 100644
index 0000000000000000000000000000000000000000..0af642de231ac7143db034bbf595842a2c7c9f85
GIT binary patch
literal 1191
zcmV;Y1X%kpf&`-i0RRGm0RaHQpugMt&u|7rv!C9LJ=rhBH$C@fYh{Ath`JqsrwVq?
zA;rGwdz;vW#=#sA1YEwE5j|QuiSkR15=5=(@4UbWOLeF_S#o-F8XALLbhnX29W0$0
z`^6U}4UEEJE#HKhq!Uh&FZ9AsCOsK;yP?!b@<$f99GRjI+k0MRvI+F2GfIq-0(2*<
zI@+{M1%IXd(F9**b0+8=WCc3!R90Z=+`AS3+BF!K@+u=)cS!#laK$+W*UPbkBh$%E
z9O&R=BhkV~W3pb9<VuK(GMUN@H5A*RR6xg^y^H~c@T)cVq-y`~U}DSScugVtmfbA2
z%+ls>0gAIAV!eeFdnK&`0|5X50)hbn0KrYIAk0gtB;cu1_*7~DLp$s41j1L{dy$8u
z>Q{6SrHuFJ5=4!AZ6f&-rB0VNk}EF%GnIau0>!zBGX8BCm(}Gomw{5otF4q+j_!<A
zA=h{AZk~4g`j6L?T^{Yz**r_c%{<Uom4VGA)ElHC2iWJK351mkRrSyH2>p^p<y5Eb
zOBjO$UMpQTviHZfS$yQJ6M%Cfuhel4SaiLNcOaOyoHLWio(XzMG7twCcX0Y8M|39W
z+&6JA+(WFM&PHD|dMS(Io@O6sR>1sm3^l)5OV-`8fG^47KzM3=dOYqWQN}Mx08R?P
zYG(QI^V0Ya2D(mOH<Fm=JM%WORRV#50QFY9`olPt_GFIfpq;w+5p8)jmLY&XujUa(
zNK6FB1Jl9zg3g{m#gz9CDvkuEY}qmL$s~q<;8&D)3AI>Z6n3J@*&>6Q$zUudW;ASZ
zQzH5(Vi)P&Q`Izs^HP*fY*{R7YiqEtv!@<vIoO~!5U81Q>=|O8tlwC^M*Cwj0|J48
z0LvBOMMw2v^dO~mza7xFv4n50Qe?_on9muo``SJVw9twDxz;$tm3C(+A5JQ?3KbZA
zjJgHmx*IBX4Ilw`JwQ-@w86>Eta4z4TXD9^xK10mFm*b9*FGd6pGoDEYM0?EA=1$?
zAh{7-VIk);QUektIB7B1=h0D7V+h(3j{<>!Ay@B-IXxJRi!d!JY9)Q_y>BYaL$g&;
zytn>PR~(ZYzYOl@OGA*<38Cgn$53>6_^#wDST1{Xw-R%AJ5f%kWK&JFV-I!P2AUax
z?0^i4+Xou6@<J21TN1ArL(%FosgLr?w6Q0^2j_=UV^ON-YO<(4)L3Q_Ev>fpn6>Md
z0)c=X@A}4A#y*Q%XsE;Fq)6I8SgLZZ^7^m458-?+{^(mFM#e>F<Mc@jEJw)Qpabk&
zk-(@&AL%0<FcdiX7v4DpOBt9>-0j)c{*7c|js3Dusa$NJOJF%*s<_@CX`P5&9Zxl{
zJ26krm{pSK35pUk>#y4J{_H2XK9P;o*ErV#fq*qDV<*E0RC9D5w-*D^YaVVcH?W@L
z7s;4%??z;ZXmnf~khf-nE#R3RkTMy<Ys(iy6@Wfd0%%ES+FRK!(pr8S74;YA5qiqe
z9XPww4_waym1wD)8+izPSjO)UCz32VC$bSAw6U1h<^ul<(2Tl{`W7ruei79MT3KX_
FDTxquHyr=~

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
new file mode 100644
index 0000000000..beddb721bf
--- /dev/null
+++ b/ssl/test/axTLS.key_2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwqC/2/rPcAZEs5/ejT3ZL8Q3Pfdna2WC44i6HYCnCnbOIcW+
+6Xub2IXGwRwQBFy+mRE9WjqJ8kuOEkSt6e+8wAhLdag7WXJ6cxoag110t5FEHSyd
+GfvFFyUNjMJhLd+EmaQTTpEv9MJPJj0Zdruh1EjyRxa4HJmiD9t7XmWyCfSmM0qM
+kgJ0J6s62rRMBX+l/NEEX2VzJugdZAU671RWYOncuxX/2jUYlvIqI1l3SP8acMU5
+BtfLsYMj08lNHOjgZCPRwkdjsl6U5EqIizKZygw1FNugVEDHnL2MAYXwqzX3pGr/
+72Biy+J4TSH6lt0stszS5m8BirMgYr2FFHslrQIDAQABAoIBAQDBTa0gzEupJOCp
+UvhUagBDO+vuBMJX3XuRh6PqV3QQpYz36BJEjXttIvkTpU6XNpIrLv8zlX6bAsW5
+iTL+bRiX1eU0l4FSxqutlFiO7oxVIdd37m6edvv6j9eUXR7t09k8S8TNPNBXlYHN
+JdQbpCIH2OehCYSVC1X1z/UI/ZJF5VSn7UsYgwReK102svfHtll85K0TgHMir9Rx
+Dlh0vYx3IJi2nDOTyJ4JekkyEAcYd3D6JUd0JujcN3Ev3EOsns5GXzN6KYvinmYf
+Z1bA/HEMNb9ZS9bdsoAvyeJAeGp8ejzuJVHGL0kATgrAamb58fPS+A8Guk5eN5KY
+5zvzNrJVAoGBAPVWvPrDOJX2ZI7poJ269xFteTWWIYA+r+YRRkhMBMcD08H5gs6e
+QMWU9w8qjgSmbNkx8skkhn/gV5R3CbVYYRR2osrZIoOayWAsJmY0bHFTIvooYhfp
+3lPVNIPzUpRObFksamtrsK+zpx5qOdigNhComXLsGWKfrN9Yvkb7YzIDAoGBAMsV
+4UVH9WH0IKV1vx3QtrGEb69SZMpbmM8ZsPvaPgq00In9udY4w5V2ZygfTiq0ChUY
+fYy6BeO6Gyp2DSABdz1AUH+0wcnNrHJghFtxtsq4Thu4MHU6ftc+JCGfSeWUapfh
+KiHS0TEguRFcYSHnM1IDEiU4aTHY59FRUWMI2hKPAoGAIVfviTk9GIyLMC0qaiV9
+7L1vKsxDs1VRvLf+UFcckxu/DO7nS0OQ1Amh5krHUHR5+K7kK1gue3S3EnN3O1FO
+qGRTTbRjD3XbBpoZgeyADIrbBxqz8kITuFsSrxhD0eoyqY/yyrSxJ8AH54dSY1Gq
+52qyqD7UWGYRLa229pi165cCgYAd7/rGWMY+i1toqMPkpEjaQFiqcq3y+q+7D+F8
+Lv7oWyFGxkVn4/RJCyxHyN2gA+xckcCoRx/pIx0wFDj5F945BEsZmE7c7dnW/o1k
+YY39sk+pXGygS2A5YKq43h9pnYhdHU81rzsxT86YVZLoCYoSM+uv2vH+7Ce4PpGN
+1Nc41wKBgDUrYyfDB1RzdB63FwPRax5uLjewnuMXyZhy70ZkiGh0XBuQt2aCLeCZ
+HpAyGcJryxdDFYA+UwJoSWjaW9ku0lp+GxX1F+cResrRHTi70w9czwGVaKmcG3kI
+fFjG7w8nkiw5J7IRH7SxmNbmAv8L0Iy6jvoWLFB+EdUGWllkjCmJ
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
new file mode 100644
index 0000000000000000000000000000000000000000..c205382ab7aff86732f3dfe2ed465797770e4de7
GIT binary patch
literal 2349
zcmV+|3DWj3f(a=C0RRGm0s#R0C$yPeD$39>4Ep0;5M@#wpmeJ?wh-{#-F%}3)vYB3
ztJJUoqYbWSsq{2`FhC1&(<a<tgeSWWIw25pr1RUCV&A2S4ez6)T=|?mmuADrvY&pF
zomJ1}w+D;tT#z8mUzcUMuk^h+_r*lQN?s#%9QEsbW)ZIp`UhtqP#aQ!kEnM5rgiw+
zVXhXV##-lf26+ze(d0CgK;T>maox?BB8At*_qHegN_Cm(UerlhGFqSp+Cz&}#6X`{
z2H3(|N2wGExlD97fXsOeCn^W`4Pn++s+M#D>;O(~wfl~y;qgj?b^u`WqW``cC|ig?
z96y!M7XS2>*B=ru_+Qy_9la*KLK^5a-5uR~wh=@#U7Tn=6AH}gihl`NTe>q(s6__@
z%!kaMhJ)^ct&_f>W0CD_-U+Y4I0SM3pkv<ZUM50cmf`*AW}TkzA-Px;K=#PVY$>J2
zC5#@2b&4ibCx^XoK}a?;7P^WLB95^r%-L{Z^TI${%`T)LB<vl>-5txgX;UR9*9tfG
zp0JoMr}gZ3&ElIoiQP({zW|?|<qCYxgEPW+m{-!lKyNF{i?GZ&5?H4HS_o_rv^_g}
z1|s4$-6>Q29=N}D%WseeY63jXE#yASA&jVGam|+W!jT0{up!{AH7z;XMwF|1&oLlT
zI<O0vxi@-$!>f-10|5X50)heo0Ic&e?J7A6sOJ1oEf|dfVdPFl7nV#Utbk!IcE+x|
zwzL2mzN#?8R)=NF$soY8eCHCB3H|LyF9zTm1EmhU@HP^xA!jo7)<0XT9bP4MXZ}Tg
z9vpLn130B*c(tPYd~`tvpU+SK#<q6ah=JDbVAYrknEh8M^Y1I8UO9}IVCyR#x|!&b
z>>$+(${mFip2Fs^tL+p5xrw4e0R9cryNig*Qm99AT2>K`J_ZtV`sYF+WVfz|JC5a<
z32|_d#wA0pmA>Jqt>Mq+?{md{55I*UK^tnI4QyYb3M%J`W?RySWV>v6a0W~ptFc#8
z2+k-`_?PuZljI(Z0ycu)f%7=#+3so6_4~q}&izudsVk7dFnzrcH(x^A=H{OU7it9{
zgYY)1WTAuDc>i}P!P>*jVZ-o?Z5mw5N5SWmc^m+(>O|VI_8zn(F&6&QuB}9w1$fl;
zoTz0hq;ReN$w<NtWWC!14hB^a8Xi9!BaVwUp?j%epJ~(jIRU<1{B!Qc1f+CVAfm8X
zzW7_DFc$Jt_)RoWa%U5x(ZBv-RtVCp4Ca9IE)qxU-_?f`G1C=o_xTPu?ec}uqbMeG
zwDwt>nV{J0^Im88if^GkC^Y=)-Cng#lZ*eux-L-x(rbUK01LbXkwx0H)&siZdBsGY
zPMq(uI&?)?UC^J;$pV4_0RaDqB(do1D>>Gq+(e`t>wW2jmbau)pXl!~H>zdxJy}70
zFQJ@~IHF5WD^efq<~`Y<fk&Y1BxqN_N@I^$i0n?-tb7Fb-?WQT_bb5M?{l@sb3v~5
zor|n7Y%h;Yg;T)WVfpdNj5+jQ^`+Cw6yG;WJ`5xSo8oXW1pP*do9sLY98Q=2*WS%6
z(eO|=Wc@Y6wKCe59xhIQ(j+u4zQBSk60*m!T{n|YMBStyr50qjdmS6L5*HGb1n_@^
z)IFU0YSN9^Q1r6#E2Q&)vXf7?b7S2Y9=dUrsV%6B_3nD>-ZapdE=Lvf^%`bxIV>8_
zpi17`dW!e<P0=9v--`l*0RaH~o%(S5)|8yA%@ZSn+}<+{P^X!XdlTllVU|Uu0T@tN
z@fKl-Ilj&F4kT$Ch4S8iUd!V;PV7GYdR!%(VXU?VI;vW)70*A4ocnPvw>m{S$qPsQ
zzinB>N&dd23n`lgx*LKC_VcD7mz0m(-cw6)yAq_15GEpUr!x{xm4s%+;_{m6IW3%P
zUSyYXejLf2KjE=<FLDIt@%w%ER$XQ@Tig%q&MX$6w1}w3x)8O19*~1WDbY1eQr#I5
z=|wC;T?1)bZJu%-6IZ$uv0M3f0VJOG*wd#j@&zmbI*~?~v<4w3$y7mKk16}fU|5fm
z!y0(4l>QU6-!scDoFt6`f&l<M92oL<Dyz4=P8q69xgpd|*+`ZMbpX;E3E?ju42rs9
zzy^61(O?4T5xL=g0}+_-2gHLF$OCxvt7hKfbRgoYgoM*?_`8M}-?4tgGtvwZ2kzHl
zc~<%bCm5kq8ql-T=3`3x_~20|(H|8SPB^KZHe(u6E{?<-VvV=xdzMdYm*Dj#!l$Hv
z+TA83c<SuuL$iFs>+0&(85wU;4{*%q6qPV8GmC(8`8*ZrUuiq8z;<uqrK>aBT#Uur
zDKGrMBOFWEVn`AV4MGdUv>t%IN_x}+7WbM=`KGAls{0t4O86`nN}ZmdaAZh%0M=q=
z(+Zh=EN$fYA?`prE2p~xf&l<!N?Pv@tG%xb!nN1gQvz*i`&$@+rIHszVbjH3A`wHj
zMg;j<i~Q@$cXBog=`6PPPiAFUE$JX&w!K&XT2jn0P?DMj_A<eNtn5uV8oBJGW0ZJn
zP-J3A2zzp=?#<!w>+H9=lOdxG5_)MY;GlVN!q)iERlQWT;`HHkO%rFj6$8Eo2%|Sb
z{rF3nAU+<!M5+{I6($_L6>bOCGW7&gx08o=COjKnG9OXBv*(*XA_7DIoHpF9f_YHl
z6Rf__Wk*KocnrQNJq$tmKXqr5#tV-L-)jzV4sP&t6|KgmadNx7o=1RY_L`XR=my%F
zxJ*{_68OcU5|vB!271W?f&l>lq7j)r+-H%^f<*}JSZVtPV&|7V_uzNj4B0wPZU%(I
z!-#xJMnItAM}A*#OO?#rh~@QE<UVabM)xiI?Ll>Q+PsjlRKVqeTyM#dxk0l02_r9_
zBsL~(g-PWYbR%PVYD*$Dua&VxhCu}x`T7lBNtJ2|fQF1p@+xlc!^9lFEq)(oD{-AG
zM<Ua4@j|awSC=6fyN?oZ>v3>^$8)&&Cqm9W>bB2ITLy^6lMzc_-U;tIQITU0U)4vV
zu^PNP`(&Igf`#YYx+c>R;XC3`YZg5g(tGs#J^3oGTnXfccDQZ1E2^{1-{SxQU()Tj
Tbx&XXcZMQG44N=;lHrQ{Y;S%h

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
new file mode 100644
index 0000000000..9929467f45
--- /dev/null
+++ b/ssl/test/axTLS.key_4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA/Ce0mV0qytAwDPrjXRBlUh2gdKs2thDw3N18owXVrSUFq9Sw
+AaMNrmep9DR9MEALcdMm3GCEJ7sOOiEQcqTz25di36WJDe+jo1z5nD2XZsPIsp9+
+k51Vz+W3B4vsXJAgzV+XZbmv9L0598VEwkpeI3Uc9et8ZhGvDPoHZyBQG1KAj6h3
+AKZ1+NthrhajxlrndQZ5Du/R5DSUQOBcCHHdzZgihdfF97Yn/kp1mele1ElZMlqg
+BtpDi1TEQJ9XBtjCW0epFAm5THQ3gMx5DCcqB/cNYdZWqpZ0AuwATm61+46m4fFK
+g3YAYPOi/74aKFuIQBw/lc8W//SV1x8SL/hf2XIdvSa9QhroNN0d3Xu2EUQzXZxo
+PRMKzOqKfwlZW7ozT6hFBwPMh8yfhoPugq2TvqBjke1s3gmvwTgEcf+gY97qXiZC
+X5bh/ehmnZ7vIblYFUD2yMlsKaXGJYweh3WKJlQnh71wQUg2Mxa6ig8ijrEozNlw
+YfPCQFrNLqQfJOwdx90dy7hpUyUn1wo39p6wmC6n9ex4zeKbO4ndSp+/AJ+d5Qp8
+zoMzwneYV9LBQG8ry4uwzDkSWKb/WghsEbQ9O3sGIuI13SlT/B64v3bLb5AHagI8
+zS3kPsshjKhkcc2W9MKRBU2wIeCsNS052kaUq3rPMSBROrALmLk3en/Dq48CAwEA
+AQKCAgEArPMy7So5Cqjm/FAtGI0BYeRORReWTCSsgGEudsauu7a0ABq+qjDDVodl
+y8kgwLJ85xKUCf3tRy8G4BoDpQ688DYSrCFnMvbWP1urHV4ldWf+RX4eHHODAzil
+ZHi1ovt8dEEHn89P/8a2dtqIgdbuYNWYCpj9Vyjz7yujXjmMmGDrKx26meiS7CDV
+C8odhRSewuawq+0UArmJokIA/g3Tu4uIylKoR3JaVhGOPgYSc/rnQiFkt66HO47l
+mQlxcJHGJUOulb7hqK3hz+bvc8V9D7+FH0EbaqANbF+hCirniWZb0odku2x5cAZM
+G6uxV1MIzihR+Jf1R5PkHowCNoLegfM45tnuadP1+8Kezv1SsqkrkMEwfb0QN19C
+2+bmnwYXagUgg/A2q2Shg9h4/3cpwdrDzGHD8IttGlzLR8HnlHkcAK3qRNqy9h60
+JDEW/tOurUSZBXjU9ZyoZSukcK3+yUjCDWS92wMOBlUQGh4/HCOOizahe6lhn2nT
++jkBvl38c+7GBKR0VyCisFi++FukMBbyU/hNNFByZxOj0b/+YVYI0qwM5oDzLhJH
+69/VhxMx0xVt9/kOOO3yhdGjKCZztPZZm5mg2OzzXmf4im+hPSg0/OrdXrVNk4v/
+w7ouUQHSa3+rAAu8BJFF2rTWA7rjecVEnk6c77I6dEVYXdCfz8kCggEBAP+IJLHo
+7Cs51qPcRKQc633phJa3pFGf6O8xN6pl8z1ZQX0voZyROKJLTytSH+zmPdmggUeg
+7CRoV8BKY49YiOxO2Kx8BPfftItS9yvA3O9ztcdzQa72nYusMWwvj0yFU8DbYfnx
+yYw59F/1pdPKFN83Sj4MJAOb4nAxBP1GiZvsPAgcTpf/197NLNHwUDdk/TXDtTLa
+lx4uTn/SJDQuvsCCLBKyx7FdN5NPRN2kIKUWZLd7HRu2EhcSlATwf4TUPZz7atKN
+2FD0svErpPOAspNPtnNj3RgeunGVqS2oi/XueuveNNCYLkcV8/UaZm85LBrPoEre
+23qK9/ZN0SD534sCggEBAPyd+nD71pScrM0TI4Lc3jMNUKeZj3sT5rlhlkWlARhQ
+WPEWYYg5vs3zDiRpG4Xy3n9ey+M6Tuw+/XpcJZxhrLYFOqparxXPP4qc+3EvtzpF
+OskLR/2/bVnESf6+pQspmwW6G4IJ9vOmIJeUj9zeU0txuxKkjhAmInCnMxJOlYRm
+xeLymuo5LZxrXmSXcX4cyZ0/4bF2L3IE5vH7ffdWXWYzW9wP7M4sFp+0iKjHuhC1
+gB6Qg0Mp0TVNUt0ZEelFLEJdA2lbbZ5yHhNXuhOxW/l3ASSe9tjTpy7yBSwBOpFG
+l7QGISfJVEFfjyn7yWBYj5LDGnitlP4TtN8zyy6cJI0CggEAPRwY8ncqq7e8Thmq
+TLkh1E3ZSJYIdQDSGwnhLx4MirpiwAZ5FtFgAugRueF9AxGY7wfEgxXIA3j0q2be
+4nQg4qqEhNNv+LuGGN+xfsQz0gwRB+7XYXlW+gUnGKFTGtCz0+ZjSvv44FEn0R8V
+Fk44qZ02YxpSLo7EG2KNt+h7lk9rl+D1JsKnpH/a3SYkeOrs50OzfMLr6urWGRlv
+UQ9wzOcUlTAuM4uAc/k8FelfaTuuwHZv4qWrM9tcjMXbKS/8wCMcS9hiSBINDUIL
+w7QegL5KetQCFveaTPmmqOWq+xiaSvgsF0qdnqBwZEh5ANZiZtMKmX0sbeT4Ie5A
+OiunuwKCAQBlSlrvDqu9rwzCtdfZUwJtaftbGIGlkhdDYdPFXSIRQ7ZGBPlai/zr
+y3dyNgrpLLb2T2ZlWC3pIGC2vVf/WlLMMVCSmgX2MsGBrOxNOBq57KRjlHhrUGRi
+SAh7cqnuzeHw6+y3uZMhow0Semks4KB5ccLW+NBVvVS14vThdE0TZ7oVA74GCKM3
+Qv34S5kgPh7BRKoUZBUmHL0VbgfWMvUEU7eTh3cmPBteMh9RvbPnmz8iAkP/nDbc
+roJ5UOITrL7QZUdG6XgMvik9DEH6P3Vnk8YLjwnfaw5wDm7wdBWtxqZxcru8nkeA
+ZvaamPDoBtqauExW8xL4xaISlUv1BnrJAoIBAQCiEZk93GeRzYJFCO1YafsGYueX
+Pffgd9wM2TpObgaEw8OIfEpGQKDiR35fb0uVzNyI5fVU5D5tP0b3LfvtQXV12ryQ
+sVTA5YJcb8mRuUGy/AkjL54kNiZthUnlGHQjY3lqSyI1r5WxRIZBBRn5+g1eSZVq
+CYCGjEryKm7vw8Qcvy1+H2crcZ0rRyLTcfFCr1ZXlyEZu48ScOtxcIDHc7j4J0LO
+Peq2z0tbBojGkxFLX94J7zpRkWMPX9VHorEavDv7ZJwtgoXn3Lom0xHhO+JQaxY9
+FtJ79Ps9+SquXAnkhna4bbkrqrPM3+MAAV/S7bd1T1/8d4YiRQyaMHGS4Yr8
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_512 b/ssl/test/axTLS.key_512
new file mode 100644
index 0000000000000000000000000000000000000000..7ae50f23bdc90e48f165aff330220508a99699f5
GIT binary patch
literal 321
zcmV-H0lxk)f&o1O0RRF)0MR=zU#S5?J%(*^zCdnK!AXBtb)hXb<-t7<AR5slZTfW5
zJ|nPj{Ge*y>_Lcx{!|rfVZ|0=xRXKgPd)!Gy#fOP009C)0Fimb?T$65*W6;Z_#YNk
zQ@#a*O7BqLt*OZgemVyg$o&?(z~q?GMVVlAY-DAL#~wAJ%@hSVITaeX4+WM10RkZa
z=<C<0-`J3<JRzh6F>2Ex*d>@xxG0k=x#?fIqh)t}0wDn9_HXM@#5)1QLVZv(dI{VJ
z<#zME>JR1d(>*U^;<!NqApqUavgw?9b&=SA#N9<+P{2Du+98<Z^7}$5uflGNb5#N%
z0K;8s)v|{ZPCF5Jp0h0B#d0-gs!3GYZqw9HExe&OK>{HF#AygqJ2JGkYa5*N@$(u=
Tmj7@iAR3)zxTTMr$9H6O@syE#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_512.pem b/ssl/test/axTLS.key_512.pem
new file mode 100644
index 0000000000..1e2fb41f87
--- /dev/null
+++ b/ssl/test/axTLS.key_512.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPQIBAAJBANE7MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOw
+cPygat7sQYiE/lQVa2HFFmK4k0HxTz3/Lr0CAwEAAQJBAJF5xO2ONajX3GK2+B8W
+VVO+BYNK71DfranJCX46BxXI/Ra7wOSY0UWZYHVsZGWJxx41os0UBTg5FRq4DwWW
+AQECIQDo69eo39iQqjwhpAQxatMh2CWYT7gokyu56V+5o2V3fQIhAOX2b+tQxDsB
+w0J9UDN6CdwI5XbzveoP5fHTPS9j4rhBAiEA3c+y6Zx6dZHYf8TdRV5QwDtB2iGY
+4/L7Qimvwm6Lc1UCIQDDXWrVsocTTjsReJ6zLOHFcjVnqklU2W7T1E8tvKE3QQIh
+AMRpCFM7MrS2axuc8/HzGkqW/3AlIBqdZbilj5zHd2R0
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
new file mode 100644
index 0000000000..8961bd9a59
--- /dev/null
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,B3A0D2BCEF4DE916D0BBA30A6885251B
+
+v8y74AGReaPLmDt6O8wir6hX1Ze8K4fVNkrLqfDMdW5E7jBXKO8riCMNmSjQ9fyh
+eTicej93+8krcIvSXKW18TdO+EWezQevgnLrAZQWaNPH2j4B+K5gm701uiiKFKVa
+1zngAOByePYlN6z4JLbiCyJRhxSo5zCaUYkKC2eGh8mlE64QmokPSCAj0wcCDzGh
+hdhBg1vm0GmaQwIDVn+8zMfahscXVMtBmyQf5YP4PQW2nqOt7aZHjBNdg9qnBpGw
+b6YuY7eZ4FgQvYcsNCi34NroJb9pkTrrF2F9Meb6+3So7jtMFG/YaJdCuXtf01g/
+Qm+XA5pJUtIUr/hLQjhkaOVUtXv/k0o/MR4k5CbAmboLt6YHf5V8+01vk0bvv5dI
+70pVdXMmx26xDZOGmjYzd93PWc+75jak3GN2fbWryQs=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
new file mode 100644
index 0000000000..7671a302fb
--- /dev/null
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,F076229CDC2BCB3B8722E3865855B45C
+
+WFV9QWzr4tNmD+1OeQ7BceQg5LVQHp20Jo1Ax29lq8JTPzeObhtaU2MUHlcPKHUS
+vK4FyQxJ25CyMubbnaZqCCz9pNbseFuJ1tob9UqRmXkZ8HV3snRjJRbcctD+V9x+
+Ymi1GreXoDQtMp0FtMiFjPvIYciBQnaRv2ChMAnGXNbZXCxWWA9E5S3a+yWzo+gd
+wEcowL+SUac1PEDGHokhKn7nctvI9cC4hE6JmKM1sD68/U3rRPXMGqmC7umqyT5P
+gjWBb1uu0iRjFC9eQUsaKPxey5Be710GFlyf/Ff/tep7RhkryIWEPvIzYCBf6rhk
+3pysFgTjfiUuBYUNumjXr/q5hgdtb75788XUDxKwAoUx+m8gi0nJg35CN2nmQ054
+VJxcZlNv0wqnJ+GTTZeN6fiAhTpVtHsqHQomRSfaBiw=
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9d27999fa053e524fa4ca893c2d13ce9ed49bb7c
GIT binary patch
literal 1483
zcmXqLVm;2p$ZXKW+RMhN)#lOmotKfFaX}Mn9ZM5y6;Qa$poyspA;q?!i76W>l+MJ+
z0HhKSGK>Z?Y+O(ico-QC_*gicZ@+tPGI5?Z6B7qRLlcv+>xsu7BXuG}7WFyS3yN1O
zJiB%z_haDaFJk>AMt=^4KDj&FlSO0x2d<QxS86g>f3KgsbB{=vL6^R#b?e&OS-QcS
zGCN$<U)|R-j!7>J5|-cmTV%e54S!<I%v}PPV|KXlHLx*$yLR({dh!!ry@wxHbn`4(
zrtp2X+e+Js(du58+nw_ke0kN+V{!Xvi_Fs7aa@776~ZoOpZC!@dwTJu`zsGbFtTzU
zV+vj++iuruakX9a|Bea!8F%F+h9C6ZcjM}8$+$o7GhC~-@P|jAoLB4`x8g`>)2?UI
zWu*`8Kl-TagceQVV7aLOe%rD0rav=xK9;Py<7Mxpy7}0RueYwx?_+3MS>c%f$vi$Y
z>qPY0e-jNE!}i!EIz_nZJDZx%Fa4AynB5}RZoGR%m9)iXor<N;f=u>?9S-~7oa}kp
z&%|qA>g?W->CVE3V>Q*gZY<JRHEFfbz3(d?tL<){;r=Jb)zq$UYu|_DE{+Rn%agu3
z3%yNqDAxJ&KPvBHYVlpK^9Np3U%31K+EVcXONOeVXMz#IUMYO>|2(~y2WNWEVzf?I
z<(U-KKKn^n)b)LfN?Z=|E{NH6jr(|qli}4W=1uv^j~B=u=E~*SW5W}$okLAO`S{IP
zm&N{b_Df#*<hYK*$5%h?%<kN2Ykj=tWHF{M&i$wP)aNUE=q~qX4iZd{IXV|SGrD-v
zIiS8g&5U6OdnH3-iVSmG`@wrZzP^$SjQCnA|78E~>e&uoyfd~wEuSU-w(_`~mv6zJ
zXND(%Y3vJ98Uv=jrz}lO4}rpWf%qmHH!Q_*F){%q7Xk(6VkShcPs!1(#%Z>ogb37L
z{j#quvpMaUTGqUyQ-7E)zkJ$hUr<88Ndd{X+aJDG=s(t#T=rr1MYoSPrQV;Yy}z+m
zy?`~c?A~9^kPHi*)!q-?Fa37Dv_6naZgJ(Ox~e3WYP$wqCBy$MnR+L9v<?`a5ep4p
zld((SiSlf=yCE(gW-`xKRMt!}E(zZ|gL(1NxWndoJkcy0{rF>^ugY2xd#-gtrp&?V
z<qeLLc76U^Q!xA5inNBn{EAOMlBSfKT}l^~i<*1fHfT>%1b_dxY9+VRUwb~ASsUAx
z{&$<{bAPTu(cML_!?$=aJkI&ra-Px8)p5DT#2>Fzt$sAlbPs*aYTIDLJE^z&&fe?l
z^Sk%Vzox!;X90tFQ`-xh6V7XQZrpS%wK>%Iy6xiU|AVYWX5_w_yT7M+A7@N?Xa9pO
zC+yntHF^4$pPv6HK!{B^ccmIv%Zd0HP5-EE{lWK-zxlMywZ@@flle{ob(fXKCWfJZ
z_vby)@(Da^SW$QG_ddtyKiO82(qFgbfBia<K{WUK@v0@8%M9km7`g9Ml!=JFY;&07
z;BMK#GCA+R%hYCcIoDjVkM?JaDL&9)b2@egzt_?YS=tt76H~+8`^8zdojJWSHhA^%
z%R#?3RVlUWC2Fm&Okh&DaIf!hu=-Tp`d@1<h2LteH&Eqmuql|-$1K0EC+O?j|I-Sl
zo!#B%5qNOD*)pRK5gQ#jCfw?r^|sf%cEZyiQ?*+jpV3SZ{+~MIyXvK$Be(3gd@WZ|
zFD@!s%%x_{^-aOxVSa|#GK(|ZzovbydogRlJK+t2D+C@|{!TM|Xc^|NYQ$^#)>rGH
zyBpJ1of*Za&nY)6zS(c*82^(q&7^aotL?qtXSb}Jp<BOf^9f^a&mD!Q4OI=4;R%{k
z)KH8?#Bf{p!<{BM|00^2HDfq4lGuA!Sr`}^C>n6Gv1;=%GfA;Bu!uO$<hdKxZPoGP
cR^P@Mi2?_#oJ#kwaA*sLUsS1SO#mfq04q$GivR!s

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..d04694b1fdfe85f10841cadc6681a121a4c3c7eb
GIT binary patch
literal 347
zcmV-h0i^ygf&o_o0RS)!1_>&LNQU<f0RaI800e>oK`?>=Jpus$0zm-LJ1}3V0YW{7
zZF0UqZc)KWe^+&(EjH!BJr5un(Iaj8bkaT}uyFjKYToQYh=l%B6>DL|7Gk)QLGe#L
z|1P}(0|5X50zm+gdBp9GHK^CzVz&4n7FAQe1%pcOP~WYo$q9Zs2NlTu7Q4XYn9)U<
zV0CO{Wr@cgHKNTF1vohs8n_PymH`0*Apq#>*Qnpvkg7Z(qy#Z)(;?U;m`}JUlPkID
zU%8`YcYOjO0Oj^?>rliy0mDLlP&0Z7+z91%^S$a1<?+)!FJt1kK>{HF-OsY=oO*SU
z*nh;`MP5+AJ3-nZnB(&MLMgApZi{nO0wDmyU24^`hZ9aa5qO@nEaAm+HD{_xRM~FR
t)K4wEp*KMSAppc_2va*Uw6<#-ob&PX8cLS`a3vrbon^SCkDSMMWONLcmL~uJ

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
new file mode 100644
index 0000000000..e07375a848
--- /dev/null
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEA0TswX6kBQj2GbXK+
+QG5RwUl/V3WhLTblwT0PIBrRI236dNI+I7Bw/KBq3uxBiIT+VBVrYcUWYriTQfFP
+Pf8uvQIDAQABAkEAkXnE7Y41qNfcYrb4HxZVU74Fg0rvUN+tqckJfjoHFcj9FrvA
+5JjRRZlgdWxkZYnHHjWizRQFODkVGrgPBZYBAQIhAOjr16jf2JCqPCGkBDFq0yHY
+JZhPuCiTK7npX7mjZXd9AiEA5fZv61DEOwHDQn1QM3oJ3AjldvO96g/l8dM9L2Pi
+uEECIQDdz7LpnHp1kdh/xN1FXlDAO0HaIZjj8vtCKa/CbotzVQIhAMNdatWyhxNO
+OxF4nrMs4cVyNWeqSVTZbtPUTy28oTdBAiEAxGkIUzsytLZrG5zz8fMaSpb/cCUg
+Gp1luKWPnMd3ZHQ=
+-----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ae029dee0fd45e90460d0eacd15f9be1882756ea
GIT binary patch
literal 2089
zcmZXUc{J3G8pmh(F~%Ok8&kYBg)D;*2FVg;ghXY@z7*Bimm!Rd?1M5&G+}5ak!8F_
zUL~QSNLh=qC5Eh7vS05x_ulR~_mAg%pY#1b=lSb<J}3eY5(0*z2(VdhxB}6PxGn&O
zfhh#o5I}$p?Atvk0#Nxo;-(OQ!hNd%0tW31`F8?FNpti5`vX51j1mNRU`q0v_oM3`
zLLfY#SOReU#>aa*<b&boMl-v45~;e*m)|5biB@)h30n6OJX#S)!Bgw3TCJy(pdUw?
zVM`g2w!@~{P2J<(fWkB|L?cATFVb==7Qr5v-51+f1@?0fPE5|9KWyV}_!$Snt{=m3
zgwb$?PfVQ=-c;7Zs;{vfHf}wiNpL@m-ava>^%q)Nk&KD<${~X$Bs$!?=aX(DX0b)`
z2=?1scbxjAy)u@r^s~g4M|A&HpVVc(WGVgvy{ikEfZFkPEVjjJr^EF8KrD`+uRA1g
zxA*y2re}A&5n``vH!1gLMon>80@oAn!BCe`J5Om7!JOHvY0haYo0>t2ZHWFv)gCwC
zcHV-}4cAM&Biz&hD-yA&@oQG74hLy%SFU#=+jVtu(u<Qf!Kaoa&$k(EC3IMsCw(rE
zPr;KtE(JZF5b&zusi5a@E;B`@T-&ALYzZ6VRa9Dk5Q^ujm5)jsH$Yj`y32if$=%Rg
z<0-|8lGI>IS_TQ<xCz;U%l9AnWR|~Fi+k^9C*&m#zTQlI-bWz44L3-MWLP4F9;DV1
zuT7>#f3c@C?6i}42hDFampl%liFBWzzf&J5c<bU0qQKpe-*mZUDNzzOKugV&-SH8P
zrbj7B^hp^%(liuyV_ym-<*#opYp}x|^mUy5ZB>(=<<RHFuqrmn6$QRHSMTAe(8$v7
z-@LjokSJo?<;J=srD`+HJ6KL<@H;0oBW<HOE&)fZnV}l*5>%^P?;lZI3p1Tu!DplU
zM4rNsQuFrc3#-z1@qd+dl9MV4j%g2~-kl!f*tk(>xkQmBR(tPOebymRY#7>NILs^G
zFd-|{;yz<Rqk?jVZDxu%H*vV0kJ!1@av<albh{+R(|842^$fgxoQHiw{6r~tVbQ~K
z<ItD)+zq%YGe24x`rw@d%Hv8>g(q7!s)AB_98U&M**RwaoN8`WRQk2%$o_`8gBYUQ
z>bS?Db1c-A-gmLeY}Ob?-;`}5!ofJtZS#IT860`^oOnbUrpyHd)iXTzc}Xntnd_EA
zzU5U9JWN7Dz-4^pns>eM`I0*SCMnzRuH}%O#6|~pMIl&Wfp@gn^DiZ-!c)6CxQYd)
zJzRNAA*1aW$MR0a5w!1vE6WIu=xKqx@7iUvpuMMs?kTPnQE%qQsw%behcY@}vw**a
z`foo$)*9kjLz9hUoP?ua1DZUDNPw}ee-$X+4*&5eOHBzATjgjS_UgHl-aJqGr={t~
zYP=pu70=og;9j?fi#@8a{zI!-#dZ+&97Xd$&R6z4v+AAQY_#P33i_0F5*2yVfg%t)
z)_nArmLs4ZQR5YVHQ7*<cfyH@^478&QGt9&>}S#SyVn-<_%!7>aQ8Hs*0VQ%t)J|~
zYM9nX7;4R-{w|0$=MJHW5-(c4O~%Dbulq%Bh;Hx)GamO2{@G~$sth9yaULz2oIPXT
z*t$vbEzQ*7lpg)IE#F_XlK&DPd@_c%yi{D8JaGDnF6iLnVfoM?n#C;?0V?%BXrd6H
z`~U&Uvu^|Y1LEfU52$#-5DEeE1Vw=4|3AO()}EQTmcLW}55E8c1n=|Zf<}W~uH4Uo
z9{nEovqoI>)r^n1_hv@)AJ%vEGgA<XL-|Th78#gJxU8P)N}7v=G-04Ulk!SY&^jvL
zW@r2lv6JwhgDup$KIY9$uhXw9);_B=bznQ(hCqQNq&?bY@YlNCt8J~7<=OYeQ)bC8
z*Usm}DMl2jt0{~AjP4K*>*~_PT3j&lA-c@fq-U_6%f2mPey71uU%KCBI%+J9&Aro_
z4B*w4n26|vcZcX8WE&_U0XIty?`^rvdtAi@Fvsm3>>P4m&}3uLbn;s5sM`=7JqPui
zS-mGzw#%6jhKm(xmU1~$5cQrmU6oQZ#>yC1FgAuU7n|qQG0mBRX7WF+kR-PoWkF*G
zVix7BqulQN2=t*;OR02T=~bpiO{+|*TjoSY-+EVCvq$Ws9yukLrI|yP?b$NA9TaX(
zmbgo4-r8v49<fi9r_Qfv{h(EM2>N~hEIpNWB_$2(I=#r?vK^#tNN~s`2UnH##Vi#=
z28)5ZrRXj+K7Q=MqC{}ba_eQ8>4@qxCdKNYjPd0UVU7lN5u5{4j0>Enr6=OGdfOFV
z>N9e~d`$HD0NLT=7J8*SA!dGDkUWFi#F{?9Y8wC8TceHzQzwxlwzkp*b1v>aNi7NU
zm2IUX6$AY*UB|5NmMy1GMaFk9O<wfwjSV)FdX+-nv;J_2=M}M%6UpN8B1y_wCL=>R
z2C*z%H2Xs#Oysq(Q-;Fo{qQzK5D)pTIX)d&`0O7%Z@aDrz)WltjghNu3G$S60F?&5
zkQBF9=)*zbx2k7asM)2?BaI8GmP?=+iOW@e;q>b=$=Su$@b>}_0*>HTII*M%RV?c0
ze+vyis45PKsn({9F;DsLUM9rLJHdV3VQKW!DCF-WF;&UK;vgJI6{H4o0fm9Cfr3H4
z`<oHS5T%NeMZvkbP6|RHhqyq1m|EG{iDfV*GP^eMwK-|VZ?BCK3h?;(36|unm8<{L
G|9=4=O4!W+

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..c4eb54c444ca361efa2c3b4e4d5082607b2bb693
GIT binary patch
literal 1573
zcmZXTc{G#@7{<T(W{jD^5R)Pl-K-<u$TG5)rEFQtB(jZVG>k0G5y$e$Zjfb?Mzm60
zsjiZwDdM^^5@TPYX|cPNopg21y|;VL{o_5)InVQ)_pjdr!DvMgfrMb8PiU-q%HfnH
zF@!Lp3>NA`!9x5^y90v3@}Cj93<irftpX4MYzpgVf`H`ExW7M$A`lQBg}EKq92wQ%
zRS$v~AOQxwsWnbuHnE!~2n^^^tELifPhZ?7B0fA$KYos%egcv9DeU@KN5A~k-oUYf
zyUT%HSry031dhxnC09jT9+co)M$#>iD+9nZxp(!m{a{!^3zqnH?H3?JvYK&a%YB09
zJ2xN64qd9L{rE_p$ONMps@`pG@6EKNnLn~iR>6LRDy*IxtM>K<((D-bE7=NFnBwZm
zVDTkVmMC}syBOh=Jkx0xrI)=3*Ky}{1WKVFJ<xG~E?94}w5Hx5yID`gV=FCtcSgyP
zMz5$5%|Yuz#}0a&Pd%yWOW{hm-9oPG=fDr46Op%}ilB!ZrTa?cc*)V!bI@8a8^<5H
z<3{ryBc$=&p%r0UraO0*#9QZiNh|p>zh8-1K9d~&$_HC({W0Pt@N_i9?)3x-Cqr3T
zePAM(ichfVdaPV7<C!LzTF`gg>n;Cu0cwFN=i_M+Czg!NZ=B0Lz{jy3Y3K9F+L*^p
zHpP`Lof=}%FOqs<b@6i_XKgNp<{5YAADGhZ=$ttg(cnZrFC5<PIrK5X-HMUpP{BA)
z*2<KWzAr4rL=4}_TycIa-N0>{X_La@CG5<S2+Yjd;sCApgxU2Xt)cc|Ow+SusUB8?
zQECkX@CcCKFIGe?%)OQ#!LCWtN|jAZAI!8~#BUL>ckFU13_MfOQ*`js^lXj{zgSo8
zpvvyhZz0}5*o2+_@ZA>_+oOj88U4s=;$?^F*ci`49CnGbkk*(B?PcZZ=S>SPk@3ok
zHW3DNLRD|`myKc0^uUeAjmqung+^{+3d{tGYU^W{TUf3p?UXw03Irn+{{v(hjFd#d
zNc^Ua+dMQ{<R3h72ym0*%|2N2e`>XehcPNg=u$tZMZsW9R|};@aWS!k*BfVEX;Lt;
zHwbaQChOXxWnQcvd&tJ}o4rk5=geN#4DcKsZ(P$Uf9(}#!!S$J_s?VzH-9;@1v}xc
zUqgD9c3ha#A1AHv?NVY#m96HANF?^*G&yWD{q2GmcMsfa{LNbS^SV5igD{Z&Dx$B&
z?{%8u%3LI7ASp-pTao)4cVMLNg%y+2csd-s?%}d4`+cXH&-CM4bxkl%+;P(h+vu6r
z{vMBIBfcqkqD@*{Zdrmeo#r1MQq`(-v;A?#&AeL7!TDihKUhUbdC^4Ug3s4ohYm*6
zy6b@c=5^0<Pt~}q1-`p!@S3qm6FAgZ%n<t{D7KD~^io;0eNr+>()bcf`szv4@9yKC
zxN5m4Qj4KC&t`J`pr#;YGsh~~RY{EiFS$GKk*s2u`sy`QPFeMd5AuLp>V=#eYf|a!
zMt>T)w&M~9LewX345k?d$7SS;>X02`zQ1_yaA;27pcoS{8KQa?2@dfFVp=DbyxP$Z
zy@ShpXm-Z>TlR?dt0i{L`d<&*&dZT?TKZ%|ZsxQQxEgWP_tr8b4IRflERA)mm&3ZA
zqw}F{Ls$bchIiGF()LDiRUGD;5|77bcQ;p!2twN}XQGY1@j!dS6xXL#YfY1tITuQ7
zT?4)x-`W{_OS-hKMK@rylf^LPET?D**hk-8FA{YOZQJ*C$2##>vAjy(joiHwm*>m*
z^mewy#f3g$JhJN>vzJZ@4z@L3lCV1#cs^7<ajL#<44hx_J+X5e)1u8yFcc1#?xZ&i
zFrT|2y6sm?pGsP`O(}hkLe_C%rm9Zqok6`i^?2n5Brz(eRTPf(8x=qM#-8L1?fw^N
z>{gOAia>glIaaGf-=M%rY981iUt!j5GNkddL?9_B$N^yh3D5?-046{KB7q=)0Yq)8
z7hnz?fJl%cghdN!;E|xL5P%|3Be^CIZ5L9{tv0y}@`==V{HJadhB5C~zBA{V$Bz~K
E1>TCewg3PC

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
new file mode 100644
index 0000000000000000000000000000000000000000..fc92d056429c92b14fdc609505a5528a38ddd3da
GIT binary patch
literal 475
zcmXqLV!Uq9#OT1p$?)-T`++N8!VeqpvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#G-#ZU>?%f92Ij_I
z27|^<rp88w8xQu2-g~wF#nr#uD^_g2?iRaTEr)08%{|9{9H_YPEiCnirUzd&_cGPG
z7uA*d7EiZs|MFnY#Dp(wpB?0WPLy1!@9w;Hw%na>t7JSY6*W$;@+`i|$?C)O$;UTG
zreV3rM3+B8n;$-Z?C-Lx=WvPT3!e*Dd{h#*I85z1z_p#p(y(<h6Eh<NBeL^=fyNAU
z7q`1gQ0=zliaiZ?+jA!P7$1&VKAlsB(|>l}<|sS2Nm9q#MI#?}#GK1|G;Nj9n?r9a
zx*tqPn=Ep8#%g2J%eAqATyu5`M7USYn40q6C$>rQ=PUlWS*MNEQ%>babX_=L_GM?X
j$<kY90cM_;wp%G0N84SC=b72Oebe`Dmm_h-jw_h};#;++

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
new file mode 100644
index 0000000000..81f3eaf1c4
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1zCCAUACCQDxw4fA1PRXwzANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA2OC/Fd7qr+jV/QuoqLPXRl2nJmwMtdm8xvjAeND2VmX4KUgOewumJX7oe3lv
+OOW1t/TgnJFg9AbzQB75kRmpL0dDtZse3PaqHEl5ISjLqklz2QkFTALyTE1sHICn
+FJFE/BKz4efjT0S6jMN0OehM0NRMJGG0QJWMwAq3AjkxhZMCAwEAATANBgkqhkiG
+9w0BAQUFAAOBgQALRyRSfbZjeLyA3YdskEwzw1ynlwkcCU+bbrNaPkaSGseHFVnh
+iFzOauKWqjLswu14i+CQZpMUw5irMzXTfV1RCpy5EFhHepiVZP9MXYIZ+eoPXprL
+Midkym9YitDANvS5YzSl2jZQNknStzohM1s+1l8MmYO3sveLRMRec0GpAg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c0badf7288617f5d618a62e1ad4a1343697a98ca
GIT binary patch
literal 607
zcmXqLVv06sVm!jc$?)-T`++N8!jBm6vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rc8
z{0u;GE~X|%MutNR_TT<>zJSeT^Za|gwm0>UnA?6&&rWT6+_6ixVL4aXImM&<URKY(
z(R%Eli~vi_zL|oyQC6Lwy!(V)*1mkd=KzOy=?d$}qN-vkspi;{?Gs&Ob>>R`J}R!t
z+jA&U_kPRFCBl9a^}ihQSF@EY+r99L$0v8O9WpZ)@!zhFOWnlzWtp*8&m^W2_0?9l
zw)n8tFa2|oB|f!S?S*U#tJV9Eu!NU)c8mVMWhyc4la_L1xyOI0f}@sf*H3S3R=#}F
zSLVfo6y=MD+><xOO?l$g(QP#I6pyLM?FAtY$LH+rVQl@d+VuO9tpD#5l1@LW@KyXZ
z?XJ$YGnby_Gj?rONZQ*fQmwj{iJ6gs5jli_5y#xv$Y7%%R{UjM&z~<$iCOpOTHLl-
zX13O#)auLBi#|qA7WF%dZ2i@=w_J|vQpWV(Vfo5oFY5Py%?LfWG579L8;L-TlY5Po
zy_rL7Ry6)w|M38C+PPyV(vCfEX%Y^;mu4~dqnLzDLb&InW8Lp&W%`?+J34>iH`Cet
R9GogVhX2<0z0YoW4gkCo^O*nu

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
new file mode 100644
index 0000000000..1ed0141afb
--- /dev/null
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWzCCAcQCCQDxw4fA1PRXxDANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMKgv9v6z3AGRLOf3o092S/ENz33Z2tlguOIuh2Apwp2ziHFvul7m9iF
+xsEcEARcvpkRPVo6ifJLjhJErenvvMAIS3WoO1lyenMaGoNddLeRRB0snRn7xRcl
+DYzCYS3fhJmkE06RL/TCTyY9GXa7odRI8kcWuByZog/be15lsgn0pjNKjJICdCer
+Otq0TAV/pfzRBF9lcyboHWQFOu9UVmDp3LsV/9o1GJbyKiNZd0j/GnDFOQbXy7GD
+I9PJTRzo4GQj0cJHY7JelORKiIsymcoMNRTboFRAx5y9jAGF8Ks196Rq/+9gYsvi
+eE0h+pbdLLbM0uZvAYqzIGK9hRR7Ja0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQA8
+L1Zz9K6M/PQCYWrfnTjbPKY2rTB1OvSV0Uwy5KKPQRS1+oK9dx4K0miX+1ZvI1bo
+f7/1aFXOsW3dpTwYUSjJvTMjSwNUPKiB/q/xwA1mzsbIZsbnhIITU95mOJ3xFhgc
+YFdJ4saL7pppTzfOxZ+h9jWbDwgJJAwx/q+O72uE5w==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
new file mode 100644
index 0000000000000000000000000000000000000000..40bbe94fdd8d5fc57dd7463e4e9530b9d661e7c6
GIT binary patch
literal 863
zcmXqLVvaUwVmiXa$?)-T`++N8!jBs8vT<s)d9;1!Wn^SwWiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MFatt!Lqii2
zW1}c>USnfJ10!Q7*FeWm%s>QUDldwuhC&7cAaQ14PD3MeJp&*#1iDZO*;$ON49rbT
z{0u;GE~X|XMutD?TV}>;ow{Ja^XqY}Kx&Zef|Au{+XOz`xm&ZC_3Bzx*40-wFfQg@
zm%j3gNv(kccj0BVI|(i7yZNjX1&Wq@zCAtZ{?bm~_lp<D{G4MuJ?-#`P4nv}&ka5Q
zbUS<Zo0tg-XXB@*?p*(6ujTinE{DA0luKp4zOG3VT+j21JzXI{I;f$4MLEN=(jT`I
z*NH7Y7WKT8t&;Ek#V00H93I4Q6y7~ML#g%p(eK;T|9O?pd>MDeGtww(0oyI-?vNu6
z^TXM09Ex^dDZ;tar^LMBOeK%H7W;SJ#A{)zrj;<gVere_`nzx0!;fCgWef?Q7yaKS
zr4ilXAY(uEyx9LQQ?JVl>HmnoStPqxZLgEm3zNIDcdNGvx){gK$*>jXI`gWlo-;Cf
zm$Cl}S9azz?Pun<HNR_GJ9*!N<cV){?s2X^Xu(qWe?juSS8-}i@zWmueUUbI-h0KJ
z5uy&?PMplqTzX8kN3OlJOD#mbeQ$xIhncb1t}cG1zKt4ZZWbhdKI9N}R&R;C${X3^
zcV$oS$P89hzs_a;ZQh0%ddt7QsW|&+wsq%Sulf5K=Ffe~RdcS{_)z(b@Jk0B^0iNQ
zZ#ZKq6tV1o6i1HW7F+9THl;_VcQu3m$nDr)b~=9odlr+;S=}dgrxklvq!gZ=_T|t-
zR^JVZ57wCKTHbP-vbyTLp+cb52JRU<&8zAUukL4JW@KPQP9eaA%iP$=P_$vKZRN}p
zU%y;??9-n5HOxaTsQ$C=%SBbY^xh`?Z{Oox^0K1x(P9y)jt<@0`)8M3G1}1{SYvp6
zRmKV7oew&fY_?`jH!!b``uxkyKBpy2JhMHPf8rH?@ed*&W^SAl*1&h%>i3$k++BCg
c{uLH|{+cssT4etA3m$>ump}GawD^_-0G~{BVE_OC

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
new file mode 100644
index 0000000000..b7aed1caba
--- /dev/null
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAsQCCQDxw4fA1PRXxTANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAPwntJldKsrQMAz6410QZVIdoHSrNrYQ8NzdfKMF1a0lBavUsAGjDa5n
+qfQ0fTBAC3HTJtxghCe7DjohEHKk89uXYt+liQ3vo6Nc+Zw9l2bDyLKffpOdVc/l
+tweL7FyQIM1fl2W5r/S9OffFRMJKXiN1HPXrfGYRrwz6B2cgUBtSgI+odwCmdfjb
+Ya4Wo8Za53UGeQ7v0eQ0lEDgXAhx3c2YIoXXxfe2J/5KdZnpXtRJWTJaoAbaQ4tU
+xECfVwbYwltHqRQJuUx0N4DMeQwnKgf3DWHWVqqWdALsAE5utfuOpuHxSoN2AGDz
+ov++GihbiEAcP5XPFv/0ldcfEi/4X9lyHb0mvUIa6DTdHd17thFEM12caD0TCszq
+in8JWVu6M0+oRQcDzIfMn4aD7oKtk76gY5HtbN4Jr8E4BHH/oGPe6l4mQl+W4f3o
+Zp2e7yG5WBVA9sjJbCmlxiWMHod1iiZUJ4e9cEFINjMWuooPIo6xKMzZcGHzwkBa
+zS6kHyTsHcfdHcu4aVMlJ9cKN/aesJgup/XseM3imzuJ3UqfvwCfneUKfM6DM8J3
+mFfSwUBvK8uLsMw5Elim/1oIbBG0PTt7BiLiNd0pU/weuL92y2+QB2oCPM0t5D7L
+IYyoZHHNlvTCkQVNsCHgrDUtOdpGlKt6zzEgUTqwC5i5N3p/w6uPAgMBAAEwDQYJ
+KoZIhvcNAQEEBQADgYEAcrCtPXmZyPX01uNMh2X1VkgmUn/zLemierou7WD/h7xL
+dOl4eeKjFBqIiC19382m1DK4h1F8MceqaMgTueCJpLM7A2cwN3ta8/pGP2yEVhdp
+h10PkdRPF/AU8JmxnFaADsc6+6xWbbrdNv5xcvP1bJKWWW+30EhRF9PxjXiETXc=
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_512.cer b/ssl/test/axTLS.x509_512.cer
new file mode 100644
index 0000000000000000000000000000000000000000..48c6e13aa0af5678668c7d4a3245a3304030f01e
GIT binary patch
literal 406
zcmXqLVw_~q_=ky;;p5@<16RI;A2Q%&<J4;NX#38~$jHjdU|?csWMII?9LmBateIF5
z;uEY8P?VpQnp~pblAn@Zso<PiRFavNnVeXXs^C~!l96AOSyE{rC(dhN288B@h9)M)
zMp5Ft#>R#QM#fOCfsUb=fe6G@UKCReg$x8h;>^OFhDPRk20&<N5QFR}Mpg!9Zw3Po
zCP#*g)&}t_8J%p~a*Osk<OLq|tPd|;sB8B0pe?_G)J5goUnQ69ls6RoS&((_jblg4
zzYx*v#G_(KJ0?4R^tb)5x0i{Tk%1A}Y@mmk8ygw8T<y9KM14K_+%vyx^*)0-Vb=Of
z^Mp;VUh%%N{nBP3u`f~Uw-)Z%{B_zi<u6}KRZ?ae<R5$`QgP~KtDBA7^o#xt*Tp#V
zm}6L1oi7y--zB+a(l70&CztXn9MJDQdVZoyvbRyt?vfp=#N@B8oOG{$>Zk9;ChBUA
P9b0QY{GW6AgzOst>~fQg

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_512.pem b/ssl/test/axTLS.x509_512.pem
new file mode 100644
index 0000000000..8191e489f3
--- /dev/null
+++ b/ssl/test/axTLS.x509_512.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAKRT6LwFr1xedJ
+b4qrvjB+EwV/0p4TNNXUS9S30rMSFvRar7VxvLP1lpYj9PR1JGSZMG/B6hR4yumF
+Rjwel9FPgNcWCW4DXAWqz3UQF7oZtJL6K+XJpQ0gwC+Nxc+RRGNLMlK7dLiqFh/V
+qZLej5Xy93M0JyZBiLV88P+c08gd7A==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
new file mode 100644
index 0000000000..9a75fe960e
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfHMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDo
+g6K2iXFftW+Qk+rrzkMGWrtfY6YSxPstPRrI7akluUEoyWGITXbK6L3QfERrf2eu
+CnWyciQiHVRoHC0EgZUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBT6YhR8x/bBteK
+lr8E0l4mATOnYlsmge+z/SFYs4bDBofqlwQCVJXNSBA4ZsEjgP9qIWTu/85QrVGq
+LrkewSM6Oeh95LGnE+uhJVtIX++O+Hsex3H1UL067dCG99XmDhqbEU9AI6YSZu2p
+cjoSowFELtOoG667+id9QObfV3EQoQ==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
new file mode 100644
index 0000000000..4f3074e011
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfIMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAW
+9PdXa5u4gWi5VB5p/eQmOtteRq9/54JkiEs8cVNrTQgZsjjU1LGedE3JwBqZ1EIW
+HGPjcGg5dVxFjkn7RekCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBmJMt0Crdd/BPn
+EdmzsVXou0zTizTC8wyUPMVpg/KzzP7fhZux/ZIrH9/RVcJd9y+B2/mXc3C+K99+
+TXQoYKsLGArfDPzmpy1wPrdEcB1A9gkWDl1Uq6xRyvrVm3gX8NTITRuGKL9njgWx
+2SrApIBtOOUOinYtfH3745cVVl5HOA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
new file mode 100644
index 0000000000..79eb9ccd68
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfKMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
+NzExNDQzMloXDTA1MDYwNzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCmPSs9EceViMZD
+ZTXDZpQWJFcXaeInrXWgYWyVgnHBY/eSuqNCxkV/ehv/Wc5pWBGnrX+4cSvQ+TpQ
+FdZegeOjvgipjtJb/0TJCcvgcdHTntEM0h7VXjfbsJXAHwJPFzWIKxV4jeFXnaaw
+W+YHrj9GQ8PnFmapPuh4h/y6LyHAcg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
new file mode 100644
index 0000000000..fe72b541b2
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkjCB/AIJAPHDh8DU9FfJMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
+MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
+MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
+a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQApbldYefE8A0ez
+SYvAuCtYxx/2KHwBRD/cR0q7widl9WGjVC/dsnbFo109vHEr3FP1HVYSI0aweiaK
+XZmpUyJ9DprbbWQqaLuDnqIH8X7kfiMuO7/LGQc812iDJI2Akxp9cIlPBFBD8GVx
++0EphzSodDDlLD8bPqLaWTE+8Ydtjw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.cer b/ssl/test/axTLS.x509_device.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c966743c9ca724ecb81928d0f6ad7e62b29eab92
GIT binary patch
literal 401
zcmXqLV(c|&Vl-#sWcYZv{lJwk;l~Vk**LY@JlekVGBUEVG8pI>iW!KoF^95n3G*ga
zg!lw21Qg|Gr6!jc3K<B1#F>RT4UNq841mzkKu(<3zzhh@4Gm39jE$nid5w(?4UCMT
zTmx-GO#^j^X$mN&DY&GTWhSR8IHwksWTs^%CzhldG|oqM3?nN8b7L=qL1QOVV<W>A
zB|csu?fqp62d3^8%Qa9mSYy#4{w;o%qQvxI>(vh>*<B_H1hVnmoqm6d?p9~jehIIu
z3hkWl&RzMZG}&pbclcJJJzTXH?4P|mtG+EI`RW2EkG!w-PS3smW>4W)IqNC%Ho9fI
z%iCXCtE2tbBwl5l92<M$)2Zs!oO4c{R9!iBk2DiABLgF{^MGN+?8qRnJ@DK*r6kRQ
zou!f8d$dn2ktz*-u-<dx)#DCf4@GC2zl%QMx4GT9;@g7M%efZ}Rf5VD`U~Sc_su=`
KLZ@nBTsQzLwv8$P

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
new file mode 100644
index 0000000000..e9cbaaf314
--- /dev/null
+++ b/ssl/test/axTLS.x509_device.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIBjTCCATcCCQDxw4fA1PRXxjANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMDYwNjA3MTE0NDMy
+WhcNMzMxMDIzMTE0NDMyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CIODRIr
+v3YgwJW7Fm0wITCsOIgX9l+aIRiXUzur4RkHRJIQUQYM3ZfftC21QyWPGErVIIcJ
+7s7U/iKTQq1LV7USvAp90D/m7s0ntmRj1aBCSG71f0LnSv1rlA8kzUkU7VuEt0Tt
++iqrW0+sYdUBk11dyPLKe6sJnMrJJamVvBsCAwEAATANBgkqhkiG9w0BAQUFAANB
+ABC3Uc6uImIpcLl1WYu8K8qkGnVT4K9JkdXHQFbhFZs37lvITrOHQ3j2oGXTbdAx
+JFJ3II9xXkm+nc7oLHqhXlc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
+MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
+Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
+n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
+3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
+flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
++UcZ
+-----END CERTIFICATE-----
diff --git a/ssl/test/deutsche_telecom.x509_ca b/ssl/test/deutsche_telecom.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..0f4b96a0d5b66ac34b258e34a8943630d55feacc
GIT binary patch
literal 670
zcmXqLVwz>p#KgRSnTe5!iBZLXmyJ`a&7<u*FC!xhD}zCyA-4f18*?ZNn=q4$tD%g6
z6o|tmEbNk6T2h>xk*W}qnv<HHpR3^LZYXac3zFp)77Nh@2?wVpD})r47MCbEr{<NU
z78xoVD1sC)3rk^W56aI6DsxmYG>{YLwX`%aH?TA`G&V6Xh!W>D1apmyO)Y`kfpAje
zeB^LpWMyD(>}4=$>||<eWVmp5HqQca7Z?8ZiVnr;VIS-=GX!_tH2>7N?y$<5%!OzF
zERzTg``<m^=-}<=6*`u;6B-?tzQ267p;yA@Q4kOJ{O>9Ao-X*XBQfdA{s)V1MQHyO
zWy#)aHLqswC)*oOrXGIdcj#m4Y98-5?oH8;9tM=&_?EauBId2}0&ltI-~KIoDw&uW
z85kEk890CgUzU$Wj73Dm@KODoQ$kaJe=JbA?W-YN=#+TOfFBt2vcfDJ25gLs|CtzB
z4fsF;{6G#13o!QCki7_udS;;C=E@5EntVbwMZq<0PCjey;-LEFE80^xr_VBLt0)o^
z{eRuHSc9>xWA4OP_pWJj^Vlt(S>nKR=8eFEls^UAc3BFke~M!W*vfs)>;B68FPk|v
z8vb08JMyN$t<~qA>juWD7Hh=jyLr9SJ-zpI>PD-l%e+~<`HcU|RG(;Raeo+<;^qYa
DuXy4z

literal 0
HcmV?d00001

diff --git a/ssl/test/equifax.x509_ca b/ssl/test/equifax.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..79b0a3f98764a07fdf6cae1a80eebf704d1f8796
GIT binary patch
literal 646
zcmXqLVrnvIVtl=TnTe5!iIK&CmyJ`a&7<u*FC!xhD}zC>A-4f18*?ZNn=n&ou%V2B
z6o|tmEbLlXnwgeZp%9#!Tw0W>;F*`KXQ*bN0+MAGmPM0Ibt)~+%u6jUR&aLIH8hYD
z=e4vnFf%eVFfjmvC~;mR10*hOENz^R>^DYM2Ij_I27|^<rp88wbNZ5d#J88<o4hhU
zidWp<M2cs|7p0q#SB_-3eb{1pw3S)m*m~Ecih-_<uf-zFjPf4^B&GcP8#rf`%FQox
zo3+}x6fX-|nB?>_<V7vG>GV!Yaq7<?pU|kI{1*OhzjA-*nO>8vdHv|ahSG);D}~qW
z>v(UKw>n<SB8h2(Q1!q5Wz0;>j0}v6(+pA!1lc$f+B_KBemDWcpM{x;f!%-~7^bqq
zjEw(TSPhtglz}`*K$%6tK&(N;tHLNq@OGq_S={}DB4!R*?lnFO4P-$I_*lePuuG#x
zF*DHrrO_*9GYdX@8Rm2L=SrUgyt6)^NzHtwT6QLK`?Zk6vS(+mk-WR5_38uLKS>J9
zTf8GuKR)_7Rnh+ImAVKy_x2FGh=p6X{?K|~_<YadZyP<`9$jCM{WPp<mimkuw<MA0
oC;#Lz3sp8)$a*yO{t^GDHBEbK(z0c?d+R4fo{iFK+GJh{0RBANs{jB1

literal 0
HcmV?d00001

diff --git a/ssl/test/killopenssl.sh b/ssl/test/killopenssl.sh
new file mode 100755
index 0000000000..17950fbaef
--- /dev/null
+++ b/ssl/test/killopenssl.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
new file mode 100755
index 0000000000..b7a872b98c
--- /dev/null
+++ b/ssl/test/make_certs.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This license is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# Generate the certificates and keys for testing.
+#
+
+PROJECT_NAME="axTLS Project"
+
+# Generate the openssl configuration files.
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Dodgy Certificate Authority
+EOF
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME
+ CN                     = 127.0.0.1
+EOF
+
+cat > device_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Device Certificate
+EOF
+
+# private key generation
+openssl genrsa -out axTLS.ca_key.pem 1024
+openssl genrsa -out axTLS.key_512.pem 512
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_2048.pem 2048
+openssl genrsa -out axTLS.key_4096.pem 4096
+openssl genrsa -out axTLS.device_key.pem 1024
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
+
+# convert private keys into DER format
+openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
+openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
+openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
+openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
+
+# cert requests
+openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
+            -config ./ca_cert.conf 
+openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
+            -config ./device_cert.conf
+openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
+            -new -config ./certs.conf -passin pass:abcd
+openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
+            -new -config ./certs.conf -passin pass:abcd
+
+# generate the actual certs.
+openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
+            -sha1 -days 10000 -signkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
+            -md5 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
+            -md5 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
+openssl x509 -req -in axTLS.x509_aes128.req \
+            -out axTLS.x509_aes128.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_aes256.req \
+            -out axTLS.x509_aes256.pem \
+            -sha1 -CAcreateserial -days 10000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# note: must be root to do this
+DATE_NOW=`date`
+if date -s "Jan 1 2025"; then
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
+            -sha1 -CAcreateserial -days 365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+date -s "$DATE_NOW"
+touch axTLS.x509_bad_before.pem
+fi
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
+            -sha1 -CAcreateserial -days -365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# some cleanup
+rm axTLS*.req
+rm axTLS.srl
+rm *.conf
+
+# need this for the client tests
+openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
+openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
+openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
+openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
+openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
+
+# generate pkcs8 files (use RC4-128 for encryption)
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+
+# generate pkcs12 files (use RC4-128 for encryption)
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
+
+# PEM certificate chain
+cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
+
+# set default key/cert for use in the server
+xxd -i axTLS.x509_1024.cer | sed -e \
+        "s/axTLS_x509_1024_cer/default_certificate/" > ../../ssl/cert.h
+xxd -i axTLS.key_1024 | sed -e \
+        "s/axTLS_key_1024/default_private_key/" > ../../ssl/private_key.h
diff --git a/ssl/test/microsoft.x509_ca b/ssl/test/microsoft.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..b90803452b6cd92749d3e34c60420fd20e5b1c4f
GIT binary patch
literal 1046
zcmXqLVi7WEV*0g!nTe5!iJ##hL${4hhu}rKZ^>`&I~ee?acZ@Bw0-AgWMpAwFeot8
zHqc~a4rSpMR&vfSs4U7%&nQvQNY+#^w6ru=@Xbsv$}i4OD^YOHFDlS8lrxZlC>BMP
z$uCMQ$;{6)R5XwW$ukQ}AmoGc^Gg&QOG`5Hi!w_p4dldmEzJ!K4Gj#;4S*m@oY%;}
z(8$;j${hd~H8Cn72MZ%B19KB2KZ8LNBNtN>BO}8~ro9IXo>_nLlh&9&y&}%w)uNTX
zs_{SmP4!v4{omY03U)Pti)JtCPcX{9=#*0VZcW+AkXxT#&uNqCpWl+U`Dk`klJYfK
zn|u6>lU__avR^lC)~pP*nHQ{d_Va9wP&?@MoXgH)n$AiM%N1`to1GrF@b8|L6PmcD
zsb*n<Zn@9PnOjn<X9dU@a;S*RU-^8Zw!|~r8Ob6E5v-~6WzB=yzb}73h3S~|<^7?q
zn>!o!TfGUH;<xVa@~Yetzx5Jlrg3U0GK5b^$TZ*WEyQjU_CNafk~A)kWtSSm!ryPR
zjuUGvXSwxl-@1mW|2CYhzqVYeD8}a0o(~+0l?*nswVvFpP%hkhpNW}~fpKx;3WLU_
z291k=@hi*7(m2bYae9M5^o4@=nML!I1M5UK`S$%ky|9S>@z+EkjRPZ-kzwi!?gPD_
zr%RZ=-NC4Gqg?QFOoGw;dEBS%SSNP$pR{_W_~}FVWSy-G+)pIE|8xC}wRO}=vyjYx
zD!KM2&#bz~T65R1*LJ=@LDuenLjDq&2mV}eek>TJ;QuPAdi^TN6WZpgy8BWW3U#US
zColdUBJ)%6<TcUHL2L4yjoAM-iT`+-p2HjXZSTjR<9nYUG5Dik$k`z~Ra46Msw~se
zj|~r)w?u#0c=ts3yHwBPK_T0=Flz|?pK$F1M}OUp=|@+a>pZD?vZDNP*#d?OS@s7n
znRPvI6k1`LC7pHK^x+j5mM1G*Sx!V5Tjcr5@Fs2NTGVs-YKXntS((sf1-FH)+9#LJ
IUw&x;05YnPSO5S3

literal 0
HcmV?d00001

diff --git a/ssl/test/microsoft.x509_ca.pem b/ssl/test/microsoft.x509_ca.pem
new file mode 100644
index 0000000000..478e60b070
--- /dev/null
+++ b/ssl/test/microsoft.x509_ca.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx
+KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc
+BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0
+IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow
+cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe
+MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv
+ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5
+7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB
+RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er
+GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko
+IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc
+PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw
+72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN
+aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh
+MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs
+30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F
+kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+
+Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH
+/YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS
+VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc
+BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA=
+-----END CERTIFICATE-----
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
new file mode 100644
index 0000000000..74844a5e05
--- /dev/null
+++ b/ssl/test/perf_bigint.c
@@ -0,0 +1,216 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This license is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this license; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Some performance testing of bigint.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ssl.h"
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+
+int main(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    RSA_CTX *rsa_ctx;
+    BI_CTX *ctx;
+    bigint *bi_data, *bi_res;
+    int diff, res = 1;
+    struct timeval tv_old, tv_new;
+    const char *plaintext;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+    int i, max_biggie = 10;    /* really crank performance */
+    int len; 
+    uint8_t *buf;
+
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("../ssl/test/axTLS.key_512", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("512 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 64);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+
+    /**
+     * 1024 bit key
+     */
+    plaintext = /* 128 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("1024 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 128);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 128) != 0)
+        goto end;
+
+    /**
+     * 2048 bit key
+     */
+    plaintext = /* 256 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("../ssl/test/axTLS.key_2048", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("2048 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 256);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 256) != 0)
+        goto end;
+
+    /**
+     * 4096 bit key
+     */
+    plaintext = /* 512 byte number */
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
+        "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
+
+    len = get_file("../ssl/test/axTLS.key_4096", &buf);
+    asn1_get_private_key(buf, len, &rsa_ctx);
+    ctx = rsa_ctx->bi_ctx;
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    gettimeofday(&tv_old, NULL);
+    bi_res = RSA_public(rsa_ctx, bi_data);
+    gettimeofday(&tv_new, NULL);
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("4096 bit encrypt time: %dms\n", diff);
+    TTY_FLUSH();
+    bi_data = bi_res;   /* reuse again */
+
+    gettimeofday(&tv_old, NULL);
+    for (i = 0; i < max_biggie; i++)
+    {
+        bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
+        if (i < max_biggie-1)
+        {
+            bi_free(ctx, bi_res);
+        }
+    }
+
+    gettimeofday(&tv_new, NULL);
+    bi_free(ctx, bi_data);
+
+    diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
+                (tv_new.tv_usec-tv_old.tv_usec)/1000;
+    printf("4096 bit decrypt time: %dms\n", diff/max_biggie);
+    TTY_FLUSH();
+    bi_export(ctx, bi_res, compare, 512);
+    RSA_free(rsa_ctx);
+    free(buf);
+    if (memcmp(plaintext, compare, 512) != 0)
+        goto end;
+
+    /* done */
+    printf("Bigint performance testing complete\n");
+    res = 0;
+
+end:
+    return res;
+#else
+    return 0;
+#endif
+}
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
new file mode 100644
index 0000000000..d841afaa90
--- /dev/null
+++ b/ssl/test/ssltest.c
@@ -0,0 +1,1813 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This license is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This license is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this license; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * The testing of the crypto and ssl stuff goes here. Keeps the individual code
+ * modules from being uncluttered with test code.
+ *
+ * This is test code - I make no apologies for the quality!
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifndef WIN32
+#include <pthread.h>
+#endif
+
+#include "ssl.h"
+
+#define DEFAULT_CERT            "../ssl/test/axTLS.x509_512.cer"
+#define DEFAULT_KEY             "../ssl/test/axTLS.key_512"     
+//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_SVR_OPTION      0
+#define DEFAULT_CLNT_OPTION     0
+//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+
+static int g_port = 19001;
+
+/**************************************************************************
+ * AES tests 
+ * 
+ * Run through a couple of the RFC3602 tests to verify that AES is correct.
+ **************************************************************************/
+#define TEST1_SIZE  16
+#define TEST2_SIZE  32
+
+static int AES_test(BI_CTX *bi_ctx)
+{
+    AES_CTX aes_key;
+    int res = 1;
+    uint8_t key[TEST1_SIZE];
+    uint8_t iv[TEST1_SIZE];
+
+    {
+        /*
+            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
+            Key       : 0x06a9214036b8a15b512e03d534120006
+            IV        : 0x3dafba429d9eb430b422da802c9fac41
+            Plaintext : "Single block msg"
+            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
+
+        */
+        char *in_str =  "Single block msg";
+        uint8_t ct[TEST1_SIZE];
+        uint8_t enc_data[TEST1_SIZE];
+        uint8_t dec_data[TEST1_SIZE];
+
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "06A9214036B8A15B512E03D534120006");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "E353779C1079AEB82708942DBE77181A");
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
+                enc_data, sizeof(enc_data));
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: AES ENCRYPT #1 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+
+        if (memcmp(dec_data, in_str, sizeof(dec_data)))
+        {
+            fprintf(stderr, "Error: AES DECRYPT #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        /*
+            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
+            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
+            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
+            Plaintext : 0x000102030405060708090a0b0c0d0e0f
+                          101112131415161718191a1b1c1d1e1f
+            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
+                          7586602d253cfff91b8266bea6d61ab1
+        */
+        uint8_t in_data[TEST2_SIZE];
+        uint8_t ct[TEST2_SIZE];
+        uint8_t enc_data[TEST2_SIZE];
+        uint8_t dec_data[TEST2_SIZE];
+
+        bigint *in_bi = bi_str_import(bi_ctx,
+            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
+        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
+                enc_data, sizeof(enc_data));
+
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: ENCRYPT #2 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+        if (memcmp(dec_data, in_data, sizeof(dec_data)))
+        {
+            fprintf(stderr, "Error: DECRYPT #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All AES tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RC4 tests 
+ *
+ * ARC4 tests vectors from OpenSSL (crypto/rc4/rc4test.c)
+ **************************************************************************/
+static const uint8_t keys[7][30]=
+{
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+    {4,0xef,0x01,0x23,0x45},
+    {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+    {4,0xef,0x01,0x23,0x45},
+};
+
+static const uint8_t data_len[7]={8,8,8,20,28,10};
+static uint8_t data[7][30]=
+{
+    {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+    {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+            0x12,0x34,0x56,0x78,0xff},
+            {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+            {0},
+};
+
+static const uint8_t output[7][30]=
+{
+    {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+    {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+    {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+    {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+        0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+        0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+            0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+            0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+            0x40,0x01,0x1e,0xcf,0x00},
+            {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+            {0},
+};
+
+static int RC4_test(BI_CTX *bi_ctx)
+{
+    int i, res = 1;
+    RC4_CTX s;
+
+    for (i = 0; i < 6; i++)
+    {
+        RC4_setup(&s, &keys[i][1], keys[i][0]);
+        RC4_crypt(&s, data[i], data[i], data_len[i]);
+
+        if (memcmp(data[i], output[i], data_len[i]))
+        {
+            fprintf(stderr, "Error: RC4 CRYPT #%d failed\n", i);
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All RC4 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA1 tests 
+ *
+ * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
+ **************************************************************************/
+static int SHA1_test(BI_CTX *bi_ctx)
+{
+    SHA1_CTX ctx;
+    uint8_t ct[SHA1_SIZE];
+    uint8_t digest[SHA1_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "A9993E364706816ABA3E25717850C26C9CD0D89D");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1Init(&ctx);
+        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: SHA1 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1Init(&ctx);
+        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: SHA1 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA1 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * MD5 tests 
+ *
+ * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
+ **************************************************************************/
+static int MD5_test(BI_CTX *bi_ctx)
+{
+    MD5_CTX ctx;
+    uint8_t ct[MD5_SIZE];
+    uint8_t digest[MD5_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str =  "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx, 
+                "900150983CD24FB0D6963F7D28E17F72");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5Init(&ctx);
+        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: MD5 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5Init(&ctx);
+        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5Final(&ctx, digest);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            fprintf(stderr, "Error: MD5 #2 failed\n");
+            goto end;
+        }
+    }
+    res = 0;
+    printf("All MD5 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * HMAC tests 
+ *
+ * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
+ **************************************************************************/
+static int HMAC_test(BI_CTX *bi_ctx)
+{
+    uint8_t key[SHA1_SIZE];
+    uint8_t ct[SHA1_SIZE];
+    uint8_t dgst[SHA1_SIZE];
+    int res = 1;
+    const char *key_str;
+
+    const char *data_str = "Hi There";
+    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
+    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #2 failed\n");
+        goto end;
+    }
+   
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
+    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, SHA1_SIZE, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 5, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 failed\n");
+        exit(1);
+    }
+
+    res = 0;
+    printf("All HMAC tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+static int BIGINT_test(BI_CTX *ctx)
+{
+    int res = 1;
+    bigint *bi_data, *bi_exp, *bi_res;
+    const char *expnt, *plaintext, *mod;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
+
+    mod = "C30773C8ABE09FCC279EE0E5343370DE"
+          "8B2FFDB6059271E3005A7CEEF0D35E0A"
+          "1F9915D95E63560836CC2EB2C289270D"
+          "BCAE8CAF6F5E907FC2759EE220071E1B";
+
+    expnt = "A1E556CD1738E10DF539E35101334E97"
+          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
+          "F3140F5091CC535CBAA47CEC4159EE1F"
+          "B6A3661AFF1AB758426EAB158452A9B9";
+
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_exp = int_to_bi(ctx, 0x10001);
+    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+
+    bi_data = bi_res;   /* resuse again - see if we get the original */
+
+    bi_exp = bi_str_import(ctx, expnt);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+    bi_free_mod(ctx, 0);
+
+    bi_export(ctx, bi_res, compare, 64);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+
+    printf("All BIGINT tests passed\n");
+    res = 0;
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RSA tests 
+ *
+ * Use the results from openssl to verify PKCS1 etc 
+ **************************************************************************/
+static int RSA_test(void)
+{
+    int res = 1;
+    const char *plaintext = /* 128 byte hex number */
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
+    uint8_t enc_data[128], dec_data[128];
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    bigint *plaintext_bi;
+    bigint *enc_data_bi, *dec_data_bi;
+    uint8_t enc_data2[128], dec_data2[128];
+    int size;
+    int len; 
+    uint8_t *buf;
+
+    /* extract the private key elements */
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
+    {
+        goto end;
+    }
+
+    free(buf);
+    bi_ctx = rsa_ctx->bi_ctx;
+    plaintext_bi = bi_import(bi_ctx, 
+            (const uint8_t *)plaintext, strlen(plaintext));
+
+    /* basic rsa encrypt */
+    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
+    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
+
+    /* basic rsa decrypt */
+    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
+    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
+
+    if (memcmp(dec_data, plaintext, strlen(plaintext)))
+    {
+        fprintf(stderr, "Error: DECRYPT #1 failed\n");
+        goto end;
+    }
+
+    RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
+    size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
+    if (memcmp("abc", dec_data2, 3))
+    {
+        fprintf(stderr, "Error: ENCRYPT/DECRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_free(rsa_ctx);
+    res = 0;
+    printf("All RSA tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * Cert Testing
+ *
+ **************************************************************************/
+static int cert_tests(void)
+{
+    int res = -1, len;
+    X509_CTX *x509_ctx;
+    SSL_CTX *ssl_ctx;
+    uint8_t *buf;
+
+    /* check a bunch of 3rd party certificates */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #1\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/thawte.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #2\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #3\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/equifax.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #4\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    /* Verisign use MD2 which is not supported */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/verisign.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
+                                    X509_VFY_ERROR_UNSUPPORTED_DIGEST)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    x509_free(x509_ctx);
+    free(buf);
+    res = 0;        /* all ok */
+    printf("All Certificate tests passed\n");
+
+bad_cert:
+    return res;
+}
+
+/**
+ * init a server socket.
+ */
+static int server_socket_init(int *port)
+{
+    struct sockaddr_in serv_addr;
+    int server_fd;
+    char yes = 1;
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        return -1;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+go_again:
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(*port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        (*port)++;
+        goto go_again;
+    }
+    /* Mark the socket so it will listen for incoming connections */
+    if (listen(server_fd, 3000) < 0)
+    {
+        return -1;
+    }
+
+    return server_fd;
+}
+
+/**
+ * init a client socket.
+ */
+static int client_socket_init(uint16_t port)
+{
+    struct sockaddr_in address;
+    int client_fd;
+
+    address.sin_family = AF_INET;
+    address.sin_port = htons(port);
+    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
+    client_fd = socket(AF_INET, SOCK_STREAM, 0);
+    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
+    {
+        perror("socket");
+        close(client_fd);
+        client_fd = -1;
+    }
+
+    return client_fd;
+}
+
+/**************************************************************************
+ * SSL Server Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    /* not used as yet */
+    int dummy;
+} SVR_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} client_t;
+
+static void do_client(client_t *clnt)
+{
+    char openssl_buf[2048];
+
+    /* make sure the main thread goes first */
+    sleep(0);
+
+    /* show the session ids in the reconnect test */
+    if (strcmp(clnt->testname, "Session Reuse") == 0)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
+            g_port, clnt->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+#ifdef WIN32
+            "-connect localhost:%d -quiet %s",
+#else
+            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
+
+    system(openssl_buf);
+}
+
+static int SSL_server_test(
+        SVR_CTX *svr_test_ctx,
+        const char *testname, 
+        const char *openssl_option, 
+        const char *device_cert, 
+        const char *product_cert, 
+        const char *private_key,
+        const char *ca_cert,
+        const char *password,
+        int axolotls_option)
+{
+    int server_fd, ret = 0;
+    SSL_CTX *ssl_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    int clnt_len = sizeof(client_addr);
+    client_t client_data;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    g_port++;
+
+    client_data.testname = testname;
+    client_data.openssl_option = openssl_option;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    if (private_key)
+    {
+        axolotls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    if (private_key)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+
+        if (strstr(private_key, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+
+    if (device_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (product_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (ca_cert)                  /* test adding certificate authorities */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_client, (void *)&client_data);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
+            (LPVOID)&client_data, 0, NULL);
+#endif
+
+    for (;;)
+    {
+        int client_fd, size = 0; 
+        SSL *ssl;
+
+        /* Wait for a client to connect */
+        if ((client_fd = accept(server_fd, 
+                        (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+        {
+            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+            goto error;
+        }
+        
+        /* we are ready to go */
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
+        close(client_fd);
+        
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ret = size;
+
+            if (ret == SSL_ERROR_CONN_LOST)
+            {
+                ret = SSL_OK;
+                continue;
+            }
+
+            break;  /* we've got a problem */
+        }
+        else /* looks more promising */
+        {
+            if (strstr("hello client", read_buf) == NULL)
+            {
+                printf("SSL server test \"%s\" passed\n", testname);
+                TTY_FLUSH();
+                ret = 0;
+                break;
+            }
+        }
+
+        ssl_free(ssl);
+    }
+
+    close(server_fd);
+
+error:
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+int SSL_server_tests(void)
+{
+    int ret = -1;
+    struct stat stat_buf;
+    SVR_CTX svr_test_ctx;
+    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
+
+    printf("### starting server tests\n");
+
+    /* Go through the algorithms */
+
+    /* 
+     * TLS1 client hello 
+     */
+    if ((ret = SSL_server_test(NULL, "TLSv1", "-cipher RC4-SHA -tls1", 
+                    NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES256-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * RC4-SHA
+     */
+    if ((ret = SSL_server_test(NULL, "RC4-SHA", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * RC4-MD5
+     */
+    if ((ret = SSL_server_test(NULL, "RC4-MD5", "-cipher RC4-MD5", 
+                DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * Session Reuse
+     * all the session id's should match for session resumption.
+     */
+    if ((ret = SSL_server_test(NULL, "Session Reuse", 
+                    "-cipher RC4-SHA -reconnect", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 512 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "512 bit key", "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_512.cer", NULL, 
+                    "../ssl/test/axTLS.key_512",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 1024 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test(NULL, "1024 bit key", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_device.cer", 
+                    "../ssl/test/axTLS.x509_512.cer", 
+                    "../ssl/test/axTLS.device_key",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 2048 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "2048 bit key", 
+                    "-cipher RC4-SHA",
+                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "../ssl/test/axTLS.key_2048",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 4096 bit RSA key 
+     */
+    if ((ret = SSL_server_test(NULL, "4096 bit key", 
+                    "-cipher RC4-SHA",
+                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "../ssl/test/axTLS.key_4096",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Client Verification
+     */
+    if ((ret = SSL_server_test(NULL, "Client Verification", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* this test should fail */
+    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    {
+        if ((ret = SSL_server_test(NULL, "Bad Before Cert", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
+            goto cleanup;
+
+        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
+        TTY_FLUSH();
+        ret = 0;    /* is ok */
+    }
+
+    /* this test should fail */
+    if ((ret = SSL_server_test(NULL, "Bad After Cert", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
+    TTY_FLUSH();
+
+    /* 
+     * Key in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Key in PEM format",
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_512.cer", NULL, 
+                    "../ssl/test/axTLS.key_512.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Cert in PEM format", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_512.pem", NULL, 
+                    "../ssl/test/axTLS.key_512.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert chain in PEM format
+     */
+    if ((ret = SSL_server_test(NULL, "Cert chain in PEM format", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_device.pem", 
+                    NULL, "../ssl/test/axTLS.device_key.pem",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES128 encrypted key", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES256 Encrypted key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES256 encrypted key", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes256.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted invalid key 
+     */
+    if ((ret = SSL_server_test(NULL, "AES128 encrypted invalid key", 
+                    "-cipher RC4-SHA", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
+    TTY_FLUSH();
+
+    /*
+     * PKCS#8 key (encrypted)
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs#8 encrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted)
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs#8 unencrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#12 key/certificate
+     */
+    if ((ret = SSL_server_test(NULL, "pkcs#12 with CA", "-cipher RC4-SHA", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test(NULL, "pkcs#12 no CA", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        fprintf(stderr, "Error: A server test failed\n");
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Client Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+#ifndef WIN32
+    pthread_t server_thread;
+#endif
+    int start_server;
+    int stop_server;
+    int do_reneg;
+} CLNT_SESSION_RESUME_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} server_t;
+
+static void do_server(server_t *svr)
+{
+    char openssl_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    sprintf(openssl_buf, "openssl s_server -tls1 " 
+            "-accept %d -quiet %s ", g_port, svr->openssl_option);
+    system(openssl_buf);
+}
+
+static int SSL_client_test(
+        const char *test,
+        SSL_CTX **ssl_ctx,
+        const char *openssl_option, 
+        CLNT_SESSION_RESUME_CTX *sess_resume,
+        uint32_t client_options,
+        const char *private_key,
+        const char *password,
+        const char *cert)
+{
+    server_t server_data;
+    SSL *ssl = NULL;
+    int client_fd = -1;
+    uint8_t *session_id = NULL;
+    int ret = 1;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    if (sess_resume == NULL || sess_resume->start_server)
+    {
+        g_port++;
+        server_data.openssl_option = openssl_option;
+
+#ifndef WIN32
+        pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_server, (void *)&server_data);
+        pthread_detach(thread);
+#else
+        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
+            (LPVOID)&server_data, 0, NULL);
+#endif
+    }
+    
+    usleep(200000);           /* allow server to start */
+
+    if (*ssl_ctx == NULL)
+    {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
+        if ((*ssl_ctx = ssl_ctx_new(
+                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto client_test_exit;
+        }
+
+        if (private_key)
+        {
+            int obj_type = SSL_OBJ_RSA_KEY;
+
+            if (strstr(private_key, ".p8"))
+                obj_type = SSL_OBJ_PKCS8;
+            else if (strstr(private_key, ".p12"))
+                obj_type = SSL_OBJ_PKCS12;
+
+            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
+            {
+                ret = SSL_ERROR_INVALID_KEY;
+                goto client_test_exit;
+            }
+        }
+
+        if (cert)                  
+        {
+            if ((ret = ssl_obj_load(*ssl_ctx, 
+                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
+            {
+                printf("could not add cert %s (%d)\n", cert, ret);
+                TTY_FLUSH();
+                goto client_test_exit;
+            }
+        }
+    }
+    
+    if (sess_resume && !sess_resume->start_server) 
+    {
+        session_id = sess_resume->session_id;
+    }
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+    {
+        printf("could not start socket on %d\n", g_port);
+        TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+    {
+        printf("could not add cert auth\n");
+        TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id);
+
+    /* check the return status */
+    if ((ret = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    /* renegotiate client */
+    if (sess_resume && sess_resume->do_reneg) 
+    {
+        if (ssl_renegotiate(ssl) < 0)
+            goto client_test_exit;
+    }
+
+    if (sess_resume)
+    {
+        memcpy(sess_resume->session_id, 
+                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
+                                            (ret = ssl_verify_cert(ssl)))
+    {
+        goto client_test_exit;
+    }
+
+    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
+    if (sess_resume)
+    {
+        const uint8_t *sess_id = ssl_get_session_id(ssl);
+        int i;
+
+        printf("    Session-ID: ");
+        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+        {
+            printf("%02X", sess_id[i]);
+        }
+        printf("\n");
+        TTY_FLUSH();
+    }
+
+    ret = 0;
+
+client_test_exit:
+    ssl_free(ssl);
+    close(client_fd);
+    usleep(200000);           /* allow openssl to say something */
+
+    if (sess_resume)
+    {
+        if (sess_resume->stop_server)
+        {
+            ssl_ctx_free(*ssl_ctx);
+            *ssl_ctx = NULL;
+#ifndef WIN32
+            pthread_cancel(sess_resume->server_thread);
+#endif
+        }
+        else if (sess_resume->start_server)
+        {
+#ifndef WIN32
+           sess_resume->server_thread = thread;
+#endif
+        }
+    }
+    else
+    {
+        ssl_ctx_free(*ssl_ctx);
+        *ssl_ctx = NULL;
+#ifndef WIN32
+        pthread_cancel(thread);
+#endif
+    }
+
+    if (ret == 0)
+    {
+        printf("SSL client test \"%s\" passed\n", test);
+        TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+int SSL_client_tests(void)
+{
+    int ret =  -1;
+    SSL_CTX *ssl_ctx = NULL;
+    CLNT_SESSION_RESUME_CTX sess_resume;
+    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
+
+    sess_resume.start_server = 1;
+    printf("### starting client tests\n");
+   
+    if ((ret = SSL_client_test("512 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_512.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* all the session id's should match for session resumption */
+    sess_resume.start_server = 0;
+    if ((ret = SSL_client_test("Client session resumption #1", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    sess_resume.do_reneg = 1;
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
+
+    sess_resume.stop_server = 1;
+    if ((ret = SSL_client_test("Client session resumption #2", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("2048 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("4096 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_4096.pem "
+                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Server cert chaining", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_device.pem "
+                    "-key ../ssl/test/axTLS.device_key.pem "
+                    "-CAfile ../ssl/test/axTLS.x509_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
+     * the certificate verification fails) */
+    if ((ret = SSL_client_test("Expired cert (verify now) should fail!",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify now)\" passed\n");
+    ret = 0;
+
+    /* There is no "ERROR" from openssl */
+    if ((ret = SSL_client_test("Expired cert (verify later) should fail!", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
+                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+        fprintf(stderr, "Error: A client test failed\n");
+
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Basic Testing (test a big packet handshake)
+ *
+ **************************************************************************/
+static uint8_t basic_buf[256*1024];
+
+static void do_basic(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL);
+
+    /* check the return status */
+    if (ssl_handshake_status(ssl_clnt))
+    {
+        printf("Client ");
+        ssl_display_error(ssl_handshake_status(ssl_clnt));
+        goto error;
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    close(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_basic_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    int clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_basic, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            printf("Server ");
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL basic test passed\n" :
+                            "SSL basic test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    close(server_fd);
+    close(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         200
+
+typedef struct
+{
+    SSL_CTX *ssl_clnt_ctx;
+    int port;
+    int thread_id;
+} multi_t;
+
+void do_multi_clnt(multi_t *multi_data)
+{
+    int res = 1, client_fd, i;
+    SSL *ssl = NULL;
+    char tmp[5];
+
+    if ((client_fd = client_socket_init(multi_data->port)) < 0)
+        goto client_test_exit;
+
+    sleep(1);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL);
+
+    if ((res = ssl_handshake_status(ssl)))
+    {
+        printf("Client ");
+        ssl_display_error(res);
+        goto client_test_exit;
+    }
+
+    sprintf(tmp, "%d\n", multi_data->thread_id);
+    for (i = 0; i < 10; i++)
+        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
+
+client_test_exit:
+    ssl_free(ssl);
+    close(client_fd);
+    free(multi_data);
+}
+
+void do_multi_svr(SSL *ssl)
+{
+    uint8_t *read_buf;
+    int *res_ptr = malloc(sizeof(int));
+    int res;
+
+    for (;;)
+    {
+        res = ssl_read(ssl, &read_buf);
+
+        /* kill the client */
+        if (res != SSL_OK)
+        {
+            if (res == SSL_ERROR_CONN_LOST)
+            {
+                close(ssl->client_fd);
+                ssl_free(ssl);
+                break;
+            }
+            else if (res > 0)
+            {
+                /* do nothing */
+            }
+            else /* some problem */
+            {
+                printf("Server ");
+                ssl_display_error(res);
+                goto error;
+            }
+        }
+    }
+
+    res = SSL_OK;
+error:
+    *res_ptr = res;
+    pthread_exit(res_ptr);
+}
+
+int multi_thread_test(void)
+{
+    int server_fd;
+    SSL_CTX *ssl_server_ctx;
+    SSL_CTX *ssl_clnt_ctx;
+    pthread_t clnt_threads[NUM_THREADS];
+    pthread_t svr_threads[NUM_THREADS];
+    int i, res = 0;
+    struct sockaddr_in client_addr;
+    int clnt_len = sizeof(client_addr);
+
+    printf("Do multi-threading test (takes a minute)\n");
+
+    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
+        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
+        multi_data->port = g_port;
+        multi_data->thread_id = i+1;
+        pthread_create(&clnt_threads[i], NULL, 
+                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
+        pthread_detach(clnt_threads[i]);
+    }
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        SSL *ssl_svr;
+        int client_fd = accept(server_fd, 
+                      (struct sockaddr *)&client_addr, &clnt_len);
+
+        if (client_fd < 0)
+            goto error;
+
+        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
+
+        pthread_create(&svr_threads[i], NULL, 
+                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
+    }
+
+    /* make sure we've run all of the threads */
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        void *thread_res;
+        pthread_join(svr_threads[i], &thread_res);
+        if (*((int *)thread_res) != 0)
+            res = 1;
+        free(thread_res);
+    }
+
+    if (res) 
+        goto error;
+
+    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
+error:
+    ssl_ctx_free(ssl_server_ctx);
+    ssl_ctx_free(ssl_clnt_ctx);
+    close(server_fd);
+    return res;
+}
+#endif
+
+/**************************************************************************
+ * main()
+ *
+ **************************************************************************/
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    BI_CTX *bi_ctx;
+    int fd;
+
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
+    dup2(fd, 2);                        /* write stderr to this file */
+#else
+    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+    dup2(fd, 2);
+#endif
+
+    bi_ctx = bi_initialize();
+
+    if (AES_test(bi_ctx))
+    {
+        printf("AES tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (RC4_test(bi_ctx))
+    {
+        printf("RC4 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (MD5_test(bi_ctx))
+    {
+        printf("MD5 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA1_test(bi_ctx))
+    {
+        printf("SHA1 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (HMAC_test(bi_ctx))
+    {
+        printf("HMAC tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (BIGINT_test(bi_ctx))
+    {
+        printf("BigInt tests failed!\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    bi_terminate(bi_ctx);
+
+    if (RSA_test())
+    {
+        printf("RSA tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (cert_tests())
+    {
+        printf("CERT tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+    if (multi_thread_test())
+        goto cleanup;
+#endif
+
+    if (SSL_basic_test())
+        goto cleanup;
+
+    system("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_client_tests())
+        goto cleanup;
+
+    system("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_server_tests())
+        goto cleanup;
+
+    system("sh ../ssl/test/killopenssl.sh");
+
+#if 0
+    if (multi_thread_test())
+        goto cleanup;
+
+#endif
+
+    ret = 0;        /* all ok */
+cleanup:
+
+    if (ret)
+    {
+        fprintf(stderr, "Error: Some tests failed!\n");
+    }
+
+    close(fd);
+    return ret;
+}
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
new file mode 100755
index 0000000000..072ffd0cb6
--- /dev/null
+++ b/ssl/test/test_axssl.sh
@@ -0,0 +1,136 @@
+#!/bin/sh
+
+#
+#  Copyright(C) 2006 Cameron Rich
+#
+#  This license is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This license is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this license; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+#
+# Test the various axssl bindings. To run it, got to the _install directory
+# and run this script from there.
+#
+
+if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
+    JAVA_BIN="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin"
+    PERL_BIN="/cygdrive/c/Perl/bin/perl"
+    KILL_AXSSL="kill %1"
+    KILL_CSHARP="kill %1"
+    KILL_PERL="kill %1"
+    KILL_JAVA="kill %1"
+else
+    if grep "CONFIG_PLATFORM_CYGWIN=y" "../config/.config"  > /dev/null; then
+        # no .net or java on cygwin
+        PERL_BIN=/usr/bin/perl
+        KILL_AXSSL="killall axssl"
+        KILL_PERL="killall /usr/bin/perl"
+    else     # Linux
+        JAVA_BIN=/usr/lib/java/bin
+        PERL_BIN=/usr/bin/perl
+        KILL_AXSSL="killall axssl"
+        KILL_CSHARP="killall mono"
+        KILL_PERL="killall /usr/bin/perl"
+        RUN_CSHARP="mono"
+        KILL_JAVA="killall $JAVA_BIN/java"
+    fi
+fi
+
+BASE=..
+SERVER_ARGS="s_server -accept 15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer"
+CLIENT_ARGS="s_client -reconnect -connect localhost:15001 -verify -CAfile $BASE/ssl/test/axTLS.ca_x509.cer -key $BASE/ssl/test/axTLS.key_1024 -cert $BASE/ssl/test/axTLS.x509_1024.cer"
+
+# check pem arguments
+SERVER_PEM_ARGS="s_server -accept 15001 -pass abcd -key $BASE/ssl/test/axTLS.key_aes128.pem -cert $BASE/ssl/test/axTLS.x509_aes128.pem"
+CLIENT_PEM_ARGS="s_client -connect localhost:15001 -CAfile $BASE/ssl/test/axTLS.ca_x509.pem -key $BASE/ssl/test/axTLS.key_1024.pem -cert $BASE/ssl/test/axTLS.x509_1024.pem"
+
+export LD_LIBRARY_PATH=.:`perl -e 'use Config; print $Config{archlib};'`/CORE
+
+if [ -x ./axssl ]; then
+echo "############################# C SAMPLE ###########################"
+./axssl $SERVER_ARGS &
+echo "C Test passed" | ./axssl $CLIENT_ARGS
+$KILL_AXSSL
+sleep 1
+
+./axssl $SERVER_PEM_ARGS &
+echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS
+$KILL_AXSSL
+sleep 2
+echo "### C tests complete"
+fi
+
+if [ -f ./axtls.jar ]; then
+echo "########################## JAVA SAMPLE ###########################"
+"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_ARGS &
+echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_ARGS
+$KILL_JAVA
+sleep 1
+
+"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_PEM_ARGS &
+echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
+$KILL_JAVA
+sleep 1
+
+echo "### Java tests complete"
+fi
+
+if [ -x ./axssl.csharp.exe ]; then
+echo "############################ C# SAMPLE ###########################"
+$RUN_CSHARP ./axssl.csharp.exe $SERVER_ARGS &
+echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_ARGS
+sleep 1
+$KILL_CSHARP
+sleep 1
+
+$RUN_CSHARP ./axssl.csharp.exe $SERVER_PEM_ARGS &
+echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS
+sleep 1
+$KILL_CSHARP
+sleep 1
+
+echo "### C# tests complete"
+fi
+
+if [ -x ./axssl.vbnet.exe ]; then
+echo "######################## VB.NET SAMPLE ###########################"
+./axssl.vbnet $SERVER_ARGS &
+sleep 1
+echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS
+kill %1
+sleep 1
+
+./axssl.vbnet $SERVER_PEM_ARGS &
+sleep 1
+echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS
+kill %1
+sleep 1
+echo "### VB.NET tests complete"
+fi
+
+if [ -f ./axssl.pl ]; then
+echo "########################## PERL SAMPLE ###########################"
+"$PERL_BIN" ./axssl.pl $SERVER_ARGS &
+echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_ARGS
+$KILL_PERL
+sleep 1
+
+"$PERL_BIN" ./axssl.pl $SERVER_PEM_ARGS &
+echo "Perl Test passed" | "$PERL_BIN" ./axssl.pl $CLIENT_PEM_ARGS
+$KILL_PERL
+sleep 1
+echo "### Perl tests complete"
+fi
+
+echo "########################## ALL TESTS COMPLETE ###########################"
diff --git a/ssl/test/thawte.x509_ca b/ssl/test/thawte.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..59b1059f84086fa580dc1001303c4db4e070e572
GIT binary patch
literal 811
zcmXqLVpcb3Vw$jknTe5!iILHOmyJ`a&7<u*FC!xhD}zDfIYVv(PB!LH7B*p~C`Ut4
z17Q${LzpK#wYVg;C{MvTu^`n@$Up!j%r49c;wpsXm**ME8c2i0xP(PQG7`&6QWc!@
z^NLGzN;31(6_S$;H4M~1(%i!G&Z$KunQ58Hi6xo&c?!X)MP-@Esl^H|nPr*9KoLVl
z19^~2W?>1aK><anxtXQ8V5O-=3eJvT!(i^_WE7JufT++d1{#)H<WK^3fL?Nbu7R95
zuceuRg@K^~7(|Kl8W|WG83U22rKx4q@bhrveB?M~WMyD(>;=YaCsSi1!zDAbtnTZF
zqUYUebWG~Ec<0FydhNn{8R@BF?(Zc$Os#^xXlJqYTkF3Hd%V7_cb@q7d0SFTnS9@$
z=3Jy0cw_d3^b5OqC$WhXUzvP*x)#Hn7(bppzeI!nd~(UVCFqsMF<)Qz@y}IOZN=N%
zf+J3JvhHmb+)-@5ioN%XlkanfxiaQV%!~|-i-ipY4fugEEGx{&_@9N<fEh?3yBU}c
znSqW~^Ux7H6!GhYSP9RnRq-MApRS**NQjHeGf!43H>=wue#B(wSB};{CmAjN`|kTB
z=H&c*ca+=jgU1BrKYDG@a65VUh*RyJU#lbYu5J(P5PZC(RWiHDX9<tc+Lue#*?&Cj
nnL4ZI=m|U3?Nes%o@7+W{-G`IZGieR-et-^cb{IyF5(0LRxS$7

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_ca b/ssl/test/verisign.x509_ca
new file mode 100644
index 0000000000000000000000000000000000000000..d2ea1289d6f43b837eb685446af97d942a8d98e6
GIT binary patch
literal 668
zcmXqLVwz#l#Kg!Xps-^4y4y`m_YRsZ@Kf8{UTnb2#;Mij(e|B}k&%g&!Jx6nklTQh
zjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG%(NuNpK6RyX6-tgrpXiC<K%i
z733GE7AyGY<y7h^DEQ?oBo-H!7A58-rxxoO8W|XXbTA8R!i-V~DauUDQ3y^=E-gw0
zQblE{P@{tK^Gg(*9S!8fc@0brj0`Ldz#vMT*9gS5Fful^G_{NxY|d?*j~t$itPISJ
zy}&T-WNK_=n6LQ#sP&|<nex+F<}a8eu(B;OAjhBaM8*Mzu!XBQJ%2l2*m~(8pF%<L
ze5Fs73XhG>`CKd5-@#z5p&(TMr~SNx>{S1)iXw~p883_fotvm7>@WOHLUXNt;H*b_
z|IQe^xO{Hv`^QNljGg@tW>o80?|dhoUHjsH8z1xKWBTV_tO(!D#LURRi0nLIbTb3p
zWwp-Y-R7SHR;@y@?^|{x`0o6ab&@xk`Ta5fEloQwoG`H15dW%Sy}DTBd%Xlc@q%Y{
zucp0BS^d~*a<WyyjF~y}`}t=7nbx)GkJQtNbvM@D_`K2g<0bZ^Y3`429?vv;=phz3
lXGM?UMztI5<<-fYw^|!5);_qj<Mwqi%VXK?eIF|x0RUHq@TmX*

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_ca.pem b/ssl/test/verisign.x509_ca.pem
new file mode 100644
index 0000000000..d5ef5d241b
--- /dev/null
+++ b/ssl/test/verisign.x509_ca.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmDCCAgECECCol67bggLewTagTia9h3MwDQYJKoZIhvcNAQECBQAwgYwxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEwMC4GA1UECxMnRm9y
+IFRlc3QgUHVycG9zZXMgT25seS4gIE5vIGFzc3VyYW5jZXMuMTIwMAYDVQQDEylW
+ZXJpU2lnbiBUcmlhbCBTZWN1cmUgU2VydmVyIFRlc3QgUm9vdCBDQTAeFw0wNTAy
+MDkwMDAwMDBaFw0yNTAyMDgyMzU5NTlaMIGMMQswCQYDVQQGEwJVUzEXMBUGA1UE
+ChMOVmVyaVNpZ24sIEluYy4xMDAuBgNVBAsTJ0ZvciBUZXN0IFB1cnBvc2VzIE9u
+bHkuICBObyBhc3N1cmFuY2VzLjEyMDAGA1UEAxMpVmVyaVNpZ24gVHJpYWwgU2Vj
+dXJlIFNlcnZlciBUZXN0IFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAJ8h98U7klaZH5cEn6CSEKmGWVBsTwHIaMAAVqGqCUn7Q9C10sEOIHBznyLy
+eSDjMs5M1nC/iAA7KCASf/yHz0AdlU+1IRSijwHTF/2dYSoTTxP2GCmtL1Ga4i7+
+zDDo086V7+NiFAGJj+CYey47ue4Xa33o/4YOA9PGL87oqFe7AgMBAAEwDQYJKoZI
+hvcNAQECBQADgYEAOq447rP5EDqFEl3vhLhgTbnyaskNYwPvxk+0grnQyDA4sF/q
+gK8nFlnvLmAOF3DmfuqW6WSr4zqTYzpwmJlsn48Om/yWirL8GuWRftit2POxTfHS
+B8VmR+PZx2k24UgWUZyojDGxJtiHd3tjCdqFgTit4NK429cWOcZrh47xeOI=
+-----END CERTIFICATE-----
diff --git a/ssl/test/verisign.x509_my_cert b/ssl/test/verisign.x509_my_cert
new file mode 100644
index 0000000000000000000000000000000000000000..426c9ff7f1c0af7c2376af6a0868cc1429f06347
GIT binary patch
literal 1095
zcmXqLVsSQTVqUX=nTe5!Nx=PkIJd$6<5O-ul|KDSsAZ7>FB_*;n@8JsUPeY%RtAH{
z9z$*ePB!LH7B*p~&|pJx15pr%OPDV#wJ0+<Gd)j7!80#e&(Od?4<x}YtnQXyq!5x?
zT%r(AT2zo<oLa2lpO;gqr=Z}MuaH<=Tw0Wvmz-LxXJ}+#0MfxMtO+wpA*3iXF-IXd
zHMz7X6-X78r9zDg%Fi!RaCS716X!KBGcYtXGXR4q2-n!a$k^1<)H2GTaVL^<9YYOy
z47fmca0oL8=A;-38t{X7>>?aaMVZA(iFv7pk_O@+AubVt#ESf!{1BgDg@B^`tkmQZ
zLs0`^kQBEFkD-B)i9%9li9&X2rJ<F91w_~|B(*5FSRp@6p|m(vA+bcEyu4fw=;F*`
zV5sON=jZAt7ZmH407D`<Q9&bF)4<eF+CUPdmsvyzq!w&rNlr0PtzKS{LF0Vnz-MG-
zU~cRMMnET1V<W@1JCC30y{dWUu};3Q`PhSA<E~sKX&vdF`2q$tDKSA?_-?rH$=+LH
zWO}h}nSDWShjil}##eL0E00fE_ByBRVs@l!!@t=VM3{t+d^(o=Z%c#L{7Jw5lsx<4
zsKj{J|CsrT$;)?(FBO*;O5Lj1KI4T$eZkHNzxIprO-OyX<AnXYGe4P_85tNCH!+qP
zG%*%}(}S!q3zGqZ0XNV;vivM8%uK8c4BSB+c@_r)I|G{qRtqfJ%rZ(!3as??gTsO#
zk*b?ql!F>ZKq+vngJKw%B24vwDh#|p1}Oj&s-uBD8&^V`2V>h0S4MVG149FSHV$nz
zVA5n~ViZ#b8D9)EA5X{|$b!sLWf3zFf$3ysgtM3oOkiwAMivbNH3JnG-+-}A0_yzy
z<l+JpR~zKQR59|fBpSpoj9n0I5NQx@5Gux*nVXoNs-K>jW}s*wZ@|vRs?EpDB*h}q
z|Map{+nV0K?8E09vaWbY=u}JU8K^@10Q5pmetJHN9r|U(U@?$MsF{)(m>{%MIgMNe
zF3gcp;g*^HXwj|JH%sakW^XY%?K}Ip+slNyvt8M1?Uz`5cz$g&-`l2-@0b62`(fXd
z*3a*ARU9g<^p4fEd<fXn`n;x_tFOZPj(O`D$;k#WznmrR{_tfDP+B={)!l=hYVMuv
dFWzaEBw8?qo-|YCxP90BWP6ZnFyD^d69G?mT9W_(

literal 0
HcmV?d00001

diff --git a/ssl/test/verisign.x509_my_cert.pem b/ssl/test/verisign.x509_my_cert.pem
new file mode 100644
index 0000000000..5b6c1ffedd
--- /dev/null
+++ b/ssl/test/verisign.x509_my_cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQzCCA6ygAwIBAgIQR/dXCzC/x5Ta5RvL6hKEojANBgkqhkiG9w0BAQUFADCB
+jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL
+EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xMjAwBgNV
+BAMTKVZlcmlTaWduIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgVGVzdCBSb290IENBMB4X
+DTA2MDExNjAwMDAwMFoXDTA2MDEzMDIzNTk1OVowgbkxCzAJBgNVBAYTAkFVMQww
+CgYDVQQIEwNRbGQxETAPBgNVBAcUCEJyaXNiYW5lMRkwFwYDVQQKFBBheG9sb1RM
+UyBQcm9qZWN0MRUwEwYDVQQLFAwxMDI0IGJpdCBrZXkxOjA4BgNVBAsUMVRlcm1z
+IG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUxGzAZ
+BgNVBAMUEnd3dy5heG9sb3Rscy5jby5ucjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAttzj5S7qfOZIrh9xg8bgjTOKbSIbLBuMnxAwfGRcUrQO2EQOHd6kMjXR
+hqY/cG2IG4G8AeqdV3nHlKbrbHbRa1lFgP6b0BQCE8TyxmP+tIAqn5L6/HTm+EEi
+Ad1Pxjeok6e7F6UXHxJltSGHmOhAf3C5kPq/FQ6QZeG4yD/uzPkCAwEAAaOCAXUw
+ggFxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEcGA1UdHwRAMD4wPKA6oDiGNmh0
+dHA6Ly9TVlJTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9TVlJUcmlhbFJvb3QyMDA1
+LmNybDBKBgNVHSAEQzBBMD8GCmCGSAGG+EUBBxUwMTAvBggrBgEFBQcCARYjaHR0
+cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29jc3AudmVyaXNpZ24uY29tMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUW
+CWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUW
+I2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEB
+BQUAA4GBACtlCTJFENCcHCQLHJfiotqr2XR+oWu0MstNm8dG6WB+zYprrT+kOPDn
+1rMO7YLx76f67fC+lIXz720kQHk6LsZ8hPBQvIXnfIsKjng73DeFzBmTMFz6Qxjd
++E0FUCKplqrdwUkmR4kH6O4pdGE4AlXJNiUI2903yYdSRVMOuLuR
+-----END CERTIFICATE-----
diff --git a/ssl/tls1.c b/ssl/tls1.c
new file mode 100755
index 0000000000..fb2213f042
--- /dev/null
+++ b/ssl/tls1.c
@@ -0,0 +1,2045 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Lesser License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * Common ssl/tlsv1 code to both the client and server implementations.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "ssl.h"
+
+/* Don't import the default key/certificate if not used */
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+static const    /* saves a few bytes and RAM */
+#include "cert.h"
+static const    /* saves a few more bytes */
+#include "private_key.h"
+#endif
+         
+/* The session expiry time */
+#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
+
+static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
+static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
+static const char * server_finished = "server finished";
+static const char * client_finished = "client finished";
+
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
+static void set_key_block(SSL *ssl, int is_write);
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
+static int send_raw_packet(SSL *ssl, uint8_t protocol);
+
+/**
+ * The server will pick the cipher based on the order that the order that the
+ * ciphers are listed. This order is defined at compile time.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+{ SSL_RC4_128_SHA };
+#else
+static void session_free(SSL_SESS *ssl_sessions[], int sess_index);
+
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
+#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
+{ SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };    
+#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
+{ SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
+#endif
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/**
+ * The cipher map containing all the essentials for each cipher.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#else
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* AES128-SHA */
+        SSL_AES128_SHA,                 /* AES128-SHA */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+16+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },
+    {   /* AES256-SHA */
+        SSL_AES256_SHA,                 /* AES256-SHA */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+32+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+    /*
+     * This protocol is from SSLv2 days and is unlikely to be used - but was
+     * useful for testing different possible digest algorithms.
+     */
+    {   /* RC4-MD5 */
+        SSL_RC4_128_MD5,                /* RC4-MD5 */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(MD5_SIZE+16),                /* key block size */
+        0,                              /* no padding */
+        MD5_SIZE,                       /* digest size */
+        hmac_md5,                       /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#endif
+
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen);
+static const cipher_info_t *get_cipher_info(uint8_t cipher);
+static void increment_read_sequence(SSL *ssl);
+static void increment_write_sequence(SSL *ssl);
+static void add_hmac_digest(SSL *ssl, int snd,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
+
+/* win32 VC6.0 doesn't have variadic macros */
+#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...) {}
+#endif
+
+/**
+ * Establish a new client/server context.
+ */
+EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+{
+    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
+    ssl_ctx->options = options;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl_ctx->num_sessions = num_sessions;
+#endif
+
+    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
+
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+    if (~options & SSL_NO_DEFAULT_KEY)
+    {
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key, 
+                default_private_key_len, NULL);
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                    default_certificate, default_certificate_len, NULL);
+    }
+#endif
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (num_sessions)
+    {
+        ssl_ctx->ssl_sessions = (SSL_SESS **)
+                        calloc(1, num_sessions*sizeof(SSL_SESS *));
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+#endif
+
+    return ssl_ctx;
+}
+
+/*
+ * Remove a client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    int i;
+
+    if (ssl_ctx == NULL)
+        return;
+
+    ssl = ssl_ctx->head;
+
+    /* clear out all the ssl entries */
+    while (ssl)
+    {
+        SSL *next = ssl->next;
+        ssl_free(ssl);
+        ssl = next;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* clear out all the sessions */
+    for (i = 0; i < ssl_ctx->num_sessions; i++)
+        session_free(ssl_ctx->ssl_sessions, i);
+
+    free(ssl_ctx->ssl_sessions);
+#endif
+
+    i = 0;
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
+    {
+        free(ssl_ctx->certs[i].buf);
+        ssl_ctx->certs[i++].buf = NULL;
+    }
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    remove_ca_certs(ssl_ctx->ca_cert_ctx);
+#endif
+    ssl_ctx->chain_length = 0;
+    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
+    RSA_free(ssl_ctx->rsa_ctx);
+    RNG_terminate();
+    free(ssl_ctx);
+}
+
+/*
+ * Free any used resources used by this connection.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl)
+{
+    SSL_CTX *ssl_ctx;
+
+    if (ssl == NULL)        /* just ignore null pointers */
+        return;
+
+    /* spec says we must notify when we are dying */
+    send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+
+    ssl_ctx = ssl->ssl_ctx;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    /* adjust the server SSL list */
+    if (ssl->prev)
+        ssl->prev->next = ssl->next;
+    else
+        ssl_ctx->head = ssl->next;
+
+    if (ssl->next)
+        ssl->next->prev = ssl->prev;
+    else
+        ssl_ctx->tail = ssl->prev;
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+
+    /* may already be free - but be sure */
+    free(ssl->all_pkts);
+    free(ssl->final_finish_mac);
+    free(ssl->key_block);
+    free(ssl->encrypt_ctx);
+    free(ssl->decrypt_ctx);
+    free(ssl->master_secret);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    x509_free(ssl->x509_ctx);
+#endif
+
+    free(ssl);
+}
+
+/*
+ * Read the SSL connection and send any alerts for various errors.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = basic_read(ssl, in_data);
+
+    /* check for return code so we can send an alert */
+    if (ret < SSL_OK)
+    {
+        if (ret != SSL_ERROR_CONN_LOST)
+        {
+            send_alert(ssl, ret);
+#ifndef CONFIG_SSL_SKELETON_MODE
+            /* something nasty happened, so get rid of this session */
+            kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+#endif
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Write application data to the client
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
+{
+
+    int n = out_len, nw, i, tot = 0;
+
+    /* maximum size of a TLS packet is around 16kB, so fragment */
+    do 
+    {
+        nw = n;
+
+        if (nw > RT_MAX_PLAIN_LENGTH)    /* fragment if necessary */
+            nw = RT_MAX_PLAIN_LENGTH;
+
+        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
+                                            &out_data[tot], nw)) <= 0)
+        {
+            out_len = i;    /* an error */
+            break;
+        }
+
+        tot += i;
+        n -= i;
+    } while (n > 0);
+
+    return out_len;
+}
+
+/**
+ * Add a certificate to the certificate chain.
+ */
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
+    SSL_CERT *ssl_cert;
+    X509_CTX *cert = NULL;
+    int offset;
+
+    while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS) 
+        i++;
+
+    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of certs added - change of "
+                "compile-time configuration required\n");
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &cert)))
+        goto error;
+
+    ssl_cert = &ssl_ctx->certs[i];
+    ssl_cert->size = len;
+    ssl_cert->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_cert->buf, buf, len);
+    ssl_ctx->chain_length++;
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    x509_free(cert);        /* don't need anymore */
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Add a certificate authority.
+ */
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED;
+    int i = 0;
+    int offset;
+    X509_CTX *cert = NULL;
+    CA_CERT_CTX *ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
+        i++;
+
+    if (i > CONFIG_X509_MAX_CA_CERTS)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of CA certs added - change of "
+                "compile-time configuration required\n");
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
+        goto error;
+
+    /* make sure the cert is valid */
+    cert = ca_cert_ctx->cert[i];
+    if ((ret = x509_verify(ca_cert_ctx, cert)))
+    {
+        x509_free(cert);        /* get rid of it */
+        ca_cert_ctx->cert[i] = NULL;
+        goto error;
+    }
+
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+        ret = add_cert_auth(ssl_ctx, &buf[offset], len);
+
+error:
+    return ret;
+}
+
+/*
+ * Retrieve an X.509 distinguished name component
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    if (ssl->x509_ctx == NULL)
+        return NULL;
+
+    switch (component)
+    {
+        case SSL_X509_CERT_COMMON_NAME:
+            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CERT_ORGANIZATION:
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_TYPE];
+
+        case SSL_X509_CA_CERT_COMMON_NAME:
+            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CA_CERT_ORGANIZATION:
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_TYPE];
+
+        default:
+            return NULL;
+    }
+}
+
+#endif
+
+/*
+ * Find an ssl object based on the client's file descriptor.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+    ssl = ssl_ctx->head;
+
+    /* search through all the ssl entries */
+    while (ssl)
+    {
+        if (ssl->client_fd == client_fd)
+        {
+            SSL_CTX_UNLOCK(ssl_ctx->mutex);
+            return ssl;
+        }
+
+        ssl = ssl->next;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return NULL;
+}
+
+/*
+ * Force the client to perform its handshake again.
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+    {
+        ret = do_client_connect(ssl);
+    }
+    else
+#endif
+    {
+        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                g_hello_request, sizeof(g_hello_request));
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Get what we need for key info.
+ * @param cipher    [in]    The cipher information we are after
+ * @param key_size  [out]   The key size for the cipher
+ * @param iv_size   [out]   The iv size for the cipher
+ * @return  The amount of key information we need.
+ */
+static const cipher_info_t *get_cipher_info(uint8_t cipher)
+{
+    int i;
+
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        if (cipher_info[i].cipher == cipher)
+        {
+            return &cipher_info[i];
+        }
+    }
+
+    return NULL;  /* error */
+}
+
+/*
+ * Get a new ssl context for a new connection.
+ */
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
+    ssl->ssl_ctx = ssl_ctx;
+    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
+    ssl->client_fd = client_fd;
+    ssl->flag = SSL_NEED_RECORD;
+    ssl->certs = ssl_ctx->certs;
+    ssl->chain_length = ssl_ctx->chain_length;
+    ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+#ifdef CONFIG_ENABLE_VERIFICATION
+    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+#endif
+
+    /* a bit hacky but saves a few bytes of memory */
+    ssl->flag |= ssl_ctx->options;
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    if (ssl_ctx->head == NULL)
+    {
+        ssl_ctx->head = ssl;
+        ssl_ctx->tail = ssl;
+    }
+    else
+    {
+        ssl->prev = ssl_ctx->tail;
+        ssl_ctx->tail->next = ssl;
+        ssl_ctx->tail = ssl;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return ssl;
+}
+
+/*
+ * Add a private key to a context.
+ */
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
+{
+    int ret = SSL_OK;
+
+    /* get the private key details */
+    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+error:
+    return ret;
+}
+
+/** 
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */     
+static void increment_read_sequence(SSL *ssl)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) 
+    {       
+        if (++ssl->read_sequence[i])
+            break;
+    }
+}
+            
+/**
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */      
+static void increment_write_sequence(SSL *ssl)
+{        
+    int i;                  
+         
+    for (i = 7; i >= 0; i--)
+    {                       
+        if (++ssl->write_sequence[i])
+            break;
+    }                       
+}
+
+/**
+ * Work out the HMAC digest in a packet.
+ */
+static void add_hmac_digest(SSL *ssl, int mode,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
+{
+    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
+    uint8_t *t_ptr = t_buf;
+
+    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence, 8);
+    t_buf += 8;
+
+    memcpy(t_buf, ssl->record_buf, SSL_RECORD_SIZE);
+    t_buf += SSL_RECORD_SIZE;
+
+    memcpy(t_buf, buf, buf_len);
+
+    ssl->cipher_info->hmac(t_ptr, hmac_len, 
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
+            ssl->cipher_info->digest_size, hmac_buf);
+
+#if 0
+    print_blob("record", ssl->record_buf, SSL_RECORD_SIZE);
+    print_blob("buf", buf, buf_len);
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
+    {
+        print_blob("write seq", ssl->write_sequence, 8);
+    }
+    else
+    {
+        print_blob("read seq", ssl->read_sequence, 8);
+    }
+
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
+    {
+        print_blob("server mac", 
+                ssl->server_mac, ssl->cipher_info->digest_size);
+    }
+    else
+    {
+        print_blob("client mac", 
+                ssl->client_mac, ssl->cipher_info->digest_size);
+    }
+    print_blob("hmac", hmac_buf, SHA1_SIZE);
+#endif
+
+    free(t_ptr);
+}
+
+/**
+ * Verify that the digest of a packet is correct.
+ */
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
+{   
+    unsigned char hmac_buf[SHA1_SIZE];
+    int hmac_offset;
+   
+    if (ssl->cipher_info->padding_size)
+    {
+        hmac_offset = read_len-buf[read_len-1]-ssl->cipher_info->digest_size-1;
+    }
+    else
+    {
+        hmac_offset = read_len - ssl->cipher_info->digest_size;
+    }
+
+    /* sanity check the offset */
+    if (hmac_offset < 0)
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    ssl->record_buf[3] = hmac_offset >> 8;      /* insert size */
+    ssl->record_buf[4] = hmac_offset & 0xff;
+    add_hmac_digest(ssl, mode, buf, hmac_offset, hmac_buf);
+
+    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    return hmac_offset;
+}
+
+/**
+ * Add a packet to the end of our sent and received packets, so that we may use
+ * it to calculate the hash at the end.
+ */
+void add_packet(SSL *ssl, const uint8_t *pkt, int len)
+{
+    int new_len = ssl->all_pkts_len + len;
+    ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len);
+    memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
+    ssl->all_pkts_len = new_len;
+}
+
+/**
+ * Work out the MD5 PRF.
+ */
+static void p_hash_md5(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_md5(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[MD5_SIZE], seed, seed_len);
+    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > MD5_SIZE)
+    {
+        uint8_t a2[MD5_SIZE];
+        out += MD5_SIZE;
+        olen -= MD5_SIZE;
+
+        /* A(N) */
+        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, MD5_SIZE);
+
+        /* work out the actual hash */
+        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA1 PRF.
+ */
+static void p_hash_sha1(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_sha1(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA1_SIZE], seed, seed_len);
+    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA1_SIZE)
+    {
+        uint8_t a2[SHA1_SIZE];
+        out += SHA1_SIZE;
+        olen -= SHA1_SIZE;
+
+        /* A(N) */
+        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA1_SIZE);
+
+        /* work out the actual hash */
+        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the PRF.
+ */
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen)
+{
+    int len, i;
+    const uint8_t *S1, *S2;
+    uint8_t xbuf[256]; /* needs to be > the amount of key data */
+    uint8_t ybuf[256]; /* needs to be > the amount of key data */
+
+    len = sec_len/2;
+    S1 = sec;
+    S2 = &sec[len];
+    len += (sec_len & 1); /* add for odd, make longer */
+
+    p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+    p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+
+    for (i=0; i < olen; i++)
+        out[i] = xbuf[i] ^ ybuf[i];
+}
+
+/**
+ * Generate a master secret based on the client/server random data and the
+ * premaster secret.
+ */
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
+{
+    uint8_t buf[128];   /* needs to be > 13+32+32 in size */
+    strcpy((char *)buf, "master secret");
+    memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE);
+    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
+    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
+            SSL_SECRET_SIZE);
+}
+
+/**
+ * Generate a 'random' blob of data used for the generation of keys.
+ */
+static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
+        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
+{
+    uint8_t buf[128];
+    strcpy((char *)buf, "key expansion");
+    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
+    prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
+}
+
+/** 
+ * Calculate the digest used in the finished message. This function also
+ * doubles up as a certificate verify function.
+ */
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+{
+    unsigned char mac_buf[128]; 
+    unsigned char *q = mac_buf;
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+
+    if (label)
+    {
+        strcpy((char *)q, label);
+        q += strlen(label);
+    }
+
+    MD5Init(&md5_ctx);
+    MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    MD5Final(&md5_ctx, q);
+    q += MD5_SIZE;
+    
+    SHA1Init(&sha1_ctx);
+    SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    SHA1Final(&sha1_ctx, q);
+    q += SHA1_SIZE;
+
+    if (label)
+    {
+        prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
+            digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
+    }
+
+#if 0
+    printf("label: %s\n", label);
+    print_blob("master secret", ssl->master_secret, 48);
+    print_blob("mac_buf", mac_buf, q-mac_buf);
+    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
+#endif
+}   
+    
+/**
+ * Retrieve (and initialise) the context of a cipher.
+ */
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
+{
+    switch (ssl->cipher)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        case SSL_AES128_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_AES256_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+            break;
+
+        case SSL_RC4_128_MD5:
+#endif
+        case SSL_RC4_128_SHA:
+            {
+                RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
+                RC4_setup(rc4_ctx, key, 16);
+                return (void *)rc4_ctx;
+            }
+            break;
+    }
+
+    return NULL;    /* its all gone wrong */
+}
+
+/**
+ * Send a packet over the socket.
+ */
+static int send_raw_packet(SSL *ssl, uint8_t protocol)
+{
+    uint8_t *rec_buf = ssl->bm_all_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
+    int ret;
+
+    rec_buf[0] = protocol;
+    rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
+    rec_buf[2] = 0x01;
+    rec_buf[3] = ssl->bm_index >> 8;
+    rec_buf[4] = ssl->bm_index & 0xff;
+
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
+                            pkt_size, pkt_size);
+
+    if ((ret = SOCKET_WRITE(ssl->client_fd, 
+                    ssl->bm_all_data, pkt_size)) < 0)
+        ret = SSL_ERROR_CONN_LOST;
+
+    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
+    ssl->bm_index = 0;
+
+    if (protocol != PT_APP_PROTOCOL_DATA)  
+    {
+        /* always return SSL_OK during handshake */   
+        ret = SSL_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Send an encrypted packet with padding bytes if necessary.
+ */
+int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
+{
+    int msg_length = length;
+    int ret, pad_bytes = 0;
+    ssl->bm_index = msg_length;
+
+    /* if our state is bad, don't bother */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (in) /* has the buffer already been initialised? */
+    {
+        memcpy(ssl->bm_data, in, length);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
+    {
+        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
+        ssl->record_buf[0] = protocol;
+        ssl->record_buf[3] = length >> 8; 
+        ssl->record_buf[4] = length & 0xff;
+
+        if (protocol == PT_HANDSHAKE_PROTOCOL)
+        {
+            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+            {
+                add_packet(ssl, ssl->bm_data, ssl->bm_index);
+            }
+        }
+
+        /* add the packet digest */
+        msg_length += ssl->cipher_info->digest_size;
+        ssl->bm_index = msg_length;
+        add_hmac_digest(ssl, mode, ssl->bm_data, length, 
+                                                &ssl->bm_data[length]);
+
+        /* add padding? */
+        if (ssl->cipher_info->padding_size)
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+
+            /* ensure we always have at least 1 padding byte */
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+
+            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
+            msg_length += pad_bytes;
+            ssl->bm_index = msg_length;
+        }
+
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
+        increment_write_sequence(ssl);
+
+        /* now encrypt the packet */
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
+                                            ssl->bm_data, msg_length);
+    }
+    else if (protocol == PT_HANDSHAKE_PROTOCOL)
+    {
+        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+        {
+            add_packet(ssl, ssl->bm_data, ssl->bm_index);
+        }
+    }
+
+    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
+        return ret;
+
+    return length;  /* just return what we wanted to send */
+}
+
+/**
+ * Work out the cipher keys we are going to use for this session based on the
+ * master secret.
+ */
+static void set_key_block(SSL *ssl, int is_write)
+{
+    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
+    uint8_t *q;
+    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
+    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int key_block_existed = 1;
+
+    /* only do once in a handshake */
+    if (ssl->key_block == NULL)
+    {
+        ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
+
+#if 0
+        print_blob("client", ssl->client_random, 32);
+        print_blob("server", ssl->server_random, 32);
+        print_blob("master", ssl->master_secret, SSL_SECRET_SIZE);
+#endif
+        generate_key_block(ssl->client_random, ssl->server_random,
+            ssl->master_secret, ssl->key_block, ciph_info->key_block_size);
+#if 0
+        print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
+#endif
+        key_block_existed = 0;
+    }
+
+    q = ssl->key_block;
+
+    if ((is_client && is_write) || (!is_client && !is_write))
+    {
+        memcpy(ssl->client_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+
+    if ((!is_client && is_write) || (is_client && !is_write))
+    {
+        memcpy(ssl->server_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+    memcpy(client_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+    memcpy(server_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+
+#ifndef CONFIG_SSL_SKELETON_MODE 
+    if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
+    {
+        memcpy(client_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+        memcpy(server_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+    }
+#endif
+
+    free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+
+    if (ssl->final_finish_mac == NULL)
+    {
+        ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
+    }
+
+    /* now initialise the ciphers */
+    if (is_client)
+    {
+        finished_digest(ssl, server_finished, ssl->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
+    }
+    else
+    {
+        finished_digest(ssl, client_finished, ssl->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
+    }
+
+    ssl->cipher_info = ciph_info;
+
+    /* clean up if possible */
+    if (key_block_existed)
+    {
+        memset(ssl->key_block, 0, ciph_info->key_block_size);
+        free(ssl->key_block);
+        ssl->key_block = NULL;
+    }
+}
+
+/**
+ * Read the SSL connection.
+ */
+int basic_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    int read_len, is_record;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf;
+
+    buf = ssl->bm_data;
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_index], 
+                            ssl->need_bytes-ssl->got_bytes);
+
+    /* connection has gone, so die */
+    if (read_len <= 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
+        goto error;
+    }
+
+    DISPLAY_BYTES(ssl, "received %d bytes", 
+            &ssl->bm_data[ssl->bm_index], read_len, read_len);
+
+    ssl->got_bytes += read_len;
+    ssl->bm_index += read_len;
+
+    /* haven't quite got what we want, so try again later */
+    if (ssl->got_bytes < ssl->need_bytes)
+        return SSL_OK;
+
+    read_len = ssl->got_bytes;
+    ssl->got_bytes = 0;
+
+    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
+    {
+        /* check for sslv2 "client hello" */
+        if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
+        {
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+            DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
+            add_packet(ssl, &buf[2], 3);
+            ret = process_sslv23_client_hello(ssl); 
+#else
+            printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
+            ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+            goto error; /* not an error - just get out of here */
+        }
+
+        ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            ret = SSL_ERROR_INVALID_PROT_MSG;              
+            goto error;
+        }
+
+        CLR_SSL_FLAG(SSL_NEED_RECORD);
+        memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
+        is_record = 1;
+    }
+    else
+    {
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+        ssl->need_bytes = SSL_RECORD_SIZE;
+        is_record = 0;
+    }
+
+    if (is_record)
+        ssl->record_type = buf[0];
+    else if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    {
+        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+        read_len = verify_digest(ssl, 
+                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
+
+        /* does the hmac work? */
+        if (read_len < 0)
+        {
+            ret = read_len;
+            goto error;
+        }
+
+        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
+        increment_read_sequence(ssl);
+    }
+
+    /* The main part of the SSL packet */
+    if (!is_record)
+    {
+        switch (ssl->record_type)
+        {
+            case PT_HANDSHAKE_PROTOCOL:
+                ret = do_handshake(ssl, buf, read_len);
+                break;
+
+            case PT_CHANGE_CIPHER_SPEC:
+                if (ssl->next_state != HS_FINISHED)
+                {
+                    ret = SSL_ERROR_INVALID_HANDSHAKE;
+                    goto error;
+                }
+
+                SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+                set_key_block(ssl, 0);
+                memset(ssl->read_sequence, 0, 8);
+                break;
+
+            case PT_APP_PROTOCOL_DATA:
+                if (in_data)
+                {
+                    *in_data = ssl->bm_data;   /* point to the work buffer */
+                    (*in_data)[read_len] = 0;  /* null terminate just in case */
+                }
+
+                ret = read_len;
+                break;
+
+            case PT_ALERT_PROTOCOL:
+                /* return the alert # with alert bit set */
+                ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+                break;
+
+            default:
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+                break;
+        }
+    }
+
+error:
+    ssl->bm_index = 0;          /* reset to go again */
+
+    if (ret < SSL_OK && in_data)  /* if all wrong, then clear this buffer ptr */
+        *in_data = NULL;
+
+    return ret;
+}
+
+/**
+ * Do some basic checking of data and then perform the appropriate handshaking.
+ */
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
+{
+    int hs_len = (buf[2]<<8) + buf[3];
+    uint8_t handshake_type = buf[0];
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    /* some integrity checking on the handshake */
+    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
+
+    if (handshake_type != ssl->next_state)
+    {
+        /* handle a special case on the client */
+        if (!is_client || handshake_type != HS_CERT_REQ ||
+                        ssl->next_state != HS_SERVER_HELLO_DONE)
+        {
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            goto error;
+        }
+    }
+
+    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
+    ssl->bm_index = hs_len;     /* store the size and check later */
+    DISPLAY_STATE(ssl, 0, handshake_type, 0);
+
+    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
+        add_packet(ssl, buf, hs_len); 
+
+#if defined(CONFIG_SSL_ENABLE_CLIENT)
+    ret = is_client ? 
+        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
+        do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#else
+    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#endif
+
+    /* just use recursion to get the rest */
+    if (hs_len < read_len && ret == SSL_OK)
+        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
+
+error:
+    return ret;
+}
+
+/**
+ * Sends the change cipher spec message. We have just read a finished message
+ * from the client.
+ */
+int send_change_cipher_spec(SSL *ssl)
+{
+    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
+            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
+    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+    set_key_block(ssl, 1);
+    memset(ssl->write_sequence, 0, 8);
+    return ret;
+}
+
+/**
+ * Send a "finished" message
+ */
+int send_finished(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+
+    buf[0] = HS_FINISHED;
+    buf[1] = 0;
+    buf[2] = 0;
+    buf[3] = SSL_FINISHED_HASH_SIZE;
+
+    /* now add the finished digest mac (12 bytes) */
+    finished_digest(ssl, 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
+                    client_finished : server_finished, &buf[4]);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* store in the session cache */
+    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session->master_secret,
+                ssl->master_secret, SSL_SECRET_SIZE);
+    }
+#endif
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
+                                NULL, SSL_FINISHED_HASH_SIZE+4);
+}
+
+/**
+ * Send an alert message.
+ * Return 1 if the alert was an "error".
+ */
+int send_alert(SSL *ssl, int error_code)
+{
+    int alert_num = 0;
+    int is_warning = 0;
+    uint8_t buf[2];
+
+    /* Don't bother we're already dead */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        ssl_display_error(error_code);
+#endif
+
+    switch (error_code)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            is_warning = 1;
+            alert_num = SSL_ALERT_CLOSE_NOTIFY;
+            break;
+
+        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
+            is_warning = 1;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
+            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+        case SSL_ERROR_FINISHED_INVALID:
+            alert_num = SSL_ALERT_BAD_RECORD_MAC;
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            alert_num = SSL_ALERT_INVALID_VERSION;
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+        case SSL_ERROR_NO_CIPHER:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        default:
+            /* a catch-all for any badly verified certificates */
+            alert_num = (error_code <= SSL_X509_OFFSET) ?  
+                SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
+            break;
+    }
+
+    buf[0] = is_warning ? 1 : 2;
+    buf[1] = alert_num;
+    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
+    DISPLAY_ALERT(ssl, alert_num);
+    return is_warning ? 0 : 1;
+}
+
+/**
+ * Process a client finished message.
+ */
+int process_finished(SSL *ssl, int hs_len)
+{
+    uint8_t *buf = ssl->bm_data;
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
+
+    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
+
+    /* check that we all work before we continue */
+    if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+        return SSL_ERROR_FINISHED_INVALID;
+
+    if ((!is_client && !resume) || (is_client && resume))
+    {
+        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            ret = send_finished(ssl);
+    }
+
+    /* Don't need this stuff anymore */
+    free(ssl->all_pkts);
+    ssl->all_pkts = NULL;
+    ssl->all_pkts_len = 0;
+
+    memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
+    free(ssl->master_secret);
+    ssl->master_secret = NULL;
+
+    memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
+    free(ssl->final_finish_mac);
+    ssl->final_finish_mac = NULL;
+
+    /* if we ever renegotiate */
+    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
+    ssl->hs_status = ret;  /* set the final handshake status */
+
+error:
+    return ret;
+}
+
+/**
+ * Send a certificate.
+ */
+int send_certificate(SSL *ssl)
+{
+    int i = 0;
+    uint8_t *buf = ssl->bm_data;
+    int offset = 7;
+    int chain_length;
+
+    buf[0] = HS_CERTIFICATE;
+    buf[1] = 0;
+    buf[4] = 0;
+    buf[7] = 0;
+
+    while (i < ssl->chain_length)
+    {
+        SSL_CERT *cert = &ssl->certs[i];
+        buf[offset++] = 0;        
+        buf[offset++] = cert->size >> 8;        /* cert 1 length */
+        buf[offset++] = cert->size & 0xff;
+        memcpy(&buf[offset], cert->buf, cert->size);
+        offset += cert->size;
+        i++;
+    }
+
+    chain_length = offset - 7;
+    buf[5] = chain_length >> 8;        /* cert chain length */
+    buf[6] = chain_length & 0xff;
+    chain_length += 3;
+    buf[2] = chain_length >> 8;        /* handshake length */
+    buf[3] = chain_length & 0xff;
+    ssl->bm_index = offset;
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
+/**
+ * Find if an existing session has the same session id. If so, use the
+ * master secret from this session for session resumption.
+ */
+SSL_SESS *ssl_session_update(int max_sessions, 
+        SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id)
+{
+    time_t tm = time(NULL);
+    time_t oldest_sess_time = tm;
+    SSL_SESS *oldest_sess = NULL;
+    int i;
+
+    /* no sessions? Then bail */
+    if (max_sessions == 0)
+        return NULL;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    if (session_id)
+    {
+        for (i = 0; i < max_sessions; i++)
+        {
+            if (ssl_sessions[i])
+            {
+                /* kill off any expired sessions */
+                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
+                {
+                    session_free(ssl_sessions, i);
+                    continue;
+                }
+
+                /* if the session id matches, it must still be less than 
+                   the expiry time */
+                if (memcmp(ssl_sessions[i]->session_id, session_id,
+                                                SSL_SESSION_ID_SIZE) == 0)
+                {
+                    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
+                    ssl->session_index = i;
+                    memcpy(ssl->master_secret, 
+                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
+                    SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+                    return ssl_sessions[i];  /* a session was found */
+                }
+            }
+        }
+    }
+
+    /* If we've got here, no matching session was found - so create one */
+    for (i = 0; i < max_sessions; i++)
+    {
+        if (ssl_sessions[i] == NULL)
+        {
+            /* perfect, this will do */
+            ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
+            ssl_sessions[i]->conn_time = tm;
+            ssl->session_index = i;
+            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+            return ssl_sessions[i]; /* return the session object */
+        }
+        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
+        {
+            /* find the oldest session */
+            oldest_sess_time = ssl_sessions[i]->conn_time;
+            oldest_sess = ssl_sessions[i];
+            ssl->session_index = i;
+        }
+    }
+
+    /* ok, we've used up all of our sessions. So blow the oldest session away */
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+    return oldest_sess;
+}
+
+/**
+ * Free an existing session.
+ */
+static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
+{
+    if (ssl_sessions[sess_index])
+    {
+        free(ssl_sessions[sess_index]);
+        ssl_sessions[sess_index] = NULL;
+    }
+}
+
+/**
+ * This ssl object doesn't want this session anymore.
+ */
+void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
+{
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->ssl_ctx->num_sessions)
+    {
+        session_free(ssl_sessions, ssl->session_index);
+        ssl->session = NULL;
+    }
+
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+}
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/*
+ * Get the session id for a handshake. This will be a 32 byte sequence.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
+{
+    return ssl->session_id;
+}
+
+/*
+ * Return the cipher id (in the SSL form).
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
+{
+    return ssl->cipher;
+}
+
+/*
+ * Return the status of the handshake.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
+{
+    return ssl->hs_status;
+}
+
+/*
+ * Retrieve various parameters about the SSL engine.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset)
+{
+    switch (offset)
+    {
+        /* return the appropriate build mode */
+        case SSL_BUILD_MODE:
+#if defined(CONFIG_SSL_FULL_MODE)
+            return SSL_BUILD_FULL_MODE;
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+            return SSL_BUILD_ENABLE_CLIENT;
+#elif defined(CONFIG_ENABLE_VERIFICATION)
+            return SSL_BUILD_ENABLE_VERIFICATION;
+#elif defined(CONFIG_SSL_SERVER_ONLY )
+            return SSL_BUILD_SERVER_ONLY;
+#else 
+            return SSL_BUILD_SKELETON_MODE;
+#endif
+
+        case SSL_MAX_CERT_CFG_OFFSET:
+            return CONFIG_SSL_MAX_CERTS;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_MAX_CA_CERT_CFG_OFFSET:
+            return CONFIG_X509_MAX_CA_CERTS;
+#endif
+#ifdef CONFIG_SSL_HAS_PEM
+        case SSL_HAS_PEM:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Authenticate a received certificate.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+
+    if (ret)        /* modify into an SSL error type */
+    {
+        ret = SSL_X509_ERROR(ret);
+    }
+
+    return ret;
+}
+
+/**
+ * Process a certificate message.
+ */
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
+{
+    int ret = SSL_OK;
+    int pkt_size = ssl->bm_index;
+    int cert_size, offset = 5;
+    int total_cert_size = (ssl->bm_data[offset]<<8) + 
+                ssl->bm_data[offset+1];
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    X509_CTX **chain = x509_ctx;
+    offset += 2;
+
+    PARANOIA_CHECK(total_cert_size, offset);
+
+    while (offset < total_cert_size)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (ssl->bm_data[offset]<<8) + ssl->bm_data[offset+1];
+        offset += 2;
+        
+        if (x509_new(&ssl->bm_data[offset], NULL, chain))
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+
+        chain = &((*chain)->next);
+        offset += cert_size;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* if we are client we can do the verify now or later */
+    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
+    {
+        ret = ssl_verify_cert(ssl);
+    }
+
+    DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
+    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+error:
+    return ret;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Debugging routine to display SSL handshaking stuff.
+ */
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Debugging routine to display SSL states.
+ */
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
+{
+    const char *str;
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
+    printf(is_send ? "sending " : "receiving ");
+
+    switch (state)
+    {
+        case HS_HELLO_REQUEST:
+            str = "Hello Request (0)";
+            break;
+
+        case HS_CLIENT_HELLO:
+            str = "Client Hello (1)";
+            break;
+
+        case HS_SERVER_HELLO:
+            str = "Server Hello (2)";
+            break;
+
+        case HS_CERTIFICATE:
+            str = "Certificate (11)";
+            break;
+
+        case HS_SERVER_KEY_XCHG:
+            str = "Certificate Request (12)";
+            break;
+
+        case HS_CERT_REQ:
+            str = "Certificate Request (13)";
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            str = "Server Hello Done (14)";
+            break;
+
+        case HS_CERT_VERIFY:
+            str = "Certificate Verify (15)";
+            break;
+
+        case HS_CLIENT_KEY_XCHG:
+            str = "Client Key Exchange (16)";
+            break;
+
+        case HS_FINISHED:
+            str = "Finished (16)";
+            break;
+
+        default:
+            str = "Error (Unknown)";
+            
+            break;
+    }
+
+    printf("%s\n", str);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display X509 certificates.
+ */
+void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
+        return;
+
+    x509_print(ssl->ssl_ctx->ca_cert_ctx, x509_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display RSA objects
+ */
+void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
+        return;
+
+    RSA_print(rsa_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking bytes.
+ */
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    va_list(ap);
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
+        return;
+
+    va_start(ap, size);
+    print_blob(format, data, size, va_arg(ap, char *));
+    va_end(ap);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking errors.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code)
+{
+    if (error_code == SSL_OK)
+        return;
+
+    printf("Error: ");
+
+    /* X509 error? */
+    if (error_code < SSL_X509_OFFSET)
+    {
+        x509_display_error(error_code - SSL_X509_OFFSET);
+        printf("\n");
+        return;
+    }
+
+    /* SSL alert error code */
+    if (error_code > SSL_ERROR_CONN_LOST)
+    {
+        printf("SSL error %d\n", -error_code);
+        return;
+    }
+
+    switch (error_code)
+    {
+        case SSL_ERROR_DEAD:
+            printf("connection dead");
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+            printf("invalid handshake");
+            break;
+
+        case SSL_ERROR_INVALID_PROT_MSG:
+            printf("invalid protocol message");
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            printf("invalid mac");
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            printf("invalid session");
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            printf("no cipher");
+            break;
+
+        case SSL_ERROR_CONN_LOST:
+            printf("connection lost");
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ERROR_INVALID_KEY:
+            printf("invalid key");
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+            printf("finished invalid");
+            break;
+
+        case SSL_ERROR_NO_CERT_DEFINED:
+            printf("no certificate defined");
+            break;
+
+        case SSL_ERROR_NOT_SUPPORTED:
+            printf("Option not supported");
+            break;
+
+        default:
+            printf("undefined as yet - %d", error_code);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display alerts.
+ */
+void DISPLAY_ALERT(SSL *ssl, int alert)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf("Alert: ");
+
+    switch (alert)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            printf("close notify");
+            break;
+
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNEXPECTED_MESSAGE:
+            printf("unexpected message");
+            break;
+
+        case SSL_ALERT_BAD_RECORD_MAC:
+            printf("bad record mac");
+            break;
+
+        case SSL_ALERT_HANDSHAKE_FAILURE:
+            printf("handshake failure");
+            break;
+
+        case SSL_ALERT_ILLEGAL_PARAMETER:
+            printf("illegal parameter");
+            break;
+
+        case SSL_ALERT_DECODE_ERROR:
+            printf("decode error");
+            break;
+
+        case SSL_ALERT_DECRYPT_ERROR:
+            printf("decrypt error");
+            break;
+
+        default:
+            printf("alert - (unknown %d)", alert);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+#endif /* CONFIG_SSL_FULL_MODE */
+
+/**
+ * Return the version of this library.
+ */
+EXP_FUNC const char  * STDCALL ssl_version()
+{
+    static const char * axtls_version = AXTLS_VERSION " " __DATE__;
+    return axtls_version;
+}
+
+/**
+ * Enable the various language bindings to work regardless of the
+ * configuration - they just return an error statement and a bad return code.
+ */
+#if !defined(CONFIG_SSL_FULL_MODE)
+EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
+#endif
+
+#ifdef CONFIG_BINDINGS
+#if !defined(CONFIG_SSL_ENABLE_CLIENT)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, 
+                        int client_fd, const uint8_t *session_id)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+#endif
+
+#if !defined(CONFIG_SSL_CERT_VERIFICATION)
+EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
+{
+    printf(unsupported_str);
+    return -1;
+}
+
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
+
+#endif /* CONFIG_BINDINGS */
+
diff --git a/ssl/tls1.h b/ssl/tls1.h
new file mode 100755
index 0000000000..d2ebeefe08
--- /dev/null
+++ b/ssl/tls1.h
@@ -0,0 +1,288 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file tls1.h
+ *
+ * @brief The definitions for the TLS library.
+ */
+#ifndef HEADER_SSL_LIB_H
+#define HEADER_SSL_LIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "version.h"
+
+/* Mutexing definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else 
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
+#define SSL_RANDOM_SIZE             32
+#define SSL_SECRET_SIZE             48
+#define SSL_FINISHED_HASH_SIZE      12
+#define SSL_RECORD_SIZE             5
+#define SSL_SERVER_READ             0
+#define SSL_SERVER_WRITE            1
+#define SSL_CLIENT_READ             2
+#define SSL_CLIENT_WRITE            3
+#define SSL_HS_HDR_SIZE             4
+
+/* the flags we use while establishing a connection */
+#define SSL_NEED_RECORD             0x0001
+#define SSL_TX_ENCRYPTED            0x0002 
+#define SSL_RX_ENCRYPTED            0x0004
+#define SSL_SESSION_RESUME          0x0008
+#define SSL_IS_CLIENT               0x0010
+#define SSL_HAS_CERT_REQ            0x0020
+
+/* some macros to muck around with flag bits */
+#define SET_SSL_FLAG(A)             (ssl->flag |= A)
+#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
+#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
+
+#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_EXTRA                    1024
+#define BM_RECORD_OFFSET            5
+
+#ifdef CONFIG_SSL_SKELETON_MODE
+#define NUM_PROTOCOLS               1
+#else
+#define NUM_PROTOCOLS               4
+#endif
+
+#define PARANOIA_CHECK(A, B)        if (A < B) { \
+    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
+
+/* protocol types */
+enum
+{
+    PT_CHANGE_CIPHER_SPEC = 20,
+    PT_ALERT_PROTOCOL,
+    PT_HANDSHAKE_PROTOCOL,
+    PT_APP_PROTOCOL_DATA
+};
+
+/* handshaking types */
+enum
+{
+    HS_HELLO_REQUEST,
+    HS_CLIENT_HELLO,
+    HS_SERVER_HELLO,
+    HS_CERTIFICATE = 11,
+    HS_SERVER_KEY_XCHG,
+    HS_CERT_REQ,
+    HS_SERVER_HELLO_DONE,
+    HS_CERT_VERIFY,
+    HS_CLIENT_KEY_XCHG,
+    HS_FINISHED = 20
+};
+
+typedef struct 
+{
+    uint8_t cipher;
+    uint8_t key_size;
+    uint8_t iv_size;
+    uint8_t key_block_size;
+    uint8_t padding_size;
+    uint8_t digest_size;
+    hmac_func hmac;
+    crypt_func encrypt;
+    crypt_func decrypt;
+} cipher_info_t;
+
+struct _SSLObjLoader 
+{
+    uint8_t *buf;
+    int len;
+};
+
+typedef struct _SSLObjLoader SSLObjLoader;
+
+typedef struct 
+{
+    time_t conn_time;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+} SSL_SESS;
+
+typedef struct
+{
+    uint8_t *buf;
+    int size;
+} SSL_CERT;
+
+struct _SSL
+{
+    uint32_t flag;
+    uint16_t need_bytes;
+    uint16_t got_bytes;
+    uint8_t record_type;
+    uint8_t chain_length;
+    uint8_t cipher;
+    int16_t next_state;
+    int16_t hs_status;
+    uint8_t *all_pkts; 
+    int all_pkts_len;
+    int client_fd;
+    const cipher_info_t *cipher_info;
+    uint8_t *final_finish_mac;
+    uint8_t *key_block;
+    void *encrypt_ctx;
+    void *decrypt_ctx;
+    uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
+    uint8_t *bm_data;
+    int bm_index;
+    struct _SSL *next;                  /* doubly linked list */
+    struct _SSL *prev;
+    SSL_CERT *certs;
+    struct _SSL_CTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t session_index;
+    SSL_SESS *session;
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    X509_CTX *x509_ctx;
+#endif
+
+    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
+    uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint8_t *master_secret;
+    uint8_t read_sequence[8];       /* 64 bit sequence number */
+    uint8_t write_sequence[8];      /* 64 bit sequence number */
+    uint8_t record_buf[SSL_RECORD_SIZE];    /* storage for hmac calls later */
+};
+
+typedef struct _SSL SSL;
+
+struct _SSL_CTX
+{
+    uint32_t options;
+    uint8_t chain_length;
+    RSA_CTX *rsa_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    CA_CERT_CTX *ca_cert_ctx;
+#endif
+    SSL *head;
+    SSL *tail;
+    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t num_sessions;
+    SSL_SESS **ssl_sessions;
+#endif
+#ifdef CONFIG_SSL_CTX_MUTEXING
+    SSL_CTX_MUTEX_TYPE mutex;
+#endif
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+    void *bonus_attr;
+#endif
+};
+
+typedef struct _SSL_CTX SSL_CTX;
+
+/* backwards compatibility */
+typedef struct _SSL_CTX SSLCTX;
+
+extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
+
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
+int send_packet(SSL *ssl, uint8_t protocol, 
+        const uint8_t *in, int length);
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int process_finished(SSL *ssl, int hs_len);
+int process_sslv23_client_hello(SSL *ssl);
+int send_alert(SSL *ssl, int error_code);
+int send_finished(SSL *ssl);
+int send_certificate(SSL *ssl);
+int basic_read(SSL *ssl, uint8_t **in_data);
+int send_change_cipher_spec(SSL *ssl);
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
+void add_packet(SSL *ssl, const uint8_t *pkt, int len);
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
+void ssl_obj_free(SSLObjLoader *ssl_obj);
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
+#endif
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int do_client_connect(SSL *ssl);
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...);
+void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx);
+void DISPLAY_ALERT(SSL *ssl, int alert);
+#else
+#define DISPLAY_STATE(A,B,C,D)
+#define DISPLAY_CERT(A,B,C)
+#define DISPLAY_RSA(A,B,C)
+#define DISPLAY_ALERT(A, B)
+#ifdef WIN32
+void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
+        const uint8_t *data, int size, ...);
+#else
+#define DISPLAY_BYTES(A,B,C,D,...)
+#endif
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
+#endif
+
+SSL_SESS *ssl_session_update(int max_sessions, 
+        SSL_SESS *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id);
+void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
new file mode 100644
index 0000000000..b3d5a52fb6
--- /dev/null
+++ b/ssl/tls1_clnt.c
@@ -0,0 +1,338 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
+
+static int send_client_hello(SSL *ssl);
+static int process_server_hello(SSL *ssl);
+static int process_server_hello_done(SSL *ssl);
+static int send_client_key_xchg(SSL *ssl);
+static int process_cert_req(SSL *ssl);
+static int send_cert_verify(SSL *ssl);
+
+/*
+ * Establish a new SSL connection to an SSL server.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
+{
+    int ret;
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+
+    if (session_id && ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE);
+        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
+    }
+
+    SET_SSL_FLAG(SSL_IS_CLIENT);
+    ret = do_client_connect(ssl);
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_SERVER_HELLO:
+            ret = process_server_hello(ssl);
+            break;
+
+        case HS_CERTIFICATE:
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
+            {
+                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
+                {
+                    if ((ret = send_certificate(ssl)) == SSL_OK &&
+                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
+                    {
+                        ret = send_cert_verify(ssl);
+                    }
+                }
+                else
+                {
+                    ret = send_client_key_xchg(ssl);
+                }
+
+                if (ret == SSL_OK && 
+                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
+                {
+                    ret = send_finished(ssl);
+                }
+            }
+            break;
+
+        case HS_CERT_REQ:
+            ret = process_cert_req(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, hs_len);
+            break;
+
+        case HS_HELLO_REQUEST:
+            ret = do_client_connect(ssl);
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Do the handshaking from the beginning.
+ */
+int do_client_connect(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    send_client_hello(ssl);                 /* send the client hello */
+    ssl->bm_index = 0;
+    ssl->next_state = HS_SERVER_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* sit in a loop until it all looks good */
+    while (ssl->hs_status != SSL_OK)
+    {
+        ret = basic_read(ssl, NULL);
+        
+        if (ret < SSL_OK)
+        { 
+            if (ret != SSL_ERROR_CONN_LOST)
+            {
+                /* let the server know we are dying and why */
+                if (send_alert(ssl, ret))
+                {
+                    /* something nasty happened, so get rid of it */
+                    kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+                }
+            }
+
+            break;
+        }
+    }
+
+    ssl->hs_status = ret;            /* connected? */
+    return ret;
+}
+
+/*
+ * Send the initial client hello.
+ */
+static int send_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    time_t tm = time(NULL);
+    uint8_t *tm_ptr = &buf[6]; /* time will go here */
+    int i, offset;
+
+    buf[0] = HS_CLIENT_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = 0x01;
+
+    /* client random value - spec says that 1st 4 bytes are big endian time */
+    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
+    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
+    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* give session resumption a go */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially bu user */
+    {
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE);
+        offset += SSL_SESSION_ID_SIZE;
+        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
+    }
+    else
+    {
+        /* no session id - because no session resumption just yet */
+        buf[offset++] = 0;
+    }
+
+    buf[offset++] = 0;              /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
+
+    /* put all our supported protocols in our request */
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        buf[offset++] = 0;          /* cipher we are using */
+        buf[offset++] = ssl_prot_prefs[i];
+    }
+
+    buf[offset++] = 1;              /* no compression */
+    buf[offset++] = 0;
+    buf[3] = offset - 4;            /* handshake size */
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Process the server hello.
+ */
+static int process_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int offset;
+    int version = (buf[4] << 4) + buf[5];
+    int num_sessions = ssl->ssl_ctx->num_sessions;
+    int ret = SSL_OK;
+
+    /* check that we are talking to a TLSv1 server */
+    if (version != 0x31)
+        return SSL_ERROR_INVALID_VERSION;
+
+    /* get the server random value */
+    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
+
+    if (num_sessions)
+    {
+        ssl->session = ssl_session_update(num_sessions,
+                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
+        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+    }
+
+    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+    offset += SSL_SESSION_ID_SIZE;
+
+    /* get the real cipher we are using */
+    ssl->cipher = buf[++offset];
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
+                                        HS_FINISHED : HS_CERTIFICATE;
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+error:
+    return ret;
+}
+
+/**
+ * Process the server hello done message.
+ */
+static int process_server_hello_done(SSL *ssl)
+{
+    ssl->next_state = HS_FINISHED;
+    return SSL_OK;
+}
+
+/*
+ * Send a client key exchange message.
+ */
+static int send_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t premaster_secret[SSL_SECRET_SIZE];
+    int enc_secret_size = -1;
+
+    buf[0] = HS_CLIENT_KEY_XCHG;
+    buf[1] = 0;
+
+    premaster_secret[0] = 0x03; /* encode the version number */
+    premaster_secret[1] = 0x01;
+    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
+    DISPLAY_RSA(ssl, "send_client_key_xchg", ssl->x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
+            SSL_SECRET_SIZE, &buf[6], 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    buf[2] = (enc_secret_size + 2) >> 8;
+    buf[3] = (enc_secret_size + 2) & 0xff;
+    buf[4] = enc_secret_size >> 8;
+    buf[5] = enc_secret_size & 0xff;
+
+    generate_master_secret(ssl, premaster_secret);
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
+}
+
+/*
+ * Process the certificate request.
+ */
+static int process_cert_req(SSL *ssl)
+{
+    /* don't do any processing - we will send back an RSA certificate anyway */
+    ssl->next_state = HS_SERVER_HELLO_DONE;
+    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
+    return SSL_OK;
+}
+
+/*
+ * Send a certificate verify message.
+ */
+static int send_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int n, ret;
+
+    DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
+
+    buf[0] = HS_CERT_VERIFY;
+    buf[1] = 0;
+
+    finished_digest(ssl, NULL, dgst);   /* calculate the digest */
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (n == 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+    
+    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
+    buf[5] = n & 0xff;
+    n += 2;
+    buf[2] = n >> 8;
+    buf[3] = n & 0xff;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
+
+error:
+    return ret;
+}
+
+#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
new file mode 100644
index 0000000000..133f9db69b
--- /dev/null
+++ b/ssl/tls1_svr.c
@@ -0,0 +1,450 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "ssl.h"
+
+static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+
+static int process_client_hello(SSL *ssl);
+static int send_server_hello_sequence(SSL *ssl);
+static int send_server_hello(SSL *ssl);
+static int send_server_hello_done(SSL *ssl);
+static int process_client_key_xchg(SSL *ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int send_certificate_request(SSL *ssl);
+static int process_cert_verify(SSL *ssl);
+#endif
+
+/*
+ * Establish a new SSL connection to an SSL client.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->next_state = HS_CLIENT_HELLO;
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ssl_ctx->chain_length == 0)
+        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
+#endif
+
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_CLIENT_HELLO:
+            if ((ret = process_client_hello(ssl)) == SSL_OK)
+                ret = send_server_hello_sequence(ssl);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case HS_CERTIFICATE:/* the client sends its cert */
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+
+            if (ret == SSL_OK)    /* verify the cert */
+            { 
+                int cert_res;
+                cert_res = x509_verify(
+                        ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
+            }
+            break;
+
+        case HS_CERT_VERIFY:    
+            ret = process_cert_verify(ssl);
+            add_packet(ssl, buf, hs_len);   /* needs to be done after */
+            break;
+#endif
+        case HS_CLIENT_KEY_XCHG:
+            ret = process_client_key_xchg(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, hs_len);
+            break;
+    }
+
+    return ret;
+}
+
+/* 
+ * Process a client hello message.
+ */
+static int process_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t *record_buf = ssl->record_buf;
+    int pkt_size = ssl->bm_index;
+    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int version = (record_buf[1] << 4) + record_buf[2];
+    int ret = SSL_OK;
+    
+    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
+    if (version < 0x31) 
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+
+    /* process the session id */
+    id_len = buf[offset++];
+    if (id_len > SSL_SESSION_ID_SIZE)
+    {
+        return SSL_ERROR_INVALID_SESSION;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    offset += id_len;
+    cs_len = (buf[offset]<<8) + buf[offset+1];
+    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* work out what cipher suite we are going to use */
+    for (j = 0; j < NUM_PROTOCOLS; j++)
+    {
+        for (i = 0; i < cs_len; i += 2)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto do_state;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+
+do_state:
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+/*
+ * Some browsers use a hybrid SSLv2 "client hello" 
+ */
+int process_sslv23_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
+    int version = (buf[3] << 4) + buf[4];
+    int ret = SSL_OK;
+
+    /* we have already read 3 extra bytes so far */
+    int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
+    int cs_len = buf[1];
+    int id_len = buf[3];
+    int ch_len = buf[5];
+    int i, j, offset = 8;   /* start at first cipher */
+    int random_offset = 0;
+
+    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
+    
+    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
+    if (version < 0x31)
+    {
+        return SSL_ERROR_INVALID_VERSION;
+    }
+
+    add_packet(ssl, buf, read_len);
+
+    /* connection has gone, so die */
+    if (bytes_needed < 0)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+    /* now work out what cipher suite we are going to use */
+    for (j = 0; j < NUM_PROTOCOLS; j++)
+    {
+        for (i = 0; i < cs_len; i += 3)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto server_hello;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+    goto error;
+
+server_hello:
+    /* get the session id */
+    offset += cs_len - 2;   /* we've gone 2 bytes past the end */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    /* get the client random data */
+    offset += id_len;
+
+    /* random can be anywhere between 16 and 32 bytes long - so it is padded
+     * with 0's to the left */
+    if (ch_len == 0x10)
+    {
+        random_offset += 0x10;
+    }
+
+    memcpy(&ssl->client_random[random_offset], &buf[offset], ch_len);
+    ret = send_server_hello_sequence(ssl);
+
+error:
+    return ret;
+}
+#endif
+
+/*
+ * Send the entire server hello sequence
+ */
+static int send_server_hello_sequence(SSL *ssl)
+{
+    int ret;
+
+    if ((ret = send_server_hello(ssl)) == SSL_OK)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* resume handshake? */
+        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+        {
+            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            {
+                ret = send_finished(ssl);
+                ssl->next_state = HS_FINISHED;
+            }
+        }
+        else 
+#endif
+        if ((ret = send_certificate(ssl)) == SSL_OK)
+        {
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+            /* ask the client for its certificate */
+            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
+            {
+                if ((ret = send_certificate_request(ssl)) == SSL_OK)
+                {
+                    ret = send_server_hello_done(ssl);
+                    ssl->next_state = HS_CERTIFICATE;
+                }
+            }
+            else
+#endif
+            {
+                ret = send_server_hello_done(ssl);
+                ssl->next_state = HS_CLIENT_KEY_XCHG;
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Send a server hello message.
+ */
+static int send_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int offset = 0;
+
+    buf[0] = HS_SERVER_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = 0x01;
+
+    /* server random value */
+    get_random(SSL_RANDOM_SIZE, &buf[6]);
+    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* send a session id - and put it into the cache */
+    buf[offset++] = SSL_SESSION_ID_SIZE;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+    {
+        /* retrieve id from session cache */
+        memcpy(&buf[offset], ssl->session->session_id, 
+                SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+    }
+    else    /* generate our own session id */
+#endif
+    {
+        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
+        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* store id in session cache */
+        if (ssl->ssl_ctx->num_sessions)
+        {
+            memcpy(ssl->session->session_id, 
+                    ssl->session_id, SSL_SESSION_ID_SIZE);
+        }
+#endif
+    }
+
+    offset += SSL_SESSION_ID_SIZE;
+
+    buf[offset++] = 0;      /* cipher we are using */
+    buf[offset++] = ssl->cipher;
+    buf[offset++] = 0;      /* no compression */
+    buf[3] = offset - 4;    /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Send the server hello done message.
+ */
+static int send_server_hello_done(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                            g_hello_done, sizeof(g_hello_done));
+}
+
+/*
+ * Pull apart a client key exchange message. Decrypt the pre-master key (using
+ * our RSA private key) and then work out the master key. Initialise the
+ * ciphers.
+ */
+static int process_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
+    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int offset = 4;
+    int ret = SSL_OK;
+    
+    DISPLAY_RSA(ssl, "process_client_key_xchg", rsa_ctx);
+
+    /* is there an extra size field? */
+    if ((secret_length - 2) == rsa_ctx->num_octets)
+        offset += 2;
+
+    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (premaster_size != SSL_SECRET_SIZE || 
+            premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
+            premaster_secret[1] != 0x01)
+    {
+        /* guard against a Bleichenbacher attack */
+        memset(premaster_secret, 0, SSL_SECRET_SIZE);
+        /* and continue - will die eventually when checking the mac */
+    }
+
+#if 0
+    print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
+#endif
+
+    generate_master_secret(ssl, premaster_secret);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
+                                            HS_CERT_VERIFY : HS_FINISHED;
+#else
+    ssl->next_state = HS_FINISHED; 
+#endif
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
+/*
+ * Send the certificate request message.
+ */
+static int send_certificate_request(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request, sizeof(g_cert_request));
+}
+
+/*
+ * Ensure the client has the private key by first decrypting the packet and
+ * then checking the packet digests.
+ */
+static int process_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    X509_CTX *x509_ctx = ssl->x509_ctx;
+    int ret = SSL_OK;
+    int n;
+
+    PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
+
+    DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
+
+    if (n != SHA1_SIZE + MD5_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto end_cert_vfy;
+    }
+
+    finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+    if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+    }
+
+end_cert_vfy:
+    ssl->next_state = HS_FINISHED;
+error:
+    return ret;
+}
+
+#endif
diff --git a/www/bin/.htaccess b/www/bin/.htaccess
new file mode 100644
index 0000000000..4496fa9edd
--- /dev/null
+++ b/www/bin/.htaccess
@@ -0,0 +1,2 @@
+Deny all
+
diff --git a/www/favicon.ico b/www/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..9f6f30e4c6de09f2e93be5e3cbde8a97850b1989
GIT binary patch
literal 22486
zcmeHu30zf2nr~sceZHA_-90^TmN&28Jk8Qcr;~KLlTO^lBt}i5G10h0RE&xU3Kv;K
z5JYwq1!TJ*!ezg*URf{uWl>gTQ2|8(#Rd0WP}KkX*TEZUC+SY+b-$VSn-qMv>YP)j
z>Z`BnRMo$}?-RmAj23UcDHx9t+MftvA%qw^_Q~}aA%5~xA%6C=;cLqu3sLZo;z|Co
zLi>^s|MI_#`FYKJ2j4U1A1f?>B!ta;AzopbtU{QRWIZx?{FM?7|Cl^Y0}vh_9=zef
zSosyby}jgVtk7sQ!ra_kco=wX&a{Vyl{4#DbD=R9gsG-in3Lqq-d<DDt1)NVoL3}M
z59ap}rhI3thk^MF!h@vgg)sCo_7K8gknfFUUe@JdDhwKyVKC=CmO~ml)?ApH@|u}@
z4Sb>3gZD`0B%u*xK$x0q$fJh5YsfF_A+H*ep|@8I4h{-uXJ_H>?=SlM`$b({o#^cB
z6k4rT==FM`R;$Gz+pkhN3tjJ^Xt^;cH2ON0rxhBlPSmw@l9zs=>l|dhK><>5u%2c2
z3q${)P&unuzDjto{9v^|%h9qftqAtl@tWmpTZG=wA`G3qthZO_T4Y%_gueHNs3U1v
zuAb!>SZ^oES;ewE{Dpt8KV!8}S!!4g+c!%qoXL~QQY$>1wL-0t{4vdX{8^7irx*Tg
zd$88Pb{T{^xK5~bEkaw@!ZwpyT7=HfDRgz6LNAH!GLTv*3x9nt^Yscn`Ku$T4gI2p
z?dznxdP#cnTh~vXTgWSAR7Za6$ZIc2rLrVH&Xj|PaQ5&Jv&Q=iOUq!UgDHn#VYyf>
zELCdCOii8`Q{EblTFiP=BP`ixmTaHOSwk6W*cT)X+iI#6mTa&2Vz!rLDcenQmTmW^
zeARq5OUL)vcD7$FNkh`=gjS~$ix=zpo}Tj33lEZ|C1pdhR5A9@vu_x)57m-nA8GVL
zOHykoN0OGLraX0$^z3VrzrTUc3@o29<*PSP)|xuXo20AbI3{sysr4;<PPvnGl)Ii}
zAO-6?`K*)Ul4FnZZ=vk99HT9icPGcGu8!l0W265@ztB+L2FkmI)Gz7A4UQYio@1qx
z<M{@ut{)sP5Ez88bT$|NBrL_)F_vQ9JWFA2Y00*doJr;?jv1AhWy(IXbmsVyedWxt
zMe=tRKZHLn0h9kXVf^^<tVq&#3ga)19zALN)k%}CD({($AAj|t5{56IDT9TNKAbmg
z^5nylr%d9-_(`L?Cm){1Fxf@9A@e_dbNt0glSa2qH8qWno;rCn(=OAdnnq8Q!NPRR
z;VF|QU6eV<!9|7XtD`4Ro-(Cv%)|*3Oxs*0GxNkz6DCY}k73?~3DHxhO>3JxEpO`7
zytXM9CC{T>rjD6*c-qv7t5;7PGiHy>{N6kn<nMbEMzI=;iK9l1vY0w~()iJnr`1li
z_}tcI%*6M`L{AtsO6Cm?mW9g@9L#$7N_2Fz>6lvP@18nw;+hGgX8HwrxB0mwu37!r
zy!Upmed`O|oH>T7DnsI$;Lj#Z9K(jYOqnue^u_VrWBB%j;CY`P4qCNp>wEVn+#h;t
zPV?f$i#KgL>FT=0&D(S^Ji2z)@maInyl4B5A3tU4gn7FUga!xS%~=(+bkvag!Gd4>
zV$;d4cY4gsmM!aBabb$uYEIJ<*S<ctS>636CV5Grp)=bv*G5K!yIuLxGVE4Z^Dj2N
z^Nx?tj*rfrI~O?D%vYP$v%<Hp&wJ~vNgtb-*yOCUnYE<yiw%~kR@p_duisWJ{>7#f
z+y2&P$GLOn<{zE$@hvV}(zq`2a~sFQM?A)lUovxJr~8-fUo0#w*6X#&v0?VD+nD`t
zFMV|G{Xp}}@A&w(RZX}b9K3qM#ON{8rd;ee)al;g>^fu797AJS>4r2-OY636+k7r9
zJNN#lfggReWBI!k>fO;15uZPvFk#f5+U{dB+Gljk=-9Y1*Df<-{elJMGrCUr_?-L5
z{QXZqUHQ@b0q3_qNC{7f3y&CMI)CEC=sf2|b}E&f!=mb3)q(}7v0)9ao@SKH`|r#A
z@4vr%dt+E^vQ<h-_<_Td>!*&%TeKl<!G|Ayn7tr7`@^hcE35KjW?p8?mIto<^xCzZ
zUoBrTw{3rMu|7H0Dk@^_%+XV(G^^6JR>{n0#T7igbpH}}_qhSfmVf%y2iJFfu=D&}
zzh1|tw--C<v*J?KZ#mAs>gn04T5oM_t+g(;E}hd*`r+a)y_PRuzEbAjwS2B`Vs!2C
z%{5ClH#wCS?0YM6_Nh~zo+ppmXQ=FE9Gc;<FF&^E%MVs8|MY`ZAME;I``lGccSc3$
zxpYsSW|}x{N!fyknFkNeICko!!_hALR_6|fqWpqVw_`15wtw)!2djJs?Jh1HoIt^w
zMvvNU(RTJ?|K`y#F){0sGAw7fo3*yusY>$GDqI`7%$R>w&{}o&)~2C}A##xK4xc(&
znGNR8x0oMeS+FqoV2izdc2R0+d-LL+xhpPQ@SDBvix1nEY=|BcZECtVA@yy3z~etL
z0W2&m5(+oO$4C9Hq`)fu?egYRbLXz`_4b%vXQL@~b&Aido7^_7G;87TByscRz`Rir
zsg!VXY^+sr*`k({US3~%&%VkTp(*~uhQ-AnsxqQ1vy$H)&Tm16a8I35tSu-^U-(5v
z&QG14J7)EdpFW+>{VRW0=+sbHP*9M(e)e#F{(gLR^2~5`>06d>g-66B+2lE%zWT|>
z%ztD2C#Qd^Td=-i!+Lf2tgo}n#KlQVXWA^C<TBdBqkGDTnTbrfR5mSfbe#RK=1NM7
zpU<=5#`N(QmrnY`#N-o_F-(`U-IFk4-jk0%=I!b7kumRgh(DhG9WwoUW%=W)+Ye8P
zeI)$hzW%$#KS=D4OW?c8(U?!-)UhN}($_fkN4ziw6JtW@Bko&?1G!%wiA^O|l(<sj
zMj_0Hai^x2dw-!|%CV*rSMp*kpOGY<RB)v5AkOpn8b6v7KlY9_C|Fg&wjR9-zV$Ht
zA(oWb(TF7_u9O&3Vo8Y$CAO4!N#Z++8U2HUiILRABNCrTJW;1$DTy^Dew29Ah${!V
zmzVo_1&=<#m6qn*v$M_4&cSTEn&qj7ag$0T7E6pYkN8NE5hF3yXtcyBTH=>soMg_r
zoy~Q`LBym_Fp|VQ8e$%edKfe6h-nOU65G@fC)N=I5xWq>NbDl<qr@)~yJ(1A6#T+=
z2J0!8C%93;x9k^*V<g5kbPi+3PU06W+iJwP5;xWnw^*vo$&aOiA0<waxcAMU5t|U7
zNQ~kv@d;`1Jda^)Nqp%~Ir#f~i1GjA&v*TaXZ$G_67jMJ`$1x6e`0Wn!_8+Adzw>b
zl-s;l)MDN&%1vTXb2al*jwBC>M<r?0#DF9%pU)%yTueMlT<Y&n3Vw=9wOZm;%6u{9
zt&&7+>Opy1S~5*i@TrRU)cFZc_2)T2@GxEtCT3NWG^AiH%NWo8kp1GUBag(fq+l6)
z@E-B3g6o5MPtAMmGX>i+*2%QQxTboxNiS5A=8+cb6};=OV%nK$4?X2a+)4^2Ir}qB
zlGxXo<5W2_;27}N5bKg8{*|~_o+IcD%wx&38fOFfG7u*-<~Wh(3;x8w5(le^gC!Q$
z5(oRMiF--@5)YGfBsFodMiQ~Ho}}ft(v!3tTM{R?kTmKRzC+?z3noeItRrc8UZUZc
zlV=x349ySw-!=R>*6(r8z53#dFOC~$Vlr+V6H4l7xxDw%3k<Ky#49iS_{Tqf;g#pc
zJqgS<ZuLvAc12A7<&u}GULN)Q<jIp=CO`jj)hn;e`SA-~&y9O-#Y-<lESWRvm!sa`
zLnkK}1}DeopC9$hU;gq9mif}lzkL4r#p{-@`}p}O&c1syfAy;cUwjea?E1zlFTJ$-
z)fdOT^oGlO(;VNhnGiSC{Wrb$SFW_Owq9?O6Zpk)?kCrcGnxN}|L@ADdzY>+-t2W@
zVC5RC*KKWo{hHZ93yTL>!RIFoOD+3~8{T|#hSvw?<^z9YWo!Gom6gS@H=dt7>g5+!
zkGruHk01YbK}Tz$_Ne)qHP)}c{rlHnf9-cWO-=ngpC9$|OJ6QJ+J5%8pO<J8_gq_L
zZT-6K?|=XH+i#@@MJI%O{K}k{UntYg`tZZgKASanX4=qN>tCyWZ@=;Puf27>sJk|A
z_isLa?zxp$3T7wG{3u2Lt3#J8Uwchu|IRxb-&$O`eA%+g&2PS+wff<zRbQPsdiu*-
zO$R=;u>SQs@4Pei(YmS6|9HtO>X%nMD4QP{nfrO^s+IQ_HGbM`c8||(rhj0uYt-|j
z+`Qvnr0}-~?3g|;yW&X8r?VFhTD|qwx(&KivxVXDb3U2XV=`g9iG#!Bt#7^=96Yza
zZPCiLmg`<LS(njx_f+Yx3Tt{~A1_(brT)##d9!0eW2=9G4dY~o{<h%M$^04bv-sh#
zVa4&At8cGf@#;8vJ#qZIFP`iB-MQz6ADT>h5|51DeQ_N3vR~hM*JRwp36q{?95>Nq
z0yF$M!oTas$I6HI3r~Ol()>KFX*ebKDLiUd_A17Gis^{Gi5QXQ8{*NUN8-VQhvMPT
zBQZ4ePz*g}n)e<*ek>k80`EOyp2y-5uko1cJ|2q8SFVT)m(Gcb@@A2|r&<)`)ryL`
zdePp~qnu+u#v@VJcv5KM>xCxfptx}UD(e^$TYMeF7H=0}`&FD+yH+b!EYu3mZ8<_y
z)+U;IFNsUnuZj4?GU2gBFMNH|h0WSHu_v@v?9DF_Q8^_dD6T@pmeh;wdn<*_szQ;H
z+aU~RZ;R%O*F?;|8ljHL5J4e+B0hDmh}EQtj`nk+@o<L-ORg20HsuMc6=}lWI$bzf
zWeLCSrK0r21yOSDj%c{~NE{x3C~7_?5~7Pl)b=Lf;jmu>_-Bf;%4!jlRw3fJHtfwh
zAa;i33yY;G!o@X5#2)AtF$XV;obCZp&^sXXr*4RCj;UhVyzRo(B|yZ)M2bT49vPP)
z;<Iu@_#U0u=A10Tg6qV`lXeInO_K=DJttC|?~07>AyM9SN5n<ch=jC!5uctTs_UA>
z-Me>%E;~zjdHD!;4^L58T_eis8-$gGov>ATiS1!oB6M$wh)b_#yZ4KYR$E1iHdmC_
z91?BqC&V4T-`(9U4jecr_U%g(Zd=^M{{7h^DM=&T-L?pO)ka}wV=J7UoJ2xmoXFv`
zl;lKVs3;e=Z{HT}?d{^^$&=#Nty|*i)vKcGWS6pcyl~+H#|Xqjju+>NKUc`WvGx8$
zGx6#BUx*oV7l^Ub=ZdlOXNU!}=Zg7e)5RPaFZf(6`1Et}hSf^3lH>HoyFXV*j@eI0
z(?~MBLHb^0nQ`13ej<(@|A~0`J>DJ9ypu@svyk78tkZUtqgZ3(AjYn=A^&TH!#W#b
zPyRQ^*kPk^u-zzB%=>@CtLe{vE+ozS9(78YO=f<o*_1Gvzw(|pnK$zCI`4g#HVl{W
z?Z0D2$=O)>8MAxTm@y_M0o!*3n(W*a6dYn=GG>em&m7&idTjIb^7ird^S82Izrn^<
zWw+7Z!O>}x^X7k8%EPf0<}1HiwR(*Oml>;%KbbT4(|MnLK7YX%3l}Y3^5vw-Q>IQc
zo&MhYAI$i0=B(Kt{ra`n-}ud&zx~}?Z~y+CcgIhd_`m+;e~%sa{0lF>^vjoD`PHi?
zCO`ez-~RmX{`=qmgULVs)BpJA|2gUx#<k*a{+r29BtN4@J@=y@kNz)XOve1^zy8%<
zo5=3`qhT0J|IsYp_|W*C94l{<%t<C<EPsXYcu9$V`1wHsKS<yQ3H*nUfN_7w{hTpL
zfb;kp$(X_T+<5(LY<&KwV)>rT^K3BQGse$8fA-p#PsYadH{~%t|4YZRZX+Kf>oVSd
z_TI?*+;1!I%6MpK2>0*bSBU$lKe#_K-^jEqTV5OQjjZdN?mhe5n8z58d_FQQd6vO=
zZ)AR%mV9$Rh@PGvoH}(1JZHq6J9of6BQ9OKgv*yNE9rap?kRcYJH{Z}D&MEg3%IYu
z_3PJh?b<b^JQ+*6dGjXZyAK{bfKfI^USurG8_ARL*|Ya$og?!}nM;zqO1{g>%aNU(
zjUv4s_4W0rud72vMFnaO9KeYaCqQjAxCd9>k?+a0yeHp1a^whVYinUJ7*JYTs!&Nu
zi4xb;)S$V!1zlZTN`7NoWEms*k!d4OvYkf$zbTe7lXAIo<%%NXUh+`Mx|5QV5w2E)
z=er0E4Mj*u2+~uvXliIc&*{^+c;&LvAF{6w9XbS_0V5?P1yNB^2o4TLU|=A4K8%2X
z0QmWleEqO%*G@!6Mj$aUQIV09#rgB+m9`lBNAf}CFix`$o^_+IuTSAi@+kXuWP4;A
z<=Bw<8pu~eV<S#<bfAmnR#8@Q@fz0a3)(=z)zuYy*cREg!!0d1z&<G~EJSK*DtU@j
zc-^vP3pQ=q1V=|lI5;?B<Hn5&*>7}&o!v&*JJ|ENBeuA1QQDZEp02dJxVRXVm6eeF
zQ&d!h%*;%rrKMrtzJ18b%0g9D6^<W2u8c(^&vGmi@8Im&vuJ5<Mh44@i`|R7!UB|W
z{FJgxE&ITq@^i4aSIB>R0Agcfk(iKxh|n;~)er9O?%3?SnLIlwygHCadwcS2uY$_X
zma(0}yUI?b+_QJEQ}S)1OuW3jzV4%)J9n~wb}84}wt0fO26%aUVJGiN8P(R-Dg4TB
zNA@{w$&jC)kKDXGXvzD|;2`GrM?wn62*+qbQWAW9{Gd|VBcADy-MiuF;)-qF-q`9!
zIXgN)MfuuE{>YP!Y6EO+Z5eNbjg15BRj$}*<BW~A&ahk0{;=Hyds|0rSZ@tmTN^kz
zFpoWnv6Is#Y$d+|0saWy6@<{;AqeGoRfk6+DLxT-Ik{+RYQzQ3Cvv>YZ!9AtL&@*w
zza3jWec-Uk0bATWk(io^<7Y3R@9sU+A3uqb$_BKb?MKbw7DPlQz{@j`JgMO1sNxv0
zB`+J{=;Q&9tx@pwjEAp(8UnWOM_5P+c_=_+coCBJ79b_I7;!QA2#-!;`+Z?=vmTD@
zE6KaBuQxRDdpTd^qptQKT3Zg2nsM~#F?4peqpRmQ&YbO4#*gH`t*uS@hUA#`*t!k=
zK7nxFL^*Aw4B78)e*Vx^RHOIC0J^T+LD%&=sA@S1m8~6A8*Jh1v>7TZ6>P0G!NW5a
zp}UI7S1tCWG((-*ggxoa*qhmcJ-TKjlyo4crVH5y(t#7mZ|Fip%X!4aM8Rq$$ED?V
z><SD+ZcYvwnvSBXu?+_f9Yf=h6DU1+6pcrFaq8?P^qs#<*$?7A$IsEDM>(calyB08
z<I>J$E0WXnaB}y9o$UtLZP<WStE~}}kcH#@_i*M0-|0Bb@6H=m7F%I9KL9f)yTaNo
z0WJ|$@QkiORBkikN;{w~?0}}Y8(EcSk#qPevRbboqvHy4j$A`^`*j>Vc?Hequc7@!
z7c4&w#EO|2*d0=g?EGrz%R7-<ejMd>eW*U%kK)=6)U|e_x%DLHpldv;8eSvPbvcNR
zi-)tjheEMh9kR*}!7nTwp6-$G_6&yGmLS;L>_&cFCr%9BLsiFd*jvS6`mg=*&!g61
z<^+EP#y7$xtOlXF79>@i!rrQrP?uf6p7OKMAGw3<uDjUNauc!5H?Ws+@yS7yAMZ!z
zvGX|GeFl#6_F?U`V(9Yv&~W@RTDz{o&~y&fZGAY<ei~J6?5krZaQ5N_3_Tk9dd&-u
z)nZR#CIZ7^5fz_?x|ZYEUw#-7d-D<Kn*pD#`}oZzV$~uo7R`*uCZ|eRt}nsN-^Jq9
zG28Gjf4v%R9{UlJ(E?9RGs1F?Ah@6dZt-W~xcfZ9i_RkN$bG~dy^V-t_pq=19+KJz
zk=Jz(x`X}D)Lg}(-hS-dn1@KuDio9-LSlLuc8A5oZ$~Ix`AvqUCLzC|9K~f-DC0NL
z+<p{;_Xd=8EvK>`G3j}T*A;^{hA3<~hSH;bNH1)LAHTmK?_BJ5D#8v+J-oikhu5+K
z*nF0WMbne<*_(SX>s@aI#u>0Py9EK6UD%y}0{(fuu-tVV8~sjUf6F~&9UDY!=OFf<
z89?!=0i?7KprC62Nd*@XQF;Z3&iA7%zmfAxE}UI9aqi+cwzuNkumO&o$F?{*A%OGe
zZmxxKoUe<xmY+Cr9M`U2Lsm80TTljlV=GEp+mX}If{X)4kyCjTNreZnE2;<~yYvW;
z%tuUe8T%w3e%tclvS}YSm?y!)G66eNYq3+;3g5zR1eKn~j*?!49XJmi$4ze6EhHYj
ziTyqIQQ1F$vfcsg@4S!P_Pfxx-9v6Szk{AWL<i-=VqpXv?Kl>9s^RFm1NK{Yz@2NR
zhnoxMCKt|e&e+B|CY<X{Zf*fuTaQ3f#CajF5!#|w#1}Rq%g~JY;(BBstOs>yh$V&d
zo7fSZ1Mko*xcjHW#yW%RP6kvq``{m1h}ir(?BTZ>T-gnE^*O}W^ds@`HDnyWhvd#X
z$m||K<%NeRzjz<|vjc3?Aad9b1zp!*;9OF6r~{u*+k!Qp#>2)k2rkZvur?>H4T0;n
zK*Yy$Y{#e(ygLZneSNT<b7DwvD6%rMk$$ilJ7Wvs7hVYW5FOkDbK${xdUr}0cI_$T
z*vm(lHV0b+_QQ@cw^eDeX32hhG${eICxvs}C`Ec%J2L7yR*qakR?9`?wp~UJjZ!mD
z-9yHiLFAsfhsyI0P<?R-CFk#AKhwItdnl#s>o43wYH}4mea#>9-_T<5q!^gZ+5?N(
z=~(k|BG$1zDXB#$GgP3io_j~`|5CXZh>eTozA_6zQF(B4p-fk5;jlr6)n930wk!=R
zmZidBa~{^Nr<^zCz;SCfR;)<D(ogd7`THqYK3j|BbD|Nzbt%50g=3`$dO4r8p5wQ9
z4f->;NrNcrA41vX2dKaF5C=(hmj_UObqGc0ZlS8@I;wjwqP(;gYVT}#+v*TtSB|ag
z3^02;3tzmH4YN-)*kBU|JEvf{dxaw*IU6TW_M)Tnm_p(4Rq*o5g7dl*s21+S>W|3V
z)Kn~=oC32C7=N@6%P0pcKC}Hi4K@q*VavKq1iR%!y(0(us#X-Vb)x79_u8i}BLCPG
z>_2`Dg?+bCe&s$4*N1TE_G28o{s?uq9-(!B?O+=!`^bAwKRT{n#u3hs`8hS%pI(Ld
z=n8(vt%%y$2=CQZSW9`WSr(6F3*xbG?ryky#38?k>*<;ExOwLmw1>_kt?@L%v+J;B
zdk*Z@rNZf}bhxfagNs=j92Y0SZIu>2RvB<#oru7#xd;i;W7p0~t_!7DWtk3j@)1<F
zpFv4`A1b<Uq3F~N6!qPJ{_<T^+~692`w@<@4UJ6K-MEX=v)5thyMmV9Yf#4|VrNJ&
zGIEPhdEf|YYCAc97NeYUsjX>+E~6Il;mrtitcKm<61HU@+&q)8%_jsseHRd4cO0pQ
zPC(mmlGKBk18oQ^Y=w{3fQ>$B*t#nZ+xHY>udW_@a;p$qa1g<%6|i6*EM8QMY47fX
zwM9Ovj-AGltAiX5*HL=<25K(eL+gzp9J@6{{vV+6+FcyE`v47Buc5sAJWk#kKzdd!
zKAU3!FAsMF2ZbOjSI7NgGg{l)aj>=tc?JCTBEk@@-iw05QWTdSLZE*MY}O~i$t?o0
z$r;#_U4*@P<%lghh`5r&(AFPAe03XkCRIaS(h7CyG594^WB2}QXb&`VFVKXLcmvj$
z=W_2*jCBi(;OCTw(u$Kv%0G%7+D2qH_M`UvZ5+OS7j3s5;Lwdb=(ux_^1g({U%A0I
zG7o32-Nf#IY^++b1+JSN;p*rLAMR&EcZY&TxCjdk#ug86*g13G9JHMn#DHtJuHY)M
z=lSzDP~UKbW2g@yd&03RI)XBe!uGv;5t5>TXGjV*tkxj0unzl=b|Q;oJ1F}wLMSi4
zm=ZX8k#D<VEM1rf)rt(nhL%8=-wAi0T14zWiGm}SQFrb(T5k`cnR4&CejnWzZ^6?i
z5=$3zAMTiq>ZV@gq}0RSlJnsXVh0x&xNLTTo0~iLzHV@F-Nd=h7wguCAz7P=p6*i^
z9Jv1kVm~%QZS0KVdJ*Z59bo|ojM#zTm{9J`V`2AMK5;-cB6Mkp$SuU~v_|;Fm%}fy
z5>}3xSj#bE&To19mI7pEH6b*y0ekoLAeDQc%ClEc!|~tTe+x&i-bDMkOT?KMuroXX
z-rgx#WxfxoS?#DU?tqt53VcGNph?y!d;PGm-H41(BPLD_7ni+Q`gsz+=Q0co-2EEs
z4-HAoFZV!?INxu<)<8FS1$n|J*c1LC0dP{qz<IeIZjQ-NZQcV1&s11$jKX5GBwklw
zjaeQR&&a@Li!{y`2jLe|f$f?)r1M*<>AixAGna9I@gdGHP2D{>a`GhiT#t~cFGlDd
z&T$qAaNEXjRDTBQT{TcSXy6-_iri8?4sedIuBu02aS1$J3$WzFBJAYaBlnwM<K4%^
z@ubI(9%Gg53aoWlg>_DApmMdrR<CW`(+9$0ej41DmSMs4IJ`eK3ZI#3@Zswk%$<~s
zm9sLiO=UpDcCK;ZdDxxNfViq-ocH@s+|h@!V|{4qJcF(?=Wv7P7&6GZ@7%qE^qf*`
z+?<G&D^d~Qa{!r%{AO$$vD{3HErFSE^-jYYt4OS0$2oIm5$280MWV)_l<|o2eng%}
zh8>}P2#F%zjNFcZV1KyzI#bqbVX-s{HgmGzYt8ZgWd@wS$b+kSKDMpT#7-|A{C%~=
znEMctl!w&%YV14Mh|~jzkW<@+8seKvSFYjV1D?gm^AGYa`Imu`L+`oE*ppO(FU=yb
zd3_n8gX<CO-V8hQa;#rmj1BWkVe>^5zL=f`o7L$!!|&dBCiIv}YvWmvj7Nt198>*Q
zFXBK`17ef1uxiy#tX&$zF`h##kN^i&G<>%uz{-9noV?iP*eFCMCn7o_1<ATxWS3T>
z{nSa^;#hsiJ^B#KyHEZfkRFpB4L!sF_r1Un+D~^Qy}S}W+q1FWCKc<f*dIG8xTa)d
zqqP<*7KLNgnjL6pJ38EIw%^G2NS>8*AodG&^2&1#GbLQPc>@<NpGRlcDQNcXCmzTk
zR_npp%NJ39_y|s(Ig2A*ojAgMY|D|OINsUGGq2%uELngocep;D@yS2RN|GD{^4!1}
z28ITRtJ)ByAui4_ps>0L*#!rnFRG*5&nf*jG<1LXU5*`D#>ikS*BCz<(bw#3Svheg
zzx5}tJ$N+0+rwjFWH~Y|%aG&5SeA@=@dw$AZISJJ$o_c1{C9|DFWtUQS@od*;$^m7
z&XdFEk#e4S^!Ndbk@AqmJw2y1)=Aq3h0lkKmA+;y`&-IMVtnQN?!kQw@XTw7ZF#_Z
z4|v`sN%osDpVF5sU&h9=N4CY7HulZX!w0xKIKa8_0n1`N<oQ15#(Vtc2M6vc^*(yU
zFGi7xu|NM%9?#Yz+oIGjW66s`lq-3XeJ|&%$LtK{TFEn<Uy(HnGxBJRm4=M?G2WN4
z<n19zic}d_l=YD0SI#l~m$4*fRmwH;I-<C5P5$dverwjRA4s15ZQ)<PC&$^-Fr5Cj
z;+1-tWu$CmqeotUm$a<Un9rDg%ENHV`261ze_NT)*75(-^?wK@+z(9rAb}qw@Sjow
z!*iw4F7!{w|0#v^JsSOe<@twxJ7blaJfyMV58($1jF5obFFhN+Z4Wgv-?!x%d4FX7
zk!fR{Bjb_p8SjsLN2cX{BS!ePJjQpPEpOy|#%IPdjn^`k`g^I@m%8w4wDXWQ8s{(Y
zO!bLwU*?fPVjpSSAfHRS52NkJjT<+<wgE7fYph#&@yU<znK71FN!nQ4xPAjov=NZD
z4fJDE^z#|%88}9L<aJ_SnMc|qG&MCTy6xoT6h+^@ckf>6J7W|*xYYI2c3H78G1_0q
zShhj(C(DraNxmemlq78wq|UaMdaR?2OUp_XdkQ-{J8Y+oL`6jf&pvCR%hu7}B1+NA
zZ`$NU-HSbSy3{K%A05kK?`X&Kt<8$PLeBmi#eSizv`n!#NT5wcGTT*FR)#ZY&L}dJ
zwi7KaEs8x!iZ&HNLAz02S*6&fczRH8>>mIR+5qeb+)16KC-vC0b6|Zow(F_awxzz<
zp871_vtdl4O*huBx1!$Kfi@MJv1N-Je0;nSKsy9!XAv9}gf!YbbaZqmGLSYI5fKs8
zZ~MbV+E&o!V86Z;$If4XfqLQ=>M-}lr&7O2U6aEGY*g7&kK@PlKI+l8)21LOkNTTJ
zMDNk_Jg=Dg;5^E04;(kz!O`B4^#xJ}`KYa{Rr>63%Mlzu)kQu31qDMlvafg1u7Nhh
z2-q18=Pg@dZM_ZwyTWkn+%;Sp0-|H$uy&Ob&kVOvcOC_Qbq)4rAHiNd&(w=fA*1Fj
zGMg_Vr}Yxbk6ywto=?W9_rd(*P-qegP*vA~%En$CY&i?Vp)PcEo#z-BVE;cvT6Qk$
z3WbO7c4U{-VOIq8C0oO=-pU`IemO97^uyaL53l{5Gp4-Gv&fhR1f(89Z21Z7qE0uV
z@*;H9hefyDM8c8VDC)S05}q-pQ%A4*xR83$^VC(JL{{-(6gC{gftC&&@9Dt+&n9F@
z$krn|Rfqi*wJ1N*jrg=01bFd$&8`6UUu404X&#o$NXPI0-W%4o@z|Z$fnB;zY)d~0
zRbVgD>Te;wV*qI<?;-QVAhMcnBEIqp&yi0dF*2WR3t_*yD)uJs9$OI|8I6>TbhPn%
z8sJ$%a#1ZZ4UNzrZbx?A5oA}lAWB<|u<!z?WA)U_QIF-E1=YG__(hc<i2A_5lG6w(
z>qGLP>&QHQ2fCg?&{ve_l+^!Gw^?%L7IY<zur>?D=FNfF<Pri$H;z9aPktL);Lb6*
zCprcPYN#8?uSJN4=d>}!*b!HXh>S8s?&G<1Y7RF0Wx$sD$VGEfv20;H;<6g3N8nlX
zp$m%5Ko)iHX+6|?QEz9sa348+tiSgTbz(Q*?V5@?uZCmId<|BAoQgGHhI1Tip)V;!
zc4j*3k5<0L9icgJuujH$vs9RUmVy=Ysjpw1g>}@USbmj;Wglf=&0L<L+U`SIRSOC_
z&LHntzoLsPqRzAI$`I<WJf!|)2vyW;l~Bjh+<zU#IrZ4(l8fz|sjrz|f~D_dVa-?3
z{BEfqiPxc<W1#QcX(U&lLS%Xa&-Hb%F{4g@K^oT2qaJ0sminnQ_&8-FB(MaY9(n}F
z)xmJQ50yRCLG{qq;L=^x-g=0mHy@#SfO<6AlGL8NiJX#3q^4!TP}7Wpl4hRSwIMU1
z0lPdauyJ`VELKoAwL1kZ$2yQm-BfBrCsJrLqB+=(9qHBZi7rJT`$SWC5Gm#LaNbsk
zIUnX><w6~8RL)S3aUO*yuHx{uLA2hat<Jp%s5*5HX|*kA>AHk9D_pRdb7QO~9_6&<
zD&l+`#WU3i+LhJT9m4+XRs`<KLTcuIgvRbcP@IPS%`;=_Ah&wvAe}ZUaWzK~k>AAo
zm9TLx!m`hE5$aWhlznZ~wXjX?v=O;}k8Qt?lUHtIi+dETRq?1f*aLTm-SFJz4j0<c
z(C>x16Bn$p^oE*tJy)*wE8m?woRVu;Km_N;P+#iv{jqghB%I805D=M!9mzRx2`YqB
zKna$A$+O$9vaokgHA0gPLsxqiRcEiEf%?7{+993lJCD%lR9IQ3B0Zx6d&A1GZC4bM
z(h_J}mX5S6o&!_=8yRBY8qTxH2Xf6BQr7d;b}OkTSPeVZ^{{txhwYLK*euGz=O6FE
zXH(;0_E8obsPhQ+q3%1m8k*{M6jL8iLA_*0?|EG2`YX@uj`yCTO#sJ_Di;Y6ZE&+I
zg(r39fwUj+a?8bnDV(Ee$0EZ+p7R;k<cgXy7!H&}U&iN2YHZvP3Cqutu=%S@I8c|c
z**YGZw?x4^C=O9N9g<2bkYC%3o^$6hbf5Z~CwmfE?(KVb5uL18YzRD@O5tc-iginM
zSo~oM)>7|(fi?m1oKc=d8ut<My^-Pcg|j$V*NWtQMbzgWL=$Z<Dry^XsJ#{ShYq8?
zqZ7BdR?8sIFlF0iS@O*HkvwPQ-`R_okd#@0xP4`yKRYrq4b<tKk#Bt6ZsWegxc-mS
zMaZ(rrHmLJ4@b}Z4xe8>ZHGKRR@(KXeGkaTRqj^?Xjfz`!`SD;bw51|mQ^U{vr?Aa
zi#%XEqz+7;Da&@zKTpw>7<n}E{!OuziE{otG|Z3kt}I76EB?c?M`M$C*O>hC#^0e>
z*#=qtH?`$Y-IL5J?>~wERQ{*WpT0K&3jC1#Pbh(B2mD`J1kcv@hkm<bmFi7@^q1!1
z`<E}j9l2&a8@}nD%q!;`;~FEcjX~lp`j&o;&*XjSPeA`t+R=6@_RAx(e?2eIpB3HR
z-Jm}!F=3jruG60t^k)VAS!s(*J7r=Y`m=)mte`(D=+6rJvnqIxzO=+_KC~0^q%N}t
z^rfYpsvU8M7wAh1`qF~Fw4g67=t~Rw(t^IUpf9b0XX(oe`tpLlyr3^H=*tWG@`Ap+
zpf4}z%M1GQg1)?<FE8lJ3;ObczPw8P^d$y;i9ugt(3hBc^c3#-azI~V(3cqWB?f(o
zL0@9fml*UV27QT%X(K^jV$heFcI|nfFEi-N4Ei#IzRaL6Gw90<`Z9yQ%%Cqb=*tZH
zGK0R%pf5A%%MAKbgTB<<YgK^0)U;{gzG_t==t~XyQiHzKpf5G(OAY!`Qx1E%e@g>>
zsX<?A(1#oJ;Rb!UK_70=hnst>9MFdw^x+15xIrIo(1)8?l6G%v<3Jy7W4D98<Dl<2
z=sOPjj)T7Apzk>7JFduAW|V6#{l{r%O&i6SgWNA%RmKo~$iFV<+Y)m9e7cN1)gv3{
wd^r{+DSI!jjm9<AxPMUUm*bYtxP<b#%>Q)Ue*Z7#&-;ea|MdHoYJBhi0G)?VF8}}l

literal 0
HcmV?d00001

diff --git a/www/index.html b/www/index.html
new file mode 100755
index 0000000000..716dc8a56c
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,7105 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<script type="text/javascript">
+//<![CDATA[
+var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
+//]]>
+</script>
+<!--
+TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
+
+Copyright (c) Osmosoft Limited 2004-2006
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+Neither the name of the Osmosoft Limited nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+-->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<!--PRE-HEAD-START-->
+<!--{{{-->
+<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
+<!--}}}-->
+<!--PRE-HEAD-END-->
+<title> axTLS Embedded SSL - changes, notes and errata </title>
+<script type="text/javascript">
+//<![CDATA[
+// ---------------------------------------------------------------------------------
+// Configuration repository
+// ---------------------------------------------------------------------------------
+
+// Miscellaneous options
+var config = {
+	numRssItems: 20, // Number of items in the RSS feed
+	animFast: 0.12, // Speed for animations (lower == slower)
+	animSlow: 0.01, // Speed for EasterEgg animations
+	cascadeFast: 20, // Speed for cascade animations (higher == slower)
+	cascadeSlow: 60, // Speed for EasterEgg cascade animations
+	cascadeDepth: 5, // Depth of cascade animation
+	displayStartupTime: false // Whether to display startup time
+	};
+
+// Messages
+config.messages = {
+	messageClose: {},
+	dates: {}
+};
+
+// Options that can be set in the options panel and/or cookies
+config.options = {
+	chkRegExpSearch: false,
+	chkCaseSensitiveSearch: false,
+	chkAnimate: true,
+	chkSaveBackups: true,
+	chkAutoSave: false,
+	chkGenerateAnRssFeed: false,
+	chkSaveEmptyTemplate: false,
+	chkOpenInNewWindow: true,
+	chkToggleLinks: false,
+	chkHttpReadOnly: true,
+	chkForceMinorUpdate: false,
+	chkConfirmDelete: true,
+	chkInsertTabs: false,
+	txtBackupFolder: "",
+	txtMainTab: "tabTimeline",
+	txtMoreTab: "moreTabAll",
+	txtMaxEditRows: "30"
+	};
+	
+// List of notification functions to be called when certain tiddlers are changed or deleted
+config.notifyTiddlers = [
+	{name: "StyleSheetLayout", notify: refreshStyles},
+	{name: "StyleSheetColors", notify: refreshStyles},
+	{name: "StyleSheet", notify: refreshStyles},
+	{name: "StyleSheetPrint", notify: refreshStyles},
+	{name: "PageTemplate", notify: refreshPageTemplate},
+	{name: "SiteTitle", notify: refreshPageTitle},
+	{name: "SiteSubtitle", notify: refreshPageTitle},
+	{name: "ColorPalette", notify: refreshColorPalette},
+	{name: null, notify: refreshDisplay}
+	];
+
+// Default tiddler templates
+var DEFAULT_VIEW_TEMPLATE = 1;
+var DEFAULT_EDIT_TEMPLATE = 2;
+config.tiddlerTemplates = {
+	1: "ViewTemplate",
+	2: "EditTemplate"
+	};
+
+// More messages (rather a legacy layout that shouldn't really be like this)
+config.views = {
+	wikified: {
+		tag: {}
+		},
+	editor: {
+		tagChooser: {}
+		}
+	};
+
+// Macros; each has a 'handler' member that is inserted later
+config.macros = {
+	today: {},
+	version: {},
+	search: {sizeTextbox: 15},
+	tiddler: {},
+	tag: {},
+	tags: {},
+	tagging: {},
+	timeline: {},
+	allTags: {},
+	list: {
+		all: {},
+		missing: {},
+		orphans: {},
+		shadowed: {}
+		},
+	closeAll: {},
+	permaview: {},
+	saveChanges: {},
+	slider: {},
+	option: {},
+	newTiddler: {},
+	newJournal: {},
+	sparkline: {},
+	tabs: {},
+	gradient: {},
+	message: {},
+	view: {},
+	edit: {},
+	tagChooser: {},
+	toolbar: {},
+	br: {},
+	plugins: {},
+	refreshDisplay: {},
+	importTiddlers: {}
+	};
+
+// Commands supported by the toolbar macro
+config.commands = {
+	closeTiddler: {},
+	closeOthers: {},
+	editTiddler: {},
+	saveTiddler: {hideReadOnly: true},
+	cancelTiddler: {},
+	deleteTiddler: {hideReadOnly: true},
+	permalink: {},
+	references: {},
+	jump: {}
+	};
+
+// Browser detection... In a very few places, there's nothing else for it but to
+// know what browser we're using.
+config.userAgent = navigator.userAgent.toLowerCase();
+config.browser = {
+	isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+	ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+	isSafari: config.userAgent.indexOf("applewebkit") != -1,
+	isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+	firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+	isOpera: config.userAgent.indexOf("opera") != -1,
+	isLinux: config.userAgent.indexOf("linux") != -1,
+	isUnix: config.userAgent.indexOf("x11") != -1,
+	isMac: config.userAgent.indexOf("mac") != -1,
+	isWindows: config.userAgent.indexOf("win") != -1
+	};
+
+// Basic regular expressions
+config.textPrimitives = {
+	upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+	lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+	anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+	anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+	};
+if(config.browser.isBadSafari)
+	config.textPrimitives = {
+		upperLetter: "[A-Z\u00c0-\u00de]",
+		lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+		anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+		anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+		}
+config.textPrimitives.sliceSeparator = "::";
+config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
+config.textPrimitives.unWikiLink = "~";
+config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
+												config.textPrimitives.lowerLetter + "+" +
+												config.textPrimitives.upperLetter +
+												config.textPrimitives.anyLetter + "*)|(?:" +
+												config.textPrimitives.upperLetter + "{2,}" +
+												config.textPrimitives.lowerLetter + "+))";
+
+config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
+config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
+
+config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
+config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
+config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
+	config.textPrimitives.brackettedLink + ")|(?:" + 
+	config.textPrimitives.urlPattern + ")","mg");
+config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
+	config.textPrimitives.titledBrackettedLink + ")|(?:" +
+	config.textPrimitives.brackettedLink + ")|(?:" +
+	config.textPrimitives.urlPattern + ")","mg");
+
+// ---------------------------------------------------------------------------------
+// Shadow tiddlers
+// ---------------------------------------------------------------------------------
+
+config.shadowTiddlers = {
+	ColorPalette: "Background: #fff\n" + 
+				  "Foreground: #000\n" +
+				  "PrimaryPale: #8cf\n" +
+				  "PrimaryLight: #18f\n" +
+				  "PrimaryMid: #04b\n" +
+				  "PrimaryDark: #014\n" +
+				  "SecondaryPale: #ffc\n" +
+				  "SecondaryLight: #fe8\n" +
+				  "SecondaryMid: #db4\n" +
+				  "SecondaryDark: #841\n" +
+				  "TertiaryPale: #eee\n" +
+				  "TertiaryLight: #ccc\n" +
+				  "TertiaryMid: #999\n" +
+				  "TertiaryDark: #666\n" +
+				  "Error: #f88\n",
+	StyleSheet: "",
+	StyleSheetColors: "/*{{{*/\nbody {\n	background: [[ColorPalette::Background]];\n	color: [[ColorPalette::Foreground]];\n}\n\na{\n	color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n	background: [[ColorPalette::PrimaryMid]];\n	color: [[ColorPalette::Background]];\n}\n\na img{\n	border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	color: [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n	color: [[ColorPalette::PrimaryDark]];\n	border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::SecondaryLight]];\n	border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n	font-weight: normal;\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n	color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n	font-weight: normal;\n	color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border-left: 1px solid [[ColorPalette::TertiaryLight]];\n	border-top: 1px solid [[ColorPalette::TertiaryLight]];\n	border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n	 border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n	border: none;\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n	color: [[ColorPalette::PrimaryMid]];\n	background: [[ColorPalette::Background]];\n}\n\n.wizard {\n	background: [[ColorPalette::SecondaryLight]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n	color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n	background: [[ColorPalette::Background]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n	color: [[ColorPalette::PrimaryLight]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::SecondaryMid]];\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n	padding: 0.2em 0.2em 0.2em 0.2em;\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::Background]];\n}\n\n.popup {\n	background: [[ColorPalette::PrimaryLight]];\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px;\n}\n\n.listBreak div{\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n	color: [[ColorPalette::TertiaryPale]];\n	border: none;\n}\n\n.popup li a:hover {\n	background: [[ColorPalette::PrimaryDark]];\n	color: [[ColorPalette::Background]];\n	border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n	border: 1px solid [[ColorPalette::TertiaryPale]];\n	background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n	background-color: [[ColorPalette::TertiaryLight]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n		border: none;\n}\n\n.footer {\n	color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n	background: [[ColorPalette::PrimaryPale]];\n	border: 0;\n}\n\n.sparktick {\n	background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::Error]];\n}\n\n.warning {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n	background: [[ColorPalette::TertiaryPale]];\n	color: [[ColorPalette::TertiaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n	background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n	border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n	border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n	border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n	border: 1px solid [[ColorPalette::SecondaryLight]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n	border: 0;\n	border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n	background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n	width: 100%;\n}\n\n.editorFooter {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+	StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n	font-size: .75em;\n	font-family: arial,helvetica;\n	margin: 0;\n	padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	font-weight: bold;\n	text-decoration: none;\n	padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n	height: 1px;\n}\n\na{\n	text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n	width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n	border: 0;\n}\n\n.externalLink {\n	text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n	font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n	font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n	font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n		position: relative;\n}\n\n.header a:hover {\n	background: transparent;\n}\n\n.headerShadow {\n	position: relative;\n	padding: 4.5em 0em 1em 1em;\n	left: -1px;\n	top: -1px;\n}\n\n.headerForeground {\n	position: absolute;\n	padding: 4.5em 0em 1em 1em;\n	left: 0px;\n	top: 0px;\n}\n\n.siteTitle {\n	font-size: 3em;\n}\n\n.siteSubtitle {\n	font-size: 1.2em;\n}\n\n#mainMenu {\n	position: absolute;\n	left: 0;\n	width: 10em;\n	text-align: right;\n	line-height: 1.6em;\n	padding: 1.5em 0.5em 0.5em 0.5em;\n	font-size: 1.1em;\n}\n\n#sidebar {\n	position: absolute;\n	right: 3px;\n	width: 16em;\n	font-size: .9em;\n}\n\n#sidebarOptions {\n	padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n	margin: 0em 0.2em;\n	padding: 0.2em 0.3em;\n	display: block;\n}\n\n#sidebarOptions input {\n	margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n	margin-left: 1em;\n	padding: 0.5em;\n	font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n	font-weight: bold;\n	display: inline;\n	padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n	margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n	width: 15em;\n	overflow: hidden;\n}\n\n.wizard {\n	padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n	font-size: 2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n	font-size: 1.2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n	padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n	margin: 0.5em 0em 0em 0em;\n	font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n	text-decoration: underline;\n}\n\n.popup {\n	font-size: .9em;\n	padding: 0.2em;\n	list-style: none;\n	margin: 0;\n}\n\n.popup hr {\n	display: block;\n	height: 1px;\n	width: auto;\n	padding: 0;\n	margin: 0.2em 0em;\n}\n\n.listBreak {\n	font-size: 1px;\n	line-height: 1px;\n}\n\n.listBreak div {\n	margin: 2px 0;\n}\n\n.popup li.disabled {\n	padding: 0.2em;\n}\n\n.popup li a{\n	display: block;\n	padding: 0.2em;\n}\n\n.tabset {\n	padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n	margin: 0em 0em 0em 0.25em;\n	padding: 2px;\n}\n\n.tabContents {\n	padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n	margin: 0;\n	padding: 0;\n}\n\n.txtMainTab .tabContents li {\n	list-style: none;\n}\n\n.tabContents li.listLink {\n	 margin-left: .75em;\n}\n\n#displayArea {\n	margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n	text-align: right;\n	font-size: .9em;\n	visibility: hidden;\n}\n\n.selected .toolbar {\n	visibility: visible;\n}\n\n.tiddler {\n	padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n	font-style: italic;\n}\n\n.title {\n	font-size: 1.6em;\n	font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n	font-size: 1.1em;\n}\n\n.tiddler .button {\n	padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n	font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n	width: 99%;\n	padding: 0 0 1em 0;\n}\n\n.viewer {\n	line-height: 1.4em;\n	padding-top: 0.5em;\n}\n\n.viewer .button {\n	margin: 0em 0.25em;\n	padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n	line-height: 1.5em;\n	padding-left: 0.8em;\n	margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n	margin-left: 0.5em;\n	padding-left: 1.5em;\n}\n\n.viewer table {\n	border-collapse: collapse;\n	margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n	padding: 3px;\n}\n\n.viewer table.listView {\n	font-size: 0.85em;\n	margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n	padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n	padding: 0.5em;\n	margin-left: 0.5em;\n	font-size: 1.2em;\n	line-height: 1.4em;\n	overflow: auto;\n}\n\n.viewer code {\n	font-size: 1.2em;\n	line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n	display: block;\n	width: 100%;\n	font: inherit;\n}\n\n.editorFooter {\n	padding: 0.25em 0em;\n	font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n	line-height: 1em;\n}\n\n.sparktick {\n	outline: 0;\n}\n\n.zoomer {\n	font-size: 1.1em;\n	position: absolute;\n	padding: 1em;\n}\n\n.cascade {\n	font-size: 1.1em;\n	position: absolute;\n	overflow: hidden;\n}\n/*}}}*/",
+	StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+	PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+	ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+	EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+	MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+	MarkupPostHead: "",
+	MarkupPreBody: "",
+	MarkupPostBody: ""
+	};
+
+// ---------------------------------------------------------------------------------
+// Translateable strings
+// ---------------------------------------------------------------------------------
+
+// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
+
+merge(config.options,{
+	txtUserName: "YourName"});
+
+merge(config.messages,{
+	customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+	pluginError: "Error: %0",
+	pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+	pluginForced: "Executed because forced via 'systemConfigForce' tag",
+	pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+	nothingSelected: "Nothing is selected. You must select one or more items first",
+	savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+	subtitleUnknown: "(unknown)",
+	undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+	shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+	tiddlerLinkTooltip: "%0 - %1, %2",
+	externalLinkTooltip: "External link to %0",
+	noTags: "There are no tagged tiddlers",
+	notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+	cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+	invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+	backupSaved: "Backup saved",
+	backupFailed: "Failed to save backup file",
+	rssSaved: "RSS feed saved",
+	rssFailed: "Failed to save RSS feed file",
+	emptySaved: "Empty template saved",
+	emptyFailed: "Failed to save empty template file",
+	mainSaved: "Main TiddlyWiki file saved",
+	mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+	macroError: "Error in macro <<%0>>",
+	macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+	missingMacro: "No such macro",
+	overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+	unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+	confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+	saveInstructions: "SaveChanges",
+	unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+	tiddlerSaveError: "Error when saving tiddler '%0'",
+	tiddlerLoadError: "Error when loading tiddler '%0'",
+	wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+	invalidFieldName: "Invalid field name %0",
+	fieldCannotBeChanged: "Field '%0' cannot be changed"});
+
+merge(config.messages.messageClose,{
+	text: "close",
+	tooltip: "close this message area"});
+
+config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
+config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+merge(config.views.wikified.tag,{
+	labelNoTags: "no tags",
+	labelTags: "tags: ",
+	openTag: "Open tag '%0'",
+	tooltip: "Show tiddlers tagged with '%0'",
+	openAllText: "Open all",
+	openAllTooltip: "Open all of these tiddlers",
+	popupNone: "No other tiddlers tagged with '%0'"});
+
+merge(config.views.wikified,{
+	defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+	defaultModifier: "(missing)",
+	shadowModifier: "(built-in shadow tiddler)",
+	createdPrompt: "created"});
+
+merge(config.views.editor,{
+	tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+	defaultText: "Type the text for '%0'"});
+
+merge(config.views.editor.tagChooser,{
+	text: "tags",
+	tooltip: "Choose existing tags to add to this tiddler",
+	popupNone: "There are no tags defined",
+	tagTooltip: "Add the tag '%0'"});
+
+merge(config.macros.search,{
+	label: "search",
+	prompt: "Search this TiddlyWiki",
+	accessKey: "F",
+	successMsg: "%0 tiddlers found matching %1",
+	failureMsg: "No tiddlers found matching %0"});
+
+merge(config.macros.tagging,{
+	label: "tagging: ",
+	labelNotTag: "not tagging",
+	tooltip: "List of tiddlers tagged with '%0'"});
+
+merge(config.macros.timeline,{
+	dateFormat: "DD MMM YYYY"});
+
+merge(config.macros.allTags,{
+	tooltip: "Show tiddlers tagged with '%0'",
+	noTags: "There are no tagged tiddlers"});
+
+config.macros.list.all.prompt = "All tiddlers in alphabetical order";
+config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
+config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
+config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
+
+merge(config.macros.closeAll,{
+	label: "close all",
+	prompt: "Close all displayed tiddlers (except any that are being edited)"});
+
+merge(config.macros.permaview,{
+	label: "permaview",
+	prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+
+merge(config.macros.saveChanges,{
+	label: "save changes",
+	prompt: "Save all tiddlers to create a new TiddlyWiki",
+	accessKey: "S"});
+
+merge(config.macros.newTiddler,{
+	label: "new tiddler",
+	prompt: "Create a new tiddler",
+	title: "New Tiddler",
+	accessKey: "N"});
+
+merge(config.macros.newJournal,{
+	label: "new journal",
+	prompt: "Create a new tiddler from the current date and time",
+	accessKey: "J"});
+
+merge(config.macros.plugins,{
+	skippedText: "(This plugin has not been executed because it was added since startup)",
+	noPluginText: "There are no plugins installed",
+	confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+	listViewTemplate : {
+		columns: [
+			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+			{name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+			{name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+			{name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+			{name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+			{name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+			{name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+			],
+		rowClasses: [
+			{className: 'error', field: 'error'},
+			{className: 'warning', field: 'warning'}
+			],
+		actions: [
+			{caption: "More actions...", name: ''},
+			{caption: "Remove systemConfig tag", name: 'remove'},
+			{caption: "Delete these tiddlers forever", name: 'delete'}
+			]}
+	});
+
+merge(config.macros.refreshDisplay,{
+	label: "refresh",
+	prompt: "Redraw the entire TiddlyWiki display"
+	});
+
+merge(config.macros.importTiddlers,{
+	readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+	defaultPath: "http://www.tiddlywiki.com/index.html",
+	fetchLabel: "fetch",
+	fetchPrompt: "Fetch the tiddlywiki file",
+	fetchError: "There were problems fetching the tiddlywiki file",
+	confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+	wizardTitle: "Import tiddlers from another TiddlyWiki file",
+	step1: "Step 1: Locate the TiddlyWiki file",
+	step1prompt: "Enter the URL or pathname here: ",
+	step1promptFile: "...or browse for a file: ",
+	step1promptFeeds: "...or select a pre-defined feed: ",
+	step1feedPrompt: "Choose...",
+	step2: "Step 2: Loading TiddlyWiki file",
+	step2Text: "Please wait while the file is loaded from: %0",
+	step3: "Step 3: Choose the tiddlers to import",
+	step4: "%0 tiddler(s) imported",
+	step5: "Done",
+	listViewTemplate: {
+		columns: [
+			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+			{name: 'Title', field: 'title', title: "Title", type: 'String'},
+			{name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+			{name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+			],
+		rowClasses: [
+			],
+		actions: [
+			{caption: "More actions...", name: ''},
+			{caption: "Import these tiddlers", name: 'import'}
+			]}
+	});
+
+merge(config.commands.closeTiddler,{
+	text: "close",
+	tooltip: "Close this tiddler"});
+
+merge(config.commands.closeOthers,{
+	text: "close others",
+	tooltip: "Close all other tiddlers"});
+
+merge(config.commands.editTiddler,{
+	text: "edit",
+	tooltip: "Edit this tiddler",
+	readOnlyText: "view",
+	readOnlyTooltip: "View the source of this tiddler"});
+
+merge(config.commands.saveTiddler,{
+	text: "done",
+	tooltip: "Save changes to this tiddler"});
+
+merge(config.commands.cancelTiddler,{
+	text: "cancel",
+	tooltip: "Undo changes to this tiddler",
+	warning: "Are you sure you want to abandon your changes to '%0'?",
+	readOnlyText: "done",
+	readOnlyTooltip: "View this tiddler normally"});
+
+merge(config.commands.deleteTiddler,{
+	text: "delete",
+	tooltip: "Delete this tiddler",
+	warning: "Are you sure you want to delete '%0'?"});
+
+merge(config.commands.permalink,{
+	text: "permalink",
+	tooltip: "Permalink for this tiddler"});
+
+merge(config.commands.references,{
+	text: "references",
+	tooltip: "Show tiddlers that link to this one",
+	popupNone: "No references"});
+
+merge(config.commands.jump,{
+	text: "jump",
+	tooltip: "Jump to another open tiddler"});
+
+merge(config.shadowTiddlers,{
+	DefaultTiddlers: "GettingStarted",
+	MainMenu: "GettingStarted",
+	SiteTitle: "My TiddlyWiki",
+	SiteSubtitle: "a reusable non-linear personal web notebook",
+	SiteUrl: "http://www.tiddlywiki.com/",
+	GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+	SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+	OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+	AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+	SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+	TabTimeline: "<<timeline>>",
+	TabAll: "<<list all>>",
+	TabTags: "<<allTags>>",
+	TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+	TabMoreMissing: "<<list missing>>",
+	TabMoreOrphans: "<<list orphans>>",
+	TabMoreShadowed: "<<list shadowed>>",
+	PluginManager: "<<plugins>>",
+	ImportTiddlers: "<<importTiddlers>>"});
+
+// ---------------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------------
+
+var params = null; // Command line parameters
+var store = null; // TiddlyWiki storage
+var story = null; // Main story
+var formatter = null; // Default formatters for the wikifier
+config.parsers = {}; // Hashmap of alternative parsers for the wikifier
+var anim = new Animator(); // Animation engine
+var readOnly = false; // Whether we're in readonly mode
+var highlightHack = null; // Embarrassing hack department...
+var hadConfirmExit = false; // Don't warn more than once
+var safeMode = false; // Disable all plugins and cookies
+var installedPlugins = []; // Information filled in when plugins are executed
+var startingUp = false; // Whether we're in the process of starting up
+var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
+
+// Whether to use the JavaSaver applet
+var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
+
+// Starting up
+function main()
+{
+	var now, then = new Date();
+	startingUp = true;
+	window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+	params = getParameters();
+	if(params)
+		params = params.parseParams("open",null,false);
+	store = new TiddlyWiki();
+	invokeParamifier(params,"oninit");
+	story = new Story("tiddlerDisplay","tiddler");
+	addEvent(document,"click",Popup.onDocumentClick);
+	saveTest();
+	loadOptionsCookie();
+	for(var s=0; s<config.notifyTiddlers.length; s++)
+		store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+	store.loadFromDiv("storeArea","store",true);
+	invokeParamifier(params,"onload");
+	var pluginProblem = loadPlugins();
+	formatter = new Formatter(config.formatters);
+	readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+	invokeParamifier(params,"onconfig");
+	store.notifyAll();
+	restart();
+	if(pluginProblem)
+		{
+		story.displayTiddler(null,"PluginManager");
+		displayMessage(config.messages.customConfigError);
+		}
+	now = new Date();
+	if(config.displayStartupTime)
+		displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+	startingUp = false;
+}
+
+// Restarting
+function restart()
+{
+	invokeParamifier(params,"onstart");
+	if(story.isEmpty())
+		{
+		var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+		invokeParamifier(defaultParams,"onstart");
+		}
+	window.scrollTo(0,0);
+}
+
+function saveTest()
+{
+	var saveTest = document.getElementById("saveTest");
+	if(saveTest.hasChildNodes())
+		alert(config.messages.savedSnapshotError);
+	saveTest.appendChild(document.createTextNode("savetest"));
+}
+
+function loadPlugins()
+{
+	if(safeMode)
+		return false;
+	var configTiddlers = store.getTaggedTiddlers("systemConfig");
+	installedPlugins = [];
+	var hadProblem = false;
+	for(var t=0; t<configTiddlers.length; t++)
+		{
+		tiddler = configTiddlers[t];
+		pluginInfo = getPluginInfo(tiddler);
+		if(isPluginExecutable(pluginInfo))
+			{
+			pluginInfo.executed = true;
+			pluginInfo.error = false;
+			try
+				{
+				if(tiddler.text && tiddler.text != "")
+					window.eval(tiddler.text);
+				}
+			catch(e)
+				{
+				pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+				pluginInfo.error = true;
+				hadProblem = true;
+				}
+			}
+		else
+			pluginInfo.warning = true;
+		installedPlugins.push(pluginInfo);
+		}
+	return hadProblem;
+}
+
+function getPluginInfo(tiddler)
+{
+	var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+	p.tiddler = tiddler;
+	p.title = tiddler.title;
+	p.log = [];
+	return p;
+}
+
+// Check that a particular plugin is valid for execution
+function isPluginExecutable(plugin)
+{
+	if(plugin.tiddler.isTagged("systemConfigDisable"))
+		return verifyTail(plugin,false,config.messages.pluginDisabled);
+	if(plugin.tiddler.isTagged("systemConfigForce"))
+		return verifyTail(plugin,true,config.messages.pluginForced);
+	if(plugin["CoreVersion"])
+		{
+		var coreVersion = plugin["CoreVersion"].split(".");
+		var w = parseInt(coreVersion[0]) - version.major;
+		if(w == 0 && coreVersion[1])
+			w = parseInt(coreVersion[1]) - version.minor;
+		if(w == 0 && coreVersion[2])
+		 	w = parseInt(coreVersion[2]) - version.revision;
+		if(w > 0)
+			return verifyTail(plugin,false,config.messages.pluginVersionError);
+		}
+	return true;
+}
+
+function verifyTail(plugin,result,message)
+{
+	plugin.log.push(message);
+	return result;
+}
+
+function invokeMacro(place,macro,params,wikifier,tiddler)
+{
+	try
+		{
+		var m = config.macros[macro];
+		if(m && m.handler)
+			m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+		else
+			createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+		}
+	catch(ex)
+		{
+		createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Paramifiers
+// ---------------------------------------------------------------------------------
+
+function getParameters()
+{
+	var p = null;
+	if(window.location.hash)
+		{
+		p = decodeURI(window.location.hash.substr(1));
+		if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+			p = convertUTF8ToUnicode(p);
+		}
+	return p;
+}
+
+function invokeParamifier(params,handler)
+{
+	if(!params || params.length == undefined || params.length <= 1)
+		return;
+	for(var t=1; t<params.length; t++)
+		{
+		var p = config.paramifiers[params[t].name];
+		if(p && p[handler] instanceof Function)
+			p[handler](params[t].value);
+		}
+}
+
+config.paramifiers = {};
+
+config.paramifiers.start = {
+	oninit: function(v) {
+		safeMode = v.toLowerCase() == "safe";
+		}
+};
+
+config.paramifiers.open = {
+	onstart: function(v) {
+		story.displayTiddler("bottom",v,null,false,false);
+		}
+};
+
+config.paramifiers.story = {
+	onstart: function(v) {
+		var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+		invokeParamifier(list,"onstart");
+		}
+};
+
+config.paramifiers.search = {
+	onstart: function(v) {
+		story.search(v,false,false);
+		}
+};
+
+config.paramifiers.searchRegExp = {
+	onstart: function(v) {
+		story.prototype.search(v,false,true);
+		}
+};
+
+config.paramifiers.tag = {
+	onstart: function(v) {
+		var tagged = store.getTaggedTiddlers(v,"title");
+		for(var t=0; t<tagged.length; t++)
+			story.displayTiddler("bottom",tagged[t].title,null,false,false);
+		}
+};
+
+config.paramifiers.newTiddler = {
+	onstart: function(v) {
+		if(!readOnly)
+			{
+			story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+			story.focusTiddler(v,"text");
+			}
+		}
+};
+
+config.paramifiers.newJournal = {
+	onstart: function(v) {
+		if(!readOnly)
+			{
+			var now = new Date();
+			var title = now.formatString(v.trim());
+			story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+			story.focusTiddler(title,"text");
+			}
+		}
+};
+
+// ---------------------------------------------------------------------------------
+// Formatter helpers
+// ---------------------------------------------------------------------------------
+
+function Formatter(formatters)
+{
+	this.formatters = [];
+	var pattern = [];
+	for(var n=0; n<formatters.length; n++)
+		{
+		pattern.push("(" + formatters[n].match + ")");
+		this.formatters.push(formatters[n]);
+		}
+	this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+}
+
+config.formatterHelpers = {
+
+	createElementAndWikify: function(w)
+	{
+		w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+	},
+	
+	inlineCssHelper: function(w)
+	{
+		var styles = [];
+		config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			var s,v;
+			if(lookaheadMatch[1])
+				{
+				s = lookaheadMatch[1].unDash();
+				v = lookaheadMatch[2];
+				}
+			else
+				{
+				s = lookaheadMatch[3].unDash();
+				v = lookaheadMatch[4];
+				}
+			if (s=="bgcolor")
+				s = "backgroundColor";
+			styles.push({style: s, value: v});
+			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+			config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+			}
+		return styles;
+	},
+
+	applyCssHelper: function(e,styles)
+	{
+		for(var t=0; t< styles.length; t++)
+			{
+			try
+				{
+				e.style[styles[t].style] = styles[t].value;
+				}
+			catch (ex)
+				{
+				}
+			}
+	},
+
+	enclosedTextHelper: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			var text = lookaheadMatch[1];
+			if(config.browser.isIE)
+				text = text.replace(/\n/g,"\r");
+			createTiddlyElement(w.output,this.element,null,null,text);
+			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+			}
+	},
+
+	isExternalLink: function(link)
+	{
+		if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+			{
+			//# Definitely not an external link
+			return false;
+			}
+		var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+		if(urlRegExp.exec(link))
+			{
+			// Definitely an external link
+			return true;
+			}
+		if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+			{
+			//# Link contains . / or \ so is probably an external link
+			return true;
+			}
+		//# Otherwise assume it is not an external link
+		return false;
+	}
+
+};
+
+// ---------------------------------------------------------------------------------
+// Standard formatters
+// ---------------------------------------------------------------------------------
+
+config.formatters = [
+{
+	name: "table",
+	match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+	lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+	rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+	cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+	cellTermRegExp: /((?:\x20*)\|)/mg,
+	rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+	handler: function(w)
+	{
+		var table = createTiddlyElement(w.output,"table");
+		var prevColumns = [];
+		var currRowType = null;
+		var rowContainer;
+		var rowCount = 0;
+		w.nextMatch = w.matchStart;
+		this.lookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			var nextRowType = lookaheadMatch[2];
+			if(nextRowType == "k")
+				{
+				table.className = lookaheadMatch[1];
+				w.nextMatch += lookaheadMatch[0].length+1;
+				}
+			else
+				{
+				if(nextRowType != currRowType)
+					{
+					rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+					currRowType = nextRowType;
+					}
+				if(currRowType == "c")
+					{
+					// Caption
+					w.nextMatch++;
+					if(rowContainer != table.firstChild)
+						table.insertBefore(rowContainer,table.firstChild);
+					rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+					w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+					}
+				else
+					{
+					this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+					rowCount++;
+					}
+				}
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+			}
+	},
+	rowHandler: function(w,e,prevColumns)
+	{
+		var col = 0;
+		var colSpanCount = 1;
+		var prevCell = null;
+		this.cellRegExp.lastIndex = w.nextMatch;
+		var cellMatch = this.cellRegExp.exec(w.source);
+		while(cellMatch && cellMatch.index == w.nextMatch)
+			{
+			if(cellMatch[1] == "~")
+				{
+				// Rowspan
+				var last = prevColumns[col];
+				if(last)
+					{
+					last.rowSpanCount++;
+					last.element.setAttribute("rowspan",last.rowSpanCount);
+					last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+					last.element.valign = "center";
+					}
+				w.nextMatch = this.cellRegExp.lastIndex-1;
+				}
+			else if(cellMatch[1] == ">")
+				{
+				// Colspan
+				colSpanCount++;
+				w.nextMatch = this.cellRegExp.lastIndex-1;
+				}
+			else if(cellMatch[2])
+				{
+				// End of row
+				if(prevCell && colSpanCount > 1)
+					{
+					prevCell.setAttribute("colspan",colSpanCount);
+					prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+					}
+				w.nextMatch = this.cellRegExp.lastIndex;
+				break;
+				}
+			else
+				{
+				// Cell
+				w.nextMatch++;
+				var styles = config.formatterHelpers.inlineCssHelper(w);
+				var spaceLeft = false;
+				var chr = w.source.substr(w.nextMatch,1);
+				while(chr == " ")
+					{
+					spaceLeft = true;
+					w.nextMatch++;
+					chr = w.source.substr(w.nextMatch,1);
+					}
+				var cell;
+				if(chr == "!")
+					{
+					cell = createTiddlyElement(e,"th");
+					w.nextMatch++;
+					}
+				else
+					cell = createTiddlyElement(e,"td");
+				prevCell = cell;
+				prevColumns[col] = {rowSpanCount:1, element:cell};
+				if(colSpanCount > 1)
+					{
+					cell.setAttribute("colspan",colSpanCount);
+					cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+					colSpanCount = 1;
+					}
+				config.formatterHelpers.applyCssHelper(cell,styles);
+				w.subWikifyTerm(cell,this.cellTermRegExp);
+				if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+					cell.align = spaceLeft ? "center" : "left";
+				else if(spaceLeft)
+					cell.align = "right";
+				w.nextMatch--;
+				}
+			col++;
+			this.cellRegExp.lastIndex = w.nextMatch;
+			cellMatch = this.cellRegExp.exec(w.source);
+			}
+	}
+},
+
+{
+	name: "heading",
+	match: "^!{1,5}",
+	termRegExp: /(\n)/mg,
+	handler: function(w)
+	{
+		w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+	}
+},
+
+{
+	name: "list",
+	match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+	lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+	termRegExp: /(\n)/mg,
+	handler: function(w)
+	{
+		var placeStack = [w.output];
+		var currLevel = 0, currType = null;
+		var listLevel, listType, itemType;
+		w.nextMatch = w.matchStart;
+		this.lookaheadRegExp.lastIndex = w.nextMatch;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+			{
+			if(lookaheadMatch[1])
+				{
+				listType = "ul";
+				itemType = "li";
+				}
+			else if(lookaheadMatch[2])
+				{
+				listType = "ol";
+				itemType = "li";
+				}
+			else if(lookaheadMatch[3])
+				{
+				listType = "dl";
+				itemType = "dt";
+				}
+			else if(lookaheadMatch[4])
+				{
+				listType = "dl";
+				itemType = "dd";
+				}
+			listLevel = lookaheadMatch[0].length;
+			w.nextMatch += lookaheadMatch[0].length;
+			if(listLevel > currLevel)
+				{
+				for(var t=currLevel; t<listLevel; t++)
+					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+				}
+			else if(listLevel < currLevel)
+				{
+				for(var t=currLevel; t>listLevel; t--)
+					placeStack.pop();
+				}
+			else if(listLevel == currLevel && listType != currType)
+				{
+				placeStack.pop();
+				placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+				}
+			currLevel = listLevel;
+			currType = listType;
+			var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+			w.subWikifyTerm(e,this.termRegExp);
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		}
+	}
+},
+
+{
+	name: "quoteByBlock",
+	match: "^<<<\\n",
+	termRegExp: /(^<<<(\n|$))/mg,
+	element: "blockquote",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "quoteByLine",
+	match: "^>+",
+	lookaheadRegExp: /^>+/mg,
+	termRegExp: /(\n)/mg,
+	element: "blockquote",
+	handler: function(w)
+	{
+		var placeStack = [w.output];
+		var currLevel = 0;
+		var newLevel = w.matchLength;
+		var t;
+		do {
+			if(newLevel > currLevel)
+				{
+				for(t=currLevel; t<newLevel; t++)
+					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+				}
+			else if(newLevel < currLevel)
+				{
+				for(t=currLevel; t>newLevel; t--)
+					placeStack.pop();
+				}
+			currLevel = newLevel;
+			w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+			createTiddlyElement(placeStack[placeStack.length-1],"br");
+			this.lookaheadRegExp.lastIndex = w.nextMatch;
+			var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+			var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+			if(matched)
+				{
+				newLevel = lookaheadMatch[0].length;
+				w.nextMatch += lookaheadMatch[0].length;
+				}
+		} while(matched);
+	}
+},
+
+{
+	name: "rule",
+	match: "^----+$\\n?",
+	handler: function(w)
+	{
+		createTiddlyElement(w.output,"hr");
+	}
+},
+
+{
+	name: "monospacedByLine",
+	match: "^\\{\\{\\{\\n",
+	lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForCSS",
+	match: "^/\\*[\\{]{3}\\*/\\n",
+	lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForPlugin",
+	match: "^//\\{\\{\\{\\n",
+	lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "monospacedByLineForTemplate",
+	match: "^<!--[\\{]{3}-->\\n",
+	lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg, 
+	element: "pre",
+	handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+	name: "wikifyCommentForPlugin", 
+	match: "^/\\*\\*\\*\\n",
+	termRegExp: /(^\*\*\*\/\n)/mg,
+	handler: function(w)
+	{
+		w.subWikifyTerm(w.output,this.termRegExp);
+	}
+},
+
+{
+	name: "wikifyCommentForTemplate", 
+	match: "^<!---\\n",
+	termRegExp: /(^--->\n)/mg,
+	handler: function(w) 
+	{
+		w.subWikifyTerm(w.output,this.termRegExp);
+	}
+},
+
+{
+	name: "macro",
+	match: "<<",
+	lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+			{
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+			}
+	}
+},
+
+{
+	name: "prettyLink",
+	match: "\\[\\[",
+	lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			var e;
+			var text = lookaheadMatch[1];
+			if(lookaheadMatch[3])
+				{
+				// Pretty bracketted link
+				var link = lookaheadMatch[3];
+				e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+						? createExternalLink(w.output,link)
+						: createTiddlyLink(w.output,link,false,null,w.isStatic);
+				}
+			else
+				{
+				// Simple bracketted link
+				e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+				}
+			createTiddlyText(e,text);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "unWikiLink",
+	match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+	handler: function(w)
+	{
+		w.outputText(w.output,w.matchStart+1,w.nextMatch);
+	}
+},
+
+{
+	name: "wikiLink",
+	match: config.textPrimitives.wikiLink,
+	handler: function(w)
+	{
+		if(w.matchStart > 0)
+			{
+			var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+			preRegExp.lastIndex = w.matchStart-1;
+			var preMatch = preRegExp.exec(w.source);
+			if(preMatch.index == w.matchStart-1)
+				{
+				w.outputText(w.output,w.matchStart,w.nextMatch);
+				return;
+				}
+			}
+		if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+			{
+			var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+			w.outputText(link,w.matchStart,w.nextMatch);
+			}
+		else
+			{
+			w.outputText(w.output,w.matchStart,w.nextMatch);
+			}
+	}
+},
+
+{
+	name: "urlLink",
+	match: config.textPrimitives.urlPattern,
+	handler: function(w)
+	{
+		w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+	}
+},
+
+{
+	name: "image",
+	match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+	lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+			{
+			var e = w.output;
+			if(lookaheadMatch[5])
+				{
+				var link = lookaheadMatch[5];
+				e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+				addClass(e,"imageLink");
+				}
+			var img = createTiddlyElement(e,"img");
+			if(lookaheadMatch[1])
+				img.align = "left";
+			else if(lookaheadMatch[2])
+				img.align = "right";
+			if(lookaheadMatch[3])
+				img.title = lookaheadMatch[3];
+			img.src = lookaheadMatch[4];
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "html",
+	match: "<[Hh][Tt][Mm][Ll]>",
+	lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "commentByBlock",
+	match: "/%",
+	lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+	}
+},
+
+{
+	name: "boldByChar",
+	match: "''",
+	termRegExp: /('')/mg,
+	element: "strong",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "italicByChar",
+	match: "//",
+	termRegExp: /(\/\/)/mg,
+	element: "em",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "underlineByChar",
+	match: "__",
+	termRegExp: /(__)/mg,
+	element: "u",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "strikeByChar",
+	match: "--(?!\\s|$)",
+	termRegExp: /((?!\s)--|(?=\n\n))/mg,
+	element: "strike",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "superscriptByChar",
+	match: "\\^\\^",
+	termRegExp: /(\^\^)/mg,
+	element: "sup",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "subscriptByChar",
+	match: "~~",
+	termRegExp: /(~~)/mg,
+	element: "sub",
+	handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+	name: "monospacedByChar",
+	match: "\\{\\{\\{",
+	lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "styleByChar",
+	match: "@@",
+	termRegExp: /(@@)/mg,
+	handler:  function(w)
+	{
+		var e = createTiddlyElement(w.output,"span");
+		var styles = config.formatterHelpers.inlineCssHelper(w);
+		if(styles.length == 0)
+			e.className = "marked";
+		else
+			config.formatterHelpers.applyCssHelper(e,styles);
+		w.subWikifyTerm(e,this.termRegExp);
+	}
+},
+
+{
+	name: "lineBreak",
+	match: "\\n|<br ?/?>",
+	handler: function(w)
+	{
+		createTiddlyElement(w.output,"br");
+	}
+},
+
+{
+	name: "rawText",
+	match: "\\\"{3}|<nowiki>",
+	lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+			{
+			createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			}
+	}
+},
+
+{
+	name: "mdash",
+	match: "--",
+	handler: function(w)
+		{
+		createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+		}
+},
+
+{
+	name: "htmlEntitiesEncoding",
+	match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+	handler: function(w)
+		{
+		createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+		}
+},
+
+{
+	name: "customClasses",
+	match: "\\{\\{",
+	termRegExp: /(\}\}\})/mg,
+	lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+	handler: function(w)
+	{
+		this.lookaheadRegExp.lastIndex = w.matchStart;
+		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+		if(lookaheadMatch)
+			{
+			var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+			w.nextMatch = this.lookaheadRegExp.lastIndex;
+			w.subWikifyTerm(e,this.termRegExp);
+			}
+	}
+}
+
+];
+
+// ---------------------------------------------------------------------------------
+// Wikifier
+// ---------------------------------------------------------------------------------
+
+function getParser(tiddler)
+{
+	var f = formatter;
+	if(tiddler!=null)
+		{
+		for(var i in config.parsers)
+			{
+			if(tiddler.isTagged(config.parsers[i].formatTag))
+				{
+				f = config.parsers[i];
+				break;
+				}
+			}
+		}
+	return f;
+}
+
+function wikify(source,output,highlightRegExp,tiddler)
+{
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+		wikifier.subWikifyUnterm(output);
+		}
+}
+
+function wikifyStatic(source,highlightRegExp,tiddler)
+{
+	var e = createTiddlyElement(document.body,"div");
+	e.style.display = "none";
+	var html = "";
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+		wikifier.isStatic = true;
+		wikifier.subWikifyUnterm(e);
+		html = e.innerHTML;
+		e.parentNode.removeChild(e);
+		}
+	return html;
+}
+
+// Wikify a named tiddler to plain text
+function wikifyPlain(title)
+{
+	if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+		{
+		var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+		return wikifier.wikifyPlain();
+		}
+	else
+		return "";
+}
+
+// Highlight plain text into an element
+function highlightify(source,output,highlightRegExp)
+{
+	if(source && source != "")
+		{
+		var wikifier = new Wikifier(source,formatter,highlightRegExp);
+		wikifier.outputText(output,0,source.length);
+		}
+}
+
+// Construct a wikifier object
+// source - source string that's going to be wikified
+// formatter - Formatter() object containing the list of formatters to be used
+// highlightRegExp - regular expression of the text string to highlight
+// tiddler - reference to the tiddler that's taken to be the container for this wikification
+function Wikifier(source,formatter,highlightRegExp,tiddler)
+{
+	this.source = source;
+	this.output = null;
+	this.formatter = formatter;
+	this.nextMatch = 0;
+	this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+	this.highlightRegExp = highlightRegExp;
+	this.highlightMatch = null;
+	this.isStatic = false;
+	if(highlightRegExp)
+		{
+		highlightRegExp.lastIndex = 0;
+		this.highlightMatch = highlightRegExp.exec(source);
+		}
+	this.tiddler = tiddler;
+}
+
+Wikifier.prototype.wikifyPlain = function()
+{
+	var e = createTiddlyElement(document.body,"div");
+	e.style.display = "none";
+	this.subWikify(e);
+	var text = getPlainText(e);
+	e.parentNode.removeChild(e);
+	return text;
+}
+
+Wikifier.prototype.subWikify = function(output,terminator)
+{
+	// Handle the terminated and unterminated cases separately
+	if (terminator)
+		this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+	else
+		this.subWikifyUnterm(output);
+}
+
+Wikifier.prototype.subWikifyUnterm = function(output)
+{
+	// subWikify() can be indirectly recursive, so we need to save the old output pointer
+	var oldOutput = this.output;
+	this.output = output;
+	// Get the first match
+	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+	var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+	while(formatterMatch)
+		{
+		// Output any text before the match
+		if(formatterMatch.index > this.nextMatch)
+			this.outputText(this.output,this.nextMatch,formatterMatch.index);
+		// Set the match parameters for the handler
+		this.matchStart = formatterMatch.index;
+		this.matchLength = formatterMatch[0].length;
+		this.matchText = formatterMatch[0];
+		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+		// Figure out which formatter matched and call its handler
+		for(var t=1; t<formatterMatch.length; t++)
+			{
+			if(formatterMatch[t])
+				{
+				this.formatter.formatters[t-1].handler(this);
+				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+				break;
+				}
+			}
+		// Get the next match
+		formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+		}
+	// Output any text after the last match
+	if(this.nextMatch < this.source.length)
+		{
+		this.outputText(this.output,this.nextMatch,this.source.length);
+		this.nextMatch = this.source.length;
+		}
+	// Restore the output pointer
+	this.output = oldOutput;
+}
+
+Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
+{
+	// subWikify() can be indirectly recursive, so we need to save the old output pointer
+	var oldOutput = this.output;
+	this.output = output;
+	// Get the first matches for the formatter and terminator RegExps
+	terminatorRegExp.lastIndex = this.nextMatch;
+	var terminatorMatch = terminatorRegExp.exec(this.source);
+	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+	var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+	while(terminatorMatch || formatterMatch)
+		{
+		// Check for a terminator match  before the next formatter match
+		if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+			{
+			// Output any text before the match
+			if(terminatorMatch.index > this.nextMatch)
+				this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+			// Set the match parameters
+			this.matchText = terminatorMatch[1];
+			this.matchLength = terminatorMatch[1].length;
+			this.matchStart = terminatorMatch.index;
+			this.nextMatch = this.matchStart + this.matchLength;
+			// Restore the output pointer
+			this.output = oldOutput;
+			return;
+			}
+		// It must be a formatter match; output any text before the match
+		if(formatterMatch.index > this.nextMatch)
+			this.outputText(this.output,this.nextMatch,formatterMatch.index);
+		// Set the match parameters
+		this.matchStart = formatterMatch.index;
+		this.matchLength = formatterMatch[0].length;
+		this.matchText = formatterMatch[0];
+		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+		// Figure out which formatter matched and call its handler
+		for(var t=1; t<formatterMatch.length; t++)
+			{
+			if(formatterMatch[t])
+				{
+				this.formatter.formatters[t-1].handler(this);
+				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+				break;
+				}
+			}
+		// Get the next match
+		terminatorRegExp.lastIndex = this.nextMatch;
+		terminatorMatch = terminatorRegExp.exec(this.source);
+		formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+		}
+	// Output any text after the last match
+	if(this.nextMatch < this.source.length)
+		{
+		this.outputText(this.output,this.nextMatch,this.source.length);
+		this.nextMatch = this.source.length;
+		}
+	// Restore the output pointer
+	this.output = oldOutput;
+}
+
+Wikifier.prototype.outputText = function(place,startPos,endPos)
+{
+	// Check for highlights
+	while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+		{
+		// Deal with any plain text before the highlight
+		if(this.highlightMatch.index > startPos)
+			{
+			createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+			startPos = this.highlightMatch.index;
+			}
+		// Deal with the highlight
+		var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+		var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+		startPos = highlightEnd;
+		// Nudge along to the next highlight if we're done with this one
+		if(startPos >= this.highlightRegExp.lastIndex)
+			this.highlightMatch = this.highlightRegExp.exec(this.source);
+		}
+	// Do the unhighlighted text left over
+	if(startPos < endPos)
+		{
+		createTiddlyText(place,this.source.substring(startPos,endPos));
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Macro definitions
+// ---------------------------------------------------------------------------------
+
+config.macros.today.handler = function(place,macroName,params)
+{
+	var now = new Date();
+	var text;
+	if(params[0])
+		text = now.formatString(params[0].trim());
+	else
+		text = now.toLocaleString();
+	createTiddlyElement(place,"span",null,null,text);
+}
+
+config.macros.version.handler = function(place)
+{
+	createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+}
+
+config.macros.list.handler = function(place,macroName,params)
+{
+	var type = params[0] ? params[0] : "all";
+	var theList = document.createElement("ul");
+	place.appendChild(theList);
+	if(this[type].prompt)
+		createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+	var results;
+	if(this[type].handler)
+		results = this[type].handler(params);
+	for(var t = 0; t < results.length; t++)
+		{
+		var theListItem = document.createElement("li")
+		theList.appendChild(theListItem);
+		if(typeof results[t] == "string")
+			createTiddlyLink(theListItem,results[t],true);
+		else
+			createTiddlyLink(theListItem,results[t].title,true);
+		}
+}
+
+config.macros.list.all.handler = function(params)
+{
+	return store.reverseLookup("tags","excludeLists",false,"title");
+}
+
+config.macros.list.missing.handler = function(params)
+{
+	return store.getMissingLinks();
+}
+
+config.macros.list.orphans.handler = function(params)
+{
+	return store.getOrphans();
+}
+
+config.macros.list.shadowed.handler = function(params)
+{
+	return store.getShadowed();
+}
+
+config.macros.allTags.handler = function(place,macroName,params)
+{
+	var tags = store.getTags();
+	var theDateList = createTiddlyElement(place,"ul");
+	if(tags.length == 0)
+		createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+	for(var t=0; t<tags.length; t++)
+		{
+		var theListItem =createTiddlyElement(theDateList,"li");
+		var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+		theTag.setAttribute("tag",tags[t][0]);
+		}
+}
+
+config.macros.timeline.handler = function(place,macroName,params)
+{
+	var field = params[0] ? params[0] : "modified";
+	var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+	var lastDay = "";
+	var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+	for(var t=tiddlers.length-1; t>=last; t--)
+		{
+		var tiddler = tiddlers[t];
+		var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+		if(theDay != lastDay)
+			{
+			var theDateList = document.createElement("ul");
+			place.appendChild(theDateList);
+			createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+			lastDay = theDay;
+			}
+		var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+		theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+		}
+}
+
+config.macros.search.handler = function(place,macroName,params)
+{
+	var searchTimeout = null;
+	var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+	var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+	if(params[0])
+		txt.value = params[0];
+	txt.onkeyup = this.onKeyPress;
+	txt.onfocus = this.onFocus;
+	txt.setAttribute("size",this.sizeTextbox);
+	txt.setAttribute("accessKey",this.accessKey);
+	txt.setAttribute("autocomplete","off");
+	txt.setAttribute("lastSearchText","");
+	if(config.browser.isSafari)
+		{
+		txt.setAttribute("type","search");
+		txt.setAttribute("results","5");
+		}
+	else
+		txt.setAttribute("type","text");
+}
+
+// Global because there's only ever one outstanding incremental search timer
+config.macros.search.timeout = null;
+
+config.macros.search.doSearch = function(txt)
+{
+	if(txt.value.length > 0)
+		{
+		story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+		txt.setAttribute("lastSearchText",txt.value);
+		}
+}
+
+config.macros.search.onClick = function(e)
+{
+	config.macros.search.doSearch(this.nextSibling);
+	return false;
+}
+
+config.macros.search.onKeyPress = function(e)
+{
+	if(!e) var e = window.event;
+	switch(e.keyCode)
+		{
+		case 13: // Ctrl-Enter
+		case 10: // Ctrl-Enter on IE PC
+			config.macros.search.doSearch(this);
+			break;
+		case 27: // Escape
+			this.value = "";
+			clearMessage();
+			break;
+		}
+	if(this.value.length > 2)
+		{
+		if(this.value != this.getAttribute("lastSearchText"))
+			{
+			if(config.macros.search.timeout)
+				clearTimeout(config.macros.search.timeout);
+			var txt = this;
+			config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+			}
+		}
+	else
+		{
+		if(config.macros.search.timeout)
+			clearTimeout(config.macros.search.timeout);
+		}
+}
+
+config.macros.search.onFocus = function(e)
+{
+	this.select();
+}
+
+config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("name",null,true,false,true);
+	var names = params[0]["name"];
+	var tiddlerName = names[0];
+	var className = names[1] ? names[1] : null;
+	var args = params[0]["with"];
+	var wrapper = createTiddlyElement(place,"span",null,className);
+	if(!args)
+		{
+		wrapper.setAttribute("refresh","content");
+		wrapper.setAttribute("tiddler",tiddlerName);
+		}
+	var text = store.getTiddlerText(tiddlerName);
+	if(text)
+		{
+		var stack = config.macros.tiddler.tiddlerStack;
+		if(stack.indexOf(tiddlerName) !== -1)
+			return;
+		stack.push(tiddlerName);
+		try
+			{
+			var n = args ? Math.min(args.length,9) : 0;
+			for(var i=0; i<n; i++) 
+				{
+				var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+				text = text.replace(placeholderRE,args[i]);
+				}
+			config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+			}
+		finally
+			{
+			stack.pop();
+			}
+		}
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params) 
+{
+	wikify(text,place,null,store.getTiddler(tiddlerName));
+}
+
+config.macros.tiddler.tiddlerStack = [];
+
+config.macros.tag.handler = function(place,macroName,params)
+{
+	createTagButton(place,params[0]);
+}
+
+config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("anon",null,true,false,false);
+	var theList = createTiddlyElement(place,"ul");
+	var title = getParam(params,"anon","");
+	if(title && store.tiddlerExists(title))
+		tiddler = store.getTiddler(title);
+	var sep = getParam(params,"sep"," ");
+	var lingo = config.views.wikified.tag;
+	var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+	for(var t=0; t<tiddler.tags.length; t++)
+		{
+		createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+		if(t<tiddler.tags.length-1)
+			createTiddlyText(theList,sep);
+		}
+}
+
+config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	params = paramString.parseParams("anon",null,true,false,false);
+	var theList = createTiddlyElement(place,"ul");
+	var title = getParam(params,"anon","");
+	if(title == "" && tiddler instanceof Tiddler)
+		title = tiddler.title;
+	var sep = getParam(params,"sep"," ");
+	theList.setAttribute("title",this.tooltip.format([title]));
+	var tagged = store.getTaggedTiddlers(title);
+	var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+	for(var t=0; t<tagged.length; t++)
+		{
+		createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+		if(t<tagged.length-1)
+			createTiddlyText(theList,sep);
+		}
+}
+
+config.macros.closeAll.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.closeAll.onClick = function(e)
+{
+	story.closeAllTiddlers();
+	return false;
+}
+
+config.macros.permaview.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.permaview.onClick = function(e)
+{
+	story.permaView();
+	return false;
+}
+
+config.macros.saveChanges.handler = function(place)
+{
+	if(!readOnly)
+		createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+}
+
+config.macros.saveChanges.onClick = function(e)
+{
+	saveChanges();
+	return false;
+}
+
+config.macros.slider.onClickSlider = function(e)
+{
+	if(!e) var e = window.event;
+	var n = this.nextSibling;
+	var cookie = n.getAttribute("cookie");
+	var isOpen = n.style.display != "none";
+	if(anim && config.options.chkAnimate)
+		anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+	else
+		n.style.display = isOpen ? "none" : "block";
+	config.options[cookie] = !isOpen;
+	saveOptionCookie(cookie);
+	return false;
+}
+
+config.macros.slider.createSlider = function(place,cookie,title,tooltip)
+{
+	var cookie = cookie ? cookie : "";
+	var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+	var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+	panel.setAttribute("cookie",cookie);
+	panel.style.display = config.options[cookie] ? "block" : "none";
+	place.appendChild(panel);
+	return panel;
+}
+
+config.macros.slider.handler = function(place,macroName,params)
+{
+	var panel = this.createSlider(place,params[0],params[2],params[3]);
+	var text = store.getTiddlerText(params[1]);
+	panel.setAttribute("refresh", "content");
+	panel.setAttribute("tiddler", params[1]);
+	if(text)
+		wikify(text,panel,null,store.getTiddler(params[1]));
+}
+
+config.macros.option.onChangeOption = function(e)
+{
+	var opt = this.getAttribute("option");
+	var elementType,valueField;
+	if(opt)
+		{
+		switch(opt.substr(0,3))
+			{
+			case "txt":
+				elementType = "input";
+				valueField = "value";
+				break;
+			case "chk":
+				elementType = "input";
+				valueField = "checked";
+				break;
+			}
+		config.options[opt] = this[valueField];
+		saveOptionCookie(opt);
+		var nodes = document.getElementsByTagName(elementType);
+		for(var t=0; t<nodes.length; t++)
+			{
+			var optNode = nodes[t].getAttribute("option");
+			if(opt == optNode)
+				nodes[t][valueField] = this[valueField];
+			}
+		}
+	return(true);
+}
+
+config.macros.option.handler = function(place,macroName,params)
+{
+	var opt = params[0];
+	if(config.options[opt] == undefined)
+		return;
+	var c;
+	switch(opt.substr(0,3))
+		{
+		case "txt":
+			c = document.createElement("input");
+			c.onkeyup = this.onChangeOption;
+			c.setAttribute("option",opt);
+			c.className = "txtOptionInput";
+			place.appendChild(c);
+			c.value = config.options[opt];
+			break;
+		case "chk":
+			c = document.createElement("input");
+			c.setAttribute("type","checkbox");
+			c.onclick = this.onChangeOption;
+			c.setAttribute("option",opt);
+			c.className = "chkOptionInput";
+			place.appendChild(c);
+			c.checked = config.options[opt];
+			break;
+		}
+}
+
+
+
+config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
+{
+	var tags = [];
+	for(var t=1; t<params.length; t++)
+		if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+			tags.push(params[t].value);
+	label = getParam(params,"label",label);
+	prompt = getParam(params,"prompt",prompt);
+	accessKey = getParam(params,"accessKey",accessKey);
+	newFocus = getParam(params,"focus",newFocus);
+	var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+	btn.setAttribute("newTitle",title);
+	btn.setAttribute("isJournal",isJournal);
+	btn.setAttribute("params",tags.join("|"));
+	btn.setAttribute("newFocus",newFocus);
+	btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+	var text = getParam(params,"text");
+	if(text !== undefined) 
+		btn.setAttribute("newText",text);
+	return btn;
+}
+
+config.macros.newTiddler.onClickNewTiddler = function()
+{
+	var title = this.getAttribute("newTitle");
+	if(this.getAttribute("isJournal"))
+		{
+		var now = new Date();
+		title = now.formatString(title.trim());
+		}
+	var params = this.getAttribute("params").split("|");
+	var focus = this.getAttribute("newFocus");
+	var template = this.getAttribute("newTemplate");
+	story.displayTiddler(null,title,template);
+	var text = this.getAttribute("newText");
+	if(typeof text == "string")
+		story.getTiddlerField(title,"text").value = text.format([title]);
+	for(var t=0;t<params.length;t++)
+		story.setTiddlerTag(title,params[t],+1);
+	story.focusTiddler(title,focus);
+	return false;
+}
+
+config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(!readOnly)
+		{
+		params = paramString.parseParams("anon",null,true,false,false);
+		var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+		title = getParam(params,"title",title);
+		this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+		}
+}
+
+config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(!readOnly)
+		{
+		params = paramString.parseParams("anon",null,true,false,false);
+		var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+		title = getParam(params,"title",title);
+		config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+		}
+}
+
+config.macros.sparkline.handler = function(place,macroName,params)
+{
+	var data = [];
+	var min = 0;
+	var max = 0;
+	for(var t=0; t<params.length; t++)
+		{
+		var v = parseInt(params[t]);
+		if(v < min)
+			min = v;
+		if(v > max)
+			max = v;
+		data.push(v);
+		}
+	if(data.length < 1)
+		return;
+	var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+	box.title = data.join(",");
+	var w = box.offsetWidth;
+	var h = box.offsetHeight;
+	box.style.paddingRight = (data.length * 2 - w) + "px";
+	box.style.position = "relative";
+	for(var d=0; d<data.length; d++)
+		{
+		var tick = document.createElement("img");
+		tick.border = 0;
+		tick.className = "sparktick";
+		tick.style.position = "absolute";
+		tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+		tick.style.left = d*2 + "px";
+		tick.style.width = "2px";
+		var v = Math.floor(((data[d] - min)/(max-min)) * h);
+		tick.style.top = (h-v) + "px";
+		tick.style.height = v + "px";
+		box.appendChild(tick);
+		}
+}
+
+config.macros.tabs.handler = function(place,macroName,params)
+{
+	var cookie = params[0];
+	var numTabs = (params.length-1)/3;
+	var wrapper = createTiddlyElement(null,"div",null,cookie);
+	var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+	tabset.setAttribute("cookie",cookie);
+	var validTab = false;
+	for(var t=0; t<numTabs; t++)
+		{
+		var label = params[t*3+1];
+		var prompt = params[t*3+2];
+		var content = params[t*3+3];
+		var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+		tab.setAttribute("tab",label);
+		tab.setAttribute("content",content);
+		tab.title = prompt;
+		if(config.options[cookie] == label)
+			validTab = true;
+		}
+	if(!validTab)
+		config.options[cookie] = params[1];
+	place.appendChild(wrapper);
+	this.switchTab(tabset,config.options[cookie]);
+}
+
+config.macros.tabs.onClickTab = function(e)
+{
+	config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+	return false;
+}
+
+config.macros.tabs.switchTab = function(tabset,tab)
+{
+	var cookie = tabset.getAttribute("cookie");
+	var theTab = null
+	var nodes = tabset.childNodes;
+	for(var t=0; t<nodes.length; t++)
+		if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+			{
+			theTab = nodes[t];
+			theTab.className = "tab tabSelected";
+			}
+		else
+			nodes[t].className = "tab tabUnselected"
+	if(theTab)
+		{
+		if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+			tabset.parentNode.removeChild(tabset.nextSibling);
+		var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+		tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+		var contentTitle = theTab.getAttribute("content");
+		wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+		if(cookie)
+			{
+			config.options[cookie] = tab;
+			saveOptionCookie(cookie);
+			}
+		}
+}
+
+// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
+config.macros.gradient.handler = function(place,macroName,params,wikifier)
+{
+	var terminator = ">>";
+	var panel;
+	if(wikifier)
+		panel = createTiddlyElement(place,"div",null,"gradient");
+	else
+		panel = place;
+	panel.style.position = "relative";
+	panel.style.overflow = "hidden";
+	panel.style.zIndex = "0";
+	var t;
+	if(wikifier)
+		{
+		var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+		config.formatterHelpers.applyCssHelper(panel,styles);
+		}
+	var colours = [];
+	for(t=1; t<params.length; t++)
+		{
+		var c = new RGB(params[t]);
+		if(c)
+			colours.push(c);
+		}
+	drawGradient(panel,params[0] != "vert",colours);
+	if(wikifier)
+		wikifier.subWikify(panel,terminator);
+	if(document.all)
+		{
+		panel.style.height = "100%";
+		panel.style.width = "100%";
+		}
+}
+
+config.macros.message.handler = function(place,macroName,params)
+{
+	if(params[0])
+		{
+		var m = config;
+		var p = params[0].split(".");
+		for(var t=0; t<p.length; t++)
+			{
+			if(p[t] in m)
+				m = m[p[t]];
+			else
+				break;
+			}
+		createTiddlyText(place,m.toString().format(params.splice(1)));
+		}
+}
+
+config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if((tiddler instanceof Tiddler) && params[0])
+		{
+		var value = store.getValue(tiddler,params[0]);
+		if(value != undefined)
+			switch(params[1])
+				{
+				case undefined:
+					highlightify(value,place,highlightHack);
+					break;
+				case "link":
+					createTiddlyLink(place,value,true);
+					break;
+				case "wikified":
+					wikify(value,place,highlightHack,tiddler);
+					break;
+				case "date":
+					value = Date.convertFromYYYYMMDDHHMM(value);
+					if(params[2])
+						createTiddlyText(place,value.formatString(params[2]));
+					else
+						createTiddlyText(place,value);
+					break;
+				}
+		}
+}
+
+config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	var field = params[0];
+	if((tiddler instanceof Tiddler) && field)
+		{
+		story.setDirty(tiddler.title,true);
+		if(field != "text")
+			{
+				var e = createTiddlyElement(null,"input");
+				if(tiddler.isReadOnly())
+					e.setAttribute("readOnly","readOnly");
+				e.setAttribute("edit",field);
+				e.setAttribute("type","text");
+				var v = store.getValue(tiddler,field);
+				if(!v) 
+					v = "";
+				e.value = v;
+				e.setAttribute("size","40");
+				e.setAttribute("autocomplete","off");
+				place.appendChild(e);
+			}
+		else
+			{
+				var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+				var wrapper2 = createTiddlyElement(wrapper1,"div");
+				var e = createTiddlyElement(wrapper2,"textarea");
+				if(tiddler.isReadOnly())
+					e.setAttribute("readOnly","readOnly");
+				var v = store.getValue(tiddler,field);
+				if(!v) 
+					v = "";
+				e.value = v;
+				var rows = 10;
+				var lines = v.match(/\n/mg);
+				var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+				if(lines != null && lines.length > rows)
+					rows = lines.length + 5;
+				rows = Math.min(rows,maxLines);
+				e.setAttribute("rows",rows);
+				e.setAttribute("edit",field);
+				place.appendChild(wrapper1);
+			}
+		}
+}
+
+config.macros.tagChooser.onClick = function(e)
+{
+	if(!e) var e = window.event;
+	var lingo = config.views.editor.tagChooser;
+	var popup = Popup.create(this);
+	var tags = store.getTags();
+	if(tags.length == 0)
+		createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+	for(var t=0; t<tags.length; t++)
+		{
+		var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+		theTag.setAttribute("tag",tags[t][0]);
+		theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+		}
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if(e.stopPropagation) e.stopPropagation();
+	return(false);
+}
+
+config.macros.tagChooser.onTagClick = function(e)
+{
+	if(!e) var e = window.event;
+	var tag = this.getAttribute("tag");
+	var title = this.getAttribute("tiddler");
+	if(!readOnly)
+		story.setTiddlerTag(title,tag,0);
+	return(false);
+}
+
+config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(tiddler instanceof Tiddler)
+		{
+		var title = tiddler.title;
+		var lingo = config.views.editor.tagChooser;
+		var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+		btn.setAttribute("tiddler", title);
+		}
+}
+
+// Create a toolbar command button
+// place - parent DOM element
+// command - reference to config.commands[] member -or- name of member
+// tiddler - reference to tiddler that toolbar applies to
+// theClass - the class to give the button
+config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
+{
+	if(typeof commandName != "string")
+		{
+		var c = null;
+		for(var t in config.commands)
+			if(config.commands[t] == commandName)
+				c = t;
+		commandName = c;
+		}
+	if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+		{
+		var title = tiddler.title;
+		var command = config.commands[commandName];
+		var ro = tiddler.isReadOnly();
+		var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+		var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+		var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+		if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+			{
+			var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+			btn.setAttribute("commandName", commandName);
+			btn.setAttribute("tiddler", title);
+			if(theClass)
+				addClass(btn,theClass);
+			place.appendChild(btn);
+			}
+		}
+}
+
+config.macros.toolbar.onClickCommand = function(e)
+{
+	if(!e) var e = window.event;
+	var command = config.commands[this.getAttribute("commandName")];
+	return command.handler(e,this,this.getAttribute("tiddler"));
+}
+
+// Invoke the first command encountered from a given place that is tagged with a specified class
+config.macros.toolbar.invokeCommand = function(place,theClass,event)
+{
+	var children = place.getElementsByTagName("a")
+	for(var t=0; t<children.length; t++)
+		{
+		var c = children[t];
+		if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+			{
+			if(c.onclick instanceof Function)
+				c.onclick.call(c,event);
+			break;
+			}
+		}
+}
+
+config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	for(var t=0; t<params.length; t++)
+		{
+		var c = params[t];
+		var theClass = "";
+		switch(c.substr(0,1))
+			{
+			case "+":
+				theClass = "defaultCommand";
+				c = c.substr(1);
+				break;
+			case "-":
+				theClass = "cancelCommand";
+				c = c.substr(1);
+				break;
+			}
+		if(c in config.commands)
+			this.createCommand(place,c,tiddler,theClass);
+		}
+}
+
+config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	var e = createTiddlyElement(place,"div");
+	e.setAttribute("refresh","macro");
+	e.setAttribute("macroName","plugins");
+	e.setAttribute("params",paramString);
+	this.refresh(e,paramString);
+}
+
+config.macros.plugins.refresh = function(place,params)
+{
+	var selectedRows = [];
+	ListView.forEachSelector(place,function(e,rowName) {
+			if(e.checked)
+				selectedRows.push(e.getAttribute("rowName"));
+		});
+	removeChildren(place);
+	params = params.parseParams("anon");
+	var plugins = installedPlugins.slice(0);
+	var t,tiddler,p;
+	var configTiddlers = store.getTaggedTiddlers("systemConfig");
+	for(t=0; t<configTiddlers.length; t++)
+		{
+		tiddler = configTiddlers[t];
+		if(plugins.findByField("title",tiddler.title) == null)
+			{
+			p = getPluginInfo(tiddler);
+			p.executed = false;
+			p.log.splice(0,0,this.skippedText);
+			plugins.push(p);
+			}
+		}
+	for(t=0; t<plugins.length; t++)
+		{
+		var p = plugins[t];
+		p.forced = p.tiddler.isTagged("systemConfigForce");
+		p.disabled = p.tiddler.isTagged("systemConfigDisable");
+		p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+		}
+	if(plugins.length == 0)
+		createTiddlyElement(place,"em",null,null,this.noPluginText);
+	else
+		ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+}
+
+config.macros.plugins.onSelectCommand = function(command,rowNames)
+{
+	var t;
+	switch(command)
+		{
+		case "remove":
+			for(t=0; t<rowNames.length; t++)
+				store.setTiddlerTag(rowNames[t],false,"systemConfig");
+			break;
+		case "delete":
+			if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+				{
+				for(t=0; t<rowNames.length; t++)
+					{
+					store.removeTiddler(rowNames[t]);
+					story.closeTiddler(rowNames[t],true,false);
+					}
+				}
+			break;
+		}
+	if(config.options.chkAutoSave)
+		saveChanges(true);
+}
+
+config.macros.refreshDisplay.handler = function(place)
+{
+	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.refreshDisplay.onClick = function(e)
+{
+	refreshAll();
+	return false;
+}
+
+config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+	if(readOnly)
+		{
+		createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+		return;
+		}
+	var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+	createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+	createTiddlyElement(importer,"h2",null,"step1",this.step1);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	createTiddlyText(step,this.step1prompt);
+	var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+	input.type = "text";
+	input.size = 50;
+	step.appendChild(input);
+	importer.inputBox = input;
+	createTiddlyElement(step,"br");
+	createTiddlyText(step,this.step1promptFile);
+	var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+	fileInput.type = "file";
+	fileInput.size = 50;
+	fileInput.onchange = this.onBrowseChange;
+	fileInput.onkeyup = this.onBrowseChange;
+	step.appendChild(fileInput);
+	createTiddlyElement(step,"br");
+	createTiddlyText(step,this.step1promptFeeds);
+	var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+	createTiddlyDropDown(step,this.onFeedChange,feeds);
+	createTiddlyElement(step,"br");
+	createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+        place.appendChild(importer);
+}
+
+config.macros.importTiddlers.getFeeds = function(feeds)
+{
+	var tagged = store.getTaggedTiddlers("contentPublisher","title");
+	for(var t=0; t<tagged.length; t++)
+		feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+	return feeds;
+}
+
+config.macros.importTiddlers.onFeedChange = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	importer.inputBox.value = this.value;
+	this.selectedIndex = 0;
+}
+
+config.macros.importTiddlers.onBrowseChange = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	importer.inputBox.value = "file://" + this.value;
+}
+
+config.macros.importTiddlers.onFetch = function(e)
+{
+	var importer = findRelated(this,"importTiddler","className","parentNode");
+	var url = importer.inputBox.value;
+	var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+	while(cutoff)
+		{
+		var temp = cutoff.nextSibling;
+		cutoff.parentNode.removeChild(cutoff);
+		cutoff = temp;
+		}
+	createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+	loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+}
+
+config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
+{
+	if(!status)
+		{
+		displayMessage(this.fetchError);
+		return;
+		}
+	var importer = params;
+	// Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//	var p = importer;
+//	while(p.parentNode)
+//		p = p.parentNode;
+//	if(!(p instanceof HTMLDocument))
+//		return;
+	// Crack out the content - (should be refactored)
+	var posOpeningDiv = responseText.indexOf(startSaveArea);
+	var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+	var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+	if((posOpeningDiv == -1) || (posClosingDiv == -1))
+		{
+		alert(config.messages.invalidFileError.format([url]));
+		return;
+		}
+	var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+	// Create the iframe
+	var iframe = document.createElement("iframe");
+	iframe.style.display = "none";
+	importer.insertBefore(iframe,importer.firstChild);
+	var doc = iframe.document;
+	if(iframe.contentDocument)
+		doc = iframe.contentDocument; // For NS6
+	else if(iframe.contentWindow)
+		doc = iframe.contentWindow.document; // For IE5.5 and IE6
+	// Put the content in the iframe
+	doc.open();
+	doc.writeln(content);
+	doc.close();
+	// Load the content into a TiddlyWiki() object
+	var storeArea = doc.getElementById("storeArea");
+	var importStore = new TiddlyWiki();
+	importStore.loadFromDiv(storeArea,"store");
+	// Get rid of the iframe
+	iframe.parentNode.removeChild(iframe);
+	// Extract data for the listview
+	var tiddlers = [];
+	importStore.forEachTiddler(function(title,tiddler)
+		{
+		var t = {};
+		t.title = title;
+		t.modified = tiddler.modified;
+		t.modifier = tiddler.modifier;
+		t.text = tiddler.text.substr(0,50);
+		t.tags = tiddler.tags;
+		tiddlers.push(t);
+		});
+	// Display the listview
+	createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+	// Save the importer
+	importer.store = importStore;
+}
+
+config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
+{
+	var importer = findRelated(listView,"importTiddler","className","parentNode");
+	switch(command)
+		{
+		case "import":
+			config.macros.importTiddlers.doImport(importer,rowNames);
+			break;
+		}
+	if(config.options.chkAutoSave)
+		saveChanges(true);
+}
+
+config.macros.importTiddlers.doImport = function(importer,rowNames)
+{
+	var theStore = importer.store;
+	var overwrite = new Array();
+	var t;
+	for(t=0; t<rowNames.length; t++)
+		{
+		if(store.tiddlerExists(rowNames[t]))
+			overwrite.push(rowNames[t]);
+	}
+	if(overwrite.length > 0)
+		if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+			return;
+	for(t=0; t<rowNames.length; t++)
+		{
+		var inbound = theStore.fetchTiddler(rowNames[t]);
+		store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+		store.fetchTiddler(inbound.title).created = inbound.created;
+		store.notify(rowNames[t],false);
+		}
+	store.notifyAll();
+	store.setDirty(true);
+	createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+	var step = createTiddlyElement(importer,"div",null,"wizardStep");
+	for(t=0; t<rowNames.length; t++)
+		{
+		createTiddlyLink(step,rowNames[t],true);
+		createTiddlyElement(step,"br");
+		}
+	createTiddlyElement(importer,"h2",null,"step5",this.step5);
+}
+// ---------------------------------------------------------------------------------
+// Menu and toolbar commands
+// ---------------------------------------------------------------------------------
+
+config.commands.closeTiddler.handler = function(event,src,title)
+{
+	story.closeTiddler(title,true,event.shiftKey || event.altKey);
+	return false;
+}
+
+config.commands.closeOthers.handler = function(event,src,title)
+{
+	story.closeAllTiddlers(title);
+	return false;
+}
+
+config.commands.editTiddler.handler = function(event,src,title)
+{
+	clearMessage();
+	story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+	story.focusTiddler(title,"text");
+	return false;
+}
+
+config.commands.saveTiddler.handler = function(event,src,title)
+{
+	var newTitle = story.saveTiddler(title,event.shiftKey);
+	if(newTitle)
+	   story.displayTiddler(null,newTitle);
+	return false;
+}
+
+config.commands.cancelTiddler.handler = function(event,src,title)
+{
+	if(story.hasChanges(title) && !readOnly)
+		if(!confirm(this.warning.format([title])))
+			return false;
+	story.setDirty(title,false);
+	story.displayTiddler(null,title);
+	return false;
+}
+
+config.commands.deleteTiddler.handler = function(event,src,title)
+{
+	var deleteIt = true;
+	if (config.options.chkConfirmDelete)
+		deleteIt = confirm(this.warning.format([title]));
+	if (deleteIt)
+		{
+		store.removeTiddler(title);
+		story.closeTiddler(title,true,event.shiftKey || event.altKey);
+		if(config.options.chkAutoSave)
+			saveChanges();
+		}
+	return false;
+}
+
+config.commands.permalink.handler = function(event,src,title)
+{
+	var t = encodeURIComponent(String.encodeTiddlyLink(title));
+	if(window.location.hash != t)
+		window.location.hash = t;
+	return false;
+}
+
+config.commands.references.handler = function(event,src,title)
+{
+	var popup = Popup.create(src);
+	if(popup)
+		{
+		var references = store.getReferringTiddlers(title);
+		var c = false;
+		for(var r=0; r<references.length; r++)
+			if(references[r].title != title && !references[r].isTagged("excludeLists"))
+				{
+				createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+				c = true;
+				}
+		if(!c)
+			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+		}
+	Popup.show(popup,false);
+	event.cancelBubble = true;
+	if (event.stopPropagation) event.stopPropagation();
+	return false;
+}
+
+config.commands.jump.handler = function(event,src,title)
+{
+	var popup = Popup.create(src);
+	if(popup)
+		{
+		story.forEachTiddler(function(title,element) {
+			createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+			});
+		}
+	Popup.show(popup,false);
+	event.cancelBubble = true;
+	if (event.stopPropagation) event.stopPropagation();
+	return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Tiddler() object
+// ---------------------------------------------------------------------------------
+
+function Tiddler()
+{
+	this.title = null;
+	this.text = null;
+	this.modifier = null;
+	this.modified = new Date();
+	this.created = new Date();
+	this.links = [];
+	this.linksUpdated = false;
+	this.tags = [];
+	return this;
+}
+
+Tiddler.prototype.getLinks = function()
+{
+	if(this.linksUpdated==false)
+		this.changed();
+	return this.links;
+}
+
+// Format the text for storage in an RSS item
+Tiddler.prototype.saveToRss = function(url)
+{
+	var s = [];
+	s.push("<item>");
+	s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+	s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+	for(var t=0; t<this.tags.length; t++)
+		s.push("<category>" + this.tags[t] + "</category>");
+	s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+	s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+	s.push("</item>");
+	return(s.join("\n"));
+}
+
+// Change the text and other attributes of a tiddler
+Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
+{
+	this.assign(title,text,modifier,modified,tags,created,fields);
+	this.changed();
+	return this;
+}
+
+// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
+Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
+{
+	if(title != undefined)
+		this.title = title;
+	if(text != undefined)
+		this.text = text;
+	if(modifier != undefined)
+		this.modifier = modifier;
+	if(modified != undefined)
+		this.modified = modified;
+	if(created != undefined)
+		this.created = created;
+	if(fields != undefined)
+		this.fields = fields;
+	if(tags != undefined)
+		this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+	else if(this.tags == undefined)
+		this.tags = [];
+	return this;
+}
+
+// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
+Tiddler.prototype.getTags = function()
+{
+	return String.encodeTiddlyLinkList(this.tags);
+}
+
+// Test if a tiddler carries a tag
+Tiddler.prototype.isTagged = function(tag)
+{
+	return this.tags.indexOf(tag) != -1;
+}
+
+// Static method to convert "\n" to newlines, "\s" to "\"
+Tiddler.unescapeLineBreaks = function(text)
+{
+	return text ? text.unescapeLineBreaks() : "";
+}
+
+// Convert newlines to "\n", "\" to "\s"
+Tiddler.prototype.escapeLineBreaks = function()
+{
+	return this.text.escapeLineBreaks();
+}
+
+// Updates the secondary information (like links[] array) after a change to a tiddler
+Tiddler.prototype.changed = function()
+{
+	this.links = [];
+	var t = this.autoLinkWikiWords() ? 0 : 1;
+	var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+	tiddlerLinkRegExp.lastIndex = 0;
+	var formatMatch = tiddlerLinkRegExp.exec(this.text);
+	while(formatMatch)
+		{
+		if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+			{
+			if(formatMatch.index > 0)
+				{
+				var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+				preRegExp.lastIndex = formatMatch.index-1;
+				var preMatch = preRegExp.exec(this.text);
+				if(preMatch.index != formatMatch.index-1)
+					this.links.pushUnique(formatMatch[1]);
+				}
+			else
+				this.links.pushUnique(formatMatch[1]);
+			}
+		else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+			this.links.pushUnique(formatMatch[3-t]);
+		else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+			this.links.pushUnique(formatMatch[4-t]);
+		// Do not add link if match urlPattern (formatMatch[5-t])
+		formatMatch = tiddlerLinkRegExp.exec(this.text);
+		}
+	this.linksUpdated = true;
+	return;
+}
+
+Tiddler.prototype.getSubtitle = function()
+{
+	var theModifier = this.modifier;
+	if(!theModifier)
+		theModifier = config.messages.subtitleUnknown;
+	var theModified = this.modified;
+	if(theModified)
+		theModified = theModified.toLocaleString();
+	else
+		theModified = config.messages.subtitleUnknown;
+	return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+}
+
+Tiddler.prototype.isReadOnly = function()
+{
+	return readOnly;
+}
+
+Tiddler.prototype.autoLinkWikiWords = function()
+{
+	return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+}
+
+Tiddler.prototype.generateFingerprint = function()
+{
+	return "0x" + Crypto.hexSha1Str(this.text);
+}
+
+// ---------------------------------------------------------------------------------
+// TiddlyWiki() object contains Tiddler()s
+// ---------------------------------------------------------------------------------
+
+function TiddlyWiki()
+{
+	var tiddlers = {}; // Hashmap by name of tiddlers
+	this.tiddlersUpdated = false;
+	this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+	this.notificationLevel = 0;
+	this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+	this.clear = function() {
+		tiddlers = {};
+		this.setDirty(false);
+		};
+	this.fetchTiddler = function(title) {
+		return tiddlers[title];
+		};
+	this.deleteTiddler = function(title) {
+		delete this.slices[title];
+		delete tiddlers[title];
+		};
+	this.addTiddler = function(tiddler) {
+		delete this.slices[tiddler.title];
+		tiddlers[tiddler.title] = tiddler;
+		};
+	this.forEachTiddler = function(callback) {
+		for(var t in tiddlers)
+			{
+			var tiddler = tiddlers[t];
+			if(tiddler instanceof Tiddler)
+				callback.call(this,t,tiddler);
+			}
+		};
+}
+
+// Set the dirty flag
+TiddlyWiki.prototype.setDirty = function(dirty)
+{
+	this.dirty = dirty;
+}
+
+TiddlyWiki.prototype.isDirty = function()
+{
+	return this.dirty;
+}
+
+TiddlyWiki.prototype.suspendNotifications = function()
+{
+	this.notificationLevel--;
+}
+
+TiddlyWiki.prototype.resumeNotifications = function()
+{
+	this.notificationLevel++;
+}
+
+// Invoke the notification handlers for a particular tiddler
+TiddlyWiki.prototype.notify = function(title,doBlanket)
+{
+	if(!this.notificationLevel)
+		for(var t=0; t<this.namedNotifications.length; t++)
+			{
+			var n = this.namedNotifications[t];
+			if((n.name == null && doBlanket) || (n.name == title))
+				n.notify(title);
+			}
+}
+
+// Invoke the notification handlers for all tiddlers
+TiddlyWiki.prototype.notifyAll = function()
+{
+	if(!this.notificationLevel)
+		for(var t=0; t<this.namedNotifications.length; t++)
+			{
+			var n = this.namedNotifications[t];
+			if(n.name)
+				n.notify(n.name);
+			}
+}
+
+// Add a notification handler to a tiddler
+TiddlyWiki.prototype.addNotification = function(title,fn)
+{
+	for (var i=0; i<this.namedNotifications.length; i++)
+		if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+			return this;
+	this.namedNotifications.push({name: title, notify: fn});
+	return this;
+}
+
+TiddlyWiki.prototype.removeTiddler = function(title)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		{
+		this.deleteTiddler(title);
+		this.notify(title,true);
+		this.setDirty(true);
+		}
+}
+
+TiddlyWiki.prototype.tiddlerExists = function(title)
+{
+	var t = this.fetchTiddler(title);
+	return (t != undefined);
+}
+
+TiddlyWiki.prototype.isShadowTiddler = function(title)
+{
+	return typeof config.shadowTiddlers[title] == "string";
+}
+
+TiddlyWiki.prototype.getTiddler = function(title)
+{
+	var t = this.fetchTiddler(title);
+	if(t != undefined)
+		return t;
+	else
+		return null;
+}
+
+TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		return tiddler.text;
+	if(!title)
+		return defaultText;
+	var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+	if(pos != -1)
+		{
+		var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+		if(slice)
+			return slice;
+		}
+	if(this.isShadowTiddler(title))
+		return config.shadowTiddlers[title];
+	if(defaultText != undefined)
+		return defaultText;
+	return null;
+}
+
+TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
+
+// @internal
+TiddlyWiki.prototype.calcAllSlices = function(title) 
+{
+	var slices = {};
+	var text = this.getTiddlerText(title,"");
+	this.slicesRE.lastIndex = 0;
+	do 
+		{
+			var m = this.slicesRE.exec(text);
+			if (m) 
+				{
+					if (m[1])
+						slices[m[1]] = m[2];
+					else
+						slices[m[3]] = m[4];
+				}
+		}
+	while(m);
+	return slices;
+}
+
+// Returns the slice of text of the given name
+//#
+//# A text slice is a substring in the tiddler's text that is defined
+//# either like this
+//#    aName:  textSlice
+//# or
+//#    |aName:| textSlice |
+//# or
+//#    |aName| textSlice |
+//#
+//# In the text the name (or name:) may be decorated with '' or //. I.e.
+//# this would also a possible text slice:
+//#
+//#    |''aName:''| textSlice |
+//#
+//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
+//# @return [may be undefined] the (trimmed) text of the specified slice.
+TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
+{
+	var slices = this.slices[title];
+	if (!slices) {
+		slices = this.calcAllSlices(title);
+		this.slices[title] = slices;
+	}
+	return slices[sliceName];
+}
+
+// Build an hashmap of the specified named slices of a tiddler
+TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
+{
+	var r = {};
+	for(var t=0; t<sliceNames.length; t++)
+		{
+		var slice = this.getTiddlerSlice(title,sliceNames[t]);
+		if(slice)
+			r[sliceNames[t]] = slice;
+		}
+	return r;
+}
+
+TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
+{
+	var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+	var text = this.getTiddlerText(title,null);
+	if(text == null)
+		return defaultText;
+	var textOut = [];
+	var lastPos = 0;
+	do {
+		var match = bracketRegExp.exec(text);
+		if(match)
+			{
+			textOut.push(text.substr(lastPos,match.index-lastPos));
+			if(match[1])
+				{
+				if(depth <= 0)
+					textOut.push(match[1]);
+				else
+					textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+				}
+			lastPos = match.index + match[0].length;
+			}
+		else
+			textOut.push(text.substr(lastPos));
+	} while(match);
+	return(textOut.join(""));
+}
+
+TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(tiddler)
+		{
+		var t = tiddler.tags.indexOf(tag);
+		if(t != -1)
+			tiddler.tags.splice(t,1);
+		if(status)
+			tiddler.tags.push(tag);
+		tiddler.changed();
+		this.notify(title,true);
+		this.setDirty(true);
+		}
+}
+
+TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
+{
+	var tiddler = this.fetchTiddler(title);
+	var created;
+	if(tiddler)
+		{
+		created = tiddler.created; // Preserve created date
+		this.deleteTiddler(title);
+		}
+	else
+		{
+		tiddler = new Tiddler();
+		created = modified;
+		}
+	tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+	this.addTiddler(tiddler);
+	if(title != newTitle)
+		this.notify(title,true);
+	this.notify(newTitle,true);
+	this.setDirty(true);
+	return tiddler;
+}
+
+TiddlyWiki.prototype.createTiddler = function(title)
+{
+	var tiddler = this.fetchTiddler(title);
+	if(!tiddler)
+		{
+		tiddler = new Tiddler();
+		tiddler.title = title;
+		this.addTiddler(tiddler);
+		this.setDirty(true);
+		}
+	return tiddler;
+}
+
+// Load contents of a tiddlywiki from an HTML DIV
+TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
+{
+	this.idPrefix = idPrefix;
+	var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+	var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+	this.setDirty(false);
+	if(!noUpdate)
+		{
+		for(var i = 0;i<tiddlers.length; i++)
+			tiddlers[i].changed();
+		}
+}
+
+TiddlyWiki.prototype.updateTiddlers = function()
+{
+	this.tiddlersUpdated = true;
+	this.forEachTiddler(function(title,tiddler) {
+		tiddler.changed();
+		});
+}
+
+// Return all tiddlers formatted as an HTML string
+TiddlyWiki.prototype.allTiddlersAsHtml = function()
+{
+	return store.getSaver().externalize(store);
+}
+
+// Return an array of tiddlers matching a search regular expression
+TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
+{
+	var candidates = this.reverseLookup("tags",excludeTag,false);
+	var results = [];
+	for(var t=0; t<candidates.length; t++)
+		{
+		if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+			results.push(candidates[t]);
+		}
+	if(!sortField)
+		sortField = "title";
+	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+	return results;
+}
+
+// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
+TiddlyWiki.prototype.getTags = function()
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		for(var g=0; g<tiddler.tags.length; g++)
+			{
+			var tag = tiddler.tags[g];
+			var f = false;
+			for(var c=0; c<results.length; c++)
+				if(results[c][0] == tag)
+					{
+					f = true;
+					results[c][1]++;
+					}
+			if(!f)
+				results.push([tag,1]);
+			}
+		});
+	results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+	return results;
+}
+
+// Return an array of the tiddlers that are tagged with a given tag
+TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
+{
+	return this.reverseLookup("tags",tag,true,sortField);
+}
+
+// Return an array of the tiddlers that link to a given tiddler
+TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
+{
+	if(!this.tiddlersUpdated)
+		this.updateTiddlers();
+	return this.reverseLookup("links",title,true,sortField);
+}
+
+// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
+// lookupMatch == true to match tiddlers, false to exclude tiddlers
+TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		var f = !lookupMatch;
+		for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+			if(tiddler[lookupField][lookup] == lookupValue)
+				f = lookupMatch;
+		if(f)
+			results.push(tiddler);
+		});
+	if(!sortField)
+		sortField = "title";
+	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+	return results;
+}
+
+// Return the tiddlers as a sorted array
+TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
+{
+	var results = [];
+	this.forEachTiddler(function(title,tiddler) {
+		if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+			results.push(tiddler);
+		});
+	if(field)
+		results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+	return results;
+}
+
+// Return array of names of tiddlers that are referred to but not defined
+TiddlyWiki.prototype.getMissingLinks = function(sortField)
+{
+	if(!this.tiddlersUpdated)
+		this.updateTiddlers();
+	var results = [];
+	this.forEachTiddler(function (title,tiddler) {
+		for(var n=0; n<tiddler.links.length;n++)
+			{
+			var link = tiddler.links[n];
+			if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+				results.pushUnique(link);
+			}
+		});
+	results.sort();
+	return results;
+}
+
+// Return an array of names of tiddlers that are defined but not referred to
+TiddlyWiki.prototype.getOrphans = function()
+{
+	var results = [];
+	this.forEachTiddler(function (title,tiddler) {
+		if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+			results.push(title);
+		});
+	results.sort();
+	return results;
+}
+
+// Return an array of names of all the shadow tiddlers
+TiddlyWiki.prototype.getShadowed = function()
+{
+	var results = [];
+	for(var t in config.shadowTiddlers)
+		if(typeof config.shadowTiddlers[t] == "string")
+			results.push(t);
+	results.sort();
+	return results;
+}
+
+// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
+TiddlyWiki.prototype.resolveTiddler = function(tiddler) 
+{
+	var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+	return t instanceof Tiddler ? t : null;
+}
+
+TiddlyWiki.prototype.getLoader = function() 
+{
+	if (!this.loader) 
+		this.loader = new TW21Loader();
+	return this.loader;
+}
+ 
+TiddlyWiki.prototype.getSaver = function() 
+{
+	if (!this.saver) 
+		this.saver = new TW21Saver();
+	return this.saver;
+}
+
+// Returns true if path is a valid field name (path),
+// i.e. a sequence of identifiers, separated by '.'
+TiddlyWiki.isValidFieldName = function (name) {
+	var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+	return match && (match[0] == name);
+}
+
+// Throws an exception when name is not a valid field name.
+TiddlyWiki.checkFieldName = function(name) {
+	if (!TiddlyWiki.isValidFieldName(name))
+		throw config.messages.invalidFieldName.format([name]);
+}
+
+function StringFieldAccess(n, readOnly) {
+	this.set = readOnly 
+		? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+		: function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+	this.get = function(t) {return t[n];};
+}
+
+function DateFieldAccess(n) {
+	this.set = function(t,v) {
+			var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v); 
+			if (d != t[n]) {
+				t[n] = d; return true;
+			}
+		};
+	this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+}
+
+function LinksFieldAccess(n) {
+	this.set = function(t,v) {
+			var s = (typeof v == "string") ? v.readBracketedList() : v; 
+			if (s.toString() != t[n].toString()) {
+				t[n] = s; return true;
+			}
+		};
+	this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+}
+
+TiddlyWiki.standardFieldAccess = {
+	// The set functions return true when setting the data has changed the value.
+	
+	"title":    new StringFieldAccess("title", true),
+	// Handle the "tiddler" field name as the title
+	"tiddler":  new StringFieldAccess("title", true),
+	
+	"text":     new StringFieldAccess("text"),
+	"modifier": new StringFieldAccess("modifier"),
+	"modified": new DateFieldAccess("modified"),
+	"created":  new DateFieldAccess("created"),
+	"tags":     new LinksFieldAccess("tags")
+};
+
+TiddlyWiki.isStandardField = function(name) {
+	return TiddlyWiki.standardFieldAccess[name] != undefined;
+}
+
+// Sets the value of the given field of the tiddler to the value. 
+// Setting an ExtendedField's value to null or undefined removes the field. 
+// Setting a namespace to undefined removes all fields of that namespace.
+// The fieldName is case-insensitive.
+// All values will be converted to a string value.
+TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
+	TiddlyWiki.checkFieldName(fieldName);
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return;
+		
+	fieldName = fieldName.toLowerCase();
+
+	var isRemove = (value === undefined) || (value === null);
+
+	if (!t.fields) 
+		t.fields = {};
+		
+	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+	if (accessor) {
+		if (isRemove)
+			// don't remove StandardFields
+			return;
+		var h = TiddlyWiki.standardFieldAccess[fieldName];
+		if (!h.set(t, value))
+			return;
+
+	} else {
+		var oldValue = t.fields[fieldName];
+		
+		if (isRemove) {
+			if (oldValue !== undefined) {
+				// deletes a single field
+				delete t.fields[fieldName];
+			} else {
+				// no concrete value is defined for the fieldName
+				// so we guess this is a namespace path.
+				
+				// delete all fields in a namespace
+				var re = new RegExp('^'+fieldName+'\\.');
+				var dirty = false;
+				for (var n in t.fields) {
+					if (n.match(re)) {
+						delete t.fields[n];
+						dirty = true;
+					}
+				}
+				if (!dirty)
+					return
+			}
+				
+		} else {
+			// the "normal" set case. value is defined (not null/undefined)
+			// For convenience provide a nicer conversion Date->String
+ 			value = value instanceof Date 
+				? value.convertToYYYYMMDDHHMMSSMMM() 
+				: String(value);
+			if (oldValue == value) 
+				return;
+			t.fields[fieldName] = value;
+		}
+	}
+	
+	// When we are here the tiddler/store really was changed.
+	this.notify(t.title,true);
+	if (!fieldName.match(/^temp\./))
+		this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler. 
+// The fieldName is case-insensitive.
+// Will only return String values (or undefined).
+TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return undefined;
+
+	fieldName = fieldName.toLowerCase();
+
+	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+	if (accessor) {
+		return accessor.get(t);
+	}
+	
+	return t.fields ? t.fields[fieldName] : undefined;
+}
+
+// Calls the callback function for every field in the tiddler.
+//
+// When callback function returns a non-false value the iteration stops 
+// and that value is returned. 
+//
+// The order of the fields is not defined.
+// 
+// @param callback a function(tiddler, fieldName, value). 
+// 
+TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
+	var t = this.resolveTiddler(tiddler);
+	if (!t)
+		return undefined;
+	
+	if (t.fields) {
+		for (var n in t.fields) {
+			var result = callback(t, n, t.fields[n]);
+			if (result)
+				return result;
+		}
+	}
+	
+	if (onlyExtendedFields)
+		return undefined;
+
+	for (var n in TiddlyWiki.standardFieldAccess) {
+		if (n == "tiddler")
+			// even though the "title" field can also be referenced through the name "tiddler"
+			// we only visit this field once.
+			continue;
+			
+		var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+		if (result)
+			return result;
+	}
+
+	return undefined;
+};
+// ---------------------------------------------------------------------------------
+// Story functions
+// ---------------------------------------------------------------------------------
+
+// A story is a HTML div containing a sequence of tiddlers that can be manipulated
+// container - id of containing element
+// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
+function Story(container,idPrefix)
+{
+	this.container = container;
+	this.idPrefix = idPrefix;
+	this.highlightRegExp = null;
+}
+
+// Iterate through all the tiddlers in a story
+// fn - callback function to be called for each tiddler. Arguments are:
+//		tiddler - reference to Tiddler object
+//		element - reference to tiddler display element
+Story.prototype.forEachTiddler = function(fn)
+{
+	var place = document.getElementById(this.container);
+	if(!place)
+		return;
+	var e = place.firstChild;
+	while(e)
+		{
+		var n = e.nextSibling;
+		var title = e.getAttribute("tiddler");
+		fn.call(this,title,e);
+		e = n;
+		}
+}
+
+// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
+// titles - array of string titles
+Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
+{
+	for(var t = titles.length-1;t>=0;t--)
+		this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+}
+
+// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
+// template, it is switched to the specified template
+// srcElement - reference to element from which this one is being opened -or-
+//              special positions "top", "bottom"
+// title - title of tiddler to display
+// template - the name of the tiddler containing the template -or-
+//			  one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//			  null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
+{
+	var place = document.getElementById(this.container);
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem)
+		this.refreshTiddler(title,template);
+	else
+		{
+		var before = this.positionTiddler(srcElement);
+		tiddlerElem = this.createTiddler(place,before,title,template);
+		}
+	if(srcElement && typeof srcElement !== "string")
+		{
+		if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+			anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+		else
+			window.scrollTo(0,ensureVisible(tiddlerElem));
+		}
+}
+
+// Figure out the appropriate position for a newly opened tiddler
+// srcElement - reference to the element containing the link to the tiddler -or-
+//              special positions "top", "bottom"
+// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
+Story.prototype.positionTiddler = function(srcElement)
+{
+	var place = document.getElementById(this.container);
+	var before;
+	if(typeof srcElement == "string")
+		{
+		switch(srcElement)
+			{
+			case "top":
+				before = place.firstChild;
+				break;
+			case "bottom":
+				before = null;
+				break;
+			}
+		}
+	else
+		{
+		var after = this.findContainingTiddler(srcElement);
+		if(after == null)
+			before = place.firstChild;
+		else if(after.nextSibling)
+			before = after.nextSibling;
+		else
+			before = null;
+		}
+	return before;
+}
+
+// Create a tiddler frame at the appropriate place in a story column
+// place - reference to parent element
+// before - null, or reference to element before which to insert new tiddler
+// title - title of new tiddler
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+Story.prototype.createTiddler = function(place,before,title,template)
+{
+	var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+	tiddlerElem.setAttribute("refresh","tiddler");
+	place.insertBefore(tiddlerElem,before);
+	this.refreshTiddler(title,template);
+	return tiddlerElem;
+}
+
+// Overridable for choosing the name of the template to apply for a tiddler
+Story.prototype.chooseTemplateForTiddler = function(title,template)
+{
+	if(!template)
+		template = DEFAULT_VIEW_TEMPLATE;
+	if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+		template = config.tiddlerTemplates[template];
+	return template;
+}
+
+// Overridable for extracting the text of a template from a tiddler
+Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
+{
+	return store.getRecursiveTiddlerText(template,null,10);
+}
+
+// Apply a template to an existing tiddler if it is not already displayed using that template
+// title - title of tiddler to update
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+// force - if true, forces the refresh even if the template hasn't changedd
+Story.prototype.refreshTiddler = function(title,template,force)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem)
+		{
+		if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+			return tiddlerElem;
+		template = this.chooseTemplateForTiddler(title,template);
+		var currTemplate = tiddlerElem.getAttribute("template");
+		if((template != currTemplate) || force)
+			{
+			var tiddler = store.getTiddler(title);
+			if(!tiddler)
+				{
+				tiddler = new Tiddler();
+				if(store.isShadowTiddler(title))
+					tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+				else
+					{
+					var text = template=="EditTemplate"
+								? config.views.editor.defaultText.format([title])
+								: config.views.wikified.defaultText.format([title]);
+					tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+					}
+				}
+			tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+			tiddlerElem.setAttribute("tiddler",title);
+			tiddlerElem.setAttribute("template",template);
+			var me = this;
+			tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+			tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+			tiddlerElem.ondblclick = this.onTiddlerDblClick;
+			tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+			var html = this.getTemplateForTiddler(title,template,tiddler);
+			tiddlerElem.innerHTML = html;
+			applyHtmlMacros(tiddlerElem,tiddler);
+			if(store.getTaggedTiddlers(title).length > 0)
+				addClass(tiddlerElem,"isTag");
+			else
+				removeClass(tiddlerElem,"isTag");
+			if(!store.tiddlerExists(title))
+				{
+				if(store.isShadowTiddler(title))
+					addClass(tiddlerElem,"shadow");
+				else
+					addClass(tiddlerElem,"missing");
+				}
+			else
+				{
+				removeClass(tiddlerElem,"shadow");
+				removeClass(tiddlerElem,"missing");
+				}
+			}
+		}
+	return tiddlerElem;
+}
+
+// Refresh all tiddlers in the Story
+Story.prototype.refreshAllTiddlers = function() 
+{
+	var place = document.getElementById(this.container);
+	var e = place.firstChild;
+	if(!e)
+		return;
+	this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+	while((e = e.nextSibling) != null) 
+		this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+}
+
+// Default tiddler onmouseover/out event handlers
+Story.prototype.onTiddlerMouseOver = function(e)
+{
+	if(window.addClass instanceof Function)
+		addClass(this,"selected");
+}
+
+Story.prototype.onTiddlerMouseOut = function(e)
+{
+	if(window.removeClass instanceof Function)
+		removeClass(this,"selected");
+}
+
+// Default tiddler ondblclick event handler
+Story.prototype.onTiddlerDblClick = function(e)
+{
+	if(!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+		{
+		if(document.selection && document.selection.empty)
+			document.selection.empty();
+		config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+		e.cancelBubble = true;
+		if (e.stopPropagation) e.stopPropagation();
+		return true;
+		}
+	else
+		return false;
+}
+
+Story.prototype.onTiddlerKeyPress = function(e)
+{
+	if(!e) var e = window.event;
+	clearMessage();
+	var consume = false; 
+	var title = this.getAttribute("tiddler");
+	var target = resolveTarget(e);
+	switch(e.keyCode)
+		{
+		case 9: // Tab
+			if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+				{
+				replaceSelection(target,String.fromCharCode(9));
+				consume = true; 
+				}
+			if(config.isOpera)
+				{
+				target.onblur = function()
+					{
+					this.focus();
+					this.onblur = null;
+					}
+				}
+			break;
+		case 13: // Ctrl-Enter
+		case 10: // Ctrl-Enter on IE PC
+		case 77: // Ctrl-Enter is "M" on some platforms
+			if(e.ctrlKey)
+				{
+				blurElement(this);
+				config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+				consume = true;
+				}
+			break; 
+		case 27: // Escape
+			blurElement(this);
+			config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+			consume = true;
+			break;
+		}
+	e.cancelBubble = consume;
+	if(consume)
+		{
+		if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+		e.returnValue = true; // Cancel The Event in IE
+		if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+		}
+	return(!consume);
+};
+
+// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
+// or null if it found no edit field at all
+Story.prototype.getTiddlerField = function(title,field)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	var e = null;
+	if(tiddlerElem != null)
+		{
+		var children = tiddlerElem.getElementsByTagName("*");
+		for (var t=0; t<children.length; t++)
+			{
+			var c = children[t];
+			if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+				{
+				if(!e)
+					e = c;
+				if(c.getAttribute("edit") == field)
+					e = c;
+				}
+			}
+		}
+	return e;
+}
+
+// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
+Story.prototype.focusTiddler = function(title,field)
+{
+	var e = this.getTiddlerField(title,field);
+	if(e)
+		{
+		e.focus();
+		e.select();
+		}
+}
+
+// Ensures that a specified tiddler does not have the focus
+Story.prototype.blurTiddler = function(title)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+		{
+		tiddlerElem.focus();
+		tiddlerElem.blur();
+		}
+}
+
+// Adds a specified value to the edit controls (if any) of a particular
+// array-formatted field of a particular tiddler (eg "tags")
+//  title - name of tiddler
+//  tag - value of field, without any [[brackets]]
+//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
+//  field - name of field (eg "tags")
+Story.prototype.setTiddlerField = function(title,tag,mode,field)
+{
+	var c = story.getTiddlerField(title,field);
+
+	var tags = c.value.readBracketedList();
+	tags.setItem(tag,mode);
+	c.value = String.encodeTiddlyLinkList(tags);
+}
+
+// The same as setTiddlerField but preset to the "tags" field
+Story.prototype.setTiddlerTag = function(title,tag,mode)
+{
+	Story.prototype.setTiddlerField(title,tag,mode,"tags");
+}
+
+// Close a specified tiddler
+// title - name of tiddler to close
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.closeTiddler = function(title,animate,slowly)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		{
+		clearMessage();
+		this.scrubTiddler(tiddlerElem);
+		if(anim && config.options.chkAnimate && animate)
+			anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+		else
+			tiddlerElem.parentNode.removeChild(tiddlerElem);
+		}
+}
+
+// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
+// does not interfere with things
+// tiddler - reference to the tiddler element
+Story.prototype.scrubTiddler = function(tiddlerElem)
+{
+	tiddlerElem.id = null;
+}
+
+// Set the 'dirty' flag of a tiddler
+// title - title of tiddler to change
+// dirty - new boolean status of flag
+Story.prototype.setDirty = function(title,dirty)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+}
+
+// Is a particular tiddler dirty (with unsaved changes)?
+Story.prototype.isDirty = function(title)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		return tiddlerElem.getAttribute("dirty") == "true";
+	return null;
+}
+
+// Determine whether any open tiddler are dirty
+Story.prototype.areAnyDirty = function()
+{
+	var r = false;
+	this.forEachTiddler(function(title,element) {
+		if(this.isDirty(title))
+			r = true;
+		});
+	return r;
+}
+
+// Close all tiddlers in the story
+Story.prototype.closeAllTiddlers = function(exclude)
+{
+	clearMessage();
+	this.forEachTiddler(function(title,element) {
+		if((title != exclude) && element.getAttribute("dirty") != "true")
+			this.closeTiddler(title);
+		});
+	window.scrollTo(0,0);
+}
+
+// Check if there are any tiddlers in the story
+Story.prototype.isEmpty = function()
+{
+	var place = document.getElementById(this.container);
+	return(place && place.firstChild == null);
+}
+
+// Perform a search and display the result
+// text - text to search for
+// useCaseSensitive - true for case sensitive matching
+// useRegExp - true to interpret text as a RegExp
+Story.prototype.search = function(text,useCaseSensitive,useRegExp)
+{
+	this.closeAllTiddlers();
+	highlightHack = new RegExp(useRegExp ?	 text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+	var matches = store.search(highlightHack,"title","excludeSearch");
+	var titles = [];
+	for(var t=matches.length-1; t>=0; t--)
+		titles.push(matches[t].title);
+	this.displayTiddlers(null,titles);
+	highlightHack = null;
+	var q = useRegExp ? "/" : "'";
+	if(matches.length > 0)
+		displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+	else
+		displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+}
+
+// Determine if the specified element is within a tiddler in this story
+// e - reference to an element
+// returns: reference to a tiddler element or null if none
+Story.prototype.findContainingTiddler = function(e)
+{
+	while(e && !hasClass(e,"tiddler"))
+		e = e.parentNode;
+	return(e);
+}
+
+// Gather any saveable fields from a tiddler element
+// e - reference to an element to scan recursively
+// fields - object to contain gathered field values
+Story.prototype.gatherSaveFields = function(e,fields)
+{
+	if(e && e.getAttribute)
+		{
+		var f = e.getAttribute("edit");
+		if(f)
+			fields[f] = e.value.replace(/\r/mg,"");;
+		if(e.hasChildNodes())
+			{
+			var c = e.childNodes;
+			for(var t=0; t<c.length; t++)
+				this.gatherSaveFields(c[t],fields)
+			}
+		}
+}
+
+// Determine whether a tiddler has any edit fields, and if so if their values have been changed
+// title - name of tiddler
+Story.prototype.hasChanges = function(title)
+{
+	var e = document.getElementById(this.idPrefix + title);
+	if(e != null)
+		{
+		var fields = {};
+		this.gatherSaveFields(e,fields);
+		var tiddler = store.fetchTiddler(title);
+		if (!tiddler)
+			return false;
+		for(var n in fields)
+			if (store.getValue(title,n) != fields[n])
+				return true;
+		}
+	return false;
+}
+
+// Save any open edit fields of a tiddler and updates the display as necessary
+// title - name of tiddler
+// minorUpdate - true if the modified date shouldn't be updated
+// returns: title of saved tiddler, or null if not saved
+Story.prototype.saveTiddler = function(title,minorUpdate)
+{
+	var tiddlerElem = document.getElementById(this.idPrefix + title);
+	if(tiddlerElem != null)
+		{
+		var fields = {};
+		this.gatherSaveFields(tiddlerElem,fields);
+		var newTitle = fields.title ? fields.title : title;
+		if(store.tiddlerExists(newTitle) && newTitle != title)
+			{
+			if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+				this.closeTiddler(newTitle,false,false);
+			else
+				return null;
+			}
+		tiddlerElem.id = this.idPrefix + newTitle;
+		tiddlerElem.setAttribute("tiddler",newTitle);
+		tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+		tiddlerElem.setAttribute("dirty","false");
+		if(config.options.chkForceMinorUpdate)
+			minorUpdate = !minorUpdate;
+		var newDate = new Date();
+		store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+		for (var n in fields) 
+			if (!TiddlyWiki.isStandardField(n))
+				store.setValue(newTitle,n,fields[n]);
+		if(config.options.chkAutoSave)
+			saveChanges();
+		return newTitle;
+		}
+	return null;
+}
+
+Story.prototype.permaView = function()
+{
+	var links = [];
+	this.forEachTiddler(function(title,element) {
+		links.push(String.encodeTiddlyLink(title));
+		});
+	var t = encodeURIComponent(links.join(" "));
+	if(t == "")
+		t = "#";
+	if(window.location.hash != t)
+		window.location.hash = t;
+}
+
+// ---------------------------------------------------------------------------------
+// Message area
+// ---------------------------------------------------------------------------------
+
+function getMessageDiv()
+{
+	var msgArea = document.getElementById("messageArea");
+	if(!msgArea)
+		return null;
+	if(!msgArea.hasChildNodes())
+		createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+			config.messages.messageClose.text,
+			config.messages.messageClose.tooltip,
+			clearMessage);
+	msgArea.style.display = "block";
+	return createTiddlyElement(msgArea,"div");
+}
+
+function displayMessage(text,linkText)
+{
+	var e = getMessageDiv();
+	if(!e)
+		{
+		alert(text);
+		return;
+		}
+	if(linkText)
+		{
+		var link = createTiddlyElement(e,"a",null,null,text);
+		link.href = linkText;
+		link.target = "_blank";
+		}
+	else
+		e.appendChild(document.createTextNode(text));
+}
+
+function clearMessage()
+{
+	var msgArea = document.getElementById("messageArea");
+	if(msgArea)
+		{
+		removeChildren(msgArea);
+		msgArea.style.display = "none";
+		}
+	return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Refresh mechanism
+// ---------------------------------------------------------------------------------
+
+config.refreshers = {
+	link: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddlyLink");
+		refreshTiddlyLink(e,title);
+		return true;
+		},
+	
+	tiddler: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddler");
+		var template = e.getAttribute("template");
+		if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+			story.refreshTiddler(title,template,true);
+		else
+			refreshElements(e,changeList);
+		return true;
+		},
+
+	content: function(e,changeList)
+		{
+		var title = e.getAttribute("tiddler");
+		var force = e.getAttribute("force");
+		if(force != null || changeList == null || changeList.indexOf(title) != -1)
+			{
+			removeChildren(e);
+			wikify(store.getTiddlerText(title,title),e);
+			return true;
+			}
+		else
+			return false;
+		},
+
+	macro: function(e,changeList)
+		{
+		var macro = e.getAttribute("macroName");
+		var params = e.getAttribute("params");
+		if(macro)
+			macro = config.macros[macro];
+		if(macro && macro.refresh)
+			macro.refresh(e,params);
+		return true;
+		}
+};
+
+function refreshElements(root,changeList)
+{
+	var nodes = root.childNodes;
+	for(var c=0; c<nodes.length; c++)
+		{
+		var e = nodes[c],type;
+		if(e.getAttribute)
+			type = e.getAttribute("refresh");
+		else
+			type = null;
+		var refresher = config.refreshers[type];
+		var refreshed = false;
+		if(refresher != undefined)
+			refreshed = refresher(e,changeList);
+		if(e.hasChildNodes() && !refreshed)
+			refreshElements(e,changeList);
+		}
+}
+
+function applyHtmlMacros(root,tiddler)
+{
+	var e = root.firstChild;
+	while(e)
+		{
+		var nextChild = e.nextSibling;
+		if(e.getAttribute)
+			{
+			var macro = e.getAttribute("macro");
+			if(macro)
+				{
+				var params = "";
+				var p = macro.indexOf(" ");
+				if(p != -1)
+					{
+					params = macro.substr(p+1);
+					macro = macro.substr(0,p);
+					}
+				invokeMacro(e,macro,params,null,tiddler);
+				}
+			}
+		if(e.hasChildNodes())
+			applyHtmlMacros(e,tiddler);
+		e = nextChild;
+		}
+}
+
+function refreshPageTemplate(title)
+{
+	var stash = createTiddlyElement(document.body,"div");
+	stash.style.display = "none";
+	var display = document.getElementById("tiddlerDisplay");
+	var nodes,t;
+	if(display)
+		{
+		nodes = display.childNodes;
+		for(t=nodes.length-1; t>=0; t--)
+			stash.appendChild(nodes[t]);
+		}
+	var wrapper = document.getElementById("contentWrapper");
+	if(!title)
+		title = "PageTemplate";
+	var html = store.getRecursiveTiddlerText(title,null,10);
+	wrapper.innerHTML = html;
+	applyHtmlMacros(wrapper);
+	refreshElements(wrapper);
+	display = document.getElementById("tiddlerDisplay");
+	removeChildren(display);
+	if(!display)
+		display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+	nodes = stash.childNodes;
+	for(t=nodes.length-1; t>=0; t--)
+		display.appendChild(nodes[t]);
+	stash.parentNode.removeChild(stash);
+}
+
+function refreshDisplay(hint)
+{
+	var e = document.getElementById("contentWrapper");
+	if(typeof hint == "string")
+		hint = [hint];
+	refreshElements(e,hint);
+}
+
+function refreshPageTitle()
+{
+	document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+}
+
+function refreshStyles(title)
+{
+	setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+}
+
+function refreshColorPalette(title)
+{
+	if(!startingUp)
+		refreshAll();
+}
+
+function refreshAll()
+{
+	refreshPageTemplate();
+	refreshDisplay();
+	refreshStyles("StyleSheetLayout");
+	refreshStyles("StyleSheetColors");
+	refreshStyles("StyleSheet");
+	refreshStyles("StyleSheetPrint");
+}
+
+// ---------------------------------------------------------------------------------
+// Options cookie stuff
+// ---------------------------------------------------------------------------------
+
+function loadOptionsCookie()
+{
+	if(safeMode)
+		return;
+	var cookies = document.cookie.split(";");
+	for(var c=0; c<cookies.length; c++)
+		{
+		var p = cookies[c].indexOf("=");
+		if(p != -1)
+			{
+			var name = cookies[c].substr(0,p).trim();
+			var value = cookies[c].substr(p+1).trim();
+			switch(name.substr(0,3))
+				{
+				case "txt":
+					config.options[name] = unescape(value);
+					break;
+				case "chk":
+					config.options[name] = value == "true";
+					break;
+				}
+			}
+		}
+}
+
+function saveOptionCookie(name)
+{
+	if(safeMode)
+		return;
+	var c = name + "=";
+	switch(name.substr(0,3))
+		{
+		case "txt":
+			c += escape(config.options[name].toString());
+			break;
+		case "chk":
+			c += config.options[name] ? "true" : "false";
+			break;
+		}
+	c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+	document.cookie = c;
+}
+
+// ---------------------------------------------------------------------------------
+// Saving
+// ---------------------------------------------------------------------------------
+
+var saveUsingSafari = false;
+
+var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
+var endSaveArea = '</d' + 'iv>';
+
+// If there are unsaved changes, force the user to confirm before exitting
+function confirmExit()
+{
+	hadConfirmExit = true;
+	if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+		return config.messages.confirmExit;
+}
+
+// Give the user a chance to save changes before exitting
+function checkUnsavedChanges()
+{
+	if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+		{
+		if(confirm(config.messages.unsavedChangesWarning))
+			saveChanges();
+		}
+}
+
+function updateMarkupBlock(s,blockName,tiddlerName)
+{
+	return s.replaceChunk(
+			"<!--%0-START-->".format([blockName]),
+			"<!--%0-END-->".format([blockName]),
+			"\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+}
+
+// Save this tiddlywiki with the pending changes
+function saveChanges(onlyIfDirty)
+{
+	if(onlyIfDirty && !store.isDirty())
+		return;
+	clearMessage();
+	// Get the URL of the document
+	var originalPath = document.location.toString();
+	// Check we were loaded from a file URL
+	if(originalPath.substr(0,5) != "file:")
+		{
+		alert(config.messages.notFileUrlError);
+		if(store.tiddlerExists(config.messages.saveInstructions))
+			story.displayTiddler(null,config.messages.saveInstructions);
+		return;
+		}
+	var localPath = getLocalPath(originalPath);
+	// Load the original file
+	var original = loadFile(localPath);
+	if(original == null)
+		{
+		alert(config.messages.cantSaveError);
+		if(store.tiddlerExists(config.messages.saveInstructions))
+			story.displayTiddler(null,config.messages.saveInstructions);
+		return;
+		}
+	// Locate the storeArea div's
+	var posOpeningDiv = original.indexOf(startSaveArea);
+	var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+	var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+	if((posOpeningDiv == -1) || (posClosingDiv == -1))
+		{
+		alert(config.messages.invalidFileError.format([localPath]));
+		return;
+		}
+	// Save the backup
+	if(config.options.chkSaveBackups)
+		{
+		var backupPath = getBackupPath(localPath);
+		var backup = saveFile(backupPath,original);
+		if(backup)
+			displayMessage(config.messages.backupSaved,"file://" + backupPath);
+		else
+			alert(config.messages.backupFailed);
+		}
+	// Save Rss
+	if(config.options.chkGenerateAnRssFeed)
+		{
+		var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+		var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+		if(rssSave)
+			displayMessage(config.messages.rssSaved,"file://" + rssPath);
+		else
+			alert(config.messages.rssFailed);
+		}
+	// Save empty template
+	if(config.options.chkSaveEmptyTemplate)
+		{
+		var emptyPath,p;
+		if((p = localPath.lastIndexOf("/")) != -1)
+			emptyPath = localPath.substr(0,p) + "/empty.html";
+		else if((p = localPath.lastIndexOf("\\")) != -1)
+			emptyPath = localPath.substr(0,p) + "\\empty.html";
+		else
+			emptyPath = localPath + ".empty.html";
+		var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+		var emptySave = saveFile(emptyPath,empty);
+		if(emptySave)
+			displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+		else
+			alert(config.messages.emptyFailed);
+		}
+	var save;
+	try 
+		{
+		// Save new file
+		var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+					convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+					original.substr(posClosingDiv);
+		var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+		revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+		revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+		revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+		revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+		revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+		save = saveFile(localPath,revised);
+		}
+	catch (e) 
+		{
+		showException(e);
+		}
+	if(save)
+		{
+		displayMessage(config.messages.mainSaved,"file://" + localPath);
+		store.setDirty(false);
+		}
+	else
+		alert(config.messages.mainFailed);
+}
+
+function getLocalPath(originalPath)
+{
+	// Remove any location or query part of the URL
+	var argPos = originalPath.indexOf("?");
+	if(argPos != -1)
+		originalPath = originalPath.substr(0,argPos);
+	var hashPos = originalPath.indexOf("#");
+	if(hashPos != -1)
+		originalPath = originalPath.substr(0,hashPos);
+	// Convert file://localhost/ to file:///
+	if(originalPath.indexOf("file://localhost/") == 0)
+		originalPath = "file://" + originalPath.substr(16);
+	// Convert to a native file format assuming
+	// "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+	// "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+	// "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+	// "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+	var localPath;
+	if(originalPath.charAt(9) == ":") // pc local file
+		localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+	else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+		localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+	else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+		localPath = unescape(originalPath.substr(7));
+	else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+		localPath = unescape(originalPath.substr(5));
+	else // pc network file
+		localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+	return localPath;
+}
+
+function getBackupPath(localPath)
+{
+	var backSlash = true;
+	var dirPathPos = localPath.lastIndexOf("\\");
+	if(dirPathPos == -1)
+		{
+		dirPathPos = localPath.lastIndexOf("/");
+		backSlash = false;
+		}
+	var backupFolder = config.options.txtBackupFolder;
+	if(!backupFolder || backupFolder == "")
+		backupFolder = ".";
+	var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+	backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+	return backupPath;
+}
+
+function generateRss()
+{
+	var s = [];
+	var d = new Date();
+	var u = store.getTiddlerText("SiteUrl");
+	// Assemble the header
+	s.push("<" + "?xml version=\"1.0\"?" + ">");
+	s.push("<rss version=\"2.0\">");
+	s.push("<channel>");
+	s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+	if(u)
+		s.push("<link>" + u.htmlEncode() + "</link>");
+	s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+	s.push("<language>en-us</language>");
+	s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+	s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+	s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+	s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+	s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+	// The body
+	var tiddlers = store.getTiddlers("modified","excludeLists");
+	var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+	for (var t=tiddlers.length-1; t>=n; t--)
+		s.push(tiddlers[t].saveToRss(u));
+	// And footer
+	s.push("</channel>");
+	s.push("</rss>");
+	// Save it all
+	return s.join("\n");
+}
+
+
+// UTF-8 encoding rules:
+// 0x0000 - 0x007F:	0xxxxxxx
+// 0x0080 - 0x07FF:	110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF:	1110xxxx 10xxxxxx 10xxxxxx
+
+function convertUTF8ToUnicode(u)
+{
+	if(window.netscape == undefined)
+		return manualConvertUTF8ToUnicode(u);
+	else
+		return mozConvertUTF8ToUnicode(u);
+}
+
+function manualConvertUTF8ToUnicode(utf)
+{
+	var uni = utf;
+	var src = 0;
+	var dst = 0;
+	var b1, b2, b3;
+	var c;
+	while(src < utf.length)
+		{
+		b1 = utf.charCodeAt(src++);
+		if(b1 < 0x80)
+			dst++;
+		else if(b1 < 0xE0)
+			{
+			b2 = utf.charCodeAt(src++);
+			c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+			}
+		else
+			{
+			b2 = utf.charCodeAt(src++);
+			b3 = utf.charCodeAt(src++);
+			c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+			}
+	}
+	return(uni);
+}
+
+function mozConvertUTF8ToUnicode(u)
+{
+	try
+		{
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+		converter.charset = "UTF-8";
+		}
+	catch(e)
+		{
+		return manualConvertUTF8ToUnicode(u);
+		} // fallback
+	var s = converter.ConvertToUnicode(u);
+	var fin = converter.Finish();
+	return (fin.length > 0) ? s+fin : s;
+}
+
+function convertUnicodeToUTF8(s)
+{
+	if(window.netscape == undefined)
+		return manualConvertUnicodeToUTF8(s);
+	else
+		return mozConvertUnicodeToUTF8(s);
+}
+
+function manualConvertUnicodeToUTF8(s)
+{
+	var re = /[^\u0000-\u007F]/g ;
+	return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+}
+
+function mozConvertUnicodeToUTF8(s)
+{
+	try
+		{
+		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+		converter.charset = "UTF-8";
+		}
+	catch(e)
+		{
+		return manualConvertUnicodeToUTF8(s);
+		} // fallback
+	var u = converter.ConvertFromUnicode(s);
+	var fin = converter.Finish();
+	if(fin.length > 0)
+		return u + fin;
+	else
+		return u;
+}
+
+function saveFile(fileUrl, content)
+{
+	var r = null;
+	if((r == null) || (r == false))
+		r = mozillaSaveFile(fileUrl, content);
+	if((r == null) || (r == false))
+		r = ieSaveFile(fileUrl, content);
+	if((r == null) || (r == false))
+		r = javaSaveFile(fileUrl, content);
+	return(r);
+}
+
+function loadFile(fileUrl)
+{
+	var r = null;
+	if((r == null) || (r == false))
+		r = mozillaLoadFile(fileUrl);
+	if((r == null) || (r == false))
+		r = ieLoadFile(fileUrl);
+	if((r == null) || (r == false))
+		r = javaLoadFile(fileUrl);
+	return(r);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function ieSaveFile(filePath, content)
+{
+	try
+		{
+		var fso = new ActiveXObject("Scripting.FileSystemObject");
+		}
+	catch(e)
+		{
+		//alert("Exception while attempting to save\n\n" + e.toString());
+		return(null);
+		}
+	var file = fso.OpenTextFile(filePath,2,-1,0);
+	file.Write(content);
+	file.Close();
+	return(true);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function ieLoadFile(filePath)
+{
+	try
+		{
+		var fso = new ActiveXObject("Scripting.FileSystemObject");
+		var file = fso.OpenTextFile(filePath,1);
+		var content = file.ReadAll();
+		file.Close();
+		}
+	catch(e)
+		{
+		//alert("Exception while attempting to load\n\n" + e.toString());
+		return(null);
+		}
+	return(content);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function mozillaSaveFile(filePath, content)
+{
+	if(window.Components)
+		try
+			{
+			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+			file.initWithPath(filePath);
+			if (!file.exists())
+				file.create(0, 0664);
+			var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+			out.init(file, 0x20 | 0x02, 00004,null);
+			out.write(content, content.length);
+			out.flush();
+			out.close();
+			return(true);
+			}
+		catch(e)
+			{
+			//alert("Exception while attempting to save\n\n" + e);
+			return(false);
+			}
+	return(null);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function mozillaLoadFile(filePath)
+{
+	if(window.Components)
+		try
+			{
+			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+			file.initWithPath(filePath);
+			if (!file.exists())
+				return(null);
+			var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+			inputStream.init(file, 0x01, 00004, null);
+			var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+			sInputStream.init(inputStream);
+			return(sInputStream.read(sInputStream.available()));
+			}
+		catch(e)
+			{
+			//alert("Exception while attempting to load\n\n" + e);
+			return(false);
+			}
+	return(null);
+}
+
+function javaUrlToFilename(url)
+{
+	var f = "//localhost";
+	if(url.indexOf(f) == 0)
+		return url.substring(f.length);
+	var i = url.indexOf(":");
+	if(i > 0)
+		return url.substring(i-1);
+	return url;
+}
+
+function javaSaveFile(filePath, content)
+{
+	try
+		{
+		if(document.applets["TiddlySaver"])
+			return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+		}
+	catch(e)
+		{
+		}
+	try
+		{
+		var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+		s.print(content);
+		s.close();
+		}
+	catch(e)
+		{
+		return null;
+		}
+	return true;
+}
+
+function javaLoadFile(filePath)
+{
+	try
+		{
+	if(document.applets["TiddlySaver"])
+		return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+		}
+	catch(e)
+		{
+		}
+	var content = [];
+	try
+		{
+		var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+		var line;
+		while ((line = r.readLine()) != null)
+			content.push(new String(line));
+		r.close();
+		}
+	catch(e)
+		{
+		return null;
+		}
+	return content.join("\n");
+}
+
+
+// ---------------------------------------------------------------------------------
+// Remote HTTP requests
+// ---------------------------------------------------------------------------------
+
+// Load a file over http
+//   url - the source url
+//   callback - function to call when there's a response
+//   params - parameter object that gets passed to the callback for storing it's state
+// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
+// Callback function is called like this:
+//   callback(status,params,responseText,xhr)
+//     status - true if OK, false if error
+//     params - the parameter object provided to loadRemoteFile()
+//     responseText - the text of the file
+//     xhr - the underlying XMLHttpRequest object
+function loadRemoteFile(url,callback,params)
+{
+	// Get an xhr object
+	var x;
+	try
+		{
+		x = new XMLHttpRequest(); // Modern
+		}
+	catch(e)
+		{
+		try
+			{
+			x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+			}
+		catch (e)
+			{
+			return null;
+			}
+		}
+	// Install callback
+	x.onreadystatechange = function()
+		{
+		if (x.readyState == 4)
+			{
+			if ((x.status == 0 || x.status == 200) && callback)
+				{
+				callback(true,params,x.responseText,url,x);
+			}
+			else
+				callback(false,params,null,url,x);
+			}
+		}
+	// Send request
+	if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+		window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+	try
+		{
+		url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+		x.open("GET",url,true);
+		if (x.overrideMimeType)
+			x.overrideMimeType("text/html");
+		x.send(null);
+		}
+	catch (e)
+		{
+		alert("Error in send " + e);
+		return null;
+		}
+	return x;
+}
+// ---------------------------------------------------------------------------------
+// TiddlyWiki-specific utility functions
+// ---------------------------------------------------------------------------------
+
+function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
+{
+	var theButton = document.createElement("a");
+	if(theAction)
+		{
+		theButton.onclick = theAction;
+		theButton.setAttribute("href","javascript:;");
+		}
+	if(theTooltip)
+		theButton.setAttribute("title",theTooltip);
+	if(theText)
+		theButton.appendChild(document.createTextNode(theText));
+	if(theClass)
+		theButton.className = theClass;
+	else
+		theButton.className = "button";
+	if(theId)
+		theButton.id = theId;
+	if(theParent)
+		theParent.appendChild(theButton);
+	if(theAccessKey)
+		theButton.setAttribute("accessKey",theAccessKey);
+	return(theButton);
+}
+
+function createTiddlyLink(place,title,includeText,theClass,isStatic)
+{
+	var text = includeText ? title : null;
+	var i = getTiddlyLinkInfo(title,theClass)
+	var btn;
+	if(isStatic)
+		btn = createExternalLink(place,"#" + title);
+	else
+		btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+	btn.setAttribute("refresh","link");
+	btn.setAttribute("tiddlyLink",title);
+	return(btn);
+}
+
+function refreshTiddlyLink(e,title)
+{
+	var i = getTiddlyLinkInfo(title,e.className);
+	e.className = i.classes;
+	e.title = i.subTitle;
+}
+
+function getTiddlyLinkInfo(title,currClasses)
+{
+	var classes = currClasses ? currClasses.split(" ") : [];
+	classes.pushUnique("tiddlyLink");
+	var tiddler = store.fetchTiddler(title);
+	var subTitle;
+	if(tiddler)
+		{
+		subTitle = tiddler.getSubtitle();
+		classes.pushUnique("tiddlyLinkExisting");
+		classes.remove("tiddlyLinkNonExisting");
+		classes.remove("shadow");
+		}
+	else
+		{
+		classes.remove("tiddlyLinkExisting");
+		classes.pushUnique("tiddlyLinkNonExisting");
+		if(store.isShadowTiddler(title))
+			{
+			subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+			classes.pushUnique("shadow");
+			}
+		else
+			{
+			subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+			classes.remove("shadow");
+			}
+		}
+	return {classes: classes.join(" "), subTitle: subTitle};
+}
+
+function createExternalLink(place,url)
+{
+	var theLink = document.createElement("a");
+	theLink.className = "externalLink";
+	theLink.href = url;
+	theLink.title = config.messages.externalLinkTooltip.format([url]);
+	if(config.options.chkOpenInNewWindow)
+		theLink.target = "_blank";
+	place.appendChild(theLink);
+	return(theLink);
+}
+
+// Event handler for clicking on a tiddly link
+function onClickTiddlerLink(e)
+{
+	if (!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	var theLink = theTarget;
+	var title = null;
+	do {
+		title = theLink.getAttribute("tiddlyLink");
+		theLink = theLink.parentNode;
+	} while(title == null && theLink != null);
+	if(title)
+		{
+		var toggling = e.metaKey || e.ctrlKey;
+		if(config.options.chkToggleLinks)
+			toggling = !toggling;
+		var opening;
+		if(toggling && document.getElementById("tiddler" + title))
+			story.closeTiddler(title,true,e.shiftKey || e.altKey);
+		else
+			story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+		}
+	clearMessage();
+	return(false);
+}
+
+// Create a button for a tag with a popup listing all the tiddlers that it tags
+function createTagButton(place,tag,excludeTiddler)
+{
+	var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+	theTag.setAttribute("tag",tag);
+	if(excludeTiddler)
+		theTag.setAttribute("tiddler",excludeTiddler);
+	return(theTag);
+}
+
+// Event handler for clicking on a tiddler tag
+function onClickTag(e)
+{
+	if (!e) var e = window.event;
+	var theTarget = resolveTarget(e);
+	var popup = Popup.create(this);
+	var tag = this.getAttribute("tag");
+	var title = this.getAttribute("tiddler");
+	if(popup && tag)
+		{
+		var tagged = store.getTaggedTiddlers(tag);
+		var titles = [];
+		var li,r;
+		for(r=0;r<tagged.length;r++)
+			if(tagged[r].title != title)
+				titles.push(tagged[r].title);
+		var lingo = config.views.wikified.tag;
+		if(titles.length > 0)
+			{
+			var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+			openAll.setAttribute("tag",tag);
+			createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+			for(r=0; r<titles.length; r++)
+				{
+				createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+				}
+			}
+		else
+			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+		createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+		var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+		createTiddlyText(h,lingo.openTag.format([tag]));
+		}
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if (e.stopPropagation) e.stopPropagation();
+	return(false);
+}
+
+// Event handler for 'open all' on a tiddler popup
+function onClickTagOpenAll(e)
+{
+	if (!e) var e = window.event;
+	var tag = this.getAttribute("tag");
+	var tagged = store.getTaggedTiddlers(tag);
+	var titles = [];
+	for(var t=0; t<tagged.length; t++)
+		titles.push(tagged[t].title);
+	story.displayTiddlers(this,titles);
+	return(false);
+}
+
+function onClickError(e)
+{
+	if (!e) var e = window.event;
+	var popup = Popup.create(this);
+	var lines = this.getAttribute("errorText").split("\n");
+	for(var t=0; t<lines.length; t++)
+		createTiddlyElement(popup,"li",null,null,lines[t]);
+	Popup.show(popup,false);
+	e.cancelBubble = true;
+	if (e.stopPropagation) e.stopPropagation();
+	return false;
+}
+
+function createTiddlyDropDown(place,onchange,options)
+{
+	var sel = createTiddlyElement(place,"select");
+	sel.onchange = onchange;
+	for(var t=0; t<options.length; t++)
+		{
+		var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+		e.value = options[t].name;
+		}
+}
+
+function createTiddlyError(place,title,text)
+{
+	var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+	if (text) btn.setAttribute("errorText",text);
+}
+
+function merge(dst,src,preserveExisting)
+{
+	for (p in src)
+		if (!preserveExisting || dst[p] === undefined)
+			dst[p] = src[p];
+	return dst;
+}
+
+// Returns a string containing the description of an exception, optionally prepended by a message
+function exceptionText(e, message)
+{
+	var s = e.description ? e.description : e.toString();
+	return message ? "%0:\n%1".format([message, s]) : s;
+}
+
+// Displays an alert of an exception description with optional message
+function showException(e, message)
+{
+	alert(exceptionText(e, message));
+}
+
+// ---------------------------------------------------------------------------------
+// Animation engine
+// ---------------------------------------------------------------------------------
+
+function Animator()
+{
+	this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+	this.timerID = 0; // ID of the timer used for animating
+	this.animations = []; // List of animations in progress
+	return this;
+}
+
+// Start animation engine
+Animator.prototype.startAnimating = function() // Variable number of arguments
+{
+	for(var t=0; t<arguments.length; t++)
+		this.animations.push(arguments[t]);
+	if(this.running == 0)
+		{
+		var me = this;
+		this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+		}
+	this.running += arguments.length;
+}
+
+// Perform an animation engine tick, calling each of the known animation modules
+Animator.prototype.doAnimate = function(me)
+{
+	var a = 0;
+	while(a < me.animations.length)
+		{
+		var animation = me.animations[a];
+		if(animation.tick())
+			a++;
+		else
+			{
+			me.animations.splice(a,1);
+			if(--me.running == 0)
+				window.clearInterval(me.timerID);
+			}
+		}
+}
+
+// Map a 0..1 value to 0..1, but slow down at the start and end
+Animator.slowInSlowOut = function(progress)
+{
+	return(1-((Math.cos(progress * Math.PI)+1)/2));
+}
+
+// ---------------------------------------------------------------------------------
+// Cascade animation
+// ---------------------------------------------------------------------------------
+
+function Cascade(text,startElement,targetElement,slowly)
+{
+	var winWidth = findWindowWidth();
+	var winHeight = findWindowHeight();
+	this.elements = [];
+	this.startElement = startElement;
+	this.startLeft = findPosX(this.startElement);
+	this.startTop = findPosY(this.startElement);
+	this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+	this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+	this.targetElement = targetElement;
+	targetElement.style.position = "relative";
+	targetElement.style.zIndex = 2;
+	this.targetLeft = findPosX(this.targetElement);
+	this.targetTop = findPosY(this.targetElement);
+	this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+	this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+	this.progress = -1;
+	this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+	this.text = text;
+	this.tick();
+	return this;
+}
+
+Cascade.prototype.tick = function()
+{
+	this.progress++;
+	if(this.progress >= this.steps)
+		{
+		while(this.elements.length > 0)
+			this.removeTail();
+		this.targetElement.style.position = "static";
+		this.targetElement.style.zIndex = "";
+		return false;
+		}
+	else
+		{
+		if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+			this.removeTail();
+		if(this.progress < (this.steps - config.cascadeDepth))
+			{
+			var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+			var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+			e.style.zIndex = 1;
+			e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+			e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+			e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+			e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+			e.style.display = "block";
+			this.elements.push(e);
+			}
+		return true;
+		}
+}
+
+Cascade.prototype.removeTail = function()
+{
+	var e = this.elements[0];
+	e.parentNode.removeChild(e);
+	this.elements.shift();
+}
+
+// ---------------------------------------------------------------------------------
+// Scroller animation
+// ---------------------------------------------------------------------------------
+
+function Scroller(targetElement,slowly)
+{
+	this.targetElement = targetElement;
+	this.startScroll = findScrollY();
+	this.targetScroll = ensureVisible(targetElement);
+	this.progress = 0;
+	this.step = slowly ? config.animSlow : config.animFast;
+	return this;
+}
+
+Scroller.prototype.tick = function()
+{
+	this.progress += this.step;
+	if(this.progress > 1)
+		{
+		window.scrollTo(0,this.targetScroll);
+		return false;
+		}
+	else
+		{
+		var f = Animator.slowInSlowOut(this.progress);
+		window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+		return true;
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Slider animation
+// ---------------------------------------------------------------------------------
+
+// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
+function Slider(element,opening,slowly,deleteMode)
+{
+	this.element = element;
+	element.style.display = "block";
+	this.deleteMode = deleteMode;
+	this.element.style.height = "auto";
+	this.realHeight = element.offsetHeight;
+	this.opening = opening;
+	this.step = slowly ? config.animSlow : config.animFast;
+	if(opening)
+		{
+		this.progress = 0;
+		element.style.height = "0px";
+		element.style.display = "block";
+		}
+	else
+		{
+		this.progress = 1;
+		this.step = -this.step;
+		}
+	element.style.overflow = "hidden";
+	return this;
+}
+
+Slider.prototype.stop = function()
+{
+	if(this.opening)
+		{
+		this.element.style.height = "auto";
+		this.element.style.opacity = 1;
+		this.element.style.filter = "alpha(opacity:100)";
+		}
+	else
+		{
+		switch(this.deleteMode)
+			{
+			case "none":
+				this.element.style.display = "none";
+				break;
+			case "all":
+				this.element.parentNode.removeChild(this.element);
+				break;
+			case "children":
+				removeChildren(this.element);
+				break;
+			}
+		}
+}
+
+Slider.prototype.tick = function()
+{
+	this.progress += this.step;
+	if(this.progress < 0 || this.progress > 1)
+		{
+		this.stop();
+		return false;
+		}
+	else
+		{
+		var f = Animator.slowInSlowOut(this.progress);
+		var h = this.realHeight * f;
+		this.element.style.height = h + "px";
+		this.element.style.opacity = f;
+		this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+		return true;
+		}
+}
+
+// ---------------------------------------------------------------------------------
+// Popup menu
+// ---------------------------------------------------------------------------------
+
+var Popup = {
+	stack: [] // Array of objects with members root: and popup:
+	};
+
+Popup.create = function(root)
+{
+	Popup.remove();
+	var popup = createTiddlyElement(document.body,"ol","popup","popup");
+	Popup.stack.push({root: root, popup: popup});
+	return popup;
+}
+
+Popup.onDocumentClick = function(e)
+{
+	if (!e) var e = window.event;
+	var target = resolveTarget(e);
+	if(e.eventPhase == undefined)
+		Popup.remove();
+	else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+		Popup.remove();
+	return true;
+}
+
+Popup.show = function(unused,slowly)
+{
+	var curr = Popup.stack[Popup.stack.length-1];
+	var rootLeft = findPosX(curr.root);
+	var rootTop = findPosY(curr.root);
+	var rootHeight = curr.root.offsetHeight;
+	var popupLeft = rootLeft;
+	var popupTop = rootTop + rootHeight;
+	var popupWidth = curr.popup.offsetWidth;
+	var winWidth = findWindowWidth();
+	if(popupLeft + popupWidth > winWidth)
+		popupLeft = winWidth - popupWidth;
+	curr.popup.style.left = popupLeft + "px";
+	curr.popup.style.top = popupTop + "px";
+	curr.popup.style.display = "block";
+	addClass(curr.root,"highlight");
+	if(anim && config.options.chkAnimate)
+		anim.startAnimating(new Scroller(curr.popup,slowly));
+	else
+		window.scrollTo(0,ensureVisible(curr.popup));
+}
+
+Popup.remove = function()
+{
+	if(Popup.stack.length > 0)
+		{
+		Popup.removeFrom(0);
+		}
+}
+
+Popup.removeFrom = function(from)
+{
+	for(var t=Popup.stack.length-1; t>=from; t--)
+		{
+		var p = Popup.stack[t];
+		removeClass(p.root,"highlight");
+		p.popup.parentNode.removeChild(p.popup);
+		}
+	Popup.stack = Popup.stack.slice(0,from);
+}
+
+// ---------------------------------------------------------------------------------
+// ListView gadget
+// ---------------------------------------------------------------------------------
+
+var ListView = {};
+
+// Create a listview
+//   place - where in the DOM tree to insert the listview
+//   listObject - array of objects to be included in the listview
+//   listTemplate - template for the listview
+//   callback - callback for a command being selected
+//   className - optional classname for the <table> element
+ListView.create = function(place,listObject,listTemplate,callback,className)
+{
+	var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+	var thead = createTiddlyElement(table,"thead");
+	var r = createTiddlyElement(thead,"tr");
+	for(var t=0; t<listTemplate.columns.length; t++)
+		{
+		var columnTemplate = listTemplate.columns[t];
+		var c = createTiddlyElement(r,"th");
+		var colType = ListView.columnTypes[columnTemplate.type];
+		if(colType && colType.createHeader)
+			colType.createHeader(c,columnTemplate,t);
+		}
+	var tbody = createTiddlyElement(table,"tbody");
+	for(var rc=0; rc<listObject.length; rc++)
+		{
+		rowObject = listObject[rc];
+		r = createTiddlyElement(tbody,"tr");
+		for(var c=0; c<listTemplate.rowClasses.length; c++)
+			{
+			if(rowObject[listTemplate.rowClasses[c].field])
+				addClass(r,listTemplate.rowClasses[c].className);
+			}
+		rowObject.rowElement = rowObject;
+		rowObject.colElements = {};
+		for(var cc=0; cc<listTemplate.columns.length; cc++)
+			{
+			var c = createTiddlyElement(r,"td");
+			var columnTemplate = listTemplate.columns[cc];
+			var field = columnTemplate.field;
+			var colType = ListView.columnTypes[columnTemplate.type];
+			if(colType && colType.createItem)
+				colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+			rowObject.colElements[field] = c;
+			}
+		}
+	if(callback && listTemplate.actions)
+		createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+	if(callback && listTemplate.buttons)
+		{
+		for(t=0; t<listTemplate.buttons.length; t++)
+			{
+			var a = listTemplate.buttons[t];
+			if(a && a.name != "")
+				createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+			}
+		}
+	return table;
+}
+
+ListView.getCommandHandler = function(callback,name,allowEmptySelection)
+{
+	return function(e)
+		{
+		var view = findRelated(this,"TABLE",null,"previousSibling");
+		var tiddlers = [];
+		ListView.forEachSelector(view,function(e,rowName) {
+					if(e.checked)
+						tiddlers.push(rowName);
+					});
+		if(tiddlers.length == 0 && !allowEmptySelection)
+			alert(config.messages.nothingSelected);
+		else
+			{
+			if(this.nodeName.toLowerCase() == "select")
+				{
+				callback(view,this.value,tiddlers);
+				this.selectedIndex = 0;
+				}
+			else
+				callback(view,name,tiddlers);
+			}
+		};
+}
+
+// Invoke a callback for each selector checkbox in the listview
+//   view - <table> element of listView
+//   callback(checkboxElement,rowName)
+//     where
+//       checkboxElement - DOM element of checkbox
+//       rowName - name of this row as assigned by the column template
+//   result: true if at least one selector was checked
+ListView.forEachSelector = function(view,callback)
+{
+	var checkboxes = view.getElementsByTagName("input");
+	var hadOne = false;
+	for(var t=0; t<checkboxes.length; t++)
+		{
+		var cb = checkboxes[t];
+		if(cb.getAttribute("type") == "checkbox")
+			{
+			var rn = cb.getAttribute("rowName");
+			if(rn)
+				{
+				callback(cb,rn);
+				hadOne = true;
+				}
+			}
+		}
+	return hadOne;
+}
+
+ListView.columnTypes = {};
+
+ListView.columnTypes.String = {
+	createHeader: function(place,columnTemplate,col)
+		{
+			createTiddlyText(place,columnTemplate.title);
+		},
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				createTiddlyText(place,v);
+		}
+};
+
+ListView.columnTypes.Date = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+		}
+};
+
+ListView.columnTypes.StringList = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				{
+				for(var t=0; t<v.length; t++)
+					{
+					createTiddlyText(place,v[t]);
+					createTiddlyElement(place,"br");
+					}
+				}
+		}
+};
+
+ListView.columnTypes.Selector = {
+	createHeader: function(place,columnTemplate,col)
+		{
+			createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+		},
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var e = createTiddlyCheckbox(place,null,listObject[field],null);
+			e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+		},
+	onHeaderChange: function(e)
+		{
+			var state = this.checked;
+			var view = findRelated(this,"TABLE");
+			if(!view)
+				return;
+			ListView.forEachSelector(view,function(e,rowName) {
+								e.checked = state;
+							});
+		}
+};
+
+ListView.columnTypes.Tags = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var tags = listObject[field];
+			createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+		}
+};
+
+ListView.columnTypes.Boolean = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			if(listObject[field] == true)
+				createTiddlyText(place,columnTemplate.trueText);
+			if(listObject[field] == false)
+				createTiddlyText(place,columnTemplate.falseText);
+		}
+};
+
+ListView.columnTypes.TagCheckbox = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+			e.setAttribute("tiddler",listObject.title);
+			e.setAttribute("tag",columnTemplate.tag);
+		},
+	onChange : function(e)
+		{
+			var tag = this.getAttribute("tag");
+			var tiddler = this.getAttribute("tiddler");
+			store.setTiddlerTag(tiddler,this.checked,tag);
+		}
+};
+
+ListView.columnTypes.TiddlerLink = {
+	createHeader: ListView.columnTypes.String.createHeader,
+	createItem: function(place,listObject,field,columnTemplate,col,row)
+		{
+			var v = listObject[field];
+			if(v != undefined)
+				{
+				var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+				createTiddlyText(link,listObject[field]);
+				}
+		}
+};
+// ---------------------------------------------------------------------------------
+// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
+// ---------------------------------------------------------------------------------
+
+// Clamp a number to a range
+Number.prototype.clamp = function(min,max)
+{
+	var c = this;
+	if(c < min)
+		c = min;
+	if(c > max)
+		c = max;
+	return c;
+}
+
+// Add indexOf function if browser does not support it
+if(!Array.indexOf) {
+Array.prototype.indexOf = function(item,from)
+{
+	if(!from)
+		from = 0;
+	for(var i=from; i<this.length; i++)
+		if(this[i] === item)
+			return i;
+	return -1;
+}}
+
+// Find an entry in a given field of the members of an array
+Array.prototype.findByField = function(field,value)
+{
+	for(var t=0; t<this.length; t++)
+		if(this[t][field] == value)
+			return t;
+	return null;
+}
+
+// Return whether an entry exists in an array
+Array.prototype.contains = function(item)
+{
+	return this.indexOf(item) != -1;
+};
+
+// Adds, removes or toggles a particular value within an array
+//  value - value to add
+//  mode - +1 to add value, -1 to remove value, 0 to toggle it
+Array.prototype.setItem = function(value,mode)
+{
+	var p = this.indexOf(value);
+	if(mode == 0)
+		mode = (p == -1) ? +1 : -1;
+	if(mode == +1)
+		{
+		if(p == -1)
+			this.push(value);
+		}
+	else if(mode == -1)
+		{
+		if(p != -1)
+			this.splice(p,1);
+		}
+}
+
+// Return whether one of a list of values exists in an array
+Array.prototype.containsAny = function(items)
+{
+	for(var i=0; i<items.length; i++)
+		if (this.indexOf(items[i]) != -1)
+			return true;
+	return false;
+};
+
+// Return whether all of a list of values exists in an array
+Array.prototype.containsAll = function(items)
+{
+	for (var i = 0; i<items.length; i++)
+		if (this.indexOf(items[i]) == -1)
+			return false;
+	return true;
+};
+
+// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
+Array.prototype.pushUnique = function(item,unique)
+{
+	if(unique != undefined && unique == false)
+		this.push(item);
+	else
+		{
+		if(this.indexOf(item) == -1)
+			this.push(item);
+		}
+}
+
+Array.prototype.remove = function(item)
+{
+	var p = this.indexOf(item);
+	if(p != -1)
+		this.splice(p,1);
+}
+
+// Get characters from the right end of a string
+String.prototype.right = function(n)
+{
+	if(n < this.length)
+		return this.slice(this.length-n);
+	else
+		return this;
+}
+
+// Trim whitespace from both ends of a string
+String.prototype.trim = function()
+{
+	return this.replace(/^\s*|\s*$/g,"");
+}
+
+// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
+String.prototype.unDash = function()
+{
+	var s = this.split("-");
+	if(s.length > 1)
+		for(var t=1; t<s.length; t++)
+			s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+	return s.join("");
+}
+
+// Substitute substrings from an array into a format string that includes '%1'-type specifiers
+String.prototype.format = function(substrings)
+{
+	var subRegExp = /(?:%(\d+))/mg;
+	var currPos = 0;
+	var r = [];
+	do {
+		var match = subRegExp.exec(this);
+		if(match && match[1])
+			{
+			if(match.index > currPos)
+				r.push(this.substring(currPos,match.index));
+			r.push(substrings[parseInt(match[1])]);
+			currPos = subRegExp.lastIndex;
+			}
+	} while(match);
+	if(currPos < this.length)
+		r.push(this.substring(currPos,this.length));
+	return r.join("");
+}
+
+// Escape any special RegExp characters with that character preceded by a backslash
+String.prototype.escapeRegExp = function()
+{
+	var s = "\\^$*+?()=!|,{}[].";
+	var c = this;
+	for(var t=0; t<s.length; t++)
+		c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+	return c;
+}
+
+// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
+String.prototype.escapeLineBreaks = function()
+{
+	return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+}
+
+// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
+String.prototype.unescapeLineBreaks = function()
+{
+	return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+}
+
+// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
+String.prototype.htmlEncode = function()
+{
+	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+}
+
+// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+String.prototype.htmlDecode = function()
+{
+	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+}
+
+// Parse a space-separated string of name:value parameters where:
+//   - the name or the value can be optional (in which case separate defaults are used instead)
+//     - in case of ambiguity, a lone word is taken to be a value
+//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
+//     - name prefixes are not allowed if the 'noNames' parameter is true
+//   - if both the name and value are present they must be separated by a colon
+//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
+//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
+//     - as long as the 'allowEval' parameter is true
+// The result is an array of objects:
+//   result[0] = object with a member for each parameter name, value of that member being an array of values
+//   result[1..n] = one object for each parameter, with 'name' and 'value' members
+String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
+{
+	var parseToken = function(match,p)
+		{
+		var n;
+		if(match[p]) // Double quoted
+			n = match[p];
+		else if(match[p+1]) // Single quoted
+			n = match[p+1];
+		else if(match[p+2]) // Double-square-bracket quoted
+			n = match[p+2];
+		else if(match[p+3]) // Double-brace quoted
+			try
+				{
+				n = match[p+3];
+				if(allowEval)
+					n = window.eval(n);
+				}
+			catch(e)
+				{
+				throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+				}
+		else if(match[p+4]) // Unquoted
+			n = match[p+4];
+		else if(match[p+5]) // empty quote
+			n = "";
+		return n;
+		};
+	var r = [{}];
+	var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+	var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+	var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+	var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+	var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+	var emptyQuote = "((?:\"\")|(?:''))";
+	var skipSpace = "(?:\\s*)";
+	var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+	var re = noNames
+		? new RegExp(token,"mg")
+		: new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+	var params = [];
+	do {
+		var match = re.exec(this);
+		if(match)
+			{
+			var n = parseToken(match,1);
+			if(noNames)
+				r.push({name: "", value: n});
+			else
+				{
+				var v = parseToken(match,8);
+				if(v == null && defaultName)
+					{
+					v = n;
+					n = defaultName;
+					}
+				else if(v == null && defaultValue)
+					v = defaultValue;
+				r.push({name: n, value: v});
+				if(cascadeDefaults)
+					{
+					defaultName = n;
+					defaultValue = v;
+					}
+				}
+			}
+	} while(match);
+	// Summarise parameters into first element
+	for(var t=1; t<r.length; t++)
+		{
+		if(r[0][r[t].name])
+			r[0][r[t].name].push(r[t].value);
+		else
+			r[0][r[t].name] = [r[t].value];
+		}
+	return r;
+}
+
+// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
+// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
+// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
+String.prototype.readMacroParams = function()
+{
+	var p = this.parseParams("list",null,true,true);
+	var n = [];
+	for(var t=1; t<p.length; t++)
+		n.push(p[t].value);
+	return n;
+}
+
+// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
+String.prototype.readBracketedList = function(unique)
+{
+	var p = this.parseParams("list",null,false,true);
+	var n = [];
+	for(var t=1; t<p.length; t++)
+		n.pushUnique(p[t].value,unique);
+	return n;
+}
+
+// Returns array with start and end index of chunk between given start and end marker, or undefined.
+String.prototype.getChunkRange = function(start,end) 
+{
+	var s = this.indexOf(start);
+	if(s != -1)
+		{
+		s += start.length;
+		var e = this.indexOf(end,s);
+		if(e != -1)
+			return [s, e];
+		}
+}
+
+// Replace a chunk of a string given start and end markers
+String.prototype.replaceChunk = function(start,end,sub)
+{
+	var r = this.getChunkRange(start,end);
+	return r 
+		? this.substring(0,r[0]) + sub + this.substring(r[1])
+		: this;
+}
+
+// Returns a chunk of a string between start and end markers, or undefined
+String.prototype.getChunk = function(start,end)
+{
+	var r = this.getChunkRange(start,end);
+	if (r)
+		return this.substring(r[0],r[1]);
+}
+
+
+// Static method to bracket a string with double square brackets if it contains a space
+String.encodeTiddlyLink = function(title)
+{
+	if(title.indexOf(" ") == -1)
+		return(title);
+	else
+		return("[[" + title + "]]");
+}
+
+// Static method to encodeTiddlyLink for every item in an array and join them with spaces
+String.encodeTiddlyLinkList = function(list)
+{
+	if(list)
+		{
+		var results = [];
+		for(var t=0; t<list.length; t++)
+			results.push(String.encodeTiddlyLink(list[t]));
+		return results.join(" ");
+		}
+	else
+		return "";
+}
+
+// Static method to left-pad a string with 0s to a certain width
+String.zeroPad = function(n,d)
+{
+	var s = n.toString();
+	if(s.length < d)
+		s = "000000000000000000000000000".substr(0,d-s.length) + s;
+	return(s);
+}
+
+String.prototype.startsWith = function(prefix) 
+{
+	return !prefix || this.substring(0,prefix.length) == prefix;
+}
+
+// Returns the first value of the given named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//# @return [may be null/undefined]
+//#
+function getParam(params, name, defaultValue) {
+	if (!params)
+		return defaultValue;
+	var p = params[0][name];
+	return p ? p[0] : defaultValue;
+}
+
+// Returns the first value of the given boolean named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//#
+function getFlag(params, name, defaultValue) {
+	return !!getParam(params, name, defaultValue);
+} 
+	
+// Substitute date components into a string
+Date.prototype.formatString = function(template)
+{
+	var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+	t = t.replace(/hh12/g,this.getHours12());
+	t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+	t = t.replace(/hh/g,this.getHours());
+	t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+	t = t.replace(/mm/g,this.getMinutes());
+	t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+	t = t.replace(/ss/g,this.getSeconds());
+	t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+	t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+	t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+	t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+	t = t.replace(/YYYY/g,this.getFullYear());
+	t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+	t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+	t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+	t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+	t = t.replace(/MM/g,this.getMonth()+1);
+	t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+	t = t.replace(/WW/g,this.getWeek());
+	t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+	t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+	t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+	t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+	t = t.replace(/DD/g,this.getDate());
+	return t;
+}
+
+Date.prototype.getWeek = function()
+{
+	var dt = new Date(this.getTime());
+	var d = dt.getDay();
+	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+	var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000); 
+	return Math.floor(n/7)+1;
+}
+
+Date.prototype.getYearForWeekNo = function()
+{
+	var dt = new Date(this.getTime());
+	var d = dt.getDay();
+	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+	return dt.getFullYear();
+}
+
+Date.prototype.getHours12 = function()
+{
+	var h = this.getHours();
+	return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+}
+
+Date.prototype.getAmPm = function()
+{
+	return this.getHours() >= 12 ? "pm" : "am";
+}
+
+Date.prototype.daySuffix = function()
+{
+	var num = this.getDate();
+	if (num >= 11 && num <= 13) return "th";
+	else if (num.toString().substr(-1)=="1") return "st";
+	else if (num.toString().substr(-1)=="2") return "nd";
+	else if (num.toString().substr(-1)=="3") return "rd";
+	return "th";
+}
+
+// Convert a date to local YYYYMMDDHHMM string format
+Date.prototype.convertToLocalYYYYMMDDHHMM = function()
+{
+	return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDDHHMM string format
+Date.prototype.convertToYYYYMMDDHHMM = function()
+{
+	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
+Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
+{
+	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+}
+
+// Static method to create a date from a UTC YYYYMMDDHHMM format string
+Date.convertFromYYYYMMDDHHMM = function(d)
+{
+	var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+							parseInt(d.substr(4,2),10)-1,
+							parseInt(d.substr(6,2),10),
+							parseInt(d.substr(8,2),10),
+							parseInt(d.substr(10,2),10),0,0));
+	return(theDate);
+}
+
+// ---------------------------------------------------------------------------------
+// Crypto functions and associated conversion routines
+// ---------------------------------------------------------------------------------
+
+// Crypto "namespace"
+function Crypto() {}
+
+// Convert a string to an array of big-endian 32-bit words
+Crypto.strToBe32s = function(str)
+{
+	var be = Array();
+	var len = Math.floor(str.length/4);
+	var i, j;
+	for(i=0, j=0; i<len; i++, j+=4)
+		{
+		be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+		}
+	while (j<str.length)
+		{
+		be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+		j++;
+		}
+	return be;
+}
+
+// Convert an array of big-endian 32-bit words to a string
+Crypto.be32sToStr = function(be)
+{
+	var str = "";
+	for(var i=0;i<be.length*32;i+=8)
+		str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+	return str;
+}
+
+// Convert an array of big-endian 32-bit words to a hex string
+Crypto.be32sToHex = function(be)
+{
+	var hex = "0123456789ABCDEF";
+	var str = "";
+	for(var i=0;i<be.length*4;i++)
+		str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+	return str;
+}
+
+// Return, in hex, the SHA-1 hash of a string
+Crypto.hexSha1Str = function(str)
+{
+	return Crypto.be32sToHex(Crypto.sha1Str(str));
+}
+
+// Return the SHA-1 hash of a string
+Crypto.sha1Str = function(str)
+{
+	return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+}
+
+// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
+Crypto.sha1 = function(x,blen)
+{
+	// Add 32-bit integers, wrapping at 32 bits
+	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+	add32 = function(a,b)
+	{
+		var lsw = (a&0xFFFF)+(b&0xFFFF);
+		var msw = (a>>16)+(b>>16)+(lsw>>16);
+		return (msw<<16)|(lsw&0xFFFF);
+	};
+	// Add five 32-bit integers, wrapping at 32 bits
+	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+	add32x5 = function(a,b,c,d,e)
+	{
+		var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+		var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+		return (msw<<16)|(lsw&0xFFFF);
+	};
+	// Bitwise rotate left a 32-bit integer by 1 bit
+	rol32 = function(n)
+	{
+		return (n>>>31)|(n<<1);
+	};
+
+	var len = blen*8;
+	// Append padding so length in bits is 448 mod 512
+	x[len>>5] |= 0x80 << (24-len%32);
+	// Append length
+	x[((len+64>>9)<<4)+15] = len;
+	var w = Array(80);
+
+	var k1 = 0x5A827999;
+	var k2 = 0x6ED9EBA1;
+	var k3 = 0x8F1BBCDC;
+	var k4 = 0xCA62C1D6;
+
+	var h0 = 0x67452301;
+	var h1 = 0xEFCDAB89;
+	var h2 = 0x98BADCFE;
+	var h3 = 0x10325476;
+	var h4 = 0xC3D2E1F0;
+
+	for(var i=0;i<x.length;i+=16)
+		{
+		var j,t;
+		var a = h0;
+		var b = h1;
+		var c = h2;
+		var d = h3;
+		var e = h4;
+		for(j = 0;j<16;j++)
+			{
+			w[j] = x[i+j];
+			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=16;j<20;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=20;j<40;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=40;j<60;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+		for(j=60;j<80;j++)
+			{
+			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+			}
+
+		h0 = add32(h0,a);
+		h1 = add32(h1,b);
+		h2 = add32(h2,c);
+		h3 = add32(h3,d);
+		h4 = add32(h4,e);
+		}
+	return Array(h0,h1,h2,h3,h4);
+}
+
+// ---------------------------------------------------------------------------------
+// RGB colour object
+// ---------------------------------------------------------------------------------
+
+// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
+function RGB(r,g,b)
+{
+	this.r = 0;
+	this.g = 0;
+	this.b = 0;
+	if(typeof r == "string")
+		{
+		if(r.substr(0,1) == "#")
+			{
+			if(r.length == 7)
+				{
+				this.r = parseInt(r.substr(1,2),16)/255;
+				this.g = parseInt(r.substr(3,2),16)/255;
+				this.b = parseInt(r.substr(5,2),16)/255;
+				}
+			else
+				{
+				this.r = parseInt(r.substr(1,1),16)/15;
+				this.g = parseInt(r.substr(2,1),16)/15;
+				this.b = parseInt(r.substr(3,1),16)/15;
+				}
+			}
+		else
+			{
+			var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+			var c = r.match(rgbPattern);
+			if (c)
+				{
+				this.r = parseInt(c[1],10)/255;
+				this.g = parseInt(c[2],10)/255;
+				this.b = parseInt(c[3],10)/255;
+				}
+			}
+		}
+	else
+		{
+		this.r = r;
+		this.g = g;
+		this.b = b;
+		}
+	return this;
+}
+
+// Mixes this colour with another in a specified proportion
+// c = other colour to mix
+// f = 0..1 where 0 is this colour and 1 is the new colour
+// Returns an RGB object
+RGB.prototype.mix = function(c,f)
+{
+	return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+}
+
+// Return an rgb colour as a #rrggbb format hex string
+RGB.prototype.toString = function()
+{
+	var r = this.r.clamp(0,1);
+	var g = this.g.clamp(0,1);
+	var b = this.b.clamp(0,1);
+	return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+				 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+				 ("0" + Math.floor(b * 255).toString(16)).right(2));
+}
+
+// ---------------------------------------------------------------------------------
+// DOM utilities - many derived from www.quirksmode.org
+// ---------------------------------------------------------------------------------
+
+function drawGradient(place,horiz,colours)
+{
+	for(var t=0; t<= 100; t+=2)
+		{
+		var bar = document.createElement("div");
+		place.appendChild(bar);
+		bar.style.position = "absolute";
+		bar.style.left = horiz ? t + "%" : 0;
+		bar.style.top = horiz ? 0 : t + "%";
+		bar.style.width = horiz ? (101-t) + "%" : "100%";
+		bar.style.height = horiz ? "100%" : (101-t) + "%";
+		bar.style.zIndex = -1;
+		var f = t/100;
+		var p = f*(colours.length-1);
+		bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+		}
+}
+
+function createTiddlyText(theParent,theText)
+{
+	return theParent.appendChild(document.createTextNode(theText));
+}
+
+function createTiddlyCheckbox(theParent,caption,checked,onChange)
+{
+	var cb = document.createElement("input");
+	cb.setAttribute("type","checkbox");
+	cb.onclick = onChange;
+	theParent.appendChild(cb);
+	cb.checked = checked;
+	cb.className = "chkOptionInput";
+	if(caption)
+		wikify(caption,theParent);
+	return cb;
+}
+
+function createTiddlyElement(theParent,theElement,theID,theClass,theText)
+{
+	var e = document.createElement(theElement);
+	if(theClass != null)
+		e.className = theClass;
+	if(theID != null)
+		e.setAttribute("id",theID);
+	if(theText != null)
+		e.appendChild(document.createTextNode(theText));
+	if(theParent != null)
+		theParent.appendChild(e);
+	return(e);
+}
+
+// Add an event handler
+// Thanks to John Resig, via QuirksMode
+function addEvent(obj,type,fn)
+{
+	if(obj.attachEvent)
+		{
+		obj['e'+type+fn] = fn;
+		obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+		obj.attachEvent('on'+type,obj[type+fn]);
+		}
+	else
+		obj.addEventListener(type,fn,false);
+}
+
+// Remove  an event handler
+// Thanks to John Resig, via QuirksMode
+function removeEvent(obj,type,fn)
+{
+	if(obj.detachEvent)
+		{
+		obj.detachEvent('on'+type,obj[type+fn]);
+		obj[type+fn] = null;
+		}
+	else
+		obj.removeEventListener(type,fn,false);
+}
+
+function addClass(e,theClass)
+{
+	var currClass = e.className.split(" ");
+	if(currClass.indexOf(theClass) == -1)
+		e.className += " " + theClass;
+}
+
+function removeClass(e,theClass)
+{
+	var currClass = e.className.split(" ");
+	var i = currClass.indexOf(theClass);
+	while(i != -1)
+		{
+		currClass.splice(i,1);
+		i = currClass.indexOf(theClass);
+		}
+	e.className = currClass.join(" ");
+}
+
+function hasClass(e,theClass)
+{
+	if(e.className)
+		{
+		if(e.className.split(" ").indexOf(theClass) != -1)
+			return true;
+		}
+	return false;
+}
+
+// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
+function findRelated(e,value,name,relative)
+{
+	name = name ? name : "tagName";
+	relative = relative ? relative : "parentNode";
+	if(name == "className")
+		{
+		while(e && !hasClass(e,value))
+			{
+			e = e[relative];
+			}
+		}
+	else
+		{
+		while(e && e[name] != value)
+			{
+			e = e[relative];
+			}
+		}
+	return e;
+}
+
+// Resolve the target object of an event
+function resolveTarget(e)
+{
+	var obj;
+	if (e.target)
+		obj = e.target;
+	else if (e.srcElement)
+		obj = e.srcElement;
+	if (obj.nodeType == 3) // defeat Safari bug
+		obj = obj.parentNode;
+	return(obj);
+}
+
+// Return the content of an element as plain text with no formatting
+function getPlainText(e)
+{
+	var text = "";
+	if(e.innerText)
+		text = e.innerText;
+	else if(e.textContent)
+		text = e.textContent;
+	return text;
+}
+
+// Get the scroll position for window.scrollTo necessary to scroll a given element into view
+function ensureVisible(e)
+{
+	var posTop = findPosY(e);
+	var posBot = posTop + e.offsetHeight;
+	var winTop = findScrollY();
+	var winHeight = findWindowHeight();
+	var winBot = winTop + winHeight;
+	if(posTop < winTop)
+		return(posTop);
+	else if(posBot > winBot)
+		{
+		if(e.offsetHeight < winHeight)
+			return(posTop - (winHeight - e.offsetHeight));
+		else
+			return(posTop);
+		}
+	else
+		return(winTop);
+}
+
+// Get the current width of the display window
+function findWindowWidth()
+{
+	return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+}
+
+// Get the current height of the display window
+function findWindowHeight()
+{
+	return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+}
+
+// Get the current horizontal page scroll position
+function findScrollX()
+{
+	return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+}
+
+// Get the current vertical page scroll position
+function findScrollY()
+{
+	return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+}
+
+function findPosX(obj)
+{
+	var curleft = 0;
+	while (obj.offsetParent)
+		{
+		curleft += obj.offsetLeft;
+		obj = obj.offsetParent;
+		}
+	return curleft;
+}
+
+function findPosY(obj)
+{
+	var curtop = 0;
+	while (obj.offsetParent)
+		{
+		curtop += obj.offsetTop;
+		obj = obj.offsetParent;
+		}
+	return curtop;
+}
+
+// Blur a particular element
+function blurElement(e)
+{
+	if(e != null && e.focus && e.blur)
+		{
+		e.focus();
+		e.blur();
+		}
+}
+
+// Create a non-breaking space
+function insertSpacer(place)
+{
+	var e = document.createTextNode(String.fromCharCode(160));
+	if(place)
+		place.appendChild(e);
+	return e;
+}
+
+// Remove all children of a node
+function removeChildren(e)
+{
+	while(e.hasChildNodes())
+		e.removeChild(e.firstChild);
+}
+
+// Add a stylesheet, replacing any previous custom stylesheet
+function setStylesheet(s,id)
+{
+	if(!id)
+		id = "customStyleSheet";
+	var n = document.getElementById(id);
+	if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+		{
+		if(n)
+			n.parentNode.removeChild(n);
+		// This failed without the &nbsp;
+		document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+		}
+	else
+		{
+		if(n)
+			n.replaceChild(document.createTextNode(s),n.firstChild);
+		else
+			{
+			var n = document.createElement("style");
+			n.type = "text/css";
+			n.id = id;
+			n.appendChild(document.createTextNode(s));
+			document.getElementsByTagName("head")[0].appendChild(n);
+			}
+		}
+}
+
+// Replace the current selection of a textarea or text input and scroll it into view
+
+function replaceSelection(e,text)
+{
+	if (e.setSelectionRange)
+		{
+		var oldpos = e.selectionStart + 1;
+		e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+		e.setSelectionRange( oldpos, oldpos);
+		var linecount = e.value.split('\n').length;
+		var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+		e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+		}
+	else if (document.selection)
+		{
+		var range = document.selection.createRange();
+		if (range.parentElement() == e)
+			{
+			var isCollapsed = range.text == "";
+			range.text = text;
+			 if (!isCollapsed)
+				{
+				range.moveStart('character', -text.length);
+				range.select();
+				}
+			}
+		}
+}
+
+// Returns the text of the given (text) node, possibly merging subsequent text nodes
+function getNodeText(e)
+{
+	var t = ""; 
+	while (e && e.nodeName == "#text")
+		{
+		t += e.nodeValue;
+		e = e.nextSibling;
+		}
+	return t;
+}
+//# -------------------------
+//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
+//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
+//# Subclasses must implement:
+//# 			function getTitle(store, e)
+//#
+//# store must implement:
+//# 			function createTiddler(title).
+//#
+
+function LoaderBase()
+{
+}
+
+LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
+{
+	var title = this.getTitle(store, e);
+	if (title)
+		{
+		var tiddler = store.createTiddler(title);
+		this.internalizeTiddler(store, tiddler, title, e);
+		tiddlers.push(tiddler);
+		}
+}
+
+LoaderBase.prototype.loadTiddlers = function(store,nodes)
+{
+	var tiddlers = [];
+	for (var t = 0; t < nodes.length; t++)
+		{
+		try
+			{
+			this.loadTiddler(store, nodes[t], tiddlers);
+			}
+		catch(e)
+			{
+			showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+			}
+		}
+	return tiddlers;
+}
+	
+//# -------------------------
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string, 
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines 
+//# Subclasses must implement:
+//# 			function externalizeTiddler(store, tiddler)
+//#
+//# store must implement:
+//# 			function getTiddlers(sortByFieldName)
+//#
+
+function SaverBase()
+{
+}
+
+SaverBase.prototype.externalize = function(store) 
+{
+	var results = [];
+	var tiddlers = store.getTiddlers("title");
+	for (var t = 0; t < tiddlers.length; t++)
+		results.push(this.externalizeTiddler(store, tiddlers[t]));
+	return results.join("\n");
+}
+//--------------------------------
+// TW21Loader (inherits from LoaderBase)
+
+function TW21Loader() {};
+
+TW21Loader.prototype = new LoaderBase();
+
+TW21Loader.prototype.getTitle = function(store, e) {
+	var title = null;
+	if(e.getAttribute)
+		title = e.getAttribute("tiddler");
+	if(!title && e.id) {	
+		var lenPrefix = store.idPrefix.length;
+		if (e.id.substr(0,lenPrefix) == store.idPrefix)
+			title = e.id.substr(lenPrefix);
+	}
+	return title;
+}
+
+TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
+	var text = getNodeText(data.firstChild).unescapeLineBreaks();
+	var modifier = data.getAttribute("modifier");
+	var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+	var c = data.getAttribute("created");
+	var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+	var tags = data.getAttribute("tags");
+	var fields = {};
+	var attrs = data.attributes;
+	for(var i = attrs.length-1; i >= 0; i--) {
+		var name = attrs[i].name;
+		if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+			fields[name] = attrs[i].value.unescapeLineBreaks();
+		}
+	}
+	tiddler.assign(title,text,modifier,modified,tags,created, fields);
+	return tiddler;
+};
+
+//--------------------------------
+// TW21Saver (inherits from SaverBase)
+
+function TW21Saver() {};
+
+TW21Saver.prototype = new SaverBase();
+
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler) 
+{
+	try {
+		var extendedFieldAttributes = "";
+		store.forEachField(tiddler, 
+			function(tiddler, fieldName, value) {
+				// don't store stuff from the temp namespace
+				if (!fieldName.match(/^temp\./))
+					extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+			}, true);
+		return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+				tiddler.title.htmlEncode(),
+				tiddler.modifier.htmlEncode(),
+				tiddler.modified.convertToYYYYMMDDHHMM(),
+				tiddler.created.convertToYYYYMMDDHHMM(),
+				tiddler.getTags().htmlEncode(),
+				tiddler.escapeLineBreaks().htmlEncode(),
+				extendedFieldAttributes
+			]);
+	} catch (e) {
+		throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+	}
+}
+
+// ---------------------------------------------------------------------------------
+// Deprecated code
+// ---------------------------------------------------------------------------------
+
+// @Deprecated: Use createElementAndWikify and this.termRegExp instead
+config.formatterHelpers.charFormatHelper = function(w)
+{
+	w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+}
+
+// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
+config.formatterHelpers.monospacedByLineHelper = function(w)
+{
+	var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+	lookaheadRegExp.lastIndex = w.matchStart;
+	var lookaheadMatch = lookaheadRegExp.exec(w.source);
+	if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+		{
+		var text = lookaheadMatch[1];
+		if(config.browser.isIE)
+			text = text.replace(/\n/g,"\r");
+		createTiddlyElement(w.output,"pre",null,null,text);
+		w.nextMatch = lookaheadRegExp.lastIndex;
+		}
+}
+
+// @Deprecated: Use <br> or <br /> instead of <<br>>
+config.macros.br.handler = function(place)
+{
+	createTiddlyElement(place,"br");
+}
+
+// Find an entry in an array. Returns the array index or null
+// @Deprecated: Use indexOf instead
+Array.prototype.find = function(item)
+{
+	var i = this.indexOf(item);
+	return i == -1 ? null : i;
+}
+
+// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
+// @Deprecated: Use store.getLoader().internalizeTiddler instead
+Tiddler.prototype.loadFromDiv = function(divRef,title)
+{
+	return store.getLoader().internalizeTiddler(store,this,title,divRef);
+}
+
+// Format the text for storage in an HTML DIV
+// @Deprecated Use store.getSaver().externalizeTiddler instead.
+Tiddler.prototype.saveToDiv = function()
+{
+	return store.getSaver().externalizeTiddler(store,this);
+}
+
+// @Deprecated: Use store.allTiddlersAsHtml() instead
+function allTiddlersAsHtml()
+{
+	return store.allTiddlersAsHtml();
+}
+
+// @Deprecated: Use refreshPageTemplate instead
+function applyPageTemplate(title)
+{
+	refreshPageTemplate(title);
+}
+
+// @Deprecated: Use story.displayTiddlers instead
+function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
+{
+	story.displayTiddlers(srcElement,titles,template,animate,slowly);
+}
+
+// @Deprecated: Use story.displayTiddler instead
+function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
+{
+	story.displayTiddler(srcElement,title,template,animate,slowly);
+}
+
+// @Deprecated: Use functions on right hand side directly instead
+var createTiddlerPopup = Popup.create;
+var scrollToTiddlerPopup = Popup.show;
+var hideTiddlerPopup = Popup.remove;
+
+// @Deprecated: Use right hand side directly instead
+var regexpBackSlashEn = new RegExp("\\\\n","mg");
+var regexpBackSlash = new RegExp("\\\\","mg");
+var regexpBackSlashEss = new RegExp("\\\\s","mg");
+var regexpNewLine = new RegExp("\n","mg");
+var regexpCarriageReturn = new RegExp("\r","mg");
+// ---------------------------------------------------------------------------------
+// End of scripts
+merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
+merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
+merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
+merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
+merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
+// ---------------------------------------------------------------------------------
+//]]>
+</script>
+<style type="text/css">
+
+#saveTest {
+	display: none;
+}
+
+.zoomer {
+	display: none;
+}
+
+#messageArea {
+	display: none;
+}
+
+#copyright {
+	display: none;
+}
+
+.popup {
+	position: absolute;
+}
+
+#storeArea {
+	display: none;
+	margin: 4em 10em 3em;
+}
+
+#storeArea div {
+ padding: 0.5em;
+ margin: 1em 0em 0em 0em;
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0; 
+ border-style: solid; 
+ border-width: 2px;
+ overflow: auto;
+}
+
+#javascriptWarning {
+	width: 100%;
+	text-align: center;
+	font-weight: bold;
+	background-color: #dd1100;
+	color: #fff;
+	padding:1em 0em; 
+}
+
+</style>
+<!--POST-HEAD-START-->
+
+<!--POST-HEAD-END-->
+</head>
+<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
+<!--PRE-BODY-START-->
+
+<!--PRE-BODY-END-->
+	<script type="text/javascript">
+//<![CDATA[
+if (useJavaSaver)
+	document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+//]]>
+	</script>
+	<div id="copyright">
+	Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+	</div>
+	<noscript>
+		<div id="javascriptWarning">This page requires JavaScript to function properly</div>
+	</noscript>
+	<div id="saveTest"></div>
+	<div id="contentWrapper"></div>
+	<div id="contentStash"></div>
+	<div id="storeArea">
+<div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Changelog" modifier="YourName" modified="200703030732" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.1@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in FC6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking. It was a trivial feature.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.0@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
+<div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
+<div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="200702242333" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the _stage directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage directory//, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed\nand the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="CameronRich" modified="200703020758" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+</div>
+<!--POST-BODY-START-->
+
+<!--POST-BODY-END-->
+	</body>
+</html>
diff --git a/www/test_dir/bin/.htaccess b/www/test_dir/bin/.htaccess
new file mode 100644
index 0000000000..8fd8c463a1
--- /dev/null
+++ b/www/test_dir/bin/.htaccess
@@ -0,0 +1 @@
+Deny all
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
new file mode 100755
index 0000000000..d5c7d766b3
--- /dev/null
+++ b/www/test_dir/health.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+echo "Content-Type: text/html"
+echo
+echo "<html><title>System Health</title><body>"
+echo "<h1>System Health for '`/bin/hostname`'</h1>"
+echo "<h2>Processes</h2><table border=\"2\">"
+/bin/ps -ef | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+echo "</table><h2>Free FileSystem Space</h2>"
+echo "<table border=\"2\">"
+/bin/df -h / | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
+echo "</table></body></html>"
diff --git a/www/test_dir/no_http/.htaccess b/www/test_dir/no_http/.htaccess
new file mode 100644
index 0000000000..3e20076a2c
--- /dev/null
+++ b/www/test_dir/no_http/.htaccess
@@ -0,0 +1 @@
+SSLRequireSSL
diff --git a/www/test_dir/no_http/.htpasswd b/www/test_dir/no_http/.htpasswd
new file mode 100644
index 0000000000..0471b01400
--- /dev/null
+++ b/www/test_dir/no_http/.htpasswd
@@ -0,0 +1,2 @@
+abcd:CQhgDPyy0rvEU8OMxnQIvg==$YdJfIKZimFLYxPf/rbnhtQ==
+yaya:Syuss5jE2FNGVdr0kKGoHg==$WLw/SgHZFuAoOuml3GTJVw==
diff --git a/www/test_dir/no_http/index.html b/www/test_dir/no_http/index.html
new file mode 100644
index 0000000000..8b86eba8ed
--- /dev/null
+++ b/www/test_dir/no_http/index.html
@@ -0,0 +1,6 @@
+<html>
+<head><title>axhttpd is running</title></head>
+<body>
+Looks like you got to this directory.
+</body>
+</html>
diff --git a/www/test_dir/no_ssl/.htaccess b/www/test_dir/no_ssl/.htaccess
new file mode 100644
index 0000000000..d980d265a5
--- /dev/null
+++ b/www/test_dir/no_ssl/.htaccess
@@ -0,0 +1 @@
+SSLDenySSL
diff --git a/www/test_dir/no_ssl/index.html b/www/test_dir/no_ssl/index.html
new file mode 100644
index 0000000000..8b86eba8ed
--- /dev/null
+++ b/www/test_dir/no_ssl/index.html
@@ -0,0 +1,6 @@
+<html>
+<head><title>axhttpd is running</title></head>
+<body>
+Looks like you got to this directory.
+</body>
+</html>
diff --git a/www/test_dir/some_text.txt b/www/test_dir/some_text.txt
new file mode 100644
index 0000000000..041831f7dd
--- /dev/null
+++ b/www/test_dir/some_text.txt
@@ -0,0 +1 @@
+This is some text.
diff --git a/www/test_dir/test_cgi.php b/www/test_dir/test_cgi.php
new file mode 100755
index 0000000000..feecbb1ec4
--- /dev/null
+++ b/www/test_dir/test_cgi.php
@@ -0,0 +1,6 @@
+#!/bin/php
+
+<?
+phpinfo();
+?>
+

From efdf49ba7663abfec24f2c92e26f400243527b14 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 20 Mar 2007 13:31:13 +0000
Subject: [PATCH 065/301] fixed some warnings in ssltest

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@79 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/os_port.h      |  1 +
 ssl/test/ssltest.c | 24 ++++++++++--------------
 2 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/ssl/os_port.h b/ssl/os_port.h
index 54a7370dbf..75bc5d9a74 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -111,6 +111,7 @@ typedef UINT32 uint32_t;
 typedef INT32 int32_t;
 typedef UINT64 uint64_t;
 typedef INT64 int64_t;
+typedef int socklen_t;
 
 EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
 EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index d841afaa90..c974fe1553 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -731,7 +731,7 @@ static int SSL_server_test(
     SSL_CTX *ssl_ctx = NULL;
     struct sockaddr_in client_addr;
     uint8_t *read_buf;
-    int clnt_len = sizeof(client_addr);
+    socklen_t clnt_len = sizeof(client_addr);
     client_t client_data;
 #ifndef WIN32
     pthread_t thread;
@@ -808,7 +808,7 @@ static int SSL_server_test(
 
         /* Wait for a client to connect */
         if ((client_fd = accept(server_fd, 
-                        (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+                        (struct sockaddr *)&client_addr, &clnt_len)) < 0)
         {
             ret = SSL_ERROR_SOCK_SETUP_FAILURE;
             goto error;
@@ -833,7 +833,7 @@ static int SSL_server_test(
         }
         else /* looks more promising */
         {
-            if (strstr("hello client", read_buf) == NULL)
+            if (strstr("hello client", (char *)read_buf) == NULL)
             {
                 printf("SSL server test \"%s\" passed\n", testname);
                 TTY_FLUSH();
@@ -1471,7 +1471,7 @@ static int SSL_basic_test(void)
     SSL_CTX *ssl_svr_ctx = NULL;
     struct sockaddr_in client_addr;
     uint8_t *read_buf;
-    int clnt_len = sizeof(client_addr);
+    socklen_t clnt_len = sizeof(client_addr);
     SSL *ssl_svr;
 #ifndef WIN32
     pthread_t thread;
@@ -1545,7 +1545,7 @@ static int SSL_basic_test(void)
  * Multi-Threading Tests
  *
  **************************************************************************/
-#define NUM_THREADS         200
+#define NUM_THREADS         100
 
 typedef struct
 {
@@ -1630,7 +1630,7 @@ int multi_thread_test(void)
     pthread_t svr_threads[NUM_THREADS];
     int i, res = 0;
     struct sockaddr_in client_addr;
-    int clnt_len = sizeof(client_addr);
+    socklen_t clnt_len = sizeof(client_addr);
 
     printf("Do multi-threading test (takes a minute)\n");
 
@@ -1656,7 +1656,7 @@ int multi_thread_test(void)
     }
 
     for (i = 0; i < NUM_THREADS; i++)
-    {
+    { 
         SSL *ssl_svr;
         int client_fd = accept(server_fd, 
                       (struct sockaddr *)&client_addr, &clnt_len);
@@ -1675,10 +1675,12 @@ int multi_thread_test(void)
     {
         void *thread_res;
         pthread_join(svr_threads[i], &thread_res);
+
         if (*((int *)thread_res) != 0)
             res = 1;
+
         free(thread_res);
-    }
+    } 
 
     if (res) 
         goto error;
@@ -1794,12 +1796,6 @@ int main(int argc, char *argv[])
 
     system("sh ../ssl/test/killopenssl.sh");
 
-#if 0
-    if (multi_thread_test())
-        goto cleanup;
-
-#endif
-
     ret = 0;        /* all ok */
 cleanup:
 

From 55d6b77f70013b2ae12e46cb12f41b4e2568fdf4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Mar 2007 23:57:28 +0000
Subject: [PATCH 066/301] tx/rx hmac records separated. fixed gnu tls issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@80 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/perl/Makefile |   2 +-
 config/config.h        | 106 -------------------------------
 ssl/asn1.c             |   3 +-
 ssl/loader.c           |  20 +++---
 ssl/os_port.h          |   2 +
 ssl/test/gnutls.cer    | Bin 0 -> 599 bytes
 ssl/test/socgen.cer    | Bin 0 -> 980 bytes
 ssl/test/ssltest.c     |  30 ++++++++-
 ssl/test/test_axssl.sh |   4 +-
 ssl/tls1.c             | 141 ++++++++++++++++++++---------------------
 ssl/tls1.h             |   5 +-
 ssl/tls1_clnt.c        |   2 +-
 ssl/tls1_svr.c         |   2 +-
 www/index.html         |   2 +-
 14 files changed, 117 insertions(+), 202 deletions(-)
 delete mode 100644 config/config.h
 create mode 100755 ssl/test/gnutls.cer
 create mode 100755 ssl/test/socgen.cer

diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
index e04bd3c7d2..71c4055108 100644
--- a/bindings/perl/Makefile
+++ b/bindings/perl/Makefile
@@ -66,7 +66,7 @@ ifdef CONFIG_PLATFORM_CYGWIN
 endif
 	@install axtlsp.pm ../../$(STAGE)
 
-CFLAGS += -D__USE_GNU -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
+CFLAGS += -D_GNU_SOURCE -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
 else
 CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
 CFLAGS += /I"$(PERL5_CORE)"
diff --git a/config/config.h b/config/config.h
deleted file mode 100644
index 4d0c5bd4f6..0000000000
--- a/config/config.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Automatically generated header file: don't edit
- */
-
-#define HAVE_DOT_CONFIG 1
-#undef CONFIG_PLATFORM_LINUX
-#define CONFIG_PLATFORM_CYGWIN 1
-#undef CONFIG_PLATFORM_SOLARIS
-#undef CONFIG_PLATFORM_WIN32
-
-/*
- * General Configuration
- */
-#define PREFIX "/usr/local"
-#undef CONFIG_DEBUG
-#undef CONFIG_VISUAL_STUDIO_6_0
-#undef CONFIG_VISUAL_STUDIO_7_0
-#undef CONFIG_VISUAL_STUDIO_8_0
-#define CONFIG_VISUAL_STUDIO_6_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
-#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
-#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
-
-/*
- * SSL Library
- */
-#undef CONFIG_SSL_SERVER_ONLY
-#undef CONFIG_SSL_CERT_VERIFICATION
-#undef CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_FULL_MODE 1
-#undef CONFIG_SSL_SKELETON_MODE
-#undef CONFIG_SSL_PROT_LOW
-#define CONFIG_SSL_PROT_MEDIUM 1
-#undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY 1
-#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
-#define CONFIG_SSL_HAS_PEM 1
-#define CONFIG_SSL_USE_PKCS12 1
-#define CONFIG_SSL_EXPIRY_TIME 24
-#define CONFIG_X509_MAX_CA_CERTS 4
-#define CONFIG_SSL_MAX_CERTS 2
-#undef CONFIG_SSL_CTX_MUTEXING
-#define CONFIG_USE_DEV_URANDOM 1
-#undef CONFIG_WIN32_USE_CRYPTO_LIB
-#undef CONFIG_OPENSSL_COMPATIBLE
-#undef CONFIG_PERFORMANCE_TESTING
-#undef CONFIG_SSL_TEST
-#define CONFIG_AXHTTPD 1
-
-/*
- * Axhttpd Configuration
- */
-#undef CONFIG_HTTP_STATIC_BUILD
-#define CONFIG_HTTP_PORT 80
-#define CONFIG_HTTP_HTTPS_PORT 443
-#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
-#define CONFIG_HTTP_WEBROOT "../www"
-#define CONFIG_HTTP_TIMEOUT 300
-#undef CONFIG_HTTP_HAS_CGI
-#define CONFIG_HTTP_CGI_EXTENSIONS ""
-#undef CONFIG_HTTP_DIRECTORIES
-#undef CONFIG_HTTP_HAS_AUTHORIZATION
-#undef CONFIG_HTTP_USE_CHROOT
-#undef CONFIG_HTTP_CHANGE_UID
-#undef CONFIG_HTTP_HAS_IPV6
-#undef CONFIG_HTTP_ALL_MIME_TYPES
-#define CONFIG_HTTP_VERBOSE 1
-#undef CONFIG_HTTP_IS_DAEMON
-
-/*
- * Language Bindings
- */
-#undef CONFIG_BINDINGS
-#undef CONFIG_CSHARP_BINDINGS
-#undef CONFIG_VBNET_BINDINGS
-#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
-#undef CONFIG_JAVA_BINDINGS
-#define CONFIG_JAVA_HOME ""
-#undef CONFIG_PERL_BINDINGS
-#define CONFIG_PERL_CORE ""
-#define CONFIG_PERL_LIB ""
-
-/*
- * Samples
- */
-#define CONFIG_SAMPLES 1
-#define CONFIG_C_SAMPLES 1
-#undef CONFIG_CSHARP_SAMPLES
-#undef CONFIG_VBNET_SAMPLES
-#undef CONFIG_JAVA_SAMPLES
-#undef CONFIG_PERL_SAMPLES
-
-/*
- * BigInt Options
- */
-#undef CONFIG_BIGINT_CLASSICAL
-#undef CONFIG_BIGINT_MONTGOMERY
-#define CONFIG_BIGINT_BARRETT 1
-#define CONFIG_BIGINT_CRT 1
-#undef CONFIG_BIGINT_KARATSUBA
-#define MUL_KARATSUBA_THRESH 
-#define SQU_KARATSUBA_THRESH 
-#define CONFIG_BIGINT_SLIDING_WINDOW 1
-#define CONFIG_BIGINT_SQUARE 1
-#undef CONFIG_BIGINT_CHECK_ON
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 45b910b9a5..25e30f9aa7 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -475,8 +475,7 @@ static int asn1_signature_type(const uint8_t *cert,
     x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
 
     *offset += len;
-    if (asn1_skip_obj(cert, offset, ASN1_NULL))
-        goto end_check_sig;
+    asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
     ret = X509_OK;
 
 end_check_sig:
diff --git a/ssl/loader.c b/ssl/loader.c
index c3d8373d9f..717373a8ae 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -35,8 +35,8 @@
 static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
                     SSLObjLoader *ssl_obj, const char *password);
 #ifdef CONFIG_SSL_HAS_PEM
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
-                    const char *password);
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password);
 #endif
 
 /*
@@ -70,7 +70,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     if (strncmp((char *)ssl_obj->buf, begin, strlen(begin)) == 0)
     {
 #ifdef CONFIG_SSL_HAS_PEM
-        ret = ssl_obj_PEM_load(ssl_ctx, ssl_obj, password);
+        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
 #else
         printf(unsupported_str);
         ret = SSL_ERROR_NOT_SUPPORTED;
@@ -277,7 +277,7 @@ static int pem_decrypt(const char *where, const char *end,
 /**
  * Take a base64 blob of data and turn it into its proper ASN.1 form.
  */
-static int new_pem_obj(SSL_CTX *ssl_ctx, char *where, 
+static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
                     int remain, const char *password)
 {
     int ret = SSL_OK;
@@ -322,7 +322,8 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, char *where,
                     break;
 
                 case IS_CERTIFICATE:
-                    obj_type = SSL_OBJ_X509_CERT;
+                    obj_type = is_cacert ?
+                                    SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
                     break;
 
                 default:
@@ -350,7 +351,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, char *where,
 
     /* more PEM stuff to process? */
     if (remain)
-        ret = new_pem_obj(ssl_ctx, end, remain, password);
+        ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
 
 error:
     ssl_obj_free(ssl_obj);
@@ -360,8 +361,8 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, char *where,
 /*
  * Load a file into memory that is in ASCII PEM format.
  */
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, 
-                                        const char *password)
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password)
 {
     char *start;
 
@@ -370,6 +371,7 @@ static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj,
     ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
     ssl_obj->buf[ssl_obj->len-1] = 0;
     start = (char *)ssl_obj->buf;
-    return new_pem_obj(ssl_ctx, start, ssl_obj->len, password);
+    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
+                                start, ssl_obj->len, password);
 }
 #endif /* CONFIG_SSL_HAS_PEM */
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 75bc5d9a74..b8042ad033 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -145,7 +145,9 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
 
 /* some functions to mutate the way these work */
 #define malloc(A)       ax_malloc(A)
+#ifndef realloc
 #define realloc(A,B)    ax_realloc(A,B)
+#endif
 #define calloc(A,B)     ax_calloc(A,B)
 
 EXP_FUNC void * STDCALL ax_malloc(size_t s);
diff --git a/ssl/test/gnutls.cer b/ssl/test/gnutls.cer
new file mode 100755
index 0000000000000000000000000000000000000000..312e3654048b040de7fe4267a0a16abbf0ddcb49
GIT binary patch
literal 599
zcmXqLVhT2BV%)cYnTe5!iIKs8n~hVe&7<u*FC!zXfuy0hfhZeuC=0VNpL<?uh)=LW
zNosM4g0rK6oH(z6xq*>^nW3?Pk)dG}kZXa&H83}nHjo5q<q{S`)>@oeRF+y~C}AK5
zF_#}?pk8`jX-Q78UVc%!LE{``H!w0c_AnSUb}%(IT;CP5elgDny_M==tAhJhysmF7
z^~s*G&+FB8xgXw#vyR;2W!Uk`M_ArWZ1TOL_s5pRZOYqrimM~Ebi%Z^%fk2YSeNlm
zm)raDP5tGSZ+^F?EXZEqajv|sc#fg)f7=u5mL}xg+}0B{D}UR*`B{6He^_9w{&l<T
zq^Hy76bD_Kf9*uyMkZ!P2FAsWlMNat81MicFDuN*_@9NzfWbft#1mu@HV|yW@QyG@
zPL+knfQyYon~jl`m7ST<fFC5t57N%c%*?)k!9W%yz{euSBJ%pUYu?izs;7E-n|VuK
zwq3a!x~0@W9we>I0t~bUk(V|yzt>L6d&agTOlQ%<1HtMiK21dqF;?crMuy~AZ)cCC
zcar#4F@K*Wyr$(`<HptT7O&4J|9f&n)qSPYC;gzEw%hKqa<W{pkzIUC@@MwK@U^qF
z#aa!DpH8{)sPR|c_u?y$q{^z4PiEbye|q9%ZPT9;e}l~Ux~wgNHv0s(Rjhumd^F+7
evq?93r>=edOf)X_qG#W2@k=EugP0m@R{;Q^*WZi)

literal 0
HcmV?d00001

diff --git a/ssl/test/socgen.cer b/ssl/test/socgen.cer
new file mode 100755
index 0000000000000000000000000000000000000000..a4278705b77b573b2d248ed305c22b2d09adcacd
GIT binary patch
literal 980
zcmXqLV!mL|#B95OnTe5!NkD<!UQA;3LDto4mHbYXDlatPW#iOp^Jx3d%gD&e%3u(0
z$Zf#M#vIDRCd?EXY^Y!$2jXxEiw6ZeD!3$;Bq{`_CYKgvmQ?B}c;+SR8R{A6fK+e`
ztAZs`f$~LVsYMFTsYNB3X_?81C7Jno3XY{E8TlYx26E!O24)6kMivHO5C!C#gSbY<
zrk19bQ3j2jNG?b#G88c21DVeu%<fuToS&DMYRC_CGf;$Gge@d9J+-LPP|`pg>_`!T
z;QZvw)RI&M_td=9qQsn3Lm2}pu<JyGq0UZK2q?-=DNP2s%23Wg1|-WYBASz*o>`Kb
zlb2eeSDc@mo|>nZoS$pZI3GE97+D#Z8+#dmE@WzKWVoD|Jf%l(uZI1`=4qA=*RJJA
z?chpsFj>bp<>2Cnn~pKH_~~}+WSdv5Vp-g~=R*{W@9c}qf6Ug-cl@<zX_h@h&#s5_
zP95G;wIrV{?S;w>VZLQQ_OCeH@^h`o<PB{5Z=4HR#CYf1F4l;a-L(d$7mZJ<#e@s!
zzd0@DAZ6m9mE^xSn2DK@fpKvYV~Rl&V*)tJWQAFn3>XZ!fnJj3XJKJxVqIWh1LDZD
zm>L)x7%tFXpxdUMQBqQ1rLUh{l%ofXrp)5Zbg*Cbf$<B8KuG-Q0TmdyfOIRc*cw<H
zSh8^^w0SVL{cvSu7iTumGSFb-&}IWB8FnT{F&U7d#XwWb%ga$sEh<PfkOi5d$|7bU
z0@K3G2xl=Fn84VKj4T=kY6dDWz5!#K1k|<p$;AaI1{>tUR59|fBpSpoj9n0I5NQx@
z5Gux*nVXoNs-K>jW}s*wZ@|vRs?EpDB*h}q|Map{+nV0K?8E09vaWbY=u}JU8K{aW
zL+t=2fqWD@^vjCDVjz=Ha|v@D1Bd<W*UzIQFRgLE`t6&3ThaZlhnD-o=gUg<+?cuZ
z^^+-U7b_WT5Z@E$ma^gr@3BSw(#sXrX|GaFi?HZ)yy(ZX(I(=vnp&g7?>A4&`;!%a
z`ZjicJXrPWUp61x_6yT?-1OPGnCp)Bskw&pd3$HgaIL><mUR1kql*6nnQ!JfoB$9p
BGXwwt

literal 0
HcmV?d00001

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index c974fe1553..ee2062b292 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -580,13 +580,37 @@ static int cert_tests(void)
     ssl_ctx_free(ssl_ctx);
     free(buf);
 
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/gnutls.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/socgen.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
     /* Verisign use MD2 which is not supported */
     ssl_ctx = ssl_ctx_new(0, 0);
     len = get_file("../ssl/test/verisign.x509_ca", &buf);
     if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
                                     X509_VFY_ERROR_UNSUPPORTED_DIGEST)
     {
-        printf("Cert #5\n");
+        printf("Cert #7\n");
         ssl_display_error(res);
         goto bad_cert;
     }
@@ -597,7 +621,7 @@ static int cert_tests(void)
     if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
                                     x509_new(buf, &len, &x509_ctx))
     {
-        printf("Cert #6\n");
+        printf("Cert #8\n");
         ssl_display_error(res);
         goto bad_cert;
     }
@@ -1023,7 +1047,7 @@ int SSL_server_tests(void)
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_device.pem", 
                     NULL, "../ssl/test/axTLS.device_key.pem",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
+                    "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
     /* 
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 072ffd0cb6..37ed0b1933 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -37,7 +37,7 @@ else
         KILL_AXSSL="killall axssl"
         KILL_PERL="killall /usr/bin/perl"
     else     # Linux
-        JAVA_BIN=/usr/lib/java/bin
+        JAVA_BIN=/usr/java/default/bin
         PERL_BIN=/usr/bin/perl
         KILL_AXSSL="killall axssl"
         KILL_CSHARP="killall mono"
@@ -81,7 +81,7 @@ sleep 1
 "$JAVA_BIN/java" -jar ./axtls.jar $SERVER_PEM_ARGS &
 echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
 $KILL_JAVA
-sleep 1
+sleep 2
 
 echo "### Java tests complete"
 fi
diff --git a/ssl/tls1.c b/ssl/tls1.c
index fb2213f042..0cb947940c 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -145,7 +145,7 @@ static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
 static const cipher_info_t *get_cipher_info(uint8_t cipher);
 static void increment_read_sequence(SSL *ssl);
 static void increment_write_sequence(SSL *ssl);
-static void add_hmac_digest(SSL *ssl, int snd,
+static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
 
 /* win32 VC6.0 doesn't have variadic macros */
@@ -619,29 +619,24 @@ static void increment_write_sequence(SSL *ssl)
 /**
  * Work out the HMAC digest in a packet.
  */
-static void add_hmac_digest(SSL *ssl, int mode,
+static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
-    uint8_t *t_ptr = t_buf;
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
-            ssl->write_sequence : ssl->read_sequence, 8);
-    t_buf += 8;
+                    ssl->write_sequence : ssl->read_sequence, 8);
+    memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
+    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
 
-    memcpy(t_buf, ssl->record_buf, SSL_RECORD_SIZE);
-    t_buf += SSL_RECORD_SIZE;
-
-    memcpy(t_buf, buf, buf_len);
-
-    ssl->cipher_info->hmac(t_ptr, hmac_len, 
+    ssl->cipher_info->hmac(t_buf, hmac_len, 
             (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
 #if 0
-    print_blob("record", ssl->record_buf, SSL_RECORD_SIZE);
+    print_blob("record", ssl->hmac_tx, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
     if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
     {
@@ -665,7 +660,7 @@ static void add_hmac_digest(SSL *ssl, int mode,
     print_blob("hmac", hmac_buf, SHA1_SIZE);
 #endif
 
-    free(t_ptr);
+    free(t_buf);
 }
 
 /**
@@ -691,9 +686,9 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
         return SSL_ERROR_INVALID_HMAC;
     }
 
-    ssl->record_buf[3] = hmac_offset >> 8;      /* insert size */
-    ssl->record_buf[4] = hmac_offset & 0xff;
-    add_hmac_digest(ssl, mode, buf, hmac_offset, hmac_buf);
+    ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
+    ssl->hmac_header[4] = hmac_offset & 0xff;
+    add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
 
     if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
     {
@@ -972,9 +967,13 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
     {
         int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
                             SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
-        ssl->record_buf[0] = protocol;
-        ssl->record_buf[3] = length >> 8; 
-        ssl->record_buf[4] = length & 0xff;
+        uint8_t hmac_header[SSL_RECORD_SIZE];
+
+        hmac_header[0] = protocol;
+        hmac_header[1] = 0x03;
+        hmac_header[2] = 0x01;
+        hmac_header[3] = length >> 8; 
+        hmac_header[4] = length & 0xff;
 
         if (protocol == PT_HANDSHAKE_PROTOCOL)
         {
@@ -989,7 +988,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         /* add the packet digest */
         msg_length += ssl->cipher_info->digest_size;
         ssl->bm_index = msg_length;
-        add_hmac_digest(ssl, mode, ssl->bm_data, length, 
+        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, length, 
                                                 &ssl->bm_data[length]);
 
         /* add padding? */
@@ -1135,12 +1134,10 @@ static void set_key_block(SSL *ssl, int is_write)
 int basic_read(SSL *ssl, uint8_t **in_data)
 {
     int ret = SSL_OK;
-    int read_len, is_record;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    uint8_t *buf;
+    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf = ssl->bm_data;
 
-    buf = ssl->bm_data;
-    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_index], 
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
     /* connection has gone, so die */
@@ -1152,10 +1149,10 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     }
 
     DISPLAY_BYTES(ssl, "received %d bytes", 
-            &ssl->bm_data[ssl->bm_index], read_len, read_len);
+            &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
 
     ssl->got_bytes += read_len;
-    ssl->bm_index += read_len;
+    ssl->bm_read_index += read_len;
 
     /* haven't quite got what we want, so try again later */
     if (ssl->got_bytes < ssl->need_bytes)
@@ -1190,19 +1187,17 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         }
 
         CLR_SSL_FLAG(SSL_NEED_RECORD);
-        memcpy(ssl->record_buf, buf, 3);    /* store for hmac */
-        is_record = 1;
-    }
-    else
-    {
-        SET_SSL_FLAG(SSL_NEED_RECORD);
-        ssl->need_bytes = SSL_RECORD_SIZE;
-        is_record = 0;
+        memcpy(ssl->hmac_header, buf, 3);       /* store for hmac */
+        ssl->record_type = buf[0];
+        goto error;                         /* no error, we're done */
     }
 
-    if (is_record)
-        ssl->record_type = buf[0];
-    else if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    /* for next time - just do it now in case of an error */
+    SET_SSL_FLAG(SSL_NEED_RECORD);
+    ssl->need_bytes = SSL_RECORD_SIZE;
+
+    /* decrypt if we need to */
+    if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
         read_len = verify_digest(ssl, 
@@ -1220,52 +1215,50 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     }
 
     /* The main part of the SSL packet */
-    if (!is_record)
+    switch (ssl->record_type)
     {
-        switch (ssl->record_type)
-        {
-            case PT_HANDSHAKE_PROTOCOL:
-                ret = do_handshake(ssl, buf, read_len);
-                break;
+        case PT_HANDSHAKE_PROTOCOL:
+            ret = do_handshake(ssl, buf, read_len);
+            break;
 
-            case PT_CHANGE_CIPHER_SPEC:
-                if (ssl->next_state != HS_FINISHED)
-                {
-                    ret = SSL_ERROR_INVALID_HANDSHAKE;
-                    goto error;
-                }
+        case PT_CHANGE_CIPHER_SPEC:
+            if (ssl->next_state != HS_FINISHED)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
 
-                SET_SSL_FLAG(SSL_RX_ENCRYPTED);
-                set_key_block(ssl, 0);
-                memset(ssl->read_sequence, 0, 8);
-                break;
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+            set_key_block(ssl, 0);
+            memset(ssl->read_sequence, 0, 8);
+            break;
 
-            case PT_APP_PROTOCOL_DATA:
-                if (in_data)
-                {
-                    *in_data = ssl->bm_data;   /* point to the work buffer */
-                    (*in_data)[read_len] = 0;  /* null terminate just in case */
-                }
+        case PT_APP_PROTOCOL_DATA:
+            if (in_data)
+            {
+                *in_data = ssl->bm_data;   /* point to the work buffer */
+                (*in_data)[read_len] = 0;  /* null terminate just in case */
+            }
 
-                ret = read_len;
-                break;
+            ret = read_len;
+            break;
 
-            case PT_ALERT_PROTOCOL:
-                /* return the alert # with alert bit set */
-                ret = -buf[1]; 
-                DISPLAY_ALERT(ssl, buf[1]);
-                break;
+        case PT_ALERT_PROTOCOL:
+            /* return the alert # with alert bit set */
+            ret = -buf[1]; 
+            DISPLAY_ALERT(ssl, buf[1]);
+            break;
 
-            default:
-                ret = SSL_ERROR_INVALID_PROT_MSG;
-                break;
-        }
+        default:
+            ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
     }
 
 error:
-    ssl->bm_index = 0;          /* reset to go again */
+    ssl->bm_read_index = 0;          /* reset to go again */
 
-    if (ret < SSL_OK && in_data)  /* if all wrong, then clear this buffer ptr */
+    if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
         *in_data = NULL;
 
     return ret;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index d2ebeefe08..d14bb6d6ed 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -168,7 +168,8 @@ struct _SSL
     void *decrypt_ctx;
     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
     uint8_t *bm_data;
-    int bm_index;
+    uint16_t bm_index;
+    uint16_t bm_read_index;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     SSL_CERT *certs;
@@ -189,7 +190,7 @@ struct _SSL
     uint8_t *master_secret;
     uint8_t read_sequence[8];       /* 64 bit sequence number */
     uint8_t write_sequence[8];      /* 64 bit sequence number */
-    uint8_t record_buf[SSL_RECORD_SIZE];    /* storage for hmac calls later */
+    uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
 };
 
 typedef struct _SSL SSL;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b3d5a52fb6..2c587f142f 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -117,7 +117,7 @@ int do_client_connect(SSL *ssl)
     int ret = SSL_OK;
 
     send_client_hello(ssl);                 /* send the client hello */
-    ssl->bm_index = 0;
+    ssl->bm_read_index = 0;
     ssl->next_state = HS_SERVER_HELLO;
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 133f9db69b..dc26e05990 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -102,7 +102,7 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 static int process_client_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
-    uint8_t *record_buf = ssl->record_buf;
+    uint8_t *record_buf = ssl->hmac_header;
     int pkt_size = ssl->bm_index;
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
     int version = (record_buf[1] << 4) + record_buf[2];
diff --git a/www/index.html b/www/index.html
index 716dc8a56c..ab0ce0ecbe 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200703030732" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.1@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in FC6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking. It was a trivial feature.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.0@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200703302354" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.1@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/fc6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.0@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From cf081931c37b4de5897799c5333426d73d4fa486 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 31 Mar 2007 04:35:49 +0000
Subject: [PATCH 067/301] some late fixes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@82 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/axhttpd.aip | 21 +++++++++------------
 ssl/tls1.c         |  2 +-
 www/index.html     |  6 +++---
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index f80a1cf6f7..1f5e0a4a60 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.2" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.7.2" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
@@ -8,15 +8,15 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{4708D414-9C0E-46D2-9B67-D6421C9C5F81} "/>
+    <ROW Property="ProductCode" Value="1033:{73828381-84C6-400E-9635-5F1B762E2FD9} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.0"/>
+    <ROW Property="ProductVersion" Value="1.1.2"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
-    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR" IsPseudoRoot="1"/>
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR:." IsPseudoRoot="1"/>
     <ROW Directory="New_Folder_DIR" Directory_Parent="APPDIR" DefaultDir="include"/>
     <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
     <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
@@ -87,9 +87,9 @@
     <ROW Fragment="UI.aip" Path="&lt;UI.aip&gt;"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="aicustact.dll" SourcePath="&lt;aicustact.dll&gt;"/>
     <ROW Name="default_banner.bmp" SourcePath="&lt;default-banner.bmp&gt;"/>
     <ROW Name="default_dialog.bmp" SourcePath="&lt;default-dialog.bmp&gt;"/>
-    <ROW Name="launcher.dll" SourcePath="&lt;launcher.dll&gt;"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
     <ATTRIBUTE name="FixedSizeBitmaps" value="0"/>
@@ -109,8 +109,8 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="launcher.dll" Target="PrepareUpgrade"/>
-    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="launcher.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="aicustact.dll" Target="RestoreLocation"/>
     <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
     <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
     <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
@@ -129,12 +129,9 @@
     <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
+    <ATTRIBUTE name="CabsLocation" value="0"/>
     <ATTRIBUTE name="Compress" value="1"/>
-    <ATTRIBUTE name="FirstMediaSize" value="0"/>
-    <ATTRIBUTE name="FirstMediaSizeUnit" value="0"/>
-    <ATTRIBUTE name="InstallationType" value="0"/>
-    <ATTRIBUTE name="MediaSize" value="0"/>
-    <ATTRIBUTE name="MediaSizeUnit" value="0"/>
+    <ATTRIBUTE name="InstallationType" value="4"/>
     <ATTRIBUTE name="Package" value="1"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 0cb947940c..5a429d82b8 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2020,7 +2020,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx,
 #endif
 
 #if !defined(CONFIG_SSL_CERT_VERIFICATION)
-EXP_FUNC int STDCALL ssl_verify_cert(SSL *ssl)
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 {
     printf(unsupported_str);
     return -1;
diff --git a/www/index.html b/www/index.html
index ab0ce0ecbe..6442339b93 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,17 +7086,17 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200703302354" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.1@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/fc6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes since 1.1.0@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200703310021" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.2@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="200702242333" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the _stage directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage directory//, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed\nand the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="200703310030" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="CameronRich" modified="200703020758" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="CameronRich" modified="200703310024" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From 548d14772f4e1085cba6cd43048c3a7df423e3e0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 7 Apr 2007 03:21:56 +0000
Subject: [PATCH 068/301] some late fixes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@84 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/axhttpd.aip | 6 +++---
 www/index.html     | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 1f5e0a4a60..0a3700fe25 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.7.2" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.8.1" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
@@ -8,10 +8,10 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{73828381-84C6-400E-9635-5F1B762E2FD9} "/>
+    <ROW Property="ProductCode" Value="1033:{85E11EB1-374E-43DF-B561-213DA3D47B87} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.2"/>
+    <ROW Property="ProductVersion" Value="1.1.4"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
diff --git a/www/index.html b/www/index.html
index 6442339b93..1fadb09d08 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200703310021" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.2@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200704022246" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 8438e9fd7fdcd49f9a2e600aaa2baedc5254941c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 25 Apr 2007 11:09:32 +0000
Subject: [PATCH 069/301] fixed client session size, empty certificate list

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@88 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.c    | 14 ++------------
 ssl/tls1_clnt.c | 29 +++++++++++++++++------------
 ssl/tls1_svr.c  |  3 +--
 3 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/ssl/bigint.c b/ssl/bigint.c
index e64375f809..2551f593da 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -77,24 +77,14 @@ static void check(const bigint *bi);
  */
 BI_CTX *bi_initialize(void)
 {
-    BI_CTX *ctx;
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
    
-    ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-    ctx->active_list = NULL;
-    ctx->active_count = 0;
-    ctx->free_list = NULL;
-    ctx->free_count = 0;
-    ctx->mod_offset = 0;
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    ctx->use_classical = 0;
-#endif
-
     /* the radix */
     ctx->bi_radix = alloc(ctx, 2); 
     ctx->bi_radix->comps[0] = 0;
     ctx->bi_radix->comps[1] = 1;
     bi_permanent(ctx->bi_radix);
-
     return ctx;
 }
 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 2c587f142f..b9ab721a17 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -213,6 +213,7 @@ static int process_server_hello(SSL *ssl)
     int offset;
     int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t session_id_length;
     int ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
@@ -221,17 +222,18 @@ static int process_server_hello(SSL *ssl)
 
     /* get the server random value */
     memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 7 + SSL_RANDOM_SIZE; /* skip of session id size */
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    session_id_length = buf[offset++];
 
     if (num_sessions)
     {
         ssl->session = ssl_session_update(num_sessions,
                 ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session->session_id, &buf[offset], session_id_length);
     }
 
-    memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-    offset += SSL_SESSION_ID_SIZE;
+    memcpy(ssl->session_id, &buf[offset], session_id_length);
+    offset += session_id_length;
 
     /* get the real cipher we are using */
     ssl->cipher = buf[++offset];
@@ -304,7 +306,7 @@ static int send_cert_verify(SSL *ssl)
     uint8_t *buf = ssl->bm_data;
     uint8_t dgst[MD5_SIZE+SHA1_SIZE];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int n, ret;
+    int n = 0, ret;
 
     DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
 
@@ -314,14 +316,17 @@ static int send_cert_verify(SSL *ssl)
     finished_digest(ssl, NULL, dgst);   /* calculate the digest */
 
     /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (n == 0)
+    if (rsa_ctx)
     {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
+        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+        n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+        if (n == 0)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
     }
     
     buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index dc26e05990..c56a9650b8 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -307,8 +307,7 @@ static int send_server_hello(SSL *ssl)
     if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
     {
         /* retrieve id from session cache */
-        memcpy(&buf[offset], ssl->session->session_id, 
-                SSL_SESSION_ID_SIZE);
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
         memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
     }
     else    /* generate our own session id */

From 09625b71aee8c867c845dc50d90f80e7d8025075 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 16 May 2007 04:16:16 +0000
Subject: [PATCH 070/301] simplified mime types

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@89 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in    |   9 ---
 httpd/Makefile     |   1 -
 httpd/axhttp.h     |   4 -
 httpd/axhttpd.c    |   1 -
 httpd/mime_types.c | 194 ---------------------------------------------
 httpd/proc.c       |  84 +++++++++++---------
 6 files changed, 47 insertions(+), 246 deletions(-)
 delete mode 100644 httpd/mime_types.c

diff --git a/httpd/Config.in b/httpd/Config.in
index c7b94ede15..ce42a59a76 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -109,15 +109,6 @@ config CONFIG_HTTP_HAS_IPV6
     
         Does not work under Win32
 
-config CONFIG_HTTP_ALL_MIME_TYPES
-    bool "Use all mime types"
-    help
-        Use the full list of supported mime types.
-
-        Use this option if a "generic" webserver is used. However if it is
-        using only web pages (html, jpg, gif, png, css) then select this
-        option.
-
 config CONFIG_HTTP_VERBOSE
     bool "Verbose Mode"
     default y if CONFIG_SSL_FULL_MODE
diff --git a/httpd/Makefile b/httpd/Makefile
index d20f1b2b1a..13e2f04009 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -63,7 +63,6 @@ endif
 OBJ= \
 	axhttpd.o \
 	proc.o \
-	mime_types.o \
 	tdate_parse.o
 
 include ../config/makefile.post
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 82d839febc..a2b14e687c 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -123,10 +123,6 @@ void procsendfile(struct connstruct *cn);
 char *my_strncpy(char *dest, const char *src, size_t n);
 int isdir(const char *name);
 
-/* mime_types.c prototypes */
-void mime_init(void);
-const char *getmimetype(const char *fn);
-
 /* tdate prototypes */
 void tdate_init(void);
 time_t tdate_parse(const char* str);
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index bbf2af1d1f..5bdf423d3d 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -124,7 +124,6 @@ int main(int argc, char *argv[])
     signal(SIGTERM, die);
     signal(SIGINT, sigint_cleanup);
 #endif
-    mime_init();
     tdate_init();
 
     for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
diff --git a/httpd/mime_types.c b/httpd/mime_types.c
deleted file mode 100644
index 46e3c3e5e0..0000000000
--- a/httpd/mime_types.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- *  Copyright(C) 2007 Cameron Rich
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include "axhttp.h"
-
-static const char mime_default[] = "text/plain";
-
-typedef struct 
-{
-    const char * const ext;
-    const char * const type;
-} mime_table_t;
-
-static mime_table_t mime_table[] = 
-{
-    /* Fundamental types */
-    { ".html", "text/html" },
-    { ".htm", "text/html" },
-    { ".css", "text/css" },
-
-    /* Basic graphics */
-    { ".jpg", "image/jpeg" },
-    { ".gif", "image/gif" },
-    { ".png", "image/png" },
-
-#ifdef CONFIG_HTTP_ALL_MIME_TYPES
-    /* This list is a bit expensive to maintain normally, so it's an option. */
-    { ".txt", "text/plain" },
-    { ".rtx", "text/richtext" },
-    { ".etx", "text/x-setext" },
-    { ".tsv", "text/tab-separated-values" },
-    { ".xml", "text/xml" },
-    { ".dtd", "text/xml" },
-    { ".jpe", "image/jpeg" },
-    { ".jpeg", "image/jpeg" },
-    { ".jfif", "image/jpeg" },
-    { ".tif", "image/tiff" },
-    { ".tiff", "image/tiff" },
-    { ".pbm", "image/x-portable-bitmap" },
-    { ".pgm", "image/x-portable-graymap" },
-    { ".ppm", "image/x-portable-pixmap" },
-    { ".pnm", "image/x-portable-anymap" },
-    { ".xbm", "image/x-xbitmap" },
-    { ".xpm", "image/x-xpixmap" },
-    { ".xwd", "image/x-xwindowdump" },
-    { ".ief", "image/ief" },
-    { ".au", "audio/basic" },
-    { ".snd", "audio/basic" },
-    { ".aif", "audio/x-aiff" },
-    { ".aiff", "audio/x-aiff" },
-    { ".aifc", "audio/x-aiff" },
-    { ".ra", "audio/x-pn-realaudio" },
-    { ".ram", "audio/x-pn-realaudio" },
-    { ".rm", "audio/x-pn-realaudio" },
-    { ".rpm", "audio/x-pn-realaudio-plugin" },
-    { ".wav", "audio/wav" },
-    { ".mid", "audio/midi" },
-    { ".midi", "audio/midi" },
-    { ".kar", "audio/midi" },
-    { ".mpga", "audio/mpeg" },
-    { ".mp2", "audio/mpeg" },
-    { ".mp3", "audio/mpeg" },
-    { ".mpeg", "video/mpeg" },
-    { ".mpg", "video/mpeg" },
-    { ".mpe", "video/mpeg" },
-    { ".qt", "video/quicktime" },
-    { ".mov", "video/quicktime" },
-    { ".avi", "video/x-msvideo" },
-    { ".movie", "video/x-sgi-movie" },
-    { ".mv", "video/x-sgi-movie" },
-    { ".vx", "video/x-rad-screenplay" },
-    { ".a", "application/octet-stream" },
-    { ".bin", "application/octet-stream" },
-    { ".exe", "application/octet-stream" },
-    { ".dump", "application/octet-stream" },
-    { ".o", "application/octet-stream" },
-    { ".class", "application/java" },
-    { ".js", "application/x-javascript" },
-    { ".ai", "application/postscript" },
-    { ".eps", "application/postscript" },
-    { ".ps", "application/postscript" },
-    { ".dir", "application/x-director" },
-    { ".dcr", "application/x-director" },
-    { ".dxr", "application/x-director" },
-    { ".fgd", "application/x-director" },
-    { ".aam", "application/x-authorware-map" },
-    { ".aas", "application/x-authorware-seg" },
-    { ".aab", "application/x-authorware-bin" },
-    { ".fh4", "image/x-freehand" },
-    { ".fh7", "image/x-freehand" },
-    { ".fh5", "image/x-freehand" },
-    { ".fhc", "image/x-freehand" },
-    { ".fh", "image/x-freehand" },
-    { ".spl", "application/futuresplash" },
-    { ".swf", "application/x-shockwave-flash" },
-    { ".dvi", "application/x-dvi" },
-    { ".gtar", "application/x-gtar" },
-    { ".hdf", "application/x-hdf" },
-    { ".hqx", "application/mac-binhex40" },
-    { ".iv", "application/x-inventor" },
-    { ".latex", "application/x-latex" },
-    { ".man", "application/x-troff-man" },
-    { ".me", "application/x-troff-me" },
-    { ".mif", "application/x-mif" },
-    { ".ms", "application/x-troff-ms" },
-    { ".oda", "application/oda" },
-    { ".pdf", "application/pdf" },
-    { ".rtf", "application/rtf" },
-    { ".bcpio", "application/x-bcpio" },
-    { ".cpio", "application/x-cpio" },
-    { ".sv4cpio", "application/x-sv4cpio" },
-    { ".sv4crc", "application/x-sv4crc" },
-    { ".sh", "application/x-shar" },
-    { ".shar", "application/x-shar" },
-    { ".sit", "application/x-stuffit" },
-    { ".tar", "application/x-tar" },
-    { ".tex", "application/x-tex" },
-    { ".texi", "application/x-texinfo" },
-    { ".texinfo", "application/x-texinfo" },
-    { ".tr", "application/x-troff" },
-    { ".roff", "application/x-troff" },
-    { ".man", "application/x-troff-man" },
-    { ".me", "application/x-troff-me" },
-    { ".ms", "application/x-troff-ms" },
-    { ".zip", "application/x-zip-compressed" },
-    { ".tsp", "application/dsptype" },
-    { ".wsrc", "application/x-wais-source" },
-    { ".ustar", "application/x-ustar" },
-    { ".cdf", "application/x-netcdf" },
-    { ".nc", "application/x-netcdf" },
-    { ".doc", "application/msword" },
-    { ".ppt", "application/powerpoint" },
-    { ".wrl", "model/vrml" },
-    { ".vrml", "model/vrml" },
-    { ".mime", "message/rfc822" },
-    { ".pac", "application/x-ns-proxy-autoconfig" },
-    { ".wml", "text/vnd.wap.wml" },
-    { ".wmlc", "application/vnd.wap.wmlc" },
-    { ".wmls", "text/vnd.wap.wmlscript" },
-    { ".wmlsc", "application/vnd.wap.wmlscriptc" },
-    { ".wbmp", "image/vnd.wap.wbmp" },
-    { ".tgz", "application/x-gzip" },
-    { ".tar.gz", "application/x-gzip" },
-    { ".bz2", "application/x-bzip2" },
-    { ".zip", "application/zip" }
-#endif
-};
-
-static int mime_cmp(const mime_table_t *t1, const mime_table_t *t2)
-{
-    return strcasecmp(t1->ext, t2->ext);
-}
-
-void mime_init(void)
-{
-    qsort(mime_table, sizeof(mime_table)/sizeof(mime_table_t),
-            sizeof(mime_table_t), 
-            (int (*)(const void *, const void *))mime_cmp);
-}
-
-const char *getmimetype(const char *name) 
-{
-    mime_table_t *mime_type;
-
-    if ((name = strrchr(name, '.')) == NULL)
-        return mime_default;
-
-    mime_type = bsearch(&name, mime_table, 
-            sizeof(mime_table)/sizeof(mime_table_t),
-            sizeof(mime_table_t), 
-                (int (*)(const void *, const void *))mime_cmp);
-
-    return mime_type == NULL ? mime_default : mime_type->type;
-}
-
diff --git a/httpd/proc.c b/httpd/proc.c
index 8f3f745eaf..86bf163bdd 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -42,6 +42,7 @@ static int htaccess_check(struct connstruct *cn);
 #if defined(CONFIG_HTTP_DIRECTORIES)
 static void urlencode(const uint8_t *s, char *t);
 static void procdirlisting(struct connstruct *cn);
+static const char *getmimetype(const char *name);
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo);
@@ -87,15 +88,15 @@ static int procheadelem(struct connstruct *cn, char *buf)
             return 0;
         }
 
-        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
-        cn->if_modified_since = -1;
 #if defined(CONFIG_HTTP_HAS_CGI)
         if ((cgi_delim = strchr(value, '?')))
         {
             *cgi_delim = 0;
-            my_strncpy(cn->cgiargs, value+1, MAXREQUESTLENGTH);
+            my_strncpy(cn->cgiargs, cgi_delim+1, MAXREQUESTLENGTH);
         }
 #endif
+        my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
+        cn->if_modified_since = -1;
     } 
     else if (strcmp(buf, "Host:") == 0) 
     {
@@ -284,7 +285,7 @@ void procreadhead(struct connstruct *cn)
     /* Split up lines and send to procheadelem() */
     while (*next != '\0') 
     {
-        /* If we have a blank line, advance to next stage! */
+        /* If we have a blank line, advance to next stage */
         if (*next == '\r' || *next == '\n') 
         {
             buildactualfile(cn);
@@ -411,7 +412,7 @@ void procsendhead(struct connstruct *cn)
                                        cn->if_modified_since >= stbuf.st_mtime))
     {
         snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
-                "axhttpd V%s\nDate: %s\n", VERSION, date);
+                "axhttpd V%s\nDate: %s\n", ssl_version(), date);
         special_write(cn, buf, strlen(buf));
         cn->state = STATE_WANT_TO_READ_HEAD;
         return;
@@ -438,7 +439,7 @@ void procsendhead(struct connstruct *cn)
 
         snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
             "Content-Type: %s\nContent-Length: %ld\n"
-            "Date: %sLast-Modified: %s\n", VERSION,
+            "Date: %sLast-Modified: %s\n", ssl_version(),
             getmimetype(cn->actualfile), (long) stbuf.st_size,
             date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
 
@@ -498,7 +499,9 @@ void procsendfile(struct connstruct *cn)
     if (rv < 0)
         removeconnection(cn);
     else if (rv == cn->numbytes)
+    {
         cn->state = STATE_WANT_TO_READ_FILE;
+    }
     else if (rv == 0)
     { 
         /* Do nothing */ 
@@ -510,36 +513,6 @@ void procsendfile(struct connstruct *cn)
     }
 }
 
-static int special_write(struct connstruct *cn, 
-                                        const char *buf, size_t count)
-{
-    if (cn->is_ssl)
-    {
-        SSL *ssl = cn->ssl;
-        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
-    }
-    else
-        return SOCKET_WRITE(cn->networkdesc, buf, count);
-}
-
-static int special_read(struct connstruct *cn, void *buf, size_t count)
-{
-    int res;
-
-    if (cn->is_ssl)
-    {
-        uint8_t *read_buf;
-        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
-        {
-            memcpy(buf, read_buf, res > (int)count ? count : res);
-        }
-    }
-    else
-        res = SOCKET_READ(cn->networkdesc, buf, count);
-
-    return res;
-}
-
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn, int has_pathinfo) 
 {
@@ -551,7 +524,7 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 #endif
 
     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
-            VERSION, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+            ssl_version(), (cn->reqtype == TYPE_HEAD) ? "\n" : "");
     special_write(cn, buf, strlen(buf));
 
     if (cn->reqtype == TYPE_HEAD) 
@@ -1032,3 +1005,40 @@ static void send_error(struct connstruct *cn, int err)
     special_write(cn, buf, strlen(buf));
     removeconnection(cn);
 }
+
+static const char *getmimetype(const char *name)
+{
+    /* only bother with two types - let the browser/OS figure the rest out */
+    return strstr(name, ".htm") ? "text/html" : "application/octet-stream";
+}
+
+static int special_write(struct connstruct *cn, 
+                                        const char *buf, size_t count)
+{
+    if (cn->is_ssl)
+    {
+        SSL *ssl = cn->ssl;
+        return ssl ? ssl_write(ssl, (uint8_t *)buf, count) : -1;
+    }
+    else
+        return SOCKET_WRITE(cn->networkdesc, buf, count);
+}
+
+static int special_read(struct connstruct *cn, void *buf, size_t count)
+{
+    int res;
+
+    if (cn->is_ssl)
+    {
+        uint8_t *read_buf;
+        if ((res = ssl_read(cn->ssl, &read_buf)) > SSL_OK)
+        {
+            memcpy(buf, read_buf, res > (int)count ? count : res);
+        }
+    }
+    else
+        res = SOCKET_READ(cn->networkdesc, buf, count);
+
+    return res;
+}
+

From d53af378816652a28e0c9520a765356ccc14a4d8 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 16 May 2007 04:17:06 +0000
Subject: [PATCH 071/301] date not included in version

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@90 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 5a429d82b8..2cb497643a 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1997,7 +1997,7 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
  */
 EXP_FUNC const char  * STDCALL ssl_version()
 {
-    static const char * axtls_version = AXTLS_VERSION " " __DATE__;
+    static const char * axtls_version = AXTLS_VERSION;
     return axtls_version;
 }
 

From eb6a87e79e86d511ac67a8fa78f54e206db0f748 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 16 May 2007 04:17:40 +0000
Subject: [PATCH 072/301] date now added to version

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@91 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/c/axssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index c8e1375945..7e155e414b 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -65,7 +65,7 @@ int main(int argc, char *argv[])
 
     if (argc == 2 && strcmp(argv[1], "version") == 0)
     {
-        printf("axssl %s\n", ssl_version());
+        printf("axssl %s %s\n", ssl_version(), __DATE__);
         exit(0);
     }
 

From fc8409ef4cd18df0904ffd15aaa0d8ce6ca0bd95 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 16 May 2007 04:57:24 +0000
Subject: [PATCH 073/301] added new comments

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@92 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index 1fadb09d08..840fe7c2e1 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200704022246" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200705160414" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Zero length client certificates were causing a crash (now they return an error).\n* The client session id size is now variable.\n* ssl_version() just returns the version number (and not the date).\n\n!!__axhttpd__\n\n* mime types are now greatly simplified (let the browser figure things out).\n* An error with CGI arguments was fixed.\n* The axhttpd version is now the same as the axtls version.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From dbadc630ae5b08df953f431c4f88969da8448683 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 16 May 2007 04:57:54 +0000
Subject: [PATCH 074/301] added new comments

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@93 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index 840fe7c2e1..7d642714d1 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200705160414" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Zero length client certificates were causing a crash (now they return an error).\n* The client session id size is now variable.\n* ssl_version() just returns the version number (and not the date).\n\n!!__axhttpd__\n\n* mime types are now greatly simplified (let the browser figure things out).\n* An error with CGI arguments was fixed.\n* The axhttpd version is now the same as the axtls version.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200705160414" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Zero length client certificates were causing a crash (now they return an error).\n* The client session id size is now variable.\n* ssl_version() just returns the version number (and not the date).\n\n!!__axhttpd__\n\n* mime types are now greatly simplified (let the browser figure things out).\n* An error with CGI arguments was fixed.\n* The axhttpd version is now the same as the axtls version.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From a194849b9e9ed6dfb7a284d8c6becf8033c58cd0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 18 May 2007 22:25:23 +0000
Subject: [PATCH 075/301] fixed partial write error

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@94 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 2cb497643a..43d798ed6d 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -918,7 +918,8 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 {
     uint8_t *rec_buf = ssl->bm_all_data;
     int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
-    int ret;
+    int sent = 0;
+    int ret = SSL_OK;
 
     rec_buf[0] = protocol;
     rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
@@ -927,11 +928,33 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
     rec_buf[4] = ssl->bm_index & 0xff;
 
     DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
-                            pkt_size, pkt_size);
+                             pkt_size, pkt_size);
 
-    if ((ret = SOCKET_WRITE(ssl->client_fd, 
-                    ssl->bm_all_data, pkt_size)) < 0)
-        ret = SSL_ERROR_CONN_LOST;
+    while (sent < pkt_size)
+    {
+        if ((ret = SOCKET_WRITE(ssl->client_fd, 
+                        &ssl->bm_all_data[sent], pkt_size)) < 0)
+        {
+            ret = SSL_ERROR_CONN_LOST;
+            break;
+        }
+
+        sent += ret;
+
+        /* keep going until the write buffer has some space */
+        if (sent != pkt_size)
+        {
+            fd_set wfds;
+            FD_ZERO(&wfds);
+            FD_SET(ssl->client_fd, &wfds);
+
+            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
+            {
+                ret = SSL_ERROR_CONN_LOST;
+                break;
+            }
+        }
+    }
 
     SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
     ssl->bm_index = 0;

From c511f2986e60113abe63577d67c98d6d4cf37d3b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 22 May 2007 09:16:13 +0000
Subject: [PATCH 076/301] lots of CGI work and kepler/lua stuff

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@95 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in |  20 ++-
 httpd/axhttp.h  |  25 ++--
 httpd/axhttpd.c |  16 +--
 httpd/proc.c    | 315 +++++++++++++++++++++++-------------------------
 4 files changed, 195 insertions(+), 181 deletions(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index ce42a59a76..f938d39d33 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -53,20 +53,34 @@ config CONFIG_HTTP_TIMEOUT
     help
         Set the timeout of a connection in seconds.
 
+menu "CGI"
+
 config CONFIG_HTTP_HAS_CGI
     bool "Enable CGI"
     default n
+    depends on !CONFIG_PLATFORM_WIN32
     help
-        Enable the CGI capability.
+        Enable the CGI capability. Not available on Win32 platforms.
 
 config CONFIG_HTTP_CGI_EXTENSIONS
     string "CGI File Extension(s)"
-    default ".php,.sh"
+    default ".lua,.lp"
     depends on CONFIG_HTTP_HAS_CGI
     help
         Tell axhhtpd what file extension(s) are used for CGI.
 
-        This is a comma separated list.
+        This is a comma separated list - e.g. ".php,.pl" etc
+
+config CONFIG_HTTP_LUA_LAUNCHER
+    string "Lua's CGI Launcher"
+    default "/usr/local/bin/cgi" if CONFIG_PLATFORM_LINUX
+    default "/usr/local/bin/cgi.exe" if CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_HTTP_HAS_CGI
+
+    help
+        Lua has a special launcher application to run kepler/lua scripts.
+        ".lua and .lp" extensions must be defined in CONFIG_HTTP_CGI_EXTENSIONS.
+endmenu
 
 config CONFIG_HTTP_DIRECTORIES
     bool "Enable Directory Listing"
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index a2b14e687c..1cd07ffef8 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -26,17 +26,16 @@
 #endif
 
 #define MAXREQUESTLENGTH                    256
-#define MAXCGIARGS                          100
 #define BLOCKSIZE                           4096
 
 #define INITIAL_CONNECTION_SLOTS            10
 #define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0
 
-#define STATE_WANT_TO_READ_HEAD  1
-#define STATE_WANT_TO_SEND_HEAD  2
-#define STATE_WANT_TO_READ_FILE  3
-#define STATE_WANT_TO_SEND_FILE  4
-#define STATE_DOING_DIR          5
+#define STATE_WANT_TO_READ_HEAD             1
+#define STATE_WANT_TO_SEND_HEAD             2
+#define STATE_WANT_TO_READ_FILE             3
+#define STATE_WANT_TO_SEND_FILE             4
+#define STATE_DOING_DIR                     5
 
 enum
 {
@@ -67,7 +66,7 @@ struct connstruct
     char actualfile[MAXREQUESTLENGTH];
     char filereq[MAXREQUESTLENGTH];
     char dirname[MAXREQUESTLENGTH];
-    char virtualhostreq[MAXREQUESTLENGTH];
+    char server_name[MAXREQUESTLENGTH];
     int numbytes;
     char databuf[BLOCKSIZE];
     uint8_t is_ssl;
@@ -75,9 +74,13 @@ struct connstruct
     time_t if_modified_since;
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-    char cgiargs[MAXREQUESTLENGTH];
-    char cgiscriptinfo[MAXREQUESTLENGTH];
-    char cgipathinfo[MAXREQUESTLENGTH];
+    uint8_t is_cgi;
+    uint8_t is_lua;
+    int content_length;
+    char remote_addr[MAXREQUESTLENGTH];
+    char uri_request[MAXREQUESTLENGTH];
+    char uri_path_info[MAXREQUESTLENGTH];
+    char uri_query[MAXREQUESTLENGTH];
 #endif
 #if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
     char authorization[MAXREQUESTLENGTH];
@@ -104,6 +107,8 @@ struct cgiextstruct
 extern struct serverstruct *servers;
 extern struct connstruct *usedconns;
 extern struct connstruct *freeconns;
+extern const char * const server_version;
+
 #if defined(CONFIG_HTTP_HAS_CGI)
 extern struct cgiextstruct *cgiexts;
 #endif
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 5bdf423d3d..c67c08eca6 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -27,6 +27,7 @@
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
+const char * const server_version = "axhttpd/"AXTLS_VERSION;
 
 static void addtoservers(int sd);
 static int openlistener(int port);
@@ -162,8 +163,8 @@ int main(int argc, char *argv[])
     addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
 #endif
 #if defined(CONFIG_HTTP_VERBOSE)
-    printf("axhttpd (%s): listening on ports %d (http) and %d (https)\n", 
-            ssl_version(), CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
+    printf("%s: listening on ports %d (http) and %d (https)\n", 
+            server_version, CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
     TTY_FLUSH();
 #endif
 
@@ -475,15 +476,15 @@ static void addconnection(int sd, char *ip, int is_ssl)
 #if defined(CONFIG_HTTP_HAS_DIRECTORIES)
     tp->dirp = NULL;
 #endif
-    *(tp->actualfile) = '\0';
-    *(tp->filereq) = '\0';
-#if defined(CONFIG_HTTP_HAS_CGI)
-    *(tp->cgiargs) = '\0';
-#endif
+    *tp->actualfile = '\0';
+    *tp->filereq = '\0';
     tp->state = STATE_WANT_TO_READ_HEAD;
     tp->reqtype = TYPE_GET;
     tp->close_when_done = 0;
     tp->timeout = time(NULL) + CONFIG_HTTP_TIMEOUT;
+#if defined(CONFIG_HTTP_HAS_CGI)
+    strcpy(tp->remote_addr, ip);
+#endif
 }
 
 void removeconnection(struct connstruct *cn) 
@@ -564,3 +565,4 @@ static void ax_chdir(void)
         exit(1);
     }
 }
+
diff --git a/httpd/proc.c b/httpd/proc.c
index 86bf163bdd..c65d0998e0 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -38,17 +38,15 @@ static void buildactualfile(struct connstruct *cn);
 static int sanitizefile(const char *buf);
 static int sanitizehost(char *buf);
 static int htaccess_check(struct connstruct *cn);
+static const char *getmimetype(const char *name);
 
 #if defined(CONFIG_HTTP_DIRECTORIES)
 static void urlencode(const uint8_t *s, char *t);
 static void procdirlisting(struct connstruct *cn);
-static const char *getmimetype(const char *name);
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
-static void proccgi(struct connstruct *cn, int has_pathinfo);
-static int trycgi_withpathinfo(struct connstruct *cn);
-static void split(char *tp, char *sp[], int maxwords, char sc);
-static int iscgi(const char *fn);
+static void proccgi(struct connstruct *cn);
+static void decode_path_info(struct connstruct *cn, char *path_info);
 #endif
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
 static int auth_check(struct connstruct *cn);
@@ -58,9 +56,6 @@ static int auth_check(struct connstruct *cn);
 static int procheadelem(struct connstruct *cn, char *buf) 
 {
     char *delim, *value;
-#if defined(CONFIG_HTTP_HAS_CGI)
-    char *cgi_delim;
-#endif
 
     if ((delim = strchr(buf, ' ')) == NULL)
         return 0;
@@ -89,13 +84,10 @@ static int procheadelem(struct connstruct *cn, char *buf)
         }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-        if ((cgi_delim = strchr(value, '?')))
-        {
-            *cgi_delim = 0;
-            my_strncpy(cn->cgiargs, cgi_delim+1, MAXREQUESTLENGTH);
-        }
-#endif
+        decode_path_info(cn, value);
+#else
         my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
+#endif
         cn->if_modified_since = -1;
     } 
     else if (strcmp(buf, "Host:") == 0) 
@@ -106,7 +98,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
             return 0;
         }
 
-        my_strncpy(cn->virtualhostreq, value, MAXREQUESTLENGTH);
+        my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
     } 
     else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
     {
@@ -128,6 +120,12 @@ static int procheadelem(struct connstruct *cn, char *buf)
             cn->authorization[size] = 0;
     }
 #endif
+#if defined(CONFIG_HTTP_HAS_CGI)
+    else if (strcmp(buf, "Content-Length:") == 0)
+    {
+        sscanf(value, "%d", &cn->content_length);
+    }
+#endif
 
     return 1;
 }
@@ -169,7 +167,7 @@ static void procdirlisting(struct connstruct *cn)
     snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
             "<html><body>\n<title>Directory Listing</title>\n"
             "<h3>Directory listing of %s://%s%s</h3><br />\n", 
-            cn->is_ssl ? "https" : "http", cn->virtualhostreq, cn->filereq);
+            cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
     special_write(cn, buf, strlen(buf));
     cn->state = STATE_DOING_DIR;
 }
@@ -320,6 +318,7 @@ void procsendhead(struct connstruct *cn)
     struct stat stbuf;
     time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
     char date[32];
+    int file_exists;
 
     /* are we trying to access a file over the HTTP connection instead of a
      * HTTPS connection? Or is this directory disabled? */
@@ -340,31 +339,19 @@ void procsendhead(struct connstruct *cn)
     }
 #endif
 
-    if (stat(cn->actualfile, &stbuf) == -1)
-    {
-#if defined(CONFIG_HTTP_HAS_CGI)
-        if (stat(cn->actualfile, &stbuf) == -1 && trycgi_withpathinfo(cn) == 0) 
-        { 
-            /* We Try To Find A CGI */
-            proccgi(cn, 1);
-            return;
-        }
-#endif
-    }
+    file_exists = stat(cn->actualfile, &stbuf);
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-    if (iscgi(cn->actualfile))
+    if (file_exists != -1 && cn->is_cgi)
     {
-#ifndef WIN32
-        /* An executable file? */
-        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
+        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
         {
+            /* A non-executable file, or directory? */
             send_error(cn, 404);
-            return;
         }
-#endif
+        else
+            proccgi(cn);
 
-        proccgi(cn, 0);
         return;
     }
 #endif
@@ -373,10 +360,10 @@ void procsendhead(struct connstruct *cn)
     if (isdir(cn->actualfile))
     {
         char tbuf[MAXREQUESTLENGTH];
-        sprintf(tbuf, "%s%s", cn->actualfile, index_file);
+        snprintf(tbuf, MAXREQUESTLENGTH, "%s%s", cn->actualfile, index_file);
 
-        if (stat(tbuf, &stbuf) != -1) 
-            strcat(cn->actualfile, index_file);
+        if ((file_exists = stat(tbuf, &stbuf)) != -1) 
+            my_strncpy(cn->actualfile, tbuf, MAXREQUESTLENGTH);
         else
         {
 #if defined(CONFIG_HTTP_DIRECTORIES)
@@ -387,22 +374,12 @@ void procsendhead(struct connstruct *cn)
 #endif
             return;
         }
+    }
 
-#if defined(CONFIG_HTTP_HAS_CGI)
-        /* If the index is a CGI file, handle it like any other CGI */
-        if (iscgi(cn->actualfile))
-        {
-            /* Set up CGI script */
-            if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile)) 
-            {
-                send_error(cn, 404);
-                return;
-            }
-
-            proccgi(cn, 0);
-            return;
-        }
-#endif
+    if (file_exists == -1)
+    {
+        send_error(cn, 404);
+        return;
     }
 
     strcpy(date, ctime(&now));
@@ -412,7 +389,7 @@ void procsendhead(struct connstruct *cn)
                                        cn->if_modified_since >= stbuf.st_mtime))
     {
         snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
-                "axhttpd V%s\nDate: %s\n", ssl_version(), date);
+                "%s\nDate: %s\n", server_version, date);
         special_write(cn, buf, strlen(buf));
         cn->state = STATE_WANT_TO_READ_HEAD;
         return;
@@ -437,9 +414,9 @@ void procsendhead(struct connstruct *cn)
             return;
         }
 
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n"
+        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: %s\n"
             "Content-Type: %s\nContent-Length: %ld\n"
-            "Date: %sLast-Modified: %s\n", ssl_version(),
+            "Date: %sLast-Modified: %s\n", server_version,
             getmimetype(cn->actualfile), (long) stbuf.st_size,
             date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
 
@@ -514,18 +491,24 @@ void procsendfile(struct connstruct *cn)
 }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-static void proccgi(struct connstruct *cn, int has_pathinfo) 
+#define CGI_ARG_SIZE        14
+
+static void proccgi(struct connstruct *cn) 
 {
     int tpipe[2];
-    char *myargs[5];
-    char buf[MAXREQUESTLENGTH];
+    char *myargs[2];
+    char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
+    char * cgiptr[CGI_ARG_SIZE+1];
+    const char *type = "HEAD";
+    int cgi_index = 0, i;
 #ifdef WIN32
     int tmp_stdout;
 #endif
 
-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: axhttpd V%s\n%s",
-            ssl_version(), (cn->reqtype == TYPE_HEAD) ? "\n" : "");
-    special_write(cn, buf, strlen(buf));
+    snprintf(cgienv[0], MAXREQUESTLENGTH, 
+            "HTTP/1.1 200 OK\nServer: %s\n%s",
+            server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
+    special_write(cn, cgienv[0], strlen(cgienv[0]));
 
     if (cn->reqtype == TYPE_HEAD) 
     {
@@ -533,6 +516,12 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
         return;
     }
 
+#ifdef CONFIG_HTTP_VERBOSE
+        printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
+        TTY_FLUSH();
+#endif
+
+    /* win32 cgi is a bit too painful */
 #ifndef WIN32
     pipe(tpipe);
 
@@ -560,144 +549,139 @@ static void proccgi(struct connstruct *cn, int has_pathinfo)
 
     close(tpipe[0]);
     close(tpipe[1]);
-    myargs[0] = cn->actualfile;
-    myargs[1] = cn->cgiargs;
-    myargs[2] = NULL;
 
-    if (!has_pathinfo) 
+    myargs[0] = cn->actualfile;
+    myargs[1] = NULL;
+
+    /* 
+     * set the cgi args. A url is defined by:
+     * http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO?$QUERY_STRING
+     * TODO: other CGI parameters?
+     */
+    sprintf(cgienv[cgi_index++], "SERVER_SOFTWARE=%s", server_version);
+    strcpy(cgienv[cgi_index++], "DOCUMENT_ROOT=" CONFIG_HTTP_WEBROOT);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "SERVER_NAME=%s", cn->server_name);
+    sprintf(cgienv[cgi_index++], "SERVER_PORT=%d", 
+            cn->is_ssl ? CONFIG_HTTP_HTTPS_PORT : CONFIG_HTTP_PORT);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "REQUEST_URI=%s", cn->uri_request);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "SCRIPT_NAME=%s", cn->filereq);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "PATH_INFO=%s", cn->uri_path_info);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "QUERY_STRING=%s", cn->uri_query);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "REMOTE_ADDR=%s", cn->remote_addr);
+
+    switch (cn->reqtype)
     {
-        my_strncpy(cn->cgipathinfo, "/", MAXREQUESTLENGTH);
-        my_strncpy(cn->cgiscriptinfo, cn->filereq, MAXREQUESTLENGTH);
+        case TYPE_GET: 
+            type = "GET";
+            break;
+
+        case TYPE_POST:
+            type = "POST";
+            sprintf(cgienv[cgi_index++], 
+                        "CONTENT_LENGTH=%d", cn->content_length);
+            strcpy(cgienv[cgi_index++], 
+                        "CONTENT_TYPE=application/x-www-form-urlencoded");
+            break;
     }
 
-    execv(cn->actualfile, myargs);
-#else /* WIN32 */
-    _pipe(tpipe, 8192, O_BINARY| O_NOINHERIT);
+    sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);
 
-    myargs[0] = "sh";
-    myargs[1] = "-c";
-    myargs[2] = &cn->filereq[1];    /* ignore the inital "/" */
-    myargs[3] = cn->cgiargs;
-    myargs[4] = NULL;
+    if (cn->is_ssl)
+        strcpy(cgienv[cgi_index++], "HTTPS=on");
 
-    tmp_stdout = _dup(_fileno(stdout));
-    _dup2(tpipe[1], _fileno(stdout));
-    close(tpipe[1]);
+#ifdef CONFIG_PLATFORM_CYGWIN
+    /* TODO: find out why Lua needs this */
+    strcpy(cgienv[cgi_index++], "PATH=/usr/bin");
+#endif
 
-    /* change to suit execution method */
-    if (spawnl(P_NOWAIT, "c:\\Program Files\\cygwin\\bin\\sh.exe", 
-                myargs[0], myargs[1], myargs[2], myargs[3], myargs[4]) == -1) 
+    if (cgi_index >= CGI_ARG_SIZE)
     {
-        removeconnection(cn);
+        printf("Content-type: text/plain\n\nToo many CGI args\n");
         return;
     }
 
-    _dup2(tmp_stdout, _fileno(stdout));
-    close(tmp_stdout);
-    cn->filedesc = tpipe[0];
-    cn->state = STATE_WANT_TO_READ_FILE;
-    cn->close_when_done = 1;
-
-    for (;;)
-    {
-        procreadfile(cn);
-
-        if (cn->filedesc == -1)
-            break;
+    /* copy across the pointer indexes */
+    for (i = 0; i < cgi_index; i++)
+        cgiptr[i] = cgienv[i];
 
-        procsendfile(cn);
-        usleep(200000); /* don't know why this delay makes it work (yet) */
-    }
+    cgiptr[i] = NULL;
+    execve(myargs[0], myargs, cgiptr);
+    printf("Content-type: text/plain\n\nshouldn't get here\n");
 #endif
 }
 
-static int trycgi_withpathinfo(struct connstruct *cn)
+static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
 {
-    char tpfile[MAXREQUESTLENGTH];
-    char fr_str[MAXREQUESTLENGTH];
-    char *fr_rs[MAXCGIARGS]; /* filereq splitted */
-    int i = 0, offset;
-
-    my_strncpy(fr_str, cn->filereq, MAXREQUESTLENGTH);
-    split(fr_str, fr_rs, MAXCGIARGS, '/');
+    struct cgiextstruct *tp = cgiexts;
 
-    while (fr_rs[i] != NULL) 
+    while (tp != NULL) 
     {
-        snprintf(tpfile, sizeof(tpfile), "/%s%s", 
-                            cn->virtualhostreq, fr_str);
+        char *t;
 
-        if (iscgi(tpfile) && isdir(tpfile) == 0)
+        if ((t = strstr(fn, tp->ext)) != NULL)
         {
-            /* We've found our CGI file! */
-            my_strncpy(cn->actualfile, tpfile, MAXREQUESTLENGTH);
-            my_strncpy(cn->cgiscriptinfo, fr_str, MAXREQUESTLENGTH);
-            offset = (fr_rs[i] + strlen(fr_rs[i])) - fr_str;
-            my_strncpy(cn->cgipathinfo, cn->filereq+offset, MAXREQUESTLENGTH);
-            return 0;
-        }
-
-        *(fr_rs[i]+strlen(fr_rs[i])) = '/';
-        i++;
-    }
-
-    /* Couldn't find any CGIs :( */
-    *(cn->cgiscriptinfo) = '\0';
-    *(cn->cgipathinfo) = '\0';
-    return -1;
-}
 
-static int iscgi(const char *fn)
-{
-    struct cgiextstruct *tp = cgiexts;
-    int fnlen, extlen;
+            t += strlen(tp->ext);
 
-    fnlen = strlen(fn);
+            if (*t == '/' || *t == '\0')
+            {
+                if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0)
+                    cn->is_lua = 1;
 
-    while (tp != NULL) 
-    {
-        extlen = strlen(tp->ext);
+                return t;
+            }
+            else
+                return NULL;
 
-        if (strcasecmp(fn+(fnlen-extlen), tp->ext) == 0)
-            return 1;
+        }
 
         tp = tp->next;
     }
 
-    return 0;
+    return NULL;
 }
 
-static void split(char *tp, char *sp[], int maxwords, char sc)
+static void decode_path_info(struct connstruct *cn, char *path_info)
 {
-    int i = 0;
+    char *cgi_delim;
 
-    while(1) 
+    cn->is_cgi = 0;
+    cn->is_lua = 0;
+    *cn->uri_request = '\0';
+    *cn->uri_path_info = '\0';
+    *cn->uri_query = '\0';
+
+    my_strncpy(cn->uri_request, path_info, MAXREQUESTLENGTH);
+
+    /* query info? */
+    if ((cgi_delim = strchr(path_info, '?')))
     {
-        /* Skip leading whitespace */
-        while (*tp == sc) tp++;
+        *cgi_delim = '\0';
+        my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
+    }
 
-        if (*tp == '\0') 
-        {
-            sp[i] = NULL;
-            break;
-        }
+    if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
+    {
+        cn->is_cgi = 1;     /* definitely a CGI script */
 
-        if (i==maxwords-2) 
+        /* path info? */
+        if (*cgi_delim != '\0')
         {
-            sp[maxwords-2] = NULL;
-            break;
+            my_strncpy(cn->uri_path_info, cgi_delim, MAXREQUESTLENGTH);
+            *cgi_delim = '\0';
         }
-
-        sp[i] = tp;
-
-        while(*tp != sc && *tp != '\0') 
-            tp++;
-
-        if (*tp == sc) 
-            *tp++ = '\0';
-
-        i++;
     }
+
+    /* the bit at the start must be the script name */
+    my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
 }
+
 #endif  /* CONFIG_HTTP_HAS_CGI */
 
 /* Decode string %xx -> char (in place) */
@@ -755,6 +739,15 @@ static void buildactualfile(struct connstruct *cn)
 {
     char *cp;
 
+#if defined(CONFIG_HTTP_HAS_CGI)
+    /* use the lua launcher if this file has a lua extension */
+    if (cn->is_lua)
+    {
+        strcpy(cn->actualfile, CONFIG_HTTP_LUA_LAUNCHER);
+        return;
+    }
+#endif
+
 #ifdef CONFIG_HTTP_USE_CHROOT
     snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
 #else
@@ -937,7 +930,7 @@ static int auth_check(struct connstruct *cn)
 
 error:
     fclose(fp);
-    send_authenticate(cn, cn->virtualhostreq);
+    send_authenticate(cn, cn->server_name);
     return -1;
 }
 #endif

From 80b24c3c41995495204147eb0dd19c9bb2ea3af1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 22 May 2007 12:07:24 +0000
Subject: [PATCH 077/301] added kepler/lua to the build

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@96 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in                               |  28 ++++++--
 httpd/Makefile                                |  14 +++-
 httpd/axhttp.h                                |   3 +
 .../kepler-1.1-snapshot-20070420-1741.tar.gz  | Bin 0 -> 782154 bytes
 httpd/kepler.patch                            |  64 +++++++++++++++++
 httpd/proc.c                                  |  67 ++++++++++++------
 6 files changed, 148 insertions(+), 28 deletions(-)
 create mode 100755 httpd/kepler-1.1-snapshot-20070420-1741.tar.gz
 create mode 100644 httpd/kepler.patch

diff --git a/httpd/Config.in b/httpd/Config.in
index f938d39d33..11f6b725dc 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -71,15 +71,31 @@ config CONFIG_HTTP_CGI_EXTENSIONS
 
         This is a comma separated list - e.g. ".php,.pl" etc
 
-config CONFIG_HTTP_LUA_LAUNCHER
-    string "Lua's CGI Launcher"
-    default "/usr/local/bin/cgi" if CONFIG_PLATFORM_LINUX
-    default "/usr/local/bin/cgi.exe" if CONFIG_PLATFORM_CYGWIN
+config CONFIG_HTTP_ENABLE_LUA
+    bool "Enable Lua"
+    default y
     depends on CONFIG_HTTP_HAS_CGI
+    help
+        Lua is a powerful, fast, light-weight, embeddable scripting language.
+
+        See http://www.lua.org for details.
+
+config CONFIG_HTTP_LUA_PREFIX
+    string "Lua's Installation Prefix"
+    default "/usr/local"
+    depends on CONFIG_HTTP_ENABLE_LUA
 
     help
-        Lua has a special launcher application to run kepler/lua scripts.
-        ".lua and .lp" extensions must be defined in CONFIG_HTTP_CGI_EXTENSIONS.
+        The location of Lua's installation prefix. This is also necessary for
+        Lua's cgi launcher application.
+
+config CONFIG_HTTP_BUILD_LUA
+    bool "Build Lua"
+    default n
+    depends on CONFIG_HTTP_ENABLE_LUA
+    help
+        Build Lua and install in /usr/local/bin
+
 endmenu
 
 config CONFIG_HTTP_DIRECTORIES
diff --git a/httpd/Makefile b/httpd/Makefile
index 13e2f04009..6aedf5f067 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -16,7 +16,7 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-all : web_server
+all : web_server lua
 
 include ../config/.config
 include ../config/makefile.conf
@@ -39,6 +39,17 @@ endif
 
 CFLAGS += -I../ssl
 
+ifdef CONFIG_HTTP_BUILD_LUA
+lua: kepler-1.1
+
+kepler-1.1:
+	@tar xvfz  kepler-1.1-snapshot-20070420-1741.tar.gz
+	@cat kepler.patch | patch -p0
+	cd kepler-1.1; ./configure --prefix=$(CONFIG_HTTP_LUA_PREFIX) --launcher=cgi --lua-suffix= ; make install
+else
+lua:
+endif
+
 else # win32 build
 TARGET=../$(STAGE)/axhttpd.exe
 TARGET2=../$(STAGE)/htpasswd.exe
@@ -100,4 +111,5 @@ endif       # CONFIG_AXHTTPD
 
 clean::
 	-@rm -f $(TARGET)*
+	-@rm -fr kepler-1.1
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 1cd07ffef8..8b05d3e03c 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -75,12 +75,15 @@ struct connstruct
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     uint8_t is_cgi;
+#ifdef CONFIG_HTTP_ENABLE_LUA
     uint8_t is_lua;
+#endif
     int content_length;
     char remote_addr[MAXREQUESTLENGTH];
     char uri_request[MAXREQUESTLENGTH];
     char uri_path_info[MAXREQUESTLENGTH];
     char uri_query[MAXREQUESTLENGTH];
+    char cookie[MAXREQUESTLENGTH];
 #endif
 #if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
     char authorization[MAXREQUESTLENGTH];
diff --git a/httpd/kepler-1.1-snapshot-20070420-1741.tar.gz b/httpd/kepler-1.1-snapshot-20070420-1741.tar.gz
new file mode 100755
index 0000000000000000000000000000000000000000..af37195b5c8605a9f928072e563ed782ff84acdc
GIT binary patch
literal 782154
zcmV(;K-<3`iwFRXB`HP#1MGbXU{uxBa1sH@6EWZdD(d4AOa?QP1;R2AB+G<E0*Oi3
z1Pqgzm*kn5dBeP!gdiw8h*nXHt*r~7w$*AC*V<N#OWoR9u-e+ierT<AtDk$Ve!u<i
zxyyU^zV~Jl7VX!s&i7UF?sCq#=bn4+x#ymHZ?_tcs0nYWue3Ppi~5zI-<0xl__uUQ
zc`5%d`(>4uOfD@$zsaSjTxnV9q>?PT{0pOq`=yLzFd@rXU7FDqjHWNwU;e-8uiNVX
zxxsF=LyM?K90zpp<Vlm#^gr}_xvl>vPA-|8C6^p=N?d;b;r%a-v;CxTa;+LnrV^?g
z(qkQ3XDSg)YI@9BP|{+dNGi<A`BE`$rG%=_!6GF`f~i=jON({NQ9Z0iP(}?Bub3+L
zc4?t5nvKdOb-6vIMZ!M0zC-TQQ*umI!;q@QP}fADVpK=eB)ft!Sx5C*%_3F;rv{U9
zP)=%5)rTr92u8H9tjB?H!!L(AwIaDAXe99;h@7$_d1bIC7)z>BL*@K=)pdd9vnyB%
zs^5rf1|zI3@nEPs*r^(FVGy-88V!04H6BEaL6k-`Bk6JCjHH4Qy|WYAkNz}PMBpEF
zWgO9o{#d2O<!HEEYHVt)Z=6@z(AHF0J*RSZpyliet6~w9K#&(=hJ}O4V0+L|O@_%0
zsbI^w4RVK`aA|Y258*75^^i6d{WshmDw5;6k?c&UMv;uNG-&($N(7*-rn!CrFaTEp
zge_`Pu9{!pP}7D=06z5peW>+X2jG;AE<J_Nx2u>A#P^7fTG^{5yC}bk5R70f%(#a*
z7DrtaOB$?d3YvjNl-#2x3`DO_UPPF0cCLXy^lGSYNl}%-A}!Z3AwEiK{k)de%7z9f
zv1#gA4L|^>45=W07MuzUAsUZp=wFi+kcyB}wCy@-FhUm70T)PaFp^M%;Xb)5*n<QT
zP*rKMU;@GL0uLe@Y9c0pBE<vCCz<fi1_TmE21$^#4t0fGm|w`{c#2StN0Mb(M?6eu
zXc!7)N@^^ubx3Z*JFqgTCP28uY8;hPV<AMK%kXXvRMs@q&kMBG)Fa_2P8kU+siD3K
zrB>t@@`XIb5v|=SQ$Me|VSY`(tsK=Hk`!3fRN2ZQAm1i*Gn;@Wp8{O2gbDP#^Xi*8
znE2BK$ubE<{3QUi@=bV+)%8;;ye>Ve7VC*%D54fOCW3Y7vy|kU2v})?fP4k!Hrg{2
z;r6Ie99E+`DbqB+s-eExy;MBa9??RQga&JUE8ib9!NhG9AlT`*&_KS7)x?^rY7Q>`
zv|2<nX^Y@XfN15L@M<etTB~Q*b0ArY36(2C0J8)Ewou9hkA%FceqLpBeV~Oy!KV^5
zXCnx<vIG~OXyJ1$ZX$IVO7+}0mcv>?4JGx2`)F!v4%F5!B9s<K^iVJ&wJdI_Zk$(3
z5t9O*Vl^3(M3PtzqXd!I)-t~qgDWqUq&b16hCp*0(+*-SmJ67m_f4FhVq*IhBiqjc
zQQwLRaaCBUHZ7(leQ0iCMHdFD&bEqjxIM*P$*>+W>|`OXk}h?t(yqm9ePU+1*KjQ@
zNRIV^3%4{@&k3{+05Fm^VDJD6Ha1lbkkZ=vh5+JxYhdm`%2SJ^jSPlED&9Y{SuJbS
z4H%KV%D|B!HCT2qn1u3`$VRFQKpLrOea~;8gH>8oxu9|$)_DElu$Sz&5%vmn7}<u4
zqZk?|LMim^k(%r0%^slWG&IhhjY<!!Fj#W~D#&Ki0Td-OWPb(c)|3yRl$#D+Kukbn
z6Cp!3nr^K@p&>i91sTj0ptE=lz|zZorM@z5xU+P*%vXY{xZ$6z#?%C|hQLD8s4DM>
z1Uuc7cy)C}XDB2!HB`3NHa5>~tFCRRoZV94T^K3y2CU?U8k!!7%HBvgBB9x+4U#In
zXc3t}iw18;Q+>5%*qNrAr$~0#b+%~@76@K(o}#Vv6dQ>UOmC<JE<k4qk1v=OprA6F
z7S^EYF(Y_pSK5gZYmnL3lZF<v+4EZhZOky_TFyh7yO{B~27o|~rpA`~MY8o>)6m!y
zn8zhBkg~U)Gd%hEz<~r2+yV>`JJy4H5B&$s`UtFDy%Dr(L34Z``YRSnB@DDY@HTK*
zXv-xvVyK7QmV={@c8MkQ4K-LwtppA$O{ob~&7Y0=<1P#y0UW81%2F{#cpH%j$B|7c
z%s#A~gG?@oLi1!oju=9}@S4s!^L#;wprq3Z_23>B?N|F8g;JeNI^y)1a~@4Jfzo6~
z1)E@)xMk>OHWUR{02+(f7r+LJmD5HAaqePBv+y~}AskjYfm|xC=@5g%A{}1n2X3(i
z;=c<0FBFL-jjl8_K;!vE7~!|L<m!(m<~T{u4>XQjXEzhg*AGj~q6fnj;;_lY7hx#~
zoS{CR^jvW)4*TtzaC;~n33!Zf%SNC8%BR7P1bhCx`bAKI^oO{p^l&<jlQY}sa*|;h
zLH$d<qdw5Z*+#B7p^?0cf-64&jF4w{VVEXXT6~=Q!Yn*MWH#>xvC{h23GP1OBsgu+
zx)u8uU2G#B+Wh8*imqfb?k_Ix?d^qSqfbwC7I!4$+`M8dMAn({gnj{9MdRY&H`PPk
zYEr6R&;kk&>CM@J3UAmSH`D~OX8ggJ9_x$hDZ@W2)MEf1WJ7kUzL=Wy7o(Jft|!5v
zxoFWM863sQF4a(pgBiQ$yvSaZ6KX`oe$`;7WLvDYB9pBSP3=^lnxACpXMQr9-^wRz
zNb}p25<UfFkN;+tKA#31XnsTQnIGevl=hUim9>>f<1AuPN(rP`^rDnfNa0Cl^*E|~
z%2CBqjKm@wLo36HjP{-~Gl?f3V<E|`1sDlRVvWGS+%57tH4;}7axfl`XzAr`;p{+b
zMQ^8?l)WL@n=FBTZpHnJENtjhRI>+r%Rvgj^-Cm74kHULp|z**O2fqh=giRRevR!^
zFeI3_yy1sy+q1D=8z-X`Wm!np4DcR<`yA0l-8*68Nk`HtA)IB^6@Uj97a_TEt_d|7
zR#CEnWIB{)DP>w9xXl&VGj7@BMwf~PN_)`g0=^cgp)Os{&%Y2&T8o<k<Hs*4@lIPd
zVNHRjC>%`mYB9_y8^p$zMP34xE*9dHEI)7m;Ii(`sKU<rL@MIyNgF3u!+wytClimP
z4BBAWj$!*sdMwiCy24`pTiw_kpcM0-da_es_9IuyHa)s}<1+(g1!z^F2;0mOF|(44
zl@|Q7D(K#Z*V+xj+LC_5Xhy<IK9&MN^H;6MgN9YDR*R@DeMVA^x|VLB9EEW}jb0Be
z*sR4mDIkd_*P@NJ%A$^?Q2N-X8--kDjz;$yu2iz3gif}hh$*dZ2vp89$qb<>ASQ0u
zuoOx*`KCmZ4>yv{Y8=6CrCrG-1qreEZ$j!Efz)mXsogeGyLnQ((~{clLaJM7S5mt<
zQt{s~E-S-fYapsClZl`?N?|0%cnw1oOQB-})FZE!k*yu)Hc&l9cxVL{wKi9pvXAI)
zAlX#@%o3Iia%EWGo2797i)9GQ%@T8*B}hw|8aU|oz>+FWThN4>u^o_~sSS{yo_@$Z
zOxp3*bvo(;keQKwQX*3eNQv}qAo+*cid9-XT^r8R;u%{2`I+d4{PfgA?%~iL4VSwT
zj?Ag_R6}N3k|8q<y^zHdEBTu08s{zc(_M6?Rf)PHngEO{*@y+>Mi(-+sH#c^6YZj=
z&M&kkFc15p1e@QOLi1}5`Ql-4Eby4092Bmh)+d1@Nw^Ju2PHgAiMG)1LZOIE!aVRh
zDCa4Vx`i@x+{waQ3Ruw}#w>I&bC9XlL!BC{!jfpLOr}~8MPsi<BWPTzadVnO;|l6a
zL?&njVUStkE7ahpbHdX(4xS$5ba^n7rNGl}cb;abg?ZZT&QoVKZt``^QG(KU=V>?3
z({7We&KkVkL3mmlXsxajc-n#80~SxoH{~h$aPriw#PQTwR^TbEV&`dwT9~J{YK*7O
zYJ{gIVT`9%^AJy6kTIT`<$$N;19<AJL3xTZ%+0Nu`W76@QbB_<%{?@><P=Nd)qe$x
z+N4o<X3(AxmM7p&zoeB-j|(XvZlZYvD2VN-G(v)U66ygB2JS;^36=nE+Hv<E6~|)p
zWVG^?X)u8V6Ab83b4+{a2Np(;ZOV}(HW#rv)&1AWjrPbU&sk@9d??%3xymKS%W!y?
zhl7aRv&JtT9~~d|j;|X(cR8(=4k$GBU?HM9NCE_!{ZcMk?Ryg)F2E4#?y#1Sy>6JK
zTwk#zDqgP|3${m8F9dkxhT^ifxz1JzOPj|9k}TzRXtA(cjyD#Js&e&$7G%Y&3?`5)
z5MrfVh`IHKR=JU#p5Ia~aLt=oF>r<!Psqd|R~L$&NCw-rh?eY=lf7!N+sy@GdN>gO
z=T=su&$b!_ym9f|z&!AkHG^-ew8S?NVVzq!CjdhyS5C7Vs94*71eW4j8oSvQmS^9B
zR=nXp#BD9)D8RPw6t){}f@ho33TjI%j8uph{exq4!!m`|7SZ+Y6k<A(HS~8d%+V%n
zE-JjjU>jT5$KO_0+0xcBe_mSyY|?hbbcltF>M<vzhMEecGi0`aI;Lt9s#?`jWAgjp
zIO@K^nu)_?Ge096Z4_qqg|`M;T4C@Ez?Eoo@Hr+}e+JzxN$K<GkiyIZw<+EH;NA6}
z;`~{eKyZxj7Y`cVDq0PAkxrN;uU;*~U|+SeC*CoTs-bYE3F^!<Wi(fy$<!M!m1oF4
zUxsi6P-g9ve?GK~=@2<;t^?dU3$ZgzM#etqpL&P%((a}Mh;=@bFfOu<mdFtFX4bL>
zf>?#6a|Maa+l%47G*+k+0%Rck)WuurmmMtq-@*iz)!NvUuGSaFGln6sD1c~Y3ubRr
zhJ#S{LN%4Gm13dElP0l3Ev?P<r~%1DN@YoGNiTE=S%^xxT8F#@hF*pqST-Ft!eSKK
zLH5=_It-u!In&|0LlX(@ri6~e#=wAd0-eD#DL+>oOy?C|17|RAu@)xzK127p6~Qgx
zmpJ}@OlGW7Gvuey%+?O6sh2YV5p{F_*fQ$pfmA0VlWC>ks;4tl09_56v6i0Z_cHtf
zSL{04p4@Mr42*tJ?1>UM%gxR)jfol;Q;0?RScUBQ9))i&uUB~%91_u-3T$hst85O4
zxP=f`9GD2bRE)a8MTg=jzx353TD!e6ucmnSm8hgLHONg-4Uhp2{lhzZMC~&WiMKRR
z#=-8?LTpc+sUWg!#;S(?N&dm1^%Cze@zW)?B$0m+(V-p#yog*dgojp_(Ha^pTo92^
zz}(08m@xR=KtET8A4~Q$zrD68oIErvnUo6Gxg9(jiV3}cp)=)%cXM(=LvcBT!%2fE
z1iXjOS~s&Mx^x{0nlO6~JRPLt@L%}9wA(CqmY;Y;P^ZB^>G}*iO@uCE0U91wpWCDL
zTLpyf5|jL5O{=dgKzM1NwjHv<U}oqe2A+0`#Cb<Ko)SV_=VU%+g`1Zx_YqkPbr?P!
zk6XKM&@Vch@Z4y9reV0~pW+$sh@$b>;Ws!p$o<ZWwmHcy%T77f=p13L!w0P1^kH7s
zQl9J`VHM5d#}qsD+`dLS`UglAJ;tTj0UgYwVBek)CkBoJw|T&wK!@75yX*bDF6X=1
zEzSfVZ}q|f7KaZSiN26X<$}3BK`q1oka*fsV5Hf~CEIAalxx7*0996u)k~KwUBaEp
zTDolMGMvU8tf+7G;A90^Sot&LnKCvN9r!{{vIsKVchw%*tAin!Kf|?hms{-+RL0Rs
z9>Ba>w&+HX+u|YA#j8<ACsRg+m7t^{(G^1%ps23K2C*Z?9Ksv<I<yH6Fd^IW9!ago
z)^V1><>*eqftv1AmQ6tx8^Ji~dC;{2K{#guDB44T)*mV4{F29smUj1{)a$Q~<lIB_
z69vNe4H}-r)&fd&nRYMzS7y>EIrq-|E_;*%9jL<25I<O1hJC=&boQ?^Bhmq+8hY9)
zn9FH1!P(A<zDr#fVv=oK{t?v<4*a3?yy#b3IDvI#f_8+ohYfB<j9nQz#zoNx=S)0y
z?c#vos%6p&kPD$Ci>HJSbI(W>VxSjS&(I$rdl{t*3nwRDwe-mKY8UJ_B_PU|W0*PB
zt1tlF^_t6>RKb`Km6c<F9u%Yj<9AWa6tg=yuIm1vArFK+R~6o`KI6640DwEY)=l3t
zY^Kh)hM>%kMw2SmXFN5c%5)E)a1p43njfsN0Df}7srH!x65&5>uuSLmKg%eyD|ahH
zRO>iB*~W5?s6yv(hFpj*>sN{M0J_{Eq*L4l#_IEZAnFZxkFY(}(V-@M6Q*-YoX;t2
zC@Mr8Gm>%$N&W;+RcVo-ty1-l!m3hFk>ZM3@l4k`3Mssb63>NrVn`WX5v{WerKt(H
z9|s`!=vsJ!C*hfHpFvP&Df+(>&-68`3(~QVc5<5bccqaEw>d;O7wDKn#Ok*6U_6LE
z%3LQFx|fLtXKSFX3E^oDoI4+_-cUM!i9>-RN{&+C+SRt1ffrEwoIw3IwpjtUQaG8P
zZbrak%Q+obL(W~<*{=+6RhIxnRDZZ7t}6I&0CHL&9Ym2A_V$OkHE2gVO>$7G$5kjH
zIh_u$QDoPq7MX6U)I2uCTsJgS2Rm)(-)(TCTGEC~2)Xi`w{J=Gk2HQ876`<9Y`Bw4
z9t(~Gk?E+hlk8y!!WP2yQc=A}m9<z>r@=syO9hKunClo#{kTP3ZlZ8?h;SZK*D9_q
z(w4<7?7|9{dUVQWg;_Sf0mh{`yAQ@*eqo@>tvI>R!ciJ)9lO$@W!!}WBBL^jPv%^o
z4l2XaPvgeot99D7Sg{)G0r!qelCWKg6ji?%kQU1<;<=$NG-TwnR`yfQDWOhXD9CRA
z!gkPNb8tP&Ty>xZGxt*l8Kf?~vAB~m$R2}AgVKD|!;dK8Jb&i=Fc3)7nY%E~%O4Ma
zz)-L+(KX1Kb6K*kayTnp`q1X4bdB}3JeAhPgbsa7k9sm~i~}xlC*i-qh0aB^`bj{h
zB;kM3s9X}W$tzs*IH`x#=Z<~(tpdCY+?K>JgGdtu4uNj0I;W*V;Ye5d@ohUdX8B7G
z!1pbj`f?*Q1398Hcih+GP~|KVm<~(VD#Dnw`@^{ic}}PZbq<ko5G@K67a49z5$!wI
zO&Rm-F1I5?<8)bU8vUfY%oZBWUw4UjWa!`Nw_{ioux&4fJ4EaeU~(AwEf_oDZ2!fP
z?oS7e-*6WXl+m3KMrkG$+~9goQ-AxL97eXC#w9toD@^iT`w$<=<|AEJL`dHmZTYsV
z9O%}X8O-jd!Pq3wWJM%>w?V|Vt;^_9aE}S2fjiCS=gQc_HuyA?0v6_g@HiOW%Hj{K
zmZVV<;<XWOx}t%<C&Dbi-)NyIW>bWq4D+Dgzm`<TCY<f=ul_?a*pVAsJO*kGr*96e
zjn3!`b{0htXmZ`Gn=sQ$2RL!YhXjZ~uZ*LnQ5ojWUHHwj1XzyoU+E>896GScvU%5m
zhlAB1oNx3CC2cZoOXVn{j3iiHRSAtEX`45HZiP}_Qkqs?#QRCoNDO}|iCF}0zO<Ud
zOErIh^Ds!Y%cSF)x&D?w?sfWAquePmQJP63-1d(h&2z{scT7r<S}GQ<a*J=f;G}ky
z7H1PE`jg76c{s>V54~V{MgOLkRyf^YlT~`LhR1}_z@1_Bb7gEYDx{ed&`t+DhbNu<
zT{dZC)4IXNA(`AETfcZH_mBy+%cSi-!+!OodE`)(EFi>9u51K4q{=*PC&(1;K&M3E
z%Tky)MZ@J-me9W-Nan#ZKfXy^LjOr4KX9aq7an>Ai-*)RPZ0ZA7B4VD0>K150U!@Y
zPBK{W<{d>~!gD8>{oGmSLnA?u1lxs`{V66#@yt5OJe|r34G`>*7+WhuaWT(hTCzf}
zgm(xE^}3j{0&-%%xL4v29s12rv+r#%aQEBO$aW8$%RBfmev$uf*Q{pl0=F8jy};ji
ztccgM9;7G4WRfX^Jkt(?7or2t^`>NxtvSt&jc_+Jxi28BCGgogyTi>R*2(0QGu=D9
zSB1NzRv`xg;Vd9MgjqbnQAFYoT)PSfbtUtMi2b%>+75C4S3ipJAN1qie<7Z+F91j8
z_g_k;Oe&pZfB$9T#IN3e`BHvI{JEAikF{7YZ5-BXEp!u-ZM{`+zR?Viwpfp~wD-vd
zN>>l%!4~IZEfstv`dCY2i}|ibQa03N61(aOLx>@rz!%+6;l&oYL5rnU7NO#cWb{Q3
zx#GPkoP*y_p{a~UskW)Ux`NytElZq5CDUuAxie2Sfm)Xvf1Q^EBYbm%Aw={d6U#V^
zMj9s|82AZcaz9`uDqIc*^OX=~)LKn@v|53))yj04wxBU)vWkTB8b$c+mkvD=(R*=^
zf+Sn-*1!p5)IW%0H4SjCh1{czh=2$_tvwM;^vQUBErb+ybPbXK7!o4HgkUO?#20e1
z3s56S7|Kh~zYtBF{%Ht!Jq8n5U{G8Dnw9923wzOUQDuB`wT~+Sw;Gy{)p+3X2xd*m
z)|(ReaSI-Ux>60Ll5n;^Jq{#)Mkt}hlR{}1eAHs$@xjgbAhU=~4)Bm@=&3|V<(h#X
z^=TJC!@Z4~0hb}B3^GQ6t4)=ybrLiGc$B=&SHh4x*yT!%qtt+@sW!=RXS$spdYL0f
zhs1*U`I@vCU%L_qe}LXgp#f)ACxHcJ?EM1@1!1PqBE_VJVS#Ya0OH5MSd=gtC>*my
zWmB_jse~8PiBz$Z$$X@l8*^z~p_>TRB8~3~(;mU*2Ddf?;5qEtPm2k>NzK<VUqmSp
zUPN&zlIB$uG(sw5Yb^x`$b&O90m*<%zEvNuS?u{Fx@?^JMi$=^wsNU!oExxLG&2!a
zxq=IYfWibV9~<CO1Y_pbN-jluRZuwOY?VNn6)#l5Zhs+5A-r&-$FA6sv$;)XIrF3#
zE|-kP*^ok=9Sg%-V>n;~t_oJsf8|0pOeuRjbfC2cnwy#ftzabJXK&cDsu-(j2DBQ#
z`k>;+gQ{IhhEP#bvWn;q#F8F0ff3_NSv{uqvu>5OMxK@gQwJ@$xq(b>b+w_wuuNRA
zKS<3N{4NEWMd+0zh5W^~M6!{V$2Z)X7~pA|x%64A3R)k(-GHx7wO+X(6%Z`Y8Hk%+
z@&ty8Z4dUiABo6>RNV?pGDygbFNAY^W?#c}FWy;?U+=^5OLAO~XdyJ)#8_`4Q4S?k
z`r-#tYi4~hz^$pdu{zMwBBd`uL*NiD+JXc%X8bVmcM}7E%<5ozQB6aX2A%#%1ob%f
zrd~LK*pfip5?(+QHajY0_FmpNWJC3#46^{c5uK@MunC}SD58N?=#8v0i_+WB>jfRl
z0dB-^jmdCdy%W6KYh)B3cQ3vJm1{NYJ+gj^u*b-Nx+Zcle)_g!l^O4Zy+}e=e1&_{
z`I7vLTQVvM*Vx;@v)k<nk7}x_GvOzg@on@r-25f<&RN;%nHcbodshaQ9#PO#1{OZB
zOHC<-fd&$a^pCW#vKb8R#xmI(SHnn?X(8FW5Z?%~5dP>yjP68Z#*5TmDiK3TAtcAh
z?AAKrBdQq&Y#YZDdQwmJ#o=L+g)tSGfnl$TU;KjvWIKiRUi3$A0<q5vDhr|l=CHmX
z8XA3(3*;?5!rhloF3P93WuRmr9I|2AfG>!`1%xB}Fl;@XX2+l0T|n@#4mReiSqBnA
z@SPgyZ)~M|B$h=>;e>gWc;aitS2iqwA)H?y_S4JHihATy-=s3RtfXXeacOCB*(AAi
zs=uV%UougS28|FhBx7AcLk_Hr%lZG2ZYPKTCzUwj4*+L=|9Rr%Nt5jUpGhT?%f9me
zd>OxSV{v#SnkHb~0QbHlwPRfjN7sd*xQMX<{+fAUZ0Inn24iSO4aU%{PTbN)GS$%`
zW2+sR2i>X~mpgSmEZQ(Wi8z;F0d25{5i1l+|0>)IhZPDwb#6JGE0m?yi-^Q8t(cGT
zR4CLRq_{Y1l!)-Mt|C5vTcO}tSFv7Wtx&>9ZHJNy{~~LJ64Mole`Tsd=~EF2`~#<?
zF^cuNDNA6Fi?VO_&?owKn{gG%d@RPS#Ltup_adkXl0L@CzPSf9SrUJwAWbs&ESSQZ
zCSobJo5SoJ*s#M7{%}xfJiIf7d$-SmPz(=(gxONot^Ei`4YKO1TWO>{e(aW}VB~xP
zt4^NLB`-@zlF_C2wjp_q7kcCir4TaEXUqsR)=Jf;*fUv|yk00LyZ*470J43k7&4zb
zw3QWzOnb2=oFkL9EM1FQo+#`2VaW{#`_bV7UWt4n{0OJfXTV5BX1pD*fKzzJ8yoD#
zVG%&^<9ABEUiN53KQvS$Mg_yD<wp!Xv(dcx>L3H@9mIa3Gt64_X+h9bqyT6ocu-m+
zYY-p?+<eA>kt_L@YEtAvh$y!bie&oUot5MZ`g}eQB9hLtXtkV%PnL>B>p7&=QsAJ(
z3%daehNUEdD|D$=!E~cpWue2Nk64nK1A?m@JcGnb&z$twN6$R*1ErSHg=mEbPrN#H
z-&Zh&4HYU~pIe8eC@XHc`OTe)gKY{oFA&dv5%c^P5zjw<h<%{#a!fp|fdsafEG;X@
ztV274TXIqfWpBWsoP%x;dHNl{{BAz^PS#6B>`AVH^$<TlO8gzM_FCk@7UDKApX_kH
z3lEAitQl#b)WB2fN%m5EqJL0~s})2gqyvTO7h#?@Shvv09SJ=ucOs6*WTLtUu77RQ
zCr1d=hSm^Y2*DmH1KUd2#ez?w5|Uu^EEJ5Pwi&u?#MO}2(I;z3L-5-k8d=u#%~OZ8
zlc;<Si8{f>erV(oyMd9$9@i9T6K0QQ_WUOJ<p(xl%xAv)RB+%l@-`f$PERFG0=Y^=
zh%Lg5R2=VE^#Vt+*a1^9aw&jU-$+xjeZdeGKt18qVSdIFtbH=hs5m<D&=`WN4xB5d
z70ZZQg;b)$(h-O|?>sGjXtbe<1E-9c)8-U{R9<Gnz~DXv!oX>Rt5PM6H*g1_oP~LT
z+WL%Grkc}>J@u{`he)tl{V<5;?QcdnnM!PY76@;_B@U5nTKO=DwiZREV4!I)vtZ1R
zX)CcK@DPOqsveGT&{Z2F7*F9D$3ONsA0oA+?qQH?uJRbY)Djda7U%_M`yrCcb_SWr
zdN`6mHaRm1FWWplG|nPR*ot`>D4Et8StQd-*TIzB8gpk9`b^j-HVzgSxB8Y~?Yjn+
z$4$WmGLu*wh}7E!+dfOsqNh}mmq}qAkn{v2DYZgbPF^f3rI$by7{$H`6-x_!6P9|4
zmzEY6ELWg#2;SAi)iwOg5Lr%pD6!@`oPMh-wWM4^Kc-J773jix0;|N_MfsQz#a5bI
z5}P$z7Pru2o%UK*PFqW$6*~z;aNO$F1joBZL~vG48gSf7)dVMmin_LmTRNJxcz>9C
zEzz_xD~fKa^i_Gght(ClUNPMbA+cLbY@7ou1C`jGFzZ-8vJ6%5Om9}P+-PDI(ZL6G
z++dj#u_a@?*NK3nId;F2$psM=1L=m2PM?-|axT0~<Xi7KJD35po5c*%0ho~))<RH#
z#T2;-PVgVvATqBjyRFCt9+}8YXq<acge7?J(r}e*i@G48O5Mc5`y5@-P}iY_hqVOX
z`;iudsgLcL1Yf3z(N+Q!192FOSWI_~r5H?~c7|~v`V@Gj!h5ze4J77uvE;|;IL}Og
zfL3%YixoM~IyliuqQkfDj>KGAyCO@klU+)=>t<n<?25!ZyO0(EY)ZNU=bRp%!(fKx
zfN_Ds36%iGA#7&j@D#2D5(z!wM+R_rOz(}!9g$$CA5HA64xW@t1pulM#Ja=i(mImJ
zEQqP_x~DuAn+oD2sK^yErU2OwaPUQvZ4;>I%~d2g_F}>k=Vv!q!rX2-rU{&Ja&?y)
z>Xs2a=5S^XAxVNai`wD|y)zMv;(Y)F4b5F$0H?CG4mTg^+bA=2lzhllEPH2Z;ga+H
z%aFa}_f6nT9s<LyjyDF?a3#Ngf@LekY0VBj6$_i)ZW&)d1+*C@hMB@5XNpvsTTBcz
zlEqj<eiSGt1nAd}X7+CS*}>HIp)~fe+KUB;wMEItl=6KnwuK_V%)mlOUr9Ez2oE)|
zWGO^*aA2r(GmjG<Tn|yHH0U}G5~52X<|Op_d@_X^!y!x+%Xz7hMOXiFzAdyux@L$q
zNhiUk#8NDKX!w}`(rDJ@>;RBia=Akzn6n$N4oISdc{YN;d1@od=hWhsp5rmlRMZo~
zSaw&$Zeu#FVz)6tP#Ugyh(7KQhpE@?@bQi&ZG=;v&^Wcrl7g?45<Jg786N194cJu-
ziVsZd(Rf4)#!QcQ2MHV|1C_uF_5`&E_B5h?u+yiQFNJf+O~fuPbD=R@m$@;B1DV+m
z?@9%*fUD+{TXmUCUJwzf!U6tJGSWxf^8CE!W18F5X(~zZa7i2WmRedHf3|h2eZ6`D
zDLXoOv2++GD6x#FRYZCl%yB4XqGHZs@<cj%shV*ZK?-|_*Si9%IRT~OHpoG-;Q0qM
zOFmDGsaK#Dl7(=E!ai+FZjxwfeJBqMfPG7|nf3|6EMWm~%nD|2;X#h{ja5k~L_^I=
ztVDCVuxQW6|H=Y6#57>!$3$ggY8OALs&Kh(rb#uPyP*~`a$y?+JS}mwyh2ie!%{`=
zDgunfdP<H4`y9uV!fKBi(c^fR)!aga2_O?NdgKX?M&J>R2<a0KN))jQ(1)h5p{{^4
zkpu|aS%E!+2;EcBLu7Xzk1VU6&uN93GaOcT%Tqw*ay)|ZxgmZG+t=#@RAu}aL(?h(
zY-ufpvy{_qIYHR8uM4RKii;=1P1QK?v0W9#?#2*zXv}a~mTmrlutQq~z~*5t1#f>S
zg2#f}<S?P)3<Svz1rGQt=b`^9y#K=5j4%N}GO908Cz!A%!wxZUNO&9^poh;CaB3*L
zzr)%>AO}vgb`s$0Gw`TEwmEY<cn(IH5qx$PM*Gg@@35I?4!wen5%B1t#i(d2#XH+b
z9LjQ=&Z5Q=sgzk|nQj>>YwSVB`usu@yx_DWL9BdUyt|XjR@}j}>njlG2C+KgIRV??
z0BdGN;ww0~oTcSZaxSXQ0xFnbNM$7KcGzJlIV*764v$~%$(+6y8{#Ul7Es0RTN8JZ
z%pqbn7mbqvbh8@_IZb*oLrrBnQy&ZUakRKIje{rjvBe<V6V{#`-Ng5EP3Ie=xK~4%
zger_qwz`q=K*yf2BR<Np^X<@wI40`wM>zr0LqfMI@(X#eNUUfEYFj9kl)de8sYj?z
z(FstHI7X84Bp$6BX4z$Q%C-SYw$5f&AZVI_?4uPaEun^OgGhFcBUv<^WabJLWZcnM
zDnuTailzWNDuD=j4p{>Uz`j@|gn4-c^$&)p2%cwdt5Q5&!z&z@o&as*sHxbi2uj2%
z?t0<}&f_Hd;_!FO02LBVqe1A#uBASl<S8x{sNxU_6SW4}K}c_L(4F@(-%3T?tl&3N
zO*WD&!bb!gHWbo>X4~ruzh_}>d-Fg|h}g|&T2Is)jtwWe-{3?C)+605R%|;Oaz3|{
zVd7&?4KSSG|7UuY(~QK4-;Z-jSn$!^S*n2e6<>M<3P)>8y`lo`NJS!T)Gx`^EauBH
z$eA>)sO-!m!ezcPPE%lULP?yU2jgw+TC5FrK=TXpO==KxQ8E}jLQx1;Z6g;1K=DHB
zni>m^;wd)Z$N`S@mc0wuELGRq+Ehait~z02{B))h5h-jc2+IXZ0bHwI#sM(>Le71d
z%+rwT&JIV8TeP}aIgQrh*e)!oGYN!aKFuT%qCE5?5^k+#B2Xe~<%5s{H$f1(e_$Pd
zB>Mg!y5Ef#0~G?>`FoLb{G@OGZTZ{>JYp#&HgiGf3N~eU9JM%GL8uW4gOkCaHUs`A
z){Rm<uF@;o4T90YYa<BVwPbNXCd47y4`eV2fOzYHaG7g^W2ztk%$b68Bp;4r&J$Q>
zeO<13tp8~lDSd~5RpA66yQVU*X>$`^bCBA*8O#x`4zWkz_P<EfVTQz$UEnssH=v;Z
z2yh29dR*mH95Es-=>`nxFWPHZB5e0q_)YdZj3J>sHHB<kah9X_A&%Ma78s>S77vhy
zaj*f3xS9fjc}9nb6K7hKX4S9`m(J*LkB}OLA%W!ENcs+=d&H5}3%d^pY&>WfmSbK^
zM*3(}xNG!-&uO^w-btA=-p0ub;hZr&f+R_FivXnobm3qUGLaOVFIgwD<e9XLFNN$!
zb~6jUjG#AY$iY-nkD|)(xKE$liO*Xntynz!DMmQD*qlN}n$J4wN+Z$~tWUyfGN?ri
zpLLwjI;7%^if}pTA%<Pp&QDnTW|sF=I9bSV$%rQm1sAG$Vv-#M<MzP09dn7>I^#Cw
z`J<KGjvs%(l0Qcz9%~c><gMT?E=1gn-m-$T&FCyE1X>KR5`v7ma40@}(~N4eLS^~L
zB;L4poNsiT*hsU(nC=LL%Vwe5aR$kCj&@0u9MiHb!R?5oTi~Xf3&EKt*&PPrx8&|`
zbN5<FP6wLPSA_#g=~x%8!6LDoes+XWp=H?n7k=wd7|UvOoRDxiV5LY>6gFA$b&^PD
z6eEkFIEL&Txs3ZD6j8V}dQA1ni|I~GOz)KwNHY`wm;&n{8C6LC>NDD3<j-;bAFJ9U
zi=&_WA4?}rEU};epI9>GtMmU~#_!9YQ`tFD=Zq?z&$rE{B=}PdKCy?L2$Lp0@=d2o
z>)<>;TXM(g;V?5d6S&+3!_AxUZYV!r+O8w8O_~6Un=A3BIZNU%bAoie1VEfDaRqLU
zBmmgth`;!G5hvK^Lr0>$<y@QX6CXRM?>^f(W;VB(%>Ast+hk^+xzbEkE|b##X`Ou}
zf1Lh@;8!HtzOv#Yj3e{?FZk!U{}=9mDL=w=xc>gb^}lQXBQ16$W#HiZe^P1Ll&|{#
z%lM`3e+c3!Ju*1@yZ^gn(nNdzPnq)7{oh~8&$m<|7p6gfM}skZV_In`xiPJzw76ul
zTsqlbGSNSAk{s#kpf{!YTI(Q$RxX7tGGrh6UCZYylCPysh8x=8fg5?LmtKu)UfzlG
zTNcl2Y-*`*k$hD^g|tNS)tiS9myu6mZIZu(iB3pghAY<uTB@7tu_?*wBXbr^ReW8j
zm)sX>L+g|3lQP^@ZQwgA$gRh!fs4_-7o$j0wItk+qQ&H-x-yAuQ+Am#vTLKVo{%)W
zqNSJlh1uo8kn58Qo9sF44re`;jHi;wphomI1HmD=2x8$dc6KwM&%;^+>(h3X+(iub
zx!fL1hPs3sP@xU@ng*O0#8-Mo`h1eFp-E~*fblgKJW~q|RYgD}dap+Uk|+bn4IbEG
z$mn4^Q5v~8i0cZ?z#OEN7zCe)5O)<|umYKrItK(bh+aVm7=m(VL~loY#y3#o3%J9W
zNeGOL`m6(JGgSD*x8oSF96`&A7`fBkfSm^&_Zhq^j`#p~F5;^z0H#i)0`4ip{Em_6
zP3tP66)7EV1TSnyy%R%!!X@@eTnXn`mqjO3cs1Bu6Jd}Z(sGM5Ee1V^z9sxlDqI6w
zQY4Yf^eNd)PJscEuen|>VE3&R5NKK~tgeIrS11<=8c7pA1fLj5J)wpPBFrOSOtw=&
zZaC3m?ApmFy>Sw{9|<aSXfs1vBoVtGT(eLd@7z-4oVXR)Iurqq!Nrssen>g2g;ay1
zNhV@gNf_Cqq5*>WQ6v!pWEBYPLS#i4UY^V%HVn)$N>`yt+&oI18tc&#dJHqB2aPnK
z3ll&tv#f80wsnAq8?lYvU(e);9B4+6023<@(oJE*a3-BI%e*g2E+7&FlFZVeiZu!v
zK@58}LoMR^7_bKo19c7F-)g5P0?1Xkn0S1H4i5)-*GTX7A#wx`c_6i5skcDFBOfs_
ztU@2QgG|Dx_DRgMh13QVR#0hgfg&NShSmxGG{Uy9b(4}okRhhTbWVT(Iu;_<Vgzid
zw+HERO_8|v^wI%EZ)r||T!NZ|B1nHGqDTcsrc1iX7Yd07LMe#xdJMltVM+l~N6~na
z2mxvul113NGO(!7JAIrq6iI@TM+KswNzK@80D+|;NJfUa>%z1PQOgk|{8m>{6@oes
zsd+%wCllhZh-pSV66_<oQ6j`KOmZrg)FQ4hp(==*3fCV=2y`F9zfx9V1Bv9NVu;cf
zy$HXd(Hra|+oXtDiBz17FhBvKhWa&#@1b_X0&;*5g+Ks#Bz`Fv#<hc3!loC<5>*{h
zEgU9SKnF#7gCr0hXhE3(l-wr7gOv)^l_52bkA!Gp1S}OnEWp?1P~{IDMBijErc*5+
zMV1+Ut0AJp+-L1gdHBx4gTi2=qFFAeD3C2t1(~6pVOWD5k8Rjl#)DuboFp*t2&0Wf
z`aKA$H$im(?m?g2YAekM6kZp>%F7^XIG)g=qG0g)27k~APf%KL;q}}ms<V>dog-BU
zw=u`~frR1E_b512U@#zA(V|FAC*Y_J9vCjddN4GV$yoeAe#{3=R0<1OOop1I`Z<BP
z6i28)7#JWBR@MN(g@XY?T{@aEEQJ-;$+R2n0LuovkZfAu%|@8$opTzQx^X9>cHzJ=
zIBU@rB)6r5ETK`@k&2LG7Gzc@OlFN><e4*ckk}T}Ws~6;ChVSq!xPRgnKl42+FBib
zK}NnZQ&zB)D>KnwK5V)Y2PiUoTbn>umwF{IsCaYAO`&2N5GEava(n|+kwlJLakd{a
zUSV1tkW%(h0_qV3h)_Jd6*k{mgPm9k=u0M@#iBGY7qLkPd32gJ*+&esBFgI`X`mLG
z&*F+E!AmU($D}|+M6^h`iPLOT1hok!Xhi~P!ih9&x3GZNI0YWl7{T?iIcC{KXfXH1
zsY4u_;fPS&Q|3)*9JM|8c2O4hhlmD+PByr4rz<UifLz(o(x_PGe_<)I_S+K@_(T20
z#l5|~aOu8JPjnWOHBNoy?0JnXt@YI{5{@R2qeutgFc`~vHPlE4R+7P35blT}=ql&8
z)-^V_NX<UEUQMKoU_^@=p)MpK4L-Tfhh$Z*)jCru1TpJ)qLdc;<Z2ZhvamFSoxFeb
z67{R!7x>HM{|Ox-2T=e1pHiFur@VCHSNnfo%8&Q|giHre+0=nKfT|D90~BH|Am-+9
z^Z$fw4j_36zsxey`h7yo@gw+Az|)gV1Y<@d2*yA2?#S@|LDE_pbG{Dz#23<{ohhVY
zCH&3_^X%Zei}9>Wy)pna;qC`v&X*`&L4;w?6KiZ__?S*3Y-x0*V%_B8Rvgz(;lU;-
zEO+3}0(^flaXp1#;=}8lU?`-)8*^ylgq0Ar#|)yw^^OiNF^`EE9-?9Cgsdj>sTY83
zE_bvj97m-z(3wz=p{X$x<nBzi=tU-UFWA+ln~U(O50R|H?WJ^1ZC3#c#~9jM2EiAE
zC)y19FrHPJ*lR|x2g9W%58hEGJU8jHHwl&JNQ8F9)DTRU2@PR0qHsz#LEa~HnyQ4$
zKC9z8^&lL8=U&I5>v*xNtnL;>1;1{C*9B&)fhf2s6dS~P3>XlFBlW>Vs7r&+P9;>b
zoFT>#*e7tr9Ie||k%xJJM`(Q*2H^&*3^Edya0;9+$Yez%MNCg4<{Y)im@#cKS^}2B
zT8Q~JG2wW{?~|&`hwg}nk_V_6oP!Q450s16EMS7O6VB!uL9?1f%p_eR<J(;FI~_j^
zNK{)XfdiKD)M^O#z8na>$a<?7@1rH60Uc~U@doPwSkLIuc06K`<&2+ganzzlH6DFo
zt)oLtz#15@IoSIK5!E9j3oHpnpHW1VhuIwth@|l@t{UR0!OpZ`hE)L9Wq8yN(9t6m
znhOW$c(U5Xt9H}t!#tfyD!@U5vK4cHteE;lhg37AT=rOl0h{bV1Tliy0#oQHDz?HP
z0pGILjn*-;wb1M(?v|Kp8Q12G8K?~rHAoh`$ci=af)AL+%QRi{^FDr}%R$hrzM+GP
zTc0uin|-~{S^W_<`mkHVNYWK<(t7JBYz{eg%S-`U*J}y9uMiEw%c}@r1FdW6K|w}Q
zBNK=T?J&~PKp_4*(qhYZCvy&w5ME{)><fmiL`IzfZfojQ2QlDRQ94>hk^3R262N}^
zW}*u~(vdn0hFPPj)(~}rPbzembzq1o-vm6-BcQz@Y><s8(qDQUNrJ6B+oi!PL%I&<
zwH2(_vA>lQ37O7pcobM1qq8}ky<F5DH64(8v>XaRDe52{i6(wo2@8~_r|7uhL?upE
z`2-&{GED9&XQ5X3O%)EKPr~<$!WfN^i$861I-V5p%Tg*49;fE=OEAr);xLp6Vm!c+
z%(kO>$O`i!?mB~vHNpoZlla;fJk!V31nGw$%-0D$)k!v@Iur0T9pIPsn5(|6V#1Gm
z5aP|TB?T56)Y1&o9SW0lutP0ko<~EC8MK;~By{5ocHjytyI;sB)#<&UzwvaHAd{3X
zBTFs;A!ihfk-}RrVe08c{7&L`j{y^?a3rVmz`sguJUW7y83ZW1f)UDT9hHybK^imk
zNDs{FNcs+a5CS*sgK(a1t@p9B-}Ek1*A*5_lc%b!OE}pxByexV(eP|fb@ILmChfg6
zGT$ckbiM?=ivFu3lLY&9V9?<mod}vaRCAWZPPh&xOL{1jN)U-kq+&7Z9R@PuOg^mb
zIO^**n~RSFah`bG+7!N%$f6z3MJXeN9W-IxC)KjY17aa0N7xRIrK0WNYXTnQWdwfB
z5CZ&6_aqzr0>}Du=hW6W1h5BBE-e>2lQ{u7E~fGSd>QT^S7(piCnSI6{rS)PWsLvn
zN=73`07rlRpYrl4cK^@h(n(+Wf4+?0jImzt!3O}zUhhn4MqTUN2KXmXS%dy*t#54z
z%!H^Q1O-h;o$8EYk|xb)sGm1SZVoh5C`PgmX_qclO)7Hh;-)}_0%lur$S@SSt~pSP
zUupBfC#qIVKua^K8fzBIRkN!b8ycG{lySBAr$A0!*-Y>*p`v9oagdQS#t6zV9}_7z
zqiQB9I-|I1rnE$wQ9qL|jAj(q&%^;oD2e#~aSHy1NEVvE3`67`P!6E~HW5gK<`59=
z8iT~O=`iAuW;D&@!h&r4KJ-{5v6uRfN8)?Y5tAeW8$etVVhw@@tob*LOtOd{V02P}
zz@LK*Pa@cSF~Y2a3{VmfAK4Hkz6(J{4?ReU8z%=JsDvuBxFa$U`wvyJRk4RF70g0h
zV;*zdVKgMdmi)!UECDNBVwMoi1>OQo?tsFUaCurGbKDXj>@RK!K~uavvR6|W!wx-i
z3B$6(p=7uPFLBcGRRGhM6~F}IGo47!zf%kokX=z=PRKD{c>b*-nGoGHXvkD*{|jQ7
zEUL<g-v26^=}@AX&g@K1X8}#{H~IEq!<f3wsZrd74P!5s-+xhf6Qe<ufeNrE(BQ|@
zpEJmb%XJHLqS-Q;JdaeU6C+R~21KT4Cx^`|PP+gl!kTH$@;L4ZWzn!F$Sy443b@5T
z35W&~0mabw5UVn+*9@=5s1J-^IN?PIxWZ;sHKVjjx*BwGiYYT)5@!@w&LrzH%Uedk
zAB4*c>Qk2)se344Q+P!UmzUr*axpAj@lqBqmjBhueaA1Y{|DybsCq<PK>eNnFE6pj
z|4c5M^i}-Nm-2IW;vfT`Jwc6!?UD85V80Cv^19OgM*58UxwGY#=4u2?@6>&rT8Dx(
zM{5P#Nv_CMjm<TI=8BS;c=Xrs6az{G-Q4KMh6P`M-6|Dkwi0!%AR`M+n(a8YgzYfn
zQQ<>W&u_pim}wGi?$W?GQD!!)I4U3n8;-G5FhaBvUxB$*70`K{r_7~X$SN4hP}1is
zhWiHQ25?FGw`(yq84`+G->$`B^GGPqC6Efmzz+%UMEBE=dPj$bXTDyw9WCXOq#fqm
znTm(8*(vl8n&s(y8Nu$1j3@}di&0M@YzdccATtydyq39@4T$sx@L3SteyKL0$#an^
zD4QskPV$#d^G}>CS2eeSBXkOCDy{OrU!xz~FTMYtj<+L#BeVW5Eh#ItpZ_i|FE9B@
z|9=_3+4Z$krv%q#t<Cy7d?vE8da|-sWo4~7`sj;tb1&9)eZ`6uJv}|ER;{}D;)}Dh
z*A5!AZs^br#~ib9`0(||9k*%t@XaGeY&z+rEh9#3J@LeCC!f6Slv6G{?X*izJMC*@
z$6h{u{1u9_ef;<<J)WzIimom%|3+!)j`H$rOH04$_kYXpzwYd_udk}Qv8LvRs;ZrV
zz^-%7xv8%1=7xrw=FYvPsp-3|t=~EK-0v-1`2EF;Z#(b2+m|l={`u$Mv3&WRq0pYr
z&OMrT&jlCUqw5buBKNLX@jy?{kCVv<`}%%-;e`)feDO~&y6B<x>(_7Ev}x<st(RYZ
z`S$JGckI~l?Qehk`s=S>yY{EMcI~?5mRoMU_0~J?xZ|FC?s?#W2OfOz!G|7tXv2m_
zwrqLyl1m=D^wOVQe)$vIw?BE+RZs2M@yxZ?{`}f&e{tiDzuL9ySG#xbzvY(aZoT!_
zx8C~v9e4cZ&O3j*XAk=S7w^08_doveOF#L^OOHMF*pp8_`OGuV{NfkC*t_??o_p@O
z7hZVb#TQ?E>7|z*dE~&8PyYGICtrQ~=~th5<}c4a``W&JfBp5Z-+1ALH(z}5t>6Ft
z?U!D9=jE4Q{>xwfa^S#!zxn2y@4WNQE3dr!+G`)Y{`v=Ryz${X?|l5;d+)vb?%zN9
z=%Wul_{ZP>{@FkN@sH0w`+xuZ=Rg0|g7kmkR|Nlov5+<N^Q?m0F?DzCd}PDW<0mYA
z>aJanZOI#V&UJNrcK__s(GxHD<5PQXdh!andfS-#yKjE_>cW=WmOg#=EkFN8N$8pD
z>W|-b^S7^#|K{G&mz=xHzj^2>r#xQRd`|uJQ%^aqZuYvCK`ldTE1Pb9>dMN~M_fBL
zQ9We%Sr?p=Tl1}ZcaHP7TqQ5|Uov7$<)&eKqMx<QJF)ht(@L*x?({ugQ6>)^I_sNv
zt(B(d>?nU~P~}LE;qza${&CNat=oHs4J}!oz2R3kj*7(Mx7<Ds34S8{{E*=_HREzt
zp1$we`(J-{*yNwCoiuUeb>kXZYx}Nlx^hd_gMqW|T=oZJ?TKYCjXpPTaQ8EXxtIO$
zz3I0Oet+=KANzbuXWrh~&wit6_jMglcS-9D2R|h1^Zt2%;x9Qb7R}S@?%O;2l#)^B
z8$bWunR|05Oe@=T@$|7LZjKx^d{JApcW2G)`J3LJ^7Jt|HH&WC_-gKo)9ahZ<PGjE
z5A3eoa{5W5UtV|SwA~xWjC$kdeRIQeYwC`=cW&XIw&Zke4=t`9p8xc?tz$+$HFoQa
z=2sVu_$YYlx|tVEoi+H1y!!3=7i}NAaaex5Y28uBu6}LS;4$0f4SAtYN?*Nt=s!w>
zJ5Fyux%tE&)PMcYW0yabw>+3Lbl;zMt{eWu;vr>gS3K1{V_xp**XKz49=U!<-jw~y
z@|*W%1@GT9<c3QRY?{1w*RY%4-K5k`cs~2moT^W6&H8-bnwp<wPnubC%^B01^49LW
zq35+%u6t(9<O{M!zJB1zuU-9O$$zcc{+rtKwfK28Pi9{kcy-ILLGh2fuJ}XQS;380
zB+jfpL)!JoZEKRg*;x;s9%z55dfThp|CTju_3w**XuLA{&8%tiRZT<xdVitZSMrmZ
z-;5d=UvTG5Z{)o7W=CE!dwgZb(CuR$%Ne!TH>d8j-RmD6eRk1ZTb_+wv%Y-*hCq40
znzG}u)x(Qt-*D1tdp5sPS$FM~?>?&h^^dQtxgl4sJbB#Z_dVMC$4~w7tm!KUZOVD8
zJb&ZPk1xO7*bx}z-Fw`SdS%0-SL~j?Bx_OcpeM6aQ*SQcKX%R?_piNS-GV#Uy!x}f
zODdP;|MAxEZBXNzKcBrxjxVmh;<{NM{(j@H|JohfoZ~+=`s%gvg4?z&+W$z$+A_In
z)Z$e&TaKSN>cgSAMWcMHj1AM8s)pAreQ(3CF_Df*eM(W4aYiV-V$(?-g_GYqXZttr
zdi(X=m!351=%t@5*`B}Z)qS(J{BZEBs@HD){fAc_^Yiails~<D#P+~5Q%4S}lWMLW
z)%}~PwHJ<Tt{8UFnrE-iU7mgVk2}5lj=Q_`^tHo_PHz6Vs&3tgPe0vw{4WPxu0HIY
zyME|L#^sMopIliuX4lvY51jjaR^5HkW0xOW85-K$k+tjXH+GF(|J3od!>-I4ac0d(
zdHLz@*7V%?et6&5ZFgn8QB^W!(@(OqhuyaIgwwYc4LU!v>GKzFY98El%XjO$c3t$L
zG%N3v#30Y|{E<@EQPm&MT3eaDfA&$z6@8-@T_=r>W)J%0K-C}jPP%O9ZY_85BM%mi
zuK8@}-r*<y?!bQ!+L^O?>h7Uu4!h*RpFB}}R_XV1uK4!Q<{#z#Xz<Xiu4As8Q(w1t
z_gT_qvo@cwF0lR4A+P=8oGf{J{m;g{F=5mr(zxck7k>8CyN`aYrfPUs%}}Z6>8B^(
zudhBa_m=41aaqT2t;rj@a#Yoa`)*tC>Hb+)UH0evw|73eSlU^2Okefp{HnpHPsm?$
z%v<N3@zcPK$IQBO>*t>ZM;cA%tUuvpeZ;vrt50};=&;exe&g(_-)3!JJVO1;=5tQk
zetp%=I|p4dH7EPN&(EnlrRX0&({A`6b<W#o9{9zyM?StbI5tr@u4eUyQE%K)G;MWF
z!S{x2&+e-o<Y`-*_t;a$QS0s>oSl4kYyOO;2CaR?nwiq9<7a$p`|QZhn;$L<A3b{N
zmd%NpbB5hCvV245EhTq<xbo_Kl{x>Mwzgu7I&%4<o9f>y_n$pPJ9p`f<3=rirs(~Z
zFMoGT<+i5#ZvFMe?|-;(^B=S1SB`ES*SureA0B_Rdf2*+V@`Q|(Cw4H_42A|_x<3N
z**WbmHvePD?yV<JdjICl`PtR}-aLQ)-tQc}u4YL4Gn1>&&mM8{zM}?h`*{9agLe+<
z_}<vcoXU+GU;57a-Fwz{9Q(@9{Eg3#jhEyEkK123d+=FV%kw^eN-5m;t4DvAx@OqW
zuMcjYwXt|@@R*9i?7l@WjvMm2Z*1VM*6Q01{9;++t%a{%^0)kspV!{?%nMzcvQK#E
zH?{sAWl-+?m361CziE4U;eFHg@9;)%@s#g<uDmsN;U7L4cI)O%Gdgw^Tvv1Q=5GaF
zysh_P@AtjueO7nFPrh}Wbl~>=`KO;S_pw`gfArR|%WL{3SC0DG!iO&y_p4FQZyRyh
zf;)fu+$}$dR!=@~@5yC9-n?h$-ly)_d)3NMt{<`LuC2cvk}Wmuyzi)OYrpniC*PXA
z`oNF{FXoK;*76PWuTRa$?pjg1`Kq?k)!&?1cD`OPc<qos?Yr}l2liKA)3tME_77)W
z_T)VqhF<=5(LZbN8+&fuqn}qzuK#7>F`ooJop#{rzz0XK`{RM>_dcFez4YDR>Vvbo
zUi<!IWv5mRE<Y=Oc<Y+z)?5CkuKJ1JZ5iQTaQ8JQW}SN7?2#9Y&N*)FzQJFg`%2!`
zr(K&>^1ZzLsr$!9yWXjc|Gwj&Ri8Zc(bHGVlA}NLH@@=hjLB~%*L>rp?D)$wN@pog
zC$G=TuN!e+u6(;v^|$jr^L}g7-PhbR`He{D?iFi`{8_VBAKjGoQf~0s+6`;p%Nv<H
z?$vY0ZrYv`EZB3~`fX4A^6ih#y;obdbI+eXot~4Ioqy7mTeH?&bN&Yl+ExyVM>mbm
z$^PsQLvMWOJFoxqwqNeQXUGG0toY^BQ|BzdCc0!+)`7z4^8G8uN>#V7|NN)N{<-+k
zCDH6B6P;(C|IjPXow*{Jf6PO>hD{#cImq)_<fD7exZ(ZW-<|r~Wz*l=QTuMr>G4N~
z*HvyiZcpLb4YzH)@9Pi!^66ze61jWEJh8rg-RMu3pL^8s$^*6Cdsj>;+j_ir&=2O!
zedXEj{!iB>#|%1p<?yR|kG^|r#iDh`jkvMrvq5i-s2nrv8?&O1ZaMYyH@80VqrWXW
z>1z+Ybn<zP#g7g<d*vfTe=;=d@ePGLUps5#@il+S`&&`?xM^!1_<rCQJ?n<v@cm;K
zJ^#>KJ6^3HtsXP7<b>yk<o)%|x0X%n8+}vGZ`R}$Y+pFmv+<qRPhKY9TeW)RchA^9
z<h9xrdyc6YmbLen-@W{7<9{};9sBT&Pn~+%=WA~tS9|rl6K{C<leQE8`s<sfWKEoU
z+z)c+oiy{$znJyle^0&YqsYT`Cp>cO@hdhiId=WlOCLDri9J&abGiciCl4ty>OWm~
z!dp{3IlF30UK?}m#uFCA*WUP1*2cT?HY^{s;o}iY#xE>;BD=gJq)c6ZLRR*@uO@vj
zR34R;6})Nf2V=8qo*$ewE9(y<vra#t4ShAM?dBDysk6uJKYD)aq&GI5aB0)V+Lapv
zqjP(<*Sr=y;UYQbv*zrd4$1w|QOTU`L;m{SQ8SdnQF(*j-+021(F^abjCfyOKl+*_
zdr}>D=Vv#K&%5ZZA-&tDEu1wd=aH2;dwc7y9NM#Y$c5Xd^=5Tlop<ztcPAehkyYL_
z^7BnQm*&2A^w*SB$7^}FU!&KA^UA*0`TgI{oSf$km1Gs(wRpz;S;yX0s+1mm^j+)T
zKYmc-$JrC&Ii7vne(=e*AAB#TY3ms$Z6CaL@2OX<9eTmeob}ITPuQ7L_I!EHyV=`v
za<9tD-B>bYyj*zHtU=d4Hsr>t(}NpgEqgB<wr<d$YvvV?KWEc(U;EQ1UmLbz%*h9`
zPm@RAKC*E1#L>s@%syjp_P5(h@6FFXV`uiF?`ALClGofc=;Zf?Z24K<w7;IWfAoYL
z&qYuCectOYdUt;~Zc}2}?sb<xJThzEck?dWnYFEJ#O!$FnEmU{A3W>C+Qkn|T60Ew
z@vD!_9X59GZMTfr_ITd*tdh6qub!(`yb=C9kpJtMXT;~`UO8y=B_l6-H!JbNIrsm?
zd*+#^95>6i^n~2syf|X&lnWoedE)Z%C0oMAS*3MdA6)&y3uQNcRMzyyh&gL7{-24t
z3rlu9o(jD4f@i{}`5w<%x&NQNzm1h7OVh)!+1(lLZU8oBcV(EMEGzcT_Ectf-dlC+
zqkFpURP9z*S9h1Tx~o}rduE3<y|r;OBkzr_%#7@e$b0MdY*Q;rlp(_~NG=G85+swd
zO_Kr*&^BzC&<~P=0bBkdP@-W#_8%IyVVFM*{SXa{1`MC~^StLoL}uKo>YiDWjhVWc
zk>{K^pYM4;pZ9P6%fEHwU-{$z?<;@*|M1>l`PFaK|GRs?_Lm<1i+}!`zy0^V{lQ=P
z*2lm0TVMX)e)qrjm%jDc|MHt3T=~^6|L_n0t55#eH-B&c$}d0ri~sk(@VD-LWBiwY
z@X4S1?cccbi+}KMKK<e^|J?8WZx8>uf9>9X^5=i<zwxV|{Mvu~7q8#>*Z%JR@ehCQ
zkA44FAN}(`_YZ#ludSwk`0+2j{~!PAFZ~by%)j@y-uXv=_ls};&FoL?eEWFv<{$pS
zFJ1li;Ftc^znz`m|M_qK!u<d9@4WX9zWKk}`S$03^S}2m{72)z{a^m!Kl;_d&j0V*
z$KSs5t-o~stN-dBeB<LQzf%0xzx#jA?>+v{{;mK1U-;+$!$0$*U;CAB{mcK4U;Q(G
z?i&xk@hfj1{o?g+{M>)I^X0$rpYJ^XwQqd;w|?Qjb?H|={)2D)nQ#2sdimKu_g8-D
z_uS(D&;AGh>tFd3|LE#p`S-7me*POj_xgYFt^ezHf93!6`CtCq|M_41`M>f@({Ft9
zwSRE$-}qm=@vr=aPyft2Klj=<zB#?}Z~V`H^zA?UU;MlO;=gq5-~0Q&IQ`4t`prN1
zh5di<^P|7>^Ou*u@SA^d@a6CP;Ko1x_MiNNf9t>b+6Vi8>f6`<rC*ybzwz+nf9I`#
z|JNq}>8*$V<u{YRbAIsazx4P2{4)Ri*WdfbU;Y37$}fNX@oxUF{Py(hfAqKipL??}
zzP<dte|z^=e)+Ti>aYI7fBMIM>G!@_{?`BauYU6v?|uC6^z}dg=+AxQi+}xJ|J6@E
z{$`SXYyBtw+AsXwU;3Z?*<XG9Ti^QY|C_(|U;p)Q-Tw!F?BVOb@@GH(*8k<+U;pEG
ze(~Y&ee;)>-~91E{`Q~$_J5GLD*y1W|MC4_`pM02|EquS%?IE9*5g0;tAF_MFMje{
z-};k(^PB(efB40tzxT)f(*OQH_|Eljef)R6`Tn2#z5mXC_uu^J+kfLf`ak`R|KuP4
zjlcIN{-^)hKm3)S`?+r%{FEiXe`^2R9RK}l9Duj^|6YHqq5p%Q|C#>pYxpnl|Lq?D
zzR>~r?oZVNc$`Kt=3V~3;|>Sl^ojM86R+P5KEGq@^!u|BeJ(DyKV#A7(5;W{`@ins
zbGu-#EC4+i)mIjOzA^k<*1IeG+>ZOzhM=?GhqnIH3Pa~UK=2hgoNWz62XB=U`z*2O
z?7{idjYXF&|0)B~nP6~?J0F%!f$1<44QE{S#l3K3dS74OuOc+vcYWy3$wed6BSQaE
zj84b%7Q5MXhp4Mpm_3|7(^2Ynswqe|I@+Dl>N3_+JmBC3czyerb@Q|{YCU>i6t`}U
z!aogx>oTcJ@51@dV%PsEja~0|G{2G<cG-p%2QB@xF!ml{>=*IL#YpzRX**chws`g~
zSKgmRPu>@Zfd8ZA$oqo-b?Sct&&HQ~$7cP{jr|)puE+krZ@&4@;=jL^|2qAD-A+hj
zKgx7hN%~7`b{-%8=)t|X*zLrzBtJ=h8MwP$Y;LzcU*<O*^>ozlAoyWfRt1o+n?RE=
zChH*i5*#(5;jhBwIQBP|S@KT5AL1;<uE*{wc2YKwZ!a3SUOjkt_qYG#Cl3$rwRb3+
zXJ0tl>{yG-plY~W9u<?ax_syH{f{nx@5b9#uD$j4_pV*TLyK{^v_iXAufXK$5XQjR
z?JXC_ItE;}TRTVVa}pr$;Cpmz`>x#m_djxj&!=t~KY0A{oxAsL?E`H`y8O=Vu3_Uf
z0VMzEJZ;2Hq;2#!^`zESdq68NO7E<XL5u<YBmQvz@jD---@CC(W8S^Cdkr6db(6-e
z_?3V1PB>ei##_PlC%yaN-knFT@@$5R%V2%M^BCH2!d<omby>N@%O>5p7boQ+qYzhe
z1c$78z^qs6CFpPP%|?CrSw61C%UN2b0djp5im}#rAr`W%4}8Jz$id#Z?T>hSNu0Tz
z+xVxW%w`8|#~o$0xWUsGzVwZ6_FXqctK#^iPQMGYb%6U}7o4$E-6<b`a(DMp0j$z0
z2j<&He6KO+5he%Xz$7|4`F@t3IHK0t!C5f|b{)I*of|v2&-vN+FK6ICE<WJwNPZQz
zAgG>w7{Jc$yJqs3C;H?;iWKYC&XS^2Z>G54th>Egr|<0V+}?MT_Wq(qX`SLPV*h+w
z;p)!qtF8iwjt^LKOcfg83PG(s_agTXsLS)`5Z#r!&O2tGRpA@oxCigtgSY;G;!t5T
zA39Q9^?EbEo8Er6%vWO_<mD|@uR+CY_+n;ww{`V8)VS_yJeDxOex1BdoxDz+M5$ow
zt7u-X<IKF{81p_=u2B^j)13-bW6;Iz)o55aFxYgfa^?oOT9f*Ad-WSs{f4U!f`-n`
z_L^@}%{QUudV%{hz3a#xgu*xGcvC}fQA2OR4n!H|-F!UDC>?m!Z#Up5U<~(sICHPX
zy+Mn60~hy>lNV3sd0mXthfB~VIEimt_ixZr-@v7Qlv9RdH--x|aE%(chT}iR6L^8z
z*QqwIKd56DSr1y_s?en2v?0yN7svI9zIuE8H>o~s05E&x6W{{2S9^=9!EzrWk#^m#
zaL4u<@As(s_Zr)7d)2q8>f5&JyMV1xTwtr=sA0@MD5~P9n1OEM(Ygoy!EwW=Nq+r+
zVMMl7!|}psKg`{k>P6{roG{9J9%p20rTr^-4P0^6-p^J??(%R8Gn?h+;@NhOT;Z$a
z3Z5ozW!JZYLvZKoq@48V4jnA`>l*tZsLBq_=(jD?K6QmImQ@MS%>Amm(|C<f#GNJJ
zG>}^6V@4gi530IpHtut^UW56#hLZu!Ihr_rwt3vwV9?ia#8^6gTzs+RNL>T^aSf@*
z$5p<bl)Lu{+Gbm|>rf5JMtXNvR@<+OYd|rsA-#B%A47cP`L+sgLWMUQdmdD6cemAj
z3+ldQ&T50Z=&t)csQW#h_jgf07%kl9P2lF{x@>~=b9czW9P|LA+|PR~JhBYLFm!f)
za|hf^-=IxER)Pl-Vc+BJc&E{g_D)v0%S`*QdD`$Qql-+B3<!0_ay{#DrQk(I*Vu=Y
z%XwS*>rkFJGQ_87zH7@kuhU3rra#VVFy{4}Uf9Zf_2C_Kkzu|GRbf+qm;nY4Wl8Tp
z$!|gRw~(_(L#f*q4@sN)UN(mNq}V=l--9+_f75LZllS<%avawM+ISn<csn>F!4BU%
zgKiSuWDlFi9^Y>BJKe}>++v>Qo_Z$($48u^)#(SMBI&UU-hw^w7BlDQeWLC(fe_SP
z|0>kK+EPC}bKMPGg9ffO8@TiF{XSFa7E?&oT|qf|Oa?MC9@{AEK;C2#{Jx0bENLFz
zdFR2s^oRG~J^bL-&i<7vuYs6(_$d7W>vZaJiBCY&_rW#a+*GzONxf6Mqg~V2Znr8F
zzO$T6cb~q$bNlK0STNA`H_H9s-lNC&AAaOY^QY}~z#6owcW%?)?d8YBa2yl=0g4R!
zeS7^$i3sPn>F@UPXyri-264@sOCRU;G+&(V+~yCxYRrZA!)p3%d);E06)U%%^mluC
zFz4;uhJX8&rJ0gX{pt`J5!Is4+w0BoM%lSdf47%k<j>uXfq%D`<tgepL(4I$_V7=S
z(r$RJBlu@~=~Z@?f9{^_+?G$h>bNa|HQe7`<tr{<^(s$jK|3BcXj_dchvT+$oBsAG
z&nKeldm^gfL{t|#5p_w{)1BM$sZSl*v+}7&9mndq^6ua5W!H<PWA=A$)8FmopYtYs
z9_~VSM<7iX!v5XGQMEkSLb=Dn>g|!AAkfS3Ngs+UHJlK!o(FBvlMA&$hV`HkdUTOi
z0HAAK*+%HeMcO!9WlP%ve7{Kj^CF*3Yy<e9#|;GB*dG4tt|9-WZ%w^pg0B~-eNvXs
zOl|mjf!g3yU~0qH3)DtG22&lsU!cCB49#a3XlKPTu4!gv#NM8*td|HxXd2-secPzQ
zwd_qJwYXi&>SAkIMXOO=a5buy)wme7);iHVRu`VfdgWyQBP6rYgY7K<Z*vpDJ9lpT
z&pqo+XY1;O>*42~^$>2A>&--a)uSFDwsAH1*t1rZ=g+tneC%DTK0R7bwIY7&Sr`2b
zxh8(@!OfO?ybAKER~=pf`P8cpdNE@i{M4%sub6!5RR^3wu?l?XR|Ay=R0luys<qS?
zEqlL-b`pQ+RimCSNh0u{`_)5ci9htJ!MjI3^^hR4`eZLVa_b|X`qmkjTFHIvTdOJ-
zQp<hpTdU3%SEU+!zCb-wt!J%qUd*@_eC%7Rgu|pC``7Z7de)ib$6UvK>RBg$zT`UY
zQ_ninSqTEX|J=8plSZYQ``EYE%J&gJ_pEoa24#kR>{)9z@o&S=ee0FSU=i}4``7ce
zde)g|&$*8K)VGcvuX*p&<<@8_mE6akwU!0fSr&b3lxI?<JnLC!mC06G^`W&~axp3A
zS`EHjsHVH<CqZp^(6a?c(}W7Z$Nsf^rM`7O2j!oB>{-iELFpfS>|e`Q+FqxufC~YZ
zQa<&nGeI$%KlH0nOs91*=UV)wS51z2#ESg6XT754N=1)3cLkkjgK~;~>{W|Wm0&IU
z*s~V6y>l(XukKMx#22cl-+I;6+3!8`j{nh4^5;If$nmr6INuvD-6jN`r1{#vHpRX8
z>h%3$^=HLV*noS`zlE^-7wi3Um6IAedeFZGN5@D>8+`AfS47?39t5<3o1}i}T@x_g
zwI+P&U30RYFSRCo>0NVLEGAkLzVxq&p&!03e(hcRcn+DLv^IV1U%Of#`MT~)@0v4^
zWBlj-^~$r{FAjd|T{j%+#YVcy{ldD>7pMn*;<>4d-+R}$6MT{RT`!krp72`_Z8wIE
zjnM&Z=eGUUw{Ec@E1&(=x2|Iw7g7^G_pK+FkNwuSZdLl;R;B4{tcAZzcHmAW{A`^)
zy)$!H5u$6;$IYF9Vt2*gfNJU2?KR&ewX%NPUgHDQAj+rh<-yhF81|6)vc1+vY?kq#
zx7T@;yNiwM(C6)S&^48+;K%JXeh3-{ehYoxUMH)U*`nYz<uBW7ky%GR^(YSkv{j8-
z&G37Vx}-_dk3DMe@%Ep4)LEJ_^)Q-ZIW#-5);M~wy*AyX@@ac{wz%rY9yQ3|uOGM9
zIOdIT++z<o<{7X^##62$UwhRgQ-S%?uNK*<?6+R^D6NuKq_4edo+wG_WnMA`$K`ra
z2UYP&@A~ts3f~M5detVgmif}F78_9Pw_f#(;Us?2tG=NM@~v0B@SXkNhfYQQbFVsT
z)Cs?DuPe-g|J<WabySwKJmVWvzxJs)o(8wAdC;eJT=^n(XAt`Y*h&+(_R>J`uum(C
zVkUJL+Z4TA%-qKEtxr95?lIr`)HB<Tzx1kgLN*HftxvspLi^9<EO&!CkxeAudekeW
zpW8)QD7DDXD$l6Mw_f$kRLZx0^~_}I*IqTl=`;`e)P7z|wQbH?P^vuo3<W^{d3znh
zg7oA-mO{*yeJI&-U7ZB9#XRU&dpsr&d|zFj^sFC}nBY;r7N+*#ng{)A7nb8U5Bk+^
zp>d7JJzI)LF}uhpluGiKp0y06^xyl{jk|l1-rD2pzxS(au3i1wvu0zXoc7)+-o4R&
z>s1e39R26MbqZT)i}{8NR_0Ax9VC6Z!dB|@CUhl|eIwuc)FYLJ|J<j}a+Zy?5`O7Z
zi(L8q=k0Z>P<E;M%Py6bU3xh=NkK2WRJ~=FDwJKS{<2GDWtU#=R9w)=0sY*lxMU;;
z^mm`)(qY{T)RQZ)>dDVn5kKG8MGMQav!?&Ny-r;QcdmZzQ!~0R&4WI*gWFEO_Nf`%
zPx`e_O?%7qb6lp9OYELj<ga~dhF$I7Q+qGTw?6ek2Ec#sQ5U_3<Ws-$WSX<zw%6nB
z%uzS-lkN4Nd(!>9ALTyx#4U6kj+M-rMk&rDhHI0;`N7k7)&LlaP0N?9-FfizQGU!-
z9&Pi;!BW{|LMAc$tzSKRRP2L(wE?5nSFJdTwnx3_r5Aapr+xlwpPH*<RNG2T{@Smm
zS4H}-J!&4g1&6SAt|?!8)CBnnE+DQcU;EUAQDuvBsmWja)+`pat+_RxCMc@pI(*c(
zg;}Y4LcjN}8*C~2sBa5~^aoG+)+bP1Tc4ivt?xC74=!S0(8BTXFE)B5?&f>nx@)~p
z?1LV)B?QoX=~XKj?4<9d`QWKN#(mE)YlJ=j8$Rmag69w)TujaEildQPKlZ2r+OH#f
z_xJ}rYnzqn7k8*dgVpI9eTan@`B^+u_EEnUygu(ie}&$Ir{J#bF7=9Q%GX{sYfm-l
zOYd5SV)_UDY8z_F-+I;y*2h2SS397R`n_M>_{F{7yL8fYu$%pZKDF1?2}ss6StI|T
zN9|QU<!bIzukuFY@SwlS;X%kRKj_aeQ&B_O<ZF+b>xCa5e(q7{3;>h44t{R1%a;!y
z;lB_dfBOQNz^{Do=Cx}#_up>G1P<`9RF5#=Z>IBNQLfT_Qq&1R#{QAOjP1mKHIw|Z
z@7Rd{`qs6pR~q?$-n@3@+CRg8{W|{p{;$9L@GhXRrm)iK$Dh3O;QrloXZP~uA6~nA
z`SQDm@20SMQ@|#AuUKTW%a`wc1RxSn9QOE$lk(lyx~OOQ25eCJJ^B8uSUiJ-2q9W5
zfiliKI_#!myfY<35OpB={!uwO#}2KacL4Lc0qk+-_V<hVaayg$7UngZ)c}!tgsDw#
z?ObuCE@vBoUg13n0G^ia&Z)}=>gl@pBK;s=tcuUqc?114n@#e$+kA|Hx^!K}{4hV8
z;FsJrn%^bNw6qsMMQ;ZZZLiiq6(#)bTd(9lg7Ah;!+)?l05-<;1g^7NJNp2oV$n9U
z+q|?;=K*E$$QEh-yat?o%oEVe*5uX~&>QoK!Dvk=Jptw`80V8Uf7H4NfCI7#R35Ji
zl+Ti>V)<YOsccr2ZV{(|{C-@P6KNbXCzMBk`?_1M3OAST-KO<XBFfG1ts}%9g17EY
zRsipBf83Mt0_(S!&}fcwNPRJ(<St9_pq;K~qZAEwyJtE4Nx1uVLNKY%;#``i6b6et
zpSV4ViA4BKfPFKk?&BL+l{K<?vc8|sZ;wgM>prD-eX1Bi-GP)nZfTr2QstP@<<3Ws
z?-LZlT^#Y<H{KZTCA6sT<dlBGtf_Q+gy2Re8RlPDlr<-F$<iH2WU(WoxtSC-rB6C5
zSI;W!VD4DY33}W^A2DszNeLXn3|0s7@XR2y1oYMy=WGnnCe?#H8I+q!3PL0J8>cY9
zMrBqZ*F&*5EuZBcxd#@Fqds88irf(`PDlgUBPb&fCH#Py0aY#js96LslNUBE{9<~S
z<}!E(Bo(4DIU*>nLnkT02J{~iPq<gdwP}_)Peryq=Jkh^I!@A|)IFK|<A~-8Q|!1l
ze6piS32RY7%7ry2y25m3?lv#y#TVf@(3ORp0ojUkHvrJmm>|5Su3!$UNSU{wV-tw?
zFOD$7mz&-3Y(1fzRvB#8cmZ$*z7JyuCiMH4@zW?dJ1NE|FabU_9B*yRxdMYpGtC|{
zqTDb9s71MhY<iG@7)>3`PpfiTpJl6@)~djaMW@AtP7!93Ao^m{h`_>DDT<(&*9_8h
z2=S-PNOBkn{*cJh5f#RyCv^QHMU)#S$t2T{8&feZ;Klio+r%&^nig}}@bu`2if5cS
z2J)UXFy~>3-Mbu1iV2|Ly%RTo1!mV71BC?mT3j%<`jUBx()o-F1cY@v?4(#s_#x0}
zJ`1Cy%5%Ob$0rNi3kc9{#+K^XWJvnPyv`)`oZcO<uy*TF;yQW}GYPJ#qq2N9!jt`R
zqii~OoV%-WlHQvjJn4`RK3`l{?ZtI<=XQwt99&$K?SvsXWg%%R&hqC#IWb8MB976W
zKuK%d#Jh7*@g(g*N;Fy<$O2dKf;8IY-CjF7w4fv;r;ZVtj1ovYg2_#yEM&B8&wz@%
zpNkd$kZ~$2N9tvZz!>#X84GHx&jp65KQOV`x{|yvwEvO1!-;t3qxXQ8W8;{g2YZ|R
z1lAzK8UB(86uh^hk5_;a&mp0VFLkNHnM$7cN1vLC2=>3^E7uo+1UQRb;KqQ3rrCjX
zEDOve2H6et$5HYuKgWrVOMU<7_A~h5`<IVy)7;UjNKLnr^P{ra`tP}lx1iE@Gq?{9
z=$s4Hk(5kwJJ1?UOUFc}v@(*T&76MTjaL~z-0w%g<ZDF}$BlWFHzrKXN0eLBeM$z%
z;0P6UPcXG)F)i{Hl^7<H|B<hY#d%7q8q9x_1OB7imy_byku%!K$OBhnw|MRcOuFQ*
zG0NM6G!Y1fE6w-mxO61Gm{>%@iQ)spJ1E(X>%|-hzuqT%$>6Y2mipr!F5Scdr$gMy
zdWAO^g&y8aU<_asb9WFX1Xw@{ixtrB+43YiLNMy1^OmZT%nundU@;sK*ZG13PJZ%m
zCtx{8m0$=qOAs7)BygxTuIyQxmXH$@<_cCr_9HPT(4?Exe07>ngh!zHRTdE^>n66h
zaxz~E|3OLmkFsCEf0L3QrTNS;3Hqs+Qk`7uOfx9}EG0h^B<EDhyUF1HC?yj7w<u=(
z3_3~wl`AU0ax0Y8^r>F2ur{V}!v7qN;XbY1d{QfpXh7bh%Q&t;IB?TY<-3@Mt9C54
zZjqY_-G3Q`=iw(RE>nm!b%e>(sNfx65ax^@e)KLs#O$5*S?PJ95z$$i^}XZ{c1Dlh
zh_^20e(<}0VGal{Hzhj6urC;k9IJGIImg_xQdc~DBYqtwc0=IuXl_MvtucEJHwZC`
z?c0qGwY%YSw_3T-H@s192HWWk{C5}seI5V3jQ_rd|Nbui`yDFkq(ArHpT>W`JF5@q
z!?ApDPf~e8<*C{L{~hALKf!;$#DAaQzn@Yes&Nzl9pS%w^zR=1yBF*gI7|;9iU?>m
zjg$x=pXf<GE9M1dY)vuN5a)!ms5**LuHn3XzIJnC81x{km`>&0T_pbQc6JPnyRAQ8
z15@Ru@e-}$kA+RWln##a*=#t{UyjT#+4vbINi#oB{m&3NnogZSXMSGzpBMQV0OFV*
zSN_LwwsQO8IOoG>3e~>QiIZ!;C^65lBUYx&sV{Ttm@2$*!V*7@Mls8(6Z7+q{~0Ef
zxZQcSdX_%1^Ze<MCR(ap^3}2>*!jw(oAxKXNL*zv`Ouv!NWJ4Oqg3B+4;qpH*Jqxh
zgtY$^$&CC^1Y3^COzxNq1IzIp2<heU3WZc?OULy(ijMC9=6>PW=2bx%;%4hS@f=dL
zHTZo07<TDoLL#h@WO8PM<R>CyTG`!uYfMf9em}%}&)qxeO2({&wPZpBQQG&4dr^ou
z8O{;bAAzJTsZDcA^q{<6{@hInipuz2dfza4%#?%~2bdx`CvfwAZ}-Txi8C@{@eUhf
z`91w2UzL>zaC|)d)H-4)`{9c02PJ5Z{|9tuIjsZQ8bjI}Bfq-A))*zIDhWFP`AI?k
z1*y?e4R<kO;2zFV>uV~^Sd3E!;x{xLF1FiDDslNu#mPn|#VW@+r3f3z7mRWPb;K>`
zW5}O4=ENh~1m!xUY?GW}vZ4f^lH;*LxN1tTX!I<Sj#Buqxm!b#4+Dyct0B7`886)m
zZk`~IHHEV$c9LM@;%`p)9zV<Lin;P1N)s?ePza2ys4*~wiKjcwiJ@Qc!9ZS!`F*UD
zRG+WmE|gk!Bm0Uex;|qD<SN|j3tWvvdJwjTse{eS+B+y>i_i7y@9if~^f32pX1~3e
zTeh7^3Yy6UkS5a4l~vrT5(`<Y%H46ZY&APSNTxQ!C9o|m^`l;0Z|&8mpyd5j6$^K$
z1wJjv`c%sJbPXNI0xdJhcgVW4{4*_9sKaaToaRW!%6qb3D^-|qS>lf7ctBR`1*OB~
z9N!2V=L8r^r>klo>{EP$v$p4WQDUA?v#Dhibga2Mhah=J<d1U3=Fi9ZvNqEm4ayzK
zrEiB0BWON|xh!%_OL`_LPg|!ImAmtNQe>DMH>B-C2Qi14UU?Ny0czYPjVqA#@Ti3w
z@hwOI_(TKlJidGXelidNU+A=Fc2L?Q9U1MYx8HICqJMk%<Ng&AC%KvZ?q;sPJ*1IL
zk^PrV;8?5jO!!&dDm0vsrOnb?>7{H|{&=x}_1exQ|8Peh{&;7{6#enrZ@K6DSAKlu
z`rBcJCr?}r`U*{b`l<Qp)~zS}EhyqnPr$0udG@z7DqXS#pJu)%<QV#s#flHP{g>|G
z;cjjF(Ou-_!U-vorP)!EYz#Y+Ob^Fy>z%lTmg3R_$jl2C1xHPuGbh8h1})K*=Sl|d
z(Kf+z!7@@~Kqw;z>u?SJzjp=y-M_y7CVbexzPJBozI)YuzOr`>p5EJs&(Eh*{Bz^Y
zme~V)L@rYn5Fxp=PtKQcd<N9>-CZwJEzXJKlGK)&o`CyPR#-l-gR_-Q;RcUdlH=4t
z_GrU$KZ&7(j#npOT(aF4PRP-%ipAkTF_a?(+e;n-<vA-VIGUzGd}ojLAk%kVxov^W
zSR280o5i$63XbUtNh2^UqU)Fx6{<EUZFfFjmXOe4cD^SDz^k0S&S<W#?%ZzXvJ2E!
zD(fR3eC{g3Rs!Dh9FjoKR1513HKY^-zBln=Fq8R{%n=HxS{;xb>6Bg%xt|Yl^<i|5
zH-a)o$E0Z{<b{qb&Sp{@#Hw>vsDcU*Dhu^C#h5S7n5)MtZg=ch(TYp7k0Q<Nn}{v0
z%M}r7V?4r4-ek>N9j|Gvz~q59ld%Dj@d@NVD$Qb$(GKu5ppDV-%aGOv=Zr^i6Qyd5
z*@JzBgVA^peIh<#xb<+0v!j=m@L?eO$j2dQH3@3KGN_(`hvW%}(}kK%?hMK_C$z+J
zOmONzlZ!n*!h_(L)D)~)eBsvTUKsKQFU&sbFL!L`0OTUc7{1CuE~1HcFUpQ8k;^hT
z7SlDa8};!WGew>Kte~T)dV{Xgc#m#_UJSnPCGV6#b#*LKz}J{(VA=s%OQsCc;~gZ?
zIItXKj7OatPoiHjJ2aG;2Sh%1-BYsgq|;f62Ebhma~VpWbSI|VM>3RW6`I_R*2QcR
zo7Q+|qn#32a8+RGi`gatEE_jHN<=M2f>+!b(AOa0;=8OmKoby(Kx!y-6EodAk^5?h
z1ApvyrX9FD)!8}TWM0;Cr-VroiL+=PznO@j)GqUCb+Cf8%f0EKA>9t0fa$ugz8jQ1
z^t)gLI&dF>P!6q$67^C*D+aJB=8|N|$*10YY>fLziX7M7`s3ZC@or3nByV?Lg7+WF
zUTz%Xz((q}1H>qvxv6#Yf<{@kQKLUbT_yo>3#{Wz7x69r(!x{ggnGb(gq2!lXO48v
z%hfqDK`QCyyCMsfl*Nf@IvNUvE7we*c&tdn??{7_?cF8#f#af4yL5EUd@qc3ZW09|
z$zm=Z4U8b@XA2Q`&5L1E%PjG^Z%(+GZkg;)!aBwdK&U+vvYt&yWg^4Fi>@~A0X*k-
zKEBVB>P^-7JD#5v3>_Q*;C=2^BM}0AwuboD4PZ#NJx}0g1oj!2U@C%#i+m=)2M1>z
ziH9&1Y8g*8uS3;xEbO_EgYhoi_;B8V%)nlfmm)`4N;a=u7H0TY;*Hter?T%Y7kCv@
zaYv2vQ<THtE<tL>Jcf7*X?txmr1zH}BII(d%CX}uL7E}r1N(_RZkQV3cV+|7am!5<
zyp_CS(Dgv5C8&E?PGCkS9q?B7H;9`lO7$p>qVEgP=o0*>$~A551K$y~D+{6H%?Q_?
zn;zm6HoXYVDIk`)`;fL*#YuEgvzmi%Z&A&8|H7MDoIdiFHQiQj$2)QgltgBXOtNHX
zbKR|Suur<10uAY@+qBCQ7{v-4Gt#^s?}7f%x2Gjx8>k-%8tllPM;a)c`@PUiuA2sR
z5aCS*h907WNIFPD-Xqs;Ha%6|LB=(8oUM>faM33_=oRi2E}l;ljfN@-+_K|VDVZ$r
zT=0apk@mMNX@4ucTEL`HP?}33Z?u(=%Q4nW**~lh!L8o93+^vaNG-<hc5*l3QBJB$
ze-EL6(O{0<yN&5IxM{U2%*wiw;i`_F_;V)Lln@n8UdueZZRg?b@QUO8WH@O);l!2>
z9J@Cg#$;W&eexNkH{WauCT`V<rz9yB$3?w#GhXF72YAe(jQZ^GU`Sa!2X&3yVk4Mm
z$N}r_ArKDK4N=XwBnDJTHp30$c?RziRFP+;<GZK}cpR(XHWL*Zy3fJdKPyN`1wY!r
zpM)K;^!<MFeHJI$?-Y54A7K@wr``a=J}_cff$|A%$z$}cWWE~(&ug0Y+=`ySO!+kE
zD0E&kLMQVq?v3lZ#JrPqzA#my+voLJo-dg1!$~EwtIJ-a!Vv(BN$;QeeAha4X$DDe
znJ<!o)sO{|eDdIRHM{=sk0lv$j(`#IhDYywWBRySBiD47p5!y|?L2WL{S-amxVv)K
zlIlY{0sQ;(rQ5LJGK9K9EzaEvd(CP=cO0s6LB|v=0(-2zWWN`&U4WS`1s^58tMHTr
z4KqVMO4b!!7PKt{HkT--?jw}cyv|ZKT1@F$;CQLo2$Wa1-H??RqQ1Bm?xAa-zTkr#
z=`DWXoj%;q$Zd}9Ze(wHo4DpZ87FHRoE_GlNed!%$F}_u`&^g@T^=TP#H5Wk7%`=&
z9?fEpffW7h!iJLpK9uRcRMG0rJbe-65~^xEbyrFdwl`EQ>@T}V>CKzBQgBUTeIE1|
zzH%2U<7xvV^j3{xu~9hEu_O1xqbrchTF=$Tnuot$0K6D_wH4z6^jeeL-99UDxT$nP
z8aKvudvjjboAW`qE_w;f$W6<&UV+E$gl~gr8Py?-gAB%FGQJ*p%2_3T5>Q!5$|r2K
z*~>S5AKwh_w0H7p$;=oTT#N{Wr(60oLc2Cy{6%H%b7|>uU^)xEppaD(W}&(Cq*rz`
zk6v?6jMrQ$4?i^z%`SmE1@vU>l*SW<#IxZClf*|uT_Z7)Y?7W9S?Z-ZAllp@&cs5Q
zZQV+IQ9UU>HJV?@+vui=CNRlJAg7Xo@c0zuhI&wsilH)dgU4HhKl1DMl+=VSXsk)g
zTVhJd@}3e-)>W%)yuuFCNm-E3&=1L-+{tC69bcePX+;j8i_B58^K`jhEu9!tsR8*=
zom_eFZr1ibGR&@f@n>KvZ{c_ot?^{%Bg^w{+d6x8>llLK6|s$7F+)+Sk}cuJtl|U;
zjI3HUev<j(v{;pVM7-ed0|=6+R2Q>pSWRIx?`4jJ>e_(r0!|%hl)Z;GZAR0+6L?Cm
zCvJ>TETYnEf)2dc9`TH@Y2z`uRR<$U7Hkw&F`#Eiv2dHAV7;fUt~asPB!QLH6X^Zv
zPG?>>YSP(67Vd#bh&)2K3OYu?MXmt6y6*|bN-uAb>)`H9!K0<4p(<>sYH4WjBdofh
z-EY|Bcn~c?7m3xpU^YBqPY&WuVdM{$K8AXWS#s34wW;r7hf88gB#wlxuY1pphY{Y{
zZjHbbvq8PAg)Smq(9kH|dA>6=<d_|n^iAfhx6Bhf;#8xCJpBw4!pGu7F)|FP9j9e7
zY-156MeAu#TB@Aq^^o(tzH=M#)S19EOlGQyK*t?)p!WW$;0r@82bH$rs0a;@hyv)e
zT(>{YD&S095AW_tXoETmII+=)n!?(PD#wb-IG5~1p_4@XRmO6=3ToG5LG3yUYA5T(
zvnmqP;F4J{iaJmtic>uhETY<EI~+p`Y%v0-KKBjEaL`xiRcEJ#&Ip>rD7I_DMe70>
zIVRd#L$x4mdT)4ORQbFZm$P!=Z!_u)+-E<5cG4$snH`wR?9(qprpKEp^ZBwqH~r;^
zlC?U^9UNHq3D}jh{5YFgyMg0>Cdj1ntYmatA-0#4Ip8O?IG>kmb6yg*s_SyHfCv@D
z`q-vuYE`h@sZhf(q7GD6X&y^B$toY`q#xzCSc9e)t61ux5wY&j8x}G$3YDQxr)Q-j
z6*pgox@lx5jF@XCoi!L4fGkOTQi*<6tMyoQ{*E7XBoGumu1nx)%wc4;IP_?BG@_d~
zCFreYEokcD7quv3rxO$SsWv-!M63=-b7U)%@H%fUQ^E<(&=`H?rk5kAkh`eL^=eEZ
zjoLUgNHPHSm{@FBzyoqT5tRy_57#Pa#=N^Cst(bG1s=Ow4|%d<btO<raW$qCS9fl|
z1C}69DQFvzd8nW`*D4}?Zsa~L5vY6S%d7WLrsu<-TPg+T7JrD`QRr9RdVyRi9_JLc
zHd&8R@j~*scFVs8X#%{(QH4o~MqX;$ea{ydnq<hsJ$@6FQ9*3Fo+YGHLMn~pLSfNp
z8X}V1))H=|ssugOJXbSKl1-4z9^Iy6h<yar_0esNJi+gtM6xRd1gFnPX-9sTJggQW
z`??jfuUpNGY=vv_R=Bov+iOBw^m}NBbmwC|s|$!O^>-Po)<H71(R##qXek!J?UwRP
zH^(2%@~M+>98DpIEG@|X)JPV%C?O9(S+XhQViR(cbp$qlsLNqyIjCJYWC6T#vZ`gX
zxXwV8{YEGn?M3$sicwUCE2KYx!XsPQJ^eEIWvPM%LELH<bWgtwx1kOZI?bV?O|8uh
zb0Ju*jZsY)HX|XwCz)?@tD!jXYytwM#DR<NbiOzSTi-OQs5WJC?cxh{?lp5Dwk$Ai
zUNoR!%1~p3DC|Hs%g(a%sG(_o=2gLsmarR0+&NH^?o!mhpQlE-a;d`5F086vXl<Ja
zJ!knw4wx={;lg?lspk(GbD2v@ArO3}K2E{>f`!H}1x_;Vf3fYTH!3!S(j+^97ij2l
zWx-%j9i$CzAX@sso4{zIJmsM4HiwR7pc%wB)|H(L3eqHtH;lZohulS-ui%1$IVE$^
z33;sr0#A|NO0V%pcO^V2K6MX@H}*&A)hlM7gLP3&bk|f9<hI|{D<fQz5+W0(QwZJl
zhQBA*rKsA!yi8H3;Iz>4p^}LwV3H2pi>?i2h1mbEB1jDOk!=Vr82e&}`h1k0yTQ4i
zpPP}n<;82evd&3vSA>$L379*Ng3M#>oLPYu1>Fnj=R$4eMjc%W6mHh3sZ-fMQqhfE
zk*`8cSN%+=>6&xcrC122uc=-Lk62>04MEKd=^UyKodZT+zH-IG;mgSM{iogVEU`=v
zY|dR~&>pK89k8;8CwYscowzHbn4)hZ+#VP)OW)W%kfLsp4I>X&wHL|(MNhD7j=09m
z@Z6-%HknXuA6bD7Txn3t^g#=v8?v+%7N_yZ8-SLZsy~63VAOJVp)b=XT*^QDw4G;G
zXZRCj^TD4IaPutFN{BaSWjdW@r{$`}3F*4M&#t%JXx=5$Usp&Nlg5ftzzT`9>b&Ef
zKO6p`>J3U}R0(Uxa)GCE<lMT+ku+)x+(a?P!}xBb#xi_G!7M~4L6&h58lb*T$9>`$
zf?e_5#U!gv4uV}VE6XMEOvPfM0>Y%s=`iLVFCnPL(eva1g-4P+^=rEd6y6m)V(cAO
zjYq17L=1vfPXHaHUfGon1tBB&RK|bF=qnQPH1_nKE)i5W4AiiS_7YzRCi6Y-GXvtc
z7x}sQIq_|%xaK>Y%>{u}Q*Z2ZD-AGZpNMo2hO_WQv<iTJ9vDbNROwcWmn9)B3wFzh
z<x4rJv{R~Q#d67h5)|R|+_H~;7eMiw?bJ;>YzV}ia3siX>#juYDlxqjI#DjWHv=Ct
z{}Q9SQv-vE^I>Hi8jrKe2e$Bt&|Jd%&&dbG0D{A|Yh{sxz{0>sn`Lui{1cMMO`{?{
zEL4FJ97KbPfe=S5KNORqoL9^QOmwg3Z72)wX9B12zj~LjMR~Sm`jo$i$+3FSVv&$Z
ze1IJuvJxZG8r+C)U`N8iVMTT8k>WrWv~fM)&4JegXufVHaNIcXDJ6j<PZ5@`7~8!e
zMWT(&C>fP?Y(|YBo(6MaD0hNEJz{7Ajji`KLX{rfHi&F@!duE9K*)99avG#t=#bH-
zN=Vx@0i?o?pMKg;gLTOJ9gC<BIZX+}U0{3(T9Y--3oo161bnc}Pa-4QWS=iNiiDz{
z+-Am*8P@U<0F*5VB63ydOGR^Z^71MyLZ|~N1tR36JZ#+`01Oc@w=j%T#~Wj7`z8b?
zziPi+qn@~95>1JlH#29g3^{C>Fy3*(@rQ!e0&SjVEAv9sO`7j8etO}pR8pY~OrM9N
z=<(I|$JZECh+kh!@d6*%4rp+X?}I+lZVXARM`Yu{5NCm#q_Z&yJB<h<SF{;@6@ik3
zFB<|`jO$~$wg!&d8u0TgGb~Fi75(qwdWO&SHDTrSjc_uglFmZ7DL#_;S3T;m8`cOR
zJ1fW|f}GBTp5&3%&MO-5UMeyC*r<b$SW%dzL_H&uf*uACRR&jr1_piqGQ5@EP1N5G
zPN;wCfAUkSKl+;^m<hdD(ByDhR0UAQAa*2YR30dTvRapzhGPwTD*>Q*{tfp&AfLm0
zIYh+^#DCRtXX0~5IZR|fT$EwM;#UB-U2v}<mSj<f<b+rYTmMiNA(Gdv2uvGM6r!&1
z0eeDV><CG(;@jmpB=cH=)I#UaqZI%HA+G^#fNGMoh|F7(4gkZ-N>%G?-+1TXC{Zi4
z!a<4$YdE~iv{Cs&;LEd}xDpsBI+c3wZ0odxk>PHUCBpKdqaa|mrRNCQgp3Op3*BBA
zKhzp)7WtWS({)KKC+k5$Pawa>u5uj%!3BJ=YZ<mQs%t@FUWhPEy82Cmxz-ck%NC73
zJpM9ff_vU<e6XL&#U@C^@!ye_l(@)++^^8Rul(|x+N;idjtH>rPI%uSVp)^yzwr2P
znQjfbdNtg3Tkv~*F?ZjFC2t{08&WFezqj2@FL=#(a&4!vRh_N33~;I%nM_KAMR1a7
z7~V;Yqv$Ek2TYh?AYcHuATb$O9N`M}%nOy0sN&YkYT9*GRhzD<=!*NQZmCy(nN;Bz
zo)(Q!Y`<Gb3KOeY*Yy(LC^qDUu2Z^L(059M+I>G?;ASym;G3}+_@)yB<qEh9zDpp7
zHyo~5B`YzlZdqtSK|8dYqsgc8c;Ms&B{H)*6A3afHrzt&r8?9$hwlDDtakwXKnxcf
z_PQ*T?}Z&9mnH#mjjggR!M>5~{8l_^Z|&SBzxQ{I8$mEtv0J=gUx{K(AvhF-i&Yzk
zCxLSUR%9<Ud&a#5qW#w7M4<NGe9~zi|J2U*H04;nQTzM!`X;Cuf%Bz^q!u58Hudo}
zt3JNQ>SKfMK}K8~Qo#K{>}`T$Y53(ES2u!t>2|W%x9_JYTE&~{h)^&pQB_zfd<x(w
z1ui7Cj_P)TL1l5nWE1ZIJi!-O{Rxs#fbBo0XeXqWag!T2dK?-N1^h$`q8mH6jblUP
zcL^OLuna3k8PJc$9Z5SB^d*5ayMJW#^S>Wz=YQYALih><;o!d$vVs4uUf}u!Eo_SK
zT$;M*Qom=N>iuu<_o!I7yCUfCTAz5&eDN*${eYCYuh9OWO`9}qMtjf<e<aajZcEG}
zh`Nod9ES!SBt5r>Ig{6@qLOn94zq=pHk}?1;%ni;)cAnIVa?KQZKWCIy9a@4+3MJC
z*-=7)SL`B!5RYZ;5h`#`Fhs>DP+ChQ;UckchD6Cv={+)Rj_SVf#Ho7_c`i~YB@7)*
z?yCZT7vn(7R%_i2yC-faxm)G4j9sKRR=#R0U!}^9@Ejw~)yA6FY|U$i%CaSD?05mf
zW7l@tnz?S95s$b}y5<D!z4+t2SgiX`hpz{es3hy{MF+(VVE7w(V=XNY-_o3Q42le?
zXabGT4!M;_+nDWOqJ`2+SX_izr(?7^VwTD%%vc26maFnjdsR|MT{6H^piJP@su8fC
zLuO@*TD-8-6HI*9fVBlU7<K>SWE<c;m!T7E8>_cvENUJZu<!#N9m*?+MQL#=<K8Yx
z<Mfpx8vP_s1{^Qh!|#hC{-F#*pF#?v=P)$97qM+>h!+d{0zCdg-5>#HK9~XKaoGjU
zOLV1ofc`+?5dbxn;R_>3>*-*aM*r>Z2CH#JgisEH8MrE=^!YHT0L?_JxX<;Z+Vc^V
z3acGMR85sWPnWZGWt65B8RuPjh7BAYjmA#6r&srQX*w8F(~f!YZMYWp2qfE&l#2QJ
z<74FGdeb8;;#C99=`z-n0lKOpu8^w;2M{8?K+{mLd*r5u(8VSKq>DSm!wDybCU?Wc
zTn$&zOz7rSycX8uQ)_pPtEbQeoeRkI?Cdw{VN}DUG2Zaa&qwDYGg4^*9Qa7*(A|fh
zxKCd;rkvvP)QOo~NW0r`Bk12o$54KP+t}@iFKr{6j!@uNA9&Ankern9EDXRmYnF0x
zr2)s!5i54wnTCn|VmLHPDQ-d?^I6@Cm_LPhK?*Fpu7m(iK(W6-u?S&CuQJ6;+3-4h
z1fjHb(+%I1knvvRf@WXTJtlS_Vh1!5;BUlnR>%U}@yyf1rRvPB2ycVSyc<~?({&Ts
z2M#fzKE5G+9Ap#Dv?Gh4@R@^ZeN+Qn8ve=^U)Nvx9(RmZQ2nwNm=vdo38!^m^L5L~
zdR7jtdhU1iN5MudsNsWzQkwYA`yMXx<BVN!_~ykyFF1dU05D-pFpDP^w#forB!Ym^
z;4%WK<*H@L_%`(bEbTsh7{OtN#AXsn5a+RA-wPn2+2Qkd2fJ7HZs-;TR&re{J{Tg3
zC=xTp{;$fiZaN5qg&bzx!ck{ca0_SYYwotVb<2I&g&Yhgd(&B2t_IoVqv7jEfoFhZ
zpR47}ta5;HoN(k>DvM9^y@HH76>dX-XfMb-aF#)$A7X@y1qyNJfo|(Y99V?>{v$6M
zv>%N_>`sgP;8g&@u;U~d_)t?~glRKE_XvgGL7C6eIuxO-o`8sj$B!f`dJh26L2JS=
zxVLTz46XogyXAKM4M8d~7@aq|2gOCWFADL{>?pOw1W2z!Sj#}I6?&I94iooevKL7I
zR_d1$;(o+g*g)m^kU*Exfq;PtI#Yz*q*g;pt)eX+MOaIW*8z?`jOP@)NfOjN-ZsSY
zoU7^w%>?SSLiODlbw}wOae`3)&468GVx%(3fPn~_-A59m4uPB{%-6&-*Mu{5JL$A2
z*VPP&fV;9$Vb0y5{UMeF^1a92yZNL;MHvTWd-%jg3Vf9)KqA!J$v@vgzkPz<YSOtD
zn8UzlHh?oi`m%*cA^-znQn3@s67xEiv^cQsssBZ#kYPghcCPH)x+MslCeVaD=yU^<
za4W$DS3Yg}wbf5tQ~I32c62Qg_kV<WLcJ+NF8EQa;7@J+>08!Vrnxu3z415`Z^^v#
zNCz#ikW?!1fGYv<FHkK>r<!<pg%A#IG&$Jk;mOM=fHwrAZf!|%ounmW912>Ls86-$
z1_`->Hz87oqGllmA#A)^y_2%UyEDsok_&G_b0J)dFNAAg>>zbd_ifNr2$`$E?Wc^)
z@#xx0#xV8RXJyMC!SB_rZvQ<aCEaFqQ_}2<P%T=fjc(-?xstO@RdN|XelXB4tk%Kq
z^}ABHu~#1HZAJX@#=D9Mz-Q_eZQA3h(}v(~VhAJNZ%HvVt|{>qlm=Y%K~nnd)X_SN
zxY9furHZPxdu-agNbmZ)=EuEld0C^g5;`Cw<2Jb}7-|uLes{dq_&V0o63dksDWC7>
z7Slbr^@-Q<UM~&IJ|=v;dL@)8kqg?tVvC5!UuzN2Ft{>1*-oPs_so}pUhiLNlyN_?
zJ_vK(K`H+_E<*<(D&;fXb(I42YAw`w-#&R32E*qvL6qS@%)OGIb$9nRVRB}|lQXBK
zc|_bY5X`hn%VGG@jX3=128SPc1$2X+aZE>tmYQi>Q3dt`NSha057c<zZ<~PQ6W-1M
ze>d(OBS0xD7~dGgFw6<_q-kAfV;vfd=?;xG;9$H@*oCi=*qjKOZkX5yq!@pwitz@{
zNu)X_Y06k>M9m(t4&SkGu|66)0D9z%WsKf&bPlPk1{Uo%3Kc`}1cF(l_R#YU{OJ;t
zD-F|)V`~8eV!Ke=5KY74h?qzKeeS+VBsmEo$x#i-c}Jk|*k5727B*NGG$AoDm2z+F
z+miM^m}@dQRj|}gI!ceC9*JKAX!0d-@hU$?Ktu#79!ZYq#V!yB=6{gv?{gF;f|!QQ
z0`OKP6BuxUI&@!@#B`V~7TnMRz{)Qc-LNm{xv+Cmy0fxlmfg%4caI@YS&JX`UGx&X
z>FQ`AF!#WeRR;(pjGgvYLLyf=2j2xRwmIi(LH#AZ1yj<(;>UHw>OrmpiH>!+mxkx@
z&G<aNxpVtt>I+JHhW^Rfl)eH~5K}y6o=F^LM_2b?L}6Wk{e$sjC&e+$+;UZvfUO?h
zgOVRL6Cb;68Ue36xW(Bs_x6H3o%AJ0)X5hiCT0B&l}ZOlH(0^@yVl*4^O*~78u^u3
zEh})_UO@Eo!b!30)g!!|xi?xa1iE=crIi%>T`iRu-N#ChGYoV(1w1mMNNgrXr!|1(
z2r2}d;;nd7yyb{AF6&)mYY#8SPE)*EBMl5*Dk1Df_RnnXfV1NCg}k#o4j&@>`uEuk
z#UA*ZVlf5Auw0p+g#IEYr;bF#t1-<G3|aMC#)Q`zHW-Z8#0kbOCF)J`6YK5q1X~A_
z!Ke7+mw}^+{zz^s2r&K=>QBC;?_Y8g?!l*ALEp3$MYKJZ>GwCpIsHC4wrC&ZRe{em
zd9_&VuE2Uh0FT&HriYlGj??_P_V)p&!2P|d8ifg^xFB)=OxFw$J67j}!u2c{6*aVA
zbrGEUMt-}h+`ygAULZg)_F)TFf&kJ7h23>mEC@x3Q5>3YFiqnjX=}R(n;oS##J{lB
zVV_~p=xJ_JjY$R=@XxnNnD?QB0`-ZyMkEsi{OrNl(RY&_EK6`j18w?y=u}Es@ETd<
ze&ROcV1EeRK0Y9jf}Qi7gB0Ko_Q5>)d^k#<T)P4Vu3kGxuir?&+~C5#(Q&<o_kAhP
zYX4&Y2=|feg^?=KeF#%^TUZNS#X{#np{qoJwGiSr>>Kd}Exu1&(@=TeH+Jn)G^jqe
z7S(I3urVFKe{vljxXG~1Uv~>-s=@TuvEw<%kx#vM18ryvVdFz8TK1m0r-V)u5q=Iu
zVmF*idcf)gR!R*!E(nNGcI>PHQQnzn2i%NL%YwpfMv`fj#uxNhygVA69ww2MwE5~y
zfIKw6ID$E{ji-5#W3XOj#SG(C2%oB4jR-p1<gUbPgMsRH=|-s;?Jl~6zZYM^--}(c
zBZ#+f5|}gF9#j+fB!-Z}ZuY9s<GKN^L^>T)g>)`a@SHN-Y6$i<u!oWrCQOJXD$)oD
zhGfq~lJ>Hwpjy_32<zXq16A8a*-_%w6P;^BQRP!dwD;T%-r!myDRrC}5Pw>M4JeQs
zHU4l|`>YP!vp3^#rFhL^rU;tZ;T#}4hy&{3xleDxX2X~pXoUi84B$<7ZkAI_<1#oM
zwbs@2Qbta*;d!mmFYN4~s&lpQcJE}|cfyneezhK;q3K@ht2G^g^(XcsHnM?P;0-~e
zCQ=k8S|_~86HI?X84=-X#@YMQ&rs4m^V312o=kg~u*mmTUG6j^f^b!vx_2o`U??f+
zF*5>}*@?<Xw)@l<dGaJG^QmYQhMTw8bkOL*g$EjXOzR%w?7px?(Qr<@CgdL2CALUd
zegf7V*#IBPx{hglDT>UjILmDVk3ZWWpbT^6c8}{4J;pn(A}J)B9~H-ICz<3e={GrE
z2yim;1~)dPkAvgk-t$3bp`zecI4jq)38K*vY`U2vgZIP8Ysl4bJIdq&a!kP;$bexx
zD=lbns+r&k7!xpmcM<egwJ0^_>fu3X@*irfv}9?jWJDWX<@1usL38SP){lK>H4vnI
zZwtBx?NxgXK?TKM;A<!2^koH+c@CCCy|2$>21PiNwU(sgN#`Z{dF8kvwDA(%yqU07
zlxuRvTvEB3)J2+`%gy}w83{xhDdI|p_+Ezrrss+Qy;2M@7Z6Ub1zqIig{HkHg;k~i
zxnn#u7{g^!1Dal^?yR9J+Txs1--`vEC*0;o01N2enKXOK@szMLO>=lToMg*ozEG$~
zlW2v`=!l`v>XR6E2KWq6$nri9xh0b__JGq3(UGSlp=}eYpf03@OvnU51}L)zX2s~#
zET9v*3FR&m+YtFm=%j}#GJYet&ke1Vp;4mNcQB}OHGLgLlgO9SiYw^$OD<`dx<87O
z@blq;)M|MzyC&z8uz7UNkQa1zQ=}Qg`o0~rzHb}W_gx=#(qbhr%9)lp6|1AspCzDN
zS<fR1s|EOPDuzJd?Tp2e0c4wuMHj$}W%L40#$0=d$qxB`s<u(I1xdCI02LX2B<*p4
zamA0qO4?2sCf`Uj@+HL)Hu%v`L%%J5M}%JJn#L*}3^|+f<h(7?-N{&sYQ`QZVH>Fr
z?%LK$kDk<f+1}CKc<&{8<ePXEJtNJ>tC%Tn>EJ?BhJZujPt@Mv1zH;*+rzm;o}t-8
ztpDTO1L_I_zm@S5&J9>a8TvwI!2^7D(1BF1FVrVm%?2gMCV{V8I%QCN%9N+D@(Pkp
zJ}0O{miN2S6p{|j0@2qc<z8Qy^mNcH->y}t;_#y&w!lip7|xG=tYAD4BxvC{$WxqH
zj0V0cd%p&S*Q=b-7Sum`p+Ev<9C5RkysHiz(wts}m5>!&LJCY`ltJ(Ifw8Zc13N|@
zq<qe-bMY0LsfdKx`&fPMfwzSFJr0T`{$iCUjTquUh#>8jr?^Xt7#;>uk7Dh57(4nY
z>&ByqQhzAgG7hnBLRDuryF?T&K!w!0Y^(SPgi&JRmh782k;Mf3*A>0Q#w)T)M!*;o
zalYsiBq_LL9LWr)!fRKclOTCU@AF>#G)Aly$aV(_Y%_EMg%soNHYI;lU_GBZ@@F0I
zz+-lexh8Sw^F*XPpQMSQ<Lub|=8i^Bq2vKXp-cc7i_94bRiQx&24p=^^oe^MWTP>A
z0yn5e@-at+VpNNgR%75K29@E6e2Jt~%ySEU*c}YFC3Me3to4n_<Ko+1{3@dGLV2I;
z7~Ys3GURRSR>Z3evQc_u5ZLsWWBg?V;ZAKogI5*L;r{6A=vtEnfSVw1Q+drZf?6U^
zX5HQZ&149kYmT>fV@rf%xqIiq18dp%_|Bs{AKp8>_vo<=GMf&rg+YSZt!r+4x4hHX
zz<s|yY!tX|e;%bbh8;hzARcP}ivM{Zeiqj@{M~kdf4^$`c--AbTnBL~O9yZU+!PMA
zUVGO^X}Z0h8`CKL-f&aB8)^DIsp1OTp=7si;5g$dSJU)bAS^sGC_rjv@ebx)z_oqT
zh}@s5YwZf0m~!hoVu(*7VE*oeflV+ceB-Y7dk^PEx@GbH@dV7E#RBsInj(g_M1d|5
z%0WqZ;AlcBfjrD-ZF0r?T-x|ZY&9rX0UQUBTYm`&CjCqqNcM`ady5J;r-Yq|jj{%O
zBNN=N@9ZH$KsN~wtJk{%JdeoX=gpnlKkyJDkJimRz6s|NbHq8y-D-4^D7M7ebiiZk
z7#Q`;1}OXeiN*rJLn6gkjjr$(<OWeLG6;@t1w--J!z5~>f=W`eVF}Y1Ig7LqdcFuk
z!iYBCz$F*{gNWrYIe?g_<C0t&H0#*6(0mQ8Kaa~@dVYz$;)r(;@|S|Y)S@0dABK$w
z?!VOI=WnPvx~)r~;jwv!V#qdbA};GX=1VsFB0ag<07={2^Zg_&-B#9&GbN}=o`1(@
z3`1a)(j6jF8geFXyO98)PcnM>p$4vkumn+JkE5Iz0YUg7ZWI!J;Z8r#Yefe#zTr_L
zDCVdGi$DX({_(kf2=7_=b~<VJBIpA;@{V3{mSo_$!xo9eN}{zz-Ub7iFbv&#iQAO1
z`B-G=kl&a%8`Su)b(saTh=fiVqM?V1D^HXq4;3t7G({IX^_g)i@%!Ye@FBn}yW86B
z#n>MOlE>&t<V-nM6>@&-{EdCppgw=&ybDPX9fSdZPD08-ykJp0@JY@WO&PnHq);;I
zQUSNWq^T552bmG2!wfb)?RCP4+iE$Pr`3rB^r2KAN4uKKCUPWvYv=Yoh$=`wfP{-^
z#|y3+IR$d#I4*sDlusZ*6ry6G3?Y{eDOfO;h;MpybRyQ6Q_w<>M82^J4b|pgBrDC^
z3r%u<+L(o!t+S^~^dY#d`2p#HNtQb#%@C?_G6rf+%Q0AZ(#aZmCW#;{W|?F=(5*g7
zJTpejlA|4WMf8LtUuTY*IYD4mI+_WNjPpF>4T8?VSw+N@vYK!Q<`9!|>|N2R3zMAf
zIGUVKd{TT($g#%L1?HMCbubo@*}yMmCd>g3zzxB?SHtm!@)8mjdf6gh8@wr)_jt|&
zQli^0a-sR&&g~C1eNwdb$Ptx8kw~lOeSCz`q^hj_L;YFv2i~~NB-+HA3avuzW)3bV
z<w~P|#eIa_zSkJkJ<eC4?M$m>J}xpF^u8AdsS5N$24!m{3-TJkxiKO02o{|2kOAjC
zuW`rVi>8hv^%=oI=+{xk(eh`cwL*7z2J_d5uKGk{nI(}bo0tgu#>pCE3COp)NM;wo
z-HM}9pFVXp)t{i*CrbU`=5~TsK5m}vmR8XTqB3PaBbqspTqv{;ewh3C$!GaF$EWIx
z=$1RpC8@dk(6JMo><25A>`Ag0i8}VW2V`hZS)surwd2(0Lyx6MapkrZ52<P$lWddE
z*XV4`&G~HOf{qd7>29PN*E%NOxY_#cN724s5|KALKnHTe+pCthSM6_4{M&!zy)=xI
ze(+{ua4CQv>A%}Gn%2(?*g?+n;eq!<5K6_@&7F_$Grn%7f#ioR@!?2SK!18#Oen5M
zs8TY>W*}o98zo;`ggMNoUc<%8v@ir@Kfx04m{T-Hs$#6*em0g|NRtAQgFtIpJg=^4
z2~NXpDi0;TInC>_cfIhHIe-OkxRde>i6zDABcbAu@EA>nG=UVnZDQ9)VMxU&j1t2q
z<lR4U95uN7*q)3rHMry6In#0$P>Cb8-!p}i$p^XJ$?8Y$HWj5acsQbSbiiyGVvB4F
z$6FxdrBv1t8Nq31&YJV#MJ6UW;NE*6e1j$D5GN(H)pedWfDg5$9AADO)aVfcPhmfh
zvR0)5sqo`abBQBB;DJ8~Db-LInF`k#{f-K^K`i;z0mx4A7j%%R*9;U?#O~FQ*hsir
z`4MCJCJ;H}?hX`W;FbtS1<U~HE1=6$T{PQ<#s=c}Fgg$zU3R^Mh7kY*FK8!9VWxMs
zdOUq9MvsGJ8r+k$d8L0Fl6$7<9LU*v<*|xIV0Bx!K!G7@b-pryl9+KFL$pMRM+q5^
z;6<=3B#rr`+JVuru{?(-gewoR(r1g5p^AlJrwHiT%#p?w#uXi~SB#@^%Ip;2%ef+#
zXZ2P$JwReY@HTVcW-)_TK6Ph>&}$%<7kTIujzn_rz#Y@8{MhEfGh{MQI{F&kEUWCy
zU1M^m&^L3NjG~K3GP+0w`5sgOx<@D~Jk@dJt$~`nAyK#YqqK6EGip`jr+Iw;qa;i&
z&qOz!XprkoWK26&vem;raCL@H@Mwpw88D$I=oWZ{E7rg$qRAQ9TOS((;pHb^j)+`X
zM?()*giHx)C&-#*Mx#c)VsTnNlV}vfLU|NT-+~~|h!)x3e!jhFR?Lz?QIjvtxjG*a
zJP-#<QgpIM>UY23fkZbJ+`AEKS8yP_Bad7g${4xhbpkT3ZVd{ERQ6v8;`pR2NfPJc
z3Gu=~)E>U>Jy4zoNFS<EWe%H}VD?wgiO|c9-=G-){2fV(`mpH`>0qy2^Bs&d9hA%c
zk*jf4Hv?-#Bp09GH_Lt5glV}7ez>Z;vqe4fj>pw8JUuD!Vrh!j!o4Yd1NvmVsauEQ
zmYuS!`e6)1B~J-Yui7k7FpQD?dex?PD)%Yz+0_)M7gVavP=6Mge$#7Md9q6E_f=BG
zUV7tFDjXR}65zB60biF~zg0bpcqFL0tsNtj5gKR%Q;PMN{N`8*d;(!qc3I7;@|9$g
zZ@6J1>#(q>mVk&TGL-BMJgUL)Z4DmtNptGWpcbXJmYurO4IAbrZ0`(UA5_XU%@Tw~
zSLPA>4zIHAP|TSu5kMrW^-+UJ?6wh!cVt%@b3Rm|d*76dUf`~_#tUA5l`n9@N8<&T
zU+D<SCLMk4C0;P{0YCbTgC$D<awNpOa{qF9b@+Pe!$;#2)7|4`dDiH0CpzLw4k5ZS
z+^h9Ps)%H%67T?3_)IP^p7mmG#?uPq7%_NFvgq3IWHBa)AuSAOpQm{SE2op#?UqF5
zc00+O>qnE!S@lv#)%N@=T)9Ka018OF<{Fe~<`&urp}m-fdrzObUc4ynYkgBd`F_@E
z9s|L|Cq&)6(m^1L54UeFD&KkSx(OZtFN60ifJN?*fJC5X!4J%q57TgZrTW#b>Q|%c
z;d07V?0AU1J?I*)iQkoNXh3$8Uhr<^3Ep<SZo4eMp4~9Z7mcm(o!(@{)ovjxfCxtG
z60TS4s<<CrD_B<kYg-&r2-#JM-$H7|_LqF8T&B@~!AnSi(tJlBVluPu`zM~5JnoU>
zfDHjgVD|>`2sEj2+2x-%wxa?-2K%vHU;~|EB(ZhNYF<1|2n9s+ksfA6G>sy(qh<t9
z=}28jIz{4#NtjK@+d$zT)%g!?tgvBK5XL8_aS`aWaXZ`&vCWLPTW<3w#gW-ReajF{
zyxn=b0SJ;=f7<Z#`F^zJ_d~(X7rYu3yc!pD-N5E<VPX4fc#PY-tt(B-IwG;Ey~SfO
z3w}|Dqi6p4rYmaG48f`MCU(@pH<=%T$&1R$u4tYw;I5W98*m}fYeJ%gK&Z|4V4_B1
z$qaHY7H)YBuvd^R#c%as+4w3m+bF!t+)Ud^ifLQ-9TrkgJ4M^>CyrKit8ml>+#(1s
zka#(RDLnE)qVfIK<a7Xjs{akQk*{gxUQk`o%9wQXB?yv*oC#8RHo$s{)PC_r>{Ro;
z8*kp`d(mGBJS&zbop0}8hB|l9>}%zO4lcwB@m53Ev~8R1h~_Hm+-Q00Mr*yhI(VtC
zZKvJ(X>GMzU-4ecU+G@E*w*fNp}rER6}<K;G_W63j9+|_Z60j&i|+dEH1>$s&F_1S
z>K=*J2h)X*Ipzcog1K(UgTw2ifgq2-_PCyt0$8C$GJcckQPN5E<urEEeKZyGi99^X
z)pRW82R8fwukz$se*USp)5&UKSvjH%WAAE4%9NA%%wow65(;}dx~;~RnU<!pwNtnf
zHP<n3s?%`wL-~YW?L-tDd~`5wH5-dKz;IW-SkteLbo&`Sq1lwR=^!~Lb|UGQ7C9`?
zMM+KE5We5QX|2HRCC_SO@&y}neKBEsk)L(%OP^9T-ka&Il$~@p?$N4qkB+GRPiw1Y
zXH`&Gx}%=7efF@--KK4Pkr(ya-P>RKv$4TPG|oPo{3O^?sr~QOZFKbUq)l#}Z@e>K
zCJ4SAF?sw!wlaLDIJ|hS;Fn(01wRikk}ndoFdud6rfAdo;QQRpu(h_a8qMB+EgC+P
z9UQ!9BQ%b;cW&SFVb`%A?K?Sm+Z)$R@Y-T=vz)RUnxt+~18(5lmT<5ZJFXGjXT#?x
zpO0jVkP95TPWg@rE)PV0n9kUcaS5m+Tx#!Tm#FKV^gM94BmIkMM{^1VO-DTro&V5j
zfxyH;d*k-^UUI)yADRd<&>gGwirntlfql*~CHfWxv#ra-yQ=l-8Rr2aEK!Q_fVt#I
zn><)+_Izd(dK=3tYD627&x)yH<=^3E7d?duUC6uaFr=>_=}~zIcp#t9&<$r+W|L{*
zeL>~>2G1QR!jgumBxqvZc@+X#8Wn97>*$XfIY|UANZvLK$A%$9p#;}_%Ghg~>%7Nm
zag%1|!uKaH^ZpC1ES=A|KS{Kbu{ZF>!C6PO%6A04p{jCrnkN)7k0Znb5XIw>Pf!s>
zoi+kt<D}LvHuRvk+s56JP|CK7B9Lv66Za&m^<qH+4?1O;V2p;3^wc$I+@s;E*{wcY
z0PLWB-=Bu>PdeX!9KQd!<^6{xWbY`J;I-E}12nCo`W*ONU-2dziB~g`m7&7TB~6d)
zAR=V{N_d&=U)j0+KKt_CC12h`(|*XE7Wm(0>$(I8v#}%K^Aa?q*}~P9ggD@}=m<Nb
zr9rnykzYchDOY-t7ua)xKXWr#LK;Vi?5EaXclq>Xl_Qo?7NYzxUq$WlajYU2pxnv@
z<cNSE8}LY`AQtFdCCzK^F^tzOCND3e+C^^7lAxMQ<p9zSehuy~zzc90^!dhoW3WBB
zLyUB1VHqpmTR~niU8W;VX`|T>f5<5IT*>E+N~<;bi^KirS3{TKX41@cXLe4I_Kuy^
zZBUd!@xw4kcdp?Zm@2Z>vt3tfw>r!7rJp3cx(SQ#tQ4nsjB;WRW^l^msofpxE=$Mf
zW6TCrbJTlO1a5l>hvO7(0P4_L(A}m>i5Mt2pxXNEb~GJ&Xv12tAGnk{%b@QJtf)ZZ
z1jmovce^ZG!3uKF0iZcWZ6H8Lc6^L}sgP^n2UN701GBLrkKTPeHu2lRT^!Ul&<)CT
z0}+0~>+g7|m8<6HwT?p!Wp#<mNk^i<fHT<9lX6X|D>jVQAkBqS?xzx|CT76|EA$c~
z-UJU&`=h_RLCMi%S^!tZ);UF|Xg{av5fYQCr2U$~c%X}r&H&I<z{B0{WaxY6IyB!_
zmt|VbFjixdgh}P2k`(m_@C?-n%^lC%p}$Q>>D5v9N;!grfB`%8SuxIcXdE($EmPHX
zyH=XBul>%1$j#%ijpIBXTSm~0?QYWG2DzVnoTPU6G-?HTdrUqC_pZA~#;^vilgqLo
z9w<PHE-^|@V2<3F_pe;x*~-Y1UibSxM4GZRRON<ol0Zt_5kiELaGsT49prn*dn30c
zN<!}jELu2aMa|yP2+FvBCC-)%PxSKK^_OS*p^bkF02)8hh$??Q`>;>Pvb4}C;|h-F
zSLLWapxTExF}4Y~KWJJ=b|moR1;T%=M8J7ZAK+Fy!wE%tPGOxj1_@tkgaHXgipMbn
zwsq}R++0sSNEd>!Q35RRwp!#hCZmMK0dX~}Ft@`ZA8YiJG6Akbj!`;W@QF~-L3kOR
zCB{j$v6N5!PG?1Y5J1K^bDd~xle-e<`2^T>;u&gxp#+zpfN>$ew5IIXa|)njjIXJn
zsrv~dJwJM@BS+{J_YI6x4Pnu!9UW%Daggwy4lDlgSd>C*s1oZm17!`B*n^qcV8lL&
zT53_NaQIt*euh2oVh0%0&u_qB&wCLa;}|e8FD9ZUhKqBXPI*mHBEc!n=5)1}l?hqX
zNmCMS!Zj$eK>HB}#7SiD!YXFGZ>x_|WRVDQz6uF~MFmEX?7)$ds}16Eb?5dE0oD1?
zhHDEYxr2j0gWsdjYgU60hGVXr9HbkS8Xh;2&-<M;e2#Hs$By;(;#})~XDP&;T8L9A
z*w213JCC3#eTXA0VAKZ#lhk+#aX`XpW6(pGrkH!~;~7!fz-JJ>Jfe@pM<7ZExE#TN
zP2``JCSq4b2UGz2u)PEr4TxhV*s<1v^tR|F=;~zN<c@;rTIZV+tfy6^X~;yefLoo@
z?6Oc*bBLYh|KKom-STw0&LG#DV}J_`Mk6foiT4L)|1#iMpo<G&Urn~YLL(Drx;+x1
ztaJBAXshNIYKE$NQ-50(8-d7Rr*dy<dO^BBIq2}2#2nK2ByL>?quUN&-u7a}RJ|0Y
zXW$ljl{(twt%$@OZc32BHMdp}YD$+q$C*We*~->v-mSKtHj;as5%PN&`x8cx>N*uw
z;-g*xQEb6JU`&lvOAxa<`;ZrO<)m<M2yD>~0JLPeqF7Td1@I&xn*qDfiSiT~Ns<G}
zqLR=6(=SK^BJi$q2<Y?T=p<jddxRn(Q6q$CiHsexmwd9AQMzQ(x4K5mi_+@cUD0z#
z2~HTVJ;}@)k#be*3SK}-F+Kjy(YXZ)VRqWpKF5V>Rdz{|HU9!;M##)mHdt#ewnsHR
za~(bpR7&?D({DL5c&$MOBf*2iO)&=;4X@r3kxW`A@Hu*=eUYgG^CQ4KEEVe5Kr|A-
z76~$dK^EX@ru3gpAe2G?*MzX!4j^J%L-vRP54va9n2{>r)_~(gS2ZO}=$KKE*XAuV
zO3$s@JXwN0nbP32<ZSl3`5@oZORpqnIMC7J3`Bd-ZB~mThlwAAy4t1POYTMJuP`Q3
zBfs<n5qdMV2m7mxmMQ9q<#?m9vE~h9^-<_0j5|<t<f}PK8I|B_o%{4ICYyz}h@e1H
zDLS}7v(L&Da*p2wZQ`7A)13*JYj`Sn2LlF%9(IV?p3ApUn(2_3t)p}~5b<$9>Cun;
zYltVJh#o-pSvdBuChijrmx_%dn-~*%zw{!R<m!@4-R<nzy7FKral*0<i+F#59Yacs
zh()isi<;J4x)?$>wXHa9h;D0ue>0YBb_gE_q?FO8<9F!EG#Co6ZuCa793{Y2@{Zwq
zMY4S`a$ICJB$oiAW@dQ42C*l$HO#)F`VRzY&~JQS^Ogu&8R}-0-N4u1tJn_6EcDv8
z+lg84C5Iaia5PA_4|fT5%v-s&HbIJ%04j!@U_fJ(bw-sIXR37N@r}TBdxViKSAWm0
z^Gp%I**Sr^CSM7?SIYn*NWPkDuB(}|Rkmz40#DoEl~|3X?1)(^+U=-~fo<w1D<pGn
z5dlaRFCgVy0$eG+Cm4mEcSjX7PIngPt(R>Oq@Nsvw?YG${nf0|%gv|`p1q%1?uS>v
zSZNMCg>7(4fRH&yrQ=|g>O+;GGV-tB#V<EG%9L8jKDg-5xxWRV4VKI7IICsZSy8lV
zM_f-j5ZB?IT~O;~nGU?7ji6$8+*5D~j$tMuvN5>&x)f0b9sN6o0Ot6#4!qYuHaZHt
zt@*X%au-mR;njfuZcC6ZaRum~WjV;+*xy`#)mC|wRzbID5ZN0??tQykIs}!6Ev{s)
z?v5M$j!r{Rh^K>FgFA0$l*U_XFfK=s$9MnAaM-*2&T8i(r8#Hti&cs8Xy9$O1|Ao)
zL%1zES&s!aMfaR*ak-8(#yp*x^H*``OTttRaOaUjaQ|^|ReC*aW7S@2pWEJjJ1j1s
z(B~c17?E1{u@sOHGKRb3TO2L&I&ER1t^M2Atd8T_&TU`@?m&hNvaF>abDp>R0L?Vb
z#yRUf_5~N5FoSZ*N<&abRb<`~_qI_gTpC&Qa+HM|&P*DYDul$Mwvq{EK3^{|@kk;r
zL*yucFY^tdC2K}B37rnnSF5DtI2FS)39>UI#Jc%H>*Xx>GlM>0?j0w_RJeE2!XexP
z?iH^~1IGkXnei|kA>DM7NpS1@Ug$YkRgX|Rep*b(0STNp#;a0pavCMtj_^6cTv^1q
zVrA}C&Ps>LR29)s?BAhK50|`VH32!1J%JEld8iQAoEhBU!=9%n#bn|J4Agu#$CTlf
zq4}VEg5~2?CJ2jyHQxA&aLxD)2wc|~5cJ($%*6yI4zEdfiMWYbjL%K_!SmP-jF@Pw
z90X|zL3bH~H<2WQl!?)#hmwh+1&H@T@ibc&*h{k~{KMe#1^EH@lazD)p6dSD6P@F=
z(7JjJOsjApA46it7KJ0jH)E=rVucB0Dk@6pxsVGJMg}bqtl+-On0b<Qr4TSR%phr%
zjkrLB3p((KStGWpk61y?aA#I2rTMGKWBcyNa|A|qJI-rSqT#zuZXK)Sq=d@^n~LS=
zAiKx>t(+zeDxwZXRb5bq9rQan^aJIbPqTBc`OX3^mdQ`lw85tHX(ppG>2h72u!tmC
z6v=v~3}wJ1wP8%(m28LBKS3XcSkpA|@6nMEpW#u0Cyx+cEkvNFIDFdZE@XqlxaRqR
zjE>;f0_?rob!%{uBqUc(-GyAB-ASB^6x;*}sEaWzF&F|j=gs7f6B8?Pp~uIOiW{>+
z9989PU9(w_x<r-S8VtN=PEAw451J>pm5#HGt(Mbim2(C=<AB31K}$_l2Cv&oK13%V
zhUv80Ebb4WXkt=4PPf6PM#+-|ec;~Nu6Xjx6+$mLolSgr21wqpn?Tpd9i^9J6X<`O
zm^Yd3M6a}&mJV!{-F;C#be8YvAt__2l^Osi6lfKvWw*T}!PxfzZn?_N`M~n5Ng_L>
z_GH*D5ZxJ*cX9e)nOem}z-e*)Fug6r)&()7`2mC*4)6^_`tC|g?&-ZG^#-78p*8v%
zn4*yor;m#-@`xHMvxyLvkZVponbo_6!VExt#x9QFzp$v*V&U@_SqKA(ChM*S#JGi+
z-Pk*TfSt|&NecDEKZ@YgJ?KS1YX~P68nDF1Kegb>;BdWS&`^3OxR`Au{-9mJv1-aa
z!KMqY)d!#4dHUh~j~*Z1x%=DF5BtoDq#-?EpB`Zx_ma-a5$MC!E29KccVytbN$ICy
zvY9Z3e!Jv@%VS<TZdmf@p(hSH*q>mM!E#Aw77=vC{UAKOigoKrv|(Jw$f{*{4Ho0v
z=>AL&kHj;|rca*9*2?RpP`G*ayqK@&X5GAda)ln@aj3-wcgJ4xc#VFB+->ixf+QWs
zMV418!P^w+?9>}3az(6Mv{d9<B<TX}paV`pzE{%kX7l9%{u3U42p0yLmHz(kht-bb
zYQDK!%yGa(TWQlLtG<FDWRmwG?)RQ0Frn}T@dzJR`Fc|B-j}%vh|DLn*Ge&c!v+Pt
zDoPUp5InuLB34<~LY)B(sI{X~NMDxpV!J59iz)4<Z1l<y8V<`iZbO<1A8&$6NNR>1
z$^s5yFZnolZxHMuNUz@5XaWVItf!4%R{60br>k=h9LuR{*oz}(*BWs#*L_^f^?=7Z
zZ0%1vAXcyui86ES#SntgMXGXwtd1FO$(a7V|KQ;}cOE>x|Ixeme#g>4`@EsQk3uMF
z6S5JHR0X_bYgg`l^n?449)8s5ihbT910U+zp|suN+!4=GnDrxw#cQIQ2dgc9I$<`7
zaQEnIv-rg$$l(*@Fa{6cyhg{9!Glp6PdtPKuV9jf2caefj`Q{KIJ+HmH@(ZLcG~!b
z<}NHW1P*UZP^y;xT=_6RJczuV8J!%q{hF(DLOyqf<tUmozKF(MY4wOe%PG-t19X}T
z&v$V0G*>b8mqQ2JGUmAJaLgSE66cubZ8D9|qSHEEoEjJ8EIr{cCiD%5E57z9`yr7N
z$KYj?1hJmbSOCYXGSRh#Zu841Am0qfK5raT;(OZx^uv_Da5hEMX>WY6FX$B<!~%I&
z*$kr?*&S8Ah@fpGM8Ayi00|CoGjdP>OazJjaF#4N1y*FdULj<ax3;RXHM|A~WS7FL
zY1ncp-Uv_8jh)+%n3lH%WRa#!v>+=jiT4-f<Q8U+BV*Cmm7*nmqO&ka5@Sq&Avtq}
zm6v7itH#JGoLwx$8U=MHV>)m4pCz(MgUCL*_x}CIhmU^Lpt8Xa!B)EC`ztA`&~+aB
z%%0F<d1H?|ob+0p?l5=M7$ccWMzkY;K@UB~)?D}nrU_(u@^keHJfumdWidh5$^!HB
zy4g5iill7Z{LmW^-A7x!8j*jNvB3N!hyge&j!){yjUBdOHkqu{A(Ll<eXELvXU6T7
z4T2d&(^$7i*)E>#;PdW%faf{fUqv-{Bt}BQe7S7>yqFcxXYRYQ8!HYU@=lJj-+big
za=lstmSC{`-we0^n{l!<3`vPj0xIVhH0P=pM5UCbJ6s%pHWxY9tDbAYf@F){UNZPm
z5H&(u!xcj<GwP2?gEUni&%1BDagYGH-=yIj`Wz-;L?Cen-{}J(8eu)^XM@gi@`X~t
z%2%B46*x`JrN|JjPNW8zW0LhIqhAkva#-=T%P8dSv-Nzr$1df@KPkczpt;rPT0f~E
z6;}u?yvoPOsGu8!wUNRbRHulVIad^wD5#nYE2;*4h9v_YKe8C$ICX@hAmd0nS?7{&
zp>=xsVrqm}RAe_>q<${I0XI|woqPYz)+xi7?e${FB6fbxf>GGxn@PwiEb=q7I@oJf
zo^=HGqc{rrz61Fb9&D%(1oiXx4x4$elz(&&N1bZa8pqXSrSEfk_6D0Hym2^d-2rVu
zHa>k2y-^9yTOq-DYv=ZRf&J_d>}C<c`5;HPZ%Wjj1zA@F+O0}s1asJ~#lp!!%aiOV
z$LQk}V^!GxvAPX$AOVwg2R5r62|h3*p<obX;Nhk2s!#DkdOaPyuH}d6fF7<LqnK{`
zkBTkp)s}LgH+kwLE%@87=mP!@4{SUT3X<nbP0c_Dbk`hEkH5}$lN#iRd6mOlniQ>=
zk&M}*G}A<A8Pa<LOwYM)^32RAu?cWliQ!OOz{tni8%8ja2J5URh6{DVTK4&xJ-~pH
zwYXqi;DjIWJKTc!muTZmNGa<x;pXyu<de%hF#HVRauaC_*GyZ31~lQK1j=fwQfJYq
zg9fX(_+F#CKB3=7pFDV=52s|kLNs8}PTPJ#wJ-8j$?llVPDlYxs-wFA7oWX78t*+w
zI$s7$j_oC$M}%236HK#?Yk4FI1pGiZ_EcMsdaI6(aZi(IhKgEz8m0w%XRUI#&mfwx
z$9st^cg`{?jC{8=0TL=jP15MOJuBUB?s%K%zuI0YIq%HN!jnlb4v2f0n}BKG0*72@
z#SD#-3%lDHtI>8+?wk+AE1MD|<sSDS3ryfmLL*2;Cd*cn9S)u5+$n$1cJv>#o&6BB
z8h(Y8qDY@-Pq90OsvE+65!$?sT&F*g`uM8hdU7Biv3d9H^6R*$I18^|HesRzYyzOg
zu9$XGJXQnOQH$rsCl*eCKK-&CRE&%A?ik>R`EE(LUX;%ZC0gD&i2=;Sj=(EL1%RfD
zMVXQd2iw%LItlh8)}Toqnsd~Kv`NQhV2e8b`lHA9i5<AB1|f{@6aNe^4YlwCS-o_^
zSilkRqjsJkFqo&NcshVDk73WHue<St1+mC9ysaO5PX%hhd*Ci6O3Ls)fq1`#3ZM6<
zo@EnHc1ZvaTzxC!Y%|xAY9oAUkam_`;Cb5f=S4lZ_dE9wpT2kJ{)0~*-Sa9Q)DXh&
z;suO;Rhf79LUZ9N9w5jVB<G_>0UChhhs?^WTQNfjOiEHes!$bZ&ZDNstQ%rYZ4mLm
zw&fP1eD?-vFxw%kZMFuEM~cMT0sPk&j@zmDBYSX!JK`>{P8{}jNb!DFq1Q+i>*Xz2
z{&HN-ZYER8?G|WP<ACc{KLFI|F8FqheOLT81-&L#2X`b2bs+xR$iz**F!NUYfpHPo
zN*cwR^;iPssbG2y1qro_W*E>lcvb7r$sNw{rEKicQM0ZU#$LL!X99f5MMXiBno8xp
zFiC`@4)pUFyJIxlVzR(77CJi3Lg-qXe73Hbui}Z}U-i_oiMjPxWH1{R^iLifKDu`p
z7|`ia7&XaGUmR`)MpjrUa@U{^>SVR-B4SBElUT7TQMeNIaAFPd6ifr*RH6O!!V?_r
z+hpLkt6<TDn|0`I`#xYz@lDaa#aApBo#X};G2Yi*4e$+rw$KfJy*$fSlPVdog1=1}
z7f?q}7T8T5GptscqBZb?1+qNB>4|`@aaHmDC}Usx44l#jJFdMQci8uykJA0?){OlD
z$Lyg09pBS8FK8j#neGe^fH7*PV!|bf?T3`X&=hvdRqgoCwYYBylWk~Ak7{bxwIJ}A
z&>>XFM?JC)?e3#%x$lvy4?UJW1G{AJc{;d?R<h$^&=3I%U^7?S#^l<fBI%|2Qbd&+
zbHvJPXw9ux=L})1*H)AEIfD6z7OuHQxD8hvPs63@B~q?mi)iV-jMX+&ZJz8boG}FS
zA+zhH>=HE8<~4zb2|3jxm=m}Ec3ch6U`}>!f~6W`%@*W;DCEGgj^yu!zp5M$s^{W(
zE%_3V3nsh<3^;Kseq5Fl1yQA27<91Xd=qcc+a0q-DFs{vX{5BmFl0I+-4N)7K=_Ki
zTD`K6Xkg?G&tA;#b{79Lu!6-3#VxFeIDSa#BPey|h|Mxv0fG_&A`wKCr`M?Hx!LkA
zP;nQh><Mcexf$ONXgd5tw{b+^)4_IrWJsy%n|Ch-SdWbL6j1of<-iL(mTPb0J-F{J
zXr717ehpA*aXw`0ExA<ev#)SPmra0AAZ5Bch+vrl)vsRM7)Q~Z=+98`M_$J@KrV%s
z=V;U9cHW+`Y}4Rj$QViXEOAdWN0jm%6H`FD1+i?7{6<Z{$=KbJs^Da_<`9RpZNNTA
zmt>`d4WCWsAX{lC+al1S-QV1?nfi(FxDz*S&Uli=T&I~Oh*)r<5sENim|xFtwkb0T
zgpn;HGT?OuD0#U1I@lQpOjX;qtJgn3m5-=|d%J7n%7JaQ&~HFu28AoIe~=dJ;I?od
z-*_WXT7W*|*P+p(;zXYyBn^Wytv7nHz?ku|-}*aY_7OEtz}Wl`U;2+QfH!CsG|ec!
zy{RgZ4){{8^5sQv9R(XcoUuk#bJOBQhPkjCRr!EkZM&9(m69VMRlf{fh}y*2{(hI{
z(t#xo%eBe37=s($I`^!HE*i1PyH9;}S;62cswo+?#LUyr%DRf&`|kUoVv0@+w7HQN
zam}ncc@rPnxM9|BRwr&}J*%wf8+hZR`vth>ojZDq;F;cYg*Eo#ST)P1?hag#ciLp5
zPGOr}u~n-8Wj5XL@8<59lmxeB;ccO>$Hgfd%TX(u48+byT#^N0XhD!OK!>B0FQtS+
ze{urZN+;)TcpkjiyFO58Ozo!sAwV$#6`Q5YSym(LF?n==+<{4Ua}rxwo(fX2ALZi=
zT|Q<W{g5#Q0mUBm2df-*l_Ym)h&KQ~gxx@$8eTBqt1v>v(yn+na%p$ZiyJ|fPBJ$v
zgs#rgv;4@7V}&S3bMz*WZu9Heo(46m5(M0e4Ar8pCm7{XqP{M$X>lza>BddAaqmzv
zSG#%e$+q2tg<7>zkq%0e&N83IS^_zq;t<!aNgE|ga8w6wfo#`qMo#m}+}Eb2K@F4U
z=|V0l4#ODPimcLs@SmBcVJ&TRP#93+AvrkI9DL`8#%8rJDvv8|ugd33Fmd9W_RP$%
zTt0zFdw<=dOK^oDbGhRc+=YzpL=X_zz!bgVy@BzI`X_cS`*y2;8@*n(=^{hbG$jKO
z!$+G!(pcQ11gG%TKz@df9b&w+g&3m<MG3UU!4#TEFJ;_8$cTKkjB{6HC~kw&NiOU)
z5wN9{i$j4E@HAi4d4nKUycSxpy4tlu2Z_4jqbHH{hU}bhmONyFcYroJ%Qkq4#sXk`
zvhc?nHypa*P}(IsYyR;zisMUmD8pB(3m-?@F2F*gQ^>G?ZW=TWvZ1*><Xf4_g7FEp
zg6OlU#(Q*TQjPJ-Ps}PiH^821a)s_mAxJS27G$o%yn%^>+qTp7jBX;h<DM-XXCh7z
zpnaR0AjgUT&=}UzttA+54J2WD-Y@3L4Zg8r@~q8Ur)AwI>-o}Fhwqz-43uaiF+W@t
zpddZNKSE&;*fwNa(1*>KHt@zhDi-L3da_=)g?;1&s0TqViT0y}yoq-f4jMy-5J6SJ
zISbrrj~!7NC8|LW(41m5D1p<$h~f0ysR9UyCDJwl0ECytRA|fOvehjjvNVCR1zY^!
zX`*erKeSaSrHp#I5-Uh$VKt1mA-)MOZ>vHkAzaByVM!V)*kZslP)sC($b_mM?9M@Q
zg)R|79S6HGyNJrWEPJlR&M_3&NU-psc5~By#yrG<>l!@RyrZ#58_`1b%D(x0HQdXO
zm}c)wNH0L-d63g)tQxNawQJlx67&43rQO&yaLBY=N5F5$Tu}>guJUqaxFq1aah(i<
zKeS|r?;u*XD{#$tG%<e2@_@Wq#)Zx@3knz8xIEiD3)_|lx84Rx=zYeL5PD(UQbT+2
zfYg#?Gp;FA^GGyBKFG%n57e&11l62JdBAlNC)=`ljlnv0;<kovaFK4D=?9I8dC-`d
zjr`(<6a+0ZdfaedAiOoosamH^s(sgHrDy@MZadPN>qf-DI;)<6!}WNK`1i*`FLdT>
zwC}TySjgdt3Ok?#!<=%Q=Ffz--F<xc@M9^47>JOFptHMSx<K2`qkE4J?>ssTn&MOj
zFVNcEhYudyyBoIVQvkWCa)+@C!hLhQpL`Ve(KE9WNt4aXHHGuBm_Bes>9>#0-ANg8
zz7kcLZh6-`oiAJEfF8tv@sr}Tn5dqi(G7exKy3s$Q$zvl{_J15dVN!09v|NOxMMQI
z96Oj*1>yu7nHBbY)|DMl=j=3*xSN;dU>0Ul0hqNpWp~M!G?^K4iySEiI*IHY1zup~
z&N5;sB!@;VJ<#xJq%`?+H=Ke-0Isv^MHKbe=vc!59^FUy5=x^2tWWYHd+qVP!;kNL
z^7vkOy1<#K(VfeXWQ22`0b@?EFX947PDq-GsFBR3AvHr*EfJdculQUX%>g6f5PX-2
zoVXWm86NDa4?lVEq619r0NXMs!H)kLh8n$kuPqU0+trcRD9TKO8$=#<yTzerd>Ryv
zZxxaO8fu0|W+)qc)+yc=*;iI6s{Tk-0pg|G@BkjM_Oo0OFGdAk_Z7kG;ng~uZ@izw
zw07pv7O|R3b#kZS%zjL=a^&@b{CgbnESr-3n`$F0gdvq3qp=99_F0edASQ3ufJTI_
zhA9ft*Przr9}R=LQ$Kko`P4Nkm41la#ahO$fCp+<wSl;Mj7Ro>kmxM81I%^3DvmJ?
zo#C*R{BcV7l(Wb5NISG~0mvgFS^;{veF@l|B3c7G@f4zdk-29o#7&FFW$qou$=%x^
zr!X>IXxsb_!*&Ec9XuGhTegRzPBq+W5_1h`_J(Ns^!XO{*_3?ggXvr132bi4q=^A?
zU&Sv1IszJqTNl$i6}BantSKL|&7x7aTreW%8Pyx>(gQJQ%kFHO-9B1GDfZIS`t{I*
z#On>8ZECB_B`^}0L}Gy;=g7@;uw2*bbxq1E_@*8cph;iO08{2?h(@_#$9tgMqFtmi
zo1}fqJ<z&HwiZ{f4MlD*d54XOqOIWkj{^G!2cf8pF^CjGyr;bRUA4slM%{q169R1)
zc!{tz$(7kSPsO6jSAm6(o@_ZORH)}U`LGnLTsTQQ#Ku-1CDlnW#T~XLb)46fqkA1r
z7|p(Gqg(=yMjp9$$ub`z1VPZ9!7wo9-4H;ADVgeLB8;w0(|Dge9PK>vqs@+W%X$Tv
z1y5=Fah3KkOB>+-fMG{#gLy{~0V~O^sG81q&NTyc!I@<={Egmis1t)%3X&KpSe@`$
zfm_2dYGmat*eSe2vhfMrnG}j&B|GDC?v6B2((|2-d#_^9@L>DN!_6mEi}l=t4P|Ky
zwT&-2H0t0m`CX)0<D;eqw9P{tD{gKuNPWC*m|F0w94PLJ$m;qcgKZyc-=ThOBUL2S
z0q0!1n-akDkZhk98#G#u#c&*sJostb@Poo%`5c7y?iX3?MKKFUi|D$W$LNZD#UnE)
zzb`VTa*;=aa!<C73bP=**swN_MmcMX2wD@si)3Y#3ss`>toD-_fES&Ka@Aa8dE94C
zu;9<~#5BZ}thUU>%Wo&--l7@AXIrO__`a{23W#IyDu6XQb-bOTwh31D3k;uH42Mt8
zwhf>A@>LI?UPHr|8IN(~8}mVxUg%IY1XF&rZ8|O@mA?3Fuw4EE!$LgCXk45aaLd35
ziSjES8NTL4hSq+s_r21;w%c4@q#O+z_sSJr^Dn^GK+GmM9|r(K{A}~6rPM2NY0wF1
z47<&j0o;G*h)18O<8-eUuBr&s+t&et4Su%09k$>@wJlxQIExVi1^o7iGK{S7Ph7w|
zUd6vy{Vw_|HI=*%N=Wxg4iW5(bzgEXl0$Qc!{wHtnz$lPo{>-3K`Z0;C4rk)Lt$p}
z^%feY)XZ^scp?ic##*qOUZ|^XoUy0D6*LO^(H}(i#0Ku|qeqW_^wHs+5cF0anwPP$
z(IC>L6T))`7eksUG>bLgXp(Vp>mT0xFnXVR(s)@Hj9X|eY-%Ube|N_F1D7t$HcMHO
zMCWnADPPy+JgW)zF`eW!1~Z(U<hA7Ero95XRY)`lh&SluM;8k9sz3@ut|hJ&)Lu#~
zfWBHhV}hvZi*?q5Y6<1vh1AV6u=^|6$;3PH`8>iU9$GV^7XLmv-L?mhY-`3i+^|oF
z@qvn_MHJX()XSN8G_fbNS)~w-wvX926MobrB;@~S^jC~j8JtgYw1qgr{AdkGlnB_~
zj-UNKkDt9=+1%4a8=0_~#sE-2ufN*DM10A%J?-?9w+_n)lCOzo*itRmXe)LX2QM-5
zA=5aB(qX8@8D?P+uN_`%oqcxlj?4{Be5C_~S0L9kyanT9PfC9Y*hvMrKQI}vw+scY
z`Akod6@C<MH^o<js~9LdLPMR?22@-T-($BQz(b6#>n*F?$KSb4T`t8oSr%T@5B<Iv
z4H^hW@Gj#R4>rpy?teZ!ck@^qOuatryQkZ@`%QypHa!@uA8HuR8vyBL5fOVFpT@`0
zQKa1wq;<ix2hs=c-cQ>z^g6Z|Q{@;MfiZ`!dN@8jRj~QlC@oQPiWrNlQVj{V5OmF)
zJVs8l&rKVd?HKh87y{049e`C(@Lq{CGod&=m4RSj@Ry?5sx?K4KuVN`ui7X<JU8G#
z;Ve`4w``g=amhU1a7<p0ipJstBb&A1P}=2?$P3w0g#PE95F^iY3aMPS8gi)t6r`FE
z&eSdgImdzK2#kZj$eMj34R~`6tJ}T9_5(};h<;qbOB*SOvUpTN1b_(Af(~fuXp0SR
zdM`gF`<ze`e38*Gj{p>B3u~T-AxR_%@kEku9g!<?(iP!m!SIA=rVx?FkzKWBQlj2;
zuts;yRdz-{74><5mCwj8*sgl1hVw5Xm^vC8A<H6<iGu_Ef@E}_tvLQxn}j4RaA4g|
zm@q0LuAm)>j*|j7pn(Oxh+<M<_QJSUS(i<R<#`>RlII;pSCP&z$#qZ9gc74%nwET8
zR*_$zz^<@o#mblEd#B-+MUX{1*mtVpafzsyYjN0=+R$4yHeh=<kY;4j#<|gxb|oD&
z9Yu6E-2vMjLLJmA05quFr&(D(W1LD@<k0y?@pX#O$nLQ&0P7|Ow^<Z30yfa-e3*7A
z<yca=_F)uo2iL>&*F#uER};DUORnZ6Hzs-A?$sgg+Do`b!7uwm6T*)<W~YOl*Q#_k
zeXaU2<mhb5?O@4-{Wsu{DfrF+Kf?=^-yaS=dVvA~RnpA^Hv#!lMl(fp&*xx#=0qql
zYykj6Af`_YD?lUx=8qSUkokDuNTSUqgj-$Cnwn>QXg3l8ieO|YoraOgh(%F!3hx7}
z3N%(iH$)MP0b>+Hp4Bhh6QKGOX-SCh8@(eB$Ylh8f)pzs=eU`fzQ=LeM5R7z7%)EC
zV7?HqhDo`GW8{l>0!Ne5-Cuv+Sz*K%4Yf5&fk(2*FBtj2d)Lld(vs5aM6$?3XeC1Y
z50kADC|t=Jy`1lx1;y{zf@&naX2{5?lhIKt03kRV1x0r|I~LteCp~GOPG)(0u?wn^
zkyg8E$Mwlhw|`$lF?tgnvS^D|?8GJE@MM;uHV?>gi!vYu#SFk0IFMjzRg$KIOEmoN
z@Te~hsU@{Vhp&ubstq$2hS}O%omw=wJ{9jL)wgyp($-k(mb<w%^t}UylkrPdD_~kT
zV{*2|xwBUffX=o+Q3j#J0n{R;0zBbpb8r+xa#{hf(uE)}yOgq`JH&(Ls$4h$f#OI@
z<TBw&U#xGMMY)hp7A9TC#rx#;*O-J+l@l_7g<#iX%PJs)6lk3y7%Ej7k8w30TzH5V
z9|9XP<(jUI->u?%MbKsqUr`Ny;C&mQSr8A`7`d041K^CJ3h?<=V2*U@M&;i1W<Txf
zikU4iAE4kBgGZWIN^!Er!Tm+x3lM^a3;Dqo$LdcQ`U>t1Eeb@Kz=a(;eTp%L46`1I
zjk(f=u;v4;N|MZmNo^pNZ{HSrKl+46zE|<gsZte`Et3f`^r%KntQwW&=U`-`)I-~_
zhx95N=SR4?IN7Fe!B6;chR1heL=2vrhE1ghI)*#3<DA_m?Yx27WxY5nomASbliz;C
z8i7(*fOO0La1#I+(cotQo<e+^8MIUn{gDhLM8PsP%G3-SQK&7(pGTj36j@^2lZGWG
z3%6|}O0A{gmoxETl0)1Jk_$;y#LCEb@4!C&bN`F_=l<8|AGJ?{ncy(>dGF>xwq@vT
zzU*=}SDo-Ob~JBANJ2?ILJ(3xx<4=h+*~crw&wA+-ujYly*_G<jL5`sR>_$oeKt1Y
zNG<4%+`^kia)CUIU1O1=Ti}Wo?TaGA0|jB2qp~AQ^4F0tGwR6pl&~$SG?6-9G+id*
zeEQDXeztfOla3^Kv!*O*2hL6g0<p#{Cx@Bl%GzTeO>)X6$m(HJ%XGn=l<0U-$Igkv
zSp9@Oh*vj8F!lNWLTj2H>^di$JVoq@=O>A?Zra7!iy6a<jgR0*B?`zd&c%pKtGj#f
zL!ZOh<q000&W=;Lc^zW-41<>%Sd{LDOmdfv;DH72Kn;P%!7{^52?^*-(p|U{?<mV@
z`ApqXtok?_fyHo-P{}C=B=Sk5LqRn^yD|Be$F;&EQ_u*Gnc}t-7TL%t%!(39QHz&A
zZ!l@q#%|sX7mdvf+88_-O^0cNw8P`kmF*#!P-ogy)0xNZTh=->MHM#1wod2uDBauJ
z>k~_uQBL_9&O7_6cG^JMm`*B5vIm)bX>Ih0##)i~SUupx7>Rd|6OAB}2T)l!wW_-s
z0v;4nuB5DsB^5)ddKpGU6Xgu;r<;jU5f$R@#q$QEdl2SjXsCNIa04Oga{pwc9t2H8
z<}lzLk-sOW-U@B244Sc`8}RdWf%abL5Lvbkt*T=>%RrxVR!r&>_t%Zgt>IXc$96Ui
zDn_)2IU>&buh(7^1sFi1Ks+5xhWx0%sU?EFj-^1=RvYm9cHM@U7mLhqnh{+VuKTD>
zlfglsO@q_62E$|DLmg}yT(&hRI~Gs*N&Y;WxH+0T@gI??vze(sX{o<Zw@p!DlXI(9
z8uzM1uZIJfxkX+Ldvp0dn?Xz~icRr;!SyD&d|NIzjsWatILS%9!ALJ&jFIjPU26Q;
zV^|yGmpH>&$FL&s&2}F8f;RN9%@!j%??g48^Ms1&oTi#>=VELMtmm9?4E%CWiwT&y
zBl9^i$yiYh$b$?WTh5>^a?&gSK;(2h4>lNh$MJ(ZNmoW`)amkU7}tZ1Yu|q5HEmO!
z>%IN1tJH5}mbY(dV^wHN(Wu&M94S&S?yee5l6bcu6NLB20JAiLiEK!|HI!%Cb#bX)
z)dKN?bdvM@>V;Fs-C*MrrsPbeb+^#-c|HNQ9PEOiu4)B05b!4ovjLkEfy}14+i4Sk
zhXnGyb>X6zEPm8u!5YC>T|}msscQQo)T9~h<e&EGUTesczhu5HqS$^edLN4(r=s&D
zv|ryFPsShJ?N4;E?F1aKGKA7T;<$700IiLnPYGr>uVmAO(Ldc{&(m@}P7FG;P+`4b
zESB4Yu6-DVyP!n_n_=6=oP3S&Q8^X7>Uv|~4)h!kK|E}H*kk|7E!fM?NRFW0QWAFA
zg=Es$v0DbyA)B3ESU5Xvm(I2%S&e14EyYi>r<7KFbsTX!_d*xlhOVZ!3_42l=U}oY
ze+Z0vRTT!+<xU8RaEx%xd#I5VCdk3EX)RXSSp(iyo^3u%QtD?D<kpG5^P+asC(eo{
ziVLoka$Rep`d1&!MPg--Xf8L2$9Wx1zI(FeL{p)j$N90zuO4jAo|sDHrNel%;NeM{
z<YZ9n<$HcM!&%%m<f1v|qSv5{4JdEjO8u>9PK&P$-3_is&L#_hK-rneY-(ejNN;GT
zamy@Ljg3?F**Mk9Z=9-S<5Yb%P6co?K$Bi#^Hj~vQ}x<B)rB|DyCw4hCJsX(Q(@1f
zx6;$EX5SbTu+vR#HM6H|L;+)P(Mb7^TU6KPRc_NBac3=_hW2vi424u}c(F^K@9xgv
z)%O2bwtc-VD4`MKrT|VCiuc<~?qP5e8tMzm=ToUi;<9iz|HdQ$+rkOGr@X}TLYx$;
zVi8chXal14HiJDoQVcL)`$1$(i9GibHV$Gs^2Qi&M+5O;>BG&gT2V^l2q=lR<U7L{
z1NQ}<4Kp*Wmi)-%%8#~7*v}a|A1o%}eA-6r02{G&d##HOao}772U-cnJL)oyQTM}X
zzP3p;V(JM<8b8}c)3{iVLlMJpwieoGhr?9!Xm5y<OK8|&1H>4>vR@%|r;K;-V6*_+
z(2s*b4B9M6ZWJR)538`Bj?8bjACX^OxGL~u>zZKt+`cZo-gj@Cd}ZMCCJ@tO>a+vs
zO$+wCInI_pJqSG~Is<}aIFI;f>qKIyR|!Ta{pI))xDyM=Cn`*cPOwR<gRwE3a)G)e
zjzuk3y1ZaB3zLKTBb*R;vPIg$GF`sN(NU$$0+J4Q&a(W<jS-F#0?Si}C3=vrw^C3n
zeQC<BN6H!TjxZ6GEqN#UN12kV3gtFJcMIgwHGh{^mUun}vSGpMsBCMRXo(r=G1u(C
z;hnC9no%qq60|mv`tXGB9JSkO#y~&S)w+VPPe=nTkogo>ra_<_o92^s*<8}BN26eC
z7LU6C#m{5#?DGgY8&Q0-_9S0;`<9dQPOp<56Db2QHN}bVNB8eNc-Q*y;R9Q@m_{>)
zy{|^emF7?F6RD?I+;w5J)+^h(ZnA58%jVtc6gq6p6lZ*viB_`rDJoy%%v%Ih07#!D
zIbF5omBC2MRu-QVFn1i)<r?Fw{V78Gv=S@`l~0ZoxFPfYASe{jxb4=_yfcdzJYbt>
zVbzu=pxT@#KyQeuD@6c&+lID4L0ROt)qpu@qzUlR_tGh%8ep=+%r?z*f*S`N<MvmZ
zaQo#7s4fQEPr;(3MGFPKlsR#NH=)FFh)!Ve{KdPY8_NHFXXueI4atIGt4!$20#Vsm
z`%PawT4h7auzjAqYqr(gncRo_+m<4xn^nK01Jz3<9ca@m=pF-X@qa=z3oij1?snuW
zL=LaovKv%Avl~<|nB9PmVB5@~?%E&0uU2lVqLc^0{(a$`2USPTgQ|DVgX#rx9&Dy+
zZBy!B(M{7@vLS37cpvR&$40uyXn%@SVwAiPiP)CA;4{j8Ctj?W_pXzy9F^<`13}u%
zh5QkqGf{?uYD0#CU}LmLj<jrxJGfa{5Q;V~I4`noYLw_bZ!8~>3bQn-0=>vlsB^zU
z8u}<reK`Z?{oF(ZBD<j4hgFW+2GJ^bbX}8P$!;zmu{$Ep5*SPBU(hHiQ#KmVwqgRc
zsF$mHwH^}*qPf;j!8AW4<S8n>#xRPkW)uXNgR_%z#xPsNFoKT;YDZlgszrr|v*Kt4
z*<*2IQkHo)##OecZzkU3j7h#&aw|&7Y{TfXBM@*hey3~g8Q6=9g?b57M?F+V(~%e|
zN(xFZ19%4v4PtO&0s&~*sAVX}gYo9-7ffv>z;0s&i+Zq@q2cka#w&=@-FVtu>2(#H
zHhi+>-oY|`^MP<_NeDumYv=-EV+^@C`_x>)O9%4!t>&nU7R1^>Fb$g4)Ovw<E0_fm
z@C*s4<5;=gVz&23VFktJGgg-^L1y}J^IU7Op0w>Q;WE?IKhP+Q&0x6{*+C?QUzf1M
zi=g8&QQRMLa5jb|IvHB;jY#<DJ!X?25to{AwJ1%YxYyS#T_4?^W-~}uc*HUNN-0h1
zb}PMHL4GeYjt6c_nQ#+P<3gTDbD={tbeJZR=8Tj9ti%nX_^MF?>WOd?dZ+S00+Uk!
z7`1naa%}7kH}0#}xFYkoeQ$+!im1v(_u0jFn8h*7BsNWGYNM1{*paSbi<xQDG`0Aq
z>%;CT60h^1c<b~`Ucn(u#KEF1p-i}~dZpFzw`V-TqK@5;ZXau>ukKyl+xOg@`@(8y
zvqUi&=sEWdXCVbxFdAfUN8tt}KGfaZ3xqrYYJ?#=Es0+@?U0^;L>pY`wD<;vhFHcM
zZr?9WwKc*?*hTLN-kpvUCJ#xYNv!(1sp$RaEx=9p#^PcoZ$Pj!>K5<Uwv!wv#!Nnj
zR#3G5SW+<3!~jZ>?vhBkrfjo}zK%!$GRS0swLQwzg+Qe!((y${0CT~J#;$ixs8etm
zk?0lD4eyO6=5zmd`CvNYxZT}|bcs3Q#7vKyH%%m>EGQdzB!G>uRuIh-E&2*~^y4cM
znKVoY(gN7FS;l7z<B%viWI;RqE+c~?lsx-MliLS6NvE8553Dgh$sBYGUfu@hSsUQc
z<8=m7Mb5Gcj7UTPYwmf$NlgT}gg6b4;1Pzo>c(gB?E<mJb=izIkZ0W&9S0KF!e1e`
zDHk16u9o|)M?77d>8Vc`-p|Ud*lU?u?!@ke=Y1MB$qzT(U>;^xi@(U?_r9=>^F_WY
z#tARKzLM2tt~aks2qP^PFI09;>*Vp!1oO~mGNILL<s9P$=s8`R?x}ZGI1vnEJl`<*
z)C(@$X0;a}6rX`wt&|-W5Sk;teGq(BP@r%U8rVdUu1?U1P)Gq`s)6Xfc?-2sv5T=l
z7fMjH$@9PeMP<AX4C|r+f)|t&nvNIpteboqbZ;sAm7XA=UgAAsBWp6*rTXsRBo$SI
z=20sz#H4MS#J12`|8#>U_w}%3&spp?q;};wG}y_bL<WgmgT=3I<3!{9fVQ$m&Kiui
z7n?zMB?fcnzHiYI!6kZe7)-$%HG^Dim_E{)sdnt}qlX{elLIGex<HL$Vn(us*}{u-
z2a)`DB1br;_|UCt6T`K6eo*xd-_$k7V~QckavWZjYy=d$nb=|8_Y#wR{K<#!+<Vma
z%R3JrKDc-1qqd(OA3nPO(fe(`9Nu~7!M(O0-uvXEyNCB5wl??4<9m<Zy>ob{wZRV_
z-MjOy{^Emu@Ye_T-~S-4zHLv!w|L%-X?5G}z@^i+jao0ecPUm9^)c+&d=ac}5QwtW
z0h4xIh#erz87H0>-dvmJ=!dH!Vkzj!W@`!zpM3PG^hJF1Jq!1Gy4+Y&5(Rv*u@tow
zJNv+yJj1?ibK9S+=Yj1GzHe~bU#`l@8soiU&;3@f{VlB<uYKxm?6r?xdTU_J7$yjc
z)c_z&ZAxQ9(2P{%i_Sk)U-;j|lDZ)PAl1}E4bEok6gB3&6(jX#667}bS+Eier>hm>
zH}%QSu`=2;YsAmH(By&;nn=W-pJRy^=sp$CV?XfcJ>0;bH@v{%{Uc*@e7!DPV~*}U
zXAKRX^rO5!%iS7#j=bhnA52m}B~&3511t<SB5FW!hiRStN@U?%LBYi1%{>f!0e#xF
zc^p^AM6B#Vkhl7)wy+6Uq?P^(EOI!PKSC!`>m%7dC5*(zNIn`#f@5SB339RkQ>EU4
zF#;ZDoWOfJ%0IyMeg826LHo;oHXGmsi7Z^u+m|?@3?NC)$vss-F<ZQo152YP5be10
zeO!U@&FG*CB!p1y<*fm3fTuXTBO`cgb{_E_*sVL2BGoYLx8c_MBK_xm3p@Af?Q47A
zOLx7o6_bcT*WX3q6bu)uDTXuPmc1%T4_Ra92;0%RnAN+IpzIjdz*Q(_j%5TR|9uMM
z#wfdTiiwUh!kEft<W2z1C+@ByO6Vp*wg&n50|7XJ3>d8EJtW@_u88ifX97pJASVId
z#Y$6>XT^dj3iUAu99MU{0ha!%qCBIFmR~v{mgXCR*3unTo*E&2$FEM{4bepja3bw`
z;Dg>S9JCIQbprv|!G{NOPQ<Qx2Zl|!{CYZAaH@^C+?gBN!IpBijFfxaQm!i3tFd{r
zEeD-tsA_j51>M7PGgEG{URFT?Q*J#pr(?b3^PyFtZ59<8udrPKjdfeuU}!KXM=MwL
z(`q$-0(|)WcOT#XQ};eS2+Fz7%T;j-^mz$B>i7_LDQzKiJLG&AU-~5sU7U>DjUZHy
zvz6n$jAlwA?~)cD84OhdO;%S#!*O0C?TCWk@mat(6hM8|iQWz@DW{R=%?Rbl8AkuD
zAr<eTiNms^Z=zjqJq4+FoICm79=B1_;+GGB@~%iUIC#{-tG#%)Gy{Q`QaKGl1J#;X
zQ9KkPs3LYV>nS`QZRQ<ZF<MEGY{-DtY=-U$ymQo!xVc53Y#Z9ED1?f=E7;caTVm?r
zp&9`lP^W=<H1MpcZ8<Z+sIznjK^oDQG!=9~jV}*6G-8gQfO(<}wN?9D&2bLiOHN!1
zy;aF?w8p>`a6XdTA(%j#kd7CHwBzMp224r&tAO%0+GnjTmDq7N?~ZPZs9^=B^uWbj
z>#nWCI7LmAV=fFqY0dKRCJa|YqK8Z(i-F!NcBjsYSyc5b3zCE2KAwPmErr6Iz><?2
z%m6iXh2cjd%VQ92Y0^PE`t}($cTi(uC6xj$pkF!CuGvXt<`GUFGO?~lGYU2I9fBD>
zbps+Gy{?y|Q(BH1_1*pU9vhX7V&3OjRW1ns2DB~W+#B}P+fzLQ#qhf1!n&&J-Lc!v
zmHI@vM$Q8qRG=Ks-5G?}+)U6_!#Bo89<S7a(0D<$j@>&^!!zS+LF+ovb|oedBvkCW
z4&>P;=xtJTzaZn2eEh6Jyy=(-CLZhBoj%xO)w-y4;*fAs20<7x7omW0Lo00tU%y^0
zI^wS7YaC<9c!`mYUNK=`Vur61+u9oYUCKe_kPjuI{21cBnor3wTpvpt6d)8AW=_jL
zSJm>49&gGTgDGDX=T);w!;H19kfN^-U|(t?Fxw0{0P3kPmqelSe2(G{_*k6p4cjN*
zagvQ=-oigd6uB>u>M=}V8S_-|sN4MXf%`QzCHwm23UR_Z7E^mm=f>rFQMdFEpKsPb
z*pe^QO|03YkMpc*n?!irtA|kVg*pfoxAbp2U)kO-D6}bl3QqCJNOZ4ftM*Q}dc>2f
z+}MP0T6B=bDFaHIP<H^(YHO;c7Aa6-T}7t3*u6!PJ!3%h$OMPpop({iR0+pP96_c*
zH?-5DTvr{6mc9~7xk}jHRay6a0Aj}D)bup@AUdNTga>qZky+B<{YDaN3O~UpWlz;D
ztrlt~ZhGEfiW%<j9@huLb4!9J%oSKE2hnm5YDi)nxzGrt9%AyE0!?b;9C>Wa4p~4-
z46wc+6JrL;8c}sH^istrktlD}D>uw`pz*d^LBG$l)q#I>yfG?oXS%~FNnu%-p|~^+
zvzPL0KnpuCfsc1a>36gF@&L{g71PY36G$rRda!5McU4KUK01RK4PBW4x4gNgNtIKI
zU*e2ZsN^~<(Z}b9WE(yjZaa&26Ft}LA%5jz$?{UD&%T6r8;kDTV+z)7vKA(_UdT!u
zL>DN(<8kngr1_4jU4Cnq1a%uX#3!lIE?kXFzqj{!)^lE(?083m>%J51*^Q2trr~t9
z=i>+tGn?cS(Psx96SMp@pLM+IL7!I%!+mxF+14$dBiI5YMX2P!bQ8sj2Pi?rpZBTf
zNCt#lPQTLJf~AK2F&3Oa2@i}(1Or_ic?h=53SmNOmPm?^ob>aIyf^lekJN*KI#(>l
zv-L#yM|uWZXI#z+$YdC?c1`Pu4?K~iU&&w^&`orX;L$II;x;zt#<)pGwTLSZFFSnJ
z&pt1u+t47Cqi8j`y^le|Eted%r_ibf6{2y&x0^HmNoElaPsA%JGA7Cuz*lHEhu|2v
z0B)^L2K%Blq0mD=d0^%x?QK|_s9xm+p9Q3J7BD#Uwr;I3Y|;Am*=EMZscl^n|Fae@
z$GTCG98Ejx2a3v@0SXf`L(1|nSsJKTaZoOE)E>Fjfm}`1F!4zd6z5wN2+3epI*taM
z$XBIRETnY~30~ayoNYI;NfF0eDWCVK%gd`Z6MLdSN9vSj5$__AvUOcHVn+7d)a_CR
zQSlZFG2RRt<%{=QS>4EtrRf!eBo-mTr0Z~r8f2sy7gecyP6;*&M2i*^w+BGL$*jT@
zu9XHMA;U^Tr79XaxGyt%Tka(f;Ew_thf<;3vR(&@SCFG4SQ)#pcw=9$wB}WPqB;#*
zg>98T3{$|V8%XT%+?UX4Fy=wh5+zCR58xU7%|FSP^$Erlnc&NfyHs>QVW0SE?@Noz
zx9wS&$ZmAn&TES^WjTVyZ95(W1RbmRhImg=_Aqzj_6U=h=&<@=66-!yiK75>KQOfX
z^EL2~=fZYOB%Fo21l&fvu6<__WS+{9o#@s<08SaOCUu75{H%k1k2(lAv!}8GUbrk4
z<W+#DgtIc*$SXJ5pUBLj%GhmcpasQv4PeUdgo0-mIhUN{%rS|qO-g&h7Vtde<8tK7
z6LDormiyo8sHhQN0Nd8ksaHzXBR34$JCy!4x?ZXngri-H8L3MXG=r%69{3&qmhN-7
zg;8no9Y7~7@>qnzvA^P`E8-B`H#IWhn6f$=^<!l-gJK>a=CBl>c4V-3J$I-)*-1uw
z5QQk-gXq%WnX6hhpX$5_w}cKUL7n8}zyq(Q)FE<z<dOyw>r^J)WYfj?X3{_y_~7Bg
z-@be2!2=62AkWOCkDAy7Q0mdW!?>b*Wb3uR@$k<52Q78^@%HyVxc||;xH3Eo-i-2e
z>v$i2@=@d6_%JY~e^{>a5>wQp3jhdfG{=(1bd#8k!XQVo?upthFe7=dNNPz1EZsz;
zq$Dja2pcc%74TjuPMbP}mYv83tFHB=?lA5J5#=;+zi%#KtCf>bRWR$Jqo14<mwSgk
zom)(&2Z`XLP;+FfU4xKPRpeIka^4d^L@OTmQk4?85QLmwRCJ5d^0AX|i3KF83gBf&
zm`j4~1Xu_osi0xVl!N?Rpp3+b1-3Bb06kbpId*%jQgnUTJn?%sLKwwHoNAL1$G~|t
z?KebD(Z(|+E(S~t^a-sY9VpWs1XiJK!d$ykbB^>B7~>WGXsjoi!x2F?Nl;~qsMRId
zmFV_Oj?@QkON4WG?IK=Bxl(X(4bNzhk`M1ZZjerSwwVM%sfhgXqwV!#(kIWhlRoTQ
zO#1X;a1Ojx+S<_krB<;26uSk1|B^BruqX+0i&fhFCZbAtCJQz43uUn1;S8W58I}l8
z#$rYBp}4g|O;TR^>V^aI@*bU=%<QJa=8F;5jN+l;yyh4&Ni0)-W@M)$0+J3`>0^Sd
zt1P&1sK104GR5oNZDDB96|+z8xogn<S)K`+wyy^XVTGOLbSBJ)D6TAJE)G$JyPQuB
z#V@G$h>A)i@-p#OB}4P3j7*KqLJS6KP|FoH=Z^1Z>-mzYY9UC?6DN4(2!+i|74V<X
z!cYJch`YiKe3C7fIU+q9l5ZsIK*DNR;BoJv>9}poKAPSRn#n%)Vs)OhoU+2Z^j5F1
z%U&6LN4E>#WVp5fSm&8|OIqDTZp(R4wP@k03n_c67gqM_4dYp>i|Khk*38;XHs0Hk
zJP`z~KC){sqKIt6SMOQ1q5JGP>zoOu2i#+#1b`>5U6K|6t1VEm{e)I%<LgpHR;|j3
z>Vhhs>LpY>ZJV`4y8|<P(M6L!z0{gD&O$?9vhhfu4)aCzK^;e<Z}r~F?+fg>P9=$k
zlkDHVZi7j#Qz*%u_48s@fClFQfh+Qs+UIRR92O{hwctz&g5GtxDo+dGpDMT}Fc;{;
zQLiHB4ThIPf~FUV3b{+7{{zUZOcD(A{V1!7F(T7zlj!*($@Gk`qv&W7Y%}Ah60LSu
za=w!o*yy)!|D-r}63{NGX2a&eB$|Ms5=1+9!>D!za4}6$*_4g9B(T+t+xH2l@qyur
zb$$KZ71qFM1QBLOPj?Kbh3FaGK6>!fgtaxh!TY&6ROkf80J$4EF~?CSn}J$O((v)j
z$et6I7fIhTDaB%pGM}q1-FeK5-?K{`R*|5$Xv0DjWV*<U6<e_I>=GD~nHOwAz#6=i
zkH3}6`gNT*m@yiC;Do!%K#bB5Ps#Xz9b@#b%3Z=0V4-;@US$8`oC%~22Ln28P#Hxs
z$oG!-M(Gaq>?oUf@#H&_P;zHTUOXHQh-n<?JypE(NtP$WfjQ(5FLr%zKRDumt@EB%
zhLr{_Vim=UeE=qqGhjVIk_a{yYS|G|V8c!aRq$+ilDPv2*ea|F?z-9@Jk2H(xS|Z1
z)MxG2nuNA$F}%$lJbi}(l3#ykM0ege!YZCjs>r#EnOMUw;%T6E=*M?NC)}j*^2VU&
z^eCq8n+D&6XR(iaOo2tq3umD{Q+mg=^v;q_;B|7c{NyEH$>bgSu34b6-YLy-ieTvR
z1e>&Pn`W0{*W;<>xm>i(<%V6<;@{A7A`%Y@I1N`oxf$`$n87S9Ib<Gug}5t@VrH!!
za21zF%})5o7unA3ySevf?zNXYcJPa2H~*^6e6(%5bCGYG&zOhw4|~j}XZFoxcFbNc
zUj3EN)5if@A9yja29+?lRMjlW<hd)AawWthgTY~##L4Br>!4m`nvTtSa0<RjkR5<j
zNEt3uF!asKwK_&tAzUtgxOKU>Tp!R9(pf`Nr><Wie^~pk_9Wq~%&RDC+g*y<aS{gd
z7NY7|h|4GA#8Qlo+u0*xn+!BYi!qNmqcAxHEURhMNq?&%4}coS3dkRNEr)#5cW3nh
zj2OI(VZGoxw2j{f@J&VvPqt<h!NtIl#4CvpHyR&&v91((qaI7}=#S`xHeHa&_$(>q
z5O9=(8o`&SfL@iz+!mNWAU5D9ipA#9EBq7>P!wGqQw;aeNJX71+lMY~4D(k?YCgA{
z<}*S>vE+)KjZA2{|4r}_cnVM>ToY)+gyCSJbVcFj^E`uKOh8LR8zripaUQD(07R`0
z@1b)e$Q6@(JVOD>Ys^?2F-|N^Jkfr$w`Y{ihmsNz18lPyFjEj{N?uT8@bpc=JU~H+
z7{EY*BVAI{W}=Nc`mC2ch2V$Rlz{A@$$E<XX?TySq-fkG?3;ds87CnN0<aF!oaK?$
z)d}Hy45AL3w2an@ff$s+$#rGbYpTBAC3Ip`i;*F_Tsje(QBtCPgibDIX}unZ#KdY=
zf;0`DJfw_Y6SNc8ABk5tB7|3%?GrCqc#KggNO6+3zPsH=1{#}XkbV(`OtnUv4d`&x
z63iXfG2yXCq^XQAc;4AZ*$f=LCq5-ODZ(`CX4YscN{Pq}4p~<~)st}Gb1|Ri6YzKk
zjAk`~sM~YgELu32JE8m|X!qyzCad)f`x_mfzWm(YFu60W%?^$^cHMR%$F7g97Cjig
z!9-0+)1`_;9wE+!o>s?VV5-x$&0C=R*>WSfl_MSWQyy+(iKJYMZKac+y{}!b{ALLG
z)xGG7(v0$)e=(;7+RJR5A6TJQJm;Bua>_F~W?zwp0CoT*iwfG1hg&!iDb~h`lt-UM
zj7Y=;vbEVKs){lR5L7RmC+h|2o(fGRjB=m!jC?eUD)En~i1kR)Fr_4P+!I8)f<4l(
zHN;q|g5HqnfRc+aH^a_6>~|A61p1sQ#uHKeG7}&4Lt;T}Q)WbjDLW1mBC#Ky;{o_P
z&0stzAI~xn2N~#rTv_5I>QC^Ntpa?zs~Bz-ez@(dNx6QBog)z;a3jD)^?KWceZ~k`
zl^iUPq-n;PA#5T|i7g>;n*VtFn2SZ-9CNWHhT0c<`5|Ya6Oc{bY|<_S{=K*p_+}nM
z*a*S7QUkv4y#^np1qpv>p9C1ONy`#e`PrF}7t7bOZOVYNXwDZr?U*d!M8bkUOH)MS
z@V)Ob0WDfO`$I2#a#*EX+SObwuWoMWmCd=K=LbnKjn&g#sarTihMvDJ#giyu%cV+F
zwrrc)Mm~bzdG}%TsUw04Kka?CeZUlF*&HxE??Zw)QnMFW?`GXrsNHgMd!J(T*=^$|
zpT6oH%9&uZ)fm_c!UFQST*N54T4kb_cD+!gY6!awd)6qo9VcL+GuR2hHt1231l<7D
z0_%li<YM&_+c~YDB=W;P5m8c1ZCl<7%q=QwNaJu*zwP9aToy)VG%6#1=)Px8reS^v
z<dq=R%!Z|qp%qmyHk%eSR5)h>Yv)7gz^a=qmoREkz&NtYN}AlAl8Qyab+uN92MIlX
zpgA|e!?!@!2M}eYrGg+gL57xy?z-f-RgPe;Hf65k6BI|J*~h&Yzs_LA>WffHXlN?m
zUkRosD;Ge;<5L5d%k+&@F`qT5>L>w~F`bZb4^k_<zm8XcOH`5y09sZL>MA&H3s40i
z`v|!z^5=Ln9;25@*|g4Yr)gc+<Hc{s&6nfXbt7&caRk<Gp7z>5U1<}D13+B*S29+R
zEl4j(+p9OnvyRee*vA`2_<B^dpH9DSW?+ArwUs0p5=v_)zygT0DIga4SzB)O@Q2>Y
zhza8G2JO(JE!R91+Jw0Tzc**?K?(5UxT)8C(=m{qE8dcTKC+NBlhKnYbmp3c7C_Ie
zFHV2|_t9y02|_*ma)p3zKK$gt;iG$p?)y;e9C+24=v<~<ap*93eDA|8fO-eFc=UM7
z47bpp$;RYCW|rHjO<+5(S3Rd#0Zd<FlBo@tOnC3l#tb*@dVP#~tropt1JCPGy0^Et
z(T+!c0imlH`H7(eC(gV2D7Y4d7eo~-C{f6at<Gel#4m(uwL$mXf}abTrD-!2lzAM;
z(BgLsJ{h7kKgy2_iYjADBx4}$uwY&S(_5c(p{>&BF)nNc>SbZjx)3_skqy2Qv*L@|
z6p!;7Xz4V9!ViDgvcYW87tz;#+>KY%qF(j(V7&z7cG;%a-HQ~!sy%0CRc#O>UW#e>
zmZ-Q_==uy$SJGxsc%SKS-f{MaZETD!yXl;_-0j^{Z<OC2PYHDkcu<;mc)}vw%AGWK
zD9^u!JN>v?ABD5#9`s~!p=i$}JE1dTpHkgvcx<WYI=hQb@RVs|c}_M@6XUO*jE>5#
z^5rZW6W4q$1ZgqOy+PAdlngGhW=N=r9*&Pa+yj~7yx<t9@}qEvjY|YqX^VrNf4qgZ
z_=3F_%T6y;>nOG@5mKDbpq1}X-v`0N#xUa8Lf4WX7{+ApG58)>J<AjxvB$4#leHt_
z4cX=u2tNg`t|-j%&iTUJ1l`bN{ubt}AK3*vE)s5pZ0v_Y7|7@|-<p{cH&%?wzGZVY
zxO#cmV`IG(XHQ(i*S7fhx&(S77ozmeUT&?wpx&rehlLTH$n6GENsCFgf>@8`y58f&
z2H<|fXyl${0@mkvfmqvw!X6_2(>uTO^=v+6q}YbXUXz+Ds~Mbq@6n_8?mq}3yZMm~
zkSZ*eH(-lh#@wDV2kH=Y(e6gZTr~UAO6bZTfPaTF9ZtsSLu^}QF#ov6ndl*hwI2sj
z8-E=KBH7?G9p08-ImweKCXhFN7WTkJIjpvQV2fUmp=1VInZRrY$K{-~U+#xz`FRWP
zXgFw_IW-w8O9V0LwSXT=4v)x71MU=`l@+DGLV<p?M@XEyx?wq+eKid@$=31mD5+Pm
zqeURCXqINfG$$rGaiH^x_~mV@irMJm6~%|$mN}o5*q2TRAUSlgo-of3&|wpE-`%fU
zGpDt5r>!^Q!k(~qQVEHzs{n==uNsnY@2Xgf#bf_Q$*2Y({cuv#Wwx+b<t>q{S&e0E
zFZq!bF-S#^aL!edMQLGDzshtgvJPNf18%HQ-%Q=6n<ZX}(@0?ICKl(%B+#|S+`@R`
zz^0y;czR}xo-Rt54SNJGr&)1S1$#suZj&LU+$O;LhX{hePS`XXk&#Hwgs9;-f8vHN
z*RcZ(J=#K`sL*Du{iKyJUC_4d2~%&Um-{VNyX*+zN6S@c!t<@O^-vqJ*`s4U+}8PQ
z_|*8vJw0lCg$v}N-EQIL|Lp6&j#YXwPn@6fIyM}A_}Ml$A1>B?Ht^T4XWFUr*1PAY
zJ*h3+v47lCbL1<06^A460@+fw!#(Mut0{@$TCJ~N!-@s&7hBz)Mw~7HUED*@OLc<s
zK}XEk_w#~sE8F4&rBC~LKxy#}N6=UK>JH*h{jjy4wTm9Li=VW92Q4^ff3(j}=OSDr
zI@&ISUjScpb11HGy5!EXVqmk3A`wuPjq1oq1>>6g<h}RqJ%aS7Mh#;hTUAV$w*i&p
zs&<H?USD~zFUPdFcdEfsJmDm8hQ<orQ|Qp-`;8!)9`XF1df}{vI(?YdalLkppJNbN
z;zisZVZIlMzG;;ce96rl;ynyK6Yyvfk=k(uAjC}OGz!ycjnmpVJ~!9Fz*g#y*Ck50
z5^aP!_W2P3+2{u-M$*;K(e{Ei*O6Gk*mM?JB5Qwzac)I#v1}Wv0Z;OU6?5rMs_$lJ
zn?>>YnxOB1wSJbL?}1)Yg3&N~lCm()vxVP5ro4!7Calu;Ioivcr#f|_;(8_Pj~!b8
zRp8-){>6jD`?x!a`UOJ5bAy9iQQ(RnaA><q+Cm(kuCg;goCS9c2=w;$a6yuZX~B9C
z4+@{yVNF*#>PdW0V2KcU(wj-C=bb@EtxFx<1Q(lZtIrhp)TYAw(Y^ORx*uSt(vv{!
zIo#O9M-N>U+X6nYT>)p1b+&S~b0)>PNs&%SnhU#<HZbWzquxje9_1nD;l8&Mg0?7W
zR~U1lH`1RcB)s0$4Fo*G0VUwZY8}zk;ME)@ofo7}Q2yn#y_<_pKSpyv5Bu5OyweGL
zx3mY_XKYhk2^Nk=9KEwRXRqwoEoa*#(>0hcJdy=)J;frQ0k$i_Es>)*YFC?MXzy;O
zhyg*C)Qy)yzj<uE@T6QH4m99jiz703b{EvW77K8!XcJs2i-#Y8gYa<ZP3ouoIrwt7
zrIN+G991!2&dzn?RS`}WUtfrz6$)gn+|%YAF!UNhjw<X58}AsPTgGy+yIA{J`(Ugl
ze_>-m(>B{de5F+c8!WDY3J{4p%rMn(M+drEVAl&bIPlsAqfS0~!j(Ub%nh;<7?<38
zJ;LBkNx7zw_M2agvd1FXGPqUFNhg4saP#W)kMm2x_b|cbA~*ID0!yzVlxBk_z<yiZ
z`=RqR1Hp!`!M>A+J>^O%-p2VAljq%eUa^w(W#-R{KxElH*HRzy1no2&JLTaP?p2Dt
zuygnOjxAd;Yij{pGBtqAif2(K&d_BRm|(F|AP;;q1Z2TXMJO@@%BCX+m*5Febob#>
zie8Is8G|DEbI5E4Sw4<Ss=lhpq0xBQTI85U56sQBT$PjcxRtxWCW1-FCxK6ae}Q&5
zx?$~(kbF-btK45<W*kuqxQ}czB;T1J@C}=1JImU7t6`y5xrhF^U*kjI4lfXc1`F;Z
zp45e8qwv#uk8I}j7?cdT2EqoKmjN;mJ8f1RZbOPc78{uFrkv*PILv0ayQs+xqbWF>
z2ypz9!0LRQ6^n-6GOX!`*Pn9+vtXlI51zdtEc6g##G_!VgX;D}(z?Isc(!GbJDv6M
zKvlgC=iE`PiySf0{EF+ZB=E~>NsvZ8KK1%!Mypp4sXbuO0q1jeZdG>bs^I<8$w942
z_RvE^3D-@0WYf~XLqoILQp7b=!_9oD{RSJ)h;hgvwO7yUal6k;Q3+Zt<1#5YFNi3u
zUUvzCE#I(6tT%RUKUU+f7=9z9<wI*P4=u!k%NvC%R*7an1NIaH?OazU#mb#kTppj*
zi~Zpdv-feSR5L)AmDjl8!1e*1QocGZ49wCjTR1WGI2TOY@Z{N$vM7)&<wPH*bej`*
zhyV8QAVJhy-$kDWVy9f!m3y?~JIkHBfBB)S2ruT!W5m`y3TKOBHjBE-XH#;Ag9-h7
z4XLzw!rdC9^ZIyI5X7xxA8>b*B<{+tD9RCcS~AI@E2xdpH)RqadRMx~9#`cmNKz}{
z&VKRZ<+ZC?PN&5f7RoO#4jAh2RH465l|zQpTDQU6UGIoMf0qy5IVC%49%9{*+Mxhp
zjDVzB;yN%$TFgkd{iG<Fi(-j+mCA+vnXbXEUmZm`$-(b+9KcNvs$u~~TF1J<Q6AbV
z=#hyVko-^VZ;b8)13h;<`aGRx<6`DkIj?Ln^11cD?ODJsOjVA6P^l;=X<7)e#?Av|
zMNKf1OaqJ@2rQ;w^We*s$zq;~WW^!?I#3hH4E~NFICy8PAI)LO5gImSN)>d)P==Ed
z^5Cw@<5e~n7;4J=d(z-L`ufZSsXIYsQ8s;Hv^N0JjY%K@?cHt2gd9k*4s>FUDY4yT
zkq*}DF2nRgt}jsIDY#6T{^>K@y+OEMye7j@dyBl3aijdWwcY3xbhX^D`I)D!?eY=Y
z(roO_=pVK=N(XOCn{fW(CgE9Yi@{;t(r{76%@$>AqmHaIvQ(Zv)Z_b@j<4>fVM}f)
zX?PN4!SxSYUr2{vx{n-iaBULOKO=-uww2(W2=Z@UXF>nbLWdCi9{Am3*~(3RGYRZt
zbQ(~?^tt(fd`CfVj?~~y<Bkde{)HYr(3ExOf$y=R7*OSJgsAd209F1SJTQtaA0f&g
z#z)Gei2&YX4C$T%rS1br2H~UvV{MW2@yKLKI|U;DIpVim&Nw4+0Gv;Nx?{H#?%tlA
zYxp%3S+GPRJVX*+&OY&j&{IS2nWQ$jeOO|^BwMLvkiMmZ)AY$mIKxke4bK05Rjo;V
zAo>GFx$w#`o0yBag;OIeO`V(t_*#28FcWG7L4oM#HvWoOTg*GL9bBw%eB0Q>U)VDD
z*ot$JZzrcWCTl#U86>z4V#jFwsO8TJw~2p!hgjmS*<;c2I9nYV;u=1M^yD?nr|WLZ
zTz2s7?#cu;joXDj_lS5}a=ZK*a0s|x3s+Zp%ZokbW5~h8wq(ka3eg=hfx^$Zj&lFv
z{BJu|T`qSp_f`TQtFE4esk?SoImU-@P5#!mGXKJrb%2m}%k2QJFKd9Xd*@>a&uBEW
zUicn(#a><3j<U1cZ9xE_j@ke%8n~~&eRN*ukn25a&XMY6vr8?#fr0|9o-flKbOXT5
zWhA(AMle2k>R^%#W(XK8`Qae@Upfb(1I<)J%wCL2a!JNGNzbx#r9fw3#e@8uEFRa=
z0eHWs#h`Lq6-Yo(8eT8*Hg&cIw$qG1N4Eh`n-Z~2{R;?t7MS*Q>!MV7y@YHevZr#B
z-B;dtdH>24(XxZSnR6-e%?6@3HbE*xM$FaS6g!7s-P^yibNjoM`|$uiORBF%w_qsq
z_3Y(3hVwCpcuGg=8A$nMyGZ!D8>mr;cOfVi8qwAuJ!Eqdjpl@-+aMlKvgct6a<`9A
zJdDG9V$%&~O!cw;wijxsl7>ZpgAIE-fQdp&2P|XOj&6A&^O3m&_<%HEE~$I>W1Iz{
za$%R;g}Tg+GwBo-O_)mJ;M_6^dT(n3VWiFi8mv*>=nm~9=V<26H4DrDtk)Mcyt^|{
zGt_cx97+sS#i|XGfB3}#4rx9KLR?yJ%FGPj;|_VB3Ew-Z5g-}}hw({;;?1b70><Vb
zgAzo4Qf5khx9a$|U^v+1sW?a8RLnew&s2Lts7#U?I((7a#*`(-Xy69KI3r&$9JN#e
zBCZe-Ny}h$0RY8}7Gclo0<V(s-Ojq}p+}w202r(MYk7}v{vhRCSTLlIA*&sl>1I~{
zn1QmE-YEc7dOFP5{PIX1jR1+Nb1Of6U-t3S_Zu7bPQ$o5Aj~!yD#hd^C*_R0$mR3J
zX|XC7xTf(zeER<0)A!R`slIQ>S=&(`=1=BYfOO^M2g&#(TO12WIni$qtn3)5F=c-?
zZyzNKH%*|V+jU#NaxDMglPZt&g6_JQx;iou{MAZka5KZZbKAC{rghHkao8?@O$Se=
zEyTfEFGYE7r_u8|q2C8PUZ^#l%qL;0Q_7yrD2xPjrUxzbpsh)BP0D@Thd1pJXezox
zZ?5BD>J-L<0hJ7=OxwuzQJ_4c@wl>A<XQ?_51gr*`;Lf>;QCE9mdm!hzvXajQy4ob
zfn5DM1OzoYQL)D5(||Ma1mD01nmEhCx~N^M(irBN-nR4fsqeN@w-5mZ>52D*<J36T
zf7ui?aMN}{z5CpTIV_f$6I*2V=$oSnT~p?d!77(*%QsQ44T%?l|I!U(R7jD(2$Iz+
zp`8)!>zq3{Fc87kC`PAnz^HewbD$9bj_|0QaMsCuF|k(d0;O5B$fxD00Qu9{s5ASc
z`pLeyakvYKA76EkubRi-ofnfySs%oIN6C6AvLnfT#{E+q(?h%JmW2p{oFPzq05b{v
zikindC0&Ufr?_rX?My>P!@7R)#SK)Nl4k5B_do?rs-&`|21+-KljMEH@g6M~fR~SK
z6NTt%z66dL*+UOotO^p4*Gmit933~&Fol${8ONi5vzr(siSe{9pfLp4C{04g&G{1a
z3_Kf|O_<)Q`Y>J6L<bSqMrLzQ?Mn&IW-i&%&Mtb#Yfst?Z}C)WC!yFnYI0_1S{0G?
zY=D0B*j@p~hvIfT5n-ltdp$1Zg_ECgYXmoQyk`SzIvCE5C1)@V2oHqGcp3q0z!lSh
zpMkX1t+<C66STA*<BqiH2AzTb_Bv#*b{0ID_V}D^qrub9aD1Bln}cICqY5IN1%#6H
zYy$(jR}F^)o9U`^k{0=MRae4icL5;XeljB0lg>H0L-~p_wG#nJTxGz^<>Y~9>{Uz!
z?>AIs*6~i<z@5NeF1-6w!nkf8<XC*^)N9xEyN&h0@lZW+I75S3i@!PFvQ7U`PartE
zMAW;{hCX1gF(C={;vz3rF_f}$C*oCRIs}R<NGQ0h&&7SGyDye)Vcstqi4Uv7`+LEV
zdZ;gT+o&cI6}01|^K4ZY<Fz{+q<WXkKfWWLp&(uzbn>E!SC`9*hT+{Va>^W=s)I9b
z{KW)q`fvpR_A*}b6HU!4>N__LjxWfOv4wjE3Zmi{YjYB=!J*x*-t|*T<LeP=iTHDP
z=++Um=^!tXZap-IcJWkgMo<(`)I5?qcC#o~UQK9M5PYFrm)8qM;Uuo7n2wUkdL>Rh
zJd|uk%Rp(^O&$>pB?BdA{v2FofkQ!HKpSgAF(i<%(uw$}kC>N}VhXsEt`0I5c%<Wn
zr+_U;&pOK;k!+OSNPmL)dNCHXxe75+Yc)e}VNz`<NpEiT8F8yG&a49AbZq2z-Thac
z9MIa)tN;aT>8#JXZA8Bd%m(k`vD-cw=?-bp!IthPXyP-F=}z0Wu-2rAUmRPDR-659
z-nwhyDIZbH*Q(ma5yr&ds;V?a11zYu0~I0@05lPSF@ST7p?ZR_$QR&4L}GPQG6hnj
zO3uka!v5T%Ls=Tjshib$d=h9v!{|4F_gGg5u4OMrjt(poSzQXHgDgENOLxo`Lz}sD
z1u<(=<D3Us*78ZEdSn4rxsMsx2#2S&$LOzV4TA#f6r_+GC6Xhp2>TqUiFHO>-()T(
zwNG|3;hT5b${?WNmvqp7gFSLmP;r_Q!mdx2XEg8Vy0a4fVxg8K6_=`d;wD*r{z(XH
zQl&aVcdnbj&c;o#q+|lCnk@W~7=Y3S2-kyMiZ&)(){6;)1Nt2F<m*HnDP_lk-S_#r
zfV<ccZfG3Tx)}{^l+^0hsVIZT$f>^9)-K)nq2i7>TPmvRJNvK^hSs^htLzLTa-<pg
zo(@hODLK8`T+`MZwx|1MvZ4^5)2q6Aa%76dY57c&aoId*YBG_dxV`&M3NW1q0erw(
zCFJg!19)G=20(I(ZHQR)332EByKU+QqWzJwKL=a}Th=medmQDSlh{7kDi~}P4|c>-
ze`Cy#FF0nidM1J5E18K=+e~<7%D4moRkWOfk5;gq!n&YRZRWXd0O~b+w`IyHUx-(c
zWA=~%&-FzwTGfjNLvIDjz=WH6)zXEavIG;-W?O+Kvu(feN*K>JR-JxlN0->oG7Yy)
z_#<}&PtYUqbc&ru(m&Zc!EHte<YsW0I<*F}p{@GJL_x5@AXLHsjF}Cp$ZXK|G*tIT
zqfu<njJgO(a*+8z$DtOJLhFm!##1Hnbc!~Po%lg8$R=UV$5DHW(rHmcZWC0h7K=j_
zSR9zj>65MdBE((vv&Yid;72|aFWa~pDu43#0|$F%(cCT>(H#$885Yn<n|iQgpZX?%
z3Pc8Nv@VD?hfN-<;ut|EUclthj%4(T2xDD_P(<=Q9iVy(9Dv(g0npLjuwQ}e9m&xa
z9VkqkC19PIQl6F9nsbW<=%7qPtZoTA**secOB86bJp@EcVyim~P9tSv;UY?LgdwJ-
zSMvZ>K&rox<_wi9vpw<N%q<@v<_^i}d==&8Yj2LoO%swk;|V;%Xt(UhZ6_u+S4ild
z<&d*Hy+k9v!$ZA<Zen?XJ9@ob(&Wv`GeShmhi+@S4uXQJ^6haW?`R{9Li;1J<-1c>
zpAdr}_5M_|9<0>08#;n?|4N$&11~RXOUPC@anlO9xj{2Bf)o>HIoy!Ay>%7x=gV?|
z(N`HbhBh3QjK31QE4gmaA;;<Dv%Ow`ekWJt5z>i)bN{m5dY^U4A?{pk6p#ECvPoSb
z-v@7O0gLsaXA8vn$SOB>CUcJSCn*AKHEtvLxHH!%$RLsl4F<&Rf=cfdh!_S*Bp__;
z2qGsgB3?RM5$y`jY#_*Kx?*&0cALsAIXa8tJ!8Rat;3L4D8p`DOKM}*1(Zg*XGOF~
z+?&@r3d3?T(`E+;3CV6GQXZiOf)RtoZ~^3DSymO0G*uOpjMrt*zw%^<^-qN;0Cqr`
zA*Kzu;=H${Ne(>Hik2$w=;L7G{bQEQ8qe+R;h#!Jo5hix@Q-0-_$NV0mLIpQ!+Nna
zN&4tpIzUVUu(ZHGpMAQ;_e9d?#a1M~jvGGD5R2v}l&-BnRVit2-0PndpN{y$8~dMb
zuzFLW&ptKk%bWt8R5gmEo)lHgwVtgCN9q}u8*yCR@p<lc5wotqm-DFhl6TI9#;RoC
zc@$w+J?sCOVPNQ10dzt+DbQP_!jij+xos)6WS@lw3BIv+!xLfm#pF=wcGda;K&?Ie
zNFBEL`%AiQS;nExibWj3>rFGO6m+u4a37iip-ZT7*n&CZjSOPNjlKPz`}ldF)_v~v
zx{iVC?TlY_nNyoO<G`S5_nR1-K)*on8Kg3FeDY+LuR@#q^GGYZNtxVmITeMT`U|#t
zdFp%bM0(^F8E1<MIqq$wLmnmmerfc{drFECQQ32b-A2!#(a(S)x*?!F{~9#Wts7#q
zDw-#OR6Wsrn<#IHjk+4fMqS;xeYae>VMErB4^0qjONbN)pF(uWDxYPXoMtT5E993}
z1)3wP_0g^bL9r8j7-0pAJ0{;?+=9l^6^7ez>ps$k9|WA!<CsacT<X4>kvPQ0?X*c=
zjaS7|9Af<-Hik}Vu|2{aYIKU9J95)$CJF$HwBm?P16bjr)7a3qctxO9x7c*caDIcv
z6A!dUht4PH+#v>HC)h1LCIGhFyk!FDc{&)Ez%aPGeS;~j+nI%8hL8mZX=g3O1%nCV
zHA|%rI)+2_d#j5%p>=Y<GCM0imyIZAfTe^rpeEReqRLXafx1UTk?i2>GD(>BdUc)v
zc)}X{WxFrX7BU)O?$3dNM>hd{A$8u<0`7HDANUZwm+fbRc3~ePp~UwRlW}Sch!C%;
ztH;eSB25{|y{F!IjrqCBNtg_Z`2F~EHALlwZzK*33Ff+`6-_JyQC|VlR!ojN2lSGb
zL346w54IdB-kgK&J_laSXtp^;Sc*%|nQ`OcS(<0)V?lb!p1q};w%J*}f!+D<(_1dR
z=`@e5ICqm*V@D=S_3e$NE&QqWK?Fq<T0!p@hgz{N?NsY(iAG9oKW%GYi;)%~bWpYX
zSKQM%aTU4(!4b|U+Q;*}*4HmUH84|YzU|f77+?odu$FQl610*8BZXJdwgrbh($Hul
z3^l@UoR}-1`Mwi`cHl@qA(0K=dwwItiY{{x2WbGTdu*$-RkmzyDtP)+y;F@@1810~
zwTk8mkuvbcA-^;U10r-yxduF;3yd1*VU;t-p2Vgg-Btk|+6xa8IG(l;!j_6gP?4Kb
zEyZyZ-KaHSuJ?+b+oZG6<BK>!FlRtVu7w>Cb~_+`f^;h@#HNZPPbXVY2r^@e9nl4&
z0R-`4wjOtLyTW?XTFU*}wUPmsel6tEukGCakRWhc*zyRp!($g9!<~3k0Azu|0hcV!
z6GDhWY#VBv!G$om9JIg~w|!PBzJLaoD`XS<<~1G4ZziGG%&0?Zb*Hb^t)z*#M7@$K
z^ey1}@15qWb3`{wa{w0rg%WmKC~}KH5uu_q(NH!D0Bv1L2k7zr<OTR#Pq?V5i=lmn
zD5Dm?lTBmXrm<#+`KK&IPvo=bg>zEi5z1|kcl1DHMSXk^P*&EehFHNN=ET-{iFJ-B
zva`o?@r5$Y_1@Eu?tFM}<KVUAhmB&g5u$NYP~y-!1GwrR-?{tSciwNlOU^O8Eg8_=
z;1~*S8~2#wRUNm4KGz^?qnYL)1@+)jJ}b{05BnbIQG7gZaA;B!+3wfE$F!T{tAKkE
z)}<oZ_!#&;tKi*JFG>|6%WC9NsutrYSS6$BS-Z~4Y%*Kqri^A>=g*^!;brO0D}eE|
zO`q&+hzugoTscra10s4B4-?$>L~xNQ(6^CcsX*lQF&)U(5zxbI?`UsqPPm$LqIGo_
zQ*O_rCmc4ny2eYD)5JbM^3TJgmqpVZ9wo3VvU`d*9)d3`eIYM)a=J-O*XS@&;4{t*
z6{lshzJ<V!0c;L9@kx-Jkekg8Uah+-9k|Nvs0cPp&7XRC*P-RoSn@uC6rSX|rQp|*
zo;WxS(RIU5?MA1t57*QrC!sWtd;_`nc9-*>qsH*=C}@|Pof4j@zz>GbFK(U*MBld_
zV}7ltr}j2+{G+%cIQd}0$uh7e17Ik$mM$EJ5pj7c3)!AlihUh*`SW#-FA2N1T;))=
z*}wZLiFj90vMa!72c!sQ_$B1{y<J1BG}tG5r?vL0%Ci-!y-Bl(5SUmqRqxtlnL(27
zy7W+6En8%1Fv{$+fGI)70DQm^tu`xWB;!S$U|#mc`Y~?n$hc2W65R<IxwE@FXt!AG
zmW+=o6Em<^l|h47rc?(&ysTHg1T#;Y1?|sSIyraikBVgoUL$4~-G%W14BmimnZPAM
z-9O|wqIf4qVu9CF8+fm}OiY$qyLW(Sc(i9%rO})yK+t-|hAshj6H8ZO;#U<cA5$U;
zHilsi3`upDSb_-3%UQ;-*bwxza9yha%xo|D(ESTkRTUeyB|1DO=Sw#=u(p+8$Wl}>
z=BpvNGuQW_ks+yy0dH=(?&6o3%kFf4H@fel)D{?wa-=9A0+aZ3+{G6(HV%l63wGei
z3~cRr3Q!MO67D}fRn%QZcvQPqu+39L^qA-5J+CJeDsl689I0*dCLHjpEb9O#JiLs;
z=|o)~jnSL`LZ+dpY1XJ45t%TfjBk85g;QXlMwC3he8yRW3W7rrpi5mJ>3_98qP~L7
zFa_+p{CNg$G$W!KXF_<xHOzul{2`svLNV<eLz^js3^rACPN*OP%%jQbtE&XN3d;f%
z(4$1MV-=neEuB8g^Q9>N)f5?wPWIJ9Oa&w>3*EyhYNt|ut8jTfzucu5i7mX})h@tw
zeZ1zm+-j{arKmd5=(7$;<Lmm}@a=CFCsY)|M2ktUL;d3U#a<JzvmJx5<^svThVbxv
zHv7bAE2op#oZVgWN@E(Lpnhu<&<hJB0rl(6l~AZcl=V$?r7X^6PD8F}(^LrVfGSec
zZLx|MxXVKi2#`SC1{J^Wi%Mz`pwmWU_(EhJ8=!iO^c~a0mtagp7lm5Tv+NuwU;HX~
z{f77SV8m?bly&m<IacCiT6aIbbNGRU_QwaN$z;H$Fw)Qq=nVE#JcCpP<mjd238o6j
zYTSM{Z-}09NDw~HV&qHg2yvW5t~(JmBRYac!VB_&WT+)^O|IQ`@dt=dpJOb(ENG=0
zU05lpd6e3vCL#@6!-stb-96N{1nx0-+EFekymdASs_zoVi?MIO<Wj!^Kx}1mqnn;L
zQIG)$h-rhh9r2yd4slJi77L7F9d#nN%Bsmp?<IrB<*2<WGQ<#^J1NChWnGTl4r=BT
z@d?^2DzH8@lQ$d&8VuAlxEJhF4hdt5uhr!j5xY@^Uj@oJ7%J~eLSWxZK3O2N@ddXQ
za%PI<#IT}xN06+Bq?8r)iN`5h*Chi~Q(i~3F60aFtJA2<C{>sZS5l8=k5s~JW-NFq
ze-Ag=0$_M5blais5o9F4SgmPoYsoKmOyHRLT2;}r^*MZV!V)@YmnQiVv33@=90TaA
zun(~PQP9mN!*(r|ATO+!{;hXDdVD{<i)k|<)Of_^I`SnxbrP+lF+=b|CqvbU`I-!V
z=<f0I%t_u4ipBc*DE%-Srw<>ezcWf7mos+*xL@9R{O%}0f==Z8lZBI;Xsd7(H+RK2
z$4zF_@j`EWMwZ#;(0PGN>npwIz1~AZI@r3syIxY7hVUA;KAsvDAL#%4U99oF8eOZ7
zH%pk~zSxzjz67n^;Qhp{kU5a0_k#nG+l3d|I;vPouYC{)_SR>C#lBM_>KxLnQo?0S
zs+G@Si!y9TsLif&cTtoxBo6P1GFmFc`B1j6JxY>-We827d#}552s?6~t)3}d2fxG{
zpd&aX<CEEX!+S|>0uByVm67a_0TNK0dAQ|j$6XPC8<45n@MXIka1MtD#A%C6T(3w`
z1c*l71&VM%m^?!EnGvD9#YzliCW|WYT;JKd{F{4jQyt*n@xkSFwYm(M%Vw8<^D-O-
z_;JVhs3X_fex&e0zz0oBag0e?#{fOAm>}<6cBSEM>ctW~S0#brrc7sD8SSojgJA~<
z#GdI(p-5HRAX4;r3-gJf0sw_g6T+zX6dyJg!*!f(tk-VtOJH5o*5x~RibjR?mN?2R
zilS^Y;UFO_)I9g}X%KNt)*4E7#*psqW_ODN1K1(7bBcw#i4^s;N_=oe8}Oycfo1~3
zP&3*N-m=wBAGkJL4_zCsL#inp)JE@PqjXjO27$}>ehIiYn(2DntT1H&L0r5a&@E$3
z$#m97j9f9|EI1JT2PUq1Ov%$wJi#>~J++S>!)R8o0)-rmu2oVGWj=)&2ZtmSOi?pH
zFFLnDmL-g$^UzTlFu<CSZjm2jmYGy?B}IT&+OH$GInNyLP>uW=8?-_n61A>4%rV>0
z<#gA_C3+p$;Ypm&Wm8h1*t<JSrV<AEHK0b2BS$ks)pm|}$r2Buyy5T&`f_Osh9Pkp
zqvTq1&F7=kqJ<e{eUP`6+^ToWRYB>ls`|XCr?s!!gCqk3u-*vKNTNujOsGJ06U%DB
zjjk!C^(fL19=Xf0e-syPuLVI9FsK-mR@ipkFxt^4h1cupqc;@6bW_Zh6#vY+Y<Mon
z1MO46X1o>oKzEh@EG{25BUAcOS?5GJ<1rJMXRR_&;e-U>-w6+Jyeg~8iwN5S^l3q0
z{-QO))U7W93G_w2DpO<<m@Yu5t#w@FO?yU|=NMV0$TH~3(S|3an0Dm7paen^u667X
zYFV-LgUC{w==5u!@yU9=jAk4j5sEDuf44X*x5c?-=~1x&`loT(nRP}CVJ7^|?0CBj
z=CTRX*@XleNHrXl#NA=FOA?v|8%Q0YPNc)#Ro(g5%YJYZ9LVgbZ5-PS`fi|ca*-lb
zXMusFZsm$a8wGlx3MYS?;sp%;D#CnWb9$r~mMn7*B1Zr+`DN5n;28nGw7EqHgkw3i
z1fx=}n{OLX7>vn3YMhH-2=W!~g?;c3?m#0e@GuqU8GjI>JW4Qksvi(+1nEghFHgM~
zae$m;ND;&EREA0r#sWIyts}<jLh!`p8bAqJa2j}3U`1tmXq@GA%4)Nakuo`|_&^vF
zFKW3m+92r;?jdE&c6{_18}SyUy@!mCWUxh!az3=chJeO)XPzAw<DET2f7A!d4nz@r
zgFRyxLJkol`Vp8y6fYy=Kf$aGOE)>3#&AInsu+A&Rgkn3r--t}P{E1#auY+Sp@t9^
zBoT!<`sebF?Ri|g!3Z#iock*w?-#j_)K6ZK*Erl)yoXhT(sJP>K7l9Q<vuu%W*6Yq
zo4~xHDpYDl9p^;SJSJh<N&*8`6VZxH5jIE_;p%*%>ue4;k0U+`_8e)lD|!*?4FzyZ
zICzaXXK%R6h*?><IbmA%dL)$3qVEr)?~CaBQW-AqT`DRpy+T#(nULcq^+~Lm?3qqI
zly*N4*s$=K$b!60A`}hOU{~ux1@|ME>S>M!lx&iKbRtSFQVVKq_|3!+a!9qptgzs>
zOv*L1`T5!%T829WStEQ5PN|TR*?r307Mnm|4zNdD0bXA@f#-xA-Tey_!tq$KPrKWE
z83wSxDdmpD41LYP27%%yI7@>|uYG=LlwJxMupR2^4ie!XFVKw^x_oIEL#}d4d(+J@
zGxbi`@Q=CWA9K@GNZa2@Y&PygzbzxzP|bG~eZLod&!g{C-Hi18IQsql=z9@;FQf14
z==<+jRh7hI>t=WB0J+V^wZ}9H&`R*4RH;fgvw>)nN7_sTdmfk+yfp^FY-Al+xndZ^
zco%Zajp<t?kVfaMA3;CHn<FCV^w9EP8;EvGehj1)ocp&C(G(^EK?rlX+-wYbbQPl$
zZ#S>jTE_!H!F3;Apz!XqlM<6J*Q7}1LxalwTyjQOfVYM9MzVRMXJxqz4|94e-8peL
zdYPV;tJy@M%XU1J@)^7*m~fcyo!7EAb^uqI&maM_4$g-3y$`%H4y{~Gcsg4rZIocU
z=!LS#!Gee<om~%MO?ar1eU8*Kgw#w;J<HE;1sIT`G)gS0Kly!eFiJ>-YBxzg`O-`n
zG;j;&%S~{3E1a%pqx7_W#s;sQy)nFn{{}NxKY8}4YxXprIa<*7N&!_+yzERsvwoL{
zbSdR)n0RDF`WL25&T-;8{EU^Ij=Y~h$XmviDsoqYq#=k=1L8r=d}z<p=~&qKY`RDG
zWRB3f0kY9zgJQ-@c#%M&vN|lU7fDoG(|WKl*6_$(tw~^65jzW^u+j4SoRcP&aH;G{
z;_bDD2OB9)X&QJCh(ro=;OV!A(HKQJ4Ag_WiI$17K~b;i9-C*Ayv6-f`^mO5?i`ze
zDiw}M;XTF34xIsx9uz6Vii5AI;@<6@iZ>5&4!*+81nl{0uPYWU-4cl%cqeH(p98n&
z{`GT=fL!`q`680$-X0N)>ZRwv@aXI9Lg0%?7b;tYZrP~cl`eCSt^~$u{~AMn+bh1-
zQc*l0+op5-3i77X8$hGcC`^FX5d1>VS>!hkTdbj{2@uxb5y1no_zGpX;I(5Nz+H3O
z2N3}LFCw2Ay=HkBc>QJxt3u#>R~*?42fn$Sl?go!ReET&d)dL7#?z`aj;xXBOIt7o
zWT54OwK@mF5GAA|p4yyL3nDvG<83tMO_~*|UpOo#1ZxOD5&URZY~i<!n(#3c=oCy;
zrsNrLb%97RwAK>Un^4Y9M;zvehZV|o?)IKLibSDO+4Ew)o_7*EaBhZ;(CQB!H4B;Q
zNJRBVz$mUdb!*-+LB{fd<hDY$80IdjkRy2Ru4{A64J-?_BR4&Kcx^v@ZGVS(qTSu^
z9@huy^IKfp@?BJw%JqAPdj<ZvlD>Auec0drlHSdGE>OnuTJ^dg)7927QB7(E^{uXr
zEpLPgzLoyQ2M<5IhtTya`1Z-;dynunzaeidtG#2ll@_PXAyNyM;qT>D>2^_FYD@fm
zb04n1aRXk;IDGEgZ}7YKc89OQXFaroYA6hwMeehio(86bW8)g#rI)=O^a#BWh{YtX
zYKGI!Y9+88@9%us(fQwi8oR$Ch;xqj+dKXuoV&Ww3D^FvYg9`2NlnEso#l&&$8%3$
zUb^izO5v>YByc2Tqv51(m^dlK7~k<MoD@#4>?QXCS(Bkj*9!zDt;8jNC;Rc0D_4%j
z@NZi?H~R6k2zVP07(s9^K4fdS@MaCU-Vy}aMK}sV<gM8KXhKdeXY}J9r21lqJEIha
zNtor+I(0jhYN>4zUD8N7c}A&K()d+C0?7lh5*I`XhsLeB&F_~drcF9;2<KuT>1h@L
zjt<+<EaNX}A1N1kpy%es1LKI*O&gdfey6!|y9^$$NXQqK;%Cf)(q}KY8#USq?g{RL
zP3oB-qh+C))HyJacX4#<yF*o=2$*cx0sXp+`NtaFrmSS`=Y2!JTYHjnb6c|<(94?=
zwFuPg-muxb!OJ}jSsJ^Vh%Ha|j{M4?g@Q=usB0mi^5SNo2}+tuM)gE!Y#luq7B99X
z&z<AE5zL8H>uSZ{-500n!q_*mV8V&O4;u;bM3J4w^XaB@fArZfq5+so5ko<ndI;-b
z5Dq8EhGE~3?iMX?sMgcIZzwLbmyyCpTZd5GU-`YIS5w=)r8mthxVO^yP5rJdn4%kd
z*Z1}#Z#;l^|Cq>g75GA&T)%x+-9YX-Nv68#e!G5~d^O=h@?Iii_?dG6vZz*<-b(^~
zm{Aw!$1Em0(Z`O<IXG94xMMxy+?__|!6S0Ph~5g)$a)3}!dY?KT|UsU=h&5-a0$Ud
z0g~?@i$gc)P>sF>t;D8(SeDQB@BYSM_}bo+PhWpy_cwXhSm6KAMJjj|;=$}W#?p1p
zcae55w{(+|4`<-@JT#dCNZ9xD)z-#qS<pySnKxp4&GDw162-Oc^^;AFOq|qQcT}8h
z?00;W+S^!eYGVnq%9<|AZKJ3*HB>E~M7*_$^`<5oENy!mXPer{W=lsHI1lKy-aOyb
z(utGfB`w6JCHkVPk#M&o0gU{iuC%x44@S84+fFDZzAG2I?c?rs`t~&Vi_HOK(&yZA
zthy!TOL+7t#-nuyr2|aiidHa0#Bnu;;?B7QaGZ%K)-Q#M&PxgEYMQi>XapJ5nNMyf
z7*Akmj*jBsKDATWm<=F|X}}?@7kr7pT@|^}m}W6KI!1d0#9BBQYZ*v55W@$@PHYWH
zf`pB6SPoCgu1pEthS*z$dy)Av+kweH=>HJRA3B331n;(<7<8xRklL=?sFYa{S90!_
z<TRHM8ZjX9GQ4*7RD(?i>UR3%>1$`7wp|VzPOk@$^++9JP=9h|_pMJos}!tnIj;5a
zT2>3{yf%Anw@*EMH*$kb&PBTwFPQJURd=FWM<$?_WT(J&C-*p6-#C!U_+9h92bce6
zxz2O8`-P6g&vUl>+H3MSL93P%A|Yogn(tc=&hPd=IT$V}`DAQ0L9hxoO*0iW?oi*2
z%Z@b>%VlQvy1tg9wivX6=YJ60?y~h>^IjWyJ>DBKHy?Q2Hk2A0N2t`I-GTkJ$1OVv
z#sQ?caWk4N;Tcz?1k{xgU8dyH5go|%cvY^KRT4&k#(Zp)<Jr?X-5Y+#0F_|q&mieY
z8nGaI6034u_~7(@ozG)tSM)Z8`;8W#Xrg656UF+7m{e~wrMwAfC5%h5@&+p$*p1xT
zEVIwFhc1O)W|!i3UQwrUx0ZSB7bhf&W=FV%tZZo<dqt6S+05Oe73*k-iok)dedZmp
z48HhK-sl?2{vWxa?8ZaE`|HJ*hC|SsYhGVuph(M3z+JFng7ylB{F@s$;(ln73go)(
zgV1R&r}&RfbNK<qgTY+*GidZeL3~7)^_*M>jp@9#Z%4?uoQJ(@aJYD9yAPa!9sNho
zN_RCwmin=Y(5l+HE@ofJqPe0h4{Tr8w~UY{3x7H1%M3bT!l*X(470^&Gq@Ng?TO0K
z<_ZEexP1m{DAXFGY6F<w;`pQ<C1|EVrJ!r;jeU<B$XIewPj+pI)DD8#PHE~~FXd2i
z&d>dDu>;Uo+K+9%o;csKq>96@E08~j>kvU0D3Vj=2ks|#&%i0HLN*}2WjZbxF98K{
z-}d?e0j1OJ=_o%g2%ji$eIhp}h73glK;@I5JZnoaZ-_WV>Z^Vueia8A_IQa6NsODX
znH7*AM0Z&>$L8ucdLg`@q;O>(kd=0A+`KNqUA8&cHSm!O=MwXSNo|xjbxScTE7C}r
zRmNzva}`oZGsf-nX~9@hj!4n;L!(ePUA0dTCDNsuYKlRVJmJv{%<JfI4k^$28eLx2
zpmMxx>yd{6Fsoz7IO5qMx>u~|oCX^>0`pr0ek5#S9AvK#_J*&W4PL8W9}azj1}eHz
zK2zg#IWj~nl%}@NNKhp_z|5Xz@#GmWDly3qlwtwL#ReOS`!`pLzH}#4zU`3n4U>2Z
zGcgTa9VLQ)j3bGgaedZ?;!a%KkY~77Q?HDO+Vg}));h6lFwdZd>kh<IX4nF|ct&Wt
z=dDXN%(8)>ZQ{0*(Cj>&Wm&fL`7p>=MgSS%wvs;HOs~<9-CWU!8v%?3zFBex^T`T5
zrT5bG6GdHB%~Q%b$TXhZ$CTd)wb(ayZXcqbQEN!~MFYyoWy!{qV_fnDf}TU{k{~^^
z&Gu-~=RX8Ary$VSx27qy&>Z9=O(?+Hie`}4a+RH@j5Jv>{4{Ze+B*9Uok0t;XCSk#
zslgqxwd@dCr{>Rcq^#_CWfOl!X$v<7D^sjB88L&Y;Afnv8q9fBzO<3cEylg~DF90b
zOBXw=ie{rE3dwYJCHY&u8@uVilj768J@?MNJ^uQ}{-@n(luW^%@yo7;G4lD7&z`A4
zEOTqrbGq-TP_y9XjFUbqcC*=IL^p@cku75TT@W8>`@1c*E56SihkO++Gd<IU<WC$C
z8+}TX)fI|+AFEWds@%uGf8Bx?u&Y5?dGe7q&)g`fPKs$wsuE^BblZTN9l(IHp27lQ
zZC+&iR@q&PH#9Am=#J?5_7&@y0n~;V8=J13@IgI#J~Z?cCo~SHQFacq0JJ1<=(Xze
z?D-;Gb9lll-X}NIEL(}(T_E~}ckV!Zhn9rzh`fmr@r9i}LM!cPh$1Hkhfdt0u=UT%
zqsSwd15+Wq0#bsmGVoRaj9BunApaB^<8TW;CzT>}<ZyQAnIU|xyPb(c9%11i+Q#l`
zT0lN0n+}E9{*&@-(Q*Kg$t8xZ?G!v}AR~&Vp8%kxtrs{iFM3)w9s}yupf+v?G?TRB
z+;-y*ztrBZ%9!546SKCUc5PYQ$CPphOX(t@DTp>XI&hCrrYIJ>=$*^5Z@dwnDE5Ze
zancWqPhWIm&BX!zw|55yN~?di56F$PX0b;Fu#4d+!)&h*e@+H6&+G%k=5`(3Pvofu
z5hBSzQ;X0zN&;~lWRxx1{n3f`>?$OI^)b}2IK%GIL6dfbf&CC1dNorsRsZg+J}}kS
zBqS>DsvtVBC9>IZxpH#GT!9L4UJep<IoEw)g4jtx#m@6)Ya}48q99BX9Hwanil@@F
zx}k7o=tKn2^k&FRzqxb!!wke`f}KnSU$dEt%COWFUW~?&DVPOVmlg+7&jCJ7k@#PR
zsh%4Y#Ce>tU{gXT0NKlqDq9!6r-SEx?kHEXoUQ9dMxy8as0F=kTt=^V5Bk1;HFo==
zDi$s8P6q`T-X=x1sJ3C9(R*DxVMpA93v}dFb;E6vup92d1-eng24{=i%lG7JqbpZk
zUq<Qqi+AVpd0U4@2_$n|3*amvpu0*(?oReWBR)d~i0F<COjen<-AP{Qf#7CQ%J0fV
zx1$1q)B90>v^Rv60qoP>u*d8;T0RRV2OjiXr)mxnPE{?4Ma1l}@Bv14(ZFB)IK`)_
z|6%GrNTK891$U8a_9X7nNzX2woV%;#sGJqu$GlG$Ci!vD1NXh}fkOLEJRb_mA@e|P
zc}|4fib8_#&z~=Y{<!Zw`{VgcV1n}RSL-G83;wWnb^F_=v$9+T@5d)Sdmv(o>|EN)
zuVm{^=j9~qmwV8k+BjA=1IcJ5<X}>q7FFOMu1lz)yyq9`-zr`>e9~j$xJuJ0+9x_#
zqZKkE8w~{X%&+3==4N%p8z#ttwa}#ywMf^kJonWS)~Jy~61?)smAxAfEJmK50}&)m
zNZoVuR`{*g=|5TfWRv=!W3~?c=EmPY_~iY2Pk(Snkzf+eXw^wA!I6MOI4|O2jXph{
zP2$zXC+T4Bn9!{Y3_i2X1ry&Dzsx@Imabc`d7PCY33K0j9@s_ZK11|nd7Kfe{X#U<
zRo}l7cVYiZ&rTe<D|gqGe#uVEv*$q<+;^l87fqvUyC%V=oZV$!aw;5+9q!e!h;^JJ
z=lGHxD;BSyW94KT_RKx#vuI94RXuUdZf(b~kHm--tIe4BOxgFXvt*xMFN>hh%VI0V
zVE;5I+4CA)mS^Eh%CmlV4H@O(jGqTL@8Cy_mx`>XfTnuexXi=vD#wW#LgveL&47AD
ztNJjXt1P@J-S=0+(J&V?G~7*}$#nO~q?|`xf=B7#$(*1)I+b~igaxglGh`yklVz2!
zC*>};jRva_w}(0azsuNIrq;{{BzoU<>-ABY9<MVHAaalq$ZeTnE5UvUFdX2+U6JGu
zX~6RpVE5q?Y4$!wD-iTZgE?TLhJt>taz*lJyNE}83-6_A;|(6-DZJA)Wvichui_Jo
z%&-^2HZ*&%KT7AHT5G-SfT0ZCe9fYFx8li3y1O-pZPfdGQ*%|G$0tP|Z#XcI^A@`R
zou3_SF_D1OjtzM;A*KWhD=t$i&&ZJl#ao`qJ_Cx?6aBRlUx{4j8a;{o^8#|+i%WIY
z=U&UK5BkoCTZt8C8*F)bZ&H2*Y)>ys%wvU5e|^seUC&Fct!wur?$QgaZD;o)mFruf
z%Jr?C+xHhsAf=9;JY3iC@jV4jZRlO|^#0|CO>YMBAS6`EnsCX<p#hUyg#HYNs%8hb
zJyb%$eN&7vLVV^SIm=aLbkpPn0vk!uSu08qQ=7Ca1&#%qLEy$jekf^Z@QcTE#L}1f
zC(|sxh4VmH#`F#OE(ClCA)|1lGzPa}+s6=OpCy2x&hfgg&1P{=09bRzm{=|9=%SR}
zQ<P@Q?AaG~c8>T>ePIL?U6gxZl=ki8SMw5cu|zG4-@qc>G@=Y#Io(x0Q6IFZ8EeF_
zCNdo=Q4QIMZZwXgf^aBFy%P^u)0GvF%4zML_t?OB_hu5!?p{?-3Ofh*-AuwLUJoeY
zHdR=~JqYUH{oSmWuU26__n^hV@W}!VR2~Nbm?uQ*b+Zje)EhGxBgLa5fYTM^QeLle
z%?HT2Cg)&lJ<b_%iS{^q-ay`#jI&GaQmh1=b*cybqe_U9z;%WRWptQ};NVFF*${&+
zF+TA|6N;M>G!mOBBBSx(2`qFc+k3Ai3<E0M#M<inM%iGIu{4F$GX)D*fj5jHD_dy2
z>+00a^@-^^eoqG%?ljg@4?4+L|3Y0t3TV1S^mEH>w(!ZC#0VkCfl7!%WG;sg3=lP7
zMLMZC9}*G9TpPgqlkq_Kz9uzq;f?vFR1;I&aRx<fl)Nf@fr~T^8^BvZuxaa*BtDUC
zO^N%E+CA`m#Hk8bSs@z<e+R@gwAn%pdKI}7o8z^8EfJ5{tR;TuwZuG?UF-Q!mx~25
zP1pyl40H>YEU=ot1deN_NWmW1g(mONhvkut#7)X-jcq3u_zM^dtPfD#JkEiP5->d}
zZlIj7`+Xl6RGKVv3Gue5Px6+LPTbBIb66XDm=kBw3P+O;$dFc466I4ahs2)*ITj6l
zvAgN;B*4wk5v!}gKtSqs;f65rKK3k8`XNVrFuWNyVmK{WHkzKwQ<q?V+IIeZ#umhl
zZ}UxhuO954x>~?2U;=~fJG+GmNp-<N;{p4#r_O_DQzq+0eS!KW#JCO22#V-6alcN(
z?HrII0Cg>55-_qGqV?9b>)m*#<^&<l32NU3&Xa*G1doCvP<K{45<t%<*zH5Vc*6q<
z5s}hoTpCcwX+oj`85hWw7$@0MV)X_WSuZCUH!>njgjIf8ly1!Kc}D2Tj<H^y=99P=
z{hM$*v})AP-UxdcG}GOSks~ZHaE64Z?3^4|7KWVQX6JWGi0#G&(~xoWmC;CaL8P@I
zEhbIjBFAw4g7boEQcw00)zjn(aAKG_-VuieAO_|LQlZYy3BSer2eHpRImob%u90}x
zu=+htC^8-Pj1m{Jg_C$(%!?WLIhIYyqm?xYSm+~_+AO7dAwFmsk(edX7|3zFmA*VC
z3@6El%x;G6oACzDOs-7#6EM0K;wK518L~|V8No_A#kg_#)-3du$w1SJ*bS)ejgAs1
z4{Ip^c(A&b>BM8xr~tk|!)MZPcSc;=x~Z2KVA$+{rU`J9lH|m`sg~Rd!F-qn!|Ay|
zQmbwj+gy>*XzwFX&zG=<rceB&o5T0;WxVhdXbAaCOH{B3UnION&?YyJbchXYL*9&m
zy8@O%Tx0dtm0jBJ;;qk@!GPS?bWk3B)-|BJC;9jp;D6+38K#P^ytSc&ELcqJeh*!H
zqgWuAQmsC1Z<22H@Dk?w95~mjnbZ_Em$|*TJF4Pl4u`aDYVp*WxusM1s&+6DKevUk
z*?xQ23&heb|D<~l-zBECAuijjN2oX>Xsss0OPezxm5ex%LD}PMbp*-?&M5%5^btl2
z!Ht<cLokDMy#QrTG3JbIbBwPA&IkmM8g5-+1p16Tkk0*+?vX#vP8m=^QpgAmZJCVi
z?+?T`|D*@?_*s#~e5VJmP6`{e=DhC`cLV;QC9<L^kR&Yv$reKbj?>;h`rzW{_mPIJ
zBlT!%osu|O)>};>FVcv?mPmMEPLJ6IlZTs1leX8ZA!78*fq_6Ds;1OpK|r%DG_j~9
z%F?qbTHVW4)Qfh7i;M?EXjG_YHsoxc)#BGL^W{ihvEuY2u=YuiTEL4^%4GOdQmX(v
z1>}a;7dwK=lVJ`&ngo!FJ&+fQ1z~6O7?GXWsBwH=pAZ;m=k+XjRjpAyD3KDV0&0Ki
zK-(m4^?S*~MWAy?BlT1mGZ(*n)_A#2U^=Lt70abX)dBz=_sdWy242j8*4Bze0qR+}
zcnx?YK)S#=Gk}RQ_ZHxCy;P>uBh>p1*|TH!r@BJqPsf@Xc%R#~Ck@2SMHDI-?)bR*
z7;IrP<#5~dSwK19fs>Sg5RLOsLEb2*(<*O6Xf`Hu=<jh}8{#2bWR%SFtirf*rRoi^
z1=4>oNztG!qAlvNN&Qgo4%Awpe_0Y_YH6@-G!zv&GJ$ESVjYERodxzI)Eia4D_7D%
zYo}wyg*zZo6Y-IWD!8SKDwxGQh-7=C%4Gw^D3+9A`C>;4>MS^Bb*&6Y?&q~dw{9Kn
z9_6^O7a7=Ys*Y5jql6cUm&4$fs<t^o%W9313l`7_d@$MmW?D>4m2j^Vh;9;d5nhX_
z8{exjTXgJ6ID2|oU}O>MIO>BKSJ=0VyGxs|<gDlpqs`yMAt9m7(t|6*0}X_3e-&)1
z?XNOuBt*MoME<JyVw>#1FRf3H*3*cL;Injqx;_YJca3ePA-L_<V3b2u71U!ioIrbW
zsJ3^qulg$$sx*LbcNQhzGK<nTe_+B!@PY&tW@LItwOt07Q}emw>K$)5J8#@!)AdYl
zG5BcT&}a_`O1^?SD4*c{?b$u5mg32BtpM+Xzk%LG?Bz2dgn`LTS;r_=dXt&Ytio{E
z7!u}9q#@x=+#HhYCOvfHATaPua!{gH081t0C?z>J&qYCxiQQ0-$XFmKkh$)IBRrXH
z^VJ;5)g(VH#`&-vN04F?s+uu4DoB6HG|+7|9%AA#_Q@aW3k}qz5sZ}fg^{`>$-5n}
zDwiu*``)J^kfr^Ti*w^YglbWQG4juxSk~rJM7q-==^@Xl<s?3}2?^m!itdg4=qafq
zB$0|YRb7VZy5+m|#3<t|-`jKW+UiGyXT#LLp)^qUq3?z6L*LuE{g4iuqaTk+)wjWY
zC=A;y1P>Bir%qPo`uL>H!Nmtzl~%sn=qOND;21D|=4;aTUeYvf!RN(1NU_eU1<=T&
zUj&M&cR&6F#p?tW>&ywUifzlrbv*+0o#`NI^9D~?z;N^%TJCn`ZR9>6-677ONeqgu
z;@#z18znwxa)(?Q@NvODiIQ&dR&=eZD~{yB5Yx&6B~C9Bh*IWAWHHDVj6@V047RVE
z5GZcu$Gi%+tY?UD<TjJDK;;w2hZC8^Pezl@X1c*uEVR-VysMF0Etm~S!;Vr48+CqN
zj5;QI8|S~MOtNaXh3=L(^=J<GWKl52!y&%(4#$e4u9v<0Rp1#VMSE|;oEHod^}77L
z!yRf4-ixrbb5v^g`1p>L&nE7Y=O8Y3Kda#x(zP?H?{K7+f`!IJr-S|7-TkXWKkeuC
zmuve&QPeuN&Nq8yclYWw-=I&F4!_)ZTYqsU(f;zLZ|=;#>CACx?)xZxyk5A!KD&w*
zKexr92p@VF?9k#I7uBSyZOIt`3#L_eiZeCKFdOAj>E!urG2F6)SaE#u#nOG1nM9MD
zj&?H(d6Zr})$3tuj#=Qk*zJ11X;(oqWVeN3YXy`j25v`viq9p1m+J`tQ?dOh>w@Mr
z8S?^4>g9^S6~e1$rQFVIW98hpIqX86VmgfolRQcX^;Ji;_j^T(`E+}Hosb*|%`jyZ
z3?E!X^ZcrJLs+CAKYV=ucSh+Ci^ar=*CbFNt4BNq8;+R_YX(xW3r8&?<|W~WhF#b`
zE&20&ybi82e&TMlaXFv6e)SJZ372cbcE!<IuZ*Pybm#Y)X#_-O>J~xeFGN&;+_SXN
zDoCCed3b<x<+?&QtdR$|k9{FSR1f>+mJ~bE_@Z10h)_oF#?opSh4sV&>gw5NEs8o=
zh@!?-*kHrH>kjuO!T@ck+)wUz3x7SypeJ5y4eLfSMNPLm9%f~YHt8NrJ9@2=>ZOk(
zoaQMsGe8g0!D+Ta@2DQ<GXNM8i@j^4Sd|Opaa>!4aY*K-b^Hw#IW@|4VnF(BBML#B
z^nrJR>Kf9!`7E!EPZ=<YlLGJ=O2>oiWlyXhG_;qz%RhqvC(;WkL+JpqN%<>MOl_M7
z_!`Uux_}MJ*@V1LolLxWiQ(6(WiH55l^dqk4B?>X+_)z=U;hkLc}@48nFM{74)`y?
zKDmQ;>;|@70TkY+X3x`6rPt7pfwery*?mqalBk$uCX+tIwt6NT&50n|D%CK|2Qh?%
z`P^}2%KNg2PSSCzAW1czqxXWINPg<r)7)|H=Z)eV#_pdhLE6Fl-Z)Bn+NE9fDpJ!$
z4t9y{Z8bYa%T%Kc7ALNQZmb}Rtx_A?5m3_wVAM7k%*Has7NJoRFFA=P5JrPh{az|Z
z#%xytDHeq8r1=o+8|wzW4#beV0b|?!a;hn?O(um{tJArerU0o|7*pnXyyNEr{bAad
zAmS+{;*jW~Eb{i#*&?yJn-?Xkt#W)Uev&q_o9iZVKVYSWmV}&k!&GBX4B2MKxU)d*
z(M^#=K7sA<5?`B)H!`89UW_84Nio8L292!Ol<}Ifoqd6ozmh?R;E#y2_(Fhm?NBbX
zC|}x?3xO$FGmI-EtqH@yhFj%|1a7k8or8=_yy8VT_Q2+eu<=%KNQ~f66@b)^O^6By
zGmMf%;;QWA%W{0OLm3$xZ}FWLSUA})9{iQNVKb~Z)j#Z-jH)p5pk-KK)(X{Si==4w
z4ogwJMUHyDjJN@Q(#PR0NTO&W9#EKcBS~Z=T`qadPbr7wEe7nN#~M{o8@q;ZDovrl
zF>g^)=8qNo{YE<1w?m!l+dH@6_3!3K>*MqRsZ%#;T1{}Azl^e3QLCC`f=vZD0Dv{f
zEI_rFK!`5GsW|y*1v9i_0!0CawRvH9>s1~U04)<9l?A6ae?E3xk=wT9T0va_(;meK
ziGOfbJ%hu{_6pacn|$<d_;{9Qn0BNpDu$+p>n;<k8^;sRaWf_q@yFwulY*q2-6R}+
z-oK~0o3m<Gp6w+cx&;K^Bp@U155lm9P=U#5QO?j*QDPp{YCT_aoFhV8!!*K9Oa}Sh
z@!p8GmxuwC<Q*>!d}ZP<`3!{~vEsYt5S6f8QK$waSVu>jx#MSQYR}g-*o)GKp&Vz%
zu7~kL6t!y{A_z?^p_7m?r}so}Ur1yYL4=zf2Ae@vIWgdg!HLC{mBWf(EWPF1D0~l&
zlRdoINenHJ*@V(>S!Oc4{DTy93Dsfmd2Os|eWENi!9{$sGEkbWln95i*Bl)^+7RBi
zpaiT7pT+EyBT-Z?gEbx{t2LRY(Gq179ZM1Lg+hzcCwLeMzawQOL}ij*QJ1D_pdp3~
zn;2t9fcDqv@vJ<8yw<KB?NHsZql7jVyt+`6Rhq*Gm{*gXL~gbee3tHzhmo;M;0=M!
zPvvT&lK(=LqZBWdN1<~ba92$6csoj(WH_6o;6YC*nrQEbsx#u14Q8pl86(GgaF#!3
zKh=d}zTM7-WdUFQ#kuc~3{p~pkU+^tmlDSZ6S(DCqwXB%_0(uEf`?Al-JEmUDk&Vf
zDk-N2-;w<;SAF40Sw3s@0v-Zai$~)^Y%SJw%zkaNj!-)zV&cKOfHu|5q*2pPdgG_L
zyC6Kf68wa`Q!>a%%wQHcWCv+zRoi&^VJB<YXBLaav~0{GJk(hned^_uCnI#?>|ysa
z78_`7#Rf~ddHjt+*EgJRU=LHv1@LyAoufE$Zi}f;V-_jI*pk65c%>j^+Tz4aR_bNy
zmBEQ}_k4Q;Du`j`+d3OROG3<boTr-!HbE-NE1IC5ms?-SNN_yMDw|@u)8T<_V_$PN
z1?bT%b+t8fkQlOdzhgSAXb>Rig{pt1`93>_HT*=qZz_~pB@@XY;xh@sgpzcOB3Qt~
z>nU*5`)RaO%_Hkoop`_A(BseBwHgW?el<qHBJ4(Z^;);H(4tv_ha*FEm<=x4@loQ~
z$9!p0lEAD|d<nXP;|dv5bk6*O7;L9vuuZbbgrY)SPXk>bERJ-^8%Nbx!D+TPzvjXA
z*U(n5KJ5N&GO{EX87+P@e^>)KCm=b4{n5_CiGo(Y>4VVPR3e`0qK(2B^sqE@%~MBZ
zjlj626HB*q6c;~fwLxR@TJ<wC%b)n9F(DPlMrHTnmo}>1muTa?-JsfZn;Wu?v}8oL
zd_VhELj@&s7ML7Dwjp6652+}OqA#MI`ih9u;^(L=l32(^p?Wh#JOIUK_<GE0fp2H3
zX?VL)Lhfkl8^%N}Y+-NMt_p4FI#+BQq56sTATm{8XBfzzz!Wr^I#!!0mPa@ZYvhg)
z@yuXQk#lDYbFk?e59An7S?A+t8Uu&(f{Q^0*kYoHc0Z88kxfE9|E){OKuCw<`yj^6
z<VZ8Qo=JpQSVl7$U_1-l0;|$;@T$uI{vX#dHu>SyZw0T?DNy;dF**7R1`Rq!qZbsX
zRtgvZW?-=yAslUSC>rL&@z&a0-{GwC<HB8S=Z(?G58KsCq_gMJt!Z_x`J_76IHgYC
z{;iitC>q`4=ji~}ag?r?uaX>b<4roWUUm_o#`W1@4e2HUGNQJ#-)pw2HaV(NISTjE
zDBYMPNUda%ShaCuh8}gSDK$BB_9C$ApmN`lb;>ICdV=pGl#VDBjHA`t4T2nCrnd<O
zD7%Ij`Yb@ja4lO^uHkP*q+c&$#?ZvvVSgo63K8w#E!cCLX~g)Y*(jiBi?BvJiZ&6u
zpqS?<2;@+@q4AMvjygb8pri5(og=(J6~>crtE-E)D*GRmds`ZxU9|C>l}kRp6T+rI
zp%=xs{LtQz;bMhgT@*D{H{VRTZRq_i%@jUxwCd|m_7cK5&1pHE>h=m=+U);`6uJ=$
zWDML%Y^Xma#b8z=Tja_dAER47v;%Fbv3lHQt)^wySoDFhGCO8B4S!Y#MT!t;F^KKp
zWP5}2|DU}l0dJ~GH-#=XrK}Z{0p6u-DI{qVXn~e?C`)NEEv1x2YN<(^Hlb-!nxu3C
z3M#8so&pMtfC$PC3L>JcvdSh1SU&_&6yza~ab-Y|Ir}~L=9ZRmp7Z%WGoM56xo7$B
zIsf_3zn>%;kBh)`b1R0Dkg$L;h8LogkK#{o&Nns@&}4+vxtIcI)#VaKNl8#eTagp7
zjZ}<7*NpopDiDBFN5GWe8YMYjaX3*kh}4w|qP;|S6ao2Fa=8;-OVM_(umsY~Mq0GH
zXo?uOy$GeXB$$C4lJt^zhM4P!&m=kMKwwI+TnCl;4JG~x(uuns=|p?~D-Weyf!U2O
zg%KG6>gL2<fk;ld-$_*Y1IZ6cE8Z}{fOAxrh4u2HxlFcdAkNgmr@IyS^oBA;VneCN
z#J|83sWsI32k8^Ug>4vP?5=|`b}KN(|7SblKglJ_Ss=nCHw>Xj9}Svm4`8~i7IUub
zEM~<#{mCM!%}`J?LiUD-vyi<f_Uoe|)~geJoKVStbh^b<SU4e=HBYT{TRqaU(Sek@
zmF#_TWO}TKEu^+aR0aCI688(fOSOhGGa9r~6o4Nja@4Gi)FmA`0~it{7v{x;C&1Ha
z1az6wnH?^tl}xH3fm&@LZ&hGJhZba3ELNDM#0oJQXWxZXugqh0B2AqG5Hl~BJmkHL
zygtcI*(iY(a^NMZ0%Ac&QS``g3RsJL<fZ0>&JD=2Pht}oY^-}Uzer(GT!NS_NIM{e
zb+*u|2|XqmKAD1=Ss(12n*pbwCcb2OP!hLWykY`seiR-QyEE6}g}xF5$#8pY=SKPx
zT!A@SA$ux!t046CfH`aIC@5A;lLBBBvM^4$!Dhe?OF|Z4dfnOCTw0V&raMMyDij46
z9Zt~?ozk(dJ}(*&_jZ;9PEu1zw$M57g*vW0-_F9}lG;nG?r=#R#cu3UFtGgLW7)>S
z0%i9QaA+#(?zdFZFH-Bep^pZ_SdN=iY^;+sc6(gKB-Je1_jsNa8!FE!@l50LKVzI_
z`Now;kjq>+!i&{{d^f47^+9boSG-g%n=-8$Mm&&6AG=3Z5uz7PzGG$x!QE)nps*ee
z6pPh{Qy#fRFa=$yz}8-r>)F;J359)UE&|I~H1L>k&61wknd#v|AK(NIzz!_Tvgj<A
zczsH@bS}<GM&jC)UHJJ^&NMPHCnYT<lOAvMnLD?Ty$6YnI98Jh5dGn-Q=fc(KS?Zm
z+>|oZ^4Ms;2cKBQx~kK&jhLWBM;(rUkc3)@gp(V6iOEd1ZS^us67mKqg&w--WUv=n
zCG@N_qG&p6H*>t98~9h~hIXdL9MMg{=&1)4<oTYklnu@B#OTHGPX-bjgZfdjIJ3$c
z=G#Mb<TOgD8wu4zi8r8+otMj$NidMXCJ|Qw8^!GlO|p1bac8+_GYZjxK2x9@;c@8O
zi64-b%EIM1XKH?etxUZSvojIMFgOZZjpRJTm(z;T<RmdI@ngYhkMNz%*kgx8|MJ#r
z&{)D*lA{NwcZO5}`jJB}2J@>?BuA9gn~J-?m}_1DRqc@Opq2(LZy8VI_N1HoLdrVe
zLigmG7WI$fB}8kgJ3?LHg5x=@1=ty#U8yd`T{=r(8kCUMVHPY90|bvj@EAE9l>>n%
zfe~O1jm&zU`9OG^3s_!{l^HQ51A~bW;)O~fOJ~dme}sd^;ac!yKu-Xma4oJ#e_2uJ
z4Fc2W9d6|@z%Foq9%HyLiTe=QCh!5@!htWr3Q?<vUF<0aiC27Uxk95@SXZJ2wV6wr
z5U0j@!Z5!`U8In^wumZ>djr%N&KqY*Cfi-F*V7HpC0v)Y8Yog4YO8RH1w_xFw<C;)
z!nY+T9~TqNgs@|M9&Q0uQWhBG;r8M<7g0G%NP#pqo@__u112XuV_0fBJ735nuf!y-
z8+>rD2geO^F`SgihT~BnNIqRhxt4~GGz1c(3>0HMu+#|#)*cd{V*rp^17{4p&-3D=
zN?`?{oiS5P6NIlIMy=U3VbqtEIxDe2V2%vRXn^8j6;8e{zFSc_9-?c3Cr;=V4mcQY
z_aL8nzzYFnC^p-Xqs|1c3+`<k#xI@&6nmVsDyaa3nF!=jMZ5)hXKEC8igXI(EKtG%
zmOK+VXNqSaJFa0v#AEy5eVoWHVen|i*NMpQdOY-3w<6bS2Nu>!Pz1Y3;W2PUl2~au
zbVO0&!b!4uIH??`rW8dYT)|`qWqeR_-I5s0Md#+uB5K4i19b2@3yHOtPr`sf?ZneH
zid7IQ3=l)AB6A)Z&_$Rkv^(e`!Oe~x+lfWP25-mhA-{kT3&Uhwn*0GV08&7$zlB;g
z@|cjIVW*CfUUx|(Qr<;c?9NCjhol(>Ei~Q|x^522d=dQwQap1LB<DBa^rBdkB6F?{
z?FcbOOJpqUZdMP!OHa&9mY!rvKtph$(NqdD;^2{5zt~lRXAs?n3&rdRf$A(IH%_7Z
zrXUpn-)13R$Rf>8ry1HuVF6F3&p>?HM0gni@%6X+bj4C<!|6dzNm!v<<SNCKo2Ir#
zMlCR>cnzcVQ6%btJ{v^0Npq>o4inzHndR4aT=<Ma63{xq4^s1)j3`Tv+yJ<f7|bUi
znfZDeOa+KxvTGtVrs1o6@af18R?hmOW>XqULf9UZ&yfnqct`4KEJ<&@L9!TnLwLeK
zL|qwgX(BooF``7w?M3bYMdvaJm#4IuWw9fd^fA^^&V>@ao?4b}1OQ!PmgHAbW&!|r
zKEi4x({0rugC}ve6UDWGfLJAF=8Q_rNX!@_8Y1hMbHJ!`>9|O;vx!(4<+XSm^Z;Vl
zLgc!NndX#U<)s#bI>?)T7MSjXC?3dRC(x96q(X_c*a~$sd>y?U8WbBu4&O-hH$3>z
zMQi2YY%ZhHbygNu_TbD=;LmKzpGBydR}3cD(4ifL&pgg2nI~pJS+DUv-Nv(i$&^48
zh1tL!WN}O*GBX}zX=rXug2zTF9vgk}nCk2l5jn{x?+Kia0>Cu0qzw=QaCmv1a%Qap
zAo}OBL~oKpiLRjGb220;C2i1y;w#ePC<6%4R}LO1;<-B+!*7;&eE>dBjqmdkwJVUA
zT1#nyqWhUCuya;E;PtKO87vBPSaX<j@m3I3^KiLv3S2aKlG~6FZKx}wt$Z1=pO@R}
zaq^3p2fgHA3@=QGtkj@@Ymn<I0hFc~23FGKsK``qbryj6!Qn&T%QRAEBO*>scMz*0
z`v}qh^a1c;aAw+rqJ!)U9WHa8!)~b`sf*3Ig-|(98ZbXvY4N{^*rs8LgG?y{e&e^$
zJGJZo7*sPKRFzz;nJ>0|&<{u*_Q3m+0`HdK8staKj6iUX9Fo_J&4(&H9)EdyZN|yh
zp_eDe|3W#0xsWsG61$|Bpr+4BgSabnKcfY*<sLguJx0l@Xtb0}HZc;=sV0v+mC5s3
zX~IOfnZPo59aa_-O&K1x*^r*u?n2@e<htNZ0fYnMSq7Jb+z6mFuIT9k+S$l`gNg_b
z-^;NbmPyDYo-i1af_q~4!LiSEktWHgM6pNiHlX85OZkzZ)lOvbIVGiRZxrN8LS1;O
zhiQ}2KpNsb6j3K)$WGm!(o?sm&#9Z3o>C{{$aW2MWX|a>ci?fOYtoRDGqblvaM7^j
zoDw6J(6s>2kFLNAV}u8CBsLSq^U~04(vW7D1pF{-3wd?1)&0n**PO#$h(t&aI?NOz
zX#f%<c8(9Fp=DBMakWH%E)g%ZEdoq^Nx2TbCSss(IF~e0C>X?~G_px?XvVM0jGQp(
ziW=)ON#ZLSk0I7n07|WaxwKJ=Ho6;8Em5qwA8ABT@~5y!7SSv2L|1DV<YsRf5Qrei
z1oQ|Waye2yLpd(Xc!zk?lUSm#+eNjD96qFArFr9(YjYsihgc?rSw4q!9mr+M!Jg&T
z63H6VLdp47-?+#$=7oM|%(Vd_V~J~`+#yOdEMjjHcIgcZL#NDISuwh-MS$6Nz!96`
zluFsm3x!!I(ngw0zDFoWc?=1Xth0S^{)2&3l{f;+D_GQ3(iqS%L8g1;8$im1Tp*z9
zz<{(Q2r?H%KwXwaz7ArSH4j}X&n^mq>JoJ@R!qgl#tW5j;|N(#0tPq^GQVBT&}<i%
zJxR!dF*0?$%?5o~P?lQQ2kH%!pvtfS3d2zIVGv-;c&;T*ECJtC3F_crwkwgV3@!pK
z@?1FSJsJT#TcNB23Rs1SHk8L0S-guI)Pj>=StS$>#Cl;>?fHDqP|?IStAw2cLE(Ot
zz}%5qVp+B#R8;IvgGMB!xk80nd101PX?BC=fsP0f6e*|R2RrGv;H7C$KP-&Yf)7Sy
z2ZMjWdvwHl#HA8ck~d1LuK@!wt4=J+7695YJcX!-mKtta)J2w9u?oJj0AgQ=l9#K4
z8PKp90;Up<qvywg#gp*(vGQ`b2N<5iKEMO+Lb5WTbP}$Kw+0%i3hvE(dl_BfETv`7
z<_qO5e87Y=!DdYQNm`#z0(IGHBPyVTYLg%&xF!aj6Pc@|5;J=Alz8b=8umM@5=LOr
zxeCLq*GoT%vFUjA#V@SFrb%{}lMD6*Us&u;c=Zvg;-!BA7{#V^C934K1wx=vn&$|v
zkl+PthQ3?u9J;CaEQJqd;A)^N^e^hdXK)TP<uE9JJ()=kK#K1^TM=$3QV;DdSkD)L
zVuHI00LZsJoM0Z)r8`rCUcT#`t+@K2OP`OVa8^p-L=nhvGz{n@*=o_Zs5OpOuEbH?
z)?)lTiSz*qvS|x8R{c9qkt|o;hh$fgeZ!!jV`-&}EI(D@nTpVx*6-n4U*}uY-M1*x
zw`iPiQ5WAL`38l%5|(#$c;b9(!_s(#;sV9W1&Wp970M>Z`$7SV&Fl;U5BL}ZQ|9Go
zOg24`V7WY`5q#fCGTqobgxN3RxSE^+guxN1i6&Em+5}^S@zs^F>Qu1bQUO^p#s~&u
zY;@mP@W+6ROu-lx)f;p~n)K_a)8Td`8zj29shs(ZLSv0lt<xd45$;XM0eXrc|ET)&
z_y6Ko2*e?4iO!%mK&z<^t$1XfD;GZLbKUNL#~4xI7t^a3{MXPs+Q9z{e+Gl0m&y<o
zV=#hWj3HVTWr*%&=&cf>{vCtY_wzzaw;-r&cDK!3RCm4l-v2>==)|oAB9_bHDv1?3
z;Uy8`0C6|x78aC1L$8j$OhP~SGT-I&=<>})c1L-v;5IwmIv}mu^WiHG5c+gxhrPfV
zi<~0h<%yuU2yhp6rw%zq!~!~0T*j3;todRgVE1eWtza{P|9XP|dO`TmfD^5_wG(=W
zIv5;oPq_ooF1rVenu|Ly!|O5&<sa6kjt{dtZ2)=?gFX+O^Z1@4IF{2&`z*D)?N9=*
z{4Je8z+!DU`yJ~N7c>;!PJ^QcN1=rfd&Hh9e3!&`h3hjZi7YOhVl<is`L4zaXdoMz
zUIShm+R7XS|5pbj?B%3C&xAkXuTJ`JE;3iRocaQL{%;<mKKkFQXS9s|$AHH_>HqKX
z8<LXLr>}Xes-0?ITh)yl#~L*%2n`Lnckf<8LiDQj#Yc}Wbh&bF{`}R(jSJ?@n{wg8
z&bYXFdv>opdGf8RR}bA>J^I(lp})MKzwxf;yK4t-Tzu=N{nHK}yzu?$B|m)oDd<Et
zSjSubekxU4l@>n0F;xNgmUXSkvoEo&+2DvXnuHUcqR-1V+~`+jd}(TNvbOE>hgOsv
zKKe-0XImCmuNu3tc3tU_>lM3Z4o+<GaB7R{EfvR{?|uIFZB<KJ4?H#?I#Cd`-&9YX
zHZ3r(tZ_w9NTb=os*vEhQ$m|Qwcw@VzyQA)v*xIS8>wDZHBzsvd3nv6MSpACq}*Ov
zHFx=nprFv@Yu{h6{*||aRQ^FLR;Zud>j>Ul<6r52$iHc`psKy6_MMq@Jm^HI{eu6+
zFM~tBR9{eEQSI9J<_CLEyc%-IUiF6Khe^#osj7U}^myS%{r7YTIMhTvX5Y+{n!g5y
z4w&6_x8GZVN844qgF^m$-IUPQ@#n0^QsWCJx4X9{Y{Blusv%8pH)-{ZHf(A}?+GjI
z{k65JOP+tIU-Bir>iw9xXUp7;=YIa-WWQNEsy1CY(LohF@^WVD$d{v*h1_X=zVqHy
z2bVqZ>6pj%AFvNjO8=$fI$M#xcVW}O@%wML`Xn{z<m3xYetDz)<DvOynp6$E8oDKZ
zd((Z^6>EnXEhjAFdUScV#ek#gy=!s<RqMulup##K!*Nc(q#;+kC&rGB%-NCLw0p0#
z^jSAoeRR5=>5*R#TDrSmdnk6>j<%;e6>sqCXNwApj>>!1@%oGZBg{Lpy+~_X74^p6
z;^43fYwWt%&yJ<fH|>AVySbn&xTQ8TdDrv-0U^!%tCm$<TN!vFW5qJ#(nXrbKK&#q
zp!p!-Re!$$!k(vFr9bHx=)ZH%$*DK4hcAuz(HjsH@W>dA*}tW!+HcAoZ|#8@1s%6N
z7W201qbJ82OAnn4u<dJ+{rsQ}qXV1t4}AQq7d+Z!huh~zrC0l9j<SC}e@y=BuNOQ~
zdbP{^fd03p%?p@kzr4`)`s&Mz99yqmUTj{_ad4A<r|nl>DZ6m-sgSCluU=VN9oYSw
zWz(jsRB``-{rG$T>ZJd<D3fckv*5RnQ4jr(=?VUp@&CPJqW+}+zsGM@dfJdsbz8{0
zg{CAA$^ick2LFwFs1f-8+rOrD1^@ULB&H^+RBt{Xa>pD1p8I$PkMWFf<$ETYORTCf
zqo`A<&{J=SG7Cb6wG=Rs#z<q|$iBS<4HyCX3gp@ZfLjsgAJ(U+R83M+1|?>e{q6eV
z$BNq>EI&Bqe9z6Bn`t+d<@z=6+<$IZ%J9e!Tl}PcZFboF|9ZIZ>XLOY9tk@5^_q57
zAEll>GbG3JU6;sPbGK!#&I~`ex}@{|*|tU9=Y*wv=a<phuVrV|G*z40{W}X@KNs|^
zrS<McwE=Cym+#$Gy!-f%o+<Zk-M;qg&W*cT+_@C7bHLnYS=E8LGfw<`py|@<&$UlD
z_m>{Gl5KA``Eg*2{GvYkh3yu$8yu9~`uI<OfB)g-8@~FuWz^(NyVl0#b-3oJ=zHPL
z-7jjIp1YGVXk42So3(j|+f4ZE)O=4($R`VjZM1F6809zVi`|>EPhNR%xz6vkxV+~&
zyEpgLH)}C=^W2pygO_!g)?AgbDXvEK=DO=c6Amx`WmuaVVPA~eJ~v{!Ibx%APXD(b
zT{R)T$*i@Tp3OM8+!OS5N2~qYpr=o5>u@q^!@=6H5AHsc*k@+O&h2Nvykre&b3Esb
z^c9=un>wtw)d>C@X4o%Q_&3%(cj?sm11pDD#JyYbV*HL;KXpL3+4NNA^e3k7xLZ4_
z(?2xRZ`;&<pAGvm!j!vy>srUa!Yy6rcbuO%wBLS5%OlG!rWe<?DzHpXo_Q;*x@dwu
z?BgdrjaGhh{j1|m7Nm5Yam{f06P0mJc<S*@-D=hjowMhO*=H}WnRB*#LTUBg#^2Vw
zXlk`Jaqf|iTXtD^V5?2tV$SmDqT#VwcGs)#wI66)dSL6!!Ly>jC@Y&?J?qS}XZ9Iq
zO)S2dU^$uZpV6qc_0%&z?;7>~vX|cOem89GhREpFN0yF%`U^*+Gndbe|K{O)GiM(-
z5-=sX*Mdzi46B_tBiAhC4P8Hc>>KS)4Bvh%W<*V!xyx61PJI_!)Kjn?|Dj*%@e#dS
ztD6n{NB1#@55DkL?{*I*pB%sVW{7k7#nMMI2COYQuqVuRsB+Eut?HpGXOBy~de}5v
zKR)fXcNS0Ha`wefE&UwlO>O$$nC-8PnAi1sMfvD1Pi#CN^Ks4hTUv!YvgB<0t$l0r
z{(7=Q>AWQ$_T9C3Ty4wIDIavdq%+^Wd-_b<Jv-iCJR#oCKBVv1#tWKfM2-IO`=KY=
zd^Tv$HTA+q|C=|v=G4}X+3P>9d1vtCoPG1Qb{zD~w{3T5ias2E?YrQ`-{0D>s`^dO
zWKG*fx)uQ|Hy$krdTr0U%l{Jca_-eThpNWMUdep4yvOCmugBZAj+s7v%<gu>+8pTl
z%-j8*pMUM`>P-;=FK5`EOX~65Db4z#f%+JYX1@EUm)@CY|I)m<Ti8d7Hbt}wxH;7L
zPV1#3e{THf=#fQ>MlZQ{>ByGKJ(*`;`Eb;>@rCa_b53ZzDj<5-&W#mSx9_!&tJ>PT
z^dAn_KiRtys3?wZt;VSIi_s)1h7f56lo=cb7#0;7P<C(tGl(pLI5P~;GE9%N2na}A
z;({@N8jX958r(NT#Y7N&Mlew%M1wm9cQlG<1V#C)s(W_P|GfCfJO8uKQKoCTRky0U
z>UPzw@4Nfp+~vBf#fNquE#lm|UOIPs_yTgH_ZGKvp7Z+&PG6`x)V-nBHE`gcfhPnr
z_iQQJ=GMwsZt2t4OgN$BX3Qri15+)R-R@q9Z$J5EsKPrq*W6;Jds@w+yoc{zZhxoi
zg5>-qAJ&e^H@BRgyC%PSQBYS^Nz<>Nl}(*DDs=PNl4f${q;45`eY}qqSmw-*{>{pN
z+vK|kY-?S=FpJK14*PNS(jj@A@;0lmRlb?i1FBtH7KpQ-4Zradd8NL@%JuUv8>c*X
z52@*wgrAaoufu(ow2v<_?{*ZoJmNZfaa{cq^LhTI(-yS1c`w;AFQa?Nltzy4bJafC
z@FolAD@*>kmT9>x{!*{q9zB2H?vJ&$|GeP6`=WHqjTujJJjuwGAxw{KMd7Sj11Fpa
zY+MxMol{T{A2KxR^5cH3jN9yUo~_-wE|3>|?_`~IPK0;wx*%@Gvnn@n&GHdTj?_&W
zJ-v%ptWvqCCU~Mpi0$6HO9i%qILqrt)I+|Hsl0lSxv)#Et)=bdQ|qh;ee(Sez1Q>k
zz4+@H=4C#=x(zrwrz!Ym%UyfN+_ZB}A<n$xr1$kly{c4Sci%t3Ho>;=+OGr4y{fKS
zPt2TCF?`PG!-=GKL;BX<L+ZSDty9!po3`t~l9(Y!pU?Ik?6qLby};y_V>?SdL&_@e
z)E*9L?Q&f5a8OZT(9Mr;RlI-t?2%H(O7rnvb(c<D`Eie8fa{mxHCK=HK6qg_e=VPT
zvb=516L0I43CpTJT>91K_yD^DQ|4B9J@vSKyZ)!{=dwps4V{<%;1J0@UF_BzntCd(
z!nLq}(GVr;#Z_K_tXqjwq2SNUm!AI?k!4d@fA2zZa`okJ%H2;@w=XPzJ{0I(zMy)C
zypbbtsyn{8=RCJFw;0mAaOLdh@4V=;+_JpoK6m-T59W8jlF_g;_tAP%rP>?BvOIn$
zqv`BQ@<nq`t5vnR?N)7<(r*zrzfK-&VI5sraH4PO`2z{x%5qgTWqtazCePn-d}o;a
z>a>NQ4xH0g6+SVyar^HLP3}K)-}CJ;YsUJ(xmPl8F1)#BWaYK@+Mj-+cz5>Uf}k1J
zt=GC8n_T*^$Ajew^%u=QC*79?wzf!5epT$1ol!s6yX|1<Mdb%Rj~?wUdwjNWU)q$+
zCHbemJu%{D(7c>?HYnZRAKS-jd#PuD?X85W{w-(Buw&<+W!&C)Ja)p$@fT+H{o__m
zPE*DwA<Y$52Zrre%{u<1=4_m}U46%HfWvC1cVd-IJ%-sehMaoxXzvb5-MWHL7x<5I
zDnC45S(Z0@QqouaQ2Q-&^ZQy_JQ`ygm%sRC(-y0MZC}iv|12bO?ds)xuR`YU4Xeud
z9uuA>997LsZ7BKW&WhHQZ&nTdnnn2fGLEI>oapM+_Mq+gv(0Db-imFEC<^%Va%dMk
z$oAvakH{zLJq6nbmu-*tUNL4^Wz;J1l~s%hTbD1j-ZAk|^IsS4_s5Qfgv2&p*q=Q8
zX>G!Q1=oECg->}rU`w{lBK1aHVQi00ne8=`Ec|S)Gsh@Xx8!B*`(TN{``NkjqS{ic
z_Lh>evZ*YISAu8G)AK9IGUd}pk0pl|UOCoWkTieMO`$Zdew>R{S4XcIpK-eXx?*{$
z+A6wueRf$3DEZK{Kj$Bv+mlgP|KEP1#6-`<RgSrCGh5%atiEz9Y<ijJjqP7ed(?2?
z=a$4_@xIo3lO|7=O}5{y+L*Vd**~tQv^}q3M}IzhUDC5DaW9_iEuS+v-l1TdxrkRC
zc{^`1UQsAqapaS~qKl_*z!Ut4FCTX4sytb@)!M1Icm0_arv^$rV^2PHwyhr2WMgkl
z>^Kv6v7c+<x1^^9XQANYfxE>?UV;zrKUijN*7R5CyqKOI6LP%Ph^{3)KELz&reyC=
z*Zy_MzWc14#@~4EU3_z<&x=$|X7}B8{7MXe&+UhUe*Zm~eK2waG4ilYR<?4t!;8C{
z!pXGXjusX5{`t}M{5d1Iach^9__&<*CFho>`)+2Z+x+%R;Hcr1wR7$F%$RAu2JaVl
zfAh)FArrHYgh!9$l=C9iH%utXy?5|pY1A6U%=k;5IlF2i!d&WpUfeS~jsMG}%GgDb
z(i?3z7cZF36a|$vd49Tm;rb0`=YO2KO8&+9l|G)&gBG?Hc(g_j$$#HD{;!DH-){Z-
ze%pwt-<C~3+b{6p9q0G|Z1N4LUT-u0*~BP2E9>FAR#sdVoNN8#>!SA`EX$1zJLA=5
zc75yd%*Wr{A3Pv0`@!uy-@Q<eZO>l(VQ+J?<%bgCgNJJ$+-s<taZ>PWP}P6sH(!d%
zj!Zpy&hb{t=B=EZh}O@#?!WKsUNI`25Di>Z;dSuBz?HVkcGhmLojohN(SPE|FsEI=
zg!#B<{ZV#s^5GjTy$+sd_9If8;saQ>?_H~$$jwZ;nc7_DHm737rR@7FJ)4;`^6oZC
zKg0*bXZ9#wm$K5EjB{P*mv=TP*E!zv1B=!54b=xcfAZO9DH=E3qKi*oY|s9D^R?F=
zoaUCKoV-Vb#n(4h*H~_j+SGHn;|JX~wzgS(UsW6!QXJQdz4-Y%?>%u@n<Smt_|e7H
z5^LXz3hw;bw`Af?`RlwqL}$X)+{}r*098XuQQp`-(+1r=@a4tCO*@w)$62rHvHdeF
zd|f|*C}@M<HreK?8>PIHWiuA7-M5)sH|W5cBis>tmIW2~<+(&v-dLLXxZ8%quDcw3
z-1mJ!;Qsw%K4QISOwZWjr!Kad>h_&i;*^$@fvlEW>>W{p$~jl_&L%1@t~k=1f;De9
zAMP4`zuT^E3%3^aiuTOx5-tq7F<^M+n#*B>E{!?NKJ?gsG%xb$4X$OPVrj%$m%6}Q
z^L=Lu@@p-k!ap<H7+uMAsouePZ&v=P0=}}1bw0M`5jXw&a~G<`&rV~Z4lyO?ce`b8
z+BV{J#-JTXxP{-18@f9>v1Yi%n7TdFHk@#(a(zDK&bhn8W~_d?pR&*OjgOWsO|3R7
z_x>`EJ!#4_@L|$Z6&&i{^K7sF9}WAsq}MhZ_<<AbALh5iXVT1n>I3Wl_|@U}f0|IH
z7E0g97T{~X|DBwjoJ`k$-QIrxcgB_Cg3wE~TWp#=J>70r4u;7Ux&%sMngo2^JGl);
zasPDv-(G+3dg=QwQHdSjU>WcoALi!P;rs7o^8ULzyMXuK?G4tU!|VU~``=;zrx7xa
z_|25@+WkLQ7vuF`C-=Aef1PqU+GF-O>TBG=0UnPbWCZlBFakvYiQqv+2y2u`(3G#}
z^ok}ub)rE7y~Y9QWuy*5L&N7KBTbIQuxUz5oI%ly=pDzgcf>Fo8aNR5ge8-l6feCn
zi1))uVdw`4)fqrA48)+5H6ezTps=r)@K8zwI(TExXJJ_wijwhYJ{}b*XYyGisZav^
zg<fz>g6BLECp>vF@c+=EEDX$pIE2Vx5?;<MN^TO95vO9noG1c{Bb3ykS|*=OuvifA
zL6dT@lEH>4RHS|im=`+W>j{t%QWVGIaZLm;KqTX3nM5Qhl?Y|8Dpo%U?u|2`8#Dv=
zz!}IrS|`;ox5r>P62MP@r%#|mEfPS>l#{5ZwYubBx|We4ku)N+6EY`Y1E&cI856=k
zppMY*8J^}y7!ziMH<}|jKtBDDuqmD!*jbeB{DefvTnTFhPrb0Lc}^@miLL~Aa=_!s
z25NxX7`MKIGfPvBSV}4-)H9%8-+%fQ{a?L09RCIWqy0kt-$)s+8~=xy`u{m`-|qi)
z%7rkQsiU8eZCwjWg=kmRN=cGhieObJvP<}>z`-JA=#(dQ^b3Lg;2e&lQXytjYz5Tu
zJq?mFeSlT27D4a4L=wLF91LRUKm;fHa9f%%6%>&qB&2KzGGj;ao{EGbND@h^v}Cvv
zTnQc7wdYtdgpvhOb=8D45ka!x5fT+18p99viGXE?0?8DNs8~!YAi%5?@{J3n;M*26
z3s6f<<~j<M7ZxbhKu4PSkvId^5lmKKwA9dJr;$JsnuFwW%nV@xON5CC;10GJOy)au
zC|!9wco+_hDGXnR9i5F3lbG3Ps(dj#^a(Q1^wl^Mws*QjghOXOC3LcctUIucroyx^
zFAG*oAxxLSvy5=+g?~eZid3}{4+I}?N^uJAnN0l{MW`hll{%e}$T&hVN2v0m>mUcM
zAWuzpfG6&WWQ3Kk@&85%rYboip$apLpkSx;n;KWkpt6kd1Y-Y<P^rNTjdQ~M$H6m%
z2tjNtLIY!fiVD;aW=(fI7R(wHNITF8j5l%GqCmZnJpx;%18W3`3nWPj@C8g}3L31G
z3edtqA}l5{U8diCK%i0g$w;|Sp#(BPfqX)iszu1wMvxRvkrG)zn#T~vAs!WU<Q_fc
zKm%xc2=&X;2r()Y&OTxa$<u6{LMTUQZwTN9HmO)DgwT;j2y;q(xs(7SssEGrzr*n#
zy&!L9jCtMo&vkV-8UNi}-;V#CaUuI3^)<BrDMo7u?4})I(R=l((UCIK6Tu)0fyLEA
zAS^*_V5AG>1V?OOrK5SoFo*)XHwq(-1Jr49qagUXU=);W93Yis7=@%s(u_hVP6gvY
zIjpJDC{#0G7zCmd{U%`uS;sJt!Xq&XGp-F72253*YMg2sfg0!~-#>=wAcTNvXrjn8
zj38eUCL@g71){!~CZv#Tj02UXVW3@117W*Rfkq#AAmpEZOa61O4#$6u-Sh^^c-{E#
z&NW{Db8{Q^cKq*@%LbX=$UxSd`UAa>VdKKb@_<#30W+G1+cLo|3tISCaG0;by-#qM
z!F`0lFn(ObIPE>KV^tXD3lb!Y#h7mZe{^634|fRX;to;p^s+;+EfdIRf%Ks<R5T0I
z{Nmx@C*Mz#DN4$A@W&`KAKXgQFdMxaIv)H?1Y)J|R3m~pb&!H?L?1d1QkfV+f+{gV
zC=XYF97z~PbBTChW}_tH6cV=^3#?0s!Iwgk2p38P8K+eq(2UfYcJPycw#RTWTw1Y1
z2CRn}ZN=I$eUVDELb&ZHIM?!RnV_~TP!9;93l)ZyXJKYk!PGKGkVGmaDNY(|h8>=b
za~y>nNbRMyT0Qj4R83KOhN~?T^al%_<s)BFrY#e6BT6QQeHAf|<p@!DNy<QVpi705
zyBHO(3!;JQF$^?<hpDcVVWC%&CZ9<uv`GwPIOu9)fPX(y#N*l-MN8>+H^9j^6`?(X
zp2TF~Kn%j^1;1Y<uH!ry>Sd&@AQb3`6oOV0`j2Ce+k?i|wiU)18x$TE<6)*Ds(IzJ
z)9Eu^hvPr>ZTLpYc&+`<<r<IwT$i`!KRe~J!Ksdh)_;e~05<R=lqS?fNZ??w*4PIy
zHd!H&<8~9r^X%Y4kTzyK51t^`#S4t$1w8tMxh_d?Sj4!|e0~DQ-Y_i~``|*4ozhX0
z0?a6m6tIP(9Y+1&;W`{>Op}h9pt7hGIS_AI8%51!+9=xS)J9WNpEep8r`o8{(FQ`(
zgfjTgS(i05+)qCNcytsJ_)0n2W{uC$Ci68)28z%n0*xXT%19YOQ_?9hh^L)EtE$a}
zflP^n0tDzqQ?;cPqGFA;#2_Ms2kKux2?gPej;fB9;r<kH6~qMe*K$~C;EOTZ+1~@y
zTabeZXd)vI9ODxr@CVE?SyYvB=!phS&b~=fVKR&jw$0L23n|Hj11p(CKZmThwtlBx
zuN?nV<nlLB#_RllxWk5-od0)u>;Ka!m!l)DS-=KAJ6ghqah{&K1#B-bv?{Mu%jHr6
z(p0EbBxDN{BW4tlL@b05iiolRGLq0pu!!IaO2c%L@T^yE=Tb|m9c}UchwsgG#?|5b
zuUn%2+hx4Y{&RCNKK}>)f4l$JDVKu-1}s0l{RnVJ6TAHzTM{reBt|n1*FwbFX|mdB
zVPbW_vN}Q(D2E9-qxBeEWQ3GrVn`%e)S@%oIiyKSXx=N41g3<0fKY-^mYI%r9Z8LB
zYHyIxFm3BxOMu!KMfRJf!g&zWSj)J}ObBE_iX#}oL$!c#i5O0$%*p}3l!nRKAc}<n
zGX{M4t2hY>+U7#Z>2kE+lj)F1g9*Jes0f&hTKuMojhQZNoDso*DQGu@M6?K>$U#|w
za$wxlD^4a!r-;IMx<Z&LHZEi1Q(2T#3LLBrsy0CuuTe`=k93e97J#aTa;4+bd2qi8
z?wO(8NOTXzY;8`Q^7~;jsOE-^t@pHOxsmJ`9FB~`Vc0R)IOWX(zoyY&lUng`=#heH
zQYeJ!ptW`CP@$CKFW352DkCkBjwY(mikQ|JCp3VilpKu?bp5Cv0@X~Wt4Tiz|MZLf
zZ(bda|GItAzg@;_#(%Dht1146%Ul1yPPx$j-#CpYhe!fJvuPqHjcWzka29I!1}P>W
zEsihkF@jhq>`k`CnP{tzjl(TC@IUoPvDh@TvjQSYD<S^6i`!r=T{NkJ==g9c4G4@O
z)pn41Q-<tH9KD(<5^cppbWI3St#ePI_S=+f1SL$_oHYLiT8;za^thmqp9v5RsaJJw
z4QLHihlH;nk|Eunv0m0J47D3c^SdBCeHg>mFe%f;Lzf4pu`2*-JJ^aWoMKs1s(>)W
zR*N<vDIOy|YDd`g+6`F_>Mn@+1j)Qo5cwFQmx8?k+XcvaiH8CQ)>Z|YivWXEqQ;K^
zs4HS{kTSs(s~<Ah(}fgC8AZ^92$|Jsat*%#liG(RK|j*lzG2~hk)dN@1KSvc80-yG
ztPcWz%y?@y<z>68DJDCe(5Dl~2u=uy4D-cN%|P{|6X5<NZs^>Jyfh=jA|w3$kUw9J
ze$KH95~yYmGQ=d%%diHy*?4SlIBq|UjfaZVkRSlJhkw~P0{?_ii68{JKpGS?4S7z|
zH!!{aJxUGlVL5WOGDS*2&sZt)Xr!v3={+#PXj4*i5^_k?Of=BD5$R(?B!PC-w6p2f
zv0-aLmrEcqG6D6YPF;JPuh9!Ni#-nXgt1YO+);t2vr$9aqXj`W5(8f{xq<2is;2AT
zz+C$GRNj%W^0>2M7vXw7mo~Hm>PuP+*8jDwWdmklA_=q-{o`Nk{atq(Ns=H6X3w3o
zGvYb3cYeX%5UNrHM35pNDYJ@9Dw`r9B|9lnO;TA|m8lB_fdGjV7=c0rD6+ED(+_pd
z?YI6b`xE+Y|HeM<<2>v+(@#^^?Ze&8Jv;zVQmU$Z5>+Vz5&mgzZf<67AAe~g`&ay#
zrT-y&toQF@p8R+J^OF7N=b!z2|NBusljK6@sC`G%zW=fWZKx9k_T<E|@{^{eP4Atx
z0Nilx|EN7kXv>Lz)tiT{wf<<-<ge-|#II|~RYHCRc)Y7$ASdRNo*L7CS?cxStNJ^N
z?mgR$?j5$Hd%w9K-Rnj7cDp-AC*9-D&Woc?_u#O*+j)M}+1Wnn=vN1a2gfJ7JN`R3
z!5+WZ+u!YOA9r{6_oLC>HPu5u8R2l$>CN|kr$79cB@94$4@%w3rp1Pt1ysTUKk2~0
zZbpxRyGH<taS|jy;5YypWcXi#3fd6iH*JfAKga}$N@V7%wl2aSWIu#o*+K}vvk4Iu
zA-f|1b)GTd1cMvKqaojq))bEXrT5-n!)K=cf7r`DL?83yKXCRc#sB?T{`*Luzxm`p
zd=f?f6~F)g{=+AqK*X>A`d{gH{ck?`<p24<slV!br2hL`EdL*=;(w@W@gMR3pZw!L
z(jWMr`tmRT@-ONyJoz*J|C2xenf}24;1P$5{Lg>d-TmqxO=JIg7eD&Jf7;~_-%R~U
z|NcsrHZ=<S`zie16(21A&wu{&SAYKJKmGHc|1YTUA9w%xpZ@9a>c9QzU;pV}cmEbz
z|L5J^!#^GV>0fvM6?!ng5B~@L-qpW%zxr2b(ER=%|K$Gu=RX(bw-|u={ZD`5-}L#v
z{`^1w1i$s{{@b5b{jbdLuN17X|Nkg||E-xm{r*QgU#u_S0qsAP@KXK%<D0Pq&#T?9
z#uDCtB9Q9!_)i+7yk6$FSSb1XlRw!-#1FMEKC1se|KtDh=l}W1fBN&ke)2be{_hGU
z{=c7m^56dDlTW^c|5WAw1O8Jb|Mx}y)8%!2)z(wh=HIBc|K@*w^8ZkM{l65>{ZGKV
zzv2J>KY-_e`Ozm9&z(U#pMQK0JpU6R?4Jm8|1)DOt>@qJDtx7vFZlPL|8*D3DFnuP
zfBy5|Vmtr*um8yH7Eh@kM0G?4`dd8x?_cij{>%UV=l}md{wFnVwNjt_Z}8ur|Hmh4
zuhVx`P5svI|K*e2um1b`pZ^Cg%76cV|4k)Ge*XL$`vlMb4`}-fpE>9M=MNtG`rn7^
zKi~g<oR4S!%hp|-Zhh$&5u{aTb0t}Tk`xX(84hF|<g!ZSvPN5|lbs+hNeNxCiNSON
zCaqCVfj+w!{sG$pOQ5Z-Xy>c#gQuP7<f~3}+&MYfJ9v5=J?`uu{w6v(jE-OIokYJq
zd~p<Y4!+qtIy`vRIXF?Zf*)w`x8MObR)baDUVvj@5<TDFJ~_r=jI*3<oG|ZRzP1Ff
zwlGvb)cp<KB+~66%$U@!&h*jK%s4oziArfV&!Pe}ti5=WsOE-)NLa4vJEb^{;?q1E
zO$$n=x)#-+sb}LDGJitOMea}JfmdzyGttvp1E#4~@!Du@QL{_g!=cd}6@1`9tzM&Q
z8^pz<!^4xNY7D;b@9rIuAdNa&^^5)4c-7DskrcyF-I|9s)|P&;B<3~40<SKLH3DXM
z?)$JUo?E7DkmtUyvdVKy3Ddl9e8ap_f4ZE4+gFg#QDBE&1hBIM%?ZD#$uyR=-na&s
z0D5-3c2GjGYU(75Cdoy1nb19O1ed^*3(f-y%Z?Wv!z6Fwb%Sm?TFs$#gIAqzJ3Dec
z;5STS=Xt|C+uc6d*3W+77v$fKX!Rn3fGxI!uI7|bBpm?pq8N^b1zb!l?I;B3jh7(V
zIwZGB`?}vP4X34NUn}g|iY{I&1YSDYKEQ>Y#E_+vNkHddH#&S0y*Tb185*z_9UMjn
zoz5<h0j3e#2fsb}O1;$d;j6vlXn*gZ6FDScCrdArbO>1`4JF9gj-U7Z@m3TMuN3;{
z!{{`Jot7l<_bf@1$*>2?i|LhG+g_Gmf%W#;8=xJkhT6DlS#qKlaUs!R>Ew{`ULnjc
z>#(biUp#rT_iY1rmGcCO;ub*bC$a0a@l#|hp1>kj*yce^gr9op_p=tmTih0<SFQ3O
z)><$NQ2bqTEN9sAlLY-A*0d$BHP}^i+_?42I)JaSv_xNy8<Dn*C*50g=MLEZZ-3nZ
zuZN{2@c-Dj)t_EmTrb_?bHN1;l#osV49<;+D>>}~CMirDi+u{F{Ng7&lL#Ure=6WO
zZ`Gcczkvoc+%DyYX`ok&-y{4C*MTj>b-ZE0&$)HHvBOVQXB_ENO)dOZbn&}<)03}y
z@b2PLmeu8aba0CGY`GHNz{uf5sv5ZmX85`E3-F!5&F@d@o|!Eh&Y+(K;gF_#^1xYJ
zbLiieBC!f3YLP>^_#wE>pqmPL_te<Cr=Qi#Bd|z;(-ZLd$>Gs6`-Uuw^m91C!FPl1
ztn*~UX+rM@`|#LfqfE+N$wIAx>m&6KCyAm^aB>gu9-gkGVSC`t)NP?%R8P%fRW$^b
z+L-d^@OTL~%m%cF17NfMaXg7Hz>7Cug2xsVcBCiBH^hANY%3^sZ33y%N7tB0n-uMq
z)pITnet9I|0pH5>U^T~qz1IL_=NdPH-Scv*HHo%(am3n4zRW-L%cax~cS^yIFPBn#
z+9?Hlyj)75xl;<zzFbP}7^f8Mpg>!ST)B+_{VJE+@yqRm%fW7P$|2D!mxB%Fl*6qb
zf<Np5WFlRWU`>|Q_&S~pFX1-6jJIPKalgU7zY!fC;gcirgvfNXWhu7vPOlYHX6Kz=
zA*M;rJH0MU<7(BL4eXxDe5Mcl`!rSCAIu&R!yz9qI=3WOU=4$ZFY}1V(1Qh{;31QX
zadE9JU6w{JG*(w#2}KM+dw2fw$WG#$&e8GSA<Sa=m)|T45O(%E+s7SzeuU5Uw#D~<
zByXK9cFF;7x%{4D{kNjpy=DIS%U|AuAHSeqwc0&3jeE;-pq;}f2r|ru$_$ydEh5Vz
zy#HhKp8DyuAdyLJa*7s%SCkk|EFvGfhW53?LM~H+w9`-tvUtR-Y)B{>>F{3!sdP-y
zWai(cYf4c60~_=M_VF(9AJyxh<3E0cPv!c5H2?qBgY~li=Vz^-?f*Z@$J75I59ezC
zl+1Y(1)y}=)TSB#wse2h0SaVXf^8)XE5w=froI}(1{ARI2&@ad4QL?Z8R$R;KY<G5
z!)Q1_<lEl56;?EWQD^s1y@fzO>Hx*)KI$)dHNck)|3#zGh$8l=zi0R_7=Wrj5RfN}
zzF)ef1Mz^3FGt_WwBay(qc}VG1%vBk5l7U4FVF@y!bXtl*(E$f`_T;6gT_hvluTHo
z7+Vx$i6ZP!j1`KtLBU?M5sEcI(UvX*u@lvo2QGYmh|jsy4j1c{%I$DLfD@V3s2adx
zAEF8mp$_shP7A+4+x$gUZeU@Izk%zgi=3DuCsbtH7O_DvBBS16We+x{erEc|A-vN+
zwowm6jcf#l2V(s85h#M9Uw*kH<^R9c6;H6DoCLJWK_yl*tXeml#-A|Hk2aZ^--d<8
z!cFdk+jPS|Xm~^x7X4(bSjG)xm)$rRtIwV})=^8I_+2HM?vP}%Bc&2*lb%!a_T4rK
zKig9JAvlvzL?9RMp3(DX;+dvT_{PvX`JSQ01vKoO5)gcG%ThgL^m{@TtNDE*#$$8`
zGwRt2J&lRNq6=0jU6vHF6KW%%+=`~xu139D#I(1DL>=ws6qW5hKRn+1R{Y-GKYZRf
zsBsucReIDP;jdj?{d7`{qSaF+vw@Odb*X5p*QX)$)b94d@!rysBD+<^YBv}UhPP4O
zG9_Q2Np&u~_||Vh#KuvL@p0fbwzPz&!|b`44$AG%4Zx#1rjuuW7tgkL4v)VD30iwy
zWS|A=MTf`Hw^3_-?Ez{QX9I#75x|8=w{U98<rYxE^H7YfMrWb1=d96_lPxx}tijQs
zcH$Nj8N6UpQgT+)dvOcR;G@-5{JT0$(<A{)cC6@4TUvG2^w!#{iEX$A*FfC2JIWmz
zRF6ibzb!4{**+iIh=fZ^%maJ~tc6|lQAB<nYbOKkD2o3?n@P^sSG>E5p*lQ?c02o>
zla9i3WM4KSidR^^j)BMO5A!GL+h}+(EOPipoX)vgz({i_=g5wn6YFtK49+>SLg&l^
zog)i$ZaA59&B<^(+K~f!nDZsWwQQIRq0k`ts%XiwHXD}BnNh)9H!U&$w!w^CpbkDi
zC*Ca#5uAWKbIr}28*WYj&IcNS3BiL+F<_Q7m$sq#wZ&${oalz`@Mf#a)5U@Cl;3x1
z*p|iuyZ(d^8Vh*cfqUM-dVyh=dkM_|dk(Bg2pfZwF+-HAQASZ>x;L2D4-7XnI2S&F
zQR-fnSajInAqU#mQwjA$)1x*kH|i3KB^y}!qky}#`IlIP*kD;AFpAQ}@RAl<HnjM%
z*uFsFYlE;lG~4W**Npc`0E1j4U$RoxhLyM$8$HU58`R~yt`*^P1)*Lta@~dz@p|r1
z=At)|ay?`%+-{h%?*#VBQTtG)ZD|DQ4ZFR2&Q7;oxPw{JlJAC=ffrjEEw67F6!^;>
zBa6`5C9PN3&~5xA2<2~no_T-<Xzj*^c^epz-fL#@?0Bj%#f89<QDSTur<%o<n6)k&
zdeA=+z`SMB`j-u(idk^9L@J6PrI=6QcxX7*imhgb2%4P@^1xbXXsF=XApU%2jY_&O
zpY1f~qTM~-_#KvW$tch^%)^_lFELB*i8ymZ_~5idxum7Le0L)MuKZ7#F=v8`>ckCd
zEifqCvB8zn;JhI%v4U?ytB68VTlBaIL0e4AfcAftOU|D^m7mJ{Kazq!NFTHB{~q4|
z{PU9kU;AhO?~n6=_%C;(U+(p_-lKULwbvd#jM{3=?!o^*k6P`G`=4*LK945ZX)-CY
zsB<-rehKx!pk({`9(;uhww-KzJsF;z7tujh40{P%kt<3AaX>^aw>VdfTLH=3>@(o~
z-6wg`k0)pTGa|{4M9v8{?rv{(m=Ovr=qIH(4`iS?_cKtOm(xw0`{^dmOUWh9L&+u1
z0~sUyXEeP)#)xx2W5jtVW5l_iF#@K&v?M~8j3857KS_)4UPfE$w5a`3t>Q*hBd-9q
z{HgKpox|t9J=%Nv)rtE3%kR?~mfxNh=h-CJb+%uee06wqEK9sN+TV!Yym_;R%+TZv
z-)zD_^eW++L7cfX86_8aeIFuc-7-(%cRg)HUu;G7{nbZBHjY*!^#v4JjYgoEOT|s~
zF(4RJ9r{fT8_{jFgg)%1LtYNA83naTmy!TRQS_rzpNH@TeCZAGM`M$puB>dng_&`>
z!IN*`N;$fVV`<0zQg9heFWA3o*i3@`tLRa*P7fl}Ko)K38AmHrYBg$Mw38@uMhCCH
z*b-wCu-eqY-0E5MXp4v3(6Lr}abDDQhfN<oR2NeWa`_A%y_I<fY4C(PPxp>bj()p$
zu-o}oPo^|ZwF>KC2fAtp9U3tA$8T4ls?&A;W?1yjv3u236y3WUjq_yM&sG)O73Ikz
zMRA}Zu#GJbZ^OiG!_<P4YYssp%CngP7ypsN-R&qTcsfzQ0y>};2y9Zj@ZB_k(E-oV
zt^nqIM@=C~FPj*oPA$-y`e91)Ah--Yed`Y6>Hgv4?fqkS)Mth1&fM1CWP||wty1%9
z5g5#3Y;|5IJ^XY!CYy-{m$RQQqdU437y3?BUTwWBmE2ee@!sNszZF{xqkr8!OA0at
zz6?cu0;I&90EQHdRNbE1|9~TD79}a9c?1&|9X9YwjVnB5UOWV{+T~CW?wdHqB@$yy
zT9#f8CmDvXqy`W%X&L4(0{11bV$)1lhql_r;71%2%%dVi&<(Aixhu?5rQ5kBS<NWJ
z4m|>g5v0hd<N2Nr4n-SP!MgW4M6)3AH-lLHnk2c7yEMvRdz<{HC3>y4FV#glvDbaJ
z{q4^2$@b3I4TeOnAhb?^rrxv5WHNwAbUs{Fce`SkFi&jSQaM2czp&&33o#ms5?gMG
zO);L9CO0s{X)5MuC`ax>QLkF}3SGG*1i^`m!fNq@A|sfl7NA27KlJ!gxLahJOgn%s
z?1IYkle$RVcl`7z{%t^`PoaLWP?5>w1Af6bb!1SRP>5fuNB9KO<I>U%6|gx&F0Yh9
zMVKnLwzAR`?I@z&2ml%9C*cb3cAn@EpYSU##&N3Xfrq4SK`b($;ka+IQ9ppX>S+Y<
z*>9{q!n*KK{8TTg$;}x^fld2^=Mlo!G<j2;!`*U-a>*yHzzEgP9a^%dJN#(B6(LvC
zu`Tl(1%Gi0X=1S73R8o?jMRf+SJAx*vZ=al(}X^tTQuJ#k|Wf1SCFDje4(HPh8<|(
zhy1@!Zz$<<2o!=n=|WbQ0GANldU>ElkK+nZEaYLfEC*J>T;a63Xs++GD{s!h+_5g%
zM5cVuujLEW5yxx78-nZa3wmTLIvh`6Xsa;tl~xs(>@>Zy6=7i_v#;{$X#ttJmm><I
zTc<zZmYkf$;6&6Q;u|1=LCCWM>nzA07q9pF(KvwFFmuB%GtgZk<+Ar<e91sxS+S(P
z!E`65GjP1x(uL{$>S_SjgYyA*s!8e8t(p&g{rv}<8q(I^oAYTi`u!vLXLZ$^;P2J{
zS6h0+i;3$kAKKd$>o*?7y+sx<3(QiXRB|;Q4SU0a94*LF7`)sRG6BPc;bjq{^p4xw
zD)HGM7=(B?efB@?PNpe`d2B{C#m)6NSb<>1YQghSl_xl5H(Zd+ArpZ?Hx}mkoXuMl
zO7Oq{;%4VUCh`bN3bs(SbS`Oz5CZW)IE^QhA?8NMTFuBS<`ED=6P#G7sGa5)CE<Yh
zXA^0g8GOS!mj@%K9~{(8cO>w_*y&Bkdx#@0t^R^%qB!T`o)R&01CBhZ)0wyWDB5X+
z54+-eywL8dLQgG^Wq^a8yre`gG(kH!Jm@Ils(`-gJ|88c*XjX5T-wl}ic$n!JAguO
z0_+a@hK-0TQ;YB#>%_F3e^<N=%NoPHXT!F?H&jGxrFq*P)9J-&IoPk$9Sc;*;Cdp~
zoFNn$HD6cz>P}iY22$|N)(OD^5MPIY3}Jy?gyWMV@BsMZA0x3aFP=T_99511xH?Sm
zHER?%n|&R~nQm7t0ggvK8i6)gJg*qjBz}|p9s-SqMg-lq#P_y?8LiUDuzbTF%UL^E
zr0s62R(W5+B%pF=zpY!P#s<CCb2wDwHB;lw+7*+1=b1vAn^Ihq#182*xQ)Y+7!~nZ
zbfLKRtWOkrCYWXd2qe6lLq`Dxr>V~x4UcNkX&469NYUBiJPs3ye?RbAlDPDZnf1+J
z=SZCgMC_1=WIqk%18%`1ds?M~!%B&7Ar6W|ddo21zM#C97Ri|z^N@digh5;Fk{JW*
zw;~BkRY|q#%!=MqYi%BJeFBks)H7Gr$1T2{4-3OGWT#n%*2^D`P~RS@17HxV0nBF*
zveC@biga(?LX}R^g-&aL{cSiFs9iV@1n8Ze`3m<zkx|KI+Noq69xEC34ST?A{u5hv
zsu1t4F9*=~gaX?PVn_=iI9I5vW&l?c5M954^Fh6qWo_MUCzg)l@oRN;P)SoIbI`5D
zB)J@B)11f<%u-Eq1pes-1;8N2k_THF$=jvs@fW$q)YV7oi9mwfqOe2&UQXylktS&5
zJvcLcL!+5dz0&4pgE<#-sSy~iEDg?(5L&{NpUy0Pvi*3!W6G*&d<E*Jw0^E@`S(4{
zG}((34GoC}?}MVM1vnZ4NU9D1Z}RFKSZ^$Xej|x{<}S#R6@8^ptxPSl56OtvZ@a8G
z%ngtdu6#yzioLZ#K+0pPvk-gw-q=^dr@CU`3{FKWMkcmZ_TeJDRB!B_2mT^x0#RNE
zp%*T)kXra1R{%8&q_1@rpg0e2d!qYt1;%*z&OUnIdjZ@XdhSBe7K8L9CwqqnrliHA
z(w_ecT)8Yksch4%;mig0cAA5ma;o#zoOK4EzmOV(9ncmab@wy|j>ZF`zf{~6xM~hh
zwR{7eM!4S~$0(Vh%7MsX$SbLL97zQqD4DfI$Ab3>YG(EHCOV(ss47?^$wTFaK{EW&
z{2LuLXgUg9os}wi40k-xE#7)IvC;RP#R8MCx9T~_F34dRUW74}do^sW2P7UaSeGYh
zJ@=IWKHrIozQO#V4K9kNmBMF!E*03p=P;g}jV0Gi4XIrl&}j!2M-_}%e3OGj-K!c5
zH9t#G!=C2NeZi?mYinzjbCDBXY;LLs#<Q(M6`aq_rmX5GX}^AR5I6|g>#-Jn=H2cf
zb*|5i=DjysY_37$Gn64mG}$Mx*LHX;__`TcvlFxn!P3adKn6<WKlj}Wa=xERS66An
zur3;f`a4ut+sULa^;Ta=H5t(7oS*`|kpV4PP}YaJ>ZMR;oND;2m(^8?_a+K6gwE3{
zLVM~G+WILPdTH~SB*pbXPhZIH3HOXG;)~yh1WVnbKU!jE##Q4TyW@SA<5ElMFqGMs
z`fk^uYxxDcw@e-xCO~Rd?iy6T?i~e$j}+|2{xqJ;aKME;nm5g7{6ZA7xZ%}Wq38IG
z=@}o(>!Q-t(IVKPS{n?LQ58Gw($d$ZX|XQlb#nc|CTWg!-2AF#d!)mY*NsY0P~rDy
z>L^3)Pqwn|m1fbXxP7A~)#A98#tZj`@P>05RxYyuPe8E0I3ud>uIFC}yK~E`=4R&w
zET$1Y;B0xHg(H<h<-Sbg$t1q!?~|l=14gq<h;Raole%GS^gZaK%&i@ofPx}|Kd8+-
z{Q);58Gd2{ZY^6?8zDkYFmFjs9|6(y^oL5}l(|dnSFfikt_ZK5kXFZ>szrJ|Tg>Ek
zri-?tg-ThO$$s&j9sA2tRjm`G1m>1u*M^o$zCl144=%I~ZeYnjfQ2N`=aTvE!p0`=
zX2CIEAz?HP4A3BCTrHL~=3WQ|f^7;-=G+EZ$6=c*5h1V+x2lgus5uX{DzpbBq*`qM
z6Zet3+=nrbP;5vQ_mRIJ_Yq*~+waSk<P~g5yTq1Q-oMR?ef5is>L6MT8LlA5y9mwC
ze?kVP(lY8N=WOz7&c=h|>Z%3e4MC@Pg8ZHNocF+?SqxB7-{-ScJ%H~ezGt;<zZyQ*
z*i%*1DP!J^VDz4R(|cIh&0?q=SOFttr%t@of^f>haGGmxrrDPKMr=zJ!*V0I&EZ?B
zjyJ^wZ1Ry0Kt+9=V5XN0_n=v)DtqDzlSJD<*bwpUjd&_^zZPbwR4)WI_z)LkJ&ka!
zRfW)Ut7Zh>;v9FLOO?37(PIfSWj7fM3`JZZ%^gk2Z!5&wIRo&Tm}5d|xUg0wdf$Wv
zV{TiseIJe#gjlr&k@DsoU5R;{VO+Z)L+A2tH*c@R&sp}+<>Q)xmKWgd1k+#Q=K?5v
z*0a>JqQ6Cu&anQ(48DTkNz2Fxy#hOjWyu;sTJU{Nj=-#;am(%hFwG0qn3@n^l@dks
z28OtZq91WbrZ_(`dwlj{|KzB1!barmy(AoVL!Muo(Oc0UBAw_iRz2$eT&%3a3$Ncl
z{?TziTNR_g;;ZUUtQhj8TOlbQ%s;~7{aJ3LdmNeEoB+qgHY7H*LfGidQ+HxIfHG{w
zZdSi88yKM<o*J?>J9jGk3+KKKoW6`GovWlbMf-{IBrB3$k@V3pW)1LyLXAf|>i035
z^`Pdr$f8$+F5wlji7sd)=u~H$)}IuCKL~=J)W_34`&G)G@1k)(_^-N;l^oYE1E;t8
zh~T5X2p~A-dPb9c10<kd$z%ep2S#b84s)HNnq*u|`oqDXTl|Dr1ACGO1>0kt&P&E6
zU-eL7LZByQH4v32g=spEFB9Vuni;mFw^ohDu0sRlFG>*C5;g(tt?8M8(Vsz}h#^WB
zMZ2_UxD9a4;cBPp4u=NOppA0#?P0C9cqQM?+%7xi4O6jWcEpzP?$;PU^ezZ)o1Mk?
zP1VNncaC?FS9u$^KKnL~_Z$lq758W)UrL*d$_uITeUa(`hHTr&($O{Cg-)$IcvxFv
zDT7odtXBvjy&y>_FV<|p2WWw}^UXfdaO<s2!5wzmpNa506&TM-q$V4&ErQS`yYH-Q
z4F$iBlDLoNx$s9%8<4un6hLZ9dgs&hHTb0vlzz8&82w=`Y|yk+)HGieKx$vsxW@0g
z5Udk*Ab)6@;laQf0TAllN)ZfoE!)YvLJdN|grN4D$q?+h-ryezHS2L==Wk@$n{xV=
zQ`B%9=KInZ5SK`T;suTviKJl7M{8<}>9OM4G9noR6VpcPT_8mQ5H(Tld`up{9>skc
zPfp{rWVM&6gTn4V<KtYq{3v;;!<#qfaY5hQH4w}?MVrv|&H_tu#`ghI6oQ6JV$jo_
z<CDYZR?<9Mee`q(u8s3^a(aKZ{cU&u#k0<{`LgrVoukh2$@bC7jONY&4T^YldR=HE
z`q@qH9PaOTc0`jXm<*<)(V2`|GP{Wv2ciK*mY?o$au-Y`$hp<j`8Z6YuW@7>(J%1t
zz4rgvTDL~Jv<AlW+?h=D=uy;KUwlB1?TBVJdna1Ix<42!)bR01=edMb_aeDa41kg`
z@Mxt6OnIU&zL4XE9T|hOxYN5;Y0O?pwXb8{lG%vCYDU^*3mC6J^#E|)^CB6GRfj>V
z;%7aKLx3?Xc8<sKG*23ATY~Wmd)K{@bVs$fR1{Zac$UVaXjs@1GlASWdA_YgeSiIM
zAlUh)#eROGUIWk<TEor>ETa+}gB<__E~X==3w}1Q6Jd!8&8_nEhbeN;Q8u=W&O%pr
zO!h8@c`q4_;xqwQ1tYwNJzdd3djVUR%Clqyp5EBXMSeEN5{Bc(D2_J9Q|(PWNg*>L
z%rSIArpeX9mjm$pBAX-u;`@&G0ni$qd|%;6f_i<UG(wf5sv+Z2cpRni?&j!5*a3i3
zv7sggmc1chbl_kOuaoQGy@~-YO+IXukfpsi2+6RiYo*B@YH>hE(iXlzWfvN}K%!3B
z9<Mq$h|s#(sn^q0&mo?A-lD)CmX((YHZ=qnw92j3nrQSkYqfx6LGReJT8}g<&Y>rT
z!ToIRH5a_v2KOL+kB+`VgRmH8!~t7t5Wr=C1C+cwwGnWL@gJDq1NKUqwG~4y9js~&
zk5UZF7ht?0>OmQi#2pm~E)|NUvV)0QuPUQKHrKY1u3liNyVC&F0$4hwt&J!#)m{S7
zSV&w|P??r30nA=m&=7D6jw(#5wR|omo_KoIWh2w5&U&#S@6)E?^zW(yo+<6Xh(18X
z3==;XHcaq9eVv3NH?!}9p+Ttuh~vY2M{jFvtlom-KLs6aiecs4m~y4IqX@>PI=C}%
z>}6M5Z1=+DYc*$UQ;*M;n5DK9XnO}JRcuxdWURP-wNeX=1e?NgIgVrX(WNsKNNS_V
zfof1UhQ*iw%rgE~HO*R;=_;%N9ytz~m2H6NC<QpxQ~+^VbQPFUcTO_XPXo#99l#Ak
zsEzC#wms2hE2&=<9@Efg0Vn@yfTQ<B08oRWf5=<V%;aAJ5Qa@R3z+g!MFwe6<sIYC
zK%5o3^PG|kL3>{O=kpH|V|aG_=k@gm>!tj!?FaXNj{p2IK7Rb?bBzDohVai1@2x+$
z*M1nae!bCtu%Tq+QuycX>D6#Fj3?LPJ`cke?%yOX^e=`3wWkIY$NAh1>wLbn6po{e
zgkrA?H@t?^xJkUsP1UXv9fyPe#pB)2*#Dek?EU+gz5gGy*YDr=_y6Y)KmU3Ee~gc_
z|9Qm~2~ha(@Yfsz{{Fpo3y8q|*2em;7bF5+D(OhIJBihimESm2d=IQU+!*l5WRhl!
zgo^JE%f&F4N<~EZB_*7lKw3%6Uah2roGx}C4nsB=40}Vx0RnT94PaJlIQ`U4JnARC
z5oUWlPbLuaZaV72wIb-UizJ1p!Lj;x43Y9;M|r$Pl+chqTnR6z{r=wLc`@xdRZLCT
zG(0)#boTd-Pr65)C%4vb!JX$s!5_T?)ifr_Kn*qJh}j4Mij`4BF~^=DD^|7SkT()S
zLqbVoqH&scW!Uvwb%?e8C|XBzh#|(NEQQ~WzQk7>knj>d%={9oh{4Xu0pIAKeym9J
zJ?DdWq@YJyoh0LIQb^6!-Kyl_^BZNQ7vwb-s-^udB(yB+zU&pgYqpzQ6_fZPKeGbw
zE+im`;)xNx7%t{sZC!DY@uXp5S=0IqR5OVm#2N==LnWTZeS1Cmi%<Je{nNZrYx1zn
zP&5||UNz|;!>VbGdex&+`=xg=uE&!#U?b@&qeiilY7MPU!J$Co+LBi%_{^qi0I%|7
zG+36gTc9Y{MGXmpQEkLwN<mOmc{~1L0l&YLI{VO^b!<q=Qt<bXpg`?7fCM&25HRZE
zz=x;k!AHAS@LSi%!aUShg9|Q4k;!4s85%8GXmoEYFcWC#;+R=j$wWR@U2s%7;iZhz
z`80<M7QE4HMrUf7Kh0-D)_e+@f*B<I)V3v!h7Ul!!E}jcWT!2S6N>mOq=lCA#UOjJ
z-Fy~CwsEK{2L<KJK-S#ne)kPh{Xmza<T4pm?{j~fV{yIJIernynf9ECxlI`tNbcF=
zk>0de8yx@Oouby+v=Fx-jK`#!DlkLyBdZP_LULZ164Z4=eFjiq<5R^$)DSNf6Fw=r
zii^ZwqIGktV*{I8YgXOt2rho(5h+x)2k|IZXrf3S3}tdbhi7~l4@a0AWo=F9`%Bm#
zM1^X1df#`x!ZY43xpQ;z4sP;Rt=;xeUXu*MIt7Qf?{;QIm1h<r7GDc3L>$z)zrfaZ
ztS<2TC@;Qy8CJ`{<)vyCLe=1y)Nm~LXax9rV|KrGK5p%XzRN)+4~4DYTHnMG4PR2!
zdb1n&bfb68h$x}8WRoHH=Fq09!G?B^cR#0(0`7kXVNa7cm0k)JB%Nsm`WK<@&gagW
zM3n{Y&{<OGY%@`ukw0OFgJ!ha(u@fdiZO-yH5}lIkM_9}zO@@AvEn982sF~}p)sD?
zXOR6{7q|B!<8171Hwb)B=HWbG4#8!?V(aP%!aQ8vM7}sQTu5yBy_9V3okQZT#n5S0
zfU9Z0a^X0nfsPF8#3Et?I#`vl4FpGIoWQDxc^v5~U&;f35yDJ`+tbzinUW3Ek#P=d
z726qm2f__es+Xxlp;!0-lw;BXRcW=<f9>#?fI&3P6^;#nz?gQ!x%)iLigVj}?ivnI
zTrYiAz4cEimsfxlle5DM2s&~kPT)Pl+`H;BQ!ytg%Q)^OF2-CWB4!V6Q7>T%RB4zP
zK9ViX-RvtYBS3>QxE^f1D!R2`w(OuZUu6h1U@W`V7}m|w{$g(Lv68_nI-k|66UW-Z
zqs(R2XbWi`w^kmIcU!^Znh`&f8ZHIUbV4tgoj&r9Lnv>gM77)jsEH7Zj!oSBp{qk^
z-oO{)?R`D~IEV6#_0p(wBukTQ!lwxd0OINpDsZ<P-x7ER#WHYMDdG@J*hHSLdg@#Z
z$`e~Ikq=rAMle7dP?xJ#2i3KRCo1;Ma&qulhdog<#2_x198DjrZaF$#iFBaMN2wMR
z3##UcsXLV9Wh~jMP{PCpw=kMJU4;>|C+kFp!<G2aV~<o5?AYl*Px5!cVThQ(TyaKR
zU>EMXss+3b(EHa7d1uPN5ze0Q;+xU^I3QYR$#@_$*UWIH%u!Ujv1g}0c>1tQB_w($
zm(P}vW2v@vDsdt*?x|+@?Ea<>^gD_jgS<uCAVQg;H6}?Fe1zp+z`M=PI4~m5IspfP
zjp#whc2VzKVva0-DQpSKGF?0xLDidrog9!IjjnVqzFk^ZE}=o|tPB>IxiW?o*PS4*
z!p;RP&EwBzsp~i<;>wdrW0nXs8lIxEY3_Dmc@-KyO3qY8LsItCo=8&F5bg_ZFB)0@
z4OT+oN(@iotc&Uu%^~*&1=wB|<x(Y-u0F!s`Dg^W)S$r1iafqCO<e^yWQO+vz)%`B
z6P)Q-9NW~CIi>B4c=B~^4PrD{ie!RH2?`hyF}YHUmkU+aes`b{&}{mEG*RpBA8zk<
zc56=lKVJ+1p+S$)N*-MGJAU)h4<X(){>GXFFj_-aqiNdr6=6momD|_IwB*=js{sE$
zxz@=fFXPFOM0cPbEV(K+2nM6X8x(V(V+2v7Bq9X>C3E%&93_*s+fr3+fGrX#flv#{
z<wwIF<#4*l`cpMLtB^48^mKu~T&>?p*?RT9zaFKv*uucs4$XVJ0JY?H+={rCn8pjM
z)D`Zov~);9tVXwz*IW%<07352c3aj?I=DG4)(>gMR<$(zLUqRZ5Gnlp_}VtBIs%y$
z3{y)wRSQShY8J0$a7?5=+OO0t=71Y#41q;>+>Tuk<1JQ~pp=sr7U1u30|x=oRw0<j
z29XB<6UG*M?_0QEsC_{9kZQu1t@_#X?UU})&dEW;A;y}03FbP=#@X1?<dlQ78(C2y
zw4Ydq6qPPR3B@+R;NFEVwJvS1%GVX3`&WPoIwLKhTB*Ua<GtT?j%%|R8GSgvg1(j`
zmvgG7WDtN_6sl6U**k?GMc}N1*z=p=Xau+7Lq+tnH))y6VMKN~KW5Uxw*;>*YgK!o
z4TnWnk+DQyCD>*U8f)|luIp4AGiMNNe%@+uPTLIcP$JEyXu49V)PT(rL{-PSvGAES
z%iQ_^N^1eWw=meEw+Ai1&V}jT0mYEfB$+6jB?k9Zy8NXNFuzNaJGqP<QWO)wrN~5f
zbe3l}Z6Oxr=Jr@`9_cCIu3q82nA`R0eZ6wf@OK3sOY?V%Gq7sz{H$tm1r6G~`SKdp
zqF76<$~&~$;Peo=ORm@4(kK_OR<Q{^7_fvj>vLqRQupm(_a^_i5-gxC%1ENye{0P5
z-uqT;rY`I(pU&i_bNA=?U4?P;abkIwb%Kg^l1nxRmWR*>r2jJ4iTmBh)4@PdnN#!N
zR6Q{6$){M5UGwVDAT<I;>p6r%Ziov6p%v}-wXW>WDaLchs;f~h{oobfI~ZO$yu7L?
z>P=*6PC80P9ce@vNV7pSjthm{X3K#h6gyjqMw>dFPcclViYg6&p1v9{TV5^DsWU`O
z;F|+Pt_%Y2BL)+%US|k7c^|A60ndVYDpbRkSA|$x6iu94YGUP4%=!aRu`+rjo1qP<
zebf3GFK9w5-aDVvxzXjdWhR9f!NVA}U{NdsInoK!20{QZ)JWWSvsH>h4ZmcG9?WG{
z@@elpa#ablNN@qhdxB$Ooq~;^%T`qNyEsKPYsJd76yL@GRjon4Mg##?)zRnNWX2&z
zqV2qs0TEXp=tD=zsCEQuRGB*jl81~3+YFJFs-1(?p@L<)N-bWN6Sr3Awya)D#9)Mv
zcK9M;h-%QC*(6g{E|9ey#}l+L1X0J{8!sl$8S&ZS3kQ7Znvm0zYD$wavz&70lIPBc
zkzt-DDe^u{THV~{?`cY?O(}s&!~S~QxK&sGtUkhcHSpyWdu=!+!HScL(pk^|2}sfY
z7f+saj)4DEm2HcShV5s6@7dnTEfkoZ?HwGSZ0~%1uibF9SLg&u-Lj^EXMXoFM;NgO
zknP1tA8g9!-u92Dh4FUGQkmGy(~8RN^?3D>!jH!q21=IY9rPIBvt{3yr=!aesmwy^
zQYm&(6drrETACwFg&K?=0bguKs0lg^fc?Wrm^{OT8SH4ww<c;Apt%-`{_Huc&o+Xi
z5)<iC3&{e}St)oJ((ORrD_qCkS43PmF@seeo7y@U7Y&dAv$RsrkD^h-bP?&ND_b`I
zSwszJ*y@eUt0z6t^{%82zu-j?=YTbM!Xgd1b_7yy#6f+xIBylb7|+61Jk%^o!-l{v
z1qv|wGRg?Fs+7_!N91=}nFokQ!{8a|#2~sgC|*~U@8&Bjv+leNb2F!3VcaOVx5rh<
zc*-4FrYH<n7o?s!o7uT~?algD=<@YIt&?A=!-~Df;Ju`%QS+|QK`nge()!`4F@3Qm
zX{tRx3p#&kissC`NG^KgYnb2|VR>o8NuhBi3Cvs=>6F?>mm|S31(_H0oDx*gyDzH3
z;gX`WEk?te;xrk64g%N;=O{Pik}f#=eNhBw{@BewS>7)*v>00I2)KQh78X_#A_y^_
zlqkEwo%Ns05>iPnbHwrq852|p<_q2*&RKLDeh5`dPY(9jYUq_}b(xvDX*&G9S|KID
zBz^0_;fD3#+!#2%rsD-7?m`AbCH9d+2nUVOHcQ~tZDem>(Wz$ug^KTF+fpYGobRwG
zO&I_OZQT}XC$Q*|!*Wzj?$jo54ISzNjd<N^`Amq^{kg#GRP!$z{)W`zi5y~X7tjHo
ztGM6-ddso)6n0(pI_BPF?J<QIS-AnHX%$X4H9p(p5sE$%&Knh2J|DR%;BA+QU|NMb
zK|P(G_JRvpUPqXn(96BQK(G(-={}e{5!^L^H513}gT|j2vV#^UU_B2Ic(S+O;phx_
z!~u!?&g1-FDx9D;MASxkEULA8QWd$;nrPWD7&M-{BgAX|(V##ab*R_aHw197`pAse
zP(S(5#)rDgm&GlIS+9Mcnph4PMk2`u*zBMjlR>vIz+|UT2*82H10G145j7z-i&Pu^
z9lnfo<!D35jZz?*Oa{Z*Hr6((8w#qWq&CcwsFq0mLieud%-HZ57wC(nU0(qu8(*;j
z@O+c<UYw@riKG6%fetwwc1|~~7FzXfb+twq7aa(2!Fkj<Is*KwHu{06jq|{y`<JLS
zqHrT73?W5Ov>^%c4o`ov<74PZ*Fh8T3SKL@%K$P<{dC%+!CDC`5#tQ(OKQ-P=6wsC
zOjC3FG{E?y_{_b%a2k-y^tZS&1}08B12E^P+x4nVYEo;4h4c`4l^9L2X{cQ*EhmP>
zg-Byb(Ze?EEfDHZezC02;1}ueN)ex=w}#`hN3aVw-o9F)?6!@%<j&y}u&wLC_vP<X
z)d6d|UJu92f?!+15QD~oWy^zoD+f&1ZBGxjPhK2#zFU6@Jt1gr^Frw9oDNfTQkGL0
zz>RuhTb=>>)0*Kj;2r3zxkbD|l=k%V7KU0VFO3BX+EY#AQS|B;x7XIz^kvtAF!n*B
z;2l~xW0W>cv9Vq=GJudlI&oLSz~R_XqSI*53~9xgSm<pFKqLz1Aepx`&H@le1P{mo
zyAEIgKx61UwVAQKydl{}-JRT|Inx6dz(g0$QV@i6U}xkLU+Fn6dn~xSW^q5fnHC|Q
zGLUHCtUoTF5<;wHn=dL^eWD-V^h7^aCwi_=^yA7CJ*UV>u1e28fpsZ7O-v0!F@2E&
zk7pkpLWNUtc+mMS0JEq$pY=AA02oog-+V1+J*NIi!`CwsS3zPg9K&A7*+(llvAUTV
z?Ub4JiFw%q*TMuHH-y#(@3b^4`+l;pREgdlbt#})-69XW9TgJ;_l#ni@vqck6`_tq
zqfCPkoxBAe(QZYBi)z|6+PCS`MWj(9@!$aKIG&V^|2$r89H+xx$e2c>cC{Oh8q!#;
zR57S40;Tr9+WF775B7F86p^$s*4aHh#Zc?e&_2bxL5~^5zXp-Anq+Fz*nllKkAK9z
zeiQ?hrV&zzv4sv6tMghm=^)aJpg;ko;sT+BH^TVM;q^E;)X$%P_n*1(e?CA6u-Wl{
zTKC(nho$&GpFQ|F{?Etw1mgdkWBi|A{ffi?Jh<0_a9|Mrr}gloh5ykZ!6*>Uc_}oG
z6BrEQ`l$C6;eP@#b7otP22XJ?+bW&kq#)j`a7)N5t7tpE&81)90cU2Xds1|H*sy0u
zJ)lh-HX3fdoa;4zXxMsqRID4%jBI=xqxZ1wR0S9gpLY(_e4O@;bHS|<IS1hn(-N>D
z<QheXBV=<zJa}a|nPnL_NT?HNr2Ihre+2{ocx>`Wdm{LpvX1Kr!0|JfyfxJ}mjX)C
zx}4Te<U3;BCaSRHr*>Z1ti)&IrV~WcvZqj0Q`+C?J)6-^)xl<}qSREhrG0qAZA~w#
zqcLq(8Fukph0|zN<J<4<lm{Q<B0Fy^)=~EZjilOJ*BuJ<bzmJr9gof#Lz&Zv@iGlJ
zu^n(T-K=z;6yxH1gc}XaZN@rbRuAn4V3r+}XCX*~b=(j3oBzS{{P)q<ZwhwUjNLW+
zG}E5;l?{0FfX5Nnm0?O|(z(E<Cizp0VM@6z77m_K30@4|6Kse~7J`%|Ojd%?gv#&`
zv!GBf3(~s9g6>p@-KiQ0-T>Z+r@=eLSxn8OgwU=g1T<>1!Dn^hm5s1L+~S&|KP&>i
zlBQ_J2o_T4l*tp9G`j*N^#)7yo7Gmud}im<*?h`}Fh_SS&^PA{$yhoEapESX&hw0&
zk%i-n+jqQcwRf&}qddF75TAqTD7uJylk9yiac#pgiYGH7CLM^HU%$!Bhv7GFK@3dh
z)9c_Ythlj1{?Sx6&Y5+p*ihe0-G(m$xY4iD#;r2bLTxozE9BLek+;%jU)Q&chN)fe
zS2Q6!JD`6pxVUFAHxuZdYhvHFu04R|0D@hQGBfu&e7{NOx-Ru@Ygcyfwjg2!4jUNM
zR7MZfzt#8puw1#H>AQwO3OQ$Qxg=A+Ak?r)_|}^;2Q8)_DK%`DF85k?-rT%tFFXU|
z+dO|of_(}2s`S7jofi)V>Oj=kJ~&wp_(9{Z+^{<+!*WMIY6FhD<IP*QAS^G3N#rQI
z8Qn0lmE1kP`c{02Z&*xAXd|VvIWt9^G{#t(EIW21$s}kwB8Iu?Q!`_v+M~S4hH#O+
z`WI1M7_6^&ty{uo?RCM7u}LYG>vyS@l@-ipruu2rd%Vhuc3zCts+<l-!{VBvV+d^m
zH99TK;BJ+MTb>C<D0obif`-4cg~(aOFKUCv(orWD_U>a(Y!ip2opz&S-&)0RS<Bs0
zooX}V8I3L0)~puLJaq91SR>+4o%g@LDj~<4VR4QIU-@-jBo|l;%wZ?VD(kwusMk^_
zb#QppdBXfieYM?iUXnege%W$y3Ycj{m>}DRnrNN=eraq=gT#<xU~_|`sUNYXM#($e
z0Yf^&>@?3tNs-hVbgt+yp=BaX47+L!*>?U|PQHpnLus!eMb%3!ja*y687;ZHZ<3td
z(mE>Z$@%k*)5rf*-~T`=wGWd3Vov^t^#`B(`CmS3t+#%@|M?gndH-WpoDx9%x)t*k
zkotc+YCYVz|6pT1kOt;)oGT8BgQ+Zd!!tX>!_8AS81llCc#qr(PBD{DLGzk>gXlV&
zPW0hoLiFU*F{T)Jr3RW!i{&O1i+XVyfy;#Bpem9+==P#Cf!OJ~3XdE+f)E+6&?sTq
z)Ks!SHX3DbFma%25_5EB{bYnubJZE1p24eE1H}{N%b2@iS}=b|>|$I{*7&hHh|%vF
znyAOf1*oG%9inMJdlNyZmS~inp+Qy?FLZ{AO^DS=)ZiTRHsaMZe%!@@hHNi%Y?YBT
z*z}oM9TPvdEbmZX?x;!>H3?5fZAn2EksNua1(A2QQVzUBCMG4Ts#y_AOn`Na1%&1u
zN#D0iw|>=7%SPA*DC6u!`BFGD@@5|eoXSPCWf?LGgHpRm1}d@&V2Gyux&Td7i!KQH
zuz0MqT0*vgS!x;G5>BV4-3c+F_oG%LLaeISzAqsB7GgV>pclFKbX0Z*Q9qq&VvHqj
zHFaBc&0~CY)4?>WFb=2z!CPn-qIOfKMTR+1nJsw4rlNr0{dm&nR4BR0nJa^g$LTds
z$y$C+-Qbbd0mx#HeM?B-l-_jLmrZMR=wV?>>|k|E&(I5gu7}3O+VpFhLNa89)}Y^r
z(oH)psjF(EPaHtz&K>%ze&7ELVOPW7kVya%$S7KqXuIT;EZd80I;!X3W|yntn3L54
zNevh5KikID2XYxeOa_R1Mq$wV!?U3b<ji)j!yIE5*Xw2qBqXY-DKSwssl95@hPIf*
zL(Knyl|+PR7=)@q7RKww+!>P#Q2(YXv>*2hg#zWU(#~4e?Zs3hHOuHPWFVF_wF5d1
z8D#|ylvvZnKxA=$8&sxT9_s89;Z0zy|E<ZaO+8H5EYS&VtFbkaB?7z#>E>VLX86+C
zFD6R@sU<3?une-~r$l(`T46eA5lYaIYN?8tTA@8$8Fke2<FgC4<ScP1E~yuj#E+cW
zqR>>jbWM^wlc*Vf<xw)ksEML92Y0BeK|^MHjNu9K`effB*yM9ygEu+)gyINjZ5vv~
zTqE)XFe=)~_T&AIEhEWDVMC`W!5Q4m%>%3jXc#<+Y7oUkO^606BX5i7hjSqsjB?JN
zF~}t)#09Zkr?(dF#%RlD9)4_A?NA-x4H%1{b;Q_<i!O5QGUiq66VI<i=9F=_z3M_F
z*3coJa6505RQ7Tcx+}^1ehbvX0B8D*?8Rw<;YHHqEQa)8HSa{MNNwX})hJzev_w`6
ztRy46$y7H3k)Eo;30L+Zf?Z~o-AmHT;Ur7Z0d{~`r?3x=drhXDPx}=qjVw)jTSbiq
zs{PPrW5fuN-JV1PlUf6lIP92lmjbZagwkFp(1xTZ6n*j>TpE^h9g0*9am_~Kkf0u5
z)@l=sV)jXtSI@RgK-wh&A|SGE_M0=aQm|&hKjHaQ;;I~rbBsib8(*%u;$yV>o#5gF
zmYzB>=3I|^^Eej(Yr98;8wI**t=r}%#%)UM7YCCCQfj`PE2044Qaf+bXG8F?p^T}u
z1y)z5<ha49T6)}e*7Y<~(q^1$epu%GXklo$g$4y;(?S?mab$(Z7oz<(gjHZS1V)zs
z6eDvV-wzD<z8r8~Ip8v}>S3O+ia?~ESGJbQdzjTvC$^v6K`&Dxb+0&!C#UgQkOK*L
zH_>;voc<1+xqqzXYMM3l$^z{j$e}fEn2B@^hg8FyCJ7c*Kp4l<JmK%~_+koa(m<|$
zyXkk#hcl2D>JusI&hg3NbEd94N1fx7?V}U@bLVh>zq4~f{p&|B4$S-Gla8r++&Ou^
z{o=SIe#7f$FK8s#xg*q(wU9m-&0KMa4P8Y$#Clx*x+$Q*r8O`}V)X>Gmykt}9RJ=7
zi{5!ux37#M1%y5^uMH#GqM+?GEQ&pDnw%UV!3l=60@o#0emcF^T5ms?B@8=*0l;mP
z#B4!VCP_ZCt$s3yr=z0WhBL~UvUyN7QA&w3k4}2GKO@hkAZjhL!BQoQy$8i{iJpv6
z5l8J*WUU+ybaKEvT_)k(xMhye4e3e;7nNsVJHWeEN>r7w9mm5-Rk-AZX6djL@PNZ!
zQ?v^cC7efc21WvLkxiNvAy2hl3(dK_LQ=SgSbA`SJjB@VCJ+yIbHB8rL!4+ly{Zz`
zh7Of50aX{3*M?eSf><L)6rlD)?+hGrlS7G=fe1KXM(aw@Xos<N_-|<?1u)j%aY4c8
zrdwLirU-pt#X;>yZL;DXe(mSeXf3dt%Dk$L4n<+1NPBdV<T)J4ZVzn-d?1vMM`}=k
zD&d`Kt&D<aJsT{bSxPx>SJ`q6bc!TwIsC!-G<|KuWq27R+vF^36-c}WhQ^lMY?Xv+
zn$!W(LK7>8x+ur{7*vj{B|I}{4b7T=iQ&*?)R7WOk_n2eXKcvyid=29NU<T^+cBfL
zqS|QxNV%i&LI;BFDg@38vYDmy1QTl8l^>kS>YP}M_S95W$tHwddYvTW9OJr^av!y?
zwD`j`ilHXxswS67KgvfLa9R1VpIE~sd8OpKx8vlxJf<5sx*M0|Sw6oO)r_K|jdx5L
z7=&Fb>X?Ii$T+yw!qi7z;uzI}p&-JnP8UQCgN}_pD}LBr=}%wjCmqz<dQr$Y<TA?$
zMCu@kqF5%eM!3wlQZ7{>AzSRr`yvsG8IGrL;l(qM30+M&Lg)f16GOYQ>a4WkWE|Qt
zi*D4m>d<1NHs?fr^5S6UWbg1GEQvW+i%lEcgG`)}o&x*iZVd!@MHmjb8Hk7|f@R{z
z1ZW8#En!MVmZu+vj)iY|mxRu?Owl;-+sM)Dm-dV>MRjH=JBn7l^crT4aSjLIyIcko
znGhvBX4XS+4CNEXBkCVL6Js^`{_UEd-CTkzG=ph6F696fe4s+BCSB$&#P`j(4w8#(
z&LPcS;!Yp2?p=cfYNZ&Lc~!N%QVxFWM##fZ5OAGXiV%$9E$K$Fk}#)0m^oih7M%|9
zHk*JWYyr>^AQ2gOF!Z|;UcMWyt*s?athpKNYy~#u35ef|TR8~oZq~#mm7ye^pu4;~
z^6Ubr6vbq67(Bs>rY1<RD>u2pL#t#3d3`;MzJN6uV!DeJoz=*kEW_v#q#nW76_*4p
zSk|G|-eU-^z%8)`E}+W{84pj#xwO1u|2mY@n6&%UqE#|+uh308%(y9J+3HsHZkGHr
zx3Ut!)N~M{ilgl6T>&s#f$5CdNCL#qo1=M}Iwy768YT>0-(#S4GjIyt<R^fq-d8s~
z1n3oeINM7`Yh+_?W^|sM%It?NnGh$J@}kzdxfG(LdE@+38=juZQ5kvk!>Fx9fNt9!
zksiOj(v5sY?Z=0Q`<?BB>fzJ_2Wa%AqTiEgQj0dC+8|cMr8Z}f2YdT|7f$k<p}8A$
z8qjJzuc{2bhmjG-wV<j^19ObAZ+!zD(~mGrs8q<k8BemS>nf$XZ+bz>vo|uk`?{-%
zqvjl;!3VOvE1GAX;0X>cvm;KOs>EM02Cub^zPeZj=hyk!z@QN3OpPb6u@;6lrW@a2
zN-&RxNOKW;$x*EVdZShh+x+eVgU?Q;MsZO(DsdD9<}J;fK<IwVVX1&6+A@X!)5c2x
zyKUFG0k1G9@h_Ev!{?IDph}DG<y{O%Uv`3jn?xM$8E(5FTE~5WF$Q(+8e^DiV&5df
zO|}LE5?kIx@pvc<|9BHP_1o2&ZZE<GSeJF-q~g0FRqaP+w`pT*=KpOIU%3}hx`_Lf
zi;`fZi_kBAh3BPygFpBMU7+bV^h>|uTUq^%e%hDT`oxwn&$yVDo^%oYTfCO9#A80L
z#7la@ML+?pU&42Oj7PhEjz9DZG!4}+;0M3ZH@Nzp{%v2YX^EHWmwlBxuX6K>7;gQF
zewkMeRC5Qac>t<;8LHY|Ko`-!&1)BU`nP_q&JFWQedot4lQgCH#;>j%uwDtck}Qu`
zl1pzlKSZGFoou3ba5Rm#2Kw*T9Jw`$^DUlU0n>F+iuWsi^)f#<yUV^BL0gD<P=^w)
zTM}i(Y@?R5*5Zmb(?Hw|nAD4Eu3-|q3tmz`o)zDhwVyo8K3InIG(bIZW|favW~E2*
znM>lXbcj$hyONwj-PD}|-c115hS;CLAN_W(v%f2|(Wc^>*UZ#Pc|Nc~goOLe3NtAK
zZOvYLu$Gg9f$Qc(n%!$)h7-;rm3vGv6b=ZirAAw_#aTBN)$0(pM+jkXDY#-UGiR<g
z1u{YcT&x>G%=P!z*Y$b}x<@C(0XJJnS15_71`8%6p1a5@IDmDr9s%Q|;Drt{;7Wc9
z-sc3bmMS<fnP_<eI-rKz?ZoPZv=JIGN-NPTn*Oq}b)B(T3RrI@@%UZVs*16~)tkEx
z;WemMw+jR$<0`V;qhfCEHDMjCQQWntb~CjF7B*}#EfcL7wJOQ`lWZKH0jOw%X0`QF
zRax#Z$3GkT2O<usV>MUW9t1kq+!aVPXSD0NZ(u9oglhZKSXgd4J1Qi>TB;%S87BF*
zLz)jNt6-$)eW<A>xPV1|FPnj>7MMcUUCQt+Fn%%Pt!pv~FLx>QDA(Fn+Q;wkB>1R#
zXX1EcnusB4;b?=?IdmdVrfF&}iUfU<DinL}TRF?<6Y#v$T7mGXpHK5~qNqgQDi$2o
z0=KqqO@=~7*q#JvS(|k>fPSPe_R)z@iA3iyW(0~A9d`UpDij~!Y%$Vd>4!*T7&@}D
zBjEe2kLV)Y39vj83dT5iG3aqJ1~QPy30>}mL8{Zq8FMVWn}jGmOh|h@wKMv%{vrdG
ziRl*7*C@<nAcj=01M8=6sGFl`VQs-hi~%{&mUx)6Lytvz*U)+qIk%UUq+B8)R)nSB
zTACsr&Ag=F`Xz6orZ;6RHsSuUZ|OI`1bSp&!7qM+q(#5MA7Pp1Lk28Y^bxZ$%!r9K
zBW@;C5-~%Y-h-)Y`RW`<(@MHM@cgQrT=XJVyqpFqG0GF6{y8Ts+v#_oR#+~TP5$i|
zgyU@YDeVr`Dt4%(Lcsk@w=dLgBM#Mo;YoGnrqH-JFc6y%hVl)>d~t8Y<tX^ICJ}Oi
z{EEf^na{{bY#FtMulPIoOGoIl?FS!@^N1Ne<|P?NuwQCQBPsoAS~EKwtt{^p=h8+;
zqT%>Tt9WTx!08zUp%{)Z1t}#Y)=Y;@{QK(7a>YU$4Js6QGaQZJat1CGz*F4QoQ8C3
ztL>_FtG&LgRiZ9<R%QL9=4<xqZyIa#N)aY#!5wyqrP09hwuwLvT_S)S0@QrXQ_dv;
zi`PXL)xc&lJ56$>62~bFvTE{R`&p-H$gX6++W(Hi<5$Q3fC$bXAo#~8^WuLzY&~qZ
z{P^z=)<6F_{>R7o$oL<$;?2vbz1DuHV}IPg*KS3vUvIR3wejHB<=7uPu<wmkEgD}a
z`E21Z@8#$oHj)Pn#|z`Jb9mI56UPH5;YRW316%Gt%e)6?J@3INx$>S|Bp2Qj67Kzn
zV;Dp3JsrmrCAoVKk$`eUdY<Naoc}Pr80Yl_;*uqe)kg&wNa44Em!%uM-;j7KAxd@G
zgXr2);;SdCk6r_(|IOD2FP?#Loj`jKP2#ZocQ2kj=SKtah}jdJM)K<}82#3PDPl@G
z$T`cM5{Y#nd+ZcUK_So`nmy_i?pmlD<g1UyJtgzNmr<M-1-N?_!uuYljn`~mB)l)>
zeHyp3C6a|2AswB8gye+fL2!Sxh25rcueel_m*EBpOgbh7^+pl4;t{a!*HI7ezMLB~
zA#_GIQ~g$S2f7%nK7!T%j)u9~dbuga^0Wi7^>+?;J9Pse6vPgnclQsscMtaV8$zT6
z(2jBZTal`|ee|@uEh=uh1&hoUdmJvNhCuCou|*0Ewfg$Es=w0G5QP{tiib`?b9JhO
zdQTeFa9v4PTWUpBRacNaE{&oY>GEPc2L9%WmH|s)629&NRJR}R)B*b}xSEWGx^;V3
z&T$mL$7y&m{6nmbaRIlPQTVzGDCgm}y`%U6&<ycLeG{g#m{&F%SbVkVp0OHChigS<
zSHZ&{NKL|X$sb?o$^6~3=g0-x9cU(vN<Aoc=Z7YYh-U|u)?jdQ0eKD2vr*sCN&Vn&
z;R$#lhPE&y-)rhygTlx=C2${gPF@@xG<5|iyh6bCWoU?C8vv_nWsGM<Hm3fz>Ca>O
zvs2MElvX8GsU6QEh!#&33W!sK;Z<-5xKDcYSCPviK(>Ck82ej!+<U1t#o1s0%;*-@
zUagONE0%|)Tjn~v0fH^p681}cn%Aj1D1M%8e+xTA;eff~`nH>2r$u~4%37q7IV#H1
zVv>zGhNxns(e4pqw-Bq&dkwG&2H)f{I&K15wXO;4t8s7H*j}LK32iSBW<-{wx;43;
zsJ@^Txs!5=vIuf^(wl<UKgNY(Fp|DQM<fNi;ZqC|c8Wm}(a7IyLDktPK27{1hL*-X
zD|k1Kdjb>m0}l&T=@}Sc_qbWmrxuLf+M5;BW$oJXxq&e=G7!O%(LfE119Ie1qCl(&
zg-k@PP1~6&5UKKu`HCSzv=tfvTcf~p9ubP~F@%Jif_0FNAM4t|Iato%(YQ4WO75XP
ztlAuKwDjPdZNZ^Zs7-M4OucuGy!v<u*CVdJ44!QU<~$xs3?|E)H|Gh)K|x4iD)jW4
zvGzPxTRKC$Q}SVd+DpioXi9<2$asYwLuB1cwN>?vWW$SN1~Pn?B=!(spmWAfvNXog
z*d5OgwloeR9m7icY?mMffO^YeE7(h00mdO3%qyCF(m6g+yT2jShmL-8U7LJCOp9sS
z4;V&{<Dz#Ci=`ys;AB&^hB~hQSpXr1cAj$dP|fTci2|j;2UMqg=Z<5GGF)(nwutPX
zXAJkF4%$!i1Iq*r8P|>t_cUzcOw8p0^PXA*phM-+@~ibVFEm34Xa{7?F{MH{>>PEr
zPdZ&Vx_E+3XDE2Y^Mf56+vZZ0HX11}8EvsD>jR^rW?uyYn72&^Y2akV@=ykS7%PTE
z-!6%08|;~t2mlXcBM>Z^h+p1(94iO#SPjg~?wN|Y!Sd_rGov8h@~F8PaobTYss~J1
zOJpe1*BAO6)%J_D4lroir9NQ$!yMGrX9;kPp`%bj9tXiJW|NOVy=eM(qk;`}8AH?R
zoW+!D1F+QxvObXw7sE{!8D45TtKu0GFu%kteIbV(m@N%Oqm-ViSgg09nb9!j>>Y;<
zA%-%*ej9M}eB9osWU!;VqZaqr7I#Q(hmWvwkh!f>)npMOGb0T3=ljs>>A+Dk;<yBQ
zi_kBfIJ#=nG@MO_GWAd$7{GdI=N(~&;No&<YmC~#HL+Gl;loDw&|qp5RgMr0^27ph
zUm?#E^dQnDNTZ<mk&E~WpIGNlzvLG1-Nz@}J6{W9rwYE?C>0cCO|F2Y%gJ;g!*JuH
z<VxQ%2D(?n?kU)HPp^x_^dAHXJN>E2g-LuW1tV*;g@>%!;s!ihp2reNL;N<>ygAj;
zGHmbo>pDK+v(!_Y=%l^2$JNzMe?LRLEoaplVTuQD6<|xl@>N+dGNZ;iI6OG&>>uvX
z`f&#c4OL{imal=uOj#(6`~5P?oqR(__-p(1GMH5t=7Ns4y4bMKkygIyve`KlId4X^
z#?L32ItcC#H1Znhanxtz7*K}n*BY6N!UVEXZ98`N3|95^(Ad%*p8inRT=?tn5Yxb&
zE2S$UY~iIk$~+USU^&e*5;-CME5iuCh2<PKU1NVm4JOx`9zfPf(_WK0QB%Q<l)lzO
zP{V)LJ)2~2E|XqCmW42O0$lpKX&|E4BFrtY*!=j41Y;T|U3V!?X)+jPZ}hHYlBZ$*
zh3TPzLmrN3(034oTxw<ICD&F(G6m#)ApB5(hKWEm6WZyX#*@jAu8juvm5@x+*DEU)
z`;E*?c3@wZG4hx^lyoj|#<vWbfS5%zWJE_bu*{2V07y<}RR;g@E-;-Eew8}~B;%BN
zlVG>JywK`oet%-ufvI4*KYSDH=+t&}dZUiiYWn>+9Vo22)RQp_f2pr;S>6D*EKqeT
z{{D4xy@@ghSZ}~{c3~g^9}Qqx#>X1u!lgu0cYPSU&%;wuZ*d6jagalj1ya^j(?z4O
zLxbD^mE76h-#1o>_Ur;1#FTFR&FKcF=SI7Gtc4TBAb@mFgtgH$eX+XB2{>SS{bu_}
z)z-Aj=z!<6C4@7-q<@A)r6UuIwt@#M?BFyBDL!W&Fz*UFYQP>)oBF9fl%x*do#^|6
zR9k%NLEs3$+1m)z3jan~4?qBh0{IXa7%u|13qB){sDpnNE^-_fHok)aI9`k2z(Dq`
zom?19B`Ymm`^EEbyxIbsAw9JMG1fs@TNIZ;$jVTfJqR+YSzr`bViZ)#AI3Y60WEqu
zyLJ!()<@f~%;t=407;I}>q9co-A$)Mc)cN>z`k=Lu!$YacwX72u^6N`q#xzjWIC$2
zItAj(csQcC$6!{-*+0YP=6LrU(n~v+7pL?Ggr6!=k_VIJo`U=$z6P@$p>ofiE1ar3
zFYvj=D-qQ<_FLxn&DL#)xPJc_F%m#|+Y7i?Z*cI=b=M8T*Fa6s`Gj4FB`Q4G-aqba
z=wByCFFIaxl|aDu4XK2ha+g<h_jR!KE7|(jw&~KoscQA$#k0j5mh70_p}=MZJ)vbs
zW`o(@Tm?PodhWRAgKp9)K|zgS57o-fG?5mO9<A0@LdWpxp#^((_)Vt_(V0sXjL67>
zkUbj@_jbV>$~^cxzHNh#yx3RF-8pBy=x4$;*`!r)XyF8s#fJ{6>TMRM*Ryw;$7kG@
zf~*zwsyLg--O;qF4tKOFSs*z^HH4cHfnZM>RUFpj@3c~?q$vXv6L0sJI1`xv28rG<
zjb0VY;?fIR7sfAA*E<-d@yNB(h~fcg<=>oV6dqnPYT8l+E;qUZq4;!bL#~<BMq+~9
z$-Yod1I3LR@Lj*{MUvj-1;%zRKOYE31)MOL3b?S2zBD#F8~*(_Riydalgkp}bxDV5
zR-s}oFH~z;mpk~u@h!r2(fot2K@BKzVWv&0#a*f~&nR5@g$v6oqtOzZGf5+h8|-Gw
z?ZQ3*edZ$Dc;-3DN-gnZ#>VE|8Q9S5_vgs(P<la1GjoVxeVWjh-gb5&^CJSRn_4(R
zsfe$|IB*<amWfRu*Q2CQWPiZ3HR~e*V#-L^8+kwqlNG+MOHEt>dj>cocj&&q@)}0u
zlEc?Hk|%RoDkIQkTxJ$SXMhB+rJ#0s#ahWw{8cMjLXxAh&LxN-Jm!VCJY;ahZ{*WT
zTwE1fsO|RB*I;S(Z2MajXO6yZ_!`H-5Y0x^3?MOCoc0~VGk0qXBnGoNMIS*81k@+8
z-d*m;HHYNvoK>t?Wh><mD!Q<`?ExTU**QyszP67Tt&YClKK{C%1h`FY4u^_?`3$YU
z-8@)_Ag!=z$AR(OF@?wCiD10L*!m#0-Lg#(*#u)yunpY6JQ|OJNLeVbKRks`kxgJ{
zR3pE7DYwFvtGiHd=V>n->Mo>TNusVGg32TSIBDxRL&t%E-1V92Px{I|o;^<c*eE{|
zZx9OzM!uHg=Hs{$<Iw64e<1TlQPOjihH>=uf}mjSg$D=oQ?VI~DHQ@T$hvWCq;N%m
zb+6&VREZdfhIU5<+z(4w<SQ;mgP9Dw`Tjb&wl}7rmNfiE@GvR!CYY7TxvQ(>SlX7E
zDS>+bNfVp$1U!GqV7R4$z{4`zrYAFB3L{glpsk;O=#>TKfaQ`;@}#9g(5P+PYv6sU
z_slhOQUw-1Ow^~kEot(}g8c2eunmWN>80xtn4^-<GKHY?1VJbi(25(iL(qgRAyAf7
z4!+@9qHWy|4o|GS!<O=^PM|7dR!^l%Or5qe)=21CTMZMkwz`e;k=t5ZhMz%@>q#~}
zJGb!<e2ISM-kC9wV~BmIO;nsM!NYMk{8=^}py)W4c|@~J=6ZW*G71J7i2T~;?p;)P
ziiMDBtdJ(ou_2-$6{9!tb&fLcCR<*fJD%sW^?gpmt~e{3w{x4(q!N$ifuRY4r~bm8
zO2WV*lpkx_O{7JU$|F_yEI3*bCHoo!ev0EE77+9y1E~)Q3gD<iV9MwSzCK+vm_=HR
zzZ7br7*M_NA&kNS-w34wsQMu>>VqRrrB1vGaf*3}Q!Iiw1C2O?S%?Ev9GLd^(lNXX
zLg=#|R&$=ZeLlg`tzjo~np=#1%+<)tS(Y^CGtL(Hl+PEQ#GG3?bvAyOtIkE(T{e_B
zkH>HiK8wXgJXK<x&Kd!y8~B?LF#=TO+pZtUx->zr8$iuXsoC4qWDW{!vTeJyiFOe?
z^rmd6iNT+e8H`XN8EnGc!bl7OL4-`c3I;UGFCnj}yclGoKE@Rhu26Pcwd9YsHAG|E
zoJ;lovfZRmW2mMR-k&YhE6XSCh6t{%YFvWlXwuT!4SdvwM{W7YX8&?_twOZzT_u!F
zX#PXcn8f{loyMfF!;jkwV!?~YZiRe$I<vyF7yE97i|J@)h26bxw2B7caoJ|4P}iG)
zokHRQa0vZ$`ol{|I&yj)tqZ<VbgT-@9_iukPt);5HXEkT4}ar=Xq>&7S>eUOGq=Jt
zy-*dxh4(uL8ztWnp)q3Y1y_URQIam}IT+I6k&Fq&&UG|G96txgqOdhi>yyTOz-iZ=
zgP5a&SVRULzhK7$UKBtv;|X}H&G1N^y$xa1atGJ33Y2U+&P-ZmE3U3G*kr0a%W!Hz
zKv*=t70itqQffEakervZy<jt~kPbu!@6W&!H){*IN**b#@JZu_igO&BgXJn(<?5~3
z#}xog9aWivTV^blTA>rFe31$5fZ6ptuTo&M+|}f9zsskL2Xj`!EO=l&OHyRuk&X3;
z!n%%GYOtmA_wrVh4n?|)(aEeQXB?mtBk2RFdG*CIn6SV4V#{n;K5nztCe0>mZ_==B
ziy35c*aC#om1smFxrDpgjvNfDK`S8^+bs3p1>8_3$zWJ^D0-0|jwjy!Bnar=3Hd^_
z*9tt#)|?w(^_x`gic7>_hGeYIJnW9T&-M;p9G4X9e0AWNJCt>8l3Bugi~{ebFh@3=
z&pNnQY*L~SfSFEd-cHd96c_G@?H6W3VaSRT+|bOs8AzGR9}$@sT;2_4u*j%Y^Ycet
zab%dSFZs0)Vmuy}G2_xz=Lc4G`(W3bxmLa4;4c?|^5IdS1>|ZMZer)~U}yUzumtiN
z@{-qpufa^7^^ERMUZEGr@;o^fCk>37`Gs7WMe`T?;+Ns4?E6Dm7r76)B?P~DNr~zm
zqBjE=A!%c=x+OQSEMF8sf=Bxe(8X9FwcHpgyi_QF>ve*lS29*%m9*@{aP{Q=HfoHZ
zw}C08CIMbvMD}iks&e#$k2Cs$Mqj+k=qq=Lxv{pLBYAF@bk&|#-qBElctpBr>PUuN
z@qlFyIpJCCH|E4Oso=Z-Xh4_0stmZ>jiz&&%1h%id*mOyB*3|vDd*nUnOMN!p*@?_
zEc>J;K=TQPh9&lgF^@R;&8erht>76(WX!Lpp3bR91kbOhp3bQUq_JF2J)PIzVQ7Bp
z>705<YD@Lh(>e7zf4^Z^WnHWD_h{KQv)(}`TyK3&z5SDNz5SE<{p|<(gUi}^^`2Jr
zH*cIzEBdRbw>W#E&YlrO?FxGsr-=<?GFW{C4`7>ea40bHf?%%jI24MOq^DBT&efaW
zQ^@sDx|UmYIL3g%=#eZt=y020jsaeNL)lM?;8XI&B)&FUX2+wCy`DHOi1kWmw>x?$
z#vT&Po^5~I-8(oz=RVaNI_|lCeQtOyfZlL($%ba?Ws^ygkCo^FnhIPQ0Qls>gnybf
zaJ@dI!P^&*0`Xl3?k&GvdM}s_xC}Z*T`WXb%D#jIvE!4_vkF8;V0Gpkj`8}Mf<F&c
zll~RAD)U$u0g-dOJvlo7)#53sxXQ(Mg2j8bxbM$^+fRhbP@|90o1w=ZUn7qBgGe2O
zM48<yL1LQb!?QH$6G#>U#uW^_{2W3w&6xI<p7sKhz0#ANF;&NbtuinJL@{MAKyc6J
zr;wK>n}{1dxPAgNWGI3rrT6xqK=kwD?(@!3_sRZ?<F7C+0~bF9RTVd)vy14ItDMH2
z-+BPib#CiLM->L!pP@&gV=C@j>g?~q<vq;_5y8`=EmlpWzYxF&f8@F(J5_kbwmHHE
zcMIFLc`M+#F;L?GShzwq*zmu-u&{IDzn*`HK4!;%U4PjAyj_a_+WPG0_^%)1Q;Pq3
z-n@)jYY%=^4*$A-|HFoV{l##QDo%?7y`Fo4U(c6j2V;Gw(5pI}*fWfK2jUIKUW+;0
z6zu1<Xs=+0Uu)n8_T>->6C>rNCfXV_7Wez$ebU4mP7I`nR6)^|*HQgVHXZfpJNS!m
zEEN+ij)LLonQI4+x)LYNSkETOII0~U?RJiUm#qPDz0RhZZBvuTVH(qm9GZdzWB^on
zptT@CMOoTvYVoP5<)Nk)aGF|TX=)Lq$@N&g<6j4zCd(T732@-V)i;?-=f53YV*7ww
zJv=ha96sJVP+ykb@-QLWnKOFQ{{CncvQ4e%)ZHEECoiC-=q***6w!2rppEf#75i&r
z*I`UuEjzz#h|t4+kj|{R-2_J9mT&F~FY54SMMiXV8-n=jN}6Ct)`T0ep8nb_L>{*o
z*L<%FdF7)UazEQ1_k;XPWoz@eN<U1eZ0ZJLP`KJ6k%hxG=ZDP+*P9!GC<v+r;&lY;
zEfjJiJkW*x?}HsL<|`ELc|l*O>dJHcU@8YZ+ixY@-_4Ar!)@HqBqZF(B1W7QQ@E+$
zLM13}9y+A5rTL*Vg3B0+r(Csx7mG+7u6@I>bu${77a^{Kj4T%JEeNBkfVUNcT=-`6
zvJ$-)zd@@Q!{T==m-3F~vR#c}?<m^h*{*oD;o#qzp!HY!sh0oxr;w51LnHv1E&sLe
zKluEiFaJIKZ2f2X?_+$V{KqSf0$^+X0Z4!k@3q?Z+P{uk4>#_&H(IT-1h@xwo&zv8
zp%jVJn5CNt({4oD&-dOX8^|z&WFVmgA@Uh;UvAP6oP(D&WPk7RoTMR`Nb1xR8>cZp
zb2an*Qy}4_2bx@0rA92J<~r&;-8()x`mN2)Rhfp4da#+C!d>hWGppD<k&9O6_pQ!2
zuLlQFT69LxH1qRD%}kT0#+T0-AJS}{6;cUxHZSSO&j?v)RpZIQ-ahDH?E`k<Yln@v
zY9Kyj6AsQ+P6V2Bc1zK-pTTw%NRP#dVdtz4BpI(-dwy+~Wey}~w8e{TK-d(3shp@u
ze=Wx$@;#264A0Qu-|yE=BK1Z9*fnho#7YNMZaB$O)MaFY=xlhIq@3xtRy|{60AR53
zX`atY**A25Ub@@LCfmJ~AaIhE4I7m`59joZv8&x4!Iu4u;yf<grRW2aZc-*luV>^J
zZC-SfPFQA9)%zC8Y5O}TqiZ?os+YN$Ypy#r_rrFU1;qJ8`53Z2WTnK4@>k0R-2ihN
znwek{*Zr1Hc5D_qZ6`3o#OFE#@9KSL3Z?|7=xym-;1!E7C?{C7dloGwD)y{Q-HLZe
z6YUFY=Syym7TR}oj&=zKf*U7b-|woQ7GG8Q709GF7^TNkH&wlf|H{Se!b_S?!G8e?
zbv4KaEx*7{s!8c(8;<plPx42}r4m81Dem8iy#N*{(vntJULILDZ?ijK-QB=Wy!Pl*
z$fC%w;e~e~)ddb;B+=dsV-5AR>7#|hik6T4-af%Y#}GYi$BXhzAStIK*1!k!LD=)a
z8O(G0ffd(^WU6Y<sB$JqOTraAdgqh6>23LV*}zy+QA)U*O(#7_^%_ss=sQEmEp?tv
zimqbqxuE{(mK|bQ(Ag0K)u+<pL9jgEqq%k5hoLdOIgbk}4ByQ11!q56W>`Btb4nZN
zhZ+(Osv$WIwv|rDIW+>`s%xhe>j1Qe>k}0Umaucyzh=*SUys$N%^K}%aSsykz>M=+
z^{5AP+kwsC9pCJejlT?gNJd-%0*kSGs@TCBQB<EK`w4yhy=e)fWtt$=b%`dTrJJC7
zCiuxbN>L`51S%K}lQ0bd9LF6{+64#GZkR=~M`q<I7vg&adR3pRHd$$jBk&FcS-e%^
z3oM`d(=G2`$5NJrDyVQjz-GJ817}cq$+&?9@ng2sprlouQaHd+nmirBJp+0*&6~)M
z+a3h8#L;4j12lLiI-j%U0-T)Kt&%GjOASRf?VU$EHZQYL72t~T7J@V&U+Rs-MR^Em
zgM!`x2>my5FQHxY3y9z>eII9RAe;qyRO8+O)1DPq0EAJkREmMYb#PK}+QrfgdT?*e
zXsCpi_vQH9_H{x&H;Fvrz}KDMcE372{8~YJ`FwfPWBkvv?DZhT?b9~BtJ6P}+r3NQ
zp#cCZCaA}4_+t$sWUHgDMnkPJV^KphxoHZgV6BLi5YO-5%EcOiqG+mCrmsYEm|7jj
zdAD&#PsA+XBz|*7X&AzamdYmg15K>9JrtK1zFOvTEmBzsAaf3ZhA=*)&MAOd0M$dm
zp+H2ub&-q2mo~lP+z?Xo5DgzW`64XO3V=UGo<rng=)&r-Qb8KG3e>!aUnduF{+hiX
zdA)OZq}}b*GTJi$%d(^?co43z+ylM|%lwgz%eIfdhQQAi<tL%?N1c<3;-gUU{k?;Z
zu}Fi_MvuT%w={~w7Y8R|SHXK{r_$7?sRfCia8rWC!eS@^fi><pb8bXf;k)6=3Rr?F
z;8YYw>pQpXq^c~;)-OE5!u$-Me80Xdrka=LiW^NK4<Pg`4djR3r-loFD4;r7y|?4&
z0G6y#S%mT#rv-;NS4k1S$!86}f@=aOeh{Wfs0y+)$tJk-L&CSqs7Pq=aF79ka}vR&
z!#n7dl1RvMs|Oa0V~Gqntc0iN&}2{3384}Z+|GT+a?|5Jm}4t*Am!=c0oF7mOH&1+
zQ2MXtg(Y&U+Otjx=-w?5P)5vP12xvPNVi3{>Is?HBWh@)bi!?_D??#nA)%VLoK27;
z`C#aVt9&{g48D74^55De*Igm31%SSS?r{uGF<k`XpTgVQ#HfLfmi~<^*kFg|BAGyJ
zVR&Zvdb>geIvv8f=9H}YmcyZSUSOqNa@8U_5aGyx9kk2lYA;Q}>cy)R^WFyeRD0gk
z37ug*8V)uJZb85s(H&+iS;hMyl%ZR?0K!m8$xY)HsnH>seAj-s&UwuT<7tuC;jWAt
zdK4)(BQN?&<`P`b0K~dFRc@kpL^j}`4J<xP>3$;m;~$wB0#0+%yBM2Vm<aj%v?eby
zB8Sa46mq{i%Hlp%1h|-vi^(WSZO65(I?cY9U0lRzzfo(*0U(4mleEsHQp8ulsRvY-
z9smrGzE6GFybX}-br*q5gmG=#Bl1<4JI>BGo&Dq1tycRM5Epbl8K8A5TGK@1cv9#m
zWcwy;PN{PHR%_j_oG0k>AFS;m5sKJ@(<-`y0=K3iI3{d#ODmZ20{oCplL0spm>IuX
zTU%SUdDY)r!4Oijx9!1+N`b8zign2gIDCkES)to87a(6oEez%%^zQ3A{|Cmy&)$fv
zLM9eI?`A{`M0%K8B^?x`Pq0z$i7e!E2D}nh^7t&V(YJFpXw+G#gMEE36xjYd!jNJT
z_mWffZG%ecbgm^04?tsO#l5h=$s?E^Y1D>e!r+bFf_!xiSW}$GY4nPbd6}MJBe@7~
zT%l&dL2y;6)HlnigHygvl5upFIWg(VKDGgPeP1YCu4z6iQ)7nA)igfoSvwm}?hw5+
zo#n<N4PH%$v_G!gf$RDukk?^4O?=7}noLdX1bH!1J5E8~hvB&=t-K2QG~Wo{K#+XA
z=7`5->DXzizY$jYQ)739jvW{b5PS%1!<-WY#i$B$B4CF)0!tOMLu+(pe(Y=d9Zb;u
zW8Z4?E?;oh7x6G%s6QyEPTgtxx@Jxin;lj*y|WBv6V9VzxiJ$Zqc1f!?nLqq4An7k
z=D7&IIB>pD%lm2nQEg`29l7`w*Gm=wIjVr=Z<r#kMw-}b-f4cxph}g58sr;}lCuac
zh(L*jYx!dhSp<b<npb+;#K&ypK`;1+eTCd;Q?TUr73>!C3VzsEs2w)%@Rxn5Eso54
z{lFG6b}Xihd14E(w$K#e-&`P<)5@J`<#JlNGp*bid+v@sFAXd&4=ncvmiq%UM+&`X
zj)Pv3C=358#t1Z<YJ=|YJ??Hl-_v%tkh-s$*Tu!xu6<g<-+ipwIM{yHX%bG9G3YOC
zy!Qb<GweSBSRcXu^Zw`e%l>~4KfnL8{pZK{IQE~k;?2vbz1IG9Z0$eWQR}mf)~`1n
zepa^sBre-nfxe5ar=rd!V^4J&R2q8<YftFhv-aFMJnGCd_Z$yBTTgO*bRH2jyl0vB
z0M5O4cT9u>$nRFq(|L%L(tmd0J-EDZja8+x4h|?aRJ<eeE_rs;X}<@SQFnWu-Q8Vg
zZrn(w#A=Ouv)U0k#fSO+G_I>hM)p|M{?wXhFwzIy2<oR_T1lukL{Vz>k!po>5yRC-
z5bvRn0hag84?&>Ey`yAQ7X{VShFxeJ#<KcowC1Hw6muh2wz;#zkl7IWPD2C^j^5Dd
zxzx)qH2>;NJxfQ|5t(hkt}v6%qjL;nK`pL^16cURO~5Lsf^~m>6f_#=NV^<`O_9Df
z#aK^jVhQ-IUZ=hDNtQy;{d%%?wiflLC<`i~aCnx+qXz6;*kIyR4ePg?Ruf2RA?#I&
ze`y5DAxuKS>OjTEl8zArs{R<zOB>!<UN)Ij7SM=h2^C(jB2uT5P*1?U#3;xxZlU^1
zc#}J-v&N=vg1f@p=BL+1g37o6L#d%-rY|&dGp>la7q<-!VWDT8--Nx&sc43#J+mDL
zLY0lN4`tc>0A<eL)iJz<%{I*ea&kjyWrE@wUo+%U`v@DK_Wfq0H3AqBQ@wbk$J&Lr
zYNM|@nj9svTlHgC5Fx;*0G%-vqtz{>FCYoQ-pE-+^?EptMp<515lLK;Se1p2+3Af?
z<1!T*DA3x}Rs<7k+Y6Vz!!FJpF%B+E)UQ?9oK!oB-oLQBh8}=+X@FVP<j5E4dfn;5
z6tsbXbFk^4Ud$E7G!;vz?-zN=1+C>MML@Ww@fd&9%LJC|*UjQZUzTWiv_bYB0fCOK
zl80$OV7KHSd*u9EX*Q$7Dve3us7GBF)Ly+)%U-wUU{8z;2hY^|W(3hkyu+f=&{rYO
zL4h4>RRt%-gET`!N<^P}how;1(H=N1UhhHJfr}v!Ip+jbP*h)(XslqTUaYjhBc2H)
zV=`7-#chBgP#$eXDa<aV%X1#qa=Hvbq9CO8a&Ndy%3-mccq+B}U5G22P2$OQqh?hl
zZYfK+CBczvF%lMbVH19b<~VCA7n?{5Z=`6&;QVG_?cwau2t*5}Esi{LWsLc(wrU#{
zCBzL<U54h0DvHr~Ohch<L#Q_k7-5UNzd~SuKk?}gc{>k-p{en4mG$ZLQ!8D^>J8aO
z%_K7xUebyI5Zjvl3wZ1(ia3QtUA>Wr@jX&IWNnz6beI4RvZz**uWfy|^Ri|MrBGU_
zx2uALdX~@LTT;?RwVj$nVgo(mIXl5&DO#srG^&PR%8AFb24%~;uS!F$m-<5X?8~SI
zO3IodBsE2i%ybl}54)(j9QLuQqwLeuASKJ*?(yF5IstDTShcP`guUgX<$<OcFZEXq
zS{#amH8f-%mLXAwrEjREm(atAx;aycw7t{Rc`DN}9k7Am=ZZy#l&Pa(AFaGgXPHLk
zfncj8Pd)JPTJ6YmIATKv+-)Jpp%c2dX2XrIx@q!8Uxf<Wj=MUp9nc4XfHoj0nnN+0
z4s6|UOK}myFLYrUVNX3@SrK&Ol*WkN!=R@Z=rY)hOfbFS%Z9c10T$kRUE;)4>BeTH
z`Lwh*>5^7BWK|pV5prc>Kq!y94Xe8Cnp6poF7xHAnGN$UHbLE7t9YChhc3hWdK%$o
z1pg{X>h<O*$N19TpJ9B=<>O@=W;Zevvkp|!1|D{zxZ0~EYGLHGP~JM4d9x3h`%#ob
zQ^q-6OiNwxenHeuwPo=_ZKdV5EbZX23WbS2>+a~14dyy+XWF#Ww&Sj2uqQ>OOo~*L
z2;9p%LEhZX-Yzo7{pAhk_dv}VIy;Zm39cyI>9xGQlRZ0)nn<X=0N^?_>H6ANEWr8)
zWXN~eYe7lU>@)!?kIB)G1DwiTb7}Tyx#6(StW&VuiMiAqcH{BTdN3ElN*KOqD_h!x
zLV(18%8yJiWz5&kWEksFwKD(X^7)S7XGFH!LS>@Fv$C)^o7-~(I?5RV$0lbbM{V9|
zDrE4)l2ZT?EhUl^M@Pmcy!0Afl!Ot0AcqwPmX=PFLJvsL{ed~81ko=!T5;FL%c^wP
zLX(4;thz*V(zN}!^-dpDo?l;_W+Qbbb*_@$6c-)h%3)kt#JFSv#on!hEegEH+HykR
ztH!NcsHs)oq~C;F40C&oi{`l3xJC8WA-?Ch2XY~5I>&{L^xN=iL$GmGS^d$q>+oIG
zQjeAVc@bZs^a%AEUc80zB*7}$2%Tl|vG#Jo=Ad)g2*(~hKH1)}_Q#CeP!@70#gq6V
zU%{WlysLz3@RPn1eY1T8f!w~@K30DkI7zQ@zrov8Z5(tuyVQy>E2GbxZrK7;PYrrC
z&NDnB<D=*nv)tI0vn0R<hRUpqHbk_1D2hSyWE-okmpW|zQRn2vkrVWmb)e3=!>wy(
z@J4~`X;(g{#iv+&s=!JMg7EPH;gpQ(PSk5Rb%RVXYv_kgY6YhDPF9QV$@boU`6<oE
zea10nEwf;t#93w=7J%?6`%Q}j)OC!~$EOUk9S<P!d7MHd{!|!Yl<dlJ7~7MxXBZyb
z+Z810L%=YIp@^}GpMmc90=A_CH~U0S83P$_@H8hpxpF{tDE49_{QPLc+3^tHE?n^I
z4F{-u$6wbcz<8lOJ$|<&<#hyE%)SV3M2Baoj9Vh{Cs!mkQPi~pb|4;(`PKrdl)dfQ
z<Zn<!n=WP(wI|0}J|r6&&YUV2wg3i$B4_lYSE@;70I;CDOZ5fO7>o}wm6O^`#`;s8
z_R*^}nHH0Hv@E-5P=ibfm|(*0vbuD<s#4g8w3?;}Kdg-4>@Xe{QGgyB`<h%^(N^Sa
zIxFVIkx7!V?Yua(S2a2^HUFfssz$$1XZ<s7^td5jYFvu7l*b4xf_0A@o>T+T%_WzA
z8j0*3Lm}4m?28@u1&&MZH5|lgGqO?A$BoAP8a=GB6RJ_oz(YXts_|br<Ak$Yj>v>0
z|GL2=I+a^#!QS)A?(;?aKXRoXG!;$=<9jQumD5e}Qm_<QMllum*JCSW73despiWx$
zBwbH2BB9zwaioLJ(G{2@YPrbYm&gx2sAF%_DNUojEl-}lJ{bAX;N&xeR((Dwobg*R
zZl*x@*095ne}21+?kEI6`$(%aP2pV59Ir>4Hbt-EWhtxKhED?fh=@pUrCnMEZX38V
zlxu7{uxdV{w_>@6zk|F(Vie^pOd>7i;r8z1!^3@vj=a;f&p<S9kPwc{P5e9y`?*t0
zRs5ra=P@8C1V&Y>3xCwFQyDMGgFg8A*nsiq^b8B2(DBvj^1@?L(0uXyo9+D#@A<KQ
zUIL8X@P<WPte2<zhmV8Z@QYGEASSXQ=pE?q^>?Q)7b9=j?*5ZflZMo<v^)}n5&5_9
zg#hznUHQqRB%E|!?HI1Eq21z5rgI_X3$M}1lf$F^!^7txBz?4HT)IprSqhsHg0LbJ
zQcN;?z1MJZExAx>ujujSV~n|{j&=^_Dr;$gJpzEWOH?5q43vl)0f&hZl;cxyHGxfn
zH#3V)TF<%s`1w)CJTA@QzF1lCsLB+BG|8rC=YouIQ%+{?nMa7$qfIfP4eWW4nkhkg
z4q$o{Px|<b)5{{=dPR)T@|Pjt-NqbgN1dle#C4CREoP%60Z_$O6iqORY(e33Bf?`P
zlYqqHQKM6>^YIT-3+q!SF_}GRdRn^#?2i%@)?EK0+efdI2&B|o-4pe|>?qi&(OLCq
z;MK$Kt%kNgVDlVYW>QNCeIsOM0Z{Th8b+scV020>$V|}BA%&ixIiuZZB|7zB!`XHs
zN*%ONk30K^$1jdL{^n8#Ml<@s=V&GWI2L`Y(#$H272&7j#;*$-0t;4hawwhrK+a%4
zz^+oI)i*1c(8mZLEm!&w42J6IhnEhIrDcm2^Bwvq1)jk^eRlXwCy1~mN<g*`V2ZBJ
zyf0lQlD0k$USzRePEd`PEOVlUah^>3*{YD;7C&T2MN~dws&q+v$MmJ4XqLmjM)NgR
z5_PpLl?KUai6$&U2X4MSjP9hA1Js&%>eUCT@De5dUraHp2zKZE06OeEP=f)5ZS?lt
zbgAeE>8Y!FA(f14&ZM;u1foKwN7G2gd6X(lnqHF?uWsJS_XW!Xs+1nAdF1eCz@D*k
zrPp}r#;waqd0r|6F!#+(YhTtXhjxaR9`mh?`2wf+dYt8RGjx|tlFd|wT_0V11Z{|o
z{T7fb--68QBr1)0J>3XBx?5@KHEx=@LGXgH^l#(wyM|o>n<?_9;d-hUi!{)n?LfN}
zPOh;CUK}Lm;y}2ZYuz^<y=LppRH24s1Mj>z^R*Jh(T%dxcobn?1>e(6TrfG9dFBWX
z8n_N#o=MuS0Y!b)sz@e~c7M=89hH9R>xsx`54Z^u-%d$<i<iqxz!!=;5x8uvvw2JC
zd*o9cf64?Dz}dn%ctf!e!vOo!d+jN-*mL!|ydE0LuQl4f4geU#t5(AIX+Q>rK}<tn
z)G@9q2cnkQ+;V)Wt)Ilh@1`%|?j0$RKThpEwy3!I6M*UhY^=+$THqMN>uG&+JIxa%
z#%QEqyMStf`>uW+2#XS715_3kw`j>MjG>7mRos*D>mW-;c|h37KoxKy@I5_%M%NX(
ztDn>Kb(*~~3hbegOZ=+j4H6*W%mDa=`=y?ZL)&!H=WVi!3cb_Pmc6qJmSW-8nR$7y
z3pyjB&iO}b<?^$ShJyv#ePsLKcrSVrUjscNiTBNU0$$CK%nV}}OvE(;<Sf(4Tg6q<
zFb7T)P5DFka`FusUS@<XWEL^DcM8##vFF^3fX7E<$rKAb)@EF=1aukMa4yK)Fg7|j
z$Wx3KkItQ8%Mddn7p1l0FkrK)O+Vx-HfcM--Y8~UfiZ_N!W)O(0vCIT3!y<(M?30f
zl&O>Q%WCGuMFy^84Ei%`&kq4D*{rC#H9ZReCydBMf_U1UOj8r$vKAL$Y>gS_KF#6(
z+FM<HsmJgD$z&topba(?&@>?`+RZJwQMhOJWgEvx&s5)CTXN72t}dfi%Y18FE>AEE
zV~AmaBH$PUo61{wuNc1;7zKld9%?*}RQ*>g4H8psFMxsLR_O_knSTRt^pdHDzUdYj
z2Ooi|ci?ryShygF$8DIHc8|l@EjlZ^B9(6@nGQS=m={EuR%O9gEW#<M(@1S{3O4;#
z3M$#8pG@9sg3eZIRqZ9U2&K(bv@1)uEy*rg-?d)?Xo|M_vH+?>Uhf#9fV{~J7D6cJ
zqIClt){T71xm`b{7Sw<3Mwwzs1KqgapJ&T<k)Ksr-}lVHTM}o~s>4|c2b?wIGI6=A
z5%Ejbh4uRiZAQsP*l{p2`S`4$BaAUOHHfSQGj!9`jF{*6V$9J?*38^UAn?bh{S5*u
zH4L3MBLL0jlAl}sDY^Kom%*q)kYQl;kt%{ldeZjI#`Z`f!g92El+1*ICD9t)3S8~b
zeLj(Sq}u#a$Z)qE>p1<s0fXM{f-3usjv&xEI#U0)w#n8DLffcG&j%}N#FMir=GM?|
zTIH%xr5TyQapv~?++&zZ)^8CFQ-`%OjkRsuIkY?(7S`4<II*J_2PM*}ch;<pFt{k1
z(c0P?t>b0f#Y<T=W2BYpH~8Zhb$HN>RAI7@rwzuTJqWcf1#V%ZP=(08Y9&eg*oHj@
zG&*V9@4vL?{a?ptUi^m-kpOy5{^$1kgH}2JSL^5a4<F-Gj{k6u@gMF}^oR8a_u3CJ
z|MP>5)_OVm!}j!QI2y*2YvIC<iV`m@1el*qM+-)WFo~flyu-O4@8NuDDHuh;8XuDP
zKPbw^jazlh0k4j}CRjm1IH3BN%?=w#d7X5@cpwhYUa?-U4;t2)1+3GY2VfZmk=;ZC
zB`@+@b#~3x4(Gmybz^BMkR$O1a?m{Wsrzw-CYDG;{ojmN54UjxR{CbMDD$O(RGT;A
zbl(Mv72Ut%c^Gb@f(Z&vcg77wb@{M??dH#EHviZ7%sBtE4-)+8lezJq9(>mN+&}--
z&!5l#kMVKN|BQn_-TxJw{-520|KsU@|FezOgYxNrjG9AGPk>Y#5di^LtZV>s>&;_9
zCB+XH<9AH_ncX}N)VqdwI`bb~Bz`ca8$^K`$CEsn{G_3wrfGi)fDOcp5)b|`%s7J7
z`@1o9;M`iBBt0e1O78G|eV3NVs1+~><VG;J2dx;|SW#f-oK)O^itO%}o++&2>?Nhg
zcgK_Da+r}TA-eXdr>dn0jms{xQCti$<c4uMqzL7BuH#_~dihNu2k(NXGQL+x5DJl_
z-qC$Ou}|5kUugZczL4c2j(Y|R-p@ME>^+w1iS9^AH$Y9HkbDg8+9Kqqss@#hg=vR(
zALVwV{{JrB)Ce#`U-wd5u-oI`9-M4{yHR?6^y0u7j@5_g!IV@fGyomq7$RPg$}56m
z=58-=DaS2sanq&rKe*7WD(a%Hs7oPJD$-=If*RtKQDLxPL-jvhy-;Wt>$|oZb-q10
z+U}zFnu&_RDlaI}rRYMy(LLM#7A~ufO|UFfeZ7fubR<%HZ!pT<d@1#R!*rS_GPV$^
zAj{!}SS5+26$GL${0`a5K6<67OSW9@j1@-;zN1mr+u38~k!Zqd{XEFdh%ZH(kbp}g
zmrkvlOD4*fR<82(6s^URZf}(3`bGwCUs&k{k8SMnF)+W1uJp*aI5%o{XLCa{G#=3$
zjUe5j`%-puQBMF0Z#W<s-++}c$c7!WI>~kWB%A!*#n@bFy>(~~>gQ%q8((jVZE5-<
z9w8!<3oq9sWWbd>`ReHKH&!u9ZEP-;B1i0tR&3NXJravuPt}B1AC2R5*t1qAcKx9z
zw^G0f7e1mL^OR^ya;2c!`F8K5`(%4>|HV;9ARP-ryO8NYiE5zP#?+ra6rbZt44Q<V
zcc=YE)nPJ1+sV-nYr<Wg9_Uksuu{X$IB6()2?;?2%}geQbMDIDp&n>4j(&?V??*q7
z^jg0=XkgL^ilN*n<Bb@HPBMTf2!t-ww@##|=Yu%+z6Nt{WD`Y^d*RJ)G#sNozAs;&
zzyzP}93rQsmSwytX?NY62eyF~LubtuHkz=iryvHS3CU)p9&t!6{Jy3BS$%ZYJ6}ta
ztAZ}0&U#sUdZ{Wath<EH+y`^|^l27&=6_)V-Svjn^p&sEDJ;dj`9wCh5|_vC^C~cz
zF|PbGD!g^5YkhxC4=#b?bD)y2EBr^FPI-lD7C+i@212fx@d%I0EnO9lsTFy6dRN5n
zc>=4Jp6O{^DxBl|>0GhtG|@EU)0nLHqwQtOl##ExY~Zecukh^XD%I{6=6wk66~Nxv
zn+s{Xp;Tjm)3kEZT!yAiOi5EWZLN>YteI^wi?u1vZ^MG%5EzNv6J4Fh-Esg6(eSEf
z(ku|p)QMP)ZuUS-dG}erVz%I(Li{6Ks$m`_Dfp<!WJE4bV=BG7PBZ@9bGd?p4=Wf>
zO|V0DZD1<?Vmc>!C0mH$W|=kP{1WCqw8XN_yux%7$a;(&&71}y4)_@(v*)>YB~MGH
z$5u1^1)oMMD|~0}E;g`Rp-{BQ0s&jsG`HWDGnd(_OcYj;rRvTdhjY_pd0b5T!@;0S
zqQq7NA%^9W+VCW{WN+9F7iPk4Z)csvHJB^`#}5n{{54PA7)$WS!kuf7nLcE=1FJSL
z)n}-y>L$)7$qhPO%qG~NQJ{QjKoFlozTBa?k`@shZCmq23R)^k7N<b~js$xL9IAsP
zw-f{VTny9U#q@%+4&fHz-YwW{e4Z7jB@0bU`*jtu+mYDXusf1RcT?Enr8p(V<CvFm
zDG!*(me%hg&Tw8LvA#|zX~E>+T5wRU&GP(xqXoh=Czep4l#Tf&2o5PE;{Fd)wUFc+
zQVKTb`W?hQke5W-OMN`2gW(lcN3&iNZv|d+T)FciJ{9(P)Hk3@Gg5Ua3?T<Kqh6E<
zs$1PuWPrO~VvT?oA4oA#n{bmDaZJBD=>(rW-#%eSng;Lm@toK#KO!1{aZs^FmO<*6
zTFr}VH3_Qa$k(ZQ2Jw$*$g5(=XyAz!V4$~B%;Y3CrXIOOByFreD?*IHo*mjxPj?JT
zF<@oPJ{Xj+@W7Or(JR&NvYVYw#^-}N6pxRsON!E%)qJy1Gg?K{PT6EbM(=~+Ddbsk
zB7Y*(Rw7L&bYu<k)=yBOgqG;ht8`hI#iVY0KrmA>J%qGVX|2&<D@+&-^xEKU!1rCk
z;2)4MLbOfLtI$N_Fws76AXHAo38ST#R(w>%HS4iD3N)DIY)-Oug(Otnt>~<gK`tRR
z1k8mX#}*D^MMGHb82RSyk})Ntg*5=M0r>&GqBB3_B6NmDN)&FGD-NVc>VO(bWTJ)|
z{s~X|ni5$mCf6XJoIDHPN24K>Fi+GXL~)@_4k07Z#pyLGZYVVU$ul$tZ&(V1Vx&E{
zq1ePfwv9zt*&eL8Xb6Kv$3~NSq^#IjTfzAdV*S8Tf;whASZt!bxQJdsrDd`3V}Ubc
z#Z+PFW<_FG8}7P;qY(S~cqU*Kwr)64ZAqrJ6?p7Ht~w4Rk?RD2W{2l?W@_r1nK+Bc
z8G^0xP`P0&)6_n)i3g;jfx=K@{&IbjqsFed2gu^|y((8{&VuAMk_j+cBeKU(Y6HvR
z1$h5Fo{)G10WL6Aqpyv$EUTgl%vd%WQZ)p@bW8x+5X!MM!A|(BmlV;31K1Qs9JV4<
z;NvwnX)#J>i@btnLs*m)F)sk@uXNRAxh8~6Gx53yDGcv8u?bfnjf~7zoqhx71%ZVr
z+H4@)zJe&4*+RGhnQ6?|?CAZNL(m=8;JTiCs+VykTR9Gfikgl4hJC&*k6sZ}ky#?4
z;$|w2?XE;7mMP0Va2`C0INY^lgRG;NVbB7l97QHdUpNrv2z*OVW<QwelDs$_OGF@7
z?I3yVF1yFH1Di4W)%PJ8PTo*E9~2nO?$+KfZ=zQTocGHv#V`>pjk?N4thWj&q5iT6
z<H!jX#u7J5$JBg5!J<F=AL(dd@uUFB8Xa%su&oD`4Sb~@Yq|k?5&pVq88NK~LSm26
zkc@v#UN~`*%~37~Nz>L<q)cuyiugI{wGQ4+QO7SO*+&6LaU#+3nCMeHg3PPec)}#W
zp(K6p_D755TG9hq6uN3g!vEX$X57C>(M26Oc*94<^PMBroO|^^=HCPIthIR!o32H3
zh|=K3`JfW&d!qL&0u@AfQ`Zoon+nKtkbWk%&OxgiB1AxzPC-j}7c?H^{0G-Py*0S+
zXgIM}Sn87JN=f2om7mUJaSdXH8_vPv*l+hb`@5Th0L!T;M!jT5pBkjLjqF%D9+0-7
zi3u5vmSk;aGe8J9LU_{-75qf`2p5GJ?Ud9ui;=5bmZQ#zSrwT_huNgy>CQ0ZM7CN_
zp@|=Gsm8?sRT@C&%&n`RT4yHGutv*_PzVsE-7|50pv=-O2yc2kq446+#+w*OU6ZsO
zJ~^r03`PMbdcdRFVnAsLmu%o>^p3?@=3>X2n>^r(%MxTOFLb0SgeeW3>&sodFYk`<
z&O<wP%9}zPQ^z?4Z57Q6I<<5`tf=K{O-#`Bipc$V1h(Qr%2iF%fR%uYUOpxhG(+zT
zb3Q@_sIvI0Iw9HDR6)g%!BADpW*L?TDOS|C7e<A)X_2hXkX&^_q0qe76%q^#sGVRb
z){PfTq0nwl<ngKRKo(xLr5bC|2_$e2%1m&;spUk=G-w4%TBQsy*BEt_cew%r8sAZT
z*+R66m49=dq&l)u6XPgB5xqF&#te_6h5(N<)jD7uv}J~?F;MkzFY>hXb7iR`DNDg_
zLdi^9R6N?U7YW+*MIJ)N@}gAEQWWpTVJ8aRIf#H&ZufP!UC3nPK6&)$exu=>dcivt
zVWng*W&pA@8hYdA7!x9?mAfs#)SQVi5+O!{^cnq8IW!R`vM>97*;y0aDJdHRmOImO
zAOhEFLXg<)$r%eOb$n_}7iRfL3eytd^oK|ZWF(s^+)U&=Eq}vm1ATp{DG3b2<Z2T<
zLJ8QqFuLA3@sDmBxI2e`fIUSJp)VqM$rzytnUKJso!LT{$dCv*#IZAB;nm4^N8P^a
zWfvEq2EdL4t3z7HVSXNA#DK|k3?$2jkWnYdD-M{j>>SE^gd#Y?-8wLl;t-(N5N^x`
zBlw!n!Y$~?42H$Bt7JJby-J+w5A^n<qyTlp+S-~7>9H@^V<T3f>N7QlDR{r9dI3Gm
zh1z06)s`P`QHbY;olN@fEzw2<A~q-{6?RTZ_fZPdGsAL?y)d0EJL|HoQOa&ZTeCaY
z9mV)5`{2<-@k~MY*^yN%+u<3s5mG#s_<Egm(wKOLQ-y@dicxlia)NkFze_l7%dO-d
z9=61~yOkXP;-SG8gFLvtl7lV%2^}DmqC+gwjoMGMbTyymV3(MbI%4z~cBg7fqUAW%
z!kZtX$Z^SvF)(DN$~`$LsJ)>sAuBoNuBH$w!iqnpH%hT#p~-{@=V$0o*iMj5JlP>S
zo`5bB^bAp)N3Q_T%YstQGRSnUL4A2x5@+K6^hnI8W+APxh$|s1QS%VKI%;Bf$*>Zx
zm@ZU}$c7owXj<lJL|_9NPTZShc@8?@nDoH+c2@DYKZWQr@#MOuxn1XG3KmsM39RTt
z1kgH<Q3hdS6R<8ZVu1mq-et1@x!Uq&vk;TWHkiooFhf!H*|TzSHtKhgF4;%PAVesp
zDP%WRTM84kK|O1^YXR*l@u6{KOyH0L{SMo4@PZ){V<B^M&#jr?<@T(-uicxx9QIW*
zSZG%gl%}(`p^1%<_0Wu@?}bEQ%lEP(iUDgiHNv8r9T{$5P(6DG>-O{xwku<oNo;RB
zT3QoYrjpXkJI_2p*1g^^1*8pzyRuZI+LrsRzldVBE654UhLivZSO{yG%)UZP*2U%c
zIX>cb?Z-uo0qO=_D$1ntcYBA?-9JEo&&W##on<(@Ej=I!Q;{P~4u%3B96|ctx11Ii
zoL(gNue+Sh{~IF_zR4*Nr@ad^Z*Fwm19F1@!iWqysf6nKcZy(Uuj6xdP=E==A2c2H
z4J8UlWL38jj*s`A9&DeyIO=@2{t_+~Rh1WA@|=n`;MZ??f(^c3`om4Vmc0*zHKaf&
zV@@n*uHJBCDRyd~_X}F=3@F5IGvW*PGr%!U6*QuB$XgM?(`Zk?N+9~e)D`v|it8_i
z@d$L*W|x}ids-un&EnJiyWvYQFnq><45#1fjmkWrOXoFKhtY;mwpl_v$M{|&!dT;g
zrR?LiKdABkVN-qKNMJgfGvWwLpD-T{w8m@jBf#~HjbOp64~3gSlfP2D80=^;Ns@3!
zfvx}1{Xb{=|9*(zAD_&P|8f7}gNJ4R-_L*c|NR&r&;OT#e|*ltKYn$u{UB<6w$XaH
z@!;1#k^8R=_K`V}J~BVdN6@1-54g!1H&)YF=}Iqc-1?rGqdHNRhHHMm8j0t8D^^b%
zcOi^O1Mc~<L7mO|$ucGKOwN&!SFF(YTKzM}ASG-OUiL$P$PCgrM$^{l$MP&esi!Tn
zHs9K6l6H+7w{962)W;2X=Hy%;qnk)(Foh5)+RUm^f+S}620f_LG4f`!do=>G*DqF0
zv8vS&I{jMD0PcB-Rc@fKL5-VZ)T8iEcR}jATesG4nWGW-t(Y{Tm_SG>QoX7>w{Eqd
zVt?pX*{Q04Qqiq8)WI@XM5~UppEDSb!CtcLpK+sZGP^c`0HN2>D=7jX%LjE~TOspR
zzx$kwKdLyh&82dDkas_zLy=5wW}qJkS8{Vxtm<Jbd;<|4$2-fXRUbzbEQ_t-Q7n3c
z83w~b4ni}lR(saWtUbpmXEPKHX#wxnAdGJ8*ICi~JNfh55ITR&F?6c=KfGQ1AQ50@
z^M9?@`g$q;%Y*j)pZUL!@sa!=tvGUkt#(X2V5@zv-9{ep*BcK%TPy&adVdk8!|`+k
zy95J<!f}+-%?c}kZXO(_=&J+G4f+Co-aPEf2aM=q_)qmQIt(o%@9<p1L~@i|sAHUc
zVYD-*QG;lOhk4Q@Ps|IXy{IKqG*<Uer{)?BtLsqbC@JjN)V{}YT2Fwso$MV_?%p1l
zQ4RAQ?OKGtlN5ZK6Z1PYY5}RG=PrdH%eLDkIPCxAaM=F<a2PQh*3EAh4x{;SV4D(p
z0=7;)p+2FfFNMdG3$_<y#YtPBVXctECzqREl7`}$zIDUr)$^WS>WO2*1}r$eB=_|@
z@MXG&lVgRBv4g=fa+Rl-<?*WB*AEO>pNJ#H-?5Jv<?GNTFn<VZk*p{G-7$tb*q2`U
zcH-kr2?POlsK$=_aG`~s5~-Sckxeh*WdnWlA8pCu`2JRx&;sb?7#hMH0N-xe+H`l0
zk@;h~FV4pqDY+R>#5FrbcZR#G`k7r5NCvA7HHHP=Av#H=$X3sFnSl_u+L8cJz9+ph
zZC)g6a;Vr#1SjYildD4Oq^t19rqY9{ZD?Py7%f&IZ6S6ASWy&w#X}gS5ehEs(7+7Q
zkOqI|pc_JvZwWXg4<!Z}4V7RD2Y_cY4i(XgaZ4?~6EtI3=;G>_8Dqu+>6%5DB({Ja
z#&m6jp)de2XX@uAXp6NaDY|{b{^90d(d%UjIb}u!ZSbf}6Kne6rdP=6lF+tX$-ELs
zS=9&>1vHnlkz<1Qp=~QQ_R|z*$s5;fsZ!vg_a4FwK-ixet3|S%YPkDdIbFD};ZINl
z8>CL&lwp$+j^1`@qTHlFlFTL*07UF6O#xH6+u`GWgW+JD7F_`znB+KY9%x5T7ish8
zszVT~iLABDHKf&{nMf53(Uir))YB5}th~`&=jLI4Is&~>*3dXphO@bEv!mNGyFY*+
zP)wpniO@<bJb?%^!4Jh9V{d<z`7zm<qEcVXp&8i|6Dx<#SmO>5qJJ2{OPX5IVO}0M
zk|>*039kLldXp?GT##71bG~xZECzDsAr^zn4ZITqA6Ii21I=JOKRP@)Bv-@LN3R9L
zGvFNLn#)qZ$K}^!@fri{l}hl_b@52YWcD5lj!i#?YcTOsln}ib7c5cI`eNH>(v3(w
z7NhZo4pCI%iEP$B5k;W^c3hW571J4hL#Y_byyYN73j^zJ-1-NG`V*nTq(ON7MT^mt
zYtWSWqcmca>y1sNvFWF}^lMZ4wG%ogSXcwP>Ei)P7c=S+(3{?}H1)mWe%AYjV>Sfq
zYpiMdh^B^ojA1(cDPqM&XgMmRBP#<5yA?vSx)$5un%a>AU3qP0Mj=;las?cB=t>qw
zgF}+Fcn+jE*w;QB>1uIK*$hn{Ys_{HV)-lhcNtyywKkkwT+#mgh?DB#8N{}h$a|ud
zgH$e${8Woxoa+H=kl}Tg0xdK-v!iEw;9QS?;cZQ@3pN<?-SFia8W%$XXv#V)Jnc~~
zfXvWtg(U4`mzr&`5K*(glyZR_t4*_tcCF$KS>&0ewAscW-htb-`fDr+W~P}doUCGh
zX*JZ(pTE#&j{f(9SOCn+|IsSv|9H^;`TqZ-d`kLXvH*DS?&&{1p!V0;2B4nz+|&D3
z+6RaWXGcfsqyphf{2e}K8xVEw`|8uORFOH8yLHv>YRkRmb~KWqUiaUxSH)Y%e#M>D
z0vx`)DSJPa^~{!Tr1X_7EuaUjD!z~!GITAufRr7sHlLlYt~a0WtFAjoogpjUh=Vd$
z;0_bDxS1n!TWF;6bN-Nj1E1>i|Lg<Z{?0r9AAH{WJdppR{qy<%F+TGAKhw9rCjZAn
zGyr_CasR=_df@W+X*@ZF*!nx!XoR6*7d_TzCGt3Xha26Goya3(c6h_=9CpS}caBdw
z&mnu}Ers?Ert-yaI-Tdww!gjgVBLSZb9j8B%8SQO_71l9RV(~vU339)2;g2Ozh&<&
z|Dk?5EZ{}`@&5MC*N^v38h`xFS9>QN_3c=)GZ*n|zJoezUXkHsRIgt(C@8kM?y)VG
zUf!_-XheT>FNS1K_^f>fY8KTI#({6ELFRsg%?Jm&u13mVTQGdn4l0`6c2qOvR?Nf&
z?}n=g1?sswgj`iF^2<3x5XPA~24hfsTfaVS+`0uepE!zXLtm0LBfVz3&iLW2Q+d?Y
zQ>d<Nd;Yrf+uwAyzcz=mUT1#pboI^l{)>(%t;?F{+_p0|c0XuBTJVUoj-~l9FOsx(
zUC-F;l~nOPq7ASQSoN=i0G{=zoeXY4(WvYi8mA4XS{Ls(qqpt|Od*KS!9BV6q(uWQ
zb8p=Wv>b^-*tA{#qyS&T{5%`=6>=&>KU;nDbjLgc<(qn<mU4KZNWeX{%^J~NxXL^0
zjpJ#aG)gY<a9xq4g_4o#2beA<EnTod9Jq8is-J;|KV|EMGWgD3C)Z@xit0NxRLq>r
zk6HP?+u7b#3$4TAfZL>czp3v{=&rczxbMP9P13zWYRa3Q()bPRaeZ$)_b+_wr1v%5
zALukU8STfSC?&c%IX*esJ9uhyzF3d?Qrei47ss8W-R+ZYTbd<{3%s0#*!-$vwQ&+P
z9eAS^Z7`&^zLp}0P0@u4!d|3`@1I~1_a6U3jn+k{i^5#@xG!wiNouczW=;jJ((OE?
zu?OcE$eh0PR`hP2>{aGg=qeMX9oN<%01CXkH1{JGBv{HfIS5Zj8`;<y!7O?sgh_Ah
ztcMp>c!3TBFzZ4;;Yv|Is?Hj8a<ct+zvK3BjvaiU=D#{pd&+IU_>djoeVN<-_`RD~
z1TCJ9iVe9>*V!Y{-~NC|#l^I=>uFbt6dN=YRTMUfCQ?(qdHb2YGKG6vn>E8?tYsy@
zL6tqcufddEpK7YfQ8FmJ02xnrB*K*``c!MY^%eINE|=|K#msg5A$BFF4PTtcpqBs}
zdpdYy9d-wo;1xH6w)Ge@v>-MnhhUZpTGUEF*P(_w&+>`egW)LtQ{U=Idnh(jxrkMZ
z=n8Lbd2BJbOBQ$hb@+`IGYx&kFRv|b8>$WE6kGO38mjs$ITxZ}Sj60=<8a`SSYS4t
zNtcW0G=n5m6e(MMyKwH*F^-tx6brmk60HmBj8S=??qJvtIqb+|jO5tl0Lsf~P$x8W
zv1vr0mJ1BnLE&(6HBcvbDs3=Yu9YoZKtup{Nb?8HCCI-uFe-b^{|a6&>zGSP+Q-N&
z1}o)#KdrAteG5ivO_hXn78m2<+C2e84R193Kt>OT&_cc8q&FQY@!9R(F`kIZP1%mh
z^NoUUb^q04)vw-$?!9=aN<mSINvzH@#YiEyQ094bp!z^~`!|Z*D!xi@R{e-<F|-k>
z6NmbOQ)yuUZGr8yt6Xa4yoX8`WbtsuTgNMc8|K;JZpSc=SYGjBz*&+=gO3{GQj#*o
z#W-wi-v;k9a|3_t-ua|X5nrf@X0-fz*^-n^Q$^3cqS9rl5)4%LrO1wHLkyBgJ-!mS
zdTy)??`%c?pye7RSsJOu1R+Qic7psCs{BVsXw@V6;)_TKN>LzSk^I!{%vD84YBJmV
z+&#&m#-^n)5Y`Qb3EpNHq3!7oCWN*l<~qW_>YV2X#qtb8^RpRbJO)F^33#ssjDTF2
zEBp{J=e^R>D0Ew{2d$SH!8zTPqb&q4y$PhJ&j*Juy`ySi>F<UwO+W+;o}rpa6>h*}
zmYim|JC>FJXjHBli8LZsb`mmBL&x^fVi4d}P`aWymR=bS!$@uQ)HUlvx*5T%q4ksZ
zV}lx_H`9R@-6Vs4n-`+tLQIz}73IZn3-ic>_x+*GC9OBMF(&BbH8J<#p^CP%O5!+8
zdLYdz@}L+mV9?GLVkv2WR!JcmR5y2fuv3*p46$Sq4Dx{|M4zHmST<9WTfQ(Ukz3aU
z$&y=O8MKL0LuzR3Q)|?*B~3bBi+BeZNQiSmn1ypu6|9dmng&|aqL4NLvCV2DJh)QH
zr75B?6@rF&McpaL0(yf4dLNg&O_Lmhf&kq7ZpWfO_i)iKXY|DeCFLIRT4>eSvxMdw
zFh&VZyTWLNc=RCNm<zKK=7{higgowyA&dpOwV3mfo=}W>8ob6f7amkD^;X`10}d8H
zW`>Vc)C8B3a2G^F^e(6eMc)u!CtEts2U#)lrZ3M`m1u<LGJ2P}_>G%*AQj@IbwUSR
zst9U)5ntJT-orRpMvGjPLdwga^Qt#QtFoyMNsA_OrIu7rBG;b|R}b+bRU71G;54#8
zLbd7)YOD;=F{#1Ms>r6jbL-NO+io7*)f4|hrm|D#a{KP%?c=?j?#^BpE(V<UCgN9R
zHj8`hhK@&%M0t3|+3O5ju~2#pJ-8K$JD|s$%OM-%*E@F@W7>D?G<FPHfWu!AQ4AVh
z#qw-|p%C7CN~TpBz850Vp)>5BT%s}pjYl$=X{KHcF91M(C}{VnF6tw8OdDcO8WV=j
zW(6IUvVxAvSwSU<utD2LfuQYZNT@n9i31wkw@3<Lj({w(jci7ls>CCVGM#I{nNMcV
zNi4pFP_Tui7a5iH2t$2@fO8B=^%|h75h}Te`ZOchSFq)V7}E}QkdFQ6tKU!Kv=|oG
z%chb3nqWajU69s+JC4uP8Y0b`r|`;L-J7HGW_31B%vGK)Eu`S~w3b@dWJT|}(DPb#
zpOGXaZ|F#|C>pX?8Hu%uH}k}&NM4X>W$)`G83SxxeYXx##MVbBk1BfL+CW8j9kC!<
znJqGL<pWGgeb<)*7SSP#<DS8V8s##)=<Ibt=5Z5rta-Y5he7a7tVcJnvG$CtM`bJP
z`TAx-b_$IiMHoMd5`q-xWi_(G|6%G?#%GQ~*+CHxc0^1S<cf12a=f}`&_Q&8QQ4zo
z4!#JSF<E7G8+6_+q*fQ1gS3Xd48U;-eo|(E8ILO_OwKWOveGj`jdm<NR~FkJ+EKz*
z9xqta!g;J6ZdRg&YJ$&%t!BJf7VDOMCPaNUs9$i@#&5#5V0cxrz!eu8dO6lhJSnT!
z4dutEDM7-|C5;N6brOsoO7aF}uXBR1XDj!8Ay2XsOnY`!h#39}M6Y~vo}hj_hI?6v
z_D`Z?4<h+kRS?{MKr5`DBRi7lAWK)p0Cqr$zl|`Tjq+}ev=meytKy*wh4ZzDAPnJJ
z&lOf<I9-D8aud`@<yML;TZ0oG8X>Jd_qYKk4=d+*KyY`%F^lmm0oDH|vIh|27F4y+
z3MmMTI=pGi0u!zvk~gE%X@QKhdO*Vyr#MPVxrS2RRk4!Sk9v<vl^?Yt%Qr%3IJlzq
zK&&Q(*F-XexH^g7aMWwEMj%F%fC*5m03$A)BN%A(G`|DJ5IRUYj!MIh@77^5th#gT
zOROb@!%dO?(=3otTN&&i%<vU8SdEq9mKkE6mp6rR0WC2u`Y^?%2&xRF`i`w)&aGLC
zqeKlvj1N>13R|h&o71+vS1KzXab_B=;L=E_G3_-3+h`Cr))o4#GwVfr`i<IQ2KWvG
zR^pDOiqY{zl~)=;#c6o-GnA(y`JmK&0#1=@P`YZBoY&s4#dH-OwhO8Z2_)#|P`^CW
zFV-6k2~#<3qq{6m-iy^gOCO7-HHgq&3R(%bk<UDrwH9Dj9SHDLvU^#8wP()5wGh|$
zons;);=(?}>iSmVx;8SpRn^&er0nZ#Oh>9}vM@4&Ji6LjQHvp!bpm`U?`p%MqCOrl
z%X#t?^LN?XY=fApi4OKp&-EyZb1i7WXNDz(Z!|<5DN0=^t~*bxhn?@+n30DCp8?os
zj^uQKPRrIu6|KuF;+bvFv)!=fYHt*By@BMhfY%gQ5ufRw&1c)+cK2UA>pT;NX~MF=
z6s|`5yO`Ypg=b90?90gd_O;r+0S*GZf`x2YTf|7nxFFRA3xGM;DQ9UC_6zn_xiE?D
z86}AX<J3GGCP=#-qcRTj3D|7aJ{+SvjCX9CV8bBT<3$XCFBJdJ$QsZ_cg&n^0?|^8
z7dJqHHk&gR8TthCdji|fZ^`acm>CG$8f-zE*StovKYSO}(ODNW!d>@3n15H(h-3mA
zfXxy@^9fAHBEgn1G(9fQWQI9}UU_IivE>l#;H=jWSK6F08yt)vu7X-{cnGWN+d5F)
za!;K88WXlqW2PP-5vUtQ02}xSj&595ETZ1)xU37GXBcF1`J$MN+G-S$&g1;tYLU+b
zg#%3=_>8Fyt9IS}b~Dm%QHlDXVfD1~h1y)07xGA*1E8?I+cs+1V@SWEiXbhPZE1z9
z(K0Dv0rj#v$(uWLjxujXJ%ZTS@RDO=gMAZ5#wLwB<f(l8;>nZFks1r*oe5Nr{h0M+
zsg1)<MjQh^*z~=qZ8*^1@x(-I?lT>a-G;CXaSBg&{2b(q$F|C<>|bz(XG!59FwXG>
z8oJ!o_AW{q(T50XRlRiQj5*97Q6&nOB8}K+6*AsP+DeX0gkn1Y17*kJMn{=2xl<~P
zcKFHk(#Aw`o)9ofW^Fuv5|B{c`^pb%5~!xNR}LX05Md5@Yj$P_QL;HR65)k!G$#^!
z#31bW`8*<hN<#cknwT&grxIQ!iFGYWX5$E5SUAgWe~R1u=}swYcjPsz8fo7J;AcfV
zg5hzJmY5M$wVjO3b)HPwuEX?0(suoF>ILy%X)&y9U>-~)yCt>}Mbve2pthTwKPZ$s
zBR+RiL(+_^CI_%|%iFh{8P89qsQz;RhtjR~p4`FFR&8KrM2KtDTLK3LHB1Hr+Zcug
z@q_TrBL?QOSIw5=|IpdIW!Z=5kAVYHpXcfT#hjTaSmK0vvoah*+>ALZt!+bOvO`F^
zF0O?!FcL?02YiIqEG`8*!DiriqTAt+q47o8yC4{ygD$NPUOelbY(G7wVHw^FwtoSA
z_y+g-`KB@Tg?k>DJ0N)EDLUXKzPr%^T6M9egPsyyJZ8f!{iHlvR|wMl8g<TR>uF+d
zwA7CQYy+q#L*)54jc(J8(q-f%IaAA~#OZze@}gjd9Nk&a#|>t^b8J+ep_GqMlPm%%
z*3}73hHFdi4CR=45Kr#58<B4+!^A<Mz$NH=$EVYZ9J=kWLChLKi#F?NQDzO|BD+xE
zZ-h?FzfAkI{g9^ua&A~Btpntk??&xsI4xQP$mJC0WWOaPp87?6eX2Np^aUb>;9V>i
zkC*<Qyn<!zaxb2O#^dxldNTn!bsA45L(pKSm?~&lHp9GyRJPled7M_Gotwj)H<UJy
z3~nA*SaRLHJbZ7IH`~6UpFj|%DPAT^LC|giTkcc=6ivTl9&a7@cw>QC;*5wQlqcz2
z!&Oj^K<k7f(N@6s04VUfR!#GZIhez4AMT7_jlt=0atV0^Om&LANS(_o5FVMBHYO%8
z?`>;ol55<s+T}X0v8&Ou>S~REMqTY-4V+M;;n>8`qeE1~+B;dTp|7KU(BuwJGer+k
zAY7LZ@rgY@L*!9cRtUwfwSOQp`-VAF%#qyY%<AjHu45kAE99!t5t#XnZz?)MX%xX!
zGZ_;4P38_re`#moC@_KCgXyQ$X6Zw+zHe?mz<7!x!t!D{P8Ra2!%>&Xqr|q)=Q&=n
z83A1j(}Bx2PaBbD(FL4{ub_ctgEK<dC!%bI&-rc<+sEf7pLuBPt`b?#L9Dmb`Dy0g
zUv%BnJdVjh!<Chnj=J8((MMYj&(_fDrE{QZ2o1FhvAnPKC?hVXp;ojUf37mK=Rro$
zUYOz|Z;tXR-Qe>o^6v`ggWzCD3wQPqzTlW{0%d34N?oXU(-f}t4wUc8+D80a5V}^&
zQ@1IK%Rtve*n_(d@V6fc@CpQX=d6JqacRpMt%1GYF@lnQz(vj29(j=p?3ORh!7aGy
z@6qt<w+@A<Tm__Yb_qgcj4Sn%aS?4<iZGi-EN-1(rO2C8cRCx$l&@~%M>y{2(CWo>
zq!k)i*n|<}s^)fJwbi)S)}a9-%wK7_76QRa`7A4|IE)J@bg;T5j<34(`jM+)mqVk1
zxeqbUoY2}MRw{V)Z;SfkdccnR3lU(WVK<AbXK-h>BB~HjR$)T-9Jq#DKWwjvzNU?Z
zx^=b5qFs5h=8Thwf!;D!k0V1Egb;2p9gWUzD5ZE{|H2gvHRwrEqXccDY2;j@simu`
zsMD4pE?i-=DurBGLnwpFY}ri4O!QCIDm@*T#?@Vv1^7xPJS2zA<pAF<`HL37R=gE0
zy)gh~VS<^JIK4J0bW6vDFjI0G({wu^GM6@>m;v0>gx_ln^EdU|C6`N_F(zlD1{*5j
zuZz1Zd=6&Z)5{;1b4jVZv62zWwS;-;2el|Y$Qpi2l}iy`bcBi51o^eyAu9vx*M=AM
zMpXoNRAjiDqEC*|*N2I$L9Qh_#>#H=HikWETTQ#vED|N_XniqEjb7T<x?71d&RI0W
zD>cZAhpS0Dl$SI2<KCNvJ`JP_W0RxeX4ft@=*!G?|49}$U~r9kK2q=@F>*8u#SE+6
zvc;|oIP@2vwLA1pMllzFneVsl2*KtCH4|m4(|;I)88B2XLZe<JNyAN7n^k;OGpP!s
zPp`cjCwIb9XNZo~GuRvdoD9ZWp{OiYcZYEdw6e`j2*6J%9e^ABrF2~{&WjEHp}4!c
z@Tb5jyN7S^8m;;exzT12DGC14;qU&J|ICd4_;K<-f7WW>_v1gVf8P2z{^Q5^c<~=8
z`g7~yVhNz%IsPMubv|=~I-ku9=}ZHCp5^%vj!dL1xwh{K4CI~+n25CJmJ>tKkmOq}
z`B?D5x7wu_x9-bFn%v!bV8)kc7o>GpA{N}>MyjRW>s$^;ha=4ESIrB^pnTPUFc#Wu
z2TtZ@^bhq5xP1~~>AV_$RMPu}D8ZIuPNQxKeV=@)UbnvZLj85#wdrN6dD>P5OkuF=
zwN=}qj)_Tl)l^N|5sHo)rAbp^34&m8ZTE(y#ngg@O^8NSnuaf0ugj@LFad8+UR7sk
zvns==yt;Crp{h1(Mtq%33%m;j906ev(u@)7w5(*lWYph4Zwd8wJz8a@HoEeW6(2@j
zSa0Yut;#YjQ>N{dLC!<Jy02bIM~w}zFpEx;B(+yYep$MSp^_*cgYSke^q{Jc_UE8t
z51k<mhF9Ryp#;C_sE@{yr{Xfm%;PhsQZ1j3lSxfi&eG8}QUtso=i5NeB+3hC;&uvp
zU;=mwVxWVA3Nj!AZVFOhy${4g>1m({gl&S1Ic_~PkBouGt<T&6fg#8(gGck@jS{z}
zc0PVAg5EHCsuqW2LvzBX+NwI}s?GOxrKKu8JP~cxxr@71_pj}wJ+0`2#j{JGbC-Uk
zS*J<$TeM)Bka-oah+4XKyj!7;1;>6RL$WRqRaT+Bo&PN_tmjoQD(aOJ8P^e}Zn<ZL
zdg8&&oweHt-cmf>spG{4glS#WZ{G3tUyX!Izxo9M0!+|Xwx4qJl=Mt!KQTC~QGes*
z+*^OFR>~PSFLj_-0n1B<9E(v-R!!Zy))%QpYylHn_R@<jE33ezQE`KQi%`F(1id2A
zjjAUnm{H|$G~29EJyi&DJ7cP%iCJTy+0r1?roYiJaOTyswz&vy962$R0in`{FI+fm
zqZck4xQVG~G^9Zf7rlu(rn-e2Bz$-eUFpnbW@_So&iL?e^HVMV57S}sVKP9>k^fuw
zKQHHhy8qeF^8d&9Nco>uym=WZY~Tb?t@ge4uOlV?-*0cUT4fEuo~kmmaaNT$J{q1*
zVsbKuYd0nI_ZHI%*n<hi;pKqX-+MeK1;kX1;?&Eu5Kpi8p|PqWX9-n$zk8INMN}>S
z4$`uNX7<Ng4deWPzgHI`@w|oPH$UPK4!3vJFb=k#b!?HbqKWaDC<XU3ej#M@Y>~ag
zQi)+^UmqTqUT3*|eSC6MdQbWaTjtsJ$ycR97jbcJi|m$%i5>`40&Y5+c;ESU>Fp+E
zm{R4t+t2sRxv<}bS^&M!MY0FyyQ&=B2|xv72)qgCvib-jB;Z#!#?g41pZ9e11Yki;
z;l`#@h}|}I36TI1jo{cnp{3mte%3tO&kXvX!QS~02f%Flf4|lKyzSHfho3+Anf`x_
zk3;`y#Zd+P`F)cDXdSWvZL}V2v;rxB)UHqaN_vd;?j1&Tun5nu6&HQc;Dg|LQQ~iM
z0wt44nn6k+nI@<|EI&fh{%B4%A)M2V4-<QEgiaW7R_z^j_YR)Fka{Ea=<vk}JZt;M
z4kclu?*ojTNe54Dn2x7~I(cf@w196&b4A1xAaY7>o{ma>+UPXXblM*bM+uTZ<5iQu
zJu$+SFB)SAM5C5*e;P+X(;>nuDMg~<923@>2oxv=`c(Ne%SK6zG`Yo;R)!A_*e^jX
zh&Cauz|26!)gqJ|SbARjG~b9m%@t^LVNB7i=8{e7iHUn_{1B@esRgU)vI<7Y8QrEP
zsXL$hVLuNT4Yn2(TqkF<R^-OhgoQJf2>V^tJiSmAu`6h>$ZTt?Egc2MD66wEG_0V1
zt6qPyx8I5G-fduGs17m?1T9J;10}xNKG@ywG#V}<4zn(*l>;X}!sYI?Z^nsD$LY1j
zk}2B-sL`6ZHs&QfKT8T!extrg4dkfvbWbrnzui07?R;Aro4$mHW;tHKAO9HL=7x;Z
z26bUxP2xAn@23<OW3^4t3ZbcS*^hBigaHg%3R^f%`!-X7(+~$6#s%iPeQ2qM12-re
zDs79|Z6#2UdM>g78Aq0uf=4z0LkqL=8d~t!8|{AAAXF_b3W)v!)PVv(mqyM*y34uc
z`A*|E=ZeZ;;AaZ(q(+8OQXwUJJbDvf=OS^yD{6FEmZRuU=-dX3CEEo;%51e*Sa37S
zGt3V{q3egx5;-?SIR2&%OpUFo*RXn+O9UEpqd_u=(&Wt?AdUfwa?fB=Qh~i3zKlxH
zHl<27+qRe`42yNOqiYKXL@rzjA9DjZ4}-|PVykVrHsgU4QxizKi9!Z<F|lzGf|yX3
z!%3EcQDzgaj(X=2QH@-KvzMvy_KK*>SyF*@UmgQYX#q>|xw7s!kWbYGYZ*5oT*GT7
z5L6!~c6ZDm6$Y4kmgZE%AS<t%I=R5x644sG$9U>gxejqj(1QAX$D_E5P`+7vIsh3|
z%Ti4nR~4bI@p3quvQE_1k(z+O)x%(^90f;c=nnHVOPPXN;syZ-l47XQvvcsx-qGO!
z6KTW$kmr4-L28ZOFm|UpxuzK50JpKFusjh1ql%G-&6jC0Ve{Q}7Zc)xoTWfp1UaLW
z)Vbzh>5*Z21~Lc@{s1;KmA~K;SNv2&h+yOnUOEhvC!!DT8%>AC7d&(XQ$duCCfukv
zbq1yKpN<>Ahg6?FJaCMxQz`koj1TQ<W(jPMEfK$hDsY|?RxcE`s5+=?6Pkl0%uK%-
zEc9#uBdc3R3KNjXJ%Yuwch8sJwq3V8SR>j9PksDXJ9k`God3S$B|kg}ii`0g2WM!E
zT(y3q0nrP8Fw_;$q5v;M%sAu(Pp+K(q$%o5GRE~#RRtT+VF6tJb+t8PQ%c^-keW|(
z!=uplgdIl$A@vJasxKvg2Bk$f>&}>TvxHe99;PMi*#wzgr0&`Yv=W6K8AFSGjvQx<
zTdPq3K6AFIZdRfMKaQ;6#o~(TyKMZ*b-WXZq7q@cw_&jiXAfNL_8lJ0@p=SQG;vW{
zPCtx9c{LIluLc{?M!PEu8GAl5&ZWkvK?v<euB5RA+Sf`8O;!T59n}zvH%AA)YVS?B
zJut(8Xu_onQ!jdgIyXnid4{wc{VV#S*c;e0t}ty@NEI_Ilc%cC6@|6+JrEI?s|5sj
zb51r-!~9%($s0|yh{PzSq{wr5%7f4}Xu$7^js`Z4Dti`6R1U#q?pzw6T>v$EmKzsW
z_595c)8Qo;TL4mDXm`hm(2q+l!XhF9x~i6eo}bw?Vjti5WSvcf!X!wavX%5_4)t-?
zh<SF!xT#*N^kh~@`*G`?K9~Wav%L#{->ro$Qost_0o3ktniX#&@(F79-T@Wsn*%WK
z#p$3vpk+UJ@$7NusC&G#eb9{Vke;OFD-)?F09ii>BgO;6L^Cms)h3CDBjY(FCID7U
z-6Sj7JvgJsyffenk`%o<5!h*pKYE(r8r6(NF1i_WHebC5{D0^0Ntq5HB+G=a49ETM
zV+w9}YSd>Ci4JZ;F;Kv1!`_)~TK74!rXirw-WcmmF`gu29sllB9@c7#d3}uQqk6><
zd*GuAbM}4S6$sr}mHS=6m_f6ak~#tY#3JIv75qkt7DmaFS5QA45gpeQEU3xTUSzJL
z0KVMHSj=XG5;^Gh#@~%rTQ6ZHmcLJz8*<EXA7gH)0jpgpG{!Pst5*t5+MFyt`X1m_
zl8u(%7bq=(#4+foAmUz}x{VtrnG#09QkTw1MyaNWhv>w#2gp&U=h>U+0y7e2kqv&M
zD^2_)OVk%>;YQb@#==+&T}N9!zHy+V$+Z~=9)dVBiqSf};G@qtl`n|m*x@4p0C%10
zYY&W0kDXB%2X(+kasE0nUW_ROpdDcB;jvNeLAQ#6Lt~mU1aKzR@jz2>{?>q`bVV3$
zU(fSZy3A0e2zJ_67RI~|`h*n2n?iRwCwZz`(Mex19xmh!00L)MVlf=ln=&=~reb@R
zr41Z=70!{QHOUK0TT{hC<SaRua}f5GR<7mKUN6aW{S$o~DSY^3!UP#sliS(C@W0jU
z3AYB}F*VUe8Q3h!77cKvr9*6)%^3038V3|~oad4hwN(^pEg#1{Qh$O$A=M%!5<bIA
zL&d|nn_jXgY)Xq$THz?CXhN%a4+v{|0e;?QZkidfQ)|%!JO|8-HmSYURlpq$)F`#K
z6qe&dpJEt5!-PzxBiaek&c_O<KIuElyyBWn-;%k*V{!}vygq_y4V2(+2^T)Hl(;fv
zhh+K20TEP=L0^m^oZ;mdfHD4V{UwZO`R=kRu3!xA%)nh|V^EIP<RmyM()c?icZ)%A
z6qMz3c|#ILCnkOg`7B2>5M97Wg!-1PkGOSY6=t{XBlet@V{X|hSna2@B>zy?3%+in
z@~d4BVM2grcTXhY3Jp<hE{Hx#_dWWtSGqJ(9W%un9B$6iji+2jwGS@hLN4Q52c=}v
z+X1yOXlUp6fXaT|XzW>2!ZUC<R-j`|!yRzUG7On3$w>G*5q?MNfg*T$VNOyJJURu(
z8QjzrQuIuj+{Db+3Nb0|vkX#_R2Od5NUlMVw_3{gRoOE%Y4C*IpHU4~*NF$|xX`DC
zqiD0}4L1oR7{oPe)xLCSu+_tbOA{VZH{sn@jYnPwp22~=z=sy72RGreIB}F9Av3BH
zkc1Ya1fzDt2<~S|3c|TM9ykRr0>+CspYvgCqx1&UC{-%~ALn{QFdD<c<=IOyk5tLG
z?<S*0zKnX-rC5}+7!pM`Zo-bJMyBSFW%EQnSvR3Ad!YKqDRxwKpsGp3adW{ovKzp_
zjUbLI1kp&M<Vx|@im{H#U{+@pvZ)F5u=tCK-wvO_Sd}h(ar?=$6Kxb?Pa+s2@^+Pq
zQdgXG&)?k9wFr3_4N&gbv%EZ9wPkRr>bcKQkF?CGtNW4k9pX$4&bZ?ZAcRNBXdD3o
z$rqLt6!HcQ&!&+BwfB<Op_UvoF(?Y!a54@%?sUHH9(UA|;<ud_NBpgGu={q?uPaT=
zpbcqdrZzs<nDwR;_@l&$8r%5Vn<X+C@o&M$&gv8Mq%WqZHPaR8O)^N0I~YJ9CVQa;
zPodU*O?a@~0e}P$n95UA-(};MhF)glMUHIZ*3l%(TI#rpCc(cBAQu}D@hYX9w`#?u
zV(M?WaNWJbgU3&rk^1|D|L#A2a<e5%GgvC{HiEx!8hwB@BOR8vWNK!61fMAXgIF~I
zwEHEck?C%d;GQQq!D`w*U@g_|{exql;;i9>a$B!Ed)qhQ7y;{4y$9VE2UxsbvCSLh
z-kjxrr@qVzRJZQg#G`4d@H`-Ej;688AXEGrHcyZ7D?ipIqx$ZLAEWx29^+Sj42o`g
z3g7fYGB$168y|i#w#CPyJa9xcbNRs!`8JoH^AG(>9gqB6edC8nD(NYHt#CL9gKTgk
zhz%ToX~+y5!0?;~a!Npv@ELqD&k(iwF@E<ZG?4SDb-QOh8rfOTJkruD10|Dw8&wdX
z1Tx6Yfx%aW$<RJnrOmV(BR&n=vGJ^t<&d^|?v<C}23K2BfU(t0>0BBowb3{U*~Xf-
z`_Wa__=Q@-ax?o~3QJGqh9Ck<ZUXm?5}nk+)A|c2<wZYqE$(oJuRZ%*dwYG?-W0*%
zq|cz&GW}E#Jm$^J3*p!1ZYu<}0pBIPbv<ri#3SP=6tp`r_#rX}(OTCPi+G8Vr-Y$j
zRDUxp&MDADF7AWHRW4hXHS8Kwg9gFc(l~9Bj7M=V2~Ap$2W@89DWGD-J?|(akp6Vg
zWGg8e=IT+HZ8-=)JY#>DIv3vfge1LCX+;Lz3vGH<T|sdi$b{7Bd(9iJgt;`EG(as`
z^%3ngfc1dBE`eV1k1~dr(oEFfm%?aJmtb2%wjm8@In+;g=on<aFl)d!=-R~8y*Kwp
zIH(?BdA|gW9O<_EFYP(=@8eVL|20akK8*YCJpZrt_Gh2@{$K6S*MIi^`WPSS|Ai}#
z-e2u?_WrtmZ~fO%>sR3YbwA+#yPsSQd+{jRPUF$_ACd**e+ieZ9&m=P7uP6LEhh6l
zyVPhszpkCbqs|=1u72h@b-|q7CpPGqcsPzHc{1@HVhpm<Ga9M$kT@Ur*&l|P=Sv2$
zDeI%Wp$_=m1awhM$RE%s0iOMVf=JmoHmb~CevrIDHKnS0%dJXx;dsmEKb|Z%C_mES
z(QfA`I_eyEj=t&a0_iSGr3#SWDt7gClID?NzoV!YqY9yh3Vry}M`;x#Z~b?uIA$tK
z>W11N=C|rJB+-@*2l#Fa5Aio*0(?n_^d}=9IjpES4s|l>3Uo5S^Wr?AzmqBUgLkL!
z1#ek(`L#88v_^lnw&34K`0p3^?>}tmf?tpZ?Ge5M_Kd#KGSl}Y8$9CTz_JqeZi17=
zmq}N_scTmk9;t6lxhRdMS^kE{)k5*8u67!;d{7f@SBUj{rf(b3zdEN3hMH{!XXt1p
zYANpZl-}eb9<-Y{(cYhnq7b@A-~OE3YYVfAZ@X&ikbWCRR2wlV(1{D-IukTLHLGT}
z85(5|cdK(U!gLf{aOx*yjC2FZ<U5$+%F0Vl@q(&F#oRaC@Uq`_!6qSS3s;qNOz#NJ
zhei-PIVM~Ey9Fymk3sHYeYxHulzxn7ble>buj)l^<0@lro#;(A>E|L<yiIx|u8%m*
zDqqigU97Yq2>Z$5*PVmze&>L@EELF!{Bq57BvaoES6ZQQ$V_?~Z`Gn7AMIF8^RL#`
zOGz2*XxeIgAq2&j*5VL<MqemF?CAK!fHx4EoC<F7f=<(Xc$Oyph*p*wb=7tdPb*b0
zs`Ja}OK9%U@o!*MszEFDPy68Fz~ghT9m}7}ratYNMx>#d9GP4){IlxL{$)TvMBpv1
ziW7vxY{2SkYw?J0eowycf)uskJmLJ<ZYjJp&`>bMY5Dv0Wuw)%)A?Oj>`hFnN@ct|
z+|v93Nw8fBFn5b;dg4#nv1HHBN-)4TFqH2IX<xEvaoFvhPt(`Kew~uKg5g_11JASR
zq?ah7OEqvfs%hHO6|0?ZeA;IxU1|^Bz`;u=L=ze?I%^u<(ro;J2+wNhHDq4?{uo<O
z0OFMw(9*)vZnrp}WN&l}C@vix9sl;=1oPOq;LNYnB3=lhMvLUpbQ})!Rjlb%gDwma
z#2P@E*@3CL6IH_4rH!ods3ygHa-lC>n8X5KMH2T!TaM_2w;2`t3M5G`1&s~Vf9DE-
zn)0eMX>yHJ{*@{vQs5TFFo!$(jBj)ytRHE1GAjUEzcs3jme78PO2@>i$jiwRf%`KE
z<HF0HMwA&u@CI5^X7X5K`VbnLdtj@x*TZr23V1)5@Aq=LrRs1+C)vZ>m^`S#Cw8b+
zXph?cJ{2vmthhTu^A39lCuS!&Xi1C%Zc_A0H5O2$sx4!5QUu%_nvsilzuP;E?*5@^
z5s5cDVVxRbKk1FZmPtW*d2M-<p8^u@>mQ>mdmUqLN<NH$P<9TFZH63GU=>Ty7G;$O
z@aVv?>vjgY@DlZ)!xzo?R2_6^I3b?VsNqrtzc3Pn86-`Mn{MW8Ubdl*(d3!}x@$}J
z)R>Qsw(LFW-2Kj$<w`{Ce7m=^y&r8KZ14Z}cb%j6HdL2)HF&p$to2OllN6Q>xvlnZ
z?|f3nyGF@@JC}@jOJ3sLOFAfLcLQ))4_X=xj03V5^4B7BjC0dy%bu;s>dC{^v49Jo
zzuJOyb=9WG9e<ai@f&p8i0GH<xIAt}7tNON#(kVz?4^SYKzK1!Uue{zibu;Ux^Lak
zR=m@3A8M+`h8Ic_pcdKDTwlv7=udm<5K!xLsl-dj?n(kbJgD3GS}Lf=wprf3byfe%
zsCS7Eq0cV90js|a*xT5gSQaEWs^zBBP{W!c(+v7%3f|zg_uL^^%(naW;CeKpI}EMW
zM-$^#=fNyO{kwLocObT5G8)pQt+561CnD$2r0KG?a6i-0T<UP(QI8i%p2uf4!$UxZ
zQ)7TZDgY3TQml?)5CzMo`moj}eoAF+012@y7DFd-whi<C@N8JroqY)%8x!#0o-`)Z
zq52{92crg_hlYd@3_3}zK{jQtI?Kj#$}hFDs&BSvkwEah8fPhV0P>2Hm}!{DBL$JU
zqw2ETLU4{{#@xpTHLD<E4>HKW&f5$*Aa{qpJ8Jt_ZNMc+3Jy)L_olG<pHD5ki+Nx_
zAZlzC<3xt>oF@z`%;clc=3x0dRFBd3m&=Vxvab`-c}upn+?a)!5e;f(MGJ_=DaLIl
z2bq<|zY*0}@f#bbl@o4*Sz?x+b;E48zsE>iQecySvT&+Hqm4Q|VsxSGOmAY$4wI8d
z<STf;tV60ybIt3PCv6$UcG{0#eK(8qY_Nv}P6O2NiseVTh^b|vltCzmbM`vYW{19a
z6pO~ruG6+|DExK~e`kgNGC8apD)l9(5sg<US~u}U{#@+=eoD1_*##)ch`uVmQdlsP
zb+mR-@D>BoNGMQ}j;3EHrT4Sv+b7+9CE7RS<P>Jxe4T7~${Pr|e!x176#BF9a_SGD
z1t2#J${P&2`iY`A0JV8-4$5lC*HXx7h&E)=ci*k8t-X8+xYtj{>bQghS^-YYPeF}C
z4(q1gdSG1AkDYP^pO-%Yd|ockTOyFQ0+4EZKwVwktbiRffE)M`dRp*2Jvc<sS*EZ@
zJye3qcym5{Bw&<Kx8XjRIG_?IQMxQJx4cIk=-xKlNy{-x(Dr#*hXN4}kkgGoyWr4G
z-c@f&b)OaF89rz!=sy+?1R9JROKzL2E#UJ|t1E;?gt)ZOK^m<@^|ty4Fs!)<1&J!;
z19e8U@0z9>6~{&Rq=2KKpNy*5vPF-<+gs4e2cx=@RvK%m5|xA<FifY(3_>{<rQcx?
zq(6O+aeVI*9XO0_V=h%;zf-*afk0@lzITZ4OhDTn!T$%moR`0kmp7}NgicMN)9OM4
zQ)p0KC^d!B>OvD!Xi{CMFolZhLYJn{Wp$zNweQwh1{q<p>Djq=idib>(Y6rZVV2x)
z0TA0m2vieJ;vodmOIZ#>Z3WO1cMt&rhA0A*Gbk2$WTWD2(sq5{f8UJ0S4jN5k`cg!
z>iaL<?j0AD@2{?|{MUR{7CD))dG?`)Mq=|zw$|_Vfc}ZetS+z1gG7JIq?$fP+*?^0
zesP}?QdG!|J}7(9qv*xXSKCKjNc~>wF+d5Dycdrl$<*(sN!m;3UK1SBDky?o4Xoeu
zUcGgGg>cE1u-}5smBHgT=O2zvdx6tX`(MoBa}=$I?BH69_|E5FYoT+m`qV2MZi6ky
z!WxGv2IO7jh`Aio49=)($*7%Gr<wACqa%`g7OOhOwM>1tW#JA4qnARE85Tg~CZFFr
z$;<93!@?!#sRj2e@p&G%_exh>#xTVF;iRAxUViKZJtXLkm|vH`_>wWA9~lt?bHu4$
zh4|%@xY=l7Ka1{K4e|Uun-rl=nT*|D<W5GNE|Oj?zWIaF;G9*f26GU|M%9p;9O1e&
z;-R6FAxXr9)MW_=LJ(;D{Z8O7mJ1MQ?F=l$a!aIwMB0VS);sL6EwRV8{4xG07&!}o
z&fjl(-pP6ZU%cl4zF2Gk`<<!*JbKRoJX&l3Pb&xT5AQjEe^_h)2bBY;`Sg3)8Icg8
ze8VlF+Z4saSnu|^RuZZ!<kOIrdac&*=x{|Lk3#B!?H-=MWhRiQwY4>u5Xxvvs_4$)
z!Or%HDJ;tdHgT9&H7m7NS}C8l@YR8<HV%>$x_>B>6bH=6l>Zo58o14^V3Rx@!Z1e_
zgf}BOaG_N$({g9@A(pm$oCM$+2J24%J*UrjG(L|Pxwmje0(Z`R^>R3X#O2u}WNoHD
z!rViSvm`yt*dNaQ&%!q?vi^;D*G2f&Fx%?%iKZvMu^u`ZmF)9MqM9)=@v5&zEyY>8
zCT5%d&i3Hy@bB&-IOwwdtTT__DK)P{ta+C(`V(489VC+_4z&`aWR>sC(f+u;qNaHd
zs8%CHie%sq*LtLEC16cLgaL+Yr2#|Jr;l$Ga$8%4=;#Z>oFmi6CHoK?i2~M4ccUBR
zd)u6|Z)7$I%zR@M5a#>C96)qtLohhTh{A*mdRFWcV)q?-Ztv!d9SDNT*tK|8dU`ZL
zSXx3D9Ql^i<b~(v4$r=~)a+;9pAYz%?f-NBLHd}J|L=kNQTG3N__P1d$N2dEKj)bK
z@8PeE|4;iq`2V!;Z`^NxDF2^d3<s&=waA6%-1X==Uz+QSV?1YUPHlPM-D*Gl9BouC
z;;Z4s^deGc@L6#VcZqSC6VYuLJNjF74pL%WQyTYV+>!=c#YMl_J~{wvYB(USv#Cv>
zlqjC3Ptg;Ro+reWL0e5#?`)z3-J0unQv<+2IqQi7^c3zClF0?+V2|?ai_>fbx1ebT
zHcF@0zBd6<ennun4|WwHb)kZC@Z+P-_Sa1+w0lU`D*MMB^JVV|eLbM!Pqy{TCx=J$
z_r<}^$==}sx54H24)D+Z;m-CxSq$y*-@_C9%e9X>&pX>ET=%GR^5Tdpo_y8eFGnw^
zzZVB5+{ACb+S~6m2^5&xy9^LLZ4y+PTD+mD{C$%|PZ}ZpIp_$xCLRuX92=2MUpb*O
zj}s5G40DY_(re^a9i11@GE2|Gv;ALbF)BszWD;MK<pZ69uP`nLUiV-=-ren!?Le>)
z*DVXYj=-A^cGffnH(Y%pbBtbOW*mO|t=5k+x0PJPifixX5uCJO*2B)cwqZ8kBi96N
zPl7{$#<jMU&uZx4gx-}}Fua3qMDvH_J<Ys2%r@?UvKjXt*fg;{3Fvz*m&SIkU>l5V
z92(GQ-657`25-}b*@IlA5Veg#4j@(AROjNM8G6GJroQyv<KW<DRI&=@89!0vgxRG*
z&Z<xI3~g)JQy;DofryaLp=&lN?4AMOWa})a4?)M`3#w#Y!@wmB3-J?BaWmr3Y+PGu
zch+o)j1jlV%^q;jm}T<J(YUN+SoYQ|G-na@l1m32vqD*@Z)p8JM@I8)!)1@}?cNX`
zen9*P7p!8iD@xzoX{G|ai@A%q<9HW`u%9!9|22JP@c*De&p(6+FpvL#@X*iy{n`5Z
z{h#^&kMVK%e_nAE0Y3Y+%>e#+)cSm*)!tZN4~PI*sTrNd`LGwkDW8*t0R(bqmhBaU
zJB>#pWGGhq$yjaw1Pn@%a~h(R`%Og$?ADPU^b;9hKu^g_9joeKFo8g@0K=#tm3y&w
zaH0gC(NvvN#r^iC|N2?y8N9qmF8o*chF>6;N0D>Ub~etV`~pHqr*Scz#EOTl=NZL6
ze+9*m8!(I}9M*;r%8>!Ge4cQQg@J&ZuXH~*zT3A<Xy5uj*dV{F?S@-+A7-S=(wv|y
zf8(-FVFjD0uKodA3iXy9<w)qF>^2~CrAYhht8I#J84r@;8YjWNMd0|M=Edpbk#hhp
zKZ`i>oXKD~qzIYkagON$vUGI4X;VR_nc|<a(@}E486stUj{JTOUM2AAjrx|DzHqEd
zf|K7%i|1&&K30>eTNh;DKMiQc6pR5xG{}gG=9cIos6h~qR4skw>!OX40J_`zdruFZ
zbrkqcqW$g*RSPR@Qkxu07=_kX(;QM@nv8iCV#}0;MKJlLuC{mBPh-@b#=Qg9YGNNa
zdyu3^Wrw~d0O4V}dJbWEBg_bY#<>{O*2A4=RD2>11ztQQSL1rGnKW+Qs!MmpMl-4>
z3Rb#sJRVX^!ukjci?Rt|BdRU!ww5iamdRdyy;0qF66gwh8Ftlg{Am~vOHf`Ms72W|
zHR)&ls-b&SUmLe7ZL<B=K=`vG1W8cIfohD<oI)Y^)-bhXIrh_U+`>w{p_`C_x#5<B
zTMk=HFMp^c;IS@=@+cOu$w2{mVbw2(6UgzfdJ*@|p)$~H5IQt*zECG6xVx$iZ8ikT
ztaY8iq7glaV7x%i62P7U^RoZ}&&Iv1pD04ySP~ej$*S6LrY}t{^)8~w`xsvz(^bnL
zQ!-cqMA5(1ez>lyt8)dbgWDsDJLieE4xpfObv>bR_J&0Jc7yR8*APSVADwJJ2Ks5c
zl232lZ`-vGb;=!DOBUU@<EQBau`y4b#?85>mRiYLubuq?4<KG0d>CEf9?2;)O>HS#
z#^RuDe+W+I5EdJva>+KF7rMV6oyIricsAck;2;Xcy-5aJ2(COQ*@%*=Xwr`i!#SkK
zgCJ{g4Z@4BIvs(43Cpg~Co-e`YWrvx7yhJkd~$5jK1=)14%WuD#74$R1Bsbk`pSal
z-?gk#&HrD-#W^IrfBzU@v-$tl{rig9_xS%-tMxPg|1mz2|2Hd60>I}a0IdJ&Ui&i;
z0PcSlyaPDaNiCsz0!l-;5#T_NHx3A<m~$9{!>~icZtO1}sTcoifA8^}@L!ao#k)^X
zhaNpsMW;wtp6{7<pYKKW`)jQSt%tvEfA;YH!(aXS^IzX@-~ZKv&+IXKw7t8xeQ?};
zuDH70&eNk#C#pZ+yVv^F`r3NK^H_(GcjMDwUOpW$QKS!1CF>&-#o4}SH5z4abibQ?
z7)(-I?nV`SuU>+|l7roxzk5HuY(b!@g74MKg0q2=@7|BvG>dhk3cgn_3(f{gzI#9M
z!l)L%7p}z%BSHLLSP(C~Jn?(257cfi-ch@vr)Cs--d+gbli_GVd{-skeWrs^mQ5BU
zdQkK|db-Gh`D_9msgfTaqN>qgrhtAn1+im@?wI^z04CT_p>h~^hGQq*uYFtjVlbA2
zY=?>V?<c`<cmbmQ`$_Tci=kwz#kv_oSgQ}c6r=2HvEEg|cb}uG+*)6_pVs=j_mn7}
zYoUHX9rDh-^pi!Q7VP0(nH`$n=OmniYSBLLzDu8jNd-KiL{hQ0Ce@%-n>A@Tds5`i
zNapX!QGem}#i9%B7tsAwZI%G#3LoN_J;~3U<fjQWNegZ8Z=D(#n%$~cxXq<<2+lTy
z;M_``z?-tYipGX)M+)Ye{pbtqSDU}{7%)rm+aN@-bQwk^5XDzN35epWj}M|p*slc<
zj$tN<;;RKfG*RMUb`gRSs87L>`O{_6p`y8LR9A9h(jaSnu&>$LYS9G}DD{)15BDXb
zJc~|~UJOd<ETs{nx+uTSi{wJ_gvZnL@c4EkdIjCr8{|vI1C9AM0^K$zl=by!`(PLD
zElO)K!914cccV@XeyS@pqI=GJ{Tu*eTm>Z>XzO6gbzF%K?60uC5lC|C=5KRXWx{yI
z!#_=mH%XF4>j=V@ttp(N-`eh4x;wZ{iKgQ*+$O-CnXL#5J9Q9>sftc|5y-yT`eJK}
z3DRqL$DqIutC?Jki|d-K73BOTcc%>#s1|zHb86w7UQL(h&8n?uHA2-c)Dlz6-MNis
z&#iL$?ds`|aQf|coqm0~Is)skl~Di)uSUxYfWf%3g!2==nSirg02gZ}l<gv$JXhN@
zm=p{5OaQ2oe5}vPjl>Ebk?SWug~+RsQJ`>A9gy?jxe*Wb^BiM{Tk%vs2Qdl~mKpI&
zys#D24}K0}k9iJ1^z#gJ3`JILU|%@T`LW`v>|^zVAFFfRK2|?W3Zo3eoLkvRzfjVG
ztpLCDiwQMlSsR`As4rgN5B&m|QS$<R*cY}7^@ATP@^2rjANnx?+OQD%v65=UbM?z4
zmwIELs~<WMQ!M5+F}aus(eO<qQO|h|c&I00pXkg@!&EF3{IV~c=lZb{c+7&s51q{_
zmhHeV`@(r%k<W=Vt%r~W2TEEE>Ak94KUl0P-;<v==h^njS0-}~Z=VVQ@%f&4QOXZ9
z9@Z*qef8pLr~A$Jes$gR=@}+!sfd5{>~OcSRFU-t(Ym^2eruu}{hSEqLw#o4|0EY5
zCI1Wff2^1MKOX*k|MO8k&ixOpINtqyzHW`bK8srSH|{^&c<_1o?guhPP6jcCMTwpz
z7un=GdKRbg**m0y5oTHTo+r6@ha4|pwc_3Jl=8m7To=guVp6;q0=|8kO$!uU_*&Xn
zBy7NIv<<lndIEY`rw7x1lV6R6t#Af^&99U*T&Py+ukh6}yA)zHTq^r2bzY>&8+_4F
zwa^-G8nYQvPWEJV)t^n3JsdzjRZ7AEp&iz^njLT*MoMSbdNaCe=%i;9lQBAlyM4T@
zhc;eaEr%NztE!Oq1D+-{QmXlCyo~cxNPsq7`8eqf2f+U+zP)L|hPD|@<#FgRQm}|u
zC^S`a+~~SlF=W+gKT9xBC76j}Z*R_rN-P5w{P)wL;>O9A9|u=wz@*Xk!SP<SqXB6~
zLW9V$0}z~*XvEfJoZ=1ro7q5tynmED8)Lr^%Ul{Sp!HA+qfin7n1_H7AS7G`U~;R2
zcsRP<;854n>SXVCo$aHe?cd&dp#3qy<oa3nY?8f!jNHCmJQYE(llk>s2ix!uBx}hl
zjOEG2Ldi?60XPZ~CTRe5qA&yd(W(lOQ3g~EcXcKiZ0=s$NW?T_tr#zCw9itdhO7WH
zj*`m+B>T~@DEtiPPrH+8YJ?p#V3Ln)5*lonJzok4)O8M_*0eDbdf@_wL=@56ajRvO
zi*1XB+qm1d3KsqH3upDTy2VzNZ#mh3G$S(oY9Ny=`mD={g_-+!m3f7^?WR~`ocvwx
zQ7;d99a9)yl>af-E2N{j#=T?W1s#6vq&Be2{nkarBFj#PRmx*`RcaS>T8PcT!Nh5j
z5N1oY<>dXtK>F2z_C&n;vqbfzsETNPqR6(|N^7vQ#E=<^vv<!7a*eY)Q-?=9(zPLt
z$kV#zli7Sx(p~ts&a26^nL;}A0@v@Jtv=Eus8LrxfX4A?co_P);G9jeF$f=&(*DuG
zR!25_h|L`Gtn;ii%5?rH)o_Zeh(~1Wr^>hwR%wI~<SW%=fLG9>&0m`D`T0Yi+5G=U
z@&9gr-foxq|IdHs|3AjZ=l{w1<9>^6zaHFcKa5(x-e^DAXa$@<-kbk7cBjDUpSz6z
zd8K$D(l@eyM=c~0Xy&Q&3~1f)(_4^1P_f4t0hG=k=|=9Ks;A8?ZKh2{$i82?RVRmD
zqWw*Ex`T=u60q6qcwproeTnDON-KCoK|{BkV+V+F{S-{(v$S!y4k@YX^raDP*y41s
z!exRtTwqYtOzM;+FK<+}o;RA2Fq$`Yv0|fYQ0(@8SN*7{kFLwyd)kbEPb+gL*j9?%
zIk#ApCUQZn{C=|t%)v1CSkb9R>GxD6GH_R1ZqsW}^jWTZsYE_xNK(}X!rN;`&ch5N
zbsKeC1@6=|d)Z8h$Hp_eXc9w>C?z;;b$-{W9Ax!-6d{^5+(Kx!-PrPmr<s53>JHUw
znz5PgN`utX(&LOSn@Yw^H5e*-lfbydOe(1lj7Hhb_Z=9mQ6J$I7EBiU2q~xR@H&HA
zttfj#A#2{ieHpANq^)^%gTmORb!oX7{jWa%v$+3Z%)jTH{|_Fv%K4u^zyI_3|4}~j
z{MRc^Az&WF90TU_d+Ybr*NxU^8xMY6<^guE)A&NkT6~{@&2Wf;{b{@a8-OD?0d3Gl
z)}M~hBcq6iX^y^w7h_5&OHv#JZJ=Rd2QSj$m9_yOKS3qFqZr>G4SH!a&;nH3jVEuw
z*5z5;iw=*YZyQh$>IcgHW|;P~H|*0IM|m-&uF12N`(9hbj9nzLw#1kw^T7?-6%R6=
zs0OcStZ?b1)s*OvwZqFbOq>uV(E0PjC%10Z^c_?U+p=kSZrt4AljF|wTeYs_wAB2b
zA9bGWeS536f4IG?er`m9VZ#ydP-LC%lkL6zTQ%sO=SblS(6tOlHX3ySqA)f&4#obd
z>bGvS<P#wAw{EpXs^+8^PqMTAP#uVltD&1wLG=OtPK1Q4-le-XS?Vqi#Xm44^&ZE?
zxvd7}cAjYOHdQ^pz6c*Tsy8nv!}SG*RVdxO?e44pA3pCKG*~h6<2$C_3#RrvVXxeo
z+w?RBk7v+*p7X9Gzf+JJ)~J=zb8Pf79*)paPvO`8Fr8jCBQ)|+f3lH6HMJ%8j`qH7
zMo$zU`uKRa35^{j1$>RR_r8rDthJlbSI=L38@1S?2t9;Vo7alcfQApZFw&60NHOaZ
z*yXJLgT`W<T5>TZ$Mt9wUxT>>sBy<I#Z*03q{i%owfD$v7=rLUNl_3)NIVunMzS~_
z^+s8q)CoKN%peP6s8IAmFI%cz*n)L<*^G`(_IJAnhrcnJC@iBd9P~9Z2h{{CvJvS3
z9a|7p#~I*z?ge8tY1<fRvo7<f(I2U@b!>n(5RHFu<IxXr?1~({eYcg4SlOS9Lfd!$
z1Ml61cdj`7qA5h;{7DhsL-#k-F`t&?mSqXFi^=wRNcHTbhweV#KKTl=4`7mL4qS5z
z-*<m=c(lt}(=9F0VAxhC`kN>UYTl%HhCIuY;V3zXFOuy#35k@A)m71^l)veZe~j=O
zb)|mQN3f|Bj$vL>stK858V!SqT7@fZxTYymN5zVrB}L>8gVg5Yrs6L40jUEwZChvg
z^ptI?l`v$Hd=-p{QAPZ1XJ>csh^EspHI*!PkzFQaonhjJ!lNitJRSvS;~+{lv%Fj}
z*i;;9sKWdjUm}3_6*cbArrVUunM}TGwSV<eL-z>=EPF;tF1PDX4v(IJ%}M9@c>8Im
zyZ7|q@JRhRIPM&s97lhQy!TIz4xe?8e|vn=d8P$0T1XrS3jNe)Q=&#PX*5|cZeZim
z3ofNs!znee#cISy^0Ytge-9Q#_@g0B#pjcJI1BfQ5wF+30$=s*gPl&}L!1DnwTMoE
zeN~gY+O9Jz6F33PQuB?-Uy|Z0Y<fP)dfWZ}MB#}CpvqIAVg^4c)&K4O?oUAW4~Twi
zu_wBxC80g%5cuh+I>eS(&F=NDM}4B~3Vbk{cnl$dz{ucLcR4yu29W-C$HscVc!<c+
zvxBY>3_w~?;)Rx7ZbE51RSJao-wZq+D5?t24~`Wd`nuB}5<SXchi+Pe1u;1S#p-v|
zJMaym68sI?<gcn%$K=kE1^c#SDJ%3pkl-0aps0Rue27LYa188SC^~qAsJa6$CprnX
zHc~ea*l4;`c`sGVGRel1p@JDa)j1M)1Jqy+IwxqXNF8LFs%_3_aa)~mej{3Kz|nok
zGI{6u3k*y$vo)gletV~JpL5dA9!jsLNPu6N4Gdy@8NvK!k3fki(+R`HOR}V!w8u1(
zTAprgGk7k}r0oaCFH*oPI_m3cwdorXFZK3dfA8SyXNS8l_B-9f=MbkAgN>ea_qTud
zTlMux=cuEI-SK-L1tmZzF7j+M^uk3zC~}XZIlalIqdvxyiNFDb4S-Ik1t=~q(d(f%
z;ZRRxc5{wYBG(CJ>$kf=N4jGOl$93shIE91eKdjuF!2b_S15^i%B8g#zO*b@GKTN!
z<TyCqLGvDe#noPeA1wUbQS&xO23FiE!{B&|=%k0ImkqRC*pXOM)m$^8rq%P(YCb>O
z`)2#36aBGDM;xj|fp)v<Tj%KL@Q5dVaJ-u+(vn?!gRScs(VTFMRR^H~pDN|M4LL;2
z(kP@lC7X^9%?KPEA7gA_#bf6L;w*bT9n-_TG`xZ2>5ujFv|X%nxi;*D&Yr(NR$tJ9
zD^rxPW*e-+GD-yPFenGd%$pnzXs|Gn#s_0G6a)HRJOxyJ5|2iwIwX^$1bq*-f!G8(
z+qI%Ep!thWaqkLE;_g1)>-HTT^pMQ|q6A5Af0JFWuCpnsq$3%Puyzv)Od3I8U1wV%
zy*p*49^m)PjG_S&hmiQmcb0$veN}Hh+(_RK$4#&)7yhsS+F9Zzx~{uplu^Pv|I_?a
z@bWQ=Y@*tRjRWUDz&&kib<}yfcYJd6+r5L`&bKTv6H*%XCyi*3lj|>S%JkdN*f39r
zBbLh>UZRmyA-Sy*MPri97;*15NVK2k$)q0_F*jm$1KQIN8;P#f32m%eMGg{}Ke#el
zx42L@Y4S$)qm?EIVJfE+;N0cvnjUI(L{eNNYH2j!YF)k@s0r0W?iE^Xi<dW8C0hY~
zLrYENvscii;$tJt5_#=*&w5c2pG9h@=UIP4F*l=8uGe}wk6uYKvux!YiUEI~Kv8Ij
zvbO?t6b^W2y&~vdtI@r*H0*^p)l1VV!4?f}k<7_~)$eK_qPt?jILzn7;%=;1HBdD7
z9V^lGlINhjotd){E65K|O6?TP6yrESIVuP$qEB#J0s5a^SRUAPZ^U-8K|Y>lEEH{J
z9Rv|t=oI>qY=Nt1aODQRpz`}xhhE<afhaM#r(d8msmpt;Yc(C|E}RzLRxA`AfwQG%
zfTQCaYj+>f3RxIKy@w08jhj0R!>$z!RIe8pNem0KYE*DbXUqaBhElnqg~mxt&Kx%v
z+)(>q6a*35*<@wh1!)wcp$JG=*yPQ|PYy`5pdX6I0CU<9g|f3Yb09=R>oLs$W<Z(0
z?L-^kJv{U!mHW<YRIg2UoOIFk22TgExbM&REl<FCVv<;D^}hU`#5jm6Nl`f^!hiq{
zsvp*E?(KKfGld)jynoVf6*ZgG_)vvoOl=dop$7GYIZA~>&)pJKR!Q=jehui>Y)~ER
zz}W$?_{mkFIN<RJw#h;)h7&j+`r!n2yrC37gX*m9ldq0D&l`yTD=Q)kv$>GZ?F>y_
zQ1dq&=1T973(%|Sk!lW&E+63Tfp(eGHC08jgBc90C4lL7BreQUTR4gpXmZ4tgpPJ=
zWYM3x8%3*3jyc~A!%?0kqe}3@$Z(-&fE|&fN@NawoHeru=r1Kq3$tQux%VlIlxsC&
z9d`GQ5R#TRG|sJf$#U?`-qGO!G8PIZ*d3I$q}9Ki(G*axchwaUN~Qbt+E~#nMH<!=
zGt^KrstM%FmozomYe;#bHy06_xYwKFmAJ+MMqM6G<ZlRb+%_O%o)oD=Tb+oV{^diq
z@}>&Vwfk)Q=xc)hLU&a-UKic8B8P~Pp)kyLqhA>!TXLn?4jrUK7Z*-Q`k2*|a!(*d
z^RX41Q6<d2exH6{q#2dfI)<icbfGy0`%!T3#X5!sB@yiRSq4zVbDZV*5NNS`02)W6
z0AXRJM@ar9bFh*Ez8PG7;oojAI;l3a1G+%A5feHW&@H(@ifS7GJ7E4x+ulbZz#w~)
z1Q4uI=3{Y6T~H;=VUHwM`xI#=+axxCrf`C?0Onf8-InzZxR%a#M69Y^ChdKRJHXO$
z7!5LA+?!pM+grwuNH3>Tz&R<MPMO!rNe4QZjz-rWmN=PeUITN1lbL}n3I)PMSy%SK
zjnaxa<+wT@bbC*MY#3ld(MH5YAUGdXU4ipIip<zNs$?28Bp;358s$3v7Jq*Dq=q7@
zE@o(O^_E_SZkKg}0C`H<>4y<^XD+%{z;7<PhHyTNy1fsNy8^@(e{`4jQrZ<L?3Op6
z|4Ff2F2f|tg25LTS&Db2C=T;tHv_?7d2QJdzzl~`#WcgQ2eWW>e6~+&cC1)C1Gx&k
z2p;J-MH3v0a||tt7WJ^a89)!l59VEr1bTZ*%j%6Pw9$!mM|`5rKl00m+%Wa{fGU2L
zN9{5RF0|~mx(l(HVV@Xz$CIS2%`T(wTy&hz3D>wQiv_F=wYtAnV-dF3wBzu;*h(!p
z7KljW(vF}O)<Eyeg_t<ic;pS~yX8;w<(D<l+YE6N_a<ajPm@ts!FGL9ST56Jwpotu
zHtv{`jgo4I1^M@0LKBow>r0J}7{P-Y#?CHh+js*G_NVAxuQq>j6}2tx@bSRWwQ5~u
zXE(f9?Z8?U*=d%Ik~lT%WfF7`3sRjsu?B)#a-cODiVdl;&$6)_kxw$K@D@Tlz$Nxj
zH5tw1UL9%0-K2~vXr(#Av>W=AF?$t6GSFHfQsb_Kcm^oAfd(Hk16eC-+P`@<)V<xu
z<==bvnRaIFzS$C|mOx69Cr86n5GzH(oWyU`1cy3;)Q}qlQ^{DnsCXFQ?C|jFmg%w~
z0vkbT!&2nZIoECo3C`6Edg2}29<bhCZ!UNg*(i;63Q`4ZC{=$5s6kpBnu3s3DRv-f
z^=Wz)+zb?^h!CbXS5V@RiwIjnX4Q(bgl?RUkRYm;I1#fmmXm?IsJ9LVot+oX9hBa_
zf=ZPMhon~D!6OJdsH?ghj=w~_Q}di;Y;YLRNxBMiiklV!>o}RF8r-t<jJv-yOIOu1
z2C#GVEIvE4IusZ+NE5<@btaKiR92u7U>$6a9QPddR5~dIoz@_M7_Y@-iqMooPUyx?
z*GaC5Nvuw<F)A=l6Fb3o0uOc{W{KY04CDP3@dVxvriYKBk~RGxNiVAcQSU-@ErsUd
zEXGR_M(jKBL>|+S1{x_R#DbLXLN~8^kyP*AQ?ccJ{Zd~Yxa5cCX$&wBk+mpCPK6E(
zwZafU8NBz)A(Wkg$zy}MiRv~5S)&>;H9eD?x<mxl8(}LzRjHg6c|jFOKP$o@ZUu=T
zMpx`Ut2x76>pr8j1P=9b>7O1zb)yi8l1_LvCgI><v?VBX+PvB5zXySrp!hJ={afWF
zMy<{YD+5xy+@3LNP)}D@HkUY~c@cG=Z|{7){j>x0L^D;SVS<y*>E>dXDvk{Y0inhk
zmEx_L0}Nqx0buYLY5`^9sLMl`!;f2?)NGcVj}tE#IqI-Dm@u&4*}!AaKMXfcoeT6Z
z+egz_e)F<)&^e5yF--}ISgxR<)%lv^b`K4{6r>PM>J*v`>7Egk_rlhNOiXp;I8yL8
zJoak83mlYV7V>oe@bUKkF~i27Ma$lGFyj)A!;A~67I`ol_6pnqB>_R=R`tFv<6U?q
zN~?g;z$6N=U_r9ZoAU%M{OG-wL(YNEiEx9nTpL6l4D2e%z#M}n>LSHU{$V^C{vjzb
zt0nHwv0~a3RR#ALFkfN<>(jBfGYF?SmzbjQp<^Mf$UsYq@ImvJJb@?}l`(x0=wSEG
z2L#~2$;tNP{f-Mj-%_gO*gg|ho0sdfQ(#RA-C@B^^_jetL@ckvN_hFZVg^y{A}KOw
zPqD^N6jFAdhHQyG0P_{a)2rcV2ufR2?bj*cEhoZNyk|o?j&HyC7H$V_-Ku@xs+FA%
zOYxcgTP-zRA_$JtMtZsMjkI&LCxc1@9EA~po!oTzhS(bWT@EK1WhU12u*8@Pmsi!T
z<;>a3p=9@jbeJL~);2e5(do7N%ivQ#f!Y=jU63Ead)<`P<jYHMd%Z$t0>UUkexC<L
zSxxut*f&@ehT9((=J{K_f^#p!o4|=2P=)UX8$#|pBOUmD{JIP5WiBG$vniHhpsih&
zj#ZBIgx=8iis0kn&QvYGGorZEB7N79)=6tfZ}`W8ok^=>(gs0?P}Nl`H^t4W`M%S1
z?oGI(O$sv<ikhx@yb90KA+v^p7-9-!Z4hbBvVE{<on?@!w~AwS2gaGRNZwhGD%%mf
z;sGyvj959uJNHf@-Zi2$D&wtl@kUg2HfzKRj<?L+$nqu<`z%3&2|`H0=)-{V!iPcN
zEMvQ3u3((AHDay5Y?zZ64VOqyhK98Y%~lyst~!+Ui0hjMKZh?h0~Zt!oh7$*B%O%g
z<Wm2*;vShL%&_WK(kV>~7&hMe0E1-#gahWo2aytQ$}D{p_AtAhC)+RfPq;~tg}5=O
z5@@L>n%c2#?Rbs3ZS_QB7)cjQ%z&jGo<$)2gD0LbvJB{Yt%VfamDC)9?L0v99()ug
z`NCn{Rus4UL9o+6&6X7NBCc*(Y{wGwUnLo7bJpsG?uUA0Drma|0>m9wx98lFEzFI%
z#DyrhJ`EbeE)q<D71hkN{N!y<hp!IW+b)->+t1No|B5~{;=fTm{GUAjTdVyr5dZDx
z{0|@J<HUdC6>nZf?X`BB!@srfwbmj1_k;Tz4@2p{Aq|_3w{3%h;q9a1<05J_Uo;%-
z|IOaJHnedh3&ZCt{uN`+6QcnMkg%NujB_xS9gewp0VmmYyz(FoFt#+K)r`1o;`7_z
zy7hHt1lZo}bDlTajge-$t8dlSRn>J-kplY2l=<<~2GQiK^eo9rk7k8lGm+P*W1o>;
z;!9IWIM29W&cln5B%ELd`uHbKUN?;ndTFA%jSM?+-k(HGu)niwr5S>%umA-|_~9&+
z<e?W}W+^z3Q;;+=N-K6<AWsjh8aqZ~wmn*`MvR}UtE;dn?gT35g<KjXdC+L%`(QEX
z{GE#v>jjc00^kQ|Gego}gNl;F=w*^~9Cl&b4?yfMI;ST=W18m48M0^i=E@2OL-r1G
z)icgea<xs5uP{$Q`?2EEP=V06!uY&TpR(m1h^nj;{v?9&Rq!PEPFoROX<d?X%WcFI
z-uFqc76!iu6#ExD*|<XP^1D#0BlJ9zORPPl(~}N<Z&Zu~`}-6jKM2;^N>o=d*Xz4<
z1?9gDm%gKZHDY0Nu_L<CVRqK3o<&b4>*2a%I@(_6Ezn;j{{_Hdx0@aK-<tgIq4&Q>
zH~f!)JZ^s3{|Lyp%`f}k*8}oh^UMDC{}vG3Mf$D*@TNs5Z0|%sC{*ANgQd;jyNv*`
zoxWI?sqjv)@9G^;EeDA~bfOF?2PYqtJCM-8#iFfLY5GY=_7-fRf>fskE8pcuC$vl#
z)s|8rP;><+5Q-wFUL+48Bvz3(d(XOuUMUzsf?;0be>76&!V5HLRNuAHhXM2K;9$4A
zweP_>(Up-doapLI1m)VCFRGPQO*^=M-^nFP;CFXk{&@W6sC)Q)>v+p+Wb8CDHjPj*
zFQ5tX`;sIg$@|%G2*(f!Cq-KgN&`OYJCOBHr80BY8xFzFz;*n}*<MC+nlAE<jup;r
zF-`|#4%Q<t<-QAHNy@q$!|PBntq$d%WV7HKv@#*j$!XK_1tY&IQ*GgD0VB5APkvbl
z#Uu9mgzhiS<13Kx`pF1RN*Ys?n#?w)w{)aHR~yjfBAX7a{x<O}Gv29IW42>gTV2`W
ztYxDS^qf}RJ{XfcAEO3_;&|(00jIF31`z`C^EW;r?I!PgO)BGG#O7oG*atI(tONp#
z`XEdy=gaCu(>fp%40)E`977)Qp%oW7VNQoGT6Qtb$e2*$NCLm(t+Gs2+Mo0!@v=Id
z$xvKdyRtKN&Z%zRe=}HU!oPj^_nTArZ_J*P@4v|xBz_Pnha5*e#8wio#lUl>@_$q`
zfm7-Y$x~=@Hg+>b6E%^!P$q9m6Sc8X<slUtqiuq{@XdndM{Jo!TghN=n82YlPVnLu
z{82mEnN5NuBy*8CBh^14Gz<B{x_;vJ8so3PEWiXba1xsGSQ8Afq&B_B3iFM0Ivj@c
zrjRvLxmDL1s>*z;y3}{Oq=P_q-dWZ0!RkBNjSb!xPH$nk!qBVGe&>Wz^txw-O1z<m
z1E+_uRB}kDRnioq+#`GX{FS<))zi;vb=aFmeaU$JC9RKZR^{QM=yAn<8Q6pG-m$9j
zTm_1f#2rM@Xrn~1TgO%wWEjpEwq<cDK{V&T!MwN5INU%KpS^V7IK!~F@i+4~LC~q0
ztL9;?5<8*2Djej!=)LKDA$Ib=De`WT%nZl^fQ*+qN`SK9A;}Px;!l=2XS&oDOrq4!
zgjyi4z!wY$Z8Y@i4H{yZV<WdQ(h_qjY4L4I@$&L=g-uOPVaseXEx%DKR0z_jK|*O}
zGu%@^Q&6JvQXfvxhW@R>WMOMMWg5ZhpHI_|335NwpKR)7+sm`*q;GPL;qndR)Udo#
zfS7~L1x1#jUul1Q-5_vW0vANp_B=!<x;5TNQ0uJ}Z5dj}!ndTBMDiTKc|S_h$c`i7
zSY%+HOrYi5K5RtTvGcGB^4rbzXGZZ~3+8Z<Q4bY{%1~@acvMQf|1UcgI`<rLN=V9l
zumH_21Xk*GK1$I)ok8k1c)+TOn>Q8M&Hbr6|8}2nyEKL^cZSjINgI=)#Z}20S2YQ{
zhMR<rnpQvEE0=Kk%LPhP{#Lfcy!dy&GtH?PjZ@(!^0Ar&_Epi56mr~q<f)AKfy_dZ
z#<Qncwfid$<5y_bn?NXTO(FL|epb%Ef#(9^{=S83?+lB|6F{;MNJU79Y-@Ab6YeZF
z16r#)tb}EWK4V!tNH7!g)`Fq*^Y7OBn$L~;|F4h&Znplvv-<GSw`KkR!$0-^f5fLk
z|9{T<|5efdw^!QV1?~3w+PCX#56k-hV>F&14SK?we@XmuH^sk61Sk6K^OB;zlnzcV
z18$uUjwHh9jC)8dMjl)w9O{5#2w<=6>?K=A$GzjNmvd}}_v2xA>$$l<*nhK!FOTLL
zsvPiQTL0c9hXmakI&E-^_ZHpsD95i44~`F9AkO<YuYcOwwcdBU_s^kMueyJ=O01b~
zyh$adKUy7HIvcY%EB8<bhBH5<vM;weAgKOg?i99J$?#*W^ZV35rS#6Ds6WX_l5Vn3
z2Ibe`H6br<jvXmgLVI4gA#P_*cW4oVifm}zbzyx+OTKvEcl4Y)nqbtX$&~GDNA`&2
z@yl%~iHEw~HZW`YC8bxXnpH#^v$XDHB0$ssvp(^LoCRFn){BZORT@={BNvcv(@gwv
zban=F_LFW!&lGDx$siz~V~r^FWrJW9#XWzl*rcdVv2%8PZ1~t}83S`qvK$w$i1Ad#
zjc%<{QLr6v7S4$xH6vx8QlExyNmj~L7bZojTV7b}%JN6YhdcW(-SVu8tSrt3v`%Sl
zzEfENow+e|u3JaBDpghyC9YdT`$|<-Q94;~9Or0bT{93OL2h~1=dH4uqX7=RrIk?E
zLJpnfWiWFM_y;7h!nCW@x$u%KmV5El*wYDTl+qIFQOV`AzNtN~s9ZG?2f*0WPiyLH
z409@`rs5>J6m3|!vPQRN@WAOej6Any+|+M8aNuFN3#YAVO;gSg{l=yS#MEtSYFe6F
z4fTgL%~&X2Zl*sp5YB4=n1%FfpPR}jHI>a~aaQBRn#$UC)efjwigP=UC3?F?z>o{p
zD{4e3Rop&cK5X4nzGn>;adqs!2jtv_3S#>_qW+;&js{a{AH<WB51b{_x)ZtYZ2&C7
zJ)wPsKQWy)ezAvi)<0h^oOGzv+Az6@Q_N9u*1SVwSgLW$7I97h%mC;5tmzlyM4k?%
zKufhUnLq_%qHqwKYzU;H*fb}BQ(PBrUh%+w)3<p^FWaR0aDeqPy@xj&SL%rdOJ@e&
zDLVPv?hJce0ox&%eiJ8mZsMe(2{|u(;7aq=ya_yKhP4_w>vOVJ!*0NuUWI<Ud~~Y%
zE~;V9`X-bP{a#J~)x9!veW!jE=l|-C@rirKZYh%duj`g#Q0~~VfBkeJr*+3pjf;PE
zuSmkWO|R}b9fL->Q*HdGqdMlAA7mZs9p209M{Ro4);-SJ(&1n;$U5?UgC0W{@d?T@
zwcX3w(mOt{1_@@Aq6h;(=5rK7kZ?4SlglO)WCV!y062Eh&62=?rtm1@s`#}*BPaJ^
z{_WCp=zQME=lI(_4(-n68sv{ja8QX!55sb8Q@KRi_!WOIqb9#SFTE8U;n(s*52;YG
zk*QDG%Gm8v(J9;k)s*v#p?gRs$W<zv)(<nahUt(jbvA=g3}>)&R^u-^c2#+wrM7tc
zr=BQu&q#U-508qEI|JM0S1)7Cxt?-%iet1oVpS^(yR5Vj?JKojmTixv28xlpy*H!i
zDgq8Z4F=QE=-Rz4fOpAgItr)&xt$sC;(;OJDXZ088JraMBIu)y;^ZP8@KeXm?L5lQ
z<*Hiixaq<QnRb$Gxx*XQ1XJvSNdq{1PWx`(ykN5VoZO}j&#Jk7(E#iE>bbKJJWp?s
z*Z=%kdOyti(QqN4;O)1XD|vm)2(BHNs$RzFMfH?TX~wAQw&Fv(alM{oMMm_eLZ3n}
zE0igLM$M1f=7y|eFuf$K;>k7L=D1<GcT$E*4={twhM56wXmN4uhBeETGZZHJNCt5Q
zRLazj7aHiHq9WRlnVw{0&L@o9h3|H-po^!wS^p=xh0H({p5$tm8E=>91g~Of?X-`j
zfKVG}adFD*s#KR>CfAuMs_p@mk_eYeSGJzXyi#IGI2Yc3Trk7Mhid-RZ#@Inv#|$b
z?7>h&mPZIerdvOPt>itnm0)<&%Gxj9)9G|9Gr$r&wyFlFJWW)|5eA<g<#zQX??Hc}
z$(j8S_7agg>@Z?7VT!1=Mp6Dzw6gJKD=)5xs5C<eHi`df>u~GvW$(wWBlu%yj+PfY
zNBjjdNPDmLyWQtp>*2kU0!}dJHyaV4brr!v0x(XBabHE=#_Kn>)n+qn9l`)3gY_w)
zpI#ue+ro;ssEUFgdE-czHZ1+-*eEpp{=XT+9-g_mFT{fl+s)0PlaT>>0*|uG)Q&r3
zRHYh*a7dghOnwH9OY|S+L=!qPgQA5JpLt4=&XV*adidduK376lCS4_Phq8!qBQ`4E
zkiwbo?f4EF2qV!&d~NB)p-V`?9nGvf6lM9Z_vW1Gvaol1!`=ysAe1%?f+!L1(&}tW
zv%Eld7nHu)%1vP{nl$_t)8c;8P&O*icV+`FT_zp3OeHmt3;f**_>2V(boGPO=DOh_
z_0RyYn5Elkby4wQv}UcR{bg8$(1NpjdpP$i02!@4(tKwR3Fq`Gz80H&>mYYk@fI@f
zWAZ$?{Ge@(8Sl@dBsKYUgY=`dn8n3M;&-5#iWMYqM)wb*(nUnbP2Ea*AF<XaDppaO
zaj$CoD<nQ0MrT6L+fSa1gHar%7~SKHbKx|`p-LGk9w#t{z^Xq)nw?_n5*p~NLo$v!
zkMPw(5KSi0wR0p_@jHqnQE3S<M-|B+gKEp{%E8FL@BllV#L|N(y$<jf#zm(qPVB#=
zDCJ1R>Nx?dI_lKfY4t;ohn`sj`otr#$nkp>@C(S;gxL$kfpbZY*dS08Ch{`6#>gz=
z?2?bsj&rRx1UQYnNja&JoHUHym0&!ee=#P@=H_aXonFv=1@n}kuL_q6u|Vj^Da9r1
zcM!bi8nEIhfE$Kc*0NFHPNHJ)we?glvIEC;ahjWJJn)>JLUQ`w>7lMDnB^U{VX0H&
zWQa&a{nJh|4fu)S>xjK)pt!Gt*`72TRV8bDmnzG;PC=DL?&|$e3FOu$^>*zqGIiEg
zF?akp7ScEN<}Sv5Hn7h&xMKsMdpft=zuR2ntAA$L|F9hN6&!$P+yAUSdbGOg+5f=z
zM}OM?{1G3={zt8N^CD<3uYHRKK#x}1?UmK<g7)|84<D_sJ+5#7zJ+m*Hs#?KDxGc}
z2U_WgGTS*geBM0_4qlVS%HFOz#?0$pMoDb)w`iDi@Ot~;dG~0ktsEQY_YQvQQheTd
z4ASt*e8rm>^J{-ce!T3m<&FNuQ55t~Qg!pMBlqQzQ}f6vy5IfTskr-szimB#E|1<k
z<1c$}1i<s1pXAAblzDydGk<xrzb9Z1j%5hleg3k2u)n<}5C41bHGk>;MM~+?{P(zf
zbZovsj|IlouJqw}YiHN|;)KHd{l&rI?!m!p{p0mvSAHBjuK?)oj%sCl_u!~&zP>q>
zA1pu9ck~6}U_uH}vhj!*iDuM1Y4)2VylDhp;>nY5$wRjh!Pm$9^#r~?<gb1B+M%x_
zWHmhZS4JCz>!1xI4WJ!=j)Pze|2~u7+w?EinwvxQKH=&dF@Ms@Rf^trFy5M+9m?PR
zW{_+>+YW=dImGAJJw!<27@OrvubfK2xJVsB-MUI|%wKBBu7pTlSI_UET@SXyP0jh$
z)W*5%*z^{=sh_XP4bq<S>#g3<;89(Jt2d1BsAhzIgMLSkYC3w;0xF_$*NH*$a?>jK
zb$}4vwF;1|yH)|>cGoIE2JhU;!JWqfr1h@b1c>lms{pya^JeVs-&Ez$tHMV>9g;c?
z<<_=<)559Kz8SH*f4OUo-Qzpg==wGM@%!5b&$7>{1KaejI~32xyVg->>RqW1pT4)k
zAA4ElH2$1=c&67a*M8mTYTENh=hqWHp|09~&7=@Val4c1%Bcjr$6XIN=2A#iv+=)Q
zAiP=r`*H`68{$8G`?%97$$t+!f69M<#HULBJ16-ML~!u{SzBp8L;-O1;rhc050C@7
zFjbBp7s;fUMnm)fI0w%CwvnHd|A&Z(=Vht!yvEf7Ma0icfKZtfAqalP>=XGE?Mcol
zW0Agu#ta{^u{_`_%X}H?Y+<BHyWn|rK>;DS`<%E=`CC2?PO$Ut1$Q3wF@6MAqmtQh
zm|dc}i*E(i@6Em6S_syI@2E2TdWOHgSHHHMU(c@aXPe6g4J=FX4WLw!ol#it5Q^no
zPKNXB>K=|n{nW`!D9fpd5CubtugGrv)rQPa-lRVBeB296j3|7nr;DF*nEhAF!7D5f
zUq$_5$anwB27(P|I2;1O*F9<E89!-3S-)Q=*LYIkFqio4y}*CpS%fzf(kkhnWBv1J
zc<QvxZDI_|2~-?sDcV%sv#d>2UzYEEMWiD=Net5m+i8!kXz<YC6HCtIPZIkj$|<0@
zv5R1{1KXO1t^{x%^xZ^us_;;CKVP;l2ab0B*6nT2&3*4ac~*XMH8<Db(!r8E3f&@G
zb93L_a~~bNo|}7Yp1nReqDQOF6R6kVHwyB>>(D8&EhV;8fi3s_GkLGOw(Y%#&eMB6
zQ%pr@(JSU>F}RE=>~(|JK4ia|43H&F#+;{!0<h>xO`3kh(fFFZQBOIJD=DL&?HnKN
z>>sz<vMb>WnL+_@zN$%1)hq{3yefJidt1MtnE@1$PXq5=q#E98_$70zsIL6<X<L~w
z5n3@NfDIv7j=dpw*V<;`K@WO1qcvSZwC8@&t?~%Ass`|^T<%#_x$SbfZ7RpH+9;MV
zUXY;)2!{lIpDqNl7*Sz%i&(uF@JFxOjkGyNZ<znV|65c$Tn(Q*NkjN&9L{WK^;Yey
zN<05!8r8lE?x`?h)BN*zIQCG|K875tgqPi8QF1jBXoGI}4#wMn_Dz_xBz*dm_a9#O
zar?3jo2#L9t#@RBX_AXjLiUUJ_W=(=)f0HAg8TIz>`rden!aX`!PH5y2X3RPvh5xL
zLm<>K1K=x4-TN)C^IN69Oa11wzUNy_1~seSQ|b4X(`{X|qSMc6JN?Y-^s~xNL;dDS
zeW#x_8Pu#!pGc>lIi1!uD>}Vh+v#nu)7zDu-k#m*?Iwe|O{ce=PV1UgGksM*)mQ#p
zUsX@`)eW<K)f8~In(r%j!cFCh-sjSNdoV3SUQ1ogRbNflp+?h<`o+_55-wSQ?A!P4
z!|v8G;P12TM#f6^@TTobqn?xam~N>^Z;ly-3^L9r)Ypq2R&@4?JNpOpwQp9^82K3Y
zC^pWBgTq&7ZVmEHt_<(VNCZef95ieUqwHRT#;QC~!MGh`dN}zp^+=;l@je-CC>jnQ
zGvt)367*<xJ2KEMP&-Gj(Eec#%^m>x2{J=L6J|PBbXq9peJfyK{P0(e3GIlq2;m!m
z`X2?$I*O?zbiG0EsLK*871=8ToSUR%LQqVb1S&{}ueP|`)a&1MuVw006go9`EEb&N
z5ew{=$Ve8r{R0fxJ~yX$4-M#$qq-_M_~=zGp<c~W0Zjda42(jmiycJMFkswxk~z%@
z0+0zq`amICu$_ArlYR!GNieUjHs=w<bvDI|&Gd{Uz#L;<O-HT`8OaEEJJtFspL=*|
zIyVRWYd!}uc7KvkVxxOs2YRaoU6;$Q=E~ySR`6`@umSsQeG{hR8DJ!QxCq^CNtr8M
z2<MShc1}6G&XS_Rwl3RvmSw~6*#^akfwO7cUs`gi?eFaRomgI8R(-+0X)@F`)J2wG
zg)ADU@!Mzbq*M3o+pE$DUY-o!$|&B=*}&;er#uSm%3DCI?a+pQRDy5A<$7D8fq&$6
z-gLUMY(-zN56=WN_QvXrx{xY&{<lwJj<y**YdUrCGRi5B@s(w`8$spZrRLW2=M}Sr
zodY4y?i$}k)s=1eW%u4x;1HKx^vgcq`Khk#N(t^kZGXS<%f3GNxvuQr{jzWN_k2`r
zd3$L8;MgyMhL)<7?1b*VUuYPoXCR~i@wbZJ(|1VKND4b=nf^QEZc3H^-g}MZfxDQ4
z4Y-MaEr8v>7+|<f8$8%eL9#ITpUq%PXejSr>GW}By(d9Uy&y2dt*%+uqSU-6w?SN)
zs^U~OXa=5aJ`J{=Ue2KrtGPgOn>^$OO&xn0`D`F42;-hyC%JP@7HvTjx6O8|6RJJj
z;C*DheMTwuc;xDa$$*kLbTg`|S>szKg(p@$r$PtL<~)vZX5vuIn%w+w-CQW)(k9kG
zYekr=<dkRN$qzIPqy#iAzXgIZL=cwN!c8jniMu2>Q7+t;f*V-Krk2m?2@{<)djOrK
z?ebJIJOEg0(a7BgP>4F1idn5G)Z3Id?xLEDEsw@Fwqep2U%Y;?lqkZy1dKayih!S#
zp!S*Gig?Av)#u0wf}+nD-y%^jv$MsNGy;vMn;{L3Cs6LYN+(pGjp-Y&$Wiv~v#WPa
zf2q?@FE3wzSp=jRSg6E5o>69K@v5Qq_!O|3!M5nJEN*N`O}C+}bHBcNe;@EQ$GFyw
z#W2`O)fH}&IEQBvh@V#V8D@jd#>>IB(q$VbCEgV|^0&(Tm6D1^DMl+@UDr3m1PT2?
zgZBUn_3z{()ngl6jLev40szhYIrEOK;BDv*nyqQwmWCL7n$(m8fBBv>GM>zev0;U%
zPggZ&P`qZCH)5cCVq(;Ij)TT9`AD}IYFMP$+GdDeo2rkcHieQfeo}AUifWrwuLM=F
zBLQyPC1~#6Tl2QS_X9A#ZPm&Pbe_o2jV#H5n{VP>$2jgMrwMGKOB5jbsPLy*$JHhw
zOG40MsGM;jtv4w2IzXckBxd}03-lf%Q|1dn0|`Lr+$2#S?WHA=?Zb35{_2+rEMypO
zH@nsG1jW??2E7~{lTwjx5E9rFP>0l%tF87rU?SPM>4%-x+Bz&b`pP-aAGRK?!wPxN
zgU9PmtB6TjTH8{EzFimD8T*K{fpZQb59TG83z4nK*&eD=(UMc$$+I(uxu3$*ncPUp
z5KrCU`=z`RhvgEH=^}*~#<hWsaf+Qc6<-Av6}5Z_6%~*bTa-qF0pEe)Mq|Vc$6uLm
zhZ-ZL+_J8Wnl6mdJIpU)>9wHtv&zacy-hN!cK|$n8axckV7BiLrsIRbRo>EY$~|Yb
z$78R?@r^aUCGCtq%eS-^R+-O8Q=uJkNqJ#NB>5{OMLbdgw5B6gyNgp$6euee8~H6w
z#O{lo?(XxW-s|pR@5Sz$qaWuUtr{PLKlc8AhW$s5X_US~`mdYpKh_?%+kX7d$E$09
z+JF2JAIJWKSDdUrbokHjSK8kP?X~qs->$EIS7H4Rv~3Vg2C)ChIW0X4j;?|5jWBf}
zuoBm|j{m75d&ZMV>ZSA|Kl*Yuuo-E-%(EgH#a`ks9H!@ju)Fi@hO}SN^orW^B8$p1
zC((D7le3bf`tW>}C<m>dCmIBB3di!B_T$Eg>o^e-DFJwWqBdw>g9&eu;nRx3B)9#k
zkuOU8grzDLnw13IPHST#cRRHxO}m$Q-U@m?|4qIge3Q>N12qE5$HD3C<23YYN**$-
zslzTyC)T(VpGxx>U&Z}tQJKuQ0&Gs0*P#5C*|;!0ZF7!GNnPM(Cvh8;sOS~#Rjrsx
zRZX6hR&#bU4mRLhNg-`k9eG$YhhcTMsJWZEHOWRdcFV3%WHX9)ZWsktZKx(O$g49N
zd0si1Vl=KDj!uO@&enUc_qX<*y?KGRAMcbaEg+b3XJ<%~?*X2hR6p?D#xNQnV<uwm
zG*wZ9D0LzBAVT--e@tV&5N=9UGcP)a!Yn-EgzU5M)&P{`?bS;bN<4NL6rwOCUm&f+
zVmZ-{+Xay8F=kVJ4<usdF5ZqB-_VfiHNtSkez?7Ru>FczmZR==#qjwc`Ry}ha`cx6
zLcQ`F`>Fk$DR}g6!F3!>Hoy666J(3DIN$tc)C>mE_2xH&W&n~Iy!x?;Hf5XN>;Vag
z`<ve!krhr5TvD-1l(4Vq>j$8}`5-Sge*kI&MLtu$q9e;rYNWFA&T>rs7+*8>Ct6)g
z!}zVjJU`tp0O1|wwT|@tvwDDgg%6J>C`eNvnp7gU==k}((i;+FBW7XCWG-H`Q#)HH
z&E1BA9Xq@INX%h5iF4J4pW>X`zyaivAdI7ga-Q<w2lzKwXF`%$9k+6rS7kV+2EF}u
zb{7m7+^O@FJAu2dH!SLEWod9^bRo;buuw^cVIAxUYCtP3YK&^?$Rptl+J8BMFQX*S
zk+lP!ZGa=A3($GfMb(diVkYh~bwH{J=naQku8t}HWS{@0&!iezy<QO%RzV_e{5&-D
zmFE#oxF*$UFmGT*Feyfug>0l|f06Q2E!@{>Cf*!x>&*e>puw{dL3&WAd|6JGlK1x)
z+!QHRO=52C%9P>)U#XN>cFwhdo!6qwr_ow7fJuKe#-wudi^aSIy|vgoHd52+%;CiT
zUJjb?p-)EGWz%ClRtrVvfz-|;!#8R@Ek>}t`)cTRA)w1vA^25Q2&uSL3V&7=0}^h-
zf}fQw;vr#|%Tk>s$tj4(id7DOF15d3U9Bp6>9&nOYk;~1uf2krx=~>|i>%W0JFH;H
zX$SQCIz1Gj^0O&Mg2agNRHScmMd1%G4;0lv&IR){VB-%?q*t7B4)A>gk=CTP5yZbw
zASvr%BPWf#$wWv&yD~d>qEe<#oZKtacr+N`Fd7d|n$Va|m12#O=7{4i0G+V1!Z`Wc
zR#!z$V={xCBxfo+7^NjhukAjG9A@<grbiNJEiKvU<hWJNjB`p`k{L_Ma6^nAkn}#S
zm{m`WPx3j_5V<Bp^zz7jGAm;7)UqH}lGIAB4!c!FDi!hbPK+##vxyvecr~b`$#_8e
zdyG<t`hLA!NIVTqG<l5r(+LM1O;q+GYvBylEOHCoh}Kg0Bqr2WG=3u)Vo*$dP)H=c
zk8wb;o(di3tYB??HrD;jmzn4w?JZL!wTZbHkR87m(<QeU(jC8?kfwIW1qj>PFUcFf
z)piSJ<(7p$Ap_D<S!KC2k|4jhP$?-5<jJl;1cPf-Q5Mw|C^7mdM@+7<j8f)Oh;TU|
z8=9-AK3LpWMtHEqgyKfQ2;<k*;cywYD&5e1^iOd?>>C2mxYdC%FqJ!q2348?K*dj=
zCm*oV*c~_EIjga%2JU3%#tQwYcuQdjcDH+U@dtmm4|aFAj=TK*_^+?|+up%G8h!q?
zZUUgl{+qq-;m$S{Ki=8ve%kPxwAJI#G^@s`{du4jfPV8Bi8i8C@$-G$(({bTz(Gu|
z=cVm=%zHdZaR1HYe9yDi<&&><7}jxeOml=YhP`g<B{H&0lLeDrsjk)t>Uzo>IGx$}
zT{9TotO1IzlA>yj@VQ1GN^3}c?*6iK+&g-+z1=-Ja)3*+T)ZM6DeW?vq$=R8k$Uu%
z#BT2}K0^)GFgbav!j}9tPr^716+cR*|J0;c16~jH3V*6MvTN|IwdLfk=+vmHQL*Wl
zNnruSpYn#a6#PyrIOH9xwDddvso#+@#k|9x@=mW1rU$h4h`d%~kgC=gM1!QpAV2vf
zVv%4T-MD?}KE}(W-JNGW)VoTAExe)cWqAz^+wG~_KT5g_r{2L40NCH!>o#SD%UJkt
z(*M`r|BRza9#6i;1<=g<pZ4mvYY$8JKi_`)=l#zg^0DuK)QVI7w}+ibZh+wbkAn6i
zya9Ujefb6muOwbm%{yQ9nEM)YJHwr*j1V>Reg>~>z1tbe=HfrgyayQU(|a_Gue>Lt
zc;r1%x$@>~!d6*NWm?^bNdEo)s_AeZ5)aH*OeSSdl#f7U0Q%ARNLKwHNhte?%yKa4
zjQkcmD#w6;<2N@>^Jai9Ch#R}Jw0tbmAKAt`9ah#;Md#a-8(zu&NTXKPcjsY;4lOj
z7tLXF6tZFEMfkKaL}Pc<Bk2<OUaN;w?I?ai%4v?#OaEdzHI8OXuQ(%|7k%^@zS&L-
zJ9?^qMuB{jY%0M=DMYG?j7*u1Ig&1g6_qB@x+ABwspR<pqQ)>&LWT~@%ag$s|5Npn
z4l1guV~kT9B(iYdP=s+HQ50NZ3($NBrY+A#c3ft*I^xMexhK_O!5u(JuG@0Ky{D=R
zY>%Rb@<~sU6;*VsL%7p=On?aharq*qT!oU_cW7d&<7(JCXNsd3G<M@FIsS&oh1n(I
ztMSAw(8OoxWDqP~P*g>`c$D_fGt4Fa5hQRIu2xhJ^VZX1nTr5^AHVA1nTi-+ej}L?
zRCHYxYr7ydB9+eL5e7eBwq({{dTD$q3?%l~BnW7N#6>y2mX$p3Tvzgl5%DpeDo_TH
zuf4Ie=kQ0BJ(ya{uhSyBV#O<zxu?|$PPj`Nw{Q}qj#W*}HyI3p?O;!_A#NmeZ{AD?
zX=ervi~}vbJC)wi8&_qGCUKQ%vr*}Mnlt4vvED_^_`|)*VVv?X=0~_QbwGX~X2FPq
z=>occGvFI#=?k~NJ{z6}6>&Uz1X2lgri@q~joXV2wP<iW@QPs#oN$;9Rwa1C1R5-n
z!CwU?^lP!YZ>eb!AFn{_P)e%GJ9{l}l-8SQ^&MKjkF8TfE-DjR^~)DeEQZe>A(hbp
zN~8K@9cvtqSQ}tsrG678H=O&8x_ZCShvTJc<KPmg96qHE_C`_BKd<T{uB-Z%sW0)w
zx*EH$){t5uJP5736b`Gu$rJ@Kht&$|cBNt#H7a?U&&pBN5CRvCOH?6f0DHzJ;?@<8
z*&AVLBUBI(>SrZ+fvKYS88}Z~T5CP|n%qJqQP$9Xf0?XXgn7fk79s9@u~SF1OIt+t
zLXnp@11i38ErNzVg<?99J|^iP_$Zb+BI^SwKnomb5&rBS^#1$J-s=s1@e!VUl<(8!
zd>Oj~kCKY*hun??EUq~Rp$BHJ)U6=*vjOjZdPPg{s>fhn5dt8&&a23~p6J@v6e(Bz
zqM2r^9kWb0mt|t6L|Wo|fMM~6<Y%+srkqno7V(spPLc%RG!y03YM<diJjj3;dkIHi
zD)xG3lkD;W5S{i29RP-VZ4#{1{Bl54(SJ^U(F~4$JUs60ZT*6(tBisvT>I%;Se<%#
zo}dm-b@PeWMrifstrS{XdbcdI67ZcK0<y~4owkcwi9ulK+dU9EPNK;qiOtZPs*sKT
zHoT=Jm&gKx(^G3WOkhEyA!5NrGvy3t_IpKye70zQKDcPIr(bpoeE*7kL+&8NfE&#q
z4L#(v;nv~~TM{7}q&MMDg)qY7W^R2cUE&*u9b8oqgpQghpj9j=RuXZ?sgF81*MmL>
z2DNCGb^=WaEkVVej0PX3d7+BtRi{wOcr$yrR@bCoBndR^=Su>L%JZ#W%IS&dPphSl
zE>{e+L9_(KvLvCA-8t@8bG)qRs~cF64daV=c+=2iN7>zYs_Rztx7D(WhRc-m#_Fd>
zx5&v{2~j@R>mi;co@fJ&<W9uO&dNkfkZi7Q1j!S4&3TRzbH$1b1VU4FK-ymZh|I(V
z9x@Le1pZ4tY3RK=ctV?jP}yNmooZM^69|imOzg9puW~WjU8+URiv7i-z*}Imx5&@<
zO&9l<YE@g#In?@8Q)^XDLu~r<S4FDzVl`D@A*4hziLwG0+O1k-*(Jxifb<Gq*U{fo
zO@H;=S}Q;+h#HvPgY7L+$>=9EU7GNennVn+wl`LrQCN5nr@TfD`#|6d>MXFfM;=F$
z{yEX)+P&dz2El7<6Smrb*qD<Laovy^L~s&me6^E0;=&4ywC=wVESnf$F1%?vkgF4i
z1dXD}N1B*wk=76(qbNEV%050BTF3)WF-`Q)rb1GkD&QNfViNJ-gkH+ZK$-G|5}Hj7
zkwQk(s~J;l(;j3;NM#k}mLzhT8-t+Vl;s6UxYS8=gRl8V0`!xF4Uq5`a>Wk3K!i3C
zNgkXHvlHu3bWQ$L^$L>|vLi%O357tkwrQx+_GILR8X3z0>Za}_njI3xSOzC<$7$;T
zd!y+V$zwDrnmFjir^YXI<9N(pCc_~bhmgxxWOQl95JZiUS~Ap74b#Ite<&M4F}Vhi
zV>FaXV*{4VudHP!T7j4Y(?jeUDhr4f@Z_4|lqVfOxWODr!#dG;(g~^zp89?X<7LtV
zd({LhH{g)UFe!4A50U~BwV?K5nT~OdYMGBsQPsHXHGk04%Jg?^cH@d68#5V)iiy_j
zuuOEjJkkDiI`WkTLD^knDU-}jwhMK*f*LWqhsOYB`K)91<SWccg>*J!ylDG=RZJp0
zmx$?VF%UHw*1Z4<s#;Y+m6SoETrK2e280Ru;^C>iEx84<23C!&Y6a;lyrUJzXPPYH
znxK^0dT<iqh?Y^me34Kd&GT3%E$+wVmY(7w5opQo3jDRe#`j`S<5M53j%a)zuQ?8O
zo(l+Qx`X-vfWaW7U#t#My@Q5wov_R8i$jk{>Qy}7B*vbpO<CXJ&?$lzH24b2xbLg?
z55_5-@aC)0fiEqQ=m)3NHhTp<)tuNi-v1nh_vTzRB}r_ouScz@7H?VGB*(|R(O~N9
zo;ZRx_!hU~Tm%2LTZV(as`q?(;U9JO>D#Qj$KVm-VXCicT-6J{vdSYNv~EG9fDw@_
z_C&o@r}V0NppJ8g9pG<t;Co!1g$77fY$>EH_|fcD&BYDeh}FEyZx~riE1s<pYs+Ch
z(9rBzRQO<AH(UrEO2V#92Ec3#hhEKc0Tm|{Tdbd@#Uukv%lp}weBNo=LF7vTIp9}T
zoQK8<Kql+Hzh1xu-#4A}rq)?Ie`<rknR#bvIVB>d=Tl<2P8tgXAEV~C$WT{FgLlxY
zV$o37D&a7E;%%=Xd@T!$UqRJ1R&SEo+ODw(?PD!B!8d88N^;VnTgi~i4q_GnN=;6O
z+2w3GYD@yuxK?r+v+88bFK~WjnDuHaDJ14zit_`$@34!U3x=1nk@w0*UW{TwPG;07
zS}m63ZH8VUb#ok&AfpQ`DpiudnIS~?5S6EA-Og;YQN6J;?otUPG7xHWl?gss5@DrT
z_?8><NM&p!2)66t7ZiDc$~wB;Z5TO|a8La}s$vjS?!!&aT(tU!#>qlKHWL#Zs-u8l
z52$qpL%6LQ=qoBq72(t^q6u0NZ=y^mk3Uc;i@>{^Tvty&I={xwFHv$j&-4+X9}zvZ
z&{gt!^AwoW+VI9s91ZU~JUfQ8tgf^v0KDYdWS<N@Md!Q%KjI3ASA`*}bib{3-KmxQ
zoZ@t=+jzRXVS~Yw7};YqyrgR#A+f-JofC3(a<VRKJuNb!2j{Yx`gn~#meq&y<D#lU
zxp3(|0hy)><eZI-ccX*WsfJj;styKZu2|{BlPDRj(I!EJ5k=+qdKlsb5rN4hlgK^=
z#1Qf&KL|6McEtTqA%qli)Sb1kRoZlOzhE9n8|aT^!Bz!s2mhl6{84Be{N<FNHqeji
zDEv4RnsZ2~V?&n01~*pV#<K@sbGPE%yzsq>GY5LB+9hYU<>(0=^`KE4YBADoOXrW@
zR0TbL1HQgwQ4^QFaT@vzi6R@D#wgh$bWB6>A#bOkWzh<9Am@GVZf*35wt{pK0xOw`
zFW@Jbl>L&F6-X^O)dH~NXyBkNCN?;(Jd|aUk`%`AACC&#lEz%J%Zig)mo3tKSH-{W
z90ZI1YzBKL>{ztOE-bd;hq>5O`M?!f0BM5`j1BY75CVOi&@@WPWdx6WF8q<n{{^MX
zBppxLLrIlv2LB{p;7HL`b=eY_<FjFvexTc9oKU}(Pmv?-afmBafRK4yZ|8`=DDM+7
zPFc2cDoYhba^%igHyNs>ht=c!9=x1Xo+K~3>^*hOZFTwhRj+$+#P2lK^(xuesfWa8
zxs9b&rIg~H%yay$pw`3EFxskP1B4Oj3!|~YoWNAQJlxvb+d2#m-|Tje0($m^K;5HD
zd~s{7&j^R<M8R^cr@`BW<%Qt)U}1gXT|h=<w08ApnSw>>(gUM>0Kr=69xf{EU5ra8
zsYNo16$M9prjf;HzW|Yye=UJ0y<a?F*!rb^XkT+w<(r4j<zVOwZx`5DZ{gj7kK*M%
zV`=vPf-2O@i_n>Y3%XEdGldI-?b?V2S_!{G$N>LC(U_-0F=yP)<dDxM`4>3)mm6V3
zBl?DIY_n`E4kA3q7nUka$BJU&peByjLTpj_s8GR|q4U~kH9c28B!v^C@BIY0mB|2>
zZ5UJ55vxj6U4`?@m&+Gf4o!*`X>IXwOj&SH0eXVR7adI!(9F9K?pJQTiYZ&{_cbo+
zYJiRnw&@Jszg>WtYQG0`K~o&~defdX3Oj!0DDA8bOOXk5g^#j@>kUjTgS^s}Xdk4#
z^xVFY<j7!fh)6&<#zN(bSF^#jdXq56?S<ZPfoyKKD)#`d_DVZ#bAc&24pC{kaf=?Z
zqFaN|Tls;dnklJ`bew2vvM@^YCb!TmH-O+O6gapfHHw=`83cEcpp~aqoP}4opxDz3
zk?L7ZY{#-F$b6522U<JTsE>SY@&f{=XPp2u+zqQe*;3eMDbkyTN~B81Ry7_uQ%cJk
z$qR<4q@W>&fDw#v8dN@K>SmBpQEgrcKu}Ut0-gG@3AP5jswenf=}JPTEcE9<z4vDL
zE|Y{-j(cx*j}N=YYM;@YR!apfp^LnJHpSaJ?-rl|{8^e^rWW~AgfDcXHdvPrYW?;7
z!#zvsKLc+*d+Dp!&aB(*>8;uArdvK~QwO-}%I(M-mljfFI`5esh;5{<Tg$5y`h2iU
z!x8br54SlA$lTR8%~dZ+`BX*aba4A%)l%S8%xAyP!(2}BiVXjr^Iv;AatU&(cNCq4
ztLPl}T|FqQ%rfdi5wnc?1Gcr8F<r++SVO1O$`x8?a)lCNREX3`p?r}=I_rlv&#4cM
z-}umgEu*)o5*4sl7BNMYzBS&b+MT}QC|&pj$2h6pWq&$!UF{MTDC06I`sX$Xb1T=6
zU?0lCye^mY7!42j5)Cfr2&{cKc!><=mmV4?MCZVd8N+(J*ZQ@wipP_bZ`U>1Z~|Ne
zrfs#eEWp}#UR|d5>q=S^q-+sn#J~io(OR3KM+X+{2+crQow{o~ViZ!<%s849*o>h!
z_MFZbdPPHY@u_Ya9P|2xCd@M6l>2aFAv971+w${^PYZ;tP1@*8#q6WZ!6}_UOT0XA
z)4v_}--(SqP=wCuNrN^s23$jdCoX6|Ccs8BH%vNV8n@1DbtANM6~4^|#|*y$_eGHg
z{Ev7nJ9k=W=bIN*DqLt+y+siie?%i#{`buV`Ti+*cN3|tyWL6&f>F)8x|h`|mK%3k
zsDms4U-n+Qw?M~tJQ^3*df#aRrRYUaO)#oS1`iKLZG?UGDOo_5%u<?aa7#-Tu6x*S
zHkRqZ^Mm7~QV-rQFE1~6)Wr2`z_gI!lhj~$*uB?V$0|&|RSzwBFbq7*@dDaBDLXG^
zu2MZn%M3i2hpO{+<Ez%6{kV0639)}yzxTV{=lEnpMKrDf@OxPUcbmD?WUA6-X8s9|
z^(h_z;{3APn1>0T4{g6WKOm1HNB5l$K6nt6=#!S#Ji~4_0_Ry%nrPrS^d6|T*lq<4
zw?%hOLnDj%rY6n}xyaB|!h|o!L!R1?>x8S5Y;ZlxHHEE|;sKfnH8oGAX$MsY1P<Oe
z7BnGwA1;V<Xm|g)PdgCnm}(fsEgc&Cf`-dqmwm@VYPv$kZ7gWh2h~-z_iJ$+3t7>B
zs+Q7N9m&8Hui!NwF33|<@(xQQpaaPnMTr~r&oxv9??0!%FW&5LAMYIOTSuIw9hTNC
zn+1C=$@a;&Muo-2v9xcY9@Ir)fk`{a#{zx*Wa*p8>XmOe(J&HaE3}66t*kt4VcqfX
z$c9yHt&*ZVcrfWKc39@aX<6#Pd870eb>lz1$(BQvL@4T{Lz`5+`EQgyW*k<`=`}Q`
zr@M=%1njZ5W>wzNMssXVsm1%!q#&L-9IB}0d^9>q&ZcMqCB|S4?MqA6fmh@cK<a;#
zheJa+E1XlS`TkHiXC!Z|W68aPoVFm0($%KWBD=BS)ZiJ-v5Iv%RcaHQGMb<E8Od;g
z=!mt;yaVWywK~65u8u9B>S0+AE4o|_Uwf`swZd=g1{_B|g5NATO4h6yOHO!`NGyYt
zUr<>L-eW-v!%E#X;(`snbRHY$Y?UIr;utnMBjb?bI<&CVxqq-vQZrS=ZO0e9N_C<W
zq<g0z;j+FXwNz4!b`tc=Fszn3No9nHQwxfx3likLohpcNz&A?Oi9}?+O<!!yDX<GT
zxFvHqX^jD#&p&aBph}BBdgIV3bdT#;49014h3HQ;^geLaw%oRfNU!d?%@U)Tyk2Jf
zMOFZFK#aeTxy9C%KaFWRgp)$T*$+ZGK1|F;x^n#bS4CZOKH+URY@vU_HIXHRO@ITq
zBJblHPhL}2i6_4!d6GLiMfGoYj3~l9>p-d{=cP0D*0hr_YLMh;HE^b^d)x!Oyy;7V
znv(96iNDvEa{XJ9q-m;M<@4*&Nj98Ch)O1+lVlW4u5Y`Px^U~M-UViXfu{n|&s=yR
zjNtt{yor9lE-&-}@Voi?=_a9EH(|{gyM%5iESV`ZGYT!6v(8ug7=_P;bqL=|e<kB=
z(?Bhd-j%vXL`xUz{HeMTvuak~nct$j>!!P<g}6nZ%bTh8>d)#e$|W^jRgK?e%8>&2
zOhqjd<0?tZ2iL`CcSi5Zn>SaUjK;(Gc6-Z|MKbwj?^*W{wurDuzX$s}yYMf?Mf#nS
zw839YX!v`@X=Jl+zXwX}VgdJedl%n|^dbeL{@4WAvT%L{Z;kXBus?6gz6mb#rs?y|
z%wjc5crk+=tc3|vSJQLMplo%#7Q*r2n{EvVe03`rFSd4%>VVL@TS2ikZnhN{e(K35
zK`2L~Q89wF!lo{w(0o5iB_Umf8cM|si&T#k17*%3zoFp4X7E40eod}6(*@Sj1Pi40
zGcut)V=4<|6?drKtx`bK)$sNr(5=Lt+no4n%Xvq)PegG;D!g88`cZf8z!;b<eM1*T
z67fS83DJ6!9so~v26fU5qn&ZwTCtE6DxrQ``|IFX5kr{%L;SsAO>b+#dAql>|K`Yk
z|DW#r-R}N|J4grgn|=7Z;ZxgZiR$@Da_g=yEV(UjJ%2u<-$!qr*>4xUQN7u<->$fC
zpYQx+zx~Fmd*HPDclYh<gP%8?>E<NXP8ojW7TfQ-GuL%rcmLwN?*7H@!V_;vJkYyc
zZ^i7oPu;pNy}B>mx-Y$MZS6mI*JS^>Tj1c(d4F&?3t67+RALL80LvZtZ}&_b!eM->
z0xH5c+*R2mDXxjtj3YoHz%JNkCc&o@#gJlz(q$V*3)R&rW}*7U!H}tugTv==$U_f>
z*!=dm89e^fG=INs2H#fvB{ptpA$Z?{|5o6?ZxosQt&N#4u;`;^@bFW!M9Gnf&o1K$
zr}oW&?<s-?cQ?xOte->}4Kh^V)|$Z@LX*E$;NpK^);Jg?LImQaepW*$K}2oDWDqNQ
z`&$RZczh3(yZx!$Ap66gCFl{~fEHJ>NvJIMl%waH{jI~l_Ff<E931W(|8?#=CAyfk
zoI0zhlVYOCoKH_kFh$Ef!;<|TAVpL!@kWp6j4n;tmpFRbdwRnmE7R)|#!!~w$aLo%
z<{m~*Vg25dvC4uKn^NeSYNnQpYz8{2kB)pOj+qQ0BQFT1?^FI^d~?;2G^H5jiu^nL
zAgO^*g9aA4ziHFr8R7k;+v<dK*Tps;V)0JP)Khfmxo`~$^;%d59IN#a?^yqC7W6#2
zh}9fpD&&e;W`t8C=3}EYWaU6;4Vq~RUZ&|CosHiu6Tx_D&%9+p+u^awTHqw{5>(Eb
z2zvH}nE5b<`7pUH>sEsBN``3@9<0I*Vn70GK^|PdR&$0xWWZULEHCwfDoP=OX+}f5
zh2vz6PgTObvAWh{GkkI@n5G5g?HM=}wd6!TJMt<Y@h+-~@Aua-L=ZECf1!c*k-C%k
zSD1I}`!e!_?ww}CVRp$Zk|pgaE~!!g?2_<e|Jr$B{f1N9DgI{v7=<qV{@`fcVMtY;
z5dYX-EuGbTvCDqvl@=fT4(}}Jmi7iklJ-+)?{wqg&)RHs=3gz}fI6Pt%a%jGcKGCC
z+DE=|syJ&oRdfJljAcoooKfMdL$|3&$w)<7=Sa~=qC(5{6zg*U4#W>W9N1au$0HS)
zgVwL~bWwSAd8Yh2I8KAZe>6G7OjCtTX$F*Eom5Twbd`~C3|2Vm(Ac<1hLfq)J<1Q^
zMH+1K(41!o3JsM(&SS4IJQ5{(fd!4cN7=wATn=_HzH~Flk+=idIz#tK1f)Pq#Fq$4
zoC5hDMtyc!L$Q^@z|ix4HojK#t=e?wc)1)MT4d+bVbU)}hpm|S;rU%0>g_-%wwXVl
za2L=c;HiLb%Sm#_DW)lKXVlzb>wYRzC61jpJjegA;dA!)v*TLfGi3|8v;VyNOZT~(
zI*SXKI5U3OHYGn(%g$Y>)t$DbAoSqz1Z=1qgAyiC_#<3Mvxd5jPnG?|2vuLPn*{F5
zd#QwQGP;%~9V-D(nSuWLO&cqk_K1uzEoGUq8>}?5Q8#U+I6u~wyA^VKfgTmE8;cfC
z(<G7Oo@@pR(}00eU!NGHtJOfsg+5(-%xiYE%HV>p=gol7*Z>Uxjn>n8sgoZ1qf9Rt
z3DS#Y6<^?-pLn{K2T(%sW@NQ<p^b_;?t-s>qb281q~~sR(=P?N$&<X~2Mwwk<K}`f
zr_iy}3KLPO&YdRUBJ7l886?E^ps2+CO?%C$$98-uwi#o8X$c1Pz}%r3Fi!=F*<`MJ
z6M7$W$(9QEX?Y?up%i~;8K)iQ%;?+5ej-a_yct(K?1NiHP*T;=4xBIQq&8u!Gc4Qx
zhT|M4BSouk&eiq<41}z1{+s^bTWv3<osX=y=$U6Fg*&l^d7@Wr5#>7bDYik$3bsqI
z-r2?mL1Fy<&Tbfp9}y|Fx!QZWu*erA*2IvN1_8;-W>9BYa*7umW>6Ql1aYA}b{)=;
zLiZF=r9JR1*g!vA5zdzrSILQ{=m!B(8-Z*5zG=cTF?v)6K2p>lfa#b<6}P(R!-WYi
z&_@y5Geqx8!XZfo)cYuo*9svd`gF`9f*fpxJ1$K}dA=*GDNRYhub+S1+3hm6JwFhZ
zy~3WdiZLQMxOvnAgo1gzD%kltM_+E98q?sEzYGTRj85WVL+mvbcr<c_uSx`{k`&q%
z7L;^H!}dH>*hml(zDfH@IaA#<9jo*Xu&gL)Ft(R~Cw0`sic;fJel&E2sJC*C!AO$)
zTv&BUv{Leh9fP!ftJSxP!tx(>Uw5~TW!*_OWL&UWR=uV-Im9C1-mDe0kfM$Ipi{km
zZIhyt2F$%<Dp)GqF`O2M4YNwuVV#WHike{C+`5ZPlS1FPmTe+ifsj?i802{p8m<0?
zhC&0i=`1tlF!5GZToIFj*~KLlr3Mj$!P?BFL1*n=CtYpY%j6umHhPs9ntp~lK3MoX
z9z`jjU5<igDt@hacIZGT(hp7k&8#G+)|?broeGtEE_=i8yA^j7uh(xmF?P}Fx$(Ap
zd4f<<<)>zHW;9!|NyQ|(U3C^Z96A>K=$`P5Yj|+S%O5onsWMr9;Kb(tSYef%O{y&M
zjcKu>7NroPloH+qvk*8yK=h$OGviVH*#rZQ-Z2Q{=>WjtvnuQOHHD+%3u*K+6&{6#
z!Xs#k+X%f5ey|SX+{AZ#ad7w=wzRTVRO+H&-9?BQ$|#HIpd>$t`@;z16?mPjbl}kO
z^DCu6^V&VDDv%E554BM@ccb#`!HJR~;xb^YI$7%aS=&80sF<~C@vw>wI`&|!mZqa@
zBC6#20*70i!%lq9omoJm@kx<;^sC}jZzyb#p?d2a@?=or@yeZpm2XHzQgPf$MP*>g
z@g<u0&s+NUo!(5h;JB0_vKw%s*87CKZ%JDiYA2N0h53?XUNKO!3+Dyk&O93T`ej+!
zujXW}%AG|-T$}>ygb=?)D-oSntyxu#6OHKuwXAwzA=IhES$?4{9EELc?TC2vax-W<
zCx{m(a`#~C`72Km#1VPPSmc$cckJt%I^|EGkb%0+yMxIwvqV*BS$4U!@RAna#L{AX
zRBo7rkiRwY&!=E#-{>fAiIJs)E43pes+}+!cagNyMN=JxpN)cNamu$-h=;6@S-KVG
zVyLS-Rgv!bl}!KZ$Zlz0=rwU6)jBGPBIp*bq87B$!ML-}<h9N=yR0u-YnIebn#JIK
zfNhYkKOwO?s#y(`k5R{ucPgk=(CZ{2ENie_#Ts8LWw}$>ek&12l>;1y6M}*eAPxRq
zA%A!q3D>9Xx4ffjm)HV2l*Fi`3d8G!l=o0s?!spUt{2V|FKzXOgYm+>(RhDzVO`EB
zmuSneYX?%G@=eRscV~ZHO{rbktv1_>R#_}=vc011OPiz>uC$+KOW?5F_42n7D0y)j
z@2Q&$lA9H9m9C;F1b<k;z~k2Jq1@7&b?fPuLVx$27l3?xHT#a`>*F80`!?h3i`sQa
z0gzyl7?d24)mo7f0l*eLj*>Ni*jMtZl_ONd2h*EUe!J6K?LsLA<A<*LgZ@p1;648o
zyu}y%<K1l)QKyt{SAM{W6piC@RQFSP<gJgHh>Bhsy;N1iE*^q+MP&4MrXywLU8THB
z-qsQ?91Gmo<LWsyGHP|8F|75k>vSFB(y}(9Q}mRh`b~D2%O(@p-h3|cO`uXBcxZ~;
znT@7OLviysO!q2#Z;IZe-`jbiiAyOy5}wU<0gSck9!|U2V)1Q`dFJEIrNxCwVPi2@
z^|B>1oAs{f`ec4^QfK?@-gNMV0G3xQ5#>Xt<($AovJn(;0a-e{4)U0FP5Q86oG_&K
zKCkbr)N$>qv~iV7Qg;D?Xerc*??0It#_LGthu_+_cJC}Vbf3r7w|EXatYe1Um2s;N
zSW|Pgx@lO%`ny8w0xtHwpH;n8b-v#6>Ts4?!#g=~W0do<R>w(IMYVuJ4q&(-;vQu$
zhQwh|y{~fMt0vzI%L_bfzI$1fXZiYq3G|>F6jKDhz8w}o3Rg!5xE&{}3L-13oQ3oh
z86nM{3>y~}#i^sp8m5RUdUUD{eaYw(1{1Bruv^vlpN29xx*e^3HToU05@z-A`}1f#
zj?;WW*#j|$OUFcwA>u8zIuYpKOBc8G^tfz&aKY+D*U&&23h;%ix^hKd=&;<roNqd`
z6A(HM4Xz*=A%bKl9TWl0S15uc`z+@rt%Yi)Y(=3>B~)&LvPr{5y$#AFuDDt%P3~d$
z_|2i#BHUSdKno0b1&#T+5Xgd-Hx<d(=ANPcf`|H|RYJCTr7H{l{(C73>V_r_6XL(H
zOD5!{+T5Ab5sSb|@e&z!)lTZ_+_^OIQ)^i<ENkLUxK<pog?V@@&RyBWyjP4NMU)H)
zs~iI>K*ip{>+OT*T^kum-bZ!q*3K@W@`kQpSzW$lG~V)RhE>URl+lGfxnA}pYXVEL
z5oF5PJo5%46S8SBqo=7y?gL%^`IKN7&OE3-Rk;FNGwlTnsgAy&7F>Et;V;fI7BVpi
z2C7XKsv0ll9I}S}9-b!`zy`bH_m)JB+YRVI@V#ZQ{LV}o3~M8nPjW+ys<MXFI{(|j
z6UDNWJa<qJ5RBqHkIvL^ZsGHa2F@<U6Is)WQX^N7Ubq0;nA!IXq}zKRu(6fUu=S(6
zfq#DB!!Fxf$U;_<G$?ICq}Z22)JVP1^8DZqoqT~#Ty8IwGEFxw5AHU4zB~6}Teb)q
zym@xF7RrvDig~i&lul#6?RxkmCinv|GRBST$6|&PN6BI2ts#V=sH)J4Sh?&vluC=6
zHWE0|KXuRS60=tbkIeE4m6oTdf!ekL{hWvapCK0xsa9=1JM3<~@|!e<V>iwz)%PL?
zeR=OnKD>&%tei?dS5+#d%V?6q@!}j!Wrm6!B5Dl(=pD?%Z#*M!-)}6uvjd?eIdxt{
zp0cl)iZCeU*f_3+{n3Wz3Z|YCGuBd&RITXIi9M8|q?gv}X(>KF^hRT-LR7DWRmtTY
z{DP%&^(p$Q{GYyhG}Qn2^E2!7F&+=&NvplwUIEl;Jz8!rcUJOAe`Ux?f|k#}yp2`(
zJbw5P|F*w<)VBZP=iyqX{U7bs$L$V$9=9L;$7=i0x8HXDBUt_Nrf>dCQDqeb|8bt=
z=h3LX+)eNQmwwnu>Hq8u)&srb&5NMD{OH@D1IxCuy0)_VebD}Hz5Q@~tsP7<U>t$2
zcCW_4|G}!e(<pdN74g>*?DFkwe9a!x`x($yaxntjT0STDy8ld0Qy}H4wcfeOH>;mO
zAx=^p%n!+mAYVS8w;yIFAL4%DJ^W{q;S=R}WkvWhxmBnOn2Za%fNU^PT8^_mw_=4@
zCjv$BPVg@UEx|7wcm%(_YR=8ANP1|=$!(|g!$H4Sq69~LA^2=54GqVWr0?2Ph`QK<
z%B+SCWyhr`2c>c?ujql5%KN=C|5N>tWbjoTC!ev6fW3C~Q#;+YGa}`FVu9kY)~dHI
zC_RP-NEQG^?h}6c@4eUFJnGzh7^0sGnLznBmDFAWRzV3R=glHT#JdR`2S%A$>Jzdd
zA7PLi2CqatrF1EB*MNoCh;W)>eLmt<PzB~8$U_O{Z38%q+#KlpoR}gNJNZw+RH<h~
zDMObhI(z4Px_D$u(8)AjFigtn4aLdGc|ng0yN{lX-oOZ}^w3l^2Qh+_#LgIv5rF8T
z8zyg(x~{jhi|o><2vA?e7ht|eiKdu+oedUZ3UfrVY80G-=$)DvgizJ%uF-a3cU8D@
zQRPi1lQ=cG^#Y9huaM-J-2_z<Ci(?+PjMj|Y<)V-<Ito@vUf<Sads{h<3Kd-MKcDw
z+vTKsz<{dg8dpRucs}g1b_zdblR3Vo4SgOHaW2=fojIfqdDtTPlKCLk)JhXI?n?>^
z;5Z$}N?M3U{Euk@3oZVv?^ArL_IM&GS2zXi1{1CK<NgA+NBr%3yv+>wy@jkFRHF(}
zRU#X07(h@Aa@$^@thaHvPD>~M(a(2Pxr7|WerD0JTJ7^}0)<sl%UM;Vj83)28^&Rl
ztvp<$S@JwrWnIiR)aiy*CU`m{-gJ-NF+A4_Tt~j(PIJS$D$qPtP1#Ph^rc{~5?6jQ
zh>bg&Dx;hnd~TXaU;dc+DW#;uK1i_ne>X$*zwA@b{}bI<?tg_gX7m5;HF)du|Bu`4
zKl%SZ;$!pwvf{x0cb3;43;X|QrSmWV-oO25{n2Wf{eQ^}B5m*62>^y=f07piIH#A-
zpPE=i+=*UaKj3^9hh0Y~Kw$IE6S8ga1cE{4J)pF%?xQpR0UWj7lTkeKp72EZ&(JQ>
zdq_Nk|7^rkiW(pf7&SAEt8lJ?U$Rs98Y~4wR=d9(A8sAJ-rDYlx(;R%rh1JbRKeU5
z4Rw$#Hi6)VVbH3tjR~8$F3?g{Ta)N!;KLhM^(EAT)?P%H!Qx#tI)Nr~3_`(AnEi;z
zKOk1}M9%0^V%2tEda1>U-{ng3<P6!$T}l<=2M@)=i5=aXBd6VTxFjn9Dw(yTN^CnC
z4tJ2n=S)9zOzyT@Ptgjt*H8HJX%Ev6oBY(zwvKkTd)qs`qn*EXn;HbE#jq|_vw*1Q
zxWEk4fuLT)Dc19=;`CcJTWsav4uOwmumAk8zV}DRTidUwd1!(bmmfLl#x)?)9&X-H
zRn_1CO1iECs3&So{a~r#Hqx>ohOLU>GJgk?p~u=!T2JXFe^a$jrUG%1CPQL>8uA!T
zdc@0GxbFqj*G@Rp8Cg8N?<Wf`76?>q#QG_Xs5fTJ_-%>rN_X~UUP|UBz?|{|c^s01
zyrJ3=dp)c`3yceBp-0ok4i6KnD^jyfcV(?LH*t6<@cmdkd7^?Y3;PiU>;S5mO|Dy%
zw4IH~=-M#%L&2Q(pbG@X8zsG6oDO(^&K_SxHS)^_-)+Cye{<A*-hhH^`k^*Cjm7d%
zv9qefs-Mf6H-j@M8q%!(s1k^;a_oCcuG6}XyaEDC5R>bfa8w~}0&#>ken{4#AYsAb
z@zyikFrHftVSGk3kaFyr;4}c_SjMUr^B3>;QI8^yNpf`MAb~A*_qvCNdq<K)=&beh
z<u;OJVETuci00wq8KP+s4Ux>}W%LAbm8=<=fP0JQEf=pLt{6s#qb*^Gk1}rAb;-!8
zJR`LE@6p&Td7fn-%TGp8{?V$6_>Ye{ucvvANO>s`h<2c{WuZ&T>_I`qOBKDq?xrTu
z3SzpA<{7#51gB-1dz}%=EyUl37+u5zvWv7H!pMbSt@@;jaJIsrmDB%JEXhr~2+F?b
zQEl2cvJ{T1F`6=HNl}wRImQ(}ZZk0%4jXFk^)uj^;Oxfgtd})bK<X+AP;HWB#aSN>
zAfQm^te^1!{bH~QiscjujGe3ABVjlwDS95|=gtEmWy(!NLHHX%V389+Jb<?F7rob%
zSZGSAS7x7Jw}eI8m95plodh6=6oy!QI%rxf8WIhQ$%AUfkH%U;_}axiEE8U_y3V<P
z3RlI);RKDSc^rV%maY-%x!&##lavOk*P$J<$H(#UkB8l@=gL*r?EVJwP%qVj*(A6<
zlLli8sUpGHil8-L6`!MndNuXMgUQ<O*6vrwt-tksYOrBJF%YU~LEB&NB)>cdI@+-2
zC$v4dciX&nY|f0UhWJypY;{Mu-idAN48HqbR2@bT7A0dEqehkVU^CG@d5qmu<8@KK
z?QS$U+wrl5!tJmQuXrvHeYRfj1TH=!I$N}A3o$e}^^bnid~bO8UE=!}=~&^KNUj@;
zr(pv(8V;6DVt0=jvtd0WY5_F~w)YU9lJMj~1F8ezK#HP{GE#dww7XEYaI$ISj1~PU
zArOYLNs10)ZR6)3caFQO&vuTR!Hb<=y3gU8I)g^h<Rhns!_CR4$9@8UryYQhH*_ge
zyBQogfV}+*TTLDNiZY=Qn>?CgbJKzR8iD*Km<2;pMJ^}<?sR#mY*ZiUr{y9tKcylr
z%dx5q&L$rzC2<~1Qx47$4{SB{nMKOg;piR>?lU|Ctktp4QHygkCjm}W%}D^?$5EQt
z2Q@r8>vQkmINd%PBl{~a)S+gbX{uwFaXf~W&-!+6@gY5Vpew5;P;PS@g(uM&%GS=~
zON`CoJSj%gK~zNEL+iw{4lF$&8U>^9PVeRR>n&iit<lEg(R65DOSE=+If%z@q{L(s
z7B+dZ|7Nduy!G-3zJr8Ch*i8z-dWwE-8hY&_a@QhWSWjASwTL8L~E3o(3HJ;pOVS*
zB^e?Oi5r10ZmhG4A0?E;y&nl|Ua6tXWOuFZ_^wJ8rNoX%9YypjcroY<{Qs<fyf<66
zaU~eq=2-XT_VJ$KqLAXh+=g)$n6UFa8!+9cgMgM-?CTY!Ri_UhB~|RguCRah4&N{~
zx2TR8*{Yi;MH4InXPq%*)A+S{$UMd*WJOFPLtxrJS6;}NN#>;3)ZWxEm*BF{Do78T
zuj-q%!IU_`DgfvXWJO=X@XE;$L5wg19?P=|n-o*O>nL<I=g)6M0buk5x{N14Xn&%*
z{a_)Nvm-oSh1XY8fZC&9R*hZhynO*!_3zd~|M~fMeQvt{`3mM=H{JiVAFVzt-~W93
z=l#zg@hRW`oYVbJ=b_yHbXHa$qxo0o+x17^e~tSeZ2-pn`niAgbAH23Po?cw;a|~c
zW3YRcp~Nst&pwRCWy6y}W*MDSiKMEJB*4x!9sorj_RflsD%hGoRnTHQp*WN2VNX5f
z%M%rogJfnMnFFJlL;Ju~@QFde&9f2o2*bK@9j8y0svORmN7mJnbHQNUpMU2Uv6T7p
zX>=BC?KO7TzpP<>CC?VA|F#ckX@bQ?<jBPw2sn?mPJnECtyP3Jwm?1=uXilSCXl-2
zw+xeVl1)K^ped@jN7DB>*sr7F<IaErns5*3xYoRhYk|XM@!5v<^rW|J#wK2mmX?Dm
z%oQqI12O<LpxJ0)$Fd+>6s@2#=1RqbPz7v}9F=Cql!qY-=2cCQMOc&!332@C)=p-5
z01N;!I|Jq5&9@(9)}dw&=UpQSO0}GG9I?5tu2amNOK2_^`w5rqCstAXRVsPfOY+@m
z#3k=r^#Ja2l5d-mR=J``ay4ihEE?2X0L|^>d;7|9p~-3|KnIc~gfq?AUJ3)=*IZ0G
zs)*l631*NVg;1Vtl0^9-2Q-=(uLDa1A`-cWVg<U8ih!f;S0vDkh!Y!n2SdGRdX)?l
z%$38eau&Q-fIZtHTPa~1>4{it+;5obMU#{0ELM8m%(9y@Lao>lDnl^5y});5;Dpm5
zJuoCegk8s;3l~6IVUlZWk1c8<V)Lvv8GNZ#l%d@=NzSfmNK4#q6;&Do3j>9oz^0v`
zh!hps2(9vl*FGSW(OnoMwHIu>)nGvVVT_m<`jv&5m--ZMn+YY^%LzPW?A5ZLkaR>)
zluZ@>5rPzt#@Ph1L|z%Zlyp`AIWi;!a04(euoO2N=BagE<PjIvGzg*%wVZAQNva>`
zMKaPD2lA$RfFOKeQ6IB73@P;l>MCqNtc8$0mt6*<Y5yE20k3XP;&U|6%=_o@U^=v|
zUq$O7_%63@tOz-Y3&5o`$fx~28jX|0ncG!GC&HDXsrP^_>2w%jHlPKw!?$0k?M!+k
z?T3U54x?dy!;<wJDU&Z?1H&h<y4^SQw8VMTE{vg8AZj<B5frvzXoGAD2-iY=KQv_T
zI=YW_tpcSPv3VU8Z<Rhri~&)276e8Vf<rXv2S_DV-_?yvF+!8Px5s<EeW}Vu3FIzb
zL}x7)!O5mP=R?P)uI9jhKc@2u$GKn#b7?w|8gFN#QI`Hlw!1ck<4d{?eX#3u+A<H#
zhgnf~u=`wtWg+XHysoNx*dzNC&4n!X6HCiOw&WCLrxMf*K7p+k<kv!dZ@BNq)WV`A
zHxHT3HPo2^?`Y&yzzm43R1`%{DBU{+jFGsf{e)NDtEMz37Fs}I^?t!-1=UTlVvgia
z*4?}e;=O=fsI+et&5KX5QlLFhW?NVy=fJcto76LXr>r_ux^BXU&I82JAMyT4Rnz<X
zte9ncAjRVJ!l&V!qKAC6(~D%1r4|EiP7r+;<eg*Arl;j+jz_J(brSYf?5?u(1dA^>
z_O1y%tKBAXKfAzSQiv1`c3eyb$?0j2iWt_~tw&OiV-erro^ha5q7xeyOZt*nQ4+&m
z8fNcJDx5(LYk>rWy)X1wS#lAx|Fb@cEnGxVv?4dp-q4{tH4nCdm&P<z{o#gBM9-}!
zY!*GXo+z?iN#YCTbD$Ncl2IxcMg2*Zv*mpX6OBTU9t%u4rhm#oa7a#3O|6`Zv{V{h
zp7pa%kvFn%j=j?{S_=F^&HnjvK@ke*T8k4)H}N_Q-xj&Wxf>Xb2R2A7b`komO>b`O
z%~AL8`PT84Zf@$eHgy`Ca+wRaOn-QDL&}$1H`E_`EuG&C<d}Ss6ohjR!1!hWuMZE7
z4>W+WKh}#|Oc*<XsoA=)K%@Yp$OuUA>pd5a(hy^Ol{<o^MZV4C&~>Q68=M}ExDMW?
z*W{m)Ik;<RkilAYxptv!T}`2808dHUGcE|XwW-*!>fHS<e?xm5{IAxY&(i;rLGxE|
z0Jy>b_wnk(j;H^93?=^5|NaplSO3c^P72`fQ2+aArQKQSbb|Kd_4fDcj~<uxzel#w
zV&fy~2LcX{#i|e1W|F=IHhcIPE&^;;@45)!v%C8UlnwbSb;+}>`z^yCW#H)(3J&{r
ziLXLmGYZd@a@1BKEfyz=g-p~{IV+8|?Ex7dC=Co$<Y-uSI<0<`rWty=Qm4$lr&3uk
zJ0?A-v<jDAH?1Dim0@v$HVeke&cFMYdUEwIEx4Eeq$j6_sTX$b;)G2ur8?jFn;zhm
zDi#r#e5ESar(+dDOJ^KU(IHV~2h|bJT!><>GUmeze~DOuH_h}?S8~!s<D?0*GY+{!
z8&Zy5qfy>)lnol^dMZQZH+g9^S9Smub&-qb8tTd$=ig}5*(^iTfljQxqd&RK_<8%C
z?a-N61F?$W&^4TZGZOP}EAo_Qa;X-8zf~Dos^{DtCAz74rjw2#g$9Af%Ya$_R<b?)
z;B}M5Kwy<`?J(#rAY+%&RpfOW5lvN=+QHMHvA6XL-HaRuEoDd}^}}#Q9$*JUondUR
zS7g~qawhlf1>X7--=f=X2A<6(HWn`0(3bqR1Qzkw%R>x`$KEmOk<9YB{jAEiOxtm)
zLdKMhd4BtyM5!Gpy9FSj{qc39$d}p_GZhBn^qLJ~8@ym4l?%hSLqxfSUso5D`!l)m
zt}=2~(Ux;-BPqOc`Yd>_$-=pV_qf~iokn1nvP`v#T%#@CPAx5|byrVd@s%eOU1C{X
z!P^Fn?@u-Z#F3r-<CTua0o(Xrm0av7mxB!0;7N8lQ2J3ZGAhIjU*n0k>%Ys^@XwrV
z<6Z?FqoLVP(a%d6;i!HINXfU+7(RXaC|r`5O^NncKntG?v+t#6&0vtF3k6?<kg^M~
zAN!a)0EcaTf(+Z6!wq=wbQ4>_Z!P*3igEd9JVlL+J~$XT&V#=Lnw>v+0{v;6KYiK>
zm)rqin}nfn0bu(bBPKPNX|pJ8Jor}OnrBBIzEfl}$k6=8gz2OwfJ=r7t8>euEf{>l
zl8(71VVJ#(0n-tk8o0Ga;|49|8HV$kAc~Ur9ht(LkdvgDqedil-#}YesTPtPpV3}#
z1{u_a`AE-VF>Ln3Wfi$g{&l2WLOix9$F1H30;<fc3Yg6)r=&xaWyOd_Shh#<Fjiqx
zQ)!unJ(9XpwE;2XX$94#VzpFus&HDMl}KzJEP0T)9?H2h2qois&LhSI+5kc(o2we~
zsk9gdER*TnYDa0&EzXGF#3>rt#=<J;^BdR&o=Z+B!%9}mY%jFCB2>{g`eXZLgk1f`
zB8pSn=5hL`ZP@?wpBv@>e|`L~_QOXN^8e#M<^Mn8Qz8Fz{I7>=tN>VjxYBtPfb`#a
zxZbV^08mx{e7XE@nTV03e_oRP&+pxv>BT==u(zD=ftoYOMsA$%9sNHr81Sz36ll56
zqlYdawq~CCaQL)Yf)@nDs-#X!I-a1K&F;}NI(VTDbih)@R(N|>)t;Y60KeWWD5>t|
zo;=fPhkj?#*%aCuV#Mo{q~Mt`l7{8oa<4+WdK-m_t(E;urosmCg{<`d^MPe%(*I#{
z@~_wbK6>=<(W5`<|G(+u(SKTTqW|r+P9!G4Z~|a7nDvM4^>&2`Fzlmr5KYj+<b-ai
zEfb?`jPcsoWD|siaZ~`wN?Q~X8{Xep9o$EY6VwJ*1(9){q5ZG-2nXjqt5hySIZwH~
zyYuV@-EuU&BJlHWF?r_RfW2oabph>Hf#yVg2~MV3oZ{0)Kh*Tu6>GyrpKiR|0PvIE
z(2ude(v_lRVv(@RX>Q~oCEuH7@L;GNOUBb2R;Gy0*gI}$3j}RPcW3VP$5}p!hnR}O
zd1mOS3KmaFU?_<8Re~W(E4mIRz!|?8#S!4k3EuvbrE8qJYLW)jdAhlZ$#CIYux>RQ
z;wcRem)aFE@+ZA~dUDegIcEV2gtMm13>fJMX_aL%8m6W-pPf+6sbv<C4odYfBZaB8
z)(l#0U6W*FYV8STQBV!H)jNdu)R~k}+OVH_kT$W17On{mtO4gsRIJse%+M|RvD7w6
zjC2*llFZN7qmEjSNz4}$w?W%yV%qo_i$t%{{!zsZk<2&B2dmWzxlA+|(B8vTI{Dk-
zJ5w76$L7}!sXTLF!|c+Jd{-Wpd{6$BL$vQ%hJ3-I*4Q0xkx`!;OnmaU$vYD>;LgLJ
zj>rG&hEIL|yy2Iydi<}(XyTZiVt9A7tFk`dfbeOn1q5Q%oeI?s;l3g@pR@R6F88mZ
zvUptFKrB1xPFkk2<BYsCZy>V>-w;}y<)*ojrN*C-W3u!^)7%D+E~HkTqS98{8#<Mr
z(qkQoK%7?N(YQc6XP}*AwO5_Y2-mxTNl+UEx)pFImLx%xZes~bKG~Fp$lVu+>?!PS
zovVU|&e>j(P|Hc24-@i0Vom<MS$`{|Fy0Z*uHjq@yF1S3E!1AaUN0qDORq*>iCly-
z706|6h~8OT6xmq2R$I|jCudX7<*1ta+(1s+IJnK!xv!>Fu~j=VF_{@)pH0r_of&?g
z)cbuX2lJX>i04F-Y0WzoEn1~2()&-Ju}d!}Nl^~W%6k%J^~K=C2-bAf%TJ&2U>o==
z+|?6h5s!v7m5X8UtQj=ytsV+oyL+pZ>pZ}az|}EuDwc}o6h#9e8;-4?W^Hr93zbsM
zUuBs#2~$8_z`{IRgahn@UA2d%sR|EGJ$Hjr&)=SwiXrQ7pO^3gtG?bkKJFgw2YXw`
z+duB?zr<&snLk6MFA+<&w_f+&?7!IA-#PlR`+Tke9I5l}^}*2&&Nsa2ge7mmJrwzj
z#lCX@O!^d)!-^w>&OO<5($`{wWg2fP0V}F+l!M0mUso5xnwmBuDauY+N7RLEfl=-?
zq3B0rSQPZt(eX)O=bLCHq2n{b1i<bbjfS3@^9Ljo+OG=uTk@~m`UR%$_{|~4YQFc$
znkC!VdAHX++Mb(R_+~*rI(psR-r3qcnw$Uo|5;r6VY%`4o7TL$jo408S_>N10xXVH
zR!iAbL2ENuXfJ5&2f<>Ma`0i^mk}ln!@0sI_(Kg~_)gtmx~O4WCfWN0>+V`qPIZk;
zyd7y_SfUA1wpU~-;DtLLE7ciw)#|pnYQ|r!)&>`Oif5EO3iZ{jGd_G-H%8r6)x^!?
z743%_%e))k&BmYp5Y2)Rsr^;6OO1uElGJRAV{;l&Dknl4lP?K}hsIQFiV<qPa7B+t
z(GZ<&W7B68DkbHk$p!z-H<$}PR0oxwgYi<^Tqvs)^=}s{yYhF~vtu^Cz>f~eF+|4+
zj`08fos*KUZXCBA$tcMw_P!a%J8u}$MuR344V!Ty@sb{zy<ct?yKk~zapLM6(>|Up
z2k*amw-B1%>$o2R>D|H&b63iGrHa`%_TFA0?OKm;h!{rVF7VIL?2<{$rcZ)9O8P@{
zcpHTlqJ>}`3&Vy=@@P0dkAU&m;GA9?R=K`iuAdf@VRgBIU2c$^!NFTuZfKX2zEzbQ
z+vUc1-d2~(?Q-O6UtMl$mt&EzvfQORFK~2Jm%FmdUCkKqKTW|#UxFXnr8FWaC0L&V
zoAoslsGjTT8lr*>A+87a;ZInise~sd6X5IP!o?Pc%D6w{zCofqIkROT+%WA>?`lRP
zE+e_^+?_%xH~%hs`;!q*mzKtG0I7!T4Nn`<7{XX|gJ`$G`$k`}$v`DTvsq=5pi}lH
zBNY}&an=x83uNX64?5f%yWP!>-LSOO7z5)IqU_bjntl9cI&s@R=o-AdUU6%s@6#in
zccv_=G!wU4&C(g-ZvW+lb;F=a^foAn?z!o;z*s4rI8vi}J!poNA*(qW>^e41Vom6D
zJZ`l^ZzpJ!_oi&aCyMrnWol-ftEFRhV+N>`Xc(pa3jWH4XdM@|pNg~Hpg!?q20hDC
zh&u76sdPyndGlJVS<La&LEv5}L@RkN`8EbvYD51<MFzKRo<VQ5*4f&+Icyf}ity*5
zd*)O8)Yv@a$E_9vBh8A!cXbY$<ivW5Fc=WWu$rO)p79!u%(j&y1_q;spoh6E+Tuz*
znp~laQ*;v#cAJ&G#r`v5LSkZ>kt1miTjDAiO-F%r2YDh8NJqT!WZoP3QW8F~<{b%;
zMGG{E!g8VPD4|IS&mc6&?i<DAnk+gp-i+e7P0`}GBN#2MNcdLI?nFYDGG%FqPc`lb
z&L4FGJ7Dk$78Q>uwRpmvzzby8Ny5XmA0z`bE+t5)B^yj(4ck_KD3LRU38c7*`do34
zy>7vi^p9L{5=b^SZZlnZ)l?~SRCTQQ6Q}n|ehaL~J&b_!KpoULn}h(EqMO3vS+gyq
zpW5;WN-h1RtD}0U^zKyCpKVfbokwDj>rJd9`};y7iN5sWspL5~(s@`#YEkn!qJvQM
z1x#rxWJpqKh$U#9h)KOx1yl#=?~+k7LnE6GYK%ke)ft)tIyjABOAfTgSA$ghX_|th
zrB=bdT%CBa;2q>eum7*Ma#hD2E)5y-y3#%jHuSFzWHqZ45<woc{1-;S#QFng>}qQL
zeRuoGEp@?F7kt5_3m0{}X}7gH=JK7ik2tNiMu^5Jw>;G2@-Y0%jfO=^T0pHaDKJ#k
z*@MM|y<+D1N(s#X4DX^3dTFUlM!q5oC+L*`+lUK63V^e$z?c(oX5cl@2o2LHNY*6o
zPbay_%2&f1Hx{fM*^|OuSVgKWfg)T8-3Uff!AT*mCdH<b8XK27O-IwJbq7w4@!25S
zO<$8$R@H=hWO!zj#w86{)W8B?2Ir}v^mMWyV6lSS_=#>@^RdjqIr9W?)Mk}p)+||y
z9OY3^7Xw^<K%{%PK^PGjN?~K9OBa?Nf^=?m=aV;xQ$2{&3Gk>%Jn?$(@&p_F4I^zQ
z*)(@L7A$QB9e+TgK6>lup{f;NC2iMR)OJa@mie3Lv{Ch)Qne&?r3&>S2O*`lq-h$5
zPIwrYSUlgzmBR6`q(RESQTah@r3ekK1*$Pn<rb`i43cXx&`d^IW@NrbK@E)r2||=R
z;`?=#7wu~GXtRlncU!cH$8}g!QuC>?DJ7XJJS(qPwKY{>z{WSLt#7^$JzTT)ioap2
zWOBRtn>UVVL+-G3I-%RWPu6#WGB_QoqZ&7p%uUtAeJYVIz!RHxQGhSj`}*W7xAYkt
z_bb-^crMKU<7=)BO{Xg-@em?)*8f>x&*Mn#ZnI&k=)8;VBrpFEpvKOKuXJdu!Ps|N
z_@QYwlV){YV-&tnQ<BjBi}airIg&=}(4^1Z&!kyI9_&tnhe9cRI>h7h(eQ&_TRgC{
zG#b_uRV@jbbsLdB&u5|WM2z_;QZkiGRDID(uznLO-DU6N**NRWSk$9i#oI<t*vj3Z
z>L!$$LhmnUI?Jsr=~mjeZUtuUhf-5GZ`_!m>x@QQHw>)-(l@FW!s<b4(fsB?))LbD
zqgoP1!tPxtIipPVY8sNnB5)N0i;*Zei?qYDwvEAT`$hrEso60#J4SIh?071*wry^t
zJajM%51L_KU!KQ`%hTEe0Pz%h<4zq%Z$l#xq$S#H_x-TFU{$ZV6;}Zf^EjHID8)B?
zFoXrnuAU44PTtn{eZ!6tSlbHBWilL6I7Ot3>{;|41&{NIsYQVp+O1(nh0Fu!5*_0t
z7ROa)fGER&R8!`l==Q%#v_iyo*M@}~Yv6Lx%nxnSVGatYN=g)`^GJP%=y`dq`|pSg
zB0-7B)ImhU6*WSWwJoqvt8I$_iYv$_6ZHJ11wn-t&1hLQ#vd4NYm<THZL=+MoI_*B
z;GVT5Y;gR6J?#%?lbhz}y)2Dqnj<8irT>|=Gh(wF633RozFSIUn-Du-bT6BjR0vf(
zPP`7=Fj{zQr0(dZEC*yX7yv3|!&rC=OG{?p+`%T|le?oVixN+0Pqff(Wj^xF7AkKH
zw3UlxnoxqGrA}`)ltrI_^Lj*EsO2#9+GNq6l&Z<C0H@RzrHgMuGGn`Q2L(ZF^iPS>
z5vGI(B$K#ULCg#?YHc|A91WsxE-7OWNc9>+wku@Ke-b=V6)f{fZ~xFalrZW!Mw6<d
zYxt;WJwl1K&%S4JhbK}mnqF0T=ixh7t3;H^*U8N`<!zUAc;mYA9W3AREO><)-(bN@
zw!iIAWyz%tjuoHa78ek!THoZTw^-Wb15c5D%VR>rqq7^&2b`!PJIP?PN0jL9AxfAk
zeETrzCunK$k7=A27WWUs9G^@+Hh_y!W?V+is6;!!h&1C+j=<(>KcQU1!4w7<F>gFX
zf-c9Yx{P(00}7_X90y*#@D6IX_{*417_;5;jyc0BY<BZbD_=4qcwLF1(ZL92cHCP!
zi=bKCbfm6*Qj8DSKZi-!bS#B_!29?mTx8gKVpQPrP@6nLel^OMF$>bJ{-sHf=;HN5
z_K$&%%Mm!p^eog!6;M$r=~r!I0874jK-^-R^~fa-!QfKpaH~~w+U8lew2cm<Tu}vj
z(V`PciNaN!wL>tuyOK^1Q+``oC&OSns>WG>aNKNmVuR2IP<eZ4iLQ#5EfMiPFS>2m
zOyf!ulW){xHD<aZFq2)jBGxKWL-mwda0L|6H{Tk}Y8lKKYhOy#mEn|jfFiPa4S@xs
zV-ZVyAaQ+(ZD=3~d@w9unT&Pq8I?O>sUEBlU$vOsRI!)*os{d74Ia~_%u=98E%(Cq
zGxWQ$W~rmF{*z6s0sD<*^k^UGdUt!9l(uNBFM1eNC;gf|irw1bUIv`Zl3eZLR&H;3
zip~c>LS05(pR%Y$P5l7EWf0+g4C;pPI<-0=oVSk^M2F;p?2M71Z<@Fnn-fPITe^Dd
zntZilpH-rBt$n_5K>F}6xsvE(zQQ)&Jo9E^)p^nHbL3^pb*Xn3Z~(JiAI@l_VvxYo
z89UlF?pHc+aTg{Kqzu1|a;SlU>@l=_y)xYgK;50M%I^%aL$88!wY?q|PrinfRKfh}
z(0a@Q+a(YQOO!{L+coW_<#Vw^*Fgp*9N}PC$otBa&lZT3i^~ZkJ-XmowhUUXc1#G-
zF4qyD@4E_f1t|2)oom~&*h1A=<UK0vj4iL16I%v!<Z)f8ihoxPw9xk6;^o~&ID^iK
zC0r^Q5d$Xo`_s{MNSQYH62P)G_B2sGo^f>WKLFQi@Xg+RBFS?8R#5>Hwuw*AnroI!
z{yqC|_MUYQ*S)74!_eseXh+d>pLkO&p;IljhJm7dhb+ZEN`yY!D~XU4)xi(mq`L%H
zDS#ac-lr7m<V|O|Y0KQ#?-0ctH@&Gsr`3vP&=n3HliWU*+9_#Gm9v_rfot09Z$)`E
zt#HgAm8S|M*`Q`-KZ)FQza%fw-5Lu#z~iCNa~i?Mu{{-gW7}t|+B@A<z)%pPYyxBe
zZwLx~JE7$c-IpXcKq%Uc9=q}EQkoe#b14&#Y@I0hCJ*Oj%OI-aQJ`SaY}9XJ*{${-
z=2S}+4CvYHxCL;Smz`=S{aLa&R=GhM_fKiI7{BUi8J{I@l6r}u7>ZnY2jNY5ZPJet
z7kq2C%o&WS=3Fh-6nI88Wy&EMB@rCkomk0gF4C}>mYr*AEY&sX<yz!!?Q>&_tpt%M
zeoBlbF=VOBPa1^+Ep}|3izf1~F$6>=+M0>Vvln}_$V|0$_FD7;A&HP?9)G%5J`?r0
zOp7fXiC)LDCu9}(Tk_$Bt&kT<F|}^1jE3P81zP#^dESn};))8?!gj7I%M8Vp=H!ET
z&eEl6<0+amHTY>`;hXQjU;h64(*@l6@!INlctvkTbfNgL$KAcTN9_)_z!c?l7@bif
zmPnxM%pE!*mjdu&ckAWR+<a>(_|MgO@e!TTO%G5b$NX5ptS)@hTBV*27AO>3W2wE0
z^oI?Nk$>ZXTm|Fd6fKV@Ktl;OlEd(xH>4K_hkIMcI@}p`GBjZ}@!;CoKYnqzx7*#v
z=k3+7%!mAAn&GULlPx%02oaUZ*=I%)fSPWo2#fz)m|rLb1L19}@1k?Fk@-GzeqmkN
z8~kd%rVIA9W2qe|TEX6_*NeIJ(%NuF_ad!KDqFEw(fMD0oy;q$eKWk(TfkdgU7bhe
z<_!=lE?@6DO#U}#a`~xtxjt3f7WX4b5_&^~x6{d}Xv$BlP_`Auvrr0J$YK2d=nkNm
z;6)&zeUpp~wf?|$bmEO}EKQZZd5la8H$ujg&OVySjHpp^;__H%NoYJhJi8%ug7P|b
znGA|^)2W#i8l8aN=BU6JWqA>rigLg&YmYDOm36y*j3+><a!U>J*}eHxKa|_dB~M5;
zv3jIJTgb#N61^v<P#~q`E)C0<VnlR&(F`<dSu3k=yRZlv^Lg(GFuju)>E=WmS1JgA
z6jG=!AAJ>7WXx5k6LWc36wd^BhY#Nl@p|N)3_$fCdPC1y<6$Vb>O9n{qwTGrgR#}I
ziCdL!>xl4`YTJrEY%b`4m@B^{#Q>j{j{=$CnFj*YE9*MBqT&_#*OIhwYmQVYxuq9R
z0t>9;)~HI%)QB)wCS7qjGlH?Sq(^%fD72Tp`Nm-sf0JAqIQ^b+7|sr@t2z1K8EcLL
zO?uGsO|9MgZ<d#rZP#Z4fK&BWaYOahHJhbt!-5$W+AOZ2_!6a@x1UCQDy@%kJ@%4i
zS%1N`7|O?hDaC06`^(^(9DB!L6SJg(Os?&ubFP)Gp$5>Hd`-M|_4aN!L#XYN*;u{f
zuhO^7^lfUsUYW1Id|{7uD8sMb_1JW>tC_OXg>|pknSS^3HjB<lRKH3G|52VgW`3D)
zFhCm~x;G~2)E4Y;k1Rk%q<jl_{^0}fde3h+_s40m&sI}+W24oFbSc6K@strO0PGRD
zQMFfB-P=vMTd)pUN^oDwBq2$2H9gpHV8F-K^7w|a{3+?_{2BH&G(x^_T!QyEEP-p)
z?CFAO4JvRg_uBT*$%a{F@W`sAVUBiQz!cKr=fV4Nx;s2ysJ#BIVTjnc)`|1+O`k42
zW?gcqkE+BgHy<|9YF`L89Q^i<acw56bqG8`!qDIk1;ENxbnD<(jOA40Fg^=7*6Um3
zMR0X~o5#>~^GzMa?o*SV;;xXV_*I@_oF{pTU*##?4K?+ZuzJdK(X_Z5d2=Qeta~Z-
zhHr_~?Us6)Pfr96ewC*%H}Vj^sb?4kLOsRr@?3${H{0?YL<xBc-}Ezz&#9l&FL`G=
zV){V=Gvq0K=jUuwfd78tM5Z=J+ec)LO=67dOT``+)5`2sQV6rTBfT*Rs;&6LI<IeK
zbW*mVnT|%+4*4h%jh1swsoPPnBxg>cld|ZJ7;svJEhhBi+qP?auuFVp;HyjpX!kUU
zhXXDT<LdR4=^#~w!s41BFQ|Kxf_ql~oKbwzfyoXqiLl!r)C$3--`#oE+j_mj9*ENj
zvkmv8VBI}2r#X-HCF{}gAwb#R+UquDZ^Fd?C!8>>a~d=_(cj+dt>fOy7d!hDX-cj+
z%q)QXqBf7cZtgV6CGLib?jHDfC~0LJGV<>Z*8MN|)W?6PS@;^^-*1TjzV_|o_No{E
z{n4Yx-~Ji@{g3$A@!w^|DgEbKM}oh%SK8kN?e_Y^@7Gs5<>2qT(};6_<Us>dY27x%
zC%3yZ0_?*ZHP%ySry5rDG2-m*c~d3tZU&SmJU^F0;WC0a<_g3OqDm-cfSlm`68Ow$
zQsnEvWJ<Dl{7o!p#IW!;0ou>fmiA?kD+mC4%^nhzP#mfy10WK)FsHD23YBY;pd%at
z7#!oHelbPXRP^(@lyVju;sq=4Bk$9NfHd^vj1UzFg{_3nqaoMJhZzj%BrYyvpuej$
zfRs80%}?`~M(`t!XNpW;6pWH93S@|Rq|k%5Paa>AriB7JJj3kk3wdx6O%j@Zg0aQP
zrH~bb$7vxQ&ttVR)b|KvY#_@psWRP?Aqyc;-m09zXbY!CvK%in=d4)v1@o51jg@Fc
zFm`5+kkA#U0R9oG@f>4D_k?l>TFpv(*=6ds$x{+zn3ouXab7AY!z>yErxE5n1@azI
zG$RmGzG())un=>GbtW-F%Y(Bl8!Ss!8kIKy4wv(rGYQay-91a~AU>I%d5HuDnfIWS
z@a7A0+w!)TECq70q><LzG%(klzwd4R@@(h$h;D)a11Ql7J^)ERcp7vb+xJ8Gd~Ob(
zk<n=BO~bB@F+){CZL8!KCV`u4w1X#4RK?JWjEM*{&MrHRqM1s*gvJ?i(G9e5#;ksg
zG-T%}ej2he*a3j~a*8JW3lJ=Tq`nJHa?Q}Gq>LDf=2$0cuq%&4J)gvnW+T`_*W(!N
z_GvC*Gt-XD*p(`P&Q9^t?F6QqqQ}GR1E&)4RydEZg93$2D1VM=YRQYBBY2!I+gEeg
z4IDbo$()%EoQmKZxqgt@Xtl%N$)UJ3rxcBvMmJ~R1v_c+8ecWWp&6gKoK2YUk{ee<
zjMqNBvwH`nvDn<4PI)UzVpCk_AwrECrMgg+iEGBb1NJ=7KYF1j;q7A*VDnnZcO-~>
zlJLO$JNPx=+t{fv>%W!Ch}`l?EK4Y*D9JE9cA{9gz^3;(j#j!u9a+ReFl^;VCW(rQ
zrd27B3>i+I&giX7);nb^L6&(b-XZ{8K%>93m6ayYE6ho#R-wVz)LIP<doMYLWl|#w
zQ71oA7N;ezYt#%Lq|HDVbj|wO;+(>L663z;?dm)1Pb8_Cg<-aE21|rabYm_f9@9u>
zt+OC=j}^Qe7rBs6iJZ;@_K!kXh;{1ZpoI)e(~m8flgM8K`TY|k0j#ha5w9Q<G<-bU
z0?ipYhJysqDT{JcdBdwKc53CiOpP#eC=j0d`p*sycDq~q6#xun3QlGK*xh;gqfS{_
z0mhJkU|a&Dv`#ato%OwXpDaPr#sL;g5zpR3*#%@R<V#MB+ju<5#>l0_v;%<z4w*?4
z(rBMj!e|lBpfDI@@N;sR5RbHC-!xGrZn{x}1eC0`NOIBn+E`$3UDzAeQp@EhwD8eb
ztTBWRlDm&&)}pU~;BA7h<9~1xaKxRDA(ruCdudY}`P~u{z*7aBDVc0bJOey#U{C{X
zU_NW+anA`DTm;^4k~KaW=F7p0WCGK3mLY3793l{h&30Bm_%*+PVYZPsMi3_;{ii8q
ziNf}Ed${UI1feB%?*-}9TRIfpW#!y^ezUEQijO;kz^tV9>{Cmc3}rpN={%*elBUQQ
z=Og(u_@b8?fvo~bOi<rVsUZqZ^-N`TWC%fKIT!UzX$vmp(5t#|9Rqbma<^cwQbYWD
z+1PwLEcse9wWCl@7RAGzXwXu}SLU!1z!c;5Fxw3ghaJIX-AIBk+G9Bc?Zm_4(2T0u
zLU^0(BX$vUXeUI&-(!dfO9w4@f6xOe7yko<q=S<WIH{ciwh?h`v~XUq7NNyw@D9%{
zy6r?t_Po3G{8jg_v<5lK2rx;c!XY3!I+c7BRkFc2l*;kYlB~kSrvQ!wnwwe;wYBNB
zEKrhK;;F50UlBe*?+Fy#m?Ff=5uMQ@OJgSlgTjnp$-yk&@P?287yb+<x}nI6cD7Ov
zV9sCmCeyU6^B1~mbp8lv-X5dpcjdc_Xg>Bbnxsbc$|PTOf<N{sRLGt7ELtq6-A>8W
z1)F8BVptS)2c(z=YM8keG#Npj#hE<uO3?8QdB<C4h-HX!U(t#O0D_8;JAt}wL8HtT
zS}qg**e02AVUC1mpecK@WZi&3AxylS<G7$0diy)gY`6!26&U=J;mcZ^{^-!$z_9r4
zaFH}?Qd~LEGu(n2%@Zry(9F@=1EGI-FFSx{jJw?G?7{oKN*q%}Z!qV;`^;n-Itj*N
za2Vs9eL*G-4Qs_qYry&KDGe>hYX&6A-@apm$Hi365%&axFU4h6WC;(x^Y_H$vx!Xj
zSR<C{X~{7iI!C=o-FoTlim<!SD0iX1ON<4#j>|JrIxmXt;gvT&LQNS23l{u+1w(Di
zs0nX%p~cOh<9HI`G$rpSjg|5BKtV*_DD)wNWhkZ^P{=%Di<2m2C7T}UcoOIE#R=Ag
z1GHz{8D*oufFx;l=>)H#`HaNee>kjJf|R3~R8OrT@Wv!O!qZBl1z!-C+t49K(5^Su
zF*yQN6ZutjGa|B~yuk(7#LmN63jaPajajl?8kN&?U`zO=%t<R$p4v$|KF;Q+K4SYH
zv3aEeQp={fDNimC#VSJ6OGlW{k70(hvkvgo@00-{^%m`+N$ct!XKlr0Ye(nWJVgM1
znlsfci<K3F9-is#TfleOyu&kV_f9Eim~5teIvQ!k_<Mx4U?r{!v<`rWL-AcA&Zmgj
z!2Kcxw%K{ZvrXK1&^#uw8lFAb6r~#epzQ{)7B}@S!AfLT&Z)lCd4YrJdx5IsiSs%^
zdqx_kk#ykMQ;$PdTUW|E2N}D{e3-(#aza5UloT!(i7D0KvGLBc_C)DafGOg+a)P|+
z8MH-~NtB+!-tPPzri@Z=;zGSs6*+n{bNtY{<L6k<H&BK%-O*v+j$AI-ifsT58}|7P
z;e-BdoqPDA1|R8kuSZAuI!+@>#HEpwQXo0#=O;z757*B^SDPuhXQGB1gL@;u;H+U$
zO~}hEN@{cJYN8Y!a)k-nhU!321NGy^t0^I67EQ07ZB?agjtiU&E$&53*9o<pEvIJq
zryphpitqIRVSz&R83eJof-y~JKQtv38<SQ`Gq>rne^2m-6*`7^(PStFPCkEWSC%!Z
z944;D-A6fOcoJF!XO}}Q{iZgky*D*qswuc&fe2v@#*e1a?1~tGiw~UC2vG06erKYA
zal7ob<;5P+D`AT114AdO6Y53ppPE|;*~TT2ip4*bbWw#;66nN6Ff4gt#z@$Z#+L>Y
zc*XZ=q=xWFc15$ydK;JxWU<l;@s(^CY&sF}Z0t}napgPNbndQ!-VfEjR<bghPFX|5
zBJlWh632GO_`POcl)8e2V=C-ALlPoRV&=JKVIXf~`F>up>+nl997JkKJi%ICpPScu
zg!o$K7)tO<dd>t8?`7~gA+k2pA$Bzq>{0EqZpdQ!MtIDfO{^@PE^QInSI9PY#F#z-
z&R9Yn-R|1F5j9Ofoqenzo~xB``})M{>u;64&Ce%E`qAF3HYH&&8|sLi#H}PnR?}>G
zO749TVdycFP1HVNlT85v*seNr%d^%#X<6JXI)%i`_z}&4P#EV4K#{ys@Yd`B4^+l)
zJd<aVZq?tW#z%{Af4VnwPCNl!%S=o>6mD{etAOI#AwlrZQN~b2)TN~E5QUc}HbUh*
z8J!ECr&L4ab^5NxL#Tso-ruwcw3#d1(lj^Z*9iri{&*CnlepP2ZzetKNDGJvP}i6e
z2=je2Ik2+C%D!%B!fW?8_#s#g)_qom8*{c`lL1x4@R$e-R@W(4LW)0HUDFt&=nyf5
za^ftt-)Z@r15;Sc8S(kbJ_NYd1cP0pm53wd8~uUiXxuZ!hy%3COiRM!p>SNN#54pp
zRb<qXhUo5#crJ^(rXD6~NzAnvPqo|CnNXZ#rUq?;;~3?*b(c0R?pHOBmzj}u%((sV
zHkpwEu0V`ZH@$j%Hg6e!v{*`)og^rv(jlT;s|F$UfUW##cpX**f*|M%E##6AuGAa^
ztT+-c=n5Rw6V!r7?j`J}ub{~iq!!igWmV+BROlg}#%M-C=&rVd#r8DRE>TvS+r1%>
zU3`q%!n1zXKx-fq4nuJl##GgCHt?9eE^VIVe^%AR7V&7Dq4BE9u-zbAt}Gp1BO#;f
zvk}pDO7@Y9Zby-Kw;}t~TU8v7#T2P$H?XqzYL9%afT=#eaZ+t*Wy2$tL`rMOk#)~0
z9lQ<sma>jvjm4){R;UzdtTRzpqVg_X<=H|jUw99kV$g8=FQTNyX;OxJ>87nW)TbYE
zx>otnziqYNd9t?^nmwBi`PP*#A|gJtC`^btuw=9GG0)+WFXhSzResim(FWf`G`*WS
zRCb9q9a$GDJBB2u)|P{vQ|y6X&6vv3q8dB7G9-#LS*+vqB+8Jl8H_-H@u6UkRSXIq
zC7v(@Y+6_&D;ofAm}_{{P29F`VN*k;%V(zp%FZvaE{D~r3bnA(Eze+m<0SSX;~7_|
zWgcpTk>fBm^4Mb~9A*rMFClR(DNSQEUDO~>!J`r)DdbH}HU^ddA+5wdOMA`SNa^Mb
zB@O?g(s%`VoL{)%v8x(^5lrgB`J`xuQZ1)0N#Qx*`KX>}W;AhH4cjW^0n%t}>4H5}
zlJtHh^t0weU9VT+Hw}qru@st5NDK?n+?!B!M-Rq%Yh6+5{3aTl3kUV_GR1?;x^^c~
z4$XscEQAfHS{se6t8~I6Kv_kR#@91PwH(020$Id+Sn?IaeHHrs!a;31;k_@pS)n@a
zJ*T4~Fw17;HC1uRYxaG~cGp=hqySVw-IdH*CQHeohobUmU<(MWt`?742l*m0;6<^b
zV*|>yp0d&4CgQ97*s$Ifg?d#KnwvR+LodM{VQs8?&Q>YW75iLQ4>zo<O%+97LUM6(
zNM@7C4AG@?w6o7h_BAIcvu2tEVtj=*>a}r?<1GyQDcQAXy$10zw#_093uTWdLB%@<
zijxJ*h~HG7w7!;}&bGGtsCYWEl+u<hhN{{Ycptx#-HT@lrj19?&(#=krLG!{+AqcJ
z7e$&V+1bj+zSg*{F^3`72R%R<w)ghU?5Yq%eB<iz0}9yqaeO3RYTh}i=2|Qk)lz)f
zRI7;=7f^emEt5#wcn90PcZV6SoL_HtYv%ToWg~BbZmY?ypHO=?zr@~jXLr4R*{h-;
z+DAGs>}_mI#je$feW)FgZ!&zGW$$={#iL_{g$F#FRpB{NRAo=H=oulPbsZpq(}CCw
z0=yIT4;4wA1lTdjrf26a^HPdqbQ{aMFQ+lLwTrVuk=~M~)KZlSx-x^Z*x^JS97nCt
zU72n7u>>Ea^|U9}669AE|4mVt+}=5d37tF&u!_lN-};nnK<jRCGzLOZb(5n5uXvWh
z_E`WgqO{>4wAmc9TiTEI=UocV!i>i?R4)RZ?6b6?x0rpkn=FCnOD9}j2@Nr}aSuK=
z-J^WQz#n{^F>X4s>c(9@zv>6?on`-$!ROk;8^>=b$c>}6?)s<c3EE=z<Os6P7srF-
zLxoof-XwfrN|7MK{WG3q0i|IQ+b6+AA|4;KUXuiw_laZ_`e3^(5*Sq(Uw;ra0>cpc
zqNQdJ(LR`qeC`^3{XiyPMgaT}Jgwp=DVEUwu}PaD*RHO_CvJ~X9-K^*p<I!jM3|On
z0@OUt@ubYNNx{AaX^i2roQxWQ7~HthVBL_=eo^IBw^lY$NlA=AA;J}9@;FIS)JRIh
zN|_G_g`4aB13*Eum$sTUXLZqxrjaat2v@AhtLf$lyZHf6HJh@j-<HZNv00zv37HCu
z(t*$ryPYUK!24ohIoJx`t2fGxL#gkz>yAO70xuZ|W!SzHaR{C*wciQt#h{~uU=;^b
zywy)b@(a+$#W*luGwAMys@q<{Ez0UszDWE)!OAp(vI*@Z<}`}V*c~T`^`OD48QO`?
z%!ypukP=e1Zi#PNWOtcO_eZMx)++n!>?QR|tP4siNO!#ztL<H&m}9Z>UQHXpD_>I5
z;`uHR9}EXWWun}KyReh-x#W+jh}>@Y@gkmgpS^h*-n+*<93jeQIfUsnfK?3OC(Fh?
z$vL)%==jmGPm^|MQZ`_kmCx(H%m4qT_z&k_p^e$`A67e^wTI>S50C$h|L{kA%JCo0
zDgHxy)x>{T4ccq#@c-4vUoHLvY|<1{aEO!qx$iZ9ey`e<-FN~kJEA0<Ydk<tW@RsE
z+_XhWfUd&ur}Z@H!Gq=Wqg8^%CaVNIuwIL(G}mzIFXQ9Tbj1?T+@^|)kLbNjZtj>-
zAh?q{Zo{hhS$zJ+jV;eo^vr7h_U!h}eVDBqnbnKCNSqFwyWLt3)eWnG@cCva)lg>M
z(Arh*>_}Bv*<+M8>Q7Bm`3sKE%084%Ngaym-+m_k|LHUP{7+84MgXYU=YRXr<96FW
z|G!=9{CWQW5g-5j#}x+#puN2I9Wnrq;PhYVtOf0F*Vn#VZ$GMF05}L7$u~>{_M$Wy
zV?Gm7iQg(3lpRQC0A#2fNGCb*BI)ezJi8%~PBgv3;kdzWrja}|@Sz-0#KtbgOBw3O
zrz-hS>KGkKZUU)6Zu*X91||YMW|F$_)!GIRm9bXar8H@(`A*Z#No1S;x5Wu1b<AQ*
zkpxvBL46Hmj9C4Q8%b#LZAX){sqv_l)N|1#bU2YjGOBb3rNfHSD$P;H<nOVP?@(Gt
zEAx);>{$_-a1ztSJ*oukd{>T3sIM!N6`7r`PR(|^WMOv86;X3(=c;7SVr@&PQcU3e
z2y&J*uFqaH6DM-ba?`%CkQMFbE3Z+<T_bJ?^)|O&sZn&5)&&5SJ0}cICF+t}F5Z`~
zN+k+9^C%ZLI$s&yfUEEXe4FOxl$60-=%jiks&vcb14F16!BZS_C<DK6)rWd`x;mD%
zZZIn{AQJOeJ;xp`aH-R5uz5Y$8x~2+f>;v4s9L#dx@kd?lv9+Y^gqQ%b6B0O5vo(v
zVhl)el4rxXh@FU^r9IM~J;Xw+pK1tuT%zZc-oZjSHe7SU6ktW*rMVPe4r16lZU}`F
zr?j0K?@Tggy7$DLb!{3(;ZsP{O=hhfO`t6^B($Z}nWHLNt%`14ouzKgy)I5RoE9q9
zuj1g4xQJ!@9J+=9Ku?1>q<Pj;_8u+J7L@z%DRjOc=Q%PYy0Uhkh{;)k>$10mc!I-j
zo{l~LMzdGF6VKY8`h8wL5ev4PFUalFcj&%N3cl(X-Io)Ljc)Az&6+yVJ9sJQD`RC_
z+e%r+Yg=_4GRz$mOqm`Qe8+)ZD68`tQeFs|y!B?;FuS3gVXmX{qv>?JtD$Mzy5m9r
zaN1@IdMxgUDF(UJSSAC8R@)i&S=F%R1lv^OH-0(620VBIs0Dvq4y*)g$xdN-;{?-}
zC51Z`*{~~DD%N0Pau5MN$zG=lq6YGMzdG5<(9d?F(^AJ{wOR?#<|rrQ04Ie&Jhm3m
zN+E!;m**)vbv&-&uF8jaQbve1%`an|RP$O~mkhC??1T=-E+^TrCUuMB+l@o>IqMP!
ztlm(@Olntp;pdm63Uc3%i3KRYDBgLAMb^9ntCW*~{oU_#xBL_@PTswE+zj*#-#SSC
zmxW8gs(+a#{f~H$O3CF;;9M94=#;xPJj*6<5{<~@bMN5!o87I}+CnopBykc%#KBp7
z33WHHVz4zBBsomW&v8D)021x*zh7Gpo!}|TExA*ry-S+*<##2Gu6!<cNH$jkW9gx{
zO;s}y|2Z)}6fV!)(YMlyh1b_zSPz!MVxc|GzxqYgQnU+*7DY1{jpH=OPTeRaoak`!
ztxjECy4sHxZjcV3<C<@EbGcTDZT9t^3|Tv2b5x-x!HItlh#-b=kYkh-8aVXdSsYG=
zHNB!s`--(0@}H^WA2Nidrgmrx*nucV_NR`4n4pjtBB1|gX1i!cZ-?(Ns%2xiG!0ie
z?>L(D+v&S{F?r|`e(TND+S?l0R2cgfVi3&{LVrRnyHS@qL}>^N_w+IvQ!zN^>@MkG
zCceO?8=tm@c&xUas4~Jh`kWEcV;OzjxRTlt4{Jx<k$k{B;^f_vn(-zEh?7~RURI+S
z(QxWl;Wq2=1iR)~BU=43fUFs>obylq%y-H&zgC+0dJW9$<RU9-H-D>LkAeD~Jr4bl
zMh&wEr{QbtCQJb`v`^?8>;vj(8go!W+9>40JX|6IH3eE@A<b}u3=seV1Lw1LLpyY+
zsN?I{=JIkP%~E3@mY1j2BGTew^21<hDGAUsb4W;o-q5d0ZX4xcLoEypUAff1>4l>s
z_vtkB*>IgIXEFfh$hEEpkZ=&sYfPApm`R0jV8+&Jeb8h3AhU7v*q~NvY-=jnwllU5
zPlo@(v3;l*8@HO+9kD<tB^72M86!qFX^NU2u$ug%76N~8w%IJKucuuK+_YuwGorB6
zwV=U!A(V&<)>87O0R+}t1%*M4%E?mOMrIS{2y-`~>5B>yMxn{rPX_Tn;j@PF223zk
zB)u5gun1vWbkMb|N&c`2TQAw92&2QzWT|7%jzdI0z+2QRZ%#LY>E?%)Q&J9GoRkk{
zN{~fRr|3lt<bX03$PloXEWy}#jU^`8v_Snk9mFafg04{J!|FuIoAl@ahB@+wt5)8h
zD9=G~HVGNL(0C75jgyPw>Y!)Y#NzG52aOHFB1e^BC$PV*@;DcTj!}+`qK`0<Q%;S@
zMrWAP!qekei_%u6_KsM-@`Wj}tCMGe7}G=IkX!k)Se69&PNYhc{t6ZF^G&6Scb_Nb
zMWWJNq3*6px=Nk4>I$FWA9*4=j;7Mf>6}$aeef}VQ|YQ0Vs0Sfq|Gy#tVvT<lhtTe
zo~m+EBNSs*QX@TQW$EkRbpJQw{&)0MlK=e2jrLz_?MILO``>o^Py4Sw<m24`jwJcd
zcaH5>XZ_LY`s!-=>i0OJWM}8uApeYe-im}Nqq}EIxpkHk)nIk%6Z_eSuZQp1`YcWR
zj_HagjYhGdd-LcV0!NF;!uWLx1ZfZz5q@W7?L3m0dG5u$(gNWZ#bEi>igOI&$<@Y_
ztjMSUhT@-R>ZHtvj(e!Vs-i~~DblThU{;(0N5TW46X)RYdG|0l-c!eyPA5m1<<j_4
zeyNvdeSR~_1~Gq&|6$%ng8@I}T!C0_I^-{d<U-dp6~@^mKb@u{{=%6J@k^l|nBw}l
z!S8T<V{Xb%S~F=~lT&P)<GtR#qs)8R*hN>}5zPT<>tSAwR45W}j&xKgDs!4#HN5It
zm3|@N7XU9MbrPYA(&HLKdd*sMHmPZ@?rTO-f06-aM0rt+=GQsiEV;5#ESZy>vKnQl
zl>WfpgcbgW$8=F-3=C;Rc@x(7i1H%Y2783pRUR_M$a9fVP`HNTV8n}=ULvOpGv57+
zR@*D<^kSs-VrgdeU-L{1T={+dZbxuwPoF%Y*P8Y0V{Dvr^h=NWg{MVQF<P{~NyYXU
zvBI-%vQDmntoT|bw{T|7pcBz%M7nU-n=`BM<s|L4%AY~GtVLSSLMx(;l5i|>$AIvY
zcMz26?VxxGJg6!o^r(2Ndi_pKp3GYViv8f=0Vdma_5n=@h(znY$JGC;2^9aAe`fN3
zU&HwSKW^mz+TT7d^M7lrfAW8S#K+_R*!cf3oBkmS_!w>f*H+g%6{df8=KqY<|Hv`<
z$6vJu|JcLe=dHtia%hKx<T{%oGlTJ&QEk9#DoXo<9z*C?&Y4@9_b|*&JPzg+S2K^j
zK-z|#z>-Y3_j)_~&%3`g`TKtNXZz>NZTYfy@VqNuyMN)tVRZLs4loJVg2(nk5cSaz
zfe$38vi1DAR6ct1OhJ6JE8m{){A5~@Z?6x2mTzzN_vG7dcVB%w){o@N_QC%4mU_Cq
zwX0z7&&{n=#`G7bHJS%hxZr`dVJBNVV+N#g){KiL@CA)VT!bnF5gY{cXFd28+M!qK
z#C{OaIo-gZTBeveUZE^-4$Yu(W}O=tuv51z4G+2DIn|MujbR8iv34kK6?p#DF}N0|
zzA@Vk<L*q-OuvS^un}6LdB>08KB`;_DrJI=3d{O>`VYJI50U>nYmYkLmgxWLpZS0P
zkdICOamC5@yZu;sf5HDdLHp7A+QUi>!0t3cAu}Dcq9LoJi+C~yZV^*H-c=(&DZl)*
zs)HmeJt7P4o3gLs)%6z|h%3dXwTaH)Xo`lrI{xFm3K1KG^)sXq0o#ARK0J7d+P{r^
zp7p{oFS3$d0seZ98DN9OXu?uM151a|M1q^7Bqv6bGdBzTd6toqo0XWWn4n6l!R@;p
zSenUnT*QO>^I<u5?J(*~zFw4|MT<ZS(@2`Z(ay`>^A~7Fi<)mt)JOr$@HysxJ&(p{
zQ2??mYIAvfH_<of&L~N7^e}C7Vm3rH3Aig^d6cpUO=*E<d2j3J6&`xQ@A~Iq_t^Ti
zeeh=gm@fzXL5~4@irzGjFyjMFHjVp~o}V@V<6zE64?|_vgKzTSEz0Du=<kBJd4H0O
zi{LFRN&fEL@~<hXA?CL(qGZUC;Kw?y`MSIef>uo08IVh_;y#9pWgNCl`0zEFubL`D
zQY4@>_K#_T6D+P5R?;qb@776Vo?}YTLCcTxiV0-V?}~GeaUZ<qX;dz-3jvm&XO}vv
zPLfj2WE`U@*-|AD#er9YJ&Sq%cqU9Sg#~631_@iC%&3Sfq4pSCY@H6L`MIo96;k&`
zXcKxCD`z#?rwE|wY~4|QW{i2ptPSzdAejFqUk~P+!PvB4F7YefRRFXb`p0%a;~FCt
zEHuqckN7tRDkvN0D+Pl)8f~ZJ*r6E%3@V~xN^<%629XQNx~>9wM1r8<ylBDHoHo=_
znDJIv09i@|9z=z`Xw;8SqW;G^+jNYTnZ(0^x>tF*d+=;)_lSA*V4l)u&ue9qOc3V*
zbf>7^JW1#N@!M;W-Ja@UsTHNjt8b_?qaoh}oiD&6AcedT3VAgh^sMyNZDIZ~8H*~+
zw&yYvs{yz+UFHs#Q;&NUYAr_x8C9zGo;~Al{b8(*F@w-bLyPu-f}q-%odQ))&OFZ-
zD<F-UfWAHHy31<zrWjRMkHfW%qcx)&Lo$nlPUu>czjB(QK-oW^V#t5K(-k>RPC`EJ
zn(DBmrIoG8qZz9S=80&~EJ$Q|I*;D$9>eJrs@BV(^+_xJ<*Q7uzhY-mH%_*3!yvt6
z>xb?S!C5ppL0l63G|w%o6j3xpe9O(nw+!k&SzFUG_4V%C-agpf?QS0{Mx%arTW72~
zGptkA5EABG5cpwtx4U)J#Uo-~E`nbF^$_zFm#OC&hRlWq^2IEofWSkYT?kIvVfH6F
z6PNbJL(^U5SR{ruSQ$_C{=1M~yXnLH^hn;VJT^i}&H!u+L-#J}y;ftrPgWDmOBmC2
z*Mfn7E}`-Be350G1Kxq5PHpS%BVCfb-Pjc?Es)ws=47Dp$~^~>3Cb>_Nhl+;48*-#
zaiDwtY}N2f=C^45hw+h8|GePUD$$<P#J_`gk8*RBVF-`16CY;L0PFLpu-xyz3pr~r
z^Xzy6@d1r*<Up?Ij<9btI+Wk7e<x&jPmN-`lVO}T^6;zmSMiRwnn9t^%y*L<AuQ;;
z<6~!5TC+x_9y#Q(ErN>MLAwvoY7ZEU(YTU7BCje8*Ja;X33In`?>20Mh5*!g9!0gi
z*T?ffrPcQik8oViM{$HW%|l_yh7DCjK!7F0UjUn#t2CbDxpq$AacLPrYE^{&_S~bm
zC3X)FkN&!Uy!DIPugbXtxVVj(tmM$119asue4kyVpeX7&(km>1L=c<EP8&+ZcmhA3
z&W9np<Y=B0z|+-IerA06bW!MiF?M|^Jznm18DsG}P$EltlZu#3Yj+ET!-4Wfeamv@
zFFX6M-yGAu8PCEAOahnSQ=aE|!^hSMUBDS^#{rqf6rM3B5TQ)OyZ}fcP%~tID4W4F
zd2y2z*&04jFuxm9k`n_{#XdWEJ49<m0JZRIy1>?LG!Jn)$XT_W#+Ud+U(~89P-At$
zL0=W=3|la}fm&JRHa4XR_Kc+0sEI42srQ=;fo()b1m@IW-n<O-n;ZnKlO@f@^1VPp
zf&AWcnFSL*tma@k(VGzivFO>I?G1`Vx{N1Pysm59w`!yZg=*rJWG|pf1@Eq)XD=<r
zlx!f3H?lUXM}3nCoOQhTbgj)14tjzq@??IKWb=7zpWZj*$2w~qD|X3GP;kV+XfU8&
z<;D%hpM_O1t5m5wY3xom12sF&QVtW;Yw*$ZYpP8=2LnmCf#7u<IbQ<MelbwO3c5(9
zmegIx9fnL!Y*XbASz-riR8k!#gEMPe=HoqjZ&vFDMtYDH#r4fNXH%DKIIwh*>g$H3
zMzQkQ2=Ci4D3d9I6H>y1mJUkj9x5Or=sFH>vZ`g@5?fLMMWX0h65&&mFcSG)am56D
zBALQMjxw7<C5*MYyY8-^y~CI|9cU>wg#{t4(5zB{lqr=iUh|n}As<_I6>!pbc+&VL
z59e<LRKcHAxc|C@h&L%orzB$tm4Q8%H|9x)1-m|*7M>bQJ+aWo!m$#iBsE^#6WQht
zf?72?pDOHCvK*hBC<Q7hgUq0H&IwdwdD5B8goP?lK*S~)5lJiQJ4LKvV*8_U<CNEV
zzBM0ebd^_J0S-ibjqh1*rWH7~cNuGINY%+|g<9d{)G@EJNLB;Ky(FHj{yua`zS)Z`
z!0~o;PeVose2>$HpBtqK9p;=I7PJfhd6ZLHS4yIW>lO8ZH0NF*0d-3QheMPM8&~1n
zZ#W3}^0xC1=M5Q((4zLGbmO$DEcll&XmOmVFZzj}15^hEfOA&lQf!yk$C6?x={mnh
z&IP;HT2N;c20IqrbX9nIiGiSO!4w$u7?EJbV>iqJ>0to=x`reZ<Vwy~6Y>V##P92S
zdH4yk#;PvOU|~krYkH`PB)4f9W;f8O$IB7)6|9Tf!Md=cDtm4{3@Ek$!8+ci?V(l0
zUcip9w}@N6=@Nk*soASy1UrxOP-L~D+d7hi$I5BHDreP8;z{XxV4B`l!BxU=RM4b#
zcx}drKIut1jSX`p7M<1(*yJ7Xd8iF*X-&Liwn6IFO}!VFg3gAshN^^GKc~XdlFAeA
zb(~Ad)(BmQ1M9G)a>(U2Fpo4jS)t%H@1Oa;a9LXXPd*~nj29`qeb7`6*%VTv_N&zn
zTo<exyC{HI(B!gJi6z?Vw93X<k+g1<5%ET6JiQIPP$x5yU04MeNS#f)J&9C?4*xj4
zAhp8I{?4&J6Zy5bfmO14J{}KVdBLl(jzaVQT5v=%);W@YArz8e9{L>Bg$z<*F~lk6
z>7;8s;K>wtk|RnYqc$xmP_^EGHnw7Nv@EdUsVWFSrQyHTz#?)14fj#V+@kU~Fzm3^
zI%*3rj=0qi;^5RTIO=;8y1YqWFU(h+^wOA1?5af}w1o)<zDd5q|3jOVl*d|uXWcm*
z9Ur_lj4L6fumV8r22)bO;;d8Vm&m#D!RR1y3Rs`(IAHidF42?NVhrsT54%UlTZj6V
z113Z>RxYkeL>A)3bfNohoEikcOz@`7!ZetOKcESfzv{P9{z%OyMjBEF3c}F*hh@yr
zP*mFLblbUyTvfVuY=D{#-J6<5Y1DEY8BSYujKs7b)Bx87clx)Q6*IoD)MH0_FwIKw
z+d`+gW#A-1%W~;`uhvCa`umK=>f42VY_f6$xc6R?_YjojRb4T8ev^*Zt)VGQq**t~
z))2Wehd{Ls5#E{rdK@_~5vv`Xbca2tlBXPMpp{gLh={5e_eVp?QJiT$=MqY_w`(P&
zWS&9G#IlQl{)rOEhOkb|bDR?MHi}2t<l4)5)BR=Vxc6dfXZOuvS0QP>ESGeORMLYB
zAsHK<B-QI{asB}jO8Be%E-MrfRAZRsu`H8fum$Arze8(EqyB@_J-~JPdGuy`yL)u>
zzsu2Krv2w1V*lTH{AlgbpZ=f!rjKX;c~179o%VOp?F~R%!4~Y-E8xNM1nu4AE1bQ%
zQF=B7Vjv}#Gt@u4ezV;=OtNP1Y!dwwGrOD@#dv*X<?`}!dB}z8lL%O91ZDA$lu_A|
z>OhjVdjb7&ElAON(zhyAVTWB~P+&Jt-EhIk7yQ&cJlZ+fpPR?=!=9OU-irBxe!JY6
zud3bKf3r9DXtnLRyo#m6+`JilV>`qcSPxsUCf}B3(gnWt=J>~h!=qqs{%|?ii6_7b
z43kmbKfeZ+W;ytA85r~6MRGQc6G}GwAozJX*p7#B&dwHal1x65@Hn2tsNYX8jAS2;
z1sm_5#CiWIw7(EqTAVp-_Gstj{?;*2!@2oiSJ&2{%sfF8IS}EEKpIGZ+6ZYS2ZZ-p
z?J9YtlzGyEttPT;X672LcBnll$9X&*WUV9}0CJH3qq`0-caDw^|4MhgSP{uh=oIPh
z|Fm;>uy2=WyCv-VVkyxH9poaPT$oO@QEFg13cp$lo^qc9cIs6JF(x!pGKk&gUw68@
z&*xmk=pG&(zS*Da_z(FKcW%vpzSrHGd+0xe|Ia;wo+uv}VFS$BufJ`WLdZEZ(5<1j
z{Xz_k!m?+9=hK?AUJysSaydz$*vT;Kf6Ot)X-anrz^kterhs3-v*Sh~5j?j&bZk*i
zdT<Ev;z{T$L+EB?aXM(K8`j1ApJC+?e#X9(0dP|Y29Qca$^Y4uXVZZ-M)Jl+(2Ul^
zzO(>mvp$O)dJgQta2KT)TUa<`Gbrvie;XGQ-FSw7^{-U2N2orWL^%k72)u;$$NLBS
z-8tDP?u(t>xw%#M*|UQKpjP{H9=aXxA`wy^rXJc!NaHyV>m=*woQHSp>N*FA=R8&M
zPv+(xyDxO3bKiP!emv}MJ)fKV?w(L8kh@0Hk@7<5e+(jRbdA@I!M0-&=TMWKeUR(6
zU(Iz^^^~5)X*_{RW!<$p1k~~3C&<8F_I?b_X<;6kL>9Q?5l`T(Vxuo2de~nJGq560
zC~ZFu4ZUI2wvswq`^$r{vwz%uDIj*Z@P>)$$b9?AiOj!pkIswNJ2vkxVX!Z$f@~AQ
z*5K4^Gj=(ms`Q9I4b4KA$-|76m?TzE6uXY5JX|a)#xRtAX&bvmsmy6<(=e*k%>|N*
zz>ct7KNuc+!`!Ns`a{at!Buq~ZTEY(YJ6dQw>o@tbk}w$<NPfuSyN`r6)Wp8Rjz34
zsyrqPBiFPMrpT0{+pMT~S(;tZ;MHwC4YoO8sM|^N;dzn#t+yUzslHgne|CLs#{Bsp
zloIcAAs`jGMP2JO#?PXz%XWel^^38++FsjKo^l-5wcXa=I`u<P(eJ(zBo%Y?c90wr
zB_aK-dChK(To%!`>kHBU?1fd)SwDMqm91YL0K;z$<J5vCPu=chCm*oX?PkMJaXpy3
zY!xIebJDmP%N_QKdGA1|JgVwvQ=g5h{+L#D)_Q6d6CD^Vs<w?3jp?d=Sb3)jrbNBX
zX=O4-RGy$JyL)}*I>fZ`ct-U)tn$pIm9=C&pxeNyM)E~-1fSjl%IT>1Tu<!_pehL`
z(;45?m)mv)P1WjWrH@S5bW$eD?#4Pz&3Re_X%_uBnX$g8wW!^0BI;B#5LmsIBh-v~
zVebvnLEW%Bkd;HZ;BG9CvK_A{fA+$Btl^_5w&)#sFOElA-|mccv%EGc>tkv|`8J9B
zJ`By4*DjxyjjI<B`mN&*Rkjbu0I5pqr#wzCZb2e*7Yj7s2k20T1^H)TLH?DnApZ<3
z$nS&&)-vRuu?%kYTQ0+U)a8isjum&-qToBu05xT?7xjpBtAn-cF!n6hD2vvgc@6Qn
z3kd!dPbS#k8fm5)phrgGOQmRR0m6Bx1jG6)Qj^6K1!ZuDv!-N2BNl^BFQ{SEwN>_k
zRbl~Y=}aGR>zh^XXF6K1t=w{kN}#W6cS_yTiLi;$cx#ugvW~iqD;*PZO0cVA%W`#e
z{9?tYoC6ct3SY7^@bzTc62MoKX-CL8Pf3O^-s~UyN-}x;%-51(v)$LemJFVDk6&-S
zIqLdqGJ1nm_TKEyeOs~KXJz#WzPmh+BqOc2#3K+!<KZw$W8jqCWv)VLGFzUZwXup)
zy5t#@q>2`hnSC`r_<|R!r_|{|df3w%rlUf4CDe|qRc((d?H4QOaMnIAuCkLfCC^3_
z{PA=;<j9ZtR{^}@218*RU(9u_PC_>NZDGD@TT?9Ozqox$dCwJ;%;DWCR@mdTsph}r
zsNFaXm3xV8eGPpGJ$QcA({Rq`Zv|kvFWPk_k?ynTN#zs2A;*1R5`gMFe%LXc$WKS?
z_Ufx?nOT{$8F@7wM)@WPjz->x#E~E<m3b|I{heLEnn~X>vuU{`C=Hw#^&3Y{YWq@$
zvoyZB#|QhRIdj6WS2p})vxE_zlTaSc{d!O1ljYDjKacLV%26>7SL7QWuwi+h*hrj*
zYG=*xHwBRHc+ScYW_zp>1P6rW^pP+G$49e)c`nFC=bm+(kH%4voFp(O*FtpYP;|+@
z-3l86A^2T=KhW@c0zGFkfOe&3zv|!?rAygz{j)xK*Q@GozyXTj<1g(tay`sI@n&b9
zs$7N{94^B=&ll&sDpTFXfTK6T`SKO0xPiN(yV|Aby2wbEZvK8eIG`X%9`AyW@#?%?
zdb+!_-}TrQf<cVSTIu=m*3K?QReI=kW)$TgOPx^>ndTbp;K>uGe_^R0-RwK%Fg`}9
z81>gJhmXnyc?4d|_$;iv{N^>&-^6_o<0SEoE?PoN27#<X@WNbjQ{-mJwRyssFDQx%
z1zQU8aokT%@lNqV`5rm<!F(J1W0sY#OH8*g5SYX-v{Mmq2;Ne_97%r#4GzmdDnMZP
zrdjGH<`?S#*(C)aUW1pS!sw`s21;3c^?~JI6BzVN3^l6e3+Wz-!?)_y-2jzlUE-Kk
ztvI5BNR)|eED5B8RMFE=Q(+lf8DRBtV>yI++p-+%q^yZ6Z60M~N|^4u?2*SFh9PaJ
zcy9h%L^ECDJs*h+P1G**`3oJ1_=RJwE|kF-5Jv!FcN$^oZK@I_DgH$-q>74pHl6fi
zU3F3A<?T-=6BrD7g7C|s^)j7~^9>5E+L(q`NEgA4+?2%nVmVN514GEx7NG9s=a|PS
zpY$ojz|QldoxgS8Q3O6+4r3QhkXFUPIGR|Qg_B-Cv51+QCGgY6m!yXAKZ-bh)z7`f
z;I>w9%R#V(X^60Bj!wey<RTs{-$NL$G00%f(dzO5Q|SPyKAS{o5f7RH`uyX{;cTD9
zO)?!xuY++s$)Q4af@wN|m%6t|-u2^aZF!hyr^RJ7;T-2to@f08mH=I}`{WEM)<DS+
zu%Q7b13;KRk~;GtH8hBUyh$Kl^@;)@WK&8I30xelS5xd!xF4#(Fc~G%3MEwHv18h`
zoC4d8ubUX=FFD1(F%51!JsBqXImSjFAfuL?ObfI!!pHqM#d<KB70mS&!*l`+bd8`9
zn;tefuvi8_#yGWwOcu3$d7h2j@lZrE;MntX&Js7kL~+z6MVKQvSm87SQTr0@!C-d|
zC<S!BP78PpZ=)0RlkaPENW~%)dxEPmHj6B;@^g$&c7pRRMmhtW>&P0{1bYFeXo@Z)
z0h)!=vF?qRvFP~6Zg6z);`ryS!)~y16udq>_-W^P_jxeCbp*fXo59aJ$3GstImT$!
zhg<u{e+>>^1Y7%m4PF7Wi!<K+<@I6r=qNZi40iTj@9uP;H-nx1?cF!eclKWf&!Fc1
z!Evy=v$t~$V2=-|NddOgg?cXl$X@qw`$u@N^=xN%=lHM9;Kk1IK0<u~V7G$TTZhLx
z+i!Na4q;~;zCJkWLKmI`;QgKb7igZ<-Rtfj!-$||cp7wnf}g?Bj~F`>n^X3q08HDW
z20tF`KJUWAXI<zW3bNeT{$Fu}?r!buHG}6{ds{ENRPO-b98y8);m<#I=@GQJ1^*`@
z8s}#FVE_0Ke&XC59~>U*%0KTMb(_J~;m#3G%!|VVXaFY`>KqUlsJY)|I5_FpbAX{&
z2MXa>Kv*{YdEVUuUh(A-R=1ZDrsAu9$P(EPv;2SUXO{gx+dhAJ8?){IAFZvG?f<`h
z-1*b~|Bv{%_W!)%<OA?sN4Wqzq%2V1t#`g%@2r(w0Jfn{ayFfq(~b-l;e5V#+Yr!V
zw%;d6w&}ipVwvjGp_kX2@AHVhoT1^~N0a_Jjc5M9{%al&FX-4nju06)nwwIG`NUfO
zI?WrI|G)l=4g2?xNEj(5*^rVB;wev-rCHjF(mV-H<EWSd(?C7IGvZ|zBOx_pHj^S$
z=@TyDz@z&(<aJ0Awcr8sg8+Q6cvy<l@Um|Z+v}m}@Affuve$FvaeQV>VzJtN+mIGt
zhv;dif&IL*zt(YKz#|Q!!V<R!l>N;wZWVkC$KTE`rKit#4_<dAEkYa*Q1c~5zcRk{
zpfwx}eVbvdikeJPLg>1ry|-(NE9tD>?rm)!9NntB&v$#z|GN8}`Z~yBj>SvacAXB}
z4ca)Pfhq<lC)8C^0LGjtt^+hr!I0v4@XN{p`otbx!-LVi{{kKX?UhcWK2$VrJ&j*r
z#co70V66xYvVXr2>axyp7?;q;>1uge_Ff$wclTbGp6?uO9UuR-VisX_OHbeI9_+vT
zZ-iouv(+@c-U1c^8A<%H&A&M5rljr?elSiil1Y|QpcBeee1fb!Iy&H7(fu}uM9IiH
z0mu}{W5qdaNNEUtz$IlU$MT*5m>npPjQ*E|TFJ!{-0^QlMWDSF6p6~-<}ldP80A<V
z%d)Shqv6VDUOjMqingsX^ZJ2X28T8`ufENf=C}8}`(o?Ot{%RM@{SXvhl(VKgoq*O
zL9&UOSG~3LRBnG6&}|!J<?KyRFMf{0J0}lZq=!I$QN2N12PSqxj^{)z&y#q9XT>#=
zNqhPW4B(dI{UQT3L?THQnXLqysI{``tdK@N<95>EXE=?r%e+YvYkbuoMjVNqy|@|+
z_ZLDXUecT-C>oPpw^COkAbKUJs7Ix7lf01$Bk6FL$D$ljVf#yHwflVMaBlwoufM`c
z|Ld<FKB;%}B}~*S8vJ^1Zf<`0*I$1?ufUD@Ktr9cc=GG7xGm&4)^v;{RGV(iZLekp
z&g<R)NbbvEICSgF6a4^9Jz%l%F=m^f_z;d$+Q9+rla*;cSs~rl%6xg+RJmXtc+N?T
zy!Z-m<|`GmXo>=2)fB9n*OgmM>&lE-oi(W|x1LkzN1k~zN)JjCnxms*nRY{wqwZ@>
z05taI@i+pW6ocTLvY0>022-Hd{>kO<c74nuJ2byCkLO|yXat1EhQ!F1&A1#i4)o3>
z0u)V)4EH786I?Snn*VivIjq~>4hKNvo13T2Qo<(ncBOJ|aJsF@(c!ox$v6)KX=6MB
znotl;0!oMEVA-MFds~OE6cmYcOdycT$Wv6KB*l~+Z_v(}fg!C`;5E$dFI`+(ZcR;8
z4Sllc&q9vS^g5VR^`+`x#B>j7?pccQBUu4N=}3}-eGgBj!vPN<MsPz(>TFb_cuZEE
z34}(-?M>ncHG?*fBQXvTWs37GC#q_qp8-a6m(P})2nEyR5DA4+c7U`*f_IMaOjnN)
zOu|CdioriV$HU+?$YL-r*L2tnGQ%6f_)UVeQRRtGShG<<CvYm~=6`VC$btdQ_744*
zT)gF;_sSPdFovwfCvdcpHyfp|fwfh)!(vOm!WY-_%bov-cImj7ATQH1IVlF{^-;il
zrp^}T4LHj30-?x5I3o>!v*ZF<;ovOG1~63_3Z*LaCmBb=Ii00vvO^s%hekH1LAfFt
z-k)eJq+G2eC<6B3D}A}HFjprRFV#Vn<RF?1G=p!|t>*RA!b@ivzl<p+UPdDB(v2i6
z#btC&kX{f+iOu!nrq8%Y$PPqVwM(Dx?s9-$A}ARvzY!4r*1S!Vz>K164T^V$t>ZN!
zvl1Q<3{K;-H#@t}ds|06Yz*q25icE9iVb$zuq<t125F9#Zasu)_aszUgI;eC_lGz=
z4LG{vE7S#t6%@BzHW{h1BJoijztY?sNNn*W)yhHgV8sc{P78`S8<FB#O=M2-?J~TE
zL*q<m%3Y)sESi&sY>bqwaAo}BzWCnSDD+Sl@Kzg%BToY(RyHm2WI%a?@EBdzO;8HH
z+9o*VPUy)?R#Vu{Nj$r$*(lF6pI%g8dC(o6uAKGz2&5sAdGcUwxkE=co=cO^0s*J}
z{CP4M#3`wJRO)5%G(;eDir}#hW7Yu@NJJoRZBVNv0SX5b)9X9P$4fNFQN7$3<OGfJ
zfJWnjM0`XoN9*!(|IK!<N7|Ey{<+v*T@983`MI~Ve{hIpo^A$fs~sx)s|nF2fV#Uc
zJhhGVtJjMPxh3lL8jXu27ptL$nk7u~D5zcTy#`dl3QG&Mb=8Xsy~ba5q3;;7=>+fz
zlTkUDa`NCG(~L8U!Lc*a880gtKc-NTB_?AQGdO>NAeK(fzwBbH()oq?;3|NB-FHWG
zb5dshn|wZWPei)5m2(I8@hG|?-*vPvqb<YYD~F*%nkZrx-%aBlLCu_<5r^$e0xSL2
zEyssVmPW=MoO`_bHBF*Og=(b-?Axm1uc;>Wb{T9jo93H+Co94>q9%eDlq`U^qTm!n
zZkf-OBbei_6M<WR!V7qp%Nm~q4mwrkGF||ZHkqb)SBxzX+at-=hS$|nM{pipV16Fp
zJ&-N8jzmNWR1J_yYz4o`35;Nv=`5=UT*a6bo8ZYbO<=&JG<WP|?I>n*Ngm;s)zG6e
zqJXvGRb*w9NA=))0>4M`CbI^;4*fH>qGFpZ7;<zGkeFz+8b#qMJ}tqA6K?ogAx<Qs
z7|`6pOtdC&D|h_b5*(G)D>s3<l|GJvpmgw8Olch9)pTyN?)Ny@2o?$k*TD9(1lh#7
z00D=jm`s8!=7Ds4MGc_Lz48kX|DOi)6)!sY248toN$D&7=^*u`B3$1173HmwwDanW
zp`vGV^_7af^c2d({!5$>-n`6Ka1~qJE=xZ$AQ&tuDD1(i1RiRzib?~%o)vr#6s1BC
zC}KbB){qv|461tD6X${wMm*sZ1EpT7p3FUJckbDAOXdHN-O0xvDxC3eq!5#>BI1-h
zi-L$dixCw_9xqY1Wla?&Yk?1a9$(A@AcCic9wDogqf9!lA*c)*J_NF|k&X}$5dqbB
zX6_jj=tnR#%ywocxQpoiq7jpDeS)eLGLTsefb|LVOyOimKZDb#kL*jrdZ23ZsV;fK
z*_mh+{1rWf>ete=PaUm9E+@@#IM?8$XlSwBI0-lP>oKQYU<+=CN}3E4=tzV5G!vdu
zIY8hGip<Fo%hMJ!lPZl1RthjtMo)U#@GQ#7N5{&i!I@RmY+6WbuRRXQ9uPi<F;$Uz
ze-@xWRy|5YFxFWJnqCe9&caTZFL=)*Iz`ji#!1uJNliXF%w%#9@wm{rH)c%k+;5Vz
zZg)ezz|)Q3(~RMlYMfAcEhK6o@Y9zwL4kW$ywiKRO-^Ha6S|ipD2yw0hvz1TsVJ`d
zAao(2AbLEGfdNemC^Lh<MEEba5jD`$6VtV$H6&1M5cc6)<2*S-CW%cWNh=crAswQ@
z-Gn=Y%vaJs=ND4Vxb7{7LB$!#dIz8fY>sOkkv=`uGcwl!;RqKV{(ciQE+ZHSNAP0H
zv?(4cqA^6jH5gS`F}r(jb}Q!=1kad46ILWzoWvMy2uT>pywa)_H|!46ZF31^$vB0%
zL|Q0fgEUWSNHd8+<41cPc&__dG|8RG299JE)v#zp31Sl~A&E1+CVm&DCXQgKV3Ehz
zUlc$nM(vceT{UYaDpBtAZPyH)8*#;8!2rDgw{qaYFHv1bhZxTG0*<*nnY3os(Y_5F
z&en17W%qdBSW&osFr;M3h65xDDIftb=Sk+D;C0p%@fEQ8RRD#LQ{b?-Ily0`MkE^8
zqvcf|{gf<Wy#7`UWA^}$sAqK}iB8ZwRC3610-qCa9H^5^<>W)m%QMD6UzZ#yFbe`_
z;hq)dkL+44sT5-tCx8Ve5F3D87)Sk&h|mf`STk4|RmFIJ+B)1ie0k%-U4Yy^Ia3xZ
zw;%CDajZET!KB0MU}1TAd4Y^mb(kpukJl!nn6&l{)SV(XBl`|Ju>fVDB6;4I_&R4i
z6$9Nncz)w3M|eLo%8a+xXAg9NK%I`zo}RC>$TA_m3>Lmw!1(BVgJunKK{dWmH#8VQ
z6~Z1JAKo}H<cQV%5>QsmNRE_Jc(&{EFgv9~2*Jo!n@*Z|1gWWzDj0ec;bf=0V$t9t
z$&q%j3W=0^(suCnE#SbrcXcDhF`+wn1(kWRvw!nCF7Qy7&(Nl9p>*$b!zP_@eg_W-
z<EwrMtJOcRT`KBkMfcHwW(IXJ0~lIy^%q!?TS+u$kAv>}unfafp2Q1U?j!a9k<V?f
zdQj5&d$!b+^rCUXwmBl%aheQvebiz+z5sIE+Q#b|dk7wgvJst}f~<WOV;zwV$-Y7p
zjHKX1eJG33r4Sx{aNr)}k%$*2$oc>QzD)JinMjgEhk_GKDRD9_sO(7`{9}r-RmFRp
zkeAegXNbPr9JZJ5&$J;IsjzVcQBe_Wsk)Qc(mo~1i$LaS`Mg$Gf-!9W*xi0*3rnh!
zBk-6B1pYX4_+!agl7-A6dosd|ik~W!KRdl=JI6;m`^OH0W*l@*61keDt3G>`iL-$r
zk|7sg=(;!eTGLR1mz`>4)t8XBx}Hr~^hfE6>@Y#ZotzHwrVaCQ<F=b5xx_DpuEDTS
zplNkhgD1gS=iA4tF2^K8pKCuB9iCJG8L-oS`0c~*)*e4x-MvT2BRE-CgwBG%uLCq5
ziqC{8kZT>aG)yVy>56X(HLX1WaX^m0sHUFNh1SeDUhr1gE9~^%K;1Rcyg^A|_L8%d
zd^R|u7y<SBYwn@!x_7JjX0N+f*XT)drV<t4x^e1n%npg^zb!sq(GW|MxYJW`{r=1Z
zDi9I21GJ2&+9KgHP9_6omte~ymR+*Cazi+D?=2lbAl~iy@wsEstSrbDaQPR6puyf4
zUPjj-wq=u#xuHpyDEk3tjwGGz(D?S9m*DZk7R)?Cz@z@wHVlbTbvqjzue3TYwlW6I
z*~{n_;P<7+q$R*NvSB=^7)_f4UwPHwxv>S{{Q;Y+{TRm?Bx%Kd@_UFgQPsurbKOTY
zWv%Jt46yi`pH}QVfQFvgN9<GP(@bQDFbX`KRrMN8KtLvwAQw*J{&bR~xNDzq1Rb^n
z9cB}lBfKcxAWK<dy2sPW7!4Qr0OG7uEPBQYVwQ@0jxge@^JvP<8t<C25UECna^&i2
zdDIjKx_a2VI<PdH%7wbQw!%u2X)aQYyhd6VMK7HY6say$0BM8hy|--(RsLk%cBWh)
zOj%O8G?}IZD<0UbS5K7+i~aDsuNob}nw<vrcZ4qUN)Zv(nug?_F*%vq@?ASZfTf@T
zp~cUnWOHKKK#}<`X`2v&s6RYAb%sl&6kMf8&truk5#wEvW$11R2evFBkg}sp8+7L}
zI~Yeu0ECNXjRju!GP6JpsIc+K7EdNfPHkRPtP4n!=5d2fPSi`14BkH~Y_V@G3?h4*
zkrCN$f#8%HA>0<$b~*ToXAOtWlZ12KCuL%!CXC<+3uBHaRuE;UOc`iq(0lw}<toF7
z%;e0w$Qi_AxyKQbwk<Q#AUErfuAA^S=Q=I$>K3C9NJ&(l7wBV};$<5fO6qH_ijBlX
z2dPe}Zy^1bdS(`jV;&fLnXwi29sAZGrVDs~wTZ}dsPkyGq;1fRRd?gf>z}rE-*jhm
zMLV;9VINdW+P*;S-+Is9ym*1xQ2wUx7dbIGZxnkk45R54NPYS}?ODGu8{pg=e1|Vz
zSI7P}Numhd68m4qU!5<&yB({cm2@z8dg7C50+PCT<1rts7MPkc*R3RyvIcyaG`G0F
zN!u<AnWe$S>kfv}K|$hy_duI)e)%l9k<83|^`0NRdA8fFcr(Xia0QF4ZFia_i#WNv
z1q;)B3R_MmF(!WuVl_yqfdoy@S{c7JY~8S>QIXCbZEx+XrrBPHh!Ea>k+O>yd)ce?
zV(+-362>v|D_PSIv{eRB<knhaJ`B+c*))J#>Y#Rx6cCnG63h)81E@&Ltr;;_#l@r}
zz^&$#b$C`gVfK{F&CP!^Je{w44P(c*%k76}^R_m?8fGKM@L@US+&gVF^04Uv;CNsq
zYGlR?LTy0oI&6cpq@bA7XK9lS*g49<udAi2K|OHjz!*AEOp0v4?c;5&UVjv$NPhvP
z7gdxkZJ&$wX?SGgsmz*I-ouD&dTA?^E@aYbDO*S(>#JG-Kr|RMBEE->!X>_b^@`-v
z6H}yBS!6UFnj(vpMFz=*DY8-xCA0bxv;trcvWYHU4R)MeN*(pBTxOb%00`!~fj{Nf
z@jn;>HM_Z4+03x8$~>tq65B<p!6bParP!CoeXDhN05}naVdx889sw2eSyV<c+m8Fm
z4#rMyWQD)il|JD%)$!L(m36(bwfLBl4T)Uef^=^~i(GhoD_8^#K2y@`V3JMK0ZU>S
zp@(*lid2G$y6Lzg-BC_XX~=sUYqn){XM2raa6o^I%|1|(i0(|`tm>ok#yX{BQp8Du
z%$(6HHXg-8)}z99=2$M#5KT$>_BA1u1zyZeu8A7r`2s}X069A8KoidgD8zIOgRp!I
zDz>6?5|L$XwP&+_+Up%1bvt6Q%T~Az^DbHY?y+sS7&Ll&y`5j&hf)q;gr?hj3DTDA
zw9pKFQ)_QWC&-`qo<@5|+n9&WkNc_7s*yAYA#|_Ti}Dfd*Fi8azmmKFxxA((A{f+G
zkwzVmK^jULG`U^psRiD93N4@}DWK@Q*JdG5uY^KGk)R`Pe;DN;Ug69MFY}z-Vtxsd
zL6QO2-k(IdSOt<5{xn5}0d2``M4#Uj?hJc_4Zd(1_J$k5r;V8tfot_!aFO8+{t)G9
z7wU8)m@WfEOtcK8mx9ONK6<qF{r3+awpSlL`u5?&<<$)g#0c-P+|aiixx?%^xusA`
zAQ|?mwQ<OyqbQ~)WX2$Yyd~i#=8z3x5aH|&>f#nz;cEYC(-z9HwY9tRavuZP^p3?A
z6nR-mIron#;Dljjq9L5=$k)}GBeM9f>*?~jGEgDmMsdcC7n%5Fxn46GP(B@_D?`rM
z#np19Nw^L~av}}bP$?-%V|a~O@{ov%4-FacAzhaJf%aDxOzVP)@bRwNRELN4CUuT6
zT<;b@a1MW*t4)I_?5xZ2kB0|8ukhEyzbZZlZL?5~MqZWiRX=8IrKHYGeJf8QU_4Lx
z*g`UfEq)k{SMs=kKNMn)xBvFil4vfV9!fkb1K`=U!%<IF>`6`QB6|{_q0NlaMH}$T
z!Lw_nKW|dsIRkYrXBW4uhr$^R+0X__FCKDHjy<E>w<Z@a^@OhKqWmMTjd(|mn#!Y;
zDtW^uJ<ny5m*Xe&dj0Wmn&W@y8%~W|9rPEQR;sbv?1yu7E;oFS6j(oe-2`?94oSd*
zDEJig@hZ82iAT`H?l;Q+3^h%rZpypuJPBHDkJ2SQ7zv2*a}*vNgIWM{cx_@Hl$~7E
zJ)?@>5c1_!@Fq>Jns|nn=e9v^Rq^R*(obL;hqER?Rpz0bG=p~iT;PbM4JjVVsA+~O
z#|eLW@b{j%8&Fp>Y73aP4n6?aJ9D}2*xAqTYssRXwCJxf!RrilQ9l|}02-wzA4dhb
z@Q9Wi2-09m;-S1~k$Hkg20Z0Ct)&87s~E4cpH}^y!>dc1?=D8;G#Y8iS{W~CrRc$t
zcDq!eBg7L@yEA9>mMu19hK~1M?{Dp~&Z+CqkrJpQwoqqq+6J0CR7VThM<jKaSTtne
zQ8d_Wl6=up^qQN*138{h=^KZofD~vYgSu-BHX%TO<04l%pY+k$LQ}xyn5Z!ElDIOt
zvGr2Mfl0xYMj!D!9GCszvK;2O-btr2WDduGneEe3T8266deBUC<D?m*83B+nklp*^
zYcv&}UxAn8g!~JA=EDsv5CavHae&;np^U6!v?6Y`!+=x9$EGm6+N4)>K$iVS-Tv)L
zmuh<n-6W{$8SP>+U#_wywvc>`W-@rubD5GFD85voIuKD(;F<a8v155;q?nlCwXpIN
zppYLhOK~)+x%m?pCXp7C(U`sMsD$GrKO^kV>+ZfEu$|(KBP|=*mgM{xAG-YMnAc&q
ziT!nK>E#VQmqiP!&KPoVx=j~)cke^5wiC9aa9x}7r{4@lXz`A5ILHo)*bx;T9lZ{z
z@_ZP~6W=FnXgt7Bqm36kyWPcbb!Lyf2GIZ?pG(Mf&DHD38@s(l#pW>)5@X($qMpJK
z(={ryu--+fZE=IwZ-AjdM@BjN<Y&1=X+Vd}Nj9Efa8;~Z(~7=J#aI($jMaz}a?KOZ
zxdn7yZw7l&e<5c$!vR?cA}g_w2ZJHbU$`9Xl;T&>E!M|`v(5|Wfqf@JYXuTOc|h!~
z*t&*ck{&{)jDwHCp+6k5z<Vm<L;>XYm{~!tMZ3$^zk>h(=OEuBPWmf*(Z`s!XJagE
zKXH!((!o#wGuht2WqiZ~n%TjSd!u-ALX{Xzwga}zaJ{F3pz*U3LoAc?k!qWIHK69i
z>3_;$7pUX(>bctIJalwRTa-CgG79^sg4nO-Sk_pb!%btwiMPIV!%B?**u+Gzk1h_R
z!j^V=-gk+!-rL&71O6BH<zIK7*ODjhwilH}Eo5z+H+GoxtL#=9Uvz&tKHNHby|vvX
z3-(JkjFhRx^dK!ANFEb~@a5xBh2*CDI5PUdcW1b$A5g|zWHSi~&7cE#t0a{6J`^QX
z$QlJ9>|)Kq$Okwr%op43+fpq27#7Lc#D*$K-b%P0l&y_QqNte+%)#UsapF`^;)z9`
zCvR?|zPbhrI5SCY<N&2$E6qM2hz_KYvEJ!iT*^4$9?NY4pSUh&<yHo;hwv|FvKp*V
zA}k6(z2Y+4dJs(N4cXldYYGaLzC}r$kY%?W-dLEtvTg&Fha_oUZYX;#nM<6aUTl~b
zhkLtSeH|vgl@zBs!E0tK+qt=RB7Y>ndu7?o_hAdmF4&&FFH;amFVxR~zsbkhK(40v
z@<pz;xP7wZlP=T-gsW8W&_B>;LrwWLN02GGrwdg<X%_zr-MdXaJLsJ{^ds!?5a;G}
zyOqI492m1e+;d_pe2u%>fOY8<$c3yJ9FPBH?GMEI4m?=LV)~7gj^^05L)Ny+c!j`$
z%oR_7A^q75QD_dHMm*bQSpV+ey8jD4v*JIa)6iE4|9nIIXZZf@V?X}$<JCuh#((}J
zK5qPHT5$^hy!IG9Bp<D`J1d=UgZ8)U?aun@YB~C|m`K{esuK1wxJ%?`YS|9_tR5I~
zf1c{GyMFL0zUElW!??xTStj(J5(tGJAmh(>(b=CQAgu5DjO^|_qi6v0I>qHY=0ee-
zxg`4u#fUqJaz95UCPQ(=`>kghBDsLoL#xWo>Vw-c{Y$cXP)T+JoP#3`C(G;MWL4=j
zZ8%5AhZ+!{#Pz@`b6NWU_qL9I)DY2>p&lN-y#d;DGx_8OQxA+@-vCYA5gDHNFxEqq
z0@Z1&0}|*^b}@X19WB}d%88+DPp9&t1ozzC(_;@BN4OWKnk&tSty)G1Izd4_{l6G3
z_rDH}xgq}lBRBwj`rlsrGyeY{^0DbZt~e0?&hq0m75g9l|0rlbT7UH2`lIiwssBYX
zDbRXO1iD+3{uz-q;1Qif?la>1F~q;d@{3Wg?~(JvZq=D#J)w<{5AA1}_W<t%yhmsL
zgN(A*_z%aFn9qAkl2PdykH>jPM}q%s<UP0;@i~ZOg>OPA3=fCHiOyPLe$zh(7C9$t
zdv+}wX4yD*F2nY=emUL(G34O&T$}8JIV;vNS$b2pv!8lJCigoH_azL!sehy)<^Qq_
zgrE{80YhDRQ6#z8%R!|u1Qs8ia4`e9T|`2TU=g&A0ayoQYBy-)oIn!aG=m2KD&*z@
za-`>%X%m|aH|Vi6km9dT@E^%Y)(h01Z`{NCYsq%@lMZ>}CuKV-KJE+x>eO%2+57&0
zY|yJ4(w_8?Q+T~Cn;yR7uG&);YzC<rs(J5NJW@(I89Pr*Cr2ePtp}7o!t9)!<J6sv
zHqXW<O5TS0Jw9oQ2}ocVW4AiX-j3MnQ%HqzU#)YGj1?%6+-9)bdaBaOnZ$2S#cVhj
z_qiknR)HT_(ENf|{0QflpgtAufO9_Lt!1#nHWvc4MH%m45`N%xXIxjh!X9;U-zmWk
zF`9)*Y1i15*`X<ZPRZx-rP8PCgpp0U%b}v51f6szANZZ5Vy`C|?777;462{>kd$Dz
z`bpS&I$RzzD9Ruw<35asjd8yjj6>^Pd`VGhHc?H<VSt)gL5i#_lG_4BuAzA#wN#9H
zJ-O>qx0+3Ug*VH=2`7sLG7#zn^UCGjuB+nVs7a-c!d&8Y9ejPV8Sr|-Pu0)+PDgo6
zR0xM9J7mU8<McHZu&^3YvEK0>-Y!>e(Ft12xFqUSkFxY}3y#}<)p3Vc(}WBbgYnG(
zQI>pNZ~*X>x(lcU8<2M*EOwE>ESyT%Bn)!wB;Knkz64zux1~lqFN`sIU4;%*=tzYQ
z=A>~d@Klo{y6Wp%D4Py_#g;aMwT*k$k{HNAD_BF*0(_0ry-A7avWYWlm<tPBt7Rr3
z=U&o!@Y|4SZN+L<(;TyY<#noDQGe}9_11Vb|F2u6iV86G&|R*uh8B)DE$c&XSs&If
z>qETC<HcZ(08c*Hx6C`tT#LdS_8;SGwdvse33cXABrMoAaw9}#0CQG1=yCAG;x+iu
z(vqT=UPGe|O?dF2<>cx`sE&a5#e!J;;R{XtgW#AAh|Zx^$v9nT67M#_NDZU?5eMHm
zZw4@=kWy+6GIHxucKH|`OgCW8{$$v|jgJHnD+y_!u!I4;v^qr=zQqWdL!;_qgv)W>
zdI~IBRItg!@m`NpVVj$M80iWbwE?)}JqMbNFfd3%fYcd>N4@&}N&aF8VdO~Y&Jiu9
z$j>O!hS~z3i&II>w!uiL_b^$<gejwwYv=$rU)X)ODEv!G#;z}?q1Zen#GMb_g;jeE
z8VJoPt*N{oVKE{gv_$vH!{lBgVFt`GW1Ym~I4an->U}Z7tgnF_-_*y+G}T?4Clm$w
zL~Vun(k99Of3Qh3XFnXkE44#l<b<^Kn<TH@Bn;`R?UViP&v)M{)O+p-A(XXSV0_!X
zlV~zYP*K8zbW8m4`^k*)D{m>PsJD_k(0|o_%Dw$03;^X;Mq{s&B)y3TsAA1(**c38
zJl;FvRMb2V{`RR}0&I*c@yKy)Pm>AMBnPcjmeyTOS*Ti=oifZk#ss&sfjR=ELltR!
zxRlskWG?R6GM+Wh?x3MtJv31+&$tkUQPH-(*Uz%`xnY*u&VDBNG8GktJ6ail_0;~h
zC3cBnirXx*w;IV~1yzE6>pB33tK?{MsYwZ({ZGv!h9lX!p%Y$@J9dw`bDg_)j&vE5
z=n~VF3=aS=pli5<oiKDeD812i%o@qP3hjlzpR&myo_y6Eb*m+wy_04xwMO{1!T46Y
zVlscQS7`P&Q)-%<X5Dx`&zSmFyR`q5<Urucd+`3S2b4G(qRECW{#c7OM8#GgE!Aaa
zj#&4!I5aY>dW6n$X5u+v{gCwns1O>8{7JECf*~E-IW(JJEDz&!!>c$k6(?>*d^2$?
z5{t62p$-!4IGVwt2n@Z?K(;{s(>{Xm?R`?ZD8z*)8|D~f=7be(9FK_BCYX-d(eC}P
zs|)4`S6z!!ZW1FJ4~2@-@rPIcOrEJC95^RgajxMzJPAR8xtZ|VlglKU8DLIwhi#Ca
z>k7cW{1B`L>#RR>PIRjX!W`ZNQz14LbOI;9M4!YQN@JqJn=446fdqA(5lRGc0`VSt
zv#^0lV=^5$4Aq&@X(0&>aFQ%wP=0Ai>%dTQ#C1m$YRT7$c{ouIEk&54KLxs)Q$J?X
zo}vF>VmM>iU4|?Gy8~;D$i&|#u9lTp4x)CN>Cm|7GF+^t9hRyq-(OL<4#TF>y-vb1
z7|~7pU}PINfXIk0mH=5l0T{6Ls}8^h%bzyIRs$dwaQ8S=M#6S$GCw!YfKO{+VR)DQ
zuUeV-4_TSbyDm*vFAeQRras8h!S-A5jt-f&n}AOUzPs**?`GJA5BvUIut9H9!h?&O
zP@yO>2t}v*@E1*!x@u;GDB2{R$&U`NSq_3j|2!~7v|JnIVmPtCv%BuxRX8u{-elcJ
zllUJBO#r0E6V<2<;Mu{!Zg*>6LpagZu(Kz+qGHmGiEGdf?%!9_ZvgJ@y!`PP-6k<t
zkp??<z>W=AuePbEq%_2ksZ)DuM&r$kNE?Qu#|1Z)9l6;+u^-Rk_j=vGXvy$o5=S3-
zPPDWO45lODno*(gOV=IJxih5myAA2QdPwJ$L;8%Ki@msBy|cd4Tm7>Ws+&X>0ZJ0U
zs^(a=5~7A>g#VBURftBnII3GWFpx$Y1^cic75*+J1`Pv9^4DRM3(r2tWJy>)E=cJF
zpwXNuSfYaPr)}Ln!TXL3NjvwcEL!3YJ7D+Y1QU1WIq(@Ox@Jf77{rC!R2pvzI;0M=
zP5^#LPw(4_C-8aOQezM_qc%`QI#N>q0yNk@*x%kd)*2L1QShu8Es9lHUGQ0FiyRaD
zy7g3eJxQdY1$c@%ff+R{evhqfyrBfGK&`n^gDKqt%w8TSb18vi-63=G4K=^TWu~I+
zaB!{-Qd39h@Q$G_U_r7xPsE#+>kBJgpm<O*GOZ>jA%P=osb>_OWW)4B;`>XeQZe4v
z4Ux=%=mV^73Y-s@dhj6dS2iUNxzs2)t#10gO#OZeOONqC_qKlNp(oujOmG2wNm&^s
zb0s}h!Rh8LEnmUhudn8lNMj^!{*7$0$XXeJK6u&KMW0$I(Zpso4I2i+Qs~J@Hi3Um
zo&tqPS}moYl?}|9K0Rrrb{Z0Y5=QZeoENE|O9kwEr!?>YHxJUYBB1Fub_8gpf{(cg
z8me^{9?0^7Xpkz|<_sj4_vwNjmhqi!)7`QRlW30AL(<C84AEEx0X_}ddasb$ahev%
zki(m`)&3dAr=)lG?}@i2sH3dDBaTX3?n&iQ=oRX-J`pG}A*(z`;r66SfBI!D2fSI-
zCJl`fMk8ZR(}0$P2L!_8_koR~Xh^?Yp)VEsRze`zJhm0di7_KNL7u2@ek=0<#f_-}
z(U9>l0NT0r{Q0_NSA$bFv?5BSCkPTV0`URs)joRjtgbc&o4TR)-kaUJ+8BrGhT6|}
zeyXdDA*ya_`=EB*7`^I-+OH3OuB(mFt8S?MW`D1)Hb%HgPf9g4=VGznt8O7>t)h=K
z@9;zfM4ZCbvauYNL_RT-%(*6@Tu$BLv%MhsLrOq1q;itCx`=X)d;gxr4a(ddFE|nW
zCb*YJaZd$w5Bi}5lephN%oe`wlc{mI)kwm*268J)FT2NEhcA2hgaScOrdo~@$%+nr
z_Hq1H@?o=5!f2S!5GM5jx;bvZ3Hod=8^jH0pm*?k``~#Oo4_OgV7xUsI|LeNwf~IT
z*TA+*z_#xIY}*C)>W*D|)kK%zougL`yK})0!N(=KN%Eer&l<?9JC3B(_I6F%+ZAoQ
z<9_w*>dxc-sE2Vyunf)&GPHOC^cwe@0QI*9ny$h52gNpcZ?UVKxT}R5pRCGgzy&N$
zgVKKaMry%tR~w%;Xds4*=3qFgKJ6c17=XSuixHmrzv@HA96V5)*LtJsb)Q~ud#^p^
z$>fAgCG98u&~2~wY?%0m1MYFBqDzoqIEIRuVxO$<L}_dYY9i@KCR!31x`UTo1`-h$
zBjE_?s1k8fd`Cfh`S9A^9%lIzvtsv&yWyjrR>hpvi*=TXbaYQ*5Nsyb>#TOcuk0nO
zZEh5aP4eAoB-VU%mR49b_K|OU&>!;DQQ6j0yqQJz4GVav15eP1vOjD+9k-rRKQS{n
z`nS<NDu`ZoNM`Dir<yO1D*=cwHl^TI?2pmaH!P#g;6c!^4H<*qwOu2bK!%}VOn^0M
zwMtf&D7?7<9m7b&WoT<ty0htP{#0x?O(-F(|JR-F?sLU54*)gD)RDHVqh9y6C`bZY
zsZe)?UtR<C4)q1m1aqt2zYkjg#07L?q!`f{P)!aLl|xfPgeSOBk^!RW`$=S!brJ4j
zJghb}n<kjV9WY`zY-9D6pCZ<fzfpD7C!5Nwi)-RHe#X68(qB=UC<BoyrY-yhtH_cv
z5@8g0VACg|$25B6*x?@!UIQQXlcfUkjRIl+)6r`QCX!b-_LoQjL@%6IWrzkKpB#6D
zi26Ve=!qeA_UY&foz8hi8;lhKACoahG_*{V;j}pownH0LZ__nWgqohYC&n|4O!(27
z9X*IN87le?;-)F7B`g2~V)G=r!+gP*DS)@#E2NItA#0{KYF7wp8-)_j-=4f{J-xVF
z+b?$yo^4f4$=OErBr!rb-4T@`itcCJpE$L<;b^h7zG`w}FTXm?9IHtMl1{bgE?5X7
z^Yo=NnxJ)W3P*6)mX2;Who3!7vH|O+D)**}i+{!-N=W!-41)+3rx$X53XWMg`OZg5
z)|3MdHr+j7+k$bK=G`{Q(M`)~PXp1xSN59TWh(Z&KbM-CxgW_u#Jt?D-yI@){-~Tt
z$cEzdgkppu!)X8R*Dd)rA0RKcfw8{R4DP<Lha^l(1=;h?6tv2Qt$K@{io5jl_7JH>
zOy4w%Z|O#wqCUCHkWpPS18P1!X^L9q4p2#rG6U*p$`_7M?ha5%y)pypAh~FY8s;v2
zJ(xYOqm1Vj%H07fsbgk99b;^0R@>YGDyeC1cQBU)wa_`K>xHrntJDoDA#=F9BADG!
zy$Hsb1!Jm)bR!WuIQHp}*wyRXE8+C`9tn9PI6727Aj%z6$_DJ3?^+C*Yvz6<7uDUj
z`{t{BD+r2nJzZL@+8fTQWx^=sxJ(V@V34XyP=p&g3mmvwJ$D7{c8`t^clKZ2vSDrF
zaKbkRcWP5>7Jt*`s=i61`6%pi9#&q}A-d7w0Sqd8&N3>JQN_M>Ri{2>vu6Y`Px;#A
zD(7_G8(3I5rrYB*-y43NW7Ro>_`Zj<ovjl*uKKKosyQj0^Nr+3(HNfGVH5oK-fMd#
zS|b*qQ=W7=zpLof{YyOseC5tgl`5+=JJy0xSWPrg5iU*i&M2ZfT3>s?YX^m{s#bHR
zmeGmaX1Ke@RqUMCX~+JJR?Ow>{=FlpWJvuHC>yc=+j@W8J#x1rc2=J+z`@}~n4?a<
zd*ANfBVhIK!UtF#J}GtBm)~7oiN_Dzc1WK-b8wil>`v4#<-6G2C4#O34yWKm%z~BH
z37Pg2%ezDeMX|Lf=vRcL>otAl1DyOG0h)4s#7R`0tUA<RZy&<>>YuAd#ca<We$LRf
zThztcnxlv&g{!vaBt9{RzIUBU%WGu1vh8;SEuAqsX6|I23>xochzq2dL|YtmFNp>e
z_ff5hcUF@pw|e)~T@IrI^f-kIHEA6(`GYcygi}rQu{1VP<<?Ehr@9@uwX=ISMExTW
z(9(=}J3(o)LE1V#>>gKeomEI{*SIy_BEJ?Ttgc=U#?yjB0bufRyp`oV>vmeNERB6M
z*@n71>1h@$_7jB}w4vEcTGeErK8j%!*XfmuCoIMz?ovPmz6+@;GL|xpezJrHKUB_Z
zRqX(_|F6Js=r1a+NfSiYKrebK$Z_DQ)U7oYJXZy*js{DZ<$yaxuUgzs4+dSxz|h&7
zlS(Y%&nJR$8#pg$>_m4vKptcQDbc$(4DTFJu$l&}*SJ#OZyNMgCB@1R<6rhm$n4>*
zb0r|Qf$ADd-Cr$_TTe&Pm4C5d_r&ZE_g>8FFW{-7u+&FHMTzx~fi1GU@Vm-Hs-?&-
z&7#3?udqX?Z$WnNMr-}n{%@p{KsnwV?teLzY<Xw-tR3d<u3Bm-=1@TOvfNNTuQ#oh
zIfpIV%S(zA?h}N`G{rl+;5~-rUhq7N?YT@dZSHH8vD}lc<9uB&8s%H&Q@wP8(~RAC
zh|an_t|(*Ot}Qln+!!^BK!?Qwf|)f3N;S&Yp~s7ZL-aGZ@xxL|<wZQU)Kbw>C)}ti
zmkh3WDUE@cs)BLG0Sdc}Cux5oX#sr7Z9(H`R(7*(pO-eCJF5ae_`&uXfetkpPFbbk
zf7b1aRHump^3L0tf-_-^39jSdhpU}Iz+8Mfri)^_)W;kgG$YH)%k{M}D2S;KMe)u#
zzOw7vm2a=`03>*Q*nM5EEW<#&L<cr%3XIj7;bPSm5_Cd5s;3S{Pl(0&x}EY9sl-dx
z5IM|%GL6JuvO?e8RIVkkN|OL*H6=-)Aj6bt*$QZ`)0W!0C1XOTn;Z+i5RTrdS)Q=F
zHiuI}t#$6!8qNHy#%366T02?3Q#TwP=GRdx9am5zW(xZ!gg3y7tXUotbl#R?JqW|p
zKf$Ow9?kMgv}NgPOLzy8rt(l%dO|@0p<^A4(SsSp$xMmOL10HZOoF8iG;w*b5nC5f
z)m+t~LUTfDK{G8TQ!mbsqg_{qDy8is&e#2u(6USCV-GElekc(ndw$U4qJI)95BrN)
z=ef6&d70`r=q~CB>E|jlj=IOYJ4YpLZu(i;T;)(>sW&B(ihDjOClUJqNy+IiFM4=s
zs$(%tB2Q0p!=it3+UZL>eH%6zeA&@Ud{bK!D#pG1w8Fu-m*Qxpzlj1+s~s-xzCe4d
zquy&wuDtu^=to39-zNiWJjKv0C>=zTNpu|wU5^JjGx+31;UO2@l}ut?Nusfk50ggl
z7MorH^^7oAQQyHZHi?7Deu@%UO1>6W1L`Q^$TqO`(~S~tbF3H@^#*TJOfLYQ9~|a3
z0c7rQ_pp0#)b+SAi?hCyEds)Nb6C>+Vo*W@M4L^f{h^EKz}q*250-}1m?w_4amAHu
zT>*9Q6mLC+FS+%&FM)(!phdxMpWDO%Q6pswlN29;n2EqP+{OK{2@Ct-2~>nXOG{0n
z2kt71g_h=^$9=^uD;p-4E0os6Zsfze8aon%^UhxQ(lu)>4{v&ahH;*_T+uvD)hQex
z^iauEu+f~(IB=?Nx&VK*1*&L4`!-&FxwXbmTZhn}8^lXb6AT3`w5rlHd5CCJH?5p$
zY2^&U7sSL%{b&-6@+#%Cr-7@yAg_q5=Utpy)|{Vl<g(D~P#sImb}8v65Aj*6^dWc>
zoDk}lksjZrp@)**bpo{U!6?CCo>F{LgG!Y+?${SbGiu*N_H+P=e|Pxn|KERR#()1B
z$v^(%#{3_h&gxnz{(Jk+{2zbF$BX}dPVwI#aqf@R?^ZgUp#9zYqlfDczh?Azow?v*
zWGDTgU-xDPX0HsoUPwT61<3L>#=IC})suzl91v?7ayf4d?dabWD=-X08<vXnO)0HP
zpg1rELi*JqmCmQppemk2CqguyoK~Bb6-3r<W*thnteUo?Yv3ymm2P5t&=5d2%R1x`
zMS;g(yxHFlzC2XVMisO#h$&*j`~1lBmA$$-oV#7^3xna_sA#l5CMIZg4?Zi>=vVE*
z?R>AQ>)t*x#fFuH<j>E)?NfjL|1-(HQUaJ8&i}Rc+Nyv4cOHNH=lTCfeC+d|R-Chc
zwS@zCyt29mU)S4@);kp(Kop$CX*{7&V`y%`iK6*x<234jPBNHsmKW&O-P62~mfg?8
zGK&3NDpi?Ta2kl8kkjOEAdiE9*ZAAcL9qBwi6qY<I`9ulHa59~bN-*Lr@Q#r4!wvW
zG*r=PI?PbSB<TrXa2<3=X73aDfyrE(!2^BCj`gfsB-m0-2^|3(2ql@{wBs*!5B`RQ
z0UX6p#P=c|!y}YDRj;Hxc9ncP78_UqBuzJj*x#TF*~jP{bDui%f!*O&EcK^c*zx=|
z{z;4r^hl{-+&+2&CjwKZ0cH*O)_)*@b1(<V2AR2#&N#6w2C(;>l)wZ+D2)*dd9juL
z)}tFQ@BHGCl4`JbNQ)HkS~dCTTg1iUQRC91GDGH=i=l{5U*stz>fNM#z1H%qTI*tB
zyu$cfU-qH45eQC?iY<dfomk7LMsm_rxGm}gaU0ai1$k=)Ab0VicAZmYxWT`4T&Yo#
zQ>JfRO?}6QvA`NBdbHx?;2m!otkZXfGD_0r;3O_C;}~Gkr3=lXsxFanXeW&^aXNRG
z%Ct6B?`g7^^v@GAKBC<ko&-zkv8iEU(JHOZmoJW4CFr_DcXh%I`M9_zVTl$w_>j9;
zd<F58wl#+*BKl$NM-0kDy0D%7XK!A-=pKfoWpf_!umwdB05_=u0jU&3)@+#e5XTX1
z|J~=>pP$=(X7hhvM*(yb|F_yH^MBv|ng8z(`S|=FXMgP|{_oLB``e)X{rbc2fdwq{
zf6r*g!-33<-<|WmB5QZ<a(b0HU&}n4;Sb@YnQOG#;oRIDMei8kp(2bZwuYJ#Y>e%C
zgTEyip66DoPt6eY!#TWdXux;&rfN)6bXbcinI0VW<nn4N{_`v@`gq=<g6E$hoGq<Z
z_;eKxD~FK^nUi93Bh3tjrJgCuj>OuJ#HYx-^<7bSptq{3H7L!?xU?J9Vf0r~>;I3v
zZ|`dxNf!Ov{uI5smx%?k$L5jTg(x`=m<hWCaxs~i9Kw&4Wf?S)C68r;**)2BbHC>O
z-FkGlS`R}q$uN8FqL~=G)m>fvs;aK8u9C8bBg|wLBteiXz>}~jXRQFp&Sy2)Mn!hw
zN@dvS;k%GKF5*C8+)T(>i(-j$sXzq_W4?%bHOTblLb~<14*VJ0(c~Lf?jDBV&_LPb
z1*xI~xtV!%M$@2xj9t3}&vssk_canimB!{v<=xL#G#PTSS#PEIxhkaixhhQYbEih)
zB4i??usD+tOA5cLeaTL}AU%t>)9@Ob_!jSLR7+rWgG&6vTz5=e7=v_%dy#oexUsWW
zW1~0Op{)LVO0fkdNg7I%b>&e~dlky{EiP^D1lkvHh2C&TrM-w!v!ZISWWGZV!;M-y
zJThd6WP$W)r%DT4*wa2L<NjTr<?`QfKAwCV1>imM-_!PH>HKeVv-2qbJ;Y<me>~zO
z0Cu)y0O<AaJ5MP9^adUQMpvUu_#>k~yd05?Cm~*pKqBN{&Et=sDF@~PJ_C=;tNjq0
zFW3839uQV(`Q|Y-7mF9<FrfRI!mg4g2Y>!F4blDD4gG;MgH+dvs-o(0qQ9dbGnCBs
zpb~;)$Yz-KCKxvcPVA5rv1ivX?G@?w22LZkR~sZdz?)pDAH8W~f!Re(0r_s>bO=f^
zYAmQg&Kqt9mw8l?&9W4uv0N1Z06G9w1$)XLo9luUq60ij<t4mjO=Om>u?pY0gKT>5
z3}pLQ<(1cCDga~$Qbc(dSSiZk;<f@g;<F2vR5dnUbuhbTrwZIbOj5mAR6x78@R5vE
zk=;}HO<;ax*|IPUbgFjWXs9N{1iNbfRMyBLgz_<lVA(DiZWv~zNR}ajQk#?H;2Su)
zq^nd-);OR_h+}OR^JkHT);cU7sg*dJdSQh6zb88QPZ_Q;jWuqLS?#C%>e@xWp(9!-
zM%Ry;FEBd0Gh*vh`Yu<F;XAQ<4ehJYdfc02PPr<w2(_wrCxzbKshHbX!i#5V308Sr
z@WPA}yAtD%JEgfGeT<`f@#pAh95$NuQml?uk+|OhjE`sGx#~??Val9A_Hy10N<udc
zNOhQx(owHv9z@C!HtIDEUOI4*@GDEnz#d#kuC)06V$vT97nAec2<}oYs&3iUYlfj_
z+m_<9@5LB$>B^hHrV1xvR`L_gYCQy#&l-aKlo_GjY<N!dE}2jLr3-cswtttOJu7w)
zElH+<^{6;i5>bq#9mb<Xkw?7*)C);GVDbYzIRoy32fJf$nts6yG=>JN<?_%EE%+OI
zV{>UExO^VER6p_W%mX_XmE+T$xX&jtQo?7CU52+Rivzf1*nTT*P^4W}*3k3Ab;%c}
z*%~6v+@Nd<<@yDNl_}t`{LV{fmG5blj@W3sDplIlmS2VG1&o3>y)3^nuLm1%6-Cy+
z6%jNNdH#=<_48{!AFY-LuFilk>|VU?b@zHF7!l%}1-Ew>S6u8$)xvz_$|>YmwX#Hv
z!eQQf17ADU!Y&EAD8|Yi^}7oy(lA9wH3PC4VM>yYAwxQu2x&|U+|TbJ)~!SLkp8lC
z<=)T_Ea*xJbgxB)T_uI$ZxYJdvemNlzSEtZktc^Vfc!=t=&0h@BY*T3<?;C)pXK}i
zx#vHK{Z9wB{#&K<AISc=|9^nT-2c;v)AoOBQ*QrJ10Xujwl|(_cRKm)KkfFJ8UhbR
zWk5>$Q535w?#l??q&vck(nLg|wAY}w_Lu4hg6T9)P(6@S8HDAeC>#{i$_7Qy&d*aU
z7zy5dL9ng6?UU(F=zT^<l{$)KLS0kRTrm2}R2MpA!O8ItN8LBQ8lvu7B-Bcg7r0h(
z30z#n(oKdeQ#*cl`u5#vt)|KftCh@WmRS^jqj?REq|}aQaV23y0X5(+EJEi;n6CF3
zxe;N^-I2M8S1!#>Ol)F8rxZX7<O6}i>vT*ZJ<Nh61soH?XXoxe1UFB7+F8~h)gQTN
z*$8D-W^)-D0q}e>bN|fp*yZ@zRefv1D2_)?&KUtaj~XVdage6oWk6!VXadt=Hfq33
zhb7@yE9tgaNk7DvqiS?icHrf~BAhjPKOdZ4>~{|i-<|ZzVij+Ea`oL@d9$UJ$&J!V
zDk`eRk`DKfg9os5C!LnA{h8>@5%s05M=iywOmN*N%_q1&t-=zIW_&;jBv1^}M&g^r
zSL6G_TH0Ntx%k39F66EYi`sxi#2Hteo{KY_FjzD_ZviC8)xGw@i0r&&CJcwX&F_S0
zs$(>$(uc|fQoC5cjpSQgb2>5M38ki}B*3cOhYbr~lTUz#S`A?;K0y0EShj{TQ5C};
zE1-y5`c*1lEm?~?-?hqjmE4HyV4CvjS2<%-1573yRS@++vOloH>v|zMycF-4MvAH(
z^c$&NYsmPoutT}Vog1pM+IEhB4HLY!PijH<;yZG}QHk?xpDi`IvK=H&<2<Bn?ejmm
zGH#bx)hTT|TmLdK+i7-ir-}8MJ7t>K64gJ^#LgKr$R61dAA?|$nK^0|h4vQ#ZMT|D
z%U)8Pf)uFYq}N$n;~SS)ShmoHMEP|mSIehTO-n1nIMy^{@5VIJ0El^T-nBK!S<3kn
zoxi}BWNReVrjCS`o$IE_7h1o$suEzRnB=H6f_1>$<lE{1XpTN>q`M5W-Ks9O)2!;8
ziAFYCO0tQH8Mez!Om(Rxt4xB(IAo^`<T?XlE<x45#^_?XT8;C<b~Z+DWRhNTZtfj9
zHKn2j>j_=#W*;YhLyi{(@RUun<;2dll%O=5;kn|g8k(AVTu4$>AWT9MUL2j1-eIrX
z?>Q{4y?uXz@prW;v|65o6$Vhws6_wW?ryK&m&nWgZD`UA^oxc&^v0nR+M;2E?tvF;
z=$V7Aq-W$Kx2p#kcmO~O8-LR4Ypw-|Q7~^=dsZKZ9?f*-tlDE&SxRf*s_XNz5UXl~
z*<_XlZj=FLNA?c6TDpKAGGnGxid0ZXR3XqsG0SaOA`|~?OO-HnI6T89zPr8}vx^_8
zM|a6`1^{ZSnThY1igZ=I)U~_ZEYyaUi^dK&*DN$~V_7xLpGrj|uY9Rtb&Y}K2&3{P
zR)2=>0?ystlV10<chP;dXk?xeoVF9*nR&M%J#InHj?>ZhuXkl<2W(WJO$FrWj|zug
zIOeR^sZ<`Zl4w#mBjVIK&9HYz@A|zx9&cGkV?+=e6Fw#BIF0>-!``YrxBmn)k(MpK
zKxQR{Fgp6|Q`jlV`iM)hc5RjU;tpAp7-&y0e-3Lx$b<$&2+gW<Nj8?4CBP=8sJ=pL
zC+bpFD;^h>YnQ3ln3_|o?HH^Y9or!E+)aLj1vHywYipJy94eRZtk5>qDk_7EEZUSw
zl`!W@Zjh;GC81PQ2@pBFh!SszB>)dq&?X^)(c!Mp*H1CzF;l9Mt0;?XfNY*5w>B#s
ziC8v9j!b>gQP~tFX7p+F#h#nzg@`%uX-GoVG8&Z0*N$~FurzVqQ@Q1C!NQzY)vXk*
z2gSxZJgJ>MM{_G(CU*k{>lpEFVb9KLq2d`9Bld-2=AaZSPubZpKco-?FgNcI?+S<f
zxh0UQIps<*kzin9tc{qA8}1OaHCIhMOn#op6jq#=Q%qcj*RtCVk^YeZUqcPoq3UBf
zNpY7I#L4{f3NJGx(_5OIWXM1u(iSZgxk~8QwJTSLoO&1jM0%Q{W$JvF-aqfC82g+t
zsENr(A2q`NUp;r|f8%du0d|l67v2@^|DU$okM{o$^5pctv0(xBw0*w?7_zo+W&u{A
zr;UG`4H#{j3OdtosHwe2CtGoo^j-rqGJ?iykkWR0RSdM0!+Z<H2DB$Tgf7?iWZ?**
z(mCeo$-DmP#jAs(?#V%~uY2rZzu`NnUH>1n#VDlKYUE1JX8)RvK4#3R<D^$fRV9q5
zBl4=kTg6F_FDCQ!Y9#qdAC14H=8Qa#7Y|M?2eL?|;jLsmdl%&GlMCZe_fAgw?~hKq
zKa-3q4V1IV0BE5VRNql{P<9Q|_;?pnGdntMMaMaAK{D<`^MMIopc2}~R64)z+d24X
zh17QzkTt6<Z*W)0&)b<IN(D6Yot)vE@8~K^J(jNd_te!^^w?$pDUI#0GY|GfV+y?9
z5!O5o78Ae<Iv)DZ%BfsYz|k!?D>tm{P+BoMB9jRgRglo$pah5v@5*ox$;ETTao`Q<
z%J`-9Oj=cgVSR^iq@_@)F4IWw^HA5;84QcXp(5D)b?*$S>Tt53!@V+DN~(IKawyx~
z^QuYR{QV7{@bHlhpfD$Lnk7rXdMA&Ta8#P};EuOe%e<qPZR<+LmNfoon~|S<YHOtj
zFm~1Wk|t$|3V?8li%I}f2N0|NQ!7Oo<;7K|c)95+al+Etb|H^-W@%HjyW?gmlaqVe
zs%)!@E&jNqxol)-wDco2v&y!}^q{6J^6oUEsy5&whbpc?wRTMFy=7*5kWw=dNS0aG
zX;VH~LfP>-MveCx^kt5Pxtv_G%S&pTJ}Aj{eCsiHF$0i`vj`xw>_dvuk@UougKgz9
zD`URm$d(jRa%3}|R8A#THL^+tB^Ui&S#mSDpP2=g&%-b$8%6!bDXWbAmb4Eo|FXvE
z%vFoD+HBCSu9a={mQ;F}_&`0)dS&)Iy0&aRct=O`%Be1un@BsQY|`v7-=abuGCR!Y
zsGL;Fa&Q^dki^R92wmcio-phY@0n|6&O)<)BT>cKwnQu4m)86_y|iL%RoZD)Ak$Ch
zab%rOW)Ug1BRXM{O>k+}Se}M?v&YhVw0d+6fl#GNtH<&yZS`1wmD8B#-)a`y#~!E`
zc#)CFD_tfaF+)wJjK=Ph{iLm_+mO{jx^v0dNv2?~pd-=%uv*Tmw4S6l>1Wwh=H-<_
z3Dq3*$}yfat}1e{u!>D%sFrDqS=wf5+e<ka2_4>n6%8<XXXO|hE4mb0+*(mj=&lic
zDbuYI&2XRm#}hg>l)qduJm|ORCw|beh(3dp*^sC84}Li6p1wQjowd)6GS(oBz3Hvs
z-IAqcL=z?st~C4XxBk=pPx?D>rNbU$K)>r7qHS&+f7f@a&U{{4cGkOM?0pPmr(=(*
zi@|Dm*&)iRxXMI%IuMc`R>+DrYo=lixkQ@}Vy@QQC2!&7>ebqsywF2a<42qq$43=!
z_K#2AbWigyRvAhAyTwjTpGb#Z9HZ$3ioHf&gL&;#y<kzl`dvY;EoaEKABFdghWW1D
z+9G=dc@rkhMO49!5DXQWHvRsp)_e7T-@paPJ@-F5TTj<Z`oGSj{_jDa3jH6u0NHG_
z3y@9+{uiCi?e@lYXXBge|D+=jsp`8bDgUnSzul>{Y~M?S67uN*NbHEwG#O`l&AjV?
zZ^t`!sBVLh-d*u>63c)Hl~N<BAbs<z2boe)8p)EIb9`UKhf<ffj0=@6#9-oR9--$^
zrOv}ZDj>hgu1H2g@<u*0Yc@GNIQ)-u3&@jU!75BvQLD8VTb(a}hhEx~(J1sW1`ylV
zlwdQn0nh}Oym|n{C9sQyGx4TY>#YBadRSOW|K$LGi#qPJ|KBS6f7;w?Khpn)cntb4
zN1QJJY<cqdXY2b7ApaZN8}04(R-XLxBG*>jUwY)@<FUvRqy8^4)~`D6`2rjJDsy^l
znUbSx8AZ!-^wj}CtwFM6#eu+&#|L|j2_7?;m%eRCDx3gNZPk~xXDRQ|43?9+@(T1U
zr42W$rty~WEW2e5FDCOD7HB-Np4_Qnq_{_JDm9BriRkB*hyY|;8|HoZ@WFx&nkXpo
zo_zR_&-9@(lb6fnRpuGw@(e2TjB<HKm3iV^p13m4G?!;unP-;EGpo#Voy&8b&!d!-
zbmA7KY_*ejFJ}83*$p-@YUt4Br&goAA*O2JEA5TB<&=tN8qWOKf2x>nN&!*HqC;cS
zRVtt>E{fCnM&X*c!Z;42ydJjd*0{{9?~IF=!h+paV2N#EQT+5}Fto~9g1|&hyV!qo
z>gem_ONwi~v$+m)m&tPl^-wOmI<8v%Qef}6D?`iC{bT?t9mU9T83u(hF$TlffUc4f
z$d$(@JG?ia_?fc+nM~`ROeo<ku6&A`#N%av6QL^&8Ho%W(}i6abR(7#TS$^Yl`CWX
zbdAJ;TL`PhgryKpjdCtrGm4Z-PP6nh_X2fzNc8Y;W8_SDrt9S}TN%QVgk%}ckB#Kw
z-~}1tbEdPE;W=i)bXb@&=C^#;JpUkVytV0Z^Uo<|pL=gFk_p}1I7`lR$1H%*@#GB-
zSJ6>I*nPE2XD1mvm;)++7orDcU&*3>a*rq7>E%&|tH9g`{l8*x*_Wcx>@*LK_If|#
zZ*(F!$ivyaAC6yu;}aYe!n#1n0Qtps6{0Rz@K@Vt6;<Im0D7<}cB_6nSS+h4HLFUX
zg0~lcdGprJbz6D|<g^U>lQBX`epmqd;c<8Gulb?*FxwGGtMgQGv=nP2me{tL*f$e%
z&{tB+VO6%F;>XGPQaM^NmGy&j92_(&y`%ac4v$}z>o-zM2&Cqj<6v=a-v$1(`|7Y)
zfPT224HZu+3>tY~FJ?1tM}~eXSJ<zru)DXHN8sJ7-0wH<^3C5n_%ZkU?eR~!-@X5x
z`+0bp|JlnoZa}eNWHadvO{3DR;l!+zy{rQUc5xEx0nXNI3823mpuZg8vVMl8m20$$
zxmrl0fWW0WG)shBjcY(?*O$&76?(8d2`83A5;2{E-Z=wR<W4;#zUvyaoS*?NBzF_j
zS_7QUCAeIlsH|mLr%#Pb)I*nzrDd^kQKa7|iGP9DIbK@Uwv}4hJAAcpC`$!nm)iQJ
zti2%In}@=Ds*q;q5UD<dNGT#}cJz=|pF5<k)fn(;gKZo)V6u^#wR|NN&sWmzm7%jT
zd?6YuXrH4+g_YESPL;key%~(G&6o9R1wSM>YA-FcJ%*lAel%bXIrUn>VM&FLl6tM*
zFeDk<^xCxAukhN$lZ$3m#weg6beJb`PNQTdze<9Ozbr;5b9Z7M^}V##0DB9^)y!in
z1kHm#+vzKBDg``5l=xmGt5&uN@~7$<zUySPTb?;fsAO1Te4pg4W6Gj^(ZAF(k5URt
zg;t6KZj<1+GQlgUPHcAW(v4(MAPc2DR-|BIUVJl_S*a<9*lVBDj?6oef=eC#ZJGiD
z!+(c7&!OUMm6mM`XsVWN3f4M>bh0DhKB{j0J1G-<M*9s9M+$e9baxlXQ+926AkW$P
zIPr_R2q2sNVpt#8x`|oamikQ6D&mS(;+elmOzEIJ+cu4KgQz^ASy&OHY(~ntWu)l-
z9!Z;yD#MCA_S&@<E4BaoU5%*J{{ms3egEz1KrQdHt*vF}fA|#izndHA|8?uzp|Je<
zH`o6zAOFC=N?MTi^>y5H{@d=9_5aVdHXil=5Aigc0tXszF^@5d4vJv<;(J=JBMAfw
z=uk|;7LfNCuesS`m`G032=Q7RQu#VCwEuSW@8A7dzW$?d6g<fK-|BQq{=c6+eO&(!
z^1%9616_yj$uztSG1|c3R_vjF?^j8LHwc2Mc)q8<{|6d;;O*_}paoxFV2}g6VKPhb
zysjA`q;WC~M<FMoKalQG|3J)w>6pL=sqak!kp{ocgV+z!suDzcKybq-3(1HBk=5%Y
z*YkaOH%!<eV!hryJovHaTK~tY?e)5QuJwN{m2|9<nifzq<;-yyMBZ(~Mtgvx<I~=@
z=)dou_TDu2dT)D2d%dGmM|i_uU~Zt>$2dSAJl^!S&Q1tIx8rnh<^mN&OS3xpvSGwR
zH%VJQSwh-t9Y(s5B|Q&qRS5rO2z5_Ry6@Nb8aK`rZrB;vOt|77H!h^PSD$3%w@~>N
zkzaUbXSe5=hgClKdI7I*)N9Ugwm5g&tQ#R*`BS-~U_35%dxwX828CmRca_B;oX)Or
zG(2I!<evnVxCv)hVNA9Yeh@{#DW=|S)(Qr*old-)xIsmnC>YJ0Su(LT{%wcew62;R
zg(zdLUfg6a(9uOSIzvAk&=7>Rw!jus#<Sa1Szv9k);TXUk=ljP@8*o}ZkNKuO{U3k
z?gx}aaYZPCCHYn<wIjGrqU)f6*|I^o9e12t=XL_0p^MmILjY_*lfNAP;;1im6*%uU
z6fZ<uHHRTA0K&pq0EC5vaHAmHC<r%{pJ6O=Fcg$@jzRLMdjKUEW%v+lW<ufT1m8;#
z=EGSE0Pf8{DONejS2>YYN&wi0JQvX$L<5j_-F2HrL|1rj3*2z=%ME_np|rMyV)h)s
zkzXgBHB4xBj2R$u;{<u-SIT?KdCgg(yk=bmJg0Hmr~Whu%CllP^==y3e1MX!Wg!Ld
ze1ATkM`%C{rKbVSvr!cKAA_l}dU=M(;Z$pu2R$2OgbM#!tp@am?jSrhz+NHRMm>YH
z&Ca!3m$b;ymP}`NAdqhBCezLv)n~~xYa=x=PlbHwy#jgiTeQUC1@{U6q!+wqvN!yj
zUSY>&FYs4JhkS(=Vn(Yvg&7`lC~WK`<OoQ81QQqNhd}~xp}^~2_v92wm*}u}7WoPP
z?T8z91E}W)?B;(sJlN}<P`<X2uU*X7`}ytR@m^16G=S;sZIyi!vhN@CU+cVC&bG|0
zzI9XzmfezNU%fj$?Vao&zSr2d9ka@|0m{Hur72Kbf{8XxUh-Zsg>eQsJ{#4;gZ-Ww
zI~@6GK$G+);mMw690$Z4Ac%lZ#YDh0TzZ*<m?q<Z<OxoNA%Zo9tkR&eDKc}w%t3r(
z3?UqaXii6r{<cXjE}*!?MDh|IJZH<<v`g>gfH~`1z?I9dae$mnr?akbMTRhsXJN#8
zf89JN;&${>u|BldpPjA$#j<NqhNKri3h+V%Qw2qwHLFs!8cYLz+U7ea>p}U=k#CsV
z8x_Ac>b=5V_2<(xndWNJgh&@XgsvA&qqBwOU@fF&rHt6fON_#x4p-pEi*+0!8V%|Z
zO-h<gDJRtsmpEau$)ub#u{PVzI&}OWEy_MVzu{TF{~LvaZ?pZo*Z#k=QS$%%wEgJ+
z`9U67*D%mY46;j@`MM`Y>wErHK#b)&n4-6=fUKo4s9m{8#%thR1IS+O$UOoog9dN$
z^L3&w^;%6uf37R5Hg#nU3pG3T8h-&=T{ERK8E4*$nv?kyHk*MUO}#`>S4}?~BPc8-
z7Z<iOx(byG&u42g$F1vwSXC!a7-+_Is}QZ-x+Bh5!yN7{8sY&q8spnMhR9S<GMj}!
ztHW7_6RxF3>WrvI+8Jiqo=~M-LyfWiH8XNFeQ8w&fMVy`nK?&NjEm9d(-}zNAR(=9
z5}8I}DS=i@xsOr@H=GehGT;R*e*PJX&5~FKTe0g5+OixghJREF{$fkuPXNDDU>?*C
zYZBpUt^=U#I()dY$MGj;poF2!@kdYY$LHSX4*Kum&LH%nujT^x(f^HhQUCX>-QIen
z{}1sX!O-M0O49i>AXn64lH3H-(LCav#njVrNJrr!7&a#f-3pqZoCySn?gS}7nUC{v
z7+=<Lcass{OFO5<@NzFlw!XuR-<2GycZpuZ%v;t?$ZVI59I-E}FpNjh<54BR3gG@d
zAOY#pdrBjMjlHQ?7V%l!B25Dn?~#q}7y2XL{_IU$sslNga9trKd0C=ULIrJw6dPV0
z5!W?3Izw1173vwju6W<rw*_sZvQ&AQiYA7T6JsRysjYExLoBe&6Op+p1#V;ESbqZO
zz&8|B3}(pN7RCW4S?t25_bKkTY6KyEJaYQ#=Z^Cq3<vTc=f4|U#rwZo&z?Qr|9X%I
zmgoS;eG}yQfbOBAGcUYriHlc;GC-kG%?7&bNT)@08AOi-(0{sd7?A{wzt_)Q{OwqG
zL4c(_awQNT1mq5t!k17O5_Umrt6E0eOem!DJ@PRtUug%sjERj;R*b!w+K<9$^|O5a
zr^$5oAnSkq+4|Gc{r}C!`~MH}pm2ASh;R(k08KtJ6|E<524ow2<La~*i(uhl5ejS2
zqPy8wcv1@7-V=j)7|oiYA+A^m$|8XvSb#7|{s>8Ce47c1;%(qfBiOG_fM$qJr=1B5
zzhZe15+Y}gJ86`4qUUqot1A(1?2f(JRci_~C>b~A%|?Vijo084cg6lyf@%X#@Ov={
zuVK57x^gdu+M-r#4v-dS(YdoY8=t%Q;o#32ZK~57Zz9W3V3jFIG?OGHnK)CPyRrb5
z;LNm{h74mj(%C{cBK0flkHhEgT&a+uSQuY>ApXR&ZA50R(`t>+#d9$e&s|6uV?x-J
zr)tm(qs9Ww4`;UO3w)p_)|A{Q+Yw@mLT+2uAWR~fjmfz~q|go5)DhWdcZ-M34M7Bq
zJYSvws5St~&<ZSVG-Qr-W<v{^XmE8BWRl}uJ}*y$D4=gLZ%p}A2LtN5cVq5dIZ2#f
z+|UV){{KbiQ2qG}x0SmTI`bFRE5EqEWSyeB)74#ETiUa-J1d%TmE1JO4(=$lEIdZJ
z7jL9hw1?mlwwdTmwpZDZK`SU1VXt!mKb2xWePro|h;54J*sUq;bmZBOi9?JyKvKNc
zL2x_x6_y#Tvt$n9f55~ft#bn{WmaNQOV#*xaMZGmnscjne~ah0av#Ozy%D;t_;nuo
zABmC>n2IS-4eUh~uxWrXLxK#7$RK|;g2KBbJ=r2VZPlmBgMexZhV_N}59==;>fH8&
z0erskrtsOFOzHbAeEww~(`SU~^Go>b2NU=__EA7OO0MB^FYv8T^?Gj5KA-+C=l@qh
z6nz^5(EIH_OZ>mH`Sg+hKg1)CjU`8uk?DXf2Bh<kfH}^A8`tX@!FY}HLfj<NXy`Bx
zw;bh!1$Oa7PyXmuJwBiNEMNa8z3$$d-nXdZKKXxrqf?6i+IjZ4{vYBwy$Vn)o&r;%
zJpeO*Iz$4Yz9mE-jSpZu090a(CPOncFqx;pXdaOVf>s?s+!BOw;Keh^;>hYQVW(KA
zRHiKgY#nHC00pO0;JVQ*YYd_^smo%42UG=ZuYy2e@G>kW$x;fUNb<2&ufGle9&SU>
zD^-&$*3<cTjGmYP(ZKVsRFQ2o`4EFJMPD#5ziT!Aj{JNa%&w9lhgC_UYutduNlf5i
zLIl6gc`HO0Q%78Q7K};ZjqQQ1P=VFhNU7lmQ5w!U^euEpd=-RbHYn6hioAyP4y$_-
z#IH+5Ffp7aF=i69O&FlxDcE;;^I0;c+hdneGQhJ$^_FbR%#)njUD{{N%%_C4+TF*(
zoD({)n3<0iQ<*oBrbsCbw6se}ri2!wnlgZCFhRMgfIe%WFte6MU=%)sUkRbjnrpS)
zB);)(pQPdkkLU6sTPSIjR87<hN-%uOH{2Km?0EBAWCX(*>ZG3chO`r=%rxnX1EKR^
z{xk%9v)0g0il8_WJ?x+qh4&!U$0)E{F7zisks2BR@_Ac$D8u(SGBoM8BQ60h255q{
z7?D>vS{H<yM+e%$m`cOeJ!oQ7As#mRE$Dal+8kHT;H7DJNmCmaN7WQv3>l}ZU_t)x
z>W?DC!#vCRe?~RGwvPMGf7jbZ`=6&9oyYqh5AvY?|BG2-eHcVD&+P=wr?}^zB`}4&
z*bfXH0t0P~(Ep1w@|@8?s}g*-;jInq@7E1AMC@3QZaF^u^<4DrVu=C#9VpYqa0KsN
z5A9sw?*RXjy3ZS=4X-({pA$;Cqfg%%G(A>#kg7t}Kf=RapJ9%?)sg=^e`IQ)?i1=5
zA;&m1)$e_5nvYG(nUaq}V0F_Zp;OS2kk=(b6c?_c`ZMT}^Og)TJ8F3L>Zk$u8`{p4
z3`nW#Y{b2-F#o#~xcQES;tm!!^+)oEgk4%H)dV^}m<5y6Vaz~!T4{BjT{2stI6s&G
zoM7bQU%n>}^#Sz1<9SMECqJ#S`65k`(v7Ubf6Ya+lkbtg2UCoPC(b&~`gvWo5q>;w
z7yrO#IsIp$_gmC)pZ;favt<9dx$(IFdyogo_ixzMkUfUqcAM*MXRF=B`*38Jk*SGx
z1(59;Wpn+u<G0s3ZNAr4t1Tl{D;ur$NT9nOY5!R(=&5UF%KjZSjNHbbzu&S~{k4tt
z&!})zS)o>q|Ivf=J3h<TKa1qwqK^C4|JK%KY5hOm|9zMT*1z6!<t;vV{Ka#!*HHIv
zlhG&*W+0L9Q4sp)q~j=gB@u7rQb4-SQ<kq%vIEJ9SNZd&;(~1dub%}hNUjIP8kylT
zoevtRV>Mbfxogs=G9a8S2e$q*z>=xxuL|9!+4A6~SZW$f&<C5du?pBXWnvV>jg$;Z
zj3cuQrow8)w;ZcwNsBd6SN+6));drBWy#3$^>1wBzp{?|*8kJZQv8R_XPw9O{}2ye
zU4R8EO}}Iman{zcN-kZZlOx9gsH3{MLUpXCvcb**m&q(3{V%D7z3E4#z_L~?G9<a3
zgh((la^s8UL^LC9947vYh>$S}A%(PA{6g!o>UHxTUXc!!sgQBQO_H>a&V>^>$;7#I
z6#;?$3N7oimFCOF%5c?QIbTUv8)rZC&u!&rv(?;LN!J>!Rr`O+4QldHSz+LhiR)T@
ziz|g6&~n~I;&)4$6lj`q36ul<%_16d$E&uKzwh`jU;ia#-fynsUi<%zqW_;~TTdVD
zKOf{_<No_~v~^rvbQ4Pjjfa`-&BU+s1l>S#Qrf~xRP0*;?`!k1QRY-c6>X`trz6n2
z>Wg}#UnoxB@N8aK<VxGKVRgyyS=#hT3K&Hx;8*m$To=merOKx3X2{w$Mqv;oS>>WZ
zv5J#u=)}Q|;h@9i*aMfr3}YiUHXN%TS=oE?Ts>>~^C|3{$i1bx=x43;3Mkq|I`w7S
z$ZfUTF52#FOUKnks$p$|C_<Q7NO#ft&T@3K5L0;3xbadm85#k}AVnE;Mz#48FU%<-
z3i3<V{u$Rp_H5j~OYW1)GyHR&y^#s7G<_qK0oFK}c|^3)r}QX@uN$`WkBbYSw86r?
zbS^MT8UKLHpA5ShZEIMsdv2#baM$r~8^7QO5O(_7me<%&E#^O}ls@;lkN)ekp0B9m
zUi!aP)c-tNf3*L7m`BrpKExvfU0Q9t32a8jG%ya*)qXGvu7e1+gYu`Q7gtI0u>tSm
znO6IkXr;NQA~-;-Uc7jb?XJ|0j9%I-W6iRQ206M~rkVzIb&!JQvODN)n`u)KuXV17
zkOwA%E!QlDn@gW$&&eFcNNskAjN?~zsvx__G`@spv~GZV0(kO{Y>17O)fyCk5CAJh
za-QcMinnDMp{9y#gahO?Q8=7?vL>7iBv%9PL^BGY`b1Q1lj#tK*na>#rUUh<uo?ga
zS&Dd$$)+D??s{V=UJ%nEeD8s|OAya65m9xlbD<bkr2#9CV~U4ZF#GVsvHU5#RkQSu
zUTpt@&mHt%?XbSOj(he08^!y-Phn5+NdF(=LBD%nXa_>K6wp}~h@9)fPonuaPDKOX
zIaJ10?4Vn*H;)Q?^XRU<`2}pvL7>a+%OmHB^|Enxv2t_1W?L_DUygh5Ck)Q}r`u&<
zUDwM~2|QHZR#ZQy%^NTQDbSQZdT1WxxzqoPH1GP_I_|yy`K)CBy|MnN|9g-p6Zptl
z0Tw&y>9nPu7U@#MxI?}L4nL4L(Ur-CvQLAB<V}oQ__pEx5Eis>MaPkM)0sqgcrPf<
z{NH7eZo?oN@*W)@&k<OB;0SMRVBA^CuGo`{PP8;I&}^U+GIG5sofb10_@jIOkAIf0
z|IGaHYwNgg{jYBo?Z2OHY(DybdXR@TEK6-$vo$Z{J+xY_<+eunQZ7Oj9)fR+tfYKX
z1pWdj4i=H5xaA7sYwKOVcVdyqk8X<s<2niC0fFN2`u6Yl+~NP9EzrL~9rv#Pr)B?d
zkM=(g^T_kR<yQ+r(&68V8$9JJ9}7smPfk-D>T8mEjVp$GpCWkl$u4Srm0B06g!8t0
z`udR;e8cAs{}1Yp!dKUEpZ<5VUB3VMc>eb=kG%i+TW+9Kp5u#VAdXye`Ku?8_%Ep?
zVAt|eDkl{Kd103~hDbtK$J56+x7GNfEe8ANUw3dTQQAa=c4@Of*2xiCNSmlA95KqB
z_}k?Z2WlTDWDq}|N3(E(#1XpcZ<8mc<4c0mm^k9{^ARq15!SwzVUKg!P@5j*+pE%+
zO64GX_;E69#EzKQ;-A_TSg{-8%;8tDJC58V6vS}+*qJ1biFr${zCgr+xN*czf%Rwt
znI1!@%qKX2M>)lh(WHg+B@EN%BkcLOzoj?kVZz6w#kQJ0iJ2M13}lS)83wp_q{<~U
z^jCpS)MzxYFBW!9IwGS%L@idD4dcJ8W!A$y%jv&)r|s+NxL5z%F4})SeY*81|2@c~
z^uNomD=ri9=+X!}e5Ls3Q+eQ1vKITB)oO*Umi5GP)|u`YrUv}=2Ukmi1pzS=41X{!
z1W-y$Ws#0^SrQqi-VMA)qpF4FY}oaMyI#L_*$+?w-M`&F`8QtuOV<DH@!R(&2S2<%
z{Wf*ncmE%q{T1T>J$<zQewYXE*B^#{5T|I;sh@gX-q(-#-4J;6Pzp&H#3@y_U2hIf
zRUR}L<={FXHU&{~gRTJp1iA%C*;-5j9Zdstf-{=kpnWKc7O*Ullh3gx6yXL5$eNz-
z4TEv$*C_`GA;Hwgd+X8%I0YZ}1}TV^vmm;~_yj)4t*v@}A0P~YiiDB0WcAoBZQ!t9
zf!S=b{r&ehH#f-JTFLbCd)b86)odIIfZ%@Hr(WMpCb!e@@@gg;ySC{3`Ollp^>+Ii
zIavS%9P#$uZu2BepzgOABrBymIM7$95d$F<gzy;TQHT2uIv?XjUk2nW!HaLj1jJU<
z+zrq_10CQ&XH0JEG)w>{*V|s2CeV{8-wqRho+<v&`Zfjn4g+iTWeLlsN``?K)#Y7A
z^~&%dfQmrk4j94JkLE+fLA{Q`aVTrR;?xgmox^-Ngr~#NzwmEB&6>;y5v({z3_}Dx
zfFXv#!$cY=2ix&I-ct>ts16XqKu<}9ox@fl3HA-tFT04$8*i>atj)C~OhJ&J#!w{(
zAcNgQnoy0u1U@;nAh!ca1oIl3<|i?GL{7Ks=mCSn(NJ4>n1RcLK6f__z$6=0`3mR>
z?0^P=?63fXY}YYKHD`*|Q{Y;f^~qFU>^D(|8FTu&C;G?xr$2R1dg7oj-ku!)c(B*o
z6IQnmzb!}nba49m_}!`a2?O~YoxT^x`=WdFUi|goXwMP7pWmMJ`h9VHQa^a}_VAzw
zX$MEUhwt_dj(!lYpxn{%sW?1<#STDEj|EmJK^^q^2<%PoWcM}v?7liUJUD&t)b|fg
zj}Yem@rme)x80M|gWY$B-4mGTCvT7YJ*a*Uz#bhO?Vms`y*It1)0Tj0AyM>xgkPfn
zx_fwtb=AA?0R0n0P-xyHULPOs^&s(84^ZpAI_z;>(5l_T?!g;J>~-ICf9O%EV}No}
z$83zA_~~^Ild!%n{J(p8aD0UA*gZZvJ%OJNH1p(C7yap=-*ZIw<e-l|vVU^?#;Id}
zLWyGn0_Bc+3<djI<c0*Y;O}?+o(714n+^dMjL%VS{C*GO(?DY&m^QlaG8I}S|NnNb
zf9Sc7|8JG<e{8OAKKg%ukcWp_`TG$t{`GnvILyIO{}flB3c?6<i3xZpgN7j~YEjnL
z2Ypy8?<uQidg1{V6<?xpI1o5C3Xi-LnMD+M$mr!wQ<(9q;wKajfJ_1sFUfVJA&Uql
zH+b4By#qW2sBH5lAYyB{o7X;IfMccMWh@1XU@?P5KnCW*n@oU>urGs_h8?8|GFJ>p
ziH?a#6hYTI#n2<b6o4cTn_k5F3RPdLQo3oO2O^Y5Fl1&F%#hmiX&Ld#>o5&TEP9fP
zn_vK4g^ICRm52gj2}7cdPT<dH7^6{k_fo-zLU3uZMrcp1gCK~xjlk2#C_w=G9R+9~
ziM@$T590tNbK+kC`+L(E2(ss+>q1Lw2H>f#cvW<-K^*f2VHD18mkuy?9Xf^LyfX4z
zP8JkPWI;p?Cu7DQFynoa-Y63kTM`Q?i4K#S7#&OFB&Zw?mBDD@fw4}OHc=n7a@SAr
z)-^@>+I3XhCM1Q;V;v9`@}XStF-|DR-UO<^IV6SZD~!_$SThs_VA=wFK&pZT_bv_>
z%_xLjzAovoyDuCGkaR3m0dR0nTEQ~x-V7zoSxXe@0rwc;WzquZfn&Pqq1&FddWaU7
z$%K1T%e)>eo<Tx(Cbvqg*$XD#bVlb;$gwcc?2MFpeGEP1lk6*HWfoN5CLkY;NDaN~
zfxHO=j4dYOG9$2<br^`hcySO;$#-fjUQNBfhmoyj^f;O3R;CPHN8upn0CbuzUt#=S
z&jZD5nX>+?A68ZJe>vFSs*Zd3|Fg}FqW*7lbNzAu{~(XKuC)NLDqhXQh_-MT31As1
zV_$x9Pnb@9U?J$$FF|%RkgEstP|#frp)84OU63QeDQu>c8*tJqB$FmtYKu2Oj_4vN
zax4=Sv>rifCeqt<761VRJ~WR|-M}%*K(4rLiG6Yom(ewkjt+47h9hx{9&8jHWDN(#
zt_Es3q8%RveO6_~VzGeT6JK$K??^k+0tmEMZwcH2W^`HIG`Iy~I+>8SU%U#tO=m71
z;P1t0C<f_}I3E5bAtS^axbb`e4B1ao_yf(pAwS~_bPD86VV4RZ4k}uKN=<GF?AE8Z
z9HALQA3$qBPQlG2!Esbg4hlkmg~J0F;(l`oT%#@-DQR$MTKLc-$vFIbS^gu2r6fe1
zNY_6wv@5!Fq~RyV!ZFEy3S;1$spe8?D{GOsk^Uq7tHA%5X^gbIQg9yWWaES<78vZ7
zogEE~Dbo_&2*;JVB)O189)$g)3?H?B$&h_to6Nj=4bUn$Ms9>?6KKW_vO1JD_HK1^
zr2H&GS}Y#gS79JMFJfNqBj@1}<!Mcvn})>qP~Oz7lz=RrZY3z5lGWJJw5pbsI;iB3
zcQUX#y~M<O#1@7az)(Z9hQ?4?q$PM&!^VS+Sg5Q-C}Ns`=zYq`EiB!f|Hs~UfJap|
ze=kJ|S5ZI^Y_FFEWrLedp(ud_LI@CAFbRTEx7;LGwy}4Y5D-DZhS(6XfgKSQu{S_P
z1$|Lb5fK4FKtzgSFDUq(nK|c{-AzK%Pya7@9%c9Lxu?#VGc#xAH%<g&=Uc3r4VI)i
zb0c_>02F~YhI%Xb7^e%u(p5jq6;D+wcokS$JgRQCQb4otI6)+KCJZG?q3(cKNR}Xt
z07jvL?1m!A2?6L+ZTQqxfzLz1GWx_CfDi82c>W2Bgu~<_t9sZwst2CA@d@imI{Pn^
zs>&qL%1mh2z;4AT+n~S7GAfuWKpEpQ8wy|`SGoAR5rv262QlLUfxf~Z@UEA&f~*0h
z?_h)x8<(g9ewr9JUU8$!;Kf>E5d9y-67a7t#45mqz#45cK#LVyjH-ZNSuGq*R*S~U
z5H3xLdWkH3p<vr6jUkF-H4iV@s1Alg;AB#R)HC8qreh1Qt1X*NNWP;=iw5Py9S1tC
zdMg;G4H^|C;i4862@eD(go&Vj@IwvRPrjMy#&aKBKhQE6lK`{^uCoY6O>PSc*eB5t
z3>%h?o;0RsE8GYS=(=%p1kT{>Ez|i+FZH3Kw7<;-*`c2vUl@KbQxHx{vlP_#0M3rF
zzHV<c21~;iIz(^a<pQr7*uU2e5#@rlY6_M>5@a%i+v2rWiE)6zaiKBju)!+97K=zw
zp}DSLQ{d$CfZj0W0wB^b4+B|xTfZL*(!rKwRLGR!Icz!begK98>q5Izrzkk0NhD!a
zh%%^(d#ccuk7}r2rC5A81fh>O`Dlq}>MMup(%`@kdWqbI0FRA?g5_)`85x3#jOPJ=
zUkRd4=c{7u6yyx1x`O8}u}09)$eN)e3FC^ONr!dNkZefC;MQ(K{lwFXPZz7jAz+;a
zm8X&xX_+t``#Fw`;>1soC#u~m3FmSRe>#6?%VrPcrI<!A1~B`;yil@?hC+~o2G0?~
zZM5!NR*PA@U@Rz%3LljgVhv6?TT|p?f^tx_!P5slS-6qK0WlYBA_2jea}!Ysm{3y5
z1|ph7E1K$wfXxRe5qrpFo^V8A|99##fT+U>HZ1dD#b0Kpi94*i7$G2tH~W{OC*eZ~
z{~rs4;a|A*hkwiQ|9)k>%M00a158W-D#Gg#{1k?YH2BCAc#TPt>=Pz)rw`~Sj;~T+
zA$u6bDq=y=)HwV;K@Cwkem=5C9wr9yk3J9opoaJdaC_n(LmGY%jnG5ZwD{TW6E6o<
z)@cb%0s7?Oxr-BvCo=vlrqTKvOa*!(Q6YZn0DrnjMM^4(#(Zi>b`2~jC2<fqH2ltv
zHrN2;G?&MX$B>F}-}Zd&Vl{{<L*b}h9A>ch^aD-R3?>XqOv06E?FDm$*gSZX^%A)!
zSv=fehb<>@7Z%OQ<X^86j*4R+1_fQ<19Qnm5mJUkzgd;+F$xcObB7&33n`x)U5pJ?
z26ds@!aHFAV8!Bxk0Fgg!%!vF1jjq-43_PHP3OUVau9Z-;6lc@ktZAMC61x%XOc&O
z@aDLEY%<*N1OK0Hxj8z2N$o$}qJOm7sM-FLd4Bs2@$tVMI&?gi|K)G_Ghg1A>_7SZ
z>IRK70ui*MD+4wa6sh&t1uGH17y;4qJhuHS;f_DX7!cQT^~ahLfIDt4$;I3>WRmA7
zFj1@S1ttpy)63caOa-cfQTO<CYdKb-J5p|{#?OQ$fm~$VD=?|cC^DLLxvi1r*fIJX
zh%*-NE5ULwY=~c5NAV}!e@)ZnC%`NMHk>!8(3lN9vJxGqM-eCFaoF&H4aor@h-Kik
zOOL`at-=uvr2^Y82aX7JF}@i=JCh&yCOeqHn$B8f3J>-fUWDYDAVh}(l;8k->F{t)
zr8?LnC^D*@(JS4(){8PLJ8~kSSa}68OLjV0LdJ|y0rOSMW8`upYu*Z0NFJxUWs~?1
zWtoB;q4)iAxjW*48#^yp1hI80<58kfE~}#<2C{nueQBXGO8UVqk4z>JQ^C|olzv&Y
z;4dSSBq9S85()Ieg>f_p1AHlYE8J3tYu2elnunbw0k^jTT-`Z6xben~ixHOc1KeJ@
zs6-x01@V5+9q}2yD`Yq$6&*AIabP;QHNZ`7FJNt88w_>-)M~e32eAz^4r3d#$-=7=
z4V+96iHki%g+q7jj~j$>B*VcSc6-OTsi%Y)z>7!S<=``lhA32IOuGPOQg=CrmrpFl
zpF2^3WGZZg-%9E=P!mj|2!jinTlEuK4L!zuFGdb?CTO8X0#4o_hj4#XzOO1PRBwgQ
zml;E6O&Ocr@Gv!X%PHs|waQ9V2o%WhhOdlKs%XswBB5THhwZ;HI!DQ73pH$*>~gu}
z5hIL3!s-iw_WHw0aCbKk9IIn$iNd-KoFtyl$#yIHj-3iP${eX85=&(02E#Z4bMfc2
z2xaubME1fY5E;R3j^jVmouJ=OZ)wS18_sCEJSbLe*f92;??y}r4tM2XeU7N1h#FPJ
zpzy|xU#*LAl$qkq$ylk9!?EIGnyUVb+cn-*mCZWKrV~OJ4zfbRFrvB~DCL4x9OGD1
z9i3BCU5T7oc0|>Hk`6JbOeGA2L7aBVu^{XMhzS`RQ^C&+SVB7|+O4n_oy~hIV!<(F
zd*zqOo+_?(0uzR3UFax@x%-b2iHwB-j-Gg8a4#>IW>k1sqW=STe}EGJfH#~d<fF08
zJ}#vC+Szp%Jh!o(jByg~zs_FS28)Im56<QqB&x}HN-7aj3pD-;J4GPkN9#ft8jL*f
zIgONXLrK`jieUdlgoe!cig%3Z3}(~dj)vVq+67E8U=->FQjdl8QgB;c9(4QDG<O-B
zZb0_oCreEy5x?or1|L;ZRb_4swWWws4z`R)nunZG)CicN1kdM8(8S}xgCqhdh8Q}+
zPD2GPC|q!`GEZopo^u;b)H-o8T{LsnnK;>$9Kx<enHK4)u#+4StU_}iqhLdC6G|Pf
z1BYDHDE1ny4G8BR)#I8#B_espIQN;_hp{m+&LomWg3A2|=Zz{HSXhcCGp289U~!cT
zqrghZ0?tUTI}k5e>+NW#f)rq6e00hjL<aW*ux7<ymN>&G$e^PR-8nFBg8d`QBDW&P
zg{qgcBRR<BMpG^=Zu~S>BhK!n+fcyz2&X#RmyF@K+0x3GU3MI@5#8>^JIlyV2rFq^
zSiwcr&oFUPDO_oV4Ifp|GD5dninuUi0$c?A6PSqS1#_N94T41A<1me>;uPl6DJwz3
z4U-qZsfjnlQxLOd2qS*KYQSHzgNzCx*iPGa{<f)j@L{+whwjDXAB;47z?vXI2RA+^
z6Fb_wFgCBlVTm2E1a=JM!s}Ss&L+VwqXbHrqYk=fhy~z0bo=$2MLGxhY{Y^p-UvlO
zR2D8G9HBN_e89N^iZ&z(H{ISC%#RUKBs7lwXk}-dTtak~v~7bXv9{Sb^K4sz0izx3
zSUY-vznYy!3~IwUhUeKd`vb{}7i7dO4@8pSZHe;=UkJNF5Dk)`<x_x)z(<?N-=Rgp
zRBX6L;o_zB%r6=+D6e!Bc$=_)OACqzmbgf+1-8uN1o`0&GZS`e!m~}}o6|9#&^^zb
zEldWqP?Ne<O&@?e@P6bK_bx6dr4A&D^%gPESl%Q9K966vaadDbayBZ!_xYW*>Bt?(
zrXRlOx<DFN2Dr<UFp}aDD|m&9w@2b#T2)p<bw>-GA7J~YtaI6PT(L)SM+i0p)KKBp
zDhN}n97LcBq56h`X*~7bxMXZ4t~jG*JoveS7Zc}*aea-efxdhKj@L@;#<nR#qBkpw
zusC#v$Gv1`(3zbqYLV=ygd~k&p+w>ZAFNg~A2ztdhb_*%)L?G%&pVIL1V5hOy3q}R
z9c1IjDbCD5vgIck1frn$#6}nm#r(#WO9RMlp=jZD59xhx-HM3|5j89{d&C<DUdTJ^
zfz^t_=7eq`Cq_B7dRCYT)iaKGP^=Kw4zC7b9@qwAvO<_{A<6R-Pk&b7sDk3+qT&Gs
zB_(;i3$QPv^7<DPmzp$YlvOaELI_kmh8Fy7LqUud;K>#_I|QA{x~D17dSqrNXftbM
zRtLU*Nc!b4yTH`Qa6sFE?h8X>v{X5OR3Y@#QOLq|N@v>!n=k}upd!^r!eF^V6HJ$P
zaP7pJF&)v^6sXp4sB0!Bi+yr?(S-<zoF>kAlT;O>Q9H-4RGA=Rr?lR(JxYojexyKP
z_y~3*yHS%GvQ*=bX%$$9qKvWEL=PE64+m!$V~nO?h}^3nuXJ#6K{lI`P_QZxifN{%
zDc0T}($He<0Q-qO7A7`sH)$%Q=ZMQ)QUeXc8Jj24K*ZgwFm*8HU(pS1*jCRXuCW#j
z>?ukkJ;B`<NcLj8K)f~F*>RBnY<VKyHb#7D;J4WYF9`9YJW14ZkeV3^Z!|=vOEE2t
zh9zTmF;`ViCjS~@svqQH&n|aN5CQUKIv6;_I>i_>r4}6Gd8$R6g4+Vx`;^a?@m@8G
z78xOi0rVlNiq1FzNobqyOHt<Zfxg4^+j6GCa1SXI{NYGQi-o%wY@2MKcws|#hKg4;
zi5x~3aCd8Bdq+cHA**GRC(6<yzFpWqV5E$}X%@p8UyGzd5NxZ68z|glSunPiA;!Ts
zMsjvTnGu3Ciadg~^Fuxq^9WY~3=cqVgU%YDy_7NWJc^M|pa|hx=+eiJ7w$oyAb6QX
zJtjk>>9V&${O9TFgK=R-_AI<`(@6I~6A!2@Sc)_Qa2e5)6hpUBT?TQUwoh6<m5#*1
zG(+V8n2f?l^$a7+)sYy+!O7CZF!GBA<`)bq&1U?|kfQ7~m!*m3H72O|{T`-lBa9EM
z3+O3n0R`q=)dJSA2<}ZGn}j_`lnefI=rRJg$a;MhOjy+uegyGa&1n|xu%gOPWQ>d<
ziFD6h;T|V0un|iX%JUtDsG}6vW{CT;Tri%}k<d0nX9KtqH+6)&e_~U@(m_!tCWSu<
z=dp0MiNlof;Sq8Un~bm%O>~nI_mgfU(N$t&OB#YSBS4ewh+jCQCf24$58}=QY9%^$
zv|;Ks^q>u<3ZYNBg-ghp#uBmi*pW+uEr?kfx1V5M?rLn?z_<+!7~XLRPqb9aOJHgw
zrB#?Ytc*hU{Iyz&tCGlAcw+F2{u(w#2NXzL9S?F-s38(3C>@0{9-#n|VF$45NU;Kh
z6p&oY$!vvgIeuT<i}5NBH!ZL#R6TfwiAo{eP$x8YeXv%Y3(synGX>XotG#$&5;j&E
zcL70$?(t#vQ+&*>lZ*YR&X7Z^R>Kr$(G+($$SKy1Ub;^TT~lcoj*1h+PfYUD!cEG}
z>)hf=`jRkTDv>heP3XL*i+1RC08>f<THId1WHaJ1c74kyG0|Ffr|yu5wl4G@BKDKy
zMYNR|q>CkVJre?X^=$HdfkCvugXZWhM<y-D!Rir4=Yh~bih)oi#p{QQ3~sAu>Yts&
zC_8y)fJLr4eH^Y<b%57+E)`b8HFQ2xbpBw4URsGX@ZQAeC*BlSsyR!iP6&SHGc)a|
z$QFJcDY-~ZK$~1wMHXzhaqye%{|z^e!~V1Se`rhtP@-vBt_=45sI`GXJ{>z&i~qy^
z;{885cIsr4J07(j)bRH|?*CE4`qNGRQD~#K`0vb4@%X<T&p+n>^Y{F<<_x+u9F`@x
z{OB=_;*G_ZLuxHaM(H9lVPP>iU^Mn~!O+qirX-aV<@YNn9d%I-l94o^a6ke3l8ImV
zZzV-JL~5=!4)#_m`$xQ$D$^URNI(rJMggiPRT@07a47s53##M!ujY=CS0n~saFc=%
z?^qA}56&wbn4gnYm>$z2>1ZxV=Y@g%J7!3&Ybyf&QATU|C>es=oZ<Y>+96|jj#vLR
z($V}@X($XQ6nZyOe@%hIt>t3HPp&5H<qA!A5oe`TpP~obMI(yBnlgnaj4J7qS6q-|
z>Nt8hK)2JuTf|(ne_;=EK{iQxvDOD&Wu~=kwRN&76Xkm5mFDGm!}|Avp#}NyJ#J1>
z)a18$V^HOZVq!}6v)SK<jlXq%eond9E4A)f&?^V8A~+@WEa)+~x181!>7`Fz$*7XS
z14s2Q7|7n})jzLyNsipcL5rO#rxmtw(3+*Pr>rLSD6IHU%aYTEfXz0oC`(Q&3x>eD
z5P)Us-;=6I^Tfa)Ag2LB62({X%f?X<Y!(Yc(Htf%f><>mFTbc{DC^sx{zVr9<jJVg
zyyD&kr8)M@3|D)57a4|fXmimYA_gTs3&|%zI)V|0Rj;HEwMb4Qry2bRXjL}%xPYXu
zYI(^2Z-#g5&+=Ep`Ooy4qay<zy8PF%J>>s6Cjb5Qf3>W?FG#=!N7P0w@?WP8?c?!(
z&d<m^mjCZ>`Rm%MXHkCX#e)juKBWWt%Yz2@=wFyG+tbq1hqTX6Pw!dUlYZ#n%E(Ml
zFBoW-(ROAx0bx|OM;wgO;&h;t4(S91=ki5;_FSneJj<2Xzlz((zJd)J1;!jZ6VUKd
z7CaW|ej*sfY;+`sX3ISXmIxz(-TLYnrK&O%@oCogoQ4eRgqNN2KqU&cVfKS?_bD;z
zi>gt-lAFA}uIcov)D;e02r`6pvsHdYt5B4vU9N~IWjS`;+T`+TtS?|N&9TEZOFDdK
zFQ?O}rLLZkuL}Ncm6j&MGj@!hcO-vuS{hX6Q^(0(zgyFCs8X13_@5UnEbxI$bQ~ne
zG`Wz!HH4E8$?Y2TkylX;f32&Vk1rAJ1YS`Cfb8dsR^()6UBE^IE{OQigWec98LT$*
zLfS!G&9Uq3#T5=>J?ZXTHqAcxUnF@?z=jInqM>juUrLLCN<={k2qwu~A0@D3AHsZ!
zJZ^Zbk1Z4+5FmRle1zV}=LS@tFBI*Pq*QBx_hZi$pQ?GqEX?x;%#W&li#$6mZyArO
zdCMR`dPV<^<=GsBVIp*DK-x%WL?cL%vG*gRLxU76vSihl!z#>W+lUc<7Hgl)eXcYR
zE_)&h!gM0Wq;A9HR`IS%AeYTf*L3!;<yMctEKLw05>^9olIYY$#LaPo(A$be%(fd`
zWn*e;MpMyT@t#l4ktcTbuvs`a=+VMm=>M2-GDq&J=6c~OUiGHIldkD%t}~%5qer(!
zh4Et=Tz4lgs)nhY8cuWje5?mXVJtfdNHm%&cTG3-mQNWa(dIA}Fam6h%0nf>#I6Lw
z(JGf1bt}YUkHQrYj_C+jRO}n9i><AxYPPm~FN1*4)st)b&5_DRlq>oqDlswpT&dXP
zldhZK@#YHK5?fpMqXH{7cWac*gN=rcc&yb8)~GsRtj13c7%5*|_CxIh&nGV?Zb>g3
zB=eWSkgkv46<<Zz9RdGRC87bFjOOO?7Lgo)63{6lXs%BduGEB16JI0kyj%n>)x9u8
zq=1-fnJyH_g&Q}9X^r@<L-$+kl-txPCyzL08xCXIWpgkAdO%tBxgJx%3QJI{EcQ77
zg0kTO3<_Sx!2P3>wtIZ9+5AH{f~p_8fJ>qG0t4%<*O#nnD=D%4de}r%3n{7LBt)c!
zkC1$f#bDH9to`3dKC-@%laLI>nwaY>Loh+u+zIp|9X7qlR(g?+fL!Ec<Ra<hVy2d|
zP$+uTML4Q7L4-Sc;>*8Bbm5W<{HFz2^SM%ga81^oN!bGRRF(1&6YwkC9=PJiBek?5
zCg+7Ca#n_%k&&I%F+1aYxu9n$`<~H>RmrQ0mx_cylukl=*K|@@{(oy`f6ren`hQt8
z{8#J$Sy>%Bou8opXC1r$`CI<}V*Ot}A_G9L(m{uB0AMd4ssX^%-ap&`a7_O{rvD!W
z{hzV-qpSb33Uk>mGVA}asbohlxC<(cxPuz&p$s@T7;2g-6Rx)&dnywW7RHY1r3uBx
z!zchyAVDzITnJ%@k|b-BWLdn24!aQ}xD3M`D?)@>AY6@Dt;iNAnTZ}OtNW!9hF4sO
zA>3dQ+Hy!rwl%z(3nDJPN|Y^~;)|tU?gQB*JyPa{|1vsv?Cgq;XB?-vSH8@?z}gr>
zdal%mZ6KL|PYv4$hH8n}3Eq9-J{uq(Pq>EU;1dMEOn875)m3Lko(AV~x`YN~yh=71
z_=aSfiNQKL7AwGkS@oZt=rB!D0g78w{Z#_VhrOUiB#68>T8H>}irzq5Pq2z?J$m0w
zD5+ecXR9O$l5i13GuT6%Iy7kfDw)(d_P^2)MASk2mq!UIWolHIkRTlmI^sj9ba^Pm
z^V*;hf+I{MtTEu?;Aruft5nCR>Af(yoK_NwMcA<Ng1!=VNC3m{Upg=&Gm9NQR6y3K
z1o^2#8QhrQ46nd^fVZrv-!gQZtX{h1Cy~0H;G(XZy220~h5U`X8|FeXEZ|R?m`M?P
zfNt!;DwD&j8Wln8nn?2%1+x`@=&*B+&7Rs*p~Z+WQ4KEcugL=jmz0X_ahSU!^ZfP~
z=(|ILZ!kknvVN%=_}<H`E#eZw4>M?3{NyAiKh$!iVP)8d5yQ^)N4voKom(F5GAtXu
zK@22_5Ab9}_Yv?2n2M<YBS!pjSUQ!DR?ye3YAzh|V8qLDU#5=0rIC`D@Ji#e#qgjF
z-gkpl2`maF$^*7BCdV8`;ZeYK9)caqB<qSAqmTJfQprV<8I)I2GNh=uCw4Adug8cp
z661H7-YF_BjVq7Gte%mHqSUE(?B5_ckajU@C@maNP&8On!p1}N2LKA-mM@@i3e$^B
zOw05><oB(%$FP2^Y&wk7IJ+RZ@X-*Xl2|%(C8(b)n`ozrMf}1>gSw{i^F;lb+5C&<
z6Epx5)h0I*15cn*jB{jWA&;oW^2~z_plm1tWzapS_9lj5XiI#t5sBplRm7J~QdGp+
zA55)4MOcmkCaNok(FO-mAK(a^XDl2Ggb`f0x)=Dlgs+Gr$ru(}!b!E--GrpU7Mpmn
zZcYMdY9^P;1QLMK1D7d~C&JH&f}&@Mbwdb2HZWcxMr!)j!VnTXl7Zu4;xcZnV#UD-
zE(s$zv}3}K31Ad2;A7$e>kmcgfJHBKzG)E%QW+oi<CTiU6SUP}Dl8-muTFQ|;+uRP
zR2?zKYHyQRi<C-)sT>N}aL6{O_}RFjD%d96W(;46{_!hfeFhaelEGleJ3=jUD<W(G
zdf-Sb6LpVa=Nd$nD?Sj4Q(gE@AJHTtD#D5>5x7$#_8X*hUsSY2bO-W-;po}4(gM>A
zABnJl^o!Om<N|o&p|2lwSmj9EraUANlStjli<=6`Iu+&OWlG>de1e0qfTa}rp$G5a
z*pZ?nik}AX1wEiifJ^H~8J9cs0|#1$@tW39@Da|;2Lt;-&Wd3kg2{-3MS}bpfavJu
za$HYh{wOutxdfE0p9J0YPcXsQguRR26V8`-%ccCV6x<4%jOr2=&8Mk337cbkjz(iA
ztZ2v^Adup5*BH%lLxE@uSsg_()^uiChnSUV)JLL)UZ1W21t6YF&IkA>K&IxAMc7-F
zx(Y;q-`(`x+J+7<YbAJo%o^<z8^!jI4q@xe+29mn5r7aV%vQhMHTEHPl2v9M2CDnW
z^l|bbm`v}n-hhc1kn!{J<OOA&y!E~SoT?(SAhD|4;JT=fJnALeXKOA5v+p!Z`d5B+
zz$E%g0T&Fk77L2(QZki=d8gj^P~1l;CgCy;5>UiYO~M3MQR6HTAvb0$FE}EMQ^RyR
z7#P6%2@!w!kxBPzarY#M&mbjU&nLMlAx$C<(}<2tj|e8kAI)l6wTcRH7^Zj#HNAFK
z1YYeQDu;2Scw^Vuf}QYtkdo{mq(v2PdBk1j3dg)@5jEuUMC?w=7wkhs0`yV^>y(SJ
zOIP^>I}xPr&Mn)+F?3|ca4L#+b4g`R8Dt7BggWe`Y$R_lomY@<G|~l4g{noVs(yX|
z4oVLpKNwAoO8BEewpUDL@PYm_lW3Dvz@GB?HNhp~*<{=g8*}5Q2wk0O<e*=RI${)-
zPtAbzH*u2b0d$+S;zDpnQ8w%{WJ)_!V&{*!gp6IsFD}Xr9W}QRv93m#e&Ylj;Q)k)
zIvonKt;t?yFJR_(efmMAfQW{pWDbj0DOlCI&cHqkmBJ~ua5CM3l{+Hcf)4s)+Qq*_
zyI{+G^t6jum~;!>XhP5t2t~&ME7=K>s7XkNs!8xv&vJs3z(MK~iK9Mhx&+eyKS`S~
zI`o(76X0utTi;MAxGCAHYI5->O!|e3CgzxKaYVX>2GPgWXciDWeoV7CN+f<vwKxRT
zq6Z+aB}n#}0On~{Ie-n;BJE4brG2<=f&B9by5v^<v53iy@h=tpS;yJ7O_2I|Qy^86
zxKFTgI*YJts(+l@&ht<KssqO=mF<+clcz(~nI+U=uY~+MdL>ReRAWqxwVM?Jkne;-
zfW6Dc#=6J#i>KLUeIS>L>MK7uE#c57vlcbsFPUq181v=mM@9gAooV9x7xlI~k%I~y
zGA+$w7^TZd92I{dKd*lpycRe86WNS%Avv*!Fx^~g6(a)Zag%^5IxNYuNh^V#<1<~1
z$>Duw&vap%D=PTa1>JNo9T2ef9j5L&WqZV)nu<Q)w6OnXzruf~Tf`AN7iM1Yf55r0
z7XLqep^v1ETJpbiI=@3g{9k6LWBGsomcM^o{9h^gba6MeK8*e#Ipv|d|5fYx=adT(
zI7mtE19&igX7WGWJMfr$;4$~Wqv0M1+MRlY5rP)?K&miz2s!r{+qD}y43g)JL4@2j
zuts`grExGu-T(nZC~+4egsuzm^qOEz18`a`o7J4pftR5iH;`y@0tJ=k50XFv9Ncpd
z>CO17-(AHNR4&q@_YT2j3L`z$>h@Uxw5@hJ?!w0tpYpI1$l@e4JgmZ}xcx>{jbL3a
zi?^FdAR(I46J}d{{<IMHs-l@iG;SRL9W#=0<02Uv;Eo9A&%i<ivmwt<YU(JHkih0+
zG%Hc29zQ^|sZo^;c7oyAX9i$ZgVYcWz^51;haAC*59b{dQ&cJdn{6a!Fee1Xw4Fw#
z2HBXHyg*1Gj`Eq|tK*FKqx4sCU0uu<7SMN+7T|FZxg`U@yVad5IfR}fD`^2XL0YO)
zHeLWyr5E~?iWi0q8N%HlQ)TS9QCx&sknb#zv*aMV9JW9(lf+iw0s6zH@*J_cpCnm`
zHQjHN(IuO#DgtQbDHVjN*Fa(<MJ$do1&|G-5e5K6!xa+(tQb|Rgms9yDOJn~E^^IU
z<_!^?aA1Jmgd=ls$5qCLLO#qy;xx*`wGb8`T-={{ltWK@f@w4n?v?FkO~v>yp6A&Y
z;wk2XN-7RhuaLActkPsVa+HyM$w@w$PK%o+7=IAwoc1yI&%>Dnn8~Vyt*2+dG;bC1
zFxJ6t6Rln*E|v~plbCXy^J$57E+A6Uaim!C9OX#9=2MMmc|c*QNO;4Ym>J_BD>H2Q
zGD{Xxo|fHhqymLsIhZbDwL(OoM`s1H!IaI8%lV?)^0_dAE}#l^NCSPytU$TsJn(6O
za$tEv!-3C5I#pf_T(q<0u6YOTIBL%|)osLz@pyK=Nsi>mvc|LX3Uhnvr+Siu%E0qv
zdXs><j>C`@HMIh+3JW7ZW%W2mRv%p|L7qied((qVI%$AEvOmehBTea%sqoN2PQrwu
zSM=0$h~mkJTtZ*)D1s&%j1_qyKxG+O$dgk!-w!6gBuu7`)(_<2y3N(h3(3sO=Am41
zvEwUUWIr~P&U8Zvm-w%kmY&Ey3X{<bUzepGiiSruT@JDS=ZopGc0^<~5efkMQ<+lo
zNgV!N(~lK_*y<!#aj+7#)kJQ4%njkz825ykhrQ!vWEoK`Q`OTQRQ(~jH0CFxI6E4!
z4d7sGnc8RR=_N$UO`)(*YC2dPgc>(d4@{^re9q)4DTbAVEWEe2X&3!~dGEnLqwlqZ
z9H83vO@rl$kD)7M@}mr*8AN%4JL8p+v02>m*qG`aBSm3J^bM;+0i?P8a8Kuscq`yN
zyj#J1YnW_>p9OG(DVh8b7zcM(q3Pb6JzOU#v|uAQ45EYvzl%gx{7x@~rc+5=MjC*9
zz?-Rz$XFrX9+X$wNB>0<PxFn(SZQbs*}_%70hH~HMIs<t=-tk)$vMV6lHuTej=d25
z&*^UY-P-XQ-o<|AbaVOq{u)a0LQs|2>Ax3kZFkf>^WtEM3h?}RDGw%)@f&`;prpXG
z9f?m(l#-pfAgQ#88dQDTg)z?!XDYe??BwwEI9W`B@P(4zB_8C=680mfURRbZ8%LWX
zKUL1`+!@cc4st0u_c-N2gY(mh)sTd*!&Wm4=)%ShPwi9yGqO2QD1<_ceH=`P1VCal
zX%VF|6Qi`JN@;0WEp8fq)f=Kot5iHRW98t04}j}D5g(H%*e3T|*0Y-Zn`xE@f^9Jf
zK&obYxa7W=Bb>IV0q6mnSTgTV(+<kFY@x)Bh3rEzi6kDpU-DJ)ta698wuepm$;rf(
z$>}7sIx6XeX%iT;{QpZOM~O%v{X<YE6CdzqrfXH9qaofIyNTPyi~b3AjzlwuW`K|r
z+zak^)(_+np;%O+H1V=YpTsK6$2vO@%`hHJ#u;-oEf!Q^Zb?}2s?a(7Y7zoVDJwEW
zxadb56B*bn6Wt?Hc~}WyDi+8~tHsL8*~%IUeud&^(=TxlbH)%|rf|1HYEc*Z`5kZ+
zv=D2bWF`}{L$RluseW>g7(1#p4TOpi3XRl=4EdwYlZP5T&t(nqeQYJh#z+N(Er?u~
zRS{tQz@)l<#f`ulu;ys-(4w)jGJYh46b+b#28$L8!=YE)E1wBRas5Q;g0-9Pj`%|w
z`-jnPFhpGi%EIbBYB}0z#L+2n^A5-(O!QOB;Y3%0;%9EjArlOjGe8)ZixseLK@OJz
zDx=jwaPa6x2AC8~KY*i&hC;2Ftbl!F-9w7^`&(IXKfr#a!E_xh@?v$NHH?wWK&8?`
zS1P8zxfHl7n~zv|TA4aNJr;&sv|w<COkl3W_^-iOz?Y3G2r+dl=Z<tl9@|Bx@`V6Y
zK&!tz&s#QmP?>m-?$m_7Uy+apdcr6y;P!)|g)I}t06Ow~5tSYPB`V`30e5Pb_<Bu#
z%+)lZ+akcE0*=h+Z<0@z{WLI}XPfO!>EqKFKTLy8q{SkBG$bhGmt&W>_1rN;_4`$K
zKrUqx*BB*|*sW@ZtB;fkoT{IDj_|#T-aU*%hJhooVY8*k%*aRsJ%VXmik=!pa#;4E
zXuTIW>s8luC0?@&e+o!Uf;ZTFKupm9KU<MVj?H^7e+VbO2V@S9#5KXQ9iaym;ADHL
z4M^MrsTR<qghHc1Q}aeJn+~<X_7`IXp)gv(90S}@R-#fKq(r>xIJZAl5DssMT)<J^
zf&m0W5U<FS39};xXc6`%^cnd#`nIxDN{*W$lk*B}G#LI7G4c3~#wyG$VwGM*s=Aql
zgLwk-MvYS;(va)&fPqBEl8L1Vt|^pYvliUdEgf|1Yc)qU>!Uqaf^16|A};6oA)^tk
z5!3jLuE9xc$`)*dPos`o1s)2Dlq``AfV6RgH}Z2!VjD*M8Y9PlEYi`x@Q&qZxf*1(
z|EpXLYP<iB9t8lPTJV25Wwq}RfB&DAasILU|G(q!A9w$6x{8OZlS9P+fmcjd{zHZg
zamqa+p-K(X{^~9PItGxO!~wwE>OcIR|JXJEKlqyea1N9IKiB+dm^h*nK2F$z3i-vS
zfdhp5%F(9^@)4Ipu4Mxb$Up<)Zsc)jKp=~cr@W4m83<AqkU(J3Nb}G>r+YK*pek^J
zbeWp~I}(tBc#8Kps-g>4Ru|l+a&ZucA?uf}vO{$#E+<-$nGOSjlqzojD~0ijMuEtd
zrjEuT*rZaRL>%~#EF1Vkn6xk?QWvs6=u0}}VZ+3o97xxBI4~^i-0ft*u)w!?l%i6+
zFh?92%4K3sS8R5npc%5>CquNgT82~^mC)2cKnEUnR=9cSLN8(B<;tQY0+&R-IIb<>
z<qYXA{5JdOL=<4QNV<_A<&V)7LL&+6BQlnHcy4lT<Tt5N=F2D3%q0W$(JAq8QGIZZ
z4*}N4YI}58jE_lxeF8D`jQ9(HeWW7;_Q8G*<Gnbl&_1%5g(P4;;Jm=kYf`=<N*Hdk
zkt`9N8WYarDQg}>a%>{&VQi^eq^^e|#<@%w=Auk82y+aAOUq0%pv=V+jOa-ox=BT{
z5?;!x{iXH^FSW1fC6~)pO+~?kih@Q(W|;J(XL{mF^@2KRQ_&46gt$ZE_n@X?N-YQ6
zple`}6bhJeXA$wG@>I`$Qy9FFU05c5fOVD`4MFT9wade&pkcpK2Dc(Y(@Q{F31XiC
z=sjCbATKq@GlWy9Bnnh`I<P$$ijc<#6a#w;uw6DA0d_DNWXY{a0rK+DNh-m0B^g51
zp#xHxm{E0zRJEZ?88K{{FfieJ#YICej(;%{8ediGn@0nUDzA6J!1!)s;0O~kgTP`r
zW*vt8VW^|UhGjPK9j16yO)xpHl<|ZpMT+wWBC1>-=9EFz7-5Mjk1L!!w46WzY76?V
z7Pcx$gf!&@KbYWagTt|+^d$}Hw%Taz#0YmDVyotkNY?E`jqWB|JBY3eyDXLUghG(2
z`!9|e7o>Ht;o=71ltc(qhP4?ezIQ>XB^Y{8Q3-#*R}k;<HJ(*l0%uH|5-kZF728oH
zvVvSf?7>n;5+{{|6WHSAwSz&hA|(1`vF8^1yEXn?V5z84$+(1OoDnVR5kJ5CF67V{
za3nZELUdyR*n6aCu)1^<Pq(>Vb6`6U(WW`$Rm9J}WRf0@_KV;ks8q4>sA<-%3rep_
z=2s6UT0d^y;692+vRcCP(Q}NE8RP>GMnyb69Ai>^hjnC{xUl!56cTI!5R+@g)8dvR
zIKK1Xk`}HTO~j#hnjeTE#^57N^=4{;r;4W-g)12ZHZWZXkz~M^OYBiPeqm;<A?cR9
z1}0*OLq1@0LFbp;10B%vtd*2_*;&tI8we;j+~r$ao3iJE%mFi%3OKj`bEPuHM&{E(
zIm{VJmsx?>pjYsKu_X)&_T+LO4YSuUxYc=?{G`RtF-5`yf6zmu4N4OT08)(z07U<$
z;C19DVq)pnxX6A+`F1W0pteQliXN_ArF$^5?qF@=<Pib<x;Gtf##EUJRU-SZhHnU2
za2v#sfxF;3p%f?~yMkxrwFBN%<~JGfnyJ%Hx50F^>Q{p09N57wiR!ss63G}t!V_7Q
zI~s+|L;7?<3FrZ1adda<t%wE3h&x$Emmydt^judeg=I!qTT&Av@iDCtKg-Qi|9652
z1i%@C$XAvQ87jbKAUS{tVWM6*coE}~WD5hB03#vH4Uud=zRENMLd@Xxm5_|iw`ZB#
zuPOQlB^m%L26xQSM~Ge>z=uM>cf1IbY$yWlGcsY(+h=5nzUi`!xZO5&=-&o}U_w3P
zFa_1+he>34art4SxO76*!?)qFZpLn7N?MrpoGl99H73Ep+=!(tQ_rF?4XsN~%P+cR
zK%B1eulUuV5+|g^4_5>#n9ZwBFuE$?s7V;$z!9kD>fR~vGodfZnX*Ih0;xQt==;TT
zqNFAWZDMr_#-S}&tTU%SSST%?8OFl`aPCE3DY66p2fhfDbcmcqg|{dKoB%?S7DLiE
zV9f-y1ulxiZMezNqzF&~MBW2u2W)||8o`#4fz7c`Xdh$*@5ii1P(dnKp+hnzMP@`2
zp+i?P@Xw((Gw~40IUg8LcElHx__t5t5@0VtxsfR;9Lxnt33`N#FiDV2JPO$CtQ$->
z0m0n~5NQao4_4(vabT#~YMdZkT2z-lV7hP<-Ud4jgv-5g=Ej5aAB0g9-$NTGnIX8<
zQw^DIo@z*kyr|h6dJwP}2DFoogpq8%>;lCXMJ>(j*9^5FiUqP`d(EC9`ZYXNh>oHl
z@k8@bA9_lfj13d%j+RvUBk)HtTICQWiCBCB;DUMqfEG2(jv0l6m=#*9O~NRGtg!B=
z;}{=L2Q%1s>Hs5j<N_YW>xO`&cqv-rF_bRJ!*-8T2IM;PlsL@OV8&oc(iXT^%O0IC
z;I0<i8QDQp@%zzl&;zC<vWx}6nn=-oPQ;3-Fc?d<62E|<^y+1C6A*jtzz$+ZoS<J!
zwCE!u)Tb}md;^$_3ryd3^8~ZmwTo8EEHjEb2vj-n<3!G;jAu;6C2?%U<g=-_LSE@I
z#=NjYlOjNrWaF|^VmZM&?WWs@Wb7gj!k)Ob6F`VKUY23INC;^>9DY$VLx9(c`R$WM
zV<QT1>*|ve2MW*3;hHL&MOMRLO+n^v30&Z}N_r%ts(}wIR>@-_%H6SYy5s>8$8`_M
zW5B(WnB@fhYEtw9t-ii-5bXu4mt;H00Fa{_=Inh6@_HhQO(M%kf@aF&@Yr4#3!cdu
zfq%0yc<4_Bzx(9!f+aFTC|lXIOLACW*aunmkxk5A8e`Lvc>xn{!%$%+`(Jj4tn92z
zx%Yrl!WR;^yHGqY>}IEBdZw$ri?M451OunavZI)7$3E_8I!3~!ir0qO897ALgjL=?
z0%{ln>UKs)qrr?$*_oNySsCUAhuN)46TX_+u~Ww^a{+FNrh2{pkftQQUs@Gbr~tZ%
zAj^R=lM*)qDC`Ix%61IXR_L~12!%6I@UdG4Ly?evoC#+qXu3zoqgDrO!j?dsBnM@*
zssp+vzvGtBU5J|?d4LJ(r0yWUIc0@0eT;ecni9_>yD5Q5u(DBoI!b^&<E14}nZqd7
zNF<|1bO&BMXN`;!Vt)y5dvJ_|YMf@#6YoK}`A8!1P79HlD4wlD#EUuqrLL}nWT<jW
z6dV*)lD@SKh<_p7*%{X-D{(cP-<~L4(Nz+9Ip_`ndRAQ?%FQG|unfobnX>>b+hkjk
z;u;plC0&AK#N1Pb5C%Ek48@BIBxwU86t4f3C_8Sz0r+sd6EZp(cgZq*vwA0(Cj#by
zjARMj(}zNS<}z6f&3DM8=jnlc@fXVc=U9;KkVsXS-~E^gMi{usHUpP+5M&DeBW&&1
zi<-L(LO2J*84`^J8Owv%1V*d+?GzW{VRKnLLCD3V67-*d`_fPZ+$tadgHtyKrwRuc
z;l~oy=Yo$MfDSNEl(<ObO<|X5arvnr@^C@d=!a-1<R1gr5vZU+Fs76!h4BN_cQD|8
zqO6W<UGpIfSOVr>;X6N@^N+f`=`;x#x&c2CXfzr^Vak{Wi>0nMS=0g!cu;~Vw3Y`}
zEk-$vB?0X~K$e$BR`SRwv%QaVZ@ktvbrZ!1lTDE<JU|>EFeH-}5=DbrdJFP|$!8&+
z_prK%H0`p>B|8u)!qcgP!)~4xdul2>7fmPQKg=cl|2#O*k$bLp`ab}Y_kZ}W7XSYQ
zf;^lyYQg`@?9{%a)&D;$<NWp+$Nc~Qj=z7h|9_#0i3$A!;ye!>46rnRkP`sB5@P_I
zQlW{&lSc#;T3GNuIwIg$NWeciB;X%*xYrO8VD8vq6Qmv!kZavRBJwgWSUXeJ-5emq
z8UQ80+Ddpt0xbuC7tmva$-210JS39`tqQLKFk!?Z>~+-8c+@mqe;97k91ssuUYMSO
zyN5S~#!oq{xV>Ps^H<3n<Ub-DBrR!WA=;7@Zgm1T2Y`Xq&uZbZmE1%pidp@`(fFW6
zV_xoO%7IA8W<VGENsxVD_tEjqVSPB37=(1Dn<Bnx$w|p_aZEn}OGJ{~!PShabw7M8
z4Wj2zbz8P%iaS7tKV4@vaLNEFL#!p}B_Yl2NB1$FfLNfe7`S~hUJ+F)G=2o<<7o4W
zWfCo5PA=iLWc<nj2?C5UgBdD9NHb2TneM&7HpTJppcml864N+_q=t}8cvlsyl2H#b
zEWW4~(wHQTRBP<3Umc?Wt@sJ91Y>LwYQP=TD!~L`pjA|~&+VzFQDVbj+c^e-zw9|p
zLQ#;A4LKf{v-+X)eN!1ipEw<LMFkuyP!D12@Lgp16(jr($FJm;Iis9p_CUsxF1bGf
zTX;GAhNj4-c4T2K$?sWMY*<Pp0q+7o^*8_I#7k<hmVy@Rk|i+0A=3#$D1;i6167QB
zhZ&6k2nJXS+d@U@F)fmg_jBoN$6`_~Mmtz#TSVAQ-Vx|W{QFFtizqeJVCk<5mV?8r
zIq^yeY&9AYC(N;t5{q!dd<aP;wdI&pjPT1N?f}gtz{(8Q8+8%6iv${Cfeqd$S=QQ@
zNHp2i+gi*6Nsj}GviwGOdI^vD!7QHVTc4+cG=_jWNnWDs!)j_wui>Y%8h%3{&gy;y
z^vHzY(6Erue|T#2-VAp$kkB&8v=X-i>F%9gBLB`x1D`1DXJ-YnQ@xlL;>2Ul@m&}s
zhkjj9F=J&3@EbQBZ=3=U!8Qn76=R<iNL@Bgjf8@D+cS=xTOiSBy6+dc?~}_1Ic_8?
zkN23AhA6HJ`W0Dqm}nyMC<^o%iN?a&a`iN5K$g`+jpi66akrp@<BHQ?$46{s0Y`)h
z;vNK&i8TwR=ZUF)xD+#`)JTYg;CB;@hbEs|;7zdIgaeWZHi1t@G$iS;Z@wy~ny6lr
zRDsu_Iz+Jm7v)}}CWD=sdlQPDxKObAnEDm8M(R~+HCbGBU@OZ4Aj(x2!n!g5vMk#K
z(XzU9OV}iN<!+eHV6}UNco}e5pDv;q!xy^-d9BzbCigI;JAIS6j1zOPKq)KX0Dt;v
zIYgf(4>;~I@{fhZ>1H8soX@zPX+jq?VCvWwQrudV06;bHPYLgg?J6Z<^KubUceduH
z>NxjuKtzOCKyntaBvIm&B(BVA;OmDCRmYv>60Gd@R5Jz{XZxcrDkv@~EE=c-&czAr
z7MdskpkO`%Jy21N=pu&~DcbCH2nQ(+*4XE`i8%8Sn*>S-`!uhON%Wy$jXdY*K>5Yr
zK~w|N<~V#O8^{8~C%1y<I;b6$?cZw!|Mw`#N6P@-KI0#40I${l8#l3s(?-qq-}V_<
znTht_4#)Dp{4Ia~tM*?hJ}pdjrr+dUIA#VuW(NMBFaw*&|Hw!Yt-$6E|4$@*f%+h2
zh@3QC2w}-2Net2ppIbA4NJ%n)=&3&_zcE?yYRNGp9ej=%(!<R(01KpBK=UQEa#%7#
zm?CpHnnj5op2Oo)Sue(^ZVJ8kARN6&T;g>HB^|@SK#XC1r@ie9f!&%F&nF~xR3Z3m
zn<H&uB~7bH*>=ImNx+mC6s7U$GF=>?F<-Y}L)ns&{_Gq9bD`7|+h*E=8V0**FL2%O
z$xpBlds&HkUFI>Fvakr7p5f#OM+ua5dm|ypRjZGbkC2v=!b4a$s!7R^H>gm6;R3KH
zka~H@?MJf$(-^?D5sW`hy0^ge*?^@3Rw{k5^RX6ioWf<&beMKUfy}}I@Kd9NCRWwk
zC6y?Uo5U38q<T4SF!}o`geM%&gAD~+3LDu#N<(ZeD$qlnjLSF>r+Ayw5Oj5nqJ%~2
z2d+_bxDUkX54gd_NHdL1c&q6_F+>ieoW?YY@4+tWz`*4YN5=LH4GZx*bQ2!Veo;_&
zx)x=`hEhd{7sVWhAyzU1QD<Q{*^69Ko_PbpZ4%rT$fk_NOoCF}0i75eS`0EnXh74c
zvIOB==$Ho|*kAwy1;67b4B3paN$`s}Dejbv+!cM2eJ;E{0|JDW>Bh_xLmKqy3&?jX
z802*Vg&a8?b4xOaHg2p`Ur;G$XS0f^BW7b;9=~ir2lXh<K3`6}E%O@~9UOW@3Mc^m
zrD_3}oQJfX@6@q7OyC_f3YY>QR8N(F?4TGa-Qga6856?~8F!|@LxrdKMzkVR-X6Uu
zA1#l^#Lq^Iq9yr|{t7Vna1`I5kH!n!16ShI#8#LuJ6$O8#l=p8%>*XSlzEF58c!J`
zm`ogjegzy<9cme7&S;hDlKX@z;Uh&UFvdieIdlP*WJ;oZCHTaMuX^Vt>b#T37#qC;
znkI~$Dw(lo1uk6!DzMz3r2Dz5Q7i|RHXJ3L*T!bYNJ8{mkA|3Z#AAthA5xu`y3Dq6
zs1q4&5X1Wbe$7-r-sTmR(9od?a*f9laZSKRLd12*lwt;|2Tsd~8Vz1X(i*HWfQBXk
z<sj0^@b>WLNY=At0lyZsZXgFq5L3?f2nCdb8H)YJVG4|0)JqML1<i=tA@@|cR}1-L
z+~FBLkx_(kM=(4^#Qw?D4Fqp6VI2Yaa*C9RQYlTGTsR0s8&<c*IV}b85d2XgE;&SH
zN%~`G8WO(*`Hs_}lgGvs^1_9ubg;G6c(;WIwM34(WCeu1U^K7CL%L+}|CdeKNYM7m
zmdM;!N#K|3iS8_y0Hx+@bsv)~kn*D;m7<X0gRxcVHZ!p>j2VW^UlCtTFB%i9=P~Iy
zutdK_iI{whDVmE-L{tYiG^QG7-aI_(HAbjh0oLl|M<@X%Y7})UL@0g{8Q^eh#=Z%_
z8AIVCAhv?loMV0<zt!S`czEsxjo1`m{_D~S=3($2F`}fdIJCz+4Bl`qV~&Q!UjkO?
z&><wj2ONQ_ELf7DnA2SsKT?fEc6bj5(<Pztz-djrXbLe$FK`0+gC>c&DM1mvK}R2+
z-EK_+=0kDeWf1`5;LV~_zo#k+E7lW=V&^p0ASgXSyg`<sPNaVJ3R~O&>$cCld-0~3
zHU%A_3W#{66(XJ%00TS_QpZ66i9b@;qI{kN9;Ut>-LRk<_iQ28c&jWz-Yr}>WL?#n
znsNR!f(pj`tW|)%%r?XTit;rBkfZDZa~<)hQM!7e+>pS2HH@ORV+UekQ(PnPG7?<u
zbn@dxUwJ6xGYcuz=H-LybGC{xRjVMT0xJWy7z`eVHRZ$0mJ!e+;ATuIg8Ua!6S98@
z2b4H6G68`7z(50f#^1N}U;x&li`66&RkAhYAO+@zjUaCx^sfWIB%I1M03<N+NDi1=
zMWiKKc~ZL|Z5Ar87$ZT2BzGC6;-plc8hfZ>_qd1vLq&fHK6=iD5zDkj@qrzhBvHYK
zczMSPrC_coiSz`%I7$%fqK~E#=OeGwFcQKYH+qQ!_Yfb{N6$fBc_Cd9;vGwDo)cj%
z2TlnJ_ze;eC7!lTOq@osUi#cclmMdcm?qCcCPhK(awIS!p0Y9d)YK|i0@6>VTjhXv
zV(iAg0>2iB5|qt*jS+&Pfz}5*2E;qbI%lNe%ACP+%C%q*@~9$nI|yz|d`p)wbk-mf
zK!YAdC0f#zX-a93Fn+ixV<q*|*Yv$+A)ZOI1XUtrTl!|abU5;`vl{Uqc^A<Sd@_-*
z*>qx_VxHn59{iZtvJQHT5q)N20f;KeYQjm-HH8D09{iVdc9LmB6c%?#>X0N5g3zjE
zJ}mh;WFZL2nyf-jMs*xn?C>Zd>1$yHR0ZQT@!h=1|0eoL@=`@C3U)twg@3UU+#%4L
ziQEcE9~OXHR*+q$rHe>nrhAK^I%k3n2$xW}wgI2lC`Giaguy40NeL3#<{Tj3=+;^A
zb`6S?F2Tx`3PKM2!jU>a_=QorfsJX2989C~ZbB4wQFyew26iSzO`YcU4>YA1!nsUb
zTNac{@uG~2dfZ@Ofms#EZ<dAv?2uJ4rqd-~9Ey>wNZCR`&@(~`!SyOgiB6##CPq+w
zxTKC0&GAWU@Z<mp4#Jppo5T!?5mhN0BR_48Np^xa7bYuX(<qt{QT8B@Ms&9jsKa4z
z$AqyA^j^^OwecLLdh99az3AHv+c_q%sMWBOisbMHvQ3-SffW+KiGj#t0Ps{&vaDEG
zA~y{CAk2itCzPDmSR+U_Y)P;kj4(u~G4WC!$~<D}0CowSOwe67GXsg3?w2@WkV_qG
z1tx-~(u#z_Fe)@G0%f969^hz^J~a>v*zU=ceIZGfA#<4N5H=`=$D~(@RNgXQ5KiU#
z1kvHn<_7CBV1z0$BVXGnw-cE=f+sN5)0QBhB*9U$4c_C(%;1%pK@xdsj)Q|%MyAxT
z?(p|{S<xSrL(%aJP^17kd9p0pH2U4C7$<uNF-9VI=Mpq}#z+h2oGqDsc+j2-n~<8p
z+=D1uQDNGM)MGjvj1l55tbg!wHMriOrpA0nSxsdX<__*@R#V{?$uSsEgF*2_remn6
z{K6|33a06rs!tR%DXWD+E;`A{l+|jqRlLB`gjT7;7;sh90y0hdmpKP9u1<N(&9sLo
z_bQEGDtKM}lu-Rd$S#4{RRtNb;>*DT^1M{lRP0eCLuVEWvaYd`78wl%R4=)+>k|Y9
zEH|3aAkiOQj7fOcrDJ)*<m$zBj7q`d5ilbpOkr001{@3~fG!T-;0Cc*DB(<>gDe)J
zevxTHH*9kS7!+~S{fHxI(QC<5k#NV&7I!EnlB)q27-d3`M7lLhsHS4l2-Bf%Sj5~S
zbr`EgpKO}SfSUuzfeXL8N|U&0h<?@J4k_f5Dg7j6u@6G07*kRs-dKQK^ck%nco%es
zNstwc9w{4R81p%JEw_SsK_W$q_JH~USB1GOpi44r7m*|b+sUNuvag10sY5M7<+_Ce
z2#{!u9102B%wrtX_{@Xw2QpzU@^#}1Q$inL2Sr1=I2;WbT_6?H$nas70A$juX^gni
z(U8P<qd}9<Ig@b{sQ|^8K8DecYzLtz*=iJ@Bp{nOy#Q&T$<<`~MT{ZXhTsaVm{O6j
zA3UlLwu-+>(pY_L`~%_@0e$Q>3inoRC;lBc+RX34cjM-OtL8$%(c!7Y#PF*>Kbn%b
zk|~5Im@ht00)Zac92$=`bPR~Ng=VTF;5nidF^%UYlr=xt>48%Ks+Xi2hppQQMM*2#
zq-?#%2CWxK7^<Qa0d7D^D+iqx6bUEHl4Q9Y;rE}YhgC!NTAWs*CDBTR!2&cae%0cZ
zSkD;y0FDkEFbG)#YFOPGDBG-89Ma0tmN0S?@<rC~Tx;BBNp#LQLctA$CzzzW1XE5N
zBm+L@;tDg~rgLy~EfKHBlSB}aPM465rX25s*kMzq=R=2fg)LV1k!YWBj)kYA+qW-f
z<Y7+6Ea4_x7?Wg7l47t<L184Aai)RSZ<hNvyldhUl9aeCnzEKeQ<nMF9-6R-S#nFK
zz@1_;t3D^dLQP2Icq=XpkdhT=mJHM~R}&3AQPx?Y;LX^53SPmM$dDOODLxPVBVbOc
zK0}oe)iAoDT%^MM2lr>l=ebm(n?Gc;9SZFZFypdriLqFo^jSPO!$FeiKRA<B(q%hn
z^MU!L8qE~du<(O2SP2V)T$>4j2^n}vE2Q=stqA;-CPM<(!#RXkatI$>d)|bT6i0DT
zP|zi)Amt&%;YtMUty%BpRyW+$T!G>C2s(Yt$bI0gz;?4_)~LCbYu8m$rZQ)?KU|HT
zUke&ntgKZvEGS-At`pRCxT=JkOb5J~YPAkPpf!*?*Po~k(2C+KVb2_?q8~6&eOaMa
zi5F(2vgs&s*cppJhbuN_q484%mX+gcWT2X|u>b(Jq=sCT5jCnfOjYZ8XKHFqTHOHP
zA4gNGgB#>r?k6n#{Y<e(d4{kJmZ@>*M#Dq9%-(Y*mt>K5PQq)~0QX7^qP0f&9$Fmv
z(Dx;3+-gb6IJhtOIW6vs<~VNL$~+4nuoUrInfR#}|HX2zjRBVUGq^1h?zV#NK@dY{
zL~Wz~ApG_OfET(Cz|nv#mS<q%^TB0&(T>$K)o@JZ=(tvHb1dHFUli|h4DjjS^jAy#
z4~2yvVFKt{@;`S>lK(lg)3N-|f6L!LIsS*I^g5&j(59dtp8vxsQw9+BuNoZVlm^8D
zVFUh2<ch{vm-y%(>HwW?$0B}?Mg05^MEp?JgCn9uYc6Q4P~_avvq7WIhaNrfb6hIi
zcoZSkr?@p80?3yPMEDTW|46Ja8JSr+f8cqBcmM&EA>p&s$kjlatbsy=-7>s7T{6Ff
zBvc_IM-ad8^C=4WKqDTq#gkaF#_H%!peQS&=PF`0)tpN>*$f_9GGW%!tW0a>jB1l#
zSYy!n3?2<)K}E|>HQICe+6X196)EHD;bW0m8jH`T$(way6O2Mg>fsN&dUEkOCfB5A
zUA34eH<L-X>>sCWdX`1cWNDaFcDY>Up9a!TdP>e3bEFjOIccZ{Ze(<m`?cRsCQwxm
zz0mYaKQ#J7ekm}TsN~{^e%NBM67j>$ssDhWdL@iePbdXHCyt3@EJZ}>7OC2%M53S4
ziX<tQ@P4?0K*{*rR}Xa_RM4pt6FG4z<fdZXx0I0G4NxhlU*z$icO;ME4^`?wVLmWQ
zlF<Uq)u!wP<V1@Z1>G7g1lpt3s8fou?Hg4N7xcQ8{YF36fPJl-ax@hTtSa2+0yE(w
zRDF8F7Bi7MApZkgoD$Z*!;S_NUmDtAF#B|>GrkCbi*@Q?`oX8v@<U>!QXB{IR(btL
zYOASjQ$rKUHZ?rQO${`_Hmo-~-bt57hq_5Cn83rc#GCgkwg7aEI}^<ImDW<8DhWu5
za)i*<#msqxBm<y@l;Z(K-0?<402=sf-^l$#m3j(CvXIBMPkt@fO`ns{@Yy6--cf^U
zRE5i5-UWf^hV!JC1e*^&k@R$-NgJf_n5cV9Vw#6qSwq4kAC%V=b^|xp!JTgc7@cUE
zHXiSMnHzD}B-#(rVQr~QTgc@hdW<eH`rV^--yywuI(2Z$cDuzhg|-4@5<Ie_H2yG!
z8tu8D?^q5}I6sc8nd<i(rbA>6==%*Hu<gX2;a=0YE{56Q4rZ5O_wgRe?dMMDMsNZp
zx;3Tbq-z69y1D94p(Gjm5-88jvliioR^T%_c}GK#rx^o&A~A76;-QSd5DEqHeB2GH
znriv$JZU3;pBl3!0R(qS%cX_cDvG%)|H`$51`-w%9v<mxhJyS`kvJZkuVc$<EGwuX
zN0k>qjrQCUQg8kqp&Ap!Sw(7mltiFD1PaPWc}Fwl&e8Zi7G|e23(8z*i}2&uB)lR`
z@r!10rA<z;ZZ0iXLu)W+v}}LjoM8hAbB0fG&N#&!!E_l@<@SUkpk|vd*Y%hfY*L~m
z%+w^#hUHpDJ!1K-=E;Bt66ONa4#L<g*tj67`>>|OG!5k8O#~AnwM(g8!0Lmo8&VL>
z2K7nLq+MYxlr)!i!W;`Pp>pAp3o(J*uZt(HJw)v)akRP~$qg0;;hVaQcY5drz#~9m
zgy`=H?zm2hkxnEh2yc!jDM=?OIexgw^}NFP%yD`UKl@$v!qqb+!9zz`OhTq=91(-m
zGYK%dgRCgijC87o#?_E36y}j+=A_Mki9G2Ig{wGmm=97AiNMR6C>swuJ)b6Y&SB@i
zMt-!9rlNk8B=;tjg+_R}cqJ<sJ93Gy#ytuRB<xXm=r|ND%Ag{)evC6Gw{%!}F-PC1
zI+EelI5g2f!tlfoBnKVY>BSvoZ~|x-GHP)Ly;U_GLuAPR3s;p?_V{t*Qyla#{CIG>
za#Eff)fX9MKnyQ-)40efh(89yj^B+6vtsyaLMUx02+6F1=tL}nTgm&9(rG7XneiOF
z6dKccv+y#k2>E^790eT!RxTyw+ZG|v%g2a77nMOVkV95<afXBoqX6IG?vGL78Yg;o
zFo8pa{A4va9dQO^w+S7GvW1l^Q6q3!ADQ^c5lhuWO2Efy;w1emK*0;QCrDpx%3d6E
zR+D&`$S?|ZLPf$<hf_{u;Q){jtlGuXkcqFLz9;J6e}T-6Je^71birVeyBYl-SyMG^
zUOGxx6UOGHM<98#i7_-cvym4}V5X;8!o2Nrxtx;eheI-C8~Yw5bgV@d_-nqHmrE7K
zMmE8$Am``Bd=dtV^EC62_mJkab{VZCVW1XkcH+PcYc__k@FQ5Nw!vEWvoUgu<ouVa
zUYrE1%9lX|y80y)c&-;6`jRFn>IbiXNn8Oly!+MY(VJc+5RM*^SWx@)ViQTG7oQ)5
z=#x|!2=bou>i#~>laI-&dm3Xpn%bv{4g90^PeUe8G9yPz2d#l8MhT~|?Ek7lY8pBP
zVsnAdVhog$>ZKNvGUA!R2f!)u0PPwS)+7{oOlAECsjPpgUPt{-)a>-FZPo4QbUSkG
zj%Y54erFt?amp>~Fh|8LtlCMyCX!77{y-CeACD5hub#yr%i(Pi6QY{|CivlpWA5Pp
zMtATInaAA0|H*%~`G1>TG!M6pTKvB|ouAbqKL0~Thfc@*zyFTE>jn+%-AFne_FALD
zK0S-szf<79l)CKy{fGZN$7V|_DeRe7I)44vld7Vn1#5p@_~<8NX0Gb>cHgFN_gMG(
zs`}UNk*1!|@{S90WA(@8-Pz>wZJ*D`UN!&nRh`?fnsLIe6IW*Js?#%U>()lPaMn3*
zKG~-66>WO->G5{ol)|r^pY0zxc>jS%e%$uq+;5^i`rNVk{fYa&h>m=9$f8}F9-SEa
zY+>UaXI?(-K)sEd&-(Sxvo3Gbz1tf%)&Hve*IR7+Pwdw8zI(UyuKQ#AKl)6${P+d0
zcKIMby!jP*+P=jlIamB?tNX}{y;8=mI_`nzT0B=dePT=RuA-DyUr$~7@i`x!YYT7s
z@U&^!o2E40dgf)9o$>N<m9OvmcKDN*O&!0+^Yw}|?w{4V{<P7z|CX29z}DlkdHWXj
zv84|!d3DdH&&+@N>6yj5!WTrdKYQckZvL!0TY6h=du+&}FTeO=sB`w`pMPGb-tj}7
zr%qjVUm&kvz0KD>T9DJ~toPUZ`wqC_xp~X4Xe^!Bp=ZxucSq~nT5g*$cGTM+{ORn|
zW%F};dd%K__0?BTpFaJB7OpwnCSQKwkKYz7Sg>of@8V8(_ODZ?PD}5DANEPP@Qi0S
ze7$`6@^Onl3%)RH;o5uu_@eFgEz&PKyL9Xojf*=EzP&@^^D|a--Z699uuIPDQh91%
z^T<2y9aS=HgZ-UmwiAyZ5sh}g<dSzM{c^*c^V2U})OJ?ZG@Cc{^)DNwLG$mQeq8e=
z9{Y|RJ0}0}-CN6+Eo*{*+g99g{frquD$hUK?70nJ-|iYQvrTHdc6}SS^e!oX|DJvO
z_7&cGF6+=~H}o2H!OZECY~521{PzAIw~t&uYQ&_5wmN-m^=);+wv%47`D`7c74ME&
z^xjK5?rGNdv>tDt&}iSSwo7K)--#3y6bv6er%mD3wvT<he$AR@&6^jbjJ;)PyH7i;
z-h2A~XE*lR|AP0~l<n;A%P-e{{Bf&kGjF}MeO6Zgb8qcC-u7C{$3820b<oO`WsMpI
zPVV}ockiaXO;&p!Z}9ny5!ZCvaan^EXWCYNzrEzo1Hb&1eb$zZ+p@p<v-t;W*8KQc
z<z`l6>hz~4{Iu)7`{Wi~vsS$MMeLI+v*(tqZ*tw<mfqVt4I4J>gcDBa*RNj-*YHRB
zrlhIMTdz9rOmFFkz|#FcpM1gz>3wH*n^*U{d)793tEKnE>7Kdm%hx<H;!h=O=bW>`
zAK$p|M%y<P%UkaF;)^{SUuy4k`nSG$9h=W*hC18XOBdLdKD2Fdf9>nbnr%)W{-Vt`
zcI?=1>MmF~;GWLf8y`NX%=}`JWBOMQ{_;W{dG3vGfB*5l`~9y!ANVD6#o%)WPdvM7
z=e*nZ9skq%^j)ttD=6&KXXujg-+jJpYNO+)uI%6ajiD3zO>U9i{LEg_UUM&dp#3!`
zowfdHrC)x2el+^*z4zYxYhnLC%kTO08Er?yxvuUPHnXj1{&SbN-)MPjn{7KkYSE)d
z-PNm)zi?&dxU*Ib7*)sh!xQu76)gH>_fHdId5;WhyUh1&^yN=Kf8w**vu63q$}So_
zc;5W^o3;0IuKelj&c&UpzMp7&==VpOKIpyw{uNhVIjUFhVQ*%CaN{=*Z@9A5>78-Y
ze{%NidTh}>xsy)sFz1pFdOg<r=Q}T4raU)x)hSJzUbOI%pMJRa&yAg%+iYu}*ngwe
zU`5OO7B}lYN9*y>)mK0K)9#z<O&K(A_}&+*T9=luo!9U7=R=!EjvSd=`OU@!CG(}1
zDt8YJWq)>k%E$AbUz_b;w_(75=l@f5(X_@pZfw%pE=d<npR0{pWV?9wpFb^{oI3sc
zJ<q(q>aLFcws%{4P40`!E`DfSuRbaFS6=t&U3U-rbWOCmcl9>5lWZ@yFW>e4oR{hc
zufOm1%GWPBr}x~xua`DH{q#pa+5OxnljdLX!KP<dq<>t0ZEC0E?)~}+_1%JPTj$j2
zo|l(qd!yw`+R2-*Xxwwbws-IBw_rgN*V1nW)U7z@(RWrkva)7op4(>OMX&xiuj8t`
zb+(LN(?;8FZ2a?qXYZReXiM{}rZ0WuzUf8BXT29_kv?+i*j_g@t~>g++lDNA@8(To
z>VM$5w{h{%p%tC(-nMPq;Iy~jx^B_(#SaX+B09L3F&bt2$B#bxSo7xZ{q$3SZHYkO
z={NG~bYIl=+*^aM*-D1qvH8BdD?a?NPG;t*w-#R0_|%h2R<`sGY`X8|`hiaKUKr$i
zq2!nAmoBM$!H#J+KiK=G;HD*=Ter?{Y@4&B`I1X7XxFRRRSo;4_h{Lwbkt@xPgTEu
zyWIQMqpRkQdE|-bi+9-ub=}=2rMtc7*{7X$^Q>lBV?964N}alTwdeIW_Gf<c<ayyu
z?hp6OJn{0&U*7ckO`mQoELrNTm$9P3NoTHmN!zjim(AU(zV{7Y@a=(Fr~cHkwR`!(
zM=B2d@x$4<zd!!#+qd+6>|?2Wooj!UA9`cx-US!8>Xxdo32ArU?pOCe-+0Qezc=WA
zSF@#~^HyGYT>iGLSH3AdIIGG&^@GiI<lNjokKggl?)yHOl6lgUZQG{47Lb0v@$^U6
zpMKL>U7oM{;Y;P6**E+r=MtsMhzCZt{4}#y%hne^Jn`pQkB_?d&yR<k(`ncVw&Oo=
z_n(&e&hlTkpH=^(7T@2RDarLRrY;Npyl2{5|2cy(>zN~qmbCn)`BjBYSFLP!XO~|_
zwLBx(Go@a*ut)i-Ke9SkO=&!BX`yZ5IlEWhcHWRDh8Onlzh~yo$M!Xy=V^WQh7H?q
zIOBv(<6FP*;)_jfwiBl{o^sOJAKg%|Rf_GxzIFE4*gP(s5L^Go$v6G{!$*%zvb}d{
z<6hT3eC~#Cw~QHc>EkIsjc$9QZAzx+-CVVJ&n>Ob+Zed^{AW)N@49OE+_zh`YSpk|
z!&gR+s<>vl{UQ5h-!8kZN$X9Mwq6%lzPw}0yHhe7`hGg~=Q>l02c{m^ecBxvo#u8K
zvN*DR{u|f4y7=-*|Jl(!<)UUQ?pW(dng05fSI)Tp)J6@S{H3Dpi35M0*Y(%WTYlK!
z_IoG3Qn%}An~zKX-sc*3@2}UKJmm39o@<-Fw`-54D~^vfh~9et8?U@~$5idDuRhG*
zG-1r9A9sFt>7q3`4OTqz&=)J$J+=4QX9vySw)~g0HgC0Te{S10)8<_8-8)lklNK$s
zEsR`z$t8E)efMKc^D|x?_|mHvt!sMah7GrkI`IAVKmPd3_usEf`7XatQR>&H?5St-
z%qZ#GWM;~D>5fP4$n@?%rD#tu5W9BX=V#V+Nd5YsSoPiVi*14I5ifkOeC{I`9r$s6
zRh>F#%~*9@T28Ae*`H>vSh#TE-JJs2mEX+SThwsNxG(x_|Mk1wn<iCuYn46YhJkB-
zc`BBYdHk&68I7iWwR!TNpRapr_tVdu*QQ~~%Hz7&>u0XGcT%TG-)(L9wEyFsZQ4c_
zw{-RBGyjcQmwfX0ozIQ`F5LID6?11i(YF2v`+n;bSpUV29WVI)+w`Zl>Fdg8l&p+p
zf4{0r@A(5K?cMWfc8@<&n;-w-<sIH_wW8&`IgS5Zy?USe(Wc4!f7;uo;R$7qwRLt}
z_R+%ym76;Entk^<h5om5ZpoWAuknnRoWt&&aOsz07JYWVXY*Oza)#Hbd;gtx-Z^g`
zV~?)e+7v$d;J|aHuU&9M=7g=+y+8S<$0pYsJ>#cY)8BJ<8+~@GA@!QfYv#>avAX^H
zdxk&1r@cF`>B!isy!oyF{QcE_m+#-*rP=a<3mUb$xlNC2pA1JYOUawrv+>qh&wEZ>
z^y({LeO9@**}A>&J(4nb=AI2Nq-SJ=U!T_S(Ocd+Wpj&rZdiNKZ{^)K?Aw0(aWk9U
z=Xm_?x?dlEMLqecuOBF#mVWIO-Wi!IJQFvLy}OOO;Hg#j<V4=O@%OY-r+&3$U1p!A
zxtG1T^|u|roYi%xG`jMeM#~*7ZO4tCcE{dVCaydC&kM%<`fWymd((qcC-kuuwMrTJ
z<mQe3#k-#v@ad=J=lu88&{LbQn6RSdj&Zh=?)&A3_IJM5bl%2GpL^%&M&0Xt;C}p?
zlN#J|U*0<p6*e4o*>~4}FzD8nSB~!M$=<Pj@ZOCV&$(55YRQrd8@=1NPs*LSIk~O9
zLnDz#PJey-XWy)8RQJV+X-jth-fqXTmKQI)vFeB1mH$n>rA@bj`zLk&ZtjS{M>}Uc
zQ+7_;@H-gCD~&$8+`sn1m3Q6c-?3`MZ$EE%dh(x(pM2<{(_1xcmE&z@Yjd5W@9sCR
zoBGVtvyVUSwB_Ax-5-0@KFxRM^Dms2a>b{QYa{Dld}^oWH|_ehQIqb04=4Jso$!qF
znJ#-b{`%7=SIzul^Nw|I*`ysS-=Ca&VEgUm4?T2Zc<(dQ-}-vP^&`h`*}Z!8={??^
z6|uQ0G6I);ziH{oXPkJ}mYmN!oZoQfBeMpjH@!0R)Z7_Q1fF<BVtUN71N(m;GiFSe
zl&?O1IrZ6Vd!N1k@lj9Sl=<bxCM_%0z4XJDg~M93ZF^1e$~VUi`ThP`?_`}*pOOFD
zCG#)J{r>G{eK(}ku|4D{o%zQ}|M|ncbM;xfb`2S^F?+-{SM~krB=?MHcJZjmJ2!-W
zIbqZbr^e3jX?yPeXUgCIX8m)IEnWIqzmEp4eZS$dMXyX4y=_J7{aL@9cI$%=I2)Xt
z`%2h7-C43_b(5hVU7nJceO8l+uBlh}*FE|9Z9~2+x%7>eoz>4@jqQG_#i)(FQywn8
zZL)3E{)catc1;h3LYto(Go-Mv@b-1r1eYIoU8R5hv#FgsSFL|my=TVURa4GBxA21Y
zKkV_|^!01&zIyhGALp()ZuEfzFE5>V`wgd^((0YknNQA7dwJiY4;Tx7Z%*eI=N0_-
zznyzun{k6}#nts1ta|w2UN^PO9OU1&^p2OVoH}*U@Ry1Q4Z3;u>@T-|8EtUyMN?k>
zX5gF)E-Wc&U%u+hy}z6gTlnz9+plYzTd(_^%1@?69-NX{H@xJxFXwK1t9R!!OQ+44
z*n655x+!JZjHf;sdH3D-+|yHC{N%E+C)rk)6zvZc6g<<$o&Iyv@1}1Ey}I=I=R2jR
z7cJk!NZ~4N$EpE$WVk<n?F!Gn#hdS2-@DG|JLgvp8Qih)13Q+apa1gf2b8-zj``~Q
z?b}k7?6bZpZu;^E-BUKOCQgtW)@!(9M&l79Mr>Pj`EwhTJHC0XB@=7U=yv&%&wGqm
zvZi<1+y7m=-~q?_%dXkIcW1_yzD+khy?xE({hyTe=s)Y{=kBc2>dlvO+G{)i`0c+B
zw11`Ti3=*`&Fa^5)!XZy*2?R&I`{r&O|DE0{Qm75zn^{i_{X17zPWnZN$;-vdR&id
zPv7(P&e$tY%ip!|?&<jGHQK6k8lK<r(~;v_ozOkfuI{7;E$i*Lan`JBH-w68wjNJ3
z?0<G%muIi}&*_b(tVvzjvcU)Y5BxG})GHgmysF7{w>|X9?t;-d<C`xZ(YX6#lU`o(
z+N6C`Kicx`C$E;>e%r@Cb^hVP59hx-r}NPHtsfoyQiHEkCQaV8X5D@A3Et9ci&u4S
zwQuFheck^2?dDtm^TgY+-UH`f@Z)W^_2ZtayY!h0$F9no8Lq1OsLS3j>bCs-p5GqH
z2oC@8hOSRs(!Ie+KNj_sjvF**Tl34?eAMm0*e^D|bo{c7*^`F<{z8jRo*7Rq9QMNO
z*|Y8CbDp_o!v(g-NBllQd*-&rJA1vJGU3EI^=#MO&}hxp2g>EEPdUX~XY~4p15(sL
zVA8f5&iu-`?xO2EOdC{H_1oHo!{+wdJn*$M>XhzZ@aUtve*JFS%r;d^PifO|$lwwC
zzkTBr+tmlMzSCCKx%op!ooN2I6DlOzYrfSZy50JwJ;T4gbkN96ZBD(S#i{9qtH0a!
z)_Lchw`^+eu8*W&5B$E@>+yKJ-lZwg%oe%(zUt}qp3-Xddjq?CTi-tAtu2E}PuwK0
z^H1N<f9te97w!J|<lMLGy?=f8l&N>XU&|)9Y)*~l*`Au{Y}fAe?5JaW<JMd6YU93U
zYH)q2?Y`Y7?|2~FZ@bSfopRZe^~ayprS23aaN1l;Mt<ww|K)p|UwGl2nbUH-SJ&$v
zi9{~Eut~-1^%hO+cl-V)FIhPKft0%Ar`&kK)uC5X)7m{+&}Z|gk4BAdVEg`uF~Nr#
zcI<rL{r4|?=nKg<_OvEDrabk{AHVgx_~LUuxcJHIPQCi%vt92*N=i!RzdCN=)yLPb
z|M<wI*_}F_+V!32hf9mP<uvMEFnh;<6;Ho#QoTOE|8jfgiY4z3*u4IVjT^6T)abpI
z{k{oYyKW&Xwr#<2&4*-WW-^Waq!Ulv^JAw_{Xt{Do;m%SlV(m^c+td**8X;2dpD+2
z_U==;tMsQU>a}?7vDsT2uDLJMwr<I96X#2Bem1K9eShxTy?VupaYg$cvGut2zrOFk
zIOE$sw%FE;MH?>ec;l{hPd&PF<#{PP_bvW;TFW-gFMZ&v{*`kF&dMr${kY?vV_N8G
zwtDmC_D@|^$GhN(CsNOUq3M0Cr!MRF&OICJjd;iQMg4ET`lGIG-3yDFb>G?H$9bVT
znJb!PO*-(~&cKF&{hD6X?4~WJ2kX5w`!1X9{hZs+d8bo)lk2Wr{rk^zf4MTdMg5oa
zThy=c`<*V=+O@}h^-#kZHo5JN2NplMt8HWDjE8PJuUoguC)nx!bpOGVXTMcGXWi|}
zxrM*pG`Z`y>?ldetornW@Txj*S8g6rddufq{xf<8BfyhyxZ#G+<SE@JxZPWx4{TVn
z@2ooBHS5-0{^h&p*!J$~*1%Ty`qru6H7eLR@i_P3*{)H~Z;E}gV*2#5ym}uO?tXZ6
z^pD3JGm4-1<knaJ+`n$`<X2mGOXk13V_$=LufP7z?XKsf*3Z9nQmbcUyVt({dXKPo
z=Q`~po2^l!Mq9RQ89DpO7e`()VcsjREFaTOyXN-37hdw_HJR76U;ER;A56)-`l&5@
zKJ8cX@REDyj%amRR^8>RI&^#D<qwrRrM691eD%_fS4O@RX|Q6#Q+t*!nW}Y9Iltp`
zvuAa%jn__=r`cP#P9O1d{ZHO%e&y{ao|d`$?z`@~^2#e;)7srs@#rI8WliaS?H3of
z?q%!H=FLCvzvkhL74Ma$c3Hgj+byf_PJOmZ#h}3-clEB=H~*fyzW?Kg7Ycg*x_Eq6
z<6T4FOu3&?^sr~nJ+IrVvl^c=@AK<hob2tnV0dY?YUQk<d+RYVd}s8$500yI>7|$U
zy5aQgx7p6Lt-ANsy00zy;=9o^T6&u_IS_iKbJ6St1A8C%W5=F1u9+;qDbHAO{!PcH
z?7UzHI|=@L<K!P&xXxrJB$Jz)Y}s<)_<HUcFFbp}%9VGW^q(b9D(~!kuy?;YQyO>c
zJL!fqPRY-md_WpMvd-3*KlPt_QdWx&<MO7cOnNLR$Q!cd%kA3-ymG-O7woWS^qk*%
z=^a&D&MKJGepQoJmtXYQq-`rU-f+fEUq!!sGNaqAg`OFVU!QTtu%0)!TG7kaxbV!}
zpfc_2MN5`6?D}G1>5@ig=MMk2>Agd5UcYiyYRQ^8C!Aba*S2Qu^S@p&DrMQsH5aaZ
zqA11ofOl50t^c)mYBwvFjQH%UIondE^qKi;<KsVT^q<Bbc7N`<w9h~NG3|k}ZCkf)
z-L`GS2fJ^v-PLu$z(;q#_<1wi>1PCjr#?2U(V9nk)SuG$<xb&SQs*sQxH#?nPU~&2
zz0qu`YwG%WXSRs$JbB6!m!00@&wx7i$1zhTpMUfAGw-@&@8_3<U&;<{zWWsCBhP)@
z>Vb8W7XO+3?TRa(y=-&8-805s{7t>Ri{Boy^Nu`w|NGlNx_IM?uAB26+vk+ra`K+x
zr`^$b_27c6A^!hnd1p*~dUjRshhLb~y<fj~W~U9?wR`un$2u2uZ1CB;fhSW|-S0U$
zPrdt;-<LeIq1leW*LO|0dRL<>A1p3Vw`>e{*wwoARF9{J-ClRVxj8$Ye&E^gz{R(n
zvh%aXZ7zQ~vVA41jj1>z8gEZ48996Vt!;}Qo;UBRtFEg0?ke|;X<I(&eQUpyZS3rw
zdB+9eovSmazkd1|8#Z75`y-2Qfv0osI$hg5sde+K1`ioEY46f)cTK!t%G(=)*Uvcf
z+s~(ZFW>jkn-4wo!E4>?t?2WGG;7xIPZ$64M}xD!_;~HeW$V7U+k4w%V{f`AWlG~q
z1A&~eTc@S8TVwy|j5=)!v+jOx)7W<FSMUDsfS>A&p5Yigb7qf`<K3s*X5D`N{{4I3
z+PLu9t<SGn^X-m%Uu|TQq)RtX+<V9IQ&U=ve)s1$PuV$n|L)<FCx2pVd;Rjp&6{UT
zn(#+xa+la|-@pHSD4j`ObB}*LyzrA#M$O88=2Pb%yIy&C!Suyvo%H|MyApV)y1zf7
zVv_dIIz|h{*eW|^ji-oIXfwuOGz+t&J(V_Fd!C9&n?lMGCGAv{l(dLQ3zAaVO6oo5
z-aBJv80o40@BjV0PoK=abLV%@J?D3R+d1c+?{D+G9$apAzbNeqxz-`URiuTfb-r4Z
zFoTS?nD2Uwvh!KtHg>LdPfK2Y{CJF0HO$X1(PF#NhzFiJ^ruSzK|sF0%NZGCwO{|W
zW=e*uyx+j6@u!~vzf^SYVQu}{9t|t9r(4zerKwGNAXAu)OB)q*J}=rXB>Gx<u_n3B
zI`?H}=DOqyx}h8g+4C!kzg32ozkBSo>@$1#(NYh>hTgr++Zr54t)ySLHmz~R$G52&
zBaK`p9BleZ!g;8u*i@gaw_mx^*kXF}qreR~r586wt(@`TV?)$hJg)yp#s|U>){y=-
z2aMlMZ)ny}OTXov`tDn+d0A?eOzxVnt?}HWr%%86aKoI**fTHLK|1Kei^Dy7d`+4=
z+~Qe=fr(K`T-?=>GH-V7+&OCP*MR22gQTxgz$9A8FDu!&weekI&HZxUclg|}tunY&
zx4??2PY#;;j8VV2@5L6Jwn{JDi}5j0gZ1ZY^jf>tG)RBxc>1(Bh44U)eKU@2*&^FK
ze9Zf#(2qPno4;E>RodIztKn)ACP<q~<r+mbCM7B0ZWfSw_iqhSSiSgfYbpQv2P(6s
zSq$!BZ>NlVq$kG+iL&3|Frb>Dnmd`QZ?f*OT)&Y<LH#Ywdu>=M7sbJq9gjKK(opmQ
z7qmU1zckJ^{;*g7sxVH^*s*47;&+W%xNW0OFAx8L6~o?4JKQJU=DdTx=d-xJId~8n
ztXZ?>VC6vT*#QC5!2hF1BM0nc&I#?`qe5x8+_Yei&6bDK%5E*v4k8gQD?!=%;<#v4
z!1-iNVntN$b(wynM#vYOi=R1W&gad4S)@04D$2wsCoj%mmW2$Nc=g&f(+>vr`>qhe
zM-F##cMm;tD*5egQ>lV!PJ`Xf?z<yJxiKz$)JQXKb<mX!Kw&k2eU<L@cOw`w&&%BK
zcxf0IB-opsP)?LpaXNG^DTz^45Z%wDK4|*Miv25gzDcRRI=a7-(oMtUq@=$6`t|PT
zId#ToWxdJ_mifJMrKU}*g0-tsE?pwu+5aRza$9)B+02(FeU3aRPFGO!*gIzNGW8x6
zMaOR>Os^=2+tIt<sM`ev5n*9z?nya0IROCyLqn~{Wa#GR<>kf2#a;g};29{b)OXUR
zjT`qwMs6ErTB3K<05>DXOzF_K+j7-C=Ew$+Y^~jz-ntq2J(x<)o+g`~kw0h7!@Rr%
zDmC2a?v%IXiyhRB*)MhKucTS4OBddaGE_2hJyXF}!X2BjZ{X<BF?;spD7Ak5beA#Z
zK#u3ukP!PBGvwvvzqY*C7PIQ3T>xQ=eh*nsg<+H8Gc%P;WXCp!?RGkR^+tH;&HSuo
z*Ba}XgVS2IhFBdd+|;)@V%X$D@7ZBCHTBO!)_#5A>QImaDw0C)JxjY+ZuQL_AIv_E
z&K+^s#yVo;aP@Dz`#6KDp`l~d)Z)*dHzE=}U*6nNbvNeHvJaIT`zSWOFE1}F+`e<?
zKxJh)(weOW+b6o*-rdx+G<}r)@j&Oiv2tY`NBc#Klr3z64rD1@7;~UU{mtp-kqN;B
z`?_7@`|Z=$y7fHP=5RyCrPa*`%HLXS2{<*o)??uMkqTLA4JAXi5M@6u4D6euv~{PN
zgMFYs&AukekRy{jaNxjA^2)^PYzpP@6MC=7&BcA1dOFSks^j3$^e$>Zq@M1k?{~kC
z$Xu@cfpk1Q^Si=jsndV&BvGVdX*3;N?4w<8{A%;He59uDJTiOmxKiD#`nbzIZR_w>
z`!@xAs2uPvI$*En<;@Bs^YZg8W%~}B<oo8q3F77PlP0<B`4shuWa8<5<H+$~^OuQt
z4B1{SZ=Y<C8gWrZjTnqOJ?!|aS1(G53#AV`>F!%lI(npAnso181yP1aitYt(ZVhF<
zdNnU`t}?~WYRL)x=>w(w<%bVFshnlo$0TTVZdgmei?|0prjV9B1%qdAZ*LH-gE51H
zL&UY`2FpJld9%PNoe-1gUP3W9QEuy5zP90>oS*)MK|vhlSZgQu;#r!GqYH*q#d+gm
z)ig{>*Oq3=;tnh-cWRloQ&vSOwo(7mImTsNYW%pm9&?v$cGD*krzYQs;@CNlw%utp
zB4TfSec`-C=gJJ1K7V<Y`Fu*HF?hg-ilIT8OOts#-i?Tn^UrwZeEs}s(7=HpHt5xN
z*zN-dvKUXNWSXsstG%C7{iS5a!KvC;diL2AK5WS9H!gj1S2)JGCT{!iqPOYCn{`rB
zy^`J5dg$6^1;%KSPDyW{FkwG+U&xK`4ab*rUO#Y6x<gD0<>VPAE-+kqXFoUn^tPeu
zxR%!UOQbG8kG0$sY|`XflJ))_WyW2lfhDR{+BE0N-0<d*xCy}?7TUS^plHtFvmRqD
z{?@rscxXrH&~RKvy~4VqDJdz1g|i0q3V8eYOmMIaF0=XB%JSt^(LjB{xGMd@R7IIt
z6laA|CXY)?S2dRf2D%@?8Ro0J;Vvsad25^5`MxR}vebrdtj^ImIC;s<C_}kLXHBkt
zm}r-I@nU*rOWc^xZS|IA&#w*9^OisRbdTMxxKE#A+_R?WYbDz_xmsA%Ypv1oes;kM
z_c-%R#i^{FmX>$k?45P}<NK$97mplK(a~|)TT_y5-ge6|E`wn_d)}kCN4tW9xA*Mh
z{O*F@EsyOW!U(sy<!jYzLqo#iqnAF|Fqb48KKJDHh(0%zW}h@^Yw&vR(tq-qw0IoO
z-24(4L>Y}xC|FLVzDjgU#a;G1qZDqV_&p?f`PCKK-?H9cOm$E4^VoRYy1vko;yk;z
zQ_0qemeq-Xf!mKySbq>lk-7XZ@yXNsmD);U+>Qa4o3zl_+_-gzs_m$!7na`}88`-a
zdGYuCpYkTQuHO(IyVdpe2<>qU1|wnKTJ;n|<rn=-C#`sNYOHO9$-(ICuh;r1k{0~!
zsXhJk=gBoS!}Icn4X{|6mEt$YeNM4nKXa2_mu+MR=Jh+;w0n0vH9z;<jI~Jzb?J|_
z58ulK1CR?BF07O8ZDVUIeYvLSxcbq`EJu=E9f*g+^YikImVbQ7$S8Y#OJl;&b&DLo
z)o<Pxs>ovRE5OAk%>-^^{rg;EuB%7vnX_km;wIv+J@)_Fve7Notfk6a@z}9V2>}Ih
z=6CMYX<b@XaYz5s)@|ENxbau%52KBEc25WA=H9+t#Hm`7#w;_n+$3XM)nC!6C{ioq
zVq4R_M~lrLl$2Z`U)y@Ajd997Y^uS6=qr6M8?OG4vv1t4+J<?{dGqHVctT(Ea)<2{
zW~o|>ql1IP%$YNpOs0*^rYjzW>;W;Aay=DGvR5|W+BH6A<vYW=C+nH6@3vb6mZj_H
zeUex4_Bj&s=2Xp<<+3uk1gXAZPsZBqH!}^$4a>~TBt%CnxLCSBW^vZa=6;QheU%O<
zQwlN&xXFu0oY?3RX7eJ-(5|NDjE>IG;8~2M#_D@-5)*gk=1x>PfYYW#^z38vjN=$`
zYs{QEZr>Y|zsAM62agHvPpRX)KC-H@*tzZseS$^Lrb{iAp*{Nyt>zlJ?R5k!0oL!!
zmldf`q7EJ;6{r?FFk@s1?@lErm!Id=?i~A9@VHv_x$|U(D-J1kjB45TaBj}lEQMhW
zmuZLR?i&2vu-~*Z((%)xEFM=E*V7v{na@ot1Dwou7#g1blIalqiWqE=aYCgLw_<!k
zg^g<7orO9pxWVpyU52;V$kOQaRkcYOa}!+$3>Yv?oo6mP=+uq%j_UT6fBE`W?{YM&
z>Df9`)ANWL{qgD3^A_!s_TcEqZ&~P=VMZz=hXp7ED~-Js(_c?z+=rejaYnV1@5U93
zvMo41<B_>T@eMhh6XB|3wmu#d)MWmZ{IL4o0Ka>IQjLv`Jz96)uc)XveOh~mlKilo
z?4+cb3)M>O%CldpD_(8M-QqB)vdYWq`=QHnD!b2?tyyV5_u=H%s@pwMpDbG2))*8N
z1b8PuY?7=>!yWzd5r*tBW5*snbLO6Rs^N%;W5<r^P;xaEWEN%@%x}({yFPbW?bcqz
z5@*wO+>bALLx#*$s%_1h%DsC=%f8Uorq|2Yr?!Om9c)?jaaTzRl$nEu9PjGFLwyuU
zGC>*7R!lT8G11m8^wRzO`LnY8rUwrmIP9}+_IwiM7L}HsKAAwctk?Hcah>t9`m0ff
z!@b-Z@ohf$VqY{U1-s6DnDQibbEaaRbCoBs7w^il{`%{$8{0-Nc5*u7ab^9>mtG9U
zQ-^!S+4}?H_J9F-M){igGUvJWmlS*s1P|Fb^T5yy@--qZE8cBcer^)iXu*KIo9Eiv
zn%_s8uG|uTv6|%4)5_L1*%kPVkRgDr#l^+F6-M~dXago}*iMRec*q>>6WSjyCug{-
z#eeqfqWb68iieizSsGLYdsrW$+_3r5dZ788>C7$PR_u8_x0gcD7&)hsFE`Aeo%5Ts
zfBM^+NxhF{XSb!^HG6u7V(a8|?}**5W1v!l2F-SH*}Z2EHRCCTLa{cPd)&>YOf{%*
zInQXJtLx)a3$sA@AhY;W|NSA?4Q+ORY-n(`XeeLBvDx`e)wginYHQl+=Np%QZ!6bJ
zTS-#9CQW(U)?Ch_(`Pt3KB{fpx^-(0a~h2XVj^?%wb!={7`IE#q`IPPuT;eYf3t5b
zFMwO|iCI1L!m)alD)l)#gMo8<TXnECs=q2F^L_rU&t~?)+PP8pn<5t<{Jz<IMzhQM
zMFuA#MjG$kvnSpA&am{TLmK%jo8H<vI`&ggIJW!zh}?HQ%8YN$d|DVC_-y&Bkc_ue
z>)L{Y;tI>#NTy@1r+MZm6zHg&pYN>yN@-95)xO5~y~d(*?6~o76E<x>dGaI}U}P`S
z%Gb?xb(w4k#+7ku!2hu#-`9Q~Fm7llwZ7sCY2b<3f#JJ)x$dobv2EM;kNLL1wC_Iq
z*G~VFr9@A+F&_uzmPq%Ik6C+>`zmj1%8Z4llNELu-rXG<5^^#=-j~4`vg2+@Ts8MR
zu+pJN9+2+(znvnLmhH4nGhpl6`i3oI$ZlYiIBtabw+Gj^ZWwZOWB=-!&kM4{R)^`R
z#Hwjha<7jv|MqfW;MhLVH;Qm_DxN9ZMjAh)Pg&dYd~=+0LguHBuk!uYXEiGZ&hN9n
zHeWYHE0VO(d2o)G?sB7it0GpSng-wl{fTQ<w3kmz)dCf(_YKuernYZxDpGD=F<h9v
z;`R6#jZp@Li>pmaKKQk5nR1{G$eQi8QR(hU_wL<OwT%D)zS*++*hR^aW7PHao58Oj
z5Li5G*7ivG@`zm4m=n_{?`A$eeZ?=`tgWGF0^>p`HNYd(U>h|jr0lq3q^j3-SN5se
ziz?EAHumaKPo14TA0=hgen~Ag+9bQbf6w4q6v~S)jkW4WrF$!AOq@7qZ`Jng+qEuz
zO^J=2x|a(4Ht@_VfiSsGteL426jBJ>_{9&o!@*eNuSinQyY@Sp2F#h9@^nw&GsC7g
z39SeA4{HsPe{|@Xr`)P<pKB849+m4CSwC>Yt}7>t7Wb`Q^}VfGP9;B5t9Q`ZvuC%N
zf6Giu;})Ns0|u;1v$C_ZO$mgllh-d*e)V|JQ0_>n0iI#X;ko2%o9dpVR#oPN9=6@q
z^vzS#c%V($iP@A$&Eb7w&3Pvayi<D+!p6Su>9Jx{AnxVhllZE-HEUk)nOKxTcQauv
z+NriDL3j0;6lIE{)}q9uq{dI5ifS8W4*`Q`y0S^bJxxtbZHu#?wo-2R@OcXsta^QW
zpWUu;11!R9RM`jFRi=AwFNYr-pSX0AiOH(ZA77QPX-&HJTw6)Lf;Te0$UZ6<M6?>W
z-)pTs*Y@a=!^-#B7aD6nolK~e!cEnZS(xE)rtU58s;Rm|Zys){)%76T(IYcFbAqdV
z`%p@)9}V6xL0$dHInME7zai@xA1ZTBoH$WAZ!+UA*RN~86vdoceCgt;QzR3U1!~_G
z`Soegl}dXMv2EMpv-EvN@>lFGL>kUo5`ovSvTC{1a6fGFl4D-p2V1KT?`mz1Oiy<M
zHRw$^Vc`6!)b!ANe}z5w0#403iSys3?opEVa`Wg>tDDO#t@j?OFuZzIb=ctQg1dLW
zzue{Mef#en2M;>P-nxBzaE^BmY3Uc0l^4IfNqBy3^B{}C)>1*Su>^}PWz62;*;j1K
zXD5%WPCT_B=>q#w<@134tK3W%xyi?#FF7B`x^>WWtf8Ue#EA!R*VR3)TB@5pnp`u9
ztzBhHZ)k9Gnl}5G{C<6{fOn<W|Nc87*0)iX)~r;Mo11&->npA1QjVj$`~E58X5T*k
z<;xfS@>O~&D$lR<9{r$(D|-mY=f{_~c3o<#W37&9$)17RBmbzxT1`t!i%29I8J*9s
z%QRL|e<i!nI3Xc>;kW0TH(j{!=KZDQi5iK?i5FJXI42ap*-mxij2qSCvQhNQ_sOFT
z3bn@N>e5|Z{rp;5J~&<5)K_~S*S+WMqR)Qok9zs|j5hGE2)xu9Z4^1cLQ_*SJw1Kg
zE_Lvvl$4Jf`kBodOa&?u9v%(^Y!!&Ez!0!9U!{^%c)%wwONn;r`?prc)3ciM&uWYv
zYrPPEF%5@%<F-F8IP9KUxbh$nRTyx$tbSHXU&1`Aum6-j#oFa$Va@4#YCU@m(;R9!
zYx_N_UubIU^%EQ2YgZi~2}CamIR2S44;?xb61O`ta<n1)NM`0^?^GxI<1_Z9fDy3I
z!R6zCwEzPm6%`d=Ro`D;Cw;D;^1^8ObBgnV@Neobf;cJ}^lF6hyT46Wo_%y!-y~i2
z>Qt-eR}>y<wQN${9A9L;rcT3U=EqrzV~eBvoN5c#f94T3cHFqVk&*h7CRtfq!v)5h
z+f}Gk>eCF?_Z%>oSo-!cDO$755~taGLn#JC1D{^s`D?F+@?^i=dt;gsv;0`5bG+sp
z4ov&LG-Gw}EHH2b14#~tV_|Xi`qn|#llHXG%FgrFty>3favE%1_NpnUwOpe|W>M_X
zqd6YhAn5D+<-y6Z3zy`rmUCaSEno3@@y;<dbs6Om5fKG9Z}v~A>(yF*P4!Op2BWNv
zx+iC*4Bj-D*IaRH&7;UzKZBC&iGkxD+)B9}?W1VFlM5mh;1EHayJ5CLdBs~`-4c7I
z&vzf`u;6p`;ceQv%F4>pz2xhi49dq8?&nR@dsW=iecrrgAcD6Kni@}@-1w$Ap|z<l
zKR<tE#k$@^RaMjIBM%u?jZfarj^xm2HHwQ@IXO8&p17rYZ<Tpm`{jY^hr+Ug_@V`K
zcBDVG@$uN4vgFaJ($WRHZXHpxcXf5Ov9Y1k6C<S)v-+&g{yIlD%5>#YFtW9?vkM)n
z$$s)Seq8CI<H4afoxW>oY2CejdxYr<?ur%XvzVNk`$x~8KMw-K_;|G|hFPWV&q8Eo
z-8ekg(`B%=)8HMXiMf>2CoYt^w%<#)7pFF_-;_4t-P@%rLHNIB&6?G#SAz~18CW_%
zQStcd^wyO6vb@)-r5ef=3U8*&l%Fay`=rkush~UF^Rt#F<#_JXCR;c=?=)arBy9He
zi3+`Pttcz4dBan65|K4gN9V(#&7%eytJkTL23ics$<9)1wUrKd)Fg8anA*31+jnEk
zS?TUY_wVcK>aI9_F3^eCbCSOPyt#9S4jmdX+T2V<Wg2zGgsj>Wi#IdZUz{)H?jPva
zBWR2r(8%Ftt1{!%stTex1Eg&uMgU8xJjr*KhevFVr<{Vq(BXYF<CG~OakK2L!&Q0X
zGbuL|-1f?;0C578BvYq3v1a|hMaRai<@rmwEA(-&IrOTGXjk|63`Jq{HSg40DHqtU
z@~W$Sb#^>``t(uq;`00ViHWknGfkX#O6EBE9N;jBDS*W9*s;UnS<rzeCr1aa&ybOl
z@jafpG$D~XH|)&AhjSB(jXW;n7=#BOUfdX9QHd*xjg5W$*flBGf5*@^-6GQ~npQZ+
z*z<vDB`PgJwvnccNGa*I9^a*8`p4G!9A}Q!bT3=tRi08m+A`?-yywT1UaXNRfBwD4
zbLSg(zu9XI!{KlyTx(Y@%rZq~a&ZJZ226PALuJC$bLd73TZcIWTbO18-DyKm^P(=L
zQK+W=Oa_}AsE+><I`k8Km)p+T!RnNS$NHan|N95;|08gYzX<>SgZKaS^rq<Qcf^0!
z`}h6-|HQxlX8iY=b~CO2Is7}kTLAAa0DLDx5bO>>@5qz>#d-f1=l%Z;&N~8Z`b&Z+
zhVu>!G=q91gz}E(qrAf(#X;V&3`l(RW^^yMKZIFFcaJhyOQ}fmMHUl}DY+miECIn_
zr7?XtF#i!uS<4|<pop#TW+xPPcorXbn1r{3*)usTKEygluz?!MCFaSdl9vz=d|L!X
z2qqv#H?g7_z|d{rOfOBAw<eOD7|F%OL^og~wu2^&PtPFJVD3N~lh6UD9x4=tLxPCN
z6e<_oPW9qxt?`08DYe+%6!@pBJ!vwDy9`(=XB$fb{3e>*?dOV`f))kOex(?FK{5Kj
zrx=5d`RjkKC<8%JhT^&Hr_t$zu8{Sq!uFnkM>p#WryB5QQ#nv`ygKc}KagvnYlQz!
zwCCpl{)L+hpA55>V>sssvKj&a!08%moWDIEH6PR4!I*#9d>~*+5Z&2qx;VtM2xbzR
zhM2bE*X)+04e^4~L9ZcEFT}*)UqkWEfG1r-Wp@+!2+h_9b2xCgm>Cl>A!uP(o<lT)
zD~*Do1E9bC817>xLMMXP4bgD;w*#Z+MfE1bbb9bHmd-P5P{=Y0naN^;r{OzR2;PAp
z@C$1SM9}vlv%P)}v|B8B0h$O^u<;*ohl6Bq?i@%1rm{9_PpHadAqBw1(SjVu?O9Y=
zz{WF31S^_1;sm+EjK=dBjieC=eXx{9$B_JCnpb!;a1p>n(8)eLDri2CKA88L1LF*+
zC?uFSl-BMsG$4it{6PaP0f|kp%7Jo_=mdHaesXIB!~;o+hvq8&fk0>wXe25L<vp1~
zaGXt0vvgKR`)v-Bwv3=Q!v=iCV?mG=N&v12IVBF3mz^dAq~#0j8iTeBRHzf?h#}b_
z?c#6+tqY{m=^E`h#c5nY$^^V1xj4#GL<9vOT_}<f>P?X{A=*5eyIcgs2hA7oXMiry
zvW1iyOHKean4h_Tuh9sEL1%Ow5*hqL77w&sjtJZ}s`i5D1`Bua{3u5h*oyh*n1z-t
z#4IfL!w;DyOxJ-~5Lpg*pKd}$cFr~Q0T|cF6d*+iXtNMv^N+dLnHj|Zd&DC~1npap
zGK7slQ1a7k2l`Tx48j7{qH*w0<6)v8pp~99CNkgz29%%NLEy+i6EHL-1m}c9AR<`f
z;AZ495!{bQE}?~>7fHyyGX?hw+jOz}B_vD{Bq;S{K|mofMzsgi?U}@Z(lTi6LoLKs
z(5Xxxt}n_I{w;#=-HU~wx`XGTsP3JI)M}tWJlP9IV%~J>GMXn1hG#JAx&@Mng(lwZ
z6uuip86tvLj0OA>`yB~&ka{2pQ9{+g00uEr1Ol-Y)UJS(uv`$`%A?XD7fK+T?B9M_
z80V-{hX)ykG!k+X*ld)WSfUP;87NK^--kn|iWg7Qji$Lr>(pghn(j2MJqqeZP8i9}
zMG=j7-rj!<t_>D0WV?{>YVEe_=YfkljbD&rvD8B_M=l@tjUz$%1d&X~9J@kE@8Ko*
ztvxljz#HRvDEKywKUgM+<WwgS+*mvaZU)>jgnC7U1HqQ0VHx9>gFy$LkMs!f&yZ0z
z3YrFg<F|kS=c-_ybRlm8`}0qA7%W?;zYx(uJP0%!h}S?(&caSzPCI#5j;WpMclvP5
zs-V_iU{|^h*r5c7n|pYhCc<K@bS%*vR=&9T1TF<nW5RUUQ2t=l*XfV~ok(G`KvQ9A
zD1R1*hDC*FS|Eg}V!lLw3KHjHRYW-|sgf`z<PiLLAdaQemS7p!(Sq<lY#}0%7&X?v
z*pu6Vl!3EFW^0i9kP^i^PpEVlypoqdhEPC=kB2$91yedG+pwWDoI|5i5v(x~d2=Xa
ze=0J;!zNRZY(hvV0DTVM_2Ut)qID!7+6TjDKmnN5xvs;6V*<oKsE1f`E~dD{6nNGS
zfrmuzjCd`+d(eOmR|ILWtI2=>|9@`byGRU%+WM}Oe06FI`Q0NV+UO{W;MLg>PH1GK
zff_G7Suh)bLI(2<qc@k@9<g9g5ziI{&Dsn>W~yH{Yv}w1=mfJFV(G3#W-mN}oBc&Q
zD$$UFvVk3)ra`a({mi#~;38u9ETJK_>R#+E-U2AYnB(JzTY{*%gRv7S2`cS0k(miB
z8X;f<e|``~C$oX?gusAQpkMGRa<3(cWQD;5V@io6_v07B18w)D`S4gg4)lQV4hxhV
zj&o6bQaBBZr1D$NMPokEf;9-@QIk;9FsM|ku2E7&8|jY*wumI-MS^6kshv~_sgZ<y
zM&jWEiX#bF1>ym;NTFE?gv%`c;E>G6jzlz!#vRYWONf?*8ts50lp-~Ux!gd5peFiK
zIWR0|vv?>ZJsw6KeE4ic*gP>;ftWlm8nCQv6m^sXhPr})3QdC4RWOQ}5H&S^nQBC2
z&esTzqTpg5QC(dfuc<lChigo5x24nFbq%IaY;9Ih^t_f*7*3|5p{5t>*AdoHh3jNa
zfyG7jjVYvW;3A5T4E4?8*YypFEd{|QGHuIj_Yi!PT9!ASAAcfUiU}CX{Qw?Z5h4&_
zq(Fin#2?QoiYhJgd{L!s*EJGhJp6(}(vC-l;b>;u_8B07d*z^09U}EY0vHZVXoz`e
zVDrVEfJdIdz@C6%5Ob+e0AWd><{C(<PQE(@0<e?@i~<H3+NnylYm{)@i!R}ybDzj?
z%ZG*`QR9K>K>%SXAY?{ZiOx$x!=Zs@Wq_j^vY<F@TuEP!MiJgLHc;C3cJQ0wOU9s-
z(Ntu*T_$tDbOTFk;lts1qIv?QPFI6KBrRYsV9w@C3%9*-$PefTaNPtVJR`y*I0z{e
zi6rTECJFibflL374sY;+5e(S}2)r0bI_uA+Hw0yObhO~2kfYTg{LC^zR|cSy$$3Qe
zu?1!V8f^-ahKkMMLS7**VF?pXtni&JoO|Z$BtHwasL}xOh0+O}EiesSez@GRF5uxn
z0<b*UsJX!NvxJHz$HQ_Idje15#fSbyA$<wcm}sI?5gUUSfCIzv4+nD~F!n~`JEYBU
zp+gK8xO*mz&%=&Z%?h(>?M|8Bu4%I^?d&i;Wp%+yG5ezd`A$P~29tr`WO~tHQxR*`
z9-ty)a%}<&PAUe{I8<zyW+7^bp$L*WLUj{0d=wrVI%_<}67kg`fo(?k)=6(d|02Fv
z^aF5l0VDbGT}N?c5#~79x#D?n-2zh>s4d!X_`-ok2-qNksNW9w<>>~A+8f~CQF#OW
z|A_8(7}iM+o4c0Qf1~CfMa?c~f)N(4J(dL;ML`vUg5H2c8e}Bbh(Dc7X<yz%^BlA*
ziUuLjmqvk0TpTLhy9<r@BQbjSCj&scyBV$%I)v*1{=Yq12U<jAkgHw@M-&XQskOeT
zwVtWCeh0Guq>6*mQ7vbPXgRoyC^{2~&O6L3{<NZ_QwtqCOmxQXXSAJ+CS4GTe}Ro>
zvz8zMvhd;snTxI>BPGy<rt?q@Q4<zh{V8yHMI=xc4x?c{3I<%AMsI~WLZ^DS`xP{J
zMQ6f9s)l$Bk?33`DUV<TfR>9#3dO>F#B~anIISBaU<)jGKp2k%siLgb5YsgVc?qEA
z@UT2i$O;yJ+7<~Wy`f%oYiba#*2DEDH0+v2=dd*Jq7P#++b3<&UP51I0}luG)(4$7
zMst{S=q{1PT^{o{%o9mc4y5poE)co=C#H&!mF|Dw^UxLYU-WtWLjH))6KdH%@p*{N
zMzcI2E&xfgDpWJRCIy1_z&B0MkQ@qad&7Rud=d8Mg}@gfgY<6B7yWY&#AE&eAB2iA
zv9p;WVYehYrzGl|V7>mF@^uz|!mGbU^|1G4e{M+uk90R&Pxx0w#Z;8c^I@Q`fc~$}
z=StSk|4gj-M>G|U7P071G-RxLA*zvoGFI#~Qv5S<qWD5CB2&nqMDVJo3pUpQO64*5
zbCCS_gg>>WDp;vQrqu-Bgr?QNr5|R!{Ws|BX3**KPolie8H8puW>YzUM^KZ6*OuYi
zlyEW))RjW#d7+95#RGdkli#8LroQ?=mHKMZ|AEw3KiK~%vd`_GKBMdXpV~T8rcCLO
z|4C=kzxzM`6aSE<ua)SgPGD?&XiQCLHH`>5REDw0Wj5UHCw$!-#2K32WCo4C+=xJ&
zOJ#eJnPj2{fdk?YO%9b!^9F>g@pvwmu(FdIrZK(9AZ(e*VzP+v{a_{w+1Y~L<Ex`V
z@YMx>df;yosGvyQv|$|p72a15`~+tZfkoBiviz~?fuH=v?-Be!LIQx5owY%7l^|`0
z=X7KmQZZP6@_cA$7J|o6SacTKh@c83UEdq2f+roQ8S>hUcqR4tm1I*%Sm=cD&XY`8
z;)4Wgpezc7Vk}%GN!1Zt{h4MWwD6T!BLZTxjFJ9ecPb>Xy?8m1y7AiyE+d;l0g?YQ
zK!olV1$BboK#4p$D3MO%fM>zowVH4Xtq~GoA{;>X?a`QC)MbE<Ulh1mn3KXpTrWTe
z<19^N=co}9Q5eGk3bK&MzY01}{7$4MBAttLBi7LN3y4@6A+ZT)K9>u3fZ%;~yKzNN
z<Vxp40sH`#r(S~q&oM9Gx#a&o{qMH@{{;|$uI<0h<Vm`^;`aaF{r~@=fB((<|Lsu4
zhLanZ6v9yhk4*o0FaV?|4Z=+1b`1iyrMw*;0FS`~@JTv{36NN!|8mfPe=!68#SHij
zm;vol|ErSdt83=m{&4UO%Df;d65_iTlY>>(%3(G^4UFYcsZd7;YF*x=%4N~~iDvLq
zY|pw71%%asRs_=V&m~d&P`T~oLSOj%&qZn@@(mlfbAQ`pR;La3#@@Rkn%TI_>ViRh
zI@lnjAz}>{{O->Kzk`qNHV|5X-!y;TX~kjrSPQ4SblF4!r7GOVPUUc+v?C|oZ42_c
z{GV(L`aV9|ni(z*I=Wpnr=3<6omwQCp+|U+Q5SURi~dA2<RI3~oe(dl(1B<phfewQ
zqssa782(UV82*wg27e_1`$jYaACjwtka4(FP#*mJN7aD{3*dI}DY-iE*KTqNA*Hg}
zEWm!`@B>o7RVva^;ub}mkjaDWfS*4gM3xL_-pgU5(6b-hfbPgJ!}iSl6BZ)d#=!HC
zBf>^P7lb4V8K@fg=%QX2VfR>$5+jSHfa&n?W8&`h5K7#wK0--<iuu?r$f^yLV0i4V
z>G_S=Je_v00Mw0$0rp6=I|52oh|d9H9|1szm_oG^3gKu7El-H>shya=IUhYrB;#*O
zM~@Q8unnNdK_U^l=@5Q)Umx1<rn3TxW_12Kk3=RQ?^z(*A|y2&?jZ1DiK~fFli{1j
z;6ow-TulxT4{U^+iL_EO0rsX8a=<vzkqCQZ1UX1730>JnR|*l59||~p9sExUxZn+R
zq8Z#p(S?AwzpIYD?@lzsPQ;ok`cgX(GUR3U?&&icvi_C@o6Z}74wSG4BVW2|ayvE9
zKTjSoPm8UrE#}xt3VXo`kX0r}oFhWzfEbcX!=hp?twRJYOv<DNa@oL!qQ@=>{n?=2
z6c~V_CtZ+osC0x9J$6MX5)eotS^|d+@Utr-Iu!{`;GrwB4(?NkkW0Zt3Y-8RP3fv2
zgl8QY#`D6804G2Py}Bv_dshQ=_grh|*>;W&-IZTZvp=b=d^QlxTr6jGbBrfo9hpL*
z`h%`VkCGVdNrO5IKP6F6=qwHlec?eO4U5S{<P1BJL<f|>pGsv5#)<qdUC_f83+VY@
zx}xWjxg3-jo=Kv_wqC%&4{{=jPSmD#PQhiNQ*~y7(=KSS`f+|xKMraxSUf~|`R5X;
zeR*7TDVcxPT?qz?@h2siuZ2XjIab}3V1ed#A$bCtZc3CeeRm{EK>q_d5vPN1Aqi;V
z7fJLI<w}Ht%R*_mEXh<t?dSZs{T$);bAH_ZZb-K<tpu6vmL#%&+wQc^#fnYmi=y+4
zuEY<cQzd&MfNFqG{4?=}^C>-fG&;1R@X#gAVt+E%7b8T@B~hbqT7x(jIZC4PC$ph~
zAcrn#u;;d)OQPm6`A_Dbb$bf$f7pA|_O`8SQTTo}o+tkSW$TEvDN3XUCz9nHS(X!>
z+Ln(cH|@1uU5ErF)Fi+Fpk+06|Ihm`-!<(C00)gudc-ys3G8w0wbx#IjaRq5xih`F
z1=E{HzXQ{o-^6Ez{#RdnuF}Vh`0uNo_2pvx_fETgr~kc;&u>}(%MlPR8~+_^H~rnk
zmq9d8(coXA@g=%7H@*1+!`nmnjVpQYw7hp(-s{lvUZZf1Bg12ZB8StF;mH`<SD_(_
zq2WtW+Bu3hhT6aoA>rZ>_Oy<B!j{!WH0^J{-b1pGMOn_V9?udJ?|lQfhLD0taI_Ed
z_@f3@$P0=}4*w+_<umbvF2?p8oOADXa10Y!GZ>I@Jo-;iY;cZu3mx=yVB9RUqRz_{
zfwdtA#US>=m>P1XED=a!*g}JI@)bstKy*yuuvY;`E=Rl%DR4BjMnM?TWB~WjK8E+B
zpr6V~C=fr7q!%`<NPnXz2*N_+(2hiG=1^k?^xj8$>K`g+lh<jIC*5Rlxrp%Jb=p>_
zd-%nC__n|vpThb@h^pu)gRVP)cZps)PA?t47qF-IN%ARF4g`DHQ4Eyur9^Uhjv9=-
z<>_-n2YdAEsQwRilu`=V9^`q@Jw*s+4RQ;>DxP=?IgzwEctbH|fCp_{E*k#2o}i~f
z{qsJP__o$r>mOsN)h0|l=`m{2pv14K2;U0?yY~yh?!C%j_w*~L-7hoMngp$lQnBiz
z%oBGQz*U$@A9f;d2@br;rOw1j3}J{Uo?$#VJ_(}K_b3J*dG1aPvR^@mE*50p9@5Mp
z`$S}|Ap3F(;^UefJ?{ypm*A5;Qy~m=dIF3qLZ=;{=`tPMwR+gjjka*~J8eT{-ICz~
z$j``AWw!iZ>B9AGe4LFo`Cqu04SI|1MKY`2@*hV})Dv<Fd%P4qX-=rrDOKvsuC!9B
zv@)$ytJRv&P+V##HVsjoFP=D7Rd5gm;Q+w;Ikv&rLkop*Bz+9m8Dsp-PoZCj<x-*k
zO$Z7_5*mE$3<jP#B_#YhdW!+3orNj2**6^_4d;Go<d!ehI99jjsX;4B=!G`XBRJ>K
zgAnKev2Sj`D?27Xhu-&S;|W?y0I4A&l!csjk_!&^sUla>Sq(sd!&)3evyftVs)Njm
zFA8r@gHKVCswhF$uG`Q(j0eP|KVi4e{g>N&uV^7R{9Zy-0w@}J*qx+dn2S4O3j1}_
zRC~Su=1^6VzKO@AsygZpD*|AxteOYAZ~n6TrcjsLpQH96EXe-bV%H*Nq^ihc>@Ds4
zn5BRyTV_@Nzx%ItE9(0H1g-}WVLZ@$9x^l6!{-%UD=F@m?~(8T12MzTUv*?&XCtCJ
zD{Vk!AyKu3)9xrQmcp1x`oW^uw^UW;Lx`)BnU$|}aaE<?QMC8sh(46dDF^a-%F5c$
z(<)*Zm1AGVN#z8M=jl5SNA~2=tjcGDs_F_7vX-f$5F#wgMPW6+%=Cjjfc4I-cz6_~
zKLxTkijb<H(?<)qNi-xy)IbuT*{X;gAp_tZnB5F8UI$;UI1Zx!_RR~GH{m&Ken12?
z29zCE3<Kh+OcfMuFA%3|W+{Q40J8Lx%I1-Up~M6d#zff!&>5)B0+gq%AQti@Ny>RY
zya4@8&Vf(>sqT*lz?z)17dPEBteb-pTV%$yb5hJ`1QB2lOp5ay$gv@JmY~-Iva4ep
z<49Q{gPaT<6cSGCO?Q-AZoh_Upwk8KL@*qg2L)I&3nuq1>54;$tH>2m%;%gw6(}q;
zHmB=LcxN?Z<vp(;frpNs8OOcnMPfhxtE6AjW|a&AweiXA_W&0iII$o-8574&17X!q
zFc9|1JxQ=vD_DRc0YYxyW)enClLkt5FowCt=z_#N=wT_(3S1h{uFZe3|Kr{(YT)&Y
zZT#lcgxfA$IAB}BrB1{h77M`yrcUV{a2n${3;JQhIv2Qz4E2D^^AU?j5PWU<&+NPs
z#HONwbIoc*q+r;@Yot_D8tAN9^_W~q&1X!z=&YD{4m)jO1U|`41&E0|2?s_kZ2Hy|
ziK<Z_*Mu~hSehkMBgRFxQn=s{g&@dnnJ3aJPQ+(2Owd#ouCiIB3x*pOU{Wko+Kx4H
zn$d8O02&j@lkj>Ee36>GQJnMb0)BHePW{tRv$NAM7N%r49LIunnX+AijV<|%h>v3~
zqL2lO0&QSAJ^*J1)UObbQhDmPTmHTZby!^lPZ<gwfbltKfX7dSU1Xd`kqugR8ad1q
z4wpr^v>KYhWGWqXKb|xBQ@5socwU#@k${QdjC-od(K;{^fPSwi8l~c(aP{8~@=bt1
z5GVg7m&F#q6=PgT;QC5(P08@!OR7n=Ax?rlyp<)6ss<dzt`{c0SsFe~IuAaECY}&Q
zX+qf$#_xwaL?!s1Mkja{+iAE0mKyXzOm)-uhfxOm9}RDqnh7LzJd@A^z95&#S^B8r
z>x&*Prn_Q1pui4?2}gEl^3R>F{KObZO%|8I=>XIRE({W3mrFkFN>SA`?7c!#8W@2e
zc$KA#xiBzVX*a-`M8!;D9C_b^g$25oj3~VVO&GyTPz^ti>=ainSoaZk^x>FU7eWgu
z3<@B(!~+m}3oB*^4nu7L-`{mlZ4PF}_ajTXX~MBqw!^WIgFzCXm<82qg{KqB=7?p3
zrGQ=!&3j5i6Q}?@DtfGQ)}tioRL7SkQMMh7@g|OXYnL2WLl?!07MggIMoz1M+$mjA
zV><tW_*`yQ6-#|Nk!Xdm(xX5~XN=Ao{S`P<LGO$&lNeZarM2E#!NaGt{XE)!S&b^!
z){qhEj#Ct`lgPZM?v%Brk9a(=0*Yfwkudel_Rd1H*M8C@Lc~jYN5BTkg7a*`^<4J*
zh7zK(Fii$q53_~|ts7CZ8pG>Z!*f^3VmX9vZ20vvB3@Xkw$rUa(E$3W?F8vD0A&Yu
zfTqSMsR=2fI!72(8wBMTsK+}4Fwq@el8s;kqX0nCa0c%=2Lnm6F_c?EoEb^sc^_K?
zM>0mz|6B!8j!PIggu8?wUoXP=;+%^FMJ?966<u>D4o~&WpAJwd!SnZM{?_oFp<6_%
zFqSiteVf8KGnIG+Da<E0Aec{LLH@*+L?q#tw$34|@kBFOee9XIIbGu2Q@+-XQsE`F
z*b-?nR%fX@;3J1a#>a3<544~ORRMyt8Sil1BpyryCOo7hV*I>xJpj%pONJrddpK~{
zghejh+w3%7o)hz_cwx5UY%~9%FN#J90h1t9^U&tcCGdqkve%a@8$xbK>WzWbC(w{M
ziPb(I%1y<N%kFy=Se&|6Qx6A#6(@)X_*9=vhYZnXwIDB|t9~>HQk%(9cr4rkjAN9H
z##l%I*d5R~)dgUW)@D4CbDT(Xucw<6Dx(g2eX<e#$Htksc=oxR@H9#oOt}C<WDGX#
zzA0nT!~qCBDh<F>Bf$6*!roU5f|Lmw#L#<Yy5H`xWJI;?fRE%UB!foQH6D<xfX3^Q
zH<iPT>s}ap3#kAkEhx=gv^cb`%n1$74gZ5kO+i-qTsjN*tUL`yqcHwM>Hfeweh+SS
zqmacn@H|DHNRl#V**J6t3b=|w2U2a5F8A7$kKSc7QdgeaGa{&?P>W9<R0qkmel86W
z*52W(cgA{gy3t$Lc4iLBk~re0uzIb0LBTV>b{q~clwk1%Rw0%li@K%PEqsgDEyf9H
zx~9lg>F92nZfX`oimk}GN|cM(%`l=3s3;Lq9SOXqhN7E*1JOUm<E_|G@z4>ua}Dol
z+6JX~RjYZPNS-kSPi^v@uGUoVt6=ArsDK{#^~FOL{6uwUY23)*3RVur`<(jsdx3ut
z4L$|_j4}Csw+q!4YENZc{_~dq3T<9%{<PsPaOG@#{124vK*ul7B`BYAlY#<YuoPVv
zpn$!5DL-5bj~K}m-1PT^YQlmdfl$U3?d9cVTp`%$EdoIbL<pMG`9g5=vRL>Bdz3Z7
zKTR}7(*k~~B;%_SEE}Z3v%*QLeQ*Oh4<#!$Y7aFON(zL-xnRP<f+X~MZbwQ;MaMQ%
zhuBGDNh{jKq=8w4x80#OeW=5RiU42I2rt25IBLvJcvxUml%T{4a;n78Vhd4BKf`&>
z33^UMSff28Sw=lJ5l&OQ&}7JbWqCU80yx9QeClx8fAUaOEvmxxCM~H>%$9u|J>ehI
z6jQQuD%4VrZc9Dz;E7&~MaCzsr?wjB?3ZrA%Hh6)eGv?Cu5+l7+8?--?zcj9)|p+V
zN*VtSwOyoPn%zY>iUtX$X|Epg7s>NFug<;#X`i!lgSAA)AZ##D+zutyL17JDb;DeR
z6P4Ac&OK%0Lb)_yokizxXfadHD<zj?JqTHKh<*i!Q$Y-_OI9L&>S*X>?Q|srV~$;A
z$5J~L0paOQMzo+$(NIZkL=6N)R%}xO4a(7AOfQu%n>M&YMHA!|pQ_cCRA2>CqovM{
zN+q2{KCc&Ij13~d${Ycj)^i0Wq1f@cFFHh_V@=7m1TRz)qo3gX#M`LIG&O<qR3JcN
zzcH<WPXajPlEWZv`9Gg>2DM%?K87PvGsPrFvGTy8aafSimB$Dh9UD_42%eu^rPYdZ
z%<mTAc`_IKD%zZg%x`oV{H<Sd{1xjhJrLHntI{?5M(IM#MPOZ4@P>7k5JHNLD6=qx
zp?Cp;hDg3eVFQ~Y0-~tasz~6!e)Xdd%qwE9%Ax}><oviTuaftuV&8yi@ZW^PkOCAF
z?$|ar52BMeNyFX)#0Sm$wAj>M@jtZ#W*q^k{QUv!yeMS`a1u+&Ox$HTN1OXIvONd7
zmbqh*ALLnECroXx&+>J?xBE&hZwwIa=9)gGsq<Sc9*g<ZlsG=i@!wvQ!4jU!Ekk-!
z)K}4u*2KnMt17O9AMdGwnADOL6In@d`o*5ipe1lZr!b9H8)y`zR+i;$HinI}#USfO
zQA^dN13|K4`GaEka2-D*t4j0Cjqu4Vu{kyP?Mz$m-sx$-Q0b5Zhuc#k`CxDsoKs&W
zK)FIfpC$dYt(Dy+!tBAT{lf=3@rRS2P8(K`oI|xj+f<Y52ha9*4<1zKyu@5gA=-1=
z454nv6#~*Q)cSt-(4cQ$^a@$qdPA>|vcA;;^I7~B_#-m3raf;Ohy_>qNSu`%L)Fu4
zDeQQqIAJkJ2F(EqI|3HmVwSCW-ZK583mYF5V&ez2n5Z}m8psM-piqEbpK~C%NkU1A
zDJ@w`q(_p7-RR(4kgDS#Rf(8kk($hz0=L$%`~tyj381$rUOM!ETs!1O>DI)}E4j(J
z0Yd>caSw#^wPLvuaVr3WV4O#2fJ1dFtEshHRBJ|+YfrZicGp*HQsGO}-B%pp$BtlB
z*G)U`aP;*kX~CHu*R2^e{aSilYc!gLYQ?nN>f@y1mOS@XWjhgfLqApDoLykC&NUJx
z4+&jJYMEg`{_%*#<0gl8k-p;voyc8mydk2z^3HBft=T7(T<B*BSnQiVeQ6eN_jiHu
ze;?ktYwbJl+~3M)mjADbA9MLWru+YP9<|roMgQNm&hnlA?`?d3%l^M?HHxZb<&kp<
zFJSpwiugR;@0WO8);;Ua@BDx7{D1#9`2SvCv^w$sr3Rl=Zz=5&>?z}{Oaj=sF2Rm<
z5D^8}H#q5=U2nS@Rl53B^>8s~KbeT!gq6&TAC{zEwnraA7~_y#(eq}45(--;86|<?
z@iB!wBL$Q;-lvW7u1N_+V8hRs+3c{Gnl50wv+h`IJ+wehr-Z{Y7|%^K(+LTaykkx^
zhYleOGh7cDn=Aa)w&qQ8TP8mWkE6UP8Itjz%3A)u$dd=>O^=*-P^8Yc8#1swHv)N{
zxocso1g2%<X_A-5r2OHp#%P*t^4-*DE1e3pSSj_N4HT2!o+K*ds6s|QY*tGK#c2q0
zLO6;2uqQ5ZlF2YnQA#eU44s6s%0B-_&`lb5FixITBOR_eJfko8?8dQAFh#IW#uoOJ
zOVSWc7D#)OWXj|^M=NL2!#HT@VwjjYPrx!pZDry`J|W^Rf&0;`6D~0*T%;GU(8Gqa
zjuff$W>%4!cGghE1D$7Gl=CK=#!W;@^jl$rD`LOMX&Y|$qi7KJJd!r@4CN?y=FXu)
zujNE4&YhcfCeM!ue@W62{WDDGLerf}EJQUFDr(}Q7K%f9BCIH^r_dD7_;yfkK@;GC
z8X1qYfDZ-SpOx*s2hjJ^Aj+x|16%q{wvK+T=Vcti+<u7?9dklZyxCKqo;_G7m$D^}
zHI5eA!WHULPy?8{gmDdf3<x+n%VyKlb$YBnfD2nPgu(NU(ZexT-ZK+AM!gUyNWk_&
zIJALs5I~b<?Qu=VK_MmvnF?~m3*|Adt_)LHhklZf)QUM>hC^KqSOj+#twwW75`EJP
zCMI3e0Ai<nRm8TYtJIqQYNuhEWN*&EC)Yk_i7DV@<}Y*?P*OwwG**9DUiT<l!i?DO
zZcugj7REi@TQ9Mr9-!zR^RM?{@ERwumI$M<$?gV94C}Si5D=X$Qhy+AjZ8r(X`G#r
z11(n(Yp=SLX^CRTZjanlj?Y88Ej?zB#;jN}rZKWAS0OSJNQ|`X&=`dSL}UP}^U;?i
z#%yNg%_=)l@4}4L0s%QJIqnZpX6Or<=5&L+dm1`*sWt6ps(oRROqPfhom;Ae&{Fc;
zlHksYQPL3&h(K6o+t9nHxqJ_AZG?u|%mlX25oVKU7t)=~^5U%;xnED%P!?JbHKQrd
zBy#|s!DReR5V1g1CNV;{jPVw1D7XT^RTa4pcX-B8j~m9VV%lzcirQ5qsh;ixH<j=`
z4bOs96j70=V)eL0{gx5s@nNfmC+Og%;tPny2c9mO?zX91LYSx*oLYHh>1?1enllkK
z29|+~v1?cURx`0qcZGa@CMe@;HDUKOh@))iS1z1y^A#K}{6_c+Zra)N{D`(Z5U@{q
zlN2b#7E5%8`MBYq1G2UtJ0+9xnERm{2m;`Q;)>+s3S2Gjr8hVjvzdUMP1C^gi?mwK
zF$fd!BB#(umxBBRpMq#W5+!_rS2bGI1F2<SyK%be)`eXlLY@%;LWbNU%ksWhr|<t6
zJB)_Iu!qJgXkDI?n;o?`Y;o|gLlt~C*Qx2fVemN`j)#6Qgu5nt(V(3PMP(*6aMr-4
z&j5@9MFAKV5SaPfUS*E>7&Zola=`#3!zj-c7h;ctBC#mW4M*g->!Jl3Sw;bK8R5h@
z;k~sA>M~%#OWiU&I6}#6pG~ncMX?G4ZTYW~cu~X=5*P*vo_xin^<pRi=o6+<7l#vd
z(bY;;i<T$ThjxalSTyh#GnI*K+XPE2E6#w8P<*XNCwak|<{V`S4LA@)ufh-bP*WUB
zr(P>AQ4R4d&_PuYDI%s_0h(>(+7q`(e-q_`AdZjv<}S;D7!3ePx)GsClh9g{#n60c
z2T|wZ_SscZBQ$JfMC=(foZwb?{A5r20OBJY;0Cmbw()Rs!!-&P^5-bVP3RL<%><)3
zKLWAuiQh**8V{z8xIl=BfF+>~gS`;006oxzhzDxeLFVC#(5jKWjB#YMe8(LxT(g!E
z{bQ2%<na>~2rjCaE*|qZUZLV_k)$Lms%z~^Mb22p5Lqr!0ky(0{z$S!tcf$)lQC3^
z^Drz+hPV!$Pb&R@I-<m3mk&Hc#DE&VEgW$bvGCbR-wG|RT9qIWYS&wxiZ-9A3r>w<
z4@}0NzY&r%Z~#s~vA+#S*+z?*bZdzvriB;j+r5QIP3<6!u4@GXL8mM#ORjXrPCR6x
zW%r1M2W)N+m&>M%|AKe->#-B{Xx0*?1~{EC7%FhGENb?-{E|`~;o2(uTCzMc@vnG~
zVU{o6rrKaM5l)_{kvg6$Bbv|@7s;$B?A63^l-&X-wgoa!xSJIwkZDLT8gVd6JljaT
z!S!u(s2&++!@DM7ld|fUb|~0HFNtl3-5O!tBEDM0SMF#6<Nw}shn7?14Oa3^?aGQ2
zQu`Q&qeZmMxlAvEF!&@<{jdqsg$|8DCKAxD%Ee>2lS*9BK}B?YQS5v2En~tlODLyL
zPTTTVAx+C=e?LZ74fHx`V?xXB#)Jp7F?-1F!jK<l<Krjo$4mIfJm~NPywUsm;VXVP
zA9MT+=A1c<u@&FPlFRX_Fl6WUnb*x{&JtF&jX|EEYsJes^Hb+7$M$e%rP$$6_%3Ph
zf`T!-;oieSxBjGVr$$XF$=m@)(Vz~G%1=qu^Ho?)ghOvU9G(Mr3D|~g&<riwi3;^Y
zTn@#e6=y|+dk(aX=%y971%nHs$FYdQn7C71Gi6qe_|<8uJ0*tQt)s1M)35!#e!qwR
zYt&mmG*A@esNyJp(+zC`Y}(xg_=L6r<;a=`pP#2;_|H&zQ6?vVmvEmAyJI$e9jEO1
zD}E!+jb|EGvl#f0GIdpAw%nA6C=rPIL_Hkr%TxG9r>5es<+ws7RMcs47;xlX;Gj;z
zA^~E1z8e8PHSI#59+lVwQcH#LNq#yXg}HuCLE^~W0<R#>KG(`EXzyJU49nshQN{L2
z9Asv(3W_Obs;16yY}RHIj?Wi)xk>|o-lNaZw!z}#b6hDaKo?sFu=y*J9Tk;Vv=}fd
zqYx&29Q8yUIs5~eZZEPhdkP>l3vEojiRJb%&WaMivq6K>WM7$wumewAj*Vb^yZ|GS
zUqimqNgG)b3OYMkp4I1frlqSlj?xH$kn0$*Fh^)rl13*{tTu}`jw1{i2K(i27(Rqu
zB;fGOQSwDaM4Y0903<TEj!l#u<6(!6Ab`$zd~%i6G-Xk4jx{||kCiLr8R20Vg1lZV
z;=?)s<K)*g?S|=%5I+k?-j!9UlNYO~N>zH)0>fwXfHuo_DUR=ul^-Yy(%MiJloDgP
zp)iO^o_UYrG*W+%mU4_YXRoO5P-+`?Pm~OlMG3U4&cJX<Kvg`}zRZeISC+$8a*Y$&
zH{~;`yt2<d%|41DKL&!#*qbER!YYNe$iABGPht=c4vst&=O0_@K9PpZ;718w_QG4!
z(eGqVe$@9S)|05Pm7-27EJ&o3Kdu&sq!)Oel-d{Un-Qj?s{(D1d0`pdDoLfY_}&cl
ztqI%F^uJp!GO3cd^CqGeNYk$MhfWWAA^VS0ORH1#=I@Tv6wg#+YbqVP2g#iS$M3{}
zWA)B~<3Hpx!~a7`r?1q<bpMal&dS<q(f<Sff9L;k8=v30|Ht9Z>!rP`WPy{v(2nK%
zp}j$-JApWT-?@L>xqtjGaR0c5Wbdx~2Sy!-oupkojE_m{N_|a~{OMTd&Q-KKnk_Hz
zC)n_!N_+^Mk~Z0I`P=RTyo{l72FtaQbf|pugMzKUzAK0-*O;kI@iVB4;!SI-RhBMF
zY)@4<x4l$oNGw$B-m!q^?mer2-MzBqr@-?nzrD1__h-5>v&vX0qMb|xK>;Kptuiwt
zffskc$<A}fkD@g}PPJ!l^AcPh4MpPctlXax#ZW+WM+DHU3@UF`Y0ej69<f(!1+HU@
z6tP!K3edj;v1S7X&5z~~cCld?Q9*!@@@_DqMHS|OoAv~1E~dNKQpo8P*e*AdR8*J*
zAh3HyzW|*R0F8*^D90OeuUYEPSwWv$s<6_*a)>ic-`+_^`cPhI&t6+&l_;0hg`$1X
zf=Cs#ZD9&%48YK+J~KgqHa{v{gjpOlP4TA8TGXzwJh1;LR)tm$2g?wHE_j?O48bO3
z$5*fgsKuT##Y>H~nPn8C1n^j$Ne$APlBo&GyS!=}nQ~#W45_q)@r@;n5VJWfU?v*C
zc(wryi`yw0J=?hOFa_B#+69IRc4ZIO;FLGRE03ww#ze2Yxx}4MBZ=thkUo*CO?RY|
z{V!Tnls2{eDe}l|yD=qejD28;m17ebPwG@Gl4t0(?rw;gfVh&V|CDM*nPrjL<-6rp
zYkl?4=ry<3FHHj-TWEhiP-!8Egq_3ehqPv-qeNWgY3amHnK#z9AXtCz)%LSzZ;rNK
z{Y_>hax02c>cR=STz2|#0$+RG(<D)r(4*6ENNI$~X{l^*RdI%yLkxRR7_EpGrbj8A
zT@qi;DR`|pQXDC673I-<hCFoG4e~xRcEA)6&T-Py3GXbM0mo1;bA1-c{_IA!BC{a&
zUKF1Yot}<~MAaK}BwKH$>xx;!Cmf_=9S=_>|5$8%hDm!TXOlS$S;45INiv4(?Z?!a
zv)Eeo&Vo$bY*EVzS3uud8y%6KthiK`AG8;S^-uYY$t&p9S;#F+g(|@^b~{?T;pYUO
z8$Rok1s{{x3zYAV(!x%|M+vEJ*?r<v#V!#K6oQww4#pfb#0#)ZIqC{L4$}!NLWV)R
zn@Dp28u7X8=?v3bV7y9M0H2Ix;o!r_O*&mJ@{J5&in$dHBV+)CD!?MJR=?%{7^KIr
z#}>P=0ofgb7lT*_&yAZeV34yG6Xc|Pp;Jj9+;izV9C&BA@7lXzlK1XhhtoEvGRy45
zU=>G|_PoWjqiOC;VpPW$7tdi00VX^4?@V9%RbDi6&7ka)PR0n%_pA$uiu{RiLipVj
zvl_xA3V<C5E-GvNo>YDm;<h&B)$gid%w~6>amT}I(gkX!Zt>R6^0q$9XCH)?8_`A2
zHWeMWlDqb+E{qkuw6As~+81V5pLex`QE{n-gRwHTSstWxHzT&+Nb))@;9opPojn`b
z6oV1;`<zvvU_n$A3^d8JK=v#do)C}ER}js8SgLsKaM9xIBNzmg0}wXZ>>MM+=j=TO
z|EO!hg)Trv&k;dSui#H38Ho=qJ7KY4*Uk)9LOkm#>jAlj*HLy_uyVKd`lU(rWD^)o
zRxI|!dVB#(m?-8vcN7-#I2q^46c*_*nI$FG{ar^pRb+Uk<D<G$>vgbcj3jajF(_#9
zM(z<c7ox(^l|xQ@%1BmDnv55QOHz~R+y^ip7-pF=Tyst+JkK}=c$DcoXzYsivLZgH
zv*HHuK_5%j(QQ4hWM`}28>Y7Oes0SuH{6ATVd4wLrfG&roo<v?SU(r1xHAi@$Pr8-
zj*)Njh3wJ@Qe4YC0Frpwg`B>Y*mQ9r@!7;xEWC7=u<&xOR1@7U8V(aFw-!%{3q^w_
z2H<@$g30p%S&#PpV^{%F{#<BPU3+7;)KtC~&C0hZh-~W15DM3{U8`*fX-xcFMw*4{
zH*>8N*}Z+Q<VVCvtAIoEu+RsR4bllS6|pZSu{p-V(+Yo7V50HF)6gg@AzHr509<6I
zU3vXv|F))o1vVLY54Jg0oCyD#RQ8&9WOY%f5YiNrmKcd>DO^<MERRA_66?r8=~>I7
z;t`N)=$COgM&r7G{a4xlG5r*wMK)(+<03v;kYc(u@^F>wI=Aix>V{={5h=JUamOqG
zct@TrrT^^+q;PX8oW6m*scw4~5mf<1aE$Lp2vcBO-!(CUd_Vg9VLrptH(}6ojlCUK
zsYzrt?a8L4-K;acqG%f3U_I%a<kNteulZ*tfYaJ+5=!hX?Mss4rVer6i~6G8MY<<(
z90L4#9Oh>sI)z|hd(|wZFF6@RClT?#v#yP=)##jSqfV!#eF!R2d$P<nV4>}XPfovL
ziqB}K<u2MZ-bP_$wOLR?vMD?Ky&b?D<|A_sdz*I0gF?rFPjwO7(HKMf1ZZg#-36!&
z^bC_8V%k)7+w@;NHz5!F`u4%j-X3S9X)iaLI+e-boKhZiDL)KW^mg7%s<+bM>j#v;
zwX{1h=`^FbI~a4Ach6Yx!fza?n-Nl_Rg|T+JSLb%iIalz2Df)Q9VtQ2H%{pi)xfIh
zdnI=Y1v;;o&aZ?;w5#k06FQN(Fm@bxA5%#K%wwBfJPuEyI2J|&QO|YHbUa3;X(WqT
z$t#!<-LinNN{3v<JeF;er;<Gu*m|;?#GONHAsOcxd3};u@({`!1jW1}O4NEga&xc)
z|LZVogAjp=QXZ>IudMi_E~&?yvV)$HQLj?LioY2%@=8kF^0o(A(zN2nJM*281wQ9<
zHjgOZWrnDm^u6K)CPxOS3V`7HES^~b6(|=F`oxEWbD_0+EObX74J}GkX;3x2tfL+M
z9*1O%DRX)jl2`yc3Iog!My)g`Vg%+xjZA72Kv&6;{o0vmrhRpetu3u`5aX%kondqo
zTW_wa%BCNn*{&MErzjclo<YR|#x_%-<8<VaO!=>fkft)WMXcm!(8rjvgjyg3I3)$|
zz3|2qrX<0&&TES4Mef76>EWP`@SlIoc~BpaZ#PaEtDE3;=+`}6x>522*7c1imZ4vq
zv4bpS6n)bk8B{%T6|?^k4LO>ysT8V%=%XSEP%KC}42ih4X5(Y7LM(w5R3^~O0*k{$
zk{I|NR4I?~YIG7~*L+qi03jlt3ncc77_;6*xHt;X0lNkq<HlhSVWv=(6{V^CJ|Yd+
zHVLDT>AJ^T4gMdJRFd<J5tT^tVBl3<5uyEgZv9pEK+|o2%v<FwR1FG$3Mjk+DA2Wx
zEf-XhTy)P0PB2`tK4=NPCgCBrBMggsvdEcII!HVvge}|?aC;ZjQAGmmaT$Grh!9S2
zs={){*C&W)P7vFSXVM`uMIN_5&PU^N9GT-W@xDFIUdI`7cwlgq@ghmeOeu|k8O}K=
zn#E+`2!;~G(f8_FVo8%~wPZd##3XI#gu22l(3yq)f^jJBQ&wa*WyNFR9i2ZISrGt{
z6-lYwfv-SMCz4Wi*>>ouJS3tjT?0iW*Dy^~3&N%OD$St8sH_!#V<phFRpa}XFEW`M
zO0q@RZzeldl6nZk#V$sIBFUqp%C@{UsR{CKIX7&lgunAW>;&Ue(l6`?j=b4-qJ1N*
z5M@q5;4Qu20yH(PCm;zY%}Eh;)+H%_9C9$Dd_%5L)^!HMl>`H&ro>y#0SZD0zaj-u
zWdy`wcd;i<SeCIkG)yA^MAzjH0aI13M;wkV_g5FA0|q5t_{~e?+|D_E6x|-OQ4%Yj
zJ=6KDM55p-P|)rMm=p{PdYmR7L(Wb$N)tSHLM83DgkN$QqHD>fZ-WJQnA}eQCOZil
zM-TXr3gm1IKB@pM<Ct=I5eI=vc@f7Xb}TEBB(s%)eX|r|%W>VTM3}7U@{W@PL-PW-
zk#^I_1VI*zaGK(*aS4U^;*boe1uakD#kC|;Bt&lO0Fpt^1YY)><##NYSiMEYafA&F
zZiRwkSi!O-zL6{XDMllLH7p?{7{Vm@>RvH$Jmk>lk_>VCo;&D>d9i*lP$nY<xKq0K
zUTOHA8nhWPXR-?by;9!}muydwX+CTgjLDb5vPa#I1LCeF#W9NC(775f+(GYClrce|
za6CD0FmmUWsJ1MRgWh8ApJAG~80m&-2c)dprxb0Etjr~PE1V|d0U50EJpf%C0LB#B
zgOwa1i)aTC7chq4Mp9aB32svRA%{rA!%gpKY{G2Qo<rUpEyhVN90cdnW>KOxUN6cx
z3LehrRd6y07w`Z+Nq|nD4yzP+UP*Q^MPbmkb;(*}iI$)hf=3gmZ<dbVI-n5U6B4Ws
zL&JRmegQHAHER`)?3>aFWfeLh^-P5i6*UR-$S^qP%ytg?`Kvic{ruIY%Sf@Q8&oh=
z1T&?<TIaK^86>q*cs5b-#OcQ2!kAyM0l8P9sm)0trVf-2PVC4N6YpPhBE4oRrbMSK
zpsHfNZva)5dd5Xoc}fVx=O%E97;@#qWK5m2j)SJN>r6M$B;kgM4?-6d36P-ZmEujG
zo+}}1(?jZu;&{tek}VHa6it)^0Br{(Xp-1c6Kv~7kj*q%^XIi$qXeIG=<Pf<$1ew=
zZQ6o(6ZlzO{4!>Nyb2wh79*?3LvYt4LrJy0Rahz#zBAK9+$6$J8SmlEl}9D%tc}c3
zxErPLFcNAV?TT&##B)f*6J{OQjtL5?PB2K8KORw2#JakcO5Li21Vz<gA*is5BaDO8
z14G_I8y#7UzizAPaCV1uP39PIXNf^W#A4d(z+l2S<#I2g!;_HM5X8|wDMiNd6g|wb
zI>_<<Okn04w6@3cU9~f?8ql~}MY=y&i^xl8tj&1wLS8=-N3(Q9;SpYIh>b&2T4b9o
z4X7ZP5?G;mF1!+Dmyr(Gst!-7IuJmckC$MU4*R0-NH|#%6BQ=w&UMOUNn3=Ib?3^v
zCm^wb&%~r0x(e9`kNLC~jnSW~Cqdk*WMm9J6tGEHU7G?CeWB5LZh+}mDr~iCOh}wg
zHAGTp7O_obn1X?X_bs->O%2gVL2@mVCM?P%9FOtH_69+Eq9`Tre2)80>P;=LMs6IZ
zgLg|Z8+QBajYCgVM7$ACO=_8(Y`2KkswiX98S(Kw!`k`#2W(GLc#bPe7c-axrsefn
z!%;}h!d`&dW;UayR3>X}^G)x_R(!xg`@~Vn?3ZH|o(GD2;!W)h61>{dHKRcG96-$E
zZj(VpfN~+&5vIV#RYK(f3$AIbN<`@??FpGG08nv50G%N#lN^o=vaBZsGhd3NT>=I?
zrZ~@@ByNLdU~b3gk?>J2_z}f*ChSG^3M(^`<4;jCF7Vo?<D7yD-T<#HO*^cJJky~9
z=Vo^gpk~JL4^cv*Vk`{?i@h<BxzEKoZxfFijOXXW-W_D(-+>AtkuzK36uI1?T>li+
zbJ#H=AzGZ^E}-&+C>!QTplIlLq!2RHHhjFd(e+UIcStZ?atxK2c1l(ydXg&5Gm&G{
zgXUx=_uw>YRkit>s@juAHTg1W>jlf^-*=&hen+8)9^Hi=y3Wsx_&?*`jmQ64X}8zc
zOYwj1@;~3s=fd%SZa4hT+h^Ah`v)4iaO@we<KKATpS!p}cX5BN7Waoy5lH>@2L6Et
zpTIV%3jA}Gz6zXt4aq?b`>UD8Yfr4uKk&QSp~WFV6Y_VW;?U?lkt!&8;9KkYR6F__
ziTCoPrX_rNQYGW7DIs5NmS?Iii8ofKG(M=VVOizZ<}uT+89V*jY(xE;WvO4AVyf?y
zSMF=NLfKokP{W-;RyhMl7FuI}fLfK)EC;W>;E2ejQ`zq+A7}Rx;^G)%Qf*ooqiPKE
zrUWyp6ctShX5>w^yuXHE3zK)G0N+>+RK-=WravRNLUF@#c!j{(mWQXM=nCGn=n7i0
z?0T`GWLHI2@JwU{-;JzL5m=!ZSHV-aR!dN)!YYvX)(NUm8B@ViF%{g93Vt!9LJ3?b
z4XRmQjd*FdBPy7H3S-ku=219>Tt!nrNt_C%U}7n_p%m;$3TR*M1*JF&{v2@>ys2>%
z{3&r1ys9_~*X*A=8O={@%HbmWOfTI6PQM9(eGXB$QSGUVjd_+^rKCNpJfbGkBHMej
z;7Vz`;aU#6vyp2)m)UXo)VyxL*{SPfPLR?%Rd~l1NYhLg+45pu#YuMZ`c-I(tG#5s
z$zHOwvNN4zy(#WpGjM{gP!gd<5fUb!Y)_+r;Tg^21rK{MN1cz;vc%q!nOyD-UO!5+
z+++!5LPZc^)t)uzLc}L^c%WXjx7ZERo|;tSy4~9*W3}cQU5s{|+_LDO1vPpBwI`RJ
ziQ_u`3fhHHh9a#<u@B}wcJDBc{3tVYtI5WistNL1QF=6s@Zl*ydKYAitjPbl?H#4Z
zLCPg<%mXOrQPi{2jEv}A_Ler_Cp-dZ6g0S=>j$b*&SFVLH1!~~p9j(Po&p5U1pXVc
z)pZaTx?-~u!(WJdh-#Hxk&ummy)9)inoyJ>5^^uT>17~xbFnv9FDhKW?u~HV6f+%K
zJZir%12h%m6uIIqDnQbJA!sRXy3V@}QGz=sX9(sKm~-<mk7|hC6oE28`>y?chX>QR
zAmg2v2`F~qc$eWI9pWhWnR&elN+B*LhnuXR6@;=kMJxE;IDrP>%Zt;2pOf@sru|qX
z8~2=7TNO{XDM>Yu?xqfl;+0qwH20u{O>SC~x&+xF+$WuUHbAKqq7$AqVZR@BQPbBb
znDbrPnQ4k#0vaz;XUC-pF>OvTvollRkQYT(DPT$=e9I(O!XbIew~59v*|OcxRhGDB
za)qwm*?79*sGzC!)j#_{&Bqxsn}gsShxsW?QBc|Peu6E6YHvgO$wI(Vev{ahtBnG>
zV^9YYvd8PE!3mNDBs5G#Fi~+2Cl@6tI(pcC(SRRIl&E|V1;^1K%Fm~fj+q`&j(5Cw
zg^*UW!ZjB7?U<$7>awV{ty&3BFlD<39W#TDSX3oPY{^1aP<SciBMZ2kFqPD<XgNXq
zjNtBZIDt$jDK!CZOTO)Dr`DrZ*aD`{(;+$K=oSn8Dn5x>w(E=nP}qjZ8y3kPKX*1G
zTyaO!<KE4=Ee%*EU$d@db9(=|n-iwIH*#!h%Q2<U)@T%wOC5|^S>zCl;`ody=?Tu?
z?l=vD3<Wk`A?}@YXkUtz$-eIKj(q%f$j1!|d9uku9_tm6k%b2f)9zZu;&TPsEXqDD
z%Vl%!yMoXtQ!!d*C^K}f0Q;SidIC~mkQ&O^6_oMH9oBQQ=`09%;BGh0PZG)trs#;L
z0`8GlRtXC@MjRrZp*)&7C)-Mvwqm(V2k+C@AH{L+AGFXftTf?_0$QS6xFmK!R;^@-
zT~sPe=Vq0`vE>gsr--7uo9SAfIgXF{!hd>J_|I8XP~Z2QkmG=GcC2nKTCcqCYs^*h
zFL4m$l(D^H<>L@<@+BlzSq#u)nrJC`StCI;)XhZp*2!IwYMsPMS`i_s^5V$E^%D2K
z5@DVcowOKEsT`fuCE*8=Na?G>E1H~?XqW4;2!cKGO2)4H2Mj534XdILnMb-MSO5SX
zZZ91ilMIJVphjgZs$88dUsFCt5c!Pj^mv4$Sy{gCoW;15WoN4!6AC+$#tKrcCBBy>
z)f}?FAp0VE>&S#}WFJ@WQYWH5ucI4K->V9!Z@K2`q>mMm^+~`rBcT4|5c<C*X3Cq7
znL4yI9ByV=k}`{H07@S<4<2Q5?nxLD7diOg<8(V{&|wKWJqw7gI_y|unT26hX%T1}
zPJ%y0ok>V3L2a>U+#0vXaVxfUu%CingS>T`ei*Sb)Ey$r@nrabs+cf0>P9)gtCI3d
zPS==p2cfb^FA|5V22Yqu9Fz@2iRGI&ghH95Tq2G_>AqPJNx|m+tVjyplt>Exe32Bq
zsgV>a11X5TZxt=OKo|vYVi<*)Q4|WEP(<>26eD1q>p%+gcs6?lhi%Qw>d*<w4*wjF
zSP}Jd_#Pj7LpN5~dw8FX!c1J2^q7v*B<KOr$}cn~%v>L4IYlW@(Hzw6O1Ee+&yxE^
zSw-;>3ik3-^^23-uP@92P4Uex($)FAv%O01?CW-Ub%}yDbt+MXl1J(cS}?Kv1ulRE
z=cuCRs_nX3G)<d+lex@&#P<qLu?3%4<r1qrV$A`aSz#(X*E^L}#1gzCMSY_L<*4#V
z)vg}mlIjJnM{3cD^E9*^&$NeMg(s>v!xPn?&lA;~#}l<2rnao6oW~nA$aL1PxqMM8
zxg!BV(W6y-5Uusbn?}jG*f=11mvKOxBD$J&Z+AiiQ>nZ+)jA-vC0~Bs5v&4O|AA>R
z%sq;)PZ}c#qt(UG%5~NdCtu_PZJAqM<&}rn6DJ<SLNInX2c?|u>E})L^z-NP^z){B
z`uWp5{k-`+{jR|a>-L?nexIh`SM<bM-&k(nd1C$kKePP5(!ovpe|45u9+mUIue9&{
zzi#96Th9Of_RS0A@1xO}iR8sSz@P=o^Xo+vf1KO@3;O<j_<!9wfZaKOT}R?~AobVm
z|CJ7&z&6tUUn3Rf1UOT8C((n5ha91Lca$cdB8+)s-Nq=42V7QAor48(6ps>De>{$W
z<AwI|Ite$&5Ca<pnN^n@bcQ2zalmlG7=I(A3LZ%hj!~AuzFq@nOr<e9ZG%^Z|J|%L
zN|7VZVSU2hc<J9gWSExHei#4itbD)T%0B~PdGmb7!(XnN4uEl(0Q-x~vc3&yfM|F$
z{d62_F&1#|g1X`701Y9Zc$m{B36yF9X(eC?>~Kl&i|e`Nqns#8!@72kO9!<EHkyV!
z7;ihK$`lQxPwcxWPff&Oy#4^u(1W4d(Jy0;#g5XbZwL7%wEXQ!zUgmlZ29l-LDogd
zGCte*@NQ`d9|dE$H>7Z-z^CvKpN)e2lz(pWPn1{jgCFq0FXJ$k@_)qN%A$lG5o=m%
z*^FVFg(=$F<J158fKO04g1_EvP;Wp!+=lEL)Q);+Rf1)}lgF*7=0TNyB>;qapi5s0
z4<wcd0uPvD3!ai<Ug7K2H)AQqyfpp9L*@<>%*zAGRfJnjZHf6(QsYh}U4p&KR8kb$
zX84;u5bVu1JDlIsAPc9+h;`dZ>IF<Dh$N`|em;i;l)313yka}fpr%FVD+LiLkI9C?
z%<w!E_mfrDCunq~G7ciu;#~JAK<fuliVjZ{E9)~$!-G`kmgktDJz$K`94Edq$?^@!
zIwT`=qBs6=NI_Uc)=eTT%m#}229myi=7ciE;kBlaE*V*{biCAE>TQmG_{H-cdfv$f
zCa;IjmhZ!N@5J}@Z>P$M*IGK6^y*}3QmrLV)pFjQcuVEhPP`w^C$#g!xp$&omimB~
zf6OLSq?!IP^G;NWQf++s!#TgMXc}H`exA_y=4bCjy)0Gbm)vs2OKQ0_3EBYciEmn!
zZ{YdTq~|9U&rk3Lw`ITJr%TmOPl}7E4>cs9%pP0|H&Y~_)U>9a^ovL*)1M<e$>+--
zb*u@erk4?Fbb>U`=1I<^yE7Eh3QSERRU#!Znu8kmnB#Lxq)&rpi70)w%!*zlXBZfd
zG=-)eOxR$=%T10mrP3au`3BN4SQoenNL_mn6jD#v72ztTXAPW#;vyJxhumreIKo5u
z+M}MDrd=$cM}!J;&}XQ)$b$aG&QUtGY>q<gJroori&j7x4bjp;mABaoCFLhfddemU
z*16J@WJ(lFwP)v^>a&A0g+=G~=&XT(1|vFY^28&Nu42bA;v))*n|_wCf>h2_wDQ4)
zqBUUjq{!Ajtv){W^qgj7<>RQl3{wl+1pq4RgF%T&5b*>eViqHd!xs@sO(j9Tea!n)
znIJ^N%q!&U8iaicot})lr&IFo(G5r=waKzqf!Dsrm^}j>++e@FPS@(suh726ZPzr?
z^KU|Uk-*HCC7uGAn`;X-gEN;#Q2!;@FP-Rn7ahzgxeDfjiBUs_sx2rm3ezrC(s|a3
zSz0ivDpfrN{-XzkYe=b>M!1s7nGBE!Nw3On?o~%uETZI&%z9!<AQ@=|HsI!%K;f_z
zHATt%Gy4`u*FC-fded%x9<~c_aS3JpYD<6oVG~|qFbIBGyWi>G@2uQk>EB;DuDJ&*
zof0>5uu{_+yXY4o7d&Vx1@>GRMn|JQSdmqY8Chg;#M~LhMb?2C<(YL<&0PGq*1@Y#
zSs7ZUnQ_77%u_OYP6WihmYF9g*c3lw6;>q6RVp62(omiUAY1!rg~LC5sjCv4(+w--
z(-(7?16~%ijyO!}*o`Di>P!V)&$1w(m=4t0MXyA5c8tM51INI&N|5ka$g}V?fQ7&E
z)td4p^1uB2aU=<`9xp{tnx#T4c9>mGOAKZgr4ww9Qe<f}vm6ODW*1X(j@c!Z$YOR$
zvJ9O)5tOOU)$2S!VOdGBBo+MPsgu<afLsHWa}Ws$3R4sNN-S-+04<lgC(&RWEKxo$
z6mS0!Y<2!fE~HEsUA)9682MT7j2f*q`KgUnwL&+ljG$Ak)NPI5D+H;*C{!H_8)`f-
zc_B+meT~N5#WYG<$0@)4G8qtkf<u}l`35af@4uKCB2~_4e7y82O2-+DKHMZ#Ml=r~
z`V-(#-AxG`PPgW*?5diKL!MhmZ?|6rOSwD2TdHI_(O6ou+xb#)_T9{#!Zht3faXqt
zU*@|<q+#%J@;$;K#c~t^mB!O=_Dy11zkDf`xWd%}I|7|^NKQIh*u4R+6nKd>oHobF
zH(a<cNm5yKkA0kzYY#DBd}Z;_S%HjttRr*gCCfQHCB~46?k-mk=ZKTD+Fbo|_jE+B
zmdw-4E{jLeqNdL#J`Ni{j<3$hPh#U$+lG->PcF>Lzu{R)dRjs)-|+LkuUUFuG4;OO
zUNv%Doyi84egcy{g-gj#bwxE0X94cwLH{1&L9cHtuiaT8UF9>y{wK`4OV`o|TKPO$
zTbp42L!W~E&)Ujr`~UcB*V6lp&;N4!pBd|ayuONz>DBs}ZvVC1URhZytUr{#v;Vr4
z&*F7{kY#=m<@tb&IaC}B-~oX9${oj3RP3&=Qh9BLl(C)>14m}~W}B`M8}>PXkKgPZ
z_<PSb{6FpWHhjU)<|n`1`VLQl)urY2rS`hNyt>i(ZllxoNzdu;ejfRM@~(HXY-TaY
z<95fsh|&YNE%EDNL{}sI7JuuP9QP7lQ=Jz7Y#{*ZaEr@w;Fxq#G(FP=;fGx;8Rx2;
z0NacD=<F=2;*)pn5B}Dczp&U_;4omqo6)*#(I8vQ4b^MMv@|fraFB&mkXz>Gsx%8I
zt<t98SsIK~G5lU{6uRR{!1yt@4lwsoT<2z*R2O=VdtQ0MTvD1LoAi$`YkEH#4@WIH
z`s)lr_3~?PuHV6D2K|StefQ%c+C65MKL=*e|Mk_P{cmTvv(~wz|F`kEUXoZr|4|`G
zSd>wyAk?w2MKRI&rZ|;%6Lyr8jCasZoWzUDbBuC>eTo9UwM7}+*}LS1LXyDN)sB&y
zITof#C%J^0hh0oP(}hs9SkVqi92=f0-a6cSxx4@N5K6X}J)9i|<7J;*3GI;jA7k{@
zI!(^-Adccs$wz$Q;VH32XGN0wzkb1kgRQ4d!aT0S^M?P}Z<|vC&4}`P?Jc@;ZoH3y
z=qs|}7l?)bZZZDg|N0p1K)=Wd5q^&HIum#t=E7pU;19zfMgvX`C^?Q}R?)Z^fZ3(w
zP?N)~wiwsUu%Iz`TS6KP*)6WJ=#7UlF4E8fJ_fE(uJP0k&z+?;IQypG=8>NQUJgid
zsG%N*XY#aO(+F%IoIEJTaC=xhkUp-_#DUD{FT+X2c@!W*5jYuP;`|i7u~1;jm~ay2
z$|E@+XA&mp%?m4-gBgOS#Uv-30eGC%2XvB}(_O?|wlH}>cJ;qna$wkdwJ%%?03f11
z^<GKL&Enz58o2)Y&~NMaGV={2*LhtHRCo*Z;UT6?zuWXrfeV1fu&b7!z^_hW{D>nP
z4C$xc?Ps-SsQ~X|nqlc(ml8%`A3U~J-W@rGzBs=C5-F!=Ll^+BN&xVIg+qm1SYLRb
zFEqI;f8l++;7$#ZYC_o!AHL@ai?Qn6hE(?vE$k+$K)h&y7|P2og^Gkzme?%l5yOe%
zQZ6K7dqe{*KQwQ7C9q0Uyjr(#^vNiUsZ`Uir8SKq6fE9B2jMxB9x4#<^#%^1UV9MK
z3|#2B<O|RbB_1eN^)%q*VH^$AaLRK;u~~gQ1J}oZ=zamy{V#SU?6@h89dN!On=E}6
zm}zYHLR*Ae<_4wx0)ngIORKETH@N0t0~06GB@vlK+uR-;G8lhkJnA84(<tGzNW=bs
z0yyPP3o;2AN(*Pk#uO>Nvhm6u6~_VZotKBC5Cz9ws*USd2`OHK3P`EuEaauS21^My
zR51|)b71y*Z5;Eq?y2QoxSuW5n(hG1CR1of_S07X1tbH)N(W?}i(v7FIxCP=r%{ii
zFbzqI;HlY|@ttJjW2s%c|M>nN?l0b7Y%Suy_n*M<YR+AZS*|TS*rgK+nhR@5Z>BfD
z@b0J65AWWjAKvYTAKpFhf4HAL*n<CR^>=@-eR$BQEts6Bb(HxU<l|#Bih=RS>3l#=
z4>pmuHD@?cB~5c0GiEzsI14bG1sD!4&h-yx{&Cb>i;X8YG6umdUNRS-i05LAQXvrw
zWTsiz4MgUgvc)|qJRVhOsLmCh3;(x+{UQfZvys?Ex{0`s<|Rjbd?BM3je;m;P9tmh
zy+nhoiVHDxn;S716;wOKvq~!#cpO+0(b%Zz>J4F{I778Q9iRBiswKmJgd^c#zxLhj
zIzDsV|A)X1r{|Xz0L-}mFRvE!KX#T^SJv+C|F`jRxt~ml>L~rr31{P}+j~2}eceUF
z3weC><GbvGbw!=s#Bs3+CMlWUYWcN|_qkugZ}sEFph1s5ni~#sfQ73xJ~AR#Q$YXJ
z5?8A--JYE%*|7XfZrRSWK0W%{t9E^#8T-G7p4?Ye08QWj?e_9o(f@z_(WATkueb8K
zUfEZr{zsW4_|Nus4t+ASlGs2L7WB$GAcdo(1nP9~wzIa>ZZE;t<?l9DRyI1{-=G%g
znwvvtAgqL(_C&^+-H4D<E^tRbDkT$})!6bzdZNXVY}sqQrw5ikix#mYuha!*OGPWi
zokVjP5c(OeI$C;OFI)ipKMs=PU~t_4|7rgK#j`a+R<uU+UhlubC!O`qcV1C`d!0QK
zMyZI8*uB5~dhbTi31f5M>i_B=9g$5dT|ChWRdX36|3TYKj-YF^1+?;N!PE14K59v<
zJgR_F1q32j#9s)&rZ1ptG>W(IRu<+oB1F;puhe`#`qJcKHVXGBdf1Y2Z=9rInAe>q
zt&wHnpbt2?LCkTz(^+mzZ;i_(ju@4tI3kqYn%p|na)v?mjGP1KnI{~RyRKN7kI|^!
zX=-@}45H2*!QJ)m_j~w1zka_57x>1Ek;4THNHqZBp1#?I)uUDU!y39QRAj-!J-$>?
z-G9RtXw~peb?=^YA%@a)A%q*^y?gU@g9E=OVBxj^U%G*`ReK-TrcaK;9n>+t8{d=h
zXkuWiXDEGFUjgH4f57zT_o@~v84lrsSg$?XeZKc<7cQ2jBJ!}z(^3azEa*}cKbS8x
zCd=MlTeblyBAk18=Z%m`s7iD>y?4*4*=|$-7uKE%sTCFY;cQIZ4)$sx8`hf&!XfGn
zEC>S11^L{7^tn6>dji_ifE=?R{Brwn=cfXI0lolUZbkjFfbD>%qX9c)YW3wp*p2PE
z2))o+u!R;bKAHBawk0+Js9L{&@UY?6TeKsKqEZ;;JJsd~me074h{)P9R%h*<vTAAW
z5em+|%cf%q^e`1k;4DX4datyS|MPb55ca6r!*&;)_6(A03H`0=)V#bB9piN#b8wXY
z6rG&j##t&3S>$CwD6CZu#Q5+Lpqv~GQ}IRV0X5u6z+dkhRSU_?Szd0bMM|oYzLB&Q
zS`<Zyb9TFU<fuzzCTc5M2fQuB=UMr+C}tmFC37dbsY@a$U8q&GBq}9Un{-o{V1PJF
zi{1`<O`kR1Q+B0p?(a+WRs*-?pK9gdLt8xZ8WJw`YlxG0EGYg&M}~%(3>UE6La$={
zmZcV*kk|&r(FOuF2+=P3G49(ZIHk95UPuFZOS);oSDo2nOHYyt$z&}dHYv4hf8VIT
z`}@X+hYed`-ETlkLbdvq2;7D=zMgA%GkShd?%6sl6xNzSpgK##*wyx2yeD<;l)F)M
zwA`9%>`$fEVra?b#OxLohf=whayXCc@L%q71=u37%J{0q{4#wtOfwX6*i?WIl@Odz
zs9B*@WyTEa3kO8?%&|p3%@M9T6Ebc;Dym-97-EOIKriq3@du;SvnUOYr=a93&7`>G
z_5qF~VMe5CBEphfep1#cR~$L1lQq$i@zy31&I}jZp_@1=n1Mr46}}kEptepzi^xjo
z1!D$bPza#MxOhI|m2D6J<s$DaOy(k=Ju}n0nhjjFzqYLE?sNU0netz;J-Uhvct-r!
z)#c85G5+iN>Z3dP?`?dpmv=>pt$&JXAbVvy&EKM#W>ErqRRO0q1GLN7wt-5DX<2%D
zVu_O^{&3tq<yihFn854!oLo#XU_OTH34qprLYL|YlMGRi_GFyOpx}akMj)mb^&ca0
z>9qul>o*}-{5kY>R&IZVg5Hvep;`NEgFUSA60R&3)e{XD^?=pxA=&>PD!Wxm;!gRB
zD99Xn^5X2HOmf=X2x5r3Ujzg=Aax^ChMAPjPEA0c@s^Dynym84I^?h_^aq6;1|jSd
zUv>Eo%YCRfs(Fa;7q)=J>n<~*4%>haECX8ubUp42SB%qdWQE)ply4CbFJ8#mi(_wT
z-%L%7uVor_Z{WtfGVj{L-0sLoENSp0>*9IPi!V2HS$`Rx1VoNn{<8!p1y>l>NO3$A
zU?0hU_WFB1qcAJb<2eRUft{NsS*Bo~=t#C0GV2VPF0$&xFfim&-c3G_u&iszjoFoY
zG!3CFL=+_GE7{poj#ZaMRKDvHKm*k~NHY*9W@U?9C9bN4PsCxiS}pgELY%kYaf?l1
zm6(C$W0<VS2*$)TmjWM=IMY<dhr_VmP1r`LHI6ZpFxl}mzBtvjyxcL<mPWOywica9
zap&fMlonZIsr0V>ff(ckYH^`xlV~&grUv}qy~&WNl+&b<$C+<rk*OvvhE3f>`15f#
zqTGs=cUucsgiv)GPSUM`m9{^(W>8h3FhKsRFE7`=Cl2VSz}!rn$Oo<@<1VHGY5Dv0
zHh>H$JI7zU?hRR>p+KWEeQ#EHiRo=aV<{>47Ut&BMBNf)y!+MCc^PCQ87xXu)Hb5B
z6lKXZ?-q=ealGSXaAgZwBCfW0cT#&iV5hMy+pz=c73|9`0Wy4VS_p)jY@Ru&RD%o!
zxA)>?xm4x+O2by-$#P$LGAa^-(!``gEc)*)9(HxVcHdAMd!|uV7KCoz(OZIRGAb1+
z8s8V-%je#gn-Wu-qqp9mqkKex@luH|te8~G_2YVnP}p(Zgd9OlcTHpw#3t1-LPgG@
zAey!<_OT=e;=y!Wd8Lz(pJEOIKR656{2v<Ju+pq8Yin!0e+e$c?u;m;1!m3-&vZg4
z$|FXCD288>$!UA0oqYII#?WhN)C;Y&mMx2xRB6ZcmZE_){g2^!!C?3uJo;dl)aS7J
zD32(==zXF@Io%O8QZJpYC497N>CV;J@Wsp)nS5X(h&?|GIDa?rRFtpqEG~Ir{a``i
zpJ9reLqD*5q{NRV;6+gBO9{lB*qhRX(Y<C6eGJJ{!Cc0;yw!#HAOEWSZ<rn9bkBBX
zK;pwVju1^}S*1B^Qut5IcbrnHW0VrBmb5z^&O4hiajK*@0glT?MIuE_-&_-98!(9i
zra&Bo1Z2ogxm<@0%c?bOI}&ZW4RC1J@}@!bW>yu2(vt11YV>iB)V)p44BPYvL1xig
zP8Yl7*ZB+V7dY2#7bBYsw7p{RQ^hs%2ZpZAA299=<qfpt3zUE@q#G|TwL;0PNQ1>6
zZ=~Y@6&*^k5sbr#tsoS7nC!DTVJtddALiXVP3U4OIe*7l@w_WCaHi814igrFNFp<X
zD!b&Q^U)GMtD+On8iluT^O24UM8aB%rd~j%n(kshY!{c?z*M|9fe?mGpN|>kR)qQ5
zfg*CGVD6^az%fQFBa+S0AqGj|K#f!e_J0?lqo7eakE%1*+76=TzTl34iiy5OOYayS
zEh5AYdQJBE1Z2>Tr#gisI%Q%T?ygemc0h<cOyj0%u2I-F%7df4==`1t$IWdg8RqX`
zNAXB+Wl!m@oR>n{1sN4~@V1)0+6J)KzpYw6oEAw_T>lDqT5Nz07=0+JMFPY)Ljh%8
zT#<Ttk2Y}B+{_fPSAuIM_iXKCF%-Pg*=8FX+SZBqsW`S|HK*0mRBJl^&Df4D+Jnpp
z`6wsi=(-iH$XH0Cg9)0$Ue>z&ZY8EGDB--q24cs8<0LJi!Ph?O5Huu!!`P9>!0k5K
z4UEU8L4><V@>uuBF1B5Cp=IJ+jS}1IWw(-}a@uG2*lN3zDe0CSY*tu~DT71NGgno0
zhhMQ>0+{vaYP*G-u+-#y+_W!v);P$GkkZIqMm=loR1WCh7Ixppu_MygK}2!GZ3Hc?
zhzxiF<1}e36<2kqx2aO2GKV$fl<jFA^BF_|K|fd0--6wRO*ZmiIC=+@EJ}mQqy;5&
z8zKtAMVMBUhBc#Ey{7XtYzj|o+FZ(=30HWLyD~-uk!!ks{X(Ptae8~QA*9YT-38F>
zkMyMkPh~IPG#STvrzru_1bIKB9}+fQue=5HD_Urgt~v|tmU32@eoSi4MqZK2ov;+3
zUKYVv>IB_H!wBUyWIjgd98dv<2_sZE=uXqdXSe;c;A1!*Rra7Y-MN^lmHJcLU&9_V
z(&tF!$x^CGt>f)tJW@-?<(yTSI7Mrt2wqg^lHj=(^(ClSK8w&Mj0ij0QYq9*S?ox1
z9F_k?uSBssBGg(CQ(hH1F|Go%OF*J}?$&uy@S8_DP#&U`73!UE{A#i+5IUV%!37f6
z>RNo?1**(c!MWc(RW=B8TcJ2caG#(+*=W^j^4MFTP=|ff@U+G#H$>lIHb-{|u%$=F
zcNWdp%0G(ToYJf`KVdkBjMaF<kkiu3j3o`ILJ2K3L^gy%iZermyd+|Z+(jh-0ZObR
zA=wgvKy~Z{Gtjh5ww60PUR3umu%@D6<V=P1*db;5nlU0(fA)wR7QHl{Q8I{tjXL*(
z3^O5*20@pNKQP#qF(klX484IuD1ez^2!umL2AU(O+dQVkuu9G*kxCN5qvn99s-7iJ
zlE;rPoN3}!w>xT4jBV!0x}#s2r}<K&rN<5zrO7ACqpW;H@a`@{X;PuW;#M+Bg=ik7
z4X1)#RZ)?$`dt?+9-I>hWRdD?6AxY9(ULNR3OZ7Y!M0VOsx1Ar_ifB^;O(;bq44ym
z2<HNYP+Y8tRf=2podU<NUkY{X5$HExY|W;u&&0v#5;r}ZFD^rD@sy;(D<69$Cf(Nf
z&B;?bJbq&HmS5W{@$Pe5pBeVQVKTV+_}}gIb}|0Ldgm_w>#cmQ_i9%e{~_oR(~Y{v
zq|aW5!yx^LA>*zd{6P@Z1OUIq&<}G&_?{IVoZtZOF<|42nB8{a6p9ml*I^cOdP6a{
zV+>$7i2fPYxyJNp;~Z6cN&xbvG=G6e<aaT-e>a~Q^dI=`vmotV?F^Vf|5ukw`5)lz
z9sR$Rk4mhE1~C2L6Z}C#<Uw?t2I={QB2`a~SKPQ@RO*XFp|06c#A^5zgHKzS>pzb0
zy19{{?q(yw?@#<zt0ff^%r_V1^|mpaH~yK4PZDf0SS0~Ax*mw-QO?)zgzSR~7H=e1
z>nCK=oVvjgMTK6WFcEN*$wf(b42@~sac6n;J4-tmeNq7yT;)?qqd-MW$)cvUTFnU)
zFt#A2@C4L(l8W^zDZok>XB>J_ypJDjx$-$Gt|woYMJ_@KO7n3Xhl8g06$E6tM<!h<
z1&EBA{-+6{AyI-AjL`mA;R+|KR@uj_H9KnJ{|Skje!?2SM6zVsj^m#&mIJ$0ZxsG2
zr|692%F>i}9aY}jS<Oh-*eH%1d}uy`b@p|fpKqyFtuWN;4k&N9BpRP3l)0@AH(S_#
z82qxv0?o?u$2h6lgPP2}vJ57|3*-7qr=f?gNP)69m2rw;A6g+~qJl(-<BC~QEox+D
zu<r@lMq4{(;36Yc3bKN{hRbjr*HW}(k)g599kYvl(z{H-X=1Jz<^>=EdWD&!(IM?G
znk|NfhRxjZ)l`hAm^;>)HuGXpr3$xqLPZr;0Ayp)unUwj0h68|+vyn!Th)%hbkfx4
zhAV!EGAorPHdijDefJB)2>N-*vrvdDJp-{sp*K<*L~kwSnmQ?3DqL6^OQ{5n6U!(C
zY)SK4DN(e1zt}{L2b71SkqY=P^s%sq{zC)Y-hHNiX7K;Oe%-kI=h35;PD%c=vU<n=
z-^S;9B_h+~f0AH_xoFJSdv)QDU?&IuT>UE2pP3%v(=+(Ut)a3=-zqUXaOOlwld#Lf
zfRA1ZP=kWFEQE8smvIK@)A2BfjlvYmTRzQEHzXZgW&#0{s;1`M!xP?r;;&1BiF@}b
znxVgh{^s}YQL!NuE0=Q%a>-LHsfxmas-n7VXO(_Z;a-i{q~UOg&nOrm|4aWsBLjA<
zEW|u<lRVsCYc2QhXTafRO@Dyl&MZ5+a@memws;>Y0r>bl59bAMhT^(o7rajyyvG2G
z_OgKnhR;3*Sl}}S;y*tX7#9l{OLOs;PZgj`<x3T~#*a^@LVE(h9wERw2(e>=u7Z|I
z!dy-e-W{hYa(ZaV6H01qO+Y+#KOF`UCW$(twD9*cWtrY<`uDS?Oj$OJ(2(zb2N(Fh
zm{3z$sa=!i!a*>?oc7q5KeM?^l`pbuH7mzQFg^+ECrOUM&jxsz$K}<Fn{v`1cn@Hv
z0=$i&49R}!%abi7?zmSCT?-0LgF?_~qv@O9*jJ;8OV(aqegJQm@Nv^@={o*i#A-`a
zR<^*TUNx|aePS1dUQH)7Nfk^`Apu`-)pdZfP-Dt>N>C*$aMV3!Kd>zL#FwC6lzqg?
zAEQ|Eq>M0IG@G|8{$(NaVY`j-CKwC`WVI1~rsKu3Z9xpn>bx+xep<twT5*<K;{%D=
zlo&sbqLY00bgc4J2$Qd{g@Sryl+@nDJur<Dgev-FvjnR+8VF%0m1g95l4DF0qB{zS
zoiaRj{P&?+*g>d<4eyH$qEIJ{$xMhQKo{T)zQW2mWnox6g(p6+j@1UHtRV=~bc1tP
z)!w7<VZvsq@Zr_f`-5?IS}$FP%x%cF+>)7)m`T~2U2H@R6->6OFQt%22$rN&JrpDj
zDXSsfyKrL@eiKuGtd5fy2%pma85>%`smy#g&6EFYF>jeL2;(nAN}L2^W-IIPbf@oX
zWQQB)i?IAB`DyJ#VRI^yi`$cubD4B;G<FOXk#v)RGydaqe1|a~v5K>;f=`y>N$ZTL
zWt7qx-H|L;62r}vB)Wb-412VPBMf(wlk0CL;T?L)aLCRfR?!<Pxp>RFfQH4z;wE6j
zj1+SIuL9|&QiM@&3hw`Q6T3Osl~J5XK_-7rX!j=ryZ@D7je-!MzGtEMJ);PpB>2aX
zj2XL%vWqUvgr$%ec~(qO9yv$%GizWTVtfzW8d1%$H)N4EO44CDP3XIOY$IRDeAJk_
zktrIfn=O$Z(at3=VE|i1URtN&IE{d0c1hBe4AAX>LIpxSCH_T}8YRFP4rw$DZzEQQ
zMXoI^0nX46$2c|kiNR3EG|GEZv(=f%v2^G7Vgl|unauQDPsomwS1pWCw}Ek}Xx9V!
z0PJX)$aXLDAETwz69*F5DL%Dvvd_+sWLAZ^qcQ>F1DM>|aZOV^JzN*4$RJrM-&Afq
zcP9{5-;)@UmAUi^WXe=f>LVcIF}iYdZ342L=}iF%c`tRxy-*6(dpd=qn?hCHW&Ou!
zlbwf)m^IaZ_n3gPh>P*$106#5Y;_e596`?J0u=T2T}PtN%y<8vA^#bSt}gzW75{I2
zb*&ixk5WS4$$xI)bG<SVl<2&E=4ay(X~&cT=mp^QAc#-Kfbg!=Cr^^W$0%<(5+9&0
zJ^$%AJqa@s1-(pqQ6JfSphK28h{H5+>4<EO;WSCP2S-fANK8_qwk0KM`^%3umRC1c
zS8q^Cw7B^0ou^o2jNrwNXYsjD>;!7OHvBiwcl>ty(f8hm53ZWr0176E973or!BJw%
zdZI+jfr=3glguudWR~qw?r8M!w+VDOD-+C2xz|K_R3VScU?egs6<-fA0AWC$zegoU
zS!=I(2fJ_nvik;|CNd<bVf?9H<7Y>&wqNeDi?Q`?XaD8vw}-oL%*z^$2$fYe@AaF#
zSBJ&s<e`+NlORlMrPzB)@1>hV-4{9NSVx`2Wak$xmAQlmY!wsju@tjYn%Jz|M_b*C
z?&kW22zO?T$8B_7q-*<_3#0WhSBiDAyR)NcOPACpDtO(?8oG_s!vuH$Yp8YhM(+l3
z(JPw%mFYa{6hnQm+yxja>&7$+16SRJ<8~7fl#H3xhu(g46tycweWmUb8-=o@#<mts
zkGL`f7uK%6z}ho4-yas7cx6JBh7D%2#h6xfl(WOWeZ3sVd1Qn5iT`NDbZ0~CBeS<w
zDCg-=)!itFRya7j(H&KT*c0O-{;Oj*0-e)zY^}B8FR%EE{sCeiP`Ys_BE5QcN`RL+
zJVYY-P>7}dgTG6ue_><)^8bh0`Imq28vc0!Of~*_?*HpTZS6=@amtOn=&#7*ee|w^
z$8C7_nhAi6J67H`P>8tUgo|SC?6+vbgazns_mAXQ#J?HMZ_kRcP*sQ$B_}|I(Q69N
z%mE&9w1MePMzN-_A*hpC(WkIMsw`qte5RUIzSJ39?prhp45XTd*$7UWQ0^q#2RnOv
zNaMp`C=Oh`Fzcq#v0QLQHUwI#6{&!tgD8g6OR$qeifP|$!uzb{`@0AuvG^s=Fl-05
zV$=;VW(5tNM*@qeyu<Mb54vc7)8bCK_Aof7z!lg87De`(>;80DRo4R)T=kb%D^YNe
z#3vWWz||YVz|}hp{Ex&y;N|pnS}dS~E?zDNVUK*~itI%ic0V0qaJDXU6#N>cF_hz=
zg+y8z0FtvKJ|ybRvI6Y9zD!{UDCk9v<3w1YdrIRtp@G!wc)<uVF}ImMTr651ZYDWM
zWV~cI=#I}BIhCe-R@P|A9%$AWd25JN4j-?zI{tD8w!|BmY@m?{u-D_;$;5qXUj7SP
zF<YIs_k1-A8@prPsJ&gev-QZ{Xn(YTHYr7zCd3-><tGrOt<MRFBu_k20!CG7rx%1I
zUCR6ufJ3YcVH3(S3B7SCVxjgRwRTWT8akwXC6y@<k?c{5B8L^@@N<rXB8;f7H(F*k
z+x?tcr&%yy&<&i-u4uzDk`2)}1T~{b77B|lEhVs{a@O&XI*_IZGu{R+C5y;&xlmE4
z3|CD0(hkKTI*#&;>c-(oFh^awtFehMw<2+yT9x~OmKAqIlUEp#otJt`{vwyp*A260
z^3*aU73Jys&i(9td%0#cG<AnnZ7WN~gC)wFjHSM^iE147*(O2-vLIBB6c_Mxy}08F
z1*UGBshe+ylH18S`wEeBj*WQPO^FBYtCH5fG+Vb4PMZcso3Luyym`zU#`NQ`eEccp
zcW571(uz5)VDqZ8N)9Gg_mvF}cuRBRk!px=B9Msh9G#J;B8|l|nY=h`*|bnsT4EDI
zq(e}3FIPFPSaoWhskLr@8*?QA`AW_d0mDcPnodP0QEss#ZduYb;q{qD#yrAlKv>9;
zqnT5Yw(KF}_Acz{QJSC`Dn&WMWk|Z+af;v=XQ(Ge!_L&2UV&h>+*Ku_SJUWIV_K0F
z$m!wEYd2(3Xbl$+0gU$Tiykhk0zJ%Q9~H(J0Kj@p#ZinTZ5@XphNwkD{1lBAY~rO!
zp0$ivK+uXKp#-@#bz1Y|5FwQbH3Vpk24PNcEuBEsBzpq9b3PA7NkqJ%rYvkHtI3L7
z9u--!-(HTUtlTI~S(%%rIP;uLP%0*Tcxu6cm{G-q;`#I)t}%zvqpSviF%>jI9jDcl
z0^1a}y^>Be`4q%3Dh|3}WDJw$t~&^WluwxD3d&-pz*Q7+D$$M}&<?7Pc&l5lpe2Ti
zNLxHt>Dv&O39U?^GKQ+yw8jh{DIfB2qZGa7DYJ25gYs|9k*R6JbhI*251>p0Qob+s
zB<vfK1Zhh3j%Ea=Sytl{eI#;_jlwR;%$tTyvnZC$Sj|VbCQ_{83<)yA_E8qLWEu&h
z(W)k{M8d4G+$IUD<N{B7Df57`bkmtPtB}LMku4a0AzQFA^LC24a#EV@B-X8JaMIm%
z53oEw`zWIUx;Ms&14LA!(e+Q8%05eU8{@vGe1F(V&R<sU3-GQvg!KweC|AMh2Hq*^
z-?hK*n7nx7zAf0z)I=$pr#)dPs71=u&ldkdV=OISmG>GVRBp>(MnLER4x?-+Zjw|_
zr`RYgml#`xV(&OcE72la76DjXagzxbde$-G-o4WS*JwG8dVQT%w)Ru4)sjmBCc0F%
z$v_WDGv98mv>UBfjqf4yK{L>V;85GSTy=`XgZ2O0t&d=nir;@<s%Yv1Q5TU|?S<O{
z%B8Bibz9(j&v5`$4!s~xsI5I{OPfex{GB+T){JV4O9FTY<00M}kjtnq^cP5ihO1J0
z=?-!T+XM#L?tC|;dA2baa11JzWAsSu_FoG4uO<SoJ#qesWpWxzGyvi<ptaYR1EiKL
zVjG8U8+nuua5#@9uB9(QH*-nCAPZ7o7+KK!*<O~js0YU!#+6^`Om9_6_LXH*bI=@7
zqbQQB^`TKZt!Aump;5k^<5F;|bsgZ+$p0v>PHk|x4yakIpIov&AP0(QM%2jYvV)L`
z`in|^oB4-L{{^<0UK(;aFdxz|HuUy#4ZV#AX!BJ!yboi_7b9?u!<6$$d<xQYJiiSW
zsI=GNFJ!}8P7DM^>xTQ0U|Lif|5ds^lN0u|)gL5DS}z&yKJeSi%gbnI8~)O`kKctP
zD~l+E!x7#fGNH!DQ5=w3ZDFv0QK2wSD*o!zuMrkoNccNN0U6PE1z32H(u09%AvI4E
ztF~2{+xIxb-C#s<&3<JK@fWt#m*p3&F_8<8j`zvQXpK_bQa<uS;u%bSS}DoS>Xd2G
za*F1c>=LcxoP<VcE~Lxq1D{w8P;n$qb`z(rPE=W<QPo;{%!$5@BR)Pq5*`4UiYyF2
z)@v~R8XeguWWthDRFr?>V04iTO(7;@@kyei3G&@1=_^ufY1PG+K!)3k$znkrul4DM
z4}_-$;|Djv^b~UjP3lTA3Ec)B!U+dK!#&e*M;?vbapy@iG9Br{YJ%p_FoU7fN4H7`
zjZ;#vfL^$Oc=7tp+XFG@U@(|>_@dHmMAz_ZL7c?r!(@z(EAA);BSFD}uoiBs_g7jg
zz59z;hd|RbGi+=c^czw(Fl+O_Q`k(;K2VPM!Gc*Tj#^kTaef2E6~NWk3g{g*kDA?l
z(2olN3mEHL58mBhy8r(D2TXNOm{TZ=z49Y60gVQV%TPv}T?UJH&o4seCjiO&c!&P|
zZ~FH&{d>RF&gjcq`u7$6TWewqW)ie`G*5aV6Gv)}%cPB?Bsd@OEc6Ya+?2KA2ljWG
zNMn;ZtQhuq0z`Ktdk|hKG{=Mn(j)UFVt*@hmA|c)zwlzAMQGS+Ex<{(ApE^mUzo{B
z_4lB@n?K&IH?dvh5GS_!a>3!ooI0BQEH+H|Nymf4OQt%+p-t@Qu(~6zr1-yLM|Mw$
zQ}S!z{OT_>>|qc~*DzPO@=$)B0Ldm-m0`#gOs=y9Ya%^*&e#H@Szl`?NhOg(*5mN)
zTV2X5y^k~?S{u8fBUab-tsT@I_9_)YaF;d&2DgdryF>Q>6Nru@jZj@QyosYyRcsjn
zci`4B%vWI=y~)#9fob&IX*dV$JX7dZPr=Ab{jvzb>7>DDw6V=n7$8qJ%`I9+<5c&^
zkWQqsz%Ice0}t^l4tA?aE50Q<=YK6cSZE5N-vYG$*FpxrF<8ph7sLvWs!m~|C|)d{
zq9d^?|Eiq9s9_&ro<v*MdwwL#Os5x26vzu_Rm~)J9iMwEY?#JBR)rc=N??kfq}}_O
zf1hxMiTkLfwW%1NhNd)XA$aK#aB(ghS0U+9rWCaYL9J1N3I-Ff0bcp9ZLNL%pBeW5
zzudh2|8fU@mhAu6*6!^8Z{xFgouBIX53sL3VHR98DUQWg_kYGf?s|)44TJZ-tH*-)
z#Tfaop^g9Q((?LJ`;p&iZ>+9wbUHU431U{L&uL*o1w<uJBB{#h;|sAtk<Kjw^Na3A
zTw;qK7zRm&Q<r$4eknkxZMgo+NWBkZyqVN%zwjcB)FRdF;*w>PDo`-$NyXLjE5ARE
zCMuqPdMHikze$a<Ta!Df<I<$&7;V$9u}I|x#_bN)DogG5!bt$Mg0@~d9IJG87mxMs
zbM?=R^Z(86_Oq9}SL|cP`M-w2o(kuGXQh32{@=!j3@mzZB6Ud)B1R<{o3@Z%9o`Qy
zbMiO~`(w1V4#;f8<3l=Yv5f|me-LF4l=ENMW8-f>M|W%VY%NPc57X!q1~+|v_*zB5
z^QblU5%V#C9qB$ZzH9<No<`v(ig7^~zeB94+~Zr`UY@aME{v7(`(cDublS(VZ=b!U
zQL@{hgyKlxmLG>+KN+L7S1ywrH2pmvS^u!dX~xMLN(QBX5)6i@iA(zZsEd<;v&<il
z$c?}0pNDxv=HH9D`GomDgICtXL#wQGM#5obs!opMa8u{Ve#(N@Q(l(-v%Q@|4Gqq#
z1NT3K)r)cTPyeSdP9wNB`Ol-1aR^J^OIi$W48VeU?>PmCn2^XZL$<!`4aPx%@!%Ln
zgCO-J{_RhPun5GN;A(KGD9oA+sV<<)F=3CeemIpV_RwreQyf1)*8{fZ0E9ySM{++)
zK1${wUmcgYf*$24Ovc*PfPyN)X!<a*6l135DxxqVLL_bo;s;tOk4LXnF-TUik7+@q
zN*Nz53uYxdBv01}uu0i?KVv&=vmyipN;^&}NeYJs1>VNdXKxsEPtoqPg(j7>p~e9G
z>>OKmJYxUg`v)N#3NTE(uFBh((}+_VvKV)%z&B=(3owq?SFs#@XWp4D6gZwf%|7Go
zvw0MsD}FxXMID7HUd{cdK^CsBHoYP{Pon`=XEEt7S^@tBrx4FF8HRFuuUHd%%ZI5@
zh5=tM^!)-J;kMwF;K2cuGd50pE{N$diZV@0%rZhvZR$zG<UXNcvLO3!I2*il9Q&Sk
zugXQAyz&b^`krS;yrWP?Se6^EOFRXPqOh^Fge*LUB7m<A%#lP(stmU*m6zDEsVS2i
z3gZyZ(=+|qv8wFQLrpRHQ|U-mjj-pzG4J=r<nF7U%GywZuf-uu0I<edq(#a71;m!#
zk(nHDm$-Xnnc)AF^nq-FLfVbParabJpdh-ksc^Y8sg%g!1&qKBbzVZ0@AmBMgu2H-
z3>MKX5se^AmF#S%o|U%<DX6}E3jGoC1MMs@98m3?;m8(<{@@EM#`uCgRh#hKE7ZPs
z4+Dh!bolaxPl{}MjaDcUOu|8Pwd5I4QJf!DBUB>uQ(gqJoJf<8a6jT+gn|f}rYpEL
zh7p~f{~ZjY(Eq=|865T>qo#*vB5fSB)awV`2u6T`hZSAZcXJ_+n%=-0Px<y!&v<~K
zA1xgscyC99L|-yWG0mrMq^!ohvn2h<JI#lkCL65)GXLFT{K5bAF^0tW;y;ndG@d6J
z9huOn*yFqkfzPtQzCgwo$h=gp^&XxdoWTxjFD%9jeg;PqARkTw#*$U$$8CBXn@6Ko
z*7U_v{N>x7p8#|)%k&S7&vp#@8Tc$kRcu}xr=2(EP?aRU84^bpA?Og=v^FWAOdlQc
z01p5%K^!LI4Az0i?@SDnx5;{XdSHvijn?x2hA_iGhU2)&vB3Crk>j-xb^p8N@0K?J
zgFm0QfXHsFv^(GVL>__jpu>o8O$$I|@N_<+t20(tA@)h!?JelW7I6DfDQs1!#~6;$
zR+lD1Ur#M4#)jx?b6q@kwU;`vjXH}V92q@4yR$r{7<IC#!_Q~~Yi$N%%Q%1?1szKI
z9>E=lrZ)p`1j2qi?SVxYe`d8-4EWgf_YeHP!W4c?5+M5H?#HG_a<0~`T+L_P{}l6n
zr9P(L|Jv<#DgMi&<<6b__f|gFD+$Fr9Wq^43;;7l%&QQRqq(f#a?IcB&$;{p*)|ah
z_q4?OIy<Qj3!^fwYI(F0eSY2GFtei_7sAKn93}bs7v{CFUgQE20IPi?%Yp`@Mpur%
z)OwxgmYos)@>Ecq_3x$3{_CSRZ~h0Kw9SK`=|RUlc(#4GjjC7kWP9h&sD3pMcHg|&
z$A~y<=F#4(zo1oO4cbRJ`p^6a+rq!l0{)?TwJ$dT{D2UMLd4=}tuxEs$RcR_PnfNi
zjw7>YLglgVdQ(8&ps;W(kbrN>@gBaC&cZyZbaMFlR(gRosuP1}f=VZ6P5(4HImHK<
zVVBHTp)D@g^gC<oP#8<VOMd8MdZ@F;61=J!C3M0~HmO+UK;YJVwEw!^!`);nViHut
zAY$_?OyK+gy73=64?9i_nq;J0lCKjB48jF*FgVYEVZ0@T%SLd`qAjZ6BWuOLcj2>A
z1)o)2Ma&#5s|+c!W)MskS{XD{t`+U-!f?8*fxN(IhS`aC56uqoTfyp33fIuw@I7#V
zHD`<k(+|!<MFY4G=Rd_?XE81`+_)ih;D{xtErjdo&7weVB9WTC!BQ{G@Xes&s0p}i
zY^RIgIE56+Lruj&keTSzmYFlfMdiA+VZ>f-Wcgz)aa<WKYTVN?xaJB&2JP6P$4ove
zQIV1in4C~h5;vl#TVaTTsC#;l99pVgv>(>*F_bv=W0~z)+22V9G~x}70Wie97%MIj
zR|*|#i8SCAz17!cYo;S+f&?K?a7)n;=sB4g0W|-<g#W4>bX)@iu#V#}>jtB+j?Xj^
zqhwCFKKCRH+P!<?aVMrpWd4*Vbv%l&CbUhSkhMnBw-%Ad!7;k--4iS+;|H5PDN`o|
zy_-u~hNHfrd&4~rsY6Zr0v%eDe_ILV@P(@M1o(z~IQqgU^nwH#EM$Zp8JTr!cGrYk
zkTu1mM`XuVo{&j0rosiH7Ta1g(T1Dgz-Se1RO9h@FsSP`#Kn{35Hudfn#{Xbkzb7Z
zBs#>U0PaE--4pJfOa)#6$P|0kEYVi85W4)<mg3l8*~c+wWI`Diy`^BZU1AulF`)~B
zHFnZQWSAGioFh$rHk6JVt04)0$9Rc?Ito*(OQ8QGA4*$9WghDE1ZoNhV9pWf2E7xS
zM78w`JIEc{QU+$v9^-b)`~j{EX&cwzuE64J@r{>!BE|@odi5Vu$x`S(duP=RTT~HP
z(4t)xQ3r8)aWp8rl2fZaX=daiqFk^AbILn#nWD4{MW`YPG;oAcgLb^y@*L#Q+T-=o
z=&JU3ag$>+Q}?&M!70k1i54&1hipf7W%5;gOT4l)Ez($95@Sshm6~pF=z&x?7@c6>
za`d<-loRJ#1|X|rmC9RIBxvf)auJeO3$(X%N%&q{s8zHiC#b3|C#Z!6d9_<Jg~fJ~
zNN`Z|33DWCUpK<JMZ@T(UKjdWU?0>lDEu^_MHg78T)3o@(1Ksd-q^H(J6(Hd(PK`e
z!*_hP=T*F#+q<1S#|%sb&W2n1*OqqOeTttc^4}MGJG-wAu4?@Af9A0NeN@c<wzhT`
z|NC}6MiNVl?hm4F7-ylklZ?(&xY+0Z|3}uei}267BboJHV-%B&j7H$bd>W?V@j2?w
zW8xnA7@Gw>swgIRldXTx(Q+U|^~-V2*^B(Z>q1woXGEoC($CM(>VR~tigWA%Bi0=o
z?G2kw)bU)c9Y_t}kV*HB*ETVJP_KyNM5~ZAL@FjpTcfx;8242ADSSPMh7tEbx_Fv@
zCfZ!QYK_iGViWc8Z%ES`jgJR_8BNraLDR?M94#yHA;GbUy11nTbNCJhoUKUfRMqHM
zfk?Sc0id~ni26M{<(PM#o(ah&(ipmAQ<5Ggm7pH~A<1DWDi1}tk>D}Ch{KGtMN4qZ
z4(n=pf#-|5%6tR^o0wIVSAh3yX2Sp@gCH-krjug#BqWU_Tr?^23e#*s|3B^e2m8+t
zf8Ktx>+c=-uixzdW$)SUGrzWd0Keg2{(0~4r~S8wK9qQ~{p#><{{C}+`_<q4KkvPI
z*7SG(`uff8!GXX3#@l=O`o-QZJllJ<^WyEZy;nc_Podtc{X_r7-pjp1X!LO3#}1{b
zz1;(B?B(v8ouA<6_S3x=dxw8(de8R`Utyci_uu&2{_E{GhkHA3Uu?heU%!3xdjDV-
zx_<`EzS?{B{0;Q7`*QcyVGDYNXa4SA;D>+k)AoxO*p;{a7DoRD$LH_tzy8~sy&r!%
z^ncoa@oX0!KHY_pZ9jdn%U!{wc3y1ny=?l=wqI`lxJ$M6p_Mlt7UR+RKmW9gkFdXO
z`2Wt~-u^3`#?Jn$!#D7=3A222sH^_Gcd*;^x8Lj?z)-#CZ}y>i1Sizkr$(UOt6gpd
zLG3#$0!8rm+k;&*mS?-$FQBahtZWy)9qr`Z=cYeX&VT*8l?~#n^fBxFUt2Gp|BqId
zSMJXL+xWbUx@m%kuK$;aLLnaHa3&@|wFhH5YM)a~h3D+v_ZKk|{jRmV{EhcIP4LjE
z*M9x(>CX2%yHCGc{O;-M_F}vJY<cm!XYKal^78ib&i8G2yW06uYv6THG=WX^t@Wu3
zcaeYKgJ0LzcUN|H+pCM;eYg5-admrld-40{o#n;$+V=9(-R<Y!?W}EoseR+!lb#RQ
zW~44ZpTPwhJ*K;GDq&w33`Jf+o!z+SR{O>?k1jbGa^h+7Uwb0$&Ud@tJ%x(xN6^IT
zch8}TM~~Wz-*=w2ccHQG9<^6)Y9c=llH*_i<@k$gS}o{K5|f#1AdxrxQ5vduQ0d;Y
z@OX>@d-{tH-h_jYmB;dphv2kc>P<#d?hIyP_cq^>w`ee}?Jmaa-RbM${p;r_Ug=!8
zou}hy&}%JUx)p(gGah+%>9)+6$}P=>O>@BLBJE6u(R{7U2cwI%H5o=T@o^U|x3cIM
z%^J`7RaSwI7i(v`*V~KdYeql$<~PPSO*#KD4G~_nuH470^S`}b^8f9uuiu^jxAFO-
zXeIy1mPlQjV0(Y`<jN<{J<k;XDH)Ng%sE^WNrT6B#zA~S>8;Sm;{+~^XlanMMROcN
zgL|(I4&l0Vbg;kk=iS32xI4Ys-TG5qJwDuj&CeQ3jEltzFZP}mio=sq;g@?acc-<D
z=e1jSLc3IuFS|f-;tlU!x94YRchmn<{pI$bcN_kn{>z5Sa}rFTW)rQ31_PM!;l4B3
zjV=GZcaKtvqLD0oM=`d1H4ppdYc}NX9yX;X!R@eESQV6vTKtQ65>?Fr1nSuX-s5pv
z7I{Ipo1~m0fD%U}!(oVFauh;P`3=;W8DI=Q_M+5Z9Qjqywqd5;q7DjRSGQ->m{Gf;
z6C1Fz`f<w6Zewz9h!|CU?f!Ll2OCxm?pO3eNCof>TYswW{`C;r`Qwxh&8pc2D`#gF
zoz%drj%Lk^8{03nUz(GJUb~#8TOB2UKwq2S-F=+TwDaFwYOdDDjPw7|8eH}Z=l`SC
zM|bD{ZG0a8@Od~;&YxSgc5AujQ$z(g0JdttU-y!;Y_Z*0>(qXD@{RYHr35S_FjrFf
zc6dGtw`w9t*m?L6Z@7O^O+RY2m+=7xx!>ZOv#I&x+r4L77q~b7IXpjuQ;J5o(!oY*
zFuHq>Uk`#DEyptaWq#rh>6j|imZ<cSQ~a@WTa^}^XI3-Tt*Azi_sJ>gnewvSssR<{
zHxwv-81_(+QT5*Gf<Y*4?x=K92Vss6X-M}TA129wzR6hrva|DICmD`_z^3?)E8p86
z<<T(uCpEiOTb8GAX(4?;FxX?>P7NsvGaA%;jFlebi)*cRy4LhhH{J^q_#Ozvnrh~C
z8jAHyl0F049<!1G;Jf!~rL%eTZ1?HgA2*NS*R%bf4>ph99=v(>;>9K%7`uN(vw#Es
zvHf~)>*%N#b_eMCSnmx6;b*e+k&a$M)5Bo!2H*|1zpdKgo4332>S>Tg-8X2;FbsFd
z7jCPzBJbq!3-(qs&);U@Yhr2;TD_krdYJ*v&q0bxsTUX--qd*(qN;p-^=Xv9hLHt)
z`vauIjNO?tBtnb5n2i?!AS^fAs;x4{RWBZppkzpwTUx!zC0|7GM|X({>5%E%s{N_H
zPx!}7YYPA=g|HT^b;{mP1C3o4DhQYyRDgvaM8{I}M+vH1oS!p!F`0iB0EpmrUOB8$
zPc?ZkK0Y|l@^EMdv^T_+*K1a&YDRO2D#iRIdrSk-ngX(yd(U3Xfa+_wyc6_yKLLPd
z6;8v8lttLjQ}j*9hThILo?QIr@c1B1KSf<Y=H&CatWGkk+FxJ3z{Q!jIP~%i*n{MJ
zIC}ywgE%+|dq1baXcVUN_OLzv40{O{dv^85OAei!PMsb3&~KGK-wq{yH4i2B=OV>L
zn%cPpO<lb{n!5a3qN(j0qNx>BQqJ}8P1p}p;MK5U^=>yt%degNmvA+Fo(!0ayCbi6
z<n<EdweW~}WP@~Er0|>MU)<nxikD^)<pXwQq9TlGTx6@(9gQ}-o88Z!H+x}!GwBUB
zBlz!h^pDNsAm0qKA^!K7>%5IIhRq%ZM#eZ9Q2W=_=R1#99zAa_?mXIFTU=dvw7$5#
zyuQBJ*<R^9d$iWs?mU0~MG<H0UdUNEpahVwgZy->)_Py0xYmzWS5;ra`ZJoshG<Jw
z)S|C2=?O4m;#mcwQ-H^4^AuooI^2w608!lC{G9bBLgo9F@4sJL`3`PS-#>k}xO%*d
znyB5Ui|d`W=TCRnI=fGwKNYCV7?j#QRl`cVn^8B}?2gmT<KbwtH#pf$yB+v1-#m`u
z&GaPOJc;_7{}`RXe<A&|nTFZq#aw^%Y<qqC>H6aH@0OPrSG&uohkdlY_}$9Wr|nLA
zd;8gPd(yCZH45w6dJq2x;>L$2(r_YmriG9(S)=Y_(GT%s^W*VS#pU<OZ%v_d!Os-=
z&#T>^ucwb0@}Ks~TFL&iy?ST=aVwvnPlJ3R^IwH$g~&aD4_wJ&Kl;2h9`(?9ClxI$
z2ithyzoo~$4L?rKd=(VMP|r<O4!Djq`Gf^Y=^@Exbyzvz_#{ve-13nJ3YGiB+cz&V
zzrNi|qagMVqA<^fL8GEs3Y)|c(cB)8ukQ!lP?Agr(r#^sGte!ff%}FXdTi<Q;@R2R
zB93BloDMj$Xs>31oa3kdb2NZMb?6_$xd*Ic)sTuaHIocKMFR=t!m+fZRf=UE#W0vO
z8KvYc)du>fGM)R9+6(~V1OqdjKaW0_dOo8Br;_g32X>GHsYv2D4*KLNM-h(60v$Xb
zBn0xOXyKZcdXV6}5^d!)==uEsZVIuAJ;kBX;9m4GleSfKDZBwBBMQ7#e;MRZ?#zE3
zrrqdMFer6n`F)=0h(g#50w_2kqhQLD*v$v$(oq!qN^e#GQ_KH-lj$4#OrihR68jTB
zGwA<v=TR~K=i2JpUHs2m`6!z22Kgccm=wV1=P3T`>!uD}L?-SW)u`qBui01(!=I_Z
zFPL!zH!elwBAqfhhoLtB95I>i)zO!>9|rjtIKx_lLOUYu9U}pUo$LLCnL_*HSRx~_
z1HzpJ@^yTs?0*UHx^(3}Sjo3GasR`o9RIiTfBdy;nBUCL|MLAm$NG1Bz2hsz0Gnn1
zwZ8nQX#c&wa%cZ_E1x+7HX&PC5t0cXWAr8Q9hbxf@>P-)s9&8A#x<LQm)2`0{;$F@
z|1oglK;qN$C;sDJlyw)Q9)?(Dj`_(4mAxiwg`Xpe`e6CnN`yqpl<;naGbBiSRrE%K
z9^_Awo-F+vyJXz%o<udzD>xn>C%tpqFBk3CtVC=l6v+e&Q6Q7W#{2Yr>?9fhyvoN|
zgK9dd79@U&&Q`44EIvk~dZ+2cO5s+pkNZ9RU&H4lZQ4~=XS$-u0O-ZtX)n7@@Zymh
zM}wx@wP*XQJ5glB0~y0(kT)IA-in4G6DcI`!+d#u+qj^^__{cxg+FpWG5*n7C_CwM
zdmlppC#A8U4wZobeai-h`sn&r+zxsMmEKbdp_*Q*`RcrXPnF(Zs1o@&yw3}D5WeqV
znjfGZl`X{$P=BrDLxpAYZKR)(2}(+-Y*V%S*$>@eZwvAMA%+5ect3;xe|s7Z2FaFY
z0P(5$0ms3&6vTRKz2-z{b3^q|A5GbXO`!ly+51hOV}eLn3feb(56zk?yb#@8$yGib
zFi}xaF*?f@N*hE~aN)b+R%z!7S>gaMHpVgi;c9ZrG#>1_6k>nW{Dk;F3ZgWVFca1;
zpiYt&Marm0O@Cp-UjPJ#FYn`pM&;6ykG$1CyT^Yu`aj3{-wV!B?bjW|`Q_MvS@OTt
zV*aO2yR&+C{@=>ydShE*e&%PdMMSjW3+Ctu_$p(;m6JUcP?CdzwsqR4PTOBz-&lUM
zvG(Z3(>@hhC&f8=LYV0faw6@{BiL53v1*<KN1;EI%N%JPGEbUFNoB)DN!E8ASVcH0
zcthcnkcN~`0*ac&ba&jdGV)SPFHe}Tw>lUYhe5$_6aa-zZ0ZglQ%GZY+-kLI)SMHk
zi36jMv4DD~B6F=YJPu#Rv1<4&oZ&U)B>>IA^zm)3liee2Y-l!*X`~bK2AeS<Zxo^D
zlw(s{(d1epAbsr(_?16%(EqS|np~dv|DQSZKaUFbzn$f^)#W?-e;c3cC5Z+4kC=1)
z#NWn8ru@qs270-@wA}GKosHGi4PY2=oAO(i<|6I4GOZS9|D)R?{Xqtdd0vR>C=aJl
z^TIJ9*-U1h7W~be7gjvIdz5Kq3;AZefB^NrC*+%6;Ej_Cz-2{(O}Pa8o-=5?3_@`X
zipJDm&(t{~;5E-fsQy>wxqnNaIq83veoAkQ{;#)}OZ5NF|MPY}*Gm|u(tk;9axL^<
z;Um-k&Ml__xG?>n%==#t{TCYjG>Vnu=EeE>`OXM@S3V=$GK%wGgE!Hrsm6_OPplSn
zHC0BRH9rSYPO5$m$BIfvI#i+&9Vr{LP8hi<6#90f;NqcU?hD>MIUj1ffL+)(hlJ!3
z3_gHr^(ZhPr#g-Dq+aM9V`bV>CGIC0HH=8;D;`F3(0|n1qQ&Tq(f`#)74-iu{@<;9
zu9q-k==2>!|I4|+d*k6qlnJsOdz`8b19itt(5`$y*a&NhhJMQzga@UA0n=YOXT!bf
zgW=u{o(fs%OgKjEi$nS&_y%+gE*}$!JG?Iuc9X1(<H6^_0CV7JI&TwLi^g}Y@oaGZ
zv%0yV>~N!DujT&~a;QWy4a~>={sw9?n?Bw<x|ZCC4-LF~gmiFlO9KpwUoLDw8vf^q
zjpm{Mqsx<i`plsJE6b~;{9kJ;clp0=<s-`ND&_uwRQrWc)?-vak}{jO!ovIbEk4?y
z^nWV(>^r2_NC!UnsO%(H?N7k~cJT*Mj7jakP#kS3l2N+Z4eLEKO$*EvZ`r~JpmTe#
z{h-%NF-&}2g&(&hEe+@iXoqg%mvJ}_RU7n!h^6G}rHmA&8F^f41c{z%gNP<8-%ZW6
z_FA#d7zoxD@`gzH@CS8PD8xF{t#>t`ut9oW^Z(`7^6+y`Uq%`KN$C$1#cUO|57v04
zR<Y~j07zoGm8awIU;O~M(8Bu&qs--7G6{^<n+(RoSR&ZqyFvxD<=YDJUo5S_52Z0y
zZ2#Op)3SHYVT=?cFZP;8z!hxKzbaKKs#<A&42MF6v#6J!ZqdJ7k|E>P$qJRa12`(S
z3J?F092XzqVicbd7U5avf{x!KdK!}o*2PaWfRSsRlvlfl>WCg$Wka$8zw7iPsIh-{
zKfB+(Kl<>X{_g(ShX;+V`n&hF4?n<<``OVS{_Br_x_|%g-#(}}9zWUG{O}Opz5n5T
z>xV{7TW~~}5v(ae;o*>u>oB-R(@t+;n=s(WqYq8&zo|EV9l<2F84VomJKo-6#b8ps
zC|$RKh-3Lv0!5*YfDMxokUc@oRop|zEy{nZ_#k8C(hRo-qZUa7p_FBVlC-kC2lvqp
z*8AiMPqt2~|FF?Cx_alHCJoXkF4&@_{?};|fJx0I-94JpA~VYrvt|8Z8l`qM5j{=N
zE?hy;6s8RpPPg5r*fwNp*I)aTy8GPJXAb`F%6<T|_`gn>|7*AJ;{V*rhwT4*D(V4V
z%rG!N#^DEkNG{)Ue-~dO&(4&7N~e5}E?Y?MCGl&hQpnp^ao_p?HOy23Sf7b0r!%38
zU@2iXmCt(^)<2Poz?s@@Q~Y{UnKB3*V@!X`Jq!q$<?NM_p8=+`CMxcWr<9!t-hVTW
zp>xl>w?OpL>JXR&?9!(frsD<A117l_^~oz5W{1)AV_+XzK6=_=u5Rj<vqi^LlLmYi
z4F=w^ScZi?OwrEW;adgFQ3YfeIPgm8SFP0H-6R=k=?l&h+QXI|-zdsFfW3O0Rlzun
zy+A$OYhjR|1(*<9OY@t^l!cT|oD%|2HtiwD41n39?+E3S$A;vfaZ_+NB};=B=3Rq<
zP*Wv?XV|JqKUP<YCmtVFkA+94XA3$XJ#hyJO`eowV%PS?Wzg+Bd-k*hJ8lUR$zi%X
zn0KID46WiV{}m<73I>C74<_3m4>-Mj0&wdE=a}YxNJ$osF**ijrRVIm=+lC|7tEOK
zQDJqmol+yyP{E;D5;acK^eL1)>Eo0jK^~j1DyU(lOuxtru&f3BZp2a=n&TWCF{y2o
zxmJ&sT9D4xwih6Wbx6e{V^qbJa%NI-ljA-F)}OX&v8^Q;A=+IcnF-G+6(eQp@DiA+
zLU)?2@}~?k|12B~WaN1ipGRr8wCtGcEbYSf`WX7hX%h6hn0(9(O6?w5a2W~uYQjw<
zi1G~I0FxBNVKUAJgdX`>;z>c3M4obAhl3cc+qJk0cg8N1lK7}m?umRU<Hey>RJCY=
zG#E2Zj<f0`AvqU7sOHfjQt%RYA90yN{=xw!2ho>!%x|BaCTE$iGTT$8-LN!ixX)p(
zK8qwG8hV6=7IcXcvZ{Ur|G+W~5zET6_X4K6XF*JqAJ2-6M4i+Id}+ht{g@;@e=zQT
z6o0QfPp_N%%)$Se)9sRd%(nksFY13fojd!lTlrk8-s79u3Lx@xNAZnlfiNwUD1US^
z&~GNIfWDca1Nx?<1Tt7lDxmLYX@I`DUKP+cGj%}UOtBLCrb-+1jjay)W`aKGn+Xb`
zZ%_*HjZ&3t11C5f6;&}8RuFyTXk_?=koFuU(KjU(%^#GbFfqcUqVelEq;t0ZqFX^S
zYHVO91KV2c8&TQ}Xj}u56xHavQsaE1O~krlAVw-A^!b6>_X@2MSibfy{Cb~x=)XDX
zFW1Km`oFfax>ltBtDQUj&#io}mFOW6K44x`odCj5YKlM83amA+mfu24R`Rd@)~&!q
z$=?>b-qvb<{MC`C9eUdSu6;qnuy%>$xAnV@;}c6ySSZbl(VnH|Z#NoJv@@${M;C3o
z>Dlqxg<;_RY>WvRkx<7Ax#X0NVxQIds+&S;cjL8DJCM8HaWam3<j0Aap|34@LCQdK
z_lhe}F9|d3ziT8#XL!TI42U>Ex@N)s9WE?`1h2?seG=hS{xrbr8eJa)R;u7DzCq!=
zF%HjYAmnzK<>|PKfh~-GF}#P@jze&Y_c_Y3<Y<7h&{7Jil)GU*4D*1K0K<=_|Lf5a
z>gqo0+{>h+h;fnNkyhYPS=QgU{);N_Hx1z(mH1G0(4`wSX^^<-iS6-NoyN9o-4oPv
zE7%FM;d|5aTOMMr$~or1;8IX<doNCwOI6OVG;GxG6$?q4=47O&#p5hbOghA(|5kdk
z%6{#>p)~ePqpU0l-Mpi>1lMF#DrCd6_*;Gd@};3D03wM-No%9+(J~{8sKhG~VIS=|
z_`9L;fOdPuvktUpnPnQ_DXCP`KQhj{%H5kbDz7wVTi065BNP~p#u(SjkJukqwd45Y
z;x^4_>-vsF<_Fs=om<-4@)ZR{HL3foB9puUjxuDzfr*@^<WtUbMQX6cZEKUI(*6t2
zsu2TT6ewY_MAdqUWXxKw3LH{P1zk+uj!g1cmduTc@Ld<SHKu0Lc+#7d<;hnksAtc=
zB(0u5*X$0GtXR*T`y1SW*3?OsHf{2<WvTtb^oujPXS#W+q;MS0D8|I`O_^+Mq14$u
ztj2g=L~@L2&~6rRo&q!w;<pPS4U~t>6j0rxJp!8~q4>qtE>WW>d9K^7ORay)YE7n7
z>cbU`2adjDO{`U<OVoAoA=ye>EBi`Ggo$XJOHLw0q(A)O57-_11l_w=MdiM>arN)u
zGwuFo=jXgiAJgxD?e<E$6#r*s`Og36Rz6=V|BGCbzA0vanL7pST?Uxh83ulf8DL(#
z-IiQvD*1qUa+eF{3V936vfAl`w`ylu=V+y4h4-&caG-pLe{*SLWMG#|9HUH`?{XX5
z<u<s!)G@84S)|=6@t>JK=2B#Q)Avm&YWNy6%UmOczM;%AH%_5{*GXvZNcA15zDq-c
zbUP4uT|Dc|@fZzHFIMlG6W@fNQO0@kda%bYQ!BZ69WCd$c-3UYMtm2p$P&Jb*UP)3
zOH^WU@x?2Sdza|#tN=_dU1qPU87!$|lZ_dCk2$jp>k{_(u+#^)48P3x-Q{As%f)o}
zF`sGj-?V%6*#G#sc>Mph6)1ie|Nj;~GuGd*B3I~RhWvkJwL<>CdT0N2E1#tYTi5k@
z@ZNjiD_-AEfde56UsjO^S>~U@sS>2!({pqWh(_Z9Tj)HnEWvU(=RZcd_W+(c)?Nk?
zU1P81rR7Kd^6JLw^2VBL?DhT{XSU@1QDi6nV{w%}ed0WWQwSfKXEi<I)0*d9H<))n
zvzwhZjmfTgzDp0T%}|a8yoYk7U=aONT*BB93I=_B-7I++c0hss2whR?K+}#6a&&EZ
z@S-8+QT0zr)NA-JHf^)2<xTI4ckQ#@ag4%v7oZE1SiBE0QhzUlf-m`-e|DN=A%!H!
zFo8sxbMd1ia+4CvG<KF7kTRTLsqDd8*9=btlmRGAfo9+U6+`gHS?+gFVb4FH_Z%qz
z3cWZ=!xR4jqNsvBJ%xsh2^+ScYBe_fr3d~n_n~hr4L`&&Ntw7&9r7F+U}8T3pem08
z8;!G5amR<IYf`a>vPYj=Z|aA3Js6Y>h>JR(LcL~$L-f@c(O!brmZFFN7AEprPjku$
zsbo!cTJEVSB_=mv!*6O6O<mG%EDgx`3mRHnDb2ld=6d2d$6zqf>p)I&Hr|#{v`MD=
zScja~Bt_r@RnA^z=?Bk``X&*&#V0s+{{HYG;M9yER)fp5)YvQ)>uOs=U6SzEEonez
z8hf|=0gcBNju!kM{Kd5mf+ic=T>#Y1Dkmc>+HTwkZ6e2BCdO=<hyh&$Z_ystkE1T;
zUOc}^BCSJbR1s>TDaYgfyOqv|O%))d{s%02Vq3uyj2iw)g84PkLTYn1HP9uXCEdzm
zr%~u9%FN3-`%wFN?jB6t$}TeUo$1#B5YYPlQH^LTKn_C*p^dT3-yKlj8qxi1!@r;D
zdQN}nu-tDrM`3%@qwY5*%`l2TQP`&B7;oK{z4U_N(l(BCPYX6MsAZ(Fg&uDJ!Py{E
zV>FEK1ens%jh>M~uh*eo<~t<q$5f4|l6_Vd5#6Ho6PCxc<CZuE);bJgMNz6r(k;=R
zm)a2^NKeL;5tfWhWsEmTak^+6qF~`J5|#s;j(VTf5?H&`0-uy=*hj*PBlKir<W?nQ
z!@+Y3i3rbMyxl%Je7e8?Vt4yh!`%bCH_N@;2>jou7)(q-{87R|9?%e!H}!FdZV!%s
zCZS#voh8)q4lPLzB|OW|qU^dEdfHqM+_k#^4_aPOZcvh(>2_h0QLV8er&b$!88kj{
z7AWItLER3slXt6Y9}JtI$Tqw{65Lu@%lz>3h`b+b<$bKt2$h~iG=er9R>DdR_S-=Z
zqB~z7J!Vl~O&%|V9#l)Cht<Xnp+}L3|EAF6Aj}mW5E|d;iJHmYyzGvj>lDR><7)n6
zf4Lz|EH0Y!Fe|ihlhpag5S>>pvHMzT=e~OT;stKMTiST;2D#+ko5<Ujj@#5s@*+$S
za5^W#>DXL2AMbHA&>Z-$_LfteP{-Pdr2%{)w~@Ikmic#wjC}d6AQf$suZUFEp?t~R
zZvg&+kB6}fahDW)`QN8MoLB#IdWAk_`2Vj~#Q$4a>)h#oZsYUEs2}&jzQ6tUuX``{
zw%;86<o&USW}u<{=(njQ^6MCEO$8YqoRjpB4J&h$W^s5dQ;l^FS%b7o+tv#a5s;i7
zg`@B*>7qq%j~Q7gX(X6H5be6q6dg8Gst1aYZc9%Xbdbp{QQP=jg^@<;+UNE%iLS_l
z#t=H6qMj&El#DV!%T{P&gJ$IW$_w3S8=!)`33@&KNQpx9OY{Q9hIx32IukP0DpF30
z&Ku7<Ezpsc#VlO)L|WDdj|Cj4>-NKeqvaV3AxA*LVU8$<eBj`K5x67r3<k*=&mf7>
z5EK3EA2aBl{Q8*6KKat}Uor+jL%0Nj=N9}i0=B>i#nfgYl)}m<gRCZ^E8cECQ{alG
zw3Hbb;`i?8*C9r1OTRSf2m3L8;Yfw>o864*H?)OSWl>Dwrd5U>!&vn+jP8$SLmrzC
z{85-vtUnYxEYiZEvuZ-`qg2aVGK>QmMiNQSUbt2P&<61pz;LKaA%kyO`j4R!jzbD3
zD1PyTz&JG$=br`{1xD;g;h;zRJq)_1qB<~vLvdUhjG`^zI?$3*h0wM#2#Z+2!={xA
zMkDggMkioPFC!|3Zjz>9HcB`iyV1}{07+;>MPpD6q3W%NL+8+#12_~1(Q(V4qNP5y
zgHGL=lG@TfW7N>on*BgVjoRoLdeY77RQweiyQ+k=)ZnErh@00aUaD^Ea<Yh0Tk~?l
z^EY>e+uG)3#HpL}Xni&Te=$o!A2nfy`9O`>*XEM`b3Zfqe`Qd9r9P(f|DBb!m6am@
zk0yb4{QoU{uA8&p!{`x9`zi(na6f%C)WG8&xo8zid_JQug?)6Gb{>5#ldtKAsd*~H
zy$O4-J&ts3CE}q#+{olzx8+xcfwQ_qz0<J!DGko*qa&W0Pdex<`e%5QQw-m*C+GcB
ze*fSYsCc0P3=UFgVOEu3Ft|VsE{Dfjp^|-=kx*Zc{XsVw$GK^SPDp8oVzX4vxKIiE
z#_%U)2-zJw{Zb2N6i^%6^U(4mqOi=sb5a!bG$ErVbvu8#_ex*O;d}ja(?4(c_4?<A
z|Jbj?*B|`P{sugg6Vz1P{;R3D{a3r<lgf&BmWsBe;*D7;3a<SYY!vPJ?wELW{!K`C
zW!mUuT-Y+BqbTvC1iy&;lAjL|8u#G!;uDU=zva`9K|tS^894L^Dq~bv>q(BO!1JN?
zL?@h-W^nfvnmLZr{1ij)Z}~C`vfha>q2Y}HpJg4CIT0`*t2fM<d2?8YSMDR-rOUM2
zt756pNWH>B5)__0@GRJw6iNw=t1eLjvcKpqgli+Qa+7P2-ToS6^RGb>gX<`MYw)?4
zjB*3gPHA;~(}1A-#L6qqqWMJ~nJ%~5Xw2R)u$HXovg=L4gtoiVH)9c|S32(9>MCQ1
zw3#a$QAz}iDyfVHQGY04v8kd3>tT?7By-!k&^)Erj44(el-%1tdba;+S4;_+@4!Du
z_%PU<O#+K-3lBvUX9J^L1r+-h+fa*%a%?vGosL><y8_06pHh64bg@QD%k7hLzR*=2
zhw_jfKD29K2UOnaiA%$yhgGe&ORcxv2A`<sG=H~gd{k<3i!$TMVkmBrPCSG#4|}oQ
z#8Qhg2ZXL6nrH*B#P2ArMUz~VPK#-cm<!YRppQT36)&l=al4_CyTa(%EUg@-i%;0d
zME~sOpDBo8Ls5n5U5w*ab5hFeO4azRTJwzBe*OhHUSxO+@kNY@es;?FbizR}A}5M*
zN`moG$lk#yzNTD7$Xo~&V!P;q-Tm~_%X-Ee6ZRyGQMl`Z4S?R{STPyhB+b*&H*byX
zsUGK}d=9m0UK=5_?~TVLB3LGSBi{Uq9$7>W=vS@g5<bAINHfnecUDbsoB+74hoAG5
zlvw@fv#)#|>YOWzb)HGw1=z#^#T12tpQ2=pF{o2)7my_z5Av*GA>j*xAhFOetZ$F)
znFhU{8uGWtO=^X2n`XqaETkeF1v!cpGMkG0p?KDJ9E%tSSO!qe;ZS=ps9F0JTOBFy
zhzAS)x8M3Bj9`vG2MdZeYEc0ZM?Ee4a7fT8tprXhC_T`P_--r8hK@)o4tJSHtW4S!
zbObW?GyrxdWJ3c>3G~Bg43E#z#j6fC_;JQT#EC)=IAE!)<lx+l#Mi6P(+ewP(#%4i
z6Lm(|Mv0l~G#2rd1+42hE1-?D5EY6GIaAFbJ}2DdY;AZxLI=koAa6(oBwL(4JIo?T
zI>v;?q2ze*-DFn-=wz7wo#WZE7GE;+72J1T5ZUFOP<IgHn$9mG^U5x);&`h#f6|Z~
z(5TYtl#_1u*zZoa%N{v+x?!*{%&-U>P~$urV#MbheqWFlx1wO-&7FEtMhR@{RY#nF
z#gb(_v4j}{n(LE_Rf>#%>w>ofz#?)2p_C9nI%oy!<Cwt-#PXWgP6<X24tHN4?ET+e
z|GW10ooklv%KD3VONpM8q^iKp2=C(XDS46y19L~4aI@nu`*kk-m`8#~Bo(cs^U^%p
zHEb3iW_gJ0SDl(!lt#BSoEks))|(Ce+&Zyogh+Vl@~bH@-Fc{1lRAO33kT5jHN%D<
z?(pH3H8?hGe<1f&DqxB2=<!46xokKX$PIZ&1ca*-c!8V3*emL0Ch^<T5Uzk(-11zg
zML4oq+Ac*bvD7!rweg<%R%u&QX~yX-(tpTKlff+Vm`kn_h8aF))NA_1Ms1ysY;L!J
z#zme@*~{W)F)TE>LNP?<K-svdlx>)P8M7nwZVl&V>gJ{+nV{2T<SC(xi%yqBp6fw~
zFAo3A<KKC)f3W+kq0qsZEb)W4M2R?U9;cfYGrGXvdE>u$PDympyzd{FLYSVvc+N(R
z@E(<pPzG8;GdIozgabB~cy`)YwuOtbZjkm+r-vqXhQq&E%$u!9z9Q<m$M`78u8(*@
zV}_(!gTd$4agDX#!Ltu|Ia_!iFWAGw58uwBlNfJb7)9ZIx{%rTC551cmePfWx{l;H
z8?^zbh&4_b>%)iU(HHk3Zw8F<7hpVnOvFWlEsmqKm$2nF2l>E<Tq#eIQbpj`KW@ro
zwe_V{NUmBW&IsVj%c;Ln8tdFR=NV9y=iE*0)dT1_)ArIuu7Ng_byLCg;&O}0__^9{
zXj7X8aYk7=2f_JG?YxVaMO5mk+;h{q{kSg>u?m+cygM~~n=DUM0^ghitiDDDpMq#W
zR>Dy%0BMrJG<g*uf?_FNp2EUBz}X4ZU>#|8H%BKgZwoV>c3$HCGI3E$1otE<o$GjG
zK$>r^4%9Xe{OQ~0M|j@=Itx_`mj?$^mJ81XX>^Bjtx&9`DYIy`!$p-wOpn8VSSsU^
zkFRaoH`ixA`_HR*f6es&T3Ic{e_Vg`X!Xwi^EN)pPz?8!as8rS{tbwvu4Wwi0>`G6
z7LssPXdcGoBW9T0T|%ODlwH9OP-;)&(J20u3_g(q5V9RZB=8wUw)eZhO|jPxP-(n%
z`Pm>jbDgksYSBziVKYp3Hk3ncNph+I=iF6!ua$FC69uwa2wVU#+1!wxzBrcbak9hA
zR~NgMuOJ5;A28|<^c(*;>;~g3w1oa~A~{i^rL*81xr|{zu0Rxa#qdZtCT^C9+F3Fl
z^yu0Njgn^8a;y<3;E<vLO$_yP!gB2`?fbzo+^+)3uu7=ZqeOH`>(uhEQD?@G!ojQP
zFT~?%#~u~K`qV(SHPJwry=~f^uWcY~J;5p47Q=czWE`v*0<y$FmVy{SOC$iEKw-bB
zjyM)cS~XC$k|qPoP7i9K88B{Qe(2|N@*l}j+e^mCx+q&69d~RAz0T4k&oOf@`(MFe
z`pE{n5mHL{2;Dz~jaJe@bWGD4tW9c%C%|uTq4~Gw1Em4sB1-Y~pn<)8zn4acc4L%g
zuv$nXziGhm8=Gze6-ZUl$UT_@9okJ&his}A*r5%unYjl_FCWm28RwE9coW<%v`?@t
z;-=^prIzc13c!a&VHkckQY1mfpeldStF)<?Pd)J;jP$$d)}ou2GppRZu#Hl=#vJPX
za;15U4yy)t!CIA?7{|Sc54bzeqFMZ(ofhKK!N4yb|NGHud-*Q@_icPGvi^2jkc;#&
zga2P&Znxd_@3dD|?(%=$%4Z39st5j#URnM%I!~jM)7<|vVTUjI6_CAJU4(zu{rYL1
zk2aQ;&d$zSj6x$W(@N44L6iozMQoalILxZ8U|Z`;%blgpvfpWMv^yKCkAMeH)9@r1
z2)E{VG@BUPQ$ul2_0=*Dtq~zdX3M+aj3RgQ3U5{p7-LCN>~M|tbG8eG;dM{bI=j#=
zv=$1+&)V$7ME+4CYBU)wTTEKkXxt`tv*=euvaJj`s$NR&>*A~GSV%0=Fr~<oo{U-_
zwk@H}wE2E<X6?>lR+!X^@qTfaEBjAgE)xKoV-!dla2B~+!tGgctn{!<RL|loJN|XK
z-rUovgqSlYRU)$|y=oQsG7q-i93HwOw_~C@Bd!RRD%knr?e>ekr<etiF_iQ!e0QGW
zZ4V@h2JFD8{NXAl#=?M6JsyvEy$KVzDTM%<ph*DIA7AW0-F|Vf_v+d1Uom_Au?iio
z%?Hm;LkbK6@3b9b_&LgQ$5ONc;grChq{#6nfNiE0$3;J7O_@fdvVlenI%|ZB;Nl-p
z>ot+}7<<g(wkb}GyBH+NN4k9}S&`ET0tQAY!&hUXM^e7wR&a5V)lc}us7OowKx1V?
zW~)gj?7Z3T6xT-I9dR9Wi*Z(M8SO4KLB9qqe1vOgYmfxJuvas1cVD;x*C(&88Q=8!
z)$1*=(l*X)6<Mw|ffAMXrc1`M*|V3@ioj^Q;;K;JuIYe|xmhE^1G}(4h`PC29n59v
z|G)d$Le1Jx1#~t9XHp40vp6$$s8xiAWAEFOdnavv0NjYP!d{xR>!vSa^{5a9fIYMj
zR9DF6qcf%b<jaaVSc3aTnMP|m8&O1Wf<hfA-b0Lf&T;dxidqMqBLZVoo%!Pt%|L*H
zjY&p<fl4PZpj-l4{S~=qfwgW<)&OcH+FIW9qsK59_=C-80O@We><~&yC&Sjv$LYI^
z#y#USl-`ldG>O(vIFzWB6>bG*YArw2@+}D4aDh|nYhOg}K40Z?$@~9>6oNDE|I2GD
z>!tfYyuQ2t-@@kx@Bd4c0sz+4d^i97pY@YF`!8Q_A0GX5!|b*GOyRRPwU$P_pTZa!
zG;176()>Fhs+ZjVP<H-4X5{}{U0Hur-2ac-cky3u<+HfxEiT&opMG7F{14jN?sk)u
zbn?Ilp_W_vD3S$0D30>fnTImKsJ$a532SX&d240@{+qR$=M9oB6h<!e+1{Ij-PcfN
zVQIm7y#HLD9;v7MFP<GaZ`6y|`_J(wj1af_k=+XP|I^XS?KgkM0zcSq_I^~4Hx|@z
zFfJ%MWYT4#sqUIUSkOQ>0}c=P@P35xMDZKYl%_9lGF8+LL*JwrpO~oNCfb!T1D)$p
zxYJ<(J)H2*lWYuaz&|W(K^ZK+P(P%&{5)}9N@e~5-#w3UFd%9UoN0QNM!9$usym92
ze?|F%ajqnL2duA(ZRrZYo&WkpCIRcT^XKg!cg<^0)o20QoWgUpnpiK%S^z^71Ju;x
zS_59VXGgu(TKWO;cC+TUT7`3^wlvPtCF*?%=tdeMbzNF(Enlk2<tm{%80*!1xXkML
zcC88TOqlV`gelXEv!r4m@MbXSl{G}bJqr*QDo)MU6tWC;0wE=FIZM)yl3WoedfW@r
zp4<qdFtboZ-FCN%*Iz~$_hG9S9*<9;Ed4FMWE|Fep!j;ofW|+?R}!wM_?V2uldSld
zaeqtpK=JKykm1XtAB!)5@N#r*AB}D0yV?;i_P3wyJ}W_CuFcpQr6Crdb5rW#Tcrlv
zP5NdRM^!H7sZpUgk3)r{=M{AQ|B$C!Knof+sYcw!vO>F*R1WD6l^2;XXNK_Zi4Ykn
zl6qCU->NmOg9A!&W3p`&DS1b2eDLlu@%8ISGwWEWf!+l*Mv0mtoj@(rr0!?_kQ^~W
zn1wFJLxSEYC;-g}N9|LSFsyff-~8|pwq!5y?%nI^L3eS)wN}eHj6|dj1qBX-Y%M&!
zpawpNCF^s*=zI6>^*6|c$gks@dt$@dh3~+_di;+(L@_NagH}O!_);xSNpwuYn8@IT
zU|4y1=tX*@kfJW5cOc6G?MlePNNdMI&!iIjV;h-`|0k4T0b{YyMpgNBnrHy*-_IH~
zKI*vfMzKqUklZcdI#j6rzXEnHSj)+U8X91#iFb@FHn@-%Qb1w=Ooj}W{fbagoWLNI
z4O84tHAGUJw$e|jqJm-qjeao5Lcu6$vnlr8ibe73s;<?VYKEg2)b)<y-&mC*d9!sQ
zN@4vvPeb%n==Sd-a$lCB0Pf*O{7NIQPazS1Z#__Zj@dj64Kj<I5L;<51DMKI3(N3G
z3Ij<7y`zf3EG}Nla2!r|;*jKKFgKF!{I*fFdube1tFTpt9~F3v!T^oNO<lhNp{=GT
ztoXe-TP`(y#m!Qt{S&r~TKqJD-d&)KN{Cv2_xIL^2aVR^pOBE=Z_9Fw2t8`<O1NuK
zwXmbPSM`$X*~HT<4d+?bei4nJOF$%e!%h5q3uDYgdF}dWnQT&}k^6tV5>SB-A(t6U
zvm&RLQo@H{3ukZBI&t*(ou;$OP5+C-M7}vFx2;b(QsKhrkdw5$s8q3PVxka6N)h3k
z)sjPWFd`dQop5w(SXCU|WWTREC+l^(EL&|74`x^^DOtC+qS=N9AFM4^Tzq@EHFG6v
z4$G}p8qKSLg&zpa)KA<L3Vd~nNvEKXF`k5&;uBr!=*O12Hr1i;DzdE}-xB3US|N9m
zchdC-p$!O0<T^2QP|lZ&9~jC+H#8I`5k9yyj1bqg-nnwCEwJ)dO<R*dwSXfWf|4zi
znOd8`;64|$(BN(A%>peKC+eG7s5XLbJ`M&Lsfw<4E%*ZU=r26@RgDw2qEtvj+~U-=
zwWI)~l+)56Xe#=Jw=#C!xapeemn)TFUeR!#jzjkVDJ`$!hKZyz(W<z&@g1`cWT#)m
z(SBoV%iv}WcTV7Q94}5X!;~F(Bb{)f-)OaJjhZ3!xPkldtW{Hwl8-=Uf%MB+1DFJ-
z!9u;Y*tp+XKsCB|kL|vak2WPB2SQFUNTWToPUSe)*h$6U&I@1jcW0!o&k@)7u%Kz>
z4LUBEAQcG-ou_y_J!~5s%~dlq#?F=OMajJaxlj}`3qy1-S4-iN54i)YLUrCl8mJVa
zMTiJL*URS8;|dZ|=)ca(?~)N*P<I(oc8T1ECB?KxC96P%1e{WV79y*t)uhr2SopoA
zG9Hnr#lFcQ*oJOKrXsbK*M=IjS}i?zGU%x!eoQH|Dtw?y*8Vv9(GV{S@v<UWbR@K}
zH_GNLvj}3vW{(vS(cQL=UTweJHG`GkTdF;I_);p<4<n>yu2BQ4Mr<STj5W0+BDwbK
z9WqSO$9CU7u>rT_wC?+LDy0~wudR0Z&3tC)|H9ARaFpL@{+H#omF3k^{+IU3o&N7O
zKG*Hydq7U7KI08iKXELaFX4+qH)A8PwzT~HQs;Yrd3~eZ-dJtlhC8QmHMn>V7@5Is
z=YVP5ToRa*L2?ZIAoc}kaMAy;ToBDS)AK3iq@}QTG^G$6Z4_2_N|9c21c%LORUWaW
z2ZBmgjzlvnZPkG<-{Aqq#(%%oc<gY{z{i=+m!_1E!BY_zGO7rsNp31_7XJ9+ec8PJ
z5G9A{x!(s~JxOmUoCs-v&eC91nV_W7P`4aJw0$+hdduLmQ?|EnJKi9Zv8I?{JWo`@
zI%=fKcSDa8ABd$Sv43@Kqp6Ey<NygJjQ=mZ&csUFO$1JGErxv+Bja+u@MR~!Y*mQW
zA|NL14P~M~A-{}YXlBZmw(!7A(T=I_7?2~BwNb0ulla06bc*S#TGm@i6Y-ii^v!NB
z1n)SWxW5bp9jo-IarBG9^QU@&O^Q8SvE^KVmoag<h<%eNd?BCA9GlD?Q4ziL)^qlP
zzv#DF=koIHi^Dg&hqx&*4BD~{K5Rqa|3dq@`5nubNaBTG=eC@7mKK0x<G+FDE$slz
z33YSHulQ)5oczi*tHkN^iOR<B%Z&ob`n?2N`i*|(yZ_y2{HM<P`daD!*Liez|GSNk
zvajC#>(1`$Ln{Q7esKK>0oBz|V%bz(4KZ|F&Pf5nJRF=;a2B8lJ&NmsarP22GhrH)
zH6%t+lp(GB6!kC|jYPCT!BAGXl~Qtf=(OcO<3RZwn5Y+i3J1xE#E}x!=%>TO*Gtdg
zzk`>DuT`5()I?y+rD5m?qaY1Qz#HHtm&I&4?>dHJ$~o>*fU;XOO{2sf!H{CkNiW@`
zNAar;Ps0ocqHlO7sN93;(*&YE2V~8IjN+r~UZ~T|&VY_WuwEE&vW39D24$xd;mNY-
z2~e?;Nz@xrm_Cr~0B5LtiHNc8nM@KK<0n-?5@piEFw0OoQitzUyMZ%F27}}b2MJxZ
z;9&8)Xs?FRbjICom~kX5$_OPX3V0mceU!00F&Z>6ZWO%bWf#w-UV>RFh7=IY%wA7C
z@#8QvbC(cbI>b~BuX_5eMEcSaT=9i1jfv;ZO|jOtMuD&}HAV;+-IGKFQYXS#V>I=B
z9Qj$4g@io}yo_SF%53N<2TYO>U^ttRVn&UNsnjIFvwlp=d>ozzpP;GmGqA3JHiPJ6
zD7dW)nr<?Tsz|B{x2awdW(Zge4s~X2nhhUiHhKVvJG{ImR<Mf+z`5mN(Bq}~S>TRg
z%FYtqTa%3k!yr4y6+?5w&_Y+577fIEVDH~Vqasfs$ORiHTv$3D@w~<vM%n775gcOv
zM0peYq;zgs-c%7kY$|uOc@u6WGtU2hKDwB%N7ZLW{_pmB`%y9e<NEqt{_k7)TpMqX
zAJm3DH^-z-?nAbYL3}bs%X_wcbdUQMxr&VQ(<I&SpV5wc1*Gg4A3GaX@R9cG>Z-Vk
ztSq%x{pIgBmRC30YtDwf-q~Gqb1=7OVRwM>twrZX(I<xlI>qgD*?Rpt`(>@8F&h`9
ztr(e$2}ixA3}VFCMA^FQ_o8@L1;pB2zaFw-mel6ewrkT9U0|FJ%5PinRF}v{6$SE<
zem}_LcE>J458$=92C6E3s&oBI`I@75vg05ydDp#ai#q!f@~+HkWGW9=&Wr*L04?D&
ze>}n?GO%(*c!zs0clX~O0*uy|u{mJ$0}Q~Rw<>@J8csh&-Oziz{{~BT$XUzI+ofs+
zaT1>oIaghloh2zSEfl(uSjITfkC6pJ+ZpD|DIO@SYfCYr#}uhGKEVJ4iGQAqQ$Jh;
z26oW$-X83}LFX=9GVk^F!NJe_Z_quUru+Uc{SE!jYB#W~FMtCY;I)7V+xF|d8`+Fx
ze?W#k#>(K=Fa8(LSP>9EfUAR{$N3V%mVX?n!rCNiZ=~mSpq7FFPE|CA!Ub;nf)lze
zyD>D4K`PO*4J7KnawqW57dDc}xsKzMW2G&@kdG=yNyN7W#l>+L1stduwTPOvh`8a4
zdjeawHEiLJn4}u>Z5)lV)7Zd?s>yS;EF4g8b^5{p!L-k^uj&GfhE-aEepl8Ex;T$|
zqpESNSKai~AqUx~iXoQ<Aq(6cU9|HFWetwN6C6a|ibhS}`ia1tG5A4p62+L>5|K>y
zepQe82>Kfi;jF9Iuyn1-Tsq(+Zg>X;;a(hKsM*orytE3~4&Kmyt#w*x)xNUQ{?bt5
zVXTO@M(~i0P?YF)@>p=pH8XVDBSLemXfV}dsM8pv7y`+b(9T@)O7tuY?NjZ-fN=(;
zotRLEj5M@<zxS|l|JlqxHLH36w=EzQO}__lYQujWvvDauM5k%{gVt$$P1S1={{oH_
z%=c;fw@3eu+We;@6SS%kGHQJ-t@X(AK_#Q6dhLF%rTz~KY6jgf-v2}ex1g&BowarU
zA#`SingRT=_IU;V2muhfRP_$+nxa7!I!xbVGbvgfE75K&Lq+u{R#?%<9lEMng)l&+
zMH*Lc;166>G`^}AQD0B5NR5th!Lf^FtIEVK1%lIh;<D3ew1TZ*_dwh&(cZ4kXCy4I
zvjLDtrB^<%B!k8hytffNHSV0`s9Z0iR@S`VYZ6}3+)kU=igK)}HET1sGIWhdnVwXV
z<I24|7a^et&iGGW)h?q5N<t0v(PTD+Q(18YScaumHGQNzNi}_LMV!PjHIEoUQ~tdG
z$>m>snW<_3N>SP=G>awn5zjI^fmsY(pFWA4?I*n<JBh#D(@`%y^r70O)GHY7S=*En
zX|V>RSD9aPM)tg=A6O30$fJ(qFzW`Ru<l?4RUvm!02=0muKoSp();%x*gjDoL8ce&
z++z2P(lZx*WuSUg>Noa+@x*ItzWCamuqsOPB|l8gdJ5EYIzGzZrXJa)kKbAw{(PxK
z95&1@pbx>r!Y#&0RUIc%fnazkvDZ^5T{XJc{9hHiWKsMP2r%3@x_tGfw3kX|p<ru)
zL(*dM>d+7LBfx8BYcw8?=#f<%hfar;z^m2$V#AiC%iN;ocC!@DsVx3zNTGJDMJ@7}
z^cE@wfVGR*AibBI#p2drRQh@-=ec!QhXVu)jj&1Lbs*ceYMd*)%SRs=qRdatAXXa4
z_HhR@EKJMAdRzr-VDPJ6ql0x3FOrLx6{6NO6hb4I+3bUXBx%yfPm*C5@vUV-n*muv
zTKlG8f?g4`hizttHv^%0!=Tw5(7>y<&TUbke=d{na1`Pgf!R6yQ@DjvvJ%ckaE7}E
z_k;~cA!rsi*0$ibp+oOiTyGTPpjni7IwPWD|6_)x>pN~PM)ymkoCb3-QqEOwl$3K9
zHYo=n3n{+>Rh~kQ+f0r-h8$m<N-C)xkw$}5^c!w%n2B_e@AT!p>Cj4^{xn)Safiy@
zlops)U;pN;-g{Fv$8;{Nd)BM>qI4D)2*m(!Sa2#6*jZb?2n)#GL-5b6?y-zG;>{Sq
z@`VO)l7^v@TwESkuVr258t*UTs9H8;0}Bh)u9;c4aZQmuLN_x-8z=RwDsHA#H`2;G
zCyrLS6`!x`lw-na^;2|mdZV&ZBMXJOrcn=F<rG**S>WDx$AEZ9`bR+uv!()u$6<G&
zPn3KKWt`+OgsykJM3<pP-bH92{>hjHmU)~pvo)3xVD4)V?Se}qX4<O5e=>6XhTi{b
zLgtMn#l?rM(*zS1)rL`)p;#4v;<dR}l-QD-*s4Ka`7TUfZJ}}B*|B{Q;ZZS><56Wt
zn1_D1_>}yt2?6^|c=S_)etlcK<*+GzzOS0;_U+BscQ#0gE8&)uA_ApB_ar(`ZK>Au
z?q#qm$-kd92VY8yz!))hB<HT++~Cc)sd{RZ76#5G=}P*71v*R7mPMW~V0<fI7lZG$
zg<3^3^DOR&Gz7K3BZ#-^t;U~f2KQm8!7y{tUzTX9fKJsU8J#VFu?NS^pxUK|hq(11
zs=4trYf;SZw^Tw+o_^R<FHonva-(FpQ2_YIN$=bN1Me7T2?_Nyx5A7B|7@vz-?|mm
zso96rJ0`%>pi=g^`d)?w?V(^wSEL#m@f|;T-WCdNRY!JxhgRs3D5B9QQw>b$idMy3
z9lzOB!@RK;4j*2OYFIVsD^m^nI-6=xF{T<^xkxqWX^Cp+rxU0~Utc!NBpq6zbV2Un
zRzxO*pR?ZugcB&iuU|BrTXI1atb!jLk4>FDg{4u8ibYWO)(!Hy!ZAz0GXc-KLnXe$
zZ}t+KH`Ws4!x>9lEUm8=x`I5ZMhUA2`YMV?YH21)P%%acuI!)$Gg9uo#~C60D%^lj
zwL^uJkSliDA#ThRXxK<K17~2<orKe9fLUW__tWFayWhnQXW#2r*1o@W`=1&1Ul``~
z$_8LF?7!AKEA5i~_v)Sh@2z~UmqW)}02)jKI{Do}guLD~Td>yEjKLIgk~P@+_hJpU
zy3}6rmmh5`FK={K@2tUQ_k3+8S`$sM#K<KYItFI=dw%<}x$V^o_Fjl2zgL4VOTu5a
z{hDph)l0f8qC}Bn6as6m%(}j#3S@Qx+mIY*F<uT`&LYlY6lOUYU~T`n`|8jfi${Oi
zeRHt4|LO(+ipje(|0T@IKMgrV8F_lx^75uXj{C`gA~$hlHIyk+RMG1kO@VzB7F0$>
z8t<kWqs=xAqBvBM+QeA^*f%PmX0)ZhaqL@sCpsy17{E5TNotIP|6z}s5!OryzO$JP
z(&OMmOY@+510qObTY%;<kl&BgJZj!JkSmsEB@#XVH_5pzQHUNQpa}<|MCwFy)Mc!B
zPrr5Y%xZtfxI`QGvj_FogGSA^8en;K-R-AQo@;Fw3{W#4qBF_}_F<^zTXW<z67EmN
zfDQ|(L~AR|FAhKR3ix%N$B@F{A7dJ>0ic<c6-uv8_43TSMAA89wT~(u?n#_NbQxZp
zDk$F1Y9*<aS_J+JcW;eV_V_1{{34?-%p?mi$5#+h=sb?<Wwj{F!|`yrZTHbu;Wx?+
zV3zpT#WrH4i*<RvYD5J&gA~3Y>F4g}JPkx;lCe4&?uyraC^(v!{9O%Cx5e)1IQ|&+
zY9Aa`a+yd894c%&HB>QoK+kSQdqxwc&})`28_7>EO7ru{b?CJvlm61Q%(sq?(38rk
z>>#1+OPV3&p9e|;6vc;qiZSSt*hOlK3Qr`Q7sYSWF!rx(V)I1&?rnXdY{|{m16Ck5
z{q}mPQ&PoYOJ#DV#Ajx@wbD?~rY2CK5II3T75|~w5B2fHUv{N}Rx>=7rUhWaS_E$%
zro$)>DDeBvn-|YZ)s+py7}atVDs>d3c@f|^ghr_@-r=b`R$n+PRGKb+R7i5&n^OV_
z!G!4nkN{RqvSvVo0U)7i#wJJVTy!av`p8>_MYGTUiZ#|f%!6Q61oexEjV#lMnLGY>
zw9!#1)wCA1a-&#?Vs}N#gWB@@^nHx~)yjC|?AW3a-(RVcW=aMq=)#T~?iflvQgd(;
z$*}Nj;_fG|-Stv`#~%SN+F#uvL3B(dcLWocSnic%{6ZHFVdgCdP~e2wHij=Sw))uB
z%1D!FSE5be8;*MEbb`+UHq<S9EJ%YYz6=rxHkdn|<&|(+_DUejyj<VZ#5G6VUBo8q
zlqWLTq*WDAMi~ae%4?&cyQ2$`<!gaCP(qjInQ1dBcRf71>hSh7>A@W<jclMo5ydVR
ztzmumzmoXKrs77()aA$B!<yBaqm5Qd^e%5L>0^eE0TxwMxZ?grDnJ?r%X~Q`WKqeh
zD%wml){JOFZwRw#b~k=Ibr{OZ8Ju3!S{Kzpb$!xkTQszB5z)Oizo9SMfJRhX;c$fX
zmdlE1;uJ$0J`&GD@ss`-10`WI$bW|9nbZ3e#596178WFAi_%lr>RNtxjDi6J@*x{|
zxW|&Zpepvfh9--^uPp+lJ;_gN!uhMZAH#68h~%VJZMZPmILNjd9FnOBuSi4N3e920
z#+H?|0bC0vGPo=nuXGKwQf25e`PR$r0hdSn<$mwM{TBS=*YEf6e~p6ui0;(oHnAI;
z9JV#r?9_ItZoSCaF!bhXxPZRKK#LJl%sTOpL0r_H#ba2&xv^GQdcvC$?>!N}iuycV
zP+5&GhB3$709-`6eTrsq<0{0KL#gJw@;IXY3eVZlJm)C?7@{P~&ucD@m-mN+e4ckk
zZga=y>dpLH#<t<JH%n8%Yq`fb=63TMGT8&@-kz<|jq*Wy+CdN97~m+wlPb6IYs^CE
z+#<5J%S4)dJ||}hGJd7NAg}@01vW7uLC8rWpj%W+p%pT~*m8>+AsoX;uixzd^>1ZU
zC&O#QN9<uN-iaIHWK!y$Nu?IxQnFBMG~McCPqHQ5vyF&d0C)!CkLW%9a9;P*;6$6{
zLJ9R-m-$j9ph1`%kE1~k74lVTd|m{CMrj!sMq4((kY7SrDR}Zz2XLyEvG<`ThM`yC
z|M97^sG{$RBU@>AzSH};Sd9k5wRl|U;-zLjd4`G{n>kwIeI>@Ss3QtA9SnF!o|TIv
z+owySmgG0BGB~i>2L&@4ruEhkJ1WCQ`Az?Dw`P~hLw>7n*G${KSepS*AA{2P!5AT*
zN8Laif0&D;8vt4c;B7s?KtO7_XjH7DplCzC7z+Y-5o!MKY5}PXqkjf^%+77D_B6<%
zE^~K&9hFb5<Mq|L>4msIdhPU8a5aNTDWeSQQe!VlwP_*4*vS5A&<+pE({O~;QNtJ?
z7B&kN(5XQba-fn9X-HOKB!`u8k#V_X4aGN)e8Kqv(G4=A!=J{Ij?`!srgV(3a*1#e
zmi7~ki1!}3|66DqV`+tbSPYlhY((|g*x$J-lkoFs5OpJt5|+e(TA5iHs5fIR5cE6*
zvGBBwY-7D!ZIgfdssG)wxegdA8(TYGlUV{fTf@m|FIH)$bi*-_BUWQL8s|8X2nWPS
z7Eo9wHA&t8vA`)Zkc<#e=D>=bRSD>%p&^l%EzYLm$g<kz**KH832~wM9=9)uZYdM3
z2DL8CC3jX!N?t|>Yo$dOMUP0sUX-#Y(=RB2Ag-oL<}J@!*b3vVD=)I8xW%&Q-I=jK
zR}^D~%8aUNELeuJh&4*(v{(9a8<)uZ?3Byu!{6Me?VpI2c)hNA{?qREGfO4~A6#kE
zVyuRm>Dtz#$Nt&`BRT=O;r<QO8xGMfj-@CAwYQoALT7o^g~{s7T2Hq8_VThgd1Bml
zv;dh{%e|MQcU6*}VV2k)nO)FQE3&BwS`)u9U@R6mFQA=56jx@F0m&+$WYb(KRS(vo
zO@UTI|IPCqKMT$?ap4rCdi&-D?thGtg6XP`vt$6|fuo;g$uP8AVP}Ah2pp|>hS^g%
zLZK?g)*MJ}Ra+Lp)f2LA1WFh|rR4tY+!ypaygL}dir(w?*0&t-OKe-y9NQLFZpkil
zad)}lKlIzCHIe5@bNq`L68O)YOIfC;C<6q--2I3V2m}8VgRq?$(94-sq99x4M|7<7
zcN^uV;zHqiRehA6VWP8SBr1IPg*uxv40;FO&w@B_Dt|Z9B}*Z+C8BUFmM1QhrZ{`p
zKxE%{)oDEGKsORL68u&l4eEPA6igB&h43UwB(ajkGo6-Xk+DTdn&y;iSjC-lqg5df
z6rl_f340EO1&~3yhal27aS7!JqU>>FRncsMYz>DcJv9<OXLL=cj{b!gZNJE7Mkg@}
zkkKXpX0V77fhb0s1dguAqhPxLMKy7zu<Ol!;A_4jI;RswUhY;stri|xW22yq7;QC?
z-6GMPn9~RLf+BCS=QtVhaC}VL#TzPh1LS8kjpNIL^7*D<QdCU~`*>Rt4`PB%s>LX9
z1aTEhpzqMrR<0P<L)q&VsD5$xmtaK5B-@ZQ3;+vs1TGHPoTt{98^uvoO5I{Zacxv`
zMsivuq-js3M#Y0)Q3G_xm|!ZeH3e>X7CB~0C&eUddL4k}*qy(<ToXJz8g5~O&5mHi
zuMkFW*^0npR}x~CC$CAm>;@yedeEvbeO^2}J6puN>>^B-#EMG7XC|aar8pzM_Im%|
zu;wh39dn_~FcciST?#$T_h9NuE22Ev?440^g6j)kq$V1_+hd&Q{^Cr;n8JT;!|4Ad
zpBeW5a6())``1kSf4B{;7vsOKu6OS2|8L`SGfApKjK)k+$aN&=`4WIJzHvBa$^X?}
zURr+SFRyN_E^n-Tf4lj=>_>D$Tq-9RP3k`=BN)!-NK%>PNi>?0qsuL-eA6aWpo~*g
z0~4UYttlCN3VTjrQmKx+EWknq!-Lb&<Q`A(w5{$EQ-nQxb#Sr#V15m!i?P275b#y<
zFD#)w@QUTs3#+s>!a{NDjV{iKQ0$yy*SEr)ngMxhV7tw(y<Q}`i99tCneJpam#&6Z
zr5ujkbMy5G8w%@F>&02k%3oBKCT(VZn~7=BoSaM7jQ~Fq?vany?*#?kScw!Yosx++
zESU*}oTL;VIi@=*@V%6a_5liRU=s&DxQ%7m&E@;z{mmP@PJTle`#AL<NY7>JhU87C
zkGzWFBP>mWHQBJJ<sb)sT{rbDeruGjvCQJBQ5>IRsd}A<(cnr=vI$E1)E3+yh{S5X
zeO7}+ZS^Rq?hRz9`u#2Y^g~b<xdJKhzKaAy!jmZ~qw;{2&qJty6lGH+BbZWxte73_
zGiah$7x4&7{$b1C+dq1?|7y1~-CRY^IG6qjLSQ#2NTlp(Xy02-peEVYzDyvbr=!Iu
zr$^+dBO@&F1}`k^G>zWj+Z6uHyTi0nLp0zxPlEb`dc8nsfhsa0GCjRGDqcG-{)i#f
z5!noG-3l&EWTzEMAu{3Hcb&CI9~ctya~-+ph4;$~1_A8W*mV$N_4<$9G>!8kgUw6(
zeY8gD)g~hXpJnBKOnVmHvFfV?n6$9h&VM1}#UjGr0o#Qx#h7P}uk@oZOm6}gH4-9R
z5CyTL5(+l`(UBTRrtncVGCs$>dlbbq%1v#wF$m)$9{CY`C398cd+<ra!BpMpgAq`&
z`oT6aOZc?Of3SfoBCqPBfV^{{sv%$428z{%SXHEa)!Aa9{Ap$?aD;!GOy2Z)>f(=R
zA#VYJbj0z?AP^0+h(YwwMIn0R;*jpw!67Qxl)u-2MXHypU=fYwLTF@a%*3PXqiU5R
zu-`i2d>v$2$b6*c6>WwxPv{gNQv`NSyt(Y|myosDNBx5b!5|7Uhdb0<(*x^*iaW5W
zrrWEQjOf?Qh1xlkCm=gVxtjF4ba^OBR8)VHJBUV;o3GK-)q6C)6V8C1qYj;UM*J0K
zQ-ncC9H^AN<yos=e^7c+y$2&}hgJ_)S}GT-lrgDK^zh*(PYAvgRGMGr0jdR;%E=R|
zZ22XY+u^y722qw<z(SH#1*^jI%Yw?f3p^;2zY9POYF+|pH*nG(!Z}NJV`3b|c|&oQ
za`av^fw3=^1j{@<=dSD45!)oHz=8jMwT}t8)9L%1{8lYM#qH-ud#^C7JJzOrBR32;
zaae_~X*f&}gmPatcU#WLatnYIuTTe)m6Akbf)QuYNepzAoSej0cXXuORP*5!ZinY<
zs5mSM{}_ftz~K6~TmTk9%MAHRLtljP7cmC?U>H#z30c2V0kJJU&0#u}q6ONxhdUky
z)*X%vuxk%6(zBHV2+I7SN&;#%&O5n49wtjPs)|(|ZR%s9O-vSr8u^Dk@S+^V-3BGm
zhTFhJ>8JX@@^we&^&)_pj6ZrU-DYh<_{C-_CoJ;YR|l_mcSLe*!$%{r#Re-xa<Qn1
z=(#zKJTOdda{FUqBXvoEpSQo~DYMe-4PUX(=ex&LZfv=hn0?I`8d;2`2bu;(nIA@!
zl>00i^tu6OP78c?eK6uq)UVRv=iDt?*^%HdZu>!f@74CRXK#+SU;RySUe3j$NFLl0
z)f8qD1@XWA)~}=*#oLcXH0B@}Gl<2-3B{F&#AOJCA`UJb=A#W?%DbJ>w|wKR!mFye
zN;AC>dQ8rtr8x+Ke-jkpAc0$Tb`DEF)VB2^{%2#@Ea61tXQ6(M=}eQexaIF*l5?m5
z?F@tTQ#eS*8QR7MXh4ld{1~eyNk3-n3EBt5Y+W;L`D4`Yg?%4)#?kiS{wpIHp$%XY
zmF}onLgXmcw?9p4B1+4&g=FHG|8)5e-r|-Gd5QU{>;qjLz5TciMpLOl$dh%0xL?PC
z)b5X4>i_pK!o;@${C5ohb>Y7r{1;p3lcG7|vj4AtVW(RtNiiC8EYltN54Zf-RDj7A
z%g{B$f8ux6*07;t^R;Wf_V{a6T?CayHE4FwX~5S4|MBB3|GUl7>*MLKyVGCyEQ%4s
z)-DiM+N2dynKmAtl2-mJgde{9eC5wP_MfL$>|?t9=W=Itty8l9e6)OL|9Kl9I22-i
zD*WVoe}o_Cprd|&ef!WuJX$3rax?^N9g?dr>OV;+Al{sIaE_#pr;6PVw8OX!d<Y3y
zM_7oxOE^q0*XRf6X%a|&Mg0g1le0HGg{G9?w&lwRLt}xd4^-rgwRM1so--N*Im&u7
ziCzn*ex&$<;8PF{$abGvR8gP@z*ZFI?Tkx5fR3RRTakqGa8v@?*f9WZB@AP<T0m*D
z<c`l;dOnT`m`^s21Qlb%h;A+J;KCmHytF2m^`4ShZ+rb~ne~><b=BJ2&qOXFCcMNk
z9sRubYNg|D4Pv0wxjDs3aMQcEKy35&L_gJC&3WUT)(=knGOF9nOX=%2z3bp^H}!(@
zU%ciD9Rxi3+LZccKC{mM<jUS3v(JAx^o!?zd!>DM{@=#u`p@^#IA7WyV^$+{Q_s_Y
z6P?cI{*j3Dha3{i-!FB(_m|f<+U<?i_N^Qe==gC1t{T5<)A}7Dm*e!hwb87GPL3kz
z4Nja0xQT>FJ9>=cKllSvfMN{ZPxynKe(B#PYq1}6^UvzK9VKw{4RsRjP5qGC;C!U!
zA-A=~t(nKr9)=6eKi`O8d2eZ7JeOJLc-@Ae&Vim7!I+47wK+NPv)xk?x7o6aE~eQK
z+1rK^61WmhRb=PI{=x1uU8p7rVao+2z^N%I42V@!Lj0H_;}`=}#tf;NSeT;K-Pb0V
z|6!lm=l@l2|1;13)y`VU|FaFn@6P{Q_~`rp{?Sk7hJ!!8I%i;C{CQx-+b>DmP37?O
zhyuf?fD_OL#rq`9(I7YvQx4?;6fqc*^cqK$(1`fX4R`ebFXYrPCjO4kokpB{c$C>P
z19E()0J-CSKTKO)N3;=)^8^jNx)cQh1^p<7z+6}A!Yvau;)uyzv3O$4(2#n0chowC
zrl2IogZ4A3Uv(8v)J44g8}hGJck>AsalDABQxl^ZkTx-l$3r=}<iKJrgM6S4T*o=C
z6NOV7gvfto<8BvjuNZ{$T<Iju83ipYwwtBuIF_D|cV<(Ak3X!?X{ruMC}reO7_jLW
z#VmX@V&!{K^X;oYzuN!#6;@plKTaE|6Pc*Qc`>3TsE+ah+^+T^Uw<H6QNyp(;51jH
zVL^kVI2NCC$(V$qAL5i`M#_7`{y-%Ib1c}X7%VkXHAZX^$A$&2G&Fm%m=?Rql_>TM
zX2DKm&q)+{%A=h)EugOP2qOiKF;tT7md(OYh<1FQv$mgSg9Jp{bX$0UDYB-tKpC_!
z<DCwIA@yyki#2ie5CM=TgGn$Z?sXcBvA~64Osy&yJJ8jYDqu`<O9Jv)G#Fqsva>YG
z!}#K`mXJ1_kfR#hCrNH^=wc(%LhpJ&4kV_RMre>r$4yiOw#bZfxTYKl;nA?(oCBYi
zY=B#LoK35yyPFjFbsc>bvg;@~POfHMnl?>Wax-uc>kCb9Q_mTH`42|)?D}qNn=@}I
zn~o4}pG9zY%>T82X7K+UY3YgyV5jr{?MIJF^1nyRD|h_=t$eOc@_-*oP;>aI-SHRw
z=g}ay5?e@$0M3ktLFuzACV$nKNzCj@TW5b=ULj_7ZDY0bJI?-kBhl<<CRv@BRJE9c
zRV7(f8D70UEjP!5({bAHJI8y2Z@B3E4QJa~Ui}VLkV6&H^f=6Oa)kl5BJL$;S*z9Z
zp1#=M`SZcv|3%IoYj`UCC`M3YOlu>ps@=ePFaiV2fHArL)>GwA?w^`e1_DI7eRj{g
z1N0NZK;Mh@YZEJ!f48V)9f~!5V){bNM96U;C{i0b9HluHaI>H5r1O;e%D8w*BtH`?
z7QR!{=$Vt8)u|Jex6AZpHLWV^DEAo9`ZS1WzQ@q-DY9@pd|ZFDgM^7esXELZsRZD}
z&(YA|NycYk3@qPCqdaYFunt&aM<hf;Gmd`;ZN~KgE1I`?GD0;gr?Y}<UfXjfOc@Po
zwRwP~N}IfS^rYaF0{miFOwEaD>39TNWQI_gosXN{@?re%sPu>80IcSuFh!<DGXrQ8
ze#A~FJ}OhHEGbB=Bx?#d{P&?is92};5I@u}{`;_8iAE|-Ly2;u#dLU8olF7>rJAbE
z1WhHN?Sb*%#fmxGy}Rpd57>cZbx+pX&$B+N<?^yr=1HWYwB?zXt_eNiK1kpdj7DiP
zN+VRF$I+l7ab8s>LTeviGZ{SKqvD2$tnzq@eae+3tVl7ushvm5#0@XRWv<A%C1vT6
zCUb_a>)^6L%*m#g1&tXE2iK?ExHe#}Bta!ItFlR!X)Vng2hpdj!949^clfRj<hC~m
zn|Q0!9b@J$dR&abI%z!ku`+_9(J9s6z(~GzeTdJ>@F<n6#ClGJ%B`YN)Cwu;fRiUi
zG-4bRdjn?++UXE%Y7GZ)YVG<#+*Rnp;)y^cs*`|8Z=?Qs9d1qKvsXWy48vkZ)uSXu
ze@Rqird_KX{9=uzDu5F0v}?NyR42|<*dp}|1TDyMt%_~0QA$|INl;)f%1q-?R?O6b
zlO(UuOQDrSVZ<yAXfOr;f2gr*v0cC~q?bS|b%7%Gaijk>`8_7mVjDzuN`YAj$i$)&
zj%kQ&F5%+@SaOLO_*9C+JcDm3VTUtM1!m@;&<E?2j?6q0zg#q(j#=uhQ=EGRCJ|?t
z3yWD!t*W6}1Q;`fFpQ?(uLK$KX?+`Tm_GR^iktierGk_jM=^mW5g_Hj>4zbujI-V;
z>N^>U1zx&?640#!dqGj0j8Bz6EHwR283Op3%3#Wftsz(QBzpSduv1z=X>aa4*}72%
zWxp;xOiYqI87x*oX=HMlA{b}#JqzUl;b$Umiyw<MsH{7IAyebWN&b5}BdQTCq|Dp3
zdElXcP}5a|u*R+iaykBc?u9i4XE5GoDl<wt&~dh5X(rQ_a2k%(YLk#+^1}Y_z~Jk_
zsOi@Vi)FR>W|(qs+=a&ygFi#LL53NRkuEF2VuA@p`Ybs?!5QaOY@(4nC-pe@&q7Yc
z+=Wi!0CT#`DQr+@OOO{u4a|r+M<v`$F<jn^6M;!LRxeQQA`4halHL3I#M4!Z&P};z
z%x1!}UGshI0ELA&dKV-FiwJsvURj=`VWt>-j<#b~zLcB-DPL|Sp_6;0zg1wj3hC_K
z6|3fQob}L|s%)q$d}{jnr0WXKt8iI?M}--gi;7~d94<*ctmGpL6VrmT;)NytI0+D(
zk1C&bF>yeV5kFeE?O5D-2~?A=z-2&O_4->iLu-~(L_zL7xAfYXliqw5FD>;+?Ow0I
zpUNu<PWciy;;L=ai!$`{&&Ud(C{3}_J5R`jUd#fm&;XuH?UsZnTE0>iqL>+8hX_T9
ztEqo7ED1^ic<Pd`9k4GeH&mZ49T(bG6<5=WV}i#*;j;Qw!ePn(iD#oNrmnec)8uP}
zX@fR6%s@^g*xah`3hcLbK;=G{cB*)dsBcYbi-&I4uNHbbaKJi+J80p?S#Ip+j<eUO
z@w%boj8v$^`S9ABBwNBhCH%{wdpfl`-;y;}I*bRrIw~?BE+QNmOmORH`st`e+(j%=
zCPoYCl*#*%LJ_qadA1lcj|`7!vVk?#Kr)t(GZan*oKap)yD)!BhAz{$GuBrL3p9iZ
znd;pf_0^lmJsqWT0q_;OWnK<$;_1+y&TAL+|Fi5r)U&I&fz7c0ezd;2R<!?E>pZ%%
z|G16M4MZ?5nsWQE!W=E0Np6gWdTFlxq0!BF5X2|r-~`RJZG(>oerJ8D-Ck;c|NZyI
z9()iTr$Ks7&eZ{CV8;U%(7WHKtbhr-GKX0feF_IqEJjWuql3hcc^uvYZKL}s%Flgl
zLk~uersb1aHa#@9nAn4A2j&A!87Jv}G8iOhY?aM0$o%csdp=wL4$d)Y+c^RO%}j+0
zCz_TA*+(=IkK#`p0W$*DBFs?+<c~-GF<fV{kqB)|i7Ig}N@Hl8vGuynu}!9oDO}6Z
zX1?j4CTDnMZpsMFT(kTfncw3Ods1fO(E#@YpC9NppF@`z)d_2$K8J=tyr-Fag`K%Y
zImkk1ZRM8D&9B{o;Xpw`nW!VXeBEw*b0?ST`+s1kh+h50+ihhRbM)%%%LYcLDL%xs
z&dYF_H_f3*e2_1$wc6B;cs}18J&=xX6kt^j{Q$LS5Cy6GH2mBRN0VLu%|mhLaGt4z
zURG6fzpx*SdxZx;0bsL=H^a5Df-}>A-CSk>NeVy-DJLfYlTzb&kOaLc<&gWT4xez{
z(0WOxYix*UJL6toFB(j2<gC+)4U?XoO-y5Et?8?;1Ok=sOOUjNW>)yceW{!%o64fy
zea(1VYl>mL`w|gY<r{Mw?P7W}_}6_5*bI;1U-vQNG`!(2&dXx1vRS#+YKTZRG4{7`
zOLul8NQ7k^ta5vlkDVm#`c{^XfsYsq#qWn_Xo)l?7p<?b%ap@2@&rTlwQ#bxz+*dg
z3zotQMj^Dezo_aisxZyQg3o_~anydGuNykw*!4{lVfmI8kXa_->~0*CRisFOSw|0r
zhX2CE_s3|ZET(h7b2HF5fW}8i31Pq_Hn{ExfV1hX!YYiJ$<wDYP7qA=3j54lyykuD
zNKFSJX8*=eE!l`1mq@s1!Yx7f-H#3Bl|pyqLMA+k$Wybk;YnZ@;Aal@cmBM4c=T-d
z>DwReCW@iixrCkkMHM=RJ4qPC_SR6Z)8GsPpQ?b~!Vg(<9tIynWRf$I{IMB~4%tLJ
zeK(Cpc~+QTX>h`nRSnM+GqaWA(?_db6_V7<&iP<TfFm97L2bq25LvkTqTJuIl@#YD
z<51vbNnHTh0zJF#En)zVS2x@#FmuGvBOSartxnxW@rE|FD2X?Y0v6tP>k);xBsL)W
z(87JPiNWF<>Ive!u3^V#yuthb-146*gaMcp|7T@or7Zusi~n;gALajV@ZN+0u%G>w
z<wV~*VxkFB2zGk!tj_cky5al$wG+slahjrJNaaxy`Y0#Wb;l4cp@wqEfltjWYKOgY
z%Efo~U;pjR-j6>WLh+qsbe={hr@3F>Y2do7F5=?Yt6SB?_S?gs_TL;(k519+j{#2+
zD1vT^VnrCnXE}pH70e0Gh?}}YmUkxfRs{|iL--jb0G1Hv`UX-wgDqD5H*oekZo(G5
z`p*s6cg>#}=RY#NDCWFUA2ZJXmDT0tlK<~o=kEN!jn5x>_j!NxU%;&xC070DWXxet
zygz#C^lG)1_!aCoUE?R%n;b_aPAJp?Wy?8*V;X&K&ht||$&W);Igsuq4xvq}1tp8a
zLh*^xjW818X2;U9rT3ry_rb=N|K7W2&h!L-Dyc2~5NR!aj}rc?1;F$x8L`HKi^RH>
z?ufsj;Fi9KgqXgI@Rkec&Zp002;)+dc)9m-S7rb$;2Wwwwf;DcKKpfL#zDc7C4_MU
zT73Iz@2{psd)iZ`>wrpuXKVu#J8dPN2d5lxP<4U*!F~gN&?NAy=h<(payXubckfU2
z7tgT5i)YVYZ2x%B@D~&RPybac=9v~ZRO_=EunIwSf`L@m@R(NJDrABFMU;^qu@}No
z(+lHn6lMTn1IG<5o^5r_*HceHeZ$0jQrZFvv*c@qf~SyaLqxeyRB0eQMnVaa+?80#
zRv;*+C0{KU)Jv#Vf_2>9tR3Pg;%s)<nus2X)y;djgu0U{j!O@OV^8^{@$i+J!($}h
zpltv>)1OmMqvM9JzS<zw4=2wb2WGnFL3wI_Zm9mdv*BlkN_&5Urr```b`t^<9FrM2
zgF^w&)0=KXH{tYRmW@cy1_AOq#z70>@s8dga&pmTO<M$YY{8n?*x=Y$W7ur8^|~m6
z+wktCLw~VfBr-OM@J$&_d(5tP$ic+Ty&Ly%Z!12gbijS>^Y?3iX7PWtd#~8XbpCI>
zv$C>U%Kxx_m;d2bKG!YR!7XW|H#3tvIKmo6HkQ+TC)OhErOvXy{Ai=IywO>?rQn3*
zV|x0;`|8FR<~<*uHxQTlSrRYg{#g){@l>9ojdhrHgHcGqxq@!amPTj>lwY^)h6*yK
z^9N8ou(vy#t^%E&?!0;Nob<)D_v!n%R#jy8e@vk*DRuJ+r!8ZP)-}V&($^sZ9Ek?=
zES+X?VV68!U!Ak$IG(@kFY|Ukj^{4=%V_>tg~?#flD#A^$%~|@L>R;pSgYGqPsq=(
z$*Rex5|og69@7s+vIBr+sIjfT-GLJ8s{q0v3r!(u58l9?BI$)#4!Xh86nWP42!CdD
zXxbVDJxOM9#fEy}r3dAJ;g^wt!Y`xlAi&fh{G$jFDgVnj$yLYm4EC4N6~<a@YOb}=
z3Qjvr;V?))q7~(Q{op!X5ULb75~zLY`1B1em}o!a*8r7k%_92y$~wlc!I~G|!xQU0
zY^%b1cw)W(WmI_m%gA{P8@N;eo>^sx$P~)ZGp9_cAADq$DEH&^VhoS`n=t_TA4K2Y
z;t1FTws7E4+>j9v;E?R9cb&EM51Y<&++KX%Ew?)>t843zzWaXr>CUs==QXz=??h>V
z11JB_>!a5%w)b8&efai2Z}$&(pV8NyH}q%k`O%B*gTtEu;8Pe1toe<CO_NB#E(ImM
zt7{CSAAj2W??1nI`D*|5|GYUkeEXN5|N6K88yt6mBRM&Z{_$}zjFZtXX_k*aoqaz4
zr-AUpB?r2i^b2_Ja);RZA_-@By^Bm2|DuwJC_-69Bsoh<rbbxYF*LfQozEOLKII}b
z0oSx=f>{rRf;N^pN%C<#V#_K$0(AoG)7LtA$s9#7DmIf+v@yAMto@O;x0^`rH;=d7
zlw$4&gLD5l4TF#50m?W)p4F(r5N`{4+zrqn_ftq06sgpLwziuTjF7n6rvDTU{V+bs
zPaF6Oy;lMtQKNH|O~Je4H2Fx;_f!|;*8;q30z_<qYc6oiYs@(aj~1|v)8q`$H9nVU
z*cd%@5cZALL_bQ={uuSe*bi5Y7dXQ~Sc;}ibva4}1$NLix1r{ZSt3ro*{B5OhI?`o
z3)7IdFyn6Cu*_e1X11AMfn~-z_@kldLOw8?v(pqN;#=&n)Bu5Ii?c`g4{1>LfN-tc
zAwlbAKr2oE(Yo34nh#_)Q1AJW<(AyZ@gV4aTs%z%p^nzy_v?S4mj%mA2{yt@hxrH4
zw~%rWz_oQ4QS6H*CJn~OqF9D7*0x#1rU|T%70Oo7FGP0B4iJ+iV9brPC<FHPjFUr>
z1FzLE86&Eu;%MMl66)s~P||tH*s!CF8x05%b`+Bw*G%)%_?lfa>kP)n1R5uwyCgw+
zPy!__IXaFlyiXT4N?ykVwau#1aYbnwB*0wYCqpbjQ5R>VW&o65SM;sYCsp}W%VJV0
z>|aX-=IHMdGx$;s0)R1IrA&2!do>6a7iZ4h^g|6jd}wF5mM*i?G|T`vbr&<L5U!uQ
z2V>_(%)Fmd+63l-`C<!1d~{PJcABWd_e!R#wxMc-SkqZs6Dw82=SClxem3ZBRXu-w
zwNy)S;?W0PUD?a(G7DP^ADF`50N}T~<KcKfaV7Y`i(*A!nFf#JJR0~b)^Td(<VAZh
zOaz1t&=I+!TY*zs?lhR&mpqGt5h{~S-V9_3-bm~UjAK$fdtoT5;EkZc1%*+rg?>R)
zp|J+)y~FYkAL62QH;wNA9n@R?icNB`N9g(8>Ibudwd5DA9{f+iU~C=m_~Azn<+y#f
z{9#ibJqFzTZeqFioaH(nHf>=KjBW*|qEMAff9o%QUg_%=pFG*}*Eii-olDhfU#iw}
zsg?y$MW_`!qbO~iWmpYrqUo<%G}q;-oG_Bi+uXob+>JSn6Ye9~I>ffLF}gxWZ9v>d
zaOU_U_yAHst-lv}ZJ-W5?IWb;O-azzByO6vTR36EE#LU2nk|)`XGcxl4QBhG&<{Y-
z^qqgch}V*^G{m|V6FatD4ng&x_7-dwf3?8XTnbO;!_`aTD}D-m08OqleR3{A@GHvx
ztD1UrD&}?J{r>xbWhF0Zm2n8fS3Rg#=RBxYISL!|`#GrRQhLloR`6PQ5+^B!vIe|~
zdPcRI*%wN~hIK#qPk@DMxaR<st3LFh3t?r09Dr;!s#t;50xQ79dvM+w)I&a$2H2d;
z3T)ZzqT1WeeqAqC`PWvdO8eqfIv209^5KKMuXw^8&HdKR_V4!__V)j-T&;b%YRkGB
z6?3laIZ8UaxO)J*@r<QI*1EAXvTVuynMS^aM@_^30Z!@-^?b#C-ht;Un+3d_MwDcv
zP3~=?b0KDbLlfg+qSDXFK))2?+}#kzV#x*v=SVdMk;}hOme4+1OJJ;0pBQbiX;xB1
z77RXRLSEl#`p>jL5SwD&yr;#_NneC<=}DO7;)H@vcl=h%e<pcK(Y&S?eTuROCDg~~
z{z?nFK;aKohEWGmOs3dGz;tc6eq&s_WSl?HV{J(`(lE#(?2&D_&yw+=he>+SzS{&*
zrRMXqL?yB&dg@7Ip>)oy+A+}XGekDDHVH6TPmc!=>>f&pxrg2u!HUgeD-@81BZ-}b
zI@R9|`b1B)oDf<HlnW`GCR;*`BgI5x)LDn0zKGzltp$(KJd(%Akmc!;#Kok)Xh{-h
z3le8a=?c#aqB+&|C`~Zes>q>Lye7`!J2J^sFC)X#T`O>#o9zRU1vP1<WI>9JUPKCP
zF9wTPGoV?R#|&o#TbE+8RY*OnfoqKzuMJZMsev<5iluw0Kftxg6EptBcB9d_u9ei%
zUA?9hUC;u9TFZ$jdLzp?pN!91RekJOjoyaP&pkdk!t$KQhl+N1iwDT+6%LSFA<q@&
zY6SwldPksta|Bv$G`B~fFHD<%W7M|kklQrOCallZiS9*~=66GMOO{%ire@t!pvF)H
z-MQ=R|HK-6)PIMc0ZORY2bOp1uYW}+`xkFs;49RoQfB8N8cOqPF0rx#>yjqplT&|v
znS<S73`*6^XaF=6imi8av36&Da=Gt`nO^BQ&zt@@9w0V|l3tX=tjTRkYHn*}niubh
zRe^dJCnRFzT$8c?Xq`irV<;$u4gvy0KPG)vBrmd(7`M=tygN)3n~!@64+h$0$_q3L
zRme?%6<iTWD)V!KREA`AurbdtsO?!uMd5VAh(S$`EeSgpGlAm7cu6q-!*GbF-}N3Y
z*B-zLZZEn2OA+fVX$$F!$Vw-~L-#e@YLX%BINaQLW|JzAlxYf8Z%`{Z+j4iNe$el%
zt&5^hSt*ioP@5DMYOSn@T5)}OLN&5UEYw=>NG;ehv#Y6B3-9v<c`L?@B9_nv{NnpU
z{Zzf*c{6+Vwr*6bMfKx_Wl?NekJ|L8Z9nSJqfW8%3O!!2ORmzRRr}EzJu3CQPLJ2^
zl8@-oBm2>J^ys@{<?re7_jbu`9=0=;Ks_r|f6C9DIUZL$+u>)WiFeg=>)A7Y=0KyT
zo)zlv@^c4FVa2oO{Hz4KzJ7iK$J0I~gp?re%GU-+JISVzeBb2OpJjw^n@uXa4JErn
zQQzj|*J794^`AWPS3k^E5`~$|&#~-{s1uYv!6wD5LlDj|8>0^481p!xQ5_KJUKk8G
z?*p7;LzIi{$KB8_-;|7=D%QT5lpN08Bn9eD#(2Y<GVZuxuZHQ0ev<hsAR!-R0heWc
zY#1p_s<5KOaz1g5k(AC-6LlrlFIp_2c`gMEI%f7_=MD2e#3p3nFXIr`$dX{wY?0w0
zB3^ADMI!=QUZL$M7FEgvl6Sw47baR%x#m&|GZ@wt=1%x=#ohKtB;0DxD(I-tt`+T7
zn26b+6LyQZEs_AxRiDzZGxMU&2mzPLN^k;5<=mVK*OeJ?<qKPsD-j0v+vIWJQ{o7#
z4GJf(OuFEI`>i(dn6+9L04#oPWN|CWqZ-hBD=fg|Ri>TiENL(}3(m7iE6Lnic_FWc
zbk2}s<ZvqnRv6JlTgEGbs9-C|nlYpAHwa`*gA9QJ%vI)yx1j%iW}iKNKZ*l~xZdzt
za#7DU*G7B7J%RQ<v&v=@;>LApKG_BuhQ2Xv(Ib1&D=1`CMAk1_@M8|437eT+iEkt5
zuPYdalNmNiZn+)6Rw-U6jSTpg5s82`@j(ZC`lg5}$trlajWfQQr{QRT#NRnHF?+>0
zrpy!Dtt$(ZF~bInEmU=p69Wk!ALs1D@Y@zJ7af-Y$!#nTj5s-R#mPkl;q8c*%N(5w
z2M#@$4ptnC?cbA3`l|BilFU={%o9YOiZA}nsSTMx|4y}rN`!p{@%1&W<nKm^edD*+
z)9|-&gT1tizZHJFXKm6;-B;<oV5Pd0Y7VpHXmu7cH;cI_iy>1irj{LpwiY&Ao72fx
zB)1$=<3Yr(TSg>b_S;fz&UX{4zK|F*KH<%QS%Ce4+zEv`DPA6E_mvIndgbSx4<AZh
z>1$sQE6c<t5JJ*L$S^AA*9FF{y@p|Rdi2fkaFa~T1d~<@cZA9JF6aX-p&LMqdWA}5
zxJ~d9n=Dx<qd{4$Fz1vyGe=i>n=*YaOP~1y#VOJcpZF_ngE(jz?zcOS8s%J{7rB((
zO11!-n`R_(e0XOw(~dob7$;tq{Z-Yk&i+zMw`pHd!2si`{YLrU|K+Ugts7Qcj)ncY
zT&aKCZ0UcbO@&Kgb&v#`tOCI+#Y`{}5hT*re?m+IvXxF5`_T>>b@^n!jIk~@WYlc)
zd>onyQDeghPIo+gID@GYlx+R=uT7E5lQD-9*&Ch@QxISt&Kt~>H6t+F|K^|!7d}en
z3a8+R8~=ayz6CI@s!TY2H{sP*5CqiQDM@D1$z&!;TS(f{v`O1wnuH{!yu;1RO>*hX
z-09pqNdpvHKm?y4sEDtEpt!gSvg>ojq9~~UDlDk1Pf%7-R~ONh^>=^#&-a~k?mg$;
zJCCF@X@QKA&fI$*-}%mWzVn^$d=L1PIaY#uLxR)KVO#il@9!!dMxk(=f@#Jm$lLb@
zpRUC?3N00gqu?O`{@JJakF)Hd6yU=T3*J7(@yBL${IfLtmt`c0?XX3lDV>V$H3_3l
zxj0StkBhUoEdhtr6Qo=MHll={K(9*J3^5x+1I0r`*#!-mIl|0{6xV>BkGSP9WioZO
zX2+it^l3s&88vBu;h~X*MA(>In)EX=MK<z;4j2MEc2WWYCZU~qn1FY2n!!gPoP<yq
zv|qA+*4SZhgsx3RQ{&^*g9u`}ViQ?Kv*NV2k%lzi4(K%vtRg1xM$<t!yeT`>xY9Qm
zX8$T=mpyL>`MDFaEC4*6@KOa$5NT8ed4({`5pqJDqVghjJTpejc#fiVf(*{deI4fl
zM4Y8#a#TSyy*6XLn4Ozmt<&=42sxn}In$|7p_EOUk+dlw7!QGxgKLP$(LZkM9z;Qa
z)M0S*AgQ>W;tjo@5s576=dmUsti%P2d%u)k<7VS#IaCouK&D&KbgtyRIucKwL?2F7
zN|SLnJMl}v=+&0Q^ZGniL`Aa2?}{;(*3s&$tFK3(Z4_~t*bYH=4HVj)yGC10!mce#
zQIu?^IufcNfrVpN&85}Uh(4Ahiy=7`QR<C)p?SQ>q}ZV>Mp`?laY-g4k|a-97^^r-
zN)u09V!?biZtYbHB<OW}sd#VoxP)Btd0nhLOBaVlq)6YeW<@3FJW{ZC*Nr+arz`#z
zJkZmr6Ih{hpeL^m?|#XFo-{QZBEyin8&1;9W*>JxOf`&}_))aq*Af-J?3q@~?Lu~_
zoOAN?N8A(e1dknxAG3~mH2CQ}C4&eZY&Nmb*-A6y!d6^$Bc!U&?GCTk94aEk+lIA~
zdSNs0)!om!5}mucn<*<pX~oy49rg$ew~i|GS>d;y=<Y5{Bu7WhW`f?x440&ps3_N+
zZFRLh#^zbp5jZLWHUltc4*z89{_r>_HsZ%Sk92O8m&2!&{6B}0`WZjP@;^7n-1#5Z
zwyv4W|1&Eeo@EvTQg2u6(<1*}?x@gP;1n$;3Cf!qh$i2~=;6SVCUm&Tby6Zg#`+YY
zUD&7cJI}*89%LLi+^7~hH$nz5147~ACN{8ji_#ozT@z8d@kowVlH_=Sgilrkcvb50
zajFgg7|6Cau8)C2AgN7gz#_?!eH08T(TGNOU{sU3H3df~-#kY&A9d`Nn~xeNd3Lf<
zi_z3!7YJbAF*ye{7MgMTX&Q0<)s=agN7;8F!JBV-I^p=GjLnS8%q43+VxLm>fAZq6
z`Y5vhx2{>U&XfPSc`pC+tbEGGH{es#*yu_C$S&O>#8*;HkLA=cEdr%Fa@M$!Z4-Gd
zJl^8on@!xD314nK3*LLTQP`s02?Lvz=$UOTEp5$bNgHW-hg#<5$lyA)coME`n9KuW
z3z2XDjZ$Xf^7c#fOM{^%Ih+k|W51JDI@U}cWVJmxopA5~J_v-^YrwqtmL_f_tllo6
z8{&K2uwO8hv+$BWAqD8TX=~&spoCgQgzeap;0u^lGh{0qGqSoho?@9$YG^??ZC|;s
zhL&bOpgj8uEylAN-heqtNtix*+%Qb~Tu<Vy&6JW>$uL>;r7?X1awwq1ARUQapH>ax
zyO4Ma<t2j9P#Ci5#_(^mqgy1~AmBa%=>xG?NV$50!f^s?CoO4z+%1uT1(=#B5EkA#
zh6L$^qYj{OlR60NML0gPLIY_%8Ms7*2`q3?fuB~iY}UvI1G)6>v@w}hc572gFaYL>
z6mD*$MPVn81EBzz+RBy;93epg2R3N%FZ>77!vqc6^9bW#;e^<8d{I4(osXXRHi{+0
zBeh0oy-0j2PN-^RZEIKw5VFFa?55n-pmL*xBDG=-@5w;BVSBt-36y?;5j{;r-#`e-
zHn1VuxgpvSKzw6v%8=inxtXUuXhzF38#G4A5{7LzR(ROOo27$ht-6*2J!%CpaASxo
zt!NlWiJa}HfGbMsyw5;=eZZH1SZ>y&mS*icL?o0#dd^2y7|#Zo2uCq;h>PmsqDaOA
zw@$;g!%c|T7c!0O))v9jWH!T1a~xAQ0EzV|OsNC|f6o@SPXS)y@a7RsyTI}Zt)FaU
z`7uUmMTQ+RC1{WtGFw{UbwSx8TWTRje9j9-j3FG0^B6}K@-hR|ilSXW8VD?@UqM|G
z=!j};p!r)Z$nPl&BSABgVNenC(i{tL$Y)1<Tj}lY3ttpPbHYGNeQfzii+i3=5&55I
zfIqAh;DzP?SZo~;_FeLSb8Ow5{68C?^6U3fDY*Vex)GFPrDXuO$qi-twMRY&xKfih
z=Qn>!9_mS5&C2<~`ADRPgnL<7yYgA7O(89H<+4(fQ4X7$mD1oY#vIpWL*cNJ8KxXX
z$(YP^2pB5;iV|bHPirHDIy5z1j;5yBhG4*iQIZ-a)FdyM4$WouB+FY(CNbMe)*wO$
z;FYcPaU$d<%Wk{Ir!u8k<1nAJGtaD&$52d~V15}aUdZBsN3_BbZgWHJbmGB3WaM&w
zmWq%Qjcg-A`f1#V4b|0wJQ`1Bobw%hBe=<tXWWz&uWqpnOtxgH0Klcpv5Q*Qh%rY{
zsv8ZG7hy<?%ycS*SQyGLtBtg*G3(j6&+YsThF5rWqgU0W6)6e^6IX0_pcp|KvpFI1
z7R@l4)p91fJ5V8CO(e2#H!MsImVoE^*BYM+r%!R2W5;1-u&-x$uy4zox`yEU@Icqj
z!LE+Z&H*wn45ox`QlLN}>{Z9cKuKaN0tAq(cxE_FWXq&Fb(lbP_xBI<4fPEVZRrmy
z<j-(#UuRcO#{~>1-r;Ud%Mh7!LMty0-qh9A-_g^3UYD!8gpszgM$Rg8cb$E`Lj!#~
zhq@>g@ZLtUhMI`0W&vh8lioHD^mTM@=@=Z6d($(+DRSn~p~K;%VHDU=rZt1z{qTKw
z$IhOiZs>Kmr?0PH?wTAf$dW1EA6fLdI64AB0M(@4uK0drMnWTjidG!Zk8a{~w6F^?
zs}$I>`NC~Mn<#t)&A_9cogKqNLmiuYx<W3C2q6Knkrq=Ak7<_BO}iTe0b}52=T6-r
z@DTz|fR$G2jdVRZ5NXK-TuNzi!kFwn^+<BqNE@S|Y6|9t&2hrFsN0KW$i3wqfu*N3
zLgLdHhGP&?!YG)VS3T>d;7Hg+dxs+R*zQA%c}TyfyLVgHfZ)Pcm(-~#oG}_q>Y)NF
z!m^UZ36!PLDd>XLLianFNTDJl(HRZ|1tvBU^4&WWvQrF~A};zbZlR|C`X)QZ@Q$t>
zo4W=Ew|Dn@dQT9sg?C?p-a7~S`aRv3TW0KF=Z%WVjOCQ?WtIt~oYnRKar!aMBgrvw
ziGdh14UQxGCl}#3?Bb)|?kFG6VJ3c>HLO}p)^)i;hjE=n^i+1(ZmnqlJoT3dfS%zJ
zUH(k<0s9PJY0TIi<--ggv|TV_0zU!PJWf!R40iW|#5mm1dw~EFlhJ+g7-$F(rd20h
zv6PH^8;sI%FAUL(dw-V8Ruo+m#TYGHx;2M$1ok=k3Z6TpMQDID9&E@D9@d7M%6d7{
zYcWezf$p51lu?x&y=*cNa3$HUdM!g;yK+p#(cvo`Ji9H|1kt@#5Oi8XGP{!*9TY6Q
z?M{mZrl<caQU7~bCZNUaKU>zcdi1}|Yv%O7v+?1!UVZ&T-F>}-!`p3RFXzb-*Ae@g
zf~uGlLTUgKPte+oZo|}`6XNSYu!<>g4#j3nWoKtUUd)nHy`PPyP57vZZe^P2Xj60@
zT4_ex)|^#AO|;ic(|JHg$V@jm60_PEk&Loaz(+v#fhlD|mxbyv;8ku_7%)fRUcm;`
zNEHx=31gw{wA-!IW*ai}DS+ZuP)TZ{QgjyW)6zM#PfG>WK27aV`?Qoh?WHRbW(xK+
zj)8e9715@&&*+%eKBMCmB^V+W8M~Q2FTYAzIZQpUZE$+@UA`U#pCbFesU?XBet6fv
z#qNJw)~xZ||B?!G`~Pfw%DuM_BEdMW8EB+Y+T|~&HEPe<eB>{G3vR>ym%+~F>^x&S
zM%OM*2TOPH@{PmyE?Bq<j#NfhWO05wrdgv2x52+~;!5aQYbwusyOFq&1mq06TB1iU
zOC1S2MN{ftQcSqF#Z*;TW;6jih0;L&$S~mPY}gBl&_05izZE<p)1#UfNTEh)fJ(gr
zH*)usQg>^^s!3Y%hgTjRbB?71=JCBC+pc3GfZ08$gAT}pG%1KPtEkH$k|ox-2u#c9
ziT6rIy@9aY**<Coc_np=g%5n&SF>;K<{Va~Zs};4#*Z=;xGSggFbw`T^2{rO7d^Zs
z(+<i7I#Yl`Cwzh{+d=to3Ru{N^n(5XFPDkirRo-qn4~JOu#Hi6$mBt|;UG%nOL~|k
zldEA?bI$cE=L%n7p$jpwv&dQ|DTBekSzt_Q<bQO=T}+BTWNa*pY;2PJ<z?Bx6e~ra
zKulY5E*HJzrNDaj-PqR7;S0M4`hs;?WTwvVNy=Qg4v+jI0=}qOhNo$5l4+btRTv2E
z4>i$HI$zOj=|v~=7Nv**BUNW>>cM!m^fqj`yZ5|~p6*VLVm3sqOEHZGuFk$gD`!20
z0gJ4{MkRW-5{*RL6png|_+fOvud`BQcM-75-+~=0ZX!^mF!*2=!nP#_wlEV}bfBPw
z!D)<^UL9jFvkG<`1iL>_6hnP71c)u=3`kT3JNsvk-Ja6{BUSuM>wC1nyy~QHRZ8(f
zOc-$+?V(NQeK{$=bO(|}V{<;p4IBJb-1#rFg(h31CJQ!#Hwp!ss06$AnibBz{K&9k
z7ePXnmtEewD{L;`y;WngK(5?~0PZE&t(A8+Ce&n3uFBs+^eMKeW5O#8n^@2~fwEe-
zs^<grw=Pf^oj4<<EYfww0o+@@<M5HVh24SdS9Y{1AN*nEBZ)tg@ne6xk)r6(O%WXx
zJYa|@#hk7-VkEo(TM;IoK`Cy#%*s%Tu_=&#q1Z0E3#Z~-$^6U%mutTAAeDdehR#Gn
zrc1cT)g5`Y(!FfmT@ry{uxls?=yvuYu@SzHxf_B_hP_))fbfa7Wbc3?3jNVI>Q4Dk
zn0k2$Q^2+^qkEq`X<noP$>_>zPBxN-CMOPgRnPbgD-fzJm_QK!X%lVKL$As!o?yY`
zm&tGb-Alt;z1kzV%#558GBV&pmdci%0iUIEShU6u1rDuMT+`v*-P!R2@(1GdMB5cy
z*K8q>AKoN_1RdRjBJU_=cDSmga5-OgFqVI@`%R!9JJ{#Oa#1ahdyj#90_sSfvy7Ve
zEaSJs9PZjIxce9HKrB)EvQYgIU%Z<FjpPdjJ8jN_%WSp1$d1}*WToBz99{&lBK9A#
z*t!<){m-2L->iJN{l{QePuG?q!TiI1aAa?Yy43hM7)wDFA#kvgQB9W56mE|xnK~C9
zET1)vmIQVsaB*xT*j68+F}>Kn#uGi6@vNS)Kyzn!Iv_3N2%56VDX>&@^%hY&(kw(c
z_7Y|?LWpcd<3=vYH&B4X%H~jWK(l+0<4uAvAO+KT;Fbs9po<_2kAacPScphS%Z-sA
zBYE%6sI|&E3})37UE35}t3+dM(dM@3x=LEB6jVJ+0iQTk&4qkAN<PK-f6B^KIQ~;?
zU98m||8ZTkb?*LuRz79Bn}83*O&HuU)UU*oI)nf$8V1V4^9u!sk{KQ&OlqFDhDA|q
zX^OQf(X-m3t!=S2bHSgA_3Iz}DQ<wF9>@SflqUOODUqC5lqeMgrZ`ce$Zz|lVT!K|
z(`lB{gV-!Su?tuk@5_jlvER=ic9jr(inRyiMPpEv6W?T>`?JPaR!vb`Of_wldrC<c
z{DKZv9qA^mp_EcH)V-stZ|4vh``Rdrt^(0z$i|(WAhHWj4{t(<eyuU3>PfR^uxsGF
zt^o)#g~%H>Oe-MP#Q?7TeFM;H^BR0(fUzxYjr_a4tEUg`bb+AZKd0Ap0{VbD-J?8(
zAPQNEs%+WTO^%t_DFA2;v;q)>OG{7aStAWHV@+q@j*jkL(yL)cNCEOH7@)uo_jc^)
z3WPAul0VRZALR-Nfgen1YTBfkb0A3@gt!XTT-ev!1w(Fx-6>F38bF?BOtQE#$SNVe
zW*K|1S2dAERg8P43=iuBt$Q&B8aawO;cKu+guQMX%W9exr1M7|*ojCt8X>a~q+c>^
zsC5hmnj?`wC|?me*TF#7_MW~#n9~E94LW5ZDOwI+ZM*eMFcvP-A&bqE2Yeu=AkaxM
zzz7sQ1hBx?fxaDW7|9H4$#4}Oc_BEm@r)I;jABp>Z0R2YD2Dnd45UW6Ab=x9kO*%O
z8C}a11EjNKs3ZSu(oS0nOt@*}vT;r5FJCzgdV|Pk5gPuiT*D=N+zJ*O<+(e%hsxJw
zJPDDid|J!cuL@O98e@7oNLXYxjK|DLBbz8T00=z{^wQI}t-JSd=8Lz8F&jtLwjvy%
zayDoWsciVpB-K0!V__+BC}{-xdtg(*^<+a6xHyUrpf<)QWWT40c<7>R<AKIp!wEx7
zWjkCR#9u^!3Ezb8yp$9rFJ=e7(?@w^yiw9YkhDZ71pvS3(u>oVtY$PLhu;%MQGg&p
z8(O4wM0%mt^Uof%ZdbAKi8+M>fFsC4MYE|Q7HkKT0IM!U_(QQJrI{u<TA=yWc$Vz5
zkXUtZTtjbxe3OBU33d<5AqBdd;KPWsr%1s%=}X}DA&g*%8f90+PLRNKazY^+AXd~f
zs-88astH5VCu8Thg-i$`G=&(4HQtg!b2VadEP<N=4N6BjbtFCx(?KiIM`5~JSTws3
z*wWxj+&yGEM)eMr7{e(2g;_*ZaXF%d&INNaq2#2-<WN=>CWuOFv=R6XQlt|_lL@PK
z>tge8azJ#VXS$_QUH+BWtCiUort?c{5Xyji6+$|YqBjE?H{{R>m`oz~fp94i2_g=l
zc7_1=Dr6L{u!>kv+6f4zWCp>BvwWf*#8(D?9!$T@shv(@`OgttJ*q0>WZFk_kPIl7
z*7xKzdWae^h`6q1r})85+mnW<zfpHUP=Y^R)ZV9QQTp#{B_^Sb@fsRNw7%A?jjl;-
z*g*c~>cb%KV^+ZW+C*)t_JZ2&wL5AD>q8FZz$r75C9K;>1*2i*Eck#X7P<;a>|&TB
zkaRVvX5nlCXK<>I=3{b-VZAAIOb1=YxTYo`uOvj}S0T$KtRvm3H<eM<geZ|NEMQZt
zQjq;CQZ;U1C>h!JpCap^oP*aB*~U0t=#m|+zD=oze<$cR2Tj4ZafvC|=lBQ?B{=Tj
zgpMucp|24Gl+!c}viGfTNMwpPUX~oQ%rU<ONfzL^Izjk#E^AX0O-TmaoDEjM(FoiJ
zd&!9*kWI)21-pyz-vp6Y(tA1f<f3|(C8QA;IfhKl_lDH1w};V`()VhK`WZGAiP$q%
z-)@g~Ljb1?Mg}t&sAuaVAFc46E<@O23J}lsB|2o7sR(~1Z$<8T_o)!dTbKtd772+%
z0@+y=qzF^X!0O={U~Tr`kh7BVY=t%$5>5L8(AY@hPA44t7Fe;cQiCafP%$5u1Xc<C
zG&aIBp*MTr8J);YIln33uS%W*UZM0Ua4lM&rOLJizm>_(Y{izPs)#gP@ulXh4~TNy
zgkobmx+{~7enUVvjm9(2Tys`qtmIYVpo1X;UQ+u9yoeJhj;TH&sB{=&p4(%CHiRvo
zOf<YjIov%*D7ccha`1C0`n9Ky5GI>fphgA0;n54sHciFnJKNNr^VKxl6d8pVowM<|
z1S!`p#(9c^KKUFVa4^?7pujfB2qS+p90;)`@3KX5@lLYqWMnbbr@f=Ps6<U%o--{Q
zxkCF)qi#%M{4+M&{-TM8Hn3JmUSs6RMLdQ({0QnHppprRUDIL#5c2}?R{kwe4wnT3
zD{IxTQkzg}N0izNl-liWwL98s2bBOOBw&!C!k2&r+TD=Y&tBAZYgw@`;TfsI&H+5b
z6el`N_7zt_aXdnrCg+;0o?!f*wF7c;Bg=h-?FV9!C>8Kze6gNAS_2R5<)14%xdlp4
z+<H_dZGqDn=nldc2dycbar}tibHedC64BPt#fZ$wh|~$>b4+Q$xFNAq@SzaZ8c<E<
zhuk_5*sJQt7t4C=+3o~>uaJTsxs`pq1m|2h8ar7h99@KS;KhSCJD0QLH~mEq;q<%r
zC=OY(Nl#3<PfJNEeyWS2FQ|%!HS5(&nO;?isC?zeH&F!|nlth^%0I>IKbSxJVf9hO
z{%>t`%^Gk1uhu#HkJ<Rx_J7pSU9kV-56W);$9-^88P(E9bUTv=^NP-A3AlN%lhrkG
zhufv6;V0f3n|ex5s)Tus<Sb@e2ai={RGU<EvM+;`A!e#h=x9opj%#K_=}4MJ7*)%l
z#c4?Edle#wTA+F|$)1j4F`5^uDJ>#Kp&|_h0S1g*118%#o_lkAxzJ2i{8vaBRpS=5
zfg#(O00NXFZ8=G)oLE*IKjf@3saxaNm2QxxDFl8tfUG+jKO=gi;%5W^$_j+F=w~yd
zm>DgukLqzR36*_Fqp&oFcXju+Gz$Z?CpJ*C3U%_%tDN|XCdVu{9)`v>Zq|Whrp7^c
zEkt!-4^-O_gi)%VCADR<Ta&IHBc)BEZ7o4)5^h|yL`2!8K}sGIqpGEdbPLw2q-)-2
z90Ph`{#%y!mYFV%+Jr6!njp1_G@+q&tqDNrqf^)(kH?0_y*Zj`C>2pEMx8=576^vH
z3{R5k6;mwMzbkwiOeh8!9qgz;7>lhoibk{~IRXedjWNC*K_-oZ%lVQ5msZpu3=Nxo
zg5Q<fM;EPosUJ8>q2R5;;(oEmRN`aL(V2z4NN5C$##B&_$0e39$8%P~m`n#f;Wo#O
zNpO1=x&iUiGUSqCOgp&iq5(07fj)C-OYlNsj~hrM<ndsK(g3p>#<r7Mn!JMF!{jT3
z4|9SX$Ro{a@d;2dxPU0V`!OR=?+tmom+_@pX(K&Cr2E})-Y<Yy&B{|s9M7bxgGIat
z`Q~IHEU<6@w$oPH@de9{CQRqor1VR}Up7kI!xRaMT^CAlO=r#|x?zV~&mieRh&fo1
zRZqWRu%x(=l!rV5SKlRr;{qV5o0jH7;v*`lXpG4{QT8ntc7CX0#}0LsLPp|JVSRyZ
z99f|>STVo=+RJvol0Kz?eNsjb95h4N5ISiX$i)SjMNvmcZ8a_kc?dZdpk(g`UP5L(
zc=9aA!Y{nEOI_B|YIZg0gFM}!xbqMIL!<!37`Tv_*2okFh7{X!(;Ch(+oYfhYzPev
z;~9BWc6%5N-KRa@21Jhyb`F^H*my;LN<04_o(D*g^Z&YaEuQm#%i6i~|Ezq<tJ#!X
zI>xnR2AtyPiMdq24x8XSVIb$ydY9g>zh}qcxoqU~%;1^7WfzKycu&|-|5R@hl=61w
zWcOyGC`;DBt=^LM?<72s)b(Wi{0^C0!NoH{$+#1qOSc~U?pU<x<bB9y1pJ1@6#HmH
z`P2mzdg6;$Ezon823*eHv2zXQ*N-ncq@fk<K(PIH-FM+2KosFv<^porv5RAI0!at#
zSlodyng)alpuh#?bO$dt#*PNkKxd3dYPQJi6+;4IU)d?@5j@{K^?B3OA6Az7a`GAQ
zn52A_UeQwBwyCFg(=!g}e1K<@V^z;kZ>+ie-Lp$$I{++b>r6eN2|Ky{u7(0>QDXpr
zl6|e&+(XU@gWVT`=TvjF^~@Uj_M!mlh8icyJT)eaG`-QcsSZe2qDLRQUVDzvd0)zJ
zF0Oz!?%Pi$$*~6IA&&CYVUGItB<~9gp+AN(DwzbXmK+TWMnWNp@EKA1q`K!H%0UH_
zVe!MQ`lS~lT{51P=0-!(!m&rd%vu=sA$dU~XzgCvcoz(;@*pcOR%4~0k@GJ=q8GEY
zn3KXDOAz+U7RyC}k*P*<S|1~_lxG$&O%i$YGMWt!_UQ<e^&6C^d&82D3m>+L>sNqa
ziniK>y#?7uZZi=XD{@`QMi1f7YH<znb3m&e;B0HXe7mUKIvvFZ{-u#yqLbf#M8w*|
zH~Hy@lK_SaZlt~k`PL#GA8^T+F);x6B~pPilVP+V)-j8gJf$we@a4GfDVC=Mr-ho^
zA<YnRgiXT?m^6-VgNsQElf{OSm)rPKpPOhLs*(7PKPmCj0{fu_LnVcrDx&`(qV-`W
z|EMaa|7l*kcAY!^$J&<W<~jY(Y<$XoJH4f!hifV=>jzR8jp7lT<t$r1DL<4M<ow{e
zh<s_f1j~rD`-z=qOiCC+P%_(zK`NI+mW8QjmvH%0gJ5nau3jiojGdZ`l%hJ3!evlI
zEK-JSqwvTq-d1Vl#%N|sypbthG^4?!6)$Svq!%g2x7H%X*fnIa`NDm&I9_}bcKH`%
zS7{~SrC^>J-dyoQz8PuoYBQeUoQ%eGGyPJdkWx}+l;PpAcp%Job_Yj1Hwr1hl@U<P
zP8rG{+T|$zc~ioa*d>6xU0uN=`#tt+7w`dvEjCs}Tz_^E8US2s10UH1XoPjC06r26
za0(8DJwz=Q<7+}F#ve(=V2RNlrPXPdF}-C>cNxk+B<#{hb_upjMC7nXLPwqnfJY)A
zZrqp>ZtR7Dh2*s&7IGudJxit+c@iZ!>k2w@Ej6bUV;~~l*duRdAN+{vedNrWJb9nE
zW-OkcPg*c`dPVG3O1LP@g`=HS<lKpN8L|)?Sz5<H*q!K6n0H9e$mhgK*jUN{%aAvT
zfaD}iqC2A8v)EzTw0yIde+W?SjR46KB{y+HS0$c=;F=~+dTcYnv^I&aXwr;$=E@Yh
zQttz$d_2QK@8&N}qt2CDnz~WQrClH@V_74Y@xn<6uNhzY0E$1=^whq98v<`F2jJ<{
zasc<#BJeZwZBCyK(Xv4lNdcvZs)x$tfPyH1Y)3uHQ$L-P18W)3c-S^d-F*V=<?F4f
z1i_SXkqj_4lukA%LHrSNWggGBDqP7i=$M9`-Y|y`VWS(#n~*!>Kz`Y=l5p`3i-YDb
zq*oF)yT{_d`JW6bJE3`jtK2G)_x_465Z_ZpO{qwgnJRKo4@P}*4)=s<ieZXWRNhtu
zt1L`551~3cOvmR~RUUkL1M`C+X-E-~DBwNDP)Z#O$p6WPH>D(05Y>#FN&S3SByga%
zDdu&6?h4>Y00uW?1DwzlEp6n+#ua}8s?1>RL3z?T_0ZZ57Mgu`+!D^H<((EGxzb9;
zMRZe3Wk|0M^YEXd@{yw}*`n>l41Q58pfEd+tCj`8!M(T>;FQOLC#~=(Q%nz8*)`**
zD3NA|K~oxYcZ54WN1}N#*hP5r{Lwm%8}0miwqZW}!?OBNYhx#+9|PO2OfMtr=s(V3
zB&^u2LdNz{!jMQs(;Uqu!wQg&9qXC)$fQh23c_w%y8DJZ!RKDMMxuC$C)1XI6_&yT
zoRBeSSr0X{Hb#SZl;h+l3CCm!=i3__#Z(=bY@VNgn9Vc9z8Hm=5VmLxAAdKCI)O#O
z2SB%%xPxRIxxo@N(lWXch7p2%6%viv@hO;`+fU&~*qgbE6hqS%yBsqnCv)XMA%G@l
ziKIm!S7c+%g%iHcg>vMP-7ElZSNCQe<e5$KB`(BNFr2xGFP!XhZqEX^*w3GIu@c;7
zvz|_X!Hu0@!hj##>aN0k!>gSxnWyJFB=hNYoB6|NHYmad<V*rjvXe`j`dFGAaLjQK
zH&Esv-OG>t_plb9UMZ`A`;K8NJB34a1g5YeTMxF2EW<Y~5hbPqv_u^#@{x|zmJN4o
zHa4^&wt>+}5|zs6IO*EiDwr)e|Mg0FM2RCqbHz7Dq&k~}<)=}On!IEx?}XGh+`#BM
zAaziEkv5^Ffsl1e8HE5c2_=!kVq`OE<hu!%S-g6s0^3<^c2)_9+%)STl4}7{74%6*
zVqI;4n+%gn9T;wYWNMZqKA%gk@~k13*Q|8JJc79H&sj7{5`bb+?Kj+&fF8NrTI5o0
zdds#?3O<<72A)Who*d@Qgxxd?H6$^b!6$MJ$E#CVu#imBM-nc5?M_o#D!Q2EGg47b
z<UN-hAz~aH=hP@1{osy@+g>H7Dy?|(y=b2yQF=MNxJ8W{lQfAVlBBSMlG-B%_~tOi
zF{xYeaV1E~UlhGWB(ONR0M(Dww@C*JAWG6&Je7eec4HxB%z(6MKwxs7L$|lSNbl}E
zjjo)C6aupt1bCS`LkNmwWuy>fi$TC|d}jzmG(QlfOQ6_in{!d4X2<AqXOpg{C&(EV
zL?a3T(+dXVhN2bL^McGYdm2f91DLYvc~J=T^w;Cn@|JAMQ#tVL{(Qiz+>{gXdbaMp
z{B3~BictHU;OfyvDT?})xchWp%O2%7pj+(7RNez@<p`mG$si*G9}Q=LqaAIB={6yt
z!SLYFKv%~O=Qzi5O%X~r;uu0xF{j9QQ$A|VmGt=KXtqdoyPkj^L8<6Rw9`;`f^m%o
zIkZg-Q=+J*OQaLJ$}hn=;%@=fXjX%eD468*u$83ZHAo&EDHf@uiqw6ALbxOiDO>Kv
z6r}tXgtv+6QCYVj@8r1e7txN+_^7_GY@s+xu>U{2;Ez>B<3BV*vS+vbf2?KB{(m+;
zJpSX*mVP1lBmGr5-+;WX0TA2{X^w|W&`ofF(&I@;DKM7IvHRT&9s&)BZexd-FxiTY
zjE5ms9gp*7$3>)}7tjPBczq^oOn{p!OH9gu0T_cFTZg-QyM~|{akt=?@eu}UR&z|*
z;KG?AFVV)hbC@g4XhsV-KSywYjCoU)p>C44RB+lRL!>)ZLfA&abi9zz8eE-5H1KzZ
z6b6cu-4UYo4PyHcWe=-SfShJbRtbZ|r8J&5i|RKc$`(<xhjnWjq}rN}h_*Yl8{(>7
z%v}vkiYnqTFectGI?1<<QMcN`Cx|6ZzLUlJNO*&AzYpOFC#-;fAVEK`4|g0vYLBYq
z6<=W2A{!(BL3;#>=1&|&H<3(fbL~zq_*-enu*dn0F{R*6xX$MyJH3iO#rA(j<cH-0
zSS0`Vnpm?Z{!{bZ{y#gPvhVSXOQqDbIz|JTI%nO|90EDX;V#e;J%Ubw2?%Apv1~4Z
zV(8gCv4z)9>gj|rX+pQI*uv|fIzD$GoHCp2r*^nuC8eiP=18e~$$#;zfrmFP>Fwz5
zwdFkWJ-9clOofzSaBoOiuLQ~0vz5I{8+pc?v@3R;?^NtKU#z&%x8f_rfsvmVVH+Kz
zx}pM3WnyVFsc9L{_FK$LL<z87z%{|!x57O}h_nIiyGr3Rr;KCCrEtHJ@}UXl#16@2
zFZ0MzuG8xFu>>o#E(-(kN_qy-Pyw=H=OCyvs!r@*gpk!Fzq_$gjT`YbB)d#HQX+Yb
z<-phh{;i1Gw^JkQjBpWhu7Mk<R4zVFv!?T0QAuso;(@-&(Pgj2)n%Y7hGUbCp_w2}
z-GpxBOsYekB!?Ksd{DuuAO|_}FAS{B6I$Gv9kNAGQ&3tKI>k#AI8&rd3J!s$F~&O1
z;=wU(P^go7iflCHonby_Y>vs=l%|+ZBPa}=sa&r_BT=QUPMAh~BwpAtRZpX=Lh@-x
zti+)Ks<4}G6rn?|6;f8?do+#lXqSMelk+At?b~-@fNkjVsJ_YrBH6F(j>00uAxAY<
z_T|86j}ntfc3)r|knxaEA30#LjG;57X4(`gS)sv7u_Q0SQUfVJsuiY`&BM!!$*5?3
zMN$1qVliZ1vQw{CKI7_}LRhZ8UlDw22UtBK>DpY0aTlafJuO`7Ok-t~m#PKo^%!gV
zQMQd_!MxL+1o=`oRS`b54H6F72n>_nk_5HX`tuw$orCM#SXhajwJxdzcMfd{DQ;fE
z>z3QPS3W~}*#+VVvvM$8Ztd>rg3Rj5C?i>3hyEfX9YhWbhxiV2tDe;0Td;1_a&Ag@
z(E}>kuvlkg(K`F0h>*3>7)3~k-yK>CgbuSJiOC*gvXh*Mp!ud)B&w|=%L!jV_C5Zl
zA=uh{R_j@7*EOHDHWH=f1V?QnJ)vdMXn!YUZtBVyd<V$~kv&B=M2vKT7Fpu4*xJ_C
z)^#mwqm(`DV<+$u5X*JE<oN_)7ZVgnR?-+vs8hkZi7?t5@p71tvLS>=GiOkTJ(7ut
zH8E^zae`0$nj_y4b8G2<_`$q<bU1s#1=s|5b=qteinz8{-a=}SvkG8ggb;EX^=0es
zb2u{7f>G|<hSB}#0baQ%j0Uxr*i3^mWyNj`nTST{K0z4^lx|Z3BLVD$ZiuXRxbvrv
z=?2DCPfC!5lp{TdDmX`lOnF=xGuY$_`>wAEZlj-lBw)bTK(YmF8r{~BSiHD#q<HkU
z+GTTte3pgmo8{A#eOxbSqsXU4D#J|x(XI)G6{RENR)8FfFs?u-Z~N19fGMBu1{K1Z
z>3A`}T+E*A6CX=>My=oJ=>x7}@ftRl39}W6OR|E#J4H2+HCN`DVvoc$D<;~gf&}Jc
z^Q&?rrvy!Fjl@^doK3hKiC_)Lauig;5d_g8Aee55MWZOVQ*pqx-$OP+h45QuDQxlm
zm-`c>>2q?@+F-vFil)V~!L-t##G?Eocn~;cH*OG1NR6DuKeQfAbRSHsX@jDt4#E~>
zL*R-aovZ|yvl4`ED6{-K=POK}aBr+f`ciA|Q}U<8``^Q|0V`_%)g1HO|3=r%-T%(U
z$F~0>$HKmyVgg|2$<cd9Of7|Ctw-EcsHq{p0>vk(sBO(NEK9#sf$j)#aG9&_)l<0?
z6+>(}AKggRWYRXv74MMb2B`cgC^Pk>&UR&N&(RghO;OF3+!P*1Mt!v3P<Nj*tai~Z
ziQ%Oo<Gd|$o@+mx3$*s4cQbw^d{nFLrR%EvS}d`cqf2O?=?Mx<y4a$%QD$DDWsM*l
zuM{N+|JrAo4XB5dtibq6pR)ve)qRTX|Cz(g{Rf|7`TwFVp7`%;qI33Nv+^n1p$tBd
zPH1OZAJw&lGPq-?ziI1GKRNr4(37*A9gywqkx~-_Qc4t(0<LX}wltBgKYCUh+45s+
z=8^&y>vx7p0rTbkvkN4xbgWr?j}JT<0V7tXB1r-Jv&L9fO;N?5nzqV~Hnu&I0j`Z!
z0Q_#A@tv9xl)ZfrMY!30mT>ziB{*roMIi`(uu75o$V%nYX&cv#q01Gi5sZroYT`yh
z3oG$lHj5dRO)Vq5OcE)CC+CUVX<X!VdH}-)EXnm7MU(W<K1o+j)<1K%o(VRGd6u40
z45x&>2QCfPCg6XeVC3vjAS7kggO<E~IgZr=q5@(vM(lfo5@@7pV-$i}IuhMfQn{q1
z+vB0ykc_5UvNE>-X8311`HI8|m^oGifN@snzmbR%xHuhvf2CpBgVx~mfH}TR$j}E!
zwF_Z>8j5FvFa{=bf}uE60$A9U$B@o3w$C%|DR$B$q*in$WFAB;VJW-^(@ABR91{}S
zUQ9=)>=SYyVvz`Y-9}aE#%?b`a|}3C4{66D@e-)V#tAR#BupedVY);Pjw|Vqr!1fc
z2keub2vDGhl?l)~V=X<S>RA)(B@B;Sq&_N90UhN;$Up0mFb^zaBGZvVwGf{ccMUg9
zx_^6+WWTjlsRf~hk%`zY5j0Q6C3%8GNX4SY?qL27LQV$Ae57ThQYwI+N`w_P>m>6e
z-({rpd|OCgEK6M~fvZlzMMrAj63miC7_#9krM_6D2)vM{E@(mqu8b-ru$3~bIjqVq
z#k(if#hiQv`vMrj&slCk7yx})sExdE&{m|^h1y|R(R`ZVZwl3B`O$o8^EXBMX8Iw&
zCJLhv(|WP&UclhBjFcCbrXb|o0L-nBqcE(9%#3fu7N2Ak*dm!+DicwYNv97TCKq}F
z(>I}z(>a5mw`DW#IE~K*_hvZ)el|IUDyzI}N65Fv(8(WF+levlwy75)+kfbW?SzX}
z;(Uwn<Zu>K3)>gv)aO#7e=-!flVPa<*v3N>4Tt1R!*QRz+7VjX1pN)y*O1njKq<`y
z?K0lx1y#-oEHje0CsCaQiQg{klTHw>cH;ZObV?Zg9_e%G+-G(^Mf5+pMCJ4Ut!rNA
z_5W{)&gp+<<5TXtot>T2%>RcJM%6lJ&E@~Yhkz1xsZ?H9K4r$fe99}unQvOz2un#0
z2xTmzOiA}xvC*uNIzmYVOK;UIz13H6mO!#rOUM#PN>wIHV9^|ZM_U5F64L4ki-5Nz
zJeo%KJy@7hia+|O^7;8pAN=^_=reurQ&OtFlGE@NPrsMI(`e3eh)AJ%@$45)zR9ei
zCgQ4Txr^E_@+9mNihA?*>6u1UpF;gc%SzfQ{`AbS{bHEB@UM|H4Df*V)_@mc71C*A
zN&~fyIj)OU$ctg;g;*t#H8OG?Rs~-0I!=`e=ME%1<Q1Jekc_WvxdTaCSK6_PAmkl+
zP%t4NR3HfVuQH>ofF2MO`mBT`e?GuWr>eVG6EjI&31|J8^z2vtRi0;1bU^^JwS#iA
z@Zj9I79v9`^|&D?>S;V-#Q=d`5s*w^RJo}+g!{GZm|BxG=oi)PG_ZJDPJAsZOX}gB
zaZ;Vqvi_-ew)FH3c6Ek0rU_>rg<$!Cc8~VkFTi+(yky9M2GqS|6j@Bp<=_IuDGJDu
zORoqpz<(I46SzR$0N$R}mM3RZ9VrNbBAGi1;iJQFm6W5mcbEk!D#e%gdb%LKL=*O;
z6b-x%TjS}UJjQBvj7lkXJ>r1EMnj`QCt(g)or$-LcGYqPvX>T22~q65P7MIqtoSi_
z2vuCRvr4M&6Xpzw)y3QGyb}c|a;8Km*3&amEx}Fe@H4@*mbB!k*)2>LFxO$7W_j{i
zb402m@^-KeUZcMi3(5<>L&8c}iNS?ciyT+=3>iAShg+9nT2RV+C5Ler9k>W$7_+xG
zX5P-In$qz;ngyeDy=EvHCjgj1A&b&<);=MsVyj=eRt*kzfX6Dsjfj|6HJccqhf|ZX
z3OJ*ZT_5zIv%(z;r{pch9%Rwaoze*wFAYR_5gE^LXU9;-wt<cvgWVT)T_SOgF~ee%
z13l4)c~Yq`vZ2k|D@t5~1y?ff1k|0JU-`9I>N<ds($XrR%{c1-hj!FZx4>{Ypaj6#
zr*dk|0~fnTir~FE(lYOfg|-ZMn$*(6R8}7*UxA_ohIsTYpaKh{)V1YVKsXmg7g2$|
zq>iJ}XQ}z85G`pz_^&<Oxzm=R23?!Bw~~W+QhwYFO53l`nr+DwRHibF;T4>9x;z_L
zzO2(WrTR0@+0Hs$p26CKDk<x<SN&4Ll}C91Wsy_J8+n$5B-GK_*wK!zd`9I|KNQVs
zBrbsIWHl-e0Tj(@<N~j96HjkRa4{#fY~?c>`CV|96{m1P;p(ghuPtU1t4BOnR9R7)
z&mq$$R3}$d`Nry#I#{@AJ`$;e^IrFt2iZjqebde@3~=)Vk?7sTQvKN}eFF_#<>Ie=
z5-OkVh^{3jCsx{uRgt9n7H7vRAwjVqXXi^$T=^`)1VSPfu?sOmjgDTFh(w~Al=`y)
z8Vx74x^PwD;5n2hc~#zR4u$Oeb@CkS<`Nc{Z`HaJ7P|%OBZO-g=PZ!;w(?B#Fa@cS
zNcza+UeC{}Ms(N3lEkNGhesWuaAz<31doE4aYPb4=FgBctptyqpl5Te6)K(I(YuTb
z<#&Vv0{ND_h0RjpMp2U>CvKD?vTzyACw1b>E)C+V_EUoYN2T*WLZD!8{>Roi|Bu=D
zaEAc6o^WD+(O;GG4Jnxa5owM`#$Z_*O`$w>`{NNs$#DbPMc;wAktA){=^MqJfaPqQ
zH2gC*I_DL**%H`pM1YznMl`ben4Ttk!jxQ+06)d`!vXtw05=|GOrOx40}yEihoLf!
zi9sWbI%jNKfS@TOP4N-$0}m0FLE6G#uh;}XPLYcKzBVjm+7U~u<&#}e$cyEhNfC~l
zYPue>Un)s7r2ut%TA5^J;^4xvW&6(FH?3T`68&QYG8XULlrv*zHTz^{giDt~nHe3`
z1Wmn&s%t008EpIw8Tzz<DXWxu5m(qz5O1p(|4-|C58DB-F#m6fw!}RAe@(P`j{ncb
zr|di)0@x=E5JtIdU7{Z#QW|AWElzx=7A3l_Ew;9;<rU=!=<oIi7!aRee!pCrLh~wg
zzvCLuBE^zAIms3E8bh5#IsE;`b5_EbEZSd*9)HxR`&H^d=XdW&9+{<hDf*S;1tt4@
zvZ_S&IoYRyMdi|AsaQs}#+{!08bAUnTpJw%;e81nf$7RP1X6mEyx!;|$Bj$(_|3ti
z(p?G}CPf!M_NcsGhd9Nwj6@xhOP#BX=`KT=gM<(IXgVH=#a#_6<VfhotB(_*G<PL=
z4+c036Y<6#P20ne-<=otG=yL@YLa6bE~@P(dHe?b9R`y+*yC_)LmB#{6wr+vkL5x=
zx?lkI{#TL{9$DRmz3_ZGetG)i5hTDFhMk9y@A+zKr|X(W+PRYIn$gQHUDz)VO4EDp
zQcKhO9jWxp9Qb5F>F-ip@MMsuSI+_7TMvVQ@75F(bh~iYw<#B+@#Qk$TZ#!0)%b38
z4BW{ea9$pNJRZc;ogj(y!VMq9E_AZlk#z_`zu|d3tzGZw!==Ba3r4sNgoxJ|b%?xd
zblIU*=tibuZh)1uprNL$S^_dh&6X)met$SB@vyrM@}s~VrA+&-8#g+tVW&Sdp-DGx
zBrp68(TX@XR01&GWl`Ath1JReXZKkYI)4$l(sP;*x>t(@Uoot@xcv-l_|la$;XC@Q
zzYh<gdF{W`N2mGs;f<D$swDewAOHJl8Gx5(Vg!@#m5h_<rk2WBU`xap0DeG$zsPJD
z4DC{Niw4AY;z*iq3rj_{EPxFIS=!eu{O*RdB3Twy+NR4-aU@R<1E*9L?}(mxY%;x`
zLv^$cGl7LFKG!GAHOcW9VvyUFsnrHE-f%*h2<D7UnCsijk&31{noEWiARazDUK5V|
zZbJ+;@g#M$;)p3|tN|s8TWiR>WC2T!!?(`>=<^t8=mxXRpk;I;41)w=D<nAn;zMxU
z;t%1w%Rvi1q!c<Lg*afkfxp4k+lD~^Og0apMSSf;_*xgrkw<p30JdFy#%3jo=Y?}F
z@e6h_yPj5?bvU$<-Gs3VxFi<thbzK7W~A1XQykm=kc9bT=vv8*kvT$IS@I>wl%fI;
za18&T;6~eJ5*vz`x%4pBaiW#LPq;E7U8ToZ%o6UQkCj9heSE-Y5zM_aQ?8aV(lv+4
zc_q5q@9gb9-_8gLKZdt=3=R+O>>cju>UGtV+&<mSL4tVCD^f!U4X_&VwVKnj#3Y#s
zWty``?k~wkEjNib%di%v-Hx>63yg&JBBXotbA<L-1N(|uzHw$0KLNyhWi#XRi=)T!
zvzbLQD`GI~wLX+q5G);$;ExjH*77kCKaUjQs$&*iQf7L)Q<ImGWwn%HX+Er~7+dpj
zGTPE~SsAS*@-q6w#mrodO9Usp^RhE>Zx*CCSf9AR7Gifo!xF#qbSN-9xlV~3&+%{Z
zFe{E9xm|V~rX#TPBTTnVKMv?SHcyY0;)Q;!(Dy35=4j-G9Maikh;V9$hrS*k@+r=(
z^)DpG&-o0^jNS^L{)?=QBZTb!oJFJX0Vo!Y(+L;FaKl#a`?XR`SjxD%p`Q^ozB_4*
z*}2AjV~eyj%L2Q@Ng0F!BV`TB>-(?+<4p5lR&?#lI+@~Y->U^VLgY9&&goImHNh1<
z;i_5CB_yXRt?l-;beb_)dbz5&iHsYQJVqQLN-3;dV8pP-`5mG;sax@JB}mF&6um^G
zu{h*4tRJawlXi5VOXm7Zs@RQ%AWDouLvprD6*vL%!3z}M9FmKo)pffI0J9hXXiPFQ
z0Ai&8kSzuPH+Y#D4AJ~BlzukBF57r<IX+&qn2nDCz^)<!azoKqPaK1?Tr3rgWRMmE
z8I<pq{FUJoDI9c<GN(w-MlJh7vLhgKg&7<g=<3)Z*?LUFG18+|_ji#LktO>`dWm>C
zdUvoqBLKlg4Hzjas_EMCh0Y3W@Q!peTi%rEV!C=LA!_Qy7@dx)UJST4Jzc#^zD7!t
z9XZpb=;_&o9BUAD^fuSv70TxLIc){~k#?kbnSM&~|2bR-&|?0d%~7BH?{oe?v+}Y1
zKT-GRc+SzEmGllO>ItfI<5sZ6xE!Q1HLYlSRmhhOc8G9f0P%IN1#!Av{-LTu_7%94
zr@i?(Ln3LT!_iqs%HPPx8IrPG*)yn^gQVA?5tMO-JQ{U_Y(M-5?Gl(hf8ud?B<)Ea
zk1&r78TQ=AT-a+ZEPFp9c^w7rkFWYqG5()TM#%HS>!V2i$JW+XkN@Y|wd>~i|7?89
zc9ww;B<I~Z&<z?YlgM#!2banirjEKRYFU*e$DIkXzYO${AEuGa!8@qu*##o-v?E8(
z-`O^$6M1p3Hm;7qW0{dt8bwatawcQtt%RGSU;CQ2)@F&7mv_WvZjOwtQzIu9a^7H$
z9p!DG<%&izn;b~8+Mb-A)q(-$S{7mjAW1NJJ-m(mrdIw!d77d=R6~Ib^38}$1$kJ0
zoa~@-zy##mLUJi*`@`pT4Gebo^^)-gfG%Ue{Q?yjMOPXU%7b2kO#tes;XtdIah2??
z$~X~k5?WkOVS4TiSs_~5Quz|;PG@o!d?82AHf2OlgHnYxMH(6byHn^PflGuMG1B6^
zeYs5#qF8m>Seb|H_@`j^K~qk7PF=0X%-l#2;xPs<y0oM5LbdUVXyaMKmxP#O3YtI1
zJ^8I!<xwM>QmtU1wzf9f431gs`N))|ky^AG9I1Kk@Ny21V75PNSTryQ-gPRbHkP7U
za}0%GdIGK;b&H0`*TLbM$XS4H6j7~lSlz(BIKzy*9A}ww2q&+*x?2O4NYDz^R5Nx1
z4s`o!s=>ZiCu~}0S;+N_s%K47kO=8D)z#)j)<yay;B6PHsfPLDncq!2^E*KqgnT62
z5!6kSWUPQm7@B(mR4}t(M}cH!TutXv(11Z&$l{fQ8n?h}F$L!ez$wKYXOOfR7zY7|
z4~YrXfktr88iqd+__GrJTphrWqU29K{0RoaHPrzi;y@ex*#v*;;Lis5vl{-K0e`}z
z;Jz9+5;K&ph8Y~Na;m4jY!p~G)zx4*>kQ|j_$5-x`Zy^eWdSQ~VPRJJ>I$x`S1qs1
zrAy+LwY9<8y|sHKHc2p&k5K}}2XWC^2D_LcrNc^WZRMHd=9~_SQ?^1`x)78w@Bzq$
zsv{Y~GuH${*<t=%v5VS|r0I(rSu$-IgT|ayM^MJJn=R+iTx*thg<u73n8Px>A+Anm
z69e-p6(Dm07dN134>Sd&wJMdv6^Oc11cMpvh-4yw5V+{lrb`--;RGlItUUe`iMVho
z6c8I^Z3VHh+DMbkY)pstV0g;aWB?J@2uvyCU?5-*0?Ds%w@tMX96%Er0UdW%OXT7j
zZDev>Pip)L^pA~^y~SA*^c8*MTupfUWF_s<lFkbaSRQnwDdHYD3{~W^_Q0jV^M|DZ
z6gs2$3;-}C!eYb0-XM}HBsdX)2e~^)KeEpaJ!`O?JBchGEFMhAe`#bBjDZhq-J&$N
zoV6Ajg8*rx1_%W3axAN+QshWac8_>gAJM201?JjiLD-nb4#@i0GPJRt0J2eOYuli#
zH{;`4O551h)U;m3<EL&-ZERW(*x1-k{vqv~8_!<9C#PknHm+JfnpJUk-H6RNHE3gS
zwWX&=jg6buj~k}7v28uL*3q)|JE!Qzi%0?0G$+YOH(r9JuwPOFgsAmwC*Rn#&;IIS
zmSh~L+k_n)kJ!0vT*Jj;LH5y6Ji}=wE1l3r)m+kQ6S2;oDHCdv6hyBmO^uJ!3osAA
z6)IZNJka~HFj<uvk=J0p$Q&@=DG-b?S?stvp)n?}X(0D#Xn>PwqYugEjgvv-IgZz`
z!qG;*ft4Y}S6BfIvsmc7J~xzwNee4DXJpB+DT6|NBPQz%z)xx_QdoUcJ&37SvT5H3
zDrhiQ(G%#F4P*njq;D%F3c#sA3z7*9^Esi*lRzunRr2Y=F=`;xO4~x#M22@IHO_F0
z;8X(VO^}zg0!ZZSD-p>_^$D9vkj~LT4_B^k@*c>VO6y6!xup#Y-$N{T@(=7~G7lnU
z1v3v&8;Bi%{Vfp%2tT)If^7Z*8<Y4VVkb~*3R@c~2U&FONml5p@U6Hi7-^8WXmB(n
z><cio2yciqFzObs0s)zGvc4(R7VP=b;6=5QmyrKzSJyVyMlNXx)smBf-M$Tv8RBrz
zMxn8Gc?Xrcwiim_-kX}}J|YQ_Y0ud0)<`Sq5(kfqjP*(WUl5Mkvta^681{HzpzUo?
z_LSH^UF?OsZFhH@@pMa@0a>AhesRYpt6_3nwKOm|gxt+ZZPel`0wB5CSq63=xY5H)
zS)3E`?w$&9kvZkW)y38%Z&GYb#D&9Cff_H}M5tkt9|`7c66CBGVD=@#;$4vgG3l%A
z5?prPzA|=SEF^u#w;wWmrz<aBVIv@Qogy-Jg<-e`CNVHxssL(*mLw{(x2Tdw%QmsR
zBNhM!?2GV9pjAj<8_-6aV;rIY#3!oQvP`PzPZK6-q7G||{S%cnOr1e0!MvrX6u!;V
zWFcIaBdBGd)~Jz7CtT7E?Ym8YAq<8<6a&;e9$$IH6xCr!j<6!16-i^2+Q|`jLAJMw
z+p~QP%d)dtP~;2*I|1pmL-`rD#!5?PN||#Z+0q*Dmz?qf?E&~lF2+gOsZSZMPxZ6K
z>a-N<flA<6)lT!cIHC2L>S~`l@S3WvL`Hznh^3wH09l(fFsOilRTo|FVn?{P7+}@@
zb>NMNXtrp1C9#(M)e9f11~n*{^e=1^63-FGD>b(Xo0HjFwJ?#cZGp~WpsC4Kjr<U|
z9%o=o)DSAmFPtIy*SAF`A0k>MqQWjHNPi^>d5q_gH<i{}*(xNP;W6!%OK}CS^Bz&%
z+AM%uR%Wp$rRcI~(Q=O0qr?hwD8mwjHm9Mg#Hox^kZP>xy&zo=e79qID0UFBhcCSr
z7+X*%&(tE^x6j)eJtEmKNLm!GAhI=EQXSu6!L~1U;H!P(zynyUj=K}Fo-|-q$5mch
zZ-u%OBvIc6Hi*zigj0wxK6h1_S4b+Y{6*!CWYM%pf7B7y-IZT=Y;zQQlJs^(JF>Sy
zPZj^}n7}W0Xdfm@?AF;meQWvk%uhIC$N0>*1yOaF?-?ri$fr~s`zo(pf=IYTEOLRw
z4>s|;9YG8hy{j2#C0B^MgV&0ECt=?$F`b$j=GQRD$}uwoec=&DeQqFF**001NyK3?
z9x%7h5GjL|si@|N%abr4)n0W_wRi=96I@f>*qC4cZg0QU`R)W(yY=IA{1H7(WEYD`
zwqeB#(Nhh*4~FaBFe^w-?`bY2(>q~N2W8)k*$+ePo>;z4$#;vw2vj$R?VXhLt>kTi
zS;OaPBcW%>k;cGv%Nm)DbC`UYW*@tplbA!oHUT@wFXx2iHZ^b#R?aOtqvu@OR7bTo
z;CEIwr-kj;cuE5n=yWimkxA8TbqK6&%d<e>ZJSHDq5axAqw?ZSK8K0ttS}p$utJdj
zVKLAL;IHDPPNW!Gl?(p@HK!Y6lzgQ%W=p+<a(&(r8WT?fX=S4lwGS5l?W8Y}&m$69
zGJ19Qp$I1q6e&uC++~p<uEE0_ihsjt+VEkFjV)`RRWH^KG_m6dyHTxn-+div1I-G5
zirN426g!90N0Iz5vDTKgF8kkg&CxY;_P?|7DYu6Qv*Cq}iO6#!dQ!iF+Rrdo4$Rk;
z*7p|700xFRuzjSBNoqEi&1I}cV73ufBBQ0%Bsqr|qv)!Oo_aKRDL6Au7&_UCa^_Uy
zq^eucl95h=W{^Cd1UA%wLS1)LA9eH{RrMqfo;|8(O|qjU)wmW>e7r{Zf}rNcYgrnt
zSW|Pe5<Ro6rKPQT)-%-z5A`vE7xJ(sUnZ@xZK`(MOq^08PA6cKY?>s;K>XrlR5Jy)
z9OhV3W+z$}zX*I>yM~7Q`+9m@Npvzsl3|7UH|^@^9@^SDJiyN)P^Y`s{d$-9x^L%@
z`~4RFK1l0d#ma@yBZj#!0tt>nh&_gf3=z%n^<-Fzu*sc#;T_q8?8r~x(F5?0CX~!*
zf<@*WO+-dPj&I1A&J(mZg#)ZP={(HZPoqwx4%_|Hyh6(wLDIP$sH(efc&K|v7a2u6
zdc{Hn;uPF7b4ZCe9HpTKm@90;Adr)-8q|F}yolWc5t>ND*(vCwA*Mm@;A+@oVdEx)
z3f2)AQCPPiidOV&g`Atv1+{t~v*!t7=?&zmQdbAQ&S?XFc6Ij-4G6(U>{9kfu&Ad%
z)NiDAA#)PS*wafo42npslV-YWU?3zRZc9(!U{|N)bI-h`!LOdisLD%%vAopRoS*J^
zBUkY{p_;PM-e>}iUbCZU#eshtvKjJcG9wWuG&2EC0u$t&#oi^192|YEO41z10whKN
zGhTpp1kOOzC|F4v1_5_Oi>o<P<NHHOokFV<*pT#5s;f(hUfo&9;yVd{APTMEu1(3K
z&Yn2%fG7W6*fr1>tOG2C+Tr(L*HEwl5Y3-qgZQJJg~;%0ZkN>Dq)&6~8G?pC#O5p^
zK(Dyw1eb6BA<=agiHf0Au=qs8nji!a=S$jZ_j#Wa3Iu~zqg{(E_DED)>k1ZvFw|KS
z&eMIOItW-7&Jv7xHDL-sZj%{19&jea{mPFD)<FL49&}Cjbl3p~keiL{Fy#(fA#fN>
za|!a6kPZfNg{VnTQn0Z6Ae0fw1T+IgLdobE4HQl~$OJ_Cif2`GoCsEY5mF&0IM}_d
zzq`LHtdK9m-P?L+E#O+^kw#;yiCCM3QNeYUp3Yf1jY5r(lzE6Kce|py344#d%aGMX
zmJGxSV<KC3?|B_P-JK#2a)N8vku^vQLa-ymVT1Gx8g;i>!4S?YU4kgsf{`E@cCvD`
z!x*IP)twIWjk<yE)cn_^^h?8Ej*U~X&0pGJJsZ7)a=y<O-+tWtiDJ25ikpc-b`z!1
zsTEQh6!(q-;cK{nK;(mzrl#S{sNkVb+|k9Ih2Tq+XeeIzCa9bZyHgwPH-3A~deTk4
zoyNYmvnsQQc~By<j3Lnq<a<&pvy4SfMWYFM1V|cHfqsW;VET<G;pP-Y*CVYO<W*>K
zyJ&kcmf+es75g$&-prNC1!>3gEj3TaU^Il%Oj8}JMA9`eYPW=Rh*}HbifLq=q?V>(
ziN&=`!$8>*MlmJ|D93(KdZBG&i|auUqK$FX%590!j_l@~$*2hVR}R-KvZaT_d3?*f
z7<Qw@AH}SBL^5yk6^~v~5U_&?dN4e0OxoE63SiN00C5PF+{Ep{SS9!`)n^?EZr}tr
zFU}D1pX=?Q<`Aq6Cx~lKjWm^}_>`Gq)Hmeeg}AbK%7H|SpipHHE4efgH_2v^Mu8vH
ztjuK>z#Gw+UnkY?k~hxb9(v}(cJn9qNzGw*Y^M$it1IN*rfDu2A*L#WN>8P<gibcQ
z<WyK#Z3Jx8M!VwRt;9zA2l}=RbPWzNnE;=5Z0qRm6%U$heUpAc@8JlFpv_>44wdI0
z<z1AfE8*>;yhBkvsZr$yXtJ}KiB27(?kKV>j}c4>hlcenMH1x7BZ7T?>J@VG$Poc4
z5s30TJy*vk==23?l-H0_N9tgp`)Hww^xxu{Jmz{)k=5RTIf^Q&vliAjONb;bZ|8^V
zzt$V_E_PBn0i_)-Noype`2ASKC4H5$&K0}HN^AjFCTMkpKJhKCRoZ18bj_5Cgy@1w
zd%GghipZXL0|X)!ER!g5TudNTf~4qBlCarIT`>Bk>;aE%<bbSs%h>B$T<BZ+dV4!I
z_YDknbxO-!9z>B9HGnHBB!$g(x3$k<t?7C=qJc9WI@PgN>x_G6@0)u2cJ)>$Ibb?5
zOA7*%gG$Rm3>6KLLc=^YN8HFkxCiH`N*_0v7zILF9yNvb!j!rjFA-_*Q`p4J^6rbE
zjCPnbjF7Ynk$7<j&cZ|RPK9Hg!FL|k9S+91!0}x|815p2C*dG`4`CN{*-(TrOhx4b
zG#Ls72cqjuAv9rl0;WB<Zwu#W7&dgVQSoStIf&%7tntmaCifLyofzyjop4A#nVho2
zKGRH$U7#Ighkn-v2hLX_6l@lKhJqIhS6!uWP5^D@n?wc|K@Q3|(1{?tglULEFz{2y
zAikliw_?18&IJ=jM#+qU>9T4Xps&!VM}tTczU;}L4|ya6$YJSAfG%l(_fd?A?Rt4J
zG0T`mHf9;qV`MV_vZtXmY2S~-O`BKEoZFDG`tTcZ+in*ul4p^d%yhNSNJf~sFi`qB
znw`ZmKobSb(rUrOg1lCWu97jsy~+C>c&EJt^3%Mf?na50QN44($-BqmaSm(w5jq(F
z+L!L;^6_C(I%_cM*T4I?Reow$rbX^WWMAb-(E9}1QO_R1Lw7SG`hq({{<GmMt_vJm
zvHf6fnY{d#Nq^4Hxr~l8T=iOsL|Kv|SyT@D+$w_?L{c4tE2q(T+DcO5+d90hYiMha
z!<1>6Izp>g2m6M5`+7I`5aQ>_1*DpTv?kW5j8@r=%e0YhoJD*}iu1!o=~WvP2cJg-
zo1MLb<V=ywKm>ux@$E6l31nI$Q^3c9qCoE}p|i_#r~*=LL&JE+z8@V2dnma*n>k|g
zmhRrJAyG*Ob^UlA>O`T$_%Ks@vr_E0tCU>EUBaJ@_+bE|YWZQH<RN1NZcXG79AvpE
zvJ21bR#r`$Nvh>{k{~rGJIIEkn2=mXPr(siP4iPeyHlbrRwj9oP_v0Lle9Q*Y+_+j
z?361^RuHXrV5?d$?vJ|RPF@N{d6G6)!cV;N*xoldM7YGz@YcSay`61#s1u9|0nTI?
z_9GxznD7u~e6oEyMDre>@l<#$T^*gB1Kqtl2fLhc@C@#15^Un9z^x!>YQlJE&F(?a
z9}Cr3aocR(Q=?<cmaajk0%39~-83;PpqAEsDnJJVU0Vrs0-6OaSymf`l%l@%m||O~
zhbpu@eGtxGv?N?wb@uHP3W9W+AmV9(xfbVxtmVR!%@Q7Y@0o?EV@7w}YMyuFpN3a?
zr8|FBmF)j@SSf&t<o{`owXE~{f32PK|C)`Do&SfO0EHAl_LHN|N6gnFi>C5f#~iYv
zP0@9j{~_A8rjia>Wk=5D!A^zyE{*C*t^COn1+xac(Q;g+kjsLf6zJ*EXxR3gmdfSQ
zx@jd?!BJ8oEyh8Hus9}}6fmYpP=&Xewp?A|$$+)M#6_4#yiAt;+@{PXFc~y?VM-4E
zfI(qS4r0^Xa@E^1dBKWGGAWKi63iXJO>QNvS&0$e8#8W4vv)Yb$^F^Rd8BA}KY=Yb
zI_hqVtURkpPeUo^xth(WP4I?Q9@^56rXv7MFs+UyAs+r1L|_?D5n4CF0WahM6Pvc;
z8FYl>xt!2|lWmw{h9{o>F=M~88H21VQi6@Kkd)hr^NqRmPA`K`k^O&i7W}{0wlueT
z_WxLPZvUT+&ym>Mcj@Vt=7J93N6fw3rg!Szy~c6xjzVI<=4e}U%j~*$=k??UGy?jR
zgrS*mr;dhys(ogPL?VilU|2jaO?r;S?XNU1v|WQ8ogG6RWIokS)l%tcZ&%+yr!sjS
zO(Hcw!=Pg{q#Ye^>VlWSX4Gja;#CQGO&S{{Ov1`#f}Yyomr46jT!xV=McsnndmZfQ
z+kC-LSCCbU@Fr2i-wfB&+q?4@AWhcQ+2`egZN-YU6$^<P4Km6tNli_YQF;^YM*Z#?
zUSU3XUIbKhoJULSgu{17@8WM-i#n=z&61<K#@*GK&og?hJKr_g7uw&ET`E#xe|BHz
za(fZFz07N>t9=~Joi!^soC~YAj2`FirnX2;X+BM{XNY+GAvP6sxerogdi~O8;6qr*
zBVG1Jw^^IxD;RY=(6x-<f9~&8PWZ<*&FWE23$^}1Z{fpqFxRH%U|vywS3EZ|Y9^vp
z%6vI`yn6jw6=|`1sgmM4FC9+bj}<09&F&!_LLW?OS|%9m1fhg95hKT>1}o&ZEmP8!
z6Z$yBo7d4*_H&){Ij5gIUTBJ~4g<?suo59+HZ^-8)B)z&ySjT@nnkl&EY2KXkEoCO
zoMT_10nIs9`(3f;-_Pd!DhvBnCJZ=;qte0cJaRa`BdWQZd!|^1?OZ7|IDJ=1h?!(t
zA7F%I+P-dr3j>Q_@9N1u4d)Yc*s+(CAjj#QJ)LL?B=}6h3&(5HYusE(A4yGgf^Zxk
z#??$lOPiH&fJ|G8<Z<WN6fl^^sBv|g@IaGpB?RXnyTE+VH4vQAz<^RW$8x5ngK4F(
z$xtaF=JMzv=dXkU*qa=mf?+e45}_WEWnhE`cdHxh>lvoB2;Yah1_t^D9G6Y%u~|pW
z_r;D#+h8~Y&}KDshf$g1QUs7wPx`M1dWxb$5r+Dq^W*G=N+6fsohDlVtrwu4J-StI
zve4@2_haP1cNlzG<)9vncEDovZ1~b9TJtDAk`WTxT%3sV$BD?p6JAj<4ayNRq9kPd
zMT|J=k^ORUm@ar8tgPp>U7>=G(-0B~;$s__2``@1H5+RlufDSRSC_Qu<fC0_OQGJV
ztTGSW=<F|PTO=_+;N4BOKQ68KyG0h1M2b3a^Jo@+S5KZGQ)Tn^w!=k~?kQQ3*hgM}
z?*^qW&E=Ia40y`OadJa{(pYrI<}gYxeS>tvAIXi5YFVZ0ysm)@hPHS2Zd34b4zj7*
zN9nYpPLAf1<U~z_Rp`w8f(s4MGC7kWOVbi?YX^6PS<Ey5>17Q}xJX^Lv1!{j#2hzr
z$plSNpqdzvFgK<#pdxer>qn9Qy2H3!O_MfgY+>qd>h@}<O17fD?RI;!?A#7#LL$V{
zbp(7Zm(`}t6`9L6z2wdsag8QYl=vcKhcj}fjQE1wFfY$LOeR;77wZg|+?+f3QR@ya
zFHhMGTwb90o&PH33SMY!O>=FOnfm9PxGU<!E&F)prCaW~>UQPMyRlTvQ?+y#)Pm>0
z3K4eck&5P=wT}vC?HSO&+hw~{-aWS*j`(soN}aNE!+1}sX2&u@1`;D~C7sLBu(Gwg
zuXl5IUs$Pwg0DtTYZ*_mBZ#M0xes;0yU(M<1)9B>r3>0ZF3hh4hh&1q!}dv@l>6jX
zcSpo28FsiC`z3R|=nVXZ@p5;%Ud;&XG##5=y4zx&$Ig&Sa8riD{+`N(9hE1i;gnv?
zPq|ufQs(I>^LQxNlxE(~ZE=cF4MekX2Hh<LX0|n|pja$n4*N@)!>t`VdjuqJRuc*%
zQeV;nX;*}9LQRq#mTZJM$Q$ZcWyjX;9$^Ix8HSQl(^Cp~3sB!mzgmuT=u{ohOe2?#
zYYGHTHnM6~PfjVhv^t^cNz8cf3otiyaN6l3#7%i9O>GG3ys>;E?&ujH3;6=S+QK3(
z)B<5?gVH#dyNzKtgpi~ub@{c>*)=!>%w(YJT&I;z4Qvq@B#f<OwLLjK>p#&u2Dc4%
zUntDP4tg&RZa-*8=U0g!Z>VqRf_|Y|KQnDoCbMXKH<h9OMESw*?ZamJ`dxI!jii_t
zW#0aK`v!OR_Y*eb0|e{~W-bG9JN$<Ys2}oaf%`lG_(dD(>xW4sP52X0k=p%R3yok@
zO#vMjZKXqO#qSgs=wMXf*P=2q<=~qZ2nag3LVH$6$$J)5CWz`ducKRF5?j<XfTEh<
zdW$4VJ$?$X86qook~5mqMz3Z~8rj`o$O5*CdFt#W+e^om?Y`A=X;g3L;}fK|Yir_l
z6ImmZp)S;X@5Sxc^e1-TJ#o+&wI<=d1MgC$w$u?aKPB##Tg2@j^Xx$$doAm~=r-@%
zDlolXgI@!h8I|zR!d%lOL9oT5J48@WmLN2cuRc&h!McOnce>`D(GT88siT(0S&ePE
zTAKJEAP-}nD6%Y3Sn%3XlHdgrtPJ~hkX;K9E!6N*t)XNMOp$Hi(IpRK+|tv%!)IT`
zyD8K3-Bt%L7$kG!+R!+mo4FCk{IKx0dS2H6V~8$7-=*U=7D*(N$^><CLxTikR3S%~
zF~7D*L*2dIL){%c-H38u);5@n!=T`T+VKNKVwwWcP0NxUDCIvXok+|Mh}*J+{GlOE
zK1KHLe8-aQ`Hm&L;?Tea!x(l@oY}ORBPUL9F|*)4An)16!OrjiAxXHomzv3Haf2Wj
z=10L$2}#4)O;AED_<T4!X$X8Vokq?>$qnj;;p!4}ji7!svI(3mn@z(GSwQ9v?38Q=
z9ijV3`&7T2J|+79S2F%jthpuTjsMd;=l?$&A0Gc_mnZ(ut|J=%r*Mn_U!Q#%0I2ol
z9sr2D^;a?okP~NMl5Lyrm@u{i)(Hwj>EUpr#jr2T;9QCvvuiGL%&dP3@PCW!!cFDq
z1DO1}HEZ(mfB3lg|C%+eYpRqr<><WF=T*-Ci_Jes>^r&+ua6@8f3$T?vupm>wl>ej
z|C^Q15E#soGsuJv(cr*zS0U#FBZaZsfC3aVp4Btp776MD%b;#!j^9{PAIYlOsT$G@
zoaNv)l{81rMaij1P0i3a+rW4qpt053YEV{(=FRLxHbN**JbE=YvYxdpIcV5L<H@v@
zuPC*2C;gEFYz`y+fZ;f_&+_uXQ>bguFhI0vG&3eY)BG`QCZg2TY%`1msSw{CuIU8X
zA@T~{kczE;5%DwaqwxA~ZH=|M_<wUW7HgSX|FiK)8gVtr)mj_48lOd)3e?n~nqULf
z77(#KfaOs&RD(&WHYoTHygIYx%ob9^zAFNg`(Pvz3E>K69f3^^4Q&N_6V(dl(it_r
zJE&&ILLp}L5HYO;xbs0g94$yzaNy!}AXG!-M4@#srY=M40rYlkQvzWHI$DW6u>*yP
z{*^7XqG3j~y}A{2!!fC5)8&9;SI0nackebE5}zSwwUj}MPQNpu$e5WM;V314+XMMa
z)S9cIh*F@)rL|@Qlwn065k}TXwxN-}sYD`d7~;DuwMX^f5g1Jn{^Y^W^sEVBbhhFs
zVBv+;7~&Sbv*9}hrro$3`uMmO-_1?<f>w&mVKS^}Ni}0aj4*VeH8PnnS{j8FHJJqe
zgAl*>w^GV_QUmuQ(F~1L0qeH_AT%JqWhFp^2Sx+9iy<urQn25Ra5on%!6txzz=VWU
zWUkBh-8O9j*KB}p;M}Ovr#@YMfm~YKo1uZKsNX?-tyv!k(>rHCkW|MFIzVu>2LjqM
z^W34iY;B!+Nby4A53$@k`wrzr?801792l0G^v5roLS-Y&5dtWcnE6mV&6GMCaSj=9
z>p5`wU~|C1sVUUAu{%$Hz5{23oCh<$5EP~w-!_VY$IBD~AkXxa)Tullc_DBkt&{~&
z2oj%RD_)`|{~|A9%z*7(!<}85cW!ftf}*}Zsew|Ssb+e1b})?#Eez5y=;2ctNTY3Q
z-Z-->2TKk(`n(~K+xy|lC_&B=CVf2vMhqq}D2T9;k7*W66xm?Jos&n%$g{h!l-O{3
z!RrX;niRrl25d%+FLBP`TN@1`=#T^5p_Pj+64^|iI{0{llGc+FrLf2JfYQdib3@W=
zvcFo?a3L75;+e)Y;bTd43O2WFj%_NJTvEe}hoz_%5snEE;=(As*`ovcaiDckr9h4L
zHR?)XDU<>k(h+S#z&H~PWTX?Ev*#ti@4J|43PJ3MDg^<qnI1vr|Hy*QFnA*x2{Q;|
zB0>TEMdtyu-@{>L0>i4&7fQkq2@3SCSo5NZOG3!lc;f*dMvVAC9dA4dPOw1FtYM`-
z06!=2Sv?E6F$UoWP;BsLHt;VZ)xS-evIh7So$X2?P~WR1g5Zk47M{Gosc4Mpc?snZ
zp?Ew(#LgsCXlfOUWMbq!*^>0V3gUuExLG3j2lfWSw22T7FiChO;W%RDW~iJnOmE#O
zpSoFB?G~t=RVTf*uaIkxOp!55Ra>Dd3WctklSOKdWMX0Rry2gVz@OF{#<YU+AtFG2
zl1^|{bD6z15ekH5>SC3W5Dp_2S}p!;mVdU$KU+imaDuLlbcr(_0^ZZHNF>ut{%axs
zwb~rYXUhaCV?ziy^+{Kuc8TFqEa3Qs&Ya^&;T~w+=EJDl;#*h7P-!i-`nD8kPy?mZ
zCvQgpyKn>o>6fek*!V{P+X19eeA>*Ow&1T8_Nx_twaUUK6Ow?VL+l$uJ@Ih{if~x4
z-_syjtdt|aRESZiW?a`{`4wXpWG2vTKNh87R}jfHjK-a_ugw{dsgNT?5d92dQBKa#
zf~&ZC;YcLDD$${x&FhUO4I_)(NUTV!u_Yag+GOps6d5`DFCJ2!&hL!Y4e7uB;)~Pu
ze8q5F%!KTL*hqb#8faNKW5Sf=r4{;eb_s<r;xdy7`wCXs!Pa%5>5z<AHP##rH^;*3
z)`eTcYr@g+x^T<daBFKg7LA5n-1w-ctye8+6(g&0H95*96=wpQCCVc^m)Y#0x|k1d
zg4Wo~H@jYgU_zR1q(!E?_hW3JLevo}W$N<OZJyaSUxb!y#FtJ^WOpQZ6DSH@_wtey
zdpo-{g*q#ykr0LoZmFPrEXu-AC7B^7XI)J?GJT*H?6oZjI#^3YdF+JiJ?Nth*bxVq
zcb(jq4=E`@;VjHgh+IudNXmZaVV?DBJ#^?f`LaoOgbz}~3f8mpvVuB$I8?$hiojbh
zbRlZ>#g<)7Od7i(j7@#Pt}nSHtTZ>k_^E?p5)l!SPQs!(nCTcpHFOGm^%V>c^4!>3
zWH((mH`tV2iuO6c>IH0A#Hd4#6bchTP{(@55TdN7*`j7d^t4GCTR3V6+08m<m0Sye
z;7hh5TQ5kvz6&*=2EvL!j99n`4a;k(B=W^85I@?bQ#(6k%3ZiC&3A3b^f}ghxU6>;
z*(#s4ql&Y-NVXEp^$1YwD~P|&fUQ=7uR6p#+ng1y0j7p!0`y$iOy?S<vbQkBZ&m_<
zg7+#ey&0;?-TfB6s-d@u)z!2CIdLhEKy4f9C>+I{y6|oVo2lFpMK`H`eK5}F6J2)V
zZ3NiSL@-2C=KwpD9tE2(ZE1#lqOx^`8V8ppma;1^f!KWl5<@;$@GuP{8jFePzPS<`
zXH!<R!F-KTf)Y4sE|GC&mHhAlnmnBj%%pfhkn=R>*OWkpmE4FJVB!Wt&+HB}V=4`M
z_aQi|PwJMH)EMp7`_4Tb01E^RPNGUev*<-)V47PFVV_`);F3Q?MElG!FnwUUv;df-
zIw6=<1r$z-tfH{ToLBE9ne}+>NX87yA}{JGPU|CrPC_tuU^6W?0`a)&1Ca<RLfAmP
zqNhy@5N3?#YYe7=G{ylI+DhmN8oQGQ8000gnwd*lVk>Nd#<=?<?}=9xiLv0^;$?ll
z$#qX=(Mij9T5)ft_KutzQ_24Wpt*%l$bYt6?41U)ZUdtq2yw|gp~0USVjHQ1KXYLU
zLm{jTFlnp!jM^Q|XlmVX=ARwr`fP(a31M16g%=1r!fd5C6l5VZ5cf!K%#_$j7A+<<
zhr_ZASY)ch3jT>km|l_$Rm&1t2yW1`A!_`Ep2pM^952>Ak8Ml^HQ8j2Y+v*V^*{}Y
zBs*eQ<Is7VVsG#T_X0OV&o`(mv4MSI#r|>x1}BG=7KRA$W*|sRP=cDsml(4H){Ylo
z>}FIYL|LSfEBBRDpTelK2r+t^th=^~S|m{U(3Z3rU+~x%c~c}PK@b5Tb#HnMf&f`8
z_I;>Lk!VJy1kA<}0K?lTgeDbH0R_d1`SpzAAtWYNiL<_Bsh72nK@{NB;7BL57`GM?
zr^KeEu**Q15`&y1MG4lLaKoT6Li2+h66r~luB=y@J&jw2u^YBunxW0G!;%MU$FK*B
z-(X1Vjd4N4NK}qa*w$8zP<Yy<QYdAmn^f}7xIDYGgcZ-o^BcG6CoU3*z2ZvhBTM^;
zx7i1xSTq9vixKRfNm`;O?5y3FKwMdwxL6ATnaF*}f>HvXd(Y%YIDN+DNk>4ab!CN_
z0}{KLZ^~h;H17+wQy0;h$hY_<q(CVacr5Qsw|l0VK1sk_lQWoo77IC#ISDlT%y1$v
zkD#tqnhVQlfUgxmfgLo+g#vjj&Zb%NP|5;!g}Fju3h@TuD~Ka|={XKNWbc$I02kQw
zCrXYSQW_LcC!(7Xwka2cB|O^`kkw#O4WkE&G#2-&6LA?8OX@@tMvli)t6@yf{2RE3
z?K<1GDO#jvH8Rf-tcvs}$TwNOLwljh_%hU#nkG9edT-LPu9O+-EaMxHWT}=ZV%%Q?
zjRCCjH|TG52#p(7n%9W-u+CJW?L?N4kdX?;@Q~&l{)#IA5c!35%gA5+uR=ft5D(?K
zwvbf1o>IK0xbqxiW-F_exNDU3OrUZYIUa>WE}Kwv?XjHOi3APe&142N8np}xS<vlu
z0A{02auF-!>A~bZV19=Dt(&E{ZtJ6*O_@?)rH+$gOlFAJ9#TA{$Y2?w4rEFI2hiLA
zrK!;~HL&G|G%h<DMqc@eflwD)_TptkG_odCpyCLv=(yLR{)s?D|4KU^)lb`kxbP-J
zohAa}Gt!ILuOt4^CMU<iFC-?eKKWkFYm%B|Is%7&^19=UWHoiS$I_gWn}sCpK_Hzr
zmksm?e-ZNXmO}GXVEOyck57f>hS~(x26|^O&rIdPHlGrT*J!>O$Z8gw0bW$<lRaJ?
zoAC@d%{f+oZjc+L;{mm!a^nR@EY7K5y+`;6bw$8u)Ei;KWbO&fY>|}k2<>Iwp=xSy
zM+z|S2<i(#V{MYYJdPWDCl9k=y6l9{ZqNd-(em$j=&*mVLk;_x(6iPQ|AA7g@B@M@
zf;1sK;sS>F2(|(K+jRY==L-JIzOUwm9Ux7yZ(9rz9=L%qy}&p`VL#!q62mq7LN&fv
zM1kJMBEyxE7YB!nFz3o%`VHAH>}Tv+)cIi<!cXi{DHoz_yaWR*)u8Rq!>CSDe6pfk
zOCXf>>KEL1tDdt4YmAD8{Ol<U#H<LtgrnC-Sju%P$HAhiLE*S!>+7+Wd>3T5jjAy|
z6xO^;spdXNv$~x8aZe}p+|nh7Yh29|h_x(U$Z$X$?|_*1$vV%YW{@de&sw8rdF!4T
zjh%It&r^DFP+Do<hW#M$0W@Zh8y%$-?tEdhF?64b$-mY~Kb@ZFZvh<o0HH2Y#@&dk
z4+l&_aB6l+nj3DAA9Md+=X&6D!k-9m@JAw!ooC{F6e{V{ptn~KV9xNs%L`K|jA~h7
zeB#)o>T>I@?%fc2$KfgAYCvvX>ezu<%8=p)UX-0<e$UqVJaoDhp9-*vkHsO#&xNs;
zQXx<K{=oRc?chYRBL&L}+$UHSj}a??dR7eYELw_{X)dA68d9uSnHEs3<OP>+eLk&l
zNv#Ob?qYf1b{A{$2i>Qbz!O|{Wo~@?nYQ^rU#M7fX~hKSixeviy$k($%t?!np}-^*
zDVcvHg{H!F!-63n^t4hNX&yBLVZVDCJav!*&XJC9H1{d|DJA|FkI^>MK8nTvTie{?
ziT?%hALrtKRsQ3S{1xP(ze4Q=Vt=*!2mflXVR7{~xUT9@Q7u?8lE$fy08|R?H7>OV
zJK);}xT<b(6JD0l-W4f=-X!oa5>Dr`^(HIkbS8u<H&Q9Md$6l|qE!jm1YJdN2Oy&n
zi_j6UR)y!mq@gC5+LONx@q0OLJu|EGU())gw{kOP0mb5fx47efHb>X4om>C2@)0h<
z)C5H841$s(R8vh=dEk?(8xhEu6r=(B1KANGzEm@-w^6D&Wahoxin`i~OgGvF4YS|`
z)uZ<9yPep|W$J6{DLtuXgVfnoD98LLj7cra#St2Y4y}m6<T_Am(pYq8<0Pu6^VDqi
z*7OT9m@>zx;*orTYbF!(-7~{Jsy?Ubw#XZlu3VwvAj~;otZ0W6W_Ez0y41+(W90Ok
zL?+B80Sil4*EH(_n)=(N#I_(>9B=6A4MKUrVv~ZRn`~ruXgF%5DcC~ThJ3X1ZKTuT
zZS03hw+nTWd|{6u?i_3e&_az<Y%FPv;IKF@f@pUZR(5MsVP!&1LWG@a8niABhAjkI
z)cBJ3Ou?>MesvHu@-C%WD!vYG<J!aF;j}hMb{lOkn(s3hK*M&VSK86}5%_<6OeY+^
zED^uu&-CMex3orE=i-0Q#>YGV2_s%+8kqk4x5mipx%r=kkN^CSWXnkcGnoH1Yv$Jf
ztbFp$Kl#-dYd$kFrjH(OABE-rSai+WR(JgWmgc$m-?Q@B*1h%2b?W}A{Z%i*&umrI
zL{-%lRaN_zEV;V6`pv0S$}~;OvZkh{uDa@~dGq!!TzFvV(rb@7=DOpLzvhG!-g4Y=
z*DqiGme;=at;?6+aMDRPzV3Bzd;RO*{)RWa^VCz{v2x|RYHQye2;5X#dvhrCo>1u4
zaQK!rYu+D=y?5=}55!`(wYA;e*7l)|8$Y~x^G7>7KeBoA!R^~WcFs8;+p**Bo}Q2O
z_kUt&=;P;}d(W<2_g-+pKU{d>r!Kwp(-&WS?`4;LW@P04v9bGg{ejCbf50$4pG^MK
zo;{zRnE0|~eQ|2)%U53cl{dfnt5;wBmAAh2tp^SqxZ#Ey-ucdV-g@h;AN=44Kl;&+
z?%)5_g9i`ZefQn>-h1z-KmF+k9(dsMpa1+9zxc%mAAIoIYae>+TfcVWjbDG;+rIIx
zcYX7wn;v=3dmer7d%yjG4}9kXANW5X{pk1ZxZ`_w-ud|5cmLZbKl#KbKl$W8{^Jks
zzyF8#-~ZG<|MQQ&{N<ni%fI~ep@$y&#y7t4=%bJR>%ac%p+i4^?6Jpw@Pi-x_{Tr~
z=}*b4ryqIbmybO1?6<!4?6<%DAK(4%uO55s*H1k0o9}=Bw@*FwyPy8_4?p_Re?Iff
zGtWNz?9)&G*K^N3_h0|@U%&Xp^Z)T5FFg0$pMLY3KmXwme|h1B7oLCqMe_O6pZ@yd
zi+{t<|NHyj|9+%N=#}#c!yi}+RZCy0T2+1e_WKS#bnVjDG+g}XeRq8Qt;<%O^P%nc
z-}#NVpVD&qPaeJhV~@OB+48p2yFYu^w{8gz{=>!J`t04`d4IIF`EA|iFFzDGaCzjq
zhg$~vKD_Xx+8b8<@o{C7`HN!%k3M(qIomfa+InvEHP3wPu7%Gi{g*AAchWU|E0lBR
zcP)Qpi+00LZaVO>n%leP-|^Yg&(NxG{m}dcE62^7&RMal`aRL(?z-XJ!D|jY{iy@*
zx$dz;_x9HR>gH!QZQB2x_b(cH>X}d6ed5CHx1WC2)1wDhoU!D?>ks_$e?|^2+<N<=
zPyXn!$KN$?-s13Ohd%h?{GS~6sZUw&+4QbM+fo;9dz*Ra3)?rR->2O6i^rDTSoP&4
z&;8(~i`FgpNz>^s-I3V%$Yt3B+it&YDDl3PffMFE`1g-|b>H9qP!;aqxV&ds|B3|z
zOaE!{{BM7_bLooY>CbMy>X^rVeel|27e0M$Uv21)pKa<ty{hZ9>Z%nt25S1>zhc$E
z8U5Ft*4y#@uB-m?&rkjIsy|g9yuQ2l`TAui?pZpt@XhMu*RQy7$)T0~t4@9L*9Z6g
zc~5;+jZ*u$TQ{Ya?d@N&<WtM5m4VLBtyuYsuK9~6w!PsuznI8b58q(bDED1A_>NPa
zc{tv?=$h+J>w9wH_m7$X=(@UhG#<a~j%6o~KD>0rwyLk)aN1SX&t5-oc=>e;Pds<S
zK;qgfPyNj=-gEkfJ=eW&(YfmW6?^{AL)S0w&V2i^zM4Ot@x#t*S`S`w_e)o84DMfi
z@1=jfVgB8(dw6T_o-=N)N?x#b=y#iLY8~0W^6C>uwy*m7H&1%}4L?~~eeXY=)OzRg
zl{L5Sdh8!hzWU4?KDp%kHPvs7FI~B%`t+fy4&(TtLmk!4OII#_<1gACe&n_%-f+P`
zZhiMDHy`ZSea6$j>|Jou3vW5LYou;})o0fJ%YE7xRpsj^zhzV6h6SJbX4^le=Uazv
ze$BSi&sZ|QukF@HPi|<<yl(QrHMiaMod=JriY;i^dtmAPH94i~?xtV;_+ZsvQ+J(w
z?z_7_d;R>UUwg*MZ*1>hR`vD9-~FZe!9V@6&a7JT+@Wp%aPyOg?);{@^|U)O|9alT
zi}x=)?mhc&IOdNl7tH(Oxwr56-uf3`S9kXpzjfbRU)ntSpX+l^<z92&<hJDLnTJo!
zT=kb<ZNA~zs?UEkVqCTE!JmC={ifruKjVyRem?M~H>^B%N1J-x{I35!?bDks-G0+)
z3#_l7I`QC-7gfzW`MWEIwtnP&^B=rq-nHhRw<q3x?5C_V-g3`<SN!@*^(Xvo;^&JF
zZXUaL^LrP(edzP2sIQH5?7aTBpZfLjUw+}1uZQ<9Oe{S0<YSH<eaHIm%=^!(Tb3RB
z!^XeA_~&~+^I+B4r!2hj*n5AN8vfH?f46kyd#=Cf|K0t)^q&{JadP5`(|+)k;O5wK
zD>}Y#u<d={_&?331h4&T^ZYw6j@`99_&>M5{lt4VeRAKDk(%$kYa(FH|H9M9F5mfF
zRr<tl?q8mH=tAv*M_2SeansgYH(mGANZ^?l!@sP0&9nQLp7%cojy-e#2fy1jzVODS
zKYYW(`xmWF+;QxO=iPYT`iGZo`%u*lt9lOpF7w2J#ze2a_tB086TkX!)vbpvT==bL
z7O%@L+`i_nMVB3W=PCcay(-+<w{ziNul?hfPQK&dZ~As-r><N0mLGiNx=nX4nL74k
z%dQPp9rM&36Q6kd!zbMLz}KptJG8QU>0^U|KQ3AvGTyCz=+F<IJ>`+@%MRS~;vKJF
zz3QRs7oPa&8B>{^zx!JKH@~abA7?)Mqhk;K`Ly{@-?1`x)j3Pgocwloz?iq9=Hpj}
zFMH#>8!o$f>7K98OLyPA=KLFXf9A<szW3V~56&BUdUVBsb6$JqZ$44A@W9G<pTA|*
z>g?*z)t+&}!k5OM`rkh<eQ;IR_~r+CmIfO3uaDn;*KtGY(qnFWUE`tZ$J6r<Zs|JM
z-1FD)rmBW$^@`vA(@hUP{*NE{`RcJn7oWNOp3H$O&R+fV?I#{sm<rvs@M?3kTD2Zu
ze*VIS%P;%blM9z!bN#U+A6c>T;P0ObK5^5j)#IleIPcjr*DltNKcjl$*zOwZ!l9eK
z`RGk2o%`GQO;^mnzJFz6<wMuL_zz$D#QUocef%}=T=@DMzO-rHt=%g>^UN={DgXYJ
zeRsa+qd)#u)#-0K=bY%);F8|&FMm9+dC~g=cP&48lXAh-1t0zVc@OXY`OWWJbmu+G
z);)VquzLH@=I<VS;=dcuyZ@^<KGweAil-jl`iHLhj~(3htAkbPUnH-1ZR(}xF8R*o
zcm4db{hwWa;B6-#I^)Mnf2!Q~(}nl0+HmN+zyI-tJJg!0*X+OYspC%Eb@|D^uhLij
z+jX_!g%^JIy|2Br`^>Yh?S22|w*9s9m)x}E-N)XU_`j=ax4d)pw=R9(pYA;Mo>TNY
zKKqtmzYyAd$<pxYpZfChd#>Bn_r`zx*%^Ng?LY2+=iTy~cXqz^KQH>|#QgK#m05QF
zw%$!UhwJoDJ^SbIBWEnT{>(sDx#6~s9{tM4SA@@4R<o&T>*)vPJ@<pZ+<9KK^Nr6}
z&HL};PWk#*tM^xbd;g9D|8rpJKm4xu?zXW5Z)oY7_g#Ja^RFFPy6fM+aQVFdxn|Rf
zj(Nv@Z|LiF7vHvMWYfZ?t2&O^5be0`9bfudxGvFqf_m*s?_3u6!J-QrHV?dO;d{rv
zbLqw}zOJR_+Mm2I^6dH7E$v%5__VtD-|qX_-@B&1z4LRw``x=%|9J75=;aGuTXpK0
zD;CwB*}NjL>@#Pd(D>`l`pn}$`u*U?zH!PO$G>@U<=?*e=lB2iNA+i}`q8(wpVsc^
z+x_`%?ayDi{Dt}E8=K#9&&MY}U-h{+eB#&t``Eebp8DqY&1%hCKK13L-)dfYZKiSf
zz=q%c?conRRdZd{qTtid#=0*1@y#24TeUHBZNs>FOwT<BzI)2CcT}xEZRMNJKYi=L
z71wXSe&VT*^!}{tUzLyS`0SV3_ulu~<Noc%)8_rt)3^QKk9~dVQ~&xeTfVcW`t<KV
z`ukt~@cG^Kr(V^(V*8noJh|k+PY&IB@>k|>dFjIFFO<axugacr%(kChHXOX@s_(sS
zvi70hKk(0=-q%>Q=HRk39*Zt~L)C#}9$R(kJ8!A4x~$>ZrPpdpS4KX#>_30|`1e2j
z%{^<z&iK=tcYorSH~-JxFMMb9ubX}`Rdvz9{$ro|Yul&m&#2j)z2USK%9Gobk>`&4
z{qaxU`1=QLGyZq``9J)>#+k~=udjOg@dd$6uYJp9|Ml}tPru{Td7ZmYzO&`RUH|+2
zw|(SG-yHkdhZl@}xMM8W88|-n$?Ic>{&4GO>VAIK{J<9j*F8J$b8DadUGIN?`SZd5
zdNO|KbG7&F{Q1I7ckcYesarSPS@p!-lfV4YhyV7CKP|fA-lnR*{Nmy}Ci-tU_lwuH
zB$t2t=bwDt*A_o<!n+^ndt`F^+h01n?mNGG{nq!z>Z>n3bZz64^BVg1eC1O^A6(Ws
zb=SB0{_yN~R=x3KKX~iaRgdoax2p4&UBBV!&%JlcvMX-=x2n<WmvukZczTEWpS4&0
zc<jv&{pGat-@4%At*iH~U3TM5OLiUrRzRu0Tyo2c`%jOL9CPl%+wWf9|Iors&t~u4
zcGdCc_r7n*1z%O?b-aJ6_WXjTP4gEnstP@I`5#U^|Js99KlsG*shci&aqXKwRln?v
zQ<4iFt2)V?`qVGeH$Q#ih045TuQ_|crrf+o4}5jcl4BlUy!Ek(r5%fwzkk_xTGt$V
zPweqK&luWu-L^aDU2<n`+ihKHRn^a)X+Al3?eQZ!j(uq9hNqS#_qV?PbG<q3nse*l
zdQI?#*sklYU%TL?6YtE;k6v-}rtD8|iOt{tmM{J=9ay*T_ydjI*Dt$%)0M{BWdBpq
zgZK2s>K8xxz+lV#liv1RZ2tZIH~+`@yvGLn&s}tPFmZyiG;s667v8t*@Bi^8^O1Q!
z`dsSJDepM3YTnr&yYQX&&3m}Ds%qJ$dmas}*x!3`Rn<ae-Mpvgb-Z}aDPM1S?9Uek
z9$LKghGkdY)c4z8UfzH6(qHX;*K_0VdiSO!zi(aH`_PhAmz{OevWa)y)OAID)!3$$
zXFuI=>@D*;HeJx)@wSsb{`%3elgvYJIr;H-eExH%%~!N1?%uhgKX%F2mgxOUGKoc<
z%Cc~<>J3Xzdh4bom*2D`Gqfala<$RF==dj<d6z9XcKMQ}RYPxl{G}zmb(8a|7Js>J
zS?}a|&n1>U9?YKeXl%_*TSlT)p-s!KUY0)Qv8u1!vg}QVh6D3X>ZscK#)I>N2j`zR
z_1^PueD5DmS@qiei{7lf;ik)$jvt(V>=X0O>)x?`Rn;3d#eVV3(rc8(b%&x0HZ9ED
zwK)2ks(E)UyZr0csy**mRo8ODYi_$HblYc7dgCci&wG8<ykoY6j(KAIeUDe2`ux1p
z4>nJ|(6ZwBd8a=1wg+B#^U`^XzNRg|_OVlrJ+N=jl9qQ(+<whdmo+?jTh_e&o#$mf
z^{wRoFK(K5=<1pSC%*3SraS*>*_ZD*f3j=$XaBk`d*<ew|Fo;&p_Ng6*}LvL>jhK&
z?sduIbIFOj&rt5$6}<Tk$33*<gqJQ;t;M?!o;SArh0{*BZ{7QDSf07bT6ALdhra*e
zAFtW^$#r$}```2Ve-Ex!2bNrSvGtb^Z=Trj<@YVz{qYt3>Y^9*p+win>t3_+J16y@
zd*?{isnwtT!cAAc@1yg7^|sf&uK(KT>jQTz-M#;&-=28(Prm=*#TRDI&)kxIY~j-C
z+m~$m=*3$WFWle0{KB1|`Q_{9Z>k!}+){tXj_Y&!-h=bzKXqx>NxPR{Gfx}%$f|jZ
zst+Cf#4StXk9_#|Q}OTKcv@qorL%3tyPsdU_m9gydCNQA@s|%Ro4;e(!QCf3w6r&K
z_qor6uU8hl{jY(a|5g81T~$mOKH>g_H8*`oyZk+SzS#22uRiwd!)?d3%pY2^{NV$4
z)&H^ar4@S?PyWN$UtaT}TL;&CVP#eO+T{!0^VT2!^_>e>EweT)SoVDDo~0kUFWd3i
zEepP|ZuxbaJ|3R8wEF2=R~%Rx{Mc=`|Mv9{KGb&KsV%!!RW0jpxnb8QPKYhtx_@DP
z+xqzjmTFZC>o)a&`!CVG-;ADk+5AoYi`(@ZzjFJE>y|D0-f!<+@c7az`xjsE{DL!=
zEoi)N{_5xFuX}#Mt~1{AWX<ve{R^+U@!k{9{m4Cm<>~!ZJDwkFyFc-#zq}?pZ~N>1
zxN!0FJAQl4o3{VpGxIwZec+x?zvHHry_-H!_4a$$tsGx-|KhuDzwg>RUX$)$Sbfu{
zmwj+qR{6{s9ZR=GPdxR?`+Lq^SfecZx4ISY*tDqjn9nYLXzA|g*r|W{^YV8bTD;)i
z&#qX$<OBCCec~UMh3_Q@t9o$T1E>7)<Q>X=D`J}##FlnFy)bjr1DmcKNj|->{hCt-
z?pvICY;oe-i_f`fVc>7~?Ko}4#=w$on}XE`@7(>^!okNDFZuU>zWmFdOaAzC>A!vM
z|DC$5s{M$bab2Ih`airwi;P>T<YD(wSpU}?YiaT1|6H?XF8}weeAch*?AtPQL4TJ5
zQ?2yx+}zW>MF})EHSKEI($v&B)Tx}meP~CI5{pEYK`X1rt)`}~UcB}Wj9XTwt*L2p
zaxya65;3x4O+y1sd!eBi)MQ^9O{^A4Sc$;Kn)UDu{?XLLM!d3JZ|PQ2+qh+0cTY}j
zQ^vHcS{ILN2|d|fr&@Y4p|u-ILbDT*X4I^zsLC#FM9G=p?g^=i);G~sXp2cby<5p@
z$qfP1no4TsxTaYFWjw2mZV-W{#GlC;mumz*fS(Y5ByO4kjFz$?U}<};Civa7v8H-G
zTsJFFy%B7sCN>1N7->sOTa81cZ~*O($S+n4hS{!w*MX^78+HzDZ9EfNS>HqlzJA0=
zOl_>GS)b4+6g{y4+&L^&Pit9%qiW|d0WOh?Tkz2RY&dC*8G()K)e;6qis`8_MNJa$
zdPp@(&lq3<MUfs*%xs*1;HdlwsOy_l@*nBbuWR&V*|>g0A0vO*)U9tCAr<gZzG?}L
zP9nIgY}_`(iN?0+Kg#-*jg1nXl*UF8t0{s~8KG%)LLZ|pT|k8~8+h`SK%67ASzS#C
zXybZ9wnlnvV|ThvSK~QLYme*3`X=_26yk+haXt+W<6H$67!$fS8Q6H9ZaPB*3Qtn>
zl8Oae08f^j8Q3_8|CUw<oUOplEU>YYeJiaV;c%9boeFH+PQKI`bj)Ps8l_d&(`a5|
z=_7hlw@5SH;)8@r=DxIs;#oox78&%GY@J4-Ais@LYr{H%1+!I6YOp2^(=~$iO>C0c
z1F5Byn$D?7Y$~vE2mXM{`KMc`Ku|!40|ssZHF{{fzyRb{$gC%mj7Gchmv^C**cd^;
zs7{vu7W_Bov*Jo@h%L&%MzUCxLHeV_s*vc53`b*?`_-|6q##xW7C_jpmL+xj)oh&_
z*R%0<@+9k`hk}zz{%Bb(9oN{r4#4j^4ckh`b+zye%e7Yl|3-MWs3RK3Cfdao7?Z0F
zwpEw~m>?FZ%Q5;dG)u0wGg&QD8lqhlC)BJC##98V^T^jamG(WM>87()l-?ZL#0`%V
zzMX`yvKxo8szv59ZQ=0X?KEH;(Z&hiHnKp-DKJLmElnS;Ts9du5*oCW&`0&SKl*nL
z^pxJDn%hfQoJyeEnoHZw8MHagRQUVp%m%Wwz{a|6It%H99@ohJJ*tjyrf9iYbHO!0
z^R(-l$=1MTeI%(HmKImd!sIVkB&2KX)`3R0&@Tl><f>_Eguasc6$JHz{OfdTn<g^E
zLHecik(+8pXM-N>=<gOQx;l(&X_NDa9{6Q1Z*iEkGq(UD$Q3Rbge`U=ZjguL&Cnr;
zPa6V`cmS>Yi3p^0&HBv7K1SpUpL!*iQWZijSzHFHvL~l087-TF@R)=(lLJkLFJG_-
zHBp92=xNSB3Duj5rVvi6XL3nWT!nCvgeUqf1+sM;CfMyODNV;G;0KgT@*c9ffgMB?
z8%_?3sR0AeDhBuuI&0QsZE6r6l}j391SnX~8Au6gn%Gg^vw%E2h>jBnsRM;XC}3*o
z2_re7+x$k&km)5YOi)-AEd|14q^4#k!DND9V?rf}9MjSQuXE6Ck{@w3LplLD2HP8f
z$N)MF4crX$1VIl9ssu>=3NpHga-I=qdkjGy)?!d;Su%eDL;ws&9EiN+rPL<jmU}e<
z2p@A}607VXyCj+TESMB$U0_hjiwmw38YI``okW!NO&K6if5K8sW7L|2B#udag8T*A
zBH}lhs+49DWaU{eNol<RK@+qBj+Hf$XoU4BQa=}Mp(qz`|37=z0v}az?l&Qj5Kxl{
zf{1z&UK?FP!b2z^W=WPL3Q0%;_=c0+lVo9c&$4GX1Vkl*2-XMq*7^u2Rf|>BR%^Yr
zP_3fgTBt9s){08iYHjgxwchsHJKr}m=gc{K&SnE@A9vIKFxj0mXXcx4zWL^R{6EI;
zUWw31*bU@MIb@8{u}eeqg-#9a7rLd><t>Co#<d~DBm0SHnLt=SXURaYT_wy;wl8@B
zGJ%Qjq=;%zgWbMD37PDUcBL$$#3!%|n8r;j5VTE|pgGV62Fa#jo`<f9LyKf>oK7bY
zVwc@OT)(R<G?9%^Nx!d1=S-Xge7iJ3G!^(|VtM(L^N0|O^IrIEJi+>97iqE>0YJeB
zwkCo$ThSn+tRa(-Yd|PL_Jtf(K=7zg4-{_8<QL?<1`YZHJ}10N&PGBlIV^=$;9Yj*
zOQx#*Wu1O9p=8z>_zNQ^$Y}HUTlJ$Z&5k?CKAj+{q59d3H!-3kA%DY^)dZO{a1SRE
z-*W*Ow_G1yNYpN0q|;#*Rcb7z*os23V@X$JOd!Yr>yYxd!s$-9)IxHyVnn8#DTByU
zY~D2!^rKmnXUjs-GF;Mt;x3&z0l(4LTK1DIBU5P>ZiUP&1t+bdY+_Oi){_qfbW<wc
zK|&gDrbjCMO=rYZd@Z$tEoNd8dk2(NO1L$~Iec<29G;r8B3YgHz;wuUCG8+RN>a%0
zorEw6fW=Y{cY?z7DyAI5^ymcZ)lMr1)PW*Ic!20(ogpP|!vpl87+JuW22U%d6P)Sq
z4$tw&1m%HD4^e0UKiW;VP^rz+3p5ld>1`T%#*u9khN8`M#bm!4r<*gNu*0XqP9~7q
z!(P!6f)XS3MfD`Q6S)>?L2|QI?C4<TD&r~ugH*_o3Y(JimzIi8QgaDh2&72@pG>1d
zKGKoQBfuf)_bP6!3aatMf}s?hl7B<i13Aei1f)x{3!%)w6JNM8K@H;|GOKaMxF?gr
zDbl2}u2Oyq>f|C6)U_Fy1E?(aoCH!0O`@!+MdH#kgRrO)BIgAcg`(&~nNL+*a?o|k
zAwEpBs?sORq$)K6K=_K(t6`%_@hh!{sv5PibFhQ4HIBL?kuzPWJ=%$_xE$(`1G05S
z8W~tS-N@V=!_Hor43Y>2S?g`gPIjEb9$W)iEo$`Wki#$%M)!6?AUF{@>GijCTI~~X
zqy>~ts>o>xqMQfg#!;-|?ZxQa;mS?(g}E7|#C#5#zhq+)ScmRhGyCh7OlX&6&2(1d
z3^vwxp;^$IIK52`(vksTJb+^gVZT-tL_JQsNo`ePgtO|D7}*n{U|92atn^6UNI)Nu
zR3#H>)ec9t)S`wtWi_cL5!7T&4apwZqbfrADQQdSl39)L2YI)kph;c{g(hBHlUYO`
zlKl-vzfnjE&fCvyH~|^wnqu%0-tmYYNIs*f;-=HwB%!@Tx1Y;xZ~h=E0Q1yDjPx{z
z_uonmjCr!=Cl{qi2i~Tu$!(e(LoEq1Rk#Z$-9lCCs*wp2ZHU|?V5v~t*pRgi1TUFk
zu$|~yp)xX+vR1G(=>vgprE2;$kl2%=uV6%pmbI&$qziIz&Z(>SHR2A2Qz>M>to}%J
zIc;85-?*G{JXbcHSa-4`>pId_B8wP}6WOYhX;Rrly6IVu9>Uu??|={vwI|4Z9gs^p
zR20DGn;SW^$PU!}rq<+M5+gS~zVIqlX*4L#OcoLJTJzmAV*CnAW~1h-gaLzW_oYD^
za(eZ)tF=U|J(!?dj)+sjL&?qrruw5=MPx3`{S~ztgZ;Q5AQv*ihI5GOrUVI9XTu#7
z7}qQcLVRkGplWx+1)d;xsrH!MRu)b8$CGy<L$)YYHRLn8$?FZ1LR2N}>4x)6mMXsU
zohhXvNvXaZM(tFM7`vT_bi=%*F#`!1YCJ(ELryDpS%-biy@ha#?@&Ua;+d^6X~Hb2
zQPn3E2GCr{PWA_*02Z9I`wdHj!F+VNxn%K12;bI{;VLl?nnXw^M79vxCW!D2z->sd
z$BD+C1fGd0?$FQ^Q;u~(WmbkJl~thHGf{E_L$b{iR$`PV2^%OHIm>mPrn^Q{+TkKj
zc82K@q?DP*siCH{O!6i3KfFMObDy3r+`c8ln!v=`0dZNu6ItQLF~*cynMpIWoQ>R1
z2MlBO)iEnjqjBD&vK@>d{!p^W_DE!CF$G2>=q<reT%8WjjIVDP-`wb(H@>CTTYpA#
zrOi2ogNdt@cbk<2oDeWylZjIxN|5>>;5t*x4LBBiFt_?LW3c60^h;ap#N^OUP)C0>
z$*GU1>12d49%zBJ{Z327f~Qg?CdNGc=*Ulw%cuh;qrHr$Q5oeWG#bE&?&##R1+FeG
zkvf!Mdk1MTsiH($5e&pTPA!=>twiFH0Z}$mEi8vZvqskirb~t!*3(J4oP<WE2^AF+
z$|p$`)22_JHhs!e$<K8SUsqHbO++C+kNsJxL@8oVK_gy*e@`PSW@6;UEGd)kpVp6K
z{FnI-d|2=3CH|{?%H%1Q_^+vxCr-}9e|;N2nfR|v{MTW|f0@)<LACw&i3CdyGb*u$
zg{AVKXClHf5n-8#uuMc)CL$~o5%y0I5ylQ^Qvg`6QO%hsu&*x)4D29I(O#yg92!dj
z_8s!{(gfQmMmU2e5ls^+O=zYFFxBF#WsBuu&RD(zECdTkYH((mgk~3_WyR1Ms)?`j
zNUbtCd+4_qG8T{7SSG38gaOK$yf<Jm^9O}MCenYz2oGQm7d)82O~;?r_q1KmkIstd
zWZ~?{ohy=`yh9WAQi<Sh;a#*V%nrr(hRO58UI6gc5=F<<y+8J5+}5~mcqD6q{y{WO
zV?QiFg1!NI<CAPtV-a!yL0km6e$SGc6ry`YWHho-*h==Or9)ejvmRuX*32|MGlsBu
zjz^*;O|<iRnQOHIE(Lv1w0G=7SUX|jgq4$L9>8$924ICS8l-iXDtSmI!d-*#E0af-
z4UhLA?4^W;d=36}87;1H<{F^Hl6=6xZGuo1WIXd9GDji$pz&EH(ix<2i+<|~FV(iR
zG=isrww0Z)uX?y1Es!qj3tewCi?KD2P#<Z^b)^C-owdcA{Xcwtoe2*lLnAix>_}*E
zp#6*u#X-4~$F|33u>L%Nz#I&FBw&Z6MGGiVHK?)hoj_t$5N-2ux!u|;Xl+8T;u=D0
zqu~T=OFzVRfWIO@T|S4riUBg?xRS;q(uQ;m(_cJamvMabzCw~aU|wu=Khd^bU0tkc
zX&G~`q@J%H3_?g_jr%kd01W*!lz_BkwjG)DE+vi@t0v+AI!kC3#8o1{5G}YZ*mYiS
zMC0S3f|tG~F1Y-;0fNaP`W}Nb&|_!I<sg_?fG;pSL=NkcU<T`s4%XD0ApX^;pDeo^
zV&_0q4#Z3nCK#~wsq@Y$0n+Up8>i}4a-*nawwYL1UZq6Xto#Z17s3h9F9QyD9(zGU
z!-Ac%R?0R`Lo0?>pa#>yH3Rh4hOs@2FIj`04t^~o^hU$j8%>(2glBQI;h7W2A7op@
zX9@BSs7FUX6C98b{TrrHBZ68q1IA1b9F2SX;_P}zc2f{gtjYJ`R^y=WrB85%r6DI$
z?i;51(p|&U-#+O%w6dDBxM8m-!*-Ipmz^?4A*+hfubO6dOPj*#%A{sF)G33PRK<8;
z7W*HTY~M{+iSj5>4Y_|C<5?+>(K7<vj~ZdZ2>1l4^W7s^+S9n>(moyf?EHX5SDF1$
zii2Ve%*`UjSzs%iYN#!@lYb%*3kFXGA$LKAGeY(t3^y5DKpw9tTy1u|GX?@kc)g(8
zEbAv2sv+ph)F|L!#W|dFiL5~yY$7a`1B<j!oz2)mx?0THKvP>mLiEZ+hjonV17^o)
zFp%!aX&D%V^~f<InUDpU%nopN)nh1BDl=(h66osIZVr8EjP!<-GsPJ2-sj2UzSvq|
zM9DWgWARSI^m#mPI5$`yBj-5RR)Qg2*@w7>fXatUMyAQ_L>w?1QcChgc(zqa>XBBx
zO1~;1*+H3#K)|zQ@=D6dtLZ(HVir)2A&qH3vtH-nO>h56IA1v_F4jRF^hx9f!=wc>
zSO{7;N?F^K6DpQz$d(-CjtNcDlgETiv*a6FK(|BK2+glqpu-ZF<hl64w<XRsxicN<
z2+crdc(8JBZ)!50>9im5$YxPNW_B{&J9O!h-c7>s{>z3P2*%Qxo7i4*N9A}&x;J0)
zfFd}*RE(ciW2R8MG=wI+GD&PE*>+GeSl`$u%`p>(B$;i-nNXxuKPlpW3_JK?zM~iX
z_sQkuR{W=_<gZNp&$scDiT}yO|77r=GEqO7sGm&KPbTUo6ZMmc`uR7F`pMux^%eod
z%m7ItKe~C~>xlcAYk|p0iurLy;+YN(as#f0df&io&=!QeM!y{39xB2R5Jmx(su&S#
z08{|5Hsq?KQpZ}EXiPAiZZUNw(GUr#!S3qhdD9c!$1YE(@fm(KN;K@YIQ<JuAvN_2
z1SlvYp%)xf%-+epkH!q`v{<l}X=)-ywgS`5wF&5>4r1kJx|9uI<ZQ-PXisySb3kQG
zel9JOniH}nnL&z7DP7il<Dlk<-_jmQ;DFc_S)0%v<(fiG<6N3Vrq5sS3+kkREIBnS
z=2=F$geRNP51FfJr&!a}YN?Ta#-J%ot`@TR3A8Ce#-yAex*a)H5r+rU@yUvYly+be
zvf##GLqz#Qo4njA2fNfV9W%;H*qZka>ASLpsv=HPfVy=%4J53#AbdcPrJ{PInVxkC
zBsXxaT9+z_j|JQdYGo`2&Ns01Yf(j$Y4lnc+;c4c4UBs@!{90#agOf;Yc64b6*3(;
z(Ib#St#k$31zo_H2I<-(5%H*s^8oiY%ZStzef*e-sK3yIP-K{Y>o=*eWYkNk(?x()
zW8r?9$<j^43PVO9+bjl#Fi9rMA0=WlfId)ITfF<k(OD7!2sMAgA-UcfxMD1+0Fh**
zsbd1Hkwpw?tw!oT%ZvS5&;@z}1&D}8axB=1jKxI<+tq%ch^7Y!QvZ3BoKBo>V}XP-
zzz#TRJQxF|mJUTS?;e99jRxAC299MS#mS%)F#2PZrD)x5Ckjm>7>BE>&bm=Ru%nJo
z$Y70hP@k7Bo1&QbuEmXMK+doTmK8|3l7K=2GnOGEn2O$J))D=ylyZAKMz(LLLyj@~
zGH-<Y#!13^Sl}tSaeJ^KSynq|i3c5bRIpI*A=%47D>6Is-!Rjw;8$|*55X_d1PD0z
zO;3m>ziap@t|8gq69^x7DuhR4CVJt)!^iKz6l(*7MP?M&a1j*CRF}#|bR|XxK>V20
zCa+?<d3*>anpmn(1VLEku`*fKPT*2>H=<9<58eZtP!s`9&u+i^gMf*GsqV?l1I{oS
zD}ppPAWJYp0y4`rjGr+Pf)I#&iC`RnLDU{WI>#ZZMkG?1FtFx^IW3F4O+IO?kL}7i
z4NdjFs=De1#y|B9lCQbNOaAuFljbk*!C!R?eNFURkJL;)uJJZ`>s#u)%~G|GwDHa*
z?V6;Py2b{N<U6x*F4t14>RL#fh6PgHJj;h3sjj|i?t;4d>IT~7+`4(>^RZQos$NPM
z@+IlO^t!5sdA_EqI`7=Nvu&GK`^bQjz95oi!94PKi?3;3T|LaMVfN`hGBGkuq6F#9
z>gwk-B|lvTw5Y0Us#;Lr+%ndS%u-LrAbIE3ESTq&8k!~Vf|iCRA5ONR8DCUSKOnEF
zYG^#GsjjBBh0L_ccvn?JeREy4uZfJNSt3mv$=_qWlt>GGb<I*^LlaQ9t{KVO<f~gq
z=v7x`jIV)q<s;;*_SQGhw=ZaE^6LG0XV=ZGt0qJtO`yAZzPbiV#d^}LrNQzb4rH#k
zs;;3PM@2sN0oke=nwrM?jCqquEog3l|L6>5yxL}b65*<OzUFxioEJ0hDM|FKWSmo(
zpMU6&qyJB^z8&s6Qv3fVPntNf!dm}j>couy?_2rF`2RBgzfAsr#uJ$F1UjV2a^GLC
z8L}A%V8#KMaR6o<fEfqizp4Z9TZRCbX`p1|X#qVupBPDwLIAk7)BQwvYjg*(q(s<!
z37#mSgJueKLr}>|w|b1=;ZlKJ2~TPX*pG@B5TDMuAw?50Rtu(2hlb=X3q?!Iqy<>X
zh4rX=Z4jz}43s5?(IN@$<P4En=@*)m1W65$m?o)KIm^>a%oRUqITj-To7JoEhp_ko
z42GiB!YECyTp`9Et_Rd{8<t~!8$3(N4L2^2bSAlWDRF;UDNREF2N<ESY(cqYyZ}lu
zPntxeZ}5?!^OwSUvQGu2Q?JAzYZU#LttYI6dDbjX6}(;goEQZHNi;Bw&YG|=xWJlD
z8#9_F;Y;RBYvb?rD?#0*fFn|)HV!=%YfnI07c`E7(*P2EgJC$q*wVxF{A7rJqC9Yw
zU5jG{q=5583DF|U6EYkvPQyk}Qo=QzN+d`t8!*^aTJy+S+6dSN0Zil6aU#;j+AC2k
z$jkMDD7Kq2fG&ktA`aNeVl@Jq7XvH<5F7yYOLH=CIuvl<<TId@Cq2+KBy$Q4cs^ng
z(fzB6UKhf}tz<NIC#R-itN<BTSU;#B1=M4Bdjm$gFFKGoWNv_?KUk|aVZIj*v@N7`
z83hDjYOsmf3lVxmL$8#{r%f~>tjobsP7KI;dL2!HSdXI#x6%w&^Mp`IBP*2h2CH!V
zX{8I~8CHMbvxoCrLm#6BeBW7SijABEr0Cy8@e@~&S8VEAkrOHy2vShrKms>Rm{tU6
zkRl=mdoa?5Wf?>{z^JN&m}7Ab;aqX2I)F=YUr?qG!Ojr7ASB{$FG#cD<*TrGi4bLg
zJlZCcBZ%gkTWVo}^k5xwFFhHuKS*UJ1M*d=4^DJ%L&%JbsXeC7OpDJ-!;oDH-uNgO
z>;r09a(%6&F<8)q`CAEJP+1N>NLE5gmRPkG;SmAvKOU1K8qC6^r&CIpioPfk1^>ax
zD4K1ZFgPu$5e1zb!5}(3hEH2KWz~dn%9#R^Xi$Lui1B_q<R0_=ma0EacibfP2i&r0
zhsikCilN)dC>A48XTPQ_ADc*oLo<NH>>y!GgL9=$Q91!KJ^H6mKLc9X03-EftjU*m
zvUw?~obT|+VEFuaG8w8~8IsNsL7Syvqo&9v6{FE2JS&szQC;guggA>QL3*Q!fdVl(
zn;DYU66zsvEs~t)LRe0k$&ntGOX>(A1@QtF7_Bzj8ydAVVnq~szBy9b0>5F1C!%c`
z#kcg`;a5Ydp9Ssc`y-TSmtzJL!rTSk#f{#US`%g#FKr0J!9sYpu}y+tQJ_o)uYqD;
zv&{);i=3$xh+a55=&_a1D2$TRlZI^K;ShF(P4MckpY9qz&}<Vht>qJCa`6R(k{BjQ
zY82y4@5{IpMa1$X$r-uyrD%;ncd(c(YW-TM@*=tQ<JpY+;b^Ex5OR=nIT*2jSJL<5
z%amTar7Bvgj!iAZt_5*G&KCPkz^_JOk;qKDEG<h>#;k>G!bk^IiD*WDV?%R`Q|3AB
zGCY(pzKE`4oc16T356bdTUSkqhvlwdBnqJcmIPq^oAd}wAHYhD6r(7)H~ytq1Skbj
zybvJ=iWiYN0GXnjzHEu#=iQ(s9M@4+DOL?ud;s;1OV&74@>0{^H0CsR>z*;^w5LPl
zWT+EspBCH`gV5|UYd>K@L*f`Mq^%vkfT9D1r3EygXkk^qWw1b0KrD;Juttg%c7Q!-
z1@#fmN~=*6=4NXc<%eahepiZfi?tIKc;uh8GZ-oJvI<uNTa1Pjy8}mVFM2HBioBp>
zivb!FmnwW@h|1)lMUCx7!+|33ZU7t$o=-FKgLzHh-eP?T<n2SnN<eeq(S1@hNN#u7
z!k!0oFbaHu7#@suXkw}WM#ofP3hrfxOro1<Qq(d*n*<E13@2(nYoe;AF<2T~Ix&4=
z6{vb-n$tNxgVLI4FC+BuE3LABnGU~jm^`2+;<oZu_|k?09EJ`@P5=Tl6^Z}RDVF7>
z#lMoUUL>EG5&<}kIwYBHk@7%<ZYNW{%%(WPM;J^gJ_jrW!Kb?ZPB#z~lmR6Gh9NIa
zV0f-w^<Pc(FH_>68X0wf@nYVLUmz*SE7PuWNjf5<Y$rm3b~Bg$0sVOJvc(JvrH8zp
zxL)KPmX+imi)*M~x_LM)2ebnM$0%?G6SHPq6CkuMhD754z-QW4hvt?Kc(2L&q2C@H
zO=w08H8-{<L%1cGP)%`tOo>;B3LRo-IHcQv8mD30xObVY3~kB|TM=&9XxgCn!x%q)
z(fr8cY9lmk++?B_tSb<%uNhbS5EX(BK{BcAnHG8(w2%=+IHEaSZ75d=%DxaLZ=e~1
z9hSwbt2lAPi0zRU!9P{a&CHx_qBYn91=9lVd$m;|!T?lMq_-LaKs_*M$JjBTQruOf
zGQ;_V#+q!@Wut~*B^aalt=vG^t2Z|ZFo-!(;4%ybMGw;)JVLjQy&C>q8#gY+NCYDi
zC!CGt2v03$*LT*|`6V&TK%2>RQE3CfW<f%Doaavdq4T%M0OO0KD}+vUH3?#gm8LV;
z0RzaKwZY_5#By}t3z6C}J4cN`K*>#HE2~ne&>F)+Mu$#_<k0~U!J>?X++s3h0O0;?
z2<duPI6>CBnB}?YXAW>b%frKb4uh3-B?~Mo6rEA&f>LUL&6q@BcWJ&cdG|Tz<ReBc
z`5KUC^F_c~awmX4G2RXSwhj?7YxQsQO%S&D7lfV(9nt%ST~EdMtnoeVOMjg9%!YX0
zd8I_rC39u`E1-I+obW6cg5mvIg%zc2Td<3X#_8nHg*v8)^NUFw?R5W>qa~~|)z(RS
z_ar&7gd`#}7NN5)M#o_-Hp`8Db)ZS=o)k7ydQ&i%3-|<_i~_5OrzAthVs~r(#H1TW
zi;ErtNLmB4E*Ps*Igps&k6DNH8=r!pmP}k3<4czmFgt;QupDSk>p(4lI%~jGYJ%>A
zhr)>f)z@SqLfJ;4el1fB53MN=8C+65xQ;O4&SM;eMB6}wEdzAR(6jB>$n36WOJ+#d
zL_B72rQviWDxSWv!zy8X8P2BwrtWkqt2|tT$12CV^Nj`R#MBUOe@}9GV&DuFPcM2O
zfpjvN91O{4c%Owvey~j<pO=MX>fV=5JyjZ~MA}0^tz(=N?@%ISo43alB@QTK<hxoW
zMCQDR=yrkParsI}Q|x*GheDz~p=gS2CxWDyhmwN!WNCFyBC;%^u82sy>+?vnNFZO7
zbmK%hH?CBYlD}lKYn(|!j<ZO?ab;!v)n#Sl%remOq)8&$e8&Zx?F$WQX!AzlOPg0Z
z^lK8M<4jVt-Xc0dS7N2I>3IpaX>slFCe3ZKL5LNif(hE0+OYb=nkL+r1TBo`XZIS5
zXW7T*I4lp8r3Ln28Ucd&qveZ8nM6q3%_#BQ<b+3iUnyRZWC*?zakIe_Y}AfWY5N*q
zOQ{fzLi9!!&V`x4VL8sDKqTstwvjwB*_x&t#r)ueCcI5EtOlJBQHqyBON4{&f3>^P
z2!2|AsbRiaex*q#dW1Q!+`P9^l&HovhlnnHYw8gmswu#O88u9fQd-7<s8}L>t<f!Z
zN$va{P;~?b!7L%<Q>^LCG*_oc7d=RYg}9LMVDe`2{mi&ef`?MaXr}6}Q}+(hE(%LX
z4VcT1;B}Ew6%SY)p51)DQe%PU82928<3;*@&59Zjsv$E(0gZk@x2!4Pg9jkkordOf
z5UvAAHL$o7t|Wt^2Wya*?&VsxQ>hCwsxS>#_t;0pSfW(uC6GJWh1d^#QPLK*xlBM0
z263xEFr^O@FYy>2mAkMMhl!D)5tRcW@R`5YypzE9tI}|!gel^T@GDUbc(@p+iHRMY
z*puAn0<>auP_uTBrbo>vQ*jzOP*BeMJIJw1h5Ttk*$M~8LL=Y5d{bCBKc#)#@;X$0
zA}Y0K$d+jf3aYNxO5hV^^`s-JzWV?VfZABl6C1%WC7~k680(A2h~+t~Hd8S?Ays{L
zGbvBScPL#D-J<E$1P+Oy<bRM;Y9AnkRVHlSM9&t(JoHVH(|)dfB`SAwm@j{h;|6KV
zdjxoW)mlOUGv+~Ej-X;eH3(R9+{C5>LZwC4*$j+skb>NKgB`*(l2@gO(g3HZo>Vg4
zI51;8CWHz&7K+m*ud?y18ymVkq_)Cd7KrcRXCb{ez^P%u;lNYf>3l?4OD}E7XQHJa
z!L`dTqWVT=*Hck$!J#LI^s`H1b|(m|ffsVcGhiRf0!jo%f*IC#u-V2{@s6YmGt?(x
zJyYIql1v`35&so0IH&b$v|;;B?`#bJurHPy_?2Bb9J@=;dLv#syew3hS?ze_u&^J5
z3MYu<L(gsu!y^ZIYmkNxHmdr@3VSFAP&XaOHkI7K5s-<}EuxvVF9@~>k_#?{Stp#-
zs><ewNs|(a$Fe!x7IloSXvoOYi(^Qiu7!hClv~wU03Av?u6sa);6i+Ny7l!6Hjbe~
zG~yPcqM4x5Z1Q)|oS-ou0uk?M?9dI9D8CZ0qcH-I3Q&7*4$9?rC0@hUT$j{{HltCf
z69CJip^Pe;JV?*fnWm=NhurTj3EjI(3De>EqH`JfAf3ILYIjOfANFUjJCyd8)Y5L3
zO5o%p|HdFDHeyT(J{9(YZ031x$s?^%*vZT`#I*9h3Af%vgGl>BlMlw;@1@Va3JLLA
zD_R5KUfV=26s<u$^1yoCo^De_LRYAgA_I-6K;!C@paxeKla1$fjKvCZBO*HrH9h<q
zOva|TUA*s72t9X=uLU#+G(40^brF_Hz#~6F(KSCzpNj|{X1%ykl63)Z5q#6?C`6jB
z);LnbxIxs5C64qr(Slbt6sCHUplAg_MX(~<sjTn-k%P@f%{QuLS&cevG|wW!rC3;r
zv3tIFN5WKySR4cox*mC4xP4qauX<pQNM=O4F!75~=}MPhu@Stq{we5Pd>Z1ggjzEg
zp4njd1rgNEIFk}lNR8IS+EL<lMlV=nQo7>8t3bchSjoy%mo^9>qviK(ZxAXL!bJEt
zW|_eCG9awbm}A%-9B(v6pqj&bjA%RkRfG<$E8}RvO4+YtpKz7X1AyQjA#|QpI)hfq
z;N}-z7X|>tXlOpwTDdSFOcjO<dVx8N5FiZJO#;xf4a5QgL(fCx0C)*x)A53D_%6y7
z%wu909K!llov|86VgnlkQ@ZKuC2dURF_KXs@MDAozMfqI5pa>#0SejZ+hFDE6ey=x
zzndY^lrQmqW*)t2V{au_K#0!=Ga3<nI4fR$Q)5_hbTYh%s!i2MH&{tYKg`v{mMejd
zP;%pC;Wo+dMsEm^A8)t7FAxm9lF0;Q8X|{VxS-=z{!Ee-O@%=QlO}9&%$Ah{^y19o
z2Ex=uuEvajR^33G!K0D{(|!hy>i^r1BmR>)M&q#F(F^|5)bhzm^<O5JPtD*zeH%X+
z{HF~5QwIMjga4Glf67#X`F{We#e`Eb?o+SuUK#MG4EWPOKloDy{pnu;{mE=V*F_2D
z%_oZ!ZWQ-AB>>pOw3xz%7{rg5*=}DLS)utRV27gdVAKz%#nFmlSTwnFLub|!!Nw_|
z0l<9qyn+c1C3;QmBsVDDSP=kz>8(sV#t>m(p=J7DRN~q>bVMzYEcTcil=Q0Ss0}Ol
zQt}%sx9jC-FM1_kQ=AjCp7R_#`jVuo=v>dX4sZs0jLp;LNj4a}hYzC^bg!$ymx2Bl
zLYYH}Ltln=vUe0iZA?`a99AqMs32%L<`!Wg22{^BN^{Mjf;{=}T-7hfd1%Wat*|K%
zMqDXwtWO#c57I>%>Od4wu?0CWt!1=XLNQs#aT)bSy%vC{tLK=-V@gSITWLI9(l5Kr
zZhPpw2}*uU0Y%+$TD*zmCg-;Y)=fLq+0k5CHKu<UL;nKy4^e<DeS=;+Ar3i!R%M=d
z&$7vqd~XqpKM#h;c_yZW7?zbDNgPo-v3Eu`!8c{p4|mg^$c$M>r6Twd3{CG2Jyqa-
z>qH=;n6ZO|nFUmoFD%T*oixr;bA56)9W{y%hiIiGmFuPm8%Sg+ZeQ34r&8von@<l&
zHoO=CRsu}ZS0GIHGfc!}%oZRwoMeWMfkh4>6|lNm!PU-~g{gRD!gq)`)t7SWNdPxY
zVTX>=SK8A#!5z(B)^s<AlU>ipqoLr8arN_@=cN-Wqc@x((V1{-!1r|+2Yz^&+^VS|
zGE74G6r0%8PI5=(ct<arxGEN;31h$`>|vSN+jLAC=!fsLfU#xSYB#YZw)7z+$fgoa
z;bml~@Pd@nVr?Why%|gAPziNjI<o@_6%Ix^bax;Q(_H8ein2wP=~?PbgTQz3iJK8U
zk~c59w)Ml#X76L3u>E<MprI8JIyM|nlK3+``;>E$y0%M@Cgo{vs1wb}w}jgG!nDo-
zE|s~bk#ma;ie>sT!XzR>QOE3#RJ-3cl-{zvS)_|@I}sjISg03Gk2PJ5F}}=%PjdJ>
zox1n=RP7ZI)<kmiV29ooh=rqyFtAt>D_{lT2}R4;7ebCO1-(?9PJ7f|Sl){fj$j-4
zdx&b8F;*v%7~@WxD2>Sjgq_b>zz9xr3&A1e*r)F`!c5q?uIL0Z;(`x>@9lT0ro^dr
zH>~zX22)eX-Kwe~MUM1B3ok~k1E*^=fE}`c1MG-2S(P!e6PhHSr){zruM}oc(dk5h
zD|pz*5Du$ne&W`}R0It9p*S+;5OfyIZ)s%;<)%&eW+(6MRAQQFH)4_2ieP{{yme9&
zaR~A3b&*&*!d>LwG}yJ8gZ$7dk%QJo%?ynFgs9(C!T82HVDh*gjLXy<d(<F|Vqsf>
zO@NDhW4pNFuw_TcVNexOIAIp4iK;hC^VnK|iFLga#dI^4?StzO4J;{zfZ`q?RF=-W
zLiz#JVq~GrEZNbBTeLe$bzB(BnQt1EeS%+-LSU<c3+8E{b1D<HaPB50WE<dTEW$KZ
z?mGp?<gsK}deMaUg)#EUcE(Yd1QX*UE}4})3d9r+@*q<(A_j40J)iX`EI8_Im54r`
z;B+dB;e<%RutKZUY}$|%u^14^WuHJswtH)wRphin9xrCfw#{e+J)fZ*r;v4~&U%@q
zsbhy}awQ#3oRAV%`#fbdfSDN~M2M#c_!@U_L`65Q_I>8BkOO<MeG53Fi(8t!_04m=
zExu|a=(u-k27;+fPeQBSsEJ4zhF|%gjB7g6nrG*s%(F8X10>hOo^Pk~ggXyq#_4U8
z&c5svKGj3tG5lii&2ELd`Z*10Z34@ioQY*>D7ndRX{b<+2PTWpPZl1@Q)6&v`r)r%
zd)W~51ak`rK8rw>9nVWUjC$ua054lv6O<s(;udQ3%8<RATUd*9&m|TI{w;7*b5&Da
zW6R=t?>wKGpS~6t&{ReQJIGH%(V<lv5F9$DP;-HUy)lfYZTh^3InP3;LEkYj{}E+2
zp(RW~{fBE{5FiPi)}J@|n(aRhn1zRT-?BiaI!g>wOM2}}@5&`7!JV=sALIICz)Cp!
z;B?(132@Z}eQThsl68j6Nu^b>0q5j!U3w=<YFtA##;!1W8YP&suqTGTX9fmMSb<Hx
zhDFjbO?z7-+OTg+WJ_}=ghx4L`qbCI!on3&G!HSD+e5a88X-HhDu6@Sj*<B1w{Ic>
z>9e>s4kpGBku-!;>jmGxk8;Qcr`m}ztWEpE8jgUz?xe*n<wb^K`VyLxpq#-v4ttX%
z1A(U?hS>63qy@)o{#wXjO9E>FffO__HI>{-SKK3gla#Qr6UAtJ0|UgRaD!mPiGwzP
z<-4q?M67r6vEdW)re6rdRF-ZO(GQRYmOBdn*bY^c4O;}(a_bXF!lErTl|m966L!vs
zUS3CSX~{2(>V!Bnrm-sp;lwpbZTl7x#XO}+DC>Hu4eph9^pqHuQAJRPpr{CS8QU;`
zriOw5uMog=&NSn4L@4PnKge1AF2nyg!_l}K1C$A_e6Shw#7j16J?KldmXzV46}qM&
z8CjdU1}F#UylKo_@>ybI;<OuTN|9<`&LcH*m|FjHu!jIN_ixM$wq|&$LG==zqB{p|
zT$u8#uY-|@UK$Fv_F}Q(Z6r7OCtY7ovXM@aT8*gTUg{uGvxSJL!hMbuv5xDn*3w6b
z-e`->u+U%3NJzH*RJe5LfGEPP;c&b@NyTDPkX~p=?yThBbQgdHn9@{zKB+LjFmwe8
zN4t5}eklzG22F@V2PBrN4B3E!C}TYZ`_;iZJo=>yg#-f#FuyK9EA7E+un-;HTkd4z
zkhw6AT}d8@$4YTu(KzE#Xb&O)I)m*hTv9ZJMTP2KeQOaGA;1@)Jwy~jh{1$g1ArJY
z9mBA@ldEP(>68!K8!l8NO3fD7>TBQ$=8QHijcMg%x=^fsXF%kefAK}IyL##=9zcHk
zlngX?^_KsUR{XtlFUbZt9&})$6c3!z*n5S|N&(_1_zi>n?5jOZ43A7@Qndz567>T9
z(+gYDL!F`S>YAcT$%jGMBDw?zJ!C8l0cv`1G#m;XJdT;aDTCp`4P?QygZXM1?9YUx
zFf^ILdvNp*CttJyQez62Ge^nswe4lcE1F-9rbS+Cn5NybSJE1!G#NFMV(xTjLRynS
zc#U{lPzeRnn32#Lu21a%n?t%uFMGhtBC2&ChdViHzEsdVWtHJbGpG-}3^eL&>|yv_
ze>O!-HUmGR9WFIWY#}-d$9OSA!D0vp*Hg{lBeV#Fey&D{su>g$x9ICD^lFQ!Xm+Zp
zn@`k-im3Gtcqp=;eB|dQc?j?gV!S8CSD_U#<XB8z$ucX9F{AE$7$;p6GTafsB@Iq7
z8cS~cPg+6zUNRM^ysDojej$w9yeaSuA|g1z;dXSpq0H)n&~f3*t>MDDI}!^tnF<hE
z-UuQ4QWf(XI0U~Nj|k@)gRM!)lZU<*iAdT~h&N4B4pkel>JAb|hfz|+^>C6y226X(
zGu+6jbUwtzyh?gjr+F$0#wjOi@g_84GmTJnAB&|DGH2WYE~JdGOu=<YRIeI^)g1$0
z2N55vnjK<obBHLGt=ts^)k(jo8q$D$gozcvRu1m;)H~U~ELE^I`C4+9m6i3ug^l?w
zjL{Lyk}$?91(=_sI|&D^UIHYgVjT?y<GsZx@HS~>7x3{S#2i<`u+W=EMTVx=6fxg~
zSt%f1Du}H&`_wisK|jS(usloog~|1r_Dk7azilPEE0QZ|5|ZJLG(BZD>nD};w0*{6
z2T!h@oBWiGA=IV}uG4cCE17Mb+vI00X{e?@?b;hc!7x%Mw=yZzCViR7*HYW3bhoxq
zT+gNz6X9Gwr|OYU%XvOxx}aFjE4ig^q|&3*Ls8q8nv_G6?w4w)mh>RgpZ4wbAQ1gm
zyLMD+MX|7@-M5BzA}Sv#iK=@M497uoEBN028@%%~>xT6^Bgv8fX4lFTo@t80bZkp0
zWr}ulZi{w8Q=pz>+fK1<XD@9{gXnY|g(bWuIW{Qy2~%!?C4azyO_KsIlFHLMKf~hy
ztmRB?pWud9{a1%}CR3rcl(f?m%!Fhyn%T6~gZjn5eJ9cwhp7ImT|3=`!hW%BqwAc8
zN||bR>ATvxr!#1bfW~MB06{>;$r(V#%+ELU<B0#LM?)U|J5u96PCTW2(o_rn<0+HN
zPs!jvej7g-{KpLbV+Q{*ga4Spf6U-N{y)Hfw1?R%u>pikwZa)J$P5<bKR*^^1`5&v
z{guK$>UzpQ1_Kgo{$w2JbYw+%g-{d8@|EO<L7R}ddQWzs9+y@!Q8_5q`UN$LM)qkS
zP2nR9w=0ttgvAd@zwlNO>n=>VBNF8G6j?-zgw88-_tXs*LkP)mB0@G*3<{djgbiK-
z7X3d_LTm<$MxKONb9|}MH=TiF@l4G?7{riGu*8Qt$n3EmT?A_Qw1LlwrHhy<%3zF5
zH~}#>SONv)h*4uM<Pkyw;5l^tqpXP;eK0sC=IerEO{T>*wO~7~RK<gKcok}*&am(T
z8)7q6SLg@lq{V{~RV)c5g;f-ILP=d-EDH+Ap}$}9MrD78;*sVB{Y1E`ZE>ltuGu5C
zs9{2KLjN;m46$PMpx6Q`xDXyl^P@?hb7U=!zl7Dm;t-V7tiz$AU%fM=#91biF&m=*
zc8ahm5o%Gv2W9lFW7IDhI1xoU_@bCgYJ^XizQZ&s9`uoBe3Z#~Xv$Y@SK<Ji79gu2
zxzCC8hT+xFs@F2bqBpG})vxk^JW~W51)v0^6HAdT9it1Q2`q8Zs=4?U#^6HS9%UDd
z0~e|}DeV2`&|FhdEE=n=ND(E{;ZX651z81DjF6QCFTTq9XI0{Lr#|M@*!pfAEdMDM
zz?weo7^NVmS_)HLvtDzj`3|5}sd!wtQS3HMv!ksy?haKY|1XR9HMuMiO!&)`Kmx33
z6O>3NJ3^8Ys(H>Zk4Pp`N(r~BF(}9#HoW7)o<tdfA_VbMxbQdf>XoFlZH&M-8q#!J
z%*Ms_q$EqQ0%go_Vp$XK0)UA)tI=mAyfhvo6%4UYr4AI#Ou!lEq(+%jg(VSJMWbO?
z<N_a8+JjIk6O;PH<HuBn4_43lU07P4-_hGJ)E|Q`<AifVsu+n*9Ro2bDUX?+@|-v+
zs8rQZ-{PxpSv=QQU!%vci=;A@TC*ZLrmpVR$00bZ6%Dy(fP7RlFiO)qL*K{|tfr-5
z+^$ik6w#qEE{X`X1ue-7MeR$;;FWq*Rr(XF@wWIDdCyv0N9NZw$6IALJIMX$6b&kn
z*9PnFpw0tG0!DaH#8iyg(;3;wkws&LQ8+PFCe5LdP1B)=3FddEJs~UHggB8DE5X7f
zg9aWEgV;b+26#*{;FmNr7eOEqtGFALLvm*fR#YgDY1H$TSy~H4A`2@)x@Iw?Ce_j)
z(v5+Rn;<?sh$+j8Tc$S?BTf;QfOSZ8KrKy52-_VpmI5+UMRXctqJx~OJIE)ea~EUM
z7y%9GMx<+yC=g*2J|~TON8SNcD2!j?sARfaBdn4>x7)+=m_>;`D7xJ2XamqV0sD;A
z;zadPr-p|WDaIo4v}Pv6LlEURs>nuoHpgtC2)%p*Xdpu)I@_f`r}+zfO=m4`ZfUBk
zud&;_saA&tOv;)m%~@q3SEsRHD~3smW&V^^)Q2iqb094mw>Sp@L6#86m6|~e!AZnj
zL_E!GImZFyNyjbFh!Bk_`pK`?m{b#R`lU4v56UfEItsD86y|7*!sg@!co!%PO%Xoe
zjp;97lW$%_i*K>Fy1L1hA)#7sOt*ZgQeC5j6Vl>Xv6BHekXx9f2j}+n-L<GX+q|0t
zyx`lCUPHsX^$jB|9@RCJ)WU%lxed^)8-WT|KEUr4n^o`gJnO2-A>OO5h37B3?#1-`
zo(^df1du)lMrfK-C4Fa7g~xWdraOYpp!Cwt32jl}*aDN0B%(@;K}Lv*G)HGhu_N@n
zGgj<Zp9tZ1rArK6?He%{H2drr)=W!hGJb=KEYB~sbV4ajb&?R-^0a2DK8`-=O-()`
zcbi)l&-1m^HrO8|W_4P4Ip05I070HGh+t8`cpeGdLXu(t_EITa<7=V6c-RNEK5w=8
z6Hpm>)NI_J{#=qVmBfi)F$go-nE3>DL>Ke0YXFVt2eWKk9nUNUv<7mz1N1d5^ffsR
z&?2RT4Fc91au~~KPp__ThRg$7d5T(%(iLnCevQLzY-n;2s%B$@Otbcq>I?`>Le;N6
zY*9XhriPY=s)o7FR8wrUd+{QdQr8qW6l_785gR(a-shoe_H0hg4Rcx+d7Dyj0?f&*
zuwmwWTYQBaGg%_gm`Zgvj^(D4-EAPZs#3cgS60X?ONHscn<kjvVoZb@uHiRt$gq~6
z7ETU5!j7mcXtrfdFwGuSvVeZW0NtNyFdoUIhlW(DP7}pZH?`1JAxcnNu#1PugJfCE
zO?&Jj0WWZ>u2Lq=*VR`)+3o(gf^{gcgYkMsc!zEQP$H!;2*+wIqB@9(4|<J?r0(@`
zy0t_rQVNV@<gC+|4Q&94Kz6@IN|!&B2*w0GJGtf(tgVoDrhtlOfD2fz-C!B?CgL4x
zjHvH=H5-ousDfhpJfuY0A=nbFkIi8C^CM2Re)xFALlMWXM!}pzM?h!7>{1Cs{Y-GK
zv6-6&Y#y}KWG7uIP?kmxwUcM@<fp)~q8$!l<K!~IOqHCxnFP0DXG^3;VP0bjXwxUW
zI2$&xr?mw|UGj31sD2{{`J=CMgcUwv$0BCh2cs0DVgmfdsz2cev`wl6ZC#Nv!yo}~
z=?kUFd?y5$--F$lO(0r!CiSuvF|tNNa+=h~?6edM(?=9PmMA5gXT$O4^r{zD+NU?@
zv<Cc**2hX>BinjF`f581GmG4y9Mr7D$5R(A=cop~3Xsqztxc7J+aflMN0YSSHk@cB
z+HX8zgDuIm2Pc0}FB_N3Tqx*e)6z(%=mVdowdAIvQ->oqOf|@CM25A_lOQ|{LJRUQ
zy`7lW9C3>u)+Rj6&Brt0G8q7p9(j$y|C2Jo|Cyg}?#Dj<KcP+d8s7m?{!^z+aftuN
zA4~lI<WtB;(v+`p430nl&*T3c*Ix(*Kiqeu&i|+=pK{7%YyQWi$x}1=AK%7LP2HSn
zQ{^?THLfq<&zQ^A>2j@dxh~Ajy=dUTi^JitrfG4afUR7)diCn8tTj0~-FbOy2Mt<x
z<dK&gb=0Lt9I?Kz@X}+Bxva2o!_c7{k3IJC<B$LD2`5}RV#F22#aE3Pb9G6{rZHnS
zmzG{rT6&$wbM2HVH&#?!f66I0S5(|Iefllar{6kj)@`$A-%(wC`|R00wY7Jie)^sB
z=53oh_s+(~yIWemKY#u`ixzD^>#QG~efE9lpMU?k=WbuJ<bl@K2iw~p3<e)wy7XaH
zeKZvM(emYwc6L4<k3Y6@<>MDz@Ux3A{`o~0{p_;KF6-{@-mqcAl~-PQ-F4S}?|a|7
z<BmJltoeCQPtUe(+qQ4te*gXVKm72+k3Rb7V~;)d#1l`fUAybD%YLzO<CB+P{>!Vb
zdV15QXRf(s_x0C5ck|89-+c3b-f_pTw`}?K)~$QDZTro=_r7@Vy)XUnhp#;N;HwWl
zxbMe5e(mwc-}sOJcw^VDUBCS0FL&?W{i|R7YUj>3_w3p8$}6wD{`%{0yg|O&|I9P*
zJoC(fXP-Ur+;hKw;e~hi?0N6S7yt0`%OC99_u(6F{OPsV{`l5gZyh*rVE_I<zyJRG
zfBy5I-+uex?|=Wv`|p4Hhd+Gwr$2rE$tRy2Jop9q`SjB-zxd*>`18Mi|NGzn(Jb`u
z^W%YkU@y4xzH*HkII?y}&#tw3N1t@=?j2j6ysTi<>9^KCxb>Ic9X@I4Z+Aa<=QCGJ
zRhN&fd+4rbuXQ*7;M`{)+V=d7<zpsZUZ=ftYf1OgvUN{QYHGMGXXuy>MIY~#Dz&!<
zm+XFj{^_-q{pZXtKl-gZ@5*^gYFv_&HT05(B58iMuke{FWy5bbb>EqPi!Xc2LnB8k
z1FyR^yI*mKw(0buQ3J0jKjN+p^P4Z}-hW^BHS6~5++IKK-OX=RR<3#e#{Mn)-nx6+
zkeu3EMt*01TTjvG+}mb$zw?*Yo}4+i?7a82J$tXp${OHVvh#aiWdHVv`|gWhQ+d_S
zn()~*muowJQad|xgLKo|dkQwX9?yOMm9Ng3+V8g$Mt-#=FzcBmvF@5%ZfXhKP+W3U
z))Rlf{pT0{^-nHO<E+BD1&u}hn(}@$Ap5!7s`H9MBM;18J!sE+J!=Q&>|fh3rgY2i
zDjP?-e8&xR6>TiZZ@jT+RMY6jb;s3vU-qs3{Kxy=SpDh1p7nM02gel*S)SLDbFsX4
zebL6;oyCo#M!fW1&xM~YALq)K#yoOeWw@ZLu_*Vx!hup#^&>^aZ~L+bbk>~khqpTu
z@uxP#^Q9f@ny(oC)>Hoa{+FyfuHmJemj`9<o;vo5@kbVHDHziBR9;by>lYi2TRrf=
z`mDu;>vD$7KeZ{a_JR?Ac>9`>r!HT2L;v~mnxf_Zxodr4UG%v<4f!9Bezp3N$vx+7
z`)c(p_nHCQ&;M*g_O@f6np3}g^k!G+tW#P(tlTuYwYK=8A+5Eeo_u=f-V=UXJaGGu
zhECpESe$>|qCGzxcG0vA_vXHwKk!6<UUAjHku5H-dSuH^@4$(9#RE=!d-_w)-1OoJ
zXZ>)_)x$UUc$bad|4x0sp`Tnj*w;FCjq8C^{$q#om@GXx?9$4>hJFt`J^hD~?D)>j
zN7sxTotxb-{kq-5PMRD&cEuA@Zo2FFCysDc^gF4mJMY2#gyh;b;oaAJTwjLo8aDrG
z-$U!O_a8HQ*oiY53tUf*|M2sPPkj3ESj|=R{?3{oY<_9y)~Dq;$8CxJYT;7@*5n*<
z&6*8^J}&N;_1OGdmj8O@7srm>_SmyKF8gYB+aG5p_9c$qv7#n4GWyhr=<3hkoxS0J
z>(M*P)YVg;_}#NJE00`1dh{i4Hl1-o@!)yW<#pM<za4jf<@vRnj_VhHazy77ulILl
z4SS)eWzOw4WIu6U)>`ee+Q8L=?~9MV^qw87-uvmeqyF0YX8)eq?b~Nx-|xFEj}DiQ
zDf2E^|G|Cl9r^et*FNc4lM~1pF>KJ_wku{npY=!AwFQG;9sl<)KHL7l6Ry*S=WHCj
z{nhZ|Prv*yulSnvoBns(uOpxJJ8?zli^sk4GxzL@_lvwg>6w1RFaLAmaQE6TCuVOw
zx8kls_g`-L?vQ&b@4Ya$HUIgmI!of&KiNOHaKZbo$dISk6h?QQtvtNDsPV;3bFQmg
z_f>1jTVHtIaUFeNP2R%4bPt}k=6f&rI&wDVy?Vk^Yx<uY*fRLGtc?q2K2=b2t82rk
zxji37U+f+qs1J7S_V(+1_cqscJI~H}_N@U^V>z``?&`l}@Ydn~UF-5xH!R5ca_z@I
z9k!+C4-E@qE7#>*`pWI=D!1jX9DHZNTDNP^zAc@1fA^`Qc0BwG*ZVt*>+<$AmweoR
zK&g7QeCy6v4h(;$wxIjkFSZ<i@~B<wbB635y)wGs!(WVh`i0=QBeVmr4c__LaoPK~
z6em`no;Pj9b9E(ZR#E=<FYqimF>Aw;&3Vh8%!<@)o^s~KWe>b`?XN%hq9?0me_K)a
z>Bmg_!`-f&?&7P@tQvK4?Bqwrj6N#otB!qt`z-H?QNE7Z56{gjIcd#I|1EbN(IV#!
zy6M>QI|uHKWcO70dM3{O(o^X=seEA32S3{M#NHp?{N~B+{m-3Ncu%x@)oCZcSv#aV
zCtP}0&P7_=Ksmm*@XVZ(mM*#TrJRCG)(>vIy{Ne7qkZldH;owBF}!=>foZ1<2p&0l
zVCUev{P@`|o1WgiY3Te9vL~#{Uf)<8DBiX9iy!>-?i&a0{Ql8b<{ZD_r<GaP)fGSR
z*4s7GfBo#jt=HV~`m?T)XPka|`5bp{{mX@WOJ?`KvE;78VU^NZE6=*)(S=Vfdvo&*
z{kPszF!jJa?t!%}vtQ_W@xR9}eDLQR_sr<GYTr|H{^ZNv(^K<qk1O(aXw@;{uiiiJ
z`K5Qgxn#{lh257A+d2C6yf>sBZ{%zrb?VNAfB*QCEpoo==rtGYJ7UP9rNcgQ1xNj6
z-55{K*$-WR%=vZGzO%Oe#@W-?jLFX3lza8yt%3g;HKyvylb=2RhEKPSxMz59%R`sG
z_etsO^YT0+?|Z!Po^^{FPW<8TMt@nl=7_&#UHgYCtB?8PId^nsFT5&RaAr+?<$}dy
zgZCZy%=66Xg7wo%V$z12ymNyW>@D()F37K(FlS_U*88t~zI9=F^@#^vS^s^+@F#yh
zaLvHy*39evOLyK6KCIt1y}kQ{NxrNXg0%;aY06vlUq4xz^_NR3i@aG!{JQ1IvFF~@
zzqK-F!fNlJQ_H>UuK4LMJYxg(N6Blyy0W0;mHua+G`s1loa@`4KY!L^$4<&$``b@i
z51hF!uc5ekzdZXlJAU_f-^%9}Jo4d(SDpO&fGOom`yJyNF|DZom}wJ>0tFA8cGURy
zs>en5zV=b`oxdEu<;aUy6#w<H&u;wSwQ<u%z4n~)#+Z2x%O0(naqxn|PqMWWCtiBb
z_g6gXdgO$=-}~F1`BV2jT{~OOzx2Mx^PZhpyf!+1ardbo{Pn4u_vNp1^>^<-P~lth
z`sPzVaLtOYJ*h(;H20qF7lses;+lC}@fl~1oYPaZzIJ`*zT4}6=lhj(`@DyKI-_gH
zF-QF7i{r9>wEw36x%0`qeZTsTs^^yv9QpF@kKTRt;IeTeR!=Odo%YO2x!u3rdEKy|
zWmkQ5cKO@VfS%Q{(SvG!w`8&VoYlWRcEy-oA3glz`!5{tn$lA+dQW-I39jxzdq$mq
z<+bBnOHMkFw^qq3F8f}=A3xap@@-EqpVB`1(~Fng{m$mUbp7P{li!>0_Da_|J&l9+
zeL4O9aijBR$2J^SB)wECwZ4DEM@PQ2@uP=tQvX(a=BxjsPLqZm@7lk&pS$vyOPBol
z&C2~(jL529Hf-ypvlspC<;!pX>C^4MyRBdQZQk}ob;*$x_pYzl`KRk182jdTvP&K-
zS$81oky8$QSpVOTKkEMTOa7gYjM=f^&78`u3+^5<=hUsP7q_i==e67Z`pZxIui8Gr
z_4(W9Zs}~?F#oZ2lR|~hy?O7kzZmf1QCC0Q@XU(Z?|yaK*yleye$EXQ;|89;bM5$-
zvQBDT{<Hg9zE@Da@~&qa{&e8^Q77K{%4HY1b}#ykYhl6qQ};h|eO1A#>we>ETVGJO
zXZ%R7{Kqk?UvIy7*XPHbd0D^jPd@p=Qwlb2%3aWtd+ir%M*3R^&Cj`ITVdm_oXP{S
z?KP{9JhT3W+_QczXL)bTQx5i<P???6-&MMA>7Rz2xwgmk%H4%4H=XyzDHq>2u3+@=
zP`^E{q1wv(-id79KjdsFtKjI<`c)>fc6a}LdG4US1Lo}M%=7jyys_Z<$x{a3Q?YmJ
z=$1w6YPM#bw>437lTUWJe)rbIVTrXzw$2;8EAP~O1)(*QZ+xUap<FV5++~-zH&iTI
zxBirVUk%xs$Sz;Cxia>~wH4WGE`99PNXgU-kL(^_x4vL~<pt^~p~ijXJ@+(Jj2rOM
z!_AYjhhF}EMfQV@n}6StwWqmpe*bOmz)@0O$>y9-ZYcQs@6XVl$$IUP@Xp~^3~^<h
zcIVkw?#Oy-vddLadC%^WqBZsBx?DNZ)U5qk-Y-rc{^X=RpPf^(Ye3$Hf(te^eDKcF
z#?5)}c3t&;$5mHX=6*D}xPDjes3qSSTF`mbCf}-YuJ+2})ApY<_}VOQ<ynp1%ZGmd
z__p?;+RjUd?Y-jBM~=&uloz)xC~B-Y?-#kj#@uM2f3;NLal1~)8+ut~?$S-U(Ux5I
zuz_l0|07?LvX=B4T$r2ZYB_Q5SGo0LS7f;cJU+Ide#OG~0|k5CvD0@~OxaY`TJ9>X
zEV!s3GH8$MXV(^-v2$@r)=;l&&WSzQ?w;(0E3ZFu<Mkg8A9c){{ufIpY+91n(UU#+
z#jJ&O^Jb26olsfv_FH+ENCU?1EbmvD6TNFd`O&Vdy9$;*86UO$icw=H9d-0gmz3W0
z(9jcy@6S5kl{KiUbkK_(H|%wdIG8oEXX46FCKVmb8nNf{hd;SEFRTAAl)|-ph7az(
zaCz>et2%GFWZ#mLUb-o!-E!r^=zY(I);w03wezC<?jgtSov`&s1&`lz<_h1khrXN|
zn>Ks%r;AS7Ra_n{xN66DKGEbC)`gBtggUp4mUb+1Z$9COUAaenwM32&Sk|+!z4nvi
zj@mKxh7E<$P4WIi2HyJeZLd$6bMMr#*^Spc`d{vo<)++q=f*$3ZFc9WkKd59?E6KH
za{n)aEdgKau}2p_KeTcF)>hYufe-y;(*-x&k^S!F#~$0bw*2^#EqTk<Z2DlxX}^8>
zwgG2H&x~Fh+mn+w@Rr=lJI<{dkh5k+;n@owc<1=+N>^+2+HqUvtxp8Ida|<jo$njE
ztniX7rRnxjS^Wp@?792eJpVJdeYDd5!p7sqM<-QJFS`0*PS?i;_g;I&6`$W)kUg)U
zXW3D^^6I18=D+1xFZKKGmnCn08GLrEt3q0Q)Pp(sn{HK>UbFnMNpHP-=YglD51N$S
zl3Vyx_g&*Y9{*L*@&PM;(Ej<+w_evg<tN3i8K)HXyXLZ2zq~SMR6)G5U%|o2%kysC
z5%WG&)$b=$3)fYC-;<R$aQ}5h-FfaiZ@T4!<Db|yeaDDNi$=K$8YgX7boWsed2`m}
zjGI0)yE{*D<&3RteD3q|uBXd~EXl5H955re@n^Rbtt;sN>kqc~+naYm<AAdc_M2AF
zZ~TtzlMiN3J=ky2=xbieFYIp2S-o-lkomXYQ&JdN<C=G{efooePd`68mQ{P~$2kKI
z&iml>GiqOXAluvj=6mkHVpDN_<=w9DZl7A*G3CJlcipmM?Uth>jX481-Cyv%f|&Hc
zXm4Ik`H&G8JUDlLPQKLtH)D&gsO&#x&_e@u<t;03AMyETg;(qx&~N)gMTNOH-;?*^
z4+=cn3Bg=X)I2==<6-lp9YqzD{VMW&`*Wh39<IEgHMBox#wEj>b_@vb84!4G!0DTE
zO8&ZI-f=~<N^)x|-2;2JF58pSyk|h}fBksr<Bx=1e<bqPNB(z2fosM;^p0!!akT##
z3G|2kj$ZIzz}joI|DpXiWB>c+fByOKUuFZYBX|%Y^odshS`mzQWME#>fO&yTW*zB;
z<%MDgb`UR+z?>$?ORJ8K(%L6zmtI!$+d^<*j_g{51!sTs5wN9!{q|1|)1m^b_2Hwl
z#8W5o+k>;<FMR}MsiMC~i9Vore2tJS2Ey&3!LWqnK6H=-z0!wg|0&Q`*zd-}lI6#-
zBP;fY5B`>F+24l=+yZ|e8e&T={pC<_TG*)|)hI-o_qLMX03r($?hE-RhmOONVlC2z
zV4-7~%|18;=oLuc@&S%=pGIK7ta#aPD<uwF-FIXaZz$R!w<__VU#f#o4joEmF8}-A
z6i6khWOfMyRWTmy4NpZA2Y47bDrWF><G6<2jUyX?Rc1yxpF&kRDXyv^#5o`b7<mcQ
zBv?s0A&U>HN)&5Bk}Uz1cY@JGh&G|6ngA6dzb&SQu_;9IYGoXRgB%I!3QdZ4C=AsC
z3!tiPpoNjXp+^Lj;M-4ve)6GtyDmteIS#->-o6aq8<!MWTPd;d&yX6GR*+ZAQHGvE
z*j?AE%JOyWjr<0v7S$%n0l@jdDUrVnDv;xv!K?WBdtoFA$Uh0K<Z2s*VkpZ$OHD|A
zIiin1*5_;t11YMKw;B)PoMVXyOoB9!BP%79yd{<|G>Lb}aY(>|JQIy|>ygNN$Wv`Z
zH-MqYQXtqyb6up6Om=w(d<qcIA#uuVOfXO=2B;|kN*S7ero>mmER9#=B71PyitO)T
zpL+0_eCrEIa|qPre*g(t{pKKmR6r*{KSZ7}NJ>YP4`hIEjd!!xcF6$Yz-CFIRmg*N
zb<Gl_U{lN$_=KXll;yW{C<aWhfeRs<-)9V&4AUqQkn&zcKbcT6>kRw_ixVc3mdv^>
zrYJ_j3d}44IRMD@WFtxrJ3nOX{Cru%qN`KN%Jo->JDDrc(3UIF93H7E5yM4+<%2ns
z0YNtvHr*IHHFRX?)p}P92uMxD{8+|I;he*tB>aP0o$Qq)Dw2gEE7-1-MU?miMo5ht
zQV`o4Px(2}2H`$nSJP3NhpDUZ&`MY1c{P({#F~X{=4{$L!RVZc<rA8f=!A*o<)@ry
zj@q>c`&a<0R)uQ+_$g%-Qj-!Qaz-Kjn)N$qTLs*w36*lWUdfAQ*gR9OtT0LkBY!e(
zw`*J%CM4`cUWS}p<fguySrTot(x&SsB}{sz`;W#y2b9)?Ub+UV2aqYzg+>X8iQ4SC
z3W*YgzA!GEt`P=9m*%8XsV&$Ab%bLI5GMdK+juP+4Y1w?e>XeJ&=gTB^lzkSu~_v~
zOdztrqzR`dLcju3(qaL&0|G%<#nuEa5~~0KSz9ZJ<O!|B89*~+Y7hRY%NM;nqWvjk
z>ky&MsI4Yp<)klnk}2IH@<Yo0$hpxuLA-tl=ugdYUS&Y<obinmq!ZRj!H<qUytHK2
zLSLlQVFGgqV+15hL|&5<7>4mWppt+n<)~c7nUma=sosrIPS(w1_i-Y!->(1z6M-i1
zFf0o>j`i-~)o>x9S!W>bV0b||uT!ui{FaI%2_FzGXQG)gs}(;m=Hy-&6DC+K@*~?-
z(}|>k#e@3a(h72bgoB!f7ly+cr7*^dDd~>UkZ<(FhJ|aUaA?xp6blDWm@iyX8__=#
zF<X%ct)nnp4P^vsj;y)lrkwnL?0pG*8^!g%!_mZ|g+OTug~CR}v6RTNWjmJ>CpeCi
z7!o_!4gnHlWNB?LktLy(?3fS;B`p+E?sAlymisPHDCI5$N`Fw!hO0nn%YC#^ZbJX_
z-kX`7U9Ds%u?_v#`hX+t&V9Uj^N#QHyJTA`4&#BXT$1~gQWO=SgUD3bwg@mPbX<pA
z>T5<OB&96{vbk9#8@y0l$^&->oOO(ZCGK-uJj-FY*=ZHZL{Dc#GVV6dIUIwsN>dkh
zsI(@T%3YXylqZMu4MxK*f$JmUlLTkvL`HDMg6UxgOeM61ExU@~D!*VB<iJ>z9h!{X
zncHFj@_~Y5p3*_NEK&o+mysJmUMSiT5*dEs!3XFLX9h8Ev#zYaTtcNLJ)#>uunUql
z@e(e$Fk6Tz9SZ|gM@E*SjDKLKXB>G6M?0Z~k|kl69h1(Z2s@iQ^(Z*KQc(kuktKy#
zMrns^1D2A%9T^kvT{Lu^tXFU*@bjJxm<cpE(GHpbr20~<gN2w~iA*dCJSd~ev2cX-
zy1mcdbcX;V3s=t;4b2f=hx>N%&5h0BJ)nJMU#L>N3pu2SH#cW$ExKGW=&e=ROK?qq
zU#Bx31LAW7XeRboYf7~1DK<>?dMaavV@9_b>FNuR&w4y6fxxv|;R*#?p(P>X9h=&M
zjA4e&L@X>Kx$*n0eJJzmQ-~qame4c05J7gBWXH|RFg3A#*-j9*aiSQkY1G-MHJLfu
ziW!YK>?GV$z#oc((1d}hiH9-&A_39>2uJMRvY6dr*rj>CD74*3Xp6&Ugx%24mmeB2
zFB~^w39Tg)g9|;BqD%+B*CUSrt;LHiTlm?_PZ_h0aC-`%NsLY-%{CJofnYnp9?Mq1
zTWub_hVcvJF3O1O$zW%qhn2t%qxtm>bxUv$vX<w}6p1H~p!Bs3OOD{=E9arWds~@v
zb+W;AA6P9M4JUyk<V92j%V87q(x_7@-2!QhvO8rrzfr=-hoe#A{n&|as23eJvusfs
zwDrY}wigi-V8M16tQ9e~I~1;T06k=9LjL^+HMA#Eao8KcDd;^AjEzeWfME=$Sfyqk
zc;btdVXcHFJq`gr=j&|mL0Ia!aKoh~X5XAK8Pb-m#&A04G^X`PXDZwgOlBe_0KEun
zs70?`z@Ax~t|pC5O&bvC7tp=JT4=_MDSmj$=yNapi4(dXNcUKKdKkgRT?8!y)ZM-`
zNR6<xUPQ2n^Q~%j>5S#zSHAHI^1#AGua2@Bs2X&TwjBv;Kn%H6BJNVQk`@B!2ndt9
z5=3laL!l2Uzl*XLtZ^ucM9H8W=di@<1h!A%g{kS#V#x?pu!}qK0p*$xN{wf_8STX8
zz)W_qGYq-@js%?5L_91`f+vR<@GWc|+SXvN5e3SOQZ$g=X`LV}rKM^~(`c2Lc2{1<
zF(UMRc#J4IKOu<m%tv8YN}{>o=q6Dd;ZcrkBbH87L6VY&#**eGHH%AH7S=TE-@LC2
z@s8MZi$PCqqMP<y7*|V-5i5PXBHt1M&Tz~GCuI-^qNGyHu$Uea8lsTEgkga(r-Q=7
z4~nccZj%&2FG}ZhrV^QCn-Q%Jl~sCY!!uxmVuqQv$=$wok7(MnTjUmfAUv}SNVdow
z+EN;$KlBughBmddYzAYvwNOP>C{$HZKH?C)g`b@EU-rw}R@Kpu{a4wPa;N>*w93lR
zi2c`ad`9fQM(n?aC&<?~#1hOcmKT|YZFUH+5sR=9i?9)kun~)}5sR=9i!g_wv0?z$
zueI@r71-cJ)3RH8speinn+?E+C<JDlo1TKW19A+=0!cC65}UyT1~oJj0Zk4oNK(^b
zuJps<GJ{%60_FZJH~VXqd^o#ect|3j0**2zq3l>n2)?29B{EXRz(x0X9)Na6V!;_P
zJ?LWKB9{vZR``+;^7*{ck3<ojI+x4X5#qS|fL8z!ku)D<=ocO?O(Tf9AYoEQr4YY|
z#%>1Kc2Px8r~=z(A%133annMSlX+bV&JlKqn-UGEf2Qak2X$N?002~&+5Un*HH#io
zxtLp`6=ruooU`*%vp^NI^+{SaO37OzN;XUq%cT=goHa0D;)exU^|C=sbJ?+31)3|i
z1|g(NINcS{q6uK90l+tsN$Fe$C`hJ59|g)H5CZERAgF^15Q&~2o+wr`;RJ+z!4sjm
zUnZT*kkpWs&FviZD62C8MuFXIgP^oq*y}O2$^fysv^7$eg{^r|Thv5hseO5+1hAo2
z-vQf8i|b^Mg2tYt0g}0Rb&3rpODjqM8$81{iBJ?O@Y<obyjxZg1n3w*Qjlw*0R@!v
z$hbx}el9DY4M~>;benT+6FD8o`o=5%f9D$426d6=T25m6VM$SgCdSeb5-mKjGd)wZ
z3gsa>>3L`gyKj?lM_NxQg9c^6R>>+W9qv@NjMA?Zhy4cfXO&UvC?schXtA5>O1CXh
z!@f6QGbsaVX&TfWm3Lha&YF(upb#FwlBR^Tq6fZ|=V2}<)yTPGH6QC38Go}afUA#Y
zNFbN5TD6KN^#|QZlw(<7k}ad4HtN~$;7YR-NairEwKzqzueG?v0Wl74b0Uk>e7K<l
z&}J9}HZj0W$J6W!LB6;4Pi%Nu);>%twhP=+no|s_MZDtLOxyWIq*@XZK7g2x#&sqy
zi`uCa6^>hEintK_rl1U5RmI2;V=6^i)YZIYk&U_7?Y6Qov*t6>DhUKp4mCR*!6+AM
z7IsVN1<Ole-v9wwNRNjW9)4xHG=pNA?PnCrq6QI9;C4`+vV~P;kyw<Enh0JjMwGyd
zrAD6p05upGrtvqZgH3C4Jw#^`h3CS)NM8iLXD8db^~~=sw3_+-WwV&zNGxIIqdB~a
zAg0rN{jA_xNM$Of#5}jw9PWYM$6{p5XT&wvT4+4+jab5HThCSi*ynMze7g>-2$zR1
zV`k7y09QX4>0%Q9fcQD<pn?;CALk-=3Wk`#w%5R-LKP~QGW3S~MAO(kE`uvGjO#Ux
z_n^E6OW|k~2U4`lJKOn08Yqb~%VtGRx1lXNUD(hLV4js3$T7z)$hY)%8IdlnD-nxk
zPdCo-)*W@SIsB+Iq60qN<eCF+OTfnqN*7gFEb>*N7K_kPdTI-Y*K)SV+aI)j?!PyS
zSTd8Fy{0f=<CgS_)=|Emg*g{WrXb4f0sGHc0z<)N2RQ+mseyq7NXxLeZV21ang2E#
z7v5=k$A_irpU6n|4pI+j2GKesN8&tfP9*jC02&R+`fYV1OXNlwMQ_l;N4XN@-j@U6
zwov+_vRjg#+36e^aDgqBMGUz`JkVI4HbudSi%r3>xe!H0{>VVojVR_Lh%kCKdZ<1a
zGID6L18D$L3&~)=25?vO$G_nr$Ng-q`GPT!8<=z5ap%@`1bx|@i!d)aYNQ6zAvL|`
zgKJ{HlobpV?c@>^DGBr)p%@W~R3A50vr{H0UZG9dGA-DYRuKbbh5pxVgX|(~v=1tu
z!R>>lmxiWm<rP&BGhxPveNc{19{V3lSihBZ^n?FiURhS|wEqc}jo`lz%V)&?XT<*J
ze*ph!#Oi0n>Sx62XT<7f#Oi0n>SqK8YS=A+q*W9*`H}bQ!La+0r8>=i956LiU~8bl
z0)cC9djg~o5w`ogIXV*xb5h`R=SgN#NtEM*X;8Zf4szfP6^FRSW*SA1pr0eJvs9vw
zF<qdCX2mXOSXvS@R_YpSY?8629ciye)woEwD2UGr@;6q8J4g=*fe4*OaIR))6eJM_
z3gv0gL8hiPV=7!}qRT<8J`J&)aezqa;&4%Qt+O+p!OBF&($1tfWfv@2gx*OCh!m)C
zj5tDAB_SMgglpS14tO*$>>)Q-TWzJTCsFMRqnHBe0HGhn@G4LK*wn3dJ(lPVN>?sO
zWG0Q2A$)$tAdqC3%_k_nAtNpkE}Y|iLYMD&pT?)(6HbdM$018((%@MROf3ks%#|!J
ziK7uIh1+<c@JCd}741<{j0kuu)-1IB5<*Kfambh&aZ(^$Cd)Of38dXgHeN}#tucf)
z9}o{4e%3YgHtogrC=ALt8;u4mX>d%8WTdmQeWb)a!Gb}Nj@U4Vs#9xj$L!5@$`0o6
zp=SN@u(R0c5x`4)=Av>VOEWl91hNe;21A<&<1!N@Koun*2Esb*3(M;I5<P_gB2+Jo
z9qV0Z3b0oI5eyavTRd>L>(m1{*RUuUn*hRNblxXeGN{vo%ZwFc1H}rPW+GysJ&|qr
zNkd1@n%-uf!|M+az8j-FT*@n6$#tjDkbtr}#A^(vO*Npn8pZ@f&mOky0@%&~V0#!H
z@UM>D!YylpiH!6w4rmzG97jC>{U}X<oIVzV5*VrS@GT`;7oeREf$7<Rruh(|$h)_T
z11ia$ps+p_XH}9?JDOnB3Ts5aNv`N54GVNF0s>m3nN_wm8*WeZDBD2e+kj{et0ZYn
zuGk@62r8lrdr+`515K=ldIkFgqZhOJXT%>OD3fyB(OYHfEUeR-8|Swyt7)p!>YKGC
zO^pZE&#RlKd25>4Z*M?bR^PI)acPUjQZ&^xv>dE8&ev)h4%YUsZ<rVG)E%^>sjj(M
zYi!c$7cW^<UpFtH)i=~GS~{=3VSzT6<!fkc(H7M&u5V$5wlr!`Aup=Fj^&&0SzOmt
zyO8~?nOnc8zUAP6Hov~50m_`u3a!zW)HJo!*DhUD)1)m~+O(vxxsFvo&(qM@P~R}W
ziPciKxUQjvoe~YKDy{B7_Csr4ShHvmR#mf<wY~}4SKGMc;HLTo3tO~>jf>{hH8p$Y
z*0Gk=%w1GRRk2RhE~=?t9MI;~EUsBlhq)SADNUG+w{F?OI()?Ht7-7m)V9<&Ho%zF
zHa4_0v7Z6f%cd5Yby<CLT|ld8s&9q?ncvjNiihE3Ibh5hJS<;B9hCw@t=VRTC4t{d
zo9nE$%&V(e#L8-h7O)2%k=UBliSc$bIg<p#L-1=vX0HmCQDP5b`Voo!*YwFL|5q;U
zTU$qd`Tvy4%Ce9%{=>A9_^-qB8Ik{w$p1(De@8R{|D~D$z7B=#zh7Uw5e2}A0$@Y|
zFrok$Q2_jZ=>j~<f>%Y_4kg>^yM!C#D|JA?s02btHr0ToS%S`foVSU0dSc;tX9n@Z
z^M;cMYI8x`kj$iPh-Uqhc67JcEQ+rA7A^6UHxUI@Aki&#I_Rm<tQtTf2e{8D^@{az
zuS>>xbuubX;_HZFnoEdvg8G3QUKm4BKo2R>1GiW-q%e=%&A?Pvw2^EeSs^`8Ex5#Z
zy2GiJnWP3xwdR8xM?gCW-0ad3KLJu>OZ4t`aK6L<4}h#lo<NASXeM=3+5qw^$d<uP
z15sdM6fAISISRb7W+s*<_*rTeHDAKEdwAoed`OuZEWv`qhkEoQ$O}UR>&S2kD!U;h
z5@bmn7p}|Qp7yY5L<rnbPogI)7u>>qg0Vns2b+utnU?vn+S;JDtP2JPVoO*pKnOh=
zS!lS7Ns%iU31RI8lm%gWWI60iWF1O77B<C3A%}TbVI2G!WY&7B8(Rws2gZ!CUB?!C
zz|)SRYt)MfFkR3u7#$cjq=!B1PGsV!tHIbA;3H*OUt5D;Bc#IQW1sF#Xp9l*N=ScP
z%-szz>j5#%0JUj=_y00Sz!Z-H=ZE(Y#5UAAV)`lxzziB1R1qp#9kHTx6IV6h7KS|%
zpIEu`KzA^+q!hBXF!H!+MK}c5NUT#v3KdbN3Y|PavXGM&NOei&?3z@h%Sh`uD~uLa
z+G$}}d5cOQ0|pMo<S^2)a35N{qXI6`%Vs<V14x^O4~HK0w381~GX-`5Xmnq`W5O@g
zgj$!;*`*ZfQ3};~p}e6`C|hBAtRtu)_&Rs@z}fEzM|9O24yhB-Z5e{aDo6OBt4`gj
zzDvf1am2Hc0cbolrKnL>W2J0ilo&Z0N|YFnY!ECV?C^hA+?W=})S0#+&TzWO$e={h
zM~8_tl14bafUoty#XBnmkig=ky~7VXd*C9I`@n&3259iCUF6}Q_IM<zmI3XQQdD6D
zsHs#Oos140of(PEXd>4T4IYz|WA+9Ur;sTeNlY2q2rz3w@RaOgZSsl0M{1Z2p=xJ`
z2HRx`1P=G}LyQ-Oc;{iI3H<n`o<%ZdI?;{bC44*aL%th&sLW9+t1AMGR)%G<^m8U8
zhV=wEuxUMM$}QvJ<y48$ODNd%HBlgy9btB!5!4Dyq?utGjp72i9<dIf^*VIr(G?GS
zci5Bw;kpPlx)=w!?#cgx@g3NHM<o<FMvDT7d<tOrJ7bCVaLm+vqP5xaWc;pyWOBrj
zfl5#|ruM@LwC_`Vkucy4jLU+$7V^e%lvay~_niHZwJY8wIY%+2cLL-vKz@T~FW8=t
zSFgNF<;{%K4T^fIQ98HqAP#v3AWtLED>Q#Ac!%4=k(GkyOr(rX1K0@JZ2@tgi1AHX
z2YO|`Ch{#GWZ7U3$ql5QA^h%}VOt1-t)=^tz|!F<-fO}5Q;%eAwy}k&%+*ma1W2T!
z;E<N!kqp$aR$bJ@B|PX^M&k~6^tPo=-sH)IN#_tNQIcWwKN4|BG_YLq2p1=I-C%pK
zTYwTIQ$`PPgu+-vj4zomfhkKb#18_b4RkoR_>-JMuK=7^Nb;Ob@+iUS7>m@y9rNf8
zB7w{igF438$N;unTYO+`Ne76idK0OY7FB6XwHs;ISYvj19$gw$nV$2~NYu~FY20MQ
zRUq@yqf=xtQ<^kl<)v&ElWZ-7rUaAG4!4jiN~o0pA)BM~BAY$SxluG(k9vb16nzam
z*b<NSk}Z$qQ^GFON<^@TbGF3HYN&P9*nH!(QF{m^on5zqr3Gsxh$9G#I4ol!s6@bR
zGQ=_=JS$t}&Ut|162K4O)tqgDn44o{K)8bD*yP9+N@y^-_0ZraCVWA~S(UZxx&JB9
z2}UD4Y;JhS4#q%8d#p5%p0xzQXb|x~0ihjrxF{Mld6^_Ti=)CiOq%q-qVG)+r9!i=
zT%@XxgO>y435)BV?veD5?r>S7W2%fA2TLNRgquwnX$41yDxXl>*f3wzYp)>7H`POx
zXcFFCSnc6e7tt+X`LmH11H?h!H8fpNu+<$FY*w=o&q9Q*GzqvO*C^R3B3Om;V%%bx
zZ~@6e&Y$E886g;$T#UX2CDoxx?uy(*CE`3|hkyk0$(I}v&P0Dm3Uu7^JdWTm&ezWH
zFFv?xBHn#Y;V$qd7_rX1hOGC_D)4;ETR0tJ`HHuta8>~0tZZ9gc`+B4OvusX@H}~f
zXCP~Z$bQX$K9gg@#iS|cF=j-(02BBFw8I<7>@lL#9bSb|WwWC8$Tv!VvqPb{7KnR}
z;C-^o6fc!x`yCiCFvg1tn@hkpf$#Gz`Fh@Ag0+p5%SKwsCRbiCtn251mb~3p-nruK
zj`IT_ylhkwXUPtT62}0xpj680CQ1Z}v$X>ez%b%(3v9p%w?cpf$Q7X!O5jXri3kAu
zh*O1UvkA*o4{;#saSVQBL^8234`Y&0rZd8))86b1bd%yETUTy$L1za>vqN$vC@<at
zf!ngmvH)(fNHNL|kzIt#mwF5>5h2fHh!aIRK_OYiQN*~3EPh>FzC6yGj~IT1Yc|q|
z+o^YFC~O!C3V?rBSPXu$dQdW#0C^7u>R74Et8Eg5u7ong$AxiG?h8`$S>ODgLY^p^
zVAp-0mv_hO_vrDcA4*T@*4c~!Y{ZmHi4{VrggMt`T}u_10#k77{(xi?qKW*C=K@c!
z9X7%1$p@q0ElqbPOT9Te?gAI$_vF}IS*h`@eMsQe)R0K?OA``)75qyZ0A271=qmxT
z1-zm=@(A77Xq~m|kuYJss^Cg;N|ci!*M%O=-RwKkKtki;1tBX^j$o&_8icCxdkCJ0
zi;nsji))2Mie}`6Gz%0Z7psi>3)_yVWV;n%n42Ih4A6Mi{$2(Ijg&TA%+nq26WF=(
zW(jOEhToyrtOEfLu3o$Zp$`mDQjKjI)*nz{TQl#YerF?H;R^BKK5A#T@_3x1yHM<J
z+F7`e<Xn<Gp7xP{$oCBPMHhGPYR!#SIN)~V^MP(59n=QOHUe@EF||xPQYz=-;WlBv
z^utx(&h_KyDY_L;R{{k=;*g>M@^n?QUqKYaWyiL)V<meae3b$62f8ntn!EvvT0|qQ
zrlBO6H-QH-6Yo$ZMV?DM#*@<gVl%riJSHsR1nxCuHTFYIV+jxnu`1fw5Vis0OtrS!
zQ@Gq)$}Yoz<yQ&_F{R#C_S{=4e9h<~%TekLc-HVjgutL$d>hy~BU`{SD(zS<mIyBW
zwjTDV)l<mMB1j1iN}j?(UQZBOL%D;&;?g-l7mC@pne306#8U_h%zl2^!1{zb3+RGP
zr6uq8HYF>7D1mgAd}g=-C2U)?P?x%3zP!*96m~S;D?MR0CQt|wOm8aO>qV6(q(HSb
z7lE_#AWWOimpduH?e{s4xX*ziCMB_g6{_jf&#K+vvUx5?;CSFF>jIeManpXY^|UB>
zm0{jtXtuZtE2{E<whaE%HaC;fT*w@_ssqnC5?pbT&khRMqliB$WsGETsiOjyz%c`C
z;8SKA(P8;{;SmDee$A@7EVC-1rit51;z*XVKmD6qiEmCN6KB}CJP1!0+l2#V3S4g-
zHdmSfAsF=J>;?Nn9dKL(tQYF-BAxJv(L;46CgAa7(S%xd(x$g{T7+fY1RXa(6{uH~
z=#lmqK31Iwb!wz-r|x`9XBfz85}lV(!(=!4KEXUfnXEV7g*sa{+Ok9{79H;uVlE3R
zTgv$@t&p|w2E-y;1L~6uA?vnp`En0}CbQRockEFSl-d0Vexf}%{8k!?Aj$HD$A+1V
zzrZS6DTA)BjzY#`HtQ7?BXd%rykV`a4qjcA)gq{>#hsGlno!=Vh|}H<FkJ8=@u<S9
zp9f@soiw<@K*bvOuyS3bpqObAI0Cn)d1W|YkHRMcm1Oz4^{^0?K-qM!VAR=K5E0RQ
zt3EmlV|^YDn9Rj1VAyO#XgwhiofR@uC4lV!lgB#F8B~fY$?ljQyxyv-S<raX#^BmG
z*_Cm)H_~+u#5<rtAg0@7B!!WuD0k0IhSBQB;-JYKhg2bP9j<}EYo={<*2_(|Xew-4
z{WviTXx}5|kn30RE*l`u0B1w!cIkuyGqjj$6eCSI15)YFQZWuhkMmO{2@Oi5HhT+c
zn#aSAaP}rBP1CBYwPHQq3BI1ibg*k+@S@{!#onnazu2S4Ox>*n(5`1X8Go<47Sb3K
zj=tLBOgx(4B{@<p&%|l|MA5Cq$djr&zgXS(#n7XymwZDP+bBk{gDNoIL{!aK6+2;Y
z<g}3qmv>_8yH;q?36~m`mo8Q2DAz_{iXHSN?m|iwAq<@#s8m#D5U<G=M0*stUAAA4
z3P4(0It>5HcMliWDK>*(4C!u>sNP_O*@JjQ%05O0P~Jp%u0%F~BkM5qSk&X|F~TTL
z^~0W)dUP-g7FTr82O@LMb}=SjP}ky@hy>wGIsqgD4eLBn9lFbvfL7bU>PJ<WfH@w}
z(_Vw!{uA7RKBuXltKLd6zY>fsH^Gu@t<wM!*;*O09`Dvf<**s;u4aoKCv-eFN}@;@
z*+!QlbZtT>*Lq$grosBjkP2_xu|#4eGAyb=rAC&S0?B}Ur_tyTEijF^aM?!EUxNZo
z(gcD9rpRnJ!i3R8|8t9Z@Yu#7pzzZQD!#pM3SG9WFztM{Civ`RHk%FN+CD5>9AzmF
z;kS}%E-Wp0@#wWgKGqqV6*)l#^ACEKa!hW!jVP{ovY|9(@MxMoDuTV{%%g2BtNm>@
z;t|ml9GxskcWy~4^kKFr1E#p}d&26b##M*ory%C@P!6QK5*<;R(n2@)Xc#qfF>8e@
zGoMe#W`(tw1LkT-v%1&;K}2Yd66PX@nqi4Fs*<b9l;p}$oW(AQrG-~MiNVi}klEzI
zby<;Mh{efar(<ZNik7QDx~MI(BSp??i`0l8GQcz+;e5f|?SoT|<+6)gN|@&l)(|<%
z)FA?ZV7qjpHUw}zI0NL~lYtDAqSpY)uf@XhJ0&!b^RB=rhLcG>oU#WL!imwy$iic_
zfpjfA<q;WHIJb4Rb}vg>!igBmjtU&06v8IVgYXeXI%C^`Vq_rr3|iR2*@u@xwzKJH
zGHj$^gUKz!m?0ru5JqdZSTNH59Z$n9L+7z^kcFqE%~b#%^kEIhfO=Y6o%XM0S!bF$
z;A}`%A|WJdTn{5mKIEkUED{(U6)di#zXQ;UWL@ZBY5zB}t8@CjlJd1K3o8;2H|KH+
zUpWJrv$%oXQf(}x2s~tGZRiQV&;SBXtWUA2S8jG;T;F&ZvQBO>K<q|i07yDojYiRu
z4@_pzUJaPH2rgXMpKzeEEf_N*M%qK_J#b9m$lAzG3A<$rWIfFGV3_WLTt1J+!&cZM
z2zWx2K{%su`G^PizDY*kTw!8~L`*Z&P5TYp0PND}PCdPVkGqga1A|ORTto(uf1}iv
zp`xnqG=<?<{tco;qmp&{{A@Ll2v<x$doYkqlW*H-+GcE=ezy*lmX*?N`v5vVsN!jQ
ztS&h;6KRF|TC^vn1N8xwxCIH6i_jo#flEw^T@^r43X|luO^?^l23Oh31Ccd}ov2RG
zmhEn9=k`<P7Hn}LtiTP-b|0QRWaDYsTcIjNai3rtovXxzHv&+KAc(XKlLSQ=Y6iBR
zv^O_V-pIoSp|u~60cE5~rXo!@AuSr*nO$5E&60G>!!k?WqVlIg)j}IoNLSdUB{^_q
zJY224Fk~4VFRve^`UbWXV{saA7@Iz5rysznU^zSU#th6G3__-05TBLuhooL}<|vib
zsS^Z*O*x;jC#(r_$qNJG{tr|tp4hA+Eq|A^BH|3Kp75oI>8%w<??jn!!zrT5cxT+T
zJL>(P{35co*j0Hn<Jnf8!orhr8{jd<qin!^BqFRh(DKSItl(NEj|6$d8<66xqxryo
zp1nn3Lr`mgYafL0;&*VK6sSBVPY}eRh@A&lTt%Ls+}MTFl#B@J-cfa#i;E)On=#}T
z>z+&LmhwJq@(>axhPXr_E)R?9Q6w%TXNYII+u_hQ(y}D<5Jb07Fy2jz(kxFdr;#Nr
zR({#U(-u6!^i>g^V(wYj1l|nUVqDGCVdSP!ndFIpGKO0+aYIxslLP{729&bwT(1bx
zBX6l)ppz3S2NWM!N2}Xi6RM%eey-OfA;rLz3?obt0lBk`bOg<LTeA%7@)wULf(8_v
zMxU0v1?DNt3O<6xl9{6zW%fXrwjjQph&xC^3~6M{#xg}7E{2;mT0ClIU%a3KI$0v5
zQ$uR3o7PmDVs1gU?~xLdZW3HUB)qs-C<;WP)Fa_FMy_EGOb6HQcEN=%F0J2a8Fiq&
zbBy0n@HE1rx<MHW*BLsPW}=LX@tJt7R2s;2SE+8zCl$Gj<fQbJpH&#erOr)mJUr~D
z>1b?r)JPeORP%L*``Rt}5p=zm*ypeZYeoBWepbU9-nk<(sFlHe$>>uJn<{?7ip|An
z4DMkxu#aOnz*VrLai8!~NV97Q{YhHLylAyVT}7ErTnM1!PHYH4r7g0M?gGS2OXrG)
zA(%^)1kK<uPj=@(X+f38tQCuLw-I){RqcbLO3)sZIam#XgzO3ELTy(ElD6XZuo+%<
zg-s9M`Elu_;5vi{xLP74;^&e$h%A|tnFa?XOMdI2tjK+(fI}u%RJ?tm{j#i@#}yOq
z?pThh)WfS2E^F!StaJ)dHgTI)sm^La@T}3nX-dY^+QL~OLxCKVLN9a8iPcD;B2hhp
zjqgRN4mMlvGuuc2urcw2o_06cFuQ!VvmrI%)DyA_j6TKgm)xl<C9}aWmvpm})f0|J
zK^mm_WUXC#ED2|-)3t{6kkPG`dK#_}Y$8~b;(EFiU9X$*1uE-VEdz9+WyP?zb+Y-T
zLKe{vEJgA5^>6kh;kdD)9n&Kos}p0G7XJd^t#HkfT3<21&<mk-pg9p^YFCsB6JjY-
zB2)k%f$}OR2}33>?NP8ycI&U@o*Hhi#WJuqSv*S4jzHo&iQnYzNUHW*B)8joDL4T9
zCe)c=7aV>TNDjlpPEqo6g%KNwy_W&TR#tpmfD02k`KG$XjV*O;HS^{*d3kE98ExGl
z)PpU;t;9kz%7dY)(}QKf@-nm$OQ$k=!0~2Ut~V8G9$`i%Hy$i}&1d>Og<0l{0!zkv
z#n-&qoldf+B_*2Wxyq+RSekX4aQk1q##2blADva~Ff=;>=9rE(R;?e4X+fhxHamo?
zj0HB;&97^!YXa3@-a-^JN81ns!{5dW@j^W=Ww_^Tu4_85uBok|W^o<6<ar7Ub0n*6
zs$bGV$*3FP#ci?et~CNEpI5cz<bw>I2q@;BreAZ(&7PuRUH<V%m=GpW_xW@5+Dd68
zb0qO{=%Ffae?{aO{MyFG{p;(zKn1;spiZzxe9q_Nt~BN0X0zLnWVEC_Sk_)4Ruv)P
zvxTKB#GojEZIwcy;$llrVoFzQUM@jECdM1k*03E?2oe<77T7tmyx^THUJ)<$vm|S<
zoy}4;=UC$GY;iUP6@kzWR9v%);enpox4SP$p!je~c%k-GB#AAvcD+j?rMvJ2n*`zo
zqr;6_EH{#^+-8$Cd!9(ZC>#;ZG`R5r_gckCJEw-+>PuOZ>dCFzk+RY8TiZb#A-SLT
zPy1Z6S?kw&YuUG;Icp)&7g~hDPBztS%cwtS6|ac1*+vOWdkSP0?6)5tr|~huGSgqR
zA=qi^5^gpWYr>E&HQh%OWLXr{k)3DZRMY}PBDJn$Fu+C-3c^tr^D}^PH}edH)oAQz
zR|xu9WAhebyedfvLwpSE*;*_gMf6)VOdeU9PEN+?LI&%cph0mMk+)d;0}4=>F6b<0
z#ssE?a9;<DFq4ct2p7p?8<}FT{HL{zQVwpll}O9WU%)a$OD1Blro|pL#PyxG0J#J5
z^i`Uva*k@Xe7b-nWw?2zfcpozk8q)PuolQHf&|5~0yT|v#x6?vU&sGejD-mPdzys*
zE-%;0%B#vkRh836;J=6GlN0~jev8<uI`ZRxS5B#{nCguGSy@>&g8w}npAr1;5&Z8F
z{O=L`@BdQ#?~zEL|Fb~goCGPj-~FP$kAQ!VfPZfV`1c6<_cs^)+pfTrI~xj@yIZI%
z`Gai4lc)o`0Zm3EdXo?>Qjk!@!_*QTmTkMx0?1|MRV)w`bTeqObSs6<+l;-rT*j78
z^8ufVLGs{>Kfkp%$t%gQTd=N>jf|{$iBiEuLK3c629*a(DS>iWg_t!ss~uu3!Xtz*
z52rda78Ei!L=nnGs*8IWnW`@=yqT%kg7f~kCw8g3iCc4muH1sUv71iVmq4Bo7DG$_
z251NdIJ9V-%?JeL6&P?rT*qBMVf<N3Y1l1<5i*dpoDJQlDUKH6@NQ8e!p{|D`nWLx
zO%nKi0Bb;$zeqIP(q6s2gahBAvdx0;v8(1ON+N|g-K_bwc|MCtLz5Y<F{1?PMB~^h
zIY1GJ&-$HQmx)!qvU5(ZDkL4qoGJ?s>`CI5JFDh%&QO&muYNcw{w-Xhz#W5bHBUc8
z63xfX$N<cXxw+i|;EV)l5deCQN>enUwEf}S4M(L@K9r?cpMgFOO-iU~&<JVCMx_9B
z9V<f_2Wjdh*Ag2?%)>e&VRHH6f$CK$vGkqBqC~54_srz3>FBNiGGkv>qp(=8F-lTs
z0ct!JMK&;`ent~Aw2Y*k3JbVe<11C-2?<jh9k>!YAf!W!0AzsXBPNbzGcJK~C?B@K
zD<+k*J3-|gLFDwejJOR}7G5UjMLA+-7C$QEV)J(jaE1F3$Q2Oeo|q7>cytO<s8^39
zV65}fV#$i1+#ODH|GF(cDZ5t+7!)>MdA5ixo#q1sl76;Gt$?$P%c$Nshl-TnzBQ;m
zC|Ov_WY3i4uZUU#rQEzUpnD~2HI$sUhdd2iWu(VkPNbl9;2ni-U=fOIA4W7m85)|#
z@Y&->Ggc&A9iTw6JwlT*+r~nADbEX+?Z{oi)FXu#Xt|Fe0WxhSZwdwKcewi-WwK7n
zHNL29<92ofC9bqM_*h|92T2tEw{ENfQIA+JAZ_r;2!O4V@QC5-jg=~9095Go)JOzT
zc`Fg`K*>k@6)gyR4ORfUFVhrqw>`wq(f|;dtclQ&Uj{MY#?AvJKz4&~yv62ldA58E
z+$oLlMz+#P(S!&p&4Iq)ToPAJO$6IkU=O#F+K~NTESZm|;7K%}up{ngwbWUr{VF&!
zccFIJW5tp|{z3(NY0uCEy1NG}uHcGmB1EkKYpg9}N<iXgh@b|p<G@<V6Af_J)bi9}
z&1ONx_YlQZqAick<YY1~){8{elxf&Fq{4ACCT)i8n4bH{x7i~sUpXOUsbX$}%PW$A
zBbbXc;i83dLtFJ@foQ?5k^`&x7PXR@0Syg8b3|p-n?4@UfoNlgVhznlj{H&3@t!NV
zUFKOCy<A+hwFvV}vvBqw=z?FOEJ9Op7q>7DeA1+zJIYCmd^#&6V6e5|xjU=F_21$#
zt!Px5MG?@3*Rd|FmF>Qo9Z0d@-!HHH9Dra8_mrupNs!*1=x@kvNi|=4A`#QW@qWg=
z1zQ6Cm_Qmkxa))>%13m0Mj}}{0zK7m>BeG&bRc+so2Rqo=$ru)CbVs_%&0B5Y4W>}
zp$w=|;QtOCP+v;u8&d{ZN#+K6Rfc*V$8td4TuK>I@<zGElfuqT*eLzZ2v0{AIRn@S
z^ArPT^<vD=X}SOL8ZP}@?at<O2~(#5=S%Y4+{razx1zR-brixRS}xcIUs!q;Y}xRs
zR5s7($z%gOE0&rHG=a-nv;#G9O6_nHN=Q5h%TK;bf@LY?lQ%G|+ETQz7His6ythbP
zlZ)GPCBEYP5OZNse$k$M_c=wlj~BWu0l&P?Io=3IIn^kMVl*foJ!IHrLt;Ujt87{B
zJ`Srrs80>vp!KLa2Ohx=%%r(1r)$70J;eiMIk+`)(F=2z8RGpU$GDlS9EY;($j`+n
zsrn(VHm@+@Ae15GSSlr`HKN%va9*iIx8vO5HStTHOB<AnC6CvZhicgh>!)+Jf^&8b
zPKp@2XVLvIM+fm5BW7H~unpw0D7J{nede}uF-eY$`m>~_Wno)OQ%ytjqMDYvd2-hc
zV1xi$xBn4hsrnxw3sLqPGW|UR>Riu&I>!NM2c?rexqI2OCEXm@GVj^UbuN0GZ@t^^
zZeo!S^1`lfnBO>{CGDsq_kh?EYCiUD0PITclS{Z13+bL~&-j&uj$mQGFXa9yh3Vk2
zG9_LB6etf75%nd-gBcBUyg}g@<e1}*{&VA|oWt6`<c+83e{HE}!*DGj#r?#-h}@(!
zo8!{S84HK+rXs+RAi^n~08j)7GGIE8{}xL5xQ{818zy3TDhAoa^KP-wMsaP+HG`H@
z!C(vc9KLT`d<k**wdUU1wv==i>9;rOe4ej14^iuy;E-IX;!6}*<o1vypKA2YOd;$8
z=e6-I2_m`ay#*@E3$j32oe`82AS^4qw82Bfqy<O-L>IKV$|`bhEAaK!O_FqT?Qf1$
z2ae63BH=JQI5VVPn5<>XTgZdxZi(2}GW$_(DecnqM{y6=RIx2jC_<8o7z0tMUO=Y|
zdnC5aqzW!kd~!`#cEp4MOqsadD^fsT*4+5{0u*s4B(j2Z2gmYkM}`$aa|;)0c3`AD
z9nX#xFa-TpB-De`ao0{e1EA&UwJoXU(^sX*>2lEet_b3J!~#OgCN4=&p?j+YAr+;t
z2X=Ltz%R8&%K(%O2j?A4P?sEBw|MM8j#u?9BHBBY=gW>qfQ|Rtqqps&s7c&ZBTlip
ztA<C`m9$s21#|Bfn=aSnXQkadtEyTn1|lQOeBIhkQ<O284hBL1xpLVl){kYPNWoh7
zIO%yUwhT1e>9(Rb11yQus?M~ILu_bNl?fuq3!cZk`IgunrM6^{gRnlLKq-jlxe=$$
z>Xs-#%f!=(45%;$qK0s%TJA9b^G~BK_17?wTso`j+qP;lY4&Urx>b`&G*+F^flQ`d
ziKw*9#jr&xkX-baVRyOcfL23R0K+`YmXeV1_w4ULnJtK{*q!MX?7bBXQS%90CchQf
zh=8etTGe8@=ynX=vWW}=Q}T@olOk%sDE1nLanz_Dm?W?ka!OFtNRVzZAj5PtsLUP#
zaRCA?7N&P}03U30aJHAuUMn=EsvfgP7A8wUh}x{2383_XI1vWK)ivFWFb2pxD-ka9
zPbLl1X3b=dv8G|po?g7V0`{AnW;Z6<8do-^10PaBf^!b*W)G<w<1LNlVKBjNM&}0e
zs?EFeDj$z<<%ruYUI~ZD*fJ=RTYM6fBloZF4fk#C^<1@m%O_(&m57p>5p;}Rmwyew
z)U(ExP)0$z8KWs6x)2zQYYRz!LW=;2D&ZDGSzPGlG>n3A=)h<?7RF$yVil<x43NYp
zk1j~U>IoYvVNWQ@Gr>^g+ex|^2`2|Ml9+IS5)Zdg3=dG%rFMjaFXZb00f?YVcmTan
zQfof2CktRP12fdFiMoh!Y*xrJY5|llkkh1Hf+DrVGP#+WivcVl8*&InDlHsi3oP14
zSYXuL00}pULS&nh2xLPPyULRV!!59e@oGboh;c2uu)K9mT`q;Ljkrb~&~fZ4gb{>f
zK>%DLf<Lk~5Kg7SeI*b{ik1X_CHN7(TDRy#NP@2{TKWxO6<CQiAO15SBj_cNOS6`B
zR3c8mE|!4^ISQ3Evsi;V?;@0za#sbqz{rAHxI7PnS{*P96m-Ngg~+xoM#Oi+ln8!S
z7>!&@Y|F+v6CW_u5J@+aZtwsrn@>3SAlV6r+kt1fcR?S7i&yq(H^5T~BJJiG4hqBz
zoZbK|iR*+#L72M=xR^I73Isne5(XF|7-rfGYFT5#Hz{%G7DH(Th1R$nbyhk(J8r~g
zm9l?1LK!8`f($eSWrB#WJP3?vK(1@GB2&mcOnf^G)ldbsrm#UFD|nA^?C4@6<jir2
z0BU9sbTJ?i-v=_BIR^m3S>`hs2K+@|Fc=)LVhzZ&LgYC#oq#O1Y@@+jo2;S@cc@v(
zRwrXdx<B=(NHZX-c)1SQEmZJ-QW5Bt+F>tVB)w=|f#gvJ0C$=k+3e+W?r!dNiCa6%
z^O82Uydz~xcC$mWhq*bJEtg#?niUD!HIGB6=zQXq%S9ZO^(c2fhXlmsp<7;uL!s@b
zTY4gY@YnsV*!h+KF*}uwvA6N<{4nvm=91bv3wzQf6+f@UVU({#(dpd1Rh`AusGZp<
zr949#y~dKRmD;#i8<U!^sSa-z+fVoOQadfbx}_sZl|&F%x3?CnrE*ev2UUuAEvasH
zDtPby1~2+tV&QyedAx~lZmDbrTsAwcoM~yKYz8&C)1vW=%>XE8+8#A+Pd{mGjp)hQ
z3Wv7e#bzNZhs}K0VIrJknPzF0vp|w_=MjodCxowSj+oI-gCxG@NN1Dk*?;HG!R1B{
zL6}QgY09gb>*g97>+F<Y-O@=(3;*JpMl#qI|D11k$z7ebr$><C?05_a4p%W<g2RQ_
z*NUpp^s34kBj9j@_Q{F=Ce4$!zK;C(Z{?NcQ>Qub-=<bpOc}v{8;;Ki{@V!t+X(*K
z2>#m${@V!t+kY4Sn>&h^R|SO2w*W@4;6||EwgL-o1Paa-jgjErBzG{p7;qq0ZYGaI
zY=&xsY(3X}&`1Ia$}%<Pj-qjPkvB6jVKdz;T^T*XkPqzygim8otI?oP%gNCY0V4oS
z&M>>FTr|0WYAxSLPdXv|QaP|(cXuWZv1z!ffNvzSk2f)=61~O@QpLPvu-6K=n`w-)
zOD-AEM+~k4@pm}NfClnfBSvnPJS(q<tRR4AOjE!!hy+WqJWY%_55Iwnv(l4x1I`nS
zW(M{xCK-+NVHf}k(}~So#K*@&0AvtuIMvCfKx7VD0fhEP-c}5x+@2a5qjZY^h0rV8
z$a8o;h<Ol)phadT2`x4~HAz5P2xyCqNGf3_I?`HweKRILDBKf{r_p)Qnin&G?^rJb
z+WfGY#xLE8Xj_a=Mm<#PVR=NK*i?v;Nb%3(pWB+3D|(Y@^^5dWN`DZ00FGTtPu!c(
zK;#Q2MU{tp11Ww`ilKmJdrKHjIl_JAE{E489E_oQ%Q)XNFry%wg39K!#TGy^VW!cZ
z%C|h;AE?m+F#QT^?Xg5;B}_jkqNM^J)zD;rDN%~7V3??jCr!1m#Q+lujE;#;$bD&w
zLIn03;36-qu&FYN+sM%ij1B;ZPy=mpg8|U!p)IrKqV%SM!U7y4uhC2nd2zP7FOLh{
z0G0U*ggKpb_zTMrUoMVlc0?!c%)w1gr5haK_C)Pwj{Nf4l}NDvg7JtM4rYu@B&bI-
zAb%=lwegbyoZxJn41`=wcO^2Ngtr1}Y*3>Ls6)AbL|i$1$Kw+7VyNBll)Idn=yPUG
z6&}hq&eb;1HA}%8`QRmW&e7CLgar^EHA!|vVHAEO!;-|)oOTDKRXA6rlQCf$q3!}?
z2t?#hmIAL6kwmP-OzIJ%gRv#{B5m<)**fMzU)^%Jvoq;=`dZuA&{EgX(zd9sVL{76
zmkz^F#`Jin^r4l7NjMhtF3KH9bu(L%W8lH36x3P<#tk$gU9u<&Pn}K+h#d)w0H)%R
zE@&7cydw30xmdEa#eLjGj}RPHtZ%UQ8E_{S)U?zst2wx>p7o_^eod`gPg?Mx>oH6^
z*kozK`BqH2j5i}fdZN!1t~>N`1~yJ+rYKugP(Z0De88=CdMP_wtFL0L2KrIULTtmF
zW9q?hgNHj!q#)w2u#Z(J34AD!rZn6zQa0CZvIbO*U#K}Y{EM`06s3_HY&BLyQ0ax5
zO+*G_?UzGf4JlfWsmUc?r8H{d{pGVlRzFIxqp&OsZaMA3UKlBWEs8ZxJGU;~tVzql
zOmI#eZ<>e~YK^&yuEk+_V9ew=1jMpK`)IOa0h5+^l<bSb@jh7?pRSU0q9obXXBrq7
zkg>1a-qzTRULCNsuIb>m=9Z@Vh6Opgq)v&Q63`-{)_Ui7Rn$T1jAU7&d^@SI7Y<@T
zI&?MsDmc9IH2}wwvJNmXFS~(;%`Qx6gVB&B^1K!zARJL5GBJft&Z-nFojSv*DA<v!
z!~!l5h_?cudDsl%Fa|ixN^G_qqg=m46Jb&vbRPmq1NY0AIlz??rq0~-a<kj8kdfsa
zZGbA!sFJF&?Qv0^<3yIWZ#;CkeG8*~t^&@8v%)4p84g0R(Pi!o<D@sgQ}y%MQI?y1
z!1IXT3}rhwFQGNfuhnK$gxIwgPW%qZMx<$_r~oa(%oqBgfDb6MgbWFeVM=E#qTa)S
zJ(MvEYD-OG`|YJW*Db3jW^^0ex1UF`MJI~Q9-gJmb#Ci!D48qF4FjRBqCU<%SY@JH
zz~=Oa5v=Bxw#9WV3mbFMV9u@KJ>O2Sl!c5T!MnqN-v+D>tPrdH-UW3n5Xx|2UCliB
z7g!ngubz$!ys6nZ5^6hZ>~JZL#biU3;&Kc&yvTocV2I^dM~NV=9I16PMo|gGn)eth
zHYG_2$l~TTu={<?2%BIvtCB5rkz=d}(%fWH4`Y1v!D;G}#-?0E3)ZZ-YzpQr=Y*S^
z#UhK!n;KghYa18kXaMeZ!cZVSP?pG9TJ->h&BAUPw9;g}Mkv7`n7M2gQ`}BApU>p&
zZ*H95vaF^l*Idi?bGF3Ud`nEHfq<tMBqxlO>D5z?qljJYVH7yz58AG>4bBc<e|D#!
z(o$Zb)gO{l!Z*gs0&=>7sSZ&op-k@T8AHc$?y{-SSmK2Pz#K9bAs}Iqld*6_bqG)|
z;L;v9$rh?1Ts<(>u7w9|@xx-L@|HkXf?7>nm|T}ghp4VFNDKwmyVZ6YaR_jYK`~_b
z0?OZ(oj<7ZmVi2}uOe$o;DQ92CI?o9qnLXda)%kkJ5gNFKx9+HsBj`>9BG9?2)KLK
z25bP7;x%1Txnzi)Byk-o34<$1+TPemS0Z5|bcoVyl53<;*gy+Si3I|jJ=%-%h1AW-
z3d^q}@J*j)_L*t+T$x5J5l>9hO->YccZtBD>QTi<#7(B>6xDTr1aeShbySUrOM(~S
z&4tv->k*v=o2?p@n-cn024zomYhEZ&7F3Gv+#;d~`|fqR%XVi>8v87K3YaGWiNddb
zgh%2w1S<Tt+x+G8%gHmcn~7A!m5jP+M|81J+UepgmQsJs98ePnFJy|_bUVUDz-)2v
zEGH4O$b+|8PnVE#%qwUQhK7*ESUjo~bOg(DjoHGlZ$f^S(vcd=HuSS2#3qcBb|YsN
z%lMhoY_UNHX`XCRLpE!Bx(1ucwKX+oKo8oha=^m_UVQ`HA{4cJbN9zq?hHYH|JSW^
zr9mhf=9W(zG0gq{;gfCu%NAGZ;MM_FzSE{m$zlJCABX*KWoTMOfi`7uo8kWXAGiN?
zpMU;!km}g{`JYl*F>Pf2hvSoX{spv8CcIU3^b`NRV#>72toZNc6(jcl!|^E@#E*xa
z-ooS@?aBIr9(uZON+)z*<Rq+Rg{(wn8L$%5O3NxsLsPX-WmQ?Is-m26o!yMVM?S(c
zsIBzG5}=1_TM!`IoND=%zu_i`>;=e+7$@zuLnU~5x>zzhNh~Sef=x^Idw44IcbG~7
z_Dj5o>g}0M<rV%GFF`+;N(boL7tjn0VHeN{0&P_iF19S|08;VtI@z5$z+<)rfGh4W
z;!*qpa-<Y~!zAehzlK)}-kGxUA4&=MQ<MTftdiiDtu!$k;E~NrHWESj#-FCizm}y2
ztwj$^387)g=lF|WiopYWhiWZh2H_ijXzDtR3zv@s=>b~{_5dGpniy;9_hiRofv6*X
zkB9xpfN>2^&XV$lUN0={z}jC|EKlUjqCruc4a&EgCLCgAMD%vnK%O`&QFdOpV)=ci
zT7jzUHaq=vbu=i#D?ZVVuGYLX3*^;re?y{bFRGWMSd_hml5wtC|J%dLRePThTosG4
z5yj$~24OY0(xsDKu8T~+H(*sn0e^Iq+Ib4u050O%BZ3Sr%q1eh4&{97)nG<)zRqJW
z<y91Z-Yu^IR-VtFFaL@-7QlKe{bEpy#bG;~Ic;J$%kv1DNHYRkQS;GX_9UP|4eT$w
z-p+=);6WN5OpLdi$(i&wyNCRSjl&DGqAWzYtXvkGV;QQreAU{NP`Nfq3zd~u@?`ec
zE}626BV@R0EG4Tj@zR;zqxgfvq7BDP-Q#JiZCrA2Q~iR4E$o@MHj(U0!BtrE)%xKa
zswjbbt;WqymymCj*V8tyj`U>pjSZNO&N(z9PA3vE)OJZ=v1ngB+-*eAo-~P|r?9=c
z!*L@CR>c(R3>u9_kEjxWEyWIiwgc;$n(cK=36=#zUO{2VKfw|ic?S1zWHkth9S?4d
z=Qr9p3VBeoBT7JaLNX(Crn86X;i9-fZ9Q*bwdN+b9J-NGh1xEofsdVop_-CqXW??}
ztX$%GR>nc>m^?P}#vsp2p)hWDu(-517?kOOoD9(nNXrS{RE0ne)!0~IBEI}XVI$TS
zNmT+=S1Uh;Y>mck10(}MbBU-3ysTgvE^S(*tVal~>s*TvbX7?LkY!qn3S_4Sef0@*
zZ2wTrh+C*^Pa)%XI7^F<y@!I>)SOf0^%GxHSjf3`=!049^|B{M2X%%gD5Q5lk>_}W
zZg`bGURfc`Z($(^*mal5Lo<RwDw1W<;Y{i;iw!NtC-GpgM_4tm8c_F;>@h_zNvcw5
z2V_k?DvF&8#1<6Ao;ApCh1BbOQD<B-4r2El*7EY;aN`XJe`J@WKnV;gTAL0}ENNwY
zfyv{;<YNhmHTPRX#@R-7KgRSPJ$uvgs3rJr==Y?JVGmHXY^n0g9o*)`MF4jyd!pP(
zK#7JAY!{Kje0Kt?3cjzXyRP??!yFM}a@|<imQM$RUbwcD59KzSF9xlct$|{WKW-ps
zuq2}GVYH!*^+|*_wo6c}1E-81iV@m6ZbS%oQkD}lI(?@M^mPG<Vm08dR*aW`Vqxct
zzf3F|(Xhdf%-$;57O^l*jD&zNe{GFRTb3+s0cRTcjm6O2Rl~SJ=$II_)+gZ<a@+t`
zAR3XSqikpRRrV<7W}q!JRO^}Gsk2wGx#jCu=rlKL&Eg9AdY5Yx31m8BiFS6c67D!?
zd1S<e7?9ibt7It-Al;O%1~6vPgU<;!2q%ZheGy5x6CFCX0g4yh@LA1cg9nSRjSVZ}
zF`@)beXm6m#4O+vXj`znvy}uV5@}F!5crZUmbejv38s0LPepp*B-w|krq62;1U9Fg
zY)*?|$L1esFBU;;2>u<i`L7dBt0K-k?Ckmu1+Ei99ArQU$QoE|s^P@QuTzA^iF2EK
z_1Lq_wTVYi7LbfqkdNI!GD7P|8kO024)V3Z$kIHEL<LpL7^+oghfl>AeS)a4R-xDy
z<<ddG{D35CI&?jRk&!GaCmB*KR~wEK%qz{&VMS(fkj)tS;s#g5i%doxM1feDKZ_NG
z(tSfoK*R!)(?v+N<n9np5X3008ob5jT3uG;Fx(ope7N?6L=wx$v+lkrYYxv*BZe^w
z5Z)F{iAqWe-5`9mg!C?=DQ^eIS3M3csA|>qX%2VIf9Hh>b`~{sn?OJ<+ZVPRZFFql
zEe6*u_F;XB6Kf&%ONZPo&|0_RY~`?#r3_gGA~TVRgDEOr2H+VS0#%4G3wwbV;kJ1P
zdyCN3okBN@_!eFaaN$*=iMYhGP>)*jXKs-G&1zv3G{uT`B5bI;5-}yf#h^~THS-Fd
zqc6_eU8qQM>DjOhDvkpj^lVFbMWh!mUl6uYU5sL4aCSl8C$@r)0JjJL1eQ|h;8qNO
zc<@gg=ZFgdyKT@FS^N-<JHPCTFz#F!OfI$9@ood6FW^N62OelMzYK?E++L*Llqi~r
z5L@hH?~7IOYq1hxNrLNJQRt`)E26xp)jwFoeh|mZk~MN1UK_1c1c*SItnf=iNtJLS
zQDKD&0?x}R@v_3sfM)_7$p#WG7rG+9btV)84Bz=ufQf)`_DZ}OBR$-Lc6p>q_S`32
zNO{E5u(g81);-xz!$gR7c%Lp*94!d?C28ncn<IPB25~m!66-fOo;>`NkdfA6EbK>B
zAdc!TX_=t;NaJsnVkKi^gi7YFDmaUM-brD+*0A65Bre38I3yfO7Im{$x;+|PkVqaq
zGOZOYp+A;5#C8AOYd2}@>2R&ryiowRcE!39)S+8z6qXRU5b#PDzLvI#R0wy9fJ?Sp
zzq%rbFU>26C(rggiW^I^$LbQCu1!?zl-wI}5iN^dKZk0{rP@RDQKO`ehc(EG#zTA2
z7N)CR2HJ=wlriwwR6n5J@p_!Pp8>0WP}oAsCboz~3qygBA4PzrQWnHVPV^-h6hq9u
zQEkqfcveybqR)|Y=$EHZMd6flLw&nvg;>DK8p94amn9-_sEN4$Xx{ZJ6Zr%<Q#An*
zd%w=5sp#h@*h)Y))VheursI87{u1p+Gbl;4u)#iWky%w*%Kj9YAhdxM$+N+ChwYN$
zE$z+y8a$M#B!~$!RI(j}pu-94FLX?}-?b7}R!R<)p{xVT&6^aDVUcPOyKP;y9AS3^
zooNfS1z0-+*nn!Omd4fMJ=7O0@%xq^T2;DYMe8L01g|1);CaMULFXtQwPjz3Ba4S3
z>IjOtVPp;}k5V=u?r9O6TOpV}RNP0<<zFcacNaHakX;4nHlmO|ixxZE7W5R_4YAZ;
zh!J30rVjWTuP|GL9i-;8nI$?Zu$MTmv3BWVK#*!`Y;5r|a%lspb?y=i4Z*7zCt6j&
zbci2fDy<n;8X_mY$Guq+QO7F>NTkGnk#6)za2@&v`UQEGsK<e=6+OKELUDFvRc`C1
zIB;^7mnXBm7C1tYjDbQEFh~FZ2hUSlk9b5nEiP503@;v+2xB47;Dni`IDlv^w;D7Y
z2+-%y)+;!IK;8<Yh8YQ`qC%z=P7>T@GRR-FaWsH7@GZj}oF{BU?m277R2(v|Ej@=p
z%b9~P)F_W4<q}`Tb43uN{KB_5hSfNf@Oup(Ww$7ajy9;cNnXJ+DU_rcXn;vjdbU{D
zro7pZKwX5aH>Gzh$D!$iV!-!Z7&-H0B+IGRR<BVA7arRD<q!w~1}wgDBWS{eRNg7_
zNL&VVrOkJvRWG#4eRfDr<eF$ys_JZmuZ&uooa3yqLj(R2)J9l|a^5J=mR{a5+5B;h
zKdM_+8U(_o=!OTet8ylt@!DuwtS$zym2Bk2<e?VVp2n~0^8=c9zHK8&4|U<^?6ujO
zWmi~S6f6#CA!&K$81rg=dC1Nv6#1?>aB7?lcXkW9ik*?VX#fr4BV+YLz6INK$2MMW
zuR<uUheSx<*bcV}q6uRD?AF7aC~#M9TGm<jiEKtPE2UE)f`SgJ5>bLk7dKRklpR@)
zMQURli~uONR;4X&QCu#(MM1_a23sfFI7R1-$<+a6u$~kb`&)-(zEoW<O$m;D4$E&B
z^0OIJMOsuI(UV8`w1CSbEgHQ3Ippw;Ia29=j_G96)uJf2#Y+y53rpEjj3@+>R8U?p
z7G*;KCOy_n%e%!8smM&tYl|LdGtRIhXIL8b_CAzsB5<KpF!NZgWQb-78ZBEyp@Ht?
zfDN)7OR<k@$27RfslX0rqX+&UJUa<8E$|7kMATI#cKOih*laFaz7ES$tV5WJb#PO$
z4m&xvS#nrDUmZ@XFlpjZA4i}EEVN46fN6(`5{t<k3`{@3;i_Y(OoXl5D2LZnBM1&?
z*|7C5=3ZGAmLcCT&mQM9w|Md__q(B*JB8w!%Aw5(XWVXSW#h|iOqoPMa$|(sxF@MH
z42hKiVZKtW$=3m!n<9-*Vx>dcN!je<A;y{BW%p3Im>`#|V&ya5Glj@BfYe9;`Dt<c
zz{G7<Vs`uRtQqtr&-iKE*wc6l1Vk;|k*4OkamUVCNa>x1$<hz92HD07+oB|I(c<R5
zxSG!~z>Ja3vRxg_m0oL`e7ChKFHvwZ7_2+{WHm7q&`LsNu<3ZW+-UXXU3_?_8{pc5
zv|snqvy2_SDQiy+w!L*r&py6Gz498>na5GAg#`is3*HSHRAO5kD5|g)NH6ex=ojiv
zXVGR&UAoRLDl6Ci%6;KB=_YV*q#!Id$q(JF;uIuAL57=`Y+?UCx`p{XZ$bWN4<hAp
zvNo>n?2aSU&D9u+<~LU}>yk>cCi_V7XD;W$njztaxI9vkPz}-60+2DBK}D`c7b153
z&k}!l0jMA#jTimyX_737us5QTMQA!D=#MX*>f@Jiu$R*WTnwfJTo0DhVj$$s_k%&R
z0}q1-zym2e_lK{I>0wkTs)(6|b~AmD0ecf>kP|(Wta_m-F{7P+aGVGFLHHT$>l(}B
zo-Op1x`2aV&0P=_(3xyuSa=ciC7`XbR2%5vE%i+<Di}zhXil(j_LHwe*MU(KDU{ex
zBZ310*sD+`yGVgikX3hDRcEu!?iC>WUPvU!ECfSpBawcr!wmA+NbtayYo0J&7ba2E
z9!i^lG(wXke{Yoodyf(kj|$1`3U|pwy4Edj*@}wAZ(AM-Ge^z1!~NDG$|Pak2r{RR
zBpbLy%IL%kq#Vxv$3l#x7zlP`@xGu&m({?97V<DotQ_yc1#^=9bz}d)CqMp^+|XN9
zM}GXLvhwl@C;r#8%CgE4{HNjglt{>?h#G=aI_nW&lUxS~*ffKnA4BD(p$aWjQ57n$
zs+exWYr-39w}84xphSiOLE?dd`xm5JUWoSu=aN%`$B3D=FH1_6FZb~CBAcDGwkkX0
zDG@mq$ih)d1{S`pt=O`;=nU!TFWCMgVd1e4O^@TG5-|}y_TPXI#J?hq@Rp{#lcioi
zNj!9p$E{K<DQ~yLW_k~(?l|#45p-PFqo!z!xL$Ca>^40P=Soy^Yt~JOyR_nao*4%Q
z%$gjTZ8vnuMrT(6kVjno;OIGNyR2c)zGgZya01PlF2-3X(T2saTDIA&ZvIR#Bq9wr
z%)^M~GLdDlhlS7M%Lhzq(TP+>%u=E!7Hd}E%j^lm(^~})h7h1ua35P-1g;BH3WxH@
ztQSqB=(Vt&%8`dHd$tuzIC`431>^!qCfnFcews5bXgOPMrC!j*cuO;8suYu{Bs|SH
zQ7{}@BT&gClOtH40c|W<Ju1>=BbJK^whRYaX|b`C(u9r>xA^^ny$J@rrE_3s&P3t1
z^;#Z{{%^$D_`mS!=lsX0vs=pm^mG1CEvua7JpZSbO&K}=hvPGd7gLhf(UQ?9-f^GD
z75~v%R>)6G8)p2+T&RvJ+8Lu%1VP8eCLG*QA|9eLwmJv)p&b{|kf1-V(1f}f34`r<
zCQje16HS^M^AwK9B7;B_;-LHlDBuo(70_J32P8z|=0Kr15D<eRQnlZcE#V@|aqu;O
zF(PXkGU)@0oTJe#9*;`#+pB;MI_zO*YDH!>`Y+o{L-s{U?*-#MDI0UPi7X|3<o=8z
zlK^k0DVml@bAzE2ekV*C*(&a$Prc^MTG$Fu6Q=ZDzem^)@~b$ducnm2pysUxdqlnl
zd=yWCrRHscwZgx#W~^RAP2-P(`l_TMeZVoKhy<lT{6X*dqMCqK6fG%gFDW`$D_U4p
zw79CMSzE9eLPR-AAs|NCKK_L@O-vtSrzs^!ORaw8%>ie+QWa^e`^ghcAa=f$iyriw
z&(uLYqU56okdH43%EcGNpi&f}GY^Ypl0dgbs4id`L6BjDXdYy;ViZVkA~m1|#HY!a
z+_@X$sY!nj#!teXt=R=%qd(I(YFGbgeKr)P>`Y=|IuO6aW7T2Aren>$>o}a6eFSi)
zx@Yl!L#HxME~Sg>T58x8qSHQ$jtK-Wu>Y#*!#h{bDa7-H>tKAvv%2*(TiEGzvII`t
zo@#Y!g{^0`mr?WC#R1J`l#Nk(@=X0u&AnS7?CinYtVzlXauzntM8rU=7sXhLGTY3=
zXw3bNlf=xnImTdMwT+GY*ViEg5gvqAYVS-uaKr;Rf@a!N0Q2JGKf%z<oHUdD5B7pH
zy?z2r;9$%YH`io0IE)`FE|_V6K(?x~jyiC0z{-R_gx1!^r&jTYkX7@N6bjDAj2*Co
z_Yp_t(5!}eI{2NN3I$+Sf3^t-z*U430vh36wQ7}jEBEmhZOJG$QS3-%E9Pb)ocu$z
z7V==UQ(g%6MJel>BB~zw48bSw{Xdr6YS}-0^56eMWtEjv9rypKQ>K=W-2aE;GuR|k
zGBsL@-kpRf;tKFbBIO<sg4P+z0z&0qOE3sWxCD0KcIfe*0BS4f9v=V-2@kV_E96Tp
zZk`woAxnw?*8bJ55fk!B6xerR>z0T|AeAtX5#bT!b0t`UVxpwPS&$d`U@+(({1a3)
zQi>)t8(O>wy1+OE)*56Ty(lz~MD!$Q!x9)vGnwM5j1EJOvGsD;grl@su+pqov$dlp
z6w6VO0UNmb!sEbmNE&(sPhwJhMTPk=wU4UyfsZIZt^M|xajM5XKjhVChQR!hXE=wt
zgqR={DVFO4vdinp%1dU>?l~1F=xVJb<mv(KVuTM?1bKR{bX;j+mRtw1Faw%FW>}{5
zUl9+1;b3hdpBOakBC(F(=1fg^3ij$8oeZ!@4=XwXKzvfbZDrDA65ksJODc-V-L3;$
zh}VZyB1RQ=@@l=l<ttXKh_5Ja1^i3ziWNm6FRA`n0yAx-LHAO;B2^5GT=9zH$;Ip|
z#dS|>hgsXV7!1`J^TQTTB+WQIM=dK-RC-FW$QJ@Ct;qBh7n#NWnHn%rw8q)i9V#BR
zB^8dFF=0EM7DSirH!;I*%N0#WM9$o+Mx=<!f(Ehi7HyDS5J0NR4i>Ji>iADM3a%1I
z6-~eh7jxLz!QK{yv^lfU9o3e0*7%~5qLK*{AjgCW@O`$GOXk6qXwO$v1X+rT+>%Q>
z7H-qSC8+5z(%=x?lISPfN13=Xkhr<nCO*t8_7t+c2X1kUM3IFbcl$}Q-IE0Bonl7|
zcmS~<JR%WZk*Ixhd_}#J{L8f!>DEcU>N$RF?i^??*6b&6QV?Dmq>R(rQ+jwM?K)vo
z=|i|lwoIW=%m=}O*tX@_sSR8xiw>dI1617e`GGx#V0&!SvxPSk5jQxRoWVDeAwy(~
zgP_p89W(&g1c8;xn!<(wsYo>^BRI&`2`~r2Q*Fhmd$P!6cTZ(Q!g%@#EtOS)WwBM)
z9mc`QT@Gw&C94IrS}10}BdJYhH!6CXbCmrS<)FjbheFt)y2o1n8R{L>fj4eHhw{45
zN|ysXJOnV1blR|qjAU>nI3}z^zhh_|U0V>V9?mDg+!J?g#n6D`M6=U|8@^No50d67
z>JUV<xrqeWk%8hL74&fHcPkMIm1QT8K`c1i7^pF%!0FV+q71$dr9BoERA$7;&Lt9#
zbb)M%b4u__`ezSr_3~iC5IN#p!m##X8{jyO`8>ciZD?$fn6+sMma5v$VA`c7$z-tc
zup)WkHbE+9kg^c9lmiliOH0CRoB6Ixd}aR<97u)4f#P?eWnnUtVyv2IiqpGPmSgoy
zv;aG&#$JIrlfjMyR-61;z^6D6%PAq5U)Ui}JBZ}V^cJ53mb}*4OJSAmRoO9Axsg5l
zC!kgMsaRX><n|=$9iknsEUb7`EEvZsgNWmHs6nvpQ3jhE<(rPhC_wK4yF&G<fD+N9
zM@ZpfeY^t2OnHl72%H#7q7!OiaP4%61(j+sQh6qxbIVw(Dhtsp0Ob&ejF1{>2?6T{
z#o!8hkPGv`OhxiT9sp{DHI;HWIEAq6du<R3*1kxwL%ew3;$ScfLAwp^-N-SpVdMNs
z8{ORbRb4^{7Mkh<F&en8u|nVf@8ZwA@;^jg*?I|Je)(T{dHJ*~`=3x{Xhi-u9G}4^
z&K&a6jv!60ztXBvPa@z8a7Kx4)vpsRUy%;U>;whOHZg`W!5CIXocM8|ZJJiY$TT~7
zk$f6v6-!kp?0YEIDtq9-`D5G;dzb|)#GVOUp>Pt=gxVr81K@qyS^kxXw4MlZz#d4O
zg)fu?SP0TOkcD{pr1ADf6#Qb;*(FSP&1jJmb4V>pf)2SCMz3=eCjp6|K=<&9@||lW
zM|#UqiD+Q)(Hd9zuAn1dkA&A@?gdlKZsbPH+n*trL(D5e=q4zhixt9_;+ba4h5N}M
zV%&BoIgA)vUi^m$&8w&5*}`4^G+VUmYNY0f<QvoD12<dC5x+Mk<MVbKaRjSMcLmv3
z{?JI1FTb>7lOrDFud?DS+b00+w^jZISZoFFsT(*PkfW4B2TE}JlG`Db+YW&tfYOj<
znZ{xM<zvqKaxh<5y}*EAaHC=<wisg^DFr$}(y>fdU>1Zt&Ld&SXGbShn_|le3>E<U
zTSQL`B;@34L*xdgi7|)?q@?%`Jx3uWaeZP$#8?2Jdra?0+slYcP<jHX@6*%LAy_uv
zL9{SCGKxsuicL)=Trg*L39%`x9_@5e6vH2*J8equ<{Yp(>~h`M+m1Avo=5c<L{O7)
zkU9C5LoH?=9X{}-WGk~Q81c05TlfkVf~9leps$KbnKdwUQKI6xz$D5te163MqAj4T
zRSEH<j(b4!iX=s7Krz9q7({5^k`iw)C=0Rq&2z+7?#AG_WzcEC0XW?@6slTW`hqe<
zk=xf5O+jj_PvT8A*&0wlVxEfe>%QfO7DbB8s@BQ=sv>hT`?(^{z843qAV}Ejo^XsT
z5(N~WKr$kDW_ZJES`JU(-pR6%RiZLJJdNE!nqPC25x{F1U?k-n2#x1<fS9CYXvDmO
zOisB$tqw>G5A+Fzk@*NlDzJH$IN*{*P*Y$Jf*R(m$2+~GQv{L&7jdv^O=#VK0DuiQ
z6?h>(7@>(Kb5yHrw{VCz#4^e$me;Df#)Y7(Taj83hyT5>vu4#c&7QSr{%rBDL`9+*
z=ZKI}->0cT$=RIxm4y6TFvy;30#4Z?0X|keiclqd8mk`JH#y7F(K5#x6~bf`Rf}Q8
zC_+|NjL?;ZwL-K&tOdNm`w;d#VInM%yzTpmIDl;sqi<4aC+FOSGGLh$@XW{CY;7l{
zkT%v27$&~#C8MV#@wUp0;dI*Cg=`?51xce}RCqYvvW*HhU$9xtYPLPAy+C=q>Mn)y
z(RPasD=P)7TMmD%t;j!oM@j>2ZaPiq0Qpb#px1`g>Rl0EY*1pC&hwE`Y_3JDBWPQY
zq#g8K%$6%%Pz4`htvIE3W@6z~F`s*sP0%@zZ}-STtnDN0+^h{D$aW0ia{10usCnLf
zBTAzv+PU_OT7!M_s1|j042=O!&5HQaxJ1=ZX%R-Y&xWONA6=LU+t50g8=t~b`CSGa
zUej9}R3|8N<nfoyE>R9arRgyqcS63!o(N$n=g7GeC2?cKVepYu*&Cl^xBS*{@?dN^
z8WhAihY)NyXtdJh3W4G{Q&Tnw%SNgg%@{vab?c4Mq0~1SlFYVozCzPy<LB%>&O%{X
z%o$xAH;Q>w6xCMpphx<uh^|M$_O;8JW<*aQR2H@NQo46)s-Tf;-r!M{h@(k;Q3uZ6
zDGRE9K>GyCHg$ca1}+9^)~GVSwS8!z$O>|T(QMt0${HS9{606xq(nC;A$T+ozP*ZZ
zuNP}Mb`cR2+(hJVt40WvSj3ugLY0(Ad9|{?D6>3=1f5#Vw~nS%kY(|$SyJ<AtM(kp
z_-#ynUE|?O++-hs4jJ6*h#&JD7e&MUk4GH)(}R~Rx~I#t7c}uu2U{U<P=cb{?Wna*
zP|n9KXQ^9>j}hk|9YeOmhzPDSS3+Rs#(MH3PM%YNP^62ayhfs_Q6$lwV~GWjd4yEi
z(a+S&Yk)g3rSuLxrN<-O4I-_g$FoAvz>AeFI893fioo(wVeB^_Vx^&nJFP@+!X#U2
zbvR6h%++MojS~Z`EfgYyd7*y5a>5`vh_-w=WNdB4pvGOg%BktZzUfhHufQ3|%|VD}
z*LO&c&!B4p+(r12<uihMFd&XFsHYg23!@#Bm%U*go|0OQ{9x`1{n@7!pd%7!lqUSh
ztzOA96wt?j?xl4!tT56+tv*f`QvlTr5;-<7IGAi?y292)1!W)nwqoYq##p&;rQXN8
z?YCos6C*5N<0$xpT4U0-_e>fD)I7<_r=EyF&oCCynQ+WZWX-g}(c`f@VaX-q^;lgg
zrZRC>6+AAeefk2*u-HaHUiRc5yIqnNBk&T^W}=FOs@^Z(p<<RJVMjqtp(^bOxN#ly
zDj(k=+p?v62Q}X0!4dNa-;jD_lNQ!aMOsDQJ%y_DNjA|5E~fqxvMl_;@>|joMTX*o
zp>~>1sTxeY%hObHr!v!GeJlxu^RDYtOr}ICyWLbF3MQ?S*+Ug~@?j(YPeBDt3#nET
zNuqDKi_~CL)H3U=<wv0Hc4%D=?UmYTf-H=4_JV1Z@l=6Jv$$OKs8<eDItFa<vI@mX
zE}4aa^9q(3mnbCbqU00o9CeP1yd8r_1OW-y^5wAST3adl1X?Fj9!!bRNCKMTJC@BP
z)ywenSdGw5DIPxXn3Pqx4}@3~bxbzdsPd_{JjcAXHocCN0XQ`{dGiW2j+Gl%xywi4
z^@+NN;|^UK<hC>K(xoUXw~)@-GD~T;l98%LF)TFPQry{sr`oo>np?>#g0JEVVmsDe
zf|CY=Ni~{3n+n)H{6uww^O-tbXnBV>1DTwj2wAgGVAvs0<oyWg*(`P;vl-a{Wv1&0
z-^@VS;Fyqk0$TZ@p$b1Rsqh8J`Sj3?a&cSXWYYRxqS+91;ffolWlX06wqB?lmD$TW
z9YjynXY#7zNN9E0cBCld<11cKrb>eR)F3O|yi?hkH33%Z<$~g^wnIu<@2yLlc<j8D
zX5m%ZQVn5Xv?VBl1X6)ZpGUK?m|Nm&BauW(#4P}3P+TdHDe-c~Mu3WPDX^+ku&Wz<
zP4jEPdeJYW(ltt0bi*_=z&sHXBw|LpUJ>}dW;@t7kh)20EUxW%Hd1bJo5&7KJwz7c
zmfGG)0T50WryqGTG#JJc1FX2|6gdpu6f03L=sj#Im8K|1Z2yC(@^E|&3bn7D01-X+
z1EW)B@phPHw&vUpz>$H4#4^2IYeqL;#{I^OmAY16-|W}8`kDwfsL`_8#q|P=qb<zE
zi}lM#3ghP%+f~zE4G4AipKGlQfvv_Clvo=)2?as2I$cUq9ocgd^Y~S!RE-+l&$d!`
zm4v^fXPg*i(II4!l_Y5e%H8K(8W$U5u^u(TS_^Dfzh;Z~$i0?j5#T{vRMOkqTT}vL
zS5%S#F&nTbQLmIMxkYXw8gETOK(iJy(d(QQ+BxzfWXY|{vhFLn%henOrx`0<x~e<o
z#U-0B5k?QT>XewxvaW#U?4aK%d0rYfGf8$yN!tdzN@F(_rAGfZ3qte1`jglG&obQD
zDkH%D@IR-OSJ>_U%F99(Blus#@)^|gnJan_1BJ*rv5dkNJJJ<KNn8#$VB2y-Td^r$
zi!(5}F*+=$RJ*C%c2c^FVTomMHUti~wbF{+VZojn@I*+r)p%0zR8R_`gI7jl$#QCN
zh7gxlIaWO+P>u_~FLohRJvs()NUZyzxWuuR`&B4x;15U(n-w3NHJr3R@)pOQ$eCwf
zAO)QMGCr3EhnG_nRS3^jL=&nNj@=jn`iK17rOn9p%M;f}y_fhjpGb>{WbA2nj%cC~
zE|pwl+m6u(O!Q*o2y^kM)p72lE8A2;U7Sp9k}5`wU{I}Qg?Q7Hm$d@BK{-o!PU0b8
zka!NiHcN~ju@3N#<+VM>tc7x@sA6@bq|gf4VZ@z@g#lfkJ69gYYbypG5XJ|sbtyyc
zUWa7Isquw0-uCXYXZVs2Gyey?_(Tsqwn`{HB|~4o>`HwGa{hjHxhEIP+)ec9%CLzF
z{oq@uC?HvRgrB#iJW<~BpD}PGAsf>3f6BDbw5;>LvSQ@?ACAwU5?=&QO9`PW5B^+&
zf!}%)sg)*S*r8OMLMDh{u93coh@c=ISzZANG?vS-#mFsvO(UwypszL#!nR<)7Hm=B
z!A+*$!UCM`o-R*qmfKFlY{8BsQZ5i5{HbaMZb?anm>sOy2A$=QQ!LeqDi^^Xa91^e
zebG$_5zJ-j63tw}yaK(J<RnC3VOu!3>_BjE169513>46Zxnzjo$1GqBcGUZAp(ay$
z?%XMM+h669c@Rg?A;-o6jApu%nvZ=Y2lar4Ol2}<`LvmOvMmm%GRc6}hUjX66&S>o
z{$t-!9N|NE|9BK{>psM&#Xb<%K$x{&?@THVOVQXb`s$SyWKc+wl>9g*%3GW;pLex|
zf&h@<EKM+Ia5N7<a0g{>%rNnUUa9w)A~AeNYmj#CS`8M80b!0#Ke&}O{Lmz}0vS4>
z6%^19&^Zgs4IDT>v0fq>{fmD1q5zG@nqpZ6wt*VnSMnKBZ~<)%3Wp7zOX#uS-STwn
za`rFSd=N&yA_5oI|M5QAnAzGCIk@-&M^{V)`&Z0^W*h1@9!y1&Huf@&sP?#e*~qaM
z5kAPQcv-aUd0R)I%?z~lND74GMMKcm;lp=)fl!r6?%AvKgjK_`<A~5)SwR6c88Zr%
zqe|Pt8KARi);hFrmNSPcIW&vNnm=xZ#Qw4G1V6D<9T46ef3Q}F!AFzbLTrc<tAN4~
z!ii!Hwj5E3JY#FGz6yZ&jkKe=%0gqc@`kD-?HD$(N0xi7R`cb<-ymMU-|8;wKXxWh
zpWEWXFE#gC5PM49aOsqoH~w}xj1hT>r&D5~P&LwAt;nQQL?E!AXzk2n2s>JiNe9$)
zPWr;mCgJ+wp6lV<ZK7lYYZRs3$^qq+h{h8RTpLmF(+X(|h(#invzmrSZp-RR(GfX1
zLZoI(7l+%jOzD0b?Ox-xa7MDubFwFfH&Wj(ug5((PbWcKSsKz!x{_AsC>+7M-y?*;
zG854kM<(Gp=gUsd7tz2okh(|8sjc(Zt$&>0yER>{!ar0RMj1gxEYNC;V*uAiyaifM
zHk<$N=l(|w+mOb82vt^2smO}|P%#q!X;?mkx>%8z5K<pEr;&o*NDT0xNHj{^I9en*
z0tC6;=;RW_`&@ZQUg*jywX({pim6rX*-&5TVjW~KM*hO=m)DA#AU9@Kz$pGImqW3*
z54J5J=t#0A2jjK=eTxU4w_oRAI|$`KU4ktTO6Seg=9Ap!z?&3)njpx7OKmp~h#{V^
zukcW~&n8%fsc@YCHFb<gMgGR{3ctadM7Qk+Bot#V&G7;dPl+X4X~jZRU&hcvCPiN`
zQMM>w!~h!tLB2$5!icR_SV<B3DV0d1dE6&pc*W3n>k00;uT9dXmVq3YeeE{l&?)H;
z(4|LKnwkL@U8BR$Q^h7<53b>qA$6Mpn%by^Qs$GoUxN+2_t2u~<O%FvDWs2fi*`Z-
z3oBN_?P0jvgPE_J7=TqK2#087B%D?#f-9h<DN#XrEpEM$#*en%D6Cj%5k{h62f7$y
zw!5PKp|KXS5XCol6b7*!S>WM@YA<J-e!qykYPnbO=W4KQJ)B~>Ox2Nqn|X^Nb)A?v
zciQsXaD|9s_(V<!7Um_8AMS$HC4F-^m=Kxg30^3rIJAk`ru(VWOGc{BK=^NM4%?b*
z$a>}M2g{73Wi2kCL7H!d_zclfvNzv!EF4EShId^-gDl5KBTBjvF-mBWOoW6@E=6dx
z+!B+lSE%t)bKwFlBpoKgkva22R&hZ17}X{!Wle#&AMxQZhR7HY1I%*Q9OsO%A!plz
zi#F{@gNTSYe~1;Lrk*yUvU)OZ<(D<Qx#4g3`0IQc=q@;fwv>win2t=l&`)P8&I$!B
zO-uxq3*np$6h48642UO@p|a(zcf1UcUyAUYM+XVCw(MplL+rvKnlW-~%}bmeNPvP9
z%%awI96y`8JLb)zn7$#q(ZYcd215ay5Avtp>{+HnSVFFuCO8w5RTUkwEd_YgNNG60
zKtI!@!sfNvaq}=G<Ewfnd;NryM-HuC5zow1Xk9gY<jkk|_WCuE1HO|*wt}@cB(vCr
zjDe|99FeFDoI6yb9if=s%E`i56HNtRjwe8gkCzG`m(B@h1Y`3Gp2Dx9EyEoE=0#ow
za<Cp4))dmBDGU1&B>2{9;Swkm2s|CUmaA5qEP3@=*i32FAk_`5Gvqwuw~P%eF+7(v
zitY$eBg@1)BiJ<e#t+$6c02KSPi<O30c+1_stM5Q1WW>`KNuX>Mgs=1h3e_YYY_9`
zORJ|}+V3WOwC-2wVID&zOnqlG++WnSL_`unq!6O~L!y@uy-h?!LJ-kA5kws&3<i@Z
z(MgD2MxxizyBQ@+^xn(pqYs7|OnW@fTJKu#hu^xNexL5S_nfou*?XVB{xpZ)X*Tiw
za|`d#FBK8{h4uBq`}?D?AK|#Cm0V{XH)fB=9tfE-<z(?3iZQ@GE%v*kY^qheVy@4{
z^nOOI7JVRYy-KTG5w_HQ|DkzA&+L90+<=R*jhExG&EE;lTXkxVR}kjZp<JNPp`AAB
z9nWEE!`)5&kxc_vLKjLin~(cCzg=mq+Y*S4EB-OwENM6Rgbk2u`5_{s!{K>OQgp?f
zn@aGlf6497H9fzoB-29Z$K5A}ot=wJ%xRtI@1`_XwYMAkPk=k#8}mzcrUrLJ#MV@{
zjG7JYFmZmjz`Qx^?xn7JRPdL=Q9^p6TD0b;0l)r|f38g;F=~ZDMT0fGa#2o{`IdG?
zQnW}vjf#T_r=#ySF4^PmjCb!y#DjP2NmNvi+j(U{=W;YU$=Gw+w&dUc32um*?@jpC
zyG08`S3k|vI5{Vd1S)af<Qt5M@v@2iR#@p;^~QPJ@Vxii_s07hA0F!nc!oL<9dv?4
z)an<%D*yM_1nTq9t@xwiwO<t{EJAvDyzBX$CilL)>#@_ab*8^*u5e<xGQ^Qo^f&I)
z%QRQ5Say1+kk-40pWRe_`5$Y|E@<69pt41+EUGe}hIHSmKq=#o68XZr8_;jIn2u>5
z(C_UUPTub2gOPP)1?WA9_$bGX*&|e8>=xzw+Vdi_gwgPP$6Jv$X~51wnnlz@%m=o~
zZMp^OWNDFv9~?gU(CUNt+cG3)@zp1GrqU5&>Z*gJDNmlq3epTL$R-U=3#ENdbqnh|
zjNiUHX2*SQiMeObW7Vm2*X}=Yy=f_TAyHVW_$1)fFVpXh=w}wZORWzKc;MCp*iVfz
zIg$E9Pt?@le+<-0{~JpAqJ}x{pZWOf3Q;FujHyBBPWleZ*w0KFo=mnheN*m0oYUtx
z6KBCE70ZVM-Bb?2@oG`8c^o9ZM(s_S_O?y0c5n~ftU7U1Q?uKk^~;xMZA~;e4sxIs
zG2~-J4ooDP_dH1GqY3|e$?p^Nk6spSvify5lSk;?A=w`q8r54}$ossE`Uv)>_5)v4
z`^Uozk&gSJ-gbTMPsh&KQYG~28d!L9KL_8etob^uzqJOk@g&-yE*@%5mowHM)m%kA
z?l6@!s%3smV-348r)fzj=bL08Y7~m6CrQG(VdZ}(`IBlme<S2)S68N`7H-Lg%bEOk
zqW)dqzLO@&o!m(kr8>!U{kaW!B%)?LhPJyq)b0Wac766pHNw7w;jy2xdo56lYV3;f
zHR1cmCJkXxPvW4ul8u=~c2u>}h!c<YTd!Wewto@dYzvor-|p!u?ezV@M5P6K`Hl*n
zqjz-o?ls-;{p1;&5ZPZodAANw@st~t&mQ~d6$Ukg2|Rncu6@&(?{gi&t8t;|Rie?&
z6F+Y5^Rbk-<Vdd@ksW^~JD+8Mv33|8Rxgg*`qcGz_9WPr-bbY;<=!=L7jK(?nXqv-
z?;GYIq>`Oq`(&i*+TVfNuQrj~WhSZ52CW^FS3lUW5bkRfba~vC?_}`?IKMS&Uk%G|
ztjojBRT>|qUyE1N7y9`<uBTVs`HqUHKm@Hy|L@d~26KE>de@fN<Jo@XOtg=J_*hdI
z5u5)_<iFSRd%B$eDL8T6O>-opvd^V5L;nGCVZC?-YCWRBM72})6q&7WrX%}OaWZTf
z$dBH(wkxQMOb=^xoGraV_w)8IFYlS@K<tHmKsAQ)pA2p9(emWzFbSY9EwbK7(Ghrb
zL}AY!R{pZaoESH~e``gORggZZ3U(=BQ!422dGFGqsqn-%rPUkEEK=^6VT95zPqH7-
z7dSZkApK6D?Y`mIFYABQt+8(;JCKNrbJKgkS<2vKI=Am?ip|7hew}-fN#EV%x%5ta
z2cNp7CDZl4>fcx|YcfMPAG{RTakcFtUeLH=cUdM4yheBe4vt<7%)1L4ZU{U%)xY^j
z3@Y_-FEfT;$C`>bbgioKa(ZY6TEdekm1!(>_@KY;$TafcUvH2}`KfdH+`B(}WgHq9
z_F@;cflm{YYbqw7$s6ZH%35LunHC&-wmdP)ND?be-8rG8O4L;cgpwJNNEM3B*wO8x
zb@dl&j-R6pIZFhghEjITJzEeBOsMfQh6}D@(~c<yo-?8Q)d&Aw2wfW;R+E&o)BWr~
z3W&LB4tgKx6`jTG@jQr6i{=pYdeGNEh}Yv~F)!P1^Bq1gMRO0XQc8_Gs}<1mJcj&^
z(m<18H)8iFHs^cK;kAnq&kJH*6|C7c<b_RtykX5U-F?TjozsFm(jXpFndPWA-%W3L
zI*9}>evv!S{3Hp_nxzk5TGO2oVJPLE;ICi)biN0E<g9sWb3AD?rT5IbSUHBI61jbi
zeDaKuQRr6|NaHhA)9;l->UW>2QK}VPXN~Xf^wu8T_-;*4=gof2m%pz1ga3x6<YBM}
z6VK*`ma1iw>8AVP(4O+Z_42<tqxQG6rWH%9;^sBPRi@m3O{WWu7JPptc0E?~;JSi<
zvU<0rc#a`#<m=5J)6}L3U%n`c_Y4+1Grsdpm?1H1EP0|<_yp|n32{)Tbi7ST)S`5J
z84%_ekiYm%IrJEz^a&*C(bWos%tn|)DIOP4XELqctqCp)Ab-H`a&ScKQ3r)RIX;6(
zt1Ba<srq}YdfW7~lR<Y(iGUA_vyP@zI`S$k&cmYC`p5G)&f#y9Wii#24p6@sXJl?f
zTjsJ^HRUQ~JCr%Tu&KB{t-9eG2~;Vx$e|Z>6<I;l7-KZR*+PD-v(Q#@O~^0nfVlhI
znD#Pci{yV{tdqnJShD$F-0$F$-Px~Z8})r${LPTCAv=3FV9~2l3TjROq;JKBRIN<S
z1$7icNmd=WmT_{ai_`2sGFKeq8b##wUAL>g_flTard6gzlufXTISV9&s!@Oaiu4Zn
zZUj8ay|q@Dvla>)xcZDP#{t~)<c`lzLuSLE&qV{nk0%9Kx2B387Bj^@`LI{WG#wI{
zmsTsKa(eh{@@F;D({FRv6zlzT;LBI_L(TW=+_hbs^`xj$W~AsyfFi32-YlnD;{#jy
zf57CTPyVcVah2b$G#Fqm73X7HHY?|U)K}))y%oq!m8h%$C^YNh9-7v?_&&rTah1El
z`~7z&kx#kFu~+{f=N6*5#|&;qSD(jvltzhOrGBmOSt`i2;^(`97+<zQAD8a{?Af*V
z?5YyIqA!z5W1Jq26ur_-mKwWhuK1DOJ)A*3l^ITTk@5M1;e5H2FBf$g1Hx<Zp}j<A
z+*gg66tAGwyVN1En&!!Tds{Z5eG7aYQ3mZPH3GMX#9I}p6tC6FhO;oI8>CuMP0G0D
zUS+d$|GJhWCNpxTHZz|0Z#aUGZDW={9I@4=!b|n%+n8myxT%J1)dOvWRIU5_*Q#%I
zn(b!qz@6VIeb0EUm1=kNGHW=GYC|k@$DGsY^su7ixu7_5tp96`+k-OcH_hx3(X%^h
zAu$_v<&^_>?cZD3<(>C6Jd=KBX(DHOtaIdB6qHd+1HRVy&|>?Gglu6+?XMQ)$oH5-
zXx-fh?GL`#q0<8U8AV*P_V7v9`OZ1~6jp~6Gw&ZM-eFnF6=rsl7EUcwnqy+TP7iP2
z-@VvXj(x4%Me6OQY#(KJSd$LNp=3lrx*p|uU76=KinFouSUxSaq$Y@SrG}?<l}hiu
z@5$kf++@U)SFjH}M~8<cMQS&^RIN1|sQUZ3PJ9!VC7vu@JC!vpO6Xe@`xhXQ$S|Wg
z=j#-Zy)nnze%v|AFY%1o%6je23)7~6CI>^$dWYoMLADMuz4PATZV_(o5?7zSBj;e~
z=qr7VZC!Nc$F=KM=+%szmuMb7m~(Dvucj^S+TXg#YKQV(=55QeSdyAcry4fY#2cj<
zG%Z&<NX!OEiwy?an_`j$6sqrvysVU}t4$p}c=vbZ{-?X$ttwhRIaJvRH%0hMj6dX=
ztCrp9x%!2@rhD$M8xNaSo`aL8F{`so%fHZX!ae?%uYE<qS*4N{{X(WBqFIrFJT~g4
zQ2y*kuWtkM({0{l#M$~EN(|4t(}(_I8QAiQTm%6@M}kV*?c5+;0#;>m?knMXR5n1?
z(;m(7KG_y!k2~tP1)k5)V5N@FYAz4%T>EvGorx}Z(!e3=1}$V_5lI$A++(tBK29VJ
zSCs7#K7+3XdH$w;^<g(IKY?gsJi#1&42#r$U)nK!uyy|o{f62qRbt)h$<N!W(Gk{1
z&%>i-j3Iv?7=5{4)w@q(`-6+%5lx7A`k{3x@J9Kqv3<R0E}}daAT=^0l;=+K1{IxJ
zWiCCG&i&O5dI?t1s}II#!%Ix#hRvi1Bx%;TG8dlz((}e0!`I{w=`?;=NC!V1sr>U}
z8pGccQStH8!9e^It1BH9UmLZU_Q~S>^-jiscHIqh<-LbPW@q6RDh|UMkG4~lGYD$#
z9wHuhgGC1g^CfFE#KV!#OO=@R$LAEP5+^-Ja{j#sJgvGW4A35Ri7yz`D74R&Iu>r9
zNTxY%N(;=%4)%Jk6E*j$TFmZ?Pd+v;%|T5$Tu}43_FOd4N5|vv-(x!|r;j%O<{8SI
zohpDXhpXbPY*TtN3hJ5#*Hq7%>phMV(vt-q2OwU%m_3@27h`p)Fll-Jr9HjpVXj=<
zkh)sUH@`Fkefr{Pd$2>7(aqN#1(H2+7()PfQU^}9ineKgIA1OIBh1bkKjB-~kT40A
zGOqM(vc4tSenq6%$Jov7W#7tLwDv`RVmYUp50A_@v0~ZJm7k6br4snLsaD2wQW+oj
zeZ4#5CG_O0#iy$<>hvE5ofN}ojQ+bUUiQ0J;U3zl^>X)mq<QB%EUN;pKeNb`F_f5=
z7L{u(4(jM+9uS?W8Wgp+wD5A(BPB48GUWef=hV$+9sk+38d%xAa&t5aM%W@!RuiKs
zx&LvlNc&JFGgeU`McihW2ifx#MM0R$h{PCtwn}uqS+2<R_fcBKw|I$Ht6HCJUPpEw
zy}8P%)-`%9%+JX_e)czW+)Lrz+kRO)RnI~<_NOEkZEn!c<T`(yy!zGXx{$K{m#fxZ
zZ&Q<&P0YRCo9V4p+Y8LnFhAC}FV1}uE|AKnw3N$l#U8-F7D43Htf+YMX|^OU>U)jf
z(;NHOK$at3A^x<@`iZwe-&Gn185Fl%xD&OjfU=xrz3<;VNJ;v<^jYxd{Yr_AB}Fk+
zOUB2IY$JYyY{fb1+&4<nQpC_D3_q=~ez(45y?xG`!$Cehn`Kh09N73F*ZEw%d>~-z
z)HhEPB&oq9)Gt>Z_kr3nNk`)TnQC27VZhhL^>dFm*;$W0W27Fx{PIF5>cU|TmEzC_
zR4X(O$-*9T5i#hmf35It7Z}3jv3A4>Nxr$e9JCJ+%p_as^%ur0BX0MHyZTE~C17Kj
zUp%g+5-jBxf&K}z*Ea|)=_|POSc`cz@=l#q=}B8nL-MLuN}jm2%<F5k(ynUkFB3iB
zt?JEz6*$iSpX+}dbiglZ7G`uUKtV7H{LJu0;gI0|(dmDjhDU#WThcO31|q-JJj0aX
zCR|+T5mHau55nE+_{*>0Zmbl6KFnk!DU=F0;U?8K*`|2U|52=XvId$cvsS;pF}~y=
z?NR!U1+>XPC%f|q5~VVraiQCS_<Ny6sI{i<k{NH{t`==-Bn9@o_+#P;G1hz9Zcq);
z9H06vLHmv7<>U%3@~pg7{_g3JJy1pMMSfD$s(C+6G<+<s^5)a)9+Sxh3dbo+Rjl1L
zW6k$Q6~i98=y8|Ivi)ieX}mPZg6h`hvuIIQ=X&pMSG=m7qqFm66=N97b%MRS*3>O*
zs`FuIIP*aS<74GeV>$sh*&kl-qsukGOgZ^;nrj`RxP1Zqzy`@q6x8dY6+z6}fpHD(
zY!Ep(4{j#<mJ6mwe4^sLx?SJYS|;@`yj*sAPB=R)3pr2=3NeWYjNNo1SWAjxt`4LA
z#;rKzR%;$N{Hrp%E{*<h$P@Ik!>o2ulB?78Q$o(%A>+`d?er7V#YHOAm1nXu@Vl}k
zM4H+20tL@MJP8B6aENP*L@iB=grxc9+I_jYTz>5qtZZ-#fqR};o-ImTGkROKa3*5w
z<TxuSqHk$nX!1Z%56JpKLXrEJqeMrUj1WnPP`|EneFR2KvA}U0qmKKS2$z+&d!oRM
zWzL&P6{Z_G@84F8t{U03YiRQ_-IL3_&0GFP`=Ows<6~3ot0mv7Il~V(zO`D~*ol@m
zER)~e40+F%+Cf+r3dGmILJ^U3c6Ws?-m^MrM1NE-<3^ZCj6Y37I?+t`)4uKRsW^K1
zvVAgwA6A)v^pin%KjKO(GLHX>&Fpha=2MkouUOUFOm9E^cfw_gkAnN1tBOTP^(h(x
zsrZu-xBg`&*8QkW-Mu6OtenbnQ{Gqet66+nxHU(d7u-55`E8fS4bT|L{B+wbqn9E1
zpEOlEj5-t(aPbR1-@`)FH{Rb@t^Nz?CeHu1D5kJ#THcxH0z<jlG~Jd5o3h0FQ=Ic8
zy71fKWIC>v@{(M@IWYeb`4XzSY>3pQa+k-mIC_&2hyG41b(7N42Uf6a=gZNr5}r%O
zmowYZjGn)+$AbTQy>=SGjQg`x-ncvWCuc>QPKf@-t%l?WHeq3d+PZbTSe8Ni$vGFj
z904+S^W;Qo!6<9^AMUjK*_yf&kxzX!k+vng9ObAHcv^;n>aB>)?(qj1d2wtM%1r^*
z88X)g5@hz*twIW=){*B-rwe;->JwC9f$3d+{cTV`-s2fHCPlcm{(4Atuyv)eZMmS~
z%=0|Dj^*PG)mN-9GRWS;yDtEKcto}aeF#OyoT`S1xP*Zq;Tvl{6upPI*S4+GdLKSM
z3C`P)y7%98y9}B}-<4+Sh>faiYZq<)*UI%z-IONfI$bF;0mlcFxN_x-qj4yaPd_c6
zk|q6z!jT>Sz-1-^_Lu*gGLA2&E?i4UQ~?AJaZoJd5B<V&1^w(+3A1f<H*581{NoS0
z+D|^_`{&Q+gz~t@-}#U^?kBA9Ijc*|t<GLeVPfh`{NAfT@9T0s+Ha7@L4J&|KEJP4
z*^xnh(wo$FjJS7Cu7kifGOl7NcEe84!F1`;+Cb^33Ek|ta{~;cD6%6iSo$jbo4VSM
zJR$DvC-0(D4H7I=d~7}cJ(gT4PaE81zGkW~PGS}cQOHzPkqC1!O>R~DM>*P`ZtGK5
zZc_H!h8X#8xF16F`m@Lo9wN#;@NZzeR$c4Au=!U%Bvy1)>k%7vQIo(J>R;`IE>{eP
zvRKvE`bs;Bb-&`Fd-PUSYLDZ)uOzT+?y&jy-5Z&zuFHNI#^MYfo(ypYSe5T#BGD}0
z*6s(vO23s<WnLt!d5^>}^JGOnol(;<yL%wHY6E+nJ^SOc+gfYLXp`BI!%tD)J@I7L
zKHaD{m7%fp0eI1U2IpQxr`dkQJK5_;#-9X4q`XYLUKy=qny#5VANVVQA)_tVFAek{
zL@PUHGUf((+C8vw>P?5&syJjMGLhDG`>E1Hxsa=8F)(WG0G8AGI&ECvvWWTUuY$^}
znaE%&iTk-~x$WltU^BZJ=4{^mcGJ7gj28HIWi^REkxAUE_2Y@t8oe1mjRjP?^y@=&
z?q1ZIY@fLFI6MZ2$o<S$i4#(q?`++;B^1?8|E=LEW7B!QMpzD8(E!_FJ&luC9^PgS
z#*xKg_pW>~!TEf0>thK+qLA2lP~3lZK&3RTaVvvZ$1{SS>)aLSg1$#h0yAW5=p!AM
zLGI#;`I60?1<b2CZB6E&x=oNZ=4mrW(5!poY(T@d*`3Pt)`gRW`Ykf3_3iN(<Ys8K
zxA%G><#$xnu`mVEcg#eD+MG9@FLo*2H)d0s@6CSL<r8x^Z9@nq@5tD0%&vI+_Lo~j
z&yb^11@~TKnw`%2@Ckz>Q)=m_$sa(k=!31oy+PqPZmLq6<~Zi+TE{j8R=UE|LC(tc
zAF)P=r@$%qQ!~?w(Y_XD8RRD1v&i*82q7+w=k`)dTC1`byIp6#A8Am3Rj4)ZpajR8
zz~;<GT%7yZSCx8PE>dtcx_HK4(_ZFQKAcORLY-tEfDO1K4GZhq4t{oMXi{stoAR2$
zQ}K2w&$*TrJ4y0z*W?jN(kVK*huOcVkzLzt^LGNJh|QBRNd@rlzh@$5$9vpLOMrK9
z!4RDl>{<1CzP?oppntQ@U3Ssr`cer{F^p?u=U;&Vs<L}jhZ>PxH>#8SJ-HLjbGY!v
zmEWyP@bg}>`HIUqt*>s)2J32nsoht&_oAj-5GH|oFVnVKq~+`HR7{)*bSG{wV<T=b
z%^La8J#XdrL#hY0zM8K)k|AGJZTf4TuIaYqSSD8Xkz)Fi5AHvDgH4W!Y5RJGAy#QT
zIVN@_Q_@p%sDq1>rq|btwkNrc^0?|L>Q7igL?XRs9`FqV-SOta%MXGQjHy4OZa2N=
zE)1{C2mSZ#k0)#V?U9JSl7e5V!mCVxm5#F$7-iO<>M&>@P;-bVOwxKZN@46rYEks2
z7c0~S%wgA?b6lkET&b$22|4?_uDTg|);Yqku>NDW8tlT~Y@VXke8@@Vc~XHpj!<8D
z(IR}K`sW<mJv-H4kN3|ik{Bwhua;5uGnOrib=`RI@}`nfM-GS{q;WmMq`hFWnuPSH
z$}&_{=_=!%xWO`rD?4(B{5W`JI^8+?IjV}*AoXWygO<;&O3K;jmTQUG!pw(h!{<QD
zM3(m;ad2Dl(<|z8*9Iij+tOi8_HP3#m6v|rU@J%(5c3L8{6X{D!qHXsW<>kMf-&vj
zU>Ud8+iyCP$_CEDEPq(T6E7<j;O(+vB72%yUd>m~Wlt{bNE4g+!PIbQtCqPWH0S5W
zZzgV%7UlL=GNTk()vtR(m;~{&>;B*VF#az@ADuBHdhJ`LsVTFdNJf;6wNOdHyP9t=
zHf6eBS+(tr=cl!zulqOF*4yW*lT+A5q|J)hFMW?b@#JtSl7*xF>0~<XZ8j9cTRW^N
z$RC5&Q@f@W*ss;U71m{;`u)$$Y*s$iIjQz&mt?*@imA>o(9<0JI@6m&^Sy`tbKV%M
zbielzCr?sD$XR@bI0#?&RKk(pF!oWtp%MLNB=_=F#=_6f#cI1_6SjIZt{7hpJ-vbK
zuzxm2(>|r)nwP{&kU_LL%_`oUcTw95UA{7NU)`apX^kpFILq(3M+|!GwT!sf6~9l@
zb4+n*cXaQRJ={0>CwTXlp8uED={`D-o1IzBQVdc|R5xg+jrl_n1q+|#|IVdu<-cUl
zyV~io;UIbaU23&4{p(jn63QD^GLxjufa7dR)Vj0t&K8C&;~LdPNznq%{yPT<bFFlh
zen(L|6~4ND_1>C$OZ&Qq@%<VWr)%blufg}RcGF&I+Ga4LRDp)75AzcrH>%zVtmu0K
z0P)t6eC=4F&40hjeZ4)N-SCT^zTdCs?=|#k_wRG!4vbSVM`T*1-S{e(;uu7auZgu;
zF~*Va+wo#@*)!19W0=QLY;W3A>$=V!fb3}79?fBLk?<7<_%(<3sd=U(oPGk2$EJ7v
zP`R)}y1Csvr<j#?GDD~Tl}?G0du$$!-|f}qPZavFbLG4*<RjOnq4XiOGG2~Xp@3F3
zhe^KMEH2%N=?RE6)7Lk=w*JoDRbhX+8fKr`IMAtN!}Fb1xby+%NpNn`jm~2Awx-*2
z*l`Na$F5b1(a)z8y0F)W(C-_zYF&2+{)`WPH2zqASeEuHVVqO#Z+~tG&sG*N0m_X8
zZEe3Xdc=&5;#&K%;`TPL12h^@!}~lzN3q!8h6`V#iroi;vpfDtnD+m;4MG=c`kPjs
zC)tKDrg6>p3bx;=8&TdWIQy2{ed$3>#5YhH<j?dvs8#{t)rY8;dg`kH`hN88&GOp(
zc_of&&q5EO5MPDtZ8usg2|~R={X>v*-1f>BZo4P1ehu7zWwnE|QOOuDc>72EN`&^r
ze172<`d}sXx4$Z4)ji&xKQUSP`bIByOflKQzW%MUug=x|Z*Qn%U*-2V+3@+dwAV`9
z7WRJomSHCRh3s;^*#4^KtANPstwmKd_C0Mo#4SeDf1WbO9s!r>X|mN;XlILs(&Unk
zC3D@1y(CO+@Wj9!9yl&AUEW3B_re>GytQbjr0S$(hJYr9<NCB;G67CSCNTh(|0hld
z|D9j)zv^`9_HXrUHEmtjxKDL$_2`H$B?{J#7G9e3tIf$_vDoF_OYkAA?ALkhvHJgs
zD{~tv!wVaKS6iyz5O}<5d4ol6mrtWrMY8FBpMvk(tYbF;=Y->$AWI8s`*PP$7LK2P
z_I6{`yy@vonL881L_{>_(swqerF3teW!#}nN*;na$oV>>rKUtJZih)qN!K4n7~Kyu
zxMTDFU*{If3e4#VT<)|_85bs5R}(Yqz81a15mO#JBq(JMzJxoPVzrohbVaJWb!px@
zS2#8hVZHDo`tp71W4@)5B&aS=K5@^3c)z&YI{*uA%WQL+yx1R}Zi^*51LU?5x1Fm_
zy-%Vk^4*aX`OBA#|3kgvCn$aAoYqt?^!w>mZnW=tHi+KJ(eyjNdZlmONx1!6?KVP^
z-Fk>5_VM5C%O>>*VyBmN$y?hPe|^aHeS-&&NX1-nqqyJwn%U9EQXlZh#SgY{<l<0;
z7w~x?DJ4c=*7pABOAkApL2?m34>J>z*pv6H7P^Y--&Kp;eV)_oQ}1CEd`j)`*qKGt
zbq3*PX=b6PXPd}kpe?MqMpjIIJF=(o>7%Z?+qEfywK>LloCVL}_h<R<D{DOEfA`~F
zDu#V&D?o{!IaIGx<zJDS{Mx5B$mk5nTkYcxotq3`kGQc^x?kYmaVTFlCG@B0-%;JE
zLDoIZuKWa1yN}i%;0F&Bj#&rdH7NIbD^29Dc~kwQ<$#Ei;{(}G5Pw=dH7>=wZp<Z|
zo^usaOt4&+QiEW67c$W(Ijm286C$fzfrYY~OH|TetxQ<i(kLru>*)|8)4Lu8+TU?R
zBIJCccot7NW+I^u1A?0KY&t-S0IG@ug;P4TR25{plVV$M17RsYI}5<+*m$mV@Df0e
z$p8wYkV6f)OY{`$WNN5HajUB;$v==WGUw1yH1gf6yN4r@w+ojV7rSTxCKnl5xhxzl
zge^TrUu(23%N}{u07CdU9L+hu7QDz+GJ620{^QJOEbca)9_Vb^6S}J-a%)=51>%c5
zB3OC!fI%pqQ_aG?X=cP)F&$eiG{|>4rrtKrG(e3gW|RTUvZ^BnH=#422PYUMt0s3C
zm@-b-*3OM%#~bX=wFMnRt5~=w({l4|Og-v|k3daJISABym*HlBfy`#1t1a5l2<1VF
z$Khg}{Ez{{wZE5FVQyx`ka>vi1+*U>7}PrxXoh%*Z=io99dM}PG?WR}mbH0zd~}{P
zh&QiUT!YnH;z<AgXbtweDO%ehpL3b()y)F{TkzxP1ousxD)R%*dh#NR8<?_PnvU>Z
zcsgyxMZrJP2{^leCbu1W4%Ve96f9mWlI#Z-K?Bf`d5W`r$BdC?_W7dU{F3Kb#Tq(x
z)=&HVyZBl>$`LcG-g?oVn6gi4FtT!O%-KPsvl@;!(Qs1vTE$I8h}oZV7_i4q2MGi#
z1csB5HA5DX9$k&}4OX7LXHikNv|4;;>BHl=06`N)x+!r%poMXD)NIpQIoi@x8b1*T
z^xxb`PWHmhtSySCEVKakRnX=Wl{wa~MIDG?A1NVF01TKRG~5VW=!tzKmhLs6xi3T7
zsqR<y#}<#$bWAA-<}yMrwhK$86~P-<5CO-<g>G%0xp?*8aeZ7aE&KJq>9G*M_L+jZ
zcpsuDX>&W?XMt#5wzfIUJaA5oBtTlb%GZ3rUo4M)>nssq1xWi$rIl`n7IMu|_VTC|
zr^jbi)vOAN#EAKOY0<zrM=O$NM{t7bkZ}9}fHLwLs%$^;oels2z_Bo#S<7&6BEC$+
zYL-COL;<#un~O>qPR{{xO0iN9Qpze2*KG69<r9Q3?}bb*MEMdi5DFm<ayB%~nBl+V
z4O;N{w~hFS{bfQrRzecdxeYSPrxSWVakx_~M6UcI-9eqD47@?IB~Rcd9SFoVuHpMJ
zv!F-i)&p~{i8QFO`nJZ+Moq^3aV|e}6ExcdelRf#c#{&-yb*_aN5L{m2lVkCgUZMX
zW3TnbMSp_W;?If25b`PBNLU%RR?p%_K83*mCl&XQ$?*i7I#=M|9?0OM6n2Egn$0d$
z?&6yfRF0V5ut`2YAW@7@cT_R0*rB><OYrGr;*?050-h`eAh;j>ea>lOnv>tZ6bqHW
zjXejENBg=UM@yKykKz|`r&T(yD>z7f7iJg)zvp!Q&+K3byTU~q8c5u=WXa47z?5Yj
z7*{U>83E1*P@Y{N{Csm%;lOVw&B4uR!~@$wo9RbBN3#ThRvUqo^$3LP*(~Qc8|Omf
z@%NS?dBWZzZizrLGv!>^kKBbrhOrH<Ex5m%?^qvo1#ZF+M>#L7tWfa~;#wD|`DCUB
zP73kya;wHP1Ok;72`jYI(@;3xZZ|{G*~px{|6GrT4^?aQX`C+7R(av1x15E8)a3V?
zw7WL7w17P+cUbg2?Fe7;I<a7}3OF(_nuIF<UdA=RD2so;W0Ch2zw|9p{8lz#1qEby
zrTu)c1ICopYm@<>QGV#s0`4Bm*GquyWhlC)glPh-bgl2ds%Y~b8_%#@YOKOz7@<C6
zc+DAK_@ueM{>kxW5G@^+Rb4E3=oJuGx~7)`&*Bpy$}6eOnnN-vZ8gVdV5AhrpQJa>
zMVbW!l~JnD@Pq>gh9Ch8+2&G=gBGZ4!Iwk;K}Ow=P?n}7@@h{{&&5T$c!qN87Qia#
zw430NB1|EJ5RaP9n~tNR!ly9g#mfkl+1!oahxoWpz@u3J{soAp;-+)bJvb!90kx}c
z0V2mN;Vp@~n0N;|&)1*2E>aFm1IHSsxWw^Cw$iSxn3&Z^OB(SPr*);9uFVJay3W*z
zIurtg>`(LpQqDV^87pMh`+AT|ZMlJkPrVbR1N<>n^FyhZmybhIz}ZSTgovPkf0hqx
z?rP6f27$042+E314Z;^)A|y&&&W*3PYT4i7K>4lIkFh?#n2A0|+}6sF9z<iqUOt9m
zR_I=;i_E+~3sLHc1DaH?zpj@FBJEnitPtd;3<Z$yYN`>s%};x)H8_ls<Gm!MiU*M9
zZ*$6GG5T5M)37E(z){gED?yu#AM)DW*?AZk$rW_=xPh+=yXgutNw3S<2|nxDHG@zR
zF_IWl&_!qq!(y>@!*bMo{KX#iRQvL8kWW%9ftcF>nhyj~OpH?YahA*Z`MqeyRPu$E
z%w?Q3`VXSFo16FPddd(sewg#kfg=zIP`#-WX*5Ksz^4^L;k&s2#QB993ym_V3&=&Z
z(K;1@z<nm#j^^(UFZuRzfC9*{a9j}7`=mPAh)jyFna7oAAUvXvCVs2KO-}mxdiI;0
z`>)UvqX(zTj@Fz-EiJ$FPKxcd%wysdDP@TiX>8?bA}_$y3ewf%z>w`{lmS{infIA<
z9?p(OU1E(@$EW(}i9>G`!gH()$iV`~sLxa6E9Wa(DzXryNC3g)?SJl@p)x6p*z++G
z4jekzvs8*|a$IcQ$6<Bi4dUeUu<JAwIE>(rDMyAHy2_#_V7IhM=VPkLuI7*YpOY@m
z?NywKZSj@?M~A^xkS2LK|D|GD_{GI8j0-yp7&>V5>-ifAYs0tTb(GK7>H0hIDA2;z
z=H}+*X1hXG{Sar}%?K7|=4^$o%$d56=v@H(;xEpd04Le$?b<Bv4>AHk#~hD_04JlY
z^A&APUdKfqk2pmYSHtHAIKZ<=G5Fck*&JaQiYV~9fDgCgk4LRq!E3QH%18Y)t})k@
zYRY20*M@W~P1`n$axLYL_jk1cfhi%w@^%<Gb;>E3i*nGWfP-uV7rZsH^glHVU(lUA
z1tZA2YAq0ah_2luZL5@G|KmEELLk0ZgoVpLnNp4G7K0i$l^hic$&mkBs{aJ_rlDo+
z@c^>ulTbywRxK{5=xjNnm<))#O=RUYV@Gf`ATx6j#8ndbV4HAQCnPF=@sCfmyk#XD
zrVPbSB7Ef67<CY5t68PwQ^8#v11<5mW1exrVLC~O;m}pqX0MLVA7-*6wvE%W+{RjU
z7j+q=SPd0*0WA+%T8~DlNBJPF2bseZ5)34hoSX!Za~R75=jy~kngdS~)O*yXID7(j
zCZSw^Q1aXLYjMJU(zp|K#(h~I6iUha%$4q?L#FSa!h^5CKs4?A19N{=DPy*z-=*aa
z2#QD&F{r1TVKwtVgz>$D290bZ()}ls(j2pU#+uf83S|~`CC}3#0PuL95L*yAep)8m
z59dcVYdEz4P#g&RMu+27&W4LY1G?%YY#+6DwBpGT=cGZRAarRPh(b7IOj|A3n&@7R
zkswZ&DstoGcg|%h;`aQGc+}lw`R|@@1cob-aq9D#68LX+{mHSMN*8%?-h~puEt_j-
z`NHgJ655%OETWJ$q?E$+3)AMkGf>DQ2EVY6q?DupgGeEGvZqhiIa~m(WLmj9ch4u?
ztd5+E@3E{xdFv?qE!m~GwxY3b70O8`HNzE+A3JQ(+2U>3s_0=k^%k+#=`wn+c-A&t
zsTR@|KeBIh66Aqt9KC$3`*>0XA)ZP3yc`U`qZ3mCi9=q4{V7mMA4E?NcxG%ysneIL
zUcm@*yfmyWm+!ln3b<A%igF)X<9nyoT8mx+51X70cO?%td7xT&LmA=3XdRyxY%Vp|
ze7Wm%NCm;9qcJcZvHf*h21anF3;=;m`#)~(j_p$-yWM7;ak@Y<76xLrI>EHSeKE5b
zt!&DlSzq+;*qQ<aewj}JvnFyjNjJ>VLTcb8u4Ilw7s{7^JUWn<^PybwWL0E=P7My>
z9B|*tldW-W1y?i|`A|UtZsIp!WJO-*1Nfb^I*u1;FWR}e?9jPvXL?+0NAm{ZtNY$>
zMNky@YWFT4sQbc#d;)Y==&IB$!6#8`2-3pIBp1}6?V?Jx0vm$>FE;Ah{d_<h)3O&X
zw)f2T1R<*YdB52sjM9ACBy(Viz1WSf$TrM-{?eygY-oHJLm6#&bl_}^@alk77$2^!
zsfUZ|01#_|Yp<1D9<FqD9xcj{S6#ePdW!W5mq;Bvi6B%UzEISPI02rIZCXF>=VPw4
z^*9H9G_vp-e7ies1ty*HU1p5cxDx~5sqnlv;a{B*w1FI98^3^QlC$DCIuf^PBjfT@
z3U2jqU7Y;NRX~X>dhDlCm&oLeZR?-_{&S<yz{BbBX;;Mjq`JC~n}SzomU_^{Ij+an
zN#`@T=!yAZUvm{<zv`$Ndmty_H8voG0O?u<b_5y4&XPJ!0=X&^tuxkO#>ulQBs4IP
zaBgN)LB!V4?p?&QK%B{ITom8cNWO~Zof0%x(0TKGE0#FVJU~Kg{rr>k2t^pT1wnmx
znlqf-EWpUdc?hNc=pwpi9Jl};E;yjyy(OdM)o!4t4s1MLHL@h2tx!w0@uj$Pbm=52
z4Ze~&5>u=PAR)Y1T;@(jPidFx23p<&D7}2p%LE;U6wL;Aek&B710vpbEbnE5h8!C|
z#?Pt;`tNthP(C5K;12>YPN<72F}Ux3*)XaROuFbERx)Zh(8ItgWNRG4<JBL8N}q{6
z(nB1K)0L#8a2@R&_x8sfG;Ys!60}=SJcs8rfvqH*ktO1=6$l`g7D_N8Ef=foj>WCW
z`}0V4uj%e-sQ6~NR}TW$fKWO;TVs(?dN_yq=0U(Tpco5!vXvVCV3!WP3@}T_!~$v^
z3R(vNo>j(Th%Q~6bUlhpart6!f}+>y%s)7p7P^QJ%>@LA93^JOogc<tI`knZ1Nvu)
zSrEwsU~J8Bo51;W7_CmALf}O`A`oBMhNSEi9|pxs58XN?oszeL(8}|k<hI0yCeJ0#
z8pEgYva1F67+A3z@tdei*2<{Z-vZ_s5<*h~W+8|FQ?Lt_-_LD$WYy==8gN`)iX`r)
zh|mF-oJXa+ro(X=;^eK%-Ca{HY$a}(O)Ki_QydA$#;aAs%0Zy;I3zCf3>mL&C9?^~
zlie|l$hPC%nNbL!ocvv(p9SEHmjbrwN%#+hMyjcyX1)B6qvKI_d-Dn@i;#Mp91o`D
z05lhb&Z?_9%0(kd$LK^r6K+IHfyG6(=p@+z*9^ohAbm~_&?xuyi+)S;aa}zin?%Or
z)7^U+<7cXN!l5KmOtf?${HWN1D-$w_?}5tO9NeU2`t9o4I%z{?aFfp&1qi*>^-~bH
zncR<rc#7xcuYjeXafK`|C#1{8)^}Tt;125H?5Y*Lo-r~J4FKde9<_J&bG3pO6tSDf
zNf71p(aU4u+L=jWID2xoVWNH>5A|DNqJLh&Kl9vk@7H?lys#o^1J#C@_WS+MZ@4?E
zp=EQwW>AMR<8#hf3ZS41DT0cKrlGUR@p$4C7+ESLir84D4!V;Lga@6c>yVH8^)?5T
z^LE?Y?Dt7sn{!-*l-fE{c-7}}5LfqEE*vRVAs6^^cfS{*e2ndl;Ud`horIQ(DH02M
z#HUg2^R|da@9{@E&zN^_q3RTBh3B^W7DbgP5oh(V`|Pt*K0N}316Ume7-70<Kc$Qi
z5S{?iPJb`!hxqqX9qxrsCmBH`P7BH6DeoQ<qUlT#%`2%>>SW9iwNY84{YPZTBlx86
z&{_;H$!W1UWixw1sr=x=H9nh!1zKF(QFu2~eDTyaV2E;fgye!?i-nZ^C>!<NV5Osf
z>8FKCEG_)^O=d?u_Ckkw_l*MjGvd`O;h#QkWNgzzWY>T&K)vs<Kw|60241<=`Wq$P
z*)3?_+n6mSTY~VjR~Z!?=EXvGT)@$sF5R04K|Rmf@ErKwt$h&0-LeBdZN6{8q6FHh
z?X`_l+W3Ve*9~_e$Y_J`wlAMI41OjuE}UUVI}H3Y`0-dBsK1$4SMRrs;qpe;OM}_4
zd&>O-MA=##85MLmp~eSk-X^U^-h+6839Ymg+{luvdLYq!n?d0nCl;2aAPPTImgdR@
z-PVs$Snr+0lcnJOq142bfI9bq?;)K0U~(b~r%0G+aj0nB<14hxyh(O}CafU{xiujf
zhHZx#81lw1sa@5d@nTci@}-|>r>ZQF@unAvLa4xH65*0*2?(5}7YjU|8St9UdJc5$
z+U7GiWmU{O4$*?Ld!3HOVdv2tK?A9p74VB4h0E^O3IhHdzO(O;k5dXVZ6u)R!NSJP
zM+YST8Tk20$Krt>5DmhaG!R$`z70);nrYGV@^cH)!aYPAo`x@8ZnJS13B=p`FVzUa
z>s(PRm?8eQ=S|~wv=SeeYIpN4avgA%zUyE_xdmt@ND~o-!k0JErPS8q6fd@N_bfdp
z8MV(oPbFL?{X?CG!P&Jv;B?SQ%3Gr)ud(lhOJ#i!RMB%4A7mtb`q!$BuoRu9i#Go<
z3dVC1;!%`!B!r)0*{F!!!$N{~Q@QX9%h5{brMdvZY!C-W4H5;g%kTg%kS5Xbneyb?
zwbzj2wm1a`We_C>4{fsNQRpClu{j;!p^$ne0xOi(V?A<Pd|F6naRe^K!>@d9IwT&;
z!xyMvLzJsR%zWW;bdro>v%^0ygm?=^{uqYezB!IgR$DqhukKgKWt0RUlqbAg*9XU$
z2XF+~+<yLMmh^*#{)&u5J{@~d3qhMO)W7EhA78(h!Jv5PiHa2JC;LunL2=3#(Ez36
ze=D}x&#amcu(L4{2ofH^-Y{L#Ro~(=`TzmJUwCu_WLHMxO^%+o<!V1eL)}S}M)-h}
zDd-S_s5N|%VGlbGAT^FGgso9d`n(?~Fq@+;T2Sn5mo+kRmA37&3yy9<y7^NomS91C
zeTxJ|cQvoWZkE?tzRQ@%+`*bs-d4cHDj!~HdDiP?h9&q51-RJQAAhUI(r0rfnhmXw
zO7;WeK?;`V_<bmXGUO$LVU{ggUhL0)i)mR*7h7s`od*Vj2SD(|CiLny3?{2I>))Y1
z?0rx>*tu&8I`1#?n1_>(s2LZ04ZJ>0%;}|IJkI%&G!F!n8j0KK)Kl4~hxwS(C2TkC
zqabOILM{<@1<Lo>Y4&4ZyiQ#(80i|YnFeVk`#VTB<DwyZc@{ea^sX09H0{f&nG%Gw
zkspgTyfpn_u3h*cNDe?ZSUT^QKWZc4?66z`>vdQJ*wL}q!Yc3(nNqs+(3|uJsSrn=
z9Z&$4i}(UBf|nS{mR67pQ55OGiVfm);Cs=WsO?V}mLWQ3R2QImYPec9lEbaG%#KFq
z;!%O%hBm7uTNDp72eI8T8kg#`(gkT=sl6!%$NhsUrQj4#&#^ETb5Enuzma==Cuf5f
zXVhGcJlK(WAfVZ8#noW|vfyhs92~ZN(v3px2fM1WnETnObZnHz!ybXhLbzO73)j>M
zRu6*+zZcP#euVu}OUPa@2keb7WG&akHW`i}uO}iXmxBrp^@}GPTwLcJn$F7SxH-)V
z<D-pIU>Uem#%Xe=Al5ng!TooNYZvjjdAm`Y;iWbKpTA5j?Dd1%OR74QNj)RU?7%4#
zz?|*iIEur&pOa6Kcn}`$3hFGEv0qZgUsh0?<eiIcC0GDDbRTzNv3upW0h+^SmxD!_
z*w-A!v56TL^gBqRqibj(e;`)ETRlnQk!E!u#w9|O9AJMQn1X6O+(cr0;xvpft$#M6
zF!yU;bpdvi@T>R=V=MQgy1frZ6m%jpd3`HfTe@x9g|eC#31;4_?ibzLk>xce5+92x
zoiCltOkmUT0l3^|9A;k*++6~xV;Lk7J5}Lx_Vyjc4w78rHK%=R4NAmAD__MU*Pd*S
z8O&0MKR}+CONg5%Cn06pj1x6T@`uQGyyK+F=TCD@;|41;hK6yen@#(hV$%2T?**Qe
z=sN2V=ZmJG@VP|xa+3S&aq2bYR*xMEVEq4Liw-O!Z<ZUlxD@J_d$Kl(R`zQiMid82
z3yV|a@as4w+{{6-kk}mV?>(Ib`*~LgaiqT-Jb^-aU|V1dAg$AN+gnrLwUtlXE@8&6
zi(a^N??y@+80c@W-=Q$fc{KBMp1sPWK^M4y-GBj!gTU+-Yg}HP?R@`mU=`sH9nzdQ
zCk;?K7<1MP0xjnv%KFR$_eCh#viLZ<5ac=E6y=Ns4pch*n*_G1-#URPgRsMRORr6a
zaEpNc;V8~b4`b`?F^4ZCG+++hXC%5!T-renE!IwlN!e!4HhRo{qjmFL{#I8iCi|pq
zC-&*uwDRoH6dCF=4iAEEVPz0Ol&v<S7!k!Fm_j_FLiW^WTAHRtn$)tnjPku}G(@ak
zKAKyD0X(hBcl+a8AhyCYqP4$^o0{tDaqt!fe&y3nF9PS_0&(iB>NG{k?{sXEE1*%r
z;t~<==Y;HBe8i7(?V_hJo+lY8i_g%2njubb&(>Pd$Ad;pFBs+3gok&7+3T}8Mi8Vy
zU{KAzk1Y@q&-B9QM@{J|Dn7`=b!%t0nG1Z<3?yOaU<1K=eAn#b!RPJtAd!bH(-d2b
z+49GQW=i2pDbbC)kvopu4ciq2trP)Oynsf6<7P2yL0Y<|%;Q(h%lu93Y6o|j<Uerh
zimJW(Bb221^ljLaATZ#0qGu*viHsqDA&6m$gEIPawnKIse$E+IhciXZ)+Fm`_HI=q
zE=kcb*D`RC?#NC07{C)HUH!}$Nprk?NpShdSB3u($?BeT+}ttRpPZPx>ooVo>A-r1
zrh-zDt&^*PZ8dS;BiyjV3LPcfJUi};{UidG>X>%+>ilCeELK1AV=wP=%;JnG%j96h
ze86sFZ-(j3mw%>GPh@Lr2;Z!x5;A|*2B(e1J_i2TsF4`fO8p_!h*+76sS*_I4+vCu
zR$I`X%P_EYnK0xQ`bKx)!X7)%11W7+W<uUj9{(YkCEe6JR=rC8y)9EO7^(~~b*Nd{
zo7M4Hd&Hg5;E<BB>&(>O2i%|AlJ{)&A9!d`{;#Kzo|pHL(ToM|LCo)2yI0=QZoLH@
z)$UhTK3Cj(s`Ms7_k&am{520XzP8R&tYR-cQe)Ma?Wgh7PrV23da&vZ`{Mc%wJm3*
zI;P=GxVXVf2ATX|elXa$D@)1#H51SY259ja?5T%LL~yGy>=K`Z^-WrUl&Qd^vh!qm
zh9-D_*0_OZAadJ|rW*KeGcag;B2V<KRl(k-<)qO@gW)B9^Y+%QB(^bRIj?p})SDo~
zPo6GFVPZ(~;5XMSTfskmPkBRk4axw)PClF0CjS*IDsBGRNqL9UDJu!6{<v}fCbQc^
zEe;2ldzJukLr+VOs^#rbkOFp!kB^T<%t`AfYxplXwTC$b0$DU(&`)~Q0GxL=iq*$z
zn0^qKf$%V}+5nt=Z3d8oz0=u%;aR832MvCvz=f<6)rPzqula_uIm{G3_z=>L){ub4
zYM=7ph3YEo0xx?rr6f1k_E<c#bXY^B(1_CJ2eO}+3R;p8*M5ulU~hKo?$gt0f@X3B
zDA{Rv24$Q1YO|X7!{j9t>9*bYtE}p@)@&aRfd^LBlx%0lL3V;Z7SeiVI+>|lCLgj7
z$@<O5#{Tsw=f3RPRogE6TLhcO{c$;6Vx|w;0#bc{+A3iE1fRazIGXHj*|<5hU_cWN
z;n_)9PfxQF9{ndrJZKKh&)?|G`kS0iH#dsp#5i+|H@`qR&uJQ!lskKS{eH^lrNgr}
z+8fip_Wf8IY%lg6;^_NN%RtR8IJk2n@*b<d2ye^%I2UxCWs?7QRH4h_*2lla@jLuy
zBXd*9yp&AExfdSyBMz(gd=nmrX=tJ#&k}#?wqzt^fX`J!l5#VQ-oH1R-zEig$Uf=u
zHQFm`e2R8RSZL+uuHf*Nx4-i#M(D#tprnf0hD9){2tIVlB-Sd;Q|I5Fk;%?<2t1AZ
z^@W-6HUS3u>uc&cBR^cm!tA#rn~_1DE#__gIu*`}=iYcIvyQ~OdRA)b$8X1#$^MDf
zWCwpz(Vv+2+Azz{ee?+XTE_$aneB~yp}lhrfZJM7bg~o8jqNBK<>{Hbf55DW$ohOL
z#SNs8{R>(`{}v2NSlJ;V)jNJ$LJmO%Fh{c{K<T{hj>$o;v?uxMMoOKGo2=rKYT|cs
zfo(_Um!_gQu$^_=g)epWLyV}vRa>>w(<9!hc(<aGpuj48$XIe-!`tuI8@`^L;@J54
zuYCf-+@R6-;cbFh@2j6)5dl~IoZ){g{zqMTa_^lMSa6uF&@a1QZk6XP3T;ECnf;P3
z%tN2@p@d!Gw|$~cId5H{*{X=e;$+Z@ep^cMF(XFA>U48;djvOs{y2PfVOAdT_KjNh
z@qv8aGbGug1-Z>Cn#>DylI4l!YIS@V$HN8)da9D}M4R1YRqA)9&9hQ-%G>N5kr2<a
zXL7ER+Cj(bV32=*Qg}<&Z$qd|eRcIlmYEo0eGKVr5M<Rs_Luo8VY7C3l`BOwE7sur
z#B;;3Hs9glkg^AMo{`HpJetQ{Fp;m2OL0rm$TRzLcH&0ZwF0p<`nfLG`MJ4Y;5;Wz
zM9E3HC)j;`hGd$gtH&GHVPd+Ob;-95>~``PyC@bQAXg<T){@l&_c4{uQ9YLv3Rd~g
z<UmBbzasT{%j}}-6^XB_-xVCmbJh3}OX%1U)VwSr>9!jl<C079FLo41zmQ(S!W?!;
zHTkzNT!K9hVr|~1C}+sFj`RwURYj^!2PE&<&$wCT-1*C1p0?{~CT!>GswHb^?*2yO
z&$C5Sk=NoM9FF}ir2;>|gaHVVXoE$Wt1Mmdy4SA%6%EMpu-;)`NG2=G9RR}#VmrT<
zU&sEuZS~W}qg+l+OV!cV<$nM=K*hf-EwS?4+aLoe+~zph_&8Zf#^R;#5d^n2+wEAF
zzLJ!Dg<G{FGx?yG;yFp3wQFfhm%g%<t1F;hV{ul2IO@<r$q}Po4S#be2{?=^84P&_
zKdCvXuYN4<@ZrPLrcci>xfmpQq-^<bo8;u?5KmtBs`6d);x6uG`pkHu&+4epv2xo~
zP3Q9OrGxcffAF9ru(>uiQQeUTHyx;MciOEC;)UK%t#y@+^1hXi9$oG%nKEb5NqM8m
z;ccUb<3P|oJc3Wc;T%&Re+A;+J$I7@&OwH!)z>?DUwGpiX%$7dvI;UM+PytdS=r9*
z(>URiCEfxh*)T<6zHg4Fr{@m$?R%el&MT2kji;H6mQ)*q8?P~H-tigb!_IG*4RjvF
zO7A<aSQ+G;ep`>k{J!`3Sv?+;Y3t_Jo-)V4Ve16SZRb=kiDkKe%tUdY$jKw-B^Yx9
zXIO`Xgv_76`SfXy^rZvs`%d%cuDm#fU|=v;Q<G@cr&O|OpJ(j(_q#@n#T7QJS+#7%
z3cpNGU8N(m8w(8C<|%t3PMtq*y)y`hFDX=XBDZuL`AjX__q&p1RCw-3&R#j$#YN9c
zcai4WkCv@n@${MURvW2z7kMv<6BA;0+Po>>m-foou_9;K+u+9&qGMzGO#2teNS@g?
zS$}y+Vt9U<(v}LpFI;nVS`)AxXOF+yM5F+5`8YpGHQH@LWRP6UwBG{nC{1(jzNk98
zG4(@RmCMpe71<B%BtrB13qI6S%2!{wwfkUAZ&&j4jFH<&rge`RKZW7OL>DLVizIQ%
z7N&Syccl9=_Lu$+5Pu{!C;T>T>od383L7PZ)!b^NLL9H<20vRKd<F5~e{G&&MRs&-
z)+%0KGb1{;o%XbFUE_k0VW-FDm{8npIxermMc3^eMv9TgE$TXN9yL{?LQ_X+dh)GV
zpVhdg%!bSBk~K!NlA{hBSkvee(&=>0yTohUlO-#p$OPQ`!-wmGOQYW{?|-b}{CfY+
ziO-fq9Xyi%=!Q?>mi+omDWwh4a#}NI{)Rr;P~~&8Us`o)#+X9h{?t<3mUw?RN>1%+
zV~&aXjMVh_A|R9%6-Bs{k*gOzlO_{lmg7n}Yt6K#U3c(E4wXFjMC)?Q#@@D`-8?OF
zYt#Is&2{yPO4WTECml6?6f47}PC79Aau?`df<5kx2}cnBSgOAI{`!YI;$19zn}M}a
z*%~Js`!UsooRP8pW%=UeC&Ml%jQpagd$2)!tx07=Lt(9|M!+aXjh1ueSxfUgh9fCE
z9+v7UZ2Q`|P5-E4hR)tL(uzqhcksM&THnmrchhxbALG76ba`6lFkF7xn5l}F{EJ^1
z)f->my-#<Ve`Km{WMu6hL0#j<MJBv+j9H$jfSdBtKIrO#7#-Ss>kUPdh>D|@9S&pU
zIB<N&R?m<?baaASDvoU5zWu4a_Bc(2jV=7}_G(=@%a0N^BXEH!9y`ts$C0SXGvreB
zra#(n>zcBFa@z00(mcLXQk1q|mTBlodgFBo!@WuSRQ4oy-OLksKY5}MU*u0)rRi(R
z`qb@(dz{@=yJMErwQK#AXV%?(ZpDAK!rIzt=~9mO(Y8nZA04dXKR?}2d*XzB!M^Jy
zBg*$A8}kA#T}3J%8BW=fbbs@x5iR!}^p~yDEcMT>s`63hJyWDDNHJJhvN?S{MQzcY
zR;pst>c01T9FLNdHJBsga%_C_Gxjf$+Y}fTXBcXxY_Ou~B5%Fy5(cv4kLKphwY8r2
z_O;c<;XX8cJ$=gOTz8~ZenCX@%~z){e>$>%|FSddDcRF(-U0`}FRJtH^U`g-A75SR
z%i?}~JKCnqKT+}A-BgqC@_l}|^W8-AkjD9E=DU{N%J4ed+$3l9naSn)?R6UaJm^tY
ze^gzbddx@H+ww)JHRH$ky=XqEx96~-T>A+tLj!|??uvz0U%(3M>D7)+mnzP`dSLj)
zWq+ijk_G!de^~3XBsVy}wCQ*T`OEv7jsm$U`X!Q5TT)WC;0|V;dDh+1F~g<)-G?jX
z%6ij0Ja2_B^hRq`zr1aqb9yR%<VefVljj#}gGqaysyY<XQ9ts*F%Ix=pGZl+=bkjz
zI(w8;d*;%YPq!BP^*{2@SlidGzqYrOpQE@=CfAfM6YRWy6+7uxb7-%+1NFkW!17jp
z-gb3|^?l7>##AMC6^@>5s#9_<AgCtaXffrat&{(&>#Jpk;WA}MCq9`*{#{3n-FSWX
z?%hb**4o_r{1=YJ^#zMhoM10!`H#ZUb<J=+myF#<W+-kcnMG;T*E<My7<rqNlo!b}
zO663D$4?c+Wy|991NQ6BK;OT%OD4~rqkpB#`EGGSiVRsst>pJ(j^xjc34O&IJ?_2F
zzQ40EQv1qhuD^fdrHHOt&9xlabV7f1&Po}z?HRA$)UDs8z3h_Ziih?Iq>!g$m<xJC
zM-B7NA?)Vey*PTFQ{x26z08&;tv*XDR$Xs87)9XCTxa9lDtkZf{L&ctmx~OJsLbn-
zSEyy!d3(#rDJ#7=pme-7x+a@;qiEyEYehxoJ0`u|iSzgEc${s!bm0-p%79m1J4z#a
zD$5!^2V6Mn^`!keF{hl1JG^tlFljT>Bwlqnf!Wcyb42Sf(!QNDRX)U8l|_DP>GWT}
zFU*d*3vtrDVCWNilHa*w7Ujf=6A(7g8ZMLbu*W_z+wW`S>#{u=@dR!gTi-u1^)jWJ
zdno!733*VOWo}ttF|R-KX1T|XqZyRs{c9pG<tE<o%`-kfvAF$gl=Om0`Xx5Dwy~q9
zggz~lcuQZ3RBo!h6v5{6WscNO3;Vp>`c>Ndw{MrN{n}?P*c5brWr0KFtROSjGqNTp
z4%A(WpiHm|emSXe>p{xcv0rNb==V6LzIBT1*LKD|?&N7DjG908+c`+byI+4(5jxDK
zEa2P{l_S2#xHn`9P2|RmSym7!u(4SmyN0wd#E$>@<L(O$%W%ubr)YdR#kiMr`{u=<
zt``wu4Hm8*e%-0l80VfmI_;;O^`a+WZM#<wzq9e)Jy(OP^XK#|tyws3(S$tut$SAe
zOv5904t}h@B0Jg`mo&{T<N1+YZz7(qn;UZGnD70yV2<89DemrtW@)Fd5pMPzK9<}>
z?i+^NJaX2WzM5<d`<zI&`8ww8@!@^({t@q=Oa>w7<vW?tIlIUDutP#RFEp&lUw&0G
z`PTJIb9Ptl$sASLUd6sp!!iuh!e>uLVq~o2i}tNz7k&NG!6Gq>yms)vT&;*!kCBxi
zF+cTp1YZ8wNUv<{Ax7brS7rIyZW=`<lRLjmtiL;LM`pm)N2h#7kGR%YoKX4UqW;KY
zZ&@;7uTh}Y=eJsSb=C6Nrx`7k%{m&XrKt~k+FqVoVsOIu^@b8xO)af4c>K6suGf?&
zS!d}4l<lS*b4CLLGtqosYh_b4ubnNna$7!r?(%!ziXJ}ion+_wT)GI~h*(iiK51w;
z6IkA#xoArg+A7hv<i2)wcSnPjj?TT(lM^M<)S_LvlWDTDvgZQsRA1x;GMO2Xi}R(G
zHYdD0>axvZ^{4G_hepg?psx1zn$B3`5}Vg^$4r^H`cwDmfIAE1O}9zE27%yGj?C+E
zlE)cnqSNnlXPKDvK5(%bzHREUt)4r&rs^QC9%oDMi{dIB(W4pK%-?Gektf|FBcT?f
zYj))Q4V8SeIV(v~QJe!^xah#w>M=@6N+&WiE5AnWapI2DPc!p4tZYrA9japkd3t2J
z*}P-%4m~%t^Ko`ktm>E7MH~HN5)~IVE)56^8l~y^VKT+|f`*3umEIS`WBIk!IpGq^
z`#<%J*zoK?tjfD(ZyF>dqo=5NbbYEmvQCMU{bWZ^n@hpR#_f4|)o%#4a~?_$8)n&6
z7L&8mAwg!>dqZ0}-lTK&e+2ogS@Wf7n^k@0;?rZ|zL?F6He^2iRNQ~@_eGPG7I_+c
z=`Fuu6lBUYtde@A`$%nAnCYGK#dmI*=x9hiUcFjs(MiRg=44vs$LVT~xe;cMC#|i^
zra7?LZ(1ueuU)(5tDlv(0k=e6JvY45f7!D7&%Iq&pN(Nv1<vuZKA9hn?>g%Agj0~>
zyKIdz4%bc4&)GQLbR=Q5+!Fl6#}WvU*nCy`fy$b2I-MTf)Htd6&Wj8!W$&FAI1QHU
z+T7e+<Mv9Dg(HYJ8@Eg`I(qnUZCJzV`b4rXdkN8t_`YCO*9CU}o15DY9@Wst;a=gU
zDLAy6goVADxaz<HUmU5nFi5X=n`*<_Cua|Qs5hIRn&iPeT@qXO%-56qFoJn%|6S@=
z=W+9Vl~PhtrWmqh<mCL$(&P5;-*4oTJZJKC_2<uDNJ-=0cWB=%yR>M@5^01jF@EfV
zPG)7cdT7a1RqCr2b;A0Rt?foM``Yf75H~kX^8Hh8a{Hc4SgN<9;7NPlUfj))2R^>O
zb(=;{si>#`qJO~PcEPO}*Ik-67d*DV2<UzH{P)+d-|=3ac=s-A*G@x^#Xe;L`NUG3
z<M^Ip)3oN7$2w}NjAqY9W@VKBrglKx-fr6Tjk_I9Pf5NgC=9t?s;G7tgpnstvYKyh
zUvgNW)DyNF=R8-Qr13B_^<vZAIUS0Pi+XIf?|M4Hnw|(;khZp<o}NXSo?}yH^G#WE
z7pz-X5{<KU{p~)JnULS7Q*wgwZd}NU8NI!|9hbVCS*+I^<SZYXY&lmdn|@?nXl2;%
zfjMCU6LvCZ`;>O2<2Jv?-6?E&cY3R{!_Mcx32E&rx7u$W@$RJeIX2~m@wy8U*2~tn
z?iL(uo8%X@eaDUo3JTNtQQCqLLG`hZ6(6#P2j=EQDL<A-an4fyBOzplL0)?L)0^AX
zOLu8cGD3^m+w<;9T|PJU-ixT2M|}QZU5x5|SGGt023S$%mQxF@)f<+i%^=Clim#}x
zecjQ~(RtW)#(|Zx>1mH|CC{+xZB9;4PcKfG1OtW2v}aqjjyub_XQFx~EW^FG=oNa`
zmG4I^eKsZ`-EfA+`OV$k-5@Zm%MUX$FvwUt+<`B_biOTU`K@}`sX3>P9u4^LrfyND
zpz?%g`q;>2E98~e2#kW~?KL}-dA|MN^cU3mr{veU3Isii{Z^+WCy$>zIilR+!}a1~
z!SIr_^pz&_%p$YbdkiNpSDQ1ZEx+S({>y!<4jwv`R<_a1GD5SSbociaH{#utt=4=7
zY6Yi%BQ7siIX_jZI`v9kSwcdB+*D&%508gHG29N>A31hx%BT^ip1R*3mPXh#M<K_O
zmsz<&NAclRuTzU`Haj1q(6Z_ZCF&e-a*s2zvhJ3ZUE)5!4IKJ3o5-Lfr-U0m`plqU
zhHBM`VwnS<K7IQ9`Sa`7ulE{pvb@igw0vY=AQ!1<L?<^&;NlO;+j#io0Y#iKW5%pm
zvj_wNg3KeS@)ww9Bz#JCu`~&Nz5B|Quh9}xo8(k28TXJ7lg&oUy0fCS8l-C1J))1N
z2cOu+yik)6AAdK^?1o8I3!nF*jO^s(xzU}+(=YKl_TXac+4zGGA3ZXhJNIE_Wy;Q-
z?^_-OzJ8oN+c`NYsj&&ZHXgrkFVAs!Bv6sFn7RIZy299W?<OZFC!n_*H*SoJi!1tV
z;;`_pJ4U6qZ^v}M?d<f<_TRW|+qUIt@$vCS_2IVR2fHIzFIn<?q}{?keC5+t?>Wt}
zHaN}Pk)bQr5@*fIICUzgru{5YJ;r|P)Ql`fe%+d;lF@6|u2of4ZLdpkjvM(_N(c8W
zmW*RKNqI)C3NEx>>7G+|CtK~SPMWG@Bunn?sG#@&O@{XLiW4WQRdZJL$c^uNyWx5C
zSF2#3jJU7sYGS`inOJOgte+dV7YEa7ki7V|oFJHv7>AI9V3OQGl#Oz!e3Xv(M<67M
zE8@W5@c6=13CK)38p@=h7QyTwE;VcxKIMT&4m_VtCOO+>*(_iG-*x``ug?E7*>p7g
z-%$G<zW(v~e_h?VMn-@7{lCGl`XB$1m${mqi!DrZg21&#Ts>_Z$+ieVQ(JqnzOA;l
zorfLbg%w@W)zU#Id@hs5*VZOE6JX&V0)x*FHr3V+3k%Z<)7Ro~1GPQewZmaYy0E3_
zttJm^rbXw|36?`s!i&lWVF}=Eq4*)1h%JZ95%8I86mj9gU&I1^apiD@nfk1G5o{WR
z%VBc_JcI(PEzwXOmchhPKow__7k0{GvR5Kplx0ES@grC$kAb3mf~ZE(Ai9O}AI#;f
zKmmzx3P1t0XgnTaQ07l<c&%-Tmo*PU`BVfp*Mxb~LM;Yz9(ceXKqI1`LtA|NDYO~P
z3C`uAd<#zxdrf25i#XH0DABz+of(QS=@taom<s02CBUR6;=6z}x`4(fz|p_E=f~m%
zatPl_Fa4uw!S=G|%%DJo%Hl(^A+xde2#-sHgNuIeBb+BztO*SFqfucNRG6xi8E9z^
zmX^Z~6t11Qw&==S8~g09+S5^?&0})d1j~P6wXyDne-LvuP0b<fLNql27r(I)W)L63
zS2i`28Aufp0i;n^JO}U&Z!TaBNYTI?=W~M4fhm5g5Gj6i;0A0WUXgEBR2>!vBUp;d
zoCz5W9{pQwg(=zzmK5yo&$Xp<!q_lzJHgUU^zJ9yqroV+V$+x?puld>)z9?<>?fbY
zjUZUg7ryzq)-*0kXYv67w!$|**&1pV)FE5p8{|h!G}j(j^@00CIt-$+1ymN+Bf-)M
zyBJbV^dF1Dpw{Y4Hds*>=!GnN!(<2kjR_6yfiDzvOn%9Ou70wkFa}tX#f%8R5){Ey
z!0IP^5byx`1WQl&2N5aJPjvuShs$9JR|mXd{ezDF=^}xDP*^|@6|IxI_<CqxL)wV!
zCQCpCwj~hNVxxR*k?9ou5K^09=_<VO6D$6sZuwj)Z6(Upwh9DhFW3(lB3&IFf~Ach
z5b+Rx^f#FIqmFsBpzk}iT}1hRU?2+^SvF71K1bozw|<1}zqh)BjH%G@4%yUzS%-<W
zftA&R;|Q~83+*B7_?t}xp9|A@3AZOE4<@Z-@`9;+8Uy7b{!|{=9yn~U&5AY+9>Ql(
z`3Q~5M*LAI!qB(Id)T^alU)&EzBHZ|LWT;D^6)>}C~08R<1&GK@HuQPlrGR-LuaCa
z9Ju}g!d%-_7UVRK0~Uu5<N$0v6zn}F2~<b{iU4&)xdBufiePoz;Vm%{z}~FX0t|ym
z*TDbQBC>#M5(vwt0COg6Bb>4@Q3(P@4`tF}&Q4KPE^OC>xmsaz9xTl$n30H0Leda%
z!hWp!1`lRQgJf_~UN8r)CnDbRIl+)-z`#JpkRI_&b|_~hDx47Du&^Z^Dx-)9z)E{q
zKnD!PVj&>HWT7y=!PXt&1b`2OW58T^c+oT?I09^WFula;g8UtCMLV1tN(DS6Sb7QH
zh?xy~Lc^(WWD!pxQwO9afQzDl9Rd6>Di;-VNjM=M5IW>9gq-zF$l(~UGLeCnu=k-d
zE8d6Ulj6NtEVH&);Z8mRMGo=<kOP7$O!&e;ry#sTS)5?7+9Ll2451?$<U7sywqwI_
zzU|uIX@^MY#ZSYYVOCnOIsQq|hggaLF7JCw0m!k3pTqHxU=XVgX6_;iLKRkZf%?ee
zaRw!u$3_&l7R_epT!wfL*nEa~5Ch!9rUVlY30v@hnzJInKmTT>Mf9|EgzF51<L`+g
zjS~b65Zs;MUrhr*qdUq%fh|G|Fow-!24G?iWe(d6#mhVEM;saOgJ9bMUr5LYIt!t(
zs65`Fr-TNY&L40?0gnc}P{c=1N1K8MYr}dtzQ8E+#n03KdPfv``cyg{7y%H6%$$Wy
z0$jt~k#tyr>-!=9E}!5=3Bp7IpixJ-V+_!#YozT&jev9-{2ZOYL<awvMA-NToY6sS
zKzueZEF9Gy_5abR_Dn91j|2<+f$ob{R@gQ8m-YRc4S1iBjsXvJsO$=roW~4gqryDU
z1NKn}_*k>)Tn&^8GfA5vwp3s&0%0a+V0RaQ%@f#02La0EQW4NiFqO-P_7vEyABz7E
zg1d#-Eo6|Bf`l=cGzOl*VF6_V^a7I}9KmG<GWg=HKxC32iNM0s5lA~TfJp=PJQT%3
zSuWFGAly<gMYn@WhB%`Psy`9$#9WCYuE2REB6eT`bi_sgYyeNVIXR+01-Wz%;=lnL
z2!r!uLpR`-V{9Gdnu|FLcbgy%7w)gZJbPF@8cg@_gIq}_i_bBIk7zo(Xi{9Qoish>
zTRShL%=-bOXhR|ZExZV$<6+txhO&URqiO@j5AQA7zA(E7)P=@CIDF`fh!`$5>)e4&
znF~!9w&e_6lYeZK;UtDw<+%h)cn?|=7L&&p5-XzXJLgO6Vu?Jj?>@x>-|w6<sy}d_
zFhn8vPs$xiWijb6^SBt&p~2!~Rst^5La3o!u~C9x0)`#@83rN)ns~ylG=(6L4nYV!
zEQ0sGK}u=_gn>e#v>@o~5`ZTJtda%6*qDH5TMA7`u!zh-CBeQ$c384HJ!4TlFcYBZ
zh_1e=uCA%R4p=skjtwaZCUnHU<B^abKjz;zR0jKephTIlve^GLeD^QE{tEvc>>>TD
zWBfDxSI6-C`Y(n?2715n-~Ytxe;EIj9RmIiM4P{W++RTMzaPl`GcrgJp}Kz?)A<GH
z{sMG=0lNRBgI|E|{{}!;WWxvc)B&6Rufe#`!VdI_+1SB&?GOYGc<Mv3S!nV7LHvYJ
zX;eBI1VV2Z|I%Ox#-%Y~CUyZgn8Op+W~2J^I4lq?vmy{S2W-eZz82mCtF;6}HE@f|
zi2z$5uv;*Lw1cy!CJTn7a03KxLIBt~xTw(cfDx>gh{g~gr69<KL;M&J2EiPg#}ROW
zz=@m);1k2r8cf)aNC;iPLkI<X3X>o4jJ5D&KCI1%u}2tF3gIIr+y)`e`@=B<*#c}Z
zaYOCEV6j<paCH<1sv;J{S|3bdgek%==p48yVgcyC1R3C0qG<4USOH`?!ouPxI&hho
zEa9yDLDU<DMfC_K0PrbZFq6v^0~cZ@K#DPpUW|}o62j+vGfz+|@Kkn$c=6%dixwQ?
z81O0(1`teOLqIbsZzX7|g}?zJM2Hs^FvCy`@mL~2jy`A<B9=lMyDh@l10l*G;NgWk
z5rk-%Y#K{|0p4%|)L_7_U@nu&N5Am{avw|#h<FexEd0e}<3XofMC7kPS%e$}aw8Z3
z$F&CF|9>l1B;>+(IJ`(g=qMM=PlyTQMQcGH(9CZHVY+Ye?|31i_*jT|auIDy5jZB|
zoCai~85XKzbPtukZxp$r+#n`TjG;pw1C9i8;kN*EqELK*h(TvO5G7(F0c8i}@;Gcf
z#~(W0a0RK@nhAxG$s78m0F}q%(3sdstRc&UhqZ2C8gxJ%fg)-_z)Cm*eu5Pcsh#*E
zv3TMK85-gsDH2OBiy6cetq%5;3}gpSqyt2ZP9i>tLuUp=5D{Pr;j}Q#<}rxy>n|Y;
z2X68(b%!fSg!9k_qQ(=Jc?|{z4KGqWF?B?tLEu2%fbm5v!p03_!18s2XTs#+0|Z<)
z7!t+W0M+4fuo2<nz&r5q01m9)4yQ(g-wa`f)pTIt;G$CfIiWvL7olka>k#~HamAX%
zfMx6bQM{0EV0dWC24)5I2~YvNDmEY6AwW!lA(G$C_M7~8%qJn@VpRy4g1EZ7EF#;H
z>=1%A1zZz|$YQd`d>2m-1U%tx?d;)=xY#4s&fdsEva=l#Px5kgCs8Pfi#tMga&;t=
z?1%{2+1An1j_mA!*noD<E*^*@*@^4{I`wct;DDm8$RyCt9`8hQx1A3zt!>DTWDjp5
zVo&yPhJD(DPOTAFYj+Q_t*4{4JBYX4U0o<7FuWb!*~OXcY!8c}kYJrCEift=3Lz~5
z7YJp(wWA|86s%+A;*Qa0>*DI|PIj2@fy{Stv?IAw@HQksnYE20NjMakl&zyR*@=kQ
zSvy%fkg!%Rpci-SF%fl(=aaBoU_5JQytS<d*~J<11XjIr2bV-JOLvcfri;lG5)rX>
zCsQCp?A={J_mG{S1>~7C9<*~N344L8Muw~icm!U1Qb^xuu_IYKg1#t_0&oK_epu^=
zXx;xgymK%XCoIn~SA=*PYs0s?rus(UzyA#4iT_mq;{T`DU*W%l;<<l$jDM2<TmJ|6
zuc7X*^S}R**RS)xzhL8Eu<<Y0_@B4`KMxy=q+1LW|J+INUuf|!wD^BBTKwOB{CDWl
zp8*wsT@O}+?+!T%5eMF1;+jl$fL5@8rpaY;wEVf+Yq%VLl*{L62QyiEAd;g7^HHv@
zfmSd*fM6L67z}@h7sR2X!Y_Kh9mUke@IlZ!cG`$9#t8jUL`*75Curf_f9@2k5c}2s
zPTB*Qfda00=NWXWaL7m45iTBz=`?~xYY2lA28R~WgP|W_Dgp>uL8KDpvLf&hI}sm0
zL{N4p6WAz-Zw)%oi6?)5Tv3F?eLHl`f(HX5kb#+F;3%Jn_zQ$MZV)vB38S(hE`%2Z
z2Xd)&KngZVRs@2fp~AjI2kW#D8x)~pI1>iXVn`6|gGPmB2M`Z-`yieWA0KkON<2TF
zfX09)<Nk}iCjpP5N_yZ!VH!jhZ#-xs!UQIhn_x6(Ab|u!g2@1K89JFxGGsCnre_Ed
z5L^*q#RFMH1XOepQ1Jjk!4vseg9r!;3M$Gfy1=4>fC4W5RqyKVnMnc|P}lUQB<X%<
zy?XVk>ea!lfoU_kr6}!A%+ZW!MoLMsO@D*%<mZ0fw&%jmyiD~}!Y7Zeg@-dqm_Rd|
zb787}25in9QkF_=)c|m+hH7s`241wdTy{sA8PUCQ)ZwaPsKV^CiS4=Dgdgde7OX(L
zz@;wtLe;S9IBis5qxCv#2nHYU75hAPswpJ)m9WsPnKEUxDp9>6K+WfO(QQOPrwYSy
z3N_Xstbq8;UNKAe0Gi?ztEj(6x<C_W;`Z^X?6OC8lCB7%@$Ru&ksH;&GWy+8O)$|X
z>Q=iH%Bcbvcz;6;a+%dR>{vFIG&ULswrRr_?WD12tn6ob$({Vpfe%2;NZ9o=t9^EH
z!6D3y*3F=$moZ^AtK39^3fM{ZDp^rQcm)87BW8<XP$DMK+&mxm;q}Ep7`fRk>?}09
zC9epmj9(e_^#XkSVu2)e3{YP$P+O8`RCq<uQ8)y$p@k;{tsMtV03fTyWj-;_Dn^M@
z>sk~646K?(YudDOSPfaG`B?-0AR5b)6OSf$Wf@S-Q(|>wyhEY|(&Q-EULaAB9IW&h
zErMk%C%<EARs3lH8#G~;Y2sD-9sf5V1<+rl-w1lLbbzP=J`8|(V}TwV2zZX_G=(fD
zzaYh_elIcA^$_k&GA>Y+U#Zkr2k_3L1}I_1H`J!K*n^jCcz=RUDqff3cj;RITRd%m
z!w&&hGLn;92q={*Fza;I02?4HPzUfOr%$-v821<hyulU6bW?;pfsVvR=NL)gDbA{H
z(jiRmX{R>&!)}D3iG1{Sd+|sm7f`6C3K)mRSO9|`5kGujBqM`bfDnW_7m<z!U4m?;
ze$!DkfR|{RtU`;`VlNVR8Zw5?8lwmZ@Nhc8){%X%OR%wn9>6jcMR^0I7Q~D8-~#MW
zym08ED-GZ^@Ezigm<>grFQdddF_8-JP}TVu;U-287CWQ!Y$*k+L`PhS&=T~_&$iPT
z(`&-bjsecYr_x*2Dxbfc;sxQk<Z8F-L8NfVjLGt<^ga#gE4kz**H*akbayScmu^i1
zB2n2A0H6g+OI3}ZP>lTn*q@4vPdBuB=MzzS*vZ`}hm59_s1o;CVs~nEE_mv|D#7@%
zCindk{#W8^HK-v|O|9}}a(TkX8Id6)5+{x$RO%EA81_S9R0YQXXGX~hDmVedg}Gg(
z_wdX)tkR=+1v>_vk!y3tz*M+PF#w0)jbND&2?EuXZlpsx^<%vRHOkTkL=Og*P{Ms9
z6PuF&F-Blk5x<gq(21m=q_j>ddSO)t2x+9KLg{J<fg{WzMP6EpBQF{LsjwTNY*A-T
z3UxI+xg)|jT3L2D91_|J$fasPBZd@|$P*V6okx&k<S0tth>IdBoZ;69M+Gbg9)+f+
zH6j@3ZL|C9(3YudWRzq$I`AbwKCrp4<D*OnEc`$~TP3s=K`x71pb!RGmmUbJxX~(v
z+9nhQHI$&-0m6h4v4X&e(rrW~okkK{C^_J+PzhVB`8<^G)f*wU2FU+;CEQSk1>-cD
z;+m#<ph>|O*eUY5y>+f)y$Flj6GxCHkELbDn{n9ftqcbA`fL!amd-AaVke2?(jeMF
z88Hy?RDukMGH3q*lo;8K*o>@H01p}3G>(+H7IJ)$YK1jh6v8gSvU&}bj9paVq7|X>
z0}je3;Zf%fC|bFl+hobalnp!JBn6#qVIdikmZMxk2r9xw6UGeA2xvs?n2J<%RHC)1
zl!a^g`&>w`TE$!q4NDrnrqrB@BCM!lBwiG{x(Ee@7{KVBQ^%-iF{MeU@ulkN043gG
zGLwO4KoH}u(V@@fdTgIST%#*R6fS&e5m1~CpjrfYa*2=3OLQ0xxd4|I&Z7W2uW35h
z;43L1Sc6TKaj2uKn^Fx}1iXOc@_9Q4xQc}gkB<!z)Z+<J=TKtKJhv4z4-%xivu5;`
zN6A4~U~u$QkhBA$6eGB*ur1~w2m|KMf+0smC{oh?^q%0PFan->D+}NW%cwvY@FTg*
zG8Hp24F)wc6Lj&+2Zj(|Q>-;`5?s?|W+D7RuU9Y5hEC54!>stZ4hTBh4P2`v#8k>f
zFndJ7Y@&RkG6B{uwmI5`u+hOB33bPbsuKFOYQ|-x9;rlBH;W|1K9JaCMsUfO4TmgK
zaTrAcNtb7S9c`#ha-qX82@eG-8i%os#~S9NEmJf$M#Y7?S-~4Kb}Y}UlS;|0nZBNa
zykU-oz`l{AmPpm%EWvNZ$Asw~0NxG3&V*_sj9g75wuV^K62+@QuOQO}KndQYoA3&K
z9m5vc2?w#HP))r_lp)#%vIN9J8N@JTv^j3T<~|+313<{h??L$mDVi26DM3?06cSC{
z<LHHiMuuF6b^@A3T_=7nQgJtFln5wBxq$vaf^QIo|4>YAq~$m28Gt&5Qh2wQn7^x(
z)FVaxb?SwTpr0FAlNKoyjXhHC!K^7Dprn(f@k*3nz=uBJ6r+fcT6^pgog_p$VZ<FI
z_e2l5hYUSYTs|uPD@3DONvRs4{nauGr9@CRgUu#RcTTD$HcG6kjwaJ0bEF%Q`XFd_
zarZ&Bw0=F-Otjr#&MuKg3HJM{ytGRscw(i@>RlF9fss*m?!Z|6Ty&QB>eMaHQU+02
z15>@8u@8#6z$sw_5rimiQaVH9oXNnoYN%5|#Ca2jHoCmahATvB0ov`ivjF|AP1YKp
z27GF>|1=v?{JK8s@&8ZkmJ%Og|Cy4IlH6$jc{ZL#`_JFn{<F~l^b8t+HrjtS+J82N
z4LFI0{#Oh^83i)feVY8<!v@f3{CPHvKT+5=EJ>)5r_k1+iJ+!dDl|<3>fx(=GMSlX
zaPSoNW#kL0so<QaDl4WF5jthF9wVTso)W4%@UxHv0fRXRx1V5sv+O>B>itoDMTBZ-
z)}&9>V>SwwIYQJ%qwrmu7S%u0POhHdI2_Jpa|8Ms!xyHz@G5}ZP;jj%RekGvQB)Zl
zuYvsrYalaR1b$FWI9_v+vsvLf12!nufaCfi;@mB;D#8HBU31uVI@6xfYZ4djF0>hg
z{yDnN4nt-Y;dYzp(#%6)+A`XYXp-1Sk_Nd7siGq2C7}?BfgQi+<>qUV24sd3zm8#V
zY3K_N^ok(Pj?F{l)`+HDbBKnF=6&2ShG8Mu4Y)Bp9@RrfM71d5Vu(e5;B6V~g2W|^
zqTBVj1A1)S$YF#Xj8a4n32Me?cE1NdT!6$5hvO6wm|x+Aq9sE|fr~hKV81a8aR~eo
zY^;?(4%CQRlwn6bz$!q~FJq@>&7yv>9c~Fr@D3|RnxT>2k=atMELz@}O|&A~z3~S1
z;Lw@GKnv%j8|rXPu3~7?F7pV+Ol7O@Lp?GB-v>}o<Jw}==7pIAf_^Uz`EA~c{PLL-
z5P~5Qcd0-s+^-zfjBAL$)wzyD&3SU`n8_}vnSlpcNuhH6-K^puv@iIdSw9}mm)>zv
zimUStEMj~_8v%{-0HJ2gl0FfQUZ9iul$?YHb!XGz1X4eOBiTnYy+0Fk9jDD-lz4(#
z8M)P}8y$ONIdVL*b*b_rO(_bZd4fX@Z!+3&wlQOKdcOs0LRv){j=LWq5=QDoWxPCd
z6N3pP)PPc|rYT4_eDt0IzLB6cq`^q`?s$RV75p8y8#t9c8}Y)mZeZn;_0{k6ln`VF
zl=b;tJV+65lwQA(Yed0<NIIU=x~ZY&^c3GsE;PFF2w@_)1+cG56L2z_rZC`8l+sT!
za@w6byh6;{>p88+H6_2H426>p5EBSY{ss}|PtCzKhMX*Fk{Kp;3J^|f&LB9%t#RFe
z7zD+%NY}^Isvn7;7IKvyW|nER<xB6MP1<I+&-~gH4ZwUZ?N_*OkXB8%sgWq?pZyBX
zd?P|{;S&Gww{T(iKLFd<25Or>c*~QLoLtNO4|ziFf0E)7lPq#_1CJx(^C!RmiMams
zw+8Fu)Ym^bJ}JI&{m;fz$NDqoEvWq3KI)18la!dyEiC?fx5oHCXXS}$*hh+qkx%;~
z7c1lcdC231_+Jy_P0AyotGhxav<Ml&9N5ADbOT7m-(+r%RIAoiC|#pN%j;S#_(9ZK
z(Q+@N^||gw#nexPvkQ8Kx1i!L)l99Lv_1eM%<Z9inMOy&V7I2?CglPYSB)A3T9+6v
zLorjm5Hms)nY_V@BGr$L2)(FLnqdl2Q|D@cb#0?OJcU#=x@F=oX>lRFQRckBeVc0P
z2GiNNxtph{JGlx?{_*|wX?o?5K>$c)Zv0543YNSq;-HDODwMCPjrlfscrwn}RG(=%
zpamjSusl?{peYBv0k_BKo`XRiJZeBSw?iamXr+rwtprG*N~8-j8$@>viEfqjAdJAT
zrILuRswvc~Yzp;C_Z7>?Luwe4@yMr?j7JjNlm+P|Az5QW0<y}sh-L)QtTthZ#R)<4
zuq5kwSh~yc-BJ^~r^d(0BTH#wBf<<z4NY&T2QgdQG?_&MmZRvKC<(`!uaW@HszIDG
zXn6=im>nXy)Jc}qMvRRW5r>3dF0rc$6hkOhGpAAllxW>}nU!Pils0@HP3(SA0MxY_
zHY6{S)k-JiC$kw#oHj`nJ0KngFtGtiiH;sG3R05*C`;%nY{d#6>_n(;kH^+vtFjWr
zbJ}XPvVK`>@D~<CYfJIT>-N~q-?<-k*rd=;$6swLLHl9Yxqc{H_q@b#VH!i@hXY+I
zQ9PPTM{1*A)6&ShXg*@o%%C2fSwukbahRYbN6QE=D`26|Z=)UC<+!kU8>;A21_V&4
zZ<dZbepL?$u1OLNQX<=^2~8Aglt`c%pj|4ADw^P6KQtUNrm@0cxHNn>+QA}CEmBKq
z>|*ZN5>*%_73wiwWteD`zH4p0qH(_^#gOf5-n>vRBeS4aes+Hng_YDh#lsky7?_z~
zfYoKuHO<jSc2&b}V}MWrjs2jhfzXiF;*>XPLtrk|ZhtXSAMTQjttj+jsdskoJb6@5
z4XSzsjM0iGsB-5njhq_|I|+)B0`p;WKrbwm0moLPEGlB`c*ARrBC+w+DE$R|MYA)q
zR=~W#F+5f-EF@+vSV-v3-Cp2qupvGIT9`~b+GJ4x$cAb&HkzTN#BgJ51^uC$k2YOv
zd-#Mj#tBlX8X)5^SKtvF*zb19aIt~g{A4CU;l#mU?ml$3v{b|ihK(D@Usxg9SHM>p
zN@&Ao#yZ5Jx2G|bi`cKRZzw&ScuvA7BNl{ihLW!Yu)fN$LPmgw{!IXEwZeau$djZQ
zXfuIrxms-pj<teNRT%rIq3~un2HgNqh;zfrU&~{mEG4Lva&rpJ@XtmI>P=E2%SXXS
zRY`yuJ`^K38Q7s5ZPV}xVT=$KLkwRodNdf93(j)893Qq90&pOhrfY_+n0P2=gaVzN
zBYuNnLD))=-^Y)qV_+4K7LntXj=PZG=%on~LfwB@Xem{9YjN=^y6>*33L%!7TugJ*
zVn7X28B6n;c<FQUHL)}Z9cSbK=w%Mq!I?TVmM~nepMj2<DS)`NF<<bIFi9BKL*q6I
z9N0*<(b$9vNt(_bae;`7O$Ki+M)2)2a3gji8o^86ahhxp*rK|4sDD@`NSyQ_Fw{a9
zHtM<<BJ0u5B7P1DpbxchuSBtt(l9y#`;4vX;f&Z?ILOq+ObQL|-c%Bz{2M`E#2ZYr
zjLu3V4*=d&5N1ZJR7rl907}m!f>;$D0R?1nS<qXq*|CA3SIAu?u>+C#*c4rkFc9~r
zvgL0AX)}y%KwPRT^^a+3QB>rPiY6$8P2HXr6(#<F6+wa%jg>itIExDv@s^I|RpAPj
z&>J_bXx<8(depiV$W0U*6n8;1tqex66Yt2*OOxaELWnDAa-2l2<P0msN|GO4W!8wk
zaI79%I1v=ePAbra<IJKuCg3L#aX>&L0$`O=$qSS!B<~2%GhYUbH&s7iBm|ca-Sd@l
zHN>Wf1#22jLCBHB27G^+1DbRBDs1s_anW)Q`C9l_95~immy!XQ4x2ChsqAe6je0T0
z&`l(a!AK)oxcY;{S)v*cm%i+*0J$_a`jK0yPpVKXp%f-gYdg+``oVHFjL8WdnG-zJ
z>zg$;MM@CPBXqvx9$TNR^&~sCK^fT7JeB|}r@Eq|Ig7-4kEg<;HDoXXjwN-OUC1_F
zUu4iBQ2Ps7K3ZQ9rsLAXBI?fa{8re8xNqm=(oS2V+ElR$(Sq?P4-{4qQN$=;ScwkK
z%&U1yc!)b)r9g_2Zw@*lQH1h-2of5~F1#&4QmsrAfUU6MrKRcH#Hx1}asrt8HBe~5
zfQHnQYpEdyOCc3HRO5tc31d5k>N<GCr%TkR*pO+O#EeF?&RQBj-k^0M%1!F8&c|Sq
z4rSX|p$UUh<L!J&1<srfdz6WK6Jc6*I*oArf^8s-FHpRtL{`<?M|&|6Hh^teqsB=M
zkb$r`d1OBd;!*4)F8zF?vj`tHx^s(te21C_Ftpf*Og(N*UBMM1!WX*m(jSLstI$d@
zSCd_);Ku;2fzY?73FLZLz)4llzhVjM?jn5JJ|_m0wXvDeyAJ|P)Eh8>a&k+y7hefq
zIf*u5M`@yPlzCNDEm)!IZBl)kOf{O=0yOU{XVx)Pbxj*#t4IDw<x(aTi54%3U~41&
z7W;4$3Y{W}w^L5XOO%ANEgTDAeZ@+%;qx`6vm<)c@&Ijy91|Ek)5gC>!YdROb-Y4m
zBZ4KREL5p9Y*N@lFiS}CQQTPRXipE2u$W5(>qVF<;6bcb!3mj;-pJdB8tB{f-mE5s
z;Kz{F8WY3WOtviIh%z04EX)=M1dFQ0*(GH3sj4n)_5tV<4evP36T=YQq85RCH15Di
z%?u)kY*;&t4T#)MLvJ&@@S*BSD$B>}HnMKN9!$vKnbFWA5HLBJ+fbPY9yA~gKhj{w
z#5ss2g=;H@(w~U>tSS5$f*!QYnFg<yUCss>N3VMroK*lvxIV7sykZ-UmNeogZa3p~
z3?-Fk3VLWQsoOB0!Gord_Cz$?p}Q3U2Vd#74`}584j7sTl~J@-F^_x;6k7>;0(5^P
z)q~OwcuD?-#s&GnvxRjz6v_}CDu%R+L@ZeMj9mQs{z*fpG5}i4rgL~+5K!$5WM^#Y
ziGLgEg2WoZh^~l>gsH@X80jSWL*pJ@0qsnTLm`78w%{a^EETqhlOEs$jTmFpdE%G~
z1MC`v1(Y$}9U#XJLIArgV5)@hOG+v!;CHv&mFOP~Vh!-<h3aTnJ2z^etyGXE+&R%o
zu;mUFX~>yu=$sS#G@WFUBBV_?utm@+F6r=ii?uNUI27b_u&f}oT+yxfPK6ACmxeE5
zA`)yv)4nsnHd>PETo@|7npcKnOYJKopVrcJZIFclqRSy5&VLRz!?zHy>0itMW0b-$
z=jd<_gvQF0g((j|2Z-=t05+M9-3UPThAAjakvI98>)H&%;mv_0G!JKDw`PPyfkZnb
zVt<uGOp^$<P&SkWJkvrwEi2C432d^R5(-5M$nXUr3N`YvHmwqYqLr0mA_+AqppqyR
z1tcr+)zZpkPEbKgaQWa14Pj1RYvrkINAQn$cBE27Q%4KS1cUg{us|}eol2HNBWrky
z%ZIn?c!_!DmeFJ}Ct1xo1c11iR+&TWx3;SM<2+&Zzx|YQ74u*>U>|kc|Hj27CMSj3
z|EI*IG}`~3jpu4=$;Vfny0uU{zW9XLxFodWOX!}Oa4oQfS~2Ejz!<L7mQTtVkY1RP
zou4Mh1~q>yA+WIkCBKUCDPofy@sh+soTN(DigFi7xiL`D#_B~=l#{H*m2w2L^9Th!
zUO7e!dtXNtd?`uA9#!$CHYP5P@YK5h9aU~`1NBkg{!d5<jsKRMl#<lA|Ifw~vj1__
z2@N0_##3VB5@X|&(X%ZfB{ivAh-aID02HSVgPjIDei+$sMM1a6C9`d3paFnl)wtD%
z5nLM<Y2W_V0Qr+WVf&wFA#6YfpdSCP`1r)o^FKL0Ik9p7pN;404zWdUFPz%2O-tmV
za!iR%3w(ZesXY8Tu92u19rB6)C6%}(iR5gHa{8;84?IohfB}m2G?F<%#o=&7k*<J|
zFD{c|?~C@~_d*y;+6eJ!g#NY=n1{3x@DBzblsmGwBP6B)39p+Re-gEE;P{8%=L>{?
z$66y8Tsrb%at9C)qYPl76UUrMZjw4el#CJ|dts;tgbRmQ6dM|0meNFx5atOL@Gd#V
zO`#owUJc{wWx4bc9Yqi0qV%=mW6Jea5m%+o6$(iLL)NHs6bGn2E4)D~@deR}fF*h2
z8A$P~jhHh910su6|8!?obQFQ?Z;jiHPyJ6A{STm=->@Fwr{Vvdgz{gb|L>W9YFYnc
zAJa89fctNK{C`4XQYio5EhV9m|352FL+kAt!vB{xfZ<cn7zp*IMqfMXZpF(Eq6X<0
zawyc#QFbYEub{U~X>jGF@G_(xU%~|}iu;fny$|d2{Q7;leMJB}gE%yvo8B*z`!aBc
zFvDy^9me8_tC+6J4HQ?Bi%qROkj7RNUg4W6W~Y{BFg%1el65?}$SCA_5bH8^s}i<u
zyo#eP8@$nqhnV1*Zj(ebB2mwV<z(i@B3t#gxuIxS!zRN~+CH-{HG3GF><>dLvBbC`
ziE507hNKvM10yrsd2)MRVV-GlmBd-6xg18LY-2ft$tn~i@3_^l=#80ALMuG4lIb(e
zDr^J_tP2}5FNpo5@z)&Y%%aLv$mmVO2NN<*a)U+}N4JS&Yeeo&erp2zJAZ09|MA}j
zIs5UcPyd&akPv$Q!@I`w|7<*HT}p2Dj5+mq9`;NW0;#bAbNkO{*`W|WWRxdGhD%P?
zm}3YFABnLMRgaf>hm^6P%Sh*l!4Y~&(3F<6MG_s3*pc%nyx2U={VnlhSDd;bx9op}
zOyoRXL8N?pQREw*1W|T8;^X3g%AZuqa8stOQ(J$-{>PZ&02Z2ssUao6(}@2Rm(Z<I
z{yQ5_t?Q3@fEuWe(^&uHl*GpMKO0Y->mO_wMbN3Qe>eE8asAK6Q{Vct&>GsWNds07
z|CgK+7sCG~#HA!Q@_%RL`Hk~`Sy}S0oS@PhaIb*i-XATISHorU5|JWKC#9DOhAgX>
zX-|vnUZe+}%;r?me1$C2X{7tY>N2e_=eUdf82Ot=x5xXW{(fJnU#X}d>B|*wX;3Lu
zPb<@xwT@I@A=AK=UsjUO2f$fx#xJXtm#wulN%Dp1y&@(0s;gdY3BKy8Q&(cIy6V-Q
zh^wwzwI|@JvsPV+x3FF;gFbt4Qu(%OU5HankX26u<g!!Y4d{QJWCMn<{e~1s^-Z2_
ztxR_OMo44Dh~r77vN9j;kyBcc7DLloom4mBsja$oJBiFzC)Kt&yA`$@F}W2bWyaA*
zM5cODTv<;)$CWvwv`CSRZR@K@GhdY@_Q-Ji0sOG-SPBpyfCyfTOcf<Q9?YJ##L8jp
zPm-5Ic8M0K$82%XuenF7o@x>pl;-770yJVI%bG~Spb@PNV71$YZ93}8?#vY~o)T2I
z=sr@=D%x^ltdlaTAHmjH!!ne1z-RiE>sOc(g_Oa-4GtOzMgQAjQmN2~DR^kKmNJK<
zb8KgagIO`?4|Bzi8WzB2N+LxG!x2L(I5GoBY$0V~_QbWA#BsrL(bO9N?;E1RqDEl>
zM+GLh$3kK?B20s{&0!YOCo{J&KL|}kBfB264qZewHYfu~Bf!B>F+4O`J#oT>5{u}n
z#F$~V3<=!-?1=zOA`vl`<bh8UF%3X`QfgdEYI5=!N&^s@2jEv;aMUON>4*5~_ffa}
z7ayM(9~UbBCB!${|DBbmQT}U`{~G1L5c!YIi;8^g4=!%Vje_5wL+~R$3?!v-PxjmI
zTVmubnb?ykgX|HO4!BWxG`02n5gv6af{p8xgy&5*(Jz|%HqwCskf6r|l*fiZFeC(5
za;YFE`YLJqV;a4$f&~krksM15@$pG+Wm=SoUK9&J3}ta4S^7l4a<5DA6C;0&utKFQ
zXhBGrA;b3ZEFYEJAgxLv5d|>Zfu@l>i$S0yeh+ae(8XP78a8s!uj&${F4Wc58vv=q
zuVVa)l0cQh>WW;h7`9ZZWtlztGGk;@oL;gcp7&#1HcrH`C@186$$HU1x+0&S8zZSF
zKs$1F04A=<`kIhb!M;El>ne^Waj3mp{T#rK^|K%{wrIYfzZhhF1uYL{UYDnG1i~(z
z4ox7x5=4`GV_8BPDlrJYoLxe^KxoEo3@Q_${UWzl@w-*x3nuy^&Glqo2>1aQjs!Vh
zrEUlbk|Ga+vj+1rkOry+bZNML!>rkKi5~-Ci@xYs3_Fy`U@3IX;1$Ou4nZ856u5eF
zPEm^TREErf1KF6!atn4s9(qG;-=H@Z1;^p$yn#{}DMccrxRgq^4Xb?qa<r$Z4M_~y
z-3=MvBW5Hv49+mL_~h7rivLu`h6p4wH7owoAf+e1aE8`+(COPYiX~VyYiLA%#YjgN
z?Ud80x;ye$0QoTXL0;6^d=Z>KBvq~m)TY-q);(!ZpA<_UvaL`ok1{M$JRPf8sKhu}
zsA^oO<WpEEp~%x`6z~O$%S68QGd-y|)1=};CY2B$+gI^Mm=xyxt^<SP<enhZ8PPZ{
zHrF>A8%hdqh^MtQZgs)q;)n#F8<~z$nytA@X$E6C-&dsiVRL4y{-CCK+!b1JS+!ll
z#6F!=1+z9?XU^~A^i_0H=m$;i6Lf2e=JP0c#E<~bG-YWRv8+W9G~0pW@a+<Hg)8%6
zxMmF9Tg+|9BOM}wQ72P3FzbBwKqci0pI<eZvQvjJ$*||#o`5eEi^SyS#T4{U?-%3D
zO3%Hi;Km4pE;h*o4yl)~f@VF%v!Y7%0B53h5a;<|I7E<)D;|x6gDU13liA$)0m>4)
z!rAWExYeN<JawONI0pmI7$27u)dSxl6M~v`GFCRKKf5Yam-L7pG%<-OLQ`TBlH|Df
z)c9*tlM-Z1EUW#lwV;3Ar#}6!krzJQKI+l`#w8~th3bEk6C3@%&dSrM|83O&HtK&H
z?SC58z>V76KZ!P%(=x8tGg(&sIvsAj-YOCm6kDXa^#E@`kiU?rm@AlRr-*Nq(EcgK
zic76<7fUG3pevN>CpnZVgZ@e%DlV0PtQ3LF7{s)}vKKYE8qMH?>P`6H>y!MxYB(F*
zDoGX7CwD-M2Q$T@2NfKpB|tm<Dm|S^axJscOd16^>@LB|O1M@KPb84Gyi}ja4_qx)
zPmRe?HV+EP1*8-~F+OvLlntUD<1eYqhpK1*GSLOQ17#8WEcFJdPJva7Ev@9Vp-=xD
zDoBQb9AlWU#E;DN+T|l5kD2${>5JJ?xvEx%h}RMtaCwNJ?*cZ%?V+<P0`auUAxlD{
z#bR2e+wbPmK8FSlnIs(Iic^9zG`~y8<PcpjPZq-pL<)up1cd0qTn4yHWAb1G-=Idv
zNAemo123Yi<9)iRzSc#v$(VYx(}1Y(S<;|sk4rAaOe#T`JUI<e590O~dx9jZ7fwj2
z1o&0@-Iz0500@@@CJLBPq0%rxJa`N{(h*q^q<~OCkp|RZf}0r%>|z7wAapXgv?7tH
zNk=1@bu{v+>S!ncLz0v-EOV)T%v46T>1;V&Vz&#;iyzs?${xB~e<y^_bq3FVXPDYT
z2S9(-U*XpHJpw`yCRa*QRk`dGSpcDsUoBPbWZ@A*RKMo)O1>iGOmTe_vLY1qpc&K6
zh@xq}VmG<>F)e~bP7ch83{<3m)rg8Fow!tzkCUuB|HP3{GSC^j0Y^BF!dkc)AW4Qj
zgo(y5-cH78#~=&t5?C%Egg7m-k+m|re%S;sHL|-A=yse(ECw-9Js5Dm66l!3wizFt
zo$h}h!Up<hAkt{~Dp)_$Ox&2&%<qLRsTLkKh~^_bjx_ka>UNuOFt})n;8YXl($sjN
zn}Jaxj18eLF8c(6CrqJ8l_=bxd!$@qR=8VW6nFtg@~q>18o9X(nXO?1Wo60*dA*&3
z((^Or>;k!ee%`?BjLZx<D!l;yj<U;xvYlCZ1DrCH$WPC84wmzJ%jvm;<(sl|Gwf34
zE&cN|3ku}Cd^x*c|D5d147;42+bd^4Ms{u=xhK@i&2!2*+5NJe(5N#{#tvCi*_lwU
zx705)zgHIgncg!yC)+vLF89uM=3<+@q0w}?e|o+%yVro6^n4IW^ZVx&WJ32DQf^*u
zc5d%{=q0mXX0Fo#y+T)V=0NyEF33vH$st{(4}j6<lkw?sG_vw?GBWcEq@I~Dvh<!g
znY1gIRIi-$?0$ARBfVdGpG;CK4_e75#n|WuWo43A&|iA4l-`TP*8rIG%FA`;!=HAT
zWxi8X9h6;=33Mety8r>wJ3kMaM{q(7gjucx^>Q<5D+p@Yv?5Rh{~l0~sgETiGd%~|
zD!>uI3yBwQ)I?HEq)|^rbdlGdo=s*Q%E<poU1Yubzfc9jY4lOI{x2aeIUyxP{}<n_
zG5*upd8YQy?Q@>g4srIp?5vD@_&E{(Z_yO~%^7xNuEip6%g#u5j@hw)UiB>nAFcZS
zqm5U{9Tn-$Rvo5w`D^bbHo3dpV$qadn>I_qMUM^~|I!-mQSG*GE5?pJeoMvjtpl&G
zSU&PE9}ZmbMT^#Q(=M_+<2|`xVw(rsOn&e9@#3)sQudLJZ@vHBp&y&)eLQym@*jtM
z*Y5Mf&sC+zwYu|$*{PKU|84Tio}Z&9Mt_~xBqx4?G~#bZ3oHfiwa>A9^xW|E>(<TQ
z`+QvINsCWd?)*!OW>5Yypv%m8^XB<ie!6+{^xjXppIZ~xD*b)u1bgcH?aQv}KXmAv
zIdi(Uom!T(V@1U$Wl2M-s(xH>)2wrwH_z_)ptH+)@SJ~spM(GXdc&NYPBU^B0`<DC
zd-wO|UVFj)@8kugm*V=BTUxEzuwlbpcilC7`0$Qx-Fvny_~GjfYj#z(I=5HHwrkg}
zy?L>7L4Ng~E!SLf$*kq&AGMwOfA7Bg?x910i|<L+zRt1SSYBS<uiw237j~YVv$3XT
z(UK+SS*_7syWT0+eDu+*4JCOqj>X@5%yQ}E%P+tDuAUt%kI$dqAvt;L#*N<3Rt0zN
z+?nG2w2gFEj~+d=Z#E9FUFdK)nl+uja%J_15pt(alQW{y+a#54yu#=E?&+tySSIFl
zx}Zg~)vH%qt=1P`d{I%9ty{P5*|R69UB!qIUo3p=_S+8pYpt{Mj~9Kg=-is!2S5Dq
z!zDvsPMH1PH=7>Qy3bv-$kyVouf6u#L-xUMkASThNFBZ)|Gd_%x9mCe=%ZI%(Yk8i
zwwQjcn%*(7=X{H0)vK>=9T|jHpUG(3;zH?~`1s9RwzQqR%lGDgSFBul*<xF#C-N5`
zKi+3j&*;|8Jryzk4oIy_Z&~|D$0n`LKY!NDnafwK_*dmCk3TL?m@uK^JI_4x%=mHR
z>@hJ-ENz;(A35jTJ8vE`WJrE~&xId!XtDH#7hYJg;-6n0*tTt(W#S!oG)bNJ+`wnn
zxt1<mxNyjl-nS*ds<mv{(qg&)on<RltXR6VXVI4j#$0vPRW(B`mXXWb{bk|iY13@a
z-8z2M?!LkF^s$AXzwq^{ds@a^Klk<OAD;bpnXhS+f_({>HC^<~GwW+=9?xHVMe9Dc
z3vYd6T=n6-TU%b@a4vQpJ$m$_i!K`avUly52cA6V1=qT^^ZP$MW5(4p`zn`CRz8N+
zdgs0?on2;Tb^P1fqCtZO4IMgk<*=*Tw7Ick+vy8OjvTqj*~RiWG{1fOWmC_ayz9B=
z9Q`UD=(`|ldd<3Z>t1<jk#lci>AO9Sc6|Ann-WfVOBZ%bULKXa{OylEI#M%z=BQC`
zEK1ujspaEKmh3;cd;P9myE=5}(EW<mmi|MA?A^OpvcQm^fAhq#Js&JwwrtsxPdriC
z{fcJkeHXN~j8K#p-5+%7c<!Z>$BrGF_gIhN1qEw%`}YKnz4eyG^49wG_hfb4xl-$#
zn%eIEcV2$!rC}@m>YB;tW!=}jSu^?m^{%BSPTXEvTKZMtRrfbv^TMd6U;J?Q3eU>h
ze)J}etXY-1ddKovJI5vd`>S=AcA43IX49HYo4%>+K7aoFN0!F<c3!_>I1q$MlP2AB
zNo;Cr>bd8f<9>V5*1etc9_@bZwH?-6)U|8Z7JqGXbn~7=2M-<ul&z_$fx?BiAKkt7
zo=Yy2G6C0bdEu?kKQDC5YT2x5zx!a3@83A;s{7v=5%<8~irNex{^0KQn?BlhM49l_
zf3_doHt^<>uM3wvn^n-sGBx90UwrZSy1|!DzNT&V*s-tnU2yQwp_i5}J$T^2;1`S5
zZkUs@fB*jJ_H!*awt*esyycdf-Ts+<RaIRuZ{BCm4qj%lte+Jd+oelXn-&&J>$|lt
z-nwJkwt;u`-1XI0uF}%x7I}JB^YgFz&^5~Ei@kI8jmOUY{`fX`t1GX(vSZtIt5+*O
zFPYz=+T(dTedYZR%=lnca34^GZu|Dm?L02(p?UL$JDo3$+}fqf%pIFIZ~pYt_rCdI
z`mB80-&1yuS+jQSIg@uCI&=uoeERh1Km9buH7+43De&FS*J1m$yZ7t;`>(w4!bz@G
z^WTcI&+MCgu>1I9FFp2HVOCbnPY=wVJsT#_q)8LNj&9w$J?Y#3+1MYxT37UB;;#Rj
z`tR|_Z=KVw$+T(H{_&501cJdPmS>kNNlQz+_KN%Nx#u2dm)CDQ{PcnayXW}cu%<uI
zbAI=#Z-<qZe)CknIqxOh_~ALN){I;}WZ$!wPTsX+$Bwyk=f3eq567%mZ#z8lA5Z*!
zR+YB$^Tk{LS$g5T+~=PE{JSqkTzg{Mq?B}Lm*6)W=Rp^)gxTv{_dRzUw$W=<-(B^@
zOC8!yos;70ar@6dWlT7~S^BC#+cwRP9zTBk*s*~F2Oc?cWMq%S-|re%;BRk{FJAxP
zjC*c4(S6*{ORTf4>vtcVJbCi5W4F!DIoI;muFBlpT$pI_kXv88W!j<VYTm5LYJb@|
z{a{}>;^HcIzdN($&8X=~S3kM!P}ziIi-(mL7oTYN{>L9b{OF_iP5V6h!gr4y-uL=z
zuK}Ko8g<~c>K`7M-KEtU*y6B9wmLP-#9QnGVK-0Qvu4fRORm1U#CAbU%oD3p?|AI7
z&mP`aa<L_0lLSXc>(&pg-(B_Xrz-<{@{5Y1=H+hMv?(?=w(ylopyN+J{q&M06-N*5
zex$?V{<fUl+!ZgsT)J%gjOoum9NqQH*<GLBlK<%Jb71Q}GG`8qBx%7bPdxGV&Yf3X
zcKH1B&;Q}*IG@kgym|AccRcX-zXt%8|M`!n=^Zfb(ckUdQ1oKb&GDB`iy6A&l~-OV
zdusUylUA%~qGfK~JpY<5Gn&1>Wy^yPJ+z`|?cc7s=^=U015MgDO9$kf6<gR^lKwVj
z$}7Qr7vHmX$O|J@!;$Fha#6yUS6*;Yvvi=Bi+q!mSDv|P%a*8-6&D>i+H3syHCJEV
zcd^rIdA$Gk7fPEqZiE58z2?r<C5gj_l|8j@u9~pyaJGNtLyL0STJBym_1=45ANA$r
z{Kc(Ww!Bj=`{%UF;CQ^h{SCMO^t}=Y9GZKrCbxJntK%al-kCCB`W;OM-@0@CU;nzI
zb6#qfF1H;!-Y2d{jVr%t(_8MjctZ>8sFp3Yg&*9zXSh8kyZ7}AE^65_X67eZO`L-U
zY2B}o?s|K--`cEa@7|M#ISOAay6dsW+Rs?`-n;L@AwLIBTFZ?K@(&yxmy(jwt8nvY
zX=C;e*|7DQSV`J(Z`a8^=O@K}r$X0P_mOH`<0@a+ckJ*9t2J@nJom>}ANYR6rL!`3
zJW+Jtn`P51u7vHMy;^m7yLQ`_3~g>{(W+I)wo?Z^e=BetH{X2o<=s5EPrP17t2ND<
zcDUh&_LFyQKGy!fwwZfBdHM3&f7-Qu|0nnMU9e-=)LHACD_1Uo|C*n_bMW$a%Rh2>
zJ<pzh@x2G$zRU6TvB~GOocm5;lE0IEdY0TGf3dUeR2M+bGI7<aRX_}{0e-ntr>EY0
z^A{LIOiT<Cqzf*&q|d?+ZvOJ`eP@2NX;%B|j=b{5trOdQ9O!<<*Q@Vb{mILlwm!e)
zipy^9eqH;Erv9VT8;-d5Uwqc{@<SUp$xWtYJTdmiZ`c0wpHWX91{!wZ#TP#ZhuV?<
zY`08&>Zzx0n&p74`26r!FTQ(Chh=dIv#0I2;A!XHAHI2P!m&MTwhi3eOnuogZ1|F2
z4nMyDyD7N*$hWTt54xsLjXn1DoULPjbX+mvGfR`V;^sd1VAQPjFZ({fZ&8eL=|<q6
z;Ha50<;Ka6#umPjbJI;f96FSfmG#!5>$=*?K6&$((eB0DCx6nr&80P|w_l%Xe{XpC
zV0ZZi$B$3A?)qorQg0tLXy1+<<A+?Q{QOS)3De>q+OlO!>83|3wlB?G_Tk;ruB`BQ
zmM&d-?D+B5Uw<8b|JXBHQRd%$ck`v=7B!!mab)M%!QZ{6-L!A-7T1;!5)XZlx9QbY
z9Tnx<3*Y_N-)mvPl#HKWAN%ipajSmXv+$>hmWQ?ty`_9&R>#!fUN{&YE~)u^`}V2t
zd<pw!^)E4Fx9`~D-TB(~EnD*E_kVoj!bf}TAM@qC<>#IE-x)L4Jv?IB?C9tNH$61%
z%4Lh4dnZkL?A`+D^<Pf>EB1{k9|kX(k<fbbu6-Xp|H&txz_z}65Kx}mZaX%kbKV0J
zKKu03(f|1vgdzXe?_D-K=cyZhR4zSn<dY{}cwyNGF+Vo3#KgQkWr|if{_vQbmH+qU
zD7V}C%)si)+U@%GvrjkOP&mJ{rPKej_vL|5ZtvrhmK*76Pb$4p7}=M~S`td4t4&#^
zVFnXsFa{}UL)u+Q+DjX)DlOc&h;BDao3y*7v@1yq$@iS|F7wV9(dYL0{64?$_s$>8
zyze>BIp;agdA4(&=XBZ#7W}DGKz7-m^ltbozjOKwl|i4k&I9N;EvQl*Fu-2z`POrP
zJjw9PIr`>q#1y^RQ@x8-fF8H_<Nd=IF0c~iPj~Cl!y8D@pH)3pTz$L3Nn?n`=@&QB
z-7LLW8fiTkhOW~ORhXHX^-1W$xbon^*T<KVZryS#H6JFI>^SuNQ47_Ci30|24X<%}
zzOlwY!_{?%g9A(1xN$_{+l%Y$tfEd?fk`btId(|DVQ*MoxljMfpLe4-w%?i&_YesG
z!-sXcFPn8_Zt~8ZZyrBBwYWKIxry$Chm)L~UQ}NkIz9DR+Pm)S<L4<KoH5^OkU>mt
z{p-8#uV3jDd&IK=&wTo#VvEE2JM#mYRuuH^zHG=49lx?uN=hGZoedeVwe<JRX5AER
zf9lrlC@b&5l`9OJD?6+f+P^gVrT6N6hi2`wjJ{)bX^@qQrRv<%YlaSclNXseYHR7<
ztCO_*->V$sG3U0hWpVwJ%N29|hS%4a-9MjGT3kGDl)@V2(Y*(I_TRH-PcP5GFQ&Vu
z8<{sw;PYR0+1IJZ)-mOckCVEySQeh0Haa#WkE&?-bg{Y4+wHeo4Yl`!<~r2v_gSMo
zVS4{X(a}CWJ`V0r);sK5Rux%&r)YI@-?|33c}C2qWk=jk7AsBpE8phx*XA?jJ9GyN
zqno2zcE&t7m}gOe^;5Wf`Lb!;yT*L;-qrP=jZzg2Yq6wDK>P!dICA93Cr_T#KP|6J
z<5-71yPD9~MN>QCYH;YDCyz(O#%22`x~M&@JX}{)9b#s7B<)yU<kbVS3NLSB&ppyt
zAr@E*Wo2bRjXt>aYF9>KaCrC!pug;}j=ppArZ1bF&oK%ayDcrP8gO$rodHGzuRDf^
zSC?&1ou1Wog}u5}<c5O*3K>1RFDodxH?q&?&2<H74*E|^h1agHTpOjow)`njj)mtu
zZa6OSIxyGWef6qUql4~j+_>?^_3KGnwluzpX~{W!*hwwXa^VNXOyNyOm-2b8*N$nZ
zgl#TJ=zCRIGghSz>teGrCihWR<>CV?<JiZ29J<*bxpabixv{Y^<ItgBZ1?oowRi6b
zpaj&Eq^_*{7}s;~y?ghJjEvT)THU#I>)@0E1I0JDh08Av-nMdE(S%7W-MzgxTwUKc
z;Zu^PPjSh)PhTExw=mA^$8>kUyJQJqiyAjJJX5$_Tg#u=dH8_UfRw&8Hv|5oJ76{7
z3IlcAcD+nLG&^8%bA@7!iG4k*CF{n8u57(Zv(Yy-jZgC57Xfi_?V9!({`TdKkxovE
z1ELM0dd@RSwX?GeJ@;FB`lZs+p3enfr2?Hy^xR@(pW912N0e;Y8TasEzFY1+#Ts3}
zYKO+uo&R{^_~G(i2@`cjGCUcFW*-X=57+3E5FH)OF&e}GGX-p2)gBpz@%0uK2V4t>
z^nVf?^2foQ$)n6hT)WlDOYr7O%U8jUbJqQvM}fwmNVD0ne0d?z&Q&cVH|*G<H()hj
zpjmNG>qf9*nlE@%`3;#no3-}$f@Na^HZ^~Gsp&ExD=VS&okFzSvuDrz0|KU}d!_4k
z?%X+X`wmN00WgZQ=l`Cl-qqH&SYI`@YeYox3j2}C+Db#CRy?T#iX9Lx&r@H&csX*%
zxEL=F52xMJEG;d86%$`5ucWko<;pAdE5{prDO4&iNsdgrnpei}m2J}NX<2g2myofm
zxv?Kc-T><7hY#VNab}HOjz=}TxN_x6O-)U4aq+!-9-KGlQc`9I2fy9i+(RX|srL59
zfid%D2~Qgyl1n?b({j$2aV>p!w}b$*?5CgNv$M@T<*rnAvFXJL3IZziDRyDp#|H}q
z*Y{6#P49Pm(vklAT%#M`-xwIf7{4%Qfr>w4$&S-sFAlprEhQQ24y=guLx-+cD6ofW
z{}p^T)!5J8-u{}uiD%I`%>(=P*>R3;+*)wbuO>5d!=;TgXP(cl4G;gB<Co@=1r~gf
zx8aFRrmEZJ4jw#sC9vk&?;Ilw3(<@B`d){Prkt1x^gR2M2giqo&J~&3bm#G&&Gi~M
zFh$Aw)A-75lNS!dQZB!_pA#QA$swCHdh1k;q$!S$Vf|xbCvZ1yAK|+@*K3;FE!95W
z$8BCHmu(+aIqa{R(#FKzv0tr+#TP!Gqgi=QbxGiQ{(STS^QWEMMb2iQE8rKr*Dmkg
zdFgpZg?qoduDmDhJpaKx?^UDsoZd97SFl2bwdtsrYyX(E?yBIbnZhz`Ws!HL+hJg(
z0hJs~EHF-h##-9#SxD7Y{~8^WwSeGbnzKe*Kd3r;v0{E?RqkE4!^=;eP?_4BvEO;~
zM75ByL;57_^_!5G^6}aYOXD#);oQ+<2J@oAo?TI2vp;yf>Tb;;aS!9-x+P9B`8wd{
zFTE5C*Q;7Rsynq_Z?Ef<8!8d=?J(tpRoU~NZRi*G@J*in=Ql0IFH&ni*YC);F`IuJ
z*g1d~)Kz9Gj6X6<-7D(UgCoZVZuZVG4>2(Tm|nDh*RGyEk+BmR%3~f>oqXEugUv>d
zqZ#QBUn+IB*>L{6)y`uhm2dV`v9-0;PIjzx%Q$i3rzs=C%*~k0?w>tfug#oxg+Gn2
z;^1&`eB`HdXR5s3K8$D2{g|N+^q!>ajbEGQaJl#6a`%90qG9oC*RH*3_DUeP;qns$
zMfKXe;&@xj3(xv6>_@p+SX@4qx6Xd?FzapO%;XphpgQ)|+_A&jGkfv*aoz(T|1~e6
z(8fS<RKFK@?&LOo+<N_*_7unLHLLS7ds}@5*3#Sq)AHnjouO@PoHSuKHcB_lJo-J0
zW5}4Jr0f!K$hrB#dv>H-$ioRmu|4`T7y$t%lKabtjNLzNb9Qfq%U^aDK3tRec;ct2
zjN01TkdTl+veVpj_(4H-r;i56-MW37w?=r;AT}Vc*w6qQth^z0)M!<u=mx;9roR00
zd`zcXckZmq^jXS|<Zvdc_putaEv<Qf^G|BMly@$Q-fr+nx4fW0t|C8WqW9@*?;S2|
z{F9?9U>e;vG5xS}h|}a;>rPni+T+UWop(1RCyej4>*^#YjaYm2K}W_E{JJP{(u&AA
zs=}fB<O>d#sP)k-?5rPOc<%)FXU4opx4I`OvDwSIb~*m2x|zXP^!07}^gGRKZr^nu
zq0z1A!ly3XPWYP`{rppU#oNDj9X@g5V@+w?uo#^u^*#M>W{!yAaQ2=)J=)wnszg+O
z_R#P|jl!0LDJictcTQw5K7AQ(CD&b%GdzF({7-Yc9``H%qV6#3nt$G4*XrP2%WZo0
z6e;x-wKP?wyt<RTph0`q$6}6A)Vtny<LYLW)G*JTKHWDfCjZrtvB$N{%<Pkz=9}vD
zQml{s^&vZUe<s%`oyQwIKzGYhLuZ}4V;+Z^b+M^-__bw@TyW?K^DzIe*N(0#y4Ktz
z$aG`fx;-=`+<HE@Vb1vR?><(gU_H$fR<t}z+qXGMuvEpD!&xyNTf<7V={?@j@z0Zf
z&tAUb^Pe5X_ID1r`Du95@rwClt-oFyQ`L{>Yha+5ap-eSMAg`kN69m9|2mSd+&s=_
za&AgW<x$U^;&RR}UVy1IHC{QNJYRIdsAsBGQ*!Fv>Wi;^PS5k7G&z0zVz)Vo2WL1%
z58hfjzNf85Qdaf~y9J$+F5SppW6&)o=6z6)>r3O6SgR%)F~)~vI$xJ7-P@-rv?kIe
z_?As?#`63tu$*ngZm0gUkKXV&=bAQ7G2Umn?un|+#uq<5PBXCqQmnABaK7oP+~8ux
z08Pz)>gRbsFI`gqo>P0<xTPdDtDBX-k8Q*IiM*w3WmOdwqhi6cSGP|B0eobNd`74E
z<;#|P9`oF)_jK8=3D{p}Jv8+yZ<m*sUA`Pw>YJTC*WGR2iD$zK_t+UvoBFWGyRNSK
zVpY`3BXx64`*qsodp>Su_YcD+FlNo#t7PqVV&RzCDV|5BjV<7)7-STm5S_@$8N3X;
zaIQ(YWb|^=f}}qlS3l;6-grGKNzF6<{O0x0K>ud~|7XY2pX+MBc=dAd(Tu2zzsUo`
z-7nK^Zo_BazDv%WDLp*rLq)}+>uE;4t(Jf6G4Q7PIi<q4Nt#0sI49rBsWkC5y>$2P
z66afY@A|G8n|1Bx&6*c4GP0s=1#Dm;*x42R(LMW2+1kN=smAJSi?05%@UBrzu5jXo
zLp6_XWnLUUeBA!MmSaM61%+{Q4n7E&r)*!+nDxMJ;F7sV%1TNuoTv`HyvZz1^^r;M
z;B$9U)=#iyom<hjdtA%s@}}&tKW-&4Z023w#8AxN)$p>i>C-3wn4vG~f!SM8k(Jr|
z{<{r@Z2O6kn@9F-u-(^3lw}NfppomsIX;<QxA&Tu$~W9<@Y#7?$LrOqea%;u_S>x6
zxs&DTIW)sBru(u73;c#}>b}-CeNl42tXU&GGyYT>r+D)8O@8+7Ox9Mz!nv~zBZ7}x
zhE3WTpLzAw{hTXdRW~-9vtwdf4j(>TQ{(H|Fv-?q+p#lef^0iyKb@&p$*Zz<x|Y50
z%pfzX1DTmDq5X?WmV>T)_~H`pS39igtD?uaRhng}IJ_?_JLQ>E6aDeN+sNu=UCYwb
z<-NS}L<JM~IBSlmt$n|ui}8@GWfh)NMWU>noSb6zKGm`vx_5J}Y+vgBd~ttfNZ#(9
zXM^0M9RCzPj<CsJSG3wQv8uGRK#;p&?u;AEltW*>ygD7!!y~hxFXL^Y(muiYqOOb^
zH{SY{nx`kkI~7+}zHu-~(M~qkJ@W2F#lY9Ey^RLFdFpq@cP-0fo02NfGxvryj`BOn
zTJ%fst6M&qZsuPV<EJ0+{_twflE%6@bLQN<c~iwNzPJa&LLpWg!_FObo-)$FlOcR+
zZoTMJ&E_JVo(76BEzKu^qPKOc(wcz`#=HvcV<jbdYpNC=*}Z4a!s=pHZI#P5!|E}E
zfB#rjZXNYLqDOGx==!475z_`1>~(#9HO(O{Ev?~f+2|HmwZxSzU+R<V>QYWcZ;;E`
zez==;%%pmtgD?F2uHLWg@X)H6KP&!W-Kh2SQ=O*HrvC3X)#V;LaYDt%+cmGndR?jN
zq4T{H_5$1V(;ta)=`%i8%wC`O#mLpAY4Niwp*oj0Bqt~L>N5P|&gb3})@3eZkJWx5
zx2b1f@zO$@DJj|U@e3m(4JM7S+&S*ct3mqeX#>($2g!9BIOvkRe27q#Rs1m6a>wK6
z*UNxLVeg)LY)<vyzSUFH65ZYH2I|dNb2`Q=`-YXKrhHb@%tIBIE?o*7ZK0uI?_yBc
z<w|9xX3`}Ok1JN$V@7}YsoRb%J4V0UKYn*F$0-p_O=;_`?bLn&ypz?^IJ<fANk#X*
zfMMi>RCmh=S7H41gj;{x@A7{0oRV^fVX;1!q8WgZ-O7p3&!{vi?9xj`<<9;4p6;u8
zV;<*5A4@&4V7^Kp)!MrJpH^qak6E9y<tkXqKXvKy`0?X;>0Kf%YrlMs95}FZS&!7R
z<8HH<%$KE)y84-Pa~RmW_warShC43RKJ#y=FW*{hv7)8WM(v?K>w!U3U`Bj?zRfGE
zL-}&RRLBW`U9k8;&7-2D<G!A~`FK!Mzxw+TAyZPK=E*aY9eW>$Q}!9Xe?q34&hjuU
z=JS-_Q&{%iO5^T-dUf(iLc&tz&Q*Ca!x&4>FL93hMVIjxFurG$>s?O*3$pp*xCsUW
z&H`)i*I$1HO8qNM?=2%3`&<*Y-B_;B#Rg#K*2BV4U)_SP0s*<G@ww5ObH`>KI>ySY
zefcur%7Q;MN>}K6{WeK0@pw~aJo{5g>WMQ|x$MT=vk7tIe;+zdwfRh5>6n9=uV205
z7$|SrwCUC`!}M;yeYg`abLPxj7DKu(3$NW4QD3tup}w17fU=^aeep{{-ud6BiSkyj
zUTt$u$*JFx0|%a7+c!mUKRb4t+qy(x%@h?0LeABM1p0@|b)I8qmow|w2SY1uoy~XT
z<6~nNL`6Nw7G2)8zvOz-oN33Kmn&^@iZ|u-?A7JxA#U$K)j10UVaJ}T#KpzEKO15j
zlm7h9wDcL;NtccfnKgDtLBWSJ53;>H?+08sSyNPAUYqmAyRg7gG0JiGv~A;JRM%hB
z9J%|YLzdC-7yiqEa$mLB{r&R;N=1*-Z@+X*OSJxC5ZLmyQc)D1?wY>%>*uHI)~y?A
z5&kT6MBJY@dN7uj4{Ln1dfDU0k1oBB;<0V+onQF1swKBeMf20h8}l20k*%Vl(x-1<
zky&QJved3uZr+?Vcdp97fqobAOBqWZJlG9tPCu|};llVekwYxP!v`$<P!iMhx~sFZ
z{R@RBp`V{zPALRN_x()O^4<N7d+Y*=tf^^5X=zY(@ml+xKkFwkjg4OdR+kf#SM=Lc
zuxih)>>lpwI&IN!dC#>cc-9Q;#{R0Y@?!PAy?cRbm;1HxW!%rJE?%h|v#8qs{_DGI
zl~hk{ezdOO<|dWi`RmqwShcpHqT0ycaq|Z2@mR0D`}TeQ{P~E-xobMTwUb{oHs)Sj
zZ=tOnm5~v(b!+VQ?VYptU!SN}R#dd5)VE~EYXiS^)j%WzR%*aMV>@*=_>5;{o2i9s
zWb{>4Rn<tGq`bc0Xt~%4Bl}ElYK(KR-?;LCzftP=eSHFhbd?oXsTTH414h^s7Z)ID
z6A}_`ote7J$kX2D`k-XT<fNqO)299YBs6W$o)Y&A4cnnT3*Q#TD=l1jVDV}0kcNha
zqN1XgH;)uX>a4MGvhO)ftKUF94`9-E@7c4bynO1}aNe>d?8xBYX)Q~a+8a-vx?%1S
zJtp&9OiON7R>Kz401r=3&4>H!I~N{z(kRS5=&g`6LpfyZy@J>tz!pDw^5oQE7A{(g
ztXuMz|J2;voD=b8w2$AR)y&!ziDz8;CU)-vw^;xD({aG+{(}ZRfB4W)e%R=u(h$J;
zgMxy91^amKtZ}iivB0D*jO+RJ>(`_YhSNPdd*v=l-MaPewQJr2!MKQ8551H_mrb8f
z1j?I3)B40q9AH)T*|Pnr)9MA|f&Rhc@up5Kt@`?5%;O995;_mMW@2J8WA^Nbu(02n
zYIBm9@9La-bixkK$hc~L<LJ?&z=RkxW(=5wz9Pr8OC=>bqeiLsNwBuIKIvNu%w0q0
zkN~~?iHu@kalid5fBAz4UdfJj2d=BDt2?|21BOkcrD}ZPTEXF&+R1J@16CKQB_7Pn
z+nGNv_?$=S{Y{$&WX*kDTWdXazxwq@>ZcyPh9BLeOWE1kk(LjXE#4UWm38kTr<OPg
z>-9GBOKx<NN!K}8uMwJ>of!vbXfMxK_SskHyY=A)7h|L7fF+CX+`T)pPlA&MuwNbb
zg<jobw<TlO4DGIROS7^}V<)7(OYE;5Go#a&n8Lk3pZm(Oq)rgDbl%wSsoaLn*<Tn8
zhGm$YTNn|3%D^TEvHiH1AD533E~1m84$d<%2Y59D9?F7gak%ihB&%S4P$)ZssZdgK
zIu;(Mm~7`f@#utk%l@C8=lI@Fd*^>>kqrNG8||F`F&=GdEFJ%6JZAJi=YReapMT>2
z{(p}D`~Kj+f5QI$3H$r+4*MghiwyLWO279{(zk!Y1pjv?eUqeJ*nlMc{*(Nz!^z+1
zXcez$hz0SgCebMsPv?We+Pt|KtcRj{$OKzZS_!B;YzmW!{98V3Ay=q_Ivhv{E-D-i
zb`h!waHx3T6e;t<U}zSV4Nf5l-h1aw-K-9;$P0z3YyubP;o*X<J4#`YyxAR(+X7P<
z%nrrF?fAYtKT#+iRRv4vDBua7@Ha%ZCo)eE5zq%Z0U10#<w6lJ3=hnsvo}!27bXG<
z74i8zKLRGaMV`zbg~H=dm;Bi<t}KX)iK9Yc$Y%f-C3F{(K~q4-;)cS^VL0M=5TTGV
zc`*77Pb(&*E*gZ@^%PwAC;|^s4?m0s9uH&WN@aqhriL6X5v_*@!;#^7u%37Z#Br)J
zs7jLE<BOHf@=5Ay9jZu-i$kWY6XP94b0NIbllv2)kuoDxi8W3bY5IUJ>Gqm>FvnLn
z7%)?q+0F+d956zJcoZdzDUg(nr%EC^g3>Dy!|RwDs*i{5LMadb>zd+e%EU{bOwxz9
z1B0DmWGTdUJ8AnAv}ifk0s{&9Vq)xYHZKry4R$-poZ3xSNM$RO#XD#+85W_*<u<qn
zu_z@20V!^3PEwLMZ6K`$ab`2Jd5QFRP~eb?w~SPIm=+upoLtNuhBX2Jo=hr99i_3;
zQ^dKV+j1cbAviF+`!kGOx-`%z4W2L<#xtTgVjKbjO*TrjglPf(hQHzS$oV2rflCW8
z`P|S@m`e<>c|e%>?V5bVM&bOUmrOnMc(N}clwc^OjP!zF5ySXnJ`t9TBAU_KN0%lL
z3Dh7Uhz*W-M6e=$RWNv}g@P_cc+fSn1=)eL+=a4mO`)2phY(G2QXn(J2<{H?N$?n;
zIzthPpg|snx+&muTlEL<y>L1!a?zWvM_>ZQjfy7(hNI%<l{Xxhkif9e0&j$ZOR#3}
zhnxzeE<o|j_tQZkq_82BMh%C`7X^8P?>ba((QtTxgOi#7tsCSjhKV%ELIgPj>?^co
z$98~g350qO9+|O`_({vxXpV`MHV$2bqvs|>rGdKB_A(%s0^mI}`MgMsP;YebNZe3v
zFra&skq!<MclqH#^0=sgmw$i~JPr)P<?CTCd@3O+35jY(8W;={C(um>>H@_n03%!n
zWB@%RH9Yqs3FsSR1wHyfW5vgYcTd*1@Jdj;^95ijv-wD;>R>l%1o@4A;#4Z`7?n~$
z9GVWedl-?Q6J5ljMXi1zrO1h4QVfe)uLOmVvR3LjbUaBt!msP4G$%>WIF||L1xq&o
z9Y+N9NWJk61OO#p0X<U+E?S<X?CUU+`Lym!VHp@W0En3O{GsL!i&F}jnCiaKf{4fY
z7JMk}b$J}vfFOboTGB#f2iYHFJwV?VVg@ilBSBisb{q8jc7w>``>`#Cw#hy4CR?qg
zHdw}jV6G0*{e{6?l*EO&D+vG=>QU{>SY}f25T^x;t~G0GXCSy)^{t^G{tYk(^pY@)
zEZz=Ol#zkwL+HF6gpKaemaN%MGhqGj{o3FdG8#a*#a(I`S+$)OguJM4!pA{^LNIp)
zP-9ST;&x!7wf#+$<EtM?VSx`~XXGVX7Bs@`_=5Ki3}|l{P=yL2sShVHY_h%!hIbWI
zmeDeiEDj1;dFdp;RPtDVJiW3^9TmMK?h5<1LTZa93#W7+B40YpbuH-uAXpUA{Ael~
zO$*ht^bUn7e&I_}$;Au78{a8aNUU@UMTp)pS;}j0pa|NY_{~^IbHxRdo{Wi+Knk$$
zeIht*Vg(-`LQRMDbV4LjihA2fk}(nlj~Go`BWXQ~Z%k}QrxksHwkCPg9e#ryGW_{a
z>qVJL*!YZ!$AI%iJDBGeEpMcjkPvv#jznfUFO1OTr4a;23BWI)8v+z?i`ElOHwq%4
zJrRbdCc;%5=<pzVi+9YG%|mIcNL=!KTN5H_0<fh=^(~CUwb&NQ5yL>{2UsecK){Zm
z-UAFixQQ7C{sYs+FU;SwJ=4z#u6NKa#0X#pDJthQ4`mR8S<1*H;gGmcB4tZ%kTuNs
zg}bsW^}$aI3bTZ}2X>0)(m>+QmxmiExMC3s#S3A<iH#d#;#wOlls}HkgY!XK@T5uv
z@PS4E%q)(+5a=?XHHassco9TM7DYfJLIE-9b0dAgih!y(s)DkowYD@#_JOcWUrx|M
zB4!66p6WF%p&Rt0Av7#N1PUO)kp>IkWqoYo$~~Cu3Ws2UdlkhfBrLKH@-*C#fUZN_
zRR^<_6Wq;L6lejM9)ciYZR^n2P+R;@l4G<>#6bbyU>xWrrUm}M!tDtKWIjV;<#Quw
z>j<}rX|4b`a0rjIra*DYHUDE!DAQr_??54WXMs!<qL&>-p({5Ca9q3#kvw6Tgs5mA
zk^iL#{1)!ebp~zW4!xA}mmvuQz68N9?Xu75TvA0w9DuIOB3VTUG}wYPH{}U&#sOWQ
zh&K?n6wSXu6~?DVl4TMTMDbkwwojUyj4DX@PT4fbOmcdO&cjzyt{#70XlocjvS73t
zHBQnKAp63R03AxeL=Wc?Da-I43NbC|9S8AIE0p$;)EB5-C8-N51VHxyrO6ISI15|#
z3U*fz#0x{I@ubF1>mBlDaR}n{#hI{p6cPYPt&4;XEB<#ajdpp9i2p4u1Aj}`GrnKL
zn2BI~ua1FNZ$r=cE*%4>YEsYWxLBt|^4}Ee=q4oy=RYCV{|$6QUXSvBJ+B<iGmT$y
zVf?@Aii<YSe*$dl|DZPDDbF#crfr=6L?6lXpN6LJA7=W4+W+R~|M>aOZ_Yn*RQ&xm
zzJ31J*x1xW>in<aXj4Eg|D6B*4}A2s6|}XbcHO}PabjZ09K^H)#abP|@{0*TLa6pM
zzawC*ykHS=qJ%gwqX!Ei&44^XBi>L4l8v^J4$1-1`mG&s@;SZ}F0Md#N7A0s-Erc_
zvWgPAkw5Nxp}io?TB+iMr6%>XBQ}V*G^LRFlbFPFp2CjfQi-^M-q1+jzyvciH8&b-
zZfXp0Ec5~DE8m}#O$yrj3JU5(8eyPlg@*D4dj8h5M?!#uR*#T!An^?8`;w&=2=$@U
z9X<t*eK}lTj5T|*v#}Aa5N=9JR&3QA00f8Is!jMpL^aF}6mn@VMSNh`awIFj*7#Db
z`TFp~0$am{J2XPc$F!#Sz^0(#4IZr4^H-xkV2dIF$x1zh>GP$ZfhhwI6!f*RiSW!4
z7t;jjMM{_^zClFoud>5nifNR&o;srkG&(SY1a_TWSkq^?+PS*AxGJb~aA+hjEf!N=
zjX0Dd;-ljTC_^`XW&roS!g6ZV=x9B{J=gzAe;n*)*v_6v^#%u|6|5s<$~(_=a*}$%
zLS2wovnR~}s%6*;Wt({~AbO!j&bllp)W{K0GsUw;6rMQQl{M9FhRqC=`dLlvDu<B(
z=)i^=Rd%Y48w-|qvU7HrF$ps?Ffvwv6aq(yA3%go5f<9XTBsloResDTP=E|bNz#`O
z1f~(@4;i0@f;`#?2J0Q3c5|0(WR#(&1u;B%@D$Sq4Oozah^CseP=GT<u}R8+@}X^=
zkh=j|1XE**Jveav!$r#T!C<HHS}eq%0JXB<`ExF&?Zkwmf@(D?5{hXf9%Y4rGEOX{
zqvJe5%Si__WP*VK14RolR-DhF`tlHBut?|+tPV`e2^OOs`4awK06=XfMV@$fWN-Os
zjudKo@J9+g_-Z=nAT?}A2SbhG6o4AQ?H$Yre2>N;HYIxEEf559fzd<tn=Ee#%PU07
z#w}?>(QSVkMzx{qLA=J`u}+yKCG0VP6U5$$Gn+Uzh~-HhbU>q$nlS*qt?43Y%irC|
z)O3`QCowDJ5=7VnZ<v^s6$aO0t2vUIBJm8<msu+$E6BIPvbZK9hPKgc3n_^-Zt>k8
zF2PucdjP=5VF}8O0MSLFkQb&$LyrAqu&T8YZL&~N2@L5V<ncI>@Gb!{S;Hwt{!`e0
z9D=qlBy=s}2UAS(BDC7!s1O)6SVCKkBz{;+3a?H$#!wZtkwSA~CkS><O$VczrlH3`
zOtlcEc1M8XY^P&T#m@j}3pfw>L`cyX!XFFQI3$sXV+E={bSy$Oh<t+B9rA|g;NJt`
z@w_&1j+hXr-imDkX%rZM&h#L|o;=h8FU&zZ(oR!YPA;}nkf#v&nGm&5o*=YCuSfa>
z(J$z{fivKZZ}pJQykI==2*|V`E(e|}f@cWPo+R53T@d37m^Efd_%0zx9rBq0R5H0i
z!C^w3cAG&MfG3ryy-LFMqDKzLd4dxf&)*wPN7`{k4NWJGlCa3OsS@~m$r2FRRDqe!
zcnQ+SC!@1E81Cam2iyJG;qdkwu)Kpqx#2v4NC=RO_gYT@0d?j2p)=lM{}}!nKP>4D
z=EFA-KTa<$fh)zZLHsy6TnYHKCZxxa8_A<ijS=%qv`3gOK|&5+FNo(8Du9Q*^?U?D
z`h?-34~UU13JlX@3xmgrLIbU+7hJxsNT?s~1AZgFj6TaJG>pX}HC9kwK_09pMA|qB
zgY_qj;DtebAFUO9F(Y4{W~in)N$6G-6<B}~bJ+nFRH=v#l@dvnLeoSmMGOfuCx`=+
z#ZP#Ae8E95QVb;;XLZBDlE#PNE97zsQ^)|+pKfP2g=ObF5f>w1wyiL*Pyz#y-GbMr
z)gYJzsx;kh1}xx%cb&u~ZXWRku(}R0GUR_|QkoK>jQJvF<@+r}LlpYz1+t(T2imY_
z&32WA!%*pBt`plrwM4Oh1Fj)_cn-k_wm_oE0)LK>2jvv7k6B?%^pkjnBc6Bxeu(jk
zOdm<4+C!L5Q*<y5UnZq(l0rfY)f;Yw=|WwJk`@^K@Bp&d$HRz|AWYp5H}G)}y~G<M
z6go_v%s{h+AJ_!*0{7u{Am+Jj4pX9*G3Jb)QAD-yF$aT1j<hl@(w#3^$3&tI?tGUl
zD<SLJ5Op+#0O<pCy#nfvU;@zw3Qo0>qELpOj4Bz43yY;BSr~K>J%j~~!E%CSN%<+O
zj0sT&E=an(2CqoZ1hvGF2qyZ={0@D%wf_8VO&$`pnhqvqh_%)j#grtuNz`Fl`hKb~
z{uii%bh>;eT@YJq9i42W4otT3w<lXoq$V}jWFP)pW}Aju7$^3x8=T_4qiJIE0$XX0
z@P#0d69n(Nv%*B^zZOCtEDpsB-A_kJ61ZYmt!ipvTKEg50Y(FX(LewZ#+vLpbGj?G
z2!5MQeRHF}xjMK`!xrHuDO-JD9rPa6p}x7g%$P(xgWqV}8JQcPA8i=fB;3C-W%2~p
z2xK7gY>S4(Bt)5Y)NvE~sW*wGJ(05PAqJ&aUnr{oV~K>CI=VX+K5hq_e~a|L3u|JW
zkcS+l&;lJD@KtN1NUZ=uDFU2=&w)lOAZs7QHpDbUd9SoNP+1WFga$7wOaRaBQ}!-=
zBnn0r7>e!3v<#U9O*paGp?(PUsN`^tt~G9u;=GVBPAM{gTv2+t0{nwo$U_FLT?05G
z448lTu^0RVC)B4=Nm@~Se0VANm~g8BRR$j{6L~sx4GG&>*3?RQEYJ|hNyX^1N}pCb
zr<4T%Z(WbF!s$#F(gax@j*-ueY&AqQEcAjJtawb4LxK<_kEUW)*0@K2<~&1?<q=r?
z6$KaXA2nwHr-t+%8~ljTN@?o2OCHlkgC<0p7LEZcbb=E<)}{-Ca=;7@m*uOXHIHh7
z!Ypa0hm=VB4ou;=p!EW&^U^q?`&K9~Ev47k2BHgkIjxqoP{x`jCZ!dp`>r)=D0^jz
z7bK>kfl>30aMC74NDr2pLzxgEif}utBZ!NZHZlz8mW4f=IKA%MLEOQ2EMKD5-xL;Y
z;~Q~6J~u)F<1k!8;7b)ljDkK|gH{tl<6Q<$B>(i|hEW?32(H9F1u1%k(xr5bNQDp#
z11NpCK*Ox1wl0`5yoLx7VFCeCOwBPQ%1B2o;UyFX1Js21O7c}8^z^mGWeJ-2`-8x#
z1t0~U`JxMFQZ}Hs1S60!9>NiZPK-gTni`NyW=@hH$xM9Ugu!$Y5Ee;NvZOS*w29-$
zGWL(8^%%6cQE?W^Hr1Lw(NF+kwSzpsy<lPvcu1VZ^78?rksHWC+)4&ZRD(s-=sKGZ
zwUa@P5fLeET4+;ZjI<)jkxSAs27dD4Z=jn_2YrPaC%JJ(Jkr9wFSzoo!2(b1!BZxv
ziep~_gsYu{GzjoW1_<!94G>PwQ=~zFM-&KyHmXf`v29fkK5Mt4{bYL=>5A}KyA^FG
zwL%woBx9`LX&WFWIJN3CcqFT3;vYe`0)99*lpeS&9XyNjPLKxy#k;!1tP^xC?d&ij
zDNn>FuH6>;3qUiZ`wiz3?Nug>FL5P&*k~6-iXfQCz#-^U4Q+csn}^yoks?9K;$lU#
zbsaImFe&<1gF&$}%F>8LvH?6kSVj#Rb<n_zBZg&E5fcWj1}&6WMint3(5ld5jHx=}
z*C@JJjn3j|r`yqylvYRFiOm=?Tv4X;1l9buME1pHVcQa!&>0~tZ;>zf@2!JrgKwnW
z2B8Dd6DA0T8a<Q|hD?lLmT)_n+<^t{>!bc41rLJ4rHKV?^AZ5p19}831%yBR58bDP
zCx!@>ru%D91%Q?IYZ&WbV&JGM-UAKrRP0qJ5Qft9V4%Qv?V(E<q}boJNa0}+*-Sz_
z)!_mjAYA~8B@AQX&RogOLSpt{aZH=X_Z5&LPg-J0umV_6*O~yyM1E(`86u8aI^#lH
z-2uhFuQ#;mLiKQOA(QG107!NP^+8ierfz7X2cXoC?EwHt_MpAM{kHmqG6MYAULlZV
zzgh+Sx6uy~`2ItC0RWPHXq^L~jZXOe=uY^FJJErt|F*gn`ol>#lt#NUV*K0c2)i`{
z|Bjwet+NTH*Sh&uX#m>fEkC9wL2dS=b-sYMy5jR=y5d9cij33(Z8Z-|{aE6F5K%`+
z4U^FJK)<|+t(jKY3EJu%QQ?R74~I#js@?PjZFeo;$K#FwildJ>Y)BpwM6GLSBRDM5
z{9?A>z6IPX!M(TeDX<$+l#sOM1ocKBvn9c!(Spvj1%vqS?g?}c0B<3tM(jJ29|>U|
zt%HgH=0PhVAz+CTfSt)I0R<pY0tpFm8A);UKkPkeciPCZpRHffk#iHsuzQ<<A@5?q
z4lis6@Hn}XxkQ#^&_qZaN!ZS0=Kc0pRoz+<UJ{S<?s@2Vky_o=)mv3{s}_+5NO&3)
zWECREEIr38%;Ch5jgeH5h10wsQ=Hg|JW-m2CkZh!B=T@Fu?9zt=E2F4f(}hY$dXub
zSc1>vHK<}?39w??`MHu)93hJ%jxQwS=IAf`izWsa@K1HmXGO567u3=;As%0+$nc~}
z7mDXJeKBk8VdA}ie5H6o>U}{=;9+vFfA~Xw9HZ^wZqx{ekN<FAqI!jYz8RN@{f&g-
z#=g~aG_a{xr1lZry3#`8O`Cdl@)N&*DyJ@BTf+0^#9E_0N-4{(g7d-H6xa!Nb8E%@
zQIA3>SHj~gUKF+FZ2J?DYJnv`{l|n1m8k`E;OaLzwy&|PAAZP^N-ZfJCSGHGB8_L-
z33ObbHXIMXChm1F)X?NrN5D~L?4}oj)}@`+a}6UJkML9qhJ)9q2F?J4i@i%`p({P#
z6Ckfs9M}5g{UbEk`0K>b{4PL-%QK<6DeNMJ!8_MFMNrgl28~wGZ-(D*2K3ve4-<*Z
z)YwQ`N>?BdN4dtmYj6;U^E2%bvf;X`h0yj6d<~|wA$lT7ED4}*TGf6dOge8j#aUu=
zFnmAioW7aFP84H#LQ|nkGmB;@d)z)KZa5T_Uq5c#P<5+4ZjL&`NoUaCTzPlh8FClh
zy$bW8Z}D}^9_s7(;Z6LdJsLltdF4W-P`;&>h^hsrSAs$l33l`uyL6#r0s$cEUo;m|
zeBv|0rBg0qA|TQOLn%4uYoqfwJSq8AhQA|qlw7E7#Z$SHkX)b>!c)25i(EtvfTwex
z4!Owr5>FS(F1e`I4!sGvA3P%WBbCgRf?o=z=B2ygn_KM2z8ie##!}FGd|aS3R*2mx
z&V$00)lD9!d~XxKTdzCqKY>AgYaO@Sf5Jm~KVkoQRNC5qKF!tb9FH2K_e{80mLgO)
zL4IUOkSnA^Qv2O-Fq({|$a?y}J<+#U>UHP(pMQHDcdh@!%E8wD`#W7vYX2QrEzh~t
zvT&ubS1gxUWv{w-RNbpERRIZO1`<$cu^h2YCAs8lOjDb0@LRS2*;E)SW_L3AayFj2
zZj~zPyq{5O6vif-)Y}D-+EWtJjqBeJEAa?*+_nCJ+b7rm{!wYW{-5I7<%`lEZCaO=
zpYG{RK$_HXIZMCP`QAio4*DmZ(>f~@d5jU9>fG}Ed4|8sO44}L9M{pCPx1Mrpa5Y&
zp1(?i<NppHZAk)|y2>9jAe{6Yy*8AIKUV=97RyRI`VGbaVZBCkFn$Mn#$k8xzSr(g
zrjy3#v^}ZI<x*i!u3`PKJB7a|-Nxw{?*Q0zK!Q$|<?Td`K?RZsg|UXx4%Y$CFA>yP
zV+t=w$7M%duEUCF(BdgIW?C$N$?`6X7Mc`X=nWM=(^g?avA`@Fko<=6zjOT;t_|xO
z=h&V6|L7<w|5uLox9k5YuEhGs(Iy(OACQ1DP=j)Hzl?6K61;hB{RhjPFMos<S??d>
z>m48Mi{HZ){~@~K3o5>Zna@{lQDwyw`}sekOZaD^3m;PH0)1R4!j6WaDQ8twhq6G?
zUU}7cIloxAE)xqsirG%*1muYcYrpG^C-Idm>_U?39b_rCR$(+tu*x;vT+hi-6D`0a
z2yqLf@7pDXjq9I};3LeiJJ)}?baa^H|8Tcm|4(u4vS{F{K&{o#U1?VY?0o5lak(OT
zubFG|k1awtg*nh)W)MXyD~0pC&WbD7LEk=#iRRQe;V}9ORD?&Vf^<Zxpt7BQGgeS!
z!@>tZaCX^X%rqTUhe7I>LZ)5^e#)Ie@8V{mYgnrrX*c%%Vnwbb^B8FElEQ##pDkr!
zs8jrkvRd+zJw=5o-bs>Jl6B6S3(tSS+M5*4E82O+74+SCV}vyfDlC7FUmWt6!%h?K
z@o_do8tUnJaY&dyR~6UGE2c5ShlSyy9eW;CuWa&51c{aoBcbJapfpT?wrTb?+>jsZ
zJpc6IO3+(CT=N}HU*IV#adHV*XAmhQD3}S-p<idJij5!^z!y9b|MHI^^*><cAFHMP
z>Om<*0Q}ywcYA&7bqD=_1nKV{@?WX4cK%!5?*E?TdQ$qYRzD!wE|fn&_Ir^1Fu%wp
z%J`v71?*@>Ku6r7s1zsKc)ooX$u15mf`}IHOGH&OK|=!}nhv;*=z!}0h3Lvr^<Yhi
z{=VaX$NFD6k8l8VhyT}dX)o#j^$<3I+x7nx*Y2|-ESaJ^hYimq`xOrv#3TkHFk`=w
z=WX=My|{|K5a&CWh9v3g+-CB``OKq3GENsh+p9=0Ramu!LP4fVxMv`kZ2@dN{sb)Q
zAA?sP!&LkNT>mH{9kAyj^`k_mu4!ct%J(RZh?B~NZF}qQvD8P=BhUS8XpJh%kuKp4
zCn83=BtcF&cu66RuwQt8;R`em%p1HH^E#8=KSSyE&j7@qvfsr%s6L2$&dOph@pJi0
zQnaC4zn5RiewT!J;gR*F4f1V{!7@kJHGX7Qe49ZS%a!NHm}SGp<V{wlzWLtsa(g|^
zwUPdNu;Xwa#{>Ao{eK^p@%(@5|NHO1?ihdkive4|sg673|AWe2IVt}i9_(%T|5IGR
z|HHEtlmxi&49pQzn73Fm;Ce;)FN-8s=SlwaYPlqBSef{{gCUe1oiwB*G9zah{Nn5D
zx@9FPP*_L(vxsx-oxs8X_>u6wE$rGgo9orm+yBA3WMY8fGb9jKMmH6N7Mj?RcbNhp
zTquyCBD#&`D9InZ`fDt9i6wuo%h|9bqQ&a#-o+`4;<{)?o56#b48A6fT$wu%rW}AK
zrWd#`uzJ+$G(d4DXgY@~?C!auE)VI$)oGz8mWtuHqAKc#uoaP<Tsc>_G%5H;fAJ6g
zO8GqZw@Si@FO@{Md%W?!(PW+ZEseWJ&t$VAr=y$PZeQ38&)n5T;Bz>~<bM}l{X-VL
zFK2%JcX0n(_PLBEi)HAqSS8#uJI$vo>UNW-M+%|Mt#UxN<dZGpP$mrm$1D}Z1#0$2
zZ9_LfiZmDpF>DsMu=E0HR{)OmWI9qZMNB4yte51sQ-KwrdMoJ42o_kGWtai(Vbf8X
zv+@+cD~UNDTwl^e{Y7$wNvhZj`zn2;VM+7xgByQn0N*J*qWCL^*@PxPFW_gzY-D~N
zYpigL#k0mofMnG~6gSzQOnjl`&{yfgou#Zk0Z}52Z%^bG>q!{BM(RQ*%#qTzpd24z
z4*IQ-UsgX@@XTw>(jo~dhhY~`J0l}n4-L5nTraESIUy72@mM^mSXT%a{{e&_5BE#u
zVD&&ZOaa5hI!m;e`!NcjiZTUJBg_<n8S7;?ZoDn8myX%oZG^EFM@vp?bZYdoJ9}Y|
z|Ev5Bow4@_ol&`WXN+_*Du`LjM~Dj%=39CLTJtz9=lMm#-HjC4qse}IQ01DIXy9%;
zJeKpp+HQgCW{1eddd!JKNsvR~fGv$eL<(-A%Q5<rMzz)nD5-NtozdYQ*wFMOLA5P^
zSi_@?bvlwLL}JCJp}URb^PWi}d$0N;T|!bwvRckSqjHH4AF)`kVx6aACyYHurw>sn
zu9zf%MlwQ4LV*PhWPpO~gDg)HN{SpuLnh=GzcBy*11pD83duF{;L|gCdjRn?*T((d
zm3sIc<9{7g_P6{0r?_q%|L<o1ad>pN)&F{uYis}U|NFXq{YO&@ntT0qb=;-@RZhnL
ztCY)o+wcERa`pV^7px_0WgQUxR+?e6a}3J6R8*aDC$uMIThD&c9TztehlNr}+GY4X
zywg9evetmBMYcK<HW;y1yW5_$+2l=U%+3d+x8q@>*`^3G&m?L0aW6>{<|$Q*x)#pa
zDUdX|Uih$<2$Olq@@%N6pA^{64$xIl{pbDH0Es8ne?E9Eefjc*+`C=qGYnsCuN+mU
zcs2NK&U0*25}vk0;FMC}k#u#8SCUfbufP6^)U(g)p~Oe;ms8WeP|WIjv*I}H{hc^`
z?<u~$Zn^GH|NUk2@H%d%|3LoN>HpE;mi|A<waaed0KU;5c`eSfKE;k-C$Oo6^j5&9
zx`ihRy2g%IhN<1kV9+;ygtfeSh1ynV-7|SVY%}@Xu=Xk}bMxb2mbJM0ZoZ4k|6Q&m
zCbQB_sa&c^QuE}rzJ@&D&LOn)i`7he)@zT)jng&{0SG@lXq$-B;~Pn^iOntuaXR4<
zc8_dD$0hw<<83<^LRz^z-ey}^DhVLyj$%RK|L~Z8WrYR8I|9XumnmGW0LaLNv_kLg
z6$PpfqtpAUTq1V-T(_`7D?m0Zdx0)9E)C0%nzc}12pM#oACS*S+B7Wah7$_1rJ&7a
z^=t4)$SD&lJ|=P+<e}}l20Fh`=eD5=XQc6VQmnX?qPNsH(n(21W|<4crRZb#m|xj@
zf#yy5TEIBvk4Xp-OA?-kqrs3hOw+y|>Q0lI-V%E7D(YdD{5)e-onkRuzG?DNG+!6b
z<A>-WoId9^hr_yR7W5lk>P@=!g`x3>(YRT6RJxU(bxs(Q(JbdQE7PIl-5o6Xbsjgy
zZFc7B)80ul#5hQ$UYm9U-O_lD!OB~%ylKmDm>fWkX6RU+?ufX4w`7|r4tg@748fZ<
zq;AD0ib|nC)(yZw17Pcjto2bbiCSl7*^WNtWCQCAYfB>BXtj7tV7yq-vQ2wtvtn<;
zisyT*c=`^tT3N9La}FI%$#mOqwU5tE`8_(IY7NfE;;DDs^l#6`qgJ=eAG&7^6yL}1
z$CGw%Dh>eP)q8+{(qctbU=l~76-S~&{R2PTltD4`<Y-`}9F%<14mpwwefB6GIwO#u
zt^w4QFyF&gM5|kT@;)zNfGZ_v)-_IRQS9L*s3KTPtY`w4+Aklnq85}Bc{aX29yj+Y
z^$S-;wnR%Y0+e3**!VAEY28l$EtE$)xnyDfihY9d(apUI*_@$sS8+Sj3~>i-ahJAj
z(gO^YX3oSLMY~d#el~Zmn?4-d)WbVv<@w-OhQ?F13)Rm6x9U<n1RYBzeZZIIz=5ir
zy&n$+<^pM&NmSxL1buFgh|?XlZ-P@-6swSopbATM^O8YABWO714`bnKmdjNWXq_}3
zoQ<08I*{m&1w;y|dsdc!gL;%{+FWREUDa5K!p<MY5+_A`YYUr%N}i@~0p15EhP$i{
z0zpc>(zAAV+<pLe5bXXdc|&<4ZxC>A=L{*CzMe0XACWJ_5qku#pb3h+;8giv9iYrw
zlDbYGow}a>Ya@%;fYIaeiodrtsr+L4V199TiFAH3y`5i7xBQ~0;TlTP-KBPc-_NVA
zzV!YBnMi7zQh13bm`Sv`4`MAq$NMcH<KZTRQyP5Uu%}oT`0vgd&^cbmDSC2e@|d5W
z;sJphvW6B9uRDcgjEE<z%VkZisW&$@N3FpQw&v7q&8)$8r8ZywUb|4d2!{+IN&#;y
z6h6QYryw8DzMkLa(T+@&eI6Gnc^fo<gdj-y@1aFMh;Oc`<uHZ%CD}`FbVY-HxTBZm
z&>73x9C~TKs2P^|4Sh2IhCZ1;tZgIRz1JKtRJ*3GoZ7`=S%XCgGob>%UJaH)&6&Bi
znQ>YBeK~_)o&Ly)O7UJyZ2sVHwZHcf-QRje&wrJbrOtKdvD7|->*4wzdq?}_t^UVT
zTxsL~PPtM*Fr7Hc=SP_fUt#}KDIIOc|0%A!#-Hnc;O)5ewg7zgE9$uY`w!gh9VNg2
zfbhEg{__-9vB+?6JF0Er=vG4yiu@E^xD#)N^MI+Q;<^Q?ScD(eAN2FM9TvJlB9*?L
zP(JRH+ay<#*N#G}riz0msRS3KXU)EL{b(K@!gsyZ<z<0&JcOiZ8mgHy;O>?m<S3e%
z0=iQoeeN)He)upkmdwK-y7;jI;i!sflJSRSdx=P9Ibo3un7XKA>)VJR)S*I}+#F56
z&1XvtDW+9frOd|q5{>*zAjUQ{bPRc_doBCi(i)Z_A`#>P3IE=<%+JhLK~8bed41R#
zguCHFN8jk&g<`Q>qhrfVPw}AWHEWxu;bsdyMg$KKz+nOuMku{(h8x&nL0f&lT@)hs
z((fzSZ5V2@wqz&lvj*%#(C<66^u)M9=a{P*_sV&#xafC(xx^1jG=vnE;X=n}N9VfP
z8hw)5jA;92X#!dfQym4iQQGF5ymrSI7-8%233ZUix`*={%8~KZ4&!5^XR<IGt{D$b
zL0^#c#nSuC5rw9DIH;Bf4-<g-X=T}05g0Vu*x^@(v+@*^HG!1a3*!&Hr&}w4z0ke6
zt);@iCY(El=jj;ohc)L8Oun9ij))wVfgL*C{d1uhW&xyb?DL3A){L5E<)41~3H`9{
ziAnj07X|!e)84p=MtkfvE0^#??9x$Y3k7DdstZS^46sUO3;dwc>C3d+ZuF;(erwu;
zo1Gmf(7xd_&4HC=e$KD(a~Q37J~hq-L73By#>J2a#UL@d&8Y&GV$%LBs7PV{nzA?9
zXk|^%7$aIBlHc_-*xh3GFl|ARjuL750)yAb(mV_T5=)ZfJaR6F5mV{tMcO3?Q=|$t
z#Y3gQNk4`Y2~vOktv;oj>9iK~BHBU_kZHet9{7*-1BW!m<MwD0L5|x65Ox9p&myc#
z)&NXN2j9L7vik{{n=H$S5XU#!qJQ^m>9=e)3Wb22^*hZ$s}1R7h$Wv{2I)KDxAV`s
z$J`YjR_dA@mK4=ZMveDSwm)rl0Z}%cWMrQkHIaLuEdsF<oq|8XDk9$!2F1IB)nQTC
z7lkiYw3aZ<fSvigB}Z%o*Z{X)z>o33e`drr7CCZ=0JDSw#vySgB1`6T3_s_aI<b!c
zDDki5(i9v-iZI4kQ7&1nE~ZOjgMO?@iN|C(>+~nn;bfG|OcU1Ww2+R~+5W-dQBA_U
zYx#Q04RScoSax-52HX#_AMV$P0Q#(Vfoz&AwF-qoq~i5T75CGH;_#@(T8~Wcs?`zf
zzag8$*IiF{U1g?cXmn!vWem{x=DZI`CjifZ{dBA=gFez@;GxH%Ohg7P9@YYSzu3})
z`^Tz6inS#2kjYA18?a*;o}s{$0|r7tH#U}d)9H^VjefJu=ICW9w?h>0jY4kc(4;e*
zNZc_8(pJu1s8{D){J?TMVj1vBEx4;;q8YAg=vO+IhN8laE2Z*Cng*+;VDVyXbN=ih
z9S@)VFZfHu)J0uJ_`f8C(jj+;&B+)hw)=;Wz{22H2pRDcQXI|RbRch#98kVo@>Q(s
zFvo2T?6lU(6NC=B2}C)O0%!(ErGq*i47%*%jRCCQV#QbWlSX&kepSo~WOzEXh@0Hn
z)_<*oxT~v<k>1!A%BxTTQVI?qE1-91aJXcd>&hphPuY6|^h`Yl(g!FYdXxd-ZUEUj
zAB<W|yB39r`XRhd=VS^}KlVc$M;hE)0P=we@LTBi%0r0d(yL-N7@!bGo`C~QTX~qm
z2~mbGuVB5T%<ssg<dchLh#1>k6yfNY<Psg4i}yz^*&I#}DAZDnC`1t#ZNa&C8SpU9
zaBgE`7#i2-R6c+W3~Lj!%96b_ZmE0#q`nqp7keJWf-;004D$gMr$l`L8<Nb6#neN$
zLZuuN!T}{@#kee{7i|k|4>c%F%O*${%LdXXqq8uX+n#DcvPc)FyeLw4pgVp3SgNJJ
zKmI(l-2leUV!FT=T4E+rdB5WE+`h)<4^cL;W+A>J156ZR&GCBYV+F9KZVMPZR5#}*
z$iV%=7}EfvDG0=gsmxqay^x;x7e*9>rf1{!d4;08v%y$ws5||W0iz~;@jKdfv+OU9
z2kiBPwq*Mz^TKw+-UrrQd5eLmac4dqb{mtE!KlY0%}rq)*6RSZpj{75#lxU^&_^#`
z@T8vdyY2W&n6K;XfMshU$Uy?Q=qMr8!OU+=2EF*q_eBX3=aLK&`5mr@9bk4O0k+?<
zYgNC&zQq3p^<s=c4eNf>!+hBq^E0{LXHy3bS%;dZZ$|CbsBzBz#D`y^53S>Fv-@^j
z6Q#`Mr3J$@bZiw$BIMy{(9Cj?2UBYS4o%Z--vFz?DoSB8lwMB`+J&jXL--aZ%uc*O
zbLF_U6HmKvj)8d1=$s__!d$w4;8e$NX~}fzVeuj^SI24}FGN+*!1b|F!l{J$IWZ$1
z7?*H3&HZ2Y{;s)^BuNkiqiR-ej}V!=ZjpODk+DQ(WdM;N2!NkK1|thWf)VHh2{r)c
zM@NRBLBL6R2M9;Ofrwyb#ccnE`Wf*9YF_*Gp7y=-W#;Z-c2?v>cIV_o_MzqC^ux^D
z%-jL+E16kU^h^)J-Obd@)YR0})YMd6;l>tOrpXynyh)T6%(*|B#ivce$&<|dx%CS9
z+$nTg)=Ny4)3VN-6k%wnH5L!tZ+0qi_R7328lZ}=Q%pdZAW*TPR?v@EMFt+v{L?cG
z=oo{Qi8x9oD?S&6cPA%VWCAP9StvYXlq1V1`9Zgimzx>tBgu>mGBYLu9Wz%*v?i@=
zwxjhZ%`SN$7Jn$=s<xs*H7qe<S@_ly9h!U55Ev%CF>40{nAAo}m}RM0R?{U<Z0I-p
z?egJaR*nz3^kYQAIu;kQp^{)(!#EkzVl-a;EG_Um-7)Ghj8fa<ZrJw*8BO_F@nky@
zfS!XiBN39R$S*c`r7uR!cckkBTwKVdn3N_ISe~cUkY*yu*vunGtMYU<C%$R659^0V
zhtr1;T|3|4M7CSmD<9QbIs56S%E_Vr3R6cJU6M@|3=H)Hkf*Q%LF_rGx2k*8@ZEB&
zEMq4ESxH<W`MJ}PokdT+n3Pb95<^CE#O#-fH;PS(dNch*NjC7qf<w#%J<`BmD}$0H
z4uHuhJMllz6R}bL*{U8|nOuV3j<IN#V+^rLR*9ehQU=}Og*h56(RvCI&lGi#rD&M~
zWDt{YXC-^F6p~MXE0L~Ib*x+(AFGvvIXdwq#IYv_X=!zp#$*T`KRC@Biex!7%O~%u
z;n#TBqe)J!GFD|!=5R9f0V6z?jdW1M(&}1P3r15bN)t@Hnrq8eEmdv`3~WtK(L(D7
zM=5@Z_F#U4MbB;&CWdCMtr$7pTMe^kzw=2*4o~RdOy0$so)}RKwKKx?2P9o2V-$U3
z3I6a0caT$Jc?>lvJtwF%8udo(v*HCt@2G{RYQnKMe(QngQ7n)aak(Hu4|4XxShL(|
z9A*>91SIW#0CvAzFpIW^^dERkWAlw9IBQsAuR1sha?WZM2;AtPSp+i`q+I8^>)y3x
z1F#k~?D`u3UKTLQEX*7azb`yAa>|A(L<nLp4t5^VPQn)U2jKY)I=WGwmCi#4QtvGm
zsaT=awT_(OEI+rENVyeTwnYql2J1p-iR?=kp?FtfA9ELj{M@Rz$mzZ1NN|`0)-%=J
z-O9m~H2a<KbwawR%}HxdvmRThR&0_FD}Mk?C?p|j;BgdWwLyp9>ZB@urc}R-P8Q7@
zUI;62Ydx>TM2Tz|g9=41R-)WZw2*8cpazrF5x^xt6x)Rr0P7koDoR+jn|*8P6F!k;
zDCAJrUAbSArX_=O{DU_N1XAzVWbnw^WmNDmV5Kd_m>vl{49Qwr@isuWOe3%7hr@p7
z!USr-$~zRmV=ZZzMZIsX@H7rwef57#QgJi#s28+UgHJV(HuD&)Xr$gVnsBg0yk&Ef
z^zy-l6e#6)D*JY{^h#NeLat$%KpM#N&cGi|*uQ_0F0Sc~_k!*u%oxk7WXZ&(NRbgp
zlg&zNufB8CRD>zArV1p!Ufu^(wt@z3-OfO;?5A?Cr`{$4)88c^HPR%xt4{bwrv#Iv
z)!J=7f0{2=>MG0~z4p|TID#YofmgyLV+?9@v|Gzc1D6>yhfFpNuO_-AYUk<(oyD+Z
zb52j_+E{8$3)O{aC?%qiU1=m>aw<lQvXXIu38tX}pm>Qime@}DWX^f<MqhdX@bgTX
zCPFn1V_iXmf4{y9OFm~#VyfdXuv)7j;^W-y5LMRf{!m0{^~VfCGgwH%Wc&;0qQce0
z8N8;jV!JoQ-0pBulh_wC`GmA3%CN4IR_9ZONet2Uwn7YP2r$0#-{vxG4nDIdb=#e<
ziL50?&NCaWRHUeG#uun<CjGsE4ODs1V;1CqTF~iL&(V0m&|#4h*aVS-=juL8G=u~C
zTwKcuxZzi=(XQ3YyL*lLJ{reh&n*z9CGHm%Z1gTr_4(Znx!_jzUzszx;#<%Hiv3yw
zit^4u2kCAH)m?Q$;hLyGCkX(lQQ@N!8580>)JXN%PQ6xd5NhtE^)Oloz0RoT5QRw+
zNO<#6!FoF)hiekU!h$)F-L_t;0ZH9>x$6IfJvpykBE{9STJ~Hf%L+32k?k;;oMKI1
zT0CY`?o`eqc9i@XQ<FV^6w*7~o#9utj(U?7I0$fnn(4$-E6p^{xFC0ZAXRyU=5(xW
zHL{9Dt9<kxt2t`&0%bh9P@5FE?L@mF+z@nIYXaMXH&3k6;LR6bxPq%LW;hAY+Ne3r
zT!%LNt5JkCwRJmVbR(V5=i`%cG8W><W@sjX@bod42&k=(#PEfBBZ**eFgeFpVI)7t
z>!Q0Pu{R2`3p6O%0kmP5jQXe=Fa1|PFOrm1F=J!bgT?&5-|zcPRu`hF;h35xU*I<1
zVv)D`7I<dY^&&%LjJ4oSZ@e%a2SaUNuF-nl9_+B^amlizoQ29WwATQpHyWdoO)u#O
z8pxqH@&jB&81+jub<ivZhbt<Npmsyip+ZK~ov5_X2JfVSQU(;b(*)`1K`I4k%RpK_
z<`R*HtjS&?XAF>^Y}0;DGSQAb6HB&~rZJ6MIhpJnVa-JB7hjl~4-4f_x5W&|N&S<=
z<RcI-?JTdRw=_s-siU29SFRBjvpg1~q??;xK_9sNq?0ScFgmti0gfmpYJJo?<LfMI
z8Ur(?^6Dp5AX!^SwjwE!DaxI$79`hl(2zH&WhXd$zVf4ZGHbv0h6@R;oQdi8X^&ti
z|0Yymv6%hY7aAr?m1L%n+1hzgZlFT-+2rKJ8@((RN-M9nOg!To9)`2Ai}SSH60;_1
zl4*1S(~vZ?N21YeHbukarq>RMR$S@L%wY?0SD^`cyx_*za_##WwgQ)+dftaY>OZ>}
zd#&Ibzvu0o!Q8rY*e>rJlA)kQhKt2{h|bAveVzdp3=0>v4Q=H&U{51$b1O*VO@p{)
z<{}UI?8!4$o5TXo0<}RUKf^+-JM!sd!zS(EViG(s=k8?(Z#<q^wZ*bJj7C0vI5V^!
z2xn8g^arm5{?zla11_(U<5rzYPn*$BhP>eO1jG;Vd>m8{tx3dj(C>-PF;vUmc%~|v
zOf<ul$^xWAJPw#nBPnBW&>ro3yzLCeBtAgtT&*4{yJW4J@>HL71`tmXc1BnYyQ(#c
zs!M13LU#X`a8gX~J;SO;nvqXSg*&jD0{2-)Qkt2TQaeG$(@mW@iD@T#Q|yd<7^P5Q
z8NLWZ)pz|-myC4AXX0Br^(E9^sYD2fXUA;2E_b05`WOSL;JFxS^8=XK>A2NN+}Ngb
zM4|u2Q^eJvK@u_|k?UjUg%gT1b291YnC%D-%5=*o(XdQDWOsalzC_PDUSI4^1_R&-
zKzD=&JOy`~MNZMa%0ZhkY!-p0XImQ?X=!8`hJ-Wou`Qt*20~ockdQ8#FhxW(%92pX
zy{^G@6|X&ySk{EkI)0z_HZgdw_i)4~yP$I40Fjlx%3BkZp(BoiRS>_1<;DpH;=$;%
z!_KI4?xB@jJ~Fzyfj!T3+ZW<QS!)W6Y+dN1Hr+|A$mQ*I*!04%x%lA{#zu-(OtYML
zHDk6o?{#J8+TbMH-%K~WNwBzyTiZ-CvoY;!u4h}L>}ui$H8D$?sakciqQQ?-4QOaA
z%WhBXyQ#Ugt&B2~QC(t*#g{UUNj7JR>{uMbne7M#%3MZFF_<ydg3XBx8J4i0k|?CB
zzPnxPh9t{|Sym0!Qc$+R+;YFY31BI{B((em$kTUpUU|y;<-kY}3+D`5#WSYKO5*DB
zyk+EkkWe3x%xI8DkfQ=|WPY-_Sq-HzhEWw)FLnjvZF8TBt)?QliB_tGyIfcj&fT?@
z+cAksa?|#UC`-KPj7NB6%Iopja*lrpG8g0+`ENYKjfFlaiPp2qRW@3SPg&_In=?rx
z`Z-ddT6SsCgQX6W8cAW(ty4mF3Q~*|vE`;&e5|L;kJEe1LT9Xo&z&0H-8fb!TW1Yq
z$1XaPc%bFR!}%vTvv37d?<td}wEMZsAsauP{yg3VGlp!uZ9nzIK!e=Y5hgZ*jwbFx
z-G9(~tjfNAx)w}kB7mHh@@vEVZJ{76%-@)h@Z?cRJSHiL8Got+R&;VQ`NYve(%OJ_
zEHX(4G`F`Iauy}EcnWz$b6XXe711V#v_)A+1j|sj627Wap9~R2A%O8>zjAOS&M*zB
zv{B_po>?q~pSvxmFpM&|v@^g=2^%r0fac^_mjT@^A2XDVPn$?M@(X~1o{V<kqtvwR
z>sT{Dhb|=cpaPdmIwYI$l99cYO1UMgYHh{7$kz^uMRHf%w(@y0rG0La+UEwX;V`C8
zWWN?`2J@9;)xF7Wx{Hy{9Q2I551><;rAK&p`z^9>Hl0QnSnAN-Tk_4|J?x>wSoFW~
ztn$2ipqOfVzkHZ6py$L6&94hfOF#Tj-ut$_-+b<-fv@$0HgNe?b-&WcP~!LRjl_{d
z7h}|NmS&~Zf~DHdi}JzqN+xSsL_vZERIS;nG%CBQei<yL-2CcUxv|rzlv@=brn=)N
zB%7)n>{<=VrXDS&QZ*PxM>U59)_H$VEAuOF@HCV#CQkJdck|3$sjEn*g_<Rr;`*mO
z7IO0p;hB4(#%uF1q0BT?d!a@$u_%lURBHp!-9vpU3VaSA_T`BL?Y1noojbd2&c3F-
zJ}T6d;Ho0npgRxgW6RT8WbRJ-EPZfgyi?IR!PT2*``ZeY|D2JBuJXoVUL2BBUlgf4
zUiKl(7~SY`qYk1D(F+l|?*c)&RX-H9%GZ@z<lvz1za}t$e^hCFcToA}uv`P;tz@Ut
zl|_^pNZ%;$i?@fUPs)iJKlbTS(;IRAe%~<abqug20uu(*lv*^|JsU3!l!*)qQ#oPU
z%Qd|&`(Q8#UkP2X9zU$&NX0;TWx!q}WhK{l!K$p<)|iGS_-ihHxQ-f4^@Hawl9rZO
z@hg5e@w=~~=b*Cwn1dm)x*7KbEZ-^E90tjwSe|K&iHilbwd<^T*tEb{4j2bXW-LQA
zIAqx%KEFm~1WC~BD(!eOM&E14BXXcemI_c~-rj{tgbo(6FRET9>gp_jgCQKfK(%18
zXlPQ({qZ5j$L2%Rcxw79?}Ch2GhctzM!^72PiKna$rJ5ItNEhdXk{O5;09t=SuUtX
z*6OJD&8UvpCZWFe?5NeM9~>PbLov$C8v5C(nHwsz#q)pA+>Sco#xjzEWQt0{xKuwG
zM%I^>n{3#T__XkYRYaoHqCPGyJ(DXf;5jm#pmLviCwT6ODILfIJrhK=U06tF0ufwZ
z#C6XCSn~5?z$dSizzTaTrict}lbry;nTKO;QJ8ZNm^wZP4cX4D_%7?>h^fOUMsJr;
z>0vO0@j;_Pr9G@8rx>D)m9Q#U;H?VD<%cAqNfD6VKoyBsEx@PzI~?GZR{PsF^W{vG
zO{ck#X}(KL^QpDI#ML1=&cISWA0}c$p7j}d>_|hOMp8Nnq!J@>3sG^1Sg?>sTi4VC
z{&PVuBA%p8luQ&qJ9@rX{dQ9{Jx`<$8_zb0=6JKt(%_Mqo7g2SDF$2>I{^qC-EsdS
zZBz||wWvjKRR0_fb9MAxSO-dz<am7lUR;Ca&Erq(S!D)~!XKA}0&|ebtxTNuf(b=@
zLpG0R6FvWp2RJYXT!$T+vVTDDo!6a=qmO!wUX4I>>S)buv!*GdQ>U@H)$OrdReloN
z#VcZF=G&yoT%Hw2WomYOxnk8SFH(sRZ=22eOp3;98dc-<UjK?69GknswD4k&HglW<
zt?tzK_sa*nIkliwxUr2yi>?fgG<r&*ctIK<>zr)lW>5R!Mdpy?`b!IThvnu@*-`F9
z4vVB3nW`!kN7CueOvyO%M|MLun-a=2SDSfUGPB_a36ME7QwUgr4(wr>VoJ)5Kg+A;
zP#3kWT#`j{lm58)6e+iJ;=OoF+H8=o&XOcXlon15q)F>Wg(`(3iJVBfoa(GCh6whu
zhFyLVNZ)LE84()bn5}^tll{4RmC349Z_hA9Xw*7v4ox#Ef$p@+;(_E|e=zZ^F@?P@
z*MeuAP#oiCY~+`D(dy}tw{3@jHQYqRKFk}Sh!rYb^Y(mCqb}!={bMvFw!%y99Nm)0
z<u+L(Pp_NOq~Me#7cKDCMxiuH&SWoDPttI_O|Di``R`_rti74_veY%VRzG`<s?ezH
zS+dg*T4m0qYDf;6@dX)T>4l&w=*#I1v#TCc>t71R?kaZbNQKK8WCyU`i^kZNN*EbV
z>}w4lFLG%dNJ2*$BMg)jkvIALRe8x2-;nVYzTqP>j4&?u(8Z9G<s_?pXw*6MKnMy&
z`iwSf(qCGeQ|@WzStoa;d4I!0h{VfCRRQzCTjkiDTzA87<^2>D^VU|9>wLoWsdXV$
zO47rGYNOndicaCqKUi+DXu?LbRjt(oqd;=wv(6hlmB8C-r-2xt1^~H);>?MMy`xjJ
zvJk0*oOWFF*0s<WVEG&-oO2&tdoG=K-pQXl7L7m%YTu_^t3504d?ogPDrFb|DHps&
z+Dx4KrJ-=-LGWd1bxm3d<8W24GYrE>s65W79@quqehakX%kU2SC^s;%6Px%F`zQ=#
zr+{2VY9-W<5IMZ|ydm@sF2)tzqTNmRe3-EcRer*?$w4|xi;04(S*;y5DmyLFA7Us3
z)YR|`#qc8OkHk_Q$(U5Ol=H<EveBOB`>9Qrt={Pe-Pd-rJH3Cxd6Z&5V9RBQ4P5ng
z(0{9z0X#*vJygV@-+u(gZl8})y1*zJth05(Vq`CeKdRg}($o44F-Xa<4Fq%^W<S>{
z4eUajp~~Dy3>$*x#a6HniMdX<8;o#>_9Jg8*j5cQe;ka*Fg~8hdM`fZ7mKU7%tafr
zZ7~A0LXwk74`()5I0mD<H4Uk(<6wx%9oRGcRH%%sfi$!By_4~5yBc9mFKSCyBq^d2
zH{XoF9~s?qSUzp+N~insTwxnO1Hj$Z3sGDxB!7NUsXl+v63YcsX-h0w7KI0ke7$r=
z!eWLkKcnA3;{+G>l9k;hH-}ctq&d};2!oZu<a`GtWm$aaW-yo_Nju2<vN0%X!jnC~
zgjoM7N5i?}_t_cJshkHfb0i6of*gh^bgroQG`r~S6F(e094mOE$$-`kz|d)q>QHEh
zH`2?lWC0W;G74!Ut%^8~&HzSksGvzn5|9bsdmUJ-?fczP5C$h>`Ax2>fI|e`35N4Q
z>+%TDCt1-9u!RaDp2>t(68l0!Kbqx3zo*$#2s5=@)|k6T!C(LgAr$4sHyYgQfpSvs
z2JC@M9wRDXXgo}m5jziDE>qWy%Of%Dtw*-E7{e5Bcp3yfaXP`}2nr>%YQ-fhO_{&P
z-#l#}9zH8K$gN{%IDFO_?RLf;?(pbYdUxEG+WP2&LA%WtWqPe7*YdOd_H&TfdEe`>
z-pqY&<V$c9^^K=c;|Z_F-82oK)Lw3!COiW%5~6|IJjNmxZ#pACKvko`*?1ifD1%v~
z9|W%naT-bp6xTg7TAZI$dZ%8J28&#Tm7i7GwaQ*=Gyb}P>|)bmhums9=V5nEyu%eH
z9CkX=d|05rIHR7Uu4KoH#e$=7QrTny)3U84=R!`MP?*iY%?wP%u?+Ou&T$M9?`!*2
z9FMK~VFGra)myFl{#DQ`2iLW+3$L$%)+^zZsyMy>W+67#eGYCTonV~DE9Ua7537I+
zV)l@^j}G-m9%|!3a_vu$uUC;@4}*{$=n_-w;L3N@!=nr13ufC29t>i|>y6MdYEsCv
zN{|`-IW-NInQxHKO7FtzJdc8BjPD$tgyH0@g0iMsHC<#lnweCPhbAm#PpHof`E*{N
zrUGIMq=8HZi&E%Y+@OHjK{IA&KJ1M1=<$fp<`AM(y8(j+mm~SuEW}bChGXchE=*r)
zqTso(hh~xdaORn0%`+3uJ~%aywRv9~n#)OM+3qY{BwCH^;i7|~k%SDLkDN0n=Nn@l
z_b`Cl02wJqG3yL2NQ}?(Q4ud3t2wF{U|UIIJ?;Y%AtNlA&Hj+6MHJ@HHsq``3<c1m
zKUTHjW+PT)n`v5rX%r+j5&muhw5m0W2ihD%MwW9LZTPR2?Ifd9|8z3ypb*m0;)NDr
zGMY%lSrFp11c>2PmzJw^@VpL)9w3XURz+bdEL3L+r*DG^9w6+)kn3IWGN;>_U;_cM
ze6A2P&y^QrtBW}jBLcKJ%c9Mno+gOL+3D<TTe#5T*^^6`40O@rz)zE;@8sfnSrUVm
zkUwFMV>&ymf0Y+6pgV9J$pt3zy1{84;~^8H>gXLc8vDl`)C0+J)@73^;uLyJLnqU3
zUaTDI<6d~yBZHPN&m+s1Tp`D8iuP8niEwLXyDX;OOCx`eLqLX}rv_6L!%-{Bdw$3c
z@$3kR;>me_ocHkOZ;$=clOPyl5WlC{1k>DDv`DG@D<4$%%PkfEqvMl`rQ^FYs!u4I
zg;xzI7v%vV)z8W8V!6}=(Eh$JE!Mm*apk!w7p9SY(KN4#QcKT%(bOK4p~IAZ=;g8W
zL|^ozqBKsaI1$9OD7~=Yd_glk!+Cw>U8ax|=_VDGPVik%@h2SD@>hAJ{Cdw_{vadS
z1*vAWD{feo#1GIky)nClSDIrdvu)a^ExhAP|9#dGdaZ!tj+vb>#fSxKn?QXU(fCK}
zboO9=&(W_|U~CdNy!RWe*}?P%*L5@#pEDrB8h+j#b>2$KqXeM@Row;ZZSRy1iGCx<
z@+Uzsuo)*t>2`LZsp?q^2B#AE^KWYHX6w6JB^Na#>2p?m{vVNizOFW_&&cK2ECc9$
z*3f!b&D-h<g+<*P*auT5z^D@#!?E00wb@-Gd(SAtB~+=>xuxF2e=RNA)B<nXm4C2%
zlBuQ#4N!;UbYbe>#x4y1!`*VLa!|)WLik*+)plM~YrBogfqb*qDDPK9%rm{lJtV0f
zd|j?p5s=JNX_RT-KygWQ6AV*s7nbgwx6(R`>;pQds6|JEmH`{GDM7l+rY?HFRuj`)
zMk<+4xjTj>!jzO-siahLNXbtz+Zp*;50Rfcy!HJx=ek<__p@u2F+2Wyab>lz=Ei?7
ztghV0f4_@s$%y}cwuvt4yb-K?BTq0>BfsA`e)Wce#L?o>TPen^MYjqeuQVa+ko529
zfdyaSVjFoQnGt!RKk`_if>2J-Vnza>^XB7`e>}l8>tt{q^f)&B@dd#+_d2koJ#5s!
zuI{2A1E0LxAQaq557}yWgu0d!pHF0}!|$C5{2qnkt!zE6jVa!l3N#<-XQcYur|o&a
z%Nuzn4AjJ9xiWlnk1V88Qm-Oom=ju{<qU}0=!Y6X*cLoz?2Wp9r*FlRm2e<U7d6g(
z)HdTjfcCv`-sx#IA=ii%DykR+kbyFACx8x)P$wYf-@;JHTAiorC3RUnk?x?~TblPW
z255^pl;-ld0dfx2#3L!4(FhpLg#uN1H>3sS<dlevY9NoApyCA4=MDZTxX=es`W{+!
zvPK=v(f}Knc?r5ZT!K<Y=qCo+97=3Je_;Jd-9U?5Ow{+}_6WkS^6u)1|85C-B^V6@
zX~*Uv{f*gjO;KB3+@8l94!Zt{GR(!ZT{;fei*|cuxmZ{!6-({C(oV5mEbf-t<;RuB
z?Tt!#WqpSkX&YpWo!ZfEWw)J;;(y-^P|OCtT8UzXt2d(XuCQ7t8gao@JaW>;ln<*E
znf)eF<)w9E&x8Iw#iL22=;H%<BD^?14*H=uM|*zg<$-n#!@<`g?=a0)4G4wCEs0E_
z&WlM{X*pm;Cb2jiKPm<8vYDyuGT06oD4I3Dp;iv$bsOc!jQp~>vc9o~=FU-Qd9+8d
zg3Z72aQEhEYC<+2v~xE^<{XZDTdDEI(8HeLL{G>s>r;XMehspIy%BkEv*VPtzb>|$
z)qki6Wi*rgSz0SdWhM^5lgU7ym{%kacO}F|-|BnhXr`d4gLff~X(jbTEUtIYi0eI^
z90OD1O%E$p$yV&uHA7O`!n*0WX=+ePCl4PAI<o>&xSpC4<5F(RWyX}?lj^erDk<LN
zc7$wIQ75hvI?s_vd*hGB6PPgmqk~ZFh`M&(VxgXzDBT<2VfN_wy>fc6C6{uP@@rm2
zm?;fwD#LDOCo%xDPn5B?=_av8?Ve;W!k36Kn$&-{)p<ASIgK*g2Z<-0khBaxSrG<>
z>xt6zQyRUNgpr&@`{Cq7(s^aFzskAQG))=hnw3jU3azk}@I5gKK~ln)V|ORfJU8~U
zl23unb$9%*OO%kdNJQa>Oz=_66{}Dk`NMo`1hI%-#sdoRdn@?Rmf;L)hF`mw?>b4z
z$?6S7($i>p3K64eBauSnD>~MLmv%ZY12e`m&v#aCWxcWs?`=VjMUBGU!`bGiB(L4k
zK%w(VYHLNGQ(~&Ql4AvjZZGTmLz?^=wUG|_Rq1GLt^#a`WG5waN5A7Ki6|h+HBYE)
zcXVm<9Bat|h;PMocTZQXV9b@1Rj27LoSfRk{4C9^#}tg<LQ}2SjJ*?Go6C7D;+pA>
zo#JE1Jf$t{6D9OrMDuzE*F+Rjf?R>gXcAHwz;fD$a<))M78D3micntQNjBiHgtT3x
zPDk0&h}=t}!7+97V=JC?x_TZOY!-kPy>ci@w;!w#ndVB$606jCt%Oqx@+cNb9m*J+
zJz_}d3s%}Am<;q@JXz;{<NqEe9&zdo=v-A#m!!{*1x`NpCGvH((K;&E9A6^Jd5HW<
z<w|VF4yA>(Ebev2oh1A_2h(nR7R~B0>kybe_(eXC)vBH64Or)o$!Kmf;+WNeKlVF)
z=xfD<<?CtgAIh!zz7tQ|kvj2Yrebgk|GWca9lCzOr~iL=e~GF(F{jyY!WOgLg@uL4
zPZY}*sycib2S!b96J09G^g_ai$a$N5hs#~b`cO||^F3VqBKI-m2Mb)Z1P~FpUI09+
zzSPu~O<KPHavB)5JTSq$=om*}Xy2XJSyO??xM*9mf$-tO-c%^gX^<^8WRa$u1O{~$
zh%CJ!qYVSh{g?#M<RaH-B!WiEO|%Hc5TqxNdouFEFB#p@ie5ob!i<z%G>_FqC?7h~
za&<6XAZjv$Nksl|+GG0YdbiP;95*(GpiAGQ*bULlLLa6awnc;_eV5LhBHE7~9*Wo$
z^CNpKNv=Woo@JL{JIUvnNMq2Lhs;zwTPC=b-%5rhk`6ptX?aLGdv12ss3o|eS^5f@
z)RfI*b9$S30$?i%w!7yXIZ=qr1;u%1m@o}57_(f0gD1IEjM7}eSx;hPjq<MOawpo4
zL`T7qmhtwqtv~lJ&h@W(`+vsoJfP=VWz63HE0hXr@%=yebHD$0C)ckY{Q7|qe?!0j
zmtQ}4@Hzbbo4?`b%&#6i_`m!+_zS-U+`pyt{{wyd=U-2Q_|NqJgMa>K{)7MFEBNPM
z{^eib%}4tG!N-sM2mixY_|IjoU#HXNV;V1EKSnQpEuYi&XO%#ImI>Tv{PEw74EW>Y
ze|Mhwg;3c)$`{5ny)d6Y&i=0QyYLgsH|saAJ#PC={G`nU;(>_*OszruT30o~di*&`
zKjry>^N1Ir=077P{D+VK_TYc~_<ub3cOU<^2fzCGpW)NLJb3Uw;r-7K9(<{8$nqcD
z+x)KbK>q(3;QYJ)<H4_g^=}XUPrv&3;Q#*M<A44)DDVIGE51MeJGlR6q;sTvY>1-s
ze~DL9UjLj(=Sbs7>sO?6i9Fr0|6LLk^fv$fm^Pl(cb)!$jeP5s`<JTp;NSkI2M_)?
zz}SEOzw-Sr|6_EkcliC^eh2CQvvL3LQxS51{n=etng6@P;kC+`J^wEkLD+KV|KeKV
ze*V9U3&dcji^V2tzR(vBpHdv)(a>Rlnr|K6F|sou+YP<n%hGzSQa)&x$wO=z)`(=;
z!5iA64xXP`B=Z&8N#>J7^7yVe^Ey59uba}^h)}$smtxQFd*P<BH!j`nkZA$x$wXs9
z3lS@Wkv<&v`u?%KzkZGzAYJDjtQ|)e_Pa4|^xLlhoFCY)+-Gkz8aS_{PZ8^7dL;Ld
z@@Hw|tz&tYPI>Rf-e@4wJ8AKQk*+`K*csskHPm|7nY@!P-$&iGU;dWjDZ_#Zt)Pkp
zeF}Wxn|+E(+hz@w^f3QLF*+vRtkm$}1p3jbAGJi0I^j9{xca&?@=+fI{pIM;wie`t
zhnVGA5nn2?QZImJYLE~&N}3+5I?sX;tcgtvG-a!{m4a5bIiUQb+Exmw^BvQ1o4nL|
zJxCG^PKEc*AGgP6c+hAoh28i_C+r8XCdW9^;*s$aFvYrtz2Ge>U3*@)-%;UAf)hhC
zs_eEn5}CGP3wo2jx0ynPBDQq@;xbxAsTEm3y`_2`C8dogNTofzN;e-1uzJ_(R@SsC
z4XavHC*>+12b1yaJm}(@n$ww#1Jn+5>1<@Afj+(v$Nr$y6^n~vw~m@jQQ57w#G|E@
zr4E@4LjQDtr_TZRb|1Zbwf#d%l-6@%eJxik!r#YmZxnJu6yaVm?lrhK;C?Lcja+e~
zM8AtG>p7S}a;4>BuC%h6OBGA2Ik5(J5fc`odu=6GEETAbVsS(MEx-+h7ofn$tMGf3
zp84Af{Z5G$Ot2Bv&;*)z1Mu|~`(1Ha|4z9tZu)#pfNl*}T!5=if_cyDQ=e1w5?u9J
z0^D#CIM1cxrJosKspKSZpI0yaECD)AxbpL37obDb%Y|z{r)~;>?iCl{%Jc-6dv-fz
zr8qUgRi7^jur%k{9eOLvQxjbE`H}!vFa4alTn3k|xy-@s<;Tbmi}GI6j1!qAGf#yx
zhhEp0V+Ezm7s!d3^R8SPfR!Ker5K28;_~X%0Js%^{HfUhoZICxRDj)z6wfC`##I4J
zEy2CY^Gu;=WV8!oe6Jec*Nsl0>MzSCtjWIxp6yhIqC?E<I9opEX&0tp{#^oqFdb4;
z*Ejg@#!3XFv}OZ&44GDOO2t;J%YsX~HPk7yKGNKa&Bxjn<Q$wh?M5gun!L)mbZ`>k
zOwwi{iM*6_VFConff5x~H6Ew+Bolqn8UU&#DeR00@ea;VenDifDg3JEb;dQ}A3I}}
zpEt0E>S0=MZfvmZv$4j1vGXuJ0w#cK40OGynjE!1YEp@NlxTB<?x^`2PTCcT(`D+Y
z6t{iF!I_h3mK3J*l<ZE4SkRmvrp{Pr5>n}7lhotl>{=`{ee!$$hA2TnGosmLN(Y^?
z91|KNV&+8DG1CfLS&QzXZgNt`#HG`S5*$8hP(mu16p-d{d>5Q?j=v4sOrYP?rDzR*
z6X11zXA-jly6g<S+v=FqT%;o)J!U0GBCb><GK$Ep=+rRA?n?>p6(N_5-*);`JaNIu
z<cyYC^NrOhSGwJr0g6f+20(WaBb=#p?Xd$4aQV2XpNo&p$qPnGadp{9T%-<)N`&W<
zYVwAiPW~?G6@coLk~4X)Y&ZZMyly-;zLjKwCH*eNO)`6LjTVmlt|X^R<C##RI&8%$
z93=<6B#=wmjmLJ4go%=pu>z3KRH2eipCY0*6Kpu8F0a@HtQRc+F@VM8W#h%NQA5sH
zq`B7sKuunb(yy7%FwtW#acxu$?HZSgJSudJEu60yI4?242<asU$&%)1QKV|H4h1N(
zS!Q6m*Ndu#C7E$b4Ui|UtwjaKDp1Ttaw9TWrvw{kk|*jK0@p$D`LO~B&(sG7Kn9>*
ztQ(Z?qQE2}^*xUB)K!r_59g_?BAtiY^a`Zr*Pxh-I8agn4*Mc=4^#}6``&1rF%^as
zOp*0dq?UT*jYj8ap|ik0&|eHB9|s)XI8%f9zzDm9{{0sicEjuWXkJsFjE9qiLj04A
zp>E8Ilac3HZvZN0I`zgJAOOose_Q^#e9)@2YxU=8Okrd|AFQOt%(C*Dij>j8A?so>
z`vp}MUSYUuBWEtwCX7UcR^JR3sum0ZikT(d`68Xe<7UBROi;b?@#G}KFO*w`h15c4
z@@^gkz^n}cUPPWGdXr%()5cSkgFu4M=7jMAvzw8x$P)_o06FWayz`ThU&RB>=zP`d
zRo<~{%*^M8P8hwnppzENJDh}P$3f8dIs@I~9P2XabHO19=?<he>9h!P1|J_$J&f`=
z6!HQ(<7tn{aTs<0`2pS*(nXJ@Bvoel%AgezLJ_Hjnxs)exTGTd-9~>*nVR`#jJkOH
zl^@v8iYCl==biDH{f3TT+OPUS2e(x+?43iQsjHOah$!lpojv&`OQTVdeQ1$=yIiX@
zT14?|0`85`BdH&rX|4O^%Fr~CT#g!E)#hIHpxS&<*-a}nW04~{rmtA2%?grBZd7)w
z<Z!Bf)H*zBS;dB49}6Axd6}rp!36#3VRn1ZWp>+SqNoHUCbic`wt1Mh7r<aVA?TTi
zA3n-jBuK8Ka_Mc{@)}tDNN%;r_})~TZa<LpN8=9|128>)iN7ftYKB=Mzhx$vT4;E5
zs9SIRWbA#Q9I|=s2Bz%|dOV;qhF^VZqiiAv+>KWhhU$V1S-X&miq;OEqB0lS$KEOM
z8!l9ja_t7nszxxhYB8S)5wH2C<D*BFCVIB^>c{`Y4()6tR1c73Tj)4uVF&T|f=(wm
z>9U$TmJh3ygI41^+)hPr>`B{CQx0|+DGx{9n>nd#hfQgL+#l|o_iFxNT1u=IUjs;p
zHr3=S42iT=->q+o!+uA3K0uGY`P9OG^SR*p`9*nWr&1GV<!;yOw>o4ryC63XLqgm*
z0M<1bd+(UBTCa3h@8gr~X7sCt11H)BPndJ*Obe6rb8n1C&nlx)Fv^hE^h%>qZvgXZ
zRLZ;GwJYCNo2_Qn2nOUba2X1SnQoYhZ4p|>4KVMaHzMx~rh^Ax!K24b8D-eqKNK09
zy<?PQL9;g6HfGwkZM&y!+t#$FjcMEFv~AnAZQJgyx_!?1-m~sn_t*XYR7Pd)d}?RJ
zu3Wid#}h%CpES%qtOFqCo~`|>X2~L6oR8UhfEgu%nt_C`ytQQ|lM;y0XuVqS=qNDx
ztB`0uGLj8uVSa{>+qnUnZusxQwB#c3^!aZ!bdbeW%OT}470ab9s1A3Vo5k}(O)Fsn
zvV0<l@su_~2+`i;s2WtriV1I|$0GdpcvYgiUzWjO&_;wXBSMl;PKRsRU4OZvWPav2
zsoG3-|7*w~SE9vW`e9(P$sg(CF_WwjTJSHcWqwPbQ(npq+xX_x5IWn&4ldQdo@Q+C
zr)N>M?Rg@-(PTsGeK#>vGx}}Baj_?Hp)<1UaM(cfzn7n^<rlr8ks;Gz`9TR@KkmgU
zp9jbb9sLC)X7k|VXnBFSxx^~k3{sdar~HE!8cUi(q3V$|Hw4l`?HnfPp@j<<b&-F}
znD5=uv!4?zlAZb7Nqk5TkeVOu^N(Gju%Y5BoScK=X@5L^0B-5q6^4GEJ`qIxfV4kD
zM=!^4@!`4bt1Z<MXp1F+_t#t@vjc*E=)4{qx|M|7iFKpfcT9HP);zvq!G<dF@U_#R
z1|LLrLqh}`ee>yrMlF-(w6OWSr;v46jQreL;yA$Lu>Rt6obzhES<9rhEkGy5O5j6i
zh3Sj7zuIgedE4MgDI0()sj>@1Ws-L*^Ox*e{}h#?|CQROTTbCTmL6XIf#romyq>Of
z6RNFspjI`Pa*gYD-sDMIQ8E0JtnRlarEfwa*nJaA?UQ}};z)r-_O;C)H}NTtWiIRP
zQF9n70@c+jzX2P@@blZ3(ac+_w}1?xd<7mnXm3%*<OF!I5Hmg`_`g#R9Rox(o^#hm
z6j1EWP9avu&XtXDp#y;=`zp<@@Kfuy>-h`TA;BdPB6hfix?M!@%GEkdc$qxV74?+2
zOr7Q6Ub~6N`?UppC|tpcmAu>%J@Lh|n)RTHA@unT@hmi`V&nZZh!TC&A(#8*KPmqm
zaEul6hhPntOvt56if#Tg@qU#I59Xdc)m`VpBIh7Yi`oof!iw26@|2$<Lou2zlv7H?
z$e%B;{<@GZP#55<ykxnf^_X$|rybU&O1~<Afrx;Wr^-E9c>h+pX*ld%HZCPF7af+<
zp`{r&{p)zFON4}q^Qqz=sn?~?AYXX4`&x<%tdJ7N;>a#zV<8yp@?bcfiJlZbDF$Sl
zXPmI|oPHuWkFrL>#2<k!4*bh#ci9Ft!A^Pt)&e&Yt=Q>xbG?z}2tN1Teare!uXAE?
z2p6_XvA|v~;#1G9Xjr}GtL%E`z<4G5ODEl@R;&>DM(R>sEVp6%TUPo+F=7c!jOfwG
z<}8tF9Mkgw7J^(|i2X-s6U<8KMtJ<CQom3l@Tii(y&|+dM?(%<z7-O4LCdC3ZBPl!
zS||INic<kV)-?RQarA!NY42Y;|B9R<BCKc4dT^ssfO5f?GBG$N2AXd8u^gFHC3XNr
zn?E>4#b``Gk8<?hMWpp7Ei2UX!%Ru3R!v}FoPUM7G4UZmhB~Zn>^Xz#VMn&MS)xS9
z4HbA7K~3gueItU-{n6!-$`=!}ku9WHfpoF=%v@%H@)r8Wr}0v`-S0NfBXP(FLhShg
z5v4b+uhJo^0R8n~H3x@xI``E0={$t##tEz3rJgA%k*Uk&oWw~P@!EQ(Jke0iBQ}G@
zp0cIfiv(RWU)&UXd+0BtVjmc?H@P-AXC0i?R?f@E`)yuEe6PmEJLv|tF0f?#imJkS
zbY`ZApdYY<L@u4CnJq(+i2@cb!cJs*^vy-*%!nF@bYr$KJmTsAuU&TQKAqhto>;9!
zn<WuRzxibbQ0Ujg*PM9TSfuA3E~M?F0|W+^I1G!9uLar$&eX&@3gL#@Kx>;8?d2r1
zDK-_&grEFhc4+)v?K(iX0e1?YHQ}>*aZi{rW12vM*klCG@o93Yf%2%0vde{`9MhX@
zJ|MS&1~<@^|7ON{#t&0HQtaeY!>Fq9a~JTrg0Jh?(h$<#dmF6SopQ34+1H*vv3mHR
zrt&4Y*|;X?CZYe(KK@GRTB9+H2fP_->UWw1itcR#KeBaYWRwnP^=_h9kVA+F*+&v{
z2(e1K7Ju{`+5qB~HdLU}2!Nqe%X7b*wuklV-i5C^{ycPiSv+Y!EDxA2jEU;0;b%6f
zy)~0Vmr|W!I4o`Pbo&>H90{#3S!W2CWyt&R5T~*|JZPS_ZVk7)hV4B+o5X2AmH0IF
zj^Z6<zEuvJr0v$>4W7O$nUu_L2L~gL7o`MdI~{o7Vy2AKvVS~FEsaCZ#E#F<g82yr
zoHSWKh{?0X=A<*OOUO;VIqH=04?c<3HENHG<LQZfO2HstR=F%|m0ehtln{0fh50S%
z-4!q7x*Lb-tOy03RxQG;8DDL%5V;5~-$A3@v;RVTH;fWqbg+@S4n0zdc@~)W%S+VK
z-BHWr#aemRiuUPG_gX!zqRe($*>fhI9cMvyb-7<gK1n6$CrN4mknz{fSXZl#tE<Ai
zk5tN@YaMw!`KQn%$rhd|WNgKr*}EHUTUXR85D$=iq%~F)FGZvmW}Tu}V`LpaylDy;
zo&Q9+pBGVSwbq4{y5K=^%6C;Mj8iCQq(P=KIWpu7b{n5-+{8H!*i#++3O2l^B(@w#
z5t?r@lOY~mESjfkIgc)0t?|>#6Zk$|Y2qgX=6?tNZeOT(axT#hc00mpq3?2e@)pEr
z&}1f_`(bqjaUo@^A4o|xOVHjZeX^vCwkdPTvGMV=<s>(}-;YRx?Hxs!vBMq@rF>4V
zqR7*vA!xY=TJ-3v!p2M|yMX&fX$3yOo<xQab!wMt+>K_}WxCz#Oq@Aw#0l15r{?Bl
zL)(VPBi|g~nK@_MjC>v%J+A+>ahMSGkDFIZDWK_|<g<YSV@QLn^}rWwJ-n?bMLhw2
zkd+np(X6H3&3)1P?mI$?<WEkuU$D@*!BIr4Oj~j^9#Knc3iu$u{bDQ<H8K-GeZav&
zOIM$HV#x?IPiv;U>g(R<H-Aflj@C52p#1OcHFv&EU2V^gXS*Cs64BrC0$ADYa@y2~
z|BP`Hpo$RkAoI@qR-S5TIs{?ua01AFT8^R6m)y=g;$c60%)JCQ%9fE!h;GVe!kSCx
zjKv`kFG4)|5Km$0cB_&mI7vIo%=#Kvg8Py@D_W`NsxU1kMI|S$e$2#{cO+{+{hMcV
zlC{a|;_Z#1Fv>58d;TEmR7Z|GN_vEj8LsZGtkPy3#v{|pEs<Vri5$x{v~$3U8ctjY
z$Mht5uw8uX+UYq1+pB%Deg6L3w#4TbEN7#g!y)!u@m;0@iZ-d!6MlA91X}=JJ6V$!
z)>zpq!2d3>KbRn;6MZ{Gb3X6hnCwu;ZC!SL^ZJe_n|h$cNMv{Kw7ogidruvizR_Ha
z<vQ0>>qjU^Yy#?SdD6kjpC_+4SkZ^jI#7eA=Md;OGV*jZR?{qpcLVNnUbUY59v*vs
z8tL^!aeoL-3@y330ZUxI{c^t<qR<=_?QhhP{#vOb{V7jA{&*?0Ym3s>49`SEWFGo`
zImVvWWoKBft5muJls}8x*BFy*v$+}{Ei!C;r&_go%3!wIQqkm?=a@^^>rk^>qH$gr
z7jtwnBfg4A#$bn5Nf23At3YC;Y0~zwUS}t@tH)rH?#M}6o_`Uu;;hU`Lws>$(G|r^
z%W9t6W(+)(gTD)EPUfg=454An`O{{&1bSA?g=hh5C8M%{fqLGnUAJb1eSNRmTBNz2
zTxKQ5BZGlb&`6OzcD^hX|5J3t$;zjTi{2H1IISH`K~JFc+NAP6XmR>fQl5*P-3qK^
zmo!J)8dzM+F@lPCRwmkXTdk~1-8xnhqb{xAC=N$Ul3>$4y3L5(>1Kl88~F^r+KPJM
z3E`3zD>5RFPHAGSWa}mosvk^t1s-Qig8g>kbR}uh+}fEDr@oH5CIuUB6J92@c2Ias
z|Eg(RYB&TLwN8QmtO9szE9v-{XgePB^AtRVGSlS;i00Kg^#J`OR`iDaT8j-nU!N{M
zUXhm{d_F_J+m}1S>lz!qhZDc%vsNi=jT~U)h0Vpw0}x-&@6Q9U2Jmb@HPSP5VShPt
zI#hG`u(O`42KJ>z;gDM(F%9Ae1fNz?$?-Ge176Yd&CoKc_jp`6ZrJaSSl{jN)hga{
zB0n|^0&D0hM{)}uRdNWqV%@*cXMiXk;v+1=KA$^4j=h>p`4a^Y><=$N;Eut01}6|V
zb8dyfB<9O+{@u@`%H_Lz=*iaa3OL-e41mr#@%s>(dH`Ag3?1K2PkwF^5->%2-D2|%
ze1TraItZ5bvu+aZ0$^Uig*LwjcL8CNpQQg8d`10V>1WO!0OVzauq}?XRnXgXI~bCn
z@4pZ<UoCDCUZ7hA`@jCd%{ch^e~@k>Pw!!0BRlv7ee@Cjuavv{pT5}tnE)7#<_Y)!
z-y}2xkKO&omax72zlW0K`)??6k^h1Eb^U)2mHh|ezt%I3^gobwtb&0St%AK@Kd+(H
z+(Z8BhWC6Okp8n&0L=eN5dV>UgZ_KModiX~x3YS_lu#!BN40|w|6jcaI{ydsR^opp
z%Kw%Ak1YgQl>SHG2}1v~LbBzV|0q-#{l9G^(Mp&#@PCXMDEJ?<1`785r|<vR;xit)
z@4s({3VQIn)hzeF|BsRW|08XEBPgcqeE`~fe8X2_1p%}Mf&llx$rZ4_>A=U4z8xRH
zg#qyWp$GT#P61|LdJV|-`l&JZ^tP*z3Js#x;!F#ZY6F1=80q;?`+V;Z)USpU1Y8hq
z^_!ss+|xf*8Vry?zSHd8*Tec{!0#FWU76TFYJAyWSNyVdJ{#9n;E&aIN79E(Ak9y5
z_4w2b|J?ayrGIJkWNbk`lnd5?0^e&Ecw=jNGS|Sr#fD5|n6yOTit|129Ww`5e5KG2
ztbqoejSvDC{L49Tf#F}k3&HylK@$J9uUtt#@F#Sm86!}sM_}&a2#_rmfQtJM{?ifg
zDuV+Q2ecgsh6Aylawq%}UJZhJWNv#P02LoM?FhQ_$mS<juE)RFoB?wWcXS{NCxQ@P
zZzs+c^;Qox6f+)SX)M5tJ$5g&G4a78Wd2TzSYyl}@t39hks8`X!8Y;Kp`FFg)QcW1
zkmH3JS&)abmv8+7JgYZWM7IqDXI!Pe1ikPkUpiK}p;%^sGfuKV16@7F?F-<|e!Fnm
z3!yorr=NOj>~&7oZu!j1+?HCv$LaNVdsEP{BjMH)d+kfOwbi@k<MQ&|kMz<0-yL59
z?Hwu&|L+Td@DbMntRZ&|BJ#ts-s+<ndyzM!>c3XdpL!Cf*~il^fF+9U-`N*sSN5;;
z%Z9{a`lpn}lL{8?J57Fi7I1D;<tBvlDL{&92MBxZ=aM)oT{2H%A-ta&=3}~0o@^UV
z<}}QuLX~7ky~@qtx_$bV`lnDHG#H}&j_A4Qyz7d07q}BAh0-Q?6wg^bixS_qDv1q8
zTq)Ocs%r1AR<j!^N4d9H+Aa=@4#sQurZ?VhDl&E~YbB1j$gG&ioUqyNME%1ou&YIh
zmh2{ar*+=U9KDp_%8wMl{BDO^{4U(G5S!x+_JgQdOz`w^RzigW=AmSJ6}NM&u%{ev
znFbL~JZTzE=xQQ$Yw9MQa8%GPia8q5=ZPlsUV)@_RRVnX>|Kl^v!BW6b{zS>*D`N)
zs)f|=(rg$sv~9Y#f-b}<X)X}TSMUhYlR7BUcMd0c%No33V<lEQRD%B7BA&c(AXy%%
z=rDi(ah<Wur^|P!`{l?<HAZzR5}Ss7;HAgEbcDw$EhWzkxu~x|qg3#;%8C5=E*<2D
z+z@X4Z1=(-Qiv7B7iU{PQcYHl<WV|iB%aPyV(r@$zPF#rNYjy|-}PJVh4z#hno1Qa
z4C2w@-)x)-u^TUV2n2bogs{QCir?&6)J*qvZXuwmJ76)poR77)+tFQf{v2_p)!i!-
z3RQ805ivif)4_kaF(LExzxZqE3W0a!!N{wQapR_0hs;Rge4G&QKw2oGo<$%Gdr(dS
z$@B(;K*gl{C3})w$QE_qBie|KB{+z4XHd7oxVXz3)E6t-Ad-$YQ%KXex~B6qiOHsh
z7s%O#TzPUJ2tD~BMG!l^w9aSVr4xY9yfyr$%q?oecyBeWo%@5|>1e9au4jN-V^7qP
z9OV;I`C6nB4>G||MaoiWg!U=RoWhO5A0Xrtg@4YWy_QZkdQ}S_p&p7KA>Xt@1p8Gp
zcyeC92%w9vUpQ6Zd!E`Y{=Qzej3N_nJy>6rZdND9B7Mh9;jAr+w4~m8!c(LeG2y^#
zS>nJg1s5_Oz8JMFg`64qDKXZc(f=6K_cH!j{<NW5zVX5nC`VK5b-sh68{{?*JJN!<
zfXq9v5$sOzDBS}0Blx|Wvs*3A39g+zP4MN%hnRuXC*i648OMYWMNfA-4?BQV7YS&f
zMNcRAqoPGC+-k*u8<@Kc9QFJi2~)idte~B^c=__fT$u#CKvVXyyZRopO8{sqtJ=SM
z^fe7SQi0d|?Mvu&%1PAi;g2R2GDGvqXLVE<oRLLS$@%1R+t&EXL<h3(`Z%y$$Vpiv
z<Ao~JRhBRz+d}`&p%3NCBKvPwud?6w+|Vu{mk;h*WeV|hqs8?4qdJn0<qO7zi<mAR
z$}PV=vHgOfjoMygRz1~h8Nb_&yM+k998RNEse0|=sEm?x2GTZKrvYW}e#fs8Uul^7
z8do(n9tVCtO=u6mW^X~j&0+geUCD5dFsC3qyrC;2ZMzYfRZ+{Q5bodGobNZOMANLM
z;PYi0RjYgigF0m2p|3s8n=k)DbnQ%$Zf&rH?064iiogj$f*>ISwHvtadHCNzxkm7i
zSS&t62Mm9Ba+-oXJPKA6C8q&TyuN0(bX%l%=3Zk@k1b3=68mZwd=LkM{YG0T`%XIp
zQR!}Ej^4P95w|UqP%D>L_yV@A?EFxAcA<9I2YT%=;xL9WMQ8TmEPBB@f7U@c2a1>q
z)#l+vrkSY}K6uDy%#`#H##tM%Ab#@VKo<BqSPKgvD_AY$#|j&%f_j4g?apMv@)X%}
z!XqNii>UWwIok=!+~*`#rJ=m!GY9=9c*hE%HAH+<U#0A7An^jy*AcA}aHg!}4Bxy3
zK+_7VWG!4Wy6{TA%=8ytfp*uRlLx>ebPa$GZT02@khd-25jbHxr?{#~gHZ?&oXaO(
zS{LW{%s=m0TebQfIivmdyBu(N^J)>d{ul3n<1;9nxJjkp^7F&PRYJg3g_m)0rU9)w
zPI3&s*HHsxse>*{ajfaQq4+(hr{UJC1**s4Wv^kGLj4S~dr-QUD|iIodvmQKIal;t
zY%^Lh_a{<++y_Qn8>A2mZxdagm9X!oivHs-p3i|7#vVVbG(~UV`G>~ibwku0hfK}F
zKI{pm0_0!P(plpWodQo`_&@pYrN0=tV2g)-&6GovR||Ik^!uUYBP-J?xZ5`=)oRxz
zV{+CrG`+utWtmO$^~uhpR0rdeq4YXDm6k{JOHgD0?;<jufChz}(xEPu{s8eMV?7i*
zJ8}qB4|$8OW5)OT=Y6Wr)B*6V1+ZIeHu(V5r>kuL^z(TW0PJLc|JO#Yi@6OUPyC;X
z`tOw;)siB(pew7xs~dAwP(kYTcBMvhJ2H2`b2X<hdjvz!*?mh1F0t&7@Zu9>H(vuj
z4esr6BR<n_K1R|EDFIE9xm|7$?A(mLWYuTh#iCa<fBWiMO4fVD7WDQv|9mR6uyy#v
z%D#BfQ0<7dwi<0=%IMWKV)h=^sxpQb(Ud@=Sq#lrN13gMXzVvoa@`p<7$+L+5O!k7
zPz|m-6C7-3J;TsGFP0d4DtV@r8a_23(vqlhm=XvCz#bWK(041)m&RGX>Q&du4~#id
zO!9wDP3)wp9NX)E9WM=RPF$rjW=lORRcLI~=vs<`uuliA<vOr@>6>@yUpUm0^Hztp
zg${pCe6yD+IH*al)nv-OE*<watQ*Ya`vNQsz1opNFxia!fK-H;b!P=3_=p>}Y}hZI
z-RB;FDYZC3Y^(ddV1S397%<&n;n?p`aZ88BWcss5Su<wC5B=r}cyp-jndJE>$!1j}
zz36WTVsI}$5YH*D<MX;05E8jZ#f9%WJvW;&X+826OAabulzSBCtx8aUlytM!`8pgF
z;2c%lYC!-dJh3Y*d5%`kfHV^z)f1}TK3ZO{s_07B-fKUiPqjya`s7sj9-#5neLF(j
zjrYh?kOPuuxQP8`DH@qFrHBs^z&`7GUl*eIRJS6g!Lhv?EeHqIN=gZUZO_)uTa-wP
zN7IKn+JqmNrp8%>l13d}UM@ZBA2%jR$h1t0>s3tvQ&D2b&=5A%meOPs)b4*haq9d0
zHBD@xQ02yNiPs&eUkobu*3kHt&*~vDHvfm_E5<m=3FHHYW70}pi*l>4RiTDUpakiv
z%>d9G9oY;XwWp)4H_&^!co`xgt`$TZOm*Jlge5=CZzWJYSC&9@7MIMK?u?oj#k;lQ
zF&OGX3Xuf;B|OW@<;+nB93s`k0>o)^<zYYkGEL&Z*l4Gg=V7vQlFHmC^g|UOb0t1j
zKSBCcoPruTWcvr+KkJba>nO))7Z-AAE;8n?VQR=15=_MHPK=$mJqEUCdG^=tW8%%3
zyB5SFXPydn0fTa+&ftM11{4K&Ru?_O;cCe|DV};5;#ynCYN~c`C*2>A+sVw{8#Cs&
z6irVuo>!{*L{P+SBj^y8n43oT4Q#|860@-ISz5Lx$rvOF3HjDM=yoiQ#JLIR+{y4*
zmIeK2EXra^2e<Qu{}>}`7F#3+dI=?;K1#hfP_Qe_<@qKBe>J}PbDriZ?ckcWwi&>@
zrHSjuPv`Gi^i$kx5-Gv+wA_de{PX*<a5jL%M7}R}K;%z=lcfyAYBc~kR7uyZm=VOx
z6|x#Qn6vQ(7vf0m1`@~&DKkwm36VLziv`3G5wHA%XHkdR$U)ttkbD<orWL%XnI#Fj
zgUqp&RY@!*fDcpHhGIiur9uQpKls!(4s6KBtZA6uT}<@KbO-AvbP>n2ygLJp;IEMw
zp?Sx2*Y|G~!SLELMuoqc#We|$#eF*=8vW5|E8loQ#h8M-W7dLJ;=n8qW8Z>vls(>X
zKdqt4D$8=-$^SI`ie5B*()8ZoR0UgaakO!nBD5b=W6XE%(q*DrYSYD=P?%54*9Y;B
zi2OcQb_z?7OWxYfwL82W{|@}?DOB*5hy*lC0PWNdk`1@%sO$JQRtugM%Aad)1i$z`
zgX}pgjcDQ5uj3<H5@_eJahiS8<gxRgVc3j<U}e-WpziLYRlnv{@j$hOf-&`_tW_ry
zl$Gt;zla_e;lqg$oVK=UHEblJ;Z!0s=Ve#<*4N6|GG9VXfzs7h_rO;AWXu-D;mrp^
z@)dx6Rb#U+<G16%mG@)uJ1U5<jXeBnD_#)qAYNCW_qKuf{$PCXH9&08P2Y`0+$6P=
zgJ3pE!uZLvFto6NinhX%`xZ63y6cOz$x0%8)ZTSDwOHV?gwJ%sPDn+vw2kliJVUZv
zw7y41I-frOQEB~9bsQ;x4!6ZIqueRa6m{GjVNKUMukRKs>?wzMHk9cdMCCh#2~I?|
z*cA7TIkv&|SRdVWi8dTK(IDIM2kH>#88~4x<n;mUXf=NV+GT^bc>-(b2Xa3EJ%KjA
zfjj-!aUS;uoxqiqn=8NT<975msc?m!)(66bgeB}a9s1L0q@+t>QU<TmL239_1s+Wn
z0=ax=a_12seHLgsCm=G|Yz2@x?YA8Z%muVB5i?(XN=V_LVWh&5JH<mpwnp>v0OM6E
z&>o1weA6cxuJ2#JIW~S^M>w=Jp7JvScq~UhV9b)Q1{GR&qjC^bPGs<@jVxEVG{58N
zv~*K<ft&*1Y%iZP+I>ero7?jo;7*@w1;X$1x7=I{u-WUaM`5CqsY_I0mEsUyzBA{u
zwmp;+e>T#dqXi+3TihH7>GDJR9BApmzA1S~^1q+XJh*I;z@266e;&^}Mf=j<?=8;0
zF~^c!02W_xCw^pAlic8BLy}J~vYOW!DeZl4wXFKToNX5hJw3~b)HXyvkmV<Y7~}Ei
zCzF5S7Cy^5Uv=RmO9{HYT5vYKhyZwGn$}n8(n0ldie9z&<pfI#nbFjY;?Et*7G%6Q
zxx0dDRLe}k@cHe|?NORtnwt!^%Q$=NzFnU-PdCrB&{cmbHr@5D>`EeoKb<^fT3!Ds
zZ@A8@J48n*Uy9Uno7+9FwtL@%Kvz5$(!Ua9dfe2Jzv?HDw@UY??0UuEzizw6sxnWZ
z$`+$m2z%Y%E)beN#Iu<$nOVoXv)RPP{$l1j7)>t3I9N=Mc6fL|l>c)zq~PcnosTR9
z-KLsRDc8v?y&Iwf@$UT4-!pu{@&J^Z@t?{BuAqGOBwarN-JIljflZ$cSwJU&+qN2m
z&psypx(7z9ln%QI3DzLu4>YX+(}EowFxi?N;2AlVKxFZT!`OqR8n=YxuStQtX16X>
zYmJ|FSTsZkfIE2(azH0)K_RtrgjzFs?Pq<=z*arXV<ZnuORB?<={UznB`zJh{D<GH
z5Ct84S}!swG3HZ1=@ZulXG7;>;L+2Os~do^dV9lfd(71ja3Oxu^Z27Kh~m3uHH}?$
z{-%o`)Fq}X)FmbN-BTp*Bzk;c{_F><?u$k1^^C(-?w(V%)_tyS$+qTj8a<FcRl4H(
z4cOGQ-v!*^ZF3)`YUn#R<iciLqBMCWC9i~+*^Vb;R$E_7Be}x5hZV6TRe@6!XFmLa
zwFoZ3mWSxTNP*LaB1=X;l~T?mgf*e6+@E*+D%_DtWUi+_U7t`dPg&JAcNgs6&yy%H
zDO$2seF{lLXw=Jam=5F;Al%=)Wg7DK_K*53)v{`NMt0O!?d;m}^>t`m_<a$9YlQ*l
zgro4Tu6n67_6N2pAbiq~vOm({GCNeairA@Evk2)TG#Om4Xuz`pj@7+GOVIjKQEtm^
z|E!rxYl#G=PTH!CRbQRXp4d9vdIEW4r9JGrqA8*jnIGd(#M_nMa3f;;yH?QMIdZs)
zg?xSK<ETFo4!a0>Uq&Yt;pH+7JiL|m<3Xmx8I@Smb~OPWLDR0+#)xAEhoIxC=qJYP
zsTdd=gi_X_gg(sI6<opV(o8s&L$&*_fWRbq>TccPlUxz1zk6ITifw-%u;C<LsZmCQ
z+!+HWx!a(8bIobt_@ND5g_X05=d*upqZBSd!#vV3^PJ$vL*x+0#3zHeDt1^o%r7{d
zpUX|hQb*P9&Zu{!wCUZDcB0(zc|z<XMAAEUikv)lx<&D(ze5B?MSW(I8-W&YUSGg!
z8ySyfkz34ys|D6VHc}(SSl512(}^S<OrmVh4&-B*l8bHYuPJrRyUIoaIk4e}Ftk#u
zE$>iVU3jvoz*P7n614CQBl6fxC!0?Ja?<!VPL8zOY6rU!_~acNBDKFQMBuIMws6m;
zvE0w%*bs>5B4Wat#MK|-FLB1kyZa0?3L%9(60G560`zkm@xEHJBWGvhKS{xTEQ?9E
zud^Z0Ru)Lh&{o#6uiXPee#be;1PLQ;fZRwBK=1LrOoMA$D1JFhTMW>k<y5?HkEMYa
z^UYW`F(|R$ZV&&oA$C4hR>8doF&B@>F#Y#izV9G`l{ms9+NcqwVktXHXdG+6Sn>dr
zhQbSsf;n!A*QFk-k2fg-9VVMBlDxqnq~4%ahbKjQK*^x=v;cStjhs9=$W!+B1xZ}H
z^ierUDAnp;{4zS}4Vr>wRDxvEoRhJ$)qb!i;r@IoY`?`>V23nfMVQ678m&w4r4iPM
zB}56--(-GRe`&)8EtYjw#p(~z^GNo#>cv%0YT>T_`=6qVD>o{z9;s&fg6?O>4rxS^
zuGWa`(N5{`R1}JhZ+JBeM$zRtib|Gz`$o3TaMV~qn^y=9hDM`0=7@_#Cewp(P?ilD
z;f0|J%}SAC75k`PDC0C(&epfuQ^m2BpqxmPcj}YcCKsKop7aH9q3XddTY)QeZwk|-
zD$HR`eJ#FRFi<FdrP+Dwy@!GJw=brWXu=2_DwE2QiZip;$+=533uQ7g{7~p(84+Zo
z(rikBy6|F+3>u3dsyQahIc#=0e@<jGh6|P0P9hZ+2PFqRc!UV-Wa0BfTD6b^NzqYG
z9IAGsG^pqI(PeOJni({tY?Mv#Q|8qi^|ITzOkK;RA2RcnJJ%PB*Q#k#m^(h?(&S`{
zW)``1Inu8RP%|=#dh10bq#2a*HjP=qtyWF<4Y^_xQvOAd{%+t-7W-t%D3h18N0Tap
zS+JE0NuVZqozLqQA=@<{GIv@C9kX-8z-Ko4Refwpf=ns8$XVtaWqF~pRwT%a6WS6b
zF3NuzmHhzG#?R11wxnb}rCX-|*>|PQ0Oy{POO@4*3fL@rcal|H=FV8dh;%e}TkqD*
zc4Ec}dj(R?LHvlaBp2Egx_>+yH20XK<pKL8(vbaB7$jIhX%&*i?|`mZVS#>#Tdn?-
z-={l-Ug80N_;{l-*Ar4mWD6U7jEPgO>ESm?A~5T}(_m`Jy+t-^2DfuFWyPK)SS8Xn
zP6-cx;w>OLanvHx5S|tPNGwIFWv*OEHv~0bK$VijG*k<CnBUce19i7g+{?R@C46Gz
z7_6cqt^#q`A2Bt`k0^eL@tb9{Z2&bP&Z?cQ<Fv;~K3OuaxXa$`k|K8zL^JbYa^cr)
zC1d{V3QB~N@wbKYhu74k{n$%KAx2MQpva7B4TGWPuEUd9mqH<Fom(k!jW*z3gmWIV
zwkEfoTRyf`EfMzr;6rU>hv`ujrB@0f*Y50ukeS_iH%0twEu(qTb0;pHPU}vzn*R}Q
z-9%6d_0W3nEtpwC;jGI3B0(1`M5;I{l+7G0r|pArMVJtlQ|a#QhwHf~UexJjVpeN5
zKYP}s)x~9IM;LtyF2B4%5+l8!4O20cI0+lO8(8pVku2WPrXnyJKI7G>8xXvNym%&k
z>er_08QhVrbG}tT{0Q&ei%AK(Xlx@h({HhA=C7%_mW9<o{X5hA?x4AJ@ny069&7!c
zM>@y`f(=9xGot7yd8z3sdL;6V4I^7_^v?2i2vZSj<$`}q<@WXVqhGWM3VWXi_PmT{
z#e_D{akfCtxr>Q)M5VChYHD6=qr!n_(s%yu!zjSq@G|(I88d70l5T$(udt5xCnxr-
zDCV(WWbku=QqYr|yFzhfv^d^K+K->|-q&G?a#deZ(}iIN^iN=^DwYLNMZUgSa;F}P
z?M);3J>+LXbFgNFF`dM@&SRsS%A)}kA?d_FNs~MqTSBiT0C@p+9D`&cEdOq0WM)g7
z5Zkc&#8tv~`|}S&T!nNpVrzxSa!3FO+sF+_)~sy`1G{)RhrXS}!%W1)NqKV_dlLZT
zJM?|v-b-MpRzq>NKJrh9C5UAcTNcYY+8k-RbFDJW*#H?k1V91iBjGk0x>%qKZ)x&X
zkY&0#xL<Bz2{BJUQVcAnb_-RwQSTse?hgaqQ>|O|ECql3xFuZ)`D>bmFjOfFXz<Vp
z<1S}l|EQyt_E7#%vy7SUw7bi9JzQz6^7NIy^S2YH?ofi)J(?gnNC7d3(R{OsqVgCx
zUWqEiB(5Ld$r=mEaA*6>SrQ1W%{VaN7tp{|K8gOCLy^9j5n;5jlMFD+-&tgH=KMYp
z>_^F|8*f+m=c%1#lnr01F(7TL;+T*^0q##?_$7mnBCA-y)z578ICx~Kh&Tjlg{uV0
zZKgQ95_idF3O9APJwb&hf#(V`FKmeopSSE0@4>w`B-gITh_G}ZG=;}PYAtF3YsA8v
zU6R_F{Osn!XzLu^9TylqJ5!)AimzJbW&XQ2>$iV>)#gu_(Cli7NsOr!E)7W?u*aAv
zSb~sgDo(L#BzTF%LPm%Aof-l*oulj;p%f9;)`#g`66;Kq>ilB#H^@4#t$g~Bme#Pr
z{8}m~1Mi>o*2%gRiw%L2*b~N~Z2+|f==0LI7F9Nhhr3?QEAgg@M>9^JGD_`husSOy
z8c%db{h<+j0$Z8d0f?)=TA^vL+`n`Y3^4SKq6q}PW1&EY0RE{z`r@)|)1%!lV*ify
zHY$0W?Sqxi{nh5j<J)Az&NJU-fJ68@TPWa)O_B)P#h8~U#Dv={v*JwTMs{dvPu^~<
zcTdP#-UDwfCQ^V$&l4}vqC-(2U2YtYc<wHt()CAKq3ldYYoVpD6tjl<gRcH5x6cs<
zUQ?G^$t}Xq`|+6=>B4VNT2NL8CgGxVs?1Q%HCl@1vZx>8d7EV8CBZCCS+;p~eO*WZ
zv&u?ho4fMj7a^s4;>DmXH5I!+L5;!R5{pM!n@gA8O%jh@w5LH?Gw3NBMeeGi#+2&L
zACdICjEGCRvnRjKXmHRh3Vtt#XxK9AjZ<LLpECPL1PNex5p!B~H@>?3(i<yVz-eX0
zX;@w#OcN6N)F8KHz{4s})dWvz(B5!3M^wZF+03Z|*L*XQ*>02?|D`^winH(~D~hVW
zJe)*K^=hIsAH#uONCZc{V_;8AzZv{!rSq<tPOSKEBbhb~ReTk-Nk|#>2%|sZSi<d3
zVL<Uz?5yP>=Lz7Z$Su8^=YAd@>hulI)Z|ALFLCnNLUJFtYtv!uj3B3G0w2ttCB*Zy
z&UaPrDZ0ZzC^J@-BAcmy&m^-s3ZgRTrj^E^bTH?0o1KqT`bJoqm)U$SV*B0Nv|#?&
z^vfWlKXmxUry)%1)&}wQq4-SfIsZ1}6%Rd0?FKthdcv`Gg6+0l-a?4izwp4O$qwR6
zF5d{xc!fj#5M-lGu34Xg`vLQ{&TTzvkQ})6qVrq-+8Yqfq!@|G@{g@Hp6wb+LHrdO
z1Jg?U^rLD~wg6Vw8-d<w|4h>knMFtsr$PZta|oJ}Qn9$MD$JgFrGDR(xr_m;z6?TC
zU4^aRyjvEXTbOPC$39r=WoqATviVluEX$7M_MD0QC}n^yZcJ;yx#{K8M>^_|>Or|o
zCXrcZd6|oeM)-h^S#cbNPK0a$An_vE?2mIN2)MwSSPL)F3qoSdAMP}i(S<pfW?5_&
zt@v!m@dzVY!c^wfpK=E*S5qt5b4mQekn-S*{o4EpXT8`CHRgSSW4k2^`PsdvqskC4
z38vW%LNTM_go*3@=;YP}9woEDTG>M-=&oDQjA&nH&z=jP7=0P99o<G}a>2Omtepjg
zw+sq9Upc`en{$Ql2K_OQGp=?o)tftN8!38)>b&sjIL4d$W&EwnTQS#=Ao=EdOe!jF
zXa0L4HFT8>f=I$nYsDj{@1cFA9XTM$)84j~yHuc#xyr%OI8TJ*X3#df|1Lb(_>k@q
z#gFTXr!IrNh;{vHfuV>0>Rcm2mwfzi;quS?;Ft*U`aC(Jy-0tr7w?i`f*60m-w*zH
zB?2ji;&>WXA##xd9FEiAXNG^S^ObTe<~$y_C{^GEOLD5EP?&boHkpFiG>k@~sl(3a
z;M(y51h7OUXqueK8cJqbKFbttTj2RDbTw1Hc!{#9F2GTrMlObkxnCBGdhG#|%oU0%
z^m(>)A*8Xf(2th_0W^@dk=BMojRI3t$1=~+if~_YydB94P9X66bfC=S8<O_g6arHd
zg7d=!u|wp3*9FRc@hhJXenP)E=}cmPp&~}?7{EOD8{pk<21C_orvu(0Y2{>l<cnza
zM6&uYn=Rz-o<$qLt6+yC_QSBBqZz#~;AI;)@f~=%+_%ljYAj=f-Q}7ZkvY_FZZ!0`
z9L+L-9+Xw(b$u7vWgZQ5)aht}h2s1Hb{q|SdU9O>`jt8O0f6$=3S)W+Jiwi%&+S?p
zGGO!w&-r~V_+h+)PsY3ICFGayEyhcuQli{+K>%v~Pv$=A2$oO&GL&1Qy%L(;5-Ic4
z1EI3-^s!foe!fS6WmDJhkU-ef-5Mx7s4~i>M4xOTnma4&J(W5c#39nSRe8R4>|JUB
zfmG259_zU>1N=Y4Rf+@-slz9tlRcbgFGD}@mq1Wd54iQ=c{=Y!UB#Iq+@xz8C@v{V
zR%(-1#QcFxg82`bsu1c*$$QA#k~dEfWm0+S6F!8q5EnwGLo!YiLV<GpTFPneaK>9l
z!+yY$D4@EwR_u@;4PDK*qpG9zH>Ky0>j994=a^Z>quk`KIWT8?R8>4Uf#d+2fWJ4I
z2tMhN$@E2_-XB3g(#=Vn4ka=yyv<g3-hS-r-|@02+>X|yA?0?MXJPcX3(e561s&&~
zqznLcM(7h5dVA2M5|a-BdMGyjJehm+&(_hvRda=0Bk#5^mZrF%>R_Fr6%jlmc#dI=
zRr+<^EP74J0WQM9knhs<I?doHIN_-M3?upRT4N@6sRuu;sk)E`D>-5l!C5Y9RKQqq
zcM`$b79<`AIe0A*P0+rszY|z2yOTEuW6O*A2tV?Mo4w#FSuA4u?G`^ln=AXp?U%RD
z6&}fO7P9@Mf8UX#56ZkRbxs)>nVD+0Ka$P>er>>g($-Xr0QKlAE4M~~U6D4Pz#a9+
z+_#G!l-ZC1pcei1h2PDgbOaDp$A{h?gHWe}@zGX6m4);=7Obq5+VeS|&(0-tncX+{
zZ=ATop`Omy_Xa|JcB?0;urA114*;t<I}ki?&P-v}0P47W`PEd_VBUQHo~{$nLU>%5
z?^&pQ<wJ;Z_`pc4?M46(aw~WTLj``OtIqe09V!(G3ciQF2*daKc+)_mvpCjoEWShV
z2{1Fh?$j3zYzZO$dp!cg*R@;^)Ysub&Dt69O^vyb3UsOojlhWrBQ@0P);UST?pVUO
z2Kn+2VHtlo6aB+}5*l*xh0ppMgrQ~I<^2@h7!QUH%1KfuHK(3LmNs8BlZXn8pL~py
z<UVzHSO?Wmpu}=ZWVw7Mg3-WkfTX1{2lc{+J5AYXpLr8EIP2fT5$$jn)C<&R>`_-d
z?eC;hH%Bvm4Z6xh>4_m-D>L>~niO?sW5jC`FzR0~>u_Yc!2#-J|BUN?%@{+%G1~q@
zXL{((b}~@3Qzy{5sfAj0u48)QW@r2#PA1n$+aVa8oLukB@5B<plIo1Vxf&$`GXA*o
zU?**=X%C&3Aava9R8><Re->&wK=4_@`D<nX-IssHovf_EeD%8@8z4@JJgy(!7f)1`
z!3cVe8#b(%$l%3Z;ah!dk>$7_vm85(!G9p-MULS9+Vrk*1buXa1d%=s$JXnWpK42?
z{h5uScg%zg!tR)DEqNm?|9;d&_S=NRl|Bz771i;ftO&BysIGUk5IHzMevTNif2I6x
z>+Gzb<w)Tt3oPbwTp$8c;E#*ZFhW)dXr!4Qnazm{#n*SJFS+pOWSB74!9kPJMmShP
z6WV37KJqP`bA%I}aX>50ny)ZGFSGxCiO+;1y(BV;-Qe_?XY&^c!QEi6_+fu*w03&L
z6V6Y|Ig;hl<%tDev0?@4_K25ynZb!Uhs+eHOgx3dm<@DT%k<mPCcSiRcj*I|Ge@Xw
zqgZEpjS`o6>+ifK0x65#){~x6?E1;Q1QQ}?-RweMzrIT;I1Y1u$MvTa8k6RqqU}yP
z)ZJb2feS%v)LEo*uA5S1VgD#(ERiBF87?~Fo}pzBDv_E-!1ViL^STOoN~Xy$>A^7N
zEe~rU9VJ+!e})ahBWa+Q`EXgh;{a04t#X{4yM@EUSPi&DX?`F9bUGHDpiLpF2XN0^
zAZ=AM@`7Yz8Xw$6=cqWd^8GozzPq11QRV9!N6+2T|D!*cyH)1;>`c>)lkw5X{J?$G
zE%avk{O~{5*c!2NkfR+2p~K2p&#SjOd%6xB&BlCI1<}Kj77ebGIP6<08$=e59qng<
zZBp2HXzfS-LhQh<Q*Wi4rXovTMWBzVl=_FO%oY09syZn~@{i7NNDFdu0ClGC!igXy
zA?UZ9a5Y$~15~SaS|FuG_C82>3I?unR^q-`{%#`=zJYGqmQ~rWPCgC@k~L-oZ!?D5
zq^%@~BFMe6!2}JZ{X~EA#Dzz*q56U01hV?*qcD_+%5teGw7uE}2j(Eo>7I*N5B7fx
zHN$YbQV}U|#jO`CTM5L?$z;*uk)u>QAq%G2N>UZ^mHbWW7ZXlNj>6R0v&rD`%??ny
zsgc=;ZL@h|NQHW#JI6Q@`+Vhl>+QDEQVH><Xk<_|4)i}`X|vQT(cabuA86>j2gl1F
zoV5P<8{<rm!}i#r<+Do*J5k`J46!$iU7I$ICvsJtrL?J+j|BywuYHbmPA57j*FE8z
zX-;c(DKtg&m?ZHvYscqfda_&pppMSSZy<57=v1r5$7t-9uS(yZNUbUp?Vzq`L^Q#V
z!bWvKTS)s??Pw-ffvGHopPvSCKw%7=`(VeFYfmP(C{$dLfSr<cNsVZavl?J4!VHB}
zYe0{zE@qCgLe;X?MwZW3M`b6S3*akKKU^;N(I%Ec&^%C(1Le6pS^~L#pVrMPaR;>S
z^YMX~Vu)3<yod|w=`!Hb1QbRMd-J-rCtqBzwbwu(CWhBo@+c-LDth9!P{T&zvO~n%
zRblsp3s;`GQ5&BOZb(D*9#w!2_TciVVZrAnuUc=<FO9}za<HK{6{3ukRGj@%Z)(PA
z8k`?RZ+*@%>9F=FQ7@EVl3h`2bu3A1OwZ6k?N^X;Izk+yT*-F{t7o^7r`GKXQ63w<
zNrvcq#J1vk@+8YkRhnPdWN&>l(fT+lg+wVSvuxw(NwxcF7Cg+|!}+)x-Y%S43mY1n
zoxy+`)WxtvjI>geW=_OmHM_y?s^&j;Yw}!la?DOW(#jQmbNlPlY2clH<URt;FR@k9
z`)0abrWz%X14H##nV}fqy!23Kp&_<=tqS9&*2GivXL?_<pILnT(#*zt>0CYNY=yv6
z`&4$9f|hS_e{!%JRkfH_o)t@?kvei_7FG;17DGrQ+kzb$-nq$fD1D~P1J?MxpKLQ7
z#A9qILDY#=7k}__TV7A=FzgC{wO^e^Yu(8{6=TW*B&6Wtj;??Cy=K42Q@xcpHcM&G
zm>ZMy+v&nRQ^6qALaAqEq&+hDum<m-Q6a!y5LrxRAiZSx+?wq+;?QcmGCc2@a_lxP
z-3MvO23j(uRuWEoZC?3tX{(vZ`0DYtK7;bFgU9K=*!|xe{g5W^8C-_m=rUM_m(Nwm
zS9j}x3H}Z)mt?Eoj0St$$ytWq6Uq)DXjgpY$tg9vo}JG<L3G70pPgi(ZKTUm74IW7
zOSnu}zdc20{~nD(GG<nBUA<NzueDJ})r6#^k>%l)$K)J%$LPsG#p>gd7|g_3k1=;?
zhBflVqLkCbj2#vON}1j&-|{E$Hm_tgm~&MBZIIZWMW{<or$`?(?0Qz3(->Hri}S-z
z)6O=*WQeq8t!>%=33k`W>L{nWWY`D;i}-{1mecT7!`gvUnqcHp%Ob&?^G_<*%DJF9
zu6QG`HSz&bE>j7|?ZnY_;D?unF+aU|sjM6>MO9$7wvU>LjUK1oR|y&(byrc|Bj<uO
zs|xE$M!TNH$z<2juhfVGnsCF&X?4#r5B+5*4=AK50=;CXX6-VOsZni1u?SaMCo{tE
z8L<S4AEDaUI_%a>!U_BqVX~%N^xc6-vnuw?C$%+UDftM>gcQ=S0mm$unx3|*yLHnu
zkrJ0tBNIwsrvPQ8Dg@PUVi%4N-3rCImo1L#FfAB3p3~J~#NxWA0dZEcx}38tgQ6SU
zf$dOfvesz%7FeNDMQ<{fkaS}+5B|R;*qAtbmvWVXBO9=wX;Q?pHB;T+-0Y1~<%Vo?
z$##|0Li6#%;SgN*cKaD)iUKyc)7g`R23H<aWVi=nkC)nU9W&MYD@!H{QVwq?=+L{a
z?6TG9!dXW%%_eCU!*S9n!0K^Z)YKM@xhUBkeChNhIrReFVTgv^#n~cZ4WODfa~PhM
z&KMT=ALwG;m<p|KP$C?$^AEhPXgknr8oJ#~j@3ljm3o`{C!R4}w(6o}awFl;N}j~e
z_6{~3x3K5&nd;f@ZVq-(!4CEez<)iK(K7#aVA;z6(erBiuP4+9m+^Itov!Wk`$(d#
ztOtC{0NFysOWhbmX$|4I28=&iz|JNEPWbI*edMQP9G1Sn>UFf4tYsVEl`FnjUmgZb
z=pJ-5+)Zh@Rbi^6w{D2RE~_#76indh?opXfI(w*8r~Q3Ne!0kg<8dvpdxXI4SX|<G
zPmD<&#MnI-y_X7-sZlLr?>0i?@d4E*8K7)3PpAJ;SWFMb?dWaePM|kz!S5#SyyDIL
zww^UG=V07qIXZ1UrCy67)+-&N{%dNEt{dy2UL~Ib(wV#{Csi21kpqs?-3k-5@v=%L
z>aocT-f%JCC`<1zdYb_uy+jsHwK8JCl7E{3^^t8gD!tDXT+zPVW-ZDp7p*j2CjK5+
z)ZVDKdN$ggB|(I;#!$T8UoL6o1;_nomPExe!^l5F$*Y>ptY{i=^3j}?HxHw9=ob)s
z5$(kc##+)9Vg*8(ABC4@7xk)$lUUdf&#8K-&Kod9-K8#W-CGts`WBR}YY%!LS^Q%o
zC0b*sMeGvyG(^P~+3K`zduJKstunf9EBh$Rv($D-_%`e4m`UXP$|Rd>4-)l5aDIu-
ze*)&Dtuw@iHX(~N8&>?B{+7AfAJEEr!R&|Cha850BIKw6k}59eKqMDb$HjC<DzEAb
ztRg}zt<SMshjv|YA<2I&X-log3E8AnEm_Vfy(OQ*uwe9#G$r=1YA<7(LCTcTw#==l
zKSB(#YsP2DKH+=1w;6hmSOg~|tWi&7`IqZES&y>UDrj{?K9gV{5$8r_bY4baabTZ;
zrO2d0ysjQ^;z&$Pu!5fA)U<JBX%|>VG_sMV7`1jRFR+K7(v|<s;!TmWT2j-*ko7NS
zXdlgx7eyCr0>Od#>Ad^5wmQj5n#`*bbRGK^d-(c*9dVW*Lg`&{SX^haNz%;PLemjW
zvnZg=U$T_t)Ip8L1wDTyi=svbq`d9C&~sniJZUb;wBW?5nJbpu!%h)&dRE6Rqp`0^
zFHr}79ufwL7qVAwCi`A<j00CZJT?)Y$ZJJ}A;ov7T5+6)m|4_O9CS$YT{S+XTqPqe
zF0Zwoj(6;`5wWbyASOe1aZ`(UbF-FOG8!K&2~zfFMt+`#6D7HdWrRH!TDEBKIX651
z-;VpNf)fT=os6L%NzAwoxF$W8NoL_#@H9@rl1<l9KG-E!*zcWUNR~m*@a|*{3bd}v
ze^jKmt0dYgc%qCe%YxGFKtA0p7>6@bW{9V+Db2|a5ud)J<5{LHvS;7Kiy<6VEM~C?
zLe50Y9=T3=j-1rXfT&ueb_tf+>%dTJ++*l;E2B-Of`WEPGUW)$h^>pKVouG1)M#jq
z{vN8SskISG+!nny%h|>@($Oh^1yM5lhT3b#eJI{>lYSD6@RgQ7g_L5w>3bg%nWh7w
zQyK-s4;Qhk$6;q%>7tm92*-8@<mBj|+ocpBEJo7u{Ebv8Rw4DNRLP1Lse?1q-L`v%
z_`}D|ou^rbP5Rs7S&NyH6evJzZpUeKbF&q&y_<0WjP+^Su8mp)03&Q{Z0=s|D_-sl
zuK!Q8p6ZwkA3`hWknqph3oH=w*qu?qT497klGY%GfR&Vpp`!f|s%rb{YGeNtcLd0&
z&^PMPJhUBE<P@1J?IQ142ExncmpuvTHe@t~e#cmEP(k+Xt|#cOT|3JjKHS*Q?T)%9
z7CSCf`I4xY(>{!CO-56i13im-d5h%aEf1x&H@Jf@^I*S(w;*4$<Q8C;Q<c`5G(A0e
zVThkC(G}*@IGfOI*_Lgxj>OcTqPbGe=B&!50v7X8Bfi6j+eNUuKqOQgNWx(@oyQz7
zWfLx?JN*G~eXAx~-kHGy+2VV<3a8o1W#o0<r$F@reH+1wCAV(RN2-ax@sxR-=dMgd
z)S*ea2-FzVL#k6~4QrKi?vNa$#edOb>(gcWhlFO}ZuJY4#}GzHtvSB<u{{XB)+0Qv
zTk19VOB?ers-#Js!T9JTh)ueb<g;G&ds5MNN-!oBSK<bv`y-?<ikE$1rZ)1)US(`|
z;Qk)~+dw401|>kMDJDYDi%+@6{7pwc#i#dCi)pmBYt?55<^77J{j|{`{Jl|mUTwA-
z-?hK0d?(V)@0zX3{`cSSOhzz3$2-AbJPP_vZ~XoD7<kC<dg1rqf3w{DdMBNl38%i-
z`lj5d03-^+^8NR#`GT8ezg#_N?lh{0t;2Hb1!u(gFdU!gurtPyCVOP}n|fncoc7+f
z`e7B3v!y>htJiCyI`GF(4)vAYYpEZiD3!;Z(Bs(J>WvI#Y`*dX`&o?}^W8aA&VJML
zjwencj5|Uhc#Wv!t;SKs4NP9eo@sa-M=M_W+4N=xE*Fm`qdvT0WT7O40m&sX%JB!E
zBc=h#<3Y|razaLu9?2RBOmz+uAV%fs2pL@(+k_=xaF+3??+p+b1wfC$Gp%yOs^(-k
z3`XNU7*!aEN`3<Z8&r35#Nis1zi&4y!19k8HF(&qHYz(U_|ZJf0hMQJhhNvLyICkD
zCqBoLWdLBVEHN?>dV?N%nAKHRK~b=_Tw?Dnx~guHEV+X&ZMVg8p@j98JydYJrwKq`
zc%7a%3LSoMncgAZjjei7DeqPq?aH_9>cL)JoP}pTmWqG#!|?Z9qiG@MDOI<7rc-68
zk0lcsOwNy)JCt-{0Lhh30J&^})TyR`T+xY7zVf^w_826VbK6Ynx@PxdkJk_2jm8-E
z|H9{32Nj5WYR{i>N2Rl~dh{EL(sSj3hD6tfk@jqI0#8hjVn|Og3gNFrwHyzs?+k=+
z8b!+Sp5_*HMyHc==>eGn3hB`ojlD}Co?5xn_W_cFZmb6kBC0YYzgllMzdP8W3IMVt
zQpcmtAUyZSWAfS@h%Nz}j#~;NPc;VKcRGEV$J*p1$0B*<hsz;XB9_D#K!A-+c&pHI
zd7>*H9wN!r>d)JU<p#`?ARHh93=HWw<2DV|g3}5KPk$C<1l@5HQo4O~nqwC$h7=}4
zAwpee58vnB_z>E=i(=E2v5x>G>WN$*IhfBtf*22^4gl$r(mdG~1udEvl6vO6)9(je
zN-Z1O#i(|Jhhsrsu)3_kpzw7=Xbj4LQ#u2sTEcV#c-y@345D#r0nngp`xGjR>{G1*
z`Vpa6suPAmAfQYc+APX8@cS&sEU>t((rMunMNgUQhghok5=3_WsmIL4L;)w)D-)7w
zZCbEpc_4>YFz)o9U5vdjr<Xh2d(fog=qo^r<wY46P};f}dO2sU1kW&y8VM5fW4O~E
z5@S;KWBibm4d0jFbo@RFph>mXACq#UaEt-kl54EKPRrRszTQX2{nPVDX_BD){lptx
zG*y-a5JrNe{4#vpzBfJ#rc{EzWw+d+&%EgC&d4Xx{k9mu0u2KZ{{EnI4r23yIjs35
zG6x<j(>U%MSt&8V<VhlP!tmyy9B-IC#JLJe{P|ps)9|f7?w%n=Yn^b+6B0%o1Uz(M
zts_WX00QUN<yv(Y{_a-3-LyU()Z4q|R(UfT%E-~Iyv?J%z3NW2a?ol&gP)ZKCcY`p
zle}JGjK{s^beF}3#rOcg4_D)Ki^SJmW@Yj;WNP+jSiyEC{qg2yxLRT(9p<)hJn}lP
znSCZrcwBSHRBMmC(@4Yi@)d<^T=*ecsHJoEQc}Fn(RY-M+e$Fbnd=#qf<y!OL?WYl
z3G*;l6h0_vM}319wl&YrnKQDPVvLNpeT<x!6GfcZOx9%v+a3dl<#YziwMqoO)TWr2
zT%=@ku_R;7yP|{<KQoj64%w7k;d5GpahVC_Lb82MT#1ufOw3Ho{odC7o{RG>tNk>C
zv?E+bQ;L}kzqdPTR^XJ@EFu#}D<turc1}#`oO*cQ3&YN-H&;N928}r9ELj;Llx273
zocJ6uRea(kw#+W`a{?v7@_>}z<fqwd7aF`QNSf;w8Zk?cQsNO}#R~Y#(XdCsxsZBd
z5Zz9FsMbZw2o@tJ7hC-#D@Y)6BGRhRJcBtnIBh|zT#$ls&5x?A*WLvQZz9w1PU}N&
z@RfH_d6&U&ARzCQYwi8=&I_0pa|s%>9PWH!$_A`~fx`i?tk~X`Jh^$avr}m{na?k9
zC9o8t-LFx92n9iw+*C!Io=C<d_HYA9tCCQR_)-+bCN*;bO4-5irqCEHA!{)%_+xa0
z3K4tO8T9(zh_KCQ`lfn-8ws(PVY3NRV?9(#kfNpidW7MA<wQ;`dbwZzwv8=*#Y#CX
zCv44-5*|%@TBJvnd`+&#P@@M^D}1w5jl{zzJ?wzls@{S3*3k9JUCL=$sGLUxR!S{2
z0bm_Sp_sFkySZpukZTnz5qQRFKRE96W9j86OqjnSo^PbV>5SE+Ik8w$;6oF9x?QeS
z8Z9%|Fc_+(Q|eRyWPpJks|P!^qg@!bSQ{Q3u|bz%VpM%cF{k+oO%<6A21Q+s+X1}z
za5j4|GFckF4SN1bYH4Y~;(x^E(ofFD=l!Qoj)UICQ*1zDDp!XFqQlgr=_gAB?8y>A
zmM|l|h)e}U>zz(KUvz#q@!^rgLlA+unWPk1kP(byWh+5~gBaJ$rC5BkXyLs;+z`O|
zndGRafemAswCi%fCWQ0LV9u{A4I*MvY(5&oCmO5x0~M}r9%#{i`KwB;e(*d~%oRwE
z9ghax;YEhCp!lyd?RsGsu*Lfbatl&_Otanri3P?|d$(3=BZ0STm4hUuJ2eIXfGpei
zPVDykNO~FZqI|GhtBA9GiZ7oNn&O;`xtEyqK^*9W!JrM2Y#U>gP0u3LJN;q9BdMT=
z0_MVkKm_4;tA-0l2aO5{*p-8w%5J1V$;gUjr>BVE^Hg}-`@fgj|G#Mjz<KdM3(Ic&
z-}U0^ef-}$xfBC$>v^R8BBj{s&t19u>nFdakAEX3^9{?GGyd0Bm)-ck>!sq#{rJC&
zYw;GZ)Z(JRc~{_k&Wp4>zN?Of_s;81P&+U_^VHrgEZE}-JN+;~HA{%fC2?49wggJn
zsJ$1Yyz&tktnxsPg5`(k!h}7JRB^Brgw>r-;1D7iFBz0f#!G9LG+w$@+}tiSXj)V1
zq7b9cIw34|fq~~!sFCZFjSFt&2oUDm(Dn>0Dfx?37qO0ML2o;!0VSgTRhm|PB#LnY
zkUoa65JMg552%G$P>VnHOnMr4zyPuMdxTMBp<wJa6p3H~bogDP`us%;OW6sA7bE}l
zY%DT6S?q?DMT|8sz9KdxV6FI1r0=4fyA@vBf&_|rSwf_L{BuZ-TVPa{OitD?Ryz4X
zO0oE@m@n{4KOCaW8lpA|K8!~b58q>x00GbzsYqjF<P{q7Ql*8fYsjY2oC#4&DRKKU
zE!A9$sOL(fJ`do)l<ET0)(j>jw6;K%DUqy7A>SszI8(d)5rnhc8?!cNSb;Y(Gqg-r
zE<{zhq!xb^j@!JA$ha`RMU)gN8<CvkcNll-ZH^xFVh-p-q|;GC+#QWl;*(BV$cX|Z
zME&vWoOpxbgNGfcR7R%Hie5myb|PM*8Y9hgn?~Xvkl<~@V`h*?{S={MVZo}|8+@fU
z!mM!tA76`nUZgi+-3EW((8KqGG^M1)a^45DkH#6R;rxS&A~ef?r)NNznA~`YsHgNm
zW8IFGo>Ch4vzzE7WXiF+D{8%k`JB^xMhS}8Tyj%H;!r+xj7dbQTWrEQ=}45vNQtq<
z6{pl0y($i~$#hT34BY+RRw1I5h9jj&*U(byRF3vK;){l^)=F%=j}qG&TPwZ&3A3n7
zR3I)eQTtOcP)iIIGb_crh2KFm){O5oumI}@(5Ks0i&Y=Uh3LTV%iUi)*B4@d8{bZg
zRA!?@NpRuhIAh=>XTvHw&s6yZtL650qlT)i#A-gd#Twd>coUuQD{JVKv}gdpw5aA7
zz+3e^y>&7LQ}=8nI5<GI6Va4<OSFK{h>uqX!^v2NYVQj_ntK(&@d_R(Nlxadi^Sc&
zTIJw*>&3J&kuy@ZzB{bg!@=0n!GxrDCiRe+O7G|BB&|mIpjj)oD!cK7(XI|A|NEm#
z<GXgV)u<jkx6+zhIwXlyAZfGJ-mkP?)NQc#rjC|r^jPD49KEY+4Y$s@7mc_R1(wkG
z5<k9*dh3Kl(34D7z{C}m?(7mNkl1n5dABVIwni7yjtdP_sZLVfCgCuRn<gw}r}J34
zlD3Y6U<~N&45iShpL0U0CjlHOV}lSI<_+Ft(qB~$YZcr*uC~(D?w2o(SFc`WQ#f!H
zBp#+BdI1cPCSKuk?TF*UBk6_>#zkn0MA;Nb142k9-#I2(171X;3eTfZ<;?4>sf~m8
zFJHfcHwZAEA;b(Ie{dd7OyUA(pjselfk>9_pM+`s&^`5Gagk1?_(vWwj`jTIYf$E|
z|3}{G4a=CP|0^!9#Pomb%lGU5ySN&a=at=RYbBL>8Q;MCUR(Q1WB=8B;Z@2t<=-Y1
z{!zKTTWx&*y<TdkfBD3Je<hCp^PpE+y2UbZjIXb*PS^hz-1C1cYlYGSv3iSjn0oz{
zkN>Itzu$T7;oN@<Wz6CK%gd|o{?A(Je*fogu1{G-s(PFBqs3*dAT6zsf^==OxR#(G
zO|`ZK5=$zj_U1p!z{+8-`W$4RefT(Tf7ZgeAhloH7V75?|LmsrU&vo)sTSHv?8ywU
z#yCmwvwGUE@1jj271u@yD-2SfmJeZ?s+4fkYFl)Mxa2G02inPk$q2G%<h+z!BAJFO
zi@;v&HkuK%GtmvsVJ)(_nlHkGf^|kon~fbKY1d5J)k(XQwEpbxjHH2?G|)+@<|SDJ
zU6fS=PQeB160Cwb1(&A*TjixvJA1YA^X3<b2AISTvhcThu+zl9YR0bY(IeKKe=k-)
z%P71;V*5q;ut6_Dusxpm{hrJTkg}Wj`$bj~fP#tj!{0_v;X>#go;DC5WYnAALb->v
z`gi-Z+AKGoS6bWYVj;hr-a=SA1d-Z-zi@l9P6}bDSYQ<Il-K;OiDgm8_x)q&jMYNE
zlS+MRS7no`#%Ro@KE2I~nZ;P8q|9DKlieZVY#&z1OsE!l<*oE*bJCwV>4Qz1SS=D;
za9gq1#j0B*Yf)TE)7hp$l+jq30x+V^Xso25yJ}1`Eg*={>xo5JsD^*|{^j@Pa`O9E
z-@l@FpJj}<S$droPdLALDhM1w-C?Nkv_OM@hx_BVMv@ntWQUSGs~(i7((o+)AflR>
z-YEW%;GqJ_hjM?55Q*XuCUY^XL6K<uhiKG6x5?_u91;{P)5o2DU$(#*OOnj(p>+Pb
z=a0nVP;xp+^FYc(CJqsrDa@RTUuKEAh*3U*rpCS`)&pK~0$BFH6rZ@f<(1eX9f08c
zwS=r&;sg&&cKcpu00cfd7mFw25zxz{d>{V_>EC`wbC`YZu*+b`q~I^_7bNj(s{EJl
zdBgB_%9v~a6O;c}S4;Q%|95gt?SEnew^PQ|*MF<4%WL=Rzq`0*_dlxeZ*BlIZ~U*9
zV)lQq{<t6icX8eJUIcp!l4QfHNnA{>E)`2lg*8!J+bnHtuB?i2aQ+k7*_@L}ZJN}O
zNXdCRSCmR=Wj`9*i_FOTT~^x><L2144OLt_l`@IBq9nK`Q!Q3ZyOhK{%2>s*RT%_h
zfdUqqbywPlAQa1;FtT02O^Pe@|LpNE_t9?10_N#|aLha7e|`Dh|JR*dw>tLJ_&3Og
zSilPFlM2P960m@c&DE97<&B?^1@O*bCq%Ow7%==py&b|EwQna^r0E2%p&ZQI{&wy3
zeS1|yW6!>Pgq!EQ3*Q;$I}_Y5=e_sXZho|h&CE@4H^_(E($c~SKjN_qX`<Hm2B+h*
zH1AIvP-U6df=TB+HN@w@roJhE2TS)>rLkAuiGx+!v$&D81gt16IOmI2>k!y-{j2Kq
zJX0zXy!N3ACLBIq(YP9*h6hW1Z=@la<_?e{vU3n<|M-b>iO}=pS>dJ0*zdQct!p=x
zU=#u1Py;)l^Uqg==GaUip^Q$^kfTxAufrr!-rbEi-0Dp9{ns9O=fT)(cY3{%O2W;S
zU|yg(?zX~|OnnxF<0#2ty&;pJDlK|{)Fjlydps;h?;Yz6_{8QK@R8?JWzmV5M*fwN
z0wux>YXC89GYHE%NmOYgiLAd$(x|uUJN24u+b9?Z-Jl<RS39LKFmL#1R1OdC+$twY
zlxIwPPGvcyO*#!>XO;nsVGwmf&5^b*uMAr)W%(lMh^Peq&a`2Rj0APfwE3pw)fvED
z2qg^L?2)K_4E1=e2csmJofk(3UsZPb6kM9lwL-r7S8VASYrHl)#0p>mXXw8mUP4y<
z$8AxF>g2Gxgc@<Pq<vRpP<qLH+EDa5a@%cP^W;BiZFwUBaE|;}TwPhS<-by)SXjN6
z|L)?tRhAUVe-YXIENejKUXuZccdvm1@Q*7CfZT}NmH_9iL#LfEFigxN1`|3anUcXo
zX%%NS%%vlc=iw=t`t`jxUf+SN4f7<(SXu=+=>P(~$_es#>c9oz0^ut2?{)yPuvuv%
zmnvb_F^L6<ggCf#4Smz_QDT)iss@RK`}MD38fjJbK>#Q>s<rQoLgR++`F!31GU7yB
zo}{)6NM70O&(GK|c}?a2db954Wz6RPE5*WkDQ^F9&;Re_V*lS-{S<Tjt;rx-$geLI
zmX}HeGz>x8kb=d>A1#?ay)VKg<Vxhh+i<vzF1&lT4{nm(Vf{1qM)n6x3oLHrCA?N*
zxc#X!97!wjFd+}{wYfgRBY)sYj>D~@<mNZL#fIWZYAAXFyh^&$iCp-?^=M2BkI1tQ
zUE?-zysgxGLCe7{$3Yam6vL4ppfg1;l<uK0;}2=?+#8{LBO%I%=$o;!UuislpOarZ
zFtW$SSMubczrs3+KgzGL<cdBj_fQ&eqoKdO?TiLyMzk$~b*KJ52%z@p#z=lYsJE&+
z75!PddD7W&HLX9Avt^^)-O95g4VgXL(6v~6Pr)M$CqL4ES6ia$0{#CQZo<(5L%Gbx
zE1LRM3OsBo9ig?G)qlWbnY9)1NE8dD6|{Nbv9c2k-r!mVP3x887XkCbI2elHgkD3f
zU?vy`qN7w{@E2&fN8_q>HbQ4boq^!_HGnLmw?2qVsmN`SI>7+>#3QI@_q96IAY9+&
zC_Na7QM}1mZyb;0!f<>kGDBQGk>^f!B2ptcf+v1V2NS8vm^M6b49OdXL<u?`6F9o$
z98S$V3hm>*R2N2dPjsmL(kD74Z+KnLe*;-Md@7jF@}z7>PMu+?9T$0K;{!z#3xVt)
z1(vl5!c$Hl_ZULyy~!{$T6{VTV3nU?uUM9QK*3&_vj$EI%107YNeI*!c`j}TgZ>3O
zq(?F_s(3wYVTlS^$52VHGf2XgS$G^#%2AL6Ky7kywfNM4VYIfG+*-wxf1;*Nrwd*1
z^ky187jLD?Kfj5n@ghf%cilu?@HLyL^3QJ~YvS&_fwI_ZHt$?H7M;^Ll+;I|*K1Ek
z{+&0`D*T!aHDO$$xj#oMZ_v2Qv`H)8@1D)*lCR5W6oC1yL?!;6H;@XwX4^3DCHN=%
z4ZM5yDa*Ys_vGwJ?Gsk}ESVy?k>YBN6v>TbZzl+Y(kb!N+=kN<nTX@VJ<oex#F#MV
zV@GXr{T!IF%T7d!PI66TsQgog0g1}Gmas&?YVj7qPbxJlRaLA}m|#F-ep~y5gp~{n
z$@tOly@O9BctZCanJs$pWScY5(-&W`PeU3100Y%nv1=sgTAQ$CcyEThIq`X4x`@Wz
zA6-xM_Z~+t?e#1cmEZeXJ6foykOOCce;s%rn2d)L4ie*fVV3>z%;)eTxLBhVfwT8?
zYn`$g?Oz?#+t2E|-=(K+X^CJ2a28@;cPsQOO{G-Fa_2f!Yff}-(hYiEQvWCIs$FZ{
zG`C}UVU!aEwZeqg-SZ)JX$%F_p@ppBbDRC-6OhCXp+%Ylh8AJu33FO`30sEOFVzBe
z`Lb2--BRfioGw3Q#dHu>a4M4(I}{(^47~{tj!~k!Uw@q|RRNHsi0=fzb^@r!8`|_o
zGCc3}I_MTUgtuaH-VtxS-{(_x0ksw<o!@)tF?iGw-WwnFynZ+izPz1ECCnX(JIhn2
z5vSLa^2Yezlv%~@Q+L<-hCEExGm!pRun=@y;)q^y@B<4*>VvURsW+1tQG84MdTa<8
z5TC?(=_>BND87<&7gf0Los1Qu3Wj5RFIkkEQB8TuJJLW!l?WyS<qsT3c?9+eMvVC(
z6`zf`Z4^gMg^L&lA<Rl|WV8SyC<9DQJZ(jQ87O+1F$#Mcudw(suD0Ban!QCHrli-a
z1j-=B!dOJB1T_z<EEEst2eI@Bt)CWylSTA?jC9Yo6sR8?dFbl`dtSw(p$$xbF!8o9
zV>tHveSt?t!vNRkl1j<*4Fl3<6C5wWC=E!;>zs2k>FL<69Y_MQdaOu=v5xft#DYw9
zHW|D|NV1qXZ*=24m|}zq^uWjxgsij`M5446)#?ZB28jA;aa&T5Rfst~DwIo)(3Fmd
z?29jCYzp`v+U4Vrg?|Px8pE(Ny7-b>gIJ*CY7$|OVJwl-`>V_e_Tnt+(A!;}NnwbY
zNuq?R3%(S~q(lewoQ+H28rY>6X3xiy%{}cl2+90r3(+~!SW<zPo+*+uUv{d9DW=04
zP7m&aOWFefW<#$t>Ym9d!9tLcPOi`Nw1L*`CqTo_{L+s+SK?la+GLqF!ze4x8;iKw
zx<O4Jwva0$$jL0YchDJ)Iu}aqJ_Z22QHU>z0gpH=Y1`|MLt>xGY{4JcP-L>fcyytF
zP*{y=39>?!v-lK&%ZW<WUheQPvsCsA21<!V(qd0CkS#T(5qfw(3!5C3GQeVhUyg$S
z#IM1H8K99pIc9wJ>=@0S!iNdd0Rb=7`jM*)pI`c~@)Q{32RWf=&X~xv%`A4JKCC6t
z$eK7ip0mi#1%knqqeKQ{UFO&CnLn$crLd)D0-E!f?hywaaSFp^pol%fvyG%nVdfLF
zo%T$tli>QJ6MD1;F_LSGAcfLPA;1imq}u&Hb-5X(>5Y+R@B;jHwgr<J&BKs`a+MEu
zF+C*n04=@gsUz42!Pwh0MiVT&24c5fX^Mk-3wn0w%c=qf$=;QDm9j0EvNvg2BE|U6
zblxIInz6U&up%yfO6q0a(=?hApAsT=19fxlt=w(Q#D0`^0e`9e$sj~&lcg@%KkzF(
zge2&&+QY#d$esI;fXK61qSGA(VTeF5>1aUyB-wB+Orz;Kg(_l88>qIlAz6~PFjI&r
zW-0dzBPgeSbBIbB8})jBcC4Y(>)ntwpxxsyq9>suH)9P+z4+(F7_Qu#zbwX(XhQo7
zBd04f1~<NrRYGQj%ee%oX_%iD<!LXJH1P)j2b@VV#h`I$zeKci(>0w<XeQYB26%Y=
zjYiBnMXbW+;2A&)NO!x<F~P=3PMtfv_RjDyf-z%Fj>|^pY}xI$k^z$m&(ywiDsatJ
zWCB{G2F`*#qW#l>M@Hs3fhK3La0K>%YmXEE6czva@SR+6&L9rizJ73e`vf0@JqvR(
z)#d2LMvTmQCGEE&9Q)MW?Y3V=eGP+?@!QVG6Hy_Fh_I`2B}CX+GgoN%?f1HD^{g&8
z%D&aX;)UJL5C+Qlyf3sdrh_A*l+jga0}pooTqq*{ayLVftqgQvBPNm&Q9mAIXdYu6
zR}TfA^!37PY5?c32@8A-C-L*fw?#J=LnTcxmf;UCjhEY}4;%1ITudPlvPy<eZQ$_u
zck6QKSz4mQ5JC4f;+P?v;!5swf-((Rn3&K-wb`DL3dbbXCUF3d+Wt7`7(<r;#wpaX
ztT)YLI)V<IC2G<kRf)f5EUN@<*WxRq6{%!1PEq);^71eSY1#C~m)^clN*nFmYcqH!
z6`kZr_~;%^&}khbde<_Dccbvk%8WHqM+I@t(TZ${y#$L4MvdwaD9u-kC0dN&45kl|
z=(8f~ScpCWqK<n+$2!yr4tZE3n<Hq0o>jQq0GYnsW1KI%v65akf9CoI%Vmsgn}m~~
z)?dc3MOn4V;fA!0;KUj8byjZ-7<_ppC(u=@3bRa*%m(w>mi=<$s~p!!?F7<*WOkkt
zQDp5z%^a|sk?*~cENVCkaEnm*J#R4fPkcW5C^CoDT@IAyk3+PCfUggkA%6-4|B2*g
z89cb}_p<a-y=&{2@_-CK3;A9JiIjg_Gg*I@8TXWZJXrwAJ7!JrJ=Nqg03ryy0~%9T
z%L*GCxp8wab?P%TD3>XYx_jiEG7<a7@;nyCa(B;@@F}O{Ln|`;yK%Harq)@^lN&O%
zI-+1Em8tdV2L)J~`X?mSrwC+HHk)@63ez56CN#~?jpQ+_c9q;pWhakPX>({ht!-*8
z)1t*;0!VGOtlG|ox^7C-1X!kYEntlviy6ntEXuw!0kPV2R3>Fx#ze$QGe?;)Zt+E#
zrr7PNOmTxD%r(sp$!xJ(kkR6VEP5|J-b2xzy-b_5H=WK+-}5$V#q@5K;q2x{*fNzs
zDo4`(i;=@o9cff0DA^UY*&18399NlZ<d{-UlFm+zlQ2%JYMg{ov$gsp-VKp<#=xhc
zWiYGmDj?!H<nmjSV8Wu_$Yd{7txV1WIG)KIM@ehRcn*{wr{o}6RpxM47Y3Eb79I&%
zj8YQibD2fY=<yzjCVR!^{5Xe|X>r2hRD8e{{}u1?bZh)fu_gBKSz?lG<OyO~TbQs0
zXak^TF6%YMHR7kxn7is<B~?#e^{-Sjb}Kuz>Oo~UF|qon5|fXGXXRbxpU}$WezY>}
z)f>;MyStSGryTpEmF1w`f-gr0Zq@9MRu*<WMIXzxTKyZ<tSKL@yyVR6pj>N9|4(dK
zoD<VO+C{sbCuFUYKdP){XneKSGKw=U=c7eZ1xZiFo-S=SfczpN!szg!X41MRooF`2
z_%{JiEwOcy(G2pkq`q97_Flf4x<13Nu#BRy{|Vcy7)B5YOH3m}b}QMSS|(9e4VVIW
zKDQCSFD~=xfcKGHeTuF&N8;F(1xb#k^BSr>v??q2`w~s(xF-<P7{oONHLs)O_Swj$
zMa!gvo?_bayn3=!jVlmufZd60GS0f^l$=Ti`DmTecMC_Ol;oad^hsvnuG)WY&lUIA
zZCrExzntB?jJfgOR*G@|FQt3`FL!ax=P+Bq7d5vJjo_Nd+Z<+ZD{it|z*>Ip2HsyY
zuc_l-$2+=t8MDWKsj#vf8~@8|_x_*n<l-}7Rq4=(g`1Jy(Zc8{!N4O)N0_dil3X}R
zPffUKeHDjH$xfVZ-&d24^)=Ol)2IH)09RZ4wRYv(R-+6eR8uQI?U$@Vj6RmXZNDfV
z?A9ucrVz^o<xUWV^8NbmQLTc<^=jn?{4KZ2bkLSlY#I80iE>2XWYm#?X>s8<8L`~h
z97Er*=vJF_nC<#_vLb!RE^1NTEQUef?_Q)yfQ&C7BZe)+BNXPnE#2_y!A|XHw}OFm
ztd*vC6on9u^rv#&jl3Qpjo#n_^t>;Z<59bI$<iqpU0kMV9nnXVDG-Etze4Kk!YPeW
zj<uiyD&<SFFVs0OdBL(kX#hi6+n%ajRN<YGhv*4s_6P60$ZZ`qY6@fPqeoo=)z(<y
zy#w3}L!<p+P8c|p`&LofM+5IIZZ{Zjvh1Fy+v)cMn0yg{|9dYuiPF%%MFvaHh9vHH
zs3z&jV1hxZ@GRuH2dkU3z<nKD-k|soB`rQBVi0oKrQVI+;C@LY`e(RdSplC-#reKB
zItBjmHkgCAP`beKj90kXb?gb;ih?TAaXGZhJA-u!uAKaVKL%p>J$%!|8%H(eo`Gpj
z6&Cfcl8bI=YcYoJ5Ut<sM5TD5l1BRQ@<^u*M<`Qa{`1cTLYI%c=AFK8r2Vq-UQ^|H
z<)8xGDJLYz(VLt|N0GtLb^q{@bSNSGM119WLrOrt5k@%j240>|NnEe!(k&GI-aJrk
zU?e(qp{NkQ#%U8VVC^gOfF6RJ)0@YPri^QxBK@(CU=#zf7}(Tt9~I~lB<t|tdpPvE
ziWZ~f#^^U*W~YyToyuSV68aSxfypN2sn<)7{<#QdY+`s7K7pjlAtTu10FZAmhRh(~
zy<ai~pu&5TVPEcUhS?cxU^?PCA@7BfyrNz~qX4b+>eBr&gCW};V(04>lVBNjisvXL
z<uIze73tKb^`d*=s8_U;X<G;apl8$=xG%my#WCjAY5Z47@Jly>Uvl9)ROk>PS)?OI
zQ~=h8p(3w*Y#Udaitr{M&}rlxsC(XPLr0v4L?h>+qK<QAk7)uxXTNb$>7JY>b(Vw>
z%@qj#YV!p^c6)Z)l0FS4DFsi`22&IS<E);{okl|n1gY^HD}eh#c|e5rM*YBog288L
zr24GHl;_?gR?$?RB)YU~3*v`3S|jWea&0|=LU|0yQx(Zbe6f}os$|pFXQW%76E-gV
zS8;=%;#PtynI!pH3ctKQcniyFk56-Z=&S<xA&04$L6?!peSMl#A_^0vG#BKBhopPp
zSqM;Boh&}JzM^*?y;O;&6-CIGCSAg-(IAJQY>GmtRdTw}@9D#;%2}#1^&x};==XXp
z7I~U7rX8jivY84eL)^TBN*-S*4q-a+kSGk!VTAOE@&JK=c(qHGxJW7=QbgKztNc}^
zm;pLTgN(Be4W+<cb~oZ1+Kz$0Fe1zRD;+T_gD}#mg=|i*v=U2sp{yKaK{g+oTbO16
zRMG-D*X2zjNxFxV@XWS<lum4ELt}J0!Dwb|qK9&w+9ioi$+#br?7KFmFJvrJa5EVj
zt$lE`k7IDPP#}j0EXq;&a`%GdwRi>5+=<0XkK?Wp9VVU&23TojOA51x+8Q#=OZylJ
z&hnqD=Ae;EHtM{EUhsKOsYDKTX?ToIUlx&oM!Eu=k`iJ|pV#Wo%C%<oV7Kxu=V?F3
z@I8>{AK}kK(!1EEOf##45QbCxj(`zWy`ROmYC)%`nUx&0xcfDlz<MlZ#M+0{Z5lO`
z!R#)!ITZueTpUI?Qjs!-lZXYDb=nV(Rc~R?q@BvM^3GS(X);fu^D<!a+F1zOZDB=E
ze7W-{OV8p~W5L*BBmlYtao-==hboAUa7(VF>&f0aP+JDTdm?yE$!y9;Twt}#8nNW4
z94!}fsuWFBR5*P%zBr{vEKqG=a)}AD4`SJzZR6w5@PD&qDvKV~4Ed6Kk5$KQT%O0I
zRenmAmy;%;gkvwx%wx=E_>=S!u4-fo<V#I$OfR1};s}~yQUkJvV5RIFFq44<s1TIz
z4c=tZMzHcUlVZk5xV_EZ7|d5jj;)mDg0T>f1`{Mn*XST1xSFIYjx1s`FoWSGLQb2>
zO@Giuo5M}vTiO~lR&%MAq?+RiCE_ZC^@kyA19aWFW94!`QZ!=6)C?yUmsL&_auGz*
zNt^(??6V-T$!0cMBayefGDSTMLwiPNm^<&GWIM?m2eD@KcUJu24-o^vj|Ki;QVRq5
zWV`;=t+kisDRi%bbuuf1VS1)Fe<8L#Xd2N%r#67;M{<Sa)z0c)%CQt!2hwGEGvOpA
zPbITVONkEvx~T2vDKWyfH3wnN2piEP#yq`%#8m&vm<&y~S3DhPuTt!qi+Q{Ba0W$?
zXiL<?O`~Z+S7y2u(3aF~v7?a4&z5uza>CPRG>=6K5DmQk6?PRtSyG4o(4`NnP|W&h
zcz$SD#4HxI8xU(Q8V7cwEpq!|c(}S``wah8yKM6b^9~*o*Gf;_Y>wGxdMHbFZZwhx
z;nRm<yW0;!FVVm|nkQ#)Cv7QbSp1{>&rn&qifq{BYg5$8nx0S$>whZOl!p;2kW`Q7
zjJX>EYVTsooNKS}E;Av9^VWFgq#v75ev<iaK_j7y)6Qgw2KH=(g(@{A+}3isOQK&{
zrNU6#7d8Dt?_B^T*0BXBYXO0cNB;2y7lIt^1`q##t^(bt2slWr3iTG3|MO?^nt-Jn
zJPUhr^G6Q*MAje4n+{p4PHUe9!Ryc=ZEE6`_ecOG2rLrFBH=7&n9K4;#EW|Ut9Gs2
zY$b9FEr%$W<|woV<s8U*`NRr`(DODerww`!d{gaI%JIfeq;t6J_AuM$LL&}#%Z=Sq
zK_zdtj`sFo*`Bb`kfWu@^eqolzm6!5Ys?7(@7i1jfV;`*R>0a2oLah(H!6B|R#wmC
z<kAb(Hqmy1Okk5_4(29I45RTFJ({7)P^I9&9!R&SRoeP%v0IvJ|8ocSf6L2m{P(rx
z^_6@3pS!rE5WZio9&pfQZPT(_*()E_TJ7kQm5Rjg8EMl?lW?>|Avc!*b0cpFsA*|6
zUs&p%`uJ0=1=4!yD1j+Q*Nw_fy|GI(a9Zj#8l=RELUzTrIE1$I*%ax&mN9&jYu5OO
z`6tYuzrJx9^Tz*5vEYvX)%AP(zdN};O?}Eft>AwY#Fhr0*W*1BRMeCY%R4VBC2>3f
z;YfrRFjJnVK24=y;NgNDbv8WQl>FT0BPHj<&UkS(UnD~~nn(IDB0u{<=G)xPhy4K7
zh@WMeFWR;00Z71~Wp-+KYN44Giz7Vx32y+H_s;90{!J`OiD;1o$3=Cj%!G*`Q@hn>
zYo}HzAGBNL#`8+6$(5AE3_>e1qaM5zQPom^wX9<5_@{MaDUYJpP0N@U|GQ9HcE|tP
za`Arr-^KMQDY4|xLV36>mwL7W4_CMO6f%pwpx;;FE8lg_hkXjJa~5c;3&E$4(V|bm
z@K6J!gUkXPjxB4D7)6&|#^|zZONEuC5(b*xT-n$xtbw#X0vR2axEx>>cc%8ay2dg|
z4sb2ChC%8{^<-avWK;I1sfAB@OWx-Q+$Yp9@_H81a=+Z`$$eE5dY-n5XM7&U0UKzI
zY@C9TTVS-2Yd}P3dy{^j!kmc=ty20O+{VWJR_!Tp6a?cemZgw@`^S+^lHh+T_oMOm
z&hsiRiFd0FEqtY(EGaZSmD-NKT2}a1dClYhKqEIUV;=usEyVc$%6j3R|KG*6c#BtR
zaZ&8sJSdOvs$+pt++=K<B*3g-C&aYo!~nEM^Fp!cgdJZlZZ6wl$8WV6DO$A(@;tIl
zwe?3{I_wPnJk^W5mB>W!H8G8BW0WkMk}MnsgV0N-QqA&VmDGJzE*DG5v*JCU&u4Qf
zwXaWboG%Q8K84mN-h4P_O(Hz>0-6@MR`7ve<11yrBRGBj)Ej4BXSEVs?rh+3>esL6
zEv(uTGlrNkC*DMPITIB1MrXu3rSQQT0fnpJHCl~eJ6UheU-LM-Wm75t1kEexBsNT<
z8AwQbWNF^JN+W>{QnIq}Cxv<n8CF8(8}TOeAf?X!7)p0QT281C&jeh%!pf>Tvq757
zTmS0Md%jHK|EP8Cd*h|sDg&AP`s(V`^*>w=|6g4xtv(Q|w^e~z*IzmRpVj~0RGuwX
z5B6?M2UqX^wUyPC`~JU+>oWb{_m6Kx16S|=b@+AP|95d+rvJlH_s;u&W%<7U@8Y^_
z|I1CAYn5^3{x20)3+wm&e;3yk`(LNIN*P!0|I%`?aNqxTab33mgVE`==YVUB|HAV9
z{C_9cRr;UP4oAU1dEKk54zDr(*9-Ua|D9ad@BhnB1y}F?mDR%i`tMGz>-YcVwM5tG
z|K+uN`R`7yoA*ENDo#30e#-w-=S^(G2s?QC{!ekWuvT*Ve|>Fb{eJ)FF0Nsx`x?(v
zL;vQj{>@9ZyX@wzRLVam=f~K?c|XYS`RKjMd0DMj-gP|+0%3i7r{Lrzq0CE$hSd2N
z@J~~ff2m}0kL1#+dEX>z9HN0$`?xEx@=y6^ozU+_XUc=o*3_i6;Plj+@%?ZV4876#
zVk$Hn|A2hLDh#grF}}H6+9sc!OD#R(<M8I_L?f?`kk}C8vktwHdr<zdv;bi~fcDT#
z0tkkV7InnmK_TKB?^rr3L#J>8@86;aa>&{`^E;=3I7GksWamDd9QW~TeZLciPF=ir
zV{gz4h0z}=JnjM&$7mLWDhjDY5x=DgI9X57(Tw59e?xA%_zc2{k5NaO>>3ykOB|LP
z<$d0M+9p@s&;tx4y)`d;`RHKh1s)kFw_Z?oITjR$M6-;!P@a{W6|}Vwx)Kt~aVNy^
zk8=SW*6X!)v-%Ge7XY5AKsPf4L1K)FPXt6MHiqOU>*`Bd<;>7AY-$qV#+LT4V}p^k
zvM#95A>;#cBS5&j$DWcRcL3ta@#rakXgGvMX9ScFC`GzCI=Q0W8b{A{>JCF2c_-e;
z8+1JtD~Ef>a72K~s0B=fblwClbTU~;KSCoWml;7~K5;c3UC>{3{%UCnyJ$2H1yPcG
zD^Ws3Nr#~%JRaehEbgHqHV)O{mW-y%?3RRq2jU38C);8$>Gz{u(<FY8*CthzNkbuP
zY?U#_vy5C>>Z^zZ@W2%Pz`F9UOqvI3I!X)8N5rY~x=4WX3sv2?E{O(ngy}{|bmI8f
z^+%V5rN)^H1}oWwQF2KzdbDXcs)O*%eCHhzXQ;j@`VhtmJ)H<jtO5f>q*7EAc*v;Q
zXz1_dUl?lLvkb?t*$YPJoroHRmz`P2V$lT_br<w5Ps;K<TOP-^jUf322QUC@l5H>I
zMbTX*9RrZo)o1D<Q;39g+iCHI3E#!38tjLFl{``w{ve9ZNys@x2Dzxo5(+n#@Fp@b
zWGPh92&Xgh?jX;22B7yThe7l}d>926nd}T+fSsA=BXqiDR+A8m*rIG+g5#%|_4iK)
z!3f>{B~}Y3ZNKYf;<Ao1r^$%~$wp1?5;;@YUQQTtn{GGr(~JhML2aoDYL>sxae_#q
zK${J=^U;POiZi1Sffl0Cl+cRvZS+*aQO?kxoIV#A<_IRUCe?H~-F4U!<q@SoEa>KQ
z0%IzWlNsSuHt-HnYS$iS&&Z|+Db@NMAs+4X6)$E{@Z~E(0gtxD4-t^4hu&``60Y_c
zi^qC#u9?NnFwGR2Ms|v?BjP96Ts6_JNht{d(5#|9WzvlCw2@Dz&XcVVwkpOVNh<2c
ztH^#KV)N$Iu{iSj9xxTId(A24_PL549Xllbvbc=~)98-KcFrT|m<EUx@;IyDKgsg7
zrs-e|xxJnxW=o>bq^Br9f!c*o71^?q+VXm|5TrEBn{0}mF_LueBm#Aj?1##LPFl_B
zy2-C<4YM6pi*avO?)YNt!AKzj2*<mfaVLY5`9O<*_7IIKAT#2hP!3IcHF%{ZB3UVx
zBZd<g5FnnO6Ona#8OoV85|hmsy-lj9oRImn>(`x;k9Kq!`Ids4Sk;ps*hY@Wu^~*R
zr8@@l_?L%jcKTtJ=9V2G{tSV$%=#h}=cS<JjSeuXt|eVsun+5v)@5OHZS&+xwSJO`
z6?KSVYqJSusdIoFiRT(k;aMrE87OwPs|S1aYd}SL22C`l!fiFm2hCc!Rhe67)u9U@
zu(j&D^-Y1)qc{Mseb9{(@rAeEasJ(TpVmSXE)c{nzmK${;27|Lr^~p<ytEsSI)kte
z!@6fAqTqsWgVF0yx@}}Hg&od<!kv*AQmA1!8TA(-2~5iaN<R>3TF%pnEdG!NNzQ-m
ziS#2n<e3u&Bn=%iqh)5SA&FRT=_W+DCx;@KT1^8HQWqjCP@VdH0;WzQJ|rmO-#cVm
z9X@@L)1UZ>R-(ZG<_T}m8Aod_H70{#yi1O+l+MXodmwC{KpRj1wkeZdGN(gojf4?v
z5mngW6@5laeEiA}=KQR2YGednHSBjlsC>BeFegx-2YeL;E?6?|oOMQacC1=F4cguU
z;5@n~DUUOStW#axljD3iIhJ;{MH}+_cr6tUzA$@FeRn!lb5p#aKf9d)(i8|oLH~`H
zQ`{GEX^v_K%KO-0=7Y>P;iIvBh=2oYYkb#kwi?xg=huM#_Y-e)!K9D`y;0e(w<_%y
z_2#A7v;n+9q3&M5oH+w_d3U#QZP?{rZ*<r7E*~Lp{_gNPommF)tA*y~)9ZW$Q{yzq
z2L1lw4?^Xr?p6-2-^?Qz$Vt`NsUNfe?sZ$b!y!+nHC92dRSurFUff&+kj2%!!6}ZD
zgc8Zs)K0zrRrNZ}c|qYeq2598+V|4aC7Nb^uk}s2ap^MDnT0sO=P>hsQ~r+KW9^l9
zE)Nn!<E3K0m;h6WU5$FHzEiJV8X_W3f;1#V`sl8jWRA2ew2mU#8t?nKZ+}_W&G&z;
z#dgy6@4WMWtIO-FvHjoD{rSH;xvshYI~n`^{EJR_)^xUJ`AZeOjhfq=(Wj;fYw8~A
zrM5cbd&rmB8NGDUy^abDB==G;x65gc2fd-WD+7v14~xNxjDx~jp|^g&Pv_;yX;yE>
z1}Ew-B4<0_vU@Z1a8WF%&AcW|wa{UxQKmqiT~EaoMYVMzY_rOgO2di*PRaV(TY}zL
zzE>Hf4v<{B!Rj--0FE*W2DlAl<&^30yHv196=Bxc(^QGcWi-0}3P#S(rcrODF5#`N
zJ=#i;JD+Mt!Cs@~?42F06pCwYL$%?8^^`=fgd_TgLl2;H<S6_=v}MFWFECxABGw_d
zJQSi{MG}~ry$8Njz1DJ8OH~tP+jKszdcM=^X@w`x;~L3_BV5jzot&U4H_Fvj*Z90N
z#t{h%Q?Xp5bE~v>SyO%)6$1F%u6H~+wO^q(2uN-9MlFwCWYJVX(iGQ5=L@~@b8=Ff
zN%I%I(aAaGvdTuKm5o_r8&jmslBE-Kj<!M)+=#W{HQdui3}qr@$&4tFQ8M!LDg{58
zjnBVEP9vj&PAJbOI*+3o<kPGOVjRfkEJllN02~aBMR=stHniCYA(>*x$pr=E3Qd;6
zJkWFrsW<j+Iy7g}4I+@LVTrT~A^0`gGkszp+1^WyGgW8kaS?<ii|x!9g~?l&1}1?+
z%KgEJKSxtT%yz-rOVsTr=A$NDfquSG%fsW|m#<-b(3kvKCp;h>)K)gNfDjg9{74V+
zEN2;TdYLlX_FPap6NMSMp=7jAx%&=jN}4qvS;S*aM|%54H&`xA)I4RB$6riVMw-*a
zvUHoH-7GZ&n4(2$+Agp$we>Ri5Z|jO&(Rsx6=CIkIKIeaO>F??%fIdTV^dY9e@yEZ
z32_{hN23lvd|7xE<(3~ga)7bRWx$mPtWDhjyUhNVi6m$5%jgf<aI>ZrgP!gEINjK&
zr>EdpQmt|&t>?Eazn7mSb_c=OKe^BZ{NAYN`=49*{sml@S^tgOa_`}qWz1RsEtgi-
z-19%nc>d#l{rA&fPrk%GCFx9WJ6+5d(!v{b1GK=~PFI`t#f^>C$BV`EmrqkqKH07B
zpk5L8q82;Dp*TExR;%ua^y1P|b21S7es>hGlfW>CL51^6OS`RIvKTEJc7>&UX=$l)
zkcLr6fqplamT2V_P6qjIaK7|UCC^*xjeFseET~;-m-6r;4V93u(17I0CyR@6Ls@96
zgJ!gqV>mEdT%-(=w8{EJKP{s2>?sR%PnN8gb~;+%J)O5y&RbjD5kSrz32{{W$jui_
zin1wc#|cek)S#3NfLth5Es|NxQ^}N{(39B;%To2plJVWnLK@kphF>t%1j2-whRa@Z
z3y&Hi>rQigzptZjU9sNMHuefto?Fe-0@be;Na8~Qi*{B+kqKz}>h!aDy+X(BOoLQW
zl*?bS5qjfxZZi~zRkU{{j2~!Sf|@%YhFXPyQlXZ6K+a?zbV@ZIUbRWe<aln2mJ63^
z1vX$|!76(Jo(<rn4_c%IXcuS~9Hq7K$V#Ms_r$3LBsZ%dnZc6g1`aR50z(n)XrBW`
zVDxf_i!93bSL7zf=K0e{JkrcpX3e4!ZoSyyWl9BdBfQ*Z*-MWuQ8FU>$&zOEKld#8
zmwU~U|MoktJsb)*En|-SS6V3*UH>1D{$BpOi%Ys<Rb9>g_R!tlD!SV%EQ{jG=1OU^
zRI=RdrCO0CNh+nHGkuoXsUPfBpJ!94{noY^w?Au<kJ0_wwvaztZD7^yZ}ClRb&-mF
zQXf*d|5>ZF+ResJ^ferH^@m#ZS@farAL|d#j;giY=o86cUYJV#UHR)W!1^qMKiV(q
z`<3j{u|FU=v<qJwiQh)46o?)4S|%|nkX@2H2r!xo$18bEu0G4uJLOinRy|NaF=|CH
zApc5=0itI>%vh^GU-`S_LTF+v=1cj<lyaxOe^{+m>W6^x#h#Ixnw}LbcS?uaM(wkk
zQBwJ+3xysm*J_95ov+HzE6r^Y-~E&RKoku$kDh@n1}R}BJ{$oly)!BTy_U_vvjH-j
zYSxb$I~C4kCtXTRxd&~;jgHSUP((O6!6KF((S{?!j=*KJ*nLg-xh?Yeli~twORKuY
z&oVN!XqK>-`mD7n;0J(^<cFTf;onq>e4cLt<w7ESvxy&C+0+7VZY+8t9sc3_m*2lc
zITY>wzJK-oD|$g#=94Y-F6|`VNl3k8CV#>OiKnV2QQfc(dJI`ri6r7b0G;WFtb`Y3
zLa@J0rJ&85sfE$GSR9?ih$gjg{u+h%_<NKqee~uGpSaJnTS9!FTIdBLBZtfmIdj)!
znbqAxeV7$l(F+D1I)6t}0|I?>LOH3^u={1F!Ka-#J?B#?iV`)e_V{56%;;l;MfC<B
zer|?*$Jea+p9a7U^gimEbN;)4&K_O=U#s`~|95iD*8d!}_7*qNUq1c!v<le1oeNh{
z4DcC6m2i&`Uj5PlZ?%SUsv`sZZFMG6^jJ@@o$mDeX(9C$+v$Az>A(N?3%6AXssKZ)
z^!zbL=y)R!2H<jj82B7~+ts&lq^?im__^)6Sx2<D(-f&=oEEg;-cI)rIZKc(o>E5s
zYt-v4oqT6=>2MUB!rGk7ki(^~h%GUQDFB{T57I&b`0NJ*?0b~fX6A*-@!EM|+L)Rb
z1lE~(Q9e#j$&32R<jhK(i06ba@0Y$r$$HCqH|4F41UR*zo#c`L+gQ?PKX6CC-?G2-
zjZeDcZ+|dUjjiV}IQR6J2(QL0e&WFZE0erB6RS~~H~pz5<6q}P_W<#H@HsgjPt?ho
z<ccRbV-GDVbf#bm;iH!H9Q_T<OW5;3_GiUul=fr_RRb3AhfXLBY7^7S`AMf;#c3)j
zAxO0rP$Eiv^M3KOA0(9bDEQ0lw?hU7O&yMWJlr=4y^~2_hE4JYZ~Rd(z+-=0ui4ak
zn*=I>frx{rTo^}C9hj^Z7M^(Bvp}4CVc0p<L?mO_qYc4lKiIF{r<W445xt(_Si~Iq
zDLFBqWfUdWPctAB`O=y42!8Y~IU~J%vc!$P{lU)NOjc7k155N=PindCx>+4P<VvE<
zGDKG^M%VN5jwBb=&G7L44luVP(S@56*qc(>{>#Fg>{A1C3YUaEQW6PZ#}a`i-+rGa
zJDoUc1u<KENk8a?W|#b0Kf*`Fbn%P&{ho?nc%n5r^tkYZPzaTGs{_0bAay}T4RI#}
z0|;%WFJLm@e7J`~I{1(}n_nqq9wXw>Bhs;qc%0$)B{$ELC0RVzZON+K6IQ7G<W%+C
z8=$2VlNBuWuRa>@fU0QP(G;a<Oj6VcwNQvjoV=0I(L@H_HyQSzVMf2X-EGpC?7dL-
z9QB3dk*L0O`oXGQ&x19;tPcMc3Dx=O8N{DOS4vM(gsg5bywIqMX|>ZZN4OvLrvOBf
zw<90BcRZSSER;A9$8BR%-h^hoPKJcQ<RQ;k4UPJ}_6EGbWu0O2Izv^?h3C|cV7=5@
z(O0iDw3jbG`$4^akMFMvZ)Xa?9SfpCoo=tul3fo#py{0KN6ZMEjTih+|NYOcl)1xe
zmj2J8yc?7;Xa8@du)6Hpe-&5m<3HZXbvqHW*mNSY!7_q>wNP~>-MGmZvr=lF4A98N
z6UW~8t>+EcYFC;*p+_HWkAc6+bo6G^I(w57yPbjG4@7GMG<-WTz*4sxN(|dT7CCH`
ztlht8QzU$gk-zfFVG24JkT0aaA&ROM{v;vJqR?I5xZN50BEj2JYC%UPTUan6js5UG
zM=z9{7Jin&%YG1~tvMlwW~7?zj5}zy)845ce%Gizf6<~7uQ1V#{L{0s$n0cs*Lh_T
zx1I&7|Ih;-GURlQa_(06M1Hk?fO(Ywnm}d0ogdZCMy$*rH~y@Y@{`;H#ILCGrk8#=
zL<K>J2a@5#Nv9ur_yODXp0S`iB~NoLrji)UplgS0bZC~7ZNl914W=ArvYV78ql1f4
zhAag`b6}s*p=A^J8HQ7fpmusad9e8`_a+ep9p6A7a0Za`@H8urC~VSqev^>9%crt2
zz?uo58=Va|Dihj=#;rsNuty$isZGF>QQrbM=rv?2{$zsDN4tlBNTezQkjM;-E})c~
zruUyg5-9e%qm}CxG(1%80(89ea2g%b?skSJ^3Bl&Il&CbA11K{8AOqIMjFH6F<VXN
zu~->&+duaE{`dl(dhBEq?b%eU?A3e$y+yt8$-m}mz6iYctn<bXMi^F)=`w%fLs1zu
zLUJOF5K!TkrAnY{jW%xXmRqYuj-$6A<LfEmPQG2x&)dQj2vZBx2|D<n4i=tHEy&}j
z`L5LXSc2azW4I>$jLM4iq{BiV%|le>-k`=rKlM+-^zBa&6f#p29d<Z7#FO54Q;r+G
zL>4Xicj7n6>M{Hxv_@ni`p)WzluG$(#9GV{RpXX_hC?6z+@i|;^%Go4^8fFHp?7P+
zA0J#N{@2QSaqZs!|6N>D`@a|5Ea;nYUA_NTSJv+1zud_+v;U8;7Uyf)b@l#VE3Dm*
z|2w(n^?%><LBP$Qjc;HDHqZadDtvSFKc##BFL!f2!Jd7ZdV*_C_%rs$eeWr(=g5vo
z`~y$|xnP!>m?uk|AoV01U*IMltn#+gxRPD!hGF_?YGKlcwSONL(TkK~5mRi6o*#C_
z`_z*qdWlCnxV+Sp<DhpTj!(NmKNxMNKi#7%jbF}2_-_~1lHLewMys>qU<AwF?Sklf
z{eB3m1vFDD(bEuC#q<QVcrwP!3-A|KPJRD$u&v<W{z*rijl7d>b@cG<+qcenzF>5k
ze)_~eKTSdIab)`yj=HmRDYIz!vsf%`<WK#Rw5oHu05F$2d>Com!&)w3HMz3W>U!*-
zK7DdLt4EFjDyB-gfKd^CjM#=>8jVA-6e0Jl^t3Mie&UJ$2XsgY-wfeJcUoCu=#9=%
z?E&41uSfbIo&1h|Lq}uWSoXx^Tpb4N{MY|iAbNo~K~LW3Y*Zxm05Tm$JQj<H%8Ls0
z_$2IzAeQ4i@bRc9R@6s}fZ#k2%&ImSpaX%!i}6`7NI#X2f}as2x8|htdv7E<L)28j
z8fQH6pyqv`oe3;G&uPW%$xJ!x3xa#o!M0!>^P(QQ7?7Ch1tB1-A4Ir>W<Y*ahxJiS
zg(afiinHaPEDdFUR5i+?E;$_e=bk?T40ir2BH2bO>&kN6v=Do#-x+sE^M<Dyhk+l8
zJ<N!y-wsHd;KiWa5`uHM+Z+g3KK43d0HDX-;0!SC`Dm*chCyEJ1Vi5wfS}F@)}C+R
z#|d>rFG!-i$vL#?7?nZe|If&$szwh_e85f6n{>zFlO_Ktl3ggzp#DDxUBAO{GAfM>
zRRySmBD{Cr`LG{k74C;m%clVp==G4o164aLL!E)Vz(R83eA4R-pdJD4LjfdcDQb`Y
z%NwtcsfS!z`y}YYu%~)aOU#M~1E?yj(*Z#yA`BGdg=l#G!0#fis2w@zHGn-B2cJab
zaugbL(sa7@B=E(thY0LKt9sDzH$nG*MQzZ3LA(wEXdcxT`ex7}uH8W#%6DNhJ~y$E
zlH99?^(nR#dUxdW*azrlPTWz>i?4P0K&JoY)E`iJ`lL2g8c6nk#mZH8MP`78Lfy$|
z9AtC&Zv6iqPhd<Td_YxqLIzcMKsTa&yHpsVPQw2tP@jhS5W5RPZ=%O?L=hMrBw}_>
zGGGlo=pN`VfZ6Sw`-8JU^|ajY$n?D9j{lCS)~rVscOh|L!Ute4uQ{KIuis5P?k#{6
zO!DF|B3X1vJR>bO>c0r+cEA$TAP)oRHCb~eW0<`?!n3AuelKez`2e(-So4z1t7f>9
zAXqx?jBsaA_|TsbmQ>>btV|%sCNSFg_ysup*}+iMC@&m(UH`=I0vha|!GQ>TynhNU
z?TknM@q`@eI5eB7?&cKf0CwztpfDpq^<6yhJrV=2-$Bg0Nu*O4L`0!P#Y0rEqO+af
zO*(^dCyYuA;gugEOQtD?cm?&ZRW$UyPXUb3e@Qf;cSipW7*G&SpOA4>lgKf~p%86+
zU@4GhuX7BT-S33Z9^}0tItn`{$JU4;pZL9J?VRyM``>8t_L3%pDH775tOd_NdF1~_
zL$K*%a~7j6>-gkR&gZS6|N8&MbJjEidt67zB2v11NZua@o0xj>puX5VEblM2UX%~M
zYW_B%K9D~My8+7%I{{+lzW|xRh=n#IBYXqXQV=rxG$o-YAxz641=CSTW5q+KA(x}m
zkQ<`-cyncAv$z5c(Fm4jB0;!iDDVrVT9R@}xc<3i{8`t`_1`4?xz_*1;(h$*JGtid
zKL#ZDsn`F-_4U~L|33cb-CT+5f0}2sF$eA<-Y@@u*5&{74!Pm#A9uce?`<?oV?Zt{
ztsgH9rp7S_2f5tx-9DNo_cWD<BPnT%D*1{HZ*6_w!TKGK{N8C~SEN?*xNS}=cx)Um
z>Cpm**H*Z-jVp1ANM_d(14>ZD6^?1v@2l@<Mc}U7)mlj5bI%{)cC5sOGHgMdUIdd7
zt<_Ny%8P^GZL~he+NdnIwlenzWD1T2i?a@30r%|jB)0I!;=&tK+cDDWklj(*WDr7i
zyJ*G~U<ldCv0Pd}E&U#&#$Aoe6o6uCDuL53AmfYj6I$VPP@Xjw<%kxKk3f2{wYcDj
zf!#CcP8BhfY(tf0Rq}G&JV;4>$`yS};cpN-T~tx@jG&_4=wYZZKr3?!25OKF=ECzJ
zI9*=k&Gk7@Swsz0u9h`2-U7|S3LPMaKwLQjMGm1u50`o9Yf-iVdk~9+x~MnEYUeG;
z(fmvTvORG68ctq(XO@a}wB4r-(I`Va$FW1h$b<!>16S+e8M@Uba~RZ`(M&<OaTY#2
z#O%c$)I?)H(kcQ%BSL6ty9hH4F2Z|eq*$^W$xH^=p<}n4tmvGK<p)~iN&?VLq0VOy
zT6wV-5oAt=M~YJVxQ0<QW~{5#8VxCmN#l%olC{Vdv?PVRa!6x~=B~1-!qi0)53+D`
zk*(}3twE`l*v@#gJ4NGp2UfzbF%YoTT(sE4QHDKwfgms#Y-h}iZr}>M$fhn29MD-N
zE@Yy_bpRdb2t>gS@eL6@tfO;$vRPU_!3vp|$j;K)S}!Aa2xm=TIKX;d2ve)qlkuB+
z@ay;@X|4R$2l_el`a^adYcG?lM5(w;)(qxy!h~(ln6y%cv3z8-0%`9&z-U~C4dsx%
zsa}6|OvOw>y+GzbgvhtvdVQEkyg5r_V=+KW<JG_DrSV_IHGTaD{c}qOAlI<}SX;f{
z|G$%KcK^fVn(y6Y=}*_3^?zY?HRk`Vw0?j7<4&$8*u9G&5#yu`LS7psy*68*1Dn=g
z)ABRUMs1qtGbli2K-OzV!CeKpqn8P`AC^HjQ(MQQ;N8W;96906(gGh7icXhLzhXEA
zAhxtPr<k4FX|(Q!WYt}iZZW_rD;pl7vf-gT&gJ*gOHV15bPLOyk&^1867MQmq5-nR
zj7%VNP=p7WEoCN5!wTr!$8R{NVN>u&A}&Gv!o~N`-O*F7+2bE&tD7@`x#NE&=KpEs
ze*E9fHGBLgj8Y_tD-Tn3V)Jt<4Pz$vwyrjIV-P6Y)^*2p4BRe%&;af8#DAG%AFtWt
zf8_n{4(9(tY1tkB%cau&_`i!QqFWhm`+iOKS9MJt|F`A*`N910zY-h&Ys;`)ydVE}
zaLw`mJX5WcYHbUol|&EFJEjNdoyY^UcB{KnL&vr|?9+DVF8u0JG2~Tu2fgZ=USv<8
zdi-Aeb@9Kc<G<ZTUxDp*et2=yGUko{<<<3=|M%s4|L=Elsc@*$(?ZWXG2;92VeWV1
z>?X$s<EQ+{JH=D-qaE}vl+mKHv}Nw&W?mFy&l`8zEQcp-Q9X=Q2V`3wk{8-JDUEQT
z;dUk}6%`13AdTmQ{Vp42&Hmiz{>5EW$G_fay?Gh4$A57db;Hj5zj|-~b2pb9{x~zs
zpOaA^11QL+au<zReF}vrU$LJ6_4E&i7||~Tx>0ZHd(Hfzbj!I<i{Vj9#$m(_B;4DR
zDVyGTXLuHjJpQgs0`iBDr-io86x<JY^UOCYxBH%faE#VaCE9K6*U+VK;>Sbn?}I->
z&2`ntu(mq(&h@AK3rHJ`E>seJ^t+vYD)p)I(@cB6{opOOvhNRUXU&m?fwTaSMg~0A
z^p0i9wpkF{;$d%d37flEm7AtZj`_sHRLbCh+p5)>hf0nAFn7vr#{iU=^n3!m96;+n
z$bd+M>|eskgkJw7C;Xn=*WG^jFejw?gnrBQ;`Tu>@Z<!MPN&D{3??8b>J>+6?NL<H
zQO56a5JwCd%5~4^GIRl)1Z$9Qhu&Dl@y(Ow2zAaf%Bz2(s(~A`XwQPR+0^`Aeth|`
zQE49551N&Sue1XaYGA%|90q+rMH|RIll|i1l2qTI2ZV<tBw|c&Sy5v!<g4cxB+MV@
z3@XYQWP>r#&)aX?ZB#t9+qtA+;XdbLG);(2m+4HB>~h4XF{>is0R50D%tQRd_2<ZD
z<X3ZBs5$x)Rmj`<WyUWsr_na!XDmJTOuOCbwxbz6Y`2YC2;&z$JuH*;i;%8kLUYsm
zVa`#-VR|3PSv(|?(LdV3sBOG&cLqIv&L%-94}!tPc`ykd<{rwH$CEmbnTKEd-rK|q
zwc8_aIBK`C_)8Qiu23eYG`CTFFHEXLa;cXoD64u+I#Y%MwpADXfXEh`Cbog>9>NQr
z2Jp>!(4#kRAHL7I+2nxM8O5xeSP5i7YVG0jpol-nA)byLf}<IdGAUt}Bl(9MfIxtL
z&v?(qD%%X$crQzUFY=eHlRxNr@7id!K(*2}NT<bUGQj>>d{#Zc4njBfdCmA3s$@iY
zbPPMlho1L3qXJRWchsY|r8lF53^;FQV(E`BICgd48)R%KGAaLyPG8VH7eAqy-D|X6
zvWk%|s`IbC3z#7^0|oy2F#nJkE97{+DLzH>KMLN9W`a1$Jw&^pf!EKI-4u-2_Sios
zP9!e?{qprIw_UP8_>xj3ncrVNgg=e%+Rav@dhq<=D_tXm_E08jA2q5E5i-4G=V0XY
z3toP~FLC+bt{&{w=~ep6H2jOR(5$i~^1OcN*~Qw)a9VzN^J=A{{PecfC?7Oy<yK|)
zp+=gb$(gzBg0^QR-L3B&?N<(36nP+4j0v;S_`1?)mv?s?oQz#Wg)sGvGnC>*t996Z
zQEvhm7|)vzF&K5!qnvy)1g?^?P_$oZy{JPAvlzAg;UVU?alKPNXkiU&m4oN47pm}#
zL;O>_Dj~b-ECRt!yxMO%qmWU>-?U(q?{vvAk{Wcl6w(3|nd(WT88DGI80BCV>9H%5
z?vdBl%tNF<N4f*Dq!kw~S0856S+^!KO17$r^hTyjl<dit+LXAXMzSkOJ%qW0XGh4F
zK^X#{RA_RQI}(*1M%?eAV$y!kVuV)36w{SSjS1S$gWOXyO3ec(c_hTypbdU)_q&r$
zii%bZSSGkh71F;6MdmkQHZ6W5GEvH$Rc3Z}^#DecT}iZAqaSgLRd*zfmw1ngG%h$o
z5m1Mcdqvd-YkJc>j_2=JW}0ZK)2Y;S{mSmt%Ta_SS?6#escUQT{x~#DDuJLUGmPp!
z2_+bQm;(uNHDxAFZb0MBYzd7Ya=iaLAE<J(XyuZy*`K4Vqzy{4g6KEQI;w+%(>8lw
zbaM_dbc9X^gwY-cut;Q1H+`%{+|bCWC4o8l$Sr4-En<u8+>onCHr+`e3@-W-6TMRM
z+wmA>NfheQ(<MV`jXLOuu+wiSA9WU79EUr+BtE_X3Gg^L4%%bRgW_AJ$|lJm(VqI<
zhfo1BO2~>u@ed$;HQDm{Yw77Q8quE$Ho707+58}2t6D5M1i9&C9K}Y?sirAmUIUO;
z;$zhSSYvh1U~NCT5Mh9aCr&*&B|?=Sc<;s$GeObJZTQQF?wbRs4v=s6HB5-x+Xa(n
z01P*^mYvMm{pDiu70snf56$d&#mlFB%~pBmD_9SAhUgDF^YCFdH9b#anUO&7Pk}$k
zynILk&g|lHSi{Se<O(#hEa@*iY55)}vX>8^m7A3Um3zrzT`A5fHeSL}qecZ>x@<{j
zKs9JVFNcTAP;J^JBW;6p<5U|=Mv|f6G51lz2tq2=fF-qdPSN=!8pXf$Fad=WI~`y_
zNb&&|&PC?q<6p1VoRTg-;E!<2&mVAGa5bT+3(rS%$lM+UCpy((n!-otIOLHB1Z~gb
zxM+#>@>wTr!x|@J(qwjX23^?Hiylc|%}m{>?AO1pB&Da$q-tV_d1*nlq|Z?3BRM>y
z=ctE(xuh;vk{ZT@Vgm{A_{p|OTbFNa5=aRa(5Oi_-}zk|!{9mHJCoRLke@Q0z4b%#
zK0txJ9-b4MPm(R|$z=+ar9S;hsZ2trDLZ2on7GPK8@w!yRDoGkj#<tBG~WKGFH=h6
zF4fv8`8OYFMR<#jl}CxOO{ebvjN58aa^pRQIs3mW>&4jq&-(Jc|F=82eiCQK(cxJN
z0Z<()*VXI=UpguFdI<@Ed;^xJko}=zfYvr5qfW2-2+R-1A-kjQs^g73P4oFJpTHqR
zGH!`Tnao>C(!6DDskkl*#m&{iW^v65Z+@#txpjZhO>aC_r(K_QLcdD~k*9d{&u9nG
zyoL#-BY$2kq5pe8hNyp)Mj!XTR9F9Wo^QUNf1T{|PW~}gj^X1UTEZ*7@NzEkVG$4b
zU681KnU;?57t#AY@%d0XJD=+VU+@}uVSz~1UKl5Vh{XsH6brzp%o&#dMrNkKYrMOX
zTF@@R@oaiqMKVBC7~di~8ua86Iz(ck2;i?_DU37fumd3E>Nv!(-h|>4@fw#RX{NC>
zyMq_bMeQ^e`&9P@RGCaqDp&GYI;X~_@xS!XydVv-yP$$*)1|li1sfd{{sCXd5WuBU
zrKAcVxr-8FFkl6^Iffd5qX#I&8*6^S=5={j6`+T-xoe<PMoa%})SZ;EjoS#2v|wOr
zUN{A4X;hXR*?>O--qUTX&I+4SWEuGV6nCqg>kBauPm*&QHBtKJ$#F(ED`$f#I?q()
z1*^UGccXGfn>^XuS1#OWLA+$+<CJ0*?Orh`MM?wH{qE{+WV+jpOkqqz_W>%V1gMB+
z-dSNJoX870BF}ZhG+>m5Ysi07<^OQ>bNYW@Ev(+3|GkUL=zknsx8v~5xvt*-%cZq@
z|8IA4#rppi<36bC>ixe`D6QZ3|6N>({eMe-AJuh@{$IKG|8O_gwEib8<IUVY>T8bu
zcVV>{JO8z^x_qzyyNm0|C%g5X)^~>$LHpE)N6%{29g$vKTKZ;rXK87-wJW}T(b}(x
zB8cWq5Wu_RrKQRN?X#FpkKQhm1H@Ki=^X+pVov#UF{Ety-nf@WPm`v@NnGAbr;`mN
zzfG|}>5qM&Nm>`62Ehxp+eu1Iey~Pfe>+XyB*Qb$8>cVfg$XG;k8Ubmx0OriGZ8In
z$sN}sirR0sZB>pkO_jN@30vq8YXq|X_EBqZaRZ?!x0X-X$5HA@&wnHQ9z}~DcW}cP
zU1UbDr6CZ$bl<i6!D*0|Exw$ODRcnopP#bJN<yX}Andl126uiqIOXP&11cypsc2j{
zrk}FwN$9#@aLRpy?mOv;Jx)%|-}89chYGr<iQP#V`H!F|-6l3L+_r%`T;tei8^D6_
zl=Xi|M@3aT_yx6@^a&GvUswJ`aPH~4lUGenBU35tMjY?cK)S_D8xArNVUT=gK2~L=
zpR(fXa(R@`$Mn-(`Rj7|&iF7w`l&pXaJgJvc9)ip{H9$h7rPEiYgc7X<DM)@tjiY`
zob%3L(&-Z*AP0Joeo&`$gpuJ>ADzY{Sx|3Rji(tkHv!OTQ=pIZ(`WM6B{P~n8q<z*
z&r1P-7wEgL3uCFFep16-^(KvR#6;2u$?}qmIPc&wytdL5gos~!qqRjwH(eQc*zdgY
zOxR6)aXX;NH7$)3_-g|Klv3WMB#c}F?b2f-)VCsk%^=mpno2g?pI{J`Q!hX8#ws*?
zD1{{H`@TDlb!cKo&ILanb-J&;(bAWvqhK;@1D7kVtRu;u;vPMInvU(cz{Bpj3wY=2
zW->q<?TO>L?{_`gfuI3h<0k{h48rB^2Ge#JyqsFo(i<X_!>(E)CXB%2o{D*jBU=g%
z+<GD2p84G~sX#=(lHzUWf?QYfCLww)r5#6_hS<R)?ic!l6uJIY+m8Wyoy6=RZ8vEs
z!FgiLa)KU=M23eWX(3bkgVz%o8cJDNZsclHx8P*tc_Iu>#&6Ng2bGxQ6qyVU(BfbU
z?)wq$Q=L#qHK^enQ{z%iOqf(nP704HszwxZA(~l~Ru&cq`9g|{$taEOYQC7|Ggog#
z=S|1&lb#yB8i1myt!GSaQTtP0>jDb-LQX`m;Q>1qJ3|A{rxF?#6@j3m8Pp~c^gVj)
zY4^%(4Z`kxr5+kd0j9&$RhR&pjD+ZFxwD5!2tVv6w|b%-0#DFL<&t3G?Xf?g2*gVS
z_nCYm*VYZT0~e)Ssw2L^NEUC=f3Jt?X&-I5RCfg@B5F3_@ECh$g06VSny6B$-t5~q
z0k@hCuy`$HFlKvwK_}ykR4l9Z##-+B+9V$>fQgr1E`7OFf)(K_;1Oe$t@pIt>kM(U
z;5kVQ5=J}ulGLDjz22-63RVfl!qR?clvD`0;}%0avf5P$lfdEMzKa4aE+GnHu4Wm_
zmV4Rb3(*LUy%98`>WwC0r|+MK-LnfC)UDwB^G*kMNVY=peBy_lFz9!1=-$|+EDfv_
z`o6Vy$f<VP-)(XQT!z&1-gy0BNba=AIW=x)1|tR$BW0}KN#_{P!S?)9AEYGdl05x%
zPZdUA#V&s~d4Pp$C1et=4MFn~K5=glF~;<Xo0{$u7b~FL7}J;n-VSpO8%WB&kcgwX
zgLydolAe_9?wZXIunp#nU06v!#dmzBI2@Z8bf#G~naVlV`ATakXZr0N2NPa`4r5}(
z8zA2v&TVRW-#zoXufLp({B4$QM{3yP!qW|pAoEnwUju_$WQ9N>&5P8p@m-`|_ykt*
z9$JWOr<aRq82`QT*>-wkBQ2JmYLCfOP4*^Cwms1*g<aPa(6nT2sj$9OS{22W&BEi&
zl~vQYNBJUVPsa{|7#YdPix%<fyXDIG&(v?sH2t3`Y237odHTQg)tLToef{45%bi@m
zF#Vs<>xn-vm7mi2C93?cqVfAVm3_xblXm>GsQ9j~;ESuO(o)+uOTTol==)1l^xf<0
z?)7!|`Z{A+%GI!*Q1#}`ZD{E<)R;ET(q(O;xxUoCOz;#As(6lJ(Ih&sT=dRi5zYZw
zVA(b5`kj7iI2jECRDN~FLLKhwU*N&bZV+<pAbA=NUX6kam;il94Pc)i94+?!*PckD
zYYIHuiAHuTdm#PirB>v3Kzja(PjP1wSF^B!8?bUn$q*nFdne=;FBnMvR)<8QNvVjY
zREzT>RfYAV6rXt^sSF=cmFSPp5(_;YOsF)Kap`oZSn2b_8m~?@j-@{iTvtj}MlU#5
z2l?P_VhNYhA*5b=-Y}%-K3!$7&jFkI-f5=~OI(m@`rNEzSnR$v0yLpwY3Pr9t;vvW
z!5ZT+tCZ4-5s8cgimAqJLbAY^K(hC-^JR|{#$Zu~v4f<!X(xOQSy|f=41hSKbtEY)
zWLbDf?Si8HMy2FXDLbIoA%N`n#3{zJnuLNUOH^;LBU5#{qBBH~I3pi5z8W2feP~z;
z&uOtkFMl9|xyhhh&=^FZidjVC$;OkE*reLpcj6Oi70wKWQfj(FDNzq3six<Rpv^s2
zc*_3i>EWu?G9wgihfkw38=qtIw`grm)DR13q~bDbpHEmKVh0*<I_h9sa@_Gi94JPg
zdO7M$>~(JxqTcctC1%8Zhp?SeCn7D)cqa^lu1|V(3&C`PFBBQFJ#NYz=`0n}^MJF+
z0i!-?!ZLV7&gg&j8Sw4P66ov_q9aT(_2#IaIdLBJ{1g1^QL~2Z5if^vFXidZ9EQx3
z_@=O6OF$%{*YBq&)?BEDjH(@n4nyB@h|sY_QOHi@$d#Va5<g6xOhyBA!bf@N5FwRF
zz9FJ0chWB%@bVt<vT)O)%FZ#!!!bgaOa%j9MV%`@!IHS&N9Haa0Hb0(g|AerMpz4U
z%7o_;F+MeWC39M9YzeepR7A7B*ZQX1sEBG)95(7-S9dGBB3*96b2=x!skUC!k6Hp!
zG|C69??io1ln=fWUsVrwbE5L?VWZM)ih3he-9M~VEAXy*uv0tQtsXoV&miAHy(MbZ
z{b~z<w(0^4l%T4WCIZ{9G<IIVWBFONR&9NkOYK!#2MBYo-VkMRSZ=hcJ4dy016Iq8
z!+Ns<#qR>xgX+N^x(2GCYn{A+V&SEzd<{>c`J!B_VOgp25mdi{6%^6=s2BCxZUtUG
zt3cJt&uSGe3tF{PD_8e(Vz<0seqNzmb%4@HVKT0s_~u0gUtxJ=_<x5^O+h=*2TlVX
zbI{C2OK1J2+N|V6xlwH*M)n%@{agz12|4Nn1o9nJ7z*NASX}~1@cF1&(E!D6rCbA8
z&_4%O|6N8$c@-7qH8qrXr<{y*lQNXJp+qC~<eJn@vS;m$&6QO=df4rZMl`$H(b8_J
zp}bVAwQ2f4Lqxx^j%l|3uT)rGU2*k)Yo&Yt?{{+j!t{TC5%zz75z4?{jOE|GUhvOU
zFDPk7X#(dOVBXvPT~;4=uSdMsBmTwO{n<kw3$Ta(z5U<i?Ee&evq_g6m1tr1hTPjR
z0?_jYAb?$cBVIuAK~)3U{7IWKZalY9R>AJqh$CYW5m&bD5CO}mnL7p)Lkdz}$abMJ
zK|dAqw(%fg(J&uO0VzP;EDJ_E4M3<4SQm|cWmr2X`kle)1RJSHiXynPuMJi(Ap{C6
z?}h$Iy0B5joWo)Qs-B9x`?E*w{)IGNG@E%o9QmXn7HA>}mEBP$iC7RT@w5VoOr11c
zr=Flm*Haa=>B$m3riLSL$Q?t(idKPA4;!^bR*hWbU<sICf`b8h;-4yDQbh_KfpP)^
z4JR_j0otqi-ATVQ^2dhuYK&^Vu|UuDXrYxl_D;}VYcv@Q$O@7mpF^!>Ay@_JdkbBP
zvFocy)s7m{*I3y2EL2)75Wl_A0M^RfC?7jcwsj<w(|f4~r|kJueV{@{bTE><2G6=;
z&+I{>8(<+)Tgn<qr7p#^QO|0fX_8s0EkrO6GX)7v^VkL2fRl_rFBlyW`bm{W=<f*j
z3PUj{Sm&Im=||T9xZvSIz67*xF6TcT_D&WpHwG{-r0_5AGN|Fk=4-MZ#6)DPF1Nd|
z#Je6SGAj283_sHKDI-=c3Ac$*S5Nd6H){<eyVl6wxHHF+Zob8?p?Q>}K`@yzS43P&
zV!f*_;U2+YOi`aC@l!+2#6*Uy$<%eW9Hos5jF=@ZG(sL@<}l_#Vo=&61rHLQ-tfCM
zvC`;c=OkgOGf*Ci(Wj~x!h}!pU*x6|XRyJsNu`{ledSj*Wy~>Zc&qs}7^salIW%#)
zl^aAd3lf*|PC^#nv{`n6G=*C=oCBtuu^_Wfdgjd~;7cj#t*OIdD$qqH<dKjwa<>Q8
zZW2s3nt{u}X;J&#>x_7&&|Hh^i#v_D=QBb3#4$#a=@S_-MhOL5DaJ>X@eHdrCZld?
z%<jG8P$V$TSo-`V%y(ql81u+<l`Be-VZ!eP>}N%ieO9tW6NA_ig+=O!U^F7HN3?Uo
zA^@{?2^up43O(F!gE?ZtMz$G3@L+O&3}lv*?p@%=aS&i=zQ~G}JnzVQ@P_IDxPqLN
z`lyvvsn`Wfrw<}qsE80+C?TS?D9Ud*8NEI82(euMo~Ihu<JNQmn<#O>G?0^9C%hZy
zy@9&Jz*RmO$t84{q76(z9-W}kVQARY_xk!AryRN1%=SPXZHbw+v&IHVAd@vzFQy%P
zLpKeQK~2?A(4$ZqwI>z)|7Y(z;F?&rhoe_iq9`ghY)eET2!T))M5KcvARr=$AtV6;
zfy5Mw2rAe+BKGdJEB3C~t_6GV;>Cj3f&wavpnfy6yU8X5y@ls}@B6zyCCTp0nKNfj
zo7p*Mcp|Y(P)E~!1&RGo{l1pqn<FY(Hx}+9vC>cdPNO7O{ke9@(!g~_pXL~g#i|Pn
zPcpZlG6^8TmK08BDd#rmMVFEVmEI;U+enzWXzaN%B#Ejy(O=i<)+{?#A4b1qE|A<<
zB_L9ZLOQ6Dr4m^aQRoZ6Jq__WT-QPG)ClJX7f=9<G)c%tIn@TjHYc1VDEY`W#j64;
zl2w&j0nfCkB#DYr_!|(oSc+_~ifAeYPjEj(R@D_;ph<aFinBS)1*Rs_n5h<#R)VP|
z+A7S{PUsH$hLkH=Q=#-xp+AniFxB}tRPo01Q$mQ)^}u_lMYb_A9VLK@9^lAnM3PV}
zaIIAp6pE#`vZ6A-A!@H{m1b86RT_TuA|Ap7kyV#}D$9Rc{YV9gVo>ATVyRx}pGl+I
z1W`$QH<;fGl%|LsDva9=RV<mN7ExI#%0i4Fl_!wMi47poUZb<5>S+BNV?|7eiD)@A
zDJF*o|BWv@P-e$kS02!=7Bzbd=TK0l>4XRYgASe{SwMRs_{vB$4TO;~rR*0$vy(c#
zhd;vwcqchvzE;QB6Amz((3vI((!OVjAd!*0AYFmB)&Q*olsTx2l)6^qKwu&J9u_hJ
z3-SntI*<v5#D(OC4Wp8%Y3imC<g}~dRZEiq;>N*5a|FT!i>Q0ws^vzAwra_doY|?1
zunawhGYBx<0e>JCwcSyQ=L;siD7`gZo7RO8an+>UzX3HU9*;*L#^|TaFo#5kK@Y~9
zF{)=lrxSS&(=oQSImWgD|832&3_5-eg=sLw3P(iHxr$W$6e-BnLL&dC5G4S`OaYd7
z_D_7Yz(f(~a&TLbY7TQGCNoiHJi=xulHgPaJ!M8lnk#=JCC_BSbh0QdD?$gMWlg6C
zD}50-8IlULQJLsEzIa9mDk*Vb&~fh6q7VKG6^S%`=zKC>A|GV{q*L+;G9n{cEb3H_
z#fpevV6aoj+lACq&aUZNQVe1m*S9MYswy&)L<~4INfgY`Pn64&6lMm#c*j9c;8p<u
z*NRRRGtCm_I8d1Gl1Yvsx<iM}YO)nXSUG#417ZSBP~#<%bWEl;PE+DfWdy4~U6M^@
z6s@?CVy1~B_D_+t*2<&**W>dj{xBY(XZ<rk@4xA)YyXdO*FZhA@tycTds`dL{BQO)
zZ0n!<e}2R@CD7knk8TKML(kX8BM5wsh5ws21b_X8S1th`x)PsZGVtkx{(BWB^rO)_
zXZd=#hNRvtU79w$&8>o?u{&BfnzOA#JEKO&LmOR>(`jqWG8GIC6u-Q>ao^3*<)vGe
z7ZeqIxLZ&?YRk<vdtSG@p7ndsuAsb4lMM`9J-1^Wnl{#3tlx0l_*aF8Tppc!+SAC!
zcjEYhmmjwBOB`Y^_Bpb1`NJx`rmp&BhNs7klsEcvBW(+<$=mP-ElPGb?0h~!r}u(e
zbcxm0w!cS>=ymkiq0q6}$ND%n{Mvs*NJZ+QapT5~9ZT!ht(&*^Y5%c2K6BNYHBYau
z8K~c=)fA5$pIy->r_P?OZ&TrrbpMZ+FLMj|hBLfYUlHBj)*w4=$l^6YLWN@YrcIj`
zFJ3%<e*1-fr=qv7Hb|V|b?=tR%Qy3RR%0hkvRU|Q{IRj^Cj5TJa7EAtN$<{0v!wfL
zj!$S7yv~2AO>B#%S$TPR#;pr$cIr3k)2Gki4I$?35@sK<UO4^S(*eeFR<1PK656R_
z$Ni!^)^Z*zcLTlI@-H<qcYz>6yftLZgG-m}*g55u_i_pgje2)pRq~*L9W4u+;q?pc
z=&|f3!NI``{bEv5KIC-wwntr<_9!C6YzT+bjYcafD*E(NAP_`v?`>{A{aBQK(?$cc
zZ^Z4ob7wav<9$Tzy4%yk!WNu<{ow7jtH=B6uXVc}(I9BUyR&({I=7hAAB(c;V3v0v
z^Yf@Jq3LD6yXFn>Tz%z<biZHE?)ptfjvUEmv)6mC*t4gy{PF3;#KbUjAm_Grc5V0U
zdETn&#L#?mb7ry8T+YGdt1I1^#;uE{PmgR%bG^LKCKeFm(aCAP#zDh|-FbX^*3ivi
ztqcv#T2JZfl4(Bw+|ngWmMmRbH9C{Wdt6z1@4@~1Ufp}TySoo(%|HFvV#J}ahiMDe
z?F{al@><wp-K|yax8E7(>Dg=eaIekr$wS6^Fz)P(y>xeX!gIMJji%q|>C>maYp%}d
z<nUsnStHj2-LkW@t1C;d4ZJ();zj@FjonvYnSO7^N+ZGO(f*001AApf?lP@;baJov
zizVI}U02+Q&l|Aj_1@vECbXk>?hO0TzR|I?w<QXNVr1{mYl6}$o)o@#5#KcHQ+4&$
z5r+r#%pLry_3W~;;uEXAXN}k=S-JPtwgqE838yIbx1=3?dTxpPq}Q|LDFz9&My>(N
z`tBe3c%lbmp{+0|JbY2;rU$zdh6V*)-6g#C&bs=;8<QNL#rBD2Oy-7-8;=)D3};OA
zUk9#(2M^8)y6-i$4D@oqz=7cBI=_V#HzUN)!`Gdj#n};ddRO>Mo2h<1?H$COTr!uG
zZyDTqB9McGTlqbVjr;4%U*5C`2)G1B!OP35=x}<<)n9#6Yc}QUPCD`a-8(RTJ$m%;
z^zv%aqQ$86^xzF4x66NdF%~<+x6aPWGBh+iaPZ*!j1&2hDWbv*8m)0-gGnu2K31Ib
zXk+QQrg4A$>o;yZef)U!IlBpNgCipDUAxw%b?erxS~Z~cA2etX;F-|Sc{_K$y|UW7
zWAjt1Jf}_ec=WmY1CT9W<2i0C!*<8#EtPfFW#rtyl`_k3?H+dL#@Q9G?i}ej-%S2#
z?97=n+nD$R44;2F%imE^Q8961<Il7uC!;4!oY<~iJ4YucOHRR|En5=bfNoX3Vp>`*
zcMy-@^Np8Z+M7_oSbL~ue<>J;{t27bZ}5#9-KC4p$Eqp;pKsNn`IgXTG};6=-+=>z
zO%3`MZ8EZHnk5tp<9B}oj3jr=czJWnz<K7rzP@)3C^l`~y4A0zOe)>MSsU(_nAkqt
z)p-=3VJbJEWkt#5yMi|Kl|J!FPj{lxTD59r-VW4_h%VpMarMrfvY42d$jHdx;5Iov
z<FUyejAF^YPoF-`nKS3N-#nb2tZiFXl^v&ZqbP}Cy4bOJ*|KGomB}0qCo<S3>3(m+
z8S|DeKayM;ZfUtyr&+tQsv1samEh^wyaO#PtgIv_r?v&Ejz%j>J+x?%Az<v4fmg3x
zQ$*^R>o-y)PmPH1ytI5;qpX!hBR2T0op<gAjn=ylcj=O{Wy>y(7;$mjID^L7FP=S%
zPY=isTygo!AAx3r8VLj@&0PbB4IAd^IpOu2&BJz<TwK~LYeo1LmZ_;eeFAupl#~Q$
zUQ>R$+Z|Em`Gqz!-1VoOjNfgTeAK4*`t|Em2M;UUnxC|F)63T{bB(4O=e;m!>p5-4
zQmcf}{%#GI`t4bpcW+<$tu`iI?=GnV1}6PO&y1S#=GoIiZ;pNO;>FpsXRlumaa=kg
zGBV@Y#id7&_V1ZH<wWt9ck5i1_R9dCthn^<ZlL4dmR#t?Wa{eay|1V+?AowtR>}O1
zBMRmYKXf}R?BlK-J1!iEzWva0D?n#(dGv?Z0~oD3wSTsJVaM(K!cGMR`DcF7ZT{<u
zoT>vW)}Ly>WkZ9`EuPg>y#>RcYZB0yM$1|O^f-Ir`Hvq{mjdllSXekxp@`fa-?qi1
z1d(X^<jMW_Jy{i+Fm2j?6aT*Etfax4cE|M?(Xw4LR@l+|+s5TBGMvgk`LSeBQB9T0
z%8K}YU%QVPv*VcOw6>RT+)w}o^8DJmOG}-Grs!m?$jWLMnGOWzc+Af7)X`w%{rxYF
z*KJdjS)DjuZ~O54ei@(23o?dWxZq}7Vc)v5-{(J8@7uh&uw-a2fpy;2HzRU<k{-W|
zjy{x-;Bd#WB^U}F9i7a~Op$%Wn4Hs(NA4ePy|A-^!Mop&WdjvkP|y#Ujl5n%trz+k
zAB(rWyJX4T$&<4eJ8-rKy#9q&_G;MIN!>;?YgS$Sv3yd@M#CxNIs2{eR^HmeaXHC%
z-L<)~kMSI!gOU}BHEY-UFS6Bb<T|eZ?4?V)bm;;#c=N0%Fwe-${BrqnAfNvPsQa9`
zpU)2XvM2Fm&(mj;yZ4-!{Cj_?Tf+zZ@l`eB%F42>7oL4l_WARJ-b=Pzyx4Q2VdXi?
zBOYD#$Mv5)b!uz+guUX2p_^{l8kVkGo>@^|UU=rrWxH|~i*@D7mH6F`ELPI}eIrZU
z+e~Xa=F8jnE&J_@$xJD1Ax~-f`Q5cQOP4+x-{?SYZt>Cae#yrlZ+8$g9!z4FtXpoq
zYE@iM@vv*UFHf)V_xI;p_vzJZnvZd~;hDqfrEdz-bIz5z_pwaOKDMHyB<B2*j!}}x
z)mK=<q+cooGuv`AD+;HJj|?(=o^NNv)o*l1l<eg-alo46QC9Q`$5)*;YU-F;mg#o9
zaQnP!8g18}%AI%CRleD3Z8|^9yr;{U!YrN12X+;U?*8_vWN}(dBT=|sM){+Y`(@80
zz3*2%J=ZF{!ZdG@MMQo~tc&3mbB`%04`=kr?0aEFpCB{4uV3EuXwu@o`wquJ#*dO;
zFFBZzzPW1V<(p6cC@3h%%E|(o;QaaXWo44L$D_AL7tVRxqsOIJ^K<NHFX)i^{Hl||
z)Z&_|*AMnw>UVG$5Q$%#uscYutSUS5IWZ}9pUJC;z}qcn7xLS)h6kD&0QF^KbMM8Q
z`D=b%vSDNV-UQanCEj7?O<l)&t+vZ;5WMbFyY^cv-pTFvwQvoLj7;HjAD7-6-D2I|
zBb>%rzke)$T$FmE7n?1)v%{xxc9x_v`{KmuUaJS28hpAig4ek5lV<In6dk<9U0!3S
z+pgKgg(uFOnY@5~V)?NZ2M)BhHC(@UXgKF#WcXR9l>Fi<Sx$Ly@Y;`a=N@|YdggWc
z$)H!<wnp<e<>tQ4tS+sJJ94JE_(+$k8$(}h+t%t{qut@vZ!hUB&j^j*Jh7uq&A<Ug
zHhre<T{?L0)XQ-zHg7)H;(UhLjpr3lQ!XxxjOqEI0qtn9)tf_YhH#DuO79jn-ut>J
zG5y1XX@+`NCv5og<;#v8*5iAmUvFD>!C`MR`U~%Bi|)mbACIa|4jnbBw_95K_HN0^
zpT>N3xcB>~lhXo@)KoZ(A9seoW9n2oYyLEk+dCF+TXTQkl^vNGIjdi7jf~XYo3y2?
zknY$TYueNJ^2z8m$5M+cOWT9)E!gVy^}~pv<N9B|eEDef_Nar825)Zg;K3Zbgv{+%
zR-9;8@U>qb$Gi8YHgVOj0jzUvUA5kkrmja1DCW1yUj&r!y1je%u3Xt5^lC#LV34m|
z8MjTCjm5n!=@l8-IzoE6UCae~*x^xgZp?aIe%pOgQ1e&1It`zHdhh8ob?&4|-XS5^
zcgB|4bZusE^x4~hCB2RGo6c_9zMcJ-ifMMeOybIyf9-SclpeR;IR`tt>%T{jWIMQY
z8$5sBoH;w<t}w#bztYEI>o;yR0~V>~WBE47e$|yn?#)T<1eEOgrRTOeF990sRQs<r
z&tCde#+Ie_ozr@3NQ3C@`!;M~+S|9AQU-hrN5{_lj~|j4wVCF*GJUa&%Yyz^eT%MN
zvw7$8HF#WTNY1Gp`T0oTFC{+z<3;N+A0q9-%XiKcUc1cRl$?CZ+iO%uj*I+{e#>3P
zp6xZ;Y-}OF;Qh@AAOC};MUj1M`JYQ#nO%N9cd*_7*3dWi(>fJC2JUO@rDb+DQrC?%
zvG|QcQR*+Dex`F*2|RhtN<Q4Ni2k+h<luE(Q&LXMD)%vNJ?VrnA)%8m?P=Q4?Yx#<
zM$|M2xo}4wlhSi*H^+Ch%8@Nw&H_I1%M0^nxCS?f-(7jSTNh4E16o{y`?_(BX-EAc
zmgfd<3W-1O(jqG=E-o%O_?pia{X-4s4p=js<!$}dtXD!}V%wE@(umZL`dvCTo8b2O
ziSH$!6eq{V;`?Kl$4{6rL9co9KW5C;8$0yqwRHh4JNI6()5#&g^;nybIf+hVzNR-b
z8;A)6m%QV%<k-TwRaI4`x3}|*o%~XD%Bn_-#p2uLvj(i$elae}HZG}M(cybB>Alza
zJKI}I-pAW)KCIt3n=NB>&S?m)sFNEv-p#pZac|s_&s&b4I^45`cVO7<xDhduz>(E^
z2F0dF8DP1Ez*YSG`7`&I1DS_U&P!e4KXT+Wi)n+yEp{mq*sWhib!yXMHEm5$$IhMo
zRv)w6uy}iGi9siOgYwkSMO{n50IX!*FTGc$I|*CAfB!J!)*T;a4W=#h8v)$GO}(bO
z9v+^bym{n0-|=pDj!#IN*TNTQ*33gCN4{)ozOv@ck(7bP1H!hiTD1!3=*KVrIRDF{
z#S?-yJbuPGCE1^06T=@G%1B&0#Owm+OVEL|w{4$fo307EcDw0LkCs_0=FgvBm^WJ9
zBL3E`l<uv%=T1qu>38*W{)Xq9H+yhbG#r>-9Toj(gGI#Jj4x?fg*#t3Vol9@rGF_j
zxwS>&8_0S1xnyx>iQxW&2i4WpGq$c?O&cEyytc;$)vRG3(r@KERSpJT4Pb!kH*Y?F
ze7ySn`KC)FF9V%u)j>ZC%Nua6_}#pD6%}t^Cd4~#X?A3dPQNN((z<l%d45%tLEwlH
zT@4NC2_LFz(p;=cas~`ZOH+V<G}^xXts;jvb)3XA%iGdq<?Qoc!JKB0VgABkppt?8
zn7MA9$>xTg_kBp{lAS&EnCrRe2QKvNmid8+VMm|H&ki@)d?Vh@P_Olo5hp&c{oIUU
z5WakL2c5Xx;fEvI*i1gTK5wlHV^2s=89i`A2#xl;q^!$sx0U1as>V#WD0EmyW900U
zKMyh<k=r>gL(m;-y6-^i^&uuhhi2UfHTRig*?P*wWzM~FIwa348Q{=$*7DvX8FM=P
zUS25~2S)$K(hhk8hNM^C@8WB2Hg#T3s}{7e{V`|hZ|~OT&7c4F#f{vcAU9rgTz<Ys
z^TyZXjiz`E<~)?WH*+v~meW7Vb>~duDllz6QEY5t(rLJNY}fwS?Gp{mbDx*r7%HOC
z8f6*T&?iq>`TRG-PC7l?ZcBT6{lUR!2M>I?cFe7L<6i@P%FEw<O#QTO`NjL&R<7Sx
z#ymc`)s(WrTl)vtjkw{x?#Zas={Ku%uHPwet}H7y$atNwdv>5{>5J9_*O+~-u*(~8
z_7cailT!ok0-u>;)4T!tjb=DqA7i2O@#DT%_xl9IZnL+-9_}eMoKd-D-LoXl!^12V
z$J?_@zsy5kw^p=idfT#K!HnKj7q?kkFKj;PM8{drxdyWrFRm^#s_B>BpVl!n#(eg&
zuK7+M*WYmK*fDm@$Kry_#=p4sch8Qxwzk*9F<;Ma6qTH(jsLPd$9Q=mzr_cu{3e+$
zM{iGA%kJ4_`*hcy{-XsYp+jzjhF0GH)h{V&>FY_;nvL^tyS|s*!62+7BPZ_a=5{4I
zA!aw8*k?6p)vD}tyHgFHKDG2<=+I~_yG~CX9_X^cBWd`IC%s?z95o&5wsOIJFRP<h
zgH2~XdbYgNm@ge;7CZF59WCB|<;qQyZfkWb-n|1FYnwf@P0xK*ANQ@87ci4H=|m%)
z!4BeOi<at%ue)?kNeK$n_iNVN6_~QwzTF!vFti%^=(j0tOpZGqJRWs)U+=He+UK-b
z(xpX<N!;zD!^|I+NdkIaTY7B8r|N@!oVxG$!vV8TZn&9QbM)xZalbUNPr4s>D8D%n
zv&>U8TGY;tW18yh+ozxWYQcVCn`vG)k%H=KLC8j()i3(Ueh<hxG`gxam}m#IiPVX=
z3G3B&%I$95y3JqgF!V_IDVK#cAKv-wyWfwsckA};&%S(~Sv2B#u1U8Qi_7-xu{WF%
zBOTVpPG|i1eZZL5*<y~a_8S*;JoN0T;DxkX)`}M|D!Y5fCl!s3*|ylAb+oHV=hlys
zR`}-v?K)=6nB3A%qnoV`+5o07eCyOrdj;nhSI+w+lvmn6*yFeK#krUx@vO?yO^bj%
zb@-6d=|jal){OC=MF7_jGllVov@-hT_}!kKo<9D=^M`j#eD1x(>z8)t-ZhRNUDIp6
z#BJp}%Q4I@LcNY@t^4bT?YE|n>#$(q!j6W9@fEB?4JUi7I&x&pz-EUUjF4F6U1;Ia
zqs;|(MzME%>=}M^(46NxyjCCH;hR>u`Qh|Pmx?|Yrg!|}bGO@D%<#$hNt1w0-*Cg~
zw10p7n%}b>5~t7Zc>TrD{UwjwItVvZyuH-s{(V2EZP)H?9kk$g`yh5Vm(2SYmzMOM
zuJ`Oj%ZIxjIM}W7@6BL5`t<%~->%|cNBwGIVPS6kTlTpLA3hgGSBV}>^@-@wqwj;g
z)560)z2j6>y*@ZWR<gwY_Vfpb(q5eIcKW%X`DLe7AKoh-Y~!BY&YL)G`n9!H%lhmb
zUs&U9GX3<dxVZuAa_5_mbFppGENG0Yo}QlE@xe)*%me8a{KU|kg514X*$*PZ_Y5;U
z`Jw3G+{M)gU#AG39_VN@VqyH-)Xy$8k~d#Iw^$R@rt9mfqICA#5}gJ#$)n#^&*(Ia
zMzgi2GrG5Ye!{5r_6ry8$$QN=oMG>Bq+nZ_FybC9XR=<)4}JkH0|qub8O>(oEb;64
zBIIM~-n{C{A$rZv%s5gkdE#@n<ifS6?qfcGQaCv5-M6oIMBA~Q^9HnOtGNB-7DF`j
z=##>tr%w~~?03HFuP?9pcp~!P>$22)GuqN<N3(R!uUhr=RP5IG*KZsizUP&j@c9ef
zHeW`rc$yoK^y)!%KqpD_#_ykBYZ>Km{E4)x=x};&Ztgn2h1PSLe~Orr+P8ACxFnXp
z#ICJTTdC79=Z42-e@RI!J-1&L5F2Z0{o1TaleV1EgTa)`Zbr$f^l97QY<hVsA}Hu$
zXP0HCqB`UkP4=kxT)ipzP5#_-H>y7jExnV=Uz_o8zl=2}@yw@Bqx2hf?|xy%Memb>
zj*VQKwJ$O1b2O$)hvvQ0?VZ_dE34UVSQPLfPfUuOZz<D1aQjrTm9OuyoiREes}FLm
z7UZ+a52trIdGda7Xvy>ETqe^fKmWI9mpp+nJ5jnk_R`w<d0WPnX6_CzEj}@+V{@+o
z1EzLlpEJ08@7|_B)0&!^s2&mFpQ58@P9L;b5h0NtcOJEi$!M7Qj@f#OR3;m`Ijp$2
znCo?Zhja1NsZ)Cm&Byw%3;74ee16~AJGT9&(dC|uIrp2;fI=Jnv3OF6tlPGb2Ib}D
zmYjko68)uz?;cQ$3JThmZ5<!t<JbKDc3xv?n(c!df0R{J0B~l#dbtPbZVNmA{94D%
z%yy$K`R4Ac_dh9#S@lRKws*TGr(<>k+rPY@=dO2eN=v0*YL-v$a{OyCroZjkMT;)|
z?Cr8W7_LP-!#C5+@(yrMG&WuqEI+@XczN#5Gp`>`@L0$@eKqD%3l9c!{<&FQox>v{
zrdjb5%;pwazFx$ws#x!wK4<p1S#||qM!kM<!{<n8WOz88MyqHT-*R<0jn?mz>BZZf
zUUbX4<TC5)tDVD|HtW3n($)<deEt2sz6iV)8>|T3)GG6EgGR@`ew;Nv^5ATi?aWpM
zpQe7kb>yP!g6i-smA5!!^qMtu2Oeyv*yB1nI*kBrK$5>28rj&i;Tjk<J$o_#!H%a>
zOP@XR>eRV~?Dzf^)o%iJuisw!#~&*KO}BNs)N$q@yQoj^o(C-J>snMi7TcHkdG4m6
zLuW2?NDWyLxP-;Yj6F9`IFI$Ax~gi}-0HD2=uPSLMb7D!yAy6XI$8AQI*rLJ%Wl$X
znEAm>%dUOc>|NC#91gt?U0>>IbnK>oZzCfkQ`0~0?oMcDCvbJWe)jC<E>1BsCphz+
zv8JMjT_c9<?q~elFIB<r?(RKj9qpd6p>)$q>Hgs>17{cB3|s&3@Vz}FA8*yua}Mo0
zja6K{?DWhvJ&hZMLzCs0@yWK`w8))}Gc&FmSANWzm}WqKe=PgM*H5=9#x*#-M4?dh
z82u&f_@2aT7K-EzSK=-%cX?P;RFL$*(b&7=phu}Xf9N-zSnzpIMOkr^%6FrlzncDV
zm+%GfD>@hYU1<);`sn1e;jEPRFK!eR-24!0+H35kXD*}OnOa!rO_>$R8#QWTi*A{c
zCug#kEi>xX)f+f$Z%Zx&?-ea9dCYqnzA|V--;~$G-P{^3_21j0r)jShTeg&fd0m4B
z4bIK8aF_m8WK5rMVEy{%PYUl|y&4*JdP%!+r+K$Urxw}eT3a(j97gBDn&XVi;;aJ)
z4gdjh?%TI0?OB(BO-?p`S2<woaG@D1X}@CAjdm#pUAr3FFV0zV-fxhe&135`M$-p$
z!wl$e-@ZL@;>5E{%V!N38^3$c{{4G5ZakcyUtO5nwd>X+t9g=NpWAkwRsL4SvodXC
zGIQ3<%9%5k>UVuTrEFgp(E&#%r`4-|ztAejCVc6(5VIcoO?_(o!X^z^(`w3-!-s<w
z`fYh@Fv$3kkMWX8lWZnD;-4z}Eq>9WMXbmJ9;>f}ZXGeB=5`}<p1{C%-jz68fk2R#
zmuKECq4@ZOKjxXGn|r(Khm06ebnWrSJM$E_4h}A<Wl`miPBNLy^|yrS*J*hJfFpUU
zsHkhVZY~KoH(yDZ@1@%`%eb}f<~RN?w*|NP^+tR`eEfic10USKfA!k6oPCcJn0_Os
z0sYBhvprGkj!!-oRW$nTg>Bomb#h3$-7mT8kVXxUZHd_X>C-3s#Jl68W1U*Jcs*Vr
z?$+I`6@5b6wr$_Pe{XAO0ou2+y4<3bOd=Z|5pk|q^61f{SGnPD?;lRzyJ=Ix^Q&uG
zwQ7|-ZF+XX(P`~1GpkGY-n<!VX}Ps9*JNjyIq=QWw>2GXmUrUwX;T9_FrJfQVtezV
zyI#I_?d=~|R-Za`>chh^%RLMqJQ(m`_QZ2f?QLy$?cF=3ru=ke$bL4@t%0Mh;e|50
z>lZIxGznPNs8OSj)z$a*t+ibOrbTz}hWG8-&Ct-WV@K#CJUDI<KHW&C!_lWw@q+_5
zu3cMwCGHGg8WeQ3EVspgHLa(ejJE3V_*D4nE6vdb{E32se)I`oCjTxaA|hgUxW!Wc
zZr!ituv_Wojz^cN!Bo(2em?6Lr#G)&iB<+qKK*!P@6PR}JvgA)RDd;`aQwuimcP*Y
zGjc%5ad|DW#~t_XH<<tGChhI6-MgopjGo}OGIZ08c!fx`xxj4wjrf&;f0UGzJbCh@
zET^scm=K+sBggXH^KW%fzVrLq@Y8~?2XE?h?gr*pedV5Eaw2;(4f9QeTQp+@NpPzt
zzOU0WI1uxW6U*dyggR!*7bFXL0%u85qLiD$q~~1=*$v-^`g;0%<hw;>{VOkH|Anj8
z`~P}8_mjN-&iQ}f@z3+$e!!)5{PE2nd_he8wDIlzAK(YO*7>jYwm;8*`yrQ~uUn97
z&@f_~9A6}&dw2%B2l)n~{7-l`5eA(&YZ>kWqkD!01_Xr!(?tp{+=0wNHGl4{`X9Z%
zA^*JkYU4ZmzwF>)pBnOSWA}6a*AKZY&FE%kSlzjo;8V1bli&%pG-h?~;e@q<1p-W!
zK++#i7${6qONvG}v!v6z6UhTH264c99D{lj23dhSYBxl}XpMVZMJjO<)I~Ag0t_bO
z3+9Bte0u(_gFG>E54ZYrcUN~GPqft<e~$6Eyf}fXRB(uEh$m-|C-^{_`55>HeV8x`
z-+T>Pgh5iEIE;9K2|&~7x&TQIq9A7G=S0uIw;FTc7I!C59_}bs)1R0rwE`2C!AHhh
zAjgQYAmcfe!RRsQFdG>60m1VUFo{@(=ct8rg)Itsl!h_0Sb-czUcEJlFSVEqbB3Wl
zsvAsD+>e7c7c20<EkCrcUxPFNZCzB7D~&~kQ8^iA<c#?b@x!YyVB`u{#bAs&Dp~X+
z%5z0h0hgbKp{><?ygR58u@hYes7q3d(rrj#ybE&Ww(b99r#TXZEG~v@36x|gyNH?g
zkT4mbPZX@#6s)0?z`$N2+6)aZUJ>YG7{Gx4;LGIHaZMHr`6yQ>hp0#G9w=*$QGNqJ
z=7=Oh{6j95AOgUk0#heUi1l@b_rSMaz0d<)S&C53i^G9J?gq3$FqrsbT@?HV;~ql%
zhYWJ_401%-c}POwA%I|#MdBeBleb7PPN+gO7~BLWb%1UG0e+sY{^}6P*gh&q<-PC2
z3=V<9?ug^A3wONBQT{eS8hpr{37E=AHyk7mQ6?M(_y`jTl49j?L{U%>{MIN)Vk;uS
zAZ*E~IlO)?EHl(m9TMyr<N<igQT?_bOcbhoMs!5k9yL%>jYg`QbrDIUd4FF&)G|<K
zTwo3~##Jan&^3Vo7#S3X4nTP`U>uf4$^atchBCK<dW0YzGe$(b0Wf4f9;A?EL};cA
z+9+yNBoGjo_ahOE5x5DY3l9K75c~uvxKOQ4Wkpn1LdJ#S8k9)xq89530pTg?@TCN#
z7hvdpv;rnbU}<O_q9Kkptph`8)L4&6+6sIW<pL>JgwzMcHjx?zXm32G2|kBo73Asd
z3mAKtufK<97}E)}1b6~4IK7DMJODQ(e2R90O=|;dVU5E<AR<7iNCZI`gP9t^!a|vn
ze5g2^&<CWtRmdPapaubHk;cRU!bnn>Tv!Fy)ENc@GYNC1IS{Z_T_SSVS(D^s7tkLd
zRWL4<NpuP}=1wHPK|mnx1R!9DtN^~S2pVA*yad9RK#)oV{FaPLPbVP6N|sWO2*yE?
zR!K<<C|&>-5t)c5Hz9aQNlLC<li=SNGvy;Zo{dD9cpy_7P1{<d>5N)MZDi2@ZpW2~
zLoh^-t*92Qb`UVk`mH=^QDxmwXgk%unPEbHDyb(>20|5IPyuO59bcQ3uiFgrQxV^4
zNF&K<$mpwE0#E^v7}kx3suH&WP;?-h6B-c|>eUMoP#Bv8V-9f#jSS%=!>7qEFqNXE
zsWM2b!Ni<Z97{5Fz(5zwxgRd+Y6F3=1C4PYPU;APJ|GTJ^B3?|h~Al#HE|9IgwR#7
zr!c9wOimR|h&EzG<bL9?2nZIC4s2XS4I1JX666_T4tqiAi&T+>`hm*~#2avt7QB_F
zrj{Fk@McqxRqBd>fdp8!&Z6=NOE`WIJ)%V%M37oK0~j<a<x!M_gg{1F%K}2dQ6oLN
zUZ(2LC}3fLAV5KZa!fEWiAW*SNT7h4%23K=?XFsB>#Ao^kX8kcYN-1&2zjWkNq1G*
zBZ7$FhKw+;xR4S9E*DUx-1@sxu9+J~J&s*nXo<8$T4gtwsWFWj1RZqBZ>FY$6O8v+
zAwe|7b%!b5V*-0sLxX@HkGlR>x<f{_tK}8Zm~x;r4_Z4kNb8hCH6<H_k3%q&6FB{$
zlAV%)0Zohm`qpZ=yDM`sr2v<Vu>Hgc;5j3tX|-n$s1gU)^0jA2f6^^U5~Pq8N9!%6
z0a8tw)tHtFp26WH0%9|$lPb063CYT5>Xyz1Z%Ek$3x@<FvOyhXgP@WM3zg}t1y756
zrIp%b=Br@M%vTtm%?xKvl#qgwa78Gu#W#p8P?YjtpQXZjDlveb0`P^!G1P)c3J_P}
zb8&Lg9ji%?I%c<Z(2alyOTe`Z%oMI%Kz9fFYPh9TC9WdIzz-D#w`GW#$r{9Ji;~k-
zekMM304765ridaBRi)|{rgo;n<%OY<?L?iw)aFij1wU#D9$b5X^9tgjhT6jQhz1W4
zU;rC=`vthU`UR6*1e^{vu~X7O>&gJ0V2QF`f?OmrQAHFqEGE=kG=z<D!lHn0Z31Rp
zM2=D-(HczmrM8};U4Ic_?EhVhM97av{Dzlg(se1mCn7(AH$l?c{H|_S{fL3nN_axT
z<!Wk+%>9W|Q_K8OyIA7`PLZElghdksVpTCt%*SPgSWHC30y><076F}jIOj@d;F-M4
zsiT%*j-Dtv-CV;Y;m>hO!@ux%hLbu56eUeg{QRJf`L?FOCxVm_$)L(LwPREzfI#8s
z5Jix$qfwQsQC*wih~=q?HBW7#N}*7l_Jdw0Xyi+%LD!sn{Y8LsZHh<(W3|Q0ztM(j
zfx1p>I!vrEK_{ufg%&&o7I1xG#vgUQM;U!;E!k>8Mw={YdL5t^2OiJ;Cp``ZM|n(6
z-5pWAXE1eV;-^%ppHTHJoVB+~c@0{3yLG=e`G%VUF6~VcZ&|<79G=Yh8y%vo!@-m6
z$h1*NH+}EL1EGxkh)h$;d}Ue{5&}R`M=+zIxyqHPOVuEqQio>rV`@?Bl%*u9UJz+T
zvX*kucnf5X5m_dYmQlCGxYbbdXKlOuZ@;ap|4ZxpUsdkgdTHZ3`#-GNwrtJ(A6C{s
z&;R}*mqk5ZbPEe2?Up0qOu%F7V7@~5$_cR)9WO=E*F2=JZ7sAYZCDb$dsguydi`wo
z-Ph0c+AAWnmPRf_XN=4nrTze@Y5a^*l%)@gQh#c~!eH;BL4VT7V?5RJ^)Z;R*GMhF
zRx}9+mx|R_RJ3Ce5y8PVtO@`JPqhaSuk#UbZ__g(BbjtMm^&*(%JgFN`X#8!qQmKV
zE!(Y?7Z`M^MTYgXa~LQ`ZdSs}K%zl=S<ih?`f4aYq7YauoJ+(BM2bR~dQ2mGCW9~~
zb<sb9#bQM=;7dBC)j^<8^1S~L`Y7X@5T)qTt%Yx$h{^;aFeavKbC?JeIsn8CYjgv4
zL7DXL-&SxxuWw$p>_2&^L_N0gz5SmKHk#-E**aL;|Fr)<;_8lDSaQ^neYL^uE8E)A
z$`)hWJ6f?F+1AkP@VHVzQk>Gt(nE;!iu6!td{#nt5AgT$^>)TsmiTERaH|u(Ma$R}
ze+JVs2Dt}2W0Z}C^Z>U3YInqRI{aa5>gVeQopvVX2mruRKurl!;aMKoAXoQ*;4okn
z0{sGp!6R3Jk00di8RE=fTd`~yPOwE_P{3a=KUeQy_zghg1Rw*##4OM|9%>V01LW~7
zj&$9`1iny;Sx8{rA+8)y)WbIjpum&VuB={wuYSh~6D465F_?u6qgD!G$;7o<QENiw
z`cR+Jd2k5}ASg|QQ0wT(pBeu;<)4)zOsXdy`>y=g-v4R$Q~rO<r6K=t)HQSfyANi~
zh9}k9^wvD7R*M2q$~!Lq5FSO~hu0E#;*K~vo=#`+;3wc}TyiaWn5CE4xIa~d`y$0K
zT)SdGCxcq@MI!J=5aWmnhQKfe%u=k7J8D!Us;T5uP4a!c&_U6jVZOm3>Y|L{;;Jd|
zz>CFdwV+l+3&>jVG=P0a`uPG;?KbgV5uJyNAjDUoHnnJkTJn#NTfOqwcjTXKW3M^?
zx3#tV8UOJ^uI?E1WGdxpMnZv%-W@Gx5{FW$UgN0_JTgr|6J4#PQiSBe@G|_sEGB@5
zve=WSZUJs~he@;PDj{*kEEO`TC7MZD0$A`cCwQs`fr{3ai8IswV#~^gHCsiwuQl2w
zR2rr0sH(5OyINJE7_4l^rh~cx!5Cj40h1swbE2z!4`<*7;0Ne+N5|0#lN71+?rP7Y
z6-j(BZ?ym)Xswfv@zavHi9#MnBo-$qBzVn1Tpnm5j7}${-x+r(SjM5Sb$q`Nby$VT
zU{r^?2Ei5rtTBtBaO;jmOrWnj_zr)@#zO5b7g!LpPm7^Eu1s#h6$xYEk3=ELNpB&M
zisfSbTo8+)Ndho4<Xhn9vcVgmZ+vkI_>v+O0#M{DTZ^F*u@L4Hw}6Mn#Q}Fmz~?5(
zg*-Z-Bd`S)zPN@1znFAf--G^`LUf^4gN49-K=D`}4|WfkEnHbq7loj~vV%vfTiL>+
z)oVMg|F*#WmtA$}|9bTPzOVnSY-`2;S=+LI>i-{c{g>%~p5t(+K3VMH0Mvh4?Nb_4
zaQ}p^SCuD95p{?cQDjG`1p!@%uh13KW)zf)8^&IKPi<QUSQF~f^3SSEo=8Jms=N3O
zmR2@UV*(f7+QHGzR@24*xB2tu^`E`!(Ekc)JuU!#C;p#pRV)9$9ozn=|Nld-?nahC
zM*+7NOnzgq2)LR=s0m;MVzEdks5_JB7?zl<_JCO4ixJZ40$!XLV}wZ4(1B}W3|G==
zVg=>2T%aadEEWSbg74=8T2TobzT^j3I7cZTMXBy`fEIL)0)ODaOPDcnH;OJ0$pl*K
z+OhvcZHPFEeh`c0wV%UUQ3OSd$zpJe8iPS03EpvJHPAU@%90G_L-#mtQY@qkPA~WX
zMlo6laVlECpx4o=ImBosh|vs^#3U$x;8eqX^Cs{BWfQd56n!PBY{DQ(qQVQlVT=)j
zS%f(T#2oGsB+q|_PfZ~Vi9$}ET#G^T$Ydbe{M&r_^ZGGYE&VSC^Ep}lW`Ow{`Cn||
z{*RyeU;gt~9pjH5SXWOwfWEi>Zwtm;WB-pW+v=zN{}GpRi;Z%?smuT0*kV)bV7&k2
z`GRm)L4BPssCJehj*KZIV4xA>&%H4F|Lppv{NwvS{;?ML?)s0lwTApV*jxSd|9{A(
zF8`_lM_S;!XZ6+A0@{wp{CQaAfA?XP|L2w9|KY0+{SW`v>;CV${eQNNgPo@S2j73L
z|NoGyyAkCLCR_=^SF7u3yD8esjFKr3hoR$JW8u1kJWeW3fl;z}77bwxJh2_EqoAW`
zS@nc~D#r#=oYt7BAXOsZ$pw63pRPHUD2rvHs1&$b0)F7jJG#2?t21U|Lf1v>D&!6D
zm&Gy}o&@g$r<2^NODbk!^RF|eYzME&Vlh(SiRA<dOd}X978%`zS7L%9k!XQNz~#f3
zD^LQ|RTd%v!g5RovmSQ^!(k$liy^_UC#b}Z=;(MddJoP8ltGKs7{v_LI6(wB1Tv=J
z6ATT>L?|SmKr>Au0K`!aDsI)_T~r6spFzg-BCkRH5$=cp9E3?cu@t^!p#o;$ZOWA^
znsAS|Dzco??B9)`gFHbEy+)V;bZ}Xa2&9QZIokivMd7?C#}UHML`F$Gr-`PlE;M7f
zfPu|1B3B1BmK&u(NY7wuP+5?Q_IvXX;?$PmFtYHxVL~vRVD6>#)soO~5oPe%8nGuH
zzXytg=Mkzh5klaS=~9SE@&JPvNxU422&<zjL<tlzjG4#;q8JlQ!j-~sQQ$Q};z@wO
zKtfSP6>c`GSK+A-DB7meYO<j84Nc)37L1k;(4Sz`<G5(A2x1)+8BaQmN_KOh(>3X*
zau6BOBCaV^C*LVTErClLr2ujuO?(7E1hAoEsfcf6f(Np=lN^PUUP$Ucx=_qQ`$J3_
zK$+21u@fA)3P6EO3|T5evvpXQ;fdrWB@X7rQMEvt8B?l?<)o5&Qwb<ZD1r?FI75<1
z<%*^*LSTVLf$zy&sSuA#gji{Z2095tFe&Y7^i91v*qSf!=K*w>Awr`u*cQySBSz{2
z4nOqBDdd27uo+rlDql3f_X@%!u85MBf?`r2SU8ywCkc#j<i#jg8<lLz{F16!$A80U
zvH$s4!Tt(RmKXe$jP@)w-zPw<NE{6);0&fwb<zUNXLU6mY9yf`h=l`VC_NBy0_lJt
zk%s6iJrFX0C>2*|K!0kZGlfD3grgR6D08AYs}oC{P>b+5g0-pt4`9=&^KJ?Yq7_3W
z`PBv`It^3Ea7{v`qQ=O?u!#(3cpN>GOtXY+3s($e2ZMx*vHo^3YoeIVw~N`}#mIF|
zx^99Xjg7pV7{IMD*5JPlaBj@e18e*NxIsPy4>BkWlz_sfV$`?@Esg4uwjq%#k7KBQ
zih-Tbh4)xeU<1U7GN4sV#WI#$m?(fog5W>UHcEpdNCSgGDQ;@5ECOvg^@)vIJX=gH
z-c^RO!LG9aSO6RhE%a%H(2GR|h2&Q74DT5ouExT(SZ=I<B>~OVGAVVlZvv$(L+Ljn
zHz9#Zrr2ZwzXWsxlo*O!?e1)~G+Qd)Uzw6K76=?<Q5+7=oz#}_tfgd2!n#|suB#;+
zf_h6rEiI|{DW>k0Z2n50VrsV(V~$2GA|VnuV5ZP_(h8W6(m*cS^GV4Cr%H09wB|Cc
z214udKidv^`^54eTKLoGCg6AcDQFSZX0ceH206V#y#kM@emqn86g-GvN5V%v`0979
zwcfSSde>I#T|0CarmU>>q5+^&`$YrM4UUowDycRFJtszi9Z7t#CcoH_Uu+|p%8sk1
zILO^5b2cL2FfqdSH8ar&z)RZ;7KAeL*_G`jo8!0xE>X@ku@ImjWHADyn#lQ8o!)^;
z399KdFvKLMfw2XuLCliL`C^3}gG5yRQW6m9bY(|k*s2HCY7eYc;|1$vI>QoxFu`zV
z2Mlf@W-_3=szx9Y_(GUeR6yqIkujL$il`S?B!~Imq|m97VlWl047z7P3Zy^>Cxb5|
zfea=p_}oMccoRSx#8Tu}DcP7q^i9d=u`)$87)=sw6)FJL9v*N~%24l!voi?<W|daU
zRt2{;^PuMkogq1qLYm0>M2r+ZBPHhqsu**)98Pu6Q3?#LL&=L%Bqg8~dScX+xbp?k
zidZ=JgZVOmgJu$A!el|)2*g2+57fsW0aRlY>+cn)#X%aVVBf?=MNgcZh%MYv&JPr&
zFUL~E(gc)`hguSF5H!~eFVX{uQik!vdUzgJH1~%2pAeUkC83N_*$SW4F|{n;Gk9VV
zjGd0<N~3{YG-Wzrns?NN%2q3_lxW)`wAq>+j27T7FM^Dw#1xQr-vbG0W>+`O)EEhm
zxz{=gqV^jOp~h<=rn;7|EBahx35SUB=ZO^}KEeyn=~6p0fOafYFOy7>iv%DN_K%8C
zUAVB2bLC9d(T0u;X8t8-IdvdGym_L$_=2cV03&1&nMGn`kL#M6P+sfQv1Ss?Ql+X0
z1_&cn7ZHKBN~egEOz?p<ij0I_gC;B1zM*C8O=Pu*uT`=5e|wFCB$U5~J52Q;0RUh_
zYCD!%Yu7i+)k@9*^XuWJna}tKyaVqibCZO!I5jx_e}iMt;4%Udj2Lyi*Q@pZCz)se
z@1Or=<6v*~bN|<mxU`NxE`~qw{4dS@Uv_qO4nN=j{fMj9`Coe44gk}mo&cst9s#DO
zeg>G{&#eRhd)K$*UzSooZG3P47u!xV|BIcy_0RLae#kXQ$dig?;utyRAxIX8fHX^i
z7pLG0(Tkh}8SttEm>0|pgL&aAG@;Os0aF}%mK9J1-7y$)hR)XU2*C3jc=(230YR9D
zr=MqtCl=!48;lJN2pSk1=<4o?dHMQz8tKtN#rnM<NFr63BXN)y2WT^fGi$i=2jFN4
z2A8yuqlg8hBnhO>eQo=py7*1!zINbedV0DZ9p>qb7Q_mZ$XG-4zJMoAl1s%R{4t^S
z;8zw4{}d$gwU^Jx$WUv?mTZT3@E@RuH(I!N)ZRT!d~E*n`25?v{`0DR)vf<YiTUSk
zd|Uss**4a-_y61e^#6Xy)gAkW1t1hE(*Hnl`g0Qn&J^9MU6+0nqPOx)Za0Nc#Q(Ns
zF*8%MDQ0F!FJUmvSIDqHPmD2Cm}Fy(nWpx(XJQ_Bf(#2km;{K(U(CR)QsMS;SkK+d
z+gXV^z#OmZ0ap$6=thG)gM(eYJ(U6DcmjH~6Aeowb0c9PVk{b=Esw+3{}6TX*OLB&
zTnBoZQ$Q(X0<<vbNu(<ypuqFN65%@(^d3c#M5#gfilAYZF%(nA0(dZ3+KUepD=;1x
zSSpEtCyYtMxELA6%Oy@<6C}aLl9ZTIDo3Z`8I{SE%tS62J`B){JZ6E!SR_mWL;!<@
z2~yE^amT-gJcLQ%AN4_CXonRjmdVhz2wt36$P?iE2-Q2smDYubmbQWfC=QZ=nZna4
z_^^xLXCvmfVdD7zZHPEmyCGMDkT`fFFeo4pbA_AA0tHfc)MF1KaR3h{Jg`z03g+=R
zup*RCs_&y#zz;6D1;QmW28#tAxd#S1^F%B`sz8rED8$b>QOGBL1qHi1OL_QrfTph(
zhB06YE^j8jzEn3+@t&Y2-CTn`u^}=6XONdW1y$v3L^F<`GJS(akpP8UqL6bugi<gC
zRYIqh@P*s`69s%BTwD7_xe%^2RzN^fJ*th_w~?aa!(yS_M8Ht0;MK-PNhQl#c=@8!
z!8o{LfXz`Fs)eqrhX>vfFkqNvl2{~;6=RlzLNLprHkhS%7|aQQS$Y7T^Yyo}W}vVB
z9-eMPyz%cGaNi?fXfW|>kefUCbx3fKho2w*15c7p%<I9eVF0d|2WH75QBZH)L%nrh
zL=^B3&jQ31S-^~ha3`@9nH7maDFu%^<H}*CamEk891#z2xC(u0JBbPMGzl0^Yb(&7
z6v)kFy}wZfH3h^6vlIc#W6QS3EcwccWTCpBy9K-3SUX3{c+leD@<)M-o{|_TpQzvT
z^YtGHK)^(Jwd&)~ummtb0+Ee1N(~2JBobd^`9k6w=#oq#7K_jiFjjm~Eb)ZPPv%O<
zVzM}ah=d~+2~^*>3ONa0A>`wC`O!SG0Qkz25I>akMM?XB;fVt##?jZNw>^nEfi>bK
zRONpJe>~+NWO%r#p0cO{{U)eC;A;xUy2S=+7*dDhrXd*GcCLtUoI=EKQW+dDB*@*<
z8K`I9B%q(5dS`+vz-Y=*F^+p8U*^o?V=6p!M+qg6H}J_TaQv+-5D&A!ed;P;cgz!*
zd~J;ao8aje?D;3`0%_R)wpC!)Z52q^-?j<bO8payz^)gIpn+Ar*aJSHk`r;Y9PSHL
zGhb7^a_UXJdWY9-9O^)&{;b4*s2f@>1?R6@ia$|ByQScK$5L>9S_(3~D-a+}g)8Al
z!<V>@GJ!<?zi2+Rc1o)i;S*+r+T*`wRG<#`_W&xKI{CnL4Sq*sE}_NMue*#&z2R`Z
zrDBByV+7;NqHxMDqZ$Pd{G@RXcmTKiGI$b+6VHj4n(8FwIf0p}lhjGf7de6XiBp^;
z-YJ?Zr&>i7PzaJVh%DA{@DEoZ!(jqk{Hp~_#KvPNtsAxSw;=*(l>Ehi2f%RUTh%&h
z!&`_{wJ7H!;PL@wzDv0{Kp=@z9H3lWqLVO5^v~!NR~Mb?Ml?tu`;&t#<cXbl3aL|c
zqQnVE7#M16@L%o(_}obvD|3n!#yG`GV!?j_`opNzF#JJsEdEP5dH%N-)&7Sr%K9(R
z5kMQkAd-6C0P;8T|5!Wx-2d@IF74yb7xU_o2mbo_+gaJz{T%-van(Kk(bD>2fxj{S
zwzfaz|A$=P9DklTNd`PxR-8Oh^bgwj&i)U3D{Ia3KO7t!exCpLL$1C?9s%y?Z5kY8
zEO3aMpRYT{u&@MEcy~)nj}Q+m%qL`!AKdtb1<R#Ep4`&X(;p_X1pcO6E^)N9Oi4*$
zrP#2<(pbxoAj?z;hz)BJUr`Epo}9&(^BMi<ec?U$0esqibltvkp<E>B=cnNM;k@UF
zDH6GuYoISC6T){)G8E7arfOi6#Bh5p@ET>{3txZ%Zp8$NFwnKHB@PB{!RU+50g(zs
z&J3A64M2z!2;>YbPAZ6TrlO3qKJgY0VGr1z#goYxC<e=!AqP_^OZeLoA_`;XF<9LK
zZX!;0X1I%!;BH=v5STImZS(-Yh+43dPB1h>Dig?^hlF@p^oCIWAA8pV-$a%51L7_O
zSt}@3usAJCmwvWMpS&6>Aq@~{o0_zOMIO^+nodnJVJ2yLDxV_qLDlbL5fOFm{t)p2
zDxZFWfQa(Y1;n4CqKG2GioBGEJQftbbMBqVOdc)82k!1K;YX91x%b?2&pr3td;W9o
zy(S~Awy9chPXeNPlbf$+c=y0G%+7+_CxVF7yL5>`Fb&I(x;G9z$Fw37+lq>%$%5g1
z9)|S-k05Iy$Op(uV^#ENcvQ&1G}R7d<>dA=1mJ<O$Yf;UKkyKb72G=&SgGbc@JG{@
zCSx^ZBDb5%>gFVu$Op)>|DwufTfVtwCsgSdV@l1+ijW$Um8BJ?59FH`A#^`m&wE%}
zHfUr{1nY1K{DweRJ9Ge*QYB4JgC;gHt;pt2=UG=M$Q8PH0c8Y<l}ycM>nYT8Vm;3_
zq!r!9OX<LX*Uc5;wh<!hrGkcxEmEKhY}1OI<hylw+(LujE3nWBi{)Rf%LkSZ_d!o9
z8U{bo1zKI`(L(F8yF|{-2Z2|Mn9kA6a4ocwY0@vS2Ml4!yK}!FMHOr^%55ayh@j+S
z{h-ZqW0jJNmRm`ap(l@_Tc}AyL2UFY-Q|M%cnibL)<QiZiK*M{BQd;Ue=0HTpJ*!V
z)pZ<*lA+hF%q+jWhZeC;<lt9SQ?yo|J=p+x8!ZAMv+^^(aA5!t{GK8UolcmH@^v%3
zl2{AcVrII^u7!$86O`6<-dfU9I>B`(7gUl86GB{&YauxY#zG-%#ow(Lk(YOIeo3i8
z30^79%xb7m8quapW09h)mps0Z;h{D+EOCa$7*e^yeRvuuvMaY3rN=P>qcj%-)sYkv
zYhbK+s4P5TB?e6~R}YuC)r((ZJ$QP!o72k%*MtF$Md9^|CL_5vn2Z5ZstAmDSxExn
zQ3V55!|UPX0mUHm)q6DDC})F+P>#s}DL`%{f+CTJ@FH5AnocfnfT>z!j73bkRjye;
zkR-(j*K=N|1qp)TT`+8fe1u$pb&IN*C8LTQmx+@K#wWlq=n{M&Bc<X#RdQs23bF=T
zE}>_q3q7OghI3HP(<g+4U|}yeu0`wR#Xu;gmyeT>`W=4yP!%Dn1l0)Ax@yOin>3zq
z<;6^tRFr_}O=X`&Y95$@G0l*HDe&0<vTBm%!WCJZJkZ9{%usR=xLVHQ<^mzIb%4QO
zh)PB`v7k5ccdGI{+~`qVKv8sA|D&FgK|HE!u+^ZBWR4VwnGcZ=E*8cwWrj-jIJzYy
z@&h3mCz1(QcydJMKe4k~8%ltZ%A#}H>@+%&Qs>6?=`3x2NF=1fbd$rCx&zbla?+Rv
z-W{wRnAWdf8l%jl0y4Xj4+e!I<#>*;x20~sSzye`G3NA@59rA0#{@%oEHc@C6D%po
zPRK<|ib^HE6xG?L@|;dcO-4F9|E;}}#OHE-TJ-<bQSfJ#anbnSnDamS=I12#|Gg}q
zg#VxL{}cXy!v9bB{|W#9SM&ds+}as#nhFOr%k^)G1jrbL?EFU~7XM@j07to0{C_Jt
zaAAKxfa?$?_yLyGExW&*zn%xP3i9V&;M|7wP@sCqg$->0S9_3YpdPJr*gaMX)%eLs
z(#^{5HU5gB9=3Fp_@zMyw74l`BqLh{4uk=%i0+4BGV(>4bV;Tw5R86;`~QY-WRV>+
z)C{9B2rP!y82T&#Of?9iySe9(wZ4VixbBBMqnp5KpScAbj+)C^O9Fl*`dDRHeyU<3
zaq>@V2~9z{Md2uR+_8j1#R8u{P6Nx}1k#BjhN6xk2IF~<_p?F88y0yXK3N9UN#4~(
z2$4x2RFw15ZIVG?iekY?gK&*c^{_>rm6Sb|nr9E&HHN*A6w-1=bd?QZ?V*$yJ#C)2
zq8L#Hn4zEfYuTSpmnu{Y+jyII;|}TqGa*Dy&hW$Bjuj0u9@PpYia<fN0u14Cu%~!c
z1nrHf9^Pb`bk-xX^+5m9dC4ufXu-5=#K^!e_&A)e!eeF5<%cHJ7&R96$|i`OA}`8P
zrNmNrFOoAMOcJHSPz*2-3bH6@BCY0mlsl*)C|qg}$fT@*z7vvk{u^r{F?tg+T%3c}
zcj;fcWGO^;ZHg%zx<<$!jO_OE;9y|Nl|}KKs6w;qs6#j;&6&=+c+ph|^$-Q787#PY
z9)Ek-7<&lT_&0!!FC8@|Cix<mu{!?BV=PUNcL!kyGJq)PEgV?o5xT`R>L@pbwx6s~
z;e4a10LDb|fB>~j1@n<@bX$XC!wfNjVgI@qwu%@g5bS@6PmB0(*#G)@Wn2XR#p8aW
z@!#D1MEuuf`6Te)1pb@Ae-rp`0{>0mzyCD&uZ*^aG2fQs#S$T4oU$FgHUx}~eH<SO
zrcqyFM9i0LWc4ARl9xt`K|V$l5Z@rFtVSn(A!0{pi5#BB1NIsnRt6?kTn&3^C@)Sq
zd*dG*Q!<&+=m#r-Vwp^<!^RW}&7w$(MBJPV*buyeIPI};9U*R}pf-%@zA(%!avrdW
zB7qFFK#NL0?A^1~oEW4cC*)W^NFfgT!qjk31aQdH%>!6Gb%T>(1jflRel>B8AcH7T
zSO!}ylG6&p%}&s<xCLf1E#UMrPDGSJ1VbbGSv&v(m<&a~3jnXU1w>D6#Ha?T5TS-y
z5^>W(*P?MBAppawpY;-Yc+x_A1=b=rQRoV`FP@ZunIWIz;L7-pqyZ0c^Zxh}h&RWA
zNfMbdQiEtLFk~Ae3^ZTO3(_PojZ^}HWI!RvwI^0mmMuY%2tJ9gT7+l?RT|zVNg8EJ
z578gMrHo67JWF*Ud@zOFZf;%!L`n#?lXl}J11ggcjfg{L6fdEt;9#1*qP!9U&CG=B
zdah;ZM?hNUtX{sXUhW7Ci|(0;8EL&$Q$>I^ZT=vPRlOtwaL`HsJAnaS5(bDS^CA!+
zG0qxrP1_uqOuS}pU4W@tbOM?CwUD_mmXiSH5+C)`BL1iPVLz*ki{XFSePh;t=I1BQ
z|Gq4r1pb%6|9(;YPxjTdNLtu^|93$G<qAcCfAZY~0+>Jm6A0kHK?LZ(0uYEEAC%@N
zJF}}s1!>1KEDAcPS~tXy{G5wxVbqOpaSeJB>co5ejKndx^)(NC2r*!Z;^VOaJUfsK
zvv4cF4hLJwsC}10ZX@RgeHnVz2z&{dn(>Jd(4_)ir4YuUaU`ILKo|s@FmXOr@><<w
zwYq6CLb6OokKmmY@?x}?gjJF?Q_2h@D48^x0lp=wBan_k9a8|!BD<Ekun!;dF}V4C
z0}HOVm#>Gv2tFZliWmX7RZKJb;f>J`y$r4vz~qZ#YS_uxEJ1<~wQ}GeL2fBqqY>%K
z>}xeg8BFlGGN35BVrD?CG^zwoSxwk43o}FbhiH(*`RfI5J+Gjnl=B>e-U{@isD$&=
z4d=8d3^uA#X*MXb^-5X^>#c89#g*Md(Z+-~v<v&jk(F0RMNFWMjEVr7g^Qp)I0S(d
z0+F*Rpbm-(qEK9SxQRU^rUEeEf==k+41O+Xl<OdAy|EgynI3jp+<f1|HP?#aVHy*}
z4%M_iTC99@UXIbnipE^<&&EVG5NTBvTO-MHa*ckW9+T(COP(E-JUiD|7xKnU9+m;*
zGGwO}kuTLEYVfRZ?ZUGNOcpbfP~UrKS^$}v2o{dlDyKjI%wpEhdj+O~ARZi^`@nhx
zrW_3`^m~RFK{P<DoL-xt83WL4om#;`Z(>^W>oOQlA5(S|uV%kHTzkgCiX!J>z47!R
zJaa-OB4<yExXQ7g3e`bnTL47qL|>fs03Z~Y{b2C6UNaToy+MH>ds$`nEN8j7G^=8m
zxom`UP#jA{xCsi>z&p7R3HAh{5%9D|MR*?xHU@c1sdD8KSRTdl)KQawdHD$D^)Y7W
z8S`=w%qz$rP>`Dd^Aev{d|Jf+w9}KHQN~5^zufFTc`^IH6(r98yDXms{+Gc267heD
z_`d}Dmq7m#=-)4c{wc3OqTrm!D8`=|{1;6;uK(LSBsGBHyfM*K2)xvQo-(Y9b*FPQ
z4h#CZq$g(pa-xeTTgM?<2Gb@1#u87+XJE=y6IQGEHjF4tf}sY_%n?EewFNb64Z~ig
z9!e$S5DnXK2>}?dYvjdU7?3x#tkS^5uM>%CA;CII2#%(faZw^Xs+^urpp5pCk)C{r
z0+-v^4vFLg4~XyH+ohO1H}4VTFun}%U_&hQyNFhZa9^WwEuQ$hVUQqV^5pS{C@@Or
z+mg`}P*iScc?tEHBZT0O1EgW3TjbK%fD$HF4TLeYP+%hAKs|KlphCb$*3E_(H!pHL
zHf{*4KJ<0Qj-xJEt6FGFFXurOzy)|=4!kfd5EPZIX8DPNijJ5;aTV%3i_IA+FD;1Z
zrYLE>;F1*&G!bu5097*u)N90m0>vfBkPx1rEyTz%)KA{;5=0T<5)4n20-VGW^cF4=
z>mZ?oz=TL^$xn_G`$)><B}o7U7ciVvk)|IPq;nH_kIbnbx`kR5Af3s$SV_><1><5#
z948(*qu0*42(F@u#zZ8WKt!&H(GobXLkY@=kdLE_ipjA_s?uS10s}(faO_MXA`1))
z6QY2~V`iv7wlSF@0afUlejqEjLIiJ$4M!zXlmY^tI;jP|%uF>8S|tQI7aIk8MuA;y
zJP1nzam7B*)N8@EW&tn8tRWN2xnCOtD)RM2#T4@(_gojsL<&P^qLEh45|&&#3b7F3
zmHaHkSfcumDv$DTqhM?szL@X>LmWo71~}0NYNVOwi7;p5gZMfith}J0l0c(W5skw=
z1aO^p*!Bdl|B$e`upP(lE@{F&TWm)#l>*k5)%RA6ty3l>N6gVa78Icqd%<myU#%#K
zNY81`if8JH9>S~*6c`hFd0)J6;!JelWb;C1^4OzMR!}?m_6cqpdzp!^Nx-~=CImug
zyYQA91FiY$5D&j4a+kCpXp<4NxSoc(Yvo1W7AX89rt6m5BFKw+R+hL#8i9+dDs(ma
zS`0fP#-zeP<3qS#?$23XtZ1kXDuQ8&*viV52$EjnJRpi7S<LQt#}U^64SXE0x4L+6
zgD|i*$i^xU#@zbIm`!A^n0xspR#0%Wk{)UmDF_e{=cBKVaOYQ#pU4@EWu%a_xVF<i
zq++DmVO4`=hu9ruR*S9JF6&R3ov}JA%y4ZjWp1ss;+5?-t3wF~b;9kTW{0_~!e(|d
z#a8{TmF5yi=U^&q<@QX*I;y-R-A0L9Y!#5kUdh->qi$w0wlYgeC7$s{NtW13;eNVB
zma3Tw#-6DM0@~sji@nt9u-MEcwyHSE8FR4}7>aoSR;98OvR7CgrM5Dxoqh0dD^$#`
zx57jxoXl1>#1Wg@fU>aI9G1#5XGOZ1C`%dez?e&hR+gF>yOS|jR@fa@Qdzr`6jVlT
z=%FZ!z5I5EZRoHHsHsCO%VIBc+KR0X;Ks>7(sH;?H&Y?qX0<t)a=Qasz-)68@j9%w
z+dy76i^`v!lCnB8^~L5gJ1xDk!eI{6GY__v*or|YAaNvDYPH#^6w4r41qdu6BVnY(
zY_ZwP2v_z>y%oh~u{#{;R<+(xsY<6EzrqTo79EE_2DGZw>MXSz5|Doc<gbNd3Fx0E
zgZ{b3+-xSNA4c%z6(m6a#OKmJE#v<&NZ?N@qh<U*w{Lzy6#k!^-6uB@|9e?J|5aW#
zw3EIYcIr;HVZ{#ko{s<9w}rnYcbs}$r!zbU14G5cokylMOsur-JX4sr|JC4N<~ql)
z`=+N3>YbKi9%L@|KKabevu^IX^xT2-yF7EgU9swgRntd}s%ZSC+C00$JU;cWGZ(fS
zJh=UV4t(E}^YilFxF!Ac#FbfnQ&SJ0K5}l~p4WC2dbVvnw{6XdQ|8B|Ggp7#<I694
zth*38b9I}^H=MUjA3O6xQqv=QZfW-oxANHz>-t|9XMF1O;&w?Zzus}r*(DbqW=@{c
z?fg&a!KBW^-cIh=*mK6NS5}<cRJ!-E8~n3Vn#SLx%ic6((elNM7q4A={_UIYp2vOq
z!s6p^{*O6h$}Gq546ZR}(>&wqhIN~hllRWc9lr7Tl}G+$Uw!btl%}QrZT($WrT(#~
z=Zvj2CpJCM{lxL(Yu2opI&IpB;lmwH=lb>QA09f7dvN)m7x%o&+WwlsH{R{|^J`l^
zvj*Gh{&#Cq+rinokzZ`-zhvGOfx$^SN4L}6+H7c_>}tzxp1$D`{nH!XGPn2beC64u
zrtyE9+pA5RHW$wBc;onq6LV(Ierx^ul>Ki^J9p~%adG&w8>`>1&40*reAb)e$2YQ#
z-Me?s%gg)mhab*<f1t~?*Y4ZDf64X(9~KUp^u)sKCk78pos~2rDfiKRvu8j3bxp^?
z@9Z9Tedn(hy`Q8@`s|*hr|x>``u5Dze=2{m(ZYTo3WfH+_vGo*r|rXsr_Fff)mOjX
zw=eUKmDwiK<BrL1r!>r)H*ep*eY++fT6VBQ@8XXRojia3e6s8Hu`iB2Ui0!l-ny@2
z&C8#9`}8d+c%a9?$#33sWnJUVt}ZvP@6zp)v77tvpF88R$FgquA#ncOcar@tOP^Wl
zeYGk>_f2r&(ZKE;SK7C$jg!9KI%?Vc^36$Y8$Um}``&iteWuuK9X5^H^GDtEoNb#o
z?_3pn{*gyUTCE#DeAc;t>!aI0{BT2mV0YwSN=J<NY~=*kh!JyEtXPq9XhELm!M)wD
z9H-aotJY5Kzkipv&&ZJ@N6dX{)A4Oj6uvn2^@a22cfH|;XLlU>=;lS1!&m4w)xNuM
z>Fx`6-92eifv)X;>)Pwuep&PK;+KxrvFtxaj!Ur*n>F#=5x(K`hlgdjwx)FQx9d0{
z@a3S&%8%w4*Y@sue$V>*3%b3#-1T<Xtg36fbde5!viyPWeZK%nK|AWo$BnyX{5oCE
z$48F_p8u$-q9Wh@PEx_uw|0H;the0gK4xCBz0-~T%KIm8wEuYa<m%vo56+%Ebj{#n
z$Bv!Y|6bqZtLm3_u9#|>+BEN)d+xk*^i7j%_r5U3bIk{xzv{Hk=P~IR-HfD7qt^G|
z_xH-JPn`R7??by+O+K0Vz|8DTW8QE2eTSws-jA2wURqkJUwiQ2!BgLUUfA&Mt_2H{
zH;t;Q+WF?azd!xm?z>Na-f;TRj_(eC`ttgjotzu4nzK<n@WJ9#%gj$sW)yvrva$Yg
zz3%XXH*K3#S9fsMH9f1UszgcZ*s<foJ&Lbb-DS%VZ&`bTQCL{?<B46nI@^x_b>6MR
z+Z<m0xBjy%$*!zTJOA&_3!%Rc|8aiS)!nY@_L*+ogY5?Pn)x3c?{#!bPEPLDZ56j=
z{;E|2bPKZCd)^$MbiCK%imB398#+Ay(E#WWOP4N{_HXO3cEXvXdzzY>=FaWBJajm4
zWVXOuH@<P>y>%J0a=t!tWT3e3opax=wlCS9VZZMB>&Lw&Ug`2Sn8r6&jb7HU`}Lx}
zD=Owr<sKEcr7VB3M_X6P{MUx;eZylv)$<|mwXf`X{EAPuEZKMZjSJIOEE@ainx?9!
z9_!<KZrQSw0l{a=mfTre`_6ms-Beh=bb&7rIC^aF+gV+=EXZ-WZ~x*I-g(zu=f8M;
zN{7@u&o<NK?`!Moo?G|f$=cDgi<=sq%PN@}f9PR4b8^SH9Up%@^Zxs%Oqnw0$#$nF
z9^3c?bcNxIjy=rX9(e2zyML!^%&~po@r>(m)%PiRHM+$&y3U2RzuWF5XKiWvc2HW2
z#nS0_mWdP3e7tP*qD70&ojTGz`TyDb5_qWk{r|C4ma=3?RE89?N7f=D*=3Eg48|5S
z%#0-xPZU{G)`*Z~i4a8_l9HlA6rzNXo$UIbb7n9kPtU#2z4v$T-+4W+9y4>!clmrj
z-_P<spYP|xGBHvk=kM<iES**qQst6lm*;pt@U%JxgHctbvgGIB_*5-3aOW8Rv(W8q
z2R!bSn%~nT^-(>ljfQs|QczHEaQGH0YUBE?@y)w;Q86(*F*R>eQq`hShmR=pj>E=W
zDM(<L8TZOVv@M(Iu5Dp7tVy0Wx|o+Gc;ep0*x1<c@Z6IPg0O%K7q*I6ly|<0+iJ<d
z!J(p}GCe-9p^15`?CFWNQeOe)p!W`f{QTQwT)zP{1IGCM8zmK0Pi>l(R*Wy>ULKo?
zYx2Gcp8ZAVsJDC&7lD-oGWkp0H4omt^@u;ZEuMk1{+)Q15tbC@$CG-#-$veIcXxO9
z)~#D*Wo6g<a`5qGY9-3j)6<i!-`IE;&0ZlXE&ZVt;OPDq5fKqUWFmvRam7i8{8=}y
zSM3Ib_IO{D;jv>AwOVo_6+7J9NQ8uhzN(xI+upR1mNqObtZN%ZX=J2ERrG*xEV)Rr
zu+Mj8d;1Sjg4=hgG@>|LcCX{bP%C^L{Pg79xpP7fM=#~%2*Dg$A9=M`gd`;;g@=cW
zTEA?}wFDlr*VEGj76OSxIyht%Z@8*CK3c2Q)!E4!QlWBrw~~@ldW}|^*zLaFY+6&t
zPjqQwFpA09=izV9pFbSDDKzM=Xv~{0UrxNLOy42S?<az|Y3q+Nmv=Rmg`FtI@p5pK
zHZ&MUAuAfQjPfsCy7XwOhwpNw*qND$M_$usfb9$$Z1bfB1(1`#$<FwbVpjm+P06sk
zyu7^ey%S@5G{0zOWT2eUjXZVzAAQMoFZ=!IY7(S$DNBSOWxrCUAie$Ni=GTkXEDXK
zOA)boPOy@OhP#g*?a<?V-FLUu^!RbUL0R<22NM(SFuJ@OdrytA+KAK1z1VvhSrJ25
zPh!chax8^I^9L8DWib8bmvmVM8L!Fqiw0$cFz?zGayHV8HknQVmUZXO8)uk_jl6yC
z6*?VL(?^a?g`NWsCE#%L#@h&h!zL#uot>TY_$`BHXJ<FiY>T;i)eDdUfSf(7q*TOu
zGq47(y0zjUg+bJfO0MWA@u<js%v;!UOdW6Ca&&YoFy?23-7&Thwmo}x<LuNaT9!8U
z9sO+dpKOF}>FjOpm&x906gqIHG*%ts@3@~lKUVt8`%N}5j_ddCO#lk!)TvV^0l}GP
zRSEE?j*iZwiO)eciC%?fkI%rIK9!yG@$m`YsoekZ;c<$w&<cdInvenu2X4&1Dtu?^
z)~&mqg++ICHAF>A9JMF8Xi~*RagbAyjkSku%N9v{y@`9yWEH^|C}_Ty-fPJ&ks2@8
zqlA6@c%`4yCp!9ac6Jb~Y$gtve|wl*DC<7^&X)i&VlxeHdGw^G^*{bGS8%dnZY;+e
zP<xia0D~PEeSPTA`Hk-%db$DhI&mUCd8#RCN4u*U+Bw&`_uT`HIKgcPj6c-Xksl-p
zm^gIAH}@UW=Ll@_ojcigMtdH46~W4%J(Ca+INje|UW8@f+(}m6-Bw`{O!qmS<e;9O
z&#TX^E`sGO8%mBIC250Kxm>+}L0&>a;_=wK<A8=@mpv`n)oiubYi_cuzP|o3Ffu>_
zBmyJ8deu>w<#5=J?d<Gky1Mz8ju(J*Ie+dP<!9dMgSHn~c4kKQHyhoyepQ)xW{+^}
z6%t{e^_HB$Mtj-~pTR>(g6S>eMX1cznM+?CuS@rh;@>KA(jeYIjip_I-`Pqv?<E)I
zz(*5d%ZfCX-eUfBlnyGJUsRrwmX$rC{(y}FE?tc4*75L|0#&rt4wXy%%vCQU`2ce%
z(fu<e;w%b<`aU#dXKOnF>`Q>T+y@?x&siua2I#DZ`Lz{_pY)iD9sekU`J})LgMFpo
zfR#O~+XR207oh_ag_S=&CuAnu8Lo^P`u=W@C9EDrcR1ku`r5WqzCC-c&~cg^VyXxb
z!5V)kNl{M3jXrZRrq34@hm`<=C^;p?_w3p7KeFD~;-p)O0Ns{wfG;bC&mc?EsjcKq
zin9O4t$WcQ_pci(bLCNq!9GH@bWitBiyxRhqM^Z8;en{@h<8bu<C7*o0AoO$zvyR6
z_qOgG>s_?mct>=X*XcXFyh)e*kVcL2-tVa*FhW8aM~}|tTAuU!THb!uOQ0eKTZ=v;
zdTR75g)&yV%hkt1!q8o!Vge+PfPmMhb6Z9|4x~oVVF2?5urx1M>Y19(l~D`TH8ey=
zMV&u?e*L<2yqf07H%Kc+x$)-etSmJO6_#G|#BTAd`%kGA0z|00qK>03Ois7jXvVXo
z2CE*03m;y$&gF@Jjy;O`dzWUcuVh7xNbfcIKhiW0^z~-CG?QF?O%_oQCW1P7vZ|_z
zPf*Z0SO8Ejbi@7k2TY4F=jbfNSjWG;XV|<MQ*&S(7>QXiE*+5g0J|T(P1}dkZ+^F1
zZg%whP`h09i(>Tv2?b--?oFk#FnEPzDkH}Qx<pZ%KyD4=d|Y>!fB>_?hr4I#=&fR(
zR;+(CH^t~<5OPD;p5bni@m!Ue_0&|MXmK`s8C8>%_uS0+O>8WddHjIJuDL1$cqg9#
zGCi-VqTaYsj5P$<W?`~ZH~Fj3k7vJ=(e4+veGNB?iuBcsiamTNbccY+9ozP&L8*T3
z&Vt_t9x^rVbS2aNu$h6O5Y;j>)V_i0l={YF-+Vm>S_WI(xW!oIG9x{1(@H8Fxpce!
z!^CjaU7*#zh{DWT6K)?#my`DPAH9FfR$k@~W0!lBn=7(&rzN0r+?t)Ay^IwN3JR)v
z@xt%TCRm}vdmTN!(Qo-RXJ6cU!4l2&z`j1Wqw22C3yL>KUq~0_c>1k}1<<LdZ{--R
zmdQ7BNARbrQye8#Vy1rBm9VL)@aiQlv!^2+4vl>#B-*OS6FuzTZeV}udTv&e?%*4D
z3C9n5`uYXHrh4iEn2<$)5E3-L!?SN66RbL33JVCS!otGh;^JLuQ2|ekobAa<a=d5T
zxf8c>m6u5M0~<y=>7Et2_cNBA<-Cqwqi>u~zH3%Ga$inoV*+;W1)t|fFE=@u@)7P(
zs(m$#8~9Tru$K>~c=z6tN$@@sT=Iyo<vxSD#(oDe)^m4{(D~>{<G#KIG{Fwp)5q)%
z^M(WjxOc|dFn$Y?zf(|&?acb|<+8WRCE8Spm_8>M-Ozp*tVA*`UKbWBa*2yGYkRPW
zs{EzXvOo4)cD@|Fv74IXn9<|-C#`d?(@BT4G-K#$q#`@4RW;(PlKHA{MHE(IL@R7R
zKB%irOFT0-DRMTlDEBn(%DU~cr`@Zf1OP)o2Uw7Ek!mS#zBSz)0JMkDgTb@LC5D=(
z>2=J-u5`Yf9Dbb?bm_~^Dv3*d6bW$t^VTq$Yh&NV-A}1R4ByzDUvE!(kwlE;WRe$x
zL!~UQIX+6<cKW-L*EDN6W4Xr`idQf8{P^Tg9UHq#Noh>g{2j1`7`P9=N=#&AZ#A@y
z*3^F>xVfY-s#}@eOAipW?n4&4>bf3|e+0PW{z$b9lP^!>#(0Zz4UMQ+(FUY7^N~w;
z`D@vV1|6T+*4vKi-Y9<+7Y!(;WA677qodF3ynAi_q9zBJ%CK8&2Qy>DPA-n?$Y4?*
zE_x%>)_r?C#`~4YNJlL=Vb_@T=@kt498X@RClwM3=~KIHd`=^^ou|E;{@`f+yLW|%
zC+EL?`v%w@w{PG6_RT@zc^<M#G5)egUl6SUU)%v1ubPAtD#Jye8lS=Tb`6)E+c`Jr
zuX5pnd??G&!HL=NF7N541Lw{$`MF;ZHF#}a<~Lz-f5)5d06PB?Yt&}0qdZBcRVXT0
zB*%F=t0_t9inBkcqy3wK3ve3%iS_*X^K{*`z_xuI$imy(G$~B)e4QR0O_A6!&0<->
zPeO9OM)tTc+BDgTl4rl79rq({@}R-XHVN<Ny3=C)Sa{a4ZMrgWAN@t{N0GL`%K!>?
zB{SWrLlpY@`W>B}nlZwE(7pXc<7BbPWwa*!O~wRlJ?)Nd3=Apt_Vr1LJ>KU;dP5{=
zMybBjmjxR=DVuTaKke}K^_&486Xs!_x&FvHzuVf{IO#mszUG@ZeOhNx8!FaU9E?im
znsjJ%+Ao+rkT@r%ul_>ttzNf!8{myN0<4BWASfv*xA()i3*ke-Z){&ySJTkY7?8%)
zhe`+M@>hBPm~N%y0F2?=qK<nSTMPR>U)sec@~&y4y+nWAI&)dsD**k}R48+e)15B=
zkslz~@wkkIyUJns%hyh8DN)fxIs_|8u*(LT6Whf3Pd~pnrx4=ScdgTFYBW7FQwG@N
zfDK=V!%#KaZGma)=v+!jm;+plZ3jH`+zU!}djzge(@GR)4Jm8B@$yw6-94^Pfq|W=
zY7!*yYMGM?MW!VzB*#8_dw&n0M=(<}akTf-Cy|%ZpWSMSetf`kW<pZ6Nl}cd3kE+h
zR@eF2B83Yf@qP19V0Uerp@D%l5-G17ixRw*R9aff%gb9(P$2hX25Vrz%)!OQrP%j$
zwkI<OFw_9SeWS5~@k2oDOphU3*bV`%awp#ouV4|&8@#%kf!>)@Uy5wLeuy<7g^xGA
z^+Q3L<Q8YAc)IlT^xWI8CrZek__=-1zZ;KbXHT4(n)>kJ!<R2s1-+F!NqMp=o;?Fq
z9N^@Lu!aCmn9P|ON!aK>t664!f~?mRu<>bSC$5?17>1Z0nLTl7u)!>Gx;F6)XL-<D
zwya*N({J=M`vZe|`Lw%F9SJW};Oz(xC$Xt9FuA9F_{e?7c)GrG)TwXY$UpJ-Kl<Y8
zcJ9aJ`sEcBG+XzUhe}AEO7Y}9(w$vcXz==AT5Zdj>Aq)S>|ud{#em<tJz7rTW>RUy
zm8sH>sxb<?Vyi;~(&ih3jTjhwYZ6RuyutDNNv=yeq_TPLlYjH%NUg{_(F(`x(^8ye
zKkCwv^75v^&Yy7Dzyr!}rP*)S>YK-HG_Xo2DJfY;%{(*i{lg7#`~lAs&_ug6<8Pw)
zKl0EtxqXzvO=6fhKClIQHMxJOyqvO+HThWN{nuf166l96<_CS)E%mY-s--wSynUMq
zd_(8peBSk*Ys73lM~UY8Z>IFR8+v>kCF<(x09R?_cImq6LHKAya`O3z2>rt;sfIej
zl=2aU*+$sb&rj1iV>3^ZYZq!7f8c%=w#B5Eq4VR%FTl{xK9xd|%6v<&f2+yXUU!r_
z(3p;q@p`;~)2%@=7@xs5an?AB@NDkjYgO>%@C`JhhGCCS!f!Cpf7(z|M}39v?c2A*
zA3bB+_!|wzBo9$AF)=wd-j=^EFS#y^Io+7Of+a{;bYB`nmDwdHBct}N#6;59V^LR)
zu4{fB;}rTPeV-I2%p%s1&GkvW-fOZWHaU5{N?GAc>Mpp-+Y1cbs%mPb=l1u6!UEOp
z+#=FzHNQpuD0WHf>1Cq`_u#zJ%s@x7pE+pb<Ho5RYW3ak5xWY4t|xj$t;?49<JdKN
z=z9PDefHGAwm4UYcz%^eizKr%r`8{QaxCZ6Jw;*PfHJ>cwToN2fU)g_70TFdwS;{b
z>#Zp)Fglm;X;kTR)x^XEV4?d4eHjj=G#8I!V{55NYvCImsX5nGW5{{E?^cJ<Z88|Q
zmca?FErAD*9&a+%*4}XNn{~OAc~%iF9gy>+w=2(Nn-8{?8e|qEC6#vP2vS~iN{Ek-
zr<I#|oo(%V$P(s*e*9|vHO{Jh?xW2l{jlq^(?X&Z%~={XQ-ADKR<%DF!lD-HMe%;H
z35`85c5SdLARwTlDmrM!M)|Azh7(1Yr+_Pa-MPqqr^>zb$_Jj~sUJJ!U?nWdN3i`T
zCjTHaEV&i&naW{!9js((%*K(E&h0e4k84dr+0>M{Gvj?yg@97?uYoLkjH4qXl@1?1
ztHI>7Ej#ARP&+a;)rG>&<Nlqn7%nD@WES<VhiB9;4aSN_wt7XAwe6P(!<HP&$gr2h
zTxWF9TqkjWuQC7RI}(yBadCh}r6~FMqzf6$eBh%3Y*JcOrI?J)avR5!cemcRp1v$V
zN^|wY`gje++)^0q!Bh__v;NC&2`z1pfsbk^Itm(<Sl8Di)R&M_Qc^~Be9rYj2R*E<
zFSH}-)!>}2*O66)om~y~V&(R!_PtRfHV%z<jbph!Nwn_2ZK)jUsVmsE&1akJiDY=G
z5}SE&M@PqnEDkM7xYKqzy200nXfN!c5j2IdqyYA6e7rqu{IlE!m`d4a+V<YSdv4Ta
z8T|EiVy|K^o1SoB6w{8sL&K>t?Tw5*`l7%%&tq)p$M_Fdgo9He3qQ?FbMuv+9_HZi
zxb&TV;tq`$<Kn1k;<w%Jd)S_L>T^R`S#hRe97!{|(_PPWt0JQr5$oKi#osA5u~@S7
z3Yuo^km$dB$UpF$*5PZ%zGjp9v9;KzmR;}@@ffQ=P!;7^evB_(3)MwK@#*~esIzB{
zoxI*s#3|a^+Pb*xyJ^8henha?wLjWTngS;2{b+rOYQPs`&ciS<;n!WC{GW+bJbZ8+
zXk2tJmFMtlRGPd|tn=IJ`?L=1>n~_PQBw}(*7nfbx0X{RC3-)a8LqmomB6pJe|UQ!
zmSv~vt*)AeU^a=@vx=l-WLGmtt0}LsvSSA7zx16-cY(ds*g*?8XUv;FkIYSr-ZIE|
zbMfv+>4@-f<p52V5YN!{6n2tbe1`o$W=1ZLbZ$zJ5OSUvyx3;Wel=9MA}&rKT1aB1
z*Ua$Iob+^Kt^y2R-ZbK*FVdkF-BU6~L)Yqg>J$?rqol>#78;lj*#;UwfFD*=Y~1y(
zaUb6v`$4YqfRXQvW+CTsh9A}Zc|ONGhf)lo?DwXnv8!mwWxR18>+NzBJ`y~1em&O9
zOVnqpk9n5=cT&NGh<5FZL4kp+CFe?wj7ohs&@wBhEAt<LrQ&K54w#yn0<t3eBA=<D
z(fe<oJUGbJbUb4^H*vrM{y3^iBFtgRiM{vW!N<Z1dRRCYyE6+;-2I?mfS!T4FI(c4
ziujS|&yVbqGHl5sBmFw&K_A$=_YOS=>}HOH)Uhm-xOOs?l3k|R?rN!<jpl|K@^uYy
zFxY)M+qzOc*N%H74|l*b(Dnt!5{`Z|P0bG7eK2pWaO5G?`%g8<3ogj5vrKT~KBlb}
zq{PMG{%(%d=`I;RvznS(kmV*#8S~)dw+^^noZIVOT3XU6<`&8B>?qn<yeTOHtEnV=
zTW2(cj&pC(0aKml_Q+soLwB9tCp~ELdrc(keLsEjXQ!d0Bys9$(tRm^AbmX+#-%Wf
zEQ)<=uq(C9Nc8=?tXJ>OXR=b<PzS!m=9}hh+O#PkfMO%%kOa$}_~YQ0AJTgc_HUAJ
zHsBrT&3OzMF0KI>?(>1HvZ0FkWWnK^XX*}#(G9_Kb7$GT#FV0pyu6xTL_XUVLQcU^
zee212rDiv?JpTOQ;fgRh*(CcXB#IwhPukkP_MSC-vE8k_;_2AfcmpC>G5esrd`q@T
zwCps0W?mkRCGDXX_co7z4TMo7MMXvFrfF&<%5Kj-KqjqSUS9OcfWDoA<5tw@O<I_x
zV*0i%TPB)XHDNx0Vyw>$lVP<{%11moYv$P}4wJ;*7;X;>%M=cvBdt(Ziw^bfy1G?X
z*7&~4<YaeQ*=cUg;Hg(=l-JCVMyt2?ddr8NtQ1cQ4Ai6<dnCI6o>8T*HLLiRVb&CJ
zyG4R#wvcvqy(EG$IEax_LYIj>TYpHgL$h|IMr-10ip-dY$}yGW$8RYqZJL}cU}Dnv
z3@<o#GcmD04&8shuTVZX_CT9bbB&h2o{E!ZsYR|+b$#wtQeZ~Sr&F#7^fWcVN<53t
zJjknhy0w?;%=?zj2Hur1`}XGjVE-X`4y#FF?;!SgZt7788}_8VF>i<T_6wo?Bj55<
zqWQNXa<y+oJs5uB2rzwMn#p5o*fH~KA2$V(-??+gJb1g(3mWS@REsqI<{smk^)L$B
z@%xlI8Z9Ih6eS+heYvu-#f9QqIdDH_TeDA0>MAMuzUQyn>u4v^)fshQsN8VivA1I8
zE|{=|VoXj>m;itErollcxphpMZzy0xLqlrOg7voF_}<~nH|=8$0Stt;GX9MC;=(I}
z4?{Xb;k$M*!X7*j0}SSmMWV`=NF5>*>0!GSH(dMCC8rfsapsIPJG+37j4QW;d@@Z)
z)&3)Xl3nY4IV2?;hYX`Ve7<IT|Cm$2U~(wAcYj|8m&kZ=(9kE>)y7LLXdR4Z`yNs{
zkAu?{Ox8zX%^&u7K8jP~xK>^cH{`(t_uV<!rn8ZWmYkeCAcnc&JPkRFl2X1femoAh
z#i^P^to4j%PZL@T22)^Fz`?d9eZM3hFItWC>AZQ9oJ~bKf!cE8L7SaE_oI4dIKvo4
z-tdTtF<Pqgx;!L<!8mu40sq0It)d@NaMGLRyqWkqc80=^$1&xOe$;UmQ4(P@GcN~+
zK?W^#lZR7+TAqrqgF88Al2fLAPUdjIgezFt*w(T3Nfv!6b|Z&XR#tv?T_?fHoT{F7
z`8+KxFMn3~F>K1WmnJ0D@=-`Yb#`>foOW*(xJ%B>MXsd0K~ZsH-G*uMb*JnK6rB&b
zG{$Mm=;$aYR&uA2)0xyaG<Xk|ZcvNjr=+IN?|tBV#o3PzL5(>X2!q9l@%Bs)XpM=V
zZ-FUOU{Pa3ZywGJ*F9rr-?5`V&6*;x-$=iHGvk+CDhc0^<R!rNAl<@wG0#3TBZDWE
zQ@m=YfAIE3lLAW#3O`AhdOS<W#km^?*84?r^1noPRV(|`^a*82P$U(KpENSkwX<sn
zZ0#*V@A_NK6nSMlaFp)mACe<TY`L{U&%3&QQPnz|oSb~^8oXl%T^Pk{#F^AvMxG%#
zNr!xObr0p`sb=4Q)G~I~_=gS$DQx0HfgA1i53N?0#yog;rc6Ac4YRS1iii?7zGV&D
zYH1$4n_KzRb8nXXjoVqJPrLKnX;5+gu#xPbscFJsg`_mI42{-Z<6Aa0366Gl&b2y&
zv-kT|$uG9JpTAGteEk8*;A?I4eY8?XTdrk_O?7bov74qsvwdj)XJJ1EGjl>s9-Xi(
z(D4)Vb62@U>to93(MLhfeY-mLvX2O+{T;J|Wr+_7;PSLN$h*z#4SG5})?h~MpO?wQ
z^rmlS(sx&7Rd>sd7SbLGnaCm%Nf@)*TN-K@?qv)G?6tkhsZ+J=bGO+JUgARgart~7
z{v%JF<X+p&?SCApeJylMnEZqg#k!X9kDh1?3(l^-b3M}XFy|&^b@i9$sJEO5eQFRV
zDkbIKQ)dec;wA~C;DBY7+Z9dbryqIjV=A<DqicWIcU8gJ>1nNmZS4`KOG{-x>mEI7
zqI;RiQbqA3?<TGbuw$1lO_d2zMX>cf+i$0%XKx>4IdtKBzg}ua{g&iLw+@m5#Pf?B
z>(;F^$gB^kKR!77G)Q?5nNurwmw}J95$dQy!HHRC!A9fz^m<W7PPet}?J0azGIu4D
z`f<@K2p_Cc6KY`wI4VP>NnZD|(rF6Hp?Z6ft`nCco`rMK2c=3$-WvcUTuY&>-(_kU
zVf~?4A=CY&C&<m4Qk{xQk8jYqxLGIn)JSL07NNl2>+w4z%HXnYsJE|^K6O>=n`gPW
zFb2(vSd{yi&Ds~|<W$?eE(p14E__68&V8ut+#Xo^y+$5;6s*K-ZZG!3oxmHrQz-gA
z$75)!qBH=1WJndkzE2u9_&z@pW}f>xCZ=SUTE*$XQqzh%!5p7z+qb=aYf)P}5E?eX
z_d=BZtVk5e%lKZ$gnb+_<`w*ulu6^wqU8H22DH_}60UI8X_5Loe*7a@DJX)@#83bk
zYbQ2Q)Kwv9I<rYZ8s-@uG4g$kv&!K`M2ubS`l6$!A{@Fi4UY?+;0fm%c<>-2IQX;5
z<>Xh^QUU@qUn<iKvLr7>>T^^%yuKzI1bE~zA{4N9IdU?N#_F~=b3TjH<<5AHo9^Mc
z84}WWvfwQfUq8zM>6th*CL`lYf$?5j?Y8Ek3;8zBx^X&QUU8;E-D5}6E+?Gvn3*16
zx3kM-3EACrLb4)8XY#$xGpe++nd-+l1|3=-wU`U5C+s)6`sU20p8b^!u8G|l#z^=!
z)|A6u?%%T-$@|3U6q?#f5mHiB*LKzxZ712`HR|uu8){o1%dFP)Je+L2Z#pt8%)nvY
zeG3)8HbCtURj|o*bqI_PzfF)ekvctLUurFKI5^h2W=Eb&ulEJa^W>i3V@Fjr-&S5`
z0(_>~yRCxT_TPK_p5HQ9jCHsfD`Sw=DD*-Q?k9DZYxj4#Q<&INxYVn1!$%H|j$R|L
zBnIxahYqzryU*#9R$p76TikO}YP-ZA25M)<?^jYYpY9%%w0A7nvEThE_O6KK%T_Zp
zqxTzqkg<p?8RyS0B6t&L+u29XZ=yC(-22h=aPv%;9Q*0%zK0wfe{9{F>NWMXCgE1G
z>w%uTj#UXFmMzNcEldn4%~a(|bvO-;D!|tH=rwMx7UbObLDze_X=Cc1K&N{j+$o$i
z&Ah$xO4~4#JC8em61Aze6}u9?Q~7Lf+ni=YFgBl!5oaFU^-`s^P{5x~X^;L{mSQJ%
zQj!wYgJhQ0DwlR^245B9-Me@1!4!^t`);La>N_;K=4NCZ)-xi#9r&JvXY%tA-s{N?
zy=fXjY;tGJ75&&1Zsz56H|7qv+^6p8?G+Y>0UV0$+TH46m|O~vjNIon)m=H##YcaM
zP9eBJBQ9#9Rx2!U+bO4t%SE?JMvkK&M#jY08XisIBiFuYs-tt3PKT4}>Z9Y|I!3y3
zLRrTUYC#T9Ok_3{n+q~o>F1kQOLbYpb_M9F%V+x8@S&Y42I#|rhA+I_O-?17zDsdu
z8HQdVJ}%;-2kcgezSF}U+oguT2;BAKsXu6Pt8Qv)YOJ?G=-6#I7gsq`F(A@%vm0{E
z%uGyXXGUuHw4_|N2Vsl`9>q<54vN!z`Xc+8P5PNAGI;7XuExR?0m-y>o=c%S(CBOG
z+U0f^K0ABQjl>(8T{Snn_mXLo-|TzdX9gv;I_o|^xnozGk&%&?pKo#wc40s%yn2f%
zi-hNQZ6oGfmxgYU!>)<E9h^-HlWju>%(lyZ{CIFO60o$wJKlBIZg@P^L+<>^S2sQ*
zQYg&>y@e81=&Ka*X0t?lk%8dF<U?nMD<Awp=F2n2b+7%#Iu18ug+tRb?d)!RqPVyH
zA4K0CLN#^2eOjBQm6Mst@Rat%`*V_AWr|G9opA||v{N_=-v<3~6{C|xvZRcTdTyW@
z-I5w$a;}fUPi)^l-j1WvVtd>|Veum+B_%cqrw*SW@2t?Rk=nwW%&=QA+r*RB$0%Za
z;%>6MC(q8VPA%CY&z?G#qh4>kE?#@@U|L{bUwN6kG~fKa=52V#)6&vXRiE%Hy;6nI
zT>Mp|pZw92y=DW+cQl$m52F>xXneRRkA4{LjLYBQy<eZ}JMQ_ETi*v{f$`<bmrF%s
zb87jYi`3Ru4_-e*3M)UyDD+UQKg>H`$u5X1$$NuoU8t84YO)V)^XU5r@+53gX|N;)
zaKmVT9anQ;oMq#B330)FxYUdo%uHaDjY%v|Il_mIle}`T=j_;pA0u*Zl^DK?<m)3E
zYGk2wyUDGJ#%R4`W-Hiq8ABQljF9+*uu0IciStWI8JVCO58!rPJ8_iy-L2zkwcY)X
zf1K&?%C1ug=i^ZMa#<@c;WTDvR}7s-O%W=4!!!#+^{x0?{mg#TLI*wn#to6l#(H{;
zbl}x?cqGraHzQNR^;={6voISZlG5af9UJnipLu4a>`-~Yc9}EvX<-R(#Z@+IM#fq3
z1t^{=I~JFdgX(>!94)|xEYOi?G|WHqX7`>wFIrn$pWI|7G2!r`!)&z#3}S5O%lEet
zhwSXqb;_DHZQ`OlehXI-EYGdEf1kbH9exQ0QVIXS5)o#HG^t(4whIi86GXX9pYKQA
z9<bf2>-nhIjMhn!&(dM|OC{jMe#}Es-)nJxaZE|7=Id9V;NWLwr#f6!Zw1Fva%i3$
zZf2?5N$y8i!5?89C6ws#<@u$1_Z}&9lEB6rl_~a#iyIgk^8FYSzVc<uOPoOZkppKt
zJFSDBZf0S*DNa`;m&1cheqnL=@X%$gxtOaaeiwIGUdYu%J~NT)QKCN*i`BLGToNXG
z#nLVMxIe29EX%k+HLVtK2^bPaW>Ik1y+&Wv6K4Km+A{*y`48;tha^5Ww!YT(PI>OM
zsb_X(#>~_4Gqxs#eurSkl<?hBpT2xeEv=fG8t=KuuIbV4THbf9o5-D1$)3?>kJx7y
zRpw`8OkQ=P@tzsVy|H_z53}Vah1V^J8-3QA)qjZa`8;iELRVfon)6_<=8)ND&bO~*
zN*+zP%ubC-NlDf0A5pipy;-Y6b3hZeFMvK?&RbSO!fkG5(p+?dt8IQq#(f9AJy&Gs
zBu~D&k~KV>34>i@3QxaU{PbNV7ky)YYZ8nZMnOqw{6KQ7l3V$_|8!B&n|IwYBrp!E
z0^`Rs!&ObF`vL$xy}Xr#7_QyC`Sl5{oVupwnXgIy`?p@sYpy$HYnSWL6!jR@(mgvZ
zbhl8P1m?5;ppMh^FGcqi?n+WK^^iXQydLFS>Q?4=Q+Y>GN3{%tV$^j7&!=+Vs0IQr
zro2?UHH+Ic-J$|R+UXe>WSc&e783(DEBkkVr@q)?xP0BOKX_o*kbU;54E0`7HB~h>
zSh;|C*&*J!?C!=+8OuVsq_1{Q%1A3h*o3jx--5U1($n|JziCK*<V)JzMwj%h(#|b~
z63)D?;$Bh`Vyve=Jv|-JOnQ7B35p6lRm@3dis69eZffdiU@-YUU%#lxP)&_3GxPYB
zEBpqTOg`xk9vw>wKYjYn?6jw{;>509W5B+2FAunV{W{!NK83ktzm250_tu?$dU|>h
zk&z+Wq;x{=2&O!Wqcm40J8GrS%)h>HHi_ru4$b2icIJ)1_f~`)zWl~koK<7@W&S<-
zwqnO}qGx8u&YUUsfjw+_%j`CO;kd3$fpw(j@W_bV>}ajL?|K2#2lq~Hwh3c6s6jTC
zF)*B<-&((`8u6*e87q?_t$w6=G&#QHx$C5%O`2ta@pxa;UCU>oyt+4D#)@`Hp9<aX
z&bs9b2hVvUnc}(8S}nk4PaZb#e;b~0_q%K<Gs#UHpX>RQ%7*jXwZDF8MEJAZWk{i>
zqWV72`lHb@>;hX*+mxosG>O{)jgvIHYPU_IS5$Pg1Q@Wzup4J&(R);T=<dm36?%m{
z{<{SQlT%a0uNZqcNBK$W7-RrZ)A=fnjFc1<TVpNg*SDxMs(kg-VuMBU-#ZAi)UhQW
zx7wln)tdPW&O#yZh?<(3s_KV3cDg4|W)AZ;KA=7l$=i@}2t#GBYwYOQcS9pieRpjh
zvg+W|(ftu{>DeB(+hp+xC85oQ{!uY;945XLei@mW00rCtK{7ZvXq0dLw4&lWc}3qf
z8#f=1QCCA>D*kO!m@mLa%(s5UD(Q6XYVqs7%ZBYH<ypKQSuFLRp7;xy6pw;4$0f7n
zZ}&XCLGtS3yqAD<ckTP&GCABaH#;51x^ItwfJRzv`qt>PyT5K0*_M8@FcuiwRn4@G
z6;^xc6~tIWK4Tw}$h1|^muzwc#w02#Dg-Peu3JYYIzcxteQ2UeJzHP0E-dq@h2O<D
zwl4t@@!|z=qv!YcHhpj1&@9~Fkfe>2J7Dmty&Q^fQh@<zChU)mh+t%9?(FJHyGC1F
zel<erA>bth2X8bpYyJB5D=>I&F0Ozo`Te=c<K&|gTidAW_Qb(`O}x~Do??Kp=iAg^
zs`s(JYA(Y1(`?TWPAx1H56(TD;v9iQ8fE9?pdB0>Y;Ac21o|3sTJJfxGsf@Uwd*N#
zQ5vLthnv#o^h)pW2w#^j|BCZqLB;Xo$NBj9sHv$L7#PlR3Q!EbQD%>fjHK-U)X`C3
zRk>M6NGR83&z?Q96K!OO3vcZUfZeAW7&XPzQ?=FeD0Pt$#kKW@)tY0`KnG)EW6VKM
z?F%^l4u@__&$11As-vsh-rL*T(UJP7zD3Z91Vy@z4y8$2QXr<?c$bZA+X=Od??vxv
zzQol|a9nGshK;vH?8}t*;te;})Avr7%|vT{d!lilY;NG7(22=ucI_uWHayhvRJrCR
zqX&b*_T!X};VjXP;E6~WT*VP#gM`~4QAi8|hqQuQoC435!<E6Rr1%UZa31jFttIk+
z6Uq^TaO0(#3Su4sL*!MIG!?TI%+LPkg7p7|*Q)0~h_XHWGkyHY`45r3dxe+he-alK
zUOWHs@3_|TKdt3|TFd{wmI>;AHWL(q`Q~#!{b`c^wFFRW384OK(!Vdw_q&u`!47`S
zvj6H#@JPphXC`>~U&!W8wKSXiKb%8;F<S=FxS(`WcoHs27vze-EY#rxQ-|9)pe+y%
z{Lqa!gay)Jv9RPq@jATnfj;q5ftg{zbzjWZ1U|Y_$wH!nfN&HVObxR*p?R^f*as*y
zpbuE$tm00xN?@)Tkcv1Am>~(G%?b~JEP=E@{&Fx>JPXqTNH$MIh<?1wYckGLfC>u;
zB|_GGTeJ&Unsj-&Ns##fc7<w}+Tj*Uj6!z9ibVOTdpN=pOy2^>VF*cGz+5^uQ2reB
zLW-6pg+&Rf1B-O9UeF`b0P8@Br_c)`m^cOc{4-Duza<Z$h!e@<XSDL8gt~u34-=6B
z0cC=juR>~t_;vR5rP>EC8-AsMR*(&gS;h!ycoq}SEaYATxW(QDpdL{bM=X@cA6#V{
zFtgEL&E4+^@R$SC9w0K%z?OwFvMtm^5aEXtQiP-Vsla@8P(ezNBKRCM_&Eb20sj#y
zcuAC$3rb=(pCAtlCi0mtI{>u{w??=E|5AaQ0FW$5h}bJI)?b+tvGxSowYIZy!4Q_@
z(EP`ry8s5ZSj7NRuuh9<+kcs{9gam?V37FLAy5K?&*w#`DGRz&jtj}{TpWlpVG%LT
zg2({+U2bj6Gm5_B(oL`+o}nHHtb;>C`KlmZ0FyX@+nZ2(*zu>@!$g_2AZZ3l5P-$3
zR%;ObQ~6lD#9G)v_==+oNe>s2Z{aI);yINlZ5RTO7GO?4fZtIzSV8zv7l=nd9SLS+
zTF6?@Pqk7%#1$@3fDFUg;nS~yq72_8ak{0IM@|qM`1Tf)H9CTs;IPYdiXAA69S~5x
zTr0#PT>$Nj#m^AABtIbn5V2T%kpW0!qA^x@*^1A*PZ$l9+s+CJtP<7|3Drh`a$)gP
zEt6nGc?TVr<Rk>MD_Sk7<~nZ%7|QEtE~vMKeGIfu%nZQTP)l+sE^R|a^RU)DeUMa3
ze^XRa&{v-Sk!V?oXs{?a7g*oQVZK}{J_8WS5;^ZZTj3Vv`O-cX99-ZQ!o60&qAsBj
zsDKE!gW3mgFaaFr3MriVZHyz7?gi5=LMsF5$i)$(u~7R^t%ijnz#v_m@yrQTQU<G~
zg1ZIb<bY4}1?FS~MnqI3cZIp&Y5BWT!QV|hlO+qcI2{Cj4q#G4C}A6DYym@sL=d6C
zG@59n_${)GxsWJgqWsQe@XYnQlfmCjJQ=JV&SfQ;>I7&Za2AAYj#da@WDxWG>4=nc
zbhLDSe@KMeS7H@Hx$T8|*uX*q#xr6exgGQaf<V)iD_Vn=q#eoyNiZOg?to#B`%Tgw
zme-S4|NV&&ZeML8jxJz^ODKOH7N0*8lua&<c0d~to%sn>&cV3?G7+l0OvEyTNdQ|F
zgISye@Gss95|!0hqA~!zCHmL4IuaudTAVzPJchCpf^5$F3nJ(cq{>pO74K%CRxUUF
z=aio>i45oYyLyL&(QkAMZsotPS5R*JMyGBF4C?Re6x`px(J53+`tR!%+QPrltu+D=
zY=2+3(1!bsZm~$5I#gO5&(^={7jgub*j$TF?rJswWTHZnh*&Rxxi#^H)tBntB^#E=
z`doynK>KqMu3AiYjl_SqVDCVlFE}=WDGCk&FljJ$jz}sVFcBtR)`0?Y1xx!E-Xq>D
z!XSw<aq=!Vfsn+G8K^=K3qBHJX}R|W!*7+^?C>SU+5e<2I|}K>1B@F2et1CtlpnrK
zR6!*F<pod&g<CG&R(}NWB3ytiio>`dSGy7Lw^wb5>Styo(%=ha-huz|5Zfv9#paPH
zS3Ah=fv}xbOU|R9RIPA)6)H%BU_t2J3XNG-QXUjNgr^qoA*fgsvF(UYi|n#WMS7y=
ziJn|A<Pi>*h($nf-c2Q{UGF3-?=<hAVdps)9Qp#&1IiKbKroQm>|lqoB{KZ+(8|2l
zcSI95+n=x|T+0F+Gje|GV$pz_B~Io`l)D{|!&sqLvkq4_yn&(MpuqrkKa}$rPPK|C
zA$HW4c@)IP+p60NybJzY>q!O4ZTMeYyTwJD7hOc)Ap~3CB^wb?4#_aUIa|1qXz7T`
zpe;}H3nuKI&xO1a__t&=mt$DJ3B><&|7t+|PdEPpi2wP%Re|`QZeIn6CqlgB!Sa+V
zC3FXc`|_HFP=UUAU2+&I=ZL@;xLmmf^wR2rz~hU)F5Zf@p666cV60SH^SH<g*y-Yv
zI5ckFq4=p9rXXAa0VaY*H~>2x%74GK9sz_4gBouhha^T7i16E$2Cy<g2*9W-q(q58
zY&6vZK1u*@@Lnbg?T93T`~=|;Vlz)f4Bim<xhJ46ekvj~4#Mv6sI`mZ&twB7Kgfjh
zhyl<n7LVDX2_rzykAMmi4GV)6gsWh&M3@B5#R|QaU3h7BVIo{|<>bO*(tFn`3jQx%
ztHys33Fv>OkJaP9ge62of2#i{zIUzu-@oNri~m}S|5~g6w-)vFKNj`1R{w7;{A<~L
z1ax!3&s<uL@4qhUYo6ruQA>DR4FW<IU0MjdonNQr<^CY)3L$8iRbU>1#0B5bf{xj;
zuE64ah+mHcd>IM;2De%{_5+8sw80>(1)W?h1u%AKL43^#d;^@IG}a}wH6Qb^>}?fr
zzbsr4>4dg}#tDT9{4^C}6c?BYKNV<T0MtafuTVt~s_%#3C&F_1@iekRKnU;B=lJ2)
zNI=P3Ay&nn=AqdIycRz}9)y(@2r1*ESm4L`fuFSzIKa<GnGk`1OYj@W`6WC@aD}A-
zDgeG6un^EHEQF|_i6aJn`b|X}Y836V;6FovK6o4kjzB}P5%8a5u85<x2viYVL~E7}
z6P(quG0Niub`}G5pmzuajKL9!0pTtj(hdWz6)0{&z5yErzr}z-4DjP3f`Z~=YP`Sh
zc9Dw9I$x+{<%Gs!SAGu%4ha9Qkr+lJMAV_d5jjBkt0Q_Ifh3~Q0uO<2G9k)9{X*?&
z5rRyXw!82Ie&l%kcb63c*tEMKG#<W-fX1Id;eRAdN$@Awiy+Duw*D%w7M8qOAn@X!
zykH<O?EI6!Js_jZSNhrqIB_eY?n@ts<B;>uETHAkJ59pf(BIJgf`Y4n>d@aDKVju-
zP!1l-A@bQFC}%GS<?Is@5fKuRfbSIn>qLo2u0c6#7yeou|8f535C6gb4F3@k5flFD
z{GZ5L{ilD=wTAz!;XiBm&l>)-hX1VLKmVQh&pfVkRQ=B|o&U9if5Z?FH2uY>IK<MQ
zR)&7?hc7Tc9ln@9rhq?~2FCeVAW)VNeqsd$r2{Pr!j*vi=mM~<od<$YI~?#FfAfS7
z2=X{P2;m_fJX*JSmIqF?;1@6V)FEB4aBgGSsPJb25mu|m*ZmB}I6HXG2SuZh&~Mg&
z!~rB8-~jKplbwHHzmT0QJ`njhKo|!ksPyo6;E!`aznkE10NMt<cxyYPgViecKtBGT
z-9$hDR=w>c66pl^m9B&VS)hS^g@8tE!cXP38kY3aq?dsv+JNS@!y*W$UJw{N!r39h
zK@_O96+<Q$0#g>FIiND<OJFzr@(V((C;`o{+|&wZ1mQ$y1i^!VPS7yX_y7{9xt~G4
zUqeO<>-iI;hKI%$&S*k>4#7JZI0AnZ<4=)O!9M|i@M9qYfB*|b4;;`+h|kJ+*8;Eo
zV*CJI0QN^O9X>EE2#Le<{_h~C|Hw=ffua5WL>4#1UziCVB3yo;^7m%+SHU@8Mo^sU
z?@x(%`~H>X!JqRX!e9So6Vkws@HeNlAZnIPM#&M5L;n{1zVhxQgt9M_>8s=N_|v~o
zgR5fm_z~(Np>y6YL`U}k`C$i2GDj$omO%7n<C^aoQlZ39@iKY<q8E&Y{udy$&IEQ_
z_A{hI1?{aYESI9UNR%r-c(4Y<Zx`?3;RXmS=y+=Wv!Egd7&L~P_t&7WvjZH|j4SEI
zg=lkpbT_^Q;KuomfiXxEp5x&LyOV}`hOz(<&|@JG4(8@xJ<J@uxN(+F-28BEk-eha
z`0fCz0c*lD-ybjGKminy4tz-k#hrsKFJBx`8Lk)|4!$SD^XF2M{{pB6PuQUVL*q|@
z>NTADmpHYv!x~8apTB;M|GHp>{-!>lAisV4eii=*Ud!;`ePZHbF!;W|ssB~4|IhK?
zRo9=`U;iii_>=fgaWP=cm#jY^4A$a5|2^0LLHu8yfd4{JFb*`?78EmJ(jfpXj|2~x
zui^f`gZoob5~2Q!XIG#`R)PCLZ0g?t`2VG){!e55N6?PQe*ogwBK-BA0rr<0)4yy3
zAE<@0v;%=*MWRptz)J!MM*55I2B1Iw;yZyu_&@%WuLB6s;6MBd0RQPP!v5-nEISt9
zMqiC+zk>bofBmare*zl6fb*}8&J%(ChwWB<E$|N}`kRj={2So@6?fBonmZSSH6VMD
zf+!?Th#-uy#Ksk;tTz5zh-ynV=R7|9%N@H?A2<vGm>Nb%&IW^aaWVsh-98acSp^px
zxE}tO-;@R`wT-oOT-NR(1KpL|!&7MS)9<|&!6N^@_aOvEgD>WJn|~oP|BD?Kj<ZG1
zzhA~J+$jiG!NKhTQxNWku>(^Bf_H&$LI~&`mTKWJq8(Zgi?ae8&PAZ-FT89ZSkyen
ze>c|iSJ8~nZSrs@{BLke1PX2eObm}sA+11VN(fkl+oIi|`4Hv;5CM7^oGCy(;wVKu
zTMz}YMz}cOKm^eRA{c%goWBT5<Xi>snwK(v4tQ}cqYvjVL8*BHE{iu@-T)M9$hi!?
z;UtbQ<Xnc?aN^?%IhP#2-;J`sI?3QchkwDR|86wM0Q_#zJNSoCAYu;_LV_d-Cr>4X
zM8v?8ry_f$#Uugt#$b>(06(mOL4WhLs{g;J691__{w)4)udvAS_&+gGu{Hny-*K(^
z|7-sLn*YD%|F8M~YySWL!LYx7D-uA!CkW2}a<pO%0r<a<06<H(g8#1vh^NJvNP@Er
zC>zL6#sc3$&OYdj0&XMd{R8v0vBhVV6NGD_koZ5T7F}rYDI7irJ;KtK`0>962te(^
z@d1d|7_{S05q|jC21_U0@?YR!R;T$d1fUQ$q7X$FEaWz?7%d2<PI5zIei=;&C4l?&
z)8JuM=r@#$qXkIi#ow&ZpyK`2lb{U*ra6OtUL5dZsN?@*?@HjBI<|gX+QL<9T&jSg
z7g~Mt3<<l%1q~rc5E7b%BG@V+xrAVn8*>v8xB9tPQ7cu%t;JfkR;){XMNz3%#kxOh
zRot~wsSEB1O4V;>?#)erAogotzu#+ff4^Fi+?hFZ&Y3gk{O8OJgLF74|H2$b$TuhG
z2t+d|TH<6nLO^I{GeT@U#R+n|k@{eop-Bft@3czjyCSloa8x*85CL3YVCA!MG=Bkw
zgU5`czJmzalEI!X-Y79pkWPq6gz|;zr?LVvj23hjE@^zhZd^v_PU=dq>BDcSk5&>V
zwJB)rp#dnE0EELcxS|+X$qp#7i9o(h=A1R$NleoXHL<C7f<l|Dp4M6?4MfrEj52*~
z)<SD0;8s?oTd<>SlN9`w#tlKo==42c8sJH(Xje6?rEwaVvB9^HFROWs&Y`0pfk6Y&
z2h?>9?%-fI-P}tLoj;^C%9=*cdd?f9f34RdGPHagS#W5$nSjZLe8OWdN76a0uuvnQ
zDN3ybfgBLmZ{9clUxT#%CZHABt;S(i`?SPNJusru4}yx!SCa-`ILk28m6KoWhJGB)
zWt(Wh+r#LNy<e{>gxB)m+Y=fj>9It^jKn_z*!{bsu6A4xVXomW%=K^kyb%9o1F_%N
zMicli{8S(R4eH~%|MgFKT==gG|8?QNF8tSp|GMzs|8M-4L0oCfw~4LXt`smA0PF++
zhPvYv|0VEr$DitBz$opjPR1AfR)q?|<S-1pNMB|t5y)`B3=5dE(K{Lv2ZjsJB-4Hy
z@C$411^<C_DGwh8gMM2^7!QBx{4iS$jbJJWx?%to!~j4s=r)5$AjC{&q#<kwQ{wa$
zj_mGJ8pdD?>nNNA{395o5b+XD)heR~^q7Ra)ENxGl7qhJvmNmcT;f0j;JuNwKsub(
z#^l~1CxF4!9X9w;xDi79phXBnp&Of;1auvE>y%HRUpfS9k;pFrF)xc30cup11}g>#
z{K=;GP}AU(4IV<TXXyYd(+G4&0bK(0iKfYk+XhA(@<M4ND+uKW)VU{AuS?UBR5oS1
zwU?y$uvMlbtN~#a4B=4*6OabWaT<DT*kjP2bSn}%n21&AK0BR08)DZ6Fsw4bpHLZK
z4HVxdL5N4wsFun|W1dV|(nzqc!@KA}W!ZR!9Vw$2t+Jt9$^JbI{yj9lc8HGVAQCN0
zwjJJM%2^15sRzXeEj5iB|GgkR$g;)}J!EfuA$rDekB8f3&{#GlZ8H9|sgy1_j)hqe
z8rR2##<`w9?Rg>oXOFplR~t>>e?cK(p$+ms`?$`3{8Jtm{^!E~ejonF1nQ1(8XLR+
z1&~0dFEsead~hLvE(Fkp0R9CtKwUuKUjPWKbAhzo3d6eXme__2I?RbcKBILS0$s!U
zvU3q1lUOL`VtYJGMd4{Gi1?7k1_xo<LTZ&s1tL)T6iiYZk_nv;M^D=~0(}js<zo)i
zsjVOYG+Ol8@SIDS5J&OYJXHplfj}R;fQ4<^aippoM=H9Ug@<Fzxa6S_lt<@<@R%zE
z5D)`1Za_3?vRWwn#iEX6=_owiOc0<<x+P0xCQvB^mZB6nh~P9La=l&TIHsb()lhx_
z+KQ_~XFs#4U@z(H3_)Mv4kL<>F+@A6gl&R_FW4qon>t`3n$76CQi!GjO5k0kL5M6U
zV0d+jo-{G2B~5f7o@NC^Bf9AuTy?etPmJl7Q(3*#S*dh|0%$hjAO4^@KC%{0x@PwS
z;2U;dfbE{6LeZ#~tqAN8Oy~l0a6{c~%8Vh15S`|VN5dD9P)!h%bxLI&PXkd}$J=l+
zHXVzwcpU*zS_>dNE!)Ocjr}&|zD&y+8)mMtIB`~S5ordR&u$$D+FNH0fpYL>K?O`r
z8VBQ6*G@aLq7EQ0%_AT}#GziS1_j_Iy_IsT=QrqvqiW!CLQeo2gonZw{OV0ntXT$~
z0ext|7lnP~*G;AWqu8LP`0%oMHDMu*d_rRtOw{NIEeVw>ouDWLzB|1F3J-!;HP@eO
zn(oj$aSqEte@GV^JI&a3nDNU|3jWpC9~Z0#4U4m0G(8$LdK&=DzSW?!$WXDp#D@ij
z2!vLx0K$py*X?t(4yK~3fY|~w8fi76AtX|n^(2LZB3246iDeLGxL!nOsQ2=tr#Axp
zjj91cB!Q_^!x;$;Je1B(ZwY{Ng;Q}r3IiP|3=R~;tIW<Qq$_}*oK_Ox*v%k;lpGB!
z33>TSSjnP0uYDt!yTGB?*op&!1hH0q;}tuTAsf%Yy4aY;nf-;`7{g2{(0!ooSd_}B
z)04Oo9eoJLp)y0K(vo-rbZ;>D1#(T$A<U?N<L|7stz$bI?dppg@1>%*#e`(~Icv88
zp+cjEJ>Vbe5`wGwPRu_Wydf6Z0yy>-cC`8gG!L#sm<`C+1I7{AG>2$Jr?-%3vBF;}
z^H(GY<NcK}Lg^62ASZr-+8!hVRpn#ATEcz+M-McUMd*PQC4B7OO)_akQ;bSak+>PH
zjgnw`G2@JXVe<gYl+D=zf5C+}Fa_0hL0&wO!cI6i)PVsZz7g;{gwKFMUdMs?yRVVh
z9b~jf5*XlGCHX_17vlep4*TzDqsj9h!W!KF4IUT%|7Scd{NIKDyYhcs`M)mo--Z6W
z(0>>D|DQtt>$GD-;cN(S-CXbAnF7q#>MZE44_EhvsI6mmCj@oVK)8pi)G7^O(5YdJ
zhpA!2XjbcBW~kK+b1OmYXTeozK$ER7*A+LyltBt@REDq#j4Z)dW-=ShyugTJpxVLG
zM1Ppghy#jEz&}X`vlf`&kaGmOMe!Z3Vnml*F<Fxoh<mXHlRZqGrAVt;P1sx*N}wUq
zbw(Z9i%n~<47`LX&|4__wRIb!*>LAH;uIYR*Tb#ZSQ~R}RBN=-h!;~*pf%YB%HRYv
z0PA!DaN9^)FdZEmo2+S|9L}5(0Ym485i`2610_^L9+_d3h**m0QCOz|zL-u=6PyNu
z@GJ+!18pHU>C8HI*?^&vKJ^obD;os%uq4s|#@nz{i=ixJW42AgP{52-5l29{h-UyL
zgc-^tkjhAiC7`TN(x}h2Wn)5Mfo)Kij@s1JZwjv55JvPH1?tsnaIJ1Mfmtb>o)96v
zqBE-XRyH3R7+o`IGQ-4bJ7*wsK^K8k4Fp2#Ag4j4@H#9sHNi|?$V;FcR!ErbNCyXw
zIr@aUG_%T_4XJ+-B89yG2;$X&qZ+_M7z+y_zOfb2AP=oAplx_D4YL}-h){#Enrj1;
z%z_Ad!G`5VPso^l5ElsXhu}ax)pAgk1j204QMUCR$T`pttr=bdq~X!(0aOTj@$ke0
zC~c?~V4fq57?}qBb(HmvBta`1JP^il1x!VODMyDEC+aXCLn|eCFDO%A1yjP;4>h78
zfQB<;#rBg;^DqZP!E?|Jn_}v91|7pjSR65gVsxB`=;UDrQlm@H=HbAS!ET}9NM-PF
zjSg0w1_Z=|8}%8M^I$&&K!GSi53lwyAuE<%hdLfTib=>D&_2T=)NWP=kY1gh=qN1R
zYBqu<=?rTyDkzf29u2@8o{>)K!LUZ_Q>0OYY#F<fLu;%m4fxg#2LWwQ;KHF@xVG_;
zp+foi7|l1hO97&LwqC(e0;r(i<%7t=lV;Q`Uaz+f11Cm|D`e5iB%xf4OB8s5T=uRc
zN*smz3Kih9FAq<WC}U)aN*uf)7fO}MxGWkMN|W&+5@{3<6Aw+0ixmo7CdVc532_o}
z6c3k3MRAEy66s((5|oq5lz5yZUZMn*DrGoqkf}-{2IZo$c(Gg*13n5PC2<mEG7pcI
zD5bE@Xi%vTPY}wL5>aBDP!2+Rd4fzK2F*udQkhgDjh2H}#PMRO5=;Y9&=f9y7kt1K
zF~Ybw)RZt0P%lUHiDU`Ma>?KrB_1P-ixSHfSfm(GCX9>|(@lX+iQ<Hkcpe@lj28|T
zqf#<ZiyXbiP?r=VMqh#Ugi=f>Qc7e}$P<xFs+5C|z;MXqO15Z{L?PzkLb*f%84@j*
zf$AYUK?%q+DF(_(#dIx@)p#9=fLGw>M1|N+OO#j`2kKHl3cweb?Pa@AT?y)qg0GG^
zpzD<0ztr<${I>x#^nYsO#rSVfpODbt`uG2Yg@n5B-#_E|FhM%F4dw+0RU1i6lpOqj
z68z7tIrum3y+_M99R8P*D4}x9*~$r7V-m$@Yx)IOd}E2k-;l>lo8&X7m#?>QkT6RB
z=@-3c_U=?zd;QsY?d;n{#a|Uq8ah;&^Glj=mQtANvts&^mXVQe*WGn}s`7$^za7}K
zddyb;K0ZFTsw->DuWUQtPkZ!m?a>_%9toFGHEkbuyL_?RuIJX8w#~+RJ`+tEKK(hj
zV9}L<Eq@`lu65rP{(OYs^9xZexm&NDp8RCZ^M!cTBhK0Xq2_Yi$L#lLmGkD*0BAs$
zzw=v)YD?p<F7-6d@-9g2&Iu@uUb$)2s#PT=&-Qo!U;%OFt5x@R&lmcQn<<a=BXR;u
z7YMdz?K<e;adkmZ?7nqdEB_(eeq)+<L80+zxVp8^TM=(gJ)HiabWWEC_wVo6v19y%
z2}5FI<qE}~J$n`oUO>#<^zo`UCyL$LMRxr_{_(a$=fsxgoXv;1%_9RiNf!@=uUXK-
z6v^ety{f&M?RE1|Hzy8G+Per_z4tqzo8j!1wFL#K2XcEfYu4=flhfbcfAC=TtXbdf
z+2dXD?S$G#_wSoy*X~O@o)I#y|NWV}Q&V$PIbFJR2@Vc^`s=Sx9$xRzv155f#hMe>
zf9y9Xd-;-p<&gt?W^$);gBF+1nzi~`daKCqFOBHj{->44xg74f$=uH;ZtU!aul`5E
zh8&UVq19@wIQD6Eb+s%u)_3ZbZ@#%!Ue0@OYe4`0%j9GCduJ_Ju%NuW{QTIP>u<RC
ziaL3->e;hr9_pRLHw?d@{`KSUrnO4{`iwrTPiW|zZUe^dp8QH?PH%OG-g`QDl?^`_
zUXeR>=~DlJznY%a-l1fl6n;^t|0czc^NVH4UDKsNweRiig6wODhpx{{ILK|DbD`?e
zl$Hr$<0KOI(xF%0;!FxWdhp=cV(Yp^i;~3ReLt>MR2*J>;>RENh68ewK8YVP<lNR#
z>LEjB7ZnwG-^>rz&b`{@l@S<*rId^huQ;y{OG-)_lKXk-{iDnKZ5Y0DNnTzjPtUcd
zZ=USEQgo{Yr!?cplEO>RCw`Ef9m;9`5yy?w{Bru&t2W-vRH+^(jqsMm%p6l&smr>s
zFvd@P*t?CfWvjlX%YzaVPtF#U^y>8N%AOgaUPm^m_jmG7>DZwIb*pUCoGyJX0!{%r
zauP<27?`??6L{+GUDLXgDN1FC=6h~v+jlx`c%n}bXzmHuoM_Ya?SycTeX^%ds<vCM
z|L~;hX1mCH_wGHYIM&Cb_2|O(%JHJ{1q<3u9yxMY_pupQzj|NW?uYh2wb^CR_UGW7
zsoc_`d&0|qPCUH4_RQ6Jmx{+$@#ahqD1HBU!E5dXJM^atljGy#v634%Zalhup<mYR
z^ZEH6r9)Fv&hDP_TJ@bvA5>q+s=j&p&aE?F@0s34vA6Z?edg;wtnv{}FRSv4DD&Po
zdKt#KHMjfG?99v?GuyqHl9FPks8+37E$kN6Vta=}(R!&HUqCL2c>3V{`Sz0gD;B&H
z+w9h+1K~489%}#6v;P|T-1>9u(>(vSUah^(adypZIiSb%f3}(;_ww-Y@bW4q4&@aW
z_vPdVs3z}D<=*eHN;#hTX|MablYPN}C@d_bDvr9BjH<bNrJ$f7H@E#J>n&5|EE0bs
zHD}+HOuw0d*D5Oqn9IMfy}ezw=7gW@jn17%Y%{;2)@Suk%}E)yKI_uXh(1Ni-0{R>
z^HJ|j8@e@D$K`E{zWS|J_UO%d`i@(!ENfAAXia(bx6daOtsH)4M?uQxOT!Fbu3zun
z*YbsQ&B%<5?~fhp-fwhazQJU=d++Lg|4xVU1J#=3i(7Pxi4&h)+&RwOCs=#5|Ja8a
znVDbi`mriw*sQ369L4%XeCq4n`qxyQ9&!5Asp&Ijj2ky@_NOhY$K2bu91MlnmG>4B
z$)=^RUwW036DavXs~zFq`k{AlI%ic^b*=Tpk(L`38Sy<&0Hqa)L~ULbjTuvOYW=X4
zD_7P&s_f$7QS;!~z!@`U0MW_v2ubeS72~RJgVJ$kvpF^vQ}cX$t{m-mXUkCD{<+>=
z28`XZJ9VqH`J~u)5=i`KQDkJKUVm$Guy*vVvg4;t<>lx1%0G5|<*FfzjL|WJ{i-=t
zqurWu%)gE~AZmM|J-489$E0JQ)h2(mxsd<f){ho1UOa#Prje)loS7ef=oy%{_u7%A
zo@yT-ABjX#TYcxXbDcaR#@AflJ;lG%>@#{kkJq)|=v#nifW}9++%fFNi8V4={*;bE
zy|gt2!YQAOyS;5%tIlV`0y(>8y)h%aC^g61GiC;Pd07YFlc&N8ld0yMsl8TBzpWLf
z^}K%lx~HdSL`1}^Q+#^&UMKrBqFuXoEnaP1Rz!9$eY<bpvzLHI-@XtS7zj)zk#pTr
zyh1d?tM#j~*MZTlt~{4CbZE^9*}%ZkZeuPt69@#qNJh@{KG(W!+j;ZmRdjXRy>Mat
zp+$EB7Pky64w&?4aAxM&Jid1iNtx02LeE$H%&j7SxqD^Lv}w}>J0Iq5*dXBOFO^KV
zS~_RNiWT$c&ks&NT((IK3S}ylN+1Y=06}wM@oUSa)eld|Dz07gno}zIxTjbwUVBWo
zCS+sf&9B-HH(cSa3E{Xse)|3VAEr-_&S^7uc2RKt@$&NbjvQFqEsQrcQ1wN|3}dQr
zbV>y0y<&@>kI(MYr<3xC(z3$juXA&AOP<{5{qcd2iNDsAOsJg*hBN2x<tc5U0W$fI
zytZs)$P!?@-8=N$yLWHd8B@ori+I877S0-&yn1t7;`7SSbcb(G<sSPaT;aYepyaC~
zgWZ~MEH78~d;MCmTS4xE#hXo>U8heMm6UW-`u@AJ=+f|E!+PJ1ATREysTsrJZeAUf
zUFD?>;|@F+^f6JI&pp{p&65mW=_7sqmb*HqUHik_!gs&?cZ>ePv%j3vsYj1FlNXL?
z`x!TqQ@CZz@ll-jwZhCzOStmk!%Gb3z8QCCXCE9-E!(I98us|{<58nVZRV+So<4p0
z+Us5OmoJ|HtN^gH(PHs7uP<gD!(%;52f4kQxB9?ai}J$q7KV1}+-1XX!}|3GgW+E(
zypEhLDQN*2lP9-+`Xsxp$K~$bZg**SMH`U8&D3uHE@FL|V8E8$i{s2Q4E<aFFMDqS
z5B2{2kB_CYlt?5hLxha6?-3%&nl;KY7>pRq43fkxl~7uwL<*Hqgea{@S`-yZA(f<v
zB3f+yU+?#OW(-m8z1{o!fA7cp@%h}$`~6zZYdf!V&g;CMryx;d%hOq&D3KEvFMb6Z
zOh`z`2EaJ;-S2?;X=!PB?dz);&tqXl&eyk~{9l%BkBErax7e`j`PFr7eS0c!hQ_jb
z0wR<?@5+6PPtKn&ek<-!Yul5AL#k`Mnf5wXim~a4>I(_B3(cFS=577;VgO4;>@GI0
z&!rcea!S;{lv}f-o<Bd*B^q()(1Dzs7*yF{5@>%*-10qw%HD78fzC+GwmrM4Ju{>0
z`uE|&4Nr#qa>K#4=N1blm{#wD6)Seke0nuB81&cr^~q`d4XKM-f{gtF@&Y;@UolO>
zF3@s#R$I%e!xZ&(#j0(2kNIB3lhe+h&pF@Qel4sRRetN1s*KF$uEz3WGOy@jmhyKm
zDqLf^UnMi?SX)Qjf7Kj_Ef<(kvStm_3v^}R(aXDZRaI55_dQ+*b|_)(&1!9p?h0YU
z-`eWx>aGLI00%e*C_Z}BS59DM+@giT!p>G!1*F!yfV=G2zMcJ*)PRoHE`i0_2fG^W
z&w1Rxb8O2}xx^z(auL(rL}Trjw%FZ5?_rANaZ8rxaGB<!ar8@V=C%aPeEAKw$+pG<
zEqa&$_tp9L#MnPPca(Fh$Pnnbgqg<fV>IXPoe&Le?NugMgxJs;mniQnH*M;NwrKZ7
zM*A`Rm3I$H199ot##ijPtwbX6b9Xnv%j+vxmtb;j{BZTlu&bVal;w0(<clJe4V(HC
zzdY9@z0{LJq298IpvrF5&O%?Yj<-Z9qRMY>mvz>Dv(J#&{rT}yH&h*wdu7y)=`}A(
zrI#)}!Y%5!g0CV<p6u|fB;D{BrT12#15bgX3aSJ!qO|n%ZCkgN|8eG_7e%9~80>8+
zTGD3@OWU4N^M6tDFx_zH%=rp_&zDW>D+`h|I!wMsY<f4)HK3w3w93>}x?&Tqwlz60
zeOOw9RVUJm`%&#<!3%!NzqB4|3)_5NN-A}KB;LMWH~c9_JV{p8bj_NfJh$zUZ_8Vb
zhRIYMCfE3FQ4HyQ%VtQnXbXyPRkhowTJaU?AQ_pkm)qy{Zqhm#&rJg23y?Gq+_83Y
z8ZP6Mt$p(3P(s3v9XqB^n<i!Ef`5p2pS%1^W7U~6#%x9c9jwRRshqidlT$BBp0h1s
z9dXyUfo4y$WPy{htJk3AR!*B1cw=X-H<AByn_1#EwTi>?9mjS5$S~9D?8pvmWIFnQ
zCB86Dp15H{Wo4x_7V8l!1GX3Lp03LuoQg@?xm}e6zr26SJ7*55TI&m-#Q72>6L5Sm
z-PfF(-AS}*e7t1&Q19pNmgQA<FPTKC>N%`_H>*?|g|1LLIag#C_c2A!XbDq?0?NBM
z85w@PXBW0|^SCG8teAdnxPNYh?e0@n-n<u59fm8NJ^K5L6fflnmvJ<xhYt_#m?b3O
zmX85DcJ)zBpq;z~-E_OMl5^%vCBfZbnZ;@MpT<=BT_5_)GJBbv*8{YD!oh9U35hFL
z>{%q^c;2h!X3WXRjRDyAAFlG%FAid{cs7TZw}{v@*xfRNBgACp+V|T+KQw)83YJh3
zT%LV!)4ADddaL%It9$mfr}6?QwKKjbyT(x>LM?EExA*h#??ZPENW=**zm}ILzj(15
z*m8m!18&_*RE&v<sl0nP^5HC0k<U|0YwO<k1=U;cp1mt@NbHJtU0!SD1<Si^57*q)
zD9#OyoQ{g(Hp!eX(p#lj;JgusIcdVShS`9h^J-hltcIea`^B7Zerolp?{s9cSiSDp
zChtcxgzp7yA2Q?CdAL#4_nEbgO(9rRHv@qPSqzvE*5SOQvN9j4Dp{Qjm{d_w(WOh5
z#Elc8ZrBHSvy|k954A`fTOd|mqTU4-j7922ch>M*0*lL~e8YMl25flTXt3(?a?6=1
z<l(#0q0hsDm!k|<N$lZJuAVysb26TMU}buE$63vk@GY?=*QA>+^O~40^HCDqeqj}N
zgrx@M?E|nAEYjY*matN4cU08IH;JBe-^b{lFT6v3bLRW&1K~#dXP;C(-06?v?p}sM
zm8fMTTcP&I?-vt2voKbEweJ4S+TWMCy}8$WY6+*vTKntCH=2io22xj;n;qt^RzKM4
zvD!4bGEKVbY<$rjl46C|^DDJA8OOE^f0N&OusCls<;b*!+M734CddFmz!D6|_JhXh
z58pRj_yBef*()EnI+WO%ZRW9bQ9APG-nX6ysWJOsFRoPG-^rGO#_aGwaUJjbtg<o0
zD8A>^l7c#K=Dkcx0vl4pa3V%!`Hjg5DqaJh4Z;Ql%jcGFn#Xqk?$YlscXB2siW?a8
zt#)|~mJqMR%KOKT%@uC8^EzZ^a|Ju6q$uH?p>UWrV6_{&UBzqLu6}tAX2<1ERhoR;
zB<p7;yOx`pCL}68!F%wp+J6C4BUJp+_l8%USFhEn^7~1Lz{a$8<Hci#4(+gf{J`aI
zbuMU1PjGW9|J?Y+Vj?H-vCI)-Jod!-%1bwW=`v(t?sXMK9p|^<(X*BI-Ee@1Sypy;
zr|~(5?WQMNBwMO@bb9L^KQ6-E*zx}Tdmwk5J9qB=dmp{q`S?ox<O7>JV`ke*CuwPh
zRi~^s>M4F%e+#A1)>F29@$ko;M!R<D?h#n?@$1l+w(x-lt?k?SA~)_*w0+=G7Wvij
z@}h_DqPTaKco64^t&vRKY{XU}p!P-bO%*#+?WLS&CVo2`!2{F=z_D)MzMW~65&c5B
z6<>62ff<|A`L_eTz3Hlp1_azHFicE4s<qe2`8lQevr8`1CrDhAV2$~Bz%%9P@Vkt}
zNCC-dLbHy1xa{|O`S)TAnR`)e!UoP({VUjPY;0QJyfHg0_Xqc*mt6j?vjTgoGaqJs
zMNOZ*XaO&8dYyM&>aq6l?eZPFRk?aOKJ%2t+TSP}4C>nK^Y+28tu!C$YQBrjr)iPr
zEG#G*`9YnHr%y*T4-scnOs~*M$Q1kLQ}4eFoAcq=u#%0*UF;+4cP1}@HsTAW8V-kJ
zXJ=p7g_0;jcgH^Tx>r@j#l>aIe7J6pMr<CYGW`2MGrI^7hR-SbF0F4a>U_0dTuA<L
z!%T10uG(oX+S*4z{}~&x=Q(8hANZpn3fp?UOhBU2r|0$CHy-MWipRKdf=sc2Gq~0-
zP{C}zy?0n|cW~$NH(~v~nc3NzV37kEzLrAbs3*)rSy)=`Pe~aDD#ik>P1YL=OO|Yk
zo}OWTOhs^aS>vgD_lvkMioJ}Eesj`Tl?h#?xk0bksYHNj?ep;P&rv)$eoj7-mM)%D
z)>59W^WFTeYq<@6Ra@Pluf)-YLTmNazIo-EE{0S6Jf}PQT}_6at*r+huWOh{#GXwp
zEiILjk}51LT>gEKY-`IeA|@uL-+6PWJv$c&YJhQ{s(&)~SybX+yPZ(nA{nuA|81>d
zvGQ)Gq^#zE+WAl3lb>^9g<w>=v{YvEv%(Cuc>(^(+?kn~dFLK{En&G48T`!VLNZxc
z_*j2`|FdV$UcYuP?6|X-S@KN9ty|C*2b3In!QDU!)7&zshU)#$?3`Vfq8-)`7XEDQ
zug9Ho?RGn@8d|^q;}hp&12xCCh?d7Z5<1htvH77*c2{&vhqT4JkX8H2^rTw%?PKz+
zwspK{v2xXA-(>F2?VKkcKGeOjbLX17M;A(5FSjYLsNkBfP`*c1EhIfuYSp`(q9WS|
zIvF)hTLwCB#R<nnM_&SZ@4`dN^-iaj#vkb~ZLREMBV2M{@j=67W~@Cg@3!g`$5Rg}
zm`Js0sVj`;48Ppj`0Z1T{A0xm-<-|rqGjJ}Gx55*PO$+mDdcD^!$%sz=W1+Rl4jbv
zr<9bGOylGq{1W~>7%2Wg^8`E560_vfM9gzZu7=>}>XdIJK9Ofav0)7xU*9>9t}K|g
z_Tc3QaonnYR|8#iB81(n&-hfSi#&VuC>y-t_6gV#bTKG?s7|EBZ2EgA9;+Gc5x%Om
zwY5N1nz>M;w(29gH$E+GM|`}^%Jh?VmU8U6@kKfI<mOj5Ger}#H?Ue1nK?X@xD_|g
zv4i)`^XIPt>058A6PY#NXVyJ36Kbhl!x`<sJ$LSjWEuanA6Zb+whL4Qli2p<NW>nm
zM5pbW!PRRQcYOo;6fe)q86~xxN4Ot7derkgH1P$d-nLI|1sfk9pKtv+-4nWM)8hCu
z9fT_cV&oK+Gk7bV_xs!1x3nEQ#{8f!;i&xyv$uVsvhOu6Go$1Ll%C{>y)>x{`_`J6
zmNwm}tmqzR8`|j6E?$Y%#>S=Fm$mOfMVk<U<1=f_-Y0y&6qwQ8A;h+CljxB~UT&sk
z{4q1H*Z1dgnk;#W6EBQ8aV#uhT8`=;Ymf85&(o(*bNW9lNDAUj#u(MRraEs4nXYqV
zZEna#eYtH>Wsx1md*`(Q+7_dVG`;4#p`P`1R2LQ6Z%=vIYw)V_>({S9Lf;nix@Ql&
zi%OD^P*ZhAlXUN=>g{dScA_Ub&$h~*V?jxn+pagC7p=2qU4w&##SESI9_8vTXNoDA
zfX_3ZyR#+7<>QM|+w8*B)Y5mkSoY)oDapynvzHG($nn^=!VMMScm4kK<D!)X5^EZn
zx=<&E24od08qb(k_y4ijaJBb_-2%pY!q}dEZ15wm?>qjnEh;LiwenERpr_&6jWgC4
zlWqc4_C!Fj_hO@qnRl*)emVKPbvdd;z;G40YyG!BSnNv9#=qk5>6wNq>F@LO73B`z
z%o7n*ol@4{uM#l#GP7P(smt4Ffu#<I4jwdExpJ#1pZ|iK!>_wr@F!0OvJp02J|A~j
zjL$Vqz@+W!7L)xS6BQ3OhaF;hu}n3NT(UMR%Ug|fVy=(bG*vC>`hpFQnV60wB>{;_
zU+wyaKo*qChv#~zZyJh5msq&n7Kq$<eD-Pc<^wX!Tt}ZxPd3%hD@CEM^tThU>s~KW
zHMiLG;khx9n~lpTG3Wsk=YG7py1IR>bU<B<&L$6!T`jmeW3*_{34CSIo3<z3O6A@s
zy*m;<dHU2}a7Yw;soK2koSWgEP%CWPf`|p$>(kJs20|{et*x!Q&WM<^qx~0hbANoW
zV)m}3Tv#WRKsu0DlaswsUtTSrfifz4HM^xF`eHC=Sr(?QR_T7?0jKpobCoQT&vS{I
z4us<q*W4|1$lui0{r$`LAe@i?F#!zMU}NKv_ICc*eMy;%BUOCr_a-HAawRXg+<CPn
zKjhVuva(Crc1cW)to|25Gu?~r2jxBTZeIG#HcP-wpabi4W|3;wffYNWx0|m#zV>Yn
zbEHs{_sOzdk@B1R>a;2oe9PBLCz})7xY%Cq*paYxtAl^oBeo=cFE6jaK;_e}e5|Xm
zmx8(u1#7UO)WWY#FIgS++Cg+BN=fcP+smD|<SVXTIROe+RNx5hc|gq2wNDIqbVAu&
zOS!A?36Yb%JFljl$Gf?lE%jLVwZWds%jPK<>t#I)qsan`SD$UGeiAFB`d~<(nT6$O
z7IPK*aY13yhq~9DA(?@wd!~zK1Lcf=&Z|$u1Bz#DvmWlf@LVH)-#)`AGlAWqd#1Ay
z)Y_!&y1oy7I`HYutQ1w*fUh6-zHkvfx<{@eDM{v#tm<Hgv)#2}je+_+JrugU;gi3O
ze5>)H_L4p>?&i>t5Wcx{)m$GnaiJnuW^e%pzEWSmUi@*rvh-5#k7DIfpFYoZ-o1lj
z_uP1=<g4U>J#5`XZ-tBuVI%Y9Sr0e%b+q})t%~j5F`XP1rWi3l!sX1)&&=4A_!f)3
zG11Y2CEH8w?Mt`Kn9XmPX^2^cI!UQc(Q<Nf0=yz;ue6h${nPg^H;J$sTZSHfGfM;&
z^~ajkOmZSlqU4KLt~@WQ;6d#Z6AlodsBF}UjIy>>*(P*sUPbb!+qYMVtJ^i@voOEy
z+r$&yp>Uo@1a&%BRekLlqKZWthXEnmc}bP}>3SEtEZy2CNhs81Zm-%>>!8+)C07@r
zv;4dZ9aMcI2OAoF-gTnF&G+F~tiF8Hl(lfz@@Z}<!4hjNjAIPMcsD*C7WBWsg5ftd
zHjZ(dWv1y8yY8%3@ZMpCjisd}Z<K-$3J3TqzPU6jHJ)r{pncA=cQ?1FLa~;U<!x_#
zY=GTH%Z?lEeykT8n5J)g`EsW)7dtzXe_MmqJzcHL>133cUJt%F@sX|g$ufJzr;pFv
zf4n1GknNNScu6jB%AGZ9R#X(*O!jV7f%D1hpqI}w+jY8T={DL*edx%&4g{B=D3ZjE
zXhH2g`UNbp`{oSRu2ACcM(5=X35O{eB-n?AHQYUTYr$?-Hj%2cH+C2_20Q0t3VM1f
z;+AWtdf#Bue;%~K%j-e-klo#d!Q~Y<`})2-!Nuz5=;-P;<v1SF9>8Sh=X1HuUUB#0
zoG)*qQEaIR2?<siW~Rrq7v^ZOXjqh&7r(USX<-vNo6viDHp)#ubHTiMUmKduP!V8b
ztjmtm6!bJGz}?vD9NMXZQX`-0X^D%=mW$$Mt}rn^v?sjn=zMK$hs#FazP&3e+bm%g
z+kfAW7&h2#+8iD}-R)|qAlr>XTVsv6?P_gc&aCFCajtlu<=hZ|u1S?^sA%@kbT!=E
z*qFKOs#bi$IX2z;t!6c!s?EQ?P1o$(WVF_3-MX^|2D83>E9B!deT6Pud-~Y1t|Y&%
z%bi8Kv58tQ3>vG=cUl|yo0Yoe`B&BD9c2bBYTTTDM5evr392OY(v~avl{e>iaBO+n
zG{-jl&S7PR{O`iw)wYw(*t~s|t`GNL+bu-i;O!vQs<Cj_o~}>t3(^l^=Hv1#&L&*x
zx$6rieRPK7bxzb;m*dZ8MYEnif8Hf_p}}1)k9=a22G5*!hwAAlw%K1Uvs;=rF;%dY
zY#Qjy)7HLJq%vQG@_nc|XZ<%T1A}c(F_j9w1o^f%30mFdb|0>X>t~Cj<XrU+=jO)A
zV5(+){OG@Y8lTxiHdJ?axA7rto!5Km#}t=Y%7VLrfbgOWla+j_=m_@e?l*hT;^K2r
zSFR`lf%$o{qTzmKpM%GEP)qb@9RJ?7+&rdY%N7k`VVMZcAPFDcG_Kv1%T`6IwN2k9
zqNY~gZFgu>#M_+k@56c|QZBp1lF!r7s#$k+>>~1lJj0A*rlGhNE@kH4q%%;#=dlLW
z_-twDwIl<P<K^XOJ4sS(=lKmUENAk~W@TlKI?VrM2Nx@fon5ym`AZUIo_`gSQuCJ3
z_69$56iQD}kAhl|`gy-@vSJlJ;?3#PtU^W_DV%OIbvzeGTux{o6pfoJ|4>p%X|9`z
zRNz$>6iRe43-}*O!~M`zHc=j@+=pM^_HAJ!NcyIqw@FwhpvWZW>>TFf^O4uw#PMoB
z);v@nrL$OcFfDx`VnePNO0GgsNNAd1r&{srOTnzDJ9qB93Yw-W$bZr#<G_yDv!yU+
z%GZ+9-`{g&s?trsgRQf*Rde&kMwtt&5@M_dhBNf_zfPMmz&b62P^cfUBCtNmLetVx
zPydcY1}nE?-IFKbA4_K#Ct%n)ISV?jY&#MV$&KSAZHPvp4l7Bu4}381Q`ymkGGrqY
z`??=q9qg&SB`myXQCEfsTXdJbP2HTiuf>g0-s4$I!17?8C%QM^J3A{&@}#Ir<>H;O
z3+o*V-Bj5k)leqM0=xGPpVFEhc~BH{&#$e@a3@!%>={+I)FPD)_V!i;LJN?!=gB_q
zYIfF_(%eL0-{|rzEuP6s!hFw;prF^Q&9|ndr5!(xZe7G3$MyiX<>XoW(A~MIE4Eo#
zt;o+`opbqGQ{PsH@0KFWsISiogJ&;%*6hB&Z<EyG^shH&$9Z}r#3!gYob^D>cXNqd
zB4HSEJ6xb(=0ZV@%^M}pKQRh;Hj_oi$tmSyg_;JxCYSjIhqIp5DZT_kK#k?cq03#X
zS@$+=+;N$+@x&FTj}I*TF8dj@zQ}V+_pFL7SbN$@cBs>D=dHN!AG34!I9^-tR%jWi
z6uHr8|Lh2-xtluKSS8L?B_4>7C$&80_i-zUU;--73m@I!L4}x`J$+A{Id|q~OY%MJ
z9Q?LT{7&V&rbSK6?W&pwi<#6={Kk*CI8l^)huKgMyp2LaYJ`W+3F+(?^NSRV_}ueH
zz6sOC7pE8gv8v{Q>{>b2^|EZ!n!Y>_^>cL<ZR_0LuAz$xXfQM}xwoBj-ugW^ZIcw$
z)i<`+dZA(@n4;N4P-n^s#or1tS6z>AlAS*@s4MRCYV6R!fO*P-miW!3rP{Bo)~s=~
zI>6^<q`yIGme?-T+Wq_c%Vas?g*tC7BUoB{dmnb|-u1c5`eat!ytMk@R;EJS?Y$z?
zrcJZWuG?L=?&HwS7{jG3{>>6?wh<oo#5H<_>xTlc^$wSLtP|}0&zXCBvqczXi>EP1
zit*^l=~NoaHt~ZQm1WeRYjwb2GaGw%owt13`u*{@_KEStoK#o4_yKUZrXuag1Du+2
zHr<J`PRp3rv$`~#^e--5H^Xx89Lv0rPj6!8$wqgaNM58`hSm-yK6;S)vaQO-<xF7U
z+?XMG*YXJGA@57MxmAP*g}YC?$gNsFys^7%`%+Zq#d=9^BC5oBSb_ZPeDtX$>1>^^
zl1W^Z38p|F>0XT!R@Oj$d|Gf2<&yW{@Zl11<BH86OPwmt$BMkHX<6{-k!wxOhdps0
zr0**7Y?V)7x|iJHo1!do*rfu)&Yt?EQIT~S+XoBdxRfKJwdTwb*ROw1Gl+@jcC?eh
zClZvt7PnPkod##=X`n*)#ee$TCtB%qH~ui8W_t0Oka(YW*>>x&>m~PzeYkQZD>n9(
z(Sfx49_lhOgRk#o*q%|_f6zvx(&xc(?HHhuAC_lBJ<eUO>FZ$PbvpNz3U}UM=ohD@
zlBaj??%YuLh)=ppKucpV$&Zwkb)?Wi!OP-BWAUy6&s*;(mSJH@PO|U%R%IMW*|KSH
z;Da!MkSDNvNyB=zio=%Qo_gNm$k>`~vR34yPxG}V7dexZW%frOZkg4-><(|xv3FSx
zc=Q6n^p#;7KcA^*?Ns8{Yj{zLQ&+D%zPP4%A=9F;-kpIRd%Oy@`HdTH?_>GWIdCv8
z&emtzWmluf7hv1(t`J(@)++O*=TVBbqx$Br-lZP$D`OKqsu$%4c7*RD-A-$dUAtzr
z*`qrL_<+tdbfFo$VA;j%Pcd$>N`gI&WKG*M^|E)d=t%VoVoN?R4<RL%qSf!0+g<bV
z^$q)UU-iSqmOb4qw=RoDWYpEv<y~supuSM`4_o6cUoPL_<lp@6qnfvG;i6?5Z;~&_
zyWMMccD8>yGXkH8JEIx!>TbN$v7r{>PdjFD+UhGjcUsvv*tT4F^FZfS5s^RU&p#Q~
z|F$~i?4=;B_6xq1De`VjhQdvJyy=Y`<p#ABQ`1Ty>pTzp;$j>V(D}?Ne4t_G$)(Z$
z7oTlp^EY!256droLHf3MUBF94&nhpaBl{K`ZtZw6Z1yCUTp%=;;u70-&#1XbW+%77
zQk$&;m;8m9nMzjcu(){`?O$RRdsInEK|w($T|`;=Y=)VQPeV{%R@O>ud**Y|PnjgY
zy;>!8BJD{>hG~q@@+~g<k-~bX^Yh=;=k+vQ=4|iikW)c{8A@(j(i~`)R*F7&P&uss
z-JMTu(meaQ^<oQ6lM=qxn8!sg2=T8tP<*!J(>lMa2M-_ivRjib&1$jN$<lHwx1}iG
z(QE78w|;8N-6PnCGmi1O;ix(5k_(p4-KM~$O1;ekB_3sEqMIG*DeV`)_JJoZrf1i^
zC9E9Und173%Sb$W$w~2hH=)k%w(-BZXrX$~Yncm?l65+cXKVZW`};bc$gVwy785Jy
zy98KTUe1$TXJ<#pp}|kp(&p-c3u8$3AFd^Rdli#pee-V4Ezis?2`uQ73&iS+(q+^#
zS|s=HS>)$;+{B`su<KPo`0%G>JLjV=b{FsQ&59g)Ds{`Yq{edEs~hJDHCb6%`2_`z
z+flnd80@Q>=OmyS`q{#sKQHjfJNcDC$D~?C8}z=t=+<&xsQvu8&bNa=(%RSh_+8D6
z>;3Jl0WY^%C1)L!&Di8Oj~!LC%^?2a9MzU$TkPJn6<d1lT=|1#n`EEZ#g<dkM1mdk
zRtyZb2nS0mQXX|ZQ+%|7*zoSr&6*7J-0W=Lo3qzH-LBSFrq9R!CMo5bMY>4QqnPhO
zO5AFAf%M+q&>394^G-%NZtrA^R8m%!YF(qDv^01RD*01MNr`7l$jbGsZz`;+)#pj2
z@h;KNaSWXuVITkH>xDGkP|3w@Z_KreL)&Ww)`UF_+k5<}k5i#{-JJsxr3Efe&Ca1)
zZ<dypu8!Duq(i;vkQk=2_vKE%ZynAb($1SUzUuMQW8sPrV_);E=S@<<qVQ!lVxK9u
z`-3~5;R_uO95_&_n3!9Gxh-E)Q}yx07G_lW_PMfGmAc}>lMM(lVyWRXoND)k*%QBY
z`gvaa{ERh~TwEHfMgnRW7g%xCT3-ZaPFGdIDpO8o9VQJ%H+VWGN|xgyxJ6m-D1;96
z?fU*{dGH;QbVb^UPo~B!d$^adx)=A&4nI6pA!Ido_Y<v8OcA?<RJnvyFzV{|j>LK`
zium#MYd9aDU6)bwuIu{uEv;cWwR-!cMT}k_FwalfOj_J_nA^0vn3ywTK!CUEY;uiF
zc9&C;kM+*_83)rGtgYvAL(hwqpYpeLWM!)cy{~V%73Yb^vpe1(2;tvGx?~^J?k<m7
zsJW#sBQE8UiqRaigGuhvQTkiT)+XiV5<4Cn9+DBl7h0;;+ZAkixMb<lyUoqbH%{|2
zIf_JZljgetftdW}-qUlq6$C=2Wm&_lSz_$#&QdC3btTM}DSKO=$Efl$tL}_0k>~fx
zP#4F)*u{H2MNz`(_A=tR4_@=FLa$wNp6#zM?dH?-`VLTHpXcK_FE$0-U2C9T{q}7{
zZ0s%Pkk+8pXJZrDMa(wzGz!!%W{u>oz{EQw$R6AD`u6^d7q98PVM2YWH)K;*QL(kN
zlm6Z(cjWcFdlZ?>Ra#r$yzz*+IY&U?v<i3e@?1%L+FjR`E4vSv4<A127`b<m+pat_
z{4K}j?FKxn63JGsuS(*ykGKUNTDMbB7Ins<aCJrvPziWbJ`EAksEhU6R<C#7sbn!I
z<56(MyRKXHd42N(i}3W@{<GSL1_zx(eP5BQck?X5w)V?iD2?bWFf%u=uC5Lr{?<0o
z`>sanaq}!z|J5wFX6JnJ&MCfAkd^iAXfRj!V0YfBC5t2Y-Dc@MXu_T9^f0UXLtZ-K
zW<!JDo&9TauPB&xJI@h)bYHXN+SkCL{yuee_3CAxOuW2K*I06CnW2=Uc#@ZgYpbdT
z4-bBGQJfLvRnVGs*++Wm5$$2M4fl_n>FLQvp^o$I%RGAN=HokJJoR18sVIIF8#}wh
z6}7%Q5{5f=4ipzZeEjY(6H3Ir(Bb-EPh|t~vJB|Yuy6xe-s7iFzr8Vgxrv$Cmba-p
zm(4$r-&niWi;(BjkZ_&Y^loTC_Ck>g6Dnf5j-~&J*Tt9hE~s(xwKLy-HJ!MvG`KAC
zwBe%S)+$Y2{e%;Gp*NSm=lBr4H~pUR*&)iTfhHpqo?vZjo8xp<LrDoNR^iWJPQCUb
ziEZ0>;>s1mlbo$bH8~X&jaM5Bp~_`k%2r4X=e(<bqv=+(JoPQ%Mj3O(ZXr3c$NSj%
zc|1Iwx(}bEUE9Xo_<}q2{T)JZIy;(wTE)fGR9s(sU1nw`*qN-QTT}G)BrEw-o%Qzt
z$=%7x*Vgvi(*m2~Vmo7Fq3rB+M~+}@v-u)2uUuQ3zHjs9^FsrnhWcN{#rwdz+*lrU
z?!*c7Hr;gol4YK1D&g}NM_OB3#~(bndx5&;?(^96Yf0=bhAeB`^%^nLi-uAq?=3Q0
zw`+0!C$vJv?v)1~dZ`GSE;)c%YU8D}HuuorP~Vm<mm*MCn;!88f7!LpO0&@8pjpqS
zPs@jTYjn3wmvOpsal;(XI9?r7mcFbHJt;QLb>daHm+b*$&2$ZuRgJxA$tAagzS((Z
zxD`5l>1?>*c59E6)v0@liftMpdlqgKocCHpa)-U<rQzNhb0D*)_1Nxwv@h$zXYEpc
zrqdMZpdIOVp6pm?@%D8+Zl}Nn-gHh5j?W*Ozt_9P?GlQ4(QoEBz!dy}%U?ry^*hgF
zVF`y0sX`80yh|wdt{rPEx-V?#G2+q7$6P2Z{MO%p>Hgey(OwKwEw3hEHE-@Gu`n}3
zY^$%y@4;EltjcZH#)+}=1y6nC1ZsuS*10b-eCxsgn&PS#y~^0wc=hUM=LuFDHe~lm
z*I(gWbx`U_`U(<<x0QphZ|5n~B$FjI`S?nmo4w28(HcYTLg!eLQ%d$U7VS(poFwA7
zjV&@OI~(*sFkmDfKYp|?@VHq~@tL)v^SEbl#HQXLyKNkp1?r^NU?CQG+!s{yKYsMm
zgU$nXEso`9q&A%qsC#*1r>x_pUZ~}iG@*ipp_^x@9lf4^4{-OO&S!z&dRm8v2I2&j
zm&(YPX4GWPKeTnp+d1+JGEWyJ0@{w6Wz4K_SK!f865RcYe3eP_MFmgEtRO&>qN1WK
z7)HuFOU*+mR{5FTUn@;=Y}9JwvTwRZ?tSQW53q>4cR|9?&rdx&9|ijfNW8~0*RwA|
zp(_<c^dFuC1em2PON@`7%g_I&tu5pD>`UcG;|;C?Eg?2`rn7VN+qZ84@e*QUQI)#O
z^3uMr_I{oJf}?h65_+3sm`Th{5}>`nvzk<;EO@`Mn7or~VV2y<q9T>pyp`zz@p!y_
zPHwKBkB^U+m!ynL=aby#ivcZjlb48#--I7_+w{+9r`fq38jCjVo0h42UsR{CV%@rR
z($dnLoSeM8yxT=(*gifq6h3(HAbZ!#*49GzJ9A`ZW%B};E?uhq^#u!V*CX#ju=-X<
zC-n2RSI!Sz!&z+4c6_>Bm08~*P(fc`AAihE??TbYm3tOsp7DygX=!EE($Ue;+IsR@
zT@%)yiO4*Sn`p*dQmAB6e?f?4!FuDY&&5x<UMJOj6*>N-3iahhymGc~nAAQ8Yn$*)
z?QB1@_cu&0vkZUGkzN07K-l8O_Ze3$Lye9HYg(gFsAUv`wG=l5>IsE5@`a*zc;bn8
zI%J@snGM<yid%~SQlKT>@j(PPyp})FmxK$J;^>dz{{*?n8yT4C=jgd?{eS1A{|`Pt
zz5l^*?f>u8@eBMPRV5{bvG_kKic|PM|H?Ck|1*XEGll;@g#`4!f&@gJnl$X6Uj}rT
z0sxu<0Ga{-`o9GKKN@Uy^qPe#7`<-)191S*lR@$4prZKy&6ok$@c@Ql*dYi<gNO$`
zM)U+d=IP_-it|AS;Yb9WD?}6yO@aP^qm1I+Iq2~jkzE&w02%B>aPvZY`T4j*eLpIo
zB@$wihz}m=PdYOkDGQq4^r)CL?#PIDLm<-vBSL*fA%R)oM*<?F8=eq^XRMS%asv_U
zpb+>H9Do2ceFR1v{Gcb4;usb26KNiV2K-}8RfagFRDyJgKPh>HEHGqv2vW)u#*v}J
zp^OR!OWnxGcpne?uBJf`rApr`M%F50E;ugbIN4xH5&1S=HfnpuWTZ!pg(J<vwY&ci
z-;!Z{GH!{;`efV|#{=;~Fk;}5`C)lMaxj7Df%Ok`lOYlOu&yN8EhIlzJc;5b>re1e
zkOi{2KLt;cSH}9gdx&a-Rk#77))!101PhQMtOJbG1WJeDs3|n8CeSJx*?4zREQck8
z(g8L1PsMX!+)=?~^dNW!l4wFH1DyY;PY8w=9+@66ga#6y)DKOi2N?js-5`)52r&vz
z@(F=Zp>Xs#19)N(0gM(jlg16sKwnj$uCZbUZ7_64Pb$DeJRl70(fB<;Z}ReUry^m&
z@s-J=0xXX#0|@dPf!X$;&LAWwjPQj)u*2x_c#+jkpLz)A@Wq8d!veuHfjtWezl!02
z(4-)2E;IsRPsXC{AlNM;SXUr7DP;Vz;20i6AgWUkoFW`G`)J&(u>?_<2~q?VP!8gU
z)F#mwAsO^PSjAKu6oO!84Sxp|Be-V%U{^uFwZOPRIubQ3GSHPM1i(-Tln{uyL*Qa?
zXAy`5-#}kvokAc>2sd_zapM@dEY?of(u_tSj6XK|vys_KbJ}MJ=4<p<eFHrkL)vG!
zF7imIYy|C&LS5`wdf*LO$N~h%hUkVLCuqT#3dRl5U`=Jg)HD#6M4F3ixHxEPL5-I2
zB;nw;GhoMqT?izFLluLG2p0*F>kGlUjl@5O!`VU+paCxiq6rNsZNl&YqdV=VL?cPY
zrFk@&Baz3U72`$l^zwlLu4u8N!Fu)tbAygc#Xu^ARp;gh86D_d09Q7dCLq(|r%gbT
zjN1f%KS=B%0NxXV_QH{Tq5dQjD1kTx(r^;>8(3PJTmFIoYMOB=Kw^M1j4@aeP`8mO
z(4LHg*b%)88M}-c<e5MW#G^@pL?W`pe@X62U29#FUyw^pGcLJ+u>ghy-hxT^Bk94=
z4nrMnJUP%8@C?Ax@HqD$MjYZyu0Z_5j)_H~sBMa{Pr$Af|J*XflQbX(EeX?%q0L9B
z2^tGF2l9wegMda-ycol1PihL%LQ110|3ZB*Lzr|u&~p1r)j&&l(zOKRNW{NX3$)56
zT?;aG{z^6QTAFk{9ylOZ{H1!}MKI}l$asngyi}0cH&I2f2#?4IU=dN^N=I#gkn}df
zNEt-XvFn6E<QXxHKtj)mafBxBK+Bq%2HCTz`Uq4zRS<#~FBI8`f`~x~F_7*>C5D5F
zZwR3by5mUh)TnB32&iC?8Da>CqyrT)q6E16;mJ~T(c>p!;L)_8?GuN92kMg~tzbz=
zQ^26dEcG9(0;3+7w6Wab=UGU2pd|xlMGD0KEFlnaep(R6kF$hf_o9cN2meSi?#vjp
zD48lf!AkKDaqcOk5GtN4)shG%6$y;QNJM*RHA{*jZ_(}qcUaB=tl8g>2mwik;3*?%
z;WbH597u#?$3RjaNCHNXgh!^6jX$IwZp6C<!Xr%E&0$ze+B6$2O8da-HKb#5kRgGe
z3KBYIE@9DT2;L<;87V)CAAq+*lLb$vkU3}~n-?g;2bM+MaF97*JdqMwX|R67C<^>^
zPQtA0XPw4@aG@W&YNVrRtCPVVfy4@g7cYb55niU&qdJV92bT31VLwOp8y)!+lJ?M4
zmHN+EE+=QToQ%bC^47}9S}GZ|Z5w|e6~fB^2GykofTFRtF<(c8r~(P02>=T%cpNzd
z0b?G=;zCmeA%N{bNEjT!lg6T<h)UjpK;S0gVV#Ntj5W~{nQTyQWX95%D)bg9ZM4cY
zUagE~oRPNCOegNJ2@f(zanP(MR3j5)qQk-VGH8;4R{5a=;ckHK7I1_y26$!;s{IK!
zMrHDVhk11S0X;xm!vF=5Os1kYbI|I6bTS$tShOygW?zJ@Oa!_{{J#!2%3vBnf;}lt
z!Hxb?&rkh782HfNspIGVA9AV+iYh<&e<&+V`G5Qy&y@eil>f(6{HH0ekN>vU$5i~M
z|4sLgQDLpe#u=LO`uMMTebB;})6dhXrU9Uo(%y{<_5^ku$UZd6GD3Hdz)?LYupDEG
zg+vTEYzT4uAW0Ow8_*<29YK#5(Hu5rAaPIt=i~79bHy%mB>}yN12GUm2cisw!Qp0z
zMC#!$Xb}_u3JO=lc;*h<YKRmLT5zS&Ioy2wK&xRx$GBD-y3vuQ-y$?i;@sV#b0-WO
z83nx#13p{eC=@)2=*VE$8s&}v>%`Q2R1H~!+BztWF7kyo7~sD~7HDd6C>#suR_J^V
z)|owE3n`?uQ{58a5=KnTh~ov+Z0yLK97732_&8+12f0w2d?DimLI~jUc!;?ok<4i(
zBNA+{SSOFgswf#tO<d7P*NoR{v_JBV*6xv`5~>A~<mZE&=#LsxI5TvD4(2*`4EgSO
z4_u%R1vx;51{tA4RNNghScoGgJaKAS>xrUNvamnch^U(a-7NGIQ?uyk`7yD<nL2+&
z;m^>Biek{pK;s*0h8>+AO##z=#HtFP4oQl_|G=rR*dI);@INA>&8!o~bD4_u@-yQL
zgU$~dUsR`TFaPD|=k}j~zkm4$HHrA&3O~gEmRFXWvj6-W&y@XV%KkHD|CzG?Oxb^?
z>_7i^>_0TS&Ki?n8Fi*E{``-bfYz9dwf|7v2N=JMwF1HJ>7%^U5zlXshXd$qIOsMH
za)AYkoDF3oPtw~Tvit=2$Rc(h#72ohbBtUofLzw;HBfK#An*i821ZJM>T>g=@g~40
z6dsBZBajCUa+C-G8u~JVHZ8+4S%NkOPPh(kA#8MkQy_lt@OMWf0Vo@?D|is_KJGtB
z16v(_m5AEYKTQTj0|z>75S1WTKfpL}FvX4-j<BEEo_=WbxaJ?onUH4sVYqO_=#7G-
z55$Nqjq05;QV2ckn0r8wS6>K)0C|2e=7-#1sNRXl2*Gu^Pi$7A56lEcEO^YQj%3I^
zEBd6S8qMhTO)Oe}jL8V83o#pkoy8jVSQ~988sE}Ip9+(p3K`~6RKXT1@OiAI6Y1Bn
zR5DPg4>C@Qz>#_Q*C<4+XMcr6*h_IzG%_xOzeXj^Q21BqG)40Mno{~o9EV0DA~Mk@
zHdj-fU+Ii)wE23JK^J_YnmVb`#V0ajGZNrIyUs{L2jhrH<a3DPvAK~-(a=l4RuS`S
z2*dnm<TsGd>hHCd2Kb1MyoC1!thc+X8{K}2CkA1lI{}adb>y?8gqxo));EOq8>>$O
z1d=4ACN{eU_@E)yKOW<!`~M>TwnzzXP*8cKVnBliHJ_veRGkJ~GkkHCYQ&X=?6VS>
zpF93Sj|9cdUjl=ckXKNYK&k^hgeOrXY4ss5sXoHsB?s&Y43#`~ARul(fz22+_IDVJ
z|L5(#0Sq2@>QhGF|B+{W`!AS*vcInm*vU^>c_RNm=ow@GRhCm$MWK~{9|;pb|Ks-G
ziN~Mz_usGM&yT+fm;h7b|8G3M9)Ftk27LaDb^OBrS6)GR%=wRkoC<g~b^h}&JTkxc
z;Q)I)EKV@Y8d#!Gph^@9vI=sLL?NfDp`?zc1cJ$jh!Y%0W((vF9qkZ+;f6HTM*=F9
znpQWE;^jvoYe0X)ia5^G54{3Ns5rC*B)*{~DeyZTf;%2ZAY&mp+7$?$NbVJW{vjmz
zrm&=&6hxhp3`8Q@7+w)*s(p^*cX!ZOwE#%}KbUT)&6FJRCIP}egQ(1Sp%0Dz8&~=W
zepoWa9f)cgusTV<JO^ZAe;f%9DTriG1~M>cKQb25+a;xbsOaZ4P39sXko_n4CdC21
z{l8u+|H<dq{2#H2|8?&FOa8AYr=&8L|0~K(-T(Mkp5M*hX#Af(YyK4XhtFIl<o=K`
z$CD6*hoO-O{shR=@jtZ_Al4YNFU23Ng{FO_o?t<5$J;C5j+TVsXvoxE0{H=op#I@U
zLWhPie8ED_2+-wNt+6jgQo{csc+e8ScPq8D&_n`^F+`;EX)0eQLWpCc5>PS;25cMx
znbr(<*kgpw;zvp*x%pEjQ8JY5mnBcQNB)g1k~$^~=C#qABefZm+arIz8GDQw4lFqk
zxl}r;UnY7c$omVr$0YyD#813;Gj^jd*%J^Hik@f!V$hH&2)rhv!+u&EH5=J4kmLs0
z2%*)1r4lL$YWX>_lc1D@LDS2He8lN1>}OfQ2*NkrCpTb>6a1&>2*2#ye_HaIGRggC
zpI^&=us6ov5&wQA|0yW^DF4YTPU-*u%JaL08k+n^n>Bw*{IkLZ;m4Q$U<gB~%>S0a
z_oFxmwNa9W7lDD#$mw#$59R;}0x-mXB)t@RixyfGaib6&y$R7FC_sXdg${`=qXjdD
zbX3?wWDpo=qDcr0v`PKMKJm9@FAqQq!4C_a-7-)iiW8mGX6*6jH{;O_huzW8F5+Yf
zv>S~736%<=J0fSv@bx4Jnh|t4hTeU@Ls*(v=KKx9rU%vH^9zZ_Ljyi-m;4*@)Rg@3
z|L5n|`#+sk{6qGCc{xRuANGGJ`PBaZFFe0{kE8AX46_Cn0o2BN6v%5RtB>(0fHG6D
zx*)$huzR2>eh4!j<D7?}mXQ%(H^>s;7Dyr!0QU<SS3c0k0lw~swuS``Nm%aqQ7{1M
zbcybycjy%~q9keL>HOf=DfNF#@IW>cNLIigeMZ~lFjSWu4BDCA)mlGKNK41TfdEa@
zU2!0EJ<vu|=)Met?8f1|!ra2%(#UX?H6(m6bis;=yFiq~S>M2Fg{6^&wUN0Ql<!Ym
z6#<!T4J@sw8Asun0a;WOrV{e2L(oG_et{%BN*ee9P?!!T3>ErwJYf!`K0p%u#|RxG
z@S>x^fyb%&XBfetw7&om%mLR9h=Tqdp=kt+bn<Aw2<#sy3i@}XC<egMzk=HfO8EtB
zFBMD>R1E(yQZoYt>7Rh$g{mJx--XKhDF81AQVXaZ{)6t#XJTM$0KE?7U|$ChxFh%>
zj{(1+o_0ioUkcDKsI%Z-iqJ2(1yD*Q=oeff^h+6bfcx!?0b)sXKWB*F`Y_%s`R&!w
znK+~vAins3XRy=M80s5XiJ>K>sxj>Bqs+myiznlFZ(~I{*kM~R`xx)Y&@ku~^aG2`
z2rYyG&;?KGM}!LS75RgMo{J7XI^so%W>jjV0F_h+M|kYl!EYUZ&?f?kG>CSD4oI~S
z9pS4~09+}kIH+_wwa9X1A4L=7aXSGy42r;Srwfc2V^Qd3)Sn~tI?~3CI&k1Gh;VlL
zVAF{EQDtRkAMpm(8mXS4HAqPe$|jzqfsED<=(MA|3t`KQ9fo`u$$%bRDugHt&k}|d
zaP8CrVE|n~qQ6M#KU*LIO*?*pFnaW#Ef8WM6BURsxIbAS%!MXsGJ**GCkuob+1LU{
zC4=?6e}uzXAi6V|eiecS$^5(PqW8$ylNPF~?oRn}X)<_W`@qTJGZ6$O1dQ8+I3A;X
z=IOQ?Pja9uZJ_`*DK0Jw{}=pAbN8lJ!I&O-2`7Xq6NLz!TymHyQ9ApZOcp9}qGQYy
zBU1q+{O6{^3M8-x^;Qq{LIgvM4~{X(;JYx$oeNmF#QFGp;au@>91bu%U<dl=CJ~+S
z!Bj%sL^TUhpyezf0ZkpiOeJA%ill*fsRS&xOGu5Fy~ZZe0*R2K8B?LD1&`Sj!~?)k
z(J4Tq@jhhysPxW1(n+)D(9<G>;{rD#{i#JeWJYe(LHFQrZeB=!%!s{^04k>0o!~b3
zA(%Xp1h}CDsnM1_q%a^gLmM5fE(}OUO~F9<go){GA<*5KXr?JTL^+a`?8lIix{T=^
zh{Z~TN-(sX46y^q{U4GNMHxN-sT01HL47%@KL}_B!bX@a0fWp(GX^Uo)H@^HGxAvq
zzCknI7qm87PHIdC(uf&7pzFrT?Kp0q((=>OVX>l6+pyR%CDIc(j_u@8eMs*$EEX=B
zmV&V}0Z$n{I*elwCc!}~n#y0m`zd?ksOQ)AKdS%9-#7vM)%l;I!VmU8Wx1*IzklWV
z-P;$<{x>pf{@e*5Se<l1?MEN5G0=SIKp0}3j;{CLIvk|#9Y{;Z`h$&kb~qkf-#Dj+
z|FVPBBoC`5QwQ8W+D%3345M9E9M$Scoea{@=Ki#=4vF;7dF#+GWV(-Trv~hVG&%nx
zDEGhLEGnH-=Y{{Lo=NQg0e{c?`<MH_viw;5HwEZaaBBbmH=f_UjnVi2fIsj3jky0z
zwE4p>KnS?S$hIHg^WWO@$Axhj@$P2-rE51Mgv$@FAcGPe;e#>P7+ja}-cs|z*c)TA
zj)Hp`_cb*$f{HOF_ZS?Q2|iFupy5>@rv}ut<KP@1{^TGNZ1|Wc-DHj$%={Q&dKsW3
zXjRd3Bc^8dabOk3c)X8b8;shc89*2&qF0j9x<cJXf3q|PnGzrwVl1svP-jBG4b;As
znw)?!`9}SMD5_jDxmp?eWm2LI^!!S^`3+K?53+nfU(n=WQE_`2abFp6ceMB_4RKQq
zajRcAwIKx|b}RIc);c3ID+5bww2_&$Ia-{ImJ|o_F!FyXw5_g*je!+fQbL>zfpXCQ
zD<wJ!D31xBu{;Jd9`nGA%M~y`@3TqOJBCeQXnp+WCjDgY1B@sh{t&nmv=p#N5I;~E
zJk60&ncNM5$?6^do%KU4lhztQiw3p(Bq!5x49%Ey=lv7S_*-m%+JK+$0~0+^k4;9o
znz}49^-TU5U;i`3ZNNjW%)h6OU+8~w%Bo}IzbUIKP3eFC%Ci_z*JuMi0{O2hD<>~2
zF9-ev%9@6}651C>cEgeIL@ykfs<m;L*yuXz8(C_hWdq411RzWn^b!dV%_Ujo|Bt<A
zZENGk`u&>u70R^D!alxWAR$Y@TVhP&7BB@TZJ#zzD$mGR&0O5k41{+3-}js&&CMQT
zx1=Q9*V=CIXhyel)6qH7QKLnlT<o(s@kChVIdfKZ`iRZhlFX`I6|BO7VOhgO!cxM)
z7?Qh|Wy109S`Ykpu8de6#<XUJw4N5W9yliZV!iUU7qGe-RlF+oa`rX#=woAl5&t)?
zWpMX47V`i0&P@EDt=0Medr4FLj|e9juw`VxR<re(ZMJqdcV;8N6$F5@`y-GKaQu(N
zXc^c4XejE(DX!1*OI)Aj7P&sloZ|W{zs&V{_9CwD9kJ8?fOWs?T?`5gnpVKHRG58X
zJvi#0vo9npv)Gyu4eRW%4;tF!2J<V5d~7t&P1XE=-aR-x>3*m-7V-ba&i3^D5C2>7
z|9vFu4EO>=PYc1^&{4Qed{IE_PoAh(Y3WqW{~)bL@-m4&%mQFR{J&OfYnuO`v|vfF
z;{SU{pFM02WdK?`%#0)U1FMg6T_B9)C42KMHBb0gQ?Jq|Ya}g8IOCAngXjjQPK-~D
zA@12tm@qTr3K#cWVlZB6N?+**G?&#6zu!V%_J7J={gmgvg}HeDC-{dP8K0ZnpDeQj
zZMN*=))J+$<M<GTVLbaDOZ{Zv@_G6hdx+ch3SiL#$L*w&_K0R*+S$v_m<Oa%q!6=B
z*J!b{pOu(eJmFq9m(`_)c3m)A{b%8lEC1s2tcCyBIj+(^orc$Veun+Shc_vX{$Zy8
z%|}ItsKW#|Buw;NVLqlUv}?G-aFWD0azJ*(&JG4I*KLCA$ENL7TAZroKL*rRA1ng!
zpNRjvjqATv{MWxe-G+bs_l{dXC@s?eH=j)7f2Y-2t^e;OrALGD$_6^CXyeaLzFN0y
zChtg2Wt^CmdzNvLEyVMzZ;s9L@0K;ay&XT8+1j4Q&v@X5rC2EBTUcMsDIYj3;{VQ_
zqdzah|1<l)wpaH5`$^N6lo&hR{5ze~*u?Yha5nGnawkW*jEPEcE#oo!V%uJcfDf7$
z@&D1CqrWY||JyV7|L(L_=RfWxP4mBAoz7!^nvrQ@|AO}3(D72Ug~^^L5h#Av9mK)M
z2GRd?TEzb+cMbmie~bD5$@KXz;Q!4P|KCfR=6~|X%@+Xln*FwDvyu+#%<!Hp?@PQh
z4EI|v-e;(zO#k6xzb&zmFb{`p|L}#0P*ENfNvOqp5`V9;dOZzb{8!ydc7OO^#Q$ai
zcc(TM@PBJ#Yuf+6v%T|p#sBw_KISEbw~LV_ZZDjl?r^VR#kGa=Q{{z*^Hb@n!}-Zv
zf;d0j+x3Van><(PFHQ^P|D8|&FSGvJoVNd<NoXbi?;*{||MYbEJh83MnA@4u1eNJA
z;BemJFFj<v5<#D4D)T>HRsZ4J_~ZV+t?ljB%KvvCX%_!(_#y9p#q`JVzrDHfWQG6x
zNY(fsMjw&{{sjJ?v{w9oFKI6R%{}&tE(O0^8@KC!t<5Jh_}|%Tt>VAmOWJ#Q*zXL!
zKkG8YGdp|r{J7U)cD>pBcB|8D9u5xkd*#_h97!i`HoK>Eh`-{F`oVcqUrmoC&Cj}`
zVhuNT?Y6b2FL~cX3!1s}K9;d3+Q$jM_~v*QgD>K;|4O>t6%76x^1#7}+6*#6MW-hj
zXCCN{3BMFRzM;6++~<!RN4U~^_K3&QbH%d|_o(ePbpyIFDEAK5;oiQj;v1mvu>f_K
zjUzGIw{P9}41CdWl(H$Lz`h-e_i+=Sn{DgCo{vG#v3MQz>8pLagFz>PxITc7ZHib8
zPo@+?;2Cqq7>qmKe>FI&KgC-1ni?j1cn4bBvi4kg#iYA$V`+@o9Rc_r<k`?UH*sRj
zoX&d-x^!r__xKV6!}1UIq<_h{2R+niU{nE~r`S)eK$GB7kG09$drfGts$JZv0qqXu
zWqS|M9tM{NuX|1NxYwkY^D1zKaw0jQhzjk$fE1`%{fF&6#0v)skYx3G5$-+!y$tez
zU&%|ZI|n4($_58NVK9kDu=HdOc^SCkJ;_kJ{WA0gLJy-Nn{VfS{aJV=qAMw`?e=S_
z@<F^15%)9-px~`FfMAOgWw$Tr?{a0_@H+594vczeel1tdi2&F!G}eh8367__pTTpu
zWUEBrNXf`GJPu2x_L>H)CZkk|&x3?}2EHfsa65zx1wNBOtPxN6?CGZ&y18Wt#mbz}
zpGc%c90mU5fxB#3v!Rx!9l@tr0$#E*S~vqH1`&^e8w0wHfa2WWhK*tkF4=CO3T?z)
zwwMU6B(OL(`Bn#zx7!E)5U*(!O9L^r`DQhs40!*Ck&#3yjPg3@amliiP{nwO!dnp4
zB2aj-f!#jSnZ)Z$)k4<gQWYmR%a;x#?s%e9yiZw+Im3wA?t2018=^duyA|vMN)1}p
zQ~3l>k3!A8Fk=^ho!Xtth4rKY)58d+5zz=l+%)rwN|i}~9Oh`2E}686J*Vy33+s;o
z3hzYJ{P$%PCX=@ylUtj1`+0K72KvoxpO>y%IsR0=o!1xD^=ZiGPZgl`qyxAU2DHcc
zlyWpLU{TjJJs}n5nW;I+XcBr_8gF8IIOp!$slE=gFVvo+AHIR&llH-o%lBc8U4_mg
z;mF8&hWB7R;u_s7@!14a7ZHR^=(5ZWnUj)(D=#S{Q6U?qg_Oj}n6sfAdNPcK!y8uD
zXG&ZqFk{zPm;mWz)!`*6FkOS3gnA<hN;kA=W$^k;#)887zBMDU+mz#K#$_rTMuLS5
zFXr%K$VRD__#FPgXTA)$i<JlTwz1coz_0;ATRDV=96J0qQ9^_0)$~vRR$G9I2{hw)
zT&WDE0BpdEIr|zxAGCl>-DE7&kc{N8>2n%lNLOiS5zLJ&v_Mee^%CSdVrx@{*VgH7
zA%|2Sr~$x>XD(8m$D$BSS>d8v%XFizZLL&G1WiW))e`fe@VJF>@JrEG?8Ec^85<lt
zKkfnrgg9LDQQAh~;~#ziqVJq{4+h;*5w=FmK&NNe6^~H2U3<K-uDw{=zh20;FjUB!
zH`GP$N(b+@0qyfL2^15aph-(vo-})s(ZjD%_*JM<^#Z`5V6Bi`0laIviGBO$P>C-c
z%G6s2*zdJMaZnIK;jynm4v6#fVm{?Je%AS4I((GC<Xv3@pp}|F45MPpKEC+U#mv0i
z?-t$;C~Itj$73d3Mhfr^!&(PkqNvn!;Jj9j>qKB@tQg%%!=18c13Rt1c>`@WOgtvN
zzkz_R1GE6t!(j~SGBBW?DJ}R@-4pwwd)(~|n667>lD26WS|J=te-cR_Bk7}79^!>u
zmlEe4g;9|}&C}Yt0D;5;P=Xbbvje;ZSdPMLB*-M%9f{Z(v$fxTH<vqJk8$G|z9(Qo
z6G1!$82c1z+ocd!-8%LSe*^5HkQqJx(&I+}5KAPWOUPe&#uM0?OsXhE%XF6@!}Q63
zZzO<}S)4$}@Ut{5PccLfai;kV(kK#I4EIX{OyS8}TJM0=%!Ki-mR{A8NRPOh5ppO@
zF@h;orvLow`ShO^ERlV&WQpvvk(MRztY}XKFhC)f@>=|YuI1u+<cK{=^ax`N<u?+M
za0E>nX$iglb5QW71cw!70KOHD*|7sat|F2*nr97TSH8u?6A7aH;swnrWi~NoQf^^u
z<+AH}==uDZL+Qo~U8yECdV>^(|1Z!?7s(_WbcXjt5fO1c;bM$S;tD-#HfPw=a~A2T
zcJ-7*?{GevJLlN`&0BW}d_i)~tr;<4Vlku8%b*Jkq(HViG5e<$AZF30?DYbFvoeFT
zHTw%?c)C=zkz@rR9Wc5c4#8fr_UDcSRUzkmC-l%_1BB**R)l}?FeB2FMZAqOw?<8a
zbwNZ-QkwLIHwNw8rLsQAJE)A~ZDH7MWI^*7ZZ1&inhQ8YD(E$Uog@FO(FKPf6hSj!
z8KE#VxlBL~8)a!7bSF*SrZ?g}UOXoCf=*<eV{4#?$dPn#v1tL7aHyHX*T4)Q->Gd_
zla9GsH!9JzrkU!KM$MdhOBRqR4U`W-uOp+=WJaI9;vQ&zcx8jJ2RdWny!&?&$$j_?
zI5+~<M^h6SmS)X|JyhUyEp=@?+_1G->NV!&rpSjj8w(8Bx^Hi_Y<4Z(c)V{veQL92
zTWi-7(?jLM${MwEigQx3YEz(-Cnh-U<L2hSFwn{NHvBgo=mgYsT@Tee4J8ecY6#}G
zyY#)b?(H?T9rR<{f9Kl&i%Y{hwz0te-`d)0&7A++*;(2D?<1}3|DT-wf8_vJIRI7;
zfRzJa<p5YY0RDsnAg!*X>e>a1FmG2m3}%i0CC9<a1Mum20Ll&kqp)k+N*S9xbpyCw
zY7xl3)>@GpXN0iX*l28K*k?a%!s6&j6BkKupp$W0z-^zTf*#F&Y)K{v5+6+hWYXs_
zX($I5&bW+D&FYN!q_H=QU@b?D9T*ca`X7A8Bh;{<K?m04Z5^p>uSpMDA4p&MCghQM
zSy>~w3@FrDg}&fsT{@OQ^1grgyi=^C6GoA|lnHhUuN4lm&!PVkjX{_z0z?>^Zg7Fm
zPUJhm&d_C{M6h029h5>dsWP=G_7yZ-WBpF=DHH7AuwN`S5DIVaPR$abD!x1non($d
zB(q}_zX$vpoxGANS_P`u*fdn}c#0~rVWjqaoOe*+hNiFJSB_^5&)b{aC=%i(h9j+L
z@-)24Dh2QWkem<M2{uIKeyiA%t!4`^v)S05JNStRxJsKho;A~tthxD(P4Qo=b$esQ
zL1K6=(qn#wH)L<WDv*+)ObptERMnu$US(!6UH3AJh9;^zJO=R&nG?Ea2X$}mgg}m&
zs3(3z%i7~ctHEB2pSiY4xiCm?40J2}a+7~fDQYZ1y#&|-SX&zghg$}$@UKUf>q*->
zK;LLV>BjPzm5<=<19tt;CEHupr%-<{6v+ai<YfT(;OHCyUNdg3fZuAVghdR}>FkR~
z9F{d#;@MQ!U|qgzX|t4`k#G(oj_^zJ8L*?pBAJ?vOx)Gz05R#1mIl40jFAT_m(-=N
zg!e3+{}$B^>sg+}A<%{|W79^daEGX-P&N944TWq#>p&;v@5v6AI!5q&SHg4$KsSca
zgb7^cq!}|k%}JkVk=BnYUqEW53K}+(4wcq3G7`e0V5la~G<0uy`UI@1n&dx*X_f4%
zMQb6MRVi}(hE^S(u-49Q>*?;+<0-ppYE?Dtd%J0Mfo1hmGpzni(p>v*zB<2i8w>2e
z+pU@S4^N(~;=kQbTG@YB_TQEL_b;&jre+l~`I?87-FId8UD<tCcHd9J?z`Fp{`a>4
zmkhx9#DR5JO&(|jM)QW5;`5zkK1ZvOh(_EIOp$p)F=!&v`=W58HDu$SBF-*h!5KJ`
z_M*+s$ZLnsPcGKYrYYQ)4U6<&5~?7bn6b*D$%0^J)IL$iO-xYF%tD=Ppa+Njnpv~g
z^pd@1Oj<RvXF*SMhJBWT7pw1@4SFE0Q9diiqhTcD)UpssY%FBc#m=GB1TQkkH;AHb
zhc<rE#;Q86(_g(CJ>8a7WlN}lI#b~&zUC3`Lc5C443Y0p^98Jp*&I^xW=P3$!_<t@
zu#8cnNF1q7fZwKifgy)!W0&bC`2pBk!GyQ5j>eYk$bc)=Bn*nS9NIsZ@958U3b&wB
zWZlEfu*M3TBaMwhNzp>kU=9l1x42dATGg}(9t}0z>0hw#;8zAnr^={g73$n+V9BSA
z_l?we(=Xb8=d{Vz3Rcq#;4SzZ+LsPYsDL+i0Pt7o#=2siM3@T)a(nj~R~jw3O>w)i
zQG<V4WG36F7>c%K%^A$X2K${Jd&&;Zdb2eftMS~L|MZYHt5EXQEhsV8!ms!hrxmGy
zufK+0+bOa%@HJ9csao_5%)^PPw$neMtIx8!s&QTBtenb`x^wM06}Hd;lQ(;!W<*!h
zyBW`A+e}9SlxRjfQezp>Cf|fxla%)^Wq=oRSj)`AO*Ia$(GR8?lkucHxk0l>_&xC@
zv(CtUrdXnqX~D>rYK!LlA#^U1LN%%W=jMq#eve6}oC|%A$fku8Pg(eAZJPGi7Hqc_
z5X$^&hzBDrOYkugk;Ydk60@ZXc5P<)q8+B=?RG8>A#=NJ`~$CN`~yf^P$T*X#@H+L
z_ML}A5dk85B1#nZq_3Ru4NPN!n>EKe#w2P9HVFOfKoWbANX1p?nIlt32}mk4c$l-M
zH#!&lnqFzad;1>g1>Bn(>2aiv@qL(qR`<Ndx^BWFK*Tq=K|O1##s*`_f&R~s{%h<A
zXeI>7o?S3nV~0GDUdRRsbiT$c?0^h_bETg<1EeCuN+gGgtnk6OB&^3A`hOnAV`!Ax
zJOqtO{tE4Z+!A3x-FpF}3C3YgCK=jWMYNkd96!N2PQAKk!i``6(u3ZzbL4>VO5)KG
zk&=K_A^}7N9hs5Q0&kE$F*gStFeC7Wb&|;Vc5l=Oy-y@l5VYvJ3JP9sJU9U$OdD|V
z8ywW36acPMG3G<IhV$fl%>rV@Lp&X>6pXPpk7CikSdDtNme0%U2Hr+WBIjI%-j&SO
zu0?orSfo3WHUUiV&`u>Ej5sKDK$P+lhU(#ol*TZ!+ec|1=`9S5UL#Kc?e$K(XMm^9
z>De#UVj{IskeEpA6zQ=_Ei=h!hJnu_zXJX>qe=_kDlGb>7l#xqt$y0CUz{DB)CVsQ
zPQSkRvVxhN+&qFLA1ViEwG$$sN`kr|lKcc`kfHGFS2)Y5hq>AX#CNMO$G#O;K^xns
zaT*sdkc*QjRa%&%sGXGLO)gCE5GdCtQ^*{FGCRV_*NlmXIm5l6qeLJIXQm*KGaiq*
zu1GhMq3i#<_bs=mk?-wk$@TVhck^Gn8+UTO{q0UQtkSY+uK%yN;JjlSi_U*MZdKg>
zv^xKBFX<EV|CMYSEOo5>J$-kTuDg}z?!G;DtAiUW2j0qow{qaE9C#}S-XC$`rSspE
zo248|>uzqlW36B3mIO0<<L=u?h|D##YsnbaZUHRiVNonxTuQTH7>^luU~2WHL)I4D
zaw{T7!uoEKM8F9`F&;BMRG|l?;N76x%E2pjtO4E3jb10niozSv9VC1W)xJ1=Rrm0K
z0`zqP3f2hbRp2L5-;kCYsRis8pm#aKQe0IUV!{awE=(dvr23a?x?&^)i4_@A?ZZdx
zg1#ckN{8IAdNIZ=AOI=qskVX1p(p4fz{)l+gM=DO3pOt&>HPBI>{wesb0Fij)-u3L
zya8ZCD8t+kwFZJF<SuJxHTI4(ok!!q+c_A_sSKeQ;bNYE&OBOv<KB1a>0u3p7hX3q
z!wi0;CNctyha>8m84Gqe9`o43`_!=@kw}d3xC&OX2>O1Lq93tuP);C&#XK7WZR*?E
zxq1g>b+^I*sKdksp<ooIF(yZJf4f_3re@)_=ajFYPS0hRcnwJcgC#|R4R08QxNxbZ
zF>Zgy69SRs<b5>&LGZ)S0Oh{WH^ry-hZ}_s$q_;5rbk$aZc30!)m=G^cyz<)SOIRi
z2OdEjW@c4*hEClHr7RZQ*U-wXwG_?8P?9Tf!gY0I6N5B2<KfJ06gA1(*~!502qE$e
z?KN9<G}<t1qTGHy=ri=ED`lERsKK~EW5yxYG)Vy2;M(L;)CkK+4xk1=fpCb+5X1>5
zELcQfP)+87MwoG>LI*MBmH|)q@+!85__Qxf345IyaRv7*!%69@jN%H?qgJ4c^tC5_
zX<ESI1QTUxx~@?_Yuc`je+3PTm{pByncW&42#PoufnLLLG=X@O@H`7@Akj7|^{%FQ
zJTw~=42TrwT#o^NrIAQwjglyUCIyuNZct$@yH5;q@bgjV0Vm_oK+3x$<kW77TKN#x
z1v3m_q>WU%FB-Y#l^TO)iDF;F4VssMg<0vSBJ2fdoIy-tKa8l^>Cxu&V+~$**+u_o
z@a@5Qm-Q~#*?IqU@34Ew?1Kw<wrlL$-r!~b)quel=Le^Q?^*wd9h`p8zV4kK)>!wu
zv-9r71?!(%y_2)!UKjFur=8<hhrQDm>^YP>?GM;-@1!??N(X(04VtQY-3zSjq<h|Z
z36BTQd&j-O_ciONH#o&QkN(Tvcfd7~Z4XC9h3G1lwU=2`1P!5EKv0?#X+p$;ijx9~
zq(CMCvG=kTbQL?IBD!F&C}PE~h={!_3N}<!EQs*kduJw@1W>oU_uu^<`6-Yox14)V
zKlhw~Aj|~|bP3{lyAASn3Bm#g1qB8Kdw}lUL9_ne{{4eMFCKm#{yZ+sg$6ES9wFcx
z7VPEX>kIp0y9@%u4}t^4+yVlJ26=mW@i4CdUw031(bWSC4JEBZeSulI`MP-faWHom
zKNn9A^i}|9C5R0lBZr3#_VR$2V1F*)pBv9Rz#q=TEx?}_1io^>G=q4WR|k6sdvGw9
zAn#xZk^VseejGN0CwL<OH3HuA_aIw=u*P(j1Uv%24+{3sG>Ex-xcGv$!20;>tly91
z^Z6sD?|*zYA4W1CWb|elD3RIQ{zo$T{9TEB{(rG}S8xB-n2!E(AK$V6_O!Csum9Tv
zmISS_|Na*~a{~Q6e`2?R`}ZerFZUqudouiQSR4HG9sXf8i`72O+uemX=2lT+-0<MR
z_ujnDKG)RCb@G{}*z`gDrU#0e2%B^>k)M<}7V++94D?LA<(U-cFu^%sQ$W&!<ZB_f
z(~_?h)!phKUu)6nSHsz6p$q-?v39vN#W*(=ufBMehMRRh(DUq!OA%$|2|3vZ3fB-5
zBl;e>|9Y}j!#dk{wCgpX>w~bw!L@f-Z8sQ&k2E@ZJhSQK8F5`$4Q%5L*7CYFV6z<@
z9W4?U_MS27nL$~zJ{@xMi-k5TmMvSBl4lcpA-TomtcN$GG2_O4IdbLJrP>ywgu)FO
z85x^54@l*KH;DtoTg*-QJU8p%m8)0hoaDEeAO7sO6`cxrEUSitdA!Gkg?Z0Zjb_!E
zIw~|Y)X&e)*Z0D&KX>nE{Qkp-daSjF4mtJdb0>=T`Sa(jtgN8a=2J1lsrzKNXJ&o9
zv$9Lmvw52WieA2aSyYs`diC$TZXM#2QrfvJ96M%+gN;enLsq@4nLc}uKkS#xUmjfR
z%C&0+PoAV~*x=s3KWK*4PpMQ!M;9l1#!IDAKA&&rajNiLle(;|9SI3PC;FexFU~tR
zxLd-$ef#`<eSQ7?)2=>WyLRpTwmtc)nxyjL@=wiualNh2fP*t!=X^M@YSoDGeZFM(
zoE8*3!N`Dj*RfYb`)xic4rAYoM~!-rHfXb5%65x$2V-A5Pbwe(@zq^kH+xIV?c27=
z?;oCUtBtIURm1KH=N>-9S*#YEA!{d$95SSrv-7LhuXDn8dw2eAXRhnQ(w9T;MI<>r
zf6=z5@rC<I(N6=FV>2qQtbQ(hRqtVWdHI|<b9U_5A(7N}v9h*qVsI=its9HgtK9;3
zlh*Cp*}Wq$!{59%)NRnh*J1*|HoKKxoioOkJb#!qtD^klkpU?|@1xlUi&Il?I>y|w
z9$v~~+4Y=zZQG$;q5%tdX?E?DuQJxonPbFanKeIm;fPcwn=pR-ty{O6HfshJ=*^fu
zNjb66(Ya;a6MP&U9G3f<PCI7Rw>6GFix)56x^-(&QIXK5^^>_1Cggj2w_LSy`qLxo
z^6`EVg<|<Dg?aNsezFh)Y}xs^J|h(h%NedicL|LW{jV>vVX-=O>h$5m2ive{rSkc+
zXSG;I&z(D$oei4IzI!(@r!YM|{bNZ<6T|86->ZBL)*icdEvER<$+;~p%SBB-K8)&R
zy14i5`^#7Jwv3!`_V>%z1BcxB{OVv&#l7*t_aDrwc$ZW$PxkD{_|I>T&uHM}<kXx!
zBc~AT%jq*`{&rT_w(Y97Z<V#DJjl<twa@hGymIyGm#<#6n0s=-GHzYgD5-SI#*GD^
z-xd0#T)utV(b;+8)wDs|wr#tykuZ(#;FLiWF6f7ivRToiM~~o&(x=Ij9vAFe-a<y~
zzLc9A{wydqv4Y>n@Z-miNsh5x6B842^Ev&nGf&<wvkWUOEgk)wH*(}iwYubDqNBac
z)y>=6d*HxDJ}JA>)8l{rmEEx6bPQ~*$=TrmZ#p&Nx2m0Gm6T&?X4a}*yM~P$hwUAm
z5N;9}Y<u*{nxM^omS)`&?p)q=`sU4;g0NQUlS9+xy&W93jW`%$Yv0+}uwgy7(Ai+%
zeL8I4y4AwUD$ub`bZl(L4)9Z;JkY*<dzC}tNq%of$7XX*9N>Tr)X!KI6=m4CafDSX
z<$={%55;R<-~AGwk?{+`UwZzR(9odqnadW$^KaB1)yjFyn^EJ(j|XJogLgzkgiKa+
z<Hqt?vpfN&KX~vUWx%q2#`9*+j*5u^aJ9F$=kM&*sZ-YV>#-NlwQ)*Lwi$fgG9@Ts
zMe&ZCcFq-zZ8tYxI?c*(YQuWT+qQA-?06|b_TXno2z!R>xN+k`LvMS=cQ7)TI&a>*
z3l}b|U%&qO^U<k1pLKz?Yu8?%oUC4O;oX$=>;2yi=*XJ9U_ov{_`rUX^Y;|C%9;Ax
zZ@=x@y}NNo=Z0CJ{aUqZNhFdrYt~?fOP4JxeDY-LkeyTeC#P)Mlx4LgWOH<{JMBK&
zo;sdiBKUcbT3xZF!O`2d$DLnlF@OI2=Ik!Ldfm8q(f`Y`q@=KsBkzIfhA01IaO~#o
z^~V-&+h)CG{qtwJO@99Hg4Gj#(pThwC7k2F9w18ZMOjvNuJ^o`Yklix?{3Dv>={i{
zd0iH#vRFHI9S<Gaq<wqY>ebTBOtG}b-R$g(Wd&W92`*KL1I<+KGp4XcwR%-lB$G&r
z-@gas^V;K~>jE1#YBc)83cS^}?b~y5asqsOcJ15OqeuBp>$vFR^OrAg+Y~TvbY%Tm
zvvTDfE<FqR<(CU*ygrJ~_j&ZFPb#l_Gi5|%<ok(>oTbv)wjKG{WWaLn9hsEmld^Ql
zlFnVbdU|+F!G;VQR{E(pA7C87{I{RSJ0~SAT(~x|{W^Tqs7D3ar`q-$xnya~s*s;N
z`wLH=w46IPtb+s3$232A{gAdj3=S8caveO_@%^GPak&>P*H?7>c|w63v1y%!g~j!4
zBfexSCg#6*@ddO$b?Vd`H*TCb;ofRy$G#KG%03e_TpzxA)uCCl{8z6Qn7StTBrdx?
zw!nAL$dRjjQciVyH|))rHzn66?33kh8(B0f{Pd?|(>^?YTrv0Trh^$Db`7~AX`KD@
zQGmN6h7S+fHr$BS&&8!yQcg#JJq;S<z3kogYTfg~w7D%K50|EGN%5HOJ@comhnGIS
znm@MUt5sy=`YEG=QZHXEIrH@Q3m0-`%;Y{Oj=8`wCeo9;G@av<Qk%6F(4}3wl=-LT
zD~^1P88qlB*y!Bh``6yA<zX=OO5w%g+I5bczmVzJGo>+$mDG1v<n@5^^80I?M~K#@
z4h?N~KQ3a?=cL;i_QNC8c7s_12M%n|f-@O=`l0AHAoMGD_wSa_ZIRdN#6)|?wKL5v
ziiYiad||0Y@5IF9g2KEZ83#|tyxiZcNp#xpzXyj!ym?*GA(<$1Z#-92QT_#YsIVEx
zN=!^#`76ZmCQWj4bAM?u*S>Ieety1HL&g2WP8Jr~Q7!G9x%c<JIK6-WyQ^21Tg3S0
ze|~rD#EH2pR>Yp<w;wToR{fH^fc)$^6}J_GpEX-&UOTW`0wAk>)X#Ye#rA?Z1!dbe
zZSpi(bm#Dd+c`OncYd7oVau%ZPU^BTGkPDK*J^!8)~0~LGiD@qvnX2m`Sp>np;vD0
zt+nxFrXp<5lvux;Kb_1kK6dQb-Me=icjz-2n+>Q>uU_v<N`7wMd`UvW%^Nqigr+a(
zcggYC4E)ol;$PG6ALbf+&HMavxRpb<^XJC;uUlx+>F%a$zqD&KeD|p%X=z|-dvrVA
z-f@4}q(he{r%ivh8*4Swepn-3H}%~NwXf;!Lx)Ce4Iz59t23@4yY3#MFg_wDBuAaw
z=IrZ<EytFsG7_#@rY&-<_4V|mJAGqbwq6-Bz_eMTc3!1#vb?eqr$pCYcvdL1i5oqS
zzw^`EC+A()S@nRQYi~YW{ItJpe$Q=pkL0BDcDC^tpLu<2s3KRKcReRyjcQU^@w7*e
zmX(e?@$l&0$U5b3mu*-Ps<5?oWsTlj`sMYJO?l5YhiqNxa0oE*3l}fOs8r)$Y)x;t
zIy!!ySKeiALPE)qeM9z&rk|c>)v({fTm5ReyYDY}a_GfVv29WBhFN>}PU|VRTe?JL
zZ*Sz;e*<Rd;CP!m{Au%!ulGg^j92-&9jIrst*%O~e)9P78R4$0n+Ml7Fc2TE<#K6J
zC(jSB?<*cG=I?x2a((w2rx$xit;;VS#WxxEwe;vyaf?-c>AO3*7;~EYJbzxV0sGeW
zk+Ms@8#ihkdtg$9Q~mnM={o}X?^~@6H0$6z{?p5wyB988c;yPOd-v`g;s=L>>>~>O
zCjgl7fW#5sL49%b=QagEdUF24Id(rxk+e1_b$giN)2IBYEBLb)gx@_<v1Y}9S`(J{
zGK`Ih8NG69|HRInItd;gpW)!<YFu{k{@t>NvodaaIkkDJ+T5V!wXH*^jc(f8dfkoP
zU0;{Q-P=<LD9y-&`<ldi+DCS5-8wZjbxwS|XI_I9W6T1QbB`ZCju{4-H3x`Q>I3*f
zo%%k9KNqx)c_L}Y<;KjIu}UCt8aT7-qBoJ(KIIqhKYsjTYED?DaoW`=zDZj@Fpy5^
z^1Dj4+9UalFe7C8a4wJ<i;IgdUc6X({BdEr?C#1)bM+)g$IDr>R=K(^?|-Q7)KSA%
z7k=8$zcqf{hR32Y`{z#am!69)GN|q1=2mCfdHWGP_he>f9zHyBYe-weHxG{0spE9x
z!GjY8+36PhFMTaob;V<Di{)=j45v=|`r_A=0h6M))z3N#(0}%@b!~u1Hp3MM?eM+s
z)}D;-KXBl4X~~QG6F!dc@R$+QdqftG3uO0YfObDy^(o70^@_OkBOR~GpGtQ~SDfDH
zH`i}sqSuLzeb@Am)$MNVwNIYy5uDPhVSg_#!=(7kN4a<FPQmtzb4@HQE!PEtb+zpf
zU*Bb6|Dit3)&g$3d2{5~(vnhxsQmu<g-I=QMt(L?7F=l4v15ILAEn;AdD|<6y!_;c
zF`>72Y_}BTnmm@z&w9uizTbFf1J~tsk6HBrvd6Gtw{G0<>fE%GiOEv#h|!Ue<6hp_
z`R2`=PoKslD(1(ZuT$s9iz1J!!y@WfS`G`n-C@b%7Ihv!w%ZySE4t+t5plbq;I8f9
zGaIKwnKqodcJAB({rjJK^CoKO(4ld0pMkyrD2mAD=5JjFyg#IV^FYvGsWXe!eQ@dW
zFd*}G?n-!d&UCHiH=&oE-RHg)!DUaDnJ@4Bv#eYDcI_@-zFhuhR$q5d&q&qaP0t!f
zK6~A<@7VX|rgLmpTpyX$KjGG?nXQ^{aEmYaRQz@u*V;76YTL>{vn3lgY&bOTBRA~u
z@UZ1>vwXUCO*nPpSEn^=_6(ixV;bDPSK!owl2@-@bsxN~)zd;h$tI!A(4?{PUY&ar
z8`+yLteW?bh)KSbUMKpYYxV=|ZM&RXw=%#6K6o%Rj5SYo!ap%>*O-#}R)Zq)e!u%{
z{KT>`bsxQGSTF15%>xGx3=Ly(>H=IkQgQF?Rj{*P$)yfr7OUa=62O2q&d;$0h@O+P
z9X@C|ox?gXoV)n!rI$B<ZUN}bJbnT}{GN8aU`ZHv@YU-t?6aR1wLhQZIdb&pFJI=K
zd{i8LH_ugA%g)}uz0=q$N7qbW+HvCVr#s&+co#ou55B8z(2yIc+Z$Yt`fT%-yM5KF
z+vQ)sl(g=LHCVf8)2y>XleFKuCj|QYFa8{NYWmU^xr@8rEjUd)be;c@)wle{RI$;#
ztcMMUOiymgYP0v^u3a78k3CNu4J!|lZoDQ6Ui{$H{Qg<^sZ)=;bQ$sVQQl8eS$4w;
z#0F8XN3QDq?C9#u%zd}h{S=Ev+h>l8?a-!Zl&$RojFrlJUQ{%{Kdasz1J22PvI9j$
zr&5c>y`$DXJ~l1J?w0{R3vC-^MMXxwc>46|g(JoW{ZfJe*4#~9+TUT(Sze35maFG@
zbsllR=JpM9^M;Ulm0zFq^ZJGrWuG6Mm|oj@h`+!8fVqu=71C?9EG$gsoOt_U`-(mL
z8hLsqT}_q!-YlhQX<icB#`g94BzN=Xfr8|tQLT&(fZl3QyZx~pJDY6Y?Dpi&be}GY
zdznMt9o)5R`<~|0=CDnioCL+iEn{AdFIpV%NOdbM5}@>s9mM^^<NDm2Y;-eh*NN<?
zR`u)8TC`}<ikzKI`bBn6+jcEC_rud%UiRy0^*iRwXR%m;saNigfA{js>&-o-hF6}}
z?d^E`Q54oN%O@ox)q6<brHP-FBSfMkNpbq#Um}uR*NN3DHciDQKYGOP*s-I#XY0ho
zPDe96O$LTXTnGPZvqmWbHU@gNnI-T^IWRL&e66BgBhSKmhkvPc)N1&!VLr*Z#&t&>
z+Z~qIs_o+V`Db_jy7frM&+pG>!H=MTaGSQ{RL3<R+TCCUf8F@Cfl1R9YbLnW4%~dz
z*kE1smLARvhRRCq`Thc%&a9Lmqb#d7waz>-<}a@}xqLBr4qN2ax^-*u`xgasRxC1_
zjE#!$T%Wh~<x4NqgZBLve+9w}z@!UyZSCz0fwJ=8!6-X(tZCu#FDA3xt`C{#)A^j`
zk@4#-hj<whUjfFm3~HY}yEvoqRv=dQkPTbCw4i01b9;7o%8yz*?56<VGcTUcoLIKA
z<j#T7$rm<V5{7k4=wWZ4vT>vTxCPk`ligP~cs<wId0vk50H6|K%k8kqmjXAM4iO~x
z+r+Z5?bN8f&%WJXW>^?Cs()F0ZRgH4;NPS&!3D7Uddf5Vt+29b-TRBNK`oXQF}UNZ
zmFGuYSo*bg!T3-3<2lVFw=NIfj4$%Ke7`Suk=fqc*HsxMPtLbqwCMNo-C3;3r^dUj
z3!IGg%8Mxu8^Gdnm(-~rBEC}hB>(0br@q!JX0>nM_&`R7b%BQsje19ys!}$(0S1;d
zF{7PmPs5o%@mm3<2r~}9C^j}&n2?YXEsku}xN$fB^3O+C+Sh86<+-=b$Rp+F((f;g
z9BgIP(9X^f$dg~Pd-jb?IC)~s+V>UnOuslgI|n<>i*#{b*o3|4P{MQ737f`7jmn2+
zZ{4zG+)AUFOSfzpmfe^=Lnxa+S}NErnT-Pp!{3cPz44`Is>IWVd4>($dxS1;-2CT5
z?b;{QVFeCccYS!^!Qb6qKd(E#cbYT6z~o$2hfcm(L%KH~5dC#*e#r~N)0yoS<oXne
z_gpQRa;YxRVSPF`bx&*_8#}ILOZJ<{nf;E&jmxvO?R0U?h{!8*8#TIi@1CKPRl_Wx
zTR9{c7!T_g1wU5nyH9G@Xx^{<yP0!h9!aAO4caYxar{X}J%e7QpL*@MscLcl-l<c~
z!wxN4^lEn68z9o%*eST3uDG5ty&}S=;gLDzEoMwN_^{oT)toJ<C|?f5O5csIOdV}Z
zQu5|6ACzpJ*sfJ8mdmBwfu{qf++=?MddP)%;lAkTb$!O{kUTsd_Ip|5pZoxENZ;3}
zXOBh+%RaJa{8n0eU$Cn9)hoH_;?%rp4Z~}{DN!4;m7~SR%R45lXtg{uB0_O#2~bZ1
zl0K~NGxYO=T9a-`e%rpi$+R8Yw`bW!Ki{x<^W2mC6;F5hrt+>`ySDzob3y(ojMLyU
zuLbAQ-E<%snszR`Gh%$npqslyg}ZjGSrxZ**`g-X$H<yC%u+c_xV6=2*uuJNLpBox
zkvnAg;dd8J1eVb&f7(C1WnvDHf$Y_RoqsEP7ErhJ!@}H%S_V^M?-{u?X?SM`J}oIJ
z=~d1zhXYI(59Ne}w%t{`!z{M|uQ$gx82==Y`CYl56PWsVN%Onv`De?9cAb&a(R%Im
z_=$ea+Go4wRkW&iwR2YtTMM{Qeo77tGb}IvIN*}IxJ|dKIVl^X%{SU!=$drm=Is|B
zhHkhTM#QFHADo?-C~Mqq$P^o=gE1D?_j}r>x%9HKdUNm4xT2z>(p!s`zE@2O3+o@*
zeb?&%?sd^eIq!1Dq$4AUasEK?IMp3+e9!o8zP_2gimZCr+CEB-U%v<6xK0gr-sp5$
z=%>`+yq>MY#$}gWPU*REWo)xKV-wywIi)Hx*IoB88ha^YvqUU@^ZxynIHRj}7n2GP
zRZLuP@kp<Bv-a(CI%QgX=%ZXDa=Ko|wYb}~{nvLV7Z(+Ex<B#Dmdwn->n7K(-R}N4
zOVvrXg2lSHI`!V+#0IQ>f@I9>>HZ!aY+B#HyvuVpVdV1s{IVDFJ7aS1T9_^_u2pM6
z<TZm0o4!0O-k&?LbwcUx(0y661{^6(^W`kf&dhrF`0Snw7p@yOoAmmgQ}*3n1#Fg+
zPnYIRmHd@6`i9gtY!DjAdp~Jo`*6t={L}kqX@D!Fr%&n?45(jbc}9Tz)$Pu|-5Wb1
z)Nx02{{05*9tRFq<gFFmKU~(yb7C~>ba-A^<|n5|F3WvQ9hHy0MvqRLva0pYz5wxx
zCw+~4TUs(Wyu8a|^V}C_M>jDv-FqZ1bIOJdb0c!LCHCemn18nK*FA4;?A+vQ>hUgN
z#o_I*?nVw6a8OmMa#-aw;bXXp2arQFt5L!^VcPa1+%Ip>H?Q;c%al6a;sw9Fc>cVf
zaYMF^onunM!OnQAkq2zr&absf@*wKL+b3&^i${(eY1h=q(%364t&~u%49vJ;Y8+*5
zzFKs?&k)YIc8#vz?_2(IsAA;E7d(r1_K{_Im&X^qJOfnZn>Y6cmn1E-{K(<lnb)f<
z?dtPpUHy05e7R?jU7cg|noR~m+xaIBmS>jt54{~FetPzE>TY?XkdW!mpSPbf<;?CJ
zz+<*-*>b=9L;B2;vGW|8ak<>XK*DP?*SllKS(b;r_Nb!qoJ~omlFgB+_13l#2aWfp
z&1=?ADt&qMXusfQ-EMEbdvMvt4N)9k;BHr-5te_=eVUa#v`ee5tgc-*0afYvaaX(f
ztoYL-GWXxh&Yu0nwZPWbv`hEMI;JC|Hu6;}BO@cAcUX>Gd#f~T$7E&EEyc#TQRVio
zCJ(od%wF!$)Bfm*69%P=u8M12diGv+dtd7}!M*1{6<<3*L>7J&$<C~HNH{$HK+Ba2
zZC1QgO#0F`{<K@OR#tx20}AIKtT*OMk@1$Y0Yj&Qx!l@g-dyxx>eSjS)}_IhdS_f7
z|N7qV73Hs|ANbs2-}txQFHd*0bQ}6GBO{|*_wM!`5(l1AEM@V!B@AD1u176{V-;mN
z`=`|(T$WL~9x%yIW$)aVq-+n_{QAy;{MWDJ50};n-!^^Hr-${M&e?-!)m!2{9sl%l
z=)H@HvDxW!SIG<w?(7t#b{ubv^CE8FzC9p0_tNkY8%}O%u|xIja%t(<_jMW>P7O_;
zS@9{~ad+WQ9h!;lHm_ct4y2{*8$}a)_UxJL)6puJb?@H2^UEwNo^47hEuFVxho64|
zk0&iuMtof`CeQFE(b8p#(7oq!%6`8z>J`?mWy`{%qOW-YeOq5m0K8<tfcy84^bL1j
z{Yzvmmj_vmJDoqbue8)8R3urkdi51a?f4JL1+QnG6WSaY?w_)9{krnU-XA{{#kOg4
zA!BFzW&qs-5{I>KStz;^>XY*J(aE`E`b>Nm{`l*_#0%$Q_6$7pB<=O#?iFS4Om^O|
z*|#kwW<!AUoZGu2Qg>eD{$iLBQ#33fAZMvXXuEd4?}KG=wZz7Trj0vtoub$CxravH
zx?vpqa`vbEj)M28=56|I4Y{8gw|nnib>2q5*=r0MPTt7^%aXQvb6#Ga-@$F;#p1Uo
z=KQ+2YxkKmP5s8ScUrKZ$BGqA9Agg`JmNnZxz2Un{;?&ahYw%9sq3v5y;W1e+XoL?
zj>vfY@Zrwr{Qh>%jZ`MfHY<r$IZ1^-H&<Z}1$JzcCd(Ecy_XqRTv{@vK+)uR@DVHa
z%Y$pn%geWH;nbT}d@WSb+R=Q?%s{gP<I;OuZZCS6)rhz=(5lrnBcqpBcu7|`fBk8H
z!(E2EZR*W-Uk?_kzJWpKu3ZI9*ZHK#B~6wllw7&i=-Tzhd(-3Je^~G=)W6xBUOjt`
z>#?duyO){b+^J{0K2BzNE-8qa{rUNe7Y&SDLOk7bq(2>RI%m4ON$dTW^L&^1h*dn(
z<~|#O5>5r%t?=Ek&(x|_54)8KwN5r$ERo9(t6#KOeD=;BNwcxLjob^)bHvVdTmo?%
zmq^T)ogZ;P*=66}(cFE>cq?wVZf)A^DjR*?ZrHG4-MV$Vwl#Fw(xo%wR;`)aVlA)R
z?%lh`jUCGu2$ord_89l|GN)G78-RoBU;F1RPv&}U4H+B~(xQ3u8@F$7AG&+yNq+V*
zPrrII@dLvbln0({SMa;dqp1B|1}y#b<x62<;i|r|YX%wAK9)7B@vK?1Vqe~v@^IAV
z#tj-DU%5S}*&+a{M~@z5WH^{EUh&&+kDffSuWz(FD)vHt@yeAeffin1nm#k`?PKpr
zlP2}=-+$Do2dlfBI&Sgc$@yjR9h{y&eHx`yvKutWS01SM>hY;|GhD5&PMSBI+qLN&
z;!=^XXyleUGiS~O+oo;XwtYW6s59ZCEj}aMC-2s+TbC|f%FBC~>)A0o<xGT)rNP=-
zQ`e@B`+dTM2_+>Z9XfR2v^amkDJAuBLBZQGeM}ZTEi7!=y!qq8!iZa^EJ7}Hs^y!!
zcW=qVtXXbuZpH=!Q?D#pvLtnBBle8i@u%~n_OD2^H*n$a9KvZ4zhFV5#*OpDcHCu~
zzosWAyKM~tu)VnW$(c;A>Hgy<z|Rw9Tv%Axq)8QaPOo=I<oxPxVzS5!Gk!Cs?A6_a
zdw(9<xoKjrXh5|hBO}|)@8LIKR(5}N_YbSBCxuSN!Nxv)`t%d!0iTqhR31>BZfyiw
zvb)KmLx&C}BqW@S2$@|rtnQm5GkYg05AjWD&uCd+`ERkaKN_U%0j#r+%43Mi4Tgov
zRV>U~hDV672$39CVk0BsJpBh@o?-=|qAJjt2}LmyfygOJE>q&M=Ijd>_RWAUVs8(B
z_ie7Drv4v!sB1p|$xpTMAB>>(zuL#Q<3H@|t!-@d<3D=#u&Rmw_-}mvLFfN!@_*Kx
zA*?w=SaXK(hilx^rv|^9UA5-uV9n9Nnxlg?M+g7E%KfRErAU{o!49e?ZB%BuKb{3t
zh$sWhGeqVBC78)T$&6e2c{|B`pjeb5N-f1<Y9BMej&Lbiy+ey&94f&lS?WkHv!|v=
zhl_iFBjyc<$cOpkL|AYf`3J#BFeOJRIte(;C_s-Dgt_L}A3A|3LKAff^u`oQ2`WAX
zg$PJB0LS8DJi3OxCik2u28b5gV_!<p9YHn#$iG^~VM9QmOlWGE7Mf&6PqH8tUAvq_
zZEa#G?a`dd1Eh<e%VEZ<7+fh~7D0)SD)_k60X;|+u?OO$432@S#6sd9UHXdc0f$UI
zsZ&54r=%#Q3?D0!!@AdmZgCg1mJ%=u2@W%pR#hcS3oDYRp)ypkOHrk^7_tm1Urq^e
zK<2|?X?I5Q(5e^<&R{GYwgMeP)vt%H(;hP$X%%cnP>IdJ#B91($&7<!eRt5NCVwnk
zF0ePj=8$VPG^eVG=&>b%hAnaEY_IgFm1MG6TuI_irQPxE%(29u$Qp|=vc^`K`b;C<
zkjc-qB97jvWzEnkWs_5o=?m2;;n!$2C7Dn~+z2WIrW<A|7vhB2k<BRZM&1%JYrYA<
z4%SRSDn@O?(pO+_>!B^%jEM(ay5JEe(!md|fVyr@4?wp+atP#>LOCf><6O3z_6wp9
zC?h4Ex>A9`X;KA>V0JTwUd=kazS*e#2(<7Jq4^TNRH9Ic1UMH%c&ojjO@9g1SU3nx
zRVW-5h_3=YF}6ZYAA*8|W|mLlVlG&?T3!WCe;eiL)n;qv1J8ShQ8Y&+bCv^LhXhX_
zOYl_-{O{zLRFH|{z#ggctS;yPsp6#6WNFW}w$u^ggy9y{IcBh7QI~LB7Ssu0Y82$Y
zM=Y(XJ+CX4lZ>=F(VRwtN<4$Y3PKd22E3!1WQEn$RI9$Enr=BYU!bFNATy#L(r!f)
z4Iwt+LW2s-T@8>9+^ce}|IqL(^<;OldLpG2f4iC@S^dkx9##^>scMY`KxrjOBd9?m
z9z;zW?0q>i4<K6zlP$_o-b`5JPo%;D$tD;mLTFRS(!3i&ga!x>YtBIw7lK{FkaiUm
z168m9Z9tO0tKgsTAUz>cW4?o2!rTH~cwSo4JV-B3A)TlgBC3og@H#WnkO^j5Tm4+x
z@L0KizF%P#Sn*Ba8y(u#P4cTfOAcWVc!rW50f~O3`~_qcl_Xpetw!nC!7m5>0&}E5
z$VdhbL`}#TP%}Tao4_DP<1sjyB^V}jW{TRVj{s~m<b@g_G5Z7XK$T3veiFmvkeW24
z0R6!|AUi;=3|}Uj)@hcRXc|1BXI6sAC`Usw4rn-^CRj48+U{vRpxROBXM(R1_9(S|
zCBT0R&g?1y4R8Q(gm7+@T3`WoB$uzWoTvotMniyuw-C6gMAwWR!6bpSF#+DL(x6Zs
z^QWp_LMA34rBR#@!~vY7WQbQ+$)hwn23x1nKqZSG7ibJhc-|e-Jyh+IL^A~<1u}@)
zV97{Qtb<GrY?ul|O4c~6yyAdEYKym$lhR_i2kHnBC>`NX2DTUCR^S2$gB%Zu%9M}|
z4VenLSR|0Z=S3<3mqSw+f(=<DIsQshMEsHiNtPBoN)bHUPfE)oDf|wUb~&T$qFf@?
z$P%#gs(8AkjwH@Oyh%dVZiMRvmYASzsBmZ)l)sUB0D5G9V?`L?0rcDy7f6%>N0~?k
zuS(=G^v0D+5SVZ^VJbq8K&_FDb_G+~=Fo~*rFZpUi0Qx(C}Skx*g6V^M$yzfSiN~z
zgd{K-^(aF)06PG(SV*?vDv-DkgG(v75I_?adL?v#uF>!;E9p|uzKzO&!ot0pEE{0r
zXbr$45bGfU0%#uvK!uWQBY-n9=~kJCo;Kj2H1xC)Pm`y3kW6=jYpQcVKq(;cf*LJ@
zAVD4p>lDk#q|22sktSkLWG7pO!U$6ep`}g*B$pIkRHdB)iYy{6Re)aLk}(QRs$!V=
zhpbmkS+;<PK}mQR?U+yq`2rL8hEhaLmFgGMDf0WhG59N}N+pn_K<W#oP8X}iG*e`2
z=LF^sXaTBMB8?!m9EU$K@Jd$&l3u#g@qj?30i?^5WC}=L(XbVW1Tkt>%aP<GLqmb&
z5egVk^HQ+s2X&W}Obkv)WUxB2ep?DAQKpqQF6Isa0eWXE^omdruwn`{duSCDxV>Nv
zYp_eC@UB3_*N&Q|WN`L0DZ>?r2#DzP;@XEOt0-mLVC1zX3n5dOzyZLLP^3vg+myf@
zbc98O!+KRIgc3M%KsN|>WnMuR_kf_HggYoULA6^u6<XV)R8V9Uru9rN+aDnb=v%?e
z!mi<=K=3DY)FN`jG54Zg%>=e~oyfs`d#6{G<Gd<k3nU|2OFm6U1|b$pGE%KFr-T+j
zk~Tx(q-qZI9j%fv4Y;3~LJw`7B5OTVKQ~H<Wv&L@Cff|68%%6Z8u}qSF-P(Qjar;<
z;Vu9W=7cd2*UX%Wqbg(=)Qp$50%<`-5({051hsD+E1zhLpt63()@D*?%B>udRsl4U
z5VR5nuTYO5J1)RlS^?p*No_G&jm81_85kpTh#W+>Es!!vK-rXrASLNC$pOjj$@&Ef
zwjSH3-Lh3~0UZO#XaGkI{bj6#!w;_nYymTab}BByGIW7UGCvc>3W@EU{d5>HS<`{t
zM<}IxAjy?nAfmIm!}8$_{0I|B6@-XH3)%rm&Ia6cKsU|IH6{j)x0_k8y}t-x2($*#
zyF&B61`5HnMyf?FKBVJn2uO0_Gy(?@ZwQSKf)t~)G;FkHGpZmkU>orLa5x0?KHMM@
zAWI-SP#-?bOh&gAgyc)yff}Dmsiui72PN)@qzjs%)UYOw!jY~kj!OycbJRxDPFB;p
zc4V-eM+_=<0|%vGR&lRp2}l!ewTnRBHX{=c!q-AMY9NS^f5B}Xt56C@jQGwnkzof6
z(;8K!hvonbxeSN!ph}->I;Dvbh4WfB5xPtdNZ%ky50AbM-5SvU!VqYI=qD!?3cUpj
zsCEp<UI@JhI4af#6hI}Vr0du->4qo<3PvuY9Y9o_b*ws}0nq}cBZuTcBFcN?sA*eQ
z8mq+r-GluZB#sgz^qzwIUm2sR^#Zn@sB-f@jOLNmSw<_&3caN;fz-mmRH||m0u>c`
zl887c<(NjO9DzEma|c2dUN_NfaXtTorg5}CXci8(iK4OrS$FwDptP?e*g0rb`yX*l
zGr*vI?;FnO>hN97^d0=D!$ga;;3u?jR4SjM-wIVoMW-dLe1YpbV4%xWEArxG(m#lY
zl@-oPpw~!DY#mOk*8@^(2@ylPsbUzq(hjbXc7W`wqvTPWOUIL?rCbb2i>6nk6^3L0
z+WJF(iC@8%t7lm7?jPY;l|Z3w<_|J1g_dDKXP^kC4MqMiK<KLAQwlvkg(1bF(r|Ez
zT!?G92^57?_}|Xbn2&`6>I73|ew$;Fi=dDJExY<vK)1iQ3?AVkl^U)CQ1;|R6~+ss
z;30<&vQ^MHLXv-mmH}ikfdtmP(h@6~)|p>9!VXH5jMueJaGCy47(VU)kSw8T5{OXH
zOIjHUay_Rlv_U9ENZSDW0~+}l<{pN6p`Dfx|A8eXeZkdZ7IohYM&O}lzqh)iZyBTU
zO7kAQ^N@o83P{y}R)PJHw;5~<u|ge#fI=5D<v_4N$Whc$CQ@nvErbj>0y=adB1!=w
zYHg4dTm1oWDHT#F9~VSc3orVC?_q(vhzQ5W)?mRu0}BX|3J1Xb4t>*k%8aj2NJY5(
zJL~KM=r|gvP(<M5-(<mE6WA0+_4vb!%v@aN*8Uq78S|)O-!S{AvT4v9AD05@fihPB
zKnYN}Pw;{XnkaLgq*)F&!5EUJkLrd-`GsX70WOz7Ylwy`GnQFFqH>io>A!i$RxO9>
z5=JD0Qlf{Bb&IOttSfZtS@Eli)}e_iG#k>zpefaZ3Lb*gQrm&P@eEd6l!+u7hfG!G
z6Slr+smqVFqBhNgn4%^7FRK}B5##x9Myvj9a;#eU4KY@&{3B8<LI@K0|4DlX*+bRV
z4$a>`WbuHL2ZEnKT;1f+O|wv-ph`ud96&ixvUPdHcP$)LRdYyKqm;DZK1L!_X!t$U
zwKY<L9=L*OlLhLZ7E-kPne@;>-$Nw@je}_sg{cg{MA3+jlEE49Oa~SI5`#-2igLfx
ztF|SochZAJ8;kY&#dHb|M@g8cNhs^GNb{$rY0V5t|0^UqnAVuj(b6t55K*nA()t!s
zMHFI9uoeW#*=SFJW(jF`0jZM{qG(gKS_UWq!*|MHGXgMl0T9nb&}}LN3NCH%U<Rkj
zLCcIHuiB{!nbqyNT6>jCmHq1VC!}~Ynmh_lRyt^n5kkEfZ?wOuEomY*(cPYKXKDte
zrKZpkr$HQg{BV|_cez?anUzS}H;clBTF<#TiCWc;0RQVFz@_21{wQ>NCApF2o37!G
z^kaW#R>-vtqX3k!Oe&N}pyNtGR9W<xiB-5P3I#)JI8m^NuZJ7Y5mQvzZ`E_r>zk>-
zQ$Y{V|Bt%TBNQ$)C^h??+UJO3X(BHP26U?qN!FuMnht1c#l^e<Vb=F(R}n`|jfZsl
zY2&tF&=?s$O^{|itvwCxYnezYRw&U(U~rHuN+cI6P`rRtZ_54*No5SAXjlZUL<Jf!
zLcv#xAk<WnC<O^ME!sJd#$GC%MMvVHur~&V25HnU%BjU5Fu1m97&C+mMSvwCg!cb-
ziD?v%&tXO{YPmijgUD#efH)$3GHtvqMW9J?LlQ4k@E9^gAjLA8MRs2iZQ7-#1W7&$
z6sOu@s$`nkRL8HGCTKdc0t19rh9kXJKR5<zz;gWsl97&8jiReHhHD}MNKsnH#)q~A
z1q@~7j_8nQ%>rXO!7ShB`vQd&ej%!3{Skl(QjdI3`q8oO(uW10;-SG`6f-GR%W>j|
z1_sZ+erI6lk-so73Pq|O7$x451uH1$5JL*BCaA4S`4&FQlyPZ2z(uN+{e@&~4@tq$
zQB(rsYl@yrU=RU$z(XQLWLa4$7M-IFj|imQ&(xU^<i~@NSV(Qq?*<2S8Ge^&YRP;@
zZvK-lu}}_713_I=C{-gyd{>0@*Pjv<ps9~28Uzz6Bt&I{J;fO$l!l9h7Y2)=FpD0Y
z)@Me$|KVuqt58l-YJ+a!8p!o+#Y|ThV~HgM6yUTz?Mf1xZrBY&*wMOUt1bVoBdO^{
zyCFisI6R?3u~M4aOO>g$F3JC<mpyPGwfaInBaWGj-iC6UcHuOQnu*46F{;XnW)tcA
zE6hxUe1ucbKZc_H(b7P9B0>dOxJaqFrS*1Fw@n!P3Uy=tM|@%5I~4Ty`L(Jfgq5fr
zkd~B+*zZ!hZ%?X9lPwwXU#-Dc$6%{#sFgD`HyFLaR}+Hon@1{p3t|71$M8Q+7D=Bm
z>Bss1hcZ$jXH|#~e}*bz`tIxh1XZj-zyB8c0dxWaCTI<XcTzj%JIA8{O6Y|u+HtKo
z;D<F>e0#1H=#LG<EYZf}VlHGje&x522BeapkP!GXg>ukc3%3p(*<7t{83(s?12akS
zjbOXFyF$s^+ut8Z`|#)yJpH5-tq6w<A0en?IHdGX34EG{IF-+#vT3&hG>dEOZsbMU
zg`^);qvL+iFu}@B0$Ei7)m2zH;ijOiod0p6NGVFXRFN_bGkVa_Lg}9&h5r^b0{TR>
zT0&HbN#81g_lIiW8U5pn;2ANh;2EJZc#P9{s0yC7m8J}yE%?*M!OGUbzET-Hqra;T
zo_--b>|a|6?|<`Cb^bRsVfi=q0kgdIw70J&{~P+~<$ts5VQbIA?El6wRQvfK&;M5K
z`s<{U`D=ZAr~adjwT=Gz_q2uUUz7juKmYmX<^OZ1BW`I$Ax5H#L)FbyWYKT>5T6W|
zTbANv^0$9ml0PcPU)4$ejQ%}Y{`i_Cc>F(<+wae=@}EfHXY_xZ!7qUN>mQxB5B>3H
z^7RQ+nBFkInW2m!u9|2P_<akc-_6~JzWv#JeaO}Rr_=S3-~M2VK6qeSiHUK!@DKF<
zH)iMa&|dpX3Hqo@HOcvYFk7VuB~UT6>mSO<r+}Gj{;ouP<Y|Nd^+bFGbJhNQ20kOb
zL$uTalV&3Aa?^$)FL)eU0*^Fc)T5Xp9I-pV2qgmOIH5048H>1VmvH1`65}ckcuxWD
zDK#$>Vwh+K{J>zes8WQ(6hCrC<}nG3*arJ2OmljYzJd-7K@Np_BMmLEZ=8w{VMnV)
zpnKAu1ZHWgoh2G;n3@jBbESt4=4tC(&6!OAQ^=I)s0IBa?=*g!zz3;`Fen#B5)JC)
zCp?O(RAFX%@0yvLqqj-A1R(-XZegT#AEqT@yvj8HQ)94Di3pVm*#?Ys0iCLq7>ZM2
zLwBtcY?+R#G;t3K2*h|UuD%{vlt=;RNIgXNz<4+`6l_noAP*Owht4ZzXxBoRV(@?-
z6co+ut;{*-vIvMSQs!lF)to(I1R5VM6hg<JC>F+yKmZYJ7%m689|s;AN3D~O0v>3>
z3Cs<~{1YY|vQa0K(cnfu0lLVA`CvHM1P<dpz>^gsDdwZV!6M1DugTDL?r8FQKLH-D
zhVlPZwg8V7!>-+-1(4YUxX}-#iqyV0fenQ|2?vY9ByubYmnaFaxL`i!7>XUP7O-Yy
zunCvU7-ojxjA7pX!5%?8@QW8f0UBKnaq%7G5saC2?Lu_rVDP8;h!LPqE*vuajfRN8
zYz{V>klY8L0~kMt(?Ol!SJh)NA<+gSTO(I5T&a-J+XJmz6d0}w$lp>7T3b0J>OmBa
zm4It}<mdtIq1p`L5|LDhnj_fY8My!GfKSY9+yoA0f`dk5#S$rMg9H`oKo2Y?{-6y9
ztPAMR!vc;A{tX}xUZUm>{~~7(r;p~XCZNy_$A>TgQU;PnKwoyH;eZR&cqqW3pj?<4
zQ5mNagO=EgNL`4En!gz*r<teeUF1U4xk9aqQmaUs2<RqNrUH;XHGmCY^vz@9<h1pW
zKnnvsB%mJG-TT_7tKa*Y7j?Eg^G%&CubHJTO|49*QQkS~DwDc`i=fRoxLd&0aJ3Xt
zIz@OmJohHY=yo)E6uD|}G2ur0CcvOm0kS)COPXnAJ`M)uChcJ+umz+F0WPHj*>w;?
zFa8`e(|y+*A+$=Zlw+Fy%*+vnQkTg_snBM42kt5OpRqq^Mv7P;n5Aag5_oi3BqZmF
z{a_jvBo~@g&0Wwv$XcppASSZ7Fd-l8eMH5C9Et=08Vz6%gF>|M1V};viVe6^H<CC|
ziWFgD&cI(x7lAP|lP&~>vpP*vbcz8M9smW-2V9*I?nkbuNGgFLM{)$M2wcgBwO|Aa
zDI5&)L6IoShPSB*c?@hc0flI=Jtb&Y2%n4qEF4@@LAeB}G%(!;OdUnA%_MSxR4t@w
z2g-n`-8N)LqA@T}r9>r-qsWA|PqrB#e8{^3TZk2lkhBATz?3Q?6ubfu2?5lccG&%|
z`hG~~kB*U+bpP0D+&?zGF&k?KJ3H|2zvlj_@&5eFKGoX)nTqIN?BhH3e=9pXTYdXK
z_@l=D|KIr3*#B$n|NpmDerh}cHJ*SPPe6?);D5jqP;HqW+ElDpriY@Y8ZUs3<DkYB
z@DFkY=z0Pu*_kxsXjYH(189RYHBVIv&9vcKacwlqjfDbz&IbGgQuGMjkjx+4-c*1m
zvibudMywD*D*~y{lcD$891s{4s_B9rz_q!a!X@;nWDRqsPA%h+BA9Aklfz2C5uG9d
znwJO3C1cQ$z{-8Yy%R1O1LJ}fv?)QNjgmIw!}|)g9GOb}B#|O45N0YSL~`?QHbW-P
zgh^;IKy+csbvo>p`I@)J+94uTI(G&|2~qJ}&G{TSA?5?sM6AR0wANiuD;v0;_Im4C
zX~a4Js=je6X5+S&HdQuGE{1l}2nGa9tjGUz-9j@Ej@dH$wgw&B!oKbF`u3B^!Ln=m
z`EH}k-EVD8?SB16HPC|R@MGys0%zr;9Y459NxO1IEZ8+tDYVCdNs`U{k-`@y&QXA#
zLE9NTs4vx!Pq?G0svP9`EHgsHNR{#9vI9ntoD{W)Y+XVC42cw(yS@o9-8Hbbg5a{H
zz@<HK5CXsfn}=_S;rSXe_aY&QkV8#H9s$n=0PyMA4=M8>ay5}B6O<(Fh@sj8x*=^_
z)|QBXOHxI~29o|bkkbQnLjX^YpkC3HaH(jF1f34oR&3C=RAoFr*&_1=s-zKW6)p<7
ze)`S2$C0IQq|!L#o+MozN@TO7F9SVNB-9@ZeV`ex5*?%udZH*PrOpugRUb^{d?Lz`
zG`M}^+dsghN$#@$3%e#VYBDWPq)pR?vS~s#h*|e^u<qqxYp-Y1tO;oUQ=e+>e_A!~
zFZb~s`=70~mA?J2M-SVY`rrSRPmTSr#{O4h|NEBxk5<Bw$?v<RrfckeHFm!myI+mn
z?=RW?YJ!3P?G`{S?MFw(HS}Loj*H^JFdUeww7{snjiQ4f=Y#32Fjzqw#p8(NP(_7r
zFt{RkMpJeQZ9P=u&`lc$OBU8f<ps(8TB*J^X%>SjEF+hXMvrx*K?B?MpyIl4C10X~
zA<DW@KDrMF(E*fH@F0wa!eRK11wYOLh7nQ`WZ^g=Mus#!jhO+YaHUA3t$7TGszzx8
zfP_H65ZZ55JSG>IjT4$u$5oX;qPZ@7mgc<rs}-ZQpKxt3Gp*gn${Y?78kq1HTp~r5
z1b9~)i>+nQLI#6o6t9BOTTJkiCOT-P;fq9aWQ!CDVGI{lVU&aUO62M>q~!q@1O#J4
zNZSp;Fn6$HB`Ptq*`8eTjb7X_T-x}+(>3^gqfg8Xv=I#UGG#pUlL(XwxGI>70Om$z
zQ%uTSr){Q%`CE;{7PWKInFogEL4jYJ^@2?rc&v1%LRw^gtiLLH32^hqdckUCI<4wj
zp#PRx*yyc+&yTGEYJ@78inKD);5h*NZHJjLfvvj?48!jav`$qB1r6%0v2NRXB?vW}
z9MvGyY;=f65RHOSG(HB+cC^tHRU5?RFv^gA8w>~$K;&Vd5QzOPzGeweLZD)|+$eFB
zF0)`3zr~_};=si)?{F+mp++%<DAM`ItLpM4avYE}f-G9=N_|6Z+asC~B$A4tE@Q)C
z;~JP!`JdqqpecwVTyOHEI|El~NE(|SIW_94XqHBLN7<}t37(`{VmrD#s||Dyz_iP7
z3796}SRCd(B<;Us*m;lw7SB*%-Xf)%z@-uyArQv_<{=j<HK}RbD6<<vKAu8T@|M6n
zVS)}qA;mGWupSk<E&8$Y(k9LW&?Sr^n{e51=jxlIE8`T?;2Vpw1`5%H*j0~@gLw$m
zIIM&;5ayR+<YVKBC3pl(jfN_s^#=>C0MwNbfW0CYqq12-wmUADNEH}QErlg7QU5?r
zjDz930+_{<K$ZZMmLB0b+ROlr#JETbAgmIDZcs1o;I?F}1auoH5-MRw5*$I*R|FH+
zgW-89gc7+}!APe~t*JG=ri?PYaN-K31lEd%wrl3PQteBm5WYch8!Ld8Ef6DsRk`RS
z<ijOOLZuJ?SiI^508|<0vi%?^WMJH|Ko$vrSQx=8gQ;o&NC1~q!GwDxfXLywOGE%1
z{vt8X$IKurGUu?tHj^p{u-gcLqHtxZ*=b+`RWBxHrsaF)+G4JB!EGRyNEK1&d=Z=w
ztd0p2)}ZlJxnaX`z7p2_0ssbzAB^Vb@|7me{pnGmyI?BlHd%3_zqh|fAR3~Ze_(V~
z6jP%~Q#Fw^+B7YC^rt;RRC+<Q0#PK9VW=q*DG&qUBNqMv7Quloeil407ykjl{i;AS
zfsWG7Wdl8!bnQTb7%P&3nTdYUz-uU=l#oW@QUa#r!NH~>kD*c6N&yo3LnyIKsR=dL
zMd)vnSvUu#pl@Yo;ta1LqYv0F%(U|V>mCxVDF*pRY^-(sBfT7KdOKLv_(y6!Kk%v6
z|HD+I{$d~B@&8!c+V;?o|F#CVYy3a|h0j0D|AT34GXE}r4(-sX(x3D1ap(LC(z(=x
zaM!qUYFs%ruACZI&i|$>hmJU)<pkYqI)C1Q1NCxEqqO>6jR(SkEm6^yJ9y$8aXLQG
zi!oe)3q>-C04c*TPEn*3NPrF&rB;HS51ltE4CfOHsahqH#*wvo2o<unXpcE76>)&C
zqcht|%+r66g%rj(gRw>d;U^q0Mx}_9so>t_(%uPJjam{8-@=J1Ef_#cmy-!mXxWIc
z6pF$natVrKCbwn)cnBj6wP;JxQ|7Y0RRl(91*EM&&j?gypAm93>WqHTG9rp*7@mP-
zF=~dJ2ik@tr0pO|%?IybLIq^|2%3M%lE{t}iJ~wG3Sf<jQ$mfKG;v9hicH1XqG|C(
zQbjCR$1y`hNt6<mHaicR3mh=a%)_RQ$!LqH6ey7oH7B?)kZq7$ez^M7k|U4-ts5|p
z7<6J@0hTQiyh{#CAqTsIN>zZ2R8(h}gfw0YncZ;U$$dGxPG!eHr}SZUWh4tgo0jg`
zd^`%kD@rMWsdh8~f#3&IW5clEShOD{s8J<GNn~(4LJ;c3zcV34i=t!#BRFb}9a1N<
zm^8Hgr6t8wB3xFTg&0{GMUcNz-UMpVgc=;ynB!n_YA|{?4H!%zL>!?_#nu8ERxn;A
zTb6dxfw1TlK~UX7sDXJ!z?x4YA&1-&VB0{wAwtAKs|>dT;QG)Dz=tXVToW9v0$Y>n
zgz4#om8J!f$_EcH<nqAG;Ch+_Q*W4<qfUe(T*{^}iN2-TaSZCgVeAX~wp1dMP(7d=
zA`m77o7~qNG)@j_;Dx_MXj%wa2{DIZ*yUgZ!e9t=<XpCdq17U(lnpEHp$a%Uqaz*A
zD!Pgn1tN4JAy!OzgETXd5bSWZQVzN#1JPl*K?Uk@H0AY%kCVavaB6_c3lWji=0IVj
z%g{#virT=+4BEw|ZV_UfPSykA2D+EX+3*rQD<vESp+Yskq%g%hX#>}rt#<#gd0rk^
za6o_FV3!~d%sUth3<?PGcK2|{Ok9G&cM}da*qi4SFo=hNCxTr3c|);){+NsZP;7v=
zzdHx>_<!tO2V7Ih^N)%Oky9*ZMST|)35L)`K~Q>;CPXYK7$86-B#;CUv3Jjco?=H-
zL=Ws0MXXp(1rf1hN5O`QiUkq=yZhctUP1s-&%68oe4jftuWXr_otd58{myVNZwDVA
z%+s6h;_l_<;sEZsc-XlOwRiDw!fe5J9-bV`&Bfh?0}ADMVz5G@C>IAGSeUzmx1BTi
zX=Cf+=E51lqC2{9JYboQp5B-Z=4Io}aj_ffX5)={4fXc&^l<>y+k;{~Ts$1TK`jpM
z4jvr1u;u}7Vh+CG7v|$^<K_nIqT37w&G&{4#Oyr1MtHk8Idd>)Pd9r9aMRWSG!4OG
zp}Ih??A&Zz+*z2tjk}GL1NzDnl;TZ?ui?$ZhB-UHTd+PG@Sh#W#nS`!!_L!#;|+eY
zKsUWPvQLM(_&BgI8*djMND)VGPj?m_(i42)i3$PVc{t#uKw4u8ECH{;-$Q*IWCddO
z4mNI}EWjTR1^#_WfVv^^>3=;Y2?de_MW(4y!v^4ye6Qg2Pc)K-UbV-6Wf7!ruA`p#
zueqUF&Hevo#y{h~KjNC}<>B-Ty)zsszqmNtdxO8H!2i`7gFoFyy<0=0bxn7%x8aPt
zS(+3#%4gV}S1)tVwQ;tc@>d&d#?V1Cym+mHTkA1|r}&nooV%GroRV%jCC6DzwD#QW
znY=LNs&8R>%GJ`Q+bo3Z^n3iSK1bJYk^6qyZo4)Z>xSsXC#Q-K-JS={&(6FUT3MBt
zmwT{etz=T@z@v9xPBGMMvSX)qzrnrl1tbk?ywh-p+8D0C#<3GwZKlkO>qTo}lAyMZ
zqt}8?x3IL-Pg>M}=9njHm2C%f%PT4iHeR`W`SR2P<Jg>(_EWO&Ul+v0$A3C{`R2vO
z`eTBFH)dvLZrL(8jRU@v930htUh2nr+4nDBxia@uVCMxPPySfhqnJZ8)Evg)JS-_G
zcp_~%yUDaMetv%L?(S}GIluqfXOPz0cki0f)*U`<HDJK4NY2NPAG5Qwz0=xF!_=qk
zk0_j#{rT3aUTw}6Z1yaD{``4qY0{cCe{%G?B_yY6+bkMCZn%XpBl|wBS@tZ~eJAb@
zN(o%y)9CWmtHqBVrEc74@8}4Mp$!s?#ZggZDNYFjfgmt2(A42{$(z<qY1umy6Ms$e
zI8#(saBi4h;{N^nJ>1;fJUr5`JYBbL-GVOWfva1mapH<j&wF;Qi|gP+Gi~R-JGgrF
z=m`Tp<(g0T_L-=m#<^|TFSP4+*Hnw~Z^OonxtBh4i)rc({d0$6Us_MDn(+R`ZH}Iq
zfx(XL+l6<JOuX4SqO+l9pTu+b?{jIi_N?LSCi)K_-p|_l#mkp@A$weU{;@0Hc2ULi
z5qCn9t)4#XVy=~QH#zFDmw0?;_2o5BgI_eeUsY8#ckbMsJ9qN=jcp8#j9RN5PfypQ
z(fVmGv}bhE);4`3!PNh7-q^H7dpG@wV6>U8a_*TqzWnL^?Ag^-?~e{n^?n;gS6h;n
zcEd8}meHsR8qL&v-qr1gck>1><fNNwi(h1}n>$y7M$>I~F6XEqB4Xl%2{&)vY}2+a
zV9={^1CsM%qoVRF`y{$rT3D=b)0uwUa9}4cx|S?ivTfV8($dmk<4%v}O`KTd;?iOD
zsu_=uMpsR64=o83z7R3n9d?iKRl}B_j~n1G5*f_29kDxDBgy01QezseM~@!w-n}yk
zh!TsRK6%oJcI@1_bGf;o$lTkvlk!S3GBVzmm$z1*@%F9MO>N!rt5;*n9-Nxj!JvxQ
z`u+XLemYC~@435T4QH$W#It{1y5=?f`o|ZC%td!5_}slWzxqvb_56q@M<;xIePU({
zD=VvZ^qF}jKrUy@n)S!o;4WQOzkV%lJoR2tk%?KBbI(<4);xdlqW!#6gO{_L(#8k`
zTQ_Yg{`jWEHT6<qp{2F;q$}w|w{PEmeUn5dp_^5vq-5bBY>e^BzJ2@pR98Gsnf$PL
z|BChzl06sm^Fy9^$0k(=4p4vp{(Z7#ESte#Fqv})VShb(z1$$6qM~B#Q;xsCe{^*D
zg(OR}2wOWB7ndPJ7Q3eI&d5mk{dc;i<_rvo)|A{3Fm8IZ4D8rA+b}uLKv%b;wzg)g
zRss9QCWbJ)d`yl#TI;>V-9T3_@z$l?XKvhxDGunEF~u)K*x$lp`{+ZyCT2ag)HR#g
z`ON_hAJA>bwr%=`hF+FUqGDsacY{~4_+ZzrU8NRDrvm$1TDF~g@*oQc&>$^oWTbkl
zR-uL+#Ru19-w#{+^7f~M%*@{;fy>VS=I7@<A#3@<guv^K$8@wF_iD_92@`-?c;^xt
z8X6H%dj0x}*|VL%NWXXQUh3fGgS6()nG+ck1L$gIW)`@sUymNy*RI80IM>-KCB=By
zHG@>|#Fb?`Z<tzFw=&t%ZrOB0^=X>TQnqhro0@V`z0JU%zP|LCw(;@tetv~c3Eec*
zrp=!}KPM+=!-fq{pN>uAxUTnV+_>?El$7X&Id7(J*x>PIaCh32g$whGLxv2RQna_E
zW8Sns{`h0}o;|I)TWe;6@*6d3#OL$Zu3d|%FI&F6<k6#T!*@+{OiA6mIooin@0O^3
zx3u4zoIX)h9`x(b=;-RLEshly#-CrNzhJ?FcJyBT`dz<p!Q<2N<m3Q<|2v?&At}G8
z9luey;rOEM+l{tvc={y2^{?-q(ahnMu`&;^aIXCZFi`q0&NjSt&HPTj(ajtE^|ajR
zGuxzbdM!z#(RS`W;Wwgn*RBz3)(En)!UTP9=jL9hEbg^D=wfx4m#)-)=2Y64jxS0}
zBl!HXw{L;^y!vp&dN0kEEyuoF$?dp($Bw+bJWp5G-TU|V?OV0WC@!k({H06VH+#m9
z4R1bscD}IN#V5YM{g(5W^LyU;0S_JwNaOTrD-I10e>-WhwLmb(q<bJX1(=*WM<*w{
zrY>8$v}f<$P7V%JvEd^}R(vQc0wWHL{MR2RSSKehTC^^y>w4~(F%OD!Pj@l*U%D)2
zweK%Zj=`r+8O)m((9MG5s#BD*VR)CmYDdaW+YTFM`F8QRxcnT04b|O$omgxq*}Ps~
zU;o<n(VucflZu`_`vl6LHf`GV>(@`7wC^~p`@l(+l^-QDZSTK$(XDOUq8Bd~>ewc_
zCM~}<zSwQ3zyE62)YE!zM!p*Ns{Go-{Sigm{Yz(uocVBk`n!h@tLL5Fd?@qX?%|jD
zt#W@o2FC8_QKNjfkJ6wGvaxBDoYx(Uo)#?%p7-x^rRn+L^m!e^k5r^@O?8;zGV7P@
z`xoE8STMf&vtfAnhN)w`(=J^p|LgIeIXQVVXR+^<#pJNGBpE5a+RSxLZA@DS^wRF#
z;-b?FL`Ofz3>|s}2s(Szfps?;IjBv$TymkTag(FxbFwVWQ(Mt!$pd$XU-PW0y1UkT
zG;dwn2*0*><3bmIOfJkc8x<ODI*c}C$dDH8SyQmb?@9}SqF=SgQ7=(%vGbawBs0r(
zvzYp&BX>W{S*G7VDJiA6q+odFp))bh543F^mHy|SJ^`VxURHNYkyP5Zn#ZfI`oy)U
zHXcGtN=jPwI~?JyTj%HJ|JHt<S;?HDq9Q|0(cL3f`ue$%9Zap+clSLzbKt<6D_2(N
z$G8=Jd~^Kd$$2YR#-0l7I(otE=H&&RMY(gU3q`}8v|Z0^?4_3o)arofryP-JNAcX^
z${m|GJ24jDIx?{^FR#_E_mkgkoqgUax^mpi{)gsw+~AwN*>l*;nMr#3rK>)^Jo?%1
z^38pXHl4~61?-&~>we>xQ$=ORj~~B%`*y2t1EyeefcELv?`?VcukG3`O-#IT{rXnF
zjD>?PS{|Rt{qUje_l&zo*jmo>KRzF2XrXuh+<1@mix@p_Z@&7QcFR$FP9IHA2dwR@
zccQE1fq=<}FHK3G@njFyahBQ0mK?q4+nLdBI(rTu9=*+1(oefdye7TrUP(zpXr6Cg
zbbjZvFDG>vUm?v*ykd~P*tXH<Gm~!(jCtN^mG5Akwk@@tD_&(gXD3aKYP{%daIkUQ
z*!h9GKD>T(-gdoVUwB=8_3pxl1C<NRx8FXRm%-W9*<nJ~wQYW){IG&+d7f*flPk-n
zKX|ab!vEy`WBbCJRJ~rlaiyQg#K@L5c3;J(mq#}jJlW#AZI#7gV8nAST!@iMCp_Dh
zp}8h1VZL+0C3a$B`SAV2_wi<&nQo{#Xwl6<jqL3Y6hAur>~WY$X@AY^efy@H3r&|T
zm71ApI5}>_)GaIv*`pq}>;7_IRFKwcce{hljJG$HMn^w-`0%gb-B-2@Yp$jicBGNb
z#l=0G-o3mly0;{7*Yomgd)8V#+c#!?QQ4S4M*QcBV~@kyuXfMa)5AuK)z0<l(`GH`
zH+T3)T<qVfWvkeOldG+oH&4mf=@t04<2o<hZq^e%JioDL(V|6{FLV0z>C-J?n6K}C
zNr}fqKr;^TI1;)=Ul{wbb20FqtUs}i-whBYuk%jZ5g_{Tp=jF5z&Q&;ZXc~)yK-=&
zi7Wc4$Hv5rT{X=ysb`NKLHAG0w6L?)syuY}cIExqnKzuRIzN_fY0=^8wh`0Ew&`!Q
z{`#KYFDv8j>@5MB#{ba%)(K8#;oUoRN=r+dn~>mC&|>8{UC)&K6DLk!>fXBTz`&|-
z1$LoHbJrsui#x?U;%l?nF*9eb4hpgwGOPFESK(Jb6qOw~apFQ+UO<*s`jyB)Mi+O`
zkRBPr+v4bGhm^m9Gks@_Vgs+StgP(9g$orY9+qT8++G#VjGk<1c`1ALYFpbCj)$90
z8#8K6$%g}hHz%y$_>ed5z`Us*f^)H@YK?8|?3ye;Z#LR|Z&p^;kt6=we7mT>x_7)u
z6RYd@?wu^o&Cow^@pJL&%MSC}uXx2!pEmjPv)@w(PmbE&Jo^|J{&PmI?+jeBnYLU|
zPN4Jc##6Wl4j%kiQU2`i#P_2e9A<j=ADzu%1K)i)(A`f~f5<jmvobE@X!k3^$AX=L
zm1j1&&vT!Y<b1OGz_ooNn)cCh-Y?8`@Ja2c>FDgNo}7^NApdsLsn~(Ae1?I6!Fn&i
zSCeiD&21Jrj&N<e4p`eQTf#qAlvk)l7C9D`BzMU3|Hu#*=XCDgy}2YXGJ4;Z?Jq>a
zs#EXA`4#TmVGxwhcqm+ueV;YzfYz=Swkw(*Hyi+bkC7v9Ucc_#vrP{MV;Ot&*zoZ9
z=ht_=diCnVhjB@w1qtVyG&%aL)Zxm=&?W{3BmD}yEnU*S$-{@H+x%jAH|;`03yX_y
zn+*GF)6_^E&1viA%^U3Kc>2|=$Ppt(#KnCC^97($c*ZyW=r#E5;pkWQf?6!IrqTKg
zt5^{LeBPeDCC)vwY#X^x>}P8FabUGi<)h`y6+M5A(CezLed*Grs#miI+B-RgONVWK
z(klGP%kBfmzh&yoHCcJhKie_!=IL1-+ikQ<DE?6PdOO=lC)sfODlgro8#it|9RHpj
zaAZ`#3cJ~^y?ZB~KKZ-V+O>N}EO6EF>Dte0T5<V{7ccq@+ureUi93IDu<?lG@d?g7
z`%5;_x8$sze_s-laxtSx)P39Bd)RC3yqh;OfdC&m<QG7jA92znDSh|2^5%v^Lks@A
z{ba(V%5hB}JkxBJedET#g9k?h&{$2uSUOsL=k*mJ*)N0wi!d5Z^KCgWK${linSg<w
zm$w7HXfT6CJ2;BH<m|=gH-2po^vwLgM2Y0j^b^HP1K7i^Tzh7g`?$30`8+58u^&Hu
zns@3!S=8+U+u%l~W@cTj#$P_RcE+;qlm0x@v#|J0!sNZ&-A%oRUr*c7;!@;C<JasR
zt5+9Reg0J5X%N<8-R8}+&jvHn|LBwG<>9g9W8CQ(%i8BJ>3zHSjO4!Ug8Q_ARoAD5
zY0S^QuQ_~1N*h||eHV7`?)G;4dC9SWDsRE2t3012_f9Wx%;ugx{jgWB(T^V#{4$MZ
zI<h!SE%K%R>i$oTt;x#TUzp)8T0GV)D?YYc=h87ICJQlI8s}+g=>kVuv%PApQ~M(h
zmX@AQD+}u%x$fcd=`p6i4R&2*(lR?TJp9??$B%Q4YN-uM^#-HncG@yWi^XR-?S~nx
znd{th^g-jo>rAF5G+tHLCjYuYv%2!*y^}K<8x8mH@EAO=rH@E(wUNF)WA4e<&vvZb
zyT7HAQ}UIxh(Ft=wy7vcrW>2Q+>mU~Z08k}axAi=mKvD1sx|I<eCMv#TejFex;4YK
zm*`H`@HdBc@7}Su-SoM1hLu%NSy_je7ZXaCcs`KcOb-V`dgo5b-6Qb>?o83R5wQDY
zZe+*i&1WxOym)2auGWLX`=oEbnxFsfaXu&a<@Dy=^A^x(G_SPFcPG4g{^{iwbAkHh
z$4&cN7Cwl?G_ze(Gt*p#dtIFLQ9PQ*OXinl?E5V=*>-(c^vccCuqh871a|M<-QKBF
zQc{m&Sx$^0A)(j6e~oElM4p?xoIB4Ba!oxr%PZ_^wRTIVl4eJKYjn(T)X0&pDfwDW
z#~j}iP|&f<l7t0kcm2NYX!nnA&t}6bs90h*edp=!Yu{;Kr}=!|^tlD2&C0bC?HYS+
zxuT`EK5A=U>xCmCD$D{sf{c68QoS{@4Ldjb>ycLAit1A<mVo!L#m=2Nbqag?ta$Fq
z#TrwvF`-Ty3bs9e?yPgjY|xU=z?lIfDaW*nnW;LMtlYad#*~S*DLL_pG28Ci@cFJi
z&lwz@u)$!sv%2In81Xc<#%Iqi$!xU^xYd0lMy^>_+@bTiy?c5TMXnq9i>KRP&z{bj
zRJp7C*1@qUIh!vA2k0gCH8V@yw8<lWVXnm#`&BJo&a<|jpJzQ7Oo^}+rr4B=UYm4=
z2c-<!Ofxp=(Xy-S{ym>&>T9%Yekttgu3c-vf0HYNa)9)i3$q5TG&Jti|C5$lBbuRP
zSohVd&X37i_PKHKgb&<@bKCN7UK+NAyV&{C-GS`Iy88;RNi)kIo$s`G@t+g=&}dUm
zPq16>H3jQe5K|T~n8s!=ZPMH~>~hmnfj8D#4K!LgyKC202Q#~^_d24k(Lbs}n!3pj
z7_j6?ncBR)nzMch><A`Bm{!PzFfFx3iHWIEVc{KHwbBb*@$uLyvqqh>o%VJ1KU#Gz
z<L<KXVTOj9rl#t^pZt_-J}^A-)X8z{-d4}o`DATv?PE1R+{SuQYx?5DiBF{`jazB7
ztQwKKZR^(fRT{IFZQVLDw-tS6aKwVKf}lP8Ib7gjc-YZrw7U32nsi3JKwZ<muiuJR
z?S4J1-8HcZ&1=Z|Yoojl{b~R5Y10M$)2+b>Ov#sa>*1C?yidEqQJ=>bl|NHIlcl{d
z-?cPs@0IeY7n_1PtZUCU_DStxW8*t?puY;AHRxDee1VBcj|*!@hhLu8vgOq~chs#6
zHM7Co$|6xsYviCvco}Z!Gg-Uk{NDp_XU&ayAc#^|(_a4U#G}k+YW*rc^xJtu+W!2V
z)2G`79A3Qm#hmn4z@@vsE2uC-bS-m6b*QW6(YaOaXU<T2x5Jj!j?S;HS^?Zjw@oi}
zER7kd1q)UTO)*N+?%0uLb1{F&8Lz1~=<mQhBqt$we^k`^0poV^@1F?xv$EAM?m#(Y
z>~Cq_w`Jn;_w<>6R8-szT3z<yg-~ZnTETS9kjAgdqt)r+v0+*(x+kvexFRbwRCIAE
zn4Wqjzgsh4#K(J$Cg0@$v13Q;={tAq$Tp37x^c^vd8YzbKHlw?#<_a+>V|_)gNjaL
ztQMCz?O7LZX8_Mor)TA@(G$vt-q_76*}Z%1>bPag7q^}<E~1TQw$x(c&21VZ7d2hy
zyG0_A<PRTp<jn;}kU`X{Uk;4wkdy~}AhT$%o_|z6@oZZ0Zc%<{BekiqcQkBTYu?()
zot~VW{37qSBc3`-MzDPSy6kS;ZML1K^Q#jZwSEbTaKC&l&nxZW(ss9_7o4pe(R*fI
zccXRJ5+=E~?V4*_P~EZFm7cvZY#p#dMX7l-Ouee={osrCVV(7^<fU$kVs0|Y>79J?
zM&Yw}BQ{<Mki=$O8<v}t6wyk1_*7%7LoxbBcg@YxZTcA+zPfWbzO=No;^yLIZ>5t1
z0vyBp?0)IVzQ%hm<Xp;}d~~!V-UB!ur~3el@076J%`K~6sbOCelLsjY8}@QHt&awh
zH#Q@}??akTfqAEZ_}ubKspgwj#kQS0KJm4cRhlSk{WS-T@fS0<@WaAhy?uK*PUDK{
zh2)aM)sq%pINDEp_Wu1=r*+B>zZdd&R@W-o`nTJ3{ru+ClG4&1cPD+?nw2$d{glRy
zweQ9oNKes4G}?tVX?Kn!wV(|OO2Kp=AL!f7xYONByPft(G;E%pU;a#ZYh3<qeVrv`
zjT$WszpA!z^QZe|2l9t>O03x9w?BLK;G-4kZmeawS=sj=p52?1b4{!5<d=7>a&Px5
zrqirkd$nsL4qP>Jpl@UK7Jgowx05$@4dGAaet7#N9ax2ojLH3cfcDF(%JdYzDD3&i
zo$;gnEO$l~-EBedd+<<o!8+dEBb7azCPmTCgcJm1eXx39v%*csQvA?)?AY|Ft2^x)
z2nJr+<j>)+E6Rt3RP|cI%zt)vY-@F$eMjT6rf%FgFEnp^Qh(0E1!o6--uvqMuFY;b
z4sQ}y9@+8YcKG1Iholu!i`7;W--k#!U~uqew@f@2oWA2I`_t?5?V5c4G_{FK*uvkQ
zJ$*VzOOtMFYMGpPs3*6h|3Tv}3mUEF-;2EW`qA35GJk)6(>59gTF&X|6%z3(ugvQ@
zT9HiV8s7N<!&&j#Ew9}jSoM5_$lw1NNB@mkcxAz*38l~f0#oE0H}?6ICoea6&tl!0
z->)+L%G0*JJ$BxBzIU%_ljHN-P61Ba`9~H8f30xzD~t?#eD-779$`yg-x*JzcAYx)
zuRVFd#%$fX^={R>j9KO5=UcXAv)M<0hu3+YOZV=x4URbPl}2&%HYcA>VWLp$&F!NP
zY3)m&-*%8d@ch`ZK|XEu3b))ow0zUXNEXLyk1d!HR(;NYoSibFSI6G8-n}=2snUrP
zwx$bc31>!U9k`R5JLi*av5A{buRh^Tbo?VX1xlqF8X92UVc@^+W<|ixDdN(bqD^sQ
zs?2N|_jmZ`uCOpSJ9hG<TE*fkVT~?6c^gr<ztbz9{tF(5T|FoXFL}?4_-l<t;*kjl
zJFHq{yz;qd@~18dXYAT`G;}u_T(aO$vvHqFwYF9c9x(&-<>p>yJKnu%(;Cxg7l&Q!
zpLuD*%R7HoSG}BZ@MHV^6JEPKKhxd7Zp8h}%uKyLeayNg4LL1ZM&sxuj#_xGZzHwi
z)s=Y%rZ*o}nOU&`7|9QnZ|s+*?(p66^47tkmoF2JR5S_MK4bES`_0?T-OJ5xw$x<?
z_rvoMcP=Ew=4Q-W9igsvYgbTO_X%2DPH16a;oy|~i=#$wJhip`PU(|N6&2&(HfgCo
z%`anC^@k$MJte<%Ya3>|WzCul;4S4|FP&s=Zl2=W-Oz`2=gyt;%MGfZY)-DIn7?zU
zyGJpHBPbDveqK1PK>ZiqvgIPbedqEj|GYTn1*YAhLrH1r=K{}xovtJTTQYd?-MdEz
zhFGupExeJ<z3f&!&Y#;~QNi%z@mH={bD7^b;ay7c%US1wjSr6UNL{sIebqyk_wPz$
zJ9o~>+|{)$819})BfEAe;a&D~O?~~~)Vy&6CcO!H_<2ZD&bgSqL;iY{{_;ql>dH5a
zUDu8GZ;y%D=xIH-a8GF3t_$qn)H7pBM|yhZEz|eY)^>aA6A{-aOiNv-Rd=>k)P_Lz
zVgH-gwPK&o`B2n7=xrLa^Pp|MceCR5?AsSzu*rSSS~blnyJ&zd>07oG6co50+CCvH
z?DfgHzc1<CXVxqo_i<gV7B1|&a%F4F*dxUc0w4IVw_Sf=eEHZ>qt<Nhee+p==``^5
zp+g3vGauf+zbmT9(bT%7l(Bq^Sh6}Vx#ZV&Qp}>*l+I|qe9^HxS#f0*<x`7At)KcF
zHKad3w63bEYU@^3v*~45{Y0HCnQLcx=^l*F=x?y2^nP|r$*m!V9j|I=Jip9IzOv=>
zF9$SttM4&xHphMgU{Z56wVu6u2en!6nkwYCUY1yX`D)9n*IMn%NO=2h;S)cPwsZTL
zo5%NE-Cp~7R#^VDzntGsp*bxrj+yiE>9c1oG;DmG?DGV_oM<z5hCQRxflCE$OI^dH
z9G!Nq8@&@x`<SkD+qqxIuw!4-Rf&yGwOzs&3XeoTYro{|t-buV<M(LT7oTT^SvRrq
z;&QosK6Cl`(Feu7_U{|Z-k-wl$kx;A+<AB9*z=|%M~>9f)4RIOZ~3xiv*K2-o!5RH
zM{m!bJ@Mnm2L=T#*Z1oi|M?QDQT8h^1~<I)C|HrgcHZVY%-6SlyLQ(L3wMmzGwW1f
z?r|sgX0x~lM=h-KI;CCwr}2Zx1HA?>`|#;gNlD4-fw60csx>~IJ-gNH*|TGxU!Qt^
z%$8OyTAf(6Bd_gZK&l519%N=(=qy?J#~%+KJu+*qu_rP%r>Jbzs#RbXUaXTbEAI6}
zm&ubSJ32a!8FOz<uhS>=?>#!dJfWM_)5nh^#bSDk7DeKN&0ah_tv%D$=*r~zqu9OM
z%#~a$b>sPOZ8B@tEFd;rx^x-%;a-!8?@hQfLtG1P-n@D7;>Ci3H~CK8b5s8cH8xON
z*J#?hwD><KPMla?Uf!)+H&*-eIaaA@4~vUmj~l>P{J5l~L%VhlOG-j-p4Rux>Cwn7
zW#7K?``NSY?CiAEhNN9yx^!vUvX=CjjT6okMIKn0WTs{lxNA78eZs<pEnBrJ2s33b
z-|{&lCB<%=FQDy(C6E5fa-QKaVIsU9iQ@tS0wzzcHnn=WCp7POdj?~%Gp6-wT;+?~
zhxYwCqGy|=eo;Vcg@=cCUeMQl@a$a2=sxe(7)|z@!UckT=FFK#;)AZK-f0{#b-K9;
z%#!UHiw_?@oS2w+D%5vQ<;bS5j?U_zBt9IdL#~Wg4ix?oJLkPx`d(l<2S^=;ONq0c
zG|VLe;+BT;gfLYSzWL6{V<_enCXz^r#9F$+ycm8E&ni+FA?C(1={Y(3XTl|77Y7gf
z?Y3j4{X;9%Kd-;@s&)SdWxxEl)=~HV4^u;vzBTf{8ycGY-2d?-u7BJ4zyB5d$Nwki
z1^-j<k3WwN{_{r%2?-$&3)YLL`SZl!&l7_`PYnJ%G5B8se^k^{D3z~*t|H*j8UO()
zjE)H8iQyp<5|$A{P60cJj)qC%BvM|41fI|%kENh8dFaF%nXN!7!t*^uiXx*0z~z+z
zJkoW+=oEv31aTCoKo$WUiGxEbAx4rwl0+62OFHHPTaFqA@A<^x|HO}wp%Y}la!Z)9
zvwrB<A&=5?Tr=p4#C-g47{uSB+Xw`*<`W0oWGB7w13K`8rAP?hX3-(I6pl|M<jGEK
z%F-jthpq}ND7-Q7JBSAdniDDz1#(dac0R;ygJ^CzfE&yU0h))WqrgWLnfHdyfi1#c
zBQg;qqDvus6UtKz4_a~s{PFnVDm-rmc{GSlK;MyBOW?US$Y$at9IOs65twT(N^~MW
zJEv0BQ|=M;MMFL|j1P!JX(3r2r8pHjUw(^H7~m0B;{iGuOJ;yp#0N#v!HWU^jD{d(
zbX8R=nhF9Vw66Bc6178-CLlE%1RqMTMMcyNAF7PxCG#zCEH9aVQS&S@75<D%8LD;|
zemoaH*=GTSE|SYf!=8|H;xX(1oJIh#Ce8p-<&iDRwF2K$coIZBVOk=bIVAA%8j;tH
zMi7zuhwdQ%A<w&x;avr7M*vqqsK3x}=tL}0JYEdU5={h}K;MX?pv3SX4~7zlr||?U
z<bgeIBuoyCj}Fk3V5I~tykItlANN!oNU~JopnO?(;bG?hVu11@tnp4jRt+!!KdBVr
zOK}|x_@nYLDkuca4RL?Kz>IBVpx~Yahv*Xrbph*9v9NA^qNhYn=)fxFz%<!rl~}Zj
z&L(a^s17G7QBXgUI!u<62A+BR@`JTRZX;Exji_mji1XK=IH=6zqChs47tCN|-thbx
z!OI5KZlL6D%Cm(5+iHhi(Z}=nP#!5HOahe(cwDg%&j~NWh-Ts0#R+kxBlJ!J*-$3K
z_)P`rj^yJa$pr&dj8de>A;zdw`*iY*wA)ad06Q-mj<ejpkN}`KC>|8~XfoqDS-lJm
zR*ncNhY;r0gPEu7+9742h<PeMXX*mSR4~pU$_aHehH)bg6S-lMXk@LpQUX<)lF<oC
z0~jjeXrYiiF#LrXv_J#Lf_~w+sSvrA>cpY4DTl|$0`G(`A%Or8&aE$B3@rvkIt~N2
z8c(4I#3HOl8B`Qq;?ONTfew)!Wxf*}?hww9s3C?ZJVJHh1RymeVqG*u2-}JzR7Ehl
zN{UH&L7`%92s<)5NMFnsu>-{hlYm+lM?uN~VL@~wFnK9Rh>B{1oMOTkl&6^_1h3o(
zjg6MTyju{B0=n>M7zwy>uye5K(Bec3p*H40uwZE{#0!Qh5*<mG(-L<+2>=VE9q?u#
zaTf&v^9|7;5jKVZLPbhg1df4(1%{4<AB+zOS$RPMln@Le4d71|6dc96JK)twq9Kf_
z1W;Z80Wtxb6+I3X7A*`HieiO?X9h_n!FbXjHXUJD5dIuA5o8na4j?;$0AFMI_>pfh
z4<6^1As5JWxB-z<5%?kSP&!~Vt|x?ifjna(RLf8Y;h&-^fO992K%EQItMP;71=k?1
zQeR_X&;%mvg1*4Khb+iMNHw`D1`qb5L%xLPgm;-mr}P&%&D5^4=(vxG95WfZJi$yn
zRUn2aA?EU-Z;yl<J*F@P+4w*n#IykYBMC?L9`+AvWs-0bf^rf%9uf>h$LVp;o`gC8
z>_eEk2y`?S){J-?tkQ7G;v@)vnv9jmVBBpKg$cHWNCt>TGodbscOZGtz~<I5>7o;3
z1<aoyf^4uXgCZfW7zbArT(U}t(E+G~oFwSeAn!wnTg;lq1(#ViQfx&00EZ`$;l_)3
zWI9peIk1?7H-eE-T~Tmg5CeW8<`IN|HA|E;J(B9Mj&^v6q=aURBVb`sUn1}s4jk}8
z9svSRcx+TiYfQ?A`36OBgutmN;4=bu4d+>WMSp7C4dVAx>?IOLl59xfL!fX1M@7yg
zBs&N&ge!>U#z`pbB%K*qkQ%<qLNLY(e8!6)=!bk@V&q~zU_#D=Oh$+Ep?J^{*<lV+
zIBUh3Py@0a-bG~+4khRt$qMM&0N)=-D<Lr=A`nH)Lgg0U2c>t!M*&NwJftKfKMQ9b
z?x#ZR3ItZ8D%K!#QV`q?>BAtFqRyh05_1p~XCtQ>Y|Moi&OylTN=ayzNRdQ>{9r&2
zGz=6(hzgS~Ywj0IsVc>wYI=;!BxQ>1i7QHqdkto>HKx!AejLqOkvfC=lmykm8`xW-
zG(Vxs<|l;V!$ShW_4b5?1N~AbT4=V4$W3sPOo<D}1PdcWrBK-e;zRIgLjGBGjxf+o
z%nG9nFI^^eBq2R61zs>U_@Ih52u{C723a|v5pP@&FOr<9Nfo^{7KTskg*+avMxoUv
z?$J?TOvoj}L4^N>6eI3+z^{RWf?9_Fbrjmi!srxYq3+{C8v&i5K!~v~k>HbYsSNg9
zW?#v%uArgWV*#0D=AE3)QAuv`#T17{VY)Dcz(&Id-C*PPi$UQ;n5nfpZZJvkcX>8x
z9Q*?)8yJq%KsjP5!XFSM5J`Br%#&*{cyGW%3-nNzDVwUwmhoWvSPhtJ*G?cJ1140q
z%ZiX`9}Q2)XP|3fu85Fm0mQ4q;c-aM1flAXxJPiRCdC2bQ6qwJ+QXd6a2?Vcc~lY$
zq9Um{nkQF-xK05of~d`sOg9Tuz3eq86?6^QZu#)#3V@UZ#}PFWsdY6}5e;v2tz^R=
z>*664_?aIIPWAAAL6M3DvxU*4>m)2*hJ=`J0*y;XWF(QiAPDD%^aPRqR#p+&J$%4{
zqR>yW@|y7<vN1C1A;lVp!ith;7<Pe#z=_V0>7<(VMR4O_P!xO^1gvB*!9s<Ykp?n5
zxYI)fcY_tpCqlEMMw)T`jsnLhz-)<gjOv^4#zo>}A`K&98ti>M$hQ@YDD`~_Tz3t^
zzaw6DRZ%o(u2f8VBm@N*a3osj2&9%uKDkb))Dq0y6rRBH;e7@{EmEUFjgK=ks78p5
zpt%nZ_fRY-DTBUX-HS!n&_GO<eN@LXmqG|!X?$_9uZaB;IjM>K(lrtrC>KJcI3NqE
zX>L_TlJQ*;6asRkMCcTsl*lJRP$IZ=B7RRDNb*uuN2_Z!=!Cvk2(rs{0!0s!ng9=K
z;9((rW<$x`@im$omRq~(hEE%&yD6QQ7g4|NMj?0=dK>wVD3K7MyooR&wI1Z|K>q;-
zMZZd~Q`DG(YNxyz!sQF15vm%Y%2m=4Weu;LkmzyUltix(q{P?EfLp{BO1Ol0X`m@b
z2oNS10*W9p<uIUn!(kXiNr@0skzf%Hd`T{C0Tm@LwB}g-7MfAaVI&WaqXK5Z$R}(8
zbcA?fB8&p(@6e@^JM9$k#=0p@to_tVYT~)BEJ{-s(TS9EIMpGpr4U7U2n$7)Knii4
zimkqtB@Nsx5<sj();bnO>_w7KjKnC>S4ar>P9C&@@`Dyt$UsHiG!lyhf<SIic&$Vt
zU#L?ey}?To48HbLDC-eQ2~Wz6mWt}p0t#>G28u)i9#>cw2RN|*7`|X73c;Nc1}p+2
zYC<b2e-js=%C7rMJl2G(WH|SN?4ULewT=P&2pH1<-%!@qDHXBsNqht^2+Yv=k_Z%@
zuL0#McLD#!(ou`MqNo~>tAeWsRc;DZamZa1a;aW<MVe3~&}^bz9b6%uP=LYmI5itn
zE?3blk<F}YI3<c2S8jPpElYJu<g1RP!`U!@ldkA&*10Q6#g2=w^@5_sbvQxM;)eJ@
zkgABxf0qWUcb2K5b0IuwP*`o9Ll1TRP(;X&1&1p>O{sfcN#<T9W=wz=&}t#$g_||9
z|1Ke9hhROju1m<35fT-cvf6<6luYU>Umbyjgv)Gb(NqvehD}gGP%C^%RT!6yeW|Jg
zUz-JXT1b?Quj$C#PN1Da;o2=1$0S#57;FJ08VPqV0hI!W16M#aOio?0b@Ct(1@0Y|
zB$cnBk@H5rFc|G#0RIfb*Wf8bA8!+NnOO)viw;6d8EDQ8D<_MBl@W@?0x}eCE5tA)
zI0Ua5LWUyWA=gz^iO7J=0B~S<FiD*NZz<e263h$Xg14E3bShQBZEzJ_K_uXTay>-p
zxaQTMh8cJf)+*jc3va}xDWH}33J}U6e4Zd!wmR(N;O1b*p=-z#DKWu^CD+y%YVr7T
zphD5qIEa#bpzhWb4YYj(Ck3*-GA`3KYVHCf$0F$x)Lew(V$ni=R5U5wFl2xdOrl}K
zlMrDAx&{;yVBo|e!o<U^=5W477(^~mrj))Q*ldVC9~#X?@Z<>oIvQUIfyW(WWFSVJ
z1s)=TAs^I&IMUz(!2~r)iA@s0yr^gx5k{L8Q8CKifQwMUIaLH}C$tGAM={DQ97o;M
zf{$P{7meWxqEUteVx&mu8h{!Co;>IbKUataNyrAncVND3c~ff`0cfvTXipYI21l-c
zjkR2bNdllJTDpK!0?<|Y0vX{jp@m`GT_Ji=qdc?&3}36oDPO0p2oed9%+_WuLV=JF
zuhczrkk61{dPPhZ2^$mNY$k|~5aL6lzP2DT*4-BL$~U%!;Ff|1hl67i(OQZNLfQ60
zb@5cXH}GAG=sCz9$^AWB9^8h24^ZG{!x$dnMFEyc;}jO}x$+IGC?^9c))M)OvxL}?
ziVB3A4aNaSo17QO;OSNSMT+XVp@C>W7Ch`p+!KkVqes{3LcofGt%-44BP%&eLAbfW
z(C3X6$#tdNRY3c(@l`L}Hsa%yYzH2}6N%AkD$xlx`o=~8@%&Y-#ZWAx(!v5YMJfxG
zg0uwkpb2ZCls`c>y1j-F#RLZ`FX^Cy_%$ej?^r_*b$RSiHb%gp%b21Z8`Nb42O>d)
zA!B6s$i0X#WQ?|m$sWn$_{3udg-@s&CWdP+Sih>+@t17}#t$FJ3i_sKFfle&i6~SB
zzzjnbS(_Tb1x{5@>I&M_)_xVy8iIqss*2+j)vU_-V9hW(tO~bE-(5*4EN}l8H3YQ-
zKR`MB6!`BU@IY#zx1x{{g)cKyDw3?rc7d3(4O!q1d{;0`yH1>7z{LQb+`!OE0*ZE!
zTRGtS_zT2Xkf4P}$X|5WlM-!`#XIP>_O{RkbMf#1t{v_UODJ0nSqcq<?Lr|SV#W$L
zlHe_qP#s)U2(m47GGar<|6o8&wswc#B%`pDB~>B<qYx>S1p?qqhz#q=Hv+rhNt^Hu
zc5vQA>@hQjlx%?P(BXVRwmleasQ`Q?`wvQE8$${Rz*rKi+#;$XVgp5r@Rz^4W>Z{~
zRa9+gZx%(fHC(a%H-_0io~-;I$x}|(K>1)O8~gE8<;JpfFeZkWv9X1riG^8>bTAq}
zla>Fdt0w*jkQ9UOTL(n>FgG)+1^)wGO86h9#wLa|%<TI%L-qAPj{l*W|J-2Fca(vz
z;J>-K$xr_Oh^uz~ga6^tx9?C#-S|Jo#zscQ%K4v+P0WAd|NMwc|9f0?V0~@uJ!NwT
z%F3|J-L>;{r+=Ty$esTT;%F58JCzGMfe!)7Nulplv_J$GAO!qC4>+;4BF`*<rsGe%
z0O8>L*9wcD2=3vnutJj--2f*);=|EQ%nE#qTE{?>FUm9M_oI(dfq)wvG~>Zb3>E=L
z7JmZgviQzpxZT(etuW(j+`0_#mAx%nzDJM2lzj%90^@7)Pn~#DScMC?sS68Ld>1r}
z=m7l6f_T}DAE+yTj|Y5d3Go(q-vT&)U^?i4R%}p&PJ&*B)5CBU76W~4cph4!i#}w-
zLm9A8_yH3`UBqM^_X{5lN{&&y7X$BwgL^zcJB$wgB<TgAop7!Lf`JzT0;qQwBsLY8
z#Pt@FXGQQMP3W+*Jlv0e!=TI9$PSPvy#yu6v&`z+F)1l#71PTyWFOl*_}F>7c%j^s
zvW9#SW`w=1yN|paUk7g=#WK)r@p}#)#bXZmY6n~~N2-Ami}_A9%Bmx}2<#OS7gD<T
z5<7fTBIq+(tfxGKdl8|S6XOFuklkVn5rT*nW=N-ef$!HR-bH_a`M-?cKq6yUa`rRj
zZ-EDF%3vh_DSrVkUe+13TL88LjwwnxC<+~dBu~~-Kk&+EIQ<kVAfXWJO!7YC?Fg3r
zTlNp7lB_TxUr_TQ8|n+{FMZ6YW?4k7aQ_6IS|R#F);-E;1LbZ>cmfox5#ommbr~Z>
z(fIicBE*1j62LpM2qJ^2SPM~@jPY<jPigifz|wD_maJSWc`v_~1Pb9;iB!x&3ji#1
z4uu7SrIH^&pBl6v3Z@>4!gsGQnDvk*1h-YP{xBi68Tb+{qt=RiWYK8ZK^$^3g;I^O
zA75$2s2_`fF#!#Tkc5IFBH`W>WWU&+Kvr0&XcqQGj8R1fG(f{^6*Dlv$ja-bC~6dh
zf8#;3U%Tj{G8rz!abJ0apP{mb+J-+G{|a(ly8`F~6u=h})s`2^7jj^57bh*V)?q{V
zKx}-|o1A~TI7eiPky&$W5hZ|;h1>M+XVdV;$gG%rA>ex(vATK>B%A2JBY2%jHA{#q
z#P)neQ-<F}tTR+)6{$v%@*Gr0_>AzLf{hD;r^+cdj`Ec}5Ka}M+U*-^oGu=7t;5LS
zeelEI`*usGRGbQPM<JTxZ_?zcR_TB;-`%R!Y0+fu`nznJOc;XEu%?b_AdPHqVpT*w
zu)$q<-|^oTc1k3XiLkEn2Msi#h~C6;jlY-RN~9%<q?}?>Wgq45tJ1plkQP5<QVU^;
zJ_d<|Dy%n^>!|2@EU4=Gl@#{(s{R`|Ejuj|CHRkUTP3Z<aMdw7GDs9HlqwUQIO9T6
z9QYq9`dTO1krN;$CKk04ohXTH1tOfhNrsA!0`)73f>&xmO>t5=Ivdans^}>8Lz!`6
z;t(MCn{bqnK2%jaG>=L)7B@nOEy%P{Op~IIM>QVc^%{<n(mN{5M<2?JiAPn+^2QNt
z_@Y5W^11dgBR@R!-xx7pt{>|$J^zy$vgV<se>vO#HO5fEafO8Yr=_4i?o;PGpnQD3
z^L^$bDyBR5rU;-T;bDIuWz4^M+C!*h1&v%|&ZBY)LvRakuoXt^F2nDNd6dZ!$yPxC
zzV%-|3y?pN645&Nq~<&bSqxRNK3T8eHoYGf<@yHiUo5G^M<)%V3NQUTMZzGN@Y7Aw
zKo%xHd-KmIFI;pQrntD`&;Th~=m@OAAmW&rgQuf%jS6ua2Y6(dd>cIC28Dt8>viK`
ztw=!8>0}stlLq2JH)46HhFG9>5`&<wlI46*u7Sd#y2E?aA~1%qp5DOq9X@nFStQLI
z@pCwK&>_+{BA0fkgeMLGSt))|i(86bmg#TekdKR$7ePD%a?bxMPZfP#i?6DJmVgrI
zB#q)tuFAVYu1XgA@%tD-{}a{B_JxOG8c;v?+v~?G##bD_q#4wI*J@F59=eNScpkiQ
zQc?`QVggjJPo<J4a0-Ez^zhNFdbCChAwn)3Wwm+oq|ysi)E)IGK!x)<{{h8^0@I}N
zL`{=<BjjC`l&4x;iWVYPj04fUk$B^OM@1+PXgID^3UCdIC<<GB;zb<6`tOJr?tv+b
z7k;-^@si4SJSg&5CSFq6+AH=yC0()|5V)AZe~<oVIimz4;QfDkC)3aCYcAFM{~+qw
z_uBy4@co}=MkdBT_kaF~s}BBuw~gRm!GCjOqo4f$5m!C@N1*-RT1UhA-?y*n&+-35
zt}o#~JSg-nbu^s+=B6e;$NvwxzLft8DLon}4GreMv9XEa&+-35uCL=i@#+`W(Qy8o
z^fml>{^y5W-^BkfoF+7!|E6Y!W<UA=Bd%}fKYpA55A(3$`!(vQ`}~)Yk)e^P693KN
z>p#zb{eX*1`v!Qdl(vhKo4}Gz=SLu@2FPDFyzPySy8G~?mbE`}=SjKnkWS54fWSDA
zsUT`TMWHHrohqA#UWTc`9EoVBW&N)MNv&CHov-72%D?Pgv;hgU+CWc_j_HvI4+v<U
zh!J8gim0i4A)eeUkQc;_M(I&{OK>zXUPuT(2<E|J!=fM%9a<+PQB`6gun|o2$44o-
zSXgj0N+^U-;<yN@l810eVezO4`2QeoH27K!isN%bMVJ=^A^`Ud=#kNZ0)7yY7K1vR
z>F_92Byl#4>>`G_SyFDxxQ&S=@ILqtQ2+xqIx3t9f?J{xSb`fr5COS>sxbu61S%)m
zz!&20>B?$zV}frG)B=@#;KO(ngmhy^MoYq|f}ktp#bOFK+?erXfSG6-hMH$b?sib<
zG_j)$KfS~!AZN(d!i&;Wa%*C3ZG>06ES5?o6=sF$%6>CJH$r(*T-qGPqKKgqo)|*W
z=^8UFYsR|eeJ0L4z#db(pzFp0RWMb3O9X9=$VYgnd?N8GUHO%XI7flFOL4Gk#cE_s
zVkvZvDPs>j7RPpzg_W&v*&*%&D#-5R!h^P*%ftu&a}Zj5kijd~1`3L)!~~Tk<gEz?
zN-Z3&3Hsn`g5Rx%0fAy`yb`#^`1Qz~@?yC46{8yP5+eyo#_}PmrVLN5Ca|S!XcB@h
z(}TDY(v|-vkXi}K$%#nezc`Lg9R&OkO!qgqC6YHzs>@_5i={AHARr}^_zTbJ1O;9f
z2q|4@B#|ZtiwH(S1cwoMPgf@Ye3Tjw0twm?TU{f9;hT2yd-9jzYLG7c0xk&|S%SX?
zSW&+Qclz`pTP`2m@C&%Sq*OSxWx9OoNHoxseFBI9n97C#ngWSSs1T@rJFW!ZXhBet
zx-5i`d;EbewGy~&2r8k}qO>%Pf9ZjsYhY_+x{RV3B(Z#GVsv3A<h90AN<m=A$T+iI
zJU9+c4&D~jd$ul4;I_goA9ou!H+WNZDfSL_F5nG?PwYL1+PXO?+;VjDw5hEKkD=}k
z-Y#|u?|VBamC14O7@^b(g}tXr1j5D0UK9;?dnu3=UV*@Bgj?2D6s1->XB$NV`Pz7+
zd#Yb|^Ym~c-%u#V&C}L`uA;SsAmFVfe$>`l)m7TMc-VN4P;Mh}x6W3o_|g`&vmOd7
zwAnTeSl=%oaBYoOlr>vVPd5h}k9wP6i(~qeZ6JQ}nFBE+%mOp~y2jYsa2%9G&b{Uh
zAC8T?SHoxo6d9C3wp2vi{%Udb80zL${|Mj<bQ?ec!bml&OZA8<`BT1#Pu(0q(T!{p
zc^@iKrfQYd0F_C;jCM2W>KiLPlJKM)wEa`xl&PwbwYE)IciZGj`Fpj5>L-dKb&X^%
zk+0B|9}_o7{{R+_e}jJ!#6^aII%&fQ6A@qMrxU5(oD)w)`YznAO4tex9|`x2g8?f8
z64&mYC~T!7J#uQRDYFLPGUG%fsH5c6Ku;A4i|n?pzKl>`?0lfNRk{<Z+z+{1K@yel
ztAsdahzjYIajq6oQjmUF4CRSjicFYPW-CdBGGi4zbQw<-@WTnFei2V`VCVXHO6*_y
zf6Y^<rT<C3PW-up=YR03C;kiWefu7euUP*#`?>!2W3DgYKT1aXEl6<n;J+D}7@8=>
z{|&*<pYi`6aebfjT>AP7@or@tI4*&hp*jTpeVXv!2Z3`NY6B=3;N|V$=rWv&I`((K
z#3>%UgRx{g^6VVBrUCP^L%=phoohpEYDAd9!Wb}o&tU$9KO^AJFqGW;?}tBw)#%~_
zk2oy}W~9VGB+hXuY$aDbga-HOvoRZSC`ylk^)QkFGC_wPb%B~ZosA#qQrHe&+vy%s
zoC5j6U^@YVQ6ig3v{Ln6cU9+lRP8@klw=2Cj4t!<Iu-l3^HNn`D8&7{A?^ORvFK!<
z1C~3&BP&Gy13tpJN0|mtZdVfGo=OWG{fs9Fsrw8jekMji(X-hMYMu%_8Tl6>uKnk5
z?(ppIWZDrNQw^pa`S+7wCE35Cc$if~`5+YDWu-I0$^d+9)n{lybL6B|spcvCstqSj
zschK~TpQrjcIOJYp**U0AXDeM4B5sFd+NIk6$i(uHX=wQr1pap3$hn@a(7%nYVDb<
zB$>5QXf7UHAwelvihW^GNKosU&hJ-+T=3y|?cG~0{`l|u$NQHZ38Rwr%M@(`K>unK
z_668|bwl?xWU$vnT#Z-6=~W(jUkukfk)ncr0GJ@|NBoz;1Qk8LFL5LOpF{rrW7bP9
zMPFjP2xLCehUqfDKcpa0g);uh-v|EpUm$%wU_y9*z79yJR^WpMAnMgEA`K^pDnCc1
zu>9*;CXwQZc1Wa=I`ttl4U=;-W&ZLd-aax0OQdWb3GOG6el4&cEV8avig^-CYN@CR
z4MD+^NFh>yY!ytGiMN)bx|Ohi;Ppdr@$i-njSNPX3@xiEyak>Us>ZTzQTtl#y#J1@
z)~a5}9{n%{qY9Aj{{bCAw`@SS>=d*$3sVWW_e~`IHrE(A-QUqQrn<#{Bjz0872`Y4
zzfbY?<IKsl9CS?x9Y=9uzXWTpwotmRSVGN5p#p_Yj&>tYoI*(r0bxx8aQB*=)hP}&
zWt_QxZiwNu_@?MdgJA2Fy-T?jP~mU_GW}B^cK-p6d^?gHyr`NJJy(GCLIfhwb>Isu
zxG7%Ikk_d<l{!j^uECr5#&o!^2HzX6RI)O_jdHaF<`-6@#v0IHimyPArPhxiL2GTr
zzXp4+!ECDorLlgCrwEN!`-uB8P%A2C+J9i2$r003(nkUKtO2~jNM=!p@^uJ$WXW~6
zg2Zs6y!Vy-qk@wCOZiu$heUO?^HBj|taj(J=2)Z9<Qo7G>*F2?k=8)&eYGo!KxF?W
zSM(?F*mt<<*#G6u4d;dM1-x&rqwf7*hDN5QCN=i|ng2Zh{X?!EXvY@a)qb!Q)>GHj
z#@8mm+0)&DN$-I#U17m|F&(}V;Nxv)g^`#5^d2z5qwJZRi>(#h*+lOV7|j<1%OBVd
zb#b$|!UFk1dJp&=QXxR5z++IAonoB^;5Afw5P0gX@|hS^j4wc9;0L}t3+NN{9{PrO
z3Iy6P(3Finz^g=i&|m^Dm{*c+=jra{;^yG##j(QlgJDgw)-o}Dw8sT#x-jwq=pWOd
zr!J)?Kp^tyJZglEo12%7-C!Fh2Ole}PQV1Z&rn-?7jN(yH#j&_42IY^vKl~QCJX$a
z6vm|ccn<ZpbHKl#yl0^DHAm1X7<}xh3ksJ+hrq%O^bjlqELdI^lL=|;1O91+vFSuH
z9yaa{R>X!PI-L$%8-S~J3%Z6l0@D|VD3Xe<5fKh}t$Y&))Z`0cjd*97mKZjQt`RK4
zbP2ZFF~L9NY+%Y-hq}PTU`9_NkFEjV_J%x(L3QJ8hP|h>nF$$<>Dwvskxkd22f@=_
zwYDDKt*2P}|8M*91^S;I%NKrA9rfyeGiCj6ZeniqQ~&>ntKs^8)ZeE6M}gN+=|OPK
zq^1oZo{Q1bf6NYy`e_G#+JXN!R~`Bv4Q2MY2*J13QIGyNGd3|*_W#Yz%zx_tA8`#B
z2pEjP$ve=8Rt%sn8DQ!kBnsvWL#-G?Iga}M7z3^81Af!j$E?23h5a9UUjpA)RW&{;
z@~3eD*;L%_WMHNl(lqHd&`t+BZDyv>jkdEnGltjXwS7#Im&r@oDZ_}%hlq-b_<f4X
z>W7F6xP0KJg4-to?uy7Kf`YgriVK3Ee*Dk5%X{~2N!q5J7Lp%ylK1X%?z!ild(OG%
zoZHaA8{9}Y3zRX)ygp`wRfUlAY|7U=dDuWuguHhKfhPpXm}02F_&S4;;D$h5wP2wA
zv(|dET0v9N+PSJh3_YWgDJ8F=HN+^778yO&h7FLDQ}cxxjvZhc5f(I}jRgV5bP*m#
zB8}`nz8MD_OVtE4S~bn&bDnh=XR=oS*}$`GN*yasnB{cuLMRSo0LSIZrBv9clT?JT
zijI%7veiMbG+RS?En6_qZ*;tvCQP!Dy@@FRrRkuWQ_mX%c8Rt*h7bS;3BPW=nw->0
zMl}qOgv101Sr6rq1NKJ;DaxGHC>>1dG&<_U1LiO9!st$G6*hmBXqknsP<hU5-+Ja<
zkxgwQ8}z~~@u9q$Q}Q%{8%NLFIAFD5vrTl40g3!Cr)E=zH1$mMqg+r-GyFKX2$<{U
z=%O)7s0-j$G7HAID464ODq&9Gl46hQJE&K21j_vIAXYL8ZqyRW)$k$xLLZo%i9I%d
z!b`#4@QwI>kal0U-qdmE&${&#g#f%09ANCw66TXJ)T{xU(iAi|qZ+Iks0eKo)O^;U
zlg%D!*<`wyQaK{luB94Co~<){-{`EfzL9s&U~9Aix1QMs7o4g#t64RVVU|c%pb^Y|
zH7){GQR%~^C_!VKqVlK|BPMZU6!C#rp-A26q<M2rw@hPv_6$06Tsc_F7$#?xXpnVG
zhYiS-npO)OD)yatKxO9>Kom^w+VIR&xR%(*TmMTNiOdYnPqG?)l-B>6Th_I<IrYD$
z)>{1kqI??H2G)vXwPDgfgQ3yP)Pv8vXt=)7PDngeRPrgEoK*ywRMGL}h^i7Ro_jzq
zXh{smCTaK=SbAi#kV#{?6MIwb#G<J16p2Nenlbo$U1PMlF?uSAwY0akwKqjU1j;A|
ziSN&m69a1-1A$dy2U!nH2juVwYy{Rb+!=M(BiN{%&uB(2+p{DdgySQ4HV!Hs+1@+Q
z+$0s4*0P44+}lK}K>;nRl7YcQcVBOOU^IbQ@aUhwDqz6cxCCjC4RbOmKZB)(PoxJ*
zaX$qVAC8ligmsZ3Xj>G~>WP7^{ULJRdBpLItS7C}nA93Omv3l|#At&YBzylRP<$}_
z6h1z%t#^2EpdUxozY}La$cR8vG=k1b-Gc)I@oo&tx7V>eZQWJ24v!2DJBqWM0hlsb
zaxdV11)%G2s|0C@L@_%QBC4J?U?QWp2XN66jYXp&V)n?2jP4wYC$@DBCq_nxdj~ed
zp1i3y-q+)L?p4jKLhRK_RN<*CT~)+$&u+F14v!L#Zs>Eb8c1@)qXvEMRe`3?^r*m|
zdk%!=-*ngD&;6h>A#*_G3t8{LXj6*^WbC<Djh%5x7L#hw=Ux>s?Wb1-`rNNV0`pjU
zRAA4&YW2r^dbjrTdQvU<xgXlRdb6H;)e;q)gYvC_sVTiG(C1zi2IAYTI#LDk+^-YN
zaOu?veeR9!eox3sR-idFJu0y0UbW)LGCjJX&pp>=+*~sDbr~P^#MjooKCj~V+~T)%
zTS)MTh(w6g*H7tMDwGI0N|@0nCCW&#6^U@dR?y`BxWVDZ2D@J|Ss(`jb;cy-u%{mu
zoYfIHh-^NQqB;62t5Jt(@AwDmb`Zx0Sb1I@SMzE%Ni7<(y$X1E9oqo#vo<q>&h1%*
z0{@*e7_^ZxU`R0_2!&KTTg)W&w9(<HouxVVtVD%|v!3K@$=&ukJbI-$4z=vKp3ks@
z#{#q6ny5$&$44kCXb9Iq+!F;N_|Dli)Ju~~!yb;oQwg@0Q$iq^TqVI$u&?dI)P4ab
z&j}S4qbhjb7Un3OOBY$fM)s4NxmfBPe2iVAO&c4*YX>HHLn%iE%^+xCfQd?xu^C6|
zA|`O50LPR2bMTRL#}zHj8?gaTLobX1Nlt<^z7{&OKgfi521Trc$q%zyx*kVdCmyg)
zG4s6*81Ev`J`Wdjzsra!(0@`X;3JVqkvkqX!9<y;?w(YWduc{UmRCU{_=to8vCha^
z&~oKPVV^=IcdIDN&{A(b2tnb#L=w9!(kBRAEbJ@H@uBo3K)I&1Xa#I`WhX)YL~HwG
z!0@cQ63RAgV9U^5S&I9F+EyfeDTG-|Q^uFc5h%i><?F_mR207=#-vAOQ05e6y+=*k
zwV}*2sLUH<Sk#U(??_n-W1KDeql~!>%jn{4gJFyLG<#smECt^vp3Dd3&?JfPJ}80~
z?HF=;R{LP5n0FwD)$>M7F)!m~2o^47Tl6FZne{4-U$%_j3q?#2me;3cOyNdJaK*Da
z4kkq3u7xULlGd{mjB}}3iak_6;0;D*;3z|Zx;lv)5yp;a6sz?j%|kKhjU2R9XiOf$
zX6ok5)0ky3-wNlz>@oqKQFj7Zc$RM`wrQu#k-3h;D_RBEMKMG0PlBRC+@+0a{b3le
zoyv*+abR^cOSq@n#8a5Nbfb1O9`Z>Mu_zrLE!i{tJ9QuTW0ZZ{J=$Sc0Jw_VE(`F`
zNW7Y&3WmE1Y7y?IDEYS&d9X|{@EokECb-*?bOA4zOp)JRQ&cel7}K&!e#RTyRu+1<
zJa20R&A`4*(A@RT(giK!UBgwnWJ#U^-%%XMIg|6OgF?Co^~6W*6sQ(FYqOm9w%JRk
zX-PA4z4Wq}<yIIhaZu*JJVX_jBId8AnXdT_@GKq%vla0NJfpRP<FMdRkSWqA4LaG5
zjWN?T$p%5S39^>83_#KKjvZjHyIP}rxFoE>zvhkfOh=%xTZ{u3^_0mnAyY^<S#_EP
zWFX(75-%MH3Z|Z~85hCVEc>;5ISRIJ%F&qensODpXhm5d180}k5Ze>sd8=8uyfO`Q
zsL?_V&0(U^H%1Omz{eS@Vo8*OCq<f~M*T_YR45oG4$dbxPq~}DN8r5^g-NqdyVxhX
z@CK=ggLE)Z2e=q1=y^^Kro3;U>62zZXZsgZUy6B^;*9NbTv1?IwEAE+#t9c#K@Hg4
z3#@f#??6wS3az4sh_@<R!@j2|Sr(at8<u?&amfz!b{rr;cEwnEsX>x3=$0qxF)YSe
zqBeM4%o^GRnl|Z%x|U6XVbvSlPJy)3Ej+2`#OmC3ZM4PJ0H(6(?D8~mdlTYatnC<^
zJKnjYGyar!$a=&MV5RdV5GG9_zEw&}iJmK%GlSnPI&Wt2tw>7P7`#bN0=lqJn5@aJ
z2?<e&HHtKamUQ9K0ji_>7AHC!bG6r5%P>lpq2DU3tCNHsCWY+M_E13t2MymTm~NU!
zl0P}dUIOaq{~m);T!XPdY!sp^O)JAmS=~=LC?C!^sdrF14G>EV41)TGB9^Id+ZZU9
zI2m*t@(BUCYjuQ)t&dPgBbOb;69mS49(=CUV$fGS1rmgmoy0h9k!*89h-HE+%@BuY
zA9W0#E?^=`Iz3~RV{^$MnEm8(YBr}8`=F~y&ry*d7t@fQGpq??H*nzr56P-j<EMQe
zl$Ifdz-riBbj%`R-84XJ9%NE7MU6=-mihsU&Qd8%bUM`fU_s~C9dh#wTWsYgBv2{N
zER92I!5Ypg{!EYx8<-?Apzb2?2Wb1zbAlJsK}N9PFvpb#L#F!AAy(t;SohNDtR+m<
zH9LPEW7jLurlWS+Kzz~NbO2;BZG1-BG1;aak#<gzsR65T)}2??1Y`9c;!R(onDyN(
zO?HsY&Z@ZJ9<!-JH+;IQc%dXF>9#SaW=pMiekMd;dg>jQt|-)u?3x1g94wF-6;qvH
z#5ko&WT%)pLBwUF1Zz;a23t|=hD@zM`}2@)T!JngBi}bm2)SWmXy>X4yb5NVY1e2V
zMuc{<t5w#9>g(Ay8$y~qnHKC|6w@nhC-mHq%T+0zMiJ8;Cd_vXG6sSWBPFC%)`eq_
z@!eZ!Z+tGOv`3G+`RKer2$=$OnGFfyphBCl?3-wV3dwLLMCudvM=*Y1-}<<@+M!S=
zWKztqb-AOsV#nH03@>?4N*Lh5WTa{A3tKWDNLyhdF9k2^^@YWy8`)uDvp8#5#2WKm
zN$lDw)1r@e2zdbkCFu1+ZU9VileK|R&_e8Ho)F_mXmMfnWe82i<Od*AE@8#tEv`HX
zzs{~LqB(F8e!l+P>)k#EPR1VQzc9Z8Gn)+)ySxtkQ@l(Ym25Al8WzR<w0&$HOH>)+
z{1Gw2QvrxI;IRYI1vZWsn1c4?r7{V|AGK5>YT`B5uXrx@V|rJo;h{jeYDnss>m8dj
zya9@0NIFEY1P8Hy$Y7P#(tK!u?(_<=Qnhjta7{59wteLSyCJ-@lo`A#R&a-K;A0Y}
z0)k`%ueyXFwarC@3ifAONzG1$Oo@V{mA&DIlk)LVMH_dVC3}RWi?@`~+pSf87G&~8
z#j(sab4|0d?0$=VMKwPYW(hW?HFhK?-Qa7nGiv6B8sp>aisrEydvl&N#FJ81be!Ti
zfT7eO>%kV_d;xGd-c*OFR$#XS7zI?jX@18%e5p6v5ER2t!&N1npqQ}FOV}D-n70KA
zdVp#(?4*(n5Fwz|ZPoyfv&cSi3x=~|ggM2vlVF$|4Ok)>JDFIff23`fMTAwP;*}}0
zI?2pJ5Ka<qCY+yfd6(MqlQaXSvo6=nahD+nsIiWbgt&^DD~m#<v2PP>DbqwPqEiYE
z>UT^}!xkA3!1o3GA**#XH37alh%u=bVV8&93a_I+&D8Pht<eA{=P+h<FEHg}c$`c&
zc_|%=p=ig4z*HOPXIf#;6*3a<0}d7vda-@SrsulMb%L)Fx>I{hVx7!?OhBljOp)P@
z3O;ap3AZ^KwuTzzHcJv7l*w!Al$FM;a?(QpZQ3Vw4iN%-9+zezuVf9yb<S#SDy+&}
z`GL*7#YNkE_)(jX$Q@l~1*PzgnJ1j4lTAgC;-&UM^tmByd_iJ{g_$>AnrGOgA2Xzp
z!GXrXO`E)iV9Sj<=Wz%dWkHv>C1Is>xd}O#CpSIezyOB90he8-Tmw;V40r5}CAUVq
zpzD-$<|^#^cm^<;mR=ITT#nYV9ZO7gWsU=WvaTpqPS|yeRiy-8yBrhk5RaG}h)qV7
zXM=7L+?C2hOyx3;+*J9~2haIqsAgtS#@$$s2rAp)C#U3<Ogqe;%6)*S&w{EXCuIjL
zT1qX@>oF89B`RZstUa$gV!~unH#m{#d6!IsE;76e?<HjkE7E-_E@{OSR^%Gi%_I&}
zKezN#)3>9Jb#sYFofhvpbbwyvTb<=`#E1o{G(5thZG353G>=4KcR3O#deoOhNvTdB
zJxZdZu<N4XCo8rQmu6zptSO>k;d%k7koskJ3HL6T((-sekkf06?}(z)>_j^mEK)l{
zM$PCTlm*R$nw65E$jjF=9)<YyCM7&tlrCmLRED`$6Agu!3`ggL?zf4IF|jKarH8F`
zFe}+)ZidvGufoK&IfugJ)Klrc?9wb4>Y2Vr(Ze$CQ^G}r2w}}vU?7sjVBrVnN_dXQ
zVuJ}K=hqGq(7G9fNr8M9bSkDYfq3hsbp83Lr8a-IMQ~@cQ<AT58xoJ?%r;A{RH|v|
zoRzDId@nR}8yXU)!~i=abvLGEPXei`3+2d8x%(_<^%L?OV%<qSW$eO?{nm~22ZD4w
z!LT)(2gCAPMlIq!`voQH>JBj6<6r!Ju)`Aqi`vQpV3|2=5OAec6yQG{KvD@UEDN=^
z0z&i?MZ|AgA)AaQO4=TJj2o-^4V~&*<%cZ}eQdx;c3NIWdg4)%8ntXC=@VN?dhpH5
z(C@al+z`s&^I!fW77`GnOs5d!TE$^6S`3wI#wkmMJ?N=?Ba-zo?3fkP)B}R2aQbz-
z0KvkRZ)Zb!L|pZ$xh*Yhsm{yY*GB{ug~~{vUM#eP2x{kQ(UQ!IorpL%7(QZr%iy?~
z&<qguXko0&z0uK=oiM~xq?Pn_Pk1@IlLN4gJJ%U&ov$yTRu+sG413Ik596xyV6WD`
zgFs>8GYP|^T^svomMC%e8{aUjIY}^&uRe#zd0GR!C~3Bzv&rFMZNU;HnQ3VxJ`80=
z7@Slby0Z>S8k(Kkk30U;H~v>oYNu2u{I^W}Z);0a)S3UObzMs>|KFl~?D4;Yc_j(N
z;}HNnN+WYO7c~Qvw6p@`uj*ME5xg05MNQ5rBAC$_3kY7fbOM4!)GUB!kJ{Dq3Om8H
zKTT>%F7JAlQZvgk3V5))_Y@N3lu%(5u&qw{C}4YW5d~a2@{4!}e-R=iy&`(h!%Ju!
zc4+<%_teQ8e@b;G_B5Y|r>KdoT)7f=K3gDM<$%~9r}c>mHKk`=FHmgcvZxtn27O2A
zmYGqqMVc3$+5;U?X4n}Dh34q&@8%ML2bdU{N_H3aQ%o3BNyLP+1z1~CxOgXF6X$MQ
zWicoR@tG(rX3=DDzych-y{K-Dop)d=$Rh4nB*o$Y(c2|KjaS|iQ5<WMAjS6`9Atao
z1VUU;_glzXi{i2<%e`uZuN}17BDIQ-(`vTES(15(@d`2+8D)Qmz#M$nGQ|v)(`Zq{
zRumo31r(Y=f1W1L+r!oh0?U>S^K0cxNSX>6O$6;Y67FVA!|ug2_h3pg_jpP&>yS!0
zmeRFk@(Fsl)M0}G>460WK}%zJRHHC+3nxfUDM&XSIH2SN1F)UznoFvX;Sj7f;Hz^@
z;gT||RKBR{q)8=c&T}A^wXEdx%8UcGwn)+dRYuTYf|r^(?BvW&iO>}R^CmzH7!V)@
z3-1~MsdE(MN_BrOi~*G70Iv$tHazPf)H_(53rhWACp_kI>Bmjt-c(gPQw1@U{w*!*
zfJ%Q<&e4;klHf|;mX=qfWeMEP+C#U3s7udADh|QK@JAY1u4L_T;uLXnXFfL9J2S*m
z#4oa1QUoJZPmFBs?v9U)v<K?k(V3jFS|5HoKL-22-VTpe65D%6w<LN8HVxX^lRR7O
zcpE7uVchhXnC?(3nOC|;2LthV560ScRo1YrihrYnvu$#)WP9=9;lbf{7Q#R`KbV!V
z;`pxCSQ9-90nw%fpC$E_%FRV}=8lFzNcD6Y!=xVMs}Pb|J#A)fh*R%sUO7yCBv|XB
zG_!NjCg5p^5=UYSiwQ)ytk92A!}Kl1n>Al2X|TT>9AV<)pp28=fo)xVy*-I7T?0LR
z@ybzcujh;Mk<s2h*pGI^ySI*tFx!gSmn-@=56l^w-8u`nMGZ%j)=`o@83G2+u;W5Y
zYzA3NdSn?K(LM-hp8_==&-|enUjCG)!Jh6@4`?~Tr6JmCy(}7`WE5rs8kO@YQ?U6{
zQME%)H*DZ1xq=cic;!@*w#MGE0PVVrnxV&h=JPONf1L$gAt%y%Gvvg4xJ#qAB<pOX
z_40F@xw(r%1r$1tw$pLuVUFly;U-Q)GaZCL535zi`<~*2qRCQnv}{V<Px4B30<F22
z5+ue$(WvhhGD|$W<npGwbW|$c5Oc||I7u-0)n>pK3(E{K?R*Hm0`TA*{^{Vl8`IeW
zfjTC8QW6zKDSx3YF?m~N5F?}gqdWwIaUht2`V@=pUmIFY`@n!sxeS6~@20CzU|fus
z$M$<@`$JvBUHx*Sq1E-2>=^T+zio7aWwCnK=;&~Q8H=T!onUy<I-|e&LP??Gp|Kp)
zD62z3!|i}ZPGdEH2(3NXYR}q+frE@Dy0;9s+a8RJIv#B69<e{@+SKiMu#G;L{eay=
z2CW<h;Tq~l?`z|%LW$|%%NJH&gu0i@90S_LOUxzDAW@Qg6WU>C8ve$aA>D8gFNc%q
zS|KM)d{fjo`=K51?*PHcF;-sS8RQ&uUe-23T?aDI=)mT`iOxU6nE1u_Uy9cFrmn4h
zqaGNsZ!NTA4Ai$h*wi;_f6zNXA0WdqpKa|OXy;;BwNbU&nvGP*JwvIGgf)P5vGCMQ
z(>ze2%BHb$O0%h6rg&0Wcq?}#uJh5_5(QnHB(n3NSmp7vvb#J5+~cIOMDyZMwaI%`
z7|FbrE9iN)?J>6uYPoe!3R_%kF07>wIEA7tq>Rpu$?c;av$BAcW+1_UTpZ%$CZLyS
zt(yT`hS(frS0S09tSYCrpsF8J$=vdtmSsvVHJF~1BCAeH1vyv2M<NS@htOwpkL^(@
zM?^t`3ldyzaY`vPWYZ?37|TjZLHH$^P1Z$y_d(9{N^nKaH$7QJ6*o}?UMAC$?5Wfm
z-DF{b?L+RRSc*a`rp{t^Z&sgXH|lcjqj4=u2vQ%Uq{L~cKGaUO(!yjE%C;jZ(*qOy
zwmTaP<0MA3f|}VyAG6#bVOEBOI_yS(gL0;~sLRx$h+I?UJ(PWuOf6|5XMUT4AyI0E
zp7>cEO?BD10ndx6(TAeWZJ}{w-6*?AT%v>Ds__cMls0r<ny%tH^3a+^oU&W`E4}@r
z{GHavFnGy#^LL8~a~1~{KmwT0uHUDRff(P%&eV8(0X>a$YHlENvEqHW$>=m9T#|xU
za};_o9U3IT-jWS8@Q7{Ubh_{b;~<^P2q22`Fd&>AB|~{cr!`IVm3b7x$1$ubsnR2G
z55XqMuVx)tmNH&R$Oyy&R+QloNrFUF)IzgdJya5J!lZj}U}Th-KcNBq6AOiiSqY>K
z{DrN@LP)CJBZ=Prp}yYkUN4EmGsB$>B^wbhOgA6vEqi*9nBgX#%PPpZ{=vCRIK`|m
zgfqKz(C!8uJA_%2WXm_a=0}K|SZg*ZRF*hn!jiBlKH9w{F%aJ|8n&q*!Yy7j+$mdz
zO?EyYQYB%ydL>MpO_kK}%1+r(ZZ^!#_mT&@{TPrN`t8(ouuRS+Gf7Oc%E_0QOi^j-
zrAqUjF@RzCP}C7IPPco$CRoH~0fC8y*djD9wl7#~%$btOS`%fGF?kQJvV2BmM_8dS
zVd27`X-F1Ur)`yEslEg*LzUsrnf1sPCbg6j7nQ?&C8Xu1EIVQj29|VsBg<Ux6o;17
zsp`D*9!Yw$P?%?xU(q53PsQ3!6r3g~IoPP-psCl2)hnsG_y{fW!fSlCshUh2vArzB
zHm@zz|Apz1ru0(6lyAc}+cnBH#J5Y2Gee5_WS)8A@OkC#bx6dnIJZg@`q*UdauPT9
zTChC(8X7vD5qYahXCWdACblS*ziO6AipmLD?(~8y9jTuxpIHlwo|}L@W9n>Jdc}L`
ztaneR{9vXrb?<?)?&i##Q$AeSTcj?RsM<MjijPG-S@O$ZU7Z6Bzm(B-JDUd#Udf4_
zIf+Z>*qZZ7^Gm@so0Z1en8!*p6M7x$l_r^)G+$Q|H&ut6%TEf&sch+0o+sExo2^RP
zGn$CTL+)};zRv-zWxgnRPH&xrWa()&nm6Q=T3CmeC3vLdnYqV|W&Jj(>SWt;TIQCl
z*W|qNZ^^YSafMpb0&<kPzYPWrDu8YHp9cLg!ZCssij?l$UKT*q*2ZOF^PvdBppq^%
zx=rZg<4yx3GiI9REPiW)zf37tmgsj|clW4Rg%$|qMO3R;1v08Nt&*JT4#}@rP?Zh2
zWz4wDQCW(wsZ>st`j}f}{9>d-)WgKFXv4w|$GrIMcMwrUNLEl?9AFU=CvxuKp+cN|
za>wkmDOy<*r38y}OPOc|UC6C5rcd*{WeVaUrF_B|nbfr5ctm}`Xok2{F~>aiWL9r&
zo_fe?rP4HvW}-M2jgeo7<s+Yg#M~Pt;|<j3LE0-N=ZApowkAXsvHw}_CldFtoFJHG
zU#d<WA?$n)a6m6>_KeLbx2dxQLZNW%=mFXP%5Dp@e9p{@bdRU5Td)gm9T+X`dS)XQ
zy9QzUa$24~;$?`ewF!lM@I10bFBWpe0+~|sniWxG9eN_$!2?h0XqK8xXK^^|D(`VT
zJA12-r_*P}R-b2T`pWWRS#{D`%I7y7EP^nHk!q;CGX95;FmhkK&gdz%gM|*#xJ4^&
zOoWUD%q8gz+MF$8qM4D{d5V)Sg#z-S89elM3bI8Z$#yXo)G!MVFu&M0UuGyV881&T
zU@Bad;AderWy047%+C7U+-=0g-Aos+Qv6L!Ixp(xY=BmJR!3DBc8Hagm|H2ZkT{0&
zY7T|xdh<9?79NEgyOj-9Xi)CNs`8dGFuE-<vU6axYlo*FqXSImB$^SnmFy8#07xk`
zGM5~`?E%X(zhoQ2JmA#$Z9(GXlh)+9L6ITSTqJCLa-m;5vg;O7$Trr?un-p(5z*h@
zJDLDZjURqmO-ZFVDjDVkx3Wi#I?sLu@3pHcp3_cYmX+mtcEXP>WtE&UsUuM^J+a>F
zAwnw9#o<`J+IhGuPL0{d<EPB{+w4mp0o&*8VCkt7=gT~&KbPrk=geMNZJA6jAhhKe
zmb?$FV=ue0gtbpMT=-?Cj>VD9itycZFA=`2X=w!n>iF!MivSo1myk$F9x|7i@-Uy+
z0CO7#4rQ`gJN8GhGY*8WnjbF1;9w};tDmPVcFj5M6=2Vo=rj_cqhCVlZ#~9f0<w^}
zL#1|1ozSu(38F7vW|eH0UwE<xR9$sV7~g_`E5_rER90bJfyFOs7<3ky#i85`EJpTT
z4?NOEhm2}#Hl-7UZ%Vbn%6Qe>rZ?dBFLyC#lUaHJ7v;b?XPG-qIP5>A%|E(-lG#~g
ze0Amma3&9M3;jzfEiC3{2050dfn){PX2kEzF|zjD`6ldCF=1s8JXWe+KpG;ai7M8k
zb~<~!62iwT2~ed<)+1J_QN$^FADWjph*y$cxr9xtgt5$RPB+yf&s54b3$x$)bDP2C
zEX~63Y<oyon`G9q)|K_pZO@810iLTpYrgg-o0uV`C8;ZKd?F6h6YEA+Cu}K(^4x4v
z6^PlvK-dFLX0a~`sGaw5V-8HNmi0g>o-Sl<@k+LR(*qzTsH57pHe}@{=Bw3J!pd39
zm!_+PoXD8+1psV7lfO6nc93|~%dk(a$1XySmA<g1ig|&TPQI4;<OP;0OSqlSX_?7c
z`H7i3?=ZDv8VY)n<=drYMpS8`nD?Jqk4ha-$pkGe@_}tO1eHDKvPyX#bIsvgXjvy<
z6{I?g^s8=KlAg1fHTMx|>cumfk8Ea)=a$&gH5~7u7{i~VTZZFZJ@DYP(@rzVgC)=7
zXK?kvza)B*v{^1Gx`GeHPYge>q7OK)6~PAHg?vlX=UzpvBDNzB`<Vx~cG~mJd#t-8
zUf_b4C2|XcocNH>S=F~!X%SU-cU}C9<E~7+{^`asEw5Liar#`ZJjJ-HON&>Q=+ScN
z;9dIW6ld^wW)sI(CGv>l>p5i*_a2s4?r__Xq^#liyj;F;tBil9a4h4MBOISsnjO4u
zR;j^}InFyXIBUdB2<6+bPS@v_7ktrjVPnqR3f7-16E@acI*G8$WTmcs7VG1m|2s97
zT$KFZEiLfYk^j3b8f~rR|6YubBmZ~L#%{0d-$QCDuajYAOv~z18a?eC*2mO*K_|Ux
zz6jcfmNAl(Ghx!BsS`RGP$!kKFgD@H8$PEj;gk|-mhk2_%o5(#7(J!2sR^@$w=}i4
zp1OEh!V6kPBnclE$-3(k+j|F^n?h2tX)T*VXIp!F`_iDW(`Ra0s*dRehx>bXNDTym
zQSMKsS@v;T;jII`J8+WZ!aS$9?SV&{a?!t)8hqJhCP(TF(!Z7FCAVr=LV<5qa;b1-
zImx|pD9g$kyn*(&z!>n&q(`=HR4XLq)bfs)MM82<DEyL!&n06xjsdZPV}P~jF$OdD
zwqyyG$6{J^=QbF9J~^r9nvhyZ!`5}@C9_fIGYaipN=l7*!xL7-8+Ctl4Z+JV#-6zu
z3QaS6P+B>c-eN0=cM{18$(N;+#Fb*bquoj`@wfFBCsTR}Kh1Z{DM$&Cdi=Apla}L-
z4%9`!_0&p|8X^F&TY5$54|oX`Vv(2Ih1ZUypAj1QZ8a^7?uMQ<8KHeqImg%r4^+z5
z?xmU$8jH*&eAyp;tj%iVg@$5tPYn(4oKZ-q9OsLw%~I<O2gkz=&s*&LOvL!k%gVJ$
z(b5K))(VsMMAXdf7V$?t0J6Da0mNE%^=N@6jiR1Mup4kjTr_CnSX9pQl(Dn2>}`9A
zQud5z0FEQ@fQJ+SN=N#;`uchYMu|vA#h){-%)1bXz=SMYx`qjDXjj{w4)GKkh;NP$
zlK};N0%-mX^PSm4zcGR5$zcpz;O~axqg#gum^(1t?(l#b%I(6*?(f=>=m*~3wK<*u
zrGE41mObVjQ+<hz%-49#eoIvrhDzDFSq^=Y>7Af3?A2p@)|iVk{W?9VVGv(TjFC?&
zq1(%5wa}v}6T@n<p5ce#1BMW0NPsq_F^3WMFtObqjvsEVhnFF!!0`~WuJ#tW5<1zQ
zW+qDE`DR2hwp3Cn9(r59dW?7IZjlxR`a*=#a%*;H*T_BMQ5$|aNCHxMW0Kz{Zeq%o
zU|A0OWY#9?djJHBIoJ0UHQ-Jv+iw{uBgayx6F0rt$j<jIw+E&w6m+at?@gNKjgmYv
zSAIq*hsU%gwho**Ft~kyI%>9CkCASrpWC{I*%NmI)YuL9muu5!qrLr}&qhYO`iHz)
zax{XAWO!RwpWH^N>V1O)n+2RUl5z#>x~gvM-Hc(uaz_I@?N2~OiVyd8d%_*>?(Mh1
z$=A2^L`;rX{Y`y?U2<2$aa&_OgIhOZ)^e{QnNi9fLmKEB-f5pg*E5bX{@k;NF)gd)
zXM!DdW*&YZVjUd;G=;ml(32<+07iXUWZQxSv>7@r7iU(0`lz%DrB>Kc8C{X~`0Bi-
zPQmU)_hY($;Ih*ag-J{9w|Vd7^=Wf=v9=c2XIOqddfbPeSf<XwW3{Qu!1ou_6WU#R
z0eh*nn|amgTuB_Eot20pKQoF+yoO-Bm`;aDR?jw^tLAkp5TnB*O(BmW@raR=wIH!S
zQRQNi#s8QHg%?{*wxJ3BV2ht)*}Umve87Sr@Fx#?kdVUhZK0>~C<rTh+*!OKM&n|T
z{IHB*pi**rPJ9K+uPaf|Ef1{*A$rj83R-G**IM_=8CNx~EJnnAkIea*^}Z{%N7`QX
z9CtxO*x{GK%2F^{8vV2bR|2moRY@~>h?23AOzQa*zc5<3@ncax=8l^3R;npG7v`Gc
zns#~#XPvmi3#bx3BI+cmWI`{9M?&C8TKhYmsB=2PT^;ud&Z1zihSq4t?$yu+i>KGd
z`L)~i`DDnJ*oewmfT2ki1VY=i>OceL{tj!M?eGCPAC-_@>a0*;hf6dKC@*GM8Ov|A
zj^_)te*kG?gL>MHGTlTOT>)eBM;EY06t0#8rX>H)u~LXa!^bF%rg9;uutwU|5RJXK
zWw^^}CL(2N#o#N*3?qQ{(0`GkiptOJCf;zL^20x4SS+TlBOtO2T5_*rimW0okrz`J
zvTEFmFPB$y>`A>S;6KL(6MaQaMPMcX#nw%m(AN6exO2umXU~yeQJO#7?6540GyyHW
z2t`BFVMa}9i2mecF}qhJiQ`f`0_|%DVtopjHgq~6N29R}?O<YbaI~vWRIH=#oRt{R
zB0???Y!sL`W~n6zD##X0sn2pzf{dkg*lZclB3mA(3yUB^2nUU77dWUBvOcN~RDd^;
zTz)DmpGyW+i5YcFNLryADNF<(64hLslkkj1{XzGTnI9P`%h;^&9uVj9GlfZna9X8U
zU?6&`V4m#DBRlj$WDli`u0%EgX9gB7fJu@W;Q_?V@XUl3o{5n-O#qx^Y3|W_t5%4Y
zv}0XLB`R35leakJ>zGh?%^afE)>LNpO6LW&i<}*Sxg-e9((rfYOYf5=RFtEsGu<T>
zd&!EE5m{Lrx%6$Nj<kes!9FY|FT%N<$u997g;3`Bv(0SgQH=}DTt+usSEtr_W;1GL
zHB!Y~T1!#~nWS`okzCQ9pOfCRi4(mGJ3#LhR|P4df+-D~IV&t(L1Gyww>kQA=2NxH
zGFA^n^dN!ZoxsVFKvd#7-U&qA#4AUgEJ7yH>e8QIPEj5zD0z)zasYpZ=;ti%IDzOW
zooz*m;Hkiz?y!a~jqISaO|@wnPAQUEh6WomH+ebdzA%rH^6Fr~wu)BU=-<uUT<bjx
z&aL@cO3qoO<dn8ndT!Dea%bRVCSt~UsP-?hZO<fdvq-X8N)VaTuH&Cb)NdHfy~TSN
zm1Z!k)-X(SQ>mzh!nAo^H64dA;4{xqI!Fq(%^YR;d1AwB=1OU|*V#r$$1F~bn9{MU
zsTB{7Y$`L)7aFGKA%5$R2TRm=)(3-KLuZJzULqAE!<v+}5dDb@bRQMyv=^0fi`t7;
zx__BGiQP;yrgrOTiQiF`OXyns5Qtws;BiW{+C;-@3lEk{tQD9EyvlK6R8k9(`J64y
zz9fxGS0Xs&6Mh@IW((1`%#rfpO}&6S<k=FRJB>&4&OXEItP@juMD7UQ&ek&$KJ0>1
zsz~RCi(nyAx>=?pPYbsD&`TtVszebh5yd*YylzYu@yYAPtzolD?Z!7eDb|$_M$Y<X
ziD`4p{bsf)v`(&Y`ebP{i(A`q1%a&@WiO)_qky+o_<3D1Y&cjX<BQ^4+BcSwlBcJe
zOxZ-BPG0HAK*cF<7XC8;b1b|F&NE9pG3ZjxfH{}Er4<NzGF;aFrWqUo9Np-HS(&g6
z1S47%l{`gxk8*QqytH7-(;FGwE5R$ZoWV{plX7~wcAj63lM1uYfuNLUWzp8gFMD$&
z?~xPANxA99NmduF%r3KBnMFLWymF=mLHODtO3{XA;<rQcClx%_W7G1G-OMScp^0|&
z4O<4GXBG+^opwIqQrkRDnXq?@E72^>vjeMv(GibsB!SM?jO(d=TCZK%4W+bO_Uwc_
z@eBjo%(>-<fdv9Br82|0>dev2$=e3xKru5+pLgS?El|8#%4N9-KyyPHl^ZCN$JLHQ
zF_$Mz`zQv$t+i@oA_6ndlXz8_uZs^*8lRl13;I)phq)mwX3^Q!A$0!Xok?eVJW#Pi
z)*XiR>272mGET7&vkiM7wH#K<q1D4`=6TL+0#VsCnJKxf+)@UiS$`CJmY{hi<0{Ya
zY|MwRv1|%65xKS*euPca>CMV`WZS5?<<?{0sW8u$Cr)OSXlntmGCbJVx3R1H%!R|t
z2paPdCsM90nijA+S+8b^la6vZu}r)H+&o7VX5FiIB93Ot>)JXx$mohC1i<}ikoo|I
zSRwO$VsL;<w^Ba91?y|mCec~-XVo)(y32Ap#}w*5u>q#eZBuzDa!etnBKjzyMa#LM
zSlXb1i)2N#jdP7T=FflT@HD<6Dw(Z(R6_4}DR!l@x4Sd=lukzFm*<L$m0Y0o*3oB|
zdCDi1Q0WvdRwRI|b#o%+0jbQ7vYn@YBfD6VB>Wf2e$O5z|FgI4a;7-;0t>UEwwFjd
zlduKgsU-7RFpUVJU%N}C`}D!?V#!M3wV609d(eUDb2-1{b#mC!JTuu@N0rG+QrU^)
z@>%7wBaUQtGB<GZeM<G{YRj*uG;fmk2qg4WWeDFwDIHEy{<FHQ7VGlW^h^n3g22I|
z78GnQVp=Io$i;MeLE9~+nsFdYIg)aBaqWn)B2mCf5N5tM-&v`_W~W%m49X>6+FyEU
zE}ZnkLeuv?opT8J^4?DceL79NAJ_4)mu+VjdBsZF<4Q*XE@BYia!WJjVK@SM1{6sv
z&yND7n<@nrx+~V1zpRv2uB$42#o1bVqi0KcBfqpn?vzH3d`9lPNcN;i^GRMLcA$AB
zFETa3IVLY+_2-bhXn}L;by#T-Ce5EtS>0xwq};*uV`c%7xUGBhm=fE1z4Lkt#t`Wk
zP*jm)%!77|CMXYp6jU65&k41LX%2{Kk??|T*vLrMhOofkHu}2RTVaqk<Vr*k1}&^B
z3M`t<r_{WGR*Rr}_ZIBfWT-OpMAucnTRSApi&&}`nNx~GzD-su#UbAgIN6l+uvoMN
zT&P0LB>@-ITbc>DNG$``v-abg|0|~(g^9dsR3Qgg>HJ^KnC;7%|7%@Kw3h#CF+TSE
zUqfutaif`67O-w54=f)3F$^f{kq0bH;;EvNPwC{WBJfy6pG#sei$rO1Fq#`|U1PMl
zF?uTI25W6=Z;CEnZm=YcvuDY{%)D0GSZ-g#xXLnHEwgl6Lz_uZB8Uo8ZaHd|PrK!;
zAX0BtlqPDPX|m>$4NIynT@lbBRgY5XBco)CN?MqyvF6ZbYW#-J+T28fCz@HVxv{u!
zqR_Esn;XlXtBhY9+F=6%Z#HB1i9%~*==!0gI3C%NFT-OVy;1E+vji4->S!uR>G@D;
zf7uSt<W;idC-}{BOJFs$xvG{ccSFyX^i_U{e0C+TnoH&?U(C%qu*M5%mILhUGgdj%
zRZ*>x9f$${Tct6#KKh+8qr5)tG9gNbXm%E3vZ}Rt>VKW(ERB8D*mcsNY7d=-4vPj2
zsja6)MKSBfP7!0t6*ztr?BP*P8{^=(+LFgx-Jn$$l{kYcY{(D+s)B>pnYa;eq<w+=
zAF<aPI$?xac5Q6E)JDi|L+8<`Y%kGCMwh$?Wk)0tbLHrho?@1YJ{7ls&mriP#zXss
zn}&GIGD^aX5Dk7?u$tGBO4__om_<2O9Pd|WKk2m*2J=lS5g&Qb8*HU4*fb<{{;+#e
z`8YkZWF*dMd$!}0LO0!UogQJGq+D31NfnD0%^9d*$X=0|(oj|j$38x9Y*5bIez*e_
zb<Op39Wif+cBc0$8Q8gWww6VY*&I4632o+WOsr#R1|81wwjSJBXtpdg=w@Nzn;C*d
zo<(V+p#*OeN+>U7=QZ$(R;lOO6A$XK?IrLp-%!KEO5H-|Z;;B5DQ!Y0xNVHHw#+)z
zsR3)CN9C?qG)l8B*>@@o9jP;Nz<3Jd>>6fZ<%XI@lRY#?nGj7^1v5ySpQeYaC>L~+
zlT!3_3<01X@^x(M8#)V5;_BI0gf}NLS74qrP7S&!X1NuB9ZWDWfx$Jx?&-yGgfI|o
zX!CG<Br&>ms1N=bJd<xww1U_uX;C~OW*n8Fi93B*0s~{FQ9<G+&(GvYJ#$0|j^(g!
zFx1%@MPr2H?Ua%?Uz^EDveZpWgT;_%vjD&3NgxfRg>hyR%^U|OMVg{8&XZE1APa{J
zn=M&P+lt-?V6qYlS%oGxmV=a0izS!0#cX16ze9yIZ2m~FY$;1on>m);w7e&sBXrXv
z&ekh-(@Ei;0+ZHZ53ZbL5M`Ndl}(S>S)I~BLz5X$SP|w}^w@kb=MmaFC(L;y6A%gM
zSnf5-2W$wQO{h7|4#&hsXGBp*NCtk68Cuq<^9F@Wo`>4%9kWz5g1{ynT$m}S+<X-#
z5|M;W{LO+~c!FTXKc>%5)aV_TV#7gmT2p{ktifc@s2J3#U~VE5SeWgHj2E-ql}m&X
z(qJRSZnLr?QMr6z?&L12q-f$OE<upuJ~J4=c-RIF)BUoPO2=_->Gx2*aPUI;<z%cT
zNQ#zQDS35<0u^O>!FskJ3hZ49jHF`w2t`Td_#n1$W-0RvrNBBqrt;pSNDRU*Y+@8j
zC&QUA?BMkY`$Iqn5R?>M8_tBFT*#3(z|DUAGapE9As*tXG|PN3u*@2Lp|ETPwKI1=
zsmK>N-+Ts=Q_Jju6Nx+R{L>FO)A(VJqw|7_2dH>JWDjQH8wwXeNWBc9rL~tl*cYDc
za!BA@z1V%D#=S+#O4O68#C}r^rj+-0r2*b`j_7VcJ==TvW*)Mt&Nj~5X&#XQVG{{Y
zST7x3j^$!+oMrI0oiJqnOWmR9*-E`*J7+S0C16Y2Rgn4f2SeWNS$CIL*xW_{cp!+0
z(!81zK6A5aQ3U=75M>2iaR+qFDo}lin!)E4hQ27V*dP;YSq=D&eY!#&v($=3v?-MH
z3xUQ-w(&Y`+!4P@!z}j|)%;A@3NXM1^49KRv2f0M<zQ%AbDjh=n;7W%L_J&9H>YXX
zdv%y?39`Y$t5*}dT1<7j&Q7Ki<AU!R=rNUIW(?+7VHi_Wc45W}#8gny0F5z|8nu*Y
zCf#y9k_bi8;h=4%IxG*NrL{BgJYg#pG|M57V`Q0jL2LQ}>g6hlXvdoUEPlm7?JiZ1
zooxHXRn9Zi)QhehJm1bdq{DbLi9|!_m}%$g$f%{Ho|0fzE=Y9VF`|CMvF#Dn8_<Ya
zAVDciE=Y2DyriTsW2Kmq4ppf-wFa+gSrf*$Sz->(8yl>`xB@gMYM>ugfs1S9P&fN{
zQZM|Kju`boB3+$cXh&Q4)@(|rk>yjWJwDiJ;`eGe+Tk%bw3=gsD7ilzg5XW+*esb=
zfp3fTUYW>HQQT%lVUT6TV80+pzhFoA+}ju$X1^3}I35x!-}~h*%B!>f@@kg4vn5~|
zV)zttZ+3w<NKhgN727a*@F2@RMGJ+XOb7qU-=ZlQ5Ct!gHK4#nua1*=Go5sH1SiKo
z(zQD}2|@&Seg=T1v=mQKH?7Rrg4vw4X-p(u*fXI`(MtqujD+NrJZKfv!&*Tp1rOMO
zLUW1+PYg^D0;HE>5t9T(k?BdTpc**^j|4T8eS};v4mAqgC);W^M7wV?yVtX-s9{C>
zcz^>`sc2@uI36~fuoPfth0{&y248D>-X$NEj@(RE8iy$fKGvxQ{Pc+K#05cZf{ttH
znHv?*A_c?Bp@#$kD8jq?#A&S@XSk+QI<pONc19&GKCIN3T)`$;BrAy-b%cyo7BlJy
z8MRlMpfloCrPa3z&YfqKHnWO6cA(VMSf7r(n{@{SLEEsU0mL%~8JBMA33XW6QlM2P
z?J;f&(;_juja@ynyE-J!0#`V7vkN@Lp&E+@p`&14vqOT*@DnB{^Rdw87pN&EWbx2M
z-SL^8>%>P7U6NjH^NGjwikGZVF<g}JMdW&wM=%N>Oz${G>Fq3{8NDE|h^;IDmRZ9F
zfp2i545Vj>qg9|pprci2PT`JN)o<utL6088mO>w`x9&Jb>4`^4IV4hgVk_wvRLL#9
z{0;x*Ki0}4CWki9J6;l-aMMtw(UP=wC9#r=8Y)>jI!}_X=MbA$PQG@B<}HbMJK=R*
z8C!FO-HGZ;GxY9|N8b6yf5BIf&8raoRX+Z!rM1}^|J4$W)#ASv<71Eif<G|nuGp`3
zGO8&PI_UvEtDURqRf*mb1V&@GV$oR!Z&f)^ivzP9!?ZBP;b@!$`P@|)rsb$5xtsWe
zX*nx+hiL^kSGIzdDhkztYI2~Hcc|0c!nJJ8&N5)Dm^HMCEWP4cTrWT))FmLO6&Ddg
zKWmwVx@=&VbG)9zP0lN{YtFG<RS524C`n9ZI7X&2jtH%iJ3gzuKtWdX(nkH2QMNi<
z3Td^Xtd?Am)xsSvm%!v4&zIeplr71JD#~gBJmE{BZhmoARSL6W=-Q-Z0Zr#}9bzgY
z9e!hU)5&;xnK32^w1&SygrIkR>NM@1YB;lYkMrirxrI{JMy-Raed|Ib&aTXc=s+3Y
z3X|2WG_{#B1k<Bhsy16UOIS6`<W=IGBOb~19Q)2IX_v*%qo`%Y<Um<P#2E4_D7=|^
z*L!RtNpF%Arf2acZ(cKxzoZi@8DKvj|HX(NGl8(Sm9-Sl64uRY7EBZHS_Da+3zme;
z;1@yQykjFGc*%i{sCi!mdL!_TL6^<dBTcYnv>JM_jLBkqwMUwn_n8Y{fKHQ&dIksL
zu6|7#G`%xzwJjPP9^76@WxohEPQSB>VzULY*}}m*gV+RY2j&>g7Nw5Lc0XmSRr~Vu
zUnej{yR<#-@HQUZcJj$)e4A+Fpy$w(Sq#lT<jn~ycigQoYNsrESU8v+MUE>SnTu{1
zO2#A>Fl+qT!{%hv%_o4)O_Ws*qVq%=(m=o!V(1wBQVF25v(128?&_G89I^0XL?tnG
z)eNaCxtE&<e@pkqLD@HPcENwMkNul#=wC@6mU%hgyU3gF>SYCk+4IusyXP-B=oQ>E
zIA>>h%<JppFYoIvFG*v3eVJmG$(@}7nd1o*qIU6634i@cFL|r0a|2WY7_)0WQ)0{U
zWuDb@_c!?~<wIK5iw~LSDH1C(lU5eceTSEp9HZ=4#w|oV!MtyatFtRgLUs?x!iOn2
z=zj46zTpB~250o+cl)Uj#N;SBb2&Oi1-s<wzVh4>76d^tiNPV|36ZnGlsTEa#Ce40
zU5s-cCBypykCIn8d9I^%-XmFQ2*{k{A<9ZlWh_>+HCQcpM1-%@w9psx%_G{Pf?x|I
z63)rlys?+Uu<j9a@k|Q2sDw)GhS)h>GbeUDY7dbx&P*#Eezr1eH}$Z$2-e_bIl-eY
zE$y63DWJo&smLZb%R*<jeYov!%gx3ncsO^+Bh1~Ehrkr@O0xnU!7`e&owCsDqA?Pi
z^LK9p)oN4d;b=9*9c%x9?IX=PI1O>EW^x4}?@ZCaJ1nMDG1DtMqn4+s-GYTSC_LzN
zKBtx~bU+n1xB=riU<qhYSS{2``j~fki{ybACRkb$<jld;9kd(BoIs$DG+>NZ?d*((
zN$<c&e0Vg>u89lx#QWl-ar^avcG_}kloH^gh-C<HpRU2`$WE{@9v8KmfktAP(6WY;
z<+%wd<|HID;KvVQ`<n7vFBPtpGV7$&8u4Bq*4n5-Xpy%TX5(a)aa0?3w6WKHX{aFr
zNhSNNU(k-NLI;Z&_2Q9Iz?;M%_oeL@kyp+eU7669JXfrKXx5^UgBiA4IYEdjHIkSu
zNi3(}wmAxPuFy8;xs6YRle8lhz2n(P1JNe3ctl0_4BNRxDYCOj+)jOB54YR!MT>4B
zlG3PHO}@c&7Cn?(4m<|G)RHK@EbIW!axql6ASziDr5A>H%kC19m+rx(7G~%dWyl?+
zOdqMTO88vk3%%XN?Pj+H4lxvC<VG%WGUL+9SsymjSG9r<%LfAb1-5zbnx3I;=820q
zeR3~)M@*ZUlhrS#jjokSV&^ziS&KoSxxyCg7WLX4SsnQ>clj!k(z8Vi;R-BWr@2ak
zxaJ<ib;v@vgja1XgsT?9HQNxb%EGjKLWbB1tvphz)XrORu$JG6*%FA?s(|&)K3=ON
z?n}!nOEhH5%Y&P`yq62sVijwlT8sB76aUp*jR3GR@n20%v6w6VtF^Tj|FsyOMUMY+
z2Y@y62(Ts|0M^nNYbMd=_GoK+>!~E87)d3sW+xXj46OMX5C_&gw?MGwSx163*FwSg
zN2tQh>}M?&Oo|0-PGFMzS~yrO9IO@&RtpDPGT~s7P18Fltl86(ymT-ahgVo7n-lDT
z*<xxeG0E;Zmz$J~e1|@oY<31nFPIiSV2op`qL?wh{rH59%{wxzS$N)rYJp&fBoM65
zkFv%5Fc~FLQ1>&>BTZZu=5Sf9#e}(UTPuM_4>UdlL&N4kShaYuWfd>xv(48+#cH8q
zwNSBYg^CFwY$-*HIbf3EsYQm>BEx1KGgVelz>exoYLm4-ha|eJLdD7sJEbP+tj~Ms
zwYafb+?e+zJtoD~qQ*?uxN?5Ryj(S6$1D?zyV;6^$O?*<_O!3$@_2iInwV-T6+?zv
zEQ=t+hAMD~7YxYHWapwHnPV*_Go0Y`)eR_<?OOQG+V36goiYo%{p(PLmo=O5Wi~~;
zlE|{qBF2+7%i&ql#8xSkthu_eWM0r#ZsxYE+g{72!X;B?xp*&?T5Oq^n`IqI)J$Ea
zYoTS8(nI;svKmF$DZ)9+Fi&a4pw7Ws%44c46R!NZGd7;kvWA*307XqhA6|UgOEj$o
zzb$C+o6o{H^wDpAfGw}^H@|gTdhLq0%Rcz6xfcEQ%!+=KDBBhRS3>zU_xgp5i?eeM
zS6tj`Nu8aqe!K*<Vh`I-8JCq>%v>#It`;*_otQZqq-IIWqMYqvEw-)}TUU#%t6pqf
z^PGe0nrqQ@wU71jiT`5}N7cCeZAH2Gzi3NS>pDmLU+cPPE&gv&K8%a8kUT!=EF6zs
z$kx^vJ*Ba!2`^-8X~K9s+l6eE-udQ;*b||6OEbcbA!KwWM;&#=4a@vc#Lx;wdTi#+
zrw#iZ&W;EKyG|%v*h?LW*p#3WM;ekh8r2QC#e!`<YYb~+vTlDLFJ{e<mZHJVo6j!j
ztj9IZ&6|%+y!X1j1;;g393S5mi$?bVZ_gQOF{Sg(8z8~m-1aQw;q4d`3JFv&6%st!
zE98^88B&iOgh@~eDWO(3D3AlV3gc#plX9@lK_l|P|F{6Y4-3Ffc9Ic-QVa|e)%dfR
zqqYbwn^O1J$3men9a&k6l8I)z-GlZsrIs=ydDD-4X{|p2F*Tk&F?am6LU_XoK`gGM
zuRv(BAj84ad)+0cjwqLdc(f;PML4qB_jx8F@FHw;chprJ^<~YU;XaX=NCxGZNt)DH
zZ#CYq0iTLuAURkAXlS<inmQV%(`IYmvMe<;&7na-9kw<lVxstzhlBKqVkEwFEFDhc
zvxLB$KN|>gA-l3aqZije|5+WR@^o6ChV@<0(cr{91l`Sf!Qw^hJ#3n7(yl|;^`dtN
zxl;w+=?z($*eOj@YMfvd9OP_`!~T*^xCMWgVH7i5TxW#<9ThB42gF>6b#X!O>FXXG
z+Bw|2dCREp>;<h&w7xrpJ8yFXZolMADxQ&{ypE_XF<m}g_ryoKhkJ)mRrK$?k4FD9
ze<ef9<Pa-ppB-0VHy_XI8O#sBOsG8@`$uLE1>c*?LeLb6Mw&}BU(*t*{wXQ{PgbXo
zGV*_{r6uZ?|7-U@FUrR)|4*_DnPcXK%uVpMxjhE*|2nUH9JA5_#<Q6CAi+7SnP9?v
zU>31>uQLk;eZ)n0$1Aq`33k#>Tp27(^MnxjT_q$d5edf85Y4SLmgkz1wH*Xlo2h@6
z4d13@Fa8n@QBz%sMwlb2)PN($1nx~d$Ap!GLz2clb1>MonNk}x(@qvnp6!^g@KCA&
zue}`b!Aa~;ug``4c=P|v3~~aXpQ`jxhW~@G)8@?o6m4y(@&Cp6#CHr04v&sdiAy#!
zQwn&-Q-AH_z5ey2c1qQje+BEm)hYkAwnl5~e=$CO>mMngw)~&@AD{J~8cQD1^^gD5
z*8d`WeAhovKyCd$^FQ9}Kc^doiM(o5hX<5h|1GZkudS^$`_H0${MNsqfEo{YW`Dfb
zKXVnTmIP3K|9AR-v|&o<+WKFFkKg)d6i{3J&-72J_1|1222g(gcb@;WHMO<X*8gIB
zO0WOs8UuKSf86W8U)igUYiYH5eUv}{ZFcJav1oH`{V&F6TPO3n2y_n)Z0g<INg|C&
zJv**V1Omc4^2B=fE(DLp)qNy*qRR<0NP?}=Xb>9dAL<%S40h5=^m|Y5aHvsoz|;f$
z>~?VD86%xU@;1;3zk1}vQTT2)FbMqyMuxlXg(u}7NwPao$19tvtNf7KvuqF0z%4&u
zCtmUsE(0e6fv(|B0yL6O76Zdw1AV<4J4s$ak2nAf{<c$404cp2@n{*qwf}C1vEX1s
zfjV`64i91bySfKQb|iY@Lw$ogX+Xkg*YM`}XlF2n4lo@!`0fz?-PG5$c_c&{03W9l
z+GJvodh>)tqwsIfa4$?o0$xHN0e{T5`_D=;P{;agNP2YZTM1|cmQOm}9;nOgO=)@3
zkRyyb02o@F%}}5&nR8&tyIkNLn5hIi;)X_(DOw93c90A(CV(dpNMc|ayv=7w!??3q
z{JGXiKdYFBgJ5mc!=cr>aU|M?9u6&S?a>ww4~Ij&L>Khq&;KLSS~h|UXWo63<Nwih
zF8fbgw5i7b7vqC#uy>%lGugfy<{wt|ZqD}6V**#a^alP3SZh{(0j!X}ke-fdS^hOb
zdF5y)H7W-<yMkW(w)Vt30}}h9C7PR9d2@r<EjEa;bJ$O|MU0&j2t<<jFLH`BX-tyF
zO*$~F#=$1i*vt3}^b#VCJ&Eq&(Zoo+d+TsKF))ancR1eNH5#|LCkF@k(t66kcS9E`
z;A|H2PHWk{q!FIMA9cK4lu^e?qh2huQ%>o{k}XabA~MJ9-9!ckM@f7~@5rc~8}b1Y
z##6msVQ_qIhFEZVm-1w%yYXS5E=&0-Fi?5H+xTlrO-ntn-vS%YY_9n1`MCN2aJ;Lh
zKVHo~%JF~X`F8%_(%e+@|5=oe?E8&g-oSbDN*;4hDh13eG^M35(l<%73Kn$c`41vC
z(K0B?D%nCn1aBxHFV7HVO3~8HvmTQR&R8K-86~SssQC!lguaTHgeRq9o<>Y;rzZCX
zCJTjJdt>AD^mK$#WsZ5hNA&!JAkIKw3+5P|&{gWJo&in@tr*F?mSb65m=8a)GXnv@
zA1Mt(FUE>AZi~iH0nd&UGP$$}@FoonB+?V#L<%ZARSGPRPg++}0IpRKN>LQi=Z><L
z24R-%pFzy>yYzS=u6J042J;HATQb<)OHOf?WlD=wwr69vqfBnXDnZK(G4;pMvy##q
z*AikY+0`>B7fI>K#-bsWf+9V7vWPyeEaVLz;?`kn2}+&e1WPDoQW;FT2h$@+#gGe5
zdK9GoubNd<>``)2^BKmUY|U!>i7{iqtgsq6HBXaVW|L|JI%3GNp27415i`P}<r&+v
zkBmjiK^L?H)?iIZQ!<4?3~7RXrE-e_s&BA1skU(nDjTiTow`XV8?6L1jl4Rcqz|2@
z;pYEL{jX*pW%z&7x^>R;pO&_kn*DcCKC4I%^Cz!o@rtlOVFkjPS5stgpl>I?;vmcO
zhC4${*|HA>R*iNN<}!-ksPh>8f|4eFF^`k+2R~aH?G#34(9e6BSj=+LGLLgTuVDo;
zLRa+~gYQl7&@3=R>ZfVaY0x!r*Ro1r7HTePV+g6Fwh&-*`Np)KRML%59?8BDbQD`h
zu*h9qSi7T7`_9IJUh=BcJT}0UD`^A)p@GR&c`>Zq8Vm5cfM^4;!xO{SvmCz|YHFyk
zXj9PUgjS$AbAY5V*pJs>;7RtnP8uH#%?^$Lr_HI^6ij$vm1SM(Bn=e$6j_DLwNJ|y
z_XljR$BLNRl{6HyA~HKQ1B9U^6KP%FTg<VF{YnzL*bxYD^GqiJUBb`<mO-hLL?Ya#
zgeOl36l?)GjZ;ES$zwbzj3Z!Ds*zKZ+PDUU#XoGP4XlzCNz%|K;ggak&NgXC)9=Z&
zhOrwB>2u9$Fb7zz*Huj@#AbKao_&hD(@8y}HtMuQBNW^MKV!V-bK(DFI$JO%-JN<?
z%csUN1}K{uy-bl@aV#w(#F7F^VI?<VVI{Y(6e3tj7b4gVu+A>{jh*)PoRykMzzLY1
zD_G0YY^FKj1j{Pto*58DN{yH`%(#-h*`BQfy*sFYWgEEYA+Wt`7|DJ+ZuSk^Gn!#&
z*@*^_PzyS{lE8Y1cO3xPQsIR(C|N@b2-q!~M1a{?;o)EtDAm|}h!&7+tv2HXwIhgs
zK~@DFyc?LtL^5fbH`&fj#f`Q~ZJX}>AH^7>v6_1fZu09|Tm8>}qt5f+mNq>9X{{y@
zexGOg{_i*c>V5?Sfl=O_cOT{CzgVorY5!f<ysjqyEyf3Qn9440hk~g13Pmrk?kj=_
zBQmE5`7Vg%_;oYxY>5Gu)k`rj?=cOzlk3)pLbNuEh(u$9l&~`ZkEN>6P`k+2$zf<f
z!VR)E=oJ72DzYH|0857n71~Aayq@8~Awt7JK~vOo7&FNVi5{fFyLN&8*A2?tXxvt%
zo?VK7;xL&~@)&Pe-x>|ERB&oW(bDo`cp3`q*+bz|QYoU4adn!gX?jh75un$Iu{?JN
zXq%nEGcb>23V3z5UYw#i>S&{#!E@ln=}G!90<sglp!w%Sy?!ODt7&qEuD~2+tZEth
zJaP_uetJ?F$27^_E#x(YcHN`r<(@P6;`EfBmwP@KKv_=<lN^#wP64?TCKtvNA}Ku}
zl975Kww@;gVz*J$Q#=!Xp#uCfI>-@CA8+gG+ZrDs^=nQt)`SWE4ei+jeMVU9Xf8rQ
zq-YM|88f2;=s=ZXWCQH(E)Q6OBk{g?_b6elvDu@!4>)<yd81ioFr^0GUuy*L5?gwo
zY&*ZB_Q1g~2`a%*9h61&2up$D1m(wYNu{7KnrTP6<}NTji8c&uiXw}4;Xq7q07|x#
zlZ-HlHy~vA9dHko_~`K)8$Tkz1sA<cO#qfxiw3(aOys}-je%cND-g$Wm;&bVGlfYg
zjCgBj*;PZh6wU8+A@c8snwQl+v;X+*{|YdMYV7^^Dd+zei#qN9ZPAum{Li9%R;`q@
zoiQy-O%BmO;H<52%&omSF)})g|BUV&iYI91gic^2sXjeBu}#Tu?}p7SSX=nZ_v5$z
z*=a^~I6yi1KicMs|8Hrn$^VP;X{g30V4ijf+Z;U%VQFufRielZA`vW0traGPQG-Pb
zPd6EBY-)wC?M<h&H%D#hCaVK!X~xFP$n|Zlt<9|=%%Vb*CbD~4NPYL#;Y5FYbjx7R
z2uM@eVg|)K5De|5;yXs;188X-p%;r`nNXlg&;#x^7BvtZ5!Yy_r?<E1<^`XV{9KDC
zd#p~UbZ;ODX6H>XiLsN&Kg}ax+f!1X4VhWwY}Mffi9|?{Ao8KD-fULy+1L@J(r5Kh
z#YmDH!41+9iAMH=kWJI#(KKgNH5Hl9tBfx5nw?Iw2MbN+OOTo|QzO@e6a6~@Vs5Bs
zmVKrN7{#%AuQD{xe{%?Le+t6zg7m(gKwX`tN2c={C|E&bua?W9v~PAv38bE`KJ!R{
zq9zoyazdJkH4`>aaenasL(R2npK5*l_J8WAP$dPRoc!MwbM61J)|&tSqI{~u^DIY}
zSqK1v#OVIt%=iD+#^xAlinX^ix5r%m5!C^<io1GGd{gg0FT04rL!1!SzqTj{6D0)?
zo?v$I=ihhzqw~??tpBFgW|#fHsi_wKyC|RPEGglfHk;MY35;c%m!<#MsqL*T?M<;o
zm;U)83{cN6m0SE-&d9`Ye01yZK!O^f>A3I!!Ry_$p5JR=6VzX(A%@w7`$tF@b)f9w
zcVb`zQG9~}>WG?0w+8ku;NNQ}v=;E|mcFc>=sb!-qCU<}VAugSbKj)qYsnF@T2iw=
zx3zMEg8<45_f5dH{m>L9n0C{&>I=<?DkMmii4?Ry9-|qKCvYyto6J+1=4c3hH<K}~
zK&UhfnCPV-p|>gXy9uM;Da-xM(u(6;DyTXZg6v5|0yE|ShYt`s*G*_>B?HPv!(>g@
z#_pc@8q5+7{ZjzC=?!n}IDr}IEmtho983yp1A1oK2Rr4!oo(<;Qg4I6P}6w2ww4`k
za2Rl`tR_7vQ1f~3a}8-^L6&JWOsNA87((opf`B~wC_9-L2Q&n?=XJmtcV5b?IXt7|
zuBG;dDGK=M#(0xilOw%EO}yolS8Fz_;as}vP{j7+^_-LmoH@#hwtUuE)IOi}!4x!N
zr><a#(DSF|aUSBg|2y1g=ha8){XYh>zSI9>U0bwf|67!gm;FCbu~We4;AmH0Vt8=-
z2=EKo!mGFgv5PIKZ?__G+QK9rZej{%dLfH8jyG&*=<84K&8*gTWNtbpLlAc+h8Zwn
zf|pWK;|-dV@ODgYdtn!4u32N6P}l?b8;Pvhon6DMD8eo#PNLZeJ3Gz08N;k*Bodsa
ze2m{=u`3vfn75VCXCWxEhx($bN(%REC;@fNLZU$|hnq@uZEXC`2kIMNZQN6a$~(Xt
zVd#x6A}2Iu;gm>lR}f&pUL<e7L2<i`*r)JH7}y%LY*NqDtkzORzTp@0GxT(v-IpO<
zog+0X5{y@T&j!w>d~t;Ugi$dt+l*EyV7FGJjr;Z<7l4Kzfb{zAFv%s+RiR$K6eCRH
z1KYynz`>9MgX(^~oDL%+%sV$(--vB!o4R=59iL%tU54Rg>9m-)&ZKm_Ih2YK>=_id
z-tW@(z-tSKVw$C?*~N<P35D#71VcS3*#hh+(R4~eAtKT&=%$zh#Jnz2y1DZpTL!q5
z&#OItFQ#-Or+l%d>;6p9EtAXU*sHjU(s9wH<2K8K)n4fRik7XG76wd{PPvkw*cICo
zBCofUFV01oqmA7S254rh0V)VN$sp^Q_OXHNS}!??!Ot*Rk87TN%K^24K9<_BXU`tM
z33eBy#HAY%p!Y&OM-ro1o>;$=FtEf^Xr8ss-!$zZuoP@gXS^tO%<pE#g3YvGR!j5O
z0vi6h#e6NC>4-o`!0sW3W+|PY5fH%%c%$@kaVD>`0=w8S_Mo~XdCPI(oLw5v%1b_U
zq~024*c?aL1lelJY=E^T1Yu&6gei$8m_HuU4!<GGI-26Zo1oa6+O<nuJn3qW)B_J0
zkJZT<8$M}rJ!y75X>mPibv<cwJz3{^a*F&UP#4-GO_;!q_)W<?%MNIm>cbdEF`de;
z5tpLM;}g?sYM#u~Oya(h%!LfMBqjk|o60G5B(%;o<FPg2HRDbAry2jW;Gb6f(}sW6
z;h$61ge*<V8fBe4Oj2T;nl%(If$#;+v`CJJR0ngI6IyMMo}1#Cq5^7fz*KF$$Li2*
zZ8T_7FRzUFm7cY8i*7v~fQ4Wf!nCZlqMsZa0)wRx!yV3u0B=t2t;a^Cd9t^QQ`OMG
zs)0HTdM)Uv<1OLw*6?^+czj)W{1jQ`ri~$<W>bTC5{}1cXO&fvr-I|To#54Z=AZ}&
z95EXP+xZ3O6j?DFInx*XHWIdh@j0|S4h>|GG80%D6Y88wKEddbd$9bx7VPGdf|xzq
zb9~IEs6eZ^UdoeUp=r_PgPE0-bZ%0C@u_(&N%pEU#xr=D!qleaF;)1E8N7Ta%qk*J
z8^s<)+agb!m@#UNe0EJ?w&WaUE11NrYZlWBH-~huqpIFAV1pIzXf~wMX+(4~v`f#i
zj*RE5I=xUlPL@~8R<`coG8?c3nv|~Yj&lhv58E$(eC@v?jb0VbfXn%Rv__kp_TN}7
z|NG*6s-w}{6OYW|6j&xR&y(O->jIqwSIr6JP|x7}K7Q+;XTPk92S~a6PfhDw{$I8G
zUl!?8oz;W~Ml`H{Hf!G^G26<QJiwZp7svywI?W*0%j>CPk|v{~oUcIdx&%Q0WFHVO
zF|kEjEvV@kkj@l?mNR{`$>}t^1$&U7hQkqd#_gGEMXJZ`#Bym{?^QpE!HnQ^0K&7|
zg4r@#JB_s|6^G8G){_jvvZ%y@VIo(i_E)nXdK$4cyEm&(XM1?wu=@DGHg;BlzRc`k
z1&Ir*9_rPz{6D4nfAeC*|HqnL@?Tq9E&u=Ge5%7J=E47)%?%({Va}53fLz-HDjQ&J
z4|qm@{P@2}c36!*O7s8LSc_Z!Z?5J4UYw6l{P!$9z&7>9`+Cp^tR-sq32TXxhK6Fc
zXsD^O(Gmr9f1ym61S?X~M><-<MY@{)X*I52DcASn_SJ#1<|gRpCg|xUSaTBebP{B4
z<EDEc^<gmm2GK{y{z~}0*PI9!(}{4G&5^LQCm}0`u=x#!mtc-nYYa6#zQ#&5O3{~N
z{wMx!h}>F?$ClnMhI4RMl-iXX6#aUdt@Ghr+#O{AEaydUh$?hUoP+zL)aNX;1#|AR
zTAJe4@^%Y07Fm@BT;vT{DTvfS7o0JP=X;p3OY9$2XNb@tsL1BBSrEoZ``}J<AuE!|
z<G2zQCSV69gi~z2%ahO@Wkb=)@_v;(5p}T}F$c`qgjGn%HT+o+^cmsRIR`4^wTKLp
zb4PK;E2Ji`o;j>cQqcEOXz6&&!VF(wGFB`Q3LBPWWD9Sl?G=&aF%SuBtgm4eFI}Wk
zo*f0{C&Zjk*YUL#1}1rX+UUQWw`ZMvd>#g=2ATjQu31CH2$U|Y7P!PvC%6l(<0csE
zAl{2&tTDI<MmRz!vW#t;LaVYr?O>S*Zz{|YV-F784}}Q2b;4+t9O1~=vn^%{qoEaw
z3Ln2OL#$&_Z?FZ!_B^5F$Iz7;7;~DTPSA|P9C7O8{k~p-%|4OH=qa@`I2AmIvm2>^
zWkirB(A_yQJL=<52_WmeA8{Np_D;LN%~0ZQC{gixY%_P%K<KPJo2FKG)Tl1kU;NZP
zCGzsv+^%H7EXzbN`^h)DNsYs@*KqyAza><8htTARz-6ilZ5!~OR9M?<!fTl3!7yGu
zlylE>MRt|5nJjR@D@m04XiiR}>X>K47nqmVu1#@A>6ot;labD5(eQ>juB{y)lXB#0
zs+Wg9hlpz6l9^Pf+Dl^-^~P&5<Cv?{usI1-G;I>-=R~al0|pH)RU%#+sMQv+jgjLR
zF&?tq=f^M^Z4&+CS>tBPS)8y60<tX!Kh`u2KxeVpL0P@Bw<ndgJ9Jw^p^%NoY>$#_
zDD+O*c)Z#5NNUq#FSnAx`nlrS0<*;?W>s@c1i!$d8uO9D`B3?M%n9uv>EQiNn5H*I
zTbV7&DMWOyZ6Zm~AtX%#bXo&rm@1u=N;*x=rBiijQ9@qL=u;{u07IsLCKm<B*2Mxp
zQlbeR#A-~j*{?2#q8Txm(=e9<P4CsPnNnHoGq|_YQYmeG9N^0q0+ifS>V7noE(m)|
z06g|>hA$P7Vtfwk3JC)KZ;{rQf*9sZ&%$*zS{}#tCh*TB{?UARDiNqQ@jpi{i`|!A
z@?Oa>P+GDUftCBhv<u3SQB53SP=v<yIamcgZrbDG(D=A{k86$N<CZ<H^~n-!ct3V8
zaF!jz`*91}U`h_TvJsDak9fj+#FO45))s5Ti_Gmj2wG0aZpC!~Rf{x^K)ntQ6G3Tt
zw)@+B3I5qa?=)Y2=vhef2M!)$nwLV*#?*qA<aZ_*_O)OYqER}FxE9=*kSd}MfqVyb
zn2(#hA2)kHwo`{#Zw~4Z>&-zOV!b)2L#($lYr>TT>QIk;+<WX3-eaHi9=o=t{K~LK
zza&=3m=1sZ*9Lukh?YinmTO}n_lw0|8?zq!0`3}%zc#W9wK%8^1n;Dmy<z66AyWNi
zd?7SMX2Z(ho!3mKSr|2sc3{`=9NGVvB{M8Et4<OeN0-asnyJ{Dpk?cA3foPg)a=XZ
z!ds_L&q+pj{G=2#BU;x0ggUbekK${lPD-r_3NTm&Y8jSIlg@e$W$`4#QV`)gb%C%C
zucYqDOqJ9sLMKNwg<MiE7KAh%nw18*)<syIgre5QAnD<_#3DjORvbmT8!LSx@&MD9
zg9j{|XJF$_(sB<0SCK1Ah&;2_qMlk4iD-;xXnVw@_$+QF3oqQdcF&8=h{AJHn5L7E
zmn3LYi56fUEo2<1?i{*C_sp3@7FkZuHmQ_?$!?|9=A1*bxFoeK=u9$c#gTb*-V^E^
z^)qNfZAm36n^c#Iwg@w-l$lW!hh{UQUc;W_tb)`5-<ROj%GyMkDRpWVi?K$_P3deG
zsXW|JmC41`_8b@gQl_91qPW}m?<0y^b6-^%yc(@|U($n4d+G#e5QV&wH5BeL<G?T-
zyUp*CW6_52lx8sb#`4Y#d7Vr1;5ph1Vq4FtdBy4FRKanJ?eHcft+z^+EkK<u)UOT6
zN78cV1)b-Rsh4G494}8_H?F{<Nd*^(94XKO)&5w-sU+<7qv{}Xth$J7S{jISQap1!
zU|HuW&$BF0dRDcL>#Ipf*6`WrhXqUvJARsHkg}@z6OKR6Q`S`MmQWI3Q6GHOh+`qf
z-_U>=NqzlQSilht5MbLPGWG_}l+b4~!aQ2hx18PuonxV6NNECos3|4TVOL7<7T^`$
zx4{~jo>bV)==y2%=3UPKu2sSQi*IZ_s9Epb_t`|x7(g>iNzM@n7-WNT?!SvPAz58=
z6<RQEx@Z$pT|4w<l{zsOGg)@SJmXIoep7wtR@zNM%Z}@Z!s%#MUOyrmuEV)<!on5~
z1I^HEgXf8r5rbiV1rk$ErSK-4bL$Z;WLpLHOLAzHkUc=ki?HmqXscE&28l<l7CENQ
z>dT5!w9$ka3+Pkd?A2AD0bthm4C&+DJG5NpK^|rhfSy|cbiz#?`b=Oiv~&3;0d~%Y
z?>dQZ=y(OgpbE9gbTldO8rBcUZ(}OEd<Y}iE#kl(uxa*W!HEj1+h~Etgp6U7fH?Sd
zPZMnoyLC`RMRk{=9Y9&)W&lbN2|jW<a76@KvCSy2QWsCm1psUewz#B%_#9Jt@Q?k#
z%V`e_da<#3&tt4P&0}?get3w&EW>%^k+C+MW2-dg$Bd0&%}|(F^YEAdXgBAI_htTO
zCGpCI3gU^9m{T{%@aPUDDqp{RbdkhxcsKM?y1Z7HA<8($q)1_tBA(1_P7d;$N7RVC
zX63}grBsMm$jt7~F4Goz5xV3u!OYJ%Y|m}X37Zwv_X^JnIcARzoPmb(FPbUJ*AGZS
z8-**MFJk<*#LP^x;DjY51zy6e2d~tST)N8&*OklGT-l^Ch&oUO0U21$?kg%d+w^)z
z@uDFnGj^ZcDsFZ!U5mHG**lU!f-a(ZiKHYHJJn5(5a@*nHo%1+-(OI(^!EBHwQXgv
zMUEdhXyHLMyRu@&scZ+LIC{=#IYrAGat>TB-i_OChOa&jc%ogN4I;vBXVs{{LsMp$
zJ^~1K828^y(V*L}l1i~$8Z^9GMx`K49gA_Qt$tD%GgmsjTC&V8?~)5b@`aS3qbB9-
z>+Gex+0h3L)_tYaW}#0<?AKbBypPo5u%H4q&jFd!sA97nRbeu(swAW5Rd!WOeL*h(
zRy#>cXdWXSt9+z$YCpNa?WY!grdpgcRp&KLJygm!iO(_D_5qdD2yCO_C8;AUOE0OS
zWqx{|Lu#&+_{6ACD8aJ!iE6IMQZ^qz%ddU;oSs<O%c~qr{Y<_B&UyJ;Mc2OhUijvJ
z)f=F(Pgkgp&bu@-riy*TK;$q$IVwzjbzGD0_dZG(ltsKjLP0^1kVaxCQc4IY4Wk=I
zNXO`IC8SFbiO~%M>F$ovHDKh%7~AvX^Zo0$zxH}|-}j!^o_pt<`<&}sR~OzX$1aWe
z$74CCXajmWS(yRkzI$uA)9Atv2APCfj`dTqSD|^#HC=zlH$C6{&X;y%g7DGTV9jIm
zf5>o@(MBA9Zex3|JO0MRQ0$IO?iTU{(l_KH?BLb`xiV@j-=$qvQQG^iFGB}fkPYH?
zdPAI-_2N}YC(EwGqxnpx0i@zL<zMrnFQ?wTsTEwq+;9`w@Z2cmp85C)F4Jt!x4%ib
zm0UpkBDaZ{-D-4zSmCGo?o*1%=g$1ZoJQnFJF;`n6pVFuuKzQz(79|Z^Z&1vbLI0%
zdR^cy*d#f3<mGkk&x3vm`E^)JOxoQFvx+Tq?vA@mQ%veP^up6gspG^^ioy@ox)Lwf
zS_>NHbmJ#lg3bFG?=$@@f4^Ds=Ft-p?fIB+srl|*_OOD%Q@%Y?Uj@ntTI8Gdf4$eV
zOZCP6w#<797UelU<xAX0<htALpw-??!1eX~jP|k=-ypJSMiYSpuWs}K3y*9K>jP^v
z=_pX6)e=An<~ryT%`2kLQWci1BOszX;|#H|Frz;RG}C9dt;BR1bc!SQy+Xa~yTjOu
zzrP~_@&Z*a;s0a0XWZxvxQxy1SQ}3u8oT$B`!k=H@kQ3HjN^Iii6P(vDE~J(y_-LD
z1#z%(S_U52M$P=Ma(q>5W+-xga@(p=!-hd}sZSv{b>e%K!6-_|`M#BOx}cJCRYbAT
z;*`Yw@B;2fF=UzvhX$R*t;FezileOm(La50lC`47FRJ9V?t3yW`rq<|_=h@bs%$a-
zsc9yTbT8aG*A4CeG@j&k4qcAj0?(70A&P73h?oAEq~dJN2GjvHE(HM;0YlOIo2!C<
z9%dr-grz?psO?<MPzDg+p(3GTmf)1MOJL@iU^Oue3g?EsukjlGh&=suPqH}EgeAbE
zN}^pg<^|L08OPvlA1B2e-@B)i=5Hz75HY?FW~yI^1rJ;MDk;{d1m$`@GZvi^-xR=U
zd?L6Uq_`aA*Id&@)poe2U(Y_Vw<%r*nmDt+6$F#?iP0wk{vwo||J6>)w4a*ky<l8X
z8m`;T>u_FAe#AFhUK^2YJ9|6sS-wGM`gm&`Nxkj-_Dgj*@U!m0-mm`G|8dWc6`5la
zrR?9pZaUA|n?MXv!lbvC(}mre{O`=^kW21sJ3X(c0!i^t)QTO6niQsl#z$9a{jRg(
z|ND5~rZ?lt<*D);@Srqw_SZ?pwEDP_yw(X`OcKnBZ+R$ihmTU=l||Y88Igr2)=x3<
zHf%&neCyw=iwq0yvHp7R8;YgSp{rO^)T0$2N^943?X}P@*IxUOs%CWm9;-^Q@ZFqA
zUD`3C$8uBn`?@oWJGVh~2k*b2#qN34N)#}LhHh_d7L@1iEQ@}g=8n<m_a^?92R9Zf
zTmME>z+7!n<T$pq$Msch(vH)`o?g+9jS{r^`H>$rB{fw7PYa)!!m#^fF6NJzP`Y}x
zA|>A=8gseCeiF^jE#z;O{;jJqX{q3y4;>2Z^t;Rq`$~mxAznGq8kj)-@42|OgrgCk
zL_f;Xn{u<lahF%>;Fox2!6bP{>GQ@)TXvN?2Ae#nMm=dI_NNJV#{(0_$J}qV-)u&P
ze2h!xcwcSaC=IF0*%q+*)G5ONnB;%*`>=JG3elHN3YI5(@yJ@q)^tM3rfx5^H{`Dz
zM{w(79ZA?rdQ5wHnM$Uk`^9<1t&W<6p3<xtj_(t5pid0-B0qYD#T7P;9$O#Wnm{sH
zIozLs5lf!L=!sOL?s=>TH24Ms`-nO2HV3Bvj`onIAbnPj2IB{Ys9-7Ki})V)utIj$
z)+gVNS(x8#Rex%_(Sx7Io5tu0|Kce$dU5qLZ&{?~V_rgGU8r>dH|({?y%cq;;QJjR
zOqfDr%-o(*``^k3tnTUada3=lehJFnV*5_ivT$HK7HcG%*duu0%3Ucuk;;!e;ctV9
z#C{hMagF^?acOBcFqz>uFR9>q$e|7x)&A=XOI=Xw$iM;3Jo%5p!u0g#MDJYRZ-F_~
z82~cVx6Vyjg&?B=^}TxpIYs4HVroOFUnldJB+GOWKTX~Xf~VBaqaviuq+%+fl>hln
zuPpj}VhoEXmXC;;@dx&%_`@kA8&m2VyH+`3yeh|H&tp<9bR-HB9$N(8H|z61CW0?R
zL!L#w2G5vg8p}$C%^sIUV`922JMdUHDftzavn_nf@<awAe{2csS9;}xpaRo0_(i%b
zQfxH94oS<?ovS*!0xN)F*v0Z~pPY9E-W~tgI$U@ahP-$=!JXc`3O`rKAC2a<vW5%}
z^{cxSzx^&}D>9{TEavbaE9iBrYQd%4Giu+C`j{sOBF&yVUPg$D8it<9<NCP7^%>Ry
zIw7&wNK+R>-facPV6ltb?v4s{9`m+LmVYn3`(veTXQuwxO#+??Yj)>P7Za9BGU<p2
zUu4SfuF{*TUcr#8OF<$>R!`;LD}L)$^BSn<yBqPR%h}Kwg*S;^O-^HZTWP;_gOV#E
zY7&gtQ!`9`-TsOr7n*fo{-KT2B*pBg<yTU<XX_cix&H=6SPl+Nuq(-xn?ACz=AX<p
zpZvYk6&un&e@n2Gf#zXs@|1XDw@<J3%h_AVr+r2D2)y6hUmx_T(lb3?@aPq5ymtxy
z4GoM{IS~g_9)x|lr0XMStq>UX9C4_ox*Pln#P*PYlEn^<-dr0&Bj)&Pfu7_>yolyM
z0`e^fxeXA*oq?aV<@`K!Gr$7}6A83MgQ>-(?XdGu)35~sx$|Id1@Nxdpc>#Y&jfVL
zZYIRzwRA13D*-Qu9U&Zy4grougF$Gh)dAdPg`Af8o)8YDK2L6g2Fuk%nF6kMj4oBc
zmDPi-sF?%!=kA;Dd4xtJy6}t5is@|6Y*wKWGa(qjpuT+m5NIy901To>TMpo5gY!VW
z>#r-Ij>iQ+%se8%4PC0@|2OswxOh4+QFZe{3jm}3-~HAz<+x(8KpnFQfYAKT7x6j@
zLgYr-VnJj$@Cm5yC0c6YqiRQo2$PdnU_uS6iM*W%=2o}R%S1Qw$R1M79sf*oEp8jW
zZhk*ZG8FFiR;m3c#*|0c2*jP|GoD825i#elml8_tI81g>aVw<?7!Y&VHZ^@?3E0Qf
zik?EtYz?#qfm+V&#s%nbw8G%XB^N7LGa2miibuX0M(HuXjg+JzH#>H9)qG(K8)Z$7
zE}qpdCO6x;=(Zj1v(>mD%}S06(Q4PL^sFzs(KR|?1l}Yn&zk-b3OZ8PT;qDX`>%jU
zR<`vyCDXmCflz%HMdOp`w@GhI+b$N<ZR_;tWWa`@i;sMk5jKm}M4F3Y{8&<E_hFUh
zuc_A=hc%yno{jc=jOuEtK<l9JInUEe;a%XuC4q5<&-MG=!ae-h_Fh^&fj`VPMGNNV
zudIQj#Ng4QIA=6s`{fRv8o7{Wi@g!=6|ls?6kfrv58zKvx6A>W&rUiEQ1exLG<dXF
zn-d4CuC|$nw%)1yegHT5&GQpKOAWi(9LxIcCpC6Ab5>-XQ3iLb9k36ll$yd+7JK&|
zlCIkF_d<tOrka)7F|+7gLg{d;`B1%-p6##?a=mwO$Okz(MZ2`;_N=t(Xsu5kA~bm5
zyguzxH^)=|HfeR^tad@uA><;ddGM#VoUXCc9fR*&Z<gz9HRsZ3+^~M1=AoG)Z$@h4
z_|b?$ZM}2>Kt``-`+sG{o9ATj?#v_3SV4iWsv=%Y-gK@ZZ6;$~48j+g2iX0~V$$sA
z(Kq4y+#_tK*G+E5!V|HP7Bgq@Bi^Z2|DcP1DD0n>_Bot)xq|1W3@eoDYcf)s)7Nmj
zCD_IeM>{8N@NC~kZvXdsqNeflh^4mQyHL%9douB6Nv&~QdJeRMT-J*`FJ4X^EM|H4
zpH?}gtVKm33tLFgDYEUR!wqd;(W%&iBJH#r7?sj)pc&l^){|;cO;#8?(WF9Zo*hx=
zsZpS9hiiE;IAwP(#OQmtaq-F=2m=J;U+o;;GF%`ap4i&hI&VQ8%I5*PEdebYT$XWg
z^a|3^R%!=KIP1qIL+@NxEh8WwX#4h2;|57~gf?Owep;yYGEaOfoW#v`#xFgj=iiib
z<%Qk@mdJw9QcP%J->ZbVCQ{*H@7S8;CuXl0RbIax;e9)(Ap7#6T;w<5zCqjK+JDg_
zgvIZ}`$rv<DJjFP?6%;g?;|d2XXH``X#qaP$5=7Oz7+bi>=>PlguQ<Z-S&eHJdJ6e
z6$$2_r5<x5e0B`&n(H6X+i0R>OfKqN?>nxW{X|wjXCEkWt+%f|(!5V<#8zE2eP5S{
zmbPHI@`K?wy7D!hADSVQ9H*w_w*?m-)8!dk(Cgj(&VI2p^g%j9{XY2zx>s|Nw1wtE
z=~EiylcxlIzh?_fycR#m$Bzn3-rTLuIpiUt3<@vWCMUn;BsX3~K3<+BqbopLwMW`s
z-Nr}6d$&}~{DVQfY%hc1gYdJSzzUX`<C~?mUh)qF`e)2mg`9*~iNVY?yeyvS3L9B|
z;<-zgH?S8dIP^7|l$8=)BBG}q-a|g1?e$*s(|bgTMXd{6;bDt#rSzNPR6S1X674bC
z;N!xdW|a-BC62F!>R40%cT3!+&7Yir4*@OGT#jDq!??W0ZSlHY76`z5Rt39(tS$iL
zZ0&kXSdiXq?er;>XP^k?zTr4~Jks<|YHRO%4u{l)<dV4Hg1D%3ps%d?W~o%-fUSm2
zR@1^*U<VP1`ySEs?oG6&pyz%(oxFRB{izLbdzgcTt~jd+dNbWmu`DL`UvldRbQ_a%
z+W%Bt{+&+_kuNqT4B0k*U>}>K*X|y5QvA{)8}O_m^4-I~1-4dZ-)&V<Mkb;w(*mMn
z^#X6Js-YW3h`Uo|>m1U+5B*QQXI`OAT(Ldw(P*mg82iJBA1_@<sK$~`@SYZDfB3aa
zB6Xxc-h1<viPB7AlrHkI?DQ8!d{2vWc{0_nPGKXH8mFooM9kkd+es>-hzR?LthTlX
zVkn8{@Q-whU1PgF4`w<O*mteHb6~bcXPV!YyLj&{5!X4aFt9{~_4m!h#9H2)(=%LL
zoLv-ppxyn|FYsj{iSCDe<5@^x&$QkBRU5m_VN=KxrwBs%5ozv|BXBhQ_M+UQ#r00M
zipdxM<H~+SAco)RD_m(4g-WOW8|S-bX`f8bDqGGk-_iEa0MBkG5Xut-6u(2yJhCH1
zy@Yvb0%n!pdXyDXPM?S_^uGO<MZMlhyP4p7aLd&z)cKktCj%4^$+(g3edjib6eEtT
zd6d25;n>sa$DDc?i{1-XZ*$tj`~1QZw3NEMcHPI-WhD^X43g#xCAneRXrojToaGlm
zs}3$dJ-5$Ehutop+{i}#Dtmr?uRnPe<&XXo-O)~B?Ab=0^rzkOF}X;HqM*_-Ox1J0
zn%E}7zwkTKcRx7sXvRe#$4`~Eq6HhIubO5Q_WGNXAgo|2IuY^t?Ush~1Kmj?)~5<H
zR8KycNY#c)(-N!58|-`*q`Ff7oBAfa!})#eunslN&L^!5N(=e1WqrkT)=E#>*XjDN
zq{be{16xlTl>1ZiG*&2Cg=`CGRG6gCjUNR?@G*7)r1AmOZ_r6UV@SHx1sk1E?R6aj
z8<OPzj0$|i_<yC^bL{Ui?Hw^3?JdmFaZDs8p}%~jV^Y+Rr73G2S{Mp!K5MR~NO)h}
zxE+~x_Sagbm^=(U`&%S;e_h<jo-T^N+B`VgqB&m8HR6MufLvjNr3v~J{0a+l<J<yV
zg|Ii+Z6PfDB`~`Qq+Nqpuq?vVAf1NSr%=21TTu86b@4SzNk8y^LsB~2l?h-4EZp_v
z06^;B0Nj%SW3~T(x;qw5a|o!J-=guKA(bRLw#R>YO;lD(?4Ne~iw4oaT5}=Mkk+l^
zWS|>=I-T%#@CpzT5yu0%y0!#R)ahG1F!wXX9q4o}@Z*EAPuld2Qa&J`ZXrtP?6t(7
zr4Rp|l=lP>FL$mW_L2Vw{4Tv1Mdffe6LK?9RblS6=I~Of6(o2hLjsT*Kmp}vKyuy8
z4S+m4u92`61sXUZQk#jR4#x-?R&0XIXQ1Dxhz1sb^h_L7&*if{0RE{uOaNB{vj>0>
z4$waUWVX3qlR(sp$L{<Q`TaUg4g1i4E{b-SB1h>gZ1;h5au4nL6X~?31vTkI&K$QV
zd{J3hYVx;MPT{it)A4Ty_W=7!+M;U~+hQ#6W}v9@q&*<u{R6d7BiG(LP2L-9cc`EH
zY8BAlb(2BKcIfJzBt}*KXF?jUu^%Qvyid4&KQ$Ho2=evSX}WmTzTkMTqpftTv`=HT
zty43JO|A!fj)Do%Ox}ytD#;+I$#|;#{80yiP#(bStrl37;=UI!zSbcnzo-2KR_a7U
zMzk>!Dn_p~vjIGf#9|BqO|p5LbF~!$oog9zQ)KSV^HIWOyADc=Az8TgEODj~+hn-;
zX(bHm3fi89xv@0#%+}Ujl|wH@XP{?Ib=x!rwF~|pzFAvHge{?4*>ZY6p8|*zs_oJz
zu-M;3zIi@!;)-5So{F*`ME5@C-FjdreBp4!?lDhh5lcl99PMr*=}i|Xzp*dX!deKi
zO|b?s&MmOqPc*W9@<cZNcW9H`<Dkr%NBEUV@uxOF)#1onFV9HGM6%vaDDE1N;!dQZ
z!yUdcP>`-Fiu;ncUN}76-H($2(1-#i8zX^S>C6GxJaV7;>3o2?J%aTvm^gnb<3E-|
zik`fLZKFGG<4n&foARwcz+aN>t<XIhP7D<^pbzi|92f9mX%tf@M~T|u3s+VMjx58!
zk64)%1Tr0{r_9lXH4@f+4?~@a9!A~SPZXoRv?o<Zb1<=IzM$MF=wNmJJszIh?3Mc<
zQ`F{ye<5{7;Nj|{*xLbSy5FjZETn?$n^{dX9&5|094ObO&vJ$q`LCy?7vC#;2#Axm
z)zx<`=&3v-mCUF2Fn=yq`BLG{L2ne0Z!ygRGrYlu0yC~7mp7o~nPdh49DTEioie_+
z9DaQ!eucZMe3ikm?VEIsR_8QnjUn+O|JcFBNqL)lmFdr8&ljfc1NPJ;3}bWYUn$2;
zKB>~4j1di!deXq(PyhEQv@nY7KaG=rYDz=owfzN&${qFn>%lfN0(~`_sZ&v;iE08~
zexd$#xdr5DHs2o{*lTBwQMAYfeIw)kovNH?OwaX_<K*3!#9*FZ*0*~*dsAO;cbgZ9
zk-a5M_3k|$_f8e!x}O%LHu;*E>T6zL6Z}EI;jRCk>Ph}=?T&9266rCCsnk#?tz{zI
z<N<3M(r2$M#i1AfbG{GdRj|~eH=QFly&E)p<|bs#Vsz|8LONq7auRbD@)kxq<}>u{
z_J%(=?hnO#r46J+TkDYe>AY~PbsCpd4!NCtKCZ|RCC40mS3Bz5>lJH5&y2#<%tOA%
zT6BHJpXyL{Pc2@<J`I}^>qjTaNtfLC;>EwGCaEr|m9p-&msC&Yu3vu`?s%BEPIpRs
zJ6U4>o(bLU<mV-0(Gx}HQ8?lfJ5+DvPn^&f#4U+Pj#qB)9iNvWy`#i5tHFvN=)`Z|
z;xTjOzsKXeE-W?k$}hyNF7-c+v*QXw#g`X8H=OR7w735Ifj~!}tx%cw)V8Scl@!+8
zE0dndQ~Z&kL_y>6VSw=H@1KN-yAW;$>*tw_cf$eWYTqky3xaTVh2oDVVJf9`73{`e
zK%0Yv2Spy?rB2UDkIKxx8ePiecze$tx8J=rWv_M2Uzw4nUPa2S=$3w?;A~;?9Hzoa
zTKfz}8;LDFG*^FnpYoG#dIf02>broIzi)2NhPiF%VXa!9ZGRwQvGo3ChK-SR#UaeO
zDfG@5rSxEkqW6y<pFU;RNv4gMZrcShZ!mfUiMc+`(WPM$v3mGvW=x^;CSSB`t}Zra
z9xfE9%6=F~5VjV1vU?Po{4!A}Y}xXn*A}?*u;{OF`~2dK-A~UK!XZq2uD9V<U*kwD
zKtNgLjB70x9IYCG)w&_M@v#2*lKj`X&lTs5jY>;P&p3mZm))F=Ge)nHB!iZx!X8-u
zqOf0{n_W~6q>PDKOmAjn^p^APi{;MG>FRy1#{c1WR!`3*(Z&7yDzx_-(LFtTdwYG~
zT|SPg3dT~29QB5pX#arP8~syf|E54HLNc=<a4r8$o$<CSl3e#$nZpB%a5o!1qdbw<
zdz_VdeNk!kW>$TxXElkLoUb46U&+mo(PYeQEO)cR3dMuujLH7EtA8VZ&;LuSSKQp=
zzvZ1&4F*!CKT?T;(X8)1%LT$;`?3)nK61Wa`g&Ir@&!XvTRdV^Pi3NCH^z5AB#6D=
z??hMhA5~(;M>d&U7vyeXs76K7MU34LviE#yC{)_W_fz_F-M<3iwKVbQGykl2NT*or
z%9_khHHjhH)1?Z-Vk4st%EFJ0hJ#8EUQjxwS+FcTSg;chGQrC`&)*Z?mox9YlG|M%
zzrA1FV2n={t~8cZs>sUZ<8bn2gI2U9w4rUEzYz0sNF8jMbejj6;RkMb1Q!%!f}+h@
z;(0kieXlhZNX}S3I!7z6c2X17-!;?Kx<g{VrbFCn2igkjpwv5$j-(Id&nt!OeS7yu
zMI-GU(-L1F{O#t4lf(;uF`7s@$IiR>`l@$1vSyP_x1-9!pe3cuj-pc#W3z+L=C!LL
zySwuR_rFl3Be+V^NzApmq`Mu^zyIkr=sOyGujZ}OMKWS*PVUsn@qeoOQ-Hm`m}L2F
z`Q>lL{c~YCou4LNzrios>qLzH)2+CL)C!^GD=~NMd{Avj#Sbe!?c6DOJA!es_Vil4
zJL*9n=(t=dr2x-TpVX9p2}<B{W+u@mp*;#_=>HocHxf$mxsGUeULew=pDA+eKh{{)
zdFK0`FB-LmMY4ngFmf-9jC<397=>v$`Z&EeLYvm>V$6ER9WZqdQE2*=GO%IzbfOI{
zOv9|t9A40Gsw~?0tLyhuiWrpG&mv`EV^CkBc+dws;%$l;y&qKOIc5%>oE2ZA|FP~9
z*zKN>@)s6fSl_l)dzIs<Oy4`ct&;X<&4+^T9;B+cz2R?R1;x)d4=hrpqY^d4<JBCr
zQj~V<)DLLI+5CBj<T`^5=QyL0p3|I#<Z@=drm?r9LUA=F^xJ=oYCM+$&TRNvL39)(
ze@-ZSG=^vuI3md2IEwe*diSjT-C2mJz)Yu%ld$yuylCeW`)4jkf|4JGc`iDBDDn;E
z#%)gP`#yk9W_>7q^lsTQNb}n*QXIzYQ9fkK?)6a1M0N2%M@9W~`(hRG93Lamt?2d+
zX;%5&0MHobduv3=7gqmt`!p*ZJLZp^(|@QFeyZF}G!F3cesq;umt<QcJzFF*bKgJk
zJoi1vqrrtpb!myH+eQk!HDtG6*(lgY=~|VO1dLQLbxDVq>0-*I!SoXe)TO+vuj?KN
zcf=q5%$Py{{jC6TZ5j*cm8zV6976R@;wNU8?&NRrxKGOX*=sI;UdFP>M-&ZK9yl{y
z-a-vK$)C5^&Ad*#b_0ANc?iZ!3>m?2-&{Iuk4q`gu3K}<@3k3CDmPPW?|g?&Wc#}E
z-<mJ#qn##0dpd#)=_Qd<Ff9SbruS7LzFNZ=PEvDUHi>)h$;s@kmA+L!kA3r@X(BW>
zZkp&Y^S_Ke-C2qs_a2x(rACo}rTzZB`k7B+K$epv{fTksR5sY|&GV^O&s`pWfMIF^
zq@UzJ;jvx%m#xRgXXkQw@1E@h`3u|67kydHVn0otj+p{9{uS_dZ`UW1R?X;U8Y0cg
zYNRD+l<49Q+2eovy2e&cs|kMH)M=paNfLC}IHt6U;SA8%Rs8$I>s@!Nx%usw_yiN4
zJ8vSmd#uM_pE9v~H=&8Wge6V6ztU%9P5r5tTu!J|eMdA?<awWxYfgXt*4IJ`vU*MD
zTk)T?)3A{$keM;{zpY>MTeV+AL&U4-pNeCWdr#IQ-AlJf4cZn&@rv)n72{)B!;Q?!
zh*QZ}L1fu$+ILM~$LAH&oy|OYQt{COZdM?>VMuFYJqI5reWxd<=FtA4$N%fdgTSU|
zt1@{m;IS6HO6V8*__V)d#PNz#mUO{~@^9?^P&ktu83w~VTokv)c|Qt$>07l|FTG{2
zlFI*A#*j{3jBbVrQvC4WvtBM!uY~_Roq1f%J}KJ1B7MMfVB4=K)QG7ux%s`kM680Q
z{>V^@I=JZb`kPj0GNiucVK5`hvA-PRKP;n2RHO;g6%QJ&WOYpYYFs7YG4SgBL_@$H
zrx;ak!mZ~4sHxd*i|2(ryk$$du*S;bUmx=iD>cTqUKDShkO&XA8cNR^506=7Dwy0o
zk;^fE{TTJ@t-YjBlRax~=a7!yr#avTpDcmnv;^X6#m<1zsOh5{r*?DvfJYw!$sNU2
zLH;`PfHJYc;azF|JpK|8peBHyRRU;qj&AT`WDj_B3+L;9`&qCqR4IDA@6RZmilxp<
z=)FVR{I7>Q`9&=C!7XA##<<*r6wJ3(BLndYZuoAXzZRRdeYCw?>AjJp+=ttDB}|zg
z&Ji(;mb~sLAf5cvoU2&Cc>pJS-6l1sq&G*w8M+4>XpXOBOXa7fiPkYHY`*(RWyU#|
z)Wb^2Ao!fNPp~F^J>rS_cQ7Ndy@u$h`WMf7<16CB;;DF@oVEi0zeKL|R6h>esox&u
zF+VA@+KA14z&+|4_$wxSE&pCqtQY0Kg%^(WGb(FoCRu0P#b)EjFaAdS<Y=!o(9p8L
znyjY0*XexuM)qNBe>;)vhM63%dQx+^9$ag1YFeMzkR9_uZ?O;Y<-YMqUuVu=;)H}k
zf0Mju+~25s6TJ~)U!{7STJQF4hC1JRnak?MI<X{N33fr6St<PvG5+_ayP)`M$CH;H
zx-aBj7Jhy2mO0}g_jWNn@|;<Fj8yII3+>>T*=H$V)IU)b7v%h~mW0#MC9`<W@6))v
z3Yq<3^>Wqh6A{U|!EGPu1`<CF7gKm*Hsv+z)LJB`O0=!?8uG-$nfQPm$+#!tMt=*Z
zKvuV0GhnA((d5yHZw&wD##7PDK9_HQ8&g&t$W(woAW^mcCox<5mb;9`Vv|P9+|A3z
zcJrs0|7*6!N_pky8QgB7il%!n`{Zb-?T6fS8JeB3jWv@=BgzAm-Fdh3EZjdIvmWY8
zR$YdZE6_eOC{;Liq63TG(bVySkT|Y1fPOfbrH4My%t)6b8ogHcC*rmbpR042xDf?+
zj@J8<>L|9#_yRnZXpO?(yUO$3jx>$=WO^{Ap=uwUHQ<#(!BO;VXE*vLKB`yu4gK)s
zV|)vm_h)J9)<f^?>6!a7$0lD2f5wC;DeAFmWhvKz{#*E%EZa|sG__$q9xK_73Qe5h
zmveT0snk?ed~Nehk(S&>K1WacBEB_x|JU?=Z{zr3+2Jn~l4YyE?lKGAk0bKtZ)iVf
z@7c-Sn{7WN(WDwJ>s`916kX9k9sH0^>^A-Jt+6L>z8HTU|H#`DlGNh(sciH~CTw(H
zY{@c^apa4|-Dn<rKCwm9s!Kza;iJ2B%t;JhSsmNc!wvk&vx)a9Gu1c`KlVuTAlT#O
z5Q)s_w2@a=dUpFv;nbcZrDMUnL-*|!hTbHKNrsG9wa4>I*o7u~NUJ}t`Tic#`<#+E
zh>}gl08g2(*F-k*RBXA^tzDd5i6(~R<8y^3bJY@S`uL`au1S@-L8s5(j)_F6Nd)?1
zkQqe5oIgc^e<q926$HtBili4M)9H(?BN15@a7%+c*_;>OO!n$|KpoPU#en3l`^bI4
z{T%IQV5&i$wx6E9pqIY6JC&A1_yxQ&22xxLJTKIGZjRb6-9WjmwVqZrz}r(~0f2kZ
zKpFrY2H<XYEA**u+0<QIHgkiI6^$M0dX0xB10i*<f42L>%%6V0HMy=MXy#p$*cE)C
zoA^3g@$1QH>QLrpB=)K6@6ef_Z^sVan=6mzjDA%YNv(?|bKh4{I=!O!Jo?z*LWJ7R
zK8FzV{_D}?zNn+c_vbPRL>lKG-!L9X<$Sl#*uLabI+K@PS>hYz990^wx62<NFzJYJ
zeQ-bFp>CvlGQH3ZV_ecb*~gQ5A-}2c;>9k%wTd3kKR;BSvdieZ$6V$4C(b7IqnuFF
zds`ibop`R;_uPpSPM9^Gv=uaaoc&_?oypvTZ_^nmx$MfreE%v!*z(^qCHNP|o4#Tz
z+7g<4(is-?K%+?1*stiP`dD#X2|X<(^_MDvK&p6(%cb<jUt`Y_WrH|-4F3$X%2;YX
ztm<%<J~<M!I98n(zpoMY@v0}afEoID;mIRw|3ez9G?QPNAN#@+i3_$)cc0lBlkP}&
zF4`EyS%{e#eaIP?Sev-@(*A=)B<t;__UFQOI?o>oFhAcc4528Rs8N}JV{t3}{lH{w
zw>A536BPr$)PI(2=4vH;SDR|zhwLlLGqqzn4|0lsGkgguGMI~a@uBn=i~5=1uX{-P
zgj?-_d?Aiu^LE6tIW_NcL-)?tBuYGGM#;|KK2fsv<B8Ol6CaB{j8=A5t6LM0j`LQK
zRMBt@p1m7t#qsJ}?%K;sm6k^ZPvS3Sw9_2kTl?$9<R_9*KGUR7sWQHADH=bnv2dxB
zN<`dgJRV}D6sq{Cv#{6SHzeY{7DrxYR-=%KgQ-x=_(!pUmLB`DN*A&73Atce(MT)!
z<d17IB9|MDA9~(x>zeyz#AXh=HS$dn&ctU8v9G2atx^rcPWkee<$?$36=EHlEHX&8
zpIIuGvtkvabLll?S5%ZHVv83p|HL2Px*soDMLIBdAu;%Ko4%}uwyvwcZ?$mz25I9o
zAs#5QYKJ_Gz{DHP-o2&@?MJVSa|h|k-}^~_#6Z8SNG6g{9+0^?v=WfTSNNIXM&~iU
z!+2s5G&ReJy7$=a^9NMBMb*Q7N{ZOTwiUvPn$`F3@kU`S#Vevyi%)jrsNEp}*#?Z>
zI4^nk(Eh@e@mqE-j|CTGLz_b7y_@UNu9QK9cM^i4kHU_;Zxf$C&o<tD5&KFy08cHg
z#ok8g7oWgw;OkpcQeH-c=L>;(J6i2HqPDs7%?6FYsy-g<6>q8H$GzWLY4QCzYAatM
z@a^sGqZXbP)sp2V8S6&N)cbzUkP0L;k=-^}7EBOc4SpFDmTgSGb^J%i)th%EYf5NI
zJn-(kpv2u_ws*N?>vlvgRa9L%T;Vn*=?^&r;q|dy+}d922EJo6cRvtO-_AQutPE!U
zlx;p=DodGLq|Gy^HZe7|GBv{-Bc-RG{COT|xCEi32C#sfo&gqEOtU4xqfU$G0UI<t
z?WX-5DEZ%8P|>de^YiNY5}RcBi-T@k4$Xshm5M}Yl6|bAFTw~Kjzw>OW4`YDYX9Xy
zf_&6&pS1C#c>WF_3JrRM;#rQ|UH70H!;z4X{*Hnct@Lf}EzOUCtl$~h9I2_!_lz85
zwFwPO_A~U!11g!?r&m8iu^vgKlcj-28A14|rYEUitQBgw@eLpLX&!nF3R<;%c!W0{
z!-nfh?HXBaI<d2sYH2EQH|yUPvIz>8H9319Jw`Ji`EYpa-yPYfR1(jHY2}JughVCd
zb0w`mhpNPjagpUZ2u);+5q-D5o5Mi-;r5$E2Bt{kfwB8TJiF{vcZ1hD&gDMB)vJ#i
z3JW!!M>Y8#lbZh%GqYGX^)s+K=|YRf^W}#7Q^_4`s`5d<KH^+XQRm!j6*o2Re-r4d
zp5)c}dTP})-b*IwdS6oq6394&vejk`wW&gXxuYIcyQG|Yh-c@h{eGV_n?dcBU?JPv
zo`axw#Y2KQyiduOW_y*jhv)N@j~g!E)|@^_tNAY`PD19MP$$3Y>r{{bU=qLm<zhgz
zNqmb1A88WD@1?z+Tl%td>GKdnCalsE7GEr=$Ii7u{&3QqK=#2t`EZDT_$yyPT8zW|
z{cYpzaF&R!!!yN9^4gY%(j=zk0j>KKFBx{bQ0KAluVqh|p5?!zyci*GxqTm5dm^pb
z-2(Wpe@X4W=kFi)Jh~4>q&z`JVQcuOHz#$;AG7H!@M=9tnOD!C`tx)b{}kVhwskDS
zyUc<g2MZwzUwRThM!1qSo4n5x?0_r3{}>S-ul2HT{)-vq@FWrVcsWb5PLTc$$LANV
z|3p2VpZ%cu7fBvsXU)P%rK1EAQaXKAq??pj_`Nh`Kit*1eaYNi?JvbqrKBLZ=h*X0
z1Zn4yyYhj-k6CdaC9pfTCH7?2dGJmdti_Zg?f1Xtz~i4nw;`(`+$SCWQZZj`wwXJs
zUtJHUyc^`@QFpo<+Kx!>&9aZ&CyrJ}E0<vZQOw`zs-g}zXL&FvCHKZ6jk;SQW`kJb
zTkbp!{rqv!oB2Dop_2*r`(<WSBl=X|a&Cu0xZInf_g=EBbIOX{k+jIXFs54h!B?tC
zT6#GqNBX20M$&zB_OjnM!vt^W61lu1Upf3VXhm?Ka9X+Wd4A}--xkAVJS8e3M(=pD
zXzs9c``mZwVNP`pdj?6m<(J0hGHBVDo3;opPG~xuw=1|&W;)OqAn?u;-*lS(hXb0n
zHFxk}q;9&dE&7I<M_*8|0xKKv*wGjM$Nlpt-!+cx8VKL{hiF@lgIaY*YFT=F-vI9s
zxUfM>w`e;!hAR#Y!7kk4vAP_3s}aVehZ%P~{wvaYad24#X~Sg1%_7c^V-2(n(IfDz
zlwX$$C-Am!@WXElPOv5v>Ba0HN!~rrm2@eWUYo5Q6s~?Uu4y9@$Lu?+ih8<`I2#9A
zZ;q368tnkNNjYVoRCAPHYVG8Y>Ueg!fDyig`8WeYXi*f5#j}$}6%E>10>ius5Z-1>
zq)QgAr`n}4HyaG#ca|<scG}RjF#J(ck!0p2f%Fdgsrx&z{jPju`Sl8Jqyb$VP!I7A
zIyp~!Y<Lpc`fI4f@Z#?ep7|={&QJ|Q&rW5LT453JRV#u$9|fQQso(fhMrM1loo1GW
zy7da4Z{M;#&Ub8iT3vi@IEVBg!xq&nc7soS)ke2cz-{=@We|4#JcdsH_?m6ye5(Bd
z?l%t+&pNB&7j_%2os|NV&6b;7+1S{)G<`N05tkcyu+QGxULRrCopE_4G%k#VFk}hx
zo)~w9NZ|3vb1j&*)443XWe+6$5$tskS?-Ry3!KD3uP55Vs6d3n-d22FN~_~_dE7a|
zv6E6Be1745^oy{co~0T)cQ>e!bNc+0+HYq&-QnHdA2!WW(e(-u{Lu^OJao`CNXu`v
zYS7SGZM2^w+vi*sa9f=Fh|dm#siL5OwQ>h6qjjB>SAp4gM-3u{94ChZTRY_;{I;_M
zd<)=xc@zgA!9bJIMi2tK+H{tEwd`8Y?6FSFa-BnfXRE*DKwM2%L&Q-1`C6sgz&<L*
z_g!ZHf%sMuk=ANpvnKu&rs}sNj_};g4T}}qPAwd4^Ti$7e#l)JwT2Ur_Tuis!Xf}+
z3w60M%>}#MN#TL}SdJP)FGre!O#5-*^MAP}N0lrr1hB~Rc|9C|7)Z|JF`giAh)IZ}
z00a4$Hq0Eba-7&sItzy4U9!$He$@M#0NK!oqZW{c(}8U8V<?UddMUGkbojN@jG^g$
zde%~og1+;_Y4c+zj$=#mU;wH*H)f|y+i4WdS(Bpl64tODnf%!BynGQv=s3T~*MKhh
zVm?3aB^*NNz|bxjwCK=#6AD6O@IheEGmzhQBp1BCyx95@#e(nRXv4=qp0=6Dt_D^{
zM34hJ9bg;(NnYQ*&vam)6CKM;*G2n!S6A0=lS)vT*H#pOXm0blQsZED?eb)N1Zpft
z{(*tccRp{(yTRIOZZx1myHXIIi`qL^7oaxd(cVtFrQbeo!^3;xa7RK4_=)(*gt)uk
zQ5=TZ<Gi11F)m#Jzu5QrGz>w=AP@*bL0Sc)Vmp!`V3{qhK&o{^6^gq=GoloPLS!Pk
zM&Vb}u$6gF9woI+U*6q!`<L}#$J54?3w!Tnq#t@Rn{a;A4B!X2;tt;J=ViG7r-S04
zMx+bq-G+no#3+@77qVFe2iJI>KnKUy!OZtnJobwrK8MhwtB&NZ_QoArcLb&cglgWj
zAKzZvA?zHZ2s{7SMkO|)f$#&*%e63K5Ky1(pzFJbV)i{3;)P<1?d{XcnZ1n8z|b?v
z%caYHRl;Ee2ak^+2D^Ool4qJ}buyL8hM;yEj5Y?yg$X2_TjfZy0Cp;5({5grKZ94G
zWh-`$x&^>PfnHFX>%!x!&skscc=d3o!+OF29tGO};Z5a3n8ejBK{uUxRez&^_N^2E
z$(D`n8R6jPTEUc|e9qE2G93Tef>K(qn-EJ4b;xj$Oz)#cm?0d%fdJ2q6A0)q8@exb
zHY5P}%{1;vU9=NZ`)sUh9n81lR<a3S;V5`>c{8$;g>dYm*>aEs^Vu3SbesNy--rVd
zsvz*=%j_k0gfGN<aWU%}2@&qyaA$V8v@Bw2g>E)+)o3y7WSsS-P-S@@gt8do^qsrJ
zZZ3qZqkxSCTj)hHUF&+lV=BZ~=z$1$%t?E8`DU&C;-YfH)~k*?EdR4P4Q$t!s#4-_
z@w=nCrj>Vqmh7h|Qy_xV#>lAO2A3rSITriwpfDXGMVK=MU#`=!_{|w-&tc~~p%Mny
zi;;t1xc!AebC`<6)jqP87x8^EGtQpyuRf`x1GQX($y#o92M#WPzM-YFND+gJEKJKz
z80dN}fssH+f<f^WG+Z~!=Vh(F&@;RYq-!70Uz|(5Jf9=Y#x0#A4KYp2&7kj-$|AlD
zAgBuba5{`-hO~6+H?J>3Lsjx(8s;`^#k3>krnX28AR?>D^Ksc;2h|AiLjx25=SGR|
ztz_d5Eb9?|%QseZ&%Fn*^a8H3m+>cu5a{A!dE<84G{Os2??)=JRaXx`AJ6tX@^)Xo
zm>>1A5cTNCZ~#bdh}hFHUu1HTs`yojC2*DvEV*?aaj@V=rKO<%lu=&S14W=p`(9N)
z@$09~T_O%}d}>tNjRn9MNS?#p5e7cj3EBG2{V!77m53Rxs(6=btS5;P4aivW{l&#m
zJU$Ne%jT+I6614ph4faH&~08<=7p}_VevZ&?Gm~(3#?H$Yk?Q8VZ5zpMK`&wjb;RH
z1qQrEG~nPa)P9H9$B*IIEnW><!1pj=9F4A(XF5SNLmE~C7gxl6k=*r9o#tlSfFo~l
zUO#Lt3r^bvr=wS2=8ODK)#p@(4!nez#T??`qLfPqS*l06n9ak-$|=4)-cTYbUa#>j
zMlb1LD+Ew<#|`R;L9s|-7UH1iOE)Up)&{PCc-v_btmP~dMe<eZxP2Z9y^Rjv0Rh-q
zLvQXk?^*pJe#XmsP>*NW-Iyy5ht}&N(B<E&c_E1BAmOZSN@k_iq<j7c#NHlzH8Pu3
zVY@RZ{*Gr_cf}36l_E(vt_)Zon*@8>s;;K7w4F3kn@z8*M3uK)b$CM-aI1{C5ph(@
zY#Vx|W0G(I_C`gtTp6I6530mjhHCdf-kTkFU~R^`H$KSs`g2jbVV&jiKri$>pRVn)
z51w`Ln_CNhP|Pvv1>P)V0~@s*_wB8|;I(VrIE~_I!oW@-a*K7cv-<dLUoiG~+ufkj
zZ+q7?4nHo5S&~BUrB8xx8KMEr45|zg&5ja7>_8_q=$Z}XwWh`kogZw&EFUl-Brqe@
z<lfnS-Q)7tC}K<S<we$wKaK<g=PT6uzJzR$-$n_z+8FZ<-XxD5vh<so#mv!Q6AVV7
z2bH~qvnFKQ^(@NG2h)sL_PEIQ!v#@ipALZhPF+BQs>)1l>wonebP#iM9_tYt<pzwG
z)6kWP$JaCUXaXXLuI(^cFBbl1hb_g=>iD=G1QK&Yc=O<wSG-4B_p9cR!1r(4M{$|J
zF)wPNdPk@z>+~pY36pO>>UrAFfr0~s*kXCjQjgUeEm2G!UF+`UMjS6~RK?^!!^ZtT
zZ2$WcZ>@N|%kjl<ixXUd^IAL}X6Jca2t(jeP;AFGOzLWj7lPHhD&S&-wC#a`ld_F+
zubtRAa>J{eVDeyPL@&Dux2=`ov_1|}M6|G7@29ld0j6;Lt)Z^B@+|m1wz#F^COyz`
z0CkHS4oxm1DddA^1ALsz2)p@gozQEvIE(j4WdBf!-)T3;OES27aUoMZ+McCh^Tj*_
z-+RV#gzdudqC8eA?O|{XNK=36tP_U<I@#iUb|bk6m&cu8QB?nRBn=Ta5z9MtI!bJB
zD8C%HGPvT@2`8M)nzF#n*4N1m9r0-aF!<KL*fH<X1;0^w5T@%f5;k`-h5%m-)EoMo
zfMV@&3-^GN&@dLMonsML%lQah+i}PbZWhtZYxG(eLeQ!E$4;vsYNhqZj~|UoMI+ed
zW}b5I^|<=B^=Yl8_{-%p&Fek7`b^2I{KXaAN-Q;0^tke|Fodwym2}c?n$>nT(b}7J
zl7>Qgs7#t?U+&67akb=z$3@gF+tVmrmwws@<_;}{D{)i<n}|^Do(zk%1Qw%(xM<~C
z0A?^{zxuM0QrtSM5PsKNHs|ClVuxTTbT?of1+n(T{Yas5c-p$PA<*lK@6bnE)-Q>n
z_iUxE*AO%#lEC#@Q6V#YBes6UBcDoQ-yXi;)|F1i1Hznu5QLATLfP5Z<9Y;n&z%y?
z6PC*XY8iL<rhzTlm4hcfALfm-1>wVPxH~oVaqIOE-~CQ+l+;t<)=q@a%<e8P^dt(?
zf?KxCc2UVe{$X3GL36_>4b?AKXu#LQ?)83{$gCN#zLf8^e0l334aYS?Osh<?39|<>
zxQr7bMzy~CK4}cO+J8}^Lg?$qws+==ED4k0(3y+i@)kJiCdtd=*DLPmgg;FIuu*W|
zcj#3;!<wTw&@9T&8?nqm3P*3k;AfdrV83(A{CZ3TvV7?a3wC37qoXt1y|Wx~eRy=p
zfpGqODaJvt+T@~MCX~<GiK5JVnQ>q&IP<N`#932p6AC-KbkVHZ4Qg<jEQF&LF>L~)
z6327>i&8+W>Y?bqGFSP{ZtkIh_-qUd2sAS=ls6k6pXbZTry&58JFths)p4*~5t!s#
zwkyh8y?K34Vc8U9pznL$Bk6Y5SKEVNugTv2{m;C()jOl?^7zZ1;Bw?mP>WmyyAZ^A
znykRNd{>uoP@Gzo*F_lUB;s&K1P@m|3@`Ux9EQPNy$1EN-A@X&&wvciLkt``6(geR
zyZ^U@a6E;`^4f_4F6VZ#Zd@%3)Q=#EX+8Y`_g<uX3H9&*-yE{CMR-~SE@+KVqfo*!
zX6bAqrR`j(Xj27#kVme{L1*BD+}({c>6u-JlZYLDhEfxb%O4&(JNGjw55w=sxuWS*
z<{D0t##YdoMU>g|iG=zjc^`_qyLyOs+u@yV!9~nhJ>3<<Bu%3YXdF{q;iLMtx{Xw%
z2nZEeiNA4eG_I~J_VCTzu=0Qx$DPemgajNJju|)6_O10K;-v6fiDri!E-|IW>@*`O
z?s|LR46@s_cAhU)qXJ(a1QSj<K)?QD@<lDSVbjHV8u3@iX<mJ=<wgJpM}dwm?bf#;
zv&Fbs_*D?fZ#8eR=Qi)IHva4^dkCU~-?lCPl|j*Vy~PV$4}n3aH__!<Wf_=YfS*A+
zi7?#+uD@mp$89*b&T_Y<BzHem=;@$p_I19k_Yq;g9(;KovtvoP-cg0%d^^>`B=K{u
zP_Hw<`^*(1iBEyx*V~p$K*#(K+@WW!T#sdBHYbu0xQm6dqS2ut|Dhb~S*QgPeAJ3r
zNryOy9}&3PuBJi2TG15>ZE(>+opIb<4R0dI!o*9Fs#n-%sqCh+p12mXt%m?^?^`-#
zAHF8Tg5Q;gwO#EOWxc~7QBoTXlb~y2BM=me1S2leCXHOc&_(h%=tX)Kbk6vKEyp4F
z!=x&H10695x)^6OG+J^$bALp=T#foEU(PZwa;mVbIsw8RZDr#+Kw$ymZG;OLu*rea
zzSxH@p8Lg1SQ1XNMV5}&$$_FZ*ZKqanIwnrJ`yIn7Ch>+Ef5E~I_p?{(d)N|PdRKk
zZH-&Lh^=P^UavCuw(L{0XsBM}<1kBJ$L(Sw244Ly00RjuZ`g7T+Y)U|R#w|_DZF)$
zo6hj^l+NKbtsXVhW%;4}Q#CCNwix6?R5usHh&ZnWz4*ZxpvElfI0FYRt6<lgRXD%P
zU$cK^yKlnpVmf5~!Jtny6t!Zi$q0fTyvY6!z8`HX1z>-jjo^0jVbJxcigCXKQx<WH
zVIqak(&4sXM}jF_vhXZ=w$!6@nFS8OSL%(sBjX^rYhHpxm9NJR2hY_huv}y6jhZ2b
zMfaFk+ApGG5Z4#E;Oq6dPAG2IHhQmP5CP!NvX(qnn^UqIfjwwhL(5J>KH<DP&i5cD
z*R|aX0UQRQe0Cz}z-OZyBc2Sw4b!Y$&@)h+{z;N52l$eA*S0%N2<q8e_#<}VbVO^U
zWn&gfY;KE^6wwDT5SmGrhK&wTD*>eixn62>Svhue+Aqwl+d1@h+(0n1VrP9&vEowq
zt7hro4YoUxTAA1FY@mBfSLZ;h@v1mT3|GxWCvg&Vt|~>Eoep7!Tw&a$zBDkSLwZ@f
zW;Ij+q!^bUu2&1u>iT^&OF(MLkC1X3H}dYZqMR*G!ujI&EOh-cW^sk@=7{kyOnC)&
zd=ryhZfJ-s#lzQRdzmmHnQ$-b)dG{ZrBuwK@t4yOO(xIDtC1UaauEa}#<U3R*zbe@
z5Wq4p3P;&CB7+Y_2$$|0g!2{niU&a%u1rce)5zXm@mw<Qf!&7QLwI1fFyLk1HE;LO
zzJ4tO_vH{veMX73%lc(uA1oUOA*UP;$e=t`(bUwwQtlVFQIH$<$2)-E3cQvHyAAUb
z^qSe5EuRBQ1oU97b!YX^%eV-UmCN6?Ai^39bh7uE2f#GLYyfm`J@gRm?t6l(H^5YN
zW&tx<w$jIT_b8Unnl|N+u4h(8=|-=S<GG)k2`87Za>98Obm@HTVZa^2l^Oe^UlQoQ
zuuLbf^)4aM=#g)C97`i~dRr^I4xrqLzCO!cM0tqyeai-}&2JJT?O4E#hO-0sc8#yw
z-tJuSIbu|WTU^1wxMjc+rMPO^)D%}{-h{3BT5|sDi@@9Y$Dg0~g+7S*6gczf$1jn7
zQ+|O=5t-*ETwuLsSZ(kP$y)6<*>8v314UNc)2{=^7E+$ez9P8$qS}6mD889S0lue5
z)gPFnX3Ubys3a!CWpv%@WM?HVh>qDxB65;6%hq!l-%;HWXZ8_Cz1ZYxJ3hZvxnZ9k
zz;N-Qyw>~X0r!4>sq#c9D(g>K+2kI&mYc0T!h`?H{IFnjhXVZM!sFuMO=7G0Ys=N4
zfjGmPn-YLmkep(Su)df(vL3;k&FOQUttv;_qNCenah?wLOU`VnHZzUb-j`>*g*vK4
zt<SvF+9@i}tiG5Thx~PKcDufGYHvX6i%ynL#4@q?o!b<tKv)({UW*CT<4X@WxNunI
z10ynulHoFD*+~^Cr<?^YNy~G}wZA<U+*q@ITbA2o_`^*+M;rX%TMK-P4L4*c8w5Sn
z9Y$kpr6zxC!K!=X^sX>~=wEpp_q2@4PyHo9Au9;%+n#i7=F~Ix)ASfshxwmLixLha
zF7;Y4U79cZBF(11)4s_drI<AZ(K7H<RS0^KVx|bUo`9>@Z*!c1Iw6y#?P5jGPgnLc
zw_OcVrMyf#r(9lXS?F79;A0xGTKwnsU@viN!`bi?ZxM)_fpwdkkIF*LcV9i3%*!;k
z#cz>Zd#)8=D<GquTtE=a)T|9_<nH)6--4$bz2`U0rT4}&4dUhi^*Kq*`u5yUYE2(I
zS=5Sb6}5%N#a+etlyx^p(cMvnZik!dC{71?b7-}F!OTXbQ&FpUBlzrRqK?vo0`b@A
zn?8e(I6t>>j_hcI1aHrOse_Vj8FQl(M<s3cQOr<6w<Yx2X%8#YSQb`}n~imF0owy^
z#z>to%wdTh%<vqBZ1>v1TeoV;KS?nVe^*Gni?oYb_<sOJK)Syg@V(~I{yBY{rnl|b
z@yHU>$J@6L;gctPJ<Pmx*HS)Z+mx0!Z(W_Ub?b^{OZ&W^TzB}ecMJD5`K9!g!s0(y
z)~OS|d}!>67g~H)T6(I*%2Gb;&5b3$U!8C<FYAxe$Wd9YU%%ZvuhXOjoN=f1FwnTU
z>L~-CzPx^(U%h&J{M&ciaD2qvxg&1g7&^b}`Y%3jW$Axo(ZW+xhYVS;XZOsFwWAtL
zxOsNjuOBX(aMm>L`xEu*)=j>!i_>xb{&U~2oc~_$CNFhd);4a$vuiHC{L<?`E?z(2
zl6mFes#Rj!7RD4@Js-VrVQNYAoH^rlH`~nJx^Bjdo=)eb()Z5%`?0W`!Ed&VPP6o!
z@_fme{?#(ynKB^t=MfE?_|JW09Uzr@&&}y~00<UYbt@0=o4cs*g322n)jczM13yxq
zSKxnP%e#-Y8uY`~Up1Bd@~$MG8W8)(>{@G0`iKKBPaZzo4~UD7=Zu;mL((^eh{LyU
z|L6APk$j)--9`7@-k-I-eAYibcFL3~tr|SF>!oiF&CD^GG;6-ATeokoUOK&g_=)cp
zrJYF>MgM1?9r=9S5wqWVtH!8ym8&=Y>L>W~?5<xQf27JIk4Brb=bmeErhb(wkH2S&
zUvOYh{wu3i7VXJ-=FvyrUlN*9rOD7vQ}_E%-!NhP_?azU%L3%}*_K<G^Adiaaq>OB
zeY@R#9;-HO`q8KAYl_#-NSPN9wA9~!uqJU_pUCNp-UeC%SfbaeKRI{VKdi}PXPlom
zufNrr{9>zp&4#Yq`^yZ&k9p!{2ly|(%ExQg49t16d-tnzY~hEBi#yNjT082@4@H#^
z7Vjt={K@GvKksipuW>-sg{eV}HvkRr<f%O~!?S0$$=eylM{X_dJ+9rp;^M)hqiXNo
zyZ6^4M`nLEB>q$5rmWXGcOEx-W85!|8vk*!>%{3{_L)alH4fR?EbP+M(??fd=(usi
zciHAOJDq{{W9?qtWO|#c{(cvo%{KZm&C<$1OFnmC#jdko9$d-~U-d?d9aUYc#%;K<
zZOYA~wZ?BOxp{FywQrA4+?8Fa>hQpxe|D)_<>{xNj%n5EnW0Z!EUY~I$dMyEcaN|R
zJ8`<>TVq{6zEv~BWFDE;?fZ!xMxM<1=JxZGuaD{6vHzJjHLHh|nx;>z`Dn!N6Z&;=
zJJ+mPGc9?3zwfL0`3>W)mAo-#dGbU}qkm<7VCgryd$WxEYmOF^KHMjaIXGm;p_w0^
zZNB1*W-XoO#^08nEneND;P4M0K5w+!F93pFzI?g9X?y3<V==|WfzxM9Djd4|RI?jb
z=Is9Q=8fFnPPGgS-1u3i2tU8^FJ{)S?SAdsEGyWqU%&qKrI56V(eJNV9@#17$rc3z
zPB$`jnRxEkZS@WwytSwLF-OO7m)?7~L%n9(f9i4Gxzm=mXz}8KPG{GW=i*WZ4cdF-
z!U^5rUrzTsw0mi0aieuN&hHpI_SxSeUti+iXj7$i;LK^6zx0zeYq~f37a%k6dc)+V
zz5V>aG{5b=`lO#<M8s!>gHyI1YgqHM&Yf?R6m?pdKH%4mx!r!;cK-a!l`Eb3l`ooj
zr1py!hJTawWv@zaB@D~B_WMs`FRW`?zkcoHHXBQ}7k&B8JKUyChgT1r(4o;Ik3QP;
zvDr7$-r1D3aModA)PlsE#lsTE9FG}Pdgz^R3@vL`oi{Jzg_!FfEIRj<3*fuv)5iwf
zxYBda)jr!6E_|*-$LkAc_noo!=Fn!J55AOiYsKMP{VI)bH+Rk8KN=p5o7R@QcIANG
zWHME${EqF_A8&TmKKaJY1BbgU${d<|-G6x7v4>K+Jvk$$;rdTMdcMb!qeoYYXXZDb
zytq$|Ha9-`ZPQx|(m&GwIr-GO#pjFrzcps{yHo0<&h7l(+7f5Ap|=Z80pVzP+e=s1
zPaSf(^XH?l-~9Ka+Bs7i0<AN)X6eP3_eRf}w5(CX>aVW7UTgXj*6G8)9=2_2bYen_
z=;*gE<{4(}`1r$<-)|KXPGueV$`8nv&(}GA@<`iFeM4^EH1Yh}{QMnnFWUZetyag5
z9^A3Ldj0wbJ5BBP(t$R?ndj4cd|7|VACtG57o^Ubzbhx8+43r<1N!FVbkIHX{>3fD
zyTjHvN{Utr%RYSqC@zyHuU@-$Qo*cVLCyXBkDXg_xLfW|a}P~-y!P6~_o4^xJUh)L
zh6CwcS2(8A)xlR@sro$7kHI-tQe}O{qiLy?woM5HEI7xSu>5Mj!|NLFFF0G2mXOfm
z#i(aSv~D&1<q?B4pDkSqWb&p4Lqb~h&w6bCX3Uv$XMboBYz~T_H{D`xbb8Zc-<f|H
z9~2hmG@GloKK%To{L9JqgZm=BsdD*D^#&8x4k<kL%esY{&0DtYTJcH0ro-aqG-}f1
z`&knP)T~?UsN>e3t6C0dF>U|5G4<9DUKu`pBG|Jp-oDm8Bct~8uZCIv`HCj>V8+)y
z?SB+r?p!+dF=6wyOWSH6_#!ajxi4qW_Ve>AZFACEcW-6C-*&bCdgv|jm$QRAt$3mJ
znzMUSH+H$@=-s>b_p{ne7&k65BH_%-DNU<&XjE%X&Ao@J?yGlt*W9L=i&vc-6Rf>`
zX{zp>-BY)kSFT(+bLPyGLx;BAHt9E@C|}GQoRy{hwozP7*ZE$1XT}Wt{P45Q_W;hG
z^6r~AkG$S?dBA}~hx&vSJ^td1v9%U;{OVtgJDom#dS~+%T=nw@pL1M2Kc(pMBa5H@
zw|V2c@9rqLQgvZ;u{}F`!IaWUfwhkuJ-T%8AD3ngy|r?2>bUw}04cw9!53pvRwUm3
z*1FWuaQT{6`8%F}>fGG8*S{F&$jke3%$RN8x4HdEw~XUQ<BTDP+PHMCpidfZs}y_W
ztKswJ&5JHBo-~l(S~P81moKX|IM;sptS4$$uNpU}OVLxNz3;r^y0Cw8&&=<4AL(6u
z^jALr%Gv$DIkJ}@sx{`DXM_7}%35+@h5z>x0?h5^&)plRduQ<N!ap)^UCME#w<+ko
zWBYG!JoUzf!|M}zXHV_AuypgddNDCE(F4wgH1B@kgJ;{_)(kT)YqIXv^w+MJF8jH3
zkYF8qU~TkoSJyw4VVVD7<)Y*%K=M9#a82%kW(ld419mQ{yb1_wO`9G&cI@Q_eWI(?
z>3_8JRCe}vtxQW^ipZ-UGiAzVaBKo}{k$)yMR#4Tw?55W-=IN*Pp|(Hl;HYg7*I~O
zO%0BYih8MW<2e^!n_Y8G7w3&;;W2AJnmxPsiUsFN9Mk^YVLuRK&-_%-zfIzY+y9IU
zbY)ii{p!_hv$;o)9@ax^UMWtw_{=~5nK$r!$mL6~HfU}AX><Kiqei`KZWP$;$J}$T
zrq&L6y>!Fa&nvy~<cV)5H|^7>&&S;s?M@n5>#a`~3Lk#{`GWbD&psW$_s3?t58UYZ
zv*Y<UHtzfRA40^^#fyI*QSI`SpygLDElpTi{A6fmVPWBrA^$%9=E<Uk?WS!xR&p_K
z)FVGf#TuqKSB{v|u)(b0;W3F%SAV2kyGQEO*=$}qN3-$iamKKs=JrD$bX|Dhi`@A2
zxs@la-2K?}Z5`(A-moF=k=J7v?CHL^&!PkC`!$<Cw_)``r6>O}X5Q^xQ!EjYkue2V
z&W>w-=*=->_T(4M99N60GbXtAsvq|3S!VrtDNx3WKAvi+UVQ}EivK7a*l)8TBQ~t)
z>>rm;RI64kK^xkz;n!b(ZLHJ!qtKdFYmAC39TTuWq*ELJM_zwrP2Q3P3$lj{S$C!I
z#B-x|SlSG}1}HM`>iOa*t9A066Yc8Wy8gn;HQv~$4+{Ep(IOyQ@7lHNyYIeRHZdfo
z`<9H1jB(?}fxef$-4jsaJEd2zZfvsgyH~SHdsU8#jvh05^!@_}faF^z@YRF`dnVWK
z*y?GZNo~Dl8X4E{$v0+<>X#iRX1(xL))GK7K!0z2?MM~>xkbGfja(hEW5<r)fBzj&
z<D*YCc(?Q9)a(?UU%P<GDKq2GojLRI#~+I>m&@VU=}ZyAR@e`J`q4)lN*sWcTDNWu
z{+-_W;OWsVKNzNuXx<#mXyP|nK=`lq)-(0%$K)?~y+fl7Sxf3ZZW+V}PVU$q{jBVD
z{<q&kijwE=Idy5lxpU{jinedvDvW=;{qY3tGe^(EpP*+nH?Cj5e&fc1efhJZ2Lb`*
zh@%CNzYKL&+Yh(?W5V_lN6M_$PxuX+H0d8j$uqO&#m}7+RlDHFX{#HzjVvxM1}9nE
zoSLowC^)ry-lg}sNgZ0e@Z_Wp5fKqT6nw9l^ixKq+mYM*O+C|m{^c2!OSjuKJHu~3
z6}-J9?sP`pD!>g}xe|N0NTxwQE-BZT&2!nj4b>w=j;-xeGPw3RcF~0+i8!5^A0U|c
z7>6y_X&k86Y~TLHD0t1Cl$et6X<XkCf7dnpf9y{g{vS-}$-RwHw*N<Xv*saQ^<Ton
zn?3aZco07i<3At9e?E-=d>H@vUmgER$dN{TmRr5&e>3d!VcNI<z2MJ#DCMG2DdpnT
z$(?2A2fgF`U^tE-4F^8K^!)HF0AtD#1x6UeCem{OW?_obs01*A_b|K*OplEOg*l~g
zIx^5rK8*Wv!)hxi&lL(lvy+P0sGl5nwp?vol(JCe^0|OXat_{xlifwDL<l<hY`{wa
zl5lrUDV7v;gHqq4By>2?F)N>`Q_h*)FxpEB5hU|KA%GS|`EvvAo2EmPrYKc0wL7J<
zzRKV}7>-2)iv~bh2CpPUH%izCSA&M%N!`*qDJYg#!vHMUfW+gr^%o5^&z*FTX8|nO
zP_&+Chne{m1=*dvi5CWtNI#3<6kW_<utO%fo|A_GxT4fC0$bGRL^nhwsq+IX03#4c
zVR?!OJ!ckR6%klm*-lf(fh~zsmC<Nsxdbjst42ox{dkZ8Mud&G2riVtO@s4s31B+8
zFt-^@Ztsy*j@@r^9x^iy+of6N5OH%bbDCTS1s1%awNOxSq_0vDWwUP87(}@=8Ehh#
zC-crCDaAj+Pf)xxEiYqt%729hX_83w855u<(SV4A%4~{hLU9;I0pT=pRNR9(_FzB|
zDVCzi1sWP0m7JsC4NUmQJFS3WNU)(g17;p<Ml-4-AXT#=`-~(LM9tW~NQOkkJngW`
zJY15_#{N872)rgD52yjB8MIl1Y&TwB1ie9n*9yNOOJ&d~#s<SeAqNM+i*CV1cY#YV
zxdE3HTqr%8g+xJtBgh3KO<gcRU6aLIU^xe;+h#+>k<b9S#{M+e9EYnTU~|wu%jG#a
zF{X$&G?-kDNQob?1KtUvt?`NoaHU{Kz5v-24#gIwoeVz@(xlo@DnqaZjW!q4J>}WT
zx=PZTQ#_Dd063>0&3g#HlUG(seyC9+Riz|_&ox$>VuR($RLr#I6GDx=5-1s-8OQu%
zwg7p#fHF@y)eDljjpz)-l36ey^k9XMX0`-60N;R>qD&CcKvX~o$JH|EPQisPSZXAb
zs#sFcV4ScNioWpwfswFw5nG>xR=UFDKpy25adGuBYG3K(BnD=yl~S)~a@6}*kxS1R
z2N(q_F7RGXfsYE+5K|`Z^vydT(E8)$M{27?07^=xB0YRZ#Ckgw>nRmyh;AsIpkr8>
z=|V&@7fR|Voiem~3fRLy|8k%#uSR+{qYzCZF`<l^NGx$mX*1}dr;)@H=FlbVP^zIv
z+Za)GE10_j)n+nk%z_1}e=cSJxjc}U%!<l9INFyP7@f9)NK#c0dx*%%x+UdW^aC|P
z3Z@N(Rd@uP<p7^1l5pf9HX+8#9P$85Fn59mSA&PiZL@fo(H7>6rO9vIKnI2LEN^B2
zr)gRvpgIaB?S`ZTRxv_Z1WuZYN*Oq~@ofA+9h7;cj=7!&dg9ofy^-LnXACQBWin<C
zfX4#K)+nWYK*9So+bGRr;xVq&D~|ld_;m6vx6_7~o%Tq^0N8LE1+?af&+|^F-3gN`
zqt6xcoID%6vhX~iX+Eq9c~{QLAx)YlGoXLVfy0QYpv2WAgDl)tBG`WLSaX0uz#A!6
z9=-~~rPZV=WD%`9BdQedY@sl$Q6{Th<aNGQBi?GKH79X<oMaa%7ho}n+JK;k$&6hn
z@dsWe)Q55qN!?)TS<yu$EpZsX9?NHB4W#@EHnKbz0g`UwJt-h=z#ZyyT3s1}K<o$Z
z3NVn}iqbwid3XvB;JJ*hNuoSjS;I-hQK2zCNT~utV7!RFI!AmLOG>CzmIs5ttbrum
zfICwp(d&dc(X|4{CqM*X!#PHW2v=C|-BWj%)0(JxG{-Ug90+-CS&EmnQ?SHVlrBjJ
z*(<Y4L>J8Of>QZF28BAoP4z*ovS6lY_#~a(>~tf8qX#Al7OWgfi~_bfiP$Gy(}JUT
z&$&&2=~~=YE7s;b8w1JDEK0-$vnSDEEPw_W8Wf}8kOqXnTrnG=5dS452*7`u>{jv@
z%sh|Q2>j)+i{z=SE+gR;4Vw!Sx1gleNJItFsm-061vVVUi{0wZwUI|ygeQsXInb>@
z&px?3!b@0nH^@gxMoMA!iqJ01xg=o&kuoV1OO;Cqx`Dte&)*B$a)1%Z28RFm0xFGn
z$>tT<5Ysfy$|Y3-@Ug354s}Ev`J#)@<peXB15DTN6w8MUFjPC#D|PgjG9biDLfWyg
zDJ&#x%>fG(+F%bzGYtd_Nk112pt&ewB^z&Mun5|Ww7}T3_@pF~>_Ut0Xbkw5&}Ldp
z_1dJg)W8-kB3lNAYQ0a8c*>CI86u^PXLuD-l6YAXL1peN>{h}y3^W@Jl+}^khEGdD
zvFA*(cp>X}M)Lrmiy2|%QFz6mDNDKoxB%p4LeQWT<xtA8@nq4dz!cjhNdwOooM#Qd
zGSG+&CP3H~96(QX@!rCZqjfCFK|^Ig6WoxzNT(pnQe^TBhOnWFwHFC4k+)hf1C|87
z@<c;fcE#c@F;oFz4J`pm*90Xzxhw%&h5{yRN1ve=N(f0NEjkw>$+)msgp$w;xx9vE
z-ok8NsgZb!L4bP-CQ^a|$|nFgi;KtjXL8`+(hJhZQGmmvTB=~nN{QkUjIf%k#72p)
z1b%{ACh!&`U_DG5@+1*SO3d>_n>ikKmqt^cNqvAfi8Q$o+dPGeT?s%gX4@0nLLy)g
zuKcdNh50PS?n-lkfsIx>JpeT1Il`vg6>8o^GJGZx@>hbE2F-omU~|$t1>o{0Dxgc5
zYBFqS%b79wQUk@Bit;K-l*Updqn|+C8Kp$C2qq5Jk1&FhfroZdu!&*%BV4P4RYlmn
z4y^<ll$wSJm53Zogi|PU<pC%&ZRlIUL{gCnL@o3XpJ2gl)#f5Rc#vHgZ3UFxM*12{
z(}-@3Ca7j&#!4~4?huWR(3vEW50sT}l(-5d$fF_zWIyDhN)Lh4_yCUVW&={lFwa3K
zz<}YU(4f;ohjJ1L7G!iH2*PTx-q-FlF<A(~+_QL2Vji^Gv;`~&FB$m27Q}{kH%>+e
z6T`u*hsdf4XXSRGgmWTXb|l+@MU$0m35-O*yYs!3TUnVhvi5PP4*{(jGYqsg5D2OP
zBIZf%G>lBDKc)6AG6yTF?t)}szybjVY_gmuuL=dWVw#eCL?}2F7b5|nqskG<$mvU)
zB2se>lV1vdiAe%r$ewKz2Juq5&-jGc^jIvhqn_#BRh3W}I5FpZ5D=R1P?D7E4X3JF
zBg0B|*8PVy2VF&Yz(k~JCpNE8p$zUnCX*N0`jQTV<#n{>ZB6i0(QX|mh)^6L(vUfb
z!-cWY<q5qc%b`~}Pype9KmqIZkaU@_s0y;?Sg@*3jhRaBE7<S>1U50<!Psrkic@An
z#tzMv96VHbqZy~dWIKT@j!2Hgd}78($5(<F((<WFan}B~u9w-)i{K+5#Gs{;)&=)s
zkyZoaJ)c2y`3QtUiCI3~y-|3#s51iwY9iVYxhXVa-ofU7tq_1j#86vaVugaz#(e^m
z*fKFIQ6zxH70kdV%%Bxyex9<N+EgSP+g~~v*^(zsM=>x>=Bi@a<%!}fcLC)Ec$&%5
zwaParJtx(E2<oJJcST=Joht}j1<>j#2di=bcNYB>YUBo@UniMK)hbhx`ChS&Qi&?|
zATiO9eTZ#GN&^yNDikzXHk9uLsHjSe!)Uo&IZQrbS+0V-kKQ5Mpd$j6XFLIh4e=!n
zR_BT0Pi>vbi%UF{AaAf`!-gy=35?~E6t}~s4s77?W!T`7kU37|QRO+Mr3FEoYeaIQ
zO|Yr}LRZoUFka(fD6py^8@CD9#CH!^<3#1>fc_3dT&It*Ded?en^YzgaDhD=RTHGs
z(R)00rsWa7Ldp9pcs5C_&6-Ssn2(J)qBOD=Un_xK?|_9PrH--ngWVOdBpQ#Z0veTD
z178u!=)=gtIqMY=z(WwJ8Yr!;3<IPc%uei_HlG)@#4L}@j53NVgi}dDR^`v+J>-&q
z9V>xg(~;1}%p639XEVT{4j%5(|GZtQYFkkwE$oeAKxH282LZ|6Z0K`A9-Z9C;(Wny
zQ0e56)!%`3r<uhB;~U5HBzI({CNkO$wEGbO0L#h>u~={sc|q(iI2`oa4#>wYA_>US
z1oD3&It7HPe3WBz)n6{qB9A+7;R>t9O3}6)Rg<-$l_TI9nAH4#;Up>`?s{!ABU7os
zYooEH2XLl!c)hBuS|Lx3n!vzbLl<d;Vm-{$@NBWUpx+U3zvPjHNA87k4bnaKT7;4)
z_FQy9-x(^E5<ZJ{ey02Zer=R|Jv}DQ7D{kJd%Q^80^kfdowAIsU<1b@@=gP1mZ--!
zP&U+Dx-HYmjXe5BCN|ls$8JvgF&v(~q>L5W4EKUXzLv7v`{Pxj$U$1JG@xWQF}htj
zb|+)+MPWdUi!f7C1iprjbViq~BFl@RL(8spIH9I$)<Wr&q8qKT-ryq-JxqBI;pH$a
zF<M3OUjwZPtmP1BG1@Ln7z;oWpgWvlpX5}>e1up@*%BT`5h0HA0Y(8y8}DOugNEjg
zR~a9?#K4!`0Y)BdL$L%NqFMRqmnMp@7)yMx+9wgeq&__bnX+|H308&dgN+>~liNw_
zGDv$`l*L7r$x<tdfV-gH;Mn0)`X*7@3&fEeT4rJWADag>yqTP-94U)KfGGcL^1k*^
zW%%fA*+QmL7`+F>DK>s9L`-4`bQ541TOPiZf$YdzHX=F$lFhM%Pa))VDezR(<7)(8
z49Y+mHgZWXgBvtVOi52le+9+WacQrlr6+dgv;quVh6Po#?LpasMa!WfflO!d-2Lc0
zlQ4|&AaMjO3f42I2(7dUR)D;QqZeCVQaRH%Y#4;TZ-<T*a4=Hl>?%iCl{$e^XSp)I
z)OsLT5hNN@*Apbbqw6w+3UtS!6y~Y7GrYY*b;Y1mD!7yoc-_=XZkLQ}8FV2-4nAt$
zW$b;vbcCq1^nF9G!DeUTx+Jx~BcC;m5BQ+WB0;4i7hKfL&47da8L>tRd4@cos7L$=
zd`Z6oD5P%ovKJ?bYGC1S(krCNe@tx-OeKFufeuujgYo`F6*|IbiH_#MVG&$NNK|-O
zRAd-XV{-v{qxu~GiPbsO;{O3UgYRF2IgbBt9vSH){vZ8##Q#S`Muz!uk@ph_UqAoj
z@&CTo-<s#J3Ryv>`!Pm&`5(f=B0cMWhlPbc%>VEpeu4uu0RbGYH$;{kakJ1!!p)im
zhlO%sp;6)C9^4FmC#P+IDs+}$!@guBwEzzFg6-0Ho{P6T@|}>$aw&F~U_vS|8xgAs
z2-avc{#Y%AF>N9^#9To+t(j+{%M3yEcm{7i;WPQ6mIRt=*=I0<13Y0K7~OfOJNVGT
zHI$A+U2;ZjX1BzyX-TOmnJF2a_1xgWoX0b+6&D#2%JgQELUK@t@OI0hQH+oA3xU#T
zc$+(y>(K?q_4B9>82BAXfd-BX4xk5kKX@b)8<Q{yzy&ab8ru7VcCev{J|CC^BVMTY
z9Bl-nv&0<eDkHbVrYri!>l5UPW5B-?&u7n3oV*d)3}_`)_-$ddMuP<(NJE)0_6QY(
zh0_8^&%~1qNQRZ<fZml!B3|$;qtOt|)f&&<E+NPSSPu@`SHRJan={55`IgB-<yQ7v
z1)kAFqA^s-nQ?9?>2LvAq)$5(;7p)}4Yeh8Ad$bO3C#xucZzhzFii*`7*1{G>>r@1
z1`Z7ExHcNYik+TxijM;F9B#cA(tr*Io(Hz}!XAA=&`3UWxWybG1nZLZ>=V3Jx?}_D
zArTIqh9AMd+w(5;C?3exI)`4b_!Rq3(@#NDQr|Zj?35Jz&QY;1;*o>1^bOaP3$4(1
zarrJj38sHwKf?azTx7JSP{ywko%m)FJOg-U5K2(&iFtrdkLA$AuWbB4`UFBIf_-SW
zC>r9)qotrk3i^WFqHAKil%!-#T`)Y_h~0b9+KWL!L6}0BMFiiaWF#j`{Uv)oz&kO9
zFbj#2vw0UxP=khtP+}5+sc9qxiyln^!&o$e&J~CpU<cwcm?VlVP@>P^jXIfV-8L|L
z*u4TB<sk@eaSNwo5P|KFGPSpJ^1R}Gv=79=IcPNaP>Xfv3046Ge^P%sxW}P&7n^)Z
zj6YZfcG_k;YT~^&4QT(`j816KLBBeoDplr&#fO-VUA!2~!S!_7i2UJ@5O1h=NaP08
zyMYVQa}8tQzqnSUClw%C!WB9ZB}fZ^(c3;LExqe2Nht}5J=E63dsR>;zPiw3QdR_C
zU>Yt&h{tG;hngC+>LBM#>9*BD+&$3c2lll^cotmLkqG%}(rUb3t0IU{4bA4svEz$%
z`a(GIvr^kh_WsgFf@}zfYTzES&<B_zbch5(;gUp`KV6o>Z~!5>!bAT4QP6-P+6}M+
z2UNvfG=T<y3v{Q$&Y8p(2%YYodIQOOA=)_zCf67Gc{XA21W6Kbf)030HTp#c3Z%|+
z0T{G$$XD8yDyZ~a64+4h^CLtwdUCgpcuokWCKSeiNeW-nOUBP=bOVQOV=%BHCN}Rw
zjm(AeI)DU;&xI@YnaiGKw_ACm4Y9ybJp@kLTc}^V1HK9++d~2s(Kzm>A#5jzl3^70
z#B`FJiKYWzK$(y0+gNNO`}UG3c%#IWv<mnOnF*r12LcYl6~6zZQDg8-;U&jmSlrxd
z(PI=5xI+m;#FSbPb5}p`Q%qAL{PpfSiNVr6yQ3|c@?|KeLyrR7=8B)rZZln3iRkeb
zmAmc4=hG#|7{O??(ey4DS?u->k+-)JR_cccy1cKzGX35!P@%_lf&!_^olj0LD{s3S
z_|=XwLi;Myqp(zLdfvPl?{VgU%K}0>REaPgRMN=Ovpdum$C7(7n$1?3Yk}{9WM@Da
zQAH?m4flahBm~|&C6G}nhA9soNRfd+DdWge&WpN{mocw<A{CDblHu-bf>xCo(v`Zi
zX%Zjo2Rm6j=mVd!;>ys+jBV%&k9`sVZ^XqroxE@10V2~Vx}d8R+|5|2OQVicvGn>q
z-tM-!6w*Bx%!Sb&1n_BSS)86s^RD(yGQL=rBnP1F5y=5P!X^(Lix&)sz_p5z=BAhG
zxO;1|Ler*1lu#R+bj&so8QCQ;oV+U3l=ZzdM1>lt3{dDnR$+*&5c-g0A*oNu;DW=8
zF!dmbRCWb{mJzj+vjUWOe~!|7p#{3#B!Vb=r$O2Tlfw?A_{yBqvGy6|9Eszzfh=`J
ze%Q~^P5WJbE8WlE<@b{7XoZ)EZ1oHgM}6rW`Z5`XhuH>fIy2q<IRB}y1y{J&do4O(
z8*0mr`Um4n<{`4#(R0S2fGlN-5%9{!qwjQhebJgC+k>QMG*ooN2pzIkAd?C1jI$VF
zt|~37!KfQj@TNpFaMLU!$k|>>sRQ+CixDZK@^tS+$5-W&D5-$@D@tBIUQ5*Dxuqhg
znuXUG1LmcnNu9Ea8MREoCun}GEsK(jk5f_UeB*;7IRJWuygS)2$}Qt|3it0A^>OYg
zCUUo@AD*a>rGvBZT(z(=6r?*q?fqf*_l^R}^cg%<NWfA!<NG?+Scm)ylG5Gs{CnZ|
z_r~k*oO)T@-L=%l`j<UOmZd5MD8pSm%md0}>@P#93_wK>LJwoY-7@2H*{*t+fsai?
zLJjVS^Lo(m-RR?Yf^60K+$|yF`T8J4RdwDc2UhXl^nql?hx4wFxI2|d?_DNU=Tvv!
zgMx?rh4kXRE_X{T^1A)CJg)-$mZiu@i6X%y3h&N7%pv<Q%T{xYB2I4Nas9|Hp+#05
z@!h(p4!%X9<+Jw#l!rl<M=bm3`n+6zhsN^Ugvd)#_DE2<cP6bpR725)6Rq^;^TnRf
zQy*Itv|iytFh`X~NIZO`NV0(*U}GZ9Z$+$8@QuPS1s||R6w<x)7yjBSj9L0jA%KyO
zJ)Yq%*fSrtQyf_Efhtp#(sOz3AT3t93h9=k#Ddf-Ic<zqFYPdfE@b}*V&K81pF9^{
zWcB+Xv_qYIu6+PcGUx${y=%82*uQismG9u`eN;nyF`f?ev80st;CqR?A*~JN-NRIk
z&u5v$!Pf?vi1c8b5WR-^RMtKP8*0XZcKB{euz94}0@zjQ9$?I$w~D;1(IRrkuE@9z
zUKJLOXzB??FNv8Q4mm5#VVy~IZk6rA8dR{74t9*lL+6(O1Ogac1`-^NS}oNOy*Rn2
z!tdch19?5_IR?2o>$x_Zr=G4uiar-rp(Drh<CHWVMh+N6HWoPU%0NI+Pbnu9EAr{-
zv2n?X#F)V{A`fpM_FhqQ$36gLRnl1d4zg3|)i$HYWgOTL>|6HsOZNEyU9$`hpQTPX
z3VUa0P~OU^j?P{`Df?#`reXm4iF$wX9gVU({9M@)ex}+Fa}}cKhdfvGL!On@k9^Be
zMsK*0qEGzD_qws>RPU8z-YSMA&%Kw8yf7$?!m6WtTlSPAcpgZKu@p90-;?t;9(YgD
ztBnE-#ar*`Dqb5@OeCtXd1}YX5t)~Y0ofP6x>ah3p8d*iJv)})sP^nr9a4;-+Db8!
zY75m7)dgzBaNbQ6V|l-3MZ3_loC+ahRXeZn<)L7{1Jjnw$lcVx5PYxZzL%T{)I`*h
z*n~+-t-@Ir`~f(o;+XLGjGlG$b0%vz$|9^S%PCN>(UCH<P50na={e`n3eGsRocS_F
zVR{<L{yQG?pvfUBI16Ug<#Q8~B_X#sn0Qx#UwNL4c%mm-pW2ZRls}Rh9F_-h!Qf8_
zp|<RKWZ#E*s5=R__nwvB_a-5*l&SjM5kOAkK+vC1VOK_<P@&E<jqbd1-B>-nWPC_@
z&;>Y?brWEG$+Nugtt3ZYRWDxbdx(8dz>}A<==|X|E!I84DtIfTOq48T8%CxC$*Ly_
zmP%?B4KTRhr3aG&e?THtTxs1;7eKB+x>!aE2YT9u`v2VV(xc9@QR*HcTYwRfxngz@
z+a1|r3J)Q9ie4*1gCpoPFzOUKA=oR7UDU%@FqDo1RV6T4$zhg&B$*GSFaQZ_stOWL
ze049|NhVmN8L%`?rG219Sruv&)>K}iPA97CDTR@|^b(+%h7_SnM9I1~<KQB=U@At$
z_Dn__bce*V3{)g^qWx=?2o9qNCVxvCTskP!T)8MZRXo}~&Ggja<nKMsJW$?HfpUC;
zNZ@*-0Iy$&&x28>Y_2sR6VJm4Q!M;S&MX_nH5RqyTU)&h2Y8sKq585<GDPe4dpkHP
z7#{N<9nli5iWw$_{ykwxc?&=~jPW6@_?9ABHh`kmLK(Y~gVw45ZM3YtAdwaUP@Fwd
zMF5}Vfq|xRR@gd`jjcz#D@Qh%7GQZ+Ymgadp#eQd^iQ6n-^ue#AjxVCvQ$eR13ILg
z*hTV;Spo8nc|zK-5)f#_{wcRWQk{WHZgTJBxyU}p+Zb6oNt9hV2!XCzEJAGjKmsje
zXjAW-M$MoCNFtN!Ucj}b><*eV6U8V5c}8dez%vD##qLd?H9QzUhpn{nsa;;_n$*5S
zIwTVHHge3UE?y4<Qo{pbR4UgAMJ;orkgW7Q^=;!M=QbZhCnToDcTMV&o|Ky6d+=mM
zc~n@23*|1u)UBv`s)%>Jb7+WpxB`%b289NNlraF@G>B!mjdllb%k&le21y2xMtMPF
zo`-d2CMv_MRWy*SiGi}D3Pd;n9OGh0qzv8$kc7a+)F<s>>8$c>2O}s51tZ#~4P|PB
z(uIct@OKAQ|3CUEBmO_g%v<iu7-h%*gP*Vn&-nk4@Q3mL59BAYN0-#D>1l|eP?qs`
z!}Rdy!Tpr6|L<E4m^;t^5*ZGfKg|E~0Dj6^e^Nd5p2sMM|A#e;2=(Ou&0zkYhy4Gq
z{|OANSaKH74kwAhG=Xx&poCYEFhxvAOD?o!RA`H+h!D=@hN3x65u<U!a#l{9{6wqK
zSfSSt=Mro%NZY`<us;P-hF~UKT$)IFi~gcb@L#YY=><o6gBL(zg$}#|N>Hovl(dJk
za18ucqsg_K-B4_XPz8Y*Y4sE|Dbxj0g$w3mg%?KP|2VlVw7cMjI8Hl;b9hv;3_>rY
zW<bd1rR2E<u)i3&HwZ5HAGBo=l<3gc2Ie!p29`DOgbqAoV7p_eWRS=T;BjF;Bz~S|
zltmE7C<n3f19+Gk60U{(p<)I-QJdaUdSLZgph^H}4tcJ7m;)Y>fu^^NehQ`p2Qqyj
zzX|fFr>!@-mC<6$hZZVyIJ3Fj0QAEA5flUgCKg`QlFpr{7u;k*aMEbv(v*pzQ)idw
z3uEI7lu15gB=YmLw<)TPU@Guz;#qJ>E$m44kU})z_VVPUi%?KdSg3eaD8Ws36RKQn
zQY@d#4b(K=>12>?_km-kHCl3n9*iB1*6t#9O85=c@=#4t_zkZ4AuR+<v|xq2%g&kY
z8fhvjLs+SERD}oO=wRqy^<D{mRjfk?t??^suO>|7Jwtng|1jzN#r(gV{BJq;V~ldn
z|IqNr=HB_=!XKXh58?+K{VJTF&7TxBm5oI;w8%82mES2`zG~E{q2k3VwPhT*U`tQe
zR;eB1$OYRe{axi&l6w|vM0{YS*Rt0Yd`*2~Jzq=CRB{{QEUTQM?EWOpk^0TD(^EEM
zoNMJqp3Y9NotMk4a&S+_BnpAj`Id!4<qI!oU8%i?6B2}6;lax`RJax4hKy^kOff#(
zglhP3{gpmc_4Wbds5k|eXZ(zQXc_eUQRDycs=y)uX?vhxyB}ke$N$43z4L!Id#L|C
zkRRw_k(3f2V~Xkp);}^Rv=_-&sex}2lDaZ)!2i(G<fJ%{7eW?&!92|pY~<G<*g%sS
z*D);y=4$RmgbRCCKaD1_N0-=i2tsm3LSjsOR4;U#1cn8L1cmfUv%8%p9`%pg!4W*#
zBnw$0Y=KjLqLG43u<s~M4U?4%HgUo2?2X!T!Kq<fa8e^3nXw-Ip%@)JO2~}wnx2`K
z7@yHKF*7AKGa<1{*TneP^hB;vD~*Q09%Qy!qqs&oI3c~JhE=fj=YqjA@DFc^k{a<A
zF4*pNMS-zNTaFG0rUCyTIMZ{GaREAn-7;fnY9zJeQc}~o#2!g$>2iC3d_9-j-z+$l
z&%k`a8P4|L`Cg?z_yRUpbVwg6d+bG&f6qo56ZC}v=r#krPys)E5P;X(pCg&GW&VPb
z%|b&$^Wc#1;IJ^5Yc?`6DkKy%6HP`ZZ_AM~&i>t-<-hPpjsLrN(Iwu;4B&TR{{?5l
zL;LT8`0>5|@ZZ4uVgfGD{u}9a{x^>Z`9JoawySNN+0Xb_sP281um^0C0A(Rb4-neT
zvrxD|x9ma>>)0moHnCINDPep1-|x&wvSr74p{2CFOHN;GS(+J1qmgDL%{=OV5Au8Z
z#2iMUNwymkW^CjFX{dwFXLY8UaLHJjm~oL!=%mTQ#YN3(+srE0^_{ZLtP1>J(HkNV
z4jK{vg71qp6aH<yeY;F0-ru-ke9PWLq4!YeJrsIhp?DBh<Xkt%F(ewVpcKAqHItVh
z0G|}28aE9mr_NXj67V>_L$)|nZ^--Gf-q1a$)B_Zk&ebT@f3ti*R=&+5Yoj1CSQWS
zMwULsLd{CiGSfd^`ub90eDVWyi}b-FBh<k1!icC@O3hIPFa&<X;0TwJoT8o4Mu$c;
z1P;|$K%-i*Ic+iu?j&7AaVqH-|9MXVp_W<NY6N}>5uiOSLBbEQ>DUZBL7aX4Jhah7
zv=T^S%$o>RX(4HvqkOWRp!w4rV~v&6LssnW)%eeQojN&3b%KgtqMQTp80P}eG0si+
z;y&7FjDMFC{+0PA^QZm^vMvZ)CC|oPrbD)+oTZz8=G!up2Ba4lHyBTjGR!fA1r7~I
znuiC~F<c{!vJwd+8fFVCD-l`Hsn0smu+1xaap_-%m+@PjE{RHM;6%x$5i8+rCk*r;
zpPrBUJ@&y3F_d{-$AeeNS;e~EIz3w1++6=<rK~>(fn*pFjvT6PzA_~z5|n>yVPEi@
zKL6j#_V0}Ozr0>8SI72$%a8j1gZzr-f6&;qyY351Zb>(WDR#)}COmFc*YdGL<i;@H
z7Zy?i7Z~y|<dTM<+g9Y+1e^OF^aJ$NWc6WuX=A%kFsTo=ltZ~Cb&xJ;VrNrq)xh}1
zWr=MK>iW9g=z291-eDv!Y3aU<rb%po<>ErSgGkV{+LPwd-q|0=`>YeXZj4gx0_1B=
zMu-~?M?<DlNLo5zito>LiqKbkvU7HJfI50CmJN7FGH_%BSH_;cXr1pjnSOk9dWI_#
zQA~iQrMnX7UHoJ?I{u|>KxHJpS4U?%cp8?Sou4K7;!&&@08T>h$$T=wzycz+9X#f$
z()GHYpa#TD&+>WrJpuXY$^QSoZk_Bmq14-k_V%q@WuB)~O2>`KJ$}hBj3suCf;;T6
z?6fmVGTF+$TJo8Sj?Ho<C_!h~?SgOT%ZMhkoeQiv^~V{yq+@eozte862}LOyB=BN-
zPmUkd&h7q+I^d>kX2Um02ToUaUnMk!$+LUsxGE{i#dj?wlP`^ZL7tCs%y|LK)3?C#
z!0{uzU7&Y89lI$lb8h&Erb<ph&nY5l9fl`=tGwk4qW~&D!i!cH)wi<X$VlLG1XyHb
zjE3+ESi~zI0gyy2pI{vcM7o3_@=J`PAx}t;kCaB#9F?)k>L3DwhCbd3OIew4$Ij2}
zRhhKCRlouHUHdz9^^8u`p$8jQB1%UwhN-MQxgb$;QLA;W28g|esC?3!#T}@^sqwOE
zWemJo;_w>qJ4B3u7{|M<c%c>ZMR-y1FPU#~tP_gcAApP{Ca?!#02S{eV17Z0#WyfV
z8O-Wg5ygi@6Qal!%{fMt9-r0Wv-(oXB;BU_Q)AnqY8HOQDz^`+X23flz!c|Pi@gut
z7@HgQggd$(a7OxF8ARvQUeyf0$e|eNi3|{YGf?tXl6<zFFqh1iCRBMI5CBTqYEssf
zWvk;jl4=N+{(`|<yf>K}zQqpik}*7IFL7CmQ7voF(a7EnZkSvh3^1#M3|_+kBaP?m
zIod-oJFZx!k68dljU|@?=Ska6#c-#F8xwkB?>*O2(vyB>Ol(gcFtL6&P8V&Mn2t0G
zp;@z-%@H?*3v2xT6N_&9?EnN4#?+)F5>njcgiWjER)Yns9xE)I=jy7GD?3hj$4I`<
zjRDEh6WN<Uh%QWON?N=+#zcmhmCp??QS8#sHi$lp1@a7#J;0!&{>$SulZ?E`tU<{n
zRO@<XLr1$_hGTLoBUMgj*G8&<L<yQdK*8$DDo}OaoC#vxR6OC)coA(wP8P6XOzxCH
zy^t&*30W)ac_AUb6-!5`*>qMO$SB991k1c~T<|^nNm==Cj|&Kz@(9CHrZOpy&yeO-
zWf@l>&?Eh`<ac4#wehTLSpx3Hkd6p;Awmg3c{+ZIdL1=g*JD4S3bxIt*+2nFt*^SC
z<4So}D9=>U61PI)8PNzkoqh2XT|zRK3i^mljk1_wP&Q2y<Q7sZB4B(!G%Gf`5+95@
z?*p{a<u&7_yY_ez;XM-v9$R26csz1beic{XPBo*MWn4h#+LT8}$Ve7vf@Hz0#M7X8
zb4Hg1IH!-q6jLC9ps#?CuOm-tsIIGudR@;b|GJs8l_=tX6Q0SP40fdo*)_=;|CF^Q
z@KPIZvrQp1%?)ITyKzJka$RMK{34~`gk5Il@yEO%jQKuSr=#)gQ|7d3$GtN%-1K!3
z44>x(CNHfvVld(Q(H4<fU$o4mNfv44Nsn8WiL1*|BewwJihDU#+!ML)ORZZjOAw4q
z6FsZonxK-e71#!HQ%izDf%e==j0$Vx1>Ly{ZWI)pQmHZ0tAZC91yU8>U4Z4ZtbJ0b
z#xz}99cu9aLp9W3(xC@h)#I0B{*edG`%!0^^*o<q_Vhrw+>*x{Ih4s&w5)@43{uA<
z=bT{N7XuL4WBB+5L6SX$hhz+T`0|SaibOO@Xzp|o@$!E;tQyMBycJd&RJi_ir;1Fe
zge0}BlDf{N<1P0`vCbz6HV7h*q;c94*)cvzXH&#DidY(CKw1!$mOhd3?~`^XRRokd
zZoZa*A^!qci#h$RaQ($=no;F8GGcUNi3}h~Qx5z7GPBx|k<?xz3wA~X^5C;NSyU89
zu!&WKobixrXHmmtT7z?YMV)|sQl^XPIhV&TnqXlScM@hf$3x@R`k)~eW<~a)ycG%5
z8o@anopfb0^b@Z|($&x$h!N-5?H1%&s{X*B-dk2wH01&a&FEtP*z=tdl$_vTN3L-A
zeh2PxzTA`Dcj?Ox>{wwN<E}!7_uRxB!C%C;($Y4|rwIB{+I4JnoB&C*jan}+muVl4
zA5j4G&d^0WfW@LdMt^D#JGkp}FtiNA;P+elR@^oEfm8C985HJT?f6xfJYKP@EQia-
zPkbkI4uVBf5-#BCk|dk0Fp#-5vfv8#){lPEzxqv?|DV62{ofDv#yy_?`<(NCYik?j
z$Mb&=@tf5D^2KnXn=i#N^Zr*QfB);*YGvbb|NkL=hn^h<QE(lzCSKVM25t!Y$<Xlv
z_9h75ac${^*MsTp1wa1uJKz3h8^-FY_LRNZIeFE3^>T|fkNDa0X6uX{ov`Nq!T#Ak
zJNvbD%HABE{C0Z0v$xM)v<~*4Xxh{J{b`!;1hpkx>gjdeFfQSbE6ji^cnY090jvMA
zZfxR>flJBZ105!nV_3!E#Cmk&yJ5Yy)&QtHsa{)eXdgd*)INRsq$I8>iC?ioawJ|k
zy`Ek-F4cFW{ktRmWiM!3y{%a^RKF$--+Ea6FuzIi|73rsdANT+IA-~O+E~lW|Mlwn
z>ZAOBh~HV)ja+8oHc!`OzkAUTv;;8$Y~Y?bN+H@j|KK^?wJ>JPI^feZoFO6@@(b#^
zA$^mwN=f0a19>86Hjo@H$S*4fG}mMBe7mi@1p`33U>GKdar{eX)4g^s$;qZc9vAO4
zDet-OPCmmJ1jiUSZH}5w%gLKg>AN$Y;Pu{VS~Ixudw~VoAYE!>*J04#(iXaLJlHbL
zo0}Vhk44euMi6$=A^Fw%f7bd>_S~1?m~sBIys@^CU;k~aKYJYi5Al1-rmO(P@TT=2
zEHlu?UC*vZ3Kt(!VWwkzcZgwZr>!l2{yDR%{P}0RLU^`w@{*2K>Tf*1T4ANp=Ef3h
z-uhPGvsVuAGUkEs#K~4itL4>-rtQ6WSy$->vU%aA+a7kbCx`o|r#mlUwTc@~@CWTT
z7LQ_--d1F10c#V@{KSN4oFSQTULEfIw!fT08b+>k4H|?oI}|`@FP@@i!{2b|rv=g{
z0>#Yh?9$HwI&`Bb{~y7S*_O{DimZOiaKqof_Bunpzk#MlA948!ooQJR=XA{;KOwn&
z3p$QLb4k~xl3uhj8rV(D9a(*l8C!QG9f4+<C)){n5xnCdiab1iYj*?Bb|bQiWorjh
zS0O3Is7~CTOM6eH#DVK<Hd>kml~>?%VIouSx*g9?rqieF_~huA?eu!V&9NKqQH7iC
zz{UFzHXfo_m3dBW8zZOujbjrxewE|{wD=ucaTn9~j*shh52iO)J3Kq6_dSQdoSg2}
zLz^D8C#@HZ>HkxLo?6o7(V@w0s7YkIJE!~Xb>v<hzSv7COH!$Iu6V^Wv{R0wVLTYd
zS4}TudIDL^(DFfr>${EzLSss{GYX{1GbCTeh?+`|N{X2AVJb|3jT53akC~^c)$xPS
zz2X7@(WQv;wC*&Uyb{n$%=Cj^&<U7%c*e{(Rc5|C=Xckez*enS)rwA!ubTV2uV3=#
zD@bo1y*U+chr4_7@%8CR^WcEL9K7D)x6dKvO8EVRFMj~|7foi`f{-i?%`6QqY8m*W
zD%Pf|SYxy4lQQDvf>l#^7*KP8m=T_b^arabwKxohw6-d?K1NrAx>Q!7`Zvh<qS)O_
z5F!|8%<RF8v{v3=rjwKtc_x0|J>9ET>g~wJd5FfT0+c>VYUGDZ+Cl5pZ%`h66yyu@
zPwX9ZkK3zOaHWgWRwy1jjwha=F3}(edh`N4<@7q@i{*T<1~OaJb$b#{&~wu#YZy!L
zL(k!<PTQ6l;L#q4m!x6IodV28U6^;aTGh=BLAfBB7>P=#o*#acx^TY`x=;~lxy|(m
z;36mqwdrn69zH0SX6Mb1NmV}a+2$123!v@sb=Vm+igtSR`ebjv4s$@u2T_QV$C9qW
zEF4p&tG&Jx)oq8RlrQ|_p;qNGDGLGRs!?7c{x{$wlPc0vJk3yqRC}_2aJoO=+#{9>
zpE>iCC(b+q?(})5Ak*j1I_3MBb+R<w!<^#?f#2ss|IZc(ekU)JukKqWzx;FJ1T=x5
zZ!i;m)mj(MMpt*9jb@i9o{g@i&qh~|vytiGP|FMQfz!sbHCvH8h=24cs<46uGnFHz
zDz)xkapICP|H=NVCd?A4y2M2qzH{woy0$VkS0Y9^<d<PE959``pCS`QlukP0H0>26
z1KCWs2ZL>U+a8U!Lwg&v>FsbkaC+OIVQqH@e{Z+ZIbt&BrVzDcw&hz@T<~1tMiqZt
zLC;yXE+<Z<<TPl8bUt<0a>k|Nn#(RMjVaVL`G)${wH#=Q84cBi_84q;p`p6{ZO`w0
zL9=x4+$@>ub?;Wa6E~WR6FfWEwuj+%yFb{5Q49P~fxq!KjGgVU6K!|A>+Qb>9r)|g
zKY9)+J`1MiFVZ0J_3VE$?Z2s={<Cq+*#Ft6Jj?C>z?}8$(f<1&zb~-=a?bdEOu(l+
z7**EzyOuNliilM|nEh7_!XMNGtWck`0vGkh*E0m?u+6ds=lH463S3x$y90b^6Y!i?
z-w6%&X!y;w(3tIaK4p7O<F2Ax9<+96S!~CxwR}<^^?UqQw4&=mH72XT(+#mRiTbui
z&s{~!WGlFbpHVe;#{gu~Qmsd@f^x(_pJ}fu7HW?sD`mW7$-2X6ncpfkkwGV#nkHMB
z?rQ|yoxpEvtob^l$VrCLy!!m4d1zL~??<cuB8}eoZng3+)X3-7#=n7L{4e=U)c+qa
z{%5(IKmWD<Z0*ti--G->VxR1s{IRegx9Kz`HgXzy7{rHg%*SwluR?zNDR8K!gxh!=
zjz8QlJO2Oi?l0<R`n&u6uj(3zi^uz45AYlBe<!f-nFl`O{$Hj1c>nJ~e#QMiywC6t
zpVR*vYpaj_{}8{4{V#015xM#OG90t^f7UBw=l?1G^W*yO>;F<O#n{j6`1S5VYmezG
zrunA2XPV8kCOiN2?C=1Wee9GxIhf}DD~g7oD|c6Js&rxH?8F=)pfZ*ek1N~(gyF=F
z-q328hW~+b09Qb$zuF*oH?`P{du{`kntytOEzs^Q^ry_P05K6l0uPc=Le1p4c}WVr
z6uP~-9>urtwd=aE&bpy{UDu~xtN|uB>?qR7F$%gi8pS5Qn;3qg@5UCx;w$K+`a@mc
zLl19$yn^u#b?)!Yk3}i0&Nf4TrjZ-hU!T2L+0@B>4zFOX9XPk>4chTOFwd#$SlaS@
zH^fL6X)+M!4DFc0U*yuR(3qk(64yXAYmOS~jhff*Fslc2@|I-;2E#GY1`M?5O1ZLW
z4EzqzTQe=uq$Xf5A_BeU0MNGAY1E)Y1HU7BtY(VWnn@og0dU;N4!r?+tZ2;YWP-u}
zW8}k8Z6k8nm^NJ>nlsy&zV*TDSR4~@S~;N<9)YqU@ZZ7$Fi#_CN{loxB2lL|ehvCA
zwa3DO%sVmn)8K;}e(>BIy>TR-uxQPM>{H8e?;v{Pl>VQuj3aK4=?!_8Y`$_Jy5b<b
zg_`k)`AXTL>v%DcxW^ynEQRcie7wgWGNo#!XnK*50n)epq16+8a7ZuHdqFAi)bnG`
z9MtD6<!uVtSpXD&&5{7pw>beof*YbI8)R<rIJ@#<=<JKhRvAl}DH-u9QZedb2w%fE
zcMac-O?gjK&f$7P7|4=woq$3jSnf9yejHl%J2y0+chDer1!HVeZ|n{`?2La%D|%<p
zk=@UN-TVEt7#wfF^sRu0)X)Ta<AA>@y}&`_<%%LMa-v0udh~)1a-@QYd^!XnS4TQY
zPSJfJUn*F7(9lkYgFz6v?8aqX>jOUua2?=gu9SML>$#y7+TGhNAZS44&_#C7ilPKQ
zAT}+kve`~*ZsW0PNUu;zyJEmJRDt&@K2$Zq1C$8>hc1GqYC{uHStjP7h?9lHERw^$
zMcz!9QGjLSfKdu&Sx_Do;6?3<=~QyX1u^p!Z&yvbYC6>%gtQjp<VI{!eC{qTC(kxM
z%Yzp9%&!$onAG*!uG`~YkEMH~h#DGjzy#!Y(V%DDO8U5~b3DlrTvI}i@7x=c`YH*P
z1>_`Qvi`ZI<1O4{6w-;-veIH&zeVn%iU+}vRU{{M5^rXf#02bHJOM#1==mJS7G*2(
zAUND_6rEd<;6(HsK!p@A-a2#;g`@UjLGg7tA(!BCf<<d4p0LX3Ev>v2!c1P$e@0h&
z9A{L9`oIV2(u~7UoT+p4#Bj1soTWuXo_t$j`O>0gwoTjQY??TS;(3=ervQFMMIc9s
zKv9{1qhhuzX3Ed#s0&J^o)kqvKv*fjSXD8~;V3XxCt$3a8U9~pA2~{nx~hLlaaSeo
zYJxi%-#LjU<(3d<xv#Wf%1Jt_9Sr&Eb1){a=^T^=D+jsCx4W+W?)fnE>U`D<#cGq*
zmg7o63&@E$lohTLV2}q~nf^{EtP%y|39Q{+j5br(t7V<tcuw4{>zkW8<118>lSCnn
zU3jM0GZ|Ht0?@3905nyzQpEr?YwKH;GPA8PbUV-+JO&NS1{@55%{LNnkm3eR*YNT?
zU**?G8)&c}$PPYH|4-L+UyNhM{r}a~XO*$|Pt`~L|3Q9_`v0T;|1Z}61?gPn7cY-`
z|G!A@rvu&S47sr@p1yB`frOM<^XQ5JA+I?<+77<C?O-8mJ4i(bLQlnqG#&_XO*(21
zSHm~7CN7lw&>URaLm`C5@G6~87bt|X%Cw;f?1P$`5V$A~ATcj@4R!{~<<4;nkpo?~
zEb{tZ57tLe9Q96Ma^JB+M+0=MWgaC+po}4{7)k}MLl+7K*YOQ{7^Bb&k<0b?2v6=!
zX#8H<_{@sX^)SODW&(lQmQtKzRw+_tJMIl(xet1+h}Vepl#Pl}HCQWVHvrcW7gHR%
zP0$YFu0XX)q)tJbN@PTwO66P^id$oNGo$S?SqSlkK_B$(NW0U>q&}jq##<O2ZloSq
zkejux*=;Z+KW=m%r3i4_^XVL~p&}u0yW$Hq_&T2Nk!LJfMYHfQCD0x*0&ttOXK>9#
zJw*ktgCX8*iIe_CHX%wGQCZNC$rOdClWB@KqtlZXmLwNnqBwCfam(96)UnA7&Muyt
z{~h`!DuHid#Ky9q)7WvWLCnX)O%T4rI~r3u9tvnvaaI(Zl{NFw3X6~)dOjIzMrhLU
zlN&|CjXmD%m;+T=LAAOm>$hHr3h(g}x;fyks&HZ5?%D`<EeCf3pt;tfl7B(T)D_fa
z>@gItX$!8)YUR<t@WLo&#}q(C@+Kz<{_W+tDp|rH{A3xE8=PDML|(^t9nllQ!C}+#
zy<Wi1hX2RjwSYsle*Nu|n3L$rq1dDj88R;AQkY?kDQ1{U<Ib2FOwlmol0rzO=q86s
zNf!}`%B51LP)_BNQZ5xqopMjQAUVFh_smGAbI$iY&w0N8d7kfUKb7{LdEfP}^{#jA
zwSLz7F8GK;xN;zqA1Z?4zFAj);e3C6J|aAfKhyq6rwJLS*l`k%6W(cs6ySo-J%{(k
z!D0(WSVv9qD7b;4JahOfdL*(Q)d}mUN3+M0)=;hgWLT^(&KYDU^iiUEYy!k^L~sIG
zkRPluX~)I8%9w!y<n6%<0FfdU;?p0+_LDCVn|8iHylLzY2Som@or8Ip@*c++7;9R>
z&)@(d5L)_E#rLlRT|$-oH_$Ew>-yqyBS4p#2<Td|%+MG#z?d7Fnj0BSt+f0d<NAL6
z-SwCF-&Bw6AJX{m@IPY==8yS57~}8w-+$!#j{kkf|NbB2f8X<ezT<%3;k^G#aGuyU
zi6Nw~5~}`50uUUzP4+sO=<^p?mpNQ@UIdFE_}e7H#AGqqoFFKQ6^5Kp{KZEOL<|n&
z!x=*Y7(Ze93V4BGp`5@-xV$}!CkWL?(U1aiaGVA`;`1UQ%MS0!hO2~;=z4+N^&Aiy
zZ7}o}^n)xUpCf$f!u2in#e)oil$GlTw}PUBKYNS7c?m+yO8k-(EEAp$0(T_RO){M8
zAl#~nsFavxeH0N2Bt>qcFrpN04@J)HKuS;l8BPBUVM2^R)Nq-9u-FI?oE(tQZ;FuN
zgIT!32vb;16=d^Z`!6hV7{K|Tz8t@e&r$0+oM0G}17Ruh;kZl)hXx`k18m4A;06lW
z@`ZDV^e3~nEaABU1;JcCH}p%U5W<bHygD-!B?jjZB?;vrNkt;AV9j7|h!iUTJpZCe
zM}!7NXmAP{l9R-PCT=|vxWg2A8zB7<r5qt8LdC?mLNJg$l?)n%lxKsV3!pv&*`Pl+
z9M(-xXy;+vL%5M$oc+WMh9nluhd1$m5eYm25Nk-ebWuq|q*Fd9dO5=i2@6qNT@P7R
zf0UKjArXPc-yktu*!aP%zr|zpQBGgb7-7~H0+h2ke25>m5Y$89)lea!Nz8gGUXA|3
zk&pz9!}8}d{m_sDY@<iv@+L<dz=xeV=)X3TB3J^qwSWU}BRx3!MzrK>g__E+6Newf
z6^IdNSY{ACh#1TrTBr~ZH?RZg&p{(|3@ZbNFMuIdUva)16B#iI;T!7aD@>g!5b#)B
z<Upmb#4hr#v|&kTQbjE^br2$K4l@uXT1n!MCiQKK^*~S23h~E*+#s%q0^A&tiU1|l
zYN2G&U=WYZ^@D$M5VnxTDhNQsDRxlTzF}|?Q30}o;dO$B`B(<2j(`&wh=O|Heo1~4
zj}9$d<2+b45Pgw|1PGEFAe!$<PPhV;Ul?Ch=@Dj^2Z;=!h@9CZ`gO*aj7-SRvk@aF
zF#m(DGJPQz@0$f6vN!NCP+z83^br&%!etXVBFQ1YXF<V_#C-ALalmRBiWq*lJ}Jz|
zANc)h(b(fbD%p<4z*6uakqU3*UrV&b+k%={Ds-=j1{p+}J(*5}%W+Y#B$_Kowga&w
zS8xrHWQzvzE>09Yl?sw6D59g20}&5BBa&<!=(a=>0mMP=;1jkSh>k=W)G3V&!URQK
z5%E;GGe<nd#vZ!G;)o7JnkyP*N2HP9KJCa95DPkCDKw%D-2qF1mJr2>OvOXwZJ};S
zM3Nl^qJnqClW6)NL>77o;@3iVAk`l0-~iJ?Vd>EDDewS68?uutg-Eccf%aqvTRij-
z2Ol<p#W~=Gv>>i*9I!-3G-!);#1imGD>Bpz1qFXiI6RPHkB1+@^svw$8)QE-#D@);
zM592rXoyV;ZL%qYNX4T;EQLsgC1OV*JEBprJfRk3q!Xwe2`}sgmNod*lt5pB@99+h
zWQU+F9_s-01<eoXtNELp*MA+#{5Ny<rou}Il4<fKWzPh}7@M1znHv~>Puct5zWy5j
z`wAlXM>PH(|1&gMZfN`s{<p&DJO1~dxOO^`2=XWuSpDUR_O=x0XDs|zRucNx!Q<l*
z0MMO7w8hdkKJH(|4W;3m%JSNK7prRAL~HE>BvKR=D>cCjGFWTt<z_EBP@T7PO;6V5
z8a+Gowkt|~&x=8wq}#bw;0rKGa%l#7&umS_eR_(ril9ZS#nDq^*YZBa(1u@R52Lke
zN3Z56<a9sGXN0{eaF57$PZZ3w!u~2T&?WJC%Z_8R4HbiPB+Qj#G_9vsk)^wQMs@-V
zXIRb3+KTPzk|<VuTBnrYL{P|EJa`NX#BE4WeC+|ckpcM+orOmP)dxRX;Or-S+;<b+
z%K=B8sbp@H!X*l12ZOq17AKT+oB7|yR5zpo1vlM#Esm!yl1}iEk9+(Eu(r>ly#XY<
z2v0rEawpoZZI0k_bzWaRe}2E>1)mDZi><ZFRm#mxO@4lU+qZ2C8+d94DKHvc8(`eC
zxuFpZKGEY$PJGc?ZC7%sg~ISB$cFW>lXuGP=STv{A=Mi}c7WBamzB*O?4aSdJH2W2
zf-`4yw6!nAjDOnpgVGYm!^S>00QrbrC%}aGty?W31{N$>fKE#UGU~#gS5C{Q^SjuJ
zo?o+S_^FY9{ephI$K{H+!>5MUNZpUc)SIPic`*DZKEHeCUiRvUsj~-#lA}ErNVYT6
z*AE>T9ND2x%2;W3#|KO`OaNHk<7MNhhTxmZjV}wAlLPMFR(rin+04RX%zNS!!^OoV
zUElLcc)xjIOVK&ca+%5kx7W)v3eKK&NYQ$ml{GxjR?cg`Y6g9pkRW~F&fG-X2So~i
zY{j$R!#fqWn9^u8nOHyzkc<UPf$2T~3g~&V;`f3w!_#E)=~Rt`sD_U4onXY=q*3>R
zCYv2IJ<G%O%*{9TwVe075<07^X)igdu%MtIH#adU$w+y|fY#jFe3Pa(#cFr@4(j1r
zTU%XSU9+>ZWsh4%f2uufQWLn`!nqc(MlTuPuvhU!>a2L(r9JAA>?fJ4a%LI&1Ogq&
zCKbmHJd49v#D0269X{u^3ZEwT+N&AsKKlkog;D6${~&vfi_5|7`?qi3PS0P<Og@m3
z!sqjQdV1zB^Lkp~z5**X+-|&bmyB8oIIPp{ul37%>84M`ZUts$W{h(lhs*@0OKrM{
zx@sZ6S7Pk&__UpKCNd8QY*KLA^Ad+kH<(r{vz+K_?Cd5MTEzG*uc?=~w2lyD2gr{d
z&h`8yD$>`tvr54VeX8P@=rI))6^L$T)DZFQgT0oYa*K=KXQz8TcxP(drsp9Yp*pl<
z>~MK_zY3tGr4>-vWbfr&n5;Vd{QgPCVjWvLJ<j|YPs;j&!`$rffu|bBqCXn2JgAfp
z{f}?VZc3V#90G|hGSUqA+~;pqKHR<;FLmG!ZSC6dk-_H`Tc=CK=H<yA-=Q9J>G<*I
zxA!mVAQlp2<<9YR$31<h?nGZ^$WOqH?#3L(S(o!6FRJg}UG1nScYor^vw>Bc-d{lf
z(6?wyOT<2cGmVI9yJ|Mp7ID$Q4rdb<*EHKY=ZJH12o_tBN6#<iJ(~%%T?tD{Ol&FU
zQt|j{fJ5d=*ECMjElEI`wVG>hZ|~;z_>hr**0nyDYuqK;66S0AE2gV^TwoI;BS(jR
ztBL4q(MV9xfRq}w_FOGa+r>Em$mL0<8Ul^Ih3eYqvp;K{bqxx#0j~W<l)ZE3PUOV+
zu)K^-SXjvkZ2+tpDp}tQiAN3y2?^=$?k4P2n<uS!B1`bPer<k9n`{S3K}qF(&!gUL
zN?r$7@G_~&lEBrmfm!wa%B<K|yVl<{`^h#hH`l9dz!XUQ@Nl_w!<uzC`?YJE9+#}o
zam+~Dzu%d`_-RnLW{9<SRa!=d?n?(dyXv}(6$%SXV-+<M0P77KHqdBufdDth9kK1k
z&yOhlXvltC%uNm<RxVzgR(SmvX`fT6Ch6nT<dt6lLuq=iwK*v-cMYbg`W~jlVcMbL
zLz*%l?P9>bz3;`Zd-L<4>wdtgR67EJeAGPb*F6h~M542^Gc?0*(!FCM-@U3E85wEJ
zA*ZLO-#co-=q<|bnzOg;2=F-n)+_X-ILr-Y4rd;X(d-)-?%y7}<5!87g4Y`|Ef~vv
ztdooOm0T}fH!bn_#Jgh?D?_^)QWme-KI2D8!0+NA%DRiK#+tj;R+(#PFdI)h0tTDj
zcMT2>c6N5^GS1l&2+KUL7%y33XS6f=WXoj%fAyg}L;Ug1lX*1ynStxc58TJ{KW>a=
zH@MFOf_rFkK-DGs>=Z?5AFGISwb2GaS<`Oay!p9P>3Y|r{Pc!<36b2gCm(`d)n!07
zYGcQZxT2z>=T$qN1eT7zdwuV)iSEjk9&<PYGv$JNG*Tft$#Rbr4XRTTIEOZVwx3<C
zyy)fN>ZPbhT@sm}TP(FDfE61amU_7oWF?B?<K2cOidReT9H`!_Uf8-C@G(}Aus#d?
zB;#spd-JU8#nQmml*~*^W@SQcZSDBjFd5R=zV?BompeS^*~*J>Mb(FQ?_P(+1~Hla
zA9_tz@R}I3ht18p;TF??t#JqI`0P`o=gQ;D!+Pf`DXFNdLsmf6Y~`6$!)j#><r_wK
zR^eDDAFDj<t?)ZJU{wlDjI?p1T@>b!1JKaYqW!xTk;38p)>Po0<8WxG#`||eZS6!w
z!^okR1@2`tRhOeRH7jp*O$X?l%Elx`JK46Y+`79<O`}Gt&$G6r>(l4XbJZ@9%54vu
zEe+1{P24Tt-)7<4)o^M5qH=k4HT8uH<Ih(W-neX|IJVd(xajFxX<5`z1ARRsHs*b2
zIl3l65epDgb|ob>pYv3mH*cPrni}+Cnh#BYl-~R#rvwkDy_nfvPkWo!hY!?_cP9N{
z_1VeiybGWW%u-KaC(E}h<`4_w<L}1DXG~Xk1?=0muYp<B=~ru?i8;x`;V!u_Qw@1+
zYuS)`0K{NC&K`W#n^hKznHf80PF00tbAVJt@tVCdTjLZd-rfqp<;$1Vqu)Dk+Vtsa
z<U7DxKvUjbot!-5+I5F4uau$_4Q=J`nhGq=^Sr%Stc8HgKFo4C|FqzkkeR9cEy`F~
z$RH>$s@~}7`65nAY3734uBGUWl?h%+^W`%Qv&$;1rO&KP!A7aCyrdiZ(0AT#BCv#b
zy0};y2oBj)61~zojYCY)&V~%XdemS=st$GF`b13JrfYd8b(|sdvrp@3Lsno*a8Kcu
zx+}rQA&)9KL0T$!_2opKafDW7U#MlG97Y1n*c~(e;ZWgq%f|AErw_8L)HnAHbofYR
z&xoD#;HJV-<71F`Sgfj~Bt6;vY5g~$@%D9hw~f8u8S1?*=-9kC%uIRty4u>$FAtDk
z-8;4gvToGXZBiGNS@l@@t#h*KTcR#_U#BN2Z3%yl!&Lj>YJo&b&;2bA46{<Ht0fdQ
z{F3X^^?ydYUNAEWdvqnN^@x;)3;mE&@sV1Iyt|cEju-uNBwO6ra$BiUXRIbhtuZp`
zR%PccQ~*U>Z&N`{P0i+^J3ozm?AML59jM<_F_O?xwWIL*VC6txUyUqLSv73sX7`Hc
zKeKA<FOLtDZ~pzw1WC<kiL>g@e%3z8Lqkia%e%QU2uI`6Zv;v1!T33JKho`ddB=PE
z_T?d;N>@qTxEzzTYgb?RW?$bE79UHB@?`tQKbAc^>lUUQJIgoxa8`f!+)m|12?p7_
zfv)Zx!spR@KQft1=o~jw#*7aIWxq_+@k(p>0fNsV3xHYi+CeQ>NAH^nC_0?VYx%r~
ze94Ut^X?O}iUVbo`tp|^;0#qMOxtUDrN8r*Bre{R(7$JslA%vREM@(@OwZ=RV<zip
z5y$5y9`!!E^|D|^P%Gaft!nNznWCAdI9yI{^yqJ6&o=eO#6<@;y1L<j^w^yQl}pl3
zp<xdO7kEU5c0V|pYKTiXknh_2sk8xr2BcG>k<cEqxu-D31gBm<4JbcapLwl2zmT+=
zl1q}eX}=<wmD*%A*4IMMKfS3cW{qrzTEw(1F~-qOszA)!q-9nk9TvFSBQIvMqcH5C
z%c#*k7`sHO+r-F=Ma=~nq{Ky9pv*lp@6x`Eh;}pS8?y{|72vM3<m7C0e!J?N=2(+%
zHQ1R{Wpby{55s&Ob}4F<Pa@TCRj`z`>?cM$Jy}P8Ro_;;zFCKeqCX1vi`ro;vtw!H
zk)`sG8-uQ85sZkHdFu`tXaqee9c41@FdKtL)hwgNA2Eg}#-1^NK++SZ+IR^kz|Ov5
ztHSB4qpwCDJ}iI#gs95Kcc~V-oY&OW4tU#n%W{64+L(#S?#9#6L*v6ri*-&#pMPV$
zij^!-1*RKFPya9Wz5}eOWotAP6=K7N*kDtX-iu0=CZIGaq98;F2?Rp|NvMK?*g>&Z
z6h*OM@7S?n2UM`4*g-`U5v5q(%r40e1oYf{?z!)Nzxgc5-ZQh-tXXx+n)Mm8G{zmj
z6z02PEM>r$;`@|dr3*LNKi(gD`pl1(TL!^5!l<*Vx>!X-3{3seJm<!ZA<fPHfngK(
zh4i5pYm}^8d3(FpK>az_k5%n_Aggfxd)a2k>0j%DkFwXkF8Mq+)i^Bkl5NtbmK!&$
z-KY~QnBBevW~3e%Z#>cP`nLKP(@S&KS_>lY6&CK_gsk<M82mW#jnAud83D)GSFc{z
zb#QgKQl!*{;-*#*HO%tx<tL}J=gnJx(W$5pL$ISjPStsH&z?FC3jH;#X39GEu^mtw
z;50Iu;?UH8z<|>YC02)+HwTaAZJj<bTe&rl?;Ps8ozwJs{ZKb5E1{N7S;>!ka_Zd7
zZ!hk@eCe8y6`5FhqVe0beX0Cc<BV19!?FjMDcPJT-Ds0NXwl-&$}uO_%etA3i?r)I
z%eZTa%(dgw77VW}D>DLidV1aQZYi%D7f7kjRy6pQ=eR%H_;uxzoy+SRN>v^mW_jk?
z20LlEY;tS$zBXV^-&xhAURHeO)#YA`w;tZ8Kp9goZn$<+)z6aDZ}rjZ;x%7q8n0sH
zz1dmv6j{dLH83BX%b53hC*5|e+mDa)>||{<(`)9>pASNrH!oc3b^yPz-|Iyq&jcTM
zK6Tzl+v;)m_J+28H5_U>!hXUI*Pwp4x<s7Gq&J-(rq<P(&!no(mFZ?MRgYiyam$9$
z{FOc?p$>-Qju(G=_&M08;o9}<KkKt+ey)9BYGUGZr##4+GVoH>mM%|k1Er<$Y~Ps^
zg^{-`vOGLhTwC9tpy+8hJvmgpAYF#uf6hXqL5a_m-k+V-qu^TcqIVMlwlkR_YEFe?
zDfAb|szQbuA$w_OwVs{*bf6A|TT_5@{I+~2a4A|n^rmf;yKQ+}Q&2dv-`l|0*vHQ=
z(I`mC`gaa2{i#`$THT56!>kK;J@$0IR>*Z4b?2yp>KfxOcY~IXUG&z2mGSXhY%j{~
zL#3RvGft0Pw!b%bW#Xla3;K;8H}2q}L+5rLKMYL#g@t*Qg|Uu>7O5i@f7<^1wtCK-
z0kf4xalNLEZ#p~pa`uPTa^DPX#=)%bb+Zl36xP2F;(GALN-I=nDI7n1`0erPGlI3-
ztc;55PQ2R-y!Yx?ubNX?V|2%y+PQy!%*}P?YBz7bIC<%e;ntVib2mOX_{zm$*6ePD
zr$MOZx?}X&AC0FUE|FGA8!O|_P#-IpUbERRZLGtRkBj>CJxss+rtzIu-&xvm9;fGS
zn{XcZ{D9$xoMJD(sh*am?y^|$?ykO$&NVB?*plNK&)&W*z8CVSJ91>^(E-Ip$8AQB
zW<I|dLK!pve*U^!88f1~D^|YWs+FdGQ0r%1Le+}Z_gWR4W*MoO)QlXUjz~|<(pS6=
z95|OOC8;M5RC1)|9jp5B<88(5_<^>ATgqc!BwsO^P!Z(PxURcH)!DC4>YhCd&6;rT
zK@Q)cN0%-mR~!B;aqAsJlQrn^wy!K(S?aLa0f3=`L(A6>A5zEV@Rw-h<kC*_7>a2-
z^N*)QQ{KFZ-IFxsN{^BxKR?$GPl73a)hnEbUOmOU*&Db@^TUI(v)}!U-lIC=@G;<J
zmjHKpnTE>IBTwfiRN46W(p8<JJO<lmrt>Mt<C6)uU*s{6ZT(bKx)y!z;URY*aL>%|
z(?%qYJ6d5=qTtZn+`Qf*I&VetwAb?}>kj4u&u87bw~oyNYH5=uwSGODD{B<LB6lsn
zSDO0>`M}lsRL{*(7S}ySyXi^4(9F%bR=V%Yn%KSF+?Fj?u?z9`ri6T+K$9)wB5KD<
z=e@B1c)q1k6Zrn}OCMU?9yDsctn$g=3ZwhuBH4bAM=j{5Hd*h8%FLXePX?wJ`KQ3o
zw+DwJPB*ITP}Df}`YCHdX41I6M<2ZbfTWkqsY?k`sO_yFP0=}Mq`KeT`-AUTiua^R
z-JhzxbEZ`6kA3lGZdd2<oaqzXM^Qe%xl{eEx#4O5*L%73R=rL><{X%mQsBFIM_IZ|
zKuNBl{gtu_wTAm;D4L%Ak8SI&-)qW*3Aw8S<i|{5UK~ADk9KCt(FCq?;y8<2j!{ts
zd0G_}70N%~uB5ChvYh^<_HD(kRJQulDYENF=62bn)@!EKgxYQil-rvf0|wD;6HWKe
zKy=@MD7$Czvgs;n`tc2~`A?F|KIei6Cx86v__yU(>83w*5j#6OGc&(CGp%Q7gl1kk
zn(*P(;+1xkA|)4BTmH71N8EksUiz1Yj5=mXNn13;%gP_A`=Lg;FtTdO&Vs0q+p?+1
z>@_!;+(+9DrRU$BGiT0%1q+_O>c3QRrEUD~{hK!RRXx5XbLM<EpUoqpG_9ml?+<cZ
zsgd&5?<xq^C|N6#r)rl-(RUs`Y^l48LOI;f?MYEkVo`4?J;m`LEOT&>PQ16%d0y*R
znv{1?(z31k6yxGPCLb!3z8oqo8P|8B|LeNL^(IS$T>4R-t_=91Gj2<EmXrOP@2!Td
zW00D#uF8*^`q(eb+nS$$>GI`_ge{(kjcLQ&R%V4gViLb~`1tsc6Mm}KohIy1EdJP%
z)vtBoc@6oq&99H0jNhPsvG&5IXE`!U)Ll4{t{-oARiXoj+TY**CX%N3E&1hAms8Qm
z(;FLi7etLp*xRG%SWBtYm}UE$rdAeYP0vNF*ZCwJXFNRI^WMIDa)Tr714phbuBZ7k
zR`4>?cZa0bCY*hgap1w0kF1tWE0+6)Ok@u5WUE}M1aZEnXRksxUhSa-yK}O89<0<|
z31TFvCfBF&PCNaMc%~>Fvf>AGyZ2P0D-AIW(Hk=QQ^tq0XAQzkq%WP1AAp=c|D3XJ
zYGy!4GxO@QXr&=aGF2B|3{^N^QE~T_^*)2-m==vNI{o^!Yhza595Lq8?IS<Swphqf
zM$J4kbd0Lgr@ejDDTDj;IXLy4YjL9YlF#42-s`P$hG#W0x?4|b_i4q8gTK}uQm3Uh
zo>{X-VIWP>VX<?Tf@RFpx7Q6n*u*}ksxrr^F40mhp6~POTk|InHnnbab#j{R;#*`Y
zCEdej*7Dlbh5^z>D%FWbW3vvdS+it-?g(A#O2)yI=CAX5SN9F;@A=}9i_GlslIH0j
zhPAX-dELlaYsqJR+GKBh>z3+R_0X()6%Y1>?D_Ha?7q~NHxIVB?4wXr&!unQwNM+#
zi~N&-v?d!ZEmzqq(w2E!>syai%~-!;MSm5Q4}0>mB3I?ohPf{6Q@vRI%t7~uA79Sl
z_Kz(Y<uY3~NbhLRAqOqkP4=rY>Q3n1XRlIvQBiTUpuloz`1}L%lpNJlY2~AzwO%jX
z*VS;4<=}4Hw{4p{Z=PeCnkyy$^Lp+Xc`9{bcJ|k~Q|eDFTXurdJV!y#ZRpU5)sMO@
z>9=Ri5+s&axMRn)t1slzTz%#@^!IDn?Ygw5pN~(sCv#@IP8sj&s_=Tn`0;kKMr+;A
zojYfnJn(FQzxj!z-F0SV2dPU(o!#z|=h@@v*1=Bx{_2Gr&fIC7xohi!@uLksMtAcb
zr=8z5<DAQo%|Gu}Jg~AnXXhP0dZ~0tmc^JW^|y=^6B8U{C+~@mU4!iZ;!$*uy8qGp
ziM#x*ZoccO^kU)dUbhkqG?Yet>ASC5eVqmU$s>hvqpSULy2bD9;VxGnu=GZkC3!~0
zg(IzxUmnr8_0tjQ8_b4TUAl*bg;7#2eKAWYdvBKE%<DD4LN>qg;ZmyCO}~gkU4v~L
z_oORa^Yec<>eyQMx%cmXY-*anW{oHFP&(fkJluZMvfrCWeKdafO`hERW_#}4^72CD
z+UmhkW`mvkKN%@?QEFPuqpC*=3Jy8D+}tK)+u3^iPxkk}0C*xUp)WFfR6y4r^Jg|a
zGxKLSJ0F>LPx;=FXB0X5#Yw4b_RG?lwja~GEld7dcYEjZ3FZ9`O=2e{t(^X4%8#ZO
zwab=`%etA~W#aKwUuzao<WzT6B!7B&bwNK(hdVY!*{ZKY_LkAdXQWr&RiXeUK9cZZ
z{=JYPJt@u26}tjd_z5KonKE6S&bGWwh4V01A0D|ZP;!!!qA$uEn4R4E-c41t>uR?-
za|WG^?>WqLME%IK$G`5}e&+s(#{R`4s>~D?Ps>Pe@_#$3+TPxNnT9>0R&!VRy~b{C
zK;)z~2Zqfu8eDv-kGzWS0NT2BiE7pR>n{y-Is5ZR#)#z_r?xgWj+-%~F@OAkOP3T6
zEPeRiOz%e1gNWW$2{glE>Cw42FPzV6ag0$u$2rC?=_2*{>1Bn6`b^Hz9peX@j%nyy
z7D#!hGjRIuk%dQ2#5JB%aLCe@m!AM4>y3O*xq>}MzW?~z?O616ZNq)rR}5LS)g`;6
z)NW>Jo^!_g_$Z?#jO%r+btiS7vp#%~rYQCa{gkdIHF4JfdhK4HmbF(~8sB9Pv+8=L
zmQ6_mfq>Q19Xkz+l%%x2R^|5Z8^(_G?&Hu<&7JY#bn2x`6&C9Y3d*C7yn5N+_WNhM
zfZbP2l;kKqlq=26%r34~td>cfGG)zNYIdY-nr&)}UdX9QtAcg!Hr3AsEYg4Az>I;%
zb{u_YIqihNY~A;BMd=49Ab6PB`o7}v$x=6;!iFq$>7v<6Qtm%n?q%o2PFiEEagp+L
ze5E{X$qvUCjYBmYa`=ZH3>`M?{f~fs@o6;%Iy&PbJ<sSrd->9UvNbr$`mll$U-sRe
ziB^=9pQ*NK`(=i94=8k&ib*{^xG73;PTI2N>ZdomZdv%lQ{E=g-|>>nvuDrLwqH8A
zMMi2&)tRLwrXLb&be`tOTmd$@@>KIE3Zl_3O!lc<pJ!d3=fv)nE+0PPOWd-HKc^_s
zDPuLIQjV0LYEjsvI%4pp;^Kum$DRaGC}SKP5*-{yrO{#^q$9n~uMZ!6F`Vk?y6tfK
z?PUKWCU@nE92`B|+-`Z<*@QN}eUtuWJ|(UA^1Q~HTZ2xy43|nXo){FQTUMiXb@+$V
z>J-=U<Hv)-pDJyn^KV41=-PAPabCVG{rKr`H}s`S?EU?nSv{!KVP-qNK2C7?`hEyd
zsEH{llLP|S@bD$)#vC?UQT1f@1LK&fSz666ms0ZJ6srHOiTZ(uuY9M<+6_1)r+R+i
z%R2+4C`R$@=XdvLS`EHnTNKMN(YV<3>3YA7$x+^5KtqtoqY<o~<|Zbt%cLh?mrKhY
zv|KL44_Pz~pr@U$c39baOmUab3894(q*X6UO}(*3SuXD7T8iBc2iKgy$ERECe|+CE
z`)gO#^0H0+6$7c%C}09kBp!HPwmD_ogWh&}vnW%7R+vyO6vo;VsV+YCz->uxuF9Z6
zJ1g{h%%{vK4X|84x^8Ywm7S%H%?PX3uEoWR{pVG_GtJ0wY@VlLTYh$?AAL)diQBy1
zG}@uplbEj;&6*YHd_Zc4k__EUU*C94^My61Xa2lzpAmL$g61W<X%9HN7RXzldGE^1
z<P&*X+r4rX%}Y+FFKNBAUDK-f^2!kDrcrEa5uKh9JY&Gh4414L<0KyU<c4+bw`o6k
z;pIEbe}1dJwJYHIfH`U!{rYOSsZvHvsHsqqbKB&;{%$}{O@po9#nB(`?g<(<j+z)&
zlXh^6-S^MFeZ0S{%2zwF!CcpW8Rx|T*VT^#D}VMXlG;DjZJ-{d?Ae7EQbkh{XXjOR
zKVl8jG~CX~xjk1>&Y$A1O&Qp?LS;UE@V3$Xmh^<VWo0%Ab(Jq)hS#04%^M^;HLFXv
zZeMF3G@PH)J>>GN+1abN=R13?DU&HucAcf>AV-;&6liPf+3$_w8uw)nYWx0B7`?$v
zr{E5tx6Lv`OG~E|U>Ofj>Yp`y>7IP^B^uIGz1-eNAM2r|ayL7=_Ws4spZ5kz4Y~K#
z+~$dNNM)ncu(Fza`)DB{8}qbmPd#y{Gn_KYX-L`!+tC4(w|*4``B6!&F?FNVHFGu<
zT+7?yc>4~WGPq|~HJy`geN|;;Cef1LoVjuZnc(rTi=Lv3P5qiR-WgK-lHqRChr0DW
z@aSFMmXoJ`v^Z(boR18Q?^p2LidGn7l;~D;cVMQJp^K?()2&&DS1f%0=osx(;sM&(
z8BYY^&lGZv)$?cmEHsT+Xl#-AXyK(6CF{aR%e_2%^fYfNJdti}v_9YP?5V_O4%%sg
z@5zhuyz85Oek*;Ml@*qmKXz+;tmo)?!^e*}_3e|^p8eU%!zfLk-}I&If5a-?*e6r5
zC+$d-9ldMulKF39dtI12Jo^5}C0YdzawBBvyQS}s8aY~hnuGDVtOu=M7HzOOsUo}N
z$>w{?GI7o|xw2`V8!T;FYPQ72#y)j6bU1cR_4&XMr2{d~BIE{1P4V|B8TKu&fc>p$
z<DfyOQ`T5lPB!`U+T-1v?jtp{M~yu8`Qx*9^vhrNKPV5q@Z2*e@yp|cLkACK`mbz!
zThV;WrJLuv^6nH1j`fD6w@fW8{JIaBKjjDTpQ~T_YYdN@(7&bbWbaD8S7k)*23`F<
zrb@2+Li(68HM}-Fd=$B&pkT23h^yfaW4C<1PFoy!K<#?ek$dH4meuEti&qqs+SxhC
z4si0&^QydHR7{)s{m28h@<>k3wreNzO1N(|qXP3v6Bg#kMfMnW;`L|N0lA@O3gd#J
zqVDmlSEbqAJKkMNdFHo<#&?H$%vCsfI`qntx^BH~2lWk87=JE*QeV}?_YYriPsJi5
z6Ik9$o?TWM-?e9;{zbjw`3H)3`nJBWZ01v3O3(MxTr8U@d#Ru1!hw4CPb4**DlgYs
z?=hfpW=LY_y^|l5)imb&%vE?@xiM#G-1Ccl4?Squ9Q^)rOH0ehs+5NGZpupLQ7cAD
z%LZBn=I(lTz-iS{xgK3V(SDk9N^-m^m0cPeuO(CkceiHWP<mH>75Z~&{wqV-)-%36
zY^qoJ`JQXqt;hVkekR6iPFOz5{qgy65chrdf(4^e3ODg1?!38^@6mkgb45Uerbpn<
zAFX#lR9E}b+Th@}>(}>uIGyl$L&BLufzxcieSAs#VdADc7LnfTIY>I^PSwvDIS*=A
zeqY*Pd&GCU=hcIH28#8oDyy=LPE=KF+AKr2j(#|I-x<s8x_37ZH$ME-R#rOg$n37g
z>}48@1}!&>XFE7J6zVPi^r>aJW+w1v!dR@)#mr*Lm_CPO%1ScT_bgd>HT>F@8k;D;
zuT4!xv%TFGysEjCcY1n5L4l63h0N6AT2tm$kKB!Hi}7>jtje~vjQx=!@6gv_{(-q!
zSuaytmA}Rtub-<`eE-v{>&urfS4pl><<_cbNttb}DvXs;-OA8OPB}K|dUa{lP)ot0
ziUP~n>P`0DEAs=*-RkWQ{1|miD$*?{jM`P-CTMzQP;z$Sloej#p2NMbxXGv<biM8@
z7yD#Kez}ZNPTs8b?pnI<)}H*ZxPH>SNnUBdJ}nwDvSh8P%amm@PmY#S<dLT27sZPh
z42I#Ero1mJE|(q9THRP;wf5|f#(^io7<(2>ew+J>;;P$CzT{Pndr5t+^Yag}E;7-x
z)V#(on_qDE`x~!2AxVtGYc_otHsSv8E0YhOo#V1%%Kn_COD6;dCV#1&%+((AJYmAt
zhJdq!N5@6Y^dE3MZcmny`sxoWc(D&1TGf^eni^oMl3-T$<JxG=**l`XUtF+r-zk&8
zO2=1ywkN;1zUA>F2kA6EeZk_z%A;bQZnT+Rv^qB3Y{;jK-pu$9%5JR8%nw!a$Y;;#
zY<Bh8@9$Nk=PExmf2=OE;^<AS`?GT@%5-#fo$F<|GgRyJEGv#otC`!gA$;v9L&N6m
zE$Kzt7nGv!8y%be)ibZ)#IeJ}(iJi<<!zYu^_?F_S!z^upFVv`ZN5&)wM|X=tQ)vc
zJ#UMPW=hjDHf8+|vw9V085bS(>Z84F6C=;h-k8^t_d&yc{mrAiSJ(P!dXAZT_25kf
z`-hoZwrn{ftA4ti&oy+L<o{+?mxQ0qrFXQW6)xTT;TTyYwM0X8+#c?k(XV!HzkTVP
z^4YwZr5kOYvkhgpHJAs<9?$(Oh_!x`ONptx`RVp}b=u5SYW_qwhoABXucW8?A35{o
z;mZKpFnzXx%9=hwoEbBIBvhr2oc@Ike7UEMTlKYrcSoO%Klzw>D2YE|{!NOilbnzL
zm)5H6<_|wN?k#9k%3M~Gpx1Mh!x{zeiWXoR-wxqseGQrw(wh3{XtYe%9>7bwV^I64
zyZ$MAM}?H{EsbNh#Qyl!+_L_LO)t-!l}j`}o$L0X)cVjOzWe;jx&it!>xLH3=Fj1u
z;JtDjzp6)LW@_1>g68IC;0@;GSsy+w$D7wjee6)Hcs(ntN0)<lJS>wxx6mPXM)JqK
z!Cvuo?7YMF%bdJl^_on5j@X6nRy8Xx<X67{E&2C<E7O{M%kZJbh!OE`%e9MkD@y6B
zrg`%Q(NkMKueFGNxXoidl}gP~mfm-F5N}G9qo&8(xNl8|9Or%UuCR1?T4K~^RIx*C
zdC#Huzc<y>fG^=vV{N<tL*1Y|E@vJ-=@sLmOJ`RW#_rs?(<;7}lB?@EWS3So@cNpb
zUGUNminq(B(k&e3UtVYZJ|lT{n!@=t8+=-C=l45!P_eP@v2%?z<>`=Cxy=tBK0J8P
z<o#JG=JLw(?$>(_c;n(75D;<f(WTQnk_D~z_g$Q$|J-&}#Kz`NwGUEeyDN>)Gn+a+
zy2s*a6eZu$TzAj9A3)trspB<FtCudiwo-S|*cW%a?1mLqa%H5`R-5m5)!3Y$uE;&`
zpnRon_UZcK&2Qfpd{J}kS3Yk}TykTDvEeDBDNcol-(5%<A!Err9eQEz_|*odo1SNG
zuu9;pssXJeZcT3;_@O##-IT~lfq`GYJaW0a*Cy&fIYr56Ri9Z$Jx${ZN007S+@CT%
zCgy&gv*T+0Av-S_%J;c^^ZQiVw>Y3Os!KLZuRC5HMyK1X;uXG^Ez3|k*W6Ie=kb^~
z*LCqs*hI_SGl@Fu!@^AcY4@1>f>sCn3HnheJ=9Dq4rl~Y)lz#8?b5xLqR_A3@tDvS
z)6yObGQ0CbzRi+;U~PVPLjPCGy=;$vIMcdp*|Jl?TklB8UMVf59b$R}20m2Jw(fgn
zjamF1`njkhGaD=N8{f^e7Su$gp6)`Sgj3uuER8RDJmkcskR1~Sju|jAX8q00Kxl2h
z+<)BL_I^Olvhv7%m*$;*7VOJAob+Z-?yAtU`tq9&jCFIn`nF;holYO9H%Xyy-@aGw
zzVz%`?>b>Aqjck`$0r+1Ou7C0`^n4?Dsr0bld?`wo3+8X+C?dO?%v=FE{kg|l6beb
zy1CWYFWy?SZAZ7N>-{TDR>(Yf|8PBJmbOuGMFohF_j!7G<yt2le4^D`qn`skDE8Rm
zRTpyB2QA$YENBt1JWFoQn)UFY$*xOb0sWm5G?k@`4(iRBt(2EH>&1%;K0bAWjgaJz
zPxoqTFJ&Iu9Z)1aa8ya+AobZG^c$$C*lUo9Q}$uSEoT<VKXs6q5Pm+~<jqazn^Swm
zJPcG`I$n0Eaft7oNxt-5J6UYDpL0HSa`A}e<vW*a>)lXN=I}zJV-s=<&5umB-WA7t
zb2}ey8w%JL(tV%-du?&jBl%6+(>J~gI>mI>?iZ1q@A$d<@n`qO47lyi?)uPUTi%7&
zo-PwsWOVCY_wdNHZ%y@gws}m;zY&{mamF`<f8#`1T-BLWZEfwmPpfF}UGJ^m;uXWB
zL_J=(@>$)dxUg<!md6un2EH(e5`=_2+3YxPW8(7#QZii+7d?0yu{ipqv~|fmpO*T|
zD%G!F19va(bImRNyZ1S|H7|pfH*A$t_4gk#c(8+`W9r8KQK}%gsL_lEMSuf4Z{EDp
zT)VSD$2jZidPHCI)>qyday>lj0o&rxgWWWR=)8tP$03<WcE5gs7x#w(3j3S^LekQb
z{C?llECb}R+wn)18rho?^8Nk%QtB@aT(oG>_*HsR8_K$SXGDJ4^(eGUVrBZ{{P)pe
z#ww0cv*c!9yLPRYvUTF~iwg=13$=Z>X$&9!xL4N6qW8g4Ew{S&y4_zRea`OPyH#d>
zi@ml&`|-(y1ml4ZQ$8i1%FHppxp=@9OWw;Xudc7oO?)mNo3kTz)r)AFlyddH14%%u
z1H-pB<n-VH1Iz_AWk93{EgF0J>FqLEeYLq(0~&1`ii^i?xwWI`Hn`7F?fOAQe)PNn
zWiw<yrf)cS@ZgObH!=qr8ibs>KYVNTQg*WSlXY&s8IC^-L-fbWRg{-cIU&%tvO0P2
z;HT#5+=S6*9&wiK&yatbmq-CV!)%3{t4c~s?P8xhjT<-a9^m)$=gmIbXKr0yT>j`7
z*Dj?gCNeTITiK>-&%x!#xU|^Ou1Lt|M^eX9dw=Yjyxe2SxqRDgk2z<PK}3FM`{?R}
zdZlZOx6J(cW1V+YWMq-j^@Fv0uNM>q`uqC_1qB5M2YY+R+zU=vG<3Aj1r~t#;mPUg
zU+eUp7TM0aKX~#zp0!|;-0h4Ir?kbF-@SV`e%!ddQ;sjo$<gb<vQPV3HS_HL{obzG
zn>KB7&Q$EurOSeR-zig0MOElLTVSHp<IS5l5BunU*EP%7Mc=c;Y7Qm&qhf9O&qQF>
zfcJLt@m?*eL*$hus)Jn~z5nv*)2FhsvQ3+iJtdiUGoF;akC9QRbC(|DJ2>+Bqj@sD
z)-AhcJhFOjN`$4Itl+-#(;?OinKm_s!*A~@Xi;gL-nd~wY9T$K=%-4gf7ElYvg9T^
zDW#%;@fV66C=`mdz<H8@j%8AzAa2p{CiDp573X0|@PHoT63OKYumjMDRyZS`MQ7N=
zaH4sk3EI?_OvMJc7uU_%(`m26)LH-J{@)Jwf0NF({<|=KvH#oHsQvzL@c7UE?|<U+
zC;!8r{11QfKm5u6@ZZb-fO8L#@!^+Ac>kn-{gW@^e=7ZJo1}l@JPRR+^X-2o4J;LA
z1`x|g@tYZ8-2_<9)^;iUl0hMOdpDLaf|O7ce}UqG9leH!pW)HwNO%k%p3oQNiX{@x
zG7@3(0~9NGXrGjSHU>|WDauF75+$UK<Hx}ZOVImtKp`|`Ae9-%!7^XKqy+ISJgZ|z
z*&A`%;SR5%xq%Vc_f<DHumJLH=p~*@0H-RJp2CfTFoCMmLovd$=kmFt+_{kQFoz_5
z#2dWD0H7Hmz(@f>5D-aWiL3=!2|a}Rt3(A7(n^Yy8pKbe*xDv7p`&>q06)MA0)q4~
z3o4f<`elrE5Y1ge4+WfnW|BbIp`3^~80ip69N-W|q8HBdah8IKEnrardT~3EHkKL<
zJZ|iCJgPGp@cJ2;M3S9^pNuA9$YnCo?2?EFIb|vs2L_-gmY4!&PmSY=@*U_=tzlLO
zTOzM2`a_SJ5XquP5~(i$bZF8rcH_sf1Xv0SvQ7tOm@xMyFOI`uMc{41#I1OXSPBlD
z@!)VrGZ0a#6qpBP8q9hth~yKj3PqB~0i%vlj0GtP6Qr<U-Ux0CR*gtw0;?NPy*Lb*
z3xmspxdKSdW0^h}Z8Gr+$AsuDo-YMUB0**_5$XADlMRS#Dzc5kG!@y-5&T3->4A4B
zoX8a{A~>4-03~=R63*fQ0|Pt}B74a138t}_V8(<q^<#huftiKrkkUZ^qZCJlQpn0!
zR#F@fyhp$1LK|Y~YoIFw|JOH%DR^N<YBrxMQebT}FC+dORwDW+Iy4F4Fo^sUn8Wth
z)hJ?QU~Fn&Y9TyJFA*r7q8U>`9p-7q6H@RIyltu$#@ET<yD_}|9cONB14IHlkUSQM
z49ROD@-?^5&rIBQglGwGp(4c#<P5)lP%jdi8@*6T?CLNm7(9j`j)y+xFcL(sP{j{(
zU~^Cf1^bJ(%HZ+PWHiEh92OhX9~}H$G=tAa(`Wm0P<h3u0hB5PPpA$^QZ%Co5GD*;
zOc#KE@FGyTgPsBL)`OXq1VnBgKD-2u2h~h8o~K3)T3oe`5=)b>h7u7B3DOgpbAE8}
zUn8Id;{C4@EexjOfo+NRRG2IX_AQ>p69_#5eiC26h=$j=f!0u(zzRVAlTbay107-D
z{*M9LFjQ~QB?81i9gidsGjpe*aVkvGgcDN$zQN>498}xrVHRD8P6QXo7f^3;K=|Te
z2CujnjIx4A;HgGLqRtSkNEk6LP)}NFhHBbkz=R$cMoBcoI~WyU0m8|0p+~e$MgeAh
zLKE{aqVeoOC_JEsP*KEQ#l|uC0=)ZTv}FkCBpM>bnh|X)VnS;}@Dp|fW`)PxFqDH(
z`iP3**`k5}!$Hss-XMVRI3AH<3idZH26ZuU#}s;4JS-m%4-8KX%*ul$z9K9r=G3Ao
zv#?yqP``$Tu^DLNXqGWi(_~!uu*X1KbtrtIYw8fK-;*)4FghA&$02bsCk@xCxH#hs
z-zi)?Q&UH9eF)(Nofa@qrV*im`j_Im5v53*>lV?*L>Z6BNyX9B-U1fTH7qoX7#(#E
zEUE3HJ~U!NdqZd^ymOXVKBYK<w*fO?;vyj$#oaSP0BL+yvUoEj;e_wVw;)1?AuLG%
zBVEbu0-|)%GWqTAv@MDovC)IyIvBx!$I7A5(P3n@jl}TV9+BVSur^{WG$7Cs!Fi$m
zFbR84OiZ=~jb_2aL|5px2~`(Dc=MWunk4XIrh#eMk!AROtAMup3wtVYaL}<q<6JF_
z-;MPU0|SGO1uYcSuOcQV5DTRPokZ3~m<hld1&$XUV8k%!EM^k;6)GSiY!Y2yN`F+?
zuxfhvaNz79l3`p63e_2$UWP#;kB_#f2NfVR%q%9JXA=7P@C`Ojp@L9RT?{1_mV*)i
zH9!JjCO}Nag*n}X{b1qoK1`{{42@$GuLv~*=!2UappZENc-<)ns96xPfM7+7&%o0o
zYPVs=(D+ag3`4DiLxRq08x12b5@UFws8DiIpeVqENG_X!8$P&hBS2H*VHb|j@#|h<
zxO^;KCE^7%8z-DFOt5Ph7=q4d7ouYXNjSX?M1n7d3R@B?<W5gx#l#Rs4TlKdXzPi2
zQCu-}FponXRS0-ECr)t5*jTe{IdRcpaNZ0&5=Tp%Z-DtjIThxUL~9Uf1~En=aD(Lm
z098P$zjhd$HYiF|gl&bKd@m51V-e#}EWaMgIRqU!1RaUUR4C9L8D&&@0Z&asw1N^M
zq4^Gm?l70h<TC^vdcwX80TxL|z%N1tM=%CVN*KzI<B=ocFh&H6gVKVe67>jCCu(9c
zk6pV==wJ*Nq55LS!Et~tCrR+I*(YLjuzFZ`gjz9_kK1NGNhsvSZJP*=B?bYeA0$vS
zLbN1yLfZ<Tz-(iG<9O}bYAZpKYXSyoSChmvR+5;86lL(^=yYIz^+alq=p17jK}E8F
z0*{yQ=OqjvVX`sB-}!K&KD4-}%!D~z_1c6xdiW?30S~SmgsO}X)A&$!9LnR8Mif#7
z=X*d_HPJY8!bw%cnFmxc5`y8O^G}!@(a|{zp-Dm|0{V*WsYMK78+s919*93D0$vXV
zfv^Nt9k;Fq@KO_k;1hx*WH($gBoZ3YA_tsC+EyqyVrok=IKV-_0S@Ogk${o`!TYpO
zHv#x{ohp=n&B>SSfeC#-p%2yxU}zNnMlT<=K0=<yf-i}lykw>VQIUX$uQ~{oy2Ojk
zA;Y4;SlApZ))Dlkap+7Ts7gR@qQ-(SFu+&`0Kwwn9ZGCAg7uv&j^g(>{h!W;Nt)M0
zlVKVg|LR_!KdCVPeEyD4`~6=)1PuRP7;u-@NOSWJ_J5(DHv7NKOiWEFi22`(hUCxx
z@%>+t#~=G@K>vGSbiV)3)YQn-qRsf5k2E&=v;Xg(_!#O?iPa(fUu?YtUc~R*@(6q%
z`#9ik@+`#?_frv327N8MHYt66o2vq;2$mokXF<#!8nv~DCYEO6_D}}^R>v2(5Nq6L
zkF*tg77iEM$j{W^LKwOPXAr4IdW-`Xe-;{-h}MS>nTRU39t)g7Eq8x=+C*m`UpFsL
zny0^qHj<Kpw0VYDBj!fNq}J%dHAS>R;6bsNpaWQ&NT8edST}cPS9?z<cW3BRsj&e*
zW5Fn>k;}Mw`Z@b}+Pjm>q9xrp*jlrA4S*A<MDwtpM01|x=j;iQ^F>Tes8qNcjYS6|
z4uZcpK5(7*Fu>6QWT3$fY79ijT@QWB(!=~lbRq%K5l(j^(}C*;sG`Nfz9Mk^Xt1p?
zE|<*+<!FHhjPXbS^I{QW_$w9sWw3!eE?x`pjg~uJ95yQigirYr<(Sw&!`9V?^DU9#
zd^J7c#HSv*&PfAB&_GTL{RO^qxLWAH+S)h-h(M<etNnIU!VaKQF0gw0qGD7q#i)=f
z9E3nPMow-%Iy!*AW3YIt{Xj6$#Se_wq#8`b2GJ7z)&>>bX{fUs2WJH#K3GjXaUMf)
zLJ5u7*dU(%?(W(MS{Lr!KzmH8sTLL*E>sI@XjQy3Oe;wp0sZ(Fx`B6I1XzfpjtEJD
z=I%5hmTI8_0i4w%u2~7iLbwhv)@hG2qzXoS7A{7=jXhpfGz!>*UkpQgG5(JY2Z|5q
z+P~AYHiY?S1_;<G03MsU<}pGAgqgw@viW)-97_mI;$v^ofPE^~tR}e}Yy{ug1A}(q
zT{m>$s<9P%Q3#7ETBis_q8ZU})dTGT8a%^huq7jGA`@P^gwG8aKugqKltH}Sp4RR7
zK1PE4(m++XiG^SsIK9DTiV9)+L<g-3Np6K8hC1Xvlcx6ANg}EMH1Uy%U<lxrcXZJZ
zLTIlUAR7EOrSwh6!xYn@90Bw@=C<}679&Y`I->zv>OVq+4&?H;i9t52&<J2lgzdXe
zwy2<-aNW)Z5$O$)Il`={p$@qgx*moX=f(&`g-w9C@qj!*@2EYe;Y^8JT8w(Axe90T
zP;9kG=;+}yd8mNLh)H<Iwp)@p#kL)yJJTRR&_S9yoUaLutO%UAl{6uI1(ENN+K#^X
zyj~{~hU+gvZ5azYB<wZXh89yBcF#!EH=VXZDd3X%(O6r^cYy7pL*X4%=w1;%rrR(+
z>%=J{+@Ow18IjqmUFVq{vX-dlagw?&$(QSZ?M(g(+nI{kPF%WK9GvgOEeL2EG9dOA
z9SiszW5GBk*`p)zASkWf#-F50;=;ekgJKLQVn56Vk(4`Gs((kZ0d!FW$pnNOR7`>-
z`sKRD!4Lt$?F5MPX#zwCt~%PF)!H@opVJ$ijv5>b*mD-2%q$|&0Rkbi$=Jpe(b_b&
zA{I(4_3!{@a7rIt^Vb4CG=s;YhqASSY+zU1k>m)VgR9>*x&~dB5wR@xf)|<qbT$jq
z)fh1d?06vl45ec`tq6?p6+6l3;(;*<7rY4(P$<u0v=LegGHLLLDq0WWh|r1TCcydN
zB+_=L1n7wfmlN#>$Q)wmfbHTCu!SKL2eFkL@nJ$UT@>(;eKP@<+Xgyc1X&FyXetH;
zE(>U}01`%^5AZ)Lgara!4){-3w;dEX1QGZUfDvHn65*g^7ScD?CW1Yp5tKYwXfDKw
z4`O&$j2gj0Lag<Wus8v+&lR37fM;9~H3PITPCqi!kaUBAnh-JUJs58WPe3yBqE|qe
z=%E5J+M@v_6zk|<Y<z&N5bKtxg=k$};zueu{^Z7x!)5H1s7WIn5LsP9B}4;7Xe_Q4
zNm+tF78Yjc{!v18k}S=1iOp!WRko>wl>hS@w~eZWhc$oULH|YoZ2Wt%Z<{`$lN22U
zH)v5dy5z;iIx8ulX=mTbH6+G961^OPn<RRYP^*W<F_}T8CaC%7IHnf)K5aV$ny1Gk
zX~AZMU1`$;ehk1sz$D5Hj{&17$t&uR8-!chw1)Gw)$~xDJ9lxI|3b$*4_g1b6d-mS
z{$)x)9*CfKE(V>AwJO2mP@A$MI9znWmn+-~O=w4<M~w>rj*pQfeBhR!Uxl~Mo_;!T
z#~9%$xA#u5$KW~o>lZFJd=eLf+In>IK?|of>}4EDl7(>~jO5u6(ImXPb|ec<Hi42$
zt6};b>p(KmX%I31Xd*`leNAR15!I*?-4+S<r_Bad09eATB0P?68&0Fc5_kdN--zN-
z(_gg?Y$OeYu#w#G&H=#Ue+fXl9k`ve&lk}Cat8=&L2g#`8b=#5Cz4z3G?2nKVt35O
zh>oN{3TFu5Afqh76hoe*=Os_AV4e|t50?#moL$^}{d^|7c{({y5^IPKSuu`>!X=9x
z;dOS@t<bo{Uj)YxDWYc`=t<BHcN(;=SbQcPC=-&$ou*BWm$7Dl5iv^+nZq&Z#Jj|u
zCcz+d*d<~bM!1v#Aqt5ABu@{MPzh~zqFFI(@;k=lcU3GIrA}2Ws`D8FIzlEZ@Wq6t
zk4~zN4-jMytr2wLWEm`{je0-CpdogMv)5R}5;*Z3fi|5C6&BXPBXPKkQVWY0ft+FU
z!>~;~GV8#Vk<e%iBUk{yWdTu>7sUuzZ~!an8{-jzJm!JY35^Q7sD-y=MU|I_<b)Uk
zZ0XwYOg!F0%uvY7gQ7vKU>iD7R!egVM-wXz2%nOIfCoJMfsP?;fe0ngn!38dHn0Y)
zE*}P<PJ`c4sqhchG(b#qijgMl2o4%N$L9jz{&jo<tMDu}rr!AN#*WFShXOBKZ1mc!
zq~ROF;ofwVh=zuUpO=$YCtLv`((tXlZKm+WxCG^3_}&vM8!k5Kg`uX!#B`6RzlVdf
z56#!n-ct`55sos7aoZ(5krEH@Y(-CqH`*EOtU26o3AzEN6-Yf1Fn}QdJo@Wy0J1}>
zKmn51is!NbhL98RuguPrAWAN5!}f0w%bn&B2M-@3VOGQg=$XL-xUl0R!qA?h+-+q=
z5C}3iO@Od5qF@6XLj>u-B*uiHZEE4Q$)kV@SqwS|0JQ(uv2g7;(3uccOr1<e2>=LX
zCkkP)wndr_wvA1?pxP0GC@N0q2-GqPc)*n6Q7K{z)i_oYhD%67Bm+IZg$^7%-z<oP
z&Nto?7L>9<=kQiyNL`8vV(S|RLp2D+OPh=-aG4;L0GhysBQ3v*&qs)rLiC|_MKKHK
zq7fvqiawRWWo!Psq%gL^XMsRBL*Y_RC^`ux-gqiie34ejP-x<x&Nxbs;0g}LCHOB$
zGb_=2PaHi`s6<eZL?s?pNPGuBA78LyCy{FWHq%1TVBFep8U{zeOA_LN?l?s;6YVNR
zA%Rht{#Q601!xNifP=<+PCB=OL_-^io)iq_Pa}*!0{SnU5Jv4;Oj~mXTZBR)oaqy1
z9u5zG!$I_Igw*5<;1<=$(0GQhvr~cLz(|WiPKD=rU_1j6H$p~?KryjF!Qo65#{sPn
zJCf<#IOreopm36g<M)`6kVy_|mZ9D1KswtnU<3_2*wh*GVT-vuz5w5%0e*5qc@cbk
zY6_?w0i12phC)WTdH5E6;wOi&7kEX~b-+{+FoED%9D4dzsFU#O0D@5EqHDy$k+8uq
z(#0hY9Rf@g5q#$fHU@+t!POoIy1wwJ2~bY_m{2;l_a5#o#%l3}o9nTiI-2}8B2S(b
z2aQ0a&@Smh%je<d>Fa0jIG#KQD(o9EBPi;cG4=p80Ky(wVeRSbLxv%!h;V?bBUEq1
zR41IuLJ>gKJ4C<_v%T7+=}y9)K(8D7j(gG~3(O%+CyKDsVhcSy!nR^VfLM~$7Wzn}
zhDDQ*VhUM&ks(IHoF*9uVwVC+X81A&(jq3vC>Ua-siO&s0}``1=w@pCs4;oMm7l;8
z0Br+oh;cBP76^8NM3b#)iOmB;OHP`|{SD3|KDevbw&hT~Wi$+F({eka&Cnu7#7JA4
zWI^CmJ5;AMKe9TJgrYIJR*3IfARf0V-40Xy?1^O?<WT8pw?TwVXw1JP6FOCF&{J`N
zgZ!zAV<YDG3FoBozD9H7VHOy^Kul)a%?6{T;cx7`B7VSLDBn2hKs)0S)IK6>uj9mm
zJWL5f+$2S=SY#}D!m7P52qy>dg3zHv<1_rshJ>wf;fdH6RH2K!?Di3VC;JF~H}V&*
zX#uEWFGy>|7#<`eV+gG)W^PcPh6j}3Rvi{Uk|A;$I-FU6J=a4_B}K^+h=LJ7;_Ly*
zsl*OB3pCMO4H#pR_Gq9e35kx+)px%1-N|4|n%(&2yhOWcMHA7q;(usX5qFZrHI}wm
zOhqz-FdoJs2yF?M#0Bj-V5+T6m}@*MEwEYGiY!Kb@n8a-FT;f0NT@B^v0+DKf*-M2
z4U)^l5{L&6qPVubZw+`1JNDUrM2Q&+)F{ESa1lEQhU(LOot?+ie4YLD5cHd)zYqS+
z+0!Z2s%>4&pkd!(8*t8$k2QpzeuI;xaXk1RJe-D28Kqja=c$fn%-CG?SR6dzM_OZt
zPw_1hkiP%&R$_ccPUw82nL#j<EO|K}_66ueVNVG)B5tlhgCK0vH^%A^)&o|8tg4Q$
ze~5!dD`S?N3``srzQq~A>S5a&;K@HGahw+`9>k3a7R@HcfX*6;O{9y@=@}6dd6<WY
z9@j*9OwyKO@g2DW2Ai$LY_l2HxGgVY+=2Fz$B00%<z$RUK*{N9a4i$tw}h^prs|<j
zQGUlCqu=r8(CNb;!>{0}p&@*ZP6~n-EG{<xj29<%mXH9zpV(X2Z=5Hosa72!%#?^O
z^LLOXkYbAAM59H}@xl>w;WNS;Bsz!x{7aa&K^4vHphq|WZEz(ffAPnVk+7%m8~zZr
zA=p#&t9S>{sa{F=lNK7`_~@XdU<3Za-l1RddI>yW=CQ}<*Hk@}_u6$B-@Izi=Ywd1
zPuf@l%mI3~HHJ7BiN+=59i*rm0)&GG)3vnMhVpG34g@tdG)FJ*$v$o_u6|HvC6^%`
z#&GQTFov)`v50~QS5Z0u?d0t1=;P+?2b5LEz&k%@^4Edl+OcDR?$`+zV*?Wd(@vUC
z6?gwIBZ+2%mSBfa&gC!?I@>x++Wmx{*cFyV14r`yWlU`mUIn%=#~1g}$lC>IG}P>>
zNp=$9HWiWMEdnZR4%-by^c!1&AxatGZ39VcU(+4c96(aFa1Pf)RSag!Iw6WA7r0Z}
z5GGYJk;LErPf<%mF2HU0{wy?SC<j%B=tdqW3X(QC2>G$i;<2bJ#v-du0u4O~0LR_U
z!PDNuSr0d3gr7pF7x6_X)YJZNpHBPp`A>g3J^vZ`_rU1<{HGB-`PuILr_sni=Rg06
z&;Re|KO@oepJw>+Pg6q^Q}ET&%*@i<6rqRmfaeIT0Qm$c6KG>5UYiyvJo_koAb!dd
z9=;S-5^3YMM<&4|d8kCuS8dK}iYr%nbUW(rD|TQt@dp1p<KJHXiB!vfAB<nfKahL#
zw(@UmWcEk?|A~(}CT+x^cW~O;%+l0C?6fu2&ju<6>O>pNsir!5d5(2+u|W(BvBcX{
zDj{YXTG%^n@QBHXMbtFf&2p$AYUV~pYM>DhZ+kzQmknA8{qE%Eqisk!EX}3j;^*t*
z=xc-E#!AD_fKK&t7$^3GD{93H0H*?%#}a)F5Ws{LJQe?K397(mw5jqiAw5rkc-T97
z`A!01jkmkkWDjRgKboJtkBhUPjhe9$h$XBb3=lwpf5*DpyZFLypfQ>k8Ubk|`rI}U
z2>^&b8%{$|sU7#!vSTXHsqz?HeL4v=0H!gfvr1Gv|8+Yu$VX2LXYmmI7z7&}@B-GR
z%F|=o<1bzyT>Oa@!sa0QOhliLkSqBa@VQhf9ZphOQssHku!x3x2ekR)cK&mp_WIw)
z+1|;+`R|1BEC0{Lv|aueQ{zAW-#_vpZdyRkIfL)*Zw~n@w}nu>;r1B@0@HwobLo7z
zp$6V3C%PaA?veNnFY=EH_=i62<sY-(e<zGz`G4l7BiqWqh1s9`|NfDWIzqnFLzv>3
z#o$xb5nnWcz9wIEWeF(<v{nL|AOXK@LR11?N+G;pM4Kw|4Qvp@I6lvi&83I34MBOx
zaPYbvF+g#l?Lk1b)M@)|8wVrBW00DM4G8bP5H^oib@Ox-tBMzcmCZrTK>PrqgxZ0D
z(9!FlK8WfNFJB~_0iwQe21h^@IfXXBH-h+uBkFLX)1AeMOQfocy$_2+m&5hrIK;wW
zcoHWxnnkDKdF|1f9-(vqViFbaAaUIXu_IV?nwHN1G7Z{bMX>NYh{SH>!DvYG$88Yc
zjZ<;2%m#Db3^XQEMSdml^9^v<63!Pv6dci;U&vg<iU&*-VDAHa<Yj{B2f(db`b=*(
zNAMl~jEI2YyMUpOPdVxb&_nqG{ZKY50{)0*@!{Pj`oKB}xNyCU4<2&RTMP8D%XHua
zK+AA$0{DV1!RX^hrKw<CKro>1hB>F;mp1xCIB3{UlBZ0?yl5DDK%Aj73flnB!2n0l
z(LSP~5~d%~K*{2langTVynp#=um9nOG5+700q|eQ|7T%j@hAV^Kk?~k{PF2G@b}+`
z(YgIMHXdozHvgZ6g_-Fe`~OdTyvNJP_6PsVQM9)_FnX~q&npG|$_0PBg1=ZSIBbzs
zuk%I<PSeL9zmQW@H(I8P`G#}L!-vydo-C5f+1T@@^_%w*+hQI!1Y68k+j8yT!}Ss8
zZ4#B%kK@`VWm((aU)klZ@tW?;oqjtSpZTO5P@w&6{2EI=c5V0UWm@0gbcr`{)3tsc
zwQr&A{&mr-SG?W$-OTc}tzz-m@xDz`BK)iYeubG;A(c`T%2OHmghC;vt@ij#;I21P
zm=Ut|+q~t=<{2#*yYBF6S8MN89`0s-s=logj~9D;6^}hSdHIi)$5N~sOO~OdbZx`e
z)US`575CdDZ{A=w*iv)clEL4WQ*I8H+9o|*MgNfIj;(z;w%2dJoA>^^>MY%esZuKs
zEOC20Ed5R2!7r>+%0IbYxzr_aqc_8;%4p-j7`t3m>ArUk@0fP(@WvjAGDphJn-~_^
z7-z=cc;R)<203KCS@UY?;;x3x?^SOm^qH;xt!h=spe-TX_ZtrRS(UB`JH5vz@blE&
z8cPKML!awSNA?)Lv7HrHT^l&4q<rv^5os#*)5l!iw$kg>D?^{NnO|S(|CD_;?Df3;
zCp`L1xpQ>yo*f6wHxD>-Xs~0>Xcd#;(;k}L9=-G3{v*XhW=74qut~8b)1-gm<%zzO
zR=;%-Q>=p)_>=^_{LC2MWrU|DGyipgZkM$`{vUhK0np^}z2GAGx$747GY)2USORKD
z0t5m<!c;V70g;fzBp`~jZgEttTTyWj+@r2K>ef1n)v8sixUH?$z5m~R-<KT{P@vj>
z&eD9}eed4AdpF+QyL<0K7IhYGdDSLtmd`&e|5)V79A5v>scSD>!p7{m5v*u4Bzj%s
z-aW^fKcDW_|Mc73cRN-N+)|+0-gxqagY1*P299%)dA~^Le0T#zJM8`YJ#^h=$%M9w
zjUin*zl^)>&0Y2T5|^#JCiSebWaR%IooXG%Srp%3#@4y}<G$aak`L$o>eeCS{NdxT
zDG7UN$=}|uPatmJ{-&V5>-##!7ND9ml1e`|yHR$-8Z~MKqAdU$rzF3&c`vvU{vv}m
z<D=-|{92b<Zd`J){mtnOViwF=&7$@A>+-FZ5yyPiv1T!*yN7wc+;RQwZ+#w}*i60u
ztlONX%dYNFU4NPXcI(i0nLD1o>bbIG?DD4MU;gYem9%nsVC+fH?+8)sdc$Xg{lz<(
zT5rVesqI6DJ)7-`yZM?u@$UlK)afS|-q#LPH;HJm?ZDjjN9BJs*#6^?37h-8+eXj6
zRQlw1Rm*307vVP0TQA#kioE0Fu9B6wIrENDqL$?ifA-?nbD6K6-gt8IT-<)XPn`uD
zic+?_FJ4-@<;L+RH;&cma(3ym?+4vH+W&ZI1n2&!gdU#DkKH-Un0+{eG^XyMDST1X
z#M7&yxAaV|C6E7}Fz3zAd!t7{Pck+WmF>GXA>hZfSe?;9?I+$HS(5T*LS4@{k6g~&
z-n`)MgnK0q+kTinpu<C-8J;h~2jd6<Z=b}~Znb%rdg_H4H|OTXZ`~Ef8d%#~To0n1
zDfxYAKproC>aZPG1~=>^_Iq&Q&9Qndo?aSrYQTHKI-e;+iBp23z5Zs-D4iYQ(eJoy
zUI%{6M3;s9TN$16v$&oOMknvxA-bLE&XcMA7QI?NHQ~uG>$8%0t&XR;yN@p&xU^^Q
zv*Paiq^FCQ7yoZKVMI`qK?N7R3lAP>k~?Dl22uF&#h3RMZ52%G&!Dt!Bknyc^+alt
zE1p_c@|4qP<(Rbayp_{5-#5x4#K&&!_D%on<xSfC5aChK_ubtGW5>JJ`PgW<-|KfC
z+m;u7xW1Csm`NJB>DKh-<5w@@iBolB+6&(X)IM{<HEy`{_xb+rqMhG~=0#6Sr!g6~
zo4Vmn>}>zdtsYI~E#{6KFk)h(UwNm0c^BTOeV+wT$mkY#W^8S`sb2I!PmkaQ1Dl72
zPP<s35$eXTJFxfY#^$wVWeL2C$h7)CP%~ZEt<4X2ZzSF!(M}m%=V{1nZma7Fo0(BF
zXOUz<GkVM%eqdL&TiZx(&ze`RX?3%T|DpUL-dWo}rO$<1No%FdxZ%?&vtIu>YV^%z
zvQzGv^vRly0$Pm+d+PcoE?Is;?2Y?7_fOdto%oNEb?X+t+}}+5*l+#R=EeNfHK$8_
zxly_qo*vUf3zn_Fm)aQ8vi28Gs9A7npI4i@_d^Q5i=HNpl(%2hbpD*BYl&Gwxl{Z8
z?K|ORR?@1&F>Crh8tHxEexr*U^5{(<-@d<v$L9ObU%2b~tkv0T-f!O&NjWxmk&rrS
z*nyF8sei1Yojjiy?UFy`z8{W|rp%ey^v+~)rgziXb8cN5#nW7;aRc1g6X5^9hH`1K
zg&tS`s5k#^$ku4im2NJ39<}5PJM^cVtJ`{2*1}oY^W5(&s}o#nU9$!wbqCiKBtolO
z&MxZMefB!{CIce&zbzC$aC!4a(&1J+;*xvQcCXr4|4?pQ^?2`r0;t)=o<Yl>oys~J
z^O!hEv$&z_&d6`vuD3gXlQz}0yK<D|SgTq&N2iYH(ros_0e5G#KeJr6CS=Cji;Yfq
zY)~5IJN8go`lj~B4t9BXbL_Qw@+s2^^M068tWIe&L$F&+TYYHe^sXCz-bL7SeBO$S
zjbf*_NeEpqd?};x#gx5G=hiEtOrO!dUhN4<9?O0>bhaPm+|Jos<D`c?&qon1JxHFj
z<U-U9--)HiJjT*pyccnBDSnE26Ge*0B_5RfbxZn(^80K0wRFR0_HOus`ucaje;zRE
zZlBC?ndfmR#eZnw!Qwq`UGgF59lg=CSM6$bE-EJ8e!62GWBL8)<?=Y)R$1)kpI_{{
zs+vz<bD(tB9QTyckY9F;jm!UI)P?aH(y?z&cWYj2f6aQQ4vzA8)aufPPIYJW&JWN1
zA?HdRBCSW?v4yo>Z_mAV=wXrT>S1#h*6cR!+NBG#2JPO`dG_+T&1k2jV^(Br6(7x*
zq?6QW9kDutlkw{1)q&S@2ke~q>k;>#(xTR%o!KY$dr7k+-+FJ`@?*yKA8U&qkKcGN
zZAR9S)|v;|^h?*m{CBP;Tp3PYeLkK$XvWq2A5)g*pA~Ky5SKCeP3XzfBWt-wH1d8o
zXRb2jE%Ac?i+OiO-Q3)tpP#55Ir+mNYQvuzzRkZos!oU0KDf1RY5nSNciY^iA+^<t
z=6UBDtXf<sU3_W98}-f!nWx9RT$cG$|3kVBjSfCuE8Y0!?8oj<y>5d&Zmu2u?W_T<
zelP9fQ~!@Pk7~9oDmq!~3hu<b0nBFePfcUxk0-3%G1}L2M3=SEOh}nGq>f+T_y=1?
zvjQ(Z>hGR$?|q>bH{}%Fd)%rerSeN1_i0bw{W+-h6#_Lre`(8)2S@|{oW-Z-MMn&}
zQ(BPTE;f1NlEOoeaQin=qsLzE_Q0=jdn=Dar#GiH-}tiSmQIc0IFyo8V}9Pgh=0T-
z%(KR-+G{26KkU7?WPhtO(x4cRwF7%R9`}gCzmT!S^Jv2iW=88aD!*d4y9rxsJsNs0
z^VGFXCw}0peDeG1dbMI(NC`_$j-J_Jmah1R^Q;l)cK`I`_~VsJOSa6oK4prq!SI}(
zwKEqzUGQRi=r89V_`G_0chTQj6exS%VcCFYl;z2Dmc8aZ^lvk%_lo2bZMznZd0n`k
zrM)658j`$eR$ssSq_hL`l-jvxcs~?Rs}m@j{eDNQzt^Oknwwe7-kKY?9k)BcQ?U6v
z8Km%%Y>HsSf2gPE6eZ8}zgDup_}J==zf5e}ef*92$v0b_U(dbNpnrbJlW;%3es2$!
zmel&8W59#P*%$r2-sRpt!|3DYIzQspj5g2lty-vF=FHtQ;G`I*a}UoA9n-LpLa}(n
zw4}ws`)jvpGck2$y1##o)+Zj0+CL(H{>MoFK`xo4FR$0GcdP&6EzyzZw<pkt)QCUb
zP+ed2+Ycjt-f*w+=&+AZ8uYk%r~Bafr)Cjc)3-kEx3*KW!yzYsS<sEPxOJ_gN5nlh
zh#J3&yB$2Qc<BFPp3ZGJZu-K7ZHbq!_8IWv&h7d6f7S_T_w>l~zkR2)-L$&neriqr
zByR6cgF758E*-dGxO?FwzR<nhz{4fD)cD~yt|(^yuZ!Y(boZZI*BMW2l5{U(0P~$X
z<LJ%R-+!01f6m2zZcRsqX-cC6$2tWaewCe1^qPF6d)Sz|;$1E0G+y_*s8i9Lr_a6(
z>Qd0Y-lWX4H;<}cB;D+HJAKzTu3W#}(4NBZerrd(BX_L7|HI#X_qHxv&~9)0{>gV1
zYomFibZf#Q&t-5phfXgf;g|1OS$l)TO_tp4$<$Ttp+d>MyUX+9zqu%waD8P;24`Zk
zx))xxp4oNk(ZsvZme(h`9lG*fJ88~6P4>97RR`jF_3$}AX7IH49rod36%tC9H(k6I
zN}f+1H<dOy;NuUGZ)*NJtY+>|MbWGCuIrZU6WqC)DO>eSJacZ&wz-{7D9`(xP{nP#
zbmzeN(ao==kWaRX+8G*%R~>KPqO?u^@tTUDyA9%gev`MBwvW2?dqJamJtN+4r_H;+
zz2hqO(N});7rhuV<=eR3J}x~dVYh!7M(1tZD0j^{G;?)_TH~1>O-_HC8j2%C>Dq0(
z{;gl<orO_{UW{y<)iZp6?}`r|@{|v5L1Sg7=3gHvJbNEE;qM76`4i^Uyxeo{r4ScJ
z+^N{e?)TjbirwE|NIEs|#p<hmOD0W8RZb`+^}5x$*{rq2(@u2!Gw0#_z{iEJUdxsY
z9@}Vk)So|XJNLFu>!LYzT^2Mxl`n2Gu~+ory5oEzXHoo*&KlJ7Fma4aF7;fioj9Lj
zcS@h$Cw#bV|6CE)haUfCztBB6Fr-ULuTfowx{1yUS47r7z2ri(^A}c9cZF_CJ>M}*
zF?44Q-^i9vwvBoH<oUTL_b=Tj5dJ|CtneCmsQxHo%<#jD{>q8pMN!mmS^C1i^>@uz
zMlMcS6SnxThLWEqXD&_{!B{Y0`u2WnpN-;#c3(@|8};ji6{nY<Er{8+s)YQ|6@S!w
z&AIQItuIy<x7m4Bxou+2*r%74bWD25kGvK*e@W!#hI_Tk`fu5Sdkj7Fe0}R^<Gh5i
z?Q8UE;Bm1h?tmLD_TvJ!Yf`^quI)3g@cb90injEMI@w3C?ohMK^Z#g=JSp+os>et1
z-4k1p_P^i$SCNqYm(ML-;hK)ZxU>60ia+$-oh{pXaooNs)Kyc@EKn!C|E<eOq5R(F
zf_Cdik>i7>Eou1S`MOwWP;t^0`Q_iDZa4X@=Nc;M`Qj4N?!y5Sy?2oO+ShA(aZA&i
zd6QCqpV0DuZMCjP2fEaJ<yX9Jx@Y$4yb%dY_Uw2vX=lsqt4n>3N;+-2pSHfi$CF)i
z3!eLgwK>c88sE6#Lbn}pBcY<qf9AILJf1S{+rxK`tm*BU6%cf49RIi97H;~hF@>1)
z&y~aH&&a<!^?q>FBJb&|=0vSspL#i*`C_+tIJd=OW?)pK$qSpTZNB25hj+k}pEhm2
zv})IbpLDIBl>C!J;;xHRO1j^@=3j40V9bTkwa4GAe4dgRdbiGw?fKAF8l&CQ=UuuS
zT|O((SH0=F@}cHte3yQ!J9iR%n0{vBs<z`-Wgk1YIJx%B+9%VziSGt<4NS^uo+x6E
z>GE*=wLDslpL~|>>7TGsc{uI}yWgIAPh9dF?O6HK4RUG8jnw3`B?SXL9?0|F{iEEt
zaZU-bd&ee<qUMuU*S?u4`j}T(+TN4b`*&XnqhbHn^LDk{AY1c&yMSxI@4pJIY1J#C
zQREG`xnnzg*J({~`@o40UravO{DkXotxiwBGBkWWy{<UfKXTcV7DK=D-%ihK)8z(h
z-ooVV_>I@s_D+oMS`d0Q_Eu4ot3B@TeR6PTe&X)$2mCqadGE_B=r<WRB1MO?Nn|Ra
z2lqsO*1apuhpoF^Ab&Rb)%ue^NhkGRQ24x7QbB+B_5<<;w(wZR#L;`6AZqsZ5Z2%9
ze<0a!a#-9E*U=4U3EKIWv|S&utqVyfZ!?u#v-Yr738Qw+IX`60#kw=nR<>fbY;s`d
zp4hEQ{=)$bdb=YYp;4_yjJv<-2>y9do1jfUE}i~M*G{urt}F1k-*dyB(;XyF14FOn
zTnd~&Cm?x#!vfbSUSo1*xZNByuiuq6{53<Cx-|&->yg--xPR)Ao=sNNXDXH^vE8Ct
zl(tY^`;e=7R&pleR^iV*e*M^|bZ=(C-oC2gZH5i?88$7o-rY?*2EF08`o5X#d%y8X
zPwy`7ynCN};g5kqgY$Er-N`%r!DI35$gBU5M(+w=zVBso;g-Lj+<16nV*Lp1$D!X3
zt$%Z$C_23}{r$qd3$I0;&;7kau?By*_u<LMC%AW>c5&@`g*LrYNFJTvGNtR|UYzOO
znD<VM>fZ0cxz-V<p3d2<$>R2z@N&`G6MHZ32s^gpPsYbuS^IOF=Bhu8UEXnGuSRV{
zZu9y~R9*OaiEOic&BEk~ksen%Z`Q2*`1j~^?&Nh18`Mw9cK<Q7NaLDxZYc5D&Lg`!
z9_jH=c-3dho1_E%8jm>o&2Rm6&pN)5Cd-lpr|ykNdfRQ~nrFjn8kgie{4mPF1$~YU
zhu`+sFk6ymmfns(%{v**jS(DMeZqJAnLlpF*U`|P#@`sSI5NGjCRQG`=G*vKc~Rf7
zP1yB{PI{c6L)WPLzgg0-%fb8KJaC)I{W<zLuja#VSGz>H%zT~K^>xsjT^etfV%K^2
zlGWeMO)jdj)q5Z0M{ei2e6h=|Lv?3&nzhV3^L1vgQ8C}n!_|n3c5!W5qio$42re}s
z><QI$nWnL&Z!)G?Y@&TKO=U|*VN6xzYSdVmrn1FGV=BKUMyAF^*G7o11^>GM|6XqL
zdHTPy^uHoHNtUOhe;#ryI6D8q@S|Iu|D`$af2o!Lx-z;;wWeS&)$|M8<ZFoOWFx=^
z3xGN(fW#C=mp76MJ@a{37k&nR^$ajlI!TwO6G37~QXh}D{j&2#LnG`Lp~9HJ79GX}
z9ZaY)rm;mA8X)+OV?m|9lhuU(f#D+80TaLCV5k3A%H9tMj{85=vj6+j{ha;3IzlD)
z|50#1J6oT0tTy}%{%rRDYVZBFs6qo&!*TD|Ibh*e9m?$gm3RW6;`{%86q<AYzgj}s
z^)Ifp7Vru6Ph$i)>%TgJz516_(iFgv{HOX`+W+~}s80KzY6(WsJqZ?)3+Mw?K=y$@
zASk5<nGKoBQ(K^DfUsYwsUUTM|ACdHS2dN%8Ok5Z?EkdNn*e;m_)i7*zdFbNst<PR
zUrYlkAlm2W;b{D)Q!VvB&hfvxf^qyGVPhpGp_#1hW?QVHa43M3W^-X@3mqEt3p)h4
zF@Y`gXn<;<3p+z*dcoof{{ub>Vk&_V|4)Pc{$D-wKO6m@N_Y1EY6%tS{|l?O|Jy>3
z2B?O!|5sHgtN$ZzgTamy9Q(O>IOzX$s@48a0M*ag|EnbsiM@LhD=FYj8x8UTNx%h@
zz*r44>m?HV^r^J$U~CX-geDiu6>{AmV|JznaegEUq}Hf%<%n+^KN1xZ%Q8i|a+L-z
zPsi?bBmwuCkf+`X4s{s^QWCrn6FT5YS1poci86qfdYKXr?i&G-z`87snGlJ^;tcPh
zkV;F+km+Q~Tu*{N7RCk>M<9{A0~Q4n@Hm-L3hovekR#W~2u5cO@E0sQk_3**v_{9W
zz^7FOgCD6vf&LCs$i)QUECY|n(0h8oHQ?ce$EW8gC5W9KQeWuRv0iu_V!#LuMlTeS
zX%Nr*a9tvI0(uzjfnW?cJWixV?nE>~BeBS(Xr6>{;FV1whwEP~%aAJxUg$kAhAYp&
zLs!IN+|vt^s$jOE2|*Oea2p`T94nl_qEZU+qdNe+=vULs6W~IDibiumJYE_Kmrga5
z%<$FI1Ks-v<-$sZfgxD2gfv?T^_%jhNoo3|7&%6G$0Tbo|4ZUQm=&jya&SjZI<+g}
z>zWG3qSq5hpkbkiV{L?qauo?Ng7ic#%dt#>GzDYkSl0Y#Q<4xE>*j%8?dD}gFK}6D
z_?|7wkV^<AJd;|sBE&te2clUdBMKrDzDX@PZq)`&Q_Cz;%YbKQm=Bgnq_i@yfY~kC
zFrV-MK7Qe)F2RHzniWBgaLLNTC8L!^9=!~dbh7D&6pS(-#fjpk6NZ`)O1C1^5muRF
ztTMV4$ynVBvQ;X0JVI)_gH_uxG#NO;toe94y}Epn!Fv9eEAg*X>)%hZ|D^)|4^I7G
z)d$=4j|n!Zc3@@X;b8txrBJN)f2e-`&iQ|Jgc!L*qtdF<br4&YD^tM3wFVOCa-?z<
zl&sQZq4(^BBa^&v<O&fe37b~?lPJKq25^?Zjg9CEvH4IeKLO&fxd{+I9%6HNoCFS(
z5Xlul$^7_eK^&9Cfq?(t4tRXW$_;ot<~*`1;?xm1dW7e}giunN@eOXwz{O=8Hi_pC
zRLV4=A&hQtS~My&#IGAZKR+Kobm&l%NQOydrIQ_@P>Dr~u8wG+S0xSqb_;Zde>2z~
z|0~xAoFn~jfS;BBU*!CcbNsLRkdP_U$`GGQU@?~@*XF=02uuL@LzrVWEv7$#m)-Ev
z6aZTK>;)1+3y)(s^8wfJj=I%1jRKPkJPvJW@IZ*(OryUb*NBOvl!y(_Dm9!HjzmJd
zM<MeRxfoG5$;CFJrB?9(R+gu>in9SHwFPJsqm-nUiczw}a-{($%mK?dsqIL)A`6da
zs|G3+D&(fk91XbIPNT~1ipOED^3)nB_FYRt0n$~P3>ir&(~$?GE~@muL<)&YBL%`s
zJduVZ9!%@5PiedU?au!+l1gb~4*EYMfMT`(1C|8N{$CA&Otv!v%rNvyjSOp-T8T!k
z){*dJvWX*Y{a4hRHs%+b87D|cWOMmK(8u|)yi}neH71PD6ToRJG2oH^Ad>+E?m5U9
zmB2|!;Ks6eiEIu;GnBxBbWwU9`~@Mra>?q5IB&DVg-T}w6sOYYax!wjfbJQlfqSsR
z%TR1B9=&P`b13J@3{Qbc67Un_SsWo7Txm9B2xR&ZxH%TaC4_l_bf6@{WNs{-hUYP3
zBNCYr90)uJ<M{Cji4ln$0ml~-B!*eU3B%%<y|_FsGZx=btr2Bpix3UHPz}#&J*hN5
zniuB$93qo3^af|_!Wbs2N?HoGegSXzB!R*29XB?d4`DCh8IP=0un36iOY^1rQt(h*
zJfEG&O0bFtz=#967^WZ^qU6!jc?QO@Ibn$rCLr)<8kMKNOv@~q!ZTcy1>*T2k^#m@
z9vYF58pi=}*elF(ECx;(#);s@BDYzE@%XH0h#)|=Hh^g6D$`X2^pgR|1P~pD#T0_^
zgBchINlacM2izN!joygr3lY*x5}1RiMan_3qHJ(E5`im~iR9WcU;%M#89Jzdi$D!`
z_1J;ODiFY;*OY-v0?UBsVi(2ei9rQh8NfVnnSkMz0swA4&4E?}e}8`VQYUCcQdzbL
zUO3xf5Ff@bhlvWub~=oNfeAtxiQ+W!TzGs7%aJRjc5uU_N^>MSeR=IN6N9Y?KLu);
zL@rVosDQ~P`jIFk8hWdm$^63<0VkG?H~qz$U6M#+uW@2o!Yoy4QOA;Sj&Mtd352V`
zfDruYhY<+5YQ6(9cHs5>&oBgYW0UyN9CnqADkj1P8Cj@i;)l%@u$b{|W*CnHne<Z=
z!3o%fl!R8Ughl~olwgE3O_~yAB*B1=UM_UDQkt>UiihT(?Mt4@<u~3aBdVol9n37~
z<}-^*pGKIn8EiOP*TiSd|Lo2G^{cqgonzXc|5ND<hUNM{fI@ZJ|5Z!q2-%tc>*XG@
z_fCX>Pzg0vu-eq8+Qn$>Oo#}vt6BE;Hq$A4djl7|U|Nbyc?ijJC7lL&<^}qDL2T4L
zGLa`&W<fmEZ#@CX3MvJjQnJD$LXA|zM59UBGI34@zC#R0AOQ2(1h|HQ8+_2o^p_K7
zV;24-C_x2@5sGyH4AYB1Ilw_N6dS{g=J*;h<!DiD3J1GF1VaMOs$_%1B;ZezqckQk
zJ|U<ea=NJ=n*>uqAlZUWRpmeukrL7ZshmCt5@F7Xb2O+QX5_+WI47lnN@H5_AauH~
z-^b4u!IcKVtU|7&%rsI9F3%)^DuQHrqHK7y=vpDd0ZP+GW6pkpEnIObtyT{1(UWAV
z<gfriPV|_UOr)_*hOLa^Wyqxj1jth?0#_Np$sIQyFZ(!A;y)E5XvksUWQ;+9))6c$
z;vl9%p&A$`)3A`jvN7-B65#fnqK6SkBtno3^hQ|xn@01%{(l@eE(FK3;^IOj3X&{O
zhL1_$g=Wj8=u5nS6{?XSkN6JUa0pz;1J{uk0qpqO;~!q1RTxviffBVcVN5v7NS7fN
z;f;`IaM*4R!OzjDb96$sTm$X_#W0%!AXD~inN$uB6L!E75Fh3!fZ>Z3QFiGuCB>-I
zGa$1j#K;`7B~9E6rAi|cqFo+jX3WNtQYM>?76Gmyh^$m8R2eFW9FqW%lj#sSA_XGz
zX%LwWHz}|pCLoWo$QlxT1}kMYKUsji#e}i+kBNeKcqxy*U^kF)QowQ?0Hnf*!`Tp7
zf{|dJJKH>WF2WJ`Kh)8>NI}HzRq~_gUECAOf*K4M=@7_#wO|To^eb;&b`zF-A{*Ey
zce;fNg;JSB0ftXcxKhz8pS)l;#apursWG@C8F^+(T6UIh5GW6g0yA+S=r&lgil;y_
zf;%ZhR)EDn)gK~D4e2nLGCzk2Sae#bSStaN3+dw~NRf|vYV;q>;&|NHXgEDQ<Y!qX
zMn6GWa23iFbQ;iv13{<39y6qJ><KQ5R;^MgkQcZvrHTyfi%6O)QtQFAnKFeQk4hmk
zK8bR4dh|JRDH<ykOY{KnqeP9p7#ItND>5v>GGSTOl}iuw$0)~$M%pcsVlWU(;NdGN
z2Siro=(-ZD_ZHw51g8W?L%WvUQ$a^`42$$v<g}<>Dq*X9Y>t)yGXalk3PWL8!BxV8
zCJ-`S1UxLMbqJ7<l`YkVN~DmHQXIP5qQ82P2=0la5|Ne;j*&w8O_Gif2cBiv$P(Xy
z!xM1IBcZUV#3#xpYMJs0!)sqU*#P=<*+i`j*<?;pB}gVICLFR+0nv*K3kj*!cwBiR
zDxz1JVyX;Mz9e}i{8#0bDer8`EMbLZmg5w*WtPys%n~|f7Fi0qs^yTcmWsi3H(j+d
zweD*cWHt+DL!L=7fo59nst|9mK#66;^2E6OLI*(bj;^Nct$ysl7zSJvYlKFXqlO3q
zbjK7q8etSpY+1S}N1+qK(J+w^L84X%OM)eNdBGY<FuWoU)&#4hiePxP7M!W>A1oH>
zOysf=Bi<m9Nu)IRKXedEgA1HydgUiUFJ4Vj+QSB80x0x83M-mA&2VtQW=ar)FvpTr
zkus4KW`+Y+Wx^a$2WP^p%FGUyD;1x?n9R>(OlHN37q8zvcThmNL=`N_(FBXL)xmHt
zg<Av-{?i4+eI;0vp$*QErw8{}XTX0l<bMQvnPL*lQJ&>uqG^Xpv)t$b?`cxGrsA!w
z+}LHBs>F_H_^J-QT$!$_LiB1y4veD;GXQ6|st`S5vQ&lmk%7!McGJECo-uKNzUWnR
z|F(v{YJ=VVALFUL&&tEW`L6(fI>U1R2V4p2-2bVD@X7l>XxsR5wtxf(Jr<ik471H2
zl;p2#{|D=WU*#5%3GHUPK(^|ksy2cw@^Z8nWYLOj>;l;&zT)Vrdkd&syFO(w%enDm
z#viM_pYo~E%DK5?q8H+E!#;W623&q@L#Jg^*X2;RWu?oi7{&kYjz*Y?atI=V1N>$h
zqA)82W^qP^g|*EA!GVg}_BiL%QX4vwIZ+kpM&(yTm)ST!L&sdTeXHW+|GV1Ps_9=+
zQpHquWr;5PU|){n?lYBkb`^I2qT1~<Rc@cAZmTrSSLJHDDp#{r$(pQ6)?8J(rmB)P
zQ<bfW`f4>#w)H>8bLo|lha>x6e;fWEf&UMu{-^2#nVg>=%ZDceaj>A}#Im>?!O)@L
z*n7Fm0`*o1$hZSiC2CO{VdFj!I1>+lh?V8(fVKgQz(Bc@gRSP3vVo9Fj2IaMurh5n
ztd9I!+0*Im4uvp?FqV^&V6<;TElIFIrBH3aviLDE%viQLC<IKeY(vK;#PfL;&{PUg
zT3G?Z1ad49V`QMFUf9pSQvbI4f54aE|A+4M|5F{ocKuhc{WpVZb^lX9fYbh?T7ua~
zkGX$f`S>_ZzdwU4r|I{nnSNI`S3b+yn^K0gH|77CwYRk?cf}03%WuX_f&Z(35%*`9
za5Fx^EW7;H))lg~F0;_(x3u<!j9M1B(<6#6h+3W2*I$sOb%m^}E5V}LX+`ZQr~eOD
z)L(C~J^!y}|8G|I-%kH;)fMdde+&3L|8KbxklfM*oOvust5Dka0*3(Qs7(F71=#lc
z7Ep%Yw*VV{-vVs-eG9PV_btGd-?sppe%}IY_<ako<@YV%3-J4<4|do8aOG4+8*|YA
zX?}hIR{GxnXaBF3V72(i`o2J=$UzQR**u;X2#)7ro!^s?9~j08VsXL(iGg7ZCXq^I
zQ;30VDwRl~Fe$7cD*Tl}8%pqk%&hl}(`%E_0z~GA2heGBY9NIe&fo+R89_k|Vi23d
zAhN@P0{vLwG&+S&A4<UEFaiWJ<hlY+?A7$h6v$Go((3f%6po{mny11WV?L`u*l|c-
z%foM`#bWpcz)Agy3~C^i$Y2Msh+#|`lgOY41yUIl2E&g{sfuEuPKNO~^jD8oU%@QX
z<8%mOjZFUykHaB5<Zvu{SQ3ZBHrC-7><P)-47FuW7#-Fb!6h)sseIK=LI@!-Vbr-Y
zR=R<-A;^Y)MbRLuD-z{Xkzgz^qXvunR8&TatPz!`{gi`06+lxqf69fVeEg{psxtZG
zs1<VZbTXwDyC?|#q_u8^6~e-lO1aANATdOId8-V2^50}!{;WLg%YRw`mEmu7{+~g0
z%Kz#JA>H$`75b~PLJ3q7g#f`qMg{I63I%7G;c29n2o$!2?%nVq=p+H1BN(I)_K+}0
zEej<W_Yh!FmZZlUK%!FMcPkH4hQtwxTy`iSpBBVsFasFj#4rZU4;~EI3}PS)9xNHu
zASR6g51>Ize;^|T5($<NMTtfk4nM;Y-SD`OIE6?DPnff{@Qd*ce#Qtvh7JN5fRasN
zL(F6qn%XSNh{9|XB7k`GOe9;bfr(RT289y9c_{tD0f8_*7HI}&%fAc^Z<aO6Wi+cq
zt&E=@6V3`HP>^?K0xw3clxNEa%e1Wc9A$z$TZWxIPt<~&1PI|wo`8cQ%@k=w5||Ky
zOb76RLgGRY#|t<^>5^D19?${9b3hIFgrvmr)jE&|LXMskxKO}KARN0pij$`nDX}Jn
zeuoE3Irt({a8X5@zU1(HCe-?1rLXmwN?+^al)h#sDUp2QG%|R=lE}1Lm4=O2Hz0Kw
ziXA8pM)n$l^~U(YnDKqEx!rxRBb$3PFI43o2QvogEeY|7C~t8v?{!Ar8+gP~io^;7
zk9go*1#l5%kr=L3xDXPQ?NaoNo&kl`7cf7!-F8ezakV59s|KxBmJJi3;mMIZyg-*h
z>(M3(tiq848g_Eh)27PMh_cxtohS^B1@LGyvXdrRqyhFP2rohjbd0Y#YIqi^)e7LD
zS(l>@6DfgZkqL{iHp$e2mQOCL>B2+1DjS(FAZ@oSI8X(q&D+>gP3PRmu!R`8!@uy4
zxfOmH2JsmCkP!i6pOv-%g#kps9YZ4n-gQL^L$`6r3L~{xYb&E)VFQq9zcLVLQgLFe
z;>?FFgjTf_1LtOgK456vR)7Y)=&80C)czk7sjMo9;j($g3UJVcQJ|PCcqD{rU||<P
z0+NkfamY55G>$S?u2Crg&kY<011wfHed{$<F&X=mPJtEE*by;dR8}z!?s7P}aE^8x
zCCr2JLxRTR7*KD8Zatuvi{Y#sg)T<}s*%F*FEf*5nOGpx<jN)R7^cb_glY6t8oQLG
z#PC4dD<3eN1KckaszKR~3LGO+!a`4)tP!czGEMogGjsCbxjkI>4ikrv&E&GZNrK7Z
zsS>9M*x~greu6;xLM8yh%AWwhVool>ggq-$CdtwoWSHd?fL=+$9jW!t5$z}f2ZG%c
zsC;7GG)0&OUNj&(%Rp;rIt%<XagX3OL5FH1LkWz3cQzn3nGQ%RWj-MNLM8<IjTlSD
zo90ulNrSZ9vj%C^O&f&HX+!l+8-&hjLj|S{7BPqdB3_m*)4)TG40$7)zapEh2rkr=
z$vDw4w_JmxQGn3$7^|TrL+n!!`6UCVesX1~I;Ct|H8dF+q;rHpZ={B%K_RVXOtuv(
zXbKa?+n<1xp`&m#3DHAUREGepG(UAB5!}f$R>f6j$~1C#Rzb#CL$&}@K&-#wO?h}`
zI?wz}j!`O!V`WUbDvx6r0d{6$Wz0t$u(}*g+HgwVvJ)UraKE$JN6n2cP5P*no#iL>
z$jndZkrhajW^&-WBBi#l$uudp!(!U8!gLNK&Vl4VFp$_c4t6$jXCwa)H*(Bo-Py{W
zt^7aS$}v|8&Q|Vh<^SPUZt(EoZ0F8){vU4VnBy5|D|fc?|8OhU`$KXzb7wRE4>xn?
zo`kcJe{GH2uCCqkx)GdF*<RrrMl3QzDL{51F&hdb((oKYwsAtd+m~nd;0#!>YyV+p
z!}jTUII#bqFen!O|7aAN)Bj)fgn!Zg12dWYj~jDX`i#ffJg&+3a*k_$E%qF!_{L^G
zh<9uR{tL9pFmD1DgKI^OZ(1O-bB5C<q~n8}Hj{l3CK`zAd6Ckj(V8EkwDt_)m`;bs
z3jZ?)^1j4#{Qu$8`R3OfeDNdxmvTTKTaa0f=+%74-n8;Qf2?+R+TI3SxyNbKL|?<n
z`ic$WQs*fC<sYkd9+pPNA?IOf>*o63Qykh?>{X8P?rS(6>^$k~>;<3Q3;w^IhIKXs
z=ZR5gOK_g5bhZTN$wOybsLHnRwV%#&wgl%1HfK|Cp7L@wgo-IsoQIPt9&Dfgsn+{H
zss1#E_5Ght|L@fj%5ndv&0FEhck`$ILO3p4AdHLWN5wK@Oz*%n1ggo!nOt_fFgb=D
z!{bLpaN=#jQqAzfa6$nm3BA(GBGAf!O=iZ&TEo(8!gAu{`IcnRD0C}WHZy^fz_l(P
zjl!_T8_%-I3L3@F43^Ca2k_wXFDqEOMcDvs3^V2b*n1Y}HmWNXNJFX+$Z{4IXbLZa
zrZ(tf$#Fi8A|lJOt;DumS<VLt$!KOI&t{|%Gb20Zvk?B2Kw;Sh3OSJOfo6fyg;G*l
zKARR6NGah{*l+@;;deHiLrN&yg#sz;z3;sljb!<gl4gOm@{u%p@4owg_uY4AUT@;`
zT5Uta+V*y&65UJF$?6V`RkU#&;@#1f&UkAz+)CQI`qJ?gtC0)IzH}81a{%8j)=99T
z{WuA>F*I-P{BfTITO0Bh@gP`-|IbTJ2l(Ju{@VZZUqf?4O%vz89*kF&{3T61@H(*n
z@^5UM7n+d&!Fbh>f64g2KmWNQ6r7O%!Fbh{zXCJtI)A^JR}aJ(qsRZjhB=|?^PlH}
z3QWZR2jdl<)tZdaQ)N-wq^GZ?GZ7;mUm&o&F%}54rd!F1j&xTi3Hlod)>eyVAQ11S
z$6R{&DP@C$gZ{xrzozE`=~Q4H0t#YJ{?TX9Zhpy>Jg^AIYxpJ$QiL9s88#IY*79Ag
zP0b{x4;4+Uek=AXBH?v?G(7Aq3E=>1$$F_uVJ#kay2xXgL$K`cmu1sK`gJ+G$cY$J
zaDI>-#SwJeFB*o2n6wbngm^T7-|4LbdD#>QcK69=mz04;o|slJ<$~$Ms!b0O**D$`
zNm)q5enB^6b5UQq%{L#RgaeGYa7L4cB5rqBQU-`3E%IP*0b)WOb1>!0MRqnUz00BM
z+G<tHX`YCEDr;C62Zf$USjp#zpaP!2RYGA9Ll+l$z{dT>LJqJD2L#T@0E}5{=z@@!
z0aQlGMZzFLt&l?*g#-L^I6!|Hskh`f3^+1|SSbkhM#8gvz6!1opU=s|JTS15eFb4a
z$q8&AXxJZQXu><7RZ?k^NL6eaI<&lO6G3xHtPO8vF}UmkPtpdkhE5*zM3VdyGA|r}
z=A-t*eTb6biS*L<@%6Dz?ej#elL5!q58M+LA$uYn?8EqaiMlK)rhx*YAI8}W)fn|P
z#y*fL;=%#Wb$+1&PF^UK1eF5vM7rn~s){2D!qMR*rC>6xpu$c#zKw#p6F>&5I2AB}
zNDKco&W=g}q^a_QkYVKVw{Zf{t*S&%#4b>@ZLs=9IZ^8e?)hpDp_YWzLQ(NVz^Gt(
zoG4?q-=IVWC^j}2ChXx?YwAMHak(o4?8}E+S_hBPpu`j5x!Pg;s>!D@ft$J@u9fw`
zX*pdh6<31~2{tvMM&wAE{WLPkV*)qCd^O<MvfkPND|uJbTvSDr3x>??rIUSgs2l@P
z?K>SVvC4h&35<El5ROxzx&N|{L*QjU2W_BbG2+IFM9YHW8YF`mdm>i&^sFG_nP>`6
z=D2H3RCs_2ot~)E7b2tyVhW)k!F#aT4IKodpVUc8PBzSXlI6E#d1(`Y6a__Rg9ap-
zzWaghq60kz#@1z-VAgUFkF>>(B?C~xBWn$ylZ?PuwaizyVBn-=!*(*sa_HF3a_Sa?
z5CMK0CB{nr5amNgGy4&oO)C2wL|hBnAQ1)xMa3J?uyvVfj%h%0OauNJIF(ysi}IvV
zAvjSekc>>Mwlsfhoj5CM5<7O5zyvT%ZX;V|mezNoEZeXF<y}#LmL!oSLt2R*DqJ$a
z#f}pwT+Jv20k@9=6mARu#&sp=UkAEC_&uraV);G}oAFwfSmX+-p&`v#t%T}hmUY0w
zm@sUy18AN*Bg+M1g6aXhL8UA<f1{<N@TZnm*i$d!X-~h5|B^~XRWJ-kD;9J~rX7$h
zb83wpnUFI=5JbyjAOwr2Rbb$z)su(KQ3>S;NaTgJvdsY=Qz5$Hj7|cqE$11r`0H%u
z4_aX$03H>&U?p<VQf?IFgd#H1)X1QwuVoA!$r#3mC<tP_h&DKaR3~a}if)*sSjvFC
zTO9K<c<{ekEm%7`Lc!V*lGES^!C63{tK<qO3ZO{ILoAL@n5UZ|?v$31b>Kll)=P$<
zDtSZfAEFJr1h73-AjxxPYl2uZ<%K$)x?2LHImho#gRY7t9fAatND8i>GVC;79I%K}
z6y0k{Yx&s%>ur$sl41yk1~3tRoApBmz;+3S2!IQy<`jT#qN$)ojB`OzdEWO(zQ_&?
zDZ?DWp~W+>JCfJHFDT_(j!2Q6BkPDm6xGz4v5Buc>Fe!@cKOmB(e9<ai)&yeR>Yuw
zcTCG8{|)MX24xj|ggnchCsu-Avb}>Y3t~S3r3A`2ffC+6r4@0O<C6z`0vv0cc|NLB
zLmHf6K*JnQ1h0WNBq|8h$-%0*+nS;I#9j3(UH(+f=|V;;vDIU7SZp!?S|{O6HP#AU
z#4YyIO1iR$MWnjrk#NaK*NDSc^$EbqV4!?#P2b>Q%gbeWt(+m41q*Ol$@Rl8jX@7s
zy@Vwh^XGdATX0f}DVjze;^)Z838|TsR~Fs@01^xm^eTa1C=d#f;JoJ0+~$S`kQ$gn
zPEbjFU6Gs&22KG`fYm%={HV>p@)F$ooh{PCbTJ<x|KF+sYUlr)(b4B0W6b>Dyij%i
zud%UdBL8<VUSFvEAF<arU#>)-mFcUQ=$pv%eV#nu{-^ndC#*a?=QmoGX(HYCRZRCy
zWbG!hcH;tmfU<VnW!lr2?LrSkuFi&9k=m(FdO<vGTKS$5*5uh~C_xk?IS+mrS2iLp
zlXOuLRClqY7d6b12__LTu!4kTqdG(i8Z<IYKY_(4=F;FFT++26m~U`p4q)56`+Tah
zRwjUI5vJy>>2d2ao9?m5mnB!u#sd<w*hLtgU&4tE)>{Q$Z_1}_BOuwO!rXTxp%G!X
z>{ErZ==BqK0#<uGVr9!d(LUUdCLU@Ink$s(XjaESu4uWb_MT3*mgM{`XeQ>%a1F?F
z2a<-<6J=yiU(A<MH1}FrE*h9ZBghLK7eSPDM5U`13BnCUW$0yKi8<&@UScz&sOXBl
zEazC^=w`oQx~+T~6}73MWGQb^xI$rwa2cWqx!fq_unr>qpkJ`+gieC77CN%*f>r<#
z>lpg56DF;Zh{BS0l0Amk4G0zJMFRk;63Hn8s9S_hCzyy})u413fGrfk5fpWNI!>7x
z$VDIu<d&BQsYWRjs7`nQfC`1|1M!#WnU_@fRVm&v5-#NPBwTDzEG@wWFUdNPE3phI
z7mH+DTR9=92N;?$o8Z|<`$AmIHu`WyYpIH#kf^E>+Q<MI7!YL0lHVq@N7nO-VQ?If
zRX`ZTR7j(jX#i*m2BSIIOXZ3RAnOJuKr<M3q96pydN<W408^0@7Ysua6<Wtz!EIX2
zYmhn=qNkVl@YK^mBpF-<w*u=YTgMzm?{z4H^)tvp;Ui#oM!B1*v6tfMC3#I!viL4j
zvZ$dM{oZo=3oaVe`cMLNQy>5uW5}xN1_;z6Wh<~_8wW5-5gBT778x`r*$=|3phPj;
z*^*v>Az9WE^xx3vh&YAe6>Of>R4`p64SX}Z`@v|o1&2x`WFUMTru7UHltZyBT>cX*
zD?uAFvQ<)zxp_BUvZ&G#3y53_CU|RtkDJ9|tEu%n+(}2A^d{TV%cH3{N%WGQRB~CO
zHQq`*(O&rO@sj0<bO%=GLW@+iJH3)5+eox~C0Uy2ZuOG*ik?)wx0fVS?nGBlXCe;Q
z65X-RzScx{J86M_-N`iROmrpE05qK>I3Nd=i1#9}u6Qce0bipniOxiNrPtk-NOvR5
zwq%M#Nl!GDPQ>~;qbV?oR8O)u4#T$s*zQDkTM9;rcg4HYU?_=hxJcs5;2Y`fh<0}3
zSng;apr1knNi5m3GL>lWNRy6aXKNfTw!{H7tW{=X0adZiXrjwYTBBXj_Bid81Slyt
zHe=|K<sEUngyTiwZ!Dcib|W3MycfQDfy`9e?z%kD8~2iED$$D^X-g%$yl&(t^hi=5
z(62krpdhbFg-D<Ye(&pz+W<*xJlYAcKtA0S@*7W*aDQ@yG-UZwqzNrd9hpLBT8ich
zn^>x_VSXSKB*6vEp~mJpp}$h9uqspd6-gA<&i^?U6$fC9G4g*+^M=)b&JE6;H<AB4
z7_To>{_iVR|2L5qJYZ?T@#Y05(t=;?w4kL(JP|l%73M_o-)Nbvi8SI@GmUt#i~lMu
z3kRsQuD`Gd&{^v9WhwD1`v`1V_7j!mbTkbHOLlBclLHp1K(+lX=qHH+OTCH$py*|p
zJ)w{*2{}yh(P_|)6!g=FJ{mm#g1p0~CT4g{yR<70p(@K0Q2!%Km^mxTx;j+NB`zX?
zbO~!^gvt49$VEYCSvki873ip562?Nn2>T@*pkKW1K@e-dmG^_OaeiP45~HNBnmVi|
zQpA!f=uGlFFTs&7TIV!m<SZ8c=%oTpPqERkbd8V2a&Qz`P!fV^LQ+lwV}f@rj%D^6
zRx$=6Fj+6aGLLZ*#`d~-MW9Z!BJ0KyFEZ`!C&>a$^JzL}Qykz~_LG(dTI{xH=V?He
zShMng*tRT&;mN=X+j7nw%(k5Khpkw&=F2K*r1ft@j2&g}(~J=1zCa}Fx#OT*6bsH#
zsfjbxZRJ--tHtFjy+9ML{~S|5QOf$T&I~IgMdUh82l!6yhgS0;4+_-axZ(f<&M>s|
zBvoBy$<($BR!GGup~Y96FEx=H9<%f3heu-elT2BL-qw4oaF7jz`yZITMjSaSt4c)6
zg}1^OrCehbz4|Nj_*7)JERfHf8Dq+k%j@%si%AO^Z^^5sUOGY&Y~u(^m`3(DmfPB~
z1-7)~3ur;f#$-0#i{RdzZF1;x4q{M%iTO-Jk$}<Q6EaTbSX#odlhon0vB*NBlqYq0
z*}&)D*N;%yiF#2o`80sY@b*47)mTo+pofE47_cU`|FNdxH0Eh7VgTp0bmt1FfDwQQ
z-VH$tdPXtnT1J%%Iox8SJ8N{3wZY*vT{cU4fr8QKBhLX&Ff`u>-H8XBP!6?S!F*mF
z_<oNy1Vi3aZ^PnbP*nVmvRQ_<Yyns39FnIAegWqJZUdZrYQDj_bm2-55HQNbCunb=
z0d>BF(qp?q{4#P`U=RIKQDd_*gaIg2OtaI7LAF7egPO%G!`_9mX6Z^2y?o;2AaF;+
z24l745CppYRDh<k4-a9(okhu-Z7QLbsj4$%M_`bpW(EKI6+`jMQYoMmeBk6|BcNx+
zU}GrgH`jr)NwviYenYLVAFcM7YiYl{P8d^DdzCym9!hQ5OF(C9%7vK1wDkq|!{{S2
zs2FW>xEw(n8bbs}g=k61<1V9;gD(EDaHXM@jj5Ncm50a~Uf_|mY9zGd1=<OfiH+`M
zwf)rCz;nggT1Z_?DfY{{FAIP&;EixkN3JhRp_bX9T46n|ZAq1?YSJ2hnGG&W)vy5Z
z{eeUG!>K_)$7)ze{$B<RdoHx0rMT=+)x{xX2<D1N-Ec#!uQuVb6=rc87vUl*U=;)4
zKqVGH+MdY{dv)2sXQ^n}DvC72j}O(VtGCFqvGsF1r?*h#<$`3{IqvcTTpN(2Wa+$M
z(rzp?rB%~hiVF!dX^N?7$ZFOKn82S6fCKVY_(47e@;n&Q$eR&KFa^+kSrl;I26vOw
zfI5gCp&8qCv;k#cW??}jcZarmSXhn7SGFHdT{Z9PkPwdnD}T2<N>MEt6<Aa@qYR*J
zw1PaQ{qe<3r3H>;d98Al<*~8?HXYS8DQlrnTQ>xBodb%78~C`*XgeZ0j2*eP@yY@|
zf>B-*jAVjr6*tV7ykw9%Z<$px*u4P@Co}47$5aP{QI2>iTk9Ej$f8ArVuAg}Vz9gp
zu&*<M03kFYUs1u(B2Aw_Ct`V>2m-{~2IvfOW!yF_ih{Nkm8lF33m#f<xo7pHg5ad{
zd5@_L@PsZd1{JpTOC#b6<txvkwh&R{xdu4sw{Ki=#A{+XT8mZ2YUzqi?8=A@k2Muo
zyylpi`Z<ZC1Zfbs;A6kAjAu1;S&d5pQink!<~(I`O6N#2z@i>*bv!A|q9qnOvR~Ma
zI!2vkba@>Div%#iD)ZZTY-@MoH=rrt8l)ythZ~e8jeE!`w(Y4J-jpF1y!;0iM177(
zbM)|%{R-nbCYwsXGoJnoN#}e8fdl$#=EuRY%fKAx{7{~uK-bHf361go8xsS<%n%Y*
z2aze7g;8Ha&n9kHajd)O9`yY39(0H_gqj<I&2yT*G`Fjau>Z^Ui4MdDqigK@KN=dV
zpa0SnYM9vnJt(g$d%D}FyN^dbnx5!rO~Lzx_;2bI`2Vqp@HD(l$t-Peb$y0^Ha)WW
zdbslSV#i9u<(iblf0G_RZDSfPe$$MvFs*VVSG>1}wD)U<$@T%sJb%NyA3l8RW|!;8
zYZI-}^tz3|Uv=s~z0z^aBhRnAcfEV*rkkHx{Qdl<$%p2Tt$Xa!xp&uRe|hOKhyV1o
z#nZZ1Ov|pAHd~$C*m3`+vwr?k;rzRnoVaw$-UX45R@|`XuH}1;U3V|nzWXm*zxlIi
z@4T@3wQHV!!|$4R%|otN=f8VM@y!RPZN2)<ninou_3^aydgEQ!%dX<F;-{_;cRjy4
z?>fS@@wCg0!lCybC$8M}?A}A3e&d7-AFf-m^T|KY{+4Ub+ut}xcC|eA$vW3tr%D_C
zBX{FdpFF+oo|~m3x2`v?dEtSti@$k$;rF-x<iY7{61(J~4^D8s<;u7c-+B1stC!rg
z!ByOTqw9k|KHDUELl3t1{G$B`@`KY>Ul{zL?e&3r*NK_;CT+dv7k{^VpKI34@7%WY
zS3i01%&7y9$#XAsEnc%SeCWL|9ev5RsjkP#PS-ITj=Ou_olS2X@uAE0oRpo>^5P{k
zGe^zc_}`OTW^7n?Qt|ZvX`j0Ox9bmm4f>tp-m>h^&)rgg$HfbFCudy$vpZh$zI4`<
zHBTRV?gNKxc7;|gz2fL;PrQ8bw)4GLEu3-vUUT1)de^_#?R@eb&moKF?woY(4a-m2
zecqw>-JJQj_vZDkmZ|&hbg!Sh`_%>WzP8bL==bLiuK1{Q#Z?#Gv(tZkpKHm$qw0>M
zrrvVfbsv5<`3K8Rd~4I$+gDxj%PWr+UwQt~Vv;;FC49@~<-c09^1LHwy?wsN``!Qg
z!|_)iw&}TdT=(6z>$;P+Ty*W9+PD9F>8ano^rp9eORl@&iud+h`^@w+rcU2-*n5vJ
z*mdKs+n@XK-ff3nV!ZrT>k)e=|Ks`L#hrh=YYz!Nk<mAvFlo<%-4RiJzWC4+CpPvy
zr(KhH>}%`tZ(e@Wd5bsfn9|}pHF(*Smlyx&)zUu?cAmQG?=QM~-vvi)44wJYbKkmt
zis%(L<c~Xd%QJVZxS(#%@6J7Z($rZme*EK1YSP0!f0$I%r`$Gw_rmQTU1oebb(ZV?
z`#*CZtG_>K>wVs{-dXX1-?jVtGf#j0g};4q)|55I_C=XjZhvNV%a8V5erLPuvbT?a
zzjV$MGa{fLx5oZ;-^>|zeb0FGhaV1{a_hdCkDMRd@cNDiXH463^f^bn+&gaH{BCjk
z^3d$rmj^Cc^P3mk7i_(F>SyO9^z`~Y_bmOlE$eUG^{u{H>E<<uPw%<vcSEi>o>+9n
zy-%(u+OMVWoxJdv)chqg|Ka5wzuvs<gZIL(uZlf2`Q#Zhw%vHvC7Dfs`fTO{=WU%a
zd(E`J`Om~RK7DFI;M;@CW=PM1^1r#@lO03vU%6z}3wH<pm%S^Gi+OwhpBA)f7fJfG
z&rH)Y(;`#Ro-`#|L^7p@Myr|0)*^{EN|r0SDs7Sq$yOI3LUtudvXnM;-K0qA_gQ9X
zT3q-0yTAMW{c%5fnVEB*vpvsw&UrrPd7pD^9WB?+Y(2Y7=-lj?HpkT-&5Cji>N60M
z@yKS*EJ*Vv&Pdtp1i0;rFFcK(o25b}srW5+H`zg35s|RA?V^Nft#F68tKQCFd+eFB
zakC1bUaqOU!g8;btya87)DF?c$I?y>ixg#iRt#mnxgz}}yFjy^v~#;`PW_1&hOsx=
z_6<_Zi=L>elP!ft%)@)NlYYl1jZ9H?bvYbi9&yMlTC;}arg*~Kli{D0YO4PXs9NXH
zW+OdcS6Z=ZBz)g1bsSS7^+jEOe}aDIi`;q20;hFEo*4_bRG1oiJ$>^vNh7G%1~4^k
zED^FiYSK3ldwqdIi{wUZo=Qqo+?&g-$0RLWyK0>TX}cYpzU}fj=Oz@^%eQE_W=4mV
zG4qM&q0j5*S4rrv>GiKu(tB#{EIhv|wsyTh&0D*^Lw~pyigmUK?43QJOs<s5PTVy8
zHQ#mlUeLXy$m=P8aiZ$`g<qq;Os|$}_TCv4uh&|7`c-!Hz9k=3GBhi$))M%ZXZ1EZ
z2S{)I(p_u=Qu}64b>A6YJ}@iGV11!~QKRb93p)ml)g&$R@+@{`#pK<8kR|`F`B95Q
znOw*++;U<%b;SHVPFhI%?ro;nO~J)&p*0>1AvHqv9g5Djoo(|&n<PS;29A$B{B$)n
zzd2P+{_Piq(xRnOxaA+kx7#1s`7o$=N9E16pQMs=-ly9xP1GC8v6s}*5OisnQ(i5m
z(R{x7?dGA~!{7J!wg^~yXJmX&0t<!{bVw}%#%;m0t2uHyI)JR47cL=3tbRDUx*Et>
z=VaM4ka@a!TVZ(P)7+GrP>ZsPo@u%`;DB&f`f#V>`C<3)x_XNvDYFCp$z|r3<SyAb
ziq4b)-d-Ijp6LX{-RRx9zkWu=(fVBbegmWOcmUre64Ld^P~l>3(*h0SW@Q8W%^6Sa
zyX$=}oD2&0z7gnSt>?X}Vm+XGtI)NQu*IOD%L!_-qth`v-(0b`o^s{(^L+U*K_6@H
zQV$h8xN~E}2MhPBv2BLIDzDB3b&=whCVCABs0#wb9m`72=TF;zjsCT(a$qE{Bj{3b
zfb%TjX!6Ib{Aa)Q`#d`_@DTsHTxsey+oW9$vq-Ub^`wE)c?<f&zua33jR)sPB0Ek2
zvv$iL?8HVscrK`SOZsS_l6~*F{7rj~Wl{MBw6lt6)h&EI`zhNEhD+#&d!FBk{G~Xv
zLbTE}OF{as7rA)Oo?oD8Lh(guakY`~R)$>0HhFtuM9OW0;bZi}LFQ6+fGPcXz_F8j
zrfKu(XTit^gfgJ&kIdVjG7ArNCHsgijc@#-${d(__k1DgLFQ76cG<m<)Tvu^?Xz%d
z3D4Z4D@!-~(zeJO*cI1zt_KtbgI2D+G^l?4V~RyjI(2^bqV$Vhk@&DFm9YoXB97U~
zWMdSoWCJhQb|-IDa`57dKepuiy_Et$<@y<_4@Y{sqkO*1*f4azC1<6ty;JzRbyJIl
z)xM3?drQocD*47&{jTl72XEOtk5k)zrzdSHi~`PVugHJ@-0Bl>)_sJU+p!5R7hZR|
zSlZ{yxvmz0t-eS2kK?)*i)jOlhMOm2@ilM0Q6zU!&XFzm`F$MLeIA?=88Q7R;oy;M
zquqydfuT<iLv&ZWSZ0h=Z49rvabx84>XBsQ?`M0<@ikJrC{W_p-zbAjwS(1Vu1d})
z`3`IWa3&iKQ$jD{raRkaj9AO&X&hU%y!}YstUAqX;E`$!`NP)_?acvJm$ZXsFdZv%
z#huG@Oqhb^M)cZibw{E_v+D_pD+OLo$=bHc7KkV7^|WrPrka17DiKEW(ViZf*HnH=
zQO7#&m&M&?eF@6K8v8^spM*nR4Y`LO?O0bOo;~eiPx!^2xa9{n?DM-_I#jElCBS_5
zz;-_&k0G#5xcbZn<D!)V;&*$02SZcUbkx%hBw5_mdwl)emGn|!(35WXGK%uNJED6}
zPDY#9`PL$SovkV{Ey;5gH9mH3+0omRVKBU1Z%Dv?-(`=cl5cMeI-VHd4_!@rKb2Ws
zcE&d?8Sr})(h}<8^lp7vL7>3?{N^QQJLW3cgsqAr>K7A&8g>0$WeT=GPUt<Oyx){I
zm{Tl&pmT1tQ6DLv#P8kv`s6&mD<d{vS2jj9R;z|9x+u;C1@^WZ$JAEz<li$_oKt-(
zxZX^~sC$~nH0pHcPSK(yL4AMzx|wRzz=7`-J>ka5P0MMQ<YXK^N882Uk~$cpKUE^D
z%!c+LbdEy$eLJYC;+J!t#|y5f3sy@;uTUCzu?q}MUwKuzhVHi_8ETvH_l=4CVm_ss
zIrSKG1)FQjYTot=T{;=lHvg2y!o+1F-=g|jKRfu5`ZN1ObRMfpfFTjF#<OjY&vV}0
zU>N5=@O;PXulRf@qtAl_S2Qn+HIa)1=r7ZCh>rpBzM2~<_sD?j5vzlz8iG@-oEBtZ
z0lxu-3TM8xZr2C~M@gi!!S1=vR-zYV?uutFt_ztq7wk3}+OIbQXw0%`*=v_WJEkpl
zw(;wW?l-R2e-k&Y^!7cj4dkw*`yb&WxqVu5&--wGQ@81djo*{(8FLgYUc&?H{r3wO
z58!{7Ce2-_D)e%(#p&(~&%1|~ue3>3xJ`CabKCj&l{x9l<CaRhExBaX!RKPqyC@XD
z#{O?h7O(fRbSfc#cApVjwlliWzrnavTjX+2W=nw`&TLLaS%Us{Q`=x>;Dv<VD_1a!
zA#GSGYQ!|!1+lUYSMqE7)cpsnT!v-bP6Y<o77O7-e({uRe#`H5{nL=9T#}hlddhL%
z)enwdgt&#-8hF3+pz`^+NGnOaQ(4H@j1|AACSN_Ov7m-NN8G{f^Qo6oxv}a%!N$<b
zw^IpbN_&k1jFYF=4?DYQrpfMnW@Kvr-PGcv!Q!^58=nAWBQKXmdI)>Qt5QSe?!%Qt
z_cm-(-z@3o*}2YOwrQ@Ig88Foi67?3KAoMZ9w8v)_%>?Ux8KW>JD*10mbWy`oL)4A
z)I@i0d9-LznA3ODxSm&gO4dzt&^7e$vT@llqi2dLwMEjGIGZ#tK8q3KGRyB<yvnoB
zN+t3Evt_i~kGv-4(?fHmEtsty>3UIlg-Vpq2c8jiqJqKD?1Yd8teDB8%i+L@J1qh-
zQo!pLStku20~HmQ<0&t$ndphi^NBIGevy8QS5}p1F8wlBzgs&nx&Tu)Ul!1;7!f)%
z=$IJBCziw45A>I7x2pS_2VWzsN_ScidbirTeU_nEs^~}MU-t>zyL)@7EWQ*k9{;Yj
zr1-I`__aSa8Eul?9%lLb>}b~!xwohJ-+khvMMtcfxk4=^A#?XB{dk#0Q*x9^=M&XQ
zwbfz9aZ*(+3Ze#zb&V%&e-)I-f?rc&w-GM%_KI1yZt6T`z2&<d;G<MXSwr;kR!EFd
z2jtRbQY863`t-hv$5QITrGs4g+6%8F#<a@nFZ6z~R+;~!v+TXxtanrV?}_(4bZg#I
zZYu*k_zD@h5(@6J_#DYjzK8O69IP~M%}tDv-!N!+TKQf^^D)^|ayegtsud3Q{f-IQ
zxJTDy9k%ZAq8%`=CEfB`9<FHI*6*x6XdA|VCp9(sr8^`1uylJ`ow~K4ik9D?wK$;z
zTb28;T=-V|Qu90c9X+}RG1Lt+ADSFqwe^IEjX2@)GS8b<-H%ei9yK@Z&JT$VvD+he
z+_P0&k}96}pvzp;cUtPS4#V1j>-R+}519MB;<E(nef@0{?3p6kH!lS|{jLArne88w
z)_YzO+liI3m~Wlt(bzDUc;@C54W+a+;jGB1rK%n4@pk^?y~P*e;yWDm)TaZtJmS~U
z+X~5iZ7($>Mue|7qzh`~@g4ClSKT6F{4`K1_RzwFW}>jBvs8HR^y`GnEg6#L{$<^+
z8mreh@k?43Wt*LNlH0wg?2JW!(}~dcaxP{;R3i=ZnD!R+Ds##zV3C%6=L)&1^G55A
zh^*BF9Krjqw@VvX#krNeZS82sVz35=hRv}7GQeRe{Jhg!&-w1^?9c}aR5LK)SpB4Z
z#HfQ;v$~#~DEwly>L9S_(cL~!LkD;2_E|TrRQ+48jyCyDd&9V$?=iortMK~Mld`~!
zy}CX%^<t_?t3%K7hsIUrrd68Us`dhc=WOD;xM4_1YwEWm2Dm>AUJ$Uiak4J4^p5#&
zElB+P{G-p9^*;vv|Ht|72JrdM|DON-fB#G%f9NxiwnoSIZ!6<Z)_;ix`eV=kF_@?S
z@BKgj$fJwHiQqsG^=z;NKYD8&d<vHyytU5Ikfb-(tpTUx-P-}X?-s!rU#_o?g#?Ca
z&DkJ4*!hA4_=GY2q4<gSZHwS^MMOkY*;fsjGMIjF{rng3gdq-5o-i2n0EdhUg7I@a
zG=V;0n^~E`H_Cv@C>oUN2V%%>78G}zWiIwhoG4Cij#w}v0vr<tnu3P#wJq%IRCsP!
zXW!#8DjxBqsz9w_@tcQ7IvmUh3m}c`>gRYjQI9XoEf~EU#CAB6Cc~$ov?zoK1T8o~
zGbC#ciLMCjH-$uocyAH!D38Y$3>N`WhbZh<^duO0!45<QZ7Y=m(Zk;-aHfK0up^jE
zLA-W>XjvFC9wgvFjX*4%2r7t+dI-cLnIjQ!;h|v+|52&nI4G?V86jXbh+rZT$>pPm
z_7b`dIJqld8+GNwP&AfPel#Z;gg;>-i;Ora8H%MF<=KZZHVgu<2qwhejZ1?9WQce;
zDTtnsfFNzw&^XYPam_*?!;nTYLgDS`P}Z>97CGCMpv@qTl`?fR1%^e87c*O`keC9A
zV?_(q>_<{1V8<mOPL_ZOCm^!LO{Q3)9_uxn03Z4~Bn<|Hr~?Tw<|B}Zq*Fmz#o&Nj
zsPM5ODj+vAxVOM?Znz+gHAwg-e;AC52_$H1V^N~eFeY3{jK&%~h=H1>rG;G$eG;Kh
zZccDFM1AHMRz|#ikHu01R)AC&LH|s^S7=;8LTQZPkYFlYF?}o)1A@9ZHoj{i2+0V+
zc|d~}Bm-s;#5@GG<>W?&IzB=Rj|bj#sDFe6X`)agR-y@%27?L#tHBJyBZ3WCi(v+#
zt&2pe&%T(-(Za*QW`!`((1;UcNnT>*0AC0uOfVARwiNC>Fl*NYhWG~XHWbe*dMb=k
zLq-(zD;kWX<Lznz)GcHC4U9tkQOAK%KqhRi!o&+$O~A5wL8egY^bk6nLIoyZhJ>K#
z4$J~j-4CmRXD2{LB5DwW%ETab!-INwZsXa}zM)&#(P(RsMvaTr;v{6DmN+$KbsG%C
z5G)+XrJSH6h4{gTXi%Z?<_8Q$piyid!apY6-NpNik^@UVqhvC%F8)BDpn@Uh>!GPx
znZxz><h0KVMVlZU2mJ~U{H*c=S)XtcEE)^<a16~%&jh5IaxwumG(dJ)P=uBi9{C9=
zGpp4|nKUnOwHd-0EiDsnPw?^cV|O4}*<n(s<&Z+5wc(L2Hxg2|uuwmk^ISEHoNQbe
zD?&f&&j}I59CGEz`uzh@{=MQu%lrEz2u{eh9|@IP1GZezkcmZ$#{K8gMYE<M1b-$^
zmR&Ip?yLh}aEZ>s{-bR-1Xnf*{u$1Q1%du~>uo&bnVS|GLjEk>7>F}BttSHSCb2d~
zK^FX9K{q2A(f&hFGLDT|n-q);@|a7mKLMN`W7)9aw3Ayl(C9GEWQ7Kn9~m}KJa)9n
z%SL&Ro$rt-iKCJx9IF}r#Z@OQbms9w<5@NX2DNMvmQGR?eYh%|X$P755b_11rmKmj
zKZI!f{Kq@TL23(wh!I-E`h>r*ZBlf19}n1?B~wJb(e~+iK@~?#4lIX3JaZ#q{M<Q_
zrOz5xU>Yp~YeZqf2bl%?`k+Ud@f42o8Y-G&mB6`-Du|UO%Qj^X$}kZ!gCbKW$TOI6
zs)m+{SRIqUcT51vW&@^2W4iGiwvItTb991@e*PKcGYbgH)oHGlkT^hfRDD_5!e%LQ
z?9`-?@Sj72|F6fO(YlR*`r%5C)nX1TesVqLws@>6jv6t3q}5!qamo#)<HkZgdm?4$
zq0u7zb=~KE%^~AQHwj!|##RAjmP86PH3LW4mxKwd1Ql8^f^}up4Bn86v{?o1{oL%e
zIN2jL85N_=8}nDRYqZe=lW}w9Y1>5FHdeDla5&I{!3YatO(E!ZK^l4he@G~I6CX6U
zj_x~%@derP6!^-3@x4cwGvLseR5~>CAp<0Zb8;BWr-^B}XZc~Qu;UN%<0OR2M(YZv
z($=3eKZ>=Di`6oFXZT#O$xF5T;m-QMUMOqbYVrb+i${Kt?<hMLk~4f%BhriM)OD;S
zLr-`XfYmfy1(Kc$9$8O{#3KRlRtzWvS$kjwAx(qAkWW?^OZTBr);Ba9ehJ2d@c+=e
zs|i$(pV(`_HHu*>sCq~vAz~<Vw7$^m9&6%d_n8TnnEu-<v;WL9@%sPYxcCqJ>H5C`
z(a3P@`ajX|-}C?fk!Q^MKWp(H`N!JVK!pB4B7sDJ{)o^x90bkmoYjAxb!>P$49}`Q
z_srE0?qREV?qa{r_!WNkYW_rP=j>Ig<x7@XgZji#3t27>px$O%)*}L+>jmEs9~R6y
zC>F7S;Z*uW6Rr&hzq#?e%T4l{Mq9(2cwHE>l(}{nYBrCK{vY<9wV{n1$<OIup>eWn
zJ77?&-z3f*;T3j5;DDRVT*xx&mKvPcZpM#5a=H2KS0$+*egT<d$;~c38QiUws!CPW
zrB_L%x9F@D`*N~;S57&KRC{}IGv-kBMDlJL0%_zMbDHGU`q3+F{uR6a*k&fIwrODx
zC3F_PaOj;4GH6M8rbl)CQAcD1#KuunA{*+tWWj;RK?gdnT~gny<GHA#&P8Upxq<-q
zP1YgDQ(}kEymKrLqO14Ey*jzbpgqgv5UI~ahNwrfvAIkjOA~6l`TV)M`wF)&UNjJV
z3lo}1_8w0L0P(l6ITAzyb1$I%La2BI98^bOTqD`d2=AVOvW<F~7H|dUcH?T9K-c<9
zlQbHQt0ws?X?$)fl#SovStWdF0?NF^&YTioOo`9x>33D2Eb*#Z0t);cQQ+S%l}x+U
zO!_tE{aS*<N`I203<DA&ha^^iJnE>LW-~R#ilWXD*^A+)tNNfQlCqDal|@U99KZA3
z_wE0lKjB2LMBsDo1|c+)S29e3IPiSDXD*`w71(@UC3Y+lDdmD$D|(fBK|)iWVrGC9
zBtGMK&qIg0zU|<BDqKJE=)6v?2I5B{jY6R)31iny0}U{R%Zp=MrAJ;Of_O0{ejHI7
z8W)W*3IjV**ts7>t`kZ{VHCSGWQ!?DeOofmS3nZ#(%5mS;)(A`k9&#|8O44QaJ~?T
z@L6h8Phe)sT-SCzMTrQxE&Wgf351izNw^RQv!$H~sU(s(PCx^p?o(HIRD^-5j^}aP
zg^v0nAUu+ejHssyCNkwts+jBteoC2$6k`SBZW1o84hVrek*jzT27#TLD)=H2e!+0*
zIU!9JQ{u)_a@SR4$I$spxx$|MaqPyvVsb2FU`aq1^CXPoKqiV0l5?8{sZuuK%G9Bu
zswQ>A&=yeTh0=+HE2yKeOJBrMBvnB><t#`ve-f7`p6@RPlDaHn%v8r=JWV4d5gr4h
z93E(fM-E3s3pLjBVlPURZiFdKk|fg1Ol6w7fzqGQ3tdl$YrdV7hk<nU_aa#$eW{qq
z9q3;<wx&?h(6;$CY9Dw`AVY;c77kCDqj<u&2n36jDUfmK3n#L52faEbyUYf{VWZ6K
zE1j@GPt^wYsb)&Ann4%;0}Lo=WzPD;bN8v6&sG}<pCFHhl1~k5DDOTjEtS(!jZa{w
zk#)^yP~rs)vBU42xmbv+vI>UU$*JB#+{ig3bcKbUWy6ot^%zJ`4ZGjjI&o`zV{`pw
z80kc&6Ql6u`sT*=mQHkZqD>v<xq+V#x3Sv;O*Xcw=IHwoC#sp{qd^7@%5aEH4fJ}F
z&IRw_$^4Zz2e&>?4Z#ihlVa{Ild1YB`ReIM1ah!`bhK~lc|Ema@Bvp0l)&L<sa=TO
z@Bx38pfN`dEUPLnt2#E9NblW;_hbp0w-4{185PFdZPVMp`(+ZCB_{=^jZpGuM}v0^
zc&Y&BNEG<Shvt%PP{7SImAeG*Kwg_QOLz#M7Vw#d&kTG=LC&!h@L3L@Dfp}cAFFDY
z^fLwDDd5{0zHQ*=jL}#M_)ZSrQSj{we5@-g>9-Yp_C8-UsmP0ctGssR%d6o%1x7ai
z3g$W0bTvM-Y+!Qm{#g}BRf67a1h}(6fPk=p7;~h}9P1LD!0Jq3MJ7hKk?YO^xoWg*
z4%*4evI(?G-tKMWy|X~x8m}`4FPp$?PvBL0KyRZ5&bR8ps|9-CfF5|Wdf+&V^?<my
zQG{0u6u~iiFohJ=pn`N(4Q%^1dhlw29ymq~rm;>|b&eMJx6y)E3$(y7N-&L;O<<j)
z1I}%9!2MPo*j=Cl!P5`38sJ9PXn=nk4cJ|v0fE+lS@~B`&XGU8jr?~P$Uo5XpOt<E
z=N##Kw~_wt0_g`@`m?gH;G83Sdx7kydoHSTH_CKhj})Dkt4W`Si%REC`4d!~18iTp
z0p!Y}Itc9!=#YB6LO*~uj=(kSW}}$cQC+Kxk!sAy^XDWaU#mUY>k5Dtd}9gwTT2**
z&2S7lho^eFsLHK;=0<a2^(lH4;2{17{drxzvt7l89A5*Eka_OlGz3n7DQQ6_Zz2=q
zdGVs*u$Ib4uYzWEu|>~!s|6!Gn|uxDohWIMJ{}&}EvB{_>A2e^zN<yu#9TJylKpIa
zb`DyT^^`PWOhWbXb$I?4rcBO_kp{Y9x-EpFh6WlGTL4NQr!@_tIIbo#r`6zbz|CoQ
zfUN%smz}QBM(sw^ANTZ4))l9k38k9$<)ul>2P36Btna?h*W&@kbH6Zj`Qo>7T}3oF
ziB+s;bK^6}`)6uNeb9kl;IvsjHGVU>XBxm*QWOGPeOFC~8K)dTTT+bc!!-AsQPe?B
z)Pnj6qqMGzOjO3!X&1OuiUo3`KJh8zB-O>JS*a$jMK(YUTF@72&O&9CC6w}o*0(=6
zZK;@QWGLPlp5tM36Jk+?JNZ*}BqgeTPo~fhK<U&-Qk()e4frDQvg-Fta&^&42Ydix
zTOC}nMcMxwejRH>rRnUePlvqwNsXsI@oqMdYWQU4^b~PM*cvwsQdCP~9_{zKF*A?s
zy|%yR(Rp8K0t!~-O5eED%4c}H)LAa*UN*TaYE-HaFr{Lc3=p(OrWw#2HR)oq;Wc%5
zmNyor63_Am%hcjo-e{U?7&35SIwvt##fhndhFB)WME1YT(%ijV3)cUHOz#fI_3MA|
zV9%`odEUeRpL@Ap@4h@-Km3KL<GV$-YgJqnNbU8QLpQ%>85aVgJO!++pAYsAkB_YB
zb@+$x^3QiI`2NrD630#7zw1w*|K>8!dHDYC<C<RoKUeGj%&h%8@DE0xYt&tHqv^H(
z$(?__OpLoS-|e?@``vwMAJ^*9hMX5Gr21)g|6b_>kgtiGQ5bGl`J*f2w{R)Kg$=W*
z?|TdEj;{sZKh*y2aNO|y+l<ca|Mh~0^B?c!YTe;wwOXYi0S!{7#GMY&>8`=e)IQ=n
zrNTlFl&<R0;G~w0ajm?FFsWu<n<00Z!8pxYma$|F<ucf`?v^-UQSL~s!YSt4L5rz?
z{0MWE(~PF88P%cWx#yCO4UmugR78>4Z~&H7IA|3?3O?fa{i7N+Lcb4^bxOWr&G<T<
z4aafg<1(qO)Rs#xuSQY^q##8ZQ$)v|Xw?2f*;Q>hPsLFj6swd2V+xP(_n*z6{>iQ>
z`=1Alx>FoC+JENE^#A;a{@=Y^kF~|l<z6+}`sfEn*X&>oZl+AOb=*cfWc}1Oqr#2-
zH`}{AZL+eeV~C-zw(h+>Y3O%gOFOCjjntmZoUu?NHILF70NFcOKR(@Wt3v92bN8^h
zS~*`Kv&`uV`!D}?)Fye4B_oxyOR}=~e$xVEm5k6Z;e0$i0U5h5->mO#HOU$jKzL2-
zk-WnAU}SH7WB=&q)6K1e*ZaR<H1gBq^~0U5<95xaD^BehV%TWn-|g4yJ4bj2&`$T&
z$hk>cnw|=Z9D%jCW^0RUomh`F!d6nj30R)|`*npZ6J~2|iW=)t@1y7pNb7=VVZaMj
z8b$gjxtJw>D$}ZNII<Z)m_b2Mk4MdFvXyit@2^>p20hYBbB;`t_Psxef2nJM{a?B4
z^zRJEP4=Jq)8{{V^kM$*ey%C|k8)RSfHU0&cxzs8V;fMIeBA^fw2GZRQFc21kl!my
z4UeUPJ}C|KN`mj!a<jLZkk#!>8@t@#K38V^WWE_!;lWo$w+nw{x~4N8H*sd0tisrT
zZK`N)j0#KFoHU*%RpYt4P2TJuldYe3kB(<;Bhe;tBK<@g*6iXlnL#|2?W8cRbI@R>
z3HZj|BH-&R?)Ls6`AY}alpCg|O|rR9gzQ4H^$35b=u(fzD<Gu&7Fxy!<NQx{P1*m$
zt@X{ltvkkX)BLX=Owa#1o^3za|NFSmi>oy?mHXPnV#-f$E4RVUY=O0|joOMf@BbJx
znoPxvwyH6s=ZB0|uF1)Gpu*PWC(d<-c@uS9#Gb`{#jiX4@zpBy^jBXVZ7!1wbS}|h
zj?L*>*p87RhBBn})kb;C!q~;?PZ7#i#eeOhbINceFG!Dn&L@}9vqgu*13*xZ70Wu%
znAARSg-T?}xCbQbn9O`c@?bpLl?G?CaIY#(ui##_JCgs@_pj@FN3iqjrv9Jr&5Zvk
zV-Mf|eO!-8H5_#jjTk;h>oGa{42s;V56cMKm2kxkeMX%*0HVyn2bI{^YVd73H*Esi
zJXlrJud9$B!z^PYV?cyo{S0JG9A@J|A}i4Ih<OzZk9EY}JcKvkgR$@{%k+UJu!0B&
zatg2MvR105itfJIm?&zpVPVg<pzQt;^qwv-c4mKMl|%nFX(=p%JXZD$?Thtz;(a{s
z3$Q1xaX&wEQhe_7UMD&2X4%K_g)X_r6F~8^WtkpXn?M(An5{hd$q=5KHguhl14wM}
z1iFsG9K>OQ&{v|IuR)%)GZ>auQB4q&r^Kd|ERmsv&tFWwgd%d~tO(@2!btlC@hDv`
z;Hzi5crH@3=qr;vZFOd5IaSdnD=TKU0@t08ryDB%c~uoLh@JIz{Sf)K&q(Vn+U-_)
zu)6{G_;_}PBa)G9nR)2e+XO6di+4L`_|WSNF-&a>nx#>O8-s_C*oT%xik1!_j|m_#
zkzK;g<)8zg^7xIdw-*^6RWfK{aQkx$bOOdHtzF&0hNq@_sLZ}tdT@f%S4cGW#jy~i
zgEpNds*-BJr48-WberuFJH(+Dh@;1cFxry+^J2;MAM*Xrwf}cI`oG2euj5bKf8TzX
z|Gk&%UhRLfc7o<}#Xf=T|7f#cK?Z%;n{9oW-{i_kufBrXnp+$gPugbmp87Le=9}#A
zD%f9R0#_?0@LH3Xbf+v{F~Ou<OagQ<0jtOCH5ROSGm8x0`|J4UzvkNi@!(Du0B<<|
z-=@y={IBb=hxy-oxgP(p3N{To#<(^|-r=&0`B2d#fxLgFhP)Oby-yP_%o<<Xu`HRK
zXQXyK_-xFZHscsczOdHHC2VD-rjY2+*I-2p*yw8oRJ4CBUj168o`NB2{|bLFwl#TT
zQh&8%SH-EHE$i90D2;^U0}jk*-(#s?4M(2j*>LATtyW=)uDEJf)S=r&&RX$uBj4(w
z`Gqg=aJ*JWbFn2!ZTPhuWqd6_e68gy&OyC_4(edsCv}{2sH@qCdUg7tUdvfh(xo@z
zz&N9r*~q6p@NENO-~o_8JBVvQumNq>6mPz_UOrs+b4}TQ-2XGY>j*G^ApT3>2M_UI
z?&F#(fBbugE}%Dz|2#XG9{+i+|1ke|FBi1`<s29G1h4_6mQ`_^#G}{va3}|(1}@Ly
zfsT!OeVNqj>S$W{nSIUG`BWL^I-%A7Oqu+BGxydkybC+ZmytAv6@SD6?y&GE9LS4C
z{e*d5y-4cHK9n+Eh1L~mPvpgE2G{e0FskDwZc1mVzFNLg)J>qECOd7;E1;=WhlfoU
z)U@SA^RlLZ`6>A@!<M=EE5(4BfI*j4g%`X-|5bt?Gz_Ythx4(YT`E7&VYN2KFSJps
zDNr@x+9FIu6sDBMjJh%kDUG5~CTZxhK-QXbOLJ44CJB7tag@;1j(r|FcH%^lWPTI`
z%=hg@#pA>Ph$#AiM4^)i=B6<fe&jo8AXq5vAPv|80QqKNy;fvkrI8;4Vi6>95ILdn
zn8#V_*qo=fZwtDZ7#N?Qop(Nb?DqQE#cwb=AAh>M`uxSfO`J3ljtG1^V$y{cPNcCL
z`ANe4K-x~c0PgzBjm@p?omabm`|<VOoBf0TI6ON3&!67@{L6nW##rhu0M!Dr1DD59
zC|D4PDD}AK+jhc|D0S@!63}nC5c~xfIyg)=5OOeA@Kw#_^<~e|I#rXA3_xyFBr<f<
zl>3rGLhPj?5>AjN^D8+G&CQ`DQbdx*p)FGu$K0o05+|NyGVu9AQA|Vga%iay>J<AT
zO(Tv@q+aNGEb?3~s7QV9cF=qS&53Ce@+6>68nQ5^ZsI3)6hO-byk>TIJ7|G{=6fuT
zpr}td=wIl%G8PQJg}_Z6Pe#tIp!vBJVhZr=)QN1*5xx!8q(1dy$)dpZeQ~>*`neQf
zcnu%1a6=k<f$c^fcR6)@2fmIpaQxtQ&~hmxf$MPBlT<M2^9TeQdJz{~QU++8+tJ1f
zp}KyYFgM~J57WdGK4VF0v&4mez5_sS2`-mvXxlWBGVwUKIRh1rJ%<IcO=XnWevIGK
zJa|^E_~Pi@+|`utJCfuDQlu_tES63ZftgO+NN^^ZO#@I6jwIosTO(3ms^ivq-9U~q
z=%?|1f_oaEx5j1~P8cq#*hWLscIww0PiFofbKXX$O_9~=Ag_0ZXDS?0r>TwzL$7?3
zHBnKd%r=0u(-+wG)>okU7Mb$m=kF3Mqkfi%Z4p!0p#4-fzq(ys#W+LLWGF~xyGB{S
zkfhOQ;V3lE0qoO~4>)>N=`SFCwMfS>ABGy$5ioqx(S_<)<Et@=dBXd=UX^@)4!_za
zqVBMZgU9cehwxAJbQTsdogO?X9XmYV0)WpV<xoghK}W2p=sIetQ7}MgpRf~0H~qD|
z<5BE|5vVsMqB78ciWE_sOP7wSQVBuOv<f9tFDC$EK%Kuoo=O#vX!3g%p-zrfheT<2
zZU4vG!z{yhzoy22pA!H7Mf_KXIS=Fi`?%)FANRnDZg)itFYX4%_2Ykg&ib$CJota#
z&-Iw>b?|WQEFF<e`AK&1U~O_V8jDUw4zw>H*+%!b7J0*avRyOkQG<j7o_xgd*8XK*
z4%*M%7uL1lb|hruxKHurxYHF1>@vp9>G2Wy$*gVqE0hA5r%%y6S$RKi?jFM<t|Q_O
zoa0{(wn*)5r;mq?U4?#=Y-;D3)@$_mHol8BJn+}1&`a9b-f0_>fnr^5Q^w;n>xaFq
zqoehmtzsP+XUp-pbBv|Z%N^p$aYkZAt_q}M+#AUly-LWNz4afrmP<(Ep+4Mw%j_XC
zK%o8Y^;CBS{vV9{Wr6Zefg-CZ$r-!?B-B>sW&I@^6X?K@;e|{(>1UuhU$)aLx0mRo
z2x$5RiDlXNvsre=wHn+?ibtyxV3G>5a$b_!?ewJ%Y6Kl(JRWxK_EaOhLQy8UUYiHy
zAR7)l7;+>z&pL_m1f8rCAIv9U2FsyT3mrAmh&e8`K-rtMrFjiNP4*uJhidy0V`$|c
z6FeUr?jMl#Za2F;kb@0X%}wJ;mY}l(&GQ^3$tf1Y53eAsR(<;#yLShCbWUoxytZ+0
z&`!E5@=98J$FJMHj?fQ>M;q-yqHe7pcDD&`!2=mJYidNYh=o>;>E-&-7RJ9j-P_(M
zsVh<yhfZG?&Ki?B_SHEHr<<JtsTGi`8FtabswYJUOv5$Vj``qB8aTz9|7Gt@0OYEw
zgyGHx=?9nqK~Y>@$}HVbsp=&Ou{#~pThbjmozUGOU<jR8Rj<0Asj64ht4epXnGh6k
z{F$K0BFKQoPiNpqT*h%mW(<oADmXAAf+G&{;qQz(%7}yT&q%(r+<V`BRj;}`5QFfg
zG;}TZ-R0bK&wkITnAD{6(WerNQ4At5Jk?p{L<D5w<rC^1$+-o4n2$M*<d0E4&GxP?
zo<Ho38PB;Hcf>X08;8vJ)@C!l{#**Hh<5>2_4YS6Md)pRS9iyj_56MqzVF(!bx?fT
z*wHE9ZW$ct>g(eVeOubs_4aiSo;Ntuy>VD1=z*WkgZ|fbnen8UNpKQf!AbNIRN(&{
z7-wac;mtfU2+Q!th}Oyv-HRN#1rR6!xBXS<!)13CC-ShZO%1TDF+^tZ*r7i`1Hrj5
z;~7kp-ni0?r_^(zP1T<}20NRZ+7ez8*$5pwtyB6@&PM(a_^z+F|15YOuP~KA%s+ur
zR>;|z<|ewH16-#d-j1Xk@ebDF<y|*JA7HCenGx}emD*+HWixNo&d7d1gZAH9rK0S<
z<fQo9R3a%Gz}sYAd{BU;+g89)MuB&<^fs?rDP}GvO_)Sayg{bV7sU|W(KCXwF_H{*
z`<0|1{0ff2XiN38gAWP9&8%P$88@iqECvn1GL6AaTLwD2+kh_jVn%x;>Gk+PH?ZQ6
z=ElPAzQOJ(DY;;|uab^8R;A;j-^r<XNTXLz!y8{S4G&J|Fi`N6pq^Q#pdaW3Dw-;%
zgu{oO60ZM1RdQZsMu(5C|8Z9nO52AInYK^;L^y39o}9K1AEoW_6rQ1S8ktWeFtEPG
zv-8C_Ai)n^(`0l%B?!O1?n7b&K)n0AfOh-30h1j391!&@CGu(w6mjGJ))(AT-i!=#
z7&YqIp3eok?6g(N6o=t!n4=j<=JTz|*5vqjYa!VR%3*7v)lFquL3d~!&3~{pVHGvb
z<@abPo)wFo5C3PfaX#J^)>BX@CZ;_(S#Qvjya=8=)JM-3sY_q=ka#0Kd{q2~pjr;&
z9@|O*6sLgkD1b8GItnlz&9*wZ%xi$?=xc!J=%KA`!1ktvK~B<bO_mC+iEO?V&Mn|k
z6Z|W-!s%%(jCidhPP+Aj`4RYM(|;mmgW`K}1o(s0m0xe`*qi?qZvTDV^Zzbid9?oL
z5qTYY{@=!<`G4O;uWIMt8#{bsOm+XSv7s{mchmBt=l@8&CUMtnbqhPayd~IwHAfBJ
z`ReUo-x6@wY#K1Ty8F6^K;!S}9mI+XXAN#{@9Z{F7hDK(#NmAzh7cH9d@DIigVK>1
z>Z~%vS8c0TtT8UWm`g$=NB|OY55-Mj%tOJ=aA}Uz3i=z186t~iXwyqCy;SRcIrmOq
z9`=>5&$tOI(^9#Z;2fI&m~(i&k@)EARlhX)KW^=^az*=3BK~7#!^)%aA4lR9vj3QN
z=CF=&==;CCdBxHApCj_Bvj3&Sc?s;$_kTr0L(|dyKN7F%`)`kfEa*^1s!VLOn9aQE
zF(#M)m#=7UDvSSWYG^*1|NqFmRxj+@)JZW_xW(q?EggNmon~ZNJifKLGam06>N3ym
z8QR!~sz2qSPZs0x?tZ+;Y(})?Z)44r@oi`zK8_tV;*;VnrPE0kW2s^)vc_1A-{BwI
zO06LwdUeq$X6!YXJndXYLAss1)lQg$c3~GNB;6V+nj0xSzqdNhk8u~2?XzHK+9F<Y
z0)8E}?PA0nE!gR{$fPOi0NG<n&x@F7%5RGl?eSt9KgZV?wX3NjHa@-#Z^P|si*$l~
z53^V{1dZu}HhvOM;ksI>wuomJ+qMj?Teb>&Ssmw<8mkj-Y63o|oL#1qYK!30mIJy-
z1b>v@!rW4&WHBPvRrd8T`Yj@BR$J3pn(V^Kj+j;kW+{P7ePB+{wum_Lu@NU7G2?4i
z$1U+t90sm31-vK^Q%E=?YgWU~y19`xqUY6d@p*Neex0O~l<g%8P98(MB5T^q_nQhG
zbgu8ER4}DHx@bjb{Ks6qaM`i|xXfkCbSP#4umP~<tX<BC#lr#aHTqMA_ps9?K*`!#
zKqDWvPA+AS6XA=j>2b5R0*-vqLuTMrrGxjnyKtK~!GCu-_89iGIu1>z`83z)i>w)>
zzlZvC${ovPTno-#mw0!mJpk#$R5<_!esieLqw~Ve!AXHN=z(sB+7IG^mB4I~Fqh5#
zheMuE0rNY;WIFlHp|1x{E}qd&eq&bKl+|$^MfmqJEX!KClHjkAH5=)}AtRdB$9qM7
zhsYX{*2&3@Olx_1A0k)9nobdc`D*$Q;ir)`1N>(C019+12+E-KL2FziFBR?N6f#cI
z&Uv<gXCHs^$1VfDAfK6%l?H-o$8vTtE-0v{#3AUWWUa&BW$>@oA1|PsDrwY)2~&{j
z!%2wXv!hKol^jJ?>(W+)2yr;mgJ+Cdcs7rV0ha06lyJ*3)ApFDcOnXMc{1l!im9rg
zdz8auVktbCwwyv{LR}-XGSDy9@Xb=f*HLSijcKPQ%mP*DwNoQlMidj0((f2D?b&vg
z+mt*zUCLnYQc7kOL-^#i`S#|_5sCrNL~(qWyPPD3Gbe29AjRR!n1~N!lyk5w$+$)>
z%$r#7Vx|c_WhYD|rqFF2&4QCICMKXyuV|h{?9fa}qo!BS#ZR52nYTtTO<67_SquWu
z%>fXwK5^bEK%-K|DnQR;)`W*CZGd86C9p9&;W<U|FnqA`d7R7;CA`62-~>#VE-Vdr
zn0OS!3SbhjUKiFo;#wIm3O!Q~xKIux7fX!t<lQuaCyNs<6nWnyJS?+^p-=(bb_FNV
z0z=wA2;wawhrA?M9EHspv5OuhvE_<E9x`1FBF{LOF&A(CWBvzR7IZ5+rE*Gn6mB@-
znrODvGq()%MF}EUb_kQJaV8$ITLeBBi~7R=Z_my_xAND5owPB>m}z+?)kU(4m?>Br
zfrI944_F8Q&`r?ki~`(%*1(>P+0;Gb6LcKGM^~dYc1<1h5QQh}SI6nIHbA5Td^kHf
zDGQFlgjlF&>+_<FIV5ukFu-~p#5*~`sA)U2|4Amk(6c`wXw(ABPt~QYqNQe~Hm3l*
z5wAyNCg_BL7+I8I`s(?ZARyvl=sxY(8F9ERS=GudP<G@(!J0s168S9kHIFv?v?uAh
zJAoZD*%2Qw{RdE+W(`7}{EMJBcuxT4oQ4^f@cg71`QcQ^Lx*(8%xA13CN1W30vIW(
zYr#9zr))U<US<M%Pr7*r;FvDBSz56;n+{$*P-&4F&$vPh!oOhK3Vd|hBn_c%B)w=+
z>t3CQsU|a)=OM+VYYjk&xr$bsDWzcv0yrlo;Sj;8-Z07=c-+9_22oLtYa8qyNw(hh
zkY`e`WUNfC9t*aIi56@P=v#@l$nC#S;tYa8;e`6KU{8H;pilgcQ~M#N6*a^k!F*A2
z2lSI46{F#V<!~bNBCP>a*%HB|qtEw9aJ?#VBMOeNFAiTaNfg{MAUm>Gf?HX)49lVm
zozk;NAS}^qR9n9QT{#T6Ay6mrd(<3(_2#G-6a&<1+Jd8lOqsDmiGx^>=ueV+;3dR#
z0;@v)Nz?U2<ZjYJ%HX8c$f6f4so-ck=-@+~H4>U5arJAvIXS>@URr^7m6AH7kTHon
z!8B9o127C8#SConLXsHOixojUsH-GB$OhDHBG98P#10c1Yp^II8$cjEQmBw@hz~y5
z@ImJv`V2B2oEGmWB_u&oNZZM|%z$E`e-SuePM{)a4ho}@pXP|aqLji=_YnV>cg0XH
zAP|Y{@8#5k+Ve~SKmsRe27*^2XC`fw@PP3Qej@3>N8zlU1vLo8khD4_&<b`18Md8*
z=K$-)K-53<i~Hh+2t`9KGC_AF=UgOEm-#RdSW4PqC3i*@<`dlv93^fIs}a~ooPd^5
zfXTaAnD~ggcPFRR+hx`b_IA}Hma4-Rn}SRZY9vx_H^zSm8i^(Dw=qf6>7Hzv%%J?E
zHx(@f#nX>kD6Qcm1BVGu7i$8zDW#DS%I1u?f!MBiU@7NZC@BbKw-ZDziY)=OP8I=<
zJS#a$`2<`{eF#jOrfUuW-rzaJ)+2Nn1g=4MMDpsKG(KH#iet%>4lK9wpoLNv!Zq>y
zpnPJ?Edg6k;DS&F<~BGE=ZVFmsbkA7m^QIQ$3rqqvMCcHNrBZ_;jU~DOaXcc5092E
z_Nm*2OmzW1J3;pa=s>@eu$PWYj;}+8lgq6r*y4C4LP)>^mZAv-@G$|Us1n_#4LzL{
z!z8dXAMtsi%wbbeS+GH2JulpE2D<yGkQIcOM#;W&R2|eUP}N}1MVcg^0l_9$WVv(1
zDkLzR08s{*shz4WU8QW;4=G)x?5%bpM7ol6WDJg^)LICs?R45n;vU1GjKY8t31>v`
z2}D~d=tOx}kzytheV|)rQFzYr5tIutn{%;9y`Zimlns>PO^)`U36NAPb(^JhH+Gc8
z*)cqMEN_B#h$qd1>4HwDra=cxjBBELli}`ha?quK0W&-13<!QKU7E=gdk}?AK~)i`
zCuQMErN?7MfFB`yA=wqZXqgD(m+_!sxs|34+2eMygk;1jlEeX!DdqW;AsTtu2ERb@
zO5CiqbGsaXMV1&3X{4yTA*-j+k?q-5&J!A5k+dmBb4eR}hK4qq7hf8}jaxABiJQb*
zEHviWsEfxR<y|6Z!G3UE0{Eh@C>>l{ug!7-0f--qW%6=Jx1c&>oD@=!YX(P1jyUjh
z<rpa%hc?$AMs*pN{RKNis~hH)4t7^X=we(E0)&-Hc>#46dFKd73wEIb3!~--T`I01
zL_Y3<sDC-$BV4Ca5_~zHPcTenqbL*%I&BdY(n1C=0DuaQY|!$CvDZrerVI4=V7b`q
z6p+A}_><5oxUJ~EtU0ENg--P|TuKm{a28&=;?2_}G?&mq^2q&W1F|QRNGB)gA!=^2
z-8SOaZKG=UHH^|(wGb%;P7tgKQxsN=mbDDZvts+$T;TJ37q58a#Bc(*z7AZMwlct4
z_;NdjrUO^DGZ_y=ZYGIR!SP0kt@>aPa=Ic?Q9&aSV<aenvD%q*nBd0ZH9*d<O2kG1
z8A?a>Bz!s-)wYGTSmZxSfd!pH0A4e7kzvBNQW9b1tm?w?g63L}yBX9@G@FYs{X~X`
z$xkB2P=|{9g<Ww2c<!@f2|W+RT%0fq6f9|b+7dD65|djN$<R(m@pU;xk(LfGReYLN
zJ`!N8>Jn48Oh>@qS2?bt$hYA9s>-)n7bz1=BlSk*Z({NAn=A%y6-Joc6-Kr-Zl|n@
zlwS{~y%eFi)buS{Ox=hL#$vHJc@D6>f-nQ#RQ4$?4HoVtPd7%!w$w0ea16htMvgS*
z!~hM<Iwm;F8Y$UQBp%`VRH6_36N}-uoSDm1(mUF{Q;G}=TZCv%vyF%(nsSkx9|KEq
z6;jI(2~x;XSxG~4YG8HLgD>d=tZ?i~n@J=)fnP@8-SQPH;m^g}A{(voW$hz&1XGJe
zRyIT~6;ErHFZgBKHf8-^k}0+-7dAPnH5Ybo_s}}_Vbd>7u?F&8FBvJe20FlB@k@H&
z-QE>wAR7(!4)t~8FP+Q*@VmJBGSFXKc7h)|Hg%mB+F?&4e%<5XrWNdk{2+a21lnRz
zAbLRgS)78^NUOk|q31086b(G4%9WKr+9V#eivFW9dYdSOPE<Y&D2JO(kK>g6$Cr9i
zFDG;e^cIASga)rxz<v96vB{L}752IU``9v%c6-+Gg!NHL_O2+TMhXY}O9MDbAk%Tu
zKXIOiN!3F2S;SF?)ab}`@NiNzI&3Hez*3~Zi($FBU5?AQzX>m7c6xpVC#-*p#moqH
zp2wbr?HLIRym$umLxkg;fxCu}*YqmKV@AAm7bToQ23HW8ZMESKc?5J_<(86rDu+@k
z;L(UVVHX!xc8|z5y{^OYH^PtW;E}t*m>j^vrq>k@-vGGip_T*W>HU26QJqCKA5=iQ
z5VCuR9XHik5Y_{%y>r;mk{4$SFCngt(EdnbWmBYrz9MZk$wFx%b4T8hq*_3v5u3U`
z9L0ywu%xNXzJV4RV84P@1e_|u@&O|ZC&xh8qAc^tu}D4eh;p|FS&cms=A{0@wempJ
zMq`|E?Fea=B`PJNO67(`5&v7If)I9Av?kd2Vy^FF5UWu?#nA9eaHCrvB(Vx}tPq~Z
zhH>(`N}YD3J((;VC^<Pr;j*%lNn2#VB1Z};BA&0-p%&I+ieLpaWyZ*5TL745;|!!|
zMYU3)>BxfI7A5q8J~Pfv)>)<ypeNCHBf}`OiIF2wC0j?tvf-;@p=5`cb`irIiSlO3
zCDlkdw}PGcdM5dl1Uh=UO3PX$iwz!v(^5Jt>5uxBR9#P{nUVUGDh~9@dxBl5MJp{#
zY>`kqgX()7s>P^hMe3tuirXn^in5ed?7UE&HJ_y(oHi*A=pinXHe`)t`pxOI99r|H
z={FaLD-cjqTj>o5oNuLUQGA21aiK9v^A%}Cz&A2s6bgBsWTcNg$->^w_=T1{biL)s
zx=xjH=*x7*9>?vf#{dtu#VI|?MddGR<!J*$%~@eo$+u0Q!QFRqB5LJ0*#qlIL_AnW
zCWQ&r<f1aO`yQaE3<k(r<4(4eHIWcQXDb^7FB4XU9OAYBAemo0@gRBQg?2}Zli)Yu
z&I^#t6*`AeSB;LA5m@1_5i&emB`|_R$~t7LD|Z!=dmp|BHdRUrR*Gru(Hr1<pGgl$
zW}M_s%GpO&6?8seoUn}Iusz&b>e<TWTq<8BDhN!rdkSBJyH}EdF``zV78oH&PK(b{
zi*^<RBSOY$S0+!{hBa@Z>1a(V;=bj4Zw{g%+Vo4-X3~!^bt1=3v|_uol`KYuQAsc>
zLgdVZsYhJ!6H8S;K)|h>2gADsVICrjMascK-Zpy6i0P62-14U?#D~O$G9m?-zQ6Sx
zf+WE~u5C-1{v@kNYSjp3xX-AS2hrH85K7Qd!?6z{-hoW_4#gFvEq3gBLg=c9C#&3S
zzpx|$O;CB1SWtG6>z#syqBMqqh)P_>FW!&UD5cOSvvYG`O_-HR#^%)fdNh-RsF_Xf
z9Cq_46IKSSNSeV4#``N~fD$`5VH?5wD};WMM7iS@eymMCL5($eHSk<1BLz_!2hnk7
zbQhu`mTLFRIx%fbBwseH>>}gf*U&}{EXQn<U+m&9Xb#*wFbNtOt<Qd|Qsp*~0AFqC
zY?UF;mn6t#E3O=fc08`OyiEM*cL8HmvRTVaSSguXHL6ClGQ?(JP(gW9?10L+a9{up
z;gm*AH{m6Lwxs+Z2#USpGpDA7Dho}^k8K$VAvh}dk`!e@TJ(8UL?1=N!;eIS5uP-3
z9PhH=>`F;Ykx5LYTa*DaQxFNqGc^f#3jd5!u{Et3AixIz)f_?4H0n#xB~>US1|bml
zm~y<lRZNa@P$inNiSJ-k2x@Rd1`&$n&X#1QmBbP8iFhhX7}P`>%apT2p@l6%hKN2Z
z`9s7uNEervCAYa`BJ4etQ645xb&O5~&?yv(YSN{+qmIFecooD+VoR9&QWuoD!cvV2
zSGYU!0CVQTpp1{PU8Vdvwvtz}x~PanO`#w~ehxjXGF=q2n_i@wppz*rG?OH|v~VAL
zqfvUtAm=bziUCnuPm&JtemY{P6-|ShE8;B*GEC6;jZyio2`E%4m$#BT(P2<;yg!T%
z42gge?gK?Uauv}0>~X-;;Hs(w6|jRs1QpPSvVa0T@QQ>JA!yNHJ8e6UM<ThCcAw;>
zD2F+7lri>MDx$7dl=2-axkcY;2T)6A+%dr24Y;x7=^|GeDeWrQCPDQjL6>3=mQ<{8
z6o({}u>wfUPEiU0VljRP6$)!L3Q+E>z@B<k%#RcbLFyj?OafqVYmRGIOCr1=mmx*e
zV5doUbGa#lU1JjC>mu9)1lCF_RA0qH6w##ve2>?|i0|d>m@uG=ZvtE;qV*?2soKm5
ziUF=W<gq|_KVoCCKLT`S-V7kS3#S?x+Gr86m7;jrMuf#RT06Daa;7z`Rn>8vuv-w$
zQKg0uudf%u4T`GOX;BB7<9m`2^LiQPFYOZ?$ffXFnl+F@)usJB>-ETsk*mm%YGBD$
zSs+BH+7LK5ew4Z(a=brvBDBU9VKWt!Rn1>b9~qX^>}c;bGg#1ZjO2g<6iXgm@=7VI
z6pc+9gD2QoAYN8FfK^Y#Sw+BtSIWvuAxi0?lPuv%O1K`yT<7LgSV~!lE<G*U)x-ST
zi^Bft0{Mvsf^>pw)uZ%jSfyp-rlM05wo5Uus1MNqqnq^B0j*a=kZN=Y`=|9{ELcwR
zNsjPqt%z|WAXE691~WMV=Kc3ZL$uCb5zZG7`^o|hX$~|;+CE2I{1_FHB^KL|Mf^`h
z1RNtR6M%@w@LN)ksayH1Xie0}Z!MPwV---;4SOVnsK^dDJeO2Llq{KT<vA!V4ZIf5
z0hzOfay*elt0{sX7Bd3cZpb0?13UQKk{K6EUJK^OyCN|o3EPF@+ENM|L_cnRDToRs
zEK?0k4SHO^rPstuL=;Ufw0k^NA{NfgN$WhiK61X65Ee`(i6IR(S>$Or_Y_zg!sdAP
z%+S2i;Ub1NVS;3!3t{2AS~QF_LMLn)b0X9WGA1BAT9NYy2_&B-wLHmr%CrnV8vu2#
z55Y<XW2`!EQiUf{r*|0aOPc?2Z6U!>7=2hu_)%p7EzvwLqm%e~0h2%%GH$6(8i*-S
zslF1mavWP~rV4aTp)6jB7bb3@X)z~+&MIUlKy)POE@PEt*dZ{LSDJQcj}(hgX1z3p
z31Vk?S*gPkAxlC*L*f94+fCu8^p$7pU{eva0uKb42uS?VkX;VOh6%nwl!zz5huqSJ
z(i{RR?kG~Q)6mUmgrd8gw2y-d&UR5#KY}}{Q*aW03#EW!Tm`gh7J`f^oJTGw!_a72
z{?8OVQAu`$Ol=1vpQ@c?7Dk(<A+R=8ky!Pzd~S(&PMg_K{%up)mqZ)d%!`#^=;W}d
zpFcpo)|+^DMx%`SP<w<#+>c~Q*;DqhY_dKs<;8%oMe(yGTUH&clw3t%RhrY>)oD(3
zY3&IUYs)S~^GnRE#a!%}b&I|FYSA^aV;Ny1wgt1YQ<M$-^@D7t^(4THo`k<uo~$l(
zZ{Hr3GZ$}~G_#}HbAEG1qY=;!rpG(#m1|p<?R9BLlR8)}WuZrSY5Y4JW3E8ET~@(C
z^5sR<d88!-Nul;rlYUnWB%-2YWt@xHkKLf%8c-x9a6v=k5`3vAKs7aINQ?6JB*T0m
zutB~cEl;!$21PB{OUhRrDFh!nrfBqlwOeAbyavhygV;kIDH`OVCRec3-%AWuawsvC
zV&{k;vUqsKrCyzogJJ}~6gbo~K*58smAk_59JBCpN}8{w5>AvYIe24)95)#F!EWoF
zQjgGifwn!49=@-*a~LwHX|Wq5<)j^X%OSAeR6t8{5udCuiHNF;j!8?oeR#Mk!WRds
z6OD4RqB;fMH+L&I11pRnY$59N<x)OHc1%eL)d?sADjJ;GHdz#xqZK<&xfmLSHpOWf
z+{nE`H?3i!wk2*uDXvIi1s)1z*?e(Avt}xBAz>4!OnKeMcjZaNOp_HH-7n6Lo3f*B
z*2$u{LhMJ4hp-|E(z#UL#aJ#?3<25FM&A@ENW$w$VD>Aa2}qlD<x(nYidzAWAbDpU
zj|LLAWPP29i2)!Brq?MIBZRmNeZI<-5h8|vvSIeDk%?=~{^cURDaCk<N8eJni;OCX
za43?yEDMg6z=<$Al;^ylDtF}G6PcSRe)9dLg3|`gK+C|iM73~=Fnti^3aU)@)QetX
z?r9mPdTNMps-bhJhMr0swJ-wu4Caeyi!?Vz0FhJ0(YDB{RWj!gt*m@SJbSUEvfupN
zN%D7*Tq(}krC#r>T5p_J_55#s!kgDR#uW8GS2i`5=YPhs>qqmy9f{W)A^+POHPzen
zbG_BR#zb#|PERY%o1ngpO{;vWj2|k~zg5oaP;<Xk_V6d1_)RQ;bG?ZV|92*QOKC~k
zUR%nxs;T3Gj~`9k_GU}mrtS=3<~9K(k;P3VPpfD=&3tT|{WNUciGp=)V2)FDP5y7Y
z5P$y&)*%`Oa<MY9rlT}s4)G6VQ=N9dUNRf(v-6z6kiJBy>l6T-Dx=*rGth-3pfdsq
z=$K+*$3E4<WOD}Ul3J1zPLD!2*Fk6`;>|I=tm}|IEUvqPTxAuKqfQYv3qv8Pg0cbH
z@RosIP=oTA;K0A=sse5}cMFErV6dSIepIF(O9lJ}V@?dgIJ6tYu1Jrke7z$59QEi$
zX(AM|o2RG;j0Bnv$BpxKctAxl<ce4WLQW<hF!c;eF{2%!)YX2DsTnMUiaCZgHe!a1
zI|)EKjV2!~%`rytRIo%p#uVL{RZt}3qlf{TGfYqQukW|yG1yM>8M)t`B7M#-QR)LG
z(->=FOAb!h&$a*ykA-yZvmor=XG0YT6)2v;VQBJM8JY@ozG7D<rx3Kce%eOb8Mds4
zO*O#lXu1J@C#NiDthe_g=g<^V^sO0$Z^{rTMond8GTdUh^kjCr1zm)K7NTiNBMU)p
z5=Mp)TLCsK70Ue?4<q5#o({ovDm{lxMV6qG<p|9cueImAh0GlPAc7rAZ%Hqf2mY3{
zi*7Dvr%Lh5QjR_1A~K}e6>en^O*|JUd69rINN@2LaOFTgKLg;S2w%QYSOP~TR#Y2h
z)=3v&{cGE^O4uNVBN|V5MLWy53?B#SV>qm)TtbjM9*IRTnbfIdtnsy>%%OwjP<p2<
zi6HslA5?g!1~U9NBS;$RuUdv;bc1TdJcV}BEaf8s8iCgEgp;!h6Q-XW*{oAY8a09|
zL&{6Ds;9S<7?G1waGDGXCe?b<!U>SmKzoCe7f^N|o@IvKYh8s=M<u@_D3lD3G;vaL
zMmr(#Yg<!8e9+Fvn;IHcZVy4R0D9qOZ9z5{PHxJ@BtDUznJs02+oCHY#j?pLmF4s*
zpJ-2|WSit@DTnt%vdDd;E2Z*@ehf+wcMY<3anwykMNXfyx;OWA4-EJA_YR>~S%o}@
z_mLD*IbUetLni~!6sq_G(M6QXo(6>ML*W&6j`HC&H#CV$?|P^ue&1-;VTMhWQ;v$<
zj?`Cn+X-X=<D?`H75B6-j=boqZ>1qYM)pfjQ$cqHVq~r~IYff7pMl@RU9d>yWC#KH
z6l#y3)1BKT<)(64R^G!#C+A|YIbMbwx4o$zo04`;kA6rnfnXfb&VrzM>O3?y#W$2P
zcpg?v>pTd(DHKY?JYxW(d>v(?1I^JLqX=sm=q*Due7lgFk5%a{>5k_qXrwW=G8~Ch
zZnC5jDzY3XG*|vcctd2?E0KnoZ=@CrB~k=Ju#e<FjFc(mqnMme-@HTECJp9hhh4OE
zpr0AvXceXp^mQCdR7!w6jpjzAKw+m5FIZ7NMiHZb=%P;um%&YE$ryDeAO?jI>0%cB
zW2Eh*!Z4=m!Za_Sq{z47167hHzH3GS@_f3@0w*7T75mU&YJ0HGPT&SCpL7Gr%t9%>
z1=Lg0&BvQjUwt0<PO)U2jVZ$sf<PIMDzp()axnj%N*l`DdIKoa0EG1=yHK#AW_vDG
zSYlh~Z*Da^El`z4tW4Bcx5VP_5{_$bw7ev6+uW$duJt|}1gt{JHP^c-CpYSbseFjE
zI66$v_MDNN@Mcdo8EOzZpP1QOGz8x8BTGF}-gsjrN>p?ZXvLB_HqkaTW~hhhF3gxp
zrzRSOudP93Hmts~&~=E|Z3+n_H~aJ~;)3pImLd*0Bbw+WN*ugK`sIL~vjD+53m`w_
zT$)&ym2)z#IaDGug1!blwKc5AAeq4xiRZ)SmbMZFCuyae5eMrifs7VQ6e4SUWWis}
zF8-NycJ#l8^n^^yQyrk-LzE*_Y*U6#!gtNssZf3$rto(u0EPpe@Zjg^ycwEZ(8(0t
z7HqPtf77zT&FveP4fVA5pEbBP1m?+rQ8i|O1ef)tQ9FZ)UKVP&Arp;S84sf)D0DDz
zKhsa%FRdR1k7HtO!B}M7&kBGAXd*5{GsrbIERW!Ia=roOc*Ou1Lp;rBE(`ZV|53c|
zM9+?x+nuIK7s}Qw>P@wnzPUWQ3p#0TGEr`iH@puhx7pa-(%9J2bSCVZIG)|(d2<nv
zc<SJ_`tgst@sIecy8mCdD!#TcrttqaHo*Hb|9^91!%_eLk$Alk{Qsu%dK`@dIAU=C
zwQu+!fZC(w-;Pu?K(M3N8XIsl8sKO&z|m-czyN}-Dn=Nng!fvi(CO6B=d(x^b*E>!
zH@XF{?ddh!&={O>@$LcWx^~u~y8{MhX|)Sf0ViK7<XwslD4JHnb2BB1fT!dtqS%<I
zp$1<S+zDV|Kwu2$c76YrWt0N|W}OE{p9Xr5l~z!upc*<#YPb;479;xU!nfQLL+6>8
zR+C-MQWEgulvmK9%Vdn0n=tn#o8Jhj<f74}g8AzRMy%DcZ`4Uhds*n9Be@d$uEdk^
zk-Vf7>o@n2@~L}@(DLQv4By~ord)~{pLTdcnEAt?j1LZ7smo6kklnNIC_`!-7Q=8d
zyr_hYX&rn;oi0b@or0rs=8Ki^{Yr~cYtWNvu1`RAP`M(!JBXLD1p?syi%lnxfo>?v
zNTBuF!xX;4sg=u2$kg0fzCX^RIh^Gq6&NSVmo})l5MQpN92+IiU^YQsH@W~L<Nd8X
zfGl5dI1!A12|^zhN0;U~k2!1wW#$mF23;U5dO<sQEC4IHa!sUhCbfJS)3xc5k1<%&
zNMcON#*3pOWJ2suN}X4Kf(DU?w!`r<h0e~_r-F%+ZyrtB0+dS-s;y`~XkLak1lrXg
zX8QBmjNVasg`Ls?!-kC%5Rj=TBNk>-15tZ~Yd8>2*#*zd8EyiFYMHkrKf!2<i3s%I
z8C6gt72G_79Li=L;zVRnJQ1mna*{bX8^U)af0AfxXhbNg;g-bejFWZ59??}Tgo!6k
zN0jCnHRuY`M3fEuQ9kc@9VF#=Y^KD-W<&&Rsx1iXh*M?2Oor390fkHlW+(2ixd@xA
zsHP=yzKo5E!ft9Mj%TDx1<DD)IrUrs8I4FrHDPv7yXaHGrQyweqLeD8g)!brxVu6Q
z5#PnaYe4?y%JVg9(S2Y;RVPIPr&dMf4@(J3K}g&KbO8Oj@n8jB5A}4LgPYb3ZEYXu
zHhTxn%>$dx>Fw(7G9&GS@HrASxAqS8Y}ztpLW_a+{-N{CP3z3|{`1VUdi%SgM)$d!
z2f7Cb%}oPl@5ar2z1>|=v$wyqZ%bEi|9Z0np6lN<WcKxL>>Ywmhc=lwpy;Z%8=hNd
zZ0sKB?17K%9ld?ML+3@!b-hFV*ylRvwB6j?J}}hVxuvgt0JQ9Z&6@_hVfZeie^Y;N
z|GEJfrF&y{{}3>lei+K^J_kOSgFWqieKb`27MT42&98IQ=JN)6*Y^yWJ)8Qvx(5c0
zj&7J)dq-b44+V?r>}&7c7&W`vH@2_url&SRF9Xy}%x-H>H+==;wf7tCokP8w`Vl6b
zoBD?a;A0e4IWVLi-P$|Y9W~nrdIu38>jpMK_XtjS0%6u~z;pfG+zW!*4D1Lr!OvR;
zyZyOzb+`9HUxPRU_`;BlV}B}^*w@7fYt)h%R=2*9A+}K(Vpqi*SC|dWEe#DV%bUs!
zu_y}uaZIsCZLx38S9SZZrUt&oF($YFE^lgHUUC1cam9+G_TMA%dPCTMr9tJW`S+;#
z_m6uA?5OqksP%XH)?b0{l03bdJA+4!zDJF|e=1kN6#ik~Iu2F@%CSj+^U#GcCnuMV
z<x9zB1;>pg3h~PdZo)1U-FV)~G=ZjN<%@QqaYZbjN=MdUwp`4*fl=7(G(lrB-xp{U
zDeux0sZ`YR$;rvusYuKiK#h$GJ{-c0mU!i{5dn|@7%lod@Dtzi65-dRPMM?b7!EDw
zqm?J|&}Nvo3z-RnQh16h5P`a}S~%2JAWjHV4s$}|x-8zFFWAdeK4p0)%a6BP8giGw
z(C!kL)$bC>fOV{TI~hI)FH`we7iG5ALx3F*Cpn=?Wym7xbp4Oxx6qu&VeD=JIEimf
z;>0tH`g%KLI+|q!H?hEslPFjP;yq;#Y-tZZP_^aOZmnxMf4UAJt%9CrE%kHF>O;t>
zPiP3K*OcW_MSM?VGnQ@?wK}1T;mz$sJt{?DP9lZOT_p}fEKt%@wrZ?5WOAxXI33EI
zI?E^3IlWmWt4s?G(`eh*wp4nDFsY4}e4Mkl<}rh&KVc^=vo;%k&hx0uH0_%o<p~in
z=D1MZPhsd9gt%C!a$bo`q$2&G$TvDH7|Jl+y3ndM!Qh5U6<+O%26b2$NWxjsQGHB9
zp=ym(U21U$g$@mlDk=tfC9bDxNPOaW$WHOLpf)!u>twT+#!ZT=CTS+rG}yWA=d||^
zbq{OjU?k%vtc+O~nryN1*r<(Tbfnez#nRZ{5xh}Uwl~VUO+?hg1i#f;NmcI_k>cRR
z0<8dW%#g|8EkA$0g#}D(y4tE87xgqWUrPD=caay1+(tg&s_veZ1i&H4@UE}F;z0H-
z>Guc_O3vp=c`C&PQf*r3H>(WG_awqC>fF@7P9homH&U3@iqDK9Jlfp2D*H}bqLY{y
z_bRL5s9d6Y{|5Q?+)_>?B1Qikx^a~Z04I8+U~!!kxyd-C@_T89^o^iOg!j`V+Hlr4
zeYNGdqwbZEcan}iBb<I1C*LT8Z!CrF1kf__UP}stli!ka#{JsusuZ=Mv2Q<}9FMHs
z2U97sLj$c{mF&(?X`?G27V+4kw5f(gLFZ#N3aCRy<j2!f)$zd^M&GxN&4FDY-xxc>
z(o_pT!!4f%`6&}w!XVx|fwc@kP$j1iP<_d6QhtV9fQ-ng=qgI6<w5r&+nd+Ojp@~Q
zO;m#Bx(Bp=apw8TKkl4jWR|*`#8=~FhtQw{Wea3kct5pC-8O78s!2D54mn%puj5_8
z@Bqqw4yc(EXev|o85m}c11onIA3M5HFUn;j1Lbc8>*N#X<PJqL({Q0TSC#M}lm!4d
zwc^;Qi|HcaXNyX{JDhQ^DExAUD7UMqQ#8m(7xiq~*sU<0lK=UHjKcec<;zoSj1iJE
zL`tk;nQcO$Qy3<fW4l<M+)k+#6r>~3CQ%e~|Cth(HK<fh-|#063@R#v4LDV()QC)0
z9Wnq1LRdfRu_`KOl&3L}+Y~KlGvu-MDY2MffEVkN3I=C{<^QGSkR}O;vZ5gdCoZ7(
zgMK(YbsN4-h_j*PRFKC-nZ$S$*wFG(w8qr1f-uX5a--`4Q4AsC8K;kBEtxo!QkcbE
zbIn4*giH;C<8*2j&!z_gk?2FLo~@E3cmQ7H=(?jrPHKN1V$Rc_h@vv(JyI7a;;X(g
zX|HTI4`na?i}QMh45b(bOq_HRJ}}m_N1{jN2&8BRdX8tYM68Y}SYgQ@>QGk1$sM%S
zu*Mr4j~h)sqI%TFFVy!8{{d+ZklQ%zX$oV5#31?<m|&)uYi#ndBWyzWLa+r|g*WrK
z`l;3sn$a$lAC*^wMb(Z&0J>OrOuV!)=_=u?8WW%N;U_N4mhC5Ag4U0JT-{{W#yhv-
zXqxKAbMR?0S(eQ<>}fV_1|Q`tBY{UNw@JXMf^1AVqI`&P6tpt+E8Dg+`ANH=n#+2d
zutw-2GXpQ3MibEzPU8CN3qnU!l|CvSl4-z^skfs($gx~yOkG?#CvmBgaR+4<p|d4h
z&Sy@4K4tR|x_xnKjhs^U8VL>rq_o?jMA&4E7gi|biiGPHL9ev(2InbOpQEN-z|{39
z86Zm6xm2|gbc(u&rT|3hK{zfm*H^x_ZG-i(7=M15G{1d&y#WkGjZ4vy(4qRGuHF#k
z%N;l76@l><TBwRiUD4$%*LCn!J#Mf_T%B_=TsB;@AW-f30FcigvlH958>*VK%mbn7
zNfW5+>H~Ye&K23i0y{mWs>1iwrLjxxlri;AA=2@=B#UgG3@L`JZIDZ^Xh8V31t5%z
z!{4@VM^t9%gP%Y-2{Z<HsPYNg3qpQkDB=MpQT+iYp&kI%A2=SM=a5!9g%;Fart8o%
zp~{SJX>XWBu`#MEHs-5PYz(Q`Ov(VND>lloa%7})vb)oQLM3%0Xf@OHo&dxq$4A_1
z+H;_(g*YKe91sBk634yq?OH}H3W1<e1u5%c6#{En`qKw_t<qmDi+$wjBI!$Yez@el
zS}Ev-kKwam0}o<3u)R^hp-^!DF+{)GDP+FdDTKY+Nu<2mKZbZ$D>$|65l1=P0-e}5
zDaqAND#D4zn(S6PsnAC4eQB+B3NcNt7aC3`n5kwuGt;aRM0j<R1kn;t5|f~PB50v7
zDm*;V5J!}ud0b*xHjE6sNTO(H97hUK%FOMtInr~oPR1%k=_U^wq7BX7uSr(X5R<T0
zB_hl<fYag23Tp9e1`-x;Zz7v;@oEc~97!unpzhJ4`!3~6o`R0zw9Ae*^VWD{*|~nR
zn-6LMcY%dqbFM_;vOs}fLsx;XK`?pK>Jvj1Hc*L-zUN7}LV|Wl4gadUehRj3DAjD>
zdGfHzs`W4c_oU%v!pTYhO_VOYm>hVXqT6eX_Z_|c)5Cjc2wVjXakaIz02wLNDEnJ&
zU=6B?grE*Fmi9CdrGg-mX4*0{^`WgEI+@PueR42001&%tp<lK~dTux%%5g*D;YOgG
zM1LvCuJB9PDOEe&rPAeC5_SqN6Bh$_$=jpMxqL$=%oZP@;AN7#A!~Z4rlqgKZcGlP
z_b#Lz0L+Vn#>s};*FkHoB+jp+_8Q75;;%-F9h#QD3I~OFbEV!o4GY8c_15rZvHlvW
zwpJ5{{pJCsHC$1F#ufC}4~<gMV+C;$Ef5HxA~vMP%8u47#ez^Gx(P$N<W<QrWQ_sv
z3Qxasp(Kj}N+@H{MNZETgG#xRgBztO`j1>fU}e68pJ$^tlyk~j6Ef|kX{EAQ?Wu^a
z)m^BII=f)TBX%JFce(Cfb)mSP03uCs^i5XqmU@0@l%}lKv9ewsW~FP^cB<aMSRo*@
zUA+TsRa8|YFjC2?93v2&6*fS5?*ViS^zSq4>TAK9gcNNaXk9k!;CX|?z(LAKhAwbC
z)Z8*a?g*0*!*B`c5*0=Bu&W}*s8B65TtY8Un1Rg$-SFS?4&zL9p<6%A8JC6)#D0{8
zq$#q60&ZKlc#C~14kM}>`jI1sMySI&D5F`}*`{DNHZ8b|V~#XmojyG^SJboH%tdwj
zkM+2I)dFSkkS2)kWrVuC2@vQihmk_b!j6r&DP6EL#8J!itS#*-yx5nxHJ`SuOzFt_
ziGk1@QAS=@_$<B{Ohz)Q-(2NUd6=arCZZ+zM!qjs=IrsJj6AKD^N%9GMan-v`ddZs
z4hhqhIh{3&kPr6QtJ(~KsXJ9845GXXGOjJj`brSuxc74S${<D=tOWGlwmgT!dqtR$
zVTD>Vd6zt!YEA$<bqg4E2vk%>tWXhRr6P+HY^Vx|f#k#joIcH!HR|y!g)AWif(edW
zE`MrLuv4W)UMH?WuG6nIkM$lo1lXYEP`Ze09&a$vqD1M2$s?*X(nEW^+Rm;4W{cGa
zM?rw{R>$EB-+JnSWW{o=LkB=y5QuTTXYE1K2}G=rB`SGS=OTfu>=kH?LC@m%up`Cf
zD8<2H(=7vivfw#CAl5F+dicm#Stvx_$j}RhsCyYv!*5VtLBvl|ix}aztCllAw3bMp
z5vV1iE-{4`1yP&Pju+9Kq?HK}Egg?k*$+{gm<-C3G5d14HHK3ZYlu|-%2tZ%ze`}L
z7AS*u@h%gqWriCbOs(t4LXrg9-Q}P@p^<n){3bFEQ~12BC4DjK`oU5yvgjuMOz4C8
zkmC`q`Ai7o*CH;PKDVLTr8GoD8ag7E(l3`rO~ZGw(%2gKs*HSk_|V#e<-?*Z%}`))
z$iZ2E^2ZKrPUz?t!|*u$s7Y^1R^-yq$pm_eAsOtE^}u-w^>PZA@(w#*K4VQ#IUmkO
zFDX9WeRpNf8&&TFZ|ZqL4QW_BSmzh;rdB)>?>N@7g;|11iSOzn+ZLa<Y;ktk;*`0#
zr)BZRmc@hHBitSfeiZ8hWxDGki@ji+7+*2KQR=*UbFmkZwZyUaD3@|Z;tmMOa{;iy
z|LaLvq@vVn35dvyfg-FKU`<pGb{saG27&jh8U(!QKSG-8;dcCZt;A;yyM0(|VvLYt
z2%x5l4CUQXT*YM}RF<r#4B?7#8Zug4CxJwb<PSlrL`>7Og_0z$4v1(y;?|hA2F)_M
z_@}wukp1{UvO*M4wq`9q2kT{mSD3_Q7=QExJ``3+7kPAZ2W^BjuPD7aDJm8qC;}?<
zWR&r6Zms^4&OFt&leHs)LF~vtQA)$~&5`Y4h+teQ(I6<*sk?Y6)~Wk=N~9Cts3Ra~
zH?s>?c>EgxQX>YA3CJ^rZBxW?s-jF3{abKLBgl(`&&Co~vE0U?!b>qR*aRkHVzMn~
zq|)JNPKT=2EthR3Rbs-0OPXqvRh<`G<+O}th&DKm5+__WX$_(2zDiK)71vVOq9?=B
zCy&Tn>$~{<U`hYGiggDxn*lp(XA`o%+7yr~Q!#?~#f+)0z3@#f|8OfOhkrHIce9hz
zuEL}vtT^l;*RpYu<p%!G7YKBNN4lsfnHXlkR2(oTZ|CGbpm4>rm;M&y9eCU{93k^g
zq5wOHG>FGl7X_3g&56iGK`;?8u4sv<;bZ1X1afs9qEaZ+)<&jswmLbUp+7J9CCt7Y
zclBw=+ZSG7qH^PekzuE@B?n7zpuCFdumnkwLN_{Qf`%o&1C_H#Ww2H31cBQx4&v<O
zWdtr+;cn1f8pn@}Fm^iPwqw5FVzG8UQEuL6$5@_=?{Bj1ZAQwm*Uf7njl>MWKg7+F
z5%L!L$RP`w_~Zpi3m;ZrB`o6IgM?KuKvc{)Nf}FI6{VWMH#s~-0ZhKdq|F>_w!`ZD
z%Nqu3<0SZ?sb<Q%7_WQoB2JR=x@D2q?$%QFqUDV$dr{MJv!SV_v7x28`Hz%F{%9Wg
z>A$My|M9Qwzt%A(&;QfZ+|+z#W&QV~`G1bc>kX0rM`Vq7v#0-|h5gB70HWD&;+@cm
z9cmt+&`yq~0(x_$0{Xuw`OneR@6`Yl=vt5hLBfN1%PYn|n*FD8fWwsir)v5iu`_H^
z8f{+F0ZYfZ=TiQa0%aqSjuxcIzGWdaaRcV_Ddf0dD%!nRpp0udpo|KmOvq(t?8-`6
zdGwp0k&?RN#OSm<FODYW2`^4=zg@N$2br>Y)rwetG!IK`-_U+8MO<pypci9_f^$9(
zvfhjhK_zrEJDp-Z)vEIg=o*`QHlwOJH0oxtW-dS|hZnx-8NL|-Y9tz1BkkTqE;$NF
z?v^|(yl08v11h2i8;DM*oIOU?JyAjx)bVAWy9~cA+R4$J3k-Y0x17pBINOlSnn1P=
za`LU;(u*1~3TaX1nDjM;Bv|Nf!eYcCK?o)y;!?27JSSyq6Xd+nBO-l>Fp7eb3ES*g
z?9xHoB3c#LQY-7_8VMVp;4mv2tF&>@pD=yUb#hD#0V1Ryg6yx3HzMWQUT$eoB<aYw
zMfnIP5{cqnZ0ZgtJjf7rIZ3rN=25H;Hlew~OxaQ`Ljj<(9zdu8UW4vz#b=hDyHxqv
zabwWY1a!E3nmC3C*=BRI@0w1zh#;0sRU`c!%2%oaBnh%;u}P?GG-N!}R)%vce~x#J
zV!Tr>n=>%o2h4N?SSa*J2;mQlyUCL#qm2wC)Q4H>6-x<ksaZ!_xArXdZm{cs#ztUH
zNb3_Xpx*cWkcpI_CM=`ef)Px0s^K#k{P_M3j*EsRdD{k-MmA@%EYZCoH7R9b6s3&I
z@YnDcJSu8JW8<tf;w1ev5?i>YvLtJvM&u%Fa!v$!v+d8yBug2xw`B4Pb5u4fw2TY;
zx=K>wa{UIL4;uelCNmE&$rM``6Y*EBSE7{>_CqS)85OzCXC~^#qvnJkDlH-$$Ia8t
z3Hp-a9PtgS@EFolSFe3xkCTnEE+RXOL{;D1&Pj`=49j7L`LLh>CYBn;Y71gy9B=WG
zkz%WEw`T7FVzLY}usAJP5#!!0AKwU7B^rBZBPP@m=3afq$}_<zgjm8q;2BbgLb#N$
zX?ol#nlGtdNhae3`wd;5ZVboLAl|4zCPB(6T@@NNvA8P@WQm<NL=Um4b{jQB0$446
zBE1$rZsbh>l7e5y)%V<thxb1(21%5cfi~LV52~|JR}U?CLu!p$1?QAIEO&W0nW(#{
z-n<xkkoHRq=<Vjh5*-u0sk+ETk@^@_R5#nqi=d}Vt94e#9qqCTCL$&@g@(1`@L1Kp
z$7SExcw(}a6MD<>;lL4ymMy8CXGyTrfJL7b!~-ZQJx}_csN_3Z^0YiVzeO%FbT?{*
z)WG%}d=zwFhHj2Zx+N&GKrPm8jUWLp<9JA~{bNHsfQUPAE0?P2BxM3ZAM+{MN(dFE
zSTNa@$jsvdQ%<q~Fo6k<xhCy_C$9pHSKiT4&k*G#wx4$FOiJ8#qO->doAgD9?#c%S
zDJezqPlBbu87gw@giR-(`b&Tqrg{<~dQ<evAyav~K=Z4@+oFOZ5p8p_S<o;o1h2ov
zfsu_0=m9FKxO|7oTu4suGfft-WFJdCIUd2;u;g7_*i^Obm`N#peBVs8a^tk2^CfmD
z8R9qT3IXv8T^JxAqSwgZs40mSnzMZB<K*%vlPM!wL^!O+Bcx=&A6iOVq$vU%@FIBA
z9O0)=pS*(!?qEW7&|Ka@+vFWw#2s9uIw*g>{9zC-i>N1wI7)P;sAoF`^S2{Fe_Wsd
zPI6~kBtZRI<=&;OjAyq-e4?WuRz`I2dr4Y2IB~=dq(~xZUY;L$8@r4e__Tr%mb{P@
z5JJn59&dT>s-AImf-qwgDjQLM2E@M|yfNru)IgDL^igOrs%^VaNg_^IF1$K2HXB*5
z!5%t_TOrj1b3zuGE{Jm=l?kfcMO#DeIn16KD6j;A8vs&3t-prIcr3yxs|xDNJ~5vL
zYu7|7uc)0*O9>XZR4qQFOq%sszb<2-k|JV0u{sfFzY`8#a*<-(5_Q^}_M=@Gd0@ST
zk_dtka)z9nkU>(47G+R7l=cF-_A)-<5jJ!5om6W)k%)6_)Jf`Oh!+=-HDP0MU!`~z
zl|h)2t|}q}s=6~CG98v2lvXIvHw>5@Ae@8mMO3zBa)=kt2(cs&)QE3}F*BBYfEw$#
zCunob+=P@9C37_co)Am7p6GFEFsj|r_<+EYJe&y`o)F+78rrl9rDn`6>=chx1p}g#
zoNZKHVxi7Lxt&#9%J5jK+Z>j%+~V+277Jt(5gnf%RC0<mA$f|3CW+#E$m&y0S|rI-
z=Z}&zdz7+4J7T`;zJ(@2B8`)j7JIC2CF)W6-gyjxb<)rXz3^FaLBSVGfCL45iB=hr
zSHK#DxXLWykH#8do04jmON0XVcq{5HBEk+RQI2#D5u+hVvY5X>gF2BT1BrBfR3{Fa
zuvXAzu2!N1B3xxMG9;0U7)Mlg>q$bI1N<t9>*DO-5YnPZ*JokAieOQ@3Mv5o`IiXc
z6bfjD%B1QzAfVbcS}oW}DPJ!7Mg=WFBL#9myzWFqjoJxt;*xMKf$qc3n!I4CTbs)4
z4B9TqNO!{&kf4@|I3TvBNahis@##&GlEM;)!O02~RTSGWH4-C8kDy;kkzu5a-%;vE
zzA&3gd8#EHSq)Dlg36__1uIIF#0&fqB9E%8i~(9y0aIZeVS<E}^a%e_LGzO$#|TnC
z7*t%Kz%K*X4LVr`pCdUGPOz;B7n9+-4u%v!HYrxjinC~o74W3IB1|E^W-n|^GOet>
zOF{zjg&lvk8p-S}vekmnOtxdW!^biOX2~)zr*bYub_to9F(dL*D=mSUH)nw-oU?`T
z37`%gYQ#icq?S9a1PQrOtoQL%3lU#d#PWGL=(S?E)%>-cmZ(~0=H&^r3hPDSNd%?q
zIcQ;z29Y<wqsvs7axgh*AAq87taxc*RnZ(?Aa)6p;hfk7x<!I$uXyn4xSJ6yAYF~*
z`*>poFT0G{2~QQ;RPn@4k#9~|m?lHAG-MlT%*S*1IK%WAgFJ;=BJ4Z`@r#55auW-D
zT@?nViigmnG^Mw!PEesu(+osIQj9S{fITfP5{QB@g2XcUIL-*qj{s$PFOxATw9TWB
zVpLvhu`*+LD<HtUrlRehZ=29WOo2*H!50f)%~4Y*|6<)5Ne`#Sx<#1CartB_;7v-3
zPA<x5O%$UQr5I!C6&uLi1N5+z4>^nhQ8R@2A^`)~Mb*s9531qIdX?v*s46QsSrp4f
zVslYZQymH!FTvNG{ew%!1bGR-kZK&MCt}B21u)Q><R5(oQ_4mEOxi9A&B4zjCD@ZT
zv<@y7-wUJxVhxB1A$fBO@vLp-wDTNLM|?a1Ra5weP!E-(XzH)W<zPKq6p&59$WD3!
z$J}YFf(QmxM39<<-+^Xf`BRDBd_5~q`f-00xq0U6T6XgF4v%}&zpBT7YO!Lkag531
zKO5nHD=X?hHXn`uJR-04z3Wz;Y3;7rUGsbV2n*a*Q*+texgW~qa-~w~l1na`HEZ|r
z$L~Gqq>n6EaMfw2{aGaP=ZhC#d;00uEnj}aiWN7tw%*dwacg(??He}i9~}JrmMwpI
z{`q%W))!N$FJ&@+ec^?FQ!M`N#TVbRckkYhee7eO_{1k}zWL_eyZ_;;tG>B^|NcAg
zyz?tx`N}=_+;hbh_kQ%F4}ARN|9IVX-@fIRM{c|Ad;9l4cITZx_|lht_|>mIb<aId
zKk&c<-~H})4;=W{#~*+E$3On@efK@{@WVfQ^wFO`{`kK?{q(P&d+xbsp83tMe)X&8
zp8M^ue)V6!!`I8Nyz<KH4ckM0)h&K$>>#}6{{JV{G@SF&*bw~NH{%au?}NY3KX^*b
zqwsIh>bKR@JoASS$!AtU+b!>TY3!wQ_}QA8lWR_$&Hs>m&WC^aejfatf$is<O#gO^
z=j53C;Pao|we=EwzDBe?cI2mH@;#2Zxn`i|rT4w9W<JgVUaR4UA$Sg7cON{d=7yhb
zz2pnf$3gMR^mmH3C)W&#e%8Y0(HSttQ(yn~BKU0Ddp}%bK7c>X*wOa3nhf-Z^TT#M
z@XwsV&pkQwB>K1fzj@xLig|az=l(N!-g9df)SNoQpSS+{-F;m(S?F)|*H5Xr5dQwu
z>#4!#af}P@=ie5-Je%4^@jrMb*3LaxbM@SJ_S}8jy?f`LeERth-F^H0SI&R$hFf~R
z^qFt{*}UHC>J~n~ZqI35mz{cd`~EBUoYZl}z9-Gu$@|`I&Ra7#zjpT{pIYfXyC84w
zo^wNOTYkal{RienI@T<B{?S5Y-rHjX#Yfj}>AZ45EdTteiT|AW$j$F7{p81g*<52p
z&ac0<A)j0~<D`vq9_+qxZ+p$HJMRC*Bj30obM7}+?L205_pEIDabw^5^}9~n-PwKZ
z^0}{k{lt@Rzv_!EJ3szkciiy8v$q~sTzk)*e>-yJN808N9rJ<DT-kotX(xT?m2Z6g
z#mucUQakQk`@-)3ujcKizGya{-819k#``Y$*~9;{@`8V8J@eRcYgOdKKl!Kcwj9&)
z=&avfG5`952mk9`2kt$v;Kq9|`rf;5+%^1PzkK=h2T$1ZjRW(qJtf@}|Jvs#_S8N9
z`wKQLnEPC3@yt2-J!@O8JLR2QfB5YsH8rQtojrTzYUhdbYEF$Vx?<;xwaY)@p7zT6
zuHAEUAKA92>zy~gD|hdSk3Hiy9zS&doD+Vx;J`HpPx#W>i}rl-A0Iuo^TR!l9(U4@
z9;kUs-xHf>ePZ*vtM?xNzP?Ad)y%u<oXzvUvuv$>+@fcf%$Rq~oX761`F~E_e~a7p
zw+9|QzVGc%&Hw1>KYHS(Pv5%Y=NEh=z2)=!YL9t%@kn>){(T3o$wa>X^GiPV(Nk(>
z*6;u1wP)`=CpGh`PtLUOzwoAAfA#1Ii=Q;>x)(>g?;E@IfBn@j{_4(w;@%lc7asiC
z(`%Q^&o5|Sa>b6zYnS%CxaZh+-}9}f=f^f5sJZ&sh8;7GpV|AV(_xUB|2Vs2e8+uj
z+s1c0cO3hNeFwaE{OG3Ju8v*1dF|ZBiH7^ve)ipqW*_&KU)^~7t<PSw_{kk-tlGJ6
z{&A~*AGx5d&Ahhuj_!5$AKP`}4g2PwxZ|A9U;NV-Ke=>bY~gJ+Gh1GKaLM)U@4T+_
z*ps8T?Vfo;-@chQUDmPa3-gaT{~P;`oB8Y7Q+FI(cjl+N@A>3g*B*ELU*GZD|JV4|
z{1+}Bd*$ZyvTaWO?D@vpch-F6FCKh*<YDV4H`Q!;XV>$e`RMX9{_gggcNA~gcl=M=
z9=@O^8XfAGyRc>7Pe(dt-njp<nX?Z74vy~o%!lfqJNWe0n&a~3toik|Gp;!PU3I%Z
zon6s*o7>*Dpk{gJvGL`zXFdC=t3LD1*&lfFg3FKl&XZ5gn3cL@>&)X*&vbs}5AWFi
z{h4i>W-smRnYm=q*7w%j{l9;G&kH~K{_I&RZW(>L{`kku+~-fc_x|lyzj$5Ech-FQ
z%G3Vo)^*o>u;Yhcs{hv)x46H#^zU!^{h}FvGiTzu;m#)0+;Q<QOP7xPw|zp*ikIi#
zH2d;@I^pGKI_CW0*B2D~?>YIv%;?=S%}0N;d+vgV=53gB`41L7zi0l(ZkxTd=U$`#
z?!vET?wQfCWB0sg{(Q@y-|@`6o@Zu!eeMIZ{yuWw7dNck``I7w*tX#IJ;$7|<Gzo~
zzIVerI-huO_ujSF?!SA{EvIj&J@~}pE8ce5{JJwYZ@Bh@4R6h#ctX6kVaNaKIIuEu
zW6kWYmfP=J^6|I!et2`_{DqGkTwph!`R&>d&z$l238M$Dzw)IWb57p;7Y9GJ^&S85
zgY5dbH|{p}-}vRdv%gU6YTmZ#3wy79&ja?VcSYBxuDNRO^P_jB$1m@HWcCX+Prvhu
zV`t@`{Y>$}-S2JMU$^XiGydh_Q_lE9v_Jjv+5h_3hUWO)&+jwOKl?2&%>3Us_x<E^
z<EK1z-K;x)He=TAwF^%=_g_z5QM=}(m%GlId*Pn#moM1!kC#3cS#Gw^y==}I^R57R
z+&1I*+GqD(_N6bM{m-+`ZG3Fqi9h{m_l!HXJv48@w?92^=){HZs`=;N-+JnMZmxeM
zvZiP4jTe3S;HQtxU6Z@{y3{2nrFw7q&wpIrSvaq2!}Di-`1zfqGwjFjzwr|{-?g?l
zBe8SK{C`+{*H0h$$^{FuyJ!5xdHYUz=!N0ho{^5v%(?bt&>zpgx29`n;@x-s&-Y8O
zeBin>oG;fL6MbgeRUOy&f9T}DyW*=qTlmZ3ZSC)<dGu4upIQCvWB-27Z<lY`|J0YR
zc9XZ%oO)oHciCIcT+;DRKY#J9HP6(?&+j^==Pj?CwEN<f$IV^+%xBj=eBM`gFMDpw
zC$`P4{n}OYPhEBVnwjILZ+*b{=bF18>OReQ`eP3z_bk}IduIRs`d>a@Z2tIndgpX{
ze`U?x`L$Et{%?1*ogLkFqB--ExvNVzolp}ydFFSny8Bm`%zbLl4}bC2C%$>`dsnVb
zcSpC?POQGnSTy(4f4==gOa6P!jOWb3l@I;0{oLobe!Js=GgkcNy=!;fwr6hFGc#92
zW*&FW-<)%gSz~wAJuxe?Z$`&4x7XLdRKM+vug<@~+J9_(*+Xx+{N}f}d~KlfrJoJ{
z<|j}5{gM~2nW+8k_KnBve)x+2shRzq&t27X*Ol{^%>3QTp>O^B-fOSF;qsQR4&M6J
zzifD+X<L5X_}aS`+}pY4zz;Wk__o{Uo&CKh%q2g#=Ee2vbJ>UHJ$v)%r!A<BteJoB
zpBKKc;p(&dX1r_P8C{Q_a_@Dg*3Vu2X!|D$`)0i-wcz@@T5gzg!hH|Ud-SE<x8Bm!
zkvnkjygR=;c*ge&pZn;)4O~7t|J>i-f6j{cKi}E-jh7ETlE3CFxBR^C=Pm#8^7rm|
z$0twt^3^{-_RE=LUS7E8*f|}Ez0dvP0q6Sf)~5IUxP9??$9CMcV|m-!Wu;Ho{F!-U
z`}MWIy*+!=?%8KPxxD?{yOU3)?ws*Lr+M|r+Ri<<9GEq8;f#-7ePG~*xeGt_mj7(O
zC$jS0KmNei1{RwK#=bEA7pMQI=G=F`w0qz`l9&I@b6aNJbjoPWlfSHAHDNCK;x%X0
z&R=&$_Olxvf7|VQI&S}$<b#X8IPlb4uZqvP?-yU+{V#)m?Ok*0%>4Q9ed@r9=70NS
z?T-Jr_U-?3;F#mz^4J$o{PKG)c-vQ&-tpI)zVVySHaLGU@2#!9@3>X-o4)^tx1D|5
zjWx&acs})!{O6uI_}PZsNtc~?+R#USP&l~f`eS$e_dEXf!0wr&pZZ+>KlitFo&C(5
zZ@%>dKRD(`JD>l%E519YrhQ(+zwLYLlXF^sH}msb#va&xih0EukFFel=)%tI|6%W0
zpyMcx)N19=t`8$w4mg12(Hyd7<<)9eAAeS?Wl0vcc>c?lZDeH`Nwd<T-JSK!u09Zh
zg$;%P4(7ln1cLMU87?81a6ldx4jed>OMn=T@ZKG~6JYY-E*E~`ckf=fuIlcY*;&bg
zSQflP^FZF2sjjZBuI{d>uCBWFwu3qU&^r9Yf!DluEj#<2xkbI-kKT9Z-#mQngGJB(
z_Br2?${Wv}vPBqLT)$!6qkp+z;FhPayX)exe*3Du>-~X8o((pC;JESJ_w%%Q4Ikh0
zr;hC}KDYOpU;O90MSFI+UOhIyf8T*AeaV8}vyQ*KJE7OlIb+jL&%g1=@q#DwT5s6(
zp}2MGIXyW$w|}^^^uK=dZ1Jsscp`G}o!tW^fB&o9cPua5z4Nn>K3zDvddfL3I*)DM
zy}R^=nx9M`{@<bL@gvuD2lh<y@4Te;-2K1#cGu^Pd7*vtzPt13`M>+a6LYVa^P|px
zs(ZM2ZC=?M!+D2S#!DW!y6pjP-fv%<`|kaBZ9StvT{5)(Cz|ufRr%*F3t#f$*3Rmn
zV>or@`i1gP&TXG8`z&wg%#~HI7Uo>Jz2JE3(9-_=eZNXCdwpT?fz-X9bU23RJEs**
zQx@%4a$h~8pgN~_hC@rgaoGp&%g=8r2n+|^vubBKa@|+vR|;$X=-he1w2s>w3tlU!
za@^4VaiBpf&3~$^U)YpbS(x*Jvp}954+SotajfU#!>zT`mp$&R`%~e{<A-zReVTF>
ztiABDGq+!z|H^E!qq^v#DVxeZUH`}R`t+p3KkQsxoVVnL+`UildhGQ%FPxos$?0;A
zw>!V}gH3O~v1iF!p^r9()14JhzOwU;&pYRNJFmz++?!vu?X1>4`yadVhlh%me027<
zXXZ8tWit-1dheAzyQZwa_Vv0uJA>Y<w$FGlN4snHhPM~H0}by!l7G*fHM#5BqR-Cp
z=H|^Vxo|l5oEOf``|n40DDQ7{%d<911=n_;{p!lRo_nuZd#FvRzkc9w&gz1^vmVTO
zVkl>(FtmJl^Zv&IpX|v$I<;V4a`&|2*1=hejxTOe3a)?YSwSfts!3kZdG&?Q9V-+g
z^Get4axY$&yLIn|{=Gd-Mc=!*F*mZR@QB!WaB<JgXHJ<q`$sobg$DLbd#ifSGc}D;
z@ZtBRf`g8-eCJO$=O25i=Bm5bOie1Y4?7=SS@e9*C2OVYFTZo|&py|Op8H_7_jiud
z*UjrWRy}-t$Mo$@h4s!A%lEvyzQwt9&y;tTT>kU9!DPvY2d=GLw5{h@@R66+x(dn)
z3vxeOam|tAH@`g;NL8P=_U-b2KakV$QrnJ(ycyBjy2Ja|Hx<3v;@NdH|NRZ3v)K9V
zCmovtKiKq?Lt4Cdv9RLt!p@z8mxqtm<`3(259zxK>Klg_E^PFj=Fm=mZ`Fc>ITug4
z-o4K`^U1+zLHhWyoc$kl->=Pm{OvkNYQ?OF0{55Z`rgYeyTMU+#o+CSimK}!TME8)
zW>OlccX;!^_4voNrxnkBt6`sO{oe0BdrkE#=dHTsz%Or+hJIak{Am6%|E+KR;)<Uw
z4i>yz=>9xEdVlUsd5)?V-`rU~_3FMyzZa_i{>;05r$4;stgHLy{eE{Wo#=nYbMr%+
zPd}Xdz++eb{Mc26Wp}*PTK6As&)U4_4(C(Os@DguKYHa4|F!VP_bCkz{&?z;v-n?z
z8q;k>^XJUGNIuPx`)*$MHgUz~n(zKwcf}P$Ip<t-;Y>$)(S@FU`kiGT=FawCcl-z9
z(pv+AyY(Ia?CZ%p|F->3@4EJx2iNAL3SGlFg$ErA4mvA7o%MH%?>=MwJ+5Q1zbsaY
z*X6vtx&GI;ENfWSHS5pL(yQ*t3ph_(URUB@aLL8_Gyd!-yZ@r<{M?()I8?ZA`7iSh
zY4SzAUAf`k7dY-c<U8hExXk&Fi_Q%B@7+J`f9^Zz?shnGYRCOcc=DQ{YXtkBu60(7
zYaL+aTU1jsiv15SoBgl4YEey&P&2MnjB<U$?SG^6KWvcoD;?t_2VcJb7vlN<$^Jj}
z*BJc||87<~U>E+cuj9n_e}C1YYFqq=N+K^+llK3KxXQ=#a$E8`G*ZcN)2H?6RFA3!
z!7Ts|%&kZ(nkKtxDvLpk1tv(H9@uKE;emD7Az%0SQfNlEq~Q>KNli(L;Hn6bNF`Zg
zJ`P%UTcF*8aS-dlr%M(X2yPvN!$~xy)WU0wkV+4vX86lk+&-`j?zA)i4pPnq!K=J!
zErvm*gFIUnMoR|=8Q2f!-XH)TCot4a1l=aA&fknQfZ~;gWj&nI6eWmmIp|r8bn<|J
zBhY7!y{j6#@8FBEnlT3{78uE1A?_9I)p^`5QeWH`4#!#izyuuIVLOSim)+$f2#vUt
zc8shbK?7&XT;Q$H>+J*oiKHCWbU})Hgf5k!j7D7GyDvz+9w8JGMCvgt;&~L8%f(_u
z>gf&w;SG2L9^o<q6*d59;XYcJw-sFc8Obghn=*+3G#Pz9pI9OKe7*2`tR^L)Iei`g
zB@D5%i8JO4;lXM-vM*Yo%qW43q<`TLo(&{Y+d!S*jL^39*p4iulsKe;24O-G<oAMP
zO_zpI{z@a@QB>-oURKNzO3()rDR}^jvq081-)?h=m<NP|W*-O=8K7QG(Y-#O&m#gJ
z!a&GYf${w;8Kdbr7VBYKN=P&X@@(-zVK}1TFD+YKeDHzIwFk~xWWv)(Zs<*>D={)c
znAf$npm{bGeP2^@XD>sd#^X`+pAP_bIB6b*JIU(4WH|(6LFzGwAaFk1*)K@Qa4$fS
znaKrA2_b99FbTME=ux=_fK18e5=YB)E2#+lLO_BjrYqTHX~R!YazTKNQ#Tte5g07s
zU;~FsqpA-A_%WhA9uAb$)NTS6=?TK&GD$3xMe>f^cE(g)k;re$#O%|Rl$uUKGXzN_
zJst#S%rKlwhf)lewLnUf6FL=Gc<UuR09hsDmeOGq68WK>5e07>VVTcIi6#Gv+Y+Q+
z5m}7S7*klgt@%;d*#%zvGE2=+IwEAwFcIij!VZbg6~J9|Q`I@E0fctCKnJsnlTKbh
z&p;*=80p|*DPZE0tPwxz`ah=rr}jc-np3I&Rr_oFcKwfh0Z!_F6LF2Nc9o(3q2!pl
z$qCg!qVy!u1G8h0`}Z-?`%08VIyT9=Pll#>CLePH`p8q!J-WikhBcp6V3G^7rr;Dq
z#wPje<Bt%(aYx4QrFhPor}VJ`!2xBW3^HJV6-5pS2W07UC{0)fKKrm3^(uoQu}_YP
zRD;UUshF13jkygZR+(2QmD;{jqSuDn7kEnavJm-SBu~WlGLKkF)h{}gji6+~x^b?t
zWB?seJm|+_ZW`{Vc%D}Ww|7o7Vl-P}YDlzwq&&L+hitW0Qmx3!!!{F3yN}2EY-0!@
z_Hv&^En-tAClo`om?UMO?S-<J@)PlWUL%eugo56IGrCEBNa)R)gAJL0zQNT-U<(80
z?n`Az0&D+B;)7T-MI=mAcbh2D(+L*(vH4h+rHoMxE-2;;A9L!rJYmfpsX;nzkWL%q
z<tGAI36yv}L*jM2#9JS=@s2W?oq-R6#nWFqY;<%fn5M@{ia~>rU7S^Jyn!$i7(6>f
z)F~mWRpP+FfM~&(#RI}7-P&2YwQI39_A|Sef&I3g1%!q)0gqttP)an*7m)=W`!+I*
zGhM_OG%SCF)Yev_hr|+HtZk*|<U(RVY;Wfc)oAZ~Xdnk;05axjrX)b?jA*)`v#@bY
zHAx#+N7O1^u58{LnE;AQ>b*iqS9wWCdC68I8-TE4^+vNB4D9Bh2BJs!bTsH@Y(h%=
zkSG!QCgYQ^LsesnoUqX8%4Dc<<MU-Px3)wFX7<v#iO(@#5(D-RqA|YxSo17jbkJ0q
z(STVEBvWd<mMZwH0m8zT5ur_NQBvh}nZ}s(*3<}AL@4QBwVpD0otkS*{a;g0wf(o+
zzc9=G8wf0#)c+^q8ehek=ut#!HuhlLn4l#qg`SS1?b1Bo21jn-Fy7bBK+Km<dX~td
z{~MWY=&KWb1Q5DaLNrF(har?sL9QgjX3OeO!^jxWQo@4}>jP{V9NNd<nNJV~k@Gy-
zGG(n&L5ssmXa4{Rt6GX<(7APhnk(Qhr1%260oOXhDY={J8(b?fgFcaO1TQ35_L%ky
z&8w$$sw*c6O;j5P1V-y<sdOR<2TFle9*=<PvWw<QG22Ju+X6gY@Ax8(S`%R`)iHo-
zNo%WYH_Rby350`deW3k$1DWNq>}4U^HX7_-r&i;%jxlVztm`~<CZ(S;RpO*;2H~vU
zbRrdvQS2dx9kNX_<XvP8i0)CTV=A|aoUZBK41RN7Ghl-xsLRGvrV^l1Y8L@!8A4r_
z3P6S_O^`$gg^W-^(dQ#Sd_ECFB8yDTb#rOta%vMRl=)1_WW&X><-xLF1!1GYg`aaQ
znUhBd8UqfW(=4tC*CQCoqX?KQg>wr4P`psBC4>gEg;PDY$K!U5Xyp@_!e|b4RLGD3
zX0_yC#y6S^-V^PJ+uLaY%L7%jh%#k^AoVaMnh%A{GEjp_4b`W!heKu=k11S+&~nnz
zggO%KhO)@mp(%RCc7U5&40L+-S>}hAbr!0}-gnUi91<2Jlx*mgQgT~ro})w{y(gTq
zfMAD{uXbZk%jgmsVnU)wiPlQWd4Za+9E%xdW8Nm?>nPo^5+0=7=FG!kNZ+t=g8fDy
zp|^mXHuxge6x_~fXI2b&jfd`0|A*UAZ0Eo{Km-LWVq~xvH+oVAbmmTtk#LZXLIUVv
zpDN7yj>yq09U%}s;uph1ndXBNwn|qxt;KxMG&X09#0?~sPFygpVq-9uA+j5O+6i%+
zLc_XX@^j$-&ozer&u5lXssC42+Wmis{=abY{O5#R<EuPd?Eg%1bj$kxb=31SOzgI_
zsPxs?#{RI;R#cqX!?-*Uh7IwMP_@wS2NN^IBkNJqTtyFeDUmR<YKvQ1H#UV^np#>!
z_I7pins7_=a<E0Ri@&Jf!d@(4SC+z;Q2N7ql+O4(ttu#Oez&W?2ew1u_B>t#=&a;^
zDMw81jTW_$H|^A3Mp4AU5kezOP~(EcN|@FqTqg+N2)0qq4k<oB;4R#V57?kbQNS3d
zP`5)GIr}`gLkon6na$;!mo|Gl8e%ORBGeciNZT6{>`%Z_461SnP5l{qqYcze6~zp5
zCd5gSJi-D)D4<eKo!!h#ka&elS^1C^*$yO@a~WO$NjC0{rUQ-}`+x?}o1$G@MagDg
zA{sNS*&I!laemUS_%*o3SpPwCwUb-@$6o*aRax;L7FGo&*Z+yQMqS$2nt}olj$^`G
zAsogWI=IXUJFF0}eZU}n49a4t!fjRhnHP)dW|V7uE_p0-S_(37Q8!2F(u>s&9VT3_
zf!kyFugP6q6eHY3$mD7UI!Zu7V6xU?l7R#ZQfJnQxPnk#BHx)2V~HfSg)W7cA$Uxn
zLlI-DkK)>14o+5>zMgI@McK|0q^R%#v4(S^(1&xruv9R=2Puvy{OllH$=Dyp85IDQ
z3VvR|zOTdTfNwtXhx}xoTPFf#P!_*GXgB!)mQ#@E^Gh%=q4qC8P>F@W>Qpf*UV_GC
zqM@L4&j@TLAE+^d)ka6hBD4#vt0RTUq!d2wqunQ<6w-4FY9xih+rZNRl8&OUD<${K
zQJS;~g#kq6)D@xs*qUK9vEQx=jR3&g$C{8-w5SR}17op4J58x5nD;z}*2X&)ERGlm
z(O}-vP{vy-eU{x|^4!?r<CaK^oS;dP{PY0<k|{D@_3Sixo$70p_20}94T0iLQUMtA
z`#(^fz5h4q|2H8QnTWvIuErO@$nMm$8`e1X9nU`7*O94F=6U78#7HAlLQ$BA8kw7)
znK~W3+|9s^U^d1;)@mXG|CZZws?&7g%wt53c?FD#2kwA0oH`Gb&uZ~7bVMv64UbT6
zeaYWNJJ`EM%Nx3a8Es&Z0l^ZgBrr~6g@-|5EWGStfHCnZX-vF8Wkq0#P+18v@oH-9
zG4b3M)?#gj#UT-?2>^*9p{;F8eQW(1^6B5WcFp<i?F@vqi$DR$s!jC`^({>`0rNd=
z8-L&2V7$jlqaB*84GPKtSrm2V7jFikq;VmoE(m<AtAdj1^q6Q#8ICjDv}Ge;<P>gh
zYRI6N+|vr#g&b5P)^MF88C*=W|3H$6&N{*w2^!-?#(<v|^Anfx?1c!KW^r4DNDc=1
zg&&up(+(<1z(@v54`~2^&)3#gQ3w51OK7ASk!)a4X9k${(Z~<E3?NFj!UM7qH{EFS
z8jbdO%rcg$p$5u!c#v6P?8L9@G65(NrduX;>I}CwZD?s;yT&VsOcq5C=NoJu%H4{O
zvBlCKhWvS%w0bPyof+`7frda5^#)W@fo>{GB4&XyCl(sC9V3zADJFv^r2ea(3%`li
znCm|*k0+@BjJf`2`~Or0Chh+da{X;_MOxP?I--dRIBY`td3^2cbTMrKA<{EqUqhN_
z7P6YHxGh9w;4(<n0}wkS5f+&>z=?)u3X=_o@=R5tOG(MmnC{EiZ_sTU4v4fq(M42?
zMz(5?xCc>P4hwzuM#KmTf-z30hEQ#)2sJ`ranN5Ctf>^@vQD%FB>_?2sg^L_%m&IB
zxgDySB8!2XWJ{BAZ#}LA(=vR7cas%6(I<&~b#GqNyir6`xw+!Qv-WlmEHVZzzL*#f
zBx4DPsy;o{MXCxy(o#iAsdQ;VA0*3i2*zSuyzDzLqWe_H;wn|<IU2HbQ05(k!kVc7
z8$4(^pRl22Wz%w+(v>~l*u1)F?WT<w@11M0LU&B<kYhT}#FW6Vel?NO)R@qt_8UWi
zB?-gCh5eYJ08^@h{-z}`nJOz4Q@VVk5EIRaXq}N>l)6|zo|Kf5#KfvBLcSFhZ$Ol?
z2J8orZk8hA8K}tkka1*<Z>JcJb-;KjyK!DSm7YmeVZ5$U?f(Nw5T9`g0P<JF|ETm=
zPR9S3h-<9==RZzH0~{;<hrcpQ|Emd9PwIaYagFy}j#?CVc-G|zQRz^AXd(#w#d33T
zb4*jBQ%>rbW09GcG!^o^C_JGLOFd`$QPb4RF;z`c3kG~@>U@FifP}*`&s3wbyy2LY
zoPBQkDIFDzu&Ay>k}a&or~|D?=r%`laAQge<Agt16=_+b9<kwJS2s7P9g0TaniVar
z%du!&@9Y^ILG2XWoM~M31lJd;c9z=|PeFn-5Ol;Q=_AMpkzuj2j#pd$27jdxs0vp3
zgZ@Q!Th(|=!Ku*OnjsZw95Y9<p3CmC@vYSKsbEZ%BFul98>u?g3<q|)+bLPBSj?Fm
z4jIxt9846|rJ~u2d$vLx3-lebJO5ie=c$wT4of-a9vtEb+5+wP*5+<bU&0oTK$yrL
zv$AR=>%0L^|BcR}6v{BO85%pwS4UXEoa1>l9*>cLoZ+#%GlO&gh`#r<0>&@fnTM=e
zC?D8&hJ`R1>Ba_aA<426I=-TkDW4NAo`!VdfdPXZrra`6$zyb(WR)vmjF(QN9$|9h
z?;CWDqW@tMpz(?V`Q`Qhni_xAr2an<*9rUI$iR1Ub(~oL4^)A%*XI9KHF^GXVlJ*X
z8eNS_W0h&W3<!ZGLGoYa!mJHWrUP|Hy(|P1jm5<8xPKT8*+p%CUP0BlBZ~Ezn{WC>
zA(<x}#o^01xl=hD)B8eS49@i17O{1r;jm59T8F_G&FZqv(%^;DS`>HE_z5=9+A~h!
zFc&QgJcMvEj+pUeixy8I7NRQND|hH>ES*vywv1#v<zWE%6KWXmleH)?N^EJ|(7bMA
zcuoE4CJaj@R^UIp9(Yox=^;%QJ!X6m+o?EPcE=1qCe-I_;U_E+Y*_F*O5uqbcXG|J
zhc>Y{faV&{Ji(V4(4dL>Nn<nvaW%wvBT{=oIz~iz$s)mD0~_^zKL(IMFNAVoId~_s
zo$;isr?OD4A`i<~t6kAZl&GqJn8&9OAV7r-0V;%&4#6Iv0*C`AHkvCl&JbjwZ<ITG
zl=4Pu-lcRW)bdVv>cs@`<(k401}Y+AgyhH-WV+5mwN8_}<1!`DKq9*6Wft^Xqk3%D
z23gn`%Ly`?JD7zR;>YiFq9?NR4K%ohriVdU&k7?%P<jQC!k4s_w1=d&@5~RimwD#b
zi9GT~roSSE^)ig+aYcUY3}0u9H66sJKvJhoEN%|(|6}h<0OLHWgIAKTUE4`~BqYH}
zKCi84*WN>?kG17QmSkJ;AxDxECz7&R?S7IzYcKD&tHX)8nx-Y8+=L@s2^0v>ghELm
z<qV-fNdw_7R|EVhP$&(h;V${-y*a*_@B4OFvSpis79#J?ym@oKdGqESgFJVb?NHkL
z@?I3PMmkh>$%o3=k@8V8%-lqX-N#6Mj9dk*LKN65Tcuj|#pRZHkd;CnofA3k_lQ-+
zzVJyy9aLzIWY<g`#b6{$SZ14JxcO*7o1+pNXxItL46kK#QcM+l7?I76L~>_a237Zv
zeM`|LMY70}x{7NqfaNs;!(SjHR}$KXEo5YeEMg1;tDDIL*mTO3@lL83u9^!5n=LJz
z7EFnE79`gvEZRv`kplCZ!%zv-=%CYtM<cR_IemhyPV!h2>Bc8Sh!ed~HIf%BPxI_J
zRjL=7CCMvG^X%wVsu!w6^MW>-XGg`To`i!GsYvtqTvBEw0zT2CS#hTweBE(Rlcgdz
zT^CM!$S$cj>BN#vkLO*;I@;u=XElRr(Kzdq+$(UpOKKiuRCRFJFGGl3>65%A&|+fq
z3p&B|d%ddDPYSQP(seH^U@PK40$(15aC$(C2wW0Pu^b(F?E?>_D`-!oHMs3hkO|G-
z>46)aBC~6JjiJY+OeU9&A2VgMhQUFCHX7xTm1$INkSnLDrXI}&m4l=r1%@r87qS_>
zIG#&^-anjPgqxzwdOW3%l*Zx!1FZuVZU^nSWp`)61&aD~F{s_b7D>R4f}STBn?2y~
z>+gzbe$dE=LL}#;6Dufn#d9Mdgbpyga&=^_+Cb=QbR^>EhVR&wjvdGl5QYO$csts`
zCZr<?!RU|n(z5=8=5!|A965UM0BmS~5X+n-7$F*UKxfrUSjwO=l7*a^8!g%}S*UW!
zpoF26PP2R;|6_~>)^})EUWscSp3(^-!b9{i3csGL{ZckX4)83Yn{-S&z#fh?Mg<Mf
zs$nYDcThlO_&SARDl?%W=W$kN29nsH2x~oCWH^v6^OVZPg$OWCS2{V}LK@wyxA1u&
zC+u`c%OXZ#?*ec<Htx_2Z6|_8(t38RI38{yNt-tZ(bJokI>>~-oADH;)Ttd-4m~*o
zm|_gmmfFD!*%ZRU=)j>A2!a~Q09rI)0kAZ3S#2~A9d!i!d%M9K9CitIy2#9epO6_4
zI_pVt9HXhJBnG{Ob4h{e2txJ)Buro{>l_={9nQHa=t-Tds}yb#C~oF+gqIzF%|gNP
z5AIYHdhZaw!C;eN<l=i3L4-86&`}IDGEC^7#Q|iNMwl*5GlRoD%}@f%=I6a&Te=&a
zyI_j}B`XC)SL1*%RmxNk2Q1K&bXdV>OaL|pO_hg5EHIc|<~tRtBj2h4PbG{ZI>KX1
znwg4Dvn4$|Y_}&K&rMmRR`wYUM}eIVa~C!)<T{rH#Vv3pDsgx+KPvODGK`?@b~b?1
z`l&)9p9i<<WG~g5Ho80=uQ&M`B(TX`i7?tQ^gFZ>@XM|p={q2e7~R3-;HyV25B~y+
z2q}WPaAuHiesCD59%=S($V^LoNjQv6b`Syh%_b2XMe-zEj7r_^B;!=+#pw|X`=N6V
zC<ST4p9YzLH8(=ow0PEySPUlSKqjm)fu-X{8*C8O2!d8-nJbIi?OQMi_X18(Y!m^>
ziYrO5lNT4Dpp5dE86QuW@ey6m#sO=Vb7-m;;P|n`WP-ATlCOqiT+SlA$2!ru+K3)A
zLk=bs4f|YLqjJS$_l{;mamib%#04{{jeA|vNMwcZk<&)iqv$a+=x~|~BW@c6`&cX4
zb_8fz5a1O4Tnp3x4}QwL|4iv4sl?<wJpi7<``?z<h4^1*<x_e7$$xu{w0^jd%b!LJ
zh-&(OF7}^WTemE{|DBD`{Hml#{-4MS>gu=-RM!X_Tr{|b9ctMFTLBb%j{czRF!R}R
z%lIHYIt!OidDsyZ-C`gFJXJDC#VrQZHAz^mENa*{WF}HZK?~>6ny|snmSAo?uLYQE
zKbk$2NKY_<IUL`4=SvKYspTKMDLTBFKfSP0@DB@Tl_#l*ViD~@MhRO_z8WJX(8UY@
zRL~NQB9w?;LttsM1sIp$5pV#FpkxXxHAQ4GMIy*;KSFlz^yI#w>C^B4qs@Sa2htRd
z!N?H~p4aCZ+DeQXj(dzS5U>Idf$vE%fXsjq{T~!^xnh@5h@cgu<K=NoXOA{ao6mim
zxXVR(oXC_^90bYuMWc@gbQ(!xVJ4vp99+cBp3Q7AHvl%IiQr}tX>@J+a}?HX%mlAy
zm4KToa9&wEuceGAUtW-?+?z+i$qA4B<Q!tY>a1dH)JDq;3&lz{3$V}_GfERdqhie2
zRnY1O0d#G)>E3J>tHNpq4LQLEGH0sJGOF~%9>+m!TxVfrxEvv~s#Zp}_0$MHxWFi&
zd6gF6J&}e*9f?e0f*$2C3gFEZ_X2!Dl?wbKBGAy^ycGgKB*0T+<Zxf_;r^&!>Z%GQ
zO^oW>hk}I!bzJZTc8)%?;{W>ee9kn0c%2dxSVjM<8JzvA{9kip^Md`yS^3N_7v<#t
zkl!na_47x}@;Ur}W{iw3CC?@NmzgUSl6pn{kb(dk!eK2AQM~L{N5g@r4u}(#C2GMu
zIKKM`ZC1UmS*HyXq_~yh6$JqF2uM+tgDhp36E2JuMp2Ylt1>JUFKr#fg4>jpBSe&f
zP&||$#pfYeQAD)Ne^Vf`DH;UUH@p$_{#2&4UFFB9(XYf<A&U@Zd{tENRg(V@4G&~-
z(!2YwBSoxPCSwv(allV$)cDts#gM~4SO~jH{`$NpL-IU3<Y{!e=#$|&n=xR8IV&T2
zMK~6J(Be$WUOFVaiZ<Zfr~Hp{QaZtko2!tW+O)8KNjETS%p@6fJZ((s{1!@hI-iv=
z=qIF^Hi$F?^=!C?18o^pY!QfAY5#<1YjKm&XB5^Nd$pvo`E+6i*jV>kY4f>bWPZO*
z5DwXK#l<S!?zyZqlu~8Vkm24gI!zS^0^Ru$TDY%IAGM^;4n(Cq$j<c?>BvMye1n5K
zyJ7&PXN!fIT|V~9Op?8`i~P{1lj)L4ut#_8jLLZ&60{Hi5N`k$5GMQhFBN&2st9va
z&{OkJ4}V*63=0`I2#}bOb!q2q#ZjzDT+e0J9p9nQX!pwDel25k929D_L_Zmjq}a~U
zU4G$@lLPoA!Gz0jFcr)44YDn}P6|JO>Q=Ou<+0M&xw+u&H%_=*8u_rfG+@pHhU&J_
zQr4IbTR?1oT2vnWmf7jNywmF=fx(+1!<&LY=e-=9{>wCAS&cF)2g7V?g9tXv;Hq|&
zk4c%X0(Wcgr3Ge^!gNh=9;VSvQsq)@7e?g?R+C3LWi8TiTNv?6LMbcmw9v0(VkhPt
z26nJd4&#I=lF(&a({>td72LmIUU_j7=1cM>E8qyPM-o!ZSr8=#ERjkn12!@Xv5GW8
ziOp1oG8!{=eS#1hQVo?WF^S4ZC25Li1$S&NDhDNS>S4z&KyoromWnnl;ZP^xy02Pm
zbE`%JOR^YV(y7L3tgx_p!09dF6!g5rYK%d}in~3r&B}2j{I`h9L%5TaQQ+CMLUEhG
zZepFdT^hw+8N)3rDaPBwoH1I(xPGQ+YGG<BkBRF!%!)EOrK;BYa9#jV)56Id^2>nN
zYiY(igtZk=y4))iRKWk>;i^c6#aiOwOdWM%nKBY$w_PjEpnBt@t73FI#C#_rVs4gT
zwUdA0|GG~prwZb<bl4juOCb10K;;U;H?;lAz}Fyf$U#n`s?WUpuqw#J(9UUOc@LP-
zmX4O|5S`K#1nq)+m)*phfa^m@`>96Bn4VQG)@~G6t9(oyM!OiB2*GlN=~{*}&C*G4
zI`4DxIe$}h6S>pTQ(mcPbUG3tWh*t%di1dhGu0N0XR5^Ou-5|n^9C<V+AUqM200uJ
zuq}X8&OjvdjZk5bO?wNhmkPyb&ne;WXDg<fh<{cBenN|?NbuEb@3|IdE_~+rsVe_x
z;hWB!|EHGb=0=D9N9&e__#bEGGruBrr~F@v{`tou_qW9U)A>j`mnkRX=X&626w>pI
z%29tQsWj1DRelB>?4ZwW8uXnzq)KG*9VAVzRges^=L-oVjUeOX;$h|!N!_jmLQrJL
z!4Y(-o{u3*qW*x>v)<eU>f-(&>WpvNNPk!XC<@>evIuQG(0ed!7H7c!C1<NhuL_A7
z&`vpe@BnDBXY36EP!r8j$xv8#pAs{vXMs|Xb(3PHBwV#gNhyaKNJG8Jl+PPNROqT{
zi9z@>Y*#c@^-K|&U-Mf%B`Nt5?<sbODu|;Z60{DIz}AU&REc(~dA-vyTRDtxnj4KV
z#9~ZB;3?D8@}wVN@x-opW8~P++DDJ9yJBuSlhy)+rOPqt6E&opcD2LfH$Bip=iSf2
zHJAKB#Sv1cEV4J5@Ral*l_QNZiW)i?C5z9RW%DYmcN*DgjfYrfvTnqnp;@dv*A&<i
z&yxzM)6fD%&g4%FvxF0x?%#>{rXvt6nIlFM++8TGz(pgkmub#}O9M7&46`v~{4d1}
zytajzB4k&L%2h`xs1zj!W8reMUDlxxbzui~@;I6a6IO)0>0yzu1>(5V9FJq$$rrIz
z%oEJ^-m>9mRfW0m&Wb;Tk>2ncazebZWSQ1K;GhI5#%vA<1vp{#UI3~$1Rm7YQC7Y&
zaMqQQO6n#6V)dfRzZfs-3*JQOI#MsPCC9+=d)PFJC3%dH9D;D(8Z0d_TGUbXDG71p
zvSaqqBO@2jnz&O^MzUxLPo|yL)0K7+2b|W}(gkdIk53jY#TOcS$i%e_#wJpqa@c$T
z2M51kxM>kNYRx3CT)I!_@`YWfk0!tfR^aoAdn$_pNt#Q#nl-J<B(`kOk5XK|NkxHS
zvHl5mNJv?@O>wV=dzO|p<6u@|yK4zdAy#orT(@w9X(6>OG_i7fEW*Hq{V?qY7)Ph{
z1{0QsPi>sNVYo-xlU@*weX%*X0eLe7SrPIpr}PZYz?dIufG*LUFM#Mt$*Lm7>EZ&+
zoVKx5rc?}b!7AqXtPD<G<RQSDIFJmodXnP?8g-^%eqia4-a{)~=pA44BwMU{MNT>`
zHXq>_3W;Kl+L{qg0{v?OUjbnjuu6=6m5}KZDF&<t_|?SY2_^+y$+(<Torq%h%s^u7
z5C&~0`;dX#x1vvRZDAudT&K?~zvQc;?P-1n#6x;o&$u20Y=;K`z}?!MKtLu=56qnS
z(caD*E{SU#G8jZGOKE1SGb#6(bw@*=7}aJ9towBCJaD#C1^X9?6qV_^&0IIb`DZ+L
zC>yhq=Xol12xdb4!qR<47!5jku*m_AFoc9tKt>YAhHPiZ5tD$TN4~|h0OY|~fgeX4
z?{d454)?sypEZ42wfWPW6R6Bp`G+9@2?;>ADXIPrBww?@885i22i~1~tWoE{Wds>q
zr6J@`x6W&g4Iglpc)GY<X!t?GhLw_kmvOatTLfXuZN(do%UDn#Eu&{f2s?$N!2GOH
z)f41ep})GG(o^a!hqOONq4CE=Oq<YW9EJ!9!X^R?69E=O@WxjhoB(zJ|6xoNZ!}4=
zHVkbKUG)(E!pM^D5PAkKax^e!O(Y>`6zx(z4NMHx`XD_ag_#%VKt4x!#E~@eW*7&|
z;?D~DD7l1Wle)ccgtPHlU=sg^nIt3T6|^Ns(4<Nf2OnBs0~r9aD~9FW26$X-tTeI?
z<{$7;lAW~zGTXfzF-B}K7QJf2u;uGW(SCB1n6q+(RjR)}7^t7x9Q0c+#PBZA$Ts!_
zjatgqUY18I^#V+Ga}(R&ld!8nx5;j*;k43-p(XkRS?HtFjyDNbzdnWRoj;u+w==*8
zQKB(*m}^f}s{o;SC8~x6YV#;JH)}V*bsafWCVe3bBZu;qgyy;y>@n0$EF3`IQF(^q
z!i_THsS*MzxNyAcQg*xEYzO%Uyy=oroUAO?pqMPVhFu(!O3?=cLLAt(x1J8*+hih5
zR~`Fd<DbD!3m?PU9sAtE=ohci&5ey(?|yz&;3(UzxNKhgNQfF-hGS>F8QlfLAl_T>
za?cEk%HqN0>4t1qy}2_={sEMfQ*exhy)Ha|<Oj*Qj!0``t9B??+><L&ErQeSzF5`n
z6Af1U_Q{4cv0A}_nJFz-EMToy0q?eIv1~|V_;73}fSD87LF)>`F!N)LW>dV1863b3
z!rx(Q*_dUPi`6sKlH=ufK>(uJ0CPavMs8PS$h{ZOyXBDCtfnee8dYm82kD&pt{C;l
zfJ;{VfW?5LU#+uI$Iz(uaJI#hN=(K9o+-~V7lR?Hp&uXN200`6%xE&7?HG5fUD^Cw
zwS%Q}(Fpe=z))c*>-X7RTQXVJ09S8o04^;`DBlh|?oGYe?k^Qb!`u7~g3n?a9<o?0
zf@wBA7055>X+=|oxxio-XGP?O!g(*sNXfwhr9dn|pP408K^Y3G1u&*FBj+V^nH<y<
zBj>cmyrE1?V=xdx-Ez@JA4!j6%W<S_D)pod8E`=*bb+}eH>;@1pi<A3dZ7>px+8m|
zl-X9xi6bZgJ2p9!Ym#Mj6?A|F=4kgfMH>C$yyTOlT}2mIc_dx23@i%fUxXfUUG1os
z=%-~Z)n0o1vUYLB4j4dw*~4OdsrnhQ5!MbyRvH?IeiQC%X}ZL#y5CaN=4N;jwMY8I
zT%3wFMtBdni6*p%Iv(cV;>E1(9!FOKX$51dWJtMhHf@x+bpqHBas-w}iq&jt8(C3z
zf!(ZOMe!0S%%+=N(M1vnS*C?g+9-<Mr=kPIMBC%!oM1ZG3j51P)qy~;FMJ|G7803%
z5z0ft`(U}TMFn$peC5F{r!8U|;Q8)}->-@%_$jE&g1xP_sbEc&374e<cB;*uWxEv(
zrYf^QZs#tG{H#oZeRovf9&=oPe_V5C@9v!T?p(TVS74KFd@9j|JEf8Kxp0>3yl~@$
zxbrHFvF_py#_>{L$aBCrUeHGwXN6w@t6eEAK(Q)(wLmJd)fG;@sMU6Q(6JGzSVB51
zu@EpA^b|;|+%%R#u^>Cp(p)cAb=1thiTfkCWv;{o=Bd-mKRzz-RGGXvb7(dO?UdQG
zKN{xDg~8(di;!KatWFi~i{#9d^3)YG<-wAfRGiAN@tc!Z5zG%IhS`*oFTF)rm@J0K
zdhSP3$i3eIEs=;TD^`YC%BBQOg$Pu<mAqSI$;s-voK}|g5Fv|<Mde)kS+vk08lhy8
zo{o+-P^*ABHG>SnEbC+^GnFt}A-rrSMLF4qL{FhCtMe3u8P(3NVC6@)IZ%1|+EMZ7
zsC0Kx3HTW~W2zo8b2wq<cC?(vNkPLIo3l74EUHhII1Oge6l(U{E0^rED%DFyu1cMA
zCf>?b|1@cMm1C}w*_?aP1D3&Fc|$aKVQHkb$H2*EoZ|^F>P#)Oj7nBzlr{<sDQY^!
zEVg9%b4C84<Tg9O>L>Wz&sr~D{3)ozvfU1i(<(`iES;(X*d$xp8!pq_R_&;!YFUyc
zN@eY>ptczvUzmZNdBW$VF(6fJyR=3+BN#1F&1r4izJ;nTji9y|{zijB`dfvkB($t`
zoSUi_L4#!2-a++un6{p+4VRTSiv^RJNaoUKYsugmuy5<Kj4aIjL3FYY0(`9_oz6|^
zDaOva5HBU{iDbN*%4KzK`KK;e#p>U!wNP{xEp2XW(mD|%Z=QG$tI)d^ZBMQ+Vx&@f
zmX~5PId`hejU8t}nCE#ytI%prs%71)L%jptF{*n;F0|lKpQ&w7nQnNLT(F8vvS_E7
zOrYrR$&P}P*%`lht5;1t-ONCp#+|2dkFu{kH%H@M?<_9|6gK4|piOZBE#>nFjNmhv
zcz`4c7KeSca-_!#@q=NC+EGD@%9*$^O5DEH7F~!EH_jzn%g|wz7DRo>f!?lOX`PoH
zdU&(b7@4F4PaUGW?P%vj&t>O2YjSpnJ3cw(O^v>-Pi<!-<4}P<SH61B?c!agJ<tre
zDuIg-lufjQ_jPbGx2NY2h?L~#0B}H$zpD_<IovVOxlhW%f+Vl^@IX)Rp?;Rbm{^j&
zw|ju4ktG8-j_}`vr6Io$?(gh9z*6wcB57US2f7EkSt6Y)l6s)Gb3aRiu?zW5+AQ%z
zP%&42*`}&xaUP(Q!bS=RAq+@{KU7I!+QfsEi!y@5m&kG>0>mXpUTegei4N<EGX8^7
z1K69bTtamzpk!4(Ak;_7b8Q3l=lm&S|Hr@2OC59f|GlNLbs_%mS@~3%f9j0?G;Khu
z_<w}|+3Y`?T3Q$EKhMf%eoZSS`_In3JqJn&$^O$a0X1zlp!gQukxdmyDHdYb)hx6%
z3{i=-{kUYovpCa__wgXcj@636jGLQiG~>o?(dK5YxjEL@6l>XLk7hi-1L0%FW2Poz
z2yw%ED=IPfPNXy&^-_`(i7`E5>Utub4oZ$H;RYbPs-(Wk=e6l{ID0aAZjaF4ak%G9
zR3Tf0C3A%WT7t2lLg42C{dJ(yJglR(NF$72TcpXM568*`vOyn2xU}ol#;@z{>nE&W
zNb@s9T)9?bAFlHahP?hrgojuq2qO{yupi-&CASx#tqeHIgg}2k$O@{OSQusqgA|dK
zK`t6R88J~WIy$vRvsl9{#mB3KW@d*eAIFLtsW{VeZPyz3dK>gNkaEMr5fQ5?&_r4{
zI0$x14gTQ<X8;_%7*FI4$x8=JKIOu_ef)72o{d77K<y*h?~{1t-bcAkpBG9-co}{h
zLE{0%Az2XbIS>~y#fQ-9474*MNlRVitS;SakTmbrRupvV2j;Yza3DwB%+0-e7PM5Z
zd>qt%tJLp@`azl(=TT2xY7MDPX~x7LS&6I$Yz`7t96-keQIA)Saj_Y21pNKohq~fj
z9RnTyvfb1nhEzH?X2YgAyV+pm$OV^lsX#q$xpgckk0(&3EQp>D_x2BH)Fzfyj%yJ@
zf|1Kc(P8hJ4O-G7N1yt-JG*<X>jqVGM@3_LRxh9hE)~2GY_=-ZAm?RkWwfFh?nCMz
zFaX%Bnq%UR!|6bfn}aT6GmK5P)D0LWq}WIv*!Gq7^{l8PoW~%)ig)%NB=_sKCW~Ii
zL)w8O9dVMn505sbD}Lc<haO;XMfFpv%#JJ&50KO_q2qp^psDeYQe@VMv5!*W<m^f(
zS#hgPG*Y+UM+0_)_#40ZrmY0})hdH$w%?aY7}+?iC<KyCmJ}N@7Ssx$1I&`lH$3c0
zfZ2Sr8?@vx4x?%F<-mw?e|I05z<7V}o`LH-`ntI>I4((ubUKwNfT)7Q9qKs9VI)by
zI2kAa+S@VEeSOCb@t#8i-F<sHIsw#A_&AU_`6Voe`+5g@sgy)Wq?G*Lz5!<~;1d;(
zjqYoYboUR$4|Wgi>+NE2T*yK4VQG;j?CC|(l}H)r>p0YZfV2?hK$hn<4Sj6M`c2S~
z&c2?*17*6)fk-p@Zix2}^z|It>x3ekyD&rBd$4z)JH8Jn4k{u@i5*>CeRhjtY)WFv
zoG5}&GOz0e`UDPcIAZlF?uP@gbR2<>-Eg?uf%pg+N-MFmm(0ka0S@Z^>O|d$%HRjO
z5A9{!w9+#bJ-bm=qmmE_Ntw0&265`+WbEDCkd!d^B_V(z2r@|i#Qi}yFDJ{ZrYl^q
zEI)EOO)Td#+HE-mZEppf>8|{~tBKI{=Ahv1K+*}FxCI834l9<S!eQ;C*XQ$A+`+;o
zDvoR*lmmu7LQ;U`5*aZ;x-51vq$%x?%sdLYI5`)%zD7ucs4yhKXZiB9<!J4iOI4go
z3W^4Nt#aV_fuG>@v1bnOghuwM#TLjf9@YbMfR$kSFsu|mc&+&A3^}J`%4?;-0f(LC
zQ8brlcJ^sKfu2^WnBJ7f6J2;xxpTQm1q~x+L^khNoj&QR<G2^kZ*A@ZXlV^r5IkEP
z(k!;(g7EfF;!{ojm&=YCW2fW%%~Li0UsGG7J^l+xT!{a7RzCAhe<TSYT|1=$UYalv
zOoR&S&YUDr5(SEdOJ#s9Oa{0;+PqC`+8S$Yi8Zxq$Hr*2XFvof$Cpuf4!=vrB(UHn
zmjF8R2}4>w6C=Hp&xV07pR39qeLkPcAJL3>L5O->TMSnb?xo1lV!Wpe61GgvmfNfa
z{P4~Y#k5E|PkG}(ny8dg<-5uWceLZW4#M@uukYT?iyN6SwYW4AN&)cGOMtQ7lkkeG
zjsaPQ5R4Go2@dtPHEwGp3@u;fWNneF<hkC)r~Iix|G6s3X`KL7=zrrD`}<#WV@pfp
z0{uT5pZO(u^7{|FWp;y`4_HFx{89d`72bg46-!A!6x$kYY>GBD1LbdPB*gy=zy5Fn
z!W%=yHJWBlj)B^ye>yyN!pQqWzLV#A{;TYNiDaI!_|IF~TH5UIzl|*m@&C@sXMPvH
zwErP)<k@}wwXIdU`5W2pZ;m##XieK=Ese3Zwllf=xm+tf%HMvims;7Qu&dAEYB31y
zbj5Fx8Y{$2yGz&``t<BZmYiwqnVP#n1)&8;q>UDG8BBq}2DxT~NdxbI`l-WT6e$G-
zP&B7TuPz(s$2G(cIE6!CcTt`rx{t$65Lk~n{JTOogj1k7b&Quf8=bS}WwxDzn8%4i
z(LhCOrg{JYZcNcXt(XHq>YAFl*n%GnTu*6eEP*?dJ=1geY>9gp8<_#wt0)p-Rgad^
zQoX{17HOoz>0FW4Lgh<V<TskCNUaC`%zDGp1V<pZkkMY@UpJ(Ov_iZC{_M6-1(pZ5
zS@o$+!FqF3nEZ#|*_2S9pO$8Cyn|pU=2-Uw<TuL85V4%R8<MGL6v}YHrU)?v#)sG{
z)Nn?q-AXs$_hzk03uAd^6=y|O7vM_Jq7Z`b4sv+O3#+tB_yPf`tV#8G#j?i;Nw_vf
zajJ7{L9jP}=BXF-bp-<SFA6<}g%AR=L4~q(U!`D;j55z}911+Axhw_1hjj-=nV^vu
z5Q~DvjiNuM#&h`6ir!fnqzKTVkHS6Go{Z%oAQ#DlNLDNs3SgkvsFjTbm4Q$<86(SV
zqaZbe*n@nTQEMJrob(=R7S=rW@L2+hWFKIK(c-gD=g-kFw1}l0!+*kjF{kyc9BpfM
z?HAhg6>Pw$b_uxfO%N3P9JkGza-p`Q#3Kn)XTiUjF&2B?!&o_cy9fM?vZxvRx;wh;
z?#|s_Ys#BxvFBe_zsBP4s1_(yE%#hcE%!3r{1}FE<qidS;I0x&wR{}aIXzklOK$YB
zO1)28E;@s3$yX27=Xfo3e?w)jZIulbS{j?QgSkm^q#V`@nM4+h%4THKDtEmasAHrA
z?lJ>v%|WL{7T4-=waoH)UG;|~V@oMipBz0-M2%Cz>Di;{&24_Xjt$YyH-zGh4-cn!
z8W{+eV-k@FkXcz6ZP5-hmcV9#QgwJlMS^O;gQA0A3ovM(65P+SWpP;1xmXgar<Sk}
zvEH>@g?WPF2oJ+N#qMNS5C=gfB0NPleXaOBR*mfaUwRv>a{s3b`t+WEs@(sZ8=G3}
z`u|(EY-wA#|DTP|d|rK(`#%t$vwQy+YZY()Ev@v$r>QyGxLs>(iM2Gxnzj*k#w3@2
zJqsR)&xq)+>K#8E7Ri?4SvX8J%_QBkaM-DR=F}ahPf9L2<LoM`s)A9{tLA}T77r0l
zhLTPhQ_IFU-oVJqcPGLRwvj`HToG6*n(F$v8c>E=?y0|X1(5(q<nZXlf|*YnMbsS<
z{Qgv~kmBA;sdCbk9R8akg%WU|?iX>tRj(L`B&1C_&K1nCc-(`DEEzkv(cr6PR%g+C
zGKrZHaz%zXNz!H7?p@lPC~7e+nMOy}bf%^5S@=kECxH1T6PzGNwO;H7MOpEJg=({G
z!yvB)8e{~Dnl6$lFDCP0a6OYw%#aB$7D`rBLbEVQmH_x>CF4#N&!8bp@ys&2KF-tz
zseT#-hSxGu9)1ukV3bPnaD6>&E`_Eor~cTXFI02P($wL~e5?e^vadkfnzU|Ga8Zh9
zs3AV;<;WJ-)Cw3u1it_<KA#-47#T(26M3i|WHU7C<t8q!vpkbtSZ$A-){&3b5`r9%
z`Wf4!B4MlnW1E@2(rCJ5jw^=X!2L|<dOn_j7?6Tx8zJ49uv<e)Ye!xZS|DSNf%;WQ
zqsxdJ+%if)fx*M24UR4&ka=*1u#ve7LLN|ou)E;y0_7>K9!=5_IyAe`?C9;LEZV_A
z-_CtaySn@Odi!=p$v5B5JX(<FcloH}TS=i1d*jEd{X0hr(OuAHDT*12@}$U2k{n9|
zM%cbvNnT6<SRpo;po;mzCwmLT7P$#(Uki~oHR_&&?`33gQ&bpIv`}-#o}NY;UCc@*
zS(`CD9xP#7AOQk8GMOVYl<XoY2`a^yg+If~erbV{St8_qMr+`_enU_WCTiPHoDe{$
zXpR}i$TD$v2?ixeN~9w0qBn=VGV8JRgSVVq@v?Ac;o@NQUqT-YD#)zkgejKFdE{(p
zAa|$+sfaj!#V-JgHb_SR%<-%i5i`0N1zQ0J?Ju*M)HT8A6$`Kc$Ekud1fj&Jcd%VF
z$g6D%ReHzfkSEGfDe?t<lDfp_B(+H<q3KY?X@*%2pn5Gzv#2xopme{ql!)7T^_KOw
zPj&oHBRg4fYwhyaG=_H?yeXy)ZwC2m4CJp77Q28szvMEm+?38ddEqoRaKb9bf`P76
z-<Lv6!(&oWKb<sNI6~u%;u#>z2w{LYIs=wtG8G@_FmnJt+#qhmQRnKdB7;{aaPXXA
zxuI4fsXpyE55!_{9B$la_9$EMcJd9hA{LF-n;1tynm|<f#|XdvkbRr@{leD361y;w
z3=99pYvi-xqUrCh|F5Adr{nmY76TzqQL3Sw(1$`ZDIS9@Wp%>L=XE<cbB!R_JCncm
z@DOa`2<NNVa)d!4>|2h}4CI}<sOI+U&OtOrKz7H;_#pSB&M+8xk;Vx_FO(}V3odJm
z3y05^NOGLMj0AW#Y+i5}D0?R1Ql4?Hh))+Q4d}xPx&>vjyZ%E!W>sbhcNFZmSWqWz
z@?`pUpgb<{S#Z!+GiHB*U?G((hzJ~<V!C2*N&{sNiQNS}XCe)BbOsOE5DkY(=-fDj
z8Wd<O$(d9sSDXiGW02m^##8P|6tyaMr|)=Eg8sX_dPuX4i_N4Wtbn~|HY)}>oV!qt
z%jG6$s685;PECgU23E$w0;*inAw9Gu0Aa9sn`9zHR+gS8l;2a!2AOe*bQs7+CZ^5E
zgiG*fxO0d6jwD0#)YvEpOHLH>|DfdtO>LA*cp1jo`jwMPio#;U;O7jp&$;s2aoO##
zy|HnLClyeqF`h2v?&!@CfjA2EMn%^eIh9QspUA!=v>h&6!t2EcoS0P~{H(U@Qp_tH
z==EbXPr>J54w*7)Mk&X1k(ZzBl}jBA23&4|TWgoLlZ7)ypKX!kcquzUm|{h&U2z_d
zvN@EW#IQrbpeq8}S+^W9!Q#cWY~eCTwCgofTwwX_TUZalAjvmp`U8@!b>(^_0f=M~
z+-^HLLVWZsH1^35Ak0=)Sr+tSue??W#$7i0laCiZadamz`Mzwm>>ns3vgW8>u-?tc
zer3h{>S<yj!^>A0zm#I1k>ds#39$j#`?c6>8s!3M>@bMK0xW_0+7VNzwhN=Lxp4Y)
zPtM|);teaaM{RcoMOuJ|8gDw3fINa8)K)||UF&M<bL?~%aRuLOe7M9GthAr;WTNbX
zRM-&)kfUI8Xx$)ek3cF3moZA*w_s2lHQM51SAWTp>4ST1bW^jS$yLT;&c5ENwy)8q
zxnU!SgdP)sfP7-Qc#lQnZJ&BuLz7RoI-n-f*8OA&g*#w*!Nzkki4?O`Mk(TRtWmz{
zr7f)F3MD0Pg|%0CX$e&tbdf(PyU16Hq#%NyqSr7PwCT~<@@<PjUImrjDBTY%=b_Rl
zq-R05BLj?tk<jqtLK3#v?UCK3E{sYuEQ&Ibm8_^nv9xv;tx*8Avm7pSC%-Z-Vs}?l
zY0Xcr^H&bT6`nG3;F7Lgc_V<w^g@OPD-5>7A3SU)9QQfYW|?#(PqLf;1PErcMp`CJ
zwBZ<wQqA*9IdJXq+Acmk*F7Gs?efEcncEJrqLfN*k-<*d$&2z3!G>F15pMbe703+>
zJf~sgx!DC_@M92$@nR<J@XqZbt6ksK+li*<`vwjk&<-EjeW0gP^M|9+p6-D?(P-B|
z7tLvoG)AM{hy1&IJK^`PouJV}ehl;s9O&MqG;?Q^Ci-?p5oqV`-mV*Vp;%ag0nzY)
zqL+B2?*L)iwW)+j^)LXAhTsJsuXw$V>^ux;5g|bV4WW)kC1FEwhm)DG4S(D0hrfdN
z;IlTiZf%&`AhYuIR7nr?kSG>(!NkUW)+4P5foC`D!Z{DSk~p-k6a}HmeqCD{n;qN1
zRb$BB1a9etE-~m6n5If?1V7KDIU4r{9$=5WBStnQm4{1+^A*<q1SY@54#MAIair2m
zH^N9$kN^V>Ni1K`d8EV<RRGk_7|FMuc{PoC4AtV|A|8+%fb<*G)@0%rz%0oN!9);{
zqq78l+#m>T%emHTSoqBDQ$_zrw$nUiHK1zt->pqs?Djv+O$+)zXXP`$+Aos+53Zb9
zDFC@@`&3f&u`f!?%<o*O`v}Ub+BI9cftb!>t}&N=ka9$Rwz1p?iC0s9bnvF=FuDwq
zF*wW4@yUlH;Id3rP9qLl1#mu&TW9zPH)r4uT~BpX<&l_;y5?-=gk8(d^=>@-pDOep
zl;KZT{j-|?-{#h>&366Iw#JqP`hPY)^GgmT`hT$JU^iZ|=h5!F(xJdtDjo(~ESv8p
zwE1p|H8!4Mn{U#P?&)G7k%W6H+EsPr6UlKfB*eDyvCszK1~tk90Tps-a-SV1#Jh(K
zTOq3#wG5$`2|9N8d}%r)+Q7i0-ik5F&9;QGV!#YWG_7ApqkF}>u7%erA16&RGQhtl
zP>B(8XS9iIZb};`{}FIXKp8$t+L_fL_v}Ku&)S_#kc+fIvJ2XX4zCkrP{<E_NF14A
z(rW_KkxF4)EP6ta?qFlG+DxugU`|}H0y6^fF0@Rppv%5EwZurS<UVvE6ybBHV2PC0
zx2F?Cvuz>xy9NJl#lPD^xC)yaw{9gP2X|o?d{jvc?uUgL7%ehkJK147H8mA664^u~
zR~U<u%b+oqMc2tuERBx&%;>I&yR9y`1<=tcKq8+{8}#IjCSXTQh2iQ|^oIyYqDU5$
z9f+iDp3bBZVEp*BJwKC3hRJPoT%T@jM3`j0=mvv6Ig`bFA%{?4IF?B}0U=dXm&zp_
z5GJVAVlJuGo|_~4q8KKlrzbKL1IimK!=%R()nQJISB251^{Oz*G?}`pP-d=r$I_0$
zbLsq8RhV4L+4)q0W{o+EkBwngJ~e93B1v=&8IBxq;*%^GdAi8-ykh`t5LE#R&gw~$
zST<(H(FT$v@*D#vGRF!D$ND!5V<yX-b}m@R74>EeN3$lgDY6mi$V`_U#W6c~!bqnR
z5t1!1O{X10fS_hrpHAu&Chy#53?>h{Z26p#WuxWj6TlU+VX_F)NIej2YQ&{~06CS&
zM=+CuWzvpKDWFIm2Qn)`(Yd6slWx`KjHEs-QG$_V-f(P+=`bc!EXkBJI|*u@6Lhr3
z9K?d;kLxBGuCXj5Ty9l}8j_}i1dv>FoNl#b!I{a;9w~%T6=J$7#H3?k6NpKJuI#*H
z7^lOdC2~8_Nmhb2bPO0#2N<MM0`J^e)8TQpwWmRr@5qKkYvGPN7NrVs%(1Yi!^g;p
zCGBo=BJYHm$R)BY*JYxmTxb1qu45}mx#>hvcN}liVN9l-bLl<rw^=qTRdhBulMa()
z%+5OY$#j@71xYsMNw*1+^4%6Cn`&~EaG7dIrP)(1n9cEAa$+hmsfS0!k|BL_4k}5r
z=&j*0=w`7rI%=>PoosdATr5KX6<h{`rXz^!+T}~Pm~>hHB#~yi%`Bf+@-J|Et^klB
zfT}>aWEXOybe@WCEf=})rBZ$-;X=JIJDg#wH{)PF1cXijTy`D<pa&eiq&i?Qna+^g
z^h_lTGfchVBG3uLv3sc(D#99+FsGC<a?z25Y0ybEvnjXaj3FhH9|lh~T#_eP!)?I%
zv4oVI*T-0LvukRLOKO50>6khlCO<isGg>wy>6(#gDaq+j16b<e>@%)|W##F~j6Yd^
z#cZ-&<$Us!@n|EEOwPCrnTRx$OpVYDJ#)gALsIB5o59I5GKn!gN`6ohG?uXv$q#yt
z(1D?eV~oQwbSaVipcJ3<)Ji?ZNA_6WJymx}&1WUpe0Ge{3n`KOu*ebff9A|7vRR`!
zMLsn}!!0#+Y_en}1M>nYJgZF3lrn-A_r!*>kT9)W!aZb4VUkqT>Had3IXRd7%(Cuh
z<aE41kEHc*B0G~wP{jEWcaRaIC_u*CK?u`pp~<_$<c(<#QWzVNLC8<Krql*ZOBGM6
zNT(%a(^DxWYs$!`a#N`i8!iK#NBO~zL^^7W=_X6n-I6o(D5R+wogH5A#U<G^(m9vp
zDHM0J)X4%{Ht@wI*+^nDP|JaABR!j9bkZ0danDGaQVEkboAXqbvII+YCMGCPjfsS#
zGwA9lP8VHL3&m-XS}>C1@P%cJS{X&gM2tyofFC^7nOHO@MIu=nVG|4&AyjY}^_or2
z{tF<9>lar8w@mqlD7BrO|GH><hLMs<Bc&^(+dWlxNj+Y)5|5XR<V4Zn=VNZNY}Rzi
z%EC*QM7<M~DW{o)u$%aeqcn6m(;PFxn8+3oW)eD(%Z};=J)1<Lkjtfui8NeWPX39!
za95H4^QW8BdIGNU{@dKr;&}hv+O!b=@2q_0RS2%W00@Piv+4!HWyRu?z*Z3iu(3^R
zY>hQ<i?y6tH?X8pt_~oaP8@7)c5~-Ix|agYbC9c#=v4Gx&~<Hs9LrQ~JTYSC(j~Ch
z9?{2)tf@^I#c?ot4N(`4sDPQ5y#1jiodG`j$k~+CQ?vlo0_dn-whdW~Aj4*W06d>3
z$0sPh<^(z@SkTF}+?XWoC<jS8ON}|LcG%z1Wo0lCe1f10+I@YwSpEr!Q8=sE13A8}
z1BQ^+6l&r|%?Q#CUaYvrCqt_|$ukd7Hw9Q^85~L$4uv*K7=AK*F*`o)FU#4QX3OxQ
zLfw`g0GQ-b$6N3Z&X%Q9>gKtN4vF2?(pr#ZO)gbqYKM}7zy?DzcvEb6b1aI@+)P_3
zX}MZH6r9#F!v6(Tg`MS_zT5g>TDMKZf6njubNy61{|TWo&#?YiYipZ5{zp@D+k*f1
zv+|kW^G-VbL1P$K&+L!?J&6$`ryaCZw&tuEW?!y&@;BKu!y328+RlPz7&^=~P@6ho
zg$4|Rm$;N>6m@bn%N1hO&a5~d&+CPJ33QK(geXE0B;PPBGt`QhoX0vU?&=A0kaK;e
z2_20}i)bwB^`Z?aREZDs;EI<Y%ib)xs=-6|3>rSu16`Pp3GD%@;>}Wpb4WJ?3{ZuE
zQzB1mPbWxA$Y~(}EN8RyP@_IT!E=vPpg5I-Y<PY*X^)`C(+P-2jJB}=No`@k2q20b
zj+#0I89;CK5z<Nx+#?y>{LbqR<d(OoY=)BP1mpQ~4oxGybZIyADq)SCmNq7ITW4T6
zqNFEAu|j7M$Sp%jV?XRn7GHN6TzA|HsVzLJyKif)l4t8EcWuq$-Q|k(g)Ja+KeR-+
zi8@(|QhtFtEy0x!seWomG+Vw%SnWY|l4%gMR~YoTb`M>}Zi*28j=;+1hZUd|J7HHi
z^grt~78ZIt3APcqlWfA;bGktHbOLMyz<mMP#yCwVv^QPnQIxb?*4m=oQomhtR8qGE
zK!cO=hD!c$kkf-bE1ahjzP^yl8{h?llOv8D4O+pqxM>j@L5>(2aKli_3s=**95tIo
zmt17g!@>eOC{X7LieDb)TgmQo9(Z%%BL$5lEYIT7ok92mX5MtrB$ye!QL6~&n9|h<
z7yzp_m>;GqZd~z^!~NgoT|InRM%5Hf@%sv!OS!c$U*#McFCmdl(IBk)Fm5s7^Vhkz
znpBf`f;fmaZt#U!h+6(soW<>BH#b?15spXrth8(6Wt4X1vzVOSbRL*(BaR=;Cz{}4
z9&UKq(Sy^id&P@EnThA~%ch;Tht%!rv)8&|j62--{vYw^I=4?1{@)7YbsAd0)#QIo
zZT9#tjSKR>v-Fu?rq{;*10k6m|37C=UtO581&9^muQArtcqT*qIjleEc}i$;NXuKq
zF0artQ`l_h+uQwRXdQ=DI37a%k=u!0#rYkuFL!T5Ic|WqFhp+!x=R%1Q$0U5X5+tb
zfX>?iDuqz|6FEN5HL+XxI6hU*e<jT4sj>jo;y-S6#(!&V*}8E4pN-G_9*ENUKWP+-
zB_JKJfX)mL;8>jJiVbj(ZZ$e?fc~uZv|*823a<^?%{PaE@bXMQM8i7m+e(%F&pUKl
zCV*A;|JKIFRy+T{VE=uVKJ&U0R0@ERqv%^V+qL^xYypf70fKq%QlH6!si!g~GU`OX
z7f|d7q;>A?IZ#SaSII?mqONE1pa4$Tn=ue?u{!#7oo_=adOb>y)PUqEy_hi4W~3rb
znm4rsX(J((vPY+AZi%&?@ka^L9=q;=o34QrpMp$*OZZ6^$K29xpsv`QfU*q8CEFJE
z90uzknH9yr&oH%oX(VkVH63K8sE#1sFA`bJANTv>oxO)|=<C_LZ$N_x8h&YdI?GQF
zDc9BA-`Ur5c%Y~E5R~hni%z3&G_c&R*GHJI7PctqDl|)ZP{1S@uIujWhte9YS&j;B
z#n}KsXht{91jaSAs6X|#0?M7>%U|_u84$RzxQ=d)pg_P3YG~Xq`_JRvS<nM2_l|G7
z+QspqzYnG)fD=PwlQHj<kPxR1Y?+f7>Lw;0!aU2}8Y|0v#8@c!8P8KKk8Y$u1cr~g
z*y0W1IuZ;Pp(Gz>G(*#@i;}<-kYIxpjtb(-mS8~WtcHFRCt$V~%1*#E>EnV}jzX_C
zORh-4f`J+WevJO1(Fh@oN=4B46o(rq0K5leClhHSr8PiZ4b(Md#4jP2dPHY|-=488
zG%|~ALIRlT;zUtyBu8_Lg@<`^<`8Ug5Rx?^Ee?hoF8Tl@EvrF*M8D^@b;6PIf4Pc>
zRg^zR%r7a#!vbQX!u~2jum;?r^Ine>>4sDkXVpMp3v>;o5(koc#(LYw-CN-UFQsbA
znRw>94kvzq)<qXDX-*dCT-rFngAFMy0T{M1gr6<-H-srhpC)7(Z}N-qH`^L1?UHC4
zJ!WL$=40D|VPr0L_W?F#C&(p%;nvz+pEm+BX?5bHu)&~M<-B^_jSQaMm*`EQEER%H
z2O!j6HFjUP@Nz}OH=@!Lj$u~)8MpVqzGv}^Dh{$m)M<CW7zN};1zpf^e{2C|<|EX(
znwmykwejOPc;+Yueblse&>1Ed0mIxw7#?$6PmvSf$mqFJQ8~9k^Noh}zz|^p#$<&o
zE{hHnJ2Wh}w(7!C4yAN1fzBhWlL?g#2~1F-)C%zmsB<UzpreK8+dhWY5v&7gjnzNo
zwXL6lAPd+C5@6||W8t%kdOo0xhxEQazY{{a((xSi<WKfBxIeN&V~hKarOiQ3)lw3y
zd*{6^*6NtjL9+%O{IPb#X_8HvZ0bb@nlf<u7#LYF9Qa({K^H#f?&Bi=IY>BKP?DOr
zI;zNj+FBcJ_8(1c&20<*pU%o>0~Js3Ij5mBTb%Bbnzz|)C48N|hxYXBZPy}9&f@bK
z*<`wu(zT5Nniur>2IBn#9eo23Tre3e#@QO92L~K1zM~!2bsQS#mcg7r1M!|iJq{$~
zprF}SrX#Df_vqoyjspkc2aa^~YZQow(-dD2vcKb+j-xV|nK+i1rhk=|0*F#uG&yDv
z07($7=2}uHIhn@`cVtN6g&lb!#;NA!rA@11x}}v7?P?XDe6&gqLACPQB3dOyaxt28
zrD*MChRk<;_ii%U<jkT~N78xxQ6zjN`R?oL?IhW$TryfR83dYbvXr!u)U&3pq-7FW
z!XGP1bdu#1K00H@sITYXUfzVv7_Avhq<Ml2>LaTO98{8}3*lNf24HChV`N9rB}{I7
zAX*B8(CpTs!J$F2n09yccegbS4G#@t%Ekami+A<(1u@Al1NZE91t#gP@bVZ-MdW1H
zO5)u|2L!yCD~p%RjSE_m%CYXWI<D=~*l578D7&7G5B)BnYy-thK&DHjSVpOpp@VAG
z+I-&RcqW(9HcvaVd?|9_h-vUQ4(yQ^4u^2^#3-Qb=!@^^InWJF?CR+sz&Y}H!K*^J
zaGWIG*mKwk5Z&bS7BU24R4L};Rm6PW%mnab;k=4BnHN-<J3>?P-AcjR4VF~K)0SPX
zpdg0~gF-qTcqHhu2yt66Y!-QSqGE7m@vt4nFv)b-iA%t`Vk3K&VF9`lbmo;S6(w|m
zl?0OGC`t3nmL_z9l?GzsEDiZSMmE$H!HI!uV$~^g0dzxCexmFkZlx<vj{}VNGmPhZ
z%&`eIrI!91`s2HM4v9VCfL1{Sa=K;Iu~Z13)ogML9n{tXttkT%RnrM$qYZ02==C&d
zM+~`T@a)h=4WBoi)xzeeG&1U-Nqqn=CT0;tw{}w6s<wuv*<i44ftjqi7!GH+fajQ|
zl5f{hgAA8#;K=roDzd3WI+xYOQK$_m(q&}@l*wZ>&pi`Hrc4%WV_!0@C$ce0c}HDN
z0G`ecq;t)MpSw?m`(I?r$j(b0)$V`Itv36=rY$6K;r@3vKDPTG%(-PQU-b&eFMNz&
zCxz7;-_Y!Cd_xs)d_$FPd_%Lj@eT3QZ>ZvpZwSx0p$a!XUfYoCjnB$eZhRuye&Z7v
zE;l}rr`-5Ns(j-UiEcMO6~J~0Q!;J$L6Poy9~8N6_d$`V-UnT;d@f^VUHOLOE8mdg
z$~ROphtw+{q}Z=~kY>B`L6UmqgA~^*-w@%<hU6<BCOEEq?pHl}#P^Us_Z{x*CVzwE
z@b;VSMlJ##i31IrNZE#<pQcLM-T^bzP(N62-45%A>xUacgYAQZ(*1CFc({F-lpgYV
zy=5`*E29GgyEM)Qi9B%%9)-)9Wpm(iNs%-R4yMxS;o*i^R!`Q2Ywf^!sFiDercn_*
z%{%C6&!EhMxi%gvs@D4QcUkGu(6dK7)H|ScA0;;nnY*N{oP3ig11YGZqsWkS&&cIx
zD%~_B&~nw_)^pauFCnx7_iG3TDu;TS>z>(>3ub>$Z=Y6gXg!CtfbFgl)Vg{#texb$
z;8Yn~mwO0XGYj)@hUdXvt91Vp6{^=p+LcNdM<-TQN@nknYwqlD3_0(Mwg#5DMq1TO
zV}WQl97v9<TbVYXSPtB_+q=Ls#GDvem=nC;+2+E5t88tQ-m-qVUP!G=T1rp5T+wLi
zpZx{x41Zkif0PrO$2zLU|JvGQfBz$?3-`aX@nQErI_K0~N{diUZfet-w#6D-Vr|VX
zs>!|$TK|k$)H4mHmNrHT3Gh-OX+Z?0FyP0Ckxih73l5RM5FW_2=&7L3;zirFXvr)@
zQL!aT;G^U+5N(SzsWp`n&N@IRw_*i$?BHr!cg3$y>&X&oB$e+=uAot$m<qJ5TI+C8
zY94_*@&>Il2Odp|%-KaThh0eKG8s@T!2nwZ#30ER2u#6eV?yl+p(B7)XrfTvGpYTc
zH-=jGglLyAIElE8?dv_*tsoR~+6`P`8t&ExsOnLbY`Cua_IDpX(A~#w>CV#5mst5W
zP40dc!G{I}qxK7;3kWPypL7JdfS~Y?DS@?v7Pjy3{=Js|S$JbWXoztEJRl)JK_7qL
z;Rz8!7$RdQeEeBQq@OVIe=;XhS^7V3(!W{I|K>J3{cqdax<LQW#z&$5Li*Rrq<<}N
z1T=%_&n14=8KD2k*bt!ugd`6U@cAP95>iSg&n&ICs+%8Dui#@}Pm|aSlvQZF%&*H0
znIml<s!rR7s?+wN1=@ZFK4s~DsW5K}fN12|)>fAOH?}l7=zrsa{r6e<Y*>#Bq&e>M
z;q!7>7)9g?#+Wv|gR6;WCY21P@&|9qdU8Cc`3DL!7;iAAQSv#HD_Im0NM0lo@na=Z
z<3@5E2)e*czQ;)`+HV$FH(RNoB-4H~_ZhsArQYmgc2&-@ZB4T%4Go7M;C9TJ52bEq
zBeIc$Y3tD?oi!x1<3P>9&12Sr^oz{S@dQ|>^6`QURBJNmC{pz%i+jFRpt#k~hnS-}
zl$+8DrL5Kf7H18pfR11JC^z`|kXY>kRsT^4%p2m75czvN<OTpozEl+P77up}><jvF
zY|iz%T=<-wj|=?=eUN#rqYC|pkB$DfwrpwfXl?V_iZY)+bNXLq{z0#G-s+h9{I@lM
z|CfdNKl7go^Uq(sPrHsP@xNQzw%X@^%a-OX3;f^N_&ocKXP@+3aLt~cJ)WAH8qYrR
zKhLw@Uvadjvon6UuNUq{B*WubvG0J9&DCDu@no{aLf_uq+R+<s)RsQ(sr7h0OFT^;
zPa<jN5BBdF0IWUTotjC2)VhB8HBSxv`{nSy!(_zg_F0w87m6NF&0+GrC8e85^8GgQ
zJv~*-L;BO?``VES_+GmRz86RX$@h!l`xyNmLKyn}YWSYYfK#$sXmdW5Nx}C=$@jmW
zEa~KX-2w9b_DMsZBHzD4z7y^&W03E^hO!yLPkB6xRzP}@uw3LjEZ7x=fxb@ieW%B>
zY{i)LeMI^WVUwU!svnW2?c29$`}C=_UMz+WgIA713Z(~$?2N}l`;4E}Ft!>Q<Sk9x
zw`>VFN1CL8s+c*;56mt7_KRzA&T1}t%t~{E%iZhoY<q@`&C9K{k=J`X5B;UbbMZH=
zw2g1|c+MyD_TU$!{#*p>MGmH|CnGSR;!_o179Xj;2%r<gqjfO}3XEGamj+JQ%qNn%
z7Pc?qQ!eP<j!>V@f=g-FkyQrwgw9+xWl+Z_*>aP3ip6Xnx~|D*&D;OrSsRadF8IP)
zPu+h$=2^66xu<UE%_OHr%-aF)bspGx*I)5Ny6*8)<HTC~GWcVXyAAy6>>JRMrNSi5
zgKg<q?D2Wd_pJ3?;<?<j!4vR=J<Xo2o*ka6J>8ybJiVR)&kdfNJW0>EC*vu2raZTL
zUg){qbEoI!p4WKZ;CYMZ?VkHQ_j}&&dC2n-&nG?q<oUeki=MA~zU6t+^OWZ&o~J#(
z^!$zxvZXaEYu40UQgcO3ea+^Y=9+CayK1^?4%GD3+)#6K%~(ygrc`rl&0o~qS@X)8
zH`Lryb6?Hh*L=9<lQo~Kd7|cDYra?W<C_1j`E6}o?TXs9wU^aiSsSh0R@+g#zjmN@
zxOS}ec<qVW+iG80`?}hDYu{V@VC^SsKVSRR+9zv&Qu|Dur*3)OMRn`z!gbr~I_rAt
zZmb)vE7U!&?vA><>h7((zwY6>&(wXn?#a5J*8OJDl0|D4X^X;(b}ZVr=*XhvqT`F6
zx9BB{-mvIhiymC`=%Oz#`re|a7yV)J%EjvzZ(bZ*+_U)T;<3e3i*H|i*W!09{@~(I
zFaGM{rxyQm$&w`(EooS?b;-UZH!L}}<d!8bS@NbO4=nk_k|&n@V97H}moB|z>E@;F
zOM90lmKK-ZzV!7=-@EkVOTV=AsinVOwtU$Y%bJ(%S$5;H?6MavyKC9Imwjy6mzMo-
z+3&m;c<a3}Z?8Ayo$<cR`*!cc-Y<Bc^8U`Z%Gcm)_YL@t`CjOIo$r3%r+we{{bKp@
z<^JW{mtVWwSpI_LuUr1U<)2;tz2(1Iv3kX(6`d=FR+Lt}bj3SYd}77FuK2~ul`F4Y
zdG*R0R~A>kbme_3Keh6^D}R07n)4#(^_-VF@A>E5ecprTed)ZPo$o!r{``*fZ#w_P
z`FEZFf%Cs`{!cIPUU20Fofjl7c-{qfU-01zzJ9?otJbV)TGhKMv+5<Q-o5H`tA4b4
z>FO(2cdt&ZzHRl}R)1>s57yMJ*|4T_O>)g&ta<yIPp^4u?UJ<(YkSrnTYKl)zgzqG
z+NUpEePQc`*IhV$;oTR0^ui}Es=MgQi+V0fU-Ytz-ha{8F8b|rE_+VLbM)uD_&N7K
z=S$D|)y2=f`09)Gi|@Gjfs4O-@oz8DF6q8x;*wWf^3WyUxpdK`n=ZZf(y2?|eCekz
z{poYpK6l4+lh3{5x$l4OH`mp!+qAB4-7V|hw(hZY&s=u-WqU8nU-tUTK6TkoFTd#W
zt1mxx`KvGg*yTUIV$Bu1t}w26^%Wn#;y<(twGJ(<y-s^ndwTu4_50SB*59-K@%6v+
zH~5eEU*vzl|D6rK4cj)1Zg};EM>agY@rsQHH{QDOJsZDS@2%ffKVJXZ`p?w=>dJ;I
zufOuIu6*dqA2nRu(9>|D;XMuC4y+7Z6*wNaH}I9<lHj)BMDR_)FK(*c)V67S)7_iC
zu(@{gmd(cIH*J0*v^caqlnvb*`g(XpxFb9neoy#&k&7Y+A}@+O6!}?nWAw)8E25u?
z{-Lq0G2Qs~#&0#PZn~!FMNJPk{de=G=4A8T&0lF**|MkQ`7Ix6`FZQ+R=xGjt>0){
z({`}!ui74I``;~Fw-mPAzvahUH*URo>l?RzecRe?hqt|C+h?~g-oAVL^S6Iw`)^`f
zV#V0|WB;`yykla=yLbF(XTwf?=i7Jwpxxh|XuqfZ$z9s6n|Hl+*OOPRzbbLny;ptz
z>J3+?u71bWKkNv09P4;*$Io^*?k?>9;O<{_#yU@Sexj?cYj4*bU5|IK?mp7}hVJj~
z@$VVi^PW9V?`_+A%id4yTfA@ozE|w~de3D&$)5Xqp1x-5H7BombpML|{rlgr|N93v
z9Vi@l_+ah9YYx8Z;I|LeAIctjsMpim)BCF4?;LJ8eEje~Uc2Pl!`I$@?Z5Xm_1)U{
znf^8X@&0%B|8ijWz{>`{btG`4bmWoi&cANxy8EvC)%9K1zw-Jgk4BH4Jo@<?F1^9H
z;X^krz45vm-*MwJgWZF#8GLG}ZRqx)uMIa0PY-|Yrb};1-}KS=`SC>j12-?e`TCpR
zee>@Vy@`7h&y4hpym92|WM}fV$)BXIPQ5zyW4&E}rT)Xw_R&|4{%EXy>{Vkw9=~e*
zuJNB5oyHrCpC8+I>@CNBHPJiq&WUH!*QX!IEX&-S`EYi1b|U*|?(*Dp?uq>7{O$QC
zkH?O`=J?Zv{e^d!HRiDSq2gM?Og&Z#l>V~xy~$mZcTfI$>bj{9Os|^GPCquYY39W<
zKRmJL#NXbs=$7OykKDTc))(ITy^|d$?|EL$^G2Tc$n!Tm|F-8p^@6=Gc-ISkFPwPc
zzr3jNMX!9(|NO=EfAR2bm)-V)+kWtud;ju1x1V==;r6fp)sDY<%U>`0YvZpUe{su;
zU;pAi+>yHDpYLqE^R7F8|B~cO{`qg3{^oUm^XyAUU;6mVw!G}kFJJQV?90FQimP7n
zu2-&l<%w7R;8h1-_28?uSKsmK|9MUPHJ`hy^{%(P*7w@dYoC1Gf!BTL^&4OR^4I_V
z4dZY4>fO8Ve&CJk-uU7-{_0JsH+|{NSHJoGw_Ns?JKyr#w;FH##yxxQdGOvV@4f47
zOWrp5wts*7b#MR7-){Tc``&TsJMMhP|GqQ(&L`j1_pV3p+j`%9?_T%rm%XR<J*D^j
z_`O5#{o>zs{oRM|58r>!0~bAT=leYGE4}YO{{H5_|JwWazyFaBZ2Q3d|4{!AZ~Wkz
z58m-$&4V)!KK;=6Lr;F_h7UdQ;cGtp$iq7x{@_1G{_&k3S^tr{KYHOuU-mKI$8P)B
zvmZb4@n=4f|HMx}IrhmPJQ9E8Tc0}msjobG?W2!>djF?C`%ioR=~JKS_{_&Y+y2>)
zd@lC65C8MFe}3rmTR#8bV{MOp@L$^g<%5rJdHlgIZ2iKAzPSC14?nT<iI08hsxN)=
z%Uxgor?2#U<?~-X^wlT6cI0c{`1;V-pZrGZ8$bHj^uPZ6o0H%C-M3!w?Zw}|<2x68
z=dSOr`|iE}7W}sdp4{@}N59wgy~n=a|NU?MAo+uz{6F*m{r;)j{(a@Y-}S>Qet6%H
znt$|>AMg3`7yo1MKc4zY{wKft>Fxiy>ObH3v%t^(;lHl_ug9J~`t(yjFZ}%3|9;6Y
zF8Ref|EKkT9(m^QGvEDX=9j<w)g8aS<k#=|&9>is=C{}X_J_Zl`u)=1zwUp7|NHPC
z_W$AA&t{%|_StWFIz7vlELpl_@iKBUdA-YgE7q=Dv3&W8OIEKrf9++LUUB(lm#$l<
zZHzQ%{?LYX>jGPYp~j}x*48T;wzqF<-Wh3WZ3ZMYUaxn>@)Z}aTzPRbA(qW^{yh5$
z&#GmfK2Nr;#_y?JRa3XB=GjL*>j+P?816yhv&2)kXz|jTWwj)??E+6tU0q%6;@ZV^
zi|UX8s;yh(S-fh=`li(#OV{|XO{{(4hUVSJ?-_Z;-(Pr9-xDo`Pm*Gn)_Ce_6r{A+
z5|X!Jm8Z70W>IZzot(L9(dzY09oH^i(|r7%XTRxLQCCBnShvb^mFJ%4{o)-DT)*Y1
z&(HjS_PztIiLC2;l2C&{Xo`w3M0)Q%2!t+DLX)BpLVzfckOTn*4NVjk0ck2C2(F-r
zps3gZ5wW14V4=9kVs}>r3$BH4CJ6|*tB?Ec=kxx)&$}C$%-nO%y?4%>Ip^No^KUyW
z9pfkbK;gwP+>_q3=aOeTZy(uB<0YZN&7`@#+dK?;b35m~8r+e0EQmmpZgtLDr+ZCD
zWyvPbk-g5xlfbo(mvcuLC)W)j_M7T2zN}iaE$!K!Astpv=5<G_i%F2Be0U*l^r2GJ
znXb74t}=;{5@(0jWftBK+pM0d^his8@u(yZ`E*t(VUfG+yYhxVbGxYxiy|K{E!x$!
znjUyDsmiyuRn{+eMazj_{I=~2slU8agg>wDRJuYjugt8$s^@0gD@9eDGSd(HJ$}-<
z)~#=F>+9<Jz2Y^qbRQjik0*m$-9H8qx4n@najV;-e(XZovXBsDZd$dr`R2`U9-cU7
zmFJ(xyP8383b}TE)!0EnhQdL$%X)zS@kPYm!IG|?#=vsDD`LG-Z4a#Tb8V6@9yq2O
z*w7=LSw!#6?d83Q>G7j9r(j$K9_@O!f8X<{z|j8gdGw{2+hZ$YNnN<wIA!zj%;)L9
zG$__|Tum~%R%w$`BY%G^;Z+%K<2#e<_i|o}KM4y9RrZe(N?Nd_;hu<~%%d|NOYisZ
zwJW%NOW@^hP*V$$UebtMcR`nWbK|l>b>k}ZCb7PE(SY0btz#c#^+%VT>Nq_nSbuX4
zE^yR%uFKxV>koMq;#4o1myB6<<E!@m^3rg_^S!Qp&6k%Yn#`809?mu0^Tf<w!f0*7
z?&W#XpXj7H&f5tmH(Yva()z2x0&$JXxOmT!5oe)_GF1!7_giWgJw2tNsdv-uv7gAj
zgKwUlCL74cMr$W^^?2?ciLw7P^Lp@2pRvc@XH7?C%&SVveS20I-b?HX(iS$#KP4l-
zzE^ryxvA;3M<#L?j1z9Y70SEqtD>vQI@A<eQj+|K+e<r(S>;W!>PxJ4F1#LF>zi}g
z`o)g@^%SQ!%lxaNoWu_v7C&nGsJP+sb;P2ZwdKH$XPfZCg)+X*5+@9m^?Ggdj@=-n
zrIlGIE+oFG-rAz>5>5^Bef^X;sF#+y`L`0j6)#$@l(+le4K%$Rk*-M8l*!+>Fy_6F
zw-Nc)v)HVR-K#wX+&^4GSest@*zigHxR8bxO7KeEiItl_Hm~s3)a`P=gBAp3B+fkq
zMHXeAt{+>&_mU(&4$S4VaxU`ok<24)d+t{I`?Az%*P0FUm({5sKDuz$$=yydsA437
z-=gG$M|*Q1PHyj}$62=V2U!I-OnQmV52a*Ag#1sNANLzH)?%mzwp6JTPHsv@^GENh
zq`KcbNVr$fwe+%HPmuGbEhE)K`En(_gWJyPoS`KuS;R;mK3lEcRY(w(<4di%9dR-%
zIJ&QS(7EWb=Y3^)hb^qWnBv6SN{u~>Sy}Co<3Pf_lJvQ+l_ZwDJ7k%yBO0n4b>de8
zr>gq;fD2De#{rjY@$(d|OHT!DFs6-i2ez>G92Bg$b8|MWpfA?-Y+fOuM%<zH;@bm@
zpQkq+JNrzt%C*YGadFa`51I3u%S*00kD_lYIeMRSKX`2Ja`E$<o)GxVC9XeTVU*HY
zbN!6NYNGQU1+%=@yx~bH8BxiLs5@%9Yn2>I^4qs8$WTzOT2h}a_$&3!%l1hBMQ;5X
zw*o?zEk-9Es&T$mot;ulG<nhZOP^9-o7Q7NH%DnyCb>1`ea?uQbFFDv`;z@jZ<g51
z3MV_RQP69<oZ_IiXl~>C&U>EH0_pB6#^Ov14(}v29T$7rWUl?^iea@~e08UU=euM+
zxKD1i4hiZu`R(IEfl;H#l7wqkm31HH7PYi?Y7urv_3@s({O95|#m}v;bstr@SylE{
zFS_B;o<mFSc<hVXZPj%`Puk|3fTgwOzQguF&%VI>$IW^^#QBdB>M<TK2<axg3+tC}
z=KWpN=(l)`<}th89n?zI*V?0ztDZ_fl53ZIB8u)gj+=cSm$KbSHO6U_?q2E^)4rk~
zW!l(I%Y1PnRo%4lwxgTuyHZW!L8Uv7v?MUOhdsJ7B+K6Rns;_JjsrJNyy~}Hg<B99
z#`@zV?qZ+ay=NAtTBc7U73+?-et5g*px;o1kE4IM)6Oey{YN#tPyV)Fh;me-(UfQF
z??<Iu&jjR4HD6&FT`b?bFed9x_4-GH<a^x@YkRtWvyLa;$TeF}Pw1OhefZZybJpAq
zyOVcH%R`MIqdeC<U*b-TcfgJ|eaT_zXHm<C(pqL0<`opUd7$VHkqqA*=zF8XzDW)F
zIHh30&{HQCFWlOzto+{FYraEAuh(*+Io^xK#7C<HpP(03Em5v*@;$IEb5Z7omxG3~
z+K%MB^*6*BEIy!Sl|ss%-b*8el&%xrDtY+;q12(l;7<k7)uVlP&vf~hG5_@T-qI$e
zc|5u5^3}PI0&HJ-UXog{H<ge>h?}e2bZ^Hy?5;!U?(aAL;&XjRNa%VQCNqCEpKJH_
zUl%^@_Z-^W=9DfKJ`T*gWs_^~>YM@m_U@o}H^N<^A^li|dWsI^{#xPKk-AjiM8uP=
z_wG_$O%*H7b#^&e5iWfwFOIoX{!qiHU-l-Ss<ZN0Nwd>O(zSt{oW?f?Qlnx{ZBEb~
zGV0Yhu~qxZr6*1N{1&-Ml`B0~c-gEX9of!2*-I9?p?~9Sd7tn`=@<UphfA=2ggt%9
zl%72=<Ifn4x*Tl6NLI~#wfB6s$eNLebLV$<y^A3mnwH<{xqgVBvFowWV%^wz$$IX+
zTlJQGNK_WQ#9#bI?&CrGO9K97?^ZGnc8h!2$6V{%=6%dbv-0W6yn7E5J{eV=X|Zv?
zaLpOBEj#;6W&UodLv0a?PFY8JQC%Kw7bSU}k6o@@T%SPe3XrX6mzUM<zfsV%QBL0K
zAl|a9FVXu{iD9K=5^kUL!UI?1Oy!7vBCBdrJqrr<4eaUeeNd88AKy(*a@i9~(akG+
z=5yKEt(Wn!vQ>2ByygDQVsxP7sSRr!kQ#c`;2>owv$w3Jq&#_P&Ddj0Qj`Dl^sTdH
zucTW_H5>1m?dhs8EPn8b*?^;|;e*PPXG3WfwSV?B({l4kQbwYgzIPTQE~#bTqZ6K7
zTl*oi@s;u7&CH0BlA_bCiEFo7UD=WMsN3s?a%xVu--kuwrGa^v7lCoQ+ip3yCM8$7
zt}uDDPJdya_sSbfXq{&>pZ4Y}xSm;&EUdOw%F*jwM^BdiH~?8droX_H?C(F&-Y@Jj
zqVo{htE{+i93a-2URbpzd+6T$hB<v`*E`aU?>$=|tgzjRn+2M0j^#-{x?1W<&oUv?
zi@1uyS9(#c3-ur9<&`ax>UR6IUvzoJ)<5<W{kLo$*}vz;;*J~LT_?l5o%7XhB{o(O
z_6ABkX1MN4b<S5;6}dQH+2ZC3gDQg7<tr~8{FM*vDC(_2u#SqJQS*9awSB=w5&BWN
zzMB^uEOvP9@0`1v*CDChV6Pm*Ip0G(eEja;&&&PT@|E?UDVrSsXEMIA{sa9tGyj*d
zp7GE9-#?@{IN6&R6IlQYcng1pI=Bh|)(Qx$i;j+tjg3uAOhlnrvu34=i?5fI+%SLs
zCM<TVqGFDkTAqPHp`qb+bMs;wn-V*_GH2%sPtSec-c^Bt)kNZ<(9pWb$fGea$C=C%
zYu21jO-<drdGoey+jj2U$zq+|u;E-qMMZUW^^qe-PM<!Vme!P+*^--kF)!~@adCTT
z>9vZA&g$y!y1Lu-^><I7?r&*nxpL)7W8<$~U0r>Bea+1SSFb+k=y=rC^`yW5kD;NV
zfq@s#pFbZO8hQTw^((l%`}FD4e|v1dyQnCR#X&*xxWJ#{fR4{toEP-TMtqDjh5in=
zN&y|vN5Nta01SLwH$h_p)%BJeiyQOd&;o!2AkD-1z`x?bKp*&66yVI)oA64oKP)cY
zgv@N{`=%P-M3^4n*5wbsA2)Ff%XEhV<}uSb00wRYR4kwiUJxBzYRAQa!Uw*Il@O0{
zZi#fobL&a~UR*v_(Dw)gB;#(wB?ag^NKQ=$z!vr*Q!s805DD>v+XvTkggzjGLw5%$
z&i)v@=d@dz+iqLvyQ?v$-2#9lAdUFk?y2Qfvn>z>@v~@<0%D-Q_Zf}=Ob^Rgex7qp
z{vCUX0)W>E0r;7)5*P<I3dlItmNumdNT>z2)s~&lz$|nwcC6cTVUws+o{Idiee!(U
zwbHfL6&cCmHfh;+Kps-FEGTLzK(k`C?=WHvO42|UZ=oQLCK++QQ50)qDLLFh$BNF?
zA}~9wyzv>5TC`#5keA5zou;w(`l|E+G&WGRM2AMQM~E-sZM7>(wFXLp&p&NHRT#PS
zoXJYQ2o@^JS}5+q9}DKQ@OC){0-qYhB+51%GFzGZ`at36V2KdZ>U8yq@Qn310WUuP
zJsH+D^TpSFI@RzdvIG$tTx~VVdI-#wego=yI3jY<ril-(elS{o*4&sso@jzizjytL
z8J}4PY9tL)Fh2fzL1R;+WKq-VYqCYFf?hv+r`9T*e5w(XBNgVTeQaMsvdZw=<!+J!
zLwKe!FD=>1EKf?t_x2?v08kU);XztZZutSy8VYGE-v}CPqt5^2V9OGSULTNbD^s)}
zx=E~afT}yo>pZXUE6K*Jap5|v)yer6JNWVGjvYecJuQHU%Pn`*Hh24tsk2O7IsyRE
z4L<Ie%bHeXA%#IDgeV_xXA`hRtfH8TJJHxN%Vq9eOr~1Tt?j!?3?D6DALhL;TafRn
zVz?c?BD*mw65H@7adV~=fK;u>&+$n02}N$mN0QISY+tp%Ls;<+sA8w6Vb>g2^2`3G
z`>P4eRD`np_=A2cB@9i{S}83!MNrxCO)|gi=?ncBE%!!XBfm~CViwYAhZ-aV_}#-M
zKDgNm7tf*`;QyH2$e7o&y>z2ij=PnBZi3Evt8!Td9wCwEMP(&}S&Dap)lF7rV}wlJ
zVwdA^V2<DcJNxtewqk|Z7_nfVeQWN&$yZK@lP?93W^Y=R3an-F@ca@Qr7WbdOEz-*
zS{sE*3}4`>Y$4<yg3`g`_Qt#HPUp|I5}I}Nz{o-L1<dH0xKBI%qHq+N2L^2=1031i
zIv0DDcyBx4En_>pC(}UvWEn7zS)4uVKJMyrKtsdJMnK*y`+m3$vZ$gH$<qkwU_|zw
zb*e+-{l0(@4Mbs71rcep7O1dxMH%XrQmt{4fB~Lg+kgi(xMRbfb3FccmZu0^zH=9W
z3QhDy&I%pCANe?M*-a$QjYk>ph*VPWT?o|v_Q&bbdpCJdhQ$&6s<XPl=zU^M=a+4K
zlLuV3Je)EAdWn733Y*(?s=vPRroKozQ~Xu|ahx|HF9@#(g28K^#U_QnCkq3H?=ahW
zQmzZX8?fR1_{Val>uHHbq(&_g?0CTvkZcom=1u8V7*57)F6B{nY(l%%(w`%f5jMdr
z(SfbrTMrC~Iu0Nj1X@sMu+4{@ty0VTf&(PWlKF&#o7eL+InTr2YGtKb<y6!v6stK4
zj^9#Do3j?9V(jjmvqEP!O-xu@P$&2on?@sS5x`?>R@SVPJKHJU9UCa$J}ybtH@+m8
zjzn|`M>G~>j0N*bxbGg{;XCj5?kER=A{M%$=x{1eCDT?vz^yVhN3MlzvOvQsG;2fZ
za71-je2Qy3&nVC@lg5vt4envKvKH!9sA!rZdap{Uf7Ead%jNmC(^+4;b~qah^bi?E
z{<hQQ-rjhryLqSs4-hDpmAv@UUnL9$Eyds2E*6MMUX~)6d@-pLYXDjctmRb~O@qdx
z6fsM1Fm-L+VUHWArMjK=V)yUcAr1tziArADCF&(6zW})LwnSQPr)oRa($T7D_2Kbd
z{Lxv_JM%&l#Y3HnUtTo8)BS9nhZm<0uZ%#DyUrJF+gW49M1-vL#++5Gx!-<dxnvXz
zvD+_Os%<n#&@tR*4{we{Bm)d=0&G`?$ku$g8T-jUPn~iY;L{ig*kDuOx=!L`TKxn0
zXUtOTc|gYwg8_@d&L^iw47@Au)@`JciUH|HO~zUgV<nsGkKW7%22`~JZKWJVK8dr|
z7zqhj43t}4^{Z!T4tZ}25D+}J0V8cP%Mux{=G%h40o1nH%}4idZX+d2R<Mw+6{^pM
znfkexop|w#{X~J4$E4;yK7jMk2oM92`OzC=w+jPW63ELNYM&<x+)cjyboQ-t<JU4Q
z!t68x1QRUQq7?+BZ<MW5dT)ss0zHk|o>?y)_Pu1&qHb8#WVNa^S-^GxX^2G%`5gB-
z4FY6am0KumHo}IlOjUJEH9)-{vz%DLudUf8lCpEI*)als?1ATtd$-Ogy~#=t99g!6
zk99Te1Hf~6?*_-342%-;m66wlC#g9Fg(+tBo+b5FI-`04H2Zj~8p$TSW#et<^wKg>
zk88I;rS7aZ4i3>#ZK8ua)#ghIVl6RETj`a~8$DbQ3$oR1JEWTOq*VnhI;^+Rvr%%P
zk_9zpg}lPet)d-ctde3qo9M<S(dsLn>Nn|oGanODA}~wep7$|aG>q3h^=`bKmUX1~
zk;@~q-gnmy%*z)(yzvqL;YhxB^2z+XHX*4)Pg^JjR|Lbd`>YlH_-$%}4RBVPvAcjx
zV3Bo!;7D22b{3EE9Rus7wWPbD)re6%xG~%cpIqFCLdqjDH#QOq1>|>#ytF=zHInV~
zKSodl8{;bDcdPXPOJ&Dcgx^Ui$A`R8+od9aJI_>25<sOxS&IcR_GwY&&RuiLl5NU*
zNv#Tp2zO_1(B^G^+Q91dJj%!_LDB*j-fcA0f1EEE{Cm#a4~=}YL^=<N9hO@@=ZNxw
zqi&~Ol<QDFf=z;g%|a#^y_+BBcnB2%{K3Pa>uGxj#>;i0#n+0>_gddgA5Sje4}L%I
zL?a6sv12doWd+XGV}SSEZ2xY)o|VHV)2{FW)}lI(vuEGoHGhTN=N;F=k^<AzJB;Gn
zV(?L$ic5i`J_Bb9`!y=8=08~=yK*a~s(e=crdru+SKGCk^>P(>mx9SA)&%$CpPb{1
zS~gd#2x9DV$@0+AJ=SLCG=j)gc*#STvw8E&A0aU}+OsyEc=|#%BUP}kQz<T|karbL
zY~{S6?zCuzwe)Q7gZ8=2Lt>3QKG~_GSU*0Q2!Itc%2IxIrA>av!?R(fPtxKQ51dci
zZ7Y$+dWT~OfESnW%G^M8`lh8RXB$=v417oyh-%&(uA9ND!&+^wP;g~#=s2DSmm`<R
zYEkNVcy>XGbP4I)qI!8Z9<{*%o;t@U#hMKPH5xou`xm^}U*R`fjB1+fQB6lRug6$e
z1+Bi}M=~%&3^3<-7!i|!;<r}scvvEi`h5~WdW_hRPqJkkCg*&t)qNxRLgv1=A&3Db
z6u&G#*|>m=?3*oS0IU>3&|?SJj=UsZ^A^(`Fhh%*izATebc`P8`W(e_<`3D07wcEl
zM`SO1qiaJ~#x#Y-f!@)M62Nto7*R3`r@Kz5GvZC1kGX)=Db%7rBpiq80J$+HO3cl_
zVNT2j%xy_*h=FV{ueaKm$8!&c01crtfLbEYW15Z3YDsOlFMWMJ&uUR3pb?Jo8S(yY
zFvIi#?zLA?EJ?fZHfwO4B&R`2LDsFr=m*a8$tY+@-&rYZ`g(rgg#|XCnoym~@a>FL
zUXM-p7nPIDG}gxm)dKX2G{R#Ow64vIW0+s0U6Jkqls0J%B#)$`{{T|vx&qJd$CJn}
zz0gE)Ulp-U;q&_(c_Q|0bgK*?TW^W41D1&K%&P^?CIcd1vh9FxL4)qw49rD7F*#Zq
zzr0U^xbcvQCs}OE%{GuMpKM5TCT;L<@07rX$tk<1qD|b9ep!ULtOz^V%zQjD%tfLZ
zi!U{a$e+W@Cs~rGkBiUYe_)Vt!4R)vR{v5(tQ4V!K^^qPblx;vzt@$IMwYBY9e0$y
z7O~n*Wy`wqtV83B<n|FsjShsUyIe%4!N5?GK#ZM)HOj#@<AsMO$}fZWiRro{3(RPW
zqlKIFi~}P&&5qr46BJXE5JSFm*w{Rj|2SEfX<*^@ShKef2)P-MWWyswF<(?y;9)2G
zo2P2(Ma)YA7A23G+lcVi-R|9lP%+6e0Ub_BkXQ-pf-ah41{jMDGg8H@@dHLicr9TB
zU3Az*y%bo%y9J$t5@}4Jh{X<d0tK(b_tO`gdb|k1bPzwRyI&cpHH=itMl4E6*i|WO
zV2xNRCN+nq5^s&rz(}2XV=gQ&`M@Se&?76cZKJ_$3zwq8Ges)Nm(+$XVytv_JUEeZ
z$iz&nTLL|fq3lQI@gVeX{KnGc+py|*CeC`R$X+ec`iyxS;^c0nMaD+QT~N(G>?>M_
ztZ7I;(z#wjZTC%|MZZ24_s!UiYC`GXkKb}JeP@?MSryr)wu~<sC4V^?9~&U6BrOt5
z6h<Il@Pr3q9efQFd&0F-k^z}ue-VVHtiNgwqg-tiDXFu0Xgk(&hi*a|BdJv@g2%qN
z0Hxu+Or+EeU`hxM01~AL^-`4fnD{o6y|X=j5$ufoWI~pA2fBT&FBMtYScQteLMgBR
zg+~`9Y`aKNM}74QjL<8D+Wuez3^H$ar9_VH8J<cyF?eMtGU%2VVqc|JC(6hQb=r6i
zPG?^M|DRQ*=x_uAF#p#h;h*IPmA{$)BM~D>v5_!zvsNVSe=6f!`@ao!^=8ih=@{z#
zod5d~#X^w{N6p3YgOfU8VXWxSc;K;-ObRVBK_y-TOi=v{I2sSCfeDj{+?-^3@OEGo
z)z9C_@oY>c73>5Pti~iiPC8p|5<U)E5Gj&Ej%H4R22J3<a0PNCDOy^<Df=wZ7BDWV
zC0fveNnu8kEthcEQpj`*ZO$3!5@+8we55$hBt`@^E@%a$=$vaRs^(}xMayYD4y6W7
zG%|=3qOw{QTmyA`Vk<R_YhxElh7WBLoI+KwtFfwDtB8@YFtXHYh+ER%F;n3%($)qc
z7Hj~aFluBdnGV7`51|XIAT@*s8R7wP5QIU@|5j-HgiyG0!q;jhOsyFoH0^e3%;>8s
zr}-AzlLLpg(B_P@MF=%C0Uk+8G`wLD2Cl+k;a{<1+0Dm6EdnW_>_2R2IIJEPWKdQ^
z2l`luPVFnC2^`XdNmBi3q`0q;uI7-go+O<{IgKnNmdS)M2RVeK2r_BqBo&@(?Z}Ys
z3sR#YMI^1nVW-_Y^9el+BStdF<`8=eZO)iLL&Vm||Mrvo&&uDe|8Ns;{wp%RW&icQ
z$p2xaqxW<F_YWx+^0sbxFF$uXkev$E-P^{+2@hg5wY7cq@!Hz9Ubf&;N3SI=pstn<
z=*gs0NK9>QJ6CukGl-qCBO^{<i%JjI_9AG<!;ExcO75X1gH5It$_#}cn`!o&YrcKS
zktAvq8Qwk4O=}@PX~!o_(1Z=LAd%s88PEYGDjZHB3j+YoT(HD~+OQ1Wzvc{`M>~bF
zx2VI3Jm5^8?7iy|FxV_HoU8#_Ky9W*hg(`G;y_NWUoOxbWTh!^3J?{nryaq^ju7PO
zX7A-|O|ZkNg3!xJn@fj=(`1E^q1P89mP8^m7-6xIkqJ{a#8bIjt{LoHBw7|Bbasn5
zf9&bhC~$HYJ&6c|pi$!(WcFLbf(S;?$zeDwoNRpx<O$YtG9w80Wx&qlVWCa5M8jE3
z;JxDvcqk?ra1-i&CWKEgU;-_0dV@aiQ<?zNH3T(3Gn%3Y9D73JAnd{_fwi2Dx(l<P
zV6HuRE2rDi|Mo-i|55oH`yWZA(*7;;|1JBk126W^*#B$vbN&Cvl<DRe1i1#8i*pUD
z0oy8kVT~t@G0oDBofZksi3C-LtSC&Q0mi~<E<zIEBo?GtI=opeVZyx7ATmXEk|GLZ
zx^*=`eOL(~s|6WQG<*tFNTehxKt@8FT@&*B;Vb`d_*?(m%HKTy+*iZDBja264@O_+
z|1{S98UO!~^2PJ72y&+buw1`~M5V5zkQrF?1Y#?6UJH7>>C*sYr&orYB__;x62u;g
z{3pn`Ai^9#SH&+a$}|Hs-S&i7;;E2ZLy3mH8^|75noW2Tig3eJ;$ht6Xi6k^<^T?%
zb=mmq?8A6a9sbI(CU)^O$Qglb)I{vA3rU6@JB|^gTe4ee!3^cFjtAGmyf_#;oUTHl
zrAj~m7!nTe{H5ctbaE(m*)mnG088$`Sd(Bd=1D1#KN+vc<*m)+jJP(F?E!J6Pj|ea
zF56S-Q6L*(9`aGyokm-P!RMmbptLwFjmm%mVj_FOVTx0S_GWM=7tBCzB+Q9@;hTU3
zqlod5<mhl_1Qe?4OoYwQktN!l$Y8`#>7g^oXwYdaH<+ezt9*^kwCI}=8xlofP6piW
zY~X6<%vy9Zq&Jh52<&h0(7@fbMEk&}8D=2dFLt&j_HceyN9cuu#VT5AfD;{<QUPx8
zM1?Ph7|+q#sT%dAkg4h&PG){qZB-6q*!`c$*pmZQ?!yflrb*za8yEsLlnkklE*2z_
zBO__VP&gLBVGXepng}VO<&0p1tvm2}xNS@-2X{c_KMhnkkqS($%~A9jQe3T<{38i4
z-B-9fSbN#|TKjRb8`@jrzfZ;&)ZgxhJHgG%4e#diPx>-J`yWVgBY6EI2@u^^xD)I=
zyzM-_f|l5MIl9??mw@S{Uy%Xl`+^44-tD{CPf~r0vlqeI)zbyKZ{OGa8MI%!19*ay
zyVpO^*Uxlc;SLQV!7s?ui{Rwy@LlYu5`Og#FL7fhxAgoz{h31dZSK~#wuFDe9j5y>
z_wUyIDRf`qZtV?gfS>#K-PK8|Z@1eUdItYVyJ5O-b9b_}bNxrd!Y2F*f4m!H{9L`h
ze`ux>{s;VB>|7nZ9RHC74(S&%zI1OaZHY|sbRP}}QW;vI&}kLbzj~QEMG?cvT#pbY
z<4*tKu+y?tVZS7_rO>%)f)l0-gwsUAX%|7*Rfr5@XmLVSCXA1v!hNly!Kn@()`>}`
z6PfUAAr*eJW3{wGwY0Dtj#${Wh2vT_W-BF{%@X3J5~>PEw^P|DMTanG=2QQLII#iP
zJ~Lyx$Wz>v|0{E3Q{q1uJ@sGWI=y^<{x>~iy`TBten^>d|0m`E{#6<OB>$ta;m`a3
zBg)_0|IcWA|ALHf%>U@?8_t~nHPZk2`;Q+}H2>X#*3_I#Oh1uF{BuHiEi|WwSH#S#
zq2w@1G?~F(;F_Q(N3WvLsqDEPm<Ugef)B}|5G!(IC?^L$l?IbTZ*Vx3F%;v+Mtx3*
z&z?qLpr<!#LJ-6no|s`{Te9ETWFjd7WKf_g^w{WV_yr$FVMa{Q!7T^v;3`uH*(-A#
zhU|uOu`W6M7&J185=J4hI}Sq)Fv-yjsI3gGX=B83I3g23YFHRdN@Uk}<Z$Bj3gpa%
zanEU?zc$M3wL*ABlhZ8rIwRb)i7{b&CXgo=OJc^t7zYXPRhS)IDV6~ZXc!115Wq2*
z2FM_j!6+&nCT9{Uk?bVba7Ah~8@6EDI^#sUtYeuGR64^9bSAE%KwWT%CDZ9dc2BIM
zLm^&xE{X)_o=(kwII*^91WsQvL~|8uDpCbxnb=4bdXqS{I;JpAt-h|At})1YSh+YA
z|FVWp{#t5cxp@kDEB4E)(~x5S;`$8GRxBFssVzsT*h|2ibm|kgdpfQI7n*|eEWoZT
z^mw2-E^Qn+1onGz;1o~=H1`^V0wYqe(O{tpYuM9~Yd}b@H^B+gohTxW20sAgcp_Yn
zeL0HAgp?m%X~$}?Pq3ekN$`c4-Qd)r5$VJzwg~LR4@$5}>?=tcAew#fS@x7+{2R$?
ze=T|n;Y_h1L<X5N3Y_7X5YCyL{VaRhP5MjeYasD(^EE*BK`arQ^p}m94h#(EXP<bM
zRX9yhooGT5=T1`?v`AtC{NP8C84NhW;XY)LqBE$_)5;dWeLO=!_!o5y^n^4vUUCqZ
zP-XI0XDaMk97)^&2ht4ib9{vjQ1sJOjM7vL1r;656qlGOdM?9q>T{t-IY_4P#48aB
zR}>kO3dk18F)XkY6$TWmF}ODdWXsV2*|DA$yz~bVv)cj<8}z@bDl7vEYgEybU4Rvu
zqk)`|5*}-|afR+Ubi>&~pkosq6CLh|v;W~5G)GQN4g<jnjh>?4pGW(@{igljS!Vcu
z6FA`is*G>_{!7=;;7kAir~mgu$_)H>_B+*N68%X>AJo$~)73LGobgUYd*MKi>aan8
z&}bMSh#92d#X)Cx!GYXE8z)yiJPrm^(j#%OTs^(*?VXmYa&WU@gijY38kAj+4a*FD
zXP<^KK-pLsY>bS+fWXga*n!Iem$A=GL5GD;VW(D}0KT44nG1XUMSU)w9Sl!2g<{It
zzZ3z3Sx;7HP`{`$<>fnt>ogcu4v7V)%N&Gi7xqAKhQy3Bc3LDDj2e%J#|m%nV(s9m
z3Tjd(2X3;`Bp&q4krm{?zG^~uZ=zQOH#c~YNwmqjQ$YQuQ%r}`rG1t={n8|)D?JKE
zl9|zj|F*9GEMJxx_MfXp|E`R0*nd5EZfJ)6*ZqnA`eTZ=8d`1Ac&NcnC**@Mxj`$F
z3Pp&J&j&?pu!{<ZwZvE^6><roxHgi?{?#l*<Pu9+4LXve>6DmQI93Ghp@5VOg#)2f
zP$e=V%!)}Sh0}>)TC`Y_CY?gn3W2=f|HIz1Ku1+%S^a~~$C&UFF)*Dbk!}o~bRc{Z
zBA+CLumJ*r5#-Z$I-PV&r@QG-0NFsGi6llapsf59g0i#B$SUKPL5^XAhTkBIGQ+yd
z4!YnZ!m?r15f>zTZ&kg1uO9)FaoydsJgC&Wb#L8!>-%oqdi`oJP%Vb(ou7x7X)>E&
zff(?(ogQ5YEQ_5wgCC=tWG=9~(GgF*0jTOCrwi6R9^V3;)#dk4RT<lKAWk0%D=Hg4
z)iR?8r$t8(bh>S>ASgQ8hA$qN91ly9{DCr%B2RKTOEC?PfXBjDd7NdsvS6jxfF~pj
z)|IE?A$~fyF&a%#YD1SB^qd$i`G776%l`^olG_~6;l`(w&6$_8bgo;U>NaNceFK9#
z$DEz*e&``IlbKD6Tx~fO_JGY$Zp>!3FTUzx%gM=~IsxW=pWV73TeRFkYRb@Hsy@|b
z%nlQ~b8<4$jj+`51_LPFFlerO5O8znq-X1JO;jyWdak=Vd#)Q40|wQR1umy0X2n51
zP;Pfb!FgrmKxw>ow*jzvUnww(ib@--tAwGZ!*pEX@Y5A5Jy5^UBuvlpoSZ2$i;Be3
zmvg0{0qj0ss-AY#Ec9~V$ySt?o|n@L1RfuV<gk6QGhi@N087V@##$OtQ=k;AYzC)c
zD}*!BGM1+bV7blZ@!PTTDJNNt*egNGEh<EiM2iRZP>}_PO=%FFJ%*xGX;ve2iBx=l
z##3&9TVv{6Sa!|T8*_4?>F`)EFD&F-kV%)${u{Gt?}2|*_iB9h2VlYKbQ|!->Z`D&
za;@OLYR<e!mC|suL+yu0v=!e_uLzH;(j{zO!1Zz7RCdUFUf~Q@U9>g?PD_OZEF_8@
zogp?Mtxg<M?$mUlX|U4tIW$qvQ*US^EP^vz-dw_%929<EU)XE2>T-e515-sM9><1m
zmMW{u4qRY{!LmUPK~Fx~oG{vS&e5nb#4zf_=89}DlmQig`v%cri_pq;&ND_TFIL-4
zrL*D1v!^<5O-w5>l2$s3s|9KNXG`hXT`z%U&;Ni$V%7gh?*H5R|1-=(<^F$&?>_&3
ziVFree@@~_==2m=Hl(oIF*huC>=yg%UaOD$=<z69fA}ej&fQ#`%c=h*=x2k|XSXv~
z9G+|I&q5yfqNvARj`5H#_6PhrgW%A|nagflfb)>O99_^T6=iWLM$QhpC_4FcL!?Ln
z=Pc#8TnPq|2C)o&hbQPNqi=1(ERtsA6nT;j3Bh^3$X+TtWfx@@TPyJ8cQ-xc5=<BB
zkd2mjtZx`obdfzA&5_}0=8QD6S!W)Zl{pIj-*CjT*gRZa?!m>n%S^{Y=IG`~*RJ#C
zaSC2BK!g;+(m7qkv&s?he6@^tQK*>-mC7`KADQL|ndTd0nj>VI1)1y>4RNc4c|5s0
zl>JajXDD+)-vA2_EFz=G7V-!@aY@cO%8y8nXuycmhG}L=!c7>sJQWcKBNt6Ah|CHJ
zEGxfgzw(qz#(^$kGl7>N?76is_Cil8hFUjZO{LOGH-_I+p(jY^u(wj2?4(xO^XSbo
zdOT_PrEE@%kqLdV<tEddIca0C17?Gc!W-BTWGFL&Oq$enqR^=+Oa8DyX3@yL>*D2x
z%V!kxNJOIq)~1*cDbRIm^q5EjrUd@bocpt#P+0~GKPNhs9g+%zOK%kFP1yXxpP_{B
zVWfNLOTTt^l|e5gvlo9QEfyYfseF7ISu>%n3Ik;_WXd#)4HSOQ9#8lR41wXMm$Zs)
z0n95V8*d(I#f3+%kskPZ+tQiE(g|!MxJKx1=DM4W-%|^-F?{SSHNf>V9P~6?;W>h9
zGC%GZE@3+v!gLm1pn-a<nf|9Ah5s+FuKYilcXDLhEv{R?|C5oPnSO)+KYhgA-+%uk
z*Yf<L3DUDklte{8x7xf)tsMsO8|>?@WEjzr?!-X!<Y%NCg(1`c4TQ6Bk3mD&8E<%&
zNiSg1YlT{i0Y50)lj9Uba%>#r#Sjle9|Pvc@6{rnrfmisgk(raR}d-}@k)r20iTRG
z2!{a1(2dK$U;ugp$i|=pSSP_vJ0B?PsxE~5X)w2?xypvXk}<g0<oB2|Sb99yy<o~r
zURPWvUS|BnZX5(HgnJ}>h4Lyn9pQ4Yyxlnuoc*F8#6XDcLN_CiKZ1Zw(vQQ3I4q2n
z%?bwp6@+11)LN92K<*>Lk$u}ZUeDoCJbxaC&v5)~4u8e*_%7Z^3BUOqpTY51p&RQ2
zd>on1@sDwS!Y88shSN)r4%Fcvi>0E{<F>FJZ3}@Wuwm5?C){U6*vghLKM$t*3H2Zl
zOW{-tI>-of)ez<^BIS#G&VZeuABa$Q6eXltENEDQL=?g$qT7TNfccnf!BZ23yL8rW
z;y)GttDrHVG4_jiUX}!>^B!#FTAmh9VI_Hn<1a#g?H0${Mx$nRs)2^T2I<|gQULA_
zjMW%JXVGE|9VHfH=qT|RL#OG5F?6)P7(?et#27k`4r7p*j4{ZWS${rsQQP({aBeFG
z{%vzW=;0R9nfVn+>`b`=e^IZ_6x4toso8!Ozl)rLnm7>GeuBcNkpqj=-b`WC%z>w?
zw!cPU)X;%V*}k2^sHww%a3h6LV+Yn}dkuwAbH_-8y%fe0IL0FU7=^JUj)@2tQy5F+
zz%wY@$I{PSv&;PN^Xoqio$Dx`G2L-uHBg*|Khu8hSofq_+x7?$e%06rbx;zzsBT00
zIV)O7A3_?Qy#~12lL1ZJ4!D^$=Wt6Sy;yzK<ctPsBoKQcG1RPnDII{$lT8>k#Mhn-
zUid(Rcm-r)^i4XbyxQhKk9SZ8+(fmilQFIHgh11`AwRZ0FIf$UtuRj7j$ZHVY|W3w
zCU3~s)~l1-qCk=Q{A;1=Yn_3NhWu-sx*4fo0P0Y6Y_DKXNWr<HZ4S$i@<PDo!fyca
zK9Wuc#Niey)6fbmjzA)pu==_nfdof4VHX4$u|PzpXe35;fYEP}krSwS#((_|gsE{J
zCT$r!nQ8YaQg(iaNwj#VH!lmn{nK}0efqL|v5ZzL*2qQVvX>IBDN0sDdv-3o23e+s
zE+*GcZUc(EdZ1Xu)L4%93#iPt&`8B{QxlFNR3B>tWj=+K!(qs<0y8`TDz(4K66!F)
zh}`n8V4*JP8}hFlIIC=!*`^w=ZXjH(V@Re4vJj8~1)#H)fBi9FG*1Dh?V89SDS|;f
zK**!MS8|*0x-9>x+vhocV;*&~7G(xNChcUQgUPe!t+8I?{Z_c3(&n|S2|P&FygLZV
z0Dk1>C2creuV~RgGlwoFw*B#HXXl!bj`p_>c4N%%I8faIx^%#xc*xvY|G}EK2<@Bk
zp;m>YwOEhn>=XJxJ*v7R_=nKJ#5waV^I94blUtbll70Blh5^?^<13wk*w6)a=ZOXt
z+y}o39aPVm*CHE}E_f!i)j-*1!$?%|dG+?&C(#5qJ4keOb~N#ok}kFfh~VRgL31Zg
zczufhmL6Xmi+AoxCrb%)gOk75w~f!yF1^;bD}gSWfFjj=KJDalYo}z6Rq$sSPBv#l
zYAxC}i}|yDBG^}G$JDKa=Nj4o0ArnOBFvV-e7!jzY}XFx68PMl1)&!{FCpLo0d>F^
z@4XPCeSi-ZoRshZ1cSjd7Scf_59-nZu|C9}TR-$l-Yn*e0~>b$1QUdZAxwcVAA%dg
zG6-uSya?g%SBZHNF@HgBZkEmfW}s0w%*5Y89iBcaW2DaD_1S%PmmPf@I>XG;pgRzx
zH0B}Zp+O2}f+=^G!T$yZc;QhGO0tgd)2YchXzK@gKab)4yr;DPP<lLMg3*5+V*R<1
zj|bsOBFx?=l=l({GV2qsHDMz9;HARP@y@0|i@6C2e2DL^d=wM4N<8>O*<D%566a!K
zHzgi5uGFZ&KqhL95|6FdYLsZqfh{==DK!EY8_l3zkJ0@N_*bJsyInICg@&j?<EcXU
z_(&@aI$dS#Z&_Le+RH;SOv6~hkbuu_Pje0(IeZ8r(ro@<n#~t*no7P;J~0vU;gU)>
zu0#i>_Xwh>VQNgLYP8&;8t%Vb4Ml<?zFQCYn-bSEMiut}nA6H+qKb=&c^JBe3U0OR
zRy_<-vtqJi3VV);RpLtaK~jjlMv*|`yQ#DfXj8O3HC@01X+irVMsYRn9>R|arAMAn
z$0~ahXCoz>(iPbctr|jj6VVQ*QDS#f#VC@}l5!qRs;Edydo(F2NvQx4fW$$d8VJZ7
zrG};8a8M29<jQW4SoI_8<`#9sv89Sqgw??@rs|;(6vW2Ly|bau>(=kUmy2=K@Glp^
zAA}-o4GAusjzlbTM3QWX|KRRNO#UU60c$D50UwJU!krVpl;$NSux#w6apMbz1gsUr
z<gof3#8kG#4H;P+@DWpmJ7}u1`*05>0<ZuMDhKJ<jn@?*^s}wRgrC(U=t6b^%2Q?y
zSc%E*u$1Gz1u@}{i5~>8=y98m3bR%^Z6LrCpnn)Qmb26kWH$DT9Z0j61}iL9pVeJq
z_Y0smSc)Im2*XZyxhG6oTI#b`2@w9+M7YQDec$T=)(`0vOMOua;cz2%2|frMh21$F
z^%*I+Pl8{<ypCQ`4W~o9XClxQOYnk!X#`=m57MDMv=Qh!cwPk&eMw^ovx$%n?WZ~=
zvzz4l6%cBVd5{k69zA3lAd#!&0gqU^&gsxz8mnS{A*o!va8illdC=bSs+hecEeAe>
zToO98&+1gnZd3E}33NfuAMHP!GR~@)O((BEuY~Rj&|Lw#W*HrZr4l;yLpDR=JK_P!
zVPDG%2^~&Mi$R&hF66EzVn28e=$-?*D#eX-&q(NEVX+k(E#jnfn>Zb+M17RetRCca
z+a+{;fv)dO=zbxgL#Ki6CURflWkovb`;2D(KaGSA`M)XQhyJFEUGT&38wnlS<sCpb
zvJ1Kv37r8}+J=}&AEm(iFqe;X=v)|f6T0Ih(*K8at<vMMdHj1B9XeHKNkE}4KbO(X
z0=g6lEa3huqpQA$`9tM&N<}1H;=P2FcEK-RMz;*;a=PG`$ms+h?LO$hCuRIF;QB|>
z&B+=_7}Nznp^ple8V2tP4YN7N5^;WslJWZ(3=OX&A);<&7tWW2=4VufFw7)R48x4!
z#xTrU8Rs(wv)(DJ*HqkNJ~j+@r?58+vsSGO!%-AI8;03F;gv8PL*eFC0?c|G&Ib%;
zp7`g&a2$nkd^7l73de62U^ct-4Z{f()`elVA(9-1*%Rer816;kjxfwtzc_9f+=s%$
z!mxCvM7XaEzF!9Slfe(j;6xeRUj`45!9SD1IvJc4(NEOma%ZdzHpt*K8Js19@d++0
zbCl3tD`j|G776X4fcDrz#P(1?d+Z`&dnlki&{0MGu@t_Kybp2u76IRf97BG!qP))_
z9$R~J`IjK>C6RxX@O3|zkAj5$qk#U?M-i!y9_@lUk-xk?Mk*p<uMA!ca2e<q;Q6Zo
zJ`HdqheH56o>Xg%9IjJ{{ZXOpN!BUE`XkEAojVj_e^e-YlXqnJqY5@YguR=STpwYt
z=^VhRygn0@eaK~i(buk__*me{=!LzgUK|$oqLP*3`0WAXcd#;YZ)&ts9KXmf7wLh&
zlfxxSalFJs{a64-|Grtl@MT<{u(!2BDULTCwExo_FYI-_s1)ai9xy+=%<;nB*IOJG
z_P#!l$^R|Dg+hL1EI9}8SP8ye8M#;XpPZktR~Dm++$-zH=VW28ELA1y9}oJE;&@^2
zY_eny*Fmt#U}7zG4x#IW5@Ir?`Iq?1>|Q@zYo*y;<!N-s3vhfDgb~{PaC@igeRL{H
z_U~{V=MMzS%YmiEk~?GSbW2fT$qb7Hpu7lZQf?T)*I-=sfW6F=Ibyh(cp=Ih1teu2
zONGl*YIRxY>ce6UE+%wUVkrw&RxS|)<WI>H`3t~=>EkBnhanUu+>2aoVXk-TW)OZf
zgRk!r`Vud}w{wXlZ}yaNlM8b}9M-Xg{*1z6cb5@MLDAIl<BBX(Crl{GpJACXZhTR`
zC6bI)q@~<zaV+ASo@2*~+mcWMzsJIUXDsYwf=U*;fa6=HQhMAkjmS?|eQc{VBAv?>
zIZ{H41y*z%N4H9E*gTao!8IT!X1lf#5~zx7uU1Sq(~a5)Iy+rTLZu8JIUHZUvUqKl
zfFtN$U@BcqXf@Kcwlojj=an**t;pG)u&f?MWrdyO2!csfmg)8iryrKzxh|{U4=YyL
zUiJUwOY;7YBT(kC`TrX}0rkVb|1)%0#<08J|M@Ad8`~d0ruO5?xP$LMWkAy1_Wud4
zuG`<`sqo-28b6MVTmSyUoStEpw}0mFjJv=8_(`sU!U-csSn;g$ZxDo~Srs8q5K`T}
z`?9F0<sOe`;lhPgRaH+s@x=1w%N2?mwR(kC8;Xfp6&JVi-g|4~;+{-MsO{5dbwWa2
z@7_<{fB#ec`aRvhe?$NNYm$=IrldTh*Ego5tTP(dr=~uenfbigydg7lli9p6D{FIB
z*48m&UKl@qTVCFa<Hv8$&u^ME>7|JiUoI+oY4YTq#l^pvG2?HiP5Zk?9{JVm*}r`B
z(O2fq{nh;WyB~Y(Rhw;3Ma3Sc^YzCcf8FDG+vR#=;lj78s`do}dzUQPw{+?L<;&k&
zwru~(l`Cs&YwPOj)~;RK*x0yX!-g$ew!HAd3pF+GH8nNu+_`htu3fu#?|%LD*WZ5o
z?Y(>V?%%&Z6gsea^*_|tw=^`ozjo~hjg77A*B{!j;mD><M>lOcwr$&oO-&!}*zu1$
zcb?p}>!V$}KHk0icdx$s`#pQ$|LHg1{AAz0Gw;58rlqB&wYBxgkt4^B9cym>!^x8;
zPn|k-`t<2DXU-fraJIGe-&$MG9X@>S$dU8MkAHsR#2-KUsQuKbFHWDn@X03^&z!mR
z>8GEbKY#x0+5h<Bi!Ux+y7bv+9iM;xWn0^q?d@M(y7cGEmoIm8eDn3!Uw`@Kx8Hno
z_1ka1y?XUK$!7iC>&`FS3??`hi1s=e6qPvfwe1H&+Ma{w9(t{*Wp(_(Nn0oG+3|iu
z-=UBH%b`6lwLYWEeJZi=*DoJ_)==`xxrcwf^XT*Gwj)~$dp5ni<yr6V-soFDttsnC
zZNGj84bvwTW<Suc|HOh7CF&CGgmJ|$A6hqVK*FXZUv9U!haT@2mACng?E|w)*6U_x
z)h8s5tBu`Ld9`Fp?+L2@=1tQpOb2r^bXx7$jjz>2XDc^k9#W6%Vf34_)~`Hh+)&q8
z6{}5uOcDBU+kGy#cjqeuq2v3?KJFHmmp4$kc)*EGZ?zqd9sXX;u%SJ+4lJ56Vac<_
z>sFJ!`47E1@1OlOy)(}AoffZIaKsSx^gEZccWM5lIofi4bwzx0!SUydcWf;`?1)}z
z(CpWFrgXmLJFh&QI>kBh&E|rB>G#d|AN{8Xo1+Gg%BWqQoz(kDmnv?SrE<~syn>mv
z7e^e9QRdCsw(4Be!U2WT6XP|DGV^!*S9{+9)<o9*J(ETfS`s=UgwT8ME%YW3LPron
z2u(@|AVpBRiYOfwm5u@`Vga!sprTko!2;+a7DU}$EGU+hF9Yb}x_|fGeco^X-}5~j
zpGR(H?m6d{GiUCZxpRKz8^i^LA7scH)MkqbP1g521v^>U!H+u0-`@ZWE2R5a@<{hd
zZ4@J1l-y`cedLXwrY*}bU8he*7U1j)rPmcoW^+k1DH(9?)F))5SRpYBN1xGnRDyo5
zK`Rpv5}^vT*q1((47`X7q`}br534hHdVNru>9H4A8#`mfcf+v#-MdjZy#Z2SeLp~J
z&p}mg9?Q{9ui>hn$|2b(4uYFu79W~`&;4mu=Rs{#t8xh=3NF36a?O+RU6;~yBLKqF
zu?t&D?x_EiR(Q*1RXEev>H=6~{b&Ohg84SAU_?`imR-P-wUoftbT_BPtJ(s`#jS(x
zS>`<|{2Aa%9aip$8`pgX7!Zpo=!tfDVzT-vt6M?@rsu)BN!aseA-H%@#ykXFD0UVm
z)TQcZx4bs9N7zicb;Gsj^2{IuQrX#59yQxa!R3c?$Ib0_6ixMzCPv58DltTJ5vi?h
zJ&B_q44HsY5+VooTt_;)`t8>Jab?y*DqXxNds0?UL9NkBz&jCf0Zh=Z*BOv>JkXwA
znc;ab?a}$JmFE7^qfL!j3})_U+Z-a($Fg7-`OR?l&56~~xiG_JQIB>IJ)85q2f9Pj
zHHj8NJ}Fik__T!HpfSoqswr_<1{4b(E5DanTw;+S+Q}qki#Q2-aBPlXh`jDghr;cx
zFP_$J79?}{&8#exPI=T%-q3+0TRdqRepAeOd5?)sUoF1S`jS2YVTZLU5n6pq-)1d=
zYQnWH?b>ckASiw^RHdKyu!eX#kFp5$t%Y3%{=<iCzN?6>j7}A&O!Rcz)^pgIB6+bI
z$+csygMeLI6n7xEIUP+60cu`M)<|Yv<g?)_0`Rg{1Y)50l+~K5SHb;~d9A>tg}PqO
zDG=mp-pDV$Q5mr+GUxN1Ix3RVu-87UX5AYs87Im@C<ICquwih^x8!tlaKIK$Do7Ug
z-h~y80ueJ~7NcF-`RLkkj8FG*d10%M=q?_CyJNp1s$seMwP;zcO~+65+9+x4gB9#V
zQ%~SdAkjb=XOW}5U01CVHlLi!pJ83tgL?Ab0U#FIpBI}{6zaxGQ4f24yg1df#ma&w
z%nFTF?(5TSk4Y84G(>et0el;+aOfl<i#Pqvo*xFt#rY4VUsU(_V5==SlPz<lEs)}h
z(rKK}eI?FVS8<XLZv6a_Mu?+0Wb!|V!Mnmz`Cp;Ags*Kgv$zcu`rsLla~%W=cU#m~
zBR1*7z_!m0cB0Df&xcpOPH=c3J9fpO`|S>zBuie(Dm6=J@_@2Is+C+Lst`=JK_~>I
z<IY};gJ-lO!T70-(#Dh(;X$!!rdTqcaYdnRWOaR~W-y1a{)SwZl>=8DK_@G;LH+QX
zq>_Gf*sMXii5P<r=v`<3QpeB?74GV1%qtXlN%>XMgS}$rd6c%Mo9kb_@yZ<qh~pgY
zQq(eok#o;1xiYfFM9(4iYgar-F=%TUw}l1Wp}t4eZWPgeRi7&jS{f$e45hpFaAa7a
zf-dP=t^)Dv`{9VZw;s=t)rgQrNpqNacJ{qJnYD+~L%7G$(%FNOOm!HIcR=12sRRV#
zK3^os_h0Y1n^4Y$E=2~Bv(?gRoF?*MviBV+)KgVS>sEKm=CLdOtmj^jHvKFea@nT!
z(ok3q$bb5ljo}&+0^^Znw=A=+P)EMaV4zGTszE`g>xPbd^xBbWuBO}^<B%G;T~;Ew
z71no}6FXJ*srY`ht2|Y~iyhlPAT7@CbhaV!#B=UIt7Khsq4Qpy5mMKM2J`Uwo(Ip|
zXlRMD)Ezr2qIoj+P<7YEBVENwGrRFAts8HnKrE%Y4W5_2<tLFQFm(*&c?Tv`5t!w%
zJHZ$Xi?zuu4$w&5ZmPK|Mh=;dy5E1W``CbGd04e6*g?*}a3l-8^@Z}RO`D{vUC(C=
zUHhx@oHN!R48}^VUvp%Pju{<22eb5>x*dZA!k+9qtGUbqsiP##<DM3^vEh@QW$)b$
zctg*_<pRL6UABY>VHj_EKeE(m99Ob@2cX`Flhz-Qj0*e3oH-maYcX?ry03stjOs9S
z8NX(%`z$_f+dYu^z*vJ!>WklvleWXRVTk)l7C-xbRH?{0Tz*7%GBUI_HeJ~eAg6Lr
zfO{C)HJhyTmpB4O>XEBtP9cmYcc?itulMSUY1gCS{?&)>e=vgKKxx6EjX+xYs@I+Y
zNeE_CjxY@TID)P^z31s{^VNYPsAC6Wuj(&z3@ndYNe0H`qXGwFC9xL!Ge4i<eyG;7
zG77xF3YA@Tdi;iLY`iq*=^8Fwo=}9s$H?g;5|ytocbDDvH+orSGX)c8cJtVo=kXqr
zPtR)3ZYw=~wa>qdg*hbFn;DcL{2|a4&SO4iv$`u*Pje%m3Zli)Y5dyWPhp!l5gbW8
z#fcn;H=1~7@Zzi1d_+9Qn~RaRk)wJxEc^UyWABNdy#=?Nz9-`AqSnJ@meh?tg$B-L
z$yYy7%I34WkNa6UnAaff*goqkYckN4`?$RaPd_hvWG~F%B&hQbqHq%jpZjYk3)jJJ
zrQzfXy(AT~e|ak6PdsXoO4ut=h<aiZdx+DD3+TGKcdJ?4r|fje&Z>*c@;|5Vm$E6D
z(yHv72@sgLS*HhR>GQT=oCQrEULha<Rlj&TveS;go0~5-dnI?~#?8kZdJpNz!@{fw
zbWzH2_8&6%pX({WYHZY>i0#Pc_hhD5O#|7jxU4`#)?55a886LVP$z^=($C}vz@v}i
zRfo*s06?ote=P}G4I%+DFhT&t$HLK%fPnhg<qTV?0S*s$?a3Ve&6I4Lq-<+p%$h>0
zCp7+bMA%0vcm{<z0gs0jq9$I#jY;xCIK-=Lew47+QS(TZ2bsd<D-R`v9F_(tGPrfE
zsKi18FERqwodoMjv@1fd=|Zh7G)M%(N^l&WQ@Ue#K!-y3oKx+GdC9Sblo0X+x4%5b
zDj28P7`pGasV+{1t`5kz`WUwZ+^rfU4Gxahj8}XJm$#rI6Q<Cg*D{mW(g>q$ln^XL
zrgtqXPDe*n!!mDxiq$a9K^@o>m<PiY1DI@elnhZGPDboFi>k5^r)5REb*<&fKs>Z^
zR+Dkaxv}N`%oeUJF_AHFIZ=2&L0(u(n7bO3=mK{JX&jXXC8|O1y`cXF9F>9)d5PL^
z9%nG&J0PqGQ&`vg&iUybmD)E_IV}I$jIEsnz<Dn&zZ%F3!`m_=IR`RUA;|(ZKBu+Q
zB!bi)bvtoMBAXlVdFOD2fcguMR40bXWbkKe>6@k!OeahcLU<El-4wtYa%g|7A}cG(
zOIG#c$K1Mu*VkLyS+5l+qrM?HPD#Tq>~+b|kY?4iCS?-un7;m#7RF1x>|BENFGC87
zIUWiMN|@I5WStD*x9T?sZE6TW{6%ZN9WD|@2*-Y$T@8}LM^1aRihBn#q77lEPDm>$
zdGCQj1Zt>bR+l|4K5h-rt35pm9i`1V(zgYqRD*#R-1)PuuN8p;1P{KxGHvth?pq}w
z%9uc129CiRSs^79v~3>&U6)yT++w;r1=mUwCE-GYbxYFGnmBp%@d{e9Jq!nrn%QYH
zhG-|@Vq5c<_t4M0DVZk7lRo1@apuS!$%L$QfTE5MC+{9%Si9ZWzO{JS$xI(UJaYX6
zA+r#00q_Pv9NGYQl9aamE-8r*z>(o%a(GHQkO}Z5FeCVD(1Gm9KUCF$7oFCusnt}5
z0ifa(@}VsLm)PnvcgtWk=nw!QGiJT%h*Czef2IW}10X`wHy!rD<xK6CaL}r}$q`bG
zG)sqTjKP$<U}{XbS-Mf0x2MhroNM}aAsIUjU!1lBUlbE?q3qPF<qIA#ae0Hlb|o80
zqHh*48L^T!z@CqI427b?$Z!lvtUoiU8kvG)23DxxF%j?gzz0z1Ktv3=VGn}Cn&PrX
zv4~m-q~zujJSYe(5t$&`2=7Mk%^|pvkxl0sc_fkcV<;Czd=3Tqz`9A;oWms$fng&2
zKH!RQ%~&?evnF8;^jbq)Rytw@4(XP@r-Z`cK}Nc^BE+AiQ2S9kE;UPOBPm@7+rq#N
zdE1<E`+J7>U;D7XU-ZC@XLu0&`gzzA{mb;{&;P!FY5aF|{KfM>Egik@pa1DDegFHf
z(CnSrF#zXaV{ZfP+y(5||A5(XE^m8FO9%rCO6Ub`z6H4KR)j~#z;FN%6&=r_+FB63
zeSC==*8muR0Z`D^NE$tk>EvbuZ9)X>tu2Xh>`LG2dV6brE6Gh2I|_Tm{~qD#OjbMq
zfY63ZtzbqRon6jmmm?G7nb2`)gC&2^YN!l@Uaa%8*bQWtq3tyMq4Q<sxjOS@GE@$Z
ziVkL%p*Ayvqk^IGId*yDngnQvJ{;OepSvcUk;pC&vdhwu2~pwf@(jcq#h}Fj00P<!
zBOTA6hq23$!E&+Osg~@rF#w>sLKl^T7M15V+p_7~{O1}52Kq!hMq(r*K3;_a<z8R~
zLuv1swCH32nD6r(5umXpvIkjL!$4P8Mf02Q^?!KsKO|^w=S#0$=eMT`UitmlpVf=0
z1pxhN_Sh8uek^DQ036E!0O8@^k4aYp055yq+OIF_k04|(i$J8q8FW>8*djfDS>ZpR
zMfy}BabJfA%Jnms-31yq2+R?J<z~|8P~xCJ81X-5{PT7wQyC!)2pg9{^kiEZ^xc<b
zOmuMgT&|Sx=>KUF{~_BSXx^^b#8>|r;15s*aM$?(_|I1W1Ro~=_p4-|0l&`M3XJF6
zR%b7XiFv!9qd(a|2!l4!!s5b1=lCqC?hwSmn)!19U>cw0b2|f(02bf{_yG|>9FPL!
z0Tn<K&|}~K$$&NBz+PLq13thifDVKKQ2+}_1X6(vAQ#vS6ar;H1yBXl15H2+a2PlS
zoC3OmUf?p&4-5e#z!>ltcn(YfZ-I|&N5%nigM6R}C;`fVN}wjF51NA3;0llm`hbC8
zC>RYUfT>^>xEU-4E5I7C2|NTI2fM*OZ~(juJ^&}dSKtR29L5FXhb@Q6!qi~;FmsqA
z%pK+r3x&nPQefGzt+4H|TG)PAJFFXa88!qPgFS~$!vQ!aTo5h^SApxpE#WS3Uw8<d
z1z!ixgO|f=;VtkJ@C)#p@G<xc_<IBj!G|CsR1ii8JA?;<j)+C9L*yeW5RHg-#5u%G
z!~?_>;xm#PDTY)+8Y1nH-pEj7A~F|Qj@*N6L!L(tAs-{(qEIM7lpIPAWry-XMWEKA
z@=?1{2T@(90n|g(GzSNV2!|4f35N>@jU%2TmtzOVevUI7H#i=1%%C~Z5@=1d4cZqS
zjm|`uqnpv4=o{z>^hXR1BZD!-xL|@Y$(RC6J>~@FI_5FvBNmU9!<t~-u@Tq|>~?Gm
z_B?hJ`<j!Jlf-Gj>B<?-na;VLvz7BA=L637Tm&vfE=w*yt^}^FTzk2?xbAYj=H}*>
z<tB6ca>sLT<!<6W%YC1FhKG+wmB*eZm}foDPM&t28$7@8Vt8eE&3RYxrtp^Y9^t*t
z`vQl-$>J<=G~7DePTX<aZQL}T53hlD!AIfq@y+-?{8Iu4L6%@m2qt6`>Ii2E5BcDH
zQhb(tbiORUdcN~~kNHvja{TuE5&WC^5Aa{(pAsMlXbX4>Bnj*kI4v+H2p5zUv=@vN
zED$^_cuVku&~hPjA%@T<p%$SVLhpo^36q5x!g<06g@=Sch!91rMOKRxi5wHTCyEeN
z6m=C%6s;6JFZyB`|1zUx^ksR=4lf%PgNZ4MQN`AZ)rnmZn_e!y+;%y0`Htmhm%k7f
z6eo*Eh?k0Yicd=LNtjB6OO#5Sk$6TFAes{+iQ9?ih*Oecl6H~_k~NaoBtMemNFJn2
z(m~QaDXf&fRESimRFBk@w1l*ibgJ||>0ud+jJ`~m%r=<|GVf&NWW8iJ$R3k@Dkm&w
zFP9>>Pi|D6Ti#4QR=!q#PywZ&udrHSw?e-nOi@QMOmU~;btRaRu2Q(tZlwWbq_Tl>
zv~sQTZ51vRbCoqJ`&1sN3aYM9%~U<6`iq*hny*@s+6A@G>N@I?>h<a)8UzgojZBRb
z8m}}JHR+l=H3zl0wQRK3YjtS7)K=1FXjf|A(c#l^(%GQXqw|}to-RwbMR!t9S}#y<
zm)>oCetn95zWzl6q=ALOdV^C2?+tYg;|&iR{%WLRwA!fI=&7-sF~hjt_@N2Ogl1A>
zGG<CN4K%Gb9W#?OqnXv3jgzIw!Q?&U33CPW2=o2szgVbSuq@gv-dP%2rdf7b!L4kq
z@~o~|6RbU~E3EI^kZeM2_SsC?>e#Ne?XpAKIocK3-L_wDPq%NfpK{Q1NOL&n$mQtf
zSm8LnLU9Fa#R(^vlY>)<)2OqIbF}j@7r@2drNrePMUE0nIq8aWrMT{NeL~fsrcy7s
z@wo-KHM_law{S0TAMud)Nbu<K<n{FPZ1Q~PW#v`uHRi46o#uVnN7N_Wr^A=S*VA{8
z@AOLRm1Qd*`|0@Q`rY!E^H1{cTP3<Ga@FYo-T+#_kw9diS73ACCz=bbmNp$^AG9lI
zif&2YMt>em4lWIzWSB6D851EUA;lq2Lrp?ULMOw_!pg&5gj<GJgujfii>Qitx7ua(
z-qo{_UXcf*&{2U=$D;|+tE11wh{q(w3^0|Lxy-Rx!`QOeDV8H^PaGKMAJ-Aj&t6Pj
zNsv#-NqDfvbj{8+Gl`ywN0RVK(Mea56_Yn5Po&tSG^|CerLXNtl}yb@eUN6JR<jOV
z7qqTtz0~^b^^enS(;G9e8LKm{W~yfvXTHhu$~uv~JUc!6VUBIizFeMMR_^T$MjNU&
zA~uF^ytYYe(~eD_^Mdm(ZC2l0zWGx=J^#`cjV;@^%x(?YdaXdWpt2BE7+rX)$gHTb
z7+;)H{IJBSq`j0_npgU!ETF8fT)Vt#8+Kd5wz2Iiws-81-ch*YQ$<+C&`yh;2X~3>
z+O+H4?%>@wD#?{CRm-b3SAD1suf9`bThm@ETU%a-s#{a{q~5dsLW6!o(;m@1oA>;-
zH+t__Ben5dlU`F(vsiP%KG?p5eUtnB_V*vKI?&Og(o%C!@ZjcFpf#cO*`dHgw+=fV
z?m41=q~)m0(OqqPZF%irdvg2Kv9M!f9X=fc#~qIMoG?1kc2f1^-cypNcAgeEUC@c`
z%<h~$lX7Odi`n&}JGA>@Pe9MeS?{xh=UmTSJMVb@Vy{i_*$d_u&RjIPc&g8^@AxJC
zOUEwjUT(jlbEWO7&egVSy4TvT>s{~YH|RexU_8)y!|X=)O{<%|gZ6`$hn$B7Zh73g
zbKCFs*qz`zPwz(FeL1{l_~S_WC~`FK9`0WGeX;wsKPmila7=gX^aHC0SH|7OM;_82
zK7SPV=+oouC)`iUCnP4Co@zclHEA>1|7_*6$IqG1KfcKQ8UORHU*vx|`YZX@D^uQ6
zk6*H0&c4cjE%JKr8|^ne)0FA^Z=>FRe3v&PGSm28|NVszULPhtCVt}hwEZ`Q-%fmX
z{5(1vH9I>y0$2iQ6p90dM6>Tq7z`TA#m~*f$;l-`;N#_AE-E3uTvSYqD6J|-Bq>XY
ziOK6JD64B|Yimo$8JOs68mnq)YeGUm3<kr+$tBFqEv(6QmYRQ?X1f498lVEvaF7JR
z@E{xy&Ypwz&V$Is>5$l=4IF{w0MRh^Ssfez!r^cj5{85$=JwozFgOB0;!%<s1al5P
zk}HirLrT*kwkD|Pkbod{K#SGQW)lSgIQWgwc{UXLoD?2_!9WBI248#<k03~Dn7bnR
zG-GRKhXF1)$ZjGW510Wp>t63U=%xGka`MH)!m&QwkEMTYH<=viJd+{lu;Wz~6G_Js
z^XVcZC9XQi;sMb&;}xat0aT`Nufx{$8rRh2oi@9@YH&D~MqFoisrXggiS>`bW&<t9
zOA0L|+0SbqsizO;UAH4&NMn1-C+8DiKaq_(Jt%^97E6uf>wL66Z`*^Ae5EYe2~{n}
z*Zc^^sjbyiGm7~8x{eRULopp@kx#w1?;cEH`CUkB@@nlB_bHAzcYKde$=;x&mv-`S
zlpZ>nBfSeL#x>sb!f;0;ue^O;&S9UYlfCO)M#l@L_aAK_v~X!mw12c@5DO^31<*>~
z3RJors#R(~U*jJX1S`(ouV$2=|Mto8Gvrd=RAfpV)jsIj*)=l<Fmcic6fbE4zQ@dH
zBjc5W!(D!LnwRk-Q5PSZmla!NT-evH;ny)NoVT4dQapmZfE)G+@5#hDqbGL1Z{GVN
z$}jldkSNO=cY7uxfj(%`nkZ)!n)f1SPlrrP|CKb|YmF9}Es_srlHb&rY<jPM{eIC)
z!emHDu$*rcXWDY7j{7_qv5C{J-Vg3ISeM_vg??E@R8a+UD!X9o&uhfo+~hy5q}PPq
zj30d;4Y=$mnE52G_1gbr|EU?w(VIdhey{aJRx~)~9(3PkqHw{ea>jJXvZ-OuOP!4`
z8k|RaF8QbG3-a%uDmJK{H1y@uUDr{ys#N$hi!S7_gL-0P-#h)@pR|_~lp7P1+$vu=
zaMsr-81sMJ(rWhXq_T?UO_!%WJogX0eSV6eEuIjqmNq!-R`n{@=0o1~z?+^kPdz#f
zUW*wuRo8h9N9f#79Sl(8)-5|JCYd`T%vEP#aBV_g;=Eq+&3Bxox4q;w6w(iN2Uk{R
z{NnP`+L)`ZJ3+~byi@9WLaSHNCG%e^nvaItzxDTRin1phI810WnAp{E={jh3v$YPW
zc)r<^dz+Y-1K)8SIn5EP()JtF?Cct287bP^{RQWgR)od`cuhZ}jcaCS<v*-MMf`g1
za@|$myM6|j!g6G2Dq>}OrD8vNdgwB4Jx|!Wp(@1<P5IOZnj7@}*6~^C7^ku-9CP{5
z@zwdi^+b56Xbe*BU@=57zB5mVJZ5>Pj?Sz_y`&Rn0TC40VY`nfe<{7>g-h$t{#nt^
zEgP5lA5uEpCdGB4%03pp3kGr+SAKH6+T&*;(XjdHR;#1~>E$={M`#XD1jJr(`kpd6
z<}<FR8mHiQu1Se{Vsi$TBYJmZ4CVd->izOT?@OA)0S=qDyxRY$OrmmRyrfh8G&5D!
zI9B*@=YFNZZB$+fR94IFuoGJYqepwj9kxGpdmtxiyCr=zc30|c*{)&7^sQGTXMyDV
zl{q5QvV2bO51JOL^9IXB9sfz&zUk=EmFJ%s%mOP431`Dq`<`Jea0Xox`?jRl9>CP!
zxhcpjA5C!XEZs(JA=tKFc(>2-MNW5n=W~@N=O%qS$F#Md@|N|~RbFv;jlC^v=W&K|
zpj~7Y;q2x~D$0oO`iltN%z>8cr)^Vc4tJytOQ(^cX_*_MGR$HsT83I>Z7a*JZdtxT
zTCU0IXd&jOm^&}8M*5n$+*7`_GRWT%n|iRt;nx1b%w077U%U2<%8p)CeTs3h6Ncw8
zdNV&3y;5{&HK@7j)a-q;(t<0LVYgOV^WvpUTSYUGu8#xv-GtFOl!%!`gYv^W>D|Zh
z&$^A&K156@?nWIt$-Qhv-s1<1Uh|-UA^nHHNugisMph<YBR3xUB(nWn?|>?`DryvY
z;?f7lwYy%JUmI$ZzS&gsPBXe=qV}NE9oM~4Rpi0rn!*-m(5B`pdk@<H!+ZT695WpL
zl<51KdKBmSD>X+SDRp#JKJsT?-G@mym3HfqikL=)X|>mpYn};DNL=Ng<i!pjGZB1X
zlDWfPA=dsii&E_pdo|)7+@R|!Gw;{qSxN?7x9wcS-&d>94#?h_Q02oFA9fwwz+dxj
z#Asl!YZkb1{LMYnH73jbLehUZVRB*A`u=lc166}(kuryl^?rI+d%)*Wy{DaTsQu2%
zF8A7$Jx)Aq<_vG+>oPzT{M;todwOM=K+olL-3xUMQn6d_?9ZJTXWSop(mFi&&^(ED
zqu4N)l{_lC|L{)-h1T8;xl?*l)m4!yCMRN4#&;*yV`arfE&eIt=TWO3WuFt=R$5-}
z;tFTkM#gznVDG=4@=EI{Gm#C%1fM+aC{-{bC->3AeVJ|li2Eu|ArD79;dK*c5-Zi@
zB-h&QwXY=4EN|n>aUF3rJ4R{l4MJQx3TRm)omo55_i9`C;BgQ6(lUTrZQG&!L7F$^
z_2}KxgT6KKA3Qv^Toh0_meF+Sipa!Dt2b_a0?Qk+s72I75xMUB74J#A59UxlZrbB{
zy&@<$S1dlhECuB}wBskKXZPG5HC(jM5eS_HL~mIX+c-OH03N<S;4uVJq&srj>y<Lq
z!yl~UPIz@F3pgG&S#bYuxU+#w{h5J5TQarpQ{ArEzPcyMy7$Cyq7)qDI{6Jx9m!Dx
zii*14?#qgbJ(-`Z@kn<>`FMfa<-W;o4i4kuw8qu05$+ai=tp+MpBQ1_Z)n}<tQ+Ot
zB>b!I(BVpw54CnQBYe2_WzuQg*DDTm<M^9I-ZY#o<XQVF?9ADngYRP*ItF#OhOZyw
zh}->?(@`TqG((dzQlRPoDOC>B$Fb|J#BT>|`p~{L?^nki7$Uga#9kXM@o2YKX?(W2
z^!}6N&$>;g&sk8;Uvt2f6c(OtEUOYYcri@Ierp>NKInS!0zcBB{Zgaj(PZY}O7Z%u
zlHzLjZj^U#l8_`Hur#e1P4zfgsnf`xX0lgUYTuPa0|}ZB&zhDjxAOA6W3@vgk1I2e
zCJiytR@4TEYn0YJ_q^obG7|S&V=wO}(N(@ZcotCk%p!dj5P0;a!&bmltfA&yWnG4M
z%gj?#dbjV3oB~1d%Q>b3J$kzZ-JGST2nQw&$LtJr9ygxo3})81ei-gy7MIZlbb0f<
z?l^*diiP)C)X8h>KIL`2(R0j?538))eyTThT><%WMd`$l`wh9Qq9LD8W`t_LQrxe8
zi5exhY@O3Gnw%r_C)R68je4xU;lv#1%zHLcChdGWB7<A8K)}xZO#kp!tyv(R|K7cQ
zSMPDJc%}XXHX<h@H4D%V8Ju6Uw(!yYWgSAJSm!&!T_4?gA4gafm~at|@)HmlZ7Bki
z!~UEG7fkB6z0r*7mC|~wSz2QzFy!*NnRiuv!7t4;-!1vCnrm-3_TLy9JQ3pIP^Ne*
zwX2ER;K%ng&UtT^Lz$8S&xK`j#y2Cho2aUnF2A((mD^XbeWV3UZ{t0!=srQ-vHSuL
zt4(6`=6PG=3isv#kt(EZ+Ewiai8zNcS3>CQ-T(Qy+`miTzyG1rBIyZ{wD=g7Y9#Z&
zqT{dd-*hy-!~fOLSla*nuaL0}7V{O8G>#TQOCn)0Sj^Xq-BAgV@!`zKWcegzVzL4j
zgIP$|okUb5CSx&B;%0XBImWp}BJv8q|7Il3fj7#Nz6c>Hf0f6s1|_bZt2h4@TL3*W
zoDm%#0JVk@$7Y+)TKy$I_`D_=Q{%Ass7O<+aTtRZY>LGg$A`y9GEAN3#fCFj#%l9N
z*r(>fQK6E|mnOx9#Uutq(ALoA&&ewoVKFkM-}E>*Cg4jW1L#5WDGJ23>~4R7T!lVF
zvyNmyMT=znV0lssNkMfEX_#n2Okqn)`=5l#&kIshBeF%zrL+%;i4112h)@<3_K7uY
zGlT}2ErTrqlf;(yKPpZ7q7<r}{G*!5i)$tYd^4TOf9R{ieDjUfz78DLSZ#isje}x>
zlcA9ek7g#YTc6Bin2?~iSfsh;o3L9%3=f|BGpEgjq)8$|dGt(3S|m1~;tyDp=UJ1#
zvTA+9YVrftlzG;audLs2e!~`&5FZ~C{e^K3T;eO2<$}v&ux%d`6U{b6`f3x>H*;t7
z#STMgk#P(ows>Q;`7vP+(VRv8Z(qs(jQ-^P{{m9)e^19>;(x0D5&um`T~}wx|Nk3g
zENSIp>Fz_ZCPG$Bq<C1Yu(u?VRMgbGv@F%stlX`L-gfRzD~KAZ>O{AARyaLgP0iXF
zLMkAV7QK;8)KZOMg{rwz)si4V8W86~Q6+AUO*J?^7`kk}@!t#X+lvuNkBMSH=`80l
zXC%M6@h=|eiwiQQLm==hb|E|}lo-dNLwFdAzgZ&@)gbX2e=3xH7;7IwOpZyIgUn_z
z<}mE$vu!eIp$ugR?2Q!@9cpSUW3m7XtvU}(%=XXW5U#O2$<3PTX-y4qbFp#vGN)RT
z6o~BGlG*|vHjEZW3}UcvTyY6>IwLMFBmv3>x&X^L51gDl_ojFb&_vZZh&9*X`9C(S
zn5cQ!Z>Wh7nma3jEeYy|F^w3;VuU~rFfJZ~qBeyJamH#iQ&r-(Qhwi7@C8y`kErsy
zfJM_bfB7@#an_+3B$<ATy$*^0B3$k3(Eoqo`j!azGyfkM6T|$ky8plO|LU50e_a1-
z>uG5%`Tu`|zIDe$;(|lAw6%xOSs+^=LT=_ecl^a0Gfl0N81#gA2m*_^kSQ^SsXPze
z6qF1lZ>A@(pv@}D#07uFWV6Z4!DofDeYb`(Q42Bx_F9zfMzPQ#qI7C_sx;f{sLj=c
zAe3a5oX-Cp`u_S~xV`)rb^OKkucQ0j{!eW^ohAJDe}%rg{$+m0rJ7&;&|_j&hcn{l
zR($iQW1-=y?8}?=JCYRy>-SA%_L3<c5-d+zKu}{x{$JP>=2_-(u4KOVDBn1sZ+%aY
zsbx%bJS{vLif`Hez|`=|(nMx1^*K9cHX%lbM=m@$fI?`EIaJZPViHja`Z@1Stdp4R
z)eYN6eTm&Q*qWi`-MkZIna;J+I6in@bP|NFHjmx)rK{}FQhw!1Vo)fw^N(dhVljeA
z{{9LJ3QQLU#+)9XK#TmUg}tgwl39?g7C%4YYVmVRss-)euH@KVwuxay5$&KyB<z*y
zT&J<dA<(fX_87;oqhDrB96KPU%{_2fv^vCk#4S8rFeENS!t=2&GzlbP6fG%|5gi&I
z#tzlhzl6=~k|~x#i;GK)VFmwzjmbVtS_r0@3srt3=9}m{E+Hr?JpOCIO<^~g$o~C@
zS}X?JZoXEc&i#Uh2I{UU))P7$XGnzl1vP1YIDa=s_6>zZk}*{#e(AuX3Q&W;RQP^~
zE$6Lvu|<8aWU+aNGU9(XZH0NkP!RA(!ESSr1JQFKbofTYytxsB*bQZ{%}0Yoq%$HT
znY3UiA~7N9kiJ+V+Xzkn5OU1f4s;x9TYSts{+s-N8m`R8D-gHZyrKU=i?g}YKhgm4
z{Xn{{xx2NOxle$-v%59b#@zDn>G+QOulqrvy12Vox~%voefh%sA82u*y8j~$Y`z~z
zr&_yuSi89gI9a>fxmf)z1>ds%KnH|k$R1D|m%k<cE7xC1cBh&<yRBf)+uv*cA9#N>
z1C~^Kiu*sX*WdYmAe}vkRG$DhcdEU!?cWl=nDK`*?BwEZ9bo6;_V?^(5#L`+H@C8)
z{uAjC-(O4r+qS=m?+4P&Js=D4q5QpB{mS*%?e<__ga4%65Z_-*x3{u({zt<y$M^&J
zmM(1P=j{IXhh{P3e;|K_wX?0e-9OSW&-$H?@0T~GR<wA=w`({P2xT>xeOO-M&u*sn
zQM6FT!io@LTX_CwLR$RA8tHpJt8f+s5e#7qf2;2+tS+=thzyBSosU%GgV_x73wL!a
zaq)VOWFHS<`aq8iW1t&5NmVsiRh2X^kp!)5p|JJ~Y!4)oElWOF0Sayxi;;~Eienlr
z{+}%gVp}9^ZiT#PweoHF`@bDGEYT7z(Go4u5-rgZEzuG!(Go4u5-rgZEzuG!(Go4u
f5-rgZEzuG!(Go4u5-rjHJM@15)U9Gk0I)FtbP8{Z

literal 0
HcmV?d00001

diff --git a/httpd/kepler.patch b/httpd/kepler.patch
new file mode 100644
index 0000000000..dbab7e501c
--- /dev/null
+++ b/httpd/kepler.patch
@@ -0,0 +1,64 @@
+diff -Naur kepler-1.1/launcher/cgi/Makefile kepler-1.1.new/launcher/cgi/Makefile
+--- kepler-1.1/launcher/cgi/Makefile	2007-04-21 06:41:49.000000000 +1000
++++ kepler-1.1.new/launcher/cgi/Makefile	2007-05-16 22:13:38.750000000 +1000
+@@ -16,7 +16,7 @@
+ 
+ 
+ $T: $(CH) $(OBJS)
+-	$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) -L../../lua-5.1.2/src -llua
+ 
+ build: $T
+ 
+diff -Naur kepler-1.1/luafilesystem/Makefile kepler-1.1.new/luafilesystem/Makefile
+--- kepler-1.1/luafilesystem/Makefile	2007-04-21 06:41:49.000000000 +1000
++++ kepler-1.1.new/luafilesystem/Makefile	2007-05-16 22:06:25.546875000 +1000
+@@ -12,7 +12,7 @@
+ lib: src/$(LIBNAME)
+ 
+ src/$(LIBNAME): $(OBJS)
+-	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS)
++	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua
+ 
+ install: src/$(LIBNAME)
+ 	mkdir -p $(LUA_LIBDIR)
+diff -Naur kepler-1.1/luasocket-2.0.1/src/makefile kepler-1.1.new/luasocket-2.0.1/src/makefile
+--- kepler-1.1/luasocket-2.0.1/src/makefile	2007-04-21 06:41:49.000000000 +1000
++++ kepler-1.1.new/luasocket-2.0.1/src/makefile	2007-05-16 22:36:37.125000000 +1000
+@@ -47,10 +47,10 @@
+ all: $(SOCKET_SO) $(MIME_SO) 
+ 
+ $(SOCKET_SO): $(SOCKET_OBJS)
+-	$(LD) $(LDFLAGS) -o $@ $(SOCKET_OBJS)
++	$(LD) $(LDFLAGS) -o $@ $(SOCKET_OBJS) -L../../lua-5.1.2/src -llua
+ 
+ $(MIME_SO): $(MIME_OBJS)
+-	$(LD) $(LDFLAGS) -o $@ $(MIME_OBJS)
++	$(LD) $(LDFLAGS) -o $@ $(MIME_OBJS) -L../../lua-5.1.2/src -llua
+ 
+ $(UNIX_SO): $(UNIX_OBJS)
+ 	$(LD) $(LDFLAGS) -o $@ $(UNIX_OBJS)
+diff -Naur kepler-1.1/md5/Makefile kepler-1.1.new/md5/Makefile
+--- kepler-1.1/md5/Makefile	2007-04-21 06:41:49.000000000 +1000
++++ kepler-1.1.new/md5/Makefile	2007-05-16 22:06:44.593750000 +1000
+@@ -15,7 +15,7 @@
+ 
+ 
+ src/$(LIBNAME) : $(OBJS)
+-	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS)
++	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua
+ 
+ $(COMPAT_DIR)/compat-5.1.o: $(COMPAT_DIR)/compat-5.1.c
+ 	$(CC) -c $(CFLAGS) -o $@ $(COMPAT_DIR)/compat-5.1.c
+diff -Naur kepler-1.1/rings/Makefile kepler-1.1.new/rings/Makefile
+--- kepler-1.1/rings/Makefile	2007-04-21 06:41:49.000000000 +1000
++++ kepler-1.1.new/rings/Makefile	2007-05-16 22:05:28.765625000 +1000
+@@ -10,7 +10,7 @@
+ OBJS= src/rings.o
+ 
+ src/$(LIBNAME) : $(OBJS)
+-	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS)
++	export MACOSX_DEPLOYMENT_TARGET="10.3"; $(CC) $(CFLAGS) $(LIB_OPTION) -o src/$(LIBNAME) $(OBJS) -L../lua-5.1.2/src -llua
+ 
+ install:
+ 	mkdir -p $(LUA_LIBDIR)
diff --git a/httpd/proc.c b/httpd/proc.c
index c65d0998e0..0e4b3e5262 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -26,6 +26,8 @@
 #include <string.h>
 #include "axhttp.h"
 
+#define HTTP_VERSION        "HTTP/1.1"
+
 static const char * index_file = "index.html";
 
 static int special_read(struct connstruct *cn, void *buf, size_t count);
@@ -125,6 +127,10 @@ static int procheadelem(struct connstruct *cn, char *buf)
     {
         sscanf(value, "%d", &cn->content_length);
     }
+    else if (strcmp(buf, "Cookie:") == 0)
+    {
+        my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
+    }
 #endif
 
     return 1;
@@ -138,8 +144,8 @@ static void procdirlisting(struct connstruct *cn)
 
     if (cn->reqtype == TYPE_HEAD) 
     {
-        snprintf(buf, sizeof(buf), 
-                "HTTP/1.1 200 OK\nContent-Type: text/html\n\n");
+        snprintf(buf, sizeof(buf), HTTP_VERSION
+                " 200 OK\nContent-Type: text/html\n\n");
         write(cn->networkdesc, buf, strlen(buf));
         removeconnection(cn);
         return;
@@ -164,7 +170,8 @@ static void procdirlisting(struct connstruct *cn)
     }
 #endif
 
-    snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nContent-Type: text/html\n\n"
+    snprintf(buf, sizeof(buf), HTTP_VERSION
+            " 200 OK\nContent-Type: text/html\n\n"
             "<html><body>\n<title>Directory Listing</title>\n"
             "<h3>Directory listing of %s://%s%s</h3><br />\n", 
             cn->is_ssl ? "https" : "http", cn->server_name, cn->filereq);
@@ -347,7 +354,7 @@ void procsendhead(struct connstruct *cn)
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
         {
             /* A non-executable file, or directory? */
-            send_error(cn, 404);
+            send_error(cn, 403);
         }
         else
             proccgi(cn);
@@ -388,7 +395,7 @@ void procsendhead(struct connstruct *cn)
     if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
                                        cn->if_modified_since >= stbuf.st_mtime))
     {
-        snprintf(buf, sizeof(buf), "HTTP/1.1 304 Not Modified\nServer: "
+        snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
                 "%s\nDate: %s\n", server_version, date);
         special_write(cn, buf, strlen(buf));
         cn->state = STATE_WANT_TO_READ_HEAD;
@@ -414,7 +421,7 @@ void procsendhead(struct connstruct *cn)
             return;
         }
 
-        snprintf(buf, sizeof(buf), "HTTP/1.1 200 OK\nServer: %s\n"
+        snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
             "Content-Type: %s\nContent-Length: %ld\n"
             "Date: %sLast-Modified: %s\n", server_version,
             getmimetype(cn->actualfile), (long) stbuf.st_size,
@@ -491,14 +498,15 @@ void procsendfile(struct connstruct *cn)
 }
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-#define CGI_ARG_SIZE        14
+/* Should this be a bit more dynamic? It would mean more calls to malloc etc */
+#define CGI_ARG_SIZE        16
 
 static void proccgi(struct connstruct *cn) 
 {
     int tpipe[2];
     char *myargs[2];
     char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
-    char * cgiptr[CGI_ARG_SIZE+1];
+    char * cgiptr[CGI_ARG_SIZE+4];
     const char *type = "HEAD";
     int cgi_index = 0, i;
 #ifdef WIN32
@@ -506,7 +514,7 @@ static void proccgi(struct connstruct *cn)
 #endif
 
     snprintf(cgienv[0], MAXREQUESTLENGTH, 
-            "HTTP/1.1 200 OK\nServer: %s\n%s",
+            HTTP_VERSION" 200 OK\nServer: %s\n%s",
             server_version, (cn->reqtype == TYPE_HEAD) ? "\n" : "");
     special_write(cn, cgienv[0], strlen(cgienv[0]));
 
@@ -574,6 +582,12 @@ static void proccgi(struct connstruct *cn)
             "QUERY_STRING=%s", cn->uri_query);
     snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
             "REMOTE_ADDR=%s", cn->remote_addr);
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "HTTP_COOKIE=%s", cn->cookie);  /* note: small size */
+#if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+    snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+            "REMOTE_USER=%s", cn->authorization);
+#endif
 
     switch (cn->reqtype)
     {
@@ -585,7 +599,7 @@ static void proccgi(struct connstruct *cn)
             type = "POST";
             sprintf(cgienv[cgi_index++], 
                         "CONTENT_LENGTH=%d", cn->content_length);
-            strcpy(cgienv[cgi_index++], 
+            strcpy(cgienv[cgi_index++],     /* hard-code? */
                         "CONTENT_TYPE=application/x-www-form-urlencoded");
             break;
     }
@@ -610,7 +624,11 @@ static void proccgi(struct connstruct *cn)
     for (i = 0; i < cgi_index; i++)
         cgiptr[i] = cgienv[i];
 
+    cgiptr[i++] = "AUTH_TYPE=Basic";
+    cgiptr[i++] = "GATEWAY_INTERFACE=CGI/1.1";
+    cgiptr[i++] = "SERVER_PROTOCOL="HTTP_VERSION;
     cgiptr[i] = NULL;
+
     execve(myargs[0], myargs, cgiptr);
     printf("Content-type: text/plain\n\nshouldn't get here\n");
 #endif
@@ -626,13 +644,14 @@ static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
 
         if ((t = strstr(fn, tp->ext)) != NULL)
         {
-
             t += strlen(tp->ext);
 
             if (*t == '/' || *t == '\0')
             {
+#ifdef CONFIG_HTTP_ENABLE_LUA
                 if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0)
                     cn->is_lua = 1;
+#endif
 
                 return t;
             }
@@ -652,7 +671,9 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
     char *cgi_delim;
 
     cn->is_cgi = 0;
+#ifdef CONFIG_HTTP_ENABLE_LUA
     cn->is_lua = 0;
+#endif
     *cn->uri_request = '\0';
     *cn->uri_path_info = '\0';
     *cn->uri_query = '\0';
@@ -739,15 +760,6 @@ static void buildactualfile(struct connstruct *cn)
 {
     char *cp;
 
-#if defined(CONFIG_HTTP_HAS_CGI)
-    /* use the lua launcher if this file has a lua extension */
-    if (cn->is_lua)
-    {
-        strcpy(cn->actualfile, CONFIG_HTTP_LUA_LAUNCHER);
-        return;
-    }
-#endif
-
 #ifdef CONFIG_HTTP_USE_CHROOT
     snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
 #else
@@ -794,6 +806,19 @@ static void buildactualfile(struct connstruct *cn)
             *cp = 0;
     }
 #endif
+
+#if defined(CONFIG_HTTP_ENABLE_LUA)
+    /* 
+     * Use the lua launcher if this file has a lua extension. Put this at the
+     * end as we need the directory name.
+     */
+    if (cn->is_lua)
+#ifdef CONFIG_PLATFORM_CYGWIN
+        sprintf(cn->actualfile, "%s/bin/cgi.exe", CONFIG_HTTP_LUA_PREFIX);
+#else
+        sprintf(cn->actualfile, "%s/bin/cgi", CONFIG_HTTP_LUA_PREFIX);
+#endif
+#endif
 }
 
 static int sanitizefile(const char *buf) 
@@ -851,7 +876,7 @@ static void send_authenticate(struct connstruct *cn, const char *realm)
 {
     char buf[1024];
 
-    snprintf(buf, sizeof(buf), "HTTP/1.1 401 Unauthorized\n"
+    snprintf(buf, sizeof(buf), HTTP_VERSION" 401 Unauthorized\n"
          "WWW-Authenticate: Basic\n"
                  "realm=\"%s\"\n", realm);
     special_write(cn, buf, strlen(buf));

From 4d8f9ddf2c74db7d2bf8bc491b64c98f46397504 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 22 May 2007 12:23:39 +0000
Subject: [PATCH 078/301] changed some of the scripts

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@97 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/test_dir/some_text.txt     |  1 -
 www/test_dir/test_variables.lp | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 delete mode 100644 www/test_dir/some_text.txt
 create mode 100644 www/test_dir/test_variables.lp

diff --git a/www/test_dir/some_text.txt b/www/test_dir/some_text.txt
deleted file mode 100644
index 041831f7dd..0000000000
--- a/www/test_dir/some_text.txt
+++ /dev/null
@@ -1 +0,0 @@
-This is some text.
diff --git a/www/test_dir/test_variables.lp b/www/test_dir/test_variables.lp
new file mode 100644
index 0000000000..c1ac332f02
--- /dev/null
+++ b/www/test_dir/test_variables.lp
@@ -0,0 +1,14 @@
+<table>
+<% for _, var in pairs { "SERVER_SOFTWARE", "SERVER_NAME", "GATEWAY_INTERFACE", "SERVER_PROTOCOL", "SERVER_PORT", "REQUEST_METHOD", "PATH_INFO", "PATH_TRANSLATED", "SCRIPT_NAME", "QUERY_STRING", "REMOTE_HOST", "REMOTE_ADDR", "AUTH_TYPE", "REMOTE_USER", "REMOTE_IDENT", "CONTENT_TYPE", "CONTENT_LENGTH", "HTTP_REFERER", "HTTP_COOKIE", "SCRIPT_FILENAME", "DOCUMENT_ROOT", } do %>
+  <tr><td><%= var %><td>=<td>"<%= cgilua.servervariable(var) or "<i>not defined</i>"%>"</tr>
+<% end %>
+</table>
+
+<p>
+<table>
+<% for _, var in ipairs { "script_file", "script_path", "script_pdir", "script_vdir", "script_vpath", "urlpath", } do %>
+  <tr><td><%= var %><td>=<td>"<%= cgilua[var] %>"</tr>
+<% end %>
+</table>
+
+<p>

From db9b72d4dd847925b6b639490085601e4b1259b4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 May 2007 06:04:58 +0000
Subject: [PATCH 079/301] added lua bindings

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@98 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/Config.in                  | 16 +++++++++
 bindings/Makefile                   | 11 ++++++
 bindings/generate_SWIG_interface.pl | 12 ++++++-
 bindings/lua/Makefile               | 55 +++++++++++++++++++++++++++++
 4 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 bindings/lua/Makefile

diff --git a/bindings/Config.in b/bindings/Config.in
index bf916b13d6..12a696ba8b 100644
--- a/bindings/Config.in
+++ b/bindings/Config.in
@@ -86,4 +86,20 @@ config CONFIG_PERL_LIB
     default "perl58.lib"
 endmenu
 
+config CONFIG_LUA_BINDINGS
+    bool "Create Lua bindings"
+    default n
+    depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32
+    help
+        Build Lua bindings (see www.lua.org).
+
+menu "Lua Home"
+depends on CONFIG_LUA_BINDINGS 
+config CONFIG_LUA_CORE
+    string "Location of Lua CORE"
+    default "/usr/local"
+    help:
+        If the Lua exists on another directory then this needs to be changed
+endmenu
+
 endmenu
diff --git a/bindings/Makefile b/bindings/Makefile
index 19c896d2c0..8874159435 100644
--- a/bindings/Makefile
+++ b/bindings/Makefile
@@ -37,6 +37,10 @@ ifdef CONFIG_PERL_BINDINGS
 all: perl/axTLSp_wrap.c
 endif
 
+ifdef CONFIG_LUA_BINDINGS
+all: lua/axTLSl_wrap.c
+endif
+
 csharp/axInterface.cs: ../ssl/ssl.h
 	@perl ./generate_interface.pl -csharp
 
@@ -55,9 +59,16 @@ perl/axTLSp.i: ../ssl/ssl.h
 perl/axTLSp_wrap.c: perl/axTLSp.i
 	@cd perl; swig -perl5 axTLSp.i; $(MAKE)
 
+lua/axTLSl.i: ../ssl/ssl.h
+	@perl ./generate_SWIG_interface.pl -lua
+
+lua/axTLSl_wrap.c: lua/axTLSl.i
+	@cd lua; swig -lua axTLSl.i; $(MAKE)
+
 clean::
 	$(MAKE) -C csharp clean
 	$(MAKE) -C vbnet clean
 	$(MAKE) -C java clean
 	$(MAKE) -C perl clean
+	$(MAKE) -C lua clean
 
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index c5a7916b71..e21873d5be 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -121,10 +121,16 @@ sub parseFile
     $module = "axtlsp";
     $interfaceFile = "perl/axTLSp.i";
 }
+elsif ($ARGV[0] eq "-lua")
+{
+    print "Generating lua interface file\n";
+    $module = "axtlsl";
+    $interfaceFile = "lua/axTLSl.i";
+}
 else
 {
 ouch:
-    die "Usage: $0 [-java | -perl]\n";
+    die "Usage: $0 [-java | -perl | -lua]\n";
 }
 
 # Input file required to generate SWIG interface file.
@@ -313,6 +319,10 @@ sub parseFile
 
 #endif
 
+/* Some SWIG magic to make the API a bit more Lua friendly */
+#ifdef SWIGLUA
+#endif
+
 END
 
 # Initialise loop variables
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
new file mode 100644
index 0000000000..771c1acb88
--- /dev/null
+++ b/bindings/lua/Makefile
@@ -0,0 +1,55 @@
+#
+#  Copyright(C) 2007 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: lib
+
+ifdef CONFIG_PLATFORM_WIN32
+TARGET=../../$(STAGE)/axtlsl.dll
+else
+TARGET=../../$(STAGE)/libaxtlsl.so
+endif
+
+ifneq ($(MAKECMDGOALS), clean)
+
+lib: $(TARGET)
+AXTLS_HOME=../..
+SSL_HOME=$(AXTLS_HOME)/ssl
+CONFIG_HOME=$(AXTLS_HOME)/config
+OBJ:=axTLSl_wrap.o
+include ../../config/makefile.post
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L $(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) -laxtls -llua
+ifdef CONFIG_PLATFORM_CYGWIN
+	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsl.dll
+endif
+
+CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
+else
+CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`" /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
+LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
+
+$(TARGET) : $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+endif # WIN32
+
+clean::
+	@rm -f $(TARGET) *.i axTLSl* .depend

From c69e63f576288ed1a31e62ca95d9ce89fa24a25a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 May 2007 06:05:53 +0000
Subject: [PATCH 080/301] new tweak for java

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@99 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/test_axssl.sh | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 37ed0b1933..7628eea216 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -24,7 +24,7 @@
 #
 
 if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
-    JAVA_BIN="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin"
+    JAVA_EXE="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin/java.exe"
     PERL_BIN="/cygdrive/c/Perl/bin/perl"
     KILL_AXSSL="kill %1"
     KILL_CSHARP="kill %1"
@@ -37,13 +37,13 @@ else
         KILL_AXSSL="killall axssl"
         KILL_PERL="killall /usr/bin/perl"
     else     # Linux
-        JAVA_BIN=/usr/java/default/bin
+        JAVA_EXE=/usr/java/default/bin/java
         PERL_BIN=/usr/bin/perl
         KILL_AXSSL="killall axssl"
         KILL_CSHARP="killall mono"
         KILL_PERL="killall /usr/bin/perl"
         RUN_CSHARP="mono"
-        KILL_JAVA="killall $JAVA_BIN/java"
+        KILL_JAVA="killall $JAVA_EXE"
     fi
 fi
 
@@ -67,21 +67,21 @@ sleep 1
 ./axssl $SERVER_PEM_ARGS &
 echo "C Test passed" | ./axssl $CLIENT_PEM_ARGS
 $KILL_AXSSL
-sleep 2
+sleep 1
 echo "### C tests complete"
 fi
 
 if [ -f ./axtls.jar ]; then
 echo "########################## JAVA SAMPLE ###########################"
-"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_ARGS &
-echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_ARGS
+"$JAVA_EXE" -jar ./axtls.jar $SERVER_ARGS &
+echo "Java Test passed" | "$JAVA_EXE" -jar ./axtls.jar $CLIENT_ARGS
 $KILL_JAVA
 sleep 1
 
-"$JAVA_BIN/java" -jar ./axtls.jar $SERVER_PEM_ARGS &
-echo "Java Test passed" | "$JAVA_BIN/java" -jar ./axtls.jar $CLIENT_PEM_ARGS
+"$JAVA_EXE" -jar ./axtls.jar $SERVER_PEM_ARGS &
+echo "Java Test passed" | "$JAVA_EXE" -jar ./axtls.jar $CLIENT_PEM_ARGS
 $KILL_JAVA
-sleep 2
+sleep 1
 
 echo "### Java tests complete"
 fi
@@ -90,13 +90,11 @@ if [ -x ./axssl.csharp.exe ]; then
 echo "############################ C# SAMPLE ###########################"
 $RUN_CSHARP ./axssl.csharp.exe $SERVER_ARGS &
 echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_ARGS
-sleep 1
 $KILL_CSHARP
 sleep 1
 
 $RUN_CSHARP ./axssl.csharp.exe $SERVER_PEM_ARGS &
 echo "C# Test passed" | $RUN_CSHARP ./axssl.csharp.exe $CLIENT_PEM_ARGS
-sleep 1
 $KILL_CSHARP
 sleep 1
 
@@ -106,13 +104,11 @@ fi
 if [ -x ./axssl.vbnet.exe ]; then
 echo "######################## VB.NET SAMPLE ###########################"
 ./axssl.vbnet $SERVER_ARGS &
-sleep 1
 echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS
 kill %1
 sleep 1
 
 ./axssl.vbnet $SERVER_PEM_ARGS &
-sleep 1
 echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_PEM_ARGS
 kill %1
 sleep 1

From f592df2e1ffa9872f511a7991752492c7c46e615 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 May 2007 06:08:19 +0000
Subject: [PATCH 081/301] added lua work

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@100 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/Makefile      |   4 +
 samples/lua/Makefile  |  31 +++
 samples/lua/axssl.lua | 535 ++++++++++++++++++++++++++++++++++++++++++
 samples/perl/axssl.pl |  11 +-
 4 files changed, 576 insertions(+), 5 deletions(-)
 create mode 100644 samples/lua/Makefile
 create mode 100755 samples/lua/axssl.lua

diff --git a/samples/Makefile b/samples/Makefile
index fbb31149a8..fdbdb99709 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -37,6 +37,9 @@ endif
 ifdef CONFIG_PERL_SAMPLES
 	$(MAKE) -C perl
 endif
+ifdef CONFIG_LUA_SAMPLES
+	$(MAKE) -C lua
+endif
 
 clean::
 	$(MAKE) -C c clean
@@ -44,3 +47,4 @@ clean::
 	$(MAKE) -C vbnet clean
 	$(MAKE) -C java clean
 	$(MAKE) -C perl clean
+	$(MAKE) -C lua clean
diff --git a/samples/lua/Makefile b/samples/lua/Makefile
new file mode 100644
index 0000000000..3c90813cf9
--- /dev/null
+++ b/samples/lua/Makefile
@@ -0,0 +1,31 @@
+#
+#  Copyright(C) 2007 Cameron Rich
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+
+all: samples
+TARGET=../../$(STAGE)/axssl.lua
+samples: $(TARGET)
+
+$(TARGET): axssl.lua
+	install $< $@
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
new file mode 100755
index 0000000000..f1d9335868
--- /dev/null
+++ b/samples/lua/axssl.lua
@@ -0,0 +1,535 @@
+#!/usr/bin/lua
+--
+--
+--  Copyright(C) 2006 Cameron Rich
+--
+--  This program is free software; you can redistribute it and/or modify
+--  it under the terms of the GNU General Public License as published by
+--  the Free Software Foundation; either version 2.1 of the License, or
+--  (at your option) any later version.
+--
+--  This program is distributed in the hope that it will be useful,
+--  but WITHOUT ANY WARRANTY; without even the implied warranty of
+--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+--  GNU Lesser General Public License for more details.
+--
+--  You should have received a copy of the GNU General Public License
+--  along with this program; if not, write to the Free Software
+--  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+--
+
+--
+-- Demonstrate the use of the axTLS library in Lua with a set of 
+-- command-line parameters similar to openssl. In fact, openssl clients 
+-- should be able to communicate with axTLS servers and visa-versa.
+--
+-- This code has various bits enabled depending on the configuration. To enable
+-- the most interesting version, compile with the 'full mode' enabled.
+--
+-- To see what options you have, run the following:
+-- > [lua] axssl s_server -?
+-- > [lua] axssl s_client -?
+--
+-- The axtls/axtlsl shared libraries must be in the same directory or be found 
+-- by the OS.
+--
+--
+local f = loadlib("axtlsl.dll", "luaopen_axtlsl")
+f()
+
+-- print version?
+
+if #arg == 1 and arg[1] == "version" then
+    print("axssl.lua "..ssl_version().."\n")
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the basic options.
+--
+function print_options(option)
+    print("axssl: Error: '"..option.."' is an invalid command.")
+    print("usage: axssl [s_server|s_client|version] [args ...]")
+    os.exit(1)
+end
+
+--
+-- Main entry point. Doesn't do much except works out whether we are a client
+-- or a server.
+--
+if #arg < 1 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
+    print_options(#arg > 0 and arg[1] or "")
+end
+
+--[[
+local build_mode = ssl_get_config(SSL_BUILD_MODE)
+arg[1] eq "s_server" ? do_server(build_mode) : do_client(build_mode)
+
+-- Implement the SSL server logic. 
+function do_server(build_mode)
+    local i = 1
+    local port = 4433
+    local options = SSL_DISPLAY_CERTS
+    local quiet = false
+    local password = nil
+    local private_key_file = nil
+    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] eq  "-accept" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            port = arg[i]
+        elseif arg[i] eq "-quiet" then
+            quiet = true
+            options = options & ~SSL_DISPLAY_CERTS
+        elseif build_mode >= SSL_BUILD_SERVER_ONLY then
+            if arg[i] eq "-cert" then
+                if i >= #arg >= cert_size-1 then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                cert[i] =  arg[i]
+            elseif arg[i] eq "-key" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                private_key_file = arg[i]
+                options = options | SSL_NO_DEFAULT_KEY
+            elseif arg[i] eq "-pass" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                password = arg[i]
+            elseif build_mode >= SSL_BUILD_ENABLE_VERIFICATION then
+                if arg[i] eq "-verify" then
+                    options = options | SSL_CLIENT_AUTHENTICATION
+                elseif arg[i] eq "-CAfile" then
+                    if i >= #arg >= ca_cert_size-1 then
+                        print_server_options(build_mode, arg[i])  
+                    end
+
+                    i = i + 1
+                    ca_cert[i] = arg[i]
+                elseif build_mode == SSL_BUILD_FULL_MODE then
+                    if arg[i] eq "-debug" then
+                        options = options | SSL_DISPLAY_BYTES
+                    elseif arg[i] eq "-state" then
+                        options = options | SSL_DISPLAY_STATES
+                    elseif arg[i] eq "-show-rsa" then
+                        options = options | SSL_DISPLAY_RSA
+                    else
+                        print_server_options(build_mode, arg[i])
+                    end
+                else
+                    print_server_options(build_mode, arg[i])
+                end
+            else 
+                print_server_options(build_mode, arg[i])
+            end
+        else 
+            print_server_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    -- Create socket for incoming connections
+    local server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => port,
+                              Listen => 1,
+                              Reuse => 1) or die !
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)
+    if ssl_ctx == nil then error("Error: Server context is invalid") end
+
+    if nil private_key_file then
+        local obj_type = SSL_OBJ_RSA_KEY
+
+        if private_key_file =~ /.p8/ then obj_type = SSL_OBJ_PKCS8 end
+        if private_key_file =~ /.p12/ then obj_type = SSL_OBJ_PKCS12 end
+
+        if ssl_obj_load(ssl_ctx, obj_type, private_key_file, password) then
+            error("Private key 'private_key_file' is nilined.")
+        end
+    end
+
+    foreach (@cert)
+        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, _, nil) #arg= SSL_OK then
+            error("Certificate '_' is undefined.")
+        end
+    end
+
+    foreach (@ca_cert)
+        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, _, nil) #arg= SSL_OK then
+            error("Certificate '_' is undefined.")
+        end
+    end
+
+    while true do
+        if not quiet then print("ACCEPT\n") end
+        local client_sock = server_sock->accept
+        local native_sock = get_native_sock(client_sock->fileno)
+
+        -- This doesn't work in Win32 - need to get file descriptor from socket.
+        local ssl = ssl_server_new(ssl_ctx, native_sock)
+
+        -- do the actual SSL handshake
+        local res
+        local buf
+
+        while true do
+            (res, buf) = ssl_read(ssl, nil)
+            if res #arg= SSL_OK then break end
+
+            -- check when the connection has been established
+            if ssl_handshake_status(ssl) == SSL_OK then break end
+
+            -- could do something else here
+        end
+
+        if res == SSL_OK then -- connection established and ok
+            if not quiet then
+                display_session_id(ssl)
+                display_cipher(ssl)
+            end
+
+            -- now read (and display) whatever the client sends us
+            while true do
+                -- keep reading until we get something interesting
+                while true do
+                    (res, buf) = ssl_read(ssl, nil)
+                    if res #arg= SSL_OK then break end
+
+                    -- could do something else here
+                end
+
+                if res < SSL_OK then
+                    if not quiet then print("CONNECTION CLOSED\n") end
+                    break
+                end
+
+                print(buf)
+            end
+        elseif not quiet then
+            ssl_display_error(res)
+        end
+
+        -- client was disconnected or the handshake failed.
+        ssl_free(ssl)
+        client_sock->close
+    end
+
+    ssl_ctx_free(ssl_ctx)
+end
+
+--
+-- Implement the SSL client logic.
+--
+function do_client(build_mode)
+    local i = 1
+    local port = 4433
+    local options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS
+    local private_key_file = nil
+    local reconnect = 0
+    local quiet = false
+    local password = nil
+    local session_id = {}
+    local host = "127.0.0.1"
+    local @cert
+    local @ca_cert
+    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    while i <= #arg do
+        if arg[i] eq "-connect" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            (host, port) = split(':', arg[i])
+        elseif arg[i] eq "-cert" then
+            if i >= #arg >= cert_size-1 then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            cert[i] = arg[i]
+        elseif arg[i] eq "-key" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            private_key_file = arg[i]
+            options |= SSL_NO_DEFAULT_KEY
+        elseif arg[i] eq "-CAfile" then
+            if i >= #arg >= ca_cert_size-1 then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            ca_cert[i] = arg[i]
+        elseif arg[i] eq "-verify" then
+            options &= ~SSL_SERVER_VERIFY_LATER
+        elseif arg[i] eq "-reconnect" then
+            reconnect = 4
+        elseif arg[i] eq "-quiet" then
+            quiet = true
+            options &= ~SSL_DISPLAY_CERTS
+        elseif arg[i] eq "-pass" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            password = arg[i]
+        elseif build_mode == SSL_BUILD_FULL_MODE then
+            if arg[i] eq "-debug" then
+                options = options | SSL_DISPLAY_BYTES
+            elseif arg[i] eq "-state" then
+                options = options | SSL_DISPLAY_STATES
+            elseif arg[i] eq "-show-rsa" then
+                options = options | SSL_DISPLAY_RSA
+            else    -- don't know what this is
+                print_client_options(build_mode, arg[i])
+            end
+        else    -- don't know what this is
+            print_client_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    local client_sock = new IO::Socket::INET (
+                        PeerAddr => host, PeerPort => port, Proto => 'tcp')
+                    or error("no socket: !")
+    local ssl
+    local res
+    local native_sock = get_native_sock(client_sock->fileno)
+
+    if not quiet then print("CONNECTED\n") end
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)
+
+    if ssl_ctx == nil then 
+        error("Error: Client context is invalid")
+    end
+
+    if private_key_file not nil then
+        local obj_type = SSL_OBJ_RSA_KEY
+
+        if private_key_file =~ /.p8/ then
+            obj_type = SSL_OBJ_PKCS8 
+        end
+        if private_key_file =~ /.p12/ then
+            obj_type = SSL_OBJ_PKCS12 
+        end
+
+        if ssl_obj_load(ssl_ctx, obj_type, private_key_file, password) then
+            error("Private key 'private_key_file' is undefined.")
+        end
+    end
+
+    foreach (@cert)
+       if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, _, nil) then
+            error("Certificate '_' is undefined.")
+        end
+    end
+
+    foreach (@ca_cert)
+        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, _, nil) then
+            error("Certificate '_' is undefined.")
+        end
+    end
+
+    -- Try session resumption?
+    if reconnect then
+        local session_id = nil
+        while reconnect do
+            reconnect = reconnect - 1
+            ssl = ssl_client_new(ssl_ctx, native_sock, session_id)
+
+            res = ssl_handshake_status(ssl)
+            if res #arg= SSL_OK then
+                if not quiet then ssl_display_error(res) end
+                ssl_free(ssl)
+                os.exit(1)
+            end
+
+            display_session_id(ssl)
+            session_id = ssl_get_session_id(ssl)
+
+            if reconnect then
+                ssl_free(ssl)
+                client_sock->close
+                client_sock = new IO::Socket::INET (
+                        PeerAddr => host, PeerPort => port, Proto => 'tcp')
+                    or error ("no socket: !")
+
+            end
+        end
+    else
+        ssl = ssl_client_new(ssl_ctx, native_sock, nil)
+    end
+
+    -- check the return status
+    res = ssl_handshake_status(ssl)
+    if res #arg= SSL_OK then
+        if not quiet then ssl_display_error(res) end
+        os.exit(1)
+    end
+
+    if not quiet then
+        local common_name = ssl_get_cert_dn(ssl, 
+                    SSL_X509_CERT_COMMON_NAME)
+
+        if common_name not nil then 
+            print("Common Name:\t\t%s\n", common_name)
+        end
+
+        display_session_id(ssl)
+        display_cipher(ssl)
+    end
+
+    while <STDIN> do
+        local cstring = pack("a*x", _);   -- add null terminator
+        res = ssl_write(ssl, \cstring, length(cstring))
+        if res < SSL_OK then
+            if not quiet then ssl_display_error(res) end
+            break
+        end
+    end
+
+    ssl_ctx_free(ssl_ctx)
+    client_sock->close
+end
+
+--
+-- We've had some sort of command-line error. Print out the server options.
+--
+function print_server_options(build_mode, option)
+    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = ssl_get_config(
+            SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option.."")
+    print("usage: s_server [args ...]")
+    print(" -accept\t\t- port to accept on (default is 4433)")
+    print(" -quiet\t\t- No server output\n")
+
+    if build_mode >= SSL_BUILD_SERVER_ONLY then
+        print(" -cert arg\t- certificate file to add (in addition to default then".
+                                        " to chain -".
+          "\t\t  default DER format. Can repeat up to %d times\n", cert_size)
+        print(" -key arg\t- Private key file to use - default DER format")
+        print(" -pass\t\t- private key file pass phrase source")
+    end
+
+    if build_mode >= SSL_BUILD_ENABLE_VERIFICATION then
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to %d times\n", ca_cert_size)
+    end
+
+    if build_mode == SSL_BUILD_FULL_MODE then
+        print(" -debug\t\t- Print more output")
+        print(" -state\t\t- Show state messages")
+        print(" -show-rsa\t- Show RSA state")
+    end
+
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the client options.
+--
+function print_client_options(build_mode, option)
+    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = ssl_get_config(
+            SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option %s\n", option)
+
+    if build_mode >= SSL_BUILD_ENABLE_CLIENT then
+        print("usage: s_client [args ...]")
+        print(" -connect host:port - who to connect to (default "..
+                "is localhost:4433)")
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -cert arg\t- certificate file to use - default DER format")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print("\t\t  Can repeat up to %d times\n", cert_size)
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to %d times\n", ca_cert_size)
+        print(" -quiet\t\t- No client output")
+        print(" -pass\t\t- private key file pass phrase source")
+        print(" -reconnect\t- Drop and re-make the connection "..
+                "with the same Session-ID")
+
+        if build_mode == SSL_BUILD_FULL_MODE then
+            print(" -debug\t\t- Print more output")
+            print(" -state\t\t- Show state messages")
+            print(" -show-rsa\t- Show RSA state\n")
+        end
+    else
+        print("Change configuration to allow this feature")
+    end
+
+    os.exit(1)
+end
+
+--
+-- Display what cipher we are using 
+--
+function display_cipher(ss)
+    local (ssl) = @_
+    print("CIPHER is ")
+    local cipher_id = ssl_get_cipher_id(ssl)
+
+    if cipher_id == SSL_AES128_SHA then
+        print("AES128-SHA")
+    elseif cipher_id == SSL_AES256_SHA then
+        print("AES256-SHA")
+    elseif SSL_RC4_128_SHA then
+        print("RC4-SHA")
+    elseif SSL_RC4_128_MD5 then
+        print("RC4-MD5")
+    else 
+        print("Unknown - %d", cipher_id)
+    end
+
+    print("\n")
+end
+
+--
+-- Display what session id we have.
+--
+function display_session_id(ss)
+    local session_id = ssl_get_session_id(ssl)
+
+    print("-----BEGIN SSL SESSION PARAMETERS-----\n")
+    print(unpack("H*", session_id))
+    print("\n-----END SSL SESSION PARAMETERS-----\n")
+end
+--]]
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index cbfd58fdb7..cf04254dd9 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -58,16 +58,17 @@ sub get_native_sock
     return $is_win32 ? FdGetOsFHandle($sock) : $sock;
 }
 
-#
-# Main entry point. Doesn't do much except works out whether we are a client
-# or a server.
-#
+# print version?
 if ($#ARGV == 0 && $ARGV[0] eq "version")
 {
     printf("axssl.pl ".axtlsp::ssl_version()."\n");
     exit 0;
 }
 
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
 print_options($#ARGV > -1 ? $ARGV[0] : "")
         if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
 
@@ -494,7 +495,7 @@ sub print_options
 {
     my ($option) = @_;
     printf("axssl: Error: '%s' is an invalid command.\n", $option);
-    printf("usage: axssl [s_server|s_client] [args ...]\n");
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
     exit 1;
 }
 

From a3ed2cd3e05973aa46b007713d032d78831a8df8 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 May 2007 06:08:54 +0000
Subject: [PATCH 082/301] fix for win32

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@101 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/httpd/Makefile b/httpd/Makefile
index 6aedf5f067..7731323e5e 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -51,6 +51,8 @@ lua:
 endif
 
 else # win32 build
+lua:
+
 TARGET=../$(STAGE)/axhttpd.exe
 TARGET2=../$(STAGE)/htpasswd.exe
 

From aa4d1bdc09bb6e04b019506fcd1d73e3c610aabd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 May 2007 06:09:44 +0000
Subject: [PATCH 083/301] updates to make

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@102 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/.config.tmp        |  11 --
 config/linuxconfig        |  21 +++-
 config/makefile.conf      |  16 +--
 config/makefile.java.conf |  16 +--
 config/win32config        | 242 ++++++++++++++++++++------------------
 5 files changed, 151 insertions(+), 155 deletions(-)
 delete mode 100644 config/.config.tmp

diff --git a/config/.config.tmp b/config/.config.tmp
deleted file mode 100644
index eae93ecacb..0000000000
--- a/config/.config.tmp
+++ /dev/null
@@ -1,11 +0,0 @@
-deps_config := \
-	ssl/BigIntConfig.in \
-	samples/Config.in \
-	bindings/Config.in \
-	httpd/Config.in \
-	ssl/Config.in \
-	config/Config.in
-
-.config include/config.h: $(deps_config)
-
-$(deps_config):
diff --git a/config/linuxconfig b/config/linuxconfig
index 3f8bec6000..220060c009 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -42,6 +42,7 @@ CONFIG_SSL_MAX_CERTS=2
 # CONFIG_SSL_CTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
+CONFIG_OPENSSL_COMPATIBLE=y
 # CONFIG_PERFORMANCE_TESTING is not set
 # CONFIG_SSL_TEST is not set
 CONFIG_AXHTTPD=y
@@ -50,18 +51,25 @@ CONFIG_AXHTTPD=y
 # Axhttpd Configuration
 #
 # CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
 CONFIG_HTTP_HTTPS_PORT=443
 CONFIG_HTTP_SESSION_CACHE_SIZE=5
 CONFIG_HTTP_WEBROOT="../www"
-CONFIG_HTTP_PORT=80
 CONFIG_HTTP_TIMEOUT=300
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-# CONFIG_HTTP_DIRECTORIES is not set
+
+#
+# CGI
+#
+CONFIG_HTTP_HAS_CGI=y
+CONFIG_HTTP_CGI_EXTENSIONS=".lua,.lp"
+CONFIG_HTTP_ENABLE_LUA=y
+CONFIG_HTTP_LUA_PREFIX="/usr/local"
+# CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_DIRECTORIES=y
+CONFIG_HTTP_HAS_AUTHORIZATION=y
 # CONFIG_HTTP_USE_CHROOT is not set
 # CONFIG_HTTP_CHANGE_UID is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_ALL_MIME_TYPES=y
 # CONFIG_HTTP_VERBOSE is not set
 # CONFIG_HTTP_IS_DAEMON is not set
 
@@ -77,6 +85,8 @@ CONFIG_JAVA_HOME=""
 # CONFIG_PERL_BINDINGS is not set
 CONFIG_PERL_CORE=""
 CONFIG_PERL_LIB=""
+# CONFIG_LUA_BINDINGS is not set
+CONFIG_LUA_CORE=""
 
 #
 # Samples
@@ -87,6 +97,7 @@ CONFIG_C_SAMPLES=y
 # CONFIG_VBNET_SAMPLES is not set
 # CONFIG_JAVA_SAMPLES is not set
 # CONFIG_PERL_SAMPLES is not set
+# CONFIG_LUA_SAMPLES is not set
 
 #
 # BigInt Options
diff --git a/config/makefile.conf b/config/makefile.conf
index 77a341be3b..829d3bf345 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -32,24 +32,21 @@ all:
 ifdef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_VISUAL_STUDIO_6_0
-CONFIG_VISUAL_STUDIO_6_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_6_0_BASE))
 CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include
-export LIB=$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib
+INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include")
+LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
 else
 ifdef CONFIG_VISUAL_STUDIO_7_0
-CONFIG_VISUAL_STUDIO_7_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_7_0_BASE))
 CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include
-export LIB=$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib
+INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
+LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
 else 
 ifdef CONFIG_VISUAL_STUDIO_8_0
-CONFIG_VISUAL_STUDIO_8_0_BASE:=$(shell cygpath -w $(CONFIG_VISUAL_STUDIO_8_0_BASE))
 CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
-export INCLUDE=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include
-export LIB=$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib
+INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
+LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
 endif
 endif
@@ -58,7 +55,6 @@ endif
 CC=cl.exe
 LD=link.exe
 CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c 
-#CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /D "_CRT_SECURE_NO_DEPRECATE" /c 
 LDFLAGS=/nologo /subsystem:console /machine:I386
 LDSHARED = /dll
 AR=lib /nologo
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
index 2194ef44bd..2e51b50da3 100644
--- a/config/makefile.java.conf
+++ b/config/makefile.java.conf
@@ -18,26 +18,16 @@
 
 ifneq ($(MAKECMDGOALS), clean)
 
-all: test_jdk_location
-
-test_jdk_location:
-	@if ! [ -d "$(CONFIG_JAVA_HOME)" ]; then \
-		echo "*** Error: JDK path of $(CONFIG_JAVA_HOME) doesn't exist" && exit 1; \
-    fi
-
-
 ifdef CONFIG_PLATFORM_CYGWIN 
-CONFIG_JAVA_HOME:=$(shell cygpath -u $(CONFIG_JAVA_HOME))
 CFLAGS += -I"$(CONFIG_JAVA_HOME)/include"
 CFLAGS += -I"$(CONFIG_JAVA_HOME)/include/win32"
 JAVA_BIN:=$(CONFIG_JAVA_HOME)/bin
 else
 
 ifdef CONFIG_PLATFORM_WIN32
-CONFIG_JAVA_HOME:=$(shell cygpath -w $(CONFIG_JAVA_HOME))
-CFLAGS += /I"$(CONFIG_JAVA_HOME)\include"
-CFLAGS += /I"$(CONFIG_JAVA_HOME)\include\win32"
-JAVA_BIN:=$(shell cygpath -u $(CONFIG_JAVA_HOME)\bin)
+CFLAGS += /I"$(shell cygpath -w $(CONFIG_JAVA_HOME)/include)"
+CFLAGS += /I"$(shell cygpath -w $(CONFIG_JAVA_HOME)/include/win32)"
+JAVA_BIN:=$(shell cygpath -u $(CONFIG_JAVA_HOME)/bin)
 else # Linux
 CFLAGS += -I$(CONFIG_JAVA_HOME)/include
 
diff --git a/config/win32config b/config/win32config
index 08806d97b5..ff5c3648bd 100644
--- a/config/win32config
+++ b/config/win32config
@@ -1,116 +1,126 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-CONFIG_PLATFORM_WIN32=y
-
-#
-# General Configuration
-#
-PREFIX=""
-# CONFIG_DEBUG is not set
-
-#
-# Microsoft Compiler Options
-#
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-CONFIG_VISUAL_STUDIO_7_0=y
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
-# CONFIG_USE_DEV_URANDOM is not set
-CONFIG_WIN32_USE_CRYPTO_LIB=y
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
-
-#
-# Axhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_PORT=80
-CONFIG_HTTP_HTTPS_PORT=443
-CONFIG_HTTP_SESSION_CACHE_SIZE=5
-CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_TIMEOUT=300
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-CONFIG_HTTP_DIRECTORIES=y
-# CONFIG_HTTP_USE_CHROOT is not set
-# CONFIG_HTTP_CHANGE_UID is not set
-CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_ALL_MIME_TYPES=y
-CONFIG_HTTP_VERBOSE=y
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-CONFIG_CSHARP_BINDINGS=y
-CONFIG_VBNET_BINDINGS=y
-
-#
-# .Net Framework
-#
-CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-CONFIG_JAVA_BINDINGS=y
-
-#
-# Java Home
-#
-CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-CONFIG_CSHARP_SAMPLES=y
-CONFIG_VBNET_SAMPLES=y
-CONFIG_JAVA_SAMPLES=y
-# CONFIG_PERL_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+CONFIG_PLATFORM_WIN32=y
+
+#
+# General Configuration
+#
+PREFIX=""
+# CONFIG_DEBUG is not set
+
+#
+# Microsoft Compiler Options
+#
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+CONFIG_VISUAL_STUDIO_7_0=y
+# CONFIG_VISUAL_STUDIO_8_0 is not set
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
+CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_USE_DEV_URANDOM is not set
+CONFIG_WIN32_USE_CRYPTO_LIB=y
+# CONFIG_OPENSSL_COMPATIBLE is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="../www"
+CONFIG_HTTP_TIMEOUT=300
+
+#
+# CGI
+#
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSIONS=""
+# CONFIG_HTTP_ENABLE_LUA is not set
+CONFIG_HTTP_LUA_PREFIX=""
+# CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_DIRECTORIES=y
+CONFIG_HTTP_HAS_AUTHORIZATION=y
+# CONFIG_HTTP_USE_CHROOT is not set
+# CONFIG_HTTP_CHANGE_UID is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+# CONFIG_HTTP_VERBOSE is not set
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+CONFIG_BINDINGS=y
+CONFIG_CSHARP_BINDINGS=y
+CONFIG_VBNET_BINDINGS=y
+
+#
+# .Net Framework
+#
+CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+CONFIG_JAVA_BINDINGS=y
+
+#
+# Java Home
+#
+CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+# CONFIG_LUA_BINDINGS is not set
+CONFIG_LUA_CORE=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+CONFIG_CSHARP_SAMPLES=y
+CONFIG_VBNET_SAMPLES=y
+CONFIG_JAVA_SAMPLES=y
+# CONFIG_PERL_SAMPLES is not set
+# CONFIG_LUA_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set

From c928b27cd9ad8fc32d9719b8b717936834579409 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 26 May 2007 00:21:51 +0000
Subject: [PATCH 084/301] general checkin

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@103 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/java/Makefile | 22 +++++++++++-----------
 config/axhttpd.aip     | 27 +++++++++++++--------------
 config/win32config     |  1 -
 httpd/Config.in        |  6 +++---
 ssl/test/ssltest.c     |  2 +-
 www/index.html         |  4 ++--
 6 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/bindings/java/Makefile b/bindings/java/Makefile
index a1933b92fc..59aa6203b9 100644
--- a/bindings/java/Makefile
+++ b/bindings/java/Makefile
@@ -35,20 +35,20 @@ axTLSj_wrap.o : axTLSj_wrap.c
 
 JAVA_FILES= \
 	axtlsjJNI.java \
-    axtlsjConstants.java \
-    axtlsj.java \
-    SSLReadHolder.java \
-    SSL.java \
-    SSLUtil.java \
-    SSLCTX.java \
-    SSLServer.java \
-    SSLClient.java
+	axtlsjConstants.java \
+	axtlsj.java \
+	SSLReadHolder.java \
+	SSL.java \
+	SSLUtil.java \
+	SSLCTX.java \
+	SSLServer.java \
+	SSLClient.java
 
 OBJ=axTLSj_wrap.o
 
-AXOLOTLS_HOME=../..
-SSL_HOME=$(AXOLOTLS_HOME)/ssl
-CONFIG_HOME=$(AXOLOTLS_HOME)/config
+AXTLS_HOME=../..
+SSL_HOME=$(AXTLS_HOME)/ssl
+CONFIG_HOME=$(AXTLS_HOME)/config
 JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
 
 ifdef CONFIG_PLATFORM_WIN32
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 0a3700fe25..2bac4caa67 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.8.1" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.9.2" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
@@ -8,10 +8,10 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{85E11EB1-374E-43DF-B561-213DA3D47B87} "/>
+    <ROW Property="ProductCode" Value="1033:{A03ABCF7-73F5-483D-8F3D-64B822A1ED64} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.4"/>
+    <ROW Property="ProductVersion" Value="1.1.5"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
@@ -63,18 +63,17 @@
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
     <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="18"/>
-    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="22"/>
-    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="25"/>
-    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="24"/>
-    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="26"/>
-    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="21"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="21"/>
+    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="24"/>
+    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="23"/>
+    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="25"/>
+    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="20"/>
     <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="23"/>
-    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="27"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="22"/>
+    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="26"/>
     <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="some_text.txt" Component_="health.sh" FileName="some_t~1.txt|some_text.txt" Attributes="0" SourcePath="..\www\test_dir\some_text.txt" SelfReg="false" Sequence="19"/>
     <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="20"/>
+    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="19"/>
     <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
@@ -140,7 +139,7 @@
     <ROW Shortcut="axssl_server" Directory_="SHORTCUTDIR" Name="axssls~1|axssl server" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_server" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
-    <ROW UpgradeCode="UpgradeCode" VersionMax="ProductVersion" Attributes="1025"/>
-    <ROW UpgradeCode="UpgradeCode" VersionMin="ProductVersion" Attributes="2"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMax="[|ProductVersion]" Attributes="1025" ActionProperty="OLDPRODUCTS"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="[|ProductVersion]" Attributes="2" ActionProperty="AI_NEWERPRODUCTFOUND"/>
   </COMPONENT>
 </DOCUMENT>
diff --git a/config/win32config b/config/win32config
index ff5c3648bd..3e0b4223cb 100644
--- a/config/win32config
+++ b/config/win32config
@@ -109,7 +109,6 @@ CONFIG_CSHARP_SAMPLES=y
 CONFIG_VBNET_SAMPLES=y
 CONFIG_JAVA_SAMPLES=y
 # CONFIG_PERL_SAMPLES is not set
-# CONFIG_LUA_SAMPLES is not set
 
 #
 # BigInt Options
diff --git a/httpd/Config.in b/httpd/Config.in
index 11f6b725dc..d7f8aba59f 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -57,7 +57,7 @@ menu "CGI"
 
 config CONFIG_HTTP_HAS_CGI
     bool "Enable CGI"
-    default n
+    default y
     depends on !CONFIG_PLATFORM_WIN32
     help
         Enable the CGI capability. Not available on Win32 platforms.
@@ -100,13 +100,13 @@ endmenu
 
 config CONFIG_HTTP_DIRECTORIES
     bool "Enable Directory Listing"
-    default n
+    default y
     help
         Enable directory listing.
     
 config CONFIG_HTTP_HAS_AUTHORIZATION
     bool "Enable authorization"
-    default n
+    default y
     help
         Pages/directories can have passwords associated with them.
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index ee2062b292..3e3d47fecb 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1647,7 +1647,7 @@ void do_multi_svr(SSL *ssl)
 
 int multi_thread_test(void)
 {
-    int server_fd;
+    int server_fd = -1;
     SSL_CTX *ssl_server_ctx;
     SSL_CTX *ssl_clnt_ctx;
     pthread_t clnt_threads[NUM_THREADS];
diff --git a/www/index.html b/www/index.html
index 7d642714d1..989ebef0a9 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200705160414" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Zero length client certificates were causing a crash (now they return an error).\n* The client session id size is now variable.\n* ssl_version() just returns the version number (and not the date).\n\n!!__axhttpd__\n\n* mime types are now greatly simplified (let the browser figure things out).\n* An error with CGI arguments was fixed.\n* The axhttpd version is now the same as the axtls version.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200705250611" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
@@ -7096,7 +7096,7 @@
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="CameronRich" modified="200703310024" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc).\n\nSo any executables and libraries need to be copied into webroot.\n\nFailure to do so will result in mystical blank screens (and probably hundreds of axhttpd instances being created...).\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed.\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="200705250629" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[/test_dir/test_variables.pl|http://127.0.0.1/test_dir/test_variables.lp]] to see an example of Lua Pages.\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From 0d15b8be5b97e0fb4d244b8eaf64cdb5446013bb Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 4 Jun 2007 02:53:39 +0000
Subject: [PATCH 085/301] receive side now works

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@105 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/lua/axssl.lua | 513 +++++++++++++++++++++---------------------
 1 file changed, 256 insertions(+), 257 deletions(-)

diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index f1d9335868..68b8c7706d 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -1,7 +1,7 @@
-#!/usr/bin/lua
+#!/usr/local/bin/lua
 --
 --
---  Copyright(C) 2006 Cameron Rich
+--  Copyright(C) 2007 Cameron Rich
 --
 --  This program is free software; you can redistribute it and/or modify
 --  it under the terms of the GNU General Public License as published by
@@ -34,13 +34,13 @@
 -- by the OS.
 --
 --
-local f = loadlib("axtlsl.dll", "luaopen_axtlsl")
-f()
+require "bit"
+require("axtlsl")
+local socket = require("socket")
 
 -- print version?
-
 if #arg == 1 and arg[1] == "version" then
-    print("axssl.lua "..ssl_version().."\n")
+    print("axssl.lua "..axtlsl.ssl_version())
     os.exit(1)
 end
 
@@ -54,81 +54,144 @@ function print_options(option)
 end
 
 --
--- Main entry point. Doesn't do much except works out whether we are a client
--- or a server.
+-- We've had some sort of command-line error. Print out the server options.
 --
-if #arg < 1 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
-    print_options(#arg > 0 and arg[1] or "")
+function print_server_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+    print("usage: s_server [args ...]")
+    print(" -accept\t- port to accept on (default is 4433)")
+    print(" -quiet\t\t- No server output")
+
+    if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+        print(" -cert arg\t- certificate file to add (in addition to "..
+                "default) to chain -")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print(" -pass\t\t- private key file pass phrase source")
+    end
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.." times")
+    end
+
+    if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+        print(" -debug\t\t- Print more output")
+        print(" -state\t\t- Show state messages")
+        print(" -show-rsa\t- Show RSA state")
+    end
+
+    os.exit(1)
 end
 
---[[
-local build_mode = ssl_get_config(SSL_BUILD_MODE)
-arg[1] eq "s_server" ? do_server(build_mode) : do_client(build_mode)
+--
+-- We've had some sort of command-line error. Print out the client options.
+--
+function print_client_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
+        print("usage: s_client [args ...]")
+        print(" -connect host:port - who to connect to (default "..
+                "is localhost:4433)")
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -cert arg\t- certificate file to use - default DER format")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.."times")
+        print(" -quiet\t\t- No client output")
+        print(" -pass\t\t- private key file pass phrase source")
+        print(" -reconnect\t- Drop and re-make the connection "..
+                "with the same Session-ID")
+
+        if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            print(" -debug\t\t- Print more output")
+            print(" -state\t\t- Show state messages")
+            print(" -show-rsa\t- Show RSA state")
+        end
+    else
+        print("Change configuration to allow this feature")
+    end
+
+    os.exit(1)
+end
 
 -- Implement the SSL server logic. 
 function do_server(build_mode)
-    local i = 1
+    local i = 2
+    local v
     local port = 4433
-    local options = SSL_DISPLAY_CERTS
+    local options = axtlsl.SSL_DISPLAY_CERTS
     local quiet = false
     local password = nil
     local private_key_file = nil
-    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
     local cert = {}
     local ca_cert = {}
 
     while i <= #arg do
-        if arg[i] eq  "-accept" then
+        if arg[i] ==  "-accept" then
             if i >= #arg then
                 print_server_options(build_mode, arg[i])
             end
 
             i = i + 1
             port = arg[i]
-        elseif arg[i] eq "-quiet" then
+        elseif arg[i] == "-quiet" then
             quiet = true
-            options = options & ~SSL_DISPLAY_CERTS
-        elseif build_mode >= SSL_BUILD_SERVER_ONLY then
-            if arg[i] eq "-cert" then
-                if i >= #arg >= cert_size-1 then
+            options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+            if arg[i] == "-cert" then
+                if i >= #arg or #cert >= cert_size then
                     print_server_options(build_mode, arg[i]) 
                 end
 
                 i = i + 1
-                cert[i] =  arg[i]
-            elseif arg[i] eq "-key" then
+                table.insert(cert, arg[i])
+            elseif arg[i] == "-key" then
                 if i >= #arg then
                     print_server_options(build_mode, arg[i]) 
                 end
 
                 i = i + 1
                 private_key_file = arg[i]
-                options = options | SSL_NO_DEFAULT_KEY
-            elseif arg[i] eq "-pass" then
+                options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+            elseif arg[i] == "-pass" then
                 if i >= #arg then
                     print_server_options(build_mode, arg[i]) 
                 end
 
                 i = i + 1
                 password = arg[i]
-            elseif build_mode >= SSL_BUILD_ENABLE_VERIFICATION then
-                if arg[i] eq "-verify" then
-                    options = options | SSL_CLIENT_AUTHENTICATION
-                elseif arg[i] eq "-CAfile" then
-                    if i >= #arg >= ca_cert_size-1 then
+            elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+                if arg[i] == "-verify" then
+                    options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
+                elseif arg[i] == "-CAfile" then
+                    if i >= #arg or #ca_cert >= ca_cert_size then
                         print_server_options(build_mode, arg[i])  
                     end
 
                     i = i + 1
-                    ca_cert[i] = arg[i]
-                elseif build_mode == SSL_BUILD_FULL_MODE then
-                    if arg[i] eq "-debug" then
-                        options = options | SSL_DISPLAY_BYTES
-                    elseif arg[i] eq "-state" then
-                        options = options | SSL_DISPLAY_STATES
-                    elseif arg[i] eq "-show-rsa" then
-                        options = options | SSL_DISPLAY_RSA
+                    table.insert(ca_cert, arg[i])
+                elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+                    if arg[i] == "-debug" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+                    elseif arg[i] == "-state" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
+                    elseif arg[i] == "-show-rsa" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
                     else
                         print_server_options(build_mode, arg[i])
                     end
@@ -145,168 +208,168 @@ function do_server(build_mode)
         i = i + 1
     end
 
-    -- Create socket for incoming connections
-    local server_sock = IO::Socket::INET->new(Proto => 'tcp',
-                              LocalPort => port,
-                              Listen => 1,
-                              Reuse => 1) or die !
-
     ---------------------------------------------------------------------------
     -- This is where the interesting stuff happens. Up until now we've
     -- just been setting up sockets etc. Now we do the SSL handshake.
     ---------------------------------------------------------------------------
-    local ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
     if ssl_ctx == nil then error("Error: Server context is invalid") end
 
-    if nil private_key_file then
-        local obj_type = SSL_OBJ_RSA_KEY
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
 
-        if private_key_file =~ /.p8/ then obj_type = SSL_OBJ_PKCS8 end
-        if private_key_file =~ /.p12/ then obj_type = SSL_OBJ_PKCS12 end
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
 
-        if ssl_obj_load(ssl_ctx, obj_type, private_key_file, password) then
-            error("Private key 'private_key_file' is nilined.")
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, 
+                                        private_key_file, password) then
+            error("Private key '" .. private_key_file .. "' is undefined.")
         end
     end
 
-    foreach (@cert)
-        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, _, nil) #arg= SSL_OK then
-            error("Certificate '_' is undefined.")
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") 
+                                        ~= axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
         end
     end
 
-    foreach (@ca_cert)
-        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, _, nil) #arg= SSL_OK then
-            error("Certificate '_' is undefined.")
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") 
+                                        ~= axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
         end
     end
 
-    while true do
-        if not quiet then print("ACCEPT\n") end
-        local client_sock = server_sock->accept
-        local native_sock = get_native_sock(client_sock->fileno)
+    -- Create socket for incoming connections
+    local server_sock = socket.try(socket.bind("*", port))
+    local connected = false
 
-        -- This doesn't work in Win32 - need to get file descriptor from socket.
-        local ssl = ssl_server_new(ssl_ctx, native_sock)
+    while true do
+        if not quiet then print("ACCEPT") end
+        local client_sock = server_sock:accept();
+        local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
 
         -- do the actual SSL handshake
         local res
         local buf
 
         while true do
-            (res, buf) = ssl_read(ssl, nil)
-            if res #arg= SSL_OK then break end
-
-            -- check when the connection has been established
-            if ssl_handshake_status(ssl) == SSL_OK then break end
 
-            -- could do something else here
-        end
+            socket.select({client_sock}, nil)
+            res, buf = axtlsl.ssl_read(ssl)
 
-        if res == SSL_OK then -- connection established and ok
-            if not quiet then
-                display_session_id(ssl)
-                display_cipher(ssl)
+            if res == axtlsl.SSL_OK then -- connection established and ok
+                -- check when the connection has been established
+                if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
+                    if not quiet and not connected then
+                        display_session_id(ssl)
+                        display_cipher(ssl)
+                    end
+                    connected = true
+                end
             end
 
-            -- now read (and display) whatever the client sends us
-            while true do
-                -- keep reading until we get something interesting
-                while true do
-                    (res, buf) = ssl_read(ssl, nil)
-                    if res #arg= SSL_OK then break end
-
-                    -- could do something else here
+            if res > axtlsl.SSL_OK then
+                for _, v in ipairs(buf) do
+                    io.write(string.format("%c", v))
                 end
-
-                if res < SSL_OK then
-                    if not quiet then print("CONNECTION CLOSED\n") end
-                    break
+            elseif res < axtlsl.SSL_OK then 
+                if not quiet then
+                    axtlsl.ssl_display_error(res)
+                    print("CONNECTION CLOSED")
                 end
-
-                print(buf)
+                break
             end
-        elseif not quiet then
-            ssl_display_error(res)
         end
 
         -- client was disconnected or the handshake failed.
-        ssl_free(ssl)
-        client_sock->close
+
+        axtlsl.ssl_free(ssl)
+        client_sock:close()
     end
 
-    ssl_ctx_free(ssl_ctx)
+    axtlsl.ssl_ctx_free(ssl_ctx)
 end
 
 --
 -- Implement the SSL client logic.
 --
 function do_client(build_mode)
-    local i = 1
+    local i = 2
+    local v
     local port = 4433
-    local options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS
+    local options = bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, SSL_DISPLAY_CERTS)
     local private_key_file = nil
     local reconnect = 0
     local quiet = false
     local password = nil
     local session_id = {}
     local host = "127.0.0.1"
-    local @cert
-    local @ca_cert
-    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
 
     while i <= #arg do
-        if arg[i] eq "-connect" then
+        if arg[i] == "-connect" then
             if i >= #arg then
                 print_client_options(build_mode, arg[i]) 
             end
 
             i = i + 1
-            (host, port) = split(':', arg[i])
-        elseif arg[i] eq "-cert" then
+            -- TODO
+            --(host, port) = split(':', arg[i])
+        elseif arg[i] == "-cert" then
             if i >= #arg >= cert_size-1 then
                 print_client_options(build_mode, arg[i]) 
             end
 
             i = i + 1
-            cert[i] = arg[i]
-        elseif arg[i] eq "-key" then
+            table.insert(cert, arg[i])
+        elseif arg[i] == "-key" then
             if i >= #arg then
                 print_client_options(build_mode, arg[i])
             end
 
             i = i + 1
             private_key_file = arg[i]
-            options |= SSL_NO_DEFAULT_KEY
-        elseif arg[i] eq "-CAfile" then
+            options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+        elseif arg[i] == "-CAfile" then
             if i >= #arg >= ca_cert_size-1 then
                 print_client_options(build_mode, arg[i]) 
             end
 
             i = i + 1
-            ca_cert[i] = arg[i]
-        elseif arg[i] eq "-verify" then
-            options &= ~SSL_SERVER_VERIFY_LATER
-        elseif arg[i] eq "-reconnect" then
+            table.insert(ca_cert, arg[i])
+        elseif arg[i] == "-verify" then
+            options = bit.band(options, 
+                                bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
+        elseif arg[i] == "-reconnect" then
             reconnect = 4
-        elseif arg[i] eq "-quiet" then
+        elseif arg[i] == "-quiet" then
             quiet = true
-            options &= ~SSL_DISPLAY_CERTS
-        elseif arg[i] eq "-pass" then
+            options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif arg[i] == "-pass" then
             if i >= #arg then
                 print_server_options(build_mode, arg[i])
             end
 
             i = i + 1
             password = arg[i]
-        elseif build_mode == SSL_BUILD_FULL_MODE then
-            if arg[i] eq "-debug" then
-                options = options | SSL_DISPLAY_BYTES
-            elseif arg[i] eq "-state" then
-                options = options | SSL_DISPLAY_STATES
-            elseif arg[i] eq "-show-rsa" then
-                options = options | SSL_DISPLAY_RSA
+        elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            if arg[i] == "-debug" then
+                options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+            elseif arg[i] == "-state" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
+            elseif arg[i] == "-show-rsa" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
             else    -- don't know what this is
                 print_client_options(build_mode, arg[i])
             end
@@ -317,49 +380,50 @@ function do_client(build_mode)
         i = i + 1
     end
 
-    local client_sock = new IO::Socket::INET (
-                        PeerAddr => host, PeerPort => port, Proto => 'tcp')
-                    or error("no socket: !")
+    local client_sock = assert(socket.connect(host, port))
     local ssl
     local res
-    local native_sock = get_native_sock(client_sock->fileno)
 
-    if not quiet then print("CONNECTED\n") end
+    if not quiet then print("CONNECTED") end
 
     ---------------------------------------------------------------------------
     -- This is where the interesting stuff happens. Up until now we've
     -- just been setting up sockets etc. Now we do the SSL handshake.
     ---------------------------------------------------------------------------
-    local ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
 
     if ssl_ctx == nil then 
         error("Error: Client context is invalid")
     end
 
-    if private_key_file not nil then
-        local obj_type = SSL_OBJ_RSA_KEY
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
 
-        if private_key_file =~ /.p8/ then
-            obj_type = SSL_OBJ_PKCS8 
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
         end
-        if private_key_file =~ /.p12/ then
-            obj_type = SSL_OBJ_PKCS12 
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
         end
 
-        if ssl_obj_load(ssl_ctx, obj_type, private_key_file, password) then
-            error("Private key 'private_key_file' is undefined.")
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, 
+                                    private_key_file, password) then
+            error("Private key '"..private_key_file.."' is undefined.")
         end
     end
 
-    foreach (@cert)
-       if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, _, nil) then
-            error("Certificate '_' is undefined.")
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") 
+                                        ~= axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
         end
     end
 
-    foreach (@ca_cert)
-        if ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, _, nil) then
-            error("Certificate '_' is undefined.")
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") 
+                                        ~= axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
         end
     end
 
@@ -368,168 +432,103 @@ function do_client(build_mode)
         local session_id = nil
         while reconnect do
             reconnect = reconnect - 1
-            ssl = ssl_client_new(ssl_ctx, native_sock, session_id)
+            ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), session_id)
 
             res = ssl_handshake_status(ssl)
-            if res #arg= SSL_OK then
-                if not quiet then ssl_display_error(res) end
-                ssl_free(ssl)
+            if res ~= axtlsl.SSL_OK then
+                if not quiet then axtlsl.ssl_display_error(res) end
+                axtlsl.ssl_free(ssl)
                 os.exit(1)
             end
 
             display_session_id(ssl)
-            session_id = ssl_get_session_id(ssl)
+            session_id = axtlsl.ssl_get_session_id(ssl)
 
             if reconnect then
                 ssl_free(ssl)
-                client_sock->close
-                client_sock = new IO::Socket::INET (
-                        PeerAddr => host, PeerPort => port, Proto => 'tcp')
-                    or error ("no socket: !")
-
+                client_sock:close()
+                client_sock = assert(socket.connect(host, port))
             end
         end
     else
-        ssl = ssl_client_new(ssl_ctx, native_sock, nil)
+        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil)
     end
 
     -- check the return status
-    res = ssl_handshake_status(ssl)
-    if res #arg= SSL_OK then
-        if not quiet then ssl_display_error(res) end
+    res = axtlsl.ssl_handshake_status(ssl)
+    if res ~= axtlsl.SSL_OK then
+        if not quiet then axtlsl.ssl_display_error(res) end
         os.exit(1)
     end
 
     if not quiet then
-        local common_name = ssl_get_cert_dn(ssl, 
-                    SSL_X509_CERT_COMMON_NAME)
+        local common_name = axtlsl.ssl_get_cert_dn(ssl, 
+                            axtlsl.SSL_X509_CERT_COMMON_NAME)
 
-        if common_name not nil then 
-            print("Common Name:\t\t%s\n", common_name)
+        if common_name ~= nil then 
+            print("Common Name:\t\t"..common_name)
         end
 
         display_session_id(ssl)
         display_cipher(ssl)
     end
 
-    while <STDIN> do
-        local cstring = pack("a*x", _);   -- add null terminator
-        res = ssl_write(ssl, \cstring, length(cstring))
-        if res < SSL_OK then
-            if not quiet then ssl_display_error(res) end
+    -- while <STDIN> do
+    while true do
+        local cstring = pack("a*x", _)   -- add null terminator
+        res = axtlsl.ssl_write(ssl, cstring, length(cstring))
+        if res < axtlsl.SSL_OK then
+            if not quiet then axtlsl.ssl_display_error(res) end
             break
         end
     end
 
-    ssl_ctx_free(ssl_ctx)
-    client_sock->close
-end
-
---
--- We've had some sort of command-line error. Print out the server options.
---
-function print_server_options(build_mode, option)
-    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = ssl_get_config(
-            SSL_MAX_CA_CERT_CFG_OFFSET)
-
-    print("unknown option "..option.."")
-    print("usage: s_server [args ...]")
-    print(" -accept\t\t- port to accept on (default is 4433)")
-    print(" -quiet\t\t- No server output\n")
-
-    if build_mode >= SSL_BUILD_SERVER_ONLY then
-        print(" -cert arg\t- certificate file to add (in addition to default then".
-                                        " to chain -".
-          "\t\t  default DER format. Can repeat up to %d times\n", cert_size)
-        print(" -key arg\t- Private key file to use - default DER format")
-        print(" -pass\t\t- private key file pass phrase source")
-    end
-
-    if build_mode >= SSL_BUILD_ENABLE_VERIFICATION then
-        print(" -verify\t- turn on peer certificate verification")
-        print(" -CAfile arg\t- Certificate authority - default DER format")
-        print("\t\t  Can repeat up to %d times\n", ca_cert_size)
-    end
-
-    if build_mode == SSL_BUILD_FULL_MODE then
-        print(" -debug\t\t- Print more output")
-        print(" -state\t\t- Show state messages")
-        print(" -show-rsa\t- Show RSA state")
-    end
-
-    os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the client options.
---
-function print_client_options(build_mode, option)
-    local cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = ssl_get_config(
-            SSL_MAX_CA_CERT_CFG_OFFSET)
-
-    print("unknown option %s\n", option)
-
-    if build_mode >= SSL_BUILD_ENABLE_CLIENT then
-        print("usage: s_client [args ...]")
-        print(" -connect host:port - who to connect to (default "..
-                "is localhost:4433)")
-        print(" -verify\t- turn on peer certificate verification")
-        print(" -cert arg\t- certificate file to use - default DER format")
-        print(" -key arg\t- Private key file to use - default DER format")
-        print("\t\t  Can repeat up to %d times\n", cert_size)
-        print(" -CAfile arg\t- Certificate authority - default DER format")
-        print("\t\t  Can repeat up to %d times\n", ca_cert_size)
-        print(" -quiet\t\t- No client output")
-        print(" -pass\t\t- private key file pass phrase source")
-        print(" -reconnect\t- Drop and re-make the connection "..
-                "with the same Session-ID")
-
-        if build_mode == SSL_BUILD_FULL_MODE then
-            print(" -debug\t\t- Print more output")
-            print(" -state\t\t- Show state messages")
-            print(" -show-rsa\t- Show RSA state\n")
-        end
-    else
-        print("Change configuration to allow this feature")
-    end
-
-    os.exit(1)
+    axtlsl.ssl_ctx_free(ssl_ctx)
+    client_sock:close()
 end
 
 --
 -- Display what cipher we are using 
 --
-function display_cipher(ss)
-    local (ssl) = @_
-    print("CIPHER is ")
-    local cipher_id = ssl_get_cipher_id(ssl)
+function display_cipher(ssl)
+    io.write("CIPHER is ")
+    local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
 
-    if cipher_id == SSL_AES128_SHA then
+    if cipher_id == axtlsl.SSL_AES128_SHA then
         print("AES128-SHA")
-    elseif cipher_id == SSL_AES256_SHA then
+    elseif cipher_id == axtlsl.SSL_AES256_SHA then
         print("AES256-SHA")
-    elseif SSL_RC4_128_SHA then
+    elseif axtlsl.SSL_RC4_128_SHA then
         print("RC4-SHA")
-    elseif SSL_RC4_128_MD5 then
+    elseif axtlsl.SSL_RC4_128_MD5 then
         print("RC4-MD5")
     else 
-        print("Unknown - %d", cipher_id)
+        print("Unknown - "..cipher_id)
     end
-
-    print("\n")
 end
 
 --
 -- Display what session id we have.
 --
-function display_session_id(ss)
-    local session_id = ssl_get_session_id(ssl)
+function display_session_id(ssl)
+    local session_id = axtlsl.ssl_get_session_id(ssl)
+    local i, v
+
+    print("-----BEGIN SSL SESSION PARAMETERS-----")
+    for _, v in ipairs(session_id) do
+        io.write(string.format("%02x", v))
+    end
+    print("\n-----END SSL SESSION PARAMETERS-----")
+end
 
-    print("-----BEGIN SSL SESSION PARAMETERS-----\n")
-    print(unpack("H*", session_id))
-    print("\n-----END SSL SESSION PARAMETERS-----\n")
+--
+-- Main entry point. Doesn't do much except works out whether we are a client
+-- or a server.
+--
+if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
+    print_options(#arg > 0 and arg[1] or "")
 end
---]]
+
+local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
+_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
 

From 9efcfbaf812f1945d8bfc9bc20db55898417286a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 4 Jun 2007 02:54:19 +0000
Subject: [PATCH 086/301] server side now works

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@106 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/generate_SWIG_interface.pl | 30 +++++++++++++++++++++++++----
 bindings/lua/Makefile               |  8 +++-----
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index e21873d5be..653829ebf9 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -300,10 +300,6 @@ sub parseFile
     }
 }
 
-%typemap(freearg) unsigned char *in_data {
-    free(buf\$argnum);
-}
-
 /* for ssl_client_new() */
 %typemap(in) const unsigned char session_id[] {
     /* check for a reference */
@@ -321,6 +317,32 @@ sub parseFile
 
 /* Some SWIG magic to make the API a bit more Lua friendly */
 #ifdef SWIGLUA
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    int i;
+    lua_newtable(L);
+    for (i = 0; i < SSL_SESSION_ID_SIZE; i++){
+        lua_pushnumber(L,(lua_Number)result[i]);
+        lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+    }
+    SWIG_arg++;
+}
+
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+		int i;
+		lua_newtable(L);
+		for (i = 0; i < result; i++){
+			lua_pushnumber(L,(lua_Number)buf2[i]);
+			lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+		}
+        SWIG_arg++;
+    }
+}
 #endif
 
 END
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 771c1acb88..d256c7ddf5 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -24,7 +24,7 @@ all: lib
 ifdef CONFIG_PLATFORM_WIN32
 TARGET=../../$(STAGE)/axtlsl.dll
 else
-TARGET=../../$(STAGE)/libaxtlsl.so
+TARGET=../../$(STAGE)/axtlsl.so
 endif
 
 ifneq ($(MAKECMDGOALS), clean)
@@ -36,11 +36,9 @@ CONFIG_HOME=$(AXTLS_HOME)/config
 OBJ:=axTLSl_wrap.o
 include ../../config/makefile.post
 
+# libaxtls has to be linked in as a single object for this (TODO: see if this is completely necessary)
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L $(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) -laxtls -llua
-ifdef CONFIG_PLATFORM_CYGWIN
-	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsl.dll
-endif
+	$(LD) $(LDFLAGS) -L$(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) ../../$(STAGE)/libaxtls.a -llua
 
 CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
 else

From 950d7ae488c1fd5ca9778784af0e6a29216e0565 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 14 Jun 2007 22:53:14 +0000
Subject: [PATCH 087/301] speed improvements to the rc4 cipher

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@107 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/crypto.h |  2 +-
 ssl/rc4.c    | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/ssl/crypto.h b/ssl/crypto.h
index 9bf446f246..d4e4bc0163 100644
--- a/ssl/crypto.h
+++ b/ssl/crypto.h
@@ -64,7 +64,7 @@ void AES_convert_key(AES_CTX *ctx);
 
 typedef struct 
 {
-    int x, y, m[256];
+    uint8_t x, y, m[256];
 } RC4_CTX;
 
 void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
diff --git a/ssl/rc4.c b/ssl/rc4.c
index 7250a669b7..83e4363dd0 100644
--- a/ssl/rc4.c
+++ b/ssl/rc4.c
@@ -29,7 +29,8 @@
  */
 void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
 {
-    int i, j = 0, k = 0, *m, a;
+    int i, j = 0, k = 0, a;
+    uint8_t *m;
 
     ctx->x = 0;
     ctx->y = 0;
@@ -56,7 +57,8 @@ void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
  */
 void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 { 
-    int i, x, y, *m, a, b;
+    int i;
+    uint8_t *m, x, y, a, b;
     out = (uint8_t *)msg; 
 
     x = ctx->x;
@@ -65,9 +67,8 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 
     for (i = 0; i < length; i++)
     {
-        x = (uint8_t)(x + 1); 
-        a = m[x];
-        y = (uint8_t)(y + a);
+        a = m[++x];
+        y += a;
         m[x] = b = m[y];
         m[y] = a;
         out[i] ^= m[(uint8_t)(a + b)];

From c8cb14d9de7f95b196a605750e813d4661a5ca0f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 14 Jun 2007 23:36:01 +0000
Subject: [PATCH 088/301] improvements to Lua binding

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@108 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/generate_SWIG_interface.pl | 25 ++++++++++++++++++++++---
 bindings/lua/Makefile               |  3 +++
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index 653829ebf9..b1fbb39817 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -37,11 +37,17 @@ sub transformSignature
             $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
             $line =~ s/uint8_t/signed char/g;
         }
-        else
+        elsif ($ARGV[0] eq "-perl")
         {
             $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
             $line =~ s/uint8_t/unsigned char/g;
         }
+        else # lua
+        {
+            $line =~ s/const uint8_t \*session_id/const unsigned char session_id\[\]/g;
+            $line =~ s/const uint8_t \*\w+/unsigned char *INPUT/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
     }
 
     return $line;
@@ -144,8 +150,8 @@ sub parseFile
 open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
 
 #
-# I wish I could say it was easy to generate the Perl/Java bindings, but each
-# had their own set of challenges... :-(.
+# I wish I could say it was easy to generate the Perl/Java/Lua bindings, 
+# but each had their own set of challenges... :-(.
 #
 print DATA_OUT << "END";
 %module $module\n
@@ -317,6 +323,9 @@ sub parseFile
 
 /* Some SWIG magic to make the API a bit more Lua friendly */
 #ifdef SWIGLUA
+SWIG_NUMBER_TYPEMAP(unsigned char);
+SWIG_TYPEMAP_NUM_ARR(uchar,unsigned char);
+
 /* for ssl_session_id() */
 %typemap(out) const unsigned char * {
     int i;
@@ -328,6 +337,7 @@ sub parseFile
     SWIG_arg++;
 }
 
+/* for ssl_read() */
 %typemap(in) unsigned char **in_data (unsigned char *buf) {
     \$1 = &buf;
 }
@@ -343,6 +353,15 @@ sub parseFile
         SWIG_arg++;
     }
 }
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    if(!lua_isnumber(L,\$input))
+        \$1 = NULL;
+    else
+        \$1 = SWIG_get_uint_num_array_fixed(L,\$input, SSL_SESSION_ID_SIZE);
+}
+
 #endif
 
 END
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index d256c7ddf5..69c5c7b154 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -36,6 +36,9 @@ CONFIG_HOME=$(AXTLS_HOME)/config
 OBJ:=axTLSl_wrap.o
 include ../../config/makefile.post
 
+# there are a few static functions that aren't used
+CFLAGS += -funit-at-a-time
+
 # libaxtls has to be linked in as a single object for this (TODO: see if this is completely necessary)
 $(TARGET) : $(OBJ)
 	$(LD) $(LDFLAGS) -L$(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) ../../$(STAGE)/libaxtls.a -llua

From 9d7c8e79dc426e7bf204e0afcbdb0d8dbb8bed5b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 14 Jun 2007 23:36:26 +0000
Subject: [PATCH 089/301] improvements to Lua sample

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@109 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/lua/axssl.lua | 51 ++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index 68b8c7706d..433a622823 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -248,7 +248,6 @@ function do_server(build_mode)
 
     -- Create socket for incoming connections
     local server_sock = socket.try(socket.bind("*", port))
-    local connected = false
 
     while true do
         if not quiet then print("ACCEPT") end
@@ -256,16 +255,15 @@ function do_server(build_mode)
         local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
 
         -- do the actual SSL handshake
+        local connected = false
         local res
         local buf
 
         while true do
-
             socket.select({client_sock}, nil)
             res, buf = axtlsl.ssl_read(ssl)
 
             if res == axtlsl.SSL_OK then -- connection established and ok
-                -- check when the connection has been established
                 if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
                     if not quiet and not connected then
                         display_session_id(ssl)
@@ -282,14 +280,13 @@ function do_server(build_mode)
             elseif res < axtlsl.SSL_OK then 
                 if not quiet then
                     axtlsl.ssl_display_error(res)
-                    print("CONNECTION CLOSED")
                 end
                 break
             end
         end
 
         -- client was disconnected or the handshake failed.
-
+        print("CONNECTION CLOSED")
         axtlsl.ssl_free(ssl)
         client_sock:close()
     end
@@ -304,7 +301,8 @@ function do_client(build_mode)
     local i = 2
     local v
     local port = 4433
-    local options = bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, SSL_DISPLAY_CERTS)
+    local options = 
+            bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
     local private_key_file = nil
     local reconnect = 0
     local quiet = false
@@ -324,10 +322,11 @@ function do_client(build_mode)
             end
 
             i = i + 1
-            -- TODO
-            --(host, port) = split(':', arg[i])
+            local t = string.find(arg[i], ":")
+            host = string.sub(arg[i], 1, t-1)
+            port = string.sub(arg[i], t+1)
         elseif arg[i] == "-cert" then
-            if i >= #arg >= cert_size-1 then
+            if i >= #arg or #cert >= cert_size then
                 print_client_options(build_mode, arg[i]) 
             end
 
@@ -342,7 +341,7 @@ function do_client(build_mode)
             private_key_file = arg[i]
             options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
         elseif arg[i] == "-CAfile" then
-            if i >= #arg >= ca_cert_size-1 then
+            if i >= #arg or #ca_cert >= ca_cert_size then
                 print_client_options(build_mode, arg[i]) 
             end
 
@@ -380,16 +379,6 @@ function do_client(build_mode)
         i = i + 1
     end
 
-    local client_sock = assert(socket.connect(host, port))
-    local ssl
-    local res
-
-    if not quiet then print("CONNECTED") end
-
-    ---------------------------------------------------------------------------
-    -- This is where the interesting stuff happens. Up until now we've
-    -- just been setting up sockets etc. Now we do the SSL handshake.
-    ---------------------------------------------------------------------------
     local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
 
     if ssl_ctx == nil then 
@@ -427,12 +416,23 @@ function do_client(build_mode)
         end
     end
 
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local client_sock = assert(socket.connect(host, port))
+    local ssl
+    local res
+
+    if not quiet then print("CONNECTED") end
+
     -- Try session resumption?
-    if reconnect then
+    if reconnect > 0 then
         local session_id = nil
         while reconnect do
             reconnect = reconnect - 1
-            ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), session_id)
+            ssl = axtlsl.ssl_client_new(ssl_ctx, 
+                    client_sock:getfd(), session_id)
 
             res = ssl_handshake_status(ssl)
             if res ~= axtlsl.SSL_OK then
@@ -456,6 +456,7 @@ function do_client(build_mode)
 
     -- check the return status
     res = axtlsl.ssl_handshake_status(ssl)
+print("RES: "..res)
     if res ~= axtlsl.SSL_OK then
         if not quiet then axtlsl.ssl_display_error(res) end
         os.exit(1)
@@ -473,10 +474,10 @@ function do_client(build_mode)
         display_cipher(ssl)
     end
 
-    -- while <STDIN> do
     while true do
-        local cstring = pack("a*x", _)   -- add null terminator
-        res = axtlsl.ssl_write(ssl, cstring, length(cstring))
+        local x = { 65, 66, 67, 10, 0 }
+        local line = io.read()
+        res = axtlsl.ssl_write(ssl, x, #x)
         if res < axtlsl.SSL_OK then
             if not quiet then axtlsl.ssl_display_error(res) end
             break

From d2141a7b549f0898ac0c65e059692d81f6df9eba Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 14 Jun 2007 23:38:59 +0000
Subject: [PATCH 090/301] some improvments to the samples

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@110 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/c/axssl.c     | 118 +++++++++++++++++++++---------------------
 samples/perl/axssl.pl |  51 +++++++-----------
 2 files changed, 78 insertions(+), 91 deletions(-)

diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 7e155e414b..999f3f8ac5 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -199,40 +199,6 @@ static void do_server(int argc, char *argv[])
         i++;
     }
 
-    /* Create socket for incoming connections */
-    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-    {
-        perror("socket");
-        return;
-    }
-      
-    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
-    /* Construct local address structure */
-    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
-    serv_addr.sin_family = AF_INET;                /* Internet address family */
-    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-    serv_addr.sin_port = htons(port);              /* Local port */
-
-    /* Bind to the local address */
-    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
-    {
-        perror("bind");
-        exit(1);
-    }
-
-    if (listen(server_fd, 5) < 0)
-    {
-        perror("listen");
-        exit(1);
-    }
-
-    client_len = sizeof(client_addr);
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
     if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
     {
         fprintf(stderr, "Error: Server context is invalid\n");
@@ -284,6 +250,40 @@ static void do_server(int argc, char *argv[])
     free(cert);
 #endif
 
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
     for (;;)
     {
         SSL *ssl;
@@ -368,12 +368,12 @@ static void do_server(int argc, char *argv[])
                         }
                     }
 
-                    if (res > 0)    /* display our interesting output */
+                    if (res > SSL_OK)    /* display our interesting output */
                     {
                         printf("%s", read_buf);
                         TTY_FLUSH();
                     }
-                    else if (res < 0 && !quiet)
+                    else if (res < SSL_OK && !quiet)
                     {
                         ssl_display_error(res);
                     }
@@ -534,29 +534,6 @@ static void do_client(int argc, char *argv[])
         i++;
     }
 
-    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    memset(&client_addr, 0, sizeof(client_addr));
-    client_addr.sin_family = AF_INET;
-    client_addr.sin_port = htons(port);
-    client_addr.sin_addr.s_addr = sin_addr;
-
-    if (connect(client_fd, (struct sockaddr *)&client_addr, 
-                sizeof(client_addr)) < 0)
-    {
-        perror("connect");
-        exit(1);
-    }
-
-    if (!quiet)
-    {
-        printf("CONNECTED\n");
-        TTY_FLUSH();
-    }
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
     if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
     {
         fprintf(stderr, "Error: Client context is invalid\n");
@@ -602,6 +579,29 @@ static void do_client(int argc, char *argv[])
     free(cert);
     free(ca_cert);
 
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
     /* Try session resumption? */
     if (reconnect)
     {
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index cf04254dd9..15b0527986 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -230,53 +230,40 @@ sub do_server
         # do the actual SSL handshake
         my $res;
         my $buf;
+        my $connected = 0;
 
         while (1)
         {
             ($res, $buf) = axtlsp::ssl_read($ssl, undef);
             last if $res != $axtlsp::SSL_OK;
 
-            # check when the connection has been established
-            last if axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK;
-
-            # could do something else here
-        }
-
-        if ($res == $axtlsp::SSL_OK) # connection established and ok
-        {
-            if (!$quiet)
+            if ($res == $axtlsp::SSL_OK) # connection established and ok
             {
-                display_session_id($ssl);
-                display_cipher($ssl);
-            }
-
-            # now read (and display) whatever the client sends us
-            for (;;)
-            {
-                # keep reading until we get something interesting
-                while (1)
+                if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
                 {
-                    ($res, $buf) = axtlsp::ssl_read($ssl, undef);
-                    last if $res != $axtlsp::SSL_OK;
-
-                    # could do something else here
-                }
+                    if (!$quiet && !$connected)
+                    {
+                        display_session_id($ssl);
+                        display_cipher($ssl);
+                    }
 
-                if ($res < $axtlsp::SSL_OK)
-                {
-                    printf("CONNECTION CLOSED\n") if not $quiet;
-                    last;
+                    $connected = 1;
                 }
+            }
 
+            if ($res > $axtlsp::SSL_OK)
+            {
                 printf($$buf);
             }
-        }
-        elsif (!$quiet)
-        {
-            axtlsp::ssl_display_error($res);
+            else if ($res < $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if not $quiet;
+                last;
+            }
         }
 
         # client was disconnected or the handshake failed.
+        printf("CONNECTION CLOSED\n") if not $quiet;
         axtlsp::ssl_free($ssl);
         $client_sock->close;
     }
@@ -518,7 +505,7 @@ sub print_server_options
     {
         printf(" -cert arg\t- certificate file to add (in addition to default)".
                                         " to chain -\n".
-          "\t\t  default DER format. Can repeat up to %d times\n", $cert_size);
+          "\t\t  Can repeat up to %d times\n", $cert_size);
         printf(" -key arg\t- Private key file to use - default DER format\n");
         printf(" -pass\t\t- private key file pass phrase source\n");
     }

From 013b3c1a7e8ec8c089b8c9883bf425a446198062 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 17 Jun 2007 00:59:02 +0000
Subject: [PATCH 091/301] Lua bindings now complete

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@111 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/generate_SWIG_interface.pl           |   4 +-
 bindings/lua/Makefile                         |   3 +-
 httpd/Makefile                                |   2 +-
 .../kepler-1.1-snapshot-20070420-1741.tar.gz  | Bin 782154 -> 0 bytes
 .../kepler-1.1-snapshot-20070521-1825.tar.gz  | Bin 0 -> 768249 bytes
 samples/Config.in                             |   7 ++
 samples/lua/axssl.lua                         |  84 ++++++++++--------
 ssl/os_port.h                                 |   4 +
 ssl/test/test_axssl.sh                        |  17 ++++
 ssl/tls1_clnt.c                               |   5 +-
 ssl/tls1_svr.c                                |   4 +-
 www/index.html                                |   4 +-
 12 files changed, 88 insertions(+), 46 deletions(-)
 delete mode 100755 httpd/kepler-1.1-snapshot-20070420-1741.tar.gz
 create mode 100755 httpd/kepler-1.1-snapshot-20070521-1825.tar.gz

diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index b1fbb39817..83e9ef68ef 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -356,10 +356,10 @@ sub parseFile
 
 /* for ssl_client_new() */
 %typemap(in) const unsigned char session_id[] {
-    if(!lua_isnumber(L,\$input))
+    if (lua_isnil(L,\$input))
         \$1 = NULL;
     else
-        \$1 = SWIG_get_uint_num_array_fixed(L,\$input, SSL_SESSION_ID_SIZE);
+        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, SSL_SESSION_ID_SIZE);
 }
 
 #endif
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 69c5c7b154..f370703386 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -39,9 +39,8 @@ include ../../config/makefile.post
 # there are a few static functions that aren't used
 CFLAGS += -funit-at-a-time
 
-# libaxtls has to be linked in as a single object for this (TODO: see if this is completely necessary)
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L$(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) ../../$(STAGE)/libaxtls.a -llua
+	$(LD) $(LDFLAGS) -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) -laxtls -llua
 
 CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
 else
diff --git a/httpd/Makefile b/httpd/Makefile
index 7731323e5e..da173fa3d5 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -43,7 +43,7 @@ ifdef CONFIG_HTTP_BUILD_LUA
 lua: kepler-1.1
 
 kepler-1.1:
-	@tar xvfz  kepler-1.1-snapshot-20070420-1741.tar.gz
+	@tar xvfz   kepler-1.1-snapshot-20070521-1825.tar.gz
 	@cat kepler.patch | patch -p0
 	cd kepler-1.1; ./configure --prefix=$(CONFIG_HTTP_LUA_PREFIX) --launcher=cgi --lua-suffix= ; make install
 else
diff --git a/httpd/kepler-1.1-snapshot-20070420-1741.tar.gz b/httpd/kepler-1.1-snapshot-20070420-1741.tar.gz
deleted file mode 100755
index af37195b5c8605a9f928072e563ed782ff84acdc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 782154
zcmV(;K-<3`iwFRXB`HP#1MGbXU{uxBa1sH@6EWZdD(d4AOa?QP1;R2AB+G<E0*Oi3
z1Pqgzm*kn5dBeP!gdiw8h*nXHt*r~7w$*AC*V<N#OWoR9u-e+ierT<AtDk$Ve!u<i
zxyyU^zV~Jl7VX!s&i7UF?sCq#=bn4+x#ymHZ?_tcs0nYWue3Ppi~5zI-<0xl__uUQ
zc`5%d`(>4uOfD@$zsaSjTxnV9q>?PT{0pOq`=yLzFd@rXU7FDqjHWNwU;e-8uiNVX
zxxsF=LyM?K90zpp<Vlm#^gr}_xvl>vPA-|8C6^p=N?d;b;r%a-v;CxTa;+LnrV^?g
z(qkQ3XDSg)YI@9BP|{+dNGi<A`BE`$rG%=_!6GF`f~i=jON({NQ9Z0iP(}?Bub3+L
zc4?t5nvKdOb-6vIMZ!M0zC-TQQ*umI!;q@QP}fADVpK=eB)ft!Sx5C*%_3F;rv{U9
zP)=%5)rTr92u8H9tjB?H!!L(AwIaDAXe99;h@7$_d1bIC7)z>BL*@K=)pdd9vnyB%
zs^5rf1|zI3@nEPs*r^(FVGy-88V!04H6BEaL6k-`Bk6JCjHH4Qy|WYAkNz}PMBpEF
zWgO9o{#d2O<!HEEYHVt)Z=6@z(AHF0J*RSZpyliet6~w9K#&(=hJ}O4V0+L|O@_%0
zsbI^w4RVK`aA|Y258*75^^i6d{WshmDw5;6k?c&UMv;uNG-&($N(7*-rn!CrFaTEp
zge_`Pu9{!pP}7D=06z5peW>+X2jG;AE<J_Nx2u>A#P^7fTG^{5yC}bk5R70f%(#a*
z7DrtaOB$?d3YvjNl-#2x3`DO_UPPF0cCLXy^lGSYNl}%-A}!Z3AwEiK{k)de%7z9f
zv1#gA4L|^>45=W07MuzUAsUZp=wFi+kcyB}wCy@-FhUm70T)PaFp^M%;Xb)5*n<QT
zP*rKMU;@GL0uLe@Y9c0pBE<vCCz<fi1_TmE21$^#4t0fGm|w`{c#2StN0Mb(M?6eu
zXc!7)N@^^ubx3Z*JFqgTCP28uY8;hPV<AMK%kXXvRMs@q&kMBG)Fa_2P8kU+siD3K
zrB>t@@`XIb5v|=SQ$Me|VSY`(tsK=Hk`!3fRN2ZQAm1i*Gn;@Wp8{O2gbDP#^Xi*8
znE2BK$ubE<{3QUi@=bV+)%8;;ye>Ve7VC*%D54fOCW3Y7vy|kU2v})?fP4k!Hrg{2
z;r6Ie99E+`DbqB+s-eExy;MBa9??RQga&JUE8ib9!NhG9AlT`*&_KS7)x?^rY7Q>`
zv|2<nX^Y@XfN15L@M<etTB~Q*b0ArY36(2C0J8)Ewou9hkA%FceqLpBeV~Oy!KV^5
zXCnx<vIG~OXyJ1$ZX$IVO7+}0mcv>?4JGx2`)F!v4%F5!B9s<K^iVJ&wJdI_Zk$(3
z5t9O*Vl^3(M3PtzqXd!I)-t~qgDWqUq&b16hCp*0(+*-SmJ67m_f4FhVq*IhBiqjc
zQQwLRaaCBUHZ7(leQ0iCMHdFD&bEqjxIM*P$*>+W>|`OXk}h?t(yqm9ePU+1*KjQ@
zNRIV^3%4{@&k3{+05Fm^VDJD6Ha1lbkkZ=vh5+JxYhdm`%2SJ^jSPlED&9Y{SuJbS
z4H%KV%D|B!HCT2qn1u3`$VRFQKpLrOea~;8gH>8oxu9|$)_DElu$Sz&5%vmn7}<u4
zqZk?|LMim^k(%r0%^slWG&IhhjY<!!Fj#W~D#&Ki0Td-OWPb(c)|3yRl$#D+Kukbn
z6Cp!3nr^K@p&>i91sTj0ptE=lz|zZorM@z5xU+P*%vXY{xZ$6z#?%C|hQLD8s4DM>
z1Uuc7cy)C}XDB2!HB`3NHa5>~tFCRRoZV94T^K3y2CU?U8k!!7%HBvgBB9x+4U#In
zXc3t}iw18;Q+>5%*qNrAr$~0#b+%~@76@K(o}#Vv6dQ>UOmC<JE<k4qk1v=OprA6F
z7S^EYF(Y_pSK5gZYmnL3lZF<v+4EZhZOky_TFyh7yO{B~27o|~rpA`~MY8o>)6m!y
zn8zhBkg~U)Gd%hEz<~r2+yV>`JJy4H5B&$s`UtFDy%Dr(L34Z``YRSnB@DDY@HTK*
zXv-xvVyK7QmV={@c8MkQ4K-LwtppA$O{ob~&7Y0=<1P#y0UW81%2F{#cpH%j$B|7c
z%s#A~gG?@oLi1!oju=9}@S4s!^L#;wprq3Z_23>B?N|F8g;JeNI^y)1a~@4Jfzo6~
z1)E@)xMk>OHWUR{02+(f7r+LJmD5HAaqePBv+y~}AskjYfm|xC=@5g%A{}1n2X3(i
z;=c<0FBFL-jjl8_K;!vE7~!|L<m!(m<~T{u4>XQjXEzhg*AGj~q6fnj;;_lY7hx#~
zoS{CR^jvW)4*TtzaC;~n33!Zf%SNC8%BR7P1bhCx`bAKI^oO{p^l&<jlQY}sa*|;h
zLH$d<qdw5Z*+#B7p^?0cf-64&jF4w{VVEXXT6~=Q!Yn*MWH#>xvC{h23GP1OBsgu+
zx)u8uU2G#B+Wh8*imqfb?k_Ix?d^qSqfbwC7I!4$+`M8dMAn({gnj{9MdRY&H`PPk
zYEr6R&;kk&>CM@J3UAmSH`D~OX8ggJ9_x$hDZ@W2)MEf1WJ7kUzL=Wy7o(Jft|!5v
zxoFWM863sQF4a(pgBiQ$yvSaZ6KX`oe$`;7WLvDYB9pBSP3=^lnxACpXMQr9-^wRz
zNb}p25<UfFkN;+tKA#31XnsTQnIGevl=hUim9>>f<1AuPN(rP`^rDnfNa0Cl^*E|~
z%2CBqjKm@wLo36HjP{-~Gl?f3V<E|`1sDlRVvWGS+%57tH4;}7axfl`XzAr`;p{+b
zMQ^8?l)WL@n=FBTZpHnJENtjhRI>+r%Rvgj^-Cm74kHULp|z**O2fqh=giRRevR!^
zFeI3_yy1sy+q1D=8z-X`Wm!np4DcR<`yA0l-8*68Nk`HtA)IB^6@Uj97a_TEt_d|7
zR#CEnWIB{)DP>w9xXl&VGj7@BMwf~PN_)`g0=^cgp)Os{&%Y2&T8o<k<Hs*4@lIPd
zVNHRjC>%`mYB9_y8^p$zMP34xE*9dHEI)7m;Ii(`sKU<rL@MIyNgF3u!+wytClimP
z4BBAWj$!*sdMwiCy24`pTiw_kpcM0-da_es_9IuyHa)s}<1+(g1!z^F2;0mOF|(44
zl@|Q7D(K#Z*V+xj+LC_5Xhy<IK9&MN^H;6MgN9YDR*R@DeMVA^x|VLB9EEW}jb0Be
z*sR4mDIkd_*P@NJ%A$^?Q2N-X8--kDjz;$yu2iz3gif}hh$*dZ2vp89$qb<>ASQ0u
zuoOx*`KCmZ4>yv{Y8=6CrCrG-1qreEZ$j!Efz)mXsogeGyLnQ((~{clLaJM7S5mt<
zQt{s~E-S-fYapsClZl`?N?|0%cnw1oOQB-})FZE!k*yu)Hc&l9cxVL{wKi9pvXAI)
zAlX#@%o3Iia%EWGo2797i)9GQ%@T8*B}hw|8aU|oz>+FWThN4>u^o_~sSS{yo_@$Z
zOxp3*bvo(;keQKwQX*3eNQv}qAo+*cid9-XT^r8R;u%{2`I+d4{PfgA?%~iL4VSwT
zj?Ag_R6}N3k|8q<y^zHdEBTu08s{zc(_M6?Rf)PHngEO{*@y+>Mi(-+sH#c^6YZj=
z&M&kkFc15p1e@QOLi1}5`Ql-4Eby4092Bmh)+d1@Nw^Ju2PHgAiMG)1LZOIE!aVRh
zDCa4Vx`i@x+{waQ3Ruw}#w>I&bC9XlL!BC{!jfpLOr}~8MPsi<BWPTzadVnO;|l6a
zL?&njVUStkE7ahpbHdX(4xS$5ba^n7rNGl}cb;abg?ZZT&QoVKZt``^QG(KU=V>?3
z({7We&KkVkL3mmlXsxajc-n#80~SxoH{~h$aPriw#PQTwR^TbEV&`dwT9~J{YK*7O
zYJ{gIVT`9%^AJy6kTIT`<$$N;19<AJL3xTZ%+0Nu`W76@QbB_<%{?@><P=Nd)qe$x
z+N4o<X3(AxmM7p&zoeB-j|(XvZlZYvD2VN-G(v)U66ygB2JS;^36=nE+Hv<E6~|)p
zWVG^?X)u8V6Ab83b4+{a2Np(;ZOV}(HW#rv)&1AWjrPbU&sk@9d??%3xymKS%W!y?
zhl7aRv&JtT9~~d|j;|X(cR8(=4k$GBU?HM9NCE_!{ZcMk?Ryg)F2E4#?y#1Sy>6JK
zTwk#zDqgP|3${m8F9dkxhT^ifxz1JzOPj|9k}TzRXtA(cjyD#Js&e&$7G%Y&3?`5)
z5MrfVh`IHKR=JU#p5Ia~aLt=oF>r<!Psqd|R~L$&NCw-rh?eY=lf7!N+sy@GdN>gO
z=T=su&$b!_ym9f|z&!AkHG^-ew8S?NVVzq!CjdhyS5C7Vs94*71eW4j8oSvQmS^9B
zR=nXp#BD9)D8RPw6t){}f@ho33TjI%j8uph{exq4!!m`|7SZ+Y6k<A(HS~8d%+V%n
zE-JjjU>jT5$KO_0+0xcBe_mSyY|?hbbcltF>M<vzhMEecGi0`aI;Lt9s#?`jWAgjp
zIO@K^nu)_?Ge096Z4_qqg|`M;T4C@Ez?Eoo@Hr+}e+JzxN$K<GkiyIZw<+EH;NA6}
z;`~{eKyZxj7Y`cVDq0PAkxrN;uU;*~U|+SeC*CoTs-bYE3F^!<Wi(fy$<!M!m1oF4
zUxsi6P-g9ve?GK~=@2<;t^?dU3$ZgzM#etqpL&P%((a}Mh;=@bFfOu<mdFtFX4bL>
zf>?#6a|Maa+l%47G*+k+0%Rck)WuurmmMtq-@*iz)!NvUuGSaFGln6sD1c~Y3ubRr
zhJ#S{LN%4Gm13dElP0l3Ev?P<r~%1DN@YoGNiTE=S%^xxT8F#@hF*pqST-Ft!eSKK
zLH5=_It-u!In&|0LlX(@ri6~e#=wAd0-eD#DL+>oOy?C|17|RAu@)xzK127p6~Qgx
zmpJ}@OlGW7Gvuey%+?O6sh2YV5p{F_*fQ$pfmA0VlWC>ks;4tl09_56v6i0Z_cHtf
zSL{04p4@Mr42*tJ?1>UM%gxR)jfol;Q;0?RScUBQ9))i&uUB~%91_u-3T$hst85O4
zxP=f`9GD2bRE)a8MTg=jzx353TD!e6ucmnSm8hgLHONg-4Uhp2{lhzZMC~&WiMKRR
z#=-8?LTpc+sUWg!#;S(?N&dm1^%Cze@zW)?B$0m+(V-p#yog*dgojp_(Ha^pTo92^
zz}(08m@xR=KtET8A4~Q$zrD68oIErvnUo6Gxg9(jiV3}cp)=)%cXM(=LvcBT!%2fE
z1iXjOS~s&Mx^x{0nlO6~JRPLt@L%}9wA(CqmY;Y;P^ZB^>G}*iO@uCE0U91wpWCDL
zTLpyf5|jL5O{=dgKzM1NwjHv<U}oqe2A+0`#Cb<Ko)SV_=VU%+g`1Zx_YqkPbr?P!
zk6XKM&@Vch@Z4y9reV0~pW+$sh@$b>;Ws!p$o<ZWwmHcy%T77f=p13L!w0P1^kH7s
zQl9J`VHM5d#}qsD+`dLS`UglAJ;tTj0UgYwVBek)CkBoJw|T&wK!@75yX*bDF6X=1
zEzSfVZ}q|f7KaZSiN26X<$}3BK`q1oka*fsV5Hf~CEIAalxx7*0996u)k~KwUBaEp
zTDolMGMvU8tf+7G;A90^Sot&LnKCvN9r!{{vIsKVchw%*tAin!Kf|?hms{-+RL0Rs
z9>Ba>w&+HX+u|YA#j8<ACsRg+m7t^{(G^1%ps23K2C*Z?9Ksv<I<yH6Fd^IW9!ago
z)^V1><>*eqftv1AmQ6tx8^Ji~dC;{2K{#guDB44T)*mV4{F29smUj1{)a$Q~<lIB_
z69vNe4H}-r)&fd&nRYMzS7y>EIrq-|E_;*%9jL<25I<O1hJC=&boQ?^Bhmq+8hY9)
zn9FH1!P(A<zDr#fVv=oK{t?v<4*a3?yy#b3IDvI#f_8+ohYfB<j9nQz#zoNx=S)0y
z?c#vos%6p&kPD$Ci>HJSbI(W>VxSjS&(I$rdl{t*3nwRDwe-mKY8UJ_B_PU|W0*PB
zt1tlF^_t6>RKb`Km6c<F9u%Yj<9AWa6tg=yuIm1vArFK+R~6o`KI6640DwEY)=l3t
zY^Kh)hM>%kMw2SmXFN5c%5)E)a1p43njfsN0Df}7srH!x65&5>uuSLmKg%eyD|ahH
zRO>iB*~W5?s6yv(hFpj*>sN{M0J_{Eq*L4l#_IEZAnFZxkFY(}(V-@M6Q*-YoX;t2
zC@Mr8Gm>%$N&W;+RcVo-ty1-l!m3hFk>ZM3@l4k`3Mssb63>NrVn`WX5v{WerKt(H
z9|s`!=vsJ!C*hfHpFvP&Df+(>&-68`3(~QVc5<5bccqaEw>d;O7wDKn#Ok*6U_6LE
z%3LQFx|fLtXKSFX3E^oDoI4+_-cUM!i9>-RN{&+C+SRt1ffrEwoIw3IwpjtUQaG8P
zZbrak%Q+obL(W~<*{=+6RhIxnRDZZ7t}6I&0CHL&9Ym2A_V$OkHE2gVO>$7G$5kjH
zIh_u$QDoPq7MX6U)I2uCTsJgS2Rm)(-)(TCTGEC~2)Xi`w{J=Gk2HQ876`<9Y`Bw4
z9t(~Gk?E+hlk8y!!WP2yQc=A}m9<z>r@=syO9hKunClo#{kTP3ZlZ8?h;SZK*D9_q
z(w4<7?7|9{dUVQWg;_Sf0mh{`yAQ@*eqo@>tvI>R!ciJ)9lO$@W!!}WBBL^jPv%^o
z4l2XaPvgeot99D7Sg{)G0r!qelCWKg6ji?%kQU1<;<=$NG-TwnR`yfQDWOhXD9CRA
z!gkPNb8tP&Ty>xZGxt*l8Kf?~vAB~m$R2}AgVKD|!;dK8Jb&i=Fc3)7nY%E~%O4Ma
zz)-L+(KX1Kb6K*kayTnp`q1X4bdB}3JeAhPgbsa7k9sm~i~}xlC*i-qh0aB^`bj{h
zB;kM3s9X}W$tzs*IH`x#=Z<~(tpdCY+?K>JgGdtu4uNj0I;W*V;Ye5d@ohUdX8B7G
z!1pbj`f?*Q1398Hcih+GP~|KVm<~(VD#Dnw`@^{ic}}PZbq<ko5G@K67a49z5$!wI
zO&Rm-F1I5?<8)bU8vUfY%oZBWUw4UjWa!`Nw_{ioux&4fJ4EaeU~(AwEf_oDZ2!fP
z?oS7e-*6WXl+m3KMrkG$+~9goQ-AxL97eXC#w9toD@^iT`w$<=<|AEJL`dHmZTYsV
z9O%}X8O-jd!Pq3wWJM%>w?V|Vt;^_9aE}S2fjiCS=gQc_HuyA?0v6_g@HiOW%Hj{K
zmZVV<;<XWOx}t%<C&Dbi-)NyIW>bWq4D+Dgzm`<TCY<f=ul_?a*pVAsJO*kGr*96e
zjn3!`b{0htXmZ`Gn=sQ$2RL!YhXjZ~uZ*LnQ5ojWUHHwj1XzyoU+E>896GScvU%5m
zhlAB1oNx3CC2cZoOXVn{j3iiHRSAtEX`45HZiP}_Qkqs?#QRCoNDO}|iCF}0zO<Ud
zOErIh^Ds!Y%cSF)x&D?w?sfWAquePmQJP63-1d(h&2z{scT7r<S}GQ<a*J=f;G}ky
z7H1PE`jg76c{s>V54~V{MgOLkRyf^YlT~`LhR1}_z@1_Bb7gEYDx{ed&`t+DhbNu<
zT{dZC)4IXNA(`AETfcZH_mBy+%cSi-!+!OodE`)(EFi>9u51K4q{=*PC&(1;K&M3E
z%Tky)MZ@J-me9W-Nan#ZKfXy^LjOr4KX9aq7an>Ai-*)RPZ0ZA7B4VD0>K150U!@Y
zPBK{W<{d>~!gD8>{oGmSLnA?u1lxs`{V66#@yt5OJe|r34G`>*7+WhuaWT(hTCzf}
zgm(xE^}3j{0&-%%xL4v29s12rv+r#%aQEBO$aW8$%RBfmev$uf*Q{pl0=F8jy};ji
ztccgM9;7G4WRfX^Jkt(?7or2t^`>NxtvSt&jc_+Jxi28BCGgogyTi>R*2(0QGu=D9
zSB1NzRv`xg;Vd9MgjqbnQAFYoT)PSfbtUtMi2b%>+75C4S3ipJAN1qie<7Z+F91j8
z_g_k;Oe&pZfB$9T#IN3e`BHvI{JEAikF{7YZ5-BXEp!u-ZM{`+zR?Viwpfp~wD-vd
zN>>l%!4~IZEfstv`dCY2i}|ibQa03N61(aOLx>@rz!%+6;l&oYL5rnU7NO#cWb{Q3
zx#GPkoP*y_p{a~UskW)Ux`NytElZq5CDUuAxie2Sfm)Xvf1Q^EBYbm%Aw={d6U#V^
zMj9s|82AZcaz9`uDqIc*^OX=~)LKn@v|53))yj04wxBU)vWkTB8b$c+mkvD=(R*=^
zf+Sn-*1!p5)IW%0H4SjCh1{czh=2$_tvwM;^vQUBErb+ybPbXK7!o4HgkUO?#20e1
z3s56S7|Kh~zYtBF{%Ht!Jq8n5U{G8Dnw9923wzOUQDuB`wT~+Sw;Gy{)p+3X2xd*m
z)|(ReaSI-Ux>60Ll5n;^Jq{#)Mkt}hlR{}1eAHs$@xjgbAhU=~4)Bm@=&3|V<(h#X
z^=TJC!@Z4~0hb}B3^GQ6t4)=ybrLiGc$B=&SHh4x*yT!%qtt+@sW!=RXS$spdYL0f
zhs1*U`I@vCU%L_qe}LXgp#f)ACxHcJ?EM1@1!1PqBE_VJVS#Ya0OH5MSd=gtC>*my
zWmB_jse~8PiBz$Z$$X@l8*^z~p_>TRB8~3~(;mU*2Ddf?;5qEtPm2k>NzK<VUqmSp
zUPN&zlIB$uG(sw5Yb^x`$b&O90m*<%zEvNuS?u{Fx@?^JMi$=^wsNU!oExxLG&2!a
zxq=IYfWibV9~<CO1Y_pbN-jluRZuwOY?VNn6)#l5Zhs+5A-r&-$FA6sv$;)XIrF3#
zE|-kP*^ok=9Sg%-V>n;~t_oJsf8|0pOeuRjbfC2cnwy#ftzabJXK&cDsu-(j2DBQ#
z`k>;+gQ{IhhEP#bvWn;q#F8F0ff3_NSv{uqvu>5OMxK@gQwJ@$xq(b>b+w_wuuNRA
zKS<3N{4NEWMd+0zh5W^~M6!{V$2Z)X7~pA|x%64A3R)k(-GHx7wO+X(6%Z`Y8Hk%+
z@&ty8Z4dUiABo6>RNV?pGDygbFNAY^W?#c}FWy;?U+=^5OLAO~XdyJ)#8_`4Q4S?k
z`r-#tYi4~hz^$pdu{zMwBBd`uL*NiD+JXc%X8bVmcM}7E%<5ozQB6aX2A%#%1ob%f
zrd~LK*pfip5?(+QHajY0_FmpNWJC3#46^{c5uK@MunC}SD58N?=#8v0i_+WB>jfRl
z0dB-^jmdCdy%W6KYh)B3cQ3vJm1{NYJ+gj^u*b-Nx+Zcle)_g!l^O4Zy+}e=e1&_{
z`I7vLTQVvM*Vx;@v)k<nk7}x_GvOzg@on@r-25f<&RN;%nHcbodshaQ9#PO#1{OZB
zOHC<-fd&$a^pCW#vKb8R#xmI(SHnn?X(8FW5Z?%~5dP>yjP68Z#*5TmDiK3TAtcAh
z?AAKrBdQq&Y#YZDdQwmJ#o=L+g)tSGfnl$TU;KjvWIKiRUi3$A0<q5vDhr|l=CHmX
z8XA3(3*;?5!rhloF3P93WuRmr9I|2AfG>!`1%xB}Fl;@XX2+l0T|n@#4mReiSqBnA
z@SPgyZ)~M|B$h=>;e>gWc;aitS2iqwA)H?y_S4JHihATy-=s3RtfXXeacOCB*(AAi
zs=uV%UougS28|FhBx7AcLk_Hr%lZG2ZYPKTCzUwj4*+L=|9Rr%Nt5jUpGhT?%f9me
zd>OxSV{v#SnkHb~0QbHlwPRfjN7sd*xQMX<{+fAUZ0Inn24iSO4aU%{PTbN)GS$%`
zW2+sR2i>X~mpgSmEZQ(Wi8z;F0d25{5i1l+|0>)IhZPDwb#6JGE0m?yi-^Q8t(cGT
zR4CLRq_{Y1l!)-Mt|C5vTcO}tSFv7Wtx&>9ZHJNy{~~LJ64Mole`Tsd=~EF2`~#<?
zF^cuNDNA6Fi?VO_&?owKn{gG%d@RPS#Ltup_adkXl0L@CzPSf9SrUJwAWbs&ESSQZ
zCSobJo5SoJ*s#M7{%}xfJiIf7d$-SmPz(=(gxONot^Ei`4YKO1TWO>{e(aW}VB~xP
zt4^NLB`-@zlF_C2wjp_q7kcCir4TaEXUqsR)=Jf;*fUv|yk00LyZ*470J43k7&4zb
zw3QWzOnb2=oFkL9EM1FQo+#`2VaW{#`_bV7UWt4n{0OJfXTV5BX1pD*fKzzJ8yoD#
zVG%&^<9ABEUiN53KQvS$Mg_yD<wp!Xv(dcx>L3H@9mIa3Gt64_X+h9bqyT6ocu-m+
zYY-p?+<eA>kt_L@YEtAvh$y!bie&oUot5MZ`g}eQB9hLtXtkV%PnL>B>p7&=QsAJ(
z3%daehNUEdD|D$=!E~cpWue2Nk64nK1A?m@JcGnb&z$twN6$R*1ErSHg=mEbPrN#H
z-&Zh&4HYU~pIe8eC@XHc`OTe)gKY{oFA&dv5%c^P5zjw<h<%{#a!fp|fdsafEG;X@
ztV274TXIqfWpBWsoP%x;dHNl{{BAz^PS#6B>`AVH^$<TlO8gzM_FCk@7UDKApX_kH
z3lEAitQl#b)WB2fN%m5EqJL0~s})2gqyvTO7h#?@Shvv09SJ=ucOs6*WTLtUu77RQ
zCr1d=hSm^Y2*DmH1KUd2#ez?w5|Uu^EEJ5Pwi&u?#MO}2(I;z3L-5-k8d=u#%~OZ8
zlc;<Si8{f>erV(oyMd9$9@i9T6K0QQ_WUOJ<p(xl%xAv)RB+%l@-`f$PERFG0=Y^=
zh%Lg5R2=VE^#Vt+*a1^9aw&jU-$+xjeZdeGKt18qVSdIFtbH=hs5m<D&=`WN4xB5d
z70ZZQg;b)$(h-O|?>sGjXtbe<1E-9c)8-U{R9<Gnz~DXv!oX>Rt5PM6H*g1_oP~LT
z+WL%Grkc}>J@u{`he)tl{V<5;?QcdnnM!PY76@;_B@U5nTKO=DwiZREV4!I)vtZ1R
zX)CcK@DPOqsveGT&{Z2F7*F9D$3ONsA0oA+?qQH?uJRbY)Djda7U%_M`yrCcb_SWr
zdN`6mHaRm1FWWplG|nPR*ot`>D4Et8StQd-*TIzB8gpk9`b^j-HVzgSxB8Y~?Yjn+
z$4$WmGLu*wh}7E!+dfOsqNh}mmq}qAkn{v2DYZgbPF^f3rI$by7{$H`6-x_!6P9|4
zmzEY6ELWg#2;SAi)iwOg5Lr%pD6!@`oPMh-wWM4^Kc-J773jix0;|N_MfsQz#a5bI
z5}P$z7Pru2o%UK*PFqW$6*~z;aNO$F1joBZL~vG48gSf7)dVMmin_LmTRNJxcz>9C
zEzz_xD~fKa^i_Gght(ClUNPMbA+cLbY@7ou1C`jGFzZ-8vJ6%5Om9}P+-PDI(ZL6G
z++dj#u_a@?*NK3nId;F2$psM=1L=m2PM?-|axT0~<Xi7KJD35po5c*%0ho~))<RH#
z#T2;-PVgVvATqBjyRFCt9+}8YXq<acge7?J(r}e*i@G48O5Mc5`y5@-P}iY_hqVOX
z`;iudsgLcL1Yf3z(N+Q!192FOSWI_~r5H?~c7|~v`V@Gj!h5ze4J77uvE;|;IL}Og
zfL3%YixoM~IyliuqQkfDj>KGAyCO@klU+)=>t<n<?25!ZyO0(EY)ZNU=bRp%!(fKx
zfN_Ds36%iGA#7&j@D#2D5(z!wM+R_rOz(}!9g$$CA5HA64xW@t1pulM#Ja=i(mImJ
zEQqP_x~DuAn+oD2sK^yErU2OwaPUQvZ4;>I%~d2g_F}>k=Vv!q!rX2-rU{&Ja&?y)
z>Xs2a=5S^XAxVNai`wD|y)zMv;(Y)F4b5F$0H?CG4mTg^+bA=2lzhllEPH2Z;ga+H
z%aFa}_f6nT9s<LyjyDF?a3#Ngf@LekY0VBj6$_i)ZW&)d1+*C@hMB@5XNpvsTTBcz
zlEqj<eiSGt1nAd}X7+CS*}>HIp)~fe+KUB;wMEItl=6KnwuK_V%)mlOUr9Ez2oE)|
zWGO^*aA2r(GmjG<Tn|yHH0U}G5~52X<|Op_d@_X^!y!x+%Xz7hMOXiFzAdyux@L$q
zNhiUk#8NDKX!w}`(rDJ@>;RBia=Akzn6n$N4oISdc{YN;d1@od=hWhsp5rmlRMZo~
zSaw&$Zeu#FVz)6tP#Ugyh(7KQhpE@?@bQi&ZG=;v&^Wcrl7g?45<Jg786N194cJu-
ziVsZd(Rf4)#!QcQ2MHV|1C_uF_5`&E_B5h?u+yiQFNJf+O~fuPbD=R@m$@;B1DV+m
z?@9%*fUD+{TXmUCUJwzf!U6tJGSWxf^8CE!W18F5X(~zZa7i2WmRedHf3|h2eZ6`D
zDLXoOv2++GD6x#FRYZCl%yB4XqGHZs@<cj%shV*ZK?-|_*Si9%IRT~OHpoG-;Q0qM
zOFmDGsaK#Dl7(=E!ai+FZjxwfeJBqMfPG7|nf3|6EMWm~%nD|2;X#h{ja5k~L_^I=
ztVDCVuxQW6|H=Y6#57>!$3$ggY8OALs&Kh(rb#uPyP*~`a$y?+JS}mwyh2ie!%{`=
zDgunfdP<H4`y9uV!fKBi(c^fR)!aga2_O?NdgKX?M&J>R2<a0KN))jQ(1)h5p{{^4
zkpu|aS%E!+2;EcBLu7Xzk1VU6&uN93GaOcT%Tqw*ay)|ZxgmZG+t=#@RAu}aL(?h(
zY-ufpvy{_qIYHR8uM4RKii;=1P1QK?v0W9#?#2*zXv}a~mTmrlutQq~z~*5t1#f>S
zg2#f}<S?P)3<Svz1rGQt=b`^9y#K=5j4%N}GO908Cz!A%!wxZUNO&9^poh;CaB3*L
zzr)%>AO}vgb`s$0Gw`TEwmEY<cn(IH5qx$PM*Gg@@35I?4!wen5%B1t#i(d2#XH+b
z9LjQ=&Z5Q=sgzk|nQj>>YwSVB`usu@yx_DWL9BdUyt|XjR@}j}>njlG2C+KgIRV??
z0BdGN;ww0~oTcSZaxSXQ0xFnbNM$7KcGzJlIV*764v$~%$(+6y8{#Ul7Es0RTN8JZ
z%pqbn7mbqvbh8@_IZb*oLrrBnQy&ZUakRKIje{rjvBe<V6V{#`-Ng5EP3Ie=xK~4%
zger_qwz`q=K*yf2BR<Np^X<@wI40`wM>zr0LqfMI@(X#eNUUfEYFj9kl)de8sYj?z
z(FstHI7X84Bp$6BX4z$Q%C-SYw$5f&AZVI_?4uPaEun^OgGhFcBUv<^WabJLWZcnM
zDnuTailzWNDuD=j4p{>Uz`j@|gn4-c^$&)p2%cwdt5Q5&!z&z@o&as*sHxbi2uj2%
z?t0<}&f_Hd;_!FO02LBVqe1A#uBASl<S8x{sNxU_6SW4}K}c_L(4F@(-%3T?tl&3N
zO*WD&!bb!gHWbo>X4~ruzh_}>d-Fg|h}g|&T2Is)jtwWe-{3?C)+605R%|;Oaz3|{
zVd7&?4KSSG|7UuY(~QK4-;Z-jSn$!^S*n2e6<>M<3P)>8y`lo`NJS!T)Gx`^EauBH
z$eA>)sO-!m!ezcPPE%lULP?yU2jgw+TC5FrK=TXpO==KxQ8E}jLQx1;Z6g;1K=DHB
zni>m^;wd)Z$N`S@mc0wuELGRq+Ehait~z02{B))h5h-jc2+IXZ0bHwI#sM(>Le71d
z%+rwT&JIV8TeP}aIgQrh*e)!oGYN!aKFuT%qCE5?5^k+#B2Xe~<%5s{H$f1(e_$Pd
zB>Mg!y5Ef#0~G?>`FoLb{G@OGZTZ{>JYp#&HgiGf3N~eU9JM%GL8uW4gOkCaHUs`A
z){Rm<uF@;o4T90YYa<BVwPbNXCd47y4`eV2fOzYHaG7g^W2ztk%$b68Bp;4r&J$Q>
zeO<13tp8~lDSd~5RpA66yQVU*X>$`^bCBA*8O#x`4zWkz_P<EfVTQz$UEnssH=v;Z
z2yh29dR*mH95Es-=>`nxFWPHZB5e0q_)YdZj3J>sHHB<kah9X_A&%Ma78s>S77vhy
zaj*f3xS9fjc}9nb6K7hKX4S9`m(J*LkB}OLA%W!ENcs+=d&H5}3%d^pY&>WfmSbK^
zM*3(}xNG!-&uO^w-btA=-p0ub;hZr&f+R_FivXnobm3qUGLaOVFIgwD<e9XLFNN$!
zb~6jUjG#AY$iY-nkD|)(xKE$liO*Xntynz!DMmQD*qlN}n$J4wN+Z$~tWUyfGN?ri
zpLLwjI;7%^if}pTA%<Pp&QDnTW|sF=I9bSV$%rQm1sAG$Vv-#M<MzP09dn7>I^#Cw
z`J<KGjvs%(l0Qcz9%~c><gMT?E=1gn-m-$T&FCyE1X>KR5`v7ma40@}(~N4eLS^~L
zB;L4poNsiT*hsU(nC=LL%Vwe5aR$kCj&@0u9MiHb!R?5oTi~Xf3&EKt*&PPrx8&|`
zbN5<FP6wLPSA_#g=~x%8!6LDoes+XWp=H?n7k=wd7|UvOoRDxiV5LY>6gFA$b&^PD
z6eEkFIEL&Txs3ZD6j8V}dQA1ni|I~GOz)KwNHY`wm;&n{8C6LC>NDD3<j-;bAFJ9U
zi=&_WA4?}rEU};epI9>GtMmU~#_!9YQ`tFD=Zq?z&$rE{B=}PdKCy?L2$Lp0@=d2o
z>)<>;TXM(g;V?5d6S&+3!_AxUZYV!r+O8w8O_~6Un=A3BIZNU%bAoie1VEfDaRqLU
zBmmgth`;!G5hvK^Lr0>$<y@QX6CXRM?>^f(W;VB(%>Ast+hk^+xzbEkE|b##X`Ou}
zf1Lh@;8!HtzOv#Yj3e{?FZk!U{}=9mDL=w=xc>gb^}lQXBQ16$W#HiZe^P1Ll&|{#
z%lM`3e+c3!Ju*1@yZ^gn(nNdzPnq)7{oh~8&$m<|7p6gfM}skZV_In`xiPJzw76ul
zTsqlbGSNSAk{s#kpf{!YTI(Q$RxX7tGGrh6UCZYylCPysh8x=8fg5?LmtKu)UfzlG
zTNcl2Y-*`*k$hD^g|tNS)tiS9myu6mZIZu(iB3pghAY<uTB@7tu_?*wBXbr^ReW8j
zm)sX>L+g|3lQP^@ZQwgA$gRh!fs4_-7o$j0wItk+qQ&H-x-yAuQ+Am#vTLKVo{%)W
zqNSJlh1uo8kn58Qo9sF44re`;jHi;wphomI1HmD=2x8$dc6KwM&%;^+>(h3X+(iub
zx!fL1hPs3sP@xU@ng*O0#8-Mo`h1eFp-E~*fblgKJW~q|RYgD}dap+Uk|+bn4IbEG
z$mn4^Q5v~8i0cZ?z#OEN7zCe)5O)<|umYKrItK(bh+aVm7=m(VL~loY#y3#o3%J9W
zNeGOL`m6(JGgSD*x8oSF96`&A7`fBkfSm^&_Zhq^j`#p~F5;^z0H#i)0`4ip{Em_6
zP3tP66)7EV1TSnyy%R%!!X@@eTnXn`mqjO3cs1Bu6Jd}Z(sGM5Ee1V^z9sxlDqI6w
zQY4Yf^eNd)PJscEuen|>VE3&R5NKK~tgeIrS11<=8c7pA1fLj5J)wpPBFrOSOtw=&
zZaC3m?ApmFy>Sw{9|<aSXfs1vBoVtGT(eLd@7z-4oVXR)Iurqq!Nrssen>g2g;ay1
zNhV@gNf_Cqq5*>WQ6v!pWEBYPLS#i4UY^V%HVn)$N>`yt+&oI18tc&#dJHqB2aPnK
z3ll&tv#f80wsnAq8?lYvU(e);9B4+6023<@(oJE*a3-BI%e*g2E+7&FlFZVeiZu!v
zK@58}LoMR^7_bKo19c7F-)g5P0?1Xkn0S1H4i5)-*GTX7A#wx`c_6i5skcDFBOfs_
ztU@2QgG|Dx_DRgMh13QVR#0hgfg&NShSmxGG{Uy9b(4}okRhhTbWVT(Iu;_<Vgzid
zw+HERO_8|v^wI%EZ)r||T!NZ|B1nHGqDTcsrc1iX7Yd07LMe#xdJMltVM+l~N6~na
z2mxvul113NGO(!7JAIrq6iI@TM+KswNzK@80D+|;NJfUa>%z1PQOgk|{8m>{6@oes
zsd+%wCllhZh-pSV66_<oQ6j`KOmZrg)FQ4hp(==*3fCV=2y`F9zfx9V1Bv9NVu;cf
zy$HXd(Hra|+oXtDiBz17FhBvKhWa&#@1b_X0&;*5g+Ks#Bz`Fv#<hc3!loC<5>*{h
zEgU9SKnF#7gCr0hXhE3(l-wr7gOv)^l_52bkA!Gp1S}OnEWp?1P~{IDMBijErc*5+
zMV1+Ut0AJp+-L1gdHBx4gTi2=qFFAeD3C2t1(~6pVOWD5k8Rjl#)DuboFp*t2&0Wf
z`aKA$H$im(?m?g2YAekM6kZp>%F7^XIG)g=qG0g)27k~APf%KL;q}}ms<V>dog-BU
zw=u`~frR1E_b512U@#zA(V|FAC*Y_J9vCjddN4GV$yoeAe#{3=R0<1OOop1I`Z<BP
z6i28)7#JWBR@MN(g@XY?T{@aEEQJ-;$+R2n0LuovkZfAu%|@8$opTzQx^X9>cHzJ=
zIBU@rB)6r5ETK`@k&2LG7Gzc@OlFN><e4*ckk}T}Ws~6;ChVSq!xPRgnKl42+FBib
zK}NnZQ&zB)D>KnwK5V)Y2PiUoTbn>umwF{IsCaYAO`&2N5GEava(n|+kwlJLakd{a
zUSV1tkW%(h0_qV3h)_Jd6*k{mgPm9k=u0M@#iBGY7qLkPd32gJ*+&esBFgI`X`mLG
z&*F+E!AmU($D}|+M6^h`iPLOT1hok!Xhi~P!ih9&x3GZNI0YWl7{T?iIcC{KXfXH1
zsY4u_;fPS&Q|3)*9JM|8c2O4hhlmD+PByr4rz<UifLz(o(x_PGe_<)I_S+K@_(T20
z#l5|~aOu8JPjnWOHBNoy?0JnXt@YI{5{@R2qeutgFc`~vHPlE4R+7P35blT}=ql&8
z)-^V_NX<UEUQMKoU_^@=p)MpK4L-Tfhh$Z*)jCru1TpJ)qLdc;<Z2ZhvamFSoxFeb
z67{R!7x>HM{|Ox-2T=e1pHiFur@VCHSNnfo%8&Q|giHre+0=nKfT|D90~BH|Am-+9
z^Z$fw4j_36zsxey`h7yo@gw+Az|)gV1Y<@d2*yA2?#S@|LDE_pbG{Dz#23<{ohhVY
zCH&3_^X%Zei}9>Wy)pna;qC`v&X*`&L4;w?6KiZ__?S*3Y-x0*V%_B8Rvgz(;lU;-
zEO+3}0(^flaXp1#;=}8lU?`-)8*^ylgq0Ar#|)yw^^OiNF^`EE9-?9Cgsdj>sTY83
zE_bvj97m-z(3wz=p{X$x<nBzi=tU-UFWA+ln~U(O50R|H?WJ^1ZC3#c#~9jM2EiAE
zC)y19FrHPJ*lR|x2g9W%58hEGJU8jHHwl&JNQ8F9)DTRU2@PR0qHsz#LEa~HnyQ4$
zKC9z8^&lL8=U&I5>v*xNtnL;>1;1{C*9B&)fhf2s6dS~P3>XlFBlW>Vs7r&+P9;>b
zoFT>#*e7tr9Ie||k%xJJM`(Q*2H^&*3^Edya0;9+$Yez%MNCg4<{Y)im@#cKS^}2B
zT8Q~JG2wW{?~|&`hwg}nk_V_6oP!Q450s16EMS7O6VB!uL9?1f%p_eR<J(;FI~_j^
zNK{)XfdiKD)M^O#z8na>$a<?7@1rH60Uc~U@doPwSkLIuc06K`<&2+ganzzlH6DFo
zt)oLtz#15@IoSIK5!E9j3oHpnpHW1VhuIwth@|l@t{UR0!OpZ`hE)L9Wq8yN(9t6m
znhOW$c(U5Xt9H}t!#tfyD!@U5vK4cHteE;lhg37AT=rOl0h{bV1Tliy0#oQHDz?HP
z0pGILjn*-;wb1M(?v|Kp8Q12G8K?~rHAoh`$ci=af)AL+%QRi{^FDr}%R$hrzM+GP
zTc0uin|-~{S^W_<`mkHVNYWK<(t7JBYz{eg%S-`U*J}y9uMiEw%c}@r1FdW6K|w}Q
zBNK=T?J&~PKp_4*(qhYZCvy&w5ME{)><fmiL`IzfZfojQ2QlDRQ94>hk^3R262N}^
zW}*u~(vdn0hFPPj)(~}rPbzembzq1o-vm6-BcQz@Y><s8(qDQUNrJ6B+oi!PL%I&<
zwH2(_vA>lQ37O7pcobM1qq8}ky<F5DH64(8v>XaRDe52{i6(wo2@8~_r|7uhL?upE
z`2-&{GED9&XQ5X3O%)EKPr~<$!WfN^i$861I-V5p%Tg*49;fE=OEAr);xLp6Vm!c+
z%(kO>$O`i!?mB~vHNpoZlla;fJk!V31nGw$%-0D$)k!v@Iur0T9pIPsn5(|6V#1Gm
z5aP|TB?T56)Y1&o9SW0lutP0ko<~EC8MK;~By{5ocHjytyI;sB)#<&UzwvaHAd{3X
zBTFs;A!ihfk-}RrVe08c{7&L`j{y^?a3rVmz`sguJUW7y83ZW1f)UDT9hHybK^imk
zNDs{FNcs+a5CS*sgK(a1t@p9B-}Ek1*A*5_lc%b!OE}pxByexV(eP|fb@ILmChfg6
zGT$ckbiM?=ivFu3lLY&9V9?<mod}vaRCAWZPPh&xOL{1jN)U-kq+&7Z9R@PuOg^mb
zIO^**n~RSFah`bG+7!N%$f6z3MJXeN9W-IxC)KjY17aa0N7xRIrK0WNYXTnQWdwfB
z5CZ&6_aqzr0>}Du=hW6W1h5BBE-e>2lQ{u7E~fGSd>QT^S7(piCnSI6{rS)PWsLvn
zN=73`07rlRpYrl4cK^@h(n(+Wf4+?0jImzt!3O}zUhhn4MqTUN2KXmXS%dy*t#54z
z%!H^Q1O-h;o$8EYk|xb)sGm1SZVoh5C`PgmX_qclO)7Hh;-)}_0%lur$S@SSt~pSP
zUupBfC#qIVKua^K8fzBIRkN!b8ycG{lySBAr$A0!*-Y>*p`v9oagdQS#t6zV9}_7z
zqiQB9I-|I1rnE$wQ9qL|jAj(q&%^;oD2e#~aSHy1NEVvE3`67`P!6E~HW5gK<`59=
z8iT~O=`iAuW;D&@!h&r4KJ-{5v6uRfN8)?Y5tAeW8$etVVhw@@tob*LOtOd{V02P}
zz@LK*Pa@cSF~Y2a3{VmfAK4Hkz6(J{4?ReU8z%=JsDvuBxFa$U`wvyJRk4RF70g0h
zV;*zdVKgMdmi)!UECDNBVwMoi1>OQo?tsFUaCurGbKDXj>@RK!K~uavvR6|W!wx-i
z3B$6(p=7uPFLBcGRRGhM6~F}IGo47!zf%kokX=z=PRKD{c>b*-nGoGHXvkD*{|jQ7
zEUL<g-v26^=}@AX&g@K1X8}#{H~IEq!<f3wsZrd74P!5s-+xhf6Qe<ufeNrE(BQ|@
zpEJmb%XJHLqS-Q;JdaeU6C+R~21KT4Cx^`|PP+gl!kTH$@;L4ZWzn!F$Sy443b@5T
z35W&~0mabw5UVn+*9@=5s1J-^IN?PIxWZ;sHKVjjx*BwGiYYT)5@!@w&LrzH%Uedk
zAB4*c>Qk2)se344Q+P!UmzUr*axpAj@lqBqmjBhueaA1Y{|DybsCq<PK>eNnFE6pj
z|4c5M^i}-Nm-2IW;vfT`Jwc6!?UD85V80Cv^19OgM*58UxwGY#=4u2?@6>&rT8Dx(
zM{5P#Nv_CMjm<TI=8BS;c=Xrs6az{G-Q4KMh6P`M-6|Dkwi0!%AR`M+n(a8YgzYfn
zQQ<>W&u_pim}wGi?$W?GQD!!)I4U3n8;-G5FhaBvUxB$*70`K{r_7~X$SN4hP}1is
zhWiHQ25?FGw`(yq84`+G->$`B^GGPqC6Efmzz+%UMEBE=dPj$bXTDyw9WCXOq#fqm
znTm(8*(vl8n&s(y8Nu$1j3@}di&0M@YzdccATtydyq39@4T$sx@L3SteyKL0$#an^
zD4QskPV$#d^G}>CS2eeSBXkOCDy{OrU!xz~FTMYtj<+L#BeVW5Eh#ItpZ_i|FE9B@
z|9=_3+4Z$krv%q#t<Cy7d?vE8da|-sWo4~7`sj;tb1&9)eZ`6uJv}|ER;{}D;)}Dh
z*A5!AZs^br#~ib9`0(||9k*%t@XaGeY&z+rEh9#3J@LeCC!f6Slv6G{?X*izJMC*@
z$6h{u{1u9_ef;<<J)WzIimom%|3+!)j`H$rOH04$_kYXpzwYd_udk}Qv8LvRs;ZrV
zz^-%7xv8%1=7xrw=FYvPsp-3|t=~EK-0v-1`2EF;Z#(b2+m|l={`u$Mv3&WRq0pYr
z&OMrT&jlCUqw5buBKNLX@jy?{kCVv<`}%%-;e`)feDO~&y6B<x>(_7Ev}x<st(RYZ
z`S$JGckI~l?Qehk`s=S>yY{EMcI~?5mRoMU_0~J?xZ|FC?s?#W2OfOz!G|7tXv2m_
zwrqLyl1m=D^wOVQe)$vIw?BE+RZs2M@yxZ?{`}f&e{tiDzuL9ySG#xbzvY(aZoT!_
zx8C~v9e4cZ&O3j*XAk=S7w^08_doveOF#L^OOHMF*pp8_`OGuV{NfkC*t_??o_p@O
z7hZVb#TQ?E>7|z*dE~&8PyYGICtrQ~=~th5<}c4a``W&JfBp5Z-+1ALH(z}5t>6Ft
z?U!D9=jE4Q{>xwfa^S#!zxn2y@4WNQE3dr!+G`)Y{`v=Ryz${X?|l5;d+)vb?%zN9
z=%Wul_{ZP>{@FkN@sH0w`+xuZ=Rg0|g7kmkR|Nlov5+<N^Q?m0F?DzCd}PDW<0mYA
z>aJanZOI#V&UJNrcK__s(GxHD<5PQXdh!andfS-#yKjE_>cW=WmOg#=EkFN8N$8pD
z>W|-b^S7^#|K{G&mz=xHzj^2>r#xQRd`|uJQ%^aqZuYvCK`ldTE1Pb9>dMN~M_fBL
zQ9We%Sr?p=Tl1}ZcaHP7TqQ5|Uov7$<)&eKqMx<QJF)ht(@L*x?({ugQ6>)^I_sNv
zt(B(d>?nU~P~}LE;qza${&CNat=oHs4J}!oz2R3kj*7(Mx7<Ds34S8{{E*=_HREzt
zp1$we`(J-{*yNwCoiuUeb>kXZYx}Nlx^hd_gMqW|T=oZJ?TKYCjXpPTaQ8EXxtIO$
zz3I0Oet+=KANzbuXWrh~&wit6_jMglcS-9D2R|h1^Zt2%;x9Qb7R}S@?%O;2l#)^B
z8$bWunR|05Oe@=T@$|7LZjKx^d{JApcW2G)`J3LJ^7Jt|HH&WC_-gKo)9ahZ<PGjE
z5A3eoa{5W5UtV|SwA~xWjC$kdeRIQeYwC`=cW&XIw&Zke4=t`9p8xc?tz$+$HFoQa
z=2sVu_$YYlx|tVEoi+H1y!!3=7i}NAaaex5Y28uBu6}LS;4$0f4SAtYN?*Nt=s!w>
zJ5Fyux%tE&)PMcYW0yabw>+3Lbl;zMt{eWu;vr>gS3K1{V_xp**XKz49=U!<-jw~y
z@|*W%1@GT9<c3QRY?{1w*RY%4-K5k`cs~2moT^W6&H8-bnwp<wPnubC%^B01^49LW
zq35+%u6t(9<O{M!zJB1zuU-9O$$zcc{+rtKwfK28Pi9{kcy-ILLGh2fuJ}XQS;380
zB+jfpL)!JoZEKRg*;x;s9%z55dfThp|CTju_3w**XuLA{&8%tiRZT<xdVitZSMrmZ
z-;5d=UvTG5Z{)o7W=CE!dwgZb(CuR$%Ne!TH>d8j-RmD6eRk1ZTb_+wv%Y-*hCq40
znzG}u)x(Qt-*D1tdp5sPS$FM~?>?&h^^dQtxgl4sJbB#Z_dVMC$4~w7tm!KUZOVD8
zJb&ZPk1xO7*bx}z-Fw`SdS%0-SL~j?Bx_OcpeM6aQ*SQcKX%R?_piNS-GV#Uy!x}f
zODdP;|MAxEZBXNzKcBrxjxVmh;<{NM{(j@H|JohfoZ~+=`s%gvg4?z&+W$z$+A_In
z)Z$e&TaKSN>cgSAMWcMHj1AM8s)pAreQ(3CF_Df*eM(W4aYiV-V$(?-g_GYqXZttr
zdi(X=m!351=%t@5*`B}Z)qS(J{BZEBs@HD){fAc_^Yiails~<D#P+~5Q%4S}lWMLW
z)%}~PwHJ<Tt{8UFnrE-iU7mgVk2}5lj=Q_`^tHo_PHz6Vs&3tgPe0vw{4WPxu0HIY
zyME|L#^sMopIliuX4lvY51jjaR^5HkW0xOW85-K$k+tjXH+GF(|J3od!>-I4ac0d(
zdHLz@*7V%?et6&5ZFgn8QB^W!(@(OqhuyaIgwwYc4LU!v>GKzFY98El%XjO$c3t$L
zG%N3v#30Y|{E<@EQPm&MT3eaDfA&$z6@8-@T_=r>W)J%0K-C}jPP%O9ZY_85BM%mi
zuK8@}-r*<y?!bQ!+L^O?>h7Uu4!h*RpFB}}R_XV1uK4!Q<{#z#Xz<Xiu4As8Q(w1t
z_gT_qvo@cwF0lR4A+P=8oGf{J{m;g{F=5mr(zxck7k>8CyN`aYrfPUs%}}Z6>8B^(
zudhBa_m=41aaqT2t;rj@a#Yoa`)*tC>Hb+)UH0evw|73eSlU^2Okefp{HnpHPsm?$
z%v<N3@zcPK$IQBO>*t>ZM;cA%tUuvpeZ;vrt50};=&;exe&g(_-)3!JJVO1;=5tQk
zetp%=I|p4dH7EPN&(EnlrRX0&({A`6b<W#o9{9zyM?StbI5tr@u4eUyQE%K)G;MWF
z!S{x2&+e-o<Y`-*_t;a$QS0s>oSl4kYyOO;2CaR?nwiq9<7a$p`|QZhn;$L<A3b{N
zmd%NpbB5hCvV245EhTq<xbo_Kl{x>Mwzgu7I&%4<o9f>y_n$pPJ9p`f<3=rirs(~Z
zFMoGT<+i5#ZvFMe?|-;(^B=S1SB`ES*SureA0B_Rdf2*+V@`Q|(Cw4H_42A|_x<3N
z**WbmHvePD?yV<JdjICl`PtR}-aLQ)-tQc}u4YL4Gn1>&&mM8{zM}?h`*{9agLe+<
z_}<vcoXU+GU;57a-Fwz{9Q(@9{Eg3#jhEyEkK123d+=FV%kw^eN-5m;t4DvAx@OqW
zuMcjYwXt|@@R*9i?7l@WjvMm2Z*1VM*6Q01{9;++t%a{%^0)kspV!{?%nMzcvQK#E
zH?{sAWl-+?m361CziE4U;eFHg@9;)%@s#g<uDmsN;U7L4cI)O%Gdgw^Tvv1Q=5GaF
zysh_P@AtjueO7nFPrh}Wbl~>=`KO;S_pw`gfArR|%WL{3SC0DG!iO&y_p4FQZyRyh
zf;)fu+$}$dR!=@~@5yC9-n?h$-ly)_d)3NMt{<`LuC2cvk}Wmuyzi)OYrpniC*PXA
z`oNF{FXoK;*76PWuTRa$?pjg1`Kq?k)!&?1cD`OPc<qos?Yr}l2liKA)3tME_77)W
z_T)VqhF<=5(LZbN8+&fuqn}qzuK#7>F`ooJop#{rzz0XK`{RM>_dcFez4YDR>Vvbo
zUi<!IWv5mRE<Y=Oc<Y+z)?5CkuKJ1JZ5iQTaQ8JQW}SN7?2#9Y&N*)FzQJFg`%2!`
zr(K&>^1ZzLsr$!9yWXjc|Gwj&Ri8Zc(bHGVlA}NLH@@=hjLB~%*L>rp?D)$wN@pog
zC$G=TuN!e+u6(;v^|$jr^L}g7-PhbR`He{D?iFi`{8_VBAKjGoQf~0s+6`;p%Nv<H
z?$vY0ZrYv`EZB3~`fX4A^6ih#y;obdbI+eXot~4Ioqy7mTeH?&bN&Yl+ExyVM>mbm
z$^PsQLvMWOJFoxqwqNeQXUGG0toY^BQ|BzdCc0!+)`7z4^8G8uN>#V7|NN)N{<-+k
zCDH6B6P;(C|IjPXow*{Jf6PO>hD{#cImq)_<fD7exZ(ZW-<|r~Wz*l=QTuMr>G4N~
z*HvyiZcpLb4YzH)@9Pi!^66ze61jWEJh8rg-RMu3pL^8s$^*6Cdsj>;+j_ir&=2O!
zedXEj{!iB>#|%1p<?yR|kG^|r#iDh`jkvMrvq5i-s2nrv8?&O1ZaMYyH@80VqrWXW
z>1z+Ybn<zP#g7g<d*vfTe=;=d@ePGLUps5#@il+S`&&`?xM^!1_<rCQJ?n<v@cm;K
zJ^#>KJ6^3HtsXP7<b>yk<o)%|x0X%n8+}vGZ`R}$Y+pFmv+<qRPhKY9TeW)RchA^9
z<h9xrdyc6YmbLen-@W{7<9{};9sBT&Pn~+%=WA~tS9|rl6K{C<leQE8`s<sfWKEoU
z+z)c+oiy{$znJyle^0&YqsYT`Cp>cO@hdhiId=WlOCLDri9J&abGiciCl4ty>OWm~
z!dp{3IlF30UK?}m#uFCA*WUP1*2cT?HY^{s;o}iY#xE>;BD=gJq)c6ZLRR*@uO@vj
zR34R;6})Nf2V=8qo*$ewE9(y<vra#t4ShAM?dBDysk6uJKYD)aq&GI5aB0)V+Lapv
zqjP(<*Sr=y;UYQbv*zrd4$1w|QOTU`L;m{SQ8SdnQF(*j-+021(F^abjCfyOKl+*_
zdr}>D=Vv#K&%5ZZA-&tDEu1wd=aH2;dwc7y9NM#Y$c5Xd^=5Tlop<ztcPAehkyYL_
z^7BnQm*&2A^w*SB$7^}FU!&KA^UA*0`TgI{oSf$km1Gs(wRpz;S;yX0s+1mm^j+)T
zKYmc-$JrC&Ii7vne(=e*AAB#TY3ms$Z6CaL@2OX<9eTmeob}ITPuQ7L_I!EHyV=`v
za<9tD-B>bYyj*zHtU=d4Hsr>t(}NpgEqgB<wr<d$YvvV?KWEc(U;EQ1UmLbz%*h9`
zPm@RAKC*E1#L>s@%syjp_P5(h@6FFXV`uiF?`ALClGofc=;Zf?Z24K<w7;IWfAoYL
z&qYuCectOYdUt;~Zc}2}?sb<xJThzEck?dWnYFEJ#O!$FnEmU{A3W>C+Qkn|T60Ew
z@vD!_9X59GZMTfr_ITd*tdh6qub!(`yb=C9kpJtMXT;~`UO8y=B_l6-H!JbNIrsm?
zd*+#^95>6i^n~2syf|X&lnWoedE)Z%C0oMAS*3MdA6)&y3uQNcRMzyyh&gL7{-24t
z3rlu9o(jD4f@i{}`5w<%x&NQNzm1h7OVh)!+1(lLZU8oBcV(EMEGzcT_Ectf-dlC+
zqkFpURP9z*S9h1Tx~o}rduE3<y|r;OBkzr_%#7@e$b0MdY*Q;rlp(_~NG=G85+swd
zO_Kr*&^BzC&<~P=0bBkdP@-W#_8%IyVVFM*{SXa{1`MC~^StLoL}uKo>YiDWjhVWc
zk>{K^pYM4;pZ9P6%fEHwU-{$z?<;@*|M1>l`PFaK|GRs?_Lm<1i+}!`zy0^V{lQ=P
z*2lm0TVMX)e)qrjm%jDc|MHt3T=~^6|L_n0t55#eH-B&c$}d0ri~sk(@VD-LWBiwY
z@X4S1?cccbi+}KMKK<e^|J?8WZx8>uf9>9X^5=i<zwxV|{Mvu~7q8#>*Z%JR@ehCQ
zkA44FAN}(`_YZ#ludSwk`0+2j{~!PAFZ~by%)j@y-uXv=_ls};&FoL?eEWFv<{$pS
zFJ1li;Ftc^znz`m|M_qK!u<d9@4WX9zWKk}`S$03^S}2m{72)z{a^m!Kl;_d&j0V*
z$KSs5t-o~stN-dBeB<LQzf%0xzx#jA?>+v{{;mK1U-;+$!$0$*U;CAB{mcK4U;Q(G
z?i&xk@hfj1{o?g+{M>)I^X0$rpYJ^XwQqd;w|?Qjb?H|={)2D)nQ#2sdimKu_g8-D
z_uS(D&;AGh>tFd3|LE#p`S-7me*POj_xgYFt^ezHf93!6`CtCq|M_41`M>f@({Ft9
zwSRE$-}qm=@vr=aPyft2Klj=<zB#?}Z~V`H^zA?UU;MlO;=gq5-~0Q&IQ`4t`prN1
zh5di<^P|7>^Ou*u@SA^d@a6CP;Ko1x_MiNNf9t>b+6Vi8>f6`<rC*ybzwz+nf9I`#
z|JNq}>8*$V<u{YRbAIsazx4P2{4)Ri*WdfbU;Y37$}fNX@oxUF{Py(hfAqKipL??}
zzP<dte|z^=e)+Ti>aYI7fBMIM>G!@_{?`BauYU6v?|uC6^z}dg=+AxQi+}xJ|J6@E
z{$`SXYyBtw+AsXwU;3Z?*<XG9Ti^QY|C_(|U;p)Q-Tw!F?BVOb@@GH(*8k<+U;pEG
ze(~Y&ee;)>-~91E{`Q~$_J5GLD*y1W|MC4_`pM02|EquS%?IE9*5g0;tAF_MFMje{
z-};k(^PB(efB40tzxT)f(*OQH_|Eljef)R6`Tn2#z5mXC_uu^J+kfLf`ak`R|KuP4
zjlcIN{-^)hKm3)S`?+r%{FEiXe`^2R9RK}l9Duj^|6YHqq5p%Q|C#>pYxpnl|Lq?D
zzR>~r?oZVNc$`Kt=3V~3;|>Sl^ojM86R+P5KEGq@^!u|BeJ(DyKV#A7(5;W{`@ins
zbGu-#EC4+i)mIjOzA^k<*1IeG+>ZOzhM=?GhqnIH3Pa~UK=2hgoNWz62XB=U`z*2O
z?7{idjYXF&|0)B~nP6~?J0F%!f$1<44QE{S#l3K3dS74OuOc+vcYWy3$wed6BSQaE
zj84b%7Q5MXhp4Mpm_3|7(^2Ynswqe|I@+Dl>N3_+JmBC3czyerb@Q|{YCU>i6t`}U
z!aogx>oTcJ@51@dV%PsEja~0|G{2G<cG-p%2QB@xF!ml{>=*IL#YpzRX**chws`g~
zSKgmRPu>@Zfd8ZA$oqo-b?Sct&&HQ~$7cP{jr|)puE+krZ@&4@;=jL^|2qAD-A+hj
zKgx7hN%~7`b{-%8=)t|X*zLrzBtJ=h8MwP$Y;LzcU*<O*^>ozlAoyWfRt1o+n?RE=
zChH*i5*#(5;jhBwIQBP|S@KT5AL1;<uE*{wc2YKwZ!a3SUOjkt_qYG#Cl3$rwRb3+
zXJ0tl>{yG-plY~W9u<?ax_syH{f{nx@5b9#uD$j4_pV*TLyK{^v_iXAufXK$5XQjR
z?JXC_ItE;}TRTVVa}pr$;Cpmz`>x#m_djxj&!=t~KY0A{oxAsL?E`H`y8O=Vu3_Uf
z0VMzEJZ;2Hq;2#!^`zESdq68NO7E<XL5u<YBmQvz@jD---@CC(W8S^Cdkr6db(6-e
z_?3V1PB>ei##_PlC%yaN-knFT@@$5R%V2%M^BCH2!d<omby>N@%O>5p7boQ+qYzhe
z1c$78z^qs6CFpPP%|?CrSw61C%UN2b0djp5im}#rAr`W%4}8Jz$id#Z?T>hSNu0Tz
z+xVxW%w`8|#~o$0xWUsGzVwZ6_FXqctK#^iPQMGYb%6U}7o4$E-6<b`a(DMp0j$z0
z2j<&He6KO+5he%Xz$7|4`F@t3IHK0t!C5f|b{)I*of|v2&-vN+FK6ICE<WJwNPZQz
zAgG>w7{Jc$yJqs3C;H?;iWKYC&XS^2Z>G54th>Egr|<0V+}?MT_Wq(qX`SLPV*h+w
z;p)!qtF8iwjt^LKOcfg83PG(s_agTXsLS)`5Z#r!&O2tGRpA@oxCigtgSY;G;!t5T
zA39Q9^?EbEo8Er6%vWO_<mD|@uR+CY_+n;ww{`V8)VS_yJeDxOex1BdoxDz+M5$ow
zt7u-X<IKF{81p_=u2B^j)13-bW6;Iz)o55aFxYgfa^?oOT9f*Ad-WSs{f4U!f`-n`
z_L^@}%{QUudV%{hz3a#xgu*xGcvC}fQA2OR4n!H|-F!UDC>?m!Z#Up5U<~(sICHPX
zy+Mn60~hy>lNV3sd0mXthfB~VIEimt_ixZr-@v7Qlv9RdH--x|aE%(chT}iR6L^8z
z*QqwIKd56DSr1y_s?en2v?0yN7svI9zIuE8H>o~s05E&x6W{{2S9^=9!EzrWk#^m#
zaL4u<@As(s_Zr)7d)2q8>f5&JyMV1xTwtr=sA0@MD5~P9n1OEM(Ygoy!EwW=Nq+r+
zVMMl7!|}psKg`{k>P6{roG{9J9%p20rTr^-4P0^6-p^J??(%R8Gn?h+;@NhOT;Z$a
z3Z5ozW!JZYLvZKoq@48V4jnA`>l*tZsLBq_=(jD?K6QmImQ@MS%>Amm(|C<f#GNJJ
zG>}^6V@4gi530IpHtut^UW56#hLZu!Ihr_rwt3vwV9?ia#8^6gTzs+RNL>T^aSf@*
z$5p<bl)Lu{+Gbm|>rf5JMtXNvR@<+OYd|rsA-#B%A47cP`L+sgLWMUQdmdD6cemAj
z3+ldQ&T50Z=&t)csQW#h_jgf07%kl9P2lF{x@>~=b9czW9P|LA+|PR~JhBYLFm!f)
za|hf^-=IxER)Pl-Vc+BJc&E{g_D)v0%S`*QdD`$Qql-+B3<!0_ay{#DrQk(I*Vu=Y
z%XwS*>rkFJGQ_87zH7@kuhU3rra#VVFy{4}Uf9Zf_2C_Kkzu|GRbf+qm;nY4Wl8Tp
z$!|gRw~(_(L#f*q4@sN)UN(mNq}V=l--9+_f75LZllS<%avawM+ISn<csn>F!4BU%
zgKiSuWDlFi9^Y>BJKe}>++v>Qo_Z$($48u^)#(SMBI&UU-hw^w7BlDQeWLC(fe_SP
z|0>kK+EPC}bKMPGg9ffO8@TiF{XSFa7E?&oT|qf|Oa?MC9@{AEK;C2#{Jx0bENLFz
zdFR2s^oRG~J^bL-&i<7vuYs6(_$d7W>vZaJiBCY&_rW#a+*GzONxf6Mqg~V2Znr8F
zzO$T6cb~q$bNlK0STNA`H_H9s-lNC&AAaOY^QY}~z#6owcW%?)?d8YBa2yl=0g4R!
zeS7^$i3sPn>F@UPXyri-264@sOCRU;G+&(V+~yCxYRrZA!)p3%d);E06)U%%^mluC
zFz4;uhJX8&rJ0gX{pt`J5!Is4+w0BoM%lSdf47%k<j>uXfq%D`<tgepL(4I$_V7=S
z(r$RJBlu@~=~Z@?f9{^_+?G$h>bNa|HQe7`<tr{<^(s$jK|3BcXj_dchvT+$oBsAG
z&nKeldm^gfL{t|#5p_w{)1BM$sZSl*v+}7&9mndq^6ua5W!H<PWA=A$)8FmopYtYs
z9_~VSM<7iX!v5XGQMEkSLb=Dn>g|!AAkfS3Ngs+UHJlK!o(FBvlMA&$hV`HkdUTOi
z0HAAK*+%HeMcO!9WlP%ve7{Kj^CF*3Yy<e9#|;GB*dG4tt|9-WZ%w^pg0B~-eNvXs
zOl|mjf!g3yU~0qH3)DtG22&lsU!cCB49#a3XlKPTu4!gv#NM8*td|HxXd2-secPzQ
zwd_qJwYXi&>SAkIMXOO=a5buy)wme7);iHVRu`VfdgWyQBP6rYgY7K<Z*vpDJ9lpT
z&pqo+XY1;O>*42~^$>2A>&--a)uSFDwsAH1*t1rZ=g+tneC%DTK0R7bwIY7&Sr`2b
zxh8(@!OfO?ybAKER~=pf`P8cpdNE@i{M4%sub6!5RR^3wu?l?XR|Ay=R0luys<qS?
zEqlL-b`pQ+RimCSNh0u{`_)5ci9htJ!MjI3^^hR4`eZLVa_b|X`qmkjTFHIvTdOJ-
zQp<hpTdU3%SEU+!zCb-wt!J%qUd*@_eC%7Rgu|pC``7Z7de)ib$6UvK>RBg$zT`UY
zQ_ninSqTEX|J=8plSZYQ``EYE%J&gJ_pEoa24#kR>{)9z@o&S=ee0FSU=i}4``7ce
zde)g|&$*8K)VGcvuX*p&<<@8_mE6akwU!0fSr&b3lxI?<JnLC!mC06G^`W&~axp3A
zS`EHjsHVH<CqZp^(6a?c(}W7Z$Nsf^rM`7O2j!oB>{-iELFpfS>|e`Q+FqxufC~YZ
zQa<&nGeI$%KlH0nOs91*=UV)wS51z2#ESg6XT754N=1)3cLkkjgK~;~>{W|Wm0&IU
z*s~V6y>l(XukKMx#22cl-+I;6+3!8`j{nh4^5;If$nmr6INuvD-6jN`r1{#vHpRX8
z>h%3$^=HLV*noS`zlE^-7wi3Um6IAedeFZGN5@D>8+`AfS47?39t5<3o1}i}T@x_g
zwI+P&U30RYFSRCo>0NVLEGAkLzVxq&p&!03e(hcRcn+DLv^IV1U%Of#`MT~)@0v4^
zWBlj-^~$r{FAjd|T{j%+#YVcy{ldD>7pMn*;<>4d-+R}$6MT{RT`!krp72`_Z8wIE
zjnM&Z=eGUUw{Ec@E1&(=x2|Iw7g7^G_pK+FkNwuSZdLl;R;B4{tcAZzcHmAW{A`^)
zy)$!H5u$6;$IYF9Vt2*gfNJU2?KR&ewX%NPUgHDQAj+rh<-yhF81|6)vc1+vY?kq#
zx7T@;yNiwM(C6)S&^48+;K%JXeh3-{ehYoxUMH)U*`nYz<uBW7ky%GR^(YSkv{j8-
z&G37Vx}-_dk3DMe@%Ep4)LEJ_^)Q-ZIW#-5);M~wy*AyX@@ac{wz%rY9yQ3|uOGM9
zIOdIT++z<o<{7X^##62$UwhRgQ-S%?uNK*<?6+R^D6NuKq_4edo+wG_WnMA`$K`ra
z2UYP&@A~ts3f~M5detVgmif}F78_9Pw_f#(;Us?2tG=NM@~v0B@SXkNhfYQQbFVsT
z)Cs?DuPe-g|J<WabySwKJmVWvzxJs)o(8wAdC;eJT=^n(XAt`Y*h&+(_R>J`uum(C
zVkUJL+Z4TA%-qKEtxr95?lIr`)HB<Tzx1kgLN*HftxvspLi^9<EO&!CkxeAudekeW
zpW8)QD7DDXD$l6Mw_f$kRLZx0^~_}I*IqTl=`;`e)P7z|wQbH?P^vuo3<W^{d3znh
zg7oA-mO{*yeJI&-U7ZB9#XRU&dpsr&d|zFj^sFC}nBY;r7N+*#ng{)A7nb8U5Bk+^
zp>d7JJzI)LF}uhpluGiKp0y06^xyl{jk|l1-rD2pzxS(au3i1wvu0zXoc7)+-o4R&
z>s1e39R26MbqZT)i}{8NR_0Ax9VC6Z!dB|@CUhl|eIwuc)FYLJ|J<j}a+Zy?5`O7Z
zi(L8q=k0Z>P<E;M%Py6bU3xh=NkK2WRJ~=FDwJKS{<2GDWtU#=R9w)=0sY*lxMU;;
z^mm`)(qY{T)RQZ)>dDVn5kKG8MGMQav!?&Ny-r;QcdmZzQ!~0R&4WI*gWFEO_Nf`%
zPx`e_O?%7qb6lp9OYELj<ga~dhF$I7Q+qGTw?6ek2Ec#sQ5U_3<Ws-$WSX<zw%6nB
z%uzS-lkN4Nd(!>9ALTyx#4U6kj+M-rMk&rDhHI0;`N7k7)&LlaP0N?9-FfizQGU!-
z9&Pi;!BW{|LMAc$tzSKRRP2L(wE?5nSFJdTwnx3_r5Aapr+xlwpPH*<RNG2T{@Smm
zS4H}-J!&4g1&6SAt|?!8)CBnnE+DQcU;EUAQDuvBsmWja)+`pat+_RxCMc@pI(*c(
zg;}Y4LcjN}8*C~2sBa5~^aoG+)+bP1Tc4ivt?xC74=!S0(8BTXFE)B5?&f>nx@)~p
z?1LV)B?QoX=~XKj?4<9d`QWKN#(mE)YlJ=j8$Rmag69w)TujaEildQPKlZ2r+OH#f
z_xJ}rYnzqn7k8*dgVpI9eTan@`B^+u_EEnUygu(ie}&$Ir{J#bF7=9Q%GX{sYfm-l
zOYd5SV)_UDY8z_F-+I;y*2h2SS397R`n_M>_{F{7yL8fYu$%pZKDF1?2}ss6StI|T
zN9|QU<!bIzukuFY@SwlS;X%kRKj_aeQ&B_O<ZF+b>xCa5e(q7{3;>h44t{R1%a;!y
z;lB_dfBOQNz^{Do=Cx}#_up>G1P<`9RF5#=Z>IBNQLfT_Qq&1R#{QAOjP1mKHIw|Z
z@7Rd{`qs6pR~q?$-n@3@+CRg8{W|{p{;$9L@GhXRrm)iK$Dh3O;QrloXZP~uA6~nA
z`SQDm@20SMQ@|#AuUKTW%a`wc1RxSn9QOE$lk(lyx~OOQ25eCJJ^B8uSUiJ-2q9W5
zfiliKI_#!myfY<35OpB={!uwO#}2KacL4Lc0qk+-_V<hVaayg$7UngZ)c}!tgsDw#
z?ObuCE@vBoUg13n0G^ia&Z)}=>gl@pBK;s=tcuUqc?114n@#e$+kA|Hx^!K}{4hV8
z;FsJrn%^bNw6qsMMQ;ZZZLiiq6(#)bTd(9lg7Ah;!+)?l05-<;1g^7NJNp2oV$n9U
z+q|?;=K*E$$QEh-yat?o%oEVe*5uX~&>QoK!Dvk=Jptw`80V8Uf7H4NfCI7#R35Ji
zl+Ti>V)<YOsccr2ZV{(|{C-@P6KNbXCzMBk`?_1M3OAST-KO<XBFfG1ts}%9g17EY
zRsipBf83Mt0_(S!&}fcwNPRJ(<St9_pq;K~qZAEwyJtE4Nx1uVLNKY%;#``i6b6et
zpSV4ViA4BKfPFKk?&BL+l{K<?vc8|sZ;wgM>prD-eX1Bi-GP)nZfTr2QstP@<<3Ws
z?-LZlT^#Y<H{KZTCA6sT<dlBGtf_Q+gy2Re8RlPDlr<-F$<iH2WU(WoxtSC-rB6C5
zSI;W!VD4DY33}W^A2DszNeLXn3|0s7@XR2y1oYMy=WGnnCe?#H8I+q!3PL0J8>cY9
zMrBqZ*F&*5EuZBcxd#@Fqds88irf(`PDlgUBPb&fCH#Py0aY#js96LslNUBE{9<~S
z<}!E(Bo(4DIU*>nLnkT02J{~iPq<gdwP}_)Peryq=Jkh^I!@A|)IFK|<A~-8Q|!1l
ze6piS32RY7%7ry2y25m3?lv#y#TVf@(3ORp0ojUkHvrJmm>|5Su3!$UNSU{wV-tw?
zFOD$7mz&-3Y(1fzRvB#8cmZ$*z7JyuCiMH4@zW?dJ1NE|FabU_9B*yRxdMYpGtC|{
zqTDb9s71MhY<iG@7)>3`PpfiTpJl6@)~djaMW@AtP7!93Ao^m{h`_>DDT<(&*9_8h
z2=S-PNOBkn{*cJh5f#RyCv^QHMU)#S$t2T{8&feZ;Klio+r%&^nig}}@bu`2if5cS
z2J)UXFy~>3-Mbu1iV2|Ly%RTo1!mV71BC?mT3j%<`jUBx()o-F1cY@v?4(#s_#x0}
zJ`1Cy%5%Ob$0rNi3kc9{#+K^XWJvnPyv`)`oZcO<uy*TF;yQW}GYPJ#qq2N9!jt`R
zqii~OoV%-WlHQvjJn4`RK3`l{?ZtI<=XQwt99&$K?SvsXWg%%R&hqC#IWb8MB976W
zKuK%d#Jh7*@g(g*N;Fy<$O2dKf;8IY-CjF7w4fv;r;ZVtj1ovYg2_#yEM&B8&wz@%
zpNkd$kZ~$2N9tvZz!>#X84GHx&jp65KQOV`x{|yvwEvO1!-;t3qxXQ8W8;{g2YZ|R
z1lAzK8UB(86uh^hk5_;a&mp0VFLkNHnM$7cN1vLC2=>3^E7uo+1UQRb;KqQ3rrCjX
zEDOve2H6et$5HYuKgWrVOMU<7_A~h5`<IVy)7;UjNKLnr^P{ra`tP}lx1iE@Gq?{9
z=$s4Hk(5kwJJ1?UOUFc}v@(*T&76MTjaL~z-0w%g<ZDF}$BlWFHzrKXN0eLBeM$z%
z;0P6UPcXG)F)i{Hl^7<H|B<hY#d%7q8q9x_1OB7imy_byku%!K$OBhnw|MRcOuFQ*
zG0NM6G!Y1fE6w-mxO61Gm{>%@iQ)spJ1E(X>%|-hzuqT%$>6Y2mipr!F5Scdr$gMy
zdWAO^g&y8aU<_asb9WFX1Xw@{ixtrB+43YiLNMy1^OmZT%nundU@;sK*ZG13PJZ%m
zCtx{8m0$=qOAs7)BygxTuIyQxmXH$@<_cCr_9HPT(4?Exe07>ngh!zHRTdE^>n66h
zaxz~E|3OLmkFsCEf0L3QrTNS;3Hqs+Qk`7uOfx9}EG0h^B<EDhyUF1HC?yj7w<u=(
z3_3~wl`AU0ax0Y8^r>F2ur{V}!v7qN;XbY1d{QfpXh7bh%Q&t;IB?TY<-3@Mt9C54
zZjqY_-G3Q`=iw(RE>nm!b%e>(sNfx65ax^@e)KLs#O$5*S?PJ95z$$i^}XZ{c1Dlh
zh_^20e(<}0VGal{Hzhj6urC;k9IJGIImg_xQdc~DBYqtwc0=IuXl_MvtucEJHwZC`
z?c0qGwY%YSw_3T-H@s192HWWk{C5}seI5V3jQ_rd|Nbui`yDFkq(ArHpT>W`JF5@q
z!?ApDPf~e8<*C{L{~hALKf!;$#DAaQzn@Yes&Nzl9pS%w^zR=1yBF*gI7|;9iU?>m
zjg$x=pXf<GE9M1dY)vuN5a)!ms5**LuHn3XzIJnC81x{km`>&0T_pbQc6JPnyRAQ8
z15@Ru@e-}$kA+RWln##a*=#t{UyjT#+4vbINi#oB{m&3NnogZSXMSGzpBMQV0OFV*
zSN_LwwsQO8IOoG>3e~>QiIZ!;C^65lBUYx&sV{Ttm@2$*!V*7@Mls8(6Z7+q{~0Ef
zxZQcSdX_%1^Ze<MCR(ap^3}2>*!jw(oAxKXNL*zv`Ouv!NWJ4Oqg3B+4;qpH*Jqxh
zgtY$^$&CC^1Y3^COzxNq1IzIp2<heU3WZc?OULy(ijMC9=6>PW=2bx%;%4hS@f=dL
zHTZo07<TDoLL#h@WO8PM<R>CyTG`!uYfMf9em}%}&)qxeO2({&wPZpBQQG&4dr^ou
z8O{;bAAzJTsZDcA^q{<6{@hInipuz2dfza4%#?%~2bdx`CvfwAZ}-Txi8C@{@eUhf
z`91w2UzL>zaC|)d)H-4)`{9c02PJ5Z{|9tuIjsZQ8bjI}Bfq-A))*zIDhWFP`AI?k
z1*y?e4R<kO;2zFV>uV~^Sd3E!;x{xLF1FiDDslNu#mPn|#VW@+r3f3z7mRWPb;K>`
zW5}O4=ENh~1m!xUY?GW}vZ4f^lH;*LxN1tTX!I<Sj#Buqxm!b#4+Dyct0B7`886)m
zZk`~IHHEV$c9LM@;%`p)9zV<Lin;P1N)s?ePza2ys4*~wiKjcwiJ@Qc!9ZS!`F*UD
zRG+WmE|gk!Bm0Uex;|qD<SN|j3tWvvdJwjTse{eS+B+y>i_i7y@9if~^f32pX1~3e
zTeh7^3Yy6UkS5a4l~vrT5(`<Y%H46ZY&APSNTxQ!C9o|m^`l;0Z|&8mpyd5j6$^K$
z1wJjv`c%sJbPXNI0xdJhcgVW4{4*_9sKaaToaRW!%6qb3D^-|qS>lf7ctBR`1*OB~
z9N!2V=L8r^r>klo>{EP$v$p4WQDUA?v#Dhibga2Mhah=J<d1U3=Fi9ZvNqEm4ayzK
zrEiB0BWON|xh!%_OL`_LPg|!ImAmtNQe>DMH>B-C2Qi14UU?Ny0czYPjVqA#@Ti3w
z@hwOI_(TKlJidGXelidNU+A=Fc2L?Q9U1MYx8HICqJMk%<Ng&AC%KvZ?q;sPJ*1IL
zk^PrV;8?5jO!!&dDm0vsrOnb?>7{H|{&=x}_1exQ|8Peh{&;7{6#enrZ@K6DSAKlu
z`rBcJCr?}r`U*{b`l<Qp)~zS}EhyqnPr$0udG@z7DqXS#pJu)%<QV#s#flHP{g>|G
z;cjjF(Ou-_!U-vorP)!EYz#Y+Ob^Fy>z%lTmg3R_$jl2C1xHPuGbh8h1})K*=Sl|d
z(Kf+z!7@@~Kqw;z>u?SJzjp=y-M_y7CVbexzPJBozI)YuzOr`>p5EJs&(Eh*{Bz^Y
zme~V)L@rYn5Fxp=PtKQcd<N9>-CZwJEzXJKlGK)&o`CyPR#-l-gR_-Q;RcUdlH=4t
z_GrU$KZ&7(j#npOT(aF4PRP-%ipAkTF_a?(+e;n-<vA-VIGUzGd}ojLAk%kVxov^W
zSR280o5i$63XbUtNh2^UqU)Fx6{<EUZFfFjmXOe4cD^SDz^k0S&S<W#?%ZzXvJ2E!
zD(fR3eC{g3Rs!Dh9FjoKR1513HKY^-zBln=Fq8R{%n=HxS{;xb>6Bg%xt|Yl^<i|5
zH-a)o$E0Z{<b{qb&Sp{@#Hw>vsDcU*Dhu^C#h5S7n5)MtZg=ch(TYp7k0Q<Nn}{v0
z%M}r7V?4r4-ek>N9j|Gvz~q59ld%Dj@d@NVD$Qb$(GKu5ppDV-%aGOv=Zr^i6Qyd5
z*@JzBgVA^peIh<#xb<+0v!j=m@L?eO$j2dQH3@3KGN_(`hvW%}(}kK%?hMK_C$z+J
zOmONzlZ!n*!h_(L)D)~)eBsvTUKsKQFU&sbFL!L`0OTUc7{1CuE~1HcFUpQ8k;^hT
z7SlDa8};!WGew>Kte~T)dV{Xgc#m#_UJSnPCGV6#b#*LKz}J{(VA=s%OQsCc;~gZ?
zIItXKj7OatPoiHjJ2aG;2Sh%1-BYsgq|;f62Ebhma~VpWbSI|VM>3RW6`I_R*2QcR
zo7Q+|qn#32a8+RGi`gatEE_jHN<=M2f>+!b(AOa0;=8OmKoby(Kx!y-6EodAk^5?h
z1ApvyrX9FD)!8}TWM0;Cr-VroiL+=PznO@j)GqUCb+Cf8%f0EKA>9t0fa$ugz8jQ1
z^t)gLI&dF>P!6q$67^C*D+aJB=8|N|$*10YY>fLziX7M7`s3ZC@or3nByV?Lg7+WF
zUTz%Xz((q}1H>qvxv6#Yf<{@kQKLUbT_yo>3#{Wz7x69r(!x{ggnGb(gq2!lXO48v
z%hfqDK`QCyyCMsfl*Nf@IvNUvE7we*c&tdn??{7_?cF8#f#af4yL5EUd@qc3ZW09|
z$zm=Z4U8b@XA2Q`&5L1E%PjG^Z%(+GZkg;)!aBwdK&U+vvYt&yWg^4Fi>@~A0X*k-
zKEBVB>P^-7JD#5v3>_Q*;C=2^BM}0AwuboD4PZ#NJx}0g1oj!2U@C%#i+m=)2M1>z
ziH9&1Y8g*8uS3;xEbO_EgYhoi_;B8V%)nlfmm)`4N;a=u7H0TY;*Hter?T%Y7kCv@
zaYv2vQ<THtE<tL>Jcf7*X?txmr1zH}BII(d%CX}uL7E}r1N(_RZkQV3cV+|7am!5<
zyp_CS(Dgv5C8&E?PGCkS9q?B7H;9`lO7$p>qVEgP=o0*>$~A551K$y~D+{6H%?Q_?
zn;zm6HoXYVDIk`)`;fL*#YuEgvzmi%Z&A&8|H7MDoIdiFHQiQj$2)QgltgBXOtNHX
zbKR|Suur<10uAY@+qBCQ7{v-4Gt#^s?}7f%x2Gjx8>k-%8tllPM;a)c`@PUiuA2sR
z5aCS*h907WNIFPD-Xqs;Ha%6|LB=(8oUM>faM33_=oRi2E}l;ljfN@-+_K|VDVZ$r
zT=0apk@mMNX@4ucTEL`HP?}33Z?u(=%Q4nW**~lh!L8o93+^vaNG-<hc5*l3QBJB$
ze-EL6(O{0<yN&5IxM{U2%*wiw;i`_F_;V)Lln@n8UdueZZRg?b@QUO8WH@O);l!2>
z9J@Cg#$;W&eexNkH{WauCT`V<rz9yB$3?w#GhXF72YAe(jQZ^GU`Sa!2X&3yVk4Mm
z$N}r_ArKDK4N=XwBnDJTHp30$c?RziRFP+;<GZK}cpR(XHWL*Zy3fJdKPyN`1wY!r
zpM)K;^!<MFeHJI$?-Y54A7K@wr``a=J}_cff$|A%$z$}cWWE~(&ug0Y+=`ySO!+kE
zD0E&kLMQVq?v3lZ#JrPqzA#my+voLJo-dg1!$~EwtIJ-a!Vv(BN$;QeeAha4X$DDe
znJ<!o)sO{|eDdIRHM{=sk0lv$j(`#IhDYywWBRySBiD47p5!y|?L2WL{S-amxVv)K
zlIlY{0sQ;(rQ5LJGK9K9EzaEvd(CP=cO0s6LB|v=0(-2zWWN`&U4WS`1s^58tMHTr
z4KqVMO4b!!7PKt{HkT--?jw}cyv|ZKT1@F$;CQLo2$Wa1-H??RqQ1Bm?xAa-zTkr#
z=`DWXoj%;q$Zd}9Ze(wHo4DpZ87FHRoE_GlNed!%$F}_u`&^g@T^=TP#H5Wk7%`=&
z9?fEpffW7h!iJLpK9uRcRMG0rJbe-65~^xEbyrFdwl`EQ>@T}V>CKzBQgBUTeIE1|
zzH%2U<7xvV^j3{xu~9hEu_O1xqbrchTF=$Tnuot$0K6D_wH4z6^jeeL-99UDxT$nP
z8aKvudvjjboAW`qE_w;f$W6<&UV+E$gl~gr8Py?-gAB%FGQJ*p%2_3T5>Q!5$|r2K
z*~>S5AKwh_w0H7p$;=oTT#N{Wr(60oLc2Cy{6%H%b7|>uU^)xEppaD(W}&(Cq*rz`
zk6v?6jMrQ$4?i^z%`SmE1@vU>l*SW<#IxZClf*|uT_Z7)Y?7W9S?Z-ZAllp@&cs5Q
zZQV+IQ9UU>HJV?@+vui=CNRlJAg7Xo@c0zuhI&wsilH)dgU4HhKl1DMl+=VSXsk)g
zTVhJd@}3e-)>W%)yuuFCNm-E3&=1L-+{tC69bcePX+;j8i_B58^K`jhEu9!tsR8*=
zom_eFZr1ibGR&@f@n>KvZ{c_ot?^{%Bg^w{+d6x8>llLK6|s$7F+)+Sk}cuJtl|U;
zjI3HUev<j(v{;pVM7-ed0|=6+R2Q>pSWRIx?`4jJ>e_(r0!|%hl)Z;GZAR0+6L?Cm
zCvJ>TETYnEf)2dc9`TH@Y2z`uRR<$U7Hkw&F`#Eiv2dHAV7;fUt~asPB!QLH6X^Zv
zPG?>>YSP(67Vd#bh&)2K3OYu?MXmt6y6*|bN-uAb>)`H9!K0<4p(<>sYH4WjBdofh
z-EY|Bcn~c?7m3xpU^YBqPY&WuVdM{$K8AXWS#s34wW;r7hf88gB#wlxuY1pphY{Y{
zZjHbbvq8PAg)Smq(9kH|dA>6=<d_|n^iAfhx6Bhf;#8xCJpBw4!pGu7F)|FP9j9e7
zY-156MeAu#TB@Aq^^o(tzH=M#)S19EOlGQyK*t?)p!WW$;0r@82bH$rs0a;@hyv)e
zT(>{YD&S095AW_tXoETmII+=)n!?(PD#wb-IG5~1p_4@XRmO6=3ToG5LG3yUYA5T(
zvnmqP;F4J{iaJmtic>uhETY<EI~+p`Y%v0-KKBjEaL`xiRcEJ#&Ip>rD7I_DMe70>
zIVRd#L$x4mdT)4ORQbFZm$P!=Z!_u)+-E<5cG4$snH`wR?9(qprpKEp^ZBwqH~r;^
zlC?U^9UNHq3D}jh{5YFgyMg0>Cdj1ntYmatA-0#4Ip8O?IG>kmb6yg*s_SyHfCv@D
z`q-vuYE`h@sZhf(q7GD6X&y^B$toY`q#xzCSc9e)t61ux5wY&j8x}G$3YDQxr)Q-j
z6*pgox@lx5jF@XCoi!L4fGkOTQi*<6tMyoQ{*E7XBoGumu1nx)%wc4;IP_?BG@_d~
zCFreYEokcD7quv3rxO$SsWv-!M63=-b7U)%@H%fUQ^E<(&=`H?rk5kAkh`eL^=eEZ
zjoLUgNHPHSm{@FBzyoqT5tRy_57#Pa#=N^Cst(bG1s=Ow4|%d<btO<raW$qCS9fl|
z1C}69DQFvzd8nW`*D4}?Zsa~L5vY6S%d7WLrsu<-TPg+T7JrD`QRr9RdVyRi9_JLc
zHd&8R@j~*scFVs8X#%{(QH4o~MqX;$ea{ydnq<hsJ$@6FQ9*3Fo+YGHLMn~pLSfNp
z8X}V1))H=|ssugOJXbSKl1-4z9^Iy6h<yar_0esNJi+gtM6xRd1gFnPX-9sTJggQW
z`??jfuUpNGY=vv_R=Bov+iOBw^m}NBbmwC|s|$!O^>-Po)<H71(R##qXek!J?UwRP
zH^(2%@~M+>98DpIEG@|X)JPV%C?O9(S+XhQViR(cbp$qlsLNqyIjCJYWC6T#vZ`gX
zxXwV8{YEGn?M3$sicwUCE2KYx!XsPQJ^eEIWvPM%LELH<bWgtwx1kOZI?bV?O|8uh
zb0Ju*jZsY)HX|XwCz)?@tD!jXYytwM#DR<NbiOzSTi-OQs5WJC?cxh{?lp5Dwk$Ai
zUNoR!%1~p3DC|Hs%g(a%sG(_o=2gLsmarR0+&NH^?o!mhpQlE-a;d`5F086vXl<Ja
zJ!knw4wx={;lg?lspk(GbD2v@ArO3}K2E{>f`!H}1x_;Vf3fYTH!3!S(j+^97ij2l
zWx-%j9i$CzAX@sso4{zIJmsM4HiwR7pc%wB)|H(L3eqHtH;lZohulS-ui%1$IVE$^
z33;sr0#A|NO0V%pcO^V2K6MX@H}*&A)hlM7gLP3&bk|f9<hI|{D<fQz5+W0(QwZJl
zhQBA*rKsA!yi8H3;Iz>4p^}LwV3H2pi>?i2h1mbEB1jDOk!=Vr82e&}`h1k0yTQ4i
zpPP}n<;82evd&3vSA>$L379*Ng3M#>oLPYu1>Fnj=R$4eMjc%W6mHh3sZ-fMQqhfE
zk*`8cSN%+=>6&xcrC122uc=-Lk62>04MEKd=^UyKodZT+zH-IG;mgSM{iogVEU`=v
zY|dR~&>pK89k8;8CwYscowzHbn4)hZ+#VP)OW)W%kfLsp4I>X&wHL|(MNhD7j=09m
z@Z6-%HknXuA6bD7Txn3t^g#=v8?v+%7N_yZ8-SLZsy~63VAOJVp)b=XT*^QDw4G;G
zXZRCj^TD4IaPutFN{BaSWjdW@r{$`}3F*4M&#t%JXx=5$Usp&Nlg5ftzzT`9>b&Ef
zKO6p`>J3U}R0(Uxa)GCE<lMT+ku+)x+(a?P!}xBb#xi_G!7M~4L6&h58lb*T$9>`$
zf?e_5#U!gv4uV}VE6XMEOvPfM0>Y%s=`iLVFCnPL(eva1g-4P+^=rEd6y6m)V(cAO
zjYq17L=1vfPXHaHUfGon1tBB&RK|bF=qnQPH1_nKE)i5W4AiiS_7YzRCi6Y-GXvtc
z7x}sQIq_|%xaK>Y%>{u}Q*Z2ZD-AGZpNMo2hO_WQv<iTJ9vDbNROwcWmn9)B3wFzh
z<x4rJv{R~Q#d67h5)|R|+_H~;7eMiw?bJ;>YzV}ia3siX>#juYDlxqjI#DjWHv=Ct
z{}Q9SQv-vE^I>Hi8jrKe2e$Bt&|Jd%&&dbG0D{A|Yh{sxz{0>sn`Lui{1cMMO`{?{
zEL4FJ97KbPfe=S5KNORqoL9^QOmwg3Z72)wX9B12zj~LjMR~Sm`jo$i$+3FSVv&$Z
ze1IJuvJxZG8r+C)U`N8iVMTT8k>WrWv~fM)&4JegXufVHaNIcXDJ6j<PZ5@`7~8!e
zMWT(&C>fP?Y(|YBo(6MaD0hNEJz{7Ajji`KLX{rfHi&F@!duE9K*)99avG#t=#bH-
zN=Vx@0i?o?pMKg;gLTOJ9gC<BIZX+}U0{3(T9Y--3oo161bnc}Pa-4QWS=iNiiDz{
z+-Am*8P@U<0F*5VB63ydOGR^Z^71MyLZ|~N1tR36JZ#+`01Oc@w=j%T#~Wj7`z8b?
zziPi+qn@~95>1JlH#29g3^{C>Fy3*(@rQ!e0&SjVEAv9sO`7j8etO}pR8pY~OrM9N
z=<(I|$JZECh+kh!@d6*%4rp+X?}I+lZVXARM`Yu{5NCm#q_Z&yJB<h<SF{;@6@ik3
zFB<|`jO$~$wg!&d8u0TgGb~Fi75(qwdWO&SHDTrSjc_uglFmZ7DL#_;S3T;m8`cOR
zJ1fW|f}GBTp5&3%&MO-5UMeyC*r<b$SW%dzL_H&uf*uACRR&jr1_piqGQ5@EP1N5G
zPN;wCfAUkSKl+;^m<hdD(ByDhR0UAQAa*2YR30dTvRapzhGPwTD*>Q*{tfp&AfLm0
zIYh+^#DCRtXX0~5IZR|fT$EwM;#UB-U2v}<mSj<f<b+rYTmMiNA(Gdv2uvGM6r!&1
z0eeDV><CG(;@jmpB=cH=)I#UaqZI%HA+G^#fNGMoh|F7(4gkZ-N>%G?-+1TXC{Zi4
z!a<4$YdE~iv{Cs&;LEd}xDpsBI+c3wZ0odxk>PHUCBpKdqaa|mrRNCQgp3Op3*BBA
zKhzp)7WtWS({)KKC+k5$Pawa>u5uj%!3BJ=YZ<mQs%t@FUWhPEy82Cmxz-ck%NC73
zJpM9ff_vU<e6XL&#U@C^@!ye_l(@)++^^8Rul(|x+N;idjtH>rPI%uSVp)^yzwr2P
znQjfbdNtg3Tkv~*F?ZjFC2t{08&WFezqj2@FL=#(a&4!vRh_N33~;I%nM_KAMR1a7
z7~V;Yqv$Ek2TYh?AYcHuATb$O9N`M}%nOy0sN&YkYT9*GRhzD<=!*NQZmCy(nN;Bz
zo)(Q!Y`<Gb3KOeY*Yy(LC^qDUu2Z^L(059M+I>G?;ASym;G3}+_@)yB<qEh9zDpp7
zHyo~5B`YzlZdqtSK|8dYqsgc8c;Ms&B{H)*6A3afHrzt&r8?9$hwlDDtakwXKnxcf
z_PQ*T?}Z&9mnH#mjjggR!M>5~{8l_^Z|&SBzxQ{I8$mEtv0J=gUx{K(AvhF-i&Yzk
zCxLSUR%9<Ud&a#5qW#w7M4<NGe9~zi|J2U*H04;nQTzM!`X;Cuf%Bz^q!u58Hudo}
zt3JNQ>SKfMK}K8~Qo#K{>}`T$Y53(ES2u!t>2|W%x9_JYTE&~{h)^&pQB_zfd<x(w
z1ui7Cj_P)TL1l5nWE1ZIJi!-O{Rxs#fbBo0XeXqWag!T2dK?-N1^h$`q8mH6jblUP
zcL^OLuna3k8PJc$9Z5SB^d*5ayMJW#^S>Wz=YQYALih><;o!d$vVs4uUf}u!Eo_SK
zT$;M*Qom=N>iuu<_o!I7yCUfCTAz5&eDN*${eYCYuh9OWO`9}qMtjf<e<aajZcEG}
zh`Nod9ES!SBt5r>Ig{6@qLOn94zq=pHk}?1;%ni;)cAnIVa?KQZKWCIy9a@4+3MJC
z*-=7)SL`B!5RYZ;5h`#`Fhs>DP+ChQ;UckchD6Cv={+)Rj_SVf#Ho7_c`i~YB@7)*
z?yCZT7vn(7R%_i2yC-faxm)G4j9sKRR=#R0U!}^9@Ejw~)yA6FY|U$i%CaSD?05mf
zW7l@tnz?S95s$b}y5<D!z4+t2SgiX`hpz{es3hy{MF+(VVE7w(V=XNY-_o3Q42le?
zXabGT4!M;_+nDWOqJ`2+SX_izr(?7^VwTD%%vc26maFnjdsR|MT{6H^piJP@su8fC
zLuO@*TD-8-6HI*9fVBlU7<K>SWE<c;m!T7E8>_cvENUJZu<!#N9m*?+MQL#=<K8Yx
z<Mfpx8vP_s1{^Qh!|#hC{-F#*pF#?v=P)$97qM+>h!+d{0zCdg-5>#HK9~XKaoGjU
zOLV1ofc`+?5dbxn;R_>3>*-*aM*r>Z2CH#JgisEH8MrE=^!YHT0L?_JxX<;Z+Vc^V
z3acGMR85sWPnWZGWt65B8RuPjh7BAYjmA#6r&srQX*w8F(~f!YZMYWp2qfE&l#2QJ
z<74FGdeb8;;#C99=`z-n0lKOpu8^w;2M{8?K+{mLd*r5u(8VSKq>DSm!wDybCU?Wc
zTn$&zOz7rSycX8uQ)_pPtEbQeoeRkI?Cdw{VN}DUG2Zaa&qwDYGg4^*9Qa7*(A|fh
zxKCd;rkvvP)QOo~NW0r`Bk12o$54KP+t}@iFKr{6j!@uNA9&Ankern9EDXRmYnF0x
zr2)s!5i54wnTCn|VmLHPDQ-d?^I6@Cm_LPhK?*Fpu7m(iK(W6-u?S&CuQJ6;+3-4h
z1fjHb(+%I1knvvRf@WXTJtlS_Vh1!5;BUlnR>%U}@yyf1rRvPB2ycVSyc<~?({&Ts
z2M#fzKE5G+9Ap#Dv?Gh4@R@^ZeN+Qn8ve=^U)Nvx9(RmZQ2nwNm=vdo38!^m^L5L~
zdR7jtdhU1iN5MudsNsWzQkwYA`yMXx<BVN!_~ykyFF1dU05D-pFpDP^w#forB!Ym^
z;4%WK<*H@L_%`(bEbTsh7{OtN#AXsn5a+RA-wPn2+2Qkd2fJ7HZs-;TR&re{J{Tg3
zC=xTp{;$fiZaN5qg&bzx!ck{ca0_SYYwotVb<2I&g&Yhgd(&B2t_IoVqv7jEfoFhZ
zpR47}ta5;HoN(k>DvM9^y@HH76>dX-XfMb-aF#)$A7X@y1qyNJfo|(Y99V?>{v$6M
zv>%N_>`sgP;8g&@u;U~d_)t?~glRKE_XvgGL7C6eIuxO-o`8sj$B!f`dJh26L2JS=
zxVLTz46XogyXAKM4M8d~7@aq|2gOCWFADL{>?pOw1W2z!Sj#}I6?&I94iooevKL7I
zR_d1$;(o+g*g)m^kU*Exfq;PtI#Yz*q*g;pt)eX+MOaIW*8z?`jOP@)NfOjN-ZsSY
zoU7^w%>?SSLiODlbw}wOae`3)&468GVx%(3fPn~_-A59m4uPB{%-6&-*Mu{5JL$A2
z*VPP&fV;9$Vb0y5{UMeF^1a92yZNL;MHvTWd-%jg3Vf9)KqA!J$v@vgzkPz<YSOtD
zn8UzlHh?oi`m%*cA^-znQn3@s67xEiv^cQsssBZ#kYPghcCPH)x+MslCeVaD=yU^<
za4W$DS3Yg}wbf5tQ~I32c62Qg_kV<WLcJ+NF8EQa;7@J+>08!Vrnxu3z415`Z^^v#
zNCz#ikW?!1fGYv<FHkK>r<!<pg%A#IG&$Jk;mOM=fHwrAZf!|%ounmW912>Ls86-$
z1_`->Hz87oqGllmA#A)^y_2%UyEDsok_&G_b0J)dFNAAg>>zbd_ifNr2$`$E?Wc^)
z@#xx0#xV8RXJyMC!SB_rZvQ<aCEaFqQ_}2<P%T=fjc(-?xstO@RdN|XelXB4tk%Kq
z^}ABHu~#1HZAJX@#=D9Mz-Q_eZQA3h(}v(~VhAJNZ%HvVt|{>qlm=Y%K~nnd)X_SN
zxY9furHZPxdu-agNbmZ)=EuEld0C^g5;`Cw<2Jb}7-|uLes{dq_&V0o63dksDWC7>
z7Slbr^@-Q<UM~&IJ|=v;dL@)8kqg?tVvC5!UuzN2Ft{>1*-oPs_so}pUhiLNlyN_?
zJ_vK(K`H+_E<*<(D&;fXb(I42YAw`w-#&R32E*qvL6qS@%)OGIb$9nRVRB}|lQXBK
zc|_bY5X`hn%VGG@jX3=128SPc1$2X+aZE>tmYQi>Q3dt`NSha057c<zZ<~PQ6W-1M
ze>d(OBS0xD7~dGgFw6<_q-kAfV;vfd=?;xG;9$H@*oCi=*qjKOZkX5yq!@pwitz@{
zNu)X_Y06k>M9m(t4&SkGu|66)0D9z%WsKf&bPlPk1{Uo%3Kc`}1cF(l_R#YU{OJ;t
zD-F|)V`~8eV!Ke=5KY74h?qzKeeS+VBsmEo$x#i-c}Jk|*k5727B*NGG$AoDm2z+F
z+miM^m}@dQRj|}gI!ceC9*JKAX!0d-@hU$?Ktu#79!ZYq#V!yB=6{gv?{gF;f|!QQ
z0`OKP6BuxUI&@!@#B`V~7TnMRz{)Qc-LNm{xv+Cmy0fxlmfg%4caI@YS&JX`UGx&X
z>FQ`AF!#WeRR;(pjGgvYLLyf=2j2xRwmIi(LH#AZ1yj<(;>UHw>OrmpiH>!+mxkx@
z&G<aNxpVtt>I+JHhW^Rfl)eH~5K}y6o=F^LM_2b?L}6Wk{e$sjC&e+$+;UZvfUO?h
zgOVRL6Cb;68Ue36xW(Bs_x6H3o%AJ0)X5hiCT0B&l}ZOlH(0^@yVl*4^O*~78u^u3
zEh})_UO@Eo!b!30)g!!|xi?xa1iE=crIi%>T`iRu-N#ChGYoV(1w1mMNNgrXr!|1(
z2r2}d;;nd7yyb{AF6&)mYY#8SPE)*EBMl5*Dk1Df_RnnXfV1NCg}k#o4j&@>`uEuk
z#UA*ZVlf5Auw0p+g#IEYr;bF#t1-<G3|aMC#)Q`zHW-Z8#0kbOCF)J`6YK5q1X~A_
z!Ke7+mw}^+{zz^s2r&K=>QBC;?_Y8g?!l*ALEp3$MYKJZ>GwCpIsHC4wrC&ZRe{em
zd9_&VuE2Uh0FT&HriYlGj??_P_V)p&!2P|d8ifg^xFB)=OxFw$J67j}!u2c{6*aVA
zbrGEUMt-}h+`ygAULZg)_F)TFf&kJ7h23>mEC@x3Q5>3YFiqnjX=}R(n;oS##J{lB
zVV_~p=xJ_JjY$R=@XxnNnD?QB0`-ZyMkEsi{OrNl(RY&_EK6`j18w?y=u}Es@ETd<
ze&ROcV1EeRK0Y9jf}Qi7gB0Ko_Q5>)d^k#<T)P4Vu3kGxuir?&+~C5#(Q&<o_kAhP
zYX4&Y2=|feg^?=KeF#%^TUZNS#X{#np{qoJwGiSr>>Kd}Exu1&(@=TeH+Jn)G^jqe
z7S(I3urVFKe{vljxXG~1Uv~>-s=@TuvEw<%kx#vM18ryvVdFz8TK1m0r-V)u5q=Iu
zVmF*idcf)gR!R*!E(nNGcI>PHQQnzn2i%NL%YwpfMv`fj#uxNhygVA69ww2MwE5~y
zfIKw6ID$E{ji-5#W3XOj#SG(C2%oB4jR-p1<gUbPgMsRH=|-s;?Jl~6zZYM^--}(c
zBZ#+f5|}gF9#j+fB!-Z}ZuY9s<GKN^L^>T)g>)`a@SHN-Y6$i<u!oWrCQOJXD$)oD
zhGfq~lJ>Hwpjy_32<zXq16A8a*-_%w6P;^BQRP!dwD;T%-r!myDRrC}5Pw>M4JeQs
zHU4l|`>YP!vp3^#rFhL^rU;tZ;T#}4hy&{3xleDxX2X~pXoUi84B$<7ZkAI_<1#oM
zwbs@2Qbta*;d!mmFYN4~s&lpQcJE}|cfyneezhK;q3K@ht2G^g^(XcsHnM?P;0-~e
zCQ=k8S|_~86HI?X84=-X#@YMQ&rs4m^V312o=kg~u*mmTUG6j^f^b!vx_2o`U??f+
zF*5>}*@?<Xw)@l<dGaJG^QmYQhMTw8bkOL*g$EjXOzR%w?7px?(Qr<@CgdL2CALUd
zegf7V*#IBPx{hglDT>UjILmDVk3ZWWpbT^6c8}{4J;pn(A}J)B9~H-ICz<3e={GrE
z2yim;1~)dPkAvgk-t$3bp`zecI4jq)38K*vY`U2vgZIP8Ysl4bJIdq&a!kP;$bexx
zD=lbns+r&k7!xpmcM<egwJ0^_>fu3X@*irfv}9?jWJDWX<@1usL38SP){lK>H4vnI
zZwtBx?NxgXK?TKM;A<!2^koH+c@CCCy|2$>21PiNwU(sgN#`Z{dF8kvwDA(%yqU07
zlxuRvTvEB3)J2+`%gy}w83{xhDdI|p_+Ezrrss+Qy;2M@7Z6Ub1zqIig{HkHg;k~i
zxnn#u7{g^!1Dal^?yR9J+Txs1--`vEC*0;o01N2enKXOK@szMLO>=lToMg*ozEG$~
zlW2v`=!l`v>XR6E2KWq6$nri9xh0b__JGq3(UGSlp=}eYpf03@OvnU51}L)zX2s~#
zET9v*3FR&m+YtFm=%j}#GJYet&ke1Vp;4mNcQB}OHGLgLlgO9SiYw^$OD<`dx<87O
z@blq;)M|MzyC&z8uz7UNkQa1zQ=}Qg`o0~rzHb}W_gx=#(qbhr%9)lp6|1AspCzDN
zS<fR1s|EOPDuzJd?Tp2e0c4wuMHj$}W%L40#$0=d$qxB`s<u(I1xdCI02LX2B<*p4
zamA0qO4?2sCf`Uj@+HL)Hu%v`L%%J5M}%JJn#L*}3^|+f<h(7?-N{&sYQ`QZVH>Fr
z?%LK$kDk<f+1}CKc<&{8<ePXEJtNJ>tC%Tn>EJ?BhJZujPt@Mv1zH;*+rzm;o}t-8
ztpDTO1L_I_zm@S5&J9>a8TvwI!2^7D(1BF1FVrVm%?2gMCV{V8I%QCN%9N+D@(Pkp
zJ}0O{miN2S6p{|j0@2qc<z8Qy^mNcH->y}t;_#y&w!lip7|xG=tYAD4BxvC{$WxqH
zj0V0cd%p&S*Q=b-7Sum`p+Ev<9C5RkysHiz(wts}m5>!&LJCY`ltJ(Ifw8Zc13N|@
zq<qe-bMY0LsfdKx`&fPMfwzSFJr0T`{$iCUjTquUh#>8jr?^Xt7#;>uk7Dh57(4nY
z>&ByqQhzAgG7hnBLRDuryF?T&K!w!0Y^(SPgi&JRmh782k;Mf3*A>0Q#w)T)M!*;o
zalYsiBq_LL9LWr)!fRKclOTCU@AF>#G)Aly$aV(_Y%_EMg%soNHYI;lU_GBZ@@F0I
zz+-lexh8Sw^F*XPpQMSQ<Lub|=8i^Bq2vKXp-cc7i_94bRiQx&24p=^^oe^MWTP>A
z0yn5e@-at+VpNNgR%75K29@E6e2Jt~%ySEU*c}YFC3Me3to4n_<Ko+1{3@dGLV2I;
z7~Ys3GURRSR>Z3evQc_u5ZLsWWBg?V;ZAKogI5*L;r{6A=vtEnfSVw1Q+drZf?6U^
zX5HQZ&149kYmT>fV@rf%xqIiq18dp%_|Bs{AKp8>_vo<=GMf&rg+YSZt!r+4x4hHX
zz<s|yY!tX|e;%bbh8;hzARcP}ivM{Zeiqj@{M~kdf4^$`c--AbTnBL~O9yZU+!PMA
zUVGO^X}Z0h8`CKL-f&aB8)^DIsp1OTp=7si;5g$dSJU)bAS^sGC_rjv@ebx)z_oqT
zh}@s5YwZf0m~!hoVu(*7VE*oeflV+ceB-Y7dk^PEx@GbH@dV7E#RBsInj(g_M1d|5
z%0WqZ;AlcBfjrD-ZF0r?T-x|ZY&9rX0UQUBTYm`&CjCqqNcM`ady5J;r-Yq|jj{%O
zBNN=N@9ZH$KsN~wtJk{%JdeoX=gpnlKkyJDkJimRz6s|NbHq8y-D-4^D7M7ebiiZk
z7#Q`;1}OXeiN*rJLn6gkjjr$(<OWeLG6;@t1w--J!z5~>f=W`eVF}Y1Ig7LqdcFuk
z!iYBCz$F*{gNWrYIe?g_<C0t&H0#*6(0mQ8Kaa~@dVYz$;)r(;@|S|Y)S@0dABK$w
z?!VOI=WnPvx~)r~;jwv!V#qdbA};GX=1VsFB0ag<07={2^Zg_&-B#9&GbN}=o`1(@
z3`1a)(j6jF8geFXyO98)PcnM>p$4vkumn+JkE5Iz0YUg7ZWI!J;Z8r#Yefe#zTr_L
zDCVdGi$DX({_(kf2=7_=b~<VJBIpA;@{V3{mSo_$!xo9eN}{zz-Ub7iFbv&#iQAO1
z`B-G=kl&a%8`Su)b(saTh=fiVqM?V1D^HXq4;3t7G({IX^_g)i@%!Ye@FBn}yW86B
z#n>MOlE>&t<V-nM6>@&-{EdCppgw=&ybDPX9fSdZPD08-ykJp0@JY@WO&PnHq);;I
zQUSNWq^T552bmG2!wfb)?RCP4+iE$Pr`3rB^r2KAN4uKKCUPWvYv=Yoh$=`wfP{-^
z#|y3+IR$d#I4*sDlusZ*6ry6G3?Y{eDOfO;h;MpybRyQ6Q_w<>M82^J4b|pgBrDC^
z3r%u<+L(o!t+S^~^dY#d`2p#HNtQb#%@C?_G6rf+%Q0AZ(#aZmCW#;{W|?F=(5*g7
zJTpejlA|4WMf8LtUuTY*IYD4mI+_WNjPpF>4T8?VSw+N@vYK!Q<`9!|>|N2R3zMAf
zIGUVKd{TT($g#%L1?HMCbubo@*}yMmCd>g3zzxB?SHtm!@)8mjdf6gh8@wr)_jt|&
zQli^0a-sR&&g~C1eNwdb$Ptx8kw~lOeSCz`q^hj_L;YFv2i~~NB-+HA3avuzW)3bV
z<w~P|#eIa_zSkJkJ<eC4?M$m>J}xpF^u8AdsS5N$24!m{3-TJkxiKO02o{|2kOAjC
zuW`rVi>8hv^%=oI=+{xk(eh`cwL*7z2J_d5uKGk{nI(}bo0tgu#>pCE3COp)NM;wo
z-HM}9pFVXp)t{i*CrbU`=5~TsK5m}vmR8XTqB3PaBbqspTqv{;ewh3C$!GaF$EWIx
z=$1RpC8@dk(6JMo><25A>`Ag0i8}VW2V`hZS)surwd2(0Lyx6MapkrZ52<P$lWddE
z*XV4`&G~HOf{qd7>29PN*E%NOxY_#cN724s5|KALKnHTe+pCthSM6_4{M&!zy)=xI
ze(+{ua4CQv>A%}Gn%2(?*g?+n;eq!<5K6_@&7F_$Grn%7f#ioR@!?2SK!18#Oen5M
zs8TY>W*}o98zo;`ggMNoUc<%8v@ir@Kfx04m{T-Hs$#6*em0g|NRtAQgFtIpJg=^4
z2~NXpDi0;TInC>_cfIhHIe-OkxRde>i6zDABcbAu@EA>nG=UVnZDQ9)VMxU&j1t2q
z<lR4U95uN7*q)3rHMry6In#0$P>Cb8-!p}i$p^XJ$?8Y$HWj5acsQbSbiiyGVvB4F
z$6FxdrBv1t8Nq31&YJV#MJ6UW;NE*6e1j$D5GN(H)pedWfDg5$9AADO)aVfcPhmfh
zvR0)5sqo`abBQBB;DJ8~Db-LInF`k#{f-K^K`i;z0mx4A7j%%R*9;U?#O~FQ*hsir
z`4MCJCJ;H}?hX`W;FbtS1<U~HE1=6$T{PQ<#s=c}Fgg$zU3R^Mh7kY*FK8!9VWxMs
zdOUq9MvsGJ8r+k$d8L0Fl6$7<9LU*v<*|xIV0Bx!K!G7@b-pryl9+KFL$pMRM+q5^
z;6<=3B#rr`+JVuru{?(-gewoR(r1g5p^AlJrwHiT%#p?w#uXi~SB#@^%Ip;2%ef+#
zXZ2P$JwReY@HTVcW-)_TK6Ph>&}$%<7kTIujzn_rz#Y@8{MhEfGh{MQI{F&kEUWCy
zU1M^m&^L3NjG~K3GP+0w`5sgOx<@D~Jk@dJt$~`nAyK#YqqK6EGip`jr+Iw;qa;i&
z&qOz!XprkoWK26&vem;raCL@H@Mwpw88D$I=oWZ{E7rg$qRAQ9TOS((;pHb^j)+`X
zM?()*giHx)C&-#*Mx#c)VsTnNlV}vfLU|NT-+~~|h!)x3e!jhFR?Lz?QIjvtxjG*a
zJP-#<QgpIM>UY23fkZbJ+`AEKS8yP_Bad7g${4xhbpkT3ZVd{ERQ6v8;`pR2NfPJc
z3Gu=~)E>U>Jy4zoNFS<EWe%H}VD?wgiO|c9-=G-){2fV(`mpH`>0qy2^Bs&d9hA%c
zk*jf4Hv?-#Bp09GH_Lt5glV}7ez>Z;vqe4fj>pw8JUuD!Vrh!j!o4Yd1NvmVsauEQ
zmYuS!`e6)1B~J-Yui7k7FpQD?dex?PD)%Yz+0_)M7gVavP=6Mge$#7Md9q6E_f=BG
zUV7tFDjXR}65zB60biF~zg0bpcqFL0tsNtj5gKR%Q;PMN{N`8*d;(!qc3I7;@|9$g
zZ@6J1>#(q>mVk&TGL-BMJgUL)Z4DmtNptGWpcbXJmYurO4IAbrZ0`(UA5_XU%@Tw~
zSLPA>4zIHAP|TSu5kMrW^-+UJ?6wh!cVt%@b3Rm|d*76dUf`~_#tUA5l`n9@N8<&T
zU+D<SCLMk4C0;P{0YCbTgC$D<awNpOa{qF9b@+Pe!$;#2)7|4`dDiH0CpzLw4k5ZS
z+^h9Ps)%H%67T?3_)IP^p7mmG#?uPq7%_NFvgq3IWHBa)AuSAOpQm{SE2op#?UqF5
zc00+O>qnE!S@lv#)%N@=T)9Ka018OF<{Fe~<`&urp}m-fdrzObUc4ynYkgBd`F_@E
z9s|L|Cq&)6(m^1L54UeFD&KkSx(OZtFN60ifJN?*fJC5X!4J%q57TgZrTW#b>Q|%c
z;d07V?0AU1J?I*)iQkoNXh3$8Uhr<^3Ep<SZo4eMp4~9Z7mcm(o!(@{)ovjxfCxtG
z60TS4s<<CrD_B<kYg-&r2-#JM-$H7|_LqF8T&B@~!AnSi(tJlBVluPu`zM~5JnoU>
zfDHjgVD|>`2sEj2+2x-%wxa?-2K%vHU;~|EB(ZhNYF<1|2n9s+ksfA6G>sy(qh<t9
z=}28jIz{4#NtjK@+d$zT)%g!?tgvBK5XL8_aS`aWaXZ`&vCWLPTW<3w#gW-ReajF{
zyxn=b0SJ;=f7<Z#`F^zJ_d~(X7rYu3yc!pD-N5E<VPX4fc#PY-tt(B-IwG;Ey~SfO
z3w}|Dqi6p4rYmaG48f`MCU(@pH<=%T$&1R$u4tYw;I5W98*m}fYeJ%gK&Z|4V4_B1
z$qaHY7H)YBuvd^R#c%as+4w3m+bF!t+)Ud^ifLQ-9TrkgJ4M^>CyrKit8ml>+#(1s
zka#(RDLnE)qVfIK<a7Xjs{akQk*{gxUQk`o%9wQXB?yv*oC#8RHo$s{)PC_r>{Ro;
z8*kp`d(mGBJS&zbop0}8hB|l9>}%zO4lcwB@m53Ev~8R1h~_Hm+-Q00Mr*yhI(VtC
zZKvJ(X>GMzU-4ecU+G@E*w*fNp}rER6}<K;G_W63j9+|_Z60j&i|+dEH1>$s&F_1S
z>K=*J2h)X*Ipzcog1K(UgTw2ifgq2-_PCyt0$8C$GJcckQPN5E<urEEeKZyGi99^X
z)pRW82R8fwukz$se*USp)5&UKSvjH%WAAE4%9NA%%wow65(;}dx~;~RnU<!pwNtnf
zHP<n3s?%`wL-~YW?L-tDd~`5wH5-dKz;IW-SkteLbo&`Sq1lwR=^!~Lb|UGQ7C9`?
zMM+KE5We5QX|2HRCC_SO@&y}neKBEsk)L(%OP^9T-ka&Il$~@p?$N4qkB+GRPiw1Y
zXH`&Gx}%=7efF@--KK4Pkr(ya-P>RKv$4TPG|oPo{3O^?sr~QOZFKbUq)l#}Z@e>K
zCJ4SAF?sw!wlaLDIJ|hS;Fn(01wRikk}ndoFdud6rfAdo;QQRpu(h_a8qMB+EgC+P
z9UQ!9BQ%b;cW&SFVb`%A?K?Sm+Z)$R@Y-T=vz)RUnxt+~18(5lmT<5ZJFXGjXT#?x
zpO0jVkP95TPWg@rE)PV0n9kUcaS5m+Tx#!Tm#FKV^gM94BmIkMM{^1VO-DTro&V5j
zfxyH;d*k-^UUI)yADRd<&>gGwirntlfql*~CHfWxv#ra-yQ=l-8Rr2aEK!Q_fVt#I
zn><)+_Izd(dK=3tYD627&x)yH<=^3E7d?duUC6uaFr=>_=}~zIcp#t9&<$r+W|L{*
zeL>~>2G1QR!jgumBxqvZc@+X#8Wn97>*$XfIY|UANZvLK$A%$9p#;}_%Ghg~>%7Nm
zag%1|!uKaH^ZpC1ES=A|KS{Kbu{ZF>!C6PO%6A04p{jCrnkN)7k0Znb5XIw>Pf!s>
zoi+kt<D}LvHuRvk+s56JP|CK7B9Lv66Za&m^<qH+4?1O;V2p;3^wc$I+@s;E*{wcY
z0PLWB-=Bu>PdeX!9KQd!<^6{xWbY`J;I-E}12nCo`W*ONU-2dziB~g`m7&7TB~6d)
zAR=V{N_d&=U)j0+KKt_CC12h`(|*XE7Wm(0>$(I8v#}%K^Aa?q*}~P9ggD@}=m<Nb
zr9rnykzYchDOY-t7ua)xKXWr#LK;Vi?5EaXclq>Xl_Qo?7NYzxUq$WlajYU2pxnv@
z<cNSE8}LY`AQtFdCCzK^F^tzOCND3e+C^^7lAxMQ<p9zSehuy~zzc90^!dhoW3WBB
zLyUB1VHqpmTR~niU8W;VX`|T>f5<5IT*>E+N~<;bi^KirS3{TKX41@cXLe4I_Kuy^
zZBUd!@xw4kcdp?Zm@2Z>vt3tfw>r!7rJp3cx(SQ#tQ4nsjB;WRW^l^msofpxE=$Mf
zW6TCrbJTlO1a5l>hvO7(0P4_L(A}m>i5Mt2pxXNEb~GJ&Xv12tAGnk{%b@QJtf)ZZ
z1jmovce^ZG!3uKF0iZcWZ6H8Lc6^L}sgP^n2UN701GBLrkKTPeHu2lRT^!Ul&<)CT
z0}+0~>+g7|m8<6HwT?p!Wp#<mNk^i<fHT<9lX6X|D>jVQAkBqS?xzx|CT76|EA$c~
z-UJU&`=h_RLCMi%S^!tZ);UF|Xg{av5fYQCr2U$~c%X}r&H&I<z{B0{WaxY6IyB!_
zmt|VbFjixdgh}P2k`(m_@C?-n%^lC%p}$Q>>D5v9N;!grfB`%8SuxIcXdE($EmPHX
zyH=XBul>%1$j#%ijpIBXTSm~0?QYWG2DzVnoTPU6G-?HTdrUqC_pZA~#;^vilgqLo
z9w<PHE-^|@V2<3F_pe;x*~-Y1UibSxM4GZRRON<ol0Zt_5kiELaGsT49prn*dn30c
zN<!}jELu2aMa|yP2+FvBCC-)%PxSKK^_OS*p^bkF02)8hh$??Q`>;>Pvb4}C;|h-F
zSLLWapxTExF}4Y~KWJJ=b|moR1;T%=M8J7ZAK+Fy!wE%tPGOxj1_@tkgaHXgipMbn
zwsq}R++0sSNEd>!Q35RRwp!#hCZmMK0dX~}Ft@`ZA8YiJG6Akbj!`;W@QF~-L3kOR
zCB{j$v6N5!PG?1Y5J1K^bDd~xle-e<`2^T>;u&gxp#+zpfN>$ew5IIXa|)njjIXJn
zsrv~dJwJM@BS+{J_YI6x4Pnu!9UW%Daggwy4lDlgSd>C*s1oZm17!`B*n^qcV8lL&
zT53_NaQIt*euh2oVh0%0&u_qB&wCLa;}|e8FD9ZUhKqBXPI*mHBEc!n=5)1}l?hqX
zNmCMS!Zj$eK>HB}#7SiD!YXFGZ>x_|WRVDQz6uF~MFmEX?7)$ds}16Eb?5dE0oD1?
zhHDEYxr2j0gWsdjYgU60hGVXr9HbkS8Xh;2&-<M;e2#Hs$By;(;#})~XDP&;T8L9A
z*w213JCC3#eTXA0VAKZ#lhk+#aX`XpW6(pGrkH!~;~7!fz-JJ>Jfe@pM<7ZExE#TN
zP2``JCSq4b2UGz2u)PEr4TxhV*s<1v^tR|F=;~zN<c@;rTIZV+tfy6^X~;yefLoo@
z?6Oc*bBLYh|KKom-STw0&LG#DV}J_`Mk6foiT4L)|1#iMpo<G&Urn~YLL(Drx;+x1
ztaJBAXshNIYKE$NQ-50(8-d7Rr*dy<dO^BBIq2}2#2nK2ByL>?quUN&-u7a}RJ|0Y
zXW$ljl{(twt%$@OZc32BHMdp}YD$+q$C*We*~->v-mSKtHj;as5%PN&`x8cx>N*uw
z;-g*xQEb6JU`&lvOAxa<`;ZrO<)m<M2yD>~0JLPeqF7Td1@I&xn*qDfiSiT~Ns<G}
zqLR=6(=SK^BJi$q2<Y?T=p<jddxRn(Q6q$CiHsexmwd9AQMzQ(x4K5mi_+@cUD0z#
z2~HTVJ;}@)k#be*3SK}-F+Kjy(YXZ)VRqWpKF5V>Rdz{|HU9!;M##)mHdt#ewnsHR
za~(bpR7&?D({DL5c&$MOBf*2iO)&=;4X@r3kxW`A@Hu*=eUYgG^CQ4KEEVe5Kr|A-
z76~$dK^EX@ru3gpAe2G?*MzX!4j^J%L-vRP54va9n2{>r)_~(gS2ZO}=$KKE*XAuV
zO3$s@JXwN0nbP32<ZSl3`5@oZORpqnIMC7J3`Bd-ZB~mThlwAAy4t1POYTMJuP`Q3
zBfs<n5qdMV2m7mxmMQ9q<#?m9vE~h9^-<_0j5|<t<f}PK8I|B_o%{4ICYyz}h@e1H
zDLS}7v(L&Da*p2wZQ`7A)13*JYj`Sn2LlF%9(IV?p3ApUn(2_3t)p}~5b<$9>Cun;
zYltVJh#o-pSvdBuChijrmx_%dn-~*%zw{!R<m!@4-R<nzy7FKral*0<i+F#59Yacs
zh()isi<;J4x)?$>wXHa9h;D0ue>0YBb_gE_q?FO8<9F!EG#Co6ZuCa793{Y2@{Zwq
zMY4S`a$ICJB$oiAW@dQ42C*l$HO#)F`VRzY&~JQS^Ogu&8R}-0-N4u1tJn_6EcDv8
z+lg84C5Iaia5PA_4|fT5%v-s&HbIJ%04j!@U_fJ(bw-sIXR37N@r}TBdxViKSAWm0
z^Gp%I**Sr^CSM7?SIYn*NWPkDuB(}|Rkmz40#DoEl~|3X?1)(^+U=-~fo<w1D<pGn
z5dlaRFCgVy0$eG+Cm4mEcSjX7PIngPt(R>Oq@Nsvw?YG${nf0|%gv|`p1q%1?uS>v
zSZNMCg>7(4fRH&yrQ=|g>O+;GGV-tB#V<EG%9L8jKDg-5xxWRV4VKI7IICsZSy8lV
zM_f-j5ZB?IT~O;~nGU?7ji6$8+*5D~j$tMuvN5>&x)f0b9sN6o0Ot6#4!qYuHaZHt
zt@*X%au-mR;njfuZcC6ZaRum~WjV;+*xy`#)mC|wRzbID5ZN0??tQykIs}!6Ev{s)
z?v5M$j!r{Rh^K>FgFA0$l*U_XFfK=s$9MnAaM-*2&T8i(r8#Hti&cs8Xy9$O1|Ao)
zL%1zES&s!aMfaR*ak-8(#yp*x^H*``OTttRaOaUjaQ|^|ReC*aW7S@2pWEJjJ1j1s
z(B~c17?E1{u@sOHGKRb3TO2L&I&ER1t^M2Atd8T_&TU`@?m&hNvaF>abDp>R0L?Vb
z#yRUf_5~N5FoSZ*N<&abRb<`~_qI_gTpC&Qa+HM|&P*DYDul$Mwvq{EK3^{|@kk;r
zL*yucFY^tdC2K}B37rnnSF5DtI2FS)39>UI#Jc%H>*Xx>GlM>0?j0w_RJeE2!XexP
z?iH^~1IGkXnei|kA>DM7NpS1@Ug$YkRgX|Rep*b(0STNp#;a0pavCMtj_^6cTv^1q
zVrA}C&Ps>LR29)s?BAhK50|`VH32!1J%JEld8iQAoEhBU!=9%n#bn|J4Agu#$CTlf
zq4}VEg5~2?CJ2jyHQxA&aLxD)2wc|~5cJ($%*6yI4zEdfiMWYbjL%K_!SmP-jF@Pw
z90X|zL3bH~H<2WQl!?)#hmwh+1&H@T@ibc&*h{k~{KMe#1^EH@lazD)p6dSD6P@F=
z(7JjJOsjApA46it7KJ0jH)E=rVucB0Dk@6pxsVGJMg}bqtl+-On0b<Qr4TSR%phr%
zjkrLB3p((KStGWpk61y?aA#I2rTMGKWBcyNa|A|qJI-rSqT#zuZXK)Sq=d@^n~LS=
zAiKx>t(+zeDxwZXRb5bq9rQan^aJIbPqTBc`OX3^mdQ`lw85tHX(ppG>2h72u!tmC
z6v=v~3}wJ1wP8%(m28LBKS3XcSkpA|@6nMEpW#u0Cyx+cEkvNFIDFdZE@XqlxaRqR
zjE>;f0_?rob!%{uBqUc(-GyAB-ASB^6x;*}sEaWzF&F|j=gs7f6B8?Pp~uIOiW{>+
z9989PU9(w_x<r-S8VtN=PEAw451J>pm5#HGt(Mbim2(C=<AB31K}$_l2Cv&oK13%V
zhUv80Ebb4WXkt=4PPf6PM#+-|ec;~Nu6Xjx6+$mLolSgr21wqpn?Tpd9i^9J6X<`O
zm^Yd3M6a}&mJV!{-F;C#be8YvAt__2l^Osi6lfKvWw*T}!PxfzZn?_N`M~n5Ng_L>
z_GH*D5ZxJ*cX9e)nOem}z-e*)Fug6r)&()7`2mC*4)6^_`tC|g?&-ZG^#-78p*8v%
zn4*yor;m#-@`xHMvxyLvkZVponbo_6!VExt#x9QFzp$v*V&U@_SqKA(ChM*S#JGi+
z-Pk*TfSt|&NecDEKZ@YgJ?KS1YX~P68nDF1Kegb>;BdWS&`^3OxR`Au{-9mJv1-aa
z!KMqY)d!#4dHUh~j~*Z1x%=DF5BtoDq#-?EpB`Zx_ma-a5$MC!E29KccVytbN$ICy
zvY9Z3e!Jv@%VS<TZdmf@p(hSH*q>mM!E#Aw77=vC{UAKOigoKrv|(Jw$f{*{4Ho0v
z=>AL&kHj;|rca*9*2?RpP`G*ayqK@&X5GAda)ln@aj3-wcgJ4xc#VFB+->ixf+QWs
zMV418!P^w+?9>}3az(6Mv{d9<B<TX}paV`pzE{%kX7l9%{u3U42p0yLmHz(kht-bb
zYQDK!%yGa(TWQlLtG<FDWRmwG?)RQ0Frn}T@dzJR`Fc|B-j}%vh|DLn*Ge&c!v+Pt
zDoPUp5InuLB34<~LY)B(sI{X~NMDxpV!J59iz)4<Z1l<y8V<`iZbO<1A8&$6NNR>1
z$^s5yFZnolZxHMuNUz@5XaWVItf!4%R{60br>k=h9LuR{*oz}(*BWs#*L_^f^?=7Z
zZ0%1vAXcyui86ES#SntgMXGXwtd1FO$(a7V|KQ;}cOE>x|Ixeme#g>4`@EsQk3uMF
z6S5JHR0X_bYgg`l^n?449)8s5ihbT910U+zp|suN+!4=GnDrxw#cQIQ2dgc9I$<`7
zaQEnIv-rg$$l(*@Fa{6cyhg{9!Glp6PdtPKuV9jf2caefj`Q{KIJ+HmH@(ZLcG~!b
z<}NHW1P*UZP^y;xT=_6RJczuV8J!%q{hF(DLOyqf<tUmozKF(MY4wOe%PG-t19X}T
z&v$V0G*>b8mqQ2JGUmAJaLgSE66cubZ8D9|qSHEEoEjJ8EIr{cCiD%5E57z9`yr7N
z$KYj?1hJmbSOCYXGSRh#Zu841Am0qfK5raT;(OZx^uv_Da5hEMX>WY6FX$B<!~%I&
z*$kr?*&S8Ah@fpGM8Ayi00|CoGjdP>OazJjaF#4N1y*FdULj<ax3;RXHM|A~WS7FL
zY1ncp-Uv_8jh)+%n3lH%WRa#!v>+=jiT4-f<Q8U+BV*Cmm7*nmqO&ka5@Sq&Avtq}
zm6v7itH#JGoLwx$8U=MHV>)m4pCz(MgUCL*_x}CIhmU^Lpt8Xa!B)EC`ztA`&~+aB
z%%0F<d1H?|ob+0p?l5=M7$ccWMzkY;K@UB~)?D}nrU_(u@^keHJfumdWidh5$^!HB
zy4g5iill7Z{LmW^-A7x!8j*jNvB3N!hyge&j!){yjUBdOHkqu{A(Ll<eXELvXU6T7
z4T2d&(^$7i*)E>#;PdW%faf{fUqv-{Bt}BQe7S7>yqFcxXYRYQ8!HYU@=lJj-+big
za=lstmSC{`-we0^n{l!<3`vPj0xIVhH0P=pM5UCbJ6s%pHWxY9tDbAYf@F){UNZPm
z5H&(u!xcj<GwP2?gEUni&%1BDagYGH-=yIj`Wz-;L?Cen-{}J(8eu)^XM@gi@`X~t
z%2%B46*x`JrN|JjPNW8zW0LhIqhAkva#-=T%P8dSv-Nzr$1df@KPkczpt;rPT0f~E
z6;}u?yvoPOsGu8!wUNRbRHulVIad^wD5#nYE2;*4h9v_YKe8C$ICX@hAmd0nS?7{&
zp>=xsVrqm}RAe_>q<${I0XI|woqPYz)+xi7?e${FB6fbxf>GGxn@PwiEb=q7I@oJf
zo^=HGqc{rrz61Fb9&D%(1oiXx4x4$elz(&&N1bZa8pqXSrSEfk_6D0Hym2^d-2rVu
zHa>k2y-^9yTOq-DYv=ZRf&J_d>}C<c`5;HPZ%Wjj1zA@F+O0}s1asJ~#lp!!%aiOV
z$LQk}V^!GxvAPX$AOVwg2R5r62|h3*p<obX;Nhk2s!#DkdOaPyuH}d6fF7<LqnK{`
zkBTkp)s}LgH+kwLE%@87=mP!@4{SUT3X<nbP0c_Dbk`hEkH5}$lN#iRd6mOlniQ>=
zk&M}*G}A<A8Pa<LOwYM)^32RAu?cWliQ!OOz{tni8%8ja2J5URh6{DVTK4&xJ-~pH
zwYXqi;DjIWJKTc!muTZmNGa<x;pXyu<de%hF#HVRauaC_*GyZ31~lQK1j=fwQfJYq
zg9fX(_+F#CKB3=7pFDV=52s|kLNs8}PTPJ#wJ-8j$?llVPDlYxs-wFA7oWX78t*+w
zI$s7$j_oC$M}%236HK#?Yk4FI1pGiZ_EcMsdaI6(aZi(IhKgEz8m0w%XRUI#&mfwx
z$9st^cg`{?jC{8=0TL=jP15MOJuBUB?s%K%zuI0YIq%HN!jnlb4v2f0n}BKG0*72@
z#SD#-3%lDHtI>8+?wk+AE1MD|<sSDS3ryfmLL*2;Cd*cn9S)u5+$n$1cJv>#o&6BB
z8h(Y8qDY@-Pq90OsvE+65!$?sT&F*g`uM8hdU7Biv3d9H^6R*$I18^|HesRzYyzOg
zu9$XGJXQnOQH$rsCl*eCKK-&CRE&%A?ik>R`EE(LUX;%ZC0gD&i2=;Sj=(EL1%RfD
zMVXQd2iw%LItlh8)}Toqnsd~Kv`NQhV2e8b`lHA9i5<AB1|f{@6aNe^4YlwCS-o_^
zSilkRqjsJkFqo&NcshVDk73WHue<St1+mC9ysaO5PX%hhd*Ci6O3Ls)fq1`#3ZM6<
zo@EnHc1ZvaTzxC!Y%|xAY9oAUkam_`;Cb5f=S4lZ_dE9wpT2kJ{)0~*-Sa9Q)DXh&
z;suO;Rhf79LUZ9N9w5jVB<G_>0UChhhs?^WTQNfjOiEHes!$bZ&ZDNstQ%rYZ4mLm
zw&fP1eD?-vFxw%kZMFuEM~cMT0sPk&j@zmDBYSX!JK`>{P8{}jNb!DFq1Q+i>*Xz2
z{&HN-ZYER8?G|WP<ACc{KLFI|F8FqheOLT81-&L#2X`b2bs+xR$iz**F!NUYfpHPo
zN*cwR^;iPssbG2y1qro_W*E>lcvb7r$sNw{rEKicQM0ZU#$LL!X99f5MMXiBno8xp
zFiC`@4)pUFyJIxlVzR(77CJi3Lg-qXe73Hbui}Z}U-i_oiMjPxWH1{R^iLifKDu`p
z7|`ia7&XaGUmR`)MpjrUa@U{^>SVR-B4SBElUT7TQMeNIaAFPd6ifr*RH6O!!V?_r
z+hpLkt6<TDn|0`I`#xYz@lDaa#aApBo#X};G2Yi*4e$+rw$KfJy*$fSlPVdog1=1}
z7f?q}7T8T5GptscqBZb?1+qNB>4|`@aaHmDC}Usx44l#jJFdMQci8uykJA0?){OlD
z$Lyg09pBS8FK8j#neGe^fH7*PV!|bf?T3`X&=hvdRqgoCwYYBylWk~Ak7{bxwIJ}A
z&>>XFM?JC)?e3#%x$lvy4?UJW1G{AJc{;d?R<h$^&=3I%U^7?S#^l<fBI%|2Qbd&+
zbHvJPXw9ux=L})1*H)AEIfD6z7OuHQxD8hvPs63@B~q?mi)iV-jMX+&ZJz8boG}FS
zA+zhH>=HE8<~4zb2|3jxm=m}Ec3ch6U`}>!f~6W`%@*W;DCEGgj^yu!zp5M$s^{W(
zE%_3V3nsh<3^;Kseq5Fl1yQA27<91Xd=qcc+a0q-DFs{vX{5BmFl0I+-4N)7K=_Ki
zTD`K6Xkg?G&tA;#b{79Lu!6-3#VxFeIDSa#BPey|h|Mxv0fG_&A`wKCr`M?Hx!LkA
zP;nQh><Mcexf$ONXgd5tw{b+^)4_IrWJsy%n|Ch-SdWbL6j1of<-iL(mTPb0J-F{J
zXr717ehpA*aXw`0ExA<ev#)SPmra0AAZ5Bch+vrl)vsRM7)Q~Z=+98`M_$J@KrV%s
z=V;U9cHW+`Y}4Rj$QViXEOAdWN0jm%6H`FD1+i?7{6<Z{$=KbJs^Da_<`9RpZNNTA
zmt>`d4WCWsAX{lC+al1S-QV1?nfi(FxDz*S&Uli=T&I~Oh*)r<5sENim|xFtwkb0T
zgpn;HGT?OuD0#U1I@lQpOjX;qtJgn3m5-=|d%J7n%7JaQ&~HFu28AoIe~=dJ;I?od
z-*_WXT7W*|*P+p(;zXYyBn^Wytv7nHz?ku|-}*aY_7OEtz}Wl`U;2+QfH!CsG|ec!
zy{RgZ4){{8^5sQv9R(XcoUuk#bJOBQhPkjCRr!EkZM&9(m69VMRlf{fh}y*2{(hI{
z(t#xo%eBe37=s($I`^!HE*i1PyH9;}S;62cswo+?#LUyr%DRf&`|kUoVv0@+w7HQN
zam}ncc@rPnxM9|BRwr&}J*%wf8+hZR`vth>ojZDq;F;cYg*Eo#ST)P1?hag#ciLp5
zPGOr}u~n-8Wj5XL@8<59lmxeB;ccO>$Hgfd%TX(u48+byT#^N0XhD!OK!>B0FQtS+
ze{urZN+;)TcpkjiyFO58Ozo!sAwV$#6`Q5YSym(LF?n==+<{4Ua}rxwo(fX2ALZi=
zT|Q<W{g5#Q0mUBm2df-*l_Ym)h&KQ~gxx@$8eTBqt1v>v(yn+na%p$ZiyJ|fPBJ$v
zgs#rgv;4@7V}&S3bMz*WZu9Heo(46m5(M0e4Ar8pCm7{XqP{M$X>lza>BddAaqmzv
zSG#%e$+q2tg<7>zkq%0e&N83IS^_zq;t<!aNgE|ga8w6wfo#`qMo#m}+}Eb2K@F4U
z=|V0l4#ODPimcLs@SmBcVJ&TRP#93+AvrkI9DL`8#%8rJDvv8|ugd33Fmd9W_RP$%
zTt0zFdw<=dOK^oDbGhRc+=YzpL=X_zz!bgVy@BzI`X_cS`*y2;8@*n(=^{hbG$jKO
z!$+G!(pcQ11gG%TKz@df9b&w+g&3m<MG3UU!4#TEFJ;_8$cTKkjB{6HC~kw&NiOU)
z5wN9{i$j4E@HAi4d4nKUycSxpy4tlu2Z_4jqbHH{hU}bhmONyFcYroJ%Qkq4#sXk`
zvhc?nHypa*P}(IsYyR;zisMUmD8pB(3m-?@F2F*gQ^>G?ZW=TWvZ1*><Xf4_g7FEp
zg6OlU#(Q*TQjPJ-Ps}PiH^821a)s_mAxJS27G$o%yn%^>+qTp7jBX;h<DM-XXCh7z
zpnaR0AjgUT&=}UzttA+54J2WD-Y@3L4Zg8r@~q8Ur)AwI>-o}Fhwqz-43uaiF+W@t
zpddZNKSE&;*fwNa(1*>KHt@zhDi-L3da_=)g?;1&s0TqViT0y}yoq-f4jMy-5J6SJ
zISbrrj~!7NC8|LW(41m5D1p<$h~f0ysR9UyCDJwl0ECytRA|fOvehjjvNVCR1zY^!
zX`*erKeSaSrHp#I5-Uh$VKt1mA-)MOZ>vHkAzaByVM!V)*kZslP)sC($b_mM?9M@Q
zg)R|79S6HGyNJrWEPJlR&M_3&NU-psc5~By#yrG<>l!@RyrZ#58_`1b%D(x0HQdXO
zm}c)wNH0L-d63g)tQxNawQJlx67&43rQO&yaLBY=N5F5$Tu}>guJUqaxFq1aah(i<
zKeS|r?;u*XD{#$tG%<e2@_@Wq#)Zx@3knz8xIEiD3)_|lx84Rx=zYeL5PD(UQbT+2
zfYg#?Gp;FA^GGyBKFG%n57e&11l62JdBAlNC)=`ljlnv0;<kovaFK4D=?9I8dC-`d
zjr`(<6a+0ZdfaedAiOoosamH^s(sgHrDy@MZadPN>qf-DI;)<6!}WNK`1i*`FLdT>
zwC}TySjgdt3Ok?#!<=%Q=Ffz--F<xc@M9^47>JOFptHMSx<K2`qkE4J?>ssTn&MOj
zFVNcEhYudyyBoIVQvkWCa)+@C!hLhQpL`Ve(KE9WNt4aXHHGuBm_Bes>9>#0-ANg8
zz7kcLZh6-`oiAJEfF8tv@sr}Tn5dqi(G7exKy3s$Q$zvl{_J15dVN!09v|NOxMMQI
z96Oj*1>yu7nHBbY)|DMl=j=3*xSN;dU>0Ul0hqNpWp~M!G?^K4iySEiI*IHY1zup~
z&N5;sB!@;VJ<#xJq%`?+H=Ke-0Isv^MHKbe=vc!59^FUy5=x^2tWWYHd+qVP!;kNL
z^7vkOy1<#K(VfeXWQ22`0b@?EFX947PDq-GsFBR3AvHr*EfJdculQUX%>g6f5PX-2
zoVXWm86NDa4?lVEq619r0NXMs!H)kLh8n$kuPqU0+trcRD9TKO8$=#<yTzerd>Ryv
zZxxaO8fu0|W+)qc)+yc=*;iI6s{Tk-0pg|G@BkjM_Oo0OFGdAk_Z7kG;ng~uZ@izw
zw07pv7O|R3b#kZS%zjL=a^&@b{CgbnESr-3n`$F0gdvq3qp=99_F0edASQ3ufJTI_
zhA9ft*Przr9}R=LQ$Kko`P4Nkm41la#ahO$fCp+<wSl;Mj7Ro>kmxM81I%^3DvmJ?
zo#C*R{BcV7l(Wb5NISG~0mvgFS^;{veF@l|B3c7G@f4zdk-29o#7&FFW$qou$=%x^
zr!X>IXxsb_!*&Ec9XuGhTegRzPBq+W5_1h`_J(Ns^!XO{*_3?ggXvr132bi4q=^A?
zU&Sv1IszJqTNl$i6}BantSKL|&7x7aTreW%8Pyx>(gQJQ%kFHO-9B1GDfZIS`t{I*
z#On>8ZECB_B`^}0L}Gy;=g7@;uw2*bbxq1E_@*8cph;iO08{2?h(@_#$9tgMqFtmi
zo1}fqJ<z&HwiZ{f4MlD*d54XOqOIWkj{^G!2cf8pF^CjGyr;bRUA4slM%{q169R1)
zc!{tz$(7kSPsO6jSAm6(o@_ZORH)}U`LGnLTsTQQ#Ku-1CDlnW#T~XLb)46fqkA1r
z7|p(Gqg(=yMjp9$$ub`z1VPZ9!7wo9-4H;ADVgeLB8;w0(|Dge9PK>vqs@+W%X$Tv
z1y5=Fah3KkOB>+-fMG{#gLy{~0V~O^sG81q&NTyc!I@<={Egmis1t)%3X&KpSe@`$
zfm_2dYGmat*eSe2vhfMrnG}j&B|GDC?v6B2((|2-d#_^9@L>DN!_6mEi}l=t4P|Ky
zwT&-2H0t0m`CX)0<D;eqw9P{tD{gKuNPWC*m|F0w94PLJ$m;qcgKZyc-=ThOBUL2S
z0q0!1n-akDkZhk98#G#u#c&*sJostb@Poo%`5c7y?iX3?MKKFUi|D$W$LNZD#UnE)
zzb`VTa*;=aa!<C73bP=**swN_MmcMX2wD@si)3Y#3ss`>toD-_fES&Ka@Aa8dE94C
zu;9<~#5BZ}thUU>%Wo&--l7@AXIrO__`a{23W#IyDu6XQb-bOTwh31D3k;uH42Mt8
zwhf>A@>LI?UPHr|8IN(~8}mVxUg%IY1XF&rZ8|O@mA?3Fuw4EE!$LgCXk45aaLd35
ziSjES8NTL4hSq+s_r21;w%c4@q#O+z_sSJr^Dn^GK+GmM9|r(K{A}~6rPM2NY0wF1
z47<&j0o;G*h)18O<8-eUuBr&s+t&et4Su%09k$>@wJlxQIExVi1^o7iGK{S7Ph7w|
zUd6vy{Vw_|HI=*%N=Wxg4iW5(bzgEXl0$Qc!{wHtnz$lPo{>-3K`Z0;C4rk)Lt$p}
z^%feY)XZ^scp?ic##*qOUZ|^XoUy0D6*LO^(H}(i#0Ku|qeqW_^wHs+5cF0anwPP$
z(IC>L6T))`7eksUG>bLgXp(Vp>mT0xFnXVR(s)@Hj9X|eY-%Ube|N_F1D7t$HcMHO
zMCWnADPPy+JgW)zF`eW!1~Z(U<hA7Ero95XRY)`lh&SluM;8k9sz3@ut|hJ&)Lu#~
zfWBHhV}hvZi*?q5Y6<1vh1AV6u=^|6$;3PH`8>iU9$GV^7XLmv-L?mhY-`3i+^|oF
z@qvn_MHJX()XSN8G_fbNS)~w-wvX926MobrB;@~S^jC~j8JtgYw1qgr{AdkGlnB_~
zj-UNKkDt9=+1%4a8=0_~#sE-2ufN*DM10A%J?-?9w+_n)lCOzo*itRmXe)LX2QM-5
zA=5aB(qX8@8D?P+uN_`%oqcxlj?4{Be5C_~S0L9kyanT9PfC9Y*hvMrKQI}vw+scY
z`Akod6@C<MH^o<js~9LdLPMR?22@-T-($BQz(b6#>n*F?$KSb4T`t8oSr%T@5B<Iv
z4H^hW@Gj#R4>rpy?teZ!ck@^qOuatryQkZ@`%QypHa!@uA8HuR8vyBL5fOVFpT@`0
zQKa1wq;<ix2hs=c-cQ>z^g6Z|Q{@;MfiZ`!dN@8jRj~QlC@oQPiWrNlQVj{V5OmF)
zJVs8l&rKVd?HKh87y{049e`C(@Lq{CGod&=m4RSj@Ry?5sx?K4KuVN`ui7X<JU8G#
z;Ve`4w``g=amhU1a7<p0ipJstBb&A1P}=2?$P3w0g#PE95F^iY3aMPS8gi)t6r`FE
z&eSdgImdzK2#kZj$eMj34R~`6tJ}T9_5(};h<;qbOB*SOvUpTN1b_(Af(~fuXp0SR
zdM`gF`<ze`e38*Gj{p>B3u~T-AxR_%@kEku9g!<?(iP!m!SIA=rVx?FkzKWBQlj2;
zuts;yRdz-{74><5mCwj8*sgl1hVw5Xm^vC8A<H6<iGu_Ef@E}_tvLQxn}j4RaA4g|
zm@q0LuAm)>j*|j7pn(Oxh+<M<_QJSUS(i<R<#`>RlII;pSCP&z$#qZ9gc74%nwET8
zR*_$zz^<@o#mblEd#B-+MUX{1*mtVpafzsyYjN0=+R$4yHeh=<kY;4j#<|gxb|oD&
z9Yu6E-2vMjLLJmA05quFr&(D(W1LD@<k0y?@pX#O$nLQ&0P7|Ow^<Z30yfa-e3*7A
z<yca=_F)uo2iL>&*F#uER};DUORnZ6Hzs-A?$sgg+Do`b!7uwm6T*)<W~YOl*Q#_k
zeXaU2<mhb5?O@4-{Wsu{DfrF+Kf?=^-yaS=dVvA~RnpA^Hv#!lMl(fp&*xx#=0qql
zYykj6Af`_YD?lUx=8qSUkokDuNTSUqgj-$Cnwn>QXg3l8ieO|YoraOgh(%F!3hx7}
z3N%(iH$)MP0b>+Hp4Bhh6QKGOX-SCh8@(eB$Ylh8f)pzs=eU`fzQ=LeM5R7z7%)EC
zV7?HqhDo`GW8{l>0!Ne5-Cuv+Sz*K%4Yf5&fk(2*FBtj2d)Lld(vs5aM6$?3XeC1Y
z50kADC|t=Jy`1lx1;y{zf@&naX2{5?lhIKt03kRV1x0r|I~LteCp~GOPG)(0u?wn^
zkyg8E$Mwlhw|`$lF?tgnvS^D|?8GJE@MM;uHV?>gi!vYu#SFk0IFMjzRg$KIOEmoN
z@Te~hsU@{Vhp&ubstq$2hS}O%omw=wJ{9jL)wgyp($-k(mb<w%^t}UylkrPdD_~kT
zV{*2|xwBUffX=o+Q3j#J0n{R;0zBbpb8r+xa#{hf(uE)}yOgq`JH&(Ls$4h$f#OI@
z<TBw&U#xGMMY)hp7A9TC#rx#;*O-J+l@l_7g<#iX%PJs)6lk3y7%Ej7k8w30TzH5V
z9|9XP<(jUI->u?%MbKsqUr`Ny;C&mQSr8A`7`d041K^CJ3h?<=V2*U@M&;i1W<Txf
zikU4iAE4kBgGZWIN^!Er!Tm+x3lM^a3;Dqo$LdcQ`U>t1Eeb@Kz=a(;eTp%L46`1I
zjk(f=u;v4;N|MZmNo^pNZ{HSrKl+46zE|<gsZte`Et3f`^r%KntQwW&=U`-`)I-~_
zhx95N=SR4?IN7Fe!B6;chR1heL=2vrhE1ghI)*#3<DA_m?Yx27WxY5nomASbliz;C
z8i7(*fOO0La1#I+(cotQo<e+^8MIUn{gDhLM8PsP%G3-SQK&7(pGTj36j@^2lZGWG
z3%6|}O0A{gmoxETl0)1Jk_$;y#LCEb@4!C&bN`F_=l<8|AGJ?{ncy(>dGF>xwq@vT
zzU*=}SDo-Ob~JBANJ2?ILJ(3xx<4=h+*~crw&wA+-ujYly*_G<jL5`sR>_$oeKt1Y
zNG<4%+`^kia)CUIU1O1=Ti}Wo?TaGA0|jB2qp~AQ^4F0tGwR6pl&~$SG?6-9G+id*
zeEQDXeztfOla3^Kv!*O*2hL6g0<p#{Cx@Bl%GzTeO>)X6$m(HJ%XGn=l<0U-$Igkv
zSp9@Oh*vj8F!lNWLTj2H>^di$JVoq@=O>A?Zra7!iy6a<jgR0*B?`zd&c%pKtGj#f
zL!ZOh<q000&W=;Lc^zW-41<>%Sd{LDOmdfv;DH72Kn;P%!7{^52?^*-(p|U{?<mV@
z`ApqXtok?_fyHo-P{}C=B=Sk5LqRn^yD|Be$F;&EQ_u*Gnc}t-7TL%t%!(39QHz&A
zZ!l@q#%|sX7mdvf+88_-O^0cNw8P`kmF*#!P-ogy)0xNZTh=->MHM#1wod2uDBauJ
z>k~_uQBL_9&O7_6cG^JMm`*B5vIm)bX>Ih0##)i~SUupx7>Rd|6OAB}2T)l!wW_-s
z0v;4nuB5DsB^5)ddKpGU6Xgu;r<;jU5f$R@#q$QEdl2SjXsCNIa04Oga{pwc9t2H8
z<}lzLk-sOW-U@B244Sc`8}RdWf%abL5Lvbkt*T=>%RrxVR!r&>_t%Zgt>IXc$96Ui
zDn_)2IU>&buh(7^1sFi1Ks+5xhWx0%sU?EFj-^1=RvYm9cHM@U7mLhqnh{+VuKTD>
zlfglsO@q_62E$|DLmg}yT(&hRI~Gs*N&Y;WxH+0T@gI??vze(sX{o<Zw@p!DlXI(9
z8uzM1uZIJfxkX+Ldvp0dn?Xz~icRr;!SyD&d|NIzjsWatILS%9!ALJ&jFIjPU26Q;
zV^|yGmpH>&$FL&s&2}F8f;RN9%@!j%??g48^Ms1&oTi#>=VELMtmm9?4E%CWiwT&y
zBl9^i$yiYh$b$?WTh5>^a?&gSK;(2h4>lNh$MJ(ZNmoW`)amkU7}tZ1Yu|q5HEmO!
z>%IN1tJH5}mbY(dV^wHN(Wu&M94S&S?yee5l6bcu6NLB20JAiLiEK!|HI!%Cb#bX)
z)dKN?bdvM@>V;Fs-C*MrrsPbeb+^#-c|HNQ9PEOiu4)B05b!4ovjLkEfy}14+i4Sk
zhXnGyb>X6zEPm8u!5YC>T|}msscQQo)T9~h<e&EGUTesczhu5HqS$^edLN4(r=s&D
zv|ryFPsShJ?N4;E?F1aKGKA7T;<$700IiLnPYGr>uVmAO(Ldc{&(m@}P7FG;P+`4b
zESB4Yu6-DVyP!n_n_=6=oP3S&Q8^X7>Uv|~4)h!kK|E}H*kk|7E!fM?NRFW0QWAFA
zg=Es$v0DbyA)B3ESU5Xvm(I2%S&e14EyYi>r<7KFbsTX!_d*xlhOVZ!3_42l=U}oY
ze+Z0vRTT!+<xU8RaEx%xd#I5VCdk3EX)RXSSp(iyo^3u%QtD?D<kpG5^P+asC(eo{
ziVLoka$Rep`d1&!MPg--Xf8L2$9Wx1zI(FeL{p)j$N90zuO4jAo|sDHrNel%;NeM{
z<YZ9n<$HcM!&%%m<f1v|qSv5{4JdEjO8u>9PK&P$-3_is&L#_hK-rneY-(ejNN;GT
zamy@Ljg3?F**Mk9Z=9-S<5Yb%P6co?K$Bi#^Hj~vQ}x<B)rB|DyCw4hCJsX(Q(@1f
zx6;$EX5SbTu+vR#HM6H|L;+)P(Mb7^TU6KPRc_NBac3=_hW2vi424u}c(F^K@9xgv
z)%O2bwtc-VD4`MKrT|VCiuc<~?qP5e8tMzm=ToUi;<9iz|HdQ$+rkOGr@X}TLYx$;
zVi8chXal14HiJDoQVcL)`$1$(i9GibHV$Gs^2Qi&M+5O;>BG&gT2V^l2q=lR<U7L{
z1NQ}<4Kp*Wmi)-%%8#~7*v}a|A1o%}eA-6r02{G&d##HOao}772U-cnJL)oyQTM}X
zzP3p;V(JM<8b8}c)3{iVLlMJpwieoGhr?9!Xm5y<OK8|&1H>4>vR@%|r;K;-V6*_+
z(2s*b4B9M6ZWJR)538`Bj?8bjACX^OxGL~u>zZKt+`cZo-gj@Cd}ZMCCJ@tO>a+vs
zO$+wCInI_pJqSG~Is<}aIFI;f>qKIyR|!Ta{pI))xDyM=Cn`*cPOwR<gRwE3a)G)e
zjzuk3y1ZaB3zLKTBb*R;vPIg$GF`sN(NU$$0+J4Q&a(W<jS-F#0?Si}C3=vrw^C3n
zeQC<BN6H!TjxZ6GEqN#UN12kV3gtFJcMIgwHGh{^mUun}vSGpMsBCMRXo(r=G1u(C
z;hnC9no%qq60|mv`tXGB9JSkO#y~&S)w+VPPe=nTkogo>ra_<_o92^s*<8}BN26eC
z7LU6C#m{5#?DGgY8&Q0-_9S0;`<9dQPOp<56Db2QHN}bVNB8eNc-Q*y;R9Q@m_{>)
zy{|^emF7?F6RD?I+;w5J)+^h(ZnA58%jVtc6gq6p6lZ*viB_`rDJoy%%v%Ih07#!D
zIbF5omBC2MRu-QVFn1i)<r?Fw{V78Gv=S@`l~0ZoxFPfYASe{jxb4=_yfcdzJYbt>
zVbzu=pxT@#KyQeuD@6c&+lID4L0ROt)qpu@qzUlR_tGh%8ep=+%r?z*f*S`N<MvmZ
zaQo#7s4fQEPr;(3MGFPKlsR#NH=)FFh)!Ve{KdPY8_NHFXXueI4atIGt4!$20#Vsm
z`%PawT4h7auzjAqYqr(gncRo_+m<4xn^nK01Jz3<9ca@m=pF-X@qa=z3oij1?snuW
zL=LaovKv%Avl~<|nB9PmVB5@~?%E&0uU2lVqLc^0{(a$`2USPTgQ|DVgX#rx9&Dy+
zZBy!B(M{7@vLS37cpvR&$40uyXn%@SVwAiPiP)CA;4{j8Ctj?W_pXzy9F^<`13}u%
zh5QkqGf{?uYD0#CU}LmLj<jrxJGfa{5Q;V~I4`noYLw_bZ!8~>3bQn-0=>vlsB^zU
z8u}<reK`Z?{oF(ZBD<j4hgFW+2GJ^bbX}8P$!;zmu{$Ep5*SPBU(hHiQ#KmVwqgRc
zsF$mHwH^}*qPf;j!8AW4<S8n>#xRPkW)uXNgR_%z#xPsNFoKT;YDZlgszrr|v*Kt4
z*<*2IQkHo)##OecZzkU3j7h#&aw|&7Y{TfXBM@*hey3~g8Q6=9g?b57M?F+V(~%e|
zN(xFZ19%4v4PtO&0s&~*sAVX}gYo9-7ffv>z;0s&i+Zq@q2cka#w&=@-FVtu>2(#H
zHhi+>-oY|`^MP<_NeDumYv=-EV+^@C`_x>)O9%4!t>&nU7R1^>Fb$g4)Ovw<E0_fm
z@C*s4<5;=gVz&23VFktJGgg-^L1y}J^IU7Op0w>Q;WE?IKhP+Q&0x6{*+C?QUzf1M
zi=g8&QQRMLa5jb|IvHB;jY#<DJ!X?25to{AwJ1%YxYyS#T_4?^W-~}uc*HUNN-0h1
zb}PMHL4GeYjt6c_nQ#+P<3gTDbD={tbeJZR=8Tj9ti%nX_^MF?>WOd?dZ+S00+Uk!
z7`1naa%}7kH}0#}xFYkoeQ$+!im1v(_u0jFn8h*7BsNWGYNM1{*paSbi<xQDG`0Aq
z>%;CT60h^1c<b~`Ucn(u#KEF1p-i}~dZpFzw`V-TqK@5;ZXau>ukKyl+xOg@`@(8y
zvqUi&=sEWdXCVbxFdAfUN8tt}KGfaZ3xqrYYJ?#=Es0+@?U0^;L>pY`wD<;vhFHcM
zZr?9WwKc*?*hTLN-kpvUCJ#xYNv!(1sp$RaEx=9p#^PcoZ$Pj!>K5<Uwv!wv#!Nnj
zR#3G5SW+<3!~jZ>?vhBkrfjo}zK%!$GRS0swLQwzg+Qe!((y${0CT~J#;$ixs8etm
zk?0lD4eyO6=5zmd`CvNYxZT}|bcs3Q#7vKyH%%m>EGQdzB!G>uRuIh-E&2*~^y4cM
znKVoY(gN7FS;l7z<B%viWI;RqE+c~?lsx-MliLS6NvE8553Dgh$sBYGUfu@hSsUQc
z<8=m7Mb5Gcj7UTPYwmf$NlgT}gg6b4;1Pzo>c(gB?E<mJb=izIkZ0W&9S0KF!e1e`
zDHk16u9o|)M?77d>8Vc`-p|Ud*lU?u?!@ke=Y1MB$qzT(U>;^xi@(U?_r9=>^F_WY
z#tARKzLM2tt~aks2qP^PFI09;>*Vp!1oO~mGNILL<s9P$=s8`R?x}ZGI1vnEJl`<*
z)C(@$X0;a}6rX`wt&|-W5Sk;teGq(BP@r%U8rVdUu1?U1P)Gq`s)6Xfc?-2sv5T=l
z7fMjH$@9PeMP<AX4C|r+f)|t&nvNIpteboqbZ;sAm7XA=UgAAsBWp6*rTXsRBo$SI
z=20sz#H4MS#J12`|8#>U_w}%3&spp?q;};wG}y_bL<WgmgT=3I<3!{9fVQ$m&Kiui
z7n?zMB?fcnzHiYI!6kZe7)-$%HG^Dim_E{)sdnt}qlX{elLIGex<HL$Vn(us*}{u-
z2a)`DB1br;_|UCt6T`K6eo*xd-_$k7V~QckavWZjYy=d$nb=|8_Y#wR{K<#!+<Vma
z%R3JrKDc-1qqd(OA3nPO(fe(`9Nu~7!M(O0-uvXEyNCB5wl??4<9m<Zy>ob{wZRV_
z-MjOy{^Emu@Ye_T-~S-4zHLv!w|L%-X?5G}z@^i+jao0ecPUm9^)c+&d=ac}5QwtW
z0h4xIh#erz87H0>-dvmJ=!dH!Vkzj!W@`!zpM3PG^hJF1Jq!1Gy4+Y&5(Rv*u@tow
zJNv+yJj1?ibK9S+=Yj1GzHe~bU#`l@8soiU&;3@f{VlB<uYKxm?6r?xdTU_J7$yjc
z)c_z&ZAxQ9(2P{%i_Sk)U-;j|lDZ)PAl1}E4bEok6gB3&6(jX#667}bS+Eier>hm>
zH}%QSu`=2;YsAmH(By&;nn=W-pJRy^=sp$CV?XfcJ>0;bH@v{%{Uc*@e7!DPV~*}U
zXAKRX^rO5!%iS7#j=bhnA52m}B~&3511t<SB5FW!hiRStN@U?%LBYi1%{>f!0e#xF
zc^p^AM6B#Vkhl7)wy+6Uq?P^(EOI!PKSC!`>m%7dC5*(zNIn`#f@5SB339RkQ>EU4
zF#;ZDoWOfJ%0IyMeg826LHo;oHXGmsi7Z^u+m|?@3?NC)$vss-F<ZQo152YP5be10
zeO!U@&FG*CB!p1y<*fm3fTuXTBO`cgb{_E_*sVL2BGoYLx8c_MBK_xm3p@Af?Q47A
zOLx7o6_bcT*WX3q6bu)uDTXuPmc1%T4_Ra92;0%RnAN+IpzIjdz*Q(_j%5TR|9uMM
z#wfdTiiwUh!kEft<W2z1C+@ByO6Vp*wg&n50|7XJ3>d8EJtW@_u88ifX97pJASVId
z#Y$6>XT^dj3iUAu99MU{0ha!%qCBIFmR~v{mgXCR*3unTo*E&2$FEM{4bepja3bw`
z;Dg>S9JCIQbprv|!G{NOPQ<Qx2Zl|!{CYZAaH@^C+?gBN!IpBijFfxaQm!i3tFd{r
zEeD-tsA_j51>M7PGgEG{URFT?Q*J#pr(?b3^PyFtZ59<8udrPKjdfeuU}!KXM=MwL
z(`q$-0(|)WcOT#XQ};eS2+Fz7%T;j-^mz$B>i7_LDQzKiJLG&AU-~5sU7U>DjUZHy
zvz6n$jAlwA?~)cD84OhdO;%S#!*O0C?TCWk@mat(6hM8|iQWz@DW{R=%?Rbl8AkuD
zAr<eTiNms^Z=zjqJq4+FoICm79=B1_;+GGB@~%iUIC#{-tG#%)Gy{Q`QaKGl1J#;X
zQ9KkPs3LYV>nS`QZRQ<ZF<MEGY{-DtY=-U$ymQo!xVc53Y#Z9ED1?f=E7;caTVm?r
zp&9`lP^W=<H1MpcZ8<Z+sIznjK^oDQG!=9~jV}*6G-8gQfO(<}wN?9D&2bLiOHN!1
zy;aF?w8p>`a6XdTA(%j#kd7CHwBzMp224r&tAO%0+GnjTmDq7N?~ZPZs9^=B^uWbj
z>#nWCI7LmAV=fFqY0dKRCJa|YqK8Z(i-F!NcBjsYSyc5b3zCE2KAwPmErr6Iz><?2
z%m6iXh2cjd%VQ92Y0^PE`t}($cTi(uC6xj$pkF!CuGvXt<`GUFGO?~lGYU2I9fBD>
zbps+Gy{?y|Q(BH1_1*pU9vhX7V&3OjRW1ns2DB~W+#B}P+fzLQ#qhf1!n&&J-Lc!v
zmHI@vM$Q8qRG=Ks-5G?}+)U6_!#Bo89<S7a(0D<$j@>&^!!zS+LF+ovb|oedBvkCW
z4&>P;=xtJTzaZn2eEh6Jyy=(-CLZhBoj%xO)w-y4;*fAs20<7x7omW0Lo00tU%y^0
zI^wS7YaC<9c!`mYUNK=`Vur61+u9oYUCKe_kPjuI{21cBnor3wTpvpt6d)8AW=_jL
zSJm>49&gGTgDGDX=T);w!;H19kfN^-U|(t?Fxw0{0P3kPmqelSe2(G{_*k6p4cjN*
zagvQ=-oigd6uB>u>M=}V8S_-|sN4MXf%`QzCHwm23UR_Z7E^mm=f>rFQMdFEpKsPb
z*pe^QO|03YkMpc*n?!irtA|kVg*pfoxAbp2U)kO-D6}bl3QqCJNOZ4ftM*Q}dc>2f
z+}MP0T6B=bDFaHIP<H^(YHO;c7Aa6-T}7t3*u6!PJ!3%h$OMPpop({iR0+pP96_c*
zH?-5DTvr{6mc9~7xk}jHRay6a0Aj}D)bup@AUdNTga>qZky+B<{YDaN3O~UpWlz;D
ztrlt~ZhGEfiW%<j9@huLb4!9J%oSKE2hnm5YDi)nxzGrt9%AyE0!?b;9C>Wa4p~4-
z46wc+6JrL;8c}sH^istrktlD}D>uw`pz*d^LBG$l)q#I>yfG?oXS%~FNnu%-p|~^+
zvzPL0KnpuCfsc1a>36gF@&L{g71PY36G$rRda!5McU4KUK01RK4PBW4x4gNgNtIKI
zU*e2ZsN^~<(Z}b9WE(yjZaa&26Ft}LA%5jz$?{UD&%T6r8;kDTV+z)7vKA(_UdT!u
zL>DN(<8kngr1_4jU4Cnq1a%uX#3!lIE?kXFzqj{!)^lE(?083m>%J51*^Q2trr~t9
z=i>+tGn?cS(Psx96SMp@pLM+IL7!I%!+mxF+14$dBiI5YMX2P!bQ8sj2Pi?rpZBTf
zNCt#lPQTLJf~AK2F&3Oa2@i}(1Or_ic?h=53SmNOmPm?^ob>aIyf^lekJN*KI#(>l
zv-L#yM|uWZXI#z+$YdC?c1`Pu4?K~iU&&w^&`orX;L$II;x;zt#<)pGwTLSZFFSnJ
z&pt1u+t47Cqi8j`y^le|Eted%r_ibf6{2y&x0^HmNoElaPsA%JGA7Cuz*lHEhu|2v
z0B)^L2K%Blq0mD=d0^%x?QK|_s9xm+p9Q3J7BD#Uwr;I3Y|;Am*=EMZscl^n|Fae@
z$GTCG98Ejx2a3v@0SXf`L(1|nSsJKTaZoOE)E>Fjfm}`1F!4zd6z5wN2+3epI*taM
z$XBIRETnY~30~ayoNYI;NfF0eDWCVK%gd`Z6MLdSN9vSj5$__AvUOcHVn+7d)a_CR
zQSlZFG2RRt<%{=QS>4EtrRf!eBo-mTr0Z~r8f2sy7gecyP6;*&M2i*^w+BGL$*jT@
zu9XHMA;U^Tr79XaxGyt%Tka(f;Ew_thf<;3vR(&@SCFG4SQ)#pcw=9$wB}WPqB;#*
zg>98T3{$|V8%XT%+?UX4Fy=wh5+zCR58xU7%|FSP^$Erlnc&NfyHs>QVW0SE?@Noz
zx9wS&$ZmAn&TES^WjTVyZ95(W1RbmRhImg=_Aqzj_6U=h=&<@=66-!yiK75>KQOfX
z^EL2~=fZYOB%Fo21l&fvu6<__WS+{9o#@s<08SaOCUu75{H%k1k2(lAv!}8GUbrk4
z<W+#DgtIc*$SXJ5pUBLj%GhmcpasQv4PeUdgo0-mIhUN{%rS|qO-g&h7Vtde<8tK7
z6LDormiyo8sHhQN0Nd8ksaHzXBR34$JCy!4x?ZXngri-H8L3MXG=r%69{3&qmhN-7
zg;8no9Y7~7@>qnzvA^P`E8-B`H#IWhn6f$=^<!l-gJK>a=CBl>c4V-3J$I-)*-1uw
z5QQk-gXq%WnX6hhpX$5_w}cKUL7n8}zyq(Q)FE<z<dOyw>r^J)WYfj?X3{_y_~7Bg
z-@be2!2=62AkWOCkDAy7Q0mdW!?>b*Wb3uR@$k<52Q78^@%HyVxc||;xH3Eo-i-2e
z>v$i2@=@d6_%JY~e^{>a5>wQp3jhdfG{=(1bd#8k!XQVo?upthFe7=dNNPz1EZsz;
zq$Dja2pcc%74TjuPMbP}mYv83tFHB=?lA5J5#=;+zi%#KtCf>bRWR$Jqo14<mwSgk
zom)(&2Z`XLP;+FfU4xKPRpeIka^4d^L@OTmQk4?85QLmwRCJ5d^0AX|i3KF83gBf&
zm`j4~1Xu_osi0xVl!N?Rpp3+b1-3Bb06kbpId*%jQgnUTJn?%sLKwwHoNAL1$G~|t
z?KebD(Z(|+E(S~t^a-sY9VpWs1XiJK!d$ykbB^>B7~>WGXsjoi!x2F?Nl;~qsMRId
zmFV_Oj?@QkON4WG?IK=Bxl(X(4bNzhk`M1ZZjerSwwVM%sfhgXqwV!#(kIWhlRoTQ
zO#1X;a1Ojx+S<_krB<;26uSk1|B^BruqX+0i&fhFCZbAtCJQz43uUn1;S8W58I}l8
z#$rYBp}4g|O;TR^>V^aI@*bU=%<QJa=8F;5jN+l;yyh4&Ni0)-W@M)$0+J3`>0^Sd
zt1P&1sK104GR5oNZDDB96|+z8xogn<S)K`+wyy^XVTGOLbSBJ)D6TAJE)G$JyPQuB
z#V@G$h>A)i@-p#OB}4P3j7*KqLJS6KP|FoH=Z^1Z>-mzYY9UC?6DN4(2!+i|74V<X
z!cYJch`YiKe3C7fIU+q9l5ZsIK*DNR;BoJv>9}poKAPSRn#n%)Vs)OhoU+2Z^j5F1
z%U&6LN4E>#WVp5fSm&8|OIqDTZp(R4wP@k03n_c67gqM_4dYp>i|Khk*38;XHs0Hk
zJP`z~KC){sqKIt6SMOQ1q5JGP>zoOu2i#+#1b`>5U6K|6t1VEm{e)I%<LgpHR;|j3
z>Vhhs>LpY>ZJV`4y8|<P(M6L!z0{gD&O$?9vhhfu4)aCzK^;e<Z}r~F?+fg>P9=$k
zlkDHVZi7j#Qz*%u_48s@fClFQfh+Qs+UIRR92O{hwctz&g5GtxDo+dGpDMT}Fc;{;
zQLiHB4ThIPf~FUV3b{+7{{zUZOcD(A{V1!7F(T7zlj!*($@Gk`qv&W7Y%}Ah60LSu
za=w!o*yy)!|D-r}63{NGX2a&eB$|Ms5=1+9!>D!za4}6$*_4g9B(T+t+xH2l@qyur
zb$$KZ71qFM1QBLOPj?Kbh3FaGK6>!fgtaxh!TY&6ROkf80J$4EF~?CSn}J$O((v)j
z$et6I7fIhTDaB%pGM}q1-FeK5-?K{`R*|5$Xv0DjWV*<U6<e_I>=GD~nHOwAz#6=i
zkH3}6`gNT*m@yiC;Do!%K#bB5Ps#Xz9b@#b%3Z=0V4-;@US$8`oC%~22Ln28P#Hxs
z$oG!-M(Gaq>?oUf@#H&_P;zHTUOXHQh-n<?JypE(NtP$WfjQ(5FLr%zKRDumt@EB%
zhLr{_Vim=UeE=qqGhjVIk_a{yYS|G|V8c!aRq$+ilDPv2*ea|F?z-9@Jk2H(xS|Z1
z)MxG2nuNA$F}%$lJbi}(l3#ykM0ege!YZCjs>r#EnOMUw;%T6E=*M?NC)}j*^2VU&
z^eCq8n+D&6XR(iaOo2tq3umD{Q+mg=^v;q_;B|7c{NyEH$>bgSu34b6-YLy-ieTvR
z1e>&Pn`W0{*W;<>xm>i(<%V6<;@{A7A`%Y@I1N`oxf$`$n87S9Ib<Gug}5t@VrH!!
za21zF%})5o7unA3ySevf?zNXYcJPa2H~*^6e6(%5bCGYG&zOhw4|~j}XZFoxcFbNc
zUj3EN)5if@A9yja29+?lRMjlW<hd)AawWthgTY~##L4Br>!4m`nvTtSa0<RjkR5<j
zNEt3uF!asKwK_&tAzUtgxOKU>Tp!R9(pf`Nr><Wie^~pk_9Wq~%&RDC+g*y<aS{gd
z7NY7|h|4GA#8Qlo+u0*xn+!BYi!qNmqcAxHEURhMNq?&%4}coS3dkRNEr)#5cW3nh
zj2OI(VZGoxw2j{f@J&VvPqt<h!NtIl#4CvpHyR&&v91((qaI7}=#S`xHeHa&_$(>q
z5O9=(8o`&SfL@iz+!mNWAU5D9ipA#9EBq7>P!wGqQw;aeNJX71+lMY~4D(k?YCgA{
z<}*S>vE+)KjZA2{|4r}_cnVM>ToY)+gyCSJbVcFj^E`uKOh8LR8zripaUQD(07R`0
z@1b)e$Q6@(JVOD>Ys^?2F-|N^Jkfr$w`Y{ihmsNz18lPyFjEj{N?uT8@bpc=JU~H+
z7{EY*BVAI{W}=Nc`mC2ch2V$Rlz{A@$$E<XX?TySq-fkG?3;ds87CnN0<aF!oaK?$
z)d}Hy45AL3w2an@ff$s+$#rGbYpTBAC3Ip`i;*F_Tsje(QBtCPgibDIX}unZ#KdY=
zf;0`DJfw_Y6SNc8ABk5tB7|3%?GrCqc#KggNO6+3zPsH=1{#}XkbV(`OtnUv4d`&x
z63iXfG2yXCq^XQAc;4AZ*$f=LCq5-ODZ(`CX4YscN{Pq}4p~<~)st}Gb1|Ri6YzKk
zjAk`~sM~YgELu32JE8m|X!qyzCad)f`x_mfzWm(YFu60W%?^$^cHMR%$F7g97Cjig
z!9-0+)1`_;9wE+!o>s?VV5-x$&0C=R*>WSfl_MSWQyy+(iKJYMZKac+y{}!b{ALLG
z)xGG7(v0$)e=(;7+RJR5A6TJQJm;Bua>_F~W?zwp0CoT*iwfG1hg&!iDb~h`lt-UM
zj7Y=;vbEVKs){lR5L7RmC+h|2o(fGRjB=m!jC?eUD)En~i1kR)Fr_4P+!I8)f<4l(
zHN;q|g5HqnfRc+aH^a_6>~|A61p1sQ#uHKeG7}&4Lt;T}Q)WbjDLW1mBC#Ky;{o_P
z&0stzAI~xn2N~#rTv_5I>QC^Ntpa?zs~Bz-ez@(dNx6QBog)z;a3jD)^?KWceZ~k`
zl^iUPq-n;PA#5T|i7g>;n*VtFn2SZ-9CNWHhT0c<`5|Ya6Oc{bY|<_S{=K*p_+}nM
z*a*S7QUkv4y#^np1qpv>p9C1ONy`#e`PrF}7t7bOZOVYNXwDZr?U*d!M8bkUOH)MS
z@V)Ob0WDfO`$I2#a#*EX+SObwuWoMWmCd=K=LbnKjn&g#sarTihMvDJ#giyu%cV+F
zwrrc)Mm~bzdG}%TsUw04Kka?CeZUlF*&HxE??Zw)QnMFW?`GXrsNHgMd!J(T*=^$|
zpT6oH%9&uZ)fm_c!UFQST*N54T4kb_cD+!gY6!awd)6qo9VcL+GuR2hHt1231l<7D
z0_%li<YM&_+c~YDB=W;P5m8c1ZCl<7%q=QwNaJu*zwP9aToy)VG%6#1=)Px8reS^v
z<dq=R%!Z|qp%qmyHk%eSR5)h>Yv)7gz^a=qmoREkz&NtYN}AlAl8Qyab+uN92MIlX
zpgA|e!?!@!2M}eYrGg+gL57xy?z-f-RgPe;Hf65k6BI|J*~h&Yzs_LA>WffHXlN?m
zUkRosD;Ge;<5L5d%k+&@F`qT5>L>w~F`bZb4^k_<zm8XcOH`5y09sZL>MA&H3s40i
z`v|!z^5=Ln9;25@*|g4Yr)gc+<Hc{s&6nfXbt7&caRk<Gp7z>5U1<}D13+B*S29+R
zEl4j(+p9OnvyRee*vA`2_<B^dpH9DSW?+ArwUs0p5=v_)zygT0DIga4SzB)O@Q2>Y
zhza8G2JO(JE!R91+Jw0Tzc**?K?(5UxT)8C(=m{qE8dcTKC+NBlhKnYbmp3c7C_Ie
zFHV2|_t9y02|_*ma)p3zKK$gt;iG$p?)y;e9C+24=v<~<ap*93eDA|8fO-eFc=UM7
z47bpp$;RYCW|rHjO<+5(S3Rd#0Zd<FlBo@tOnC3l#tb*@dVP#~tropt1JCPGy0^Et
z(T+!c0imlH`H7(eC(gV2D7Y4d7eo~-C{f6at<Gel#4m(uwL$mXf}abTrD-!2lzAM;
z(BgLsJ{h7kKgy2_iYjADBx4}$uwY&S(_5c(p{>&BF)nNc>SbZjx)3_skqy2Qv*L@|
z6p!;7Xz4V9!ViDgvcYW87tz;#+>KY%qF(j(V7&z7cG;%a-HQ~!sy%0CRc#O>UW#e>
zmZ-Q_==uy$SJGxsc%SKS-f{MaZETD!yXl;_-0j^{Z<OC2PYHDkcu<;mc)}vw%AGWK
zD9^u!JN>v?ABD5#9`s~!p=i$}JE1dTpHkgvcx<WYI=hQb@RVs|c}_M@6XUO*jE>5#
z^5rZW6W4q$1ZgqOy+PAdlngGhW=N=r9*&Pa+yj~7yx<t9@}qEvjY|YqX^VrNf4qgZ
z_=3F_%T6y;>nOG@5mKDbpq1}X-v`0N#xUa8Lf4WX7{+ApG58)>J<AjxvB$4#leHt_
z4cX=u2tNg`t|-j%&iTUJ1l`bN{ubt}AK3*vE)s5pZ0v_Y7|7@|-<p{cH&%?wzGZVY
zxO#cmV`IG(XHQ(i*S7fhx&(S77ozmeUT&?wpx&rehlLTH$n6GENsCFgf>@8`y58f&
z2H<|fXyl${0@mkvfmqvw!X6_2(>uTO^=v+6q}YbXUXz+Ds~Mbq@6n_8?mq}3yZMm~
zkSZ*eH(-lh#@wDV2kH=Y(e6gZTr~UAO6bZTfPaTF9ZtsSLu^}QF#ov6ndl*hwI2sj
z8-E=KBH7?G9p08-ImweKCXhFN7WTkJIjpvQV2fUmp=1VInZRrY$K{-~U+#xz`FRWP
zXgFw_IW-w8O9V0LwSXT=4v)x71MU=`l@+DGLV<p?M@XEyx?wq+eKid@$=31mD5+Pm
zqeURCXqINfG$$rGaiH^x_~mV@irMJm6~%|$mN}o5*q2TRAUSlgo-of3&|wpE-`%fU
zGpDt5r>!^Q!k(~qQVEHzs{n==uNsnY@2Xgf#bf_Q$*2Y({cuv#Wwx+b<t>q{S&e0E
zFZq!bF-S#^aL!edMQLGDzshtgvJPNf18%HQ-%Q=6n<ZX}(@0?ICKl(%B+#|S+`@R`
zz^0y;czR}xo-Rt54SNJGr&)1S1$#suZj&LU+$O;LhX{hePS`XXk&#Hwgs9;-f8vHN
z*RcZ(J=#K`sL*Du{iKyJUC_4d2~%&Um-{VNyX*+zN6S@c!t<@O^-vqJ*`s4U+}8PQ
z_|*8vJw0lCg$v}N-EQIL|Lp6&j#YXwPn@6fIyM}A_}Ml$A1>B?Ht^T4XWFUr*1PAY
zJ*h3+v47lCbL1<06^A460@+fw!#(Mut0{@$TCJ~N!-@s&7hBz)Mw~7HUED*@OLc<s
zK}XEk_w#~sE8F4&rBC~LKxy#}N6=UK>JH*h{jjy4wTm9Li=VW92Q4^ff3(j}=OSDr
zI@&ISUjScpb11HGy5!EXVqmk3A`wuPjq1oq1>>6g<h}RqJ%aS7Mh#;hTUAV$w*i&p
zs&<H?USD~zFUPdFcdEfsJmDm8hQ<orQ|Qp-`;8!)9`XF1df}{vI(?YdalLkppJNbN
z;zisZVZIlMzG;;ce96rl;ynyK6Yyvfk=k(uAjC}OGz!ycjnmpVJ~!9Fz*g#y*Ck50
z5^aP!_W2P3+2{u-M$*;K(e{Ei*O6Gk*mM?JB5Qwzac)I#v1}Wv0Z;OU6?5rMs_$lJ
zn?>>YnxOB1wSJbL?}1)Yg3&N~lCm()vxVP5ro4!7Calu;Ioivcr#f|_;(8_Pj~!b8
zRp8-){>6jD`?x!a`UOJ5bAy9iQQ(RnaA><q+Cm(kuCg;goCS9c2=w;$a6yuZX~B9C
z4+@{yVNF*#>PdW0V2KcU(wj-C=bb@EtxFx<1Q(lZtIrhp)TYAw(Y^ORx*uSt(vv{!
zIo#O9M-N>U+X6nYT>)p1b+&S~b0)>PNs&%SnhU#<HZbWzquxje9_1nD;l8&Mg0?7W
zR~U1lH`1RcB)s0$4Fo*G0VUwZY8}zk;ME)@ofo7}Q2yn#y_<_pKSpyv5Bu5OyweGL
zx3mY_XKYhk2^Nk=9KEwRXRqwoEoa*#(>0hcJdy=)J;frQ0k$i_Es>)*YFC?MXzy;O
zhyg*C)Qy)yzj<uE@T6QH4m99jiz703b{EvW77K8!XcJs2i-#Y8gYa<ZP3ouoIrwt7
zrIN+G991!2&dzn?RS`}WUtfrz6$)gn+|%YAF!UNhjw<X58}AsPTgGy+yIA{J`(Ugl
ze_>-m(>B{de5F+c8!WDY3J{4p%rMn(M+drEVAl&bIPlsAqfS0~!j(Ub%nh;<7?<38
zJ;LBkNx7zw_M2agvd1FXGPqUFNhg4saP#W)kMm2x_b|cbA~*ID0!yzVlxBk_z<yiZ
z`=RqR1Hp!`!M>A+J>^O%-p2VAljq%eUa^w(W#-R{KxElH*HRzy1no2&JLTaP?p2Dt
zuygnOjxAd;Yij{pGBtqAif2(K&d_BRm|(F|AP;;q1Z2TXMJO@@%BCX+m*5Febob#>
zie8Is8G|DEbI5E4Sw4<Ss=lhpq0xBQTI85U56sQBT$PjcxRtxWCW1-FCxK6ae}Q&5
zx?$~(kbF-btK45<W*kuqxQ}czB;T1J@C}=1JImU7t6`y5xrhF^U*kjI4lfXc1`F;Z
zp45e8qwv#uk8I}j7?cdT2EqoKmjN;mJ8f1RZbOPc78{uFrkv*PILv0ayQs+xqbWF>
z2ypz9!0LRQ6^n-6GOX!`*Pn9+vtXlI51zdtEc6g##G_!VgX;D}(z?Isc(!GbJDv6M
zKvlgC=iE`PiySf0{EF+ZB=E~>NsvZ8KK1%!Mypp4sXbuO0q1jeZdG>bs^I<8$w942
z_RvE^3D-@0WYf~XLqoILQp7b=!_9oD{RSJ)h;hgvwO7yUal6k;Q3+Zt<1#5YFNi3u
zUUvzCE#I(6tT%RUKUU+f7=9z9<wI*P4=u!k%NvC%R*7an1NIaH?OazU#mb#kTppj*
zi~Zpdv-feSR5L)AmDjl8!1e*1QocGZ49wCjTR1WGI2TOY@Z{N$vM7)&<wPH*bej`*
zhyV8QAVJhy-$kDWVy9f!m3y?~JIkHBfBB)S2ruT!W5m`y3TKOBHjBE-XH#;Ag9-h7
z4XLzw!rdC9^ZIyI5X7xxA8>b*B<{+tD9RCcS~AI@E2xdpH)RqadRMx~9#`cmNKz}{
z&VKRZ<+ZC?PN&5f7RoO#4jAh2RH465l|zQpTDQU6UGIoMf0qy5IVC%49%9{*+Mxhp
zjDVzB;yN%$TFgkd{iG<Fi(-j+mCA+vnXbXEUmZm`$-(b+9KcNvs$u~~TF1J<Q6AbV
z=#hyVko-^VZ;b8)13h;<`aGRx<6`DkIj?Ln^11cD?ODJsOjVA6P^l;=X<7)e#?Av|
zMNKf1OaqJ@2rQ;w^We*s$zq;~WW^!?I#3hH4E~NFICy8PAI)LO5gImSN)>d)P==Ed
z^5Cw@<5e~n7;4J=d(z-L`ufZSsXIYsQ8s;Hv^N0JjY%K@?cHt2gd9k*4s>FUDY4yT
zkq*}DF2nRgt}jsIDY#6T{^>K@y+OEMye7j@dyBl3aijdWwcY3xbhX^D`I)D!?eY=Y
z(roO_=pVK=N(XOCn{fW(CgE9Yi@{;t(r{76%@$>AqmHaIvQ(Zv)Z_b@j<4>fVM}f)
zX?PN4!SxSYUr2{vx{n-iaBULOKO=-uww2(W2=Z@UXF>nbLWdCi9{Am3*~(3RGYRZt
zbQ(~?^tt(fd`CfVj?~~y<Bkde{)HYr(3ExOf$y=R7*OSJgsAd209F1SJTQtaA0f&g
z#z)Gei2&YX4C$T%rS1br2H~UvV{MW2@yKLKI|U;DIpVim&Nw4+0Gv;Nx?{H#?%tlA
zYxp%3S+GPRJVX*+&OY&j&{IS2nWQ$jeOO|^BwMLvkiMmZ)AY$mIKxke4bK05Rjo;V
zAo>GFx$w#`o0yBag;OIeO`V(t_*#28FcWG7L4oM#HvWoOTg*GL9bBw%eB0Q>U)VDD
z*ot$JZzrcWCTl#U86>z4V#jFwsO8TJw~2p!hgjmS*<;c2I9nYV;u=1M^yD?nr|WLZ
zTz2s7?#cu;joXDj_lS5}a=ZK*a0s|x3s+Zp%ZokbW5~h8wq(ka3eg=hfx^$Zj&lFv
z{BJu|T`qSp_f`TQtFE4esk?SoImU-@P5#!mGXKJrb%2m}%k2QJFKd9Xd*@>a&uBEW
zUicn(#a><3j<U1cZ9xE_j@ke%8n~~&eRN*ukn25a&XMY6vr8?#fr0|9o-flKbOXT5
zWhA(AMle2k>R^%#W(XK8`Qae@Upfb(1I<)J%wCL2a!JNGNzbx#r9fw3#e@8uEFRa=
z0eHWs#h`Lq6-Yo(8eT8*Hg&cIw$qG1N4Eh`n-Z~2{R;?t7MS*Q>!MV7y@YHevZr#B
z-B;dtdH>24(XxZSnR6-e%?6@3HbE*xM$FaS6g!7s-P^yibNjoM`|$uiORBF%w_qsq
z_3Y(3hVwCpcuGg=8A$nMyGZ!D8>mr;cOfVi8qwAuJ!Eqdjpl@-+aMlKvgct6a<`9A
zJdDG9V$%&~O!cw;wijxsl7>ZpgAIE-fQdp&2P|XOj&6A&^O3m&_<%HEE~$I>W1Iz{
za$%R;g}Tg+GwBo-O_)mJ;M_6^dT(n3VWiFi8mv*>=nm~9=V<26H4DrDtk)Mcyt^|{
zGt_cx97+sS#i|XGfB3}#4rx9KLR?yJ%FGPj;|_VB3Ew-Z5g-}}hw({;;?1b70><Vb
zgAzo4Qf5khx9a$|U^v+1sW?a8RLnew&s2Lts7#U?I((7a#*`(-Xy69KI3r&$9JN#e
zBCZe-Ny}h$0RY8}7Gclo0<V(s-Ojq}p+}w202r(MYk7}v{vhRCSTLlIA*&sl>1I~{
zn1QmE-YEc7dOFP5{PIX1jR1+Nb1Of6U-t3S_Zu7bPQ$o5Aj~!yD#hd^C*_R0$mR3J
zX|XC7xTf(zeER<0)A!R`slIQ>S=&(`=1=BYfOO^M2g&#(TO12WIni$qtn3)5F=c-?
zZyzNKH%*|V+jU#NaxDMglPZt&g6_JQx;iou{MAZka5KZZbKAC{rghHkao8?@O$Se=
zEyTfEFGYE7r_u8|q2C8PUZ^#l%qL;0Q_7yrD2xPjrUxzbpsh)BP0D@Thd1pJXezox
zZ?5BD>J-L<0hJ7=OxwuzQJ_4c@wl>A<XQ?_51gr*`;Lf>;QCE9mdm!hzvXajQy4ob
zfn5DM1OzoYQL)D5(||Ma1mD01nmEhCx~N^M(irBN-nR4fsqeN@w-5mZ>52D*<J36T
zf7ui?aMN}{z5CpTIV_f$6I*2V=$oSnT~p?d!77(*%QsQ44T%?l|I!U(R7jD(2$Iz+
zp`8)!>zq3{Fc87kC`PAnz^HewbD$9bj_|0QaMsCuF|k(d0;O5B$fxD00Qu9{s5ASc
z`pLeyakvYKA76EkubRi-ofnfySs%oIN6C6AvLnfT#{E+q(?h%JmW2p{oFPzq05b{v
zikindC0&Ufr?_rX?My>P!@7R)#SK)Nl4k5B_do?rs-&`|21+-KljMEH@g6M~fR~SK
z6NTt%z66dL*+UOotO^p4*Gmit933~&Fol${8ONi5vzr(siSe{9pfLp4C{04g&G{1a
z3_Kf|O_<)Q`Y>J6L<bSqMrLzQ?Mn&IW-i&%&Mtb#Yfst?Z}C)WC!yFnYI0_1S{0G?
zY=D0B*j@p~hvIfT5n-ltdp$1Zg_ECgYXmoQyk`SzIvCE5C1)@V2oHqGcp3q0z!lSh
zpMkX1t+<C66STA*<BqiH2AzTb_Bv#*b{0ID_V}D^qrub9aD1Bln}cICqY5IN1%#6H
zYy$(jR}F^)o9U`^k{0=MRae4icL5;XeljB0lg>H0L-~p_wG#nJTxGz^<>Y~9>{Uz!
z?>AIs*6~i<z@5NeF1-6w!nkf8<XC*^)N9xEyN&h0@lZW+I75S3i@!PFvQ7U`PartE
zMAW;{hCX1gF(C={;vz3rF_f}$C*oCRIs}R<NGQ0h&&7SGyDye)Vcstqi4Uv7`+LEV
zdZ;gT+o&cI6}01|^K4ZY<Fz{+q<WXkKfWWLp&(uzbn>E!SC`9*hT+{Va>^W=s)I9b
z{KW)q`fvpR_A*}b6HU!4>N__LjxWfOv4wjE3Zmi{YjYB=!J*x*-t|*T<LeP=iTHDP
z=++Um=^!tXZap-IcJWkgMo<(`)I5?qcC#o~UQK9M5PYFrm)8qM;Uuo7n2wUkdL>Rh
zJd|uk%Rp(^O&$>pB?BdA{v2FofkQ!HKpSgAF(i<%(uw$}kC>N}VhXsEt`0I5c%<Wn
zr+_U;&pOK;k!+OSNPmL)dNCHXxe75+Yc)e}VNz`<NpEiT8F8yG&a49AbZq2z-Thac
z9MIa)tN;aT>8#JXZA8Bd%m(k`vD-cw=?-bp!IthPXyP-F=}z0Wu-2rAUmRPDR-659
z-nwhyDIZbH*Q(ma5yr&ds;V?a11zYu0~I0@05lPSF@ST7p?ZR_$QR&4L}GPQG6hnj
zO3uka!v5T%Ls=Tjshib$d=h9v!{|4F_gGg5u4OMrjt(poSzQXHgDgENOLxo`Lz}sD
z1u<(=<D3Us*78ZEdSn4rxsMsx2#2S&$LOzV4TA#f6r_+GC6Xhp2>TqUiFHO>-()T(
zwNG|3;hT5b${?WNmvqp7gFSLmP;r_Q!mdx2XEg8Vy0a4fVxg8K6_=`d;wD*r{z(XH
zQl&aVcdnbj&c;o#q+|lCnk@W~7=Y3S2-kyMiZ&)(){6;)1Nt2F<m*HnDP_lk-S_#r
zfV<ccZfG3Tx)}{^l+^0hsVIZT$f>^9)-K)nq2i7>TPmvRJNvK^hSs^htLzLTa-<pg
zo(@hODLK8`T+`MZwx|1MvZ4^5)2q6Aa%76dY57c&aoId*YBG_dxV`&M3NW1q0erw(
zCFJg!19)G=20(I(ZHQR)332EByKU+QqWzJwKL=a}Th=medmQDSlh{7kDi~}P4|c>-
ze`Cy#FF0nidM1J5E18K=+e~<7%D4moRkWOfk5;gq!n&YRZRWXd0O~b+w`IyHUx-(c
zWA=~%&-FzwTGfjNLvIDjz=WH6)zXEavIG;-W?O+Kvu(feN*K>JR-JxlN0->oG7Yy)
z_#<}&PtYUqbc&ru(m&Zc!EHte<YsW0I<*F}p{@GJL_x5@AXLHsjF}Cp$ZXK|G*tIT
zqfu<njJgO(a*+8z$DtOJLhFm!##1Hnbc!~Po%lg8$R=UV$5DHW(rHmcZWC0h7K=j_
zSR9zj>65MdBE((vv&Yid;72|aFWa~pDu43#0|$F%(cCT>(H#$885Yn<n|iQgpZX?%
z3Pc8Nv@VD?hfN-<;ut|EUclthj%4(T2xDD_P(<=Q9iVy(9Dv(g0npLjuwQ}e9m&xa
z9VkqkC19PIQl6F9nsbW<=%7qPtZoTA**secOB86bJp@EcVyim~P9tSv;UY?LgdwJ-
zSMvZ>K&rox<_wi9vpw<N%q<@v<_^i}d==&8Yj2LoO%swk;|V;%Xt(UhZ6_u+S4ild
z<&d*Hy+k9v!$ZA<Zen?XJ9@ob(&Wv`GeShmhi+@S4uXQJ^6haW?`R{9Li;1J<-1c>
zpAdr}_5M_|9<0>08#;n?|4N$&11~RXOUPC@anlO9xj{2Bf)o>HIoy!Ay>%7x=gV?|
z(N`HbhBh3QjK31QE4gmaA;;<Dv%Ow`ekWJt5z>i)bN{m5dY^U4A?{pk6p#ECvPoSb
z-v@7O0gLsaXA8vn$SOB>CUcJSCn*AKHEtvLxHH!%$RLsl4F<&Rf=cfdh!_S*Bp__;
z2qGsgB3?RM5$y`jY#_*Kx?*&0cALsAIXa8tJ!8Rat;3L4D8p`DOKM}*1(Zg*XGOF~
z+?&@r3d3?T(`E+;3CV6GQXZiOf)RtoZ~^3DSymO0G*uOpjMrt*zw%^<^-qN;0Cqr`
zA*Kzu;=H${Ne(>Hik2$w=;L7G{bQEQ8qe+R;h#!Jo5hix@Q-0-_$NV0mLIpQ!+Nna
zN&4tpIzUVUu(ZHGpMAQ;_e9d?#a1M~jvGGD5R2v}l&-BnRVit2-0PndpN{y$8~dMb
zuzFLW&ptKk%bWt8R5gmEo)lHgwVtgCN9q}u8*yCR@p<lc5wotqm-DFhl6TI9#;RoC
zc@$w+J?sCOVPNQ10dzt+DbQP_!jij+xos)6WS@lw3BIv+!xLfm#pF=wcGda;K&?Ie
zNFBEL`%AiQS;nExibWj3>rFGO6m+u4a37iip-ZT7*n&CZjSOPNjlKPz`}ldF)_v~v
zx{iVC?TlY_nNyoO<G`S5_nR1-K)*on8Kg3FeDY+LuR@#q^GGYZNtxVmITeMT`U|#t
zdFp%bM0(^F8E1<MIqq$wLmnmmerfc{drFECQQ32b-A2!#(a(S)x*?!F{~9#Wts7#q
zDw-#OR6Wsrn<#IHjk+4fMqS;xeYae>VMErB4^0qjONbN)pF(uWDxYPXoMtT5E993}
z1)3wP_0g^bL9r8j7-0pAJ0{;?+=9l^6^7ez>ps$k9|WA!<CsacT<X4>kvPQ0?X*c=
zjaS7|9Af<-Hik}Vu|2{aYIKU9J95)$CJF$HwBm?P16bjr)7a3qctxO9x7c*caDIcv
z6A!dUht4PH+#v>HC)h1LCIGhFyk!FDc{&)Ez%aPGeS;~j+nI%8hL8mZX=g3O1%nCV
zHA|%rI)+2_d#j5%p>=Y<GCM0imyIZAfTe^rpeEReqRLXafx1UTk?i2>GD(>BdUc)v
zc)}X{WxFrX7BU)O?$3dNM>hd{A$8u<0`7HDANUZwm+fbRc3~ePp~UwRlW}Sch!C%;
ztH;eSB25{|y{F!IjrqCBNtg_Z`2F~EHALlwZzK*33Ff+`6-_JyQC|VlR!ojN2lSGb
zL346w54IdB-kgK&J_laSXtp^;Sc*%|nQ`OcS(<0)V?lb!p1q};w%J*}f!+D<(_1dR
z=`@e5ICqm*V@D=S_3e$NE&QqWK?Fq<T0!p@hgz{N?NsY(iAG9oKW%GYi;)%~bWpYX
zSKQM%aTU4(!4b|U+Q;*}*4HmUH84|YzU|f77+?odu$FQl610*8BZXJdwgrbh($Hul
z3^l@UoR}-1`Mwi`cHl@qA(0K=dwwItiY{{x2WbGTdu*$-RkmzyDtP)+y;F@@1810~
zwTk8mkuvbcA-^;U10r-yxduF;3yd1*VU;t-p2Vgg-Btk|+6xa8IG(l;!j_6gP?4Kb
zEyZyZ-KaHSuJ?+b+oZG6<BK>!FlRtVu7w>Cb~_+`f^;h@#HNZPPbXVY2r^@e9nl4&
z0R-`4wjOtLyTW?XTFU*}wUPmsel6tEukGCakRWhc*zyRp!($g9!<~3k0Azu|0hcV!
z6GDhWY#VBv!G$om9JIg~w|!PBzJLaoD`XS<<~1G4ZziGG%&0?Zb*Hb^t)z*#M7@$K
z^ey1}@15qWb3`{wa{w0rg%WmKC~}KH5uu_q(NH!D0Bv1L2k7zr<OTR#Pq?V5i=lmn
zD5Dm?lTBmXrm<#+`KK&IPvo=bg>zEi5z1|kcl1DHMSXk^P*&EehFHNN=ET-{iFJ-B
zva`o?@r5$Y_1@Eu?tFM}<KVUAhmB&g5u$NYP~y-!1GwrR-?{tSciwNlOU^O8Eg8_=
z;1~*S8~2#wRUNm4KGz^?qnYL)1@+)jJ}b{05BnbIQG7gZaA;B!+3wfE$F!T{tAKkE
z)}<oZ_!#&;tKi*JFG>|6%WC9NsutrYSS6$BS-Z~4Y%*Kqri^A>=g*^!;brO0D}eE|
zO`q&+hzugoTscra10s4B4-?$>L~xNQ(6^CcsX*lQF&)U(5zxbI?`UsqPPm$LqIGo_
zQ*O_rCmc4ny2eYD)5JbM^3TJgmqpVZ9wo3VvU`d*9)d3`eIYM)a=J-O*XS@&;4{t*
z6{lshzJ<V!0c;L9@kx-Jkekg8Uah+-9k|Nvs0cPp&7XRC*P-RoSn@uC6rSX|rQp|*
zo;WxS(RIU5?MA1t57*QrC!sWtd;_`nc9-*>qsH*=C}@|Pof4j@zz>GbFK(U*MBld_
zV}7ltr}j2+{G+%cIQd}0$uh7e17Ik$mM$EJ5pj7c3)!AlihUh*`SW#-FA2N1T;))=
z*}wZLiFj90vMa!72c!sQ_$B1{y<J1BG}tG5r?vL0%Ci-!y-Bl(5SUmqRqxtlnL(27
zy7W+6En8%1Fv{$+fGI)70DQm^tu`xWB;!S$U|#mc`Y~?n$hc2W65R<IxwE@FXt!AG
zmW+=o6Em<^l|h47rc?(&ysTHg1T#;Y1?|sSIyraikBVgoUL$4~-G%W14BmimnZPAM
z-9O|wqIf4qVu9CF8+fm}OiY$qyLW(Sc(i9%rO})yK+t-|hAshj6H8ZO;#U<cA5$U;
zHilsi3`upDSb_-3%UQ;-*bwxza9yha%xo|D(ESTkRTUeyB|1DO=Sw#=u(p+8$Wl}>
z=BpvNGuQW_ks+yy0dH=(?&6o3%kFf4H@fel)D{?wa-=9A0+aZ3+{G6(HV%l63wGei
z3~cRr3Q!MO67D}fRn%QZcvQPqu+39L^qA-5J+CJeDsl689I0*dCLHjpEb9O#JiLs;
z=|o)~jnSL`LZ+dpY1XJ45t%TfjBk85g;QXlMwC3he8yRW3W7rrpi5mJ>3_98qP~L7
zFa_+p{CNg$G$W!KXF_<xHOzul{2`svLNV<eLz^js3^rACPN*OP%%jQbtE&XN3d;f%
z(4$1MV-=neEuB8g^Q9>N)f5?wPWIJ9Oa&w>3*EyhYNt|ut8jTfzucu5i7mX})h@tw
zeZ1zm+-j{arKmd5=(7$;<Lmm}@a=CFCsY)|M2ktUL;d3U#a<JzvmJx5<^svThVbxv
zHv7bAE2op#oZVgWN@E(Lpnhu<&<hJB0rl(6l~AZcl=V$?r7X^6PD8F}(^LrVfGSec
zZLx|MxXVKi2#`SC1{J^Wi%Mz`pwmWU_(EhJ8=!iO^c~a0mtagp7lm5Tv+NuwU;HX~
z{f77SV8m?bly&m<IacCiT6aIbbNGRU_QwaN$z;H$Fw)Qq=nVE#JcCpP<mjd238o6j
zYTSM{Z-}09NDw~HV&qHg2yvW5t~(JmBRYac!VB_&WT+)^O|IQ`@dt=dpJOb(ENG=0
zU05lpd6e3vCL#@6!-stb-96N{1nx0-+EFekymdASs_zoVi?MIO<Wj!^Kx}1mqnn;L
zQIG)$h-rhh9r2yd4slJi77L7F9d#nN%Bsmp?<IrB<*2<WGQ<#^J1NChWnGTl4r=BT
z@d?^2DzH8@lQ$d&8VuAlxEJhF4hdt5uhr!j5xY@^Uj@oJ7%J~eLSWxZK3O2N@ddXQ
za%PI<#IT}xN06+Bq?8r)iN`5h*Chi~Q(i~3F60aFtJA2<C{>sZS5l8=k5s~JW-NFq
ze-Ag=0$_M5blais5o9F4SgmPoYsoKmOyHRLT2;}r^*MZV!V)@YmnQiVv33@=90TaA
zun(~PQP9mN!*(r|ATO+!{;hXDdVD{<i)k|<)Of_^I`SnxbrP+lF+=b|CqvbU`I-!V
z=<f0I%t_u4ipBc*DE%-Srw<>ezcWf7mos+*xL@9R{O%}0f==Z8lZBI;Xsd7(H+RK2
z$4zF_@j`EWMwZ#;(0PGN>npwIz1~AZI@r3syIxY7hVUA;KAsvDAL#%4U99oF8eOZ7
zH%pk~zSxzjz67n^;Qhp{kU5a0_k#nG+l3d|I;vPouYC{)_SR>C#lBM_>KxLnQo?0S
zs+G@Si!y9TsLif&cTtoxBo6P1GFmFc`B1j6JxY>-We827d#}552s?6~t)3}d2fxG{
zpd&aX<CEEX!+S|>0uByVm67a_0TNK0dAQ|j$6XPC8<45n@MXIka1MtD#A%C6T(3w`
z1c*l71&VM%m^?!EnGvD9#YzliCW|WYT;JKd{F{4jQyt*n@xkSFwYm(M%Vw8<^D-O-
z_;JVhs3X_fex&e0zz0oBag0e?#{fOAm>}<6cBSEM>ctW~S0#brrc7sD8SSojgJA~<
z#GdI(p-5HRAX4;r3-gJf0sw_g6T+zX6dyJg!*!f(tk-VtOJH5o*5x~RibjR?mN?2R
zilS^Y;UFO_)I9g}X%KNt)*4E7#*psqW_ODN1K1(7bBcw#i4^s;N_=oe8}Oycfo1~3
zP&3*N-m=wBAGkJL4_zCsL#inp)JE@PqjXjO27$}>ehIiYn(2DntT1H&L0r5a&@E$3
z$#m97j9f9|EI1JT2PUq1Ov%$wJi#>~J++S>!)R8o0)-rmu2oVGWj=)&2ZtmSOi?pH
zFFLnDmL-g$^UzTlFu<CSZjm2jmYGy?B}IT&+OH$GInNyLP>uW=8?-_n61A>4%rV>0
z<#gA_C3+p$;Ypm&Wm8h1*t<JSrV<AEHK0b2BS$ks)pm|}$r2Buyy5T&`f_Osh9Pkp
zqvTq1&F7=kqJ<e{eUP`6+^ToWRYB>ls`|XCr?s!!gCqk3u-*vKNTNujOsGJ06U%DB
zjjk!C^(fL19=Xf0e-syPuLVI9FsK-mR@ipkFxt^4h1cupqc;@6bW_Zh6#vY+Y<Mon
z1MO46X1o>oKzEh@EG{25BUAcOS?5GJ<1rJMXRR_&;e-U>-w6+Jyeg~8iwN5S^l3q0
z{-QO))U7W93G_w2DpO<<m@Yu5t#w@FO?yU|=NMV0$TH~3(S|3an0Dm7paen^u667X
zYFV-LgUC{w==5u!@yU9=jAk4j5sEDuf44X*x5c?-=~1x&`loT(nRP}CVJ7^|?0CBj
z=CTRX*@XleNHrXl#NA=FOA?v|8%Q0YPNc)#Ro(g5%YJYZ9LVgbZ5-PS`fi|ca*-lb
zXMusFZsm$a8wGlx3MYS?;sp%;D#CnWb9$r~mMn7*B1Zr+`DN5n;28nGw7EqHgkw3i
z1fx=}n{OLX7>vn3YMhH-2=W!~g?;c3?m#0e@GuqU8GjI>JW4Qksvi(+1nEghFHgM~
zae$m;ND;&EREA0r#sWIyts}<jLh!`p8bAqJa2j}3U`1tmXq@GA%4)Nakuo`|_&^vF
zFKW3m+92r;?jdE&c6{_18}SyUy@!mCWUxh!az3=chJeO)XPzAw<DET2f7A!d4nz@r
zgFRyxLJkol`Vp8y6fYy=Kf$aGOE)>3#&AInsu+A&Rgkn3r--t}P{E1#auY+Sp@t9^
zBoT!<`sebF?Ri|g!3Z#iock*w?-#j_)K6ZK*Erl)yoXhT(sJP>K7l9Q<vuu%W*6Yq
zo4~xHDpYDl9p^;SJSJh<N&*8`6VZxH5jIE_;p%*%>ue4;k0U+`_8e)lD|!*?4FzyZ
zICzaXXK%R6h*?><IbmA%dL)$3qVEr)?~CaBQW-AqT`DRpy+T#(nULcq^+~Lm?3qqI
zly*N4*s$=K$b!60A`}hOU{~ux1@|ME>S>M!lx&iKbRtSFQVVKq_|3!+a!9qptgzs>
zOv*L1`T5!%T829WStEQ5PN|TR*?r307Mnm|4zNdD0bXA@f#-xA-Tey_!tq$KPrKWE
z83wSxDdmpD41LYP27%%yI7@>|uYG=LlwJxMupR2^4ie!XFVKw^x_oIEL#}d4d(+J@
zGxbi`@Q=CWA9K@GNZa2@Y&PygzbzxzP|bG~eZLod&!g{C-Hi18IQsql=z9@;FQf14
z==<+jRh7hI>t=WB0J+V^wZ}9H&`R*4RH;fgvw>)nN7_sTdmfk+yfp^FY-Al+xndZ^
zco%Zajp<t?kVfaMA3;CHn<FCV^w9EP8;EvGehj1)ocp&C(G(^EK?rlX+-wYbbQPl$
zZ#S>jTE_!H!F3;Apz!XqlM<6J*Q7}1LxalwTyjQOfVYM9MzVRMXJxqz4|94e-8peL
zdYPV;tJy@M%XU1J@)^7*m~fcyo!7EAb^uqI&maM_4$g-3y$`%H4y{~Gcsg4rZIocU
z=!LS#!Gee<om~%MO?ar1eU8*Kgw#w;J<HE;1sIT`G)gS0Kly!eFiJ>-YBxzg`O-`n
zG;j;&%S~{3E1a%pqx7_W#s;sQy)nFn{{}NxKY8}4YxXprIa<*7N&!_+yzERsvwoL{
zbSdR)n0RDF`WL25&T-;8{EU^Ij=Y~h$XmviDsoqYq#=k=1L8r=d}z<p=~&qKY`RDG
zWRB3f0kY9zgJQ-@c#%M&vN|lU7fDoG(|WKl*6_$(tw~^65jzW^u+j4SoRcP&aH;G{
z;_bDD2OB9)X&QJCh(ro=;OV!A(HKQJ4Ag_WiI$17K~b;i9-C*Ayv6-f`^mO5?i`ze
zDiw}M;XTF34xIsx9uz6Vii5AI;@<6@iZ>5&4!*+81nl{0uPYWU-4cl%cqeH(p98n&
z{`GT=fL!`q`680$-X0N)>ZRwv@aXI9Lg0%?7b;tYZrP~cl`eCSt^~$u{~AMn+bh1-
zQc*l0+op5-3i77X8$hGcC`^FX5d1>VS>!hkTdbj{2@uxb5y1no_zGpX;I(5Nz+H3O
z2N3}LFCw2Ay=HkBc>QJxt3u#>R~*?42fn$Sl?go!ReET&d)dL7#?z`aj;xXBOIt7o
zWT54OwK@mF5GAA|p4yyL3nDvG<83tMO_~*|UpOo#1ZxOD5&URZY~i<!n(#3c=oCy;
zrsNrLb%97RwAK>Un^4Y9M;zvehZV|o?)IKLibSDO+4Ew)o_7*EaBhZ;(CQB!H4B;Q
zNJRBVz$mUdb!*-+LB{fd<hDY$80IdjkRy2Ru4{A64J-?_BR4&Kcx^v@ZGVS(qTSu^
z9@huy^IKfp@?BJw%JqAPdj<ZvlD>Auec0drlHSdGE>OnuTJ^dg)7927QB7(E^{uXr
zEpLPgzLoyQ2M<5IhtTya`1Z-;dynunzaeidtG#2ll@_PXAyNyM;qT>D>2^_FYD@fm
zb04n1aRXk;IDGEgZ}7YKc89OQXFaroYA6hwMeehio(86bW8)g#rI)=O^a#BWh{YtX
zYKGI!Y9+88@9%us(fQwi8oR$Ch;xqj+dKXuoV&Ww3D^FvYg9`2NlnEso#l&&$8%3$
zUb^izO5v>YByc2Tqv51(m^dlK7~k<MoD@#4>?QXCS(Bkj*9!zDt;8jNC;Rc0D_4%j
z@NZi?H~R6k2zVP07(s9^K4fdS@MaCU-Vy}aMK}sV<gM8KXhKdeXY}J9r21lqJEIha
zNtor+I(0jhYN>4zUD8N7c}A&K()d+C0?7lh5*I`XhsLeB&F_~drcF9;2<KuT>1h@L
zjt<+<EaNX}A1N1kpy%es1LKI*O&gdfey6!|y9^$$NXQqK;%Cf)(q}KY8#USq?g{RL
zP3oB-qh+C))HyJacX4#<yF*o=2$*cx0sXp+`NtaFrmSS`=Y2!JTYHjnb6c|<(94?=
zwFuPg-muxb!OJ}jSsJ^Vh%Ha|j{M4?g@Q=usB0mi^5SNo2}+tuM)gE!Y#luq7B99X
z&z<AE5zL8H>uSZ{-500n!q_*mV8V&O4;u;bM3J4w^XaB@fArZfq5+so5ko<ndI;-b
z5Dq8EhGE~3?iMX?sMgcIZzwLbmyyCpTZd5GU-`YIS5w=)r8mthxVO^yP5rJdn4%kd
z*Z1}#Z#;l^|Cq>g75GA&T)%x+-9YX-Nv68#e!G5~d^O=h@?Iii_?dG6vZz*<-b(^~
zm{Aw!$1Em0(Z`O<IXG94xMMxy+?__|!6S0Ph~5g)$a)3}!dY?KT|UsU=h&5-a0$Ud
z0g~?@i$gc)P>sF>t;D8(SeDQB@BYSM_}bo+PhWpy_cwXhSm6KAMJjj|;=$}W#?p1p
zcae55w{(+|4`<-@JT#dCNZ9xD)z-#qS<pySnKxp4&GDw162-Oc^^;AFOq|qQcT}8h
z?00;W+S^!eYGVnq%9<|AZKJ3*HB>E~M7*_$^`<5oENy!mXPer{W=lsHI1lKy-aOyb
z(utGfB`w6JCHkVPk#M&o0gU{iuC%x44@S84+fFDZzAG2I?c?rs`t~&Vi_HOK(&yZA
zthy!TOL+7t#-nuyr2|aiidHa0#Bnu;;?B7QaGZ%K)-Q#M&PxgEYMQi>XapJ5nNMyf
z7*Akmj*jBsKDATWm<=F|X}}?@7kr7pT@|^}m}W6KI!1d0#9BBQYZ*v55W@$@PHYWH
zf`pB6SPoCgu1pEthS*z$dy)Av+kweH=>HJRA3B331n;(<7<8xRklL=?sFYa{S90!_
z<TRHM8ZjX9GQ4*7RD(?i>UR3%>1$`7wp|VzPOk@$^++9JP=9h|_pMJos}!tnIj;5a
zT2>3{yf%Anw@*EMH*$kb&PBTwFPQJURd=FWM<$?_WT(J&C-*p6-#C!U_+9h92bce6
zxz2O8`-P6g&vUl>+H3MSL93P%A|Yogn(tc=&hPd=IT$V}`DAQ0L9hxoO*0iW?oi*2
z%Z@b>%VlQvy1tg9wivX6=YJ60?y~h>^IjWyJ>DBKHy?Q2Hk2A0N2t`I-GTkJ$1OVv
z#sQ?caWk4N;Tcz?1k{xgU8dyH5go|%cvY^KRT4&k#(Zp)<Jr?X-5Y+#0F_|q&mieY
z8nGaI6034u_~7(@ozG)tSM)Z8`;8W#Xrg656UF+7m{e~wrMwAfC5%h5@&+p$*p1xT
zEVIwFhc1O)W|!i3UQwrUx0ZSB7bhf&W=FV%tZZo<dqt6S+05Oe73*k-iok)dedZmp
z48HhK-sl?2{vWxa?8ZaE`|HJ*hC|SsYhGVuph(M3z+JFng7ylB{F@s$;(ln73go)(
zgV1R&r}&RfbNK<qgTY+*GidZeL3~7)^_*M>jp@9#Z%4?uoQJ(@aJYD9yAPa!9sNho
zN_RCwmin=Y(5l+HE@ofJqPe0h4{Tr8w~UY{3x7H1%M3bT!l*X(470^&Gq@Ng?TO0K
z<_ZEexP1m{DAXFGY6F<w;`pQ<C1|EVrJ!r;jeU<B$XIewPj+pI)DD8#PHE~~FXd2i
z&d>dDu>;Uo+K+9%o;csKq>96@E08~j>kvU0D3Vj=2ks|#&%i0HLN*}2WjZbxF98K{
z-}d?e0j1OJ=_o%g2%ji$eIhp}h73glK;@I5JZnoaZ-_WV>Z^Vueia8A_IQa6NsODX
znH7*AM0Z&>$L8ucdLg`@q;O>(kd=0A+`KNqUA8&cHSm!O=MwXSNo|xjbxScTE7C}r
zRmNzva}`oZGsf-nX~9@hj!4n;L!(ePUA0dTCDNsuYKlRVJmJv{%<JfI4k^$28eLx2
zpmMxx>yd{6Fsoz7IO5qMx>u~|oCX^>0`pr0ek5#S9AvK#_J*&W4PL8W9}azj1}eHz
zK2zg#IWj~nl%}@NNKhp_z|5Xz@#GmWDly3qlwtwL#ReOS`!`pLzH}#4zU`3n4U>2Z
zGcgTa9VLQ)j3bGgaedZ?;!a%KkY~77Q?HDO+Vg}));h6lFwdZd>kh<IX4nF|ct&Wt
z=dDXN%(8)>ZQ{0*(Cj>&Wm&fL`7p>=MgSS%wvs;HOs~<9-CWU!8v%?3zFBex^T`T5
zrT5bG6GdHB%~Q%b$TXhZ$CTd)wb(ayZXcqbQEN!~MFYyoWy!{qV_fnDf}TU{k{~^^
z&Gu-~=RX8Ary$VSx27qy&>Z9=O(?+Hie`}4a+RH@j5Jv>{4{Ze+B*9Uok0t;XCSk#
zslgqxwd@dCr{>Rcq^#_CWfOl!X$v<7D^sjB88L&Y;Afnv8q9fBzO<3cEylg~DF90b
zOBXw=ie{rE3dwYJCHY&u8@uVilj768J@?MNJ^uQ}{-@n(luW^%@yo7;G4lD7&z`A4
zEOTqrbGq-TP_y9XjFUbqcC*=IL^p@cku75TT@W8>`@1c*E56SihkO++Gd<IU<WC$C
z8+}TX)fI|+AFEWds@%uGf8Bx?u&Y5?dGe7q&)g`fPKs$wsuE^BblZTN9l(IHp27lQ
zZC+&iR@q&PH#9Am=#J?5_7&@y0n~;V8=J13@IgI#J~Z?cCo~SHQFacq0JJ1<=(Xze
z?D-;Gb9lll-X}NIEL(}(T_E~}ckV!Zhn9rzh`fmr@r9i}LM!cPh$1Hkhfdt0u=UT%
zqsSwd15+Wq0#bsmGVoRaj9BunApaB^<8TW;CzT>}<ZyQAnIU|xyPb(c9%11i+Q#l`
zT0lN0n+}E9{*&@-(Q*Kg$t8xZ?G!v}AR~&Vp8%kxtrs{iFM3)w9s}yupf+v?G?TRB
z+;-y*ztrBZ%9!546SKCUc5PYQ$CPphOX(t@DTp>XI&hCrrYIJ>=$*^5Z@dwnDE5Ze
zancWqPhWIm&BX!zw|55yN~?di56F$PX0b;Fu#4d+!)&h*e@+H6&+G%k=5`(3Pvofu
z5hBSzQ;X0zN&;~lWRxx1{n3f`>?$OI^)b}2IK%GIL6dfbf&CC1dNorsRsZg+J}}kS
zBqS>DsvtVBC9>IZxpH#GT!9L4UJep<IoEw)g4jtx#m@6)Ya}48q99BX9Hwanil@@F
zx}k7o=tKn2^k&FRzqxb!!wke`f}KnSU$dEt%COWFUW~?&DVPOVmlg+7&jCJ7k@#PR
zsh%4Y#Ce>tU{gXT0NKlqDq9!6r-SEx?kHEXoUQ9dMxy8as0F=kTt=^V5Bk1;HFo==
zDi$s8P6q`T-X=x1sJ3C9(R*DxVMpA93v}dFb;E6vup92d1-eng24{=i%lG7JqbpZk
zUq<Qqi+AVpd0U4@2_$n|3*amvpu0*(?oReWBR)d~i0F<COjen<-AP{Qf#7CQ%J0fV
zx1$1q)B90>v^Rv60qoP>u*d8;T0RRV2OjiXr)mxnPE{?4Ma1l}@Bv14(ZFB)IK`)_
z|6%GrNTK891$U8a_9X7nNzX2woV%;#sGJqu$GlG$Ci!vD1NXh}fkOLEJRb_mA@e|P
zc}|4fib8_#&z~=Y{<!Zw`{VgcV1n}RSL-G83;wWnb^F_=v$9+T@5d)Sdmv(o>|EN)
zuVm{^=j9~qmwV8k+BjA=1IcJ5<X}>q7FFOMu1lz)yyq9`-zr`>e9~j$xJuJ0+9x_#
zqZKkE8w~{X%&+3==4N%p8z#ttwa}#ywMf^kJonWS)~Jy~61?)smAxAfEJmK50}&)m
zNZoVuR`{*g=|5TfWRv=!W3~?c=EmPY_~iY2Pk(Snkzf+eXw^wA!I6MOI4|O2jXph{
zP2$zXC+T4Bn9!{Y3_i2X1ry&Dzsx@Imabc`d7PCY33K0j9@s_ZK11|nd7Kfe{X#U<
zRo}l7cVYiZ&rTe<D|gqGe#uVEv*$q<+;^l87fqvUyC%V=oZV$!aw;5+9q!e!h;^JJ
z=lGHxD;BSyW94KT_RKx#vuI94RXuUdZf(b~kHm--tIe4BOxgFXvt*xMFN>hh%VI0V
zVE;5I+4CA)mS^Eh%CmlV4H@O(jGqTL@8Cy_mx`>XfTnuexXi=vD#wW#LgveL&47AD
ztNJjXt1P@J-S=0+(J&V?G~7*}$#nO~q?|`xf=B7#$(*1)I+b~igaxglGh`yklVz2!
zC*>};jRva_w}(0azsuNIrq;{{BzoU<>-ABY9<MVHAaalq$ZeTnE5UvUFdX2+U6JGu
zX~6RpVE5q?Y4$!wD-iTZgE?TLhJt>taz*lJyNE}83-6_A;|(6-DZJA)Wvichui_Jo
z%&-^2HZ*&%KT7AHT5G-SfT0ZCe9fYFx8li3y1O-pZPfdGQ*%|G$0tP|Z#XcI^A@`R
zou3_SF_D1OjtzM;A*KWhD=t$i&&ZJl#ao`qJ_Cx?6aBRlUx{4j8a;{o^8#|+i%WIY
z=U&UK5BkoCTZt8C8*F)bZ&H2*Y)>ys%wvU5e|^seUC&Fct!wur?$QgaZD;o)mFruf
z%Jr?C+xHhsAf=9;JY3iC@jV4jZRlO|^#0|CO>YMBAS6`EnsCX<p#hUyg#HYNs%8hb
zJyb%$eN&7vLVV^SIm=aLbkpPn0vk!uSu08qQ=7Ca1&#%qLEy$jekf^Z@QcTE#L}1f
zC(|sxh4VmH#`F#OE(ClCA)|1lGzPa}+s6=OpCy2x&hfgg&1P{=09bRzm{=|9=%SR}
zQ<P@Q?AaG~c8>T>ePIL?U6gxZl=ki8SMw5cu|zG4-@qc>G@=Y#Io(x0Q6IFZ8EeF_
zCNdo=Q4QIMZZwXgf^aBFy%P^u)0GvF%4zML_t?OB_hu5!?p{?-3Ofh*-AuwLUJoeY
zHdR=~JqYUH{oSmWuU26__n^hV@W}!VR2~Nbm?uQ*b+Zje)EhGxBgLa5fYTM^QeLle
z%?HT2Cg)&lJ<b_%iS{^q-ay`#jI&GaQmh1=b*cybqe_U9z;%WRWptQ};NVFF*${&+
zF+TA|6N;M>G!mOBBBSx(2`qFc+k3Ai3<E0M#M<inM%iGIu{4F$GX)D*fj5jHD_dy2
z>+00a^@-^^eoqG%?ljg@4?4+L|3Y0t3TV1S^mEH>w(!ZC#0VkCfl7!%WG;sg3=lP7
zMLMZC9}*G9TpPgqlkq_Kz9uzq;f?vFR1;I&aRx<fl)Nf@fr~T^8^BvZuxaa*BtDUC
zO^N%E+CA`m#Hk8bSs@z<e+R@gwAn%pdKI}7o8z^8EfJ5{tR;TuwZuG?UF-Q!mx~25
zP1pyl40H>YEU=ot1deN_NWmW1g(mONhvkut#7)X-jcq3u_zM^dtPfD#JkEiP5->d}
zZlIj7`+Xl6RGKVv3Gue5Px6+LPTbBIb66XDm=kBw3P+O;$dFc466I4ahs2)*ITj6l
zvAgN;B*4wk5v!}gKtSqs;f65rKK3k8`XNVrFuWNyVmK{WHkzKwQ<q?V+IIeZ#umhl
zZ}UxhuO954x>~?2U;=~fJG+GmNp-<N;{p4#r_O_DQzq+0eS!KW#JCO22#V-6alcN(
z?HrII0Cg>55-_qGqV?9b>)m*#<^&<l32NU3&Xa*G1doCvP<K{45<t%<*zH5Vc*6q<
z5s}hoTpCcwX+oj`85hWw7$@0MV)X_WSuZCUH!>njgjIf8ly1!Kc}D2Tj<H^y=99P=
z{hM$*v})AP-UxdcG}GOSks~ZHaE64Z?3^4|7KWVQX6JWGi0#G&(~xoWmC;CaL8P@I
zEhbIjBFAw4g7boEQcw00)zjn(aAKG_-VuieAO_|LQlZYy3BSer2eHpRImob%u90}x
zu=+htC^8-Pj1m{Jg_C$(%!?WLIhIYyqm?xYSm+~_+AO7dAwFmsk(edX7|3zFmA*VC
z3@6El%x;G6oACzDOs-7#6EM0K;wK518L~|V8No_A#kg_#)-3du$w1SJ*bS)ejgAs1
z4{Ip^c(A&b>BM8xr~tk|!)MZPcSc;=x~Z2KVA$+{rU`J9lH|m`sg~Rd!F-qn!|Ay|
zQmbwj+gy>*XzwFX&zG=<rceB&o5T0;WxVhdXbAaCOH{B3UnION&?YyJbchXYL*9&m
zy8@O%Tx0dtm0jBJ;;qk@!GPS?bWk3B)-|BJC;9jp;D6+38K#P^ytSc&ELcqJeh*!H
zqgWuAQmsC1Z<22H@Dk?w95~mjnbZ_Em$|*TJF4Pl4u`aDYVp*WxusM1s&+6DKevUk
z*?xQ23&heb|D<~l-zBECAuijjN2oX>Xsss0OPezxm5ex%LD}PMbp*-?&M5%5^btl2
z!Ht<cLokDMy#QrTG3JbIbBwPA&IkmM8g5-+1p16Tkk0*+?vX#vP8m=^QpgAmZJCVi
z?+?T`|D*@?_*s#~e5VJmP6`{e=DhC`cLV;QC9<L^kR&Yv$reKbj?>;h`rzW{_mPIJ
zBlT!%osu|O)>};>FVcv?mPmMEPLJ6IlZTs1leX8ZA!78*fq_6Ds;1OpK|r%DG_j~9
z%F?qbTHVW4)Qfh7i;M?EXjG_YHsoxc)#BGL^W{ihvEuY2u=YuiTEL4^%4GOdQmX(v
z1>}a;7dwK=lVJ`&ngo!FJ&+fQ1z~6O7?GXWsBwH=pAZ;m=k+XjRjpAyD3KDV0&0Ki
zK-(m4^?S*~MWAy?BlT1mGZ(*n)_A#2U^=Lt70abX)dBz=_sdWy242j8*4Bze0qR+}
zcnx?YK)S#=Gk}RQ_ZHxCy;P>uBh>p1*|TH!r@BJqPsf@Xc%R#~Ck@2SMHDI-?)bR*
z7;IrP<#5~dSwK19fs>Sg5RLOsLEb2*(<*O6Xf`Hu=<jh}8{#2bWR%SFtirf*rRoi^
z1=4>oNztG!qAlvNN&Qgo4%Awpe_0Y_YH6@-G!zv&GJ$ESVjYERodxzI)Eia4D_7D%
zYo}wyg*zZo6Y-IWD!8SKDwxGQh-7=C%4Gw^D3+9A`C>;4>MS^Bb*&6Y?&q~dw{9Kn
z9_6^O7a7=Ys*Y5jql6cUm&4$fs<t^o%W9313l`7_d@$MmW?D>4m2j^Vh;9;d5nhX_
z8{exjTXgJ6ID2|oU}O>MIO>BKSJ=0VyGxs|<gDlpqs`yMAt9m7(t|6*0}X_3e-&)1
z?XNOuBt*MoME<JyVw>#1FRf3H*3*cL;Injqx;_YJca3ePA-L_<V3b2u71U!ioIrbW
zsJ3^qulg$$sx*LbcNQhzGK<nTe_+B!@PY&tW@LItwOt07Q}emw>K$)5J8#@!)AdYl
zG5BcT&}a_`O1^?SD4*c{?b$u5mg32BtpM+Xzk%LG?Bz2dgn`LTS;r_=dXt&Ytio{E
z7!u}9q#@x=+#HhYCOvfHATaPua!{gH081t0C?z>J&qYCxiQQ0-$XFmKkh$)IBRrXH
z^VJ;5)g(VH#`&-vN04F?s+uu4DoB6HG|+7|9%AA#_Q@aW3k}qz5sZ}fg^{`>$-5n}
zDwiu*``)J^kfr^Ti*w^YglbWQG4juxSk~rJM7q-==^@Xl<s?3}2?^m!itdg4=qafq
zB$0|YRb7VZy5+m|#3<t|-`jKW+UiGyXT#LLp)^qUq3?z6L*LuE{g4iuqaTk+)wjWY
zC=A;y1P>Bir%qPo`uL>H!Nmtzl~%sn=qOND;21D|=4;aTUeYvf!RN(1NU_eU1<=T&
zUj&M&cR&6F#p?tW>&ywUifzlrbv*+0o#`NI^9D~?z;N^%TJCn`ZR9>6-677ONeqgu
z;@#z18znwxa)(?Q@NvODiIQ&dR&=eZD~{yB5Yx&6B~C9Bh*IWAWHHDVj6@V047RVE
z5GZcu$Gi%+tY?UD<TjJDK;;w2hZC8^Pezl@X1c*uEVR-VysMF0Etm~S!;Vr48+CqN
zj5;QI8|S~MOtNaXh3=L(^=J<GWKl52!y&%(4#$e4u9v<0Rp1#VMSE|;oEHod^}77L
z!yRf4-ixrbb5v^g`1p>L&nE7Y=O8Y3Kda#x(zP?H?{K7+f`!IJr-S|7-TkXWKkeuC
zmuve&QPeuN&Nq8yclYWw-=I&F4!_)ZTYqsU(f;zLZ|=;#>CACx?)xZxyk5A!KD&w*
zKexr92p@VF?9k#I7uBSyZOIt`3#L_eiZeCKFdOAj>E!urG2F6)SaE#u#nOG1nM9MD
zj&?H(d6Zr})$3tuj#=Qk*zJ11X;(oqWVeN3YXy`j25v`viq9p1m+J`tQ?dOh>w@Mr
z8S?^4>g9^S6~e1$rQFVIW98hpIqX86VmgfolRQcX^;Ji;_j^T(`E+}Hosb*|%`jyZ
z3?E!X^ZcrJLs+CAKYV=ucSh+Ci^ar=*CbFNt4BNq8;+R_YX(xW3r8&?<|W~WhF#b`
zE&20&ybi82e&TMlaXFv6e)SJZ372cbcE!<IuZ*Pybm#Y)X#_-O>J~xeFGN&;+_SXN
zDoCCed3b<x<+?&QtdR$|k9{FSR1f>+mJ~bE_@Z10h)_oF#?opSh4sV&>gw5NEs8o=
zh@!?-*kHrH>kjuO!T@ck+)wUz3x7SypeJ5y4eLfSMNPLm9%f~YHt8NrJ9@2=>ZOk(
zoaQMsGe8g0!D+Ta@2DQ<GXNM8i@j^4Sd|Opaa>!4aY*K-b^Hw#IW@|4VnF(BBML#B
z^nrJR>Kf9!`7E!EPZ=<YlLGJ=O2>oiWlyXhG_;qz%RhqvC(;WkL+JpqN%<>MOl_M7
z_!`Uux_}MJ*@V1LolLxWiQ(6(WiH55l^dqk4B?>X+_)z=U;hkLc}@48nFM{74)`y?
zKDmQ;>;|@70TkY+X3x`6rPt7pfwery*?mqalBk$uCX+tIwt6NT&50n|D%CK|2Qh?%
z`P^}2%KNg2PSSCzAW1czqxXWINPg<r)7)|H=Z)eV#_pdhLE6Fl-Z)Bn+NE9fDpJ!$
z4t9y{Z8bYa%T%Kc7ALNQZmb}Rtx_A?5m3_wVAM7k%*Has7NJoRFFA=P5JrPh{az|Z
z#%xytDHeq8r1=o+8|wzW4#beV0b|?!a;hn?O(um{tJArerU0o|7*pnXyyNEr{bAad
zAmS+{;*jW~Eb{i#*&?yJn-?Xkt#W)Uev&q_o9iZVKVYSWmV}&k!&GBX4B2MKxU)d*
z(M^#=K7sA<5?`B)H!`89UW_84Nio8L292!Ol<}Ifoqd6ozmh?R;E#y2_(Fhm?NBbX
zC|}x?3xO$FGmI-EtqH@yhFj%|1a7k8or8=_yy8VT_Q2+eu<=%KNQ~f66@b)^O^6By
zGmMf%;;QWA%W{0OLm3$xZ}FWLSUA})9{iQNVKb~Z)j#Z-jH)p5pk-KK)(X{Si==4w
z4ogwJMUHyDjJN@Q(#PR0NTO&W9#EKcBS~Z=T`qadPbr7wEe7nN#~M{o8@q;ZDovrl
zF>g^)=8qNo{YE<1w?m!l+dH@6_3!3K>*MqRsZ%#;T1{}Azl^e3QLCC`f=vZD0Dv{f
zEI_rFK!`5GsW|y*1v9i_0!0CawRvH9>s1~U04)<9l?A6ae?E3xk=wT9T0va_(;meK
ziGOfbJ%hu{_6pacn|$<d_;{9Qn0BNpDu$+p>n;<k8^;sRaWf_q@yFwulY*q2-6R}+
z-oK~0o3m<Gp6w+cx&;K^Bp@U155lm9P=U#5QO?j*QDPp{YCT_aoFhV8!!*K9Oa}Sh
z@!p8GmxuwC<Q*>!d}ZP<`3!{~vEsYt5S6f8QK$waSVu>jx#MSQYR}g-*o)GKp&Vz%
zu7~kL6t!y{A_z?^p_7m?r}so}Ur1yYL4=zf2Ae@vIWgdg!HLC{mBWf(EWPF1D0~l&
zlRdoINenHJ*@V(>S!Oc4{DTy93Dsfmd2Os|eWENi!9{$sGEkbWln95i*Bl)^+7RBi
zpaiT7pT+EyBT-Z?gEbx{t2LRY(Gq179ZM1Lg+hzcCwLeMzawQOL}ij*QJ1D_pdp3~
zn;2t9fcDqv@vJ<8yw<KB?NHsZql7jVyt+`6Rhq*Gm{*gXL~gbee3tHzhmo;M;0=M!
zPvvT&lK(=LqZBWdN1<~ba92$6csoj(WH_6o;6YC*nrQEbsx#u14Q8pl86(GgaF#!3
zKh=d}zTM7-WdUFQ#kuc~3{p~pkU+^tmlDSZ6S(DCqwXB%_0(uEf`?Al-JEmUDk&Vf
zDk-N2-;w<;SAF40Sw3s@0v-Zai$~)^Y%SJw%zkaNj!-)zV&cKOfHu|5q*2pPdgG_L
zyC6Kf68wa`Q!>a%%wQHcWCv+zRoi&^VJB<YXBLaav~0{GJk(hned^_uCnI#?>|ysa
z78_`7#Rf~ddHjt+*EgJRU=LHv1@LyAoufE$Zi}f;V-_jI*pk65c%>j^+Tz4aR_bNy
zmBEQ}_k4Q;Du`j`+d3OROG3<boTr-!HbE-NE1IC5ms?-SNN_yMDw|@u)8T<_V_$PN
z1?bT%b+t8fkQlOdzhgSAXb>Rig{pt1`93>_HT*=qZz_~pB@@XY;xh@sgpzcOB3Qt~
z>nU*5`)RaO%_Hkoop`_A(BseBwHgW?el<qHBJ4(Z^;);H(4tv_ha*FEm<=x4@loQ~
z$9!p0lEAD|d<nXP;|dv5bk6*O7;L9vuuZbbgrY)SPXk>bERJ-^8%Nbx!D+TPzvjXA
z*U(n5KJ5N&GO{EX87+P@e^>)KCm=b4{n5_CiGo(Y>4VVPR3e`0qK(2B^sqE@%~MBZ
zjlj626HB*q6c;~fwLxR@TJ<wC%b)n9F(DPlMrHTnmo}>1muTa?-JsfZn;Wu?v}8oL
zd_VhELj@&s7ML7Dwjp6652+}OqA#MI`ih9u;^(L=l32(^p?Wh#JOIUK_<GE0fp2H3
zX?VL)Lhfkl8^%N}Y+-NMt_p4FI#+BQq56sTATm{8XBfzzz!Wr^I#!!0mPa@ZYvhg)
z@yuXQk#lDYbFk?e59An7S?A+t8Uu&(f{Q^0*kYoHc0Z88kxfE9|E){OKuCw<`yj^6
z<VZ8Qo=JpQSVl7$U_1-l0;|$;@T$uI{vX#dHu>SyZw0T?DNy;dF**7R1`Rq!qZbsX
zRtgvZW?-=yAslUSC>rL&@z&a0-{GwC<HB8S=Z(?G58KsCq_gMJt!Z_x`J_76IHgYC
z{;iitC>q`4=ji~}ag?r?uaX>b<4roWUUm_o#`W1@4e2HUGNQJ#-)pw2HaV(NISTjE
zDBYMPNUda%ShaCuh8}gSDK$BB_9C$ApmN`lb;>ICdV=pGl#VDBjHA`t4T2nCrnd<O
zD7%Ij`Yb@ja4lO^uHkP*q+c&$#?ZvvVSgo63K8w#E!cCLX~g)Y*(jiBi?BvJiZ&6u
zpqS?<2;@+@q4AMvjygb8pri5(og=(J6~>crtE-E)D*GRmds`ZxU9|C>l}kRp6T+rI
zp%=xs{LtQz;bMhgT@*D{H{VRTZRq_i%@jUxwCd|m_7cK5&1pHE>h=m=+U);`6uJ=$
zWDML%Y^Xma#b8z=Tja_dAER47v;%Fbv3lHQt)^wySoDFhGCO8B4S!Y#MT!t;F^KKp
zWP5}2|DU}l0dJ~GH-#=XrK}Z{0p6u-DI{qVXn~e?C`)NEEv1x2YN<(^Hlb-!nxu3C
z3M#8so&pMtfC$PC3L>JcvdSh1SU&_&6yza~ab-Y|Ir}~L=9ZRmp7Z%WGoM56xo7$B
zIsf_3zn>%;kBh)`b1R0Dkg$L;h8LogkK#{o&Nns@&}4+vxtIcI)#VaKNl8#eTagp7
zjZ}<7*NpopDiDBFN5GWe8YMYjaX3*kh}4w|qP;|S6ao2Fa=8;-OVM_(umsY~Mq0GH
zXo?uOy$GeXB$$C4lJt^zhM4P!&m=kMKwwI+TnCl;4JG~x(uuns=|p?~D-Weyf!U2O
zg%KG6>gL2<fk;ld-$_*Y1IZ6cE8Z}{fOAxrh4u2HxlFcdAkNgmr@IyS^oBA;VneCN
z#J|83sWsI32k8^Ug>4vP?5=|`b}KN(|7SblKglJ_Ss=nCHw>Xj9}Svm4`8~i7IUub
zEM~<#{mCM!%}`J?LiUD-vyi<f_Uoe|)~geJoKVStbh^b<SU4e=HBYT{TRqaU(Sek@
zmF#_TWO}TKEu^+aR0aCI688(fOSOhGGa9r~6o4Nja@4Gi)FmA`0~it{7v{x;C&1Ha
z1az6wnH?^tl}xH3fm&@LZ&hGJhZba3ELNDM#0oJQXWxZXugqh0B2AqG5Hl~BJmkHL
zygtcI*(iY(a^NMZ0%Ac&QS``g3RsJL<fZ0>&JD=2Pht}oY^-}Uzer(GT!NS_NIM{e
zb+*u|2|XqmKAD1=Ss(12n*pbwCcb2OP!hLWykY`seiR-QyEE6}g}xF5$#8pY=SKPx
zT!A@SA$ux!t046CfH`aIC@5A;lLBBBvM^4$!Dhe?OF|Z4dfnOCTw0V&raMMyDij46
z9Zt~?ozk(dJ}(*&_jZ;9PEu1zw$M57g*vW0-_F9}lG;nG?r=#R#cu3UFtGgLW7)>S
z0%i9QaA+#(?zdFZFH-Bep^pZ_SdN=iY^;+sc6(gKB-Je1_jsNa8!FE!@l50LKVzI_
z`Now;kjq>+!i&{{d^f47^+9boSG-g%n=-8$Mm&&6AG=3Z5uz7PzGG$x!QE)nps*ee
z6pPh{Qy#fRFa=$yz}8-r>)F;J359)UE&|I~H1L>k&61wknd#v|AK(NIzz!_Tvgj<A
zczsH@bS}<GM&jC)UHJJ^&NMPHCnYT<lOAvMnLD?Ty$6YnI98Jh5dGn-Q=fc(KS?Zm
z+>|oZ^4Ms;2cKBQx~kK&jhLWBM;(rUkc3)@gp(V6iOEd1ZS^us67mKqg&w--WUv=n
zCG@N_qG&p6H*>t98~9h~hIXdL9MMg{=&1)4<oTYklnu@B#OTHGPX-bjgZfdjIJ3$c
z=G#Mb<TOgD8wu4zi8r8+otMj$NidMXCJ|Qw8^!GlO|p1bac8+_GYZjxK2x9@;c@8O
zi64-b%EIM1XKH?etxUZSvojIMFgOZZjpRJTm(z;T<RmdI@ngYhkMNz%*kgx8|MJ#r
z&{)D*lA{NwcZO5}`jJB}2J@>?BuA9gn~J-?m}_1DRqc@Opq2(LZy8VI_N1HoLdrVe
zLigmG7WI$fB}8kgJ3?LHg5x=@1=ty#U8yd`T{=r(8kCUMVHPY90|bvj@EAE9l>>n%
zfe~O1jm&zU`9OG^3s_!{l^HQ51A~bW;)O~fOJ~dme}sd^;ac!yKu-Xma4oJ#e_2uJ
z4Fc2W9d6|@z%Foq9%HyLiTe=QCh!5@!htWr3Q?<vUF<0aiC27Uxk95@SXZJ2wV6wr
z5U0j@!Z5!`U8In^wumZ>djr%N&KqY*Cfi-F*V7HpC0v)Y8Yog4YO8RH1w_xFw<C;)
z!nY+T9~TqNgs@|M9&Q0uQWhBG;r8M<7g0G%NP#pqo@__u112XuV_0fBJ735nuf!y-
z8+>rD2geO^F`SgihT~BnNIqRhxt4~GGz1c(3>0HMu+#|#)*cd{V*rp^17{4p&-3D=
zN?`?{oiS5P6NIlIMy=U3VbqtEIxDe2V2%vRXn^8j6;8e{zFSc_9-?c3Cr;=V4mcQY
z_aL8nzzYFnC^p-Xqs|1c3+`<k#xI@&6nmVsDyaa3nF!=jMZ5)hXKEC8igXI(EKtG%
zmOK+VXNqSaJFa0v#AEy5eVoWHVen|i*NMpQdOY-3w<6bS2Nu>!Pz1Y3;W2PUl2~au
zbVO0&!b!4uIH??`rW8dYT)|`qWqeR_-I5s0Md#+uB5K4i19b2@3yHOtPr`sf?ZneH
zid7IQ3=l)AB6A)Z&_$Rkv^(e`!Oe~x+lfWP25-mhA-{kT3&Uhwn*0GV08&7$zlB;g
z@|cjIVW*CfUUx|(Qr<;c?9NCjhol(>Ei~Q|x^522d=dQwQap1LB<DBa^rBdkB6F?{
z?FcbOOJpqUZdMP!OHa&9mY!rvKtph$(NqdD;^2{5zt~lRXAs?n3&rdRf$A(IH%_7Z
zrXUpn-)13R$Rf>8ry1HuVF6F3&p>?HM0gni@%6X+bj4C<!|6dzNm!v<<SNCKo2Ir#
zMlCR>cnzcVQ6%btJ{v^0Npq>o4inzHndR4aT=<Ma63{xq4^s1)j3`Tv+yJ<f7|bUi
znfZDeOa+KxvTGtVrs1o6@af18R?hmOW>XqULf9UZ&yfnqct`4KEJ<&@L9!TnLwLeK
zL|qwgX(BooF``7w?M3bYMdvaJm#4IuWw9fd^fA^^&V>@ao?4b}1OQ!PmgHAbW&!|r
zKEi4x({0rugC}ve6UDWGfLJAF=8Q_rNX!@_8Y1hMbHJ!`>9|O;vx!(4<+XSm^Z;Vl
zLgc!NndX#U<)s#bI>?)T7MSjXC?3dRC(x96q(X_c*a~$sd>y?U8WbBu4&O-hH$3>z
zMQi2YY%ZhHbygNu_TbD=;LmKzpGBydR}3cD(4ifL&pgg2nI~pJS+DUv-Nv(i$&^48
zh1tL!WN}O*GBX}zX=rXug2zTF9vgk}nCk2l5jn{x?+Kia0>Cu0qzw=QaCmv1a%Qap
zAo}OBL~oKpiLRjGb220;C2i1y;w#ePC<6%4R}LO1;<-B+!*7;&eE>dBjqmdkwJVUA
zT1#nyqWhUCuya;E;PtKO87vBPSaX<j@m3I3^KiLv3S2aKlG~6FZKx}wt$Z1=pO@R}
zaq^3p2fgHA3@=QGtkj@@Ymn<I0hFc~23FGKsK``qbryj6!Qn&T%QRAEBO*>scMz*0
z`v}qh^a1c;aAw+rqJ!)U9WHa8!)~b`sf*3Ig-|(98ZbXvY4N{^*rs8LgG?y{e&e^$
zJGJZo7*sPKRFzz;nJ>0|&<{u*_Q3m+0`HdK8staKj6iUX9Fo_J&4(&H9)EdyZN|yh
zp_eDe|3W#0xsWsG61$|Bpr+4BgSabnKcfY*<sLguJx0l@Xtb0}HZc;=sV0v+mC5s3
zX~IOfnZPo59aa_-O&K1x*^r*u?n2@e<htNZ0fYnMSq7Jb+z6mFuIT9k+S$l`gNg_b
z-^;NbmPyDYo-i1af_q~4!LiSEktWHgM6pNiHlX85OZkzZ)lOvbIVGiRZxrN8LS1;O
zhiQ}2KpNsb6j3K)$WGm!(o?sm&#9Z3o>C{{$aW2MWX|a>ci?fOYtoRDGqblvaM7^j
zoDw6J(6s>2kFLNAV}u8CBsLSq^U~04(vW7D1pF{-3wd?1)&0n**PO#$h(t&aI?NOz
zX#f%<c8(9Fp=DBMakWH%E)g%ZEdoq^Nx2TbCSss(IF~e0C>X?~G_px?XvVM0jGQp(
ziW=)ON#ZLSk0I7n07|WaxwKJ=Ho6;8Em5qwA8ABT@~5y!7SSv2L|1DV<YsRf5Qrei
z1oQ|Waye2yLpd(Xc!zk?lUSm#+eNjD96qFArFr9(YjYsihgc?rSw4q!9mr+M!Jg&T
z63H6VLdp47-?+#$=7oM|%(Vd_V~J~`+#yOdEMjjHcIgcZL#NDISuwh-MS$6Nz!96`
zluFsm3x!!I(ngw0zDFoWc?=1Xth0S^{)2&3l{f;+D_GQ3(iqS%L8g1;8$im1Tp*z9
zz<{(Q2r?H%KwXwaz7ArSH4j}X&n^mq>JoJ@R!qgl#tW5j;|N(#0tPq^GQVBT&}<i%
zJxR!dF*0?$%?5o~P?lQQ2kH%!pvtfS3d2zIVGv-;c&;T*ECJtC3F_crwkwgV3@!pK
z@?1FSJsJT#TcNB23Rs1SHk8L0S-guI)Pj>=StS$>#Cl;>?fHDqP|?IStAw2cLE(Ot
zz}%5qVp+B#R8;IvgGMB!xk80nd101PX?BC=fsP0f6e*|R2RrGv;H7C$KP-&Yf)7Sy
z2ZMjWdvwHl#HA8ck~d1LuK@!wt4=J+7695YJcX!-mKtta)J2w9u?oJj0AgQ=l9#K4
z8PKp90;Up<qvywg#gp*(vGQ`b2N<5iKEMO+Lb5WTbP}$Kw+0%i3hvE(dl_BfETv`7
z<_qO5e87Y=!DdYQNm`#z0(IGHBPyVTYLg%&xF!aj6Pc@|5;J=Alz8b=8umM@5=LOr
zxeCLq*GoT%vFUjA#V@SFrb%{}lMD6*Us&u;c=Zvg;-!BA7{#V^C934K1wx=vn&$|v
zkl+PthQ3?u9J;CaEQJqd;A)^N^e^hdXK)TP<uE9JJ()=kK#K1^TM=$3QV;DdSkD)L
zVuHI00LZsJoM0Z)r8`rCUcT#`t+@K2OP`OVa8^p-L=nhvGz{n@*=o_Zs5OpOuEbH?
z)?)lTiSz*qvS|x8R{c9qkt|o;hh$fgeZ!!jV`-&}EI(D@nTpVx*6-n4U*}uY-M1*x
zw`iPiQ5WAL`38l%5|(#$c;b9(!_s(#;sV9W1&Wp970M>Z`$7SV&Fl;U5BL}ZQ|9Go
zOg24`V7WY`5q#fCGTqobgxN3RxSE^+guxN1i6&Em+5}^S@zs^F>Qu1bQUO^p#s~&u
zY;@mP@W+6ROu-lx)f;p~n)K_a)8Td`8zj29shs(ZLSv0lt<xd45$;XM0eXrc|ET)&
z_y6Ko2*e?4iO!%mK&z<^t$1XfD;GZLbKUNL#~4xI7t^a3{MXPs+Q9z{e+Gl0m&y<o
zV=#hWj3HVTWr*%&=&cf>{vCtY_wzzaw;-r&cDK!3RCm4l-v2>==)|oAB9_bHDv1?3
z;Uy8`0C6|x78aC1L$8j$OhP~SGT-I&=<>})c1L-v;5IwmIv}mu^WiHG5c+gxhrPfV
zi<~0h<%yuU2yhp6rw%zq!~!~0T*j3;todRgVE1eWtza{P|9XP|dO`TmfD^5_wG(=W
zIv5;oPq_ooF1rVenu|Ly!|O5&<sa6kjt{dtZ2)=?gFX+O^Z1@4IF{2&`z*D)?N9=*
z{4Je8z+!DU`yJ~N7c>;!PJ^QcN1=rfd&Hh9e3!&`h3hjZi7YOhVl<is`L4zaXdoMz
zUIShm+R7XS|5pbj?B%3C&xAkXuTJ`JE;3iRocaQL{%;<mKKkFQXS9s|$AHH_>HqKX
z8<LXLr>}Xes-0?ITh)yl#~L*%2n`Lnckf<8LiDQj#Yc}Wbh&bF{`}R(jSJ?@n{wg8
z&bYXFdv>opdGf8RR}bA>J^I(lp})MKzwxf;yK4t-Tzu=N{nHK}yzu?$B|m)oDd<Et
zSjSubekxU4l@>n0F;xNgmUXSkvoEo&+2DvXnuHUcqR-1V+~`+jd}(TNvbOE>hgOsv
zKKe-0XImCmuNu3tc3tU_>lM3Z4o+<GaB7R{EfvR{?|uIFZB<KJ4?H#?I#Cd`-&9YX
zHZ3r(tZ_w9NTb=os*vEhQ$m|Qwcw@VzyQA)v*xIS8>wDZHBzsvd3nv6MSpACq}*Ov
zHFx=nprFv@Yu{h6{*||aRQ^FLR;Zud>j>Ul<6r52$iHc`psKy6_MMq@Jm^HI{eu6+
zFM~tBR9{eEQSI9J<_CLEyc%-IUiF6Khe^#osj7U}^myS%{r7YTIMhTvX5Y+{n!g5y
z4w&6_x8GZVN844qgF^m$-IUPQ@#n0^QsWCJx4X9{Y{Blusv%8pH)-{ZHf(A}?+GjI
z{k65JOP+tIU-Bir>iw9xXUp7;=YIa-WWQNEsy1CY(LohF@^WVD$d{v*h1_X=zVqHy
z2bVqZ>6pj%AFvNjO8=$fI$M#xcVW}O@%wML`Xn{z<m3xYetDz)<DvOynp6$E8oDKZ
zd((Z^6>EnXEhjAFdUScV#ek#gy=!s<RqMulup##K!*Nc(q#;+kC&rGB%-NCLw0p0#
z^jSAoeRR5=>5*R#TDrSmdnk6>j<%;e6>sqCXNwApj>>!1@%oGZBg{Lpy+~_X74^p6
z;^43fYwWt%&yJ<fH|>AVySbn&xTQ8TdDrv-0U^!%tCm$<TN!vFW5qJ#(nXrbKK&#q
zp!p!-Re!$$!k(vFr9bHx=)ZH%$*DK4hcAuz(HjsH@W>dA*}tW!+HcAoZ|#8@1s%6N
z7W201qbJ82OAnn4u<dJ+{rsQ}qXV1t4}AQq7d+Z!huh~zrC0l9j<SC}e@y=BuNOQ~
zdbP{^fd03p%?p@kzr4`)`s&Mz99yqmUTj{_ad4A<r|nl>DZ6m-sgSCluU=VN9oYSw
zWz(jsRB``-{rG$T>ZJd<D3fckv*5RnQ4jr(=?VUp@&CPJqW+}+zsGM@dfJdsbz8{0
zg{CAA$^ick2LFwFs1f-8+rOrD1^@ULB&H^+RBt{Xa>pD1p8I$PkMWFf<$ETYORTCf
zqo`A<&{J=SG7Cb6wG=Rs#z<q|$iBS<4HyCX3gp@ZfLjsgAJ(U+R83M+1|?>e{q6eV
z$BNq>EI&Bqe9z6Bn`t+d<@z=6+<$IZ%J9e!Tl}PcZFboF|9ZIZ>XLOY9tk@5^_q57
zAEll>GbG3JU6;sPbGK!#&I~`ex}@{|*|tU9=Y*wv=a<phuVrV|G*z40{W}X@KNs|^
zrS<McwE=Cym+#$Gy!-f%o+<Zk-M;qg&W*cT+_@C7bHLnYS=E8LGfw<`py|@<&$UlD
z_m>{Gl5KA``Eg*2{GvYkh3yu$8yu9~`uI<OfB)g-8@~FuWz^(NyVl0#b-3oJ=zHPL
z-7jjIp1YGVXk42So3(j|+f4ZE)O=4($R`VjZM1F6809zVi`|>EPhNR%xz6vkxV+~&
zyEpgLH)}C=^W2pygO_!g)?AgbDXvEK=DO=c6Amx`WmuaVVPA~eJ~v{!Ibx%APXD(b
zT{R)T$*i@Tp3OM8+!OS5N2~qYpr=o5>u@q^!@=6H5AHsc*k@+O&h2Nvykre&b3Esb
z^c9=un>wtw)d>C@X4o%Q_&3%(cj?sm11pDD#JyYbV*HL;KXpL3+4NNA^e3k7xLZ4_
z(?2xRZ`;&<pAGvm!j!vy>srUa!Yy6rcbuO%wBLS5%OlG!rWe<?DzHpXo_Q;*x@dwu
z?BgdrjaGhh{j1|m7Nm5Yam{f06P0mJc<S*@-D=hjowMhO*=H}WnRB*#LTUBg#^2Vw
zXlk`Jaqf|iTXtD^V5?2tV$SmDqT#VwcGs)#wI66)dSL6!!Ly>jC@Y&?J?qS}XZ9Iq
zO)S2dU^$uZpV6qc_0%&z?;7>~vX|cOem89GhREpFN0yF%`U^*+Gndbe|K{O)GiM(-
z5-=sX*Mdzi46B_tBiAhC4P8Hc>>KS)4Bvh%W<*V!xyx61PJI_!)Kjn?|Dj*%@e#dS
ztD6n{NB1#@55DkL?{*I*pB%sVW{7k7#nMMI2COYQuqVuRsB+Eut?HpGXOBy~de}5v
zKR)fXcNS0Ha`wefE&UwlO>O$$nC-8PnAi1sMfvD1Pi#CN^Ks4hTUv!YvgB<0t$l0r
z{(7=Q>AWQ$_T9C3Ty4wIDIavdq%+^Wd-_b<Jv-iCJR#oCKBVv1#tWKfM2-IO`=KY=
zd^Tv$HTA+q|C=|v=G4}X+3P>9d1vtCoPG1Qb{zD~w{3T5ias2E?YrQ`-{0D>s`^dO
zWKG*fx)uQ|Hy$krdTr0U%l{Jca_-eThpNWMUdep4yvOCmugBZAj+s7v%<gu>+8pTl
z%-j8*pMUM`>P-;=FK5`EOX~65Db4z#f%+JYX1@EUm)@CY|I)m<Ti8d7Hbt}wxH;7L
zPV1#3e{THf=#fQ>MlZQ{>ByGKJ(*`;`Eb;>@rCa_b53ZzDj<5-&W#mSx9_!&tJ>PT
z^dAn_KiRtys3?wZt;VSIi_s)1h7f56lo=cb7#0;7P<C(tGl(pLI5P~;GE9%N2na}A
z;({@N8jX958r(NT#Y7N&Mlew%M1wm9cQlG<1V#C)s(W_P|GfCfJO8uKQKoCTRky0U
z>UPzw@4Nfp+~vBf#fNquE#lm|UOIPs_yTgH_ZGKvp7Z+&PG6`x)V-nBHE`gcfhPnr
z_iQQJ=GMwsZt2t4OgN$BX3Qri15+)R-R@q9Z$J5EsKPrq*W6;Jds@w+yoc{zZhxoi
zg5>-qAJ&e^H@BRgyC%PSQBYS^Nz<>Nl}(*DDs=PNl4f${q;45`eY}qqSmw-*{>{pN
z+vK|kY-?S=FpJK14*PNS(jj@A@;0lmRlb?i1FBtH7KpQ-4Zradd8NL@%JuUv8>c*X
z52@*wgrAaoufu(ow2v<_?{*ZoJmNZfaa{cq^LhTI(-yS1c`w;AFQa?Nltzy4bJafC
z@FolAD@*>kmT9>x{!*{q9zB2H?vJ&$|GeP6`=WHqjTujJJjuwGAxw{KMd7Sj11Fpa
zY+MxMol{T{A2KxR^5cH3jN9yUo~_-wE|3>|?_`~IPK0;wx*%@Gvnn@n&GHdTj?_&W
zJ-v%ptWvqCCU~Mpi0$6HO9i%qILqrt)I+|Hsl0lSxv)#Et)=bdQ|qh;ee(Sez1Q>k
zz4+@H=4C#=x(zrwrz!Ym%UyfN+_ZB}A<n$xr1$kly{c4Sci%t3Ho>;=+OGr4y{fKS
zPt2TCF?`PG!-=GKL;BX<L+ZSDty9!po3`t~l9(Y!pU?Ik?6qLby};y_V>?SdL&_@e
z)E*9L?Q&f5a8OZT(9Mr;RlI-t?2%H(O7rnvb(c<D`Eie8fa{mxHCK=HK6qg_e=VPT
zvb=516L0I43CpTJT>91K_yD^DQ|4B9J@vSKyZ)!{=dwps4V{<%;1J0@UF_BzntCd(
z!nLq}(GVr;#Z_K_tXqjwq2SNUm!AI?k!4d@fA2zZa`okJ%H2;@w=XPzJ{0I(zMy)C
zypbbtsyn{8=RCJFw;0mAaOLdh@4V=;+_JpoK6m-T59W8jlF_g;_tAP%rP>?BvOIn$
zqv`BQ@<nq`t5vnR?N)7<(r*zrzfK-&VI5sraH4PO`2z{x%5qgTWqtazCePn-d}o;a
z>a>NQ4xH0g6+SVyar^HLP3}K)-}CJ;YsUJ(xmPl8F1)#BWaYK@+Mj-+cz5>Uf}k1J
zt=GC8n_T*^$Ajew^%u=QC*79?wzf!5epT$1ol!s6yX|1<Mdb%Rj~?wUdwjNWU)q$+
zCHbemJu%{D(7c>?HYnZRAKS-jd#PuD?X85W{w-(Buw&<+W!&C)Ja)p$@fT+H{o__m
zPE*DwA<Y$52Zrre%{u<1=4_m}U46%HfWvC1cVd-IJ%-sehMaoxXzvb5-MWHL7x<5I
zDnC45S(Z0@QqouaQ2Q-&^ZQy_JQ`ygm%sRC(-y0MZC}iv|12bO?ds)xuR`YU4Xeud
z9uuA>997LsZ7BKW&WhHQZ&nTdnnn2fGLEI>oapM+_Mq+gv(0Db-imFEC<^%Va%dMk
z$oAvakH{zLJq6nbmu-*tUNL4^Wz;J1l~s%hTbD1j-ZAk|^IsS4_s5Qfgv2&p*q=Q8
zX>G!Q1=oECg->}rU`w{lBK1aHVQi00ne8=`Ec|S)Gsh@Xx8!B*`(TN{``NkjqS{ic
z_Lh>evZ*YISAu8G)AK9IGUd}pk0pl|UOCoWkTieMO`$Zdew>R{S4XcIpK-eXx?*{$
z+A6wueRf$3DEZK{Kj$Bv+mlgP|KEP1#6-`<RgSrCGh5%atiEz9Y<ijJjqP7ed(?2?
z=a$4_@xIo3lO|7=O}5{y+L*Vd**~tQv^}q3M}IzhUDC5DaW9_iEuS+v-l1TdxrkRC
zc{^`1UQsAqapaS~qKl_*z!Ut4FCTX4sytb@)!M1Icm0_arv^$rV^2PHwyhr2WMgkl
z>^Kv6v7c+<x1^^9XQANYfxE>?UV;zrKUijN*7R5CyqKOI6LP%Ph^{3)KELz&reyC=
z*Zy_MzWc14#@~4EU3_z<&x=$|X7}B8{7MXe&+UhUe*Zm~eK2waG4ilYR<?4t!;8C{
z!pXGXjusX5{`t}M{5d1Iach^9__&<*CFho>`)+2Z+x+%R;Hcr1wR7$F%$RAu2JaVl
zfAh)FArrHYgh!9$l=C9iH%utXy?5|pY1A6U%=k;5IlF2i!d&WpUfeS~jsMG}%GgDb
z(i?3z7cZF36a|$vd49Tm;rb0`=YO2KO8&+9l|G)&gBG?Hc(g_j$$#HD{;!DH-){Z-
ze%pwt-<C~3+b{6p9q0G|Z1N4LUT-u0*~BP2E9>FAR#sdVoNN8#>!SA`EX$1zJLA=5
zc75yd%*Wr{A3Pv0`@!uy-@Q<eZO>l(VQ+J?<%bgCgNJJ$+-s<taZ>PWP}P6sH(!d%
zj!Zpy&hb{t=B=EZh}O@#?!WKsUNI`25Di>Z;dSuBz?HVkcGhmLojohN(SPE|FsEI=
zg!#B<{ZV#s^5GjTy$+sd_9If8;saQ>?_H~$$jwZ;nc7_DHm737rR@7FJ)4;`^6oZC
zKg0*bXZ9#wm$K5EjB{P*mv=TP*E!zv1B=!54b=xcfAZO9DH=E3qKi*oY|s9D^R?F=
zoaUCKoV-Vb#n(4h*H~_j+SGHn;|JX~wzgS(UsW6!QXJQdz4-Y%?>%u@n<Smt_|e7H
z5^LXz3hw;bw`Af?`RlwqL}$X)+{}r*098XuQQp`-(+1r=@a4tCO*@w)$62rHvHdeF
zd|f|*C}@M<HreK?8>PIHWiuA7-M5)sH|W5cBis>tmIW2~<+(&v-dLLXxZ8%quDcw3
z-1mJ!;Qsw%K4QISOwZWjr!Kad>h_&i;*^$@fvlEW>>W{p$~jl_&L%1@t~k=1f;De9
zAMP4`zuT^E3%3^aiuTOx5-tq7F<^M+n#*B>E{!?NKJ?gsG%xb$4X$OPVrj%$m%6}Q
z^L=Lu@@p-k!ap<H7+uMAsouePZ&v=P0=}}1bw0M`5jXw&a~G<`&rV~Z4lyO?ce`b8
z+BV{J#-JTXxP{-18@f9>v1Yi%n7TdFHk@#(a(zDK&bhn8W~_d?pR&*OjgOWsO|3R7
z_x>`EJ!#4_@L|$Z6&&i{^K7sF9}WAsq}MhZ_<<AbALh5iXVT1n>I3Wl_|@U}f0|IH
z7E0g97T{~X|DBwjoJ`k$-QIrxcgB_Cg3wE~TWp#=J>70r4u;7Ux&%sMngo2^JGl);
zasPDv-(G+3dg=QwQHdSjU>WcoALi!P;rs7o^8ULzyMXuK?G4tU!|VU~``=;zrx7xa
z_|25@+WkLQ7vuF`C-=Aef1PqU+GF-O>TBG=0UnPbWCZlBFakvYiQqv+2y2u`(3G#}
z^ok}ub)rE7y~Y9QWuy*5L&N7KBTbIQuxUz5oI%ly=pDzgcf>Fo8aNR5ge8-l6feCn
zi1))uVdw`4)fqrA48)+5H6ezTps=r)@K8zwI(TExXJJ_wijwhYJ{}b*XYyGisZav^
zg<fz>g6BLECp>vF@c+=EEDX$pIE2Vx5?;<MN^TO95vO9noG1c{Bb3ykS|*=OuvifA
zL6dT@lEH>4RHS|im=`+W>j{t%QWVGIaZLm;KqTX3nM5Qhl?Y|8Dpo%U?u|2`8#Dv=
zz!}IrS|`;ox5r>P62MP@r%#|mEfPS>l#{5ZwYubBx|We4ku)N+6EY`Y1E&cI856=k
zppMY*8J^}y7!ziMH<}|jKtBDDuqmD!*jbeB{DefvTnTFhPrb0Lc}^@miLL~Aa=_!s
z25NxX7`MKIGfPvBSV}4-)H9%8-+%fQ{a?L09RCIWqy0kt-$)s+8~=xy`u{m`-|qi)
z%7rkQsiU8eZCwjWg=kmRN=cGhieObJvP<}>z`-JA=#(dQ^b3Lg;2e&lQXytjYz5Tu
zJq?mFeSlT27D4a4L=wLF91LRUKm;fHa9f%%6%>&qB&2KzGGj;ao{EGbND@h^v}Cvv
zTnQc7wdYtdgpvhOb=8D45ka!x5fT+18p99viGXE?0?8DNs8~!YAi%5?@{J3n;M*26
z3s6f<<~j<M7ZxbhKu4PSkvId^5lmKKwA9dJr;$JsnuFwW%nV@xON5CC;10GJOy)au
zC|!9wco+_hDGXnR9i5F3lbG3Ps(dj#^a(Q1^wl^Mws*QjghOXOC3LcctUIucroyx^
zFAG*oAxxLSvy5=+g?~eZid3}{4+I}?N^uJAnN0l{MW`hll{%e}$T&hVN2v0m>mUcM
zAWuzpfG6&WWQ3Kk@&85%rYboip$apLpkSx;n;KWkpt6kd1Y-Y<P^rNTjdQ~M$H6m%
z2tjNtLIY!fiVD;aW=(fI7R(wHNITF8j5l%GqCmZnJpx;%18W3`3nWPj@C8g}3L31G
z3edtqA}l5{U8diCK%i0g$w;|Sp#(BPfqX)iszu1wMvxRvkrG)zn#T~vAs!WU<Q_fc
zKm%xc2=&X;2r()Y&OTxa$<u6{LMTUQZwTN9HmO)DgwT;j2y;q(xs(7SssEGrzr*n#
zy&!L9jCtMo&vkV-8UNi}-;V#CaUuI3^)<BrDMo7u?4})I(R=l((UCIK6Tu)0fyLEA
zAS^*_V5AG>1V?OOrK5SoFo*)XHwq(-1Jr49qagUXU=);W93Yis7=@%s(u_hVP6gvY
zIjpJDC{#0G7zCmd{U%`uS;sJt!Xq&XGp-F72253*YMg2sfg0!~-#>=wAcTNvXrjn8
zj38eUCL@g71){!~CZv#Tj02UXVW3@117W*Rfkq#AAmpEZOa61O4#$6u-Sh^^c-{E#
z&NW{Db8{Q^cKq*@%LbX=$UxSd`UAa>VdKKb@_<#30W+G1+cLo|3tISCaG0;by-#qM
z!F`0lFn(ObIPE>KV^tXD3lb!Y#h7mZe{^634|fRX;to;p^s+;+EfdIRf%Ks<R5T0I
z{Nmx@C*Mz#DN4$A@W&`KAKXgQFdMxaIv)H?1Y)J|R3m~pb&!H?L?1d1QkfV+f+{gV
zC=XYF97z~PbBTChW}_tH6cV=^3#?0s!Iwgk2p38P8K+eq(2UfYcJPycw#RTWTw1Y1
z2CRn}ZN=I$eUVDELb&ZHIM?!RnV_~TP!9;93l)ZyXJKYk!PGKGkVGmaDNY(|h8>=b
za~y>nNbRMyT0Qj4R83KOhN~?T^al%_<s)BFrY#e6BT6QQeHAf|<p@!DNy<QVpi705
zyBHO(3!;JQF$^?<hpDcVVWC%&CZ9<uv`GwPIOu9)fPX(y#N*l-MN8>+H^9j^6`?(X
zp2TF~Kn%j^1;1Y<uH!ry>Sd&@AQb3`6oOV0`j2Ce+k?i|wiU)18x$TE<6)*Ds(IzJ
z)9Eu^hvPr>ZTLpYc&+`<<r<IwT$i`!KRe~J!Ksdh)_;e~05<R=lqS?fNZ??w*4PIy
zHd!H&<8~9r^X%Y4kTzyK51t^`#S4t$1w8tMxh_d?Sj4!|e0~DQ-Y_i~``|*4ozhX0
z0?a6m6tIP(9Y+1&;W`{>Op}h9pt7hGIS_AI8%51!+9=xS)J9WNpEep8r`o8{(FQ`(
zgfjTgS(i05+)qCNcytsJ_)0n2W{uC$Ci68)28z%n0*xXT%19YOQ_?9hh^L)EtE$a}
zflP^n0tDzqQ?;cPqGFA;#2_Ms2kKux2?gPej;fB9;r<kH6~qMe*K$~C;EOTZ+1~@y
zTabeZXd)vI9ODxr@CVE?SyYvB=!phS&b~=fVKR&jw$0L23n|Hj11p(CKZmThwtlBx
zuN?nV<nlLB#_RllxWk5-od0)u>;Ka!m!l)DS-=KAJ6ghqah{&K1#B-bv?{Mu%jHr6
z(p0EbBxDN{BW4tlL@b05iiolRGLq0pu!!IaO2c%L@T^yE=Tb|m9c}UchwsgG#?|5b
zuUn%2+hx4Y{&RCNKK}>)f4l$JDVKu-1}s0l{RnVJ6TAHzTM{reBt|n1*FwbFX|mdB
zVPbW_vN}Q(D2E9-qxBeEWQ3GrVn`%e)S@%oIiyKSXx=N41g3<0fKY-^mYI%r9Z8LB
zYHyIxFm3BxOMu!KMfRJf!g&zWSj)J}ObBE_iX#}oL$!c#i5O0$%*p}3l!nRKAc}<n
zGX{M4t2hY>+U7#Z>2kE+lj)F1g9*Jes0f&hTKuMojhQZNoDso*DQGu@M6?K>$U#|w
za$wxlD^4a!r-;IMx<Z&LHZEi1Q(2T#3LLBrsy0CuuTe`=k93e97J#aTa;4+bd2qi8
z?wO(8NOTXzY;8`Q^7~;jsOE-^t@pHOxsmJ`9FB~`Vc0R)IOWX(zoyY&lUng`=#heH
zQYeJ!ptW`CP@$CKFW352DkCkBjwY(mikQ|JCp3VilpKu?bp5Cv0@X~Wt4Tiz|MZLf
zZ(bda|GItAzg@;_#(%Dht1146%Ul1yPPx$j-#CpYhe!fJvuPqHjcWzka29I!1}P>W
zEsihkF@jhq>`k`CnP{tzjl(TC@IUoPvDh@TvjQSYD<S^6i`!r=T{NkJ==g9c4G4@O
z)pn41Q-<tH9KD(<5^cppbWI3St#ePI_S=+f1SL$_oHYLiT8;za^thmqp9v5RsaJJw
z4QLHihlH;nk|Eunv0m0J47D3c^SdBCeHg>mFe%f;Lzf4pu`2*-JJ^aWoMKs1s(>)W
zR*N<vDIOy|YDd`g+6`F_>Mn@+1j)Qo5cwFQmx8?k+XcvaiH8CQ)>Z|YivWXEqQ;K^
zs4HS{kTSs(s~<Ah(}fgC8AZ^92$|Jsat*%#liG(RK|j*lzG2~hk)dN@1KSvc80-yG
ztPcWz%y?@y<z>68DJDCe(5Dl~2u=uy4D-cN%|P{|6X5<NZs^>Jyfh=jA|w3$kUw9J
ze$KH95~yYmGQ=d%%diHy*?4SlIBq|UjfaZVkRSlJhkw~P0{?_ii68{JKpGS?4S7z|
zH!!{aJxUGlVL5WOGDS*2&sZt)Xr!v3={+#PXj4*i5^_k?Of=BD5$R(?B!PC-w6p2f
zv0-aLmrEcqG6D6YPF;JPuh9!Ni#-nXgt1YO+);t2vr$9aqXj`W5(8f{xq<2is;2AT
zz+C$GRNj%W^0>2M7vXw7mo~Hm>PuP+*8jDwWdmklA_=q-{o`Nk{atq(Ns=H6X3w3o
zGvYb3cYeX%5UNrHM35pNDYJ@9Dw`r9B|9lnO;TA|m8lB_fdGjV7=c0rD6+ED(+_pd
z?YI6b`xE+Y|HeM<<2>v+(@#^^?Ze&8Jv;zVQmU$Z5>+Vz5&mgzZf<67AAe~g`&ay#
zrT-y&toQF@p8R+J^OF7N=b!z2|NBusljK6@sC`G%zW=fWZKx9k_T<E|@{^{eP4Atx
z0Nilx|EN7kXv>Lz)tiT{wf<<-<ge-|#II|~RYHCRc)Y7$ASdRNo*L7CS?cxStNJ^N
z?mgR$?j5$Hd%w9K-Rnj7cDp-AC*9-D&Woc?_u#O*+j)M}+1Wnn=vN1a2gfJ7JN`R3
z!5+WZ+u!YOA9r{6_oLC>HPu5u8R2l$>CN|kr$79cB@94$4@%w3rp1Pt1ysTUKk2~0
zZbpxRyGH<taS|jy;5YypWcXi#3fd6iH*JfAKga}$N@V7%wl2aSWIu#o*+K}vvk4Iu
zA-f|1b)GTd1cMvKqaojq))bEXrT5-n!)K=cf7r`DL?83yKXCRc#sB?T{`*Luzxm`p
zd=f?f6~F)g{=+AqK*X>A`d{gH{ck?`<p24<slV!br2hL`EdL*=;(w@W@gMR3pZw!L
z(jWMr`tmRT@-ONyJoz*J|C2xenf}24;1P$5{Lg>d-TmqxO=JIg7eD&Jf7;~_-%R~U
z|NcsrHZ=<S`zie16(21A&wu{&SAYKJKmGHc|1YTUA9w%xpZ@9a>c9QzU;pV}cmEbz
z|L5J^!#^GV>0fvM6?!ng5B~@L-qpW%zxr2b(ER=%|K$Gu=RX(bw-|u={ZD`5-}L#v
z{`^1w1i$s{{@b5b{jbdLuN17X|Nkg||E-xm{r*QgU#u_S0qsAP@KXK%<D0Pq&#T?9
z#uDCtB9Q9!_)i+7yk6$FSSb1XlRw!-#1FMEKC1se|KtDh=l}W1fBN&ke)2be{_hGU
z{=c7m^56dDlTW^c|5WAw1O8Jb|Mx}y)8%!2)z(wh=HIBc|K@*w^8ZkM{l65>{ZGKV
zzv2J>KY-_e`Ozm9&z(U#pMQK0JpU6R?4Jm8|1)DOt>@qJDtx7vFZlPL|8*D3DFnuP
zfBy5|Vmtr*um8yH7Eh@kM0G?4`dd8x?_cij{>%UV=l}md{wFnVwNjt_Z}8ur|Hmh4
zuhVx`P5svI|K*e2um1b`pZ^Cg%76cV|4k)Ge*XL$`vlMb4`}-fpE>9M=MNtG`rn7^
zKi~g<oR4S!%hp|-Zhh$&5u{aTb0t}Tk`xX(84hF|<g!ZSvPN5|lbs+hNeNxCiNSON
zCaqCVfj+w!{sG$pOQ5Z-Xy>c#gQuP7<f~3}+&MYfJ9v5=J?`uu{w6v(jE-OIokYJq
zd~p<Y4!+qtIy`vRIXF?Zf*)w`x8MObR)baDUVvj@5<TDFJ~_r=jI*3<oG|ZRzP1Ff
zwlGvb)cp<KB+~66%$U@!&h*jK%s4oziArfV&!Pe}ti5=WsOE-)NLa4vJEb^{;?q1E
zO$$n=x)#-+sb}LDGJitOMea}JfmdzyGttvp1E#4~@!Du@QL{_g!=cd}6@1`9tzM&Q
z8^pz<!^4xNY7D;b@9rIuAdNa&^^5)4c-7DskrcyF-I|9s)|P&;B<3~40<SKLH3DXM
z?)$JUo?E7DkmtUyvdVKy3Ddl9e8ap_f4ZE4+gFg#QDBE&1hBIM%?ZD#$uyR=-na&s
z0D5-3c2GjGYU(75Cdoy1nb19O1ed^*3(f-y%Z?Wv!z6Fwb%Sm?TFs$#gIAqzJ3Dec
z;5STS=Xt|C+uc6d*3W+77v$fKX!Rn3fGxI!uI7|bBpm?pq8N^b1zb!l?I;B3jh7(V
zIwZGB`?}vP4X34NUn}g|iY{I&1YSDYKEQ>Y#E_+vNkHddH#&S0y*Tb185*z_9UMjn
zoz5<h0j3e#2fsb}O1;$d;j6vlXn*gZ6FDScCrdArbO>1`4JF9gj-U7Z@m3TMuN3;{
z!{{`Jot7l<_bf@1$*>2?i|LhG+g_Gmf%W#;8=xJkhT6DlS#qKlaUs!R>Ew{`ULnjc
z>#(biUp#rT_iY1rmGcCO;ub*bC$a0a@l#|hp1>kj*yce^gr9op_p=tmTih0<SFQ3O
z)><$NQ2bqTEN9sAlLY-A*0d$BHP}^i+_?42I)JaSv_xNy8<Dn*C*50g=MLEZZ-3nZ
zuZN{2@c-Dj)t_EmTrb_?bHN1;l#osV49<;+D>>}~CMirDi+u{F{Ng7&lL#Ure=6WO
zZ`Gcczkvoc+%DyYX`ok&-y{4C*MTj>b-ZE0&$)HHvBOVQXB_ENO)dOZbn&}<)03}y
z@b2PLmeu8aba0CGY`GHNz{uf5sv5ZmX85`E3-F!5&F@d@o|!Eh&Y+(K;gF_#^1xYJ
zbLiieBC!f3YLP>^_#wE>pqmPL_te<Cr=Qi#Bd|z;(-ZLd$>Gs6`-Uuw^m91C!FPl1
ztn*~UX+rM@`|#LfqfE+N$wIAx>m&6KCyAm^aB>gu9-gkGVSC`t)NP?%R8P%fRW$^b
z+L-d^@OTL~%m%cF17NfMaXg7Hz>7Cug2xsVcBCiBH^hANY%3^sZ33y%N7tB0n-uMq
z)pITnet9I|0pH5>U^T~qz1IL_=NdPH-Scv*HHo%(am3n4zRW-L%cax~cS^yIFPBn#
z+9?Hlyj)75xl;<zzFbP}7^f8Mpg>!ST)B+_{VJE+@yqRm%fW7P$|2D!mxB%Fl*6qb
zf<Np5WFlRWU`>|Q_&S~pFX1-6jJIPKalgU7zY!fC;gcirgvfNXWhu7vPOlYHX6Kz=
zA*M;rJH0MU<7(BL4eXxDe5Mcl`!rSCAIu&R!yz9qI=3WOU=4$ZFY}1V(1Qh{;31QX
zadE9JU6w{JG*(w#2}KM+dw2fw$WG#$&e8GSA<Sa=m)|T45O(%E+s7SzeuU5Uw#D~<
zByXK9cFF;7x%{4D{kNjpy=DIS%U|AuAHSeqwc0&3jeE;-pq;}f2r|ru$_$ydEh5Vz
zy#HhKp8DyuAdyLJa*7s%SCkk|EFvGfhW53?LM~H+w9`-tvUtR-Y)B{>>F{3!sdP-y
zWai(cYf4c60~_=M_VF(9AJyxh<3E0cPv!c5H2?qBgY~li=Vz^-?f*Z@$J75I59ezC
zl+1Y(1)y}=)TSB#wse2h0SaVXf^8)XE5w=froI}(1{ARI2&@ad4QL?Z8R$R;KY<G5
z!)Q1_<lEl56;?EWQD^s1y@fzO>Hx*)KI$)dHNck)|3#zGh$8l=zi0R_7=Wrj5RfN}
zzF)ef1Mz^3FGt_WwBay(qc}VG1%vBk5l7U4FVF@y!bXtl*(E$f`_T;6gT_hvluTHo
z7+Vx$i6ZP!j1`KtLBU?M5sEcI(UvX*u@lvo2QGYmh|jsy4j1c{%I$DLfD@V3s2adx
zAEF8mp$_shP7A+4+x$gUZeU@Izk%zgi=3DuCsbtH7O_DvBBS16We+x{erEc|A-vN+
zwowm6jcf#l2V(s85h#M9Uw*kH<^R9c6;H6DoCLJWK_yl*tXeml#-A|Hk2aZ^--d<8
z!cFdk+jPS|Xm~^x7X4(bSjG)xm)$rRtIwV})=^8I_+2HM?vP}%Bc&2*lb%!a_T4rK
zKig9JAvlvzL?9RMp3(DX;+dvT_{PvX`JSQ01vKoO5)gcG%ThgL^m{@TtNDE*#$$8`
zGwRt2J&lRNq6=0jU6vHF6KW%%+=`~xu139D#I(1DL>=ws6qW5hKRn+1R{Y-GKYZRf
zsBsucReIDP;jdj?{d7`{qSaF+vw@Odb*X5p*QX)$)b94d@!rysBD+<^YBv}UhPP4O
zG9_Q2Np&u~_||Vh#KuvL@p0fbwzPz&!|b`44$AG%4Zx#1rjuuW7tgkL4v)VD30iwy
zWS|A=MTf`Hw^3_-?Ez{QX9I#75x|8=w{U98<rYxE^H7YfMrWb1=d96_lPxx}tijQs
zcH$Nj8N6UpQgT+)dvOcR;G@-5{JT0$(<A{)cC6@4TUvG2^w!#{iEX$A*FfC2JIWmz
zRF6ibzb!4{**+iIh=fZ^%maJ~tc6|lQAB<nYbOKkD2o3?n@P^sSG>E5p*lQ?c02o>
zla9i3WM4KSidR^^j)BMO5A!GL+h}+(EOPipoX)vgz({i_=g5wn6YFtK49+>SLg&l^
zog)i$ZaA59&B<^(+K~f!nDZsWwQQIRq0k`ts%XiwHXD}BnNh)9H!U&$w!w^CpbkDi
zC*Ca#5uAWKbIr}28*WYj&IcNS3BiL+F<_Q7m$sq#wZ&${oalz`@Mf#a)5U@Cl;3x1
z*p|iuyZ(d^8Vh*cfqUM-dVyh=dkM_|dk(Bg2pfZwF+-HAQASZ>x;L2D4-7XnI2S&F
zQR-fnSajInAqU#mQwjA$)1x*kH|i3KB^y}!qky}#`IlIP*kD;AFpAQ}@RAl<HnjM%
z*uFsFYlE;lG~4W**Npc`0E1j4U$RoxhLyM$8$HU58`R~yt`*^P1)*Lta@~dz@p|r1
z=At)|ay?`%+-{h%?*#VBQTtG)ZD|DQ4ZFR2&Q7;oxPw{JlJAC=ffrjEEw67F6!^;>
zBa6`5C9PN3&~5xA2<2~no_T-<Xzj*^c^epz-fL#@?0Bj%#f89<QDSTur<%o<n6)k&
zdeA=+z`SMB`j-u(idk^9L@J6PrI=6QcxX7*imhgb2%4P@^1xbXXsF=XApU%2jY_&O
zpY1f~qTM~-_#KvW$tch^%)^_lFELB*i8ymZ_~5idxum7Le0L)MuKZ7#F=v8`>ckCd
zEifqCvB8zn;JhI%v4U?ytB68VTlBaIL0e4AfcAftOU|D^m7mJ{Kazq!NFTHB{~q4|
z{PU9kU;AhO?~n6=_%C;(U+(p_-lKULwbvd#jM{3=?!o^*k6P`G`=4*LK945ZX)-CY
zsB<-rehKx!pk({`9(;uhww-KzJsF;z7tujh40{P%kt<3AaX>^aw>VdfTLH=3>@(o~
z-6wg`k0)pTGa|{4M9v8{?rv{(m=Ovr=qIH(4`iS?_cKtOm(xw0`{^dmOUWh9L&+u1
z0~sUyXEeP)#)xx2W5jtVW5l_iF#@K&v?M~8j3857KS_)4UPfE$w5a`3t>Q*hBd-9q
z{HgKpox|t9J=%Nv)rtE3%kR?~mfxNh=h-CJb+%uee06wqEK9sN+TV!Yym_;R%+TZv
z-)zD_^eW++L7cfX86_8aeIFuc-7-(%cRg)HUu;G7{nbZBHjY*!^#v4JjYgoEOT|s~
zF(4RJ9r{fT8_{jFgg)%1LtYNA83naTmy!TRQS_rzpNH@TeCZAGM`M$puB>dng_&`>
z!IN*`N;$fVV`<0zQg9heFWA3o*i3@`tLRa*P7fl}Ko)K38AmHrYBg$Mw38@uMhCCH
z*b-wCu-eqY-0E5MXp4v3(6Lr}abDDQhfN<oR2NeWa`_A%y_I<fY4C(PPxp>bj()p$
zu-o}oPo^|ZwF>KC2fAtp9U3tA$8T4ls?&A;W?1yjv3u236y3WUjq_yM&sG)O73Ikz
zMRA}Zu#GJbZ^OiG!_<P4YYssp%CngP7ypsN-R&qTcsfzQ0y>};2y9Zj@ZB_k(E-oV
zt^nqIM@=C~FPj*oPA$-y`e91)Ah--Yed`Y6>Hgv4?fqkS)Mth1&fM1CWP||wty1%9
z5g5#3Y;|5IJ^XY!CYy-{m$RQQqdU437y3?BUTwWBmE2ee@!sNszZF{xqkr8!OA0at
zz6?cu0;I&90EQHdRNbE1|9~TD79}a9c?1&|9X9YwjVnB5UOWV{+T~CW?wdHqB@$yy
zT9#f8CmDvXqy`W%X&L4(0{11bV$)1lhql_r;71%2%%dVi&<(Aixhu?5rQ5kBS<NWJ
z4m|>g5v0hd<N2Nr4n-SP!MgW4M6)3AH-lLHnk2c7yEMvRdz<{HC3>y4FV#glvDbaJ
z{q4^2$@b3I4TeOnAhb?^rrxv5WHNwAbUs{Fce`SkFi&jSQaM2czp&&33o#ms5?gMG
zO);L9CO0s{X)5MuC`ax>QLkF}3SGG*1i^`m!fNq@A|sfl7NA27KlJ!gxLahJOgn%s
z?1IYkle$RVcl`7z{%t^`PoaLWP?5>w1Af6bb!1SRP>5fuNB9KO<I>U%6|gx&F0Yh9
zMVKnLwzAR`?I@z&2ml%9C*cb3cAn@EpYSU##&N3Xfrq4SK`b($;ka+IQ9ppX>S+Y<
z*>9{q!n*KK{8TTg$;}x^fld2^=Mlo!G<j2;!`*U-a>*yHzzEgP9a^%dJN#(B6(LvC
zu`Tl(1%Gi0X=1S73R8o?jMRf+SJAx*vZ=al(}X^tTQuJ#k|Wf1SCFDje4(HPh8<|(
zhy1@!Zz$<<2o!=n=|WbQ0GANldU>ElkK+nZEaYLfEC*J>T;a63Xs++GD{s!h+_5g%
zM5cVuujLEW5yxx78-nZa3wmTLIvh`6Xsa;tl~xs(>@>Zy6=7i_v#;{$X#ttJmm><I
zTc<zZmYkf$;6&6Q;u|1=LCCWM>nzA07q9pF(KvwFFmuB%GtgZk<+Ar<e91sxS+S(P
z!E`65GjP1x(uL{$>S_SjgYyA*s!8e8t(p&g{rv}<8q(I^oAYTi`u!vLXLZ$^;P2J{
zS6h0+i;3$kAKKd$>o*?7y+sx<3(QiXRB|;Q4SU0a94*LF7`)sRG6BPc;bjq{^p4xw
zD)HGM7=(B?efB@?PNpe`d2B{C#m)6NSb<>1YQghSl_xl5H(Zd+ArpZ?Hx}mkoXuMl
zO7Oq{;%4VUCh`bN3bs(SbS`Oz5CZW)IE^QhA?8NMTFuBS<`ED=6P#G7sGa5)CE<Yh
zXA^0g8GOS!mj@%K9~{(8cO>w_*y&Bkdx#@0t^R^%qB!T`o)R&01CBhZ)0wyWDB5X+
z54+-eywL8dLQgG^Wq^a8yre`gG(kH!Jm@Ils(`-gJ|88c*XjX5T-wl}ic$n!JAguO
z0_+a@hK-0TQ;YB#>%_F3e^<N=%NoPHXT!F?H&jGxrFq*P)9J-&IoPk$9Sc;*;Cdp~
zoFNn$HD6cz>P}iY22$|N)(OD^5MPIY3}Jy?gyWMV@BsMZA0x3aFP=T_99511xH?Sm
zHER?%n|&R~nQm7t0ggvK8i6)gJg*qjBz}|p9s-SqMg-lq#P_y?8LiUDuzbTF%UL^E
zr0s62R(W5+B%pF=zpY!P#s<CCb2wDwHB;lw+7*+1=b1vAn^Ihq#182*xQ)Y+7!~nZ
zbfLKRtWOkrCYWXd2qe6lLq`Dxr>V~x4UcNkX&469NYUBiJPs3ye?RbAlDPDZnf1+J
z=SZCgMC_1=WIqk%18%`1ds?M~!%B&7Ar6W|ddo21zM#C97Ri|z^N@digh5;Fk{JW*
zw;~BkRY|q#%!=MqYi%BJeFBks)H7Gr$1T2{4-3OGWT#n%*2^D`P~RS@17HxV0nBF*
zveC@biga(?LX}R^g-&aL{cSiFs9iV@1n8Ze`3m<zkx|KI+Noq69xEC34ST?A{u5hv
zsu1t4F9*=~gaX?PVn_=iI9I5vW&l?c5M954^Fh6qWo_MUCzg)l@oRN;P)SoIbI`5D
zB)J@B)11f<%u-Eq1pes-1;8N2k_THF$=jvs@fW$q)YV7oi9mwfqOe2&UQXylktS&5
zJvcLcL!+5dz0&4pgE<#-sSy~iEDg?(5L&{NpUy0Pvi*3!W6G*&d<E*Jw0^E@`S(4{
zG}((34GoC}?}MVM1vnZ4NU9D1Z}RFKSZ^$Xej|x{<}S#R6@8^ptxPSl56OtvZ@a8G
z%ngtdu6#yzioLZ#K+0pPvk-gw-q=^dr@CU`3{FKWMkcmZ_TeJDRB!B_2mT^x0#RNE
zp%*T)kXra1R{%8&q_1@rpg0e2d!qYt1;%*z&OUnIdjZ@XdhSBe7K8L9CwqqnrliHA
z(w_ecT)8Yksch4%;mig0cAA5ma;o#zoOK4EzmOV(9ncmab@wy|j>ZF`zf{~6xM~hh
zwR{7eM!4S~$0(Vh%7MsX$SbLL97zQqD4DfI$Ab3>YG(EHCOV(ss47?^$wTFaK{EW&
z{2LuLXgUg9os}wi40k-xE#7)IvC;RP#R8MCx9T~_F34dRUW74}do^sW2P7UaSeGYh
zJ@=IWKHrIozQO#V4K9kNmBMF!E*03p=P;g}jV0Gi4XIrl&}j!2M-_}%e3OGj-K!c5
zH9t#G!=C2NeZi?mYinzjbCDBXY;LLs#<Q(M6`aq_rmX5GX}^AR5I6|g>#-Jn=H2cf
zb*|5i=DjysY_37$Gn64mG}$Mx*LHX;__`TcvlFxn!P3adKn6<WKlj}Wa=xERS66An
zur3;f`a4ut+sULa^;Ta=H5t(7oS*`|kpV4PP}YaJ>ZMR;oND;2m(^8?_a+K6gwE3{
zLVM~G+WILPdTH~SB*pbXPhZIH3HOXG;)~yh1WVnbKU!jE##Q4TyW@SA<5ElMFqGMs
z`fk^uYxxDcw@e-xCO~Rd?iy6T?i~e$j}+|2{xqJ;aKME;nm5g7{6ZA7xZ%}Wq38IG
z=@}o(>!Q-t(IVKPS{n?LQ58Gw($d$ZX|XQlb#nc|CTWg!-2AF#d!)mY*NsY0P~rDy
z>L^3)Pqwn|m1fbXxP7A~)#A98#tZj`@P>05RxYyuPe8E0I3ud>uIFC}yK~E`=4R&w
zET$1Y;B0xHg(H<h<-Sbg$t1q!?~|l=14gq<h;Raole%GS^gZaK%&i@ofPx}|Kd8+-
z{Q);58Gd2{ZY^6?8zDkYFmFjs9|6(y^oL5}l(|dnSFfikt_ZK5kXFZ>szrJ|Tg>Ek
zri-?tg-ThO$$s&j9sA2tRjm`G1m>1u*M^o$zCl144=%I~ZeYnjfQ2N`=aTvE!p0`=
zX2CIEAz?HP4A3BCTrHL~=3WQ|f^7;-=G+EZ$6=c*5h1V+x2lgus5uX{DzpbBq*`qM
z6Zet3+=nrbP;5vQ_mRIJ_Yq*~+waSk<P~g5yTq1Q-oMR?ef5is>L6MT8LlA5y9mwC
ze?kVP(lY8N=WOz7&c=h|>Z%3e4MC@Pg8ZHNocF+?SqxB7-{-ScJ%H~ezGt;<zZyQ*
z*i%*1DP!J^VDz4R(|cIh&0?q=SOFttr%t@of^f>haGGmxrrDPKMr=zJ!*V0I&EZ?B
zjyJ^wZ1Ry0Kt+9=V5XN0_n=v)DtqDzlSJD<*bwpUjd&_^zZPbwR4)WI_z)LkJ&ka!
zRfW)Ut7Zh>;v9FLOO?37(PIfSWj7fM3`JZZ%^gk2Z!5&wIRo&Tm}5d|xUg0wdf$Wv
zV{TiseIJe#gjlr&k@DsoU5R;{VO+Z)L+A2tH*c@R&sp}+<>Q)xmKWgd1k+#Q=K?5v
z*0a>JqQ6Cu&anQ(48DTkNz2Fxy#hOjWyu;sTJU{Nj=-#;am(%hFwG0qn3@n^l@dks
z28OtZq91WbrZ_(`dwlj{|KzB1!barmy(AoVL!Muo(Oc0UBAw_iRz2$eT&%3a3$Ncl
z{?TziTNR_g;;ZUUtQhj8TOlbQ%s;~7{aJ3LdmNeEoB+qgHY7H*LfGidQ+HxIfHG{w
zZdSi88yKM<o*J?>J9jGk3+KKKoW6`GovWlbMf-{IBrB3$k@V3pW)1LyLXAf|>i035
z^`Pdr$f8$+F5wlji7sd)=u~H$)}IuCKL~=J)W_34`&G)G@1k)(_^-N;l^oYE1E;t8
zh~T5X2p~A-dPb9c10<kd$z%ep2S#b84s)HNnq*u|`oqDXTl|Dr1ACGO1>0kt&P&E6
zU-eL7LZByQH4v32g=spEFB9Vuni;mFw^ohDu0sRlFG>*C5;g(tt?8M8(Vsz}h#^WB
zMZ2_UxD9a4;cBPp4u=NOppA0#?P0C9cqQM?+%7xi4O6jWcEpzP?$;PU^ezZ)o1Mk?
zP1VNncaC?FS9u$^KKnL~_Z$lq758W)UrL*d$_uITeUa(`hHTr&($O{Cg-)$IcvxFv
zDT7odtXBvjy&y>_FV<|p2WWw}^UXfdaO<s2!5wzmpNa506&TM-q$V4&ErQS`yYH-Q
z4F$iBlDLoNx$s9%8<4un6hLZ9dgs&hHTb0vlzz8&82w=`Y|yk+)HGieKx$vsxW@0g
z5Udk*Ab)6@;laQf0TAllN)ZfoE!)YvLJdN|grN4D$q?+h-ryezHS2L==Wk@$n{xV=
zQ`B%9=KInZ5SK`T;suTviKJl7M{8<}>9OM4G9noR6VpcPT_8mQ5H(Tld`up{9>skc
zPfp{rWVM&6gTn4V<KtYq{3v;;!<#qfaY5hQH4w}?MVrv|&H_tu#`ghI6oQ6JV$jo_
z<CDYZR?<9Mee`q(u8s3^a(aKZ{cU&u#k0<{`LgrVoukh2$@bC7jONY&4T^YldR=HE
z`q@qH9PaOTc0`jXm<*<)(V2`|GP{Wv2ciK*mY?o$au-Y`$hp<j`8Z6YuW@7>(J%1t
zz4rgvTDL~Jv<AlW+?h=D=uy;KUwlB1?TBVJdna1Ix<42!)bR01=edMb_aeDa41kg`
z@Mxt6OnIU&zL4XE9T|hOxYN5;Y0O?pwXb8{lG%vCYDU^*3mC6J^#E|)^CB6GRfj>V
z;%7aKLx3?Xc8<sKG*23ATY~Wmd)K{@bVs$fR1{Zac$UVaXjs@1GlASWdA_YgeSiIM
zAlUh)#eROGUIWk<TEor>ETa+}gB<__E~X==3w}1Q6Jd!8&8_nEhbeN;Q8u=W&O%pr
zO!h8@c`q4_;xqwQ1tYwNJzdd3djVUR%Clqyp5EBXMSeEN5{Bc(D2_J9Q|(PWNg*>L
z%rSIArpeX9mjm$pBAX-u;`@&G0ni$qd|%;6f_i<UG(wf5sv+Z2cpRni?&j!5*a3i3
zv7sggmc1chbl_kOuaoQGy@~-YO+IXukfpsi2+6RiYo*B@YH>hE(iXlzWfvN}K%!3B
z9<Mq$h|s#(sn^q0&mo?A-lD)CmX((YHZ=qnw92j3nrQSkYqfx6LGReJT8}g<&Y>rT
z!ToIRH5a_v2KOL+kB+`VgRmH8!~t7t5Wr=C1C+cwwGnWL@gJDq1NKUqwG~4y9js~&
zk5UZF7ht?0>OmQi#2pm~E)|NUvV)0QuPUQKHrKY1u3liNyVC&F0$4hwt&J!#)m{S7
zSV&w|P??r30nA=m&=7D6jw(#5wR|omo_KoIWh2w5&U&#S@6)E?^zW(yo+<6Xh(18X
z3==;XHcaq9eVv3NH?!}9p+Ttuh~vY2M{jFvtlom-KLs6aiecs4m~y4IqX@>PI=C}%
z>}6M5Z1=+DYc*$UQ;*M;n5DK9XnO}JRcuxdWURP-wNeX=1e?NgIgVrX(WNsKNNS_V
zfof1UhQ*iw%rgE~HO*R;=_;%N9ytz~m2H6NC<QpxQ~+^VbQPFUcTO_XPXo#99l#Ak
zsEzC#wms2hE2&=<9@Efg0Vn@yfTQ<B08oRWf5=<V%;aAJ5Qa@R3z+g!MFwe6<sIYC
zK%5o3^PG|kL3>{O=kpH|V|aG_=k@gm>!tj!?FaXNj{p2IK7Rb?bBzDohVai1@2x+$
z*M1nae!bCtu%Tq+QuycX>D6#Fj3?LPJ`cke?%yOX^e=`3wWkIY$NAh1>wLbn6po{e
zgkrA?H@t?^xJkUsP1UXv9fyPe#pB)2*#Dek?EU+gz5gGy*YDr=_y6Y)KmU3Ee~gc_
z|9Qm~2~ha(@Yfsz{{Fpo3y8q|*2em;7bF5+D(OhIJBihimESm2d=IQU+!*l5WRhl!
zgo^JE%f&F4N<~EZB_*7lKw3%6Uah2roGx}C4nsB=40}Vx0RnT94PaJlIQ`U4JnARC
z5oUWlPbLuaZaV72wIb-UizJ1p!Lj;x43Y9;M|r$Pl+chqTnR6z{r=wLc`@xdRZLCT
zG(0)#boTd-Pr65)C%4vb!JX$s!5_T?)ifr_Kn*qJh}j4Mij`4BF~^=DD^|7SkT()S
zLqbVoqH&scW!Uvwb%?e8C|XBzh#|(NEQQ~WzQk7>knj>d%={9oh{4Xu0pIAKeym9J
zJ?DdWq@YJyoh0LIQb^6!-Kyl_^BZNQ7vwb-s-^udB(yB+zU&pgYqpzQ6_fZPKeGbw
zE+im`;)xNx7%t{sZC!DY@uXp5S=0IqR5OVm#2N==LnWTZeS1Cmi%<Je{nNZrYx1zn
zP&5||UNz|;!>VbGdex&+`=xg=uE&!#U?b@&qeiilY7MPU!J$Co+LBi%_{^qi0I%|7
zG+36gTc9Y{MGXmpQEkLwN<mOmc{~1L0l&YLI{VO^b!<q=Qt<bXpg`?7fCM&25HRZE
zz=x;k!AHAS@LSi%!aUShg9|Q4k;!4s85%8GXmoEYFcWC#;+R=j$wWR@U2s%7;iZhz
z`80<M7QE4HMrUf7Kh0-D)_e+@f*B<I)V3v!h7Ul!!E}jcWT!2S6N>mOq=lCA#UOjJ
z-Fy~CwsEK{2L<KJK-S#ne)kPh{Xmza<T4pm?{j~fV{yIJIernynf9ECxlI`tNbcF=
zk>0de8yx@Oouby+v=Fx-jK`#!DlkLyBdZP_LULZ164Z4=eFjiq<5R^$)DSNf6Fw=r
zii^ZwqIGktV*{I8YgXOt2rho(5h+x)2k|IZXrf3S3}tdbhi7~l4@a0AWo=F9`%Bm#
zM1^X1df#`x!ZY43xpQ;z4sP;Rt=;xeUXu*MIt7Qf?{;QIm1h<r7GDc3L>$z)zrfaZ
ztS<2TC@;Qy8CJ`{<)vyCLe=1y)Nm~LXax9rV|KrGK5p%XzRN)+4~4DYTHnMG4PR2!
zdb1n&bfb68h$x}8WRoHH=Fq09!G?B^cR#0(0`7kXVNa7cm0k)JB%Nsm`WK<@&gagW
zM3n{Y&{<OGY%@`ukw0OFgJ!ha(u@fdiZO-yH5}lIkM_9}zO@@AvEn982sF~}p)sD?
zXOR6{7q|B!<8171Hwb)B=HWbG4#8!?V(aP%!aQ8vM7}sQTu5yBy_9V3okQZT#n5S0
zfU9Z0a^X0nfsPF8#3Et?I#`vl4FpGIoWQDxc^v5~U&;f35yDJ`+tbzinUW3Ek#P=d
z726qm2f__es+Xxlp;!0-lw;BXRcW=<f9>#?fI&3P6^;#nz?gQ!x%)iLigVj}?ivnI
zTrYiAz4cEimsfxlle5DM2s&~kPT)Pl+`H;BQ!ytg%Q)^OF2-CWB4!V6Q7>T%RB4zP
zK9ViX-RvtYBS3>QxE^f1D!R2`w(OuZUu6h1U@W`V7}m|w{$g(Lv68_nI-k|66UW-Z
zqs(R2XbWi`w^kmIcU!^Znh`&f8ZHIUbV4tgoj&r9Lnv>gM77)jsEH7Zj!oSBp{qk^
z-oO{)?R`D~IEV6#_0p(wBukTQ!lwxd0OINpDsZ<P-x7ER#WHYMDdG@J*hHSLdg@#Z
z$`e~Ikq=rAMle7dP?xJ#2i3KRCo1;Ma&qulhdog<#2_x198DjrZaF$#iFBaMN2wMR
z3##UcsXLV9Wh~jMP{PCpw=kMJU4;>|C+kFp!<G2aV~<o5?AYl*Px5!cVThQ(TyaKR
zU>EMXss+3b(EHa7d1uPN5ze0Q;+xU^I3QYR$#@_$*UWIH%u!Ujv1g}0c>1tQB_w($
zm(P}vW2v@vDsdt*?x|+@?Ea<>^gD_jgS<uCAVQg;H6}?Fe1zp+z`M=PI4~m5IspfP
zjp#whc2VzKVva0-DQpSKGF?0xLDidrog9!IjjnVqzFk^ZE}=o|tPB>IxiW?o*PS4*
z!p;RP&EwBzsp~i<;>wdrW0nXs8lIxEY3_Dmc@-KyO3qY8LsItCo=8&F5bg_ZFB)0@
z4OT+oN(@iotc&Uu%^~*&1=wB|<x(Y-u0F!s`Dg^W)S$r1iafqCO<e^yWQO+vz)%`B
z6P)Q-9NW~CIi>B4c=B~^4PrD{ie!RH2?`hyF}YHUmkU+aes`b{&}{mEG*RpBA8zk<
zc56=lKVJ+1p+S$)N*-MGJAU)h4<X(){>GXFFj_-aqiNdr6=6momD|_IwB*=js{sE$
zxz@=fFXPFOM0cPbEV(K+2nM6X8x(V(V+2v7Bq9X>C3E%&93_*s+fr3+fGrX#flv#{
z<wwIF<#4*l`cpMLtB^48^mKu~T&>?p*?RT9zaFKv*uucs4$XVJ0JY?H+={rCn8pjM
z)D`Zov~);9tVXwz*IW%<07352c3aj?I=DG4)(>gMR<$(zLUqRZ5Gnlp_}VtBIs%y$
z3{y)wRSQShY8J0$a7?5=+OO0t=71Y#41q;>+>Tuk<1JQ~pp=sr7U1u30|x=oRw0<j
z29XB<6UG*M?_0QEsC_{9kZQu1t@_#X?UU})&dEW;A;y}03FbP=#@X1?<dlQ78(C2y
zw4Ydq6qPPR3B@+R;NFEVwJvS1%GVX3`&WPoIwLKhTB*Ua<GtT?j%%|R8GSgvg1(j`
zmvgG7WDtN_6sl6U**k?GMc}N1*z=p=Xau+7Lq+tnH))y6VMKN~KW5Uxw*;>*YgK!o
z4TnWnk+DQyCD>*U8f)|luIp4AGiMNNe%@+uPTLIcP$JEyXu49V)PT(rL{-PSvGAES
z%iQ_^N^1eWw=meEw+Ai1&V}jT0mYEfB$+6jB?k9Zy8NXNFuzNaJGqP<QWO)wrN~5f
zbe3l}Z6Oxr=Jr@`9_cCIu3q82nA`R0eZ6wf@OK3sOY?V%Gq7sz{H$tm1r6G~`SKdp
zqF76<$~&~$;Peo=ORm@4(kK_OR<Q{^7_fvj>vLqRQupm(_a^_i5-gxC%1ENye{0P5
z-uqT;rY`I(pU&i_bNA=?U4?P;abkIwb%Kg^l1nxRmWR*>r2jJ4iTmBh)4@PdnN#!N
zR6Q{6$){M5UGwVDAT<I;>p6r%Ziov6p%v}-wXW>WDaLchs;f~h{oobfI~ZO$yu7L?
z>P=*6PC80P9ce@vNV7pSjthm{X3K#h6gyjqMw>dFPcclViYg6&p1v9{TV5^DsWU`O
z;F|+Pt_%Y2BL)+%US|k7c^|A60ndVYDpbRkSA|$x6iu94YGUP4%=!aRu`+rjo1qP<
zebf3GFK9w5-aDVvxzXjdWhR9f!NVA}U{NdsInoK!20{QZ)JWWSvsH>h4ZmcG9?WG{
z@@elpa#ablNN@qhdxB$Ooq~;^%T`qNyEsKPYsJd76yL@GRjon4Mg##?)zRnNWX2&z
zqV2qs0TEXp=tD=zsCEQuRGB*jl81~3+YFJFs-1(?p@L<)N-bWN6Sr3Awya)D#9)Mv
zcK9M;h-%QC*(6g{E|9ey#}l+L1X0J{8!sl$8S&ZS3kQ7Znvm0zYD$wavz&70lIPBc
zkzt-DDe^u{THV~{?`cY?O(}s&!~S~QxK&sGtUkhcHSpyWdu=!+!HScL(pk^|2}sfY
z7f+saj)4DEm2HcShV5s6@7dnTEfkoZ?HwGSZ0~%1uibF9SLg&u-Lj^EXMXoFM;NgO
zknP1tA8g9!-u92Dh4FUGQkmGy(~8RN^?3D>!jH!q21=IY9rPIBvt{3yr=!aesmwy^
zQYm&(6drrETACwFg&K?=0bguKs0lg^fc?Wrm^{OT8SH4ww<c;Apt%-`{_Huc&o+Xi
z5)<iC3&{e}St)oJ((ORrD_qCkS43PmF@seeo7y@U7Y&dAv$RsrkD^h-bP?&ND_b`I
zSwszJ*y@eUt0z6t^{%82zu-j?=YTbM!Xgd1b_7yy#6f+xIBylb7|+61Jk%^o!-l{v
z1qv|wGRg?Fs+7_!N91=}nFokQ!{8a|#2~sgC|*~U@8&Bjv+leNb2F!3VcaOVx5rh<
zc*-4FrYH<n7o?s!o7uT~?algD=<@YIt&?A=!-~Df;Ju`%QS+|QK`nge()!`4F@3Qm
zX{tRx3p#&kissC`NG^KgYnb2|VR>o8NuhBi3Cvs=>6F?>mm|S31(_H0oDx*gyDzH3
z;gX`WEk?te;xrk64g%N;=O{Pik}f#=eNhBw{@BewS>7)*v>00I2)KQh78X_#A_y^_
zlqkEwo%Ns05>iPnbHwrq852|p<_q2*&RKLDeh5`dPY(9jYUq_}b(xvDX*&G9S|KID
zBz^0_;fD3#+!#2%rsD-7?m`AbCH9d+2nUVOHcQ~tZDem>(Wz$ug^KTF+fpYGobRwG
zO&I_OZQT}XC$Q*|!*Wzj?$jo54ISzNjd<N^`Amq^{kg#GRP!$z{)W`zi5y~X7tjHo
ztGM6-ddso)6n0(pI_BPF?J<QIS-AnHX%$X4H9p(p5sE$%&Knh2J|DR%;BA+QU|NMb
zK|P(G_JRvpUPqXn(96BQK(G(-={}e{5!^L^H513}gT|j2vV#^UU_B2Ic(S+O;phx_
z!~u!?&g1-FDx9D;MASxkEULA8QWd$;nrPWD7&M-{BgAX|(V##ab*R_aHw197`pAse
zP(S(5#)rDgm&GlIS+9Mcnph4PMk2`u*zBMjlR>vIz+|UT2*82H10G145j7z-i&Pu^
z9lnfo<!D35jZz?*Oa{Z*Hr6((8w#qWq&CcwsFq0mLieud%-HZ57wC(nU0(qu8(*;j
z@O+c<UYw@riKG6%fetwwc1|~~7FzXfb+twq7aa(2!Fkj<Is*KwHu{06jq|{y`<JLS
zqHrT73?W5Ov>^%c4o`ov<74PZ*Fh8T3SKL@%K$P<{dC%+!CDC`5#tQ(OKQ-P=6wsC
zOjC3FG{E?y_{_b%a2k-y^tZS&1}08B12E^P+x4nVYEo;4h4c`4l^9L2X{cQ*EhmP>
zg-Byb(Ze?EEfDHZezC02;1}ueN)ex=w}#`hN3aVw-o9F)?6!@%<j&y}u&wLC_vP<X
z)d6d|UJu92f?!+15QD~oWy^zoD+f&1ZBGxjPhK2#zFU6@Jt1gr^Frw9oDNfTQkGL0
zz>RuhTb=>>)0*Kj;2r3zxkbD|l=k%V7KU0VFO3BX+EY#AQS|B;x7XIz^kvtAF!n*B
z;2l~xW0W>cv9Vq=GJudlI&oLSz~R_XqSI*53~9xgSm<pFKqLz1Aepx`&H@le1P{mo
zyAEIgKx61UwVAQKydl{}-JRT|Inx6dz(g0$QV@i6U}xkLU+Fn6dn~xSW^q5fnHC|Q
zGLUHCtUoTF5<;wHn=dL^eWD-V^h7^aCwi_=^yA7CJ*UV>u1e28fpsZ7O-v0!F@2E&
zk7pkpLWNUtc+mMS0JEq$pY=AA02oog-+V1+J*NIi!`CwsS3zPg9K&A7*+(llvAUTV
z?Ub4JiFw%q*TMuHH-y#(@3b^4`+l;pREgdlbt#})-69XW9TgJ;_l#ni@vqck6`_tq
zqfCPkoxBAe(QZYBi)z|6+PCS`MWj(9@!$aKIG&V^|2$r89H+xx$e2c>cC{Oh8q!#;
zR57S40;Tr9+WF775B7F86p^$s*4aHh#Zc?e&_2bxL5~^5zXp-Anq+Fz*nllKkAK9z
zeiQ?hrV&zzv4sv6tMghm=^)aJpg;ko;sT+BH^TVM;q^E;)X$%P_n*1(e?CA6u-Wl{
zTKC(nho$&GpFQ|F{?Etw1mgdkWBi|A{ffi?Jh<0_a9|Mrr}gloh5ykZ!6*>Uc_}oG
z6BrEQ`l$C6;eP@#b7otP22XJ?+bW&kq#)j`a7)N5t7tpE&81)90cU2Xds1|H*sy0u
zJ)lh-HX3fdoa;4zXxMsqRID4%jBI=xqxZ1wR0S9gpLY(_e4O@;bHS|<IS1hn(-N>D
z<QheXBV=<zJa}a|nPnL_NT?HNr2Ihre+2{ocx>`Wdm{LpvX1Kr!0|JfyfxJ}mjX)C
zx}4Te<U3;BCaSRHr*>Z1ti)&IrV~WcvZqj0Q`+C?J)6-^)xl<}qSREhrG0qAZA~w#
zqcLq(8Fukph0|zN<J<4<lm{Q<B0Fy^)=~EZjilOJ*BuJ<bzmJr9gof#Lz&Zv@iGlJ
zu^n(T-K=z;6yxH1gc}XaZN@rbRuAn4V3r+}XCX*~b=(j3oBzS{{P)q<ZwhwUjNLW+
zG}E5;l?{0FfX5Nnm0?O|(z(E<Cizp0VM@6z77m_K30@4|6Kse~7J`%|Ojd%?gv#&`
zv!GBf3(~s9g6>p@-KiQ0-T>Z+r@=eLSxn8OgwU=g1T<>1!Dn^hm5s1L+~S&|KP&>i
zlBQ_J2o_T4l*tp9G`j*N^#)7yo7Gmud}im<*?h`}Fh_SS&^PA{$yhoEapESX&hw0&
zk%i-n+jqQcwRf&}qddF75TAqTD7uJylk9yiac#pgiYGH7CLM^HU%$!Bhv7GFK@3dh
z)9c_Ythlj1{?Sx6&Y5+p*ihe0-G(m$xY4iD#;r2bLTxozE9BLek+;%jU)Q&chN)fe
zS2Q6!JD`6pxVUFAHxuZdYhvHFu04R|0D@hQGBfu&e7{NOx-Ru@Ygcyfwjg2!4jUNM
zR7MZfzt#8puw1#H>AQwO3OQ$Qxg=A+Ak?r)_|}^;2Q8)_DK%`DF85k?-rT%tFFXU|
z+dO|of_(}2s`S7jofi)V>Oj=kJ~&wp_(9{Z+^{<+!*WMIY6FhD<IP*QAS^G3N#rQI
z8Qn0lmE1kP`c{02Z&*xAXd|VvIWt9^G{#t(EIW21$s}kwB8Iu?Q!`_v+M~S4hH#O+
z`WI1M7_6^&ty{uo?RCM7u}LYG>vyS@l@-ipruu2rd%Vhuc3zCts+<l-!{VBvV+d^m
zH99TK;BJ+MTb>C<D0obif`-4cg~(aOFKUCv(orWD_U>a(Y!ip2opz&S-&)0RS<Bs0
zooX}V8I3L0)~puLJaq91SR>+4o%g@LDj~<4VR4QIU-@-jBo|l;%wZ?VD(kwusMk^_
zb#QppdBXfieYM?iUXnege%W$y3Ycj{m>}DRnrNN=eraq=gT#<xU~_|`sUNYXM#($e
z0Yf^&>@?3tNs-hVbgt+yp=BaX47+L!*>?U|PQHpnLus!eMb%3!ja*y687;ZHZ<3td
z(mE>Z$@%k*)5rf*-~T`=wGWd3Vov^t^#`B(`CmS3t+#%@|M?gndH-WpoDx9%x)t*k
zkotc+YCYVz|6pT1kOt;)oGT8BgQ+Zd!!tX>!_8AS81llCc#qr(PBD{DLGzk>gXlV&
zPW0hoLiFU*F{T)Jr3RW!i{&O1i+XVyfy;#Bpem9+==P#Cf!OJ~3XdE+f)E+6&?sTq
z)Ks!SHX3DbFma%25_5EB{bYnubJZE1p24eE1H}{N%b2@iS}=b|>|$I{*7&hHh|%vF
znyAOf1*oG%9inMJdlNyZmS~inp+Qy?FLZ{AO^DS=)ZiTRHsaMZe%!@@hHNi%Y?YBT
z*z}oM9TPvdEbmZX?x;!>H3?5fZAn2EksNua1(A2QQVzUBCMG4Ts#y_AOn`Na1%&1u
zN#D0iw|>=7%SPA*DC6u!`BFGD@@5|eoXSPCWf?LGgHpRm1}d@&V2Gyux&Td7i!KQH
zuz0MqT0*vgS!x;G5>BV4-3c+F_oG%LLaeISzAqsB7GgV>pclFKbX0Z*Q9qq&VvHqj
zHFaBc&0~CY)4?>WFb=2z!CPn-qIOfKMTR+1nJsw4rlNr0{dm&nR4BR0nJa^g$LTds
z$y$C+-Qbbd0mx#HeM?B-l-_jLmrZMR=wV?>>|k|E&(I5gu7}3O+VpFhLNa89)}Y^r
z(oH)psjF(EPaHtz&K>%ze&7ELVOPW7kVya%$S7KqXuIT;EZd80I;!X3W|yntn3L54
zNevh5KikID2XYxeOa_R1Mq$wV!?U3b<ji)j!yIE5*Xw2qBqXY-DKSwssl95@hPIf*
zL(Knyl|+PR7=)@q7RKww+!>P#Q2(YXv>*2hg#zWU(#~4e?Zs3hHOuHPWFVF_wF5d1
z8D#|ylvvZnKxA=$8&sxT9_s89;Z0zy|E<ZaO+8H5EYS&VtFbkaB?7z#>E>VLX86+C
zFD6R@sU<3?une-~r$l(`T46eA5lYaIYN?8tTA@8$8Fke2<FgC4<ScP1E~yuj#E+cW
zqR>>jbWM^wlc*Vf<xw)ksEML92Y0BeK|^MHjNu9K`effB*yM9ygEu+)gyINjZ5vv~
zTqE)XFe=)~_T&AIEhEWDVMC`W!5Q4m%>%3jXc#<+Y7oUkO^606BX5i7hjSqsjB?JN
zF~}t)#09Zkr?(dF#%RlD9)4_A?NA-x4H%1{b;Q_<i!O5QGUiq66VI<i=9F=_z3M_F
z*3coJa6505RQ7Tcx+}^1ehbvX0B8D*?8Rw<;YHHqEQa)8HSa{MNNwX})hJzev_w`6
ztRy46$y7H3k)Eo;30L+Zf?Z~o-AmHT;Ur7Z0d{~`r?3x=drhXDPx}=qjVw)jTSbiq
zs{PPrW5fuN-JV1PlUf6lIP92lmjbZagwkFp(1xTZ6n*j>TpE^h9g0*9am_~Kkf0u5
z)@l=sV)jXtSI@RgK-wh&A|SGE_M0=aQm|&hKjHaQ;;I~rbBsib8(*%u;$yV>o#5gF
zmYzB>=3I|^^Eej(Yr98;8wI**t=r}%#%)UM7YCCCQfj`PE2044Qaf+bXG8F?p^T}u
z1y)z5<ha49T6)}e*7Y<~(q^1$epu%GXklo$g$4y;(?S?mab$(Z7oz<(gjHZS1V)zs
z6eDvV-wzD<z8r8~Ip8v}>S3O+ia?~ESGJbQdzjTvC$^v6K`&Dxb+0&!C#UgQkOK*L
zH_>;voc<1+xqqzXYMM3l$^z{j$e}fEn2B@^hg8FyCJ7c*Kp4l<JmK%~_+koa(m<|$
zyXkk#hcl2D>JusI&hg3NbEd94N1fx7?V}U@bLVh>zq4~f{p&|B4$S-Gla8r++&Ou^
z{o=SIe#7f$FK8s#xg*q(wU9m-&0KMa4P8Y$#Clx*x+$Q*r8O`}V)X>Gmykt}9RJ=7
zi{5!ux37#M1%y5^uMH#GqM+?GEQ&pDnw%UV!3l=60@o#0emcF^T5ms?B@8=*0l;mP
z#B4!VCP_ZCt$s3yr=z0WhBL~UvUyN7QA&w3k4}2GKO@hkAZjhL!BQoQy$8i{iJpv6
z5l8J*WUU+ybaKEvT_)k(xMhye4e3e;7nNsVJHWeEN>r7w9mm5-Rk-AZX6djL@PNZ!
zQ?v^cC7efc21WvLkxiNvAy2hl3(dK_LQ=SgSbA`SJjB@VCJ+yIbHB8rL!4+ly{Zz`
zh7Of50aX{3*M?eSf><L)6rlD)?+hGrlS7G=fe1KXM(aw@Xos<N_-|<?1u)j%aY4c8
zrdwLirU-pt#X;>yZL;DXe(mSeXf3dt%Dk$L4n<+1NPBdV<T)J4ZVzn-d?1vMM`}=k
zD&d`Kt&D<aJsT{bSxPx>SJ`q6bc!TwIsC!-G<|KuWq27R+vF^36-c}WhQ^lMY?Xv+
zn$!W(LK7>8x+ur{7*vj{B|I}{4b7T=iQ&*?)R7WOk_n2eXKcvyid=29NU<T^+cBfL
zqS|QxNV%i&LI;BFDg@38vYDmy1QTl8l^>kS>YP}M_S95W$tHwddYvTW9OJr^av!y?
zwD`j`ilHXxswS67KgvfLa9R1VpIE~sd8OpKx8vlxJf<5sx*M0|Sw6oO)r_K|jdx5L
z7=&Fb>X?Ii$T+yw!qi7z;uzI}p&-JnP8UQCgN}_pD}LBr=}%wjCmqz<dQr$Y<TA?$
zMCu@kqF5%eM!3wlQZ7{>AzSRr`yvsG8IGrL;l(qM30+M&Lg)f16GOYQ>a4WkWE|Qt
zi*D4m>d<1NHs?fr^5S6UWbg1GEQvW+i%lEcgG`)}o&x*iZVd!@MHmjb8Hk7|f@R{z
z1ZW8#En!MVmZu+vj)iY|mxRu?Owl;-+sM)Dm-dV>MRjH=JBn7l^crT4aSjLIyIcko
znGhvBX4XS+4CNEXBkCVL6Js^`{_UEd-CTkzG=ph6F696fe4s+BCSB$&#P`j(4w8#(
z&LPcS;!Yp2?p=cfYNZ&Lc~!N%QVxFWM##fZ5OAGXiV%$9E$K$Fk}#)0m^oih7M%|9
zHk*JWYyr>^AQ2gOF!Z|;UcMWyt*s?athpKNYy~#u35ef|TR8~oZq~#mm7ye^pu4;~
z^6Ubr6vbq67(Bs>rY1<RD>u2pL#t#3d3`;MzJN6uV!DeJoz=*kEW_v#q#nW76_*4p
zSk|G|-eU-^z%8)`E}+W{84pj#xwO1u|2mY@n6&%UqE#|+uh308%(y9J+3HsHZkGHr
zx3Ut!)N~M{ilgl6T>&s#f$5CdNCL#qo1=M}Iwy768YT>0-(#S4GjIyt<R^fq-d8s~
z1n3oeINM7`Yh+_?W^|sM%It?NnGh$J@}kzdxfG(LdE@+38=juZQ5kvk!>Fx9fNt9!
zksiOj(v5sY?Z=0Q`<?BB>fzJ_2Wa%AqTiEgQj0dC+8|cMr8Z}f2YdT|7f$k<p}8A$
z8qjJzuc{2bhmjG-wV<j^19ObAZ+!zD(~mGrs8q<k8BemS>nf$XZ+bz>vo|uk`?{-%
zqvjl;!3VOvE1GAX;0X>cvm;KOs>EM02Cub^zPeZj=hyk!z@QN3OpPb6u@;6lrW@a2
zN-&RxNOKW;$x*EVdZShh+x+eVgU?Q;MsZO(DsdD9<}J;fK<IwVVX1&6+A@X!)5c2x
zyKUFG0k1G9@h_Ev!{?IDph}DG<y{O%Uv`3jn?xM$8E(5FTE~5WF$Q(+8e^DiV&5df
zO|}LE5?kIx@pvc<|9BHP_1o2&ZZE<GSeJF-q~g0FRqaP+w`pT*=KpOIU%3}hx`_Lf
zi;`fZi_kBAh3BPygFpBMU7+bV^h>|uTUq^%e%hDT`oxwn&$yVDo^%oYTfCO9#A80L
z#7la@ML+?pU&42Oj7PhEjz9DZG!4}+;0M3ZH@Nzp{%v2YX^EHWmwlBxuX6K>7;gQF
zewkMeRC5Qac>t<;8LHY|Ko`-!&1)BU`nP_q&JFWQedot4lQgCH#;>j%uwDtck}Qu`
zl1pzlKSZGFoou3ba5Rm#2Kw*T9Jw`$^DUlU0n>F+iuWsi^)f#<yUV^BL0gD<P=^w)
zTM}i(Y@?R5*5Zmb(?Hw|nAD4Eu3-|q3tmz`o)zDhwVyo8K3InIG(bIZW|favW~E2*
znM>lXbcj$hyONwj-PD}|-c115hS;CLAN_W(v%f2|(Wc^>*UZ#Pc|Nc~goOLe3NtAK
zZOvYLu$Gg9f$Qc(n%!$)h7-;rm3vGv6b=ZirAAw_#aTBN)$0(pM+jkXDY#-UGiR<g
z1u{YcT&x>G%=P!z*Y$b}x<@C(0XJJnS15_71`8%6p1a5@IDmDr9s%Q|;Drt{;7Wc9
z-sc3bmMS<fnP_<eI-rKz?ZoPZv=JIGN-NPTn*Oq}b)B(T3RrI@@%UZVs*16~)tkEx
z;WemMw+jR$<0`V;qhfCEHDMjCQQWntb~CjF7B*}#EfcL7wJOQ`lWZKH0jOw%X0`QF
zRax#Z$3GkT2O<usV>MUW9t1kq+!aVPXSD0NZ(u9oglhZKSXgd4J1Qi>TB;%S87BF*
zLz)jNt6-$)eW<A>xPV1|FPnj>7MMcUUCQt+Fn%%Pt!pv~FLx>QDA(Fn+Q;wkB>1R#
zXX1EcnusB4;b?=?IdmdVrfF&}iUfU<DinL}TRF?<6Y#v$T7mGXpHK5~qNqgQDi$2o
z0=KqqO@=~7*q#JvS(|k>fPSPe_R)z@iA3iyW(0~A9d`UpDij~!Y%$Vd>4!*T7&@}D
zBjEe2kLV)Y39vj83dT5iG3aqJ1~QPy30>}mL8{Zq8FMVWn}jGmOh|h@wKMv%{vrdG
ziRl*7*C@<nAcj=01M8=6sGFl`VQs-hi~%{&mUx)6Lytvz*U)+qIk%UUq+B8)R)nSB
zTACsr&Ag=F`Xz6orZ;6RHsSuUZ|OI`1bSp&!7qM+q(#5MA7Pp1Lk28Y^bxZ$%!r9K
zBW@;C5-~%Y-h-)Y`RW`<(@MHM@cgQrT=XJVyqpFqG0GF6{y8Ts+v#_oR#+~TP5$i|
zgyU@YDeVr`Dt4%(Lcsk@w=dLgBM#Mo;YoGnrqH-JFc6y%hVl)>d~t8Y<tX^ICJ}Oi
z{EEf^na{{bY#FtMulPIoOGoIl?FS!@^N1Ne<|P?NuwQCQBPsoAS~EKwtt{^p=h8+;
zqT%>Tt9WTx!08zUp%{)Z1t}#Y)=Y;@{QK(7a>YU$4Js6QGaQZJat1CGz*F4QoQ8C3
ztL>_FtG&LgRiZ9<R%QL9=4<xqZyIa#N)aY#!5wyqrP09hwuwLvT_S)S0@QrXQ_dv;
zi`PXL)xc&lJ56$>62~bFvTE{R`&p-H$gX6++W(Hi<5$Q3fC$bXAo#~8^WuLzY&~qZ
z{P^z=)<6F_{>R7o$oL<$;?2vbz1DuHV}IPg*KS3vUvIR3wejHB<=7uPu<wmkEgD}a
z`E21Z@8#$oHj)Pn#|z`Jb9mI56UPH5;YRW316%Gt%e)6?J@3INx$>S|Bp2Qj67Kzn
zV;Dp3JsrmrCAoVKk$`eUdY<Naoc}Pr80Yl_;*uqe)kg&wNa44Em!%uM-;j7KAxd@G
zgXr2);;SdCk6r_(|IOD2FP?#Loj`jKP2#ZocQ2kj=SKtah}jdJM)K<}82#3PDPl@G
z$T`cM5{Y#nd+ZcUK_So`nmy_i?pmlD<g1UyJtgzNmr<M-1-N?_!uuYljn`~mB)l)>
zeHyp3C6a|2AswB8gye+fL2!Sxh25rcueel_m*EBpOgbh7^+pl4;t{a!*HI7ezMLB~
zA#_GIQ~g$S2f7%nK7!T%j)u9~dbuga^0Wi7^>+?;J9Pse6vPgnclQsscMtaV8$zT6
z(2jBZTal`|ee|@uEh=uh1&hoUdmJvNhCuCou|*0Ewfg$Es=w0G5QP{tiib`?b9JhO
zdQTeFa9v4PTWUpBRacNaE{&oY>GEPc2L9%WmH|s)629&NRJR}R)B*b}xSEWGx^;V3
z&T$mL$7y&m{6nmbaRIlPQTVzGDCgm}y`%U6&<ycLeG{g#m{&F%SbVkVp0OHChigS<
zSHZ&{NKL|X$sb?o$^6~3=g0-x9cU(vN<Aoc=Z7YYh-U|u)?jdQ0eKD2vr*sCN&Vn&
z;R$#lhPE&y-)rhygTlx=C2${gPF@@xG<5|iyh6bCWoU?C8vv_nWsGM<Hm3fz>Ca>O
zvs2MElvX8GsU6QEh!#&33W!sK;Z<-5xKDcYSCPviK(>Ck82ej!+<U1t#o1s0%;*-@
zUagONE0%|)Tjn~v0fH^p681}cn%Aj1D1M%8e+xTA;eff~`nH>2r$u~4%37q7IV#H1
zVv>zGhNxns(e4pqw-Bq&dkwG&2H)f{I&K15wXO;4t8s7H*j}LK32iSBW<-{wx;43;
zsJ@^Txs!5=vIuf^(wl<UKgNY(Fp|DQM<fNi;ZqC|c8Wm}(a7IyLDktPK27{1hL*-X
zD|k1Kdjb>m0}l&T=@}Sc_qbWmrxuLf+M5;BW$oJXxq&e=G7!O%(LfE119Ie1qCl(&
zg-k@PP1~6&5UKKu`HCSzv=tfvTcf~p9ubP~F@%Jif_0FNAM4t|Iato%(YQ4WO75XP
ztlAuKwDjPdZNZ^Zs7-M4OucuGy!v<u*CVdJ44!QU<~$xs3?|E)H|Gh)K|x4iD)jW4
zvGzPxTRKC$Q}SVd+DpioXi9<2$asYwLuB1cwN>?vWW$SN1~Pn?B=!(spmWAfvNXog
z*d5OgwloeR9m7icY?mMffO^YeE7(h00mdO3%qyCF(m6g+yT2jShmL-8U7LJCOp9sS
z4;V&{<Dz#Ci=`ys;AB&^hB~hQSpXr1cAj$dP|fTci2|j;2UMqg=Z<5GGF)(nwutPX
zXAJkF4%$!i1Iq*r8P|>t_cUzcOw8p0^PXA*phM-+@~ibVFEm34Xa{7?F{MH{>>PEr
zPdZ&Vx_E+3XDE2Y^Mf56+vZZ0HX11}8EvsD>jR^rW?uyYn72&^Y2akV@=ykS7%PTE
z-!6%08|;~t2mlXcBM>Z^h+p1(94iO#SPjg~?wN|Y!Sd_rGov8h@~F8PaobTYss~J1
zOJpe1*BAO6)%J_D4lroir9NQ$!yMGrX9;kPp`%bj9tXiJW|NOVy=eM(qk;`}8AH?R
zoW+!D1F+QxvObXw7sE{!8D45TtKu0GFu%kteIbV(m@N%Oqm-ViSgg09nb9!j>>Y;<
zA%-%*ej9M}eB9osWU!;VqZaqr7I#Q(hmWvwkh!f>)npMOGb0T3=ljs>>A+Dk;<yBQ
zi_kBfIJ#=nG@MO_GWAd$7{GdI=N(~&;No&<YmC~#HL+Gl;loDw&|qp5RgMr0^27ph
zUm?#E^dQnDNTZ<mk&E~WpIGNlzvLG1-Nz@}J6{W9rwYE?C>0cCO|F2Y%gJ;g!*JuH
z<VxQ%2D(?n?kU)HPp^x_^dAHXJN>E2g-LuW1tV*;g@>%!;s!ihp2reNL;N<>ygAj;
zGHmbo>pDK+v(!_Y=%l^2$JNzMe?LRLEoaplVTuQD6<|xl@>N+dGNZ;iI6OG&>>uvX
z`f&#c4OL{imal=uOj#(6`~5P?oqR(__-p(1GMH5t=7Ns4y4bMKkygIyve`KlId4X^
z#?L32ItcC#H1Znhanxtz7*K}n*BY6N!UVEXZ98`N3|95^(Ad%*p8inRT=?tn5Yxb&
zE2S$UY~iIk$~+USU^&e*5;-CME5iuCh2<PKU1NVm4JOx`9zfPf(_WK0QB%Q<l)lzO
zP{V)LJ)2~2E|XqCmW42O0$lpKX&|E4BFrtY*!=j41Y;T|U3V!?X)+jPZ}hHYlBZ$*
zh3TPzLmrN3(034oTxw<ICD&F(G6m#)ApB5(hKWEm6WZyX#*@jAu8juvm5@x+*DEU)
z`;E*?c3@wZG4hx^lyoj|#<vWbfS5%zWJE_bu*{2V07y<}RR;g@E-;-Eew8}~B;%BN
zlVG>JywK`oet%-ufvI4*KYSDH=+t&}dZUiiYWn>+9Vo22)RQp_f2pr;S>6D*EKqeT
z{{D4xy@@ghSZ}~{c3~g^9}Qqx#>X1u!lgu0cYPSU&%;wuZ*d6jagalj1ya^j(?z4O
zLxbD^mE76h-#1o>_Ur;1#FTFR&FKcF=SI7Gtc4TBAb@mFgtgH$eX+XB2{>SS{bu_}
z)z-Aj=z!<6C4@7-q<@A)r6UuIwt@#M?BFyBDL!W&Fz*UFYQP>)oBF9fl%x*do#^|6
zR9k%NLEs3$+1m)z3jan~4?qBh0{IXa7%u|13qB){sDpnNE^-_fHok)aI9`k2z(Dq`
zom?19B`Ymm`^EEbyxIbsAw9JMG1fs@TNIZ;$jVTfJqR+YSzr`bViZ)#AI3Y60WEqu
zyLJ!()<@f~%;t=407;I}>q9co-A$)Mc)cN>z`k=Lu!$YacwX72u^6N`q#xzjWIC$2
zItAj(csQcC$6!{-*+0YP=6LrU(n~v+7pL?Ggr6!=k_VIJo`U=$z6P@$p>ofiE1ar3
zFYvj=D-qQ<_FLxn&DL#)xPJc_F%m#|+Y7i?Z*cI=b=M8T*Fa6s`Gj4FB`Q4G-aqba
z=wByCFFIaxl|aDu4XK2ha+g<h_jR!KE7|(jw&~KoscQA$#k0j5mh70_p}=MZJ)vbs
zW`o(@Tm?PodhWRAgKp9)K|zgS57o-fG?5mO9<A0@LdWpxp#^((_)Vt_(V0sXjL67>
zkUbj@_jbV>$~^cxzHNh#yx3RF-8pBy=x4$;*`!r)XyF8s#fJ{6>TMRM*Ryw;$7kG@
zf~*zwsyLg--O;qF4tKOFSs*z^HH4cHfnZM>RUFpj@3c~?q$vXv6L0sJI1`xv28rG<
zjb0VY;?fIR7sfAA*E<-d@yNB(h~fcg<=>oV6dqnPYT8l+E;qUZq4;!bL#~<BMq+~9
z$-Yod1I3LR@Lj*{MUvj-1;%zRKOYE31)MOL3b?S2zBD#F8~*(_Riydalgkp}bxDV5
zR-s}oFH~z;mpk~u@h!r2(fot2K@BKzVWv&0#a*f~&nR5@g$v6oqtOzZGf5+h8|-Gw
z?ZQ3*edZ$Dc;-3DN-gnZ#>VE|8Q9S5_vgs(P<la1GjoVxeVWjh-gb5&^CJSRn_4(R
zsfe$|IB*<amWfRu*Q2CQWPiZ3HR~e*V#-L^8+kwqlNG+MOHEt>dj>cocj&&q@)}0u
zlEc?Hk|%RoDkIQkTxJ$SXMhB+rJ#0s#ahWw{8cMjLXxAh&LxN-Jm!VCJY;ahZ{*WT
zTwE1fsO|RB*I;S(Z2MajXO6yZ_!`H-5Y0x^3?MOCoc0~VGk0qXBnGoNMIS*81k@+8
z-d*m;HHYNvoK>t?Wh><mD!Q<`?ExTU**QyszP67Tt&YClKK{C%1h`FY4u^_?`3$YU
z-8@)_Ag!=z$AR(OF@?wCiD10L*!m#0-Lg#(*#u)yunpY6JQ|OJNLeVbKRks`kxgJ{
zR3pE7DYwFvtGiHd=V>n->Mo>TNusVGg32TSIBDxRL&t%E-1V92Px{I|o;^<c*eE{|
zZx9OzM!uHg=Hs{$<Iw64e<1TlQPOjihH>=uf}mjSg$D=oQ?VI~DHQ@T$hvWCq;N%m
zb+6&VREZdfhIU5<+z(4w<SQ;mgP9Dw`Tjb&wl}7rmNfiE@GvR!CYY7TxvQ(>SlX7E
zDS>+bNfVp$1U!GqV7R4$z{4`zrYAFB3L{glpsk;O=#>TKfaQ`;@}#9g(5P+PYv6sU
z_slhOQUw-1Ow^~kEot(}g8c2eunmWN>80xtn4^-<GKHY?1VJbi(25(iL(qgRAyAf7
z4!+@9qHWy|4o|GS!<O=^PM|7dR!^l%Or5qe)=21CTMZMkwz`e;k=t5ZhMz%@>q#~}
zJGb!<e2ISM-kC9wV~BmIO;nsM!NYMk{8=^}py)W4c|@~J=6ZW*G71J7i2T~;?p;)P
ziiMDBtdJ(ou_2-$6{9!tb&fLcCR<*fJD%sW^?gpmt~e{3w{x4(q!N$ifuRY4r~bm8
zO2WV*lpkx_O{7JU$|F_yEI3*bCHoo!ev0EE77+9y1E~)Q3gD<iV9MwSzCK+vm_=HR
zzZ7br7*M_NA&kNS-w34wsQMu>>VqRrrB1vGaf*3}Q!Iiw1C2O?S%?Ev9GLd^(lNXX
zLg=#|R&$=ZeLlg`tzjo~np=#1%+<)tS(Y^CGtL(Hl+PEQ#GG3?bvAyOtIkE(T{e_B
zkH>HiK8wXgJXK<x&Kd!y8~B?LF#=TO+pZtUx->zr8$iuXsoC4qWDW{!vTeJyiFOe?
z^rmd6iNT+e8H`XN8EnGc!bl7OL4-`c3I;UGFCnj}yclGoKE@Rhu26Pcwd9YsHAG|E
zoJ;lovfZRmW2mMR-k&YhE6XSCh6t{%YFvWlXwuT!4SdvwM{W7YX8&?_twOZzT_u!F
zX#PXcn8f{loyMfF!;jkwV!?~YZiRe$I<vyF7yE97i|J@)h26bxw2B7caoJ|4P}iG)
zokHRQa0vZ$`ol{|I&yj)tqZ<VbgT-@9_iukPt);5HXEkT4}ar=Xq>&7S>eUOGq=Jt
zy-*dxh4(uL8ztWnp)q3Y1y_URQIam}IT+I6k&Fq&&UG|G96txgqOdhi>yyTOz-iZ=
zgP5a&SVRULzhK7$UKBtv;|X}H&G1N^y$xa1atGJ33Y2U+&P-ZmE3U3G*kr0a%W!Hz
zKv*=t70itqQffEakervZy<jt~kPbu!@6W&!H){*IN**b#@JZu_igO&BgXJn(<?5~3
z#}xog9aWivTV^blTA>rFe31$5fZ6ptuTo&M+|}f9zsskL2Xj`!EO=l&OHyRuk&X3;
z!n%%GYOtmA_wrVh4n?|)(aEeQXB?mtBk2RFdG*CIn6SV4V#{n;K5nztCe0>mZ_==B
ziy35c*aC#om1smFxrDpgjvNfDK`S8^+bs3p1>8_3$zWJ^D0-0|jwjy!Bnar=3Hd^_
z*9tt#)|?w(^_x`gic7>_hGeYIJnW9T&-M;p9G4X9e0AWNJCt>8l3Bugi~{ebFh@3=
z&pNnQY*L~SfSFEd-cHd96c_G@?H6W3VaSRT+|bOs8AzGR9}$@sT;2_4u*j%Y^Ycet
zab%dSFZs0)Vmuy}G2_xz=Lc4G`(W3bxmLa4;4c?|^5IdS1>|ZMZer)~U}yUzumtiN
z@{-qpufa^7^^ERMUZEGr@;o^fCk>37`Gs7WMe`T?;+Ns4?E6Dm7r76)B?P~DNr~zm
zqBjE=A!%c=x+OQSEMF8sf=Bxe(8X9FwcHpgyi_QF>ve*lS29*%m9*@{aP{Q=HfoHZ
zw}C08CIMbvMD}iks&e#$k2Cs$Mqj+k=qq=Lxv{pLBYAF@bk&|#-qBElctpBr>PUuN
z@qlFyIpJCCH|E4Oso=Z-Xh4_0stmZ>jiz&&%1h%id*mOyB*3|vDd*nUnOMN!p*@?_
zEc>J;K=TQPh9&lgF^@R;&8erht>76(WX!Lpp3bR91kbOhp3bQUq_JF2J)PIzVQ7Bp
z>705<YD@Lh(>e7zf4^Z^WnHWD_h{KQv)(}`TyK3&z5SDNz5SE<{p|<(gUi}^^`2Jr
zH*cIzEBdRbw>W#E&YlrO?FxGsr-=<?GFW{C4`7>ea40bHf?%%jI24MOq^DBT&efaW
zQ^@sDx|UmYIL3g%=#eZt=y020jsaeNL)lM?;8XI&B)&FUX2+wCy`DHOi1kWmw>x?$
z#vT&Po^5~I-8(oz=RVaNI_|lCeQtOyfZlL($%ba?Ws^ygkCo^FnhIPQ0Qls>gnybf
zaJ@dI!P^&*0`Xl3?k&GvdM}s_xC}Z*T`WXb%D#jIvE!4_vkF8;V0Gpkj`8}Mf<F&c
zll~RAD)U$u0g-dOJvlo7)#53sxXQ(Mg2j8bxbM$^+fRhbP@|90o1w=ZUn7qBgGe2O
zM48<yL1LQb!?QH$6G#>U#uW^_{2W3w&6xI<p7sKhz0#ANF;&NbtuinJL@{MAKyc6J
zr;wK>n}{1dxPAgNWGI3rrT6xqK=kwD?(@!3_sRZ?<F7C+0~bF9RTVd)vy14ItDMH2
z-+BPib#CiLM->L!pP@&gV=C@j>g?~q<vq;_5y8`=EmlpWzYxF&f8@F(J5_kbwmHHE
zcMIFLc`M+#F;L?GShzwq*zmu-u&{IDzn*`HK4!;%U4PjAyj_a_+WPG0_^%)1Q;Pq3
z-n@)jYY%=^4*$A-|HFoV{l##QDo%?7y`Fo4U(c6j2V;Gw(5pI}*fWfK2jUIKUW+;0
z6zu1<Xs=+0Uu)n8_T>->6C>rNCfXV_7Wez$ebU4mP7I`nR6)^|*HQgVHXZfpJNS!m
zEEN+ij)LLonQI4+x)LYNSkETOII0~U?RJiUm#qPDz0RhZZBvuTVH(qm9GZdzWB^on
zptT@CMOoTvYVoP5<)Nk)aGF|TX=)Lq$@N&g<6j4zCd(T732@-V)i;?-=f53YV*7ww
zJv=ha96sJVP+ykb@-QLWnKOFQ{{CncvQ4e%)ZHEECoiC-=q***6w!2rppEf#75i&r
z*I`UuEjzz#h|t4+kj|{R-2_J9mT&F~FY54SMMiXV8-n=jN}6Ct)`T0ep8nb_L>{*o
z*L<%FdF7)UazEQ1_k;XPWoz@eN<U1eZ0ZJLP`KJ6k%hxG=ZDP+*P9!GC<v+r;&lY;
zEfjJiJkW*x?}HsL<|`ELc|l*O>dJHcU@8YZ+ixY@-_4Ar!)@HqBqZF(B1W7QQ@E+$
zLM13}9y+A5rTL*Vg3B0+r(Csx7mG+7u6@I>bu${77a^{Kj4T%JEeNBkfVUNcT=-`6
zvJ$-)zd@@Q!{T==m-3F~vR#c}?<m^h*{*oD;o#qzp!HY!sh0oxr;w51LnHv1E&sLe
zKluEiFaJIKZ2f2X?_+$V{KqSf0$^+X0Z4!k@3q?Z+P{uk4>#_&H(IT-1h@xwo&zv8
zp%jVJn5CNt({4oD&-dOX8^|z&WFVmgA@Uh;UvAP6oP(D&WPk7RoTMR`Nb1xR8>cZp
zb2an*Qy}4_2bx@0rA92J<~r&;-8()x`mN2)Rhfp4da#+C!d>hWGppD<k&9O6_pQ!2
zuLlQFT69LxH1qRD%}kT0#+T0-AJS}{6;cUxHZSSO&j?v)RpZIQ-ahDH?E`k<Yln@v
zY9Kyj6AsQ+P6V2Bc1zK-pTTw%NRP#dVdtz4BpI(-dwy+~Wey}~w8e{TK-d(3shp@u
ze=Wx$@;#264A0Qu-|yE=BK1Z9*fnho#7YNMZaB$O)MaFY=xlhIq@3xtRy|{60AR53
zX`atY**A25Ub@@LCfmJ~AaIhE4I7m`59joZv8&x4!Iu4u;yf<grRW2aZc-*luV>^J
zZC-SfPFQA9)%zC8Y5O}TqiZ?os+YN$Ypy#r_rrFU1;qJ8`53Z2WTnK4@>k0R-2ihN
znwek{*Zr1Hc5D_qZ6`3o#OFE#@9KSL3Z?|7=xym-;1!E7C?{C7dloGwD)y{Q-HLZe
z6YUFY=Syym7TR}oj&=zKf*U7b-|woQ7GG8Q709GF7^TNkH&wlf|H{Se!b_S?!G8e?
zbv4KaEx*7{s!8c(8;<plPx42}r4m81Dem8iy#N*{(vntJULILDZ?ijK-QB=Wy!Pl*
z$fC%w;e~e~)ddb;B+=dsV-5AR>7#|hik6T4-af%Y#}GYi$BXhzAStIK*1!k!LD=)a
z8O(G0ffd(^WU6Y<sB$JqOTraAdgqh6>23LV*}zy+QA)U*O(#7_^%_ss=sQEmEp?tv
zimqbqxuE{(mK|bQ(Ag0K)u+<pL9jgEqq%k5hoLdOIgbk}4ByQ11!q56W>`Btb4nZN
zhZ+(Osv$WIwv|rDIW+>`s%xhe>j1Qe>k}0Umaucyzh=*SUys$N%^K}%aSsykz>M=+
z^{5AP+kwsC9pCJejlT?gNJd-%0*kSGs@TCBQB<EK`w4yhy=e)fWtt$=b%`dTrJJC7
zCiuxbN>L`51S%K}lQ0bd9LF6{+64#GZkR=~M`q<I7vg&adR3pRHd$$jBk&FcS-e%^
z3oM`d(=G2`$5NJrDyVQjz-GJ817}cq$+&?9@ng2sprlouQaHd+nmirBJp+0*&6~)M
z+a3h8#L;4j12lLiI-j%U0-T)Kt&%GjOASRf?VU$EHZQYL72t~T7J@V&U+Rs-MR^Em
zgM!`x2>my5FQHxY3y9z>eII9RAe;qyRO8+O)1DPq0EAJkREmMYb#PK}+QrfgdT?*e
zXsCpi_vQH9_H{x&H;Fvrz}KDMcE372{8~YJ`FwfPWBkvv?DZhT?b9~BtJ6P}+r3NQ
zp#cCZCaA}4_+t$sWUHgDMnkPJV^KphxoHZgV6BLi5YO-5%EcOiqG+mCrmsYEm|7jj
zdAD&#PsA+XBz|*7X&AzamdYmg15K>9JrtK1zFOvTEmBzsAaf3ZhA=*)&MAOd0M$dm
zp+H2ub&-q2mo~lP+z?Xo5DgzW`64XO3V=UGo<rng=)&r-Qb8KG3e>!aUnduF{+hiX
zdA)OZq}}b*GTJi$%d(^?co43z+ylM|%lwgz%eIfdhQQAi<tL%?N1c<3;-gUU{k?;Z
zu}Fi_MvuT%w={~w7Y8R|SHXK{r_$7?sRfCia8rWC!eS@^fi><pb8bXf;k)6=3Rr?F
z;8YYw>pQpXq^c~;)-OE5!u$-Me80Xdrka=LiW^NK4<Pg`4djR3r-loFD4;r7y|?4&
z0G6y#S%mT#rv-;NS4k1S$!86}f@=aOeh{Wfs0y+)$tJk-L&CSqs7Pq=aF79ka}vR&
z!#n7dl1RvMs|Oa0V~Gqntc0iN&}2{3384}Z+|GT+a?|5Jm}4t*Am!=c0oF7mOH&1+
zQ2MXtg(Y&U+Otjx=-w?5P)5vP12xvPNVi3{>Is?HBWh@)bi!?_D??#nA)%VLoK27;
z`C#aVt9&{g48D74^55De*Igm31%SSS?r{uGF<k`XpTgVQ#HfLfmi~<^*kFg|BAGyJ
zVR&Zvdb>geIvv8f=9H}YmcyZSUSOqNa@8U_5aGyx9kk2lYA;Q}>cy)R^WFyeRD0gk
z37ug*8V)uJZb85s(H&+iS;hMyl%ZR?0K!m8$xY)HsnH>seAj-s&UwuT<7tuC;jWAt
zdK4)(BQN?&<`P`b0K~dFRc@kpL^j}`4J<xP>3$;m;~$wB0#0+%yBM2Vm<aj%v?eby
zB8Sa46mq{i%Hlp%1h|-vi^(WSZO65(I?cY9U0lRzzfo(*0U(4mleEsHQp8ulsRvY-
z9smrGzE6GFybX}-br*q5gmG=#Bl1<4JI>BGo&Dq1tycRM5Epbl8K8A5TGK@1cv9#m
zWcwy;PN{PHR%_j_oG0k>AFS;m5sKJ@(<-`y0=K3iI3{d#ODmZ20{oCplL0spm>IuX
zTU%SUdDY)r!4Oijx9!1+N`b8zign2gIDCkES)to87a(6oEez%%^zQ3A{|Cmy&)$fv
zLM9eI?`A{`M0%K8B^?x`Pq0z$i7e!E2D}nh^7t&V(YJFpXw+G#gMEE36xjYd!jNJT
z_mWffZG%ecbgm^04?tsO#l5h=$s?E^Y1D>e!r+bFf_!xiSW}$GY4nPbd6}MJBe@7~
zT%l&dL2y;6)HlnigHygvl5upFIWg(VKDGgPeP1YCu4z6iQ)7nA)igfoSvwm}?hw5+
zo#n<N4PH%$v_G!gf$RDukk?^4O?=7}noLdX1bH!1J5E8~hvB&=t-K2QG~Wo{K#+XA
z=7`5->DXzizY$jYQ)739jvW{b5PS%1!<-WY#i$B$B4CF)0!tOMLu+(pe(Y=d9Zb;u
zW8Z4?E?;oh7x6G%s6QyEPTgtxx@Jxin;lj*y|WBv6V9VzxiJ$Zqc1f!?nLqq4An7k
z=D7&IIB>pD%lm2nQEg`29l7`w*Gm=wIjVr=Z<r#kMw-}b-f4cxph}g58sr;}lCuac
zh(L*jYx!dhSp<b<npb+;#K&ypK`;1+eTCd;Q?TUr73>!C3VzsEs2w)%@Rxn5Eso54
z{lFG6b}Xihd14E(w$K#e-&`P<)5@J`<#JlNGp*bid+v@sFAXd&4=ncvmiq%UM+&`X
zj)Pv3C=358#t1Z<YJ=|YJ??Hl-_v%tkh-s$*Tu!xu6<g<-+ipwIM{yHX%bG9G3YOC
zy!Qb<GweSBSRcXu^Zw`e%l>~4KfnL8{pZK{IQE~k;?2vbz1IG9Z0$eWQR}mf)~`1n
zepa^sBre-nfxe5ar=rd!V^4J&R2q8<YftFhv-aFMJnGCd_Z$yBTTgO*bRH2jyl0vB
z0M5O4cT9u>$nRFq(|L%L(tmd0J-EDZja8+x4h|?aRJ<eeE_rs;X}<@SQFnWu-Q8Vg
zZrn(w#A=Ouv)U0k#fSO+G_I>hM)p|M{?wXhFwzIy2<oR_T1lukL{Vz>k!po>5yRC-
z5bvRn0hag84?&>Ey`yAQ7X{VShFxeJ#<KcowC1Hw6muh2wz;#zkl7IWPD2C^j^5Dd
zxzx)qH2>;NJxfQ|5t(hkt}v6%qjL;nK`pL^16cURO~5Lsf^~m>6f_#=NV^<`O_9Df
z#aK^jVhQ-IUZ=hDNtQy;{d%%?wiflLC<`i~aCnx+qXz6;*kIyR4ePg?Ruf2RA?#I&
ze`y5DAxuKS>OjTEl8zArs{R<zOB>!<UN)Ij7SM=h2^C(jB2uT5P*1?U#3;xxZlU^1
zc#}J-v&N=vg1f@p=BL+1g37o6L#d%-rY|&dGp>la7q<-!VWDT8--Nx&sc43#J+mDL
zLY0lN4`tc>0A<eL)iJz<%{I*ea&kjyWrE@wUo+%U`v@DK_Wfq0H3AqBQ@wbk$J&Lr
zYNM|@nj9svTlHgC5Fx;*0G%-vqtz{>FCYoQ-pE-+^?EptMp<515lLK;Se1p2+3Af?
z<1!T*DA3x}Rs<7k+Y6Vz!!FJpF%B+E)UQ?9oK!oB-oLQBh8}=+X@FVP<j5E4dfn;5
z6tsbXbFk^4Ud$E7G!;vz?-zN=1+C>MML@Ww@fd&9%LJC|*UjQZUzTWiv_bYB0fCOK
zl80$OV7KHSd*u9EX*Q$7Dve3us7GBF)Ly+)%U-wUU{8z;2hY^|W(3hkyu+f=&{rYO
zL4h4>RRt%-gET`!N<^P}how;1(H=N1UhhHJfr}v!Ip+jbP*h)(XslqTUaYjhBc2H)
zV=`7-#chBgP#$eXDa<aV%X1#qa=Hvbq9CO8a&Ndy%3-mccq+B}U5G22P2$OQqh?hl
zZYfK+CBczvF%lMbVH19b<~VCA7n?{5Z=`6&;QVG_?cwau2t*5}Esi{LWsLc(wrU#{
zCBzL<U54h0DvHr~Ohch<L#Q_k7-5UNzd~SuKk?}gc{>k-p{en4mG$ZLQ!8D^>J8aO
z%_K7xUebyI5Zjvl3wZ1(ia3QtUA>Wr@jX&IWNnz6beI4RvZz**uWfy|^Ri|MrBGU_
zx2uALdX~@LTT;?RwVj$nVgo(mIXl5&DO#srG^&PR%8AFb24%~;uS!F$m-<5X?8~SI
zO3IodBsE2i%ybl}54)(j9QLuQqwLeuASKJ*?(yF5IstDTShcP`guUgX<$<OcFZEXq
zS{#amH8f-%mLXAwrEjREm(atAx;aycw7t{Rc`DN}9k7Am=ZZy#l&Pa(AFaGgXPHLk
zfncj8Pd)JPTJ6YmIATKv+-)Jpp%c2dX2XrIx@q!8Uxf<Wj=MUp9nc4XfHoj0nnN+0
z4s6|UOK}myFLYrUVNX3@SrK&Ol*WkN!=R@Z=rY)hOfbFS%Z9c10T$kRUE;)4>BeTH
z`Lwh*>5^7BWK|pV5prc>Kq!y94Xe8Cnp6poF7xHAnGN$UHbLE7t9YChhc3hWdK%$o
z1pg{X>h<O*$N19TpJ9B=<>O@=W;Zevvkp|!1|D{zxZ0~EYGLHGP~JM4d9x3h`%#ob
zQ^q-6OiNwxenHeuwPo=_ZKdV5EbZX23WbS2>+a~14dyy+XWF#Ww&Sj2uqQ>OOo~*L
z2;9p%LEhZX-Yzo7{pAhk_dv}VIy;Zm39cyI>9xGQlRZ0)nn<X=0N^?_>H6ANEWr8)
zWXN~eYe7lU>@)!?kIB)G1DwiTb7}Tyx#6(StW&VuiMiAqcH{BTdN3ElN*KOqD_h!x
zLV(18%8yJiWz5&kWEksFwKD(X^7)S7XGFH!LS>@Fv$C)^o7-~(I?5RV$0lbbM{V9|
zDrE4)l2ZT?EhUl^M@Pmcy!0Afl!Ot0AcqwPmX=PFLJvsL{ed~81ko=!T5;FL%c^wP
zLX(4;thz*V(zN}!^-dpDo?l;_W+Qbbb*_@$6c-)h%3)kt#JFSv#on!hEegEH+HykR
ztH!NcsHs)oq~C;F40C&oi{`l3xJC8WA-?Ch2XY~5I>&{L^xN=iL$GmGS^d$q>+oIG
zQjeAVc@bZs^a%AEUc80zB*7}$2%Tl|vG#Jo=Ad)g2*(~hKH1)}_Q#CeP!@70#gq6V
zU%{WlysLz3@RPn1eY1T8f!w~@K30DkI7zQ@zrov8Z5(tuyVQy>E2GbxZrK7;PYrrC
z&NDnB<D=*nv)tI0vn0R<hRUpqHbk_1D2hSyWE-okmpW|zQRn2vkrVWmb)e3=!>wy(
z@J4~`X;(g{#iv+&s=!JMg7EPH;gpQ(PSk5Rb%RVXYv_kgY6YhDPF9QV$@boU`6<oE
zea10nEwf;t#93w=7J%?6`%Q}j)OC!~$EOUk9S<P!d7MHd{!|!Yl<dlJ7~7MxXBZyb
z+Z810L%=YIp@^}GpMmc90=A_CH~U0S83P$_@H8hpxpF{tDE49_{QPLc+3^tHE?n^I
z4F{-u$6wbcz<8lOJ$|<&<#hyE%)SV3M2Baoj9Vh{Cs!mkQPi~pb|4;(`PKrdl)dfQ
z<Zn<!n=WP(wI|0}J|r6&&YUV2wg3i$B4_lYSE@;70I;CDOZ5fO7>o}wm6O^`#`;s8
z_R*^}nHH0Hv@E-5P=ibfm|(*0vbuD<s#4g8w3?;}Kdg-4>@Xe{QGgyB`<h%^(N^Sa
zIxFVIkx7!V?Yua(S2a2^HUFfssz$$1XZ<s7^td5jYFvu7l*b4xf_0A@o>T+T%_WzA
z8j0*3Lm}4m?28@u1&&MZH5|lgGqO?A$BoAP8a=GB6RJ_oz(YXts_|br<Ak$Yj>v>0
z|GL2=I+a^#!QS)A?(;?aKXRoXG!;$=<9jQumD5e}Qm_<QMllum*JCSW73despiWx$
zBwbH2BB9zwaioLJ(G{2@YPrbYm&gx2sAF%_DNUojEl-}lJ{bAX;N&xeR((Dwobg*R
zZl*x@*095ne}21+?kEI6`$(%aP2pV59Ir>4Hbt-EWhtxKhED?fh=@pUrCnMEZX38V
zlxu7{uxdV{w_>@6zk|F(Vie^pOd>7i;r8z1!^3@vj=a;f&p<S9kPwc{P5e9y`?*t0
zRs5ra=P@8C1V&Y>3xCwFQyDMGgFg8A*nsiq^b8B2(DBvj^1@?L(0uXyo9+D#@A<KQ
zUIL8X@P<WPte2<zhmV8Z@QYGEASSXQ=pE?q^>?Q)7b9=j?*5ZflZMo<v^)}n5&5_9
zg#hznUHQqRB%E|!?HI1Eq21z5rgI_X3$M}1lf$F^!^7txBz?4HT)IprSqhsHg0LbJ
zQcN;?z1MJZExAx>ujujSV~n|{j&=^_Dr;$gJpzEWOH?5q43vl)0f&hZl;cxyHGxfn
zH#3V)TF<%s`1w)CJTA@QzF1lCsLB+BG|8rC=YouIQ%+{?nMa7$qfIfP4eWW4nkhkg
z4q$o{Px|<b)5{{=dPR)T@|Pjt-NqbgN1dle#C4CREoP%60Z_$O6iqORY(e33Bf?`P
zlYqqHQKM6>^YIT-3+q!SF_}GRdRn^#?2i%@)?EK0+efdI2&B|o-4pe|>?qi&(OLCq
z;MK$Kt%kNgVDlVYW>QNCeIsOM0Z{Th8b+scV020>$V|}BA%&ixIiuZZB|7zB!`XHs
zN*%ONk30K^$1jdL{^n8#Ml<@s=V&GWI2L`Y(#$H272&7j#;*$-0t;4hawwhrK+a%4
zz^+oI)i*1c(8mZLEm!&w42J6IhnEhIrDcm2^Bwvq1)jk^eRlXwCy1~mN<g*`V2ZBJ
zyf0lQlD0k$USzRePEd`PEOVlUah^>3*{YD;7C&T2MN~dws&q+v$MmJ4XqLmjM)NgR
z5_PpLl?KUai6$&U2X4MSjP9hA1Js&%>eUCT@De5dUraHp2zKZE06OeEP=f)5ZS?lt
zbgAeE>8Y!FA(f14&ZM;u1foKwN7G2gd6X(lnqHF?uWsJS_XW!Xs+1nAdF1eCz@D*k
zrPp}r#;waqd0r|6F!#+(YhTtXhjxaR9`mh?`2wf+dYt8RGjx|tlFd|wT_0V11Z{|o
z{T7fb--68QBr1)0J>3XBx?5@KHEx=@LGXgH^l#(wyM|o>n<?_9;d-hUi!{)n?LfN}
zPOh;CUK}Lm;y}2ZYuz^<y=LppRH24s1Mj>z^R*Jh(T%dxcobn?1>e(6TrfG9dFBWX
z8n_N#o=MuS0Y!b)sz@e~c7M=89hH9R>xsx`54Z^u-%d$<i<iqxz!!=;5x8uvvw2JC
zd*o9cf64?Dz}dn%ctf!e!vOo!d+jN-*mL!|ydE0LuQl4f4geU#t5(AIX+Q>rK}<tn
z)G@9q2cnkQ+;V)Wt)Ilh@1`%|?j0$RKThpEwy3!I6M*UhY^=+$THqMN>uG&+JIxa%
z#%QEqyMStf`>uW+2#XS715_3kw`j>MjG>7mRos*D>mW-;c|h37KoxKy@I5_%M%NX(
ztDn>Kb(*~~3hbegOZ=+j4H6*W%mDa=`=y?ZL)&!H=WVi!3cb_Pmc6qJmSW-8nR$7y
z3pyjB&iO}b<?^$ShJyv#ePsLKcrSVrUjscNiTBNU0$$CK%nV}}OvE(;<Sf(4Tg6q<
zFb7T)P5DFka`FusUS@<XWEL^DcM8##vFF^3fX7E<$rKAb)@EF=1aukMa4yK)Fg7|j
z$Wx3KkItQ8%Mddn7p1l0FkrK)O+Vx-HfcM--Y8~UfiZ_N!W)O(0vCIT3!y<(M?30f
zl&O>Q%WCGuMFy^84Ei%`&kq4D*{rC#H9ZReCydBMf_U1UOj8r$vKAL$Y>gS_KF#6(
z+FM<HsmJgD$z&topba(?&@>?`+RZJwQMhOJWgEvx&s5)CTXN72t}dfi%Y18FE>AEE
zV~AmaBH$PUo61{wuNc1;7zKld9%?*}RQ*>g4H8psFMxsLR_O_knSTRt^pdHDzUdYj
z2Ooi|ci?ryShygF$8DIHc8|l@EjlZ^B9(6@nGQS=m={EuR%O9gEW#<M(@1S{3O4;#
z3M$#8pG@9sg3eZIRqZ9U2&K(bv@1)uEy*rg-?d)?Xo|M_vH+?>Uhf#9fV{~J7D6cJ
zqIClt){T71xm`b{7Sw<3Mwwzs1KqgapJ&T<k)Ksr-}lVHTM}o~s>4|c2b?wIGI6=A
z5%Ejbh4uRiZAQsP*l{p2`S`4$BaAUOHHfSQGj!9`jF{*6V$9J?*38^UAn?bh{S5*u
zH4L3MBLL0jlAl}sDY^Kom%*q)kYQl;kt%{ldeZjI#`Z`f!g92El+1*ICD9t)3S8~b
zeLj(Sq}u#a$Z)qE>p1<s0fXM{f-3usjv&xEI#U0)w#n8DLffcG&j%}N#FMir=GM?|
zTIH%xr5TyQapv~?++&zZ)^8CFQ-`%OjkRsuIkY?(7S`4<II*J_2PM*}ch;<pFt{k1
z(c0P?t>b0f#Y<T=W2BYpH~8Zhb$HN>RAI7@rwzuTJqWcf1#V%ZP=(08Y9&eg*oHj@
zG&*V9@4vL?{a?ptUi^m-kpOy5{^$1kgH}2JSL^5a4<F-Gj{k6u@gMF}^oR8a_u3CJ
z|MP>5)_OVm!}j!QI2y*2YvIC<iV`m@1el*qM+-)WFo~flyu-O4@8NuDDHuh;8XuDP
zKPbw^jazlh0k4j}CRjm1IH3BN%?=w#d7X5@cpwhYUa?-U4;t2)1+3GY2VfZmk=;ZC
zB`@+@b#~3x4(Gmybz^BMkR$O1a?m{Wsrzw-CYDG;{ojmN54UjxR{CbMDD$O(RGT;A
zbl(Mv72Ut%c^Gb@f(Z&vcg77wb@{M??dH#EHviZ7%sBtE4-)+8lezJq9(>mN+&}--
z&!5l#kMVKN|BQn_-TxJw{-520|KsU@|FezOgYxNrjG9AGPk>Y#5di^LtZV>s>&;_9
zCB+XH<9AH_ncX}N)VqdwI`bb~Bz`ca8$^K`$CEsn{G_3wrfGi)fDOcp5)b|`%s7J7
z`@1o9;M`iBBt0e1O78G|eV3NVs1+~><VG;J2dx;|SW#f-oK)O^itO%}o++&2>?Nhg
zcgK_Da+r}TA-eXdr>dn0jms{xQCti$<c4uMqzL7BuH#_~dihNu2k(NXGQL+x5DJl_
z-qC$Ou}|5kUugZczL4c2j(Y|R-p@ME>^+w1iS9^AH$Y9HkbDg8+9Kqqss@#hg=vR(
zALVwV{{JrB)Ce#`U-wd5u-oI`9-M4{yHR?6^y0u7j@5_g!IV@fGyomq7$RPg$}56m
z=58-=DaS2sanq&rKe*7WD(a%Hs7oPJD$-=If*RtKQDLxPL-jvhy-;Wt>$|oZb-q10
z+U}zFnu&_RDlaI}rRYMy(LLM#7A~ufO|UFfeZ7fubR<%HZ!pT<d@1#R!*rS_GPV$^
zAj{!}SS5+26$GL${0`a5K6<67OSW9@j1@-;zN1mr+u38~k!Zqd{XEFdh%ZH(kbp}g
zmrkvlOD4*fR<82(6s^URZf}(3`bGwCUs&k{k8SMnF)+W1uJp*aI5%o{XLCa{G#=3$
zjUe5j`%-puQBMF0Z#W<s-++}c$c7!WI>~kWB%A!*#n@bFy>(~~>gQ%q8((jVZE5-<
z9w8!<3oq9sWWbd>`ReHKH&!u9ZEP-;B1i0tR&3NXJravuPt}B1AC2R5*t1qAcKx9z
zw^G0f7e1mL^OR^ya;2c!`F8K5`(%4>|HV;9ARP-ryO8NYiE5zP#?+ra6rbZt44Q<V
zcc=YE)nPJ1+sV-nYr<Wg9_Uksuu{X$IB6()2?;?2%}geQbMDIDp&n>4j(&?V??*q7
z^jg0=XkgL^ilN*n<Bb@HPBMTf2!t-ww@##|=Yu%+z6Nt{WD`Y^d*RJ)G#sNozAs;&
zzyzP}93rQsmSwytX?NY62eyF~LubtuHkz=iryvHS3CU)p9&t!6{Jy3BS$%ZYJ6}ta
ztAZ}0&U#sUdZ{Wath<EH+y`^|^l27&=6_)V-Svjn^p&sEDJ;dj`9wCh5|_vC^C~cz
zF|PbGD!g^5YkhxC4=#b?bD)y2EBr^FPI-lD7C+i@212fx@d%I0EnO9lsTFy6dRN5n
zc>=4Jp6O{^DxBl|>0GhtG|@EU)0nLHqwQtOl##ExY~Zecukh^XD%I{6=6wk66~Nxv
zn+s{Xp;Tjm)3kEZT!yAiOi5EWZLN>YteI^wi?u1vZ^MG%5EzNv6J4Fh-Esg6(eSEf
z(ku|p)QMP)ZuUS-dG}erVz%I(Li{6Ks$m`_Dfp<!WJE4bV=BG7PBZ@9bGd?p4=Wf>
zO|V0DZD1<?Vmc>!C0mH$W|=kP{1WCqw8XN_yux%7$a;(&&71}y4)_@(v*)>YB~MGH
z$5u1^1)oMMD|~0}E;g`Rp-{BQ0s&jsG`HWDGnd(_OcYj;rRvTdhjY_pd0b5T!@;0S
zqQq7NA%^9W+VCW{WN+9F7iPk4Z)csvHJB^`#}5n{{54PA7)$WS!kuf7nLcE=1FJSL
z)n}-y>L$)7$qhPO%qG~NQJ{QjKoFlozTBa?k`@shZCmq23R)^k7N<b~js$xL9IAsP
zw-f{VTny9U#q@%+4&fHz-YwW{e4Z7jB@0bU`*jtu+mYDXusf1RcT?Enr8p(V<CvFm
zDG!*(me%hg&Tw8LvA#|zX~E>+T5wRU&GP(xqXoh=Czep4l#Tf&2o5PE;{Fd)wUFc+
zQVKTb`W?hQke5W-OMN`2gW(lcN3&iNZv|d+T)FciJ{9(P)Hk3@Gg5Ua3?T<Kqh6E<
zs$1PuWPrO~VvT?oA4oA#n{bmDaZJBD=>(rW-#%eSng;Lm@toK#KO!1{aZs^FmO<*6
zTFr}VH3_Qa$k(ZQ2Jw$*$g5(=XyAz!V4$~B%;Y3CrXIOOByFreD?*IHo*mjxPj?JT
zF<@oPJ{Xj+@W7Or(JR&NvYVYw#^-}N6pxRsON!E%)qJy1Gg?K{PT6EbM(=~+Ddbsk
zB7Y*(Rw7L&bYu<k)=yBOgqG;ht8`hI#iVY0KrmA>J%qGVX|2&<D@+&-^xEKU!1rCk
z;2)4MLbOfLtI$N_Fws76AXHAo38ST#R(w>%HS4iD3N)DIY)-Oug(Otnt>~<gK`tRR
z1k8mX#}*D^MMGHb82RSyk})Ntg*5=M0r>&GqBB3_B6NmDN)&FGD-NVc>VO(bWTJ)|
z{s~X|ni5$mCf6XJoIDHPN24K>Fi+GXL~)@_4k07Z#pyLGZYVVU$ul$tZ&(V1Vx&E{
zq1ePfwv9zt*&eL8Xb6Kv$3~NSq^#IjTfzAdV*S8Tf;whASZt!bxQJdsrDd`3V}Ubc
z#Z+PFW<_FG8}7P;qY(S~cqU*Kwr)64ZAqrJ6?p7Ht~w4Rk?RD2W{2l?W@_r1nK+Bc
z8G^0xP`P0&)6_n)i3g;jfx=K@{&IbjqsFed2gu^|y((8{&VuAMk_j+cBeKU(Y6HvR
z1$h5Fo{)G10WL6Aqpyv$EUTgl%vd%WQZ)p@bW8x+5X!MM!A|(BmlV;31K1Qs9JV4<
z;NvwnX)#J>i@btnLs*m)F)sk@uXNRAxh8~6Gx53yDGcv8u?bfnjf~7zoqhx71%ZVr
z+H4@)zJe&4*+RGhnQ6?|?CAZNL(m=8;JTiCs+VykTR9Gfikgl4hJC&*k6sZ}ky#?4
z;$|w2?XE;7mMP0Va2`C0INY^lgRG;NVbB7l97QHdUpNrv2z*OVW<QwelDs$_OGF@7
z?I3yVF1yFH1Di4W)%PJ8PTo*E9~2nO?$+KfZ=zQTocGHv#V`>pjk?N4thWj&q5iT6
z<H!jX#u7J5$JBg5!J<F=AL(dd@uUFB8Xa%su&oD`4Sb~@Yq|k?5&pVq88NK~LSm26
zkc@v#UN~`*%~37~Nz>L<q)cuyiugI{wGQ4+QO7SO*+&6LaU#+3nCMeHg3PPec)}#W
zp(K6p_D755TG9hq6uN3g!vEX$X57C>(M26Oc*94<^PMBroO|^^=HCPIthIR!o32H3
zh|=K3`JfW&d!qL&0u@AfQ`Zoon+nKtkbWk%&OxgiB1AxzPC-j}7c?H^{0G-Py*0S+
zXgIM}Sn87JN=f2om7mUJaSdXH8_vPv*l+hb`@5Th0L!T;M!jT5pBkjLjqF%D9+0-7
zi3u5vmSk;aGe8J9LU_{-75qf`2p5GJ?Ud9ui;=5bmZQ#zSrwT_huNgy>CQ0ZM7CN_
zp@|=Gsm8?sRT@C&%&n`RT4yHGutv*_PzVsE-7|50pv=-O2yc2kq446+#+w*OU6ZsO
zJ~^r03`PMbdcdRFVnAsLmu%o>^p3?@=3>X2n>^r(%MxTOFLb0SgeeW3>&sodFYk`<
z&O<wP%9}zPQ^z?4Z57Q6I<<5`tf=K{O-#`Bipc$V1h(Qr%2iF%fR%uYUOpxhG(+zT
zb3Q@_sIvI0Iw9HDR6)g%!BADpW*L?TDOS|C7e<A)X_2hXkX&^_q0qe76%q^#sGVRb
z){PfTq0nwl<ngKRKo(xLr5bC|2_$e2%1m&;spUk=G-w4%TBQsy*BEt_cew%r8sAZT
z*+R66m49=dq&l)u6XPgB5xqF&#te_6h5(N<)jD7uv}J~?F;MkzFY>hXb7iR`DNDg_
zLdi^9R6N?U7YW+*MIJ)N@}gAEQWWpTVJ8aRIf#H&ZufP!UC3nPK6&)$exu=>dcivt
zVWng*W&pA@8hYdA7!x9?mAfs#)SQVi5+O!{^cnq8IW!R`vM>97*;y0aDJdHRmOImO
zAOhEFLXg<)$r%eOb$n_}7iRfL3eytd^oK|ZWF(s^+)U&=Eq}vm1ATp{DG3b2<Z2T<
zLJ8QqFuLA3@sDmBxI2e`fIUSJp)VqM$rzytnUKJso!LT{$dCv*#IZAB;nm4^N8P^a
zWfvEq2EdL4t3z7HVSXNA#DK|k3?$2jkWnYdD-M{j>>SE^gd#Y?-8wLl;t-(N5N^x`
zBlw!n!Y$~?42H$Bt7JJby-J+w5A^n<qyTlp+S-~7>9H@^V<T3f>N7QlDR{r9dI3Gm
zh1z06)s`P`QHbY;olN@fEzw2<A~q-{6?RTZ_fZPdGsAL?y)d0EJL|HoQOa&ZTeCaY
z9mV)5`{2<-@k~MY*^yN%+u<3s5mG#s_<Egm(wKOLQ-y@dicxlia)NkFze_l7%dO-d
z9=61~yOkXP;-SG8gFLvtl7lV%2^}DmqC+gwjoMGMbTyymV3(MbI%4z~cBg7fqUAW%
z!kZtX$Z^SvF)(DN$~`$LsJ)>sAuBoNuBH$w!iqnpH%hT#p~-{@=V$0o*iMj5JlP>S
zo`5bB^bAp)N3Q_T%YstQGRSnUL4A2x5@+K6^hnI8W+APxh$|s1QS%VKI%;Bf$*>Zx
zm@ZU}$c7owXj<lJL|_9NPTZShc@8?@nDoH+c2@DYKZWQr@#MOuxn1XG3KmsM39RTt
z1kgH<Q3hdS6R<8ZVu1mq-et1@x!Uq&vk;TWHkiooFhf!H*|TzSHtKhgF4;%PAVesp
zDP%WRTM84kK|O1^YXR*l@u6{KOyH0L{SMo4@PZ){V<B^M&#jr?<@T(-uicxx9QIW*
zSZG%gl%}(`p^1%<_0Wu@?}bEQ%lEP(iUDgiHNv8r9T{$5P(6DG>-O{xwku<oNo;RB
zT3QoYrjpXkJI_2p*1g^^1*8pzyRuZI+LrsRzldVBE654UhLivZSO{yG%)UZP*2U%c
zIX>cb?Z-uo0qO=_D$1ntcYBA?-9JEo&&W##on<(@Ej=I!Q;{P~4u%3B96|ctx11Ii
zoL(gNue+Sh{~IF_zR4*Nr@ad^Z*Fwm19F1@!iWqysf6nKcZy(Uuj6xdP=E==A2c2H
z4J8UlWL38jj*s`A9&DeyIO=@2{t_+~Rh1WA@|=n`;MZ??f(^c3`om4Vmc0*zHKaf&
zV@@n*uHJBCDRyd~_X}F=3@F5IGvW*PGr%!U6*QuB$XgM?(`Zk?N+9~e)D`v|it8_i
z@d$L*W|x}ids-un&EnJiyWvYQFnq><45#1fjmkWrOXoFKhtY;mwpl_v$M{|&!dT;g
zrR?LiKdABkVN-qKNMJgfGvWwLpD-T{w8m@jBf#~HjbOp64~3gSlfP2D80=^;Ns@3!
zfvx}1{Xb{=|9*(zAD_&P|8f7}gNJ4R-_L*c|NR&r&;OT#e|*ltKYn$u{UB<6w$XaH
z@!;1#k^8R=_K`V}J~BVdN6@1-54g!1H&)YF=}Iqc-1?rGqdHNRhHHMm8j0t8D^^b%
zcOi^O1Mc~<L7mO|$ucGKOwN&!SFF(YTKzM}ASG-OUiL$P$PCgrM$^{l$MP&esi!Tn
zHs9K6l6H+7w{962)W;2X=Hy%;qnk)(Foh5)+RUm^f+S}620f_LG4f`!do=>G*DqF0
zv8vS&I{jMD0PcB-Rc@fKL5-VZ)T8iEcR}jATesG4nWGW-t(Y{Tm_SG>QoX7>w{Eqd
zVt?pX*{Q04Qqiq8)WI@XM5~UppEDSb!CtcLpK+sZGP^c`0HN2>D=7jX%LjE~TOspR
zzx$kwKdLyh&82dDkas_zLy=5wW}qJkS8{Vxtm<Jbd;<|4$2-fXRUbzbEQ_t-Q7n3c
z83w~b4ni}lR(saWtUbpmXEPKHX#wxnAdGJ8*ICi~JNfh55ITR&F?6c=KfGQ1AQ50@
z^M9?@`g$q;%Y*j)pZUL!@sa!=tvGUkt#(X2V5@zv-9{ep*BcK%TPy&adVdk8!|`+k
zy95J<!f}+-%?c}kZXO(_=&J+G4f+Co-aPEf2aM=q_)qmQIt(o%@9<p1L~@i|sAHUc
zVYD-*QG;lOhk4Q@Ps|IXy{IKqG*<Uer{)?BtLsqbC@JjN)V{}YT2Fwso$MV_?%p1l
zQ4RAQ?OKGtlN5ZK6Z1PYY5}RG=PrdH%eLDkIPCxAaM=F<a2PQh*3EAh4x{;SV4D(p
z0=7;)p+2FfFNMdG3$_<y#YtPBVXctECzqREl7`}$zIDUr)$^WS>WO2*1}r$eB=_|@
z@MXG&lVgRBv4g=fa+Rl-<?*WB*AEO>pNJ#H-?5Jv<?GNTFn<VZk*p{G-7$tb*q2`U
zcH-kr2?POlsK$=_aG`~s5~-Sckxeh*WdnWlA8pCu`2JRx&;sb?7#hMH0N-xe+H`l0
zk@;h~FV4pqDY+R>#5FrbcZR#G`k7r5NCvA7HHHP=Av#H=$X3sFnSl_u+L8cJz9+ph
zZC)g6a;Vr#1SjYildD4Oq^t19rqY9{ZD?Py7%f&IZ6S6ASWy&w#X}gS5ehEs(7+7Q
zkOqI|pc_JvZwWXg4<!Z}4V7RD2Y_cY4i(XgaZ4?~6EtI3=;G>_8Dqu+>6%5DB({Ja
z#&m6jp)de2XX@uAXp6NaDY|{b{^90d(d%UjIb}u!ZSbf}6Kne6rdP=6lF+tX$-ELs
zS=9&>1vHnlkz<1Qp=~QQ_R|z*$s5;fsZ!vg_a4FwK-ixet3|S%YPkDdIbFD};ZINl
z8>CL&lwp$+j^1`@qTHlFlFTL*07UF6O#xH6+u`GWgW+JD7F_`znB+KY9%x5T7ish8
zszVT~iLABDHKf&{nMf53(Uir))YB5}th~`&=jLI4Is&~>*3dXphO@bEv!mNGyFY*+
zP)wpniO@<bJb?%^!4Jh9V{d<z`7zm<qEcVXp&8i|6Dx<#SmO>5qJJ2{OPX5IVO}0M
zk|>*039kLldXp?GT##71bG~xZECzDsAr^zn4ZITqA6Ii21I=JOKRP@)Bv-@LN3R9L
zGvFNLn#)qZ$K}^!@fri{l}hl_b@52YWcD5lj!i#?YcTOsln}ib7c5cI`eNH>(v3(w
z7NhZo4pCI%iEP$B5k;W^c3hW571J4hL#Y_byyYN73j^zJ-1-NG`V*nTq(ON7MT^mt
zYtWSWqcmca>y1sNvFWF}^lMZ4wG%ogSXcwP>Ei)P7c=S+(3{?}H1)mWe%AYjV>Sfq
zYpiMdh^B^ojA1(cDPqM&XgMmRBP#<5yA?vSx)$5un%a>AU3qP0Mj=;las?cB=t>qw
zgF}+Fcn+jE*w;QB>1uIK*$hn{Ys_{HV)-lhcNtyywKkkwT+#mgh?DB#8N{}h$a|ud
zgH$e${8Woxoa+H=kl}Tg0xdK-v!iEw;9QS?;cZQ@3pN<?-SFia8W%$XXv#V)Jnc~~
zfXvWtg(U4`mzr&`5K*(glyZR_t4*_tcCF$KS>&0ewAscW-htb-`fDr+W~P}doUCGh
zX*JZ(pTE#&j{f(9SOCn+|IsSv|9H^;`TqZ-d`kLXvH*DS?&&{1p!V0;2B4nz+|&D3
z+6RaWXGcfsqyphf{2e}K8xVEw`|8uORFOH8yLHv>YRkRmb~KWqUiaUxSH)Y%e#M>D
z0vx`)DSJPa^~{!Tr1X_7EuaUjD!z~!GITAufRr7sHlLlYt~a0WtFAjoogpjUh=Vd$
z;0_bDxS1n!TWF;6bN-Nj1E1>i|Lg<Z{?0r9AAH{WJdppR{qy<%F+TGAKhw9rCjZAn
zGyr_CasR=_df@W+X*@ZF*!nx!XoR6*7d_TzCGt3Xha26Goya3(c6h_=9CpS}caBdw
z&mnu}Ers?Ert-yaI-Tdww!gjgVBLSZb9j8B%8SQO_71l9RV(~vU339)2;g2Ozh&<&
z|Dk?5EZ{}`@&5MC*N^v38h`xFS9>QN_3c=)GZ*n|zJoezUXkHsRIgt(C@8kM?y)VG
zUf!_-XheT>FNS1K_^f>fY8KTI#({6ELFRsg%?Jm&u13mVTQGdn4l0`6c2qOvR?Nf&
z?}n=g1?sswgj`iF^2<3x5XPA~24hfsTfaVS+`0uepE!zXLtm0LBfVz3&iLW2Q+d?Y
zQ>d<Nd;Yrf+uwAyzcz=mUT1#pboI^l{)>(%t;?F{+_p0|c0XuBTJVUoj-~l9FOsx(
zUC-F;l~nOPq7ASQSoN=i0G{=zoeXY4(WvYi8mA4XS{Ls(qqpt|Od*KS!9BV6q(uWQ
zb8p=Wv>b^-*tA{#qyS&T{5%`=6>=&>KU;nDbjLgc<(qn<mU4KZNWeX{%^J~NxXL^0
zjpJ#aG)gY<a9xq4g_4o#2beA<EnTod9Jq8is-J;|KV|EMGWgD3C)Z@xit0NxRLq>r
zk6HP?+u7b#3$4TAfZL>czp3v{=&rczxbMP9P13zWYRa3Q()bPRaeZ$)_b+_wr1v%5
zALukU8STfSC?&c%IX*esJ9uhyzF3d?Qrei47ss8W-R+ZYTbd<{3%s0#*!-$vwQ&+P
z9eAS^Z7`&^zLp}0P0@u4!d|3`@1I~1_a6U3jn+k{i^5#@xG!wiNouczW=;jJ((OE?
zu?OcE$eh0PR`hP2>{aGg=qeMX9oN<%01CXkH1{JGBv{HfIS5Zj8`;<y!7O?sgh_Ah
ztcMp>c!3TBFzZ4;;Yv|Is?Hj8a<ct+zvK3BjvaiU=D#{pd&+IU_>djoeVN<-_`RD~
z1TCJ9iVe9>*V!Y{-~NC|#l^I=>uFbt6dN=YRTMUfCQ?(qdHb2YGKG6vn>E8?tYsy@
zL6tqcufddEpK7YfQ8FmJ02xnrB*K*``c!MY^%eINE|=|K#msg5A$BFF4PTtcpqBs}
zdpdYy9d-wo;1xH6w)Ge@v>-MnhhUZpTGUEF*P(_w&+>`egW)LtQ{U=Idnh(jxrkMZ
z=n8Lbd2BJbOBQ$hb@+`IGYx&kFRv|b8>$WE6kGO38mjs$ITxZ}Sj60=<8a`SSYS4t
zNtcW0G=n5m6e(MMyKwH*F^-tx6brmk60HmBj8S=??qJvtIqb+|jO5tl0Lsf~P$x8W
zv1vr0mJ1BnLE&(6HBcvbDs3=Yu9YoZKtup{Nb?8HCCI-uFe-b^{|a6&>zGSP+Q-N&
z1}o)#KdrAteG5ivO_hXn78m2<+C2e84R193Kt>OT&_cc8q&FQY@!9R(F`kIZP1%mh
z^NoUUb^q04)vw-$?!9=aN<mSINvzH@#YiEyQ094bp!z^~`!|Z*D!xi@R{e-<F|-k>
z6NmbOQ)yuUZGr8yt6Xa4yoX8`WbtsuTgNMc8|K;JZpSc=SYGjBz*&+=gO3{GQj#*o
z#W-wi-v;k9a|3_t-ua|X5nrf@X0-fz*^-n^Q$^3cqS9rl5)4%LrO1wHLkyBgJ-!mS
zdTy)??`%c?pye7RSsJOu1R+Qic7psCs{BVsXw@V6;)_TKN>LzSk^I!{%vD84YBJmV
z+&#&m#-^n)5Y`Qb3EpNHq3!7oCWN*l<~qW_>YV2X#qtb8^RpRbJO)F^33#ssjDTF2
zEBp{J=e^R>D0Ew{2d$SH!8zTPqb&q4y$PhJ&j*Juy`ySi>F<UwO+W+;o}rpa6>h*}
zmYim|JC>FJXjHBli8LZsb`mmBL&x^fVi4d}P`aWymR=bS!$@uQ)HUlvx*5T%q4ksZ
zV}lx_H`9R@-6Vs4n-`+tLQIz}73IZn3-ic>_x+*GC9OBMF(&BbH8J<#p^CP%O5!+8
zdLYdz@}L+mV9?GLVkv2WR!JcmR5y2fuv3*p46$Sq4Dx{|M4zHmST<9WTfQ(Ukz3aU
z$&y=O8MKL0LuzR3Q)|?*B~3bBi+BeZNQiSmn1ypu6|9dmng&|aqL4NLvCV2DJh)QH
zr75B?6@rF&McpaL0(yf4dLNg&O_Lmhf&kq7ZpWfO_i)iKXY|DeCFLIRT4>eSvxMdw
zFh&VZyTWLNc=RCNm<zKK=7{higgowyA&dpOwV3mfo=}W>8ob6f7amkD^;X`10}d8H
zW`>Vc)C8B3a2G^F^e(6eMc)u!CtEts2U#)lrZ3M`m1u<LGJ2P}_>G%*AQj@IbwUSR
zst9U)5ntJT-orRpMvGjPLdwga^Qt#QtFoyMNsA_OrIu7rBG;b|R}b+bRU71G;54#8
zLbd7)YOD;=F{#1Ms>r6jbL-NO+io7*)f4|hrm|D#a{KP%?c=?j?#^BpE(V<UCgN9R
zHj8`hhK@&%M0t3|+3O5ju~2#pJ-8K$JD|s$%OM-%*E@F@W7>D?G<FPHfWu!AQ4AVh
z#qw-|p%C7CN~TpBz850Vp)>5BT%s}pjYl$=X{KHcF91M(C}{VnF6tw8OdDcO8WV=j
zW(6IUvVxAvSwSU<utD2LfuQYZNT@n9i31wkw@3<Lj({w(jci7ls>CCVGM#I{nNMcV
zNi4pFP_Tui7a5iH2t$2@fO8B=^%|h75h}Te`ZOchSFq)V7}E}QkdFQ6tKU!Kv=|oG
z%chb3nqWajU69s+JC4uP8Y0b`r|`;L-J7HGW_31B%vGK)Eu`S~w3b@dWJT|}(DPb#
zpOGXaZ|F#|C>pX?8Hu%uH}k}&NM4X>W$)`G83SxxeYXx##MVbBk1BfL+CW8j9kC!<
znJqGL<pWGgeb<)*7SSP#<DS8V8s##)=<Ibt=5Z5rta-Y5he7a7tVcJnvG$CtM`bJP
z`TAx-b_$IiMHoMd5`q-xWi_(G|6%G?#%GQ~*+CHxc0^1S<cf12a=f}`&_Q&8QQ4zo
z4!#JSF<E7G8+6_+q*fQ1gS3Xd48U;-eo|(E8ILO_OwKWOveGj`jdm<NR~FkJ+EKz*
z9xqta!g;J6ZdRg&YJ$&%t!BJf7VDOMCPaNUs9$i@#&5#5V0cxrz!eu8dO6lhJSnT!
z4dutEDM7-|C5;N6brOsoO7aF}uXBR1XDj!8Ay2XsOnY`!h#39}M6Y~vo}hj_hI?6v
z_D`Z?4<h+kRS?{MKr5`DBRi7lAWK)p0Cqr$zl|`Tjq+}ev=meytKy*wh4ZzDAPnJJ
z&lOf<I9-D8aud`@<yML;TZ0oG8X>Jd_qYKk4=d+*KyY`%F^lmm0oDH|vIh|27F4y+
z3MmMTI=pGi0u!zvk~gE%X@QKhdO*Vyr#MPVxrS2RRk4!Sk9v<vl^?Yt%Qr%3IJlzq
zK&&Q(*F-XexH^g7aMWwEMj%F%fC*5m03$A)BN%A(G`|DJ5IRUYj!MIh@77^5th#gT
zOROb@!%dO?(=3otTN&&i%<vU8SdEq9mKkE6mp6rR0WC2u`Y^?%2&xRF`i`w)&aGLC
zqeKlvj1N>13R|h&o71+vS1KzXab_B=;L=E_G3_-3+h`Cr))o4#GwVfr`i<IQ2KWvG
zR^pDOiqY{zl~)=;#c6o-GnA(y`JmK&0#1=@P`YZBoY&s4#dH-OwhO8Z2_)#|P`^CW
zFV-6k2~#<3qq{6m-iy^gOCO7-HHgq&3R(%bk<UDrwH9Dj9SHDLvU^#8wP()5wGh|$
zons;);=(?}>iSmVx;8SpRn^&er0nZ#Oh>9}vM@4&Ji6LjQHvp!bpm`U?`p%MqCOrl
z%X#t?^LN?XY=fApi4OKp&-EyZb1i7WXNDz(Z!|<5DN0=^t~*bxhn?@+n30DCp8?os
zj^uQKPRrIu6|KuF;+bvFv)!=fYHt*By@BMhfY%gQ5ufRw&1c)+cK2UA>pT;NX~MF=
z6s|`5yO`Ypg=b90?90gd_O;r+0S*GZf`x2YTf|7nxFFRA3xGM;DQ9UC_6zn_xiE?D
z86}AX<J3GGCP=#-qcRTj3D|7aJ{+SvjCX9CV8bBT<3$XCFBJdJ$QsZ_cg&n^0?|^8
z7dJqHHk&gR8TthCdji|fZ^`acm>CG$8f-zE*StovKYSO}(ODNW!d>@3n15H(h-3mA
zfXxy@^9fAHBEgn1G(9fQWQI9}UU_IivE>l#;H=jWSK6F08yt)vu7X-{cnGWN+d5F)
za!;K88WXlqW2PP-5vUtQ02}xSj&595ETZ1)xU37GXBcF1`J$MN+G-S$&g1;tYLU+b
zg#%3=_>8Fyt9IS}b~Dm%QHlDXVfD1~h1y)07xGA*1E8?I+cs+1V@SWEiXbhPZE1z9
z(K0Dv0rj#v$(uWLjxujXJ%ZTS@RDO=gMAZ5#wLwB<f(l8;>nZFks1r*oe5Nr{h0M+
zsg1)<MjQh^*z~=qZ8*^1@x(-I?lT>a-G;CXaSBg&{2b(q$F|C<>|bz(XG!59FwXG>
z8oJ!o_AW{q(T50XRlRiQj5*97Q6&nOB8}K+6*AsP+DeX0gkn1Y17*kJMn{=2xl<~P
zcKFHk(#Aw`o)9ofW^Fuv5|B{c`^pb%5~!xNR}LX05Md5@Yj$P_QL;HR65)k!G$#^!
z#31bW`8*<hN<#cknwT&grxIQ!iFGYWX5$E5SUAgWe~R1u=}swYcjPsz8fo7J;AcfV
zg5hzJmY5M$wVjO3b)HPwuEX?0(suoF>ILy%X)&y9U>-~)yCt>}Mbve2pthTwKPZ$s
zBR+RiL(+_^CI_%|%iFh{8P89qsQz;RhtjR~p4`FFR&8KrM2KtDTLK3LHB1Hr+Zcug
z@q_TrBL?QOSIw5=|IpdIW!Z=5kAVYHpXcfT#hjTaSmK0vvoah*+>ALZt!+bOvO`F^
zF0O?!FcL?02YiIqEG`8*!DiriqTAt+q47o8yC4{ygD$NPUOelbY(G7wVHw^FwtoSA
z_y+g-`KB@Tg?k>DJ0N)EDLUXKzPr%^T6M9egPsyyJZ8f!{iHlvR|wMl8g<TR>uF+d
zwA7CQYy+q#L*)54jc(J8(q-f%IaAA~#OZze@}gjd9Nk&a#|>t^b8J+ep_GqMlPm%%
z*3}73hHFdi4CR=45Kr#58<B4+!^A<Mz$NH=$EVYZ9J=kWLChLKi#F?NQDzO|BD+xE
zZ-h?FzfAkI{g9^ua&A~Btpntk??&xsI4xQP$mJC0WWOaPp87?6eX2Np^aUb>;9V>i
zkC*<Qyn<!zaxb2O#^dxldNTn!bsA45L(pKSm?~&lHp9GyRJPled7M_Gotwj)H<UJy
z3~nA*SaRLHJbZ7IH`~6UpFj|%DPAT^LC|giTkcc=6ivTl9&a7@cw>QC;*5wQlqcz2
z!&Oj^K<k7f(N@6s04VUfR!#GZIhez4AMT7_jlt=0atV0^Om&LANS(_o5FVMBHYO%8
z?`>;ol55<s+T}X0v8&Ou>S~REMqTY-4V+M;;n>8`qeE1~+B;dTp|7KU(BuwJGer+k
zAY7LZ@rgY@L*!9cRtUwfwSOQp`-VAF%#qyY%<AjHu45kAE99!t5t#XnZz?)MX%xX!
zGZ_;4P38_re`#moC@_KCgXyQ$X6Zw+zHe?mz<7!x!t!D{P8Ra2!%>&Xqr|q)=Q&=n
z83A1j(}Bx2PaBbD(FL4{ub_ctgEK<dC!%bI&-rc<+sEf7pLuBPt`b?#L9Dmb`Dy0g
zUv%BnJdVjh!<Chnj=J8((MMYj&(_fDrE{QZ2o1FhvAnPKC?hVXp;ojUf37mK=Rro$
zUYOz|Z;tXR-Qe>o^6v`ggWzCD3wQPqzTlW{0%d34N?oXU(-f}t4wUc8+D80a5V}^&
zQ@1IK%Rtve*n_(d@V6fc@CpQX=d6JqacRpMt%1GYF@lnQz(vj29(j=p?3ORh!7aGy
z@6qt<w+@A<Tm__Yb_qgcj4Sn%aS?4<iZGi-EN-1(rO2C8cRCx$l&@~%M>y{2(CWo>
zq!k)i*n|<}s^)fJwbi)S)}a9-%wK7_76QRa`7A4|IE)J@bg;T5j<34(`jM+)mqVk1
zxeqbUoY2}MRw{V)Z;SfkdccnR3lU(WVK<AbXK-h>BB~HjR$)T-9Jq#DKWwjvzNU?Z
zx^=b5qFs5h=8Thwf!;D!k0V1Egb;2p9gWUzD5ZE{|H2gvHRwrEqXccDY2;j@simu`
zsMD4pE?i-=DurBGLnwpFY}ri4O!QCIDm@*T#?@Vv1^7xPJS2zA<pAF<`HL37R=gE0
zy)gh~VS<^JIK4J0bW6vDFjI0G({wu^GM6@>m;v0>gx_ln^EdU|C6`N_F(zlD1{*5j
zuZz1Zd=6&Z)5{;1b4jVZv62zWwS;-;2el|Y$Qpi2l}iy`bcBi51o^eyAu9vx*M=AM
zMpXoNRAjiDqEC*|*N2I$L9Qh_#>#H=HikWETTQ#vED|N_XniqEjb7T<x?71d&RI0W
zD>cZAhpS0Dl$SI2<KCNvJ`JP_W0RxeX4ft@=*!G?|49}$U~r9kK2q=@F>*8u#SE+6
zvc;|oIP@2vwLA1pMllzFneVsl2*KtCH4|m4(|;I)88B2XLZe<JNyAN7n^k;OGpP!s
zPp`cjCwIb9XNZo~GuRvdoD9ZWp{OiYcZYEdw6e`j2*6J%9e^ABrF2~{&WjEHp}4!c
z@Tb5jyN7S^8m;;exzT12DGC14;qU&J|ICd4_;K<-f7WW>_v1gVf8P2z{^Q5^c<~=8
z`g7~yVhNz%IsPMubv|=~I-ku9=}ZHCp5^%vj!dL1xwh{K4CI~+n25CJmJ>tKkmOq}
z`B?D5x7wu_x9-bFn%v!bV8)kc7o>GpA{N}>MyjRW>s$^;ha=4ESIrB^pnTPUFc#Wu
z2TtZ@^bhq5xP1~~>AV_$RMPu}D8ZIuPNQxKeV=@)UbnvZLj85#wdrN6dD>P5OkuF=
zwN=}qj)_Tl)l^N|5sHo)rAbp^34&m8ZTE(y#ngg@O^8NSnuaf0ugj@LFad8+UR7sk
zvns==yt;Crp{h1(Mtq%33%m;j906ev(u@)7w5(*lWYph4Zwd8wJz8a@HoEeW6(2@j
zSa0Yut;#YjQ>N{dLC!<Jy02bIM~w}zFpEx;B(+yYep$MSp^_*cgYSke^q{Jc_UE8t
z51k<mhF9Ryp#;C_sE@{yr{Xfm%;PhsQZ1j3lSxfi&eG8}QUtso=i5NeB+3hC;&uvp
zU;=mwVxWVA3Nj!AZVFOhy${4g>1m({gl&S1Ic_~PkBouGt<T&6fg#8(gGck@jS{z}
zc0PVAg5EHCsuqW2LvzBX+NwI}s?GOxrKKu8JP~cxxr@71_pj}wJ+0`2#j{JGbC-Uk
zS*J<$TeM)Bka-oah+4XKyj!7;1;>6RL$WRqRaT+Bo&PN_tmjoQD(aOJ8P^e}Zn<ZL
zdg8&&oweHt-cmf>spG{4glS#WZ{G3tUyX!Izxo9M0!+|Xwx4qJl=Mt!KQTC~QGes*
z+*^OFR>~PSFLj_-0n1B<9E(v-R!!Zy))%QpYylHn_R@<jE33ezQE`KQi%`F(1id2A
zjjAUnm{H|$G~29EJyi&DJ7cP%iCJTy+0r1?roYiJaOTyswz&vy962$R0in`{FI+fm
zqZck4xQVG~G^9Zf7rlu(rn-e2Bz$-eUFpnbW@_So&iL?e^HVMV57S}sVKP9>k^fuw
zKQHHhy8qeF^8d&9Nco>uym=WZY~Tb?t@ge4uOlV?-*0cUT4fEuo~kmmaaNT$J{q1*
zVsbKuYd0nI_ZHI%*n<hi;pKqX-+MeK1;kX1;?&Eu5Kpi8p|PqWX9-n$zk8INMN}>S
z4$`uNX7<Ng4deWPzgHI`@w|oPH$UPK4!3vJFb=k#b!?HbqKWaDC<XU3ej#M@Y>~ag
zQi)+^UmqTqUT3*|eSC6MdQbWaTjtsJ$ycR97jbcJi|m$%i5>`40&Y5+c;ESU>Fp+E
zm{R4t+t2sRxv<}bS^&M!MY0FyyQ&=B2|xv72)qgCvib-jB;Z#!#?g41pZ9e11Yki;
z;l`#@h}|}I36TI1jo{cnp{3mte%3tO&kXvX!QS~02f%Flf4|lKyzSHfho3+Anf`x_
zk3;`y#Zd+P`F)cDXdSWvZL}V2v;rxB)UHqaN_vd;?j1&Tun5nu6&HQc;Dg|LQQ~iM
z0wt44nn6k+nI@<|EI&fh{%B4%A)M2V4-<QEgiaW7R_z^j_YR)Fka{Ea=<vk}JZt;M
z4kclu?*ojTNe54Dn2x7~I(cf@w196&b4A1xAaY7>o{ma>+UPXXblM*bM+uTZ<5iQu
zJu$+SFB)SAM5C5*e;P+X(;>nuDMg~<923@>2oxv=`c(Ne%SK6zG`Yo;R)!A_*e^jX
zh&Cauz|26!)gqJ|SbARjG~b9m%@t^LVNB7i=8{e7iHUn_{1B@esRgU)vI<7Y8QrEP
zsXL$hVLuNT4Yn2(TqkF<R^-OhgoQJf2>V^tJiSmAu`6h>$ZTt?Egc2MD66wEG_0V1
zt6qPyx8I5G-fduGs17m?1T9J;10}xNKG@ywG#V}<4zn(*l>;X}!sYI?Z^nsD$LY1j
zk}2B-sL`6ZHs&QfKT8T!extrg4dkfvbWbrnzui07?R;Aro4$mHW;tHKAO9HL=7x;Z
z26bUxP2xAn@23<OW3^4t3ZbcS*^hBigaHg%3R^f%`!-X7(+~$6#s%iPeQ2qM12-re
zDs79|Z6#2UdM>g78Aq0uf=4z0LkqL=8d~t!8|{AAAXF_b3W)v!)PVv(mqyM*y34uc
z`A*|E=ZeZ;;AaZ(q(+8OQXwUJJbDvf=OS^yD{6FEmZRuU=-dX3CEEo;%51e*Sa37S
zGt3V{q3egx5;-?SIR2&%OpUFo*RXn+O9UEpqd_u=(&Wt?AdUfwa?fB=Qh~i3zKlxH
zHl<27+qRe`42yNOqiYKXL@rzjA9DjZ4}-|PVykVrHsgU4QxizKi9!Z<F|lzGf|yX3
z!%3EcQDzgaj(X=2QH@-KvzMvy_KK*>SyF*@UmgQYX#q>|xw7s!kWbYGYZ*5oT*GT7
z5L6!~c6ZDm6$Y4kmgZE%AS<t%I=R5x644sG$9U>gxejqj(1QAX$D_E5P`+7vIsh3|
z%Ti4nR~4bI@p3quvQE_1k(z+O)x%(^90f;c=nnHVOPPXN;syZ-l47XQvvcsx-qGO!
z6KTW$kmr4-L28ZOFm|UpxuzK50JpKFusjh1ql%G-&6jC0Ve{Q}7Zc)xoTWfp1UaLW
z)Vbzh>5*Z21~Lc@{s1;KmA~K;SNv2&h+yOnUOEhvC!!DT8%>AC7d&(XQ$duCCfukv
zbq1yKpN<>Ahg6?FJaCMxQz`koj1TQ<W(jPMEfK$hDsY|?RxcE`s5+=?6Pkl0%uK%-
zEc9#uBdc3R3KNjXJ%Yuwch8sJwq3V8SR>j9PksDXJ9k`God3S$B|kg}ii`0g2WM!E
zT(y3q0nrP8Fw_;$q5v;M%sAu(Pp+K(q$%o5GRE~#RRtT+VF6tJb+t8PQ%c^-keW|(
z!=uplgdIl$A@vJasxKvg2Bk$f>&}>TvxHe99;PMi*#wzgr0&`Yv=W6K8AFSGjvQx<
zTdPq3K6AFIZdRfMKaQ;6#o~(TyKMZ*b-WXZq7q@cw_&jiXAfNL_8lJ0@p=SQG;vW{
zPCtx9c{LIluLc{?M!PEu8GAl5&ZWkvK?v<euB5RA+Sf`8O;!T59n}zvH%AA)YVS?B
zJut(8Xu_onQ!jdgIyXnid4{wc{VV#S*c;e0t}ty@NEI_Ilc%cC6@|6+JrEI?s|5sj
zb51r-!~9%($s0|yh{PzSq{wr5%7f4}Xu$7^js`Z4Dti`6R1U#q?pzw6T>v$EmKzsW
z_595c)8Qo;TL4mDXm`hm(2q+l!XhF9x~i6eo}bw?Vjti5WSvcf!X!wavX%5_4)t-?
zh<SF!xT#*N^kh~@`*G`?K9~Wav%L#{->ro$Qost_0o3ktniX#&@(F79-T@Wsn*%WK
z#p$3vpk+UJ@$7NusC&G#eb9{Vke;OFD-)?F09ii>BgO;6L^Cms)h3CDBjY(FCID7U
z-6Sj7JvgJsyffenk`%o<5!h*pKYE(r8r6(NF1i_WHebC5{D0^0Ntq5HB+G=a49ETM
zV+w9}YSd>Ci4JZ;F;Kv1!`_)~TK74!rXirw-WcmmF`gu29sllB9@c7#d3}uQqk6><
zd*GuAbM}4S6$sr}mHS=6m_f6ak~#tY#3JIv75qkt7DmaFS5QA45gpeQEU3xTUSzJL
z0KVMHSj=XG5;^Gh#@~%rTQ6ZHmcLJz8*<EXA7gH)0jpgpG{!Pst5*t5+MFyt`X1m_
zl8u(%7bq=(#4+foAmUz}x{VtrnG#09QkTw1MyaNWhv>w#2gp&U=h>U+0y7e2kqv&M
zD^2_)OVk%>;YQb@#==+&T}N9!zHy+V$+Z~=9)dVBiqSf};G@qtl`n|m*x@4p0C%10
zYY&W0kDXB%2X(+kasE0nUW_ROpdDcB;jvNeLAQ#6Lt~mU1aKzR@jz2>{?>q`bVV3$
zU(fSZy3A0e2zJ_67RI~|`h*n2n?iRwCwZz`(Mex19xmh!00L)MVlf=ln=&=~reb@R
zr41Z=70!{QHOUK0TT{hC<SaRua}f5GR<7mKUN6aW{S$o~DSY^3!UP#sliS(C@W0jU
z3AYB}F*VUe8Q3h!77cKvr9*6)%^3038V3|~oad4hwN(^pEg#1{Qh$O$A=M%!5<bIA
zL&d|nn_jXgY)Xq$THz?CXhN%a4+v{|0e;?QZkidfQ)|%!JO|8-HmSYURlpq$)F`#K
z6qe&dpJEt5!-PzxBiaek&c_O<KIuElyyBWn-;%k*V{!}vygq_y4V2(+2^T)Hl(;fv
zhh+K20TEP=L0^m^oZ;mdfHD4V{UwZO`R=kRu3!xA%)nh|V^EIP<RmyM()c?icZ)%A
z6qMz3c|#ILCnkOg`7B2>5M97Wg!-1PkGOSY6=t{XBlet@V{X|hSna2@B>zy?3%+in
z@~d4BVM2grcTXhY3Jp<hE{Hx#_dWWtSGqJ(9W%un9B$6iji+2jwGS@hLN4Q52c=}v
z+X1yOXlUp6fXaT|XzW>2!ZUC<R-j`|!yRzUG7On3$w>G*5q?MNfg*T$VNOyJJURu(
z8QjzrQuIuj+{Db+3Nb0|vkX#_R2Od5NUlMVw_3{gRoOE%Y4C*IpHU4~*NF$|xX`DC
zqiD0}4L1oR7{oPe)xLCSu+_tbOA{VZH{sn@jYnPwp22~=z=sy72RGreIB}F9Av3BH
zkc1Ya1fzDt2<~S|3c|TM9ykRr0>+CspYvgCqx1&UC{-%~ALn{QFdD<c<=IOyk5tLG
z?<S*0zKnX-rC5}+7!pM`Zo-bJMyBSFW%EQnSvR3Ad!YKqDRxwKpsGp3adW{ovKzp_
zjUbLI1kp&M<Vx|@im{H#U{+@pvZ)F5u=tCK-wvO_Sd}h(ar?=$6Kxb?Pa+s2@^+Pq
zQdgXG&)?k9wFr3_4N&gbv%EZ9wPkRr>bcKQkF?CGtNW4k9pX$4&bZ?ZAcRNBXdD3o
z$rqLt6!HcQ&!&+BwfB<Op_UvoF(?Y!a54@%?sUHH9(UA|;<ud_NBpgGu={q?uPaT=
zpbcqdrZzs<nDwR;_@l&$8r%5Vn<X+C@o&M$&gv8Mq%WqZHPaR8O)^N0I~YJ9CVQa;
zPodU*O?a@~0e}P$n95UA-(};MhF)glMUHIZ*3l%(TI#rpCc(cBAQu}D@hYX9w`#?u
zV(M?WaNWJbgU3&rk^1|D|L#A2a<e5%GgvC{HiEx!8hwB@BOR8vWNK!61fMAXgIF~I
zwEHEck?C%d;GQQq!D`w*U@g_|{exql;;i9>a$B!Ed)qhQ7y;{4y$9VE2UxsbvCSLh
z-kjxrr@qVzRJZQg#G`4d@H`-Ej;688AXEGrHcyZ7D?ipIqx$ZLAEWx29^+Sj42o`g
z3g7fYGB$168y|i#w#CPyJa9xcbNRs!`8JoH^AG(>9gqB6edC8nD(NYHt#CL9gKTgk
zhz%ToX~+y5!0?;~a!Npv@ELqD&k(iwF@E<ZG?4SDb-QOh8rfOTJkruD10|Dw8&wdX
z1Tx6Yfx%aW$<RJnrOmV(BR&n=vGJ^t<&d^|?v<C}23K2BfU(t0>0BBowb3{U*~Xf-
z`_Wa__=Q@-ax?o~3QJGqh9Ck<ZUXm?5}nk+)A|c2<wZYqE$(oJuRZ%*dwYG?-W0*%
zq|cz&GW}E#Jm$^J3*p!1ZYu<}0pBIPbv<ri#3SP=6tp`r_#rX}(OTCPi+G8Vr-Y$j
zRDUxp&MDADF7AWHRW4hXHS8Kwg9gFc(l~9Bj7M=V2~Ap$2W@89DWGD-J?|(akp6Vg
zWGg8e=IT+HZ8-=)JY#>DIv3vfge1LCX+;Lz3vGH<T|sdi$b{7Bd(9iJgt;`EG(as`
z^%3ngfc1dBE`eV1k1~dr(oEFfm%?aJmtb2%wjm8@In+;g=on<aFl)d!=-R~8y*Kwp
zIH(?BdA|gW9O<_EFYP(=@8eVL|20akK8*YCJpZrt_Gh2@{$K6S*MIi^`WPSS|Ai}#
z-e2u?_WrtmZ~fO%>sR3YbwA+#yPsSQd+{jRPUF$_ACd**e+ieZ9&m=P7uP6LEhh6l
zyVPhszpkCbqs|=1u72h@b-|q7CpPGqcsPzHc{1@HVhpm<Ga9M$kT@Ur*&l|P=Sv2$
zDeI%Wp$_=m1awhM$RE%s0iOMVf=JmoHmb~CevrIDHKnS0%dJXx;dsmEKb|Z%C_mES
z(QfA`I_eyEj=t&a0_iSGr3#SWDt7gClID?NzoV!YqY9yh3Vry}M`;x#Z~b?uIA$tK
z>W11N=C|rJB+-@*2l#Fa5Aio*0(?n_^d}=9IjpES4s|l>3Uo5S^Wr?AzmqBUgLkL!
z1#ek(`L#88v_^lnw&34K`0p3^?>}tmf?tpZ?Ge5M_Kd#KGSl}Y8$9CTz_JqeZi17=
zmq}N_scTmk9;t6lxhRdMS^kE{)k5*8u67!;d{7f@SBUj{rf(b3zdEN3hMH{!XXt1p
zYANpZl-}eb9<-Y{(cYhnq7b@A-~OE3YYVfAZ@X&ikbWCRR2wlV(1{D-IukTLHLGT}
z85(5|cdK(U!gLf{aOx*yjC2FZ<U5$+%F0Vl@q(&F#oRaC@Uq`_!6qSS3s;qNOz#NJ
zhei-PIVM~Ey9Fymk3sHYeYxHulzxn7ble>buj)l^<0@lro#;(A>E|L<yiIx|u8%m*
zDqqigU97Yq2>Z$5*PVmze&>L@EELF!{Bq57BvaoES6ZQQ$V_?~Z`Gn7AMIF8^RL#`
zOGz2*XxeIgAq2&j*5VL<MqemF?CAK!fHx4EoC<F7f=<(Xc$Oyph*p*wb=7tdPb*b0
zs`Ja}OK9%U@o!*MszEFDPy68Fz~ghT9m}7}ratYNMx>#d9GP4){IlxL{$)TvMBpv1
ziW7vxY{2SkYw?J0eowycf)uskJmLJ<ZYjJp&`>bMY5Dv0Wuw)%)A?Oj>`hFnN@ct|
z+|v93Nw8fBFn5b;dg4#nv1HHBN-)4TFqH2IX<xEvaoFvhPt(`Kew~uKg5g_11JASR
zq?ah7OEqvfs%hHO6|0?ZeA;IxU1|^Bz`;u=L=ze?I%^u<(ro;J2+wNhHDq4?{uo<O
z0OFMw(9*)vZnrp}WN&l}C@vix9sl;=1oPOq;LNYnB3=lhMvLUpbQ})!Rjlb%gDwma
z#2P@E*@3CL6IH_4rH!ods3ygHa-lC>n8X5KMH2T!TaM_2w;2`t3M5G`1&s~Vf9DE-
zn)0eMX>yHJ{*@{vQs5TFFo!$(jBj)ytRHE1GAjUEzcs3jme78PO2@>i$jiwRf%`KE
z<HF0HMwA&u@CI5^X7X5K`VbnLdtj@x*TZr23V1)5@Aq=LrRs1+C)vZ>m^`S#Cw8b+
zXph?cJ{2vmthhTu^A39lCuS!&Xi1C%Zc_A0H5O2$sx4!5QUu%_nvsilzuP;E?*5@^
z5s5cDVVxRbKk1FZmPtW*d2M-<p8^u@>mQ>mdmUqLN<NH$P<9TFZH63GU=>Ty7G;$O
z@aVv?>vjgY@DlZ)!xzo?R2_6^I3b?VsNqrtzc3Pn86-`Mn{MW8Ubdl*(d3!}x@$}J
z)R>Qsw(LFW-2Kj$<w`{Ce7m=^y&r8KZ14Z}cb%j6HdL2)HF&p$to2OllN6Q>xvlnZ
z?|f3nyGF@@JC}@jOJ3sLOFAfLcLQ))4_X=xj03V5^4B7BjC0dy%bu;s>dC{^v49Jo
zzuJOyb=9WG9e<ai@f&p8i0GH<xIAt}7tNON#(kVz?4^SYKzK1!Uue{zibu;Ux^Lak
zR=m@3A8M+`h8Ic_pcdKDTwlv7=udm<5K!xLsl-dj?n(kbJgD3GS}Lf=wprf3byfe%
zsCS7Eq0cV90js|a*xT5gSQaEWs^zBBP{W!c(+v7%3f|zg_uL^^%(naW;CeKpI}EMW
zM-$^#=fNyO{kwLocObT5G8)pQt+561CnD$2r0KG?a6i-0T<UP(QI8i%p2uf4!$UxZ
zQ)7TZDgY3TQml?)5CzMo`moj}eoAF+012@y7DFd-whi<C@N8JroqY)%8x!#0o-`)Z
zq52{92crg_hlYd@3_3}zK{jQtI?Kj#$}hFDs&BSvkwEah8fPhV0P>2Hm}!{DBL$JU
zqw2ETLU4{{#@xpTHLD<E4>HKW&f5$*Aa{qpJ8Jt_ZNMc+3Jy)L_olG<pHD5ki+Nx_
zAZlzC<3xt>oF@z`%;clc=3x0dRFBd3m&=Vxvab`-c}upn+?a)!5e;f(MGJ_=DaLIl
z2bq<|zY*0}@f#bbl@o4*Sz?x+b;E48zsE>iQecySvT&+Hqm4Q|VsxSGOmAY$4wI8d
z<STf;tV60ybIt3PCv6$UcG{0#eK(8qY_Nv}P6O2NiseVTh^b|vltCzmbM`vYW{19a
z6pO~ruG6+|DExK~e`kgNGC8apD)l9(5sg<US~u}U{#@+=eoD1_*##)ch`uVmQdlsP
zb+mR-@D>BoNGMQ}j;3EHrT4Sv+b7+9CE7RS<P>Jxe4T7~${Pr|e!x176#BF9a_SGD
z1t2#J${P&2`iY`A0JV8-4$5lC*HXx7h&E)=ci*k8t-X8+xYtj{>bQghS^-YYPeF}C
z4(q1gdSG1AkDYP^pO-%Yd|ockTOyFQ0+4EZKwVwktbiRffE)M`dRp*2Jvc<sS*EZ@
zJye3qcym5{Bw&<Kx8XjRIG_?IQMxQJx4cIk=-xKlNy{-x(Dr#*hXN4}kkgGoyWr4G
z-c@f&b)OaF89rz!=sy+?1R9JROKzL2E#UJ|t1E;?gt)ZOK^m<@^|ty4Fs!)<1&J!;
z19e8U@0z9>6~{&Rq=2KKpNy*5vPF-<+gs4e2cx=@RvK%m5|xA<FifY(3_>{<rQcx?
zq(6O+aeVI*9XO0_V=h%;zf-*afk0@lzITZ4OhDTn!T$%moR`0kmp7}NgicMN)9OM4
zQ)p0KC^d!B>OvD!Xi{CMFolZhLYJn{Wp$zNweQwh1{q<p>Djq=idib>(Y6rZVV2x)
z0TA0m2vieJ;vodmOIZ#>Z3WO1cMt&rhA0A*Gbk2$WTWD2(sq5{f8UJ0S4jN5k`cg!
z>iaL<?j0AD@2{?|{MUR{7CD))dG?`)Mq=|zw$|_Vfc}ZetS+z1gG7JIq?$fP+*?^0
zesP}?QdG!|J}7(9qv*xXSKCKjNc~>wF+d5Dycdrl$<*(sN!m;3UK1SBDky?o4Xoeu
zUcGgGg>cE1u-}5smBHgT=O2zvdx6tX`(MoBa}=$I?BH69_|E5FYoT+m`qV2MZi6ky
z!WxGv2IO7jh`Aio49=)($*7%Gr<wACqa%`g7OOhOwM>1tW#JA4qnARE85Tg~CZFFr
z$;<93!@?!#sRj2e@p&G%_exh>#xTVF;iRAxUViKZJtXLkm|vH`_>wWA9~lt?bHu4$
zh4|%@xY=l7Ka1{K4e|Uun-rl=nT*|D<W5GNE|Oj?zWIaF;G9*f26GU|M%9p;9O1e&
z;-R6FAxXr9)MW_=LJ(;D{Z8O7mJ1MQ?F=l$a!aIwMB0VS);sL6EwRV8{4xG07&!}o
z&fjl(-pP6ZU%cl4zF2Gk`<<!*JbKRoJX&l3Pb&xT5AQjEe^_h)2bBY;`Sg3)8Icg8
ze8VlF+Z4saSnu|^RuZZ!<kOIrdac&*=x{|Lk3#B!?H-=MWhRiQwY4>u5Xxvvs_4$)
z!Or%HDJ;tdHgT9&H7m7NS}C8l@YR8<HV%>$x_>B>6bH=6l>Zo58o14^V3Rx@!Z1e_
zgf}BOaG_N$({g9@A(pm$oCM$+2J24%J*UrjG(L|Pxwmje0(Z`R^>R3X#O2u}WNoHD
z!rViSvm`yt*dNaQ&%!q?vi^;D*G2f&Fx%?%iKZvMu^u`ZmF)9MqM9)=@v5&zEyY>8
zCT5%d&i3Hy@bB&-IOwwdtTT__DK)P{ta+C(`V(489VC+_4z&`aWR>sC(f+u;qNaHd
zs8%CHie%sq*LtLEC16cLgaL+Yr2#|Jr;l$Ga$8%4=;#Z>oFmi6CHoK?i2~M4ccUBR
zd)u6|Z)7$I%zR@M5a#>C96)qtLohhTh{A*mdRFWcV)q?-Ztv!d9SDNT*tK|8dU`ZL
zSXx3D9Ql^i<b~(v4$r=~)a+;9pAYz%?f-NBLHd}J|L=kNQTG3N__P1d$N2dEKj)bK
z@8PeE|4;iq`2V!;Z`^NxDF2^d3<s&=waA6%-1X==Uz+QSV?1YUPHlPM-D*Gl9BouC
z;;Z4s^deGc@L6#VcZqSC6VYuLJNjF74pL%WQyTYV+>!=c#YMl_J~{wvYB(USv#Cv>
zlqjC3Ptg;Ro+reWL0e5#?`)z3-J0unQv<+2IqQi7^c3zClF0?+V2|?ai_>fbx1ebT
zHcF@0zBd6<ennun4|WwHb)kZC@Z+P-_Sa1+w0lU`D*MMB^JVV|eLbM!Pqy{TCx=J$
z_r<}^$==}sx54H24)D+Z;m-CxSq$y*-@_C9%e9X>&pX>ET=%GR^5Tdpo_y8eFGnw^
zzZVB5+{ACb+S~6m2^5&xy9^LLZ4y+PTD+mD{C$%|PZ}ZpIp_$xCLRuX92=2MUpb*O
zj}s5G40DY_(re^a9i11@GE2|Gv;ALbF)BszWD;MK<pZ69uP`nLUiV-=-ren!?Le>)
z*DVXYj=-A^cGffnH(Y%pbBtbOW*mO|t=5k+x0PJPifixX5uCJO*2B)cwqZ8kBi96N
zPl7{$#<jMU&uZx4gx-}}Fua3qMDvH_J<Ys2%r@?UvKjXt*fg;{3Fvz*m&SIkU>l5V
z92(GQ-657`25-}b*@IlA5Veg#4j@(AROjNM8G6GJroQyv<KW<DRI&=@89!0vgxRG*
z&Z<xI3~g)JQy;DofryaLp=&lN?4AMOWa})a4?)M`3#w#Y!@wmB3-J?BaWmr3Y+PGu
zch+o)j1jlV%^q;jm}T<J(YUN+SoYQ|G-na@l1m32vqD*@Z)p8JM@I8)!)1@}?cNX`
zen9*P7p!8iD@xzoX{G|ai@A%q<9HW`u%9!9|22JP@c*De&p(6+FpvL#@X*iy{n`5Z
z{h#^&kMVK%e_nAE0Y3Y+%>e#+)cSm*)!tZN4~PI*sTrNd`LGwkDW8*t0R(bqmhBaU
zJB>#pWGGhq$yjaw1Pn@%a~h(R`%Og$?ADPU^b;9hKu^g_9joeKFo8g@0K=#tm3y&w
zaH0gC(NvvN#r^iC|N2?y8N9qmF8o*chF>6;N0D>Ub~etV`~pHqr*Scz#EOTl=NZL6
ze+9*m8!(I}9M*;r%8>!Ge4cQQg@J&ZuXH~*zT3A<Xy5uj*dV{F?S@-+A7-S=(wv|y
zf8(-FVFjD0uKodA3iXy9<w)qF>^2~CrAYhht8I#J84r@;8YjWNMd0|M=Edpbk#hhp
zKZ`i>oXKD~qzIYkagON$vUGI4X;VR_nc|<a(@}E486stUj{JTOUM2AAjrx|DzHqEd
zf|K7%i|1&&K30>eTNh;DKMiQc6pR5xG{}gG=9cIos6h~qR4skw>!OX40J_`zdruFZ
zbrkqcqW$g*RSPR@Qkxu07=_kX(;QM@nv8iCV#}0;MKJlLuC{mBPh-@b#=Qg9YGNNa
zdyu3^Wrw~d0O4V}dJbWEBg_bY#<>{O*2A4=RD2>11ztQQSL1rGnKW+Qs!MmpMl-4>
z3Rb#sJRVX^!ukjci?Rt|BdRU!ww5iamdRdyy;0qF66gwh8Ftlg{Am~vOHf`Ms72W|
zHR)&ls-b&SUmLe7ZL<B=K=`vG1W8cIfohD<oI)Y^)-bhXIrh_U+`>w{p_`C_x#5<B
zTMk=HFMp^c;IS@=@+cOu$w2{mVbw2(6UgzfdJ*@|p)$~H5IQt*zECG6xVx$iZ8ikT
ztaY8iq7glaV7x%i62P7U^RoZ}&&Iv1pD04ySP~ej$*S6LrY}t{^)8~w`xsvz(^bnL
zQ!-cqMA5(1ez>lyt8)dbgWDsDJLieE4xpfObv>bR_J&0Jc7yR8*APSVADwJJ2Ks5c
zl232lZ`-vGb;=!DOBUU@<EQBau`y4b#?85>mRiYLubuq?4<KG0d>CEf9?2;)O>HS#
z#^RuDe+W+I5EdJva>+KF7rMV6oyIricsAck;2;Xcy-5aJ2(COQ*@%*=Xwr`i!#SkK
zgCJ{g4Z@4BIvs(43Cpg~Co-e`YWrvx7yhJkd~$5jK1=)14%WuD#74$R1Bsbk`pSal
z-?gk#&HrD-#W^IrfBzU@v-$tl{rig9_xS%-tMxPg|1mz2|2Hd60>I}a0IdJ&Ui&i;
z0PcSlyaPDaNiCsz0!l-;5#T_NHx3A<m~$9{!>~icZtO1}sTcoifA8^}@L!ao#k)^X
zhaNpsMW;wtp6{7<pYKKW`)jQSt%tvEfA;YH!(aXS^IzX@-~ZKv&+IXKw7t8xeQ?};
zuDH70&eNk#C#pZ+yVv^F`r3NK^H_(GcjMDwUOpW$QKS!1CF>&-#o4}SH5z4abibQ?
z7)(-I?nV`SuU>+|l7roxzk5HuY(b!@g74MKg0q2=@7|BvG>dhk3cgn_3(f{gzI#9M
z!l)L%7p}z%BSHLLSP(C~Jn?(257cfi-ch@vr)Cs--d+gbli_GVd{-skeWrs^mQ5BU
zdQkK|db-Gh`D_9msgfTaqN>qgrhtAn1+im@?wI^z04CT_p>h~^hGQq*uYFtjVlbA2
zY=?>V?<c`<cmbmQ`$_Tci=kwz#kv_oSgQ}c6r=2HvEEg|cb}uG+*)6_pVs=j_mn7}
zYoUHX9rDh-^pi!Q7VP0(nH`$n=OmniYSBLLzDu8jNd-KiL{hQ0Ce@%-n>A@Tds5`i
zNapX!QGem}#i9%B7tsAwZI%G#3LoN_J;~3U<fjQWNegZ8Z=D(#n%$~cxXq<<2+lTy
z;M_``z?-tYipGX)M+)Ye{pbtqSDU}{7%)rm+aN@-bQwk^5XDzN35epWj}M|p*slc<
zj$tN<;;RKfG*RMUb`gRSs87L>`O{_6p`y8LR9A9h(jaSnu&>$LYS9G}DD{)15BDXb
zJc~|~UJOd<ETs{nx+uTSi{wJ_gvZnL@c4EkdIjCr8{|vI1C9AM0^K$zl=by!`(PLD
zElO)K!914cccV@XeyS@pqI=GJ{Tu*eTm>Z>XzO6gbzF%K?60uC5lC|C=5KRXWx{yI
z!#_=mH%XF4>j=V@ttp(N-`eh4x;wZ{iKgQ*+$O-CnXL#5J9Q9>sftc|5y-yT`eJK}
z3DRqL$DqIutC?Jki|d-K73BOTcc%>#s1|zHb86w7UQL(h&8n?uHA2-c)Dlz6-MNis
z&#iL$?ds`|aQf|coqm0~Is)skl~Di)uSUxYfWf%3g!2==nSirg02gZ}l<gv$JXhN@
zm=p{5OaQ2oe5}vPjl>Ebk?SWug~+RsQJ`>A9gy?jxe*Wb^BiM{Tk%vs2Qdl~mKpI&
zys#D24}K0}k9iJ1^z#gJ3`JILU|%@T`LW`v>|^zVAFFfRK2|?W3Zo3eoLkvRzfjVG
ztpLCDiwQMlSsR`As4rgN5B&m|QS$<R*cY}7^@ATP@^2rjANnx?+OQD%v65=UbM?z4
zmwIELs~<WMQ!M5+F}aus(eO<qQO|h|c&I00pXkg@!&EF3{IV~c=lZb{c+7&s51q{_
zmhHeV`@(r%k<W=Vt%r~W2TEEE>Ak94KUl0P-;<v==h^njS0-}~Z=VVQ@%f&4QOXZ9
z9@Z*qef8pLr~A$Jes$gR=@}+!sfd5{>~OcSRFU-t(Ym^2eruu}{hSEqLw#o4|0EY5
zCI1Wff2^1MKOX*k|MO8k&ixOpINtqyzHW`bK8srSH|{^&c<_1o?guhPP6jcCMTwpz
z7un=GdKRbg**m0y5oTHTo+r6@ha4|pwc_3Jl=8m7To=guVp6;q0=|8kO$!uU_*&Xn
zBy7NIv<<lndIEY`rw7x1lV6R6t#Af^&99U*T&Py+ukh6}yA)zHTq^r2bzY>&8+_4F
zwa^-G8nYQvPWEJV)t^n3JsdzjRZ7AEp&iz^njLT*MoMSbdNaCe=%i;9lQBAlyM4T@
zhc;eaEr%NztE!Oq1D+-{QmXlCyo~cxNPsq7`8eqf2f+U+zP)L|hPD|@<#FgRQm}|u
zC^S`a+~~SlF=W+gKT9xBC76j}Z*R_rN-P5w{P)wL;>O9A9|u=wz@*Xk!SP<SqXB6~
zLW9V$0}z~*XvEfJoZ=1ro7q5tynmED8)Lr^%Ul{Sp!HA+qfin7n1_H7AS7G`U~;R2
zcsRP<;854n>SXVCo$aHe?cd&dp#3qy<oa3nY?8f!jNHCmJQYE(llk>s2ix!uBx}hl
zjOEG2Ldi?60XPZ~CTRe5qA&yd(W(lOQ3g~EcXcKiZ0=s$NW?T_tr#zCw9itdhO7WH
zj*`m+B>T~@DEtiPPrH+8YJ?p#V3Ln)5*lonJzok4)O8M_*0eDbdf@_wL=@56ajRvO
zi*1XB+qm1d3KsqH3upDTy2VzNZ#mh3G$S(oY9Ny=`mD={g_-+!m3f7^?WR~`ocvwx
zQ7;d99a9)yl>af-E2N{j#=T?W1s#6vq&Be2{nkarBFj#PRmx*`RcaS>T8PcT!Nh5j
z5N1oY<>dXtK>F2z_C&n;vqbfzsETNPqR6(|N^7vQ#E=<^vv<!7a*eY)Q-?=9(zPLt
z$kV#zli7Sx(p~ts&a26^nL;}A0@v@Jtv=Eus8LrxfX4A?co_P);G9jeF$f=&(*DuG
zR!25_h|L`Gtn;ii%5?rH)o_Zeh(~1Wr^>hwR%wI~<SW%=fLG9>&0m`D`T0Yi+5G=U
z@&9gr-foxq|IdHs|3AjZ=l{w1<9>^6zaHFcKa5(x-e^DAXa$@<-kbk7cBjDUpSz6z
zd8K$D(l@eyM=c~0Xy&Q&3~1f)(_4^1P_f4t0hG=k=|=9Ks;A8?ZKh2{$i82?RVRmD
zqWw*Ex`T=u60q6qcwproeTnDON-KCoK|{BkV+V+F{S-{(v$S!y4k@YX^raDP*y41s
z!exRtTwqYtOzM;+FK<+}o;RA2Fq$`Yv0|fYQ0(@8SN*7{kFLwyd)kbEPb+gL*j9?%
zIk#ApCUQZn{C=|t%)v1CSkb9R>GxD6GH_R1ZqsW}^jWTZsYE_xNK(}X!rN;`&ch5N
zbsKeC1@6=|d)Z8h$Hp_eXc9w>C?z;;b$-{W9Ax!-6d{^5+(Kx!-PrPmr<s53>JHUw
znz5PgN`utX(&LOSn@Yw^H5e*-lfbydOe(1lj7Hhb_Z=9mQ6J$I7EBiU2q~xR@H&HA
zttfj#A#2{ieHpANq^)^%gTmORb!oX7{jWa%v$+3Z%)jTH{|_Fv%K4u^zyI_3|4}~j
z{MRc^Az&WF90TU_d+Ybr*NxU^8xMY6<^guE)A&NkT6~{@&2Wf;{b{@a8-OD?0d3Gl
z)}M~hBcq6iX^y^w7h_5&OHv#JZJ=Rd2QSj$m9_yOKS3qFqZr>G4SH!a&;nH3jVEuw
z*5z5;iw=*YZyQh$>IcgHW|;P~H|*0IM|m-&uF12N`(9hbj9nzLw#1kw^T7?-6%R6=
zs0OcStZ?b1)s*OvwZqFbOq>uV(E0PjC%10Z^c_?U+p=kSZrt4AljF|wTeYs_wAB2b
zA9bGWeS536f4IG?er`m9VZ#ydP-LC%lkL6zTQ%sO=SblS(6tOlHX3ySqA)f&4#obd
z>bGvS<P#wAw{EpXs^+8^PqMTAP#uVltD&1wLG=OtPK1Q4-le-XS?Vqi#Xm44^&ZE?
zxvd7}cAjYOHdQ^pz6c*Tsy8nv!}SG*RVdxO?e44pA3pCKG*~h6<2$C_3#RrvVXxeo
z+w?RBk7v+*p7X9Gzf+JJ)~J=zb8Pf79*)paPvO`8Fr8jCBQ)|+f3lH6HMJ%8j`qH7
zMo$zU`uKRa35^{j1$>RR_r8rDthJlbSI=L38@1S?2t9;Vo7alcfQApZFw&60NHOaZ
z*yXJLgT`W<T5>TZ$Mt9wUxT>>sBy<I#Z*03q{i%owfD$v7=rLUNl_3)NIVunMzS~_
z^+s8q)CoKN%peP6s8IAmFI%cz*n)L<*^G`(_IJAnhrcnJC@iBd9P~9Z2h{{CvJvS3
z9a|7p#~I*z?ge8tY1<fRvo7<f(I2U@b!>n(5RHFu<IxXr?1~({eYcg4SlOS9Lfd!$
z1Ml61cdj`7qA5h;{7DhsL-#k-F`t&?mSqXFi^=wRNcHTbhweV#KKTl=4`7mL4qS5z
z-*<m=c(lt}(=9F0VAxhC`kN>UYTl%HhCIuY;V3zXFOuy#35k@A)m71^l)veZe~j=O
zb)|mQN3f|Bj$vL>stK858V!SqT7@fZxTYymN5zVrB}L>8gVg5Yrs6L40jUEwZChvg
z^ptI?l`v$Hd=-p{QAPZ1XJ>csh^EspHI*!PkzFQaonhjJ!lNitJRSvS;~+{lv%Fj}
z*i;;9sKWdjUm}3_6*cbArrVUunM}TGwSV<eL-z>=EPF;tF1PDX4v(IJ%}M9@c>8Im
zyZ7|q@JRhRIPM&s97lhQy!TIz4xe?8e|vn=d8P$0T1XrS3jNe)Q=&#PX*5|cZeZim
z3ofNs!znee#cISy^0Ytge-9Q#_@g0B#pjcJI1BfQ5wF+30$=s*gPl&}L!1DnwTMoE
zeN~gY+O9Jz6F33PQuB?-Uy|Z0Y<fP)dfWZ}MB#}CpvqIAVg^4c)&K4O?oUAW4~Twi
zu_wBxC80g%5cuh+I>eS(&F=NDM}4B~3Vbk{cnl$dz{ucLcR4yu29W-C$HscVc!<c+
zvxBY>3_w~?;)Rx7ZbE51RSJao-wZq+D5?t24~`Wd`nuB}5<SXchi+Pe1u;1S#p-v|
zJMaym68sI?<gcn%$K=kE1^c#SDJ%3pkl-0aps0Rue27LYa188SC^~qAsJa6$CprnX
zHc~ea*l4;`c`sGVGRel1p@JDa)j1M)1Jqy+IwxqXNF8LFs%_3_aa)~mej{3Kz|nok
zGI{6u3k*y$vo)gletV~JpL5dA9!jsLNPu6N4Gdy@8NvK!k3fki(+R`HOR}V!w8u1(
zTAprgGk7k}r0oaCFH*oPI_m3cwdorXFZK3dfA8SyXNS8l_B-9f=MbkAgN>ea_qTud
zTlMux=cuEI-SK-L1tmZzF7j+M^uk3zC~}XZIlalIqdvxyiNFDb4S-Ik1t=~q(d(f%
z;ZRRxc5{wYBG(CJ>$kf=N4jGOl$93shIE91eKdjuF!2b_S15^i%B8g#zO*b@GKTN!
z<TyCqLGvDe#noPeA1wUbQS&xO23FiE!{B&|=%k0ImkqRC*pXOM)m$^8rq%P(YCb>O
z`)2#36aBGDM;xj|fp)v<Tj%KL@Q5dVaJ-u+(vn?!gRScs(VTFMRR^H~pDN|M4LL;2
z(kP@lC7X^9%?KPEA7gA_#bf6L;w*bT9n-_TG`xZ2>5ujFv|X%nxi;*D&Yr(NR$tJ9
zD^rxPW*e-+GD-yPFenGd%$pnzXs|Gn#s_0G6a)HRJOxyJ5|2iwIwX^$1bq*-f!G8(
z+qI%Ep!thWaqkLE;_g1)>-HTT^pMQ|q6A5Af0JFWuCpnsq$3%Puyzv)Od3I8U1wV%
zy*p*49^m)PjG_S&hmiQmcb0$veN}Hh+(_RK$4#&)7yhsS+F9Zzx~{uplu^Pv|I_?a
z@bWQ=Y@*tRjRWUDz&&kib<}yfcYJd6+r5L`&bKTv6H*%XCyi*3lj|>S%JkdN*f39r
zBbLh>UZRmyA-Sy*MPri97;*15NVK2k$)q0_F*jm$1KQIN8;P#f32m%eMGg{}Ke#el
zx42L@Y4S$)qm?EIVJfE+;N0cvnjUI(L{eNNYH2j!YF)k@s0r0W?iE^Xi<dW8C0hY~
zLrYENvscii;$tJt5_#=*&w5c2pG9h@=UIP4F*l=8uGe}wk6uYKvux!YiUEI~Kv8Ij
zvbO?t6b^W2y&~vdtI@r*H0*^p)l1VV!4?f}k<7_~)$eK_qPt?jILzn7;%=;1HBdD7
z9V^lGlINhjotd){E65K|O6?TP6yrESIVuP$qEB#J0s5a^SRUAPZ^U-8K|Y>lEEH{J
z9Rv|t=oI>qY=Nt1aODQRpz`}xhhE<afhaM#r(d8msmpt;Yc(C|E}RzLRxA`AfwQG%
zfTQCaYj+>f3RxIKy@w08jhj0R!>$z!RIe8pNem0KYE*DbXUqaBhElnqg~mxt&Kx%v
z+)(>q6a*35*<@wh1!)wcp$JG=*yPQ|PYy`5pdX6I0CU<9g|f3Yb09=R>oLs$W<Z(0
z?L-^kJv{U!mHW<YRIg2UoOIFk22TgExbM&REl<FCVv<;D^}hU`#5jm6Nl`f^!hiq{
zsvp*E?(KKfGld)jynoVf6*ZgG_)vvoOl=dop$7GYIZA~>&)pJKR!Q=jehui>Y)~ER
zz}W$?_{mkFIN<RJw#h;)h7&j+`r!n2yrC37gX*m9ldq0D&l`yTD=Q)kv$>GZ?F>y_
zQ1dq&=1T973(%|Sk!lW&E+63Tfp(eGHC08jgBc90C4lL7BreQUTR4gpXmZ4tgpPJ=
zWYM3x8%3*3jyc~A!%?0kqe}3@$Z(-&fE|&fN@NawoHeru=r1Kq3$tQux%VlIlxsC&
z9d`GQ5R#TRG|sJf$#U?`-qGO!G8PIZ*d3I$q}9Ki(G*axchwaUN~Qbt+E~#nMH<!=
zGt^KrstM%FmozomYe;#bHy06_xYwKFmAJ+MMqM6G<ZlRb+%_O%o)oD=Tb+oV{^diq
z@}>&Vwfk)Q=xc)hLU&a-UKic8B8P~Pp)kyLqhA>!TXLn?4jrUK7Z*-Q`k2*|a!(*d
z^RX41Q6<d2exH6{q#2dfI)<icbfGy0`%!T3#X5!sB@yiRSq4zVbDZV*5NNS`02)W6
z0AXRJM@ar9bFh*Ez8PG7;oojAI;l3a1G+%A5feHW&@H(@ifS7GJ7E4x+ulbZz#w~)
z1Q4uI=3{Y6T~H;=VUHwM`xI#=+axxCrf`C?0Onf8-InzZxR%a#M69Y^ChdKRJHXO$
z7!5LA+?!pM+grwuNH3>Tz&R<MPMO!rNe4QZjz-rWmN=PeUITN1lbL}n3I)PMSy%SK
zjnaxa<+wT@bbC*MY#3ld(MH5YAUGdXU4ipIip<zNs$?28Bp;358s$3v7Jq*Dq=q7@
zE@o(O^_E_SZkKg}0C`H<>4y<^XD+%{z;7<PhHyTNy1fsNy8^@(e{`4jQrZ<L?3Op6
z|4Ff2F2f|tg25LTS&Db2C=T;tHv_?7d2QJdzzl~`#WcgQ2eWW>e6~+&cC1)C1Gx&k
z2p;J-MH3v0a||tt7WJ^a89)!l59VEr1bTZ*%j%6Pw9$!mM|`5rKl00m+%Wa{fGU2L
zN9{5RF0|~mx(l(HVV@Xz$CIS2%`T(wTy&hz3D>wQiv_F=wYtAnV-dF3wBzu;*h(!p
z7KljW(vF}O)<Eyeg_t<ic;pS~yX8;w<(D<l+YE6N_a<ajPm@ts!FGL9ST56Jwpotu
zHtv{`jgo4I1^M@0LKBow>r0J}7{P-Y#?CHh+js*G_NVAxuQq>j6}2tx@bSRWwQ5~u
zXE(f9?Z8?U*=d%Ik~lT%WfF7`3sRjsu?B)#a-cODiVdl;&$6)_kxw$K@D@Tlz$Nxj
zH5tw1UL9%0-K2~vXr(#Av>W=AF?$t6GSFHfQsb_Kcm^oAfd(Hk16eC-+P`@<)V<xu
z<==bvnRaIFzS$C|mOx69Cr86n5GzH(oWyU`1cy3;)Q}qlQ^{DnsCXFQ?C|jFmg%w~
z0vkbT!&2nZIoECo3C`6Edg2}29<bhCZ!UNg*(i;63Q`4ZC{=$5s6kpBnu3s3DRv-f
z^=Wz)+zb?^h!CbXS5V@RiwIjnX4Q(bgl?RUkRYm;I1#fmmXm?IsJ9LVot+oX9hBa_
zf=ZPMhon~D!6OJdsH?ghj=w~_Q}di;Y;YLRNxBMiiklV!>o}RF8r-t<jJv-yOIOu1
z2C#GVEIvE4IusZ+NE5<@btaKiR92u7U>$6a9QPddR5~dIoz@_M7_Y@-iqMooPUyx?
z*GaC5Nvuw<F)A=l6Fb3o0uOc{W{KY04CDP3@dVxvriYKBk~RGxNiVAcQSU-@ErsUd
zEXGR_M(jKBL>|+S1{x_R#DbLXLN~8^kyP*AQ?ccJ{Zd~Yxa5cCX$&wBk+mpCPK6E(
zwZafU8NBz)A(Wkg$zy}MiRv~5S)&>;H9eD?x<mxl8(}LzRjHg6c|jFOKP$o@ZUu=T
zMpx`Ut2x76>pr8j1P=9b>7O1zb)yi8l1_LvCgI><v?VBX+PvB5zXySrp!hJ={afWF
zMy<{YD+5xy+@3LNP)}D@HkUY~c@cG=Z|{7){j>x0L^D;SVS<y*>E>dXDvk{Y0inhk
zmEx_L0}Nqx0buYLY5`^9sLMl`!;f2?)NGcVj}tE#IqI-Dm@u&4*}!AaKMXfcoeT6Z
z+egz_e)F<)&^e5yF--}ISgxR<)%lv^b`K4{6r>PM>J*v`>7Egk_rlhNOiXp;I8yL8
zJoak83mlYV7V>oe@bUKkF~i27Ma$lGFyj)A!;A~67I`ol_6pnqB>_R=R`tFv<6U?q
zN~?g;z$6N=U_r9ZoAU%M{OG-wL(YNEiEx9nTpL6l4D2e%z#M}n>LSHU{$V^C{vjzb
zt0nHwv0~a3RR#ALFkfN<>(jBfGYF?SmzbjQp<^Mf$UsYq@ImvJJb@?}l`(x0=wSEG
z2L#~2$;tNP{f-Mj-%_gO*gg|ho0sdfQ(#RA-C@B^^_jetL@ckvN_hFZVg^y{A}KOw
zPqD^N6jFAdhHQyG0P_{a)2rcV2ufR2?bj*cEhoZNyk|o?j&HyC7H$V_-Ku@xs+FA%
zOYxcgTP-zRA_$JtMtZsMjkI&LCxc1@9EA~po!oTzhS(bWT@EK1WhU12u*8@Pmsi!T
z<;>a3p=9@jbeJL~);2e5(do7N%ivQ#f!Y=jU63Ead)<`P<jYHMd%Z$t0>UUkexC<L
zSxxut*f&@ehT9((=J{K_f^#p!o4|=2P=)UX8$#|pBOUmD{JIP5WiBG$vniHhpsih&
zj#ZBIgx=8iis0kn&QvYGGorZEB7N79)=6tfZ}`W8ok^=>(gs0?P}Nl`H^t4W`M%S1
z?oGI(O$sv<ikhx@yb90KA+v^p7-9-!Z4hbBvVE{<on?@!w~AwS2gaGRNZwhGD%%mf
z;sGyvj959uJNHf@-Zi2$D&wtl@kUg2HfzKRj<?L+$nqu<`z%3&2|`H0=)-{V!iPcN
zEMvQ3u3((AHDay5Y?zZ64VOqyhK98Y%~lyst~!+Ui0hjMKZh?h0~Zt!oh7$*B%O%g
z<Wm2*;vShL%&_WK(kV>~7&hMe0E1-#gahWo2aytQ$}D{p_AtAhC)+RfPq;~tg}5=O
z5@@L>n%c2#?Rbs3ZS_QB7)cjQ%z&jGo<$)2gD0LbvJB{Yt%VfamDC)9?L0v99()ug
z`NCn{Rus4UL9o+6&6X7NBCc*(Y{wGwUnLo7bJpsG?uUA0Drma|0>m9wx98lFEzFI%
z#DyrhJ`EbeE)q<D71hkN{N!y<hp!IW+b)->+t1No|B5~{;=fTm{GUAjTdVyr5dZDx
z{0|@J<HUdC6>nZf?X`BB!@srfwbmj1_k;Tz4@2p{Aq|_3w{3%h;q9a1<05J_Uo;%-
z|IOaJHnedh3&ZCt{uN`+6QcnMkg%NujB_xS9gewp0VmmYyz(FoFt#+K)r`1o;`7_z
zy7hHt1lZo}bDlTajge-$t8dlSRn>J-kplY2l=<<~2GQiK^eo9rk7k8lGm+P*W1o>;
z;!9IWIM29W&cln5B%ELd`uHbKUN?;ndTFA%jSM?+-k(HGu)niwr5S>%umA-|_~9&+
z<e?W}W+^z3Q;;+=N-K6<AWsjh8aqZ~wmn*`MvR}UtE;dn?gT35g<KjXdC+L%`(QEX
z{GE#v>jjc00^kQ|Gego}gNl;F=w*^~9Cl&b4?yfMI;ST=W18m48M0^i=E@2OL-r1G
z)icgea<xs5uP{$Q`?2EEP=V06!uY&TpR(m1h^nj;{v?9&Rq!PEPFoROX<d?X%WcFI
z-uFqc76!iu6#ExD*|<XP^1D#0BlJ9zORPPl(~}N<Z&Zu~`}-6jKM2;^N>o=d*Xz4<
z1?9gDm%gKZHDY0Nu_L<CVRqK3o<&b4>*2a%I@(_6Ezn;j{{_Hdx0@aK-<tgIq4&Q>
zH~f!)JZ^s3{|Lyp%`f}k*8}oh^UMDC{}vG3Mf$D*@TNs5Z0|%sC{*ANgQd;jyNv*`
zoxWI?sqjv)@9G^;EeDA~bfOF?2PYqtJCM-8#iFfLY5GY=_7-fRf>fskE8pcuC$vl#
z)s|8rP;><+5Q-wFUL+48Bvz3(d(XOuUMUzsf?;0be>76&!V5HLRNuAHhXM2K;9$4A
zweP_>(Up-doapLI1m)VCFRGPQO*^=M-^nFP;CFXk{&@W6sC)Q)>v+p+Wb8CDHjPj*
zFQ5tX`;sIg$@|%G2*(f!Cq-KgN&`OYJCOBHr80BY8xFzFz;*n}*<MC+nlAE<jup;r
zF-`|#4%Q<t<-QAHNy@q$!|PBntq$d%WV7HKv@#*j$!XK_1tY&IQ*GgD0VB5APkvbl
z#Uu9mgzhiS<13Kx`pF1RN*Ys?n#?w)w{)aHR~yjfBAX7a{x<O}Gv29IW42>gTV2`W
ztYxDS^qf}RJ{XfcAEO3_;&|(00jIF31`z`C^EW;r?I!PgO)BGG#O7oG*atI(tONp#
z`XEdy=gaCu(>fp%40)E`977)Qp%oW7VNQoGT6Qtb$e2*$NCLm(t+Gs2+Mo0!@v=Id
z$xvKdyRtKN&Z%zRe=}HU!oPj^_nTArZ_J*P@4v|xBz_Pnha5*e#8wio#lUl>@_$q`
zfm7-Y$x~=@Hg+>b6E%^!P$q9m6Sc8X<slUtqiuq{@XdndM{Jo!TghN=n82YlPVnLu
z{82mEnN5NuBy*8CBh^14Gz<B{x_;vJ8so3PEWiXba1xsGSQ8Afq&B_B3iFM0Ivj@c
zrjRvLxmDL1s>*z;y3}{Oq=P_q-dWZ0!RkBNjSb!xPH$nk!qBVGe&>Wz^txw-O1z<m
z1E+_uRB}kDRnioq+#`GX{FS<))zi;vb=aFmeaU$JC9RKZR^{QM=yAn<8Q6pG-m$9j
zTm_1f#2rM@Xrn~1TgO%wWEjpEwq<cDK{V&T!MwN5INU%KpS^V7IK!~F@i+4~LC~q0
ztL9;?5<8*2Djej!=)LKDA$Ib=De`WT%nZl^fQ*+qN`SK9A;}Px;!l=2XS&oDOrq4!
zgjyi4z!wY$Z8Y@i4H{yZV<WdQ(h_qjY4L4I@$&L=g-uOPVaseXEx%DKR0z_jK|*O}
zGu%@^Q&6JvQXfvxhW@R>WMOMMWg5ZhpHI_|335NwpKR)7+sm`*q;GPL;qndR)Udo#
zfS7~L1x1#jUul1Q-5_vW0vANp_B=!<x;5TNQ0uJ}Z5dj}!ndTBMDiTKc|S_h$c`i7
zSY%+HOrYi5K5RtTvGcGB^4rbzXGZZ~3+8Z<Q4bY{%1~@acvMQf|1UcgI`<rLN=V9l
zumH_21Xk*GK1$I)ok8k1c)+TOn>Q8M&Hbr6|8}2nyEKL^cZSjINgI=)#Z}20S2YQ{
zhMR<rnpQvEE0=Kk%LPhP{#Lfcy!dy&GtH?PjZ@(!^0Ar&_Epi56mr~q<f)AKfy_dZ
z#<Qncwfid$<5y_bn?NXTO(FL|epb%Ef#(9^{=S83?+lB|6F{;MNJU79Y-@Ab6YeZF
z16r#)tb}EWK4V!tNH7!g)`Fq*^Y7OBn$L~;|F4h&Znplvv-<GSw`KkR!$0-^f5fLk
z|9{T<|5efdw^!QV1?~3w+PCX#56k-hV>F&14SK?we@XmuH^sk61Sk6K^OB;zlnzcV
z18$uUjwHh9jC)8dMjl)w9O{5#2w<=6>?K=A$GzjNmvd}}_v2xA>$$l<*nhK!FOTLL
zsvPiQTL0c9hXmakI&E-^_ZHpsD95i44~`F9AkO<YuYcOwwcdBU_s^kMueyJ=O01b~
zyh$adKUy7HIvcY%EB8<bhBH5<vM;weAgKOg?i99J$?#*W^ZV35rS#6Ds6WX_l5Vn3
z2Ibe`H6br<jvXmgLVI4gA#P_*cW4oVifm}zbzyx+OTKvEcl4Y)nqbtX$&~GDNA`&2
z@yl%~iHEw~HZW`YC8bxXnpH#^v$XDHB0$ssvp(^LoCRFn){BZORT@={BNvcv(@gwv
zban=F_LFW!&lGDx$siz~V~r^FWrJW9#XWzl*rcdVv2%8PZ1~t}83S`qvK$w$i1Ad#
zjc%<{QLr6v7S4$xH6vx8QlExyNmj~L7bZojTV7b}%JN6YhdcW(-SVu8tSrt3v`%Sl
zzEfENow+e|u3JaBDpghyC9YdT`$|<-Q94;~9Or0bT{93OL2h~1=dH4uqX7=RrIk?E
zLJpnfWiWFM_y;7h!nCW@x$u%KmV5El*wYDTl+qIFQOV`AzNtN~s9ZG?2f*0WPiyLH
z409@`rs5>J6m3|!vPQRN@WAOej6Any+|+M8aNuFN3#YAVO;gSg{l=yS#MEtSYFe6F
z4fTgL%~&X2Zl*sp5YB4=n1%FfpPR}jHI>a~aaQBRn#$UC)efjwigP=UC3?F?z>o{p
zD{4e3Rop&cK5X4nzGn>;adqs!2jtv_3S#>_qW+;&js{a{AH<WB51b{_x)ZtYZ2&C7
zJ)wPsKQWy)ezAvi)<0h^oOGzv+Az6@Q_N9u*1SVwSgLW$7I97h%mC;5tmzlyM4k?%
zKufhUnLq_%qHqwKYzU;H*fb}BQ(PBrUh%+w)3<p^FWaR0aDeqPy@xj&SL%rdOJ@e&
zDLVPv?hJce0ox&%eiJ8mZsMe(2{|u(;7aq=ya_yKhP4_w>vOVJ!*0NuUWI<Ud~~Y%
zE~;V9`X-bP{a#J~)x9!veW!jE=l|-C@rirKZYh%duj`g#Q0~~VfBkeJr*+3pjf;PE
zuSmkWO|R}b9fL->Q*HdGqdMlAA7mZs9p209M{Ro4);-SJ(&1n;$U5?UgC0W{@d?T@
zwcX3w(mOt{1_@@Aq6h;(=5rK7kZ?4SlglO)WCV!y062Eh&62=?rtm1@s`#}*BPaJ^
z{_WCp=zQME=lI(_4(-n68sv{ja8QX!55sb8Q@KRi_!WOIqb9#SFTE8U;n(s*52;YG
zk*QDG%Gm8v(J9;k)s*v#p?gRs$W<zv)(<nahUt(jbvA=g3}>)&R^u-^c2#+wrM7tc
zr=BQu&q#U-508qEI|JM0S1)7Cxt?-%iet1oVpS^(yR5Vj?JKojmTixv28xlpy*H!i
zDgq8Z4F=QE=-Rz4fOpAgItr)&xt$sC;(;OJDXZ088JraMBIu)y;^ZP8@KeXm?L5lQ
z<*Hiixaq<QnRb$Gxx*XQ1XJvSNdq{1PWx`(ykN5VoZO}j&#Jk7(E#iE>bbKJJWp?s
z*Z=%kdOyti(QqN4;O)1XD|vm)2(BHNs$RzFMfH?TX~wAQw&Fv(alM{oMMm_eLZ3n}
zE0igLM$M1f=7y|eFuf$K;>k7L=D1<GcT$E*4={twhM56wXmN4uhBeETGZZHJNCt5Q
zRLazj7aHiHq9WRlnVw{0&L@o9h3|H-po^!wS^p=xh0H({p5$tm8E=>91g~Of?X-`j
zfKVG}adFD*s#KR>CfAuMs_p@mk_eYeSGJzXyi#IGI2Yc3Trk7Mhid-RZ#@Inv#|$b
z?7>h&mPZIerdvOPt>itnm0)<&%Gxj9)9G|9Gr$r&wyFlFJWW)|5eA<g<#zQX??Hc}
z$(j8S_7agg>@Z?7VT!1=Mp6Dzw6gJKD=)5xs5C<eHi`df>u~GvW$(wWBlu%yj+PfY
zNBjjdNPDmLyWQtp>*2kU0!}dJHyaV4brr!v0x(XBabHE=#_Kn>)n+qn9l`)3gY_w)
zpI#ue+ro;ssEUFgdE-czHZ1+-*eEpp{=XT+9-g_mFT{fl+s)0PlaT>>0*|uG)Q&r3
zRHYh*a7dghOnwH9OY|S+L=!qPgQA5JpLt4=&XV*adidduK376lCS4_Phq8!qBQ`4E
zkiwbo?f4EF2qV!&d~NB)p-V`?9nGvf6lM9Z_vW1Gvaol1!`=ysAe1%?f+!L1(&}tW
zv%Eld7nHu)%1vP{nl$_t)8c;8P&O*icV+`FT_zp3OeHmt3;f**_>2V(boGPO=DOh_
z_0RyYn5Elkby4wQv}UcR{bg8$(1NpjdpP$i02!@4(tKwR3Fq`Gz80H&>mYYk@fI@f
zWAZ$?{Ge@(8Sl@dBsKYUgY=`dn8n3M;&-5#iWMYqM)wb*(nUnbP2Ea*AF<XaDppaO
zaj$CoD<nQ0MrT6L+fSa1gHar%7~SKHbKx|`p-LGk9w#t{z^Xq)nw?_n5*p~NLo$v!
zkMPw(5KSi0wR0p_@jHqnQE3S<M-|B+gKEp{%E8FL@BllV#L|N(y$<jf#zm(qPVB#=
zDCJ1R>Nx?dI_lKfY4t;ohn`sj`otr#$nkp>@C(S;gxL$kfpbZY*dS08Ch{`6#>gz=
z?2?bsj&rRx1UQYnNja&JoHUHym0&!ee=#P@=H_aXonFv=1@n}kuL_q6u|Vj^Da9r1
zcM!bi8nEIhfE$Kc*0NFHPNHJ)we?glvIEC;ahjWJJn)>JLUQ`w>7lMDnB^U{VX0H&
zWQa&a{nJh|4fu)S>xjK)pt!Gt*`72TRV8bDmnzG;PC=DL?&|$e3FOu$^>*zqGIiEg
zF?akp7ScEN<}Sv5Hn7h&xMKsMdpft=zuR2ntAA$L|F9hN6&!$P+yAUSdbGOg+5f=z
zM}OM?{1G3={zt8N^CD<3uYHRKK#x}1?UmK<g7)|84<D_sJ+5#7zJ+m*Hs#?KDxGc}
z2U_WgGTS*geBM0_4qlVS%HFOz#?0$pMoDb)w`iDi@Ot~;dG~0ktsEQY_YQvQQheTd
z4ASt*e8rm>^J{-ce!T3m<&FNuQ55t~Qg!pMBlqQzQ}f6vy5IfTskr-szimB#E|1<k
z<1c$}1i<s1pXAAblzDydGk<xrzb9Z1j%5hleg3k2u)n<}5C41bHGk>;MM~+?{P(zf
zbZovsj|IlouJqw}YiHN|;)KHd{l&rI?!m!p{p0mvSAHBjuK?)oj%sCl_u!~&zP>q>
zA1pu9ck~6}U_uH}vhj!*iDuM1Y4)2VylDhp;>nY5$wRjh!Pm$9^#r~?<gb1B+M%x_
zWHmhZS4JCz>!1xI4WJ!=j)Pze|2~u7+w?EinwvxQKH=&dF@Ms@Rf^trFy5M+9m?PR
zW{_+>+YW=dImGAJJw!<27@OrvubfK2xJVsB-MUI|%wKBBu7pTlSI_UET@SXyP0jh$
z)W*5%*z^{=sh_XP4bq<S>#g3<;89(Jt2d1BsAhzIgMLSkYC3w;0xF_$*NH*$a?>jK
zb$}4vwF;1|yH)|>cGoIE2JhU;!JWqfr1h@b1c>lms{pya^JeVs-&Ez$tHMV>9g;c?
z<<_=<)559Kz8SH*f4OUo-Qzpg==wGM@%!5b&$7>{1KaejI~32xyVg->>RqW1pT4)k
zAA4ElH2$1=c&67a*M8mTYTENh=hqWHp|09~&7=@Val4c1%Bcjr$6XIN=2A#iv+=)Q
zAiP=r`*H`68{$8G`?%97$$t+!f69M<#HULBJ16-ML~!u{SzBp8L;-O1;rhc050C@7
zFjbBp7s;fUMnm)fI0w%CwvnHd|A&Z(=Vht!yvEf7Ma0icfKZtfAqalP>=XGE?Mcol
zW0Agu#ta{^u{_`_%X}H?Y+<BHyWn|rK>;DS`<%E=`CC2?PO$Ut1$Q3wF@6MAqmtQh
zm|dc}i*E(i@6Em6S_syI@2E2TdWOHgSHHHMU(c@aXPe6g4J=FX4WLw!ol#it5Q^no
zPKNXB>K=|n{nW`!D9fpd5CubtugGrv)rQPa-lRVBeB296j3|7nr;DF*nEhAF!7D5f
zUq$_5$anwB27(P|I2;1O*F9<E89!-3S-)Q=*LYIkFqio4y}*CpS%fzf(kkhnWBv1J
zc<QvxZDI_|2~-?sDcV%sv#d>2UzYEEMWiD=Net5m+i8!kXz<YC6HCtIPZIkj$|<0@
zv5R1{1KXO1t^{x%^xZ^us_;;CKVP;l2ab0B*6nT2&3*4ac~*XMH8<Db(!r8E3f&@G
zb93L_a~~bNo|}7Yp1nReqDQOF6R6kVHwyB>>(D8&EhV;8fi3s_GkLGOw(Y%#&eMB6
zQ%pr@(JSU>F}RE=>~(|JK4ia|43H&F#+;{!0<h>xO`3kh(fFFZQBOIJD=DL&?HnKN
z>>sz<vMb>WnL+_@zN$%1)hq{3yefJidt1MtnE@1$PXq5=q#E98_$70zsIL6<X<L~w
z5n3@NfDIv7j=dpw*V<;`K@WO1qcvSZwC8@&t?~%Ass`|^T<%#_x$SbfZ7RpH+9;MV
zUXY;)2!{lIpDqNl7*Sz%i&(uF@JFxOjkGyNZ<znV|65c$Tn(Q*NkjN&9L{WK^;Yey
zN<05!8r8lE?x`?h)BN*zIQCG|K875tgqPi8QF1jBXoGI}4#wMn_Dz_xBz*dm_a9#O
zar?3jo2#L9t#@RBX_AXjLiUUJ_W=(=)f0HAg8TIz>`rden!aX`!PH5y2X3RPvh5xL
zLm<>K1K=x4-TN)C^IN69Oa11wzUNy_1~seSQ|b4X(`{X|qSMc6JN?Y-^s~xNL;dDS
zeW#x_8Pu#!pGc>lIi1!uD>}Vh+v#nu)7zDu-k#m*?Iwe|O{ce=PV1UgGksM*)mQ#p
zUsX@`)eW<K)f8~In(r%j!cFCh-sjSNdoV3SUQ1ogRbNflp+?h<`o+_55-wSQ?A!P4
z!|v8G;P12TM#f6^@TTobqn?xam~N>^Z;ly-3^L9r)Ypq2R&@4?JNpOpwQp9^82K3Y
zC^pWBgTq&7ZVmEHt_<(VNCZef95ieUqwHRT#;QC~!MGh`dN}zp^+=;l@je-CC>jnQ
zGvt)367*<xJ2KEMP&-Gj(Eec#%^m>x2{J=L6J|PBbXq9peJfyK{P0(e3GIlq2;m!m
z`X2?$I*O?zbiG0EsLK*871=8ToSUR%LQqVb1S&{}ueP|`)a&1MuVw006go9`EEb&N
z5ew{=$Ve8r{R0fxJ~yX$4-M#$qq-_M_~=zGp<c~W0Zjda42(jmiycJMFkswxk~z%@
z0+0zq`amICu$_ArlYR!GNieUjHs=w<bvDI|&Gd{Uz#L;<O-HT`8OaEEJJtFspL=*|
zIyVRWYd!}uc7KvkVxxOs2YRaoU6;$Q=E~ySR`6`@umSsQeG{hR8DJ!QxCq^CNtr8M
z2<MShc1}6G&XS_Rwl3RvmSw~6*#^akfwO7cUs`gi?eFaRomgI8R(-+0X)@F`)J2wG
zg)ADU@!Mzbq*M3o+pE$DUY-o!$|&B=*}&;er#uSm%3DCI?a+pQRDy5A<$7D8fq&$6
z-gLUMY(-zN56=WN_QvXrx{xY&{<lwJj<y**YdUrCGRi5B@s(w`8$spZrRLW2=M}Sr
zodY4y?i$}k)s=1eW%u4x;1HKx^vgcq`Khk#N(t^kZGXS<%f3GNxvuQr{jzWN_k2`r
zd3$L8;MgyMhL)<7?1b*VUuYPoXCR~i@wbZJ(|1VKND4b=nf^QEZc3H^-g}MZfxDQ4
z4Y-MaEr8v>7+|<f8$8%eL9#ITpUq%PXejSr>GW}By(d9Uy&y2dt*%+uqSU-6w?SN)
zs^U~OXa=5aJ`J{=Ue2KrtGPgOn>^$OO&xn0`D`F42;-hyC%JP@7HvTjx6O8|6RJJj
z;C*DheMTwuc;xDa$$*kLbTg`|S>szKg(p@$r$PtL<~)vZX5vuIn%w+w-CQW)(k9kG
zYekr=<dkRN$qzIPqy#iAzXgIZL=cwN!c8jniMu2>Q7+t;f*V-Krk2m?2@{<)djOrK
z?ebJIJOEg0(a7BgP>4F1idn5G)Z3Id?xLEDEsw@Fwqep2U%Y;?lqkZy1dKayih!S#
zp!S*Gig?Av)#u0wf}+nD-y%^jv$MsNGy;vMn;{L3Cs6LYN+(pGjp-Y&$Wiv~v#WPa
zf2q?@FE3wzSp=jRSg6E5o>69K@v5Qq_!O|3!M5nJEN*N`O}C+}bHBcNe;@EQ$GFyw
z#W2`O)fH}&IEQBvh@V#V8D@jd#>>IB(q$VbCEgV|^0&(Tm6D1^DMl+@UDr3m1PT2?
zgZBUn_3z{()ngl6jLev40szhYIrEOK;BDv*nyqQwmWCL7n$(m8fBBv>GM>zev0;U%
zPggZ&P`qZCH)5cCVq(;Ij)TT9`AD}IYFMP$+GdDeo2rkcHieQfeo}AUifWrwuLM=F
zBLQyPC1~#6Tl2QS_X9A#ZPm&Pbe_o2jV#H5n{VP>$2jgMrwMGKOB5jbsPLy*$JHhw
zOG40MsGM;jtv4w2IzXckBxd}03-lf%Q|1dn0|`Lr+$2#S?WHA=?Zb35{_2+rEMypO
zH@nsG1jW??2E7~{lTwjx5E9rFP>0l%tF87rU?SPM>4%-x+Bz&b`pP-aAGRK?!wPxN
zgU9PmtB6TjTH8{EzFimD8T*K{fpZQb59TG83z4nK*&eD=(UMc$$+I(uxu3$*ncPUp
z5KrCU`=z`RhvgEH=^}*~#<hWsaf+Qc6<-Av6}5Z_6%~*bTa-qF0pEe)Mq|Vc$6uLm
zhZ-ZL+_J8Wnl6mdJIpU)>9wHtv&zacy-hN!cK|$n8axckV7BiLrsIRbRo>EY$~|Yb
z$78R?@r^aUCGCtq%eS-^R+-O8Q=uJkNqJ#NB>5{OMLbdgw5B6gyNgp$6euee8~H6w
z#O{lo?(XxW-s|pR@5Sz$qaWuUtr{PLKlc8AhW$s5X_US~`mdYpKh_?%+kX7d$E$09
z+JF2JAIJWKSDdUrbokHjSK8kP?X~qs->$EIS7H4Rv~3Vg2C)ChIW0X4j;?|5jWBf}
zuoBm|j{m75d&ZMV>ZSA|Kl*Yuuo-E-%(EgH#a`ks9H!@ju)Fi@hO}SN^orW^B8$p1
zC((D7le3bf`tW>}C<m>dCmIBB3di!B_T$Eg>o^e-DFJwWqBdw>g9&eu;nRx3B)9#k
zkuOU8grzDLnw13IPHST#cRRHxO}m$Q-U@m?|4qIge3Q>N12qE5$HD3C<23YYN**$-
zslzTyC)T(VpGxx>U&Z}tQJKuQ0&Gs0*P#5C*|;!0ZF7!GNnPM(Cvh8;sOS~#Rjrsx
zRZX6hR&#bU4mRLhNg-`k9eG$YhhcTMsJWZEHOWRdcFV3%WHX9)ZWsktZKx(O$g49N
zd0si1Vl=KDj!uO@&enUc_qX<*y?KGRAMcbaEg+b3XJ<%~?*X2hR6p?D#xNQnV<uwm
zG*wZ9D0LzBAVT--e@tV&5N=9UGcP)a!Yn-EgzU5M)&P{`?bS;bN<4NL6rwOCUm&f+
zVmZ-{+Xay8F=kVJ4<usdF5ZqB-_VfiHNtSkez?7Ru>FczmZR==#qjwc`Ry}ha`cx6
zLcQ`F`>Fk$DR}g6!F3!>Hoy666J(3DIN$tc)C>mE_2xH&W&n~Iy!x?;Hf5XN>;Vag
z`<ve!krhr5TvD-1l(4Vq>j$8}`5-Sge*kI&MLtu$q9e;rYNWFA&T>rs7+*8>Ct6)g
z!}zVjJU`tp0O1|wwT|@tvwDDgg%6J>C`eNvnp7gU==k}((i;+FBW7XCWG-H`Q#)HH
z&E1BA9Xq@INX%h5iF4J4pW>X`zyaivAdI7ga-Q<w2lzKwXF`%$9k+6rS7kV+2EF}u
zb{7m7+^O@FJAu2dH!SLEWod9^bRo;buuw^cVIAxUYCtP3YK&^?$Rptl+J8BMFQX*S
zk+lP!ZGa=A3($GfMb(diVkYh~bwH{J=naQku8t}HWS{@0&!iezy<QO%RzV_e{5&-D
zmFE#oxF*$UFmGT*Feyfug>0l|f06Q2E!@{>Cf*!x>&*e>puw{dL3&WAd|6JGlK1x)
z+!QHRO=52C%9P>)U#XN>cFwhdo!6qwr_ow7fJuKe#-wudi^aSIy|vgoHd52+%;CiT
zUJjb?p-)EGWz%ClRtrVvfz-|;!#8R@Ek>}t`)cTRA)w1vA^25Q2&uSL3V&7=0}^h-
zf}fQw;vr#|%Tk>s$tj4(id7DOF15d3U9Bp6>9&nOYk;~1uf2krx=~>|i>%W0JFH;H
zX$SQCIz1Gj^0O&Mg2agNRHScmMd1%G4;0lv&IR){VB-%?q*t7B4)A>gk=CTP5yZbw
zASvr%BPWf#$wWv&yD~d>qEe<#oZKtacr+N`Fd7d|n$Va|m12#O=7{4i0G+V1!Z`Wc
zR#!z$V={xCBxfo+7^NjhukAjG9A@<grbiNJEiKvU<hWJNjB`p`k{L_Ma6^nAkn}#S
zm{m`WPx3j_5V<Bp^zz7jGAm;7)UqH}lGIAB4!c!FDi!hbPK+##vxyvecr~b`$#_8e
zdyG<t`hLA!NIVTqG<l5r(+LM1O;q+GYvBylEOHCoh}Kg0Bqr2WG=3u)Vo*$dP)H=c
zk8wb;o(di3tYB??HrD;jmzn4w?JZL!wTZbHkR87m(<QeU(jC8?kfwIW1qj>PFUcFf
z)piSJ<(7p$Ap_D<S!KC2k|4jhP$?-5<jJl;1cPf-Q5Mw|C^7mdM@+7<j8f)Oh;TU|
z8=9-AK3LpWMtHEqgyKfQ2;<k*;cywYD&5e1^iOd?>>C2mxYdC%FqJ!q2348?K*dj=
zCm*oV*c~_EIjga%2JU3%#tQwYcuQdjcDH+U@dtmm4|aFAj=TK*_^+?|+up%G8h!q?
zZUUgl{+qq-;m$S{Ki=8ve%kPxwAJI#G^@s`{du4jfPV8Bi8i8C@$-G$(({bTz(Gu|
z=cVm=%zHdZaR1HYe9yDi<&&><7}jxeOml=YhP`g<B{H&0lLeDrsjk)t>Uzo>IGx$}
zT{9TotO1IzlA>yj@VQ1GN^3}c?*6iK+&g-+z1=-Ja)3*+T)ZM6DeW?vq$=R8k$Uu%
z#BT2}K0^)GFgbav!j}9tPr^716+cR*|J0;c16~jH3V*6MvTN|IwdLfk=+vmHQL*Wl
zNnruSpYn#a6#PyrIOH9xwDddvso#+@#k|9x@=mW1rU$h4h`d%~kgC=gM1!QpAV2vf
zVv%4T-MD?}KE}(W-JNGW)VoTAExe)cWqAz^+wG~_KT5g_r{2L40NCH!>o#SD%UJkt
z(*M`r|BRza9#6i;1<=g<pZ4mvYY$8JKi_`)=l#zg^0DuK)QVI7w}+ibZh+wbkAn6i
zya9Ujefb6muOwbm%{yQ9nEM)YJHwr*j1V>Reg>~>z1tbe=HfrgyayQU(|a_Gue>Lt
zc;r1%x$@>~!d6*NWm?^bNdEo)s_AeZ5)aH*OeSSdl#f7U0Q%ARNLKwHNhte?%yKa4
zjQkcmD#w6;<2N@>^Jai9Ch#R}Jw0tbmAKAt`9ah#;Md#a-8(zu&NTXKPcjsY;4lOj
z7tLXF6tZFEMfkKaL}Pc<Bk2<OUaN;w?I?ai%4v?#OaEdzHI8OXuQ(%|7k%^@zS&L-
zJ9?^qMuB{jY%0M=DMYG?j7*u1Ig&1g6_qB@x+ABwspR<pqQ)>&LWT~@%ag$s|5Npn
z4l1guV~kT9B(iYdP=s+HQ50NZ3($NBrY+A#c3ft*I^xMexhK_O!5u(JuG@0Ky{D=R
zY>%Rb@<~sU6;*VsL%7p=On?aharq*qT!oU_cW7d&<7(JCXNsd3G<M@FIsS&oh1n(I
ztMSAw(8OoxWDqP~P*g>`c$D_fGt4Fa5hQRIu2xhJ^VZX1nTr5^AHVA1nTi-+ej}L?
zRCHYxYr7ydB9+eL5e7eBwq({{dTD$q3?%l~BnW7N#6>y2mX$p3Tvzgl5%DpeDo_TH
zuf4Ie=kQ0BJ(ya{uhSyBV#O<zxu?|$PPj`Nw{Q}qj#W*}HyI3p?O;!_A#NmeZ{AD?
zX=ervi~}vbJC)wi8&_qGCUKQ%vr*}Mnlt4vvED_^_`|)*VVv?X=0~_QbwGX~X2FPq
z=>occGvFI#=?k~NJ{z6}6>&Uz1X2lgri@q~joXV2wP<iW@QPs#oN$;9Rwa1C1R5-n
z!CwU?^lP!YZ>eb!AFn{_P)e%GJ9{l}l-8SQ^&MKjkF8TfE-DjR^~)DeEQZe>A(hbp
zN~8K@9cvtqSQ}tsrG678H=O&8x_ZCShvTJc<KPmg96qHE_C`_BKd<T{uB-Z%sW0)w
zx*EH$){t5uJP5736b`Gu$rJ@Kht&$|cBNt#H7a?U&&pBN5CRvCOH?6f0DHzJ;?@<8
z*&AVLBUBI(>SrZ+fvKYS88}Z~T5CP|n%qJqQP$9Xf0?XXgn7fk79s9@u~SF1OIt+t
zLXnp@11i38ErNzVg<?99J|^iP_$Zb+BI^SwKnomb5&rBS^#1$J-s=s1@e!VUl<(8!
zd>Oj~kCKY*hun??EUq~Rp$BHJ)U6=*vjOjZdPPg{s>fhn5dt8&&a23~p6J@v6e(Bz
zqM2r^9kWb0mt|t6L|Wo|fMM~6<Y%+srkqno7V(spPLc%RG!y03YM<diJjj3;dkIHi
zD)xG3lkD;W5S{i29RP-VZ4#{1{Bl54(SJ^U(F~4$JUs60ZT*6(tBisvT>I%;Se<%#
zo}dm-b@PeWMrifstrS{XdbcdI67ZcK0<y~4owkcwi9ulK+dU9EPNK;qiOtZPs*sKT
zHoT=Jm&gKx(^G3WOkhEyA!5NrGvy3t_IpKye70zQKDcPIr(bpoeE*7kL+&8NfE&#q
z4L#(v;nv~~TM{7}q&MMDg)qY7W^R2cUE&*u9b8oqgpQghpj9j=RuXZ?sgF81*MmL>
z2DNCGb^=WaEkVVej0PX3d7+BtRi{wOcr$yrR@bCoBndR^=Su>L%JZ#W%IS&dPphSl
zE>{e+L9_(KvLvCA-8t@8bG)qRs~cF64daV=c+=2iN7>zYs_Rztx7D(WhRc-m#_Fd>
zx5&v{2~j@R>mi;co@fJ&<W9uO&dNkfkZi7Q1j!S4&3TRzbH$1b1VU4FK-ymZh|I(V
z9x@Le1pZ4tY3RK=ctV?jP}yNmooZM^69|imOzg9puW~WjU8+URiv7i-z*}Imx5&@<
zO&9l<YE@g#In?@8Q)^XDLu~r<S4FDzVl`D@A*4hziLwG0+O1k-*(Jxifb<Gq*U{fo
zO@H;=S}Q;+h#HvPgY7L+$>=9EU7GNennVn+wl`LrQCN5nr@TfD`#|6d>MXFfM;=F$
z{yEX)+P&dz2El7<6Smrb*qD<Laovy^L~s&me6^E0;=&4ywC=wVESnf$F1%?vkgF4i
z1dXD}N1B*wk=76(qbNEV%050BTF3)WF-`Q)rb1GkD&QNfViNJ-gkH+ZK$-G|5}Hj7
zkwQk(s~J;l(;j3;NM#k}mLzhT8-t+Vl;s6UxYS8=gRl8V0`!xF4Uq5`a>Wk3K!i3C
zNgkXHvlHu3bWQ$L^$L>|vLi%O357tkwrQx+_GILR8X3z0>Za}_njI3xSOzC<$7$;T
zd!y+V$zwDrnmFjir^YXI<9N(pCc_~bhmgxxWOQl95JZiUS~Ap74b#Ite<&M4F}Vhi
zV>FaXV*{4VudHP!T7j4Y(?jeUDhr4f@Z_4|lqVfOxWODr!#dG;(g~^zp89?X<7LtV
zd({LhH{g)UFe!4A50U~BwV?K5nT~OdYMGBsQPsHXHGk04%Jg?^cH@d68#5V)iiy_j
zuuOEjJkkDiI`WkTLD^knDU-}jwhMK*f*LWqhsOYB`K)91<SWccg>*J!ylDG=RZJp0
zmx$?VF%UHw*1Z4<s#;Y+m6SoETrK2e280Ru;^C>iEx84<23C!&Y6a;lyrUJzXPPYH
znxK^0dT<iqh?Y^me34Kd&GT3%E$+wVmY(7w5opQo3jDRe#`j`S<5M53j%a)zuQ?8O
zo(l+Qx`X-vfWaW7U#t#My@Q5wov_R8i$jk{>Qy}7B*vbpO<CXJ&?$lzH24b2xbLg?
z55_5-@aC)0fiEqQ=m)3NHhTp<)tuNi-v1nh_vTzRB}r_ouScz@7H?VGB*(|R(O~N9
zo;ZRx_!hU~Tm%2LTZV(as`q?(;U9JO>D#Qj$KVm-VXCicT-6J{vdSYNv~EG9fDw@_
z_C&o@r}V0NppJ8g9pG<t;Co!1g$77fY$>EH_|fcD&BYDeh}FEyZx~riE1s<pYs+Ch
z(9rBzRQO<AH(UrEO2V#92Ec3#hhEKc0Tm|{Tdbd@#Uukv%lp}weBNo=LF7vTIp9}T
zoQK8<Kql+Hzh1xu-#4A}rq)?Ie`<rknR#bvIVB>d=Tl<2P8tgXAEV~C$WT{FgLlxY
zV$o37D&a7E;%%=Xd@T!$UqRJ1R&SEo+ODw(?PD!B!8d88N^;VnTgi~i4q_GnN=;6O
z+2w3GYD@yuxK?r+v+88bFK~WjnDuHaDJ14zit_`$@34!U3x=1nk@w0*UW{TwPG;07
zS}m63ZH8VUb#ok&AfpQ`DpiudnIS~?5S6EA-Og;YQN6J;?otUPG7xHWl?gss5@DrT
z_?8><NM&p!2)66t7ZiDc$~wB;Z5TO|a8La}s$vjS?!!&aT(tU!#>qlKHWL#Zs-u8l
z52$qpL%6LQ=qoBq72(t^q6u0NZ=y^mk3Uc;i@>{^Tvty&I={xwFHv$j&-4+X9}zvZ
z&{gt!^AwoW+VI9s91ZU~JUfQ8tgf^v0KDYdWS<N@Md!Q%KjI3ASA`*}bib{3-KmxQ
zoZ@t=+jzRXVS~Yw7};YqyrgR#A+f-JofC3(a<VRKJuNb!2j{Yx`gn~#meq&y<D#lU
zxp3(|0hy)><eZI-ccX*WsfJj;styKZu2|{BlPDRj(I!EJ5k=+qdKlsb5rN4hlgK^=
z#1Qf&KL|6McEtTqA%qli)Sb1kRoZlOzhE9n8|aT^!Bz!s2mhl6{84Be{N<FNHqeji
zDEv4RnsZ2~V?&n01~*pV#<K@sbGPE%yzsq>GY5LB+9hYU<>(0=^`KE4YBADoOXrW@
zR0TbL1HQgwQ4^QFaT@vzi6R@D#wgh$bWB6>A#bOkWzh<9Am@GVZf*35wt{pK0xOw`
zFW@Jbl>L&F6-X^O)dH~NXyBkNCN?;(Jd|aUk`%`AACC&#lEz%J%Zig)mo3tKSH-{W
z90ZI1YzBKL>{ztOE-bd;hq>5O`M?!f0BM5`j1BY75CVOi&@@WPWdx6WF8q<n{{^MX
zBppxLLrIlv2LB{p;7HL`b=eY_<FjFvexTc9oKU}(Pmv?-afmBafRK4yZ|8`=DDM+7
zPFc2cDoYhba^%igHyNs>ht=c!9=x1Xo+K~3>^*hOZFTwhRj+$+#P2lK^(xuesfWa8
zxs9b&rIg~H%yay$pw`3EFxskP1B4Oj3!|~YoWNAQJlxvb+d2#m-|Tje0($m^K;5HD
zd~s{7&j^R<M8R^cr@`BW<%Qt)U}1gXT|h=<w08ApnSw>>(gUM>0Kr=69xf{EU5ra8
zsYNo16$M9prjf;HzW|Yye=UJ0y<a?F*!rb^XkT+w<(r4j<zVOwZx`5DZ{gj7kK*M%
zV`=vPf-2O@i_n>Y3%XEdGldI-?b?V2S_!{G$N>LC(U_-0F=yP)<dDxM`4>3)mm6V3
zBl?DIY_n`E4kA3q7nUka$BJU&peByjLTpj_s8GR|q4U~kH9c28B!v^C@BIY0mB|2>
zZ5UJ55vxj6U4`?@m&+Gf4o!*`X>IXwOj&SH0eXVR7adI!(9F9K?pJQTiYZ&{_cbo+
zYJiRnw&@Jszg>WtYQG0`K~o&~defdX3Oj!0DDA8bOOXk5g^#j@>kUjTgS^s}Xdk4#
z^xVFY<j7!fh)6&<#zN(bSF^#jdXq56?S<ZPfoyKKD)#`d_DVZ#bAc&24pC{kaf=?Z
zqFaN|Tls;dnklJ`bew2vvM@^YCb!TmH-O+O6gapfHHw=`83cEcpp~aqoP}4opxDz3
zk?L7ZY{#-F$b6522U<JTsE>SY@&f{=XPp2u+zqQe*;3eMDbkyTN~B81Ry7_uQ%cJk
z$qR<4q@W>&fDw#v8dN@K>SmBpQEgrcKu}Ut0-gG@3AP5jswenf=}JPTEcE9<z4vDL
zE|Y{-j(cx*j}N=YYM;@YR!apfp^LnJHpSaJ?-rl|{8^e^rWW~AgfDcXHdvPrYW?;7
z!#zvsKLc+*d+Dp!&aB(*>8;uArdvK~QwO-}%I(M-mljfFI`5esh;5{<Tg$5y`h2iU
z!x8br54SlA$lTR8%~dZ+`BX*aba4A%)l%S8%xAyP!(2}BiVXjr^Iv;AatU&(cNCq4
ztLPl}T|FqQ%rfdi5wnc?1Gcr8F<r++SVO1O$`x8?a)lCNREX3`p?r}=I_rlv&#4cM
z-}umgEu*)o5*4sl7BNMYzBS&b+MT}QC|&pj$2h6pWq&$!UF{MTDC06I`sX$Xb1T=6
zU?0lCye^mY7!42j5)Cfr2&{cKc!><=mmV4?MCZVd8N+(J*ZQ@wipP_bZ`U>1Z~|Ne
zrfs#eEWp}#UR|d5>q=S^q-+sn#J~io(OR3KM+X+{2+crQow{o~ViZ!<%s849*o>h!
z_MFZbdPPHY@u_Ya9P|2xCd@M6l>2aFAv971+w${^PYZ;tP1@*8#q6WZ!6}_UOT0XA
z)4v_}--(SqP=wCuNrN^s23$jdCoX6|Ccs8BH%vNV8n@1DbtANM6~4^|#|*y$_eGHg
z{Ev7nJ9k=W=bIN*DqLt+y+siie?%i#{`buV`Ti+*cN3|tyWL6&f>F)8x|h`|mK%3k
zsDms4U-n+Qw?M~tJQ^3*df#aRrRYUaO)#oS1`iKLZG?UGDOo_5%u<?aa7#-Tu6x*S
zHkRqZ^Mm7~QV-rQFE1~6)Wr2`z_gI!lhj~$*uB?V$0|&|RSzwBFbq7*@dDaBDLXG^
zu2MZn%M3i2hpO{+<Ez%6{kV0639)}yzxTV{=lEnpMKrDf@OxPUcbmD?WUA6-X8s9|
z^(h_z;{3APn1>0T4{g6WKOm1HNB5l$K6nt6=#!S#Ji~4_0_Ry%nrPrS^d6|T*lq<4
zw?%hOLnDj%rY6n}xyaB|!h|o!L!R1?>x8S5Y;ZlxHHEE|;sKfnH8oGAX$MsY1P<Oe
z7BnGwA1;V<Xm|g)PdgCnm}(fsEgc&Cf`-dqmwm@VYPv$kZ7gWh2h~-z_iJ$+3t7>B
zs+Q7N9m&8Hui!NwF33|<@(xQQpaaPnMTr~r&oxv9??0!%FW&5LAMYIOTSuIw9hTNC
zn+1C=$@a;&Muo-2v9xcY9@Ir)fk`{a#{zx*Wa*p8>XmOe(J&HaE3}66t*kt4VcqfX
z$c9yHt&*ZVcrfWKc39@aX<6#Pd870eb>lz1$(BQvL@4T{Lz`5+`EQgyW*k<`=`}Q`
zr@M=%1njZ5W>wzNMssXVsm1%!q#&L-9IB}0d^9>q&ZcMqCB|S4?MqA6fmh@cK<a;#
zheJa+E1XlS`TkHiXC!Z|W68aPoVFm0($%KWBD=BS)ZiJ-v5Iv%RcaHQGMb<E8Od;g
z=!mt;yaVWywK~65u8u9B>S0+AE4o|_Uwf`swZd=g1{_B|g5NATO4h6yOHO!`NGyYt
zUr<>L-eW-v!%E#X;(`snbRHY$Y?UIr;utnMBjb?bI<&CVxqq-vQZrS=ZO0e9N_C<W
zq<g0z;j+FXwNz4!b`tc=Fszn3No9nHQwxfx3likLohpcNz&A?Oi9}?+O<!!yDX<GT
zxFvHqX^jD#&p&aBph}BBdgIV3bdT#;49014h3HQ;^geLaw%oRfNU!d?%@U)Tyk2Jf
zMOFZFK#aeTxy9C%KaFWRgp)$T*$+ZGK1|F;x^n#bS4CZOKH+URY@vU_HIXHRO@ITq
zBJblHPhL}2i6_4!d6GLiMfGoYj3~l9>p-d{=cP0D*0hr_YLMh;HE^b^d)x!Oyy;7V
znv(96iNDvEa{XJ9q-m;M<@4*&Nj98Ch)O1+lVlW4u5Y`Px^U~M-UViXfu{n|&s=yR
zjNtt{yor9lE-&-}@Voi?=_a9EH(|{gyM%5iESV`ZGYT!6v(8ug7=_P;bqL=|e<kB=
z(?Bhd-j%vXL`xUz{HeMTvuak~nct$j>!!P<g}6nZ%bTh8>d)#e$|W^jRgK?e%8>&2
zOhqjd<0?tZ2iL`CcSi5Zn>SaUjK;(Gc6-Z|MKbwj?^*W{wurDuzX$s}yYMf?Mf#nS
zw839YX!v`@X=Jl+zXwX}VgdJedl%n|^dbeL{@4WAvT%L{Z;kXBus?6gz6mb#rs?y|
z%wjc5crk+=tc3|vSJQLMplo%#7Q*r2n{EvVe03`rFSd4%>VVL@TS2ikZnhN{e(K35
zK`2L~Q89wF!lo{w(0o5iB_Umf8cM|si&T#k17*%3zoFp4X7E40eod}6(*@Sj1Pi40
zGcut)V=4<|6?drKtx`bK)$sNr(5=Lt+no4n%Xvq)PegG;D!g88`cZf8z!;b<eM1*T
z67fS83DJ6!9so~v26fU5qn&ZwTCtE6DxrQ``|IFX5kr{%L;SsAO>b+#dAql>|K`Yk
z|DW#r-R}N|J4grgn|=7Z;ZxgZiR$@Da_g=yEV(UjJ%2u<-$!qr*>4xUQN7u<->$fC
zpYQx+zx~Fmd*HPDclYh<gP%8?>E<NXP8ojW7TfQ-GuL%rcmLwN?*7H@!V_;vJkYyc
zZ^i7oPu;pNy}B>mx-Y$MZS6mI*JS^>Tj1c(d4F&?3t67+RALL80LvZtZ}&_b!eM->
z0xH5c+*R2mDXxjtj3YoHz%JNkCc&o@#gJlz(q$V*3)R&rW}*7U!H}tugTv==$U_f>
z*!=dm89e^fG=INs2H#fvB{ptpA$Z?{|5o6?ZxosQt&N#4u;`;^@bFW!M9Gnf&o1K$
zr}oW&?<s-?cQ?xOte->}4Kh^V)|$Z@LX*E$;NpK^);Jg?LImQaepW*$K}2oDWDqNQ
z`&$RZczh3(yZx!$Ap66gCFl{~fEHJ>NvJIMl%waH{jI~l_Ff<E931W(|8?#=CAyfk
zoI0zhlVYOCoKH_kFh$Ef!;<|TAVpL!@kWp6j4n;tmpFRbdwRnmE7R)|#!!~w$aLo%
z<{m~*Vg25dvC4uKn^NeSYNnQpYz8{2kB)pOj+qQ0BQFT1?^FI^d~?;2G^H5jiu^nL
zAgO^*g9aA4ziHFr8R7k;+v<dK*Tps;V)0JP)Khfmxo`~$^;%d59IN#a?^yqC7W6#2
zh}9fpD&&e;W`t8C=3}EYWaU6;4Vq~RUZ&|CosHiu6Tx_D&%9+p+u^awTHqw{5>(Eb
z2zvH}nE5b<`7pUH>sEsBN``3@9<0I*Vn70GK^|PdR&$0xWWZULEHCwfDoP=OX+}f5
zh2vz6PgTObvAWh{GkkI@n5G5g?HM=}wd6!TJMt<Y@h+-~@Aua-L=ZECf1!c*k-C%k
zSD1I}`!e!_?ww}CVRp$Zk|pgaE~!!g?2_<e|Jr$B{f1N9DgI{v7=<qV{@`fcVMtY;
z5dYX-EuGbTvCDqvl@=fT4(}}Jmi7iklJ-+)?{wqg&)RHs=3gz}fI6Pt%a%jGcKGCC
z+DE=|syJ&oRdfJljAcoooKfMdL$|3&$w)<7=Sa~=qC(5{6zg*U4#W>W9N1au$0HS)
zgVwL~bWwSAd8Yh2I8KAZe>6G7OjCtTX$F*Eom5Twbd`~C3|2Vm(Ac<1hLfq)J<1Q^
zMH+1K(41!o3JsM(&SS4IJQ5{(fd!4cN7=wATn=_HzH~Flk+=idIz#tK1f)Pq#Fq$4
zoC5hDMtyc!L$Q^@z|ix4HojK#t=e?wc)1)MT4d+bVbU)}hpm|S;rU%0>g_-%wwXVl
za2L=c;HiLb%Sm#_DW)lKXVlzb>wYRzC61jpJjegA;dA!)v*TLfGi3|8v;VyNOZT~(
zI*SXKI5U3OHYGn(%g$Y>)t$DbAoSqz1Z=1qgAyiC_#<3Mvxd5jPnG?|2vuLPn*{F5
zd#QwQGP;%~9V-D(nSuWLO&cqk_K1uzEoGUq8>}?5Q8#U+I6u~wyA^VKfgTmE8;cfC
z(<G7Oo@@pR(}00eU!NGHtJOfsg+5(-%xiYE%HV>p=gol7*Z>Uxjn>n8sgoZ1qf9Rt
z3DS#Y6<^?-pLn{K2T(%sW@NQ<p^b_;?t-s>qb281q~~sR(=P?N$&<X~2Mwwk<K}`f
zr_iy}3KLPO&YdRUBJ7l886?E^ps2+CO?%C$$98-uwi#o8X$c1Pz}%r3Fi!=F*<`MJ
z6M7$W$(9QEX?Y?up%i~;8K)iQ%;?+5ej-a_yct(K?1NiHP*T;=4xBIQq&8u!Gc4Qx
zhT|M4BSouk&eiq<41}z1{+s^bTWv3<osX=y=$U6Fg*&l^d7@Wr5#>7bDYik$3bsqI
z-r2?mL1Fy<&Tbfp9}y|Fx!QZWu*erA*2IvN1_8;-W>9BYa*7umW>6Ql1aYA}b{)=;
zLiZF=r9JR1*g!vA5zdzrSILQ{=m!B(8-Z*5zG=cTF?v)6K2p>lfa#b<6}P(R!-WYi
z&_@y5Geqx8!XZfo)cYuo*9svd`gF`9f*fpxJ1$K}dA=*GDNRYhub+S1+3hm6JwFhZ
zy~3WdiZLQMxOvnAgo1gzD%kltM_+E98q?sEzYGTRj85WVL+mvbcr<c_uSx`{k`&q%
z7L;^H!}dH>*hml(zDfH@IaA#<9jo*Xu&gL)Ft(R~Cw0`sic;fJel&E2sJC*C!AO$)
zTv&BUv{Leh9fP!ftJSxP!tx(>Uw5~TW!*_OWL&UWR=uV-Im9C1-mDe0kfM$Ipi{km
zZIhyt2F$%<Dp)GqF`O2M4YNwuVV#WHike{C+`5ZPlS1FPmTe+ifsj?i802{p8m<0?
zhC&0i=`1tlF!5GZToIFj*~KLlr3Mj$!P?BFL1*n=CtYpY%j6umHhPs9ntp~lK3MoX
z9z`jjU5<igDt@hacIZGT(hp7k&8#G+)|?broeGtEE_=i8yA^j7uh(xmF?P}Fx$(Ap
zd4f<<<)>zHW;9!|NyQ|(U3C^Z96A>K=$`P5Yj|+S%O5onsWMr9;Kb(tSYef%O{y&M
zjcKu>7NroPloH+qvk*8yK=h$OGviVH*#rZQ-Z2Q{=>WjtvnuQOHHD+%3u*K+6&{6#
z!Xs#k+X%f5ey|SX+{AZ#ad7w=wzRTVRO+H&-9?BQ$|#HIpd>$t`@;z16?mPjbl}kO
z^DCu6^V&VDDv%E554BM@ccb#`!HJR~;xb^YI$7%aS=&80sF<~C@vw>wI`&|!mZqa@
zBC6#20*70i!%lq9omoJm@kx<;^sC}jZzyb#p?d2a@?=or@yeZpm2XHzQgPf$MP*>g
z@g<u0&s+NUo!(5h;JB0_vKw%s*87CKZ%JDiYA2N0h53?XUNKO!3+Dyk&O93T`ej+!
zujXW}%AG|-T$}>ygb=?)D-oSntyxu#6OHKuwXAwzA=IhES$?4{9EELc?TC2vax-W<
zCx{m(a`#~C`72Km#1VPPSmc$cckJt%I^|EGkb%0+yMxIwvqV*BS$4U!@RAna#L{AX
zRBo7rkiRwY&!=E#-{>fAiIJs)E43pes+}+!cagNyMN=JxpN)cNamu$-h=;6@S-KVG
zVyLS-Rgv!bl}!KZ$Zlz0=rwU6)jBGPBIp*bq87B$!ML-}<h9N=yR0u-YnIebn#JIK
zfNhYkKOwO?s#y(`k5R{ucPgk=(CZ{2ENie_#Ts8LWw}$>ek&12l>;1y6M}*eAPxRq
zA%A!q3D>9Xx4ffjm)HV2l*Fi`3d8G!l=o0s?!spUt{2V|FKzXOgYm+>(RhDzVO`EB
zmuSneYX?%G@=eRscV~ZHO{rbktv1_>R#_}=vc011OPiz>uC$+KOW?5F_42n7D0y)j
z@2Q&$lA9H9m9C;F1b<k;z~k2Jq1@7&b?fPuLVx$27l3?xHT#a`>*F80`!?h3i`sQa
z0gzyl7?d24)mo7f0l*eLj*>Ni*jMtZl_ONd2h*EUe!J6K?LsLA<A<*LgZ@p1;648o
zyu}y%<K1l)QKyt{SAM{W6piC@RQFSP<gJgHh>Bhsy;N1iE*^q+MP&4MrXywLU8THB
z-qsQ?91Gmo<LWsyGHP|8F|75k>vSFB(y}(9Q}mRh`b~D2%O(@p-h3|cO`uXBcxZ~;
znT@7OLviysO!q2#Z;IZe-`jbiiAyOy5}wU<0gSck9!|U2V)1Q`dFJEIrNxCwVPi2@
z^|B>1oAs{f`ec4^QfK?@-gNMV0G3xQ5#>Xt<($AovJn(;0a-e{4)U0FP5Q86oG_&K
zKCkbr)N$>qv~iV7Qg;D?Xerc*??0It#_LGthu_+_cJC}Vbf3r7w|EXatYe1Um2s;N
zSW|Pgx@lO%`ny8w0xtHwpH;n8b-v#6>Ts4?!#g=~W0do<R>w(IMYVuJ4q&(-;vQu$
zhQwh|y{~fMt0vzI%L_bfzI$1fXZiYq3G|>F6jKDhz8w}o3Rg!5xE&{}3L-13oQ3oh
z86nM{3>y~}#i^sp8m5RUdUUD{eaYw(1{1Bruv^vlpN29xx*e^3HToU05@z-A`}1f#
zj?;WW*#j|$OUFcwA>u8zIuYpKOBc8G^tfz&aKY+D*U&&23h;%ix^hKd=&;<roNqd`
z6A(HM4Xz*=A%bKl9TWl0S15uc`z+@rt%Yi)Y(=3>B~)&LvPr{5y$#AFuDDt%P3~d$
z_|2i#BHUSdKno0b1&#T+5Xgd-Hx<d(=ANPcf`|H|RYJCTr7H{l{(C73>V_r_6XL(H
zOD5!{+T5Ab5sSb|@e&z!)lTZ_+_^OIQ)^i<ENkLUxK<pog?V@@&RyBWyjP4NMU)H)
zs~iI>K*ip{>+OT*T^kum-bZ!q*3K@W@`kQpSzW$lG~V)RhE>URl+lGfxnA}pYXVEL
z5oF5PJo5%46S8SBqo=7y?gL%^`IKN7&OE3-Rk;FNGwlTnsgAy&7F>Et;V;fI7BVpi
z2C7XKsv0ll9I}S}9-b!`zy`bH_m)JB+YRVI@V#ZQ{LV}o3~M8nPjW+ys<MXFI{(|j
z6UDNWJa<qJ5RBqHkIvL^ZsGHa2F@<U6Is)WQX^N7Ubq0;nA!IXq}zKRu(6fUu=S(6
zfq#DB!!Fxf$U;_<G$?ICq}Z22)JVP1^8DZqoqT~#Ty8IwGEFxw5AHU4zB~6}Teb)q
zym@xF7RrvDig~i&lul#6?RxkmCinv|GRBST$6|&PN6BI2ts#V=sH)J4Sh?&vluC=6
zHWE0|KXuRS60=tbkIeE4m6oTdf!ekL{hWvapCK0xsa9=1JM3<~@|!e<V>iwz)%PL?
zeR=OnKD>&%tei?dS5+#d%V?6q@!}j!Wrm6!B5Dl(=pD?%Z#*M!-)}6uvjd?eIdxt{
zp0cl)iZCeU*f_3+{n3Wz3Z|YCGuBd&RITXIi9M8|q?gv}X(>KF^hRT-LR7DWRmtTY
z{DP%&^(p$Q{GYyhG}Qn2^E2!7F&+=&NvplwUIEl;Jz8!rcUJOAe`Ux?f|k#}yp2`(
zJbw5P|F*w<)VBZP=iyqX{U7bs$L$V$9=9L;$7=i0x8HXDBUt_Nrf>dCQDqeb|8bt=
z=h3LX+)eNQmwwnu>Hq8u)&srb&5NMD{OH@D1IxCuy0)_VebD}Hz5Q@~tsP7<U>t$2
zcCW_4|G}!e(<pdN74g>*?DFkwe9a!x`x($yaxntjT0STDy8ld0Qy}H4wcfeOH>;mO
zAx=^p%n!+mAYVS8w;yIFAL4%DJ^W{q;S=R}WkvWhxmBnOn2Za%fNU^PT8^_mw_=4@
zCjv$BPVg@UEx|7wcm%(_YR=8ANP1|=$!(|g!$H4Sq69~LA^2=54GqVWr0?2Ph`QK<
z%B+SCWyhr`2c>c?ujql5%KN=C|5N>tWbjoTC!ev6fW3C~Q#;+YGa}`FVu9kY)~dHI
zC_RP-NEQG^?h}6c@4eUFJnGzh7^0sGnLznBmDFAWRzV3R=glHT#JdR`2S%A$>Jzdd
zA7PLi2CqatrF1EB*MNoCh;W)>eLmt<PzB~8$U_O{Z38%q+#KlpoR}gNJNZw+RH<h~
zDMObhI(z4Px_D$u(8)AjFigtn4aLdGc|ng0yN{lX-oOZ}^w3l^2Qh+_#LgIv5rF8T
z8zyg(x~{jhi|o><2vA?e7ht|eiKdu+oedUZ3UfrVY80G-=$)DvgizJ%uF-a3cU8D@
zQRPi1lQ=cG^#Y9huaM-J-2_z<Ci(?+PjMj|Y<)V-<Ito@vUf<Sads{h<3Kd-MKcDw
z+vTKsz<{dg8dpRucs}g1b_zdblR3Vo4SgOHaW2=fojIfqdDtTPlKCLk)JhXI?n?>^
z;5Z$}N?M3U{Euk@3oZVv?^ArL_IM&GS2zXi1{1CK<NgA+NBr%3yv+>wy@jkFRHF(}
zRU#X07(h@Aa@$^@thaHvPD>~M(a(2Pxr7|WerD0JTJ7^}0)<sl%UM;Vj83)28^&Rl
ztvp<$S@JwrWnIiR)aiy*CU`m{-gJ-NF+A4_Tt~j(PIJS$D$qPtP1#Ph^rc{~5?6jQ
zh>bg&Dx;hnd~TXaU;dc+DW#;uK1i_ne>X$*zwA@b{}bI<?tg_gX7m5;HF)du|Bu`4
zKl%SZ;$!pwvf{x0cb3;43;X|QrSmWV-oO25{n2Wf{eQ^}B5m*62>^y=f07piIH#A-
zpPE=i+=*UaKj3^9hh0Y~Kw$IE6S8ga1cE{4J)pF%?xQpR0UWj7lTkeKp72EZ&(JQ>
zdq_Nk|7^rkiW(pf7&SAEt8lJ?U$Rs98Y~4wR=d9(A8sAJ-rDYlx(;R%rh1JbRKeU5
z4Rw$#Hi6)VVbH3tjR~8$F3?g{Ta)N!;KLhM^(EAT)?P%H!Qx#tI)Nr~3_`(AnEi;z
zKOk1}M9%0^V%2tEda1>U-{ng3<P6!$T}l<=2M@)=i5=aXBd6VTxFjn9Dw(yTN^CnC
z4tJ2n=S)9zOzyT@Ptgjt*H8HJX%Ev6oBY(zwvKkTd)qs`qn*EXn;HbE#jq|_vw*1Q
zxWEk4fuLT)Dc19=;`CcJTWsav4uOwmumAk8zV}DRTidUwd1!(bmmfLl#x)?)9&X-H
zRn_1CO1iECs3&So{a~r#Hqx>ohOLU>GJgk?p~u=!T2JXFe^a$jrUG%1CPQL>8uA!T
zdc@0GxbFqj*G@Rp8Cg8N?<Wf`76?>q#QG_Xs5fTJ_-%>rN_X~UUP|UBz?|{|c^s01
zyrJ3=dp)c`3yceBp-0ok4i6KnD^jyfcV(?LH*t6<@cmdkd7^?Y3;PiU>;S5mO|Dy%
zw4IH~=-M#%L&2Q(pbG@X8zsG6oDO(^&K_SxHS)^_-)+Cye{<A*-hhH^`k^*Cjm7d%
zv9qefs-Mf6H-j@M8q%!(s1k^;a_oCcuG6}XyaEDC5R>bfa8w~}0&#>ken{4#AYsAb
z@zyikFrHftVSGk3kaFyr;4}c_SjMUr^B3>;QI8^yNpf`MAb~A*_qvCNdq<K)=&beh
z<u;OJVETuci00wq8KP+s4Ux>}W%LAbm8=<=fP0JQEf=pLt{6s#qb*^Gk1}rAb;-!8
zJR`LE@6p&Td7fn-%TGp8{?V$6_>Ye{ucvvANO>s`h<2c{WuZ&T>_I`qOBKDq?xrTu
z3SzpA<{7#51gB-1dz}%=EyUl37+u5zvWv7H!pMbSt@@;jaJIsrmDB%JEXhr~2+F?b
zQEl2cvJ{T1F`6=HNl}wRImQ(}ZZk0%4jXFk^)uj^;Oxfgtd})bK<X+AP;HWB#aSN>
zAfQm^te^1!{bH~QiscjujGe3ABVjlwDS95|=gtEmWy(!NLHHX%V389+Jb<?F7rob%
zSZGSAS7x7Jw}eI8m95plodh6=6oy!QI%rxf8WIhQ$%AUfkH%U;_}axiEE8U_y3V<P
z3RlI);RKDSc^rV%maY-%x!&##lavOk*P$J<$H(#UkB8l@=gL*r?EVJwP%qVj*(A6<
zlLli8sUpGHil8-L6`!MndNuXMgUQ<O*6vrwt-tksYOrBJF%YU~LEB&NB)>cdI@+-2
zC$v4dciX&nY|f0UhWJypY;{Mu-idAN48HqbR2@bT7A0dEqehkVU^CG@d5qmu<8@KK
z?QS$U+wrl5!tJmQuXrvHeYRfj1TH=!I$N}A3o$e}^^bnid~bO8UE=!}=~&^KNUj@;
zr(pv(8V;6DVt0=jvtd0WY5_F~w)YU9lJMj~1F8ezK#HP{GE#dww7XEYaI$ISj1~PU
zArOYLNs10)ZR6)3caFQO&vuTR!Hb<=y3gU8I)g^h<Rhns!_CR4$9@8UryYQhH*_ge
zyBQogfV}+*TTLDNiZY=Qn>?CgbJKzR8iD*Km<2;pMJ^}<?sR#mY*ZiUr{y9tKcylr
z%dx5q&L$rzC2<~1Qx47$4{SB{nMKOg;piR>?lU|Ctktp4QHygkCjm}W%}D^?$5EQt
z2Q@r8>vQkmINd%PBl{~a)S+gbX{uwFaXf~W&-!+6@gY5Vpew5;P;PS@g(uM&%GS=~
zON`CoJSj%gK~zNEL+iw{4lF$&8U>^9PVeRR>n&iit<lEg(R65DOSE=+If%z@q{L(s
z7B+dZ|7Nduy!G-3zJr8Ch*i8z-dWwE-8hY&_a@QhWSWjASwTL8L~E3o(3HJ;pOVS*
zB^e?Oi5r10ZmhG4A0?E;y&nl|Ua6tXWOuFZ_^wJ8rNoX%9YypjcroY<{Qs<fyf<66
zaU~eq=2-XT_VJ$KqLAXh+=g)$n6UFa8!+9cgMgM-?CTY!Ri_UhB~|RguCRah4&N{~
zx2TR8*{Yi;MH4InXPq%*)A+S{$UMd*WJOFPLtxrJS6;}NN#>;3)ZWxEm*BF{Do78T
zuj-q%!IU_`DgfvXWJO=X@XE;$L5wg19?P=|n-o*O>nL<I=g)6M0buk5x{N14Xn&%*
z{a_)Nvm-oSh1XY8fZC&9R*hZhynO*!_3zd~|M~fMeQvt{`3mM=H{JiVAFVzt-~W93
z=l#zg@hRW`oYVbJ=b_yHbXHa$qxo0o+x17^e~tSeZ2-pn`niAgbAH23Po?cw;a|~c
zW3YRcp~Nst&pwRCWy6y}W*MDSiKMEJB*4x!9sorj_RflsD%hGoRnTHQp*WN2VNX5f
z%M%rogJfnMnFFJlL;Ju~@QFde&9f2o2*bK@9j8y0svORmN7mJnbHQNUpMU2Uv6T7p
zX>=BC?KO7TzpP<>CC?VA|F#ckX@bQ?<jBPw2sn?mPJnECtyP3Jwm?1=uXilSCXl-2
zw+xeVl1)K^ped@jN7DB>*sr7F<IaErns5*3xYoRhYk|XM@!5v<^rW|J#wK2mmX?Dm
z%oQqI12O<LpxJ0)$Fd+>6s@2#=1RqbPz7v}9F=Cql!qY-=2cCQMOc&!332@C)=p-5
z01N;!I|Jq5&9@(9)}dw&=UpQSO0}GG9I?5tu2amNOK2_^`w5rqCstAXRVsPfOY+@m
z#3k=r^#Ja2l5d-mR=J``ay4ihEE?2X0L|^>d;7|9p~-3|KnIc~gfq?AUJ3)=*IZ0G
zs)*l631*NVg;1Vtl0^9-2Q-=(uLDa1A`-cWVg<U8ih!f;S0vDkh!Y!n2SdGRdX)?l
z%$38eau&Q-fIZtHTPa~1>4{it+;5obMU#{0ELM8m%(9y@Lao>lDnl^5y});5;Dpm5
zJuoCegk8s;3l~6IVUlZWk1c8<V)Lvv8GNZ#l%d@=NzSfmNK4#q6;&Do3j>9oz^0v`
zh!hps2(9vl*FGSW(OnoMwHIu>)nGvVVT_m<`jv&5m--ZMn+YY^%LzPW?A5ZLkaR>)
zluZ@>5rPzt#@Ph1L|z%Zlyp`AIWi;!a04(euoO2N=BagE<PjIvGzg*%wVZAQNva>`
zMKaPD2lA$RfFOKeQ6IB73@P;l>MCqNtc8$0mt6*<Y5yE20k3XP;&U|6%=_o@U^=v|
zUq$O7_%63@tOz-Y3&5o`$fx~28jX|0ncG!GC&HDXsrP^_>2w%jHlPKw!?$0k?M!+k
z?T3U54x?dy!;<wJDU&Z?1H&h<y4^SQw8VMTE{vg8AZj<B5frvzXoGAD2-iY=KQv_T
zI=YW_tpcSPv3VU8Z<Rhri~&)276e8Vf<rXv2S_DV-_?yvF+!8Px5s<EeW}Vu3FIzb
zL}x7)!O5mP=R?P)uI9jhKc@2u$GKn#b7?w|8gFN#QI`Hlw!1ck<4d{?eX#3u+A<H#
zhgnf~u=`wtWg+XHysoNx*dzNC&4n!X6HCiOw&WCLrxMf*K7p+k<kv!dZ@BNq)WV`A
zHxHT3HPo2^?`Y&yzzm43R1`%{DBU{+jFGsf{e)NDtEMz37Fs}I^?t!-1=UTlVvgia
z*4?}e;=O=fsI+et&5KX5QlLFhW?NVy=fJcto76LXr>r_ux^BXU&I82JAMyT4Rnz<X
zte9ncAjRVJ!l&V!qKAC6(~D%1r4|EiP7r+;<eg*Arl;j+jz_J(brSYf?5?u(1dA^>
z_O1y%tKBAXKfAzSQiv1`c3eyb$?0j2iWt_~tw&OiV-erro^ha5q7xeyOZt*nQ4+&m
z8fNcJDx5(LYk>rWy)X1wS#lAx|Fb@cEnGxVv?4dp-q4{tH4nCdm&P<z{o#gBM9-}!
zY!*GXo+z?iN#YCTbD$Ncl2IxcMg2*Zv*mpX6OBTU9t%u4rhm#oa7a#3O|6`Zv{V{h
zp7pa%kvFn%j=j?{S_=F^&HnjvK@ke*T8k4)H}N_Q-xj&Wxf>Xb2R2A7b`komO>b`O
z%~AL8`PT84Zf@$eHgy`Ca+wRaOn-QDL&}$1H`E_`EuG&C<d}Ss6ohjR!1!hWuMZE7
z4>W+WKh}#|Oc*<XsoA=)K%@Yp$OuUA>pd5a(hy^Ol{<o^MZV4C&~>Q68=M}ExDMW?
z*W{m)Ik;<RkilAYxptv!T}`2808dHUGcE|XwW-*!>fHS<e?xm5{IAxY&(i;rLGxE|
z0Jy>b_wnk(j;H^93?=^5|NaplSO3c^P72`fQ2+aArQKQSbb|Kd_4fDcj~<uxzel#w
zV&fy~2LcX{#i|e1W|F=IHhcIPE&^;;@45)!v%C8UlnwbSb;+}>`z^yCW#H)(3J&{r
ziLXLmGYZd@a@1BKEfyz=g-p~{IV+8|?Ex7dC=Co$<Y-uSI<0<`rWty=Qm4$lr&3uk
zJ0?A-v<jDAH?1Dim0@v$HVeke&cFMYdUEwIEx4Eeq$j6_sTX$b;)G2ur8?jFn;zhm
zDi#r#e5ESar(+dDOJ^KU(IHV~2h|bJT!><>GUmeze~DOuH_h}?S8~!s<D?0*GY+{!
z8&Zy5qfy>)lnol^dMZQZH+g9^S9Smub&-qb8tTd$=ig}5*(^iTfljQxqd&RK_<8%C
z?a-N61F?$W&^4TZGZOP}EAo_Qa;X-8zf~Dos^{DtCAz74rjw2#g$9Af%Ya$_R<b?)
z;B}M5Kwy<`?J(#rAY+%&RpfOW5lvN=+QHMHvA6XL-HaRuEoDd}^}}#Q9$*JUondUR
zS7g~qawhlf1>X7--=f=X2A<6(HWn`0(3bqR1Qzkw%R>x`$KEmOk<9YB{jAEiOxtm)
zLdKMhd4BtyM5!Gpy9FSj{qc39$d}p_GZhBn^qLJ~8@ym4l?%hSLqxfSUso5D`!l)m
zt}=2~(Ux;-BPqOc`Yd>_$-=pV_qf~iokn1nvP`v#T%#@CPAx5|byrVd@s%eOU1C{X
z!P^Fn?@u-Z#F3r-<CTua0o(Xrm0av7mxB!0;7N8lQ2J3ZGAhIjU*n0k>%Ys^@XwrV
z<6Z?FqoLVP(a%d6;i!HINXfU+7(RXaC|r`5O^NncKntG?v+t#6&0vtF3k6?<kg^M~
zAN!a)0EcaTf(+Z6!wq=wbQ4>_Z!P*3igEd9JVlL+J~$XT&V#=Lnw>v+0{v;6KYiK>
zm)rqin}nfn0bu(bBPKPNX|pJ8Jor}OnrBBIzEfl}$k6=8gz2OwfJ=r7t8>euEf{>l
zl8(71VVJ#(0n-tk8o0Ga;|49|8HV$kAc~Ur9ht(LkdvgDqedil-#}YesTPtPpV3}#
z1{u_a`AE-VF>Ln3Wfi$g{&l2WLOix9$F1H30;<fc3Yg6)r=&xaWyOd_Shh#<Fjiqx
zQ)!unJ(9XpwE;2XX$94#VzpFus&HDMl}KzJEP0T)9?H2h2qois&LhSI+5kc(o2we~
zsk9gdER*TnYDa0&EzXGF#3>rt#=<J;^BdR&o=Z+B!%9}mY%jFCB2>{g`eXZLgk1f`
zB8pSn=5hL`ZP@?wpBv@>e|`L~_QOXN^8e#M<^Mn8Qz8Fz{I7>=tN>VjxYBtPfb`#a
zxZbV^08mx{e7XE@nTV03e_oRP&+pxv>BT==u(zD=ftoYOMsA$%9sNHr81Sz36ll56
zqlYdawq~CCaQL)Yf)@nDs-#X!I-a1K&F;}NI(VTDbih)@R(N|>)t;Y60KeWWD5>t|
zo;=fPhkj?#*%aCuV#Mo{q~Mt`l7{8oa<4+WdK-m_t(E;urosmCg{<`d^MPe%(*I#{
z@~_wbK6>=<(W5`<|G(+u(SKTTqW|r+P9!G4Z~|a7nDvM4^>&2`Fzlmr5KYj+<b-ai
zEfb?`jPcsoWD|siaZ~`wN?Q~X8{Xep9o$EY6VwJ*1(9){q5ZG-2nXjqt5hySIZwH~
zyYuV@-EuU&BJlHWF?r_RfW2oabph>Hf#yVg2~MV3oZ{0)Kh*Tu6>GyrpKiR|0PvIE
z(2ude(v_lRVv(@RX>Q~oCEuH7@L;GNOUBb2R;Gy0*gI}$3j}RPcW3VP$5}p!hnR}O
zd1mOS3KmaFU?_<8Re~W(E4mIRz!|?8#S!4k3EuvbrE8qJYLW)jdAhlZ$#CIYux>RQ
z;wcRem)aFE@+ZA~dUDegIcEV2gtMm13>fJMX_aL%8m6W-pPf+6sbv<C4odYfBZaB8
z)(l#0U6W*FYV8STQBV!H)jNdu)R~k}+OVH_kT$W17On{mtO4gsRIJse%+M|RvD7w6
zjC2*llFZN7qmEjSNz4}$w?W%yV%qo_i$t%{{!zsZk<2&B2dmWzxlA+|(B8vTI{Dk-
zJ5w76$L7}!sXTLF!|c+Jd{-Wpd{6$BL$vQ%hJ3-I*4Q0xkx`!;OnmaU$vYD>;LgLJ
zj>rG&hEIL|yy2Iydi<}(XyTZiVt9A7tFk`dfbeOn1q5Q%oeI?s;l3g@pR@R6F88mZ
zvUptFKrB1xPFkk2<BYsCZy>V>-w;}y<)*ojrN*C-W3u!^)7%D+E~HkTqS98{8#<Mr
z(qkQoK%7?N(YQc6XP}*AwO5_Y2-mxTNl+UEx)pFImLx%xZes~bKG~Fp$lVu+>?!PS
zovVU|&e>j(P|Hc24-@i0Vom<MS$`{|Fy0Z*uHjq@yF1S3E!1AaUN0qDORq*>iCly-
z706|6h~8OT6xmq2R$I|jCudX7<*1ta+(1s+IJnK!xv!>Fu~j=VF_{@)pH0r_of&?g
z)cbuX2lJX>i04F-Y0WzoEn1~2()&-Ju}d!}Nl^~W%6k%J^~K=C2-bAf%TJ&2U>o==
z+|?6h5s!v7m5X8UtQj=ytsV+oyL+pZ>pZ}az|}EuDwc}o6h#9e8;-4?W^Hr93zbsM
zUuBs#2~$8_z`{IRgahn@UA2d%sR|EGJ$Hjr&)=SwiXrQ7pO^3gtG?bkKJFgw2YXw`
z+duB?zr<&snLk6MFA+<&w_f+&?7!IA-#PlR`+Tke9I5l}^}*2&&Nsa2ge7mmJrwzj
z#lCX@O!^d)!-^w>&OO<5($`{wWg2fP0V}F+l!M0mUso5xnwmBuDauY+N7RLEfl=-?
zq3B0rSQPZt(eX)O=bLCHq2n{b1i<bbjfS3@^9Ljo+OG=uTk@~m`UR%$_{|~4YQFc$
znkC!VdAHX++Mb(R_+~*rI(psR-r3qcnw$Uo|5;r6VY%`4o7TL$jo408S_>N10xXVH
zR!iAbL2ENuXfJ5&2f<>Ma`0i^mk}ln!@0sI_(Kg~_)gtmx~O4WCfWN0>+V`qPIZk;
zyd7y_SfUA1wpU~-;DtLLE7ciw)#|pnYQ|r!)&>`Oif5EO3iZ{jGd_G-H%8r6)x^!?
z743%_%e))k&BmYp5Y2)Rsr^;6OO1uElGJRAV{;l&Dknl4lP?K}hsIQFiV<qPa7B+t
z(GZ<&W7B68DkbHk$p!z-H<$}PR0oxwgYi<^Tqvs)^=}s{yYhF~vtu^Cz>f~eF+|4+
zj`08fos*KUZXCBA$tcMw_P!a%J8u}$MuR344V!Ty@sb{zy<ct?yKk~zapLM6(>|Up
z2k*amw-B1%>$o2R>D|H&b63iGrHa`%_TFA0?OKm;h!{rVF7VIL?2<{$rcZ)9O8P@{
zcpHTlqJ>}`3&Vy=@@P0dkAU&m;GA9?R=K`iuAdf@VRgBIU2c$^!NFTuZfKX2zEzbQ
z+vUc1-d2~(?Q-O6UtMl$mt&EzvfQORFK~2Jm%FmdUCkKqKTW|#UxFXnr8FWaC0L&V
zoAoslsGjTT8lr*>A+87a;ZInise~sd6X5IP!o?Pc%D6w{zCofqIkROT+%WA>?`lRP
zE+e_^+?_%xH~%hs`;!q*mzKtG0I7!T4Nn`<7{XX|gJ`$G`$k`}$v`DTvsq=5pi}lH
zBNY}&an=x83uNX64?5f%yWP!>-LSOO7z5)IqU_bjntl9cI&s@R=o-AdUU6%s@6#in
zccv_=G!wU4&C(g-ZvW+lb;F=a^foAn?z!o;z*s4rI8vi}J!poNA*(qW>^e41Vom6D
zJZ`l^ZzpJ!_oi&aCyMrnWol-ftEFRhV+N>`Xc(pa3jWH4XdM@|pNg~Hpg!?q20hDC
zh&u76sdPyndGlJVS<La&LEv5}L@RkN`8EbvYD51<MFzKRo<VQ5*4f&+Icyf}ity*5
zd*)O8)Yv@a$E_9vBh8A!cXbY$<ivW5Fc=WWu$rO)p79!u%(j&y1_q;spoh6E+Tuz*
znp~laQ*;v#cAJ&G#r`v5LSkZ>kt1miTjDAiO-F%r2YDh8NJqT!WZoP3QW8F~<{b%;
zMGG{E!g8VPD4|IS&mc6&?i<DAnk+gp-i+e7P0`}GBN#2MNcdLI?nFYDGG%FqPc`lb
z&L4FGJ7Dk$78Q>uwRpmvzzby8Ny5XmA0z`bE+t5)B^yj(4ck_KD3LRU38c7*`do34
zy>7vi^p9L{5=b^SZZlnZ)l?~SRCTQQ6Q}n|ehaL~J&b_!KpoULn}h(EqMO3vS+gyq
zpW5;WN-h1RtD}0U^zKyCpKVfbokwDj>rJd9`};y7iN5sWspL5~(s@`#YEkn!qJvQM
z1x#rxWJpqKh$U#9h)KOx1yl#=?~+k7LnE6GYK%ke)ft)tIyjABOAfTgSA$ghX_|th
zrB=bdT%CBa;2q>eum7*Ma#hD2E)5y-y3#%jHuSFzWHqZ45<woc{1-;S#QFng>}qQL
zeRuoGEp@?F7kt5_3m0{}X}7gH=JK7ik2tNiMu^5Jw>;G2@-Y0%jfO=^T0pHaDKJ#k
z*@MM|y<+D1N(s#X4DX^3dTFUlM!q5oC+L*`+lUK63V^e$z?c(oX5cl@2o2LHNY*6o
zPbay_%2&f1Hx{fM*^|OuSVgKWfg)T8-3Uff!AT*mCdH<b8XK27O-IwJbq7w4@!25S
zO<$8$R@H=hWO!zj#w86{)W8B?2Ir}v^mMWyV6lSS_=#>@^RdjqIr9W?)Mk}p)+||y
z9OY3^7Xw^<K%{%PK^PGjN?~K9OBa?Nf^=?m=aV;xQ$2{&3Gk>%Jn?$(@&p_F4I^zQ
z*)(@L7A$QB9e+TgK6>lup{f;NC2iMR)OJa@mie3Lv{Ch)Qne&?r3&>S2O*`lq-h$5
zPIwrYSUlgzmBR6`q(RESQTah@r3ekK1*$Pn<rb`i43cXx&`d^IW@NrbK@E)r2||=R
z;`?=#7wu~GXtRlncU!cH$8}g!QuC>?DJ7XJJS(qPwKY{>z{WSLt#7^$JzTT)ioap2
zWOBRtn>UVVL+-G3I-%RWPu6#WGB_QoqZ&7p%uUtAeJYVIz!RHxQGhSj`}*W7xAYkt
z_bb-^crMKU<7=)BO{Xg-@em?)*8f>x&*Mn#ZnI&k=)8;VBrpFEpvKOKuXJdu!Ps|N
z_@QYwlV){YV-&tnQ<BjBi}airIg&=}(4^1Z&!kyI9_&tnhe9cRI>h7h(eQ&_TRgC{
zG#b_uRV@jbbsLdB&u5|WM2z_;QZkiGRDID(uznLO-DU6N**NRWSk$9i#oI<t*vj3Z
z>L!$$LhmnUI?Jsr=~mjeZUtuUhf-5GZ`_!m>x@QQHw>)-(l@FW!s<b4(fsB?))LbD
zqgoP1!tPxtIipPVY8sNnB5)N0i;*Zei?qYDwvEAT`$hrEso60#J4SIh?071*wry^t
zJajM%51L_KU!KQ`%hTEe0Pz%h<4zq%Z$l#xq$S#H_x-TFU{$ZV6;}Zf^EjHID8)B?
zFoXrnuAU44PTtn{eZ!6tSlbHBWilL6I7Ot3>{;|41&{NIsYQVp+O1(nh0Fu!5*_0t
z7ROa)fGER&R8!`l==Q%#v_iyo*M@}~Yv6Lx%nxnSVGatYN=g)`^GJP%=y`dq`|pSg
zB0-7B)ImhU6*WSWwJoqvt8I$_iYv$_6ZHJ11wn-t&1hLQ#vd4NYm<THZL=+MoI_*B
z;GVT5Y;gR6J?#%?lbhz}y)2Dqnj<8irT>|=Gh(wF633RozFSIUn-Du-bT6BjR0vf(
zPP`7=Fj{zQr0(dZEC*yX7yv3|!&rC=OG{?p+`%T|le?oVixN+0Pqff(Wj^xF7AkKH
zw3UlxnoxqGrA}`)ltrI_^Lj*EsO2#9+GNq6l&Z<C0H@RzrHgMuGGn`Q2L(ZF^iPS>
z5vGI(B$K#ULCg#?YHc|A91WsxE-7OWNc9>+wku@Ke-b=V6)f{fZ~xFalrZW!Mw6<d
zYxt;WJwl1K&%S4JhbK}mnqF0T=ixh7t3;H^*U8N`<!zUAc;mYA9W3AREO><)-(bN@
zw!iIAWyz%tjuoHa78ek!THoZTw^-Wb15c5D%VR>rqq7^&2b`!PJIP?PN0jL9AxfAk
zeETrzCunK$k7=A27WWUs9G^@+Hh_y!W?V+is6;!!h&1C+j=<(>KcQU1!4w7<F>gFX
zf-c9Yx{P(00}7_X90y*#@D6IX_{*417_;5;jyc0BY<BZbD_=4qcwLF1(ZL92cHCP!
zi=bKCbfm6*Qj8DSKZi-!bS#B_!29?mTx8gKVpQPrP@6nLel^OMF$>bJ{-sHf=;HN5
z_K$&%%Mm!p^eog!6;M$r=~r!I0874jK-^-R^~fa-!QfKpaH~~w+U8lew2cm<Tu}vj
z(V`PciNaN!wL>tuyOK^1Q+``oC&OSns>WG>aNKNmVuR2IP<eZ4iLQ#5EfMiPFS>2m
zOyf!ulW){xHD<aZFq2)jBGxKWL-mwda0L|6H{Tk}Y8lKKYhOy#mEn|jfFiPa4S@xs
zV-ZVyAaQ+(ZD=3~d@w9unT&Pq8I?O>sUEBlU$vOsRI!)*os{d74Ia~_%u=98E%(Cq
zGxWQ$W~rmF{*z6s0sD<*^k^UGdUt!9l(uNBFM1eNC;gf|irw1bUIv`Zl3eZLR&H;3
zip~c>LS05(pR%Y$P5l7EWf0+g4C;pPI<-0=oVSk^M2F;p?2M71Z<@Fnn-fPITe^Dd
zntZilpH-rBt$n_5K>F}6xsvE(zQQ)&Jo9E^)p^nHbL3^pb*Xn3Z~(JiAI@l_VvxYo
z89UlF?pHc+aTg{Kqzu1|a;SlU>@l=_y)xYgK;50M%I^%aL$88!wY?q|PrinfRKfh}
z(0a@Q+a(YQOO!{L+coW_<#Vw^*Fgp*9N}PC$otBa&lZT3i^~ZkJ-XmowhUUXc1#G-
zF4qyD@4E_f1t|2)oom~&*h1A=<UK0vj4iL16I%v!<Z)f8ihoxPw9xk6;^o~&ID^iK
zC0r^Q5d$Xo`_s{MNSQYH62P)G_B2sGo^f>WKLFQi@Xg+RBFS?8R#5>Hwuw*AnroI!
z{yqC|_MUYQ*S)74!_eseXh+d>pLkO&p;IljhJm7dhb+ZEN`yY!D~XU4)xi(mq`L%H
zDS#ac-lr7m<V|O|Y0KQ#?-0ctH@&Gsr`3vP&=n3HliWU*+9_#Gm9v_rfot09Z$)`E
zt#HgAm8S|M*`Q`-KZ)FQza%fw-5Lu#z~iCNa~i?Mu{{-gW7}t|+B@A<z)%pPYyxBe
zZwLx~JE7$c-IpXcKq%Uc9=q}EQkoe#b14&#Y@I0hCJ*Oj%OI-aQJ`SaY}9XJ*{${-
z=2S}+4CvYHxCL;Smz`=S{aLa&R=GhM_fKiI7{BUi8J{I@l6r}u7>ZnY2jNY5ZPJet
z7kq2C%o&WS=3Fh-6nI88Wy&EMB@rCkomk0gF4C}>mYr*AEY&sX<yz!!?Q>&_tpt%M
zeoBlbF=VOBPa1^+Ep}|3izf1~F$6>=+M0>Vvln}_$V|0$_FD7;A&HP?9)G%5J`?r0
zOp7fXiC)LDCu9}(Tk_$Bt&kT<F|}^1jE3P81zP#^dESn};))8?!gj7I%M8Vp=H!ET
z&eEl6<0+amHTY>`;hXQjU;h64(*@l6@!INlctvkTbfNgL$KAcTN9_)_z!c?l7@bif
zmPnxM%pE!*mjdu&ckAWR+<a>(_|MgO@e!TTO%G5b$NX5ptS)@hTBV*27AO>3W2wE0
z^oI?Nk$>ZXTm|Fd6fKV@Ktl;OlEd(xH>4K_hkIMcI@}p`GBjZ}@!;CoKYnqzx7*#v
z=k3+7%!mAAn&GULlPx%02oaUZ*=I%)fSPWo2#fz)m|rLb1L19}@1k?Fk@-GzeqmkN
z8~kd%rVIA9W2qe|TEX6_*NeIJ(%NuF_ad!KDqFEw(fMD0oy;q$eKWk(TfkdgU7bhe
z<_!=lE?@6DO#U}#a`~xtxjt3f7WX4b5_&^~x6{d}Xv$BlP_`Auvrr0J$YK2d=nkNm
z;6)&zeUpp~wf?|$bmEO}EKQZZd5la8H$ujg&OVySjHpp^;__H%NoYJhJi8%ug7P|b
znGA|^)2W#i8l8aN=BU6JWqA>rigLg&YmYDOm36y*j3+><a!U>J*}eHxKa|_dB~M5;
zv3jIJTgb#N61^v<P#~q`E)C0<VnlR&(F`<dSu3k=yRZlv^Lg(GFuju)>E=WmS1JgA
z6jG=!AAJ>7WXx5k6LWc36wd^BhY#Nl@p|N)3_$fCdPC1y<6$Vb>O9n{qwTGrgR#}I
ziCdL!>xl4`YTJrEY%b`4m@B^{#Q>j{j{=$CnFj*YE9*MBqT&_#*OIhwYmQVYxuq9R
z0t>9;)~HI%)QB)wCS7qjGlH?Sq(^%fD72Tp`Nm-sf0JAqIQ^b+7|sr@t2z1K8EcLL
zO?uGsO|9MgZ<d#rZP#Z4fK&BWaYOahHJhbt!-5$W+AOZ2_!6a@x1UCQDy@%kJ@%4i
zS%1N`7|O?hDaC06`^(^(9DB!L6SJg(Os?&ubFP)Gp$5>Hd`-M|_4aN!L#XYN*;u{f
zuhO^7^lfUsUYW1Id|{7uD8sMb_1JW>tC_OXg>|pknSS^3HjB<lRKH3G|52VgW`3D)
zFhCm~x;G~2)E4Y;k1Rk%q<jl_{^0}fde3h+_s40m&sI}+W24oFbSc6K@strO0PGRD
zQMFfB-P=vMTd)pUN^oDwBq2$2H9gpHV8F-K^7w|a{3+?_{2BH&G(x^_T!QyEEP-p)
z?CFAO4JvRg_uBT*$%a{F@W`sAVUBiQz!cKr=fV4Nx;s2ysJ#BIVTjnc)`|1+O`k42
zW?gcqkE+BgHy<|9YF`L89Q^i<acw56bqG8`!qDIk1;ENxbnD<(jOA40Fg^=7*6Um3
zMR0X~o5#>~^GzMa?o*SV;;xXV_*I@_oF{pTU*##?4K?+ZuzJdK(X_Z5d2=Qeta~Z-
zhHr_~?Us6)Pfr96ewC*%H}Vj^sb?4kLOsRr@?3${H{0?YL<xBc-}Ezz&#9l&FL`G=
zV){V=Gvq0K=jUuwfd78tM5Z=J+ec)LO=67dOT``+)5`2sQV6rTBfT*Rs;&6LI<IeK
zbW*mVnT|%+4*4h%jh1swsoPPnBxg>cld|ZJ7;svJEhhBi+qP?auuFVp;HyjpX!kUU
zhXXDT<LdR4=^#~w!s41BFQ|Kxf_ql~oKbwzfyoXqiLl!r)C$3--`#oE+j_mj9*ENj
zvkmv8VBI}2r#X-HCF{}gAwb#R+UquDZ^Fd?C!8>>a~d=_(cj+dt>fOy7d!hDX-cj+
z%q)QXqBf7cZtgV6CGLib?jHDfC~0LJGV<>Z*8MN|)W?6PS@;^^-*1TjzV_|o_No{E
z{n4Yx-~Ji@{g3$A@!w^|DgEbKM}oh%SK8kN?e_Y^@7Gs5<>2qT(};6_<Us>dY27x%
zC%3yZ0_?*ZHP%ySry5rDG2-m*c~d3tZU&SmJU^F0;WC0a<_g3OqDm-cfSlm`68Ow$
zQsnEvWJ<Dl{7o!p#IW!;0ou>fmiA?kD+mC4%^nhzP#mfy10WK)FsHD23YBY;pd%at
z7#!oHelbPXRP^(@lyVju;sq=4Bk$9NfHd^vj1UzFg{_3nqaoMJhZzj%BrYyvpuej$
zfRs80%}?`~M(`t!XNpW;6pWH93S@|Rq|k%5Paa>AriB7JJj3kk3wdx6O%j@Zg0aQP
zrH~bb$7vxQ&ttVR)b|KvY#_@psWRP?Aqyc;-m09zXbY!CvK%in=d4)v1@o51jg@Fc
zFm`5+kkA#U0R9oG@f>4D_k?l>TFpv(*=6ds$x{+zn3ouXab7AY!z>yErxE5n1@azI
zG$RmGzG())un=>GbtW-F%Y(Bl8!Ss!8kIKy4wv(rGYQay-91a~AU>I%d5HuDnfIWS
z@a7A0+w!)TECq70q><LzG%(klzwd4R@@(h$h;D)a11Ql7J^)ERcp7vb+xJ8Gd~Ob(
zk<n=BO~bB@F+){CZL8!KCV`u4w1X#4RK?JWjEM*{&MrHRqM1s*gvJ?i(G9e5#;ksg
zG-T%}ej2he*a3j~a*8JW3lJ=Tq`nJHa?Q}Gq>LDf=2$0cuq%&4J)gvnW+T`_*W(!N
z_GvC*Gt-XD*p(`P&Q9^t?F6QqqQ}GR1E&)4RydEZg93$2D1VM=YRQYBBY2!I+gEeg
z4IDbo$()%EoQmKZxqgt@Xtl%N$)UJ3rxcBvMmJ~R1v_c+8ecWWp&6gKoK2YUk{ee<
zjMqNBvwH`nvDn<4PI)UzVpCk_AwrECrMgg+iEGBb1NJ=7KYF1j;q7A*VDnnZcO-~>
zlJLO$JNPx=+t{fv>%W!Ch}`l?EK4Y*D9JE9cA{9gz^3;(j#j!u9a+ReFl^;VCW(rQ
zrd27B3>i+I&giX7);nb^L6&(b-XZ{8K%>93m6ayYE6ho#R-wVz)LIP<doMYLWl|#w
zQ71oA7N;ezYt#%Lq|HDVbj|wO;+(>L663z;?dm)1Pb8_Cg<-aE21|rabYm_f9@9u>
zt+OC=j}^Qe7rBs6iJZ;@_K!kXh;{1ZpoI)e(~m8flgM8K`TY|k0j#ha5w9Q<G<-bU
z0?ipYhJysqDT{JcdBdwKc53CiOpP#eC=j0d`p*sycDq~q6#xun3QlGK*xh;gqfS{_
z0mhJkU|a&Dv`#ato%OwXpDaPr#sL;g5zpR3*#%@R<V#MB+ju<5#>l0_v;%<z4w*?4
z(rBMj!e|lBpfDI@@N;sR5RbHC-!xGrZn{x}1eC0`NOIBn+E`$3UDzAeQp@EhwD8eb
ztTBWRlDm&&)}pU~;BA7h<9~1xaKxRDA(ruCdudY}`P~u{z*7aBDVc0bJOey#U{C{X
zU_NW+anA`DTm;^4k~KaW=F7p0WCGK3mLY3793l{h&30Bm_%*+PVYZPsMi3_;{ii8q
ziNf}Ed${UI1feB%?*-}9TRIfpW#!y^ezUEQijO;kz^tV9>{Cmc3}rpN={%*elBUQQ
z=Og(u_@b8?fvo~bOi<rVsUZqZ^-N`TWC%fKIT!UzX$vmp(5t#|9Rqbma<^cwQbYWD
z+1PwLEcse9wWCl@7RAGzXwXu}SLU!1z!c;5Fxw3ghaJIX-AIBk+G9Bc?Zm_4(2T0u
zLU^0(BX$vUXeUI&-(!dfO9w4@f6xOe7yko<q=S<WIH{ciwh?h`v~XUq7NNyw@D9%{
zy6r?t_Po3G{8jg_v<5lK2rx;c!XY3!I+c7BRkFc2l*;kYlB~kSrvQ!wnwwe;wYBNB
zEKrhK;;F50UlBe*?+Fy#m?Ff=5uMQ@OJgSlgTjnp$-yk&@P?287yb+<x}nI6cD7Ov
zV9sCmCeyU6^B1~mbp8lv-X5dpcjdc_Xg>Bbnxsbc$|PTOf<N{sRLGt7ELtq6-A>8W
z1)F8BVptS)2c(z=YM8keG#Npj#hE<uO3?8QdB<C4h-HX!U(t#O0D_8;JAt}wL8HtT
zS}qg**e02AVUC1mpecK@WZi&3AxylS<G7$0diy)gY`6!26&U=J;mcZ^{^-!$z_9r4
zaFH}?Qd~LEGu(n2%@Zry(9F@=1EGI-FFSx{jJw?G?7{oKN*q%}Z!qV;`^;n-Itj*N
za2Vs9eL*G-4Qs_qYry&KDGe>hYX&6A-@apm$Hi365%&axFU4h6WC;(x^Y_H$vx!Xj
zSR<C{X~{7iI!C=o-FoTlim<!SD0iX1ON<4#j>|JrIxmXt;gvT&LQNS23l{u+1w(Di
zs0nX%p~cOh<9HI`G$rpSjg|5BKtV*_DD)wNWhkZ^P{=%Di<2m2C7T}UcoOIE#R=Ag
z1GHz{8D*oufFx;l=>)H#`HaNee>kjJf|R3~R8OrT@Wv!O!qZBl1z!-C+t49K(5^Su
zF*yQN6ZutjGa|B~yuk(7#LmN63jaPajajl?8kN&?U`zO=%t<R$p4v$|KF;Q+K4SYH
zv3aEeQp={fDNimC#VSJ6OGlW{k70(hvkvgo@00-{^%m`+N$ct!XKlr0Ye(nWJVgM1
znlsfci<K3F9-is#TfleOyu&kV_f9Eim~5teIvQ!k_<Mx4U?r{!v<`rWL-AcA&Zmgj
z!2Kcxw%K{ZvrXK1&^#uw8lFAb6r~#epzQ{)7B}@S!AfLT&Z)lCd4YrJdx5IsiSs%^
zdqx_kk#ykMQ;$PdTUW|E2N}D{e3-(#aza5UloT!(i7D0KvGLBc_C)DafGOg+a)P|+
z8MH-~NtB+!-tPPzri@Z=;zGSs6*+n{bNtY{<L6k<H&BK%-O*v+j$AI-ifsT58}|7P
z;e-BdoqPDA1|R8kuSZAuI!+@>#HEpwQXo0#=O;z757*B^SDPuhXQGB1gL@;u;H+U$
zO~}hEN@{cJYN8Y!a)k-nhU!321NGy^t0^I67EQ07ZB?agjtiU&E$&53*9o<pEvIJq
zryphpitqIRVSz&R83eJof-y~JKQtv38<SQ`Gq>rne^2m-6*`7^(PStFPCkEWSC%!Z
z944;D-A6fOcoJF!XO}}Q{iZgky*D*qswuc&fe2v@#*e1a?1~tGiw~UC2vG06erKYA
zal7ob<;5P+D`AT114AdO6Y53ppPE|;*~TT2ip4*bbWw#;66nN6Ff4gt#z@$Z#+L>Y
zc*XZ=q=xWFc15$ydK;JxWU<l;@s(^CY&sF}Z0t}napgPNbndQ!-VfEjR<bghPFX|5
zBJlWh632GO_`POcl)8e2V=C-ALlPoRV&=JKVIXf~`F>up>+nl997JkKJi%ICpPScu
zg!o$K7)tO<dd>t8?`7~gA+k2pA$Bzq>{0EqZpdQ!MtIDfO{^@PE^QInSI9PY#F#z-
z&R9Yn-R|1F5j9Ofoqenzo~xB``})M{>u;64&Ce%E`qAF3HYH&&8|sLi#H}PnR?}>G
zO749TVdycFP1HVNlT85v*seNr%d^%#X<6JXI)%i`_z}&4P#EV4K#{ys@Yd`B4^+l)
zJd<aVZq?tW#z%{Af4VnwPCNl!%S=o>6mD{etAOI#AwlrZQN~b2)TN~E5QUc}HbUh*
z8J!ECr&L4ab^5NxL#Tso-ruwcw3#d1(lj^Z*9iri{&*CnlepP2ZzetKNDGJvP}i6e
z2=je2Ik2+C%D!%B!fW?8_#s#g)_qom8*{c`lL1x4@R$e-R@W(4LW)0HUDFt&=nyf5
za^ftt-)Z@r15;Sc8S(kbJ_NYd1cP0pm53wd8~uUiXxuZ!hy%3COiRM!p>SNN#54pp
zRb<qXhUo5#crJ^(rXD6~NzAnvPqo|CnNXZ#rUq?;;~3?*b(c0R?pHOBmzj}u%((sV
zHkpwEu0V`ZH@$j%Hg6e!v{*`)og^rv(jlT;s|F$UfUW##cpX**f*|M%E##6AuGAa^
ztT+-c=n5Rw6V!r7?j`J}ub{~iq!!igWmV+BROlg}#%M-C=&rVd#r8DRE>TvS+r1%>
zU3`q%!n1zXKx-fq4nuJl##GgCHt?9eE^VIVe^%AR7V&7Dq4BE9u-zbAt}Gp1BO#;f
zvk}pDO7@Y9Zby-Kw;}t~TU8v7#T2P$H?XqzYL9%afT=#eaZ+t*Wy2$tL`rMOk#)~0
z9lQ<sma>jvjm4){R;UzdtTRzpqVg_X<=H|jUw99kV$g8=FQTNyX;OxJ>87nW)TbYE
zx>otnziqYNd9t?^nmwBi`PP*#A|gJtC`^btuw=9GG0)+WFXhSzResim(FWf`G`*WS
zRCb9q9a$GDJBB2u)|P{vQ|y6X&6vv3q8dB7G9-#LS*+vqB+8Jl8H_-H@u6UkRSXIq
zC7v(@Y+6_&D;ofAm}_{{P29F`VN*k;%V(zp%FZvaE{D~r3bnA(Eze+m<0SSX;~7_|
zWgcpTk>fBm^4Mb~9A*rMFClR(DNSQEUDO~>!J`r)DdbH}HU^ddA+5wdOMA`SNa^Mb
zB@O?g(s%`VoL{)%v8x(^5lrgB`J`xuQZ1)0N#Qx*`KX>}W;AhH4cjW^0n%t}>4H5}
zlJtHh^t0weU9VT+Hw}qru@st5NDK?n+?!B!M-Rq%Yh6+5{3aTl3kUV_GR1?;x^^c~
z4$XscEQAfHS{se6t8~I6Kv_kR#@91PwH(020$Id+Sn?IaeHHrs!a;31;k_@pS)n@a
zJ*T4~Fw17;HC1uRYxaG~cGp=hqySVw-IdH*CQHeohobUmU<(MWt`?742l*m0;6<^b
zV*|>yp0d&4CgQ97*s$Ifg?d#KnwvR+LodM{VQs8?&Q>YW75iLQ4>zo<O%+97LUM6(
zNM@7C4AG@?w6o7h_BAIcvu2tEVtj=*>a}r?<1GyQDcQAXy$10zw#_093uTWdLB%@<
zijxJ*h~HG7w7!;}&bGGtsCYWEl+u<hhN{{Ycptx#-HT@lrj19?&(#=krLG!{+AqcJ
z7e$&V+1bj+zSg*{F^3`72R%R<w)ghU?5Yq%eB<iz0}9yqaeO3RYTh}i=2|Qk)lz)f
zRI7;=7f^emEt5#wcn90PcZV6SoL_HtYv%ToWg~BbZmY?ypHO=?zr@~jXLr4R*{h-;
z+DAGs>}_mI#je$feW)FgZ!&zGW$$={#iL_{g$F#FRpB{NRAo=H=oulPbsZpq(}CCw
z0=yIT4;4wA1lTdjrf26a^HPdqbQ{aMFQ+lLwTrVuk=~M~)KZlSx-x^Z*x^JS97nCt
zU72n7u>>Ea^|U9}669AE|4mVt+}=5d37tF&u!_lN-};nnK<jRCGzLOZb(5n5uXvWh
z_E`WgqO{>4wAmc9TiTEI=UocV!i>i?R4)RZ?6b6?x0rpkn=FCnOD9}j2@Nr}aSuK=
z-J^WQz#n{^F>X4s>c(9@zv>6?on`-$!ROk;8^>=b$c>}6?)s<c3EE=z<Os6P7srF-
zLxoof-XwfrN|7MK{WG3q0i|IQ+b6+AA|4;KUXuiw_laZ_`e3^(5*Sq(Uw;ra0>cpc
zqNQdJ(LR`qeC`^3{XiyPMgaT}Jgwp=DVEUwu}PaD*RHO_CvJ~X9-K^*p<I!jM3|On
z0@OUt@ubYNNx{AaX^i2roQxWQ7~HthVBL_=eo^IBw^lY$NlA=AA;J}9@;FIS)JRIh
zN|_G_g`4aB13*Eum$sTUXLZqxrjaat2v@AhtLf$lyZHf6HJh@j-<HZNv00zv37HCu
z(t*$ryPYUK!24ohIoJx`t2fGxL#gkz>yAO70xuZ|W!SzHaR{C*wciQt#h{~uU=;^b
zywy)b@(a+$#W*luGwAMys@q<{Ez0UszDWE)!OAp(vI*@Z<}`}V*c~T`^`OD48QO`?
z%!ypukP=e1Zi#PNWOtcO_eZMx)++n!>?QR|tP4siNO!#ztL<H&m}9Z>UQHXpD_>I5
z;`uHR9}EXWWun}KyReh-x#W+jh}>@Y@gkmgpS^h*-n+*<93jeQIfUsnfK?3OC(Fh?
z$vL)%==jmGPm^|MQZ`_kmCx(H%m4qT_z&k_p^e$`A67e^wTI>S50C$h|L{kA%JCo0
zDgHxy)x>{T4ccq#@c-4vUoHLvY|<1{aEO!qx$iZ9ey`e<-FN~kJEA0<Ydk<tW@RsE
z+_XhWfUd&ur}Z@H!Gq=Wqg8^%CaVNIuwIL(G}mzIFXQ9Tbj1?T+@^|)kLbNjZtj>-
zAh?q{Zo{hhS$zJ+jV;eo^vr7h_U!h}eVDBqnbnKCNSqFwyWLt3)eWnG@cCva)lg>M
z(Arh*>_}Bv*<+M8>Q7Bm`3sKE%084%Ngaym-+m_k|LHUP{7+84MgXYU=YRXr<96FW
z|G!=9{CWQW5g-5j#}x+#puN2I9Wnrq;PhYVtOf0F*Vn#VZ$GMF05}L7$u~>{_M$Wy
zV?Gm7iQg(3lpRQC0A#2fNGCb*BI)ezJi8%~PBgv3;kdzWrja}|@Sz-0#KtbgOBw3O
zrz-hS>KGkKZUU)6Zu*X91||YMW|F$_)!GIRm9bXar8H@(`A*Z#No1S;x5Wu1b<AQ*
zkpxvBL46Hmj9C4Q8%b#LZAX){sqv_l)N|1#bU2YjGOBb3rNfHSD$P;H<nOVP?@(Gt
zEAx);>{$_-a1ztSJ*oukd{>T3sIM!N6`7r`PR(|^WMOv86;X3(=c;7SVr@&PQcU3e
z2y&J*uFqaH6DM-ba?`%CkQMFbE3Z+<T_bJ?^)|O&sZn&5)&&5SJ0}cICF+t}F5Z`~
zN+k+9^C%ZLI$s&yfUEEXe4FOxl$60-=%jiks&vcb14F16!BZS_C<DK6)rWd`x;mD%
zZZIn{AQJOeJ;xp`aH-R5uz5Y$8x~2+f>;v4s9L#dx@kd?lv9+Y^gqQ%b6B0O5vo(v
zVhl)el4rxXh@FU^r9IM~J;Xw+pK1tuT%zZc-oZjSHe7SU6ktW*rMVPe4r16lZU}`F
zr?j0K?@Tggy7$DLb!{3(;ZsP{O=hhfO`t6^B($Z}nWHLNt%`14ouzKgy)I5RoE9q9
zuj1g4xQJ!@9J+=9Ku?1>q<Pj;_8u+J7L@z%DRjOc=Q%PYy0Uhkh{;)k>$10mc!I-j
zo{l~LMzdGF6VKY8`h8wL5ev4PFUalFcj&%N3cl(X-Io)Ljc)Az&6+yVJ9sJQD`RC_
z+e%r+Yg=_4GRz$mOqm`Qe8+)ZD68`tQeFs|y!B?;FuS3gVXmX{qv>?JtD$Mzy5m9r
zaN1@IdMxgUDF(UJSSAC8R@)i&S=F%R1lv^OH-0(620VBIs0Dvq4y*)g$xdN-;{?-}
zC51Z`*{~~DD%N0Pau5MN$zG=lq6YGMzdG5<(9d?F(^AJ{wOR?#<|rrQ04Ie&Jhm3m
zN+E!;m**)vbv&-&uF8jaQbve1%`an|RP$O~mkhC??1T=-E+^TrCUuMB+l@o>IqMP!
ztlm(@Olntp;pdm63Uc3%i3KRYDBgLAMb^9ntCW*~{oU_#xBL_@PTswE+zj*#-#SSC
zmxW8gs(+a#{f~H$O3CF;;9M94=#;xPJj*6<5{<~@bMN5!o87I}+CnopBykc%#KBp7
z33WHHVz4zBBsomW&v8D)021x*zh7Gpo!}|TExA*ry-S+*<##2Gu6!<cNH$jkW9gx{
zO;s}y|2Z)}6fV!)(YMlyh1b_zSPz!MVxc|GzxqYgQnU+*7DY1{jpH=OPTeRaoak`!
ztxjECy4sHxZjcV3<C<@EbGcTDZT9t^3|Tv2b5x-x!HItlh#-b=kYkh-8aVXdSsYG=
zHNB!s`--(0@}H^WA2Nidrgmrx*nucV_NR`4n4pjtBB1|gX1i!cZ-?(Ns%2xiG!0ie
z?>L(D+v&S{F?r|`e(TND+S?l0R2cgfVi3&{LVrRnyHS@qL}>^N_w+IvQ!zN^>@MkG
zCceO?8=tm@c&xUas4~Jh`kWEcV;OzjxRTlt4{Jx<k$k{B;^f_vn(-zEh?7~RURI+S
z(QxWl;Wq2=1iR)~BU=43fUFs>obylq%y-H&zgC+0dJW9$<RU9-H-D>LkAeD~Jr4bl
zMh&wEr{QbtCQJb`v`^?8>;vj(8go!W+9>40JX|6IH3eE@A<b}u3=seV1Lw1LLpyY+
zsN?I{=JIkP%~E3@mY1j2BGTew^21<hDGAUsb4W;o-q5d0ZX4xcLoEypUAff1>4l>s
z_vtkB*>IgIXEFfh$hEEpkZ=&sYfPApm`R0jV8+&Jeb8h3AhU7v*q~NvY-=jnwllU5
zPlo@(v3;l*8@HO+9kD<tB^72M86!qFX^NU2u$ug%76N~8w%IJKucuuK+_YuwGorB6
zwV=U!A(V&<)>87O0R+}t1%*M4%E?mOMrIS{2y-`~>5B>yMxn{rPX_Tn;j@PF223zk
zB)u5gun1vWbkMb|N&c`2TQAw92&2QzWT|7%jzdI0z+2QRZ%#LY>E?%)Q&J9GoRkk{
zN{~fRr|3lt<bX03$PloXEWy}#jU^`8v_Snk9mFafg04{J!|FuIoAl@ahB@+wt5)8h
zD9=G~HVGNL(0C75jgyPw>Y!)Y#NzG52aOHFB1e^BC$PV*@;DcTj!}+`qK`0<Q%;S@
zMrWAP!qekei_%u6_KsM-@`Wj}tCMGe7}G=IkX!k)Se69&PNYhc{t6ZF^G&6Scb_Nb
zMWWJNq3*6px=Nk4>I$FWA9*4=j;7Mf>6}$aeef}VQ|YQ0Vs0Sfq|Gy#tVvT<lhtTe
zo~m+EBNSs*QX@TQW$EkRbpJQw{&)0MlK=e2jrLz_?MILO``>o^Py4Sw<m24`jwJcd
zcaH5>XZ_LY`s!-=>i0OJWM}8uApeYe-im}Nqq}EIxpkHk)nIk%6Z_eSuZQp1`YcWR
zj_HagjYhGdd-LcV0!NF;!uWLx1ZfZz5q@W7?L3m0dG5u$(gNWZ#bEi>igOI&$<@Y_
ztjMSUhT@-R>ZHtvj(e!Vs-i~~DblThU{;(0N5TW46X)RYdG|0l-c!eyPA5m1<<j_4
zeyNvdeSR~_1~Gq&|6$%ng8@I}T!C0_I^-{d<U-dp6~@^mKb@u{{=%6J@k^l|nBw}l
z!S8T<V{Xb%S~F=~lT&P)<GtR#qs)8R*hN>}5zPT<>tSAwR45W}j&xKgDs!4#HN5It
zm3|@N7XU9MbrPYA(&HLKdd*sMHmPZ@?rTO-f06-aM0rt+=GQsiEV;5#ESZy>vKnQl
zl>WfpgcbgW$8=F-3=C;Rc@x(7i1H%Y2783pRUR_M$a9fVP`HNTV8n}=ULvOpGv57+
zR@*D<^kSs-VrgdeU-L{1T={+dZbxuwPoF%Y*P8Y0V{Dvr^h=NWg{MVQF<P{~NyYXU
zvBI-%vQDmntoT|bw{T|7pcBz%M7nU-n=`BM<s|L4%AY~GtVLSSLMx(;l5i|>$AIvY
zcMz26?VxxGJg6!o^r(2Ndi_pKp3GYViv8f=0Vdma_5n=@h(znY$JGC;2^9aAe`fN3
zU&HwSKW^mz+TT7d^M7lrfAW8S#K+_R*!cf3oBkmS_!w>f*H+g%6{df8=KqY<|Hv`<
z$6vJu|JcLe=dHtia%hKx<T{%oGlTJ&QEk9#DoXo<9z*C?&Y4@9_b|*&JPzg+S2K^j
zK-z|#z>-Y3_j)_~&%3`g`TKtNXZz>NZTYfy@VqNuyMN)tVRZLs4loJVg2(nk5cSaz
zfe$38vi1DAR6ct1OhJ6JE8m{){A5~@Z?6x2mTzzN_vG7dcVB%w){o@N_QC%4mU_Cq
zwX0z7&&{n=#`G7bHJS%hxZr`dVJBNVV+N#g){KiL@CA)VT!bnF5gY{cXFd28+M!qK
z#C{OaIo-gZTBeveUZE^-4$Yu(W}O=tuv51z4G+2DIn|MujbR8iv34kK6?p#DF}N0|
zzA@Vk<L*q-OuvS^un}6LdB>08KB`;_DrJI=3d{O>`VYJI50U>nYmYkLmgxWLpZS0P
zkdICOamC5@yZu;sf5HDdLHp7A+QUi>!0t3cAu}Dcq9LoJi+C~yZV^*H-c=(&DZl)*
zs)HmeJt7P4o3gLs)%6z|h%3dXwTaH)Xo`lrI{xFm3K1KG^)sXq0o#ARK0J7d+P{r^
zp7p{oFS3$d0seZ98DN9OXu?uM151a|M1q^7Bqv6bGdBzTd6toqo0XWWn4n6l!R@;p
zSenUnT*QO>^I<u5?J(*~zFw4|MT<ZS(@2`Z(ay`>^A~7Fi<)mt)JOr$@HysxJ&(p{
zQ2??mYIAvfH_<of&L~N7^e}C7Vm3rH3Aig^d6cpUO=*E<d2j3J6&`xQ@A~Iq_t^Ti
zeeh=gm@fzXL5~4@irzGjFyjMFHjVp~o}V@V<6zE64?|_vgKzTSEz0Du=<kBJd4H0O
zi{LFRN&fEL@~<hXA?CL(qGZUC;Kw?y`MSIef>uo08IVh_;y#9pWgNCl`0zEFubL`D
zQY4@>_K#_T6D+P5R?;qb@776Vo?}YTLCcTxiV0-V?}~GeaUZ<qX;dz-3jvm&XO}vv
zPLfj2WE`U@*-|AD#er9YJ&Sq%cqU9Sg#~631_@iC%&3Sfq4pSCY@H6L`MIo96;k&`
zXcKxCD`z#?rwE|wY~4|QW{i2ptPSzdAejFqUk~P+!PvB4F7YefRRFXb`p0%a;~FCt
zEHuqckN7tRDkvN0D+Pl)8f~ZJ*r6E%3@V~xN^<%629XQNx~>9wM1r8<ylBDHoHo=_
znDJIv09i@|9z=z`Xw;8SqW;G^+jNYTnZ(0^x>tF*d+=;)_lSA*V4l)u&ue9qOc3V*
zbf>7^JW1#N@!M;W-Ja@UsTHNjt8b_?qaoh}oiD&6AcedT3VAgh^sMyNZDIZ~8H*~+
zw&yYvs{yz+UFHs#Q;&NUYAr_x8C9zGo;~Al{b8(*F@w-bLyPu-f}q-%odQ))&OFZ-
zD<F-UfWAHHy31<zrWjRMkHfW%qcx)&Lo$nlPUu>czjB(QK-oW^V#t5K(-k>RPC`EJ
zn(DBmrIoG8qZz9S=80&~EJ$Q|I*;D$9>eJrs@BV(^+_xJ<*Q7uzhY-mH%_*3!yvt6
z>xb?S!C5ppL0l63G|w%o6j3xpe9O(nw+!k&SzFUG_4V%C-agpf?QS0{Mx%arTW72~
zGptkA5EABG5cpwtx4U)J#Uo-~E`nbF^$_zFm#OC&hRlWq^2IEofWSkYT?kIvVfH6F
z6PNbJL(^U5SR{ruSQ$_C{=1M~yXnLH^hn;VJT^i}&H!u+L-#J}y;ftrPgWDmOBmC2
z*Mfn7E}`-Be350G1Kxq5PHpS%BVCfb-Pjc?Es)ws=47Dp$~^~>3Cb>_Nhl+;48*-#
zaiDwtY}N2f=C^45hw+h8|GePUD$$<P#J_`gk8*RBVF-`16CY;L0PFLpu-xyz3pr~r
z^Xzy6@d1r*<Up?Ij<9btI+Wk7e<x&jPmN-`lVO}T^6;zmSMiRwnn9t^%y*L<AuQ;;
z<6~!5TC+x_9y#Q(ErN>MLAwvoY7ZEU(YTU7BCje8*Ja;X33In`?>20Mh5*!g9!0gi
z*T?ffrPcQik8oViM{$HW%|l_yh7DCjK!7F0UjUn#t2CbDxpq$AacLPrYE^{&_S~bm
zC3X)FkN&!Uy!DIPugbXtxVVj(tmM$119asue4kyVpeX7&(km>1L=c<EP8&+ZcmhA3
z&W9np<Y=B0z|+-IerA06bW!MiF?M|^Jznm18DsG}P$EltlZu#3Yj+ET!-4Wfeamv@
zFFX6M-yGAu8PCEAOahnSQ=aE|!^hSMUBDS^#{rqf6rM3B5TQ)OyZ}fcP%~tID4W4F
zd2y2z*&04jFuxm9k`n_{#XdWEJ49<m0JZRIy1>?LG!Jn)$XT_W#+Ud+U(~89P-At$
zL0=W=3|la}fm&JRHa4XR_Kc+0sEI42srQ=;fo()b1m@IW-n<O-n;ZnKlO@f@^1VPp
zf&AWcnFSL*tma@k(VGzivFO>I?G1`Vx{N1Pysm59w`!yZg=*rJWG|pf1@Eq)XD=<r
zlx!f3H?lUXM}3nCoOQhTbgj)14tjzq@??IKWb=7zpWZj*$2w~qD|X3GP;kV+XfU8&
z<;D%hpM_O1t5m5wY3xom12sF&QVtW;Yw*$ZYpP8=2LnmCf#7u<IbQ<MelbwO3c5(9
zmegIx9fnL!Y*XbASz-riR8k!#gEMPe=HoqjZ&vFDMtYDH#r4fNXH%DKIIwh*>g$H3
zMzQkQ2=Ci4D3d9I6H>y1mJUkj9x5Or=sFH>vZ`g@5?fLMMWX0h65&&mFcSG)am56D
zBALQMjxw7<C5*MYyY8-^y~CI|9cU>wg#{t4(5zB{lqr=iUh|n}As<_I6>!pbc+&VL
z59e<LRKcHAxc|C@h&L%orzB$tm4Q8%H|9x)1-m|*7M>bQJ+aWo!m$#iBsE^#6WQht
zf?72?pDOHCvK*hBC<Q7hgUq0H&IwdwdD5B8goP?lK*S~)5lJiQJ4LKvV*8_U<CNEV
zzBM0ebd^_J0S-ibjqh1*rWH7~cNuGINY%+|g<9d{)G@EJNLB;Ky(FHj{yua`zS)Z`
z!0~o;PeVose2>$HpBtqK9p;=I7PJfhd6ZLHS4yIW>lO8ZH0NF*0d-3QheMPM8&~1n
zZ#W3}^0xC1=M5Q((4zLGbmO$DEcll&XmOmVFZzj}15^hEfOA&lQf!yk$C6?x={mnh
z&IP;HT2N;c20IqrbX9nIiGiSO!4w$u7?EJbV>iqJ>0to=x`reZ<Vwy~6Y>V##P92S
zdH4yk#;PvOU|~krYkH`PB)4f9W;f8O$IB7)6|9Tf!Md=cDtm4{3@Ek$!8+ci?V(l0
zUcip9w}@N6=@Nk*soASy1UrxOP-L~D+d7hi$I5BHDreP8;z{XxV4B`l!BxU=RM4b#
zcx}drKIut1jSX`p7M<1(*yJ7Xd8iF*X-&Liwn6IFO}!VFg3gAshN^^GKc~XdlFAeA
zb(~Ad)(BmQ1M9G)a>(U2Fpo4jS)t%H@1Oa;a9LXXPd*~nj29`qeb7`6*%VTv_N&zn
zTo<exyC{HI(B!gJi6z?Vw93X<k+g1<5%ET6JiQIPP$x5yU04MeNS#f)J&9C?4*xj4
zAhp8I{?4&J6Zy5bfmO14J{}KVdBLl(jzaVQT5v=%);W@YArz8e9{L>Bg$z<*F~lk6
z>7;8s;K>wtk|RnYqc$xmP_^EGHnw7Nv@EdUsVWFSrQyHTz#?)14fj#V+@kU~Fzm3^
zI%*3rj=0qi;^5RTIO=;8y1YqWFU(h+^wOA1?5af}w1o)<zDd5q|3jOVl*d|uXWcm*
z9Ur_lj4L6fumV8r22)bO;;d8Vm&m#D!RR1y3Rs`(IAHidF42?NVhrsT54%UlTZj6V
z113Z>RxYkeL>A)3bfNohoEikcOz@`7!ZetOKcESfzv{P9{z%OyMjBEF3c}F*hh@yr
zP*mFLblbUyTvfVuY=D{#-J6<5Y1DEY8BSYujKs7b)Bx87clx)Q6*IoD)MH0_FwIKw
z+d`+gW#A-1%W~;`uhvCa`umK=>f42VY_f6$xc6R?_YjojRb4T8ev^*Zt)VGQq**t~
z))2Wehd{Ls5#E{rdK@_~5vv`Xbca2tlBXPMpp{gLh={5e_eVp?QJiT$=MqY_w`(P&
zWS&9G#IlQl{)rOEhOkb|bDR?MHi}2t<l4)5)BR=Vxc6dfXZOuvS0QP>ESGeORMLYB
zAsHK<B-QI{asB}jO8Be%E-MrfRAZRsu`H8fum$Arze8(EqyB@_J-~JPdGuy`yL)u>
zzsu2Krv2w1V*lTH{AlgbpZ=f!rjKX;c~179o%VOp?F~R%!4~Y-E8xNM1nu4AE1bQ%
zQF=B7Vjv}#Gt@u4ezV;=OtNP1Y!dwwGrOD@#dv*X<?`}!dB}z8lL%O91ZDA$lu_A|
z>OhjVdjb7&ElAON(zhyAVTWB~P+&Jt-EhIk7yQ&cJlZ+fpPR?=!=9OU-irBxe!JY6
zud3bKf3r9DXtnLRyo#m6+`JilV>`qcSPxsUCf}B3(gnWt=J>~h!=qqs{%|?ii6_7b
z43kmbKfeZ+W;ytA85r~6MRGQc6G}GwAozJX*p7#B&dwHal1x65@Hn2tsNYX8jAS2;
z1sm_5#CiWIw7(EqTAVp-_Gstj{?;*2!@2oiSJ&2{%sfF8IS}EEKpIGZ+6ZYS2ZZ-p
z?J9YtlzGyEttPT;X672LcBnll$9X&*WUV9}0CJH3qq`0-caDw^|4MhgSP{uh=oIPh
z|Fm;>uy2=WyCv-VVkyxH9poaPT$oO@QEFg13cp$lo^qc9cIs6JF(x!pGKk&gUw68@
z&*xmk=pG&(zS*Da_z(FKcW%vpzSrHGd+0xe|Ia;wo+uv}VFS$BufJ`WLdZEZ(5<1j
z{Xz_k!m?+9=hK?AUJysSaydz$*vT;Kf6Ot)X-anrz^kterhs3-v*Sh~5j?j&bZk*i
zdT<Ev;z{T$L+EB?aXM(K8`j1ApJC+?e#X9(0dP|Y29Qca$^Y4uXVZZ-M)Jl+(2Ul^
zzO(>mvp$O)dJgQta2KT)TUa<`Gbrvie;XGQ-FSw7^{-U2N2orWL^%k72)u;$$NLBS
z-8tDP?u(t>xw%#M*|UQKpjP{H9=aXxA`wy^rXJc!NaHyV>m=*woQHSp>N*FA=R8&M
zPv+(xyDxO3bKiP!emv}MJ)fKV?w(L8kh@0Hk@7<5e+(jRbdA@I!M0-&=TMWKeUR(6
zU(Iz^^^~5)X*_{RW!<$p1k~~3C&<8F_I?b_X<;6kL>9Q?5l`T(Vxuo2de~nJGq560
zC~ZFu4ZUI2wvswq`^$r{vwz%uDIj*Z@P>)$$b9?AiOj!pkIswNJ2vkxVX!Z$f@~AQ
z*5K4^Gj=(ms`Q9I4b4KA$-|76m?TzE6uXY5JX|a)#xRtAX&bvmsmy6<(=e*k%>|N*
zz>ct7KNuc+!`!Ns`a{at!Buq~ZTEY(YJ6dQw>o@tbk}w$<NPfuSyN`r6)Wp8Rjz34
zsyrqPBiFPMrpT0{+pMT~S(;tZ;MHwC4YoO8sM|^N;dzn#t+yUzslHgne|CLs#{Bsp
zloIcAAs`jGMP2JO#?PXz%XWel^^38++FsjKo^l-5wcXa=I`u<P(eJ(zBo%Y?c90wr
zB_aK-dChK(To%!`>kHBU?1fd)SwDMqm91YL0K;z$<J5vCPu=chCm*oX?PkMJaXpy3
zY!xIebJDmP%N_QKdGA1|JgVwvQ=g5h{+L#D)_Q6d6CD^Vs<w?3jp?d=Sb3)jrbNBX
zX=O4-RGy$JyL)}*I>fZ`ct-U)tn$pIm9=C&pxeNyM)E~-1fSjl%IT>1Tu<!_pehL`
z(;45?m)mv)P1WjWrH@S5bW$eD?#4Pz&3Re_X%_uBnX$g8wW!^0BI;B#5LmsIBh-v~
zVebvnLEW%Bkd;HZ;BG9CvK_A{fA+$Btl^_5w&)#sFOElA-|mccv%EGc>tkv|`8J9B
zJ`By4*DjxyjjI<B`mN&*Rkjbu0I5pqr#wzCZb2e*7Yj7s2k20T1^H)TLH?DnApZ<3
z$nS&&)-vRuu?%kYTQ0+U)a8isjum&-qToBu05xT?7xjpBtAn-cF!n6hD2vvgc@6Qn
z3kd!dPbS#k8fm5)phrgGOQmRR0m6Bx1jG6)Qj^6K1!ZuDv!-N2BNl^BFQ{SEwN>_k
zRbl~Y=}aGR>zh^XXF6K1t=w{kN}#W6cS_yTiLi;$cx#ugvW~iqD;*PZO0cVA%W`#e
z{9?tYoC6ct3SY7^@bzTc62MoKX-CL8Pf3O^-s~UyN-}x;%-51(v)$LemJFVDk6&-S
zIqLdqGJ1nm_TKEyeOs~KXJz#WzPmh+BqOc2#3K+!<KZw$W8jqCWv)VLGFzUZwXup)
zy5t#@q>2`hnSC`r_<|R!r_|{|df3w%rlUf4CDe|qRc((d?H4QOaMnIAuCkLfCC^3_
z{PA=;<j9ZtR{^}@218*RU(9u_PC_>NZDGD@TT?9Ozqox$dCwJ;%;DWCR@mdTsph}r
zsNFaXm3xV8eGPpGJ$QcA({Rq`Zv|kvFWPk_k?ynTN#zs2A;*1R5`gMFe%LXc$WKS?
z_Ufx?nOT{$8F@7wM)@WPjz->x#E~E<m3b|I{heLEnn~X>vuU{`C=Hw#^&3Y{YWq@$
zvoyZB#|QhRIdj6WS2p})vxE_zlTaSc{d!O1ljYDjKacLV%26>7SL7QWuwi+h*hrj*
zYG=*xHwBRHc+ScYW_zp>1P6rW^pP+G$49e)c`nFC=bm+(kH%4voFp(O*FtpYP;|+@
z-3l86A^2T=KhW@c0zGFkfOe&3zv|!?rAygz{j)xK*Q@GozyXTj<1g(tay`sI@n&b9
zs$7N{94^B=&ll&sDpTFXfTK6T`SKO0xPiN(yV|Aby2wbEZvK8eIG`X%9`AyW@#?%?
zdb+!_-}TrQf<cVSTIu=m*3K?QReI=kW)$TgOPx^>ndTbp;K>uGe_^R0-RwK%Fg`}9
z81>gJhmXnyc?4d|_$;iv{N^>&-^6_o<0SEoE?PoN27#<X@WNbjQ{-mJwRyssFDQx%
z1zQU8aokT%@lNqV`5rm<!F(J1W0sY#OH8*g5SYX-v{Mmq2;Ne_97%r#4GzmdDnMZP
zrdjGH<`?S#*(C)aUW1pS!sw`s21;3c^?~JI6BzVN3^l6e3+Wz-!?)_y-2jzlUE-Kk
ztvI5BNR)|eED5B8RMFE=Q(+lf8DRBtV>yI++p-+%q^yZ6Z60M~N|^4u?2*SFh9PaJ
zcy9h%L^ECDJs*h+P1G**`3oJ1_=RJwE|kF-5Jv!FcN$^oZK@I_DgH$-q>74pHl6fi
zU3F3A<?T-=6BrD7g7C|s^)j7~^9>5E+L(q`NEgA4+?2%nVmVN514GEx7NG9s=a|PS
zpY$ojz|QldoxgS8Q3O6+4r3QhkXFUPIGR|Qg_B-Cv51+QCGgY6m!yXAKZ-bh)z7`f
z;I>w9%R#V(X^60Bj!wey<RTs{-$NL$G00%f(dzO5Q|SPyKAS{o5f7RH`uyX{;cTD9
zO)?!xuY++s$)Q4af@wN|m%6t|-u2^aZF!hyr^RJ7;T-2to@f08mH=I}`{WEM)<DS+
zu%Q7b13;KRk~;GtH8hBUyh$Kl^@;)@WK&8I30xelS5xd!xF4#(Fc~G%3MEwHv18h`
zoC4d8ubUX=FFD1(F%51!JsBqXImSjFAfuL?ObfI!!pHqM#d<KB70mS&!*l`+bd8`9
zn;tefuvi8_#yGWwOcu3$d7h2j@lZrE;MntX&Js7kL~+z6MVKQvSm87SQTr0@!C-d|
zC<S!BP78PpZ=)0RlkaPENW~%)dxEPmHj6B;@^g$&c7pRRMmhtW>&P0{1bYFeXo@Z)
z0h)!=vF?qRvFP~6Zg6z);`ryS!)~y16udq>_-W^P_jxeCbp*fXo59aJ$3GstImT$!
zhg<u{e+>>^1Y7%m4PF7Wi!<K+<@I6r=qNZi40iTj@9uP;H-nx1?cF!eclKWf&!Fc1
z!Evy=v$t~$V2=-|NddOgg?cXl$X@qw`$u@N^=xN%=lHM9;Kk1IK0<u~V7G$TTZhLx
z+i!Na4q;~;zCJkWLKmI`;QgKb7igZ<-Rtfj!-$||cp7wnf}g?Bj~F`>n^X3q08HDW
z20tF`KJUWAXI<zW3bNeT{$Fu}?r!buHG}6{ds{ENRPO-b98y8);m<#I=@GQJ1^*`@
z8s}#FVE_0Ke&XC59~>U*%0KTMb(_J~;m#3G%!|VVXaFY`>KqUlsJY)|I5_FpbAX{&
z2MXa>Kv*{YdEVUuUh(A-R=1ZDrsAu9$P(EPv;2SUXO{gx+dhAJ8?){IAFZvG?f<`h
z-1*b~|Bv{%_W!)%<OA?sN4Wqzq%2V1t#`g%@2r(w0Jfn{ayFfq(~b-l;e5V#+Yr!V
zw%;d6w&}ipVwvjGp_kX2@AHVhoT1^~N0a_Jjc5M9{%al&FX-4nju06)nwwIG`NUfO
zI?WrI|G)l=4g2?xNEj(5*^rVB;wev-rCHjF(mV-H<EWSd(?C7IGvZ|zBOx_pHj^S$
z=@TyDz@z&(<aJ0Awcr8sg8+Q6cvy<l@Um|Z+v}m}@Affuve$FvaeQV>VzJtN+mIGt
zhv;dif&IL*zt(YKz#|Q!!V<R!l>N;wZWVkC$KTE`rKit#4_<dAEkYa*Q1c~5zcRk{
zpfwx}eVbvdikeJPLg>1ry|-(NE9tD>?rm)!9NntB&v$#z|GN8}`Z~yBj>SvacAXB}
z4ca)Pfhq<lC)8C^0LGjtt^+hr!I0v4@XN{p`otbx!-LVi{{kKX?UhcWK2$VrJ&j*r
z#co70V66xYvVXr2>axyp7?;q;>1uge_Ff$wclTbGp6?uO9UuR-VisX_OHbeI9_+vT
zZ-iouv(+@c-U1c^8A<%H&A&M5rljr?elSiil1Y|QpcBeee1fb!Iy&H7(fu}uM9IiH
z0mu}{W5qdaNNEUtz$IlU$MT*5m>npPjQ*E|TFJ!{-0^QlMWDSF6p6~-<}ldP80A<V
z%d)Shqv6VDUOjMqingsX^ZJ2X28T8`ufENf=C}8}`(o?Ot{%RM@{SXvhl(VKgoq*O
zL9&UOSG~3LRBnG6&}|!J<?KyRFMf{0J0}lZq=!I$QN2N12PSqxj^{)z&y#q9XT>#=
zNqhPW4B(dI{UQT3L?THQnXLqysI{``tdK@N<95>EXE=?r%e+YvYkbuoMjVNqy|@|+
z_ZLDXUecT-C>oPpw^COkAbKUJs7Ix7lf01$Bk6FL$D$ljVf#yHwflVMaBlwoufM`c
z|Ld<FKB;%}B}~*S8vJ^1Zf<`0*I$1?ufUD@Ktr9cc=GG7xGm&4)^v;{RGV(iZLekp
z&g<R)NbbvEICSgF6a4^9Jz%l%F=m^f_z;d$+Q9+rla*;cSs~rl%6xg+RJmXtc+N?T
zy!Z-m<|`GmXo>=2)fB9n*OgmM>&lE-oi(W|x1LkzN1k~zN)JjCnxms*nRY{wqwZ@>
z05taI@i+pW6ocTLvY0>022-Hd{>kO<c74nuJ2byCkLO|yXat1EhQ!F1&A1#i4)o3>
z0u)V)4EH786I?Snn*VivIjq~>4hKNvo13T2Qo<(ncBOJ|aJsF@(c!ox$v6)KX=6MB
znotl;0!oMEVA-MFds~OE6cmYcOdycT$Wv6KB*l~+Z_v(}fg!C`;5E$dFI`+(ZcR;8
z4Sllc&q9vS^g5VR^`+`x#B>j7?pccQBUu4N=}3}-eGgBj!vPN<MsPz(>TFb_cuZEE
z34}(-?M>ncHG?*fBQXvTWs37GC#q_qp8-a6m(P})2nEyR5DA4+c7U`*f_IMaOjnN)
zOu|CdioriV$HU+?$YL-r*L2tnGQ%6f_)UVeQRRtGShG<<CvYm~=6`VC$btdQ_744*
zT)gF;_sSPdFovwfCvdcpHyfp|fwfh)!(vOm!WY-_%bov-cImj7ATQH1IVlF{^-;il
zrp^}T4LHj30-?x5I3o>!v*ZF<;ovOG1~63_3Z*LaCmBb=Ii00vvO^s%hekH1LAfFt
z-k)eJq+G2eC<6B3D}A}HFjprRFV#Vn<RF?1G=p!|t>*RA!b@ivzl<p+UPdDB(v2i6
z#btC&kX{f+iOu!nrq8%Y$PPqVwM(Dx?s9-$A}ARvzY!4r*1S!Vz>K164T^V$t>ZN!
zvl1Q<3{K;-H#@t}ds|06Yz*q25icE9iVb$zuq<t125F9#Zasu)_aszUgI;eC_lGz=
z4LG{vE7S#t6%@BzHW{h1BJoijztY?sNNn*W)yhHgV8sc{P78`S8<FB#O=M2-?J~TE
zL*q<m%3Y)sESi&sY>bqwaAo}BzWCnSDD+Sl@Kzg%BToY(RyHm2WI%a?@EBdzO;8HH
z+9o*VPUy)?R#Vu{Nj$r$*(lF6pI%g8dC(o6uAKGz2&5sAdGcUwxkE=co=cO^0s*J}
z{CP4M#3`wJRO)5%G(;eDir}#hW7Yu@NJJoRZBVNv0SX5b)9X9P$4fNFQN7$3<OGfJ
zfJWnjM0`XoN9*!(|IK!<N7|Ey{<+v*T@983`MI~Ve{hIpo^A$fs~sx)s|nF2fV#Uc
zJhhGVtJjMPxh3lL8jXu27ptL$nk7u~D5zcTy#`dl3QG&Mb=8Xsy~ba5q3;;7=>+fz
zlTkUDa`NCG(~L8U!Lc*a880gtKc-NTB_?AQGdO>NAeK(fzwBbH()oq?;3|NB-FHWG
zb5dshn|wZWPei)5m2(I8@hG|?-*vPvqb<YYD~F*%nkZrx-%aBlLCu_<5r^$e0xSL2
zEyssVmPW=MoO`_bHBF*Og=(b-?Axm1uc;>Wb{T9jo93H+Co94>q9%eDlq`U^qTm!n
zZkf-OBbei_6M<WR!V7qp%Nm~q4mwrkGF||ZHkqb)SBxzX+at-=hS$|nM{pipV16Fp
zJ&-N8jzmNWR1J_yYz4o`35;Nv=`5=UT*a6bo8ZYbO<=&JG<WP|?I>n*Ngm;s)zG6e
zqJXvGRb*w9NA=))0>4M`CbI^;4*fH>qGFpZ7;<zGkeFz+8b#qMJ}tqA6K?ogAx<Qs
z7|`6pOtdC&D|h_b5*(G)D>s3<l|GJvpmgw8Olch9)pTyN?)Ny@2o?$k*TD9(1lh#7
z00D=jm`s8!=7Ds4MGc_Lz48kX|DOi)6)!sY248toN$D&7=^*u`B3$1173HmwwDanW
zp`vGV^_7af^c2d({!5$>-n`6Ka1~qJE=xZ$AQ&tuDD1(i1RiRzib?~%o)vr#6s1BC
zC}KbB){qv|461tD6X${wMm*sZ1EpT7p3FUJckbDAOXdHN-O0xvDxC3eq!5#>BI1-h
zi-L$dixCw_9xqY1Wla?&Yk?1a9$(A@AcCic9wDogqf9!lA*c)*J_NF|k&X}$5dqbB
zX6_jj=tnR#%ywocxQpoiq7jpDeS)eLGLTsefb|LVOyOimKZDb#kL*jrdZ23ZsV;fK
z*_mh+{1rWf>ete=PaUm9E+@@#IM?8$XlSwBI0-lP>oKQYU<+=CN}3E4=tzV5G!vdu
zIY8hGip<Fo%hMJ!lPZl1RthjtMo)U#@GQ#7N5{&i!I@RmY+6WbuRRXQ9uPi<F;$Uz
ze-@xWRy|5YFxFWJnqCe9&caTZFL=)*Iz`ji#!1uJNliXF%w%#9@wm{rH)c%k+;5Vz
zZg)ezz|)Q3(~RMlYMfAcEhK6o@Y9zwL4kW$ywiKRO-^Ha6S|ipD2yw0hvz1TsVJ`d
zAao(2AbLEGfdNemC^Lh<MEEba5jD`$6VtV$H6&1M5cc6)<2*S-CW%cWNh=crAswQ@
z-Gn=Y%vaJs=ND4Vxb7{7LB$!#dIz8fY>sOkkv=`uGcwl!;RqKV{(ciQE+ZHSNAP0H
zv?(4cqA^6jH5gS`F}r(jb}Q!=1kad46ILWzoWvMy2uT>pywa)_H|!46ZF31^$vB0%
zL|Q0fgEUWSNHd8+<41cPc&__dG|8RG299JE)v#zp31Sl~A&E1+CVm&DCXQgKV3Ehz
zUlc$nM(vceT{UYaDpBtAZPyH)8*#;8!2rDgw{qaYFHv1bhZxTG0*<*nnY3os(Y_5F
z&en17W%qdBSW&osFr;M3h65xDDIftb=Sk+D;C0p%@fEQ8RRD#LQ{b?-Ily0`MkE^8
zqvcf|{gf<Wy#7`UWA^}$sAqK}iB8ZwRC3610-qCa9H^5^<>W)m%QMD6UzZ#yFbe`_
z;hq)dkL+44sT5-tCx8Ve5F3D87)Sk&h|mf`STk4|RmFIJ+B)1ie0k%-U4Yy^Ia3xZ
zw;%CDajZET!KB0MU}1TAd4Y^mb(kpukJl!nn6&l{)SV(XBl`|Ju>fVDB6;4I_&R4i
z6$9Nncz)w3M|eLo%8a+xXAg9NK%I`zo}RC>$TA_m3>Lmw!1(BVgJunKK{dWmH#8VQ
z6~Z1JAKo}H<cQV%5>QsmNRE_Jc(&{EFgv9~2*Jo!n@*Z|1gWWzDj0ec;bf=0V$t9t
z$&q%j3W=0^(suCnE#SbrcXcDhF`+wn1(kWRvw!nCF7Qy7&(Nl9p>*$b!zP_@eg_W-
z<EwrMtJOcRT`KBkMfcHwW(IXJ0~lIy^%q!?TS+u$kAv>}unfafp2Q1U?j!a9k<V?f
zdQj5&d$!b+^rCUXwmBl%aheQvebiz+z5sIE+Q#b|dk7wgvJst}f~<WOV;zwV$-Y7p
zjHKX1eJG33r4Sx{aNr)}k%$*2$oc>QzD)JinMjgEhk_GKDRD9_sO(7`{9}r-RmFRp
zkeAegXNbPr9JZJ5&$J;IsjzVcQBe_Wsk)Qc(mo~1i$LaS`Mg$Gf-!9W*xi0*3rnh!
zBk-6B1pYX4_+!agl7-A6dosd|ik~W!KRdl=JI6;m`^OH0W*l@*61keDt3G>`iL-$r
zk|7sg=(;!eTGLR1mz`>4)t8XBx}Hr~^hfE6>@Y#ZotzHwrVaCQ<F=b5xx_DpuEDTS
zplNkhgD1gS=iA4tF2^K8pKCuB9iCJG8L-oS`0c~*)*e4x-MvT2BRE-CgwBG%uLCq5
ziqC{8kZT>aG)yVy>56X(HLX1WaX^m0sHUFNh1SeDUhr1gE9~^%K;1Rcyg^A|_L8%d
zd^R|u7y<SBYwn@!x_7JjX0N+f*XT)drV<t4x^e1n%npg^zb!sq(GW|MxYJW`{r=1Z
zDi9I21GJ2&+9KgHP9_6omte~ymR+*Cazi+D?=2lbAl~iy@wsEstSrbDaQPR6puyf4
zUPjj-wq=u#xuHpyDEk3tjwGGz(D?S9m*DZk7R)?Cz@z@wHVlbTbvqjzue3TYwlW6I
z*~{n_;P<7+q$R*NvSB=^7)_f4UwPHwxv>S{{Q;Y+{TRm?Bx%Kd@_UFgQPsurbKOTY
zWv%Jt46yi`pH}QVfQFvgN9<GP(@bQDFbX`KRrMN8KtLvwAQw*J{&bR~xNDzq1Rb^n
z9cB}lBfKcxAWK<dy2sPW7!4Qr0OG7uEPBQYVwQ@0jxge@^JvP<8t<C25UECna^&i2
zdDIjKx_a2VI<PdH%7wbQw!%u2X)aQYyhd6VMK7HY6say$0BM8hy|--(RsLk%cBWh)
zOj%O8G?}IZD<0UbS5K7+i~aDsuNob}nw<vrcZ4qUN)Zv(nug?_F*%vq@?ASZfTf@T
zp~cUnWOHKKK#}<`X`2v&s6RYAb%sl&6kMf8&truk5#wEvW$11R2evFBkg}sp8+7L}
zI~Yeu0ECNXjRju!GP6JpsIc+K7EdNfPHkRPtP4n!=5d2fPSi`14BkH~Y_V@G3?h4*
zkrCN$f#8%HA>0<$b~*ToXAOtWlZ12KCuL%!CXC<+3uBHaRuE;UOc`iq(0lw}<toF7
z%;e0w$Qi_AxyKQbwk<Q#AUErfuAA^S=Q=I$>K3C9NJ&(l7wBV};$<5fO6qH_ijBlX
z2dPe}Zy^1bdS(`jV;&fLnXwi29sAZGrVDs~wTZ}dsPkyGq;1fRRd?gf>z}rE-*jhm
zMLV;9VINdW+P*;S-+Is9ym*1xQ2wUx7dbIGZxnkk45R54NPYS}?ODGu8{pg=e1|Vz
zSI7P}Numhd68m4qU!5<&yB({cm2@z8dg7C50+PCT<1rts7MPkc*R3RyvIcyaG`G0F
zN!u<AnWe$S>kfv}K|$hy_duI)e)%l9k<83|^`0NRdA8fFcr(Xia0QF4ZFia_i#WNv
z1q;)B3R_MmF(!WuVl_yqfdoy@S{c7JY~8S>QIXCbZEx+XrrBPHh!Ea>k+O>yd)ce?
zV(+-362>v|D_PSIv{eRB<knhaJ`B+c*))J#>Y#Rx6cCnG63h)81E@&Ltr;;_#l@r}
zz^&$#b$C`gVfK{F&CP!^Je{w44P(c*%k76}^R_m?8fGKM@L@US+&gVF^04Uv;CNsq
zYGlR?LTy0oI&6cpq@bA7XK9lS*g49<udAi2K|OHjz!*AEOp0v4?c;5&UVjv$NPhvP
z7gdxkZJ&$wX?SGgsmz*I-ouD&dTA?^E@aYbDO*S(>#JG-Kr|RMBEE->!X>_b^@`-v
z6H}yBS!6UFnj(vpMFz=*DY8-xCA0bxv;trcvWYHU4R)MeN*(pBTxOb%00`!~fj{Nf
z@jn;>HM_Z4+03x8$~>tq65B<p!6bParP!CoeXDhN05}naVdx889sw2eSyV<c+m8Fm
z4#rMyWQD)il|JD%)$!L(m36(bwfLBl4T)Uef^=^~i(GhoD_8^#K2y@`V3JMK0ZU>S
zp@(*lid2G$y6Lzg-BC_XX~=sUYqn){XM2raa6o^I%|1|(i0(|`tm>ok#yX{BQp8Du
z%$(6HHXg-8)}z99=2$M#5KT$>_BA1u1zyZeu8A7r`2s}X069A8KoidgD8zIOgRp!I
zDz>6?5|L$XwP&+_+Up%1bvt6Q%T~Az^DbHY?y+sS7&Ll&y`5j&hf)q;gr?hj3DTDA
zw9pKFQ)_QWC&-`qo<@5|+n9&WkNc_7s*yAYA#|_Ti}Dfd*Fi8azmmKFxxA((A{f+G
zkwzVmK^jULG`U^psRiD93N4@}DWK@Q*JdG5uY^KGk)R`Pe;DN;Ug69MFY}z-Vtxsd
zL6QO2-k(IdSOt<5{xn5}0d2``M4#Uj?hJc_4Zd(1_J$k5r;V8tfot_!aFO8+{t)G9
z7wU8)m@WfEOtcK8mx9ONK6<qF{r3+awpSlL`u5?&<<$)g#0c-P+|aiixx?%^xusA`
zAQ|?mwQ<OyqbQ~)WX2$Yyd~i#=8z3x5aH|&>f#nz;cEYC(-z9HwY9tRavuZP^p3?A
z6nR-mIron#;Dljjq9L5=$k)}GBeM9f>*?~jGEgDmMsdcC7n%5Fxn46GP(B@_D?`rM
z#np19Nw^L~av}}bP$?-%V|a~O@{ov%4-FacAzhaJf%aDxOzVP)@bRwNRELN4CUuT6
zT<;b@a1MW*t4)I_?5xZ2kB0|8ukhEyzbZZlZL?5~MqZWiRX=8IrKHYGeJf8QU_4Lx
z*g`UfEq)k{SMs=kKNMn)xBvFil4vfV9!fkb1K`=U!%<IF>`6`QB6|{_q0NlaMH}$T
z!Lw_nKW|dsIRkYrXBW4uhr$^R+0X__FCKDHjy<E>w<Z@a^@OhKqWmMTjd(|mn#!Y;
zDtW^uJ<ny5m*Xe&dj0Wmn&W@y8%~W|9rPEQR;sbv?1yu7E;oFS6j(oe-2`?94oSd*
zDEJig@hZ82iAT`H?l;Q+3^h%rZpypuJPBHDkJ2SQ7zv2*a}*vNgIWM{cx_@Hl$~7E
zJ)?@>5c1_!@Fq>Jns|nn=e9v^Rq^R*(obL;hqER?Rpz0bG=p~iT;PbM4JjVVsA+~O
z#|eLW@b{j%8&Fp>Y73aP4n6?aJ9D}2*xAqTYssRXwCJxf!RrilQ9l|}02-wzA4dhb
z@Q9Wi2-09m;-S1~k$Hkg20Z0Ct)&87s~E4cpH}^y!>dc1?=D8;G#Y8iS{W~CrRc$t
zcDq!eBg7L@yEA9>mMu19hK~1M?{Dp~&Z+CqkrJpQwoqqq+6J0CR7VThM<jKaSTtne
zQ8d_Wl6=up^qQN*138{h=^KZofD~vYgSu-BHX%TO<04l%pY+k$LQ}xyn5Z!ElDIOt
zvGr2Mfl0xYMj!D!9GCszvK;2O-btr2WDduGneEe3T8266deBUC<D?m*83B+nklp*^
zYcv&}UxAn8g!~JA=EDsv5CavHae&;np^U6!v?6Y`!+=x9$EGm6+N4)>K$iVS-Tv)L
zmuh<n-6W{$8SP>+U#_wywvc>`W-@rubD5GFD85voIuKD(;F<a8v155;q?nlCwXpIN
zppYLhOK~)+x%m?pCXp7C(U`sMsD$GrKO^kV>+ZfEu$|(KBP|=*mgM{xAG-YMnAc&q
ziT!nK>E#VQmqiP!&KPoVx=j~)cke^5wiC9aa9x}7r{4@lXz`A5ILHo)*bx;T9lZ{z
z@_ZP~6W=FnXgt7Bqm36kyWPcbb!Lyf2GIZ?pG(Mf&DHD38@s(l#pW>)5@X($qMpJK
z(={ryu--+fZE=IwZ-AjdM@BjN<Y&1=X+Vd}Nj9Efa8;~Z(~7=J#aI($jMaz}a?KOZ
zxdn7yZw7l&e<5c$!vR?cA}g_w2ZJHbU$`9Xl;T&>E!M|`v(5|Wfqf@JYXuTOc|h!~
z*t&*ck{&{)jDwHCp+6k5z<Vm<L;>XYm{~!tMZ3$^zk>h(=OEuBPWmf*(Z`s!XJagE
zKXH!((!o#wGuht2WqiZ~n%TjSd!u-ALX{Xzwga}zaJ{F3pz*U3LoAc?k!qWIHK69i
z>3_;$7pUX(>bctIJalwRTa-CgG79^sg4nO-Sk_pb!%btwiMPIV!%B?**u+Gzk1h_R
z!j^V=-gk+!-rL&71O6BH<zIK7*ODjhwilH}Eo5z+H+GoxtL#=9Uvz&tKHNHby|vvX
z3-(JkjFhRx^dK!ANFEb~@a5xBh2*CDI5PUdcW1b$A5g|zWHSi~&7cE#t0a{6J`^QX
z$QlJ9>|)Kq$Okwr%op43+fpq27#7Lc#D*$K-b%P0l&y_QqNte+%)#UsapF`^;)z9`
zCvR?|zPbhrI5SCY<N&2$E6qM2hz_KYvEJ!iT*^4$9?NY4pSUh&<yHo;hwv|FvKp*V
zA}k6(z2Y+4dJs(N4cXldYYGaLzC}r$kY%?W-dLEtvTg&Fha_oUZYX;#nM<6aUTl~b
zhkLtSeH|vgl@zBs!E0tK+qt=RB7Y>ndu7?o_hAdmF4&&FFH;amFVxR~zsbkhK(40v
z@<pz;xP7wZlP=T-gsW8W&_B>;LrwWLN02GGrwdg<X%_zr-MdXaJLsJ{^ds!?5a;G}
zyOqI492m1e+;d_pe2u%>fOY8<$c3yJ9FPBH?GMEI4m?=LV)~7gj^^05L)Ny+c!j`$
z%oR_7A^q75QD_dHMm*bQSpV+ey8jD4v*JIa)6iE4|9nIIXZZf@V?X}$<JCuh#((}J
zK5qPHT5$^hy!IG9Bp<D`J1d=UgZ8)U?aun@YB~C|m`K{esuK1wxJ%?`YS|9_tR5I~
zf1c{GyMFL0zUElW!??xTStj(J5(tGJAmh(>(b=CQAgu5DjO^|_qi6v0I>qHY=0ee-
zxg`4u#fUqJaz95UCPQ(=`>kghBDsLoL#xWo>Vw-c{Y$cXP)T+JoP#3`C(G;MWL4=j
zZ8%5AhZ+!{#Pz@`b6NWU_qL9I)DY2>p&lN-y#d;DGx_8OQxA+@-vCYA5gDHNFxEqq
z0@Z1&0}|*^b}@X19WB}d%88+DPp9&t1ozzC(_;@BN4OWKnk&tSty)G1Izd4_{l6G3
z_rDH}xgq}lBRBwj`rlsrGyeY{^0DbZt~e0?&hq0m75g9l|0rlbT7UH2`lIiwssBYX
zDbRXO1iD+3{uz-q;1Qif?la>1F~q;d@{3Wg?~(JvZq=D#J)w<{5AA1}_W<t%yhmsL
zgN(A*_z%aFn9qAkl2PdykH>jPM}q%s<UP0;@i~ZOg>OPA3=fCHiOyPLe$zh(7C9$t
zdv+}wX4yD*F2nY=emUL(G34O&T$}8JIV;vNS$b2pv!8lJCigoH_azL!sehy)<^Qq_
zgrE{80YhDRQ6#z8%R!|u1Qs8ia4`e9T|`2TU=g&A0ayoQYBy-)oIn!aG=m2KD&*z@
za-`>%X%m|aH|Vi6km9dT@E^%Y)(h01Z`{NCYsq%@lMZ>}CuKV-KJE+x>eO%2+57&0
zY|yJ4(w_8?Q+T~Cn;yR7uG&);YzC<rs(J5NJW@(I89Pr*Cr2ePtp}7o!t9)!<J6sv
zHqXW<O5TS0Jw9oQ2}ocVW4AiX-j3MnQ%HqzU#)YGj1?%6+-9)bdaBaOnZ$2S#cVhj
z_qiknR)HT_(ENf|{0QflpgtAufO9_Lt!1#nHWvc4MH%m45`N%xXIxjh!X9;U-zmWk
zF`9)*Y1i15*`X<ZPRZx-rP8PCgpp0U%b}v51f6szANZZ5Vy`C|?777;462{>kd$Dz
z`bpS&I$RzzD9Ruw<35asjd8yjj6>^Pd`VGhHc?H<VSt)gL5i#_lG_4BuAzA#wN#9H
zJ-O>qx0+3Ug*VH=2`7sLG7#zn^UCGjuB+nVs7a-c!d&8Y9ejPV8Sr|-Pu0)+PDgo6
zR0xM9J7mU8<McHZu&^3YvEK0>-Y!>e(Ft12xFqUSkFxY}3y#}<)p3Vc(}WBbgYnG(
zQI>pNZ~*X>x(lcU8<2M*EOwE>ESyT%Bn)!wB;Knkz64zux1~lqFN`sIU4;%*=tzYQ
z=A>~d@Klo{y6Wp%D4Py_#g;aMwT*k$k{HNAD_BF*0(_0ry-A7avWYWlm<tPBt7Rr3
z=U&o!@Y|4SZN+L<(;TyY<#noDQGe}9_11Vb|F2u6iV86G&|R*uh8B)DE$c&XSs&If
z>qETC<HcZ(08c*Hx6C`tT#LdS_8;SGwdvse33cXABrMoAaw9}#0CQG1=yCAG;x+iu
z(vqT=UPGe|O?dF2<>cx`sE&a5#e!J;;R{XtgW#AAh|Zx^$v9nT67M#_NDZU?5eMHm
zZw4@=kWy+6GIHxucKH|`OgCW8{$$v|jgJHnD+y_!u!I4;v^qr=zQqWdL!;_qgv)W>
zdI~IBRItg!@m`NpVVj$M80iWbwE?)}JqMbNFfd3%fYcd>N4@&}N&aF8VdO~Y&Jiu9
z$j>O!hS~z3i&II>w!uiL_b^$<gejwwYv=$rU)X)ODEv!G#;z}?q1Zen#GMb_g;jeE
z8VJoPt*N{oVKE{gv_$vH!{lBgVFt`GW1Ym~I4an->U}Z7tgnF_-_*y+G}T?4Clm$w
zL~Vun(k99Of3Qh3XFnXkE44#l<b<^Kn<TH@Bn;`R?UViP&v)M{)O+p-A(XXSV0_!X
zlV~zYP*K8zbW8m4`^k*)D{m>PsJD_k(0|o_%Dw$03;^X;Mq{s&B)y3TsAA1(**c38
zJl;FvRMb2V{`RR}0&I*c@yKy)Pm>AMBnPcjmeyTOS*Ti=oifZk#ss&sfjR=ELltR!
zxRlskWG?R6GM+Wh?x3MtJv31+&$tkUQPH-(*Uz%`xnY*u&VDBNG8GktJ6ail_0;~h
zC3cBnirXx*w;IV~1yzE6>pB33tK?{MsYwZ({ZGv!h9lX!p%Y$@J9dw`bDg_)j&vE5
z=n~VF3=aS=pli5<oiKDeD812i%o@qP3hjlzpR&myo_y6Eb*m+wy_04xwMO{1!T46Y
zVlscQS7`P&Q)-%<X5Dx`&zSmFyR`q5<Urucd+`3S2b4G(qRECW{#c7OM8#GgE!Aaa
zj#&4!I5aY>dW6n$X5u+v{gCwns1O>8{7JECf*~E-IW(JJEDz&!!>c$k6(?>*d^2$?
z5{t62p$-!4IGVwt2n@Z?K(;{s(>{Xm?R`?ZD8z*)8|D~f=7be(9FK_BCYX-d(eC}P
zs|)4`S6z!!ZW1FJ4~2@-@rPIcOrEJC95^RgajxMzJPAR8xtZ|VlglKU8DLIwhi#Ca
z>k7cW{1B`L>#RR>PIRjX!W`ZNQz14LbOI;9M4!YQN@JqJn=446fdqA(5lRGc0`VSt
zv#^0lV=^5$4Aq&@X(0&>aFQ%wP=0Ai>%dTQ#C1m$YRT7$c{ouIEk&54KLxs)Q$J?X
zo}vF>VmM>iU4|?Gy8~;D$i&|#u9lTp4x)CN>Cm|7GF+^t9hRyq-(OL<4#TF>y-vb1
z7|~7pU}PINfXIk0mH=5l0T{6Ls}8^h%bzyIRs$dwaQ8S=M#6S$GCw!YfKO{+VR)DQ
zuUeV-4_TSbyDm*vFAeQRras8h!S-A5jt-f&n}AOUzPs**?`GJA5BvUIut9H9!h?&O
zP@yO>2t}v*@E1*!x@u;GDB2{R$&U`NSq_3j|2!~7v|JnIVmPtCv%BuxRX8u{-elcJ
zllUJBO#r0E6V<2<;Mu{!Zg*>6LpagZu(Kz+qGHmGiEGdf?%!9_ZvgJ@y!`PP-6k<t
zkp??<z>W=AuePbEq%_2ksZ)DuM&r$kNE?Qu#|1Z)9l6;+u^-Rk_j=vGXvy$o5=S3-
zPPDWO45lODno*(gOV=IJxih5myAA2QdPwJ$L;8%Ki@msBy|cd4Tm7>Ws+&X>0ZJ0U
zs^(a=5~7A>g#VBURftBnII3GWFpx$Y1^cic75*+J1`Pv9^4DRM3(r2tWJy>)E=cJF
zpwXNuSfYaPr)}Ln!TXL3NjvwcEL!3YJ7D+Y1QU1WIq(@Ox@Jf77{rC!R2pvzI;0M=
zP5^#LPw(4_C-8aOQezM_qc%`QI#N>q0yNk@*x%kd)*2L1QShu8Es9lHUGQ0FiyRaD
zy7g3eJxQdY1$c@%ff+R{evhqfyrBfGK&`n^gDKqt%w8TSb18vi-63=G4K=^TWu~I+
zaB!{-Qd39h@Q$G_U_r7xPsE#+>kBJgpm<O*GOZ>jA%P=osb>_OWW)4B;`>XeQZe4v
z4Ux=%=mV^73Y-s@dhj6dS2iUNxzs2)t#10gO#OZeOONqC_qKlNp(oujOmG2wNm&^s
zb0s}h!Rh8LEnmUhudn8lNMj^!{*7$0$XXeJK6u&KMW0$I(Zpso4I2i+Qs~J@Hi3Um
zo&tqPS}moYl?}|9K0Rrrb{Z0Y5=QZeoENE|O9kwEr!?>YHxJUYBB1Fub_8gpf{(cg
z8me^{9?0^7Xpkz|<_sj4_vwNjmhqi!)7`QRlW30AL(<C84AEEx0X_}ddasb$ahev%
zki(m`)&3dAr=)lG?}@i2sH3dDBaTX3?n&iQ=oRX-J`pG}A*(z`;r66SfBI!D2fSI-
zCJl`fMk8ZR(}0$P2L!_8_koR~Xh^?Yp)VEsRze`zJhm0di7_KNL7u2@ek=0<#f_-}
z(U9>l0NT0r{Q0_NSA$bFv?5BSCkPTV0`URs)joRjtgbc&o4TR)-kaUJ+8BrGhT6|}
zeyXdDA*ya_`=EB*7`^I-+OH3OuB(mFt8S?MW`D1)Hb%HgPf9g4=VGznt8O7>t)h=K
z@9;zfM4ZCbvauYNL_RT-%(*6@Tu$BLv%MhsLrOq1q;itCx`=X)d;gxr4a(ddFE|nW
zCb*YJaZd$w5Bi}5lephN%oe`wlc{mI)kwm*268J)FT2NEhcA2hgaScOrdo~@$%+nr
z_Hq1H@?o=5!f2S!5GM5jx;bvZ3Hod=8^jH0pm*?k``~#Oo4_OgV7xUsI|LeNwf~IT
z*TA+*z_#xIY}*C)>W*D|)kK%zougL`yK})0!N(=KN%Eer&l<?9JC3B(_I6F%+ZAoQ
z<9_w*>dxc-sE2Vyunf)&GPHOC^cwe@0QI*9ny$h52gNpcZ?UVKxT}R5pRCGgzy&N$
zgVKKaMry%tR~w%;Xds4*=3qFgKJ6c17=XSuixHmrzv@HA96V5)*LtJsb)Q~ud#^p^
z$>fAgCG98u&~2~wY?%0m1MYFBqDzoqIEIRuVxO$<L}_dYY9i@KCR!31x`UTo1`-h$
zBjE_?s1k8fd`Cfh`S9A^9%lIzvtsv&yWyjrR>hpvi*=TXbaYQ*5Nsyb>#TOcuk0nO
zZEh5aP4eAoB-VU%mR49b_K|OU&>!;DQQ6j0yqQJz4GVav15eP1vOjD+9k-rRKQS{n
z`nS<NDu`ZoNM`Dir<yO1D*=cwHl^TI?2pmaH!P#g;6c!^4H<*qwOu2bK!%}VOn^0M
zwMtf&D7?7<9m7b&WoT<ty0htP{#0x?O(-F(|JR-F?sLU54*)gD)RDHVqh9y6C`bZY
zsZe)?UtR<C4)q1m1aqt2zYkjg#07L?q!`f{P)!aLl|xfPgeSOBk^!RW`$=S!brJ4j
zJghb}n<kjV9WY`zY-9D6pCZ<fzfpD7C!5Nwi)-RHe#X68(qB=UC<BoyrY-yhtH_cv
z5@8g0VACg|$25B6*x?@!UIQQXlcfUkjRIl+)6r`QCX!b-_LoQjL@%6IWrzkKpB#6D
zi26Ve=!qeA_UY&foz8hi8;lhKACoahG_*{V;j}pownH0LZ__nWgqohYC&n|4O!(27
z9X*IN87le?;-)F7B`g2~V)G=r!+gP*DS)@#E2NItA#0{KYF7wp8-)_j-=4f{J-xVF
z+b?$yo^4f4$=OErBr!rb-4T@`itcCJpE$L<;b^h7zG`w}FTXm?9IHtMl1{bgE?5X7
z^Yo=NnxJ)W3P*6)mX2;Who3!7vH|O+D)**}i+{!-N=W!-41)+3rx$X53XWMg`OZg5
z)|3MdHr+j7+k$bK=G`{Q(M`)~PXp1xSN59TWh(Z&KbM-CxgW_u#Jt?D-yI@){-~Tt
z$cEzdgkppu!)X8R*Dd)rA0RKcfw8{R4DP<Lha^l(1=;h?6tv2Qt$K@{io5jl_7JH>
zOy4w%Z|O#wqCUCHkWpPS18P1!X^L9q4p2#rG6U*p$`_7M?ha5%y)pypAh~FY8s;v2
zJ(xYOqm1Vj%H07fsbgk99b;^0R@>YGDyeC1cQBU)wa_`K>xHrntJDoDA#=F9BADG!
zy$Hsb1!Jm)bR!WuIQHp}*wyRXE8+C`9tn9PI6727Aj%z6$_DJ3?^+C*Yvz6<7uDUj
z`{t{BD+r2nJzZL@+8fTQWx^=sxJ(V@V34XyP=p&g3mmvwJ$D7{c8`t^clKZ2vSDrF
zaKbkRcWP5>7Jt*`s=i61`6%pi9#&q}A-d7w0Sqd8&N3>JQN_M>Ri{2>vu6Y`Px;#A
zD(7_G8(3I5rrYB*-y43NW7Ro>_`Zj<ovjl*uKKKosyQj0^Nr+3(HNfGVH5oK-fMd#
zS|b*qQ=W7=zpLof{YyOseC5tgl`5+=JJy0xSWPrg5iU*i&M2ZfT3>s?YX^m{s#bHR
zmeGmaX1Ke@RqUMCX~+JJR?Ow>{=FlpWJvuHC>yc=+j@W8J#x1rc2=J+z`@}~n4?a<
zd*ANfBVhIK!UtF#J}GtBm)~7oiN_Dzc1WK-b8wil>`v4#<-6G2C4#O34yWKm%z~BH
z37Pg2%ezDeMX|Lf=vRcL>otAl1DyOG0h)4s#7R`0tUA<RZy&<>>YuAd#ca<We$LRf
zThztcnxlv&g{!vaBt9{RzIUBU%WGu1vh8;SEuAqsX6|I23>xochzq2dL|YtmFNp>e
z_ff5hcUF@pw|e)~T@IrI^f-kIHEA6(`GYcygi}rQu{1VP<<?Ehr@9@uwX=ISMExTW
z(9(=}J3(o)LE1V#>>gKeomEI{*SIy_BEJ?Ttgc=U#?yjB0bufRyp`oV>vmeNERB6M
z*@n71>1h@$_7jB}w4vEcTGeErK8j%!*XfmuCoIMz?ovPmz6+@;GL|xpezJrHKUB_Z
zRqX(_|F6Js=r1a+NfSiYKrebK$Z_DQ)U7oYJXZy*js{DZ<$yaxuUgzs4+dSxz|h&7
zlS(Y%&nJR$8#pg$>_m4vKptcQDbc$(4DTFJu$l&}*SJ#OZyNMgCB@1R<6rhm$n4>*
zb0r|Qf$ADd-Cr$_TTe&Pm4C5d_r&ZE_g>8FFW{-7u+&FHMTzx~fi1GU@Vm-Hs-?&-
z&7#3?udqX?Z$WnNMr-}n{%@p{KsnwV?teLzY<Xw-tR3d<u3Bm-=1@TOvfNNTuQ#oh
zIfpIV%S(zA?h}N`G{rl+;5~-rUhq7N?YT@dZSHH8vD}lc<9uB&8s%H&Q@wP8(~RAC
zh|an_t|(*Ot}Qln+!!^BK!?Qwf|)f3N;S&Yp~s7ZL-aGZ@xxL|<wZQU)Kbw>C)}ti
zmkh3WDUE@cs)BLG0Sdc}Cux5oX#sr7Z9(H`R(7*(pO-eCJF5ae_`&uXfetkpPFbbk
zf7b1aRHump^3L0tf-_-^39jSdhpU}Iz+8Mfri)^_)W;kgG$YH)%k{M}D2S;KMe)u#
zzOw7vm2a=`03>*Q*nM5EEW<#&L<cr%3XIj7;bPSm5_Cd5s;3S{Pl(0&x}EY9sl-dx
z5IM|%GL6JuvO?e8RIVkkN|OL*H6=-)Aj6bt*$QZ`)0W!0C1XOTn;Z+i5RTrdS)Q=F
zHiuI}t#$6!8qNHy#%366T02?3Q#TwP=GRdx9am5zW(xZ!gg3y7tXUotbl#R?JqW|p
zKf$Ow9?kMgv}NgPOLzy8rt(l%dO|@0p<^A4(SsSp$xMmOL10HZOoF8iG;w*b5nC5f
z)m+t~LUTfDK{G8TQ!mbsqg_{qDy8is&e#2u(6USCV-GElekc(ndw$U4qJI)95BrN)
z=ef6&d70`r=q~CB>E|jlj=IOYJ4YpLZu(i;T;)(>sW&B(ihDjOClUJqNy+IiFM4=s
zs$(%tB2Q0p!=it3+UZL>eH%6zeA&@Ud{bK!D#pG1w8Fu-m*Qxpzlj1+s~s-xzCe4d
zquy&wuDtu^=to39-zNiWJjKv0C>=zTNpu|wU5^JjGx+31;UO2@l}ut?Nusfk50ggl
z7MorH^^7oAQQyHZHi?7Deu@%UO1>6W1L`Q^$TqO`(~S~tbF3H@^#*TJOfLYQ9~|a3
z0c7rQ_pp0#)b+SAi?hCyEds)Nb6C>+Vo*W@M4L^f{h^EKz}q*250-}1m?w_4amAHu
zT>*9Q6mLC+FS+%&FM)(!phdxMpWDO%Q6pswlN29;n2EqP+{OK{2@Ct-2~>nXOG{0n
z2kt71g_h=^$9=^uD;p-4E0os6Zsfze8aon%^UhxQ(lu)>4{v&ahH;*_T+uvD)hQex
z^iauEu+f~(IB=?Nx&VK*1*&L4`!-&FxwXbmTZhn}8^lXb6AT3`w5rlHd5CCJH?5p$
zY2^&U7sSL%{b&-6@+#%Cr-7@yAg_q5=Utpy)|{Vl<g(D~P#sImb}8v65Aj*6^dWc>
zoDk}lksjZrp@)**bpo{U!6?CCo>F{LgG!Y+?${SbGiu*N_H+P=e|Pxn|KERR#()1B
z$v^(%#{3_h&gxnz{(Jk+{2zbF$BX}dPVwI#aqf@R?^ZgUp#9zYqlfDczh?Azow?v*
zWGDTgU-xDPX0HsoUPwT61<3L>#=IC})suzl91v?7ayf4d?dabWD=-X08<vXnO)0HP
zpg1rELi*JqmCmQppemk2CqguyoK~Bb6-3r<W*thnteUo?Yv3ymm2P5t&=5d2%R1x`
zMS;g(yxHFlzC2XVMisO#h$&*j`~1lBmA$$-oV#7^3xna_sA#l5CMIZg4?Zi>=vVE*
z?R>AQ>)t*x#fFuH<j>E)?NfjL|1-(HQUaJ8&i}Rc+Nyv4cOHNH=lTCfeC+d|R-Chc
zwS@zCyt29mU)S4@);kp(Kop$CX*{7&V`y%`iK6*x<234jPBNHsmKW&O-P62~mfg?8
zGK&3NDpi?Ta2kl8kkjOEAdiE9*ZAAcL9qBwi6qY<I`9ulHa59~bN-*Lr@Q#r4!wvW
zG*r=PI?PbSB<TrXa2<3=X73aDfyrE(!2^BCj`gfsB-m0-2^|3(2ql@{wBs*!5B`RQ
z0UX6p#P=c|!y}YDRj;Hxc9ncP78_UqBuzJj*x#TF*~jP{bDui%f!*O&EcK^c*zx=|
z{z;4r^hl{-+&+2&CjwKZ0cH*O)_)*@b1(<V2AR2#&N#6w2C(;>l)wZ+D2)*dd9juL
z)}tFQ@BHGCl4`JbNQ)HkS~dCTTg1iUQRC91GDGH=i=l{5U*stz>fNM#z1H%qTI*tB
zyu$cfU-qH45eQC?iY<dfomk7LMsm_rxGm}gaU0ai1$k=)Ab0VicAZmYxWT`4T&Yo#
zQ>JfRO?}6QvA`NBdbHx?;2m!otkZXfGD_0r;3O_C;}~Gkr3=lXsxFanXeW&^aXNRG
z%Ct6B?`g7^^v@GAKBC<ko&-zkv8iEU(JHOZmoJW4CFr_DcXh%I`M9_zVTl$w_>j9;
zd<F58wl#+*BKl$NM-0kDy0D%7XK!A-=pKfoWpf_!umwdB05_=u0jU&3)@+#e5XTX1
z|J~=>pP$=(X7hhvM*(yb|F_yH^MBv|ng8z(`S|=FXMgP|{_oLB``e)X{rbc2fdwq{
zf6r*g!-33<-<|WmB5QZ<a(b0HU&}n4;Sb@YnQOG#;oRIDMei8kp(2bZwuYJ#Y>e%C
zgTEyip66DoPt6eY!#TWdXux;&rfN)6bXbcinI0VW<nn4N{_`v@`gq=<g6E$hoGq<Z
z_;eKxD~FK^nUi93Bh3tjrJgCuj>OuJ#HYx-^<7bSptq{3H7L!?xU?J9Vf0r~>;I3v
zZ|`dxNf!Ov{uI5smx%?k$L5jTg(x`=m<hWCaxs~i9Kw&4Wf?S)C68r;**)2BbHC>O
z-FkGlS`R}q$uN8FqL~=G)m>fvs;aK8u9C8bBg|wLBteiXz>}~jXRQFp&Sy2)Mn!hw
zN@dvS;k%GKF5*C8+)T(>i(-j$sXzq_W4?%bHOTblLb~<14*VJ0(c~Lf?jDBV&_LPb
z1*xI~xtV!%M$@2xj9t3}&vssk_canimB!{v<=xL#G#PTSS#PEIxhkaixhhQYbEih)
zB4i??usD+tOA5cLeaTL}AU%t>)9@Ob_!jSLR7+rWgG&6vTz5=e7=v_%dy#oexUsWW
zW1~0Op{)LVO0fkdNg7I%b>&e~dlky{EiP^D1lkvHh2C&TrM-w!v!ZISWWGZV!;M-y
zJThd6WP$W)r%DT4*wa2L<NjTr<?`QfKAwCV1>imM-_!PH>HKeVv-2qbJ;Y<me>~zO
z0Cu)y0O<AaJ5MP9^adUQMpvUu_#>k~yd05?Cm~*pKqBN{&Et=sDF@~PJ_C=;tNjq0
zFW3839uQV(`Q|Y-7mF9<FrfRI!mg4g2Y>!F4blDD4gG;MgH+dvs-o(0qQ9dbGnCBs
zpb~;)$Yz-KCKxvcPVA5rv1ivX?G@?w22LZkR~sZdz?)pDAH8W~f!Re(0r_s>bO=f^
zYAmQg&Kqt9mw8l?&9W4uv0N1Z06G9w1$)XLo9luUq60ij<t4mjO=Om>u?pY0gKT>5
z3}pLQ<(1cCDga~$Qbc(dSSiZk;<f@g;<F2vR5dnUbuhbTrwZIbOj5mAR6x78@R5vE
zk=;}HO<;ax*|IPUbgFjWXs9N{1iNbfRMyBLgz_<lVA(DiZWv~zNR}ajQk#?H;2Su)
zq^nd-);OR_h+}OR^JkHT);cU7sg*dJdSQh6zb88QPZ_Q;jWuqLS?#C%>e@xWp(9!-
zM%Ry;FEBd0Gh*vh`Yu<F;XAQ<4ehJYdfc02PPr<w2(_wrCxzbKshHbX!i#5V308Sr
z@WPA}yAtD%JEgfGeT<`f@#pAh95$NuQml?uk+|OhjE`sGx#~??Val9A_Hy10N<udc
zNOhQx(owHv9z@C!HtIDEUOI4*@GDEnz#d#kuC)06V$vT97nAec2<}oYs&3iUYlfj_
z+m_<9@5LB$>B^hHrV1xvR`L_gYCQy#&l-aKlo_GjY<N!dE}2jLr3-cswtttOJu7w)
zElH+<^{6;i5>bq#9mb<Xkw?7*)C);GVDbYzIRoy32fJf$nts6yG=>JN<?_%EE%+OI
zV{>UExO^VER6p_W%mX_XmE+T$xX&jtQo?7CU52+Rivzf1*nTT*P^4W}*3k3Ab;%c}
z*%~6v+@Nd<<@yDNl_}t`{LV{fmG5blj@W3sDplIlmS2VG1&o3>y)3^nuLm1%6-Cy+
z6%jNNdH#=<_48{!AFY-LuFilk>|VU?b@zHF7!l%}1-Ew>S6u8$)xvz_$|>YmwX#Hv
z!eQQf17ADU!Y&EAD8|Yi^}7oy(lA9wH3PC4VM>yYAwxQu2x&|U+|TbJ)~!SLkp8lC
z<=)T_Ea*xJbgxB)T_uI$ZxYJdvemNlzSEtZktc^Vfc!=t=&0h@BY*T3<?;C)pXK}i
zx#vHK{Z9wB{#&K<AISc=|9^nT-2c;v)AoOBQ*QrJ10Xujwl|(_cRKm)KkfFJ8UhbR
zWk5>$Q535w?#l??q&vck(nLg|wAY}w_Lu4hg6T9)P(6@S8HDAeC>#{i$_7Qy&d*aU
z7zy5dL9ng6?UU(F=zT^<l{$)KLS0kRTrm2}R2MpA!O8ItN8LBQ8lvu7B-Bcg7r0h(
z30z#n(oKdeQ#*cl`u5#vt)|KftCh@WmRS^jqj?REq|}aQaV23y0X5(+EJEi;n6CF3
zxe;N^-I2M8S1!#>Ol)F8rxZX7<O6}i>vT*ZJ<Nh61soH?XXoxe1UFB7+F8~h)gQTN
z*$8D-W^)-D0q}e>bN|fp*yZ@zRefv1D2_)?&KUtaj~XVdage6oWk6!VXadt=Hfq33
zhb7@yE9tgaNk7DvqiS?icHrf~BAhjPKOdZ4>~{|i-<|ZzVij+Ea`oL@d9$UJ$&J!V
zDk`eRk`DKfg9os5C!LnA{h8>@5%s05M=iywOmN*N%_q1&t-=zIW_&;jBv1^}M&g^r
zSL6G_TH0Ntx%k39F66EYi`sxi#2Hteo{KY_FjzD_ZviC8)xGw@i0r&&CJcwX&F_S0
zs$(>$(uc|fQoC5cjpSQgb2>5M38ki}B*3cOhYbr~lTUz#S`A?;K0y0EShj{TQ5C};
zE1-y5`c*1lEm?~?-?hqjmE4HyV4CvjS2<%-1573yRS@++vOloH>v|zMycF-4MvAH(
z^c$&NYsmPoutT}Vog1pM+IEhB4HLY!PijH<;yZG}QHk?xpDi`IvK=H&<2<Bn?ejmm
zGH#bx)hTT|TmLdK+i7-ir-}8MJ7t>K64gJ^#LgKr$R61dAA?|$nK^0|h4vQ#ZMT|D
z%U)8Pf)uFYq}N$n;~SS)ShmoHMEP|mSIehTO-n1nIMy^{@5VIJ0El^T-nBK!S<3kn
zoxi}BWNReVrjCS`o$IE_7h1o$suEzRnB=H6f_1>$<lE{1XpTN>q`M5W-Ks9O)2!;8
ziAFYCO0tQH8Mez!Om(Rxt4xB(IAo^`<T?XlE<x45#^_?XT8;C<b~Z+DWRhNTZtfj9
zHKn2j>j_=#W*;YhLyi{(@RUun<;2dll%O=5;kn|g8k(AVTu4$>AWT9MUL2j1-eIrX
z?>Q{4y?uXz@prW;v|65o6$Vhws6_wW?ryK&m&nWgZD`UA^oxc&^v0nR+M;2E?tvF;
z=$V7Aq-W$Kx2p#kcmO~O8-LR4Ypw-|Q7~^=dsZKZ9?f*-tlDE&SxRf*s_XNz5UXl~
z*<_XlZj=FLNA?c6TDpKAGGnGxid0ZXR3XqsG0SaOA`|~?OO-HnI6T89zPr8}vx^_8
zM|a6`1^{ZSnThY1igZ=I)U~_ZEYyaUi^dK&*DN$~V_7xLpGrj|uY9Rtb&Y}K2&3{P
zR)2=>0?ystlV10<chP;dXk?xeoVF9*nR&M%J#InHj?>ZhuXkl<2W(WJO$FrWj|zug
zIOeR^sZ<`Zl4w#mBjVIK&9HYz@A|zx9&cGkV?+=e6Fw#BIF0>-!``YrxBmn)k(MpK
zKxQR{Fgp6|Q`jlV`iM)hc5RjU;tpAp7-&y0e-3Lx$b<$&2+gW<Nj8?4CBP=8sJ=pL
zC+bpFD;^h>YnQ3ln3_|o?HH^Y9or!E+)aLj1vHywYipJy94eRZtk5>qDk_7EEZUSw
zl`!W@Zjh;GC81PQ2@pBFh!SszB>)dq&?X^)(c!Mp*H1CzF;l9Mt0;?XfNY*5w>B#s
ziC8v9j!b>gQP~tFX7p+F#h#nzg@`%uX-GoVG8&Z0*N$~FurzVqQ@Q1C!NQzY)vXk*
z2gSxZJgJ>MM{_G(CU*k{>lpEFVb9KLq2d`9Bld-2=AaZSPubZpKco-?FgNcI?+S<f
zxh0UQIps<*kzin9tc{qA8}1OaHCIhMOn#op6jq#=Q%qcj*RtCVk^YeZUqcPoq3UBf
zNpY7I#L4{f3NJGx(_5OIWXM1u(iSZgxk~8QwJTSLoO&1jM0%Q{W$JvF-aqfC82g+t
zsENr(A2q`NUp;r|f8%du0d|l67v2@^|DU$okM{o$^5pctv0(xBw0*w?7_zo+W&u{A
zr;UG`4H#{j3OdtosHwe2CtGoo^j-rqGJ?iykkWR0RSdM0!+Z<H2DB$Tgf7?iWZ?**
z(mCeo$-DmP#jAs(?#V%~uY2rZzu`NnUH>1n#VDlKYUE1JX8)RvK4#3R<D^$fRV9q5
zBl4=kTg6F_FDCQ!Y9#qdAC14H=8Qa#7Y|M?2eL?|;jLsmdl%&GlMCZe_fAgw?~hKq
zKa-3q4V1IV0BE5VRNql{P<9Q|_;?pnGdntMMaMaAK{D<`^MMIopc2}~R64)z+d24X
zh17QzkTt6<Z*W)0&)b<IN(D6Yot)vE@8~K^J(jNd_te!^^w?$pDUI#0GY|GfV+y?9
z5!O5o78Ae<Iv)DZ%BfsYz|k!?D>tm{P+BoMB9jRgRglo$pah5v@5*ox$;ETTao`Q<
z%J`-9Oj=cgVSR^iq@_@)F4IWw^HA5;84QcXp(5D)b?*$S>Tt53!@V+DN~(IKawyx~
z^QuYR{QV7{@bHlhpfD$Lnk7rXdMA&Ta8#P};EuOe%e<qPZR<+LmNfoon~|S<YHOtj
zFm~1Wk|t$|3V?8li%I}f2N0|NQ!7Oo<;7K|c)95+al+Etb|H^-W@%HjyW?gmlaqVe
zs%)!@E&jNqxol)-wDco2v&y!}^q{6J^6oUEsy5&whbpc?wRTMFy=7*5kWw=dNS0aG
zX;VH~LfP>-MveCx^kt5Pxtv_G%S&pTJ}Aj{eCsiHF$0i`vj`xw>_dvuk@UougKgz9
zD`URm$d(jRa%3}|R8A#THL^+tB^Ui&S#mSDpP2=g&%-b$8%6!bDXWbAmb4Eo|FXvE
z%vFoD+HBCSu9a={mQ;F}_&`0)dS&)Iy0&aRct=O`%Be1un@BsQY|`v7-=abuGCR!Y
zsGL;Fa&Q^dki^R92wmcio-phY@0n|6&O)<)BT>cKwnQu4m)86_y|iL%RoZD)Ak$Ch
zab%rOW)Ug1BRXM{O>k+}Se}M?v&YhVw0d+6fl#GNtH<&yZS`1wmD8B#-)a`y#~!E`
zc#)CFD_tfaF+)wJjK=Ph{iLm_+mO{jx^v0dNv2?~pd-=%uv*Tmw4S6l>1Wwh=H-<_
z3Dq3*$}yfat}1e{u!>D%sFrDqS=wf5+e<ka2_4>n6%8<XXXO|hE4mb0+*(mj=&lic
zDbuYI&2XRm#}hg>l)qduJm|ORCw|beh(3dp*^sC84}Li6p1wQjowd)6GS(oBz3Hvs
z-IAqcL=z?st~C4XxBk=pPx?D>rNbU$K)>r7qHS&+f7f@a&U{{4cGkOM?0pPmr(=(*
zi@|Dm*&)iRxXMI%IuMc`R>+DrYo=lixkQ@}Vy@QQC2!&7>ebqsywF2a<42qq$43=!
z_K#2AbWigyRvAhAyTwjTpGb#Z9HZ$3ioHf&gL&;#y<kzl`dvY;EoaEKABFdghWW1D
z+9G=dc@rkhMO49!5DXQWHvRsp)_e7T-@paPJ@-F5TTj<Z`oGSj{_jDa3jH6u0NHG_
z3y@9+{uiCi?e@lYXXBge|D+=jsp`8bDgUnSzul>{Y~M?S67uN*NbHEwG#O`l&AjV?
zZ^t`!sBVLh-d*u>63c)Hl~N<BAbs<z2boe)8p)EIb9`UKhf<ffj0=@6#9-oR9--$^
zrOv}ZDj>hgu1H2g@<u*0Yc@GNIQ)-u3&@jU!75BvQLD8VTb(a}hhEx~(J1sW1`ylV
zlwdQn0nh}Oym|n{C9sQyGx4TY>#YBadRSOW|K$LGi#qPJ|KBS6f7;w?Khpn)cntb4
zN1QJJY<cqdXY2b7ApaZN8}04(R-XLxBG*>jUwY)@<FUvRqy8^4)~`D6`2rjJDsy^l
znUbSx8AZ!-^wj}CtwFM6#eu+&#|L|j2_7?;m%eRCDx3gNZPk~xXDRQ|43?9+@(T1U
zr42W$rty~WEW2e5FDCOD7HB-Np4_Qnq_{_JDm9BriRkB*hyY|;8|HoZ@WFx&nkXpo
zo_zR_&-9@(lb6fnRpuGw@(e2TjB<HKm3iV^p13m4G?!;unP-;EGpo#Voy&8b&!d!-
zbmA7KY_*ejFJ}83*$p-@YUt4Br&goAA*O2JEA5TB<&=tN8qWOKf2x>nN&!*HqC;cS
zRVtt>E{fCnM&X*c!Z;42ydJjd*0{{9?~IF=!h+paV2N#EQT+5}Fto~9g1|&hyV!qo
z>gem_ONwi~v$+m)m&tPl^-wOmI<8v%Qef}6D?`iC{bT?t9mU9T83u(hF$TlffUc4f
z$d$(@JG?ia_?fc+nM~`ROeo<ku6&A`#N%av6QL^&8Ho%W(}i6abR(7#TS$^Yl`CWX
zbdAJ;TL`PhgryKpjdCtrGm4Z-PP6nh_X2fzNc8Y;W8_SDrt9S}TN%QVgk%}ckB#Kw
z-~}1tbEdPE;W=i)bXb@&=C^#;JpUkVytV0Z^Uo<|pL=gFk_p}1I7`lR$1H%*@#GB-
zSJ6>I*nPE2XD1mvm;)++7orDcU&*3>a*rq7>E%&|tH9g`{l8*x*_Wcx>@*LK_If|#
zZ*(F!$ivyaAC6yu;}aYe!n#1n0Qtps6{0Rz@K@Vt6;<Im0D7<}cB_6nSS+h4HLFUX
zg0~lcdGprJbz6D|<g^U>lQBX`epmqd;c<8Gulb?*FxwGGtMgQGv=nP2me{tL*f$e%
z&{tB+VO6%F;>XGPQaM^NmGy&j92_(&y`%ac4v$}z>o-zM2&Cqj<6v=a-v$1(`|7Y)
zfPT224HZu+3>tY~FJ?1tM}~eXSJ<zru)DXHN8sJ7-0wH<^3C5n_%ZkU?eR~!-@X5x
z`+0bp|JlnoZa}eNWHadvO{3DR;l!+zy{rQUc5xEx0nXNI3823mpuZg8vVMl8m20$$
zxmrl0fWW0WG)shBjcY(?*O$&76?(8d2`83A5;2{E-Z=wR<W4;#zUvyaoS*?NBzF_j
zS_7QUCAeIlsH|mLr%#Pb)I*nzrDd^kQKa7|iGP9DIbK@Uwv}4hJAAcpC`$!nm)iQJ
zti2%In}@=Ds*q;q5UD<dNGT#}cJz=|pF5<k)fn(;gKZo)V6u^#wR|NN&sWmzm7%jT
zd?6YuXrH4+g_YESPL;key%~(G&6o9R1wSM>YA-FcJ%*lAel%bXIrUn>VM&FLl6tM*
zFeDk<^xCxAukhN$lZ$3m#weg6beJb`PNQTdze<9Ozbr;5b9Z7M^}V##0DB9^)y!in
z1kHm#+vzKBDg``5l=xmGt5&uN@~7$<zUySPTb?;fsAO1Te4pg4W6Gj^(ZAF(k5URt
zg;t6KZj<1+GQlgUPHcAW(v4(MAPc2DR-|BIUVJl_S*a<9*lVBDj?6oef=eC#ZJGiD
z!+(c7&!OUMm6mM`XsVWN3f4M>bh0DhKB{j0J1G-<M*9s9M+$e9baxlXQ+926AkW$P
zIPr_R2q2sNVpt#8x`|oamikQ6D&mS(;+elmOzEIJ+cu4KgQz^ASy&OHY(~ntWu)l-
z9!Z;yD#MCA_S&@<E4BaoU5%*J{{ms3egEz1KrQdHt*vF}fA|#izndHA|8?uzp|Je<
zH`o6zAOFC=N?MTi^>y5H{@d=9_5aVdHXil=5Aigc0tXszF^@5d4vJv<;(J=JBMAfw
z=uk|;7LfNCuesS`m`G032=Q7RQu#VCwEuSW@8A7dzW$?d6g<fK-|BQq{=c6+eO&(!
z^1%9616_yj$uztSG1|c3R_vjF?^j8LHwc2Mc)q8<{|6d;;O*_}paoxFV2}g6VKPhb
zysjA`q;WC~M<FMoKalQG|3J)w>6pL=sqak!kp{ocgV+z!suDzcKybq-3(1HBk=5%Y
z*YkaOH%!<eV!hryJovHaTK~tY?e)5QuJwN{m2|9<nifzq<;-yyMBZ(~Mtgvx<I~=@
z=)dou_TDu2dT)D2d%dGmM|i_uU~Zt>$2dSAJl^!S&Q1tIx8rnh<^mN&OS3xpvSGwR
zH%VJQSwh-t9Y(s5B|Q&qRS5rO2z5_Ry6@Nb8aK`rZrB;vOt|77H!h^PSD$3%w@~>N
zkzaUbXSe5=hgClKdI7I*)N9Ugwm5g&tQ#R*`BS-~U_35%dxwX828CmRca_B;oX)Or
zG(2I!<evnVxCv)hVNA9Yeh@{#DW=|S)(Qr*old-)xIsmnC>YJ0Su(LT{%wcew62;R
zg(zdLUfg6a(9uOSIzvAk&=7>Rw!jus#<Sa1Szv9k);TXUk=ljP@8*o}ZkNKuO{U3k
z?gx}aaYZPCCHYn<wIjGrqU)f6*|I^o9e12t=XL_0p^MmILjY_*lfNAP;;1im6*%uU
z6fZ<uHHRTA0K&pq0EC5vaHAmHC<r%{pJ6O=Fcg$@jzRLMdjKUEW%v+lW<ufT1m8;#
z=EGSE0Pf8{DONejS2>YYN&wi0JQvX$L<5j_-F2HrL|1rj3*2z=%ME_np|rMyV)h)s
zkzXgBHB4xBj2R$u;{<u-SIT?KdCgg(yk=bmJg0Hmr~Whu%CllP^==y3e1MX!Wg!Ld
ze1ATkM`%C{rKbVSvr!cKAA_l}dU=M(;Z$pu2R$2OgbM#!tp@am?jSrhz+NHRMm>YH
z&Ca!3m$b;ymP}`NAdqhBCezLv)n~~xYa=x=PlbHwy#jgiTeQUC1@{U6q!+wqvN!yj
zUSY>&FYs4JhkS(=Vn(Yvg&7`lC~WK`<OoQ81QQqNhd}~xp}^~2_v92wm*}u}7WoPP
z?T8z91E}W)?B;(sJlN}<P`<X2uU*X7`}ytR@m^16G=S;sZIyi!vhN@CU+cVC&bG|0
zzI9XzmfezNU%fj$?Vao&zSr2d9ka@|0m{Hur72Kbf{8XxUh-Zsg>eQsJ{#4;gZ-Ww
zI~@6GK$G+);mMw690$Z4Ac%lZ#YDh0TzZ*<m?q<Z<OxoNA%Zo9tkR&eDKc}w%t3r(
z3?UqaXii6r{<cXjE}*!?MDh|IJZH<<v`g>gfH~`1z?I9dae$mnr?akbMTRhsXJN#8
zf89JN;&${>u|BldpPjA$#j<NqhNKri3h+V%Qw2qwHLFs!8cYLz+U7ea>p}U=k#CsV
z8x_Ac>b=5V_2<(xndWNJgh&@XgsvA&qqBwOU@fF&rHt6fON_#x4p-pEi*+0!8V%|Z
zO-h<gDJRtsmpEau$)ub#u{PVzI&}OWEy_MVzu{TF{~LvaZ?pZo*Z#k=QS$%%wEgJ+
z`9U67*D%mY46;j@`MM`Y>wErHK#b)&n4-6=fUKo4s9m{8#%thR1IS+O$UOoog9dN$
z^L3&w^;%6uf37R5Hg#nU3pG3T8h-&=T{ERK8E4*$nv?kyHk*MUO}#`>S4}?~BPc8-
z7Z<iOx(byG&u42g$F1vwSXC!a7-+_Is}QZ-x+Bh5!yN7{8sY&q8spnMhR9S<GMj}!
ztHW7_6RxF3>WrvI+8Jiqo=~M-LyfWiH8XNFeQ8w&fMVy`nK?&NjEm9d(-}zNAR(=9
z5}8I}DS=i@xsOr@H=GehGT;R*e*PJX&5~FKTe0g5+OixghJREF{$fkuPXNDDU>?*C
zYZBpUt^=U#I()dY$MGj;poF2!@kdYY$LHSX4*Kum&LH%nujT^x(f^HhQUCX>-QIen
z{}1sX!O-M0O49i>AXn64lH3H-(LCav#njVrNJrr!7&a#f-3pqZoCySn?gS}7nUC{v
z7+=<Lcass{OFO5<@NzFlw!XuR-<2GycZpuZ%v;t?$ZVI59I-E}FpNjh<54BR3gG@d
zAOY#pdrBjMjlHQ?7V%l!B25Dn?~#q}7y2XL{_IU$sslNga9trKd0C=ULIrJw6dPV0
z5!W?3Izw1173vwju6W<rw*_sZvQ&AQiYA7T6JsRysjYExLoBe&6Op+p1#V;ESbqZO
zz&8|B3}(pN7RCW4S?t25_bKkTY6KyEJaYQ#=Z^Cq3<vTc=f4|U#rwZo&z?Qr|9X%I
zmgoS;eG}yQfbOBAGcUYriHlc;GC-kG%?7&bNT)@08AOi-(0{sd7?A{wzt_)Q{OwqG
zL4c(_awQNT1mq5t!k17O5_Umrt6E0eOem!DJ@PRtUug%sjERj;R*b!w+K<9$^|O5a
zr^$5oAnSkq+4|Gc{r}C!`~MH}pm2ASh;R(k08KtJ6|E<524ow2<La~*i(uhl5ejS2
zqPy8wcv1@7-V=j)7|oiYA+A^m$|8XvSb#7|{s>8Ce47c1;%(qfBiOG_fM$qJr=1B5
zzhZe15+Y}gJ86`4qUUqot1A(1?2f(JRci_~C>b~A%|?Vijo084cg6lyf@%X#@Ov={
zuVK57x^gdu+M-r#4v-dS(YdoY8=t%Q;o#32ZK~57Zz9W3V3jFIG?OGHnK)CPyRrb5
z;LNm{h74mj(%C{cBK0flkHhEgT&a+uSQuY>ApXR&ZA50R(`t>+#d9$e&s|6uV?x-J
zr)tm(qs9Ww4`;UO3w)p_)|A{Q+Yw@mLT+2uAWR~fjmfz~q|go5)DhWdcZ-M34M7Bq
zJYSvws5St~&<ZSVG-Qr-W<v{^XmE8BWRl}uJ}*y$D4=gLZ%p}A2LtN5cVq5dIZ2#f
z+|UV){{KbiQ2qG}x0SmTI`bFRE5EqEWSyeB)74#ETiUa-J1d%TmE1JO4(=$lEIdZJ
z7jL9hw1?mlwwdTmwpZDZK`SU1VXt!mKb2xWePro|h;54J*sUq;bmZBOi9?JyKvKNc
zL2x_x6_y#Tvt$n9f55~ft#bn{WmaNQOV#*xaMZGmnscjne~ah0av#Ozy%D;t_;nuo
zABmC>n2IS-4eUh~uxWrXLxK#7$RK|;g2KBbJ=r2VZPlmBgMexZhV_N}59==;>fH8&
z0erskrtsOFOzHbAeEww~(`SU~^Go>b2NU=__EA7OO0MB^FYv8T^?Gj5KA-+C=l@qh
z6nz^5(EIH_OZ>mH`Sg+hKg1)CjU`8uk?DXf2Bh<kfH}^A8`tX@!FY}HLfj<NXy`Bx
zw;bh!1$Oa7PyXmuJwBiNEMNa8z3$$d-nXdZKKXxrqf?6i+IjZ4{vYBwy$Vn)o&r;%
zJpeO*Iz$4Yz9mE-jSpZu090a(CPOncFqx;pXdaOVf>s?s+!BOw;Keh^;>hYQVW(KA
zRHiKgY#nHC00pO0;JVQ*YYd_^smo%42UG=ZuYy2e@G>kW$x;fUNb<2&ufGle9&SU>
zD^-&$*3<cTjGmYP(ZKVsRFQ2o`4EFJMPD#5ziT!Aj{JNa%&w9lhgC_UYutduNlf5i
zLIl6gc`HO0Q%78Q7K};ZjqQQ1P=VFhNU7lmQ5w!U^euEpd=-RbHYn6hioAyP4y$_-
z#IH+5Ffp7aF=i69O&FlxDcE;;^I0;c+hdneGQhJ$^_FbR%#)njUD{{N%%_C4+TF*(
zoD({)n3<0iQ<*oBrbsCbw6se}ri2!wnlgZCFhRMgfIe%WFte6MU=%)sUkRbjnrpS)
zB);)(pQPdkkLU6sTPSIjR87<hN-%uOH{2Km?0EBAWCX(*>ZG3chO`r=%rxnX1EKR^
z{xk%9v)0g0il8_WJ?x+qh4&!U$0)E{F7zisks2BR@_Ac$D8u(SGBoM8BQ60h255q{
z7?D>vS{H<yM+e%$m`cOeJ!oQ7As#mRE$Dal+8kHT;H7DJNmCmaN7WQv3>l}ZU_t)x
z>W?DC!#vCRe?~RGwvPMGf7jbZ`=6&9oyYqh5AvY?|BG2-eHcVD&+P=wr?}^zB`}4&
z*bfXH0t0P~(Ep1w@|@8?s}g*-;jInq@7E1AMC@3QZaF^u^<4DrVu=C#9VpYqa0KsN
z5A9sw?*RXjy3ZS=4X-({pA$;Cqfg%%G(A>#kg7t}Kf=RapJ9%?)sg=^e`IQ)?i1=5
zA;&m1)$e_5nvYG(nUaq}V0F_Zp;OS2kk=(b6c?_c`ZMT}^Og)TJ8F3L>Zk$u8`{p4
z3`nW#Y{b2-F#o#~xcQES;tm!!^+)oEgk4%H)dV^}m<5y6Vaz~!T4{BjT{2stI6s&G
zoM7bQU%n>}^#Sz1<9SMECqJ#S`65k`(v7Ubf6Ya+lkbtg2UCoPC(b&~`gvWo5q>;w
z7yrO#IsIp$_gmC)pZ;favt<9dx$(IFdyogo_ixzMkUfUqcAM*MXRF=B`*38Jk*SGx
z1(59;Wpn+u<G0s3ZNAr4t1Tl{D;ur$NT9nOY5!R(=&5UF%KjZSjNHbbzu&S~{k4tt
z&!})zS)o>q|Ivf=J3h<TKa1qwqK^C4|JK%KY5hOm|9zMT*1z6!<t;vV{Ka#!*HHIv
zlhG&*W+0L9Q4sp)q~j=gB@u7rQb4-SQ<kq%vIEJ9SNZd&;(~1dub%}hNUjIP8kylT
zoevtRV>Mbfxogs=G9a8S2e$q*z>=xxuL|9!+4A6~SZW$f&<C5du?pBXWnvV>jg$;Z
zj3cuQrow8)w;ZcwNsBd6SN+6));drBWy#3$^>1wBzp{?|*8kJZQv8R_XPw9O{}2ye
zU4R8EO}}Iman{zcN-kZZlOx9gsH3{MLUpXCvcb**m&q(3{V%D7z3E4#z_L~?G9<a3
zgh((la^s8UL^LC9947vYh>$S}A%(PA{6g!o>UHxTUXc!!sgQBQO_H>a&V>^>$;7#I
z6#;?$3N7oimFCOF%5c?QIbTUv8)rZC&u!&rv(?;LN!J>!Rr`O+4QldHSz+LhiR)T@
ziz|g6&~n~I;&)4$6lj`q36ul<%_16d$E&uKzwh`jU;ia#-fynsUi<%zqW_;~TTdVD
zKOf{_<No_~v~^rvbQ4Pjjfa`-&BU+s1l>S#Qrf~xRP0*;?`!k1QRY-c6>X`trz6n2
z>Wg}#UnoxB@N8aK<VxGKVRgyyS=#hT3K&Hx;8*m$To=merOKx3X2{w$Mqv;oS>>WZ
zv5J#u=)}Q|;h@9i*aMfr3}YiUHXN%TS=oE?Ts>>~^C|3{$i1bx=x43;3Mkq|I`w7S
z$ZfUTF52#FOUKnks$p$|C_<Q7NO#ft&T@3K5L0;3xbadm85#k}AVnE;Mz#48FU%<-
z3i3<V{u$Rp_H5j~OYW1)GyHR&y^#s7G<_qK0oFK}c|^3)r}QX@uN$`WkBbYSw86r?
zbS^MT8UKLHpA5ShZEIMsdv2#baM$r~8^7QO5O(_7me<%&E#^O}ls@;lkN)ekp0B9m
zUi!aP)c-tNf3*L7m`BrpKExvfU0Q9t32a8jG%ya*)qXGvu7e1+gYu`Q7gtI0u>tSm
znO6IkXr;NQA~-;-Uc7jb?XJ|0j9%I-W6iRQ206M~rkVzIb&!JQvODN)n`u)KuXV17
zkOwA%E!QlDn@gW$&&eFcNNskAjN?~zsvx__G`@spv~GZV0(kO{Y>17O)fyCk5CAJh
za-QcMinnDMp{9y#gahO?Q8=7?vL>7iBv%9PL^BGY`b1Q1lj#tK*na>#rUUh<uo?ga
zS&Dd$$)+D??s{V=UJ%nEeD8s|OAya65m9xlbD<bkr2#9CV~U4ZF#GVsvHU5#RkQSu
zUTpt@&mHt%?XbSOj(he08^!y-Phn5+NdF(=LBD%nXa_>K6wp}~h@9)fPonuaPDKOX
zIaJ10?4Vn*H;)Q?^XRU<`2}pvL7>a+%OmHB^|Enxv2t_1W?L_DUygh5Ck)Q}r`u&<
zUDwM~2|QHZR#ZQy%^NTQDbSQZdT1WxxzqoPH1GP_I_|yy`K)CBy|MnN|9g-p6Zptl
z0Tw&y>9nPu7U@#MxI?}L4nL4L(Ur-CvQLAB<V}oQ__pEx5Eis>MaPkM)0sqgcrPf<
z{NH7eZo?oN@*W)@&k<OB;0SMRVBA^CuGo`{PP8;I&}^U+GIG5sofb10_@jIOkAIf0
z|IGaHYwNgg{jYBo?Z2OHY(DybdXR@TEK6-$vo$Z{J+xY_<+eunQZ7Oj9)fR+tfYKX
z1pWdj4i=H5xaA7sYwKOVcVdyqk8X<s<2niC0fFN2`u6Yl+~NP9EzrL~9rv#Pr)B?d
zkM=(g^T_kR<yQ+r(&68V8$9JJ9}7smPfk-D>T8mEjVp$GpCWkl$u4Srm0B06g!8t0
z`udR;e8cAs{}1Yp!dKUEpZ<5VUB3VMc>eb=kG%i+TW+9Kp5u#VAdXye`Ku?8_%Ep?
zVAt|eDkl{Kd103~hDbtK$J56+x7GNfEe8ANUw3dTQQAa=c4@Of*2xiCNSmlA95KqB
z_}k?Z2WlTDWDq}|N3(E(#1XpcZ<8mc<4c0mm^k9{^ARq15!SwzVUKg!P@5j*+pE%+
zO64GX_;E69#EzKQ;-A_TSg{-8%;8tDJC58V6vS}+*qJ1biFr${zCgr+xN*czf%Rwt
znI1!@%qKX2M>)lh(WHg+B@EN%BkcLOzoj?kVZz6w#kQJ0iJ2M13}lS)83wp_q{<~U
z^jCpS)MzxYFBW!9IwGS%L@idD4dcJ8W!A$y%jv&)r|s+NxL5z%F4})SeY*81|2@c~
z^uNomD=ri9=+X!}e5Ls3Q+eQ1vKITB)oO*Umi5GP)|u`YrUv}=2Ukmi1pzS=41X{!
z1W-y$Ws#0^SrQqi-VMA)qpF4FY}oaMyI#L_*$+?w-M`&F`8QtuOV<DH@!R(&2S2<%
z{Wf*ncmE%q{T1T>J$<zQewYXE*B^#{5T|I;sh@gX-q(-#-4J;6Pzp&H#3@y_U2hIf
zRUR}L<={FXHU&{~gRTJp1iA%C*;-5j9Zdstf-{=kpnWKc7O*Ullh3gx6yXL5$eNz-
z4TEv$*C_`GA;Hwgd+X8%I0YZ}1}TV^vmm;~_yj)4t*v@}A0P~YiiDB0WcAoBZQ!t9
zf!S=b{r&ehH#f-JTFLbCd)b86)odIIfZ%@Hr(WMpCb!e@@@gg;ySC{3`Ollp^>+Ii
zIavS%9P#$uZu2BepzgOABrBymIM7$95d$F<gzy;TQHT2uIv?XjUk2nW!HaLj1jJU<
z+zrq_10CQ&XH0JEG)w>{*V|s2CeV{8-wqRho+<v&`Zfjn4g+iTWeLlsN``?K)#Y7A
z^~&%dfQmrk4j94JkLE+fLA{Q`aVTrR;?xgmox^-Ngr~#NzwmEB&6>;y5v({z3_}Dx
zfFXv#!$cY=2ix&I-ct>ts16XqKu<}9ox@fl3HA-tFT04$8*i>atj)C~OhJ&J#!w{(
zAcNgQnoy0u1U@;nAh!ca1oIl3<|i?GL{7Ks=mCSn(NJ4>n1RcLK6f__z$6=0`3mR>
z?0^P=?63fXY}YYKHD`*|Q{Y;f^~qFU>^D(|8FTu&C;G?xr$2R1dg7oj-ku!)c(B*o
z6IQnmzb!}nba49m_}!`a2?O~YoxT^x`=WdFUi|goXwMP7pWmMJ`h9VHQa^a}_VAzw
zX$MEUhwt_dj(!lYpxn{%sW?1<#STDEj|EmJK^^q^2<%PoWcM}v?7liUJUD&t)b|fg
zj}Yem@rme)x80M|gWY$B-4mGTCvT7YJ*a*Uz#bhO?Vms`y*It1)0Tj0AyM>xgkPfn
zx_fwtb=AA?0R0n0P-xyHULPOs^&s(84^ZpAI_z;>(5l_T?!g;J>~-ICf9O%EV}No}
z$83zA_~~^Ild!%n{J(p8aD0UA*gZZvJ%OJNH1p(C7yap=-*ZIw<e-l|vVU^?#;Id}
zLWyGn0_Bc+3<djI<c0*Y;O}?+o(714n+^dMjL%VS{C*GO(?DY&m^QlaG8I}S|NnNb
zf9Sc7|8JG<e{8OAKKg%ukcWp_`TG$t{`GnvILyIO{}flB3c?6<i3xZpgN7j~YEjnL
z2Ypy8?<uQidg1{V6<?xpI1o5C3Xi-LnMD+M$mr!wQ<(9q;wKajfJ_1sFUfVJA&Uql
zH+b4By#qW2sBH5lAYyB{o7X;IfMccMWh@1XU@?P5KnCW*n@oU>urGs_h8?8|GFJ>p
ziH?a#6hYTI#n2<b6o4cTn_k5F3RPdLQo3oO2O^Y5Fl1&F%#hmiX&Ld#>o5&TEP9fP
zn_vK4g^ICRm52gj2}7cdPT<dH7^6{k_fo-zLU3uZMrcp1gCK~xjlk2#C_w=G9R+9~
ziM@$T590tNbK+kC`+L(E2(ss+>q1Lw2H>f#cvW<-K^*f2VHD18mkuy?9Xf^LyfX4z
zP8JkPWI;p?Cu7DQFynoa-Y63kTM`Q?i4K#S7#&OFB&Zw?mBDD@fw4}OHc=n7a@SAr
z)-^@>+I3XhCM1Q;V;v9`@}XStF-|DR-UO<^IV6SZD~!_$SThs_VA=wFK&pZT_bv_>
z%_xLjzAovoyDuCGkaR3m0dR0nTEQ~x-V7zoSxXe@0rwc;WzquZfn&Pqq1&FddWaU7
z$%K1T%e)>eo<Tx(Cbvqg*$XD#bVlb;$gwcc?2MFpeGEP1lk6*HWfoN5CLkY;NDaN~
zfxHO=j4dYOG9$2<br^`hcySO;$#-fjUQNBfhmoyj^f;O3R;CPHN8upn0CbuzUt#=S
z&jZD5nX>+?A68ZJe>vFSs*Zd3|Fg}FqW*7lbNzAu{~(XKuC)NLDqhXQh_-MT31As1
zV_$x9Pnb@9U?J$$FF|%RkgEstP|#frp)84OU63QeDQu>c8*tJqB$FmtYKu2Oj_4vN
zax4=Sv>rifCeqt<761VRJ~WR|-M}%*K(4rLiG6Yom(ewkjt+47h9hx{9&8jHWDN(#
zt_Es3q8%RveO6_~VzGeT6JK$K??^k+0tmEMZwcH2W^`HIG`Iy~I+>8SU%U#tO=m71
z;P1t0C<f_}I3E5bAtS^axbb`e4B1ao_yf(pAwS~_bPD86VV4RZ4k}uKN=<GF?AE8Z
z9HALQA3$qBPQlG2!Esbg4hlkmg~J0F;(l`oT%#@-DQR$MTKLc-$vFIbS^gu2r6fe1
zNY_6wv@5!Fq~RyV!ZFEy3S;1$spe8?D{GOsk^Uq7tHA%5X^gbIQg9yWWaES<78vZ7
zogEE~Dbo_&2*;JVB)O189)$g)3?H?B$&h_to6Nj=4bUn$Ms9>?6KKW_vO1JD_HK1^
zr2H&GS}Y#gS79JMFJfNqBj@1}<!Mcvn})>qP~Oz7lz=RrZY3z5lGWJJw5pbsI;iB3
zcQUX#y~M<O#1@7az)(Z9hQ?4?q$PM&!^VS+Sg5Q-C}Ns`=zYq`EiB!f|Hs~UfJap|
ze=kJ|S5ZI^Y_FFEWrLedp(ud_LI@CAFbRTEx7;LGwy}4Y5D-DZhS(6XfgKSQu{S_P
z1$|Lb5fK4FKtzgSFDUq(nK|c{-AzK%Pya7@9%c9Lxu?#VGc#xAH%<g&=Uc3r4VI)i
zb0c_>02F~YhI%Xb7^e%u(p5jq6;D+wcokS$JgRQCQb4otI6)+KCJZG?q3(cKNR}Xt
z07jvL?1m!A2?6L+ZTQqxfzLz1GWx_CfDi82c>W2Bgu~<_t9sZwst2CA@d@imI{Pn^
zs>&qL%1mh2z;4AT+n~S7GAfuWKpEpQ8wy|`SGoAR5rv262QlLUfxf~Z@UEA&f~*0h
z?_h)x8<(g9ewr9JUU8$!;Kf>E5d9y-67a7t#45mqz#45cK#LVyjH-ZNSuGq*R*S~U
z5H3xLdWkH3p<vr6jUkF-H4iV@s1Alg;AB#R)HC8qreh1Qt1X*NNWP;=iw5Py9S1tC
zdMg;G4H^|C;i4862@eD(go&Vj@IwvRPrjMy#&aKBKhQE6lK`{^uCoY6O>PSc*eB5t
z3>%h?o;0RsE8GYS=(=%p1kT{>Ez|i+FZH3Kw7<;-*`c2vUl@KbQxHx{vlP_#0M3rF
zzHV<c21~;iIz(^a<pQr7*uU2e5#@rlY6_M>5@a%i+v2rWiE)6zaiKBju)!+97K=zw
zp}DSLQ{d$CfZj0W0wB^b4+B|xTfZL*(!rKwRLGR!Icz!begK98>q5Izrzkk0NhD!a
zh%%^(d#ccuk7}r2rC5A81fh>O`Dlq}>MMup(%`@kdWqbI0FRA?g5_)`85x3#jOPJ=
zUkRd4=c{7u6yyx1x`O8}u}09)$eN)e3FC^ONr!dNkZefC;MQ(K{lwFXPZz7jAz+;a
zm8X&xX_+t``#Fw`;>1soC#u~m3FmSRe>#6?%VrPcrI<!A1~B`;yil@?hC+~o2G0?~
zZM5!NR*PA@U@Rz%3LljgVhv6?TT|p?f^tx_!P5slS-6qK0WlYBA_2jea}!Ysm{3y5
z1|ph7E1K$wfXxRe5qrpFo^V8A|99##fT+U>HZ1dD#b0Kpi94*i7$G2tH~W{OC*eZ~
z{~rs4;a|A*hkwiQ|9)k>%M00a158W-D#Gg#{1k?YH2BCAc#TPt>=Pz)rw`~Sj;~T+
zA$u6bDq=y=)HwV;K@Cwkem=5C9wr9yk3J9opoaJdaC_n(LmGY%jnG5ZwD{TW6E6o<
z)@cb%0s7?Oxr-BvCo=vlrqTKvOa*!(Q6YZn0DrnjMM^4(#(Zi>b`2~jC2<fqH2ltv
zHrN2;G?&MX$B>F}-}Zd&Vl{{<L*b}h9A>ch^aD-R3?>XqOv06E?FDm$*gSZX^%A)!
zSv=fehb<>@7Z%OQ<X^86j*4R+1_fQ<19Qnm5mJUkzgd;+F$xcObB7&33n`x)U5pJ?
z26ds@!aHFAV8!Bxk0Fgg!%!vF1jjq-43_PHP3OUVau9Z-;6lc@ktZAMC61x%XOc&O
z@aDLEY%<*N1OK0Hxj8z2N$o$}qJOm7sM-FLd4Bs2@$tVMI&?gi|K)G_Ghg1A>_7SZ
z>IRK70ui*MD+4wa6sh&t1uGH17y;4qJhuHS;f_DX7!cQT^~ahLfIDt4$;I3>WRmA7
zFj1@S1ttpy)63caOa-cfQTO<CYdKb-J5p|{#?OQ$fm~$VD=?|cC^DLLxvi1r*fIJX
zh%*-NE5ULwY=~c5NAV}!e@)ZnC%`NMHk>!8(3lN9vJxGqM-eCFaoF&H4aor@h-Kik
zOOL`at-=uvr2^Y82aX7JF}@i=JCh&yCOeqHn$B8f3J>-fUWDYDAVh}(l;8k->F{t)
zr8?LnC^D*@(JS4(){8PLJ8~kSSa}68OLjV0LdJ|y0rOSMW8`upYu*Z0NFJxUWs~?1
zWtoB;q4)iAxjW*48#^yp1hI80<58kfE~}#<2C{nueQBXGO8UVqk4z>JQ^C|olzv&Y
z;4dSSBq9S85()Ieg>f_p1AHlYE8J3tYu2elnunbw0k^jTT-`Z6xben~ixHOc1KeJ@
zs6-x01@V5+9q}2yD`Yq$6&*AIabP;QHNZ`7FJNt88w_>-)M~e32eAz^4r3d#$-=7=
z4V+96iHki%g+q7jj~j$>B*VcSc6-OTsi%Y)z>7!S<=``lhA32IOuGPOQg=CrmrpFl
zpF2^3WGZZg-%9E=P!mj|2!jinTlEuK4L!zuFGdb?CTO8X0#4o_hj4#XzOO1PRBwgQ
zml;E6O&Ocr@Gv!X%PHs|waQ9V2o%WhhOdlKs%XswBB5THhwZ;HI!DQ73pH$*>~gu}
z5hIL3!s-iw_WHw0aCbKk9IIn$iNd-KoFtyl$#yIHj-3iP${eX85=&(02E#Z4bMfc2
z2xaubME1fY5E;R3j^jVmouJ=OZ)wS18_sCEJSbLe*f92;??y}r4tM2XeU7N1h#FPJ
zpzy|xU#*LAl$qkq$ylk9!?EIGnyUVb+cn-*mCZWKrV~OJ4zfbRFrvB~DCL4x9OGD1
z9i3BCU5T7oc0|>Hk`6JbOeGA2L7aBVu^{XMhzS`RQ^C&+SVB7|+O4n_oy~hIV!<(F
zd*zqOo+_?(0uzR3UFax@x%-b2iHwB-j-Gg8a4#>IW>k1sqW=STe}EGJfH#~d<fF08
zJ}#vC+Szp%Jh!o(jByg~zs_FS28)Im56<QqB&x}HN-7aj3pD-;J4GPkN9#ft8jL*f
zIgONXLrK`jieUdlgoe!cig%3Z3}(~dj)vVq+67E8U=->FQjdl8QgB;c9(4QDG<O-B
zZb0_oCreEy5x?or1|L;ZRb_4swWWws4z`R)nunZG)CicN1kdM8(8S}xgCqhdh8Q}+
zPD2GPC|q!`GEZopo^u;b)H-o8T{LsnnK;>$9Kx<enHK4)u#+4StU_}iqhLdC6G|Pf
z1BYDHDE1ny4G8BR)#I8#B_espIQN;_hp{m+&LomWg3A2|=Zz{HSXhcCGp289U~!cT
zqrghZ0?tUTI}k5e>+NW#f)rq6e00hjL<aW*ux7<ymN>&G$e^PR-8nFBg8d`QBDW&P
zg{qgcBRR<BMpG^=Zu~S>BhK!n+fcyz2&X#RmyF@K+0x3GU3MI@5#8>^JIlyV2rFq^
zSiwcr&oFUPDO_oV4Ifp|GD5dninuUi0$c?A6PSqS1#_N94T41A<1me>;uPl6DJwz3
z4U-qZsfjnlQxLOd2qS*KYQSHzgNzCx*iPGa{<f)j@L{+whwjDXAB;47z?vXI2RA+^
z6Fb_wFgCBlVTm2E1a=JM!s}Ss&L+VwqXbHrqYk=fhy~z0bo=$2MLGxhY{Y^p-UvlO
zR2D8G9HBN_e89N^iZ&z(H{ISC%#RUKBs7lwXk}-dTtak~v~7bXv9{Sb^K4sz0izx3
zSUY-vznYy!3~IwUhUeKd`vb{}7i7dO4@8pSZHe;=UkJNF5Dk)`<x_x)z(<?N-=Rgp
zRBX6L;o_zB%r6=+D6e!Bc$=_)OACqzmbgf+1-8uN1o`0&GZS`e!m~}}o6|9#&^^zb
zEldWqP?Ne<O&@?e@P6bK_bx6dr4A&D^%gPESl%Q9K966vaadDbayBZ!_xYW*>Bt?(
zrXRlOx<DFN2Dr<UFp}aDD|m&9w@2b#T2)p<bw>-GA7J~YtaI6PT(L)SM+i0p)KKBp
zDhN}n97LcBq56h`X*~7bxMXZ4t~jG*JoveS7Zc}*aea-efxdhKj@L@;#<nR#qBkpw
zusC#v$Gv1`(3zbqYLV=ygd~k&p+w>ZAFNg~A2ztdhb_*%)L?G%&pVIL1V5hOy3q}R
z9c1IjDbCD5vgIck1frn$#6}nm#r(#WO9RMlp=jZD59xhx-HM3|5j89{d&C<DUdTJ^
zfz^t_=7eq`Cq_B7dRCYT)iaKGP^=Kw4zC7b9@qwAvO<_{A<6R-Pk&b7sDk3+qT&Gs
zB_(;i3$QPv^7<DPmzp$YlvOaELI_kmh8Fy7LqUud;K>#_I|QA{x~D17dSqrNXftbM
zRtLU*Nc!b4yTH`Qa6sFE?h8X>v{X5OR3Y@#QOLq|N@v>!n=k}upd!^r!eF^V6HJ$P
zaP7pJF&)v^6sXp4sB0!Bi+yr?(S-<zoF>kAlT;O>Q9H-4RGA=Rr?lR(JxYojexyKP
z_y~3*yHS%GvQ*=bX%$$9qKvWEL=PE64+m!$V~nO?h}^3nuXJ#6K{lI`P_QZxifN{%
zDc0T}($He<0Q-qO7A7`sH)$%Q=ZMQ)QUeXc8Jj24K*ZgwFm*8HU(pS1*jCRXuCW#j
z>?ukkJ;B`<NcLj8K)f~F*>RBnY<VKyHb#7D;J4WYF9`9YJW14ZkeV3^Z!|=vOEE2t
zh9zTmF;`ViCjS~@svqQH&n|aN5CQUKIv6;_I>i_>r4}6Gd8$R6g4+Vx`;^a?@m@8G
z78xOi0rVlNiq1FzNobqyOHt<Zfxg4^+j6GCa1SXI{NYGQi-o%wY@2MKcws|#hKg4;
zi5x~3aCd8Bdq+cHA**GRC(6<yzFpWqV5E$}X%@p8UyGzd5NxZ68z|glSunPiA;!Ts
zMsjvTnGu3Ciadg~^Fuxq^9WY~3=cqVgU%YDy_7NWJc^M|pa|hx=+eiJ7w$oyAb6QX
zJtjk>>9V&${O9TFgK=R-_AI<`(@6I~6A!2@Sc)_Qa2e5)6hpUBT?TQUwoh6<m5#*1
zG(+V8n2f?l^$a7+)sYy+!O7CZF!GBA<`)bq&1U?|kfQ7~m!*m3H72O|{T`-lBa9EM
z3+O3n0R`q=)dJSA2<}ZGn}j_`lnefI=rRJg$a;MhOjy+uegyGa&1n|xu%gOPWQ>d<
ziFD6h;T|V0un|iX%JUtDsG}6vW{CT;Tri%}k<d0nX9KtqH+6)&e_~U@(m_!tCWSu<
z=dp0MiNlof;Sq8Un~bm%O>~nI_mgfU(N$t&OB#YSBS4ewh+jCQCf24$58}=QY9%^$
zv|;Ks^q>u<3ZYNBg-ghp#uBmi*pW+uEr?kfx1V5M?rLn?z_<+!7~XLRPqb9aOJHgw
zrB#?Ytc*hU{Iyz&tCGlAcw+F2{u(w#2NXzL9S?F-s38(3C>@0{9-#n|VF$45NU;Kh
z6p&oY$!vvgIeuT<i}5NBH!ZL#R6TfwiAo{eP$x8YeXv%Y3(synGX>XotG#$&5;j&E
zcL70$?(t#vQ+&*>lZ*YR&X7Z^R>Kr$(G+($$SKy1Ub;^TT~lcoj*1h+PfYUD!cEG}
z>)hf=`jRkTDv>heP3XL*i+1RC08>f<THId1WHaJ1c74kyG0|Ffr|yu5wl4G@BKDKy
zMYNR|q>CkVJre?X^=$HdfkCvugXZWhM<y-D!Rir4=Yh~bih)oi#p{QQ3~sAu>Yts&
zC_8y)fJLr4eH^Y<b%57+E)`b8HFQ2xbpBw4URsGX@ZQAeC*BlSsyR!iP6&SHGc)a|
z$QFJcDY-~ZK$~1wMHXzhaqye%{|z^e!~V1Se`rhtP@-vBt_=45sI`GXJ{>z&i~qy^
z;{885cIsr4J07(j)bRH|?*CE4`qNGRQD~#K`0vb4@%X<T&p+n>^Y{F<<_x+u9F`@x
z{OB=_;*G_ZLuxHaM(H9lVPP>iU^Mn~!O+qirX-aV<@YNn9d%I-l94o^a6ke3l8ImV
zZzV-JL~5=!4)#_m`$xQ$D$^URNI(rJMggiPRT@07a47s53##M!ujY=CS0n~saFc=%
z?^qA}56&wbn4gnYm>$z2>1ZxV=Y@g%J7!3&Ybyf&QATU|C>es=oZ<Y>+96|jj#vLR
z($V}@X($XQ6nZyOe@%hIt>t3HPp&5H<qA!A5oe`TpP~obMI(yBnlgnaj4J7qS6q-|
z>Nt8hK)2JuTf|(ne_;=EK{iQxvDOD&Wu~=kwRN&76Xkm5mFDGm!}|Avp#}NyJ#J1>
z)a18$V^HOZVq!}6v)SK<jlXq%eond9E4A)f&?^V8A~+@WEa)+~x181!>7`Fz$*7XS
z14s2Q7|7n})jzLyNsipcL5rO#rxmtw(3+*Pr>rLSD6IHU%aYTEfXz0oC`(Q&3x>eD
z5P)Us-;=6I^Tfa)Ag2LB62({X%f?X<Y!(Yc(Htf%f><>mFTbc{DC^sx{zVr9<jJVg
zyyD&kr8)M@3|D)57a4|fXmimYA_gTs3&|%zI)V|0Rj;HEwMb4Qry2bRXjL}%xPYXu
zYI(^2Z-#g5&+=Ep`Ooy4qay<zy8PF%J>>s6Cjb5Qf3>W?FG#=!N7P0w@?WP8?c?!(
z&d<m^mjCZ>`Rm%MXHkCX#e)juKBWWt%Yz2@=wFyG+tbq1hqTX6Pw!dUlYZ#n%E(Ml
zFBoW-(ROAx0bx|OM;wgO;&h;t4(S91=ki5;_FSneJj<2Xzlz((zJd)J1;!jZ6VUKd
z7CaW|ej*sfY;+`sX3ISXmIxz(-TLYnrK&O%@oCogoQ4eRgqNN2KqU&cVfKS?_bD;z
zi>gt-lAFA}uIcov)D;e02r`6pvsHdYt5B4vU9N~IWjS`;+T`+TtS?|N&9TEZOFDdK
zFQ?O}rLLZkuL}Ncm6j&MGj@!hcO-vuS{hX6Q^(0(zgyFCs8X13_@5UnEbxI$bQ~ne
zG`Wz!HH4E8$?Y2TkylX;f32&Vk1rAJ1YS`Cfb8dsR^()6UBE^IE{OQigWec98LT$*
zLfS!G&9Uq3#T5=>J?ZXTHqAcxUnF@?z=jInqM>juUrLLCN<={k2qwu~A0@D3AHsZ!
zJZ^Zbk1Z4+5FmRle1zV}=LS@tFBI*Pq*QBx_hZi$pQ?GqEX?x;%#W&li#$6mZyArO
zdCMR`dPV<^<=GsBVIp*DK-x%WL?cL%vG*gRLxU76vSihl!z#>W+lUc<7Hgl)eXcYR
zE_)&h!gM0Wq;A9HR`IS%AeYTf*L3!;<yMctEKLw05>^9olIYY$#LaPo(A$be%(fd`
zWn*e;MpMyT@t#l4ktcTbuvs`a=+VMm=>M2-GDq&J=6c~OUiGHIldkD%t}~%5qer(!
zh4Et=Tz4lgs)nhY8cuWje5?mXVJtfdNHm%&cTG3-mQNWa(dIA}Fam6h%0nf>#I6Lw
z(JGf1bt}YUkHQrYj_C+jRO}n9i><AxYPPm~FN1*4)st)b&5_DRlq>oqDlswpT&dXP
zldhZK@#YHK5?fpMqXH{7cWac*gN=rcc&yb8)~GsRtj13c7%5*|_CxIh&nGV?Zb>g3
zB=eWSkgkv46<<Zz9RdGRC87bFjOOO?7Lgo)63{6lXs%BduGEB16JI0kyj%n>)x9u8
zq=1-fnJyH_g&Q}9X^r@<L-$+kl-txPCyzL08xCXIWpgkAdO%tBxgJx%3QJI{EcQ77
zg0kTO3<_Sx!2P3>wtIZ9+5AH{f~p_8fJ>qG0t4%<*O#nnD=D%4de}r%3n{7LBt)c!
zkC1$f#bDH9to`3dKC-@%laLI>nwaY>Loh+u+zIp|9X7qlR(g?+fL!Ec<Ra<hVy2d|
zP$+uTML4Q7L4-Sc;>*8Bbm5W<{HFz2^SM%ga81^oN!bGRRF(1&6YwkC9=PJiBek?5
zCg+7Ca#n_%k&&I%F+1aYxu9n$`<~H>RmrQ0mx_cylukl=*K|@@{(oy`f6ren`hQt8
z{8#J$Sy>%Bou8opXC1r$`CI<}V*Ot}A_G9L(m{uB0AMd4ssX^%-ap&`a7_O{rvD!W
z{hzV-qpSb33Uk>mGVA}asbohlxC<(cxPuz&p$s@T7;2g-6Rx)&dnywW7RHY1r3uBx
z!zchyAVDzITnJ%@k|b-BWLdn24!aQ}xD3M`D?)@>AY6@Dt;iNAnTZ}OtNW!9hF4sO
zA>3dQ+Hy!rwl%z(3nDJPN|Y^~;)|tU?gQB*JyPa{|1vsv?Cgq;XB?-vSH8@?z}gr>
zdal%mZ6KL|PYv4$hH8n}3Eq9-J{uq(Pq>EU;1dMEOn875)m3Lko(AV~x`YN~yh=71
z_=aSfiNQKL7AwGkS@oZt=rB!D0g78w{Z#_VhrOUiB#68>T8H>}irzq5Pq2z?J$m0w
zD5+ecXR9O$l5i13GuT6%Iy7kfDw)(d_P^2)MASk2mq!UIWolHIkRTlmI^sj9ba^Pm
z^V*;hf+I{MtTEu?;Aruft5nCR>Af(yoK_NwMcA<Ng1!=VNC3m{Upg=&Gm9NQR6y3K
z1o^2#8QhrQ46nd^fVZrv-!gQZtX{h1Cy~0H;G(XZy220~h5U`X8|FeXEZ|R?m`M?P
zfNt!;DwD&j8Wln8nn?2%1+x`@=&*B+&7Rs*p~Z+WQ4KEcugL=jmz0X_ahSU!^ZfP~
z=(|ILZ!kknvVN%=_}<H`E#eZw4>M?3{NyAiKh$!iVP)8d5yQ^)N4voKom(F5GAtXu
zK@22_5Ab9}_Yv?2n2M<YBS!pjSUQ!DR?ye3YAzh|V8qLDU#5=0rIC`D@Ji#e#qgjF
z-gkpl2`maF$^*7BCdV8`;ZeYK9)caqB<qSAqmTJfQprV<8I)I2GNh=uCw4Adug8cp
z661H7-YF_BjVq7Gte%mHqSUE(?B5_ckajU@C@maNP&8On!p1}N2LKA-mM@@i3e$^B
zOw05><oB(%$FP2^Y&wk7IJ+RZ@X-*Xl2|%(C8(b)n`ozrMf}1>gSw{i^F;lb+5C&<
z6Epx5)h0I*15cn*jB{jWA&;oW^2~z_plm1tWzapS_9lj5XiI#t5sBplRm7J~QdGp+
zA55)4MOcmkCaNok(FO-mAK(a^XDl2Ggb`f0x)=Dlgs+Gr$ru(}!b!E--GrpU7Mpmn
zZcYMdY9^P;1QLMK1D7d~C&JH&f}&@Mbwdb2HZWcxMr!)j!VnTXl7Zu4;xcZnV#UD-
zE(s$zv}3}K31Ad2;A7$e>kmcgfJHBKzG)E%QW+oi<CTiU6SUP}Dl8-muTFQ|;+uRP
zR2?zKYHyQRi<C-)sT>N}aL6{O_}RFjD%d96W(;46{_!hfeFhaelEGleJ3=jUD<W(G
zdf-Sb6LpVa=Nd$nD?Sj4Q(gE@AJHTtD#D5>5x7$#_8X*hUsSY2bO-W-;po}4(gM>A
zABnJl^o!Om<N|o&p|2lwSmj9EraUANlStjli<=6`Iu+&OWlG>de1e0qfTa}rp$G5a
z*pZ?nik}AX1wEiifJ^H~8J9cs0|#1$@tW39@Da|;2Lt;-&Wd3kg2{-3MS}bpfavJu
za$HYh{wOutxdfE0p9J0YPcXsQguRR26V8`-%ccCV6x<4%jOr2=&8Mk337cbkjz(iA
ztZ2v^Adup5*BH%lLxE@uSsg_()^uiChnSUV)JLL)UZ1W21t6YF&IkA>K&IxAMc7-F
zx(Y;q-`(`x+J+7<YbAJo%o^<z8^!jI4q@xe+29mn5r7aV%vQhMHTEHPl2v9M2CDnW
z^l|bbm`v}n-hhc1kn!{J<OOA&y!E~SoT?(SAhD|4;JT=fJnALeXKOA5v+p!Z`d5B+
zz$E%g0T&Fk77L2(QZki=d8gj^P~1l;CgCy;5>UiYO~M3MQR6HTAvb0$FE}EMQ^RyR
z7#P6%2@!w!kxBPzarY#M&mbjU&nLMlAx$C<(}<2tj|e8kAI)l6wTcRH7^Zj#HNAFK
z1YYeQDu;2Scw^Vuf}QYtkdo{mq(v2PdBk1j3dg)@5jEuUMC?w=7wkhs0`yV^>y(SJ
zOIP^>I}xPr&Mn)+F?3|ca4L#+b4g`R8Dt7BggWe`Y$R_lomY@<G|~l4g{noVs(yX|
z4oVLpKNwAoO8BEewpUDL@PYm_lW3Dvz@GB?HNhp~*<{=g8*}5Q2wk0O<e*=RI${)-
zPtAbzH*u2b0d$+S;zDpnQ8w%{WJ)_!V&{*!gp6IsFD}Xr9W}QRv93m#e&Ylj;Q)k)
zIvonKt;t?yFJR_(efmMAfQW{pWDbj0DOlCI&cHqkmBJ~ua5CM3l{+Hcf)4s)+Qq*_
zyI{+G^t6jum~;!>XhP5t2t~&ME7=K>s7XkNs!8xv&vJs3z(MK~iK9Mhx&+eyKS`S~
zI`o(76X0utTi;MAxGCAHYI5->O!|e3CgzxKaYVX>2GPgWXciDWeoV7CN+f<vwKxRT
zq6Z+aB}n#}0On~{Ie-n;BJE4brG2<=f&B9by5v^<v53iy@h=tpS;yJ7O_2I|Qy^86
zxKFTgI*YJts(+l@&ht<KssqO=mF<+clcz(~nI+U=uY~+MdL>ReRAWqxwVM?Jkne;-
zfW6Dc#=6J#i>KLUeIS>L>MK7uE#c57vlcbsFPUq181v=mM@9gAooV9x7xlI~k%I~y
zGA+$w7^TZd92I{dKd*lpycRe86WNS%Avv*!Fx^~g6(a)Zag%^5IxNYuNh^V#<1<~1
z$>Duw&vap%D=PTa1>JNo9T2ef9j5L&WqZV)nu<Q)w6OnXzruf~Tf`AN7iM1Yf55r0
z7XLqep^v1ETJpbiI=@3g{9k6LWBGsomcM^o{9h^gba6MeK8*e#Ipv|d|5fYx=adT(
zI7mtE19&igX7WGWJMfr$;4$~Wqv0M1+MRlY5rP)?K&miz2s!r{+qD}y43g)JL4@2j
zuts`grExGu-T(nZC~+4egsuzm^qOEz18`a`o7J4pftR5iH;`y@0tJ=k50XFv9Ncpd
z>CO17-(AHNR4&q@_YT2j3L`z$>h@Uxw5@hJ?!w0tpYpI1$l@e4JgmZ}xcx>{jbL3a
zi?^FdAR(I46J}d{{<IMHs-l@iG;SRL9W#=0<02Uv;Eo9A&%i<ivmwt<YU(JHkih0+
zG%Hc29zQ^|sZo^;c7oyAX9i$ZgVYcWz^51;haAC*59b{dQ&cJdn{6a!Fee1Xw4Fw#
z2HBXHyg*1Gj`Eq|tK*FKqx4sCU0uu<7SMN+7T|FZxg`U@yVad5IfR}fD`^2XL0YO)
zHeLWyr5E~?iWi0q8N%HlQ)TS9QCx&sknb#zv*aMV9JW9(lf+iw0s6zH@*J_cpCnm`
zHQjHN(IuO#DgtQbDHVjN*Fa(<MJ$do1&|G-5e5K6!xa+(tQb|Rgms9yDOJn~E^^IU
z<_!^?aA1Jmgd=ls$5qCLLO#qy;xx*`wGb8`T-={{ltWK@f@w4n?v?FkO~v>yp6A&Y
z;wk2XN-7RhuaLActkPsVa+HyM$w@w$PK%o+7=IAwoc1yI&%>Dnn8~Vyt*2+dG;bC1
zFxJ6t6Rln*E|v~plbCXy^J$57E+A6Uaim!C9OX#9=2MMmc|c*QNO;4Ym>J_BD>H2Q
zGD{Xxo|fHhqymLsIhZbDwL(OoM`s1H!IaI8%lV?)^0_dAE}#l^NCSPytU$TsJn(6O
za$tEv!-3C5I#pf_T(q<0u6YOTIBL%|)osLz@pyK=Nsi>mvc|LX3Uhnvr+Siu%E0qv
zdXs><j>C`@HMIh+3JW7ZW%W2mRv%p|L7qied((qVI%$AEvOmehBTea%sqoN2PQrwu
zSM=0$h~mkJTtZ*)D1s&%j1_qyKxG+O$dgk!-w!6gBuu7`)(_<2y3N(h3(3sO=Am41
zvEwUUWIr~P&U8Zvm-w%kmY&Ey3X{<bUzepGiiSruT@JDS=ZopGc0^<~5efkMQ<+lo
zNgV!N(~lK_*y<!#aj+7#)kJQ4%njkz825ykhrQ!vWEoK`Q`OTQRQ(~jH0CFxI6E4!
z4d7sGnc8RR=_N$UO`)(*YC2dPgc>(d4@{^re9q)4DTbAVEWEe2X&3!~dGEnLqwlqZ
z9H83vO@rl$kD)7M@}mr*8AN%4JL8p+v02>m*qG`aBSm3J^bM;+0i?P8a8Kuscq`yN
zyj#J1YnW_>p9OG(DVh8b7zcM(q3Pb6JzOU#v|uAQ45EYvzl%gx{7x@~rc+5=MjC*9
zz?-Rz$XFrX9+X$wNB>0<PxFn(SZQbs*}_%70hH~HMIs<t=-tk)$vMV6lHuTej=d25
z&*^UY-P-XQ-o<|AbaVOq{u)a0LQs|2>Ax3kZFkf>^WtEM3h?}RDGw%)@f&`;prpXG
z9f?m(l#-pfAgQ#88dQDTg)z?!XDYe??BwwEI9W`B@P(4zB_8C=680mfURRbZ8%LWX
zKUL1`+!@cc4st0u_c-N2gY(mh)sTd*!&Wm4=)%ShPwi9yGqO2QD1<_ceH=`P1VCal
zX%VF|6Qi`JN@;0WEp8fq)f=Kot5iHRW98t04}j}D5g(H%*e3T|*0Y-Zn`xE@f^9Jf
zK&obYxa7W=Bb>IV0q6mnSTgTV(+<kFY@x)Bh3rEzi6kDpU-DJ)ta698wuepm$;rf(
z$>}7sIx6XeX%iT;{QpZOM~O%v{X<YE6CdzqrfXH9qaofIyNTPyi~b3AjzlwuW`K|r
z+zak^)(_+np;%O+H1V=YpTsK6$2vO@%`hHJ#u;-oEf!Q^Zb?}2s?a(7Y7zoVDJwEW
zxadb56B*bn6Wt?Hc~}WyDi+8~tHsL8*~%IUeud&^(=TxlbH)%|rf|1HYEc*Z`5kZ+
zv=D2bWF`}{L$RluseW>g7(1#p4TOpi3XRl=4EdwYlZP5T&t(nqeQYJh#z+N(Er?u~
zRS{tQz@)l<#f`ulu;ys-(4w)jGJYh46b+b#28$L8!=YE)E1wBRas5Q;g0-9Pj`%|w
z`-jnPFhpGi%EIbBYB}0z#L+2n^A5-(O!QOB;Y3%0;%9EjArlOjGe8)ZixseLK@OJz
zDx=jwaPa6x2AC8~KY*i&hC;2Ftbl!F-9w7^`&(IXKfr#a!E_xh@?v$NHH?wWK&8?`
zS1P8zxfHl7n~zv|TA4aNJr;&sv|w<COkl3W_^-iOz?Y3G2r+dl=Z<tl9@|Bx@`V6Y
zK&!tz&s#QmP?>m-?$m_7Uy+apdcr6y;P!)|g)I}t06Ow~5tSYPB`V`30e5Pb_<Bu#
z%+)lZ+akcE0*=h+Z<0@z{WLI}XPfO!>EqKFKTLy8q{SkBG$bhGmt&W>_1rN;_4`$K
zKrUqx*BB*|*sW@ZtB;fkoT{IDj_|#T-aU*%hJhooVY8*k%*aRsJ%VXmik=!pa#;4E
zXuTIW>s8luC0?@&e+o!Uf;ZTFKupm9KU<MVj?H^7e+VbO2V@S9#5KXQ9iaym;ADHL
z4M^MrsTR<qghHc1Q}aeJn+~<X_7`IXp)gv(90S}@R-#fKq(r>xIJZAl5DssMT)<J^
zf&m0W5U<FS39};xXc6`%^cnd#`nIxDN{*W$lk*B}G#LI7G4c3~#wyG$VwGM*s=Aql
zgLwk-MvYS;(va)&fPqBEl8L1Vt|^pYvliUdEgf|1Yc)qU>!Uqaf^16|A};6oA)^tk
z5!3jLuE9xc$`)*dPos`o1s)2Dlq``AfV6RgH}Z2!VjD*M8Y9PlEYi`x@Q&qZxf*1(
z|EpXLYP<iB9t8lPTJV25Wwq}RfB&DAasILU|G(q!A9w$6x{8OZlS9P+fmcjd{zHZg
zamqa+p-K(X{^~9PItGxO!~wwE>OcIR|JXJEKlqyea1N9IKiB+dm^h*nK2F$z3i-vS
zfdhp5%F(9^@)4Ipu4Mxb$Up<)Zsc)jKp=~cr@W4m83<AqkU(J3Nb}G>r+YK*pek^J
zbeWp~I}(tBc#8Kps-g>4Ru|l+a&ZucA?uf}vO{$#E+<-$nGOSjlqzojD~0ijMuEtd
zrjEuT*rZaRL>%~#EF1Vkn6xk?QWvs6=u0}}VZ+3o97xxBI4~^i-0ft*u)w!?l%i6+
zFh?92%4K3sS8R5npc%5>CquNgT82~^mC)2cKnEUnR=9cSLN8(B<;tQY0+&R-IIb<>
z<qYXA{5JdOL=<4QNV<_A<&V)7LL&+6BQlnHcy4lT<Tt5N=F2D3%q0W$(JAq8QGIZZ
z4*}N4YI}58jE_lxeF8D`jQ9(HeWW7;_Q8G*<Gnbl&_1%5g(P4;;Jm=kYf`=<N*Hdk
zkt`9N8WYarDQg}>a%>{&VQi^eq^^e|#<@%w=Auk82y+aAOUq0%pv=V+jOa-ox=BT{
z5?;!x{iXH^FSW1fC6~)pO+~?kih@Q(W|;J(XL{mF^@2KRQ_&46gt$ZE_n@X?N-YQ6
zple`}6bhJeXA$wG@>I`$Qy9FFU05c5fOVD`4MFT9wade&pkcpK2Dc(Y(@Q{F31XiC
z=sjCbATKq@GlWy9Bnnh`I<P$$ijc<#6a#w;uw6DA0d_DNWXY{a0rK+DNh-m0B^g51
zp#xHxm{E0zRJEZ?88K{{FfieJ#YICej(;%{8ediGn@0nUDzA6J!1!)s;0O~kgTP`r
zW*vt8VW^|UhGjPK9j16yO)xpHl<|ZpMT+wWBC1>-=9EFz7-5Mjk1L!!w46WzY76?V
z7Pcx$gf!&@KbYWagTt|+^d$}Hw%Taz#0YmDVyotkNY?E`jqWB|JBY3eyDXLUghG(2
z`!9|e7o>Ht;o=71ltc(qhP4?ezIQ>XB^Y{8Q3-#*R}k;<HJ(*l0%uH|5-kZF728oH
zvVvSf?7>n;5+{{|6WHSAwSz&hA|(1`vF8^1yEXn?V5z84$+(1OoDnVR5kJ5CF67V{
za3nZELUdyR*n6aCu)1^<Pq(>Vb6`6U(WW`$Rm9J}WRf0@_KV;ks8q4>sA<-%3rep_
z=2s6UT0d^y;692+vRcCP(Q}NE8RP>GMnyb69Ai>^hjnC{xUl!56cTI!5R+@g)8dvR
zIKK1Xk`}HTO~j#hnjeTE#^57N^=4{;r;4W-g)12ZHZWZXkz~M^OYBiPeqm;<A?cR9
z1}0*OLq1@0LFbp;10B%vtd*2_*;&tI8we;j+~r$ao3iJE%mFi%3OKj`bEPuHM&{E(
zIm{VJmsx?>pjYsKu_X)&_T+LO4YSuUxYc=?{G`RtF-5`yf6zmu4N4OT08)(z07U<$
z;C19DVq)pnxX6A+`F1W0pteQliXN_ArF$^5?qF@=<Pib<x;Gtf##EUJRU-SZhHnU2
za2v#sfxF;3p%f?~yMkxrwFBN%<~JGfnyJ%Hx50F^>Q{p09N57wiR!ss63G}t!V_7Q
zI~s+|L;7?<3FrZ1adda<t%wE3h&x$Emmydt^judeg=I!qTT&Av@iDCtKg-Qi|9652
z1i%@C$XAvQ87jbKAUS{tVWM6*coE}~WD5hB03#vH4Uud=zRENMLd@Xxm5_|iw`ZB#
zuPOQlB^m%L26xQSM~Ge>z=uM>cf1IbY$yWlGcsY(+h=5nzUi`!xZO5&=-&o}U_w3P
zFa_1+he>34art4SxO76*!?)qFZpLn7N?MrpoGl99H73Ep+=!(tQ_rF?4XsN~%P+cR
zK%B1eulUuV5+|g^4_5>#n9ZwBFuE$?s7V;$z!9kD>fR~vGodfZnX*Ih0;xQt==;TT
zqNFAWZDMr_#-S}&tTU%SSST%?8OFl`aPCE3DY66p2fhfDbcmcqg|{dKoB%?S7DLiE
zV9f-y1ulxiZMezNqzF&~MBW2u2W)||8o`#4fz7c`Xdh$*@5ii1P(dnKp+hnzMP@`2
zp+i?P@Xw((Gw~40IUg8LcElHx__t5t5@0VtxsfR;9Lxnt33`N#FiDV2JPO$CtQ$->
z0m0n~5NQao4_4(vabT#~YMdZkT2z-lV7hP<-Ud4jgv-5g=Ej5aAB0g9-$NTGnIX8<
zQw^DIo@z*kyr|h6dJwP}2DFoogpq8%>;lCXMJ>(j*9^5FiUqP`d(EC9`ZYXNh>oHl
z@k8@bA9_lfj13d%j+RvUBk)HtTICQWiCBCB;DUMqfEG2(jv0l6m=#*9O~NRGtg!B=
z;}{=L2Q%1s>Hs5j<N_YW>xO`&cqv-rF_bRJ!*-8T2IM;PlsL@OV8&oc(iXT^%O0IC
z;I0<i8QDQp@%zzl&;zC<vWx}6nn=-oPQ;3-Fc?d<62E|<^y+1C6A*jtzz$+ZoS<J!
zwCE!u)Tb}md;^$_3ryd3^8~ZmwTo8EEHjEb2vj-n<3!G;jAu;6C2?%U<g=-_LSE@I
z#=NjYlOjNrWaF|^VmZM&?WWs@Wb7gj!k)Ob6F`VKUY23INC;^>9DY$VLx9(c`R$WM
zV<QT1>*|ve2MW*3;hHL&MOMRLO+n^v30&Z}N_r%ts(}wIR>@-_%H6SYy5s>8$8`_M
zW5B(WnB@fhYEtw9t-ii-5bXu4mt;H00Fa{_=Inh6@_HhQO(M%kf@aF&@Yr4#3!cdu
zfq%0yc<4_Bzx(9!f+aFTC|lXIOLACW*aunmkxk5A8e`Lvc>xn{!%$%+`(Jj4tn92z
zx%Yrl!WR;^yHGqY>}IEBdZw$ri?M451OunavZI)7$3E_8I!3~!ir0qO897ALgjL=?
z0%{ln>UKs)qrr?$*_oNySsCUAhuN)46TX_+u~Ww^a{+FNrh2{pkftQQUs@Gbr~tZ%
zAj^R=lM*)qDC`Ix%61IXR_L~12!%6I@UdG4Ly?evoC#+qXu3zoqgDrO!j?dsBnM@*
zssp+vzvGtBU5J|?d4LJ(r0yWUIc0@0eT;ecni9_>yD5Q5u(DBoI!b^&<E14}nZqd7
zNF<|1bO&BMXN`;!Vt)y5dvJ_|YMf@#6YoK}`A8!1P79HlD4wlD#EUuqrLL}nWT<jW
z6dV*)lD@SKh<_p7*%{X-D{(cP-<~L4(Nz+9Ip_`ndRAQ?%FQG|unfobnX>>b+hkjk
z;u;plC0&AK#N1Pb5C%Ek48@BIBxwU86t4f3C_8Sz0r+sd6EZp(cgZq*vwA0(Cj#by
zjARMj(}zNS<}z6f&3DM8=jnlc@fXVc=U9;KkVsXS-~E^gMi{usHUpP+5M&DeBW&&1
zi<-L(LO2J*84`^J8Owv%1V*d+?GzW{VRKnLLCD3V67-*d`_fPZ+$tadgHtyKrwRuc
z;l~oy=Yo$MfDSNEl(<ObO<|X5arvnr@^C@d=!a-1<R1gr5vZU+Fs76!h4BN_cQD|8
zqO6W<UGpIfSOVr>;X6N@^N+f`=`;x#x&c2CXfzr^Vak{Wi>0nMS=0g!cu;~Vw3Y`}
zEk-$vB?0X~K$e$BR`SRwv%QaVZ@ktvbrZ!1lTDE<JU|>EFeH-}5=DbrdJFP|$!8&+
z_prK%H0`p>B|8u)!qcgP!)~4xdul2>7fmPQKg=cl|2#O*k$bLp`ab}Y_kZ}W7XSYQ
zf;^lyYQg`@?9{%a)&D;$<NWp+$Nc~Qj=z7h|9_#0i3$A!;ye!>46rnRkP`sB5@P_I
zQlW{&lSc#;T3GNuIwIg$NWeciB;X%*xYrO8VD8vq6Qmv!kZavRBJwgWSUXeJ-5emq
z8UQ80+Ddpt0xbuC7tmva$-210JS39`tqQLKFk!?Z>~+-8c+@mqe;97k91ssuUYMSO
zyN5S~#!oq{xV>Ps^H<3n<Ub-DBrR!WA=;7@Zgm1T2Y`Xq&uZbZmE1%pidp@`(fFW6
zV_xoO%7IA8W<VGENsxVD_tEjqVSPB37=(1Dn<Bnx$w|p_aZEn}OGJ{~!PShabw7M8
z4Wj2zbz8P%iaS7tKV4@vaLNEFL#!p}B_Yl2NB1$FfLNfe7`S~hUJ+F)G=2o<<7o4W
zWfCo5PA=iLWc<nj2?C5UgBdD9NHb2TneM&7HpTJppcml864N+_q=t}8cvlsyl2H#b
zEWW4~(wHQTRBP<3Umc?Wt@sJ91Y>LwYQP=TD!~L`pjA|~&+VzFQDVbj+c^e-zw9|p
zLQ#;A4LKf{v-+X)eN!1ipEw<LMFkuyP!D12@Lgp16(jr($FJm;Iis9p_CUsxF1bGf
zTX;GAhNj4-c4T2K$?sWMY*<Pp0q+7o^*8_I#7k<hmVy@Rk|i+0A=3#$D1;i6167QB
zhZ&6k2nJXS+d@U@F)fmg_jBoN$6`_~Mmtz#TSVAQ-Vx|W{QFFtizqeJVCk<5mV?8r
zIq^yeY&9AYC(N;t5{q!dd<aP;wdI&pjPT1N?f}gtz{(8Q8+8%6iv${Cfeqd$S=QQ@
zNHp2i+gi*6Nsj}GviwGOdI^vD!7QHVTc4+cG=_jWNnWDs!)j_wui>Y%8h%3{&gy;y
z^vHzY(6Erue|T#2-VAp$kkB&8v=X-i>F%9gBLB`x1D`1DXJ-YnQ@xlL;>2Ul@m&}s
zhkjj9F=J&3@EbQBZ=3=U!8Qn76=R<iNL@Bgjf8@D+cS=xTOiSBy6+dc?~}_1Ic_8?
zkN23AhA6HJ`W0Dqm}nyMC<^o%iN?a&a`iN5K$g`+jpi66akrp@<BHQ?$46{s0Y`)h
z;vNK&i8TwR=ZUF)xD+#`)JTYg;CB;@hbEs|;7zdIgaeWZHi1t@G$iS;Z@wy~ny6lr
zRDsu_Iz+Jm7v)}}CWD=sdlQPDxKObAnEDm8M(R~+HCbGBU@OZ4Aj(x2!n!g5vMk#K
z(XzU9OV}iN<!+eHV6}UNco}e5pDv;q!xy^-d9BzbCigI;JAIS6j1zOPKq)KX0Dt;v
zIYgf(4>;~I@{fhZ>1H8soX@zPX+jq?VCvWwQrudV06;bHPYLgg?J6Z<^KubUceduH
z>NxjuKtzOCKyntaBvIm&B(BVA;OmDCRmYv>60Gd@R5Jz{XZxcrDkv@~EE=c-&czAr
z7MdskpkO`%Jy21N=pu&~DcbCH2nQ(+*4XE`i8%8Sn*>S-`!uhON%Wy$jXdY*K>5Yr
zK~w|N<~V#O8^{8~C%1y<I;b6$?cZw!|Mw`#N6P@-KI0#40I${l8#l3s(?-qq-}V_<
znTht_4#)Dp{4Ia~tM*?hJ}pdjrr+dUIA#VuW(NMBFaw*&|Hw!Yt-$6E|4$@*f%+h2
zh@3QC2w}-2Net2ppIbA4NJ%n)=&3&_zcE?yYRNGp9ej=%(!<R(01KpBK=UQEa#%7#
zm?CpHnnj5op2Oo)Sue(^ZVJ8kARN6&T;g>HB^|@SK#XC1r@ie9f!&%F&nF~xR3Z3m
zn<H&uB~7bH*>=ImNx+mC6s7U$GF=>?F<-Y}L)ns&{_Gq9bD`7|+h*E=8V0**FL2%O
z$xpBlds&HkUFI>Fvakr7p5f#OM+ua5dm|ypRjZGbkC2v=!b4a$s!7R^H>gm6;R3KH
zka~H@?MJf$(-^?D5sW`hy0^ge*?^@3Rw{k5^RX6ioWf<&beMKUfy}}I@Kd9NCRWwk
zC6y?Uo5U38q<T4SF!}o`geM%&gAD~+3LDu#N<(ZeD$qlnjLSF>r+Ayw5Oj5nqJ%~2
z2d+_bxDUkX54gd_NHdL1c&q6_F+>ieoW?YY@4+tWz`*4YN5=LH4GZx*bQ2!Veo;_&
zx)x=`hEhd{7sVWhAyzU1QD<Q{*^69Ko_PbpZ4%rT$fk_NOoCF}0i75eS`0EnXh74c
zvIOB==$Ho|*kAwy1;67b4B3paN$`s}Dejbv+!cM2eJ;E{0|JDW>Bh_xLmKqy3&?jX
z802*Vg&a8?b4xOaHg2p`Ur;G$XS0f^BW7b;9=~ir2lXh<K3`6}E%O@~9UOW@3Mc^m
zrD_3}oQJfX@6@q7OyC_f3YY>QR8N(F?4TGa-Qga6856?~8F!|@LxrdKMzkVR-X6Uu
zA1#l^#Lq^Iq9yr|{t7Vna1`I5kH!n!16ShI#8#LuJ6$O8#l=p8%>*XSlzEF58c!J`
zm`ogjegzy<9cme7&S;hDlKX@z;Uh&UFvdieIdlP*WJ;oZCHTaMuX^Vt>b#T37#qC;
znkI~$Dw(lo1uk6!DzMz3r2Dz5Q7i|RHXJ3L*T!bYNJ8{mkA|3Z#AAthA5xu`y3Dq6
zs1q4&5X1Wbe$7-r-sTmR(9od?a*f9laZSKRLd12*lwt;|2Tsd~8Vz1X(i*HWfQBXk
z<sj0^@b>WLNY=At0lyZsZXgFq5L3?f2nCdb8H)YJVG4|0)JqML1<i=tA@@|cR}1-L
z+~FBLkx_(kM=(4^#Qw?D4Fqp6VI2Yaa*C9RQYlTGTsR0s8&<c*IV}b85d2XgE;&SH
zN%~`G8WO(*`Hs_}lgGvs^1_9ubg;G6c(;WIwM34(WCeu1U^K7CL%L+}|CdeKNYM7m
zmdM;!N#K|3iS8_y0Hx+@bsv)~kn*D;m7<X0gRxcVHZ!p>j2VW^UlCtTFB%i9=P~Iy
zutdK_iI{whDVmE-L{tYiG^QG7-aI_(HAbjh0oLl|M<@X%Y7})UL@0g{8Q^eh#=Z%_
z8AIVCAhv?loMV0<zt!S`czEsxjo1`m{_D~S=3($2F`}fdIJCz+4Bl`qV~&Q!UjkO?
z&><wj2ONQ_ELf7DnA2SsKT?fEc6bj5(<Pztz-djrXbLe$FK`0+gC>c&DM1mvK}R2+
z-EK_+=0kDeWf1`5;LV~_zo#k+E7lW=V&^p0ASgXSyg`<sPNaVJ3R~O&>$cCld-0~3
zHU%A_3W#{66(XJ%00TS_QpZ66i9b@;qI{kN9;Ut>-LRk<_iQ28c&jWz-Yr}>WL?#n
znsNR!f(pj`tW|)%%r?XTit;rBkfZDZa~<)hQM!7e+>pS2HH@ORV+UekQ(PnPG7?<u
zbn@dxUwJ6xGYcuz=H-LybGC{xRjVMT0xJWy7z`eVHRZ$0mJ!e+;ATuIg8Ua!6S98@
z2b4H6G68`7z(50f#^1N}U;x&li`66&RkAhYAO+@zjUaCx^sfWIB%I1M03<N+NDi1=
zMWiKKc~ZL|Z5Ar87$ZT2BzGC6;-plc8hfZ>_qd1vLq&fHK6=iD5zDkj@qrzhBvHYK
zczMSPrC_coiSz`%I7$%fqK~E#=OeGwFcQKYH+qQ!_Yfb{N6$fBc_Cd9;vGwDo)cj%
z2TlnJ_ze;eC7!lTOq@osUi#cclmMdcm?qCcCPhK(awIS!p0Y9d)YK|i0@6>VTjhXv
zV(iAg0>2iB5|qt*jS+&Pfz}5*2E;qbI%lNe%ACP+%C%q*@~9$nI|yz|d`p)wbk-mf
zK!YAdC0f#zX-a93Fn+ixV<q*|*Yv$+A)ZOI1XUtrTl!|abU5;`vl{Uqc^A<Sd@_-*
z*>qx_VxHn59{iZtvJQHT5q)N20f;KeYQjm-HH8D09{iVdc9LmB6c%?#>X0N5g3zjE
zJ}mh;WFZL2nyf-jMs*xn?C>Zd>1$yHR0ZQT@!h=1|0eoL@=`@C3U)twg@3UU+#%4L
ziQEcE9~OXHR*+q$rHe>nrhAK^I%k3n2$xW}wgI2lC`Giaguy40NeL3#<{Tj3=+;^A
zb`6S?F2Tx`3PKM2!jU>a_=QorfsJX2989C~ZbB4wQFyew26iSzO`YcU4>YA1!nsUb
zTNac{@uG~2dfZ@Ofms#EZ<dAv?2uJ4rqd-~9Ey>wNZCR`&@(~`!SyOgiB6##CPq+w
zxTKC0&GAWU@Z<mp4#Jppo5T!?5mhN0BR_48Np^xa7bYuX(<qt{QT8B@Ms&9jsKa4z
z$AqyA^j^^OwecLLdh99az3AHv+c_q%sMWBOisbMHvQ3-SffW+KiGj#t0Ps{&vaDEG
zA~y{CAk2itCzPDmSR+U_Y)P;kj4(u~G4WC!$~<D}0CowSOwe67GXsg3?w2@WkV_qG
z1tx-~(u#z_Fe)@G0%f969^hz^J~a>v*zU=ceIZGfA#<4N5H=`=$D~(@RNgXQ5KiU#
z1kvHn<_7CBV1z0$BVXGnw-cE=f+sN5)0QBhB*9U$4c_C(%;1%pK@xdsj)Q|%MyAxT
z?(p|{S<xSrL(%aJP^17kd9p0pH2U4C7$<uNF-9VI=Mpq}#z+h2oGqDsc+j2-n~<8p
z+=D1uQDNGM)MGjvj1l55tbg!wHMriOrpA0nSxsdX<__*@R#V{?$uSsEgF*2_remn6
z{K6|33a06rs!tR%DXWD+E;`A{l+|jqRlLB`gjT7;7;sh90y0hdmpKP9u1<N(&9sLo
z_bQEGDtKM}lu-Rd$S#4{RRtNb;>*DT^1M{lRP0eCLuVEWvaYd`78wl%R4=)+>k|Y9
zEH|3aAkiOQj7fOcrDJ)*<m$zBj7q`d5ilbpOkr001{@3~fG!T-;0Cc*DB(<>gDe)J
zevxTHH*9kS7!+~S{fHxI(QC<5k#NV&7I!EnlB)q27-d3`M7lLhsHS4l2-Bf%Sj5~S
zbr`EgpKO}SfSUuzfeXL8N|U&0h<?@J4k_f5Dg7j6u@6G07*kRs-dKQK^ck%nco%es
zNstwc9w{4R81p%JEw_SsK_W$q_JH~USB1GOpi44r7m*|b+sUNuvag10sY5M7<+_Ce
z2#{!u9102B%wrtX_{@Xw2QpzU@^#}1Q$inL2Sr1=I2;WbT_6?H$nas70A$juX^gni
z(U8P<qd}9<Ig@b{sQ|^8K8DecYzLtz*=iJ@Bp{nOy#Q&T$<<`~MT{ZXhTsaVm{O6j
zA3UlLwu-+>(pY_L`~%_@0e$Q>3inoRC;lBc+RX34cjM-OtL8$%(c!7Y#PF*>Kbn%b
zk|~5Im@ht00)Zac92$=`bPR~Ng=VTF;5nidF^%UYlr=xt>48%Ks+Xi2hppQQMM*2#
zq-?#%2CWxK7^<Qa0d7D^D+iqx6bUEHl4Q9Y;rE}YhgC!NTAWs*CDBTR!2&cae%0cZ
zSkD;y0FDkEFbG)#YFOPGDBG-89Ma0tmN0S?@<rC~Tx;BBNp#LQLctA$CzzzW1XE5N
zBm+L@;tDg~rgLy~EfKHBlSB}aPM465rX25s*kMzq=R=2fg)LV1k!YWBj)kYA+qW-f
z<Y7+6Ea4_x7?Wg7l47t<L184Aai)RSZ<hNvyldhUl9aeCnzEKeQ<nMF9-6R-S#nFK
zz@1_;t3D^dLQP2Icq=XpkdhT=mJHM~R}&3AQPx?Y;LX^53SPmM$dDOODLxPVBVbOc
zK0}oe)iAoDT%^MM2lr>l=ebm(n?Gc;9SZFZFypdriLqFo^jSPO!$FeiKRA<B(q%hn
z^MU!L8qE~du<(O2SP2V)T$>4j2^n}vE2Q=stqA;-CPM<(!#RXkatI$>d)|bT6i0DT
zP|zi)Amt&%;YtMUty%BpRyW+$T!G>C2s(Yt$bI0gz;?4_)~LCbYu8m$rZQ)?KU|HT
zUke&ntgKZvEGS-At`pRCxT=JkOb5J~YPAkPpf!*?*Po~k(2C+KVb2_?q8~6&eOaMa
zi5F(2vgs&s*cppJhbuN_q484%mX+gcWT2X|u>b(Jq=sCT5jCnfOjYZ8XKHFqTHOHP
zA4gNGgB#>r?k6n#{Y<e(d4{kJmZ@>*M#Dq9%-(Y*mt>K5PQq)~0QX7^qP0f&9$Fmv
z(Dx;3+-gb6IJhtOIW6vs<~VNL$~+4nuoUrInfR#}|HX2zjRBVUGq^1h?zV#NK@dY{
zL~Wz~ApG_OfET(Cz|nv#mS<q%^TB0&(T>$K)o@JZ=(tvHb1dHFUli|h4DjjS^jAy#
z4~2yvVFKt{@;`S>lK(lg)3N-|f6L!LIsS*I^g5&j(59dtp8vxsQw9+BuNoZVlm^8D
zVFUh2<ch{vm-y%(>HwW?$0B}?Mg05^MEp?JgCn9uYc6Q4P~_avvq7WIhaNrfb6hIi
zcoZSkr?@p80?3yPMEDTW|46Ja8JSr+f8cqBcmM&EA>p&s$kjlatbsy=-7>s7T{6Ff
zBvc_IM-ad8^C=4WKqDTq#gkaF#_H%!peQS&=PF`0)tpN>*$f_9GGW%!tW0a>jB1l#
zSYy!n3?2<)K}E|>HQICe+6X196)EHD;bW0m8jH`T$(way6O2Mg>fsN&dUEkOCfB5A
zUA34eH<L-X>>sCWdX`1cWNDaFcDY>Up9a!TdP>e3bEFjOIccZ{Ze(<m`?cRsCQwxm
zz0mYaKQ#J7ekm}TsN~{^e%NBM67j>$ssDhWdL@iePbdXHCyt3@EJZ}>7OC2%M53S4
ziX<tQ@P4?0K*{*rR}Xa_RM4pt6FG4z<fdZXx0I0G4NxhlU*z$icO;ME4^`?wVLmWQ
zlF<Uq)u!wP<V1@Z1>G7g1lpt3s8fou?Hg4N7xcQ8{YF36fPJl-ax@hTtSa2+0yE(w
zRDF8F7Bi7MApZkgoD$Z*!;S_NUmDtAF#B|>GrkCbi*@Q?`oX8v@<U>!QXB{IR(btL
zYOASjQ$rKUHZ?rQO${`_Hmo-~-bt57hq_5Cn83rc#GCgkwg7aEI}^<ImDW<8DhWu5
za)i*<#msqxBm<y@l;Z(K-0?<402=sf-^l$#m3j(CvXIBMPkt@fO`ns{@Yy6--cf^U
zRE5i5-UWf^hV!JC1e*^&k@R$-NgJf_n5cV9Vw#6qSwq4kAC%V=b^|xp!JTgc7@cUE
zHXiSMnHzD}B-#(rVQr~QTgc@hdW<eH`rV^--yywuI(2Z$cDuzhg|-4@5<Ie_H2yG!
z8tu8D?^q5}I6sc8nd<i(rbA>6==%*Hu<gX2;a=0YE{56Q4rZ5O_wgRe?dMMDMsNZp
zx;3Tbq-z69y1D94p(Gjm5-88jvliioR^T%_c}GK#rx^o&A~A76;-QSd5DEqHeB2GH
znriv$JZU3;pBl3!0R(qS%cX_cDvG%)|H`$51`-w%9v<mxhJyS`kvJZkuVc$<EGwuX
zN0k>qjrQCUQg8kqp&Ap!Sw(7mltiFD1PaPWc}Fwl&e8Zi7G|e23(8z*i}2&uB)lR`
z@r!10rA<z;ZZ0iXLu)W+v}}LjoM8hAbB0fG&N#&!!E_l@<@SUkpk|vd*Y%hfY*L~m
z%+w^#hUHpDJ!1K-=E;Bt66ONa4#L<g*tj67`>>|OG!5k8O#~AnwM(g8!0Lmo8&VL>
z2K7nLq+MYxlr)!i!W;`Pp>pAp3o(J*uZt(HJw)v)akRP~$qg0;;hVaQcY5drz#~9m
zgy`=H?zm2hkxnEh2yc!jDM=?OIexgw^}NFP%yD`UKl@$v!qqb+!9zz`OhTq=91(-m
zGYK%dgRCgijC87o#?_E36y}j+=A_Mki9G2Ig{wGmm=97AiNMR6C>swuJ)b6Y&SB@i
zMt-!9rlNk8B=;tjg+_R}cqJ<sJ93Gy#ytuRB<xXm=r|ND%Ag{)evC6Gw{%!}F-PC1
zI+EelI5g2f!tlfoBnKVY>BSvoZ~|x-GHP)Ly;U_GLuAPR3s;p?_V{t*Qyla#{CIG>
za#Eff)fX9MKnyQ-)40efh(89yj^B+6vtsyaLMUx02+6F1=tL}nTgm&9(rG7XneiOF
z6dKccv+y#k2>E^790eT!RxTyw+ZG|v%g2a77nMOVkV95<afXBoqX6IG?vGL78Yg;o
zFo8pa{A4va9dQO^w+S7GvW1l^Q6q3!ADQ^c5lhuWO2Efy;w1emK*0;QCrDpx%3d6E
zR+D&`$S?|ZLPf$<hf_{u;Q){jtlGuXkcqFLz9;J6e}T-6Je^71birVeyBYl-SyMG^
zUOGxx6UOGHM<98#i7_-cvym4}V5X;8!o2Nrxtx;eheI-C8~Yw5bgV@d_-nqHmrE7K
zMmE8$Am``Bd=dtV^EC62_mJkab{VZCVW1XkcH+PcYc__k@FQ5Nw!vEWvoUgu<ouVa
zUYrE1%9lX|y80y)c&-;6`jRFn>IbiXNn8Oly!+MY(VJc+5RM*^SWx@)ViQTG7oQ)5
z=#x|!2=bou>i#~>laI-&dm3Xpn%bv{4g90^PeUe8G9yPz2d#l8MhT~|?Ek7lY8pBP
zVsnAdVhog$>ZKNvGUA!R2f!)u0PPwS)+7{oOlAECsjPpgUPt{-)a>-FZPo4QbUSkG
zj%Y54erFt?amp>~Fh|8LtlCMyCX!77{y-CeACD5hub#yr%i(Pi6QY{|CivlpWA5Pp
zMtATInaAA0|H*%~`G1>TG!M6pTKvB|ouAbqKL0~Thfc@*zyFTE>jn+%-AFne_FALD
zK0S-szf<79l)CKy{fGZN$7V|_DeRe7I)44vld7Vn1#5p@_~<8NX0Gb>cHgFN_gMG(
zs`}UNk*1!|@{S90WA(@8-Pz>wZJ*D`UN!&nRh`?fnsLIe6IW*Js?#%U>()lPaMn3*
zKG~-66>WO->G5{ol)|r^pY0zxc>jS%e%$uq+;5^i`rNVk{fYa&h>m=9$f8}F9-SEa
zY+>UaXI?(-K)sEd&-(Sxvo3Gbz1tf%)&Hve*IR7+Pwdw8zI(UyuKQ#AKl)6${P+d0
zcKIMby!jP*+P=jlIamB?tNX}{y;8=mI_`nzT0B=dePT=RuA-DyUr$~7@i`x!YYT7s
z@U&^!o2E40dgf)9o$>N<m9OvmcKDN*O&!0+^Yw}|?w{4V{<P7z|CX29z}DlkdHWXj
zv84|!d3DdH&&+@N>6yj5!WTrdKYQckZvL!0TY6h=du+&}FTeO=sB`w`pMPGb-tj}7
zr%qjVUm&kvz0KD>T9DJ~toPUZ`wqC_xp~X4Xe^!Bp=ZxucSq~nT5g*$cGTM+{ORn|
zW%F};dd%K__0?BTpFaJB7OpwnCSQKwkKYz7Sg>of@8V8(_ODZ?PD}5DANEPP@Qi0S
ze7$`6@^Onl3%)RH;o5uu_@eFgEz&PKyL9Xojf*=EzP&@^^D|a--Z699uuIPDQh91%
z^T<2y9aS=HgZ-UmwiAyZ5sh}g<dSzM{c^*c^V2U})OJ?ZG@Cc{^)DNwLG$mQeq8e=
z9{Y|RJ0}0}-CN6+Eo*{*+g99g{frquD$hUK?70nJ-|iYQvrTHdc6}SS^e!oX|DJvO
z_7&cGF6+=~H}o2H!OZECY~521{PzAIw~t&uYQ&_5wmN-m^=);+wv%47`D`7c74ME&
z^xjK5?rGNdv>tDt&}iSSwo7K)--#3y6bv6er%mD3wvT<he$AR@&6^jbjJ;)PyH7i;
z-h2A~XE*lR|AP0~l<n;A%P-e{{Bf&kGjF}MeO6Zgb8qcC-u7C{$3820b<oO`WsMpI
zPVV}ockiaXO;&p!Z}9ny5!ZCvaan^EXWCYNzrEzo1Hb&1eb$zZ+p@p<v-t;W*8KQc
z<z`l6>hz~4{Iu)7`{Wi~vsS$MMeLI+v*(tqZ*tw<mfqVt4I4J>gcDBa*RNj-*YHRB
zrlhIMTdz9rOmFFkz|#FcpM1gz>3wH*n^*U{d)793tEKnE>7Kdm%hx<H;!h=O=bW>`
zAK$p|M%y<P%UkaF;)^{SUuy4k`nSG$9h=W*hC18XOBdLdKD2Fdf9>nbnr%)W{-Vt`
zcI?=1>MmF~;GWLf8y`NX%=}`JWBOMQ{_;W{dG3vGfB*5l`~9y!ANVD6#o%)WPdvM7
z=e*nZ9skq%^j)ttD=6&KXXujg-+jJpYNO+)uI%6ajiD3zO>U9i{LEg_UUM&dp#3!`
zowfdHrC)x2el+^*z4zYxYhnLC%kTO08Er?yxvuUPHnXj1{&SbN-)MPjn{7KkYSE)d
z-PNm)zi?&dxU*Ib7*)sh!xQu76)gH>_fHdId5;WhyUh1&^yN=Kf8w**vu63q$}So_
zc;5W^o3;0IuKelj&c&UpzMp7&==VpOKIpyw{uNhVIjUFhVQ*%CaN{=*Z@9A5>78-Y
ze{%NidTh}>xsy)sFz1pFdOg<r=Q}T4raU)x)hSJzUbOI%pMJRa&yAg%+iYu}*ngwe
zU`5OO7B}lYN9*y>)mK0K)9#z<O&K(A_}&+*T9=luo!9U7=R=!EjvSd=`OU@!CG(}1
zDt8YJWq)>k%E$AbUz_b;w_(75=l@f5(X_@pZfw%pE=d<npR0{pWV?9wpFb^{oI3sc
zJ<q(q>aLFcws%{4P40`!E`DfSuRbaFS6=t&U3U-rbWOCmcl9>5lWZ@yFW>e4oR{hc
zufOm1%GWPBr}x~xua`DH{q#pa+5OxnljdLX!KP<dq<>t0ZEC0E?)~}+_1%JPTj$j2
zo|l(qd!yw`+R2-*Xxwwbws-IBw_rgN*V1nW)U7z@(RWrkva)7op4(>OMX&xiuj8t`
zb+(LN(?;8FZ2a?qXYZReXiM{}rZ0WuzUf8BXT29_kv?+i*j_g@t~>g++lDNA@8(To
z>VM$5w{h{%p%tC(-nMPq;Iy~jx^B_(#SaX+B09L3F&bt2$B#bxSo7xZ{q$3SZHYkO
z={NG~bYIl=+*^aM*-D1qvH8BdD?a?NPG;t*w-#R0_|%h2R<`sGY`X8|`hiaKUKr$i
zq2!nAmoBM$!H#J+KiK=G;HD*=Ter?{Y@4&B`I1X7XxFRRRSo;4_h{Lwbkt@xPgTEu
zyWIQMqpRkQdE|-bi+9-ub=}=2rMtc7*{7X$^Q>lBV?964N}alTwdeIW_Gf<c<ayyu
z?hp6OJn{0&U*7ckO`mQoELrNTm$9P3NoTHmN!zjim(AU(zV{7Y@a=(Fr~cHkwR`!(
zM=B2d@x$4<zd!!#+qd+6>|?2Wooj!UA9`cx-US!8>Xxdo32ArU?pOCe-+0Qezc=WA
zSF@#~^HyGYT>iGLSH3AdIIGG&^@GiI<lNjokKggl?)yHOl6lgUZQG{47Lb0v@$^U6
zpMKL>U7oM{;Y;P6**E+r=MtsMhzCZt{4}#y%hne^Jn`pQkB_?d&yR<k(`ncVw&Oo=
z_n(&e&hlTkpH=^(7T@2RDarLRrY;Npyl2{5|2cy(>zN~qmbCn)`BjBYSFLP!XO~|_
zwLBx(Go@a*ut)i-Ke9SkO=&!BX`yZ5IlEWhcHWRDh8Onlzh~yo$M!Xy=V^WQh7H?q
zIOBv(<6FP*;)_jfwiBl{o^sOJAKg%|Rf_GxzIFE4*gP(s5L^Go$v6G{!$*%zvb}d{
z<6hT3eC~#Cw~QHc>EkIsjc$9QZAzx+-CVVJ&n>Ob+Zed^{AW)N@49OE+_zh`YSpk|
z!&gR+s<>vl{UQ5h-!8kZN$X9Mwq6%lzPw}0yHhe7`hGg~=Q>l02c{m^ecBxvo#u8K
zvN*DR{u|f4y7=-*|Jl(!<)UUQ?pW(dng05fSI)Tp)J6@S{H3Dpi35M0*Y(%WTYlK!
z_IoG3Qn%}An~zKX-sc*3@2}UKJmm39o@<-Fw`-54D~^vfh~9et8?U@~$5idDuRhG*
zG-1r9A9sFt>7q3`4OTqz&=)J$J+=4QX9vySw)~g0HgC0Te{S10)8<_8-8)lklNK$s
zEsR`z$t8E)efMKc^D|x?_|mHvt!sMah7GrkI`IAVKmPd3_usEf`7XatQR>&H?5St-
z%qZ#GWM;~D>5fP4$n@?%rD#tu5W9BX=V#V+Nd5YsSoPiVi*14I5ifkOeC{I`9r$s6
zRh>F#%~*9@T28Ae*`H>vSh#TE-JJs2mEX+SThwsNxG(x_|Mk1wn<iCuYn46YhJkB-
zc`BBYdHk&68I7iWwR!TNpRapr_tVdu*QQ~~%Hz7&>u0XGcT%TG-)(L9wEyFsZQ4c_
zw{-RBGyjcQmwfX0ozIQ`F5LID6?11i(YF2v`+n;bSpUV29WVI)+w`Zl>Fdg8l&p+p
zf4{0r@A(5K?cMWfc8@<&n;-w-<sIH_wW8&`IgS5Zy?USe(Wc4!f7;uo;R$7qwRLt}
z_R+%ym76;Entk^<h5om5ZpoWAuknnRoWt&&aOsz07JYWVXY*Oza)#Hbd;gtx-Z^g`
zV~?)e+7v$d;J|aHuU&9M=7g=+y+8S<$0pYsJ>#cY)8BJ<8+~@GA@!QfYv#>avAX^H
zdxk&1r@cF`>B!isy!oyF{QcE_m+#-*rP=a<3mUb$xlNC2pA1JYOUawrv+>qh&wEZ>
z^y({LeO9@**}A>&J(4nb=AI2Nq-SJ=U!T_S(Ocd+Wpj&rZdiNKZ{^)K?Aw0(aWk9U
z=Xm_?x?dlEMLqecuOBF#mVWIO-Wi!IJQFvLy}OOO;Hg#j<V4=O@%OY-r+&3$U1p!A
zxtG1T^|u|roYi%xG`jMeM#~*7ZO4tCcE{dVCaydC&kM%<`fWymd((qcC-kuuwMrTJ
z<mQe3#k-#v@ad=J=lu88&{LbQn6RSdj&Zh=?)&A3_IJM5bl%2GpL^%&M&0Xt;C}p?
zlN#J|U*0<p6*e4o*>~4}FzD8nSB~!M$=<Pj@ZOCV&$(55YRQrd8@=1NPs*LSIk~O9
zLnDz#PJey-XWy)8RQJV+X-jth-fqXTmKQI)vFeB1mH$n>rA@bj`zLk&ZtjS{M>}Uc
zQ+7_;@H-gCD~&$8+`sn1m3Q6c-?3`MZ$EE%dh(x(pM2<{(_1xcmE&z@Yjd5W@9sCR
zoBGVtvyVUSwB_Ax-5-0@KFxRM^Dms2a>b{QYa{Dld}^oWH|_ehQIqb04=4Jso$!qF
znJ#-b{`%7=SIzul^Nw|I*`ysS-=Ca&VEgUm4?T2Zc<(dQ-}-vP^&`h`*}Z!8={??^
z6|uQ0G6I);ziH{oXPkJ}mYmN!oZoQfBeMpjH@!0R)Z7_Q1fF<BVtUN71N(m;GiFSe
zl&?O1IrZ6Vd!N1k@lj9Sl=<bxCM_%0z4XJDg~M93ZF^1e$~VUi`ThP`?_`}*pOOFD
zCG#)J{r>G{eK(}ku|4D{o%zQ}|M|ncbM;xfb`2S^F?+-{SM~krB=?MHcJZjmJ2!-W
zIbqZbr^e3jX?yPeXUgCIX8m)IEnWIqzmEp4eZS$dMXyX4y=_J7{aL@9cI$%=I2)Xt
z`%2h7-C43_b(5hVU7nJceO8l+uBlh}*FE|9Z9~2+x%7>eoz>4@jqQG_#i)(FQywn8
zZL)3E{)catc1;h3LYto(Go-Mv@b-1r1eYIoU8R5hv#FgsSFL|my=TVURa4GBxA21Y
zKkV_|^!01&zIyhGALp()ZuEfzFE5>V`wgd^((0YknNQA7dwJiY4;Tx7Z%*eI=N0_-
zznyzun{k6}#nts1ta|w2UN^PO9OU1&^p2OVoH}*U@Ry1Q4Z3;u>@T-|8EtUyMN?k>
zX5gF)E-Wc&U%u+hy}z6gTlnz9+plYzTd(_^%1@?69-NX{H@xJxFXwK1t9R!!OQ+44
z*n655x+!JZjHf;sdH3D-+|yHC{N%E+C)rk)6zvZc6g<<$o&Iyv@1}1Ey}I=I=R2jR
z7cJk!NZ~4N$EpE$WVk<n?F!Gn#hdS2-@DG|JLgvp8Qih)13Q+apa1gf2b8-zj``~Q
z?b}k7?6bZpZu;^E-BUKOCQgtW)@!(9M&l79Mr>Pj`EwhTJHC0XB@=7U=yv&%&wGqm
zvZi<1+y7m=-~q?_%dXkIcW1_yzD+khy?xE({hyTe=s)Y{=kBc2>dlvO+G{)i`0c+B
zw11`Ti3=*`&Fa^5)!XZy*2?R&I`{r&O|DE0{Qm75zn^{i_{X17zPWnZN$;-vdR&id
zPv7(P&e$tY%ip!|?&<jGHQK6k8lK<r(~;v_ozOkfuI{7;E$i*Lan`JBH-w68wjNJ3
z?0<G%muIi}&*_b(tVvzjvcU)Y5BxG})GHgmysF7{w>|X9?t;-d<C`xZ(YX6#lU`o(
z+N6C`Kicx`C$E;>e%r@Cb^hVP59hx-r}NPHtsfoyQiHEkCQaV8X5D@A3Et9ci&u4S
zwQuFheck^2?dDtm^TgY+-UH`f@Z)W^_2ZtayY!h0$F9no8Lq1OsLS3j>bCs-p5GqH
z2oC@8hOSRs(!Ie+KNj_sjvF**Tl34?eAMm0*e^D|bo{c7*^`F<{z8jRo*7Rq9QMNO
z*|Y8CbDp_o!v(g-NBllQd*-&rJA1vJGU3EI^=#MO&}hxp2g>EEPdUX~XY~4p15(sL
zVA8f5&iu-`?xO2EOdC{H_1oHo!{+wdJn*$M>XhzZ@aUtve*JFS%r;d^PifO|$lwwC
zzkTBr+tmlMzSCCKx%op!ooN2I6DlOzYrfSZy50JwJ;T4gbkN96ZBD(S#i{9qtH0a!
z)_Lchw`^+eu8*W&5B$E@>+yKJ-lZwg%oe%(zUt}qp3-Xddjq?CTi-tAtu2E}PuwK0
z^H1N<f9te97w!J|<lMLGy?=f8l&N>XU&|)9Y)*~l*`Au{Y}fAe?5JaW<JMd6YU93U
zYH)q2?Y`Y7?|2~FZ@bSfopRZe^~ayprS23aaN1l;Mt<ww|K)p|UwGl2nbUH-SJ&$v
zi9{~Eut~-1^%hO+cl-V)FIhPKft0%Ar`&kK)uC5X)7m{+&}Z|gk4BAdVEg`uF~Nr#
zcI<rL{r4|?=nKg<_OvEDrabk{AHVgx_~LUuxcJHIPQCi%vt92*N=i!RzdCN=)yLPb
z|M<wI*_}F_+V!32hf9mP<uvMEFnh;<6;Ho#QoTOE|8jfgiY4z3*u4IVjT^6T)abpI
z{k{oYyKW&Xwr#<2&4*-WW-^Waq!Ulv^JAw_{Xt{Do;m%SlV(m^c+td**8X;2dpD+2
z_U==;tMsQU>a}?7vDsT2uDLJMwr<I96X#2Bem1K9eShxTy?VupaYg$cvGut2zrOFk
zIOE$sw%FE;MH?>ec;l{hPd&PF<#{PP_bvW;TFW-gFMZ&v{*`kF&dMr${kY?vV_N8G
zwtDmC_D@|^$GhN(CsNOUq3M0Cr!MRF&OICJjd;iQMg4ET`lGIG-3yDFb>G?H$9bVT
znJb!PO*-(~&cKF&{hD6X?4~WJ2kX5w`!1X9{hZs+d8bo)lk2Wr{rk^zf4MTdMg5oa
zThy=c`<*V=+O@}h^-#kZHo5JN2NplMt8HWDjE8PJuUoguC)nx!bpOGVXTMcGXWi|}
zxrM*pG`Z`y>?ldetornW@Txj*S8g6rddufq{xf<8BfyhyxZ#G+<SE@JxZPWx4{TVn
z@2ooBHS5-0{^h&p*!J$~*1%Ty`qru6H7eLR@i_P3*{)H~Z;E}gV*2#5ym}uO?tXZ6
z^pD3JGm4-1<knaJ+`n$`<X2mGOXk13V_$=LufP7z?XKsf*3Z9nQmbcUyVt({dXKPo
z=Q`~po2^l!Mq9RQ89DpO7e`()VcsjREFaTOyXN-37hdw_HJR76U;ER;A56)-`l&5@
zKJ8cX@REDyj%amRR^8>RI&^#D<qwrRrM691eD%_fS4O@RX|Q6#Q+t*!nW}Y9Iltp`
zvuAa%jn__=r`cP#P9O1d{ZHO%e&y{ao|d`$?z`@~^2#e;)7srs@#rI8WliaS?H3of
z?q%!H=FLCvzvkhL74Ma$c3Hgj+byf_PJOmZ#h}3-clEB=H~*fyzW?Kg7Ycg*x_Eq6
z<6T4FOu3&?^sr~nJ+IrVvl^c=@AK<hob2tnV0dY?YUQk<d+RYVd}s8$500yI>7|$U
zy5aQgx7p6Lt-ANsy00zy;=9o^T6&u_IS_iKbJ6St1A8C%W5=F1u9+;qDbHAO{!PcH
z?7UzHI|=@L<K!P&xXxrJB$Jz)Y}s<)_<HUcFFbp}%9VGW^q(b9D(~!kuy?;YQyO>c
zJL!fqPRY-md_WpMvd-3*KlPt_QdWx&<MO7cOnNLR$Q!cd%kA3-ymG-O7woWS^qk*%
z=^a&D&MKJGepQoJmtXYQq-`rU-f+fEUq!!sGNaqAg`OFVU!QTtu%0)!TG7kaxbV!}
zpfc_2MN5`6?D}G1>5@ig=MMk2>Agd5UcYiyYRQ^8C!Aba*S2Qu^S@p&DrMQsH5aaZ
zqA11ofOl50t^c)mYBwvFjQH%UIondE^qKi;<KsVT^q<Bbc7N`<w9h~NG3|k}ZCkf)
z-L`GS2fJ^v-PLu$z(;q#_<1wi>1PCjr#?2U(V9nk)SuG$<xb&SQs*sQxH#?nPU~&2
zz0qu`YwG%WXSRs$JbB6!m!00@&wx7i$1zhTpMUfAGw-@&@8_3<U&;<{zWWsCBhP)@
z>Vb8W7XO+3?TRa(y=-&8-805s{7t>Ri{Boy^Nu`w|NGlNx_IM?uAB26+vk+ra`K+x
zr`^$b_27c6A^!hnd1p*~dUjRshhLb~y<fj~W~U9?wR`un$2u2uZ1CB;fhSW|-S0U$
zPrdt;-<LeIq1leW*LO|0dRL<>A1p3Vw`>e{*wwoARF9{J-ClRVxj8$Ye&E^gz{R(n
zvh%aXZ7zQ~vVA41jj1>z8gEZ48996Vt!;}Qo;UBRtFEg0?ke|;X<I(&eQUpyZS3rw
zdB+9eovSmazkd1|8#Z75`y-2Qfv0osI$hg5sde+K1`ioEY46f)cTK!t%G(=)*Uvcf
z+s~(ZFW>jkn-4wo!E4>?t?2WGG;7xIPZ$64M}xD!_;~HeW$V7U+k4w%V{f`AWlG~q
z1A&~eTc@S8TVwy|j5=)!v+jOx)7W<FSMUDsfS>A&p5Yigb7qf`<K3s*X5D`N{{4I3
z+PLu9t<SGn^X-m%Uu|TQq)RtX+<V9IQ&U=ve)s1$PuV$n|L)<FCx2pVd;Rjp&6{UT
zn(#+xa+la|-@pHSD4j`ObB}*LyzrA#M$O88=2Pb%yIy&C!Suyvo%H|MyApV)y1zf7
zVv_dIIz|h{*eW|^ji-oIXfwuOGz+t&J(V_Fd!C9&n?lMGCGAv{l(dLQ3zAaVO6oo5
z-aBJv80o40@BjV0PoK=abLV%@J?D3R+d1c+?{D+G9$apAzbNeqxz-`URiuTfb-r4Z
zFoTS?nD2Uwvh!KtHg>LdPfK2Y{CJF0HO$X1(PF#NhzFiJ^ruSzK|sF0%NZGCwO{|W
zW=e*uyx+j6@u!~vzf^SYVQu}{9t|t9r(4zerKwGNAXAu)OB)q*J}=rXB>Gx<u_n3B
zI`?H}=DOqyx}h8g+4C!kzg32ozkBSo>@$1#(NYh>hTgr++Zr54t)ySLHmz~R$G52&
zBaK`p9BleZ!g;8u*i@gaw_mx^*kXF}qreR~r586wt(@`TV?)$hJg)yp#s|U>){y=-
z2aMlMZ)ny}OTXov`tDn+d0A?eOzxVnt?}HWr%%86aKoI**fTHLK|1Kei^Dy7d`+4=
z+~Qe=fr(K`T-?=>GH-V7+&OCP*MR22gQTxgz$9A8FDu!&weekI&HZxUclg|}tunY&
zx4??2PY#;;j8VV2@5L6Jwn{JDi}5j0gZ1ZY^jf>tG)RBxc>1(Bh44U)eKU@2*&^FK
ze9Zf#(2qPno4;E>RodIztKn)ACP<q~<r+mbCM7B0ZWfSw_iqhSSiSgfYbpQv2P(6s
zSq$!BZ>NlVq$kG+iL&3|Frb>Dnmd`QZ?f*OT)&Y<LH#Ywdu>=M7sbJq9gjKK(opmQ
z7qmU1zckJ^{;*g7sxVH^*s*47;&+W%xNW0OFAx8L6~o?4JKQJU=DdTx=d-xJId~8n
ztXZ?>VC6vT*#QC5!2hF1BM0nc&I#?`qe5x8+_Yei&6bDK%5E*v4k8gQD?!=%;<#v4
z!1-iNVntN$b(wynM#vYOi=R1W&gad4S)@04D$2wsCoj%mmW2$Nc=g&f(+>vr`>qhe
zM-F##cMm;tD*5egQ>lV!PJ`Xf?z<yJxiKz$)JQXKb<mX!Kw&k2eU<L@cOw`w&&%BK
zcxf0IB-opsP)?LpaXNG^DTz^45Z%wDK4|*Miv25gzDcRRI=a7-(oMtUq@=$6`t|PT
zId#ToWxdJ_mifJMrKU}*g0-tsE?pwu+5aRza$9)B+02(FeU3aRPFGO!*gIzNGW8x6
zMaOR>Os^=2+tIt<sM`ev5n*9z?nya0IROCyLqn~{Wa#GR<>kf2#a;g};29{b)OXUR
zjT`qwMs6ErTB3K<05>DXOzF_K+j7-C=Ew$+Y^~jz-ntq2J(x<)o+g`~kw0h7!@Rr%
zDmC2a?v%IXiyhRB*)MhKucTS4OBddaGE_2hJyXF}!X2BjZ{X<BF?;spD7Ak5beA#Z
zK#u3ukP!PBGvwvvzqY*C7PIQ3T>xQ=eh*nsg<+H8Gc%P;WXCp!?RGkR^+tH;&HSuo
z*Ba}XgVS2IhFBdd+|;)@V%X$D@7ZBCHTBO!)_#5A>QImaDw0C)JxjY+ZuQL_AIv_E
z&K+^s#yVo;aP@Dz`#6KDp`l~d)Z)*dHzE=}U*6nNbvNeHvJaIT`zSWOFE1}F+`e<?
zKxJh)(weOW+b6o*-rdx+G<}r)@j&Oiv2tY`NBc#Klr3z64rD1@7;~UU{mtp-kqN;B
z`?_7@`|Z=$y7fHP=5RyCrPa*`%HLXS2{<*o)??uMkqTLA4JAXi5M@6u4D6euv~{PN
zgMFYs&AukekRy{jaNxjA^2)^PYzpP@6MC=7&BcA1dOFSks^j3$^e$>Zq@M1k?{~kC
z$Xu@cfpk1Q^Si=jsndV&BvGVdX*3;N?4w<8{A%;He59uDJTiOmxKiD#`nbzIZR_w>
z`!@xAs2uPvI$*En<;@Bs^YZg8W%~}B<oo8q3F77PlP0<B`4shuWa8<5<H+$~^OuQt
z4B1{SZ=Y<C8gWrZjTnqOJ?!|aS1(G53#AV`>F!%lI(npAnso181yP1aitYt(ZVhF<
zdNnU`t}?~WYRL)x=>w(w<%bVFshnlo$0TTVZdgmei?|0prjV9B1%qdAZ*LH-gE51H
zL&UY`2FpJld9%PNoe-1gUP3W9QEuy5zP90>oS*)MK|vhlSZgQu;#r!GqYH*q#d+gm
z)ig{>*Oq3=;tnh-cWRloQ&vSOwo(7mImTsNYW%pm9&?v$cGD*krzYQs;@CNlw%utp
zB4TfSec`-C=gJJ1K7V<Y`Fu*HF?hg-ilIT8OOts#-i?Tn^UrwZeEs}s(7=HpHt5xN
z*zN-dvKUXNWSXsstG%C7{iS5a!KvC;diL2AK5WS9H!gj1S2)JGCT{!iqPOYCn{`rB
zy^`J5dg$6^1;%KSPDyW{FkwG+U&xK`4ab*rUO#Y6x<gD0<>VPAE-+kqXFoUn^tPeu
zxR%!UOQbG8kG0$sY|`XflJ))_WyW2lfhDR{+BE0N-0<d*xCy}?7TUS^plHtFvmRqD
z{?@rscxXrH&~RKvy~4VqDJdz1g|i0q3V8eYOmMIaF0=XB%JSt^(LjB{xGMd@R7IIt
z6laA|CXY)?S2dRf2D%@?8Ro0J;Vvsad25^5`MxR}vebrdtj^ImIC;s<C_}kLXHBkt
zm}r-I@nU*rOWc^xZS|IA&#w*9^OisRbdTMxxKE#A+_R?WYbDz_xmsA%Ypv1oes;kM
z_c-%R#i^{FmX>$k?45P}<NK$97mplK(a~|)TT_y5-ge6|E`wn_d)}kCN4tW9xA*Mh
z{O*F@EsyOW!U(sy<!jYzLqo#iqnAF|Fqb48KKJDHh(0%zW}h@^Yw&vR(tq-qw0IoO
z-24(4L>Y}xC|FLVzDjgU#a;G1qZDqV_&p?f`PCKK-?H9cOm$E4^VoRYy1vko;yk;z
zQ_0qemeq-Xf!mKySbq>lk-7XZ@yXNsmD);U+>Qa4o3zl_+_-gzs_m$!7na`}88`-a
zdGYuCpYkTQuHO(IyVdpe2<>qU1|wnKTJ;n|<rn=-C#`sNYOHO9$-(ICuh;r1k{0~!
zsXhJk=gBoS!}Icn4X{|6mEt$YeNM4nKXa2_mu+MR=Jh+;w0n0vH9z;<jI~Jzb?J|_
z58ulK1CR?BF07O8ZDVUIeYvLSxcbq`EJu=E9f*g+^YikImVbQ7$S8Y#OJl;&b&DLo
z)o<Pxs>ovRE5OAk%>-^^{rg;EuB%7vnX_km;wIv+J@)_Fve7Notfk6a@z}9V2>}Ih
z=6CMYX<b@XaYz5s)@|ENxbau%52KBEc25WA=H9+t#Hm`7#w;_n+$3XM)nC!6C{ioq
zVq4R_M~lrLl$2Z`U)y@Ajd997Y^uS6=qr6M8?OG4vv1t4+J<?{dGqHVctT(Ea)<2{
zW~o|>ql1IP%$YNpOs0*^rYjzW>;W;Aay=DGvR5|W+BH6A<vYW=C+nH6@3vb6mZj_H
zeUex4_Bj&s=2Xp<<+3uk1gXAZPsZBqH!}^$4a>~TBt%CnxLCSBW^vZa=6;QheU%O<
zQwlN&xXFu0oY?3RX7eJ-(5|NDjE>IG;8~2M#_D@-5)*gk=1x>PfYYW#^z38vjN=$`
zYs{QEZr>Y|zsAM62agHvPpRX)KC-H@*tzZseS$^Lrb{iAp*{Nyt>zlJ?R5k!0oL!!
zmldf`q7EJ;6{r?FFk@s1?@lErm!Id=?i~A9@VHv_x$|U(D-J1kjB45TaBj}lEQMhW
zmuZLR?i&2vu-~*Z((%)xEFM=E*V7v{na@ot1Dwou7#g1blIalqiWqE=aYCgLw_<!k
zg^g<7orO9pxWVpyU52;V$kOQaRkcYOa}!+$3>Yv?oo6mP=+uq%j_UT6fBE`W?{YM&
z>Df9`)ANWL{qgD3^A_!s_TcEqZ&~P=VMZz=hXp7ED~-Js(_c?z+=rejaYnV1@5U93
zvMo41<B_>T@eMhh6XB|3wmu#d)MWmZ{IL4o0Ka>IQjLv`Jz96)uc)XveOh~mlKilo
z?4+cb3)M>O%CldpD_(8M-QqB)vdYWq`=QHnD!b2?tyyV5_u=H%s@pwMpDbG2))*8N
z1b8PuY?7=>!yWzd5r*tBW5*snbLO6Rs^N%;W5<r^P;xaEWEN%@%x}({yFPbW?bcqz
z5@*wO+>bALLx#*$s%_1h%DsC=%f8Uorq|2Yr?!Om9c)?jaaTzRl$nEu9PjGFLwyuU
zGC>*7R!lT8G11m8^wRzO`LnY8rUwrmIP9}+_IwiM7L}HsKAAwctk?Hcah>t9`m0ff
z!@b-Z@ohf$VqY{U1-s6DnDQibbEaaRbCoBs7w^il{`%{$8{0-Nc5*u7ab^9>mtG9U
zQ-^!S+4}?H_J9F-M){igGUvJWmlS*s1P|Fb^T5yy@--qZE8cBcer^)iXu*KIo9Eiv
zn%_s8uG|uTv6|%4)5_L1*%kPVkRgDr#l^+F6-M~dXago}*iMRec*q>>6WSjyCug{-
z#eeqfqWb68iieizSsGLYdsrW$+_3r5dZ788>C7$PR_u8_x0gcD7&)hsFE`Aeo%5Ts
zfBM^+NxhF{XSb!^HG6u7V(a8|?}**5W1v!l2F-SH*}Z2EHRCCTLa{cPd)&>YOf{%*
zInQXJtLx)a3$sA@AhY;W|NSA?4Q+ORY-n(`XeeLBvDx`e)wginYHQl+=Np%QZ!6bJ
zTS-#9CQW(U)?Ch_(`Pt3KB{fpx^-(0a~h2XVj^?%wb!={7`IE#q`IPPuT;eYf3t5b
zFMwO|iCI1L!m)alD)l)#gMo8<TXnECs=q2F^L_rU&t~?)+PP8pn<5t<{Jz<IMzhQM
zMFuA#MjG$kvnSpA&am{TLmK%jo8H<vI`&ggIJW!zh}?HQ%8YN$d|DVC_-y&Bkc_ue
z>)L{Y;tI>#NTy@1r+MZm6zHg&pYN>yN@-95)xO5~y~d(*?6~o76E<x>dGaI}U}P`S
z%Gb?xb(w4k#+7ku!2hu#-`9Q~Fm7llwZ7sCY2b<3f#JJ)x$dobv2EM;kNLL1wC_Iq
z*G~VFr9@A+F&_uzmPq%Ik6C+>`zmj1%8Z4llNELu-rXG<5^^#=-j~4`vg2+@Ts8MR
zu+pJN9+2+(znvnLmhH4nGhpl6`i3oI$ZlYiIBtabw+Gj^ZWwZOWB=-!&kM4{R)^`R
z#Hwjha<7jv|MqfW;MhLVH;Qm_DxN9ZMjAh)Pg&dYd~=+0LguHBuk!uYXEiGZ&hN9n
zHeWYHE0VO(d2o)G?sB7it0GpSng-wl{fTQ<w3kmz)dCf(_YKuernYZxDpGD=F<h9v
z;`R6#jZp@Li>pmaKKQk5nR1{G$eQi8QR(hU_wL<OwT%D)zS*++*hR^aW7PHao58Oj
z5Li5G*7ivG@`zm4m=n_{?`A$eeZ?=`tgWGF0^>p`HNYd(U>h|jr0lq3q^j3-SN5se
ziz?EAHumaKPo14TA0=hgen~Ag+9bQbf6w4q6v~S)jkW4WrF$!AOq@7qZ`Jng+qEuz
zO^J=2x|a(4Ht@_VfiSsGteL426jBJ>_{9&o!@*eNuSinQyY@Sp2F#h9@^nw&GsC7g
z39SeA4{HsPe{|@Xr`)P<pKB849+m4CSwC>Yt}7>t7Wb`Q^}VfGP9;B5t9Q`ZvuC%N
zf6Giu;})Ns0|u;1v$C_ZO$mgllh-d*e)V|JQ0_>n0iI#X;ko2%o9dpVR#oPN9=6@q
z^vzS#c%V($iP@A$&Eb7w&3Pvayi<D+!p6Su>9Jx{AnxVhllZE-HEUk)nOKxTcQauv
z+NriDL3j0;6lIE{)}q9uq{dI5ifS8W4*`Q`y0S^bJxxtbZHu#?wo-2R@OcXsta^QW
zpWUu;11!R9RM`jFRi=AwFNYr-pSX0AiOH(ZA77QPX-&HJTw6)Lf;Te0$UZ6<M6?>W
z-)pTs*Y@a=!^-#B7aD6nolK~e!cEnZS(xE)rtU58s;Rm|Zys){)%76T(IYcFbAqdV
z`%p@)9}V6xL0$dHInME7zai@xA1ZTBoH$WAZ!+UA*RN~86vdoceCgt;QzR3U1!~_G
z`Soegl}dXMv2EMpv-EvN@>lFGL>kUo5`ovSvTC{1a6fGFl4D-p2V1KT?`mz1Oiy<M
zHRw$^Vc`6!)b!ANe}z5w0#403iSys3?opEVa`Wg>tDDO#t@j?OFuZzIb=ctQg1dLW
zzue{Mef#en2M;>P-nxBzaE^BmY3Uc0l^4IfNqBy3^B{}C)>1*Su>^}PWz62;*;j1K
zXD5%WPCT_B=>q#w<@134tK3W%xyi?#FF7B`x^>WWtf8Ue#EA!R*VR3)TB@5pnp`u9
ztzBhHZ)k9Gnl}5G{C<6{fOn<W|Nc87*0)iX)~r;Mo11&->npA1QjVj$`~E58X5T*k
z<;xfS@>O~&D$lR<9{r$(D|-mY=f{_~c3o<#W37&9$)17RBmbzxT1`t!i%29I8J*9s
z%QRL|e<i!nI3Xc>;kW0TH(j{!=KZDQi5iK?i5FJXI42ap*-mxij2qSCvQhNQ_sOFT
z3bn@N>e5|Z{rp;5J~&<5)K_~S*S+WMqR)Qok9zs|j5hGE2)xu9Z4^1cLQ_*SJw1Kg
zE_Lvvl$4Jf`kBodOa&?u9v%(^Y!!&Ez!0!9U!{^%c)%wwONn;r`?prc)3ciM&uWYv
zYrPPEF%5@%<F-F8IP9KUxbh$nRTyx$tbSHXU&1`Aum6-j#oFa$Va@4#YCU@m(;R9!
zYx_N_UubIU^%EQ2YgZi~2}CamIR2S44;?xb61O`ta<n1)NM`0^?^GxI<1_Z9fDy3I
z!R6zCwEzPm6%`d=Ro`D;Cw;D;^1^8ObBgnV@Neobf;cJ}^lF6hyT46Wo_%y!-y~i2
z>Qt-eR}>y<wQN${9A9L;rcT3U=EqrzV~eBvoN5c#f94T3cHFqVk&*h7CRtfq!v)5h
z+f}Gk>eCF?_Z%>oSo-!cDO$755~taGLn#JC1D{^s`D?F+@?^i=dt;gsv;0`5bG+sp
z4ov&LG-Gw}EHH2b14#~tV_|Xi`qn|#llHXG%FgrFty>3favE%1_NpnUwOpe|W>M_X
zqd6YhAn5D+<-y6Z3zy`rmUCaSEno3@@y;<dbs6Om5fKG9Z}v~A>(yF*P4!Op2BWNv
zx+iC*4Bj-D*IaRH&7;UzKZBC&iGkxD+)B9}?W1VFlM5mh;1EHayJ5CLdBs~`-4c7I
z&vzf`u;6p`;ceQv%F4>pz2xhi49dq8?&nR@dsW=iecrrgAcD6Kni@}@-1w$Ap|z<l
zKR<tE#k$@^RaMjIBM%u?jZfarj^xm2HHwQ@IXO8&p17rYZ<Tpm`{jY^hr+Ug_@V`K
zcBDVG@$uN4vgFaJ($WRHZXHpxcXf5Ov9Y1k6C<S)v-+&g{yIlD%5>#YFtW9?vkM)n
z$$s)Seq8CI<H4afoxW>oY2CejdxYr<?ur%XvzVNk`$x~8KMw-K_;|G|hFPWV&q8Eo
z-8ekg(`B%=)8HMXiMf>2CoYt^w%<#)7pFF_-;_4t-P@%rLHNIB&6?G#SAz~18CW_%
zQStcd^wyO6vb@)-r5ef=3U8*&l%Fay`=rkush~UF^Rt#F<#_JXCR;c=?=)arBy9He
zi3+`Pttcz4dBan65|K4gN9V(#&7%eytJkTL23ics$<9)1wUrKd)Fg8anA*31+jnEk
zS?TUY_wVcK>aI9_F3^eCbCSOPyt#9S4jmdX+T2V<Wg2zGgsj>Wi#IdZUz{)H?jPva
zBWR2r(8%Ftt1{!%stTex1Eg&uMgU8xJjr*KhevFVr<{Vq(BXYF<CG~OakK2L!&Q0X
zGbuL|-1f?;0C578BvYq3v1a|hMaRai<@rmwEA(-&IrOTGXjk|63`Jq{HSg40DHqtU
z@~W$Sb#^>``t(uq;`00ViHWknGfkX#O6EBE9N;jBDS*W9*s;UnS<rzeCr1aa&ybOl
z@jafpG$D~XH|)&AhjSB(jXW;n7=#BOUfdX9QHd*xjg5W$*flBGf5*@^-6GQ~npQZ+
z*z<vDB`PgJwvnccNGa*I9^a*8`p4G!9A}Q!bT3=tRi08m+A`?-yywT1UaXNRfBwD4
zbLSg(zu9XI!{KlyTx(Y@%rZq~a&ZJZ226PALuJC$bLd73TZcIWTbO18-DyKm^P(=L
zQK+W=Oa_}AsE+><I`k8Km)p+T!RnNS$NHan|N95;|08gYzX<>SgZKaS^rq<Qcf^0!
z`}h6-|HQxlX8iY=b~CO2Is7}kTLAAa0DLDx5bO>>@5qz>#d-f1=l%Z;&N~8Z`b&Z+
zhVu>!G=q91gz}E(qrAf(#X;V&3`l(RW^^yMKZIFFcaJhyOQ}fmMHUl}DY+miECIn_
zr7?XtF#i!uS<4|<pop#TW+xPPcorXbn1r{3*)usTKEygluz?!MCFaSdl9vz=d|L!X
z2qqv#H?g7_z|d{rOfOBAw<eOD7|F%OL^og~wu2^&PtPFJVD3N~lh6UD9x4=tLxPCN
z6e<_oPW9qxt?`08DYe+%6!@pBJ!vwDy9`(=XB$fb{3e>*?dOV`f))kOex(?FK{5Kj
zrx=5d`RjkKC<8%JhT^&Hr_t$zu8{Sq!uFnkM>p#WryB5QQ#nv`ygKc}KagvnYlQz!
zwCCpl{)L+hpA55>V>sssvKj&a!08%moWDIEH6PR4!I*#9d>~*+5Z&2qx;VtM2xbzR
zhM2bE*X)+04e^4~L9ZcEFT}*)UqkWEfG1r-Wp@+!2+h_9b2xCgm>Cl>A!uP(o<lT)
zD~*Do1E9bC817>xLMMXP4bgD;w*#Z+MfE1bbb9bHmd-P5P{=Y0naN^;r{OzR2;PAp
z@C$1SM9}vlv%P)}v|B8B0h$O^u<;*ohl6Bq?i@%1rm{9_PpHadAqBw1(SjVu?O9Y=
zz{WF31S^_1;sm+EjK=dBjieC=eXx{9$B_JCnpb!;a1p>n(8)eLDri2CKA88L1LF*+
zC?uFSl-BMsG$4it{6PaP0f|kp%7Jo_=mdHaesXIB!~;o+hvq8&fk0>wXe25L<vp1~
zaGXt0vvgKR`)v-Bwv3=Q!v=iCV?mG=N&v12IVBF3mz^dAq~#0j8iTeBRHzf?h#}b_
z?c#6+tqY{m=^E`h#c5nY$^^V1xj4#GL<9vOT_}<f>P?X{A=*5eyIcgs2hA7oXMiry
zvW1iyOHKean4h_Tuh9sEL1%Ow5*hqL77w&sjtJZ}s`i5D1`Bua{3u5h*oyh*n1z-t
z#4IfL!w;DyOxJ-~5Lpg*pKd}$cFr~Q0T|cF6d*+iXtNMv^N+dLnHj|Zd&DC~1npap
zGK7slQ1a7k2l`Tx48j7{qH*w0<6)v8pp~99CNkgz29%%NLEy+i6EHL-1m}c9AR<`f
z;AZ495!{bQE}?~>7fHyyGX?hw+jOz}B_vD{Bq;S{K|mofMzsgi?U}@Z(lTi6LoLKs
z(5Xxxt}n_I{w;#=-HU~wx`XGTsP3JI)M}tWJlP9IV%~J>GMXn1hG#JAx&@Mng(lwZ
z6uuip86tvLj0OA>`yB~&ka{2pQ9{+g00uEr1Ol-Y)UJS(uv`$`%A?XD7fK+T?B9M_
z80V-{hX)ykG!k+X*ld)WSfUP;87NK^--kn|iWg7Qji$Lr>(pghn(j2MJqqeZP8i9}
zMG=j7-rj!<t_>D0WV?{>YVEe_=YfkljbD&rvD8B_M=l@tjUz$%1d&X~9J@kE@8Ko*
ztvxljz#HRvDEKywKUgM+<WwgS+*mvaZU)>jgnC7U1HqQ0VHx9>gFy$LkMs!f&yZ0z
z3YrFg<F|kS=c-_ybRlm8`}0qA7%W?;zYx(uJP0%!h}S?(&caSzPCI#5j;WpMclvP5
zs-V_iU{|^h*r5c7n|pYhCc<K@bS%*vR=&9T1TF<nW5RUUQ2t=l*XfV~ok(G`KvQ9A
zD1R1*hDC*FS|Eg}V!lLw3KHjHRYW-|sgf`z<PiLLAdaQemS7p!(Sq<lY#}0%7&X?v
z*pu6Vl!3EFW^0i9kP^i^PpEVlypoqdhEPC=kB2$91yedG+pwWDoI|5i5v(x~d2=Xa
ze=0J;!zNRZY(hvV0DTVM_2Ut)qID!7+6TjDKmnN5xvs;6V*<oKsE1f`E~dD{6nNGS
zfrmuzjCd`+d(eOmR|ILWtI2=>|9@`byGRU%+WM}Oe06FI`Q0NV+UO{W;MLg>PH1GK
zff_G7Suh)bLI(2<qc@k@9<g9g5ziI{&Dsn>W~yH{Yv}w1=mfJFV(G3#W-mN}oBc&Q
zD$$UFvVk3)ra`a({mi#~;38u9ETJK_>R#+E-U2AYnB(JzTY{*%gRv7S2`cS0k(miB
z8X;f<e|``~C$oX?gusAQpkMGRa<3(cWQD;5V@io6_v07B18w)D`S4gg4)lQV4hxhV
zj&o6bQaBBZr1D$NMPokEf;9-@QIk;9FsM|ku2E7&8|jY*wumI-MS^6kshv~_sgZ<y
zM&jWEiX#bF1>ym;NTFE?gv%`c;E>G6jzlz!#vRYWONf?*8ts50lp-~Ux!gd5peFiK
zIWR0|vv?>ZJsw6KeE4ic*gP>;ftWlm8nCQv6m^sXhPr})3QdC4RWOQ}5H&S^nQBC2
z&esTzqTpg5QC(dfuc<lChigo5x24nFbq%IaY;9Ih^t_f*7*3|5p{5t>*AdoHh3jNa
zfyG7jjVYvW;3A5T4E4?8*YypFEd{|QGHuIj_Yi!PT9!ASAAcfUiU}CX{Qw?Z5h4&_
zq(Fin#2?QoiYhJgd{L!s*EJGhJp6(}(vC-l;b>;u_8B07d*z^09U}EY0vHZVXoz`e
zVDrVEfJdIdz@C6%5Ob+e0AWd><{C(<PQE(@0<e?@i~<H3+NnylYm{)@i!R}ybDzj?
z%ZG*`QR9K>K>%SXAY?{ZiOx$x!=Zs@Wq_j^vY<F@TuEP!MiJgLHc;C3cJQ0wOU9s-
z(Ntu*T_$tDbOTFk;lts1qIv?QPFI6KBrRYsV9w@C3%9*-$PefTaNPtVJR`y*I0z{e
zi6rTECJFibflL374sY;+5e(S}2)r0bI_uA+Hw0yObhO~2kfYTg{LC^zR|cSy$$3Qe
zu?1!V8f^-ahKkMMLS7**VF?pXtni&JoO|Z$BtHwasL}xOh0+O}EiesSez@GRF5uxn
z0<b*UsJX!NvxJHz$HQ_Idje15#fSbyA$<wcm}sI?5gUUSfCIzv4+nD~F!n~`JEYBU
zp+gK8xO*mz&%=&Z%?h(>?M|8Bu4%I^?d&i;Wp%+yG5ezd`A$P~29tr`WO~tHQxR*`
z9-ty)a%}<&PAUe{I8<zyW+7^bp$L*WLUj{0d=wrVI%_<}67kg`fo(?k)=6(d|02Fv
z^aF5l0VDbGT}N?c5#~79x#D?n-2zh>s4d!X_`-ok2-qNksNW9w<>>~A+8f~CQF#OW
z|A_8(7}iM+o4c0Qf1~CfMa?c~f)N(4J(dL;ML`vUg5H2c8e}Bbh(Dc7X<yz%^BlA*
ziUuLjmqvk0TpTLhy9<r@BQbjSCj&scyBV$%I)v*1{=Yq12U<jAkgHw@M-&XQskOeT
zwVtWCeh0Guq>6*mQ7vbPXgRoyC^{2~&O6L3{<NZ_QwtqCOmxQXXSAJ+CS4GTe}Ro>
zvz8zMvhd;snTxI>BPGy<rt?q@Q4<zh{V8yHMI=xc4x?c{3I<%AMsI~WLZ^DS`xP{J
zMQ6f9s)l$Bk?33`DUV<TfR>9#3dO>F#B~anIISBaU<)jGKp2k%siLgb5YsgVc?qEA
z@UT2i$O;yJ+7<~Wy`f%oYiba#*2DEDH0+v2=dd*Jq7P#++b3<&UP51I0}luG)(4$7
zMst{S=q{1PT^{o{%o9mc4y5poE)co=C#H&!mF|Dw^UxLYU-WtWLjH))6KdH%@p*{N
zMzcI2E&xfgDpWJRCIy1_z&B0MkQ@qad&7Rud=d8Mg}@gfgY<6B7yWY&#AE&eAB2iA
zv9p;WVYehYrzGl|V7>mF@^uz|!mGbU^|1G4e{M+uk90R&Pxx0w#Z;8c^I@Q`fc~$}
z=StSk|4gj-M>G|U7P071G-RxLA*zvoGFI#~Qv5S<qWD5CB2&nqMDVJo3pUpQO64*5
zbCCS_gg>>WDp;vQrqu-Bgr?QNr5|R!{Ws|BX3**KPolie8H8puW>YzUM^KZ6*OuYi
zlyEW))RjW#d7+95#RGdkli#8LroQ?=mHKMZ|AEw3KiK~%vd`_GKBMdXpV~T8rcCLO
z|4C=kzxzM`6aSE<ua)SgPGD?&XiQCLHH`>5REDw0Wj5UHCw$!-#2K32WCo4C+=xJ&
zOJ#eJnPj2{fdk?YO%9b!^9F>g@pvwmu(FdIrZK(9AZ(e*VzP+v{a_{w+1Y~L<Ex`V
z@YMx>df;yosGvyQv|$|p72a15`~+tZfkoBiviz~?fuH=v?-Be!LIQx5owY%7l^|`0
z=X7KmQZZP6@_cA$7J|o6SacTKh@c83UEdq2f+roQ8S>hUcqR4tm1I*%Sm=cD&XY`8
z;)4Wgpezc7Vk}%GN!1Zt{h4MWwD6T!BLZTxjFJ9ecPb>Xy?8m1y7AiyE+d;l0g?YQ
zK!olV1$BboK#4p$D3MO%fM>zowVH4Xtq~GoA{;>X?a`QC)MbE<Ulh1mn3KXpTrWTe
z<19^N=co}9Q5eGk3bK&MzY01}{7$4MBAttLBi7LN3y4@6A+ZT)K9>u3fZ%;~yKzNN
z<Vxp40sH`#r(S~q&oM9Gx#a&o{qMH@{{;|$uI<0h<Vm`^;`aaF{r~@=fB((<|Lsu4
zhLanZ6v9yhk4*o0FaV?|4Z=+1b`1iyrMw*;0FS`~@JTv{36NN!|8mfPe=!68#SHij
zm;vol|ErSdt83=m{&4UO%Df;d65_iTlY>>(%3(G^4UFYcsZd7;YF*x=%4N~~iDvLq
zY|pw71%%asRs_=V&m~d&P`T~oLSOj%&qZn@@(mlfbAQ`pR;La3#@@Rkn%TI_>ViRh
zI@lnjAz}>{{O->Kzk`qNHV|5X-!y;TX~kjrSPQ4SblF4!r7GOVPUUc+v?C|oZ42_c
z{GV(L`aV9|ni(z*I=Wpnr=3<6omwQCp+|U+Q5SURi~dA2<RI3~oe(dl(1B<phfewQ
zqssa782(UV82*wg27e_1`$jYaACjwtka4(FP#*mJN7aD{3*dI}DY-iE*KTqNA*Hg}
zEWm!`@B>o7RVva^;ub}mkjaDWfS*4gM3xL_-pgU5(6b-hfbPgJ!}iSl6BZ)d#=!HC
zBf>^P7lb4V8K@fg=%QX2VfR>$5+jSHfa&n?W8&`h5K7#wK0--<iuu?r$f^yLV0i4V
z>G_S=Je_v00Mw0$0rp6=I|52oh|d9H9|1szm_oG^3gKu7El-H>shya=IUhYrB;#*O
zM~@Q8unnNdK_U^l=@5Q)Umx1<rn3TxW_12Kk3=RQ?^z(*A|y2&?jZ1DiK~fFli{1j
z;6ow-TulxT4{U^+iL_EO0rsX8a=<vzkqCQZ1UX1730>JnR|*l59||~p9sExUxZn+R
zq8Z#p(S?AwzpIYD?@lzsPQ;ok`cgX(GUR3U?&&icvi_C@o6Z}74wSG4BVW2|ayvE9
zKTjSoPm8UrE#}xt3VXo`kX0r}oFhWzfEbcX!=hp?twRJYOv<DNa@oL!qQ@=>{n?=2
z6c~V_CtZ+osC0x9J$6MX5)eotS^|d+@Utr-Iu!{`;GrwB4(?NkkW0Zt3Y-8RP3fv2
zgl8QY#`D6804G2Py}Bv_dshQ=_grh|*>;W&-IZTZvp=b=d^QlxTr6jGbBrfo9hpL*
z`h%`VkCGVdNrO5IKP6F6=qwHlec?eO4U5S{<P1BJL<f|>pGsv5#)<qdUC_f83+VY@
zx}xWjxg3-jo=Kv_wqC%&4{{=jPSmD#PQhiNQ*~y7(=KSS`f+|xKMraxSUf~|`R5X;
zeR*7TDVcxPT?qz?@h2siuZ2XjIab}3V1ed#A$bCtZc3CeeRm{EK>q_d5vPN1Aqi;V
z7fJLI<w}Ht%R*_mEXh<t?dSZs{T$);bAH_ZZb-K<tpu6vmL#%&+wQc^#fnYmi=y+4
zuEY<cQzd&MfNFqG{4?=}^C>-fG&;1R@X#gAVt+E%7b8T@B~hbqT7x(jIZC4PC$ph~
zAcrn#u;;d)OQPm6`A_Dbb$bf$f7pA|_O`8SQTTo}o+tkSW$TEvDN3XUCz9nHS(X!>
z+Ln(cH|@1uU5ErF)Fi+Fpk+06|Ihm`-!<(C00)gudc-ys3G8w0wbx#IjaRq5xih`F
z1=E{HzXQ{o-^6Ez{#RdnuF}Vh`0uNo_2pvx_fETgr~kc;&u>}(%MlPR8~+_^H~rnk
zmq9d8(coXA@g=%7H@*1+!`nmnjVpQYw7hp(-s{lvUZZf1Bg12ZB8StF;mH`<SD_(_
zq2WtW+Bu3hhT6aoA>rZ>_Oy<B!j{!WH0^J{-b1pGMOn_V9?udJ?|lQfhLD0taI_Ed
z_@f3@$P0=}4*w+_<umbvF2?p8oOADXa10Y!GZ>I@Jo-;iY;cZu3mx=yVB9RUqRz_{
zfwdtA#US>=m>P1XED=a!*g}JI@)bstKy*yuuvY;`E=Rl%DR4BjMnM?TWB~WjK8E+B
zpr6V~C=fr7q!%`<NPnXz2*N_+(2hiG=1^k?^xj8$>K`g+lh<jIC*5Rlxrp%Jb=p>_
zd-%nC__n|vpThb@h^pu)gRVP)cZps)PA?t47qF-IN%ARF4g`DHQ4Eyur9^Uhjv9=-
z<>_-n2YdAEsQwRilu`=V9^`q@Jw*s+4RQ;>DxP=?IgzwEctbH|fCp_{E*k#2o}i~f
z{qsJP__o$r>mOsN)h0|l=`m{2pv14K2;U0?yY~yh?!C%j_w*~L-7hoMngp$lQnBiz
z%oBGQz*U$@A9f;d2@br;rOw1j3}J{Uo?$#VJ_(}K_b3J*dG1aPvR^@mE*50p9@5Mp
z`$S}|Ap3F(;^UefJ?{ypm*A5;Qy~m=dIF3qLZ=;{=`tPMwR+gjjka*~J8eT{-ICz~
z$j``AWw!iZ>B9AGe4LFo`Cqu04SI|1MKY`2@*hV})Dv<Fd%P4qX-=rrDOKvsuC!9B
zv@)$ytJRv&P+V##HVsjoFP=D7Rd5gm;Q+w;Ikv&rLkop*Bz+9m8Dsp-PoZCj<x-*k
zO$Z7_5*mE$3<jP#B_#YhdW!+3orNj2**6^_4d;Go<d!ehI99jjsX;4B=!G`XBRJ>K
zgAnKev2Sj`D?27Xhu-&S;|W?y0I4A&l!csjk_!&^sUla>Sq(sd!&)3evyftVs)Njm
zFA8r@gHKVCswhF$uG`Q(j0eP|KVi4e{g>N&uV^7R{9Zy-0w@}J*qx+dn2S4O3j1}_
zRC~Su=1^6VzKO@AsygZpD*|AxteOYAZ~n6TrcjsLpQH96EXe-bV%H*Nq^ihc>@Ds4
zn5BRyTV_@Nzx%ItE9(0H1g-}WVLZ@$9x^l6!{-%UD=F@m?~(8T12MzTUv*?&XCtCJ
zD{Vk!AyKu3)9xrQmcp1x`oW^uw^UW;Lx`)BnU$|}aaE<?QMC8sh(46dDF^a-%F5c$
z(<)*Zm1AGVN#z8M=jl5SNA~2=tjcGDs_F_7vX-f$5F#wgMPW6+%=Cjjfc4I-cz6_~
zKLxTkijb<H(?<)qNi-xy)IbuT*{X;gAp_tZnB5F8UI$;UI1Zx!_RR~GH{m&Ken12?
z29zCE3<Kh+OcfMuFA%3|W+{Q40J8Lx%I1-Up~M6d#zff!&>5)B0+gq%AQti@Ny>RY
zya4@8&Vf(>sqT*lz?z)17dPEBteb-pTV%$yb5hJ`1QB2lOp5ay$gv@JmY~-Iva4ep
z<49Q{gPaT<6cSGCO?Q-AZoh_Upwk8KL@*qg2L)I&3nuq1>54;$tH>2m%;%gw6(}q;
zHmB=LcxN?Z<vp(;frpNs8OOcnMPfhxtE6AjW|a&AweiXA_W&0iII$o-8574&17X!q
zFc9|1JxQ=vD_DRc0YYxyW)enClLkt5FowCt=z_#N=wT_(3S1h{uFZe3|Kr{(YT)&Y
zZT#lcgxfA$IAB}BrB1{h77M`yrcUV{a2n${3;JQhIv2Qz4E2D^^AU?j5PWU<&+NPs
z#HONwbIoc*q+r;@Yot_D8tAN9^_W~q&1X!z=&YD{4m)jO1U|`41&E0|2?s_kZ2Hy|
ziK<Z_*Mu~hSehkMBgRFxQn=s{g&@dnnJ3aJPQ+(2Owd#ouCiIB3x*pOU{Wko+Kx4H
zn$d8O02&j@lkj>Ee36>GQJnMb0)BHePW{tRv$NAM7N%r49LIunnX+AijV<|%h>v3~
zqL2lO0&QSAJ^*J1)UObbQhDmPTmHTZby!^lPZ<gwfbltKfX7dSU1Xd`kqugR8ad1q
z4wpr^v>KYhWGWqXKb|xBQ@5socwU#@k${QdjC-od(K;{^fPSwi8l~c(aP{8~@=bt1
z5GVg7m&F#q6=PgT;QC5(P08@!OR7n=Ax?rlyp<)6ss<dzt`{c0SsFe~IuAaECY}&Q
zX+qf$#_xwaL?!s1Mkja{+iAE0mKyXzOm)-uhfxOm9}RDqnh7LzJd@A^z95&#S^B8r
z>x&*Prn_Q1pui4?2}gEl^3R>F{KObZO%|8I=>XIRE({W3mrFkFN>SA`?7c!#8W@2e
zc$KA#xiBzVX*a-`M8!;D9C_b^g$25oj3~VVO&GyTPz^ti>=ainSoaZk^x>FU7eWgu
z3<@B(!~+m}3oB*^4nu7L-`{mlZ4PF}_ajTXX~MBqw!^WIgFzCXm<82qg{KqB=7?p3
zrGQ=!&3j5i6Q}?@DtfGQ)}tioRL7SkQMMh7@g|OXYnL2WLl?!07MggIMoz1M+$mjA
zV><tW_*`yQ6-#|Nk!Xdm(xX5~XN=Ao{S`P<LGO$&lNeZarM2E#!NaGt{XE)!S&b^!
z){qhEj#Ct`lgPZM?v%Brk9a(=0*Yfwkudel_Rd1H*M8C@Lc~jYN5BTkg7a*`^<4J*
zh7zK(Fii$q53_~|ts7CZ8pG>Z!*f^3VmX9vZ20vvB3@Xkw$rUa(E$3W?F8vD0A&Yu
zfTqSMsR=2fI!72(8wBMTsK+}4Fwq@el8s;kqX0nCa0c%=2Lnm6F_c?EoEb^sc^_K?
zM>0mz|6B!8j!PIggu8?wUoXP=;+%^FMJ?966<u>D4o~&WpAJwd!SnZM{?_oFp<6_%
zFqSiteVf8KGnIG+Da<E0Aec{LLH@*+L?q#tw$34|@kBFOee9XIIbGu2Q@+-XQsE`F
z*b-?nR%fX@;3J1a#>a3<544~ORRMyt8Sil1BpyryCOo7hV*I>xJpj%pONJrddpK~{
zghejh+w3%7o)hz_cwx5UY%~9%FN#J90h1t9^U&tcCGdqkve%a@8$xbK>WzWbC(w{M
ziPb(I%1y<N%kFy=Se&|6Qx6A#6(@)X_*9=vhYZnXwIDB|t9~>HQk%(9cr4rkjAN9H
z##l%I*d5R~)dgUW)@D4CbDT(Xucw<6Dx(g2eX<e#$Htksc=oxR@H9#oOt}C<WDGX#
zzA0nT!~qCBDh<F>Bf$6*!roU5f|Lmw#L#<Yy5H`xWJI;?fRE%UB!foQH6D<xfX3^Q
zH<iPT>s}ap3#kAkEhx=gv^cb`%n1$74gZ5kO+i-qTsjN*tUL`yqcHwM>Hfeweh+SS
zqmacn@H|DHNRl#V**J6t3b=|w2U2a5F8A7$kKSc7QdgeaGa{&?P>W9<R0qkmel86W
z*52W(cgA{gy3t$Lc4iLBk~re0uzIb0LBTV>b{q~clwk1%Rw0%li@K%PEqsgDEyf9H
zx~9lg>F92nZfX`oimk}GN|cM(%`l=3s3;Lq9SOXqhN7E*1JOUm<E_|G@z4>ua}Dol
z+6JX~RjYZPNS-kSPi^v@uGUoVt6=ArsDK{#^~FOL{6uwUY23)*3RVur`<(jsdx3ut
z4L$|_j4}Csw+q!4YENZc{_~dq3T<9%{<PsPaOG@#{124vK*ul7B`BYAlY#<YuoPVv
zpn$!5DL-5bj~K}m-1PT^YQlmdfl$U3?d9cVTp`%$EdoIbL<pMG`9g5=vRL>Bdz3Z7
zKTR}7(*k~~B;%_SEE}Z3v%*QLeQ*Oh4<#!$Y7aFON(zL-xnRP<f+X~MZbwQ;MaMQ%
zhuBGDNh{jKq=8w4x80#OeW=5RiU42I2rt25IBLvJcvxUml%T{4a;n78Vhd4BKf`&>
z33^UMSff28Sw=lJ5l&OQ&}7JbWqCU80yx9QeClx8fAUaOEvmxxCM~H>%$9u|J>ehI
z6jQQuD%4VrZc9Dz;E7&~MaCzsr?wjB?3ZrA%Hh6)eGv?Cu5+l7+8?--?zcj9)|p+V
zN*VtSwOyoPn%zY>iUtX$X|Epg7s>NFug<;#X`i!lgSAA)AZ##D+zutyL17JDb;DeR
z6P4Ac&OK%0Lb)_yokizxXfadHD<zj?JqTHKh<*i!Q$Y-_OI9L&>S*X>?Q|srV~$;A
z$5J~L0paOQMzo+$(NIZkL=6N)R%}xO4a(7AOfQu%n>M&YMHA!|pQ_cCRA2>CqovM{
zN+q2{KCc&Ij13~d${Ycj)^i0Wq1f@cFFHh_V@=7m1TRz)qo3gX#M`LIG&O<qR3JcN
zzcH<WPXajPlEWZv`9Gg>2DM%?K87PvGsPrFvGTy8aafSimB$Dh9UD_42%eu^rPYdZ
z%<mTAc`_IKD%zZg%x`oV{H<Sd{1xjhJrLHntI{?5M(IM#MPOZ4@P>7k5JHNLD6=qx
zp?Cp;hDg3eVFQ~Y0-~tasz~6!e)Xdd%qwE9%Ax}><oviTuaftuV&8yi@ZW^PkOCAF
z?$|ar52BMeNyFX)#0Sm$wAj>M@jtZ#W*q^k{QUv!yeMS`a1u+&Ox$HTN1OXIvONd7
zmbqh*ALLnECroXx&+>J?xBE&hZwwIa=9)gGsq<Sc9*g<ZlsG=i@!wvQ!4jU!Ekk-!
z)K}4u*2KnMt17O9AMdGwnADOL6In@d`o*5ipe1lZr!b9H8)y`zR+i;$HinI}#USfO
zQA^dN13|K4`GaEka2-D*t4j0Cjqu4Vu{kyP?Mz$m-sx$-Q0b5Zhuc#k`CxDsoKs&W
zK)FIfpC$dYt(Dy+!tBAT{lf=3@rRS2P8(K`oI|xj+f<Y52ha9*4<1zKyu@5gA=-1=
z454nv6#~*Q)cSt-(4cQ$^a@$qdPA>|vcA;;^I7~B_#-m3raf;Ohy_>qNSu`%L)Fu4
zDeQQqIAJkJ2F(EqI|3HmVwSCW-ZK583mYF5V&ez2n5Z}m8psM-piqEbpK~C%NkU1A
zDJ@w`q(_p7-RR(4kgDS#Rf(8kk($hz0=L$%`~tyj381$rUOM!ETs!1O>DI)}E4j(J
z0Yd>caSw#^wPLvuaVr3WV4O#2fJ1dFtEshHRBJ|+YfrZicGp*HQsGO}-B%pp$BtlB
z*G)U`aP;*kX~CHu*R2^e{aSilYc!gLYQ?nN>f@y1mOS@XWjhgfLqApDoLykC&NUJx
z4+&jJYMEg`{_%*#<0gl8k-p;voyc8mydk2z^3HBft=T7(T<B*BSnQiVeQ6eN_jiHu
ze;?ktYwbJl+~3M)mjADbA9MLWru+YP9<|roMgQNm&hnlA?`?d3%l^M?HHxZb<&kp<
zFJSpwiugR;@0WO8);;Ua@BDx7{D1#9`2SvCv^w$sr3Rl=Zz=5&>?z}{Oaj=sF2Rm<
z5D^8}H#q5=U2nS@Rl53B^>8s~KbeT!gq6&TAC{zEwnraA7~_y#(eq}45(--;86|<?
z@iB!wBL$Q;-lvW7u1N_+V8hRs+3c{Gnl50wv+h`IJ+wehr-Z{Y7|%^K(+LTaykkx^
zhYleOGh7cDn=Aa)w&qQ8TP8mWkE6UP8Itjz%3A)u$dd=>O^=*-P^8Yc8#1swHv)N{
zxocso1g2%<X_A-5r2OHp#%P*t^4-*DE1e3pSSj_N4HT2!o+K*ds6s|QY*tGK#c2q0
zLO6;2uqQ5ZlF2YnQA#eU44s6s%0B-_&`lb5FixITBOR_eJfko8?8dQAFh#IW#uoOJ
zOVSWc7D#)OWXj|^M=NL2!#HT@VwjjYPrx!pZDry`J|W^Rf&0;`6D~0*T%;GU(8Gqa
zjuff$W>%4!cGghE1D$7Gl=CK=#!W;@^jl$rD`LOMX&Y|$qi7KJJd!r@4CN?y=FXu)
zujNE4&YhcfCeM!ue@W62{WDDGLerf}EJQUFDr(}Q7K%f9BCIH^r_dD7_;yfkK@;GC
z8X1qYfDZ-SpOx*s2hjJ^Aj+x|16%q{wvK+T=Vcti+<u7?9dklZyxCKqo;_G7m$D^}
zHI5eA!WHULPy?8{gmDdf3<x+n%VyKlb$YBnfD2nPgu(NU(ZexT-ZK+AM!gUyNWk_&
zIJALs5I~b<?Qu=VK_MmvnF?~m3*|Adt_)LHhklZf)QUM>hC^KqSOj+#twwW75`EJP
zCMI3e0Ai<nRm8TYtJIqQYNuhEWN*&EC)Yk_i7DV@<}Y*?P*OwwG**9DUiT<l!i?DO
zZcugj7REi@TQ9Mr9-!zR^RM?{@ERwumI$M<$?gV94C}Si5D=X$Qhy+AjZ8r(X`G#r
z11(n(Yp=SLX^CRTZjanlj?Y88Ej?zB#;jN}rZKWAS0OSJNQ|`X&=`dSL}UP}^U;?i
z#%yNg%_=)l@4}4L0s%QJIqnZpX6Or<=5&L+dm1`*sWt6ps(oRROqPfhom;Ae&{Fc;
zlHksYQPL3&h(K6o+t9nHxqJ_AZG?u|%mlX25oVKU7t)=~^5U%;xnED%P!?JbHKQrd
zBy#|s!DReR5V1g1CNV;{jPVw1D7XT^RTa4pcX-B8j~m9VV%lzcirQ5qsh;ixH<j=`
z4bOs96j70=V)eL0{gx5s@nNfmC+Og%;tPny2c9mO?zX91LYSx*oLYHh>1?1enllkK
z29|+~v1?cURx`0qcZGa@CMe@;HDUKOh@))iS1z1y^A#K}{6_c+Zra)N{D`(Z5U@{q
zlN2b#7E5%8`MBYq1G2UtJ0+9xnERm{2m;`Q;)>+s3S2Gjr8hVjvzdUMP1C^gi?mwK
zF$fd!BB#(umxBBRpMq#W5+!_rS2bGI1F2<SyK%be)`eXlLY@%;LWbNU%ksWhr|<t6
zJB)_Iu!qJgXkDI?n;o?`Y;o|gLlt~C*Qx2fVemN`j)#6Qgu5nt(V(3PMP(*6aMr-4
z&j5@9MFAKV5SaPfUS*E>7&Zola=`#3!zj-c7h;ctBC#mW4M*g->!Jl3Sw;bK8R5h@
z;k~sA>M~%#OWiU&I6}#6pG~ncMX?G4ZTYW~cu~X=5*P*vo_xin^<pRi=o6+<7l#vd
z(bY;;i<T$ThjxalSTyh#GnI*K+XPE2E6#w8P<*XNCwak|<{V`S4LA@)ufh-bP*WUB
zr(P>AQ4R4d&_PuYDI%s_0h(>(+7q`(e-q_`AdZjv<}S;D7!3ePx)GsClh9g{#n60c
z2T|wZ_SscZBQ$JfMC=(foZwb?{A5r20OBJY;0Cmbw()Rs!!-&P^5-bVP3RL<%><)3
zKLWAuiQh**8V{z8xIl=BfF+>~gS`;006oxzhzDxeLFVC#(5jKWjB#YMe8(LxT(g!E
z{bQ2%<na>~2rjCaE*|qZUZLV_k)$Lms%z~^Mb22p5Lqr!0ky(0{z$S!tcf$)lQC3^
z^Drz+hPV!$Pb&R@I-<m3mk&Hc#DE&VEgW$bvGCbR-wG|RT9qIWYS&wxiZ-9A3r>w<
z4@}0NzY&r%Z~#s~vA+#S*+z?*bZdzvriB;j+r5QIP3<6!u4@GXL8mM#ORjXrPCR6x
zW%r1M2W)N+m&>M%|AKe->#-B{Xx0*?1~{EC7%FhGENb?-{E|`~;o2(uTCzMc@vnG~
zVU{o6rrKaM5l)_{kvg6$Bbv|@7s;$B?A63^l-&X-wgoa!xSJIwkZDLT8gVd6JljaT
z!S!u(s2&++!@DM7ld|fUb|~0HFNtl3-5O!tBEDM0SMF#6<Nw}shn7?14Oa3^?aGQ2
zQu`Q&qeZmMxlAvEF!&@<{jdqsg$|8DCKAxD%Ee>2lS*9BK}B?YQS5v2En~tlODLyL
zPTTTVAx+C=e?LZ74fHx`V?xXB#)Jp7F?-1F!jK<l<Krjo$4mIfJm~NPywUsm;VXVP
zA9MT+=A1c<u@&FPlFRX_Fl6WUnb*x{&JtF&jX|EEYsJes^Hb+7$M$e%rP$$6_%3Ph
zf`T!-;oieSxBjGVr$$XF$=m@)(Vz~G%1=qu^Ho?)ghOvU9G(Mr3D|~g&<riwi3;^Y
zTn@#e6=y|+dk(aX=%y971%nHs$FYdQn7C71Gi6qe_|<8uJ0*tQt)s1M)35!#e!qwR
zYt&mmG*A@esNyJp(+zC`Y}(xg_=L6r<;a=`pP#2;_|H&zQ6?vVmvEmAyJI$e9jEO1
zD}E!+jb|EGvl#f0GIdpAw%nA6C=rPIL_Hkr%TxG9r>5es<+ws7RMcs47;xlX;Gj;z
zA^~E1z8e8PHSI#59+lVwQcH#LNq#yXg}HuCLE^~W0<R#>KG(`EXzyJU49nshQN{L2
z9Asv(3W_Obs;16yY}RHIj?Wi)xk>|o-lNaZw!z}#b6hDaKo?sFu=y*J9Tk;Vv=}fd
zqYx&29Q8yUIs5~eZZEPhdkP>l3vEojiRJb%&WaMivq6K>WM7$wumewAj*Vb^yZ|GS
zUqimqNgG)b3OYMkp4I1frlqSlj?xH$kn0$*Fh^)rl13*{tTu}`jw1{i2K(i27(Rqu
zB;fGOQSwDaM4Y0903<TEj!l#u<6(!6Ab`$zd~%i6G-Xk4jx{||kCiLr8R20Vg1lZV
z;=?)s<K)*g?S|=%5I+k?-j!9UlNYO~N>zH)0>fwXfHuo_DUR=ul^-Yy(%MiJloDgP
zp)iO^o_UYrG*W+%mU4_YXRoO5P-+`?Pm~OlMG3U4&cJX<Kvg`}zRZeISC+$8a*Y$&
zH{~;`yt2<d%|41DKL&!#*qbER!YYNe$iABGPht=c4vst&=O0_@K9PpZ;718w_QG4!
z(eGqVe$@9S)|05Pm7-27EJ&o3Kdu&sq!)Oel-d{Un-Qj?s{(D1d0`pdDoLfY_}&cl
ztqI%F^uJp!GO3cd^CqGeNYk$MhfWWAA^VS0ORH1#=I@Tv6wg#+YbqVP2g#iS$M3{}
zWA)B~<3Hpx!~a7`r?1q<bpMal&dS<q(f<Sff9L;k8=v30|Ht9Z>!rP`WPy{v(2nK%
zp}j$-JApWT-?@L>xqtjGaR0c5Wbdx~2Sy!-oupkojE_m{N_|a~{OMTd&Q-KKnk_Hz
zC)n_!N_+^Mk~Z0I`P=RTyo{l72FtaQbf|pugMzKUzAK0-*O;kI@iVB4;!SI-RhBMF
zY)@4<x4l$oNGw$B-m!q^?mer2-MzBqr@-?nzrD1__h-5>v&vX0qMb|xK>;Kptuiwt
zffskc$<A}fkD@g}PPJ!l^AcPh4MpPctlXax#ZW+WM+DHU3@UF`Y0ej69<f(!1+HU@
z6tP!K3edj;v1S7X&5z~~cCld?Q9*!@@@_DqMHS|OoAv~1E~dNKQpo8P*e*AdR8*J*
zAh3HyzW|*R0F8*^D90OeuUYEPSwWv$s<6_*a)>ic-`+_^`cPhI&t6+&l_;0hg`$1X
zf=Cs#ZD9&%48YK+J~KgqHa{v{gjpOlP4TA8TGXzwJh1;LR)tm$2g?wHE_j?O48bO3
z$5*fgsKuT##Y>H~nPn8C1n^j$Ne$APlBo&GyS!=}nQ~#W45_q)@r@;n5VJWfU?v*C
zc(wryi`yw0J=?hOFa_B#+69IRc4ZIO;FLGRE03ww#ze2Yxx}4MBZ=thkUo*CO?RY|
z{V!Tnls2{eDe}l|yD=qejD28;m17ebPwG@Gl4t0(?rw;gfVh&V|CDM*nPrjL<-6rp
zYkl?4=ry<3FHHj-TWEhiP-!8Egq_3ehqPv-qeNWgY3amHnK#z9AXtCz)%LSzZ;rNK
z{Y_>hax02c>cR=STz2|#0$+RG(<D)r(4*6ENNI$~X{l^*RdI%yLkxRR7_EpGrbj8A
zT@qi;DR`|pQXDC673I-<hCFoG4e~xRcEA)6&T-Py3GXbM0mo1;bA1-c{_IA!BC{a&
zUKF1Yot}<~MAaK}BwKH$>xx;!Cmf_=9S=_>|5$8%hDm!TXOlS$S;45INiv4(?Z?!a
zv)Eeo&Vo$bY*EVzS3uud8y%6KthiK`AG8;S^-uYY$t&p9S;#F+g(|@^b~{?T;pYUO
z8$Rok1s{{x3zYAV(!x%|M+vEJ*?r<v#V!#K6oQww4#pfb#0#)ZIqC{L4$}!NLWV)R
zn@Dp28u7X8=?v3bV7y9M0H2Ix;o!r_O*&mJ@{J5&in$dHBV+)CD!?MJR=?%{7^KIr
z#}>P=0ofgb7lT*_&yAZeV34yG6Xc|Pp;Jj9+;izV9C&BA@7lXzlK1XhhtoEvGRy45
zU=>G|_PoWjqiOC;VpPW$7tdi00VX^4?@V9%RbDi6&7ka)PR0n%_pA$uiu{RiLipVj
zvl_xA3V<C5E-GvNo>YDm;<h&B)$gid%w~6>amT}I(gkX!Zt>R6^0q$9XCH)?8_`A2
zHWeMWlDqb+E{qkuw6As~+81V5pLex`QE{n-gRwHTSstWxHzT&+Nb))@;9opPojn`b
z6oV1;`<zvvU_n$A3^d8JK=v#do)C}ER}js8SgLsKaM9xIBNzmg0}wXZ>>MM+=j=TO
z|EO!hg)Trv&k;dSui#H38Ho=qJ7KY4*Uk)9LOkm#>jAlj*HLy_uyVKd`lU(rWD^)o
zRxI|!dVB#(m?-8vcN7-#I2q^46c*_*nI$FG{ar^pRb+Uk<D<G$>vgbcj3jajF(_#9
zM(z<c7ox(^l|xQ@%1BmDnv55QOHz~R+y^ip7-pF=Tyst+JkK}=c$DcoXzYsivLZgH
zv*HHuK_5%j(QQ4hWM`}28>Y7Oes0SuH{6ATVd4wLrfG&roo<v?SU(r1xHAi@$Pr8-
zj*)Njh3wJ@Qe4YC0Frpwg`B>Y*mQ9r@!7;xEWC7=u<&xOR1@7U8V(aFw-!%{3q^w_
z2H<@$g30p%S&#PpV^{%F{#<BPU3+7;)KtC~&C0hZh-~W15DM3{U8`*fX-xcFMw*4{
zH*>8N*}Z+Q<VVCvtAIoEu+RsR4bllS6|pZSu{p-V(+Yo7V50HF)6gg@AzHr509<6I
zU3vXv|F))o1vVLY54Jg0oCyD#RQ8&9WOY%f5YiNrmKcd>DO^<MERRA_66?r8=~>I7
z;t`N)=$COgM&r7G{a4xlG5r*wMK)(+<03v;kYc(u@^F>wI=Aix>V{={5h=JUamOqG
zct@TrrT^^+q;PX8oW6m*scw4~5mf<1aE$Lp2vcBO-!(CUd_Vg9VLrptH(}6ojlCUK
zsYzrt?a8L4-K;acqG%f3U_I%a<kNteulZ*tfYaJ+5=!hX?Mss4rVer6i~6G8MY<<(
z90L4#9Oh>sI)z|hd(|wZFF6@RClT?#v#yP=)##jSqfV!#eF!R2d$P<nV4>}XPfovL
ziqB}K<u2MZ-bP_$wOLR?vMD?Ky&b?D<|A_sdz*I0gF?rFPjwO7(HKMf1ZZg#-36!&
z^bC_8V%k)7+w@;NHz5!F`u4%j-X3S9X)iaLI+e-boKhZiDL)KW^mg7%s<+bM>j#v;
zwX{1h=`^FbI~a4Ach6Yx!fza?n-Nl_Rg|T+JSLb%iIalz2Df)Q9VtQ2H%{pi)xfIh
zdnI=Y1v;;o&aZ?;w5#k06FQN(Fm@bxA5%#K%wwBfJPuEyI2J|&QO|YHbUa3;X(WqT
z$t#!<-LinNN{3v<JeF;er;<Gu*m|;?#GONHAsOcxd3};u@({`!1jW1}O4NEga&xc)
z|LZVogAjp=QXZ>IudMi_E~&?yvV)$HQLj?LioY2%@=8kF^0o(A(zN2nJM*281wQ9<
zHjgOZWrnDm^u6K)CPxOS3V`7HES^~b6(|=F`oxEWbD_0+EObX74J}GkX;3x2tfL+M
z9*1O%DRX)jl2`yc3Iog!My)g`Vg%+xjZA72Kv&6;{o0vmrhRpetu3u`5aX%kondqo
zTW_wa%BCNn*{&MErzjclo<YR|#x_%-<8<VaO!=>fkft)WMXcm!(8rjvgjyg3I3)$|
zz3|2qrX<0&&TES4Mef76>EWP`@SlIoc~BpaZ#PaEtDE3;=+`}6x>522*7c1imZ4vq
zv4bpS6n)bk8B{%T6|?^k4LO>ysT8V%=%XSEP%KC}42ih4X5(Y7LM(w5R3^~O0*k{$
zk{I|NR4I?~YIG7~*L+qi03jlt3ncc77_;6*xHt;X0lNkq<HlhSVWv=(6{V^CJ|Yd+
zHVLDT>AJ^T4gMdJRFd<J5tT^tVBl3<5uyEgZv9pEK+|o2%v<FwR1FG$3Mjk+DA2Wx
zEf-XhTy)P0PB2`tK4=NPCgCBrBMggsvdEcII!HVvge}|?aC;ZjQAGmmaT$Grh!9S2
zs={){*C&W)P7vFSXVM`uMIN_5&PU^N9GT-W@xDFIUdI`7cwlgq@ghmeOeu|k8O}K=
zn#E+`2!;~G(f8_FVo8%~wPZd##3XI#gu22l(3yq)f^jJBQ&wa*WyNFR9i2ZISrGt{
z6-lYwfv-SMCz4Wi*>>ouJS3tjT?0iW*Dy^~3&N%OD$St8sH_!#V<phFRpa}XFEW`M
zO0q@RZzeldl6nZk#V$sIBFUqp%C@{UsR{CKIX7&lgunAW>;&Ue(l6`?j=b4-qJ1N*
z5M@q5;4Qu20yH(PCm;zY%}Eh;)+H%_9C9$Dd_%5L)^!HMl>`H&ro>y#0SZD0zaj-u
zWdy`wcd;i<SeCIkG)yA^MAzjH0aI13M;wkV_g5FA0|q5t_{~e?+|D_E6x|-OQ4%Yj
zJ=6KDM55p-P|)rMm=p{PdYmR7L(Wb$N)tSHLM83DgkN$QqHD>fZ-WJQnA}eQCOZil
zM-TXr3gm1IKB@pM<Ct=I5eI=vc@f7Xb}TEBB(s%)eX|r|%W>VTM3}7U@{W@PL-PW-
zk#^I_1VI*zaGK(*aS4U^;*boe1uakD#kC|;Bt&lO0Fpt^1YY)><##NYSiMEYafA&F
zZiRwkSi!O-zL6{XDMllLH7p?{7{Vm@>RvH$Jmk>lk_>VCo;&D>d9i*lP$nY<xKq0K
zUTOHA8nhWPXR-?by;9!}muydwX+CTgjLDb5vPa#I1LCeF#W9NC(775f+(GYClrce|
za6CD0FmmUWsJ1MRgWh8ApJAG~80m&-2c)dprxb0Etjr~PE1V|d0U50EJpf%C0LB#B
zgOwa1i)aTC7chq4Mp9aB32svRA%{rA!%gpKY{G2Qo<rUpEyhVN90cdnW>KOxUN6cx
z3LehrRd6y07w`Z+Nq|nD4yzP+UP*Q^MPbmkb;(*}iI$)hf=3gmZ<dbVI-n5U6B4Ws
zL&JRmegQHAHER`)?3>aFWfeLh^-P5i6*UR-$S^qP%ytg?`Kvic{ruIY%Sf@Q8&oh=
z1T&?<TIaK^86>q*cs5b-#OcQ2!kAyM0l8P9sm)0trVf-2PVC4N6YpPhBE4oRrbMSK
zpsHfNZva)5dd5Xoc}fVx=O%E97;@#qWK5m2j)SJN>r6M$B;kgM4?-6d36P-ZmEujG
zo+}}1(?jZu;&{tek}VHa6it)^0Br{(Xp-1c6Kv~7kj*q%^XIi$qXeIG=<Pf<$1ew=
zZQ6o(6ZlzO{4!>Nyb2wh79*?3LvYt4LrJy0Rahz#zBAK9+$6$J8SmlEl}9D%tc}c3
zxErPLFcNAV?TT&##B)f*6J{OQjtL5?PB2K8KORw2#JakcO5Li21Vz<gA*is5BaDO8
z14G_I8y#7UzizAPaCV1uP39PIXNf^W#A4d(z+l2S<#I2g!;_HM5X8|wDMiNd6g|wb
zI>_<<Okn04w6@3cU9~f?8ql~}MY=y&i^xl8tj&1wLS8=-N3(Q9;SpYIh>b&2T4b9o
z4X7ZP5?G;mF1!+Dmyr(Gst!-7IuJmckC$MU4*R0-NH|#%6BQ=w&UMOUNn3=Ib?3^v
zCm^wb&%~r0x(e9`kNLC~jnSW~Cqdk*WMm9J6tGEHU7G?CeWB5LZh+}mDr~iCOh}wg
zHAGTp7O_obn1X?X_bs->O%2gVL2@mVCM?P%9FOtH_69+Eq9`Tre2)80>P;=LMs6IZ
zgLg|Z8+QBajYCgVM7$ACO=_8(Y`2KkswiX98S(Kw!`k`#2W(GLc#bPe7c-axrsefn
z!%;}h!d`&dW;UayR3>X}^G)x_R(!xg`@~Vn?3ZH|o(GD2;!W)h61>{dHKRcG96-$E
zZj(VpfN~+&5vIV#RYK(f3$AIbN<`@??FpGG08nv50G%N#lN^o=vaBZsGhd3NT>=I?
zrZ~@@ByNLdU~b3gk?>J2_z}f*ChSG^3M(^`<4;jCF7Vo?<D7yD-T<#HO*^cJJky~9
z=Vo^gpk~JL4^cv*Vk`{?i@h<BxzEKoZxfFijOXXW-W_D(-+>AtkuzK36uI1?T>li+
zbJ#H=AzGZ^E}-&+C>!QTplIlLq!2RHHhjFd(e+UIcStZ?atxK2c1l(ydXg&5Gm&G{
zgXUx=_uw>YRkit>s@juAHTg1W>jlf^-*=&hen+8)9^Hi=y3Wsx_&?*`jmQ64X}8zc
zOYwj1@;~3s=fd%SZa4hT+h^Ah`v)4iaO@we<KKATpS!p}cX5BN7Waoy5lH>@2L6Et
zpTIV%3jA}Gz6zXt4aq?b`>UD8Yfr4uKk&QSp~WFV6Y_VW;?U?lkt!&8;9KkYR6F__
ziTCoPrX_rNQYGW7DIs5NmS?Iii8ofKG(M=VVOizZ<}uT+89V*jY(xE;WvO4AVyf?y
zSMF=NLfKokP{W-;RyhMl7FuI}fLfK)EC;W>;E2ejQ`zq+A7}Rx;^G)%Qf*ooqiPKE
zrUWyp6ctShX5>w^yuXHE3zK)G0N+>+RK-=WravRNLUF@#c!j{(mWQXM=nCGn=n7i0
z?0T`GWLHI2@JwU{-;JzL5m=!ZSHV-aR!dN)!YYvX)(NUm8B@ViF%{g93Vt!9LJ3?b
z4XRmQjd*FdBPy7H3S-ku=219>Tt!nrNt_C%U}7n_p%m;$3TR*M1*JF&{v2@>ys2>%
z{3&r1ys9_~*X*A=8O={@%HbmWOfTI6PQM9(eGXB$QSGUVjd_+^rKCNpJfbGkBHMej
z;7Vz`;aU#6vyp2)m)UXo)VyxL*{SPfPLR?%Rd~l1NYhLg+45pu#YuMZ`c-I(tG#5s
z$zHOwvNN4zy(#WpGjM{gP!gd<5fUb!Y)_+r;Tg^21rK{MN1cz;vc%q!nOyD-UO!5+
z+++!5LPZc^)t)uzLc}L^c%WXjx7ZERo|;tSy4~9*W3}cQU5s{|+_LDO1vPpBwI`RJ
ziQ_u`3fhHHh9a#<u@B}wcJDBc{3tVYtI5WistNL1QF=6s@Zl*ydKYAitjPbl?H#4Z
zLCPg<%mXOrQPi{2jEv}A_Ler_Cp-dZ6g0S=>j$b*&SFVLH1!~~p9j(Po&p5U1pXVc
z)pZaTx?-~u!(WJdh-#Hxk&ummy)9)inoyJ>5^^uT>17~xbFnv9FDhKW?u~HV6f+%K
zJZir%12h%m6uIIqDnQbJA!sRXy3V@}QGz=sX9(sKm~-<mk7|hC6oE28`>y?chX>QR
zAmg2v2`F~qc$eWI9pWhWnR&elN+B*LhnuXR6@;=kMJxE;IDrP>%Zt;2pOf@sru|qX
z8~2=7TNO{XDM>Yu?xqfl;+0qwH20u{O>SC~x&+xF+$WuUHbAKqq7$AqVZR@BQPbBb
znDbrPnQ4k#0vaz;XUC-pF>OvTvollRkQYT(DPT$=e9I(O!XbIew~59v*|OcxRhGDB
za)qwm*?79*sGzC!)j#_{&Bqxsn}gsShxsW?QBc|Peu6E6YHvgO$wI(Vev{ahtBnG>
zV^9YYvd8PE!3mNDBs5G#Fi~+2Cl@6tI(pcC(SRRIl&E|V1;^1K%Fm~fj+q`&j(5Cw
zg^*UW!ZjB7?U<$7>awV{ty&3BFlD<39W#TDSX3oPY{^1aP<SciBMZ2kFqPD<XgNXq
zjNtBZIDt$jDK!CZOTO)Dr`DrZ*aD`{(;+$K=oSn8Dn5x>w(E=nP}qjZ8y3kPKX*1G
zTyaO!<KE4=Ee%*EU$d@db9(=|n-iwIH*#!h%Q2<U)@T%wOC5|^S>zCl;`ody=?Tu?
z?l=vD3<Wk`A?}@YXkUtz$-eIKj(q%f$j1!|d9uku9_tm6k%b2f)9zZu;&TPsEXqDD
z%Vl%!yMoXtQ!!d*C^K}f0Q;SidIC~mkQ&O^6_oMH9oBQQ=`09%;BGh0PZG)trs#;L
z0`8GlRtXC@MjRrZp*)&7C)-Mvwqm(V2k+C@AH{L+AGFXftTf?_0$QS6xFmK!R;^@-
zT~sPe=Vq0`vE>gsr--7uo9SAfIgXF{!hd>J_|I8XP~Z2QkmG=GcC2nKTCcqCYs^*h
zFL4m$l(D^H<>L@<@+BlzSq#u)nrJC`StCI;)XhZp*2!IwYMsPMS`i_s^5V$E^%D2K
z5@DVcowOKEsT`fuCE*8=Na?G>E1H~?XqW4;2!cKGO2)4H2Mj534XdILnMb-MSO5SX
zZZ91ilMIJVphjgZs$88dUsFCt5c!Pj^mv4$Sy{gCoW;15WoN4!6AC+$#tKrcCBBy>
z)f}?FAp0VE>&S#}WFJ@WQYWH5ucI4K->V9!Z@K2`q>mMm^+~`rBcT4|5c<C*X3Cq7
znL4yI9ByV=k}`{H07@S<4<2Q5?nxLD7diOg<8(V{&|wKWJqw7gI_y|unT26hX%T1}
zPJ%y0ok>V3L2a>U+#0vXaVxfUu%CingS>T`ei*Sb)Ey$r@nrabs+cf0>P9)gtCI3d
zPS==p2cfb^FA|5V22Yqu9Fz@2iRGI&ghH95Tq2G_>AqPJNx|m+tVjyplt>Exe32Bq
zsgV>a11X5TZxt=OKo|vYVi<*)Q4|WEP(<>26eD1q>p%+gcs6?lhi%Qw>d*<w4*wjF
zSP}Jd_#Pj7LpN5~dw8FX!c1J2^q7v*B<KOr$}cn~%v>L4IYlW@(Hzw6O1Ee+&yxE^
zSw-;>3ik3-^^23-uP@92P4Uex($)FAv%O01?CW-Ub%}yDbt+MXl1J(cS}?Kv1ulRE
z=cuCRs_nX3G)<d+lex@&#P<qLu?3%4<r1qrV$A`aSz#(X*E^L}#1gzCMSY_L<*4#V
z)vg}mlIjJnM{3cD^E9*^&$NeMg(s>v!xPn?&lA;~#}l<2rnao6oW~nA$aL1PxqMM8
zxg!BV(W6y-5Uusbn?}jG*f=11mvKOxBD$J&Z+AiiQ>nZ+)jA-vC0~Bs5v&4O|AA>R
z%sq;)PZ}c#qt(UG%5~NdCtu_PZJAqM<&}rn6DJ<SLNInX2c?|u>E})L^z-NP^z){B
z`uWp5{k-`+{jR|a>-L?nexIh`SM<bM-&k(nd1C$kKePP5(!ovpe|45u9+mUIue9&{
zzi#96Th9Of_RS0A@1xO}iR8sSz@P=o^Xo+vf1KO@3;O<j_<!9wfZaKOT}R?~AobVm
z|CJ7&z&6tUUn3Rf1UOT8C((n5ha91Lca$cdB8+)s-Nq=42V7QAor48(6ps>De>{$W
z<AwI|Ite$&5Ca<pnN^n@bcQ2zalmlG7=I(A3LZ%hj!~AuzFq@nOr<e9ZG%^Z|J|%L
zN|7VZVSU2hc<J9gWSExHei#4itbD)T%0B~PdGmb7!(XnN4uEl(0Q-x~vc3&yfM|F$
z{d62_F&1#|g1X`701Y9Zc$m{B36yF9X(eC?>~Kl&i|e`Nqns#8!@72kO9!<EHkyV!
z7;ihK$`lQxPwcxWPff&Oy#4^u(1W4d(Jy0;#g5XbZwL7%wEXQ!zUgmlZ29l-LDogd
zGCte*@NQ`d9|dE$H>7Z-z^CvKpN)e2lz(pWPn1{jgCFq0FXJ$k@_)qN%A$lG5o=m%
z*^FVFg(=$F<J158fKO04g1_EvP;Wp!+=lEL)Q);+Rf1)}lgF*7=0TNyB>;qapi5s0
z4<wcd0uPvD3!ai<Ug7K2H)AQqyfpp9L*@<>%*zAGRfJnjZHf6(QsYh}U4p&KR8kb$
zX84;u5bVu1JDlIsAPc9+h;`dZ>IF<Dh$N`|em;i;l)313yka}fpr%FVD+LiLkI9C?
z%<w!E_mfrDCunq~G7ciu;#~JAK<fuliVjZ{E9)~$!-G`kmgktDJz$K`94Edq$?^@!
zIwT`=qBs6=NI_Uc)=eTT%m#}229myi=7ciE;kBlaE*V*{biCAE>TQmG_{H-cdfv$f
zCa;IjmhZ!N@5J}@Z>P$M*IGK6^y*}3QmrLV)pFjQcuVEhPP`w^C$#g!xp$&omimB~
zf6OLSq?!IP^G;NWQf++s!#TgMXc}H`exA_y=4bCjy)0Gbm)vs2OKQ0_3EBYciEmn!
zZ{YdTq~|9U&rk3Lw`ITJr%TmOPl}7E4>cs9%pP0|H&Y~_)U>9a^ovL*)1M<e$>+--
zb*u@erk4?Fbb>U`=1I<^yE7Eh3QSERRU#!Znu8kmnB#Lxq)&rpi70)w%!*zlXBZfd
zG=-)eOxR$=%T10mrP3au`3BN4SQoenNL_mn6jD#v72ztTXAPW#;vyJxhumreIKo5u
z+M}MDrd=$cM}!J;&}XQ)$b$aG&QUtGY>q<gJroori&j7x4bjp;mABaoCFLhfddemU
z*16J@WJ(lFwP)v^>a&A0g+=G~=&XT(1|vFY^28&Nu42bA;v))*n|_wCf>h2_wDQ4)
zqBUUjq{!Ajtv){W^qgj7<>RQl3{wl+1pq4RgF%T&5b*>eViqHd!xs@sO(j9Tea!n)
znIJ^N%q!&U8iaicot})lr&IFo(G5r=waKzqf!Dsrm^}j>++e@FPS@(suh726ZPzr?
z^KU|Uk-*HCC7uGAn`;X-gEN;#Q2!;@FP-Rn7ahzgxeDfjiBUs_sx2rm3ezrC(s|a3
zSz0ivDpfrN{-XzkYe=b>M!1s7nGBE!Nw3On?o~%uETZI&%z9!<AQ@=|HsI!%K;f_z
zHATt%Gy4`u*FC-fded%x9<~c_aS3JpYD<6oVG~|qFbIBGyWi>G@2uQk>EB;DuDJ&*
zof0>5uu{_+yXY4o7d&Vx1@>GRMn|JQSdmqY8Chg;#M~LhMb?2C<(YL<&0PGq*1@Y#
zSs7ZUnQ_77%u_OYP6WihmYF9g*c3lw6;>q6RVp62(omiUAY1!rg~LC5sjCv4(+w--
z(-(7?16~%ijyO!}*o`Di>P!V)&$1w(m=4t0MXyA5c8tM51INI&N|5ka$g}V?fQ7&E
z)td4p^1uB2aU=<`9xp{tnx#T4c9>mGOAKZgr4ww9Qe<f}vm6ODW*1X(j@c!Z$YOR$
zvJ9O)5tOOU)$2S!VOdGBBo+MPsgu<afLsHWa}Ws$3R4sNN-S-+04<lgC(&RWEKxo$
z6mS0!Y<2!fE~HEsUA)9682MT7j2f*q`KgUnwL&+ljG$Ak)NPI5D+H;*C{!H_8)`f-
zc_B+meT~N5#WYG<$0@)4G8qtkf<u}l`35af@4uKCB2~_4e7y82O2-+DKHMZ#Ml=r~
z`V-(#-AxG`PPgW*?5diKL!MhmZ?|6rOSwD2TdHI_(O6ou+xb#)_T9{#!Zht3faXqt
zU*@|<q+#%J@;$;K#c~t^mB!O=_Dy11zkDf`xWd%}I|7|^NKQIh*u4R+6nKd>oHobF
zH(a<cNm5yKkA0kzYY#DBd}Z;_S%HjttRr*gCCfQHCB~46?k-mk=ZKTD+Fbo|_jE+B
zmdw-4E{jLeqNdL#J`Ni{j<3$hPh#U$+lG->PcF>Lzu{R)dRjs)-|+LkuUUFuG4;OO
zUNv%Doyi84egcy{g-gj#bwxE0X94cwLH{1&L9cHtuiaT8UF9>y{wK`4OV`o|TKPO$
zTbp42L!W~E&)Ujr`~UcB*V6lp&;N4!pBd|ayuONz>DBs}ZvVC1URhZytUr{#v;Vr4
z&*F7{kY#=m<@tb&IaC}B-~oX9${oj3RP3&=Qh9BLl(C)>14m}~W}B`M8}>PXkKgPZ
z_<PSb{6FpWHhjU)<|n`1`VLQl)urY2rS`hNyt>i(ZllxoNzdu;ejfRM@~(HXY-TaY
z<95fsh|&YNE%EDNL{}sI7JuuP9QP7lQ=Jz7Y#{*ZaEr@w;Fxq#G(FP=;fGx;8Rx2;
z0NacD=<F=2;*)pn5B}Dczp&U_;4omqo6)*#(I8vQ4b^MMv@|fraFB&mkXz>Gsx%8I
zt<t98SsIK~G5lU{6uRR{!1yt@4lwsoT<2z*R2O=VdtQ0MTvD1LoAi$`YkEH#4@WIH
z`s)lr_3~?PuHV6D2K|StefQ%c+C65MKL=*e|Mk_P{cmTvv(~wz|F`kEUXoZr|4|`G
zSd>wyAk?w2MKRI&rZ|;%6Lyr8jCasZoWzUDbBuC>eTo9UwM7}+*}LS1LXyDN)sB&y
zITof#C%J^0hh0oP(}hs9SkVqi92=f0-a6cSxx4@N5K6X}J)9i|<7J;*3GI;jA7k{@
zI!(^-Adccs$wz$Q;VH32XGN0wzkb1kgRQ4d!aT0S^M?P}Z<|vC&4}`P?Jc@;ZoH3y
z=qs|}7l?)bZZZDg|N0p1K)=Wd5q^&HIum#t=E7pU;19zfMgvX`C^?Q}R?)Z^fZ3(w
zP?N)~wiwsUu%Iz`TS6KP*)6WJ=#7UlF4E8fJ_fE(uJP0k&z+?;IQypG=8>NQUJgid
zsG%N*XY#aO(+F%IoIEJTaC=xhkUp-_#DUD{FT+X2c@!W*5jYuP;`|i7u~1;jm~ay2
z$|E@+XA&mp%?m4-gBgOS#Uv-30eGC%2XvB}(_O?|wlH}>cJ;qna$wkdwJ%%?03f11
z^<GKL&Enz58o2)Y&~NMaGV={2*LhtHRCo*Z;UT6?zuWXrfeV1fu&b7!z^_hW{D>nP
z4C$xc?Ps-SsQ~X|nqlc(ml8%`A3U~J-W@rGzBs=C5-F!=Ll^+BN&xVIg+qm1SYLRb
zFEqI;f8l++;7$#ZYC_o!AHL@ai?Qn6hE(?vE$k+$K)h&y7|P2og^Gkzme?%l5yOe%
zQZ6K7dqe{*KQwQ7C9q0Uyjr(#^vNiUsZ`Uir8SKq6fE9B2jMxB9x4#<^#%^1UV9MK
z3|#2B<O|RbB_1eN^)%q*VH^$AaLRK;u~~gQ1J}oZ=zamy{V#SU?6@h89dN!On=E}6
zm}zYHLR*Ae<_4wx0)ngIORKETH@N0t0~06GB@vlK+uR-;G8lhkJnA84(<tGzNW=bs
z0yyPP3o;2AN(*Pk#uO>Nvhm6u6~_VZotKBC5Cz9ws*USd2`OHK3P`EuEaauS21^My
zR51|)b71y*Z5;Eq?y2QoxSuW5n(hG1CR1of_S07X1tbH)N(W?}i(v7FIxCP=r%{ii
zFbzqI;HlY|@ttJjW2s%c|M>nN?l0b7Y%Suy_n*M<YR+AZS*|TS*rgK+nhR@5Z>BfD
z@b0J65AWWjAKvYTAKpFhf4HAL*n<CR^>=@-eR$BQEts6Bb(HxU<l|#Bih=RS>3l#=
z4>pmuHD@?cB~5c0GiEzsI14bG1sD!4&h-yx{&Cb>i;X8YG6umdUNRS-i05LAQXvrw
zWTsiz4MgUgvc)|qJRVhOsLmCh3;(x+{UQfZvys?Ex{0`s<|Rjbd?BM3je;m;P9tmh
zy+nhoiVHDxn;S716;wOKvq~!#cpO+0(b%Zz>J4F{I778Q9iRBiswKmJgd^c#zxLhj
zIzDsV|A)X1r{|Xz0L-}mFRvE!KX#T^SJv+C|F`jRxt~ml>L~rr31{P}+j~2}eceUF
z3weC><GbvGbw!=s#Bs3+CMlWUYWcN|_qkugZ}sEFph1s5ni~#sfQ73xJ~AR#Q$YXJ
z5?8A--JYE%*|7XfZrRSWK0W%{t9E^#8T-G7p4?Ye08QWj?e_9o(f@z_(WATkueb8K
zUfEZr{zsW4_|Nus4t+ASlGs2L7WB$GAcdo(1nP9~wzIa>ZZE;t<?l9DRyI1{-=G%g
znwvvtAgqL(_C&^+-H4D<E^tRbDkT$})!6bzdZNXVY}sqQrw5ikix#mYuha!*OGPWi
zokVjP5c(OeI$C;OFI)ipKMs=PU~t_4|7rgK#j`a+R<uU+UhlubC!O`qcV1C`d!0QK
zMyZI8*uB5~dhbTi31f5M>i_B=9g$5dT|ChWRdX36|3TYKj-YF^1+?;N!PE14K59v<
zJgR_F1q32j#9s)&rZ1ptG>W(IRu<+oB1F;puhe`#`qJcKHVXGBdf1Y2Z=9rInAe>q
zt&wHnpbt2?LCkTz(^+mzZ;i_(ju@4tI3kqYn%p|na)v?mjGP1KnI{~RyRKN7kI|^!
zX=-@}45H2*!QJ)m_j~w1zka_57x>1Ek;4THNHqZBp1#?I)uUDU!y39QRAj-!J-$>?
z-G9RtXw~peb?=^YA%@a)A%q*^y?gU@g9E=OVBxj^U%G*`ReK-TrcaK;9n>+t8{d=h
zXkuWiXDEGFUjgH4f57zT_o@~v84lrsSg$?XeZKc<7cQ2jBJ!}z(^3azEa*}cKbS8x
zCd=MlTeblyBAk18=Z%m`s7iD>y?4*4*=|$-7uKE%sTCFY;cQIZ4)$sx8`hf&!XfGn
zEC>S11^L{7^tn6>dji_ifE=?R{Brwn=cfXI0lolUZbkjFfbD>%qX9c)YW3wp*p2PE
z2))o+u!R;bKAHBawk0+Js9L{&@UY?6TeKsKqEZ;;JJsd~me074h{)P9R%h*<vTAAW
z5em+|%cf%q^e`1k;4DX4datyS|MPb55ca6r!*&;)_6(A03H`0=)V#bB9piN#b8wXY
z6rG&j##t&3S>$CwD6CZu#Q5+Lpqv~GQ}IRV0X5u6z+dkhRSU_?Szd0bMM|oYzLB&Q
zS`<Zyb9TFU<fuzzCTc5M2fQuB=UMr+C}tmFC37dbsY@a$U8q&GBq}9Un{-o{V1PJF
zi{1`<O`kR1Q+B0p?(a+WRs*-?pK9gdLt8xZ8WJw`YlxG0EGYg&M}~%(3>UE6La$={
zmZcV*kk|&r(FOuF2+=P3G49(ZIHk95UPuFZOS);oSDo2nOHYyt$z&}dHYv4hf8VIT
z`}@X+hYed`-ETlkLbdvq2;7D=zMgA%GkShd?%6sl6xNzSpgK##*wyx2yeD<;l)F)M
zwA`9%>`$fEVra?b#OxLohf=whayXCc@L%q71=u37%J{0q{4#wtOfwX6*i?WIl@Odz
zs9B*@WyTEa3kO8?%&|p3%@M9T6Ebc;Dym-97-EOIKriq3@du;SvnUOYr=a93&7`>G
z_5qF~VMe5CBEphfep1#cR~$L1lQq$i@zy31&I}jZp_@1=n1Mr46}}kEptepzi^xjo
z1!D$bPza#MxOhI|m2D6J<s$DaOy(k=Ju}n0nhjjFzqYLE?sNU0netz;J-Uhvct-r!
z)#c85G5+iN>Z3dP?`?dpmv=>pt$&JXAbVvy&EKM#W>ErqRRO0q1GLN7wt-5DX<2%D
zVu_O^{&3tq<yihFn854!oLo#XU_OTH34qprLYL|YlMGRi_GFyOpx}akMj)mb^&ca0
z>9qul>o*}-{5kY>R&IZVg5Hvep;`NEgFUSA60R&3)e{XD^?=pxA=&>PD!Wxm;!gRB
zD99Xn^5X2HOmf=X2x5r3Ujzg=Aax^ChMAPjPEA0c@s^Dynym84I^?h_^aq6;1|jSd
zUv>Eo%YCRfs(Fa;7q)=J>n<~*4%>haECX8ubUp42SB%qdWQE)ply4CbFJ8#mi(_wT
z-%L%7uVor_Z{WtfGVj{L-0sLoENSp0>*9IPi!V2HS$`Rx1VoNn{<8!p1y>l>NO3$A
zU?0hU_WFB1qcAJb<2eRUft{NsS*Bo~=t#C0GV2VPF0$&xFfim&-c3G_u&iszjoFoY
zG!3CFL=+_GE7{poj#ZaMRKDvHKm*k~NHY*9W@U?9C9bN4PsCxiS}pgELY%kYaf?l1
zm6(C$W0<VS2*$)TmjWM=IMY<dhr_VmP1r`LHI6ZpFxl}mzBtvjyxcL<mPWOywica9
zap&fMlonZIsr0V>ff(ckYH^`xlV~&grUv}qy~&WNl+&b<$C+<rk*OvvhE3f>`15f#
zqTGs=cUucsgiv)GPSUM`m9{^(W>8h3FhKsRFE7`=Cl2VSz}!rn$Oo<@<1VHGY5Dv0
zHh>H$JI7zU?hRR>p+KWEeQ#EHiRo=aV<{>47Ut&BMBNf)y!+MCc^PCQ87xXu)Hb5B
z6lKXZ?-q=ealGSXaAgZwBCfW0cT#&iV5hMy+pz=c73|9`0Wy4VS_p)jY@Ru&RD%o!
zxA)>?xm4x+O2by-$#P$LGAa^-(!``gEc)*)9(HxVcHdAMd!|uV7KCoz(OZIRGAb1+
z8s8V-%je#gn-Wu-qqp9mqkKex@luH|te8~G_2YVnP}p(Zgd9OlcTHpw#3t1-LPgG@
zAey!<_OT=e;=y!Wd8Lz(pJEOIKR656{2v<Ju+pq8Yin!0e+e$c?u;m;1!m3-&vZg4
z$|FXCD288>$!UA0oqYII#?WhN)C;Y&mMx2xRB6ZcmZE_){g2^!!C?3uJo;dl)aS7J
zD32(==zXF@Io%O8QZJpYC497N>CV;J@Wsp)nS5X(h&?|GIDa?rRFtpqEG~Ir{a``i
zpJ9reLqD*5q{NRV;6+gBO9{lB*qhRX(Y<C6eGJJ{!Cc0;yw!#HAOEWSZ<rn9bkBBX
zK;pwVju1^}S*1B^Qut5IcbrnHW0VrBmb5z^&O4hiajK*@0glT?MIuE_-&_-98!(9i
zra&Bo1Z2ogxm<@0%c?bOI}&ZW4RC1J@}@!bW>yu2(vt11YV>iB)V)p44BPYvL1xig
zP8Yl7*ZB+V7dY2#7bBYsw7p{RQ^hs%2ZpZAA299=<qfpt3zUE@q#G|TwL;0PNQ1>6
zZ=~Y@6&*^k5sbr#tsoS7nC!DTVJtddALiXVP3U4OIe*7l@w_WCaHi814igrFNFp<X
zD!b&Q^U)GMtD+On8iluT^O24UM8aB%rd~j%n(kshY!{c?z*M|9fe?mGpN|>kR)qQ5
zfg*CGVD6^az%fQFBa+S0AqGj|K#f!e_J0?lqo7eakE%1*+76=TzTl34iiy5OOYayS
zEh5AYdQJBE1Z2>Tr#gisI%Q%T?ygemc0h<cOyj0%u2I-F%7df4==`1t$IWdg8RqX`
zNAXB+Wl!m@oR>n{1sN4~@V1)0+6J)KzpYw6oEAw_T>lDqT5Nz07=0+JMFPY)Ljh%8
zT#<Ttk2Y}B+{_fPSAuIM_iXKCF%-Pg*=8FX+SZBqsW`S|HK*0mRBJl^&Df4D+Jnpp
z`6wsi=(-iH$XH0Cg9)0$Ue>z&ZY8EGDB--q24cs8<0LJi!Ph?O5Huu!!`P9>!0k5K
z4UEU8L4><V@>uuBF1B5Cp=IJ+jS}1IWw(-}a@uG2*lN3zDe0CSY*tu~DT71NGgno0
zhhMQ>0+{vaYP*G-u+-#y+_W!v);P$GkkZIqMm=loR1WCh7Ixppu_MygK}2!GZ3Hc?
zhzxiF<1}e36<2kqx2aO2GKV$fl<jFA^BF_|K|fd0--6wRO*ZmiIC=+@EJ}mQqy;5&
z8zKtAMVMBUhBc#Ey{7XtYzj|o+FZ(=30HWLyD~-uk!!ks{X(Ptae8~QA*9YT-38F>
zkMyMkPh~IPG#STvrzru_1bIKB9}+fQue=5HD_Urgt~v|tmU32@eoSi4MqZK2ov;+3
zUKYVv>IB_H!wBUyWIjgd98dv<2_sZE=uXqdXSe;c;A1!*Rra7Y-MN^lmHJcLU&9_V
z(&tF!$x^CGt>f)tJW@-?<(yTSI7Mrt2wqg^lHj=(^(ClSK8w&Mj0ij0QYq9*S?ox1
z9F_k?uSBssBGg(CQ(hH1F|Go%OF*J}?$&uy@S8_DP#&U`73!UE{A#i+5IUV%!37f6
z>RNo?1**(c!MWc(RW=B8TcJ2caG#(+*=W^j^4MFTP=|ff@U+G#H$>lIHb-{|u%$=F
zcNWdp%0G(ToYJf`KVdkBjMaF<kkiu3j3o`ILJ2K3L^gy%iZermyd+|Z+(jh-0ZObR
zA=wgvKy~Z{Gtjh5ww60PUR3umu%@D6<V=P1*db;5nlU0(fA)wR7QHl{Q8I{tjXL*(
z3^O5*20@pNKQP#qF(klX484IuD1ez^2!umL2AU(O+dQVkuu9G*kxCN5qvn99s-7iJ
zlE;rPoN3}!w>xT4jBV!0x}#s2r}<K&rN<5zrO7ACqpW;H@a`@{X;PuW;#M+Bg=ik7
z4X1)#RZ)?$`dt?+9-I>hWRdD?6AxY9(ULNR3OZ7Y!M0VOsx1Ar_ifB^;O(;bq44ym
z2<HNYP+Y8tRf=2podU<NUkY{X5$HExY|W;u&&0v#5;r}ZFD^rD@sy;(D<69$Cf(Nf
z&B;?bJbq&HmS5W{@$Pe5pBeVQVKTV+_}}gIb}|0Ldgm_w>#cmQ_i9%e{~_oR(~Y{v
zq|aW5!yx^LA>*zd{6P@Z1OUIq&<}G&_?{IVoZtZOF<|42nB8{a6p9ml*I^cOdP6a{
zV+>$7i2fPYxyJNp;~Z6cN&xbvG=G6e<aaT-e>a~Q^dI=`vmotV?F^Vf|5ukw`5)lz
z9sR$Rk4mhE1~C2L6Z}C#<Uw?t2I={QB2`a~SKPQ@RO*XFp|06c#A^5zgHKzS>pzb0
zy19{{?q(yw?@#<zt0ff^%r_V1^|mpaH~yK4PZDf0SS0~Ax*mw-QO?)zgzSR~7H=e1
z>nCK=oVvjgMTK6WFcEN*$wf(b42@~sac6n;J4-tmeNq7yT;)?qqd-MW$)cvUTFnU)
zFt#A2@C4L(l8W^zDZok>XB>J_ypJDjx$-$Gt|woYMJ_@KO7n3Xhl8g06$E6tM<!h<
z1&EBA{-+6{AyI-AjL`mA;R+|KR@uj_H9KnJ{|Skje!?2SM6zVsj^m#&mIJ$0ZxsG2
zr|692%F>i}9aY}jS<Oh-*eH%1d}uy`b@p|fpKqyFtuWN;4k&N9BpRP3l)0@AH(S_#
z82qxv0?o?u$2h6lgPP2}vJ57|3*-7qr=f?gNP)69m2rw;A6g+~qJl(-<BC~QEox+D
zu<r@lMq4{(;36Yc3bKN{hRbjr*HW}(k)g599kYvl(z{H-X=1Jz<^>=EdWD&!(IM?G
znk|NfhRxjZ)l`hAm^;>)HuGXpr3$xqLPZr;0Ayp)unUwj0h68|+vyn!Th)%hbkfx4
zhAV!EGAorPHdijDefJB)2>N-*vrvdDJp-{sp*K<*L~kwSnmQ?3DqL6^OQ{5n6U!(C
zY)SK4DN(e1zt}{L2b71SkqY=P^s%sq{zC)Y-hHNiX7K;Oe%-kI=h35;PD%c=vU<n=
z-^S;9B_h+~f0AH_xoFJSdv)QDU?&IuT>UE2pP3%v(=+(Ut)a3=-zqUXaOOlwld#Lf
zfRA1ZP=kWFEQE8smvIK@)A2BfjlvYmTRzQEHzXZgW&#0{s;1`M!xP?r;;&1BiF@}b
znxVgh{^s}YQL!NuE0=Q%a>-LHsfxmas-n7VXO(_Z;a-i{q~UOg&nOrm|4aWsBLjA<
zEW|u<lRVsCYc2QhXTafRO@Dyl&MZ5+a@memws;>Y0r>bl59bAMhT^(o7rajyyvG2G
z_OgKnhR;3*Sl}}S;y*tX7#9l{OLOs;PZgj`<x3T~#*a^@LVE(h9wERw2(e>=u7Z|I
z!dy-e-W{hYa(ZaV6H01qO+Y+#KOF`UCW$(twD9*cWtrY<`uDS?Oj$OJ(2(zb2N(Fh
zm{3z$sa=!i!a*>?oc7q5KeM?^l`pbuH7mzQFg^+ECrOUM&jxsz$K}<Fn{v`1cn@Hv
z0=$i&49R}!%abi7?zmSCT?-0LgF?_~qv@O9*jJ;8OV(aqegJQm@Nv^@={o*i#A-`a
zR<^*TUNx|aePS1dUQH)7Nfk^`Apu`-)pdZfP-Dt>N>C*$aMV3!Kd>zL#FwC6lzqg?
zAEQ|Eq>M0IG@G|8{$(NaVY`j-CKwC`WVI1~rsKu3Z9xpn>bx+xep<twT5*<K;{%D=
zlo&sbqLY00bgc4J2$Qd{g@Sryl+@nDJur<Dgev-FvjnR+8VF%0m1g95l4DF0qB{zS
zoiaRj{P&?+*g>d<4eyH$qEIJ{$xMhQKo{T)zQW2mWnox6g(p6+j@1UHtRV=~bc1tP
z)!w7<VZvsq@Zr_f`-5?IS}$FP%x%cF+>)7)m`T~2U2H@R6->6OFQt%22$rN&JrpDj
zDXSsfyKrL@eiKuGtd5fy2%pma85>%`smy#g&6EFYF>jeL2;(nAN}L2^W-IIPbf@oX
zWQQB)i?IAB`DyJ#VRI^yi`$cubD4B;G<FOXk#v)RGydaqe1|a~v5K>;f=`y>N$ZTL
zWt7qx-H|L;62r}vB)Wb-412VPBMf(wlk0CL;T?L)aLCRfR?!<Pxp>RFfQH4z;wE6j
zj1+SIuL9|&QiM@&3hw`Q6T3Osl~J5XK_-7rX!j=ryZ@D7je-!MzGtEMJ);PpB>2aX
zj2XL%vWqUvgr$%ec~(qO9yv$%GizWTVtfzW8d1%$H)N4EO44CDP3XIOY$IRDeAJk_
zktrIfn=O$Z(at3=VE|i1URtN&IE{d0c1hBe4AAX>LIpxSCH_T}8YRFP4rw$DZzEQQ
zMXoI^0nX46$2c|kiNR3EG|GEZv(=f%v2^G7Vgl|unauQDPsomwS1pWCw}Ek}Xx9V!
z0PJX)$aXLDAETwz69*F5DL%Dvvd_+sWLAZ^qcQ>F1DM>|aZOV^JzN*4$RJrM-&Afq
zcP9{5-;)@UmAUi^WXe=f>LVcIF}iYdZ342L=}iF%c`tRxy-*6(dpd=qn?hCHW&Ou!
zlbwf)m^IaZ_n3gPh>P*$106#5Y;_e596`?J0u=T2T}PtN%y<8vA^#bSt}gzW75{I2
zb*&ixk5WS4$$xI)bG<SVl<2&E=4ay(X~&cT=mp^QAc#-Kfbg!=Cr^^W$0%<(5+9&0
zJ^$%AJqa@s1-(pqQ6JfSphK28h{H5+>4<EO;WSCP2S-fANK8_qwk0KM`^%3umRC1c
zS8q^Cw7B^0ou^o2jNrwNXYsjD>;!7OHvBiwcl>ty(f8hm53ZWr0176E973or!BJw%
zdZI+jfr=3glguudWR~qw?r8M!w+VDOD-+C2xz|K_R3VScU?egs6<-fA0AWC$zegoU
zS!=I(2fJ_nvik;|CNd<bVf?9H<7Y>&wqNeDi?Q`?XaD8vw}-oL%*z^$2$fYe@AaF#
zSBJ&s<e`+NlORlMrPzB)@1>hV-4{9NSVx`2Wak$xmAQlmY!wsju@tjYn%Jz|M_b*C
z?&kW22zO?T$8B_7q-*<_3#0WhSBiDAyR)NcOPACpDtO(?8oG_s!vuH$Yp8YhM(+l3
z(JPw%mFYa{6hnQm+yxja>&7$+16SRJ<8~7fl#H3xhu(g46tycweWmUb8-=o@#<mts
zkGL`f7uK%6z}ho4-yas7cx6JBh7D%2#h6xfl(WOWeZ3sVd1Qn5iT`NDbZ0~CBeS<w
zDCg-=)!itFRya7j(H&KT*c0O-{;Oj*0-e)zY^}B8FR%EE{sCeiP`Ys_BE5QcN`RL+
zJVYY-P>7}dgTG6ue_><)^8bh0`Imq28vc0!Of~*_?*HpTZS6=@amtOn=&#7*ee|w^
z$8C7_nhAi6J67H`P>8tUgo|SC?6+vbgazns_mAXQ#J?HMZ_kRcP*sQ$B_}|I(Q69N
z%mE&9w1MePMzN-_A*hpC(WkIMsw`qte5RUIzSJ39?prhp45XTd*$7UWQ0^q#2RnOv
zNaMp`C=Oh`Fzcq#v0QLQHUwI#6{&!tgD8g6OR$qeifP|$!uzb{`@0AuvG^s=Fl-05
zV$=;VW(5tNM*@qeyu<Mb54vc7)8bCK_Aof7z!lg87De`(>;80DRo4R)T=kb%D^YNe
z#3vWWz||YVz|}hp{Ex&y;N|pnS}dS~E?zDNVUK*~itI%ic0V0qaJDXU6#N>cF_hz=
zg+y8z0FtvKJ|ybRvI6Y9zD!{UDCk9v<3w1YdrIRtp@G!wc)<uVF}ImMTr651ZYDWM
zWV~cI=#I}BIhCe-R@P|A9%$AWd25JN4j-?zI{tD8w!|BmY@m?{u-D_;$;5qXUj7SP
zF<YIs_k1-A8@prPsJ&gev-QZ{Xn(YTHYr7zCd3-><tGrOt<MRFBu_k20!CG7rx%1I
zUCR6ufJ3YcVH3(S3B7SCVxjgRwRTWT8akwXC6y@<k?c{5B8L^@@N<rXB8;f7H(F*k
z+x?tcr&%yy&<&i-u4uzDk`2)}1T~{b77B|lEhVs{a@O&XI*_IZGu{R+C5y;&xlmE4
z3|CD0(hkKTI*#&;>c-(oFh^awtFehMw<2+yT9x~OmKAqIlUEp#otJt`{vwyp*A260
z^3*aU73Jys&i(9td%0#cG<AnnZ7WN~gC)wFjHSM^iE147*(O2-vLIBB6c_Mxy}08F
z1*UGBshe+ylH18S`wEeBj*WQPO^FBYtCH5fG+Vb4PMZcso3Luyym`zU#`NQ`eEccp
zcW571(uz5)VDqZ8N)9Gg_mvF}cuRBRk!px=B9Msh9G#J;B8|l|nY=h`*|bnsT4EDI
zq(e}3FIPFPSaoWhskLr@8*?QA`AW_d0mDcPnodP0QEss#ZduYb;q{qD#yrAlKv>9;
zqnT5Yw(KF}_Acz{QJSC`Dn&WMWk|Z+af;v=XQ(Ge!_L&2UV&h>+*Ku_SJUWIV_K0F
z$m!wEYd2(3Xbl$+0gU$Tiykhk0zJ%Q9~H(J0Kj@p#ZinTZ5@XphNwkD{1lBAY~rO!
zp0$ivK+uXKp#-@#bz1Y|5FwQbH3Vpk24PNcEuBEsBzpq9b3PA7NkqJ%rYvkHtI3L7
z9u--!-(HTUtlTI~S(%%rIP;uLP%0*Tcxu6cm{G-q;`#I)t}%zvqpSviF%>jI9jDcl
z0^1a}y^>Be`4q%3Dh|3}WDJw$t~&^WluwxD3d&-pz*Q7+D$$M}&<?7Pc&l5lpe2Ti
zNLxHt>Dv&O39U?^GKQ+yw8jh{DIfB2qZGa7DYJ25gYs|9k*R6JbhI*251>p0Qob+s
zB<vfK1Zhh3j%Ea=Sytl{eI#;_jlwR;%$tTyvnZC$Sj|VbCQ_{83<)yA_E8qLWEu&h
z(W)k{M8d4G+$IUD<N{B7Df57`bkmtPtB}LMku4a0AzQFA^LC24a#EV@B-X8JaMIm%
z53oEw`zWIUx;Ms&14LA!(e+Q8%05eU8{@vGe1F(V&R<sU3-GQvg!KweC|AMh2Hq*^
z-?hK*n7nx7zAf0z)I=$pr#)dPs71=u&ldkdV=OISmG>GVRBp>(MnLER4x?-+Zjw|_
zr`RYgml#`xV(&OcE72la76DjXagzxbde$-G-o4WS*JwG8dVQT%w)Ru4)sjmBCc0F%
z$v_WDGv98mv>UBfjqf4yK{L>V;85GSTy=`XgZ2O0t&d=nir;@<s%Yv1Q5TU|?S<O{
z%B8Bibz9(j&v5`$4!s~xsI5I{OPfex{GB+T){JV4O9FTY<00M}kjtnq^cP5ihO1J0
z=?-!T+XM#L?tC|;dA2baa11JzWAsSu_FoG4uO<SoJ#qesWpWxzGyvi<ptaYR1EiKL
zVjG8U8+nuua5#@9uB9(QH*-nCAPZ7o7+KK!*<O~js0YU!#+6^`Om9_6_LXH*bI=@7
zqbQQB^`TKZt!Aump;5k^<5F;|bsgZ+$p0v>PHk|x4yakIpIov&AP0(QM%2jYvV)L`
z`in|^oB4-L{{^<0UK(;aFdxz|HuUy#4ZV#AX!BJ!yboi_7b9?u!<6$$d<xQYJiiSW
zsI=GNFJ!}8P7DM^>xTQ0U|Lif|5ds^lN0u|)gL5DS}z&yKJeSi%gbnI8~)O`kKctP
zD~l+E!x7#fGNH!DQ5=w3ZDFv0QK2wSD*o!zuMrkoNccNN0U6PE1z32H(u09%AvI4E
ztF~2{+xIxb-C#s<&3<JK@fWt#m*p3&F_8<8j`zvQXpK_bQa<uS;u%bSS}DoS>Xd2G
za*F1c>=LcxoP<VcE~Lxq1D{w8P;n$qb`z(rPE=W<QPo;{%!$5@BR)Pq5*`4UiYyF2
z)@v~R8XeguWWthDRFr?>V04iTO(7;@@kyei3G&@1=_^ufY1PG+K!)3k$znkrul4DM
z4}_-$;|Djv^b~UjP3lTA3Ec)B!U+dK!#&e*M;?vbapy@iG9Br{YJ%p_FoU7fN4H7`
zjZ;#vfL^$Oc=7tp+XFG@U@(|>_@dHmMAz_ZL7c?r!(@z(EAA);BSFD}uoiBs_g7jg
zz59z;hd|RbGi+=c^czw(Fl+O_Q`k(;K2VPM!Gc*Tj#^kTaef2E6~NWk3g{g*kDA?l
z(2olN3mEHL58mBhy8r(D2TXNOm{TZ=z49Y60gVQV%TPv}T?UJH&o4seCjiO&c!&P|
zZ~FH&{d>RF&gjcq`u7$6TWewqW)ie`G*5aV6Gv)}%cPB?Bsd@OEc6Ya+?2KA2ljWG
zNMn;ZtQhuq0z`Ktdk|hKG{=Mn(j)UFVt*@hmA|c)zwlzAMQGS+Ex<{(ApE^mUzo{B
z_4lB@n?K&IH?dvh5GS_!a>3!ooI0BQEH+H|Nymf4OQt%+p-t@Qu(~6zr1-yLM|Mw$
zQ}S!z{OT_>>|qc~*DzPO@=$)B0Ldm-m0`#gOs=y9Ya%^*&e#H@Szl`?NhOg(*5mN)
zTV2X5y^k~?S{u8fBUab-tsT@I_9_)YaF;d&2DgdryF>Q>6Nru@jZj@QyosYyRcsjn
zci`4B%vWI=y~)#9fob&IX*dV$JX7dZPr=Ab{jvzb>7>DDw6V=n7$8qJ%`I9+<5c&^
zkWQqsz%Ice0}t^l4tA?aE50Q<=YK6cSZE5N-vYG$*FpxrF<8ph7sLvWs!m~|C|)d{
zq9d^?|Eiq9s9_&ro<v*MdwwL#Os5x26vzu_Rm~)J9iMwEY?#JBR)rc=N??kfq}}_O
zf1hxMiTkLfwW%1NhNd)XA$aK#aB(ghS0U+9rWCaYL9J1N3I-Ff0bcp9ZLNL%pBeW5
zzudh2|8fU@mhAu6*6!^8Z{xFgouBIX53sL3VHR98DUQWg_kYGf?s|)44TJZ-tH*-)
z#Tfaop^g9Q((?LJ`;p&iZ>+9wbUHU431U{L&uL*o1w<uJBB{#h;|sAtk<Kjw^Na3A
zTw;qK7zRm&Q<r$4eknkxZMgo+NWBkZyqVN%zwjcB)FRdF;*w>PDo`-$NyXLjE5ARE
zCMuqPdMHikze$a<Ta!Df<I<$&7;V$9u}I|x#_bN)DogG5!bt$Mg0@~d9IJG87mxMs
zbM?=R^Z(86_Oq9}SL|cP`M-w2o(kuGXQh32{@=!j3@mzZB6Ud)B1R<{o3@Z%9o`Qy
zbMiO~`(w1V4#;f8<3l=Yv5f|me-LF4l=ENMW8-f>M|W%VY%NPc57X!q1~+|v_*zB5
z^QblU5%V#C9qB$ZzH9<No<`v(ig7^~zeB94+~Zr`UY@aME{v7(`(cDublS(VZ=b!U
zQL@{hgyKlxmLG>+KN+L7S1ywrH2pmvS^u!dX~xMLN(QBX5)6i@iA(zZsEd<;v&<il
z$c?}0pNDxv=HH9D`GomDgICtXL#wQGM#5obs!opMa8u{Ve#(N@Q(l(-v%Q@|4Gqq#
z1NT3K)r)cTPyeSdP9wNB`Ol-1aR^J^OIi$W48VeU?>PmCn2^XZL$<!`4aPx%@!%Ln
zgCO-J{_RhPun5GN;A(KGD9oA+sV<<)F=3CeemIpV_RwreQyf1)*8{fZ0E9ySM{++)
zK1${wUmcgYf*$24Ovc*PfPyN)X!<a*6l135DxxqVLL_bo;s;tOk4LXnF-TUik7+@q
zN*Nz53uYxdBv01}uu0i?KVv&=vmyipN;^&}NeYJs1>VNdXKxsEPtoqPg(j7>p~e9G
z>>OKmJYxUg`v)N#3NTE(uFBh((}+_VvKV)%z&B=(3owq?SFs#@XWp4D6gZwf%|7Go
zvw0MsD}FxXMID7HUd{cdK^CsBHoYP{Pon`=XEEt7S^@tBrx4FF8HRFuuUHd%%ZI5@
zh5=tM^!)-J;kMwF;K2cuGd50pE{N$diZV@0%rZhvZR$zG<UXNcvLO3!I2*il9Q&Sk
zugXQAyz&b^`krS;yrWP?Se6^EOFRXPqOh^Fge*LUB7m<A%#lP(stmU*m6zDEsVS2i
z3gZyZ(=+|qv8wFQLrpRHQ|U-mjj-pzG4J=r<nF7U%GywZuf-uu0I<edq(#a71;m!#
zk(nHDm$-Xnnc)AF^nq-FLfVbParabJpdh-ksc^Y8sg%g!1&qKBbzVZ0@AmBMgu2H-
z3>MKX5se^AmF#S%o|U%<DX6}E3jGoC1MMs@98m3?;m8(<{@@EM#`uCgRh#hKE7ZPs
z4+Dh!bolaxPl{}MjaDcUOu|8Pwd5I4QJf!DBUB>uQ(gqJoJf<8a6jT+gn|f}rYpEL
zh7p~f{~ZjY(Eq=|865T>qo#*vB5fSB)awV`2u6T`hZSAZcXJ_+n%=-0Px<y!&v<~K
zA1xgscyC99L|-yWG0mrMq^!ohvn2h<JI#lkCL65)GXLFT{K5bAF^0tW;y;ndG@d6J
z9huOn*yFqkfzPtQzCgwo$h=gp^&XxdoWTxjFD%9jeg;PqARkTw#*$U$$8CBXn@6Ko
z*7U_v{N>x7p8#|)%k&S7&vp#@8Tc$kRcu}xr=2(EP?aRU84^bpA?Og=v^FWAOdlQc
z01p5%K^!LI4Az0i?@SDnx5;{XdSHvijn?x2hA_iGhU2)&vB3Crk>j-xb^p8N@0K?J
zgFm0QfXHsFv^(GVL>__jpu>o8O$$I|@N_<+t20(tA@)h!?JelW7I6DfDQs1!#~6;$
zR+lD1Ur#M4#)jx?b6q@kwU;`vjXH}V92q@4yR$r{7<IC#!_Q~~Yi$N%%Q%1?1szKI
z9>E=lrZ)p`1j2qi?SVxYe`d8-4EWgf_YeHP!W4c?5+M5H?#HG_a<0~`T+L_P{}l6n
zr9P(L|Jv<#DgMi&<<6b__f|gFD+$Fr9Wq^43;;7l%&QQRqq(f#a?IcB&$;{p*)|ah
z_q4?OIy<Qj3!^fwYI(F0eSY2GFtei_7sAKn93}bs7v{CFUgQE20IPi?%Yp`@Mpur%
z)OwxgmYos)@>Ecq_3x$3{_CSRZ~h0Kw9SK`=|RUlc(#4GjjC7kWP9h&sD3pMcHg|&
z$A~y<=F#4(zo1oO4cbRJ`p^6a+rq!l0{)?TwJ$dT{D2UMLd4=}tuxEs$RcR_PnfNi
zjw7>YLglgVdQ(8&ps;W(kbrN>@gBaC&cZyZbaMFlR(gRosuP1}f=VZ6P5(4HImHK<
zVVBHTp)D@g^gC<oP#8<VOMd8MdZ@F;61=J!C3M0~HmO+UK;YJVwEw!^!`);nViHut
zAY$_?OyK+gy73=64?9i_nq;J0lCKjB48jF*FgVYEVZ0@T%SLd`qAjZ6BWuOLcj2>A
z1)o)2Ma&#5s|+c!W)MskS{XD{t`+U-!f?8*fxN(IhS`aC56uqoTfyp33fIuw@I7#V
zHD`<k(+|!<MFY4G=Rd_?XE81`+_)ih;D{xtErjdo&7weVB9WTC!BQ{G@Xes&s0p}i
zY^RIgIE56+Lruj&keTSzmYFlfMdiA+VZ>f-Wcgz)aa<WKYTVN?xaJB&2JP6P$4ove
zQIV1in4C~h5;vl#TVaTTsC#;l99pVgv>(>*F_bv=W0~z)+22V9G~x}70Wie97%MIj
zR|*|#i8SCAz17!cYo;S+f&?K?a7)n;=sB4g0W|-<g#W4>bX)@iu#V#}>jtB+j?Xj^
zqhwCFKKCRH+P!<?aVMrpWd4*Vbv%l&CbUhSkhMnBw-%Ad!7;k--4iS+;|H5PDN`o|
zy_-u~hNHfrd&4~rsY6Zr0v%eDe_ILV@P(@M1o(z~IQqgU^nwH#EM$Zp8JTr!cGrYk
zkTu1mM`XuVo{&j0rosiH7Ta1g(T1Dgz-Se1RO9h@FsSP`#Kn{35Hudfn#{Xbkzb7Z
zBs#>U0PaE--4pJfOa)#6$P|0kEYVi85W4)<mg3l8*~c+wWI`Diy`^BZU1AulF`)~B
zHFnZQWSAGioFh$rHk6JVt04)0$9Rc?Ito*(OQ8QGA4*$9WghDE1ZoNhV9pWf2E7xS
zM78w`JIEc{QU+$v9^-b)`~j{EX&cwzuE64J@r{>!BE|@odi5Vu$x`S(duP=RTT~HP
z(4t)xQ3r8)aWp8rl2fZaX=daiqFk^AbILn#nWD4{MW`YPG;oAcgLb^y@*L#Q+T-=o
z=&JU3ag$>+Q}?&M!70k1i54&1hipf7W%5;gOT4l)Ez($95@Sshm6~pF=z&x?7@c6>
za`d<-loRJ#1|X|rmC9RIBxvf)auJeO3$(X%N%&q{s8zHiC#b3|C#Z!6d9_<Jg~fJ~
zNN`Z|33DWCUpK<JMZ@T(UKjdWU?0>lDEu^_MHg78T)3o@(1Ksd-q^H(J6(Hd(PK`e
z!*_hP=T*F#+q<1S#|%sb&W2n1*OqqOeTttc^4}MGJG-wAu4?@Af9A0NeN@c<wzhT`
z|NC}6MiNVl?hm4F7-ylklZ?(&xY+0Z|3}uei}267BboJHV-%B&j7H$bd>W?V@j2?w
zW8xnA7@Gw>swgIRldXTx(Q+U|^~-V2*^B(Z>q1woXGEoC($CM(>VR~tigWA%Bi0=o
z?G2kw)bU)c9Y_t}kV*HB*ETVJP_KyNM5~ZAL@FjpTcfx;8242ADSSPMh7tEbx_Fv@
zCfZ!QYK_iGViWc8Z%ES`jgJR_8BNraLDR?M94#yHA;GbUy11nTbNCJhoUKUfRMqHM
zfk?Sc0id~ni26M{<(PM#o(ah&(ipmAQ<5Ggm7pH~A<1DWDi1}tk>D}Ch{KGtMN4qZ
z4(n=pf#-|5%6tR^o0wIVSAh3yX2Sp@gCH-krjug#BqWU_Tr?^23e#*s|3B^e2m8+t
zf8Ktx>+c=-uixzdW$)SUGrzWd0Keg2{(0~4r~S8wK9qQ~{p#><{{C}+`_<q4KkvPI
z*7SG(`uff8!GXX3#@l=O`o-QZJllJ<^WyEZy;nc_Podtc{X_r7-pjp1X!LO3#}1{b
zz1;(B?B(v8ouA<6_S3x=dxw8(de8R`Utyci_uu&2{_E{GhkHA3Uu?heU%!3xdjDV-
zx_<`EzS?{B{0;Q7`*QcyVGDYNXa4SA;D>+k)AoxO*p;{a7DoRD$LH_tzy8~sy&r!%
z^ncoa@oX0!KHY_pZ9jdn%U!{wc3y1ny=?l=wqI`lxJ$M6p_Mlt7UR+RKmW9gkFdXO
z`2Wt~-u^3`#?Jn$!#D7=3A222sH^_Gcd*;^x8Lj?z)-#CZ}y>i1Sizkr$(UOt6gpd
zLG3#$0!8rm+k;&*mS?-$FQBahtZWy)9qr`Z=cYeX&VT*8l?~#n^fBxFUt2Gp|BqId
zSMJXL+xWbUx@m%kuK$;aLLnaHa3&@|wFhH5YM)a~h3D+v_ZKk|{jRmV{EhcIP4LjE
z*M9x(>CX2%yHCGc{O;-M_F}vJY<cm!XYKal^78ib&i8G2yW06uYv6THG=WX^t@Wu3
zcaeYKgJ0LzcUN|H+pCM;eYg5-admrld-40{o#n;$+V=9(-R<Y!?W}EoseR+!lb#RQ
zW~44ZpTPwhJ*K;GDq&w33`Jf+o!z+SR{O>?k1jbGa^h+7Uwb0$&Ud@tJ%x(xN6^IT
zch8}TM~~Wz-*=w2ccHQG9<^6)Y9c=llH*_i<@k$gS}o{K5|f#1AdxrxQ5vduQ0d;Y
z@OX>@d-{tH-h_jYmB;dphv2kc>P<#d?hIyP_cq^>w`ee}?Jmaa-RbM${p;r_Ug=!8
zou}hy&}%JUx)p(gGah+%>9)+6$}P=>O>@BLBJE6u(R{7U2cwI%H5o=T@o^U|x3cIM
z%^J`7RaSwI7i(v`*V~KdYeql$<~PPSO*#KD4G~_nuH470^S`}b^8f9uuiu^jxAFO-
zXeIy1mPlQjV0(Y`<jN<{J<k;XDH)Ng%sE^WNrT6B#zA~S>8;Sm;{+~^XlanMMROcN
zgL|(I4&l0Vbg;kk=iS32xI4Ys-TG5qJwDuj&CeQ3jEltzFZP}mio=sq;g@?acc-<D
z=e1jSLc3IuFS|f-;tlU!x94YRchmn<{pI$bcN_kn{>z5Sa}rFTW)rQ31_PM!;l4B3
zjV=GZcaKtvqLD0oM=`d1H4ppdYc}NX9yX;X!R@eESQV6vTKtQ65>?Fr1nSuX-s5pv
z7I{Ipo1~m0fD%U}!(oVFauh;P`3=;W8DI=Q_M+5Z9Qjqywqd5;q7DjRSGQ->m{Gf;
z6C1Fz`f<w6Zewz9h!|CU?f!Ll2OCxm?pO3eNCof>TYswW{`C;r`Qwxh&8pc2D`#gF
zoz%drj%Lk^8{03nUz(GJUb~#8TOB2UKwq2S-F=+TwDaFwYOdDDjPw7|8eH}Z=l`SC
zM|bD{ZG0a8@Od~;&YxSgc5AujQ$z(g0JdttU-y!;Y_Z*0>(qXD@{RYHr35S_FjrFf
zc6dGtw`w9t*m?L6Z@7O^O+RY2m+=7xx!>ZOv#I&x+r4L77q~b7IXpjuQ;J5o(!oY*
zFuHq>Uk`#DEyptaWq#rh>6j|imZ<cSQ~a@WTa^}^XI3-Tt*Azi_sJ>gnewvSssR<{
zHxwv-81_(+QT5*Gf<Y*4?x=K92Vss6X-M}TA129wzR6hrva|DICmD`_z^3?)E8p86
z<<T(uCpEiOTb8GAX(4?;FxX?>P7NsvGaA%;jFlebi)*cRy4LhhH{J^q_#Ozvnrh~C
z8jAHyl0F049<!1G;Jf!~rL%eTZ1?HgA2*NS*R%bf4>ph99=v(>;>9K%7`uN(vw#Es
zvHf~)>*%N#b_eMCSnmx6;b*e+k&a$M)5Bo!2H*|1zpdKgo4332>S>Tg-8X2;FbsFd
z7jCPzBJbq!3-(qs&);U@Yhr2;TD_krdYJ*v&q0bxsTUX--qd*(qN;p-^=Xv9hLHt)
z`vauIjNO?tBtnb5n2i?!AS^fAs;x4{RWBZppkzpwTUx!zC0|7GM|X({>5%E%s{N_H
zPx!}7YYPA=g|HT^b;{mP1C3o4DhQYyRDgvaM8{I}M+vH1oS!p!F`0iB0EpmrUOB8$
zPc?ZkK0Y|l@^EMdv^T_+*K1a&YDRO2D#iRIdrSk-ngX(yd(U3Xfa+_wyc6_yKLLPd
z6;8v8lttLjQ}j*9hThILo?QIr@c1B1KSf<Y=H&CatWGkk+FxJ3z{Q!jIP~%i*n{MJ
zIC}ywgE%+|dq1baXcVUN_OLzv40{O{dv^85OAei!PMsb3&~KGK-wq{yH4i2B=OV>L
zn%cPpO<lb{n!5a3qN(j0qNx>BQqJ}8P1p}p;MK5U^=>yt%degNmvA+Fo(!0ayCbi6
z<n<EdweW~}WP@~Er0|>MU)<nxikD^)<pXwQq9TlGTx6@(9gQ}-o88Z!H+x}!GwBUB
zBlz!h^pDNsAm0qKA^!K7>%5IIhRq%ZM#eZ9Q2W=_=R1#99zAa_?mXIFTU=dvw7$5#
zyuQBJ*<R^9d$iWs?mU0~MG<H0UdUNEpahVwgZy->)_Py0xYmzWS5;ra`ZJoshG<Jw
z)S|C2=?O4m;#mcwQ-H^4^AuooI^2w608!lC{G9bBLgo9F@4sJL`3`PS-#>k}xO%*d
znyB5Ui|d`W=TCRnI=fGwKNYCV7?j#QRl`cVn^8B}?2gmT<KbwtH#pf$yB+v1-#m`u
z&GaPOJc;_7{}`RXe<A&|nTFZq#aw^%Y<qqC>H6aH@0OPrSG&uohkdlY_}$9Wr|nLA
zd;8gPd(yCZH45w6dJq2x;>L$2(r_YmriG9(S)=Y_(GT%s^W*VS#pU<OZ%v_d!Os-=
z&#T>^ucwb0@}Ks~TFL&iy?ST=aVwvnPlJ3R^IwH$g~&aD4_wJ&Kl;2h9`(?9ClxI$
z2ithyzoo~$4L?rKd=(VMP|r<O4!Djq`Gf^Y=^@Exbyzvz_#{ve-13nJ3YGiB+cz&V
zzrNi|qagMVqA<^fL8GEs3Y)|c(cB)8ukQ!lP?Agr(r#^sGte!ff%}FXdTi<Q;@R2R
zB93BloDMj$Xs>31oa3kdb2NZMb?6_$xd*Ic)sTuaHIocKMFR=t!m+fZRf=UE#W0vO
z8KvYc)du>fGM)R9+6(~V1OqdjKaW0_dOo8Br;_g32X>GHsYv2D4*KLNM-h(60v$Xb
zBn0xOXyKZcdXV6}5^d!)==uEsZVIuAJ;kBX;9m4GleSfKDZBwBBMQ7#e;MRZ?#zE3
zrrqdMFer6n`F)=0h(g#50w_2kqhQLD*v$v$(oq!qN^e#GQ_KH-lj$4#OrihR68jTB
zGwA<v=TR~K=i2JpUHs2m`6!z22Kgccm=wV1=P3T`>!uD}L?-SW)u`qBui01(!=I_Z
zFPL!zH!elwBAqfhhoLtB95I>i)zO!>9|rjtIKx_lLOUYu9U}pUo$LLCnL_*HSRx~_
z1HzpJ@^yTs?0*UHx^(3}Sjo3GasR`o9RIiTfBdy;nBUCL|MLAm$NG1Bz2hsz0Gnn1
zwZ8nQX#c&wa%cZ_E1x+7HX&PC5t0cXWAr8Q9hbxf@>P-)s9&8A#x<LQm)2`0{;$F@
z|1oglK;qN$C;sDJlyw)Q9)?(Dj`_(4mAxiwg`Xpe`e6CnN`yqpl<;naGbBiSRrE%K
z9^_Awo-F+vyJXz%o<udzD>xn>C%tpqFBk3CtVC=l6v+e&Q6Q7W#{2Yr>?9fhyvoN|
zgK9dd79@U&&Q`44EIvk~dZ+2cO5s+pkNZ9RU&H4lZQ4~=XS$-u0O-ZtX)n7@@Zymh
zM}wx@wP*XQJ5glB0~y0(kT)IA-in4G6DcI`!+d#u+qj^^__{cxg+FpWG5*n7C_CwM
zdmlppC#A8U4wZobeai-h`sn&r+zxsMmEKbdp_*Q*`RcrXPnF(Zs1o@&yw3}D5WeqV
znjfGZl`X{$P=BrDLxpAYZKR)(2}(+-Y*V%S*$>@eZwvAMA%+5ect3;xe|s7Z2FaFY
z0P(5$0ms3&6vTRKz2-z{b3^q|A5GbXO`!ly+51hOV}eLn3feb(56zk?yb#@8$yGib
zFi}xaF*?f@N*hE~aN)b+R%z!7S>gaMHpVgi;c9ZrG#>1_6k>nW{Dk;F3ZgWVFca1;
zpiYt&Marm0O@Cp-UjPJ#FYn`pM&;6ykG$1CyT^Yu`aj3{-wV!B?bjW|`Q_MvS@OTt
zV*aO2yR&+C{@=>ydShE*e&%PdMMSjW3+Ctu_$p(;m6JUcP?CdzwsqR4PTOBz-&lUM
zvG(Z3(>@hhC&f8=LYV0faw6@{BiL53v1*<KN1;EI%N%JPGEbUFNoB)DN!E8ASVcH0
zcthcnkcN~`0*ac&ba&jdGV)SPFHe}Tw>lUYhe5$_6aa-zZ0ZglQ%GZY+-kLI)SMHk
zi36jMv4DD~B6F=YJPu#Rv1<4&oZ&U)B>>IA^zm)3liee2Y-l!*X`~bK2AeS<Zxo^D
zlw(s{(d1epAbsr(_?16%(EqS|np~dv|DQSZKaUFbzn$f^)#W?-e;c3cC5Z+4kC=1)
z#NWn8ru@qs270-@wA}GKosHGi4PY2=oAO(i<|6I4GOZS9|D)R?{Xqtdd0vR>C=aJl
z^TIJ9*-U1h7W~be7gjvIdz5Kq3;AZefB^NrC*+%6;Ej_Cz-2{(O}Pa8o-=5?3_@`X
zipJDm&(t{~;5E-fsQy>wxqnNaIq83veoAkQ{;#)}OZ5NF|MPY}*Gm|u(tk;9axL^<
z;Um-k&Ml__xG?>n%==#t{TCYjG>Vnu=EeE>`OXM@S3V=$GK%wGgE!Hrsm6_OPplSn
zHC0BRH9rSYPO5$m$BIfvI#i+&9Vr{LP8hi<6#90f;NqcU?hD>MIUj1ffL+)(hlJ!3
z3_gHr^(ZhPr#g-Dq+aM9V`bV>CGIC0HH=8;D;`F3(0|n1qQ&Tq(f`#)74-iu{@<;9
zu9q-k==2>!|I4|+d*k6qlnJsOdz`8b19itt(5`$y*a&NhhJMQzga@UA0n=YOXT!bf
zgW=u{o(fs%OgKjEi$nS&_y%+gE*}$!JG?Iuc9X1(<H6^_0CV7JI&TwLi^g}Y@oaGZ
zv%0yV>~N!DujT&~a;QWy4a~>={sw9?n?Bw<x|ZCC4-LF~gmiFlO9KpwUoLDw8vf^q
zjpm{Mqsx<i`plsJE6b~;{9kJ;clp0=<s-`ND&_uwRQrWc)?-vak}{jO!ovIbEk4?y
z^nWV(>^r2_NC!UnsO%(H?N7k~cJT*Mj7jakP#kS3l2N+Z4eLEKO$*EvZ`r~JpmTe#
z{h-%NF-&}2g&(&hEe+@iXoqg%mvJ}_RU7n!h^6G}rHmA&8F^f41c{z%gNP<8-%ZW6
z_FA#d7zoxD@`gzH@CS8PD8xF{t#>t`ut9oW^Z(`7^6+y`Uq%`KN$C$1#cUO|57v04
zR<Y~j07zoGm8awIU;O~M(8Bu&qs--7G6{^<n+(RoSR&ZqyFvxD<=YDJUo5S_52Z0y
zZ2#Op)3SHYVT=?cFZP;8z!hxKzbaKKs#<A&42MF6v#6J!ZqdJ7k|E>P$qJRa12`(S
z3J?F092XzqVicbd7U5avf{x!KdK!}o*2PaWfRSsRlvlfl>WCg$Wka$8zw7iPsIh-{
zKfB+(Kl<>X{_g(ShX;+V`n&hF4?n<<``OVS{_Br_x_|%g-#(}}9zWUG{O}Opz5n5T
z>xV{7TW~~}5v(ae;o*>u>oB-R(@t+;n=s(WqYq8&zo|EV9l<2F84VomJKo-6#b8ps
zC|$RKh-3Lv0!5*YfDMxokUc@oRop|zEy{nZ_#k8C(hRo-qZUa7p_FBVlC-kC2lvqp
z*8AiMPqt2~|FF?Cx_alHCJoXkF4&@_{?};|fJx0I-94JpA~VYrvt|8Z8l`qM5j{=N
zE?hy;6s8RpPPg5r*fwNp*I)aTy8GPJXAb`F%6<T|_`gn>|7*AJ;{V*rhwT4*D(V4V
z%rG!N#^DEkNG{)Ue-~dO&(4&7N~e5}E?Y?MCGl&hQpnp^ao_p?HOy23Sf7b0r!%38
zU@2iXmCt(^)<2Poz?s@@Q~Y{UnKB3*V@!X`Jq!q$<?NM_p8=+`CMxcWr<9!t-hVTW
zp>xl>w?OpL>JXR&?9!(frsD<A117l_^~oz5W{1)AV_+XzK6=_=u5Rj<vqi^LlLmYi
z4F=w^ScZi?OwrEW;adgFQ3YfeIPgm8SFP0H-6R=k=?l&h+QXI|-zdsFfW3O0Rlzun
zy+A$OYhjR|1(*<9OY@t^l!cT|oD%|2HtiwD41n39?+E3S$A;vfaZ_+NB};=B=3Rq<
zP*Wv?XV|JqKUP<YCmtVFkA+94XA3$XJ#hyJO`eowV%PS?Wzg+Bd-k*hJ8lUR$zi%X
zn0KID46WiV{}m<73I>C74<_3m4>-Mj0&wdE=a}YxNJ$osF**ijrRVIm=+lC|7tEOK
zQDJqmol+yyP{E;D5;acK^eL1)>Eo0jK^~j1DyU(lOuxtru&f3BZp2a=n&TWCF{y2o
zxmJ&sT9D4xwih6Wbx6e{V^qbJa%NI-ljA-F)}OX&v8^Q;A=+IcnF-G+6(eQp@DiA+
zLU)?2@}~?k|12B~WaN1ipGRr8wCtGcEbYSf`WX7hX%h6hn0(9(O6?w5a2W~uYQjw<
zi1G~I0FxBNVKUAJgdX`>;z>c3M4obAhl3cc+qJk0cg8N1lK7}m?umRU<Hey>RJCY=
zG#E2Zj<f0`AvqU7sOHfjQt%RYA90yN{=xw!2ho>!%x|BaCTE$iGTT$8-LN!ixX)p(
zK8qwG8hV6=7IcXcvZ{Ur|G+W~5zET6_X4K6XF*JqAJ2-6M4i+Id}+ht{g@;@e=zQT
z6o0QfPp_N%%)$Se)9sRd%(nksFY13fojd!lTlrk8-s79u3Lx@xNAZnlfiNwUD1US^
z&~GNIfWDca1Nx?<1Tt7lDxmLYX@I`DUKP+cGj%}UOtBLCrb-+1jjay)W`aKGn+Xb`
zZ%_*HjZ&3t11C5f6;&}8RuFyTXk_?=koFuU(KjU(%^#GbFfqcUqVelEq;t0ZqFX^S
zYHVO91KV2c8&TQ}Xj}u56xHavQsaE1O~krlAVw-A^!b6>_X@2MSibfy{Cb~x=)XDX
zFW1Km`oFfax>ltBtDQUj&#io}mFOW6K44x`odCj5YKlM83amA+mfu24R`Rd@)~&!q
z$=?>b-qvb<{MC`C9eUdSu6;qnuy%>$xAnV@;}c6ySSZbl(VnH|Z#NoJv@@${M;C3o
z>Dlqxg<;_RY>WvRkx<7Ax#X0NVxQIds+&S;cjL8DJCM8HaWam3<j0Aap|34@LCQdK
z_lhe}F9|d3ziT8#XL!TI42U>Ex@N)s9WE?`1h2?seG=hS{xrbr8eJa)R;u7DzCq!=
zF%HjYAmnzK<>|PKfh~-GF}#P@jze&Y_c_Y3<Y<7h&{7Jil)GU*4D*1K0K<=_|Lf5a
z>gqo0+{>h+h;fnNkyhYPS=QgU{);N_Hx1z(mH1G0(4`wSX^^<-iS6-NoyN9o-4oPv
zE7%FM;d|5aTOMMr$~or1;8IX<doNCwOI6OVG;GxG6$?q4=47O&#p5hbOghA(|5kdk
z%6{#>p)~ePqpU0l-Mpi>1lMF#DrCd6_*;Gd@};3D03wM-No%9+(J~{8sKhG~VIS=|
z_`9L;fOdPuvktUpnPnQ_DXCP`KQhj{%H5kbDz7wVTi065BNP~p#u(SjkJukqwd45Y
z;x^4_>-vsF<_Fs=om<-4@)ZR{HL3foB9puUjxuDzfr*@^<WtUbMQX6cZEKUI(*6t2
zsu2TT6ewY_MAdqUWXxKw3LH{P1zk+uj!g1cmduTc@Ld<SHKu0Lc+#7d<;hnksAtc=
zB(0u5*X$0GtXR*T`y1SW*3?OsHf{2<WvTtb^oujPXS#W+q;MS0D8|I`O_^+Mq14$u
ztj2g=L~@L2&~6rRo&q!w;<pPS4U~t>6j0rxJp!8~q4>qtE>WW>d9K^7ORay)YE7n7
z>cbU`2adjDO{`U<OVoAoA=ye>EBi`Ggo$XJOHLw0q(A)O57-_11l_w=MdiM>arN)u
zGwuFo=jXgiAJgxD?e<E$6#r*s`Og36Rz6=V|BGCbzA0vanL7pST?Uxh83ulf8DL(#
z-IiQvD*1qUa+eF{3V936vfAl`w`ylu=V+y4h4-&caG-pLe{*SLWMG#|9HUH`?{XX5
z<u<s!)G@84S)|=6@t>JK=2B#Q)Avm&YWNy6%UmOczM;%AH%_5{*GXvZNcA15zDq-c
zbUP4uT|Dc|@fZzHFIMlG6W@fNQO0@kda%bYQ!BZ69WCd$c-3UYMtm2p$P&Jb*UP)3
zOH^WU@x?2Sdza|#tN=_dU1qPU87!$|lZ_dCk2$jp>k{_(u+#^)48P3x-Q{As%f)o}
zF`sGj-?V%6*#G#sc>Mph6)1ie|Nj;~GuGd*B3I~RhWvkJwL<>CdT0N2E1#tYTi5k@
z@ZNjiD_-AEfde56UsjO^S>~U@sS>2!({pqWh(_Z9Tj)HnEWvU(=RZcd_W+(c)?Nk?
zU1P81rR7Kd^6JLw^2VBL?DhT{XSU@1QDi6nV{w%}ed0WWQwSfKXEi<I)0*d9H<))n
zvzwhZjmfTgzDp0T%}|a8yoYk7U=aONT*BB93I=_B-7I++c0hss2whR?K+}#6a&&EZ
z@S-8+QT0zr)NA-JHf^)2<xTI4ckQ#@ag4%v7oZE1SiBE0QhzUlf-m`-e|DN=A%!H!
zFo8sxbMd1ia+4CvG<KF7kTRTLsqDd8*9=btlmRGAfo9+U6+`gHS?+gFVb4FH_Z%qz
z3cWZ=!xR4jqNsvBJ%xsh2^+ScYBe_fr3d~n_n~hr4L`&&Ntw7&9r7F+U}8T3pem08
z8;!G5amR<IYf`a>vPYj=Z|aA3Js6Y>h>JR(LcL~$L-f@c(O!brmZFFN7AEprPjku$
zsbo!cTJEVSB_=mv!*6O6O<mG%EDgx`3mRHnDb2ld=6d2d$6zqf>p)I&Hr|#{v`MD=
zScja~Bt_r@RnA^z=?Bk``X&*&#V0s+{{HYG;M9yER)fp5)YvQ)>uOs=U6SzEEonez
z8hf|=0gcBNju!kM{Kd5mf+ic=T>#Y1Dkmc>+HTwkZ6e2BCdO=<hyh&$Z_ystkE1T;
zUOc}^BCSJbR1s>TDaYgfyOqv|O%))d{s%02Vq3uyj2iw)g84PkLTYn1HP9uXCEdzm
zr%~u9%FN3-`%wFN?jB6t$}TeUo$1#B5YYPlQH^LTKn_C*p^dT3-yKlj8qxi1!@r;D
zdQN}nu-tDrM`3%@qwY5*%`l2TQP`&B7;oK{z4U_N(l(BCPYX6MsAZ(Fg&uDJ!Py{E
zV>FEK1ens%jh>M~uh*eo<~t<q$5f4|l6_Vd5#6Ho6PCxc<CZuE);bJgMNz6r(k;=R
zm)a2^NKeL;5tfWhWsEmTak^+6qF~`J5|#s;j(VTf5?H&`0-uy=*hj*PBlKir<W?nQ
z!@+Y3i3rbMyxl%Je7e8?Vt4yh!`%bCH_N@;2>jou7)(q-{87R|9?%e!H}!FdZV!%s
zCZS#voh8)q4lPLzB|OW|qU^dEdfHqM+_k#^4_aPOZcvh(>2_h0QLV8er&b$!88kj{
z7AWItLER3slXt6Y9}JtI$Tqw{65Lu@%lz>3h`b+b<$bKt2$h~iG=er9R>DdR_S-=Z
zqB~z7J!Vl~O&%|V9#l)Cht<Xnp+}L3|EAF6Aj}mW5E|d;iJHmYyzGvj>lDR><7)n6
zf4Lz|EH0Y!Fe|ihlhpag5S>>pvHMzT=e~OT;stKMTiST;2D#+ko5<Ujj@#5s@*+$S
za5^W#>DXL2AMbHA&>Z-$_LfteP{-Pdr2%{)w~@Ikmic#wjC}d6AQf$suZUFEp?t~R
zZvg&+kB6}fahDW)`QN8MoLB#IdWAk_`2Vj~#Q$4a>)h#oZsYUEs2}&jzQ6tUuX``{
zw%;86<o&USW}u<{=(njQ^6MCEO$8YqoRjpB4J&h$W^s5dQ;l^FS%b7o+tv#a5s;i7
zg`@B*>7qq%j~Q7gX(X6H5be6q6dg8Gst1aYZc9%Xbdbp{QQP=jg^@<;+UNE%iLS_l
z#t=H6qMj&El#DV!%T{P&gJ$IW$_w3S8=!)`33@&KNQpx9OY{Q9hIx32IukP0DpF30
z&Ku7<Ezpsc#VlO)L|WDdj|Cj4>-NKeqvaV3AxA*LVU8$<eBj`K5x67r3<k*=&mf7>
z5EK3EA2aBl{Q8*6KKat}Uor+jL%0Nj=N9}i0=B>i#nfgYl)}m<gRCZ^E8cECQ{alG
zw3Hbb;`i?8*C9r1OTRSf2m3L8;Yfw>o864*H?)OSWl>Dwrd5U>!&vn+jP8$SLmrzC
z{85-vtUnYxEYiZEvuZ-`qg2aVGK>QmMiNQSUbt2P&<61pz;LKaA%kyO`j4R!jzbD3
zD1PyTz&JG$=br`{1xD;g;h;zRJq)_1qB<~vLvdUhjG`^zI?$3*h0wM#2#Z+2!={xA
zMkDggMkioPFC!|3Zjz>9HcB`iyV1}{07+;>MPpD6q3W%NL+8+#12_~1(Q(V4qNP5y
zgHGL=lG@TfW7N>on*BgVjoRoLdeY77RQweiyQ+k=)ZnErh@00aUaD^Ea<Yh0Tk~?l
z^EY>e+uG)3#HpL}Xni&Te=$o!A2nfy`9O`>*XEM`b3Zfqe`Qd9r9P(f|DBb!m6am@
zk0yb4{QoU{uA8&p!{`x9`zi(na6f%C)WG8&xo8zid_JQug?)6Gb{>5#ldtKAsd*~H
zy$O4-J&ts3CE}q#+{olzx8+xcfwQ_qz0<J!DGko*qa&W0Pdex<`e%5QQw-m*C+GcB
ze*fSYsCc0P3=UFgVOEu3Ft|VsE{Dfjp^|-=kx*Zc{XsVw$GK^SPDp8oVzX4vxKIiE
z#_%U)2-zJw{Zb2N6i^%6^U(4mqOi=sb5a!bG$ErVbvu8#_ex*O;d}ja(?4(c_4?<A
z|Jbj?*B|`P{sugg6Vz1P{;R3D{a3r<lgf&BmWsBe;*D7;3a<SYY!vPJ?wELW{!K`C
zW!mUuT-Y+BqbTvC1iy&;lAjL|8u#G!;uDU=zva`9K|tS^894L^Dq~bv>q(BO!1JN?
zL?@h-W^nfvnmLZr{1ij)Z}~C`vfha>q2Y}HpJg4CIT0`*t2fM<d2?8YSMDR-rOUM2
zt756pNWH>B5)__0@GRJw6iNw=t1eLjvcKpqgli+Qa+7P2-ToS6^RGb>gX<`MYw)?4
zjB*3gPHA;~(}1A-#L6qqqWMJ~nJ%~5Xw2R)u$HXovg=L4gtoiVH)9c|S32(9>MCQ1
zw3#a$QAz}iDyfVHQGY04v8kd3>tT?7By-!k&^)Erj44(el-%1tdba;+S4;_+@4!Du
z_%PU<O#+K-3lBvUX9J^L1r+-h+fa*%a%?vGosL><y8_06pHh64bg@QD%k7hLzR*=2
zhw_jfKD29K2UOnaiA%$yhgGe&ORcxv2A`<sG=H~gd{k<3i!$TMVkmBrPCSG#4|}oQ
z#8Qhg2ZXL6nrH*B#P2ArMUz~VPK#-cm<!YRppQT36)&l=al4_CyTa(%EUg@-i%;0d
zME~sOpDBo8Ls5n5U5w*ab5hFeO4azRTJwzBe*OhHUSxO+@kNY@es;?FbizR}A}5M*
zN`moG$lk#yzNTD7$Xo~&V!P;q-Tm~_%X-Ee6ZRyGQMl`Z4S?R{STPyhB+b*&H*byX
zsUGK}d=9m0UK=5_?~TVLB3LGSBi{Uq9$7>W=vS@g5<bAINHfnecUDbsoB+74hoAG5
zlvw@fv#)#|>YOWzb)HGw1=z#^#T12tpQ2=pF{o2)7my_z5Av*GA>j*xAhFOetZ$F)
znFhU{8uGWtO=^X2n`XqaETkeF1v!cpGMkG0p?KDJ9E%tSSO!qe;ZS=ps9F0JTOBFy
zhzAS)x8M3Bj9`vG2MdZeYEc0ZM?Ee4a7fT8tprXhC_T`P_--r8hK@)o4tJSHtW4S!
zbObW?GyrxdWJ3c>3G~Bg43E#z#j6fC_;JQT#EC)=IAE!)<lx+l#Mi6P(+ewP(#%4i
z6Lm(|Mv0l~G#2rd1+42hE1-?D5EY6GIaAFbJ}2DdY;AZxLI=koAa6(oBwL(4JIo?T
zI>v;?q2ze*-DFn-=wz7wo#WZE7GE;+72J1T5ZUFOP<IgHn$9mG^U5x);&`h#f6|Z~
z(5TYtl#_1u*zZoa%N{v+x?!*{%&-U>P~$urV#MbheqWFlx1wO-&7FEtMhR@{RY#nF
z#gb(_v4j}{n(LE_Rf>#%>w>ofz#?)2p_C9nI%oy!<Cwt-#PXWgP6<X24tHN4?ET+e
z|GW10ooklv%KD3VONpM8q^iKp2=C(XDS46y19L~4aI@nu`*kk-m`8#~Bo(cs^U^%p
zHEb3iW_gJ0SDl(!lt#BSoEks))|(Ce+&Zyogh+Vl@~bH@-Fc{1lRAO33kT5jHN%D<
z?(pH3H8?hGe<1f&DqxB2=<!46xokKX$PIZ&1ca*-c!8V3*emL0Ch^<T5Uzk(-11zg
zML4oq+Ac*bvD7!rweg<%R%u&QX~yX-(tpTKlff+Vm`kn_h8aF))NA_1Ms1ysY;L!J
z#zme@*~{W)F)TE>LNP?<K-svdlx>)P8M7nwZVl&V>gJ{+nV{2T<SC(xi%yqBp6fw~
zFAo3A<KKC)f3W+kq0qsZEb)W4M2R?U9;cfYGrGXvdE>u$PDympyzd{FLYSVvc+N(R
z@E(<pPzG8;GdIozgabB~cy`)YwuOtbZjkm+r-vqXhQq&E%$u!9z9Q<m$M`78u8(*@
zV}_(!gTd$4agDX#!Ltu|Ia_!iFWAGw58uwBlNfJb7)9ZIx{%rTC551cmePfWx{l;H
z8?^zbh&4_b>%)iU(HHk3Zw8F<7hpVnOvFWlEsmqKm$2nF2l>E<Tq#eIQbpj`KW@ro
zwe_V{NUmBW&IsVj%c;Ln8tdFR=NV9y=iE*0)dT1_)ArIuu7Ng_byLCg;&O}0__^9{
zXj7X8aYk7=2f_JG?YxVaMO5mk+;h{q{kSg>u?m+cygM~~n=DUM0^ghitiDDDpMq#W
zR>Dy%0BMrJG<g*uf?_FNp2EUBz}X4ZU>#|8H%BKgZwoV>c3$HCGI3E$1otE<o$GjG
zK$>r^4%9Xe{OQ~0M|j@=Itx_`mj?$^mJ81XX>^Bjtx&9`DYIy`!$p-wOpn8VSSsU^
zkFRaoH`ixA`_HR*f6es&T3Ic{e_Vg`X!Xwi^EN)pPz?8!as8rS{tbwvu4Wwi0>`G6
z7LssPXdcGoBW9T0T|%ODlwH9OP-;)&(J20u3_g(q5V9RZB=8wUw)eZhO|jPxP-(n%
z`Pm>jbDgksYSBziVKYp3Hk3ncNph+I=iF6!ua$FC69uwa2wVU#+1!wxzBrcbak9hA
zR~NgMuOJ5;A28|<^c(*;>;~g3w1oa~A~{i^rL*81xr|{zu0Rxa#qdZtCT^C9+F3Fl
z^yu0Njgn^8a;y<3;E<vLO$_yP!gB2`?fbzo+^+)3uu7=ZqeOH`>(uhEQD?@G!ojQP
zFT~?%#~u~K`qV(SHPJwry=~f^uWcY~J;5p47Q=czWE`v*0<y$FmVy{SOC$iEKw-bB
zjyM)cS~XC$k|qPoP7i9K88B{Qe(2|N@*l}j+e^mCx+q&69d~RAz0T4k&oOf@`(MFe
z`pE{n5mHL{2;Dz~jaJe@bWGD4tW9c%C%|uTq4~Gw1Em4sB1-Y~pn<)8zn4acc4L%g
zuv$nXziGhm8=Gze6-ZUl$UT_@9okJ&his}A*r5%unYjl_FCWm28RwE9coW<%v`?@t
z;-=^prIzc13c!a&VHkckQY1mfpeldStF)<?Pd)J;jP$$d)}ou2GppRZu#Hl=#vJPX
za;15U4yy)t!CIA?7{|Sc54bzeqFMZ(ofhKK!N4yb|NGHud-*Q@_icPGvi^2jkc;#&
zga2P&Znxd_@3dD|?(%=$%4Z39st5j#URnM%I!~jM)7<|vVTUjI6_CAJU4(zu{rYL1
zk2aQ;&d$zSj6x$W(@N44L6iozMQoalILxZ8U|Z`;%blgpvfpWMv^yKCkAMeH)9@r1
z2)E{VG@BUPQ$ul2_0=*Dtq~zdX3M+aj3RgQ3U5{p7-LCN>~M|tbG8eG;dM{bI=j#=
zv=$1+&)V$7ME+4CYBU)wTTEKkXxt`tv*=euvaJj`s$NR&>*A~GSV%0=Fr~<oo{U-_
zwk@H}wE2E<X6?>lR+!X^@qTfaEBjAgE)xKoV-!dla2B~+!tGgctn{!<RL|loJN|XK
z-rUovgqSlYRU)$|y=oQsG7q-i93HwOw_~C@Bd!RRD%knr?e>ekr<etiF_iQ!e0QGW
zZ4V@h2JFD8{NXAl#=?M6JsyvEy$KVzDTM%<ph*DIA7AW0-F|Vf_v+d1Uom_Au?iio
z%?Hm;LkbK6@3b9b_&LgQ$5ONc;grChq{#6nfNiE0$3;J7O_@fdvVlenI%|ZB;Nl-p
z>ot+}7<<g(wkb}GyBH+NN4k9}S&`ET0tQAY!&hUXM^e7wR&a5V)lc}us7OowKx1V?
zW~)gj?7Z3T6xT-I9dR9Wi*Z(M8SO4KLB9qqe1vOgYmfxJuvas1cVD;x*C(&88Q=8!
z)$1*=(l*X)6<Mw|ffAMXrc1`M*|V3@ioj^Q;;K;JuIYe|xmhE^1G}(4h`PC29n59v
z|G)d$Le1Jx1#~t9XHp40vp6$$s8xiAWAEFOdnavv0NjYP!d{xR>!vSa^{5a9fIYMj
zR9DF6qcf%b<jaaVSc3aTnMP|m8&O1Wf<hfA-b0Lf&T;dxidqMqBLZVoo%!Pt%|L*H
zjY&p<fl4PZpj-l4{S~=qfwgW<)&OcH+FIW9qsK59_=C-80O@We><~&yC&Sjv$LYI^
z#y#USl-`ldG>O(vIFzWB6>bG*YArw2@+}D4aDh|nYhOg}K40Z?$@~9>6oNDE|I2GD
z>!tfYyuQ2t-@@kx@Bd4c0sz+4d^i97pY@YF`!8Q_A0GX5!|b*GOyRRPwU$P_pTZa!
zG;176()>Fhs+ZjVP<H-4X5{}{U0Hur-2ac-cky3u<+HfxEiT&opMG7F{14jN?sk)u
zbn?Ilp_W_vD3S$0D30>fnTImKsJ$a532SX&d240@{+qR$=M9oB6h<!e+1{Ij-PcfN
zVQIm7y#HLD9;v7MFP<GaZ`6y|`_J(wj1af_k=+XP|I^XS?KgkM0zcSq_I^~4Hx|@z
zFfJ%MWYT4#sqUIUSkOQ>0}c=P@P35xMDZKYl%_9lGF8+LL*JwrpO~oNCfb!T1D)$p
zxYJ<(J)H2*lWYuaz&|W(K^ZK+P(P%&{5)}9N@e~5-#w3UFd%9UoN0QNM!9$usym92
ze?|F%ajqnL2duA(ZRrZYo&WkpCIRcT^XKg!cg<^0)o20QoWgUpnpiK%S^z^71Ju;x
zS_59VXGgu(TKWO;cC+TUT7`3^wlvPtCF*?%=tdeMbzNF(Enlk2<tm{%80*!1xXkML
zcC88TOqlV`gelXEv!r4m@MbXSl{G}bJqr*QDo)MU6tWC;0wE=FIZM)yl3WoedfW@r
zp4<qdFtboZ-FCN%*Iz~$_hG9S9*<9;Ed4FMWE|Fep!j;ofW|+?R}!wM_?V2uldSld
zaeqtpK=JKykm1XtAB!)5@N#r*AB}D0yV?;i_P3wyJ}W_CuFcpQr6Crdb5rW#Tcrlv
zP5NdRM^!H7sZpUgk3)r{=M{AQ|B$C!Knof+sYcw!vO>F*R1WD6l^2;XXNK_Zi4Ykn
zl6qCU->NmOg9A!&W3p`&DS1b2eDLlu@%8ISGwWEWf!+l*Mv0mtoj@(rr0!?_kQ^~W
zn1wFJLxSEYC;-g}N9|LSFsyff-~8|pwq!5y?%nI^L3eS)wN}eHj6|dj1qBX-Y%M&!
zpawpNCF^s*=zI6>^*6|c$gks@dt$@dh3~+_di;+(L@_NagH}O!_);xSNpwuYn8@IT
zU|4y1=tX*@kfJW5cOc6G?MlePNNdMI&!iIjV;h-`|0k4T0b{YyMpgNBnrHy*-_IH~
zKI*vfMzKqUklZcdI#j6rzXEnHSj)+U8X91#iFb@FHn@-%Qb1w=Ooj}W{fbagoWLNI
z4O84tHAGUJw$e|jqJm-qjeao5Lcu6$vnlr8ibe73s;<?VYKEg2)b)<y-&mC*d9!sQ
zN@4vvPeb%n==Sd-a$lCB0Pf*O{7NIQPazS1Z#__Zj@dj64Kj<I5L;<51DMKI3(N3G
z3Ij<7y`zf3EG}Nla2!r|;*jKKFgKF!{I*fFdube1tFTpt9~F3v!T^oNO<lhNp{=GT
ztoXe-TP`(y#m!Qt{S&r~TKqJD-d&)KN{Cv2_xIL^2aVR^pOBE=Z_9Fw2t8`<O1NuK
zwXmbPSM`$X*~HT<4d+?bei4nJOF$%e!%h5q3uDYgdF}dWnQT&}k^6tV5>SB-A(t6U
zvm&RLQo@H{3ukZBI&t*(ou;$OP5+C-M7}vFx2;b(QsKhrkdw5$s8q3PVxka6N)h3k
z)sjPWFd`dQop5w(SXCU|WWTREC+l^(EL&|74`x^^DOtC+qS=N9AFM4^Tzq@EHFG6v
z4$G}p8qKSLg&zpa)KA<L3Vd~nNvEKXF`k5&;uBr!=*O12Hr1i;DzdE}-xB3US|N9m
zchdC-p$!O0<T^2QP|lZ&9~jC+H#8I`5k9yyj1bqg-nnwCEwJ)dO<R*dwSXfWf|4zi
znOd8`;64|$(BN(A%>peKC+eG7s5XLbJ`M&Lsfw<4E%*ZU=r26@RgDw2qEtvj+~U-=
zwWI)~l+)56Xe#=Jw=#C!xapeemn)TFUeR!#jzjkVDJ`$!hKZyz(W<z&@g1`cWT#)m
z(SBoV%iv}WcTV7Q94}5X!;~F(Bb{)f-)OaJjhZ3!xPkldtW{Hwl8-=Uf%MB+1DFJ-
z!9u;Y*tp+XKsCB|kL|vak2WPB2SQFUNTWToPUSe)*h$6U&I@1jcW0!o&k@)7u%Kz>
z4LUBEAQcG-ou_y_J!~5s%~dlq#?F=OMajJaxlj}`3qy1-S4-iN54i)YLUrCl8mJVa
zMTiJL*URS8;|dZ|=)ca(?~)N*P<I(oc8T1ECB?KxC96P%1e{WV79y*t)uhr2SopoA
zG9Hnr#lFcQ*oJOKrXsbK*M=IjS}i?zGU%x!eoQH|Dtw?y*8Vv9(GV{S@v<UWbR@K}
zH_GNLvj}3vW{(vS(cQL=UTweJHG`GkTdF;I_);p<4<n>yu2BQ4Mr<STj5W0+BDwbK
z9WqSO$9CU7u>rT_wC?+LDy0~wudR0Z&3tC)|H9ARaFpL@{+H#omF3k^{+IU3o&N7O
zKG*Hydq7U7KI08iKXELaFX4+qH)A8PwzT~HQs;Yrd3~eZ-dJtlhC8QmHMn>V7@5Is
z=YVP5ToRa*L2?ZIAoc}kaMAy;ToBDS)AK3iq@}QTG^G$6Z4_2_N|9c21c%LORUWaW
z2ZBmgjzlvnZPkG<-{Aqq#(%%oc<gY{z{i=+m!_1E!BY_zGO7rsNp31_7XJ9+ec8PJ
z5G9A{x!(s~JxOmUoCs-v&eC91nV_W7P`4aJw0$+hdduLmQ?|EnJKi9Zv8I?{JWo`@
zI%=fKcSDa8ABd$Sv43@Kqp6Ey<NygJjQ=mZ&csUFO$1JGErxv+Bja+u@MR~!Y*mQW
zA|NL14P~M~A-{}YXlBZmw(!7A(T=I_7?2~BwNb0ulla06bc*S#TGm@i6Y-ii^v!NB
z1n)SWxW5bp9jo-IarBG9^QU@&O^Q8SvE^KVmoag<h<%eNd?BCA9GlD?Q4ziL)^qlP
zzv#DF=koIHi^Dg&hqx&*4BD~{K5Rqa|3dq@`5nubNaBTG=eC@7mKK0x<G+FDE$slz
z33YSHulQ)5oczi*tHkN^iOR<B%Z&ob`n?2N`i*|(yZ_y2{HM<P`daD!*Liez|GSNk
zvajC#>(1`$Ln{Q7esKK>0oBz|V%bz(4KZ|F&Pf5nJRF=;a2B8lJ&NmsarP22GhrH)
zH6%t+lp(GB6!kC|jYPCT!BAGXl~Qtf=(OcO<3RZwn5Y+i3J1xE#E}x!=%>TO*Gtdg
zzk`>DuT`5()I?y+rD5m?qaY1Qz#HHtm&I&4?>dHJ$~o>*fU;XOO{2sf!H{CkNiW@`
zNAar;Ps0ocqHlO7sN93;(*&YE2V~8IjN+r~UZ~T|&VY_WuwEE&vW39D24$xd;mNY-
z2~e?;Nz@xrm_Cr~0B5LtiHNc8nM@KK<0n-?5@piEFw0OoQitzUyMZ%F27}}b2MJxZ
z;9&8)Xs?FRbjICom~kX5$_OPX3V0mceU!00F&Z>6ZWO%bWf#w-UV>RFh7=IY%wA7C
z@#8QvbC(cbI>b~BuX_5eMEcSaT=9i1jfv;ZO|jOtMuD&}HAV;+-IGKFQYXS#V>I=B
z9Qj$4g@io}yo_SF%53N<2TYO>U^ttRVn&UNsnjIFvwlp=d>ozzpP;GmGqA3JHiPJ6
zD7dW)nr<?Tsz|B{x2awdW(Zge4s~X2nhhUiHhKVvJG{ImR<Mf+z`5mN(Bq}~S>TRg
z%FYtqTa%3k!yr4y6+?5w&_Y+577fIEVDH~Vqasfs$ORiHTv$3D@w~<vM%n775gcOv
zM0peYq;zgs-c%7kY$|uOc@u6WGtU2hKDwB%N7ZLW{_pmB`%y9e<NEqt{_k7)TpMqX
zAJm3DH^-z-?nAbYL3}bs%X_wcbdUQMxr&VQ(<I&SpV5wc1*Gg4A3GaX@R9cG>Z-Vk
ztSq%x{pIgBmRC30YtDwf-q~Gqb1=7OVRwM>twrZX(I<xlI>qgD*?Rpt`(>@8F&h`9
ztr(e$2}ixA3}VFCMA^FQ_o8@L1;pB2zaFw-mel6ewrkT9U0|FJ%5PinRF}v{6$SE<
zem}_LcE>J458$=92C6E3s&oBI`I@75vg05ydDp#ai#q!f@~+HkWGW9=&Wr*L04?D&
ze>}n?GO%(*c!zs0clX~O0*uy|u{mJ$0}Q~Rw<>@J8csh&-Oziz{{~BT$XUzI+ofs+
zaT1>oIaghloh2zSEfl(uSjITfkC6pJ+ZpD|DIO@SYfCYr#}uhGKEVJ4iGQAqQ$Jh;
z26oW$-X83}LFX=9GVk^F!NJe_Z_quUru+Uc{SE!jYB#W~FMtCY;I)7V+xF|d8`+Fx
ze?W#k#>(K=Fa8(LSP>9EfUAR{$N3V%mVX?n!rCNiZ=~mSpq7FFPE|CA!Ub;nf)lze
zyD>D4K`PO*4J7KnawqW57dDc}xsKzMW2G&@kdG=yNyN7W#l>+L1stduwTPOvh`8a4
zdjeawHEiLJn4}u>Z5)lV)7Zd?s>yS;EF4g8b^5{p!L-k^uj&GfhE-aEepl8Ex;T$|
zqpESNSKai~AqUx~iXoQ<Aq(6cU9|HFWetwN6C6a|ibhS}`ia1tG5A4p62+L>5|K>y
zepQe82>Kfi;jF9Iuyn1-Tsq(+Zg>X;;a(hKsM*orytE3~4&Kmyt#w*x)xNUQ{?bt5
zVXTO@M(~i0P?YF)@>p=pH8XVDBSLemXfV}dsM8pv7y`+b(9T@)O7tuY?NjZ-fN=(;
zotRLEj5M@<zxS|l|JlqxHLH36w=EzQO}__lYQujWvvDauM5k%{gVt$$P1S1={{oH_
z%=c;fw@3eu+We;@6SS%kGHQJ-t@X(AK_#Q6dhLF%rTz~KY6jgf-v2}ex1g&BowarU
zA#`SingRT=_IU;V2muhfRP_$+nxa7!I!xbVGbvgfE75K&Lq+u{R#?%<9lEMng)l&+
zMH*Lc;166>G`^}AQD0B5NR5th!Lf^FtIEVK1%lIh;<D3ew1TZ*_dwh&(cZ4kXCy4I
zvjLDtrB^<%B!k8hytffNHSV0`s9Z0iR@S`VYZ6}3+)kU=igK)}HET1sGIWhdnVwXV
z<I24|7a^et&iGGW)h?q5N<t0v(PTD+Q(18YScaumHGQNzNi}_LMV!PjHIEoUQ~tdG
z$>m>snW<_3N>SP=G>awn5zjI^fmsY(pFWA4?I*n<JBh#D(@`%y^r70O)GHY7S=*En
zX|V>RSD9aPM)tg=A6O30$fJ(qFzW`Ru<l?4RUvm!02=0muKoSp();%x*gjDoL8ce&
z++z2P(lZx*WuSUg>Noa+@x*ItzWCamuqsOPB|l8gdJ5EYIzGzZrXJa)kKbAw{(PxK
z95&1@pbx>r!Y#&0RUIc%fnazkvDZ^5T{XJc{9hHiWKsMP2r%3@x_tGfw3kX|p<ru)
zL(*dM>d+7LBfx8BYcw8?=#f<%hfar;z^m2$V#AiC%iN;ocC!@DsVx3zNTGJDMJ@7}
z^cE@wfVGR*AibBI#p2drRQh@-=ec!QhXVu)jj&1Lbs*ceYMd*)%SRs=qRdatAXXa4
z_HhR@EKJMAdRzr-VDPJ6ql0x3FOrLx6{6NO6hb4I+3bUXBx%yfPm*C5@vUV-n*muv
zTKlG8f?g4`hizttHv^%0!=Tw5(7>y<&TUbke=d{na1`Pgf!R6yQ@DjvvJ%ckaE7}E
z_k;~cA!rsi*0$ibp+oOiTyGTPpjni7IwPWD|6_)x>pN~PM)ymkoCb3-QqEOwl$3K9
zHYo=n3n{+>Rh~kQ+f0r-h8$m<N-C)xkw$}5^c!w%n2B_e@AT!p>Cj4^{xn)Safiy@
zlops)U;pN;-g{Fv$8;{Nd)BM>qI4D)2*m(!Sa2#6*jZb?2n)#GL-5b6?y-zG;>{Sq
z@`VO)l7^v@TwESkuVr258t*UTs9H8;0}Bh)u9;c4aZQmuLN_x-8z=RwDsHA#H`2;G
zCyrLS6`!x`lw-na^;2|mdZV&ZBMXJOrcn=F<rG**S>WDx$AEZ9`bR+uv!()u$6<G&
zPn3KKWt`+OgsykJM3<pP-bH92{>hjHmU)~pvo)3xVD4)V?Se}qX4<O5e=>6XhTi{b
zLgtMn#l?rM(*zS1)rL`)p;#4v;<dR}l-QD-*s4Ka`7TUfZJ}}B*|B{Q;ZZS><56Wt
zn1_D1_>}yt2?6^|c=S_)etlcK<*+GzzOS0;_U+BscQ#0gE8&)uA_ApB_ar(`ZK>Au
z?q#qm$-kd92VY8yz!))hB<HT++~Cc)sd{RZ76#5G=}P*71v*R7mPMW~V0<fI7lZG$
zg<3^3^DOR&Gz7K3BZ#-^t;U~f2KQm8!7y{tUzTX9fKJsU8J#VFu?NS^pxUK|hq(11
zs=4trYf;SZw^Tw+o_^R<FHonva-(FpQ2_YIN$=bN1Me7T2?_Nyx5A7B|7@vz-?|mm
zso96rJ0`%>pi=g^`d)?w?V(^wSEL#m@f|;T-WCdNRY!JxhgRs3D5B9QQw>b$idMy3
z9lzOB!@RK;4j*2OYFIVsD^m^nI-6=xF{T<^xkxqWX^Cp+rxU0~Utc!NBpq6zbV2Un
zRzxO*pR?ZugcB&iuU|BrTXI1atb!jLk4>FDg{4u8ibYWO)(!Hy!ZAz0GXc-KLnXe$
zZ}t+KH`Ws4!x>9lEUm8=x`I5ZMhUA2`YMV?YH21)P%%acuI!)$Gg9uo#~C60D%^lj
zwL^uJkSliDA#ThRXxK<K17~2<orKe9fLUW__tWFayWhnQXW#2r*1o@W`=1&1Ul``~
z$_8LF?7!AKEA5i~_v)Sh@2z~UmqW)}02)jKI{Do}guLD~Td>yEjKLIgk~P@+_hJpU
zy3}6rmmh5`FK={K@2tUQ_k3+8S`$sM#K<KYItFI=dw%<}x$V^o_Fjl2zgL4VOTu5a
z{hDph)l0f8qC}Bn6as6m%(}j#3S@Qx+mIY*F<uT`&LYlY6lOUYU~T`n`|8jfi${Oi
zeRHt4|LO(+ipje(|0T@IKMgrV8F_lx^75uXj{C`gA~$hlHIyk+RMG1kO@VzB7F0$>
z8t<kWqs=xAqBvBM+QeA^*f%PmX0)ZhaqL@sCpsy17{E5TNotIP|6z}s5!OryzO$JP
z(&OMmOY@+510qObTY%;<kl&BgJZj!JkSmsEB@#XVH_5pzQHUNQpa}<|MCwFy)Mc!B
zPrr5Y%xZtfxI`QGvj_FogGSA^8en;K-R-AQo@;Fw3{W#4qBF_}_F<^zTXW<z67EmN
zfDQ|(L~AR|FAhKR3ix%N$B@F{A7dJ>0ic<c6-uv8_43TSMAA89wT~(u?n#_NbQxZp
zDk$F1Y9*<aS_J+JcW;eV_V_1{{34?-%p?mi$5#+h=sb?<Wwj{F!|`yrZTHbu;Wx?+
zV3zpT#WrH4i*<RvYD5J&gA~3Y>F4g}JPkx;lCe4&?uyraC^(v!{9O%Cx5e)1IQ|&+
zY9Aa`a+yd894c%&HB>QoK+kSQdqxwc&})`28_7>EO7ru{b?CJvlm61Q%(sq?(38rk
z>>#1+OPV3&p9e|;6vc;qiZSSt*hOlK3Qr`Q7sYSWF!rx(V)I1&?rnXdY{|{m16Ck5
z{q}mPQ&PoYOJ#DV#Ajx@wbD?~rY2CK5II3T75|~w5B2fHUv{N}Rx>=7rUhWaS_E$%
zro$)>DDeBvn-|YZ)s+py7}atVDs>d3c@f|^ghr_@-r=b`R$n+PRGKb+R7i5&n^OV_
z!G!4nkN{RqvSvVo0U)7i#wJJVTy!av`p8>_MYGTUiZ#|f%!6Q61oexEjV#lMnLGY>
zw9!#1)wCA1a-&#?Vs}N#gWB@@^nHx~)yjC|?AW3a-(RVcW=aMq=)#T~?iflvQgd(;
z$*}Nj;_fG|-Stv`#~%SN+F#uvL3B(dcLWocSnic%{6ZHFVdgCdP~e2wHij=Sw))uB
z%1D!FSE5be8;*MEbb`+UHq<S9EJ%YYz6=rxHkdn|<&|(+_DUejyj<VZ#5G6VUBo8q
zlqWLTq*WDAMi~ae%4?&cyQ2$`<!gaCP(qjInQ1dBcRf71>hSh7>A@W<jclMo5ydVR
ztzmumzmoXKrs77()aA$B!<yBaqm5Qd^e%5L>0^eE0TxwMxZ?grDnJ?r%X~Q`WKqeh
zD%wml){JOFZwRw#b~k=Ibr{OZ8Ju3!S{Kzpb$!xkTQszB5z)Oizo9SMfJRhX;c$fX
zmdlE1;uJ$0J`&GD@ss`-10`WI$bW|9nbZ3e#596178WFAi_%lr>RNtxjDi6J@*x{|
zxW|&Zpepvfh9--^uPp+lJ;_gN!uhMZAH#68h~%VJZMZPmILNjd9FnOBuSi4N3e920
z#+H?|0bC0vGPo=nuXGKwQf25e`PR$r0hdSn<$mwM{TBS=*YEf6e~p6ui0;(oHnAI;
z9JV#r?9_ItZoSCaF!bhXxPZRKK#LJl%sTOpL0r_H#ba2&xv^GQdcvC$?>!N}iuycV
zP+5&GhB3$709-`6eTrsq<0{0KL#gJw@;IXY3eVZlJm)C?7@{P~&ucD@m-mN+e4ckk
zZga=y>dpLH#<t<JH%n8%Yq`fb=63TMGT8&@-kz<|jq*Wy+CdN97~m+wlPb6IYs^CE
z+#<5J%S4)dJ||}hGJd7NAg}@01vW7uLC8rWpj%W+p%pT~*m8>+AsoX;uixzd^>1ZU
zC&O#QN9<uN-iaIHWK!y$Nu?IxQnFBMG~McCPqHQ5vyF&d0C)!CkLW%9a9;P*;6$6{
zLJ9R-m-$j9ph1`%kE1~k74lVTd|m{CMrj!sMq4((kY7SrDR}Zz2XLyEvG<`ThM`yC
z|M97^sG{$RBU@>AzSH};Sd9k5wRl|U;-zLjd4`G{n>kwIeI>@Ss3QtA9SnF!o|TIv
z+owySmgG0BGB~i>2L&@4ruEhkJ1WCQ`Az?Dw`P~hLw>7n*G${KSepS*AA{2P!5AT*
zN8Laif0&D;8vt4c;B7s?KtO7_XjH7DplCzC7z+Y-5o!MKY5}PXqkjf^%+77D_B6<%
zE^~K&9hFb5<Mq|L>4msIdhPU8a5aNTDWeSQQe!VlwP_*4*vS5A&<+pE({O~;QNtJ?
z7B&kN(5XQba-fn9X-HOKB!`u8k#V_X4aGN)e8Kqv(G4=A!=J{Ij?`!srgV(3a*1#e
zmi7~ki1!}3|66DqV`+tbSPYlhY((|g*x$J-lkoFs5OpJt5|+e(TA5iHs5fIR5cE6*
zvGBBwY-7D!ZIgfdssG)wxegdA8(TYGlUV{fTf@m|FIH)$bi*-_BUWQL8s|8X2nWPS
z7Eo9wHA&t8vA`)Zkc<#e=D>=bRSD>%p&^l%EzYLm$g<kz**KH832~wM9=9)uZYdM3
z2DL8CC3jX!N?t|>Yo$dOMUP0sUX-#Y(=RB2Ag-oL<}J@!*b3vVD=)I8xW%&Q-I=jK
zR}^D~%8aUNELeuJh&4*(v{(9a8<)uZ?3Byu!{6Me?VpI2c)hNA{?qREGfO4~A6#kE
zVyuRm>Dtz#$Nt&`BRT=O;r<QO8xGMfj-@CAwYQoALT7o^g~{s7T2Hq8_VThgd1Bml
zv;dh{%e|MQcU6*}VV2k)nO)FQE3&BwS`)u9U@R6mFQA=56jx@F0m&+$WYb(KRS(vo
zO@UTI|IPCqKMT$?ap4rCdi&-D?thGtg6XP`vt$6|fuo;g$uP8AVP}Ah2pp|>hS^g%
zLZK?g)*MJ}Ra+Lp)f2LA1WFh|rR4tY+!ypaygL}dir(w?*0&t-OKe-y9NQLFZpkil
zad)}lKlIzCHIe5@bNq`L68O)YOIfC;C<6q--2I3V2m}8VgRq?$(94-sq99x4M|7<7
zcN^uV;zHqiRehA6VWP8SBr1IPg*uxv40;FO&w@B_Dt|Z9B}*Z+C8BUFmM1QhrZ{`p
zKxE%{)oDEGKsORL68u&l4eEPA6igB&h43UwB(ajkGo6-Xk+DTdn&y;iSjC-lqg5df
z6rl_f340EO1&~3yhal27aS7!JqU>>FRncsMYz>DcJv9<OXLL=cj{b!gZNJE7Mkg@}
zkkKXpX0V77fhb0s1dguAqhPxLMKy7zu<Ol!;A_4jI;RswUhY;stri|xW22yq7;QC?
z-6GMPn9~RLf+BCS=QtVhaC}VL#TzPh1LS8kjpNIL^7*D<QdCU~`*>Rt4`PB%s>LX9
z1aTEhpzqMrR<0P<L)q&VsD5$xmtaK5B-@ZQ3;+vs1TGHPoTt{98^uvoO5I{Zacxv`
zMsivuq-js3M#Y0)Q3G_xm|!ZeH3e>X7CB~0C&eUddL4k}*qy(<ToXJz8g5~O&5mHi
zuMkFW*^0npR}x~CC$CAm>;@yedeEvbeO^2}J6puN>>^B-#EMG7XC|aar8pzM_Im%|
zu;wh39dn_~FcciST?#$T_h9NuE22Ev?440^g6j)kq$V1_+hd&Q{^Cr;n8JT;!|4Ad
zpBeW5a6())``1kSf4B{;7vsOKu6OS2|8L`SGfApKjK)k+$aN&=`4WIJzHvBa$^X?}
zURr+SFRyN_E^n-Tf4lj=>_>D$Tq-9RP3k`=BN)!-NK%>PNi>?0qsuL-eA6aWpo~*g
z0~4UYttlCN3VTjrQmKx+EWknq!-Lb&<Q`A(w5{$EQ-nQxb#Sr#V15m!i?P275b#y<
zFD#)w@QUTs3#+s>!a{NDjV{iKQ0$yy*SEr)ngMxhV7tw(y<Q}`i99tCneJpam#&6Z
zr5ujkbMy5G8w%@F>&02k%3oBKCT(VZn~7=BoSaM7jQ~Fq?vany?*#?kScw!Yosx++
zESU*}oTL;VIi@=*@V%6a_5liRU=s&DxQ%7m&E@;z{mmP@PJTle`#AL<NY7>JhU87C
zkGzWFBP>mWHQBJJ<sb)sT{rbDeruGjvCQJBQ5>IRsd}A<(cnr=vI$E1)E3+yh{S5X
zeO7}+ZS^Rq?hRz9`u#2Y^g~b<xdJKhzKaAy!jmZ~qw;{2&qJty6lGH+BbZWxte73_
zGiah$7x4&7{$b1C+dq1?|7y1~-CRY^IG6qjLSQ#2NTlp(Xy02-peEVYzDyvbr=!Iu
zr$^+dBO@&F1}`k^G>zWj+Z6uHyTi0nLp0zxPlEb`dc8nsfhsa0GCjRGDqcG-{)i#f
z5!noG-3l&EWTzEMAu{3Hcb&CI9~ctya~-+ph4;$~1_A8W*mV$N_4<$9G>!8kgUw6(
zeY8gD)g~hXpJnBKOnVmHvFfV?n6$9h&VM1}#UjGr0o#Qx#h7P}uk@oZOm6}gH4-9R
z5CyTL5(+l`(UBTRrtncVGCs$>dlbbq%1v#wF$m)$9{CY`C398cd+<ra!BpMpgAq`&
z`oT6aOZc?Of3SfoBCqPBfV^{{sv%$428z{%SXHEa)!Aa9{Ap$?aD;!GOy2Z)>f(=R
zA#VYJbj0z?AP^0+h(YwwMIn0R;*jpw!67Qxl)u-2MXHypU=fYwLTF@a%*3PXqiU5R
zu-`i2d>v$2$b6*c6>WwxPv{gNQv`NSyt(Y|myosDNBx5b!5|7Uhdb0<(*x^*iaW5W
zrrWEQjOf?Qh1xlkCm=gVxtjF4ba^OBR8)VHJBUV;o3GK-)q6C)6V8C1qYj;UM*J0K
zQ-ncC9H^AN<yos=e^7c+y$2&}hgJ_)S}GT-lrgDK^zh*(PYAvgRGMGr0jdR;%E=R|
zZ22XY+u^y722qw<z(SH#1*^jI%Yw?f3p^;2zY9POYF+|pH*nG(!Z}NJV`3b|c|&oQ
za`av^fw3=^1j{@<=dSD45!)oHz=8jMwT}t8)9L%1{8lYM#qH-ud#^C7JJzOrBR32;
zaae_~X*f&}gmPatcU#WLatnYIuTTe)m6Akbf)QuYNepzAoSej0cXXuORP*5!ZinY<
zs5mSM{}_ftz~K6~TmTk9%MAHRLtljP7cmC?U>H#z30c2V0kJJU&0#u}q6ONxhdUky
z)*X%vuxk%6(zBHV2+I7SN&;#%&O5n49wtjPs)|(|ZR%s9O-vSr8u^Dk@S+^V-3BGm
zhTFhJ>8JX@@^we&^&)_pj6ZrU-DYh<_{C-_CoJ;YR|l_mcSLe*!$%{r#Re-xa<Qn1
z=(#zKJTOdda{FUqBXvoEpSQo~DYMe-4PUX(=ex&LZfv=hn0?I`8d;2`2bu;(nIA@!
zl>00i^tu6OP78c?eK6uq)UVRv=iDt?*^%HdZu>!f@74CRXK#+SU;RySUe3j$NFLl0
z)f8qD1@XWA)~}=*#oLcXH0B@}Gl<2-3B{F&#AOJCA`UJb=A#W?%DbJ>w|wKR!mFye
zN;AC>dQ8rtr8x+Ke-jkpAc0$Tb`DEF)VB2^{%2#@Ea61tXQ6(M=}eQexaIF*l5?m5
z?F@tTQ#eS*8QR7MXh4ld{1~eyNk3-n3EBt5Y+W;L`D4`Yg?%4)#?kiS{wpIHp$%XY
zmF}onLgXmcw?9p4B1+4&g=FHG|8)5e-r|-Gd5QU{>;qjLz5TciMpLOl$dh%0xL?PC
z)b5X4>i_pK!o;@${C5ohb>Y7r{1;p3lcG7|vj4AtVW(RtNiiC8EYltN54Zf-RDj7A
z%g{B$f8ux6*07;t^R;Wf_V{a6T?CayHE4FwX~5S4|MBB3|GUl7>*MLKyVGCyEQ%4s
z)-DiM+N2dynKmAtl2-mJgde{9eC5wP_MfL$>|?t9=W=Itty8l9e6)OL|9Kl9I22-i
zD*WVoe}o_Cprd|&ef!WuJX$3rax?^N9g?dr>OV;+Al{sIaE_#pr;6PVw8OX!d<Y3y
zM_7oxOE^q0*XRf6X%a|&Mg0g1le0HGg{G9?w&lwRLt}xd4^-rgwRM1so--N*Im&u7
ziCzn*ex&$<;8PF{$abGvR8gP@z*ZFI?Tkx5fR3RRTakqGa8v@?*f9WZB@AP<T0m*D
z<c`l;dOnT`m`^s21Qlb%h;A+J;KCmHytF2m^`4ShZ+rb~ne~><b=BJ2&qOXFCcMNk
z9sRubYNg|D4Pv0wxjDs3aMQcEKy35&L_gJC&3WUT)(=knGOF9nOX=%2z3bp^H}!(@
zU%ciD9Rxi3+LZccKC{mM<jUS3v(JAx^o!?zd!>DM{@=#u`p@^#IA7WyV^$+{Q_s_Y
z6P?cI{*j3Dha3{i-!FB(_m|f<+U<?i_N^Qe==gC1t{T5<)A}7Dm*e!hwb87GPL3kz
z4Nja0xQT>FJ9>=cKllSvfMN{ZPxynKe(B#PYq1}6^UvzK9VKw{4RsRjP5qGC;C!U!
zA-A=~t(nKr9)=6eKi`O8d2eZ7JeOJLc-@Ae&Vim7!I+47wK+NPv)xk?x7o6aE~eQK
z+1rK^61WmhRb=PI{=x1uU8p7rVao+2z^N%I42V@!Lj0H_;}`=}#tf;NSeT;K-Pb0V
z|6!lm=l@l2|1;13)y`VU|FaFn@6P{Q_~`rp{?Sk7hJ!!8I%i;C{CQx-+b>DmP37?O
zhyuf?fD_OL#rq`9(I7YvQx4?;6fqc*^cqK$(1`fX4R`ebFXYrPCjO4kokpB{c$C>P
z19E()0J-CSKTKO)N3;=)^8^jNx)cQh1^p<7z+6}A!Yvau;)uyzv3O$4(2#n0chowC
zrl2IogZ4A3Uv(8v)J44g8}hGJck>AsalDABQxl^ZkTx-l$3r=}<iKJrgM6S4T*o=C
z6NOV7gvfto<8BvjuNZ{$T<Iju83ipYwwtBuIF_D|cV<(Ak3X!?X{ruMC}reO7_jLW
z#VmX@V&!{K^X;oYzuN!#6;@plKTaE|6Pc*Qc`>3TsE+ah+^+T^Uw<H6QNyp(;51jH
zVL^kVI2NCC$(V$qAL5i`M#_7`{y-%Ib1c}X7%VkXHAZX^$A$&2G&Fm%m=?Rql_>TM
zX2DKm&q)+{%A=h)EugOP2qOiKF;tT7md(OYh<1FQv$mgSg9Jp{bX$0UDYB-tKpC_!
z<DCwIA@yyki#2ie5CM=TgGn$Z?sXcBvA~64Osy&yJJ8jYDqu`<O9Jv)G#Fqsva>YG
z!}#K`mXJ1_kfR#hCrNH^=wc(%LhpJ&4kV_RMre>r$4yiOw#bZfxTYKl;nA?(oCBYi
zY=B#LoK35yyPFjFbsc>bvg;@~POfHMnl?>Wax-uc>kCb9Q_mTH`42|)?D}qNn=@}I
zn~o4}pG9zY%>T82X7K+UY3YgyV5jr{?MIJF^1nyRD|h_=t$eOc@_-*oP;>aI-SHRw
z=g}ay5?e@$0M3ktLFuzACV$nKNzCj@TW5b=ULj_7ZDY0bJI?-kBhl<<CRv@BRJE9c
zRV7(f8D70UEjP!5({bAHJI8y2Z@B3E4QJa~Ui}VLkV6&H^f=6Oa)kl5BJL$;S*z9Z
zp1#=M`SZcv|3%IoYj`UCC`M3YOlu>ps@=ePFaiV2fHArL)>GwA?w^`e1_DI7eRj{g
z1N0NZK;Mh@YZEJ!f48V)9f~!5V){bNM96U;C{i0b9HluHaI>H5r1O;e%D8w*BtH`?
z7QR!{=$Vt8)u|Jex6AZpHLWV^DEAo9`ZS1WzQ@q-DY9@pd|ZFDgM^7esXELZsRZD}
z&(YA|NycYk3@qPCqdaYFunt&aM<hf;Gmd`;ZN~KgE1I`?GD0;gr?Y}<UfXjfOc@Po
zwRwP~N}IfS^rYaF0{miFOwEaD>39TNWQI_gosXN{@?re%sPu>80IcSuFh!<DGXrQ8
ze#A~FJ}OhHEGbB=Bx?#d{P&?is92};5I@u}{`;_8iAE|-Ly2;u#dLU8olF7>rJAbE
z1WhHN?Sb*%#fmxGy}Rpd57>cZbx+pX&$B+N<?^yr=1HWYwB?zXt_eNiK1kpdj7DiP
zN+VRF$I+l7ab8s>LTeviGZ{SKqvD2$tnzq@eae+3tVl7ushvm5#0@XRWv<A%C1vT6
zCUb_a>)^6L%*m#g1&tXE2iK?ExHe#}Bta!ItFlR!X)Vng2hpdj!949^clfRj<hC~m
zn|Q0!9b@J$dR&abI%z!ku`+_9(J9s6z(~GzeTdJ>@F<n6#ClGJ%B`YN)Cwu;fRiUi
zG-4bRdjn?++UXE%Y7GZ)YVG<#+*Rnp;)y^cs*`|8Z=?Qs9d1qKvsXWy48vkZ)uSXu
ze@Rqird_KX{9=uzDu5F0v}?NyR42|<*dp}|1TDyMt%_~0QA$|INl;)f%1q-?R?O6b
zlO(UuOQDrSVZ<yAXfOr;f2gr*v0cC~q?bS|b%7%Gaijk>`8_7mVjDzuN`YAj$i$)&
zj%kQ&F5%+@SaOLO_*9C+JcDm3VTUtM1!m@;&<E?2j?6q0zg#q(j#=uhQ=EGRCJ|?t
z3yWD!t*W6}1Q;`fFpQ?(uLK$KX?+`Tm_GR^iktierGk_jM=^mW5g_Hj>4zbujI-V;
z>N^>U1zx&?640#!dqGj0j8Bz6EHwR283Op3%3#Wftsz(QBzpSduv1z=X>aa4*}72%
zWxp;xOiYqI87x*oX=HMlA{b}#JqzUl;b$Umiyw<MsH{7IAyebWN&b5}BdQTCq|Dp3
zdElXcP}5a|u*R+iaykBc?u9i4XE5GoDl<wt&~dh5X(rQ_a2k%(YLk#+^1}Y_z~Jk_
zsOi@Vi)FR>W|(qs+=a&ygFi#LL53NRkuEF2VuA@p`Ybs?!5QaOY@(4nC-pe@&q7Yc
z+=Wi!0CT#`DQr+@OOO{u4a|r+M<v`$F<jn^6M;!LRxeQQA`4halHL3I#M4!Z&P};z
z%x1!}UGshI0ELA&dKV-FiwJsvURj=`VWt>-j<#b~zLcB-DPL|Sp_6;0zg1wj3hC_K
z6|3fQob}L|s%)q$d}{jnr0WXKt8iI?M}--gi;7~d94<*ctmGpL6VrmT;)NytI0+D(
zk1C&bF>yeV5kFeE?O5D-2~?A=z-2&O_4->iLu-~(L_zL7xAfYXliqw5FD>;+?Ow0I
zpUNu<PWciy;;L=ai!$`{&&Ud(C{3}_J5R`jUd#fm&;XuH?UsZnTE0>iqL>+8hX_T9
ztEqo7ED1^ic<Pd`9k4GeH&mZ49T(bG6<5=WV}i#*;j;Qw!ePn(iD#oNrmnec)8uP}
zX@fR6%s@^g*xah`3hcLbK;=G{cB*)dsBcYbi-&I4uNHbbaKJi+J80p?S#Ip+j<eUO
z@w%boj8v$^`S9ABBwNBhCH%{wdpfl`-;y;}I*bRrIw~?BE+QNmOmORH`st`e+(j%=
zCPoYCl*#*%LJ_qadA1lcj|`7!vVk?#Kr)t(GZan*oKap)yD)!BhAz{$GuBrL3p9iZ
znd;pf_0^lmJsqWT0q_;OWnK<$;_1+y&TAL+|Fi5r)U&I&fz7c0ezd;2R<!?E>pZ%%
z|G16M4MZ?5nsWQE!W=E0Np6gWdTFlxq0!BF5X2|r-~`RJZG(>oerJ8D-Ck;c|NZyI
z9()iTr$Ks7&eZ{CV8;U%(7WHKtbhr-GKX0feF_IqEJjWuql3hcc^uvYZKL}s%Flgl
zLk~uersb1aHa#@9nAn4A2j&A!87Jv}G8iOhY?aM0$o%csdp=wL4$d)Y+c^RO%}j+0
zCz_TA*+(=IkK#`p0W$*DBFs?+<c~-GF<fV{kqB)|i7Ig}N@Hl8vGuynu}!9oDO}6Z
zX1?j4CTDnMZpsMFT(kTfncw3Ods1fO(E#@YpC9NppF@`z)d_2$K8J=tyr-Fag`K%Y
zImkk1ZRM8D&9B{o;Xpw`nW!VXeBEw*b0?ST`+s1kh+h50+ihhRbM)%%%LYcLDL%xs
z&dYF_H_f3*e2_1$wc6B;cs}18J&=xX6kt^j{Q$LS5Cy6GH2mBRN0VLu%|mhLaGt4z
zURG6fzpx*SdxZx;0bsL=H^a5Df-}>A-CSk>NeVy-DJLfYlTzb&kOaLc<&gWT4xez{
z(0WOxYix*UJL6toFB(j2<gC+)4U?XoO-y5Et?8?;1Ok=sOOUjNW>)yceW{!%o64fy
zea(1VYl>mL`w|gY<r{Mw?P7W}_}6_5*bI;1U-vQNG`!(2&dXx1vRS#+YKTZRG4{7`
zOLul8NQ7k^ta5vlkDVm#`c{^XfsYsq#qWn_Xo)l?7p<?b%ap@2@&rTlwQ#bxz+*dg
z3zotQMj^Dezo_aisxZyQg3o_~anydGuNykw*!4{lVfmI8kXa_->~0*CRisFOSw|0r
zhX2CE_s3|ZET(h7b2HF5fW}8i31Pq_Hn{ExfV1hX!YYiJ$<wDYP7qA=3j54lyykuD
zNKFSJX8*=eE!l`1mq@s1!Yx7f-H#3Bl|pyqLMA+k$Wybk;YnZ@;Aal@cmBM4c=T-d
z>DwReCW@iixrCkkMHM=RJ4qPC_SR6Z)8GsPpQ?b~!Vg(<9tIynWRf$I{IMB~4%tLJ
zeK(Cpc~+QTX>h`nRSnM+GqaWA(?_db6_V7<&iP<TfFm97L2bq25LvkTqTJuIl@#YD
z<51vbNnHTh0zJF#En)zVS2x@#FmuGvBOSartxnxW@rE|FD2X?Y0v6tP>k);xBsL)W
z(87JPiNWF<>Ive!u3^V#yuthb-146*gaMcp|7T@or7Zusi~n;gALajV@ZN+0u%G>w
z<wV~*VxkFB2zGk!tj_cky5al$wG+slahjrJNaaxy`Y0#Wb;l4cp@wqEfltjWYKOgY
z%Efo~U;pjR-j6>WLh+qsbe={hr@3F>Y2do7F5=?Yt6SB?_S?gs_TL;(k519+j{#2+
zD1vT^VnrCnXE}pH70e0Gh?}}YmUkxfRs{|iL--jb0G1Hv`UX-wgDqD5H*oekZo(G5
z`p*s6cg>#}=RY#NDCWFUA2ZJXmDT0tlK<~o=kEN!jn5x>_j!NxU%;&xC070DWXxet
zygz#C^lG)1_!aCoUE?R%n;b_aPAJp?Wy?8*V;X&K&ht||$&W);Igsuq4xvq}1tp8a
zLh*^xjW818X2;U9rT3ry_rb=N|K7W2&h!L-Dyc2~5NR!aj}rc?1;F$x8L`HKi^RH>
z?ufsj;Fi9KgqXgI@Rkec&Zp002;)+dc)9m-S7rb$;2Wwwwf;DcKKpfL#zDc7C4_MU
zT73Iz@2{psd)iZ`>wrpuXKVu#J8dPN2d5lxP<4U*!F~gN&?NAy=h<(payXubckfU2
z7tgT5i)YVYZ2x%B@D~&RPybac=9v~ZRO_=EunIwSf`L@m@R(NJDrABFMU;^qu@}No
z(+lHn6lMTn1IG<5o^5r_*HceHeZ$0jQrZFvv*c@qf~SyaLqxeyRB0eQMnVaa+?80#
zRv;*+C0{KU)Jv#Vf_2>9tR3Pg;%s)<nus2X)y;djgu0U{j!O@OV^8^{@$i+J!($}h
zpltv>)1OmMqvM9JzS<zw4=2wb2WGnFL3wI_Zm9mdv*BlkN_&5Urr```b`t^<9FrM2
zgF^w&)0=KXH{tYRmW@cy1_AOq#z70>@s8dga&pmTO<M$YY{8n?*x=Y$W7ur8^|~m6
z+wktCLw~VfBr-OM@J$&_d(5tP$ic+Ty&Ly%Z!12gbijS>^Y?3iX7PWtd#~8XbpCI>
zv$C>U%Kxx_m;d2bKG!YR!7XW|H#3tvIKmo6HkQ+TC)OhErOvXy{Ai=IywO>?rQn3*
zV|x0;`|8FR<~<*uHxQTlSrRYg{#g){@l>9ojdhrHgHcGqxq@!amPTj>lwY^)h6*yK
z^9N8ou(vy#t^%E&?!0;Nob<)D_v!n%R#jy8e@vk*DRuJ+r!8ZP)-}V&($^sZ9Ek?=
zES+X?VV68!U!Ak$IG(@kFY|Ukj^{4=%V_>tg~?#flD#A^$%~|@L>R;pSgYGqPsq=(
z$*Rex5|og69@7s+vIBr+sIjfT-GLJ8s{q0v3r!(u58l9?BI$)#4!Xh86nWP42!CdD
zXxbVDJxOM9#fEy}r3dAJ;g^wt!Y`xlAi&fh{G$jFDgVnj$yLYm4EC4N6~<a@YOb}=
z3Qjvr;V?))q7~(Q{op!X5ULb75~zLY`1B1em}o!a*8r7k%_92y$~wlc!I~G|!xQU0
zY^%b1cw)W(WmI_m%gA{P8@N;eo>^sx$P~)ZGp9_cAADq$DEH&^VhoS`n=t_TA4K2Y
z;t1FTws7E4+>j9v;E?R9cb&EM51Y<&++KX%Ew?)>t843zzWaXr>CUs==QXz=??h>V
z11JB_>!a5%w)b8&efai2Z}$&(pV8NyH}q%k`O%B*gTtEu;8Pe1toe<CO_NB#E(ImM
zt7{CSAAj2W??1nI`D*|5|GYUkeEXN5|N6K88yt6mBRM&Z{_$}zjFZtXX_k*aoqaz4
zr-AUpB?r2i^b2_Ja);RZA_-@By^Bm2|DuwJC_-69Bsoh<rbbxYF*LfQozEOLKII}b
z0oSx=f>{rRf;N^pN%C<#V#_K$0(AoG)7LtA$s9#7DmIf+v@yAMto@O;x0^`rH;=d7
zlw$4&gLD5l4TF#50m?W)p4F(r5N`{4+zrqn_ftq06sgpLwziuTjF7n6rvDTU{V+bs
zPaF6Oy;lMtQKNH|O~Je4H2Fx;_f!|;*8;q30z_<qYc6oiYs@(aj~1|v)8q`$H9nVU
z*cd%@5cZALL_bQ={uuSe*bi5Y7dXQ~Sc;}ibva4}1$NLix1r{ZSt3ro*{B5OhI?`o
z3)7IdFyn6Cu*_e1X11AMfn~-z_@kldLOw8?v(pqN;#=&n)Bu5Ii?c`g4{1>LfN-tc
zAwlbAKr2oE(Yo34nh#_)Q1AJW<(AyZ@gV4aTs%z%p^nzy_v?S4mj%mA2{yt@hxrH4
zw~%rWz_oQ4QS6H*CJn~OqF9D7*0x#1rU|T%70Oo7FGP0B4iJ+iV9brPC<FHPjFUr>
z1FzLE86&Eu;%MMl66)s~P||tH*s!CF8x05%b`+Bw*G%)%_?lfa>kP)n1R5uwyCgw+
zPy!__IXaFlyiXT4N?ykVwau#1aYbnwB*0wYCqpbjQ5R>VW&o65SM;sYCsp}W%VJV0
z>|aX-=IHMdGx$;s0)R1IrA&2!do>6a7iZ4h^g|6jd}wF5mM*i?G|T`vbr&<L5U!uQ
z2V>_(%)Fmd+63l-`C<!1d~{PJcABWd_e!R#wxMc-SkqZs6Dw82=SClxem3ZBRXu-w
zwNy)S;?W0PUD?a(G7DP^ADF`50N}T~<KcKfaV7Y`i(*A!nFf#JJR0~b)^Td(<VAZh
zOaz1t&=I+!TY*zs?lhR&mpqGt5h{~S-V9_3-bm~UjAK$fdtoT5;EkZc1%*+rg?>R)
zp|J+)y~FYkAL62QH;wNA9n@R?icNB`N9g(8>Ibudwd5DA9{f+iU~C=m_~Azn<+y#f
z{9#ibJqFzTZeqFioaH(nHf>=KjBW*|qEMAff9o%QUg_%=pFG*}*Eii-olDhfU#iw}
zsg?y$MW_`!qbO~iWmpYrqUo<%G}q;-oG_Bi+uXob+>JSn6Ye9~I>ffLF}gxWZ9v>d
zaOU_U_yAHst-lv}ZJ-W5?IWb;O-azzByO6vTR36EE#LU2nk|)`XGcxl4QBhG&<{Y-
z^qqgch}V*^G{m|V6FatD4ng&x_7-dwf3?8XTnbO;!_`aTD}D-m08OqleR3{A@GHvx
ztD1UrD&}?J{r>xbWhF0Zm2n8fS3Rg#=RBxYISL!|`#GrRQhLloR`6PQ5+^B!vIe|~
zdPcRI*%wN~hIK#qPk@DMxaR<st3LFh3t?r09Dr;!s#t;50xQ79dvM+w)I&a$2H2d;
z3T)ZzqT1WeeqAqC`PWvdO8eqfIv209^5KKMuXw^8&HdKR_V4!__V)j-T&;b%YRkGB
z6?3laIZ8UaxO)J*@r<QI*1EAXvTVuynMS^aM@_^30Z!@-^?b#C-ht;Un+3d_MwDcv
zP3~=?b0KDbLlfg+qSDXFK))2?+}#kzV#x*v=SVdMk;}hOme4+1OJJ;0pBQbiX;xB1
z77RXRLSEl#`p>jL5SwD&yr;#_NneC<=}DO7;)H@vcl=h%e<pcK(Y&S?eTuROCDg~~
z{z?nFK;aKohEWGmOs3dGz;tc6eq&s_WSl?HV{J(`(lE#(?2&D_&yw+=he>+SzS{&*
zrRMXqL?yB&dg@7Ip>)oy+A+}XGekDDHVH6TPmc!=>>f&pxrg2u!HUgeD-@81BZ-}b
zI@R9|`b1B)oDf<HlnW`GCR;*`BgI5x)LDn0zKGzltp$(KJd(%Akmc!;#Kok)Xh{-h
z3le8a=?c#aqB+&|C`~Zes>q>Lye7`!J2J^sFC)X#T`O>#o9zRU1vP1<WI>9JUPKCP
zF9wTPGoV?R#|&o#TbE+8RY*OnfoqKzuMJZMsev<5iluw0Kftxg6EptBcB9d_u9ei%
zUA?9hUC;u9TFZ$jdLzp?pN!91RekJOjoyaP&pkdk!t$KQhl+N1iwDT+6%LSFA<q@&
zY6SwldPksta|Bv$G`B~fFHD<%W7M|kklQrOCallZiS9*~=66GMOO{%ire@t!pvF)H
z-MQ=R|HK-6)PIMc0ZORY2bOp1uYW}+`xkFs;49RoQfB8N8cOqPF0rx#>yjqplT&|v
znS<S73`*6^XaF=6imi8av36&Da=Gt`nO^BQ&zt@@9w0V|l3tX=tjTRkYHn*}niubh
zRe^dJCnRFzT$8c?Xq`irV<;$u4gvy0KPG)vBrmd(7`M=tygN)3n~!@64+h$0$_q3L
zRme?%6<iTWD)V!KREA`AurbdtsO?!uMd5VAh(S$`EeSgpGlAm7cu6q-!*GbF-}N3Y
z*B-zLZZEn2OA+fVX$$F!$Vw-~L-#e@YLX%BINaQLW|JzAlxYf8Z%`{Z+j4iNe$el%
zt&5^hSt*ioP@5DMYOSn@T5)}OLN&5UEYw=>NG;ehv#Y6B3-9v<c`L?@B9_nv{NnpU
z{Zzf*c{6+Vwr*6bMfKx_Wl?NekJ|L8Z9nSJqfW8%3O!!2ORmzRRr}EzJu3CQPLJ2^
zl8@-oBm2>J^ys@{<?re7_jbu`9=0=;Ks_r|f6C9DIUZL$+u>)WiFeg=>)A7Y=0KyT
zo)zlv@^c4FVa2oO{Hz4KzJ7iK$J0I~gp?re%GU-+JISVzeBb2OpJjw^n@uXa4JErn
zQQzj|*J794^`AWPS3k^E5`~$|&#~-{s1uYv!6wD5LlDj|8>0^481p!xQ5_KJUKk8G
z?*p7;LzIi{$KB8_-;|7=D%QT5lpN08Bn9eD#(2Y<GVZuxuZHQ0ev<hsAR!-R0heWc
zY#1p_s<5KOaz1g5k(AC-6LlrlFIp_2c`gMEI%f7_=MD2e#3p3nFXIr`$dX{wY?0w0
zB3^ADMI!=QUZL$M7FEgvl6Sw47baR%x#m&|GZ@wt=1%x=#ohKtB;0DxD(I-tt`+T7
zn26b+6LyQZEs_AxRiDzZGxMU&2mzPLN^k;5<=mVK*OeJ?<qKPsD-j0v+vIWJQ{o7#
z4GJf(OuFEI`>i(dn6+9L04#oPWN|CWqZ-hBD=fg|Ri>TiENL(}3(m7iE6Lnic_FWc
zbk2}s<ZvqnRv6JlTgEGbs9-C|nlYpAHwa`*gA9QJ%vI)yx1j%iW}iKNKZ*l~xZdzt
za#7DU*G7B7J%RQ<v&v=@;>LApKG_BuhQ2Xv(Ib1&D=1`CMAk1_@M8|437eT+iEkt5
zuPYdalNmNiZn+)6Rw-U6jSTpg5s82`@j(ZC`lg5}$trlajWfQQr{QRT#NRnHF?+>0
zrpy!Dtt$(ZF~bInEmU=p69Wk!ALs1D@Y@zJ7af-Y$!#nTj5s-R#mPkl;q8c*%N(5w
z2M#@$4ptnC?cbA3`l|BilFU={%o9YOiZA}nsSTMx|4y}rN`!p{@%1&W<nKm^edD*+
z)9|-&gT1tizZHJFXKm6;-B;<oV5Pd0Y7VpHXmu7cH;cI_iy>1irj{LpwiY&Ao72fx
zB)1$=<3Yr(TSg>b_S;fz&UX{4zK|F*KH<%QS%Ce4+zEv`DPA6E_mvIndgbSx4<AZh
z>1$sQE6c<t5JJ*L$S^AA*9FF{y@p|Rdi2fkaFa~T1d~<@cZA9JF6aX-p&LMqdWA}5
zxJ~d9n=Dx<qd{4$Fz1vyGe=i>n=*YaOP~1y#VOJcpZF_ngE(jz?zcOS8s%J{7rB((
zO11!-n`R_(e0XOw(~dob7$;tq{Z-Yk&i+zMw`pHd!2si`{YLrU|K+Ugts7Qcj)ncY
zT&aKCZ0UcbO@&Kgb&v#`tOCI+#Y`{}5hT*re?m+IvXxF5`_T>>b@^n!jIk~@WYlc)
zd>onyQDeghPIo+gID@GYlx+R=uT7E5lQD-9*&Ch@QxISt&Kt~>H6t+F|K^|!7d}en
z3a8+R8~=ayz6CI@s!TY2H{sP*5CqiQDM@D1$z&!;TS(f{v`O1wnuH{!yu;1RO>*hX
z-09pqNdpvHKm?y4sEDtEpt!gSvg>ojq9~~UDlDk1Pf%7-R~ONh^>=^#&-a~k?mg$;
zJCCF@X@QKA&fI$*-}%mWzVn^$d=L1PIaY#uLxR)KVO#il@9!!dMxk(=f@#Jm$lLb@
zpRUC?3N00gqu?O`{@JJakF)Hd6yU=T3*J7(@yBL${IfLtmt`c0?XX3lDV>V$H3_3l
zxj0StkBhUoEdhtr6Qo=MHll={K(9*J3^5x+1I0r`*#!-mIl|0{6xV>BkGSP9WioZO
zX2+it^l3s&88vBu;h~X*MA(>In)EX=MK<z;4j2MEc2WWYCZU~qn1FY2n!!gPoP<yq
zv|qA+*4SZhgsx3RQ{&^*g9u`}ViQ?Kv*NV2k%lzi4(K%vtRg1xM$<t!yeT`>xY9Qm
zX8$T=mpyL>`MDFaEC4*6@KOa$5NT8ed4({`5pqJDqVghjJTpejc#fiVf(*{deI4fl
zM4Y8#a#TSyy*6XLn4Ozmt<&=42sxn}In$|7p_EOUk+dlw7!QGxgKLP$(LZkM9z;Qa
z)M0S*AgQ>W;tjo@5s576=dmUsti%P2d%u)k<7VS#IaCouK&D&KbgtyRIucKwL?2F7
zN|SLnJMl}v=+&0Q^ZGniL`Aa2?}{;(*3s&$tFK3(Z4_~t*bYH=4HVj)yGC10!mce#
zQIu?^IufcNfrVpN&85}Uh(4Ahiy=7`QR<C)p?SQ>q}ZV>Mp`?laY-g4k|a-97^^r-
zN)u09V!?biZtYbHB<OW}sd#VoxP)Btd0nhLOBaVlq)6YeW<@3FJW{ZC*Nr+arz`#z
zJkZmr6Ih{hpeL^m?|#XFo-{QZBEyin8&1;9W*>JxOf`&}_))aq*Af-J?3q@~?Lu~_
zoOAN?N8A(e1dknxAG3~mH2CQ}C4&eZY&Nmb*-A6y!d6^$Bc!U&?GCTk94aEk+lIA~
zdSNs0)!om!5}mucn<*<pX~oy49rg$ew~i|GS>d;y=<Y5{Bu7WhW`f?x440&ps3_N+
zZFRLh#^zbp5jZLWHUltc4*z89{_r>_HsZ%Sk92O8m&2!&{6B}0`WZjP@;^7n-1#5Z
zwyv4W|1&Eeo@EvTQg2u6(<1*}?x@gP;1n$;3Cf!qh$i2~=;6SVCUm&Tby6Zg#`+YY
zUD&7cJI}*89%LLi+^7~hH$nz5147~ACN{8ji_#ozT@z8d@kowVlH_=Sgilrkcvb50
zajFgg7|6Cau8)C2AgN7gz#_?!eH08T(TGNOU{sU3H3df~-#kY&A9d`Nn~xeNd3Lf<
zi_z3!7YJbAF*ye{7MgMTX&Q0<)s=agN7;8F!JBV-I^p=GjLnS8%q43+VxLm>fAZq6
z`Y5vhx2{>U&XfPSc`pC+tbEGGH{es#*yu_C$S&O>#8*;HkLA=cEdr%Fa@M$!Z4-Gd
zJl^8on@!xD314nK3*LLTQP`s02?Lvz=$UOTEp5$bNgHW-hg#<5$lyA)coME`n9KuW
z3z2XDjZ$Xf^7c#fOM{^%Ih+k|W51JDI@U}cWVJmxopA5~J_v-^YrwqtmL_f_tllo6
z8{&K2uwO8hv+$BWAqD8TX=~&spoCgQgzeap;0u^lGh{0qGqSoho?@9$YG^??ZC|;s
zhL&bOpgj8uEylAN-heqtNtix*+%Qb~Tu<Vy&6JW>$uL>;r7?X1awwq1ARUQapH>ax
zyO4Ma<t2j9P#Ci5#_(^mqgy1~AmBa%=>xG?NV$50!f^s?CoO4z+%1uT1(=#B5EkA#
zh6L$^qYj{OlR60NML0gPLIY_%8Ms7*2`q3?fuB~iY}UvI1G)6>v@w}hc572gFaYL>
z6mD*$MPVn81EBzz+RBy;93epg2R3N%FZ>77!vqc6^9bW#;e^<8d{I4(osXXRHi{+0
zBeh0oy-0j2PN-^RZEIKw5VFFa?55n-pmL*xBDG=-@5w;BVSBt-36y?;5j{;r-#`e-
zHn1VuxgpvSKzw6v%8=inxtXUuXhzF38#G4A5{7LzR(ROOo27$ht-6*2J!%CpaASxo
zt!NlWiJa}HfGbMsyw5;=eZZH1SZ>y&mS*icL?o0#dd^2y7|#Zo2uCq;h>PmsqDaOA
zw@$;g!%c|T7c!0O))v9jWH!T1a~xAQ0EzV|OsNC|f6o@SPXS)y@a7RsyTI}Zt)FaU
z`7uUmMTQ+RC1{WtGFw{UbwSx8TWTRje9j9-j3FG0^B6}K@-hR|ilSXW8VD?@UqM|G
z=!j};p!r)Z$nPl&BSABgVNenC(i{tL$Y)1<Tj}lY3ttpPbHYGNeQfzii+i3=5&55I
zfIqAh;DzP?SZo~;_FeLSb8Ow5{68C?^6U3fDY*Vex)GFPrDXuO$qi-twMRY&xKfih
z=Qn>!9_mS5&C2<~`ADRPgnL<7yYgA7O(89H<+4(fQ4X7$mD1oY#vIpWL*cNJ8KxXX
z$(YP^2pB5;iV|bHPirHDIy5z1j;5yBhG4*iQIZ-a)FdyM4$WouB+FY(CNbMe)*wO$
z;FYcPaU$d<%Wk{Ir!u8k<1nAJGtaD&$52d~V15}aUdZBsN3_BbZgWHJbmGB3WaM&w
zmWq%Qjcg-A`f1#V4b|0wJQ`1Bobw%hBe=<tXWWz&uWqpnOtxgH0Klcpv5Q*Qh%rY{
zsv8ZG7hy<?%ycS*SQyGLtBtg*G3(j6&+YsThF5rWqgU0W6)6e^6IX0_pcp|KvpFI1
z7R@l4)p91fJ5V8CO(e2#H!MsImVoE^*BYM+r%!R2W5;1-u&-x$uy4zox`yEU@Icqj
z!LE+Z&H*wn45ox`QlLN}>{Z9cKuKaN0tAq(cxE_FWXq&Fb(lbP_xBI<4fPEVZRrmy
z<j-(#UuRcO#{~>1-r;Ud%Mh7!LMty0-qh9A-_g^3UYD!8gpszgM$Rg8cb$E`Lj!#~
zhq@>g@ZLtUhMI`0W&vh8lioHD^mTM@=@=Z6d($(+DRSn~p~K;%VHDU=rZt1z{qTKw
z$IhOiZs>Kmr?0PH?wTAf$dW1EA6fLdI64AB0M(@4uK0drMnWTjidG!Zk8a{~w6F^?
zs}$I>`NC~Mn<#t)&A_9cogKqNLmiuYx<W3C2q6Knkrq=Ak7<_BO}iTe0b}52=T6-r
z@DTz|fR$G2jdVRZ5NXK-TuNzi!kFwn^+<BqNE@S|Y6|9t&2hrFsN0KW$i3wqfu*N3
zLgLdHhGP&?!YG)VS3T>d;7Hg+dxs+R*zQA%c}TyfyLVgHfZ)Pcm(-~#oG}_q>Y)NF
z!m^UZ36!PLDd>XLLianFNTDJl(HRZ|1tvBU^4&WWvQrF~A};zbZlR|C`X)QZ@Q$t>
zo4W=Ew|Dn@dQT9sg?C?p-a7~S`aRv3TW0KF=Z%WVjOCQ?WtIt~oYnRKar!aMBgrvw
ziGdh14UQxGCl}#3?Bb)|?kFG6VJ3c>HLO}p)^)i;hjE=n^i+1(ZmnqlJoT3dfS%zJ
zUH(k<0s9PJY0TIi<--ggv|TV_0zU!PJWf!R40iW|#5mm1dw~EFlhJ+g7-$F(rd20h
zv6PH^8;sI%FAUL(dw-V8Ruo+m#TYGHx;2M$1ok=k3Z6TpMQDID9&E@D9@d7M%6d7{
zYcWezf$p51lu?x&y=*cNa3$HUdM!g;yK+p#(cvo`Ji9H|1kt@#5Oi8XGP{!*9TY6Q
z?M{mZrl<caQU7~bCZNUaKU>zcdi1}|Yv%O7v+?1!UVZ&T-F>}-!`p3RFXzb-*Ae@g
zf~uGlLTUgKPte+oZo|}`6XNSYu!<>g4#j3nWoKtUUd)nHy`PPyP57vZZe^P2Xj60@
zT4_ex)|^#AO|;ic(|JHg$V@jm60_PEk&Loaz(+v#fhlD|mxbyv;8ku_7%)fRUcm;`
zNEHx=31gw{wA-!IW*ai}DS+ZuP)TZ{QgjyW)6zM#PfG>WK27aV`?Qoh?WHRbW(xK+
zj)8e9715@&&*+%eKBMCmB^V+W8M~Q2FTYAzIZQpUZE$+@UA`U#pCbFesU?XBet6fv
z#qNJw)~xZ||B?!G`~Pfw%DuM_BEdMW8EB+Y+T|~&HEPe<eB>{G3vR>ym%+~F>^x&S
zM%OM*2TOPH@{PmyE?Bq<j#NfhWO05wrdgv2x52+~;!5aQYbwusyOFq&1mq06TB1iU
zOC1S2MN{ftQcSqF#Z*;TW;6jih0;L&$S~mPY}gBl&_05izZE<p)1#UfNTEh)fJ(gr
zH*)usQg>^^s!3Y%hgTjRbB?71=JCBC+pc3GfZ08$gAT}pG%1KPtEkH$k|ox-2u#c9
ziT6rIy@9aY**<Coc_np=g%5n&SF>;K<{Va~Zs};4#*Z=;xGSggFbw`T^2{rO7d^Zs
z(+<i7I#Yl`Cwzh{+d=to3Ru{N^n(5XFPDkirRo-qn4~JOu#Hi6$mBt|;UG%nOL~|k
zldEA?bI$cE=L%n7p$jpwv&dQ|DTBekSzt_Q<bQO=T}+BTWNa*pY;2PJ<z?Bx6e~ra
zKulY5E*HJzrNDaj-PqR7;S0M4`hs;?WTwvVNy=Qg4v+jI0=}qOhNo$5l4+btRTv2E
z4>i$HI$zOj=|v~=7Nv**BUNW>>cM!m^fqj`yZ5|~p6*VLVm3sqOEHZGuFk$gD`!20
z0gJ4{MkRW-5{*RL6png|_+fOvud`BQcM-75-+~=0ZX!^mF!*2=!nP#_wlEV}bfBPw
z!D)<^UL9jFvkG<`1iL>_6hnP71c)u=3`kT3JNsvk-Ja6{BUSuM>wC1nyy~QHRZ8(f
zOc-$+?V(NQeK{$=bO(|}V{<;p4IBJb-1#rFg(h31CJQ!#Hwp!ss06$AnibBz{K&9k
z7ePXnmtEewD{L;`y;WngK(5?~0PZE&t(A8+Ce&n3uFBs+^eMKeW5O#8n^@2~fwEe-
zs^<grw=Pf^oj4<<EYfww0o+@@<M5HVh24SdS9Y{1AN*nEBZ)tg@ne6xk)r6(O%WXx
zJYa|@#hk7-VkEo(TM;IoK`Cy#%*s%Tu_=&#q1Z0E3#Z~-$^6U%mutTAAeDdehR#Gn
zrc1cT)g5`Y(!FfmT@ry{uxls?=yvuYu@SzHxf_B_hP_))fbfa7Wbc3?3jNVI>Q4Dk
zn0k2$Q^2+^qkEq`X<noP$>_>zPBxN-CMOPgRnPbgD-fzJm_QK!X%lVKL$As!o?yY`
zm&tGb-Alt;z1kzV%#558GBV&pmdci%0iUIEShU6u1rDuMT+`v*-P!R2@(1GdMB5cy
z*K8q>AKoN_1RdRjBJU_=cDSmga5-OgFqVI@`%R!9JJ{#Oa#1ahdyj#90_sSfvy7Ve
zEaSJs9PZjIxce9HKrB)EvQYgIU%Z<FjpPdjJ8jN_%WSp1$d1}*WToBz99{&lBK9A#
z*t!<){m-2L->iJN{l{QePuG?q!TiI1aAa?Yy43hM7)wDFA#kvgQB9W56mE|xnK~C9
zET1)vmIQVsaB*xT*j68+F}>Kn#uGi6@vNS)Kyzn!Iv_3N2%56VDX>&@^%hY&(kw(c
z_7Y|?LWpcd<3=vYH&B4X%H~jWK(l+0<4uAvAO+KT;Fbs9po<_2kAacPScphS%Z-sA
zBYE%6sI|&E3})37UE35}t3+dM(dM@3x=LEB6jVJ+0iQTk&4qkAN<PK-f6B^KIQ~;?
zU98m||8ZTkb?*LuRz79Bn}83*O&HuU)UU*oI)nf$8V1V4^9u!sk{KQ&OlqFDhDA|q
zX^OQf(X-m3t!=S2bHSgA_3Iz}DQ<wF9>@SflqUOODUqC5lqeMgrZ`ce$Zz|lVT!K|
z(`lB{gV-!Su?tuk@5_jlvER=ic9jr(inRyiMPpEv6W?T>`?JPaR!vb`Of_wldrC<c
z{DKZv9qA^mp_EcH)V-stZ|4vh``Rdrt^(0z$i|(WAhHWj4{t(<eyuU3>PfR^uxsGF
zt^o)#g~%H>Oe-MP#Q?7TeFM;H^BR0(fUzxYjr_a4tEUg`bb+AZKd0Ap0{VbD-J?8(
zAPQNEs%+WTO^%t_DFA2;v;q)>OG{7aStAWHV@+q@j*jkL(yL)cNCEOH7@)uo_jc^)
z3WPAul0VRZALR-Nfgen1YTBfkb0A3@gt!XTT-ev!1w(Fx-6>F38bF?BOtQE#$SNVe
zW*K|1S2dAERg8P43=iuBt$Q&B8aawO;cKu+guQMX%W9exr1M7|*ojCt8X>a~q+c>^
zsC5hmnj?`wC|?me*TF#7_MW~#n9~E94LW5ZDOwI+ZM*eMFcvP-A&bqE2Yeu=AkaxM
zzz7sQ1hBx?fxaDW7|9H4$#4}Oc_BEm@r)I;jABp>Z0R2YD2Dnd45UW6Ab=x9kO*%O
z8C}a11EjNKs3ZSu(oS0nOt@*}vT;r5FJCzgdV|Pk5gPuiT*D=N+zJ*O<+(e%hsxJw
zJPDDid|J!cuL@O98e@7oNLXYxjK|DLBbz8T00=z{^wQI}t-JSd=8Lz8F&jtLwjvy%
zayDoWsciVpB-K0!V__+BC}{-xdtg(*^<+a6xHyUrpf<)QWWT40c<7>R<AKIp!wEx7
zWjkCR#9u^!3Ezb8yp$9rFJ=e7(?@w^yiw9YkhDZ71pvS3(u>oVtY$PLhu;%MQGg&p
z8(O4wM0%mt^Uof%ZdbAKi8+M>fFsC4MYE|Q7HkKT0IM!U_(QQJrI{u<TA=yWc$Vz5
zkXUtZTtjbxe3OBU33d<5AqBdd;KPWsr%1s%=}X}DA&g*%8f90+PLRNKazY^+AXd~f
zs-88astH5VCu8Thg-i$`G=&(4HQtg!b2VadEP<N=4N6BjbtFCx(?KiIM`5~JSTws3
z*wWxj+&yGEM)eMr7{e(2g;_*ZaXF%d&INNaq2#2-<WN=>CWuOFv=R6XQlt|_lL@PK
z>tge8azJ#VXS$_QUH+BWtCiUort?c{5Xyji6+$|YqBjE?H{{R>m`oz~fp94i2_g=l
zc7_1=Dr6L{u!>kv+6f4zWCp>BvwWf*#8(D?9!$T@shv(@`OgttJ*q0>WZFk_kPIl7
z*7xKzdWae^h`6q1r})85+mnW<zfpHUP=Y^R)ZV9QQTp#{B_^Sb@fsRNw7%A?jjl;-
z*g*c~>cb%KV^+ZW+C*)t_JZ2&wL5AD>q8FZz$r75C9K;>1*2i*Eck#X7P<;a>|&TB
zkaRVvX5nlCXK<>I=3{b-VZAAIOb1=YxTYo`uOvj}S0T$KtRvm3H<eM<geZ|NEMQZt
zQjq;CQZ;U1C>h!JpCap^oP*aB*~U0t=#m|+zD=oze<$cR2Tj4ZafvC|=lBQ?B{=Tj
zgpMucp|24Gl+!c}viGfTNMwpPUX~oQ%rU<ONfzL^Izjk#E^AX0O-TmaoDEjM(FoiJ
zd&!9*kWI)21-pyz-vp6Y(tA1f<f3|(C8QA;IfhKl_lDH1w};V`()VhK`WZGAiP$q%
z-)@g~Ljb1?Mg}t&sAuaVAFc46E<@O23J}lsB|2o7sR(~1Z$<8T_o)!dTbKtd772+%
z0@+y=qzF^X!0O={U~Tr`kh7BVY=t%$5>5L8(AY@hPA44t7Fe;cQiCafP%$5u1Xc<C
zG&aIBp*MTr8J);YIln33uS%W*UZM0Ua4lM&rOLJizm>_(Y{izPs)#gP@ulXh4~TNy
zgkobmx+{~7enUVvjm9(2Tys`qtmIYVpo1X;UQ+u9yoeJhj;TH&sB{=&p4(%CHiRvo
zOf<YjIov%*D7ccha`1C0`n9Ky5GI>fphgA0;n54sHciFnJKNNr^VKxl6d8pVowM<|
z1S!`p#(9c^KKUFVa4^?7pujfB2qS+p90;)`@3KX5@lLYqWMnbbr@f=Ps6<U%o--{Q
zxkCF)qi#%M{4+M&{-TM8Hn3JmUSs6RMLdQ({0QnHppprRUDIL#5c2}?R{kwe4wnT3
zD{IxTQkzg}N0izNl-liWwL98s2bBOOBw&!C!k2&r+TD=Y&tBAZYgw@`;TfsI&H+5b
z6el`N_7zt_aXdnrCg+;0o?!f*wF7c;Bg=h-?FV9!C>8Kze6gNAS_2R5<)14%xdlp4
z+<H_dZGqDn=nldc2dycbar}tibHedC64BPt#fZ$wh|~$>b4+Q$xFNAq@SzaZ8c<E<
zhuk_5*sJQt7t4C=+3o~>uaJTsxs`pq1m|2h8ar7h99@KS;KhSCJD0QLH~mEq;q<%r
zC=OY(Nl#3<PfJNEeyWS2FQ|%!HS5(&nO;?isC?zeH&F!|nlth^%0I>IKbSxJVf9hO
z{%>t`%^Gk1uhu#HkJ<Rx_J7pSU9kV-56W);$9-^88P(E9bUTv=^NP-A3AlN%lhrkG
zhufv6;V0f3n|ex5s)Tus<Sb@e2ai={RGU<EvM+;`A!e#h=x9opj%#K_=}4MJ7*)%l
z#c4?Edle#wTA+F|$)1j4F`5^uDJ>#Kp&|_h0S1g*118%#o_lkAxzJ2i{8vaBRpS=5
zfg#(O00NXFZ8=G)oLE*IKjf@3saxaNm2QxxDFl8tfUG+jKO=gi;%5W^$_j+F=w~yd
zm>DgukLqzR36*_Fqp&oFcXju+Gz$Z?CpJ*C3U%_%tDN|XCdVu{9)`v>Zq|Whrp7^c
zEkt!-4^-O_gi)%VCADR<Ta&IHBc)BEZ7o4)5^h|yL`2!8K}sGIqpGEdbPLw2q-)-2
z90Ph`{#%y!mYFV%+Jr6!njp1_G@+q&tqDNrqf^)(kH?0_y*Zj`C>2pEMx8=576^vH
z3{R5k6;mwMzbkwiOeh8!9qgz;7>lhoibk{~IRXedjWNC*K_-oZ%lVQ5msZpu3=Nxo
zg5Q<fM;EPosUJ8>q2R5;;(oEmRN`aL(V2z4NN5C$##B&_$0e39$8%P~m`n#f;Wo#O
zNpO1=x&iUiGUSqCOgp&iq5(07fj)C-OYlNsj~hrM<ndsK(g3p>#<r7Mn!JMF!{jT3
z4|9SX$Ro{a@d;2dxPU0V`!OR=?+tmom+_@pX(K&Cr2E})-Y<Yy&B{|s9M7bxgGIat
z`Q~IHEU<6@w$oPH@de9{CQRqor1VR}Up7kI!xRaMT^CAlO=r#|x?zV~&mieRh&fo1
zRZqWRu%x(=l!rV5SKlRr;{qV5o0jH7;v*`lXpG4{QT8ntc7CX0#}0LsLPp|JVSRyZ
z99f|>STVo=+RJvol0Kz?eNsjb95h4N5ISiX$i)SjMNvmcZ8a_kc?dZdpk(g`UP5L(
zc=9aA!Y{nEOI_B|YIZg0gFM}!xbqMIL!<!37`Tv_*2okFh7{X!(;Ch(+oYfhYzPev
z;~9BWc6%5N-KRa@21Jhyb`F^H*my;LN<04_o(D*g^Z&YaEuQm#%i6i~|Ezq<tJ#!X
zI>xnR2AtyPiMdq24x8XSVIb$ydY9g>zh}qcxoqU~%;1^7WfzKycu&|-|5R@hl=61w
zWcOyGC`;DBt=^LM?<72s)b(Wi{0^C0!NoH{$+#1qOSc~U?pU<x<bB9y1pJ1@6#HmH
z`P2mzdg6;$Ezon823*eHv2zXQ*N-ncq@fk<K(PIH-FM+2KosFv<^porv5RAI0!at#
zSlodyng)alpuh#?bO$dt#*PNkKxd3dYPQJi6+;4IU)d?@5j@{K^?B3OA6Az7a`GAQ
zn52A_UeQwBwyCFg(=!g}e1K<@V^z;kZ>+ie-Lp$$I{++b>r6eN2|Ky{u7(0>QDXpr
zl6|e&+(XU@gWVT`=TvjF^~@Uj_M!mlh8icyJT)eaG`-QcsSZe2qDLRQUVDzvd0)zJ
zF0Oz!?%Pi$$*~6IA&&CYVUGItB<~9gp+AN(DwzbXmK+TWMnWNp@EKA1q`K!H%0UH_
zVe!MQ`lS~lT{51P=0-!(!m&rd%vu=sA$dU~XzgCvcoz(;@*pcOR%4~0k@GJ=q8GEY
zn3KXDOAz+U7RyC}k*P*<S|1~_lxG$&O%i$YGMWt!_UQ<e^&6C^d&82D3m>+L>sNqa
ziniK>y#?7uZZi=XD{@`QMi1f7YH<znb3m&e;B0HXe7mUKIvvFZ{-u#yqLbf#M8w*|
zH~Hy@lK_SaZlt~k`PL#GA8^T+F);x6B~pPilVP+V)-j8gJf$we@a4GfDVC=Mr-ho^
zA<YnRgiXT?m^6-VgNsQElf{OSm)rPKpPOhLs*(7PKPmCj0{fu_LnVcrDx&`(qV-`W
z|EMaa|7l*kcAY!^$J&<W<~jY(Y<$XoJH4f!hifV=>jzR8jp7lT<t$r1DL<4M<ow{e
zh<s_f1j~rD`-z=qOiCC+P%_(zK`NI+mW8QjmvH%0gJ5nau3jiojGdZ`l%hJ3!evlI
zEK-JSqwvTq-d1Vl#%N|sypbthG^4?!6)$Svq!%g2x7H%X*fnIa`NDm&I9_}bcKH`%
zS7{~SrC^>J-dyoQz8PuoYBQeUoQ%eGGyPJdkWx}+l;PpAcp%Job_Yj1Hwr1hl@U<P
zP8rG{+T|$zc~ioa*d>6xU0uN=`#tt+7w`dvEjCs}Tz_^E8US2s10UH1XoPjC06r26
za0(8DJwz=Q<7+}F#ve(=V2RNlrPXPdF}-C>cNxk+B<#{hb_upjMC7nXLPwqnfJY)A
zZrqp>ZtR7Dh2*s&7IGudJxit+c@iZ!>k2w@Ej6bUV;~~l*duRdAN+{vedNrWJb9nE
zW-OkcPg*c`dPVG3O1LP@g`=HS<lKpN8L|)?Sz5<H*q!K6n0H9e$mhgK*jUN{%aAvT
zfaD}iqC2A8v)EzTw0yIde+W?SjR46KB{y+HS0$c=;F=~+dTcYnv^I&aXwr;$=E@Yh
zQttz$d_2QK@8&N}qt2CDnz~WQrClH@V_74Y@xn<6uNhzY0E$1=^whq98v<`F2jJ<{
zasc<#BJeZwZBCyK(Xv4lNdcvZs)x$tfPyH1Y)3uHQ$L-P18W)3c-S^d-F*V=<?F4f
z1i_SXkqj_4lukA%LHrSNWggGBDqP7i=$M9`-Y|y`VWS(#n~*!>Kz`Y=l5p`3i-YDb
zq*oF)yT{_d`JW6bJE3`jtK2G)_x_465Z_ZpO{qwgnJRKo4@P}*4)=s<ieZXWRNhtu
zt1L`551~3cOvmR~RUUkL1M`C+X-E-~DBwNDP)Z#O$p6WPH>D(05Y>#FN&S3SByga%
zDdu&6?h4>Y00uW?1DwzlEp6n+#ua}8s?1>RL3z?T_0ZZ57Mgu`+!D^H<((EGxzb9;
zMRZe3Wk|0M^YEXd@{yw}*`n>l41Q58pfEd+tCj`8!M(T>;FQOLC#~=(Q%nz8*)`**
zD3NA|K~oxYcZ54WN1}N#*hP5r{Lwm%8}0miwqZW}!?OBNYhx#+9|PO2OfMtr=s(V3
zB&^u2LdNz{!jMQs(;Uqu!wQg&9qXC)$fQh23c_w%y8DJZ!RKDMMxuC$C)1XI6_&yT
zoRBeSSr0X{Hb#SZl;h+l3CCm!=i3__#Z(=bY@VNgn9Vc9z8Hm=5VmLxAAdKCI)O#O
z2SB%%xPxRIxxo@N(lWXch7p2%6%viv@hO;`+fU&~*qgbE6hqS%yBsqnCv)XMA%G@l
ziKIm!S7c+%g%iHcg>vMP-7ElZSNCQe<e5$KB`(BNFr2xGFP!XhZqEX^*w3GIu@c;7
zvz|_X!Hu0@!hj##>aN0k!>gSxnWyJFB=hNYoB6|NHYmad<V*rjvXe`j`dFGAaLjQK
zH&Esv-OG>t_plb9UMZ`A`;K8NJB34a1g5YeTMxF2EW<Y~5hbPqv_u^#@{x|zmJN4o
zHa4^&wt>+}5|zs6IO*EiDwr)e|Mg0FM2RCqbHz7Dq&k~}<)=}On!IEx?}XGh+`#BM
zAaziEkv5^Ffsl1e8HE5c2_=!kVq`OE<hu!%S-g6s0^3<^c2)_9+%)STl4}7{74%6*
zVqI;4n+%gn9T;wYWNMZqKA%gk@~k13*Q|8JJc79H&sj7{5`bb+?Kj+&fF8NrTI5o0
zdds#?3O<<72A)Who*d@Qgxxd?H6$^b!6$MJ$E#CVu#imBM-nc5?M_o#D!Q2EGg47b
z<UN-hAz~aH=hP@1{osy@+g>H7Dy?|(y=b2yQF=MNxJ8W{lQfAVlBBSMlG-B%_~tOi
zF{xYeaV1E~UlhGWB(ONR0M(Dww@C*JAWG6&Je7eec4HxB%z(6MKwxs7L$|lSNbl}E
zjjo)C6aupt1bCS`LkNmwWuy>fi$TC|d}jzmG(QlfOQ6_in{!d4X2<AqXOpg{C&(EV
zL?a3T(+dXVhN2bL^McGYdm2f91DLYvc~J=T^w;Cn@|JAMQ#tVL{(Qiz+>{gXdbaMp
z{B3~BictHU;OfyvDT?})xchWp%O2%7pj+(7RNez@<p`mG$si*G9}Q=LqaAIB={6yt
z!SLYFKv%~O=Qzi5O%X~r;uu0xF{j9QQ$A|VmGt=KXtqdoyPkj^L8<6Rw9`;`f^m%o
zIkZg-Q=+J*OQaLJ$}hn=;%@=fXjX%eD468*u$83ZHAo&EDHf@uiqw6ALbxOiDO>Kv
z6r}tXgtv+6QCYVj@8r1e7txN+_^7_GY@s+xu>U{2;Ez>B<3BV*vS+vbf2?KB{(m+;
zJpSX*mVP1lBmGr5-+;WX0TA2{X^w|W&`ofF(&I@;DKM7IvHRT&9s&)BZexd-FxiTY
zjE5ms9gp*7$3>)}7tjPBczq^oOn{p!OH9gu0T_cFTZg-QyM~|{akt=?@eu}UR&z|*
z;KG?AFVV)hbC@g4XhsV-KSywYjCoU)p>C44RB+lRL!>)ZLfA&abi9zz8eE-5H1KzZ
z6b6cu-4UYo4PyHcWe=-SfShJbRtbZ|r8J&5i|RKc$`(<xhjnWjq}rN}h_*Yl8{(>7
z%v}vkiYnqTFectGI?1<<QMcN`Cx|6ZzLUlJNO*&AzYpOFC#-;fAVEK`4|g0vYLBYq
z6<=W2A{!(BL3;#>=1&|&H<3(fbL~zq_*-enu*dn0F{R*6xX$MyJH3iO#rA(j<cH-0
zSS0`Vnpm?Z{!{bZ{y#gPvhVSXOQqDbIz|JTI%nO|90EDX;V#e;J%Ubw2?%Apv1~4Z
zV(8gCv4z)9>gj|rX+pQI*uv|fIzD$GoHCp2r*^nuC8eiP=18e~$$#;zfrmFP>Fwz5
zwdFkWJ-9clOofzSaBoOiuLQ~0vz5I{8+pc?v@3R;?^NtKU#z&%x8f_rfsvmVVH+Kz
zx}pM3WnyVFsc9L{_FK$LL<z87z%{|!x57O}h_nIiyGr3Rr;KCCrEtHJ@}UXl#16@2
zFZ0MzuG8xFu>>o#E(-(kN_qy-Pyw=H=OCyvs!r@*gpk!Fzq_$gjT`YbB)d#HQX+Yb
z<-phh{;i1Gw^JkQjBpWhu7Mk<R4zVFv!?T0QAuso;(@-&(Pgj2)n%Y7hGUbCp_w2}
z-GpxBOsYekB!?Ksd{DuuAO|_}FAS{B6I$Gv9kNAGQ&3tKI>k#AI8&rd3J!s$F~&O1
z;=wU(P^go7iflCHonby_Y>vs=l%|+ZBPa}=sa&r_BT=QUPMAh~BwpAtRZpX=Lh@-x
zti+)Ks<4}G6rn?|6;f8?do+#lXqSMelk+At?b~-@fNkjVsJ_YrBH6F(j>00uAxAY<
z_T|86j}ntfc3)r|knxaEA30#LjG;57X4(`gS)sv7u_Q0SQUfVJsuiY`&BM!!$*5?3
zMN$1qVliZ1vQw{CKI7_}LRhZ8UlDw22UtBK>DpY0aTlafJuO`7Ok-t~m#PKo^%!gV
zQMQd_!MxL+1o=`oRS`b54H6F72n>_nk_5HX`tuw$orCM#SXhajwJxdzcMfd{DQ;fE
z>z3QPS3W~}*#+VVvvM$8Ztd>rg3Rj5C?i>3hyEfX9YhWbhxiV2tDe;0Td;1_a&Ag@
z(E}>kuvlkg(K`F0h>*3>7)3~k-yK>CgbuSJiOC*gvXh*Mp!ud)B&w|=%L!jV_C5Zl
zA=uh{R_j@7*EOHDHWH=f1V?QnJ)vdMXn!YUZtBVyd<V$~kv&B=M2vKT7Fpu4*xJ_C
z)^#mwqm(`DV<+$u5X*JE<oN_)7ZVgnR?-+vs8hkZi7?t5@p71tvLS>=GiOkTJ(7ut
zH8E^zae`0$nj_y4b8G2<_`$q<bU1s#1=s|5b=qteinz8{-a=}SvkG8ggb;EX^=0es
zb2u{7f>G|<hSB}#0baQ%j0Uxr*i3^mWyNj`nTST{K0z4^lx|Z3BLVD$ZiuXRxbvrv
z=?2DCPfC!5lp{TdDmX`lOnF=xGuY$_`>wAEZlj-lBw)bTK(YmF8r{~BSiHD#q<HkU
z+GTTte3pgmo8{A#eOxbSqsXU4D#J|x(XI)G6{RENR)8FfFs?u-Z~N19fGMBu1{K1Z
z>3A`}T+E*A6CX=>My=oJ=>x7}@ftRl39}W6OR|E#J4H2+HCN`DVvoc$D<;~gf&}Jc
z^Q&?rrvy!Fjl@^doK3hKiC_)Lauig;5d_g8Aee55MWZOVQ*pqx-$OP+h45QuDQxlm
zm-`c>>2q?@+F-vFil)V~!L-t##G?Eocn~;cH*OG1NR6DuKeQfAbRSHsX@jDt4#E~>
zL*R-aovZ|yvl4`ED6{-K=POK}aBr+f`ciA|Q}U<8``^Q|0V`_%)g1HO|3=r%-T%(U
z$F~0>$HKmyVgg|2$<cd9Of7|Ctw-EcsHq{p0>vk(sBO(NEK9#sf$j)#aG9&_)l<0?
z6+>(}AKggRWYRXv74MMb2B`cgC^Pk>&UR&N&(RghO;OF3+!P*1Mt!v3P<Nj*tai~Z
ziQ%Oo<Gd|$o@+mx3$*s4cQbw^d{nFLrR%EvS}d`cqf2O?=?Mx<y4a$%QD$DDWsM*l
zuM{N+|JrAo4XB5dtibq6pR)ve)qRTX|Cz(g{Rf|7`TwFVp7`%;qI33Nv+^n1p$tBd
zPH1OZAJw&lGPq-?ziI1GKRNr4(37*A9gywqkx~-_Qc4t(0<LX}wltBgKYCUh+45s+
z=8^&y>vx7p0rTbkvkN4xbgWr?j}JT<0V7tXB1r-Jv&L9fO;N?5nzqV~Hnu&I0j`Z!
z0Q_#A@tv9xl)ZfrMY!30mT>ziB{*roMIi`(uu75o$V%nYX&cv#q01Gi5sZroYT`yh
z3oG$lHj5dRO)Vq5OcE)CC+CUVX<X!VdH}-)EXnm7MU(W<K1o+j)<1K%o(VRGd6u40
z45x&>2QCfPCg6XeVC3vjAS7kggO<E~IgZr=q5@(vM(lfo5@@7pV-$i}IuhMfQn{q1
z+vB0ykc_5UvNE>-X8311`HI8|m^oGifN@snzmbR%xHuhvf2CpBgVx~mfH}TR$j}E!
zwF_Z>8j5FvFa{=bf}uE60$A9U$B@o3w$C%|DR$B$q*in$WFAB;VJW-^(@ABR91{}S
zUQ9=)>=SYyVvz`Y-9}aE#%?b`a|}3C4{66D@e-)V#tAR#BupedVY);Pjw|Vqr!1fc
z2keub2vDGhl?l)~V=X<S>RA)(B@B;Sq&_N90UhN;$Up0mFb^zaBGZvVwGf{ccMUg9
zx_^6+WWTjlsRf~hk%`zY5j0Q6C3%8GNX4SY?qL27LQV$Ae57ThQYwI+N`w_P>m>6e
z-({rpd|OCgEK6M~fvZlzMMrAj63miC7_#9krM_6D2)vM{E@(mqu8b-ru$3~bIjqVq
z#k(if#hiQv`vMrj&slCk7yx})sExdE&{m|^h1y|R(R`ZVZwl3B`O$o8^EXBMX8Iw&
zCJLhv(|WP&UclhBjFcCbrXb|o0L-nBqcE(9%#3fu7N2Ak*dm!+DicwYNv97TCKq}F
z(>I}z(>a5mw`DW#IE~K*_hvZ)el|IUDyzI}N65Fv(8(WF+levlwy75)+kfbW?SzX}
z;(Uwn<Zu>K3)>gv)aO#7e=-!flVPa<*v3N>4Tt1R!*QRz+7VjX1pN)y*O1njKq<`y
z?K0lx1y#-oEHje0CsCaQiQg{klTHw>cH;ZObV?Zg9_e%G+-G(^Mf5+pMCJ4Ut!rNA
z_5W{)&gp+<<5TXtot>T2%>RcJM%6lJ&E@~Yhkz1xsZ?H9K4r$fe99}unQvOz2un#0
z2xTmzOiA}xvC*uNIzmYVOK;UIz13H6mO!#rOUM#PN>wIHV9^|ZM_U5F64L4ki-5Nz
zJeo%KJy@7hia+|O^7;8pAN=^_=reurQ&OtFlGE@NPrsMI(`e3eh)AJ%@$45)zR9ei
zCgQ4Txr^E_@+9mNihA?*>6u1UpF;gc%SzfQ{`AbS{bHEB@UM|H4Df*V)_@mc71C*A
zN&~fyIj)OU$ctg;g;*t#H8OG?Rs~-0I!=`e=ME%1<Q1Jekc_WvxdTaCSK6_PAmkl+
zP%t4NR3HfVuQH>ofF2MO`mBT`e?GuWr>eVG6EjI&31|J8^z2vtRi0;1bU^^JwS#iA
z@Zj9I79v9`^|&D?>S;V-#Q=d`5s*w^RJo}+g!{GZm|BxG=oi)PG_ZJDPJAsZOX}gB
zaZ;Vqvi_-ew)FH3c6Ek0rU_>rg<$!Cc8~VkFTi+(yky9M2GqS|6j@Bp<=_IuDGJDu
zORoqpz<(I46SzR$0N$R}mM3RZ9VrNbBAGi1;iJQFm6W5mcbEk!D#e%gdb%LKL=*O;
z6b-x%TjS}UJjQBvj7lkXJ>r1EMnj`QCt(g)or$-LcGYqPvX>T22~q65P7MIqtoSi_
z2vuCRvr4M&6Xpzw)y3QGyb}c|a;8Km*3&amEx}Fe@H4@*mbB!k*)2>LFxO$7W_j{i
zb402m@^-KeUZcMi3(5<>L&8c}iNS?ciyT+=3>iAShg+9nT2RV+C5Ler9k>W$7_+xG
zX5P-In$qz;ngyeDy=EvHCjgj1A&b&<);=MsVyj=eRt*kzfX6Dsjfj|6HJccqhf|ZX
z3OJ*ZT_5zIv%(z;r{pch9%Rwaoze*wFAYR_5gE^LXU9;-wt<cvgWVT)T_SOgF~ee%
z13l4)c~Yq`vZ2k|D@t5~1y?ff1k|0JU-`9I>N<ds($XrR%{c1-hj!FZx4>{Ypaj6#
zr*dk|0~fnTir~FE(lYOfg|-ZMn$*(6R8}7*UxA_ohIsTYpaKh{)V1YVKsXmg7g2$|
zq>iJ}XQ}z85G`pz_^&<Oxzm=R23?!Bw~~W+QhwYFO53l`nr+DwRHibF;T4>9x;z_L
zzO2(WrTR0@+0Hs$p26CKDk<x<SN&4Ll}C91Wsy_J8+n$5B-GK_*wK!zd`9I|KNQVs
zBrbsIWHl-e0Tj(@<N~j96HjkRa4{#fY~?c>`CV|96{m1P;p(ghuPtU1t4BOnR9R7)
z&mq$$R3}$d`Nry#I#{@AJ`$;e^IrFt2iZjqebde@3~=)Vk?7sTQvKN}eFF_#<>Ie=
z5-OkVh^{3jCsx{uRgt9n7H7vRAwjVqXXi^$T=^`)1VSPfu?sOmjgDTFh(w~Al=`y)
z8Vx74x^PwD;5n2hc~#zR4u$Oeb@CkS<`Nc{Z`HaJ7P|%OBZO-g=PZ!;w(?B#Fa@cS
zNcza+UeC{}Ms(N3lEkNGhesWuaAz<31doE4aYPb4=FgBctptyqpl5Te6)K(I(YuTb
z<#&Vv0{ND_h0RjpMp2U>CvKD?vTzyACw1b>E)C+V_EUoYN2T*WLZD!8{>Roi|Bu=D
zaEAc6o^WD+(O;GG4Jnxa5owM`#$Z_*O`$w>`{NNs$#DbPMc;wAktA){=^MqJfaPqQ
zH2gC*I_DL**%H`pM1YznMl`ben4Ttk!jxQ+06)d`!vXtw05=|GOrOx40}yEihoLf!
zi9sWbI%jNKfS@TOP4N-$0}m0FLE6G#uh;}XPLYcKzBVjm+7U~u<&#}e$cyEhNfC~l
zYPue>Un)s7r2ut%TA5^J;^4xvW&6(FH?3T`68&QYG8XULlrv*zHTz^{giDt~nHe3`
z1Wmn&s%t008EpIw8Tzz<DXWxu5m(qz5O1p(|4-|C58DB-F#m6fw!}RAe@(P`j{ncb
zr|di)0@x=E5JtIdU7{Z#QW|AWElzx=7A3l_Ew;9;<rU=!=<oIi7!aRee!pCrLh~wg
zzvCLuBE^zAIms3E8bh5#IsE;`b5_EbEZSd*9)HxR`&H^d=XdW&9+{<hDf*S;1tt4@
zvZ_S&IoYRyMdi|AsaQs}#+{!08bAUnTpJw%;e81nf$7RP1X6mEyx!;|$Bj$(_|3ti
z(p?G}CPf!M_NcsGhd9Nwj6@xhOP#BX=`KT=gM<(IXgVH=#a#_6<VfhotB(_*G<PL=
z4+c036Y<6#P20ne-<=otG=yL@YLa6bE~@P(dHe?b9R`y+*yC_)LmB#{6wr+vkL5x=
zx?lkI{#TL{9$DRmz3_ZGetG)i5hTDFhMk9y@A+zKr|X(W+PRYIn$gQHUDz)VO4EDp
zQcKhO9jWxp9Qb5F>F-ip@MMsuSI+_7TMvVQ@75F(bh~iYw<#B+@#Qk$TZ#!0)%b38
z4BW{ea9$pNJRZc;ogj(y!VMq9E_AZlk#z_`zu|d3tzGZw!==Ba3r4sNgoxJ|b%?xd
zblIU*=tibuZh)1uprNL$S^_dh&6X)met$SB@vyrM@}s~VrA+&-8#g+tVW&Sdp-DGx
zBrp68(TX@XR01&GWl`Ath1JReXZKkYI)4$l(sP;*x>t(@Uoot@xcv-l_|la$;XC@Q
zzYh<gdF{W`N2mGs;f<D$swDewAOHJl8Gx5(Vg!@#m5h_<rk2WBU`xap0DeG$zsPJD
z4DC{Niw4AY;z*iq3rj_{EPxFIS=!eu{O*RdB3Twy+NR4-aU@R<1E*9L?}(mxY%;x`
zLv^$cGl7LFKG!GAHOcW9VvyUFsnrHE-f%*h2<D7UnCsijk&31{noEWiARazDUK5V|
zZbJ+;@g#M$;)p3|tN|s8TWiR>WC2T!!?(`>=<^t8=mxXRpk;I;41)w=D<nAn;zMxU
z;t%1w%Rvi1q!c<Lg*afkfxp4k+lD~^Og0apMSSf;_*xgrkw<p30JdFy#%3jo=Y?}F
z@e6h_yPj5?bvU$<-Gs3VxFi<thbzK7W~A1XQykm=kc9bT=vv8*kvT$IS@I>wl%fI;
za18&T;6~eJ5*vz`x%4pBaiW#LPq;E7U8ToZ%o6UQkCj9heSE-Y5zM_aQ?8aV(lv+4
zc_q5q@9gb9-_8gLKZdt=3=R+O>>cju>UGtV+&<mSL4tVCD^f!U4X_&VwVKnj#3Y#s
zWty``?k~wkEjNib%di%v-Hx>63yg&JBBXotbA<L-1N(|uzHw$0KLNyhWi#XRi=)T!
zvzbLQD`GI~wLX+q5G);$;ExjH*77kCKaUjQs$&*iQf7L)Q<ImGWwn%HX+Er~7+dpj
zGTPE~SsAS*@-q6w#mrodO9Usp^RhE>Zx*CCSf9AR7Gifo!xF#qbSN-9xlV~3&+%{Z
zFe{E9xm|V~rX#TPBTTnVKMv?SHcyY0;)Q;!(Dy35=4j-G9Maikh;V9$hrS*k@+r=(
z^)DpG&-o0^jNS^L{)?=QBZTb!oJFJX0Vo!Y(+L;FaKl#a`?XR`SjxD%p`Q^ozB_4*
z*}2AjV~eyj%L2Q@Ng0F!BV`TB>-(?+<4p5lR&?#lI+@~Y->U^VLgY9&&goImHNh1<
z;i_5CB_yXRt?l-;beb_)dbz5&iHsYQJVqQLN-3;dV8pP-`5mG;sax@JB}mF&6um^G
zu{h*4tRJawlXi5VOXm7Zs@RQ%AWDouLvprD6*vL%!3z}M9FmKo)pffI0J9hXXiPFQ
z0Ai&8kSzuPH+Y#D4AJ~BlzukBF57r<IX+&qn2nDCz^)<!azoKqPaK1?Tr3rgWRMmE
z8I<pq{FUJoDI9c<GN(w-MlJh7vLhgKg&7<g=<3)Z*?LUFG18+|_ji#LktO>`dWm>C
zdUvoqBLKlg4Hzjas_EMCh0Y3W@Q!peTi%rEV!C=LA!_Qy7@dx)UJST4Jzc#^zD7!t
z9XZpb=;_&o9BUAD^fuSv70TxLIc){~k#?kbnSM&~|2bR-&|?0d%~7BH?{oe?v+}Y1
zKT-GRc+SzEmGllO>ItfI<5sZ6xE!Q1HLYlSRmhhOc8G9f0P%IN1#!Av{-LTu_7%94
zr@i?(Ln3LT!_iqs%HPPx8IrPG*)yn^gQVA?5tMO-JQ{U_Y(M-5?Gl(hf8ud?B<)Ea
zk1&r78TQ=AT-a+ZEPFp9c^w7rkFWYqG5()TM#%HS>!V2i$JW+XkN@Y|wd>~i|7?89
zc9ww;B<I~Z&<z?YlgM#!2banirjEKRYFU*e$DIkXzYO${AEuGa!8@qu*##o-v?E8(
z-`O^$6M1p3Hm;7qW0{dt8bwatawcQtt%RGSU;CQ2)@F&7mv_WvZjOwtQzIu9a^7H$
z9p!DG<%&izn;b~8+Mb-A)q(-$S{7mjAW1NJJ-m(mrdIw!d77d=R6~Ib^38}$1$kJ0
zoa~@-zy##mLUJi*`@`pT4Gebo^^)-gfG%Ue{Q?yjMOPXU%7b2kO#tes;XtdIah2??
z$~X~k5?WkOVS4TiSs_~5Quz|;PG@o!d?82AHf2OlgHnYxMH(6byHn^PflGuMG1B6^
zeYs5#qF8m>Seb|H_@`j^K~qk7PF=0X%-l#2;xPs<y0oM5LbdUVXyaMKmxP#O3YtI1
zJ^8I!<xwM>QmtU1wzf9f431gs`N))|ky^AG9I1Kk@Ny21V75PNSTryQ-gPRbHkP7U
za}0%GdIGK;b&H0`*TLbM$XS4H6j7~lSlz(BIKzy*9A}ww2q&+*x?2O4NYDz^R5Nx1
z4s`o!s=>ZiCu~}0S;+N_s%K47kO=8D)z#)j)<yay;B6PHsfPLDncq!2^E*KqgnT62
z5!6kSWUPQm7@B(mR4}t(M}cH!TutXv(11Z&$l{fQ8n?h}F$L!ez$wKYXOOfR7zY7|
z4~YrXfktr88iqd+__GrJTphrWqU29K{0RoaHPrzi;y@ex*#v*;;Lis5vl{-K0e`}z
z;Jz9+5;K&ph8Y~Na;m4jY!p~G)zx4*>kQ|j_$5-x`Zy^eWdSQ~VPRJJ>I$x`S1qs1
zrAy+LwY9<8y|sHKHc2p&k5K}}2XWC^2D_LcrNc^WZRMHd=9~_SQ?^1`x)78w@Bzq$
zsv{Y~GuH${*<t=%v5VS|r0I(rSu$-IgT|ayM^MJJn=R+iTx*thg<u73n8Px>A+Anm
z69e-p6(Dm07dN134>Sd&wJMdv6^Oc11cMpvh-4yw5V+{lrb`--;RGlItUUe`iMVho
z6c8I^Z3VHh+DMbkY)pstV0g;aWB?J@2uvyCU?5-*0?Ds%w@tMX96%Er0UdW%OXT7j
zZDev>Pip)L^pA~^y~SA*^c8*MTupfUWF_s<lFkbaSRQnwDdHYD3{~W^_Q0jV^M|DZ
z6gs2$3;-}C!eYb0-XM}HBsdX)2e~^)KeEpaJ!`O?JBchGEFMhAe`#bBjDZhq-J&$N
zoV6Ajg8*rx1_%W3axAN+QshWac8_>gAJM201?JjiLD-nb4#@i0GPJRt0J2eOYuli#
zH{;`4O551h)U;m3<EL&-ZERW(*x1-k{vqv~8_!<9C#PknHm+JfnpJUk-H6RNHE3gS
zwWX&=jg6buj~k}7v28uL*3q)|JE!Qzi%0?0G$+YOH(r9JuwPOFgsAmwC*Rn#&;IIS
zmSh~L+k_n)kJ!0vT*Jj;LH5y6Ji}=wE1l3r)m+kQ6S2;oDHCdv6hyBmO^uJ!3osAA
z6)IZNJka~HFj<uvk=J0p$Q&@=DG-b?S?stvp)n?}X(0D#Xn>PwqYugEjgvv-IgZz`
z!qG;*ft4Y}S6BfIvsmc7J~xzwNee4DXJpB+DT6|NBPQz%z)xx_QdoUcJ&37SvT5H3
zDrhiQ(G%#F4P*njq;D%F3c#sA3z7*9^Esi*lRzunRr2Y=F=`;xO4~x#M22@IHO_F0
z;8X(VO^}zg0!ZZSD-p>_^$D9vkj~LT4_B^k@*c>VO6y6!xup#Y-$N{T@(=7~G7lnU
z1v3v&8;Bi%{Vfp%2tT)If^7Z*8<Y4VVkb~*3R@c~2U&FONml5p@U6Hi7-^8WXmB(n
z><cio2yciqFzObs0s)zGvc4(R7VP=b;6=5QmyrKzSJyVyMlNXx)smBf-M$Tv8RBrz
zMxn8Gc?Xrcwiim_-kX}}J|YQ_Y0ud0)<`Sq5(kfqjP*(WUl5Mkvta^681{HzpzUo?
z_LSH^UF?OsZFhH@@pMa@0a>AhesRYpt6_3nwKOm|gxt+ZZPel`0wB5CSq63=xY5H)
zS)3E`?w$&9kvZkW)y38%Z&GYb#D&9Cff_H}M5tkt9|`7c66CBGVD=@#;$4vgG3l%A
z5?prPzA|=SEF^u#w;wWmrz<aBVIv@Qogy-Jg<-e`CNVHxssL(*mLw{(x2Tdw%QmsR
zBNhM!?2GV9pjAj<8_-6aV;rIY#3!oQvP`PzPZK6-q7G||{S%cnOr1e0!MvrX6u!;V
zWFcIaBdBGd)~Jz7CtT7E?Ym8YAq<8<6a&;e9$$IH6xCr!j<6!16-i^2+Q|`jLAJMw
z+p~QP%d)dtP~;2*I|1pmL-`rD#!5?PN||#Z+0q*Dmz?qf?E&~lF2+gOsZSZMPxZ6K
z>a-N<flA<6)lT!cIHC2L>S~`l@S3WvL`Hznh^3wH09l(fFsOilRTo|FVn?{P7+}@@
zb>NMNXtrp1C9#(M)e9f11~n*{^e=1^63-FGD>b(Xo0HjFwJ?#cZGp~WpsC4Kjr<U|
z9%o=o)DSAmFPtIy*SAF`A0k>MqQWjHNPi^>d5q_gH<i{}*(xNP;W6!%OK}CS^Bz&%
z+AM%uR%Wp$rRcI~(Q=O0qr?hwD8mwjHm9Mg#Hox^kZP>xy&zo=e79qID0UFBhcCSr
z7+X*%&(tE^x6j)eJtEmKNLm!GAhI=EQXSu6!L~1U;H!P(zynyUj=K}Fo-|-q$5mch
zZ-u%OBvIc6Hi*zigj0wxK6h1_S4b+Y{6*!CWYM%pf7B7y-IZT=Y;zQQlJs^(JF>Sy
zPZj^}n7}W0Xdfm@?AF;meQWvk%uhIC$N0>*1yOaF?-?ri$fr~s`zo(pf=IYTEOLRw
z4>s|;9YG8hy{j2#C0B^MgV&0ECt=?$F`b$j=GQRD$}uwoec=&DeQqFF**001NyK3?
z9x%7h5GjL|si@|N%abr4)n0W_wRi=96I@f>*qC4cZg0QU`R)W(yY=IA{1H7(WEYD`
zwqeB#(Nhh*4~FaBFe^w-?`bY2(>q~N2W8)k*$+ePo>;z4$#;vw2vj$R?VXhLt>kTi
zS;OaPBcW%>k;cGv%Nm)DbC`UYW*@tplbA!oHUT@wFXx2iHZ^b#R?aOtqvu@OR7bTo
z;CEIwr-kj;cuE5n=yWimkxA8TbqK6&%d<e>ZJSHDq5axAqw?ZSK8K0ttS}p$utJdj
zVKLAL;IHDPPNW!Gl?(p@HK!Y6lzgQ%W=p+<a(&(r8WT?fX=S4lwGS5l?W8Y}&m$69
zGJ19Qp$I1q6e&uC++~p<uEE0_ihsjt+VEkFjV)`RRWH^KG_m6dyHTxn-+div1I-G5
zirN426g!90N0Iz5vDTKgF8kkg&CxY;_P?|7DYu6Qv*Cq}iO6#!dQ!iF+Rrdo4$Rk;
z*7p|700xFRuzjSBNoqEi&1I}cV73ufBBQ0%Bsqr|qv)!Oo_aKRDL6Au7&_UCa^_Uy
zq^eucl95h=W{^Cd1UA%wLS1)LA9eH{RrMqfo;|8(O|qjU)wmW>e7r{Zf}rNcYgrnt
zSW|Pe5<Ro6rKPQT)-%-z5A`vE7xJ(sUnZ@xZK`(MOq^08PA6cKY?>s;K>XrlR5Jy)
z9OhV3W+z$}zX*I>yM~7Q`+9m@Npvzsl3|7UH|^@^9@^SDJiyN)P^Y`s{d$-9x^L%@
z`~4RFK1l0d#ma@yBZj#!0tt>nh&_gf3=z%n^<-Fzu*sc#;T_q8?8r~x(F5?0CX~!*
zf<@*WO+-dPj&I1A&J(mZg#)ZP={(HZPoqwx4%_|Hyh6(wLDIP$sH(efc&K|v7a2u6
zdc{Hn;uPF7b4ZCe9HpTKm@90;Adr)-8q|F}yolWc5t>ND*(vCwA*Mm@;A+@oVdEx)
z3f2)AQCPPiidOV&g`Atv1+{t~v*!t7=?&zmQdbAQ&S?XFc6Ij-4G6(U>{9kfu&Ad%
z)NiDAA#)PS*wafo42npslV-YWU?3zRZc9(!U{|N)bI-h`!LOdisLD%%vAopRoS*J^
zBUkY{p_;PM-e>}iUbCZU#eshtvKjJcG9wWuG&2EC0u$t&#oi^192|YEO41z10whKN
zGhTpp1kOOzC|F4v1_5_Oi>o<P<NHHOokFV<*pT#5s;f(hUfo&9;yVd{APTMEu1(3K
z&Yn2%fG7W6*fr1>tOG2C+Tr(L*HEwl5Y3-qgZQJJg~;%0ZkN>Dq)&6~8G?pC#O5p^
zK(Dyw1eb6BA<=agiHf0Au=qs8nji!a=S$jZ_j#Wa3Iu~zqg{(E_DED)>k1ZvFw|KS
z&eMIOItW-7&Jv7xHDL-sZj%{19&jea{mPFD)<FL49&}Cjbl3p~keiL{Fy#(fA#fN>
za|!a6kPZfNg{VnTQn0Z6Ae0fw1T+IgLdobE4HQl~$OJ_Cif2`GoCsEY5mF&0IM}_d
zzq`LHtdK9m-P?L+E#O+^kw#;yiCCM3QNeYUp3Yf1jY5r(lzE6Kce|py344#d%aGMX
zmJGxSV<KC3?|B_P-JK#2a)N8vku^vQLa-ymVT1Gx8g;i>!4S?YU4kgsf{`E@cCvD`
z!x*IP)twIWjk<yE)cn_^^h?8Ej*U~X&0pGJJsZ7)a=y<O-+tWtiDJ25ikpc-b`z!1
zsTEQh6!(q-;cK{nK;(mzrl#S{sNkVb+|k9Ih2Tq+XeeIzCa9bZyHgwPH-3A~deTk4
zoyNYmvnsQQc~By<j3Lnq<a<&pvy4SfMWYFM1V|cHfqsW;VET<G;pP-Y*CVYO<W*>K
zyJ&kcmf+es75g$&-prNC1!>3gEj3TaU^Il%Oj8}JMA9`eYPW=Rh*}HbifLq=q?V>(
ziN&=`!$8>*MlmJ|D93(KdZBG&i|auUqK$FX%590!j_l@~$*2hVR}R-KvZaT_d3?*f
z7<Qw@AH}SBL^5yk6^~v~5U_&?dN4e0OxoE63SiN00C5PF+{Ep{SS9!`)n^?EZr}tr
zFU}D1pX=?Q<`Aq6Cx~lKjWm^}_>`Gq)Hmeeg}AbK%7H|SpipHHE4efgH_2v^Mu8vH
ztjuK>z#Gw+UnkY?k~hxb9(v}(cJn9qNzGw*Y^M$it1IN*rfDu2A*L#WN>8P<gibcQ
z<WyK#Z3Jx8M!VwRt;9zA2l}=RbPWzNnE;=5Z0qRm6%U$heUpAc@8JlFpv_>44wdI0
z<z1AfE8*>;yhBkvsZr$yXtJ}KiB27(?kKV>j}c4>hlcenMH1x7BZ7T?>J@VG$Poc4
z5s30TJy*vk==23?l-H0_N9tgp`)Hww^xxu{Jmz{)k=5RTIf^Q&vliAjONb;bZ|8^V
zzt$V_E_PBn0i_)-Noype`2ASKC4H5$&K0}HN^AjFCTMkpKJhKCRoZ18bj_5Cgy@1w
zd%GghipZXL0|X)!ER!g5TudNTf~4qBlCarIT`>Bk>;aE%<bbSs%h>B$T<BZ+dV4!I
z_YDknbxO-!9z>B9HGnHBB!$g(x3$k<t?7C=qJc9WI@PgN>x_G6@0)u2cJ)>$Ibb?5
zOA7*%gG$Rm3>6KLLc=^YN8HFkxCiH`N*_0v7zILF9yNvb!j!rjFA-_*Q`p4J^6rbE
zjCPnbjF7Ynk$7<j&cZ|RPK9Hg!FL|k9S+91!0}x|815p2C*dG`4`CN{*-(TrOhx4b
zG#Ls72cqjuAv9rl0;WB<Zwu#W7&dgVQSoStIf&%7tntmaCifLyofzyjop4A#nVho2
zKGRH$U7#Ighkn-v2hLX_6l@lKhJqIhS6!uWP5^D@n?wc|K@Q3|(1{?tglULEFz{2y
zAikliw_?18&IJ=jM#+qU>9T4Xps&!VM}tTczU;}L4|ya6$YJSAfG%l(_fd?A?Rt4J
zG0T`mHf9;qV`MV_vZtXmY2S~-O`BKEoZFDG`tTcZ+in*ul4p^d%yhNSNJf~sFi`qB
znw`ZmKobSb(rUrOg1lCWu97jsy~+C>c&EJt^3%Mf?na50QN44($-BqmaSm(w5jq(F
z+L!L;^6_C(I%_cM*T4I?Reow$rbX^WWMAb-(E9}1QO_R1Lw7SG`hq({{<GmMt_vJm
zvHf6fnY{d#Nq^4Hxr~l8T=iOsL|Kv|SyT@D+$w_?L{c4tE2q(T+DcO5+d90hYiMha
z!<1>6Izp>g2m6M5`+7I`5aQ>_1*DpTv?kW5j8@r=%e0YhoJD*}iu1!o=~WvP2cJg-
zo1MLb<V=ywKm>ux@$E6l31nI$Q^3c9qCoE}p|i_#r~*=LL&JE+z8@V2dnma*n>k|g
zmhRrJAyG*Ob^UlA>O`T$_%Ks@vr_E0tCU>EUBaJ@_+bE|YWZQH<RN1NZcXG79AvpE
zvJ21bR#r`$Nvh>{k{~rGJIIEkn2=mXPr(siP4iPeyHlbrRwj9oP_v0Lle9Q*Y+_+j
z?361^RuHXrV5?d$?vJ|RPF@N{d6G6)!cV;N*xoldM7YGz@YcSay`61#s1u9|0nTI?
z_9GxznD7u~e6oEyMDre>@l<#$T^*gB1Kqtl2fLhc@C@#15^Un9z^x!>YQlJE&F(?a
z9}Cr3aocR(Q=?<cmaajk0%39~-83;PpqAEsDnJJVU0Vrs0-6OaSymf`l%l@%m||O~
zhbpu@eGtxGv?N?wb@uHP3W9W+AmV9(xfbVxtmVR!%@Q7Y@0o?EV@7w}YMyuFpN3a?
zr8|FBmF)j@SSf&t<o{`owXE~{f32PK|C)`Do&SfO0EHAl_LHN|N6gnFi>C5f#~iYv
zP0@9j{~_A8rjia>Wk=5D!A^zyE{*C*t^COn1+xac(Q;g+kjsLf6zJ*EXxR3gmdfSQ
zx@jd?!BJ8oEyh8Hus9}}6fmYpP=&Xewp?A|$$+)M#6_4#yiAt;+@{PXFc~y?VM-4E
zfI(qS4r0^Xa@E^1dBKWGGAWKi63iXJO>QNvS&0$e8#8W4vv)Yb$^F^Rd8BA}KY=Yb
zI_hqVtURkpPeUo^xth(WP4I?Q9@^56rXv7MFs+UyAs+r1L|_?D5n4CF0WahM6Pvc;
z8FYl>xt!2|lWmw{h9{o>F=M~88H21VQi6@Kkd)hr^NqRmPA`K`k^O&i7W}{0wlueT
z_WxLPZvUT+&ym>Mcj@Vt=7J93N6fw3rg!Szy~c6xjzVI<=4e}U%j~*$=k??UGy?jR
zgrS*mr;dhys(ogPL?VilU|2jaO?r;S?XNU1v|WQ8ogG6RWIokS)l%tcZ&%+yr!sjS
zO(Hcw!=Pg{q#Ye^>VlWSX4Gja;#CQGO&S{{Ov1`#f}Yyomr46jT!xV=McsnndmZfQ
z+kC-LSCCbU@Fr2i-wfB&+q?4@AWhcQ+2`egZN-YU6$^<P4Km6tNli_YQF;^YM*Z#?
zUSU3XUIbKhoJULSgu{17@8WM-i#n=z&61<K#@*GK&og?hJKr_g7uw&ET`E#xe|BHz
za(fZFz07N>t9=~Joi!^soC~YAj2`FirnX2;X+BM{XNY+GAvP6sxerogdi~O8;6qr*
zBVG1Jw^^IxD;RY=(6x-<f9~&8PWZ<*&FWE23$^}1Z{fpqFxRH%U|vywS3EZ|Y9^vp
z%6vI`yn6jw6=|`1sgmM4FC9+bj}<09&F&!_LLW?OS|%9m1fhg95hKT>1}o&ZEmP8!
z6Z$yBo7d4*_H&){Ij5gIUTBJ~4g<?suo59+HZ^-8)B)z&ySjT@nnkl&EY2KXkEoCO
zoMT_10nIs9`(3f;-_Pd!DhvBnCJZ=;qte0cJaRa`BdWQZd!|^1?OZ7|IDJ=1h?!(t
zA7F%I+P-dr3j>Q_@9N1u4d)Yc*s+(CAjj#QJ)LL?B=}6h3&(5HYusE(A4yGgf^Zxk
z#??$lOPiH&fJ|G8<Z<WN6fl^^sBv|g@IaGpB?RXnyTE+VH4vQAz<^RW$8x5ngK4F(
z$xtaF=JMzv=dXkU*qa=mf?+e45}_WEWnhE`cdHxh>lvoB2;Yah1_t^D9G6Y%u~|pW
z_r;D#+h8~Y&}KDshf$g1QUs7wPx`M1dWxb$5r+Dq^W*G=N+6fsohDlVtrwu4J-StI
zve4@2_haP1cNlzG<)9vncEDovZ1~b9TJtDAk`WTxT%3sV$BD?p6JAj<4ayNRq9kPd
zMT|J=k^ORUm@ar8tgPp>U7>=G(-0B~;$s__2``@1H5+RlufDSRSC_Qu<fC0_OQGJV
ztTGSW=<F|PTO=_+;N4BOKQ68KyG0h1M2b3a^Jo@+S5KZGQ)Tn^w!=k~?kQQ3*hgM}
z?*^qW&E=Ia40y`OadJa{(pYrI<}gYxeS>tvAIXi5YFVZ0ysm)@hPHS2Zd34b4zj7*
zN9nYpPLAf1<U~z_Rp`w8f(s4MGC7kWOVbi?YX^6PS<Ey5>17Q}xJX^Lv1!{j#2hzr
z$plSNpqdzvFgK<#pdxer>qn9Qy2H3!O_MfgY+>qd>h@}<O17fD?RI;!?A#7#LL$V{
zbp(7Zm(`}t6`9L6z2wdsag8QYl=vcKhcj}fjQE1wFfY$LOeR;77wZg|+?+f3QR@ya
zFHhMGTwb90o&PH33SMY!O>=FOnfm9PxGU<!E&F)prCaW~>UQPMyRlTvQ?+y#)Pm>0
z3K4eck&5P=wT}vC?HSO&+hw~{-aWS*j`(soN}aNE!+1}sX2&u@1`;D~C7sLBu(Gwg
zuXl5IUs$Pwg0DtTYZ*_mBZ#M0xes;0yU(M<1)9B>r3>0ZF3hh4hh&1q!}dv@l>6jX
zcSpo28FsiC`z3R|=nVXZ@p5;%Ud;&XG##5=y4zx&$Ig&Sa8riD{+`N(9hE1i;gnv?
zPq|ufQs(I>^LQxNlxE(~ZE=cF4MekX2Hh<LX0|n|pja$n4*N@)!>t`VdjuqJRuc*%
zQeV;nX;*}9LQRq#mTZJM$Q$ZcWyjX;9$^Ix8HSQl(^Cp~3sB!mzgmuT=u{ohOe2?#
zYYGHTHnM6~PfjVhv^t^cNz8cf3otiyaN6l3#7%i9O>GG3ys>;E?&ujH3;6=S+QK3(
z)B<5?gVH#dyNzKtgpi~ub@{c>*)=!>%w(YJT&I;z4Qvq@B#f<OwLLjK>p#&u2Dc4%
zUntDP4tg&RZa-*8=U0g!Z>VqRf_|Y|KQnDoCbMXKH<h9OMESw*?ZamJ`dxI!jii_t
zW#0aK`v!OR_Y*eb0|e{~W-bG9JN$<Ys2}oaf%`lG_(dD(>xW4sP52X0k=p%R3yok@
zO#vMjZKXqO#qSgs=wMXf*P=2q<=~qZ2nag3LVH$6$$J)5CWz`ducKRF5?j<XfTEh<
zdW$4VJ$?$X86qook~5mqMz3Z~8rj`o$O5*CdFt#W+e^om?Y`A=X;g3L;}fK|Yir_l
z6ImmZp)S;X@5Sxc^e1-TJ#o+&wI<=d1MgC$w$u?aKPB##Tg2@j^Xx$$doAm~=r-@%
zDlolXgI@!h8I|zR!d%lOL9oT5J48@WmLN2cuRc&h!McOnce>`D(GT88siT(0S&ePE
zTAKJEAP-}nD6%Y3Sn%3XlHdgrtPJ~hkX;K9E!6N*t)XNMOp$Hi(IpRK+|tv%!)IT`
zyD8K3-Bt%L7$kG!+R!+mo4FCk{IKx0dS2H6V~8$7-=*U=7D*(N$^><CLxTikR3S%~
zF~7D*L*2dIL){%c-H38u);5@n!=T`T+VKNKVwwWcP0NxUDCIvXok+|Mh}*J+{GlOE
zK1KHLe8-aQ`Hm&L;?Tea!x(l@oY}ORBPUL9F|*)4An)16!OrjiAxXHomzv3Haf2Wj
z=10L$2}#4)O;AED_<T4!X$X8Vokq?>$qnj;;p!4}ji7!svI(3mn@z(GSwQ9v?38Q=
z9ijV3`&7T2J|+79S2F%jthpuTjsMd;=l?$&A0Gc_mnZ(ut|J=%r*Mn_U!Q#%0I2ol
z9sr2D^;a?okP~NMl5Lyrm@u{i)(Hwj>EUpr#jr2T;9QCvvuiGL%&dP3@PCW!!cFDq
z1DO1}HEZ(mfB3lg|C%+eYpRqr<><WF=T*-Ci_Jes>^r&+ua6@8f3$T?vupm>wl>ej
z|C^Q15E#soGsuJv(cr*zS0U#FBZaZsfC3aVp4Btp776MD%b;#!j^9{PAIYlOsT$G@
zoaNv)l{81rMaij1P0i3a+rW4qpt053YEV{(=FRLxHbN**JbE=YvYxdpIcV5L<H@v@
zuPC*2C;gEFYz`y+fZ;f_&+_uXQ>bguFhI0vG&3eY)BG`QCZg2TY%`1msSw{CuIU8X
zA@T~{kczE;5%DwaqwxA~ZH=|M_<wUW7HgSX|FiK)8gVtr)mj_48lOd)3e?n~nqULf
z77(#KfaOs&RD(&WHYoTHygIYx%ob9^zAFNg`(Pvz3E>K69f3^^4Q&N_6V(dl(it_r
zJE&&ILLp}L5HYO;xbs0g94$yzaNy!}AXG!-M4@#srY=M40rYlkQvzWHI$DW6u>*yP
z{*^7XqG3j~y}A{2!!fC5)8&9;SI0nackebE5}zSwwUj}MPQNpu$e5WM;V314+XMMa
z)S9cIh*F@)rL|@Qlwn065k}TXwxN-}sYD`d7~;DuwMX^f5g1Jn{^Y^W^sEVBbhhFs
zVBv+;7~&Sbv*9}hrro$3`uMmO-_1?<f>w&mVKS^}Ni}0aj4*VeH8PnnS{j8FHJJqe
zgAl*>w^GV_QUmuQ(F~1L0qeH_AT%JqWhFp^2Sx+9iy<urQn25Ra5on%!6txzz=VWU
zWUkBh-8O9j*KB}p;M}Ovr#@YMfm~YKo1uZKsNX?-tyv!k(>rHCkW|MFIzVu>2LjqM
z^W34iY;B!+Nby4A53$@k`wrzr?801792l0G^v5roLS-Y&5dtWcnE6mV&6GMCaSj=9
z>p5`wU~|C1sVUUAu{%$Hz5{23oCh<$5EP~w-!_VY$IBD~AkXxa)Tullc_DBkt&{~&
z2oj%RD_)`|{~|A9%z*7(!<}85cW!ftf}*}Zsew|Ssb+e1b})?#Eez5y=;2ctNTY3Q
z-Z-->2TKk(`n(~K+xy|lC_&B=CVf2vMhqq}D2T9;k7*W66xm?Jos&n%$g{h!l-O{3
z!RrX;niRrl25d%+FLBP`TN@1`=#T^5p_Pj+64^|iI{0{llGc+FrLf2JfYQdib3@W=
zvcFo?a3L75;+e)Y;bTd43O2WFj%_NJTvEe}hoz_%5snEE;=(As*`ovcaiDckr9h4L
zHR?)XDU<>k(h+S#z&H~PWTX?Ev*#ti@4J|43PJ3MDg^<qnI1vr|Hy*QFnA*x2{Q;|
zB0>TEMdtyu-@{>L0>i4&7fQkq2@3SCSo5NZOG3!lc;f*dMvVAC9dA4dPOw1FtYM`-
z06!=2Sv?E6F$UoWP;BsLHt;VZ)xS-evIh7So$X2?P~WR1g5Zk47M{Gosc4Mpc?snZ
zp?Ew(#LgsCXlfOUWMbq!*^>0V3gUuExLG3j2lfWSw22T7FiChO;W%RDW~iJnOmE#O
zpSoFB?G~t=RVTf*uaIkxOp!55Ra>Dd3WctklSOKdWMX0Rry2gVz@OF{#<YU+AtFG2
zl1^|{bD6z15ekH5>SC3W5Dp_2S}p!;mVdU$KU+imaDuLlbcr(_0^ZZHNF>ut{%axs
zwb~rYXUhaCV?ziy^+{Kuc8TFqEa3Qs&Ya^&;T~w+=EJDl;#*h7P-!i-`nD8kPy?mZ
zCvQgpyKn>o>6fek*!V{P+X19eeA>*Ow&1T8_Nx_twaUUK6Ow?VL+l$uJ@Ih{if~x4
z-_syjtdt|aRESZiW?a`{`4wXpWG2vTKNh87R}jfHjK-a_ugw{dsgNT?5d92dQBKa#
zf~&ZC;YcLDD$${x&FhUO4I_)(NUTV!u_Yag+GOps6d5`DFCJ2!&hL!Y4e7uB;)~Pu
ze8q5F%!KTL*hqb#8faNKW5Sf=r4{;eb_s<r;xdy7`wCXs!Pa%5>5z<AHP##rH^;*3
z)`eTcYr@g+x^T<daBFKg7LA5n-1w-ctye8+6(g&0H95*96=wpQCCVc^m)Y#0x|k1d
zg4Wo~H@jYgU_zR1q(!E?_hW3JLevo}W$N<OZJyaSUxb!y#FtJ^WOpQZ6DSH@_wtey
zdpo-{g*q#ykr0LoZmFPrEXu-AC7B^7XI)J?GJT*H?6oZjI#^3YdF+JiJ?Nth*bxVq
zcb(jq4=E`@;VjHgh+IudNXmZaVV?DBJ#^?f`LaoOgbz}~3f8mpvVuB$I8?$hiojbh
zbRlZ>#g<)7Od7i(j7@#Pt}nSHtTZ>k_^E?p5)l!SPQs!(nCTcpHFOGm^%V>c^4!>3
zWH((mH`tV2iuO6c>IH0A#Hd4#6bchTP{(@55TdN7*`j7d^t4GCTR3V6+08m<m0Sye
z;7hh5TQ5kvz6&*=2EvL!j99n`4a;k(B=W^85I@?bQ#(6k%3ZiC&3A3b^f}ghxU6>;
z*(#s4ql&Y-NVXEp^$1YwD~P|&fUQ=7uR6p#+ng1y0j7p!0`y$iOy?S<vbQkBZ&m_<
zg7+#ey&0;?-TfB6s-d@u)z!2CIdLhEKy4f9C>+I{y6|oVo2lFpMK`H`eK5}F6J2)V
zZ3NiSL@-2C=KwpD9tE2(ZE1#lqOx^`8V8ppma;1^f!KWl5<@;$@GuP{8jFePzPS<`
zXH!<R!F-KTf)Y4sE|GC&mHhAlnmnBj%%pfhkn=R>*OWkpmE4FJVB!Wt&+HB}V=4`M
z_aQi|PwJMH)EMp7`_4Tb01E^RPNGUev*<-)V47PFVV_`);F3Q?MElG!FnwUUv;df-
zIw6=<1r$z-tfH{ToLBE9ne}+>NX87yA}{JGPU|CrPC_tuU^6W?0`a)&1Ca<RLfAmP
zqNhy@5N3?#YYe7=G{ylI+DhmN8oQGQ8000gnwd*lVk>Nd#<=?<?}=9xiLv0^;$?ll
z$#qX=(Mij9T5)ft_KutzQ_24Wpt*%l$bYt6?41U)ZUdtq2yw|gp~0USVjHQ1KXYLU
zLm{jTFlnp!jM^Q|XlmVX=ARwr`fP(a31M16g%=1r!fd5C6l5VZ5cf!K%#_$j7A+<<
zhr_ZASY)ch3jT>km|l_$Rm&1t2yW1`A!_`Ep2pM^952>Ak8Ml^HQ8j2Y+v*V^*{}Y
zBs*eQ<Is7VVsG#T_X0OV&o`(mv4MSI#r|>x1}BG=7KRA$W*|sRP=cDsml(4H){Ylo
z>}FIYL|LSfEBBRDpTelK2r+t^th=^~S|m{U(3Z3rU+~x%c~c}PK@b5Tb#HnMf&f`8
z_I;>Lk!VJy1kA<}0K?lTgeDbH0R_d1`SpzAAtWYNiL<_Bsh72nK@{NB;7BL57`GM?
zr^KeEu**Q15`&y1MG4lLaKoT6Li2+h66r~luB=y@J&jw2u^YBunxW0G!;%MU$FK*B
z-(X1Vjd4N4NK}qa*w$8zP<Yy<QYdAmn^f}7xIDYGgcZ-o^BcG6CoU3*z2ZvhBTM^;
zx7i1xSTq9vixKRfNm`;O?5y3FKwMdwxL6ATnaF*}f>HvXd(Y%YIDN+DNk>4ab!CN_
z0}{KLZ^~h;H17+wQy0;h$hY_<q(CVacr5Qsw|l0VK1sk_lQWoo77IC#ISDlT%y1$v
zkD#tqnhVQlfUgxmfgLo+g#vjj&Zb%NP|5;!g}Fju3h@TuD~Ka|={XKNWbc$I02kQw
zCrXYSQW_LcC!(7Xwka2cB|O^`kkw#O4WkE&G#2-&6LA?8OX@@tMvli)t6@yf{2RE3
z?K<1GDO#jvH8Rf-tcvs}$TwNOLwljh_%hU#nkG9edT-LPu9O+-EaMxHWT}=ZV%%Q?
zjRCCjH|TG52#p(7n%9W-u+CJW?L?N4kdX?;@Q~&l{)#IA5c!35%gA5+uR=ft5D(?K
zwvbf1o>IK0xbqxiW-F_exNDU3OrUZYIUa>WE}Kwv?XjHOi3APe&142N8np}xS<vlu
z0A{02auF-!>A~bZV19=Dt(&E{ZtJ6*O_@?)rH+$gOlFAJ9#TA{$Y2?w4rEFI2hiLA
zrK!;~HL&G|G%h<DMqc@eflwD)_TptkG_odCpyCLv=(yLR{)s?D|4KU^)lb`kxbP-J
zohAa}Gt!ILuOt4^CMU<iFC-?eKKWkFYm%B|Is%7&^19=UWHoiS$I_gWn}sCpK_Hzr
zmksm?e-ZNXmO}GXVEOyck57f>hS~(x26|^O&rIdPHlGrT*J!>O$Z8gw0bW$<lRaJ?
zoAC@d%{f+oZjc+L;{mm!a^nR@EY7K5y+`;6bw$8u)Ei;KWbO&fY>|}k2<>Iwp=xSy
zM+z|S2<i(#V{MYYJdPWDCl9k=y6l9{ZqNd-(em$j=&*mVLk;_x(6iPQ|AA7g@B@M@
zf;1sK;sS>F2(|(K+jRY==L-JIzOUwm9Ux7yZ(9rz9=L%qy}&p`VL#!q62mq7LN&fv
zM1kJMBEyxE7YB!nFz3o%`VHAH>}Tv+)cIi<!cXi{DHoz_yaWR*)u8Rq!>CSDe6pfk
zOCXf>>KEL1tDdt4YmAD8{Ol<U#H<LtgrnC-Sju%P$HAhiLE*S!>+7+Wd>3T5jjAy|
z6xO^;spdXNv$~x8aZe}p+|nh7Yh29|h_x(U$Z$X$?|_*1$vV%YW{@de&sw8rdF!4T
zjh%It&r^DFP+Do<hW#M$0W@Zh8y%$-?tEdhF?64b$-mY~Kb@ZFZvh<o0HH2Y#@&dk
z4+l&_aB6l+nj3DAA9Md+=X&6D!k-9m@JAw!ooC{F6e{V{ptn~KV9xNs%L`K|jA~h7
zeB#)o>T>I@?%fc2$KfgAYCvvX>ezu<%8=p)UX-0<e$UqVJaoDhp9-*vkHsO#&xNs;
zQXx<K{=oRc?chYRBL&L}+$UHSj}a??dR7eYELw_{X)dA68d9uSnHEs3<OP>+eLk&l
zNv#Ob?qYf1b{A{$2i>Qbz!O|{Wo~@?nYQ^rU#M7fX~hKSixeviy$k($%t?!np}-^*
zDVcvHg{H!F!-63n^t4hNX&yBLVZVDCJav!*&XJC9H1{d|DJA|FkI^>MK8nTvTie{?
ziT?%hALrtKRsQ3S{1xP(ze4Q=Vt=*!2mflXVR7{~xUT9@Q7u?8lE$fy08|R?H7>OV
zJK);}xT<b(6JD0l-W4f=-X!oa5>Dr`^(HIkbS8u<H&Q9Md$6l|qE!jm1YJdN2Oy&n
zi_j6UR)y!mq@gC5+LONx@q0OLJu|EGU())gw{kOP0mb5fx47efHb>X4om>C2@)0h<
z)C5H841$s(R8vh=dEk?(8xhEu6r=(B1KANGzEm@-w^6D&Wahoxin`i~OgGvF4YS|`
z)uZ<9yPep|W$J6{DLtuXgVfnoD98LLj7cra#St2Y4y}m6<T_Am(pYq8<0Pu6^VDqi
z*7OT9m@>zx;*orTYbF!(-7~{Jsy?Ubw#XZlu3VwvAj~;otZ0W6W_Ez0y41+(W90Ok
zL?+B80Sil4*EH(_n)=(N#I_(>9B=6A4MKUrVv~ZRn`~ruXgF%5DcC~ThJ3X1ZKTuT
zZS03hw+nTWd|{6u?i_3e&_az<Y%FPv;IKF@f@pUZR(5MsVP!&1LWG@a8niABhAjkI
z)cBJ3Ou?>MesvHu@-C%WD!vYG<J!aF;j}hMb{lOkn(s3hK*M&VSK86}5%_<6OeY+^
zED^uu&-CMex3orE=i-0Q#>YGV2_s%+8kqk4x5mipx%r=kkN^CSWXnkcGnoH1Yv$Jf
ztbFp$Kl#-dYd$kFrjH(OABE-rSai+WR(JgWmgc$m-?Q@B*1h%2b?W}A{Z%i*&umrI
zL{-%lRaN_zEV;V6`pv0S$}~;OvZkh{uDa@~dGq!!TzFvV(rb@7=DOpLzvhG!-g4Y=
z*DqiGme;=at;?6+aMDRPzV3Bzd;RO*{)RWa^VCz{v2x|RYHQye2;5X#dvhrCo>1u4
zaQK!rYu+D=y?5=}55!`(wYA;e*7l)|8$Y~x^G7>7KeBoA!R^~WcFs8;+p**Bo}Q2O
z_kUt&=;P;}d(W<2_g-+pKU{d>r!Kwp(-&WS?`4;LW@P04v9bGg{ejCbf50$4pG^MK
zo;{zRnE0|~eQ|2)%U53cl{dfnt5;wBmAAh2tp^SqxZ#Ey-ucdV-g@h;AN=44Kl;&+
z?%)5_g9i`ZefQn>-h1z-KmF+k9(dsMpa1+9zxc%mAAIoIYae>+TfcVWjbDG;+rIIx
zcYX7wn;v=3dmer7d%yjG4}9kXANW5X{pk1ZxZ`_w-ud|5cmLZbKl#KbKl$W8{^Jks
zzyF8#-~ZG<|MQQ&{N<ni%fI~ep@$y&#y7t4=%bJR>%ac%p+i4^?6Jpw@Pi-x_{Tr~
z=}*b4ryqIbmybO1?6<!4?6<%DAK(4%uO55s*H1k0o9}=Bw@*FwyPy8_4?p_Re?Iff
zGtWNz?9)&G*K^N3_h0|@U%&Xp^Z)T5FFg0$pMLY3KmXwme|h1B7oLCqMe_O6pZ@yd
zi+{t<|NHyj|9+%N=#}#c!yi}+RZCy0T2+1e_WKS#bnVjDG+g}XeRq8Qt;<%O^P%nc
z-}#NVpVD&qPaeJhV~@OB+48p2yFYu^w{8gz{=>!J`t04`d4IIF`EA|iFFzDGaCzjq
zhg$~vKD_Xx+8b8<@o{C7`HN!%k3M(qIomfa+InvEHP3wPu7%Gi{g*AAchWU|E0lBR
zcP)Qpi+00LZaVO>n%leP-|^Yg&(NxG{m}dcE62^7&RMal`aRL(?z-XJ!D|jY{iy@*
zx$dz;_x9HR>gH!QZQB2x_b(cH>X}d6ed5CHx1WC2)1wDhoU!D?>ks_$e?|^2+<N<=
zPyXn!$KN$?-s13Ohd%h?{GS~6sZUw&+4QbM+fo;9dz*Ra3)?rR->2O6i^rDTSoP&4
z&;8(~i`FgpNz>^s-I3V%$Yt3B+it&YDDl3PffMFE`1g-|b>H9qP!;aqxV&ds|B3|z
zOaE!{{BM7_bLooY>CbMy>X^rVeel|27e0M$Uv21)pKa<ty{hZ9>Z%nt25S1>zhc$E
z8U5Ft*4y#@uB-m?&rkjIsy|g9yuQ2l`TAui?pZpt@XhMu*RQy7$)T0~t4@9L*9Z6g
zc~5;+jZ*u$TQ{Ya?d@N&<WtM5m4VLBtyuYsuK9~6w!PsuznI8b58q(bDED1A_>NPa
zc{tv?=$h+J>w9wH_m7$X=(@UhG#<a~j%6o~KD>0rwyLk)aN1SX&t5-oc=>e;Pds<S
zK;qgfPyNj=-gEkfJ=eW&(YfmW6?^{AL)S0w&V2i^zM4Ot@x#t*S`S`w_e)o84DMfi
z@1=jfVgB8(dw6T_o-=N)N?x#b=y#iLY8~0W^6C>uwy*m7H&1%}4L?~~eeXY=)OzRg
zl{L5Sdh8!hzWU4?KDp%kHPvs7FI~B%`t+fy4&(TtLmk!4OII#_<1gACe&n_%-f+P`
zZhiMDHy`ZSea6$j>|Jou3vW5LYou;})o0fJ%YE7xRpsj^zhzV6h6SJbX4^le=Uazv
ze$BSi&sZ|QukF@HPi|<<yl(QrHMiaMod=JriY;i^dtmAPH94i~?xtV;_+ZsvQ+J(w
z?z_7_d;R>UUwg*MZ*1>hR`vD9-~FZe!9V@6&a7JT+@Wp%aPyOg?);{@^|U)O|9alT
zi}x=)?mhc&IOdNl7tH(Oxwr56-uf3`S9kXpzjfbRU)ntSpX+l^<z92&<hJDLnTJo!
zT=kb<ZNA~zs?UEkVqCTE!JmC={ifruKjVyRem?M~H>^B%N1J-x{I35!?bDks-G0+)
z3#_l7I`QC-7gfzW`MWEIwtnP&^B=rq-nHhRw<q3x?5C_V-g3`<SN!@*^(Xvo;^&JF
zZXUaL^LrP(edzP2sIQH5?7aTBpZfLjUw+}1uZQ<9Oe{S0<YSH<eaHIm%=^!(Tb3RB
z!^XeA_~&~+^I+B4r!2hj*n5AN8vfH?f46kyd#=Cf|K0t)^q&{JadP5`(|+)k;O5wK
zD>}Y#u<d={_&?331h4&T^ZYw6j@`99_&>M5{lt4VeRAKDk(%$kYa(FH|H9M9F5mfF
zRr<tl?q8mH=tAv*M_2SeansgYH(mGANZ^?l!@sP0&9nQLp7%cojy-e#2fy1jzVODS
zKYYW(`xmWF+;QxO=iPYT`iGZo`%u*lt9lOpF7w2J#ze2a_tB086TkX!)vbpvT==bL
z7O%@L+`i_nMVB3W=PCcay(-+<w{ziNul?hfPQK&dZ~As-r><N0mLGiNx=nX4nL74k
z%dQPp9rM&36Q6kd!zbMLz}KptJG8QU>0^U|KQ3AvGTyCz=+F<IJ>`+@%MRS~;vKJF
zz3QRs7oPa&8B>{^zx!JKH@~abA7?)Mqhk;K`Ly{@-?1`x)j3Pgocwloz?iq9=Hpj}
zFMH#>8!o$f>7K98OLyPA=KLFXf9A<szW3V~56&BUdUVBsb6$JqZ$44A@W9G<pTA|*
z>g?*z)t+&}!k5OM`rkh<eQ;IR_~r+CmIfO3uaDn;*KtGY(qnFWUE`tZ$J6r<Zs|JM
z-1FD)rmBW$^@`vA(@hUP{*NE{`RcJn7oWNOp3H$O&R+fV?I#{sm<rvs@M?3kTD2Zu
ze*VIS%P;%blM9z!bN#U+A6c>T;P0ObK5^5j)#IleIPcjr*DltNKcjl$*zOwZ!l9eK
z`RGk2o%`GQO;^mnzJFz6<wMuL_zz$D#QUocef%}=T=@DMzO-rHt=%g>^UN={DgXYJ
zeRsa+qd)#u)#-0K=bY%);F8|&FMm9+dC~g=cP&48lXAh-1t0zVc@OXY`OWWJbmu+G
z);)VquzLH@=I<VS;=dcuyZ@^<KGweAil-jl`iHLhj~(3htAkbPUnH-1ZR(}xF8R*o
zcm4db{hwWa;B6-#I^)Mnf2!Q~(}nl0+HmN+zyI-tJJg!0*X+OYspC%Eb@|D^uhLij
z+jX_!g%^JIy|2Br`^>Yh?S22|w*9s9m)x}E-N)XU_`j=ax4d)pw=R9(pYA;Mo>TNY
zKKqtmzYyAd$<pxYpZfChd#>Bn_r`zx*%^Ng?LY2+=iTy~cXqz^KQH>|#QgK#m05QF
zw%$!UhwJoDJ^SbIBWEnT{>(sDx#6~s9{tM4SA@@4R<o&T>*)vPJ@<pZ+<9KK^Nr6}
z&HL};PWk#*tM^xbd;g9D|8rpJKm4xu?zXW5Z)oY7_g#Ja^RFFPy6fM+aQVFdxn|Rf
zj(Nv@Z|LiF7vHvMWYfZ?t2&O^5be0`9bfudxGvFqf_m*s?_3u6!J-QrHV?dO;d{rv
zbLqw}zOJR_+Mm2I^6dH7E$v%5__VtD-|qX_-@B&1z4LRw``x=%|9J75=;aGuTXpK0
zD;CwB*}NjL>@#Pd(D>`l`pn}$`u*U?zH!PO$G>@U<=?*e=lB2iNA+i}`q8(wpVsc^
z+x_`%?ayDi{Dt}E8=K#9&&MY}U-h{+eB#&t``Eebp8DqY&1%hCKK13L-)dfYZKiSf
zz=q%c?conRRdZd{qTtid#=0*1@y#24TeUHBZNs>FOwT<BzI)2CcT}xEZRMNJKYi=L
z71wXSe&VT*^!}{tUzLyS`0SV3_ulu~<Noc%)8_rt)3^QKk9~dVQ~&xeTfVcW`t<KV
z`ukt~@cG^Kr(V^(V*8noJh|k+PY&IB@>k|>dFjIFFO<axugacr%(kChHXOX@s_(sS
zvi70hKk(0=-q%>Q=HRk39*Zt~L)C#}9$R(kJ8!A4x~$>ZrPpdpS4KX#>_30|`1e2j
z%{^<z&iK=tcYorSH~-JxFMMb9ubX}`Rdvz9{$ro|Yul&m&#2j)z2USK%9Gobk>`&4
z{qaxU`1=QLGyZq``9J)>#+k~=udjOg@dd$6uYJp9|Ml}tPru{Td7ZmYzO&`RUH|+2
zw|(SG-yHkdhZl@}xMM8W88|-n$?Ic>{&4GO>VAIK{J<9j*F8J$b8DadUGIN?`SZd5
zdNO|KbG7&F{Q1I7ckcYesarSPS@p!-lfV4YhyV7CKP|fA-lnR*{Nmy}Ci-tU_lwuH
zB$t2t=bwDt*A_o<!n+^ndt`F^+h01n?mNGG{nq!z>Z>n3bZz64^BVg1eC1O^A6(Ws
zb=SB0{_yN~R=x3KKX~iaRgdoax2p4&UBBV!&%JlcvMX-=x2n<WmvukZczTEWpS4&0
zc<jv&{pGat-@4%At*iH~U3TM5OLiUrRzRu0Tyo2c`%jOL9CPl%+wWf9|Iors&t~u4
zcGdCc_r7n*1z%O?b-aJ6_WXjTP4gEnstP@I`5#U^|Js99KlsG*shci&aqXKwRln?v
zQ<4iFt2)V?`qVGeH$Q#ih045TuQ_|crrf+o4}5jcl4BlUy!Ek(r5%fwzkk_xTGt$V
zPweqK&luWu-L^aDU2<n`+ihKHRn^a)X+Al3?eQZ!j(uq9hNqS#_qV?PbG<q3nse*l
zdQI?#*sklYU%TL?6YtE;k6v-}rtD8|iOt{tmM{J=9ay*T_ydjI*Dt$%)0M{BWdBpq
zgZK2s>K8xxz+lV#liv1RZ2tZIH~+`@yvGLn&s}tPFmZyiG;s667v8t*@Bi^8^O1Q!
z`dsSJDepM3YTnr&yYQX&&3m}Ds%qJ$dmas}*x!3`Rn<ae-Mpvgb-Z}aDPM1S?9Uek
z9$LKghGkdY)c4z8UfzH6(qHX;*K_0VdiSO!zi(aH`_PhAmz{OevWa)y)OAID)!3$$
zXFuI=>@D*;HeJx)@wSsb{`%3elgvYJIr;H-eExH%%~!N1?%uhgKX%F2mgxOUGKoc<
z%Cc~<>J3Xzdh4bom*2D`Gqfala<$RF==dj<d6z9XcKMQ}RYPxl{G}zmb(8a|7Js>J
zS?}a|&n1>U9?YKeXl%_*TSlT)p-s!KUY0)Qv8u1!vg}QVh6D3X>ZscK#)I>N2j`zR
z_1^PueD5DmS@qiei{7lf;ik)$jvt(V>=X0O>)x?`Rn;3d#eVV3(rc8(b%&x0HZ9ED
zwK)2ks(E)UyZr0csy**mRo8ODYi_$HblYc7dgCci&wG8<ykoY6j(KAIeUDe2`ux1p
z4>nJ|(6ZwBd8a=1wg+B#^U`^XzNRg|_OVlrJ+N=jl9qQ(+<whdmo+?jTh_e&o#$mf
z^{wRoFK(K5=<1pSC%*3SraS*>*_ZD*f3j=$XaBk`d*<ew|Fo;&p_Ng6*}LvL>jhK&
z?sduIbIFOj&rt5$6}<Tk$33*<gqJQ;t;M?!o;SArh0{*BZ{7QDSf07bT6ALdhra*e
zAFtW^$#r$}```2Ve-Ex!2bNrSvGtb^Z=Trj<@YVz{qYt3>Y^9*p+win>t3_+J16y@
zd*?{isnwtT!cAAc@1yg7^|sf&uK(KT>jQTz-M#;&-=28(Prm=*#TRDI&)kxIY~j-C
z+m~$m=*3$WFWle0{KB1|`Q_{9Z>k!}+){tXj_Y&!-h=bzKXqx>NxPR{Gfx}%$f|jZ
zst+Cf#4StXk9_#|Q}OTKcv@qorL%3tyPsdU_m9gydCNQA@s|%Ro4;e(!QCf3w6r&K
z_qor6uU8hl{jY(a|5g81T~$mOKH>g_H8*`oyZk+SzS#22uRiwd!)?d3%pY2^{NV$4
z)&H^ar4@S?PyWN$UtaT}TL;&CVP#eO+T{!0^VT2!^_>e>EweT)SoVDDo~0kUFWd3i
zEepP|ZuxbaJ|3R8wEF2=R~%Rx{Mc=`|Mv9{KGb&KsV%!!RW0jpxnb8QPKYhtx_@DP
z+xqzjmTFZC>o)a&`!CVG-;ADk+5AoYi`(@ZzjFJE>y|D0-f!<+@c7az`xjsE{DL!=
zEoi)N{_5xFuX}#Mt~1{AWX<ve{R^+U@!k{9{m4Cm<>~!ZJDwkFyFc-#zq}?pZ~N>1
zxN!0FJAQl4o3{VpGxIwZec+x?zvHHry_-H!_4a$$tsGx-|KhuDzwg>RUX$)$Sbfu{
zmwj+qR{6{s9ZR=GPdxR?`+Lq^SfecZx4ISY*tDqjn9nYLXzA|g*r|W{^YV8bTD;)i
z&#qX$<OBCCec~UMh3_Q@t9o$T1E>7)<Q>X=D`J}##FlnFy)bjr1DmcKNj|->{hCt-
z?pvICY;oe-i_f`fVc>7~?Ko}4#=w$on}XE`@7(>^!okNDFZuU>zWmFdOaAzC>A!vM
z|DC$5s{M$bab2Ih`airwi;P>T<YD(wSpU}?YiaT1|6H?XF8}weeAch*?AtPQL4TJ5
zQ?2yx+}zW>MF})EHSKEI($v&B)Tx}meP~CI5{pEYK`X1rt)`}~UcB}Wj9XTwt*L2p
zaxya65;3x4O+y1sd!eBi)MQ^9O{^A4Sc$;Kn)UDu{?XLLM!d3JZ|PQ2+qh+0cTY}j
zQ^vHcS{ILN2|d|fr&@Y4p|u-ILbDT*X4I^zsLC#FM9G=p?g^=i);G~sXp2cby<5p@
z$qfP1no4TsxTaYFWjw2mZV-W{#GlC;mumz*fS(Y5ByO4kjFz$?U}<};Civa7v8H-G
zTsJFFy%B7sCN>1N7->sOTa81cZ~*O($S+n4hS{!w*MX^78+HzDZ9EfNS>HqlzJA0=
zOl_>GS)b4+6g{y4+&L^&Pit9%qiW|d0WOh?Tkz2RY&dC*8G()K)e;6qis`8_MNJa$
zdPp@(&lq3<MUfs*%xs*1;HdlwsOy_l@*nBbuWR&V*|>g0A0vO*)U9tCAr<gZzG?}L
zP9nIgY}_`(iN?0+Kg#-*jg1nXl*UF8t0{s~8KG%)LLZ|pT|k8~8+h`SK%67ASzS#C
zXybZ9wnlnvV|ThvSK~QLYme*3`X=_26yk+haXt+W<6H$67!$fS8Q6H9ZaPB*3Qtn>
zl8Oae08f^j8Q3_8|CUw<oUOplEU>YYeJiaV;c%9boeFH+PQKI`bj)Ps8l_d&(`a5|
z=_7hlw@5SH;)8@r=DxIs;#oox78&%GY@J4-Ais@LYr{H%1+!I6YOp2^(=~$iO>C0c
z1F5Byn$D?7Y$~vE2mXM{`KMc`Ku|!40|ssZHF{{fzyRb{$gC%mj7Gchmv^C**cd^;
zs7{vu7W_Bov*Jo@h%L&%MzUCxLHeV_s*vc53`b*?`_-|6q##xW7C_jpmL+xj)oh&_
z*R%0<@+9k`hk}zz{%Bb(9oN{r4#4j^4ckh`b+zye%e7Yl|3-MWs3RK3Cfdao7?Z0F
zwpEw~m>?FZ%Q5;dG)u0wGg&QD8lqhlC)BJC##98V^T^jamG(WM>87()l-?ZL#0`%V
zzMX`yvKxo8szv59ZQ=0X?KEH;(Z&hiHnKp-DKJLmElnS;Ts9du5*oCW&`0&SKl*nL
z^pxJDn%hfQoJyeEnoHZw8MHagRQUVp%m%Wwz{a|6It%H99@ohJJ*tjyrf9iYbHO!0
z^R(-l$=1MTeI%(HmKImd!sIVkB&2KX)`3R0&@Tl><f>_Eguasc6$JHz{OfdTn<g^E
zLHecik(+8pXM-N>=<gOQx;l(&X_NDa9{6Q1Z*iEkGq(UD$Q3Rbge`U=ZjguL&Cnr;
zPa6V`cmS>Yi3p^0&HBv7K1SpUpL!*iQWZijSzHFHvL~l087-TF@R)=(lLJkLFJG_-
zHBp92=xNSB3Duj5rVvi6XL3nWT!nCvgeUqf1+sM;CfMyODNV;G;0KgT@*c9ffgMB?
z8%_?3sR0AeDhBuuI&0QsZE6r6l}j391SnX~8Au6gn%Gg^vw%E2h>jBnsRM;XC}3*o
z2_re7+x$k&km)5YOi)-AEd|14q^4#k!DND9V?rf}9MjSQuXE6Ck{@w3LplLD2HP8f
z$N)MF4crX$1VIl9ssu>=3NpHga-I=qdkjGy)?!d;Su%eDL;ws&9EiN+rPL<jmU}e<
z2p@A}607VXyCj+TESMB$U0_hjiwmw38YI``okW!NO&K6if5K8sW7L|2B#udag8T*A
zBH}lhs+49DWaU{eNol<RK@+qBj+Hf$XoU4BQa=}Mp(qz`|37=z0v}az?l&Qj5Kxl{
zf{1z&UK?FP!b2z^W=WPL3Q0%;_=c0+lVo9c&$4GX1Vkl*2-XMq*7^u2Rf|>BR%^Yr
zP_3fgTBt9s){08iYHjgxwchsHJKr}m=gc{K&SnE@A9vIKFxj0mXXcx4zWL^R{6EI;
zUWw31*bU@MIb@8{u}eeqg-#9a7rLd><t>Co#<d~DBm0SHnLt=SXURaYT_wy;wl8@B
zGJ%Qjq=;%zgWbMD37PDUcBL$$#3!%|n8r;j5VTE|pgGV62Fa#jo`<f9LyKf>oK7bY
zVwc@OT)(R<G?9%^Nx!d1=S-Xge7iJ3G!^(|VtM(L^N0|O^IrIEJi+>97iqE>0YJeB
zwkCo$ThSn+tRa(-Yd|PL_Jtf(K=7zg4-{_8<QL?<1`YZHJ}10N&PGBlIV^=$;9Yj*
zOQx#*Wu1O9p=8z>_zNQ^$Y}HUTlJ$Z&5k?CKAj+{q59d3H!-3kA%DY^)dZO{a1SRE
z-*W*Ow_G1yNYpN0q|;#*Rcb7z*os23V@X$JOd!Yr>yYxd!s$-9)IxHyVnn8#DTByU
zY~D2!^rKmnXUjs-GF;Mt;x3&z0l(4LTK1DIBU5P>ZiUP&1t+bdY+_Oi){_qfbW<wc
zK|&gDrbjCMO=rYZd@Z$tEoNd8dk2(NO1L$~Iec<29G;r8B3YgHz;wuUCG8+RN>a%0
zorEw6fW=Y{cY?z7DyAI5^ymcZ)lMr1)PW*Ic!20(ogpP|!vpl87+JuW22U%d6P)Sq
z4$tw&1m%HD4^e0UKiW;VP^rz+3p5ld>1`T%#*u9khN8`M#bm!4r<*gNu*0XqP9~7q
z!(P!6f)XS3MfD`Q6S)>?L2|QI?C4<TD&r~ugH*_o3Y(JimzIi8QgaDh2&72@pG>1d
zKGKoQBfuf)_bP6!3aatMf}s?hl7B<i13Aei1f)x{3!%)w6JNM8K@H;|GOKaMxF?gr
zDbl2}u2Oyq>f|C6)U_Fy1E?(aoCH!0O`@!+MdH#kgRrO)BIgAcg`(&~nNL+*a?o|k
zAwEpBs?sORq$)K6K=_K(t6`%_@hh!{sv5PibFhQ4HIBL?kuzPWJ=%$_xE$(`1G05S
z8W~tS-N@V=!_Hor43Y>2S?g`gPIjEb9$W)iEo$`Wki#$%M)!6?AUF{@>GijCTI~~X
zqy>~ts>o>xqMQfg#!;-|?ZxQa;mS?(g}E7|#C#5#zhq+)ScmRhGyCh7OlX&6&2(1d
z3^vwxp;^$IIK52`(vksTJb+^gVZT-tL_JQsNo`ePgtO|D7}*n{U|92atn^6UNI)Nu
zR3#H>)ec9t)S`wtWi_cL5!7T&4apwZqbfrADQQdSl39)L2YI)kph;c{g(hBHlUYO`
zlKl-vzfnjE&fCvyH~|^wnqu%0-tmYYNIs*f;-=HwB%!@Tx1Y;xZ~h=E0Q1yDjPx{z
z_uonmjCr!=Cl{qi2i~Tu$!(e(LoEq1Rk#Z$-9lCCs*wp2ZHU|?V5v~t*pRgi1TUFk
zu$|~yp)xX+vR1G(=>vgprE2;$kl2%=uV6%pmbI&$qziIz&Z(>SHR2A2Qz>M>to}%J
zIc;85-?*G{JXbcHSa-4`>pId_B8wP}6WOYhX;Rrly6IVu9>Uu??|={vwI|4Z9gs^p
zR20DGn;SW^$PU!}rq<+M5+gS~zVIqlX*4L#OcoLJTJzmAV*CnAW~1h-gaLzW_oYD^
za(eZ)tF=U|J(!?dj)+sjL&?qrruw5=MPx3`{S~ztgZ;Q5AQv*ihI5GOrUVI9XTu#7
z7}qQcLVRkGplWx+1)d;xsrH!MRu)b8$CGy<L$)YYHRLn8$?FZ1LR2N}>4x)6mMXsU
zohhXvNvXaZM(tFM7`vT_bi=%*F#`!1YCJ(ELryDpS%-biy@ha#?@&Ua;+d^6X~Hb2
zQPn3E2GCr{PWA_*02Z9I`wdHj!F+VNxn%K12;bI{;VLl?nnXw^M79vxCW!D2z->sd
z$BD+C1fGd0?$FQ^Q;u~(WmbkJl~thHGf{E_L$b{iR$`PV2^%OHIm>mPrn^Q{+TkKj
zc82K@q?DP*siCH{O!6i3KfFMObDy3r+`c8ln!v=`0dZNu6ItQLF~*cynMpIWoQ>R1
z2MlBO)iEnjqjBD&vK@>d{!p^W_DE!CF$G2>=q<reT%8WjjIVDP-`wb(H@>CTTYpA#
zrOi2ogNdt@cbk<2oDeWylZjIxN|5>>;5t*x4LBBiFt_?LW3c60^h;ap#N^OUP)C0>
z$*GU1>12d49%zBJ{Z327f~Qg?CdNGc=*Ulw%cuh;qrHr$Q5oeWG#bE&?&##R1+FeG
zkvf!Mdk1MTsiH($5e&pTPA!=>twiFH0Z}$mEi8vZvqskirb~t!*3(J4oP<WE2^AF+
z$|p$`)22_JHhs!e$<K8SUsqHbO++C+kNsJxL@8oVK_gy*e@`PSW@6;UEGd)kpVp6K
z{FnI-d|2=3CH|{?%H%1Q_^+vxCr-}9e|;N2nfR|v{MTW|f0@)<LACw&i3CdyGb*u$
zg{AVKXClHf5n-8#uuMc)CL$~o5%y0I5ylQ^Qvg`6QO%hsu&*x)4D29I(O#yg92!dj
z_8s!{(gfQmMmU2e5ls^+O=zYFFxBF#WsBuu&RD(zECdTkYH((mgk~3_WyR1Ms)?`j
zNUbtCd+4_qG8T{7SSG38gaOK$yf<Jm^9O}MCenYz2oGQm7d)82O~;?r_q1KmkIstd
zWZ~?{ohy=`yh9WAQi<Sh;a#*V%nrr(hRO58UI6gc5=F<<y+8J5+}5~mcqD6q{y{WO
zV?QiFg1!NI<CAPtV-a!yL0km6e$SGc6ry`YWHho-*h==Or9)ejvmRuX*32|MGlsBu
zjz^*;O|<iRnQOHIE(Lv1w0G=7SUX|jgq4$L9>8$924ICS8l-iXDtSmI!d-*#E0af-
z4UhLA?4^W;d=36}87;1H<{F^Hl6=6xZGuo1WIXd9GDji$pz&EH(ix<2i+<|~FV(iR
zG=isrww0Z)uX?y1Es!qj3tewCi?KD2P#<Z^b)^C-owdcA{Xcwtoe2*lLnAix>_}*E
zp#6*u#X-4~$F|33u>L%Nz#I&FBw&Z6MGGiVHK?)hoj_t$5N-2ux!u|;Xl+8T;u=D0
zqu~T=OFzVRfWIO@T|S4riUBg?xRS;q(uQ;m(_cJamvMabzCw~aU|wu=Khd^bU0tkc
zX&G~`q@J%H3_?g_jr%kd01W*!lz_BkwjG)DE+vi@t0v+AI!kC3#8o1{5G}YZ*mYiS
zMC0S3f|tG~F1Y-;0fNaP`W}Nb&|_!I<sg_?fG;pSL=NkcU<T`s4%XD0ApX^;pDeo^
zV&_0q4#Z3nCK#~wsq@Y$0n+Up8>i}4a-*nawwYL1UZq6Xto#Z17s3h9F9QyD9(zGU
z!-Ac%R?0R`Lo0?>pa#>yH3Rh4hOs@2FIj`04t^~o^hU$j8%>(2glBQI;h7W2A7op@
zX9@BSs7FUX6C98b{TrrHBZ68q1IA1b9F2SX;_P}zc2f{gtjYJ`R^y=WrB85%r6DI$
z?i;51(p|&U-#+O%w6dDBxM8m-!*-Ipmz^?4A*+hfubO6dOPj*#%A{sF)G33PRK<8;
z7W*HTY~M{+iSj5>4Y_|C<5?+>(K7<vj~ZdZ2>1l4^W7s^+S9n>(moyf?EHX5SDF1$
zii2Ve%*`UjSzs%iYN#!@lYb%*3kFXGA$LKAGeY(t3^y5DKpw9tTy1u|GX?@kc)g(8
zEbAv2sv+ph)F|L!#W|dFiL5~yY$7a`1B<j!oz2)mx?0THKvP>mLiEZ+hjonV17^o)
zFp%!aX&D%V^~f<InUDpU%nopN)nh1BDl=(h66osIZVr8EjP!<-GsPJ2-sj2UzSvq|
zM9DWgWARSI^m#mPI5$`yBj-5RR)Qg2*@w7>fXatUMyAQ_L>w?1QcChgc(zqa>XBBx
zO1~;1*+H3#K)|zQ@=D6dtLZ(HVir)2A&qH3vtH-nO>h56IA1v_F4jRF^hx9f!=wc>
zSO{7;N?F^K6DpQz$d(-CjtNcDlgETiv*a6FK(|BK2+glqpu-ZF<hl64w<XRsxicN<
z2+crdc(8JBZ)!50>9im5$YxPNW_B{&J9O!h-c7>s{>z3P2*%Qxo7i4*N9A}&x;J0)
zfFd}*RE(ciW2R8MG=wI+GD&PE*>+GeSl`$u%`p>(B$;i-nNXxuKPlpW3_JK?zM~iX
z_sQkuR{W=_<gZNp&$scDiT}yO|77r=GEqO7sGm&KPbTUo6ZMmc`uR7F`pMux^%eod
z%m7ItKe~C~>xlcAYk|p0iurLy;+YN(as#f0df&io&=!QeM!y{39xB2R5Jmx(su&S#
z08{|5Hsq?KQpZ}EXiPAiZZUNw(GUr#!S3qhdD9c!$1YE(@fm(KN;K@YIQ<JuAvN_2
z1SlvYp%)xf%-+epkH!q`v{<l}X=)-ywgS`5wF&5>4r1kJx|9uI<ZQ-PXisySb3kQG
zel9JOniH}nnL&z7DP7il<Dlk<-_jmQ;DFc_S)0%v<(fiG<6N3Vrq5sS3+kkREIBnS
z=2=F$geRNP51FfJr&!a}YN?Ta#-J%ot`@TR3A8Ce#-yAex*a)H5r+rU@yUvYly+be
zvf##GLqz#Qo4njA2fNfV9W%;H*qZka>ASLpsv=HPfVy=%4J53#AbdcPrJ{PInVxkC
zBsXxaT9+z_j|JQdYGo`2&Ns01Yf(j$Y4lnc+;c4c4UBs@!{90#agOf;Yc64b6*3(;
z(Ib#St#k$31zo_H2I<-(5%H*s^8oiY%ZStzef*e-sK3yIP-K{Y>o=*eWYkNk(?x()
zW8r?9$<j^43PVO9+bjl#Fi9rMA0=WlfId)ITfF<k(OD7!2sMAgA-UcfxMD1+0Fh**
zsbd1Hkwpw?tw!oT%ZvS5&;@z}1&D}8axB=1jKxI<+tq%ch^7Y!QvZ3BoKBo>V}XP-
zzz#TRJQxF|mJUTS?;e99jRxAC299MS#mS%)F#2PZrD)x5Ckjm>7>BE>&bm=Ru%nJo
z$Y70hP@k7Bo1&QbuEmXMK+doTmK8|3l7K=2GnOGEn2O$J))D=ylyZAKMz(LLLyj@~
zGH-<Y#!13^Sl}tSaeJ^KSynq|i3c5bRIpI*A=%47D>6Is-!Rjw;8$|*55X_d1PD0z
zO;3m>ziap@t|8gq69^x7DuhR4CVJt)!^iKz6l(*7MP?M&a1j*CRF}#|bR|XxK>V20
zCa+?<d3*>anpmn(1VLEku`*fKPT*2>H=<9<58eZtP!s`9&u+i^gMf*GsqV?l1I{oS
zD}ppPAWJYp0y4`rjGr+Pf)I#&iC`RnLDU{WI>#ZZMkG?1FtFx^IW3F4O+IO?kL}7i
z4NdjFs=De1#y|B9lCQbNOaAuFljbk*!C!R?eNFURkJL;)uJJZ`>s#u)%~G|GwDHa*
z?V6;Py2b{N<U6x*F4t14>RL#fh6PgHJj;h3sjj|i?t;4d>IT~7+`4(>^RZQos$NPM
z@+IlO^t!5sdA_EqI`7=Nvu&GK`^bQjz95oi!94PKi?3;3T|LaMVfN`hGBGkuq6F#9
z>gwk-B|lvTw5Y0Us#;Lr+%ndS%u-LrAbIE3ESTq&8k!~Vf|iCRA5ONR8DCUSKOnEF
zYG^#GsjjBBh0L_ccvn?JeREy4uZfJNSt3mv$=_qWlt>GGb<I*^LlaQ9t{KVO<f~gq
z=v7x`jIV)q<s;;*_SQGhw=ZaE^6LG0XV=ZGt0qJtO`yAZzPbiV#d^}LrNQzb4rH#k
zs;;3PM@2sN0oke=nwrM?jCqquEog3l|L6>5yxL}b65*<OzUFxioEJ0hDM|FKWSmo(
zpMU6&qyJB^z8&s6Qv3fVPntNf!dm}j>couy?_2rF`2RBgzfAsr#uJ$F1UjV2a^GLC
z8L}A%V8#KMaR6o<fEfqizp4Z9TZRCbX`p1|X#qVupBPDwLIAk7)BQwvYjg*(q(s<!
z37#mSgJueKLr}>|w|b1=;ZlKJ2~TPX*pG@B5TDMuAw?50Rtu(2hlb=X3q?!Iqy<>X
zh4rX=Z4jz}43s5?(IN@$<P4En=@*)m1W65$m?o)KIm^>a%oRUqITj-To7JoEhp_ko
z42GiB!YECyTp`9Et_Rd{8<t~!8$3(N4L2^2bSAlWDRF;UDNREF2N<ESY(cqYyZ}lu
zPntxeZ}5?!^OwSUvQGu2Q?JAzYZU#LttYI6dDbjX6}(;goEQZHNi;Bw&YG|=xWJlD
z8#9_F;Y;RBYvb?rD?#0*fFn|)HV!=%YfnI07c`E7(*P2EgJC$q*wVxF{A7rJqC9Yw
zU5jG{q=5583DF|U6EYkvPQyk}Qo=QzN+d`t8!*^aTJy+S+6dSN0Zil6aU#;j+AC2k
z$jkMDD7Kq2fG&ktA`aNeVl@Jq7XvH<5F7yYOLH=CIuvl<<TId@Cq2+KBy$Q4cs^ng
z(fzB6UKhf}tz<NIC#R-itN<BTSU;#B1=M4Bdjm$gFFKGoWNv_?KUk|aVZIj*v@N7`
z83hDjYOsmf3lVxmL$8#{r%f~>tjobsP7KI;dL2!HSdXI#x6%w&^Mp`IBP*2h2CH!V
zX{8I~8CHMbvxoCrLm#6BeBW7SijABEr0Cy8@e@~&S8VEAkrOHy2vShrKms>Rm{tU6
zkRl=mdoa?5Wf?>{z^JN&m}7Ab;aqX2I)F=YUr?qG!Ojr7ASB{$FG#cD<*TrGi4bLg
zJlZCcBZ%gkTWVo}^k5xwFFhHuKS*UJ1M*d=4^DJ%L&%JbsXeC7OpDJ-!;oDH-uNgO
z>;r09a(%6&F<8)q`CAEJP+1N>NLE5gmRPkG;SmAvKOU1K8qC6^r&CIpioPfk1^>ax
zD4K1ZFgPu$5e1zb!5}(3hEH2KWz~dn%9#R^Xi$Lui1B_q<R0_=ma0EacibfP2i&r0
zhsikCilN)dC>A48XTPQ_ADc*oLo<NH>>y!GgL9=$Q91!KJ^H6mKLc9X03-EftjU*m
zvUw?~obT|+VEFuaG8w8~8IsNsL7Syvqo&9v6{FE2JS&szQC;guggA>QL3*Q!fdVl(
zn;DYU66zsvEs~t)LRe0k$&ntGOX>(A1@QtF7_Bzj8ydAVVnq~szBy9b0>5F1C!%c`
z#kcg`;a5Ydp9Ssc`y-TSmtzJL!rTSk#f{#US`%g#FKr0J!9sYpu}y+tQJ_o)uYqD;
zv&{);i=3$xh+a55=&_a1D2$TRlZI^K;ShF(P4MckpY9qz&}<Vht>qJCa`6R(k{BjQ
zY82y4@5{IpMa1$X$r-uyrD%;ncd(c(YW-TM@*=tQ<JpY+;b^Ex5OR=nIT*2jSJL<5
z%amTar7Bvgj!iAZt_5*G&KCPkz^_JOk;qKDEG<h>#;k>G!bk^IiD*WDV?%R`Q|3AB
zGCY(pzKE`4oc16T356bdTUSkqhvlwdBnqJcmIPq^oAd}wAHYhD6r(7)H~ytq1Skbj
zybvJ=iWiYN0GXnjzHEu#=iQ(s9M@4+DOL?ud;s;1OV&74@>0{^H0CsR>z*;^w5LPl
zWT+EspBCH`gV5|UYd>K@L*f`Mq^%vkfT9D1r3EygXkk^qWw1b0KrD;Juttg%c7Q!-
z1@#fmN~=*6=4NXc<%eahepiZfi?tIKc;uh8GZ-oJvI<uNTa1Pjy8}mVFM2HBioBp>
zivb!FmnwW@h|1)lMUCx7!+|33ZU7t$o=-FKgLzHh-eP?T<n2SnN<eeq(S1@hNN#u7
z!k!0oFbaHu7#@suXkw}WM#ofP3hrfxOro1<Qq(d*n*<E13@2(nYoe;AF<2T~Ix&4=
z6{vb-n$tNxgVLI4FC+BuE3LABnGU~jm^`2+;<oZu_|k?09EJ`@P5=Tl6^Z}RDVF7>
z#lMoUUL>EG5&<}kIwYBHk@7%<ZYNW{%%(WPM;J^gJ_jrW!Kb?ZPB#z~lmR6Gh9NIa
zV0f-w^<Pc(FH_>68X0wf@nYVLUmz*SE7PuWNjf5<Y$rm3b~Bg$0sVOJvc(JvrH8zp
zxL)KPmX+imi)*M~x_LM)2ebnM$0%?G6SHPq6CkuMhD754z-QW4hvt?Kc(2L&q2C@H
zO=w08H8-{<L%1cGP)%`tOo>;B3LRo-IHcQv8mD30xObVY3~kB|TM=&9XxgCn!x%q)
z(fr8cY9lmk++?B_tSb<%uNhbS5EX(BK{BcAnHG8(w2%=+IHEaSZ75d=%DxaLZ=e~1
z9hSwbt2lAPi0zRU!9P{a&CHx_qBYn91=9lVd$m;|!T?lMq_-LaKs_*M$JjBTQruOf
zGQ;_V#+q!@Wut~*B^aalt=vG^t2Z|ZFo-!(;4%ybMGw;)JVLjQy&C>q8#gY+NCYDi
zC!CGt2v03$*LT*|`6V&TK%2>RQE3CfW<f%Doaavdq4T%M0OO0KD}+vUH3?#gm8LV;
z0RzaKwZY_5#By}t3z6C}J4cN`K*>#HE2~ne&>F)+Mu$#_<k0~U!J>?X++s3h0O0;?
z2<duPI6>CBnB}?YXAW>b%frKb4uh3-B?~Mo6rEA&f>LUL&6q@BcWJ&cdG|Tz<ReBc
z`5KUC^F_c~awmX4G2RXSwhj?7YxQsQO%S&D7lfV(9nt%ST~EdMtnoeVOMjg9%!YX0
zd8I_rC39u`E1-I+obW6cg5mvIg%zc2Td<3X#_8nHg*v8)^NUFw?R5W>qa~~|)z(RS
z_ar&7gd`#}7NN5)M#o_-Hp`8Db)ZS=o)k7ydQ&i%3-|<_i~_5OrzAthVs~r(#H1TW
zi;ErtNLmB4E*Ps*Igps&k6DNH8=r!pmP}k3<4czmFgt;QupDSk>p(4lI%~jGYJ%>A
zhr)>f)z@SqLfJ;4el1fB53MN=8C+65xQ;O4&SM;eMB6}wEdzAR(6jB>$n36WOJ+#d
zL_B72rQviWDxSWv!zy8X8P2BwrtWkqt2|tT$12CV^Nj`R#MBUOe@}9GV&DuFPcM2O
zfpjvN91O{4c%Owvey~j<pO=MX>fV=5JyjZ~MA}0^tz(=N?@%ISo43alB@QTK<hxoW
zMCQDR=yrkParsI}Q|x*GheDz~p=gS2CxWDyhmwN!WNCFyBC;%^u82sy>+?vnNFZO7
zbmK%hH?CBYlD}lKYn(|!j<ZO?ab;!v)n#Sl%remOq)8&$e8&Zx?F$WQX!AzlOPg0Z
z^lK8M<4jVt-Xc0dS7N2I>3IpaX>slFCe3ZKL5LNif(hE0+OYb=nkL+r1TBo`XZIS5
zXW7T*I4lp8r3Ln28Ucd&qveZ8nM6q3%_#BQ<b+3iUnyRZWC*?zakIe_Y}AfWY5N*q
zOQ{fzLi9!!&V`x4VL8sDKqTstwvjwB*_x&t#r)ueCcI5EtOlJBQHqyBON4{&f3>^P
z2!2|AsbRiaex*q#dW1Q!+`P9^l&HovhlnnHYw8gmswu#O88u9fQd-7<s8}L>t<f!Z
zN$va{P;~?b!7L%<Q>^LCG*_oc7d=RYg}9LMVDe`2{mi&ef`?MaXr}6}Q}+(hE(%LX
z4VcT1;B}Ew6%SY)p51)DQe%PU82928<3;*@&59Zjsv$E(0gZk@x2!4Pg9jkkordOf
z5UvAAHL$o7t|Wt^2Wya*?&VsxQ>hCwsxS>#_t;0pSfW(uC6GJWh1d^#QPLK*xlBM0
z263xEFr^O@FYy>2mAkMMhl!D)5tRcW@R`5YypzE9tI}|!gel^T@GDUbc(@p+iHRMY
z*puAn0<>auP_uTBrbo>vQ*jzOP*BeMJIJw1h5Ttk*$M~8LL=Y5d{bCBKc#)#@;X$0
zA}Y0K$d+jf3aYNxO5hV^^`s-JzWV?VfZABl6C1%WC7~k680(A2h~+t~Hd8S?Ays{L
zGbvBScPL#D-J<E$1P+Oy<bRM;Y9AnkRVHlSM9&t(JoHVH(|)dfB`SAwm@j{h;|6KV
zdjxoW)mlOUGv+~Ej-X;eH3(R9+{C5>LZwC4*$j+skb>NKgB`*(l2@gO(g3HZo>Vg4
zI51;8CWHz&7K+m*ud?y18ymVkq_)Cd7KrcRXCb{ez^P%u;lNYf>3l?4OD}E7XQHJa
z!L`dTqWVT=*Hck$!J#LI^s`H1b|(m|ffsVcGhiRf0!jo%f*IC#u-V2{@s6YmGt?(x
zJyYIql1v`35&so0IH&b$v|;;B?`#bJurHPy_?2Bb9J@=;dLv#syew3hS?ze_u&^J5
z3MYu<L(gsu!y^ZIYmkNxHmdr@3VSFAP&XaOHkI7K5s-<}EuxvVF9@~>k_#?{Stp#-
zs><ewNs|(a$Fe!x7IloSXvoOYi(^Qiu7!hClv~wU03Av?u6sa);6i+Ny7l!6Hjbe~
zG~yPcqM4x5Z1Q)|oS-ou0uk?M?9dI9D8CZ0qcH-I3Q&7*4$9?rC0@hUT$j{{HltCf
z69CJip^Pe;JV?*fnWm=NhurTj3EjI(3De>EqH`JfAf3ILYIjOfANFUjJCyd8)Y5L3
zO5o%p|HdFDHeyT(J{9(YZ031x$s?^%*vZT`#I*9h3Af%vgGl>BlMlw;@1@Va3JLLA
zD_R5KUfV=26s<u$^1yoCo^De_LRYAgA_I-6K;!C@paxeKla1$fjKvCZBO*HrH9h<q
zOva|TUA*s72t9X=uLU#+G(40^brF_Hz#~6F(KSCzpNj|{X1%ykl63)Z5q#6?C`6jB
z);LnbxIxs5C64qr(Slbt6sCHUplAg_MX(~<sjTn-k%P@f%{QuLS&cevG|wW!rC3;r
zv3tIFN5WKySR4cox*mC4xP4qauX<pQNM=O4F!75~=}MPhu@Stq{we5Pd>Z1ggjzEg
zp4njd1rgNEIFk}lNR8IS+EL<lMlV=nQo7>8t3bchSjoy%mo^9>qviK(ZxAXL!bJEt
zW|_eCG9awbm}A%-9B(v6pqj&bjA%RkRfG<$E8}RvO4+YtpKz7X1AyQjA#|QpI)hfq
z;N}-z7X|>tXlOpwTDdSFOcjO<dVx8N5FiZJO#;xf4a5QgL(fCx0C)*x)A53D_%6y7
z%wu909K!llov|86VgnlkQ@ZKuC2dURF_KXs@MDAozMfqI5pa>#0SejZ+hFDE6ey=x
zzndY^lrQmqW*)t2V{au_K#0!=Ga3<nI4fR$Q)5_hbTYh%s!i2MH&{tYKg`v{mMejd
zP;%pC;Wo+dMsEm^A8)t7FAxm9lF0;Q8X|{VxS-=z{!Ee-O@%=QlO}9&%$Ah{^y19o
z2Ex=uuEvajR^33G!K0D{(|!hy>i^r1BmR>)M&q#F(F^|5)bhzm^<O5JPtD*zeH%X+
z{HF~5QwIMjga4Glf67#X`F{We#e`Eb?o+SuUK#MG4EWPOKloDy{pnu;{mE=V*F_2D
z%_oZ!ZWQ-AB>>pOw3xz%7{rg5*=}DLS)utRV27gdVAKz%#nFmlSTwnFLub|!!Nw_|
z0l<9qyn+c1C3;QmBsVDDSP=kz>8(sV#t>m(p=J7DRN~q>bVMzYEcTcil=Q0Ss0}Ol
zQt}%sx9jC-FM1_kQ=AjCp7R_#`jVuo=v>dX4sZs0jLp;LNj4a}hYzC^bg!$ymx2Bl
zLYYH}Ltln=vUe0iZA?`a99AqMs32%L<`!Wg22{^BN^{Mjf;{=}T-7hfd1%Wat*|K%
zMqDXwtWO#c57I>%>Od4wu?0CWt!1=XLNQs#aT)bSy%vC{tLK=-V@gSITWLI9(l5Kr
zZhPpw2}*uU0Y%+$TD*zmCg-;Y)=fLq+0k5CHKu<UL;nKy4^e<DeS=;+Ar3i!R%M=d
z&$7vqd~XqpKM#h;c_yZW7?zbDNgPo-v3Eu`!8c{p4|mg^$c$M>r6Twd3{CG2Jyqa-
z>qH=;n6ZO|nFUmoFD%T*oixr;bA56)9W{y%hiIiGmFuPm8%Sg+ZeQ34r&8von@<l&
zHoO=CRsu}ZS0GIHGfc!}%oZRwoMeWMfkh4>6|lNm!PU-~g{gRD!gq)`)t7SWNdPxY
zVTX>=SK8A#!5z(B)^s<AlU>ipqoLr8arN_@=cN-Wqc@x((V1{-!1r|+2Yz^&+^VS|
zGE74G6r0%8PI5=(ct<arxGEN;31h$`>|vSN+jLAC=!fsLfU#xSYB#YZw)7z+$fgoa
z;bml~@Pd@nVr?Why%|gAPziNjI<o@_6%Ix^bax;Q(_H8ein2wP=~?PbgTQz3iJK8U
zk~c59w)Ml#X76L3u>E<MprI8JIyM|nlK3+``;>E$y0%M@Cgo{vs1wb}w}jgG!nDo-
zE|s~bk#ma;ie>sT!XzR>QOE3#RJ-3cl-{zvS)_|@I}sjISg03Gk2PJ5F}}=%PjdJ>
zox1n=RP7ZI)<kmiV29ooh=rqyFtAt>D_{lT2}R4;7ebCO1-(?9PJ7f|Sl){fj$j-4
zdx&b8F;*v%7~@WxD2>Sjgq_b>zz9xr3&A1e*r)F`!c5q?uIL0Z;(`x>@9lT0ro^dr
zH>~zX22)eX-Kwe~MUM1B3ok~k1E*^=fE}`c1MG-2S(P!e6PhHSr){zruM}oc(dk5h
zD|pz*5Du$ne&W`}R0It9p*S+;5OfyIZ)s%;<)%&eW+(6MRAQQFH)4_2ieP{{yme9&
zaR~A3b&*&*!d>LwG}yJ8gZ$7dk%QJo%?ynFgs9(C!T82HVDh*gjLXy<d(<F|Vqsf>
zO@NDhW4pNFuw_TcVNexOIAIp4iK;hC^VnK|iFLga#dI^4?StzO4J;{zfZ`q?RF=-W
zLiz#JVq~GrEZNbBTeLe$bzB(BnQt1EeS%+-LSU<c3+8E{b1D<HaPB50WE<dTEW$KZ
z?mGp?<gsK}deMaUg)#EUcE(Yd1QX*UE}4})3d9r+@*q<(A_j40J)iX`EI8_Im54r`
z;B+dB;e<%RutKZUY}$|%u^14^WuHJswtH)wRphin9xrCfw#{e+J)fZ*r;v4~&U%@q
zsbhy}awQ#3oRAV%`#fbdfSDN~M2M#c_!@U_L`65Q_I>8BkOO<MeG53Fi(8t!_04m=
zExu|a=(u-k27;+fPeQBSsEJ4zhF|%gjB7g6nrG*s%(F8X10>hOo^Pk~ggXyq#_4U8
z&c5svKGj3tG5lii&2ELd`Z*10Z34@ioQY*>D7ndRX{b<+2PTWpPZl1@Q)6&v`r)r%
zd)W~51ak`rK8rw>9nVWUjC$ua054lv6O<s(;udQ3%8<RATUd*9&m|TI{w;7*b5&Da
zW6R=t?>wKGpS~6t&{ReQJIGH%(V<lv5F9$DP;-HUy)lfYZTh^3InP3;LEkYj{}E+2
zp(RW~{fBE{5FiPi)}J@|n(aRhn1zRT-?BiaI!g>wOM2}}@5&`7!JV=sALIICz)Cp!
z;B?(132@Z}eQThsl68j6Nu^b>0q5j!U3w=<YFtA##;!1W8YP&suqTGTX9fmMSb<Hx
zhDFjbO?z7-+OTg+WJ_}=ghx4L`qbCI!on3&G!HSD+e5a88X-HhDu6@Sj*<B1w{Ic>
z>9e>s4kpGBku-!;>jmGxk8;Qcr`m}ztWEpE8jgUz?xe*n<wb^K`VyLxpq#-v4ttX%
z1A(U?hS>63qy@)o{#wXjO9E>FffO__HI>{-SKK3gla#Qr6UAtJ0|UgRaD!mPiGwzP
z<-4q?M67r6vEdW)re6rdRF-ZO(GQRYmOBdn*bY^c4O;}(a_bXF!lErTl|m966L!vs
zUS3CSX~{2(>V!Bnrm-sp;lwpbZTl7x#XO}+DC>Hu4eph9^pqHuQAJRPpr{CS8QU;`
zriOw5uMog=&NSn4L@4PnKge1AF2nyg!_l}K1C$A_e6Shw#7j16J?KldmXzV46}qM&
z8CjdU1}F#UylKo_@>ybI;<OuTN|9<`&LcH*m|FjHu!jIN_ixM$wq|&$LG==zqB{p|
zT$u8#uY-|@UK$Fv_F}Q(Z6r7OCtY7ovXM@aT8*gTUg{uGvxSJL!hMbuv5xDn*3w6b
z-e`->u+U%3NJzH*RJe5LfGEPP;c&b@NyTDPkX~p=?yThBbQgdHn9@{zKB+LjFmwe8
zN4t5}eklzG22F@V2PBrN4B3E!C}TYZ`_;iZJo=>yg#-f#FuyK9EA7E+un-;HTkd4z
zkhw6AT}d8@$4YTu(KzE#Xb&O)I)m*hTv9ZJMTP2KeQOaGA;1@)Jwy~jh{1$g1ArJY
z9mBA@ldEP(>68!K8!l8NO3fD7>TBQ$=8QHijcMg%x=^fsXF%kefAK}IyL##=9zcHk
zlngX?^_KsUR{XtlFUbZt9&})$6c3!z*n5S|N&(_1_zi>n?5jOZ43A7@Qndz567>T9
z(+gYDL!F`S>YAcT$%jGMBDw?zJ!C8l0cv`1G#m;XJdT;aDTCp`4P?QygZXM1?9YUx
zFf^ILdvNp*CttJyQez62Ge^nswe4lcE1F-9rbS+Cn5NybSJE1!G#NFMV(xTjLRynS
zc#U{lPzeRnn32#Lu21a%n?t%uFMGhtBC2&ChdViHzEsdVWtHJbGpG-}3^eL&>|yv_
ze>O!-HUmGR9WFIWY#}-d$9OSA!D0vp*Hg{lBeV#Fey&D{su>g$x9ICD^lFQ!Xm+Zp
zn@`k-im3Gtcqp=;eB|dQc?j?gV!S8CSD_U#<XB8z$ucX9F{AE$7$;p6GTafsB@Iq7
z8cS~cPg+6zUNRM^ysDojej$w9yeaSuA|g1z;dXSpq0H)n&~f3*t>MDDI}!^tnF<hE
z-UuQ4QWf(XI0U~Nj|k@)gRM!)lZU<*iAdT~h&N4B4pkel>JAb|hfz|+^>C6y226X(
zGu+6jbUwtzyh?gjr+F$0#wjOi@g_84GmTJnAB&|DGH2WYE~JdGOu=<YRIeI^)g1$0
z2N55vnjK<obBHLGt=ts^)k(jo8q$D$gozcvRu1m;)H~U~ELE^I`C4+9m6i3ug^l?w
zjL{Lyk}$?91(=_sI|&D^UIHYgVjT?y<GsZx@HS~>7x3{S#2i<`u+W=EMTVx=6fxg~
zSt%f1Du}H&`_wisK|jS(usloog~|1r_Dk7azilPEE0QZ|5|ZJLG(BZD>nD};w0*{6
z2T!h@oBWiGA=IV}uG4cCE17Mb+vI00X{e?@?b;hc!7x%Mw=yZzCViR7*HYW3bhoxq
zT+gNz6X9Gwr|OYU%XvOxx}aFjE4ig^q|&3*Ls8q8nv_G6?w4w)mh>RgpZ4wbAQ1gm
zyLMD+MX|7@-M5BzA}Sv#iK=@M497uoEBN028@%%~>xT6^Bgv8fX4lFTo@t80bZkp0
zWr}ulZi{w8Q=pz>+fK1<XD@9{gXnY|g(bWuIW{Qy2~%!?C4azyO_KsIlFHLMKf~hy
ztmRB?pWud9{a1%}CR3rcl(f?m%!Fhyn%T6~gZjn5eJ9cwhp7ImT|3=`!hW%BqwAc8
zN||bR>ATvxr!#1bfW~MB06{>;$r(V#%+ELU<B0#LM?)U|J5u96PCTW2(o_rn<0+HN
zPs!jvej7g-{KpLbV+Q{*ga4Spf6U-N{y)Hfw1?R%u>pikwZa)J$P5<bKR*^^1`5&v
z{guK$>UzpQ1_Kgo{$w2JbYw+%g-{d8@|EO<L7R}ddQWzs9+y@!Q8_5q`UN$LM)qkS
zP2nR9w=0ttgvAd@zwlNO>n=>VBNF8G6j?-zgw88-_tXs*LkP)mB0@G*3<{djgbiK-
z7X3d_LTm<$MxKONb9|}MH=TiF@l4G?7{riGu*8Qt$n3EmT?A_Qw1LlwrHhy<%3zF5
zH~}#>SONv)h*4uM<Pkyw;5l^tqpXP;eK0sC=IerEO{T>*wO~7~RK<gKcok}*&am(T
z8)7q6SLg@lq{V{~RV)c5g;f-ILP=d-EDH+Ap}$}9MrD78;*sVB{Y1E`ZE>ltuGu5C
zs9{2KLjN;m46$PMpx6Q`xDXyl^P@?hb7U=!zl7Dm;t-V7tiz$AU%fM=#91biF&m=*
zc8ahm5o%Gv2W9lFW7IDhI1xoU_@bCgYJ^XizQZ&s9`uoBe3Z#~Xv$Y@SK<Ji79gu2
zxzCC8hT+xFs@F2bqBpG})vxk^JW~W51)v0^6HAdT9it1Q2`q8Zs=4?U#^6HS9%UDd
z0~e|}DeV2`&|FhdEE=n=ND(E{;ZX651z81DjF6QCFTTq9XI0{Lr#|M@*!pfAEdMDM
zz?weo7^NVmS_)HLvtDzj`3|5}sd!wtQS3HMv!ksy?haKY|1XR9HMuMiO!&)`Kmx33
z6O>3NJ3^8Ys(H>Zk4Pp`N(r~BF(}9#HoW7)o<tdfA_VbMxbQdf>XoFlZH&M-8q#!J
z%*Ms_q$EqQ0%go_Vp$XK0)UA)tI=mAyfhvo6%4UYr4AI#Ou!lEq(+%jg(VSJMWbO?
z<N_a8+JjIk6O;PH<HuBn4_43lU07P4-_hGJ)E|Q`<AifVsu+n*9Ro2bDUX?+@|-v+
zs8rQZ-{PxpSv=QQU!%vci=;A@TC*ZLrmpVR$00bZ6%Dy(fP7RlFiO)qL*K{|tfr-5
z+^$ik6w#qEE{X`X1ue-7MeR$;;FWq*Rr(XF@wWIDdCyv0N9NZw$6IALJIMX$6b&kn
z*9PnFpw0tG0!DaH#8iyg(;3;wkws&LQ8+PFCe5LdP1B)=3FddEJs~UHggB8DE5X7f
zg9aWEgV;b+26#*{;FmNr7eOEqtGFALLvm*fR#YgDY1H$TSy~H4A`2@)x@Iw?Ce_j)
z(v5+Rn;<?sh$+j8Tc$S?BTf;QfOSZ8KrKy52-_VpmI5+UMRXctqJx~OJIE)ea~EUM
z7y%9GMx<+yC=g*2J|~TON8SNcD2!j?sARfaBdn4>x7)+=m_>;`D7xJ2XamqV0sD;A
z;zadPr-p|WDaIo4v}Pv6LlEURs>nuoHpgtC2)%p*Xdpu)I@_f`r}+zfO=m4`ZfUBk
zud&;_saA&tOv;)m%~@q3SEsRHD~3smW&V^^)Q2iqb094mw>Sp@L6#86m6|~e!AZnj
zL_E!GImZFyNyjbFh!Bk_`pK`?m{b#R`lU4v56UfEItsD86y|7*!sg@!co!%PO%Xoe
zjp;97lW$%_i*K>Fy1L1hA)#7sOt*ZgQeC5j6Vl>Xv6BHekXx9f2j}+n-L<GX+q|0t
zyx`lCUPHsX^$jB|9@RCJ)WU%lxed^)8-WT|KEUr4n^o`gJnO2-A>OO5h37B3?#1-`
zo(^df1du)lMrfK-C4Fa7g~xWdraOYpp!Cwt32jl}*aDN0B%(@;K}Lv*G)HGhu_N@n
zGgj<Zp9tZ1rArK6?He%{H2drr)=W!hGJb=KEYB~sbV4ajb&?R-^0a2DK8`-=O-()`
zcbi)l&-1m^HrO8|W_4P4Ip05I070HGh+t8`cpeGdLXu(t_EITa<7=V6c-RNEK5w=8
z6Hpm>)NI_J{#=qVmBfi)F$go-nE3>DL>Ke0YXFVt2eWKk9nUNUv<7mz1N1d5^ffsR
z&?2RT4Fc91au~~KPp__ThRg$7d5T(%(iLnCevQLzY-n;2s%B$@Otbcq>I?`>Le;N6
zY*9XhriPY=s)o7FR8wrUd+{QdQr8qW6l_785gR(a-shoe_H0hg4Rcx+d7Dyj0?f&*
zuwmwWTYQBaGg%_gm`Zgvj^(D4-EAPZs#3cgS60X?ONHscn<kjvVoZb@uHiRt$gq~6
z7ETU5!j7mcXtrfdFwGuSvVeZW0NtNyFdoUIhlW(DP7}pZH?`1JAxcnNu#1PugJfCE
zO?&Jj0WWZ>u2Lq=*VR`)+3o(gf^{gcgYkMsc!zEQP$H!;2*+wIqB@9(4|<J?r0(@`
zy0t_rQVNV@<gC+|4Q&94Kz6@IN|!&B2*w0GJGtf(tgVoDrhtlOfD2fz-C!B?CgL4x
zjHvH=H5-ousDfhpJfuY0A=nbFkIi8C^CM2Re)xFALlMWXM!}pzM?h!7>{1Cs{Y-GK
zv6-6&Y#y}KWG7uIP?kmxwUcM@<fp)~q8$!l<K!~IOqHCxnFP0DXG^3;VP0bjXwxUW
zI2$&xr?mw|UGj31sD2{{`J=CMgcUwv$0BCh2cs0DVgmfdsz2cev`wl6ZC#Nv!yo}~
z=?kUFd?y5$--F$lO(0r!CiSuvF|tNNa+=h~?6edM(?=9PmMA5gXT$O4^r{zD+NU?@
zv<Cc**2hX>BinjF`f581GmG4y9Mr7D$5R(A=cop~3Xsqztxc7J+aflMN0YSSHk@cB
z+HX8zgDuIm2Pc0}FB_N3Tqx*e)6z(%=mVdowdAIvQ->oqOf|@CM25A_lOQ|{LJRUQ
zy`7lW9C3>u)+Rj6&Brt0G8q7p9(j$y|C2Jo|Cyg}?#Dj<KcP+d8s7m?{!^z+aftuN
zA4~lI<WtB;(v+`p430nl&*T3c*Ix(*Kiqeu&i|+=pK{7%YyQWi$x}1=AK%7LP2HSn
zQ{^?THLfq<&zQ^A>2j@dxh~Ajy=dUTi^JitrfG4afUR7)diCn8tTj0~-FbOy2Mt<x
z<dK&gb=0Lt9I?Kz@X}+Bxva2o!_c7{k3IJC<B$LD2`5}RV#F22#aE3Pb9G6{rZHnS
zmzG{rT6&$wbM2HVH&#?!f66I0S5(|Iefllar{6kj)@`$A-%(wC`|R00wY7Jie)^sB
z=53oh_s+(~yIWemKY#u`ixzD^>#QG~efE9lpMU?k=WbuJ<bl@K2iw~p3<e)wy7XaH
zeKZvM(emYwc6L4<k3Y6@<>MDz@Ux3A{`o~0{p_;KF6-{@-mqcAl~-PQ-F4S}?|a|7
z<BmJltoeCQPtUe(+qQ4te*gXVKm72+k3Rb7V~;)d#1l`fUAybD%YLzO<CB+P{>!Vb
zdV15QXRf(s_x0C5ck|89-+c3b-f_pTw`}?K)~$QDZTro=_r7@Vy)XUnhp#;N;HwWl
zxbMe5e(mwc-}sOJcw^VDUBCS0FL&?W{i|R7YUj>3_w3p8$}6wD{`%{0yg|O&|I9P*
zJoC(fXP-Ur+;hKw;e~hi?0N6S7yt0`%OC99_u(6F{OPsV{`l5gZyh*rVE_I<zyJRG
zfBy5I-+uex?|=Wv`|p4Hhd+Gwr$2rE$tRy2Jop9q`SjB-zxd*>`18Mi|NGzn(Jb`u
z^W%YkU@y4xzH*HkII?y}&#tw3N1t@=?j2j6ysTi<>9^KCxb>Ic9X@I4Z+Aa<=QCGJ
zRhN&fd+4rbuXQ*7;M`{)+V=d7<zpsZUZ=ftYf1OgvUN{QYHGMGXXuy>MIY~#Dz&!<
zm+XFj{^_-q{pZXtKl-gZ@5*^gYFv_&HT05(B58iMuke{FWy5bbb>EqPi!Xc2LnB8k
z1FyR^yI*mKw(0buQ3J0jKjN+p^P4Z}-hW^BHS6~5++IKK-OX=RR<3#e#{Mn)-nx6+
zkeu3EMt*01TTjvG+}mb$zw?*Yo}4+i?7a82J$tXp${OHVvh#aiWdHVv`|gWhQ+d_S
zn()~*muowJQad|xgLKo|dkQwX9?yOMm9Ng3+V8g$Mt-#=FzcBmvF@5%ZfXhKP+W3U
z))Rlf{pT0{^-nHO<E+BD1&u}hn(}@$Ap5!7s`H9MBM;18J!sE+J!=Q&>|fh3rgY2i
zDjP?-e8&xR6>TiZZ@jT+RMY6jb;s3vU-qs3{Kxy=SpDh1p7nM02gel*S)SLDbFsX4
zebL6;oyCo#M!fW1&xM~YALq)K#yoOeWw@ZLu_*Vx!hup#^&>^aZ~L+bbk>~khqpTu
z@uxP#^Q9f@ny(oC)>Hoa{+FyfuHmJemj`9<o;vo5@kbVHDHziBR9;by>lYi2TRrf=
z`mDu;>vD$7KeZ{a_JR?Ac>9`>r!HT2L;v~mnxf_Zxodr4UG%v<4f!9Bezp3N$vx+7
z`)c(p_nHCQ&;M*g_O@f6np3}g^k!G+tW#P(tlTuYwYK=8A+5Eeo_u=f-V=UXJaGGu
zhECpESe$>|qCGzxcG0vA_vXHwKk!6<UUAjHku5H-dSuH^@4$(9#RE=!d-_w)-1OoJ
zXZ>)_)x$UUc$bad|4x0sp`Tnj*w;FCjq8C^{$q#om@GXx?9$4>hJFt`J^hD~?D)>j
zN7sxTotxb-{kq-5PMRD&cEuA@Zo2FFCysDc^gF4mJMY2#gyh;b;oaAJTwjLo8aDrG
z-$U!O_a8HQ*oiY53tUf*|M2sPPkj3ESj|=R{?3{oY<_9y)~Dq;$8CxJYT;7@*5n*<
z&6*8^J}&N;_1OGdmj8O@7srm>_SmyKF8gYB+aG5p_9c$qv7#n4GWyhr=<3hkoxS0J
z>(M*P)YVg;_}#NJE00`1dh{i4Hl1-o@!)yW<#pM<za4jf<@vRnj_VhHazy77ulILl
z4SS)eWzOw4WIu6U)>`ee+Q8L=?~9MV^qw87-uvmeqyF0YX8)eq?b~Nx-|xFEj}DiQ
zDf2E^|G|Cl9r^et*FNc4lM~1pF>KJ_wku{npY=!AwFQG;9sl<)KHL7l6Ry*S=WHCj
z{nhZ|Prv*yulSnvoBns(uOpxJJ8?zli^sk4GxzL@_lvwg>6w1RFaLAmaQE6TCuVOw
zx8kls_g`-L?vQ&b@4Ya$HUIgmI!of&KiNOHaKZbo$dISk6h?QQtvtNDsPV;3bFQmg
z_f>1jTVHtIaUFeNP2R%4bPt}k=6f&rI&wDVy?Vk^Yx<uY*fRLGtc?q2K2=b2t82rk
zxji37U+f+qs1J7S_V(+1_cqscJI~H}_N@U^V>z``?&`l}@Ydn~UF-5xH!R5ca_z@I
z9k!+C4-E@qE7#>*`pWI=D!1jX9DHZNTDNP^zAc@1fA^`Qc0BwG*ZVt*>+<$AmweoR
zK&g7QeCy6v4h(;$wxIjkFSZ<i@~B<wbB635y)wGs!(WVh`i0=QBeVmr4c__LaoPK~
z6em`no;Pj9b9E(ZR#E=<FYqimF>Aw;&3Vh8%!<@)o^s~KWe>b`?XN%hq9?0me_K)a
z>Bmg_!`-f&?&7P@tQvK4?Bqwrj6N#otB!qt`z-H?QNE7Z56{gjIcd#I|1EbN(IV#!
zy6M>QI|uHKWcO70dM3{O(o^X=seEA32S3{M#NHp?{N~B+{m-3Ncu%x@)oCZcSv#aV
zCtP}0&P7_=Ksmm*@XVZ(mM*#TrJRCG)(>vIy{Ne7qkZldH;owBF}!=>foZ1<2p&0l
zVCUev{P@`|o1WgiY3Te9vL~#{Uf)<8DBiX9iy!>-?i&a0{Ql8b<{ZD_r<GaP)fGSR
z*4s7GfBo#jt=HV~`m?T)XPka|`5bp{{mX@WOJ?`KvE;78VU^NZE6=*)(S=Vfdvo&*
z{kPszF!jJa?t!%}vtQ_W@xR9}eDLQR_sr<GYTr|H{^ZNv(^K<qk1O(aXw@;{uiiiJ
z`K5Qgxn#{lh257A+d2C6yf>sBZ{%zrb?VNAfB*QCEpoo==rtGYJ7UP9rNcgQ1xNj6
z-55{K*$-WR%=vZGzO%Oe#@W-?jLFX3lza8yt%3g;HKyvylb=2RhEKPSxMz59%R`sG
z_etsO^YT0+?|Z!Po^^{FPW<8TMt@nl=7_&#UHgYCtB?8PId^nsFT5&RaAr+?<$}dy
zgZCZy%=66Xg7wo%V$z12ymNyW>@D()F37K(FlS_U*88t~zI9=F^@#^vS^s^+@F#yh
zaLvHy*39evOLyK6KCIt1y}kQ{NxrNXg0%;aY06vlUq4xz^_NR3i@aG!{JQ1IvFF~@
zzqK-F!fNlJQ_H>UuK4LMJYxg(N6Blyy0W0;mHua+G`s1loa@`4KY!L^$4<&$``b@i
z51hF!uc5ekzdZXlJAU_f-^%9}Jo4d(SDpO&fGOom`yJyNF|DZom}wJ>0tFA8cGURy
zs>en5zV=b`oxdEu<;aUy6#w<H&u;wSwQ<u%z4n~)#+Z2x%O0(naqxn|PqMWWCtiBb
z_g6gXdgO$=-}~F1`BV2jT{~OOzx2Mx^PZhpyf!+1ardbo{Pn4u_vNp1^>^<-P~lth
z`sPzVaLtOYJ*h(;H20qF7lses;+lC}@fl~1oYPaZzIJ`*zT4}6=lhj(`@DyKI-_gH
zF-QF7i{r9>wEw36x%0`qeZTsTs^^yv9QpF@kKTRt;IeTeR!=Odo%YO2x!u3rdEKy|
zWmkQ5cKO@VfS%Q{(SvG!w`8&VoYlWRcEy-oA3glz`!5{tn$lA+dQW-I39jxzdq$mq
z<+bBnOHMkFw^qq3F8f}=A3xap@@-EqpVB`1(~Fng{m$mUbp7P{li!>0_Da_|J&l9+
zeL4O9aijBR$2J^SB)wECwZ4DEM@PQ2@uP=tQvX(a=BxjsPLqZm@7lk&pS$vyOPBol
z&C2~(jL529Hf-ypvlspC<;!pX>C^4MyRBdQZQk}ob;*$x_pYzl`KRk182jdTvP&K-
zS$81oky8$QSpVOTKkEMTOa7gYjM=f^&78`u3+^5<=hUsP7q_i==e67Z`pZxIui8Gr
z_4(W9Zs}~?F#oZ2lR|~hy?O7kzZmf1QCC0Q@XU(Z?|yaK*yleye$EXQ;|89;bM5$-
zvQBDT{<Hg9zE@Da@~&qa{&e8^Q77K{%4HY1b}#ykYhl6qQ};h|eO1A#>we>ETVGJO
zXZ%R7{Kqk?UvIy7*XPHbd0D^jPd@p=Qwlb2%3aWtd+ir%M*3R^&Cj`ITVdm_oXP{S
z?KP{9JhT3W+_QczXL)bTQx5i<P???6-&MMA>7Rz2xwgmk%H4%4H=XyzDHq>2u3+@=
zP`^E{q1wv(-id79KjdsFtKjI<`c)>fc6a}LdG4US1Lo}M%=7jyys_Z<$x{a3Q?YmJ
z=$1w6YPM#bw>437lTUWJe)rbIVTrXzw$2;8EAP~O1)(*QZ+xUap<FV5++~-zH&iTI
zxBirVUk%xs$Sz;Cxia>~wH4WGE`99PNXgU-kL(^_x4vL~<pt^~p~ijXJ@+(Jj2rOM
z!_AYjhhF}EMfQV@n}6StwWqmpe*bOmz)@0O$>y9-ZYcQs@6XVl$$IUP@Xp~^3~^<h
zcIVkw?#Oy-vddLadC%^WqBZsBx?DNZ)U5qk-Y-rc{^X=RpPf^(Ye3$Hf(te^eDKcF
z#?5)}c3t&;$5mHX=6*D}xPDjes3qSSTF`mbCf}-YuJ+2})ApY<_}VOQ<ynp1%ZGmd
z__p?;+RjUd?Y-jBM~=&uloz)xC~B-Y?-#kj#@uM2f3;NLal1~)8+ut~?$S-U(Ux5I
zuz_l0|07?LvX=B4T$r2ZYB_Q5SGo0LS7f;cJU+Ide#OG~0|k5CvD0@~OxaY`TJ9>X
zEV!s3GH8$MXV(^-v2$@r)=;l&&WSzQ?w;(0E3ZFu<Mkg8A9c){{ufIpY+91n(UU#+
z#jJ&O^Jb26olsfv_FH+ENCU?1EbmvD6TNFd`O&Vdy9$;*86UO$icw=H9d-0gmz3W0
z(9jcy@6S5kl{KiUbkK_(H|%wdIG8oEXX46FCKVmb8nNf{hd;SEFRTAAl)|-ph7az(
zaCz>et2%GFWZ#mLUb-o!-E!r^=zY(I);w03wezC<?jgtSov`&s1&`lz<_h1khrXN|
zn>Ks%r;AS7Ra_n{xN66DKGEbC)`gBtggUp4mUb+1Z$9COUAaenwM32&Sk|+!z4nvi
zj@mKxh7E<$P4WIi2HyJeZLd$6bMMr#*^Spc`d{vo<)++q=f*$3ZFc9WkKd59?E6KH
za{n)aEdgKau}2p_KeTcF)>hYufe-y;(*-x&k^S!F#~$0bw*2^#EqTk<Z2DlxX}^8>
zwgG2H&x~Fh+mn+w@Rr=lJI<{dkh5k+;n@owc<1=+N>^+2+HqUvtxp8Ida|<jo$njE
ztniX7rRnxjS^Wp@?792eJpVJdeYDd5!p7sqM<-QJFS`0*PS?i;_g;I&6`$W)kUg)U
zXW3D^^6I18=D+1xFZKKGmnCn08GLrEt3q0Q)Pp(sn{HK>UbFnMNpHP-=YglD51N$S
zl3Vyx_g&*Y9{*L*@&PM;(Ej<+w_evg<tN3i8K)HXyXLZ2zq~SMR6)G5U%|o2%kysC
z5%WG&)$b=$3)fYC-;<R$aQ}5h-FfaiZ@T4!<Db|yeaDDNi$=K$8YgX7boWsed2`m}
zjGI0)yE{*D<&3RteD3q|uBXd~EXl5H955re@n^Rbtt;sN>kqc~+naYm<AAdc_M2AF
zZ~TtzlMiN3J=ky2=xbieFYIp2S-o-lkomXYQ&JdN<C=G{efooePd`68mQ{P~$2kKI
z&iml>GiqOXAluvj=6mkHVpDN_<=w9DZl7A*G3CJlcipmM?Uth>jX481-Cyv%f|&Hc
zXm4Ik`H&G8JUDlLPQKLtH)D&gsO&#x&_e@u<t;03AMyETg;(qx&~N)gMTNOH-;?*^
z4+=cn3Bg=X)I2==<6-lp9YqzD{VMW&`*Wh39<IEgHMBox#wEj>b_@vb84!4G!0DTE
zO8&ZI-f=~<N^)x|-2;2JF58pSyk|h}fBksr<Bx=1e<bqPNB(z2fosM;^p0!!akT##
z3G|2kj$ZIzz}joI|DpXiWB>c+fByOKUuFZYBX|%Y^odshS`mzQWME#>fO&yTW*zB;
z<%MDgb`UR+z?>$?ORJ8K(%L6zmtI!$+d^<*j_g{51!sTs5wN9!{q|1|)1m^b_2Hwl
z#8W5o+k>;<FMR}MsiMC~i9Vore2tJS2Ey&3!LWqnK6H=-z0!wg|0&Q`*zd-}lI6#-
zBP;fY5B`>F+24l=+yZ|e8e&T={pC<_TG*)|)hI-o_qLMX03r($?hE-RhmOONVlC2z
zV4-7~%|18;=oLuc@&S%=pGIK7ta#aPD<uwF-FIXaZz$R!w<__VU#f#o4joEmF8}-A
z6i6khWOfMyRWTmy4NpZA2Y47bDrWF><G6<2jUyX?Rc1yxpF&kRDXyv^#5o`b7<mcQ
zBv?s0A&U>HN)&5Bk}Uz1cY@JGh&G|6ngA6dzb&SQu_;9IYGoXRgB%I!3QdZ4C=AsC
z3!tiPpoNjXp+^Lj;M-4ve)6GtyDmteIS#->-o6aq8<!MWTPd;d&yX6GR*+ZAQHGvE
z*j?AE%JOyWjr<0v7S$%n0l@jdDUrVnDv;xv!K?WBdtoFA$Uh0K<Z2s*VkpZ$OHD|A
zIiin1*5_;t11YMKw;B)PoMVXyOoB9!BP%79yd{<|G>Lb}aY(>|JQIy|>ygNN$Wv`Z
zH-MqYQXtqyb6up6Om=w(d<qcIA#uuVOfXO=2B;|kN*S7ero>mmER9#=B71PyitO)T
zpL+0_eCrEIa|qPre*g(t{pKKmR6r*{KSZ7}NJ>YP4`hIEjd!!xcF6$Yz-CFIRmg*N
zb<Gl_U{lN$_=KXll;yW{C<aWhfeRs<-)9V&4AUqQkn&zcKbcT6>kRw_ixVc3mdv^>
zrYJ_j3d}44IRMD@WFtxrJ3nOX{Cru%qN`KN%Jo->JDDrc(3UIF93H7E5yM4+<%2ns
z0YNtvHr*IHHFRX?)p}P92uMxD{8+|I;he*tB>aP0o$Qq)Dw2gEE7-1-MU?miMo5ht
zQV`o4Px(2}2H`$nSJP3NhpDUZ&`MY1c{P({#F~X{=4{$L!RVZc<rA8f=!A*o<)@ry
zj@q>c`&a<0R)uQ+_$g%-Qj-!Qaz-Kjn)N$qTLs*w36*lWUdfAQ*gR9OtT0LkBY!e(
zw`*J%CM4`cUWS}p<fguySrTot(x&SsB}{sz`;W#y2b9)?Ub+UV2aqYzg+>X8iQ4SC
z3W*YgzA!GEt`P=9m*%8XsV&$Ab%bLI5GMdK+juP+4Y1w?e>XeJ&=gTB^lzkSu~_v~
zOdztrqzR`dLcju3(qaL&0|G%<#nuEa5~~0KSz9ZJ<O!|B89*~+Y7hRY%NM;nqWvjk
z>ky&MsI4Yp<)klnk}2IH@<Yo0$hpxuLA-tl=ugdYUS&Y<obinmq!ZRj!H<qUytHK2
zLSLlQVFGgqV+15hL|&5<7>4mWppt+n<)~c7nUma=sosrIPS(w1_i-Y!->(1z6M-i1
zFf0o>j`i-~)o>x9S!W>bV0b||uT!ui{FaI%2_FzGXQG)gs}(;m=Hy-&6DC+K@*~?-
z(}|>k#e@3a(h72bgoB!f7ly+cr7*^dDd~>UkZ<(FhJ|aUaA?xp6blDWm@iyX8__=#
zF<X%ct)nnp4P^vsj;y)lrkwnL?0pG*8^!g%!_mZ|g+OTug~CR}v6RTNWjmJ>CpeCi
z7!o_!4gnHlWNB?LktLy(?3fS;B`p+E?sAlymisPHDCI5$N`Fw!hO0nn%YC#^ZbJX_
z-kX`7U9Ds%u?_v#`hX+t&V9Uj^N#QHyJTA`4&#BXT$1~gQWO=SgUD3bwg@mPbX<pA
z>T5<OB&96{vbk9#8@y0l$^&->oOO(ZCGK-uJj-FY*=ZHZL{Dc#GVV6dIUIwsN>dkh
zsI(@T%3YXylqZMu4MxK*f$JmUlLTkvL`HDMg6UxgOeM61ExU@~D!*VB<iJ>z9h!{X
zncHFj@_~Y5p3*_NEK&o+mysJmUMSiT5*dEs!3XFLX9h8Ev#zYaTtcNLJ)#>uunUql
z@e(e$Fk6Tz9SZ|gM@E*SjDKLKXB>G6M?0Z~k|kl69h1(Z2s@iQ^(Z*KQc(kuktKy#
zMrns^1D2A%9T^kvT{Lu^tXFU*@bjJxm<cpE(GHpbr20~<gN2w~iA*dCJSd~ev2cX-
zy1mcdbcX;V3s=t;4b2f=hx>N%&5h0BJ)nJMU#L>N3pu2SH#cW$ExKGW=&e=ROK?qq
zU#Bx31LAW7XeRboYf7~1DK<>?dMaavV@9_b>FNuR&w4y6fxxv|;R*#?p(P>X9h=&M
zjA4e&L@X>Kx$*n0eJJzmQ-~qame4c05J7gBWXH|RFg3A#*-j9*aiSQkY1G-MHJLfu
ziW!YK>?GV$z#oc((1d}hiH9-&A_39>2uJMRvY6dr*rj>CD74*3Xp6&Ugx%24mmeB2
zFB~^w39Tg)g9|;BqD%+B*CUSrt;LHiTlm?_PZ_h0aC-`%NsLY-%{CJofnYnp9?Mq1
zTWub_hVcvJF3O1O$zW%qhn2t%qxtm>bxUv$vX<w}6p1H~p!Bs3OOD{=E9arWds~@v
zb+W;AA6P9M4JUyk<V92j%V87q(x_7@-2!QhvO8rrzfr=-hoe#A{n&|as23eJvusfs
zwDrY}wigi-V8M16tQ9e~I~1;T06k=9LjL^+HMA#Eao8KcDd;^AjEzeWfME=$Sfyqk
zc;btdVXcHFJq`gr=j&|mL0Ia!aKoh~X5XAK8Pb-m#&A04G^X`PXDZwgOlBe_0KEun
zs70?`z@Ax~t|pC5O&bvC7tp=JT4=_MDSmj$=yNapi4(dXNcUKKdKkgRT?8!y)ZM-`
zNR6<xUPQ2n^Q~%j>5S#zSHAHI^1#AGua2@Bs2X&TwjBv;Kn%H6BJNVQk`@B!2ndt9
z5=3laL!l2Uzl*XLtZ^ucM9H8W=di@<1h!A%g{kS#V#x?pu!}qK0p*$xN{wf_8STX8
zz)W_qGYq-@js%?5L_91`f+vR<@GWc|+SXvN5e3SOQZ$g=X`LV}rKM^~(`c2Lc2{1<
zF(UMRc#J4IKOu<m%tv8YN}{>o=q6Dd;ZcrkBbH87L6VY&#**eGHH%AH7S=TE-@LC2
z@s8MZi$PCqqMP<y7*|V-5i5PXBHt1M&Tz~GCuI-^qNGyHu$Uea8lsTEgkga(r-Q=7
z4~nccZj%&2FG}ZhrV^QCn-Q%Jl~sCY!!uxmVuqQv$=$wok7(MnTjUmfAUv}SNVdow
z+EN;$KlBughBmddYzAYvwNOP>C{$HZKH?C)g`b@EU-rw}R@Kpu{a4wPa;N>*w93lR
zi2c`ad`9fQM(n?aC&<?~#1hOcmKT|YZFUH+5sR=9i?9)kun~)}5sR=9i!g_wv0?z$
zueI@r71-cJ)3RH8speinn+?E+C<JDlo1TKW19A+=0!cC65}UyT1~oJj0Zk4oNK(^b
zuJps<GJ{%60_FZJH~VXqd^o#ect|3j0**2zq3l>n2)?29B{EXRz(x0X9)Na6V!;_P
zJ?LWKB9{vZR``+;^7*{ck3<ojI+x4X5#qS|fL8z!ku)D<=ocO?O(Tf9AYoEQr4YY|
z#%>1Kc2Px8r~=z(A%133annMSlX+bV&JlKqn-UGEf2Qak2X$N?002~&+5Un*HH#io
zxtLp`6=ruooU`*%vp^NI^+{SaO37OzN;XUq%cT=goHa0D;)exU^|C=sbJ?+31)3|i
z1|g(NINcS{q6uK90l+tsN$Fe$C`hJ59|g)H5CZERAgF^15Q&~2o+wr`;RJ+z!4sjm
zUnZT*kkpWs&FviZD62C8MuFXIgP^oq*y}O2$^fysv^7$eg{^r|Thv5hseO5+1hAo2
z-vQf8i|b^Mg2tYt0g}0Rb&3rpODjqM8$81{iBJ?O@Y<obyjxZg1n3w*Qjlw*0R@!v
z$hbx}el9DY4M~>;benT+6FD8o`o=5%f9D$426d6=T25m6VM$SgCdSeb5-mKjGd)wZ
z3gsa>>3L`gyKj?lM_NxQg9c^6R>>+W9qv@NjMA?Zhy4cfXO&UvC?schXtA5>O1CXh
z!@f6QGbsaVX&TfWm3Lha&YF(upb#FwlBR^Tq6fZ|=V2}<)yTPGH6QC38Go}afUA#Y
zNFbN5TD6KN^#|QZlw(<7k}ad4HtN~$;7YR-NairEwKzqzueG?v0Wl74b0Uk>e7K<l
z&}J9}HZj0W$J6W!LB6;4Pi%Nu);>%twhP=+no|s_MZDtLOxyWIq*@XZK7g2x#&sqy
zi`uCa6^>hEintK_rl1U5RmI2;V=6^i)YZIYk&U_7?Y6Qov*t6>DhUKp4mCR*!6+AM
z7IsVN1<Ole-v9wwNRNjW9)4xHG=pNA?PnCrq6QI9;C4`+vV~P;kyw<Enh0JjMwGyd
zrAD6p05upGrtvqZgH3C4Jw#^`h3CS)NM8iLXD8db^~~=sw3_+-WwV&zNGxIIqdB~a
zAg0rN{jA_xNM$Of#5}jw9PWYM$6{p5XT&wvT4+4+jab5HThCSi*ynMze7g>-2$zR1
zV`k7y09QX4>0%Q9fcQD<pn?;CALk-=3Wk`#w%5R-LKP~QGW3S~MAO(kE`uvGjO#Ux
z_n^E6OW|k~2U4`lJKOn08Yqb~%VtGRx1lXNUD(hLV4js3$T7z)$hY)%8IdlnD-nxk
zPdCo-)*W@SIsB+Iq60qN<eCF+OTfnqN*7gFEb>*N7K_kPdTI-Y*K)SV+aI)j?!PyS
zSTd8Fy{0f=<CgS_)=|Emg*g{WrXb4f0sGHc0z<)N2RQ+mseyq7NXxLeZV21ang2E#
z7v5=k$A_irpU6n|4pI+j2GKesN8&tfP9*jC02&R+`fYV1OXNlwMQ_l;N4XN@-j@U6
zwov+_vRjg#+36e^aDgqBMGUz`JkVI4HbudSi%r3>xe!H0{>VVojVR_Lh%kCKdZ<1a
zGID6L18D$L3&~)=25?vO$G_nr$Ng-q`GPT!8<=z5ap%@`1bx|@i!d)aYNQ6zAvL|`
zgKJ{HlobpV?c@>^DGBr)p%@W~R3A50vr{H0UZG9dGA-DYRuKbbh5pxVgX|(~v=1tu
z!R>>lmxiWm<rP&BGhxPveNc{19{V3lSihBZ^n?FiURhS|wEqc}jo`lz%V)&?XT<*J
ze*ph!#Oi0n>Sx62XT<7f#Oi0n>SqK8YS=A+q*W9*`H}bQ!La+0r8>=i956LiU~8bl
z0)cC9djg~o5w`ogIXV*xb5h`R=SgN#NtEM*X;8Zf4szfP6^FRSW*SA1pr0eJvs9vw
zF<qdCX2mXOSXvS@R_YpSY?8629ciye)woEwD2UGr@;6q8J4g=*fe4*OaIR))6eJM_
z3gv0gL8hiPV=7!}qRT<8J`J&)aezqa;&4%Qt+O+p!OBF&($1tfWfv@2gx*OCh!m)C
zj5tDAB_SMgglpS14tO*$>>)Q-TWzJTCsFMRqnHBe0HGhn@G4LK*wn3dJ(lPVN>?sO
zWG0Q2A$)$tAdqC3%_k_nAtNpkE}Y|iLYMD&pT?)(6HbdM$018((%@MROf3ks%#|!J
ziK7uIh1+<c@JCd}741<{j0kuu)-1IB5<*Kfambh&aZ(^$Cd)Of38dXgHeN}#tucf)
z9}o{4e%3YgHtogrC=ALt8;u4mX>d%8WTdmQeWb)a!Gb}Nj@U4Vs#9xj$L!5@$`0o6
zp=SN@u(R0c5x`4)=Av>VOEWl91hNe;21A<&<1!N@Koun*2Esb*3(M;I5<P_gB2+Jo
z9qV0Z3b0oI5eyavTRd>L>(m1{*RUuUn*hRNblxXeGN{vo%ZwFc1H}rPW+GysJ&|qr
zNkd1@n%-uf!|M+az8j-FT*@n6$#tjDkbtr}#A^(vO*Npn8pZ@f&mOky0@%&~V0#!H
z@UM>D!YylpiH!6w4rmzG97jC>{U}X<oIVzV5*VrS@GT`;7oeREf$7<Rruh(|$h)_T
z11ia$ps+p_XH}9?JDOnB3Ts5aNv`N54GVNF0s>m3nN_wm8*WeZDBD2e+kj{et0ZYn
zuGk@62r8lrdr+`515K=ldIkFgqZhOJXT%>OD3fyB(OYHfEUeR-8|Swyt7)p!>YKGC
zO^pZE&#RlKd25>4Z*M?bR^PI)acPUjQZ&^xv>dE8&ev)h4%YUsZ<rVG)E%^>sjj(M
zYi!c$7cW^<UpFtH)i=~GS~{=3VSzT6<!fkc(H7M&u5V$5wlr!`Aup=Fj^&&0SzOmt
zyO8~?nOnc8zUAP6Hov~50m_`u3a!zW)HJo!*DhUD)1)m~+O(vxxsFvo&(qM@P~R}W
ziPciKxUQjvoe~YKDy{B7_Csr4ShHvmR#mf<wY~}4SKGMc;HLTo3tO~>jf>{hH8p$Y
z*0Gk=%w1GRRk2RhE~=?t9MI;~EUsBlhq)SADNUG+w{F?OI()?Ht7-7m)V9<&Ho%zF
zHa4_0v7Z6f%cd5Yby<CLT|ld8s&9q?ncvjNiihE3Ibh5hJS<;B9hCw@t=VRTC4t{d
zo9nE$%&V(e#L8-h7O)2%k=UBliSc$bIg<p#L-1=vX0HmCQDP5b`Voo!*YwFL|5q;U
zTU$qd`Tvy4%Ce9%{=>A9_^-qB8Ik{w$p1(De@8R{|D~D$z7B=#zh7Uw5e2}A0$@Y|
zFrok$Q2_jZ=>j~<f>%Y_4kg>^yM!C#D|JA?s02btHr0ToS%S`foVSU0dSc;tX9n@Z
z^M;cMYI8x`kj$iPh-Uqhc67JcEQ+rA7A^6UHxUI@Aki&#I_Rm<tQtTf2e{8D^@{az
zuS>>xbuubX;_HZFnoEdvg8G3QUKm4BKo2R>1GiW-q%e=%&A?Pvw2^EeSs^`8Ex5#Z
zy2GiJnWP3xwdR8xM?gCW-0ad3KLJu>OZ4t`aK6L<4}h#lo<NASXeM=3+5qw^$d<uP
z15sdM6fAISISRb7W+s*<_*rTeHDAKEdwAoed`OuZEWv`qhkEoQ$O}UR>&S2kD!U;h
z5@bmn7p}|Qp7yY5L<rnbPogI)7u>>qg0Vns2b+utnU?vn+S;JDtP2JPVoO*pKnOh=
zS!lS7Ns%iU31RI8lm%gWWI60iWF1O77B<C3A%}TbVI2G!WY&7B8(Rws2gZ!CUB?!C
zz|)SRYt)MfFkR3u7#$cjq=!B1PGsV!tHIbA;3H*OUt5D;Bc#IQW1sF#Xp9l*N=ScP
z%-szz>j5#%0JUj=_y00Sz!Z-H=ZE(Y#5UAAV)`lxzziB1R1qp#9kHTx6IV6h7KS|%
zpIEu`KzA^+q!hBXF!H!+MK}c5NUT#v3KdbN3Y|PavXGM&NOei&?3z@h%Sh`uD~uLa
z+G$}}d5cOQ0|pMo<S^2)a35N{qXI6`%Vs<V14x^O4~HK0w381~GX-`5Xmnq`W5O@g
zgj$!;*`*ZfQ3};~p}e6`C|hBAtRtu)_&Rs@z}fEzM|9O24yhB-Z5e{aDo6OBt4`gj
zzDvf1am2Hc0cbolrKnL>W2J0ilo&Z0N|YFnY!ECV?C^hA+?W=})S0#+&TzWO$e={h
zM~8_tl14bafUoty#XBnmkig=ky~7VXd*C9I`@n&3259iCUF6}Q_IM<zmI3XQQdD6D
zsHs#Oos140of(PEXd>4T4IYz|WA+9Ur;sTeNlY2q2rz3w@RaOgZSsl0M{1Z2p=xJ`
z2HRx`1P=G}LyQ-Oc;{iI3H<n`o<%ZdI?;{bC44*aL%th&sLW9+t1AMGR)%G<^m8U8
zhV=wEuxUMM$}QvJ<y48$ODNd%HBlgy9btB!5!4Dyq?utGjp72i9<dIf^*VIr(G?GS
zci5Bw;kpPlx)=w!?#cgx@g3NHM<o<FMvDT7d<tOrJ7bCVaLm+vqP5xaWc;pyWOBrj
zfl5#|ruM@LwC_`Vkucy4jLU+$7V^e%lvay~_niHZwJY8wIY%+2cLL-vKz@T~FW8=t
zSFgNF<;{%K4T^fIQ98HqAP#v3AWtLED>Q#Ac!%4=k(GkyOr(rX1K0@JZ2@tgi1AHX
z2YO|`Ch{#GWZ7U3$ql5QA^h%}VOt1-t)=^tz|!F<-fO}5Q;%eAwy}k&%+*ma1W2T!
z;E<N!kqp$aR$bJ@B|PX^M&k~6^tPo=-sH)IN#_tNQIcWwKN4|BG_YLq2p1=I-C%pK
zTYwTIQ$`PPgu+-vj4zomfhkKb#18_b4RkoR_>-JMuK=7^Nb;Ob@+iUS7>m@y9rNf8
zB7w{igF438$N;unTYO+`Ne76idK0OY7FB6XwHs;ISYvj19$gw$nV$2~NYu~FY20MQ
zRUq@yqf=xtQ<^kl<)v&ElWZ-7rUaAG4!4jiN~o0pA)BM~BAY$SxluG(k9vb16nzam
z*b<NSk}Z$qQ^GFON<^@TbGF3HYN&P9*nH!(QF{m^on5zqr3Gsxh$9G#I4ol!s6@bR
zGQ=_=JS$t}&Ut|162K4O)tqgDn44o{K)8bD*yP9+N@y^-_0ZraCVWA~S(UZxx&JB9
z2}UD4Y;JhS4#q%8d#p5%p0xzQXb|x~0ihjrxF{Mld6^_Ti=)CiOq%q-qVG)+r9!i=
zT%@XxgO>y435)BV?veD5?r>S7W2%fA2TLNRgquwnX$41yDxXl>*f3wzYp)>7H`POx
zXcFFCSnc6e7tt+X`LmH11H?h!H8fpNu+<$FY*w=o&q9Q*GzqvO*C^R3B3Om;V%%bx
zZ~@6e&Y$E886g;$T#UX2CDoxx?uy(*CE`3|hkyk0$(I}v&P0Dm3Uu7^JdWTm&ezWH
zFFv?xBHn#Y;V$qd7_rX1hOGC_D)4;ETR0tJ`HHuta8>~0tZZ9gc`+B4OvusX@H}~f
zXCP~Z$bQX$K9gg@#iS|cF=j-(02BBFw8I<7>@lL#9bSb|WwWC8$Tv!VvqPb{7KnR}
z;C-^o6fc!x`yCiCFvg1tn@hkpf$#Gz`Fh@Ag0+p5%SKwsCRbiCtn251mb~3p-nruK
zj`IT_ylhkwXUPtT62}0xpj680CQ1Z}v$X>ez%b%(3v9p%w?cpf$Q7X!O5jXri3kAu
zh*O1UvkA*o4{;#saSVQBL^8234`Y&0rZd8))86b1bd%yETUTy$L1za>vqN$vC@<at
zf!ngmvH)(fNHNL|kzIt#mwF5>5h2fHh!aIRK_OYiQN*~3EPh>FzC6yGj~IT1Yc|q|
z+o^YFC~O!C3V?rBSPXu$dQdW#0C^7u>R74Et8Eg5u7ong$AxiG?h8`$S>ODgLY^p^
zVAp-0mv_hO_vrDcA4*T@*4c~!Y{ZmHi4{VrggMt`T}u_10#k77{(xi?qKW*C=K@c!
z9X7%1$p@q0ElqbPOT9Te?gAI$_vF}IS*h`@eMsQe)R0K?OA``)75qyZ0A271=qmxT
z1-zm=@(A77Xq~m|kuYJss^Cg;N|ci!*M%O=-RwKkKtki;1tBX^j$o&_8icCxdkCJ0
zi;nsji))2Mie}`6Gz%0Z7psi>3)_yVWV;n%n42Ih4A6Mi{$2(Ijg&TA%+nq26WF=(
zW(jOEhToyrtOEfLu3o$Zp$`mDQjKjI)*nz{TQl#YerF?H;R^BKK5A#T@_3x1yHM<J
z+F7`e<Xn<Gp7xP{$oCBPMHhGPYR!#SIN)~V^MP(59n=QOHUe@EF||xPQYz=-;WlBv
z^utx(&h_KyDY_L;R{{k=;*g>M@^n?QUqKYaWyiL)V<meae3b$62f8ntn!EvvT0|qQ
zrlBO6H-QH-6Yo$ZMV?DM#*@<gVl%riJSHsR1nxCuHTFYIV+jxnu`1fw5Vis0OtrS!
zQ@Gq)$}Yoz<yQ&_F{R#C_S{=4e9h<~%TekLc-HVjgutL$d>hy~BU`{SD(zS<mIyBW
zwjTDV)l<mMB1j1iN}j?(UQZBOL%D;&;?g-l7mC@pne306#8U_h%zl2^!1{zb3+RGP
zr6uq8HYF>7D1mgAd}g=-C2U)?P?x%3zP!*96m~S;D?MR0CQt|wOm8aO>qV6(q(HSb
z7lE_#AWWOimpduH?e{s4xX*ziCMB_g6{_jf&#K+vvUx5?;CSFF>jIeManpXY^|UB>
zm0{jtXtuZtE2{E<whaE%HaC;fT*w@_ssqnC5?pbT&khRMqliB$WsGETsiOjyz%c`C
z;8SKA(P8;{;SmDee$A@7EVC-1rit51;z*XVKmD6qiEmCN6KB}CJP1!0+l2#V3S4g-
zHdmSfAsF=J>;?Nn9dKL(tQYF-BAxJv(L;46CgAa7(S%xd(x$g{T7+fY1RXa(6{uH~
z=#lmqK31Iwb!wz-r|x`9XBfz85}lV(!(=!4KEXUfnXEV7g*sa{+Ok9{79H;uVlE3R
zTgv$@t&p|w2E-y;1L~6uA?vnp`En0}CbQRockEFSl-d0Vexf}%{8k!?Aj$HD$A+1V
zzrZS6DTA)BjzY#`HtQ7?BXd%rykV`a4qjcA)gq{>#hsGlno!=Vh|}H<FkJ8=@u<S9
zp9f@soiw<@K*bvOuyS3bpqObAI0Cn)d1W|YkHRMcm1Oz4^{^0?K-qM!VAR=K5E0RQ
zt3EmlV|^YDn9Rj1VAyO#XgwhiofR@uC4lV!lgB#F8B~fY$?ljQyxyv-S<raX#^BmG
z*_Cm)H_~+u#5<rtAg0@7B!!WuD0k0IhSBQB;-JYKhg2bP9j<}EYo={<*2_(|Xew-4
z{WviTXx}5|kn30RE*l`u0B1w!cIkuyGqjj$6eCSI15)YFQZWuhkMmO{2@Oi5HhT+c
zn#aSAaP}rBP1CBYwPHQq3BI1ibg*k+@S@{!#onnazu2S4Ox>*n(5`1X8Go<47Sb3K
zj=tLBOgx(4B{@<p&%|l|MA5Cq$djr&zgXS(#n7XymwZDP+bBk{gDNoIL{!aK6+2;Y
z<g}3qmv>_8yH;q?36~m`mo8Q2DAz_{iXHSN?m|iwAq<@#s8m#D5U<G=M0*stUAAA4
z3P4(0It>5HcMliWDK>*(4C!u>sNP_O*@JjQ%05O0P~Jp%u0%F~BkM5qSk&X|F~TTL
z^~0W)dUP-g7FTr82O@LMb}=SjP}ky@hy>wGIsqgD4eLBn9lFbvfL7bU>PJ<WfH@w}
z(_Vw!{uA7RKBuXltKLd6zY>fsH^Gu@t<wM!*;*O09`Dvf<**s;u4aoKCv-eFN}@;@
z*+!QlbZtT>*Lq$grosBjkP2_xu|#4eGAyb=rAC&S0?B}Ur_tyTEijF^aM?!EUxNZo
z(gcD9rpRnJ!i3R8|8t9Z@Yu#7pzzZQD!#pM3SG9WFztM{Civ`RHk%FN+CD5>9AzmF
z;kS}%E-Wp0@#wWgKGqqV6*)l#^ACEKa!hW!jVP{ovY|9(@MxMoDuTV{%%g2BtNm>@
z;t|ml9GxskcWy~4^kKFr1E#p}d&26b##M*ory%C@P!6QK5*<;R(n2@)Xc#qfF>8e@
zGoMe#W`(tw1LkT-v%1&;K}2Yd66PX@nqi4Fs*<b9l;p}$oW(AQrG-~MiNVi}klEzI
zby<;Mh{efar(<ZNik7QDx~MI(BSp??i`0l8GQcz+;e5f|?SoT|<+6)gN|@&l)(|<%
z)FA?ZV7qjpHUw}zI0NL~lYtDAqSpY)uf@XhJ0&!b^RB=rhLcG>oU#WL!imwy$iic_
zfpjfA<q;WHIJb4Rb}vg>!igBmjtU&06v8IVgYXeXI%C^`Vq_rr3|iR2*@u@xwzKJH
zGHj$^gUKz!m?0ru5JqdZSTNH59Z$n9L+7z^kcFqE%~b#%^kEIhfO=Y6o%XM0S!bF$
z;A}`%A|WJdTn{5mKIEkUED{(U6)di#zXQ;UWL@ZBY5zB}t8@CjlJd1K3o8;2H|KH+
zUpWJrv$%oXQf(}x2s~tGZRiQV&;SBXtWUA2S8jG;T;F&ZvQBO>K<q|i07yDojYiRu
z4@_pzUJaPH2rgXMpKzeEEf_N*M%qK_J#b9m$lAzG3A<$rWIfFGV3_WLTt1J+!&cZM
z2zWx2K{%su`G^PizDY*kTw!8~L`*Z&P5TYp0PND}PCdPVkGqga1A|ORTto(uf1}iv
zp`xnqG=<?<{tco;qmp&{{A@Ll2v<x$doYkqlW*H-+GcE=ezy*lmX*?N`v5vVsN!jQ
ztS&h;6KRF|TC^vn1N8xwxCIH6i_jo#flEw^T@^r43X|luO^?^l23Oh31Ccd}ov2RG
zmhEn9=k`<P7Hn}LtiTP-b|0QRWaDYsTcIjNai3rtovXxzHv&+KAc(XKlLSQ=Y6iBR
zv^O_V-pIoSp|u~60cE5~rXo!@AuSr*nO$5E&60G>!!k?WqVlIg)j}IoNLSdUB{^_q
zJY224Fk~4VFRve^`UbWXV{saA7@Iz5rysznU^zSU#th6G3__-05TBLuhooL}<|vib
zsS^Z*O*x;jC#(r_$qNJG{tr|tp4hA+Eq|A^BH|3Kp75oI>8%w<??jn!!zrT5cxT+T
zJL>(P{35co*j0Hn<Jnf8!orhr8{jd<qin!^BqFRh(DKSItl(NEj|6$d8<66xqxryo
zp1nn3Lr`mgYafL0;&*VK6sSBVPY}eRh@A&lTt%Ls+}MTFl#B@J-cfa#i;E)On=#}T
z>z+&LmhwJq@(>axhPXr_E)R?9Q6w%TXNYII+u_hQ(y}D<5Jb07Fy2jz(kxFdr;#Nr
zR({#U(-u6!^i>g^V(wYj1l|nUVqDGCVdSP!ndFIpGKO0+aYIxslLP{729&bwT(1bx
zBX6l)ppz3S2NWM!N2}Xi6RM%eey-OfA;rLz3?obt0lBk`bOg<LTeA%7@)wULf(8_v
zMxU0v1?DNt3O<6xl9{6zW%fXrwjjQph&xC^3~6M{#xg}7E{2;mT0ClIU%a3KI$0v5
zQ$uR3o7PmDVs1gU?~xLdZW3HUB)qs-C<;WP)Fa_FMy_EGOb6HQcEN=%F0J2a8Fiq&
zbBy0n@HE1rx<MHW*BLsPW}=LX@tJt7R2s;2SE+8zCl$Gj<fQbJpH&#erOr)mJUr~D
z>1b?r)JPeORP%L*``Rt}5p=zm*ypeZYeoBWepbU9-nk<(sFlHe$>>uJn<{?7ip|An
z4DMkxu#aOnz*VrLai8!~NV97Q{YhHLylAyVT}7ErTnM1!PHYH4r7g0M?gGS2OXrG)
zA(%^)1kK<uPj=@(X+f38tQCuLw-I){RqcbLO3)sZIam#XgzO3ELTy(ElD6XZuo+%<
zg-s9M`Elu_;5vi{xLP74;^&e$h%A|tnFa?XOMdI2tjK+(fI}u%RJ?tm{j#i@#}yOq
z?pThh)WfS2E^F!StaJ)dHgTI)sm^La@T}3nX-dY^+QL~OLxCKVLN9a8iPcD;B2hhp
zjqgRN4mMlvGuuc2urcw2o_06cFuQ!VvmrI%)DyA_j6TKgm)xl<C9}aWmvpm})f0|J
zK^mm_WUXC#ED2|-)3t{6kkPG`dK#_}Y$8~b;(EFiU9X$*1uE-VEdz9+WyP?zb+Y-T
zLKe{vEJgA5^>6kh;kdD)9n&Kos}p0G7XJd^t#HkfT3<21&<mk-pg9p^YFCsB6JjY-
zB2)k%f$}OR2}33>?NP8ycI&U@o*Hhi#WJuqSv*S4jzHo&iQnYzNUHW*B)8joDL4T9
zCe)c=7aV>TNDjlpPEqo6g%KNwy_W&TR#tpmfD02k`KG$XjV*O;HS^{*d3kE98ExGl
z)PpU;t;9kz%7dY)(}QKf@-nm$OQ$k=!0~2Ut~V8G9$`i%Hy$i}&1d>Og<0l{0!zkv
z#n-&qoldf+B_*2Wxyq+RSekX4aQk1q##2blADva~Ff=;>=9rE(R;?e4X+fhxHamo?
zj0HB;&97^!YXa3@-a-^JN81ns!{5dW@j^W=Ww_^Tu4_85uBok|W^o<6<ar7Ub0n*6
zs$bGV$*3FP#ci?et~CNEpI5cz<bw>I2q@;BreAZ(&7PuRUH<V%m=GpW_xW@5+Dd68
zb0qO{=%Ffae?{aO{MyFG{p;(zKn1;spiZzxe9q_Nt~BN0X0zLnWVEC_Sk_)4Ruv)P
zvxTKB#GojEZIwcy;$llrVoFzQUM@jECdM1k*03E?2oe<77T7tmyx^THUJ)<$vm|S<
zoy}4;=UC$GY;iUP6@kzWR9v%);enpox4SP$p!je~c%k-GB#AAvcD+j?rMvJ2n*`zo
zqr;6_EH{#^+-8$Cd!9(ZC>#;ZG`R5r_gckCJEw-+>PuOZ>dCFzk+RY8TiZb#A-SLT
zPy1Z6S?kw&YuUG;Icp)&7g~hDPBztS%cwtS6|ac1*+vOWdkSP0?6)5tr|~huGSgqR
zA=qi^5^gpWYr>E&HQh%OWLXr{k)3DZRMY}PBDJn$Fu+C-3c^tr^D}^PH}edH)oAQz
zR|xu9WAhebyedfvLwpSE*;*_gMf6)VOdeU9PEN+?LI&%cph0mMk+)d;0}4=>F6b<0
z#ssE?a9;<DFq4ct2p7p?8<}FT{HL{zQVwpll}O9WU%)a$OD1Blro|pL#PyxG0J#J5
z^i`Uva*k@Xe7b-nWw?2zfcpozk8q)PuolQHf&|5~0yT|v#x6?vU&sGejD-mPdzys*
zE-%;0%B#vkRh836;J=6GlN0~jev8<uI`ZRxS5B#{nCguGSy@>&g8w}npAr1;5&Z8F
z{O=L`@BdQ#?~zEL|Fb~goCGPj-~FP$kAQ!VfPZfV`1c6<_cs^)+pfTrI~xj@yIZI%
z`Gai4lc)o`0Zm3EdXo?>Qjk!@!_*QTmTkMx0?1|MRV)w`bTeqObSs6<+l;-rT*j78
z^8ufVLGs{>Kfkp%$t%gQTd=N>jf|{$iBiEuLK3c629*a(DS>iWg_t!ss~uu3!Xtz*
z52rda78Ei!L=nnGs*8IWnW`@=yqT%kg7f~kCw8g3iCc4muH1sUv71iVmq4Bo7DG$_
z251NdIJ9V-%?JeL6&P?rT*qBMVf<N3Y1l1<5i*dpoDJQlDUKH6@NQ8e!p{|D`nWLx
zO%nKi0Bb;$zeqIP(q6s2gahBAvdx0;v8(1ON+N|g-K_bwc|MCtLz5Y<F{1?PMB~^h
zIY1GJ&-$HQmx)!qvU5(ZDkL4qoGJ?s>`CI5JFDh%&QO&muYNcw{w-Xhz#W5bHBUc8
z63xfX$N<cXxw+i|;EV)l5deCQN>enUwEf}S4M(L@K9r?cpMgFOO-iU~&<JVCMx_9B
z9V<f_2Wjdh*Ag2?%)>e&VRHH6f$CK$vGkqBqC~54_srz3>FBNiGGkv>qp(=8F-lTs
z0ct!JMK&;`ent~Aw2Y*k3JbVe<11C-2?<jh9k>!YAf!W!0AzsXBPNbzGcJK~C?B@K
zD<+k*J3-|gLFDwejJOR}7G5UjMLA+-7C$QEV)J(jaE1F3$Q2Oeo|q7>cytO<s8^39
zV65}fV#$i1+#ODH|GF(cDZ5t+7!)>MdA5ixo#q1sl76;Gt$?$P%c$Nshl-TnzBQ;m
zC|Ov_WY3i4uZUU#rQEzUpnD~2HI$sUhdd2iWu(VkPNbl9;2ni-U=fOIA4W7m85)|#
z@Y&->Ggc&A9iTw6JwlT*+r~nADbEX+?Z{oi)FXu#Xt|Fe0WxhSZwdwKcewi-WwK7n
zHNL29<92ofC9bqM_*h|92T2tEw{ENfQIA+JAZ_r;2!O4V@QC5-jg=~9095Go)JOzT
zc`Fg`K*>k@6)gyR4ORfUFVhrqw>`wq(f|;dtclQ&Uj{MY#?AvJKz4&~yv62ldA58E
z+$oLlMz+#P(S!&p&4Iq)ToPAJO$6IkU=O#F+K~NTESZm|;7K%}up{ngwbWUr{VF&!
zccFIJW5tp|{z3(NY0uCEy1NG}uHcGmB1EkKYpg9}N<iXgh@b|p<G@<V6Af_J)bi9}
z&1ONx_YlQZqAick<YY1~){8{elxf&Fq{4ACCT)i8n4bH{x7i~sUpXOUsbX$}%PW$A
zBbbXc;i83dLtFJ@foQ?5k^`&x7PXR@0Syg8b3|p-n?4@UfoNlgVhznlj{H&3@t!NV
zUFKOCy<A+hwFvV}vvBqw=z?FOEJ9Op7q>7DeA1+zJIYCmd^#&6V6e5|xjU=F_21$#
zt!Px5MG?@3*Rd|FmF>Qo9Z0d@-!HHH9Dra8_mrupNs!*1=x@kvNi|=4A`#QW@qWg=
z1zQ6Cm_Qmkxa))>%13m0Mj}}{0zK7m>BeG&bRc+so2Rqo=$ru)CbVs_%&0B5Y4W>}
zp$w=|;QtOCP+v;u8&d{ZN#+K6Rfc*V$8td4TuK>I@<zGElfuqT*eLzZ2v0{AIRn@S
z^ArPT^<vD=X}SOL8ZP}@?at<O2~(#5=S%Y4+{razx1zR-brixRS}xcIUs!q;Y}xRs
zR5s7($z%gOE0&rHG=a-nv;#G9O6_nHN=Q5h%TK;bf@LY?lQ%G|+ETQz7His6ythbP
zlZ)GPCBEYP5OZNse$k$M_c=wlj~BWu0l&P?Io=3IIn^kMVl*foJ!IHrLt;Ujt87{B
zJ`Srrs80>vp!KLa2Ohx=%%r(1r)$70J;eiMIk+`)(F=2z8RGpU$GDlS9EY;($j`+n
zsrn(VHm@+@Ae15GSSlr`HKN%va9*iIx8vO5HStTHOB<AnC6CvZhicgh>!)+Jf^&8b
zPKp@2XVLvIM+fm5BW7H~unpw0D7J{nede}uF-eY$`m>~_Wno)OQ%ytjqMDYvd2-hc
zV1xi$xBn4hsrnxw3sLqPGW|UR>Riu&I>!NM2c?rexqI2OCEXm@GVj^UbuN0GZ@t^^
zZeo!S^1`lfnBO>{CGDsq_kh?EYCiUD0PITclS{Z13+bL~&-j&uj$mQGFXa9yh3Vk2
zG9_LB6etf75%nd-gBcBUyg}g@<e1}*{&VA|oWt6`<c+83e{HE}!*DGj#r?#-h}@(!
zo8!{S84HK+rXs+RAi^n~08j)7GGIE8{}xL5xQ{818zy3TDhAoa^KP-wMsaP+HG`H@
z!C(vc9KLT`d<k**wdUU1wv==i>9;rOe4ej14^iuy;E-IX;!6}*<o1vypKA2YOd;$8
z=e6-I2_m`ay#*@E3$j32oe`82AS^4qw82Bfqy<O-L>IKV$|`bhEAaK!O_FqT?Qf1$
z2ae63BH=JQI5VVPn5<>XTgZdxZi(2}GW$_(DecnqM{y6=RIx2jC_<8o7z0tMUO=Y|
zdnC5aqzW!kd~!`#cEp4MOqsadD^fsT*4+5{0u*s4B(j2Z2gmYkM}`$aa|;)0c3`AD
z9nX#xFa-TpB-De`ao0{e1EA&UwJoXU(^sX*>2lEet_b3J!~#OgCN4=&p?j+YAr+;t
z2X=Ltz%R8&%K(%O2j?A4P?sEBw|MM8j#u?9BHBBY=gW>qfQ|Rtqqps&s7c&ZBTlip
ztA<C`m9$s21#|Bfn=aSnXQkadtEyTn1|lQOeBIhkQ<O284hBL1xpLVl){kYPNWoh7
zIO%yUwhT1e>9(Rb11yQus?M~ILu_bNl?fuq3!cZk`IgunrM6^{gRnlLKq-jlxe=$$
z>Xs-#%f!=(45%;$qK0s%TJA9b^G~BK_17?wTso`j+qP;lY4&Urx>b`&G*+F^flQ`d
ziKw*9#jr&xkX-baVRyOcfL23R0K+`YmXeV1_w4ULnJtK{*q!MX?7bBXQS%90CchQf
zh=8etTGe8@=ynX=vWW}=Q}T@olOk%sDE1nLanz_Dm?W?ka!OFtNRVzZAj5PtsLUP#
zaRCA?7N&P}03U30aJHAuUMn=EsvfgP7A8wUh}x{2383_XI1vWK)ivFWFb2pxD-ka9
zPbLl1X3b=dv8G|po?g7V0`{AnW;Z6<8do-^10PaBf^!b*W)G<w<1LNlVKBjNM&}0e
zs?EFeDj$z<<%ruYUI~ZD*fJ=RTYM6fBloZF4fk#C^<1@m%O_(&m57p>5p;}Rmwyew
z)U(ExP)0$z8KWs6x)2zQYYRz!LW=;2D&ZDGSzPGlG>n3A=)h<?7RF$yVil<x43NYp
zk1j~U>IoYvVNWQ@Gr>^g+ex|^2`2|Ml9+IS5)Zdg3=dG%rFMjaFXZb00f?YVcmTan
zQfof2CktRP12fdFiMoh!Y*xrJY5|llkkh1Hf+DrVGP#+WivcVl8*&InDlHsi3oP14
zSYXuL00}pULS&nh2xLPPyULRV!!59e@oGboh;c2uu)K9mT`q;Ljkrb~&~fZ4gb{>f
zK>%DLf<Lk~5Kg7SeI*b{ik1X_CHN7(TDRy#NP@2{TKWxO6<CQiAO15SBj_cNOS6`B
zR3c8mE|!4^ISQ3Evsi;V?;@0za#sbqz{rAHxI7PnS{*P96m-Ngg~+xoM#Oi+ln8!S
z7>!&@Y|F+v6CW_u5J@+aZtwsrn@>3SAlV6r+kt1fcR?S7i&yq(H^5T~BJJiG4hqBz
zoZbK|iR*+#L72M=xR^I73Isne5(XF|7-rfGYFT5#Hz{%G7DH(Th1R$nbyhk(J8r~g
zm9l?1LK!8`f($eSWrB#WJP3?vK(1@GB2&mcOnf^G)ldbsrm#UFD|nA^?C4@6<jir2
z0BU9sbTJ?i-v=_BIR^m3S>`hs2K+@|Fc=)LVhzZ&LgYC#oq#O1Y@@+jo2;S@cc@v(
zRwrXdx<B=(NHZX-c)1SQEmZJ-QW5Bt+F>tVB)w=|f#gvJ0C$=k+3e+W?r!dNiCa6%
z^O82Uydz~xcC$mWhq*bJEtg#?niUD!HIGB6=zQXq%S9ZO^(c2fhXlmsp<7;uL!s@b
zTY4gY@YnsV*!h+KF*}uwvA6N<{4nvm=91bv3wzQf6+f@UVU({#(dpd1Rh`AusGZp<
zr949#y~dKRmD;#i8<U!^sSa-z+fVoOQadfbx}_sZl|&F%x3?CnrE*ev2UUuAEvasH
zDtPby1~2+tV&QyedAx~lZmDbrTsAwcoM~yKYz8&C)1vW=%>XE8+8#A+Pd{mGjp)hQ
z3Wv7e#bzNZhs}K0VIrJknPzF0vp|w_=MjodCxowSj+oI-gCxG@NN1Dk*?;HG!R1B{
zL6}QgY09gb>*g97>+F<Y-O@=(3;*JpMl#qI|D11k$z7ebr$><C?05_a4p%W<g2RQ_
z*NUpp^s34kBj9j@_Q{F=Ce4$!zK;C(Z{?NcQ>Qub-=<bpOc}v{8;;Ki{@V!t+X(*K
z2>#m${@V!t+kY4Sn>&h^R|SO2w*W@4;6||EwgL-o1Paa-jgjErBzG{p7;qq0ZYGaI
zY=&xsY(3X}&`1Ia$}%<Pj-qjPkvB6jVKdz;T^T*XkPqzygim8otI?oP%gNCY0V4oS
z&M>>FTr|0WYAxSLPdXv|QaP|(cXuWZv1z!ffNvzSk2f)=61~O@QpLPvu-6K=n`w-)
zOD-AEM+~k4@pm}NfClnfBSvnPJS(q<tRR4AOjE!!hy+WqJWY%_55Iwnv(l4x1I`nS
zW(M{xCK-+NVHf}k(}~So#K*@&0AvtuIMvCfKx7VD0fhEP-c}5x+@2a5qjZY^h0rV8
z$a8o;h<Ol)phadT2`x4~HAz5P2xyCqNGf3_I?`HweKRILDBKf{r_p)Qnin&G?^rJb
z+WfGY#xLE8Xj_a=Mm<#PVR=NK*i?v;Nb%3(pWB+3D|(Y@^^5dWN`DZ00FGTtPu!c(
zK;#Q2MU{tp11Ww`ilKmJdrKHjIl_JAE{E489E_oQ%Q)XNFry%wg39K!#TGy^VW!cZ
z%C|h;AE?m+F#QT^?Xg5;B}_jkqNM^J)zD;rDN%~7V3??jCr!1m#Q+lujE;#;$bD&w
zLIn03;36-qu&FYN+sM%ij1B;ZPy=mpg8|U!p)IrKqV%SM!U7y4uhC2nd2zP7FOLh{
z0G0U*ggKpb_zTMrUoMVlc0?!c%)w1gr5haK_C)Pwj{Nf4l}NDvg7JtM4rYu@B&bI-
zAb%=lwegbyoZxJn41`=wcO^2Ngtr1}Y*3>Ls6)AbL|i$1$Kw+7VyNBll)Idn=yPUG
z6&}hq&eb;1HA}%8`QRmW&e7CLgar^EHA!|vVHAEO!;-|)oOTDKRXA6rlQCf$q3!}?
z2t?#hmIAL6kwmP-OzIJ%gRv#{B5m<)**fMzU)^%Jvoq;=`dZuA&{EgX(zd9sVL{76
zmkz^F#`Jin^r4l7NjMhtF3KH9bu(L%W8lH36x3P<#tk$gU9u<&Pn}K+h#d)w0H)%R
zE@&7cydw30xmdEa#eLjGj}RPHtZ%UQ8E_{S)U?zst2wx>p7o_^eod`gPg?Mx>oH6^
z*kozK`BqH2j5i}fdZN!1t~>N`1~yJ+rYKugP(Z0De88=CdMP_wtFL0L2KrIULTtmF
zW9q?hgNHj!q#)w2u#Z(J34AD!rZn6zQa0CZvIbO*U#K}Y{EM`06s3_HY&BLyQ0ax5
zO+*G_?UzGf4JlfWsmUc?r8H{d{pGVlRzFIxqp&OsZaMA3UKlBWEs8ZxJGU;~tVzql
zOmI#eZ<>e~YK^&yuEk+_V9ew=1jMpK`)IOa0h5+^l<bSb@jh7?pRSU0q9obXXBrq7
zkg>1a-qzTRULCNsuIb>m=9Z@Vh6Opgq)v&Q63`-{)_Ui7Rn$T1jAU7&d^@SI7Y<@T
zI&?MsDmc9IH2}wwvJNmXFS~(;%`Qx6gVB&B^1K!zARJL5GBJft&Z-nFojSv*DA<v!
z!~!l5h_?cudDsl%Fa|ixN^G_qqg=m46Jb&vbRPmq1NY0AIlz??rq0~-a<kj8kdfsa
zZGbA!sFJF&?Qv0^<3yIWZ#;CkeG8*~t^&@8v%)4p84g0R(Pi!o<D@sgQ}y%MQI?y1
z!1IXT3}rhwFQGNfuhnK$gxIwgPW%qZMx<$_r~oa(%oqBgfDb6MgbWFeVM=E#qTa)S
zJ(MvEYD-OG`|YJW*Db3jW^^0ex1UF`MJI~Q9-gJmb#Ci!D48qF4FjRBqCU<%SY@JH
zz~=Oa5v=Bxw#9WV3mbFMV9u@KJ>O2Sl!c5T!MnqN-v+D>tPrdH-UW3n5Xx|2UCliB
z7g!ngubz$!ys6nZ5^6hZ>~JZL#biU3;&Kc&yvTocV2I^dM~NV=9I16PMo|gGn)eth
zHYG_2$l~TTu={<?2%BIvtCB5rkz=d}(%fWH4`Y1v!D;G}#-?0E3)ZZ-YzpQr=Y*S^
z#UhK!n;KghYa18kXaMeZ!cZVSP?pG9TJ->h&BAUPw9;g}Mkv7`n7M2gQ`}BApU>p&
zZ*H95vaF^l*Idi?bGF3Ud`nEHfq<tMBqxlO>D5z?qljJYVH7yz58AG>4bBc<e|D#!
z(o$Zb)gO{l!Z*gs0&=>7sSZ&op-k@T8AHc$?y{-SSmK2Pz#K9bAs}Iqld*6_bqG)|
z;L;v9$rh?1Ts<(>u7w9|@xx-L@|HkXf?7>nm|T}ghp4VFNDKwmyVZ6YaR_jYK`~_b
z0?OZ(oj<7ZmVi2}uOe$o;DQ92CI?o9qnLXda)%kkJ5gNFKx9+HsBj`>9BG9?2)KLK
z25bP7;x%1Txnzi)Byk-o34<$1+TPemS0Z5|bcoVyl53<;*gy+Si3I|jJ=%-%h1AW-
z3d^q}@J*j)_L*t+T$x5J5l>9hO->YccZtBD>QTi<#7(B>6xDTr1aeShbySUrOM(~S
z&4tv->k*v=o2?p@n-cn024zomYhEZ&7F3Gv+#;d~`|fqR%XVi>8v87K3YaGWiNddb
zgh%2w1S<Tt+x+G8%gHmcn~7A!m5jP+M|81J+UepgmQsJs98ePnFJy|_bUVUDz-)2v
zEGH4O$b+|8PnVE#%qwUQhK7*ESUjo~bOg(DjoHGlZ$f^S(vcd=HuSS2#3qcBb|YsN
z%lMhoY_UNHX`XCRLpE!Bx(1ucwKX+oKo8oha=^m_UVQ`HA{4cJbN9zq?hHYH|JSW^
zr9mhf=9W(zG0gq{;gfCu%NAGZ;MM_FzSE{m$zlJCABX*KWoTMOfi`7uo8kWXAGiN?
zpMU;!km}g{`JYl*F>Pf2hvSoX{spv8CcIU3^b`NRV#>72toZNc6(jcl!|^E@#E*xa
z-ooS@?aBIr9(uZON+)z*<Rq+Rg{(wn8L$%5O3NxsLsPX-WmQ?Is-m26o!yMVM?S(c
zsIBzG5}=1_TM!`IoND=%zu_i`>;=e+7$@zuLnU~5x>zzhNh~Sef=x^Idw44IcbG~7
z_Dj5o>g}0M<rV%GFF`+;N(boL7tjn0VHeN{0&P_iF19S|08;VtI@z5$z+<)rfGh4W
z;!*qpa-<Y~!zAehzlK)}-kGxUA4&=MQ<MTftdiiDtu!$k;E~NrHWESj#-FCizm}y2
ztwj$^387)g=lF|WiopYWhiWZh2H_ijXzDtR3zv@s=>b~{_5dGpniy;9_hiRofv6*X
zkB9xpfN>2^&XV$lUN0={z}jC|EKlUjqCruc4a&EgCLCgAMD%vnK%O`&QFdOpV)=ci
zT7jzUHaq=vbu=i#D?ZVVuGYLX3*^;re?y{bFRGWMSd_hml5wtC|J%dLRePThTosG4
z5yj$~24OY0(xsDKu8T~+H(*sn0e^Iq+Ib4u050O%BZ3Sr%q1eh4&{97)nG<)zRqJW
z<y91Z-Yu^IR-VtFFaL@-7QlKe{bEpy#bG;~Ic;J$%kv1DNHYRkQS;GX_9UP|4eT$w
z-p+=);6WN5OpLdi$(i&wyNCRSjl&DGqAWzYtXvkGV;QQreAU{NP`Nfq3zd~u@?`ec
zE}626BV@R0EG4Tj@zR;zqxgfvq7BDP-Q#JiZCrA2Q~iR4E$o@MHj(U0!BtrE)%xKa
zswjbbt;WqymymCj*V8tyj`U>pjSZNO&N(z9PA3vE)OJZ=v1ngB+-*eAo-~P|r?9=c
z!*L@CR>c(R3>u9_kEjxWEyWIiwgc;$n(cK=36=#zUO{2VKfw|ic?S1zWHkth9S?4d
z=Qr9p3VBeoBT7JaLNX(Crn86X;i9-fZ9Q*bwdN+b9J-NGh1xEofsdVop_-CqXW??}
ztX$%GR>nc>m^?P}#vsp2p)hWDu(-517?kOOoD9(nNXrS{RE0ne)!0~IBEI}XVI$TS
zNmT+=S1Uh;Y>mck10(}MbBU-3ysTgvE^S(*tVal~>s*TvbX7?LkY!qn3S_4Sef0@*
zZ2wTrh+C*^Pa)%XI7^F<y@!I>)SOf0^%GxHSjf3`=!049^|B{M2X%%gD5Q5lk>_}W
zZg`bGURfc`Z($(^*mal5Lo<RwDw1W<;Y{i;iw!NtC-GpgM_4tm8c_F;>@h_zNvcw5
z2V_k?DvF&8#1<6Ao;ApCh1BbOQD<B-4r2El*7EY;aN`XJe`J@WKnV;gTAL0}ENNwY
zfyv{;<YNhmHTPRX#@R-7KgRSPJ$uvgs3rJr==Y?JVGmHXY^n0g9o*)`MF4jyd!pP(
zK#7JAY!{Kje0Kt?3cjzXyRP??!yFM}a@|<imQM$RUbwcD59KzSF9xlct$|{WKW-ps
zuq2}GVYH!*^+|*_wo6c}1E-81iV@m6ZbS%oQkD}lI(?@M^mPG<Vm08dR*aW`Vqxct
zzf3F|(Xhdf%-$;57O^l*jD&zNe{GFRTb3+s0cRTcjm6O2Rl~SJ=$II_)+gZ<a@+t`
zAR3XSqikpRRrV<7W}q!JRO^}Gsk2wGx#jCu=rlKL&Eg9AdY5Yx31m8BiFS6c67D!?
zd1S<e7?9ibt7It-Al;O%1~6vPgU<;!2q%ZheGy5x6CFCX0g4yh@LA1cg9nSRjSVZ}
zF`@)beXm6m#4O+vXj`znvy}uV5@}F!5crZUmbejv38s0LPepp*B-w|krq62;1U9Fg
zY)*?|$L1esFBU;;2>u<i`L7dBt0K-k?Ckmu1+Ei99ArQU$QoE|s^P@QuTzA^iF2EK
z_1Lq_wTVYi7LbfqkdNI!GD7P|8kO024)V3Z$kIHEL<LpL7^+oghfl>AeS)a4R-xDy
z<<ddG{D35CI&?jRk&!GaCmB*KR~wEK%qz{&VMS(fkj)tS;s#g5i%doxM1feDKZ_NG
z(tSfoK*R!)(?v+N<n9np5X3008ob5jT3uG;Fx(ope7N?6L=wx$v+lkrYYxv*BZe^w
z5Z)F{iAqWe-5`9mg!C?=DQ^eIS3M3csA|>qX%2VIf9Hh>b`~{sn?OJ<+ZVPRZFFql
zEe6*u_F;XB6Kf&%ONZPo&|0_RY~`?#r3_gGA~TVRgDEOr2H+VS0#%4G3wwbV;kJ1P
zdyCN3okBN@_!eFaaN$*=iMYhGP>)*jXKs-G&1zv3G{uT`B5bI;5-}yf#h^~THS-Fd
zqc6_eU8qQM>DjOhDvkpj^lVFbMWh!mUl6uYU5sL4aCSl8C$@r)0JjJL1eQ|h;8qNO
zc<@gg=ZFgdyKT@FS^N-<JHPCTFz#F!OfI$9@ood6FW^N62OelMzYK?E++L*Llqi~r
z5L@hH?~7IOYq1hxNrLNJQRt`)E26xp)jwFoeh|mZk~MN1UK_1c1c*SItnf=iNtJLS
zQDKD&0?x}R@v_3sfM)_7$p#WG7rG+9btV)84Bz=ufQf)`_DZ}OBR$-Lc6p>q_S`32
zNO{E5u(g81);-xz!$gR7c%Lp*94!d?C28ncn<IPB25~m!66-fOo;>`NkdfA6EbK>B
zAdc!TX_=t;NaJsnVkKi^gi7YFDmaUM-brD+*0A65Bre38I3yfO7Im{$x;+|PkVqaq
zGOZOYp+A;5#C8AOYd2}@>2R&ryiowRcE!39)S+8z6qXRU5b#PDzLvI#R0wy9fJ?Sp
zzq%rbFU>26C(rggiW^I^$LbQCu1!?zl-wI}5iN^dKZk0{rP@RDQKO`ehc(EG#zTA2
z7N)CR2HJ=wlriwwR6n5J@p_!Pp8>0WP}oAsCboz~3qygBA4PzrQWnHVPV^-h6hq9u
zQEkqfcveybqR)|Y=$EHZMd6flLw&nvg;>DK8p94amn9-_sEN4$Xx{ZJ6Zr%<Q#An*
zd%w=5sp#h@*h)Y))VheursI87{u1p+Gbl;4u)#iWky%w*%Kj9YAhdxM$+N+ChwYN$
zE$z+y8a$M#B!~$!RI(j}pu-94FLX?}-?b7}R!R<)p{xVT&6^aDVUcPOyKP;y9AS3^
zooNfS1z0-+*nn!Omd4fMJ=7O0@%xq^T2;DYMe8L01g|1);CaMULFXtQwPjz3Ba4S3
z>IjOtVPp;}k5V=u?r9O6TOpV}RNP0<<zFcacNaHakX;4nHlmO|ixxZE7W5R_4YAZ;
zh!J30rVjWTuP|GL9i-;8nI$?Zu$MTmv3BWVK#*!`Y;5r|a%lspb?y=i4Z*7zCt6j&
zbci2fDy<n;8X_mY$Guq+QO7F>NTkGnk#6)za2@&v`UQEGsK<e=6+OKELUDFvRc`C1
zIB;^7mnXBm7C1tYjDbQEFh~FZ2hUSlk9b5nEiP503@;v+2xB47;Dni`IDlv^w;D7Y
z2+-%y)+;!IK;8<Yh8YQ`qC%z=P7>T@GRR-FaWsH7@GZj}oF{BU?m277R2(v|Ej@=p
z%b9~P)F_W4<q}`Tb43uN{KB_5hSfNf@Oup(Ww$7ajy9;cNnXJ+DU_rcXn;vjdbU{D
zro7pZKwX5aH>Gzh$D!$iV!-!Z7&-H0B+IGRR<BVA7arRD<q!w~1}wgDBWS{eRNg7_
zNL&VVrOkJvRWG#4eRfDr<eF$ys_JZmuZ&uooa3yqLj(R2)J9l|a^5J=mR{a5+5B;h
zKdM_+8U(_o=!OTet8ylt@!DuwtS$zym2Bk2<e?VVp2n~0^8=c9zHK8&4|U<^?6ujO
zWmi~S6f6#CA!&K$81rg=dC1Nv6#1?>aB7?lcXkW9ik*?VX#fr4BV+YLz6INK$2MMW
zuR<uUheSx<*bcV}q6uRD?AF7aC~#M9TGm<jiEKtPE2UE)f`SgJ5>bLk7dKRklpR@)
zMQURli~uONR;4X&QCu#(MM1_a23sfFI7R1-$<+a6u$~kb`&)-(zEoW<O$m;D4$E&B
z^0OIJMOsuI(UV8`w1CSbEgHQ3Ippw;Ia29=j_G96)uJf2#Y+y53rpEjj3@+>R8U?p
z7G*;KCOy_n%e%!8smM&tYl|LdGtRIhXIL8b_CAzsB5<KpF!NZgWQb-78ZBEyp@Ht?
zfDN)7OR<k@$27RfslX0rqX+&UJUa<8E$|7kMATI#cKOih*laFaz7ES$tV5WJb#PO$
z4m&xvS#nrDUmZ@XFlpjZA4i}EEVN46fN6(`5{t<k3`{@3;i_Y(OoXl5D2LZnBM1&?
z*|7C5=3ZGAmLcCT&mQM9w|Md__q(B*JB8w!%Aw5(XWVXSW#h|iOqoPMa$|(sxF@MH
z42hKiVZKtW$=3m!n<9-*Vx>dcN!je<A;y{BW%p3Im>`#|V&ya5Glj@BfYe9;`Dt<c
zz{G7<Vs`uRtQqtr&-iKE*wc6l1Vk;|k*4OkamUVCNa>x1$<hz92HD07+oB|I(c<R5
zxSG!~z>Ja3vRxg_m0oL`e7ChKFHvwZ7_2+{WHm7q&`LsNu<3ZW+-UXXU3_?_8{pc5
zv|snqvy2_SDQiy+w!L*r&py6Gz498>na5GAg#`is3*HSHRAO5kD5|g)NH6ex=ojiv
zXVGR&UAoRLDl6Ci%6;KB=_YV*q#!Id$q(JF;uIuAL57=`Y+?UCx`p{XZ$bWN4<hAp
zvNo>n?2aSU&D9u+<~LU}>yk>cCi_V7XD;W$njztaxI9vkPz}-60+2DBK}D`c7b153
z&k}!l0jMA#jTimyX_737us5QTMQA!D=#MX*>f@Jiu$R*WTnwfJTo0DhVj$$s_k%&R
z0}q1-zym2e_lK{I>0wkTs)(6|b~AmD0ecf>kP|(Wta_m-F{7P+aGVGFLHHT$>l(}B
zo-Op1x`2aV&0P=_(3xyuSa=ciC7`XbR2%5vE%i+<Di}zhXil(j_LHwe*MU(KDU{ex
zBZ310*sD+`yGVgikX3hDRcEu!?iC>WUPvU!ECfSpBawcr!wmA+NbtayYo0J&7ba2E
z9!i^lG(wXke{Yoodyf(kj|$1`3U|pwy4Edj*@}wAZ(AM-Ge^z1!~NDG$|Pak2r{RR
zBpbLy%IL%kq#Vxv$3l#x7zlP`@xGu&m({?97V<DotQ_yc1#^=9bz}d)CqMp^+|XN9
zM}GXLvhwl@C;r#8%CgE4{HNjglt{>?h#G=aI_nW&lUxS~*ffKnA4BD(p$aWjQ57n$
zs+exWYr-39w}84xphSiOLE?dd`xm5JUWoSu=aN%`$B3D=FH1_6FZb~CBAcDGwkkX0
zDG@mq$ih)d1{S`pt=O`;=nU!TFWCMgVd1e4O^@TG5-|}y_TPXI#J?hq@Rp{#lcioi
zNj!9p$E{K<DQ~yLW_k~(?l|#45p-PFqo!z!xL$Ca>^40P=Soy^Yt~JOyR_nao*4%Q
z%$gjTZ8vnuMrT(6kVjno;OIGNyR2c)zGgZya01PlF2-3X(T2saTDIA&ZvIR#Bq9wr
z%)^M~GLdDlhlS7M%Lhzq(TP+>%u=E!7Hd}E%j^lm(^~})h7h1ua35P-1g;BH3WxH@
ztQSqB=(Vt&%8`dHd$tuzIC`431>^!qCfnFcews5bXgOPMrC!j*cuO;8suYu{Bs|SH
zQ7{}@BT&gClOtH40c|W<Ju1>=BbJK^whRYaX|b`C(u9r>xA^^ny$J@rrE_3s&P3t1
z^;#Z{{%^$D_`mS!=lsX0vs=pm^mG1CEvua7JpZSbO&K}=hvPGd7gLhf(UQ?9-f^GD
z75~v%R>)6G8)p2+T&RvJ+8Lu%1VP8eCLG*QA|9eLwmJv)p&b{|kf1-V(1f}f34`r<
zCQje16HS^M^AwK9B7;B_;-LHlDBuo(70_J32P8z|=0Kr15D<eRQnlZcE#V@|aqu;O
zF(PXkGU)@0oTJe#9*;`#+pB;MI_zO*YDH!>`Y+o{L-s{U?*-#MDI0UPi7X|3<o=8z
zlK^k0DVml@bAzE2ekV*C*(&a$Prc^MTG$Fu6Q=ZDzem^)@~b$ducnm2pysUxdqlnl
zd=yWCrRHscwZgx#W~^RAP2-P(`l_TMeZVoKhy<lT{6X*dqMCqK6fG%gFDW`$D_U4p
zw79CMSzE9eLPR-AAs|NCKK_L@O-vtSrzs^!ORaw8%>ie+QWa^e`^ghcAa=f$iyriw
z&(uLYqU56okdH43%EcGNpi&f}GY^Ypl0dgbs4id`L6BjDXdYy;ViZVkA~m1|#HY!a
z+_@X$sY!nj#!teXt=R=%qd(I(YFGbgeKr)P>`Y=|IuO6aW7T2Aren>$>o}a6eFSi)
zx@Yl!L#HxME~Sg>T58x8qSHQ$jtK-Wu>Y#*!#h{bDa7-H>tKAvv%2*(TiEGzvII`t
zo@#Y!g{^0`mr?WC#R1J`l#Nk(@=X0u&AnS7?CinYtVzlXauzntM8rU=7sXhLGTY3=
zXw3bNlf=xnImTdMwT+GY*ViEg5gvqAYVS-uaKr;Rf@a!N0Q2JGKf%z<oHUdD5B7pH
zy?z2r;9$%YH`io0IE)`FE|_V6K(?x~jyiC0z{-R_gx1!^r&jTYkX7@N6bjDAj2*Co
z_Yp_t(5!}eI{2NN3I$+Sf3^t-z*U430vh36wQ7}jEBEmhZOJG$QS3-%E9Pb)ocu$z
z7V==UQ(g%6MJel>BB~zw48bSw{Xdr6YS}-0^56eMWtEjv9rypKQ>K=W-2aE;GuR|k
zGBsL@-kpRf;tKFbBIO<sg4P+z0z&0qOE3sWxCD0KcIfe*0BS4f9v=V-2@kV_E96Tp
zZk`woAxnw?*8bJ55fk!B6xerR>z0T|AeAtX5#bT!b0t`UVxpwPS&$d`U@+(({1a3)
zQi>)t8(O>wy1+OE)*56Ty(lz~MD!$Q!x9)vGnwM5j1EJOvGsD;grl@su+pqov$dlp
z6w6VO0UNmb!sEbmNE&(sPhwJhMTPk=wU4UyfsZIZt^M|xajM5XKjhVChQR!hXE=wt
zgqR={DVFO4vdinp%1dU>?l~1F=xVJb<mv(KVuTM?1bKR{bX;j+mRtw1Faw%FW>}{5
zUl9+1;b3hdpBOakBC(F(=1fg^3ij$8oeZ!@4=XwXKzvfbZDrDA65ksJODc-V-L3;$
zh}VZyB1RQ=@@l=l<ttXKh_5Ja1^i3ziWNm6FRA`n0yAx-LHAO;B2^5GT=9zH$;Ip|
z#dS|>hgsXV7!1`J^TQTTB+WQIM=dK-RC-FW$QJ@Ct;qBh7n#NWnHn%rw8q)i9V#BR
zB^8dFF=0EM7DSirH!;I*%N0#WM9$o+Mx=<!f(Ehi7HyDS5J0NR4i>Ji>iADM3a%1I
z6-~eh7jxLz!QK{yv^lfU9o3e0*7%~5qLK*{AjgCW@O`$GOXk6qXwO$v1X+rT+>%Q>
z7H-qSC8+5z(%=x?lISPfN13=Xkhr<nCO*t8_7t+c2X1kUM3IFbcl$}Q-IE0Bonl7|
zcmS~<JR%WZk*Ixhd_}#J{L8f!>DEcU>N$RF?i^??*6b&6QV?Dmq>R(rQ+jwM?K)vo
z=|i|lwoIW=%m=}O*tX@_sSR8xiw>dI1617e`GGx#V0&!SvxPSk5jQxRoWVDeAwy(~
zgP_p89W(&g1c8;xn!<(wsYo>^BRI&`2`~r2Q*Fhmd$P!6cTZ(Q!g%@#EtOS)WwBM)
z9mc`QT@Gw&C94IrS}10}BdJYhH!6CXbCmrS<)FjbheFt)y2o1n8R{L>fj4eHhw{45
zN|ysXJOnV1blR|qjAU>nI3}z^zhh_|U0V>V9?mDg+!J?g#n6D`M6=U|8@^No50d67
z>JUV<xrqeWk%8hL74&fHcPkMIm1QT8K`c1i7^pF%!0FV+q71$dr9BoERA$7;&Lt9#
zbb)M%b4u__`ezSr_3~iC5IN#p!m##X8{jyO`8>ciZD?$fn6+sMma5v$VA`c7$z-tc
zup)WkHbE+9kg^c9lmiliOH0CRoB6Ixd}aR<97u)4f#P?eWnnUtVyv2IiqpGPmSgoy
zv;aG&#$JIrlfjMyR-61;z^6D6%PAq5U)Ui}JBZ}V^cJ53mb}*4OJSAmRoO9Axsg5l
zC!kgMsaRX><n|=$9iknsEUb7`EEvZsgNWmHs6nvpQ3jhE<(rPhC_wK4yF&G<fD+N9
zM@ZpfeY^t2OnHl72%H#7q7!OiaP4%61(j+sQh6qxbIVw(Dhtsp0Ob&ejF1{>2?6T{
z#o!8hkPGv`OhxiT9sp{DHI;HWIEAq6du<R3*1kxwL%ew3;$ScfLAwp^-N-SpVdMNs
z8{ORbRb4^{7Mkh<F&en8u|nVf@8ZwA@;^jg*?I|Je)(T{dHJ*~`=3x{Xhi-u9G}4^
z&K&a6jv!60ztXBvPa@z8a7Kx4)vpsRUy%;U>;whOHZg`W!5CIXocM8|ZJJiY$TT~7
zk$f6v6-!kp?0YEIDtq9-`D5G;dzb|)#GVOUp>Pt=gxVr81K@qyS^kxXw4MlZz#d4O
zg)fu?SP0TOkcD{pr1ADf6#Qb;*(FSP&1jJmb4V>pf)2SCMz3=eCjp6|K=<&9@||lW
zM|#UqiD+Q)(Hd9zuAn1dkA&A@?gdlKZsbPH+n*trL(D5e=q4zhixt9_;+ba4h5N}M
zV%&BoIgA)vUi^m$&8w&5*}`4^G+VUmYNY0f<QvoD12<dC5x+Mk<MVbKaRjSMcLmv3
z{?JI1FTb>7lOrDFud?DS+b00+w^jZISZoFFsT(*PkfW4B2TE}JlG`Db+YW&tfYOj<
znZ{xM<zvqKaxh<5y}*EAaHC=<wisg^DFr$}(y>fdU>1Zt&Ld&SXGbShn_|le3>E<U
zTSQL`B;@34L*xdgi7|)?q@?%`Jx3uWaeZP$#8?2Jdra?0+slYcP<jHX@6*%LAy_uv
zL9{SCGKxsuicL)=Trg*L39%`x9_@5e6vH2*J8equ<{Yp(>~h`M+m1Avo=5c<L{O7)
zkU9C5LoH?=9X{}-WGk~Q81c05TlfkVf~9leps$KbnKdwUQKI6xz$D5te163MqAj4T
zRSEH<j(b4!iX=s7Krz9q7({5^k`iw)C=0Rq&2z+7?#AG_WzcEC0XW?@6slTW`hqe<
zk=xf5O+jj_PvT8A*&0wlVxEfe>%QfO7DbB8s@BQ=sv>hT`?(^{z843qAV}Ejo^XsT
z5(N~WKr$kDW_ZJES`JU(-pR6%RiZLJJdNE!nqPC25x{F1U?k-n2#x1<fS9CYXvDmO
zOisB$tqw>G5A+Fzk@*NlDzJH$IN*{*P*Y$Jf*R(m$2+~GQv{L&7jdv^O=#VK0DuiQ
z6?h>(7@>(Kb5yHrw{VCz#4^e$me;Df#)Y7(Taj83hyT5>vu4#c&7QSr{%rBDL`9+*
z=ZKI}->0cT$=RIxm4y6TFvy;30#4Z?0X|keiclqd8mk`JH#y7F(K5#x6~bf`Rf}Q8
zC_+|NjL?;ZwL-K&tOdNm`w;d#VInM%yzTpmIDl;sqi<4aC+FOSGGLh$@XW{CY;7l{
zkT%v27$&~#C8MV#@wUp0;dI*Cg=`?51xce}RCqYvvW*HhU$9xtYPLPAy+C=q>Mn)y
z(RPasD=P)7TMmD%t;j!oM@j>2ZaPiq0Qpb#px1`g>Rl0EY*1pC&hwE`Y_3JDBWPQY
zq#g8K%$6%%Pz4`htvIE3W@6z~F`s*sP0%@zZ}-STtnDN0+^h{D$aW0ia{10usCnLf
zBTAzv+PU_OT7!M_s1|j042=O!&5HQaxJ1=ZX%R-Y&xWONA6=LU+t50g8=t~b`CSGa
zUej9}R3|8N<nfoyE>R9arRgyqcS63!o(N$n=g7GeC2?cKVepYu*&Cl^xBS*{@?dN^
z8WhAihY)NyXtdJh3W4G{Q&Tnw%SNgg%@{vab?c4Mq0~1SlFYVozCzPy<LB%>&O%{X
z%o$xAH;Q>w6xCMpphx<uh^|M$_O;8JW<*aQR2H@NQo46)s-Tf;-r!M{h@(k;Q3uZ6
zDGRE9K>GyCHg$ca1}+9^)~GVSwS8!z$O>|T(QMt0${HS9{606xq(nC;A$T+ozP*ZZ
zuNP}Mb`cR2+(hJVt40WvSj3ugLY0(Ad9|{?D6>3=1f5#Vw~nS%kY(|$SyJ<AtM(kp
z_-#ynUE|?O++-hs4jJ6*h#&JD7e&MUk4GH)(}R~Rx~I#t7c}uu2U{U<P=cb{?Wna*
zP|n9KXQ^9>j}hk|9YeOmhzPDSS3+Rs#(MH3PM%YNP^62ayhfs_Q6$lwV~GWjd4yEi
z(a+S&Yk)g3rSuLxrN<-O4I-_g$FoAvz>AeFI893fioo(wVeB^_Vx^&nJFP@+!X#U2
zbvR6h%++MojS~Z`EfgYyd7*y5a>5`vh_-w=WNdB4pvGOg%BktZzUfhHufQ3|%|VD}
z*LO&c&!B4p+(r12<uihMFd&XFsHYg23!@#Bm%U*go|0OQ{9x`1{n@7!pd%7!lqUSh
ztzOA96wt?j?xl4!tT56+tv*f`QvlTr5;-<7IGAi?y292)1!W)nwqoYq##p&;rQXN8
z?YCos6C*5N<0$xpT4U0-_e>fD)I7<_r=EyF&oCCynQ+WZWX-g}(c`f@VaX-q^;lgg
zrZRC>6+AAeefk2*u-HaHUiRc5yIqnNBk&T^W}=FOs@^Z(p<<RJVMjqtp(^bOxN#ly
zDj(k=+p?v62Q}X0!4dNa-;jD_lNQ!aMOsDQJ%y_DNjA|5E~fqxvMl_;@>|joMTX*o
zp>~>1sTxeY%hObHr!v!GeJlxu^RDYtOr}ICyWLbF3MQ?S*+Ug~@?j(YPeBDt3#nET
zNuqDKi_~CL)H3U=<wv0Hc4%D=?UmYTf-H=4_JV1Z@l=6Jv$$OKs8<eDItFa<vI@mX
zE}4aa^9q(3mnbCbqU00o9CeP1yd8r_1OW-y^5wAST3adl1X?Fj9!!bRNCKMTJC@BP
z)ywenSdGw5DIPxXn3Pqx4}@3~bxbzdsPd_{JjcAXHocCN0XQ`{dGiW2j+Gl%xywi4
z^@+NN;|^UK<hC>K(xoUXw~)@-GD~T;l98%LF)TFPQry{sr`oo>np?>#g0JEVVmsDe
zf|CY=Ni~{3n+n)H{6uww^O-tbXnBV>1DTwj2wAgGVAvs0<oyWg*(`P;vl-a{Wv1&0
z-^@VS;Fyqk0$TZ@p$b1Rsqh8J`Sj3?a&cSXWYYRxqS+91;ffolWlX06wqB?lmD$TW
z9YjynXY#7zNN9E0cBCld<11cKrb>eR)F3O|yi?hkH33%Z<$~g^wnIu<@2yLlc<j8D
zX5m%ZQVn5Xv?VBl1X6)ZpGUK?m|Nm&BauW(#4P}3P+TdHDe-c~Mu3WPDX^+ku&Wz<
zP4jEPdeJYW(ltt0bi*_=z&sHXBw|LpUJ>}dW;@t7kh)20EUxW%Hd1bJo5&7KJwz7c
zmfGG)0T50WryqGTG#JJc1FX2|6gdpu6f03L=sj#Im8K|1Z2yC(@^E|&3bn7D01-X+
z1EW)B@phPHw&vUpz>$H4#4^2IYeqL;#{I^OmAY16-|W}8`kDwfsL`_8#q|P=qb<zE
zi}lM#3ghP%+f~zE4G4AipKGlQfvv_Clvo=)2?as2I$cUq9ocgd^Y~S!RE-+l&$d!`
zm4v^fXPg*i(II4!l_Y5e%H8K(8W$U5u^u(TS_^Dfzh;Z~$i0?j5#T{vRMOkqTT}vL
zS5%S#F&nTbQLmIMxkYXw8gETOK(iJy(d(QQ+BxzfWXY|{vhFLn%henOrx`0<x~e<o
z#U-0B5k?QT>XewxvaW#U?4aK%d0rYfGf8$yN!tdzN@F(_rAGfZ3qte1`jglG&obQD
zDkH%D@IR-OSJ>_U%F99(Blus#@)^|gnJan_1BJ*rv5dkNJJJ<KNn8#$VB2y-Td^r$
zi!(5}F*+=$RJ*C%c2c^FVTomMHUti~wbF{+VZojn@I*+r)p%0zR8R_`gI7jl$#QCN
zh7gxlIaWO+P>u_~FLohRJvs()NUZyzxWuuR`&B4x;15U(n-w3NHJr3R@)pOQ$eCwf
zAO)QMGCr3EhnG_nRS3^jL=&nNj@=jn`iK17rOn9p%M;f}y_fhjpGb>{WbA2nj%cC~
zE|pwl+m6u(O!Q*o2y^kM)p72lE8A2;U7Sp9k}5`wU{I}Qg?Q7Hm$d@BK{-o!PU0b8
zka!NiHcN~ju@3N#<+VM>tc7x@sA6@bq|gf4VZ@z@g#lfkJ69gYYbypG5XJ|sbtyyc
zUWa7Isquw0-uCXYXZVs2Gyey?_(Tsqwn`{HB|~4o>`HwGa{hjHxhEIP+)ec9%CLzF
z{oq@uC?HvRgrB#iJW<~BpD}PGAsf>3f6BDbw5;>LvSQ@?ACAwU5?=&QO9`PW5B^+&
zf!}%)sg)*S*r8OMLMDh{u93coh@c=ISzZANG?vS-#mFsvO(UwypszL#!nR<)7Hm=B
z!A+*$!UCM`o-R*qmfKFlY{8BsQZ5i5{HbaMZb?anm>sOy2A$=QQ!LeqDi^^Xa91^e
zebG$_5zJ-j63tw}yaK(J<RnC3VOu!3>_BjE169513>46Zxnzjo$1GqBcGUZAp(ay$
z?%XMM+h669c@Rg?A;-o6jApu%nvZ=Y2lar4Ol2}<`LvmOvMmm%GRc6}hUjX66&S>o
z{$t-!9N|NE|9BK{>psM&#Xb<%K$x{&?@THVOVQXb`s$SyWKc+wl>9g*%3GW;pLex|
zf&h@<EKM+Ia5N7<a0g{>%rNnUUa9w)A~AeNYmj#CS`8M80b!0#Ke&}O{Lmz}0vS4>
z6%^19&^Zgs4IDT>v0fq>{fmD1q5zG@nqpZ6wt*VnSMnKBZ~<)%3Wp7zOX#uS-STwn
za`rFSd=N&yA_5oI|M5QAnAzGCIk@-&M^{V)`&Z0^W*h1@9!y1&Huf@&sP?#e*~qaM
z5kAPQcv-aUd0R)I%?z~lND74GMMKcm;lp=)fl!r6?%AvKgjK_`<A~5)SwR6c88Zr%
zqe|Pt8KARi);hFrmNSPcIW&vNnm=xZ#Qw4G1V6D<9T46ef3Q}F!AFzbLTrc<tAN4~
z!ii!Hwj5E3JY#FGz6yZ&jkKe=%0gqc@`kD-?HD$(N0xi7R`cb<-ymMU-|8;wKXxWh
zpWEWXFE#gC5PM49aOsqoH~w}xj1hT>r&D5~P&LwAt;nQQL?E!AXzk2n2s>JiNe9$)
zPWr;mCgJ+wp6lV<ZK7lYYZRs3$^qq+h{h8RTpLmF(+X(|h(#invzmrSZp-RR(GfX1
zLZoI(7l+%jOzD0b?Ox-xa7MDubFwFfH&Wj(ug5((PbWcKSsKz!x{_AsC>+7M-y?*;
zG854kM<(Gp=gUsd7tz2okh(|8sjc(Zt$&>0yER>{!ar0RMj1gxEYNC;V*uAiyaifM
zHk<$N=l(|w+mOb82vt^2smO}|P%#q!X;?mkx>%8z5K<pEr;&o*NDT0xNHj{^I9en*
z0tC6;=;RW_`&@ZQUg*jywX({pim6rX*-&5TVjW~KM*hO=m)DA#AU9@Kz$pGImqW3*
z54J5J=t#0A2jjK=eTxU4w_oRAI|$`KU4ktTO6Seg=9Ap!z?&3)njpx7OKmp~h#{V^
zukcW~&n8%fsc@YCHFb<gMgGR{3ctadM7Qk+Bot#V&G7;dPl+X4X~jZRU&hcvCPiN`
zQMM>w!~h!tLB2$5!icR_SV<B3DV0d1dE6&pc*W3n>k00;uT9dXmVq3YeeE{l&?)H;
z(4|LKnwkL@U8BR$Q^h7<53b>qA$6Mpn%by^Qs$GoUxN+2_t2u~<O%FvDWs2fi*`Z-
z3oBN_?P0jvgPE_J7=TqK2#087B%D?#f-9h<DN#XrEpEM$#*en%D6Cj%5k{h62f7$y
zw!5PKp|KXS5XCol6b7*!S>WM@YA<J-e!qykYPnbO=W4KQJ)B~>Ox2Nqn|X^Nb)A?v
zciQsXaD|9s_(V<!7Um_8AMS$HC4F-^m=Kxg30^3rIJAk`ru(VWOGc{BK=^NM4%?b*
z$a>}M2g{73Wi2kCL7H!d_zclfvNzv!EF4EShId^-gDl5KBTBjvF-mBWOoW6@E=6dx
z+!B+lSE%t)bKwFlBpoKgkva22R&hZ17}X{!Wle#&AMxQZhR7HY1I%*Q9OsO%A!plz
zi#F{@gNTSYe~1;Lrk*yUvU)OZ<(D<Qx#4g3`0IQc=q@;fwv>win2t=l&`)P8&I$!B
zO-uxq3*np$6h48642UO@p|a(zcf1UcUyAUYM+XVCw(MplL+rvKnlW-~%}bmeNPvP9
z%%awI96y`8JLb)zn7$#q(ZYcd215ay5Avtp>{+HnSVFFuCO8w5RTUkwEd_YgNNG60
zKtI!@!sfNvaq}=G<Ewfnd;NryM-HuC5zow1Xk9gY<jkk|_WCuE1HO|*wt}@cB(vCr
zjDe|99FeFDoI6yb9if=s%E`i56HNtRjwe8gkCzG`m(B@h1Y`3Gp2Dx9EyEoE=0#ow
za<Cp4))dmBDGU1&B>2{9;Swkm2s|CUmaA5qEP3@=*i32FAk_`5Gvqwuw~P%eF+7(v
zitY$eBg@1)BiJ<e#t+$6c02KSPi<O30c+1_stM5Q1WW>`KNuX>Mgs=1h3e_YYY_9`
zORJ|}+V3WOwC-2wVID&zOnqlG++WnSL_`unq!6O~L!y@uy-h?!LJ-kA5kws&3<i@Z
z(MgD2MxxizyBQ@+^xn(pqYs7|OnW@fTJKu#hu^xNexL5S_nfou*?XVB{xpZ)X*Tiw
za|`d#FBK8{h4uBq`}?D?AK|#Cm0V{XH)fB=9tfE-<z(?3iZQ@GE%v*kY^qheVy@4{
z^nOOI7JVRYy-KTG5w_HQ|DkzA&+L90+<=R*jhExG&EE;lTXkxVR}kjZp<JNPp`AAB
z9nWEE!`)5&kxc_vLKjLin~(cCzg=mq+Y*S4EB-OwENM6Rgbk2u`5_{s!{K>OQgp?f
zn@aGlf6497H9fzoB-29Z$K5A}ot=wJ%xRtI@1`_XwYMAkPk=k#8}mzcrUrLJ#MV@{
zjG7JYFmZmjz`Qx^?xn7JRPdL=Q9^p6TD0b;0l)r|f38g;F=~ZDMT0fGa#2o{`IdG?
zQnW}vjf#T_r=#ySF4^PmjCb!y#DjP2NmNvi+j(U{=W;YU$=Gw+w&dUc32um*?@jpC
zyG08`S3k|vI5{Vd1S)af<Qt5M@v@2iR#@p;^~QPJ@Vxii_s07hA0F!nc!oL<9dv?4
z)an<%D*yM_1nTq9t@xwiwO<t{EJAvDyzBX$CilL)>#@_ab*8^*u5e<xGQ^Qo^f&I)
z%QRQ5Say1+kk-40pWRe_`5$Y|E@<69pt41+EUGe}hIHSmKq=#o68XZr8_;jIn2u>5
z(C_UUPTub2gOPP)1?WA9_$bGX*&|e8>=xzw+Vdi_gwgPP$6Jv$X~51wnnlz@%m=o~
zZMp^OWNDFv9~?gU(CUNt+cG3)@zp1GrqU5&>Z*gJDNmlq3epTL$R-U=3#ENdbqnh|
zjNiUHX2*SQiMeObW7Vm2*X}=Yy=f_TAyHVW_$1)fFVpXh=w}wZORWzKc;MCp*iVfz
zIg$E9Pt?@le+<-0{~JpAqJ}x{pZWOf3Q;FujHyBBPWleZ*w0KFo=mnheN*m0oYUtx
z6KBCE70ZVM-Bb?2@oG`8c^o9ZM(s_S_O?y0c5n~ftU7U1Q?uKk^~;xMZA~;e4sxIs
zG2~-J4ooDP_dH1GqY3|e$?p^Nk6spSvify5lSk;?A=w`q8r54}$ossE`Uv)>_5)v4
z`^Uozk&gSJ-gbTMPsh&KQYG~28d!L9KL_8etob^uzqJOk@g&-yE*@%5mowHM)m%kA
z?l6@!s%3smV-348r)fzj=bL08Y7~m6CrQG(VdZ}(`IBlme<S2)S68N`7H-Lg%bEOk
zqW)dqzLO@&o!m(kr8>!U{kaW!B%)?LhPJyq)b0Wac766pHNw7w;jy2xdo56lYV3;f
zHR1cmCJkXxPvW4ul8u=~c2u>}h!c<YTd!Wewto@dYzvor-|p!u?ezV@M5P6K`Hl*n
zqjz-o?ls-;{p1;&5ZPZodAANw@st~t&mQ~d6$Ukg2|Rncu6@&(?{gi&t8t;|Rie?&
z6F+Y5^Rbk-<Vdd@ksW^~JD+8Mv33|8Rxgg*`qcGz_9WPr-bbY;<=!=L7jK(?nXqv-
z?;GYIq>`Oq`(&i*+TVfNuQrj~WhSZ52CW^FS3lUW5bkRfba~vC?_}`?IKMS&Uk%G|
ztjojBRT>|qUyE1N7y9`<uBTVs`HqUHKm@Hy|L@d~26KE>de@fN<Jo@XOtg=J_*hdI
z5u5)_<iFSRd%B$eDL8T6O>-opvd^V5L;nGCVZC?-YCWRBM72})6q&7WrX%}OaWZTf
z$dBH(wkxQMOb=^xoGraV_w)8IFYlS@K<tHmKsAQ)pA2p9(emWzFbSY9EwbK7(Ghrb
zL}AY!R{pZaoESH~e``gORggZZ3U(=BQ!422dGFGqsqn-%rPUkEEK=^6VT95zPqH7-
z7dSZkApK6D?Y`mIFYABQt+8(;JCKNrbJKgkS<2vKI=Am?ip|7hew}-fN#EV%x%5ta
z2cNp7CDZl4>fcx|YcfMPAG{RTakcFtUeLH=cUdM4yheBe4vt<7%)1L4ZU{U%)xY^j
z3@Y_-FEfT;$C`>bbgioKa(ZY6TEdekm1!(>_@KY;$TafcUvH2}`KfdH+`B(}WgHq9
z_F@;cflm{YYbqw7$s6ZH%35LunHC&-wmdP)ND?be-8rG8O4L;cgpwJNNEM3B*wO8x
zb@dl&j-R6pIZFhghEjITJzEeBOsMfQh6}D@(~c<yo-?8Q)d&Aw2wfW;R+E&o)BWr~
z3W&LB4tgKx6`jTG@jQr6i{=pYdeGNEh}Yv~F)!P1^Bq1gMRO0XQc8_Gs}<1mJcj&^
z(m<18H)8iFHs^cK;kAnq&kJH*6|C7c<b_RtykX5U-F?TjozsFm(jXpFndPWA-%W3L
zI*9}>evv!S{3Hp_nxzk5TGO2oVJPLE;ICi)biN0E<g9sWb3AD?rT5IbSUHBI61jbi
zeDaKuQRr6|NaHhA)9;l->UW>2QK}VPXN~Xf^wu8T_-;*4=gof2m%pz1ga3x6<YBM}
z6VK*`ma1iw>8AVP(4O+Z_42<tqxQG6rWH%9;^sBPRi@m3O{WWu7JPptc0E?~;JSi<
zvU<0rc#a`#<m=5J)6}L3U%n`c_Y4+1Grsdpm?1H1EP0|<_yp|n32{)Tbi7ST)S`5J
z84%_ekiYm%IrJEz^a&*C(bWos%tn|)DIOP4XELqctqCp)Ab-H`a&ScKQ3r)RIX;6(
zt1Ba<srq}YdfW7~lR<Y(iGUA_vyP@zI`S$k&cmYC`p5G)&f#y9Wii#24p6@sXJl?f
zTjsJ^HRUQ~JCr%Tu&KB{t-9eG2~;Vx$e|Z>6<I;l7-KZR*+PD-v(Q#@O~^0nfVlhI
znD#Pci{yV{tdqnJShD$F-0$F$-Px~Z8})r${LPTCAv=3FV9~2l3TjROq;JKBRIN<S
z1$7icNmd=WmT_{ai_`2sGFKeq8b##wUAL>g_flTard6gzlufXTISV9&s!@Oaiu4Zn
zZUj8ay|q@Dvla>)xcZDP#{t~)<c`lzLuSLE&qV{nk0%9Kx2B387Bj^@`LI{WG#wI{
zmsTsKa(eh{@@F;D({FRv6zlzT;LBI_L(TW=+_hbs^`xj$W~AsyfFi32-YlnD;{#jy
zf57CTPyVcVah2b$G#Fqm73X7HHY?|U)K}))y%oq!m8h%$C^YNh9-7v?_&&rTah1El
z`~7z&kx#kFu~+{f=N6*5#|&;qSD(jvltzhOrGBmOSt`i2;^(`97+<zQAD8a{?Af*V
z?5YyIqA!z5W1Jq26ur_-mKwWhuK1DOJ)A*3l^ITTk@5M1;e5H2FBf$g1Hx<Zp}j<A
z+*gg66tAGwyVN1En&!!Tds{Z5eG7aYQ3mZPH3GMX#9I}p6tC6FhO;oI8>CuMP0G0D
zUS+d$|GJhWCNpxTHZz|0Z#aUGZDW={9I@4=!b|n%+n8myxT%J1)dOvWRIU5_*Q#%I
zn(b!qz@6VIeb0EUm1=kNGHW=GYC|k@$DGsY^su7ixu7_5tp96`+k-OcH_hx3(X%^h
zAu$_v<&^_>?cZD3<(>C6Jd=KBX(DHOtaIdB6qHd+1HRVy&|>?Gglu6+?XMQ)$oH5-
zXx-fh?GL`#q0<8U8AV*P_V7v9`OZ1~6jp~6Gw&ZM-eFnF6=rsl7EUcwnqy+TP7iP2
z-@VvXj(x4%Me6OQY#(KJSd$LNp=3lrx*p|uU76=KinFouSUxSaq$Y@SrG}?<l}hiu
z@5$kf++@U)SFjH}M~8<cMQS&^RIN1|sQUZ3PJ9!VC7vu@JC!vpO6Xe@`xhXQ$S|Wg
z=j#-Zy)nnze%v|AFY%1o%6je23)7~6CI>^$dWYoMLADMuz4PATZV_(o5?7zSBj;e~
z=qr7VZC!Nc$F=KM=+%szmuMb7m~(Dvucj^S+TXg#YKQV(=55QeSdyAcry4fY#2cj<
zG%Z&<NX!OEiwy?an_`j$6sqrvysVU}t4$p}c=vbZ{-?X$ttwhRIaJvRH%0hMj6dX=
ztCrp9x%!2@rhD$M8xNaSo`aL8F{`so%fHZX!ae?%uYE<qS*4N{{X(WBqFIrFJT~g4
zQ2y*kuWtkM({0{l#M$~EN(|4t(}(_I8QAiQTm%6@M}kV*?c5+;0#;>m?knMXR5n1?
z(;m(7KG_y!k2~tP1)k5)V5N@FYAz4%T>EvGorx}Z(!e3=1}$V_5lI$A++(tBK29VJ
zSCs7#K7+3XdH$w;^<g(IKY?gsJi#1&42#r$U)nK!uyy|o{f62qRbt)h$<N!W(Gk{1
z&%>i-j3Iv?7=5{4)w@q(`-6+%5lx7A`k{3x@J9Kqv3<R0E}}daAT=^0l;=+K1{IxJ
zWiCCG&i&O5dI?t1s}II#!%Ix#hRvi1Bx%;TG8dlz((}e0!`I{w=`?;=NC!V1sr>U}
z8pGccQStH8!9e^It1BH9UmLZU_Q~S>^-jiscHIqh<-LbPW@q6RDh|UMkG4~lGYD$#
z9wHuhgGC1g^CfFE#KV!#OO=@R$LAEP5+^-Ja{j#sJgvGW4A35Ri7yz`D74R&Iu>r9
zNTxY%N(;=%4)%Jk6E*j$TFmZ?Pd+v;%|T5$Tu}43_FOd4N5|vv-(x!|r;j%O<{8SI
zohpDXhpXbPY*TtN3hJ5#*Hq7%>phMV(vt-q2OwU%m_3@27h`p)Fll-Jr9HjpVXj=<
zkh)sUH@`Fkefr{Pd$2>7(aqN#1(H2+7()PfQU^}9ineKgIA1OIBh1bkKjB-~kT40A
zGOqM(vc4tSenq6%$Jov7W#7tLwDv`RVmYUp50A_@v0~ZJm7k6br4snLsaD2wQW+oj
zeZ4#5CG_O0#iy$<>hvE5ofN}ojQ+bUUiQ0J;U3zl^>X)mq<QB%EUN;pKeNb`F_f5=
z7L{u(4(jM+9uS?W8Wgp+wD5A(BPB48GUWef=hV$+9sk+38d%xAa&t5aM%W@!RuiKs
zx&LvlNc&JFGgeU`McihW2ifx#MM0R$h{PCtwn}uqS+2<R_fcBKw|I$Ht6HCJUPpEw
zy}8P%)-`%9%+JX_e)czW+)Lrz+kRO)RnI~<_NOEkZEn!c<T`(yy!zGXx{$K{m#fxZ
zZ&Q<&P0YRCo9V4p+Y8LnFhAC}FV1}uE|AKnw3N$l#U8-F7D43Htf+YMX|^OU>U)jf
z(;NHOK$at3A^x<@`iZwe-&Gn185Fl%xD&OjfU=xrz3<;VNJ;v<^jYxd{Yr_AB}Fk+
zOUB2IY$JYyY{fb1+&4<nQpC_D3_q=~ez(45y?xG`!$Cehn`Kh09N73F*ZEw%d>~-z
z)HhEPB&oq9)Gt>Z_kr3nNk`)TnQC27VZhhL^>dFm*;$W0W27Fx{PIF5>cU|TmEzC_
zR4X(O$-*9T5i#hmf35It7Z}3jv3A4>Nxr$e9JCJ+%p_as^%ur0BX0MHyZTE~C17Kj
zUp%g+5-jBxf&K}z*Ea|)=_|POSc`cz@=l#q=}B8nL-MLuN}jm2%<F5k(ynUkFB3iB
zt?JEz6*$iSpX+}dbiglZ7G`uUKtV7H{LJu0;gI0|(dmDjhDU#WThcO31|q-JJj0aX
zCR|+T5mHau55nE+_{*>0Zmbl6KFnk!DU=F0;U?8K*`|2U|52=XvId$cvsS;pF}~y=
z?NR!U1+>XPC%f|q5~VVraiQCS_<Ny6sI{i<k{NH{t`==-Bn9@o_+#P;G1hz9Zcq);
z9H06vLHmv7<>U%3@~pg7{_g3JJy1pMMSfD$s(C+6G<+<s^5)a)9+Sxh3dbo+Rjl1L
zW6k$Q6~i98=y8|Ivi)ieX}mPZg6h`hvuIIQ=X&pMSG=m7qqFm66=N97b%MRS*3>O*
zs`FuIIP*aS<74GeV>$sh*&kl-qsukGOgZ^;nrj`RxP1Zqzy`@q6x8dY6+z6}fpHD(
zY!Ep(4{j#<mJ6mwe4^sLx?SJYS|;@`yj*sAPB=R)3pr2=3NeWYjNNo1SWAjxt`4LA
z#;rKzR%;$N{Hrp%E{*<h$P@Ik!>o2ulB?78Q$o(%A>+`d?er7V#YHOAm1nXu@Vl}k
zM4H+20tL@MJP8B6aENP*L@iB=grxc9+I_jYTz>5qtZZ-#fqR};o-ImTGkROKa3*5w
z<TxuSqHk$nX!1Z%56JpKLXrEJqeMrUj1WnPP`|EneFR2KvA}U0qmKKS2$z+&d!oRM
zWzL&P6{Z_G@84F8t{U03YiRQ_-IL3_&0GFP`=Ows<6~3ot0mv7Il~V(zO`D~*ol@m
zER)~e40+F%+Cf+r3dGmILJ^U3c6Ws?-m^MrM1NE-<3^ZCj6Y37I?+t`)4uKRsW^K1
zvVAgwA6A)v^pin%KjKO(GLHX>&Fpha=2MkouUOUFOm9E^cfw_gkAnN1tBOTP^(h(x
zsrZu-xBg`&*8QkW-Mu6OtenbnQ{Gqet66+nxHU(d7u-55`E8fS4bT|L{B+wbqn9E1
zpEOlEj5-t(aPbR1-@`)FH{Rb@t^Nz?CeHu1D5kJ#THcxH0z<jlG~Jd5o3h0FQ=Ic8
zy71fKWIC>v@{(M@IWYeb`4XzSY>3pQa+k-mIC_&2hyG41b(7N42Uf6a=gZNr5}r%O
zmowYZjGn)+$AbTQy>=SGjQg`x-ncvWCuc>QPKf@-t%l?WHeq3d+PZbTSe8Ni$vGFj
z904+S^W;Qo!6<9^AMUjK*_yf&kxzX!k+vng9ObAHcv^;n>aB>)?(qj1d2wtM%1r^*
z88X)g5@hz*twIW=){*B-rwe;->JwC9f$3d+{cTV`-s2fHCPlcm{(4Atuyv)eZMmS~
z%=0|Dj^*PG)mN-9GRWS;yDtEKcto}aeF#OyoT`S1xP*Zq;Tvl{6upPI*S4+GdLKSM
z3C`P)y7%98y9}B}-<4+Sh>faiYZq<)*UI%z-IONfI$bF;0mlcFxN_x-qj4yaPd_c6
zk|q6z!jT>Sz-1-^_Lu*gGLA2&E?i4UQ~?AJaZoJd5B<V&1^w(+3A1f<H*581{NoS0
z+D|^_`{&Q+gz~t@-}#U^?kBA9Ijc*|t<GLeVPfh`{NAfT@9T0s+Ha7@L4J&|KEJP4
z*^xnh(wo$FjJS7Cu7kifGOl7NcEe84!F1`;+Cb^33Ek|ta{~;cD6%6iSo$jbo4VSM
zJR$DvC-0(D4H7I=d~7}cJ(gT4PaE81zGkW~PGS}cQOHzPkqC1!O>R~DM>*P`ZtGK5
zZc_H!h8X#8xF16F`m@Lo9wN#;@NZzeR$c4Au=!U%Bvy1)>k%7vQIo(J>R;`IE>{eP
zvRKvE`bs;Bb-&`Fd-PUSYLDZ)uOzT+?y&jy-5Z&zuFHNI#^MYfo(ypYSe5T#BGD}0
z*6s(vO23s<WnLt!d5^>}^JGOnol(;<yL%wHY6E+nJ^SOc+gfYLXp`BI!%tD)J@I7L
zKHaD{m7%fp0eI1U2IpQxr`dkQJK5_;#-9X4q`XYLUKy=qny#5VANVVQA)_tVFAek{
zL@PUHGUf((+C8vw>P?5&syJjMGLhDG`>E1Hxsa=8F)(WG0G8AGI&ECvvWWTUuY$^}
znaE%&iTk-~x$WltU^BZJ=4{^mcGJ7gj28HIWi^REkxAUE_2Y@t8oe1mjRjP?^y@=&
z?q1ZIY@fLFI6MZ2$o<S$i4#(q?`++;B^1?8|E=LEW7B!QMpzD8(E!_FJ&luC9^PgS
z#*xKg_pW>~!TEf0>thK+qLA2lP~3lZK&3RTaVvvZ$1{SS>)aLSg1$#h0yAW5=p!AM
zLGI#;`I60?1<b2CZB6E&x=oNZ=4mrW(5!poY(T@d*`3Pt)`gRW`Ykf3_3iN(<Ys8K
zxA%G><#$xnu`mVEcg#eD+MG9@FLo*2H)d0s@6CSL<r8x^Z9@nq@5tD0%&vI+_Lo~j
z&yb^11@~TKnw`%2@Ckz>Q)=m_$sa(k=!31oy+PqPZmLq6<~Zi+TE{j8R=UE|LC(tc
zAF)P=r@$%qQ!~?w(Y_XD8RRD1v&i*82q7+w=k`)dTC1`byIp6#A8Am3Rj4)ZpajR8
zz~;<GT%7yZSCx8PE>dtcx_HK4(_ZFQKAcORLY-tEfDO1K4GZhq4t{oMXi{stoAR2$
zQ}K2w&$*TrJ4y0z*W?jN(kVK*huOcVkzLzt^LGNJh|QBRNd@rlzh@$5$9vpLOMrK9
z!4RDl>{<1CzP?oppntQ@U3Ssr`cer{F^p?u=U;&Vs<L}jhZ>PxH>#8SJ-HLjbGY!v
zmEWyP@bg}>`HIUqt*>s)2J32nsoht&_oAj-5GH|oFVnVKq~+`HR7{)*bSG{wV<T=b
z%^La8J#XdrL#hY0zM8K)k|AGJZTf4TuIaYqSSD8Xkz)Fi5AHvDgH4W!Y5RJGAy#QT
zIVN@_Q_@p%sDq1>rq|btwkNrc^0?|L>Q7igL?XRs9`FqV-SOta%MXGQjHy4OZa2N=
zE)1{C2mSZ#k0)#V?U9JSl7e5V!mCVxm5#F$7-iO<>M&>@P;-bVOwxKZN@46rYEks2
z7c0~S%wgA?b6lkET&b$22|4?_uDTg|);Yqku>NDW8tlT~Y@VXke8@@Vc~XHpj!<8D
z(IR}K`sW<mJv-H4kN3|ik{Bwhua;5uGnOrib=`RI@}`nfM-GS{q;WmMq`hFWnuPSH
z$}&_{=_=!%xWO`rD?4(B{5W`JI^8+?IjV}*AoXWygO<;&O3K;jmTQUG!pw(h!{<QD
zM3(m;ad2Dl(<|z8*9Iij+tOi8_HP3#m6v|rU@J%(5c3L8{6X{D!qHXsW<>kMf-&vj
zU>Ud8+iyCP$_CEDEPq(T6E7<j;O(+vB72%yUd>m~Wlt{bNE4g+!PIbQtCqPWH0S5W
zZzgV%7UlL=GNTk()vtR(m;~{&>;B*VF#az@ADuBHdhJ`LsVTFdNJf;6wNOdHyP9t=
zHf6eBS+(tr=cl!zulqOF*4yW*lT+A5q|J)hFMW?b@#JtSl7*xF>0~<XZ8j9cTRW^N
z$RC5&Q@f@W*ss;U71m{;`u)$$Y*s$iIjQz&mt?*@imA>o(9<0JI@6m&^Sy`tbKV%M
zbielzCr?sD$XR@bI0#?&RKk(pF!oWtp%MLNB=_=F#=_6f#cI1_6SjIZt{7hpJ-vbK
zuzxm2(>|r)nwP{&kU_LL%_`oUcTw95UA{7NU)`apX^kpFILq(3M+|!GwT!sf6~9l@
zb4+n*cXaQRJ={0>CwTXlp8uED={`D-o1IzBQVdc|R5xg+jrl_n1q+|#|IVdu<-cUl
zyV~io;UIbaU23&4{p(jn63QD^GLxjufa7dR)Vj0t&K8C&;~LdPNznq%{yPT<bFFlh
zen(L|6~4ND_1>C$OZ&Qq@%<VWr)%blufg}RcGF&I+Ga4LRDp)75AzcrH>%zVtmu0K
z0P)t6eC=4F&40hjeZ4)N-SCT^zTdCs?=|#k_wRG!4vbSVM`T*1-S{e(;uu7auZgu;
zF~*Va+wo#@*)!19W0=QLY;W3A>$=V!fb3}79?fBLk?<7<_%(<3sd=U(oPGk2$EJ7v
zP`R)}y1Csvr<j#?GDD~Tl}?G0du$$!-|f}qPZavFbLG4*<RjOnq4XiOGG2~Xp@3F3
zhe^KMEH2%N=?RE6)7Lk=w*JoDRbhX+8fKr`IMAtN!}Fb1xby+%NpNn`jm~2Awx-*2
z*l`Na$F5b1(a)z8y0F)W(C-_zYF&2+{)`WPH2zqASeEuHVVqO#Z+~tG&sG*N0m_X8
zZEe3Xdc=&5;#&K%;`TPL12h^@!}~lzN3q!8h6`V#iroi;vpfDtnD+m;4MG=c`kPjs
zC)tKDrg6>p3bx;=8&TdWIQy2{ed$3>#5YhH<j?dvs8#{t)rY8;dg`kH`hN88&GOp(
zc_of&&q5EO5MPDtZ8usg2|~R={X>v*-1f>BZo4P1ehu7zWwnE|QOOuDc>72EN`&^r
ze172<`d}sXx4$Z4)ji&xKQUSP`bIByOflKQzW%MUug=x|Z*Qn%U*-2V+3@+dwAV`9
z7WRJomSHCRh3s;^*#4^KtANPstwmKd_C0Mo#4SeDf1WbO9s!r>X|mN;XlILs(&Unk
zC3D@1y(CO+@Wj9!9yl&AUEW3B_re>GytQbjr0S$(hJYr9<NCB;G67CSCNTh(|0hld
z|D9j)zv^`9_HXrUHEmtjxKDL$_2`H$B?{J#7G9e3tIf$_vDoF_OYkAA?ALkhvHJgs
zD{~tv!wVaKS6iyz5O}<5d4ol6mrtWrMY8FBpMvk(tYbF;=Y->$AWI8s`*PP$7LK2P
z_I6{`yy@vonL881L_{>_(swqerF3teW!#}nN*;na$oV>>rKUtJZih)qN!K4n7~Kyu
zxMTDFU*{If3e4#VT<)|_85bs5R}(Yqz81a15mO#JBq(JMzJxoPVzrohbVaJWb!px@
zS2#8hVZHDo`tp71W4@)5B&aS=K5@^3c)z&YI{*uA%WQL+yx1R}Zi^*51LU?5x1Fm_
zy-%Vk^4*aX`OBA#|3kgvCn$aAoYqt?^!w>mZnW=tHi+KJ(eyjNdZlmONx1!6?KVP^
z-Fk>5_VM5C%O>>*VyBmN$y?hPe|^aHeS-&&NX1-nqqyJwn%U9EQXlZh#SgY{<l<0;
z7w~x?DJ4c=*7pABOAkApL2?m34>J>z*pv6H7P^Y--&Kp;eV)_oQ}1CEd`j)`*qKGt
zbq3*PX=b6PXPd}kpe?MqMpjIIJF=(o>7%Z?+qEfywK>LloCVL}_h<R<D{DOEfA`~F
zDu#V&D?o{!IaIGx<zJDS{Mx5B$mk5nTkYcxotq3`kGQc^x?kYmaVTFlCG@B0-%;JE
zLDoIZuKWa1yN}i%;0F&Bj#&rdH7NIbD^29Dc~kwQ<$#Ei;{(}G5Pw=dH7>=wZp<Z|
zo^usaOt4&+QiEW67c$W(Ijm286C$fzfrYY~OH|TetxQ<i(kLru>*)|8)4Lu8+TU?R
zBIJCccot7NW+I^u1A?0KY&t-S0IG@ug;P4TR25{plVV$M17RsYI}5<+*m$mV@Df0e
z$p8wYkV6f)OY{`$WNN5HajUB;$v==WGUw1yH1gf6yN4r@w+ojV7rSTxCKnl5xhxzl
zge^TrUu(23%N}{u07CdU9L+hu7QDz+GJ620{^QJOEbca)9_Vb^6S}J-a%)=51>%c5
zB3OC!fI%pqQ_aG?X=cP)F&$eiG{|>4rrtKrG(e3gW|RTUvZ^BnH=#422PYUMt0s3C
zm@-b-*3OM%#~bX=wFMnRt5~=w({l4|Og-v|k3daJISABym*HlBfy`#1t1a5l2<1VF
z$Khg}{Ez{{wZE5FVQyx`ka>vi1+*U>7}PrxXoh%*Z=io99dM}PG?WR}mbH0zd~}{P
zh&QiUT!YnH;z<AgXbtweDO%ehpL3b()y)F{TkzxP1ousxD)R%*dh#NR8<?_PnvU>Z
zcsgyxMZrJP2{^leCbu1W4%Ve96f9mWlI#Z-K?Bf`d5W`r$BdC?_W7dU{F3Kb#Tq(x
z)=&HVyZBl>$`LcG-g?oVn6gi4FtT!O%-KPsvl@;!(Qs1vTE$I8h}oZV7_i4q2MGi#
z1csB5HA5DX9$k&}4OX7LXHikNv|4;;>BHl=06`N)x+!r%poMXD)NIpQIoi@x8b1*T
z^xxb`PWHmhtSySCEVKakRnX=Wl{wa~MIDG?A1NVF01TKRG~5VW=!tzKmhLs6xi3T7
zsqR<y#}<#$bWAA-<}yMrwhK$86~P-<5CO-<g>G%0xp?*8aeZ7aE&KJq>9G*M_L+jZ
zcpsuDX>&W?XMt#5wzfIUJaA5oBtTlb%GZ3rUo4M)>nssq1xWi$rIl`n7IMu|_VTC|
zr^jbi)vOAN#EAKOY0<zrM=O$NM{t7bkZ}9}fHLwLs%$^;oels2z_Bo#S<7&6BEC$+
zYL-COL;<#un~O>qPR{{xO0iN9Qpze2*KG69<r9Q3?}bb*MEMdi5DFm<ayB%~nBl+V
z4O;N{w~hFS{bfQrRzecdxeYSPrxSWVakx_~M6UcI-9eqD47@?IB~Rcd9SFoVuHpMJ
zv!F-i)&p~{i8QFO`nJZ+Moq^3aV|e}6ExcdelRf#c#{&-yb*_aN5L{m2lVkCgUZMX
zW3TnbMSp_W;?If25b`PBNLU%RR?p%_K83*mCl&XQ$?*i7I#=M|9?0OM6n2Egn$0d$
z?&6yfRF0V5ut`2YAW@7@cT_R0*rB><OYrGr;*?050-h`eAh;j>ea>lOnv>tZ6bqHW
zjXejENBg=UM@yKykKz|`r&T(yD>z7f7iJg)zvp!Q&+K3byTU~q8c5u=WXa47z?5Yj
z7*{U>83E1*P@Y{N{Csm%;lOVw&B4uR!~@$wo9RbBN3#ThRvUqo^$3LP*(~Qc8|Omf
z@%NS?dBWZzZizrLGv!>^kKBbrhOrH<Ex5m%?^qvo1#ZF+M>#L7tWfa~;#wD|`DCUB
zP73kya;wHP1Ok;72`jYI(@;3xZZ|{G*~px{|6GrT4^?aQX`C+7R(av1x15E8)a3V?
zw7WL7w17P+cUbg2?Fe7;I<a7}3OF(_nuIF<UdA=RD2so;W0Ch2zw|9p{8lz#1qEby
zrTu)c1ICopYm@<>QGV#s0`4Bm*GquyWhlC)glPh-bgl2ds%Y~b8_%#@YOKOz7@<C6
zc+DAK_@ueM{>kxW5G@^+Rb4E3=oJuGx~7)`&*Bpy$}6eOnnN-vZ8gVdV5AhrpQJa>
zMVbW!l~JnD@Pq>gh9Ch8+2&G=gBGZ4!Iwk;K}Ow=P?n}7@@h{{&&5T$c!qN87Qia#
zw430NB1|EJ5RaP9n~tNR!ly9g#mfkl+1!oahxoWpz@u3J{soAp;-+)bJvb!90kx}c
z0V2mN;Vp@~n0N;|&)1*2E>aFm1IHSsxWw^Cw$iSxn3&Z^OB(SPr*);9uFVJay3W*z
zIurtg>`(LpQqDV^87pMh`+AT|ZMlJkPrVbR1N<>n^FyhZmybhIz}ZSTgovPkf0hqx
z?rP6f27$042+E314Z;^)A|y&&&W*3PYT4i7K>4lIkFh?#n2A0|+}6sF9z<iqUOt9m
zR_I=;i_E+~3sLHc1DaH?zpj@FBJEnitPtd;3<Z$yYN`>s%};x)H8_ls<Gm!MiU*M9
zZ*$6GG5T5M)37E(z){gED?yu#AM)DW*?AZk$rW_=xPh+=yXgutNw3S<2|nxDHG@zR
zF_IWl&_!qq!(y>@!*bMo{KX#iRQvL8kWW%9ftcF>nhyj~OpH?YahA*Z`MqeyRPu$E
z%w?Q3`VXSFo16FPddd(sewg#kfg=zIP`#-WX*5Ksz^4^L;k&s2#QB993ym_V3&=&Z
z(K;1@z<nm#j^^(UFZuRzfC9*{a9j}7`=mPAh)jyFna7oAAUvXvCVs2KO-}mxdiI;0
z`>)UvqX(zTj@Fz-EiJ$FPKxcd%wysdDP@TiX>8?bA}_$y3ewf%z>w`{lmS{infIA<
z9?p(OU1E(@$EW(}i9>G`!gH()$iV`~sLxa6E9Wa(DzXryNC3g)?SJl@p)x6p*z++G
z4jekzvs8*|a$IcQ$6<Bi4dUeUu<JAwIE>(rDMyAHy2_#_V7IhM=VPkLuI7*YpOY@m
z?NywKZSj@?M~A^xkS2LK|D|GD_{GI8j0-yp7&>V5>-ifAYs0tTb(GK7>H0hIDA2;z
z=H}+*X1hXG{Sar}%?K7|=4^$o%$d56=v@H(;xEpd04Le$?b<Bv4>AHk#~hD_04JlY
z^A&APUdKfqk2pmYSHtHAIKZ<=G5Fck*&JaQiYV~9fDgCgk4LRq!E3QH%18Y)t})k@
zYRY20*M@W~P1`n$axLYL_jk1cfhi%w@^%<Gb;>E3i*nGWfP-uV7rZsH^glHVU(lUA
z1tZA2YAq0ah_2luZL5@G|KmEELLk0ZgoVpLnNp4G7K0i$l^hic$&mkBs{aJ_rlDo+
z@c^>ulTbywRxK{5=xjNnm<))#O=RUYV@Gf`ATx6j#8ndbV4HAQCnPF=@sCfmyk#XD
zrVPbSB7Ef67<CY5t68PwQ^8#v11<5mW1exrVLC~O;m}pqX0MLVA7-*6wvE%W+{RjU
z7j+q=SPd0*0WA+%T8~DlNBJPF2bseZ5)34hoSX!Za~R75=jy~kngdS~)O*yXID7(j
zCZSw^Q1aXLYjMJU(zp|K#(h~I6iUha%$4q?L#FSa!h^5CKs4?A19N{=DPy*z-=*aa
z2#QD&F{r1TVKwtVgz>$D290bZ()}ls(j2pU#+uf83S|~`CC}3#0PuL95L*yAep)8m
z59dcVYdEz4P#g&RMu+27&W4LY1G?%YY#+6DwBpGT=cGZRAarRPh(b7IOj|A3n&@7R
zkswZ&DstoGcg|%h;`aQGc+}lw`R|@@1cob-aq9D#68LX+{mHSMN*8%?-h~puEt_j-
z`NHgJ655%OETWJ$q?E$+3)AMkGf>DQ2EVY6q?DupgGeEGvZqhiIa~m(WLmj9ch4u?
ztd5+E@3E{xdFv?qE!m~GwxY3b70O8`HNzE+A3JQ(+2U>3s_0=k^%k+#=`wn+c-A&t
zsTR@|KeBIh66Aqt9KC$3`*>0XA)ZP3yc`U`qZ3mCi9=q4{V7mMA4E?NcxG%ysneIL
zUcm@*yfmyWm+!ln3b<A%igF)X<9nyoT8mx+51X70cO?%td7xT&LmA=3XdRyxY%Vp|
ze7Wm%NCm;9qcJcZvHf*h21anF3;=;m`#)~(j_p$-yWM7;ak@Y<76xLrI>EHSeKE5b
zt!&DlSzq+;*qQ<aewj}JvnFyjNjJ>VLTcb8u4Ilw7s{7^JUWn<^PybwWL0E=P7My>
z9B|*tldW-W1y?i|`A|UtZsIp!WJO-*1Nfb^I*u1;FWR}e?9jPvXL?+0NAm{ZtNY$>
zMNky@YWFT4sQbc#d;)Y==&IB$!6#8`2-3pIBp1}6?V?Jx0vm$>FE;Ah{d_<h)3O&X
zw)f2T1R<*YdB52sjM9ACBy(Viz1WSf$TrM-{?eygY-oHJLm6#&bl_}^@alk77$2^!
zsfUZ|01#_|Yp<1D9<FqD9xcj{S6#ePdW!W5mq;Bvi6B%UzEISPI02rIZCXF>=VPw4
z^*9H9G_vp-e7ies1ty*HU1p5cxDx~5sqnlv;a{B*w1FI98^3^QlC$DCIuf^PBjfT@
z3U2jqU7Y;NRX~X>dhDlCm&oLeZR?-_{&S<yz{BbBX;;Mjq`JC~n}SzomU_^{Ij+an
zN#`@T=!yAZUvm{<zv`$Ndmty_H8voG0O?u<b_5y4&XPJ!0=X&^tuxkO#>ulQBs4IP
zaBgN)LB!V4?p?&QK%B{ITom8cNWO~Zof0%x(0TKGE0#FVJU~Kg{rr>k2t^pT1wnmx
znlqf-EWpUdc?hNc=pwpi9Jl};E;yjyy(OdM)o!4t4s1MLHL@h2tx!w0@uj$Pbm=52
z4Ze~&5>u=PAR)Y1T;@(jPidFx23p<&D7}2p%LE;U6wL;Aek&B710vpbEbnE5h8!C|
z#?Pt;`tNthP(C5K;12>YPN<72F}Ux3*)XaROuFbERx)Zh(8ItgWNRG4<JBL8N}q{6
z(nB1K)0L#8a2@R&_x8sfG;Ys!60}=SJcs8rfvqH*ktO1=6$l`g7D_N8Ef=foj>WCW
z`}0V4uj%e-sQ6~NR}TW$fKWO;TVs(?dN_yq=0U(Tpco5!vXvVCV3!WP3@}T_!~$v^
z3R(vNo>j(Th%Q~6bUlhpart6!f}+>y%s)7p7P^QJ%>@LA93^JOogc<tI`knZ1Nvu)
zSrEwsU~J8Bo51;W7_CmALf}O`A`oBMhNSEi9|pxs58XN?oszeL(8}|k<hI0yCeJ0#
z8pEgYva1F67+A3z@tdei*2<{Z-vZ_s5<*h~W+8|FQ?Lt_-_LD$WYy==8gN`)iX`r)
zh|mF-oJXa+ro(X=;^eK%-Ca{HY$a}(O)Ki_QydA$#;aAs%0Zy;I3zCf3>mL&C9?^~
zlie|l$hPC%nNbL!ocvv(p9SEHmjbrwN%#+hMyjcyX1)B6qvKI_d-Dn@i;#Mp91o`D
z05lhb&Z?_9%0(kd$LK^r6K+IHfyG6(=p@+z*9^ohAbm~_&?xuyi+)S;aa}zin?%Or
z)7^U+<7cXN!l5KmOtf?${HWN1D-$w_?}5tO9NeU2`t9o4I%z{?aFfp&1qi*>^-~bH
zncR<rc#7xcuYjeXafK`|C#1{8)^}Tt;125H?5Y*Lo-r~J4FKde9<_J&bG3pO6tSDf
zNf71p(aU4u+L=jWID2xoVWNH>5A|DNqJLh&Kl9vk@7H?lys#o^1J#C@_WS+MZ@4?E
zp=EQwW>AMR<8#hf3ZS41DT0cKrlGUR@p$4C7+ESLir84D4!V;Lga@6c>yVH8^)?5T
z^LE?Y?Dt7sn{!-*l-fE{c-7}}5LfqEE*vRVAs6^^cfS{*e2ndl;Ud`horIQ(DH02M
z#HUg2^R|da@9{@E&zN^_q3RTBh3B^W7DbgP5oh(V`|Pt*K0N}316Ume7-70<Kc$Qi
z5S{?iPJb`!hxqqX9qxrsCmBH`P7BH6DeoQ<qUlT#%`2%>>SW9iwNY84{YPZTBlx86
z&{_;H$!W1UWixw1sr=x=H9nh!1zKF(QFu2~eDTyaV2E;fgye!?i-nZ^C>!<NV5Osf
z>8FKCEG_)^O=d?u_Ckkw_l*MjGvd`O;h#QkWNgzzWY>T&K)vs<Kw|60241<=`Wq$P
z*)3?_+n6mSTY~VjR~Z!?=EXvGT)@$sF5R04K|Rmf@ErKwt$h&0-LeBdZN6{8q6FHh
z?X`_l+W3Ve*9~_e$Y_J`wlAMI41OjuE}UUVI}H3Y`0-dBsK1$4SMRrs;qpe;OM}_4
zd&>O-MA=##85MLmp~eSk-X^U^-h+6839Ymg+{luvdLYq!n?d0nCl;2aAPPTImgdR@
z-PVs$Snr+0lcnJOq142bfI9bq?;)K0U~(b~r%0G+aj0nB<14hxyh(O}CafU{xiujf
zhHZx#81lw1sa@5d@nTci@}-|>r>ZQF@unAvLa4xH65*0*2?(5}7YjU|8St9UdJc5$
z+U7GiWmU{O4$*?Ld!3HOVdv2tK?A9p74VB4h0E^O3IhHdzO(O;k5dXVZ6u)R!NSJP
zM+YST8Tk20$Krt>5DmhaG!R$`z70);nrYGV@^cH)!aYPAo`x@8ZnJS13B=p`FVzUa
z>s(PRm?8eQ=S|~wv=SeeYIpN4avgA%zUyE_xdmt@ND~o-!k0JErPS8q6fd@N_bfdp
z8MV(oPbFL?{X?CG!P&Jv;B?SQ%3Gr)ud(lhOJ#i!RMB%4A7mtb`q!$BuoRu9i#Go<
z3dVC1;!%`!B!r)0*{F!!!$N{~Q@QX9%h5{brMdvZY!C-W4H5;g%kTg%kS5Xbneyb?
zwbzj2wm1a`We_C>4{fsNQRpClu{j;!p^$ne0xOi(V?A<Pd|F6naRe^K!>@d9IwT&;
z!xyMvLzJsR%zWW;bdro>v%^0ygm?=^{uqYezB!IgR$DqhukKgKWt0RUlqbAg*9XU$
z2XF+~+<yLMmh^*#{)&u5J{@~d3qhMO)W7EhA78(h!Jv5PiHa2JC;LunL2=3#(Ez36
ze=D}x&#amcu(L4{2ofH^-Y{L#Ro~(=`TzmJUwCu_WLHMxO^%+o<!V1eL)}S}M)-h}
zDd-S_s5N|%VGlbGAT^FGgso9d`n(?~Fq@+;T2Sn5mo+kRmA37&3yy9<y7^NomS91C
zeTxJ|cQvoWZkE?tzRQ@%+`*bs-d4cHDj!~HdDiP?h9&q51-RJQAAhUI(r0rfnhmXw
zO7;WeK?;`V_<bmXGUO$LVU{ggUhL0)i)mR*7h7s`od*Vj2SD(|CiLny3?{2I>))Y1
z?0rx>*tu&8I`1#?n1_>(s2LZ04ZJ>0%;}|IJkI%&G!F!n8j0KK)Kl4~hxwS(C2TkC
zqabOILM{<@1<Lo>Y4&4ZyiQ#(80i|YnFeVk`#VTB<DwyZc@{ea^sX09H0{f&nG%Gw
zkspgTyfpn_u3h*cNDe?ZSUT^QKWZc4?66z`>vdQJ*wL}q!Yc3(nNqs+(3|uJsSrn=
z9Z&$4i}(UBf|nS{mR67pQ55OGiVfm);Cs=WsO?V}mLWQ3R2QImYPec9lEbaG%#KFq
z;!%O%hBm7uTNDp72eI8T8kg#`(gkT=sl6!%$NhsUrQj4#&#^ETb5Enuzma==Cuf5f
zXVhGcJlK(WAfVZ8#noW|vfyhs92~ZN(v3px2fM1WnETnObZnHz!ybXhLbzO73)j>M
zRu6*+zZcP#euVu}OUPa@2keb7WG&akHW`i}uO}iXmxBrp^@}GPTwLcJn$F7SxH-)V
z<D-pIU>Uem#%Xe=Al5ng!TooNYZvjjdAm`Y;iWbKpTA5j?Dd1%OR74QNj)RU?7%4#
zz?|*iIEur&pOa6Kcn}`$3hFGEv0qZgUsh0?<eiIcC0GDDbRTzNv3upW0h+^SmxD!_
z*w-A!v56TL^gBqRqibj(e;`)ETRlnQk!E!u#w9|O9AJMQn1X6O+(cr0;xvpft$#M6
zF!yU;bpdvi@T>R=V=MQgy1frZ6m%jpd3`HfTe@x9g|eC#31;4_?ibzLk>xce5+92x
zoiCltOkmUT0l3^|9A;k*++6~xV;Lk7J5}Lx_Vyjc4w78rHK%=R4NAmAD__MU*Pd*S
z8O&0MKR}+CONg5%Cn06pj1x6T@`uQGyyK+F=TCD@;|41;hK6yen@#(hV$%2T?**Qe
z=sN2V=ZmJG@VP|xa+3S&aq2bYR*xMEVEq4Liw-O!Z<ZUlxD@J_d$Kl(R`zQiMid82
z3yV|a@as4w+{{6-kk}mV?>(Ib`*~LgaiqT-Jb^-aU|V1dAg$AN+gnrLwUtlXE@8&6
zi(a^N??y@+80c@W-=Q$fc{KBMp1sPWK^M4y-GBj!gTU+-Yg}HP?R@`mU=`sH9nzdQ
zCk;?K7<1MP0xjnv%KFR$_eCh#viLZ<5ac=E6y=Ns4pch*n*_G1-#URPgRsMRORr6a
zaEpNc;V8~b4`b`?F^4ZCG+++hXC%5!T-renE!IwlN!e!4HhRo{qjmFL{#I8iCi|pq
zC-&*uwDRoH6dCF=4iAEEVPz0Ol&v<S7!k!Fm_j_FLiW^WTAHRtn$)tnjPku}G(@ak
zKAKyD0X(hBcl+a8AhyCYqP4$^o0{tDaqt!fe&y3nF9PS_0&(iB>NG{k?{sXEE1*%r
z;t~<==Y;HBe8i7(?V_hJo+lY8i_g%2njubb&(>Pd$Ad;pFBs+3gok&7+3T}8Mi8Vy
zU{KAzk1Y@q&-B9QM@{J|Dn7`=b!%t0nG1Z<3?yOaU<1K=eAn#b!RPJtAd!bH(-d2b
z+49GQW=i2pDbbC)kvopu4ciq2trP)Oynsf6<7P2yL0Y<|%;Q(h%lu93Y6o|j<Uerh
zimJW(Bb221^ljLaATZ#0qGu*viHsqDA&6m$gEIPawnKIse$E+IhciXZ)+Fm`_HI=q
zE=kcb*D`RC?#NC07{C)HUH!}$Nprk?NpShdSB3u($?BeT+}ttRpPZPx>ooVo>A-r1
zrh-zDt&^*PZ8dS;BiyjV3LPcfJUi};{UidG>X>%+>ilCeELK1AV=wP=%;JnG%j96h
ze86sFZ-(j3mw%>GPh@Lr2;Z!x5;A|*2B(e1J_i2TsF4`fO8p_!h*+76sS*_I4+vCu
zR$I`X%P_EYnK0xQ`bKx)!X7)%11W7+W<uUj9{(YkCEe6JR=rC8y)9EO7^(~~b*Nd{
zo7M4Hd&Hg5;E<BB>&(>O2i%|AlJ{)&A9!d`{;#Kzo|pHL(ToM|LCo)2yI0=QZoLH@
z)$UhTK3Cj(s`Ms7_k&am{520XzP8R&tYR-cQe)Ma?Wgh7PrV23da&vZ`{Mc%wJm3*
zI;P=GxVXVf2ATX|elXa$D@)1#H51SY259ja?5T%LL~yGy>=K`Z^-WrUl&Qd^vh!qm
zh9-D_*0_OZAadJ|rW*KeGcag;B2V<KRl(k-<)qO@gW)B9^Y+%QB(^bRIj?p})SDo~
zPo6GFVPZ(~;5XMSTfskmPkBRk4axw)PClF0CjS*IDsBGRNqL9UDJu!6{<v}fCbQc^
zEe;2ldzJukLr+VOs^#rbkOFp!kB^T<%t`AfYxplXwTC$b0$DU(&`)~Q0GxL=iq*$z
zn0^qKf$%V}+5nt=Z3d8oz0=u%;aR832MvCvz=f<6)rPzqula_uIm{G3_z=>L){ub4
zYM=7ph3YEo0xx?rr6f1k_E<c#bXY^B(1_CJ2eO}+3R;p8*M5ulU~hKo?$gt0f@X3B
zDA{Rv24$Q1YO|X7!{j9t>9*bYtE}p@)@&aRfd^LBlx%0lL3V;Z7SeiVI+>|lCLgj7
z$@<O5#{Tsw=f3RPRogE6TLhcO{c$;6Vx|w;0#bc{+A3iE1fRazIGXHj*|<5hU_cWN
z;n_)9PfxQF9{ndrJZKKh&)?|G`kS0iH#dsp#5i+|H@`qR&uJQ!lskKS{eH^lrNgr}
z+8fip_Wf8IY%lg6;^_NN%RtR8IJk2n@*b<d2ye^%I2UxCWs?7QRH4h_*2lla@jLuy
zBXd*9yp&AExfdSyBMz(gd=nmrX=tJ#&k}#?wqzt^fX`J!l5#VQ-oH1R-zEig$Uf=u
zHQFm`e2R8RSZL+uuHf*Nx4-i#M(D#tprnf0hD9){2tIVlB-Sd;Q|I5Fk;%?<2t1AZ
z^@W-6HUS3u>uc&cBR^cm!tA#rn~_1DE#__gIu*`}=iYcIvyQ~OdRA)b$8X1#$^MDf
zWCwpz(Vv+2+Azz{ee?+XTE_$aneB~yp}lhrfZJM7bg~o8jqNBK<>{Hbf55DW$ohOL
z#SNs8{R>(`{}v2NSlJ;V)jNJ$LJmO%Fh{c{K<T{hj>$o;v?uxMMoOKGo2=rKYT|cs
zfo(_Um!_gQu$^_=g)epWLyV}vRa>>w(<9!hc(<aGpuj48$XIe-!`tuI8@`^L;@J54
zuYCf-+@R6-;cbFh@2j6)5dl~IoZ){g{zqMTa_^lMSa6uF&@a1QZk6XP3T;ECnf;P3
z%tN2@p@d!Gw|$~cId5H{*{X=e;$+Z@ep^cMF(XFA>U48;djvOs{y2PfVOAdT_KjNh
z@qv8aGbGug1-Z>Cn#>DylI4l!YIS@V$HN8)da9D}M4R1YRqA)9&9hQ-%G>N5kr2<a
zXL7ER+Cj(bV32=*Qg}<&Z$qd|eRcIlmYEo0eGKVr5M<Rs_Luo8VY7C3l`BOwE7sur
z#B;;3Hs9glkg^AMo{`HpJetQ{Fp;m2OL0rm$TRzLcH&0ZwF0p<`nfLG`MJ4Y;5;Wz
zM9E3HC)j;`hGd$gtH&GHVPd+Ob;-95>~``PyC@bQAXg<T){@l&_c4{uQ9YLv3Rd~g
z<UmBbzasT{%j}}-6^XB_-xVCmbJh3}OX%1U)VwSr>9!jl<C079FLo41zmQ(S!W?!;
zHTkzNT!K9hVr|~1C}+sFj`RwURYj^!2PE&<&$wCT-1*C1p0?{~CT!>GswHb^?*2yO
z&$C5Sk=NoM9FF}ir2;>|gaHVVXoE$Wt1Mmdy4SA%6%EMpu-;)`NG2=G9RR}#VmrT<
zU&sEuZS~W}qg+l+OV!cV<$nM=K*hf-EwS?4+aLoe+~zph_&8Zf#^R;#5d^n2+wEAF
zzLJ!Dg<G{FGx?yG;yFp3wQFfhm%g%<t1F;hV{ul2IO@<r$q}Po4S#be2{?=^84P&_
zKdCvXuYN4<@ZrPLrcci>xfmpQq-^<bo8;u?5KmtBs`6d);x6uG`pkHu&+4epv2xo~
zP3Q9OrGxcffAF9ru(>uiQQeUTHyx;MciOEC;)UK%t#y@+^1hXi9$oG%nKEb5NqM8m
z;ccUb<3P|oJc3Wc;T%&Re+A;+J$I7@&OwH!)z>?DUwGpiX%$7dvI;UM+PytdS=r9*
z(>URiCEfxh*)T<6zHg4Fr{@m$?R%el&MT2kji;H6mQ)*q8?P~H-tigb!_IG*4RjvF
zO7A<aSQ+G;ep`>k{J!`3Sv?+;Y3t_Jo-)V4Ve16SZRb=kiDkKe%tUdY$jKw-B^Yx9
zXIO`Xgv_76`SfXy^rZvs`%d%cuDm#fU|=v;Q<G@cr&O|OpJ(j(_q#@n#T7QJS+#7%
z3cpNGU8N(m8w(8C<|%t3PMtq*y)y`hFDX=XBDZuL`AjX__q&p1RCw-3&R#j$#YN9c
zcai4WkCv@n@${MURvW2z7kMv<6BA;0+Po>>m-foou_9;K+u+9&qGMzGO#2teNS@g?
zS$}y+Vt9U<(v}LpFI;nVS`)AxXOF+yM5F+5`8YpGHQH@LWRP6UwBG{nC{1(jzNk98
zG4(@RmCMpe71<B%BtrB13qI6S%2!{wwfkUAZ&&j4jFH<&rge`RKZW7OL>DLVizIQ%
z7N&Syccl9=_Lu$+5Pu{!C;T>T>od383L7PZ)!b^NLL9H<20vRKd<F5~e{G&&MRs&-
z)+%0KGb1{;o%XbFUE_k0VW-FDm{8npIxermMc3^eMv9TgE$TXN9yL{?LQ_X+dh)GV
zpVhdg%!bSBk~K!NlA{hBSkvee(&=>0yTohUlO-#p$OPQ`!-wmGOQYW{?|-b}{CfY+
ziO-fq9Xyi%=!Q?>mi+omDWwh4a#}NI{)Rr;P~~&8Us`o)#+X9h{?t<3mUw?RN>1%+
zV~&aXjMVh_A|R9%6-Bs{k*gOzlO_{lmg7n}Yt6K#U3c(E4wXFjMC)?Q#@@D`-8?OF
zYt#Is&2{yPO4WTECml6?6f47}PC79Aau?`df<5kx2}cnBSgOAI{`!YI;$19zn}M}a
z*%~Js`!UsooRP8pW%=UeC&Ml%jQpagd$2)!tx07=Lt(9|M!+aXjh1ueSxfUgh9fCE
z9+v7UZ2Q`|P5-E4hR)tL(uzqhcksM&THnmrchhxbALG76ba`6lFkF7xn5l}F{EJ^1
z)f->my-#<Ve`Km{WMu6hL0#j<MJBv+j9H$jfSdBtKIrO#7#-Ss>kUPdh>D|@9S&pU
zIB<N&R?m<?baaASDvoU5zWu4a_Bc(2jV=7}_G(=@%a0N^BXEH!9y`ts$C0SXGvreB
zra#(n>zcBFa@z00(mcLXQk1q|mTBlodgFBo!@WuSRQ4oy-OLksKY5}MU*u0)rRi(R
z`qb@(dz{@=yJMErwQK#AXV%?(ZpDAK!rIzt=~9mO(Y8nZA04dXKR?}2d*XzB!M^Jy
zBg*$A8}kA#T}3J%8BW=fbbs@x5iR!}^p~yDEcMT>s`63hJyWDDNHJJhvN?S{MQzcY
zR;pst>c01T9FLNdHJBsga%_C_Gxjf$+Y}fTXBcXxY_Ou~B5%Fy5(cv4kLKphwY8r2
z_O;c<;XX8cJ$=gOTz8~ZenCX@%~z){e>$>%|FSddDcRF(-U0`}FRJtH^U`g-A75SR
z%i?}~JKCnqKT+}A-BgqC@_l}|^W8-AkjD9E=DU{N%J4ed+$3l9naSn)?R6UaJm^tY
ze^gzbddx@H+ww)JHRH$ky=XqEx96~-T>A+tLj!|??uvz0U%(3M>D7)+mnzP`dSLj)
zWq+ijk_G!de^~3XBsVy}wCQ*T`OEv7jsm$U`X!Q5TT)WC;0|V;dDh+1F~g<)-G?jX
z%6ij0Ja2_B^hRq`zr1aqb9yR%<VefVljj#}gGqaysyY<XQ9ts*F%Ix=pGZl+=bkjz
zI(w8;d*;%YPq!BP^*{2@SlidGzqYrOpQE@=CfAfM6YRWy6+7uxb7-%+1NFkW!17jp
z-gb3|^?l7>##AMC6^@>5s#9_<AgCtaXffrat&{(&>#Jpk;WA}MCq9`*{#{3n-FSWX
z?%hb**4o_r{1=YJ^#zMhoM10!`H#ZUb<J=+myF#<W+-kcnMG;T*E<My7<rqNlo!b}
zO663D$4?c+Wy|991NQ6BK;OT%OD4~rqkpB#`EGGSiVRsst>pJ(j^xjc34O&IJ?_2F
zzQ40EQv1qhuD^fdrHHOt&9xlabV7f1&Po}z?HRA$)UDs8z3h_Ziih?Iq>!g$m<xJC
zM-B7NA?)Vey*PTFQ{x26z08&;tv*XDR$Xs87)9XCTxa9lDtkZf{L&ctmx~OJsLbn-
zSEyy!d3(#rDJ#7=pme-7x+a@;qiEyEYehxoJ0`u|iSzgEc${s!bm0-p%79m1J4z#a
zD$5!^2V6Mn^`!keF{hl1JG^tlFljT>Bwlqnf!Wcyb42Sf(!QNDRX)U8l|_DP>GWT}
zFU*d*3vtrDVCWNilHa*w7Ujf=6A(7g8ZMLbu*W_z+wW`S>#{u=@dR!gTi-u1^)jWJ
zdno!733*VOWo}ttF|R-KX1T|XqZyRs{c9pG<tE<o%`-kfvAF$gl=Om0`Xx5Dwy~q9
zggz~lcuQZ3RBo!h6v5{6WscNO3;Vp>`c>Ndw{MrN{n}?P*c5brWr0KFtROSjGqNTp
z4%A(WpiHm|emSXe>p{xcv0rNb==V6LzIBT1*LKD|?&N7DjG908+c`+byI+4(5jxDK
zEa2P{l_S2#xHn`9P2|RmSym7!u(4SmyN0wd#E$>@<L(O$%W%ubr)YdR#kiMr`{u=<
zt``wu4Hm8*e%-0l80VfmI_;;O^`a+WZM#<wzq9e)Jy(OP^XK#|tyws3(S$tut$SAe
zOv5904t}h@B0Jg`mo&{T<N1+YZz7(qn;UZGnD70yV2<89DemrtW@)Fd5pMPzK9<}>
z?i+^NJaX2WzM5<d`<zI&`8ww8@!@^({t@q=Oa>w7<vW?tIlIUDutP#RFEp&lUw&0G
z`PTJIb9Ptl$sASLUd6sp!!iuh!e>uLVq~o2i}tNz7k&NG!6Gq>yms)vT&;*!kCBxi
zF+cTp1YZ8wNUv<{Ax7brS7rIyZW=`<lRLjmtiL;LM`pm)N2h#7kGR%YoKX4UqW;KY
zZ&@;7uTh}Y=eJsSb=C6Nrx`7k%{m&XrKt~k+FqVoVsOIu^@b8xO)af4c>K6suGf?&
zS!d}4l<lS*b4CLLGtqosYh_b4ubnNna$7!r?(%!ziXJ}ion+_wT)GI~h*(iiK51w;
z6IkA#xoArg+A7hv<i2)wcSnPjj?TT(lM^M<)S_LvlWDTDvgZQsRA1x;GMO2Xi}R(G
zHYdD0>axvZ^{4G_hepg?psx1zn$B3`5}Vg^$4r^H`cwDmfIAE1O}9zE27%yGj?C+E
zlE)cnqSNnlXPKDvK5(%bzHREUt)4r&rs^QC9%oDMi{dIB(W4pK%-?Gektf|FBcT?f
zYj))Q4V8SeIV(v~QJe!^xah#w>M=@6N+&WiE5AnWapI2DPc!p4tZYrA9japkd3t2J
z*}P-%4m~%t^Ko`ktm>E7MH~HN5)~IVE)56^8l~y^VKT+|f`*3umEIS`WBIk!IpGq^
z`#<%J*zoK?tjfD(ZyF>dqo=5NbbYEmvQCMU{bWZ^n@hpR#_f4|)o%#4a~?_$8)n&6
z7L&8mAwg!>dqZ0}-lTK&e+2ogS@Wf7n^k@0;?rZ|zL?F6He^2iRNQ~@_eGPG7I_+c
z=`Fuu6lBUYtde@A`$%nAnCYGK#dmI*=x9hiUcFjs(MiRg=44vs$LVT~xe;cMC#|i^
zra7?LZ(1ueuU)(5tDlv(0k=e6JvY45f7!D7&%Iq&pN(Nv1<vuZKA9hn?>g%Agj0~>
zyKIdz4%bc4&)GQLbR=Q5+!Fl6#}WvU*nCy`fy$b2I-MTf)Htd6&Wj8!W$&FAI1QHU
z+T7e+<Mv9Dg(HYJ8@Eg`I(qnUZCJzV`b4rXdkN8t_`YCO*9CU}o15DY9@Wst;a=gU
zDLAy6goVADxaz<HUmU5nFi5X=n`*<_Cua|Qs5hIRn&iPeT@qXO%-56qFoJn%|6S@=
z=W+9Vl~PhtrWmqh<mCL$(&P5;-*4oTJZJKC_2<uDNJ-=0cWB=%yR>M@5^01jF@EfV
zPG)7cdT7a1RqCr2b;A0Rt?foM``Yf75H~kX^8Hh8a{Hc4SgN<9;7NPlUfj))2R^>O
zb(=;{si>#`qJO~PcEPO}*Ik-67d*DV2<UzH{P)+d-|=3ac=s-A*G@x^#Xe;L`NUG3
z<M^Ip)3oN7$2w}NjAqY9W@VKBrglKx-fr6Tjk_I9Pf5NgC=9t?s;G7tgpnstvYKyh
zUvgNW)DyNF=R8-Qr13B_^<vZAIUS0Pi+XIf?|M4Hnw|(;khZp<o}NXSo?}yH^G#WE
z7pz-X5{<KU{p~)JnULS7Q*wgwZd}NU8NI!|9hbVCS*+I^<SZYXY&lmdn|@?nXl2;%
zfjMCU6LvCZ`;>O2<2Jv?-6?E&cY3R{!_Mcx32E&rx7u$W@$RJeIX2~m@wy8U*2~tn
z?iL(uo8%X@eaDUo3JTNtQQCqLLG`hZ6(6#P2j=EQDL<A-an4fyBOzplL0)?L)0^AX
zOLu8cGD3^m+w<;9T|PJU-ixT2M|}QZU5x5|SGGt023S$%mQxF@)f<+i%^=Clim#}x
zecjQ~(RtW)#(|Zx>1mH|CC{+xZB9;4PcKfG1OtW2v}aqjjyub_XQFx~EW^FG=oNa`
zmG4I^eKsZ`-EfA+`OV$k-5@Zm%MUX$FvwUt+<`B_biOTU`K@}`sX3>P9u4^LrfyND
zpz?%g`q;>2E98~e2#kW~?KL}-dA|MN^cU3mr{veU3Isii{Z^+WCy$>zIilR+!}a1~
z!SIr_^pz&_%p$YbdkiNpSDQ1ZEx+S({>y!<4jwv`R<_a1GD5SSbociaH{#utt=4=7
zY6Yi%BQ7siIX_jZI`v9kSwcdB+*D&%508gHG29N>A31hx%BT^ip1R*3mPXh#M<K_O
zmsz<&NAclRuTzU`Haj1q(6Z_ZCF&e-a*s2zvhJ3ZUE)5!4IKJ3o5-Lfr-U0m`plqU
zhHBM`VwnS<K7IQ9`Sa`7ulE{pvb@igw0vY=AQ!1<L?<^&;NlO;+j#io0Y#iKW5%pm
zvj_wNg3KeS@)ww9Bz#JCu`~&Nz5B|Quh9}xo8(k28TXJ7lg&oUy0fCS8l-C1J))1N
z2cOu+yik)6AAdK^?1o8I3!nF*jO^s(xzU}+(=YKl_TXac+4zGGA3ZXhJNIE_Wy;Q-
z?^_-OzJ8oN+c`NYsj&&ZHXgrkFVAs!Bv6sFn7RIZy299W?<OZFC!n_*H*SoJi!1tV
z;;`_pJ4U6qZ^v}M?d<f<_TRW|+qUIt@$vCS_2IVR2fHIzFIn<?q}{?keC5+t?>Wt}
zHaN}Pk)bQr5@*fIICUzgru{5YJ;r|P)Ql`fe%+d;lF@6|u2of4ZLdpkjvM(_N(c8W
zmW*RKNqI)C3NEx>>7G+|CtK~SPMWG@Bunn?sG#@&O@{XLiW4WQRdZJL$c^uNyWx5C
zSF2#3jJU7sYGS`inOJOgte+dV7YEa7ki7V|oFJHv7>AI9V3OQGl#Oz!e3Xv(M<67M
zE8@W5@c6=13CK)38p@=h7QyTwE;VcxKIMT&4m_VtCOO+>*(_iG-*x``ug?E7*>p7g
z-%$G<zW(v~e_h?VMn-@7{lCGl`XB$1m${mqi!DrZg21&#Ts>_Z$+ieVQ(JqnzOA;l
zorfLbg%w@W)zU#Id@hs5*VZOE6JX&V0)x*FHr3V+3k%Z<)7Ro~1GPQewZmaYy0E3_
zttJm^rbXw|36?`s!i&lWVF}=Eq4*)1h%JZ95%8I86mj9gU&I1^apiD@nfk1G5o{WR
z%VBc_JcI(PEzwXOmchhPKow__7k0{GvR5Kplx0ES@grC$kAb3mf~ZE(Ai9O}AI#;f
zKmmzx3P1t0XgnTaQ07l<c&%-Tmo*PU`BVfp*Mxb~LM;Yz9(ceXKqI1`LtA|NDYO~P
z3C`uAd<#zxdrf25i#XH0DABz+of(QS=@taom<s02CBUR6;=6z}x`4(fz|p_E=f~m%
zatPl_Fa4uw!S=G|%%DJo%Hl(^A+xde2#-sHgNuIeBb+BztO*SFqfucNRG6xi8E9z^
zmX^Z~6t11Qw&==S8~g09+S5^?&0})d1j~P6wXyDne-LvuP0b<fLNql27r(I)W)L63
zS2i`28Aufp0i;n^JO}U&Z!TaBNYTI?=W~M4fhm5g5Gj6i;0A0WUXgEBR2>!vBUp;d
zoCz5W9{pQwg(=zzmK5yo&$Xp<!q_lzJHgUU^zJ9yqroV+V$+x?puld>)z9?<>?fbY
zjUZUg7ryzq)-*0kXYv67w!$|**&1pV)FE5p8{|h!G}j(j^@00CIt-$+1ymN+Bf-)M
zyBJbV^dF1Dpw{Y4Hds*>=!GnN!(<2kjR_6yfiDzvOn%9Ou70wkFa}tX#f%8R5){Ey
z!0IP^5byx`1WQl&2N5aJPjvuShs$9JR|mXd{ezDF=^}xDP*^|@6|IxI_<CqxL)wV!
zCQCpCwj~hNVxxR*k?9ou5K^09=_<VO6D$6sZuwj)Z6(Upwh9DhFW3(lB3&IFf~Ach
z5b+Rx^f#FIqmFsBpzk}iT}1hRU?2+^SvF71K1bozw|<1}zqh)BjH%G@4%yUzS%-<W
zftA&R;|Q~83+*B7_?t}xp9|A@3AZOE4<@Z-@`9;+8Uy7b{!|{=9yn~U&5AY+9>Ql(
z`3Q~5M*LAI!qB(Id)T^alU)&EzBHZ|LWT;D^6)>}C~08R<1&GK@HuQPlrGR-LuaCa
z9Ju}g!d%-_7UVRK0~Uu5<N$0v6zn}F2~<b{iU4&)xdBufiePoz;Vm%{z}~FX0t|ym
z*TDbQBC>#M5(vwt0COg6Bb>4@Q3(P@4`tF}&Q4KPE^OC>xmsaz9xTl$n30H0Leda%
z!hWp!1`lRQgJf_~UN8r)CnDbRIl+)-z`#JpkRI_&b|_~hDx47Du&^Z^Dx-)9z)E{q
zKnD!PVj&>HWT7y=!PXt&1b`2OW58T^c+oT?I09^WFula;g8UtCMLV1tN(DS6Sb7QH
zh?xy~Lc^(WWD!pxQwO9afQzDl9Rd6>Di;-VNjM=M5IW>9gq-zF$l(~UGLeCnu=k-d
zE8d6Ulj6NtEVH&);Z8mRMGo=<kOP7$O!&e;ry#sTS)5?7+9Ll2451?$<U7sywqwI_
zzU|uIX@^MY#ZSYYVOCnOIsQq|hggaLF7JCw0m!k3pTqHxU=XVgX6_;iLKRkZf%?ee
zaRw!u$3_&l7R_epT!wfL*nEa~5Ch!9rUVlY30v@hnzJInKmTT>Mf9|EgzF51<L`+g
zjS~b65Zs;MUrhr*qdUq%fh|G|Fow-!24G?iWe(d6#mhVEM;saOgJ9bMUr5LYIt!t(
zs65`Fr-TNY&L40?0gnc}P{c=1N1K8MYr}dtzQ8E+#n03KdPfv``cyg{7y%H6%$$Wy
z0$jt~k#tyr>-!=9E}!5=3Bp7IpixJ-V+_!#YozT&jev9-{2ZOYL<awvMA-NToY6sS
zKzueZEF9Gy_5abR_Dn91j|2<+f$ob{R@gQ8m-YRc4S1iBjsXvJsO$=roW~4gqryDU
z1NKn}_*k>)Tn&^8GfA5vwp3s&0%0a+V0RaQ%@f#02La0EQW4NiFqO-P_7vEyABz7E
zg1d#-Eo6|Bf`l=cGzOl*VF6_V^a7I}9KmG<GWg=HKxC32iNM0s5lA~TfJp=PJQT%3
zSuWFGAly<gMYn@WhB%`Psy`9$#9WCYuE2REB6eT`bi_sgYyeNVIXR+01-Wz%;=lnL
z2!r!uLpR`-V{9Gdnu|FLcbgy%7w)gZJbPF@8cg@_gIq}_i_bBIk7zo(Xi{9Qoish>
zTRShL%=-bOXhR|ZExZV$<6+txhO&URqiO@j5AQA7zA(E7)P=@CIDF`fh!`$5>)e4&
znF~!9w&e_6lYeZK;UtDw<+%h)cn?|=7L&&p5-XzXJLgO6Vu?Jj?>@x>-|w6<sy}d_
zFhn8vPs$xiWijb6^SBt&p~2!~Rst^5La3o!u~C9x0)`#@83rN)ns~ylG=(6L4nYV!
zEQ0sGK}u=_gn>e#v>@o~5`ZTJtda%6*qDH5TMA7`u!zh-CBeQ$c384HJ!4TlFcYBZ
zh_1e=uCA%R4p=skjtwaZCUnHU<B^abKjz;zR0jKephTIlve^GLeD^QE{tEvc>>>TD
zWBfDxSI6-C`Y(n?2715n-~Ytxe;EIj9RmIiM4P{W++RTMzaPl`GcrgJp}Kz?)A<GH
z{sMG=0lNRBgI|E|{{}!;WWxvc)B&6Rufe#`!VdI_+1SB&?GOYGc<Mv3S!nV7LHvYJ
zX;eBI1VV2Z|I%Ox#-%Y~CUyZgn8Op+W~2J^I4lq?vmy{S2W-eZz82mCtF;6}HE@f|
zi2z$5uv;*Lw1cy!CJTn7a03KxLIBt~xTw(cfDx>gh{g~gr69<KL;M&J2EiPg#}ROW
zz=@m);1k2r8cf)aNC;iPLkI<X3X>o4jJ5D&KCI1%u}2tF3gIIr+y)`e`@=B<*#c}Z
zaYOCEV6j<paCH<1sv;J{S|3bdgek%==p48yVgcyC1R3C0qG<4USOH`?!ouPxI&hho
zEa9yDLDU<DMfC_K0PrbZFq6v^0~cZ@K#DPpUW|}o62j+vGfz+|@Kkn$c=6%dixwQ?
z81O0(1`teOLqIbsZzX7|g}?zJM2Hs^FvCy`@mL~2jy`A<B9=lMyDh@l10l*G;NgWk
z5rk-%Y#K{|0p4%|)L_7_U@nu&N5Am{avw|#h<FexEd0e}<3XofMC7kPS%e$}aw8Z3
z$F&CF|9>l1B;>+(IJ`(g=qMM=PlyTQMQcGH(9CZHVY+Ye?|31i_*jT|auIDy5jZB|
zoCai~85XKzbPtukZxp$r+#n`TjG;pw1C9i8;kN*EqELK*h(TvO5G7(F0c8i}@;Gcf
z#~(W0a0RK@nhAxG$s78m0F}q%(3sdstRc&UhqZ2C8gxJ%fg)-_z)Cm*eu5Pcsh#*E
zv3TMK85-gsDH2OBiy6cetq%5;3}gpSqyt2ZP9i>tLuUp=5D{Pr;j}Q#<}rxy>n|Y;
z2X68(b%!fSg!9k_qQ(=Jc?|{z4KGqWF?B?tLEu2%fbm5v!p03_!18s2XTs#+0|Z<)
z7!t+W0M+4fuo2<nz&r5q01m9)4yQ(g-wa`f)pTIt;G$CfIiWvL7olka>k#~HamAX%
zfMx6bQM{0EV0dWC24)5I2~YvNDmEY6AwW!lA(G$C_M7~8%qJn@VpRy4g1EZ7EF#;H
z>=1%A1zZz|$YQd`d>2m-1U%tx?d;)=xY#4s&fdsEva=l#Px5kgCs8Pfi#tMga&;t=
z?1%{2+1An1j_mA!*noD<E*^*@*@^4{I`wct;DDm8$RyCt9`8hQx1A3zt!>DTWDjp5
zVo&yPhJD(DPOTAFYj+Q_t*4{4JBYX4U0o<7FuWb!*~OXcY!8c}kYJrCEift=3Lz~5
z7YJp(wWA|86s%+A;*Qa0>*DI|PIj2@fy{Stv?IAw@HQksnYE20NjMakl&zyR*@=kQ
zSvy%fkg!%Rpci-SF%fl(=aaBoU_5JQytS<d*~J<11XjIr2bV-JOLvcfri;lG5)rX>
zCsQCp?A={J_mG{S1>~7C9<*~N344L8Muw~icm!U1Qb^xuu_IYKg1#t_0&oK_epu^=
zXx;xgymK%XCoIn~SA=*PYs0s?rus(UzyA#4iT_mq;{T`DU*W%l;<<l$jDM2<TmJ|6
zuc7X*^S}R**RS)xzhL8Eu<<Y0_@B4`KMxy=q+1LW|J+INUuf|!wD^BBTKwOB{CDWl
zp8*wsT@O}+?+!T%5eMF1;+jl$fL5@8rpaY;wEVf+Yq%VLl*{L62QyiEAd;g7^HHv@
zfmSd*fM6L67z}@h7sR2X!Y_Kh9mUke@IlZ!cG`$9#t8jUL`*75Curf_f9@2k5c}2s
zPTB*Qfda00=NWXWaL7m45iTBz=`?~xYY2lA28R~WgP|W_Dgp>uL8KDpvLf&hI}sm0
zL{N4p6WAz-Zw)%oi6?)5Tv3F?eLHl`f(HX5kb#+F;3%Jn_zQ$MZV)vB38S(hE`%2Z
z2Xd)&KngZVRs@2fp~AjI2kW#D8x)~pI1>iXVn`6|gGPmB2M`Z-`yieWA0KkON<2TF
zfX09)<Nk}iCjpP5N_yZ!VH!jhZ#-xs!UQIhn_x6(Ab|u!g2@1K89JFxGGsCnre_Ed
z5L^*q#RFMH1XOepQ1Jjk!4vseg9r!;3M$Gfy1=4>fC4W5RqyKVnMnc|P}lUQB<X%<
zy?XVk>ea!lfoU_kr6}!A%+ZW!MoLMsO@D*%<mZ0fw&%jmyiD~}!Y7Zeg@-dqm_Rd|
zb787}25in9QkF_=)c|m+hH7s`241wdTy{sA8PUCQ)ZwaPsKV^CiS4=Dgdgde7OX(L
zz@;wtLe;S9IBis5qxCv#2nHYU75hAPswpJ)m9WsPnKEUxDp9>6K+WfO(QQOPrwYSy
z3N_Xstbq8;UNKAe0Gi?ztEj(6x<C_W;`Z^X?6OC8lCB7%@$Ru&ksH;&GWy+8O)$|X
z>Q=iH%Bcbvcz;6;a+%dR>{vFIG&ULswrRr_?WD12tn6ob$({Vpfe%2;NZ9o=t9^EH
z!6D3y*3F=$moZ^AtK39^3fM{ZDp^rQcm)87BW8<XP$DMK+&mxm;q}Ep7`fRk>?}09
zC9epmj9(e_^#XkSVu2)e3{YP$P+O8`RCq<uQ8)y$p@k;{tsMtV03fTyWj-;_Dn^M@
z>sk~646K?(YudDOSPfaG`B?-0AR5b)6OSf$Wf@S-Q(|>wyhEY|(&Q-EULaAB9IW&h
zErMk%C%<EARs3lH8#G~;Y2sD-9sf5V1<+rl-w1lLbbzP=J`8|(V}TwV2zZX_G=(fD
zzaYh_elIcA^$_k&GA>Y+U#Zkr2k_3L1}I_1H`J!K*n^jCcz=RUDqff3cj;RITRd%m
z!w&&hGLn;92q={*Fza;I02?4HPzUfOr%$-v821<hyulU6bW?;pfsVvR=NL)gDbA{H
z(jiRmX{R>&!)}D3iG1{Sd+|sm7f`6C3K)mRSO9|`5kGujBqM`bfDnW_7m<z!U4m?;
ze$!DkfR|{RtU`;`VlNVR8Zw5?8lwmZ@Nhc8){%X%OR%wn9>6jcMR^0I7Q~D8-~#MW
zym08ED-GZ^@Ezigm<>grFQdddF_8-JP}TVu;U-287CWQ!Y$*k+L`PhS&=T~_&$iPT
z(`&-bjsecYr_x*2Dxbfc;sxQk<Z8F-L8NfVjLGt<^ga#gE4kz**H*akbayScmu^i1
zB2n2A0H6g+OI3}ZP>lTn*q@4vPdBuB=MzzS*vZ`}hm59_s1o;CVs~nEE_mv|D#7@%
zCindk{#W8^HK-v|O|9}}a(TkX8Id6)5+{x$RO%EA81_S9R0YQXXGX~hDmVedg}Gg(
z_wdX)tkR=+1v>_vk!y3tz*M+PF#w0)jbND&2?EuXZlpsx^<%vRHOkTkL=Og*P{Ms9
z6PuF&F-Blk5x<gq(21m=q_j>ddSO)t2x+9KLg{J<fg{WzMP6EpBQF{LsjwTNY*A-T
z3UxI+xg)|jT3L2D91_|J$fasPBZd@|$P*V6okx&k<S0tth>IdBoZ;69M+Gbg9)+f+
zH6j@3ZL|C9(3YudWRzq$I`AbwKCrp4<D*OnEc`$~TP3s=K`x71pb!RGmmUbJxX~(v
z+9nhQHI$&-0m6h4v4X&e(rrW~okkK{C^_J+PzhVB`8<^G)f*wU2FU+;CEQSk1>-cD
z;+m#<ph>|O*eUY5y>+f)y$Flj6GxCHkELbDn{n9ftqcbA`fL!amd-AaVke2?(jeMF
z88Hy?RDukMGH3q*lo;8K*o>@H01p}3G>(+H7IJ)$YK1jh6v8gSvU&}bj9paVq7|X>
z0}je3;Zf%fC|bFl+hobalnp!JBn6#qVIdikmZMxk2r9xw6UGeA2xvs?n2J<%RHC)1
zl!a^g`&>w`TE$!q4NDrnrqrB@BCM!lBwiG{x(Ee@7{KVBQ^%-iF{MeU@ulkN043gG
zGLwO4KoH}u(V@@fdTgIST%#*R6fS&e5m1~CpjrfYa*2=3OLQ0xxd4|I&Z7W2uW35h
z;43L1Sc6TKaj2uKn^Fx}1iXOc@_9Q4xQc}gkB<!z)Z+<J=TKtKJhv4z4-%xivu5;`
zN6A4~U~u$QkhBA$6eGB*ur1~w2m|KMf+0smC{oh?^q%0PFan->D+}NW%cwvY@FTg*
zG8Hp24F)wc6Lj&+2Zj(|Q>-;`5?s?|W+D7RuU9Y5hEC54!>stZ4hTBh4P2`v#8k>f
zFndJ7Y@&RkG6B{uwmI5`u+hOB33bPbsuKFOYQ|-x9;rlBH;W|1K9JaCMsUfO4TmgK
zaTrAcNtb7S9c`#ha-qX82@eG-8i%os#~S9NEmJf$M#Y7?S-~4Kb}Y}UlS;|0nZBNa
zykU-oz`l{AmPpm%EWvNZ$Asw~0NxG3&V*_sj9g75wuV^K62+@QuOQO}KndQYoA3&K
z9m5vc2?w#HP))r_lp)#%vIN9J8N@JTv^j3T<~|+313<{h??L$mDVi26DM3?06cSC{
z<LHHiMuuF6b^@A3T_=7nQgJtFln5wBxq$vaf^QIo|4>YAq~$m28Gt&5Qh2wQn7^x(
z)FVaxb?SwTpr0FAlNKoyjXhHC!K^7Dprn(f@k*3nz=uBJ6r+fcT6^pgog_p$VZ<FI
z_e2l5hYUSYTs|uPD@3DONvRs4{nauGr9@CRgUu#RcTTD$HcG6kjwaJ0bEF%Q`XFd_
zarZ&Bw0=F-Otjr#&MuKg3HJM{ytGRscw(i@>RlF9fss*m?!Z|6Ty&QB>eMaHQU+02
z15>@8u@8#6z$sw_5rimiQaVH9oXNnoYN%5|#Ca2jHoCmahATvB0ov`ivjF|AP1YKp
z27GF>|1=v?{JK8s@&8ZkmJ%Og|Cy4IlH6$jc{ZL#`_JFn{<F~l^b8t+HrjtS+J82N
z4LFI0{#Oh^83i)feVY8<!v@f3{CPHvKT+5=EJ>)5r_k1+iJ+!dDl|<3>fx(=GMSlX
zaPSoNW#kL0so<QaDl4WF5jthF9wVTso)W4%@UxHv0fRXRx1V5sv+O>B>itoDMTBZ-
z)}&9>V>SwwIYQJ%qwrmu7S%u0POhHdI2_Jpa|8Ms!xyHz@G5}ZP;jj%RekGvQB)Zl
zuYvsrYalaR1b$FWI9_v+vsvLf12!nufaCfi;@mB;D#8HBU31uVI@6xfYZ4djF0>hg
z{yDnN4nt-Y;dYzp(#%6)+A`XYXp-1Sk_Nd7siGq2C7}?BfgQi+<>qUV24sd3zm8#V
zY3K_N^ok(Pj?F{l)`+HDbBKnF=6&2ShG8Mu4Y)Bp9@RrfM71d5Vu(e5;B6V~g2W|^
zqTBVj1A1)S$YF#Xj8a4n32Me?cE1NdT!6$5hvO6wm|x+Aq9sE|fr~hKV81a8aR~eo
zY^;?(4%CQRlwn6bz$!q~FJq@>&7yv>9c~Fr@D3|RnxT>2k=atMELz@}O|&A~z3~S1
z;Lw@GKnv%j8|rXPu3~7?F7pV+Ol7O@Lp?GB-v>}o<Jw}==7pIAf_^Uz`EA~c{PLL-
z5P~5Qcd0-s+^-zfjBAL$)wzyD&3SU`n8_}vnSlpcNuhH6-K^puv@iIdSw9}mm)>zv
zimUStEMj~_8v%{-0HJ2gl0FfQUZ9iul$?YHb!XGz1X4eOBiTnYy+0Fk9jDD-lz4(#
z8M)P}8y$ONIdVL*b*b_rO(_bZd4fX@Z!+3&wlQOKdcOs0LRv){j=LWq5=QDoWxPCd
z6N3pP)PPc|rYT4_eDt0IzLB6cq`^q`?s$RV75p8y8#t9c8}Y)mZeZn;_0{k6ln`VF
zl=b;tJV+65lwQA(Yed0<NIIU=x~ZY&^c3GsE;PFF2w@_)1+cG56L2z_rZC`8l+sT!
za@w6byh6;{>p88+H6_2H426>p5EBSY{ss}|PtCzKhMX*Fk{Kp;3J^|f&LB9%t#RFe
z7zD+%NY}^Isvn7;7IKvyW|nER<xB6MP1<I+&-~gH4ZwUZ?N_*OkXB8%sgWq?pZyBX
zd?P|{;S&Gww{T(iKLFd<25Or>c*~QLoLtNO4|ziFf0E)7lPq#_1CJx(^C!RmiMams
zw+8Fu)Ym^bJ}JI&{m;fz$NDqoEvWq3KI)18la!dyEiC?fx5oHCXXS}$*hh+qkx%;~
z7c1lcdC231_+Jy_P0AyotGhxav<Ml&9N5ADbOT7m-(+r%RIAoiC|#pN%j;S#_(9ZK
z(Q+@N^||gw#nexPvkQ8Kx1i!L)l99Lv_1eM%<Z9inMOy&V7I2?CglPYSB)A3T9+6v
zLorjm5Hms)nY_V@BGr$L2)(FLnqdl2Q|D@cb#0?OJcU#=x@F=oX>lRFQRckBeVc0P
z2GiNNxtph{JGlx?{_*|wX?o?5K>$c)Zv0543YNSq;-HDODwMCPjrlfscrwn}RG(=%
zpamjSusl?{peYBv0k_BKo`XRiJZeBSw?iamXr+rwtprG*N~8-j8$@>viEfqjAdJAT
zrILuRswvc~Yzp;C_Z7>?Luwe4@yMr?j7JjNlm+P|Az5QW0<y}sh-L)QtTthZ#R)<4
zuq5kwSh~yc-BJ^~r^d(0BTH#wBf<<z4NY&T2QgdQG?_&MmZRvKC<(`!uaW@HszIDG
zXn6=im>nXy)Jc}qMvRRW5r>3dF0rc$6hkOhGpAAllxW>}nU!Pils0@HP3(SA0MxY_
zHY6{S)k-JiC$kw#oHj`nJ0KngFtGtiiH;sG3R05*C`;%nY{d#6>_n(;kH^+vtFjWr
zbJ}XPvVK`>@D~<CYfJIT>-N~q-?<-k*rd=;$6swLLHl9Yxqc{H_q@b#VH!i@hXY+I
zQ9PPTM{1*A)6&ShXg*@o%%C2fSwukbahRYbN6QE=D`26|Z=)UC<+!kU8>;A21_V&4
zZ<dZbepL?$u1OLNQX<=^2~8Aglt`c%pj|4ADw^P6KQtUNrm@0cxHNn>+QA}CEmBKq
z>|*ZN5>*%_73wiwWteD`zH4p0qH(_^#gOf5-n>vRBeS4aes+Hng_YDh#lsky7?_z~
zfYoKuHO<jSc2&b}V}MWrjs2jhfzXiF;*>XPLtrk|ZhtXSAMTQjttj+jsdskoJb6@5
z4XSzsjM0iGsB-5njhq_|I|+)B0`p;WKrbwm0moLPEGlB`c*ARrBC+w+DE$R|MYA)q
zR=~W#F+5f-EF@+vSV-v3-Cp2qupvGIT9`~b+GJ4x$cAb&HkzTN#BgJ51^uC$k2YOv
zd-#Mj#tBlX8X)5^SKtvF*zb19aIt~g{A4CU;l#mU?ml$3v{b|ihK(D@Usxg9SHM>p
zN@&Ao#yZ5Jx2G|bi`cKRZzw&ScuvA7BNl{ihLW!Yu)fN$LPmgw{!IXEwZeau$djZQ
zXfuIrxms-pj<teNRT%rIq3~un2HgNqh;zfrU&~{mEG4Lva&rpJ@XtmI>P=E2%SXXS
zRY`yuJ`^K38Q7s5ZPV}xVT=$KLkwRodNdf93(j)893Qq90&pOhrfY_+n0P2=gaVzN
zBYuNnLD))=-^Y)qV_+4K7LntXj=PZG=%on~LfwB@Xem{9YjN=^y6>*33L%!7TugJ*
zVn7X28B6n;c<FQUHL)}Z9cSbK=w%Mq!I?TVmM~nepMj2<DS)`NF<<bIFi9BKL*q6I
z9N0*<(b$9vNt(_bae;`7O$Ki+M)2)2a3gji8o^86ahhxp*rK|4sDD@`NSyQ_Fw{a9
zHtM<<BJ0u5B7P1DpbxchuSBtt(l9y#`;4vX;f&Z?ILOq+ObQL|-c%Bz{2M`E#2ZYr
zjLu3V4*=d&5N1ZJR7rl907}m!f>;$D0R?1nS<qXq*|CA3SIAu?u>+C#*c4rkFc9~r
zvgL0AX)}y%KwPRT^^a+3QB>rPiY6$8P2HXr6(#<F6+wa%jg>itIExDv@s^I|RpAPj
z&>J_bXx<8(depiV$W0U*6n8;1tqex66Yt2*OOxaELWnDAa-2l2<P0msN|GO4W!8wk
zaI79%I1v=ePAbra<IJKuCg3L#aX>&L0$`O=$qSS!B<~2%GhYUbH&s7iBm|ca-Sd@l
zHN>Wf1#22jLCBHB27G^+1DbRBDs1s_anW)Q`C9l_95~immy!XQ4x2ChsqAe6je0T0
z&`l(a!AK)oxcY;{S)v*cm%i+*0J$_a`jK0yPpVKXp%f-gYdg+``oVHFjL8WdnG-zJ
z>zg$;MM@CPBXqvx9$TNR^&~sCK^fT7JeB|}r@Eq|Ig7-4kEg<;HDoXXjwN-OUC1_F
zUu4iBQ2Ps7K3ZQ9rsLAXBI?fa{8re8xNqm=(oS2V+ElR$(Sq?P4-{4qQN$=;ScwkK
z%&U1yc!)b)r9g_2Zw@*lQH1h-2of5~F1#&4QmsrAfUU6MrKRcH#Hx1}asrt8HBe~5
zfQHnQYpEdyOCc3HRO5tc31d5k>N<GCr%TkR*pO+O#EeF?&RQBj-k^0M%1!F8&c|Sq
z4rSX|p$UUh<L!J&1<srfdz6WK6Jc6*I*oArf^8s-FHpRtL{`<?M|&|6Hh^teqsB=M
zkb$r`d1OBd;!*4)F8zF?vj`tHx^s(te21C_Ftpf*Og(N*UBMM1!WX*m(jSLstI$d@
zSCd_);Ku;2fzY?73FLZLz)4llzhVjM?jn5JJ|_m0wXvDeyAJ|P)Eh8>a&k+y7hefq
zIf*u5M`@yPlzCNDEm)!IZBl)kOf{O=0yOU{XVx)Pbxj*#t4IDw<x(aTi54%3U~41&
z7W;4$3Y{W}w^L5XOO%ANEgTDAeZ@+%;qx`6vm<)c@&Ijy91|Ek)5gC>!YdROb-Y4m
zBZ4KREL5p9Y*N@lFiS}CQQTPRXipE2u$W5(>qVF<;6bcb!3mj;-pJdB8tB{f-mE5s
z;Kz{F8WY3WOtviIh%z04EX)=M1dFQ0*(GH3sj4n)_5tV<4evP36T=YQq85RCH15Di
z%?u)kY*;&t4T#)MLvJ&@@S*BSD$B>}HnMKN9!$vKnbFWA5HLBJ+fbPY9yA~gKhj{w
z#5ss2g=;H@(w~U>tSS5$f*!QYnFg<yUCss>N3VMroK*lvxIV7sykZ-UmNeogZa3p~
z3?-Fk3VLWQsoOB0!Gord_Cz$?p}Q3U2Vd#74`}584j7sTl~J@-F^_x;6k7>;0(5^P
z)q~OwcuD?-#s&GnvxRjz6v_}CDu%R+L@ZeMj9mQs{z*fpG5}i4rgL~+5K!$5WM^#Y
ziGLgEg2WoZh^~l>gsH@X80jSWL*pJ@0qsnTLm`78w%{a^EETqhlOEs$jTmFpdE%G~
z1MC`v1(Y$}9U#XJLIArgV5)@hOG+v!;CHv&mFOP~Vh!-<h3aTnJ2z^etyGXE+&R%o
zu;mUFX~>yu=$sS#G@WFUBBV_?utm@+F6r=ii?uNUI27b_u&f}oT+yxfPK6ACmxeE5
zA`)yv)4nsnHd>PETo@|7npcKnOYJKopVrcJZIFclqRSy5&VLRz!?zHy>0itMW0b-$
z=jd<_gvQF0g((j|2Z-=t05+M9-3UPThAAjakvI98>)H&%;mv_0G!JKDw`PPyfkZnb
zVt<uGOp^$<P&SkWJkvrwEi2C432d^R5(-5M$nXUr3N`YvHmwqYqLr0mA_+AqppqyR
z1tcr+)zZpkPEbKgaQWa14Pj1RYvrkINAQn$cBE27Q%4KS1cUg{us|}eol2HNBWrky
z%ZIn?c!_!DmeFJ}Ct1xo1c11iR+&TWx3;SM<2+&Zzx|YQ74u*>U>|kc|Hj27CMSj3
z|EI*IG}`~3jpu4=$;Vfny0uU{zW9XLxFodWOX!}Oa4oQfS~2Ejz!<L7mQTtVkY1RP
zou4Mh1~q>yA+WIkCBKUCDPofy@sh+soTN(DigFi7xiL`D#_B~=l#{H*m2w2L^9Th!
zUO7e!dtXNtd?`uA9#!$CHYP5P@YK5h9aU~`1NBkg{!d5<jsKRMl#<lA|Ifw~vj1__
z2@N0_##3VB5@X|&(X%ZfB{ivAh-aID02HSVgPjIDei+$sMM1a6C9`d3paFnl)wtD%
z5nLM<Y2W_V0Qr+WVf&wFA#6YfpdSCP`1r)o^FKL0Ik9p7pN;404zWdUFPz%2O-tmV
za!iR%3w(ZesXY8Tu92u19rB6)C6%}(iR5gHa{8;84?IohfB}m2G?F<%#o=&7k*<J|
zFD{c|?~C@~_d*y;+6eJ!g#NY=n1{3x@DBzblsmGwBP6B)39p+Re-gEE;P{8%=L>{?
z$66y8Tsrb%at9C)qYPl76UUrMZjw4el#CJ|dts;tgbRmQ6dM|0meNFx5atOL@Gd#V
zO`#owUJc{wWx4bc9Yqi0qV%=mW6Jea5m%+o6$(iLL)NHs6bGn2E4)D~@deR}fF*h2
z8A$P~jhHh910su6|8!?obQFQ?Z;jiHPyJ6A{STm=->@Fwr{Vvdgz{gb|L>W9YFYnc
zAJa89fctNK{C`4XQYio5EhV9m|352FL+kAt!vB{xfZ<cn7zp*IMqfMXZpF(Eq6X<0
zawyc#QFbYEub{U~X>jGF@G_(xU%~|}iu;fny$|d2{Q7;leMJB}gE%yvo8B*z`!aBc
zFvDy^9me8_tC+6J4HQ?Bi%qROkj7RNUg4W6W~Y{BFg%1el65?}$SCA_5bH8^s}i<u
zyo#eP8@$nqhnV1*Zj(ebB2mwV<z(i@B3t#gxuIxS!zRN~+CH-{HG3GF><>dLvBbC`
ziE507hNKvM10yrsd2)MRVV-GlmBd-6xg18LY-2ft$tn~i@3_^l=#80ALMuG4lIb(e
zDr^J_tP2}5FNpo5@z)&Y%%aLv$mmVO2NN<*a)U+}N4JS&Yeeo&erp2zJAZ09|MA}j
zIs5UcPyd&akPv$Q!@I`w|7<*HT}p2Dj5+mq9`;NW0;#bAbNkO{*`W|WWRxdGhD%P?
zm}3YFABnLMRgaf>hm^6P%Sh*l!4Y~&(3F<6MG_s3*pc%nyx2U={VnlhSDd;bx9op}
zOyoRXL8N?pQREw*1W|T8;^X3g%AZuqa8stOQ(J$-{>PZ&02Z2ssUao6(}@2Rm(Z<I
z{yQ5_t?Q3@fEuWe(^&uHl*GpMKO0Y->mO_wMbN3Qe>eE8asAK6Q{Vct&>GsWNds07
z|CgK+7sCG~#HA!Q@_%RL`Hk~`Sy}S0oS@PhaIb*i-XATISHorU5|JWKC#9DOhAgX>
zX-|vnUZe+}%;r?me1$C2X{7tY>N2e_=eUdf82Ot=x5xXW{(fJnU#X}d>B|*wX;3Lu
zPb<@xwT@I@A=AK=UsjUO2f$fx#xJXtm#wulN%Dp1y&@(0s;gdY3BKy8Q&(cIy6V-Q
zh^wwzwI|@JvsPV+x3FF;gFbt4Qu(%OU5HankX26u<g!!Y4d{QJWCMn<{e~1s^-Z2_
ztxR_OMo44Dh~r77vN9j;kyBcc7DLloom4mBsja$oJBiFzC)Kt&yA`$@F}W2bWyaA*
zM5cODTv<;)$CWvwv`CSRZR@K@GhdY@_Q-Ji0sOG-SPBpyfCyfTOcf<Q9?YJ##L8jp
zPm-5Ic8M0K$82%XuenF7o@x>pl;-770yJVI%bG~Spb@PNV71$YZ93}8?#vY~o)T2I
z=sr@=D%x^ltdlaTAHmjH!!ne1z-RiE>sOc(g_Oa-4GtOzMgQAjQmN2~DR^kKmNJK<
zb8KgagIO`?4|Bzi8WzB2N+LxG!x2L(I5GoBY$0V~_QbWA#BsrL(bO9N?;E1RqDEl>
zM+GLh$3kK?B20s{&0!YOCo{J&KL|}kBfB264qZewHYfu~Bf!B>F+4O`J#oT>5{u}n
z#F$~V3<=!-?1=zOA`vl`<bh8UF%3X`QfgdEYI5=!N&^s@2jEv;aMUON>4*5~_ffa}
z7ayM(9~UbBCB!${|DBbmQT}U`{~G1L5c!YIi;8^g4=!%Vje_5wL+~R$3?!v-PxjmI
zTVmubnb?ykgX|HO4!BWxG`02n5gv6af{p8xgy&5*(Jz|%HqwCskf6r|l*fiZFeC(5
za;YFE`YLJqV;a4$f&~krksM15@$pG+Wm=SoUK9&J3}ta4S^7l4a<5DA6C;0&utKFQ
zXhBGrA;b3ZEFYEJAgxLv5d|>Zfu@l>i$S0yeh+ae(8XP78a8s!uj&${F4Wc58vv=q
zuVVa)l0cQh>WW;h7`9ZZWtlztGGk;@oL;gcp7&#1HcrH`C@186$$HU1x+0&S8zZSF
zKs$1F04A=<`kIhb!M;El>ne^Waj3mp{T#rK^|K%{wrIYfzZhhF1uYL{UYDnG1i~(z
z4ox7x5=4`GV_8BPDlrJYoLxe^KxoEo3@Q_${UWzl@w-*x3nuy^&Glqo2>1aQjs!Vh
zrEUlbk|Ga+vj+1rkOry+bZNML!>rkKi5~-Ci@xYs3_Fy`U@3IX;1$Ou4nZ856u5eF
zPEm^TREErf1KF6!atn4s9(qG;-=H@Z1;^p$yn#{}DMccrxRgq^4Xb?qa<r$Z4M_~y
z-3=MvBW5Hv49+mL_~h7rivLu`h6p4wH7owoAf+e1aE8`+(COPYiX~VyYiLA%#YjgN
z?Ud80x;ye$0QoTXL0;6^d=Z>KBvq~m)TY-q);(!ZpA<_UvaL`ok1{M$JRPf8sKhu}
zsA^oO<WpEEp~%x`6z~O$%S68QGd-y|)1=};CY2B$+gI^Mm=xyxt^<SP<enhZ8PPZ{
zHrF>A8%hdqh^MtQZgs)q;)n#F8<~z$nytA@X$E6C-&dsiVRL4y{-CCK+!b1JS+!ll
z#6F!=1+z9?XU^~A^i_0H=m$;i6Lf2e=JP0c#E<~bG-YWRv8+W9G~0pW@a+<Hg)8%6
zxMmF9Tg+|9BOM}wQ72P3FzbBwKqci0pI<eZvQvjJ$*||#o`5eEi^SyS#T4{U?-%3D
zO3%Hi;Km4pE;h*o4yl)~f@VF%v!Y7%0B53h5a;<|I7E<)D;|x6gDU13liA$)0m>4)
z!rAWExYeN<JawONI0pmI7$27u)dSxl6M~v`GFCRKKf5Yam-L7pG%<-OLQ`TBlH|Df
z)c9*tlM-Z1EUW#lwV;3Ar#}6!krzJQKI+l`#w8~th3bEk6C3@%&dSrM|83O&HtK&H
z?SC58z>V76KZ!P%(=x8tGg(&sIvsAj-YOCm6kDXa^#E@`kiU?rm@AlRr-*Nq(EcgK
zic76<7fUG3pevN>CpnZVgZ@e%DlV0PtQ3LF7{s)}vKKYE8qMH?>P`6H>y!MxYB(F*
zDoGX7CwD-M2Q$T@2NfKpB|tm<Dm|S^axJscOd16^>@LB|O1M@KPb84Gyi}ja4_qx)
zPmRe?HV+EP1*8-~F+OvLlntUD<1eYqhpK1*GSLOQ17#8WEcFJdPJva7Ev@9Vp-=xD
zDoBQb9AlWU#E;DN+T|l5kD2${>5JJ?xvEx%h}RMtaCwNJ?*cZ%?V+<P0`auUAxlD{
z#bR2e+wbPmK8FSlnIs(Iic^9zG`~y8<PcpjPZq-pL<)up1cd0qTn4yHWAb1G-=Idv
zNAemo123Yi<9)iRzSc#v$(VYx(}1Y(S<;|sk4rAaOe#T`JUI<e590O~dx9jZ7fwj2
z1o&0@-Iz0500@@@CJLBPq0%rxJa`N{(h*q^q<~OCkp|RZf}0r%>|z7wAapXgv?7tH
zNk=1@bu{v+>S!ncLz0v-EOV)T%v46T>1;V&Vz&#;iyzs?${xB~e<y^_bq3FVXPDYT
z2S9(-U*XpHJpw`yCRa*QRk`dGSpcDsUoBPbWZ@A*RKMo)O1>iGOmTe_vLY1qpc&K6
zh@xq}VmG<>F)e~bP7ch83{<3m)rg8Fow!tzkCUuB|HP3{GSC^j0Y^BF!dkc)AW4Qj
zgo(y5-cH78#~=&t5?C%Egg7m-k+m|re%S;sHL|-A=yse(ECw-9Js5Dm66l!3wizFt
zo$h}h!Up<hAkt{~Dp)_$Ox&2&%<qLRsTLkKh~^_bjx_ka>UNuOFt})n;8YXl($sjN
zn}Jaxj18eLF8c(6CrqJ8l_=bxd!$@qR=8VW6nFtg@~q>18o9X(nXO?1Wo60*dA*&3
z((^Or>;k!ee%`?BjLZx<D!l;yj<U;xvYlCZ1DrCH$WPC84wmzJ%jvm;<(sl|Gwf34
zE&cN|3ku}Cd^x*c|D5d147;42+bd^4Ms{u=xhK@i&2!2*+5NJe(5N#{#tvCi*_lwU
zx705)zgHIgncg!yC)+vLF89uM=3<+@q0w}?e|o+%yVro6^n4IW^ZVx&WJ32DQf^*u
zc5d%{=q0mXX0Fo#y+T)V=0NyEF33vH$st{(4}j6<lkw?sG_vw?GBWcEq@I~Dvh<!g
znY1gIRIi-$?0$ARBfVdGpG;CK4_e75#n|WuWo43A&|iA4l-`TP*8rIG%FA`;!=HAT
zWxi8X9h6;=33Mety8r>wJ3kMaM{q(7gjucx^>Q<5D+p@Yv?5Rh{~l0~sgETiGd%~|
zD!>uI3yBwQ)I?HEq)|^rbdlGdo=s*Q%E<poU1Yubzfc9jY4lOI{x2aeIUyxP{}<n_
zG5*upd8YQy?Q@>g4srIp?5vD@_&E{(Z_yO~%^7xNuEip6%g#u5j@hw)UiB>nAFcZS
zqm5U{9Tn-$Rvo5w`D^bbHo3dpV$qadn>I_qMUM^~|I!-mQSG*GE5?pJeoMvjtpl&G
zSU&PE9}ZmbMT^#Q(=M_+<2|`xVw(rsOn&e9@#3)sQudLJZ@vHBp&y&)eLQym@*jtM
z*Y5Mf&sC+zwYu|$*{PKU|84Tio}Z&9Mt_~xBqx4?G~#bZ3oHfiwa>A9^xW|E>(<TQ
z`+QvINsCWd?)*!OW>5Yypv%m8^XB<ie!6+{^xjXppIZ~xD*b)u1bgcH?aQv}KXmAv
zIdi(Uom!T(V@1U$Wl2M-s(xH>)2wrwH_z_)ptH+)@SJ~spM(GXdc&NYPBU^B0`<DC
zd-wO|UVFj)@8kugm*V=BTUxEzuwlbpcilC7`0$Qx-Fvny_~GjfYj#z(I=5HHwrkg}
zy?L>7L4Ng~E!SLf$*kq&AGMwOfA7Bg?x910i|<L+zRt1SSYBS<uiw237j~YVv$3XT
z(UK+SS*_7syWT0+eDu+*4JCOqj>X@5%yQ}E%P+tDuAUt%kI$dqAvt;L#*N<3Rt0zN
z+?nG2w2gFEj~+d=Z#E9FUFdK)nl+uja%J_15pt(alQW{y+a#54yu#=E?&+tySSIFl
zx}Zg~)vH%qt=1P`d{I%9ty{P5*|R69UB!qIUo3p=_S+8pYpt{Mj~9Kg=-is!2S5Dq
z!zDvsPMH1PH=7>Qy3bv-$kyVouf6u#L-xUMkASThNFBZ)|Gd_%x9mCe=%ZI%(Yk8i
zwwQjcn%*(7=X{H0)vK>=9T|jHpUG(3;zH?~`1s9RwzQqR%lGDgSFBul*<xF#C-N5`
zKi+3j&*;|8Jryzk4oIy_Z&~|D$0n`LKY!NDnafwK_*dmCk3TL?m@uK^JI_4x%=mHR
z>@hJ-ENz;(A35jTJ8vE`WJrE~&xId!XtDH#7hYJg;-6n0*tTt(W#S!oG)bNJ+`wnn
zxt1<mxNyjl-nS*ds<mv{(qg&)on<RltXR6VXVI4j#$0vPRW(B`mXXWb{bk|iY13@a
z-8z2M?!LkF^s$AXzwq^{ds@a^Klk<OAD;bpnXhS+f_({>HC^<~GwW+=9?xHVMe9Dc
z3vYd6T=n6-TU%b@a4vQpJ$m$_i!K`avUly52cA6V1=qT^^ZP$MW5(4p`zn`CRz8N+
zdgs0?on2;Tb^P1fqCtZO4IMgk<*=*Tw7Ick+vy8OjvTqj*~RiWG{1fOWmC_ayz9B=
z9Q`UD=(`|ldd<3Z>t1<jk#lci>AO9Sc6|Ann-WfVOBZ%bULKXa{OylEI#M%z=BQC`
zEK1ujspaEKmh3;cd;P9myE=5}(EW<mmi|MA?A^OpvcQm^fAhq#Js&JwwrtsxPdriC
z{fcJkeHXN~j8K#p-5+%7c<!Z>$BrGF_gIhN1qEw%`}YKnz4eyG^49wG_hfb4xl-$#
zn%eIEcV2$!rC}@m>YB;tW!=}jSu^?m^{%BSPTXEvTKZMtRrfbv^TMd6U;J?Q3eU>h
ze)J}etXY-1ddKovJI5vd`>S=AcA43IX49HYo4%>+K7aoFN0!F<c3!_>I1q$MlP2AB
zNo;Cr>bd8f<9>V5*1etc9_@bZwH?-6)U|8Z7JqGXbn~7=2M-<ul&z_$fx?BiAKkt7
zo=Yy2G6C0bdEu?kKQDC5YT2x5zx!a3@83A;s{7v=5%<8~irNex{^0KQn?BlhM49l_
zf3_doHt^<>uM3wvn^n-sGBx90UwrZSy1|!DzNT&V*s-tnU2yQwp_i5}J$T^2;1`S5
zZkUs@fB*jJ_H!*awt*esyycdf-Ts+<RaIRuZ{BCm4qj%lte+Jd+oelXn-&&J>$|lt
z-nwJkwt;u`-1XI0uF}%x7I}JB^YgFz&^5~Ei@kI8jmOUY{`fX`t1GX(vSZtIt5+*O
zFPYz=+T(dTedYZR%=lnca34^GZu|Dm?L02(p?UL$JDo3$+}fqf%pIFIZ~pYt_rCdI
z`mB80-&1yuS+jQSIg@uCI&=uoeERh1Km9buH7+43De&FS*J1m$yZ7t;`>(w4!bz@G
z^WTcI&+MCgu>1I9FFp2HVOCbnPY=wVJsT#_q)8LNj&9w$J?Y#3+1MYxT37UB;;#Rj
z`tR|_Z=KVw$+T(H{_&501cJdPmS>kNNlQz+_KN%Nx#u2dm)CDQ{PcnayXW}cu%<uI
zbAI=#Z-<qZe)CknIqxOh_~ALN){I;}WZ$!wPTsX+$Bwyk=f3eq567%mZ#z8lA5Z*!
zR+YB$^Tk{LS$g5T+~=PE{JSqkTzg{Mq?B}Lm*6)W=Rp^)gxTv{_dRzUw$W=<-(B^@
zOC8!yos;70ar@6dWlT7~S^BC#+cwRP9zTBk*s*~F2Oc?cWMq%S-|re%;BRk{FJAxP
zjC*c4(S6*{ORTf4>vtcVJbCi5W4F!DIoI;muFBlpT$pI_kXv88W!j<VYTm5LYJb@|
z{a{}>;^HcIzdN($&8X=~S3kM!P}ziIi-(mL7oTYN{>L9b{OF_iP5V6h!gr4y-uL=z
zuK}Ko8g<~c>K`7M-KEtU*y6B9wmLP-#9QnGVK-0Qvu4fRORm1U#CAbU%oD3p?|AI7
z&mP`aa<L_0lLSXc>(&pg-(B_Xrz-<{@{5Y1=H+hMv?(?=w(ylopyN+J{q&M06-N*5
zex$?V{<fUl+!ZgsT)J%gjOoum9NqQH*<GLBlK<%Jb71Q}GG`8qBx%7bPdxGV&Yf3X
zcKH1B&;Q}*IG@kgym|AccRcX-zXt%8|M`!n=^Zfb(ckUdQ1oKb&GDB`iy6A&l~-OV
zdusUylUA%~qGfK~JpY<5Gn&1>Wy^yPJ+z`|?cc7s=^=U015MgDO9$kf6<gR^lKwVj
z$}7Qr7vHmX$O|J@!;$Fha#6yUS6*;Yvvi=Bi+q!mSDv|P%a*8-6&D>i+H3syHCJEV
zcd^rIdA$Gk7fPEqZiE58z2?r<C5gj_l|8j@u9~pyaJGNtLyL0STJBym_1=45ANA$r
z{Kc(Ww!Bj=`{%UF;CQ^h{SCMO^t}=Y9GZKrCbxJntK%al-kCCB`W;OM-@0@CU;nzI
zb6#qfF1H;!-Y2d{jVr%t(_8MjctZ>8sFp3Yg&*9zXSh8kyZ7}AE^65_X67eZO`L-U
zY2B}o?s|K--`cEa@7|M#ISOAay6dsW+Rs?`-n;L@AwLIBTFZ?K@(&yxmy(jwt8nvY
zX=C;e*|7DQSV`J(Z`a8^=O@K}r$X0P_mOH`<0@a+ckJ*9t2J@nJom>}ANYR6rL!`3
zJW+Jtn`P51u7vHMy;^m7yLQ`_3~g>{(W+I)wo?Z^e=BetH{X2o<=s5EPrP17t2ND<
zcDUh&_LFyQKGy!fwwZfBdHM3&f7-Qu|0nnMU9e-=)LHACD_1Uo|C*n_bMW$a%Rh2>
zJ<pzh@x2G$zRU6TvB~GOocm5;lE0IEdY0TGf3dUeR2M+bGI7<aRX_}{0e-ntr>EY0
z^A{LIOiT<Cqzf*&q|d?+ZvOJ`eP@2NX;%B|j=b{5trOdQ9O!<<*Q@Vb{mILlwm!e)
zipy^9eqH;Erv9VT8;-d5Uwqc{@<SUp$xWtYJTdmiZ`c0wpHWX91{!wZ#TP#ZhuV?<
zY`08&>Zzx0n&p74`26r!FTQ(Chh=dIv#0I2;A!XHAHI2P!m&MTwhi3eOnuogZ1|F2
z4nMyDyD7N*$hWTt54xsLjXn1DoULPjbX+mvGfR`V;^sd1VAQPjFZ({fZ&8eL=|<q6
z;Ha50<;Ka6#umPjbJI;f96FSfmG#!5>$=*?K6&$((eB0DCx6nr&80P|w_l%Xe{XpC
zV0ZZi$B$3A?)qorQg0tLXy1+<<A+?Q{QOS)3De>q+OlO!>83|3wlB?G_Tk;ruB`BQ
zmM&d-?D+B5Uw<8b|JXBHQRd%$ck`v=7B!!mab)M%!QZ{6-L!A-7T1;!5)XZlx9QbY
z9Tnx<3*Y_N-)mvPl#HKWAN%ipajSmXv+$>hmWQ?ty`_9&R>#!fUN{&YE~)u^`}V2t
zd<pw!^)E4Fx9`~D-TB(~EnD*E_kVoj!bf}TAM@qC<>#IE-x)L4Jv?IB?C9tNH$61%
z%4Lh4dnZkL?A`+D^<Pf>EB1{k9|kX(k<fbbu6-Xp|H&txz_z}65Kx}mZaX%kbKV0J
zKKu03(f|1vgdzXe?_D-K=cyZhR4zSn<dY{}cwyNGF+Vo3#KgQkWr|if{_vQbmH+qU
zD7V}C%)si)+U@%GvrjkOP&mJ{rPKej_vL|5ZtvrhmK*76Pb$4p7}=M~S`td4t4&#^
zVFnXsFa{}UL)u+Q+DjX)DlOc&h;BDao3y*7v@1yq$@iS|F7wV9(dYL0{64?$_s$>8
zyze>BIp;agdA4(&=XBZ#7W}DGKz7-m^ltbozjOKwl|i4k&I9N;EvQl*Fu-2z`POrP
zJjw9PIr`>q#1y^RQ@x8-fF8H_<Nd=IF0c~iPj~Cl!y8D@pH)3pTz$L3Nn?n`=@&QB
z-7LLW8fiTkhOW~ORhXHX^-1W$xbon^*T<KVZryS#H6JFI>^SuNQ47_Ci30|24X<%}
zzOlwY!_{?%g9A(1xN$_{+l%Y$tfEd?fk`btId(|DVQ*MoxljMfpLe4-w%?i&_YesG
z!-sXcFPn8_Zt~8ZZyrBBwYWKIxry$Chm)L~UQ}NkIz9DR+Pm)S<L4<KoH5^OkU>mt
z{p-8#uV3jDd&IK=&wTo#VvEE2JM#mYRuuH^zHG=49lx?uN=hGZoedeVwe<JRX5AER
zf9lrlC@b&5l`9OJD?6+f+P^gVrT6N6hi2`wjJ{)bX^@qQrRv<%YlaSclNXseYHR7<
ztCO_*->V$sG3U0hWpVwJ%N29|hS%4a-9MjGT3kGDl)@V2(Y*(I_TRH-PcP5GFQ&Vu
z8<{sw;PYR0+1IJZ)-mOckCVEySQeh0Haa#WkE&?-bg{Y4+wHeo4Yl`!<~r2v_gSMo
zVS4{X(a}CWJ`V0r);sK5Rux%&r)YI@-?|33c}C2qWk=jk7AsBpE8phx*XA?jJ9GyN
zqno2zcE&t7m}gOe^;5Wf`Lb!;yT*L;-qrP=jZzg2Yq6wDK>P!dICA93Cr_T#KP|6J
z<5-71yPD9~MN>QCYH;YDCyz(O#%22`x~M&@JX}{)9b#s7B<)yU<kbVS3NLSB&ppyt
zAr@E*Wo2bRjXt>aYF9>KaCrC!pug;}j=ppArZ1bF&oK%ayDcrP8gO$rodHGzuRDf^
zSC?&1ou1Wog}u5}<c5O*3K>1RFDodxH?q&?&2<H74*E|^h1agHTpOjow)`njj)mtu
zZa6OSIxyGWef6qUql4~j+_>?^_3KGnwluzpX~{W!*hwwXa^VNXOyNyOm-2b8*N$nZ
zgl#TJ=zCRIGghSz>teGrCihWR<>CV?<JiZ29J<*bxpabixv{Y^<ItgBZ1?oowRi6b
zpaj&Eq^_*{7}s;~y?ghJjEvT)THU#I>)@0E1I0JDh08Av-nMdE(S%7W-MzgxTwUKc
z;Zu^PPjSh)PhTExw=mA^$8>kUyJQJqiyAjJJX5$_Tg#u=dH8_UfRw&8Hv|5oJ76{7
z3IlcAcD+nLG&^8%bA@7!iG4k*CF{n8u57(Zv(Yy-jZgC57Xfi_?V9!({`TdKkxovE
z1ELM0dd@RSwX?GeJ@;FB`lZs+p3enfr2?Hy^xR@(pW912N0e;Y8TasEzFY1+#Ts3}
zYKO+uo&R{^_~G(i2@`cjGCUcFW*-X=57+3E5FH)OF&e}GGX-p2)gBpz@%0uK2V4t>
z^nVf?^2foQ$)n6hT)WlDOYr7O%U8jUbJqQvM}fwmNVD0ne0d?z&Q&cVH|*G<H()hj
zpjmNG>qf9*nlE@%`3;#no3-}$f@Na^HZ^~Gsp&ExD=VS&okFzSvuDrz0|KU}d!_4k
z?%X+X`wmN00WgZQ=l`Cl-qqH&SYI`@YeYox3j2}C+Db#CRy?T#iX9Lx&r@H&csX*%
zxEL=F52xMJEG;d86%$`5ucWko<;pAdE5{prDO4&iNsdgrnpei}m2J}NX<2g2myofm
zxv?Kc-T><7hY#VNab}HOjz=}TxN_x6O-)U4aq+!-9-KGlQc`9I2fy9i+(RX|srL59
zfid%D2~Qgyl1n?b({j$2aV>p!w}b$*?5CgNv$M@T<*rnAvFXJL3IZziDRyDp#|H}q
z*Y{6#P49Pm(vklAT%#M`-xwIf7{4%Qfr>w4$&S-sFAlprEhQQ24y=guLx-+cD6ofW
z{}p^T)!5J8-u{}uiD%I`%>(=P*>R3;+*)wbuO>5d!=;TgXP(cl4G;gB<Co@=1r~gf
zx8aFRrmEZJ4jw#sC9vk&?;Ilw3(<@B`d){Prkt1x^gR2M2giqo&J~&3bm#G&&Gi~M
zFh$Aw)A-75lNS!dQZB!_pA#QA$swCHdh1k;q$!S$Vf|xbCvZ1yAK|+@*K3;FE!95W
z$8BCHmu(+aIqa{R(#FKzv0tr+#TP!Gqgi=QbxGiQ{(STS^QWEMMb2iQE8rKr*Dmkg
zdFgpZg?qoduDmDhJpaKx?^UDsoZd97SFl2bwdtsrYyX(E?yBIbnZhz`Ws!HL+hJg(
z0hJs~EHF-h##-9#SxD7Y{~8^WwSeGbnzKe*Kd3r;v0{E?RqkE4!^=;eP?_4BvEO;~
zM75ByL;57_^_!5G^6}aYOXD#);oQ+<2J@oAo?TI2vp;yf>Tb;;aS!9-x+P9B`8wd{
zFTE5C*Q;7Rsynq_Z?Ef<8!8d=?J(tpRoU~NZRi*G@J*in=Ql0IFH&ni*YC);F`IuJ
z*g1d~)Kz9Gj6X6<-7D(UgCoZVZuZVG4>2(Tm|nDh*RGyEk+BmR%3~f>oqXEugUv>d
zqZ#QBUn+IB*>L{6)y`uhm2dV`v9-0;PIjzx%Q$i3rzs=C%*~k0?w>tfug#oxg+Gn2
z;^1&`eB`HdXR5s3K8$D2{g|N+^q!>ajbEGQaJl#6a`%90qG9oC*RH*3_DUeP;qns$
zMfKXe;&@xj3(xv6>_@p+SX@4qx6Xd?FzapO%;XphpgQ)|+_A&jGkfv*aoz(T|1~e6
z(8fS<RKFK@?&LOo+<N_*_7unLHLLS7ds}@5*3#Sq)AHnjouO@PoHSuKHcB_lJo-J0
zW5}4Jr0f!K$hrB#dv>H-$ioRmu|4`T7y$t%lKabtjNLzNb9Qfq%U^aDK3tRec;ct2
zjN01TkdTl+veVpj_(4H-r;i56-MW37w?=r;AT}Vc*w6qQth^z0)M!<u=mx;9roR00
zd`zcXckZmq^jXS|<Zvdc_putaEv<Qf^G|BMly@$Q-fr+nx4fW0t|C8WqW9@*?;S2|
z{F9?9U>e;vG5xS}h|}a;>rPni+T+UWop(1RCyej4>*^#YjaYm2K}W_E{JJP{(u&AA
zs=}fB<O>d#sP)k-?5rPOc<%)FXU4opx4I`OvDwSIb~*m2x|zXP^!07}^gGRKZr^nu
zq0z1A!ly3XPWYP`{rppU#oNDj9X@g5V@+w?uo#^u^*#M>W{!yAaQ2=)J=)wnszg+O
z_R#P|jl!0LDJictcTQw5K7AQ(CD&b%GdzF({7-Yc9``H%qV6#3nt$G4*XrP2%WZo0
z6e;x-wKP?wyt<RTph0`q$6}6A)Vtny<LYLW)G*JTKHWDfCjZrtvB$N{%<Pkz=9}vD
zQml{s^&vZUe<s%`oyQwIKzGYhLuZ}4V;+Z^b+M^-__bw@TyW?K^DzIe*N(0#y4Ktz
z$aG`fx;-=`+<HE@Vb1vR?><(gU_H$fR<t}z+qXGMuvEpD!&xyNTf<7V={?@j@z0Zf
z&tAUb^Pe5X_ID1r`Du95@rwClt-oFyQ`L{>Yha+5ap-eSMAg`kN69m9|2mSd+&s=_
za&AgW<x$U^;&RR}UVy1IHC{QNJYRIdsAsBGQ*!Fv>Wi;^PS5k7G&z0zVz)Vo2WL1%
z58hfjzNf85Qdaf~y9J$+F5SppW6&)o=6z6)>r3O6SgR%)F~)~vI$xJ7-P@-rv?kIe
z_?As?#`63tu$*ngZm0gUkKXV&=bAQ7G2Umn?un|+#uq<5PBXCqQmnABaK7oP+~8ux
z08Pz)>gRbsFI`gqo>P0<xTPdDtDBX-k8Q*IiM*w3WmOdwqhi6cSGP|B0eobNd`74E
z<;#|P9`oF)_jK8=3D{p}Jv8+yZ<m*sUA`Pw>YJTC*WGR2iD$zK_t+UvoBFWGyRNSK
zVpY`3BXx64`*qsodp>Su_YcD+FlNo#t7PqVV&RzCDV|5BjV<7)7-STm5S_@$8N3X;
zaIQ(YWb|^=f}}qlS3l;6-grGKNzF6<{O0x0K>ud~|7XY2pX+MBc=dAd(Tu2zzsUo`
z-7nK^Zo_BazDv%WDLp*rLq)}+>uE;4t(Jf6G4Q7PIi<q4Nt#0sI49rBsWkC5y>$2P
z66afY@A|G8n|1Bx&6*c4GP0s=1#Dm;*x42R(LMW2+1kN=smAJSi?05%@UBrzu5jXo
zLp6_XWnLUUeBA!MmSaM61%+{Q4n7E&r)*!+nDxMJ;F7sV%1TNuoTv`HyvZz1^^r;M
z;B$9U)=#iyom<hjdtA%s@}}&tKW-&4Z023w#8AxN)$p>i>C-3wn4vG~f!SM8k(Jr|
z{<{r@Z2O6kn@9F-u-(^3lw}NfppomsIX;<QxA&Tu$~W9<@Y#7?$LrOqea%;u_S>x6
zxs&DTIW)sBru(u73;c#}>b}-CeNl42tXU&GGyYT>r+D)8O@8+7Ox9Mz!nv~zBZ7}x
zhE3WTpLzAw{hTXdRW~-9vtwdf4j(>TQ{(H|Fv-?q+p#lef^0iyKb@&p$*Zz<x|Y50
z%pfzX1DTmDq5X?WmV>T)_~H`pS39igtD?uaRhng}IJ_?_JLQ>E6aDeN+sNu=UCYwb
z<-NS}L<JM~IBSlmt$n|ui}8@GWfh)NMWU>noSb6zKGm`vx_5J}Y+vgBd~ttfNZ#(9
zXM^0M9RCzPj<CsJSG3wQv8uGRK#;p&?u;AEltW*>ygD7!!y~hxFXL^Y(muiYqOOb^
zH{SY{nx`kkI~7+}zHu-~(M~qkJ@W2F#lY9Ey^RLFdFpq@cP-0fo02NfGxvryj`BOn
zTJ%fst6M&qZsuPV<EJ0+{_twflE%6@bLQN<c~iwNzPJa&LLpWg!_FObo-)$FlOcR+
zZoTMJ&E_JVo(76BEzKu^qPKOc(wcz`#=HvcV<jbdYpNC=*}Z4a!s=pHZI#P5!|E}E
zfB#rjZXNYLqDOGx==!475z_`1>~(#9HO(O{Ev?~f+2|HmwZxSzU+R<V>QYWcZ;;E`
zez==;%%pmtgD?F2uHLWg@X)H6KP&!W-Kh2SQ=O*HrvC3X)#V;LaYDt%+cmGndR?jN
zq4T{H_5$1V(;ta)=`%i8%wC`O#mLpAY4Niwp*oj0Bqt~L>N5P|&gb3})@3eZkJWx5
zx2b1f@zO$@DJj|U@e3m(4JM7S+&S*ct3mqeX#>($2g!9BIOvkRe27q#Rs1m6a>wK6
z*UNxLVeg)LY)<vyzSUFH65ZYH2I|dNb2`Q=`-YXKrhHb@%tIBIE?o*7ZK0uI?_yBc
z<w|9xX3`}Ok1JN$V@7}YsoRb%J4V0UKYn*F$0-p_O=;_`?bLn&ypz?^IJ<fANk#X*
zfMMi>RCmh=S7H41gj;{x@A7{0oRV^fVX;1!q8WgZ-O7p3&!{vi?9xj`<<9;4p6;u8
zV;<*5A4@&4V7^Kp)!MrJpH^qak6E9y<tkXqKXvKy`0?X;>0Kf%YrlMs95}FZS&!7R
z<8HH<%$KE)y84-Pa~RmW_warShC43RKJ#y=FW*{hv7)8WM(v?K>w!U3U`Bj?zRfGE
zL-}&RRLBW`U9k8;&7-2D<G!A~`FK!Mzxw+TAyZPK=E*aY9eW>$Q}!9Xe?q34&hjuU
z=JS-_Q&{%iO5^T-dUf(iLc&tz&Q*Ca!x&4>FL93hMVIjxFurG$>s?O*3$pp*xCsUW
z&H`)i*I$1HO8qNM?=2%3`&<*Y-B_;B#Rg#K*2BV4U)_SP0s*<G@ww5ObH`>KI>ySY
zefcur%7Q;MN>}K6{WeK0@pw~aJo{5g>WMQ|x$MT=vk7tIe;+zdwfRh5>6n9=uV205
z7$|SrwCUC`!}M;yeYg`abLPxj7DKu(3$NW4QD3tup}w17fU=^aeep{{-ud6BiSkyj
zUTt$u$*JFx0|%a7+c!mUKRb4t+qy(x%@h?0LeABM1p0@|b)I8qmow|w2SY1uoy~XT
z<6~nNL`6Nw7G2)8zvOz-oN33Kmn&^@iZ|u-?A7JxA#U$K)j10UVaJ}T#KpzEKO15j
zlm7h9wDcL;NtccfnKgDtLBWSJ53;>H?+08sSyNPAUYqmAyRg7gG0JiGv~A;JRM%hB
z9J%|YLzdC-7yiqEa$mLB{r&R;N=1*-Z@+X*OSJxC5ZLmyQc)D1?wY>%>*uHI)~y?A
z5&kT6MBJY@dN7uj4{Ln1dfDU0k1oBB;<0V+onQF1swKBeMf20h8}l20k*%Vl(x-1<
zky&QJved3uZr+?Vcdp97fqobAOBqWZJlG9tPCu|};llVekwYxP!v`$<P!iMhx~sFZ
z{R@RBp`V{zPALRN_x()O^4<N7d+Y*=tf^^5X=zY(@ml+xKkFwkjg4OdR+kf#SM=Lc
zuxih)>>lpwI&IN!dC#>cc-9Q;#{R0Y@?!PAy?cRbm;1HxW!%rJE?%h|v#8qs{_DGI
zl~hk{ezdOO<|dWi`RmqwShcpHqT0ycaq|Z2@mR0D`}TeQ{P~E-xobMTwUb{oHs)Sj
zZ=tOnm5~v(b!+VQ?VYptU!SN}R#dd5)VE~EYXiS^)j%WzR%*aMV>@*=_>5;{o2i9s
zWb{>4Rn<tGq`bc0Xt~%4Bl}ElYK(KR-?;LCzftP=eSHFhbd?oXsTTH414h^s7Z)ID
z6A}_`ote7J$kX2D`k-XT<fNqO)299YBs6W$o)Y&A4cnnT3*Q#TD=l1jVDV}0kcNha
zqN1XgH;)uX>a4MGvhO)ftKUF94`9-E@7c4bynO1}aNe>d?8xBYX)Q~a+8a-vx?%1S
zJtp&9OiON7R>Kz401r=3&4>H!I~N{z(kRS5=&g`6LpfyZy@J>tz!pDw^5oQE7A{(g
ztXuMz|J2;voD=b8w2$AR)y&!ziDz8;CU)-vw^;xD({aG+{(}ZRfB4W)e%R=u(h$J;
zgMxy91^amKtZ}iivB0D*jO+RJ>(`_YhSNPdd*v=l-MaPewQJr2!MKQ8551H_mrb8f
z1j?I3)B40q9AH)T*|Pnr)9MA|f&Rhc@up5Kt@`?5%;O995;_mMW@2J8WA^Nbu(02n
zYIBm9@9La-bixkK$hc~L<LJ?&z=RkxW(=5wz9Pr8OC=>bqeiLsNwBuIKIvNu%w0q0
zkN~~?iHu@kalid5fBAz4UdfJj2d=BDt2?|21BOkcrD}ZPTEXF&+R1J@16CKQB_7Pn
z+nGNv_?$=S{Y{$&WX*kDTWdXazxwq@>ZcyPh9BLeOWE1kk(LjXE#4UWm38kTr<OPg
z>-9GBOKx<NN!K}8uMwJ>of!vbXfMxK_SskHyY=A)7h|L7fF+CX+`T)pPlA&MuwNbb
zg<jobw<TlO4DGIROS7^}V<)7(OYE;5Go#a&n8Lk3pZm(Oq)rgDbl%wSsoaLn*<Tn8
zhGm$YTNn|3%D^TEvHiH1AD533E~1m84$d<%2Y59D9?F7gak%ihB&%S4P$)ZssZdgK
zIu;(Mm~7`f@#utk%l@C8=lI@Fd*^>>kqrNG8||F`F&=GdEFJ%6JZAJi=YReapMT>2
z{(p}D`~Kj+f5QI$3H$r+4*MghiwyLWO279{(zk!Y1pjv?eUqeJ*nlMc{*(Nz!^z+1
zXcez$hz0SgCebMsPv?We+Pt|KtcRj{$OKzZS_!B;YzmW!{98V3Ay=q_Ivhv{E-D-i
zb`h!waHx3T6e;t<U}zSV4Nf5l-h1aw-K-9;$P0z3YyubP;o*X<J4#`YyxAR(+X7P<
z%nrrF?fAYtKT#+iRRv4vDBua7@Ha%ZCo)eE5zq%Z0U10#<w6lJ3=hnsvo}!27bXG<
z74i8zKLRGaMV`zbg~H=dm;Bi<t}KX)iK9Yc$Y%f-C3F{(K~q4-;)cS^VL0M=5TTGV
zc`*77Pb(&*E*gZ@^%PwAC;|^s4?m0s9uH&WN@aqhriL6X5v_*@!;#^7u%37Z#Br)J
zs7jLE<BOHf@=5Ay9jZu-i$kWY6XP94b0NIbllv2)kuoDxi8W3bY5IUJ>Gqm>FvnLn
z7%)?q+0F+d956zJcoZdzDUg(nr%EC^g3>Dy!|RwDs*i{5LMadb>zd+e%EU{bOwxz9
z1B0DmWGTdUJ8AnAv}ifk0s{&9Vq)xYHZKry4R$-poZ3xSNM$RO#XD#+85W_*<u<qn
zu_z@20V!^3PEwLMZ6K`$ab`2Jd5QFRP~eb?w~SPIm=+upoLtNuhBX2Jo=hr99i_3;
zQ^dKV+j1cbAviF+`!kGOx-`%z4W2L<#xtTgVjKbjO*TrjglPf(hQHzS$oV2rflCW8
z`P|S@m`e<>c|e%>?V5bVM&bOUmrOnMc(N}clwc^OjP!zF5ySXnJ`t9TBAU_KN0%lL
z3Dh7Uhz*W-M6e=$RWNv}g@P_cc+fSn1=)eL+=a4mO`)2phY(G2QXn(J2<{H?N$?n;
zIzthPpg|snx+&muTlEL<y>L1!a?zWvM_>ZQjfy7(hNI%<l{Xxhkif9e0&j$ZOR#3}
zhnxzeE<o|j_tQZkq_82BMh%C`7X^8P?>ba((QtTxgOi#7tsCSjhKV%ELIgPj>?^co
z$98~g350qO9+|O`_({vxXpV`MHV$2bqvs|>rGdKB_A(%s0^mI}`MgMsP;YebNZe3v
zFra&skq!<MclqH#^0=sgmw$i~JPr)P<?CTCd@3O+35jY(8W;={C(um>>H@_n03%!n
zWB@%RH9Yqs3FsSR1wHyfW5vgYcTd*1@Jdj;^95ijv-wD;>R>l%1o@4A;#4Z`7?n~$
z9GVWedl-?Q6J5ljMXi1zrO1h4QVfe)uLOmVvR3LjbUaBt!msP4G$%>WIF||L1xq&o
z9Y+N9NWJk61OO#p0X<U+E?S<X?CUU+`Lym!VHp@W0En3O{GsL!i&F}jnCiaKf{4fY
z7JMk}b$J}vfFOboTGB#f2iYHFJwV?VVg@ilBSBisb{q8jc7w>``>`#Cw#hy4CR?qg
zHdw}jV6G0*{e{6?l*EO&D+vG=>QU{>SY}f25T^x;t~G0GXCSy)^{t^G{tYk(^pY@)
zEZz=Ol#zkwL+HF6gpKaemaN%MGhqGj{o3FdG8#a*#a(I`S+$)OguJM4!pA{^LNIp)
zP-9ST;&x!7wf#+$<EtM?VSx`~XXGVX7Bs@`_=5Ki3}|l{P=yL2sShVHY_h%!hIbWI
zmeDeiEDj1;dFdp;RPtDVJiW3^9TmMK?h5<1LTZa93#W7+B40YpbuH-uAXpUA{Ael~
zO$*ht^bUn7e&I_}$;Au78{a8aNUU@UMTp)pS;}j0pa|NY_{~^IbHxRdo{Wi+Knk$$
zeIht*Vg(-`LQRMDbV4LjihA2fk}(nlj~Go`BWXQ~Z%k}QrxksHwkCPg9e#ryGW_{a
z>qVJL*!YZ!$AI%iJDBGeEpMcjkPvv#jznfUFO1OTr4a;23BWI)8v+z?i`ElOHwq%4
zJrRbdCc;%5=<pzVi+9YG%|mIcNL=!KTN5H_0<fh=^(~CUwb&NQ5yL>{2UsecK){Zm
z-UAFixQQ7C{sYs+FU;SwJ=4z#u6NKa#0X#pDJthQ4`mR8S<1*H;gGmcB4tZ%kTuNs
zg}bsW^}$aI3bTZ}2X>0)(m>+QmxmiExMC3s#S3A<iH#d#;#wOlls}HkgY!XK@T5uv
z@PS4E%q)(+5a=?XHHassco9TM7DYfJLIE-9b0dAgih!y(s)DkowYD@#_JOcWUrx|M
zB4!66p6WF%p&Rt0Av7#N1PUO)kp>IkWqoYo$~~Cu3Ws2UdlkhfBrLKH@-*C#fUZN_
zRR^<_6Wq;L6lejM9)ciYZR^n2P+R;@l4G<>#6bbyU>xWrrUm}M!tDtKWIjV;<#Quw
z>j<}rX|4b`a0rjIra*DYHUDE!DAQr_??54WXMs!<qL&>-p({5Ca9q3#kvw6Tgs5mA
zk^iL#{1)!ebp~zW4!xA}mmvuQz68N9?Xu75TvA0w9DuIOB3VTUG}wYPH{}U&#sOWQ
zh&K?n6wSXu6~?DVl4TMTMDbkwwojUyj4DX@PT4fbOmcdO&cjzyt{#70XlocjvS73t
zHBQnKAp63R03AxeL=Wc?Da-I43NbC|9S8AIE0p$;)EB5-C8-N51VHxyrO6ISI15|#
z3U*fz#0x{I@ubF1>mBlDaR}n{#hI{p6cPYPt&4;XEB<#ajdpp9i2p4u1Aj}`GrnKL
zn2BI~ua1FNZ$r=cE*%4>YEsYWxLBt|^4}Ee=q4oy=RYCV{|$6QUXSvBJ+B<iGmT$y
zVf?@Aii<YSe*$dl|DZPDDbF#crfr=6L?6lXpN6LJA7=W4+W+R~|M>aOZ_Yn*RQ&xm
zzJ31J*x1xW>in<aXj4Eg|D6B*4}A2s6|}XbcHO}PabjZ09K^H)#abP|@{0*TLa6pM
zzawC*ykHS=qJ%gwqX!Ei&44^XBi>L4l8v^J4$1-1`mG&s@;SZ}F0Md#N7A0s-Erc_
zvWgPAkw5Nxp}io?TB+iMr6%>XBQ}V*G^LRFlbFPFp2CjfQi-^M-q1+jzyvciH8&b-
zZfXp0Ec5~DE8m}#O$yrj3JU5(8eyPlg@*D4dj8h5M?!#uR*#T!An^?8`;w&=2=$@U
z9X<t*eK}lTj5T|*v#}Aa5N=9JR&3QA00f8Is!jMpL^aF}6mn@VMSNh`awIFj*7#Db
z`TFp~0$am{J2XPc$F!#Sz^0(#4IZr4^H-xkV2dIF$x1zh>GP$ZfhhwI6!f*RiSW!4
z7t;jjMM{_^zClFoud>5nifNR&o;srkG&(SY1a_TWSkq^?+PS*AxGJb~aA+hjEf!N=
zjX0Dd;-ljTC_^`XW&roS!g6ZV=x9B{J=gzAe;n*)*v_6v^#%u|6|5s<$~(_=a*}$%
zLS2wovnR~}s%6*;Wt({~AbO!j&bllp)W{K0GsUw;6rMQQl{M9FhRqC=`dLlvDu<B(
z=)i^=Rd%Y48w-|qvU7HrF$ps?Ffvwv6aq(yA3%go5f<9XTBsloResDTP=E|bNz#`O
z1f~(@4;i0@f;`#?2J0Q3c5|0(WR#(&1u;B%@D$Sq4Oozah^CseP=GT<u}R8+@}X^=
zkh=j|1XE**Jveav!$r#T!C<HHS}eq%0JXB<`ExF&?Zkwmf@(D?5{hXf9%Y4rGEOX{
zqvJe5%Si__WP*VK14RolR-DhF`tlHBut?|+tPV`e2^OOs`4awK06=XfMV@$fWN-Os
zjudKo@J9+g_-Z=nAT?}A2SbhG6o4AQ?H$Yre2>N;HYIxEEf559fzd<tn=Ee#%PU07
z#w}?>(QSVkMzx{qLA=J`u}+yKCG0VP6U5$$Gn+Uzh~-HhbU>q$nlS*qt?43Y%irC|
z)O3`QCowDJ5=7VnZ<v^s6$aO0t2vUIBJm8<msu+$E6BIPvbZK9hPKgc3n_^-Zt>k8
zF2PucdjP=5VF}8O0MSLFkQb&$LyrAqu&T8YZL&~N2@L5V<ncI>@Gb!{S;Hwt{!`e0
z9D=qlBy=s}2UAS(BDC7!s1O)6SVCKkBz{;+3a?H$#!wZtkwSA~CkS><O$VczrlH3`
zOtlcEc1M8XY^P&T#m@j}3pfw>L`cyX!XFFQI3$sXV+E={bSy$Oh<t+B9rA|g;NJt`
z@w_&1j+hXr-imDkX%rZM&h#L|o;=h8FU&zZ(oR!YPA;}nkf#v&nGm&5o*=YCuSfa>
z(J$z{fivKZZ}pJQykI==2*|V`E(e|}f@cWPo+R53T@d37m^Efd_%0zx9rBq0R5H0i
z!C^w3cAG&MfG3ryy-LFMqDKzLd4dxf&)*wPN7`{k4NWJGlCa3OsS@~m$r2FRRDqe!
zcnQ+SC!@1E81Cam2iyJG;qdkwu)Kpqx#2v4NC=RO_gYT@0d?j2p)=lM{}}!nKP>4D
z=EFA-KTa<$fh)zZLHsy6TnYHKCZxxa8_A<ijS=%qv`3gOK|&5+FNo(8Du9Q*^?U?D
z`h?-34~UU13JlX@3xmgrLIbU+7hJxsNT?s~1AZgFj6TaJG>pX}HC9kwK_09pMA|qB
zgY_qj;DtebAFUO9F(Y4{W~in)N$6G-6<B}~bJ+nFRH=v#l@dvnLeoSmMGOfuCx`=+
z#ZP#Ae8E95QVb;;XLZBDlE#PNE97zsQ^)|+pKfP2g=ObF5f>w1wyiL*Pyz#y-GbMr
z)gYJzsx;kh1}xx%cb&u~ZXWRku(}R0GUR_|QkoK>jQJvF<@+r}LlpYz1+t(T2imY_
z&32WA!%*pBt`plrwM4Oh1Fj)_cn-k_wm_oE0)LK>2jvv7k6B?%^pkjnBc6Bxeu(jk
zOdm<4+C!L5Q*<y5UnZq(l0rfY)f;Yw=|WwJk`@^K@Bp&d$HRz|AWYp5H}G)}y~G<M
z6go_v%s{h+AJ_!*0{7u{Am+Jj4pX9*G3Jb)QAD-yF$aT1j<hl@(w#3^$3&tI?tGUl
zD<SLJ5Op+#0O<pCy#nfvU;@zw3Qo0>qELpOj4Bz43yY;BSr~K>J%j~~!E%CSN%<+O
zj0sT&E=an(2CqoZ1hvGF2qyZ={0@D%wf_8VO&$`pnhqvqh_%)j#grtuNz`Fl`hKb~
z{uii%bh>;eT@YJq9i42W4otT3w<lXoq$V}jWFP)pW}Aju7$^3x8=T_4qiJIE0$XX0
z@P#0d69n(Nv%*B^zZOCtEDpsB-A_kJ61ZYmt!ipvTKEg50Y(FX(LewZ#+vLpbGj?G
z2!5MQeRHF}xjMK`!xrHuDO-JD9rPa6p}x7g%$P(xgWqV}8JQcPA8i=fB;3C-W%2~p
z2xK7gY>S4(Bt)5Y)NvE~sW*wGJ(05PAqJ&aUnr{oV~K>CI=VX+K5hq_e~a|L3u|JW
zkcS+l&;lJD@KtN1NUZ=uDFU2=&w)lOAZs7QHpDbUd9SoNP+1WFga$7wOaRaBQ}!-=
zBnn0r7>e!3v<#U9O*paGp?(PUsN`^tt~G9u;=GVBPAM{gTv2+t0{nwo$U_FLT?05G
z448lTu^0RVC)B4=Nm@~Se0VANm~g8BRR$j{6L~sx4GG&>*3?RQEYJ|hNyX^1N}pCb
zr<4T%Z(WbF!s$#F(gax@j*-ueY&AqQEcAjJtawb4LxK<_kEUW)*0@K2<~&1?<q=r?
z6$KaXA2nwHr-t+%8~ljTN@?o2OCHlkgC<0p7LEZcbb=E<)}{-Ca=;7@m*uOXHIHh7
z!Ypa0hm=VB4ou;=p!EW&^U^q?`&K9~Ev47k2BHgkIjxqoP{x`jCZ!dp`>r)=D0^jz
z7bK>kfl>30aMC74NDr2pLzxgEif}utBZ!NZHZlz8mW4f=IKA%MLEOQ2EMKD5-xL;Y
z;~Q~6J~u)F<1k!8;7b)ljDkK|gH{tl<6Q<$B>(i|hEW?32(H9F1u1%k(xr5bNQDp#
z11NpCK*Ox1wl0`5yoLx7VFCeCOwBPQ%1B2o;UyFX1Js21O7c}8^z^mGWeJ-2`-8x#
z1t0~U`JxMFQZ}Hs1S60!9>NiZPK-gTni`NyW=@hH$xM9Ugu!$Y5Ee;NvZOS*w29-$
zGWL(8^%%6cQE?W^Hr1Lw(NF+kwSzpsy<lPvcu1VZ^78?rksHWC+)4&ZRD(s-=sKGZ
zwUa@P5fLeET4+;ZjI<)jkxSAs27dD4Z=jn_2YrPaC%JJ(Jkr9wFSzoo!2(b1!BZxv
ziep~_gsYu{GzjoW1_<!94G>PwQ=~zFM-&KyHmXf`v29fkK5Mt4{bYL=>5A}KyA^FG
zwL%woBx9`LX&WFWIJN3CcqFT3;vYe`0)99*lpeS&9XyNjPLKxy#k;!1tP^xC?d&ij
zDNn>FuH6>;3qUiZ`wiz3?Nug>FL5P&*k~6-iXfQCz#-^U4Q+csn}^yoks?9K;$lU#
zbsaImFe&<1gF&$}%F>8LvH?6kSVj#Rb<n_zBZg&E5fcWj1}&6WMint3(5ld5jHx=}
z*C@JJjn3j|r`yqylvYRFiOm=?Tv4X;1l9buME1pHVcQa!&>0~tZ;>zf@2!JrgKwnW
z2B8Dd6DA0T8a<Q|hD?lLmT)_n+<^t{>!bc41rLJ4rHKV?^AZ5p19}831%yBR58bDP
zCx!@>ru%D91%Q?IYZ&WbV&JGM-UAKrRP0qJ5Qft9V4%Qv?V(E<q}boJNa0}+*-Sz_
z)!_mjAYA~8B@AQX&RogOLSpt{aZH=X_Z5&LPg-J0umV_6*O~yyM1E(`86u8aI^#lH
z-2uhFuQ#;mLiKQOA(QG107!NP^+8ierfz7X2cXoC?EwHt_MpAM{kHmqG6MYAULlZV
zzgh+Sx6uy~`2ItC0RWPHXq^L~jZXOe=uY^FJJErt|F*gn`ol>#lt#NUV*K0c2)i`{
z|Bjwet+NTH*Sh&uX#m>fEkC9wL2dS=b-sYMy5jR=y5d9cij33(Z8Z-|{aE6F5K%`+
z4U^FJK)<|+t(jKY3EJu%QQ?R74~I#js@?PjZFeo;$K#FwildJ>Y)BpwM6GLSBRDM5
z{9?A>z6IPX!M(TeDX<$+l#sOM1ocKBvn9c!(Spvj1%vqS?g?}c0B<3tM(jJ29|>U|
zt%HgH=0PhVAz+CTfSt)I0R<pY0tpFm8A);UKkPkeciPCZpRHffk#iHsuzQ<<A@5?q
z4lis6@Hn}XxkQ#^&_qZaN!ZS0=Kc0pRoz+<UJ{S<?s@2Vky_o=)mv3{s}_+5NO&3)
zWECREEIr38%;Ch5jgeH5h10wsQ=Hg|JW-m2CkZh!B=T@Fu?9zt=E2F4f(}hY$dXub
zSc1>vHK<}?39w??`MHu)93hJ%jxQwS=IAf`izWsa@K1HmXGO567u3=;As%0+$nc~}
z7mDXJeKBk8VdA}ie5H6o>U}{=;9+vFfA~Xw9HZ^wZqx{ekN<FAqI!jYz8RN@{f&g-
z#=g~aG_a{xr1lZry3#`8O`Cdl@)N&*DyJ@BTf+0^#9E_0N-4{(g7d-H6xa!Nb8E%@
zQIA3>SHj~gUKF+FZ2J?DYJnv`{l|n1m8k`E;OaLzwy&|PAAZP^N-ZfJCSGHGB8_L-
z33ObbHXIMXChm1F)X?NrN5D~L?4}oj)}@`+a}6UJkML9qhJ)9q2F?J4i@i%`p({P#
z6Ckfs9M}5g{UbEk`0K>b{4PL-%QK<6DeNMJ!8_MFMNrgl28~wGZ-(D*2K3ve4-<*Z
z)YwQ`N>?BdN4dtmYj6;U^E2%bvf;X`h0yj6d<~|wA$lT7ED4}*TGf6dOge8j#aUu=
zFnmAioW7aFP84H#LQ|nkGmB;@d)z)KZa5T_Uq5c#P<5+4ZjL&`NoUaCTzPlh8FClh
zy$bW8Z}D}^9_s7(;Z6LdJsLltdF4W-P`;&>h^hsrSAs$l33l`uyL6#r0s$cEUo;m|
zeBv|0rBg0qA|TQOLn%4uYoqfwJSq8AhQA|qlw7E7#Z$SHkX)b>!c)25i(EtvfTwex
z4!Owr5>FS(F1e`I4!sGvA3P%WBbCgRf?o=z=B2ygn_KM2z8ie##!}FGd|aS3R*2mx
z&V$00)lD9!d~XxKTdzCqKY>AgYaO@Sf5Jm~KVkoQRNC5qKF!tb9FH2K_e{80mLgO)
zL4IUOkSnA^Qv2O-Fq({|$a?y}J<+#U>UHP(pMQHDcdh@!%E8wD`#W7vYX2QrEzh~t
zvT&ubS1gxUWv{w-RNbpERRIZO1`<$cu^h2YCAs8lOjDb0@LRS2*;E)SW_L3AayFj2
zZj~zPyq{5O6vif-)Y}D-+EWtJjqBeJEAa?*+_nCJ+b7rm{!wYW{-5I7<%`lEZCaO=
zpYG{RK$_HXIZMCP`QAio4*DmZ(>f~@d5jU9>fG}Ed4|8sO44}L9M{pCPx1Mrpa5Y&
zp1(?i<NppHZAk)|y2>9jAe{6Yy*8AIKUV=97RyRI`VGbaVZBCkFn$Mn#$k8xzSr(g
zrjy3#v^}ZI<x*i!u3`PKJB7a|-Nxw{?*Q0zK!Q$|<?Td`K?RZsg|UXx4%Y$CFA>yP
zV+t=w$7M%duEUCF(BdgIW?C$N$?`6X7Mc`X=nWM=(^g?avA`@Fko<=6zjOT;t_|xO
z=h&V6|L7<w|5uLox9k5YuEhGs(Iy(OACQ1DP=j)Hzl?6K61;hB{RhjPFMos<S??d>
z>m48Mi{HZ){~@~K3o5>Zna@{lQDwyw`}sekOZaD^3m;PH0)1R4!j6WaDQ8twhq6G?
zUU}7cIloxAE)xqsirG%*1muYcYrpG^C-Idm>_U?39b_rCR$(+tu*x;vT+hi-6D`0a
z2yqLf@7pDXjq9I};3LeiJJ)}?baa^H|8Tcm|4(u4vS{F{K&{o#U1?VY?0o5lak(OT
zubFG|k1awtg*nh)W)MXyD~0pC&WbD7LEk=#iRRQe;V}9ORD?&Vf^<Zxpt7BQGgeS!
z!@>tZaCX^X%rqTUhe7I>LZ)5^e#)Ie@8V{mYgnrrX*c%%Vnwbb^B8FElEQ##pDkr!
zs8jrkvRd+zJw=5o-bs>Jl6B6S3(tSS+M5*4E82O+74+SCV}vyfDlC7FUmWt6!%h?K
z@o_do8tUnJaY&dyR~6UGE2c5ShlSyy9eW;CuWa&51c{aoBcbJapfpT?wrTb?+>jsZ
zJpc6IO3+(CT=N}HU*IV#adHV*XAmhQD3}S-p<idJij5!^z!y9b|MHI^^*><cAFHMP
z>Om<*0Q}ywcYA&7bqD=_1nKV{@?WX4cK%!5?*E?TdQ$qYRzD!wE|fn&_Ir^1Fu%wp
z%J`v71?*@>Ku6r7s1zsKc)ooX$u15mf`}IHOGH&OK|=!}nhv;*=z!}0h3Lvr^<Yhi
z{=VaX$NFD6k8l8VhyT}dX)o#j^$<3I+x7nx*Y2|-ESaJ^hYimq`xOrv#3TkHFk`=w
z=WX=My|{|K5a&CWh9v3g+-CB``OKq3GENsh+p9=0Ramu!LP4fVxMv`kZ2@dN{sb)Q
zAA?sP!&LkNT>mH{9kAyj^`k_mu4!ct%J(RZh?B~NZF}qQvD8P=BhUS8XpJh%kuKp4
zCn83=BtcF&cu66RuwQt8;R`em%p1HH^E#8=KSSyE&j7@qvfsr%s6L2$&dOph@pJi0
zQnaC4zn5RiewT!J;gR*F4f1V{!7@kJHGX7Qe49ZS%a!NHm}SGp<V{wlzWLtsa(g|^
zwUPdNu;Xwa#{>Ao{eK^p@%(@5|NHO1?ihdkive4|sg673|AWe2IVt}i9_(%T|5IGR
z|HHEtlmxi&49pQzn73Fm;Ce;)FN-8s=SlwaYPlqBSef{{gCUe1oiwB*G9zah{Nn5D
zx@9FPP*_L(vxsx-oxs8X_>u6wE$rGgo9orm+yBA3WMY8fGb9jKMmH6N7Mj?RcbNhp
zTquyCBD#&`D9InZ`fDt9i6wuo%h|9bqQ&a#-o+`4;<{)?o56#b48A6fT$wu%rW}AK
zrWd#`uzJ+$G(d4DXgY@~?C!auE)VI$)oGz8mWtuHqAKc#uoaP<Tsc>_G%5H;fAJ6g
zO8GqZw@Si@FO@{Md%W?!(PW+ZEseWJ&t$VAr=y$PZeQ38&)n5T;Bz>~<bM}l{X-VL
zFK2%JcX0n(_PLBEi)HAqSS8#uJI$vo>UNW-M+%|Mt#UxN<dZGpP$mrm$1D}Z1#0$2
zZ9_LfiZmDpF>DsMu=E0HR{)OmWI9qZMNB4yte51sQ-KwrdMoJ42o_kGWtai(Vbf8X
zv+@+cD~UNDTwl^e{Y7$wNvhZj`zn2;VM+7xgByQn0N*J*qWCL^*@PxPFW_gzY-D~N
zYpigL#k0mofMnG~6gSzQOnjl`&{yfgou#Zk0Z}52Z%^bG>q!{BM(RQ*%#qTzpd24z
z4*IQ-UsgX@@XTw>(jo~dhhY~`J0l}n4-L5nTraESIUy72@mM^mSXT%a{{e&_5BE#u
zVD&&ZOaa5hI!m;e`!NcjiZTUJBg_<n8S7;?ZoDn8myX%oZG^EFM@vp?bZYdoJ9}Y|
z|Ev5Bow4@_ol&`WXN+_*Du`LjM~Dj%=39CLTJtz9=lMm#-HjC4qse}IQ01DIXy9%;
zJeKpp+HQgCW{1eddd!JKNsvR~fGv$eL<(-A%Q5<rMzz)nD5-NtozdYQ*wFMOLA5P^
zSi_@?bvlwLL}JCJp}URb^PWi}d$0N;T|!bwvRckSqjHH4AF)`kVx6aACyYHurw>sn
zu9zf%MlwQ4LV*PhWPpO~gDg)HN{SpuLnh=GzcBy*11pD83duF{;L|gCdjRn?*T((d
zm3sIc<9{7g_P6{0r?_q%|L<o1ad>pN)&F{uYis}U|NFXq{YO&@ntT0qb=;-@RZhnL
ztCY)o+wcERa`pV^7px_0WgQUxR+?e6a}3J6R8*aDC$uMIThD&c9TztehlNr}+GY4X
zywg9evetmBMYcK<HW;y1yW5_$+2l=U%+3d+x8q@>*`^3G&m?L0aW6>{<|$Q*x)#pa
zDUdX|Uih$<2$Olq@@%N6pA^{64$xIl{pbDH0Es8ne?E9Eefjc*+`C=qGYnsCuN+mU
zcs2NK&U0*25}vk0;FMC}k#u#8SCUfbufP6^)U(g)p~Oe;ms8WeP|WIjv*I}H{hc^`
z?<u~$Zn^GH|NUk2@H%d%|3LoN>HpE;mi|A<waaed0KU;5c`eSfKE;k-C$Oo6^j5&9
zx`ihRy2g%IhN<1kV9+;ygtfeSh1ynV-7|SVY%}@Xu=Xk}bMxb2mbJM0ZoZ4k|6Q&m
zCbQB_sa&c^QuE}rzJ@&D&LOn)i`7he)@zT)jng&{0SG@lXq$-B;~Pn^iOntuaXR4<
zc8_dD$0hw<<83<^LRz^z-ey}^DhVLyj$%RK|L~Z8WrYR8I|9XumnmGW0LaLNv_kLg
z6$PpfqtpAUTq1V-T(_`7D?m0Zdx0)9E)C0%nzc}12pM#oACS*S+B7Wah7$_1rJ&7a
z^=t4)$SD&lJ|=P+<e}}l20Fh`=eD5=XQc6VQmnX?qPNsH(n(21W|<4crRZb#m|xj@
zf#yy5TEIBvk4Xp-OA?-kqrs3hOw+y|>Q0lI-V%E7D(YdD{5)e-onkRuzG?DNG+!6b
z<A>-WoId9^hr_yR7W5lk>P@=!g`x3>(YRT6RJxU(bxs(Q(JbdQE7PIl-5o6Xbsjgy
zZFc7B)80ul#5hQ$UYm9U-O_lD!OB~%ylKmDm>fWkX6RU+?ufX4w`7|r4tg@748fZ<
zq;AD0ib|nC)(yZw17Pcjto2bbiCSl7*^WNtWCQCAYfB>BXtj7tV7yq-vQ2wtvtn<;
zisyT*c=`^tT3N9La}FI%$#mOqwU5tE`8_(IY7NfE;;DDs^l#6`qgJ=eAG&7^6yL}1
z$CGw%Dh>eP)q8+{(qctbU=l~76-S~&{R2PTltD4`<Y-`}9F%<14mpwwefB6GIwO#u
zt^w4QFyF&gM5|kT@;)zNfGZ_v)-_IRQS9L*s3KTPtY`w4+Aklnq85}Bc{aX29yj+Y
z^$S-;wnR%Y0+e3**!VAEY28l$EtE$)xnyDfihY9d(apUI*_@$sS8+Sj3~>i-ahJAj
z(gO^YX3oSLMY~d#el~Zmn?4-d)WbVv<@w-OhQ?F13)Rm6x9U<n1RYBzeZZIIz=5ir
zy&n$+<^pM&NmSxL1buFgh|?XlZ-P@-6swSopbATM^O8YABWO714`bnKmdjNWXq_}3
zoQ<08I*{m&1w;y|dsdc!gL;%{+FWREUDa5K!p<MY5+_A`YYUr%N}i@~0p15EhP$i{
z0zpc>(zAAV+<pLe5bXXdc|&<4ZxC>A=L{*CzMe0XACWJ_5qku#pb3h+;8giv9iYrw
zlDbYGow}a>Ya@%;fYIaeiodrtsr+L4V199TiFAH3y`5i7xBQ~0;TlTP-KBPc-_NVA
zzV!YBnMi7zQh13bm`Sv`4`MAq$NMcH<KZTRQyP5Uu%}oT`0vgd&^cbmDSC2e@|d5W
z;sJphvW6B9uRDcgjEE<z%VkZisW&$@N3FpQw&v7q&8)$8r8ZywUb|4d2!{+IN&#;y
z6h6QYryw8DzMkLa(T+@&eI6Gnc^fo<gdj-y@1aFMh;Oc`<uHZ%CD}`FbVY-HxTBZm
z&>73x9C~TKs2P^|4Sh2IhCZ1;tZgIRz1JKtRJ*3GoZ7`=S%XCgGob>%UJaH)&6&Bi
znQ>YBeK~_)o&Ly)O7UJyZ2sVHwZHcf-QRje&wrJbrOtKdvD7|->*4wzdq?}_t^UVT
zTxsL~PPtM*Fr7Hc=SP_fUt#}KDIIOc|0%A!#-Hnc;O)5ewg7zgE9$uY`w!gh9VNg2
zfbhEg{__-9vB+?6JF0Er=vG4yiu@E^xD#)N^MI+Q;<^Q?ScD(eAN2FM9TvJlB9*?L
zP(JRH+ay<#*N#G}riz0msRS3KXU)EL{b(K@!gsyZ<z<0&JcOiZ8mgHy;O>?m<S3e%
z0=iQoeeN)He)upkmdwK-y7;jI;i!sflJSRSdx=P9Ibo3un7XKA>)VJR)S*I}+#F56
z&1XvtDW+9frOd|q5{>*zAjUQ{bPRc_doBCi(i)Z_A`#>P3IE=<%+JhLK~8bed41R#
zguCHFN8jk&g<`Q>qhrfVPw}AWHEWxu;bsdyMg$KKz+nOuMku{(h8x&nL0f&lT@)hs
z((fzSZ5V2@wqz&lvj*%#(C<66^u)M9=a{P*_sV&#xafC(xx^1jG=vnE;X=n}N9VfP
z8hw)5jA;92X#!dfQym4iQQGF5ymrSI7-8%233ZUix`*={%8~KZ4&!5^XR<IGt{D$b
zL0^#c#nSuC5rw9DIH;Bf4-<g-X=T}05g0Vu*x^@(v+@*^HG!1a3*!&Hr&}w4z0ke6
zt);@iCY(El=jj;ohc)L8Oun9ij))wVfgL*C{d1uhW&xyb?DL3A){L5E<)41~3H`9{
ziAnj07X|!e)84p=MtkfvE0^#??9x$Y3k7DdstZS^46sUO3;dwc>C3d+ZuF;(erwu;
zo1Gmf(7xd_&4HC=e$KD(a~Q37J~hq-L73By#>J2a#UL@d&8Y&GV$%LBs7PV{nzA?9
zXk|^%7$aIBlHc_-*xh3GFl|ARjuL750)yAb(mV_T5=)ZfJaR6F5mV{tMcO3?Q=|$t
z#Y3gQNk4`Y2~vOktv;oj>9iK~BHBU_kZHet9{7*-1BW!m<MwD0L5|x65Ox9p&myc#
z)&NXN2j9L7vik{{n=H$S5XU#!qJQ^m>9=e)3Wb22^*hZ$s}1R7h$Wv{2I)KDxAV`s
z$J`YjR_dA@mK4=ZMveDSwm)rl0Z}%cWMrQkHIaLuEdsF<oq|8XDk9$!2F1IB)nQTC
z7lkiYw3aZ<fSvigB}Z%o*Z{X)z>o33e`drr7CCZ=0JDSw#vySgB1`6T3_s_aI<b!c
zDDki5(i9v-iZI4kQ7&1nE~ZOjgMO?@iN|C(>+~nn;bfG|OcU1Ww2+R~+5W-dQBA_U
zYx#Q04RScoSax-52HX#_AMV$P0Q#(Vfoz&AwF-qoq~i5T75CGH;_#@(T8~Wcs?`zf
zzag8$*IiF{U1g?cXmn!vWem{x=DZI`CjifZ{dBA=gFez@;GxH%Ohg7P9@YYSzu3})
z`^Tz6inS#2kjYA18?a*;o}s{$0|r7tH#U}d)9H^VjefJu=ICW9w?h>0jY4kc(4;e*
zNZc_8(pJu1s8{D){J?TMVj1vBEx4;;q8YAg=vO+IhN8laE2Z*Cng*+;VDVyXbN=ih
z9S@)VFZfHu)J0uJ_`f8C(jj+;&B+)hw)=;Wz{22H2pRDcQXI|RbRch#98kVo@>Q(s
zFvo2T?6lU(6NC=B2}C)O0%!(ErGq*i47%*%jRCCQV#QbWlSX&kepSo~WOzEXh@0Hn
z)_<*oxT~v<k>1!A%BxTTQVI?qE1-91aJXcd>&hphPuY6|^h`Yl(g!FYdXxd-ZUEUj
zAB<W|yB39r`XRhd=VS^}KlVc$M;hE)0P=we@LTBi%0r0d(yL-N7@!bGo`C~QTX~qm
z2~mbGuVB5T%<ssg<dchLh#1>k6yfNY<Psg4i}yz^*&I#}DAZDnC`1t#ZNa&C8SpU9
zaBgE`7#i2-R6c+W3~Lj!%96b_ZmE0#q`nqp7keJWf-;004D$gMr$l`L8<Nb6#neN$
zLZuuN!T}{@#kee{7i|k|4>c%F%O*${%LdXXqq8uX+n#DcvPc)FyeLw4pgVp3SgNJJ
zKmI(l-2leUV!FT=T4E+rdB5WE+`h)<4^cL;W+A>J156ZR&GCBYV+F9KZVMPZR5#}*
z$iV%=7}EfvDG0=gsmxqay^x;x7e*9>rf1{!d4;08v%y$ws5||W0iz~;@jKdfv+OU9
z2kiBPwq*Mz^TKw+-UrrQd5eLmac4dqb{mtE!KlY0%}rq)*6RSZpj{75#lxU^&_^#`
z@T8vdyY2W&n6K;XfMshU$Uy?Q=qMr8!OU+=2EF*q_eBX3=aLK&`5mr@9bk4O0k+?<
zYgNC&zQq3p^<s=c4eNf>!+hBq^E0{LXHy3bS%;dZZ$|CbsBzBz#D`y^53S>Fv-@^j
z6Q#`Mr3J$@bZiw$BIMy{(9Cj?2UBYS4o%Z--vFz?DoSB8lwMB`+J&jXL--aZ%uc*O
zbLF_U6HmKvj)8d1=$s__!d$w4;8e$NX~}fzVeuj^SI24}FGN+*!1b|F!l{J$IWZ$1
z7?*H3&HZ2Y{;s)^BuNkiqiR-ej}V!=ZjpODk+DQ(WdM;N2!NkK1|thWf)VHh2{r)c
zM@NRBLBL6R2M9;Ofrwyb#ccnE`Wf*9YF_*Gp7y=-W#;Z-c2?v>cIV_o_MzqC^ux^D
z%-jL+E16kU^h^)J-Obd@)YR0})YMd6;l>tOrpXynyh)T6%(*|B#ivce$&<|dx%CS9
z+$nTg)=Ny4)3VN-6k%wnH5L!tZ+0qi_R7328lZ}=Q%pdZAW*TPR?v@EMFt+v{L?cG
z=oo{Qi8x9oD?S&6cPA%VWCAP9StvYXlq1V1`9Zgimzx>tBgu>mGBYLu9Wz%*v?i@=
zwxjhZ%`SN$7Jn$=s<xs*H7qe<S@_ly9h!U55Ev%CF>40{nAAo}m}RM0R?{U<Z0I-p
z?egJaR*nz3^kYQAIu;kQp^{)(!#EkzVl-a;EG_Um-7)Ghj8fa<ZrJw*8BO_F@nky@
zfS!XiBN39R$S*c`r7uR!cckkBTwKVdn3N_ISe~cUkY*yu*vunGtMYU<C%$R659^0V
zhtr1;T|3|4M7CSmD<9QbIs56S%E_Vr3R6cJU6M@|3=H)Hkf*Q%LF_rGx2k*8@ZEB&
zEMq4ESxH<W`MJ}PokdT+n3Pb95<^CE#O#-fH;PS(dNch*NjC7qf<w#%J<`BmD}$0H
z4uHuhJMllz6R}bL*{U8|nOuV3j<IN#V+^rLR*9ehQU=}Og*h56(RvCI&lGi#rD&M~
zWDt{YXC-^F6p~MXE0L~Ib*x+(AFGvvIXdwq#IYv_X=!zp#$*T`KRC@Biex!7%O~%u
z;n#TBqe)J!GFD|!=5R9f0V6z?jdW1M(&}1P3r15bN)t@Hnrq8eEmdv`3~WtK(L(D7
zM=5@Z_F#U4MbB;&CWdCMtr$7pTMe^kzw=2*4o~RdOy0$so)}RKwKKx?2P9o2V-$U3
z3I6a0caT$Jc?>lvJtwF%8udo(v*HCt@2G{RYQnKMe(QngQ7n)aak(Hu4|4XxShL(|
z9A*>91SIW#0CvAzFpIW^^dERkWAlw9IBQsAuR1sha?WZM2;AtPSp+i`q+I8^>)y3x
z1F#k~?D`u3UKTLQEX*7azb`yAa>|A(L<nLp4t5^VPQn)U2jKY)I=WGwmCi#4QtvGm
zsaT=awT_(OEI+rENVyeTwnYql2J1p-iR?=kp?FtfA9ELj{M@Rz$mzZ1NN|`0)-%=J
z-O9m~H2a<KbwawR%}HxdvmRThR&0_FD}Mk?C?p|j;BgdWwLyp9>ZB@urc}R-P8Q7@
zUI;62Ydx>TM2Tz|g9=41R-)WZw2*8cpazrF5x^xt6x)Rr0P7koDoR+jn|*8P6F!k;
zDCAJrUAbSArX_=O{DU_N1XAzVWbnw^WmNDmV5Kd_m>vl{49Qwr@isuWOe3%7hr@p7
z!USr-$~zRmV=ZZzMZIsX@H7rwef57#QgJi#s28+UgHJV(HuD&)Xr$gVnsBg0yk&Ef
z^zy-l6e#6)D*JY{^h#NeLat$%KpM#N&cGi|*uQ_0F0Sc~_k!*u%oxk7WXZ&(NRbgp
zlg&zNufB8CRD>zArV1p!Ufu^(wt@z3-OfO;?5A?Cr`{$4)88c^HPR%xt4{bwrv#Iv
z)!J=7f0{2=>MG0~z4p|TID#YofmgyLV+?9@v|Gzc1D6>yhfFpNuO_-AYUk<(oyD+Z
zb52j_+E{8$3)O{aC?%qiU1=m>aw<lQvXXIu38tX}pm>Qime@}DWX^f<MqhdX@bgTX
zCPFn1V_iXmf4{y9OFm~#VyfdXuv)7j;^W-y5LMRf{!m0{^~VfCGgwH%Wc&;0qQce0
z8N8;jV!JoQ-0pBulh_wC`GmA3%CN4IR_9ZONet2Uwn7YP2r$0#-{vxG4nDIdb=#e<
ziL50?&NCaWRHUeG#uun<CjGsE4ODs1V;1CqTF~iL&(V0m&|#4h*aVS-=juL8G=u~C
zTwKcuxZzi=(XQ3YyL*lLJ{reh&n*z9CGHm%Z1gTr_4(Znx!_jzUzszx;#<%Hiv3yw
zit^4u2kCAH)m?Q$;hLyGCkX(lQQ@N!8580>)JXN%PQ6xd5NhtE^)Oloz0RoT5QRw+
zNO<#6!FoF)hiekU!h$)F-L_t;0ZH9>x$6IfJvpykBE{9STJ~Hf%L+32k?k;;oMKI1
zT0CY`?o`eqc9i@XQ<FV^6w*7~o#9utj(U?7I0$fnn(4$-E6p^{xFC0ZAXRyU=5(xW
zHL{9Dt9<kxt2t`&0%bh9P@5FE?L@mF+z@nIYXaMXH&3k6;LR6bxPq%LW;hAY+Ne3r
zT!%LNt5JkCwRJmVbR(V5=i`%cG8W><W@sjX@bod42&k=(#PEfBBZ**eFgeFpVI)7t
z>!Q0Pu{R2`3p6O%0kmP5jQXe=Fa1|PFOrm1F=J!bgT?&5-|zcPRu`hF;h35xU*I<1
zVv)D`7I<dY^&&%LjJ4oSZ@e%a2SaUNuF-nl9_+B^amlizoQ29WwATQpHyWdoO)u#O
z8pxqH@&jB&81+jub<ivZhbt<Npmsyip+ZK~ov5_X2JfVSQU(;b(*)`1K`I4k%RpK_
z<`R*HtjS&?XAF>^Y}0;DGSQAb6HB&~rZJ6MIhpJnVa-JB7hjl~4-4f_x5W&|N&S<=
z<RcI-?JTdRw=_s-siU29SFRBjvpg1~q??;xK_9sNq?0ScFgmti0gfmpYJJo?<LfMI
z8Ur(?^6Dp5AX!^SwjwE!DaxI$79`hl(2zH&WhXd$zVf4ZGHbv0h6@R;oQdi8X^&ti
z|0Yymv6%hY7aAr?m1L%n+1hzgZlFT-+2rKJ8@((RN-M9nOg!To9)`2Ai}SSH60;_1
zl4*1S(~vZ?N21YeHbukarq>RMR$S@L%wY?0SD^`cyx_*za_##WwgQ)+dftaY>OZ>}
zd#&Ibzvu0o!Q8rY*e>rJlA)kQhKt2{h|bAveVzdp3=0>v4Q=H&U{51$b1O*VO@p{)
z<{}UI?8!4$o5TXo0<}RUKf^+-JM!sd!zS(EViG(s=k8?(Z#<q^wZ*bJj7C0vI5V^!
z2xn8g^arm5{?zla11_(U<5rzYPn*$BhP>eO1jG;Vd>m8{tx3dj(C>-PF;vUmc%~|v
zOf<ul$^xWAJPw#nBPnBW&>ro3yzLCeBtAgtT&*4{yJW4J@>HL71`tmXc1BnYyQ(#c
zs!M13LU#X`a8gX~J;SO;nvqXSg*&jD0{2-)Qkt2TQaeG$(@mW@iD@T#Q|yd<7^P5Q
z8NLWZ)pz|-myC4AXX0Br^(E9^sYD2fXUA;2E_b05`WOSL;JFxS^8=XK>A2NN+}Ngb
zM4|u2Q^eJvK@u_|k?UjUg%gT1b291YnC%D-%5=*o(XdQDWOsalzC_PDUSI4^1_R&-
zKzD=&JOy`~MNZMa%0ZhkY!-p0XImQ?X=!8`hJ-Wou`Qt*20~ockdQ8#FhxW(%92pX
zy{^G@6|X&ySk{EkI)0z_HZgdw_i)4~yP$I40Fjlx%3BkZp(BoiRS>_1<;DpH;=$;%
z!_KI4?xB@jJ~Fzyfj!T3+ZW<QS!)W6Y+dN1Hr+|A$mQ*I*!04%x%lA{#zu-(OtYML
zHDk6o?{#J8+TbMH-%K~WNwBzyTiZ-CvoY;!u4h}L>}ui$H8D$?sakciqQQ?-4QOaA
z%WhBXyQ#Ugt&B2~QC(t*#g{UUNj7JR>{uMbne7M#%3MZFF_<ydg3XBx8J4i0k|?CB
zzPnxPh9t{|Sym0!Qc$+R+;YFY31BI{B((em$kTUpUU|y;<-kY}3+D`5#WSYKO5*DB
zyk+EkkWe3x%xI8DkfQ=|WPY-_Sq-HzhEWw)FLnjvZF8TBt)?QliB_tGyIfcj&fT?@
z+cAksa?|#UC`-KPj7NB6%Iopja*lrpG8g0+`ENYKjfFlaiPp2qRW@3SPg&_In=?rx
z`Z-ddT6SsCgQX6W8cAW(ty4mF3Q~*|vE`;&e5|L;kJEe1LT9Xo&z&0H-8fb!TW1Yq
z$1XaPc%bFR!}%vTvv37d?<td}wEMZsAsauP{yg3VGlp!uZ9nzIK!e=Y5hgZ*jwbFx
z-G9(~tjfNAx)w}kB7mHh@@vEVZJ{76%-@)h@Z?cRJSHiL8Got+R&;VQ`NYve(%OJ_
zEHX(4G`F`Iauy}EcnWz$b6XXe711V#v_)A+1j|sj627Wap9~R2A%O8>zjAOS&M*zB
zv{B_po>?q~pSvxmFpM&|v@^g=2^%r0fac^_mjT@^A2XDVPn$?M@(X~1o{V<kqtvwR
z>sT{Dhb|=cpaPdmIwYI$l99cYO1UMgYHh{7$kz^uMRHf%w(@y0rG0La+UEwX;V`C8
zWWN?`2J@9;)xF7Wx{Hy{9Q2I551><;rAK&p`z^9>Hl0QnSnAN-Tk_4|J?x>wSoFW~
ztn$2ipqOfVzkHZ6py$L6&94hfOF#Tj-ut$_-+b<-fv@$0HgNe?b-&WcP~!LRjl_{d
z7h}|NmS&~Zf~DHdi}JzqN+xSsL_vZERIS;nG%CBQei<yL-2CcUxv|rzlv@=brn=)N
zB%7)n>{<=VrXDS&QZ*PxM>U59)_H$VEAuOF@HCV#CQkJdck|3$sjEn*g_<Rr;`*mO
z7IO0p;hB4(#%uF1q0BT?d!a@$u_%lURBHp!-9vpU3VaSA_T`BL?Y1noojbd2&c3F-
zJ}T6d;Ho0npgRxgW6RT8WbRJ-EPZfgyi?IR!PT2*``ZeY|D2JBuJXoVUL2BBUlgf4
zUiKl(7~SY`qYk1D(F+l|?*c)&RX-H9%GZ@z<lvz1za}t$e^hCFcToA}uv`P;tz@Ut
zl|_^pNZ%;$i?@fUPs)iJKlbTS(;IRAe%~<abqug20uu(*lv*^|JsU3!l!*)qQ#oPU
z%Qd|&`(Q8#UkP2X9zU$&NX0;TWx!q}WhK{l!K$p<)|iGS_-ihHxQ-f4^@Hawl9rZO
z@hg5e@w=~~=b*Cwn1dm)x*7KbEZ-^E90tjwSe|K&iHilbwd<^T*tEb{4j2bXW-LQA
zIAqx%KEFm~1WC~BD(!eOM&E14BXXcemI_c~-rj{tgbo(6FRET9>gp_jgCQKfK(%18
zXlPQ({qZ5j$L2%Rcxw79?}Ch2GhctzM!^72PiKna$rJ5ItNEhdXk{O5;09t=SuUtX
z*6OJD&8UvpCZWFe?5NeM9~>PbLov$C8v5C(nHwsz#q)pA+>Sco#xjzEWQt0{xKuwG
zM%I^>n{3#T__XkYRYaoHqCPGyJ(DXf;5jm#pmLviCwT6ODILfIJrhK=U06tF0ufwZ
z#C6XCSn~5?z$dSizzTaTrict}lbry;nTKO;QJ8ZNm^wZP4cX4D_%7?>h^fOUMsJr;
z>0vO0@j;_Pr9G@8rx>D)m9Q#U;H?VD<%cAqNfD6VKoyBsEx@PzI~?GZR{PsF^W{vG
zO{ck#X}(KL^QpDI#ML1=&cISWA0}c$p7j}d>_|hOMp8Nnq!J@>3sG^1Sg?>sTi4VC
z{&PVuBA%p8luQ&qJ9@rX{dQ9{Jx`<$8_zb0=6JKt(%_Mqo7g2SDF$2>I{^qC-EsdS
zZBz||wWvjKRR0_fb9MAxSO-dz<am7lUR;Ca&Erq(S!D)~!XKA}0&|ebtxTNuf(b=@
zLpG0R6FvWp2RJYXT!$T+vVTDDo!6a=qmO!wUX4I>>S)buv!*GdQ>U@H)$OrdReloN
z#VcZF=G&yoT%Hw2WomYOxnk8SFH(sRZ=22eOp3;98dc-<UjK?69GknswD4k&HglW<
zt?tzK_sa*nIkliwxUr2yi>?fgG<r&*ctIK<>zr)lW>5R!Mdpy?`b!IThvnu@*-`F9
z4vVB3nW`!kN7CueOvyO%M|MLun-a=2SDSfUGPB_a36ME7QwUgr4(wr>VoJ)5Kg+A;
zP#3kWT#`j{lm58)6e+iJ;=OoF+H8=o&XOcXlon15q)F>Wg(`(3iJVBfoa(GCh6whu
zhFyLVNZ)LE84()bn5}^tll{4RmC349Z_hA9Xw*7v4ox#Ef$p@+;(_E|e=zZ^F@?P@
z*MeuAP#oiCY~+`D(dy}tw{3@jHQYqRKFk}Sh!rYb^Y(mCqb}!={bMvFw!%y99Nm)0
z<u+L(Pp_NOq~Me#7cKDCMxiuH&SWoDPttI_O|Di``R`_rti74_veY%VRzG`<s?ezH
zS+dg*T4m0qYDf;6@dX)T>4l&w=*#I1v#TCc>t71R?kaZbNQKK8WCyU`i^kZNN*EbV
z>}w4lFLG%dNJ2*$BMg)jkvIALRe8x2-;nVYzTqP>j4&?u(8Z9G<s_?pXw*6MKnMy&
z`iwSf(qCGeQ|@WzStoa;d4I!0h{VfCRRQzCTjkiDTzA87<^2>D^VU|9>wLoWsdXV$
zO47rGYNOndicaCqKUi+DXu?LbRjt(oqd;=wv(6hlmB8C-r-2xt1^~H);>?MMy`xjJ
zvJk0*oOWFF*0s<WVEG&-oO2&tdoG=K-pQXl7L7m%YTu_^t3504d?ogPDrFb|DHps&
z+Dx4KrJ-=-LGWd1bxm3d<8W24GYrE>s65W79@quqehakX%kU2SC^s;%6Px%F`zQ=#
zr+{2VY9-W<5IMZ|ydm@sF2)tzqTNmRe3-EcRer*?$w4|xi;04(S*;y5DmyLFA7Us3
z)YR|`#qc8OkHk_Q$(U5Ol=H<EveBOB`>9Qrt={Pe-Pd-rJH3Cxd6Z&5V9RBQ4P5ng
z(0{9z0X#*vJygV@-+u(gZl8})y1*zJth05(Vq`CeKdRg}($o44F-Xa<4Fq%^W<S>{
z4eUajp~~Dy3>$*x#a6HniMdX<8;o#>_9Jg8*j5cQe;ka*Fg~8hdM`fZ7mKU7%tafr
zZ7~A0LXwk74`()5I0mD<H4Uk(<6wx%9oRGcRH%%sfi$!By_4~5yBc9mFKSCyBq^d2
zH{XoF9~s?qSUzp+N~insTwxnO1Hj$Z3sGDxB!7NUsXl+v63YcsX-h0w7KI0ke7$r=
z!eWLkKcnA3;{+G>l9k;hH-}ctq&d};2!oZu<a`GtWm$aaW-yo_Nju2<vN0%X!jnC~
zgjoM7N5i?}_t_cJshkHfb0i6of*gh^bgroQG`r~S6F(e094mOE$$-`kz|d)q>QHEh
zH`2?lWC0W;G74!Ut%^8~&HzSksGvzn5|9bsdmUJ-?fczP5C$h>`Ax2>fI|e`35N4Q
z>+%TDCt1-9u!RaDp2>t(68l0!Kbqx3zo*$#2s5=@)|k6T!C(LgAr$4sHyYgQfpSvs
z2JC@M9wRDXXgo}m5jziDE>qWy%Of%Dtw*-E7{e5Bcp3yfaXP`}2nr>%YQ-fhO_{&P
z-#l#}9zH8K$gN{%IDFO_?RLf;?(pbYdUxEG+WP2&LA%WtWqPe7*YdOd_H&TfdEe`>
z-pqY&<V$c9^^K=c;|Z_F-82oK)Lw3!COiW%5~6|IJjNmxZ#pACKvko`*?1ifD1%v~
z9|W%naT-bp6xTg7TAZI$dZ%8J28&#Tm7i7GwaQ*=Gyb}P>|)bmhums9=V5nEyu%eH
z9CkX=d|05rIHR7Uu4KoH#e$=7QrTny)3U84=R!`MP?*iY%?wP%u?+Ou&T$M9?`!*2
z9FMK~VFGra)myFl{#DQ`2iLW+3$L$%)+^zZsyMy>W+67#eGYCTonV~DE9Ua7537I+
zV)l@^j}G-m9%|!3a_vu$uUC;@4}*{$=n_-w;L3N@!=nr13ufC29t>i|>y6MdYEsCv
zN{|`-IW-NInQxHKO7FtzJdc8BjPD$tgyH0@g0iMsHC<#lnweCPhbAm#PpHof`E*{N
zrUGIMq=8HZi&E%Y+@OHjK{IA&KJ1M1=<$fp<`AM(y8(j+mm~SuEW}bChGXchE=*r)
zqTso(hh~xdaORn0%`+3uJ~%aywRv9~n#)OM+3qY{BwCH^;i7|~k%SDLkDN0n=Nn@l
z_b`Cl02wJqG3yL2NQ}?(Q4ud3t2wF{U|UIIJ?;Y%AtNlA&Hj+6MHJ@HHsq``3<c1m
zKUTHjW+PT)n`v5rX%r+j5&muhw5m0W2ihD%MwW9LZTPR2?Ifd9|8z3ypb*m0;)NDr
zGMY%lSrFp11c>2PmzJw^@VpL)9w3XURz+bdEL3L+r*DG^9w6+)kn3IWGN;>_U;_cM
ze6A2P&y^QrtBW}jBLcKJ%c9Mno+gOL+3D<TTe#5T*^^6`40O@rz)zE;@8sfnSrUVm
zkUwFMV>&ymf0Y+6pgV9J$pt3zy1{84;~^8H>gXLc8vDl`)C0+J)@73^;uLyJLnqU3
zUaTDI<6d~yBZHPN&m+s1Tp`D8iuP8niEwLXyDX;OOCx`eLqLX}rv_6L!%-{Bdw$3c
z@$3kR;>me_ocHkOZ;$=clOPyl5WlC{1k>DDv`DG@D<4$%%PkfEqvMl`rQ^FYs!u4I
zg;xzI7v%vV)z8W8V!6}=(Eh$JE!Mm*apk!w7p9SY(KN4#QcKT%(bOK4p~IAZ=;g8W
zL|^ozqBKsaI1$9OD7~=Yd_glk!+Cw>U8ax|=_VDGPVik%@h2SD@>hAJ{Cdw_{vadS
z1*vAWD{feo#1GIky)nClSDIrdvu)a^ExhAP|9#dGdaZ!tj+vb>#fSxKn?QXU(fCK}
zboO9=&(W_|U~CdNy!RWe*}?P%*L5@#pEDrB8h+j#b>2$KqXeM@Row;ZZSRy1iGCx<
z@+Uzsuo)*t>2`LZsp?q^2B#AE^KWYHX6w6JB^Na#>2p?m{vVNizOFW_&&cK2ECc9$
z*3f!b&D-h<g+<*P*auT5z^D@#!?E00wb@-Gd(SAtB~+=>xuxF2e=RNA)B<nXm4C2%
zlBuQ#4N!;UbYbe>#x4y1!`*VLa!|)WLik*+)plM~YrBogfqb*qDDPK9%rm{lJtV0f
zd|j?p5s=JNX_RT-KygWQ6AV*s7nbgwx6(R`>;pQds6|JEmH`{GDM7l+rY?HFRuj`)
zMk<+4xjTj>!jzO-siahLNXbtz+Zp*;50Rfcy!HJx=ek<__p@u2F+2Wyab>lz=Ei?7
ztghV0f4_@s$%y}cwuvt4yb-K?BTq0>BfsA`e)Wce#L?o>TPen^MYjqeuQVa+ko529
zfdyaSVjFoQnGt!RKk`_if>2J-Vnza>^XB7`e>}l8>tt{q^f)&B@dd#+_d2koJ#5s!
zuI{2A1E0LxAQaq557}yWgu0d!pHF0}!|$C5{2qnkt!zE6jVa!l3N#<-XQcYur|o&a
z%Nuzn4AjJ9xiWlnk1V88Qm-Oom=ju{<qU}0=!Y6X*cLoz?2Wp9r*FlRm2e<U7d6g(
z)HdTjfcCv`-sx#IA=ii%DykR+kbyFACx8x)P$wYf-@;JHTAiorC3RUnk?x?~TblPW
z255^pl;-ld0dfx2#3L!4(FhpLg#uN1H>3sS<dlevY9NoApyCA4=MDZTxX=es`W{+!
zvPK=v(f}Knc?r5ZT!K<Y=qCo+97=3Je_;Jd-9U?5Ow{+}_6WkS^6u)1|85C-B^V6@
zX~*Uv{f*gjO;KB3+@8l94!Zt{GR(!ZT{;fei*|cuxmZ{!6-({C(oV5mEbf-t<;RuB
z?Tt!#WqpSkX&YpWo!ZfEWw)J;;(y-^P|OCtT8UzXt2d(XuCQ7t8gao@JaW>;ln<*E
znf)eF<)w9E&x8Iw#iL22=;H%<BD^?14*H=uM|*zg<$-n#!@<`g?=a0)4G4wCEs0E_
z&WlM{X*pm;Cb2jiKPm<8vYDyuGT06oD4I3Dp;iv$bsOc!jQp~>vc9o~=FU-Qd9+8d
zg3Z72aQEhEYC<+2v~xE^<{XZDTdDEI(8HeLL{G>s>r;XMehspIy%BkEv*VPtzb>|$
z)qki6Wi*rgSz0SdWhM^5lgU7ym{%kacO}F|-|BnhXr`d4gLff~X(jbTEUtIYi0eI^
z90OD1O%E$p$yV&uHA7O`!n*0WX=+ePCl4PAI<o>&xSpC4<5F(RWyX}?lj^erDk<LN
zc7$wIQ75hvI?s_vd*hGB6PPgmqk~ZFh`M&(VxgXzDBT<2VfN_wy>fc6C6{uP@@rm2
zm?;fwD#LDOCo%xDPn5B?=_av8?Ve;W!k36Kn$&-{)p<ASIgK*g2Z<-0khBaxSrG<>
z>xt6zQyRUNgpr&@`{Cq7(s^aFzskAQG))=hnw3jU3azk}@I5gKK~ln)V|ORfJU8~U
zl23unb$9%*OO%kdNJQa>Oz=_66{}Dk`NMo`1hI%-#sdoRdn@?Rmf;L)hF`mw?>b4z
z$?6S7($i>p3K64eBauSnD>~MLmv%ZY12e`m&v#aCWxcWs?`=VjMUBGU!`bGiB(L4k
zK%w(VYHLNGQ(~&Ql4AvjZZGTmLz?^=wUG|_Rq1GLt^#a`WG5waN5A7Ki6|h+HBYE)
zcXVm<9Bat|h;PMocTZQXV9b@1Rj27LoSfRk{4C9^#}tg<LQ}2SjJ*?Go6C7D;+pA>
zo#JE1Jf$t{6D9OrMDuzE*F+Rjf?R>gXcAHwz;fD$a<))M78D3micntQNjBiHgtT3x
zPDk0&h}=t}!7+97V=JC?x_TZOY!-kPy>ci@w;!w#ndVB$606jCt%Oqx@+cNb9m*J+
zJz_}d3s%}Am<;q@JXz;{<NqEe9&zdo=v-A#m!!{*1x`NpCGvH((K;&E9A6^Jd5HW<
z<w|VF4yA>(Ebev2oh1A_2h(nR7R~B0>kybe_(eXC)vBH64Or)o$!Kmf;+WNeKlVF)
z=xfD<<?CtgAIh!zz7tQ|kvj2Yrebgk|GWca9lCzOr~iL=e~GF(F{jyY!WOgLg@uL4
zPZY}*sycib2S!b96J09G^g_ai$a$N5hs#~b`cO||^F3VqBKI-m2Mb)Z1P~FpUI09+
zzSPu~O<KPHavB)5JTSq$=om*}Xy2XJSyO??xM*9mf$-tO-c%^gX^<^8WRa$u1O{~$
zh%CJ!qYVSh{g?#M<RaH-B!WiEO|%Hc5TqxNdouFEFB#p@ie5ob!i<z%G>_FqC?7h~
za&<6XAZjv$Nksl|+GG0YdbiP;95*(GpiAGQ*bULlLLa6awnc;_eV5LhBHE7~9*Wo$
z^CNpKNv=Woo@JL{JIUvnNMq2Lhs;zwTPC=b-%5rhk`6ptX?aLGdv12ss3o|eS^5f@
z)RfI*b9$S30$?i%w!7yXIZ=qr1;u%1m@o}57_(f0gD1IEjM7}eSx;hPjq<MOawpo4
zL`T7qmhtwqtv~lJ&h@W(`+vsoJfP=VWz63HE0hXr@%=yebHD$0C)ckY{Q7|qe?!0j
zmtQ}4@Hzbbo4?`b%&#6i_`m!+_zS-U+`pyt{{wyd=U-2Q_|NqJgMa>K{)7MFEBNPM
z{^eib%}4tG!N-sM2mixY_|IjoU#HXNV;V1EKSnQpEuYi&XO%#ImI>Tv{PEw74EW>Y
ze|Mhwg;3c)$`{5ny)d6Y&i=0QyYLgsH|saAJ#PC={G`nU;(>_*OszruT30o~di*&`
zKjry>^N1Ir=077P{D+VK_TYc~_<ub3cOU<^2fzCGpW)NLJb3Uw;r-7K9(<{8$nqcD
z+x)KbK>q(3;QYJ)<H4_g^=}XUPrv&3;Q#*M<A44)DDVIGE51MeJGlR6q;sTvY>1-s
ze~DL9UjLj(=Sbs7>sO?6i9Fr0|6LLk^fv$fm^Pl(cb)!$jeP5s`<JTp;NSkI2M_)?
zz}SEOzw-Sr|6_EkcliC^eh2CQvvL3LQxS51{n=etng6@P;kC+`J^wEkLD+KV|KeKV
ze*V9U3&dcji^V2tzR(vBpHdv)(a>Rlnr|K6F|sou+YP<n%hGzSQa)&x$wO=z)`(=;
z!5iA64xXP`B=Z&8N#>J7^7yVe^Ey59uba}^h)}$smtxQFd*P<BH!j`nkZA$x$wXs9
z3lS@Wkv<&v`u?%KzkZGzAYJDjtQ|)e_Pa4|^xLlhoFCY)+-Gkz8aS_{PZ8^7dL;Ld
z@@Hw|tz&tYPI>Rf-e@4wJ8AKQk*+`K*csskHPm|7nY@!P-$&iGU;dWjDZ_#Zt)Pkp
zeF}Wxn|+E(+hz@w^f3QLF*+vRtkm$}1p3jbAGJi0I^j9{xca&?@=+fI{pIM;wie`t
zhnVGA5nn2?QZImJYLE~&N}3+5I?sX;tcgtvG-a!{m4a5bIiUQb+Exmw^BvQ1o4nL|
zJxCG^PKEc*AGgP6c+hAoh28i_C+r8XCdW9^;*s$aFvYrtz2Ge>U3*@)-%;UAf)hhC
zs_eEn5}CGP3wo2jx0ynPBDQq@;xbxAsTEm3y`_2`C8dogNTofzN;e-1uzJ_(R@SsC
z4XavHC*>+12b1yaJm}(@n$ww#1Jn+5>1<@Afj+(v$Nr$y6^n~vw~m@jQQ57w#G|E@
zr4E@4LjQDtr_TZRb|1Zbwf#d%l-6@%eJxik!r#YmZxnJu6yaVm?lrhK;C?Lcja+e~
zM8AtG>p7S}a;4>BuC%h6OBGA2Ik5(J5fc`odu=6GEETAbVsS(MEx-+h7ofn$tMGf3
zp84Af{Z5G$Ot2Bv&;*)z1Mu|~`(1Ha|4z9tZu)#pfNl*}T!5=if_cyDQ=e1w5?u9J
z0^D#CIM1cxrJosKspKSZpI0yaECD)AxbpL37obDb%Y|z{r)~;>?iCl{%Jc-6dv-fz
zr8qUgRi7^jur%k{9eOLvQxjbE`H}!vFa4alTn3k|xy-@s<;Tbmi}GI6j1!qAGf#yx
zhhEp0V+Ezm7s!d3^R8SPfR!Ker5K28;_~X%0Js%^{HfUhoZICxRDj)z6wfC`##I4J
zEy2CY^Gu;=WV8!oe6Jec*Nsl0>MzSCtjWIxp6yhIqC?E<I9opEX&0tp{#^oqFdb4;
z*Ejg@#!3XFv}OZ&44GDOO2t;J%YsX~HPk7yKGNKa&Bxjn<Q$wh?M5gun!L)mbZ`>k
zOwwi{iM*6_VFConff5x~H6Ew+Bolqn8UU&#DeR00@ea;VenDifDg3JEb;dQ}A3I}}
zpEt0E>S0=MZfvmZv$4j1vGXuJ0w#cK40OGynjE!1YEp@NlxTB<?x^`2PTCcT(`D+Y
z6t{iF!I_h3mK3J*l<ZE4SkRmvrp{Pr5>n}7lhotl>{=`{ee!$$hA2TnGosmLN(Y^?
z91|KNV&+8DG1CfLS&QzXZgNt`#HG`S5*$8hP(mu16p-d{d>5Q?j=v4sOrYP?rDzR*
z6X11zXA-jly6g<S+v=FqT%;o)J!U0GBCb><GK$Ep=+rRA?n?>p6(N_5-*);`JaNIu
z<cyYC^NrOhSGwJr0g6f+20(WaBb=#p?Xd$4aQV2XpNo&p$qPnGadp{9T%-<)N`&W<
zYVwAiPW~?G6@coLk~4X)Y&ZZMyly-;zLjKwCH*eNO)`6LjTVmlt|X^R<C##RI&8%$
z93=<6B#=wmjmLJ4go%=pu>z3KRH2eipCY0*6Kpu8F0a@HtQRc+F@VM8W#h%NQA5sH
zq`B7sKuunb(yy7%FwtW#acxu$?HZSgJSudJEu60yI4?242<asU$&%)1QKV|H4h1N(
zS!Q6m*Ndu#C7E$b4Ui|UtwjaKDp1Ttaw9TWrvw{kk|*jK0@p$D`LO~B&(sG7Kn9>*
ztQ(Z?qQE2}^*xUB)K!r_59g_?BAtiY^a`Zr*Pxh-I8agn4*Mc=4^#}6``&1rF%^as
zOp*0dq?UT*jYj8ap|ik0&|eHB9|s)XI8%f9zzDm9{{0sicEjuWXkJsFjE9qiLj04A
zp>E8Ilac3HZvZN0I`zgJAOOose_Q^#e9)@2YxU=8Okrd|AFQOt%(C*Dij>j8A?so>
z`vp}MUSYUuBWEtwCX7UcR^JR3sum0ZikT(d`68Xe<7UBROi;b?@#G}KFO*w`h15c4
z@@^gkz^n}cUPPWGdXr%()5cSkgFu4M=7jMAvzw8x$P)_o06FWayz`ThU&RB>=zP`d
zRo<~{%*^M8P8hwnppzENJDh}P$3f8dIs@I~9P2XabHO19=?<he>9h!P1|J_$J&f`=
z6!HQ(<7tn{aTs<0`2pS*(nXJ@Bvoel%AgezLJ_Hjnxs)exTGTd-9~>*nVR`#jJkOH
zl^@v8iYCl==biDH{f3TT+OPUS2e(x+?43iQsjHOah$!lpojv&`OQTVdeQ1$=yIiX@
zT14?|0`85`BdH&rX|4O^%Fr~CT#g!E)#hIHpxS&<*-a}nW04~{rmtA2%?grBZd7)w
z<Z!Bf)H*zBS;dB49}6Axd6}rp!36#3VRn1ZWp>+SqNoHUCbic`wt1Mh7r<aVA?TTi
zA3n-jBuK8Ka_Mc{@)}tDNN%;r_})~TZa<LpN8=9|128>)iN7ftYKB=Mzhx$vT4;E5
zs9SIRWbA#Q9I|=s2Bz%|dOV;qhF^VZqiiAv+>KWhhU$V1S-X&miq;OEqB0lS$KEOM
z8!l9ja_t7nszxxhYB8S)5wH2C<D*BFCVIB^>c{`Y4()6tR1c73Tj)4uVF&T|f=(wm
z>9U$TmJh3ygI41^+)hPr>`B{CQx0|+DGx{9n>nd#hfQgL+#l|o_iFxNT1u=IUjs;p
zHr3=S42iT=->q+o!+uA3K0uGY`P9OG^SR*p`9*nWr&1GV<!;yOw>o4ryC63XLqgm*
z0M<1bd+(UBTCa3h@8gr~X7sCt11H)BPndJ*Obe6rb8n1C&nlx)Fv^hE^h%>qZvgXZ
zRLZ;GwJYCNo2_Qn2nOUba2X1SnQoYhZ4p|>4KVMaHzMx~rh^Ax!K24b8D-eqKNK09
zy<?PQL9;g6HfGwkZM&y!+t#$FjcMEFv~AnAZQJgyx_!?1-m~sn_t*XYR7Pd)d}?RJ
zu3Wid#}h%CpES%qtOFqCo~`|>X2~L6oR8UhfEgu%nt_C`ytQQ|lM;y0XuVqS=qNDx
ztB`0uGLj8uVSa{>+qnUnZusxQwB#c3^!aZ!bdbeW%OT}470ab9s1A3Vo5k}(O)Fsn
zvV0<l@su_~2+`i;s2WtriV1I|$0GdpcvYgiUzWjO&_;wXBSMl;PKRsRU4OZvWPav2
zsoG3-|7*w~SE9vW`e9(P$sg(CF_WwjTJSHcWqwPbQ(npq+xX_x5IWn&4ldQdo@Q+C
zr)N>M?Rg@-(PTsGeK#>vGx}}Baj_?Hp)<1UaM(cfzn7n^<rlr8ks;Gz`9TR@KkmgU
zp9jbb9sLC)X7k|VXnBFSxx^~k3{sdar~HE!8cUi(q3V$|Hw4l`?HnfPp@j<<b&-F}
znD5=uv!4?zlAZb7Nqk5TkeVOu^N(Gju%Y5BoScK=X@5L^0B-5q6^4GEJ`qIxfV4kD
zM=!^4@!`4bt1Z<MXp1F+_t#t@vjc*E=)4{qx|M|7iFKpfcT9HP);zvq!G<dF@U_#R
z1|LLrLqh}`ee>yrMlF-(w6OWSr;v46jQreL;yA$Lu>Rt6obzhES<9rhEkGy5O5j6i
zh3Sj7zuIgedE4MgDI0()sj>@1Ws-L*^Ox*e{}h#?|CQROTTbCTmL6XIf#romyq>Of
z6RNFspjI`Pa*gYD-sDMIQ8E0JtnRlarEfwa*nJaA?UQ}};z)r-_O;C)H}NTtWiIRP
zQF9n70@c+jzX2P@@blZ3(ac+_w}1?xd<7mnXm3%*<OF!I5Hmg`_`g#R9Rox(o^#hm
z6j1EWP9avu&XtXDp#y;=`zp<@@Kfuy>-h`TA;BdPB6hfix?M!@%GEkdc$qxV74?+2
zOr7Q6Ub~6N`?UppC|tpcmAu>%J@Lh|n)RTHA@unT@hmi`V&nZZh!TC&A(#8*KPmqm
zaEul6hhPntOvt56if#Tg@qU#I59Xdc)m`VpBIh7Yi`oof!iw26@|2$<Lou2zlv7H?
z$e%B;{<@GZP#55<ykxnf^_X$|rybU&O1~<Afrx;Wr^-E9c>h+pX*ld%HZCPF7af+<
zp`{r&{p)zFON4}q^Qqz=sn?~?AYXX4`&x<%tdJ7N;>a#zV<8yp@?bcfiJlZbDF$Sl
zXPmI|oPHuWkFrL>#2<k!4*bh#ci9Ft!A^Pt)&e&Yt=Q>xbG?z}2tN1Teare!uXAE?
z2p6_XvA|v~;#1G9Xjr}GtL%E`z<4G5ODEl@R;&>DM(R>sEVp6%TUPo+F=7c!jOfwG
z<}8tF9Mkgw7J^(|i2X-s6U<8KMtJ<CQom3l@Tii(y&|+dM?(%<z7-O4LCdC3ZBPl!
zS||INic<kV)-?RQarA!NY42Y;|B9R<BCKc4dT^ssfO5f?GBG$N2AXd8u^gFHC3XNr
zn?E>4#b``Gk8<?hMWpp7Ei2UX!%Ru3R!v}FoPUM7G4UZmhB~Zn>^Xz#VMn&MS)xS9
z4HbA7K~3gueItU-{n6!-$`=!}ku9WHfpoF=%v@%H@)r8Wr}0v`-S0NfBXP(FLhShg
z5v4b+uhJo^0R8n~H3x@xI``E0={$t##tEz3rJgA%k*Uk&oWw~P@!EQ(Jke0iBQ}G@
zp0cIfiv(RWU)&UXd+0BtVjmc?H@P-AXC0i?R?f@E`)yuEe6PmEJLv|tF0f?#imJkS
zbY`ZApdYY<L@u4CnJq(+i2@cb!cJs*^vy-*%!nF@bYr$KJmTsAuU&TQKAqhto>;9!
zn<WuRzxibbQ0Ujg*PM9TSfuA3E~M?F0|W+^I1G!9uLar$&eX&@3gL#@Kx>;8?d2r1
zDK-_&grEFhc4+)v?K(iX0e1?YHQ}>*aZi{rW12vM*klCG@o93Yf%2%0vde{`9MhX@
zJ|MS&1~<@^|7ON{#t&0HQtaeY!>Fq9a~JTrg0Jh?(h$<#dmF6SopQ34+1H*vv3mHR
zrt&4Y*|;X?CZYe(KK@GRTB9+H2fP_->UWw1itcR#KeBaYWRwnP^=_h9kVA+F*+&v{
z2(e1K7Ju{`+5qB~HdLU}2!Nqe%X7b*wuklV-i5C^{ycPiSv+Y!EDxA2jEU;0;b%6f
zy)~0Vmr|W!I4o`Pbo&>H90{#3S!W2CWyt&R5T~*|JZPS_ZVk7)hV4B+o5X2AmH0IF
zj^Z6<zEuvJr0v$>4W7O$nUu_L2L~gL7o`MdI~{o7Vy2AKvVS~FEsaCZ#E#F<g82yr
zoHSWKh{?0X=A<*OOUO;VIqH=04?c<3HENHG<LQZfO2HstR=F%|m0ehtln{0fh50S%
z-4!q7x*Lb-tOy03RxQG;8DDL%5V;5~-$A3@v;RVTH;fWqbg+@S4n0zdc@~)W%S+VK
z-BHWr#aemRiuUPG_gX!zqRe($*>fhI9cMvyb-7<gK1n6$CrN4mknz{fSXZl#tE<Ai
zk5tN@YaMw!`KQn%$rhd|WNgKr*}EHUTUXR85D$=iq%~F)FGZvmW}Tu}V`LpaylDy;
zo&Q9+pBGVSwbq4{y5K=^%6C;Mj8iCQq(P=KIWpu7b{n5-+{8H!*i#++3O2l^B(@w#
z5t?r@lOY~mESjfkIgc)0t?|>#6Zk$|Y2qgX=6?tNZeOT(axT#hc00mpq3?2e@)pEr
z&}1f_`(bqjaUo@^A4o|xOVHjZeX^vCwkdPTvGMV=<s>(}-;YRx?Hxs!vBMq@rF>4V
zqR7*vA!xY=TJ-3v!p2M|yMX&fX$3yOo<xQab!wMt+>K_}WxCz#Oq@Aw#0l15r{?Bl
zL)(VPBi|g~nK@_MjC>v%J+A+>ahMSGkDFIZDWK_|<g<YSV@QLn^}rWwJ-n?bMLhw2
zkd+np(X6H3&3)1P?mI$?<WEkuU$D@*!BIr4Oj~j^9#Knc3iu$u{bDQ<H8K-GeZav&
zOIM$HV#x?IPiv;U>g(R<H-Aflj@C52p#1OcHFv&EU2V^gXS*Cs64BrC0$ADYa@y2~
z|BP`Hpo$RkAoI@qR-S5TIs{?ua01AFT8^R6m)y=g;$c60%)JCQ%9fE!h;GVe!kSCx
zjKv`kFG4)|5Km$0cB_&mI7vIo%=#Kvg8Py@D_W`NsxU1kMI|S$e$2#{cO+{+{hMcV
zlC{a|;_Z#1Fv>58d;TEmR7Z|GN_vEj8LsZGtkPy3#v{|pEs<Vri5$x{v~$3U8ctjY
z$Mht5uw8uX+UYq1+pB%Deg6L3w#4TbEN7#g!y)!u@m;0@iZ-d!6MlA91X}=JJ6V$!
z)>zpq!2d3>KbRn;6MZ{Gb3X6hnCwu;ZC!SL^ZJe_n|h$cNMv{Kw7ogidruvizR_Ha
z<vQ0>>qjU^Yy#?SdD6kjpC_+4SkZ^jI#7eA=Md;OGV*jZR?{qpcLVNnUbUY59v*vs
z8tL^!aeoL-3@y330ZUxI{c^t<qR<=_?QhhP{#vOb{V7jA{&*?0Ym3s>49`SEWFGo`
zImVvWWoKBft5muJls}8x*BFy*v$+}{Ei!C;r&_go%3!wIQqkm?=a@^^>rk^>qH$gr
z7jtwnBfg4A#$bn5Nf23At3YC;Y0~zwUS}t@tH)rH?#M}6o_`Uu;;hU`Lws>$(G|r^
z%W9t6W(+)(gTD)EPUfg=454An`O{{&1bSA?g=hh5C8M%{fqLGnUAJb1eSNRmTBNz2
zTxKQ5BZGlb&`6OzcD^hX|5J3t$;zjTi{2H1IISH`K~JFc+NAP6XmR>fQl5*P-3qK^
zmo!J)8dzM+F@lPCRwmkXTdk~1-8xnhqb{xAC=N$Ul3>$4y3L5(>1Kl88~F^r+KPJM
z3E`3zD>5RFPHAGSWa}mosvk^t1s-Qig8g>kbR}uh+}fEDr@oH5CIuUB6J92@c2Ias
z|Eg(RYB&TLwN8QmtO9szE9v-{XgePB^AtRVGSlS;i00Kg^#J`OR`iDaT8j-nU!N{M
zUXhm{d_F_J+m}1S>lz!qhZDc%vsNi=jT~U)h0Vpw0}x-&@6Q9U2Jmb@HPSP5VShPt
zI#hG`u(O`42KJ>z;gDM(F%9Ae1fNz?$?-Ge176Yd&CoKc_jp`6ZrJaSSl{jN)hga{
zB0n|^0&D0hM{)}uRdNWqV%@*cXMiXk;v+1=KA$^4j=h>p`4a^Y><=$N;Eut01}6|V
zb8dyfB<9O+{@u@`%H_Lz=*iaa3OL-e41mr#@%s>(dH`Ag3?1K2PkwF^5->%2-D2|%
ze1TraItZ5bvu+aZ0$^Uig*LwjcL8CNpQQg8d`10V>1WO!0OVzauq}?XRnXgXI~bCn
z@4pZ<UoCDCUZ7hA`@jCd%{ch^e~@k>Pw!!0BRlv7ee@Cjuavv{pT5}tnE)7#<_Y)!
z-y}2xkKO&omax72zlW0K`)??6k^h1Eb^U)2mHh|ezt%I3^gobwtb&0St%AK@Kd+(H
z+(Z8BhWC6Okp8n&0L=eN5dV>UgZ_KModiX~x3YS_lu#!BN40|w|6jcaI{ydsR^opp
z%Kw%Ak1YgQl>SHG2}1v~LbBzV|0q-#{l9G^(Mp&#@PCXMDEJ?<1`785r|<vR;xit)
z@4s({3VQIn)hzeF|BsRW|08XEBPgcqeE`~fe8X2_1p%}Mf&llx$rZ4_>A=U4z8xRH
zg#qyWp$GT#P61|LdJV|-`l&JZ^tP*z3Js#x;!F#ZY6F1=80q;?`+V;Z)USpU1Y8hq
z^_!ss+|xf*8Vry?zSHd8*Tec{!0#FWU76TFYJAyWSNyVdJ{#9n;E&aIN79E(Ak9y5
z_4w2b|J?ayrGIJkWNbk`lnd5?0^e&Ecw=jNGS|Sr#fD5|n6yOTit|129Ww`5e5KG2
ztbqoejSvDC{L49Tf#F}k3&HylK@$J9uUtt#@F#Sm86!}sM_}&a2#_rmfQtJM{?ifg
zDuV+Q2ecgsh6Aylawq%}UJZhJWNv#P02LoM?FhQ_$mS<juE)RFoB?wWcXS{NCxQ@P
zZzs+c^;Qox6f+)SX)M5tJ$5g&G4a78Wd2TzSYyl}@t39hks8`X!8Y;Kp`FFg)QcW1
zkmH3JS&)abmv8+7JgYZWM7IqDXI!Pe1ikPkUpiK}p;%^sGfuKV16@7F?F-<|e!Fnm
z3!yorr=NOj>~&7oZu!j1+?HCv$LaNVdsEP{BjMH)d+kfOwbi@k<MQ&|kMz<0-yL59
z?Hwu&|L+Td@DbMntRZ&|BJ#ts-s+<ndyzM!>c3XdpL!Cf*~il^fF+9U-`N*sSN5;;
z%Z9{a`lpn}lL{8?J57Fi7I1D;<tBvlDL{&92MBxZ=aM)oT{2H%A-ta&=3}~0o@^UV
z<}}QuLX~7ky~@qtx_$bV`lnDHG#H}&j_A4Qyz7d07q}BAh0-Q?6wg^bixS_qDv1q8
zTq)Ocs%r1AR<j!^N4d9H+Aa=@4#sQurZ?VhDl&E~YbB1j$gG&ioUqyNME%1ou&YIh
zmh2{ar*+=U9KDp_%8wMl{BDO^{4U(G5S!x+_JgQdOz`w^RzigW=AmSJ6}NM&u%{ev
znFbL~JZTzE=xQQ$Yw9MQa8%GPia8q5=ZPlsUV)@_RRVnX>|Kl^v!BW6b{zS>*D`N)
zs)f|=(rg$sv~9Y#f-b}<X)X}TSMUhYlR7BUcMd0c%No33V<lEQRD%B7BA&c(AXy%%
z=rDi(ah<Wur^|P!`{l?<HAZzR5}Ss7;HAgEbcDw$EhWzkxu~x|qg3#;%8C5=E*<2D
z+z@X4Z1=(-Qiv7B7iU{PQcYHl<WV|iB%aPyV(r@$zPF#rNYjy|-}PJVh4z#hno1Qa
z4C2w@-)x)-u^TUV2n2bogs{QCir?&6)J*qvZXuwmJ76)poR77)+tFQf{v2_p)!i!-
z3RQ805ivif)4_kaF(LExzxZqE3W0a!!N{wQapR_0hs;Rge4G&QKw2oGo<$%Gdr(dS
z$@B(;K*gl{C3})w$QE_qBie|KB{+z4XHd7oxVXz3)E6t-Ad-$YQ%KXex~B6qiOHsh
z7s%O#TzPUJ2tD~BMG!l^w9aSVr4xY9yfyr$%q?oecyBeWo%@5|>1e9au4jN-V^7qP
z9OV;I`C6nB4>G||MaoiWg!U=RoWhO5A0Xrtg@4YWy_QZkdQ}S_p&p7KA>Xt@1p8Gp
zcyeC92%w9vUpQ6Zd!E`Y{=Qzej3N_nJy>6rZdND9B7Mh9;jAr+w4~m8!c(LeG2y^#
zS>nJg1s5_Oz8JMFg`64qDKXZc(f=6K_cH!j{<NW5zVX5nC`VK5b-sh68{{?*JJN!<
zfXq9v5$sOzDBS}0Blx|Wvs*3A39g+zP4MN%hnRuXC*i648OMYWMNfA-4?BQV7YS&f
zMNcRAqoPGC+-k*u8<@Kc9QFJi2~)idte~B^c=__fT$u#CKvVXyyZRopO8{sqtJ=SM
z^fe7SQi0d|?Mvu&%1PAi;g2R2GDGvqXLVE<oRLLS$@%1R+t&EXL<h3(`Z%y$$Vpiv
z<Ao~JRhBRz+d}`&p%3NCBKvPwud?6w+|Vu{mk;h*WeV|hqs8?4qdJn0<qO7zi<mAR
z$}PV=vHgOfjoMygRz1~h8Nb_&yM+k998RNEse0|=sEm?x2GTZKrvYW}e#fs8Uul^7
z8do(n9tVCtO=u6mW^X~j&0+geUCD5dFsC3qyrC;2ZMzYfRZ+{Q5bodGobNZOMANLM
z;PYi0RjYgigF0m2p|3s8n=k)DbnQ%$Zf&rH?064iiogj$f*>ISwHvtadHCNzxkm7i
zSS&t62Mm9Ba+-oXJPKA6C8q&TyuN0(bX%l%=3Zk@k1b3=68mZwd=LkM{YG0T`%XIp
zQR!}Ej^4P95w|UqP%D>L_yV@A?EFxAcA<9I2YT%=;xL9WMQ8TmEPBB@f7U@c2a1>q
z)#l+vrkSY}K6uDy%#`#H##tM%Ab#@VKo<BqSPKgvD_AY$#|j&%f_j4g?apMv@)X%}
z!XqNii>UWwIok=!+~*`#rJ=m!GY9=9c*hE%HAH+<U#0A7An^jy*AcA}aHg!}4Bxy3
zK+_7VWG!4Wy6{TA%=8ytfp*uRlLx>ebPa$GZT02@khd-25jbHxr?{#~gHZ?&oXaO(
zS{LW{%s=m0TebQfIivmdyBu(N^J)>d{ul3n<1;9nxJjkp^7F&PRYJg3g_m)0rU9)w
zPI3&s*HHsxse>*{ajfaQq4+(hr{UJC1**s4Wv^kGLj4S~dr-QUD|iIodvmQKIal;t
zY%^Lh_a{<++y_Qn8>A2mZxdagm9X!oivHs-p3i|7#vVVbG(~UV`G>~ibwku0hfK}F
zKI{pm0_0!P(plpWodQo`_&@pYrN0=tV2g)-&6GovR||Ik^!uUYBP-J?xZ5`=)oRxz
zV{+CrG`+utWtmO$^~uhpR0rdeq4YXDm6k{JOHgD0?;<jufChz}(xEPu{s8eMV?7i*
zJ8}qB4|$8OW5)OT=Y6Wr)B*6V1+ZIeHu(V5r>kuL^z(TW0PJLc|JO#Yi@6OUPyC;X
z`tOw;)siB(pew7xs~dAwP(kYTcBMvhJ2H2`b2X<hdjvz!*?mh1F0t&7@Zu9>H(vuj
z4esr6BR<n_K1R|EDFIE9xm|7$?A(mLWYuTh#iCa<fBWiMO4fVD7WDQv|9mR6uyy#v
z%D#BfQ0<7dwi<0=%IMWKV)h=^sxpQb(Ud@=Sq#lrN13gMXzVvoa@`p<7$+L+5O!k7
zPz|m-6C7-3J;TsGFP0d4DtV@r8a_23(vqlhm=XvCz#bWK(041)m&RGX>Q&du4~#id
zO!9wDP3)wp9NX)E9WM=RPF$rjW=lORRcLI~=vs<`uuliA<vOr@>6>@yUpUm0^Hztp
zg${pCe6yD+IH*al)nv-OE*<watQ*Ya`vNQsz1opNFxia!fK-H;b!P=3_=p>}Y}hZI
z-RB;FDYZC3Y^(ddV1S397%<&n;n?p`aZ88BWcss5Su<wC5B=r}cyp-jndJE>$!1j}
zz36WTVsI}$5YH*D<MX;05E8jZ#f9%WJvW;&X+826OAabulzSBCtx8aUlytM!`8pgF
z;2c%lYC!-dJh3Y*d5%`kfHV^z)f1}TK3ZO{s_07B-fKUiPqjya`s7sj9-#5neLF(j
zjrYh?kOPuuxQP8`DH@qFrHBs^z&`7GUl*eIRJS6g!Lhv?EeHqIN=gZUZO_)uTa-wP
zN7IKn+JqmNrp8%>l13d}UM@ZBA2%jR$h1t0>s3tvQ&D2b&=5A%meOPs)b4*haq9d0
zHBD@xQ02yNiPs&eUkobu*3kHt&*~vDHvfm_E5<m=3FHHYW70}pi*l>4RiTDUpakiv
z%>d9G9oY;XwWp)4H_&^!co`xgt`$TZOm*Jlge5=CZzWJYSC&9@7MIMK?u?oj#k;lQ
zF&OGX3Xuf;B|OW@<;+nB93s`k0>o)^<zYYkGEL&Z*l4Gg=V7vQlFHmC^g|UOb0t1j
zKSBCcoPruTWcvr+KkJba>nO))7Z-AAE;8n?VQR=15=_MHPK=$mJqEUCdG^=tW8%%3
zyB5SFXPydn0fTa+&ftM11{4K&Ru?_O;cCe|DV};5;#ynCYN~c`C*2>A+sVw{8#Cs&
z6irVuo>!{*L{P+SBj^y8n43oT4Q#|860@-ISz5Lx$rvOF3HjDM=yoiQ#JLIR+{y4*
zmIeK2EXra^2e<Qu{}>}`7F#3+dI=?;K1#hfP_Qe_<@qKBe>J}PbDriZ?ckcWwi&>@
zrHSjuPv`Gi^i$kx5-Gv+wA_de{PX*<a5jL%M7}R}K;%z=lcfyAYBc~kR7uyZm=VOx
z6|x#Qn6vQ(7vf0m1`@~&DKkwm36VLziv`3G5wHA%XHkdR$U)ttkbD<orWL%XnI#Fj
zgUqp&RY@!*fDcpHhGIiur9uQpKls!(4s6KBtZA6uT}<@KbO-AvbP>n2ygLJp;IEMw
zp?Sx2*Y|G~!SLELMuoqc#We|$#eF*=8vW5|E8loQ#h8M-W7dLJ;=n8qW8Z>vls(>X
zKdqt4D$8=-$^SI`ie5B*()8ZoR0UgaakO!nBD5b=W6XE%(q*DrYSYD=P?%54*9Y;B
zi2OcQb_z?7OWxYfwL82W{|@}?DOB*5hy*lC0PWNdk`1@%sO$JQRtugM%Aad)1i$z`
zgX}pgjcDQ5uj3<H5@_eJahiS8<gxRgVc3j<U}e-WpziLYRlnv{@j$hOf-&`_tW_ry
zl$Gt;zla_e;lqg$oVK=UHEblJ;Z!0s=Ve#<*4N6|GG9VXfzs7h_rO;AWXu-D;mrp^
z@)dx6Rb#U+<G16%mG@)uJ1U5<jXeBnD_#)qAYNCW_qKuf{$PCXH9&08P2Y`0+$6P=
zgJ3pE!uZLvFto6NinhX%`xZ63y6cOz$x0%8)ZTSDwOHV?gwJ%sPDn+vw2kliJVUZv
zw7y41I-frOQEB~9bsQ;x4!6ZIqueRa6m{GjVNKUMukRKs>?wzMHk9cdMCCh#2~I?|
z*cA7TIkv&|SRdVWi8dTK(IDIM2kH>#88~4x<n;mUXf=NV+GT^bc>-(b2Xa3EJ%KjA
zfjj-!aUS;uoxqiqn=8NT<975msc?m!)(66bgeB}a9s1L0q@+t>QU<TmL239_1s+Wn
z0=ax=a_12seHLgsCm=G|Yz2@x?YA8Z%muVB5i?(XN=V_LVWh&5JH<mpwnp>v0OM6E
z&>o1weA6cxuJ2#JIW~S^M>w=Jp7JvScq~UhV9b)Q1{GR&qjC^bPGs<@jVxEVG{58N
zv~*K<ft&*1Y%iZP+I>ero7?jo;7*@w1;X$1x7=I{u-WUaM`5CqsY_I0mEsUyzBA{u
zwmp;+e>T#dqXi+3TihH7>GDJR9BApmzA1S~^1q+XJh*I;z@266e;&^}Mf=j<?=8;0
zF~^c!02W_xCw^pAlic8BLy}J~vYOW!DeZl4wXFKToNX5hJw3~b)HXyvkmV<Y7~}Ei
zCzF5S7Cy^5Uv=RmO9{HYT5vYKhyZwGn$}n8(n0ldie9z&<pfI#nbFjY;?Et*7G%6Q
zxx0dDRLe}k@cHe|?NORtnwt!^%Q$=NzFnU-PdCrB&{cmbHr@5D>`EeoKb<^fT3!Ds
zZ@A8@J48n*Uy9Uno7+9FwtL@%Kvz5$(!Ua9dfe2Jzv?HDw@UY??0UuEzizw6sxnWZ
z$`+$m2z%Y%E)beN#Iu<$nOVoXv)RPP{$l1j7)>t3I9N=Mc6fL|l>c)zq~PcnosTR9
z-KLsRDc8v?y&Iwf@$UT4-!pu{@&J^Z@t?{BuAqGOBwarN-JIljflZ$cSwJU&+qN2m
z&psypx(7z9ln%QI3DzLu4>YX+(}EowFxi?N;2AlVKxFZT!`OqR8n=YxuStQtX16X>
zYmJ|FSTsZkfIE2(azH0)K_RtrgjzFs?Pq<=z*arXV<ZnuORB?<={UznB`zJh{D<GH
z5Ct84S}!swG3HZ1=@ZulXG7;>;L+2Os~do^dV9lfd(71ja3Oxu^Z27Kh~m3uHH}?$
z{-%o`)Fq}X)FmbN-BTp*Bzk;c{_F><?u$k1^^C(-?w(V%)_tyS$+qTj8a<FcRl4H(
z4cOGQ-v!*^ZF3)`YUn#R<iciLqBMCWC9i~+*^Vb;R$E_7Be}x5hZV6TRe@6!XFmLa
zwFoZ3mWSxTNP*LaB1=X;l~T?mgf*e6+@E*+D%_DtWUi+_U7t`dPg&JAcNgs6&yy%H
zDO$2seF{lLXw=Jam=5F;Al%=)Wg7DK_K*53)v{`NMt0O!?d;m}^>t`m_<a$9YlQ*l
zgro4Tu6n67_6N2pAbiq~vOm({GCNeairA@Evk2)TG#Om4Xuz`pj@7+GOVIjKQEtm^
z|E!rxYl#G=PTH!CRbQRXp4d9vdIEW4r9JGrqA8*jnIGd(#M_nMa3f;;yH?QMIdZs)
zg?xSK<ETFo4!a0>Uq&Yt;pH+7JiL|m<3Xmx8I@Smb~OPWLDR0+#)xAEhoIxC=qJYP
zsTdd=gi_X_gg(sI6<opV(o8s&L$&*_fWRbq>TccPlUxz1zk6ITifw-%u;C<LsZmCQ
z+!+HWx!a(8bIobt_@ND5g_X05=d*upqZBSd!#vV3^PJ$vL*x+0#3zHeDt1^o%r7{d
zpUX|hQb*P9&Zu{!wCUZDcB0(zc|z<XMAAEUikv)lx<&D(ze5B?MSW(I8-W&YUSGg!
z8ySyfkz34ys|D6VHc}(SSl512(}^S<OrmVh4&-B*l8bHYuPJrRyUIoaIk4e}Ftk#u
zE$>iVU3jvoz*P7n614CQBl6fxC!0?Ja?<!VPL8zOY6rU!_~acNBDKFQMBuIMws6m;
zvE0w%*bs>5B4Wat#MK|-FLB1kyZa0?3L%9(60G560`zkm@xEHJBWGvhKS{xTEQ?9E
zud^Z0Ru)Lh&{o#6uiXPee#be;1PLQ;fZRwBK=1LrOoMA$D1JFhTMW>k<y5?HkEMYa
z^UYW`F(|R$ZV&&oA$C4hR>8doF&B@>F#Y#izV9G`l{ms9+NcqwVktXHXdG+6Sn>dr
zhQbSsf;n!A*QFk-k2fg-9VVMBlDxqnq~4%ahbKjQK*^x=v;cStjhs9=$W!+B1xZ}H
z^ierUDAnp;{4zS}4Vr>wRDxvEoRhJ$)qb!i;r@IoY`?`>V23nfMVQ678m&w4r4iPM
zB}56--(-GRe`&)8EtYjw#p(~z^GNo#>cv%0YT>T_`=6qVD>o{z9;s&fg6?O>4rxS^
zuGWa`(N5{`R1}JhZ+JBeM$zRtib|Gz`$o3TaMV~qn^y=9hDM`0=7@_#Cewp(P?ilD
z;f0|J%}SAC75k`PDC0C(&epfuQ^m2BpqxmPcj}YcCKsKop7aH9q3XddTY)QeZwk|-
zD$HR`eJ#FRFi<FdrP+Dwy@!GJw=brWXu=2_DwE2QiZip;$+=533uQ7g{7~p(84+Zo
z(rikBy6|F+3>u3dsyQahIc#=0e@<jGh6|P0P9hZ+2PFqRc!UV-Wa0BfTD6b^NzqYG
z9IAGsG^pqI(PeOJni({tY?Mv#Q|8qi^|ITzOkK;RA2RcnJJ%PB*Q#k#m^(h?(&S`{
zW)``1Inu8RP%|=#dh10bq#2a*HjP=qtyWF<4Y^_xQvOAd{%+t-7W-t%D3h18N0Tap
zS+JE0NuVZqozLqQA=@<{GIv@C9kX-8z-Ko4Refwpf=ns8$XVtaWqF~pRwT%a6WS6b
zF3NuzmHhzG#?R11wxnb}rCX-|*>|PQ0Oy{POO@4*3fL@rcal|H=FV8dh;%e}TkqD*
zc4Ec}dj(R?LHvlaBp2Egx_>+yH20XK<pKL8(vbaB7$jIhX%&*i?|`mZVS#>#Tdn?-
z-={l-Ug80N_;{l-*Ar4mWD6U7jEPgO>ESm?A~5T}(_m`Jy+t-^2DfuFWyPK)SS8Xn
zP6-cx;w>OLanvHx5S|tPNGwIFWv*OEHv~0bK$VijG*k<CnBUce19i7g+{?R@C46Gz
z7_6cqt^#q`A2Bt`k0^eL@tb9{Z2&bP&Z?cQ<Fv;~K3OuaxXa$`k|K8zL^JbYa^cr)
zC1d{V3QB~N@wbKYhu74k{n$%KAx2MQpva7B4TGWPuEUd9mqH<Fom(k!jW*z3gmWIV
zwkEfoTRyf`EfMzr;6rU>hv`ujrB@0f*Y50ukeS_iH%0twEu(qTb0;pHPU}vzn*R}Q
z-9%6d_0W3nEtpwC;jGI3B0(1`M5;I{l+7G0r|pArMVJtlQ|a#QhwHf~UexJjVpeN5
zKYP}s)x~9IM;LtyF2B4%5+l8!4O20cI0+lO8(8pVku2WPrXnyJKI7G>8xXvNym%&k
z>er_08QhVrbG}tT{0Q&ei%AK(Xlx@h({HhA=C7%_mW9<o{X5hA?x4AJ@ny069&7!c
zM>@y`f(=9xGot7yd8z3sdL;6V4I^7_^v?2i2vZSj<$`}q<@WXVqhGWM3VWXi_PmT{
z#e_D{akfCtxr>Q)M5VChYHD6=qr!n_(s%yu!zjSq@G|(I88d70l5T$(udt5xCnxr-
zDCV(WWbku=QqYr|yFzhfv^d^K+K->|-q&G?a#deZ(}iIN^iN=^DwYLNMZUgSa;F}P
z?M);3J>+LXbFgNFF`dM@&SRsS%A)}kA?d_FNs~MqTSBiT0C@p+9D`&cEdOq0WM)g7
z5Zkc&#8tv~`|}S&T!nNpVrzxSa!3FO+sF+_)~sy`1G{)RhrXS}!%W1)NqKV_dlLZT
zJM?|v-b-MpRzq>NKJrh9C5UAcTNcYY+8k-RbFDJW*#H?k1V91iBjGk0x>%qKZ)x&X
zkY&0#xL<Bz2{BJUQVcAnb_-RwQSTse?hgaqQ>|O|ECql3xFuZ)`D>bmFjOfFXz<Vp
z<1S}l|EQyt_E7#%vy7SUw7bi9JzQz6^7NIy^S2YH?ofi)J(?gnNC7d3(R{OsqVgCx
zUWqEiB(5Ld$r=mEaA*6>SrQ1W%{VaN7tp{|K8gOCLy^9j5n;5jlMFD+-&tgH=KMYp
z>_^F|8*f+m=c%1#lnr01F(7TL;+T*^0q##?_$7mnBCA-y)z578ICx~Kh&Tjlg{uV0
zZKgQ95_idF3O9APJwb&hf#(V`FKmeopSSE0@4>w`B-gITh_G}ZG=;}PYAtF3YsA8v
zU6R_F{Osn!XzLu^9TylqJ5!)AimzJbW&XQ2>$iV>)#gu_(Cli7NsOr!E)7W?u*aAv
zSb~sgDo(L#BzTF%LPm%Aof-l*oulj;p%f9;)`#g`66;Kq>ilB#H^@4#t$g~Bme#Pr
z{8}m~1Mi>o*2%gRiw%L2*b~N~Z2+|f==0LI7F9Nhhr3?QEAgg@M>9^JGD_`husSOy
z8c%db{h<+j0$Z8d0f?)=TA^vL+`n`Y3^4SKq6q}PW1&EY0RE{z`r@)|)1%!lV*ify
zHY$0W?Sqxi{nh5j<J)Az&NJU-fJ68@TPWa)O_B)P#h8~U#Dv={v*JwTMs{dvPu^~<
zcTdP#-UDwfCQ^V$&l4}vqC-(2U2YtYc<wHt()CAKq3ldYYoVpD6tjl<gRcH5x6cs<
zUQ?G^$t}Xq`|+6=>B4VNT2NL8CgGxVs?1Q%HCl@1vZx>8d7EV8CBZCCS+;p~eO*WZ
zv&u?ho4fMj7a^s4;>DmXH5I!+L5;!R5{pM!n@gA8O%jh@w5LH?Gw3NBMeeGi#+2&L
zACdICjEGCRvnRjKXmHRh3Vtt#XxK9AjZ<LLpECPL1PNex5p!B~H@>?3(i<yVz-eX0
zX;@w#OcN6N)F8KHz{4s})dWvz(B5!3M^wZF+03Z|*L*XQ*>02?|D`^winH(~D~hVW
zJe)*K^=hIsAH#uONCZc{V_;8AzZv{!rSq<tPOSKEBbhb~ReTk-Nk|#>2%|sZSi<d3
zVL<Uz?5yP>=Lz7Z$Su8^=YAd@>hulI)Z|ALFLCnNLUJFtYtv!uj3B3G0w2ttCB*Zy
z&UaPrDZ0ZzC^J@-BAcmy&m^-s3ZgRTrj^E^bTH?0o1KqT`bJoqm)U$SV*B0Nv|#?&
z^vfWlKXmxUry)%1)&}wQq4-SfIsZ1}6%Rd0?FKthdcv`Gg6+0l-a?4izwp4O$qwR6
zF5d{xc!fj#5M-lGu34Xg`vLQ{&TTzvkQ})6qVrq-+8Yqfq!@|G@{g@Hp6wb+LHrdO
z1Jg?U^rLD~wg6Vw8-d<w|4h>knMFtsr$PZta|oJ}Qn9$MD$JgFrGDR(xr_m;z6?TC
zU4^aRyjvEXTbOPC$39r=WoqATviVluEX$7M_MD0QC}n^yZcJ;yx#{K8M>^_|>Or|o
zCXrcZd6|oeM)-h^S#cbNPK0a$An_vE?2mIN2)MwSSPL)F3qoSdAMP}i(S<pfW?5_&
zt@v!m@dzVY!c^wfpK=E*S5qt5b4mQekn-S*{o4EpXT8`CHRgSSW4k2^`PsdvqskC4
z38vW%LNTM_go*3@=;YP}9woEDTG>M-=&oDQjA&nH&z=jP7=0P99o<G}a>2Omtepjg
zw+sq9Upc`en{$Ql2K_OQGp=?o)tftN8!38)>b&sjIL4d$W&EwnTQS#=Ao=EdOe!jF
zXa0L4HFT8>f=I$nYsDj{@1cFA9XTM$)84j~yHuc#xyr%OI8TJ*X3#df|1Lb(_>k@q
z#gFTXr!IrNh;{vHfuV>0>Rcm2mwfzi;quS?;Ft*U`aC(Jy-0tr7w?i`f*60m-w*zH
zB?2ji;&>WXA##xd9FEiAXNG^S^ObTe<~$y_C{^GEOLD5EP?&boHkpFiG>k@~sl(3a
z;M(y51h7OUXqueK8cJqbKFbttTj2RDbTw1Hc!{#9F2GTrMlObkxnCBGdhG#|%oU0%
z^m(>)A*8Xf(2th_0W^@dk=BMojRI3t$1=~+if~_YydB94P9X66bfC=S8<O_g6arHd
zg7d=!u|wp3*9FRc@hhJXenP)E=}cmPp&~}?7{EOD8{pk<21C_orvu(0Y2{>l<cnza
zM6&uYn=Rz-o<$qLt6+yC_QSBBqZz#~;AI;)@f~=%+_%ljYAj=f-Q}7ZkvY_FZZ!0`
z9L+L-9+Xw(b$u7vWgZQ5)aht}h2s1Hb{q|SdU9O>`jt8O0f6$=3S)W+Jiwi%&+S?p
zGGO!w&-r~V_+h+)PsY3ICFGayEyhcuQli{+K>%v~Pv$=A2$oO&GL&1Qy%L(;5-Ic4
z1EI3-^s!foe!fS6WmDJhkU-ef-5Mx7s4~i>M4xOTnma4&J(W5c#39nSRe8R4>|JUB
zfmG259_zU>1N=Y4Rf+@-slz9tlRcbgFGD}@mq1Wd54iQ=c{=Y!UB#Iq+@xz8C@v{V
zR%(-1#QcFxg82`bsu1c*$$QA#k~dEfWm0+S6F!8q5EnwGLo!YiLV<GpTFPneaK>9l
z!+yY$D4@EwR_u@;4PDK*qpG9zH>Ky0>j994=a^Z>quk`KIWT8?R8>4Uf#d+2fWJ4I
z2tMhN$@E2_-XB3g(#=Vn4ka=yyv<g3-hS-r-|@02+>X|yA?0?MXJPcX3(e561s&&~
zqznLcM(7h5dVA2M5|a-BdMGyjJehm+&(_hvRda=0Bk#5^mZrF%>R_Fr6%jlmc#dI=
zRr+<^EP74J0WQM9knhs<I?doHIN_-M3?upRT4N@6sRuu;sk)E`D>-5l!C5Y9RKQqq
zcM`$b79<`AIe0A*P0+rszY|z2yOTEuW6O*A2tV?Mo4w#FSuA4u?G`^ln=AXp?U%RD
z6&}fO7P9@Mf8UX#56ZkRbxs)>nVD+0Ka$P>er>>g($-Xr0QKlAE4M~~U6D4Pz#a9+
z+_#G!l-ZC1pcei1h2PDgbOaDp$A{h?gHWe}@zGX6m4);=7Obq5+VeS|&(0-tncX+{
zZ=ATop`Omy_Xa|JcB?0;urA114*;t<I}ki?&P-v}0P47W`PEd_VBUQHo~{$nLU>%5
z?^&pQ<wJ;Z_`pc4?M46(aw~WTLj``OtIqe09V!(G3ciQF2*daKc+)_mvpCjoEWShV
z2{1Fh?$j3zYzZO$dp!cg*R@;^)Ysub&Dt69O^vyb3UsOojlhWrBQ@0P);UST?pVUO
z2Kn+2VHtlo6aB+}5*l*xh0ppMgrQ~I<^2@h7!QUH%1KfuHK(3LmNs8BlZXn8pL~py
z<UVzHSO?Wmpu}=ZWVw7Mg3-WkfTX1{2lc{+J5AYXpLr8EIP2fT5$$jn)C<&R>`_-d
z?eC;hH%Bvm4Z6xh>4_m-D>L>~niO?sW5jC`FzR0~>u_Yc!2#-J|BUN?%@{+%G1~q@
zXL{((b}~@3Qzy{5sfAj0u48)QW@r2#PA1n$+aVa8oLukB@5B<plIo1Vxf&$`GXA*o
zU?**=X%C&3Aava9R8><Re->&wK=4_@`D<nX-IssHovf_EeD%8@8z4@JJgy(!7f)1`
z!3cVe8#b(%$l%3Z;ah!dk>$7_vm85(!G9p-MULS9+Vrk*1buXa1d%=s$JXnWpK42?
z{h5uScg%zg!tR)DEqNm?|9;d&_S=NRl|Bz771i;ftO&BysIGUk5IHzMevTNif2I6x
z>+Gzb<w)Tt3oPbwTp$8c;E#*ZFhW)dXr!4Qnazm{#n*SJFS+pOWSB74!9kPJMmShP
z6WV37KJqP`bA%I}aX>50ny)ZGFSGxCiO+;1y(BV;-Qe_?XY&^c!QEi6_+fu*w03&L
z6V6Y|Ig;hl<%tDev0?@4_K25ynZb!Uhs+eHOgx3dm<@DT%k<mPCcSiRcj*I|Ge@Xw
zqgZEpjS`o6>+ifK0x65#){~x6?E1;Q1QQ}?-RweMzrIT;I1Y1u$MvTa8k6RqqU}yP
z)ZJb2feS%v)LEo*uA5S1VgD#(ERiBF87?~Fo}pzBDv_E-!1ViL^STOoN~Xy$>A^7N
zEe~rU9VJ+!e})ahBWa+Q`EXgh;{a04t#X{4yM@EUSPi&DX?`F9bUGHDpiLpF2XN0^
zAZ=AM@`7Yz8Xw$6=cqWd^8GozzPq11QRV9!N6+2T|D!*cyH)1;>`c>)lkw5X{J?$G
zE%avk{O~{5*c!2NkfR+2p~K2p&#SjOd%6xB&BlCI1<}Kj77ebGIP6<08$=e59qng<
zZBp2HXzfS-LhQh<Q*Wi4rXovTMWBzVl=_FO%oY09syZn~@{i7NNDFdu0ClGC!igXy
zA?UZ9a5Y$~15~SaS|FuG_C82>3I?unR^q-`{%#`=zJYGqmQ~rWPCgC@k~L-oZ!?D5
zq^%@~BFMe6!2}JZ{X~EA#Dzz*q56U01hV?*qcD_+%5teGw7uE}2j(Eo>7I*N5B7fx
zHN$YbQV}U|#jO`CTM5L?$z;*uk)u>QAq%G2N>UZ^mHbWW7ZXlNj>6R0v&rD`%??ny
zsgc=;ZL@h|NQHW#JI6Q@`+Vhl>+QDEQVH><Xk<_|4)i}`X|vQT(cabuA86>j2gl1F
zoV5P<8{<rm!}i#r<+Do*J5k`J46!$iU7I$ICvsJtrL?J+j|BywuYHbmPA57j*FE8z
zX-;c(DKtg&m?ZHvYscqfda_&pppMSSZy<57=v1r5$7t-9uS(yZNUbUp?Vzq`L^Q#V
z!bWvKTS)s??Pw-ffvGHopPvSCKw%7=`(VeFYfmP(C{$dLfSr<cNsVZavl?J4!VHB}
zYe0{zE@qCgLe;X?MwZW3M`b6S3*akKKU^;N(I%Ec&^%C(1Le6pS^~L#pVrMPaR;>S
z^YMX~Vu)3<yod|w=`!Hb1QbRMd-J-rCtqBzwbwu(CWhBo@+c-LDth9!P{T&zvO~n%
zRblsp3s;`GQ5&BOZb(D*9#w!2_TciVVZrAnuUc=<FO9}za<HK{6{3ukRGj@%Z)(PA
z8k`?RZ+*@%>9F=FQ7@EVl3h`2bu3A1OwZ6k?N^X;Izk+yT*-F{t7o^7r`GKXQ63w<
zNrvcq#J1vk@+8YkRhnPdWN&>l(fT+lg+wVSvuxw(NwxcF7Cg+|!}+)x-Y%S43mY1n
zoxy+`)WxtvjI>geW=_OmHM_y?s^&j;Yw}!la?DOW(#jQmbNlPlY2clH<URt;FR@k9
z`)0abrWz%X14H##nV}fqy!23Kp&_<=tqS9&*2GivXL?_<pILnT(#*zt>0CYNY=yv6
z`&4$9f|hS_e{!%JRkfH_o)t@?kvei_7FG;17DGrQ+kzb$-nq$fD1D~P1J?MxpKLQ7
z#A9qILDY#=7k}__TV7A=FzgC{wO^e^Yu(8{6=TW*B&6Wtj;??Cy=K42Q@xcpHcM&G
zm>ZMy+v&nRQ^6qALaAqEq&+hDum<m-Q6a!y5LrxRAiZSx+?wq+;?QcmGCc2@a_lxP
z-3MvO23j(uRuWEoZC?3tX{(vZ`0DYtK7;bFgU9K=*!|xe{g5W^8C-_m=rUM_m(Nwm
zS9j}x3H}Z)mt?Eoj0St$$ytWq6Uq)DXjgpY$tg9vo}JG<L3G70pPgi(ZKTUm74IW7
zOSnu}zdc20{~nD(GG<nBUA<NzueDJ})r6#^k>%l)$K)J%$LPsG#p>gd7|g_3k1=;?
zhBflVqLkCbj2#vON}1j&-|{E$Hm_tgm~&MBZIIZWMW{<or$`?(?0Qz3(->Hri}S-z
z)6O=*WQeq8t!>%=33k`W>L{nWWY`D;i}-{1mecT7!`gvUnqcHp%Ob&?^G_<*%DJF9
zu6QG`HSz&bE>j7|?ZnY_;D?unF+aU|sjM6>MO9$7wvU>LjUK1oR|y&(byrc|Bj<uO
zs|xE$M!TNH$z<2juhfVGnsCF&X?4#r5B+5*4=AK50=;CXX6-VOsZni1u?SaMCo{tE
z8L<S4AEDaUI_%a>!U_BqVX~%N^xc6-vnuw?C$%+UDftM>gcQ=S0mm$unx3|*yLHnu
zkrJ0tBNIwsrvPQ8Dg@PUVi%4N-3rCImo1L#FfAB3p3~J~#NxWA0dZEcx}38tgQ6SU
zf$dOfvesz%7FeNDMQ<{fkaS}+5B|R;*qAtbmvWVXBO9=wX;Q?pHB;T+-0Y1~<%Vo?
z$##|0Li6#%;SgN*cKaD)iUKyc)7g`R23H<aWVi=nkC)nU9W&MYD@!H{QVwq?=+L{a
z?6TG9!dXW%%_eCU!*S9n!0K^Z)YKM@xhUBkeChNhIrReFVTgv^#n~cZ4WODfa~PhM
z&KMT=ALwG;m<p|KP$C?$^AEhPXgknr8oJ#~j@3ljm3o`{C!R4}w(6o}awFl;N}j~e
z_6{~3x3K5&nd;f@ZVq-(!4CEez<)iK(K7#aVA;z6(erBiuP4+9m+^Itov!Wk`$(d#
ztOtC{0NFysOWhbmX$|4I28=&iz|JNEPWbI*edMQP9G1Sn>UFf4tYsVEl`FnjUmgZb
z=pJ-5+)Zh@Rbi^6w{D2RE~_#76indh?opXfI(w*8r~Q3Ne!0kg<8dvpdxXI4SX|<G
zPmD<&#MnI-y_X7-sZlLr?>0i?@d4E*8K7)3PpAJ;SWFMb?dWaePM|kz!S5#SyyDIL
zww^UG=V07qIXZ1UrCy67)+-&N{%dNEt{dy2UL~Ib(wV#{Csi21kpqs?-3k-5@v=%L
z>aocT-f%JCC`<1zdYb_uy+jsHwK8JCl7E{3^^t8gD!tDXT+zPVW-ZDp7p*j2CjK5+
z)ZVDKdN$ggB|(I;#!$T8UoL6o1;_nomPExe!^l5F$*Y>ptY{i=^3j}?HxHw9=ob)s
z5$(kc##+)9Vg*8(ABC4@7xk)$lUUdf&#8K-&Kod9-K8#W-CGts`WBR}YY%!LS^Q%o
zC0b*sMeGvyG(^P~+3K`zduJKstunf9EBh$Rv($D-_%`e4m`UXP$|Rd>4-)l5aDIu-
ze*)&Dtuw@iHX(~N8&>?B{+7AfAJEEr!R&|Cha850BIKw6k}59eKqMDb$HjC<DzEAb
ztRg}zt<SMshjv|YA<2I&X-log3E8AnEm_Vfy(OQ*uwe9#G$r=1YA<7(LCTcTw#==l
zKSB(#YsP2DKH+=1w;6hmSOg~|tWi&7`IqZES&y>UDrj{?K9gV{5$8r_bY4baabTZ;
zrO2d0ysjQ^;z&$Pu!5fA)U<JBX%|>VG_sMV7`1jRFR+K7(v|<s;!TmWT2j-*ko7NS
zXdlgx7eyCr0>Od#>Ad^5wmQj5n#`*bbRGK^d-(c*9dVW*Lg`&{SX^haNz%;PLemjW
zvnZg=U$T_t)Ip8L1wDTyi=svbq`d9C&~sniJZUb;wBW?5nJbpu!%h)&dRE6Rqp`0^
zFHr}79ufwL7qVAwCi`A<j00CZJT?)Y$ZJJ}A;ov7T5+6)m|4_O9CS$YT{S+XTqPqe
zF0Zwoj(6;`5wWbyASOe1aZ`(UbF-FOG8!K&2~zfFMt+`#6D7HdWrRH!TDEBKIX651
z-;VpNf)fT=os6L%NzAwoxF$W8NoL_#@H9@rl1<l9KG-E!*zcWUNR~m*@a|*{3bd}v
ze^jKmt0dYgc%qCe%YxGFKtA0p7>6@bW{9V+Db2|a5ud)J<5{LHvS;7Kiy<6VEM~C?
zLe50Y9=T3=j-1rXfT&ueb_tf+>%dTJ++*l;E2B-Of`WEPGUW)$h^>pKVouG1)M#jq
z{vN8SskISG+!nny%h|>@($Oh^1yM5lhT3b#eJI{>lYSD6@RgQ7g_L5w>3bg%nWh7w
zQyK-s4;Qhk$6;q%>7tm92*-8@<mBj|+ocpBEJo7u{Ebv8Rw4DNRLP1Lse?1q-L`v%
z_`}D|ou^rbP5Rs7S&NyH6evJzZpUeKbF&q&y_<0WjP+^Su8mp)03&Q{Z0=s|D_-sl
zuK!Q8p6ZwkA3`hWknqph3oH=w*qu?qT497klGY%GfR&Vpp`!f|s%rb{YGeNtcLd0&
z&^PMPJhUBE<P@1J?IQ142ExncmpuvTHe@t~e#cmEP(k+Xt|#cOT|3JjKHS*Q?T)%9
z7CSCf`I4xY(>{!CO-56i13im-d5h%aEf1x&H@Jf@^I*S(w;*4$<Q8C;Q<c`5G(A0e
zVThkC(G}*@IGfOI*_Lgxj>OcTqPbGe=B&!50v7X8Bfi6j+eNUuKqOQgNWx(@oyQz7
zWfLx?JN*G~eXAx~-kHGy+2VV<3a8o1W#o0<r$F@reH+1wCAV(RN2-ax@sxR-=dMgd
z)S*ea2-FzVL#k6~4QrKi?vNa$#edOb>(gcWhlFO}ZuJY4#}GzHtvSB<u{{XB)+0Qv
zTk19VOB?ers-#Js!T9JTh)ueb<g;G&ds5MNN-!oBSK<bv`y-?<ikE$1rZ)1)US(`|
z;Qk)~+dw401|>kMDJDYDi%+@6{7pwc#i#dCi)pmBYt?55<^77J{j|{`{Jl|mUTwA-
z-?hK0d?(V)@0zX3{`cSSOhzz3$2-AbJPP_vZ~XoD7<kC<dg1rqf3w{DdMBNl38%i-
z`lj5d03-^+^8NR#`GT8ezg#_N?lh{0t;2Hb1!u(gFdU!gurtPyCVOP}n|fncoc7+f
z`e7B3v!y>htJiCyI`GF(4)vAYYpEZiD3!;Z(Bs(J>WvI#Y`*dX`&o?}^W8aA&VJML
zjwencj5|Uhc#Wv!t;SKs4NP9eo@sa-M=M_W+4N=xE*Fm`qdvT0WT7O40m&sX%JB!E
zBc=h#<3Y|razaLu9?2RBOmz+uAV%fs2pL@(+k_=xaF+3??+p+b1wfC$Gp%yOs^(-k
z3`XNU7*!aEN`3<Z8&r35#Nis1zi&4y!19k8HF(&qHYz(U_|ZJf0hMQJhhNvLyICkD
zCqBoLWdLBVEHN?>dV?N%nAKHRK~b=_Tw?Dnx~guHEV+X&ZMVg8p@j98JydYJrwKq`
zc%7a%3LSoMncgAZjjei7DeqPq?aH_9>cL)JoP}pTmWqG#!|?Z9qiG@MDOI<7rc-68
zk0lcsOwNy)JCt-{0Lhh30J&^})TyR`T+xY7zVf^w_826VbK6Ynx@PxdkJk_2jm8-E
z|H9{32Nj5WYR{i>N2Rl~dh{EL(sSj3hD6tfk@jqI0#8hjVn|Og3gNFrwHyzs?+k=+
z8b!+Sp5_*HMyHc==>eGn3hB`ojlD}Co?5xn_W_cFZmb6kBC0YYzgllMzdP8W3IMVt
zQpcmtAUyZSWAfS@h%Nz}j#~;NPc;VKcRGEV$J*p1$0B*<hsz;XB9_D#K!A-+c&pHI
zd7>*H9wN!r>d)JU<p#`?ARHh93=HWw<2DV|g3}5KPk$C<1l@5HQo4O~nqwC$h7=}4
zAwpee58vnB_z>E=i(=E2v5x>G>WN$*IhfBtf*22^4gl$r(mdG~1udEvl6vO6)9(je
zN-Z1O#i(|Jhhsrsu)3_kpzw7=Xbj4LQ#u2sTEcV#c-y@345D#r0nngp`xGjR>{G1*
z`Vpa6suPAmAfQYc+APX8@cS&sEU>t((rMunMNgUQhghok5=3_WsmIL4L;)w)D-)7w
zZCbEpc_4>YFz)o9U5vdjr<Xh2d(fog=qo^r<wY46P};f}dO2sU1kW&y8VM5fW4O~E
z5@S;KWBibm4d0jFbo@RFph>mXACq#UaEt-kl54EKPRrRszTQX2{nPVDX_BD){lptx
zG*y-a5JrNe{4#vpzBfJ#rc{EzWw+d+&%EgC&d4Xx{k9mu0u2KZ{{EnI4r23yIjs35
zG6x<j(>U%MSt&8V<VhlP!tmyy9B-IC#JLJe{P|ps)9|f7?w%n=Yn^b+6B0%o1Uz(M
zts_WX00QUN<yv(Y{_a-3-LyU()Z4q|R(UfT%E-~Iyv?J%z3NW2a?ol&gP)ZKCcY`p
zle}JGjK{s^beF}3#rOcg4_D)Ki^SJmW@Yj;WNP+jSiyEC{qg2yxLRT(9p<)hJn}lP
znSCZrcwBSHRBMmC(@4Yi@)d<^T=*ecsHJoEQc}Fn(RY-M+e$Fbnd=#qf<y!OL?WYl
z3G*;l6h0_vM}319wl&YrnKQDPVvLNpeT<x!6GfcZOx9%v+a3dl<#YziwMqoO)TWr2
zT%=@ku_R;7yP|{<KQoj64%w7k;d5GpahVC_Lb82MT#1ufOw3Ho{odC7o{RG>tNk>C
zv?E+bQ;L}kzqdPTR^XJ@EFu#}D<turc1}#`oO*cQ3&YN-H&;N928}r9ELj;Llx273
zocJ6uRea(kw#+W`a{?v7@_>}z<fqwd7aF`QNSf;w8Zk?cQsNO}#R~Y#(XdCsxsZBd
z5Zz9FsMbZw2o@tJ7hC-#D@Y)6BGRhRJcBtnIBh|zT#$ls&5x?A*WLvQZz9w1PU}N&
z@RfH_d6&U&ARzCQYwi8=&I_0pa|s%>9PWH!$_A`~fx`i?tk~X`Jh^$avr}m{na?k9
zC9o8t-LFx92n9iw+*C!Io=C<d_HYA9tCCQR_)-+bCN*;bO4-5irqCEHA!{)%_+xa0
z3K4tO8T9(zh_KCQ`lfn-8ws(PVY3NRV?9(#kfNpidW7MA<wQ;`dbwZzwv8=*#Y#CX
zCv44-5*|%@TBJvnd`+&#P@@M^D}1w5jl{zzJ?wzls@{S3*3k9JUCL=$sGLUxR!S{2
z0bm_Sp_sFkySZpukZTnz5qQRFKRE96W9j86OqjnSo^PbV>5SE+Ik8w$;6oF9x?QeS
z8Z9%|Fc_+(Q|eRyWPpJks|P!^qg@!bSQ{Q3u|bz%VpM%cF{k+oO%<6A21Q+s+X1}z
za5j4|GFckF4SN1bYH4Y~;(x^E(ofFD=l!Qoj)UICQ*1zDDp!XFqQlgr=_gAB?8y>A
zmM|l|h)e}U>zz(KUvz#q@!^rgLlA+unWPk1kP(byWh+5~gBaJ$rC5BkXyLs;+z`O|
zndGRafemAswCi%fCWQ0LV9u{A4I*MvY(5&oCmO5x0~M}r9%#{i`KwB;e(*d~%oRwE
z9ghax;YEhCp!lyd?RsGsu*Lfbatl&_Otanri3P?|d$(3=BZ0STm4hUuJ2eIXfGpei
zPVDykNO~FZqI|GhtBA9GiZ7oNn&O;`xtEyqK^*9W!JrM2Y#U>gP0u3LJN;q9BdMT=
z0_MVkKm_4;tA-0l2aO5{*p-8w%5J1V$;gUjr>BVE^Hg}-`@fgj|G#Mjz<KdM3(Ic&
z-}U0^ef-}$xfBC$>v^R8BBj{s&t19u>nFdakAEX3^9{?GGyd0Bm)-ck>!sq#{rJC&
zYw;GZ)Z(JRc~{_k&Wp4>zN?Of_s;81P&+U_^VHrgEZE}-JN+;~HA{%fC2?49wggJn
zsJ$1Yyz&tktnxsPg5`(k!h}7JRB^Brgw>r-;1D7iFBz0f#!G9LG+w$@+}tiSXj)V1
zq7b9cIw34|fq~~!sFCZFjSFt&2oUDm(Dn>0Dfx?37qO0ML2o;!0VSgTRhm|PB#LnY
zkUoa65JMg552%G$P>VnHOnMr4zyPuMdxTMBp<wJa6p3H~bogDP`us%;OW6sA7bE}l
zY%DT6S?q?DMT|8sz9KdxV6FI1r0=4fyA@vBf&_|rSwf_L{BuZ-TVPa{OitD?Ryz4X
zO0oE@m@n{4KOCaW8lpA|K8!~b58q>x00GbzsYqjF<P{q7Ql*8fYsjY2oC#4&DRKKU
zE!A9$sOL(fJ`do)l<ET0)(j>jw6;K%DUqy7A>SszI8(d)5rnhc8?!cNSb;Y(Gqg-r
zE<{zhq!xb^j@!JA$ha`RMU)gN8<CvkcNll-ZH^xFVh-p-q|;GC+#QWl;*(BV$cX|Z
zME&vWoOpxbgNGfcR7R%Hie5myb|PM*8Y9hgn?~Xvkl<~@V`h*?{S={MVZo}|8+@fU
z!mM!tA76`nUZgi+-3EW((8KqGG^M1)a^45DkH#6R;rxS&A~ef?r)NNznA~`YsHgNm
zW8IFGo>Ch4vzzE7WXiF+D{8%k`JB^xMhS}8Tyj%H;!r+xj7dbQTWrEQ=}45vNQtq<
z6{pl0y($i~$#hT34BY+RRw1I5h9jj&*U(byRF3vK;){l^)=F%=j}qG&TPwZ&3A3n7
zR3I)eQTtOcP)iIIGb_crh2KFm){O5oumI}@(5Ks0i&Y=Uh3LTV%iUi)*B4@d8{bZg
zRA!?@NpRuhIAh=>XTvHw&s6yZtL650qlT)i#A-gd#Twd>coUuQD{JVKv}gdpw5aA7
zz+3e^y>&7LQ}=8nI5<GI6Va4<OSFK{h>uqX!^v2NYVQj_ntK(&@d_R(Nlxadi^Sc&
zTIJw*>&3J&kuy@ZzB{bg!@=0n!GxrDCiRe+O7G|BB&|mIpjj)oD!cK7(XI|A|NEm#
z<GXgV)u<jkx6+zhIwXlyAZfGJ-mkP?)NQc#rjC|r^jPD49KEY+4Y$s@7mc_R1(wkG
z5<k9*dh3Kl(34D7z{C}m?(7mNkl1n5dABVIwni7yjtdP_sZLVfCgCuRn<gw}r}J34
zlD3Y6U<~N&45iShpL0U0CjlHOV}lSI<_+Ft(qB~$YZcr*uC~(D?w2o(SFc`WQ#f!H
zBp#+BdI1cPCSKuk?TF*UBk6_>#zkn0MA;Nb142k9-#I2(171X;3eTfZ<;?4>sf~m8
zFJHfcHwZAEA;b(Ie{dd7OyUA(pjselfk>9_pM+`s&^`5Gagk1?_(vWwj`jTIYf$E|
z|3}{G4a=CP|0^!9#Pomb%lGU5ySN&a=at=RYbBL>8Q;MCUR(Q1WB=8B;Z@2t<=-Y1
z{!zKTTWx&*y<TdkfBD3Je<hCp^PpE+y2UbZjIXb*PS^hz-1C1cYlYGSv3iSjn0oz{
zkN>Itzu$T7;oN@<Wz6CK%gd|o{?A(Je*fogu1{G-s(PFBqs3*dAT6zsf^==OxR#(G
zO|`ZK5=$zj_U1p!z{+8-`W$4RefT(Tf7ZgeAhloH7V75?|LmsrU&vo)sTSHv?8ywU
z#yCmwvwGUE@1jj271u@yD-2SfmJeZ?s+4fkYFl)Mxa2G02inPk$q2G%<h+z!BAJFO
zi@;v&HkuK%GtmvsVJ)(_nlHkGf^|kon~fbKY1d5J)k(XQwEpbxjHH2?G|)+@<|SDJ
zU6fS=PQeB160Cwb1(&A*TjixvJA1YA^X3<b2AISTvhcThu+zl9YR0bY(IeKKe=k-)
z%P71;V*5q;ut6_Dusxpm{hrJTkg}Wj`$bj~fP#tj!{0_v;X>#go;DC5WYnAALb->v
z`gi-Z+AKGoS6bWYVj;hr-a=SA1d-Z-zi@l9P6}bDSYQ<Il-K;OiDgm8_x)q&jMYNE
zlS+MRS7no`#%Ro@KE2I~nZ;P8q|9DKlieZVY#&z1OsE!l<*oE*bJCwV>4Qz1SS=D;
za9gq1#j0B*Yf)TE)7hp$l+jq30x+V^Xso25yJ}1`Eg*={>xo5JsD^*|{^j@Pa`O9E
z-@l@FpJj}<S$droPdLALDhM1w-C?Nkv_OM@hx_BVMv@ntWQUSGs~(i7((o+)AflR>
z-YEW%;GqJ_hjM?55Q*XuCUY^XL6K<uhiKG6x5?_u91;{P)5o2DU$(#*OOnj(p>+Pb
z=a0nVP;xp+^FYc(CJqsrDa@RTUuKEAh*3U*rpCS`)&pK~0$BFH6rZ@f<(1eX9f08c
zwS=r&;sg&&cKcpu00cfd7mFw25zxz{d>{V_>EC`wbC`YZu*+b`q~I^_7bNj(s{EJl
zdBgB_%9v~a6O;c}S4;Q%|95gt?SEnew^PQ|*MF<4%WL=Rzq`0*_dlxeZ*BlIZ~U*9
zV)lQq{<t6icX8eJUIcp!l4QfHNnA{>E)`2lg*8!J+bnHtuB?i2aQ+k7*_@L}ZJN}O
zNXdCRSCmR=Wj`9*i_FOTT~^x><L2144OLt_l`@IBq9nK`Q!Q3ZyOhK{%2>s*RT%_h
zfdUqqbywPlAQa1;FtT02O^Pe@|LpNE_t9?10_N#|aLha7e|`Dh|JR*dw>tLJ_&3Og
zSilPFlM2P960m@c&DE97<&B?^1@O*bCq%Ow7%==py&b|EwQna^r0E2%p&ZQI{&wy3
zeS1|yW6!>Pgq!EQ3*Q;$I}_Y5=e_sXZho|h&CE@4H^_(E($c~SKjN_qX`<Hm2B+h*
zH1AIvP-U6df=TB+HN@w@roJhE2TS)>rLkAuiGx+!v$&D81gt16IOmI2>k!y-{j2Kq
zJX0zXy!N3ACLBIq(YP9*h6hW1Z=@la<_?e{vU3n<|M-b>iO}=pS>dJ0*zdQct!p=x
zU=#u1Py;)l^Uqg==GaUip^Q$^kfTxAufrr!-rbEi-0Dp9{ns9O=fT)(cY3{%O2W;S
zU|yg(?zX~|OnnxF<0#2ty&;pJDlK|{)Fjlydps;h?;Yz6_{8QK@R8?JWzmV5M*fwN
z0wux>YXC89GYHE%NmOYgiLAd$(x|uUJN24u+b9?Z-Jl<RS39LKFmL#1R1OdC+$twY
zlxIwPPGvcyO*#!>XO;nsVGwmf&5^b*uMAr)W%(lMh^Peq&a`2Rj0APfwE3pw)fvED
z2qg^L?2)K_4E1=e2csmJofk(3UsZPb6kM9lwL-r7S8VASYrHl)#0p>mXXw8mUP4y<
z$8AxF>g2Gxgc@<Pq<vRpP<qLH+EDa5a@%cP^W;BiZFwUBaE|;}TwPhS<-by)SXjN6
z|L)?tRhAUVe-YXIENejKUXuZccdvm1@Q*7CfZT}NmH_9iL#LfEFigxN1`|3anUcXo
zX%%NS%%vlc=iw=t`t`jxUf+SN4f7<(SXu=+=>P(~$_es#>c9oz0^ut2?{)yPuvuv%
zmnvb_F^L6<ggCf#4Smz_QDT)iss@RK`}MD38fjJbK>#Q>s<rQoLgR++`F!31GU7yB
zo}{)6NM70O&(GK|c}?a2db954Wz6RPE5*WkDQ^F9&;Re_V*lS-{S<Tjt;rx-$geLI
zmX}HeGz>x8kb=d>A1#?ay)VKg<Vxhh+i<vzF1&lT4{nm(Vf{1qM)n6x3oLHrCA?N*
zxc#X!97!wjFd+}{wYfgRBY)sYj>D~@<mNZL#fIWZYAAXFyh^&$iCp-?^=M2BkI1tQ
zUE?-zysgxGLCe7{$3Yam6vL4ppfg1;l<uK0;}2=?+#8{LBO%I%=$o;!UuislpOarZ
zFtW$SSMubczrs3+KgzGL<cdBj_fQ&eqoKdO?TiLyMzk$~b*KJ52%z@p#z=lYsJE&+
z75!PddD7W&HLX9Avt^^)-O95g4VgXL(6v~6Pr)M$CqL4ES6ia$0{#CQZo<(5L%Gbx
zE1LRM3OsBo9ig?G)qlWbnY9)1NE8dD6|{Nbv9c2k-r!mVP3x887XkCbI2elHgkD3f
zU?vy`qN7w{@E2&fN8_q>HbQ4boq^!_HGnLmw?2qVsmN`SI>7+>#3QI@_q96IAY9+&
zC_Na7QM}1mZyb;0!f<>kGDBQGk>^f!B2ptcf+v1V2NS8vm^M6b49OdXL<u?`6F9o$
z98S$V3hm>*R2N2dPjsmL(kD74Z+KnLe*;-Md@7jF@}z7>PMu+?9T$0K;{!z#3xVt)
z1(vl5!c$Hl_ZULyy~!{$T6{VTV3nU?uUM9QK*3&_vj$EI%107YNeI*!c`j}TgZ>3O
zq(?F_s(3wYVTlS^$52VHGf2XgS$G^#%2AL6Ky7kywfNM4VYIfG+*-wxf1;*Nrwd*1
z^ky187jLD?Kfj5n@ghf%cilu?@HLyL^3QJ~YvS&_fwI_ZHt$?H7M;^Ll+;I|*K1Ek
z{+&0`D*T!aHDO$$xj#oMZ_v2Qv`H)8@1D)*lCR5W6oC1yL?!;6H;@XwX4^3DCHN=%
z4ZM5yDa*Ys_vGwJ?Gsk}ESVy?k>YBN6v>TbZzl+Y(kb!N+=kN<nTX@VJ<oex#F#MV
zV@GXr{T!IF%T7d!PI66TsQgog0g1}Gmas&?YVj7qPbxJlRaLA}m|#F-ep~y5gp~{n
z$@tOly@O9BctZCanJs$pWScY5(-&W`PeU3100Y%nv1=sgTAQ$CcyEThIq`X4x`@Wz
zA6-xM_Z~+t?e#1cmEZeXJ6foykOOCce;s%rn2d)L4ie*fVV3>z%;)eTxLBhVfwT8?
zYn`$g?Oz?#+t2E|-=(K+X^CJ2a28@;cPsQOO{G-Fa_2f!Yff}-(hYiEQvWCIs$FZ{
zG`C}UVU!aEwZeqg-SZ)JX$%F_p@ppBbDRC-6OhCXp+%Ylh8AJu33FO`30sEOFVzBe
z`Lb2--BRfioGw3Q#dHu>a4M4(I}{(^47~{tj!~k!Uw@q|RRNHsi0=fzb^@r!8`|_o
zGCc3}I_MTUgtuaH-VtxS-{(_x0ksw<o!@)tF?iGw-WwnFynZ+izPz1ECCnX(JIhn2
z5vSLa^2Yezlv%~@Q+L<-hCEExGm!pRun=@y;)q^y@B<4*>VvURsW+1tQG84MdTa<8
z5TC?(=_>BND87<&7gf0Los1Qu3Wj5RFIkkEQB8TuJJLW!l?WyS<qsT3c?9+eMvVC(
z6`zf`Z4^gMg^L&lA<Rl|WV8SyC<9DQJZ(jQ87O+1F$#Mcudw(suD0Ban!QCHrli-a
z1j-=B!dOJB1T_z<EEEst2eI@Bt)CWylSTA?jC9Yo6sR8?dFbl`dtSw(p$$xbF!8o9
zV>tHveSt?t!vNRkl1j<*4Fl3<6C5wWC=E!;>zs2k>FL<69Y_MQdaOu=v5xft#DYw9
zHW|D|NV1qXZ*=24m|}zq^uWjxgsij`M5446)#?ZB28jA;aa&T5Rfst~DwIo)(3Fmd
z?29jCYzp`v+U4Vrg?|Px8pE(Ny7-b>gIJ*CY7$|OVJwl-`>V_e_Tnt+(A!;}NnwbY
zNuq?R3%(S~q(lewoQ+H28rY>6X3xiy%{}cl2+90r3(+~!SW<zPo+*+uUv{d9DW=04
zP7m&aOWFefW<#$t>Ym9d!9tLcPOi`Nw1L*`CqTo_{L+s+SK?la+GLqF!ze4x8;iKw
zx<O4Jwva0$$jL0YchDJ)Iu}aqJ_Z22QHU>z0gpH=Y1`|MLt>xGY{4JcP-L>fcyytF
zP*{y=39>?!v-lK&%ZW<WUheQPvsCsA21<!V(qd0CkS#T(5qfw(3!5C3GQeVhUyg$S
z#IM1H8K99pIc9wJ>=@0S!iNdd0Rb=7`jM*)pI`c~@)Q{32RWf=&X~xv%`A4JKCC6t
z$eK7ip0mi#1%knqqeKQ{UFO&CnLn$crLd)D0-E!f?hywaaSFp^pol%fvyG%nVdfLF
zo%T$tli>QJ6MD1;F_LSGAcfLPA;1imq}u&Hb-5X(>5Y+R@B;jHwgr<J&BKs`a+MEu
zF+C*n04=@gsUz42!Pwh0MiVT&24c5fX^Mk-3wn0w%c=qf$=;QDm9j0EvNvg2BE|U6
zblxIInz6U&up%yfO6q0a(=?hApAsT=19fxlt=w(Q#D0`^0e`9e$sj~&lcg@%KkzF(
zge2&&+QY#d$esI;fXK61qSGA(VTeF5>1aUyB-wB+Orz;Kg(_l88>qIlAz6~PFjI&r
zW-0dzBPgeSbBIbB8})jBcC4Y(>)ntwpxxsyq9>suH)9P+z4+(F7_Qu#zbwX(XhQo7
zBd04f1~<NrRYGQj%ee%oX_%iD<!LXJH1P)j2b@VV#h`I$zeKci(>0w<XeQYB26%Y=
zjYiBnMXbW+;2A&)NO!x<F~P=3PMtfv_RjDyf-z%Fj>|^pY}xI$k^z$m&(ywiDsatJ
zWCB{G2F`*#qW#l>M@Hs3fhK3La0K>%YmXEE6czva@SR+6&L9rizJ73e`vf0@JqvR(
z)#d2LMvTmQCGEE&9Q)MW?Y3V=eGP+?@!QVG6Hy_Fh_I`2B}CX+GgoN%?f1HD^{g&8
z%D&aX;)UJL5C+Qlyf3sdrh_A*l+jga0}pooTqq*{ayLVftqgQvBPNm&Q9mAIXdYu6
zR}TfA^!37PY5?c32@8A-C-L*fw?#J=LnTcxmf;UCjhEY}4;%1ITudPlvPy<eZQ$_u
zck6QKSz4mQ5JC4f;+P?v;!5swf-((Rn3&K-wb`DL3dbbXCUF3d+Wt7`7(<r;#wpaX
ztT)YLI)V<IC2G<kRf)f5EUN@<*WxRq6{%!1PEq);^71eSY1#C~m)^clN*nFmYcqH!
z6`kZr_~;%^&}khbde<_Dccbvk%8WHqM+I@t(TZ${y#$L4MvdwaD9u-kC0dN&45kl|
z=(8f~ScpCWqK<n+$2!yr4tZE3n<Hq0o>jQq0GYnsW1KI%v65akf9CoI%Vmsgn}m~~
z)?dc3MOn4V;fA!0;KUj8byjZ-7<_ppC(u=@3bRa*%m(w>mi=<$s~p!!?F7<*WOkkt
zQDp5z%^a|sk?*~cENVCkaEnm*J#R4fPkcW5C^CoDT@IAyk3+PCfUggkA%6-4|B2*g
z89cb}_p<a-y=&{2@_-CK3;A9JiIjg_Gg*I@8TXWZJXrwAJ7!JrJ=Nqg03ryy0~%9T
z%L*GCxp8wab?P%TD3>XYx_jiEG7<a7@;nyCa(B;@@F}O{Ln|`;yK%Harq)@^lN&O%
zI-+1Em8tdV2L)J~`X?mSrwC+HHk)@63ez56CN#~?jpQ+_c9q;pWhakPX>({ht!-*8
z)1t*;0!VGOtlG|ox^7C-1X!kYEntlviy6ntEXuw!0kPV2R3>Fx#ze$QGe?;)Zt+E#
zrr7PNOmTxD%r(sp$!xJ(kkR6VEP5|J-b2xzy-b_5H=WK+-}5$V#q@5K;q2x{*fNzs
zDo4`(i;=@o9cff0DA^UY*&18399NlZ<d{-UlFm+zlQ2%JYMg{ov$gsp-VKp<#=xhc
zWiYGmDj?!H<nmjSV8Wu_$Yd{7txV1WIG)KIM@ehRcn*{wr{o}6RpxM47Y3Eb79I&%
zj8YQibD2fY=<yzjCVR!^{5Xe|X>r2hRD8e{{}u1?bZh)fu_gBKSz?lG<OyO~TbQs0
zXak^TF6%YMHR7kxn7is<B~?#e^{-Sjb}Kuz>Oo~UF|qon5|fXGXXRbxpU}$WezY>}
z)f>;MyStSGryTpEmF1w`f-gr0Zq@9MRu*<WMIXzxTKyZ<tSKL@yyVR6pj>N9|4(dK
zoD<VO+C{sbCuFUYKdP){XneKSGKw=U=c7eZ1xZiFo-S=SfczpN!szg!X41MRooF`2
z_%{JiEwOcy(G2pkq`q97_Flf4x<13Nu#BRy{|Vcy7)B5YOH3m}b}QMSS|(9e4VVIW
zKDQCSFD~=xfcKGHeTuF&N8;F(1xb#k^BSr>v??q2`w~s(xF-<P7{oONHLs)O_Swj$
zMa!gvo?_bayn3=!jVlmufZd60GS0f^l$=Ti`DmTecMC_Ol;oad^hsvnuG)WY&lUIA
zZCrExzntB?jJfgOR*G@|FQt3`FL!ax=P+Bq7d5vJjo_Nd+Z<+ZD{it|z*>Ip2HsyY
zuc_l-$2+=t8MDWKsj#vf8~@8|_x_*n<l-}7Rq4=(g`1Jy(Zc8{!N4O)N0_dil3X}R
zPffUKeHDjH$xfVZ-&d24^)=Ol)2IH)09RZ4wRYv(R-+6eR8uQI?U$@Vj6RmXZNDfV
z?A9ucrVz^o<xUWV^8NbmQLTc<^=jn?{4KZ2bkLSlY#I80iE>2XWYm#?X>s8<8L`~h
z97Er*=vJF_nC<#_vLb!RE^1NTEQUef?_Q)yfQ&C7BZe)+BNXPnE#2_y!A|XHw}OFm
ztd*vC6on9u^rv#&jl3Qpjo#n_^t>;Z<59bI$<iqpU0kMV9nnXVDG-Etze4Kk!YPeW
zj<uiyD&<SFFVs0OdBL(kX#hi6+n%ajRN<YGhv*4s_6P60$ZZ`qY6@fPqeoo=)z(<y
zy#w3}L!<p+P8c|p`&LofM+5IIZZ{Zjvh1Fy+v)cMn0yg{|9dYuiPF%%MFvaHh9vHH
zs3z&jV1hxZ@GRuH2dkU3z<nKD-k|soB`rQBVi0oKrQVI+;C@LY`e(RdSplC-#reKB
zItBjmHkgCAP`beKj90kXb?gb;ih?TAaXGZhJA-u!uAKaVKL%p>J$%!|8%H(eo`Gpj
z6&Cfcl8bI=YcYoJ5Ut<sM5TD5l1BRQ@<^u*M<`Qa{`1cTLYI%c=AFK8r2Vq-UQ^|H
z<)8xGDJLYz(VLt|N0GtLb^q{@bSNSGM119WLrOrt5k@%j240>|NnEe!(k&GI-aJrk
zU?e(qp{NkQ#%U8VVC^gOfF6RJ)0@YPri^QxBK@(CU=#zf7}(Tt9~I~lB<t|tdpPvE
ziWZ~f#^^U*W~YyToyuSV68aSxfypN2sn<)7{<#QdY+`s7K7pjlAtTu10FZAmhRh(~
zy<ai~pu&5TVPEcUhS?cxU^?PCA@7BfyrNz~qX4b+>eBr&gCW};V(04>lVBNjisvXL
z<uIze73tKb^`d*=s8_U;X<G;apl8$=xG%my#WCjAY5Z47@Jly>Uvl9)ROk>PS)?OI
zQ~=h8p(3w*Y#Udaitr{M&}rlxsC(XPLr0v4L?h>+qK<QAk7)uxXTNb$>7JY>b(Vw>
z%@qj#YV!p^c6)Z)l0FS4DFsi`22&IS<E);{okl|n1gY^HD}eh#c|e5rM*YBog288L
zr24GHl;_?gR?$?RB)YU~3*v`3S|jWea&0|=LU|0yQx(Zbe6f}os$|pFXQW%76E-gV
zS8;=%;#PtynI!pH3ctKQcniyFk56-Z=&S<xA&04$L6?!peSMl#A_^0vG#BKBhopPp
zSqM;Boh&}JzM^*?y;O;&6-CIGCSAg-(IAJQY>GmtRdTw}@9D#;%2}#1^&x};==XXp
z7I~U7rX8jivY84eL)^TBN*-S*4q-a+kSGk!VTAOE@&JK=c(qHGxJW7=QbgKztNc}^
zm;pLTgN(Be4W+<cb~oZ1+Kz$0Fe1zRD;+T_gD}#mg=|i*v=U2sp{yKaK{g+oTbO16
zRMG-D*X2zjNxFxV@XWS<lum4ELt}J0!Dwb|qK9&w+9ioi$+#br?7KFmFJvrJa5EVj
zt$lE`k7IDPP#}j0EXq;&a`%GdwRi>5+=<0XkK?Wp9VVU&23TojOA51x+8Q#=OZylJ
z&hnqD=Ae;EHtM{EUhsKOsYDKTX?ToIUlx&oM!Eu=k`iJ|pV#Wo%C%<oV7Kxu=V?F3
z@I8>{AK}kK(!1EEOf##45QbCxj(`zWy`ROmYC)%`nUx&0xcfDlz<MlZ#M+0{Z5lO`
z!R#)!ITZueTpUI?Qjs!-lZXYDb=nV(Rc~R?q@BvM^3GS(X);fu^D<!a+F1zOZDB=E
ze7W-{OV8p~W5L*BBmlYtao-==hboAUa7(VF>&f0aP+JDTdm?yE$!y9;Twt}#8nNW4
z94!}fsuWFBR5*P%zBr{vEKqG=a)}AD4`SJzZR6w5@PD&qDvKV~4Ed6Kk5$KQT%O0I
zRenmAmy;%;gkvwx%wx=E_>=S!u4-fo<V#I$OfR1};s}~yQUkJvV5RIFFq44<s1TIz
z4c=tZMzHcUlVZk5xV_EZ7|d5jj;)mDg0T>f1`{Mn*XST1xSFIYjx1s`FoWSGLQb2>
zO@Giuo5M}vTiO~lR&%MAq?+RiCE_ZC^@kyA19aWFW94!`QZ!=6)C?yUmsL&_auGz*
zNt^(??6V-T$!0cMBayefGDSTMLwiPNm^<&GWIM?m2eD@KcUJu24-o^vj|Ki;QVRq5
zWV`;=t+kisDRi%bbuuf1VS1)Fe<8L#Xd2N%r#67;M{<Sa)z0c)%CQt!2hwGEGvOpA
zPbITVONkEvx~T2vDKWyfH3wnN2piEP#yq`%#8m&vm<&y~S3DhPuTt!qi+Q{Ba0W$?
zXiL<?O`~Z+S7y2u(3aF~v7?a4&z5uza>CPRG>=6K5DmQk6?PRtSyG4o(4`NnP|W&h
zcz$SD#4HxI8xU(Q8V7cwEpq!|c(}S``wah8yKM6b^9~*o*Gf;_Y>wGxdMHbFZZwhx
z;nRm<yW0;!FVVm|nkQ#)Cv7QbSp1{>&rn&qifq{BYg5$8nx0S$>whZOl!p;2kW`Q7
zjJX>EYVTsooNKS}E;Av9^VWFgq#v75ev<iaK_j7y)6Qgw2KH=(g(@{A+}3isOQK&{
zrNU6#7d8Dt?_B^T*0BXBYXO0cNB;2y7lIt^1`q##t^(bt2slWr3iTG3|MO?^nt-Jn
zJPUhr^G6Q*MAje4n+{p4PHUe9!Ryc=ZEE6`_ecOG2rLrFBH=7&n9K4;#EW|Ut9Gs2
zY$b9FEr%$W<|woV<s8U*`NRr`(DODerww`!d{gaI%JIfeq;t6J_AuM$LL&}#%Z=Sq
zK_zdtj`sFo*`Bb`kfWu@^eqolzm6!5Ys?7(@7i1jfV;`*R>0a2oLah(H!6B|R#wmC
z<kAb(Hqmy1Okk5_4(29I45RTFJ({7)P^I9&9!R&SRoeP%v0IvJ|8ocSf6L2m{P(rx
z^_6@3pS!rE5WZio9&pfQZPT(_*()E_TJ7kQm5Rjg8EMl?lW?>|Avc!*b0cpFsA*|6
zUs&p%`uJ0=1=4!yD1j+Q*Nw_fy|GI(a9Zj#8l=RELUzTrIE1$I*%ax&mN9&jYu5OO
z`6tYuzrJx9^Tz*5vEYvX)%AP(zdN};O?}Eft>AwY#Fhr0*W*1BRMeCY%R4VBC2>3f
z;YfrRFjJnVK24=y;NgNDbv8WQl>FT0BPHj<&UkS(UnD~~nn(IDB0u{<=G)xPhy4K7
zh@WMeFWR;00Z71~Wp-+KYN44Giz7Vx32y+H_s;90{!J`OiD;1o$3=Cj%!G*`Q@hn>
zYo}HzAGBNL#`8+6$(5AE3_>e1qaM5zQPom^wX9<5_@{MaDUYJpP0N@U|GQ9HcE|tP
za`Arr-^KMQDY4|xLV36>mwL7W4_CMO6f%pwpx;;FE8lg_hkXjJa~5c;3&E$4(V|bm
z@K6J!gUkXPjxB4D7)6&|#^|zZONEuC5(b*xT-n$xtbw#X0vR2axEx>>cc%8ay2dg|
z4sb2ChC%8{^<-avWK;I1sfAB@OWx-Q+$Yp9@_H81a=+Z`$$eE5dY-n5XM7&U0UKzI
zY@C9TTVS-2Yd}P3dy{^j!kmc=ty20O+{VWJR_!Tp6a?cemZgw@`^S+^lHh+T_oMOm
z&hsiRiFd0FEqtY(EGaZSmD-NKT2}a1dClYhKqEIUV;=usEyVc$%6j3R|KG*6c#BtR
zaZ&8sJSdOvs$+pt++=K<B*3g-C&aYo!~nEM^Fp!cgdJZlZZ6wl$8WV6DO$A(@;tIl
zwe?3{I_wPnJk^W5mB>W!H8G8BW0WkMk}MnsgV0N-QqA&VmDGJzE*DG5v*JCU&u4Qf
zwXaWboG%Q8K84mN-h4P_O(Hz>0-6@MR`7ve<11yrBRGBj)Ej4BXSEVs?rh+3>esL6
zEv(uTGlrNkC*DMPITIB1MrXu3rSQQT0fnpJHCl~eJ6UheU-LM-Wm75t1kEexBsNT<
z8AwQbWNF^JN+W>{QnIq}Cxv<n8CF8(8}TOeAf?X!7)p0QT281C&jeh%!pf>Tvq757
zTmS0Md%jHK|EP8Cd*h|sDg&AP`s(V`^*>w=|6g4xtv(Q|w^e~z*IzmRpVj~0RGuwX
z5B6?M2UqX^wUyPC`~JU+>oWb{_m6Kx16S|=b@+AP|95d+rvJlH_s;u&W%<7U@8Y^_
z|I1CAYn5^3{x20)3+wm&e;3yk`(LNIN*P!0|I%`?aNqxTab33mgVE`==YVUB|HAV9
z{C_9cRr;UP4oAU1dEKk54zDr(*9-Ua|D9ad@BhnB1y}F?mDR%i`tMGz>-YcVwM5tG
z|K+uN`R`7yoA*ENDo#30e#-w-=S^(G2s?QC{!ekWuvT*Ve|>Fb{eJ)FF0Nsx`x?(v
zL;vQj{>@9ZyX@wzRLVam=f~K?c|XYS`RKjMd0DMj-gP|+0%3i7r{Lrzq0CE$hSd2N
z@J~~ff2m}0kL1#+dEX>z9HN0$`?xEx@=y6^ozU+_XUc=o*3_i6;Plj+@%?ZV4876#
zVk$Hn|A2hLDh#grF}}H6+9sc!OD#R(<M8I_L?f?`kk}C8vktwHdr<zdv;bi~fcDT#
z0tkkV7InnmK_TKB?^rr3L#J>8@86;aa>&{`^E;=3I7GksWamDd9QW~TeZLciPF=ir
zV{gz4h0z}=JnjM&$7mLWDhjDY5x=DgI9X57(Tw59e?xA%_zc2{k5NaO>>3ykOB|LP
z<$d0M+9p@s&;tx4y)`d;`RHKh1s)kFw_Z?oITjR$M6-;!P@a{W6|}Vwx)Kt~aVNy^
zk8=SW*6X!)v-%Ge7XY5AKsPf4L1K)FPXt6MHiqOU>*`Bd<;>7AY-$qV#+LT4V}p^k
zvM#95A>;#cBS5&j$DWcRcL3ta@#rakXgGvMX9ScFC`GzCI=Q0W8b{A{>JCF2c_-e;
z8+1JtD~Ef>a72K~s0B=fblwClbTU~;KSCoWml;7~K5;c3UC>{3{%UCnyJ$2H1yPcG
zD^Ws3Nr#~%JRaehEbgHqHV)O{mW-y%?3RRq2jU38C);8$>Gz{u(<FY8*CthzNkbuP
zY?U#_vy5C>>Z^zZ@W2%Pz`F9UOqvI3I!X)8N5rY~x=4WX3sv2?E{O(ngy}{|bmI8f
z^+%V5rN)^H1}oWwQF2KzdbDXcs)O*%eCHhzXQ;j@`VhtmJ)H<jtO5f>q*7EAc*v;Q
zXz1_dUl?lLvkb?t*$YPJoroHRmz`P2V$lT_br<w5Ps;K<TOP-^jUf322QUC@l5H>I
zMbTX*9RrZo)o1D<Q;39g+iCHI3E#!38tjLFl{``w{ve9ZNys@x2Dzxo5(+n#@Fp@b
zWGPh92&Xgh?jX;22B7yThe7l}d>926nd}T+fSsA=BXqiDR+A8m*rIG+g5#%|_4iK)
z!3f>{B~}Y3ZNKYf;<Ao1r^$%~$wp1?5;;@YUQQTtn{GGr(~JhML2aoDYL>sxae_#q
zK${J=^U;POiZi1Sffl0Cl+cRvZS+*aQO?kxoIV#A<_IRUCe?H~-F4U!<q@SoEa>KQ
z0%IzWlNsSuHt-HnYS$iS&&Z|+Db@NMAs+4X6)$E{@Z~E(0gtxD4-t^4hu&``60Y_c
zi^qC#u9?NnFwGR2Ms|v?BjP96Ts6_JNht{d(5#|9WzvlCw2@Dz&XcVVwkpOVNh<2c
ztH^#KV)N$Iu{iSj9xxTId(A24_PL549Xllbvbc=~)98-KcFrT|m<EUx@;IyDKgsg7
zrs-e|xxJnxW=o>bq^Br9f!c*o71^?q+VXm|5TrEBn{0}mF_LueBm#Aj?1##LPFl_B
zy2-C<4YM6pi*avO?)YNt!AKzj2*<mfaVLY5`9O<*_7IIKAT#2hP!3IcHF%{ZB3UVx
zBZd<g5FnnO6Ona#8OoV85|hmsy-lj9oRImn>(`x;k9Kq!`Ids4Sk;ps*hY@Wu^~*R
zr8@@l_?L%jcKTtJ=9V2G{tSV$%=#h}=cS<JjSeuXt|eVsun+5v)@5OHZS&+xwSJO`
z6?KSVYqJSusdIoFiRT(k;aMrE87OwPs|S1aYd}SL22C`l!fiFm2hCc!Rhe67)u9U@
zu(j&D^-Y1)qc{Mseb9{(@rAeEasJ(TpVmSXE)c{nzmK${;27|Lr^~p<ytEsSI)kte
z!@6fAqTqsWgVF0yx@}}Hg&od<!kv*AQmA1!8TA(-2~5iaN<R>3TF%pnEdG!NNzQ-m
ziS#2n<e3u&Bn=%iqh)5SA&FRT=_W+DCx;@KT1^8HQWqjCP@VdH0;WzQJ|rmO-#cVm
z9X@@L)1UZ>R-(ZG<_T}m8Aod_H70{#yi1O+l+MXodmwC{KpRj1wkeZdGN(gojf4?v
z5mngW6@5laeEiA}=KQR2YGednHSBjlsC>BeFegx-2YeL;E?6?|oOMQacC1=F4cguU
z;5@n~DUUOStW#axljD3iIhJ;{MH}+_cr6tUzA$@FeRn!lb5p#aKf9d)(i8|oLH~`H
zQ`{GEX^v_K%KO-0=7Y>P;iIvBh=2oYYkb#kwi?xg=huM#_Y-e)!K9D`y;0e(w<_%y
z_2#A7v;n+9q3&M5oH+w_d3U#QZP?{rZ*<r7E*~Lp{_gNPommF)tA*y~)9ZW$Q{yzq
z2L1lw4?^Xr?p6-2-^?Qz$Vt`NsUNfe?sZ$b!y!+nHC92dRSurFUff&+kj2%!!6}ZD
zgc8Zs)K0zrRrNZ}c|qYeq2598+V|4aC7Nb^uk}s2ap^MDnT0sO=P>hsQ~r+KW9^l9
zE)Nn!<E3K0m;h6WU5$FHzEiJV8X_W3f;1#V`sl8jWRA2ew2mU#8t?nKZ+}_W&G&z;
z#dgy6@4WMWtIO-FvHjoD{rSH;xvshYI~n`^{EJR_)^xUJ`AZeOjhfq=(Wj;fYw8~A
zrM5cbd&rmB8NGDUy^abDB==G;x65gc2fd-WD+7v14~xNxjDx~jp|^g&Pv_;yX;yE>
z1}Ew-B4<0_vU@Z1a8WF%&AcW|wa{UxQKmqiT~EaoMYVMzY_rOgO2di*PRaV(TY}zL
zzE>Hf4v<{B!Rj--0FE*W2DlAl<&^30yHv196=Bxc(^QGcWi-0}3P#S(rcrODF5#`N
zJ=#i;JD+Mt!Cs@~?42F06pCwYL$%?8^^`=fgd_TgLl2;H<S6_=v}MFWFECxABGw_d
zJQSi{MG}~ry$8Njz1DJ8OH~tP+jKszdcM=^X@w`x;~L3_BV5jzot&U4H_Fvj*Z90N
z#t{h%Q?Xp5bE~v>SyO%)6$1F%u6H~+wO^q(2uN-9MlFwCWYJVX(iGQ5=L@~@b8=Ff
zN%I%I(aAaGvdTuKm5o_r8&jmslBE-Kj<!M)+=#W{HQdui3}qr@$&4tFQ8M!LDg{58
zjnBVEP9vj&PAJbOI*+3o<kPGOVjRfkEJllN02~aBMR=stHniCYA(>*x$pr=E3Qd;6
zJkWFrsW<j+Iy7g}4I+@LVTrT~A^0`gGkszp+1^WyGgW8kaS?<ii|x!9g~?l&1}1?+
z%KgEJKSxtT%yz-rOVsTr=A$NDfquSG%fsW|m#<-b(3kvKCp;h>)K)gNfDjg9{74V+
zEN2;TdYLlX_FPap6NMSMp=7jAx%&=jN}4qvS;S*aM|%54H&`xA)I4RB$6riVMw-*a
zvUHoH-7GZ&n4(2$+Agp$we>Ri5Z|jO&(Rsx6=CIkIKIeaO>F??%fIdTV^dY9e@yEZ
z32_{hN23lvd|7xE<(3~ga)7bRWx$mPtWDhjyUhNVi6m$5%jgf<aI>ZrgP!gEINjK&
zr>EdpQmt|&t>?Eazn7mSb_c=OKe^BZ{NAYN`=49*{sml@S^tgOa_`}qWz1RsEtgi-
z-19%nc>d#l{rA&fPrk%GCFx9WJ6+5d(!v{b1GK=~PFI`t#f^>C$BV`EmrqkqKH07B
zpk5L8q82;Dp*TExR;%ua^y1P|b21S7es>hGlfW>CL51^6OS`RIvKTEJc7>&UX=$l)
zkcLr6fqplamT2V_P6qjIaK7|UCC^*xjeFseET~;-m-6r;4V93u(17I0CyR@6Ls@96
zgJ!gqV>mEdT%-(=w8{EJKP{s2>?sR%PnN8gb~;+%J)O5y&RbjD5kSrz32{{W$jui_
zin1wc#|cek)S#3NfLth5Es|NxQ^}N{(39B;%To2plJVWnLK@kphF>t%1j2-whRa@Z
z3y&Hi>rQigzptZjU9sNMHuefto?Fe-0@be;Na8~Qi*{B+kqKz}>h!aDy+X(BOoLQW
zl*?bS5qjfxZZi~zRkU{{j2~!Sf|@%YhFXPyQlXZ6K+a?zbV@ZIUbRWe<aln2mJ63^
z1vX$|!76(Jo(<rn4_c%IXcuS~9Hq7K$V#Ms_r$3LBsZ%dnZc6g1`aR50z(n)XrBW`
zVDxf_i!93bSL7zf=K0e{JkrcpX3e4!ZoSyyWl9BdBfQ*Z*-MWuQ8FU>$&zOEKld#8
zmwU~U|MoktJsb)*En|-SS6V3*UH>1D{$BpOi%Ys<Rb9>g_R!tlD!SV%EQ{jG=1OU^
zRI=RdrCO0CNh+nHGkuoXsUPfBpJ!94{noY^w?Au<kJ0_wwvaztZD7^yZ}ClRb&-mF
zQXf*d|5>ZF+ResJ^ferH^@m#ZS@farAL|d#j;giY=o86cUYJV#UHR)W!1^qMKiV(q
z`<3j{u|FU=v<qJwiQh)46o?)4S|%|nkX@2H2r!xo$18bEu0G4uJLOinRy|NaF=|CH
zApc5=0itI>%vh^GU-`S_LTF+v=1cj<lyaxOe^{+m>W6^x#h#Ixnw}LbcS?uaM(wkk
zQBwJ+3xysm*J_95ov+HzE6r^Y-~E&RKoku$kDh@n1}R}BJ{$oly)!BTy_U_vvjH-j
zYSxb$I~C4kCtXTRxd&~;jgHSUP((O6!6KF((S{?!j=*KJ*nLg-xh?Yeli~twORKuY
z&oVN!XqK>-`mD7n;0J(^<cFTf;onq>e4cLt<w7ESvxy&C+0+7VZY+8t9sc3_m*2lc
zITY>wzJK-oD|$g#=94Y-F6|`VNl3k8CV#>OiKnV2QQfc(dJI`ri6r7b0G;WFtb`Y3
zLa@J0rJ&85sfE$GSR9?ih$gjg{u+h%_<NKqee~uGpSaJnTS9!FTIdBLBZtfmIdj)!
znbqAxeV7$l(F+D1I)6t}0|I?>LOH3^u={1F!Ka-#J?B#?iV`)e_V{56%;;l;MfC<B
zer|?*$Jea+p9a7U^gimEbN;)4&K_O=U#s`~|95iD*8d!}_7*qNUq1c!v<le1oeNh{
z4DcC6m2i&`Uj5PlZ?%SUsv`sZZFMG6^jJ@@o$mDeX(9C$+v$Az>A(N?3%6AXssKZ)
z^!zbL=y)R!2H<jj82B7~+ts&lq^?im__^)6Sx2<D(-f&=oEEg;-cI)rIZKc(o>E5s
zYt-v4oqT6=>2MUB!rGk7ki(^~h%GUQDFB{T57I&b`0NJ*?0b~fX6A*-@!EM|+L)Rb
z1lE~(Q9e#j$&32R<jhK(i06ba@0Y$r$$HCqH|4F41UR*zo#c`L+gQ?PKX6CC-?G2-
zjZeDcZ+|dUjjiV}IQR6J2(QL0e&WFZE0erB6RS~~H~pz5<6q}P_W<#H@HsgjPt?ho
z<ccRbV-GDVbf#bm;iH!H9Q_T<OW5;3_GiUul=fr_RRb3AhfXLBY7^7S`AMf;#c3)j
zAxO0rP$Eiv^M3KOA0(9bDEQ0lw?hU7O&yMWJlr=4y^~2_hE4JYZ~Rd(z+-=0ui4ak
zn*=I>frx{rTo^}C9hj^Z7M^(Bvp}4CVc0p<L?mO_qYc4lKiIF{r<W445xt(_Si~Iq
zDLFBqWfUdWPctAB`O=y42!8Y~IU~J%vc!$P{lU)NOjc7k155N=PindCx>+4P<VvE<
zGDKG^M%VN5jwBb=&G7L44luVP(S@56*qc(>{>#Fg>{A1C3YUaEQW6PZ#}a`i-+rGa
zJDoUc1u<KENk8a?W|#b0Kf*`Fbn%P&{ho?nc%n5r^tkYZPzaTGs{_0bAay}T4RI#}
z0|;%WFJLm@e7J`~I{1(}n_nqq9wXw>Bhs;qc%0$)B{$ELC0RVzZON+K6IQ7G<W%+C
z8=$2VlNBuWuRa>@fU0QP(G;a<Oj6VcwNQvjoV=0I(L@H_HyQSzVMf2X-EGpC?7dL-
z9QB3dk*L0O`oXGQ&x19;tPcMc3Dx=O8N{DOS4vM(gsg5bywIqMX|>ZZN4OvLrvOBf
zw<90BcRZSSER;A9$8BR%-h^hoPKJcQ<RQ;k4UPJ}_6EGbWu0O2Izv^?h3C|cV7=5@
z(O0iDw3jbG`$4^akMFMvZ)Xa?9SfpCoo=tul3fo#py{0KN6ZMEjTih+|NYOcl)1xe
zmj2J8yc?7;Xa8@du)6Hpe-&5m<3HZXbvqHW*mNSY!7_q>wNP~>-MGmZvr=lF4A98N
z6UW~8t>+EcYFC;*p+_HWkAc6+bo6G^I(w57yPbjG4@7GMG<-WTz*4sxN(|dT7CCH`
ztlht8QzU$gk-zfFVG24JkT0aaA&ROM{v;vJqR?I5xZN50BEj2JYC%UPTUan6js5UG
zM=z9{7Jin&%YG1~tvMlwW~7?zj5}zy)845ce%Gizf6<~7uQ1V#{L{0s$n0cs*Lh_T
zx1I&7|Ih;-GURlQa_(06M1Hk?fO(Ywnm}d0ogdZCMy$*rH~y@Y@{`;H#ILCGrk8#=
zL<K>J2a@5#Nv9ur_yODXp0S`iB~NoLrji)UplgS0bZC~7ZNl914W=ArvYV78ql1f4
zhAag`b6}s*p=A^J8HQ7fpmusad9e8`_a+ep9p6A7a0Za`@H8urC~VSqev^>9%crt2
zz?uo58=Va|Dihj=#;rsNuty$isZGF>QQrbM=rv?2{$zsDN4tlBNTezQkjM;-E})c~
zruUyg5-9e%qm}CxG(1%80(89ea2g%b?skSJ^3Bl&Il&CbA11K{8AOqIMjFH6F<VXN
zu~->&+duaE{`dl(dhBEq?b%eU?A3e$y+yt8$-m}mz6iYctn<bXMi^F)=`w%fLs1zu
zLUJOF5K!TkrAnY{jW%xXmRqYuj-$6A<LfEmPQG2x&)dQj2vZBx2|D<n4i=tHEy&}j
z`L5LXSc2azW4I>$jLM4iq{BiV%|le>-k`=rKlM+-^zBa&6f#p29d<Z7#FO54Q;r+G
zL>4Xicj7n6>M{Hxv_@ni`p)WzluG$(#9GV{RpXX_hC?6z+@i|;^%Go4^8fFHp?7P+
zA0J#N{@2QSaqZs!|6N>D`@a|5Ea;nYUA_NTSJv+1zud_+v;U8;7Uyf)b@l#VE3Dm*
z|2w(n^?%><LBP$Qjc;HDHqZadDtvSFKc##BFL!f2!Jd7ZdV*_C_%rs$eeWr(=g5vo
z`~y$|xnP!>m?uk|AoV01U*IMltn#+gxRPD!hGF_?YGKlcwSONL(TkK~5mRi6o*#C_
z`_z*qdWlCnxV+Sp<DhpTj!(NmKNxMNKi#7%jbF}2_-_~1lHLewMys>qU<AwF?Sklf
z{eB3m1vFDD(bEuC#q<QVcrwP!3-A|KPJRD$u&v<W{z*rijl7d>b@cG<+qcenzF>5k
ze)_~eKTSdIab)`yj=HmRDYIz!vsf%`<WK#Rw5oHu05F$2d>Com!&)w3HMz3W>U!*-
zK7DdLt4EFjDyB-gfKd^CjM#=>8jVA-6e0Jl^t3Mie&UJ$2XsgY-wfeJcUoCu=#9=%
z?E&41uSfbIo&1h|Lq}uWSoXx^Tpb4N{MY|iAbNo~K~LW3Y*Zxm05Tm$JQj<H%8Ls0
z_$2IzAeQ4i@bRc9R@6s}fZ#k2%&ImSpaX%!i}6`7NI#X2f}as2x8|htdv7E<L)28j
z8fQH6pyqv`oe3;G&uPW%$xJ!x3xa#o!M0!>^P(QQ7?7Ch1tB1-A4Ir>W<Y*ahxJiS
zg(afiinHaPEDdFUR5i+?E;$_e=bk?T40ir2BH2bO>&kN6v=Do#-x+sE^M<Dyhk+l8
zJ<N!y-wsHd;KiWa5`uHM+Z+g3KK43d0HDX-;0!SC`Dm*chCyEJ1Vi5wfS}F@)}C+R
z#|d>rFG!-i$vL#?7?nZe|If&$szwh_e85f6n{>zFlO_Ktl3ggzp#DDxUBAO{GAfM>
zRRySmBD{Cr`LG{k74C;m%clVp==G4o164aLL!E)Vz(R83eA4R-pdJD4LjfdcDQb`Y
z%NwtcsfS!z`y}YYu%~)aOU#M~1E?yj(*Z#yA`BGdg=l#G!0#fis2w@zHGn-B2cJab
zaugbL(sa7@B=E(thY0LKt9sDzH$nG*MQzZ3LA(wEXdcxT`ex7}uH8W#%6DNhJ~y$E
zlH99?^(nR#dUxdW*azrlPTWz>i?4P0K&JoY)E`iJ`lL2g8c6nk#mZH8MP`78Lfy$|
z9AtC&Zv6iqPhd<Td_YxqLIzcMKsTa&yHpsVPQw2tP@jhS5W5RPZ=%O?L=hMrBw}_>
zGGGlo=pN`VfZ6Sw`-8JU^|ajY$n?D9j{lCS)~rVscOh|L!Ute4uQ{KIuis5P?k#{6
zO!DF|B3X1vJR>bO>c0r+cEA$TAP)oRHCb~eW0<`?!n3AuelKez`2e(-So4z1t7f>9
zAXqx?jBsaA_|TsbmQ>>btV|%sCNSFg_ysup*}+iMC@&m(UH`=I0vha|!GQ>TynhNU
z?TknM@q`@eI5eB7?&cKf0CwztpfDpq^<6yhJrV=2-$Bg0Nu*O4L`0!P#Y0rEqO+af
zO*(^dCyYuA;gugEOQtD?cm?&ZRW$UyPXUb3e@Qf;cSipW7*G&SpOA4>lgKf~p%86+
zU@4GhuX7BT-S33Z9^}0tItn`{$JU4;pZL9J?VRyM``>8t_L3%pDH775tOd_NdF1~_
zL$K*%a~7j6>-gkR&gZS6|N8&MbJjEidt67zB2v11NZua@o0xj>puX5VEblM2UX%~M
zYW_B%K9D~My8+7%I{{+lzW|xRh=n#IBYXqXQV=rxG$o-YAxz641=CSTW5q+KA(x}m
zkQ<`-cyncAv$z5c(Fm4jB0;!iDDVrVT9R@}xc<3i{8`t`_1`4?xz_*1;(h$*JGtid
zKL#ZDsn`F-_4U~L|33cb-CT+5f0}2sF$eA<-Y@@u*5&{74!Pm#A9uce?`<?oV?Zt{
ztsgH9rp7S_2f5tx-9DNo_cWD<BPnT%D*1{HZ*6_w!TKGK{N8C~SEN?*xNS}=cx)Um
z>Cpm**H*Z-jVp1ANM_d(14>ZD6^?1v@2l@<Mc}U7)mlj5bI%{)cC5sOGHgMdUIdd7
zt<_Ny%8P^GZL~he+NdnIwlenzWD1T2i?a@30r%|jB)0I!;=&tK+cDDWklj(*WDr7i
zyJ*G~U<ldCv0Pd}E&U#&#$Aoe6o6uCDuL53AmfYj6I$VPP@Xjw<%kxKk3f2{wYcDj
zf!#CcP8BhfY(tf0Rq}G&JV;4>$`yS};cpN-T~tx@jG&_4=wYZZKr3?!25OKF=ECzJ
zI9*=k&Gk7@Swsz0u9h`2-U7|S3LPMaKwLQjMGm1u50`o9Yf-iVdk~9+x~MnEYUeG;
z(fmvTvORG68ctq(XO@a}wB4r-(I`Va$FW1h$b<!>16S+e8M@Uba~RZ`(M&<OaTY#2
z#O%c$)I?)H(kcQ%BSL6ty9hH4F2Z|eq*$^W$xH^=p<}n4tmvGK<p)~iN&?VLq0VOy
zT6wV-5oAt=M~YJVxQ0<QW~{5#8VxCmN#l%olC{Vdv?PVRa!6x~=B~1-!qi0)53+D`
zk*(}3twE`l*v@#gJ4NGp2UfzbF%YoTT(sE4QHDKwfgms#Y-h}iZr}>M$fhn29MD-N
zE@Yy_bpRdb2t>gS@eL6@tfO;$vRPU_!3vp|$j;K)S}!Aa2xm=TIKX;d2ve)qlkuB+
z@ay;@X|4R$2l_el`a^adYcG?lM5(w;)(qxy!h~(ln6y%cv3z8-0%`9&z-U~C4dsx%
zsa}6|OvOw>y+GzbgvhtvdVQEkyg5r_V=+KW<JG_DrSV_IHGTaD{c}qOAlI<}SX;f{
z|G$%KcK^fVn(y6Y=}*_3^?zY?HRk`Vw0?j7<4&$8*u9G&5#yu`LS7psy*68*1Dn=g
z)ABRUMs1qtGbli2K-OzV!CeKpqn8P`AC^HjQ(MQQ;N8W;96906(gGh7icXhLzhXEA
zAhxtPr<k4FX|(Q!WYt}iZZW_rD;pl7vf-gT&gJ*gOHV15bPLOyk&^1867MQmq5-nR
zj7%VNP=p7WEoCN5!wTr!$8R{NVN>u&A}&Gv!o~N`-O*F7+2bE&tD7@`x#NE&=KpEs
ze*E9fHGBLgj8Y_tD-Tn3V)Jt<4Pz$vwyrjIV-P6Y)^*2p4BRe%&;af8#DAG%AFtWt
zf8_n{4(9(tY1tkB%cau&_`i!QqFWhm`+iOKS9MJt|F`A*`N910zY-h&Ys;`)ydVE}
zaLw`mJX5WcYHbUol|&EFJEjNdoyY^UcB{KnL&vr|?9+DVF8u0JG2~Tu2fgZ=USv<8
zdi-Aeb@9Kc<G<ZTUxDp*et2=yGUko{<<<3=|M%s4|L=Elsc@*$(?ZWXG2;92VeWV1
z>?X$s<EQ+{JH=D-qaE}vl+mKHv}Nw&W?mFy&l`8zEQcp-Q9X=Q2V`3wk{8-JDUEQT
z;dUk}6%`13AdTmQ{Vp42&Hmiz{>5EW$G_fay?Gh4$A57db;Hj5zj|-~b2pb9{x~zs
zpOaA^11QL+au<zReF}vrU$LJ6_4E&i7||~Tx>0ZHd(Hfzbj!I<i{Vj9#$m(_B;4DR
zDVyGTXLuHjJpQgs0`iBDr-io86x<JY^UOCYxBH%faE#VaCE9K6*U+VK;>Sbn?}I->
z&2`ntu(mq(&h@AK3rHJ`E>seJ^t+vYD)p)I(@cB6{opOOvhNRUXU&m?fwTaSMg~0A
z^p0i9wpkF{;$d%d37flEm7AtZj`_sHRLbCh+p5)>hf0nAFn7vr#{iU=^n3!m96;+n
z$bd+M>|eskgkJw7C;Xn=*WG^jFejw?gnrBQ;`Tu>@Z<!MPN&D{3??8b>J>+6?NL<H
zQO56a5JwCd%5~4^GIRl)1Z$9Qhu&Dl@y(Ow2zAaf%Bz2(s(~A`XwQPR+0^`Aeth|`
zQE49551N&Sue1XaYGA%|90q+rMH|RIll|i1l2qTI2ZV<tBw|c&Sy5v!<g4cxB+MV@
z3@XYQWP>r#&)aX?ZB#t9+qtA+;XdbLG);(2m+4HB>~h4XF{>is0R50D%tQRd_2<ZD
z<X3ZBs5$x)Rmj`<WyUWsr_na!XDmJTOuOCbwxbz6Y`2YC2;&z$JuH*;i;%8kLUYsm
zVa`#-VR|3PSv(|?(LdV3sBOG&cLqIv&L%-94}!tPc`ykd<{rwH$CEmbnTKEd-rK|q
zwc8_aIBK`C_)8Qiu23eYG`CTFFHEXLa;cXoD64u+I#Y%MwpADXfXEh`Cbog>9>NQr
z2Jp>!(4#kRAHL7I+2nxM8O5xeSP5i7YVG0jpol-nA)byLf}<IdGAUt}Bl(9MfIxtL
z&v?(qD%%X$crQzUFY=eHlRxNr@7id!K(*2}NT<bUGQj>>d{#Zc4njBfdCmA3s$@iY
zbPPMlho1L3qXJRWchsY|r8lF53^;FQV(E`BICgd48)R%KGAaLyPG8VH7eAqy-D|X6
zvWk%|s`IbC3z#7^0|oy2F#nJkE97{+DLzH>KMLN9W`a1$Jw&^pf!EKI-4u-2_Sios
zP9!e?{qprIw_UP8_>xj3ncrVNgg=e%+Rav@dhq<=D_tXm_E08jA2q5E5i-4G=V0XY
z3toP~FLC+bt{&{w=~ep6H2jOR(5$i~^1OcN*~Qw)a9VzN^J=A{{PecfC?7Oy<yK|)
zp+=gb$(gzBg0^QR-L3B&?N<(36nP+4j0v;S_`1?)mv?s?oQz#Wg)sGvGnC>*t996Z
zQEvhm7|)vzF&K5!qnvy)1g?^?P_$oZy{JPAvlzAg;UVU?alKPNXkiU&m4oN47pm}#
zL;O>_Dj~b-ECRt!yxMO%qmWU>-?U(q?{vvAk{Wcl6w(3|nd(WT88DGI80BCV>9H%5
z?vdBl%tNF<N4f*Dq!kw~S0856S+^!KO17$r^hTyjl<dit+LXAXMzSkOJ%qW0XGh4F
zK^X#{RA_RQI}(*1M%?eAV$y!kVuV)36w{SSjS1S$gWOXyO3ec(c_hTypbdU)_q&r$
zii%bZSSGkh71F;6MdmkQHZ6W5GEvH$Rc3Z}^#DecT}iZAqaSgLRd*zfmw1ngG%h$o
z5m1Mcdqvd-YkJc>j_2=JW}0ZK)2Y;S{mSmt%Ta_SS?6#escUQT{x~#DDuJLUGmPp!
z2_+bQm;(uNHDxAFZb0MBYzd7Ya=iaLAE<J(XyuZy*`K4Vqzy{4g6KEQI;w+%(>8lw
zbaM_dbc9X^gwY-cut;Q1H+`%{+|bCWC4o8l$Sr4-En<u8+>onCHr+`e3@-W-6TMRM
z+wmA>NfheQ(<MV`jXLOuu+wiSA9WU79EUr+BtE_X3Gg^L4%%bRgW_AJ$|lJm(VqI<
zhfo1BO2~>u@ed$;HQDm{Yw77Q8quE$Ho707+58}2t6D5M1i9&C9K}Y?sirAmUIUO;
z;$zhSSYvh1U~NCT5Mh9aCr&*&B|?=Sc<;s$GeObJZTQQF?wbRs4v=s6HB5-x+Xa(n
z01P*^mYvMm{pDiu70snf56$d&#mlFB%~pBmD_9SAhUgDF^YCFdH9b#anUO&7Pk}$k
zynILk&g|lHSi{Se<O(#hEa@*iY55)}vX>8^m7A3Um3zrzT`A5fHeSL}qecZ>x@<{j
zKs9JVFNcTAP;J^JBW;6p<5U|=Mv|f6G51lz2tq2=fF-qdPSN=!8pXf$Fad=WI~`y_
zNb&&|&PC?q<6p1VoRTg-;E!<2&mVAGa5bT+3(rS%$lM+UCpy((n!-otIOLHB1Z~gb
zxM+#>@>wTr!x|@J(qwjX23^?Hiylc|%}m{>?AO1pB&Da$q-tV_d1*nlq|Z?3BRM>y
z=ctE(xuh;vk{ZT@Vgm{A_{p|OTbFNa5=aRa(5Oi_-}zk|!{9mHJCoRLke@Q0z4b%#
zK0txJ9-b4MPm(R|$z=+ar9S;hsZ2trDLZ2on7GPK8@w!yRDoGkj#<tBG~WKGFH=h6
zF4fv8`8OYFMR<#jl}CxOO{ebvjN58aa^pRQIs3mW>&4jq&-(Jc|F=82eiCQK(cxJN
z0Z<()*VXI=UpguFdI<@Ed;^xJko}=zfYvr5qfW2-2+R-1A-kjQs^g73P4oFJpTHqR
zGH!`Tnao>C(!6DDskkl*#m&{iW^v65Z+@#txpjZhO>aC_r(K_QLcdD~k*9d{&u9nG
zyoL#-BY$2kq5pe8hNyp)Mj!XTR9F9Wo^QUNf1T{|PW~}gj^X1UTEZ*7@NzEkVG$4b
zU681KnU;?57t#AY@%d0XJD=+VU+@}uVSz~1UKl5Vh{XsH6brzp%o&#dMrNkKYrMOX
zTF@@R@oaiqMKVBC7~di~8ua86Iz(ck2;i?_DU37fumd3E>Nv!(-h|>4@fw#RX{NC>
zyMq_bMeQ^e`&9P@RGCaqDp&GYI;X~_@xS!XydVv-yP$$*)1|li1sfd{{sCXd5WuBU
zrKAcVxr-8FFkl6^Iffd5qX#I&8*6^S=5={j6`+T-xoe<PMoa%})SZ;EjoS#2v|wOr
zUN{A4X;hXR*?>O--qUTX&I+4SWEuGV6nCqg>kBauPm*&QHBtKJ$#F(ED`$f#I?q()
z1*^UGccXGfn>^XuS1#OWLA+$+<CJ0*?Orh`MM?wH{qE{+WV+jpOkqqz_W>%V1gMB+
z-dSNJoX870BF}ZhG+>m5Ysi07<^OQ>bNYW@Ev(+3|GkUL=zknsx8v~5xvt*-%cZq@
z|8IA4#rppi<36bC>ixe`D6QZ3|6N>({eMe-AJuh@{$IKG|8O_gwEib8<IUVY>T8bu
zcVV>{JO8z^x_qzyyNm0|C%g5X)^~>$LHpE)N6%{29g$vKTKZ;rXK87-wJW}T(b}(x
zB8cWq5Wu_RrKQRN?X#FpkKQhm1H@Ki=^X+pVov#UF{Ety-nf@WPm`v@NnGAbr;`mN
zzfG|}>5qM&Nm>`62Ehxp+eu1Iey~Pfe>+XyB*Qb$8>cVfg$XG;k8Ubmx0OriGZ8In
z$sN}sirR0sZB>pkO_jN@30vq8YXq|X_EBqZaRZ?!x0X-X$5HA@&wnHQ9z}~DcW}cP
zU1UbDr6CZ$bl<i6!D*0|Exw$ODRcnopP#bJN<yX}Andl126uiqIOXP&11cypsc2j{
zrk}FwN$9#@aLRpy?mOv;Jx)%|-}89chYGr<iQP#V`H!F|-6l3L+_r%`T;tei8^D6_
zl=Xi|M@3aT_yx6@^a&GvUswJ`aPH~4lUGenBU35tMjY?cK)S_D8xArNVUT=gK2~L=
zpR(fXa(R@`$Mn-(`Rj7|&iF7w`l&pXaJgJvc9)ip{H9$h7rPEiYgc7X<DM)@tjiY`
zob%3L(&-Z*AP0Joeo&`$gpuJ>ADzY{Sx|3Rji(tkHv!OTQ=pIZ(`WM6B{P~n8q<z*
z&r1P-7wEgL3uCFFep16-^(KvR#6;2u$?}qmIPc&wytdL5gos~!qqRjwH(eQc*zdgY
zOxR6)aXX;NH7$)3_-g|Klv3WMB#c}F?b2f-)VCsk%^=mpno2g?pI{J`Q!hX8#ws*?
zD1{{H`@TDlb!cKo&ILanb-J&;(bAWvqhK;@1D7kVtRu;u;vPMInvU(cz{Bpj3wY=2
zW->q<?TO>L?{_`gfuI3h<0k{h48rB^2Ge#JyqsFo(i<X_!>(E)CXB%2o{D*jBU=g%
z+<GD2p84G~sX#=(lHzUWf?QYfCLww)r5#6_hS<R)?ic!l6uJIY+m8Wyoy6=RZ8vEs
z!FgiLa)KU=M23eWX(3bkgVz%o8cJDNZsclHx8P*tc_Iu>#&6Ng2bGxQ6qyVU(BfbU
z?)wq$Q=L#qHK^enQ{z%iOqf(nP704HszwxZA(~l~Ru&cq`9g|{$taEOYQC7|Ggog#
z=S|1&lb#yB8i1myt!GSaQTtP0>jDb-LQX`m;Q>1qJ3|A{rxF?#6@j3m8Pp~c^gVj)
zY4^%(4Z`kxr5+kd0j9&$RhR&pjD+ZFxwD5!2tVv6w|b%-0#DFL<&t3G?Xf?g2*gVS
z_nCYm*VYZT0~e)Ssw2L^NEUC=f3Jt?X&-I5RCfg@B5F3_@ECh$g06VSny6B$-t5~q
z0k@hCuy`$HFlKvwK_}ykR4l9Z##-+B+9V$>fQgr1E`7OFf)(K_;1Oe$t@pIt>kM(U
z;5kVQ5=J}ulGLDjz22-63RVfl!qR?clvD`0;}%0avf5P$lfdEMzKa4aE+GnHu4Wm_
zmV4Rb3(*LUy%98`>WwC0r|+MK-LnfC)UDwB^G*kMNVY=peBy_lFz9!1=-$|+EDfv_
z`o6Vy$f<VP-)(XQT!z&1-gy0BNba=AIW=x)1|tR$BW0}KN#_{P!S?)9AEYGdl05x%
zPZdUA#V&s~d4Pp$C1et=4MFn~K5=glF~;<Xo0{$u7b~FL7}J;n-VSpO8%WB&kcgwX
zgLydolAe_9?wZXIunp#nU06v!#dmzBI2@Z8bf#G~naVlV`ATakXZr0N2NPa`4r5}(
z8zA2v&TVRW-#zoXufLp({B4$QM{3yP!qW|pAoEnwUju_$WQ9N>&5P8p@m-`|_ykt*
z9$JWOr<aRq82`QT*>-wkBQ2JmYLCfOP4*^Cwms1*g<aPa(6nT2sj$9OS{22W&BEi&
zl~vQYNBJUVPsa{|7#YdPix%<fyXDIG&(v?sH2t3`Y237odHTQg)tLToef{45%bi@m
zF#Vs<>xn-vm7mi2C93?cqVfAVm3_xblXm>GsQ9j~;ESuO(o)+uOTTol==)1l^xf<0
z?)7!|`Z{A+%GI!*Q1#}`ZD{E<)R;ET(q(O;xxUoCOz;#As(6lJ(Ih&sT=dRi5zYZw
zVA(b5`kj7iI2jECRDN~FLLKhwU*N&bZV+<pAbA=NUX6kam;il94Pc)i94+?!*PckD
zYYIHuiAHuTdm#PirB>v3Kzja(PjP1wSF^B!8?bUn$q*nFdne=;FBnMvR)<8QNvVjY
zREzT>RfYAV6rXt^sSF=cmFSPp5(_;YOsF)Kap`oZSn2b_8m~?@j-@{iTvtj}MlU#5
z2l?P_VhNYhA*5b=-Y}%-K3!$7&jFkI-f5=~OI(m@`rNEzSnR$v0yLpwY3Pr9t;vvW
z!5ZT+tCZ4-5s8cgimAqJLbAY^K(hC-^JR|{#$Zu~v4f<!X(xOQSy|f=41hSKbtEY)
zWLbDf?Si8HMy2FXDLbIoA%N`n#3{zJnuLNUOH^;LBU5#{qBBH~I3pi5z8W2feP~z;
z&uOtkFMl9|xyhhh&=^FZidjVC$;OkE*reLpcj6Oi70wKWQfj(FDNzq3six<Rpv^s2
zc*_3i>EWu?G9wgihfkw38=qtIw`grm)DR13q~bDbpHEmKVh0*<I_h9sa@_Gi94JPg
zdO7M$>~(JxqTcctC1%8Zhp?SeCn7D)cqa^lu1|V(3&C`PFBBQFJ#NYz=`0n}^MJF+
z0i!-?!ZLV7&gg&j8Sw4P66ov_q9aT(_2#IaIdLBJ{1g1^QL~2Z5if^vFXidZ9EQx3
z_@=O6OF$%{*YBq&)?BEDjH(@n4nyB@h|sY_QOHi@$d#Va5<g6xOhyBA!bf@N5FwRF
zz9FJ0chWB%@bVt<vT)O)%FZ#!!!bgaOa%j9MV%`@!IHS&N9Haa0Hb0(g|AerMpz4U
z%7o_;F+MeWC39M9YzeepR7A7B*ZQX1sEBG)95(7-S9dGBB3*96b2=x!skUC!k6Hp!
zG|C69??io1ln=fWUsVrwbE5L?VWZM)ih3he-9M~VEAXy*uv0tQtsXoV&miAHy(MbZ
z{b~z<w(0^4l%T4WCIZ{9G<IIVWBFONR&9NkOYK!#2MBYo-VkMRSZ=hcJ4dy016Iq8
z!+Ns<#qR>xgX+N^x(2GCYn{A+V&SEzd<{>c`J!B_VOgp25mdi{6%^6=s2BCxZUtUG
zt3cJt&uSGe3tF{PD_8e(Vz<0seqNzmb%4@HVKT0s_~u0gUtxJ=_<x5^O+h=*2TlVX
zbI{C2OK1J2+N|V6xlwH*M)n%@{agz12|4Nn1o9nJ7z*NASX}~1@cF1&(E!D6rCbA8
z&_4%O|6N8$c@-7qH8qrXr<{y*lQNXJp+qC~<eJn@vS;m$&6QO=df4rZMl`$H(b8_J
zp}bVAwQ2f4Lqxx^j%l|3uT)rGU2*k)Yo&Yt?{{+j!t{TC5%zz75z4?{jOE|GUhvOU
zFDPk7X#(dOVBXvPT~;4=uSdMsBmTwO{n<kw3$Ta(z5U<i?Ee&evq_g6m1tr1hTPjR
z0?_jYAb?$cBVIuAK~)3U{7IWKZalY9R>AJqh$CYW5m&bD5CO}mnL7p)Lkdz}$abMJ
zK|dAqw(%fg(J&uO0VzP;EDJ_E4M3<4SQm|cWmr2X`kle)1RJSHiXynPuMJi(Ap{C6
z?}h$Iy0B5joWo)Qs-B9x`?E*w{)IGNG@E%o9QmXn7HA>}mEBP$iC7RT@w5VoOr11c
zr=Flm*Haa=>B$m3riLSL$Q?t(idKPA4;!^bR*hWbU<sICf`b8h;-4yDQbh_KfpP)^
z4JR_j0otqi-ATVQ^2dhuYK&^Vu|UuDXrYxl_D;}VYcv@Q$O@7mpF^!>Ay@_JdkbBP
zvFocy)s7m{*I3y2EL2)75Wl_A0M^RfC?7jcwsj<w(|f4~r|kJueV{@{bTE><2G6=;
z&+I{>8(<+)Tgn<qr7p#^QO|0fX_8s0EkrO6GX)7v^VkL2fRl_rFBlyW`bm{W=<f*j
z3PUj{Sm&Im=||T9xZvSIz67*xF6TcT_D&WpHwG{-r0_5AGN|Fk=4-MZ#6)DPF1Nd|
z#Je6SGAj283_sHKDI-=c3Ac$*S5Nd6H){<eyVl6wxHHF+Zob8?p?Q>}K`@yzS43P&
zV!f*_;U2+YOi`aC@l!+2#6*Uy$<%eW9Hos5jF=@ZG(sL@<}l_#Vo=&61rHLQ-tfCM
zvC`;c=OkgOGf*Ci(Wj~x!h}!pU*x6|XRyJsNu`{ledSj*Wy~>Zc&qs}7^salIW%#)
zl^aAd3lf*|PC^#nv{`n6G=*C=oCBtuu^_Wfdgjd~;7cj#t*OIdD$qqH<dKjwa<>Q8
zZW2s3nt{u}X;J&#>x_7&&|Hh^i#v_D=QBb3#4$#a=@S_-MhOL5DaJ>X@eHdrCZld?
z%<jG8P$V$TSo-`V%y(ql81u+<l`Be-VZ!eP>}N%ieO9tW6NA_ig+=O!U^F7HN3?Uo
zA^@{?2^up43O(F!gE?ZtMz$G3@L+O&3}lv*?p@%=aS&i=zQ~G}JnzVQ@P_IDxPqLN
z`lyvvsn`Wfrw<}qsE80+C?TS?D9Ud*8NEI82(euMo~Ihu<JNQmn<#O>G?0^9C%hZy
zy@9&Jz*RmO$t84{q76(z9-W}kVQARY_xk!AryRN1%=SPXZHbw+v&IHVAd@vzFQy%P
zLpKeQK~2?A(4$ZqwI>z)|7Y(z;F?&rhoe_iq9`ghY)eET2!T))M5KcvARr=$AtV6;
zfy5Mw2rAe+BKGdJEB3C~t_6GV;>Cj3f&wavpnfy6yU8X5y@ls}@B6zyCCTp0nKNfj
zo7p*Mcp|Y(P)E~!1&RGo{l1pqn<FY(Hx}+9vC>cdPNO7O{ke9@(!g~_pXL~g#i|Pn
zPcpZlG6^8TmK08BDd#rmMVFEVmEI;U+enzWXzaN%B#Ejy(O=i<)+{?#A4b1qE|A<<
zB_L9ZLOQ6Dr4m^aQRoZ6Jq__WT-QPG)ClJX7f=9<G)c%tIn@TjHYc1VDEY`W#j64;
zl2w&j0nfCkB#DYr_!|(oSc+_~ifAeYPjEj(R@D_;ph<aFinBS)1*Rs_n5h<#R)VP|
z+A7S{PUsH$hLkH=Q=#-xp+AniFxB}tRPo01Q$mQ)^}u_lMYb_A9VLK@9^lAnM3PV}
zaIIAp6pE#`vZ6A-A!@H{m1b86RT_TuA|Ap7kyV#}D$9Rc{YV9gVo>ATVyRx}pGl+I
z1W`$QH<;fGl%|LsDva9=RV<mN7ExI#%0i4Fl_!wMi47poUZb<5>S+BNV?|7eiD)@A
zDJF*o|BWv@P-e$kS02!=7Bzbd=TK0l>4XRYgASe{SwMRs_{vB$4TO;~rR*0$vy(c#
zhd;vwcqchvzE;QB6Amz((3vI((!OVjAd!*0AYFmB)&Q*olsTx2l)6^qKwu&J9u_hJ
z3-SntI*<v5#D(OC4Wp8%Y3imC<g}~dRZEiq;>N*5a|FT!i>Q0ws^vzAwra_doY|?1
zunawhGYBx<0e>JCwcSyQ=L;siD7`gZo7RO8an+>UzX3HU9*;*L#^|TaFo#5kK@Y~9
zF{)=lrxSS&(=oQSImWgD|832&3_5-eg=sLw3P(iHxr$W$6e-BnLL&dC5G4S`OaYd7
z_D_7Yz(f(~a&TLbY7TQGCNoiHJi=xulHgPaJ!M8lnk#=JCC_BSbh0QdD?$gMWlg6C
zD}50-8IlULQJLsEzIa9mDk*Vb&~fh6q7VKG6^S%`=zKC>A|GV{q*L+;G9n{cEb3H_
z#fpevV6aoj+lACq&aUZNQVe1m*S9MYswy&)L<~4INfgY`Pn64&6lMm#c*j9c;8p<u
z*NRRRGtCm_I8d1Gl1Yvsx<iM}YO)nXSUG#417ZSBP~#<%bWEl;PE+DfWdy4~U6M^@
z6s@?CVy1~B_D_+t*2<&**W>dj{xBY(XZ<rk@4xA)YyXdO*FZhA@tycTds`dL{BQO)
zZ0n!<e}2R@CD7knk8TKML(kX8BM5wsh5ws21b_X8S1th`x)PsZGVtkx{(BWB^rO)_
zXZd=#hNRvtU79w$&8>o?u{&BfnzOA#JEKO&LmOR>(`jqWG8GIC6u-Q>ao^3*<)vGe
z7ZeqIxLZ&?YRk<vdtSG@p7ndsuAsb4lMM`9J-1^Wnl{#3tlx0l_*aF8Tppc!+SAC!
zcjEYhmmjwBOB`Y^_Bpb1`NJx`rmp&BhNs7klsEcvBW(+<$=mP-ElPGb?0h~!r}u(e
zbcxm0w!cS>=ymkiq0q6}$ND%n{Mvs*NJZ+QapT5~9ZT!ht(&*^Y5%c2K6BNYHBYau
z8K~c=)fA5$pIy->r_P?OZ&TrrbpMZ+FLMj|hBLfYUlHBj)*w4=$l^6YLWN@YrcIj`
zFJ3%<e*1-fr=qv7Hb|V|b?=tR%Qy3RR%0hkvRU|Q{IRj^Cj5TJa7EAtN$<{0v!wfL
zj!$S7yv~2AO>B#%S$TPR#;pr$cIr3k)2Gki4I$?35@sK<UO4^S(*eeFR<1PK656R_
z$Ni!^)^Z*zcLTlI@-H<qcYz>6yftLZgG-m}*g55u_i_pgje2)pRq~*L9W4u+;q?pc
z=&|f3!NI``{bEv5KIC-wwntr<_9!C6YzT+bjYcafD*E(NAP_`v?`>{A{aBQK(?$cc
zZ^Z4ob7wav<9$Tzy4%yk!WNu<{ow7jtH=B6uXVc}(I9BUyR&({I=7hAAB(c;V3v0v
z^Yf@Jq3LD6yXFn>Tz%z<biZHE?)ptfjvUEmv)6mC*t4gy{PF3;#KbUjAm_Grc5V0U
zdETn&#L#?mb7ry8T+YGdt1I1^#;uE{PmgR%bG^LKCKeFm(aCAP#zDh|-FbX^*3ivi
ztqcv#T2JZfl4(Bw+|ngWmMmRbH9C{Wdt6z1@4@~1Ufp}TySoo(%|HFvV#J}ahiMDe
z?F{al@><wp-K|yax8E7(>Dg=eaIekr$wS6^Fz)P(y>xeX!gIMJji%q|>C>maYp%}d
z<nUsnStHj2-LkW@t1C;d4ZJ();zj@FjonvYnSO7^N+ZGO(f*001AApf?lP@;baJov
zizVI}U02+Q&l|Aj_1@vECbXk>?hO0TzR|I?w<QXNVr1{mYl6}$o)o@#5#KcHQ+4&$
z5r+r#%pLry_3W~;;uEXAXN}k=S-JPtwgqE838yIbx1=3?dTxpPq}Q|LDFz9&My>(N
z`tBe3c%lbmp{+0|JbY2;rU$zdh6V*)-6g#C&bs=;8<QNL#rBD2Oy-7-8;=)D3};OA
zUk9#(2M^8)y6-i$4D@oqz=7cBI=_V#HzUN)!`Gdj#n};ddRO>Mo2h<1?H$COTr!uG
zZyDTqB9McGTlqbVjr;4%U*5C`2)G1B!OP35=x}<<)n9#6Yc}QUPCD`a-8(RTJ$m%;
z^zv%aqQ$86^xzF4x66NdF%~<+x6aPWGBh+iaPZ*!j1&2hDWbv*8m)0-gGnu2K31Ib
zXk+QQrg4A$>o;yZef)U!IlBpNgCipDUAxw%b?erxS~Z~cA2etX;F-|Sc{_K$y|UW7
zWAjt1Jf}_ec=WmY1CT9W<2i0C!*<8#EtPfFW#rtyl`_k3?H+dL#@Q9G?i}ej-%S2#
z?97=n+nD$R44;2F%imE^Q8961<Il7uC!;4!oY<~iJ4YucOHRR|En5=bfNoX3Vp>`*
zcMy-@^Np8Z+M7_oSbL~ue<>J;{t27bZ}5#9-KC4p$Eqp;pKsNn`IgXTG};6=-+=>z
zO%3`MZ8EZHnk5tp<9B}oj3jr=czJWnz<K7rzP@)3C^l`~y4A0zOe)>MSsU(_nAkqt
z)p-=3VJbJEWkt#5yMi|Kl|J!FPj{lxTD59r-VW4_h%VpMarMrfvY42d$jHdx;5Iov
z<FUyejAF^YPoF-`nKS3N-#nb2tZiFXl^v&ZqbP}Cy4bOJ*|KGomB}0qCo<S3>3(m+
z8S|DeKayM;ZfUtyr&+tQsv1samEh^wyaO#PtgIv_r?v&Ejz%j>J+x?%Az<v4fmg3x
zQ$*^R>o-y)PmPH1ytI5;qpX!hBR2T0op<gAjn=ylcj=O{Wy>y(7;$mjID^L7FP=S%
zPY=isTygo!AAx3r8VLj@&0PbB4IAd^IpOu2&BJz<TwK~LYeo1LmZ_;eeFAupl#~Q$
zUQ>R$+Z|Em`Gqz!-1VoOjNfgTeAK4*`t|Em2M;UUnxC|F)63T{bB(4O=e;m!>p5-4
zQmcf}{%#GI`t4bpcW+<$tu`iI?=GnV1}6PO&y1S#=GoIiZ;pNO;>FpsXRlumaa=kg
zGBV@Y#id7&_V1ZH<wWt9ck5i1_R9dCthn^<ZlL4dmR#t?Wa{eay|1V+?AowtR>}O1
zBMRmYKXf}R?BlK-J1!iEzWva0D?n#(dGv?Z0~oD3wSTsJVaM(K!cGMR`DcF7ZT{<u
zoT>vW)}Ly>WkZ9`EuPg>y#>RcYZB0yM$1|O^f-Ir`Hvq{mjdllSXekxp@`fa-?qi1
z1d(X^<jMW_Jy{i+Fm2j?6aT*Etfax4cE|M?(Xw4LR@l+|+s5TBGMvgk`LSeBQB9T0
z%8K}YU%QVPv*VcOw6>RT+)w}o^8DJmOG}-Grs!m?$jWLMnGOWzc+Af7)X`w%{rxYF
z*KJdjS)DjuZ~O54ei@(23o?dWxZq}7Vc)v5-{(J8@7uh&uw-a2fpy;2HzRU<k{-W|
zjy{x-;Bd#WB^U}F9i7a~Op$%Wn4Hs(NA4ePy|A-^!Mop&WdjvkP|y#Ujl5n%trz+k
zAB(rWyJX4T$&<4eJ8-rKy#9q&_G;MIN!>;?YgS$Sv3yd@M#CxNIs2{eR^HmeaXHC%
z-L<)~kMSI!gOU}BHEY-UFS6Bb<T|eZ?4?V)bm;;#c=N0%Fwe-${BrqnAfNvPsQa9`
zpU)2XvM2Fm&(mj;yZ4-!{Cj_?Tf+zZ@l`eB%F42>7oL4l_WARJ-b=Pzyx4Q2VdXi?
zBOYD#$Mv5)b!uz+guUX2p_^{l8kVkGo>@^|UU=rrWxH|~i*@D7mH6F`ELPI}eIrZU
z+e~Xa=F8jnE&J_@$xJD1Ax~-f`Q5cQOP4+x-{?SYZt>Cae#yrlZ+8$g9!z4FtXpoq
zYE@iM@vv*UFHf)V_xI;p_vzJZnvZd~;hDqfrEdz-bIz5z_pwaOKDMHyB<B2*j!}}x
z)mK=<q+cooGuv`AD+;HJj|?(=o^NNv)o*l1l<eg-alo46QC9Q`$5)*;YU-F;mg#o9
zaQnP!8g18}%AI%CRleD3Z8|^9yr;{U!YrN12X+;U?*8_vWN}(dBT=|sM){+Y`(@80
zz3*2%J=ZF{!ZdG@MMQo~tc&3mbB`%04`=kr?0aEFpCB{4uV3EuXwu@o`wquJ#*dO;
zFFBZzzPW1V<(p6cC@3h%%E|(o;QaaXWo44L$D_AL7tVRxqsOIJ^K<NHFX)i^{Hl||
z)Z&_|*AMnw>UVG$5Q$%#uscYutSUS5IWZ}9pUJC;z}qcn7xLS)h6kD&0QF^KbMM8Q
z`D=b%vSDNV-UQanCEj7?O<l)&t+vZ;5WMbFyY^cv-pTFvwQvoLj7;HjAD7-6-D2I|
zBb>%rzke)$T$FmE7n?1)v%{xxc9x_v`{KmuUaJS28hpAig4ek5lV<In6dk<9U0!3S
z+pgKgg(uFOnY@5~V)?NZ2M)BhHC(@UXgKF#WcXR9l>Fi<Sx$Ly@Y;`a=N@|YdggWc
z$)H!<wnp<e<>tQ4tS+sJJ94JE_(+$k8$(}h+t%t{qut@vZ!hUB&j^j*Jh7uq&A<Ug
zHhre<T{?L0)XQ-zHg7)H;(UhLjpr3lQ!XxxjOqEI0qtn9)tf_YhH#DuO79jn-ut>J
zG5y1XX@+`NCv5og<;#v8*5iAmUvFD>!C`MR`U~%Bi|)mbACIa|4jnbBw_95K_HN0^
zpT>N3xcB>~lhXo@)KoZ(A9seoW9n2oYyLEk+dCF+TXTQkl^vNGIjdi7jf~XYo3y2?
zknY$TYueNJ^2z8m$5M+cOWT9)E!gVy^}~pv<N9B|eEDef_Nar825)Zg;K3Zbgv{+%
zR-9;8@U>qb$Gi8YHgVOj0jzUvUA5kkrmja1DCW1yUj&r!y1je%u3Xt5^lC#LV34m|
z8MjTCjm5n!=@l8-IzoE6UCae~*x^xgZp?aIe%pOgQ1e&1It`zHdhh8ob?&4|-XS5^
zcgB|4bZusE^x4~hCB2RGo6c_9zMcJ-ifMMeOybIyf9-SclpeR;IR`tt>%T{jWIMQY
z8$5sBoH;w<t}w#bztYEI>o;yR0~V>~WBE47e$|yn?#)T<1eEOgrRTOeF990sRQs<r
z&tCde#+Ie_ozr@3NQ3C@`!;M~+S|9AQU-hrN5{_lj~|j4wVCF*GJUa&%Yyz^eT%MN
zvw7$8HF#WTNY1Gp`T0oTFC{+z<3;N+A0q9-%XiKcUc1cRl$?CZ+iO%uj*I+{e#>3P
zp6xZ;Y-}OF;Qh@AAOC};MUj1M`JYQ#nO%N9cd*_7*3dWi(>fJC2JUO@rDb+DQrC?%
zvG|QcQR*+Dex`F*2|RhtN<Q4Ni2k+h<luE(Q&LXMD)%vNJ?VrnA)%8m?P=Q4?Yx#<
zM$|M2xo}4wlhSi*H^+Ch%8@Nw&H_I1%M0^nxCS?f-(7jSTNh4E16o{y`?_(BX-EAc
zmgfd<3W-1O(jqG=E-o%O_?pia{X-4s4p=js<!$}dtXD!}V%wE@(umZL`dvCTo8b2O
ziSH$!6eq{V;`?Kl$4{6rL9co9KW5C;8$0yqwRHh4JNI6()5#&g^;nybIf+hVzNR-b
z8;A)6m%QV%<k-TwRaI4`x3}|*o%~XD%Bn_-#p2uLvj(i$elae}HZG}M(cybB>Alza
zJKI}I-pAW)KCIt3n=NB>&S?m)sFNEv-p#pZac|s_&s&b4I^45`cVO7<xDhduz>(E^
z2F0dF8DP1Ez*YSG`7`&I1DS_U&P!e4KXT+Wi)n+yEp{mq*sWhib!yXMHEm5$$IhMo
zRv)w6uy}iGi9siOgYwkSMO{n50IX!*FTGc$I|*CAfB!J!)*T;a4W=#h8v)$GO}(bO
z9v+^bym{n0-|=pDj!#IN*TNTQ*33gCN4{)ozOv@ck(7bP1H!hiTD1!3=*KVrIRDF{
z#S?-yJbuPGCE1^06T=@G%1B&0#Owm+OVEL|w{4$fo307EcDw0LkCs_0=FgvBm^WJ9
zBL3E`l<uv%=T1qu>38*W{)Xq9H+yhbG#r>-9Toj(gGI#Jj4x?fg*#t3Vol9@rGF_j
zxwS>&8_0S1xnyx>iQxW&2i4WpGq$c?O&cEyytc;$)vRG3(r@KERSpJT4Pb!kH*Y?F
ze7ySn`KC)FF9V%u)j>ZC%Nua6_}#pD6%}t^Cd4~#X?A3dPQNN((z<l%d45%tLEwlH
zT@4NC2_LFz(p;=cas~`ZOH+V<G}^xXts;jvb)3XA%iGdq<?Qoc!JKB0VgABkppt?8
zn7MA9$>xTg_kBp{lAS&EnCrRe2QKvNmid8+VMm|H&ki@)d?Vh@P_Olo5hp&c{oIUU
z5WakL2c5Xx;fEvI*i1gTK5wlHV^2s=89i`A2#xl;q^!$sx0U1as>V#WD0EmyW900U
zKMyh<k=r>gL(m;-y6-^i^&uuhhi2UfHTRig*?P*wWzM~FIwa348Q{=$*7DvX8FM=P
zUS25~2S)$K(hhk8hNM^C@8WB2Hg#T3s}{7e{V`|hZ|~OT&7c4F#f{vcAU9rgTz<Ys
z^TyZXjiz`E<~)?WH*+v~meW7Vb>~duDllz6QEY5t(rLJNY}fwS?Gp{mbDx*r7%HOC
z8f6*T&?iq>`TRG-PC7l?ZcBT6{lUR!2M>I?cFe7L<6i@P%FEw<O#QTO`NjL&R<7Sx
z#ymc`)s(WrTl)vtjkw{x?#Zas={Ku%uHPwet}H7y$atNwdv>5{>5J9_*O+~-u*(~8
z_7cailT!ok0-u>;)4T!tjb=DqA7i2O@#DT%_xl9IZnL+-9_}eMoKd-D-LoXl!^12V
z$J?_@zsy5kw^p=idfT#K!HnKj7q?kkFKj;PM8{drxdyWrFRm^#s_B>BpVl!n#(eg&
zuK7+M*WYmK*fDm@$Kry_#=p4sch8Qxwzk*9F<;Ma6qTH(jsLPd$9Q=mzr_cu{3e+$
zM{iGA%kJ4_`*hcy{-XsYp+jzjhF0GH)h{V&>FY_;nvL^tyS|s*!62+7BPZ_a=5{4I
zA!aw8*k?6p)vD}tyHgFHKDG2<=+I~_yG~CX9_X^cBWd`IC%s?z95o&5wsOIJFRP<h
zgH2~XdbYgNm@ge;7CZF59WCB|<;qQyZfkWb-n|1FYnwf@P0xK*ANQ@87ci4H=|m%)
z!4BeOi<at%ue)?kNeK$n_iNVN6_~QwzTF!vFti%^=(j0tOpZGqJRWs)U+=He+UK-b
z(xpX<N!;zD!^|I+NdkIaTY7B8r|N@!oVxG$!vV8TZn&9QbM)xZalbUNPr4s>D8D%n
zv&>U8TGY;tW18yh+ozxWYQcVCn`vG)k%H=KLC8j()i3(Ueh<hxG`gxam}m#IiPVX=
z3G3B&%I$95y3JqgF!V_IDVK#cAKv-wyWfwsckA};&%S(~Sv2B#u1U8Qi_7-xu{WF%
zBOTVpPG|i1eZZL5*<y~a_8S*;JoN0T;DxkX)`}M|D!Y5fCl!s3*|ylAb+oHV=hlys
zR`}-v?K)=6nB3A%qnoV`+5o07eCyOrdj;nhSI+w+lvmn6*yFeK#krUx@vO?yO^bj%
zb@-6d=|jal){OC=MF7_jGllVov@-hT_}!kKo<9D=^M`j#eD1x(>z8)t-ZhRNUDIp6
z#BJp}%Q4I@LcNY@t^4bT?YE|n>#$(q!j6W9@fEB?4JUi7I&x&pz-EUUjF4F6U1;Ia
zqs;|(MzME%>=}M^(46NxyjCCH;hR>u`Qh|Pmx?|Yrg!|}bGO@D%<#$hNt1w0-*Cg~
zw10p7n%}b>5~t7Zc>TrD{UwjwItVvZyuH-s{(V2EZP)H?9kk$g`yh5Vm(2SYmzMOM
zuJ`Oj%ZIxjIM}W7@6BL5`t<%~->%|cNBwGIVPS6kTlTpLA3hgGSBV}>^@-@wqwj;g
z)560)z2j6>y*@ZWR<gwY_Vfpb(q5eIcKW%X`DLe7AKoh-Y~!BY&YL)G`n9!H%lhmb
zUs&U9GX3<dxVZuAa_5_mbFppGENG0Yo}QlE@xe)*%me8a{KU|kg514X*$*PZ_Y5;U
z`Jw3G+{M)gU#AG39_VN@VqyH-)Xy$8k~d#Iw^$R@rt9mfqICA#5}gJ#$)n#^&*(Ia
zMzgi2GrG5Ye!{5r_6ry8$$QN=oMG>Bq+nZ_FybC9XR=<)4}JkH0|qub8O>(oEb;64
zBIIM~-n{C{A$rZv%s5gkdE#@n<ifS6?qfcGQaCv5-M6oIMBA~Q^9HnOtGNB-7DF`j
z=##>tr%w~~?03HFuP?9pcp~!P>$22)GuqN<N3(R!uUhr=RP5IG*KZsizUP&j@c9ef
zHeW`rc$yoK^y)!%KqpD_#_ykBYZ>Km{E4)x=x};&Ztgn2h1PSLe~Orr+P8ACxFnXp
z#ICJTTdC79=Z42-e@RI!J-1&L5F2Z0{o1TaleV1EgTa)`Zbr$f^l97QY<hVsA}Hu$
zXP0HCqB`UkP4=kxT)ipzP5#_-H>y7jExnV=Uz_o8zl=2}@yw@Bqx2hf?|xy%Memb>
zj*VQKwJ$O1b2O$)hvvQ0?VZ_dE34UVSQPLfPfUuOZz<D1aQjrTm9OuyoiREes}FLm
z7UZ+a52trIdGda7Xvy>ETqe^fKmWI9mpp+nJ5jnk_R`w<d0WPnX6_CzEj}@+V{@+o
z1EzLlpEJ08@7|_B)0&!^s2&mFpQ58@P9L;b5h0NtcOJEi$!M7Qj@f#OR3;m`Ijp$2
znCo?Zhja1NsZ)Cm&Byw%3;74ee16~AJGT9&(dC|uIrp2;fI=Jnv3OF6tlPGb2Ib}D
zmYjko68)uz?;cQ$3JThmZ5<!t<JbKDc3xv?n(c!df0R{J0B~l#dbtPbZVNmA{94D%
z%yy$K`R4Ac_dh9#S@lRKws*TGr(<>k+rPY@=dO2eN=v0*YL-v$a{OyCroZjkMT;)|
z?Cr8W7_LP-!#C5+@(yrMG&WuqEI+@XczN#5Gp`>`@L0$@eKqD%3l9c!{<&FQox>v{
zrdjb5%;pwazFx$ws#x!wK4<p1S#||qM!kM<!{<n8WOz88MyqHT-*R<0jn?mz>BZZf
zUUbX4<TC5)tDVD|HtW3n($)<deEt2sz6iV)8>|T3)GG6EgGR@`ew;Nv^5ATi?aWpM
zpQe7kb>yP!g6i-smA5!!^qMtu2Oeyv*yB1nI*kBrK$5>28rj&i;Tjk<J$o_#!H%a>
zOP@XR>eRV~?Dzf^)o%iJuisw!#~&*KO}BNs)N$q@yQoj^o(C-J>snMi7TcHkdG4m6
zLuW2?NDWyLxP-;Yj6F9`IFI$Ax~gi}-0HD2=uPSLMb7D!yAy6XI$8AQI*rLJ%Wl$X
znEAm>%dUOc>|NC#91gt?U0>>IbnK>oZzCfkQ`0~0?oMcDCvbJWe)jC<E>1BsCphz+
zv8JMjT_c9<?q~elFIB<r?(RKj9qpd6p>)$q>Hgs>17{cB3|s&3@Vz}FA8*yua}Mo0
zja6K{?DWhvJ&hZMLzCs0@yWK`w8))}Gc&FmSANWzm}WqKe=PgM*H5=9#x*#-M4?dh
z82u&f_@2aT7K-EzSK=-%cX?P;RFL$*(b&7=phu}Xf9N-zSnzpIMOkr^%6FrlzncDV
zm+%GfD>@hYU1<);`sn1e;jEPRFK!eR-24!0+H35kXD*}OnOa!rO_>$R8#QWTi*A{c
zCug#kEi>xX)f+f$Z%Zx&?-ea9dCYqnzA|V--;~$G-P{^3_21j0r)jShTeg&fd0m4B
z4bIK8aF_m8WK5rMVEy{%PYUl|y&4*JdP%!+r+K$Urxw}eT3a(j97gBDn&XVi;;aJ)
z4gdjh?%TI0?OB(BO-?p`S2<woaG@D1X}@CAjdm#pUAr3FFV0zV-fxhe&135`M$-p$
z!wl$e-@ZL@;>5E{%V!N38^3$c{{4G5ZakcyUtO5nwd>X+t9g=NpWAkwRsL4SvodXC
zGIQ3<%9%5k>UVuTrEFgp(E&#%r`4-|ztAejCVc6(5VIcoO?_(o!X^z^(`w3-!-s<w
z`fYh@Fv$3kkMWX8lWZnD;-4z}Eq>9WMXbmJ9;>f}ZXGeB=5`}<p1{C%-jz68fk2R#
zmuKECq4@ZOKjxXGn|r(Khm06ebnWrSJM$E_4h}A<Wl`miPBNLy^|yrS*J*hJfFpUU
zsHkhVZY~KoH(yDZ@1@%`%eb}f<~RN?w*|NP^+tR`eEfic10USKfA!k6oPCcJn0_Os
z0sYBhvprGkj!!-oRW$nTg>Bomb#h3$-7mT8kVXxUZHd_X>C-3s#Jl68W1U*Jcs*Vr
z?$+I`6@5b6wr$_Pe{XAO0ou2+y4<3bOd=Z|5pk|q^61f{SGnPD?;lRzyJ=Ix^Q&uG
zwQ7|-ZF+XX(P`~1GpkGY-n<!VX}Ps9*JNjyIq=QWw>2GXmUrUwX;T9_FrJfQVtezV
zyI#I_?d=~|R-Za`>chh^%RLMqJQ(m`_QZ2f?QLy$?cF=3ru=ke$bL4@t%0Mh;e|50
z>lZIxGznPNs8OSj)z$a*t+ibOrbTz}hWG8-&Ct-WV@K#CJUDI<KHW&C!_lWw@q+_5
zu3cMwCGHGg8WeQ3EVspgHLa(ejJE3V_*D4nE6vdb{E32se)I`oCjTxaA|hgUxW!Wc
zZr!ituv_Wojz^cN!Bo(2em?6Lr#G)&iB<+qKK*!P@6PR}JvgA)RDd;`aQwuimcP*Y
zGjc%5ad|DW#~t_XH<<tGChhI6-MgopjGo}OGIZ08c!fx`xxj4wjrf&;f0UGzJbCh@
zET^scm=K+sBggXH^KW%fzVrLq@Y8~?2XE?h?gr*pedV5Eaw2;(4f9QeTQp+@NpPzt
zzOU0WI1uxW6U*dyggR!*7bFXL0%u85qLiD$q~~1=*$v-^`g;0%<hw;>{VOkH|Anj8
z`~P}8_mjN-&iQ}f@z3+$e!!)5{PE2nd_he8wDIlzAK(YO*7>jYwm;8*`yrQ~uUn97
z&@f_~9A6}&dw2%B2l)n~{7-l`5eA(&YZ>kWqkD!01_Xr!(?tp{+=0wNHGl4{`X9Z%
zA^*JkYU4ZmzwF>)pBnOSWA}6a*AKZY&FE%kSlzjo;8V1bli&%pG-h?~;e@q<1p-W!
zK++#i7${6qONvG}v!v6z6UhTH264c99D{lj23dhSYBxl}XpMVZMJjO<)I~Ag0t_bO
z3+9Bte0u(_gFG>E54ZYrcUN~GPqft<e~$6Eyf}fXRB(uEh$m-|C-^{_`55>HeV8x`
z-+T>Pgh5iEIE;9K2|&~7x&TQIq9A7G=S0uIw;FTc7I!C59_}bs)1R0rwE`2C!AHhh
zAjgQYAmcfe!RRsQFdG>60m1VUFo{@(=ct8rg)Itsl!h_0Sb-czUcEJlFSVEqbB3Wl
zsvAsD+>e7c7c20<EkCrcUxPFNZCzB7D~&~kQ8^iA<c#?b@x!YyVB`u{#bAs&Dp~X+
z%5z0h0hgbKp{><?ygR58u@hYes7q3d(rrj#ybE&Ww(b99r#TXZEG~v@36x|gyNH?g
zkT4mbPZX@#6s)0?z`$N2+6)aZUJ>YG7{Gx4;LGIHaZMHr`6yQ>hp0#G9w=*$QGNqJ
z=7=Oh{6j95AOgUk0#heUi1l@b_rSMaz0d<)S&C53i^G9J?gq3$FqrsbT@?HV;~ql%
zhYWJ_401%-c}POwA%I|#MdBeBleb7PPN+gO7~BLWb%1UG0e+sY{^}6P*gh&q<-PC2
z3=V<9?ug^A3wONBQT{eS8hpr{37E=AHyk7mQ6?M(_y`jTl49j?L{U%>{MIN)Vk;uS
zAZ*E~IlO)?EHl(m9TMyr<N<igQT?_bOcbhoMs!5k9yL%>jYg`QbrDIUd4FF&)G|<K
zTwo3~##Jan&^3Vo7#S3X4nTP`U>uf4$^atchBCK<dW0YzGe$(b0Wf4f9;A?EL};cA
z+9+yNBoGjo_ahOE5x5DY3l9K75c~uvxKOQ4Wkpn1LdJ#S8k9)xq89530pTg?@TCN#
z7hvdpv;rnbU}<O_q9Kkptph`8)L4&6+6sIW<pL>JgwzMcHjx?zXm32G2|kBo73Asd
z3mAKtufK<97}E)}1b6~4IK7DMJODQ(e2R90O=|;dVU5E<AR<7iNCZI`gP9t^!a|vn
ze5g2^&<CWtRmdPapaubHk;cRU!bnn>Tv!Fy)ENc@GYNC1IS{Z_T_SSVS(D^s7tkLd
zRWL4<NpuP}=1wHPK|mnx1R!9DtN^~S2pVA*yad9RK#)oV{FaPLPbVP6N|sWO2*yE?
zR!K<<C|&>-5t)c5Hz9aQNlLC<li=SNGvy;Zo{dD9cpy_7P1{<d>5N)MZDi2@ZpW2~
zLoh^-t*92Qb`UVk`mH=^QDxmwXgk%unPEbHDyb(>20|5IPyuO59bcQ3uiFgrQxV^4
zNF&K<$mpwE0#E^v7}kx3suH&WP;?-h6B-c|>eUMoP#Bv8V-9f#jSS%=!>7qEFqNXE
zsWM2b!Ni<Z97{5Fz(5zwxgRd+Y6F3=1C4PYPU;APJ|GTJ^B3?|h~Al#HE|9IgwR#7
zr!c9wOimR|h&EzG<bL9?2nZIC4s2XS4I1JX666_T4tqiAi&T+>`hm*~#2avt7QB_F
zrj{Fk@McqxRqBd>fdp8!&Z6=NOE`WIJ)%V%M37oK0~j<a<x!M_gg{1F%K}2dQ6oLN
zUZ(2LC}3fLAV5KZa!fEWiAW*SNT7h4%23K=?XFsB>#Ao^kX8kcYN-1&2zjWkNq1G*
zBZ7$FhKw+;xR4S9E*DUx-1@sxu9+J~J&s*nXo<8$T4gtwsWFWj1RZqBZ>FY$6O8v+
zAwe|7b%!b5V*-0sLxX@HkGlR>x<f{_tK}8Zm~x;r4_Z4kNb8hCH6<H_k3%q&6FB{$
zlAV%)0Zohm`qpZ=yDM`sr2v<Vu>Hgc;5j3tX|-n$s1gU)^0jA2f6^^U5~Pq8N9!%6
z0a8tw)tHtFp26WH0%9|$lPb063CYT5>Xyz1Z%Ek$3x@<FvOyhXgP@WM3zg}t1y756
zrIp%b=Br@M%vTtm%?xKvl#qgwa78Gu#W#p8P?YjtpQXZjDlveb0`P^!G1P)c3J_P}
zb8&Lg9ji%?I%c<Z(2alyOTe`Z%oMI%Kz9fFYPh9TC9WdIzz-D#w`GW#$r{9Ji;~k-
zekMM304765ridaBRi)|{rgo;n<%OY<?L?iw)aFij1wU#D9$b5X^9tgjhT6jQhz1W4
zU;rC=`vthU`UR6*1e^{vu~X7O>&gJ0V2QF`f?OmrQAHFqEGE=kG=z<D!lHn0Z31Rp
zM2=D-(HczmrM8};U4Ic_?EhVhM97av{Dzlg(se1mCn7(AH$l?c{H|_S{fL3nN_axT
z<!Wk+%>9W|Q_K8OyIA7`PLZElghdksVpTCt%*SPgSWHC30y><076F}jIOj@d;F-M4
zsiT%*j-Dtv-CV;Y;m>hO!@ux%hLbu56eUeg{QRJf`L?FOCxVm_$)L(LwPREzfI#8s
z5Jix$qfwQsQC*wih~=q?HBW7#N}*7l_Jdw0Xyi+%LD!sn{Y8LsZHh<(W3|Q0ztM(j
zfx1p>I!vrEK_{ufg%&&o7I1xG#vgUQM;U!;E!k>8Mw={YdL5t^2OiJ;Cp``ZM|n(6
z-5pWAXE1eV;-^%ppHTHJoVB+~c@0{3yLG=e`G%VUF6~VcZ&|<79G=Yh8y%vo!@-m6
z$h1*NH+}EL1EGxkh)h$;d}Ue{5&}R`M=+zIxyqHPOVuEqQio>rV`@?Bl%*u9UJz+T
zvX*kucnf5X5m_dYmQlCGxYbbdXKlOuZ@;ap|4ZxpUsdkgdTHZ3`#-GNwrtJ(A6C{s
z&;R}*mqk5ZbPEe2?Up0qOu%F7V7@~5$_cR)9WO=E*F2=JZ7sAYZCDb$dsguydi`wo
z-Ph0c+AAWnmPRf_XN=4nrTze@Y5a^*l%)@gQh#c~!eH;BL4VT7V?5RJ^)Z;R*GMhF
zRx}9+mx|R_RJ3Ce5y8PVtO@`JPqhaSuk#UbZ__g(BbjtMm^&*(%JgFN`X#8!qQmKV
zE!(Y?7Z`M^MTYgXa~LQ`ZdSs}K%zl=S<ih?`f4aYq7YauoJ+(BM2bR~dQ2mGCW9~~
zb<sb9#bQM=;7dBC)j^<8^1S~L`Y7X@5T)qTt%Yx$h{^;aFeavKbC?JeIsn8CYjgv4
zL7DXL-&SxxuWw$p>_2&^L_N0gz5SmKHk#-E**aL;|Fr)<;_8lDSaQ^neYL^uE8E)A
z$`)hWJ6f?F+1AkP@VHVzQk>Gt(nE;!iu6!td{#nt5AgT$^>)TsmiTERaH|u(Ma$R}
ze+JVs2Dt}2W0Z}C^Z>U3YInqRI{aa5>gVeQopvVX2mruRKurl!;aMKoAXoQ*;4okn
z0{sGp!6R3Jk00di8RE=fTd`~yPOwE_P{3a=KUeQy_zghg1Rw*##4OM|9%>V01LW~7
zj&$9`1iny;Sx8{rA+8)y)WbIjpum&VuB={wuYSh~6D465F_?u6qgD!G$;7o<QENiw
z`cR+Jd2k5}ASg|QQ0wT(pBeu;<)4)zOsXdy`>y=g-v4R$Q~rO<r6K=t)HQSfyANi~
zh9}k9^wvD7R*M2q$~!Lq5FSO~hu0E#;*K~vo=#`+;3wc}TyiaWn5CE4xIa~d`y$0K
zT)SdGCxcq@MI!J=5aWmnhQKfe%u=k7J8D!Us;T5uP4a!c&_U6jVZOm3>Y|L{;;Jd|
zz>CFdwV+l+3&>jVG=P0a`uPG;?KbgV5uJyNAjDUoHnnJkTJn#NTfOqwcjTXKW3M^?
zx3#tV8UOJ^uI?E1WGdxpMnZv%-W@Gx5{FW$UgN0_JTgr|6J4#PQiSBe@G|_sEGB@5
zve=WSZUJs~he@;PDj{*kEEO`TC7MZD0$A`cCwQs`fr{3ai8IswV#~^gHCsiwuQl2w
zR2rr0sH(5OyINJE7_4l^rh~cx!5Cj40h1swbE2z!4`<*7;0Ne+N5|0#lN71+?rP7Y
z6-j(BZ?ym)Xswfv@zavHi9#MnBo-$qBzVn1Tpnm5j7}${-x+r(SjM5Sb$q`Nby$VT
zU{r^?2Ei5rtTBtBaO;jmOrWnj_zr)@#zO5b7g!LpPm7^Eu1s#h6$xYEk3=ELNpB&M
zisfSbTo8+)Ndho4<Xhn9vcVgmZ+vkI_>v+O0#M{DTZ^F*u@L4Hw}6Mn#Q}Fmz~?5(
zg*-Z-Bd`S)zPN@1znFAf--G^`LUf^4gN49-K=D`}4|WfkEnHbq7loj~vV%vfTiL>+
z)oVMg|F*#WmtA$}|9bTPzOVnSY-`2;S=+LI>i-{c{g>%~p5t(+K3VMH0Mvh4?Nb_4
zaQ}p^SCuD95p{?cQDjG`1p!@%uh13KW)zf)8^&IKPi<QUSQF~f^3SSEo=8Jms=N3O
zmR2@UV*(f7+QHGzR@24*xB2tu^`E`!(Ekc)JuU!#C;p#pRV)9$9ozn=|Nld-?nahC
zM*+7NOnzgq2)LR=s0m;MVzEdks5_JB7?zl<_JCO4ixJZ40$!XLV}wZ4(1B}W3|G==
zVg=>2T%aadEEWSbg74=8T2TobzT^j3I7cZTMXBy`fEIL)0)ODaOPDcnH;OJ0$pl*K
z+OhvcZHPFEeh`c0wV%UUQ3OSd$zpJe8iPS03EpvJHPAU@%90G_L-#mtQY@qkPA~WX
zMlo6laVlECpx4o=ImBosh|vs^#3U$x;8eqX^Cs{BWfQd56n!PBY{DQ(qQVQlVT=)j
zS%f(T#2oGsB+q|_PfZ~Vi9$}ET#G^T$Ydbe{M&r_^ZGGYE&VSC^Ep}lW`Ow{`Cn||
z{*RyeU;gt~9pjH5SXWOwfWEi>Zwtm;WB-pW+v=zN{}GpRi;Z%?smuT0*kV)bV7&k2
z`GRm)L4BPssCJehj*KZIV4xA>&%H4F|Lppv{NwvS{;?ML?)s0lwTApV*jxSd|9{A(
zF8`_lM_S;!XZ6+A0@{wp{CQaAfA?XP|L2w9|KY0+{SW`v>;CV${eQNNgPo@S2j73L
z|NoGyyAkCLCR_=^SF7u3yD8esjFKr3hoR$JW8u1kJWeW3fl;z}77bwxJh2_EqoAW`
zS@nc~D#r#=oYt7BAXOsZ$pw63pRPHUD2rvHs1&$b0)F7jJG#2?t21U|Lf1v>D&!6D
zm&Gy}o&@g$r<2^NODbk!^RF|eYzME&Vlh(SiRA<dOd}X978%`zS7L%9k!XQNz~#f3
zD^LQ|RTd%v!g5RovmSQ^!(k$liy^_UC#b}Z=;(MddJoP8ltGKs7{v_LI6(wB1Tv=J
z6ATT>L?|SmKr>Au0K`!aDsI)_T~r6spFzg-BCkRH5$=cp9E3?cu@t^!p#o;$ZOWA^
znsAS|Dzco??B9)`gFHbEy+)V;bZ}Xa2&9QZIokivMd7?C#}UHML`F$Gr-`PlE;M7f
zfPu|1B3B1BmK&u(NY7wuP+5?Q_IvXX;?$PmFtYHxVL~vRVD6>#)soO~5oPe%8nGuH
zzXytg=Mkzh5klaS=~9SE@&JPvNxU422&<zjL<tlzjG4#;q8JlQ!j-~sQQ$Q};z@wO
zKtfSP6>c`GSK+A-DB7meYO<j84Nc)37L1k;(4Sz`<G5(A2x1)+8BaQmN_KOh(>3X*
zau6BOBCaV^C*LVTErClLr2ujuO?(7E1hAoEsfcf6f(Np=lN^PUUP$Ucx=_qQ`$J3_
zK$+21u@fA)3P6EO3|T5evvpXQ;fdrWB@X7rQMEvt8B?l?<)o5&Qwb<ZD1r?FI75<1
z<%*^*LSTVLf$zy&sSuA#gji{Z2095tFe&Y7^i91v*qSf!=K*w>Awr`u*cQySBSz{2
z4nOqBDdd27uo+rlDql3f_X@%!u85MBf?`r2SU8ywCkc#j<i#jg8<lLz{F16!$A80U
zvH$s4!Tt(RmKXe$jP@)w-zPw<NE{6);0&fwb<zUNXLU6mY9yf`h=l`VC_NBy0_lJt
zk%s6iJrFX0C>2*|K!0kZGlfD3grgR6D08AYs}oC{P>b+5g0-pt4`9=&^KJ?Yq7_3W
z`PBv`It^3Ea7{v`qQ=O?u!#(3cpN>GOtXY+3s($e2ZMx*vHo^3YoeIVw~N`}#mIF|
zx^99Xjg7pV7{IMD*5JPlaBj@e18e*NxIsPy4>BkWlz_sfV$`?@Esg4uwjq%#k7KBQ
zih-Tbh4)xeU<1U7GN4sV#WI#$m?(fog5W>UHcEpdNCSgGDQ;@5ECOvg^@)vIJX=gH
z-c^RO!LG9aSO6RhE%a%H(2GR|h2&Q74DT5ouExT(SZ=I<B>~OVGAVVlZvv$(L+Ljn
zHz9#Zrr2ZwzXWsxlo*O!?e1)~G+Qd)Uzw6K76=?<Q5+7=oz#}_tfgd2!n#|suB#;+
zf_h6rEiI|{DW>k0Z2n50VrsV(V~$2GA|VnuV5ZP_(h8W6(m*cS^GV4Cr%H09wB|Cc
z214udKidv^`^54eTKLoGCg6AcDQFSZX0ceH206V#y#kM@emqn86g-GvN5V%v`0979
zwcfSSde>I#T|0CarmU>>q5+^&`$YrM4UUowDycRFJtszi9Z7t#CcoH_Uu+|p%8sk1
zILO^5b2cL2FfqdSH8ar&z)RZ;7KAeL*_G`jo8!0xE>X@ku@ImjWHADyn#lQ8o!)^;
z399KdFvKLMfw2XuLCliL`C^3}gG5yRQW6m9bY(|k*s2HCY7eYc;|1$vI>QoxFu`zV
z2Mlf@W-_3=szx9Y_(GUeR6yqIkujL$il`S?B!~Imq|m97VlWl047z7P3Zy^>Cxb5|
zfea=p_}oMccoRSx#8Tu}DcP7q^i9d=u`)$87)=sw6)FJL9v*N~%24l!voi?<W|daU
zRt2{;^PuMkogq1qLYm0>M2r+ZBPHhqsu**)98Pu6Q3?#LL&=L%Bqg8~dScX+xbp?k
zidZ=JgZVOmgJu$A!el|)2*g2+57fsW0aRlY>+cn)#X%aVVBf?=MNgcZh%MYv&JPr&
zFUL~E(gc)`hguSF5H!~eFVX{uQik!vdUzgJH1~%2pAeUkC83N_*$SW4F|{n;Gk9VV
zjGd0<N~3{YG-Wzrns?NN%2q3_lxW)`wAq>+j27T7FM^Dw#1xQr-vbG0W>+`O)EEhm
zxz{=gqV^jOp~h<=rn;7|EBahx35SUB=ZO^}KEeyn=~6p0fOafYFOy7>iv%DN_K%8C
zUAVB2bLC9d(T0u;X8t8-IdvdGym_L$_=2cV03&1&nMGn`kL#M6P+sfQv1Ss?Ql+X0
z1_&cn7ZHKBN~egEOz?p<ij0I_gC;B1zM*C8O=Pu*uT`=5e|wFCB$U5~J52Q;0RUh_
zYCD!%Yu7i+)k@9*^XuWJna}tKyaVqibCZO!I5jx_e}iMt;4%Udj2Lyi*Q@pZCz)se
z@1Or=<6v*~bN|<mxU`NxE`~qw{4dS@Uv_qO4nN=j{fMj9`Coe44gk}mo&cst9s#DO
zeg>G{&#eRhd)K$*UzSooZG3P47u!xV|BIcy_0RLae#kXQ$dig?;utyRAxIX8fHX^i
z7pLG0(Tkh}8SttEm>0|pgL&aAG@;Os0aF}%mK9J1-7y$)hR)XU2*C3jc=(230YR9D
zr=MqtCl=!48;lJN2pSk1=<4o?dHMQz8tKtN#rnM<NFr63BXN)y2WT^fGi$i=2jFN4
z2A8yuqlg8hBnhO>eQo=py7*1!zINbedV0DZ9p>qb7Q_mZ$XG-4zJMoAl1s%R{4t^S
z;8zw4{}d$gwU^Jx$WUv?mTZT3@E@RuH(I!N)ZRT!d~E*n`25?v{`0DR)vf<YiTUSk
zd|Uss**4a-_y61e^#6Xy)gAkW1t1hE(*Hnl`g0Qn&J^9MU6+0nqPOx)Za0Nc#Q(Ns
zF*8%MDQ0F!FJUmvSIDqHPmD2Cm}Fy(nWpx(XJQ_Bf(#2km;{K(U(CR)QsMS;SkK+d
z+gXV^z#OmZ0ap$6=thG)gM(eYJ(U6DcmjH~6Aeowb0c9PVk{b=Esw+3{}6TX*OLB&
zTnBoZQ$Q(X0<<vbNu(<ypuqFN65%@(^d3c#M5#gfilAYZF%(nA0(dZ3+KUepD=;1x
zSSpEtCyYtMxELA6%Oy@<6C}aLl9ZTIDo3Z`8I{SE%tS62J`B){JZ6E!SR_mWL;!<@
z2~yE^amT-gJcLQ%AN4_CXonRjmdVhz2wt36$P?iE2-Q2smDYubmbQWfC=QZ=nZna4
z_^^xLXCvmfVdD7zZHPEmyCGMDkT`fFFeo4pbA_AA0tHfc)MF1KaR3h{Jg`z03g+=R
zup*RCs_&y#zz;6D1;QmW28#tAxd#S1^F%B`sz8rED8$b>QOGBL1qHi1OL_QrfTph(
zhB06YE^j8jzEn3+@t&Y2-CTn`u^}=6XONdW1y$v3L^F<`GJS(akpP8UqL6bugi<gC
zRYIqh@P*s`69s%BTwD7_xe%^2RzN^fJ*th_w~?aa!(yS_M8Ht0;MK-PNhQl#c=@8!
z!8o{LfXz`Fs)eqrhX>vfFkqNvl2{~;6=RlzLNLprHkhS%7|aQQS$Y7T^Yyo}W}vVB
z9-eMPyz%cGaNi?fXfW|>kefUCbx3fKho2w*15c7p%<I9eVF0d|2WH75QBZH)L%nrh
zL=^B3&jQ31S-^~ha3`@9nH7maDFu%^<H}*CamEk891#z2xC(u0JBbPMGzl0^Yb(&7
z6v)kFy}wZfH3h^6vlIc#W6QS3EcwccWTCpBy9K-3SUX3{c+leD@<)M-o{|_TpQzvT
z^YtGHK)^(Jwd&)~ummtb0+Ee1N(~2JBobd^`9k6w=#oq#7K_jiFjjm~Eb)ZPPv%O<
zVzM}ah=d~+2~^*>3ONa0A>`wC`O!SG0Qkz25I>akMM?XB;fVt##?jZNw>^nEfi>bK
zRONpJe>~+NWO%r#p0cO{{U)eC;A;xUy2S=+7*dDhrXd*GcCLtUoI=EKQW+dDB*@*<
z8K`I9B%q(5dS`+vz-Y=*F^+p8U*^o?V=6p!M+qg6H}J_TaQv+-5D&A!ed;P;cgz!*
zd~J;ao8aje?D;3`0%_R)wpC!)Z52q^-?j<bO8payz^)gIpn+Ar*aJSHk`r;Y9PSHL
zGhb7^a_UXJdWY9-9O^)&{;b4*s2f@>1?R6@ia$|ByQScK$5L>9S_(3~D-a+}g)8Al
z!<V>@GJ!<?zi2+Rc1o)i;S*+r+T*`wRG<#`_W&xKI{CnL4Sq*sE}_NMue*#&z2R`Z
zrDBByV+7;NqHxMDqZ$Pd{G@RXcmTKiGI$b+6VHj4n(8FwIf0p}lhjGf7de6XiBp^;
z-YJ?Zr&>i7PzaJVh%DA{@DEoZ!(jqk{Hp~_#KvPNtsAxSw;=*(l>Ehi2f%RUTh%&h
z!&`_{wJ7H!;PL@wzDv0{Kp=@z9H3lWqLVO5^v~!NR~Mb?Ml?tu`;&t#<cXbl3aL|c
zqQnVE7#M16@L%o(_}obvD|3n!#yG`GV!?j_`opNzF#JJsEdEP5dH%N-)&7Sr%K9(R
z5kMQkAd-6C0P;8T|5!Wx-2d@IF74yb7xU_o2mbo_+gaJz{T%-van(Kk(bD>2fxj{S
zwzfaz|A$=P9DklTNd`PxR-8Oh^bgwj&i)U3D{Ia3KO7t!exCpLL$1C?9s%y?Z5kY8
zEO3aMpRYT{u&@MEcy~)nj}Q+m%qL`!AKdtb1<R#Ep4`&X(;p_X1pcO6E^)N9Oi4*$
zrP#2<(pbxoAj?z;hz)BJUr`Epo}9&(^BMi<ec?U$0esqibltvkp<E>B=cnNM;k@UF
zDH6GuYoISC6T){)G8E7arfOi6#Bh5p@ET>{3txZ%Zp8$NFwnKHB@PB{!RU+50g(zs
z&J3A64M2z!2;>YbPAZ6TrlO3qKJgY0VGr1z#goYxC<e=!AqP_^OZeLoA_`;XF<9LK
zZX!;0X1I%!;BH=v5STImZS(-Yh+43dPB1h>Dig?^hlF@p^oCIWAA8pV-$a%51L7_O
zSt}@3usAJCmwvWMpS&6>Aq@~{o0_zOMIO^+nodnJVJ2yLDxV_qLDlbL5fOFm{t)p2
zDxZFWfQa(Y1;n4CqKG2GioBGEJQftbbMBqVOdc)82k!1K;YX91x%b?2&pr3td;W9o
zy(S~Awy9chPXeNPlbf$+c=y0G%+7+_CxVF7yL5>`Fb&I(x;G9z$Fw37+lq>%$%5g1
z9)|S-k05Iy$Op(uV^#ENcvQ&1G}R7d<>dA=1mJ<O$Yf;UKkyKb72G=&SgGbc@JG{@
zCSx^ZBDb5%>gFVu$Op)>|DwufTfVtwCsgSdV@l1+ijW$Um8BJ?59FH`A#^`m&wE%}
zHfUr{1nY1K{DweRJ9Ge*QYB4JgC;gHt;pt2=UG=M$Q8PH0c8Y<l}ycM>nYT8Vm;3_
zq!r!9OX<LX*Uc5;wh<!hrGkcxEmEKhY}1OI<hylw+(LujE3nWBi{)Rf%LkSZ_d!o9
z8U{bo1zKI`(L(F8yF|{-2Z2|Mn9kA6a4ocwY0@vS2Ml4!yK}!FMHOr^%55ayh@j+S
z{h-ZqW0jJNmRm`ap(l@_Tc}AyL2UFY-Q|M%cnibL)<QiZiK*M{BQd;Ue=0HTpJ*!V
z)pZ<*lA+hF%q+jWhZeC;<lt9SQ?yo|J=p+x8!ZAMv+^^(aA5!t{GK8UolcmH@^v%3
zl2{AcVrII^u7!$86O`6<-dfU9I>B`(7gUl86GB{&YauxY#zG-%#ow(Lk(YOIeo3i8
z30^79%xb7m8quapW09h)mps0Z;h{D+EOCa$7*e^yeRvuuvMaY3rN=P>qcj%-)sYkv
zYhbK+s4P5TB?e6~R}YuC)r((ZJ$QP!o72k%*MtF$Md9^|CL_5vn2Z5ZstAmDSxExn
zQ3V55!|UPX0mUHm)q6DDC})F+P>#s}DL`%{f+CTJ@FH5AnocfnfT>z!j73bkRjye;
zkR-(j*K=N|1qp)TT`+8fe1u$pb&IN*C8LTQmx+@K#wWlq=n{M&Bc<X#RdQs23bF=T
zE}>_q3q7OghI3HP(<g+4U|}yeu0`wR#Xu;gmyeT>`W=4yP!%Dn1l0)Ax@yOin>3zq
z<;6^tRFr_}O=X`&Y95$@G0l*HDe&0<vTBm%!WCJZJkZ9{%usR=xLVHQ<^mzIb%4QO
zh)PB`v7k5ccdGI{+~`qVKv8sA|D&FgK|HE!u+^ZBWR4VwnGcZ=E*8cwWrj-jIJzYy
z@&h3mCz1(QcydJMKe4k~8%ltZ%A#}H>@+%&Qs>6?=`3x2NF=1fbd$rCx&zbla?+Rv
z-W{wRnAWdf8l%jl0y4Xj4+e!I<#>*;x20~sSzye`G3NA@59rA0#{@%oEHc@C6D%po
zPRK<|ib^HE6xG?L@|;dcO-4F9|E;}}#OHE-TJ-<bQSfJ#anbnSnDamS=I12#|Gg}q
zg#VxL{}cXy!v9bB{|W#9SM&ds+}as#nhFOr%k^)G1jrbL?EFU~7XM@j07to0{C_Jt
zaAAKxfa?$?_yLyGExW&*zn%xP3i9V&;M|7wP@sCqg$->0S9_3YpdPJr*gaMX)%eLs
z(#^{5HU5gB9=3Fp_@zMyw74l`BqLh{4uk=%i0+4BGV(>4bV;Tw5R86;`~QY-WRV>+
z)C{9B2rP!y82T&#Of?9iySe9(wZ4VixbBBMqnp5KpScAbj+)C^O9Fl*`dDRHeyU<3
zaq>@V2~9z{Md2uR+_8j1#R8u{P6Nx}1k#BjhN6xk2IF~<_p?F88y0yXK3N9UN#4~(
z2$4x2RFw15ZIVG?iekY?gK&*c^{_>rm6Sb|nr9E&HHN*A6w-1=bd?QZ?V*$yJ#C)2
zq8L#Hn4zEfYuTSpmnu{Y+jyII;|}TqGa*Dy&hW$Bjuj0u9@PpYia<fN0u14Cu%~!c
z1nrHf9^Pb`bk-xX^+5m9dC4ufXu-5=#K^!e_&A)e!eeF5<%cHJ7&R96$|i`OA}`8P
zrNmNrFOoAMOcJHSPz*2-3bH6@BCY0mlsl*)C|qg}$fT@*z7vvk{u^r{F?tg+T%3c}
zcj;fcWGO^;ZHg%zx<<$!jO_OE;9y|Nl|}KKs6w;qs6#j;&6&=+c+ph|^$-Q787#PY
z9)Ek-7<&lT_&0!!FC8@|Cix<mu{!?BV=PUNcL!kyGJq)PEgV?o5xT`R>L@pbwx6s~
z;e4a10LDb|fB>~j1@n<@bX$XC!wfNjVgI@qwu%@g5bS@6PmB0(*#G)@Wn2XR#p8aW
z@!#D1MEuuf`6Te)1pb@Ae-rp`0{>0mzyCD&uZ*^aG2fQs#S$T4oU$FgHUx}~eH<SO
zrcqyFM9i0LWc4ARl9xt`K|V$l5Z@rFtVSn(A!0{pi5#BB1NIsnRt6?kTn&3^C@)Sq
zd*dG*Q!<&+=m#r-Vwp^<!^RW}&7w$(MBJPV*buyeIPI};9U*R}pf-%@zA(%!avrdW
zB7qFFK#NL0?A^1~oEW4cC*)W^NFfgT!qjk31aQdH%>!6Gb%T>(1jflRel>B8AcH7T
zSO!}ylG6&p%}&s<xCLf1E#UMrPDGSJ1VbbGSv&v(m<&a~3jnXU1w>D6#Ha?T5TS-y
z5^>W(*P?MBAppawpY;-Yc+x_A1=b=rQRoV`FP@ZunIWIz;L7-pqyZ0c^Zxh}h&RWA
zNfMbdQiEtLFk~Ae3^ZTO3(_PojZ^}HWI!RvwI^0mmMuY%2tJ9gT7+l?RT|zVNg8EJ
z578gMrHo67JWF*Ud@zOFZf;%!L`n#?lXl}J11ggcjfg{L6fdEt;9#1*qP!9U&CG=B
zdah;ZM?hNUtX{sXUhW7Ci|(0;8EL&$Q$>I^ZT=vPRlOtwaL`HsJAnaS5(bDS^CA!+
zG0qxrP1_uqOuS}pU4W@tbOM?CwUD_mmXiSH5+C)`BL1iPVLz*ki{XFSePh;t=I1BQ
z|Gq4r1pb%6|9(;YPxjTdNLtu^|93$G<qAcCfAZY~0+>Jm6A0kHK?LZ(0uYEEAC%@N
zJF}}s1!>1KEDAcPS~tXy{G5wxVbqOpaSeJB>co5ejKndx^)(NC2r*!Z;^VOaJUfsK
zvv4cF4hLJwsC}10ZX@RgeHnVz2z&{dn(>Jd(4_)ir4YuUaU`ILKo|s@FmXOr@><<w
zwYq6CLb6OokKmmY@?x}?gjJF?Q_2h@D48^x0lp=wBan_k9a8|!BD<Ekun!;dF}V4C
z0}HOVm#>Gv2tFZliWmX7RZKJb;f>J`y$r4vz~qZ#YS_uxEJ1<~wQ}GeL2fBqqY>%K
z>}xeg8BFlGGN35BVrD?CG^zwoSxwk43o}FbhiH(*`RfI5J+Gjnl=B>e-U{@isD$&=
z4d=8d3^uA#X*MXb^-5X^>#c89#g*Md(Z+-~v<v&jk(F0RMNFWMjEVr7g^Qp)I0S(d
z0+F*Rpbm-(qEK9SxQRU^rUEeEf==k+41O+Xl<OdAy|EgynI3jp+<f1|HP?#aVHy*}
z4%M_iTC99@UXIbnipE^<&&EVG5NTBvTO-MHa*ckW9+T(COP(E-JUiD|7xKnU9+m;*
zGGwO}kuTLEYVfRZ?ZUGNOcpbfP~UrKS^$}v2o{dlDyKjI%wpEhdj+O~ARZi^`@nhx
zrW_3`^m~RFK{P<DoL-xt83WL4om#;`Z(>^W>oOQlA5(S|uV%kHTzkgCiX!J>z47!R
zJaa-OB4<yExXQ7g3e`bnTL47qL|>fs03Z~Y{b2C6UNaToy+MH>ds$`nEN8j7G^=8m
zxom`UP#jA{xCsi>z&p7R3HAh{5%9D|MR*?xHU@c1sdD8KSRTdl)KQawdHD$D^)Y7W
z8S`=w%qz$rP>`Dd^Aev{d|Jf+w9}KHQN~5^zufFTc`^IH6(r98yDXms{+Gc267heD
z_`d}Dmq7m#=-)4c{wc3OqTrm!D8`=|{1;6;uK(LSBsGBHyfM*K2)xvQo-(Y9b*FPQ
z4h#CZq$g(pa-xeTTgM?<2Gb@1#u87+XJE=y6IQGEHjF4tf}sY_%n?EewFNb64Z~ig
z9!e$S5DnXK2>}?dYvjdU7?3x#tkS^5uM>%CA;CII2#%(faZw^Xs+^urpp5pCk)C{r
z0+-v^4vFLg4~XyH+ohO1H}4VTFun}%U_&hQyNFhZa9^WwEuQ$hVUQqV^5pS{C@@Or
z+mg`}P*iScc?tEHBZT0O1EgW3TjbK%fD$HF4TLeYP+%hAKs|KlphCb$*3E_(H!pHL
zHf{*4KJ<0Qj-xJEt6FGFFXurOzy)|=4!kfd5EPZIX8DPNijJ5;aTV%3i_IA+FD;1Z
zrYLE>;F1*&G!bu5097*u)N90m0>vfBkPx1rEyTz%)KA{;5=0T<5)4n20-VGW^cF4=
z>mZ?oz=TL^$xn_G`$)><B}o7U7ciVvk)|IPq;nH_kIbnbx`kR5Af3s$SV_><1><5#
z948(*qu0*42(F@u#zZ8WKt!&H(GobXLkY@=kdLE_ipjA_s?uS10s}(faO_MXA`1))
z6QY2~V`iv7wlSF@0afUlejqEjLIiJ$4M!zXlmY^tI;jP|%uF>8S|tQI7aIk8MuA;y
zJP1nzam7B*)N8@EW&tn8tRWN2xnCOtD)RM2#T4@(_gojsL<&P^qLEh45|&&#3b7F3
zmHaHkSfcumDv$DTqhM?szL@X>LmWo71~}0NYNVOwi7;p5gZMfith}J0l0c(W5skw=
z1aO^p*!Bdl|B$e`upP(lE@{F&TWm)#l>*k5)%RA6ty3l>N6gVa78Icqd%<myU#%#K
zNY81`if8JH9>S~*6c`hFd0)J6;!JelWb;C1^4OzMR!}?m_6cqpdzp!^Nx-~=CImug
zyYQA91FiY$5D&j4a+kCpXp<4NxSoc(Yvo1W7AX89rt6m5BFKw+R+hL#8i9+dDs(ma
zS`0fP#-zeP<3qS#?$23XtZ1kXDuQ8&*viV52$EjnJRpi7S<LQt#}U^64SXE0x4L+6
zgD|i*$i^xU#@zbIm`!A^n0xspR#0%Wk{)UmDF_e{=cBKVaOYQ#pU4@EWu%a_xVF<i
zq++DmVO4`=hu9ruR*S9JF6&R3ov}JA%y4ZjWp1ss;+5?-t3wF~b;9kTW{0_~!e(|d
z#a8{TmF5yi=U^&q<@QX*I;y-R-A0L9Y!#5kUdh->qi$w0wlYgeC7$s{NtW13;eNVB
zma3Tw#-6DM0@~sji@nt9u-MEcwyHSE8FR4}7>aoSR;98OvR7CgrM5Dxoqh0dD^$#`
zx57jxoXl1>#1Wg@fU>aI9G1#5XGOZ1C`%dez?e&hR+gF>yOS|jR@fa@Qdzr`6jVlT
z=%FZ!z5I5EZRoHHsHsCO%VIBc+KR0X;Ks>7(sH;?H&Y?qX0<t)a=Qasz-)68@j9%w
z+dy76i^`v!lCnB8^~L5gJ1xDk!eI{6GY__v*or|YAaNvDYPH#^6w4r41qdu6BVnY(
zY_ZwP2v_z>y%oh~u{#{;R<+(xsY<6EzrqTo79EE_2DGZw>MXSz5|Doc<gbNd3Fx0E
zgZ{b3+-xSNA4c%z6(m6a#OKmJE#v<&NZ?N@qh<U*w{Lzy6#k!^-6uB@|9e?J|5aW#
zw3EIYcIr;HVZ{#ko{s<9w}rnYcbs}$r!zbU14G5cokylMOsur-JX4sr|JC4N<~ql)
z`=+N3>YbKi9%L@|KKabevu^IX^xT2-yF7EgU9swgRntd}s%ZSC+C00$JU;cWGZ(fS
zJh=UV4t(E}^YilFxF!Ac#FbfnQ&SJ0K5}l~p4WC2dbVvnw{6XdQ|8B|Ggp7#<I694
zth*38b9I}^H=MUjA3O6xQqv=QZfW-oxANHz>-t|9XMF1O;&w?Zzus}r*(DbqW=@{c
z?fg&a!KBW^-cIh=*mK6NS5}<cRJ!-E8~n3Vn#SLx%ic6((elNM7q4A={_UIYp2vOq
z!s6p^{*O6h$}Gq546ZR}(>&wqhIN~hllRWc9lr7Tl}G+$Uw!btl%}QrZT($WrT(#~
z=Zvj2CpJCM{lxL(Yu2opI&IpB;lmwH=lb>QA09f7dvN)m7x%o&+WwlsH{R{|^J`l^
zvj*Gh{&#Cq+rinokzZ`-zhvGOfx$^SN4L}6+H7c_>}tzxp1$D`{nH!XGPn2beC64u
zrtyE9+pA5RHW$wBc;onq6LV(Ierx^ul>Ki^J9p~%adG&w8>`>1&40*reAb)e$2YQ#
z-Me?s%gg)mhab*<f1t~?*Y4ZDf64X(9~KUp^u)sKCk78pos~2rDfiKRvu8j3bxp^?
z@9Z9Tedn(hy`Q8@`s|*hr|x>``u5Dze=2{m(ZYTo3WfH+_vGo*r|rXsr_Fff)mOjX
zw=eUKmDwiK<BrL1r!>r)H*ep*eY++fT6VBQ@8XXRojia3e6s8Hu`iB2Ui0!l-ny@2
z&C8#9`}8d+c%a9?$#33sWnJUVt}ZvP@6zp)v77tvpF88R$FgquA#ncOcar@tOP^Wl
zeYGk>_f2r&(ZKE;SK7C$jg!9KI%?Vc^36$Y8$Um}``&iteWuuK9X5^H^GDtEoNb#o
z?_3pn{*gyUTCE#DeAc;t>!aI0{BT2mV0YwSN=J<NY~=*kh!JyEtXPq9XhELm!M)wD
z9H-aotJY5Kzkipv&&ZJ@N6dX{)A4Oj6uvn2^@a22cfH|;XLlU>=;lS1!&m4w)xNuM
z>Fx`6-92eifv)X;>)Pwuep&PK;+KxrvFtxaj!Ur*n>F#=5x(K`hlgdjwx)FQx9d0{
z@a3S&%8%w4*Y@sue$V>*3%b3#-1T<Xtg36fbde5!viyPWeZK%nK|AWo$BnyX{5oCE
z$48F_p8u$-q9Wh@PEx_uw|0H;the0gK4xCBz0-~T%KIm8wEuYa<m%vo56+%Ebj{#n
z$Bv!Y|6bqZtLm3_u9#|>+BEN)d+xk*^i7j%_r5U3bIk{xzv{Hk=P~IR-HfD7qt^G|
z_xH-JPn`R7??by+O+K0Vz|8DTW8QE2eTSws-jA2wURqkJUwiQ2!BgLUUfA&Mt_2H{
zH;t;Q+WF?azd!xm?z>Na-f;TRj_(eC`ttgjotzu4nzK<n@WJ9#%gj$sW)yvrva$Yg
zz3%XXH*K3#S9fsMH9f1UszgcZ*s<foJ&Lbb-DS%VZ&`bTQCL{?<B46nI@^x_b>6MR
z+Z<m0xBjy%$*!zTJOA&_3!%Rc|8aiS)!nY@_L*+ogY5?Pn)x3c?{#!bPEPLDZ56j=
z{;E|2bPKZCd)^$MbiCK%imB398#+Ay(E#WWOP4N{_HXO3cEXvXdzzY>=FaWBJajm4
zWVXOuH@<P>y>%J0a=t!tWT3e3opax=wlCS9VZZMB>&Lw&Ug`2Sn8r6&jb7HU`}Lx}
zD=Owr<sKEcr7VB3M_X6P{MUx;eZylv)$<|mwXf`X{EAPuEZKMZjSJIOEE@ainx?9!
z9_!<KZrQSw0l{a=mfTre`_6ms-Beh=bb&7rIC^aF+gV+=EXZ-WZ~x*I-g(zu=f8M;
zN{7@u&o<NK?`!Moo?G|f$=cDgi<=sq%PN@}f9PR4b8^SH9Up%@^Zxs%Oqnw0$#$nF
z9^3c?bcNxIjy=rX9(e2zyML!^%&~po@r>(m)%PiRHM+$&y3U2RzuWF5XKiWvc2HW2
z#nS0_mWdP3e7tP*qD70&ojTGz`TyDb5_qWk{r|C4ma=3?RE89?N7f=D*=3Eg48|5S
z%#0-xPZU{G)`*Z~i4a8_l9HlA6rzNXo$UIbb7n9kPtU#2z4v$T-+4W+9y4>!clmrj
z-_P<spYP|xGBHvk=kM<iES**qQst6lm*;pt@U%JxgHctbvgGIB_*5-3aOW8Rv(W8q
z2R!bSn%~nT^-(>ljfQs|QczHEaQGH0YUBE?@y)w;Q86(*F*R>eQq`hShmR=pj>E=W
zDM(<L8TZOVv@M(Iu5Dp7tVy0Wx|o+Gc;ep0*x1<c@Z6IPg0O%K7q*I6ly|<0+iJ<d
z!J(p}GCe-9p^15`?CFWNQeOe)p!W`f{QTQwT)zP{1IGCM8zmK0Pi>l(R*Wy>ULKo?
zYx2Gcp8ZAVsJDC&7lD-oGWkp0H4omt^@u;ZEuMk1{+)Q15tbC@$CG-#-$veIcXxO9
z)~#D*Wo6g<a`5qGY9-3j)6<i!-`IE;&0ZlXE&ZVt;OPDq5fKqUWFmvRam7i8{8=}y
zSM3Ib_IO{D;jv>AwOVo_6+7J9NQ8uhzN(xI+upR1mNqObtZN%ZX=J2ERrG*xEV)Rr
zu+Mj8d;1Sjg4=hgG@>|LcCX{bP%C^L{Pg79xpP7fM=#~%2*Dg$A9=M`gd`;;g@=cW
zTEA?}wFDlr*VEGj76OSxIyht%Z@8*CK3c2Q)!E4!QlWBrw~~@ldW}|^*zLaFY+6&t
zPjqQwFpA09=izV9pFbSDDKzM=Xv~{0UrxNLOy42S?<az|Y3q+Nmv=Rmg`FtI@p5pK
zHZ&MUAuAfQjPfsCy7XwOhwpNw*qND$M_$usfb9$$Z1bfB1(1`#$<FwbVpjm+P06sk
zyu7^ey%S@5G{0zOWT2eUjXZVzAAQMoFZ=!IY7(S$DNBSOWxrCUAie$Ni=GTkXEDXK
zOA)boPOy@OhP#g*?a<?V-FLUu^!RbUL0R<22NM(SFuJ@OdrytA+KAK1z1VvhSrJ25
zPh!chax8^I^9L8DWib8bmvmVM8L!Fqiw0$cFz?zGayHV8HknQVmUZXO8)uk_jl6yC
z6*?VL(?^a?g`NWsCE#%L#@h&h!zL#uot>TY_$`BHXJ<FiY>T;i)eDdUfSf(7q*TOu
zGq47(y0zjUg+bJfO0MWA@u<js%v;!UOdW6Ca&&YoFy?23-7&Thwmo}x<LuNaT9!8U
z9sO+dpKOF}>FjOpm&x906gqIHG*%ts@3@~lKUVt8`%N}5j_ddCO#lk!)TvV^0l}GP
zRSEE?j*iZwiO)eciC%?fkI%rIK9!yG@$m`YsoekZ;c<$w&<cdInvenu2X4&1Dtu?^
z)~&mqg++ICHAF>A9JMF8Xi~*RagbAyjkSku%N9v{y@`9yWEH^|C}_Ty-fPJ&ks2@8
zqlA6@c%`4yCp!9ac6Jb~Y$gtve|wl*DC<7^&X)i&VlxeHdGw^G^*{bGS8%dnZY;+e
zP<xia0D~PEeSPTA`Hk-%db$DhI&mUCd8#RCN4u*U+Bw&`_uT`HIKgcPj6c-Xksl-p
zm^gIAH}@UW=Ll@_ojcigMtdH46~W4%J(Ca+INje|UW8@f+(}m6-Bw`{O!qmS<e;9O
z&#TX^E`sGO8%mBIC250Kxm>+}L0&>a;_=wK<A8=@mpv`n)oiubYi_cuzP|o3Ffu>_
zBmyJ8deu>w<#5=J?d<Gky1Mz8ju(J*Ie+dP<!9dMgSHn~c4kKQHyhoyepQ)xW{+^}
z6%t{e^_HB$Mtj-~pTR>(g6S>eMX1cznM+?CuS@rh;@>KA(jeYIjip_I-`Pqv?<E)I
zz(*5d%ZfCX-eUfBlnyGJUsRrwmX$rC{(y}FE?tc4*75L|0#&rt4wXy%%vCQU`2ce%
z(fu<e;w%b<`aU#dXKOnF>`Q>T+y@?x&siua2I#DZ`Lz{_pY)iD9sekU`J})LgMFpo
zfR#O~+XR207oh_ag_S=&CuAnu8Lo^P`u=W@C9EDrcR1ku`r5WqzCC-c&~cg^VyXxb
z!5V)kNl{M3jXrZRrq34@hm`<=C^;p?_w3p7KeFD~;-p)O0Ns{wfG;bC&mc?EsjcKq
zin9O4t$WcQ_pci(bLCNq!9GH@bWitBiyxRhqM^Z8;en{@h<8bu<C7*o0AoO$zvyR6
z_qOgG>s_?mct>=X*XcXFyh)e*kVcL2-tVa*FhW8aM~}|tTAuU!THb!uOQ0eKTZ=v;
zdTR75g)&yV%hkt1!q8o!Vge+PfPmMhb6Z9|4x~oVVF2?5urx1M>Y19(l~D`TH8ey=
zMV&u?e*L<2yqf07H%Kc+x$)-etSmJO6_#G|#BTAd`%kGA0z|00qK>03Ois7jXvVXo
z2CE*03m;y$&gF@Jjy;O`dzWUcuVh7xNbfcIKhiW0^z~-CG?QF?O%_oQCW1P7vZ|_z
zPf*Z0SO8Ejbi@7k2TY4F=jbfNSjWG;XV|<MQ*&S(7>QXiE*+5g0J|T(P1}dkZ+^F1
zZg%whP`h09i(>Tv2?b--?oFk#FnEPzDkH}Qx<pZ%KyD4=d|Y>!fB>_?hr4I#=&fR(
zR;+(CH^t~<5OPD;p5bni@m!Ue_0&|MXmK`s8C8>%_uS0+O>8WddHjIJuDL1$cqg9#
zGCi-VqTaYsj5P$<W?`~ZH~Fj3k7vJ=(e4+veGNB?iuBcsiamTNbccY+9ozP&L8*T3
z&Vt_t9x^rVbS2aNu$h6O5Y;j>)V_i0l={YF-+Vm>S_WI(xW!oIG9x{1(@H8Fxpce!
z!^CjaU7*#zh{DWT6K)?#my`DPAH9FfR$k@~W0!lBn=7(&rzN0r+?t)Ay^IwN3JR)v
z@xt%TCRm}vdmTN!(Qo-RXJ6cU!4l2&z`j1Wqw22C3yL>KUq~0_c>1k}1<<LdZ{--R
zmdQ7BNARbrQye8#Vy1rBm9VL)@aiQlv!^2+4vl>#B-*OS6FuzTZeV}udTv&e?%*4D
z3C9n5`uYXHrh4iEn2<$)5E3-L!?SN66RbL33JVCS!otGh;^JLuQ2|ekobAa<a=d5T
zxf8c>m6u5M0~<y=>7Et2_cNBA<-Cqwqi>u~zH3%Ga$inoV*+;W1)t|fFE=@u@)7P(
zs(m$#8~9Tru$K>~c=z6tN$@@sT=Iyo<vxSD#(oDe)^m4{(D~>{<G#KIG{Fwp)5q)%
z^M(WjxOc|dFn$Y?zf(|&?acb|<+8WRCE8Spm_8>M-Ozp*tVA*`UKbWBa*2yGYkRPW
zs{EzXvOo4)cD@|Fv74IXn9<|-C#`d?(@BT4G-K#$q#`@4RW;(PlKHA{MHE(IL@R7R
zKB%irOFT0-DRMTlDEBn(%DU~cr`@Zf1OP)o2Uw7Ek!mS#zBSz)0JMkDgTb@LC5D=(
z>2=J-u5`Yf9Dbb?bm_~^Dv3*d6bW$t^VTq$Yh&NV-A}1R4ByzDUvE!(kwlE;WRe$x
zL!~UQIX+6<cKW-L*EDN6W4Xr`idQf8{P^Tg9UHq#Noh>g{2j1`7`P9=N=#&AZ#A@y
z*3^F>xVfY-s#}@eOAipW?n4&4>bf3|e+0PW{z$b9lP^!>#(0Zz4UMQ+(FUY7^N~w;
z`D@vV1|6T+*4vKi-Y9<+7Y!(;WA677qodF3ynAi_q9zBJ%CK8&2Qy>DPA-n?$Y4?*
zE_x%>)_r?C#`~4YNJlL=Vb_@T=@kt498X@RClwM3=~KIHd`=^^ou|E;{@`f+yLW|%
zC+EL?`v%w@w{PG6_RT@zc^<M#G5)egUl6SUU)%v1ubPAtD#Jye8lS=Tb`6)E+c`Jr
zuX5pnd??G&!HL=NF7N541Lw{$`MF;ZHF#}a<~Lz-f5)5d06PB?Yt&}0qdZBcRVXT0
zB*%F=t0_t9inBkcqy3wK3ve3%iS_*X^K{*`z_xuI$imy(G$~B)e4QR0O_A6!&0<->
zPeO9OM)tTc+BDgTl4rl79rq({@}R-XHVN<Ny3=C)Sa{a4ZMrgWAN@t{N0GL`%K!>?
zB{SWrLlpY@`W>B}nlZwE(7pXc<7BbPWwa*!O~wRlJ?)Nd3=Apt_Vr1LJ>KU;dP5{=
zMybBjmjxR=DVuTaKke}K^_&486Xs!_x&FvHzuVf{IO#mszUG@ZeOhNx8!FaU9E?im
znsjJ%+Ao+rkT@r%ul_>ttzNf!8{myN0<4BWASfv*xA()i3*ke-Z){&ySJTkY7?8%)
zhe`+M@>hBPm~N%y0F2?=qK<nSTMPR>U)sec@~&y4y+nWAI&)dsD**k}R48+e)15B=
zkslz~@wkkIyUJns%hyh8DN)fxIs_|8u*(LT6Whf3Pd~pnrx4=ScdgTFYBW7FQwG@N
zfDK=V!%#KaZGma)=v+!jm;+plZ3jH`+zU!}djzge(@GR)4Jm8B@$yw6-94^Pfq|W=
zY7!*yYMGM?MW!VzB*#8_dw&n0M=(<}akTf-Cy|%ZpWSMSetf`kW<pZ6Nl}cd3kE+h
zR@eF2B83Yf@qP19V0Uerp@D%l5-G17ixRw*R9aff%gb9(P$2hX25Vrz%)!OQrP%j$
zwkI<OFw_9SeWS5~@k2oDOphU3*bV`%awp#ouV4|&8@#%kf!>)@Uy5wLeuy<7g^xGA
z^+Q3L<Q8YAc)IlT^xWI8CrZek__=-1zZ;KbXHT4(n)>kJ!<R2s1-+F!NqMp=o;?Fq
z9N^@Lu!aCmn9P|ON!aK>t664!f~?mRu<>bSC$5?17>1Z0nLTl7u)!>Gx;F6)XL-<D
zwya*N({J=M`vZe|`Lw%F9SJW};Oz(xC$Xt9FuA9F_{e?7c)GrG)TwXY$UpJ-Kl<Y8
zcJ9aJ`sEcBG+XzUhe}AEO7Y}9(w$vcXz==AT5Zdj>Aq)S>|ud{#em<tJz7rTW>RUy
zm8sH>sxb<?Vyi;~(&ih3jTjhwYZ6RuyutDNNv=yeq_TPLlYjH%NUg{_(F(`x(^8ye
zKkCwv^75v^&Yy7Dzyr!}rP*)S>YK-HG_Xo2DJfY;%{(*i{lg7#`~lAs&_ug6<8Pw)
zKl0EtxqXzvO=6fhKClIQHMxJOyqvO+HThWN{nuf166l96<_CS)E%mY-s--wSynUMq
zd_(8peBSk*Ys73lM~UY8Z>IFR8+v>kCF<(x09R?_cImq6LHKAya`O3z2>rt;sfIej
zl=2aU*+$sb&rj1iV>3^ZYZq!7f8c%=w#B5Eq4VR%FTl{xK9xd|%6v<&f2+yXUU!r_
z(3p;q@p`;~)2%@=7@xs5an?AB@NDkjYgO>%@C`JhhGCCS!f!Cpf7(z|M}39v?c2A*
zA3bB+_!|wzBo9$AF)=wd-j=^EFS#y^Io+7Of+a{;bYB`nmDwdHBct}N#6;59V^LR)
zu4{fB;}rTPeV-I2%p%s1&GkvW-fOZWHaU5{N?GAc>Mpp-+Y1cbs%mPb=l1u6!UEOp
z+#=FzHNQpuD0WHf>1Cq`_u#zJ%s@x7pE+pb<Ho5RYW3ak5xWY4t|xj$t;?49<JdKN
z=z9PDefHGAwm4UYcz%^eizKr%r`8{QaxCZ6Jw;*PfHJ>cwToN2fU)g_70TFdwS;{b
z>#Zp)Fglm;X;kTR)x^XEV4?d4eHjj=G#8I!V{55NYvCImsX5nGW5{{E?^cJ<Z88|Q
zmca?FErAD*9&a+%*4}XNn{~OAc~%iF9gy>+w=2(Nn-8{?8e|qEC6#vP2vS~iN{Ek-
zr<I#|oo(%V$P(s*e*9|vHO{Jh?xW2l{jlq^(?X&Z%~={XQ-ADKR<%DF!lD-HMe%;H
z35`85c5SdLARwTlDmrM!M)|Azh7(1Yr+_Pa-MPqqr^>zb$_Jj~sUJJ!U?nWdN3i`T
zCjTHaEV&i&naW{!9js((%*K(E&h0e4k84dr+0>M{Gvj?yg@97?uYoLkjH4qXl@1?1
ztHI>7Ej#ARP&+a;)rG>&<Nlqn7%nD@WES<VhiB9;4aSN_wt7XAwe6P(!<HP&$gr2h
zTxWF9TqkjWuQC7RI}(yBadCh}r6~FMqzf6$eBh%3Y*JcOrI?J)avR5!cemcRp1v$V
zN^|wY`gje++)^0q!Bh__v;NC&2`z1pfsbk^Itm(<Sl8Di)R&M_Qc^~Be9rYj2R*E<
zFSH}-)!>}2*O66)om~y~V&(R!_PtRfHV%z<jbph!Nwn_2ZK)jUsVmsE&1akJiDY=G
z5}SE&M@PqnEDkM7xYKqzy200nXfN!c5j2IdqyYA6e7rqu{IlE!m`d4a+V<YSdv4Ta
z8T|EiVy|K^o1SoB6w{8sL&K>t?Tw5*`l7%%&tq)p$M_Fdgo9He3qQ?FbMuv+9_HZi
zxb&TV;tq`$<Kn1k;<w%Jd)S_L>T^R`S#hRe97!{|(_PPWt0JQr5$oKi#osA5u~@S7
z3Yuo^km$dB$UpF$*5PZ%zGjp9v9;KzmR;}@@ffQ=P!;7^evB_(3)MwK@#*~esIzB{
zoxI*s#3|a^+Pb*xyJ^8henha?wLjWTngS;2{b+rOYQPs`&ciS<;n!WC{GW+bJbZ8+
zXk2tJmFMtlRGPd|tn=IJ`?L=1>n~_PQBw}(*7nfbx0X{RC3-)a8LqmomB6pJe|UQ!
zmSv~vt*)AeU^a=@vx=l-WLGmtt0}LsvSSA7zx16-cY(ds*g*?8XUv;FkIYSr-ZIE|
zbMfv+>4@-f<p52V5YN!{6n2tbe1`o$W=1ZLbZ$zJ5OSUvyx3;Wel=9MA}&rKT1aB1
z*Ua$Iob+^Kt^y2R-ZbK*FVdkF-BU6~L)Yqg>J$?rqol>#78;lj*#;UwfFD*=Y~1y(
zaUb6v`$4YqfRXQvW+CTsh9A}Zc|ONGhf)lo?DwXnv8!mwWxR18>+NzBJ`y~1em&O9
zOVnqpk9n5=cT&NGh<5FZL4kp+CFe?wj7ohs&@wBhEAt<LrQ&K54w#yn0<t3eBA=<D
z(fe<oJUGbJbUb4^H*vrM{y3^iBFtgRiM{vW!N<Z1dRRCYyE6+;-2I?mfS!T4FI(c4
ziujS|&yVbqGHl5sBmFw&K_A$=_YOS=>}HOH)Uhm-xOOs?l3k|R?rN!<jpl|K@^uYy
zFxY)M+qzOc*N%H74|l*b(Dnt!5{`Z|P0bG7eK2pWaO5G?`%g8<3ogj5vrKT~KBlb}
zq{PMG{%(%d=`I;RvznS(kmV*#8S~)dw+^^noZIVOT3XU6<`&8B>?qn<yeTOHtEnV=
zTW2(cj&pC(0aKml_Q+soLwB9tCp~ELdrc(keLsEjXQ!d0Bys9$(tRm^AbmX+#-%Wf
zEQ)<=uq(C9Nc8=?tXJ>OXR=b<PzS!m=9}hh+O#PkfMO%%kOa$}_~YQ0AJTgc_HUAJ
zHsBrT&3OzMF0KI>?(>1HvZ0FkWWnK^XX*}#(G9_Kb7$GT#FV0pyu6xTL_XUVLQcU^
zee212rDiv?JpTOQ;fgRh*(CcXB#IwhPukkP_MSC-vE8k_;_2AfcmpC>G5esrd`q@T
zwCps0W?mkRCGDXX_co7z4TMo7MMXvFrfF&<%5Kj-KqjqSUS9OcfWDoA<5tw@O<I_x
zV*0i%TPB)XHDNx0Vyw>$lVP<{%11moYv$P}4wJ;*7;X;>%M=cvBdt(Ziw^bfy1G?X
z*7&~4<YaeQ*=cUg;Hg(=l-JCVMyt2?ddr8NtQ1cQ4Ai6<dnCI6o>8T*HLLiRVb&CJ
zyG4R#wvcvqy(EG$IEax_LYIj>TYpHgL$h|IMr-10ip-dY$}yGW$8RYqZJL}cU}Dnv
z3@<o#GcmD04&8shuTVZX_CT9bbB&h2o{E!ZsYR|+b$#wtQeZ~Sr&F#7^fWcVN<53t
zJjknhy0w?;%=?zj2Hur1`}XGjVE-X`4y#FF?;!SgZt7788}_8VF>i<T_6wo?Bj55<
zqWQNXa<y+oJs5uB2rzwMn#p5o*fH~KA2$V(-??+gJb1g(3mWS@REsqI<{smk^)L$B
z@%xlI8Z9Ih6eS+heYvu-#f9QqIdDH_TeDA0>MAMuzUQyn>u4v^)fshQsN8VivA1I8
zE|{=|VoXj>m;itErollcxphpMZzy0xLqlrOg7voF_}<~nH|=8$0Stt;GX9MC;=(I}
z4?{Xb;k$M*!X7*j0}SSmMWV`=NF5>*>0!GSH(dMCC8rfsapsIPJG+37j4QW;d@@Z)
z)&3)Xl3nY4IV2?;hYX`Ve7<IT|Cm$2U~(wAcYj|8m&kZ=(9kE>)y7LLXdR4Z`yNs{
zkAu?{Ox8zX%^&u7K8jP~xK>^cH{`(t_uV<!rn8ZWmYkeCAcnc&JPkRFl2X1femoAh
z#i^P^to4j%PZL@T22)^Fz`?d9eZM3hFItWC>AZQ9oJ~bKf!cE8L7SaE_oI4dIKvo4
z-tdTtF<Pqgx;!L<!8mu40sq0It)d@NaMGLRyqWkqc80=^$1&xOe$;UmQ4(P@GcN~+
zK?W^#lZR7+TAqrqgF88Al2fLAPUdjIgezFt*w(T3Nfv!6b|Z&XR#tv?T_?fHoT{F7
z`8+KxFMn3~F>K1WmnJ0D@=-`Yb#`>foOW*(xJ%B>MXsd0K~ZsH-G*uMb*JnK6rB&b
zG{$Mm=;$aYR&uA2)0xyaG<Xk|ZcvNjr=+IN?|tBV#o3PzL5(>X2!q9l@%Bs)XpM=V
zZ-FUOU{Pa3ZywGJ*F9rr-?5`V&6*;x-$=iHGvk+CDhc0^<R!rNAl<@wG0#3TBZDWE
zQ@m=YfAIE3lLAW#3O`AhdOS<W#km^?*84?r^1noPRV(|`^a*82P$U(KpENSkwX<sn
zZ0#*V@A_NK6nSMlaFp)mACe<TY`L{U&%3&QQPnz|oSb~^8oXl%T^Pk{#F^AvMxG%#
zNr!xObr0p`sb=4Q)G~I~_=gS$DQx0HfgA1i53N?0#yog;rc6Ac4YRS1iii?7zGV&D
zYH1$4n_KzRb8nXXjoVqJPrLKnX;5+gu#xPbscFJsg`_mI42{-Z<6Aa0366Gl&b2y&
zv-kT|$uG9JpTAGteEk8*;A?I4eY8?XTdrk_O?7bov74qsvwdj)XJJ1EGjl>s9-Xi(
z(D4)Vb62@U>to93(MLhfeY-mLvX2O+{T;J|Wr+_7;PSLN$h*z#4SG5})?h~MpO?wQ
z^rmlS(sx&7Rd>sd7SbLGnaCm%Nf@)*TN-K@?qv)G?6tkhsZ+J=bGO+JUgARgart~7
z{v%JF<X+p&?SCApeJylMnEZqg#k!X9kDh1?3(l^-b3M}XFy|&^b@i9$sJEO5eQFRV
zDkbIKQ)dec;wA~C;DBY7+Z9dbryqIjV=A<DqicWIcU8gJ>1nNmZS4`KOG{-x>mEI7
zqI;RiQbqA3?<TGbuw$1lO_d2zMX>cf+i$0%XKx>4IdtKBzg}ua{g&iLw+@m5#Pf?B
z>(;F^$gB^kKR!77G)Q?5nNurwmw}J95$dQy!HHRC!A9fz^m<W7PPet}?J0azGIu4D
z`f<@K2p_Cc6KY`wI4VP>NnZD|(rF6Hp?Z6ft`nCco`rMK2c=3$-WvcUTuY&>-(_kU
zVf~?4A=CY&C&<m4Qk{xQk8jYqxLGIn)JSL07NNl2>+w4z%HXnYsJE|^K6O>=n`gPW
zFb2(vSd{yi&Ds~|<W$?eE(p14E__68&V8ut+#Xo^y+$5;6s*K-ZZG!3oxmHrQz-gA
z$75)!qBH=1WJndkzE2u9_&z@pW}f>xCZ=SUTE*$XQqzh%!5p7z+qb=aYf)P}5E?eX
z_d=BZtVk5e%lKZ$gnb+_<`w*ulu6^wqU8H22DH_}60UI8X_5Loe*7a@DJX)@#83bk
zYbQ2Q)Kwv9I<rYZ8s-@uG4g$kv&!K`M2ubS`l6$!A{@Fi4UY?+;0fm%c<>-2IQX;5
z<>Xh^QUU@qUn<iKvLr7>>T^^%yuKzI1bE~zA{4N9IdU?N#_F~=b3TjH<<5AHo9^Mc
z84}WWvfwQfUq8zM>6th*CL`lYf$?5j?Y8Ek3;8zBx^X&QUU8;E-D5}6E+?Gvn3*16
zx3kM-3EACrLb4)8XY#$xGpe++nd-+l1|3=-wU`U5C+s)6`sU20p8b^!u8G|l#z^=!
z)|A6u?%%T-$@|3U6q?#f5mHiB*LKzxZ712`HR|uu8){o1%dFP)Je+L2Z#pt8%)nvY
zeG3)8HbCtURj|o*bqI_PzfF)ekvctLUurFKI5^h2W=Eb&ulEJa^W>i3V@Fjr-&S5`
z0(_>~yRCxT_TPK_p5HQ9jCHsfD`Sw=DD*-Q?k9DZYxj4#Q<&INxYVn1!$%H|j$R|L
zBnIxahYqzryU*#9R$p76TikO}YP-ZA25M)<?^jYYpY9%%w0A7nvEThE_O6KK%T_Zp
zqxTzqkg<p?8RyS0B6t&L+u29XZ=yC(-22h=aPv%;9Q*0%zK0wfe{9{F>NWMXCgE1G
z>w%uTj#UXFmMzNcEldn4%~a(|bvO-;D!|tH=rwMx7UbObLDze_X=Cc1K&N{j+$o$i
z&Ah$xO4~4#JC8em61Aze6}u9?Q~7Lf+ni=YFgBl!5oaFU^-`s^P{5x~X^;L{mSQJ%
zQj!wYgJhQ0DwlR^245B9-Me@1!4!^t`);La>N_;K=4NCZ)-xi#9r&JvXY%tA-s{N?
zy=fXjY;tGJ75&&1Zsz56H|7qv+^6p8?G+Y>0UV0$+TH46m|O~vjNIon)m=H##YcaM
zP9eBJBQ9#9Rx2!U+bO4t%SE?JMvkK&M#jY08XisIBiFuYs-tt3PKT4}>Z9Y|I!3y3
zLRrTUYC#T9Ok_3{n+q~o>F1kQOLbYpb_M9F%V+x8@S&Y42I#|rhA+I_O-?17zDsdu
z8HQdVJ}%;-2kcgezSF}U+oguT2;BAKsXu6Pt8Qv)YOJ?G=-6#I7gsq`F(A@%vm0{E
z%uGyXXGUuHw4_|N2Vsl`9>q<54vN!z`Xc+8P5PNAGI;7XuExR?0m-y>o=c%S(CBOG
z+U0f^K0ABQjl>(8T{Snn_mXLo-|TzdX9gv;I_o|^xnozGk&%&?pKo#wc40s%yn2f%
zi-hNQZ6oGfmxgYU!>)<E9h^-HlWju>%(lyZ{CIFO60o$wJKlBIZg@P^L+<>^S2sQ*
zQYg&>y@e81=&Ka*X0t?lk%8dF<U?nMD<Awp=F2n2b+7%#Iu18ug+tRb?d)!RqPVyH
zA4K0CLN#^2eOjBQm6Mst@Rat%`*V_AWr|G9opA||v{N_=-v<3~6{C|xvZRcTdTyW@
z-I5w$a;}fUPi)^l-j1WvVtd>|Veum+B_%cqrw*SW@2t?Rk=nwW%&=QA+r*RB$0%Za
z;%>6MC(q8VPA%CY&z?G#qh4>kE?#@@U|L{bUwN6kG~fKa=52V#)6&vXRiE%Hy;6nI
zT>Mp|pZw92y=DW+cQl$m52F>xXneRRkA4{LjLYBQy<eZ}JMQ_ETi*v{f$`<bmrF%s
zb87jYi`3Ru4_-e*3M)UyDD+UQKg>H`$u5X1$$NuoU8t84YO)V)^XU5r@+53gX|N;)
zaKmVT9anQ;oMq#B330)FxYUdo%uHaDjY%v|Il_mIle}`T=j_;pA0u*Zl^DK?<m)3E
zYGk2wyUDGJ#%R4`W-Hiq8ABQljF9+*uu0IciStWI8JVCO58!rPJ8_iy-L2zkwcY)X
zf1K&?%C1ug=i^ZMa#<@c;WTDvR}7s-O%W=4!!!#+^{x0?{mg#TLI*wn#to6l#(H{;
zbl}x?cqGraHzQNR^;={6voISZlG5af9UJnipLu4a>`-~Yc9}EvX<-R(#Z@+IM#fq3
z1t^{=I~JFdgX(>!94)|xEYOi?G|WHqX7`>wFIrn$pWI|7G2!r`!)&z#3}S5O%lEet
zhwSXqb;_DHZQ`OlehXI-EYGdEf1kbH9exQ0QVIXS5)o#HG^t(4whIi86GXX9pYKQA
z9<bf2>-nhIjMhn!&(dM|OC{jMe#}Es-)nJxaZE|7=Id9V;NWLwr#f6!Zw1Fva%i3$
zZf2?5N$y8i!5?89C6ws#<@u$1_Z}&9lEB6rl_~a#iyIgk^8FYSzVc<uOPoOZkppKt
zJFSDBZf0S*DNa`;m&1cheqnL=@X%$gxtOaaeiwIGUdYu%J~NT)QKCN*i`BLGToNXG
z#nLVMxIe29EX%k+HLVtK2^bPaW>Ik1y+&Wv6K4Km+A{*y`48;tha^5Ww!YT(PI>OM
zsb_X(#>~_4Gqxs#eurSkl<?hBpT2xeEv=fG8t=KuuIbV4THbf9o5-D1$)3?>kJx7y
zRpw`8OkQ=P@tzsVy|H_z53}Vah1V^J8-3QA)qjZa`8;iELRVfon)6_<=8)ND&bO~*
zN*+zP%ubC-NlDf0A5pipy;-Y6b3hZeFMvK?&RbSO!fkG5(p+?dt8IQq#(f9AJy&Gs
zBu~D&k~KV>34>i@3QxaU{PbNV7ky)YYZ8nZMnOqw{6KQ7l3V$_|8!B&n|IwYBrp!E
z0^`Rs!&ObF`vL$xy}Xr#7_QyC`Sl5{oVupwnXgIy`?p@sYpy$HYnSWL6!jR@(mgvZ
zbhl8P1m?5;ppMh^FGcqi?n+WK^^iXQydLFS>Q?4=Q+Y>GN3{%tV$^j7&!=+Vs0IQr
zro2?UHH+Ic-J$|R+UXe>WSc&e783(DEBkkVr@q)?xP0BOKX_o*kbU;54E0`7HB~h>
zSh;|C*&*J!?C!=+8OuVsq_1{Q%1A3h*o3jx--5U1($n|JziCK*<V)JzMwj%h(#|b~
z63)D?;$Bh`Vyve=Jv|-JOnQ7B35p6lRm@3dis69eZffdiU@-YUU%#lxP)&_3GxPYB
zEBpqTOg`xk9vw>wKYjYn?6jw{;>509W5B+2FAunV{W{!NK83ktzm250_tu?$dU|>h
zk&z+Wq;x{=2&O!Wqcm40J8GrS%)h>HHi_ru4$b2icIJ)1_f~`)zWl~koK<7@W&S<-
zwqnO}qGx8u&YUUsfjw+_%j`CO;kd3$fpw(j@W_bV>}ajL?|K2#2lq~Hwh3c6s6jTC
zF)*B<-&((`8u6*e87q?_t$w6=G&#QHx$C5%O`2ta@pxa;UCU>oyt+4D#)@`Hp9<aX
z&bs9b2hVvUnc}(8S}nk4PaZb#e;b~0_q%K<Gs#UHpX>RQ%7*jXwZDF8MEJAZWk{i>
zqWV72`lHb@>;hX*+mxosG>O{)jgvIHYPU_IS5$Pg1Q@Wzup4J&(R);T=<dm36?%m{
z{<{SQlT%a0uNZqcNBK$W7-RrZ)A=fnjFc1<TVpNg*SDxMs(kg-VuMBU-#ZAi)UhQW
zx7wln)tdPW&O#yZh?<(3s_KV3cDg4|W)AZ;KA=7l$=i@}2t#GBYwYOQcS9pieRpjh
zvg+W|(ftu{>DeB(+hp+xC85oQ{!uY;945XLei@mW00rCtK{7ZvXq0dLw4&lWc}3qf
z8#f=1QCCA>D*kO!m@mLa%(s5UD(Q6XYVqs7%ZBYH<ypKQSuFLRp7;xy6pw;4$0f7n
zZ}&XCLGtS3yqAD<ckTP&GCABaH#;51x^ItwfJRzv`qt>PyT5K0*_M8@FcuiwRn4@G
z6;^xc6~tIWK4Tw}$h1|^muzwc#w02#Dg-Peu3JYYIzcxteQ2UeJzHP0E-dq@h2O<D
zwl4t@@!|z=qv!YcHhpj1&@9~Fkfe>2J7Dmty&Q^fQh@<zChU)mh+t%9?(FJHyGC1F
zel<erA>bth2X8bpYyJB5D=>I&F0Ozo`Te=c<K&|gTidAW_Qb(`O}x~Do??Kp=iAg^
zs`s(JYA(Y1(`?TWPAx1H56(TD;v9iQ8fE9?pdB0>Y;Ac21o|3sTJJfxGsf@Uwd*N#
zQ5vLthnv#o^h)pW2w#^j|BCZqLB;Xo$NBj9sHv$L7#PlR3Q!EbQD%>fjHK-U)X`C3
zRk>M6NGR83&z?Q96K!OO3vcZUfZeAW7&XPzQ?=FeD0Pt$#kKW@)tY0`KnG)EW6VKM
z?F%^l4u@__&$11As-vsh-rL*T(UJP7zD3Z91Vy@z4y8$2QXr<?c$bZA+X=Od??vxv
zzQol|a9nGshK;vH?8}t*;te;})Avr7%|vT{d!lilY;NG7(22=ucI_uWHayhvRJrCR
zqX&b*_T!X};VjXP;E6~WT*VP#gM`~4QAi8|hqQuQoC435!<E6Rr1%UZa31jFttIk+
z6Uq^TaO0(#3Su4sL*!MIG!?TI%+LPkg7p7|*Q)0~h_XHWGkyHY`45r3dxe+he-alK
zUOWHs@3_|TKdt3|TFd{wmI>;AHWL(q`Q~#!{b`c^wFFRW384OK(!Vdw_q&u`!47`S
zvj6H#@JPphXC`>~U&!W8wKSXiKb%8;F<S=FxS(`WcoHs27vze-EY#rxQ-|9)pe+y%
z{Lqa!gay)Jv9RPq@jATnfj;q5ftg{zbzjWZ1U|Y_$wH!nfN&HVObxR*p?R^f*as*y
zpbuE$tm00xN?@)Tkcv1Am>~(G%?b~JEP=E@{&Fx>JPXqTNH$MIh<?1wYckGLfC>u;
zB|_GGTeJ&Unsj-&Ns##fc7<w}+Tj*Uj6!z9ibVOTdpN=pOy2^>VF*cGz+5^uQ2reB
zLW-6pg+&Rf1B-O9UeF`b0P8@Br_c)`m^cOc{4-Duza<Z$h!e@<XSDL8gt~u34-=6B
z0cC=juR>~t_;vR5rP>EC8-AsMR*(&gS;h!ycoq}SEaYATxW(QDpdL{bM=X@cA6#V{
zFtgEL&E4+^@R$SC9w0K%z?OwFvMtm^5aEXtQiP-Vsla@8P(ezNBKRCM_&Eb20sj#y
zcuAC$3rb=(pCAtlCi0mtI{>u{w??=E|5AaQ0FW$5h}bJI)?b+tvGxSowYIZy!4Q_@
z(EP`ry8s5ZSj7NRuuh9<+kcs{9gam?V37FLAy5K?&*w#`DGRz&jtj}{TpWlpVG%LT
zg2({+U2bj6Gm5_B(oL`+o}nHHtb;>C`KlmZ0FyX@+nZ2(*zu>@!$g_2AZZ3l5P-$3
zR%;ObQ~6lD#9G)v_==+oNe>s2Z{aI);yINlZ5RTO7GO?4fZtIzSV8zv7l=nd9SLS+
zTF6?@Pqk7%#1$@3fDFUg;nS~yq72_8ak{0IM@|qM`1Tf)H9CTs;IPYdiXAA69S~5x
zTr0#PT>$Nj#m^AABtIbn5V2T%kpW0!qA^x@*^1A*PZ$l9+s+CJtP<7|3Drh`a$)gP
zEt6nGc?TVr<Rk>MD_Sk7<~nZ%7|QEtE~vMKeGIfu%nZQTP)l+sE^R|a^RU)DeUMa3
ze^XRa&{v-Sk!V?oXs{?a7g*oQVZK}{J_8WS5;^ZZTj3Vv`O-cX99-ZQ!o60&qAsBj
zsDKE!gW3mgFaaFr3MriVZHyz7?gi5=LMsF5$i)$(u~7R^t%ijnz#v_m@yrQTQU<G~
zg1ZIb<bY4}1?FS~MnqI3cZIp&Y5BWT!QV|hlO+qcI2{Cj4q#G4C}A6DYym@sL=d6C
zG@59n_${)GxsWJgqWsQe@XYnQlfmCjJQ=JV&SfQ;>I7&Za2AAYj#da@WDxWG>4=nc
zbhLDSe@KMeS7H@Hx$T8|*uX*q#xr6exgGQaf<V)iD_Vn=q#eoyNiZOg?to#B`%Tgw
zme-S4|NV&&ZeML8jxJz^ODKOH7N0*8lua&<c0d~to%sn>&cV3?G7+l0OvEyTNdQ|F
zgISye@Gss95|!0hqA~!zCHmL4IuaudTAVzPJchCpf^5$F3nJ(cq{>pO74K%CRxUUF
z=aio>i45oYyLyL&(QkAMZsotPS5R*JMyGBF4C?Re6x`px(J53+`tR!%+QPrltu+D=
zY=2+3(1!bsZm~$5I#gO5&(^={7jgub*j$TF?rJswWTHZnh*&Rxxi#^H)tBntB^#E=
z`doynK>KqMu3AiYjl_SqVDCVlFE}=WDGCk&FljJ$jz}sVFcBtR)`0?Y1xx!E-Xq>D
z!XSw<aq=!Vfsn+G8K^=K3qBHJX}R|W!*7+^?C>SU+5e<2I|}K>1B@F2et1CtlpnrK
zR6!*F<pod&g<CG&R(}NWB3ytiio>`dSGy7Lw^wb5>Styo(%=ha-huz|5Zfv9#paPH
zS3Ah=fv}xbOU|R9RIPA)6)H%BU_t2J3XNG-QXUjNgr^qoA*fgsvF(UYi|n#WMS7y=
ziJn|A<Pi>*h($nf-c2Q{UGF3-?=<hAVdps)9Qp#&1IiKbKroQm>|lqoB{KZ+(8|2l
zcSI95+n=x|T+0F+Gje|GV$pz_B~Io`l)D{|!&sqLvkq4_yn&(MpuqrkKa}$rPPK|C
zA$HW4c@)IP+p60NybJzY>q!O4ZTMeYyTwJD7hOc)Ap~3CB^wb?4#_aUIa|1qXz7T`
zpe;}H3nuKI&xO1a__t&=mt$DJ3B><&|7t+|PdEPpi2wP%Re|`QZeIn6CqlgB!Sa+V
zC3FXc`|_HFP=UUAU2+&I=ZL@;xLmmf^wR2rz~hU)F5Zf@p666cV60SH^SH<g*y-Yv
zI5ckFq4=p9rXXAa0VaY*H~>2x%74GK9sz_4gBouhha^T7i16E$2Cy<g2*9W-q(q58
zY&6vZK1u*@@Lnbg?T93T`~=|;Vlz)f4Bim<xhJ46ekvj~4#Mv6sI`mZ&twB7Kgfjh
zhyl<n7LVDX2_rzykAMmi4GV)6gsWh&M3@B5#R|QaU3h7BVIo{|<>bO*(tFn`3jQx%
ztHys33Fv>OkJaP9ge62of2#i{zIUzu-@oNri~m}S|5~g6w-)vFKNj`1R{w7;{A<~L
z1ax!3&s<uL@4qhUYo6ruQA>DR4FW<IU0MjdonNQr<^CY)3L$8iRbU>1#0B5bf{xj;
zuE64ah+mHcd>IM;2De%{_5+8sw80>(1)W?h1u%AKL43^#d;^@IG}a}wH6Qb^>}?fr
zzbsr4>4dg}#tDT9{4^C}6c?BYKNV<T0MtafuTVt~s_%#3C&F_1@iekRKnU;B=lJ2)
zNI=P3Ay&nn=AqdIycRz}9)y(@2r1*ESm4L`fuFSzIKa<GnGk`1OYj@W`6WC@aD}A-
zDgeG6un^EHEQF|_i6aJn`b|X}Y836V;6FovK6o4kjzB}P5%8a5u85<x2viYVL~E7}
z6P(quG0Niub`}G5pmzuajKL9!0pTtj(hdWz6)0{&z5yErzr}z-4DjP3f`Z~=YP`Sh
zc9Dw9I$x+{<%Gs!SAGu%4ha9Qkr+lJMAV_d5jjBkt0Q_Ifh3~Q0uO<2G9k)9{X*?&
z5rRyXw!82Ie&l%kcb63c*tEMKG#<W-fX1Id;eRAdN$@Awiy+Duw*D%w7M8qOAn@X!
zykH<O?EI6!Js_jZSNhrqIB_eY?n@ts<B;>uETHAkJ59pf(BIJgf`Y4n>d@aDKVju-
zP!1l-A@bQFC}%GS<?Is@5fKuRfbSIn>qLo2u0c6#7yeou|8f535C6gb4F3@k5flFD
z{GZ5L{ilD=wTAz!;XiBm&l>)-hX1VLKmVQh&pfVkRQ=B|o&U9if5Z?FH2uY>IK<MQ
zR)&7?hc7Tc9ln@9rhq?~2FCeVAW)VNeqsd$r2{Pr!j*vi=mM~<od<$YI~?#FfAfS7
z2=X{P2;m_fJX*JSmIqF?;1@6V)FEB4aBgGSsPJb25mu|m*ZmB}I6HXG2SuZh&~Mg&
z!~rB8-~jKplbwHHzmT0QJ`njhKo|!ksPyo6;E!`aznkE10NMt<cxyYPgViecKtBGT
z-9$hDR=w>c66pl^m9B&VS)hS^g@8tE!cXP38kY3aq?dsv+JNS@!y*W$UJw{N!r39h
zK@_O96+<Q$0#g>FIiND<OJFzr@(V((C;`o{+|&wZ1mQ$y1i^!VPS7yX_y7{9xt~G4
zUqeO<>-iI;hKI%$&S*k>4#7JZI0AnZ<4=)O!9M|i@M9qYfB*|b4;;`+h|kJ+*8;Eo
zV*CJI0QN^O9X>EE2#Le<{_h~C|Hw=ffua5WL>4#1UziCVB3yo;^7m%+SHU@8Mo^sU
z?@x(%`~H>X!JqRX!e9So6Vkws@HeNlAZnIPM#&M5L;n{1zVhxQgt9M_>8s=N_|v~o
zgR5fm_z~(Np>y6YL`U}k`C$i2GDj$omO%7n<C^aoQlZ39@iKY<q8E&Y{udy$&IEQ_
z_A{hI1?{aYESI9UNR%r-c(4Y<Zx`?3;RXmS=y+=Wv!Egd7&L~P_t&7WvjZH|j4SEI
zg=lkpbT_^Q;KuomfiXxEp5x&LyOV}`hOz(<&|@JG4(8@xJ<J@uxN(+F-28BEk-eha
z`0fCz0c*lD-ybjGKminy4tz-k#hrsKFJBx`8Lk)|4!$SD^XF2M{{pB6PuQUVL*q|@
z>NTADmpHYv!x~8apTB;M|GHp>{-!>lAisV4eii=*Ud!;`ePZHbF!;W|ssB~4|IhK?
zRo9=`U;iii_>=fgaWP=cm#jY^4A$a5|2^0LLHu8yfd4{JFb*`?78EmJ(jfpXj|2~x
zui^f`gZoob5~2Q!XIG#`R)PCLZ0g?t`2VG){!e55N6?PQe*ogwBK-BA0rr<0)4yy3
zAE<@0v;%=*MWRptz)J!MM*55I2B1Iw;yZyu_&@%WuLB6s;6MBd0RQPP!v5-nEISt9
zMqiC+zk>bofBmare*zl6fb*}8&J%(ChwWB<E$|N}`kRj={2So@6?fBonmZSSH6VMD
zf+!?Th#-uy#Ksk;tTz5zh-ynV=R7|9%N@H?A2<vGm>Nb%&IW^aaWVsh-98acSp^px
zxE}tO-;@R`wT-oOT-NR(1KpL|!&7MS)9<|&!6N^@_aOvEgD>WJn|~oP|BD?Kj<ZG1
zzhA~J+$jiG!NKhTQxNWku>(^Bf_H&$LI~&`mTKWJq8(Zgi?ae8&PAZ-FT89ZSkyen
ze>c|iSJ8~nZSrs@{BLke1PX2eObm}sA+11VN(fkl+oIi|`4Hv;5CM7^oGCy(;wVKu
zTMz}YMz}cOKm^eRA{c%goWBT5<Xi>snwK(v4tQ}cqYvjVL8*BHE{iu@-T)M9$hi!?
z;UtbQ<Xnc?aN^?%IhP#2-;J`sI?3QchkwDR|86wM0Q_#zJNSoCAYu;_LV_d-Cr>4X
zM8v?8ry_f$#Uugt#$b>(06(mOL4WhLs{g;J691__{w)4)udvAS_&+gGu{Hny-*K(^
z|7-sLn*YD%|F8M~YySWL!LYx7D-uA!CkW2}a<pO%0r<a<06<H(g8#1vh^NJvNP@Er
zC>zL6#sc3$&OYdj0&XMd{R8v0vBhVV6NGD_koZ5T7F}rYDI7irJ;KtK`0>962te(^
z@d1d|7_{S05q|jC21_U0@?YR!R;T$d1fUQ$q7X$FEaWz?7%d2<PI5zIei=;&C4l?&
z)8JuM=r@#$qXkIi#ow&ZpyK`2lb{U*ra6OtUL5dZsN?@*?@HjBI<|gX+QL<9T&jSg
z7g~Mt3<<l%1q~rc5E7b%BG@V+xrAVn8*>v8xB9tPQ7cu%t;JfkR;){XMNz3%#kxOh
zRot~wsSEB1O4V;>?#)erAogotzu#+ff4^Fi+?hFZ&Y3gk{O8OJgLF74|H2$b$TuhG
z2t+d|TH<6nLO^I{GeT@U#R+n|k@{eop-Bft@3czjyCSloa8x*85CL3YVCA!MG=Bkw
zgU5`czJmzalEI!X-Y79pkWPq6gz|;zr?LVvj23hjE@^zhZd^v_PU=dq>BDcSk5&>V
zwJB)rp#dnE0EELcxS|+X$qp#7i9o(h=A1R$NleoXHL<C7f<l|Dp4M6?4MfrEj52*~
z)<SD0;8s?oTd<>SlN9`w#tlKo==42c8sJH(Xje6?rEwaVvB9^HFROWs&Y`0pfk6Y&
z2h?>9?%-fI-P}tLoj;^C%9=*cdd?f9f34RdGPHagS#W5$nSjZLe8OWdN76a0uuvnQ
zDN3ybfgBLmZ{9clUxT#%CZHABt;S(i`?SPNJusru4}yx!SCa-`ILk28m6KoWhJGB)
zWt(Wh+r#LNy<e{>gxB)m+Y=fj>9It^jKn_z*!{bsu6A4xVXomW%=K^kyb%9o1F_%N
zMicli{8S(R4eH~%|MgFKT==gG|8?QNF8tSp|GMzs|8M-4L0oCfw~4LXt`smA0PF++
zhPvYv|0VEr$DitBz$opjPR1AfR)q?|<S-1pNMB|t5y)`B3=5dE(K{Lv2ZjsJB-4Hy
z@C$411^<C_DGwh8gMM2^7!QBx{4iS$jbJJWx?%to!~j4s=r)5$AjC{&q#<kwQ{wa$
zj_mGJ8pdD?>nNNA{395o5b+XD)heR~^q7Ra)ENxGl7qhJvmNmcT;f0j;JuNwKsub(
z#^l~1CxF4!9X9w;xDi79phXBnp&Of;1auvE>y%HRUpfS9k;pFrF)xc30cup11}g>#
z{K=;GP}AU(4IV<TXXyYd(+G4&0bK(0iKfYk+XhA(@<M4ND+uKW)VU{AuS?UBR5oS1
zwU?y$uvMlbtN~#a4B=4*6OabWaT<DT*kjP2bSn}%n21&AK0BR08)DZ6Fsw4bpHLZK
z4HVxdL5N4wsFun|W1dV|(nzqc!@KA}W!ZR!9Vw$2t+Jt9$^JbI{yj9lc8HGVAQCN0
zwjJJM%2^15sRzXeEj5iB|GgkR$g;)}J!EfuA$rDekB8f3&{#GlZ8H9|sgy1_j)hqe
z8rR2##<`w9?Rg>oXOFplR~t>>e?cK(p$+ms`?$`3{8Jtm{^!E~ejonF1nQ1(8XLR+
z1&~0dFEsead~hLvE(Fkp0R9CtKwUuKUjPWKbAhzo3d6eXme__2I?RbcKBILS0$s!U
zvU3q1lUOL`VtYJGMd4{Gi1?7k1_xo<LTZ&s1tL)T6iiYZk_nv;M^D=~0(}js<zo)i
zsjVOYG+Ol8@SIDS5J&OYJXHplfj}R;fQ4<^aippoM=H9Ug@<Fzxa6S_lt<@<@R%zE
z5D)`1Za_3?vRWwn#iEX6=_owiOc0<<x+P0xCQvB^mZB6nh~P9La=l&TIHsb()lhx_
z+KQ_~XFs#4U@z(H3_)Mv4kL<>F+@A6gl&R_FW4qon>t`3n$76CQi!GjO5k0kL5M6U
zV0d+jo-{G2B~5f7o@NC^Bf9AuTy?etPmJl7Q(3*#S*dh|0%$hjAO4^@KC%{0x@PwS
z;2U;dfbE{6LeZ#~tqAN8Oy~l0a6{c~%8Vh15S`|VN5dD9P)!h%bxLI&PXkd}$J=l+
zHXVzwcpU*zS_>dNE!)Ocjr}&|zD&y+8)mMtIB`~S5ordR&u$$D+FNH0fpYL>K?O`r
z8VBQ6*G@aLq7EQ0%_AT}#GziS1_j_Iy_IsT=QrqvqiW!CLQeo2gonZw{OV0ntXT$~
z0ext|7lnP~*G;AWqu8LP`0%oMHDMu*d_rRtOw{NIEeVw>ouDWLzB|1F3J-!;HP@eO
zn(oj$aSqEte@GV^JI&a3nDNU|3jWpC9~Z0#4U4m0G(8$LdK&=DzSW?!$WXDp#D@ij
z2!vLx0K$py*X?t(4yK~3fY|~w8fi76AtX|n^(2LZB3246iDeLGxL!nOsQ2=tr#Axp
zjj91cB!Q_^!x;$;Je1B(ZwY{Ng;Q}r3IiP|3=R~;tIW<Qq$_}*oK_Ox*v%k;lpGB!
z33>TSSjnP0uYDt!yTGB?*op&!1hH0q;}tuTAsf%Yy4aY;nf-;`7{g2{(0!ooSd_}B
z)04Oo9eoJLp)y0K(vo-rbZ;>D1#(T$A<U?N<L|7stz$bI?dppg@1>%*#e`(~Icv88
zp+cjEJ>Vbe5`wGwPRu_Wydf6Z0yy>-cC`8gG!L#sm<`C+1I7{AG>2$Jr?-%3vBF;}
z^H(GY<NcK}Lg^62ASZr-+8!hVRpn#ATEcz+M-McUMd*PQC4B7OO)_akQ;bSak+>PH
zjgnw`G2@JXVe<gYl+D=zf5C+}Fa_0hL0&wO!cI6i)PVsZz7g;{gwKFMUdMs?yRVVh
z9b~jf5*XlGCHX_17vlep4*TzDqsj9h!W!KF4IUT%|7Scd{NIKDyYhcs`M)mo--Z6W
z(0>>D|DQtt>$GD-;cN(S-CXbAnF7q#>MZE44_EhvsI6mmCj@oVK)8pi)G7^O(5YdJ
zhpA!2XjbcBW~kK+b1OmYXTeozK$ER7*A+LyltBt@REDq#j4Z)dW-=ShyugTJpxVLG
zM1Ppghy#jEz&}X`vlf`&kaGmOMe!Z3Vnml*F<Fxoh<mXHlRZqGrAVt;P1sx*N}wUq
zbw(Z9i%n~<47`LX&|4__wRIb!*>LAH;uIYR*Tb#ZSQ~R}RBN=-h!;~*pf%YB%HRYv
z0PA!DaN9^)FdZEmo2+S|9L}5(0Ym485i`2610_^L9+_d3h**m0QCOz|zL-u=6PyNu
z@GJ+!18pHU>C8HI*?^&vKJ^obD;os%uq4s|#@nz{i=ixJW42AgP{52-5l29{h-UyL
zgc-^tkjhAiC7`TN(x}h2Wn)5Mfo)Kij@s1JZwjv55JvPH1?tsnaIJ1Mfmtb>o)96v
zqBE-XRyH3R7+o`IGQ-4bJ7*wsK^K8k4Fp2#Ag4j4@H#9sHNi|?$V;FcR!ErbNCyXw
zIr@aUG_%T_4XJ+-B89yG2;$X&qZ+_M7z+y_zOfb2AP=oAplx_D4YL}-h){#Enrj1;
z%z_Ad!G`5VPso^l5ElsXhu}ax)pAgk1j204QMUCR$T`pttr=bdq~X!(0aOTj@$ke0
zC~c?~V4fq57?}qBb(HmvBta`1JP^il1x!VODMyDEC+aXCLn|eCFDO%A1yjP;4>h78
zfQB<;#rBg;^DqZP!E?|Jn_}v91|7pjSR65gVsxB`=;UDrQlm@H=HbAS!ET}9NM-PF
zjSg0w1_Z=|8}%8M^I$&&K!GSi53lwyAuE<%hdLfTib=>D&_2T=)NWP=kY1gh=qN1R
zYBqu<=?rTyDkzf29u2@8o{>)K!LUZ_Q>0OYY#F<fLu;%m4fxg#2LWwQ;KHF@xVG_;
zp+foi7|l1hO97&LwqC(e0;r(i<%7t=lV;Q`Uaz+f11Cm|D`e5iB%xf4OB8s5T=uRc
zN*smz3Kih9FAq<WC}U)aN*uf)7fO}MxGWkMN|W&+5@{3<6Aw+0ixmo7CdVc532_o}
z6c3k3MRAEy66s((5|oq5lz5yZUZMn*DrGoqkf}-{2IZo$c(Gg*13n5PC2<mEG7pcI
zD5bE@Xi%vTPY}wL5>aBDP!2+Rd4fzK2F*udQkhgDjh2H}#PMRO5=;Y9&=f9y7kt1K
zF~Ybw)RZt0P%lUHiDU`Ma>?KrB_1P-ixSHfSfm(GCX9>|(@lX+iQ<Hkcpe@lj28|T
zqf#<ZiyXbiP?r=VMqh#Ugi=f>Qc7e}$P<xFs+5C|z;MXqO15Z{L?PzkLb*f%84@j*
zf$AYUK?%q+DF(_(#dIx@)p#9=fLGw>M1|N+OO#j`2kKHl3cweb?Pa@AT?y)qg0GG^
zpzD<0ztr<${I>x#^nYsO#rSVfpODbt`uG2Yg@n5B-#_E|FhM%F4dw+0RU1i6lpOqj
z68z7tIrum3y+_M99R8P*D4}x9*~$r7V-m$@Yx)IOd}E2k-;l>lo8&X7m#?>QkT6RB
z=@-3c_U=?zd;QsY?d;n{#a|Uq8ah;&^Glj=mQtANvts&^mXVQe*WGn}s`7$^za7}K
zddyb;K0ZFTsw->DuWUQtPkZ!m?a>_%9toFGHEkbuyL_?RuIJX8w#~+RJ`+tEKK(hj
zV9}L<Eq@`lu65rP{(OYs^9xZexm&NDp8RCZ^M!cTBhK0Xq2_Yi$L#lLmGkD*0BAs$
zzw=v)YD?p<F7-6d@-9g2&Iu@uUb$)2s#PT=&-Qo!U;%OFt5x@R&lmcQn<<a=BXR;u
z7YMdz?K<e;adkmZ?7nqdEB_(eeq)+<L80+zxVp8^TM=(gJ)HiabWWEC_wVo6v19y%
z2}5FI<qE}~J$n`oUO>#<^zo`UCyL$LMRxr_{_(a$=fsxgoXv;1%_9RiNf!@=uUXK-
z6v^ety{f&M?RE1|Hzy8G+Per_z4tqzo8j!1wFL#K2XcEfYu4=flhfbcfAC=TtXbdf
z+2dXD?S$G#_wSoy*X~O@o)I#y|NWV}Q&V$PIbFJR2@Vc^`s=Sx9$xRzv155f#hMe>
zf9y9Xd-;-p<&gt?W^$);gBF+1nzi~`daKCqFOBHj{->44xg74f$=uH;ZtU!aul`5E
zh8&UVq19@wIQD6Eb+s%u)_3ZbZ@#%!Ue0@OYe4`0%j9GCduJ_Ju%NuW{QTIP>u<RC
ziaL3->e;hr9_pRLHw?d@{`KSUrnO4{`iwrTPiW|zZUe^dp8QH?PH%OG-g`QDl?^`_
zUXeR>=~DlJznY%a-l1fl6n;^t|0czc^NVH4UDKsNweRiig6wODhpx{{ILK|DbD`?e
zl$Hr$<0KOI(xF%0;!FxWdhp=cV(Yp^i;~3ReLt>MR2*J>;>RENh68ewK8YVP<lNR#
z>LEjB7ZnwG-^>rz&b`{@l@S<*rId^huQ;y{OG-)_lKXk-{iDnKZ5Y0DNnTzjPtUcd
zZ=USEQgo{Yr!?cplEO>RCw`Ef9m;9`5yy?w{Bru&t2W-vRH+^(jqsMm%p6l&smr>s
zFvd@P*t?CfWvjlX%YzaVPtF#U^y>8N%AOgaUPm^m_jmG7>DZwIb*pUCoGyJX0!{%r
zauP<27?`??6L{+GUDLXgDN1FC=6h~v+jlx`c%n}bXzmHuoM_Ya?SycTeX^%ds<vCM
z|L~;hX1mCH_wGHYIM&Cb_2|O(%JHJ{1q<3u9yxMY_pupQzj|NW?uYh2wb^CR_UGW7
zsoc_`d&0|qPCUH4_RQ6Jmx{+$@#ahqD1HBU!E5dXJM^atljGy#v634%Zalhup<mYR
z^ZEH6r9)Fv&hDP_TJ@bvA5>q+s=j&p&aE?F@0s34vA6Z?edg;wtnv{}FRSv4DD&Po
zdKt#KHMjfG?99v?GuyqHl9FPks8+37E$kN6Vta=}(R!&HUqCL2c>3V{`Sz0gD;B&H
z+w9h+1K~489%}#6v;P|T-1>9u(>(vSUah^(adypZIiSb%f3}(;_ww-Y@bW4q4&@aW
z_vPdVs3z}D<=*eHN;#hTX|MablYPN}C@d_bDvr9BjH<bNrJ$f7H@E#J>n&5|EE0bs
zHD}+HOuw0d*D5Oqn9IMfy}ezw=7gW@jn17%Y%{;2)@Suk%}E)yKI_uXh(1Ni-0{R>
z^HJ|j8@e@D$K`E{zWS|J_UO%d`i@(!ENfAAXia(bx6daOtsH)4M?uQxOT!Fbu3zun
z*YbsQ&B%<5?~fhp-fwhazQJU=d++Lg|4xVU1J#=3i(7Pxi4&h)+&RwOCs=#5|Ja8a
znVDbi`mriw*sQ369L4%XeCq4n`qxyQ9&!5Asp&Ijj2ky@_NOhY$K2bu91MlnmG>4B
z$)=^RUwW036DavXs~zFq`k{AlI%ic^b*=Tpk(L`38Sy<&0Hqa)L~ULbjTuvOYW=X4
zD_7P&s_f$7QS;!~z!@`U0MW_v2ubeS72~RJgVJ$kvpF^vQ}cX$t{m-mXUkCD{<+>=
z28`XZJ9VqH`J~u)5=i`KQDkJKUVm$Guy*vVvg4;t<>lx1%0G5|<*FfzjL|WJ{i-=t
zqurWu%)gE~AZmM|J-489$E0JQ)h2(mxsd<f){ho1UOa#Prje)loS7ef=oy%{_u7%A
zo@yT-ABjX#TYcxXbDcaR#@AflJ;lG%>@#{kkJq)|=v#nifW}9++%fFNi8V4={*;bE
zy|gt2!YQAOyS;5%tIlV`0y(>8y)h%aC^g61GiC;Pd07YFlc&N8ld0yMsl8TBzpWLf
z^}K%lx~HdSL`1}^Q+#^&UMKrBqFuXoEnaP1Rz!9$eY<bpvzLHI-@XtS7zj)zk#pTr
zyh1d?tM#j~*MZTlt~{4CbZE^9*}%ZkZeuPt69@#qNJh@{KG(W!+j;ZmRdjXRy>Mat
zp+$EB7Pky64w&?4aAxM&Jid1iNtx02LeE$H%&j7SxqD^Lv}w}>J0Iq5*dXBOFO^KV
zS~_RNiWT$c&ks&NT((IK3S}ylN+1Y=06}wM@oUSa)eld|Dz07gno}zIxTjbwUVBWo
zCS+sf&9B-HH(cSa3E{Xse)|3VAEr-_&S^7uc2RKt@$&NbjvQFqEsQrcQ1wN|3}dQr
zbV>y0y<&@>kI(MYr<3xC(z3$juXA&AOP<{5{qcd2iNDsAOsJg*hBN2x<tc5U0W$fI
zytZs)$P!?@-8=N$yLWHd8B@ori+I877S0-&yn1t7;`7SSbcb(G<sSPaT;aYepyaC~
zgWZ~MEH78~d;MCmTS4xE#hXo>U8heMm6UW-`u@AJ=+f|E!+PJ1ATREysTsrJZeAUf
zUFD?>;|@F+^f6JI&pp{p&65mW=_7sqmb*HqUHik_!gs&?cZ>ePv%j3vsYj1FlNXL?
z`x!TqQ@CZz@ll-jwZhCzOStmk!%Gb3z8QCCXCE9-E!(I98us|{<58nVZRV+So<4p0
z+Us5OmoJ|HtN^gH(PHs7uP<gD!(%;52f4kQxB9?ai}J$q7KV1}+-1XX!}|3GgW+E(
zypEhLDQN*2lP9-+`Xsxp$K~$bZg**SMH`U8&D3uHE@FL|V8E8$i{s2Q4E<aFFMDqS
z5B2{2kB_CYlt?5hLxha6?-3%&nl;KY7>pRq43fkxl~7uwL<*Hqgea{@S`-yZA(f<v
zB3f+yU+?#OW(-m8z1{o!fA7cp@%h}$`~6zZYdf!V&g;CMryx;d%hOq&D3KEvFMb6Z
zOh`z`2EaJ;-S2?;X=!PB?dz);&tqXl&eyk~{9l%BkBErax7e`j`PFr7eS0c!hQ_jb
z0wR<?@5+6PPtKn&ek<-!Yul5AL#k`Mnf5wXim~a4>I(_B3(cFS=577;VgO4;>@GI0
z&!rcea!S;{lv}f-o<Bd*B^q()(1Dzs7*yF{5@>%*-10qw%HD78fzC+GwmrM4Ju{>0
z`uE|&4Nr#qa>K#4=N1blm{#wD6)Seke0nuB81&cr^~q`d4XKM-f{gtF@&Y;@UolO>
zF3@s#R$I%e!xZ&(#j0(2kNIB3lhe+h&pF@Qel4sRRetN1s*KF$uEz3WGOy@jmhyKm
zDqLf^UnMi?SX)Qjf7Kj_Ef<(kvStm_3v^}R(aXDZRaI55_dQ+*b|_)(&1!9p?h0YU
z-`eWx>aGLI00%e*C_Z}BS59DM+@giT!p>G!1*F!yfV=G2zMcJ*)PRoHE`i0_2fG^W
z&w1Rxb8O2}xx^z(auL(rL}Trjw%FZ5?_rANaZ8rxaGB<!ar8@V=C%aPeEAKw$+pG<
zEqa&$_tp9L#MnPPca(Fh$Pnnbgqg<fV>IXPoe&Le?NugMgxJs;mniQnH*M;NwrKZ7
zM*A`Rm3I$H199ot##ijPtwbX6b9Xnv%j+vxmtb;j{BZTlu&bVal;w0(<clJe4V(HC
zzdY9@z0{LJq298IpvrF5&O%?Yj<-Z9qRMY>mvz>Dv(J#&{rT}yH&h*wdu7y)=`}A(
zrI#)}!Y%5!g0CV<p6u|fB;D{BrT12#15bgX3aSJ!qO|n%ZCkgN|8eG_7e%9~80>8+
zTGD3@OWU4N^M6tDFx_zH%=rp_&zDW>D+`h|I!wMsY<f4)HK3w3w93>}x?&Tqwlz60
zeOOw9RVUJm`%&#<!3%!NzqB4|3)_5NN-A}KB;LMWH~c9_JV{p8bj_NfJh$zUZ_8Vb
zhRIYMCfE3FQ4HyQ%VtQnXbXyPRkhowTJaU?AQ_pkm)qy{Zqhm#&rJg23y?Gq+_83Y
z8ZP6Mt$p(3P(s3v9XqB^n<i!Ef`5p2pS%1^W7U~6#%x9c9jwRRshqidlT$BBp0h1s
z9dXyUfo4y$WPy{htJk3AR!*B1cw=X-H<AByn_1#EwTi>?9mjS5$S~9D?8pvmWIFnQ
zCB86Dp15H{Wo4x_7V8l!1GX3Lp03LuoQg@?xm}e6zr26SJ7*55TI&m-#Q72>6L5Sm
z-PfF(-AS}*e7t1&Q19pNmgQA<FPTKC>N%`_H>*?|g|1LLIag#C_c2A!XbDq?0?NBM
z85w@PXBW0|^SCG8teAdnxPNYh?e0@n-n<u59fm8NJ^K5L6fflnmvJ<xhYt_#m?b3O
zmX85DcJ)zBpq;z~-E_OMl5^%vCBfZbnZ;@MpT<=BT_5_)GJBbv*8{YD!oh9U35hFL
z>{%q^c;2h!X3WXRjRDyAAFlG%FAid{cs7TZw}{v@*xfRNBgACp+V|T+KQw)83YJh3
zT%LV!)4ADddaL%It9$mfr}6?QwKKjbyT(x>LM?EExA*h#??ZPENW=**zm}ILzj(15
z*m8m!18&_*RE&v<sl0nP^5HC0k<U|0YwO<k1=U;cp1mt@NbHJtU0!SD1<Si^57*q)
zD9#OyoQ{g(Hp!eX(p#lj;JgusIcdVShS`9h^J-hltcIea`^B7Zerolp?{s9cSiSDp
zChtcxgzp7yA2Q?CdAL#4_nEbgO(9rRHv@qPSqzvE*5SOQvN9j4Dp{Qjm{d_w(WOh5
z#Elc8ZrBHSvy|k954A`fTOd|mqTU4-j7922ch>M*0*lL~e8YMl25flTXt3(?a?6=1
z<l(#0q0hsDm!k|<N$lZJuAVysb26TMU}buE$63vk@GY?=*QA>+^O~40^HCDqeqj}N
zgrx@M?E|nAEYjY*matN4cU08IH;JBe-^b{lFT6v3bLRW&1K~#dXP;C(-06?v?p}sM
zm8fMTTcP&I?-vt2voKbEweJ4S+TWMCy}8$WY6+*vTKntCH=2io22xj;n;qt^RzKM4
zvD!4bGEKVbY<$rjl46C|^DDJA8OOE^f0N&OusCls<;b*!+M734CddFmz!D6|_JhXh
z58pRj_yBef*()EnI+WO%ZRW9bQ9APG-nX6ysWJOsFRoPG-^rGO#_aGwaUJjbtg<o0
zD8A>^l7c#K=Dkcx0vl4pa3V%!`Hjg5DqaJh4Z;Ql%jcGFn#Xqk?$YlscXB2siW?a8
zt#)|~mJqMR%KOKT%@uC8^EzZ^a|Ju6q$uH?p>UWrV6_{&UBzqLu6}tAX2<1ERhoR;
zB<p7;yOx`pCL}68!F%wp+J6C4BUJp+_l8%USFhEn^7~1Lz{a$8<Hci#4(+gf{J`aI
zbuMU1PjGW9|J?Y+Vj?H-vCI)-Jod!-%1bwW=`v(t?sXMK9p|^<(X*BI-Ee@1Sypy;
zr|~(5?WQMNBwMO@bb9L^KQ6-E*zx}Tdmwk5J9qB=dmp{q`S?ox<O7>JV`ke*CuwPh
zRi~^s>M4F%e+#A1)>F29@$ko;M!R<D?h#n?@$1l+w(x-lt?k?SA~)_*w0+=G7Wvij
z@}h_DqPTaKco64^t&vRKY{XU}p!P-bO%*#+?WLS&CVo2`!2{F=z_D)MzMW~65&c5B
z6<>62ff<|A`L_eTz3Hlp1_azHFicE4s<qe2`8lQevr8`1CrDhAV2$~Bz%%9P@Vkt}
zNCC-dLbHy1xa{|O`S)TAnR`)e!UoP({VUjPY;0QJyfHg0_Xqc*mt6j?vjTgoGaqJs
zMNOZ*XaO&8dYyM&>aq6l?eZPFRk?aOKJ%2t+TSP}4C>nK^Y+28tu!C$YQBrjr)iPr
zEG#G*`9YnHr%y*T4-scnOs~*M$Q1kLQ}4eFoAcq=u#%0*UF;+4cP1}@HsTAW8V-kJ
zXJ=p7g_0;jcgH^Tx>r@j#l>aIe7J6pMr<CYGW`2MGrI^7hR-SbF0F4a>U_0dTuA<L
z!%T10uG(oX+S*4z{}~&x=Q(8hANZpn3fp?UOhBU2r|0$CHy-MWipRKdf=sc2Gq~0-
zP{C}zy?0n|cW~$NH(~v~nc3NzV37kEzLrAbs3*)rSy)=`Pe~aDD#ik>P1YL=OO|Yk
zo}OWTOhs^aS>vgD_lvkMioJ}Eesj`Tl?h#?xk0bksYHNj?ep;P&rv)$eoj7-mM)%D
z)>59W^WFTeYq<@6Ra@Pluf)-YLTmNazIo-EE{0S6Jf}PQT}_6at*r+huWOh{#GXwp
zEiILjk}51LT>gEKY-`IeA|@uL-+6PWJv$c&YJhQ{s(&)~SybX+yPZ(nA{nuA|81>d
zvGQ)Gq^#zE+WAl3lb>^9g<w>=v{YvEv%(Cuc>(^(+?kn~dFLK{En&G48T`!VLNZxc
z_*j2`|FdV$UcYuP?6|X-S@KN9ty|C*2b3In!QDU!)7&zshU)#$?3`Vfq8-)`7XEDQ
zug9Ho?RGn@8d|^q;}hp&12xCCh?d7Z5<1htvH77*c2{&vhqT4JkX8H2^rTw%?PKz+
zwspK{v2xXA-(>F2?VKkcKGeOjbLX17M;A(5FSjYLsNkBfP`*c1EhIfuYSp`(q9WS|
zIvF)hTLwCB#R<nnM_&SZ@4`dN^-iaj#vkb~ZLREMBV2M{@j=67W~@Cg@3!g`$5Rg}
zm`Js0sVj`;48Ppj`0Z1T{A0xm-<-|rqGjJ}Gx55*PO$+mDdcD^!$%sz=W1+Rl4jbv
zr<9bGOylGq{1W~>7%2Wg^8`E560_vfM9gzZu7=>}>XdIJK9Ofav0)7xU*9>9t}K|g
z_Tc3QaonnYR|8#iB81(n&-hfSi#&VuC>y-t_6gV#bTKG?s7|EBZ2EgA9;+Gc5x%Om
zwY5N1nz>M;w(29gH$E+GM|`}^%Jh?VmU8U6@kKfI<mOj5Ger}#H?Ue1nK?X@xD_|g
zv4i)`^XIPt>058A6PY#NXVyJ36Kbhl!x`<sJ$LSjWEuanA6Zb+whL4Qli2p<NW>nm
zM5pbW!PRRQcYOo;6fe)q86~xxN4Ot7derkgH1P$d-nLI|1sfk9pKtv+-4nWM)8hCu
z9fT_cV&oK+Gk7bV_xs!1x3nEQ#{8f!;i&xyv$uVsvhOu6Go$1Ll%C{>y)>x{`_`J6
zmNwm}tmqzR8`|j6E?$Y%#>S=Fm$mOfMVk<U<1=f_-Y0y&6qwQ8A;h+CljxB~UT&sk
z{4q1H*Z1dgnk;#W6EBQ8aV#uhT8`=;Ymf85&(o(*bNW9lNDAUj#u(MRraEs4nXYqV
zZEna#eYtH>Wsx1md*`(Q+7_dVG`;4#p`P`1R2LQ6Z%=vIYw)V_>({S9Lf;nix@Ql&
zi%OD^P*ZhAlXUN=>g{dScA_Ub&$h~*V?jxn+pagC7p=2qU4w&##SESI9_8vTXNoDA
zfX_3ZyR#+7<>QM|+w8*B)Y5mkSoY)oDapynvzHG($nn^=!VMMScm4kK<D!)X5^EZn
zx=<&E24od08qb(k_y4ijaJBb_-2%pY!q}dEZ15wm?>qjnEh;LiwenERpr_&6jWgC4
zlWqc4_C!Fj_hO@qnRl*)emVKPbvdd;z;G40YyG!BSnNv9#=qk5>6wNq>F@LO73B`z
z%o7n*ol@4{uM#l#GP7P(smt4Ffu#<I4jwdExpJ#1pZ|iK!>_wr@F!0OvJp02J|A~j
zjL$Vqz@+W!7L)xS6BQ3OhaF;hu}n3NT(UMR%Ug|fVy=(bG*vC>`hpFQnV60wB>{;_
zU+wyaKo*qChv#~zZyJh5msq&n7Kq$<eD-Pc<^wX!Tt}ZxPd3%hD@CEM^tThU>s~KW
zHMiLG;khx9n~lpTG3Wsk=YG7py1IR>bU<B<&L$6!T`jmeW3*_{34CSIo3<z3O6A@s
zy*m;<dHU2}a7Yw;soK2koSWgEP%CWPf`|p$>(kJs20|{et*x!Q&WM<^qx~0hbANoW
zV)m}3Tv#WRKsu0DlaswsUtTSrfifz4HM^xF`eHC=Sr(?QR_T7?0jKpobCoQT&vS{I
z4us<q*W4|1$lui0{r$`LAe@i?F#!zMU}NKv_ICc*eMy;%BUOCr_a-HAawRXg+<CPn
zKjhVuva(Crc1cW)to|25Gu?~r2jxBTZeIG#HcP-wpabi4W|3;wffYNWx0|m#zV>Yn
zbEHs{_sOzdk@B1R>a;2oe9PBLCz})7xY%Cq*paYxtAl^oBeo=cFE6jaK;_e}e5|Xm
zmx8(u1#7UO)WWY#FIgS++Cg+BN=fcP+smD|<SVXTIROe+RNx5hc|gq2wNDIqbVAu&
zOS!A?36Yb%JFljl$Gf?lE%jLVwZWds%jPK<>t#I)qsan`SD$UGeiAFB`d~<(nT6$O
z7IPK*aY13yhq~9DA(?@wd!~zK1Lcf=&Z|$u1Bz#DvmWlf@LVH)-#)`AGlAWqd#1Ay
z)Y_!&y1oy7I`HYutQ1w*fUh6-zHkvfx<{@eDM{v#tm<Hgv)#2}je+_+JrugU;gi3O
ze5>)H_L4p>?&i>t5Wcx{)m$GnaiJnuW^e%pzEWSmUi@*rvh-5#k7DIfpFYoZ-o1lj
z_uP1=<g4U>J#5`XZ-tBuVI%Y9Sr0e%b+q})t%~j5F`XP1rWi3l!sX1)&&=4A_!f)3
zG11Y2CEH8w?Mt`Kn9XmPX^2^cI!UQc(Q<Nf0=yz;ue6h${nPg^H;J$sTZSHfGfM;&
z^~ajkOmZSlqU4KLt~@WQ;6d#Z6AlodsBF}UjIy>>*(P*sUPbb!+qYMVtJ^i@voOEy
z+r$&yp>Uo@1a&%BRekLlqKZWthXEnmc}bP}>3SEtEZy2CNhs81Zm-%>>!8+)C07@r
zv;4dZ9aMcI2OAoF-gTnF&G+F~tiF8Hl(lfz@@Z}<!4hjNjAIPMcsD*C7WBWsg5ftd
zHjZ(dWv1y8yY8%3@ZMpCjisd}Z<K-$3J3TqzPU6jHJ)r{pncA=cQ?1FLa~;U<!x_#
zY=GTH%Z?lEeykT8n5J)g`EsW)7dtzXe_MmqJzcHL>133cUJt%F@sX|g$ufJzr;pFv
zf4n1GknNNScu6jB%AGZ9R#X(*O!jV7f%D1hpqI}w+jY8T={DL*edx%&4g{B=D3ZjE
zXhH2g`UNbp`{oSRu2ACcM(5=X35O{eB-n?AHQYUTYr$?-Hj%2cH+C2_20Q0t3VM1f
z;+AWtdf#Bue;%~K%j-e-klo#d!Q~Y<`})2-!Nuz5=;-P;<v1SF9>8Sh=X1HuUUB#0
zoG)*qQEaIR2?<siW~Rrq7v^ZOXjqh&7r(USX<-vNo6viDHp)#ubHTiMUmKduP!V8b
ztjmtm6!bJGz}?vD9NMXZQX`-0X^D%=mW$$Mt}rn^v?sjn=zMK$hs#FazP&3e+bm%g
z+kfAW7&h2#+8iD}-R)|qAlr>XTVsv6?P_gc&aCFCajtlu<=hZ|u1S?^sA%@kbT!=E
z*qFKOs#bi$IX2z;t!6c!s?EQ?P1o$(WVF_3-MX^|2D83>E9B!deT6Pud-~Y1t|Y&%
z%bi8Kv58tQ3>vG=cUl|yo0Yoe`B&BD9c2bBYTTTDM5evr392OY(v~avl{e>iaBO+n
zG{-jl&S7PR{O`iw)wYw(*t~s|t`GNL+bu-i;O!vQs<Cj_o~}>t3(^l^=Hv1#&L&*x
zx$6rieRPK7bxzb;m*dZ8MYEnif8Hf_p}}1)k9=a22G5*!hwAAlw%K1Uvs;=rF;%dY
zY#Qjy)7HLJq%vQG@_nc|XZ<%T1A}c(F_j9w1o^f%30mFdb|0>X>t~Cj<XrU+=jO)A
zV5(+){OG@Y8lTxiHdJ?axA7rto!5Km#}t=Y%7VLrfbgOWla+j_=m_@e?l*hT;^K2r
zSFR`lf%$o{qTzmKpM%GEP)qb@9RJ?7+&rdY%N7k`VVMZcAPFDcG_Kv1%T`6IwN2k9
zqNY~gZFgu>#M_+k@56c|QZBp1lF!r7s#$k+>>~1lJj0A*rlGhNE@kH4q%%;#=dlLW
z_-twDwIl<P<K^XOJ4sS(=lKmUENAk~W@TlKI?VrM2Nx@fon5ym`AZUIo_`gSQuCJ3
z_69$56iQD}kAhl|`gy-@vSJlJ;?3#PtU^W_DV%OIbvzeGTux{o6pfoJ|4>p%X|9`z
zRNz$>6iRe43-}*O!~M`zHc=j@+=pM^_HAJ!NcyIqw@FwhpvWZW>>TFf^O4uw#PMoB
z);v@nrL$OcFfDx`VnePNO0GgsNNAd1r&{srOTnzDJ9qB93Yw-W$bZr#<G_yDv!yU+
z%GZ+9-`{g&s?trsgRQf*Rde&kMwtt&5@M_dhBNf_zfPMmz&b62P^cfUBCtNmLetVx
zPydcY1}nE?-IFKbA4_K#Ct%n)ISV?jY&#MV$&KSAZHPvp4l7Bu4}381Q`ymkGGrqY
z`??=q9qg&SB`myXQCEfsTXdJbP2HTiuf>g0-s4$I!17?8C%QM^J3A{&@}#Ir<>H;O
z3+o*V-Bj5k)leqM0=xGPpVFEhc~BH{&#$e@a3@!%>={+I)FPD)_V!i;LJN?!=gB_q
zYIfF_(%eL0-{|rzEuP6s!hFw;prF^Q&9|ndr5!(xZe7G3$MyiX<>XoW(A~MIE4Eo#
zt;o+`opbqGQ{PsH@0KFWsISiogJ&;%*6hB&Z<EyG^shH&$9Z}r#3!gYob^D>cXNqd
zB4HSEJ6xb(=0ZV@%^M}pKQRh;Hj_oi$tmSyg_;JxCYSjIhqIp5DZT_kK#k?cq03#X
zS@$+=+;N$+@x&FTj}I*TF8dj@zQ}V+_pFL7SbN$@cBs>D=dHN!AG34!I9^-tR%jWi
z6uHr8|Lh2-xtluKSS8L?B_4>7C$&80_i-zUU;--73m@I!L4}x`J$+A{Id|q~OY%MJ
z9Q?LT{7&V&rbSK6?W&pwi<#6={Kk*CI8l^)huKgMyp2LaYJ`W+3F+(?^NSRV_}ueH
zz6sOC7pE8gv8v{Q>{>b2^|EZ!n!Y>_^>cL<ZR_0LuAz$xXfQM}xwoBj-ugW^ZIcw$
z)i<`+dZA(@n4;N4P-n^s#or1tS6z>AlAS*@s4MRCYV6R!fO*P-miW!3rP{Bo)~s=~
zI>6^<q`yIGme?-T+Wq_c%Vas?g*tC7BUoB{dmnb|-u1c5`eat!ytMk@R;EJS?Y$z?
zrcJZWuG?L=?&HwS7{jG3{>>6?wh<oo#5H<_>xTlc^$wSLtP|}0&zXCBvqczXi>EP1
zit*^l=~NoaHt~ZQm1WeRYjwb2GaGw%owt13`u*{@_KEStoK#o4_yKUZrXuag1Du+2
zHr<J`PRp3rv$`~#^e--5H^Xx89Lv0rPj6!8$wqgaNM58`hSm-yK6;S)vaQO-<xF7U
z+?XMG*YXJGA@57MxmAP*g}YC?$gNsFys^7%`%+Zq#d=9^BC5oBSb_ZPeDtX$>1>^^
zl1W^Z38p|F>0XT!R@Oj$d|Gf2<&yW{@Zl11<BH86OPwmt$BMkHX<6{-k!wxOhdps0
zr0**7Y?V)7x|iJHo1!do*rfu)&Yt?EQIT~S+XoBdxRfKJwdTwb*ROw1Gl+@jcC?eh
zClZvt7PnPkod##=X`n*)#ee$TCtB%qH~ui8W_t0Oka(YW*>>x&>m~PzeYkQZD>n9(
z(Sfx49_lhOgRk#o*q%|_f6zvx(&xc(?HHhuAC_lBJ<eUO>FZ$PbvpNz3U}UM=ohD@
zlBaj??%YuLh)=ppKucpV$&Zwkb)?Wi!OP-BWAUy6&s*;(mSJH@PO|U%R%IMW*|KSH
z;Da!MkSDNvNyB=zio=%Qo_gNm$k>`~vR34yPxG}V7dexZW%frOZkg4-><(|xv3FSx
zc=Q6n^p#;7KcA^*?Ns8{Yj{zLQ&+D%zPP4%A=9F;-kpIRd%Oy@`HdTH?_>GWIdCv8
z&emtzWmluf7hv1(t`J(@)++O*=TVBbqx$Br-lZP$D`OKqsu$%4c7*RD-A-$dUAtzr
z*`qrL_<+tdbfFo$VA;j%Pcd$>N`gI&WKG*M^|E)d=t%VoVoN?R4<RL%qSf!0+g<bV
z^$q)UU-iSqmOb4qw=RoDWYpEv<y~supuSM`4_o6cUoPL_<lp@6qnfvG;i6?5Z;~&_
zyWMMccD8>yGXkH8JEIx!>TbN$v7r{>PdjFD+UhGjcUsvv*tT4F^FZfS5s^RU&p#Q~
z|F$~i?4=;B_6xq1De`VjhQdvJyy=Y`<p#ABQ`1Ty>pTzp;$j>V(D}?Ne4t_G$)(Z$
z7oTlp^EY!256droLHf3MUBF94&nhpaBl{K`ZtZw6Z1yCUTp%=;;u70-&#1XbW+%77
zQk$&;m;8m9nMzjcu(){`?O$RRdsInEK|w($T|`;=Y=)VQPeV{%R@O>ud**Y|PnjgY
zy;>!8BJD{>hG~q@@+~g<k-~bX^Yh=;=k+vQ=4|iikW)c{8A@(j(i~`)R*F7&P&uss
z-JMTu(meaQ^<oQ6lM=qxn8!sg2=T8tP<*!J(>lMa2M-_ivRjib&1$jN$<lHwx1}iG
z(QE78w|;8N-6PnCGmi1O;ix(5k_(p4-KM~$O1;ekB_3sEqMIG*DeV`)_JJoZrf1i^
zC9E9Und173%Sb$W$w~2hH=)k%w(-BZXrX$~Yncm?l65+cXKVZW`};bc$gVwy785Jy
zy98KTUe1$TXJ<#pp}|kp(&p-c3u8$3AFd^Rdli#pee-V4Ezis?2`uQ73&iS+(q+^#
zS|s=HS>)$;+{B`su<KPo`0%G>JLjV=b{FsQ&59g)Ds{`Yq{edEs~hJDHCb6%`2_`z
z+flnd80@Q>=OmyS`q{#sKQHjfJNcDC$D~?C8}z=t=+<&xsQvu8&bNa=(%RSh_+8D6
z>;3Jl0WY^%C1)L!&Di8Oj~!LC%^?2a9MzU$TkPJn6<d1lT=|1#n`EEZ#g<dkM1mdk
zRtyZb2nS0mQXX|ZQ+%|7*zoSr&6*7J-0W=Lo3qzH-LBSFrq9R!CMo5bMY>4QqnPhO
zO5AFAf%M+q&>394^G-%NZtrA^R8m%!YF(qDv^01RD*01MNr`7l$jbGsZz`;+)#pj2
z@h;KNaSWXuVITkH>xDGkP|3w@Z_KreL)&Ww)`UF_+k5<}k5i#{-JJsxr3Efe&Ca1)
zZ<dypu8!Duq(i;vkQk=2_vKE%ZynAb($1SUzUuMQW8sPrV_);E=S@<<qVQ!lVxK9u
z`-3~5;R_uO95_&_n3!9Gxh-E)Q}yx07G_lW_PMfGmAc}>lMM(lVyWRXoND)k*%QBY
z`gvaa{ERh~TwEHfMgnRW7g%xCT3-ZaPFGdIDpO8o9VQJ%H+VWGN|xgyxJ6m-D1;96
z?fU*{dGH;QbVb^UPo~B!d$^adx)=A&4nI6pA!Ido_Y<v8OcA?<RJnvyFzV{|j>LK`
zium#MYd9aDU6)bwuIu{uEv;cWwR-!cMT}k_FwalfOj_J_nA^0vn3ywTK!CUEY;uiF
zc9&C;kM+*_83)rGtgYvAL(hwqpYpeLWM!)cy{~V%73Yb^vpe1(2;tvGx?~^J?k<m7
zsJW#sBQE8UiqRaigGuhvQTkiT)+XiV5<4Cn9+DBl7h0;;+ZAkixMb<lyUoqbH%{|2
zIf_JZljgetftdW}-qUlq6$C=2Wm&_lSz_$#&QdC3btTM}DSKO=$Efl$tL}_0k>~fx
zP#4F)*u{H2MNz`(_A=tR4_@=FLa$wNp6#zM?dH?-`VLTHpXcK_FE$0-U2C9T{q}7{
zZ0s%Pkk+8pXJZrDMa(wzGz!!%W{u>oz{EQw$R6AD`u6^d7q98PVM2YWH)K;*QL(kN
zlm6Z(cjWcFdlZ?>Ra#r$yzz*+IY&U?v<i3e@?1%L+FjR`E4vSv4<A127`b<m+pat_
z{4K}j?FKxn63JGsuS(*ykGKUNTDMbB7Ins<aCJrvPziWbJ`EAksEhU6R<C#7sbn!I
z<56(MyRKXHd42N(i}3W@{<GSL1_zx(eP5BQck?X5w)V?iD2?bWFf%u=uC5Lr{?<0o
z`>sanaq}!z|J5wFX6JnJ&MCfAkd^iAXfRj!V0YfBC5t2Y-Dc@MXu_T9^f0UXLtZ-K
zW<!JDo&9TauPB&xJI@h)bYHXN+SkCL{yuee_3CAxOuW2K*I06CnW2=Uc#@ZgYpbdT
z4-bBGQJfLvRnVGs*++Wm5$$2M4fl_n>FLQvp^o$I%RGAN=HokJJoR18sVIIF8#}wh
z6}7%Q5{5f=4ipzZeEjY(6H3Ir(Bb-EPh|t~vJB|Yuy6xe-s7iFzr8Vgxrv$Cmba-p
zm(4$r-&niWi;(BjkZ_&Y^loTC_Ck>g6Dnf5j-~&J*Tt9hE~s(xwKLy-HJ!MvG`KAC
zwBe%S)+$Y2{e%;Gp*NSm=lBr4H~pUR*&)iTfhHpqo?vZjo8xp<LrDoNR^iWJPQCUb
ziEZ0>;>s1mlbo$bH8~X&jaM5Bp~_`k%2r4X=e(<bqv=+(JoPQ%Mj3O(ZXr3c$NSj%
zc|1Iwx(}bEUE9Xo_<}q2{T)JZIy;(wTE)fGR9s(sU1nw`*qN-QTT}G)BrEw-o%Qzt
z$=%7x*Vgvi(*m2~Vmo7Fq3rB+M~+}@v-u)2uUuQ3zHjs9^FsrnhWcN{#rwdz+*lrU
z?!*c7Hr;gol4YK1D&g}NM_OB3#~(bndx5&;?(^96Yf0=bhAeB`^%^nLi-uAq?=3Q0
zw`+0!C$vJv?v)1~dZ`GSE;)c%YU8D}HuuorP~Vm<mm*MCn;!88f7!LpO0&@8pjpqS
zPs@jTYjn3wmvOpsal;(XI9?r7mcFbHJt;QLb>daHm+b*$&2$ZuRgJxA$tAagzS((Z
zxD`5l>1?>*c59E6)v0@liftMpdlqgKocCHpa)-U<rQzNhb0D*)_1Nxwv@h$zXYEpc
zrqdMZpdIOVp6pm?@%D8+Zl}Nn-gHh5j?W*Ozt_9P?GlQ4(QoEBz!dy}%U?ry^*hgF
zVF`y0sX`80yh|wdt{rPEx-V?#G2+q7$6P2Z{MO%p>Hgey(OwKwEw3hEHE-@Gu`n}3
zY^$%y@4;EltjcZH#)+}=1y6nC1ZsuS*10b-eCxsgn&PS#y~^0wc=hUM=LuFDHe~lm
z*I(gWbx`U_`U(<<x0QphZ|5n~B$FjI`S?nmo4w28(HcYTLg!eLQ%d$U7VS(poFwA7
zjV&@OI~(*sFkmDfKYp|?@VHq~@tL)v^SEbl#HQXLyKNkp1?r^NU?CQG+!s{yKYsMm
zgU$nXEso`9q&A%qsC#*1r>x_pUZ~}iG@*ipp_^x@9lf4^4{-OO&S!z&dRm8v2I2&j
zm&(YPX4GWPKeTnp+d1+JGEWyJ0@{w6Wz4K_SK!f865RcYe3eP_MFmgEtRO&>qN1WK
z7)HuFOU*+mR{5FTUn@;=Y}9JwvTwRZ?tSQW53q>4cR|9?&rdx&9|ijfNW8~0*RwA|
zp(_<c^dFuC1em2PON@`7%g_I&tu5pD>`UcG;|;C?Eg?2`rn7VN+qZ84@e*QUQI)#O
z^3uMr_I{oJf}?h65_+3sm`Th{5}>`nvzk<;EO@`Mn7or~VV2y<q9T>pyp`zz@p!y_
zPHwKBkB^U+m!ynL=aby#ivcZjlb48#--I7_+w{+9r`fq38jCjVo0h42UsR{CV%@rR
z($dnLoSeM8yxT=(*gifq6h3(HAbZ!#*49GzJ9A`ZW%B};E?uhq^#u!V*CX#ju=-X<
zC-n2RSI!Sz!&z+4c6_>Bm08~*P(fc`AAihE??TbYm3tOsp7DygX=!EE($Ue;+IsR@
zT@%)yiO4*Sn`p*dQmAB6e?f?4!FuDY&&5x<UMJOj6*>N-3iahhymGc~nAAQ8Yn$*)
z?QB1@_cu&0vkZUGkzN07K-l8O_Ze3$Lye9HYg(gFsAUv`wG=l5>IsE5@`a*zc;bn8
zI%J@snGM<yid%~SQlKT>@j(PPyp})FmxK$J;^>dz{{*?n8yT4C=jgd?{eS1A{|`Pt
zz5l^*?f>u8@eBMPRV5{bvG_kKic|PM|H?Ck|1*XEGll;@g#`4!f&@gJnl$X6Uj}rT
z0sxu<0Ga{-`o9GKKN@Uy^qPe#7`<-)191S*lR@$4prZKy&6ok$@c@Ql*dYi<gNO$`
zM)U+d=IP_-it|AS;Yb9WD?}6yO@aP^qm1I+Iq2~jkzE&w02%B>aPvZY`T4j*eLpIo
zB@$wihz}m=PdYOkDGQq4^r)CL?#PIDLm<-vBSL*fA%R)oM*<?F8=eq^XRMS%asv_U
zpb+>H9Do2ceFR1v{Gcb4;usb26KNiV2K-}8RfagFRDyJgKPh>HEHGqv2vW)u#*v}J
zp^OR!OWnxGcpne?uBJf`rApr`M%F50E;ugbIN4xH5&1S=HfnpuWTZ!pg(J<vwY&ci
z-;!Z{GH!{;`efV|#{=;~Fk;}5`C)lMaxj7Df%Ok`lOYlOu&yN8EhIlzJc;5b>re1e
zkOi{2KLt;cSH}9gdx&a-Rk#77))!101PhQMtOJbG1WJeDs3|n8CeSJx*?4zREQck8
z(g8L1PsMX!+)=?~^dNW!l4wFH1DyY;PY8w=9+@66ga#6y)DKOi2N?js-5`)52r&vz
z@(F=Zp>Xs#19)N(0gM(jlg16sKwnj$uCZbUZ7_64Pb$DeJRl70(fB<;Z}ReUry^m&
z@s-J=0xXX#0|@dPf!X$;&LAWwjPQj)u*2x_c#+jkpLz)A@Wq8d!veuHfjtWezl!02
z(4-)2E;IsRPsXC{AlNM;SXUr7DP;Vz;20i6AgWUkoFW`G`)J&(u>?_<2~q?VP!8gU
z)F#mwAsO^PSjAKu6oO!84Sxp|Be-V%U{^uFwZOPRIubQ3GSHPM1i(-Tln{uyL*Qa?
zXAy`5-#}kvokAc>2sd_zapM@dEY?of(u_tSj6XK|vys_KbJ}MJ=4<p<eFHrkL)vG!
zF7imIYy|C&LS5`wdf*LO$N~h%hUkVLCuqT#3dRl5U`=Jg)HD#6M4F3ixHxEPL5-I2
zB;nw;GhoMqT?izFLluLG2p0*F>kGlUjl@5O!`VU+paCxiq6rNsZNl&YqdV=VL?cPY
zrFk@&Baz3U72`$l^zwlLu4u8N!Fu)tbAygc#Xu^ARp;gh86D_d09Q7dCLq(|r%gbT
zjN1f%KS=B%0NxXV_QH{Tq5dQjD1kTx(r^;>8(3PJTmFIoYMOB=Kw^M1j4@aeP`8mO
z(4LHg*b%)88M}-c<e5MW#G^@pL?W`pe@X62U29#FUyw^pGcLJ+u>ghy-hxT^Bk94=
z4nrMnJUP%8@C?Ax@HqD$MjYZyu0Z_5j)_H~sBMa{Pr$Af|J*XflQbX(EeX?%q0L9B
z2^tGF2l9wegMda-ycol1PihL%LQ110|3ZB*Lzr|u&~p1r)j&&l(zOKRNW{NX3$)56
zT?;aG{z^6QTAFk{9ylOZ{H1!}MKI}l$asngyi}0cH&I2f2#?4IU=dN^N=I#gkn}df
zNEt-XvFn6E<QXxHKtj)mafBxBK+Bq%2HCTz`Uq4zRS<#~FBI8`f`~x~F_7*>C5D5F
zZwR3by5mUh)TnB32&iC?8Da>CqyrT)q6E16;mJ~T(c>p!;L)_8?GuN92kMg~tzbz=
zQ^26dEcG9(0;3+7w6Wab=UGU2pd|xlMGD0KEFlnaep(R6kF$hf_o9cN2meSi?#vjp
zD48lf!AkKDaqcOk5GtN4)shG%6$y;QNJM*RHA{*jZ_(}qcUaB=tl8g>2mwik;3*?%
z;WbH597u#?$3RjaNCHNXgh!^6jX$IwZp6C<!Xr%E&0$ze+B6$2O8da-HKb#5kRgGe
z3KBYIE@9DT2;L<;87V)CAAq+*lLb$vkU3}~n-?g;2bM+MaF97*JdqMwX|R67C<^>^
zPQtA0XPw4@aG@W&YNVrRtCPVVfy4@g7cYb55niU&qdJV92bT31VLwOp8y)!+lJ?M4
zmHN+EE+=QToQ%bC^47}9S}GZ|Z5w|e6~fB^2GykofTFRtF<(c8r~(P02>=T%cpNzd
z0b?G=;zCmeA%N{bNEjT!lg6T<h)UjpK;S0gVV#Ntj5W~{nQTyQWX95%D)bg9ZM4cY
zUagE~oRPNCOegNJ2@f(zanP(MR3j5)qQk-VGH8;4R{5a=;ckHK7I1_y26$!;s{IK!
zMrHDVhk11S0X;xm!vF=5Os1kYbI|I6bTS$tShOygW?zJ@Oa!_{{J#!2%3vBnf;}lt
z!Hxb?&rkh782HfNspIGVA9AV+iYh<&e<&+V`G5Qy&y@eil>f(6{HH0ekN>vU$5i~M
z|4sLgQDLpe#u=LO`uMMTebB;})6dhXrU9Uo(%y{<_5^ku$UZd6GD3Hdz)?LYupDEG
zg+vTEYzT4uAW0Ow8_*<29YK#5(Hu5rAaPIt=i~79bHy%mB>}yN12GUm2cisw!Qp0z
zMC#!$Xb}_u3JO=lc;*h<YKRmLT5zS&Ioy2wK&xRx$GBD-y3vuQ-y$?i;@sV#b0-WO
z83nx#13p{eC=@)2=*VE$8s&}v>%`Q2R1H~!+BztWF7kyo7~sD~7HDd6C>#suR_J^V
z)|owE3n`?uQ{58a5=KnTh~ov+Z0yLK97732_&8+12f0w2d?DimLI~jUc!;?ok<4i(
zBNA+{SSOFgswf#tO<d7P*NoR{v_JBV*6xv`5~>A~<mZE&=#LsxI5TvD4(2*`4EgSO
z4_u%R1vx;51{tA4RNNghScoGgJaKAS>xrUNvamnch^U(a-7NGIQ?uyk`7yD<nL2+&
z;m^>Biek{pK;s*0h8>+AO##z=#HtFP4oQl_|G=rR*dI);@INA>&8!o~bD4_u@-yQL
zgU$~dUsR`TFaPD|=k}j~zkm4$HHrA&3O~gEmRFXWvj6-W&y@XV%KkHD|CzG?Oxb^?
z>_7i^>_0TS&Ki?n8Fi*E{``-bfYz9dwf|7v2N=JMwF1HJ>7%^U5zlXshXd$qIOsMH
za)AYkoDF3oPtw~Tvit=2$Rc(h#72ohbBtUofLzw;HBfK#An*i821ZJM>T>g=@g~40
z6dsBZBajCUa+C-G8u~JVHZ8+4S%NkOPPh(kA#8MkQy_lt@OMWf0Vo@?D|is_KJGtB
z16v(_m5AEYKTQTj0|z>75S1WTKfpL}FvX4-j<BEEo_=WbxaJ?onUH4sVYqO_=#7G-
z55$Nqjq05;QV2ckn0r8wS6>K)0C|2e=7-#1sNRXl2*Gu^Pi$7A56lEcEO^YQj%3I^
zEBd6S8qMhTO)Oe}jL8V83o#pkoy8jVSQ~988sE}Ip9+(p3K`~6RKXT1@OiAI6Y1Bn
zR5DPg4>C@Qz>#_Q*C<4+XMcr6*h_IzG%_xOzeXj^Q21BqG)40Mno{~o9EV0DA~Mk@
zHdj-fU+Ii)wE23JK^J_YnmVb`#V0ajGZNrIyUs{L2jhrH<a3DPvAK~-(a=l4RuS`S
z2*dnm<TsGd>hHCd2Kb1MyoC1!thc+X8{K}2CkA1lI{}adb>y?8gqxo));EOq8>>$O
z1d=4ACN{eU_@E)yKOW<!`~M>TwnzzXP*8cKVnBliHJ_veRGkJ~GkkHCYQ&X=?6VS>
zpF93Sj|9cdUjl=ckXKNYK&k^hgeOrXY4ss5sXoHsB?s&Y43#`~ARul(fz22+_IDVJ
z|L5(#0Sq2@>QhGF|B+{W`!AS*vcInm*vU^>c_RNm=ow@GRhCm$MWK~{9|;pb|Ks-G
ziN~Mz_usGM&yT+fm;h7b|8G3M9)Ftk27LaDb^OBrS6)GR%=wRkoC<g~b^h}&JTkxc
z;Q)I)EKV@Y8d#!Gph^@9vI=sLL?NfDp`?zc1cJ$jh!Y%0W((vF9qkZ+;f6HTM*=F9
znpQWE;^jvoYe0X)ia5^G54{3Ns5rC*B)*{~DeyZTf;%2ZAY&mp+7$?$NbVJW{vjmz
zrm&=&6hxhp3`8Q@7+w)*s(p^*cX!ZOwE#%}KbUT)&6FJRCIP}egQ(1Sp%0Dz8&~=W
zepoWa9f)cgusTV<JO^ZAe;f%9DTriG1~M>cKQb25+a;xbsOaZ4P39sXko_n4CdC21
z{l8u+|H<dq{2#H2|8?&FOa8AYr=&8L|0~K(-T(Mkp5M*hX#Af(YyK4XhtFIl<o=K`
z$CD6*hoO-O{shR=@jtZ_Al4YNFU23Ng{FO_o?t<5$J;C5j+TVsXvoxE0{H=op#I@U
zLWhPie8ED_2+-wNt+6jgQo{csc+e8ScPq8D&_n`^F+`;EX)0eQLWpCc5>PS;25cMx
znbr(<*kgpw;zvp*x%pEjQ8JY5mnBcQNB)g1k~$^~=C#qABefZm+arIz8GDQw4lFqk
zxl}r;UnY7c$omVr$0YyD#813;Gj^jd*%J^Hik@f!V$hH&2)rhv!+u&EH5=J4kmLs0
z2%*)1r4lL$YWX>_lc1D@LDS2He8lN1>}OfQ2*NkrCpTb>6a1&>2*2#ye_HaIGRggC
zpI^&=us6ov5&wQA|0yW^DF4YTPU-*u%JaL08k+n^n>Bw*{IkLZ;m4Q$U<gB~%>S0a
z_oFxmwNa9W7lDD#$mw#$59R;}0x-mXB)t@RixyfGaib6&y$R7FC_sXdg${`=qXjdD
zbX3?wWDpo=qDcr0v`PKMKJm9@FAqQq!4C_a-7-)iiW8mGX6*6jH{;O_huzW8F5+Yf
zv>S~736%<=J0fSv@bx4Jnh|t4hTeU@Ls*(v=KKx9rU%vH^9zZ_Ljyi-m;4*@)Rg@3
z|L5n|`#+sk{6qGCc{xRuANGGJ`PBaZFFe0{kE8AX46_Cn0o2BN6v%5RtB>(0fHG6D
zx*)$huzR2>eh4!j<D7?}mXQ%(H^>s;7Dyr!0QU<SS3c0k0lw~swuS``Nm%aqQ7{1M
zbcybycjy%~q9keL>HOf=DfNF#@IW>cNLIigeMZ~lFjSWu4BDCA)mlGKNK41TfdEa@
zU2!0EJ<vu|=)Met?8f1|!ra2%(#UX?H6(m6bis;=yFiq~S>M2Fg{6^&wUN0Ql<!Ym
z6#<!T4J@sw8Asun0a;WOrV{e2L(oG_et{%BN*ee9P?!!T3>ErwJYf!`K0p%u#|RxG
z@S>x^fyb%&XBfetw7&om%mLR9h=Tqdp=kt+bn<Aw2<#sy3i@}XC<egMzk=HfO8EtB
zFBMD>R1E(yQZoYt>7Rh$g{mJx--XKhDF81AQVXaZ{)6t#XJTM$0KE?7U|$ChxFh%>
zj{(1+o_0ioUkcDKsI%Z-iqJ2(1yD*Q=oeff^h+6bfcx!?0b)sXKWB*F`Y_%s`R&!w
znK+~vAins3XRy=M80s5XiJ>K>sxj>Bqs+myiznlFZ(~I{*kM~R`xx)Y&@ku~^aG2`
z2rYyG&;?KGM}!LS75RgMo{J7XI^so%W>jjV0F_h+M|kYl!EYUZ&?f?kG>CSD4oI~S
z9pS4~09+}kIH+_wwa9X1A4L=7aXSGy42r;Srwfc2V^Qd3)Sn~tI?~3CI&k1Gh;VlL
zVAF{EQDtRkAMpm(8mXS4HAqPe$|jzqfsED<=(MA|3t`KQ9fo`u$$%bRDugHt&k}|d
zaP8CrVE|n~qQ6M#KU*LIO*?*pFnaW#Ef8WM6BURsxIbAS%!MXsGJ**GCkuob+1LU{
zC4=?6e}uzXAi6V|eiecS$^5(PqW8$ylNPF~?oRn}X)<_W`@qTJGZ6$O1dQ8+I3A;X
z=IOQ?Pja9uZJ_`*DK0Jw{}=pAbN8lJ!I&O-2`7Xq6NLz!TymHyQ9ApZOcp9}qGQYy
zBU1q+{O6{^3M8-x^;Qq{LIgvM4~{X(;JYx$oeNmF#QFGp;au@>91bu%U<dl=CJ~+S
z!Bj%sL^TUhpyezf0ZkpiOeJA%ill*fsRS&xOGu5Fy~ZZe0*R2K8B?LD1&`Sj!~?)k
z(J4Tq@jhhysPxW1(n+)D(9<G>;{rD#{i#JeWJYe(LHFQrZeB=!%!s{^04k>0o!~b3
zA(%Xp1h}CDsnM1_q%a^gLmM5fE(}OUO~F9<go){GA<*5KXr?JTL^+a`?8lIix{T=^
zh{Z~TN-(sX46y^q{U4GNMHxN-sT01HL47%@KL}_B!bX@a0fWp(GX^Uo)H@^HGxAvq
zzCknI7qm87PHIdC(uf&7pzFrT?Kp0q((=>OVX>l6+pyR%CDIc(j_u@8eMs*$EEX=B
zmV&V}0Z$n{I*elwCc!}~n#y0m`zd?ksOQ)AKdS%9-#7vM)%l;I!VmU8Wx1*IzklWV
z-P;$<{x>pf{@e*5Se<l1?MEN5G0=SIKp0}3j;{CLIvk|#9Y{;Z`h$&kb~qkf-#Dj+
z|FVPBBoC`5QwQ8W+D%3345M9E9M$Scoea{@=Ki#=4vF;7dF#+GWV(-Trv~hVG&%nx
zDEGhLEGnH-=Y{{Lo=NQg0e{c?`<MH_viw;5HwEZaaBBbmH=f_UjnVi2fIsj3jky0z
zwE4p>KnS?S$hIHg^WWO@$Axhj@$P2-rE51Mgv$@FAcGPe;e#>P7+ja}-cs|z*c)TA
zj)Hp`_cb*$f{HOF_ZS?Q2|iFupy5>@rv}ut<KP@1{^TGNZ1|Wc-DHj$%={Q&dKsW3
zXjRd3Bc^8dabOk3c)X8b8;shc89*2&qF0j9x<cJXf3q|PnGzrwVl1svP-jBG4b;As
znw)?!`9}SMD5_jDxmp?eWm2LI^!!S^`3+K?53+nfU(n=WQE_`2abFp6ceMB_4RKQq
zajRcAwIKx|b}RIc);c3ID+5bww2_&$Ia-{ImJ|o_F!FyXw5_g*je!+fQbL>zfpXCQ
zD<wJ!D31xBu{;Jd9`nGA%M~y`@3TqOJBCeQXnp+WCjDgY1B@sh{t&nmv=p#N5I;~E
zJk60&ncNM5$?6^do%KU4lhztQiw3p(Bq!5x49%Ey=lv7S_*-m%+JK+$0~0+^k4;9o
znz}49^-TU5U;i`3ZNNjW%)h6OU+8~w%Bo}IzbUIKP3eFC%Ci_z*JuMi0{O2hD<>~2
zF9-ev%9@6}651C>cEgeIL@ykfs<m;L*yuXz8(C_hWdq411RzWn^b!dV%_Ujo|Bt<A
zZENGk`u&>u70R^D!alxWAR$Y@TVhP&7BB@TZJ#zzD$mGR&0O5k41{+3-}js&&CMQT
zx1=Q9*V=CIXhyel)6qH7QKLnlT<o(s@kChVIdfKZ`iRZhlFX`I6|BO7VOhgO!cxM)
z7?Qh|Wy109S`Ykpu8de6#<XUJw4N5W9yliZV!iUU7qGe-RlF+oa`rX#=woAl5&t)?
zWpMX47V`i0&P@EDt=0Medr4FLj|e9juw`VxR<re(ZMJqdcV;8N6$F5@`y-GKaQu(N
zXc^c4XejE(DX!1*OI)Aj7P&sloZ|W{zs&V{_9CwD9kJ8?fOWs?T?`5gnpVKHRG58X
zJvi#0vo9npv)Gyu4eRW%4;tF!2J<V5d~7t&P1XE=-aR-x>3*m-7V-ba&i3^D5C2>7
z|9vFu4EO>=PYc1^&{4Qed{IE_PoAh(Y3WqW{~)bL@-m4&%mQFR{J&OfYnuO`v|vfF
z;{SU{pFM02WdK?`%#0)U1FMg6T_B9)C42KMHBb0gQ?Jq|Ya}g8IOCAngXjjQPK-~D
zA@12tm@qTr3K#cWVlZB6N?+**G?&#6zu!V%_J7J={gmgvg}HeDC-{dP8K0ZnpDeQj
zZMN*=))J+$<M<GTVLbaDOZ{Zv@_G6hdx+ch3SiL#$L*w&_K0R*+S$v_m<Oa%q!6=B
z*J!b{pOu(eJmFq9m(`_)c3m)A{b%8lEC1s2tcCyBIj+(^orc$Veun+Shc_vX{$Zy8
z%|}ItsKW#|Buw;NVLqlUv}?G-aFWD0azJ*(&JG4I*KLCA$ENL7TAZroKL*rRA1ng!
zpNRjvjqATv{MWxe-G+bs_l{dXC@s?eH=j)7f2Y-2t^e;OrALGD$_6^CXyeaLzFN0y
zChtg2Wt^CmdzNvLEyVMzZ;s9L@0K;ay&XT8+1j4Q&v@X5rC2EBTUcMsDIYj3;{VQ_
zqdzah|1<l)wpaH5`$^N6lo&hR{5ze~*u?Yha5nGnawkW*jEPEcE#oo!V%uJcfDf7$
z@&D1CqrWY||JyV7|L(L_=RfWxP4mBAoz7!^nvrQ@|AO}3(D72Ug~^^L5h#Av9mK)M
z2GRd?TEzb+cMbmie~bD5$@KXz;Q!4P|KCfR=6~|X%@+Xln*FwDvyu+#%<!Hp?@PQh
z4EI|v-e;(zO#k6xzb&zmFb{`p|L}#0P*ENfNvOqp5`V9;dOZzb{8!ydc7OO^#Q$ai
zcc(TM@PBJ#Yuf+6v%T|p#sBw_KISEbw~LV_ZZDjl?r^VR#kGa=Q{{z*^Hb@n!}-Zv
zf;d0j+x3Van><(PFHQ^P|D8|&FSGvJoVNd<NoXbi?;*{||MYbEJh83MnA@4u1eNJA
z;BemJFFj<v5<#D4D)T>HRsZ4J_~ZV+t?ljB%KvvCX%_!(_#y9p#q`JVzrDHfWQG6x
zNY(fsMjw&{{sjJ?v{w9oFKI6R%{}&tE(O0^8@KC!t<5Jh_}|%Tt>VAmOWJ#Q*zXL!
zKkG8YGdp|r{J7U)cD>pBcB|8D9u5xkd*#_h97!i`HoK>Eh`-{F`oVcqUrmoC&Cj}`
zVhuNT?Y6b2FL~cX3!1s}K9;d3+Q$jM_~v*QgD>K;|4O>t6%76x^1#7}+6*#6MW-hj
zXCCN{3BMFRzM;6++~<!RN4U~^_K3&QbH%d|_o(ePbpyIFDEAK5;oiQj;v1mvu>f_K
zjUzGIw{P9}41CdWl(H$Lz`h-e_i+=Sn{DgCo{vG#v3MQz>8pLagFz>PxITc7ZHib8
zPo@+?;2Cqq7>qmKe>FI&KgC-1ni?j1cn4bBvi4kg#iYA$V`+@o9Rc_r<k`?UH*sRj
zoX&d-x^!r__xKV6!}1UIq<_h{2R+niU{nE~r`S)eK$GB7kG09$drfGts$JZv0qqXu
zWqS|M9tM{NuX|1NxYwkY^D1zKaw0jQhzjk$fE1`%{fF&6#0v)skYx3G5$-+!y$tez
zU&%|ZI|n4($_58NVK9kDu=HdOc^SCkJ;_kJ{WA0gLJy-Nn{VfS{aJV=qAMw`?e=S_
z@<F^15%)9-px~`FfMAOgWw$Tr?{a0_@H+594vczeel1tdi2&F!G}eh8367__pTTpu
zWUEBrNXf`GJPu2x_L>H)CZkk|&x3?}2EHfsa65zx1wNBOtPxN6?CGZ&y18Wt#mbz}
zpGc%c90mU5fxB#3v!Rx!9l@tr0$#E*S~vqH1`&^e8w0wHfa2WWhK*tkF4=CO3T?z)
zwwMU6B(OL(`Bn#zx7!E)5U*(!O9L^r`DQhs40!*Ck&#3yjPg3@amliiP{nwO!dnp4
zB2aj-f!#jSnZ)Z$)k4<gQWYmR%a;x#?s%e9yiZw+Im3wA?t2018=^duyA|vMN)1}p
zQ~3l>k3!A8Fk=^ho!Xtth4rKY)58d+5zz=l+%)rwN|i}~9Oh`2E}686J*Vy33+s;o
z3hzYJ{P$%PCX=@ylUtj1`+0K72KvoxpO>y%IsR0=o!1xD^=ZiGPZgl`qyxAU2DHcc
zlyWpLU{TjJJs}n5nW;I+XcBr_8gF8IIOp!$slE=gFVvo+AHIR&llH-o%lBc8U4_mg
z;mF8&hWB7R;u_s7@!14a7ZHR^=(5ZWnUj)(D=#S{Q6U?qg_Oj}n6sfAdNPcK!y8uD
zXG&ZqFk{zPm;mWz)!`*6FkOS3gnA<hN;kA=W$^k;#)887zBMDU+mz#K#$_rTMuLS5
zFXr%K$VRD__#FPgXTA)$i<JlTwz1coz_0;ATRDV=96J0qQ9^_0)$~vRR$G9I2{hw)
zT&WDE0BpdEIr|zxAGCl>-DE7&kc{N8>2n%lNLOiS5zLJ&v_Mee^%CSdVrx@{*VgH7
zA%|2Sr~$x>XD(8m$D$BSS>d8v%XFizZLL&G1WiW))e`fe@VJF>@JrEG?8Ec^85<lt
zKkfnrgg9LDQQAh~;~#ziqVJq{4+h;*5w=FmK&NNe6^~H2U3<K-uDw{=zh20;FjUB!
zH`GP$N(b+@0qyfL2^15aph-(vo-})s(ZjD%_*JM<^#Z`5V6Bi`0laIviGBO$P>C-c
z%G6s2*zdJMaZnIK;jynm4v6#fVm{?Je%AS4I((GC<Xv3@pp}|F45MPpKEC+U#mv0i
z?-t$;C~Itj$73d3Mhfr^!&(PkqNvn!;Jj9j>qKB@tQg%%!=18c13Rt1c>`@WOgtvN
zzkz_R1GE6t!(j~SGBBW?DJ}R@-4pwwd)(~|n667>lD26WS|J=te-cR_Bk7}79^!>u
zmlEe4g;9|}&C}Yt0D;5;P=Xbbvje;ZSdPMLB*-M%9f{Z(v$fxTH<vqJk8$G|z9(Qo
z6G1!$82c1z+ocd!-8%LSe*^5HkQqJx(&I+}5KAPWOUPe&#uM0?OsXhE%XF6@!}Q63
zZzO<}S)4$}@Ut{5PccLfai;kV(kK#I4EIX{OyS8}TJM0=%!Ki-mR{A8NRPOh5ppO@
zF@h;orvLow`ShO^ERlV&WQpvvk(MRztY}XKFhC)f@>=|YuI1u+<cK{=^ax`N<u?+M
za0E>nX$iglb5QW71cw!70KOHD*|7sat|F2*nr97TSH8u?6A7aH;swnrWi~NoQf^^u
z<+AH}==uDZL+Qo~U8yECdV>^(|1Z!?7s(_WbcXjt5fO1c;bM$S;tD-#HfPw=a~A2T
zcJ-7*?{GevJLlN`&0BW}d_i)~tr;<4Vlku8%b*Jkq(HViG5e<$AZF30?DYbFvoeFT
zHTw%?c)C=zkz@rR9Wc5c4#8fr_UDcSRUzkmC-l%_1BB**R)l}?FeB2FMZAqOw?<8a
zbwNZ-QkwLIHwNw8rLsQAJE)A~ZDH7MWI^*7ZZ1&inhQ8YD(E$Uog@FO(FKPf6hSj!
z8KE#VxlBL~8)a!7bSF*SrZ?g}UOXoCf=*<eV{4#?$dPn#v1tL7aHyHX*T4)Q->Gd_
zla9GsH!9JzrkU!KM$MdhOBRqR4U`W-uOp+=WJaI9;vQ&zcx8jJ2RdWny!&?&$$j_?
zI5+~<M^h6SmS)X|JyhUyEp=@?+_1G->NV!&rpSjj8w(8Bx^Hi_Y<4Z(c)V{veQL92
zTWi-7(?jLM${MwEigQx3YEz(-Cnh-U<L2hSFwn{NHvBgo=mgYsT@Tee4J8ecY6#}G
zyY#)b?(H?T9rR<{f9Kl&i%Y{hwz0te-`d)0&7A++*;(2D?<1}3|DT-wf8_vJIRI7;
zfRzJa<p5YY0RDsnAg!*X>e>a1FmG2m3}%i0CC9<a1Mum20Ll&kqp)k+N*S9xbpyCw
zY7xl3)>@GpXN0iX*l28K*k?a%!s6&j6BkKupp$W0z-^zTf*#F&Y)K{v5+6+hWYXs_
zX($I5&bW+D&FYN!q_H=QU@b?D9T*ca`X7A8Bh;{<K?m04Z5^p>uSpMDA4p&MCghQM
zSy>~w3@FrDg}&fsT{@OQ^1grgyi=^C6GoA|lnHhUuN4lm&!PVkjX{_z0z?>^Zg7Fm
zPUJhm&d_C{M6h029h5>dsWP=G_7yZ-WBpF=DHH7AuwN`S5DIVaPR$abD!x1non($d
zB(q}_zX$vpoxGANS_P`u*fdn}c#0~rVWjqaoOe*+hNiFJSB_^5&)b{aC=%i(h9j+L
z@-)24Dh2QWkem<M2{uIKeyiA%t!4`^v)S05JNStRxJsKho;A~tthxD(P4Qo=b$esQ
zL1K6=(qn#wH)L<WDv*+)ObptERMnu$US(!6UH3AJh9;^zJO=R&nG?Ea2X$}mgg}m&
zs3(3z%i7~ctHEB2pSiY4xiCm?40J2}a+7~fDQYZ1y#&|-SX&zghg$}$@UKUf>q*->
zK;LLV>BjPzm5<=<19tt;CEHupr%-<{6v+ai<YfT(;OHCyUNdg3fZuAVghdR}>FkR~
z9F{d#;@MQ!U|qgzX|t4`k#G(oj_^zJ8L*?pBAJ?vOx)Gz05R#1mIl40jFAT_m(-=N
zg!e3+{}$B^>sg+}A<%{|W79^daEGX-P&N944TWq#>p&;v@5v6AI!5q&SHg4$KsSca
zgb7^cq!}|k%}JkVk=BnYUqEW53K}+(4wcq3G7`e0V5la~G<0uy`UI@1n&dx*X_f4%
zMQb6MRVi}(hE^S(u-49Q>*?;+<0-ppYE?Dtd%J0Mfo1hmGpzni(p>v*zB<2i8w>2e
z+pU@S4^N(~;=kQbTG@YB_TQEL_b;&jre+l~`I?87-FId8UD<tCcHd9J?z`Fp{`a>4
zmkhx9#DR5JO&(|jM)QW5;`5zkK1ZvOh(_EIOp$p)F=!&v`=W58HDu$SBF-*h!5KJ`
z_M*+s$ZLnsPcGKYrYYQ)4U6<&5~?7bn6b*D$%0^J)IL$iO-xYF%tD=Ppa+Njnpv~g
z^pd@1Oj<RvXF*SMhJBWT7pw1@4SFE0Q9diiqhTcD)UpssY%FBc#m=GB1TQkkH;AHb
zhc<rE#;Q86(_g(CJ>8a7WlN}lI#b~&zUC3`Lc5C443Y0p^98Jp*&I^xW=P3$!_<t@
zu#8cnNF1q7fZwKifgy)!W0&bC`2pBk!GyQ5j>eYk$bc)=Bn*nS9NIsZ@958U3b&wB
zWZlEfu*M3TBaMwhNzp>kU=9l1x42dATGg}(9t}0z>0hw#;8zAnr^={g73$n+V9BSA
z_l?we(=Xb8=d{Vz3Rcq#;4SzZ+LsPYsDL+i0Pt7o#=2siM3@T)a(nj~R~jw3O>w)i
zQG<V4WG36F7>c%K%^A$X2K${Jd&&;Zdb2eftMS~L|MZYHt5EXQEhsV8!ms!hrxmGy
zufK+0+bOa%@HJ9csao_5%)^PPw$neMtIx8!s&QTBtenb`x^wM06}Hd;lQ(;!W<*!h
zyBW`A+e}9SlxRjfQezp>Cf|fxla%)^Wq=oRSj)`AO*Ia$(GR8?lkucHxk0l>_&xC@
zv(CtUrdXnqX~D>rYK!LlA#^U1LN%%W=jMq#eve6}oC|%A$fku8Pg(eAZJPGi7Hqc_
z5X$^&hzBDrOYkugk;Ydk60@ZXc5P<)q8+B=?RG8>A#=NJ`~$CN`~yf^P$T*X#@H+L
z_ML}A5dk85B1#nZq_3Ru4NPN!n>EKe#w2P9HVFOfKoWbANX1p?nIlt32}mk4c$l-M
zH#!&lnqFzad;1>g1>Bn(>2aiv@qL(qR`<Ndx^BWFK*Tq=K|O1##s*`_f&R~s{%h<A
zXeI>7o?S3nV~0GDUdRRsbiT$c?0^h_bETg<1EeCuN+gGgtnk6OB&^3A`hOnAV`!Ax
zJOqtO{tE4Z+!A3x-FpF}3C3YgCK=jWMYNkd96!N2PQAKk!i``6(u3ZzbL4>VO5)KG
zk&=K_A^}7N9hs5Q0&kE$F*gStFeC7Wb&|;Vc5l=Oy-y@l5VYvJ3JP9sJU9U$OdD|V
z8ywW36acPMG3G<IhV$fl%>rV@Lp&X>6pXPpk7CikSdDtNme0%U2Hr+WBIjI%-j&SO
zu0?orSfo3WHUUiV&`u>Ej5sKDK$P+lhU(#ol*TZ!+ec|1=`9S5UL#Kc?e$K(XMm^9
z>De#UVj{IskeEpA6zQ=_Ei=h!hJnu_zXJX>qe=_kDlGb>7l#xqt$y0CUz{DB)CVsQ
zPQSkRvVxhN+&qFLA1ViEwG$$sN`kr|lKcc`kfHGFS2)Y5hq>AX#CNMO$G#O;K^xns
zaT*sdkc*QjRa%&%sGXGLO)gCE5GdCtQ^*{FGCRV_*NlmXIm5l6qeLJIXQm*KGaiq*
zu1GhMq3i#<_bs=mk?-wk$@TVhck^Gn8+UTO{q0UQtkSY+uK%yN;JjlSi_U*MZdKg>
zv^xKBFX<EV|CMYSEOo5>J$-kTuDg}z?!G;DtAiUW2j0qow{qaE9C#}S-XC$`rSspE
zo248|>uzqlW36B3mIO0<<L=u?h|D##YsnbaZUHRiVNonxTuQTH7>^luU~2WHL)I4D
zaw{T7!uoEKM8F9`F&;BMRG|l?;N76x%E2pjtO4E3jb10niozSv9VC1W)xJ1=Rrm0K
z0`zqP3f2hbRp2L5-;kCYsRis8pm#aKQe0IUV!{awE=(dvr23a?x?&^)i4_@A?ZZdx
zg1#ckN{8IAdNIZ=AOI=qskVX1p(p4fz{)l+gM=DO3pOt&>HPBI>{wesb0Fij)-u3L
zya8ZCD8t+kwFZJF<SuJxHTI4(ok!!q+c_A_sSKeQ;bNYE&OBOv<KB1a>0u3p7hX3q
z!wi0;CNctyha>8m84Gqe9`o43`_!=@kw}d3xC&OX2>O1Lq93tuP);C&#XK7WZR*?E
zxq1g>b+^I*sKdksp<ooIF(yZJf4f_3re@)_=ajFYPS0hRcnwJcgC#|R4R08QxNxbZ
zF>Zgy69SRs<b5>&LGZ)S0Oh{WH^ry-hZ}_s$q_;5rbk$aZc30!)m=G^cyz<)SOIRi
z2OdEjW@c4*hEClHr7RZQ*U-wXwG_?8P?9Tf!gY0I6N5B2<KfJ06gA1(*~!502qE$e
z?KN9<G}<t1qTGHy=ri=ED`lERsKK~EW5yxYG)Vy2;M(L;)CkK+4xk1=fpCb+5X1>5
zELcQfP)+87MwoG>LI*MBmH|)q@+!85__Qxf345IyaRv7*!%69@jN%H?qgJ4c^tC5_
zX<ESI1QTUxx~@?_Yuc`je+3PTm{pByncW&42#PoufnLLLG=X@O@H`7@Akj7|^{%FQ
zJTw~=42TrwT#o^NrIAQwjglyUCIyuNZct$@yH5;q@bgjV0Vm_oK+3x$<kW77TKN#x
z1v3m_q>WU%FB-Y#l^TO)iDF;F4VssMg<0vSBJ2fdoIy-tKa8l^>Cxu&V+~$**+u_o
z@a@5Qm-Q~#*?IqU@34Ew?1Kw<wrlL$-r!~b)quel=Le^Q?^*wd9h`p8zV4kK)>!wu
zv-9r71?!(%y_2)!UKjFur=8<hhrQDm>^YP>?GM;-@1!??N(X(04VtQY-3zSjq<h|Z
z36BTQd&j-O_ciONH#o&QkN(Tvcfd7~Z4XC9h3G1lwU=2`1P!5EKv0?#X+p$;ijx9~
zq(CMCvG=kTbQL?IBD!F&C}PE~h={!_3N}<!EQs*kduJw@1W>oU_uu^<`6-Yox14)V
zKlhw~Aj|~|bP3{lyAASn3Bm#g1qB8Kdw}lUL9_ne{{4eMFCKm#{yZ+sg$6ES9wFcx
z7VPEX>kIp0y9@%u4}t^4+yVlJ26=mW@i4CdUw031(bWSC4JEBZeSulI`MP-faWHom
zKNn9A^i}|9C5R0lBZr3#_VR$2V1F*)pBv9Rz#q=TEx?}_1io^>G=q4WR|k6sdvGw9
zAn#xZk^VseejGN0CwL<OH3HuA_aIw=u*P(j1Uv%24+{3sG>Ex-xcGv$!20;>tly91
z^Z6sD?|*zYA4W1CWb|elD3RIQ{zo$T{9TEB{(rG}S8xB-n2!E(AK$V6_O!Csum9Tv
zmISS_|Na*~a{~Q6e`2?R`}ZerFZUqudouiQSR4HG9sXf8i`72O+uemX=2lT+-0<MR
z_ujnDKG)RCb@G{}*z`gDrU#0e2%B^>k)M<}7V++94D?LA<(U-cFu^%sQ$W&!<ZB_f
z(~_?h)!phKUu)6nSHsz6p$q-?v39vN#W*(=ufBMehMRRh(DUq!OA%$|2|3vZ3fB-5
zBl;e>|9Y}j!#dk{wCgpX>w~bw!L@f-Z8sQ&k2E@ZJhSQK8F5`$4Q%5L*7CYFV6z<@
z9W4?U_MS27nL$~zJ{@xMi-k5TmMvSBl4lcpA-TomtcN$GG2_O4IdbLJrP>ywgu)FO
z85x^54@l*KH;DtoTg*-QJU8p%m8)0hoaDEeAO7sO6`cxrEUSitdA!Gkg?Z0Zjb_!E
zIw~|Y)X&e)*Z0D&KX>nE{Qkp-daSjF4mtJdb0>=T`Sa(jtgN8a=2J1lsrzKNXJ&o9
zv$9Lmvw52WieA2aSyYs`diC$TZXM#2QrfvJ96M%+gN;enLsq@4nLc}uKkS#xUmjfR
z%C&0+PoAV~*x=s3KWK*4PpMQ!M;9l1#!IDAKA&&rajNiLle(;|9SI3PC;FexFU~tR
zxLd-$ef#`<eSQ7?)2=>WyLRpTwmtc)nxyjL@=wiualNh2fP*t!=X^M@YSoDGeZFM(
zoE8*3!N`Dj*RfYb`)xic4rAYoM~!-rHfXb5%65x$2V-A5Pbwe(@zq^kH+xIV?c27=
z?;oCUtBtIURm1KH=N>-9S*#YEA!{d$95SSrv-7LhuXDn8dw2eAXRhnQ(w9T;MI<>r
zf6=z5@rC<I(N6=FV>2qQtbQ(hRqtVWdHI|<b9U_5A(7N}v9h*qVsI=its9HgtK9;3
zlh*Cp*}Wq$!{59%)NRnh*J1*|HoKKxoioOkJb#!qtD^klkpU?|@1xlUi&Il?I>y|w
z9$v~~+4Y=zZQG$;q5%tdX?E?DuQJxonPbFanKeIm;fPcwn=pR-ty{O6HfshJ=*^fu
zNjb66(Ya;a6MP&U9G3f<PCI7Rw>6GFix)56x^-(&QIXK5^^>_1Cggj2w_LSy`qLxo
z^6`EVg<|<Dg?aNsezFh)Y}xs^J|h(h%NedicL|LW{jV>vVX-=O>h$5m2ive{rSkc+
zXSG;I&z(D$oei4IzI!(@r!YM|{bNZ<6T|86->ZBL)*icdEvER<$+;~p%SBB-K8)&R
zy14i5`^#7Jwv3!`_V>%z1BcxB{OVv&#l7*t_aDrwc$ZW$PxkD{_|I>T&uHM}<kXx!
zBc~AT%jq*`{&rT_w(Y97Z<V#DJjl<twa@hGymIyGm#<#6n0s=-GHzYgD5-SI#*GD^
z-xd0#T)utV(b;+8)wDs|wr#tykuZ(#;FLiWF6f7ivRToiM~~o&(x=Ij9vAFe-a<y~
zzLc9A{wydqv4Y>n@Z-miNsh5x6B842^Ev&nGf&<wvkWUOEgk)wH*(}iwYubDqNBac
z)y>=6d*HxDJ}JA>)8l{rmEEx6bPQ~*$=TrmZ#p&Nx2m0Gm6T&?X4a}*yM~P$hwUAm
z5N;9}Y<u*{nxM^omS)`&?p)q=`sU4;g0NQUlS9+xy&W93jW`%$Yv0+}uwgy7(Ai+%
zeL8I4y4AwUD$ub`bZl(L4)9Z;JkY*<dzC}tNq%of$7XX*9N>Tr)X!KI6=m4CafDSX
z<$={%55;R<-~AGwk?{+`UwZzR(9odqnadW$^KaB1)yjFyn^EJ(j|XJogLgzkgiKa+
z<Hqt?vpfN&KX~vUWx%q2#`9*+j*5u^aJ9F$=kM&*sZ-YV>#-NlwQ)*Lwi$fgG9@Ts
zMe&ZCcFq-zZ8tYxI?c*(YQuWT+qQA-?06|b_TXno2z!R>xN+k`LvMS=cQ7)TI&a>*
z3l}b|U%&qO^U<k1pLKz?Yu8?%oUC4O;oX$=>;2yi=*XJ9U_ov{_`rUX^Y;|C%9;Ax
zZ@=x@y}NNo=Z0CJ{aUqZNhFdrYt~?fOP4JxeDY-LkeyTeC#P)Mlx4LgWOH<{JMBK&
zo;sdiBKUcbT3xZF!O`2d$DLnlF@OI2=Ik!Ldfm8q(f`Y`q@=KsBkzIfhA01IaO~#o
z^~V-&+h)CG{qtwJO@99Hg4Gj#(pThwC7k2F9w18ZMOjvNuJ^o`Yklix?{3Dv>={i{
zd0iH#vRFHI9S<Gaq<wqY>ebTBOtG}b-R$g(Wd&W92`*KL1I<+KGp4XcwR%-lB$G&r
z-@gas^V;K~>jE1#YBc)83cS^}?b~y5asqsOcJ15OqeuBp>$vFR^OrAg+Y~TvbY%Tm
zvvTDfE<FqR<(CU*ygrJ~_j&ZFPb#l_Gi5|%<ok(>oTbv)wjKG{WWaLn9hsEmld^Ql
zlFnVbdU|+F!G;VQR{E(pA7C87{I{RSJ0~SAT(~x|{W^Tqs7D3ar`q-$xnya~s*s;N
z`wLH=w46IPtb+s3$232A{gAdj3=S8caveO_@%^GPak&>P*H?7>c|w63v1y%!g~j!4
zBfexSCg#6*@ddO$b?Vd`H*TCb;ofRy$G#KG%03e_TpzxA)uCCl{8z6Qn7StTBrdx?
zw!nAL$dRjjQciVyH|))rHzn66?33kh8(B0f{Pd?|(>^?YTrv0Trh^$Db`7~AX`KD@
zQGmN6h7S+fHr$BS&&8!yQcg#JJq;S<z3kogYTfg~w7D%K50|EGN%5HOJ@comhnGIS
znm@MUt5sy=`YEG=QZHXEIrH@Q3m0-`%;Y{Oj=8`wCeo9;G@av<Qk%6F(4}3wl=-LT
zD~^1P88qlB*y!Bh``6yA<zX=OO5w%g+I5bczmVzJGo>+$mDG1v<n@5^^80I?M~K#@
z4h?N~KQ3a?=cL;i_QNC8c7s_12M%n|f-@O=`l0AHAoMGD_wSa_ZIRdN#6)|?wKL5v
ziiYiad||0Y@5IF9g2KEZ83#|tyxiZcNp#xpzXyj!ym?*GA(<$1Z#-92QT_#YsIVEx
zN=!^#`76ZmCQWj4bAM?u*S>Ieety1HL&g2WP8Jr~Q7!G9x%c<JIK6-WyQ^21Tg3S0
ze|~rD#EH2pR>Yp<w;wToR{fH^fc)$^6}J_GpEX-&UOTW`0wAk>)X#Ye#rA?Z1!dbe
zZSpi(bm#Dd+c`OncYd7oVau%ZPU^BTGkPDK*J^!8)~0~LGiD@qvnX2m`Sp>np;vD0
zt+nxFrXp<5lvux;Kb_1kK6dQb-Me=icjz-2n+>Q>uU_v<N`7wMd`UvW%^Nqigr+a(
zcggYC4E)ol;$PG6ALbf+&HMavxRpb<^XJC;uUlx+>F%a$zqD&KeD|p%X=z|-dvrVA
z-f@4}q(he{r%ivh8*4Swepn-3H}%~NwXf;!Lx)Ce4Iz59t23@4yY3#MFg_wDBuAaw
z=IrZ<EytFsG7_#@rY&-<_4V|mJAGqbwq6-Bz_eMTc3!1#vb?eqr$pCYcvdL1i5oqS
zzw^`EC+A()S@nRQYi~YW{ItJpe$Q=pkL0BDcDC^tpLu<2s3KRKcReRyjcQU^@w7*e
zmX(e?@$l&0$U5b3mu*-Ps<5?oWsTlj`sMYJO?l5YhiqNxa0oE*3l}fOs8r)$Y)x;t
zIy!!ySKeiALPE)qeM9z&rk|c>)v({fTm5ReyYDY}a_GfVv29WBhFN>}PU|VRTe?JL
zZ*Sz;e*<Rd;CP!m{Au%!ulGg^j92-&9jIrst*%O~e)9P78R4$0n+Ml7Fc2TE<#K6J
zC(jSB?<*cG=I?x2a((w2rx$xit;;VS#WxxEwe;vyaf?-c>AO3*7;~EYJbzxV0sGeW
zk+Ms@8#ihkdtg$9Q~mnM={o}X?^~@6H0$6z{?p5wyB988c;yPOd-v`g;s=L>>>~>O
zCjgl7fW#5sL49%b=QagEdUF24Id(rxk+e1_b$giN)2IBYEBLb)gx@_<v1Y}9S`(J{
zGK`Ih8NG69|HRInItd;gpW)!<YFu{k{@t>NvodaaIkkDJ+T5V!wXH*^jc(f8dfkoP
zU0;{Q-P=<LD9y-&`<ldi+DCS5-8wZjbxwS|XI_I9W6T1QbB`ZCju{4-H3x`Q>I3*f
zo%%k9KNqx)c_L}Y<;KjIu}UCt8aT7-qBoJ(KIIqhKYsjTYED?DaoW`=zDZj@Fpy5^
z^1Dj4+9UalFe7C8a4wJ<i;IgdUc6X({BdEr?C#1)bM+)g$IDr>R=K(^?|-Q7)KSA%
z7k=8$zcqf{hR32Y`{z#am!69)GN|q1=2mCfdHWGP_he>f9zHyBYe-weHxG{0spE9x
z!GjY8+36PhFMTaob;V<Di{)=j45v=|`r_A=0h6M))z3N#(0}%@b!~u1Hp3MM?eM+s
z)}D;-KXBl4X~~QG6F!dc@R$+QdqftG3uO0YfObDy^(o70^@_OkBOR~GpGtQ~SDfDH
zH`i}sqSuLzeb@Am)$MNVwNIYy5uDPhVSg_#!=(7kN4a<FPQmtzb4@HQE!PEtb+zpf
zU*Bb6|Dit3)&g$3d2{5~(vnhxsQmu<g-I=QMt(L?7F=l4v15ILAEn;AdD|<6y!_;c
zF`>72Y_}BTnmm@z&w9uizTbFf1J~tsk6HBrvd6Gtw{G0<>fE%GiOEv#h|!Ue<6hp_
z`R2`=PoKslD(1(ZuT$s9iz1J!!y@WfS`G`n-C@b%7Ihv!w%ZySE4t+t5plbq;I8f9
zGaIKwnKqodcJAB({rjJK^CoKO(4ld0pMkyrD2mAD=5JjFyg#IV^FYvGsWXe!eQ@dW
zFd*}G?n-!d&UCHiH=&oE-RHg)!DUaDnJ@4Bv#eYDcI_@-zFhuhR$q5d&q&qaP0t!f
zK6~A<@7VX|rgLmpTpyX$KjGG?nXQ^{aEmYaRQz@u*V;76YTL>{vn3lgY&bOTBRA~u
z@UZ1>vwXUCO*nPpSEn^=_6(ixV;bDPSK!owl2@-@bsxN~)zd;h$tI!A(4?{PUY&ar
z8`+yLteW?bh)KSbUMKpYYxV=|ZM&RXw=%#6K6o%Rj5SYo!ap%>*O-#}R)Zq)e!u%{
z{KT>`bsxQGSTF15%>xGx3=Ly(>H=IkQgQF?Rj{*P$)yfr7OUa=62O2q&d;$0h@O+P
z9X@C|ox?gXoV)n!rI$B<ZUN}bJbnT}{GN8aU`ZHv@YU-t?6aR1wLhQZIdb&pFJI=K
zd{i8LH_ugA%g)}uz0=q$N7qbW+HvCVr#s&+co#ou55B8z(2yIc+Z$Yt`fT%-yM5KF
z+vQ)sl(g=LHCVf8)2y>XleFKuCj|QYFa8{NYWmU^xr@8rEjUd)be;c@)wle{RI$;#
ztcMMUOiymgYP0v^u3a78k3CNu4J!|lZoDQ6Ui{$H{Qg<^sZ)=;bQ$sVQQl8eS$4w;
z#0F8XN3QDq?C9#u%zd}h{S=Ev+h>l8?a-!Zl&$RojFrlJUQ{%{Kdasz1J22PvI9j$
zr&5c>y`$DXJ~l1J?w0{R3vC-^MMXxwc>46|g(JoW{ZfJe*4#~9+TUT(Sze35maFG@
zbsllR=JpM9^M;Ulm0zFq^ZJGrWuG6Mm|oj@h`+!8fVqu=71C?9EG$gsoOt_U`-(mL
z8hLsqT}_q!-YlhQX<icB#`g94BzN=Xfr8|tQLT&(fZl3QyZx~pJDY6Y?Dpi&be}GY
zdznMt9o)5R`<~|0=CDnioCL+iEn{AdFIpV%NOdbM5}@>s9mM^^<NDm2Y;-eh*NN<?
zR`u)8TC`}<ikzKI`bBn6+jcEC_rud%UiRy0^*iRwXR%m;saNigfA{js>&-o-hF6}}
z?d^E`Q54oN%O@ox)q6<brHP-FBSfMkNpbq#Um}uR*NN3DHciDQKYGOP*s-I#XY0ho
zPDe96O$LTXTnGPZvqmWbHU@gNnI-T^IWRL&e66BgBhSKmhkvPc)N1&!VLr*Z#&t&>
z+Z~qIs_o+V`Db_jy7frM&+pG>!H=MTaGSQ{RL3<R+TCCUf8F@Cfl1R9YbLnW4%~dz
z*kE1smLARvhRRCq`Thc%&a9Lmqb#d7waz>-<}a@}xqLBr4qN2ax^-*u`xgasRxC1_
zjE#!$T%Wh~<x4NqgZBLve+9w}z@!UyZSCz0fwJ=8!6-X(tZCu#FDA3xt`C{#)A^j`
zk@4#-hj<whUjfFm3~HY}yEvoqRv=dQkPTbCw4i01b9;7o%8yz*?56<VGcTUcoLIKA
z<j#T7$rm<V5{7k4=wWZ4vT>vTxCPk`ligP~cs<wId0vk50H6|K%k8kqmjXAM4iO~x
z+r+Z5?bN8f&%WJXW>^?Cs()F0ZRgH4;NPS&!3D7Uddf5Vt+29b-TRBNK`oXQF}UNZ
zmFGuYSo*bg!T3-3<2lVFw=NIfj4$%Ke7`Suk=fqc*HsxMPtLbqwCMNo-C3;3r^dUj
z3!IGg%8Mxu8^Gdnm(-~rBEC}hB>(0br@q!JX0>nM_&`R7b%BQsje19ys!}$(0S1;d
zF{7PmPs5o%@mm3<2r~}9C^j}&n2?YXEsku}xN$fB^3O+C+Sh86<+-=b$Rp+F((f;g
z9BgIP(9X^f$dg~Pd-jb?IC)~s+V>UnOuslgI|n<>i*#{b*o3|4P{MQ737f`7jmn2+
zZ{4zG+)AUFOSfzpmfe^=Lnxa+S}NErnT-Pp!{3cPz44`Is>IWVd4>($dxS1;-2CT5
z?b;{QVFeCccYS!^!Qb6qKd(E#cbYT6z~o$2hfcm(L%KH~5dC#*e#r~N)0yoS<oXne
z_gpQRa;YxRVSPF`bx&*_8#}ILOZJ<{nf;E&jmxvO?R0U?h{!8*8#TIi@1CKPRl_Wx
zTR9{c7!T_g1wU5nyH9G@Xx^{<yP0!h9!aAO4caYxar{X}J%e7QpL*@MscLcl-l<c~
z!wxN4^lEn68z9o%*eST3uDG5ty&}S=;gLDzEoMwN_^{oT)toJ<C|?f5O5csIOdV}Z
zQu5|6ACzpJ*sfJ8mdmBwfu{qf++=?MddP)%;lAkTb$!O{kUTsd_Ip|5pZoxENZ;3}
zXOBh+%RaJa{8n0eU$Cn9)hoH_;?%rp4Z~}{DN!4;m7~SR%R45lXtg{uB0_O#2~bZ1
zl0K~NGxYO=T9a-`e%rpi$+R8Yw`bW!Ki{x<^W2mC6;F5hrt+>`ySDzob3y(ojMLyU
zuLbAQ-E<%snszR`Gh%$npqslyg}ZjGSrxZ**`g-X$H<yC%u+c_xV6=2*uuJNLpBox
zkvnAg;dd8J1eVb&f7(C1WnvDHf$Y_RoqsEP7ErhJ!@}H%S_V^M?-{u?X?SM`J}oIJ
z=~d1zhXYI(59Ne}w%t{`!z{M|uQ$gx82==Y`CYl56PWsVN%Onv`De?9cAb&a(R%Im
z_=$ea+Go4wRkW&iwR2YtTMM{Qeo77tGb}IvIN*}IxJ|dKIVl^X%{SU!=$drm=Is|B
zhHkhTM#QFHADo?-C~Mqq$P^o=gE1D?_j}r>x%9HKdUNm4xT2z>(p!s`zE@2O3+o@*
zeb?&%?sd^eIq!1Dq$4AUasEK?IMp3+e9!o8zP_2gimZCr+CEB-U%v<6xK0gr-sp5$
z=%>`+yq>MY#$}gWPU*REWo)xKV-wywIi)Hx*IoB88ha^YvqUU@^ZxynIHRj}7n2GP
zRZLuP@kp<Bv-a(CI%QgX=%ZXDa=Ko|wYb}~{nvLV7Z(+Ex<B#Dmdwn->n7K(-R}N4
zOVvrXg2lSHI`!V+#0IQ>f@I9>>HZ!aY+B#HyvuVpVdV1s{IVDFJ7aS1T9_^_u2pM6
z<TZm0o4!0O-k&?LbwcUx(0y661{^6(^W`kf&dhrF`0Snw7p@yOoAmmgQ}*3n1#Fg+
zPnYIRmHd@6`i9gtY!DjAdp~Jo`*6t={L}kqX@D!Fr%&n?45(jbc}9Tz)$Pu|-5Wb1
z)Nx02{{05*9tRFq<gFFmKU~(yb7C~>ba-A^<|n5|F3WvQ9hHy0MvqRLva0pYz5wxx
zCw+~4TUs(Wyu8a|^V}C_M>jDv-FqZ1bIOJdb0c!LCHCemn18nK*FA4;?A+vQ>hUgN
z#o_I*?nVw6a8OmMa#-aw;bXXp2arQFt5L!^VcPa1+%Ip>H?Q;c%al6a;sw9Fc>cVf
zaYMF^onunM!OnQAkq2zr&absf@*wKL+b3&^i${(eY1h=q(%364t&~u%49vJ;Y8+*5
zzFKs?&k)YIc8#vz?_2(IsAA;E7d(r1_K{_Im&X^qJOfnZn>Y6cmn1E-{K(<lnb)f<
z?dtPpUHy05e7R?jU7cg|noR~m+xaIBmS>jt54{~FetPzE>TY?XkdW!mpSPbf<;?CJ
zz+<*-*>b=9L;B2;vGW|8ak<>XK*DP?*SllKS(b;r_Nb!qoJ~omlFgB+_13l#2aWfp
z&1=?ADt&qMXusfQ-EMEbdvMvt4N)9k;BHr-5te_=eVUa#v`ee5tgc-*0afYvaaX(f
ztoYL-GWXxh&Yu0nwZPWbv`hEMI;JC|Hu6;}BO@cAcUX>Gd#f~T$7E&EEyc#TQRVio
zCJ(od%wF!$)Bfm*69%P=u8M12diGv+dtd7}!M*1{6<<3*L>7J&$<C~HNH{$HK+Ba2
zZC1QgO#0F`{<K@OR#tx20}AIKtT*OMk@1$Y0Yj&Qx!l@g-dyxx>eSjS)}_IhdS_f7
z|N7qV73Hs|ANbs2-}txQFHd*0bQ}6GBO{|*_wM!`5(l1AEM@V!B@AD1u176{V-;mN
z`=`|(T$WL~9x%yIW$)aVq-+n_{QAy;{MWDJ50};n-!^^Hr-${M&e?-!)m!2{9sl%l
z=)H@HvDxW!SIG<w?(7t#b{ubv^CE8FzC9p0_tNkY8%}O%u|xIja%t(<_jMW>P7O_;
zS@9{~ad+WQ9h!;lHm_ct4y2{*8$}a)_UxJL)6puJb?@H2^UEwNo^47hEuFVxho64|
zk0&iuMtof`CeQFE(b8p#(7oq!%6`8z>J`?mWy`{%qOW-YeOq5m0K8<tfcy84^bL1j
z{Yzvmmj_vmJDoqbue8)8R3urkdi51a?f4JL1+QnG6WSaY?w_)9{krnU-XA{{#kOg4
zA!BFzW&qs-5{I>KStz;^>XY*J(aE`E`b>Nm{`l*_#0%$Q_6$7pB<=O#?iFS4Om^O|
z*|#kwW<!AUoZGu2Qg>eD{$iLBQ#33fAZMvXXuEd4?}KG=wZz7Trj0vtoub$CxravH
zx?vpqa`vbEj)M28=56|I4Y{8gw|nnib>2q5*=r0MPTt7^%aXQvb6#Ga-@$F;#p1Uo
z=KQ+2YxkKmP5s8ScUrKZ$BGqA9Agg`JmNnZxz2Un{;?&ahYw%9sq3v5y;W1e+XoL?
zj>vfY@Zrwr{Qh>%jZ`MfHY<r$IZ1^-H&<Z}1$JzcCd(Ecy_XqRTv{@vK+)uR@DVHa
z%Y$pn%geWH;nbT}d@WSb+R=Q?%s{gP<I;OuZZCS6)rhz=(5lrnBcqpBcu7|`fBk8H
z!(E2EZR*W-Uk?_kzJWpKu3ZI9*ZHK#B~6wllw7&i=-Tzhd(-3Je^~G=)W6xBUOjt`
z>#?duyO){b+^J{0K2BzNE-8qa{rUNe7Y&SDLOk7bq(2>RI%m4ON$dTW^L&^1h*dn(
z<~|#O5>5r%t?=Ek&(x|_54)8KwN5r$ERo9(t6#KOeD=;BNwcxLjob^)bHvVdTmo?%
zmq^T)ogZ;P*=66}(cFE>cq?wVZf)A^DjR*?ZrHG4-MV$Vwl#Fw(xo%wR;`)aVlA)R
z?%lh`jUCGu2$ord_89l|GN)G78-RoBU;F1RPv&}U4H+B~(xQ3u8@F$7AG&+yNq+V*
zPrrII@dLvbln0({SMa;dqp1B|1}y#b<x62<;i|r|YX%wAK9)7B@vK?1Vqe~v@^IAV
z#tj-DU%5S}*&+a{M~@z5WH^{EUh&&+kDffSuWz(FD)vHt@yeAeffin1nm#k`?PKpr
zlP2}=-+$Do2dlfBI&Sgc$@yjR9h{y&eHx`yvKutWS01SM>hY;|GhD5&PMSBI+qLN&
z;!=^XXyleUGiS~O+oo;XwtYW6s59ZCEj}aMC-2s+TbC|f%FBC~>)A0o<xGT)rNP=-
zQ`e@B`+dTM2_+>Z9XfR2v^amkDJAuBLBZQGeM}ZTEi7!=y!qq8!iZa^EJ7}Hs^y!!
zcW=qVtXXbuZpH=!Q?D#pvLtnBBle8i@u%~n_OD2^H*n$a9KvZ4zhFV5#*OpDcHCu~
zzosWAyKM~tu)VnW$(c;A>Hgy<z|Rw9Tv%Axq)8QaPOo=I<oxPxVzS5!Gk!Cs?A6_a
zdw(9<xoKjrXh5|hBO}|)@8LIKR(5}N_YbSBCxuSN!Nxv)`t%d!0iTqhR31>BZfyiw
zvb)KmLx&C}BqW@S2$@|rtnQm5GkYg05AjWD&uCd+`ERkaKN_U%0j#r+%43Mi4Tgov
zRV>U~hDV672$39CVk0BsJpBh@o?-=|qAJjt2}LmyfygOJE>q&M=Ijd>_RWAUVs8(B
z_ie7Drv4v!sB1p|$xpTMAB>>(zuL#Q<3H@|t!-@d<3D=#u&Rmw_-}mvLFfN!@_*Kx
zA*?w=SaXK(hilx^rv|^9UA5-uV9n9Nnxlg?M+g7E%KfRErAU{o!49e?ZB%BuKb{3t
zh$sWhGeqVBC78)T$&6e2c{|B`pjeb5N-f1<Y9BMej&Lbiy+ey&94f&lS?WkHv!|v=
zhl_iFBjyc<$cOpkL|AYf`3J#BFeOJRIte(;C_s-Dgt_L}A3A|3LKAff^u`oQ2`WAX
zg$PJB0LS8DJi3OxCik2u28b5gV_!<p9YHn#$iG^~VM9QmOlWGE7Mf&6PqH8tUAvq_
zZEa#G?a`dd1Eh<e%VEZ<7+fh~7D0)SD)_k60X;|+u?OO$432@S#6sd9UHXdc0f$UI
zsZ&54r=%#Q3?D0!!@AdmZgCg1mJ%=u2@W%pR#hcS3oDYRp)ypkOHrk^7_tm1Urq^e
zK<2|?X?I5Q(5e^<&R{GYwgMeP)vt%H(;hP$X%%cnP>IdJ#B91($&7<!eRt5NCVwnk
zF0ePj=8$VPG^eVG=&>b%hAnaEY_IgFm1MG6TuI_irQPxE%(29u$Qp|=vc^`K`b;C<
zkjc-qB97jvWzEnkWs_5o=?m2;;n!$2C7Dn~+z2WIrW<A|7vhB2k<BRZM&1%JYrYA<
z4%SRSDn@O?(pO+_>!B^%jEM(ay5JEe(!md|fVyr@4?wp+atP#>LOCf><6O3z_6wp9
zC?h4Ex>A9`X;KA>V0JTwUd=kazS*e#2(<7Jq4^TNRH9Ic1UMH%c&ojjO@9g1SU3nx
zRVW-5h_3=YF}6ZYAA*8|W|mLlVlG&?T3!WCe;eiL)n;qv1J8ShQ8Y&+bCv^LhXhX_
zOYl_-{O{zLRFH|{z#ggctS;yPsp6#6WNFW}w$u^ggy9y{IcBh7QI~LB7Ssu0Y82$Y
zM=Y(XJ+CX4lZ>=F(VRwtN<4$Y3PKd22E3!1WQEn$RI9$Enr=BYU!bFNATy#L(r!f)
z4Iwt+LW2s-T@8>9+^ce}|IqL(^<;OldLpG2f4iC@S^dkx9##^>scMY`KxrjOBd9?m
z9z;zW?0q>i4<K6zlP$_o-b`5JPo%;D$tD;mLTFRS(!3i&ga!x>YtBIw7lK{FkaiUm
z168m9Z9tO0tKgsTAUz>cW4?o2!rTH~cwSo4JV-B3A)TlgBC3og@H#WnkO^j5Tm4+x
z@L0KizF%P#Sn*Ba8y(u#P4cTfOAcWVc!rW50f~O3`~_qcl_Xpetw!nC!7m5>0&}E5
z$VdhbL`}#TP%}Tao4_DP<1sjyB^V}jW{TRVj{s~m<b@g_G5Z7XK$T3veiFmvkeW24
z0R6!|AUi;=3|}Uj)@hcRXc|1BXI6sAC`Usw4rn-^CRj48+U{vRpxROBXM(R1_9(S|
zCBT0R&g?1y4R8Q(gm7+@T3`WoB$uzWoTvotMniyuw-C6gMAwWR!6bpSF#+DL(x6Zs
z^QWp_LMA34rBR#@!~vY7WQbQ+$)hwn23x1nKqZSG7ibJhc-|e-Jyh+IL^A~<1u}@)
zV97{Qtb<GrY?ul|O4c~6yyAdEYKym$lhR_i2kHnBC>`NX2DTUCR^S2$gB%Zu%9M}|
z4VenLSR|0Z=S3<3mqSw+f(=<DIsQshMEsHiNtPBoN)bHUPfE)oDf|wUb~&T$qFf@?
z$P%#gs(8AkjwH@Oyh%dVZiMRvmYASzsBmZ)l)sUB0D5G9V?`L?0rcDy7f6%>N0~?k
zuS(=G^v0D+5SVZ^VJbq8K&_FDb_G+~=Fo~*rFZpUi0Qx(C}Skx*g6V^M$yzfSiN~z
zgd{K-^(aF)06PG(SV*?vDv-DkgG(v75I_?adL?v#uF>!;E9p|uzKzO&!ot0pEE{0r
zXbr$45bGfU0%#uvK!uWQBY-n9=~kJCo;Kj2H1xC)Pm`y3kW6=jYpQcVKq(;cf*LJ@
zAVD4p>lDk#q|22sktSkLWG7pO!U$6ep`}g*B$pIkRHdB)iYy{6Re)aLk}(QRs$!V=
zhpbmkS+;<PK}mQR?U+yq`2rL8hEhaLmFgGMDf0WhG59N}N+pn_K<W#oP8X}iG*e`2
z=LF^sXaTBMB8?!m9EU$K@Jd$&l3u#g@qj?30i?^5WC}=L(XbVW1Tkt>%aP<GLqmb&
z5egVk^HQ+s2X&W}Obkv)WUxB2ep?DAQKpqQF6Isa0eWXE^omdruwn`{duSCDxV>Nv
zYp_eC@UB3_*N&Q|WN`L0DZ>?r2#DzP;@XEOt0-mLVC1zX3n5dOzyZLLP^3vg+myf@
zbc98O!+KRIgc3M%KsN|>WnMuR_kf_HggYoULA6^u6<XV)R8V9Uru9rN+aDnb=v%?e
z!mi<=K=3DY)FN`jG54Zg%>=e~oyfs`d#6{G<Gd<k3nU|2OFm6U1|b$pGE%KFr-T+j
zk~Tx(q-qZI9j%fv4Y;3~LJw`7B5OTVKQ~H<Wv&L@Cff|68%%6Z8u}qSF-P(Qjar;<
z;Vu9W=7cd2*UX%Wqbg(=)Qp$50%<`-5({051hsD+E1zhLpt63()@D*?%B>udRsl4U
z5VR5nuTYO5J1)RlS^?p*No_G&jm81_85kpTh#W+>Es!!vK-rXrASLNC$pOjj$@&Ef
zwjSH3-Lh3~0UZO#XaGkI{bj6#!w;_nYymTab}BByGIW7UGCvc>3W@EU{d5>HS<`{t
zM<}IxAjy?nAfmIm!}8$_{0I|B6@-XH3)%rm&Ia6cKsU|IH6{j)x0_k8y}t-x2($*#
zyF&B61`5HnMyf?FKBVJn2uO0_Gy(?@ZwQSKf)t~)G;FkHGpZmkU>orLa5x0?KHMM@
zAWI-SP#-?bOh&gAgyc)yff}Dmsiui72PN)@qzjs%)UYOw!jY~kj!OycbJRxDPFB;p
zc4V-eM+_=<0|%vGR&lRp2}l!ewTnRBHX{=c!q-AMY9NS^f5B}Xt56C@jQGwnkzof6
z(;8K!hvonbxeSN!ph}->I;Dvbh4WfB5xPtdNZ%ky50AbM-5SvU!VqYI=qD!?3cUpj
zsCEp<UI@JhI4af#6hI}Vr0du->4qo<3PvuY9Y9o_b*ws}0nq}cBZuTcBFcN?sA*eQ
z8mq+r-GluZB#sgz^qzwIUm2sR^#Zn@sB-f@jOLNmSw<_&3caN;fz-mmRH||m0u>c`
zl887c<(NjO9DzEma|c2dUN_NfaXtTorg5}CXci8(iK4OrS$FwDptP?e*g0rb`yX*l
zGr*vI?;FnO>hN97^d0=D!$ga;;3u?jR4SjM-wIVoMW-dLe1YpbV4%xWEArxG(m#lY
zl@-oPpw~!DY#mOk*8@^(2@ylPsbUzq(hjbXc7W`wqvTPWOUIL?rCbb2i>6nk6^3L0
z+WJF(iC@8%t7lm7?jPY;l|Z3w<_|J1g_dDKXP^kC4MqMiK<KLAQwlvkg(1bF(r|Ez
zT!?G92^57?_}|Xbn2&`6>I73|ew$;Fi=dDJExY<vK)1iQ3?AVkl^U)CQ1;|R6~+ss
z;30<&vQ^MHLXv-mmH}ikfdtmP(h@6~)|p>9!VXH5jMueJaGCy47(VU)kSw8T5{OXH
zOIjHUay_Rlv_U9ENZSDW0~+}l<{pN6p`Dfx|A8eXeZkdZ7IohYM&O}lzqh)iZyBTU
zO7kAQ^N@o83P{y}R)PJHw;5~<u|ge#fI=5D<v_4N$Whc$CQ@nvErbj>0y=adB1!=w
zYHg4dTm1oWDHT#F9~VSc3orVC?_q(vhzQ5W)?mRu0}BX|3J1Xb4t>*k%8aj2NJY5(
zJL~KM=r|gvP(<M5-(<mE6WA0+_4vb!%v@aN*8Uq78S|)O-!S{AvT4v9AD05@fihPB
zKnYN}Pw;{XnkaLgq*)F&!5EUJkLrd-`GsX70WOz7Ylwy`GnQFFqH>io>A!i$RxO9>
z5=JD0Qlf{Bb&IOttSfZtS@Eli)}e_iG#k>zpefaZ3Lb*gQrm&P@eEd6l!+u7hfG!G
z6Slr+smqVFqBhNgn4%^7FRK}B5##x9Myvj9a;#eU4KY@&{3B8<LI@K0|4DlX*+bRV
z4$a>`WbuHL2ZEnKT;1f+O|wv-ph`ud96&ixvUPdHcP$)LRdYyKqm;DZK1L!_X!t$U
zwKY<L9=L*OlLhLZ7E-kPne@;>-$Nw@je}_sg{cg{MA3+jlEE49Oa~SI5`#-2igLfx
ztF|SochZAJ8;kY&#dHb|M@g8cNhs^GNb{$rY0V5t|0^UqnAVuj(b6t55K*nA()t!s
zMHFI9uoeW#*=SFJW(jF`0jZM{qG(gKS_UWq!*|MHGXgMl0T9nb&}}LN3NCH%U<Rkj
zLCcIHuiB{!nbqyNT6>jCmHq1VC!}~Ynmh_lRyt^n5kkEfZ?wOuEomY*(cPYKXKDte
zrKZpkr$HQg{BV|_cez?anUzS}H;clBTF<#TiCWc;0RQVFz@_21{wQ>NCApF2o37!G
z^kaW#R>-vtqX3k!Oe&N}pyNtGR9W<xiB-5P3I#)JI8m^NuZJ7Y5mQvzZ`E_r>zk>-
zQ$Y{V|Bt%TBNQ$)C^h??+UJO3X(BHP26U?qN!FuMnht1c#l^e<Vb=F(R}n`|jfZsl
zY2&tF&=?s$O^{|itvwCxYnezYRw&U(U~rHuN+cI6P`rRtZ_54*No5SAXjlZUL<Jf!
zLcv#xAk<WnC<O^ME!sJd#$GC%MMvVHur~&V25HnU%BjU5Fu1m97&C+mMSvwCg!cb-
ziD?v%&tXO{YPmijgUD#efH)$3GHtvqMW9J?LlQ4k@E9^gAjLA8MRs2iZQ7-#1W7&$
z6sOu@s$`nkRL8HGCTKdc0t19rh9kXJKR5<zz;gWsl97&8jiReHhHD}MNKsnH#)q~A
z1q@~7j_8nQ%>rXO!7ShB`vQd&ej%!3{Skl(QjdI3`q8oO(uW10;-SG`6f-GR%W>j|
z1_sZ+erI6lk-so73Pq|O7$x451uH1$5JL*BCaA4S`4&FQlyPZ2z(uN+{e@&~4@tq$
zQB(rsYl@yrU=RU$z(XQLWLa4$7M-IFj|imQ&(xU^<i~@NSV(Qq?*<2S8Ge^&YRP;@
zZvK-lu}}_713_I=C{-gyd{>0@*Pjv<ps9~28Uzz6Bt&I{J;fO$l!l9h7Y2)=FpD0Y
z)@Me$|KVuqt58l-YJ+a!8p!o+#Y|ThV~HgM6yUTz?Mf1xZrBY&*wMOUt1bVoBdO^{
zyCFisI6R?3u~M4aOO>g$F3JC<mpyPGwfaInBaWGj-iC6UcHuOQnu*46F{;XnW)tcA
zE6hxUe1ucbKZc_H(b7P9B0>dOxJaqFrS*1Fw@n!P3Uy=tM|@%5I~4Ty`L(Jfgq5fr
zkd~B+*zZ!hZ%?X9lPwwXU#-Dc$6%{#sFgD`HyFLaR}+Hon@1{p3t|71$M8Q+7D=Bm
z>Bss1hcZ$jXH|#~e}*bz`tIxh1XZj-zyB8c0dxWaCTI<XcTzj%JIA8{O6Y|u+HtKo
z;D<F>e0#1H=#LG<EYZf}VlHGje&x522BeapkP!GXg>ukc3%3p(*<7t{83(s?12akS
zjbOXFyF$s^+ut8Z`|#)yJpH5-tq6w<A0en?IHdGX34EG{IF-+#vT3&hG>dEOZsbMU
zg`^);qvL+iFu}@B0$Ei7)m2zH;ijOiod0p6NGVFXRFN_bGkVa_Lg}9&h5r^b0{TR>
zT0&HbN#81g_lIiW8U5pn;2ANh;2EJZc#P9{s0yC7m8J}yE%?*M!OGUbzET-Hqra;T
zo_--b>|a|6?|<`Cb^bRsVfi=q0kgdIw70J&{~P+~<$ts5VQbIA?El6wRQvfK&;M5K
z`s<{U`D=ZAr~adjwT=Gz_q2uUUz7juKmYmX<^OZ1BW`I$Ax5H#L)FbyWYKT>5T6W|
zTbANv^0$9ml0PcPU)4$ejQ%}Y{`i_Cc>F(<+wae=@}EfHXY_xZ!7qUN>mQxB5B>3H
z^7RQ+nBFkInW2m!u9|2P_<akc-_6~JzWv#JeaO}Rr_=S3-~M2VK6qeSiHUK!@DKF<
zH)iMa&|dpX3Hqo@HOcvYFk7VuB~UT6>mSO<r+}Gj{;ouP<Y|Nd^+bFGbJhNQ20kOb
zL$uTalV&3Aa?^$)FL)eU0*^Fc)T5Xp9I-pV2qgmOIH5048H>1VmvH1`65}ckcuxWD
zDK#$>Vwh+K{J>zes8WQ(6hCrC<}nG3*arJ2OmljYzJd-7K@Np_BMmLEZ=8w{VMnV)
zpnKAu1ZHWgoh2G;n3@jBbESt4=4tC(&6!OAQ^=I)s0IBa?=*g!zz3;`Fen#B5)JC)
zCp?O(RAFX%@0yvLqqj-A1R(-XZegT#AEqT@yvj8HQ)94Di3pVm*#?Ys0iCLq7>ZM2
zLwBtcY?+R#G;t3K2*h|UuD%{vlt=;RNIgXNz<4+`6l_noAP*Owht4ZzXxBoRV(@?-
z6co+ut;{*-vIvMSQs!lF)to(I1R5VM6hg<JC>F+yKmZYJ7%m689|s;AN3D~O0v>3>
z3Cs<~{1YY|vQa0K(cnfu0lLVA`CvHM1P<dpz>^gsDdwZV!6M1DugTDL?r8FQKLH-D
zhVlPZwg8V7!>-+-1(4YUxX}-#iqyV0fenQ|2?vY9ByubYmnaFaxL`i!7>XUP7O-Yy
zunCvU7-ojxjA7pX!5%?8@QW8f0UBKnaq%7G5saC2?Lu_rVDP8;h!LPqE*vuajfRN8
zYz{V>klY8L0~kMt(?Ol!SJh)NA<+gSTO(I5T&a-J+XJmz6d0}w$lp>7T3b0J>OmBa
zm4It}<mdtIq1p`L5|LDhnj_fY8My!GfKSY9+yoA0f`dk5#S$rMg9H`oKo2Y?{-6y9
ztPAMR!vc;A{tX}xUZUm>{~~7(r;p~XCZNy_$A>TgQU;PnKwoyH;eZR&cqqW3pj?<4
zQ5mNagO=EgNL`4En!gz*r<teeUF1U4xk9aqQmaUs2<RqNrUH;XHGmCY^vz@9<h1pW
zKnnvsB%mJG-TT_7tKa*Y7j?Eg^G%&CubHJTO|49*QQkS~DwDc`i=fRoxLd&0aJ3Xt
zIz@OmJohHY=yo)E6uD|}G2ur0CcvOm0kS)COPXnAJ`M)uChcJ+umz+F0WPHj*>w;?
zFa8`e(|y+*A+$=Zlw+Fy%*+vnQkTg_snBM42kt5OpRqq^Mv7P;n5Aag5_oi3BqZmF
z{a_jvBo~@g&0Wwv$XcppASSZ7Fd-l8eMH5C9Et=08Vz6%gF>|M1V};viVe6^H<CC|
ziWFgD&cI(x7lAP|lP&~>vpP*vbcz8M9smW-2V9*I?nkbuNGgFLM{)$M2wcgBwO|Aa
zDI5&)L6IoShPSB*c?@hc0flI=Jtb&Y2%n4qEF4@@LAeB}G%(!;OdUnA%_MSxR4t@w
z2g-n`-8N)LqA@T}r9>r-qsWA|PqrB#e8{^3TZk2lkhBATz?3Q?6ubfu2?5lccG&%|
z`hG~~kB*U+bpP0D+&?zGF&k?KJ3H|2zvlj_@&5eFKGoX)nTqIN?BhH3e=9pXTYdXK
z_@l=D|KIr3*#B$n|NpmDerh}cHJ*SPPe6?);D5jqP;HqW+ElDpriY@Y8ZUs3<DkYB
z@DFkY=z0Pu*_kxsXjYH(189RYHBVIv&9vcKacwlqjfDbz&IbGgQuGMjkjx+4-c*1m
zvibudMywD*D*~y{lcD$891s{4s_B9rz_q!a!X@;nWDRqsPA%h+BA9Aklfz2C5uG9d
znwJO3C1cQ$z{-8Yy%R1O1LJ}fv?)QNjgmIw!}|)g9GOb}B#|O45N0YSL~`?QHbW-P
zgh^;IKy+csbvo>p`I@)J+94uTI(G&|2~qJ}&G{TSA?5?sM6AR0wANiuD;v0;_Im4C
zX~a4Js=je6X5+S&HdQuGE{1l}2nGa9tjGUz-9j@Ej@dH$wgw&B!oKbF`u3B^!Ln=m
z`EH}k-EVD8?SB16HPC|R@MGys0%zr;9Y459NxO1IEZ8+tDYVCdNs`U{k-`@y&QXA#
zLE9NTs4vx!Pq?G0svP9`EHgsHNR{#9vI9ntoD{W)Y+XVC42cw(yS@o9-8Hbbg5a{H
zz@<HK5CXsfn}=_S;rSXe_aY&QkV8#H9s$n=0PyMA4=M8>ay5}B6O<(Fh@sj8x*=^_
z)|QBXOHxI~29o|bkkbQnLjX^YpkC3HaH(jF1f34oR&3C=RAoFr*&_1=s-zKW6)p<7
ze)`S2$C0IQq|!L#o+MozN@TO7F9SVNB-9@ZeV`ex5*?%udZH*PrOpugRUb^{d?Lz`
zG`M}^+dsghN$#@$3%e#VYBDWPq)pR?vS~s#h*|e^u<qqxYp-Y1tO;oUQ=e+>e_A!~
zFZb~s`=70~mA?J2M-SVY`rrSRPmTSr#{O4h|NEBxk5<Bw$?v<RrfckeHFm!myI+mn
z?=RW?YJ!3P?G`{S?MFw(HS}Loj*H^JFdUeww7{snjiQ4f=Y#32Fjzqw#p8(NP(_7r
zFt{RkMpJeQZ9P=u&`lc$OBU8f<ps(8TB*J^X%>SjEF+hXMvrx*K?B?MpyIl4C10X~
zA<DW@KDrMF(E*fH@F0wa!eRK11wYOLh7nQ`WZ^g=Mus#!jhO+YaHUA3t$7TGszzx8
zfP_H65ZZ55JSG>IjT4$u$5oX;qPZ@7mgc<rs}-ZQpKxt3Gp*gn${Y?78kq1HTp~r5
z1b9~)i>+nQLI#6o6t9BOTTJkiCOT-P;fq9aWQ!CDVGI{lVU&aUO62M>q~!q@1O#J4
zNZSp;Fn6$HB`Ptq*`8eTjb7X_T-x}+(>3^gqfg8Xv=I#UGG#pUlL(XwxGI>70Om$z
zQ%uTSr){Q%`CE;{7PWKInFogEL4jYJ^@2?rc&v1%LRw^gtiLLH32^hqdckUCI<4wj
zp#PRx*yyc+&yTGEYJ@78inKD);5h*NZHJjLfvvj?48!jav`$qB1r6%0v2NRXB?vW}
z9MvGyY;=f65RHOSG(HB+cC^tHRU5?RFv^gA8w>~$K;&Vd5QzOPzGeweLZD)|+$eFB
zF0)`3zr~_};=si)?{F+mp++%<DAM`ItLpM4avYE}f-G9=N_|6Z+asC~B$A4tE@Q)C
z;~JP!`JdqqpecwVTyOHEI|El~NE(|SIW_94XqHBLN7<}t37(`{VmrD#s||Dyz_iP7
z3796}SRCd(B<;Us*m;lw7SB*%-Xf)%z@-uyArQv_<{=j<HK}RbD6<<vKAu8T@|M6n
zVS)}qA;mGWupSk<E&8$Y(k9LW&?Sr^n{e51=jxlIE8`T?;2Vpw1`5%H*j0~@gLw$m
zIIM&;5ayR+<YVKBC3pl(jfN_s^#=>C0MwNbfW0CYqq12-wmUADNEH}QErlg7QU5?r
zjDz930+_{<K$ZZMmLB0b+ROlr#JETbAgmIDZcs1o;I?F}1auoH5-MRw5*$I*R|FH+
zgW-89gc7+}!APe~t*JG=ri?PYaN-K31lEd%wrl3PQteBm5WYch8!Ld8Ef6DsRk`RS
z<ijOOLZuJ?SiI^508|<0vi%?^WMJH|Ko$vrSQx=8gQ;o&NC1~q!GwDxfXLywOGE%1
z{vt8X$IKurGUu?tHj^p{u-gcLqHtxZ*=b+`RWBxHrsaF)+G4JB!EGRyNEK1&d=Z=w
ztd0p2)}ZlJxnaX`z7p2_0ssbzAB^Vb@|7me{pnGmyI?BlHd%3_zqh|fAR3~Ze_(V~
z6jP%~Q#Fw^+B7YC^rt;RRC+<Q0#PK9VW=q*DG&qUBNqMv7Quloeil407ykjl{i;AS
zfsWG7Wdl8!bnQTb7%P&3nTdYUz-uU=l#oW@QUa#r!NH~>kD*c6N&yo3LnyIKsR=dL
zMd)vnSvUu#pl@Yo;ta1LqYv0F%(U|V>mCxVDF*pRY^-(sBfT7KdOKLv_(y6!Kk%v6
z|HD+I{$d~B@&8!c+V;?o|F#CVYy3a|h0j0D|AT34GXE}r4(-sX(x3D1ap(LC(z(=x
zaM!qUYFs%ruACZI&i|$>hmJU)<pkYqI)C1Q1NCxEqqO>6jR(SkEm6^yJ9y$8aXLQG
zi!oe)3q>-C04c*TPEn*3NPrF&rB;HS51ltE4CfOHsahqH#*wvo2o<unXpcE76>)&C
zqcht|%+r66g%rj(gRw>d;U^q0Mx}_9so>t_(%uPJjam{8-@=J1Ef_#cmy-!mXxWIc
z6pF$natVrKCbwn)cnBj6wP;JxQ|7Y0RRl(91*EM&&j?gypAm93>WqHTG9rp*7@mP-
zF=~dJ2ik@tr0pO|%?IybLIq^|2%3M%lE{t}iJ~wG3Sf<jQ$mfKG;v9hicH1XqG|C(
zQbjCR$1y`hNt6<mHaicR3mh=a%)_RQ$!LqH6ey7oH7B?)kZq7$ez^M7k|U4-ts5|p
z7<6J@0hTQiyh{#CAqTsIN>zZ2R8(h}gfw0YncZ;U$$dGxPG!eHr}SZUWh4tgo0jg`
zd^`%kD@rMWsdh8~f#3&IW5clEShOD{s8J<GNn~(4LJ;c3zcV34i=t!#BRFb}9a1N<
zm^8Hgr6t8wB3xFTg&0{GMUcNz-UMpVgc=;ynB!n_YA|{?4H!%zL>!?_#nu8ERxn;A
zTb6dxfw1TlK~UX7sDXJ!z?x4YA&1-&VB0{wAwtAKs|>dT;QG)Dz=tXVToW9v0$Y>n
zgz4#om8J!f$_EcH<nqAG;Ch+_Q*W4<qfUe(T*{^}iN2-TaSZCgVeAX~wp1dMP(7d=
zA`m77o7~qNG)@j_;Dx_MXj%wa2{DIZ*yUgZ!e9t=<XpCdq17U(lnpEHp$a%Uqaz*A
zD!Pgn1tN4JAy!OzgETXd5bSWZQVzN#1JPl*K?Uk@H0AY%kCVavaB6_c3lWji=0IVj
z%g{#virT=+4BEw|ZV_UfPSykA2D+EX+3*rQD<vESp+Yskq%g%hX#>}rt#<#gd0rk^
za6o_FV3!~d%sUth3<?PGcK2|{Ok9G&cM}da*qi4SFo=hNCxTr3c|);){+NsZP;7v=
zzdHx>_<!tO2V7Ih^N)%Oky9*ZMST|)35L)`K~Q>;CPXYK7$86-B#;CUv3Jjco?=H-
zL=Ws0MXXp(1rf1hN5O`QiUkq=yZhctUP1s-&%68oe4jftuWXr_otd58{myVNZwDVA
z%+s6h;_l_<;sEZsc-XlOwRiDw!fe5J9-bV`&Bfh?0}ADMVz5G@C>IAGSeUzmx1BTi
zX=Cf+=E51lqC2{9JYboQp5B-Z=4Io}aj_ffX5)={4fXc&^l<>y+k;{~Ts$1TK`jpM
z4jvr1u;u}7Vh+CG7v|$^<K_nIqT37w&G&{4#Oyr1MtHk8Idd>)Pd9r9aMRWSG!4OG
zp}Ih??A&Zz+*z2tjk}GL1NzDnl;TZ?ui?$ZhB-UHTd+PG@Sh#W#nS`!!_L!#;|+eY
zKsUWPvQLM(_&BgI8*djMND)VGPj?m_(i42)i3$PVc{t#uKw4u8ECH{;-$Q*IWCddO
z4mNI}EWjTR1^#_WfVv^^>3=;Y2?de_MW(4y!v^4ye6Qg2Pc)K-UbV-6Wf7!ruA`p#
zueqUF&Hevo#y{h~KjNC}<>B-Ty)zsszqmNtdxO8H!2i`7gFoFyy<0=0bxn7%x8aPt
zS(+3#%4gV}S1)tVwQ;tc@>d&d#?V1Cym+mHTkA1|r}&nooV%GroRV%jCC6DzwD#QW
znY=LNs&8R>%GJ`Q+bo3Z^n3iSK1bJYk^6qyZo4)Z>xSsXC#Q-K-JS={&(6FUT3MBt
zmwT{etz=T@z@v9xPBGMMvSX)qzrnrl1tbk?ywh-p+8D0C#<3GwZKlkO>qTo}lAyMZ
zqt}8?x3IL-Pg>M}=9njHm2C%f%PT4iHeR`W`SR2P<Jg>(_EWO&Ul+v0$A3C{`R2vO
z`eTBFH)dvLZrL(8jRU@v930htUh2nr+4nDBxia@uVCMxPPySfhqnJZ8)Evg)JS-_G
zcp_~%yUDaMetv%L?(S}GIluqfXOPz0cki0f)*U`<HDJK4NY2NPAG5Qwz0=xF!_=qk
zk0_j#{rT3aUTw}6Z1yaD{``4qY0{cCe{%G?B_yY6+bkMCZn%XpBl|wBS@tZ~eJAb@
zN(o%y)9CWmtHqBVrEc74@8}4Mp$!s?#ZggZDNYFjfgmt2(A42{$(z<qY1umy6Ms$e
zI8#(saBi4h;{N^nJ>1;fJUr5`JYBbL-GVOWfva1mapH<j&wF;Qi|gP+Gi~R-JGgrF
z=m`Tp<(g0T_L-=m#<^|TFSP4+*Hnw~Z^OonxtBh4i)rc({d0$6Us_MDn(+R`ZH}Iq
zfx(XL+l6<JOuX4SqO+l9pTu+b?{jIi_N?LSCi)K_-p|_l#mkp@A$weU{;@0Hc2ULi
z5qCn9t)4#XVy=~QH#zFDmw0?;_2o5BgI_eeUsY8#ckbMsJ9qN=jcp8#j9RN5PfypQ
z(fVmGv}bhE);4`3!PNh7-q^H7dpG@wV6>U8a_*TqzWnL^?Ag^-?~e{n^?n;gS6h;n
zcEd8}meHsR8qL&v-qr1gck>1><fNNwi(h1}n>$y7M$>I~F6XEqB4Xl%2{&)vY}2+a
zV9={^1CsM%qoVRF`y{$rT3D=b)0uwUa9}4cx|S?ivTfV8($dmk<4%v}O`KTd;?iOD
zsu_=uMpsR64=o83z7R3n9d?iKRl}B_j~n1G5*f_29kDxDBgy01QezseM~@!w-n}yk
zh!TsRK6%oJcI@1_bGf;o$lTkvlk!S3GBVzmm$z1*@%F9MO>N!rt5;*n9-Nxj!JvxQ
z`u+XLemYC~@435T4QH$W#It{1y5=?f`o|ZC%td!5_}slWzxqvb_56q@M<;xIePU({
zD=VvZ^qF}jKrUy@n)S!o;4WQOzkV%lJoR2tk%?KBbI(<4);xdlqW!#6gO{_L(#8k`
zTQ_Yg{`jWEHT6<qp{2F;q$}w|w{PEmeUn5dp_^5vq-5bBY>e^BzJ2@pR98Gsnf$PL
z|BChzl06sm^Fy9^$0k(=4p4vp{(Z7#ESte#Fqv})VShb(z1$$6qM~B#Q;xsCe{^*D
zg(OR}2wOWB7ndPJ7Q3eI&d5mk{dc;i<_rvo)|A{3Fm8IZ4D8rA+b}uLKv%b;wzg)g
zRss9QCWbJ)d`yl#TI;>V-9T3_@z$l?XKvhxDGunEF~u)K*x$lp`{+ZyCT2ag)HR#g
z`ON_hAJA>bwr%=`hF+FUqGDsacY{~4_+ZzrU8NRDrvm$1TDF~g@*oQc&>$^oWTbkl
zR-uL+#Ru19-w#{+^7f~M%*@{;fy>VS=I7@<A#3@<guv^K$8@wF_iD_92@`-?c;^xt
z8X6H%dj0x}*|VL%NWXXQUh3fGgS6()nG+ck1L$gIW)`@sUymNy*RI80IM>-KCB=By
zHG@>|#Fb?`Z<tzFw=&t%ZrOB0^=X>TQnqhro0@V`z0JU%zP|LCw(;@tetv~c3Eec*
zrp=!}KPM+=!-fq{pN>uAxUTnV+_>?El$7X&Id7(J*x>PIaCh32g$whGLxv2RQna_E
zW8Sns{`h0}o;|I)TWe;6@*6d3#OL$Zu3d|%FI&F6<k6#T!*@+{OiA6mIooin@0O^3
zx3u4zoIX)h9`x(b=;-RLEshly#-CrNzhJ?FcJyBT`dz<p!Q<2N<m3Q<|2v?&At}G8
z9luey;rOEM+l{tvc={y2^{?-q(ahnMu`&;^aIXCZFi`q0&NjSt&HPTj(ajtE^|ajR
zGuxzbdM!z#(RS`W;Wwgn*RBz3)(En)!UTP9=jL9hEbg^D=wfx4m#)-)=2Y64jxS0}
zBl!HXw{L;^y!vp&dN0kEEyuoF$?dp($Bw+bJWp5G-TU|V?OV0WC@!k({H06VH+#m9
z4R1bscD}IN#V5YM{g(5W^LyU;0S_JwNaOTrD-I10e>-WhwLmb(q<bJX1(=*WM<*w{
zrY>8$v}f<$P7V%JvEd^}R(vQc0wWHL{MR2RSSKehTC^^y>w4~(F%OD!Pj@l*U%D)2
zweK%Zj=`r+8O)m((9MG5s#BD*VR)CmYDdaW+YTFM`F8QRxcnT04b|O$omgxq*}Ps~
zU;o<n(VucflZu`_`vl6LHf`GV>(@`7wC^~p`@l(+l^-QDZSTK$(XDOUq8Bd~>ewc_
zCM~}<zSwQ3zyE62)YE!zM!p*Ns{Go-{Sigm{Yz(uocVBk`n!h@tLL5Fd?@qX?%|jD
zt#W@o2FC8_QKNjfkJ6wGvaxBDoYx(Uo)#?%p7-x^rRn+L^m!e^k5r^@O?8;zGV7P@
z`xoE8STMf&vtfAnhN)w`(=J^p|LgIeIXQVVXR+^<#pJNGBpE5a+RSxLZA@DS^wRF#
z;-b?FL`Ofz3>|s}2s(Szfps?;IjBv$TymkTag(FxbFwVWQ(Mt!$pd$XU-PW0y1UkT
zG;dwn2*0*><3bmIOfJkc8x<ODI*c}C$dDH8SyQmb?@9}SqF=SgQ7=(%vGbawBs0r(
zvzYp&BX>W{S*G7VDJiA6q+odFp))bh543F^mHy|SJ^`VxURHNYkyP5Zn#ZfI`oy)U
zHXcGtN=jPwI~?JyTj%HJ|JHt<S;?HDq9Q|0(cL3f`ue$%9Zap+clSLzbKt<6D_2(N
z$G8=Jd~^Kd$$2YR#-0l7I(otE=H&&RMY(gU3q`}8v|Z0^?4_3o)arofryP-JNAcX^
z${m|GJ24jDIx?{^FR#_E_mkgkoqgUax^mpi{)gsw+~AwN*>l*;nMr#3rK>)^Jo?%1
z^38pXHl4~61?-&~>we>xQ$=ORj~~B%`*y2t1EyeefcELv?`?VcukG3`O-#IT{rXnF
zjD>?PS{|Rt{qUje_l&zo*jmo>KRzF2XrXuh+<1@mix@p_Z@&7QcFR$FP9IHA2dwR@
zccQE1fq=<}FHK3G@njFyahBQ0mK?q4+nLdBI(rTu9=*+1(oefdye7TrUP(zpXr6Cg
zbbjZvFDG>vUm?v*ykd~P*tXH<Gm~!(jCtN^mG5Akwk@@tD_&(gXD3aKYP{%daIkUQ
z*!h9GKD>T(-gdoVUwB=8_3pxl1C<NRx8FXRm%-W9*<nJ~wQYW){IG&+d7f*flPk-n
zKX|ab!vEy`WBbCJRJ~rlaiyQg#K@L5c3;J(mq#}jJlW#AZI#7gV8nAST!@iMCp_Dh
zp}8h1VZL+0C3a$B`SAV2_wi<&nQo{#Xwl6<jqL3Y6hAur>~WY$X@AY^efy@H3r&|T
zm71ApI5}>_)GaIv*`pq}>;7_IRFKwcce{hljJG$HMn^w-`0%gb-B-2@Yp$jicBGNb
z#l=0G-o3mly0;{7*Yomgd)8V#+c#!?QQ4S4M*QcBV~@kyuXfMa)5AuK)z0<l(`GH`
zH+T3)T<qVfWvkeOldG+oH&4mf=@t04<2o<hZq^e%JioDL(V|6{FLV0z>C-J?n6K}C
zNr}fqKr;^TI1;)=Ul{wbb20FqtUs}i-whBYuk%jZ5g_{Tp=jF5z&Q&;ZXc~)yK-=&
zi7Wc4$Hv5rT{X=ysb`NKLHAG0w6L?)syuY}cIExqnKzuRIzN_fY0=^8wh`0Ew&`!Q
z{`#KYFDv8j>@5MB#{ba%)(K8#;oUoRN=r+dn~>mC&|>8{UC)&K6DLk!>fXBTz`&|-
z1$LoHbJrsui#x?U;%l?nF*9eb4hpgwGOPFESK(Jb6qOw~apFQ+UO<*s`jyB)Mi+O`
zkRBPr+v4bGhm^m9Gks@_Vgs+StgP(9g$orY9+qT8++G#VjGk<1c`1ALYFpbCj)$90
z8#8K6$%g}hHz%y$_>ed5z`Us*f^)H@YK?8|?3ye;Z#LR|Z&p^;kt6=we7mT>x_7)u
z6RYd@?wu^o&Cow^@pJL&%MSC}uXx2!pEmjPv)@w(PmbE&Jo^|J{&PmI?+jeBnYLU|
zPN4Jc##6Wl4j%kiQU2`i#P_2e9A<j=ADzu%1K)i)(A`f~f5<jmvobE@X!k3^$AX=L
zm1j1&&vT!Y<b1OGz_ooNn)cCh-Y?8`@Ja2c>FDgNo}7^NApdsLsn~(Ae1?I6!Fn&i
zSCeiD&21Jrj&N<e4p`eQTf#qAlvk)l7C9D`BzMU3|Hu#*=XCDgy}2YXGJ4;Z?Jq>a
zs#EXA`4#TmVGxwhcqm+ueV;YzfYz=Swkw(*Hyi+bkC7v9Ucc_#vrP{MV;Ot&*zoZ9
z=ht_=diCnVhjB@w1qtVyG&%aL)Zxm=&?W{3BmD}yEnU*S$-{@H+x%jAH|;`03yX_y
zn+*GF)6_^E&1viA%^U3Kc>2|=$Ppt(#KnCC^97($c*ZyW=r#E5;pkWQf?6!IrqTKg
zt5^{LeBPeDCC)vwY#X^x>}P8FabUGi<)h`y6+M5A(CezLed*Grs#miI+B-RgONVWK
z(klGP%kBfmzh&yoHCcJhKie_!=IL1-+ikQ<DE?6PdOO=lC)sfODlgro8#it|9RHpj
zaAZ`#3cJ~^y?ZB~KKZ-V+O>N}EO6EF>Dte0T5<V{7ccq@+ureUi93IDu<?lG@d?g7
z`%5;_x8$sze_s-laxtSx)P39Bd)RC3yqh;OfdC&m<QG7jA92znDSh|2^5%v^Lks@A
z{ba(V%5hB}JkxBJedET#g9k?h&{$2uSUOsL=k*mJ*)N0wi!d5Z^KCgWK${linSg<w
zm$w7HXfT6CJ2;BH<m|=gH-2po^vwLgM2Y0j^b^HP1K7i^Tzh7g`?$30`8+58u^&Hu
zns@3!S=8+U+u%l~W@cTj#$P_RcE+;qlm0x@v#|J0!sNZ&-A%oRUr*c7;!@;C<JasR
zt5+9Reg0J5X%N<8-R8}+&jvHn|LBwG<>9g9W8CQ(%i8BJ>3zHSjO4!Ug8Q_ARoAD5
zY0S^QuQ_~1N*h||eHV7`?)G;4dC9SWDsRE2t3012_f9Wx%;ugx{jgWB(T^V#{4$MZ
zI<h!SE%K%R>i$oTt;x#TUzp)8T0GV)D?YYc=h87ICJQlI8s}+g=>kVuv%PApQ~M(h
zmX@AQD+}u%x$fcd=`p6i4R&2*(lR?TJp9??$B%Q4YN-uM^#-HncG@yWi^XR-?S~nx
znd{th^g-jo>rAF5G+tHLCjYuYv%2!*y^}K<8x8mH@EAO=rH@E(wUNF)WA4e<&vvZb
zyT7HAQ}UIxh(Ft=wy7vcrW>2Q+>mU~Z08k}axAi=mKvD1sx|I<eCMv#TejFex;4YK
zm*`H`@HdBc@7}Su-SoM1hLu%NSy_je7ZXaCcs`KcOb-V`dgo5b-6Qb>?o83R5wQDY
zZe+*i&1WxOym)2auGWLX`=oEbnxFsfaXu&a<@Dy=^A^x(G_SPFcPG4g{^{iwbAkHh
z$4&cN7Cwl?G_ze(Gt*p#dtIFLQ9PQ*OXinl?E5V=*>-(c^vccCuqh871a|M<-QKBF
zQc{m&Sx$^0A)(j6e~oElM4p?xoIB4Ba!oxr%PZ_^wRTIVl4eJKYjn(T)X0&pDfwDW
z#~j}iP|&f<l7t0kcm2NYX!nnA&t}6bs90h*edp=!Yu{;Kr}=!|^tlD2&C0bC?HYS+
zxuT`EK5A=U>xCmCD$D{sf{c68QoS{@4Ldjb>ycLAit1A<mVo!L#m=2Nbqag?ta$Fq
z#TrwvF`-Ty3bs9e?yPgjY|xU=z?lIfDaW*nnW;LMtlYad#*~S*DLL_pG28Ci@cFJi
z&lwz@u)$!sv%2In81Xc<#%Iqi$!xU^xYd0lMy^>_+@bTiy?c5TMXnq9i>KRP&z{bj
zRJp7C*1@qUIh!vA2k0gCH8V@yw8<lWVXnm#`&BJo&a<|jpJzQ7Oo^}+rr4B=UYm4=
z2c-<!Ofxp=(Xy-S{ym>&>T9%Yekttgu3c-vf0HYNa)9)i3$q5TG&Jti|C5$lBbuRP
zSohVd&X37i_PKHKgb&<@bKCN7UK+NAyV&{C-GS`Iy88;RNi)kIo$s`G@t+g=&}dUm
zPq16>H3jQe5K|T~n8s!=ZPMH~>~hmnfj8D#4K!LgyKC202Q#~^_d24k(Lbs}n!3pj
z7_j6?ncBR)nzMch><A`Bm{!PzFfFx3iHWIEVc{KHwbBb*@$uLyvqqh>o%VJ1KU#Gz
z<L<KXVTOj9rl#t^pZt_-J}^A-)X8z{-d4}o`DATv?PE1R+{SuQYx?5DiBF{`jazB7
ztQwKKZR^(fRT{IFZQVLDw-tS6aKwVKf}lP8Ib7gjc-YZrw7U32nsi3JKwZ<muiuJR
z?S4J1-8HcZ&1=Z|Yoojl{b~R5Y10M$)2+b>Ov#sa>*1C?yidEqQJ=>bl|NHIlcl{d
z-?cPs@0IeY7n_1PtZUCU_DStxW8*t?puY;AHRxDee1VBcj|*!@hhLu8vgOq~chs#6
zHM7Co$|6xsYviCvco}Z!Gg-Uk{NDp_XU&ayAc#^|(_a4U#G}k+YW*rc^xJtu+W!2V
z)2G`79A3Qm#hmn4z@@vsE2uC-bS-m6b*QW6(YaOaXU<T2x5Jj!j?S;HS^?Zjw@oi}
zER7kd1q)UTO)*N+?%0uLb1{F&8Lz1~=<mQhBqt$we^k`^0poV^@1F?xv$EAM?m#(Y
z>~Cq_w`Jn;_w<>6R8-szT3z<yg-~ZnTETS9kjAgdqt)r+v0+*(x+kvexFRbwRCIAE
zn4Wqjzgsh4#K(J$Cg0@$v13Q;={tAq$Tp37x^c^vd8YzbKHlw?#<_a+>V|_)gNjaL
ztQMCz?O7LZX8_Mor)TA@(G$vt-q_76*}Z%1>bPag7q^}<E~1TQw$x(c&21VZ7d2hy
zyG0_A<PRTp<jn;}kU`X{Uk;4wkdy~}AhT$%o_|z6@oZZ0Zc%<{BekiqcQkBTYu?()
zot~VW{37qSBc3`-MzDPSy6kS;ZML1K^Q#jZwSEbTaKC&l&nxZW(ss9_7o4pe(R*fI
zccXRJ5+=E~?V4*_P~EZFm7cvZY#p#dMX7l-Ouee={osrCVV(7^<fU$kVs0|Y>79J?
zM&Yw}BQ{<Mki=$O8<v}t6wyk1_*7%7LoxbBcg@YxZTcA+zPfWbzO=No;^yLIZ>5t1
z0vyBp?0)IVzQ%hm<Xp;}d~~!V-UB!ur~3el@076J%`K~6sbOCelLsjY8}@QHt&awh
zH#Q@}??akTfqAEZ_}ubKspgwj#kQS0KJm4cRhlSk{WS-T@fS0<@WaAhy?uK*PUDK{
zh2)aM)sq%pINDEp_Wu1=r*+B>zZdd&R@W-o`nTJ3{ru+ClG4&1cPD+?nw2$d{glRy
zweQ9oNKes4G}?tVX?Kn!wV(|OO2Kp=AL!f7xYONByPft(G;E%pU;a#ZYh3<qeVrv`
zjT$WszpA!z^QZe|2l9t>O03x9w?BLK;G-4kZmeawS=sj=p52?1b4{!5<d=7>a&Px5
zrqirkd$nsL4qP>Jpl@UK7Jgowx05$@4dGAaet7#N9ax2ojLH3cfcDF(%JdYzDD3&i
zo$;gnEO$l~-EBedd+<<o!8+dEBb7azCPmTCgcJm1eXx39v%*csQvA?)?AY|Ft2^x)
z2nJr+<j>)+E6Rt3RP|cI%zt)vY-@F$eMjT6rf%FgFEnp^Qh(0E1!o6--uvqMuFY;b
z4sQ}y9@+8YcKG1Iholu!i`7;W--k#!U~uqew@f@2oWA2I`_t?5?V5c4G_{FK*uvkQ
zJ$*VzOOtMFYMGpPs3*6h|3Tv}3mUEF-;2EW`qA35GJk)6(>59gTF&X|6%z3(ugvQ@
zT9HiV8s7N<!&&j#Ew9}jSoM5_$lw1NNB@mkcxAz*38l~f0#oE0H}?6ICoea6&tl!0
z->)+L%G0*JJ$BxBzIU%_ljHN-P61Ba`9~H8f30xzD~t?#eD-779$`yg-x*JzcAYx)
zuRVFd#%$fX^={R>j9KO5=UcXAv)M<0hu3+YOZV=x4URbPl}2&%HYcA>VWLp$&F!NP
zY3)m&-*%8d@ch`ZK|XEu3b))ow0zUXNEXLyk1d!HR(;NYoSibFSI6G8-n}=2snUrP
zwx$bc31>!U9k`R5JLi*av5A{buRh^Tbo?VX1xlqF8X92UVc@^+W<|ixDdN(bqD^sQ
zs?2N|_jmZ`uCOpSJ9hG<TE*fkVT~?6c^gr<ztbz9{tF(5T|FoXFL}?4_-l<t;*kjl
zJFHq{yz;qd@~18dXYAT`G;}u_T(aO$vvHqFwYF9c9x(&-<>p>yJKnu%(;Cxg7l&Q!
zpLuD*%R7HoSG}BZ@MHV^6JEPKKhxd7Zp8h}%uKyLeayNg4LL1ZM&sxuj#_xGZzHwi
z)s=Y%rZ*o}nOU&`7|9QnZ|s+*?(p66^47tkmoF2JR5S_MK4bES`_0?T-OJ5xw$x<?
z_rvoMcP=Ew=4Q-W9igsvYgbTO_X%2DPH16a;oy|~i=#$wJhip`PU(|N6&2&(HfgCo
z%`anC^@k$MJte<%Ya3>|WzCul;4S4|FP&s=Zl2=W-Oz`2=gyt;%MGfZY)-DIn7?zU
zyGJpHBPbDveqK1PK>ZiqvgIPbedqEj|GYTn1*YAhLrH1r=K{}xovtJTTQYd?-MdEz
zhFGupExeJ<z3f&!&Y#;~QNi%z@mH={bD7^b;ay7c%US1wjSr6UNL{sIebqyk_wPz$
zJ9o~>+|{)$819})BfEAe;a&D~O?~~~)Vy&6CcO!H_<2ZD&bgSqL;iY{{_;ql>dH5a
zUDu8GZ;y%D=xIH-a8GF3t_$qn)H7pBM|yhZEz|eY)^>aA6A{-aOiNv-Rd=>k)P_Lz
zVgH-gwPK&o`B2n7=xrLa^Pp|MceCR5?AsSzu*rSSS~blnyJ&zd>07oG6co50+CCvH
z?DfgHzc1<CXVxqo_i<gV7B1|&a%F4F*dxUc0w4IVw_Sf=eEHZ>qt<Nhee+p==``^5
zp+g3vGauf+zbmT9(bT%7l(Bq^Sh6}Vx#ZV&Qp}>*l+I|qe9^HxS#f0*<x`7At)KcF
zHKad3w63bEYU@^3v*~45{Y0HCnQLcx=^l*F=x?y2^nP|r$*m!V9j|I=Jip9IzOv=>
zF9$SttM4&xHphMgU{Z56wVu6u2en!6nkwYCUY1yX`D)9n*IMn%NO=2h;S)cPwsZTL
zo5%NE-Cp~7R#^VDzntGsp*bxrj+yiE>9c1oG;DmG?DGV_oM<z5hCQRxflCE$OI^dH
z9G!Nq8@&@x`<SkD+qqxIuw!4-Rf&yGwOzs&3XeoTYro{|t-buV<M(LT7oTT^SvRrq
z;&QosK6Cl`(Feu7_U{|Z-k-wl$kx;A+<AB9*z=|%M~>9f)4RIOZ~3xiv*K2-o!5RH
zM{m!bJ@Mnm2L=T#*Z1oi|M?QDQT8h^1~<I)C|HrgcHZVY%-6SlyLQ(L3wMmzGwW1f
z?r|sgX0x~lM=h-KI;CCwr}2Zx1HA?>`|#;gNlD4-fw60csx>~IJ-gNH*|TGxU!Qt^
z%$8OyTAf(6Bd_gZK&l519%N=(=qy?J#~%+KJu+*qu_rP%r>Jbzs#RbXUaXTbEAI6}
zm&ubSJ32a!8FOz<uhS>=?>#!dJfWM_)5nh^#bSDk7DeKN&0ah_tv%D$=*r~zqu9OM
z%#~a$b>sPOZ8B@tEFd;rx^x-%;a-!8?@hQfLtG1P-n@D7;>Ci3H~CK8b5s8cH8xON
z*J#?hwD><KPMla?Uf!)+H&*-eIaaA@4~vUmj~l>P{J5l~L%VhlOG-j-p4Rux>Cwn7
zW#7K?``NSY?CiAEhNN9yx^!vUvX=CjjT6okMIKn0WTs{lxNA78eZs<pEnBrJ2s33b
z-|{&lCB<%=FQDy(C6E5fa-QKaVIsU9iQ@tS0wzzcHnn=WCp7POdj?~%Gp6-wT;+?~
zhxYwCqGy|=eo;Vcg@=cCUeMQl@a$a2=sxe(7)|z@!UckT=FFK#;)AZK-f0{#b-K9;
z%#!UHiw_?@oS2w+D%5vQ<;bS5j?U_zBt9IdL#~Wg4ix?oJLkPx`d(l<2S^=;ONq0c
zG|VLe;+BT;gfLYSzWL6{V<_enCXz^r#9F$+ycm8E&ni+FA?C(1={Y(3XTl|77Y7gf
z?Y3j4{X;9%Kd-;@s&)SdWxxEl)=~HV4^u;vzBTf{8ycGY-2d?-u7BJ4zyB5d$Nwki
z1^-j<k3WwN{_{r%2?-$&3)YLL`SZl!&l7_`PYnJ%G5B8se^k^{D3z~*t|H*j8UO()
zjE)H8iQyp<5|$A{P60cJj)qC%BvM|41fI|%kENh8dFaF%nXN!7!t*^uiXx*0z~z+z
zJkoW+=oEv31aTCoKo$WUiGxEbAx4rwl0+62OFHHPTaFqA@A<^x|HO}wp%Y}la!Z)9
zvwrB<A&=5?Tr=p4#C-g47{uSB+Xw`*<`W0oWGB7w13K`8rAP?hX3-(I6pl|M<jGEK
z%F-jthpq}ND7-Q7JBSAdniDDz1#(dac0R;ygJ^CzfE&yU0h))WqrgWLnfHdyfi1#c
zBQg;qqDvus6UtKz4_a~s{PFnVDm-rmc{GSlK;MyBOW?US$Y$at9IOs65twT(N^~MW
zJEv0BQ|=M;MMFL|j1P!JX(3r2r8pHjUw(^H7~m0B;{iGuOJ;yp#0N#v!HWU^jD{d(
zbX8R=nhF9Vw66Bc6178-CLlE%1RqMTMMcyNAF7PxCG#zCEH9aVQS&S@75<D%8LD;|
zemoaH*=GTSE|SYf!=8|H;xX(1oJIh#Ce8p-<&iDRwF2K$coIZBVOk=bIVAA%8j;tH
zMi7zuhwdQ%A<w&x;avr7M*vqqsK3x}=tL}0JYEdU5={h}K;MX?pv3SX4~7zlr||?U
z<bgeIBuoyCj}Fk3V5I~tykItlANN!oNU~JopnO?(;bG?hVu11@tnp4jRt+!!KdBVr
zOK}|x_@nYLDkuca4RL?Kz>IBVpx~Yahv*Xrbph*9v9NA^qNhYn=)fxFz%<!rl~}Zj
z&L(a^s17G7QBXgUI!u<62A+BR@`JTRZX;Exji_mji1XK=IH=6zqChs47tCN|-thbx
z!OI5KZlL6D%Cm(5+iHhi(Z}=nP#!5HOahe(cwDg%&j~NWh-Ts0#R+kxBlJ!J*-$3K
z_)P`rj^yJa$pr&dj8de>A;zdw`*iY*wA)ad06Q-mj<ejpkN}`KC>|8~XfoqDS-lJm
zR*ncNhY;r0gPEu7+9742h<PeMXX*mSR4~pU$_aHehH)bg6S-lMXk@LpQUX<)lF<oC
z0~jjeXrYiiF#LrXv_J#Lf_~w+sSvrA>cpY4DTl|$0`G(`A%Or8&aE$B3@rvkIt~N2
z8c(4I#3HOl8B`Qq;?ONTfew)!Wxf*}?hww9s3C?ZJVJHh1RymeVqG*u2-}JzR7Ehl
zN{UH&L7`%92s<)5NMFnsu>-{hlYm+lM?uN~VL@~wFnK9Rh>B{1oMOTkl&6^_1h3o(
zjg6MTyju{B0=n>M7zwy>uye5K(Bec3p*H40uwZE{#0!Qh5*<mG(-L<+2>=VE9q?u#
zaTf&v^9|7;5jKVZLPbhg1df4(1%{4<AB+zOS$RPMln@Le4d71|6dc96JK)twq9Kf_
z1W;Z80Wtxb6+I3X7A*`HieiO?X9h_n!FbXjHXUJD5dIuA5o8na4j?;$0AFMI_>pfh
z4<6^1As5JWxB-z<5%?kSP&!~Vt|x?ifjna(RLf8Y;h&-^fO992K%EQItMP;71=k?1
zQeR_X&;%mvg1*4Khb+iMNHw`D1`qb5L%xLPgm;-mr}P&%&D5^4=(vxG95WfZJi$yn
zRUn2aA?EU-Z;yl<J*F@P+4w*n#IykYBMC?L9`+AvWs-0bf^rf%9uf>h$LVp;o`gC8
z>_eEk2y`?S){J-?tkQ7G;v@)vnv9jmVBBpKg$cHWNCt>TGodbscOZGtz~<I5>7o;3
z1<aoyf^4uXgCZfW7zbArT(U}t(E+G~oFwSeAn!wnTg;lq1(#ViQfx&00EZ`$;l_)3
zWI9peIk1?7H-eE-T~Tmg5CeW8<`IN|HA|E;J(B9Mj&^v6q=aURBVb`sUn1}s4jk}8
z9svSRcx+TiYfQ?A`36OBgutmN;4=bu4d+>WMSp7C4dVAx>?IOLl59xfL!fX1M@7yg
zBs&N&ge!>U#z`pbB%K*qkQ%<qLNLY(e8!6)=!bk@V&q~zU_#D=Oh$+Ep?J^{*<lV+
zIBUh3Py@0a-bG~+4khRt$qMM&0N)=-D<Lr=A`nH)Lgg0U2c>t!M*&NwJftKfKMQ9b
z?x#ZR3ItZ8D%K!#QV`q?>BAtFqRyh05_1p~XCtQ>Y|Moi&OylTN=ayzNRdQ>{9r&2
zGz=6(hzgS~Ywj0IsVc>wYI=;!BxQ>1i7QHqdkto>HKx!AejLqOkvfC=lmykm8`xW-
zG(Vxs<|l;V!$ShW_4b5?1N~AbT4=V4$W3sPOo<D}1PdcWrBK-e;zRIgLjGBGjxf+o
z%nG9nFI^^eBq2R61zs>U_@Ih52u{C723a|v5pP@&FOr<9Nfo^{7KTskg*+avMxoUv
z?$J?TOvoj}L4^N>6eI3+z^{RWf?9_Fbrjmi!srxYq3+{C8v&i5K!~v~k>HbYsSNg9
zW?#v%uArgWV*#0D=AE3)QAuv`#T17{VY)Dcz(&Id-C*PPi$UQ;n5nfpZZJvkcX>8x
z9Q*?)8yJq%KsjP5!XFSM5J`Br%#&*{cyGW%3-nNzDVwUwmhoWvSPhtJ*G?cJ1140q
z%ZiX`9}Q2)XP|3fu85Fm0mQ4q;c-aM1flAXxJPiRCdC2bQ6qwJ+QXd6a2?Vcc~lY$
zq9Um{nkQF-xK05of~d`sOg9Tuz3eq86?6^QZu#)#3V@UZ#}PFWsdY6}5e;v2tz^R=
z>*664_?aIIPWAAAL6M3DvxU*4>m)2*hJ=`J0*y;XWF(QiAPDD%^aPRqR#p+&J$%4{
zqR>yW@|y7<vN1C1A;lVp!ith;7<Pe#z=_V0>7<(VMR4O_P!xO^1gvB*!9s<Ykp?n5
zxYI)fcY_tpCqlEMMw)T`jsnLhz-)<gjOv^4#zo>}A`K&98ti>M$hQ@YDD`~_Tz3t^
zzaw6DRZ%o(u2f8VBm@N*a3osj2&9%uKDkb))Dq0y6rRBH;e7@{EmEUFjgK=ks78p5
zpt%nZ_fRY-DTBUX-HS!n&_GO<eN@LXmqG|!X?$_9uZaB;IjM>K(lrtrC>KJcI3NqE
zX>L_TlJQ*;6asRkMCcTsl*lJRP$IZ=B7RRDNb*uuN2_Z!=!Cvk2(rs{0!0s!ng9=K
z;9((rW<$x`@im$omRq~(hEE%&yD6QQ7g4|NMj?0=dK>wVD3K7MyooR&wI1Z|K>q;-
zMZZd~Q`DG(YNxyz!sQF15vm%Y%2m=4Weu;LkmzyUltix(q{P?EfLp{BO1Ol0X`m@b
z2oNS10*W9p<uIUn!(kXiNr@0skzf%Hd`T{C0Tm@LwB}g-7MfAaVI&WaqXK5Z$R}(8
zbcA?fB8&p(@6e@^JM9$k#=0p@to_tVYT~)BEJ{-s(TS9EIMpGpr4U7U2n$7)Knii4
zimkqtB@Nsx5<sj();bnO>_w7KjKnC>S4ar>P9C&@@`Dyt$UsHiG!lyhf<SIic&$Vt
zU#L?ey}?To48HbLDC-eQ2~Wz6mWt}p0t#>G28u)i9#>cw2RN|*7`|X73c;Nc1}p+2
zYC<b2e-js=%C7rMJl2G(WH|SN?4ULewT=P&2pH1<-%!@qDHXBsNqht^2+Yv=k_Z%@
zuL0#McLD#!(ou`MqNo~>tAeWsRc;DZamZa1a;aW<MVe3~&}^bz9b6%uP=LYmI5itn
zE?3blk<F}YI3<c2S8jPpElYJu<g1RP!`U!@ldkA&*10Q6#g2=w^@5_sbvQxM;)eJ@
zkgABxf0qWUcb2K5b0IuwP*`o9Ll1TRP(;X&1&1p>O{sfcN#<T9W=wz=&}t#$g_||9
z|1Ke9hhROju1m<35fT-cvf6<6luYU>Umbyjgv)Gb(NqvehD}gGP%C^%RT!6yeW|Jg
zUz-JXT1b?Quj$C#PN1Da;o2=1$0S#57;FJ08VPqV0hI!W16M#aOio?0b@Ct(1@0Y|
zB$cnBk@H5rFc|G#0RIfb*Wf8bA8!+NnOO)viw;6d8EDQ8D<_MBl@W@?0x}eCE5tA)
zI0Ua5LWUyWA=gz^iO7J=0B~S<FiD*NZz<e263h$Xg14E3bShQBZEzJ_K_uXTay>-p
zxaQTMh8cJf)+*jc3va}xDWH}33J}U6e4Zd!wmR(N;O1b*p=-z#DKWu^CD+y%YVr7T
zphD5qIEa#bpzhWb4YYj(Ck3*-GA`3KYVHCf$0F$x)Lew(V$ni=R5U5wFl2xdOrl}K
zlMrDAx&{;yVBo|e!o<U^=5W477(^~mrj))Q*ldVC9~#X?@Z<>oIvQUIfyW(WWFSVJ
z1s)=TAs^I&IMUz(!2~r)iA@s0yr^gx5k{L8Q8CKifQwMUIaLH}C$tGAM={DQ97o;M
zf{$P{7meWxqEUteVx&mu8h{!Co;>IbKUataNyrAncVND3c~ff`0cfvTXipYI21l-c
zjkR2bNdllJTDpK!0?<|Y0vX{jp@m`GT_Ji=qdc?&3}36oDPO0p2oed9%+_WuLV=JF
zuhczrkk61{dPPhZ2^$mNY$k|~5aL6lzP2DT*4-BL$~U%!;Ff|1hl67i(OQZNLfQ60
zb@5cXH}GAG=sCz9$^AWB9^8h24^ZG{!x$dnMFEyc;}jO}x$+IGC?^9c))M)OvxL}?
ziVB3A4aNaSo17QO;OSNSMT+XVp@C>W7Ch`p+!KkVqes{3LcofGt%-44BP%&eLAbfW
z(C3X6$#tdNRY3c(@l`L}Hsa%yYzH2}6N%AkD$xlx`o=~8@%&Y-#ZWAx(!v5YMJfxG
zg0uwkpb2ZCls`c>y1j-F#RLZ`FX^Cy_%$ej?^r_*b$RSiHb%gp%b21Z8`Nb42O>d)
zA!B6s$i0X#WQ?|m$sWn$_{3udg-@s&CWdP+Sih>+@t17}#t$FJ3i_sKFfle&i6~SB
zzzjnbS(_Tb1x{5@>I&M_)_xVy8iIqss*2+j)vU_-V9hW(tO~bE-(5*4EN}l8H3YQ-
zKR`MB6!`BU@IY#zx1x{{g)cKyDw3?rc7d3(4O!q1d{;0`yH1>7z{LQb+`!OE0*ZE!
zTRGtS_zT2Xkf4P}$X|5WlM-!`#XIP>_O{RkbMf#1t{v_UODJ0nSqcq<?Lr|SV#W$L
zlHe_qP#s)U2(m47GGar<|6o8&wswc#B%`pDB~>B<qYx>S1p?qqhz#q=Hv+rhNt^Hu
zc5vQA>@hQjlx%?P(BXVRwmleasQ`Q?`wvQE8$${Rz*rKi+#;$XVgp5r@Rz^4W>Z{~
zRa9+gZx%(fHC(a%H-_0io~-;I$x}|(K>1)O8~gE8<;JpfFeZkWv9X1riG^8>bTAq}
zla>Fdt0w*jkQ9UOTL(n>FgG)+1^)wGO86h9#wLa|%<TI%L-qAPj{l*W|J-2Fca(vz
z;J>-K$xr_Oh^uz~ga6^tx9?C#-S|Jo#zscQ%K4v+P0WAd|NMwc|9f0?V0~@uJ!NwT
z%F3|J-L>;{r+=Ty$esTT;%F58JCzGMfe!)7Nulplv_J$GAO!qC4>+;4BF`*<rsGe%
z0O8>L*9wcD2=3vnutJj--2f*);=|EQ%nE#qTE{?>FUm9M_oI(dfq)wvG~>Zb3>E=L
z7JmZgviQzpxZT(etuW(j+`0_#mAx%nzDJM2lzj%90^@7)Pn~#DScMC?sS68Ld>1r}
z=m7l6f_T}DAE+yTj|Y5d3Go(q-vT&)U^?i4R%}p&PJ&*B)5CBU76W~4cph4!i#}w-
zLm9A8_yH3`UBqM^_X{5lN{&&y7X$BwgL^zcJB$wgB<TgAop7!Lf`JzT0;qQwBsLY8
z#Pt@FXGQQMP3W+*Jlv0e!=TI9$PSPvy#yu6v&`z+F)1l#71PTyWFOl*_}F>7c%j^s
zvW9#SW`w=1yN|paUk7g=#WK)r@p}#)#bXZmY6n~~N2-Ami}_A9%Bmx}2<#OS7gD<T
z5<7fTBIq+(tfxGKdl8|S6XOFuklkVn5rT*nW=N-ef$!HR-bH_a`M-?cKq6yUa`rRj
zZ-EDF%3vh_DSrVkUe+13TL88LjwwnxC<+~dBu~~-Kk&+EIQ<kVAfXWJO!7YC?Fg3r
zTlNp7lB_TxUr_TQ8|n+{FMZ6YW?4k7aQ_6IS|R#F);-E;1LbZ>cmfox5#ommbr~Z>
z(fIicBE*1j62LpM2qJ^2SPM~@jPY<jPigifz|wD_maJSWc`v_~1Pb9;iB!x&3ji#1
z4uu7SrIH^&pBl6v3Z@>4!gsGQnDvk*1h-YP{xBi68Tb+{qt=RiWYK8ZK^$^3g;I^O
zA75$2s2_`fF#!#Tkc5IFBH`W>WWU&+Kvr0&XcqQGj8R1fG(f{^6*Dlv$ja-bC~6dh
zf8#;3U%Tj{G8rz!abJ0apP{mb+J-+G{|a(ly8`F~6u=h})s`2^7jj^57bh*V)?q{V
zKx}-|o1A~TI7eiPky&$W5hZ|;h1>M+XVdV;$gG%rA>ex(vATK>B%A2JBY2%jHA{#q
z#P)neQ-<F}tTR+)6{$v%@*Gr0_>AzLf{hD;r^+cdj`Ec}5Ka}M+U*-^oGu=7t;5LS
zeelEI`*usGRGbQPM<JTxZ_?zcR_TB;-`%R!Y0+fu`nznJOc;XEu%?b_AdPHqVpT*w
zu)$q<-|^oTc1k3XiLkEn2Msi#h~C6;jlY-RN~9%<q?}?>Wgq45tJ1plkQP5<QVU^;
zJ_d<|Dy%n^>!|2@EU4=Gl@#{(s{R`|Ejuj|CHRkUTP3Z<aMdw7GDs9HlqwUQIO9T6
z9QYq9`dTO1krN;$CKk04ohXTH1tOfhNrsA!0`)73f>&xmO>t5=Ivdans^}>8Lz!`6
z;t(MCn{bqnK2%jaG>=L)7B@nOEy%P{Op~IIM>QVc^%{<n(mN{5M<2?JiAPn+^2QNt
z_@Y5W^11dgBR@R!-xx7pt{>|$J^zy$vgV<se>vO#HO5fEafO8Yr=_4i?o;PGpnQD3
z^L^$bDyBR5rU;-T;bDIuWz4^M+C!*h1&v%|&ZBY)LvRakuoXt^F2nDNd6dZ!$yPxC
zzV%-|3y?pN645&Nq~<&bSqxRNK3T8eHoYGf<@yHiUo5G^M<)%V3NQUTMZzGN@Y7Aw
zKo%xHd-KmIFI;pQrntD`&;Th~=m@OAAmW&rgQuf%jS6ua2Y6(dd>cIC28Dt8>viK`
ztw=!8>0}stlLq2JH)46HhFG9>5`&<wlI46*u7Sd#y2E?aA~1%qp5DOq9X@nFStQLI
z@pCwK&>_+{BA0fkgeMLGSt))|i(86bmg#TekdKR$7ePD%a?bxMPZfP#i?6DJmVgrI
zB#q)tuFAVYu1XgA@%tD-{}a{B_JxOG8c;v?+v~?G##bD_q#4wI*J@F59=eNScpkiQ
zQc?`QVggjJPo<J4a0-Ez^zhNFdbCChAwn)3Wwm+oq|ysi)E)IGK!x)<{{h8^0@I}N
zL`{=<BjjC`l&4x;iWVYPj04fUk$B^OM@1+PXgID^3UCdIC<<GB;zb<6`tOJr?tv+b
z7k;-^@si4SJSg&5CSFq6+AH=yC0()|5V)AZe~<oVIimz4;QfDkC)3aCYcAFM{~+qw
z_uBy4@co}=MkdBT_kaF~s}BBuw~gRm!GCjOqo4f$5m!C@N1*-RT1UhA-?y*n&+-35
zt}o#~JSg-nbu^s+=B6e;$NvwxzLft8DLon}4GreMv9XEa&+-35uCL=i@#+`W(Qy8o
z^fml>{^y5W-^BkfoF+7!|E6Y!W<UA=Bd%}fKYpA55A(3$`!(vQ`}~)Yk)e^P693KN
z>p#zb{eX*1`v!Qdl(vhKo4}Gz=SLu@2FPDFyzPySy8G~?mbE`}=SjKnkWS54fWSDA
zsUT`TMWHHrohqA#UWTc`9EoVBW&N)MNv&CHov-72%D?Pgv;hgU+CWc_j_HvI4+v<U
zh!J8gim0i4A)eeUkQc;_M(I&{OK>zXUPuT(2<E|J!=fM%9a<+PQB`6gun|o2$44o-
zSXgj0N+^U-;<yN@l810eVezO4`2QeoH27K!isN%bMVJ=^A^`Ud=#kNZ0)7yY7K1vR
z>F_92Byl#4>>`G_SyFDxxQ&S=@ILqtQ2+xqIx3t9f?J{xSb`fr5COS>sxbu61S%)m
zz!&20>B?$zV}frG)B=@#;KO(ngmhy^MoYq|f}ktp#bOFK+?erXfSG6-hMH$b?sib<
zG_j)$KfS~!AZN(d!i&;Wa%*C3ZG>06ES5?o6=sF$%6>CJH$r(*T-qGPqKKgqo)|*W
z=^8UFYsR|eeJ0L4z#db(pzFp0RWMb3O9X9=$VYgnd?N8GUHO%XI7flFOL4Gk#cE_s
zVkvZvDPs>j7RPpzg_W&v*&*%&D#-5R!h^P*%ftu&a}Zj5kijd~1`3L)!~~Tk<gEz?
zN-Z3&3Hsn`g5Rx%0fAy`yb`#^`1Qz~@?yC46{8yP5+eyo#_}PmrVLN5Ca|S!XcB@h
z(}TDY(v|-vkXi}K$%#nezc`Lg9R&OkO!qgqC6YHzs>@_5i={AHARr}^_zTbJ1O;9f
z2q|4@B#|ZtiwH(S1cwoMPgf@Ye3Tjw0twm?TU{f9;hT2yd-9jzYLG7c0xk&|S%SX?
zSW&+Qclz`pTP`2m@C&%Sq*OSxWx9OoNHoxseFBI9n97C#ngWSSs1T@rJFW!ZXhBet
zx-5i`d;EbewGy~&2r8k}qO>%Pf9ZjsYhY_+x{RV3B(Z#GVsv3A<h90AN<m=A$T+iI
zJU9+c4&D~jd$ul4;I_goA9ou!H+WNZDfSL_F5nG?PwYL1+PXO?+;VjDw5hEKkD=}k
z-Y#|u?|VBamC14O7@^b(g}tXr1j5D0UK9;?dnu3=UV*@Bgj?2D6s1->XB$NV`Pz7+
zd#Yb|^Ym~c-%u#V&C}L`uA;SsAmFVfe$>`l)m7TMc-VN4P;Mh}x6W3o_|g`&vmOd7
zwAnTeSl=%oaBYoOlr>vVPd5h}k9wP6i(~qeZ6JQ}nFBE+%mOp~y2jYsa2%9G&b{Uh
zAC8T?SHoxo6d9C3wp2vi{%Udb80zL${|Mj<bQ?ec!bml&OZA8<`BT1#Pu(0q(T!{p
zc^@iKrfQYd0F_C;jCM2W>KiLPlJKM)wEa`xl&PwbwYE)IciZGj`Fpj5>L-dKb&X^%
zk+0B|9}_o7{{R+_e}jJ!#6^aII%&fQ6A@qMrxU5(oD)w)`YznAO4tex9|`x2g8?f8
z64&mYC~T!7J#uQRDYFLPGUG%fsH5c6Ku;A4i|n?pzKl>`?0lfNRk{<Z+z+{1K@yel
ztAsdahzjYIajq6oQjmUF4CRSjicFYPW-CdBGGi4zbQw<-@WTnFei2V`VCVXHO6*_y
zf6Y^<rT<C3PW-up=YR03C;kiWefu7euUP*#`?>!2W3DgYKT1aXEl6<n;J+D}7@8=>
z{|&*<pYi`6aebfjT>AP7@or@tI4*&hp*jTpeVXv!2Z3`NY6B=3;N|V$=rWv&I`((K
z#3>%UgRx{g^6VVBrUCP^L%=phoohpEYDAd9!Wb}o&tU$9KO^AJFqGW;?}tBw)#%~_
zk2oy}W~9VGB+hXuY$aDbga-HOvoRZSC`ylk^)QkFGC_wPb%B~ZosA#qQrHe&+vy%s
zoC5j6U^@YVQ6ig3v{Ln6cU9+lRP8@klw=2Cj4t!<Iu-l3^HNn`D8&7{A?^ORvFK!<
z1C~3&BP&Gy13tpJN0|mtZdVfGo=OWG{fs9Fsrw8jekMji(X-hMYMu%_8Tl6>uKnk5
z?(ppIWZDrNQw^pa`S+7wCE35Cc$if~`5+YDWu-I0$^d+9)n{lybL6B|spcvCstqSj
zschK~TpQrjcIOJYp**U0AXDeM4B5sFd+NIk6$i(uHX=wQr1pap3$hn@a(7%nYVDb<
zB$>5QXf7UHAwelvihW^GNKosU&hJ-+T=3y|?cG~0{`l|u$NQHZ38Rwr%M@(`K>unK
z_668|bwl?xWU$vnT#Z-6=~W(jUkukfk)ncr0GJ@|NBoz;1Qk8LFL5LOpF{rrW7bP9
zMPFjP2xLCehUqfDKcpa0g);uh-v|EpUm$%wU_y9*z79yJR^WpMAnMgEA`K^pDnCc1
zu>9*;CXwQZc1Wa=I`ttl4U=;-W&ZLd-aax0OQdWb3GOG6el4&cEV8avig^-CYN@CR
z4MD+^NFh>yY!ytGiMN)bx|Ohi;Ppdr@$i-njSNPX3@xiEyak>Us>ZTzQTtl#y#J1@
z)~a5}9{n%{qY9Aj{{bCAw`@SS>=d*$3sVWW_e~`IHrE(A-QUqQrn<#{Bjz0872`Y4
zzfbY?<IKsl9CS?x9Y=9uzXWTpwotmRSVGN5p#p_Yj&>tYoI*(r0bxx8aQB*=)hP}&
zWt_QxZiwNu_@?MdgJA2Fy-T?jP~mU_GW}B^cK-p6d^?gHyr`NJJy(GCLIfhwb>Isu
zxG7%Ikk_d<l{!j^uECr5#&o!^2HzX6RI)O_jdHaF<`-6@#v0IHimyPArPhxiL2GTr
zzXp4+!ECDorLlgCrwEN!`-uB8P%A2C+J9i2$r003(nkUKtO2~jNM=!p@^uJ$WXW~6
zg2Zs6y!Vy-qk@wCOZiu$heUO?^HBj|taj(J=2)Z9<Qo7G>*F2?k=8)&eYGo!KxF?W
zSM(?F*mt<<*#G6u4d;dM1-x&rqwf7*hDN5QCN=i|ng2Zh{X?!EXvY@a)qb!Q)>GHj
z#@8mm+0)&DN$-I#U17m|F&(}V;Nxv)g^`#5^d2z5qwJZRi>(#h*+lOV7|j<1%OBVd
zb#b$|!UFk1dJp&=QXxR5z++IAonoB^;5Afw5P0gX@|hS^j4wc9;0L}t3+NN{9{PrO
z3Iy6P(3Finz^g=i&|m^Dm{*c+=jra{;^yG##j(QlgJDgw)-o}Dw8sT#x-jwq=pWOd
zr!J)?Kp^tyJZglEo12%7-C!Fh2Ole}PQV1Z&rn-?7jN(yH#j&_42IY^vKl~QCJX$a
z6vm|ccn<ZpbHKl#yl0^DHAm1X7<}xh3ksJ+hrq%O^bjlqELdI^lL=|;1O91+vFSuH
z9yaa{R>X!PI-L$%8-S~J3%Z6l0@D|VD3Xe<5fKh}t$Y&))Z`0cjd*97mKZjQt`RK4
zbP2ZFF~L9NY+%Y-hq}PTU`9_NkFEjV_J%x(L3QJ8hP|h>nF$$<>Dwvskxkd22f@=_
zwYDDKt*2P}|8M*91^S;I%NKrA9rfyeGiCj6ZeniqQ~&>ntKs^8)ZeE6M}gN+=|OPK
zq^1oZo{Q1bf6NYy`e_G#+JXN!R~`Bv4Q2MY2*J13QIGyNGd3|*_W#Yz%zx_tA8`#B
z2pEjP$ve=8Rt%sn8DQ!kBnsvWL#-G?Iga}M7z3^81Af!j$E?23h5a9UUjpA)RW&{;
z@~3eD*;L%_WMHNl(lqHd&`t+BZDyv>jkdEnGltjXwS7#Im&r@oDZ_}%hlq-b_<f4X
z>W7F6xP0KJg4-to?uy7Kf`YgriVK3Ee*Dk5%X{~2N!q5J7Lp%ylK1X%?z!ild(OG%
zoZHaA8{9}Y3zRX)ygp`wRfUlAY|7U=dDuWuguHhKfhPpXm}02F_&S4;;D$h5wP2wA
zv(|dET0v9N+PSJh3_YWgDJ8F=HN+^778yO&h7FLDQ}cxxjvZhc5f(I}jRgV5bP*m#
zB8}`nz8MD_OVtE4S~bn&bDnh=XR=oS*}$`GN*yasnB{cuLMRSo0LSIZrBv9clT?JT
zijI%7veiMbG+RS?En6_qZ*;tvCQP!Dy@@FRrRkuWQ_mX%c8Rt*h7bS;3BPW=nw->0
zMl}qOgv101Sr6rq1NKJ;DaxGHC>>1dG&<_U1LiO9!st$G6*hmBXqknsP<hU5-+Ja<
zkxgwQ8}z~~@u9q$Q}Q%{8%NLFIAFD5vrTl40g3!Cr)E=zH1$mMqg+r-GyFKX2$<{U
z=%O)7s0-j$G7HAID464ODq&9Gl46hQJE&K21j_vIAXYL8ZqyRW)$k$xLLZo%i9I%d
z!b`#4@QwI>kal0U-qdmE&${&#g#f%09ANCw66TXJ)T{xU(iAi|qZ+Iks0eKo)O^;U
zlg%D!*<`wyQaK{luB94Co~<){-{`EfzL9s&U~9Aix1QMs7o4g#t64RVVU|c%pb^Y|
zH7){GQR%~^C_!VKqVlK|BPMZU6!C#rp-A26q<M2rw@hPv_6$06Tsc_F7$#?xXpnVG
zhYiS-npO)OD)yatKxO9>Kom^w+VIR&xR%(*TmMTNiOdYnPqG?)l-B>6Th_I<IrYD$
z)>{1kqI??H2G)vXwPDgfgQ3yP)Pv8vXt=)7PDngeRPrgEoK*ywRMGL}h^i7Ro_jzq
zXh{smCTaK=SbAi#kV#{?6MIwb#G<J16p2Nenlbo$U1PMlF?uSAwY0akwKqjU1j;A|
ziSN&m69a1-1A$dy2U!nH2juVwYy{Rb+!=M(BiN{%&uB(2+p{DdgySQ4HV!Hs+1@+Q
z+$0s4*0P44+}lK}K>;nRl7YcQcVBOOU^IbQ@aUhwDqz6cxCCjC4RbOmKZB)(PoxJ*
zaX$qVAC8ligmsZ3Xj>G~>WP7^{ULJRdBpLItS7C}nA93Omv3l|#At&YBzylRP<$}_
z6h1z%t#^2EpdUxozY}La$cR8vG=k1b-Gc)I@oo&tx7V>eZQWJ24v!2DJBqWM0hlsb
zaxdV11)%G2s|0C@L@_%QBC4J?U?QWp2XN66jYXp&V)n?2jP4wYC$@DBCq_nxdj~ed
zp1i3y-q+)L?p4jKLhRK_RN<*CT~)+$&u+F14v!L#Zs>Eb8c1@)qXvEMRe`3?^r*m|
zdk%!=-*ngD&;6h>A#*_G3t8{LXj6*^WbC<Djh%5x7L#hw=Ux>s?Wb1-`rNNV0`pjU
zRAA4&YW2r^dbjrTdQvU<xgXlRdb6H;)e;q)gYvC_sVTiG(C1zi2IAYTI#LDk+^-YN
zaOu?veeR9!eox3sR-idFJu0y0UbW)LGCjJX&pp>=+*~sDbr~P^#MjooKCj~V+~T)%
zTS)MTh(w6g*H7tMDwGI0N|@0nCCW&#6^U@dR?y`BxWVDZ2D@J|Ss(`jb;cy-u%{mu
zoYfIHh-^NQqB;62t5Jt(@AwDmb`Zx0Sb1I@SMzE%Ni7<(y$X1E9oqo#vo<q>&h1%*
z0{@*e7_^ZxU`R0_2!&KTTg)W&w9(<HouxVVtVD%|v!3K@$=&ukJbI-$4z=vKp3ks@
z#{#q6ny5$&$44kCXb9Iq+!F;N_|Dli)Ju~~!yb;oQwg@0Q$iq^TqVI$u&?dI)P4ab
z&j}S4qbhjb7Un3OOBY$fM)s4NxmfBPe2iVAO&c4*YX>HHLn%iE%^+xCfQd?xu^C6|
zA|`O50LPR2bMTRL#}zHj8?gaTLobX1Nlt<^z7{&OKgfi521Trc$q%zyx*kVdCmyg)
zG4s6*81Ev`J`Wdjzsra!(0@`X;3JVqkvkqX!9<y;?w(YWduc{UmRCU{_=to8vCha^
z&~oKPVV^=IcdIDN&{A(b2tnb#L=w9!(kBRAEbJ@H@uBo3K)I&1Xa#I`WhX)YL~HwG
z!0@cQ63RAgV9U^5S&I9F+EyfeDTG-|Q^uFc5h%i><?F_mR207=#-vAOQ05e6y+=*k
zwV}*2sLUH<Sk#U(??_n-W1KDeql~!>%jn{4gJFyLG<#smECt^vp3Dd3&?JfPJ}80~
z?HF=;R{LP5n0FwD)$>M7F)!m~2o^47Tl6FZne{4-U$%_j3q?#2me;3cOyNdJaK*Da
z4kkq3u7xULlGd{mjB}}3iak_6;0;D*;3z|Zx;lv)5yp;a6sz?j%|kKhjU2R9XiOf$
zX6ok5)0ky3-wNlz>@oqKQFj7Zc$RM`wrQu#k-3h;D_RBEMKMG0PlBRC+@+0a{b3le
zoyv*+abR^cOSq@n#8a5Nbfb1O9`Z>Mu_zrLE!i{tJ9QuTW0ZZ{J=$Sc0Jw_VE(`F`
zNW7Y&3WmE1Y7y?IDEYS&d9X|{@EokECb-*?bOA4zOp)JRQ&cel7}K&!e#RTyRu+1<
zJa20R&A`4*(A@RT(giK!UBgwnWJ#U^-%%XMIg|6OgF?Co^~6W*6sQ(FYqOm9w%JRk
zX-PA4z4Wq}<yIIhaZu*JJVX_jBId8AnXdT_@GKq%vla0NJfpRP<FMdRkSWqA4LaG5
zjWN?T$p%5S39^>83_#KKjvZjHyIP}rxFoE>zvhkfOh=%xTZ{u3^_0mnAyY^<S#_EP
zWFX(75-%MH3Z|Z~85hCVEc>;5ISRIJ%F&qensODpXhm5d180}k5Ze>sd8=8uyfO`Q
zsL?_V&0(U^H%1Omz{eS@Vo8*OCq<f~M*T_YR45oG4$dbxPq~}DN8r5^g-NqdyVxhX
z@CK=ggLE)Z2e=q1=y^^Kro3;U>62zZXZsgZUy6B^;*9NbTv1?IwEAE+#t9c#K@Hg4
z3#@f#??6wS3az4sh_@<R!@j2|Sr(at8<u?&amfz!b{rr;cEwnEsX>x3=$0qxF)YSe
zqBeM4%o^GRnl|Z%x|U6XVbvSlPJy)3Ej+2`#OmC3ZM4PJ0H(6(?D8~mdlTYatnC<^
zJKnjYGyar!$a=&MV5RdV5GG9_zEw&}iJmK%GlSnPI&Wt2tw>7P7`#bN0=lqJn5@aJ
z2?<e&HHtKamUQ9K0ji_>7AHC!bG6r5%P>lpq2DU3tCNHsCWY+M_E13t2MymTm~NU!
zl0P}dUIOaq{~m);T!XPdY!sp^O)JAmS=~=LC?C!^sdrF14G>EV41)TGB9^Id+ZZU9
zI2m*t@(BUCYjuQ)t&dPgBbOb;69mS49(=CUV$fGS1rmgmoy0h9k!*89h-HE+%@BuY
zA9W0#E?^=`Iz3~RV{^$MnEm8(YBr}8`=F~y&ry*d7t@fQGpq??H*nzr56P-j<EMQe
zl$Ifdz-riBbj%`R-84XJ9%NE7MU6=-mihsU&Qd8%bUM`fU_s~C9dh#wTWsYgBv2{N
zER92I!5Ypg{!EYx8<-?Apzb2?2Wb1zbAlJsK}N9PFvpb#L#F!AAy(t;SohNDtR+m<
zH9LPEW7jLurlWS+Kzz~NbO2;BZG1-BG1;aak#<gzsR65T)}2??1Y`9c;!R(onDyN(
zO?HsY&Z@ZJ9<!-JH+;IQc%dXF>9#SaW=pMiekMd;dg>jQt|-)u?3x1g94wF-6;qvH
z#5ko&WT%)pLBwUF1Zz;a23t|=hD@zM`}2@)T!JngBi}bm2)SWmXy>X4yb5NVY1e2V
zMuc{<t5w#9>g(Ay8$y~qnHKC|6w@nhC-mHq%T+0zMiJ8;Cd_vXG6sSWBPFC%)`eq_
z@!eZ!Z+tGOv`3G+`RKer2$=$OnGFfyphBCl?3-wV3dwLLMCudvM=*Y1-}<<@+M!S=
zWKztqb-AOsV#nH03@>?4N*Lh5WTa{A3tKWDNLyhdF9k2^^@YWy8`)uDvp8#5#2WKm
zN$lDw)1r@e2zdbkCFu1+ZU9VileK|R&_e8Ho)F_mXmMfnWe82i<Od*AE@8#tEv`HX
zzs{~LqB(F8e!l+P>)k#EPR1VQzc9Z8Gn)+)ySxtkQ@l(Ym25Al8WzR<w0&$HOH>)+
z{1Gw2QvrxI;IRYI1vZWsn1c4?r7{V|AGK5>YT`B5uXrx@V|rJo;h{jeYDnss>m8dj
zya9@0NIFEY1P8Hy$Y7P#(tK!u?(_<=Qnhjta7{59wteLSyCJ-@lo`A#R&a-K;A0Y}
z0)k`%ueyXFwarC@3ifAONzG1$Oo@V{mA&DIlk)LVMH_dVC3}RWi?@`~+pSf87G&~8
z#j(sab4|0d?0$=VMKwPYW(hW?HFhK?-Qa7nGiv6B8sp>aisrEydvl&N#FJ81be!Ti
zfT7eO>%kV_d;xGd-c*OFR$#XS7zI?jX@18%e5p6v5ER2t!&N1npqQ}FOV}D-n70KA
zdVp#(?4*(n5Fwz|ZPoyfv&cSi3x=~|ggM2vlVF$|4Ok)>JDFIff23`fMTAwP;*}}0
zI?2pJ5Ka<qCY+yfd6(MqlQaXSvo6=nahD+nsIiWbgt&^DD~m#<v2PP>DbqwPqEiYE
z>UT^}!xkA3!1o3GA**#XH37alh%u=bVV8&93a_I+&D8Pht<eA{=P+h<FEHg}c$`c&
zc_|%=p=ig4z*HOPXIf#;6*3a<0}d7vda-@SrsulMb%L)Fx>I{hVx7!?OhBljOp)P@
z3O;ap3AZ^KwuTzzHcJv7l*w!Al$FM;a?(QpZQ3Vw4iN%-9+zezuVf9yb<S#SDy+&}
z`GL*7#YNkE_)(jX$Q@l~1*PzgnJ1j4lTAgC;-&UM^tmByd_iJ{g_$>AnrGOgA2Xzp
z!GXrXO`E)iV9Sj<=Wz%dWkHv>C1Is>xd}O#CpSIezyOB90he8-Tmw;V40r5}CAUVq
zpzD-$<|^#^cm^<;mR=ITT#nYV9ZO7gWsU=WvaTpqPS|yeRiy-8yBrhk5RaG}h)qV7
zXM=7L+?C2hOyx3;+*J9~2haIqsAgtS#@$$s2rAp)C#U3<Ogqe;%6)*S&w{EXCuIjL
zT1qX@>oF89B`RZstUa$gV!~unH#m{#d6!IsE;76e?<HjkE7E-_E@{OSR^%Gi%_I&}
zKezN#)3>9Jb#sYFofhvpbbwyvTb<=`#E1o{G(5thZG353G>=4KcR3O#deoOhNvTdB
zJxZdZu<N4XCo8rQmu6zptSO>k;d%k7koskJ3HL6T((-sekkf06?}(z)>_j^mEK)l{
zM$PCTlm*R$nw65E$jjF=9)<YyCM7&tlrCmLRED`$6Agu!3`ggL?zf4IF|jKarH8F`
zFe}+)ZidvGufoK&IfugJ)Klrc?9wb4>Y2Vr(Ze$CQ^G}r2w}}vU?7sjVBrVnN_dXQ
zVuJ}K=hqGq(7G9fNr8M9bSkDYfq3hsbp83Lr8a-IMQ~@cQ<AT58xoJ?%r;A{RH|v|
zoRzDId@nR}8yXU)!~i=abvLGEPXei`3+2d8x%(_<^%L?OV%<qSW$eO?{nm~22ZD4w
z!LT)(2gCAPMlIq!`voQH>JBj6<6r!Ju)`Aqi`vQpV3|2=5OAec6yQG{KvD@UEDN=^
z0z&i?MZ|AgA)AaQO4=TJj2o-^4V~&*<%cZ}eQdx;c3NIWdg4)%8ntXC=@VN?dhpH5
z(C@al+z`s&^I!fW77`GnOs5d!TE$^6S`3wI#wkmMJ?N=?Ba-zo?3fkP)B}R2aQbz-
z0KvkRZ)Zb!L|pZ$xh*Yhsm{yY*GB{ug~~{vUM#eP2x{kQ(UQ!IorpL%7(QZr%iy?~
z&<qguXko0&z0uK=oiM~xq?Pn_Pk1@IlLN4gJJ%U&ov$yTRu+sG413Ik596xyV6WD`
zgFs>8GYP|^T^svomMC%e8{aUjIY}^&uRe#zd0GR!C~3Bzv&rFMZNU;HnQ3VxJ`80=
z7@Slby0Z>S8k(Kkk30U;H~v>oYNu2u{I^W}Z);0a)S3UObzMs>|KFl~?D4;Yc_j(N
z;}HNnN+WYO7c~Qvw6p@`uj*ME5xg05MNQ5rBAC$_3kY7fbOM4!)GUB!kJ{Dq3Om8H
zKTT>%F7JAlQZvgk3V5))_Y@N3lu%(5u&qw{C}4YW5d~a2@{4!}e-R=iy&`(h!%Ju!
zc4+<%_teQ8e@b;G_B5Y|r>KdoT)7f=K3gDM<$%~9r}c>mHKk`=FHmgcvZxtn27O2A
zmYGqqMVc3$+5;U?X4n}Dh34q&@8%ML2bdU{N_H3aQ%o3BNyLP+1z1~CxOgXF6X$MQ
zWicoR@tG(rX3=DDzych-y{K-Dop)d=$Rh4nB*o$Y(c2|KjaS|iQ5<WMAjS6`9Atao
z1VUU;_glzXi{i2<%e`uZuN}17BDIQ-(`vTES(15(@d`2+8D)Qmz#M$nGQ|v)(`Zq{
zRumo31r(Y=f1W1L+r!oh0?U>S^K0cxNSX>6O$6;Y67FVA!|ug2_h3pg_jpP&>yS!0
zmeRFk@(Fsl)M0}G>460WK}%zJRHHC+3nxfUDM&XSIH2SN1F)UznoFvX;Sj7f;Hz^@
z;gT||RKBR{q)8=c&T}A^wXEdx%8UcGwn)+dRYuTYf|r^(?BvW&iO>}R^CmzH7!V)@
z3-1~MsdE(MN_BrOi~*G70Iv$tHazPf)H_(53rhWACp_kI>Bmjt-c(gPQw1@U{w*!*
zfJ%Q<&e4;klHf|;mX=qfWeMEP+C#U3s7udADh|QK@JAY1u4L_T;uLXnXFfL9J2S*m
z#4oa1QUoJZPmFBs?v9U)v<K?k(V3jFS|5HoKL-22-VTpe65D%6w<LN8HVxX^lRR7O
zcpE7uVchhXnC?(3nOC|;2LthV560ScRo1YrihrYnvu$#)WP9=9;lbf{7Q#R`KbV!V
z;`pxCSQ9-90nw%fpC$E_%FRV}=8lFzNcD6Y!=xVMs}Pb|J#A)fh*R%sUO7yCBv|XB
zG_!NjCg5p^5=UYSiwQ)ytk92A!}Kl1n>Al2X|TT>9AV<)pp28=fo)xVy*-I7T?0LR
z@ybzcujh;Mk<s2h*pGI^ySI*tFx!gSmn-@=56l^w-8u`nMGZ%j)=`o@83G2+u;W5Y
zYzA3NdSn?K(LM-hp8_==&-|enUjCG)!Jh6@4`?~Tr6JmCy(}7`WE5rs8kO@YQ?U6{
zQME%)H*DZ1xq=cic;!@*w#MGE0PVVrnxV&h=JPONf1L$gAt%y%Gvvg4xJ#qAB<pOX
z_40F@xw(r%1r$1tw$pLuVUFly;U-Q)GaZCL535zi`<~*2qRCQnv}{V<Px4B30<F22
z5+ue$(WvhhGD|$W<npGwbW|$c5Oc||I7u-0)n>pK3(E{K?R*Hm0`TA*{^{Vl8`IeW
zfjTC8QW6zKDSx3YF?m~N5F?}gqdWwIaUht2`V@=pUmIFY`@n!sxeS6~@20CzU|fus
z$M$<@`$JvBUHx*Sq1E-2>=^T+zio7aWwCnK=;&~Q8H=T!onUy<I-|e&LP??Gp|Kp)
zD62z3!|i}ZPGdEH2(3NXYR}q+frE@Dy0;9s+a8RJIv#B69<e{@+SKiMu#G;L{eay=
z2CW<h;Tq~l?`z|%LW$|%%NJH&gu0i@90S_LOUxzDAW@Qg6WU>C8ve$aA>D8gFNc%q
zS|KM)d{fjo`=K51?*PHcF;-sS8RQ&uUe-23T?aDI=)mT`iOxU6nE1u_Uy9cFrmn4h
zqaGNsZ!NTA4Ai$h*wi;_f6zNXA0WdqpKa|OXy;;BwNbU&nvGP*JwvIGgf)P5vGCMQ
z(>ze2%BHb$O0%h6rg&0Wcq?}#uJh5_5(QnHB(n3NSmp7vvb#J5+~cIOMDyZMwaI%`
z7|FbrE9iN)?J>6uYPoe!3R_%kF07>wIEA7tq>Rpu$?c;av$BAcW+1_UTpZ%$CZLyS
zt(yT`hS(frS0S09tSYCrpsF8J$=vdtmSsvVHJF~1BCAeH1vyv2M<NS@htOwpkL^(@
zM?^t`3ldyzaY`vPWYZ?37|TjZLHH$^P1Z$y_d(9{N^nKaH$7QJ6*o}?UMAC$?5Wfm
z-DF{b?L+RRSc*a`rp{t^Z&sgXH|lcjqj4=u2vQ%Uq{L~cKGaUO(!yjE%C;jZ(*qOy
zwmTaP<0MA3f|}VyAG6#bVOEBOI_yS(gL0;~sLRx$h+I?UJ(PWuOf6|5XMUT4AyI0E
zp7>cEO?BD10ndx6(TAeWZJ}{w-6*?AT%v>Ds__cMls0r<ny%tH^3a+^oU&W`E4}@r
z{GHavFnGy#^LL8~a~1~{KmwT0uHUDRff(P%&eV8(0X>a$YHlENvEqHW$>=m9T#|xU
za};_o9U3IT-jWS8@Q7{Ubh_{b;~<^P2q22`Fd&>AB|~{cr!`IVm3b7x$1$ubsnR2G
z55XqMuVx)tmNH&R$Oyy&R+QloNrFUF)IzgdJya5J!lZj}U}Th-KcNBq6AOiiSqY>K
z{DrN@LP)CJBZ=Prp}yYkUN4EmGsB$>B^wbhOgA6vEqi*9nBgX#%PPpZ{=vCRIK`|m
zgfqKz(C!8uJA_%2WXm_a=0}K|SZg*ZRF*hn!jiBlKH9w{F%aJ|8n&q*!Yy7j+$mdz
zO?EyYQYB%ydL>MpO_kK}%1+r(ZZ^!#_mT&@{TPrN`t8(ouuRS+Gf7Oc%E_0QOi^j-
zrAqUjF@RzCP}C7IPPco$CRoH~0fC8y*djD9wl7#~%$btOS`%fGF?kQJvV2BmM_8dS
zVd27`X-F1Ur)`yEslEg*LzUsrnf1sPCbg6j7nQ?&C8Xu1EIVQj29|VsBg<Ux6o;17
zsp`D*9!Yw$P?%?xU(q53PsQ3!6r3g~IoPP-psCl2)hnsG_y{fW!fSlCshUh2vArzB
zHm@zz|Apz1ru0(6lyAc}+cnBH#J5Y2Gee5_WS)8A@OkC#bx6dnIJZg@`q*UdauPT9
zTChC(8X7vD5qYahXCWdACblS*ziO6AipmLD?(~8y9jTuxpIHlwo|}L@W9n>Jdc}L`
ztaneR{9vXrb?<?)?&i##Q$AeSTcj?RsM<MjijPG-S@O$ZU7Z6Bzm(B-JDUd#Udf4_
zIf+Z>*qZZ7^Gm@so0Z1en8!*p6M7x$l_r^)G+$Q|H&ut6%TEf&sch+0o+sExo2^RP
zGn$CTL+)};zRv-zWxgnRPH&xrWa()&nm6Q=T3CmeC3vLdnYqV|W&Jj(>SWt;TIQCl
z*W|qNZ^^YSafMpb0&<kPzYPWrDu8YHp9cLg!ZCssij?l$UKT*q*2ZOF^PvdBppq^%
zx=rZg<4yx3GiI9REPiW)zf37tmgsj|clW4Rg%$|qMO3R;1v08Nt&*JT4#}@rP?Zh2
zWz4wDQCW(wsZ>st`j}f}{9>d-)WgKFXv4w|$GrIMcMwrUNLEl?9AFU=CvxuKp+cN|
za>wkmDOy<*r38y}OPOc|UC6C5rcd*{WeVaUrF_B|nbfr5ctm}`Xok2{F~>aiWL9r&
zo_fe?rP4HvW}-M2jgeo7<s+Yg#M~Pt;|<j3LE0-N=ZApowkAXsvHw}_CldFtoFJHG
zU#d<WA?$n)a6m6>_KeLbx2dxQLZNW%=mFXP%5Dp@e9p{@bdRU5Td)gm9T+X`dS)XQ
zy9QzUa$24~;$?`ewF!lM@I10bFBWpe0+~|sniWxG9eN_$!2?h0XqK8xXK^^|D(`VT
zJA12-r_*P}R-b2T`pWWRS#{D`%I7y7EP^nHk!q;CGX95;FmhkK&gdz%gM|*#xJ4^&
zOoWUD%q8gz+MF$8qM4D{d5V)Sg#z-S89elM3bI8Z$#yXo)G!MVFu&M0UuGyV881&T
zU@Bad;AderWy047%+C7U+-=0g-Aos+Qv6L!Ixp(xY=BmJR!3DBc8Hagm|H2ZkT{0&
zY7T|xdh<9?79NEgyOj-9Xi)CNs`8dGFuE-<vU6axYlo*FqXSImB$^SnmFy8#07xk`
zGM5~`?E%X(zhoQ2JmA#$Z9(GXlh)+9L6ITSTqJCLa-m;5vg;O7$Trr?un-p(5z*h@
zJDLDZjURqmO-ZFVDjDVkx3Wi#I?sLu@3pHcp3_cYmX+mtcEXP>WtE&UsUuM^J+a>F
zAwnw9#o<`J+IhGuPL0{d<EPB{+w4mp0o&*8VCkt7=gT~&KbPrk=geMNZJA6jAhhKe
zmb?$FV=ue0gtbpMT=-?Cj>VD9itycZFA=`2X=w!n>iF!MivSo1myk$F9x|7i@-Uy+
z0CO7#4rQ`gJN8GhGY*8WnjbF1;9w};tDmPVcFj5M6=2Vo=rj_cqhCVlZ#~9f0<w^}
zL#1|1ozSu(38F7vW|eH0UwE<xR9$sV7~g_`E5_rER90bJfyFOs7<3ky#i85`EJpTT
z4?NOEhm2}#Hl-7UZ%Vbn%6Qe>rZ?dBFLyC#lUaHJ7v;b?XPG-qIP5>A%|E(-lG#~g
ze0Amma3&9M3;jzfEiC3{2050dfn){PX2kEzF|zjD`6ldCF=1s8JXWe+KpG;ai7M8k
zb~<~!62iwT2~ed<)+1J_QN$^FADWjph*y$cxr9xtgt5$RPB+yf&s54b3$x$)bDP2C
zEX~63Y<oyon`G9q)|K_pZO@810iLTpYrgg-o0uV`C8;ZKd?F6h6YEA+Cu}K(^4x4v
z6^PlvK-dFLX0a~`sGaw5V-8HNmi0g>o-Sl<@k+LR(*qzTsH57pHe}@{=Bw3J!pd39
zm!_+PoXD8+1psV7lfO6nc93|~%dk(a$1XySmA<g1ig|&TPQI4;<OP;0OSqlSX_?7c
z`H7i3?=ZDv8VY)n<=drYMpS8`nD?Jqk4ha-$pkGe@_}tO1eHDKvPyX#bIsvgXjvy<
z6{I?g^s8=KlAg1fHTMx|>cumfk8Ea)=a$&gH5~7u7{i~VTZZFZJ@DYP(@rzVgC)=7
zXK?kvza)B*v{^1Gx`GeHPYge>q7OK)6~PAHg?vlX=UzpvBDNzB`<Vx~cG~mJd#t-8
zUf_b4C2|XcocNH>S=F~!X%SU-cU}C9<E~7+{^`asEw5Liar#`ZJjJ-HON&>Q=+ScN
z;9dIW6ld^wW)sI(CGv>l>p5i*_a2s4?r__Xq^#liyj;F;tBil9a4h4MBOISsnjO4u
zR;j^}InFyXIBUdB2<6+bPS@v_7ktrjVPnqR3f7-16E@acI*G8$WTmcs7VG1m|2s97
zT$KFZEiLfYk^j3b8f~rR|6YubBmZ~L#%{0d-$QCDuajYAOv~z18a?eC*2mO*K_|Ux
zz6jcfmNAl(Ghx!BsS`RGP$!kKFgD@H8$PEj;gk|-mhk2_%o5(#7(J!2sR^@$w=}i4
zp1OEh!V6kPBnclE$-3(k+j|F^n?h2tX)T*VXIp!F`_iDW(`Ra0s*dRehx>bXNDTym
zQSMKsS@v;T;jII`J8+WZ!aS$9?SV&{a?!t)8hqJhCP(TF(!Z7FCAVr=LV<5qa;b1-
zImx|pD9g$kyn*(&z!>n&q(`=HR4XLq)bfs)MM82<DEyL!&n06xjsdZPV}P~jF$OdD
zwqyyG$6{J^=QbF9J~^r9nvhyZ!`5}@C9_fIGYaipN=l7*!xL7-8+Ctl4Z+JV#-6zu
z3QaS6P+B>c-eN0=cM{18$(N;+#Fb*bquoj`@wfFBCsTR}Kh1Z{DM$&Cdi=Apla}L-
z4%9`!_0&p|8X^F&TY5$54|oX`Vv(2Ih1ZUypAj1QZ8a^7?uMQ<8KHeqImg%r4^+z5
z?xmU$8jH*&eAyp;tj%iVg@$5tPYn(4oKZ-q9OsLw%~I<O2gkz=&s*&LOvL!k%gVJ$
z(b5K))(VsMMAXdf7V$?t0J6Da0mNE%^=N@6jiR1Mup4kjTr_CnSX9pQl(Dn2>}`9A
zQud5z0FEQ@fQJ+SN=N#;`uchYMu|vA#h){-%)1bXz=SMYx`qjDXjj{w4)GKkh;NP$
zlK};N0%-mX^PSm4zcGR5$zcpz;O~axqg#gum^(1t?(l#b%I(6*?(f=>=m*~3wK<*u
zrGE41mObVjQ+<hz%-49#eoIvrhDzDFSq^=Y>7Af3?A2p@)|iVk{W?9VVGv(TjFC?&
zq1(%5wa}v}6T@n<p5ce#1BMW0NPsq_F^3WMFtObqjvsEVhnFF!!0`~WuJ#tW5<1zQ
zW+qDE`DR2hwp3Cn9(r59dW?7IZjlxR`a*=#a%*;H*T_BMQ5$|aNCHxMW0Kz{Zeq%o
zU|A0OWY#9?djJHBIoJ0UHQ-Jv+iw{uBgayx6F0rt$j<jIw+E&w6m+at?@gNKjgmYv
zSAIq*hsU%gwho**Ft~kyI%>9CkCASrpWC{I*%NmI)YuL9muu5!qrLr}&qhYO`iHz)
zax{XAWO!RwpWH^N>V1O)n+2RUl5z#>x~gvM-Hc(uaz_I@?N2~OiVyd8d%_*>?(Mh1
z$=A2^L`;rX{Y`y?U2<2$aa&_OgIhOZ)^e{QnNi9fLmKEB-f5pg*E5bX{@k;NF)gd)
zXM!DdW*&YZVjUd;G=;ml(32<+07iXUWZQxSv>7@r7iU(0`lz%DrB>Kc8C{X~`0Bi-
zPQmU)_hY($;Ih*ag-J{9w|Vd7^=Wf=v9=c2XIOqddfbPeSf<XwW3{Qu!1ou_6WU#R
z0eh*nn|amgTuB_Eot20pKQoF+yoO-Bm`;aDR?jw^tLAkp5TnB*O(BmW@raR=wIH!S
zQRQNi#s8QHg%?{*wxJ3BV2ht)*}Umve87Sr@Fx#?kdVUhZK0>~C<rTh+*!OKM&n|T
z{IHB*pi**rPJ9K+uPaf|Ef1{*A$rj83R-G**IM_=8CNx~EJnnAkIea*^}Z{%N7`QX
z9CtxO*x{GK%2F^{8vV2bR|2moRY@~>h?23AOzQa*zc5<3@ncax=8l^3R;npG7v`Gc
zns#~#XPvmi3#bx3BI+cmWI`{9M?&C8TKhYmsB=2PT^;ud&Z1zihSq4t?$yu+i>KGd
z`L)~i`DDnJ*oewmfT2ki1VY=i>OceL{tj!M?eGCPAC-_@>a0*;hf6dKC@*GM8Ov|A
zj^_)te*kG?gL>MHGTlTOT>)eBM;EY06t0#8rX>H)u~LXa!^bF%rg9;uutwU|5RJXK
zWw^^}CL(2N#o#N*3?qQ{(0`GkiptOJCf;zL^20x4SS+TlBOtO2T5_*rimW0okrz`J
zvTEFmFPB$y>`A>S;6KL(6MaQaMPMcX#nw%m(AN6exO2umXU~yeQJO#7?6540GyyHW
z2t`BFVMa}9i2mecF}qhJiQ`f`0_|%DVtopjHgq~6N29R}?O<YbaI~vWRIH=#oRt{R
zB0???Y!sL`W~n6zD##X0sn2pzf{dkg*lZclB3mA(3yUB^2nUU77dWUBvOcN~RDd^;
zTz)DmpGyW+i5YcFNLryADNF<(64hLslkkj1{XzGTnI9P`%h;^&9uVj9GlfZna9X8U
zU?6&`V4m#DBRlj$WDli`u0%EgX9gB7fJu@W;Q_?V@XUl3o{5n-O#qx^Y3|W_t5%4Y
zv}0XLB`R35leakJ>zGh?%^afE)>LNpO6LW&i<}*Sxg-e9((rfYOYf5=RFtEsGu<T>
zd&!EE5m{Lrx%6$Nj<kes!9FY|FT%N<$u997g;3`Bv(0SgQH=}DTt+usSEtr_W;1GL
zHB!Y~T1!#~nWS`okzCQ9pOfCRi4(mGJ3#LhR|P4df+-D~IV&t(L1Gyww>kQA=2NxH
zGFA^n^dN!ZoxsVFKvd#7-U&qA#4AUgEJ7yH>e8QIPEj5zD0z)zasYpZ=;ti%IDzOW
zooz*m;Hkiz?y!a~jqISaO|@wnPAQUEh6WomH+ebdzA%rH^6Fr~wu)BU=-<uUT<bjx
z&aL@cO3qoO<dn8ndT!Dea%bRVCSt~UsP-?hZO<fdvq-X8N)VaTuH&Cb)NdHfy~TSN
zm1Z!k)-X(SQ>mzh!nAo^H64dA;4{xqI!Fq(%^YR;d1AwB=1OU|*V#r$$1F~bn9{MU
zsTB{7Y$`L)7aFGKA%5$R2TRm=)(3-KLuZJzULqAE!<v+}5dDb@bRQMyv=^0fi`t7;
zx__BGiQP;yrgrOTiQiF`OXyns5Qtws;BiW{+C;-@3lEk{tQD9EyvlK6R8k9(`J64y
zz9fxGS0Xs&6Mh@IW((1`%#rfpO}&6S<k=FRJB>&4&OXEItP@juMD7UQ&ek&$KJ0>1
zsz~RCi(nyAx>=?pPYbsD&`TtVszebh5yd*YylzYu@yYAPtzolD?Z!7eDb|$_M$Y<X
ziD`4p{bsf)v`(&Y`ebP{i(A`q1%a&@WiO)_qky+o_<3D1Y&cjX<BQ^4+BcSwlBcJe
zOxZ-BPG0HAK*cF<7XC8;b1b|F&NE9pG3ZjxfH{}Er4<NzGF;aFrWqUo9Np-HS(&g6
z1S47%l{`gxk8*QqytH7-(;FGwE5R$ZoWV{plX7~wcAj63lM1uYfuNLUWzp8gFMD$&
z?~xPANxA99NmduF%r3KBnMFLWymF=mLHODtO3{XA;<rQcClx%_W7G1G-OMScp^0|&
z4O<4GXBG+^opwIqQrkRDnXq?@E72^>vjeMv(GibsB!SM?jO(d=TCZK%4W+bO_Uwc_
z@eBjo%(>-<fdv9Br82|0>dev2$=e3xKru5+pLgS?El|8#%4N9-KyyPHl^ZCN$JLHQ
zF_$Mz`zQv$t+i@oA_6ndlXz8_uZs^*8lRl13;I)phq)mwX3^Q!A$0!Xok?eVJW#Pi
z)*XiR>272mGET7&vkiM7wH#K<q1D4`=6TL+0#VsCnJKxf+)@UiS$`CJmY{hi<0{Ya
zY|MwRv1|%65xKS*euPca>CMV`WZS5?<<?{0sW8u$Cr)OSXlntmGCbJVx3R1H%!R|t
z2paPdCsM90nijA+S+8b^la6vZu}r)H+&o7VX5FiIB93Ot>)JXx$mohC1i<}ikoo|I
zSRwO$VsL;<w^Ba91?y|mCec~-XVo)(y32Ap#}w*5u>q#eZBuzDa!etnBKjzyMa#LM
zSlXb1i)2N#jdP7T=FflT@HD<6Dw(Z(R6_4}DR!l@x4Sd=lukzFm*<L$m0Y0o*3oB|
zdCDi1Q0WvdRwRI|b#o%+0jbQ7vYn@YBfD6VB>Wf2e$O5z|FgI4a;7-;0t>UEwwFjd
zlduKgsU-7RFpUVJU%N}C`}D!?V#!M3wV609d(eUDb2-1{b#mC!JTuu@N0rG+QrU^)
z@>%7wBaUQtGB<GZeM<G{YRj*uG;fmk2qg4WWeDFwDIHEy{<FHQ7VGlW^h^n3g22I|
z78GnQVp=Io$i;MeLE9~+nsFdYIg)aBaqWn)B2mCf5N5tM-&v`_W~W%m49X>6+FyEU
zE}ZnkLeuv?opT8J^4?DceL79NAJ_4)mu+VjdBsZF<4Q*XE@BYia!WJjVK@SM1{6sv
z&yND7n<@nrx+~V1zpRv2uB$42#o1bVqi0KcBfqpn?vzH3d`9lPNcN;i^GRMLcA$AB
zFETa3IVLY+_2-bhXn}L;by#T-Ce5EtS>0xwq};*uV`c%7xUGBhm=fE1z4Lkt#t`Wk
zP*jm)%!77|CMXYp6jU65&k41LX%2{Kk??|T*vLrMhOofkHu}2RTVaqk<Vr*k1}&^B
z3M`t<r_{WGR*Rr}_ZIBfWT-OpMAucnTRSApi&&}`nNx~GzD-su#UbAgIN6l+uvoMN
zT&P0LB>@-ITbc>DNG$``v-abg|0|~(g^9dsR3Qgg>HJ^KnC;7%|7%@Kw3h#CF+TSE
zUqfutaif`67O-w54=f)3F$^f{kq0bH;;EvNPwC{WBJfy6pG#sei$rO1Fq#`|U1PMl
zF?uTI25W6=Z;CEnZm=YcvuDY{%)D0GSZ-g#xXLnHEwgl6Lz_uZB8Uo8ZaHd|PrK!;
zAX0BtlqPDPX|m>$4NIynT@lbBRgY5XBco)CN?MqyvF6ZbYW#-J+T28fCz@HVxv{u!
zqR_Esn;XlXtBhY9+F=6%Z#HB1i9%~*==!0gI3C%NFT-OVy;1E+vji4->S!uR>G@D;
zf7uSt<W;idC-}{BOJFs$xvG{ccSFyX^i_U{e0C+TnoH&?U(C%qu*M5%mILhUGgdj%
zRZ*>x9f$${Tct6#KKh+8qr5)tG9gNbXm%E3vZ}Rt>VKW(ERB8D*mcsNY7d=-4vPj2
zsja6)MKSBfP7!0t6*ztr?BP*P8{^=(+LFgx-Jn$$l{kYcY{(D+s)B>pnYa;eq<w+=
zAF<aPI$?xac5Q6E)JDi|L+8<`Y%kGCMwh$?Wk)0tbLHrho?@1YJ{7ls&mriP#zXss
zn}&GIGD^aX5Dk7?u$tGBO4__om_<2O9Pd|WKk2m*2J=lS5g&Qb8*HU4*fb<{{;+#e
z`8YkZWF*dMd$!}0LO0!UogQJGq+D31NfnD0%^9d*$X=0|(oj|j$38x9Y*5bIez*e_
zb<Op39Wif+cBc0$8Q8gWww6VY*&I4632o+WOsr#R1|81wwjSJBXtpdg=w@Nzn;C*d
zo<(V+p#*OeN+>U7=QZ$(R;lOO6A$XK?IrLp-%!KEO5H-|Z;;B5DQ!Y0xNVHHw#+)z
zsR3)CN9C?qG)l8B*>@@o9jP;Nz<3Jd>>6fZ<%XI@lRY#?nGj7^1v5ySpQeYaC>L~+
zlT!3_3<01X@^x(M8#)V5;_BI0gf}NLS74qrP7S&!X1NuB9ZWDWfx$Jx?&-yGgfI|o
zX!CG<Br&>ms1N=bJd<xww1U_uX;C~OW*n8Fi93B*0s~{FQ9<G+&(GvYJ#$0|j^(g!
zFx1%@MPr2H?Ua%?Uz^EDveZpWgT;_%vjD&3NgxfRg>hyR%^U|OMVg{8&XZE1APa{J
zn=M&P+lt-?V6qYlS%oGxmV=a0izS!0#cX16ze9yIZ2m~FY$;1on>m);w7e&sBXrXv
z&ekh-(@Ei;0+ZHZ53ZbL5M`Ndl}(S>S)I~BLz5X$SP|w}^w@kb=MmaFC(L;y6A%gM
zSnf5-2W$wQO{h7|4#&hsXGBp*NCtk68Cuq<^9F@Wo`>4%9kWz5g1{ynT$m}S+<X-#
z5|M;W{LO+~c!FTXKc>%5)aV_TV#7gmT2p{ktifc@s2J3#U~VE5SeWgHj2E-ql}m&X
z(qJRSZnLr?QMr6z?&L12q-f$OE<upuJ~J4=c-RIF)BUoPO2=_->Gx2*aPUI;<z%cT
zNQ#zQDS35<0u^O>!FskJ3hZ49jHF`w2t`Td_#n1$W-0RvrNBBqrt;pSNDRU*Y+@8j
zC&QUA?BMkY`$Iqn5R?>M8_tBFT*#3(z|DUAGapE9As*tXG|PN3u*@2Lp|ETPwKI1=
zsmK>N-+Ts=Q_Jju6Nx+R{L>FO)A(VJqw|7_2dH>JWDjQH8wwXeNWBc9rL~tl*cYDc
za!BA@z1V%D#=S+#O4O68#C}r^rj+-0r2*b`j_7VcJ==TvW*)Mt&Nj~5X&#XQVG{{Y
zST7x3j^$!+oMrI0oiJqnOWmR9*-E`*J7+S0C16Y2Rgn4f2SeWNS$CIL*xW_{cp!+0
z(!81zK6A5aQ3U=75M>2iaR+qFDo}lin!)E4hQ27V*dP;YSq=D&eY!#&v($=3v?-MH
z3xUQ-w(&Y`+!4P@!z}j|)%;A@3NXM1^49KRv2f0M<zQ%AbDjh=n;7W%L_J&9H>YXX
zdv%y?39`Y$t5*}dT1<7j&Q7Ki<AU!R=rNUIW(?+7VHi_Wc45W}#8gny0F5z|8nu*Y
zCf#y9k_bi8;h=4%IxG*NrL{BgJYg#pG|M57V`Q0jL2LQ}>g6hlXvdoUEPlm7?JiZ1
zooxHXRn9Zi)QhehJm1bdq{DbLi9|!_m}%$g$f%{Ho|0fzE=Y9VF`|CMvF#Dn8_<Ya
zAVDciE=Y2DyriTsW2Kmq4ppf-wFa+gSrf*$Sz->(8yl>`xB@gMYM>ugfs1S9P&fN{
zQZM|Kju`boB3+$cXh&Q4)@(|rk>yjWJwDiJ;`eGe+Tk%bw3=gsD7ilzg5XW+*esb=
zfp3fTUYW>HQQT%lVUT6TV80+pzhFoA+}ju$X1^3}I35x!-}~h*%B!>f@@kg4vn5~|
zV)zttZ+3w<NKhgN727a*@F2@RMGJ+XOb7qU-=ZlQ5Ct!gHK4#nua1*=Go5sH1SiKo
z(zQD}2|@&Seg=T1v=mQKH?7Rrg4vw4X-p(u*fXI`(MtqujD+NrJZKfv!&*Tp1rOMO
zLUW1+PYg^D0;HE>5t9T(k?BdTpc**^j|4T8eS};v4mAqgC);W^M7wV?yVtX-s9{C>
zcz^>`sc2@uI36~fuoPfth0{&y248D>-X$NEj@(RE8iy$fKGvxQ{Pc+K#05cZf{ttH
znHv?*A_c?Bp@#$kD8jq?#A&S@XSk+QI<pONc19&GKCIN3T)`$;BrAy-b%cyo7BlJy
z8MRlMpfloCrPa3z&YfqKHnWO6cA(VMSf7r(n{@{SLEEsU0mL%~8JBMA33XW6QlM2P
z?J;f&(;_juja@ynyE-J!0#`V7vkN@Lp&E+@p`&14vqOT*@DnB{^Rdw87pN&EWbx2M
z-SL^8>%>P7U6NjH^NGjwikGZVF<g}JMdW&wM=%N>Oz${G>Fq3{8NDE|h^;IDmRZ9F
zfp2i545Vj>qg9|pprci2PT`JN)o<utL6088mO>w`x9&Jb>4`^4IV4hgVk_wvRLL#9
z{0;x*Ki0}4CWki9J6;l-aMMtw(UP=wC9#r=8Y)>jI!}_X=MbA$PQG@B<}HbMJK=R*
z8C!FO-HGZ;GxY9|N8b6yf5BIf&8raoRX+Z!rM1}^|J4$W)#ASv<71Eif<G|nuGp`3
zGO8&PI_UvEtDURqRf*mb1V&@GV$oR!Z&f)^ivzP9!?ZBP;b@!$`P@|)rsb$5xtsWe
zX*nx+hiL^kSGIzdDhkztYI2~Hcc|0c!nJJ8&N5)Dm^HMCEWP4cTrWT))FmLO6&Ddg
zKWmwVx@=&VbG)9zP0lN{YtFG<RS524C`n9ZI7X&2jtH%iJ3gzuKtWdX(nkH2QMNi<
z3Td^Xtd?Am)xsSvm%!v4&zIeplr71JD#~gBJmE{BZhmoARSL6W=-Q-Z0Zr#}9bzgY
z9e!hU)5&;xnK32^w1&SygrIkR>NM@1YB;lYkMrirxrI{JMy-Raed|Ib&aTXc=s+3Y
z3X|2WG_{#B1k<Bhsy16UOIS6`<W=IGBOb~19Q)2IX_v*%qo`%Y<Um<P#2E4_D7=|^
z*L!RtNpF%Arf2acZ(cKxzoZi@8DKvj|HX(NGl8(Sm9-Sl64uRY7EBZHS_Da+3zme;
z;1@yQykjFGc*%i{sCi!mdL!_TL6^<dBTcYnv>JM_jLBkqwMUwn_n8Y{fKHQ&dIksL
zu6|7#G`%xzwJjPP9^76@WxohEPQSB>VzULY*}}m*gV+RY2j&>g7Nw5Lc0XmSRr~Vu
zUnej{yR<#-@HQUZcJj$)e4A+Fpy$w(Sq#lT<jn~ycigQoYNsrESU8v+MUE>SnTu{1
zO2#A>Fl+qT!{%hv%_o4)O_Ws*qVq%=(m=o!V(1wBQVF25v(128?&_G89I^0XL?tnG
z)eNaCxtE&<e@pkqLD@HPcENwMkNul#=wC@6mU%hgyU3gF>SYCk+4IusyXP-B=oQ>E
zIA>>h%<JppFYoIvFG*v3eVJmG$(@}7nd1o*qIU6634i@cFL|r0a|2WY7_)0WQ)0{U
zWuDb@_c!?~<wIK5iw~LSDH1C(lU5eceTSEp9HZ=4#w|oV!MtyatFtRgLUs?x!iOn2
z=zj46zTpB~250o+cl)Uj#N;SBb2&Oi1-s<wzVh4>76d^tiNPV|36ZnGlsTEa#Ce40
zU5s-cCBypykCIn8d9I^%-XmFQ2*{k{A<9ZlWh_>+HCQcpM1-%@w9psx%_G{Pf?x|I
z63)rlys?+Uu<j9a@k|Q2sDw)GhS)h>GbeUDY7dbx&P*#Eezr1eH}$Z$2-e_bIl-eY
zE$y63DWJo&smLZb%R*<jeYov!%gx3ncsO^+Bh1~Ehrkr@O0xnU!7`e&owCsDqA?Pi
z^LK9p)oN4d;b=9*9c%x9?IX=PI1O>EW^x4}?@ZCaJ1nMDG1DtMqn4+s-GYTSC_LzN
zKBtx~bU+n1xB=riU<qhYSS{2``j~fki{ybACRkb$<jld;9kd(BoIs$DG+>NZ?d*((
zN$<c&e0Vg>u89lx#QWl-ar^avcG_}kloH^gh-C<HpRU2`$WE{@9v8KmfktAP(6WY;
z<+%wd<|HID;KvVQ`<n7vFBPtpGV7$&8u4Bq*4n5-Xpy%TX5(a)aa0?3w6WKHX{aFr
zNhSNNU(k-NLI;Z&_2Q9Iz?;M%_oeL@kyp+eU7669JXfrKXx5^UgBiA4IYEdjHIkSu
zNi3(}wmAxPuFy8;xs6YRle8lhz2n(P1JNe3ctl0_4BNRxDYCOj+)jOB54YR!MT>4B
zlG3PHO}@c&7Cn?(4m<|G)RHK@EbIW!axql6ASziDr5A>H%kC19m+rx(7G~%dWyl?+
zOdqMTO88vk3%%XN?Pj+H4lxvC<VG%WGUL+9SsymjSG9r<%LfAb1-5zbnx3I;=820q
zeR3~)M@*ZUlhrS#jjokSV&^ziS&KoSxxyCg7WLX4SsnQ>clj!k(z8Vi;R-BWr@2ak
zxaJ<ib;v@vgja1XgsT?9HQNxb%EGjKLWbB1tvphz)XrORu$JG6*%FA?s(|&)K3=ON
z?n}!nOEhH5%Y&P`yq62sVijwlT8sB76aUp*jR3GR@n20%v6w6VtF^Tj|FsyOMUMY+
z2Y@y62(Ts|0M^nNYbMd=_GoK+>!~E87)d3sW+xXj46OMX5C_&gw?MGwSx163*FwSg
zN2tQh>}M?&Oo|0-PGFMzS~yrO9IO@&RtpDPGT~s7P18Fltl86(ymT-ahgVo7n-lDT
z*<xxeG0E;Zmz$J~e1|@oY<31nFPIiSV2op`qL?wh{rH59%{wxzS$N)rYJp&fBoM65
zkFv%5Fc~FLQ1>&>BTZZu=5Sf9#e}(UTPuM_4>UdlL&N4kShaYuWfd>xv(48+#cH8q
zwNSBYg^CFwY$-*HIbf3EsYQm>BEx1KGgVelz>exoYLm4-ha|eJLdD7sJEbP+tj~Ms
zwYafb+?e+zJtoD~qQ*?uxN?5Ryj(S6$1D?zyV;6^$O?*<_O!3$@_2iInwV-T6+?zv
zEQ=t+hAMD~7YxYHWapwHnPV*_Go0Y`)eR_<?OOQG+V36goiYo%{p(PLmo=O5Wi~~;
zlE|{qBF2+7%i&ql#8xSkthu_eWM0r#ZsxYE+g{72!X;B?xp*&?T5Oq^n`IqI)J$Ea
zYoTS8(nI;svKmF$DZ)9+Fi&a4pw7Ws%44c46R!NZGd7;kvWA*307XqhA6|UgOEj$o
zzb$C+o6o{H^wDpAfGw}^H@|gTdhLq0%Rcz6xfcEQ%!+=KDBBhRS3>zU_xgp5i?eeM
zS6tj`Nu8aqe!K*<Vh`I-8JCq>%v>#It`;*_otQZqq-IIWqMYqvEw-)}TUU#%t6pqf
z^PGe0nrqQ@wU71jiT`5}N7cCeZAH2Gzi3NS>pDmLU+cPPE&gv&K8%a8kUT!=EF6zs
z$kx^vJ*Ba!2`^-8X~K9s+l6eE-udQ;*b||6OEbcbA!KwWM;&#=4a@vc#Lx;wdTi#+
zrw#iZ&W;EKyG|%v*h?LW*p#3WM;ekh8r2QC#e!`<YYb~+vTlDLFJ{e<mZHJVo6j!j
ztj9IZ&6|%+y!X1j1;;g393S5mi$?bVZ_gQOF{Sg(8z8~m-1aQw;q4d`3JFv&6%st!
zE98^88B&iOgh@~eDWO(3D3AlV3gc#plX9@lK_l|P|F{6Y4-3Ffc9Ic-QVa|e)%dfR
zqqYbwn^O1J$3men9a&k6l8I)z-GlZsrIs=ydDD-4X{|p2F*Tk&F?am6LU_XoK`gGM
zuRv(BAj84ad)+0cjwqLdc(f;PML4qB_jx8F@FHw;chprJ^<~YU;XaX=NCxGZNt)DH
zZ#CYq0iTLuAURkAXlS<inmQV%(`IYmvMe<;&7na-9kw<lVxstzhlBKqVkEwFEFDhc
zvxLB$KN|>gA-l3aqZije|5+WR@^o6ChV@<0(cr{91l`Sf!Qw^hJ#3n7(yl|;^`dtN
zxl;w+=?z($*eOj@YMfvd9OP_`!~T*^xCMWgVH7i5TxW#<9ThB42gF>6b#X!O>FXXG
z+Bw|2dCREp>;<h&w7xrpJ8yFXZolMADxQ&{ypE_XF<m}g_ryoKhkJ)mRrK$?k4FD9
ze<ef9<Pa-ppB-0VHy_XI8O#sBOsG8@`$uLE1>c*?LeLb6Mw&}BU(*t*{wXQ{PgbXo
zGV*_{r6uZ?|7-U@FUrR)|4*_DnPcXK%uVpMxjhE*|2nUH9JA5_#<Q6CAi+7SnP9?v
zU>31>uQLk;eZ)n0$1Aq`33k#>Tp27(^MnxjT_q$d5edf85Y4SLmgkz1wH*Xlo2h@6
z4d13@Fa8n@QBz%sMwlb2)PN($1nx~d$Ap!GLz2clb1>MonNk}x(@qvnp6!^g@KCA&
zue}`b!Aa~;ug``4c=P|v3~~aXpQ`jxhW~@G)8@?o6m4y(@&Cp6#CHr04v&sdiAy#!
zQwn&-Q-AH_z5ey2c1qQje+BEm)hYkAwnl5~e=$CO>mMngw)~&@AD{J~8cQD1^^gD5
z*8d`WeAhovKyCd$^FQ9}Kc^doiM(o5hX<5h|1GZkudS^$`_H0${MNsqfEo{YW`Dfb
zKXVnTmIP3K|9AR-v|&o<+WKFFkKg)d6i{3J&-72J_1|1222g(gcb@;WHMO<X*8gIB
zO0WOs8UuKSf86W8U)igUYiYH5eUv}{ZFcJav1oH`{V&F6TPO3n2y_n)Z0g<INg|C&
zJv**V1Omc4^2B=fE(DLp)qNy*qRR<0NP?}=Xb>9dAL<%S40h5=^m|Y5aHvsoz|;f$
z>~?VD86%xU@;1;3zk1}vQTT2)FbMqyMuxlXg(u}7NwPao$19tvtNf7KvuqF0z%4&u
zCtmUsE(0e6fv(|B0yL6O76Zdw1AV<4J4s$ak2nAf{<c$404cp2@n{*qwf}C1vEX1s
zfjV`64i91bySfKQb|iY@Lw$ogX+Xkg*YM`}XlF2n4lo@!`0fz?-PG5$c_c&{03W9l
z+GJvodh>)tqwsIfa4$?o0$xHN0e{T5`_D=;P{;agNP2YZTM1|cmQOm}9;nOgO=)@3
zkRyyb02o@F%}}5&nR8&tyIkNLn5hIi;)X_(DOw93c90A(CV(dpNMc|ayv=7w!??3q
z{JGXiKdYFBgJ5mc!=cr>aU|M?9u6&S?a>ww4~Ij&L>Khq&;KLSS~h|UXWo63<Nwih
zF8fbgw5i7b7vqC#uy>%lGugfy<{wt|ZqD}6V**#a^alP3SZh{(0j!X}ke-fdS^hOb
zdF5y)H7W-<yMkW(w)Vt30}}h9C7PR9d2@r<EjEa;bJ$O|MU0&j2t<<jFLH`BX-tyF
zO*$~F#=$1i*vt3}^b#VCJ&Eq&(Zoo+d+TsKF))ancR1eNH5#|LCkF@k(t66kcS9E`
z;A|H2PHWk{q!FIMA9cK4lu^e?qh2huQ%>o{k}XabA~MJ9-9!ckM@f7~@5rc~8}b1Y
z##6msVQ_qIhFEZVm-1w%yYXS5E=&0-Fi?5H+xTlrO-ntn-vS%YY_9n1`MCN2aJ;Lh
zKVHo~%JF~X`F8%_(%e+@|5=oe?E8&g-oSbDN*;4hDh13eG^M35(l<%73Kn$c`41vC
z(K0B?D%nCn1aBxHFV7HVO3~8HvmTQR&R8K-86~SssQC!lguaTHgeRq9o<>Y;rzZCX
zCJTjJdt>AD^mK$#WsZ5hNA&!JAkIKw3+5P|&{gWJo&in@tr*F?mSb65m=8a)GXnv@
zA1Mt(FUE>AZi~iH0nd&UGP$$}@FoonB+?V#L<%ZARSGPRPg++}0IpRKN>LQi=Z><L
z24R-%pFzy>yYzS=u6J042J;HATQb<)OHOf?WlD=wwr69vqfBnXDnZK(G4;pMvy##q
z*AikY+0`>B7fI>K#-bsWf+9V7vWPyeEaVLz;?`kn2}+&e1WPDoQW;FT2h$@+#gGe5
zdK9GoubNd<>``)2^BKmUY|U!>i7{iqtgsq6HBXaVW|L|JI%3GNp27415i`P}<r&+v
zkBmjiK^L?H)?iIZQ!<4?3~7RXrE-e_s&BA1skU(nDjTiTow`XV8?6L1jl4Rcqz|2@
z;pYEL{jX*pW%z&7x^>R;pO&_kn*DcCKC4I%^Cz!o@rtlOVFkjPS5stgpl>I?;vmcO
zhC4${*|HA>R*iNN<}!-ksPh>8f|4eFF^`k+2R~aH?G#34(9e6BSj=+LGLLgTuVDo;
zLRa+~gYQl7&@3=R>ZfVaY0x!r*Ro1r7HTePV+g6Fwh&-*`Np)KRML%59?8BDbQD`h
zu*h9qSi7T7`_9IJUh=BcJT}0UD`^A)p@GR&c`>Zq8Vm5cfM^4;!xO{SvmCz|YHFyk
zXj9PUgjS$AbAY5V*pJs>;7RtnP8uH#%?^$Lr_HI^6ij$vm1SM(Bn=e$6j_DLwNJ|y
z_XljR$BLNRl{6HyA~HKQ1B9U^6KP%FTg<VF{YnzL*bxYD^GqiJUBb`<mO-hLL?Ya#
zgeOl36l?)GjZ;ES$zwbzj3Z!Ds*zKZ+PDUU#XoGP4XlzCNz%|K;ggak&NgXC)9=Z&
zhOrwB>2u9$Fb7zz*Huj@#AbKao_&hD(@8y}HtMuQBNW^MKV!V-bK(DFI$JO%-JN<?
z%csUN1}K{uy-bl@aV#w(#F7F^VI?<VVI{Y(6e3tj7b4gVu+A>{jh*)PoRykMzzLY1
zD_G0YY^FKj1j{Pto*58DN{yH`%(#-h*`BQfy*sFYWgEEYA+Wt`7|DJ+ZuSk^Gn!#&
z*@*^_PzyS{lE8Y1cO3xPQsIR(C|N@b2-q!~M1a{?;o)EtDAm|}h!&7+tv2HXwIhgs
zK~@DFyc?LtL^5fbH`&fj#f`Q~ZJX}>AH^7>v6_1fZu09|Tm8>}qt5f+mNq>9X{{y@
zexGOg{_i*c>V5?Sfl=O_cOT{CzgVorY5!f<ysjqyEyf3Qn9440hk~g13Pmrk?kj=_
zBQmE5`7Vg%_;oYxY>5Gu)k`rj?=cOzlk3)pLbNuEh(u$9l&~`ZkEN>6P`k+2$zf<f
z!VR)E=oJ72DzYH|0857n71~Aayq@8~Awt7JK~vOo7&FNVi5{fFyLN&8*A2?tXxvt%
zo?VK7;xL&~@)&Pe-x>|ERB&oW(bDo`cp3`q*+bz|QYoU4adn!gX?jh75un$Iu{?JN
zXq%nEGcb>23V3z5UYw#i>S&{#!E@ln=}G!90<sglp!w%Sy?!ODt7&qEuD~2+tZEth
zJaP_uetJ?F$27^_E#x(YcHN`r<(@P6;`EfBmwP@KKv_=<lN^#wP64?TCKtvNA}Ku}
zl975Kww@;gVz*J$Q#=!Xp#uCfI>-@CA8+gG+ZrDs^=nQt)`SWE4ei+jeMVU9Xf8rQ
zq-YM|88f2;=s=ZXWCQH(E)Q6OBk{g?_b6elvDu@!4>)<yd81ioFr^0GUuy*L5?gwo
zY&*ZB_Q1g~2`a%*9h61&2up$D1m(wYNu{7KnrTP6<}NTji8c&uiXw}4;Xq7q07|x#
zlZ-HlHy~vA9dHko_~`K)8$Tkz1sA<cO#qfxiw3(aOys}-je%cND-g$Wm;&bVGlfYg
zjCgBj*;PZh6wU8+A@c8snwQl+v;X+*{|YdMYV7^^Dd+zei#qN9ZPAum{Li9%R;`q@
zoiQy-O%BmO;H<52%&omSF)})g|BUV&iYI91gic^2sXjeBu}#Tu?}p7SSX=nZ_v5$z
z*=a^~I6yi1KicMs|8Hrn$^VP;X{g30V4ijf+Z;U%VQFufRielZA`vW0traGPQG-Pb
zPd6EBY-)wC?M<h&H%D#hCaVK!X~xFP$n|Zlt<9|=%%Vb*CbD~4NPYL#;Y5FYbjx7R
z2uM@eVg|)K5De|5;yXs;188X-p%;r`nNXlg&;#x^7BvtZ5!Yy_r?<E1<^`XV{9KDC
zd#p~UbZ;ODX6H>XiLsN&Kg}ax+f!1X4VhWwY}Mffi9|?{Ao8KD-fULy+1L@J(r5Kh
z#YmDH!41+9iAMH=kWJI#(KKgNH5Hl9tBfx5nw?Iw2MbN+OOTo|QzO@e6a6~@Vs5Bs
zmVKrN7{#%AuQD{xe{%?Le+t6zg7m(gKwX`tN2c={C|E&bua?W9v~PAv38bE`KJ!R{
zq9zoyazdJkH4`>aaenasL(R2npK5*l_J8WAP$dPRoc!MwbM61J)|&tSqI{~u^DIY}
zSqK1v#OVIt%=iD+#^xAlinX^ix5r%m5!C^<io1GGd{gg0FT04rL!1!SzqTj{6D0)?
zo?v$I=ihhzqw~??tpBFgW|#fHsi_wKyC|RPEGglfHk;MY35;c%m!<#MsqL*T?M<;o
zm;U)83{cN6m0SE-&d9`Ye01yZK!O^f>A3I!!Ry_$p5JR=6VzX(A%@w7`$tF@b)f9w
zcVb`zQG9~}>WG?0w+8ku;NNQ}v=;E|mcFc>=sb!-qCU<}VAugSbKj)qYsnF@T2iw=
zx3zMEg8<45_f5dH{m>L9n0C{&>I=<?DkMmii4?Ry9-|qKCvYyto6J+1=4c3hH<K}~
zK&UhfnCPV-p|>gXy9uM;Da-xM(u(6;DyTXZg6v5|0yE|ShYt`s*G*_>B?HPv!(>g@
z#_pc@8q5+7{ZjzC=?!n}IDr}IEmtho983yp1A1oK2Rr4!oo(<;Qg4I6P}6w2ww4`k
za2Rl`tR_7vQ1f~3a}8-^L6&JWOsNA87((opf`B~wC_9-L2Q&n?=XJmtcV5b?IXt7|
zuBG;dDGK=M#(0xilOw%EO}yolS8Fz_;as}vP{j7+^_-LmoH@#hwtUuE)IOi}!4x!N
zr><a#(DSF|aUSBg|2y1g=ha8){XYh>zSI9>U0bwf|67!gm;FCbu~We4;AmH0Vt8=-
z2=EKo!mGFgv5PIKZ?__G+QK9rZej{%dLfH8jyG&*=<84K&8*gTWNtbpLlAc+h8Zwn
zf|pWK;|-dV@ODgYdtn!4u32N6P}l?b8;Pvhon6DMD8eo#PNLZeJ3Gz08N;k*Bodsa
ze2m{=u`3vfn75VCXCWxEhx($bN(%REC;@fNLZU$|hnq@uZEXC`2kIMNZQN6a$~(Xt
zVd#x6A}2Iu;gm>lR}f&pUL<e7L2<i`*r)JH7}y%LY*NqDtkzORzTp@0GxT(v-IpO<
zog+0X5{y@T&j!w>d~t;Ugi$dt+l*EyV7FGJjr;Z<7l4Kzfb{zAFv%s+RiR$K6eCRH
z1KYynz`>9MgX(^~oDL%+%sV$(--vB!o4R=59iL%tU54Rg>9m-)&ZKm_Ih2YK>=_id
z-tW@(z-tSKVw$C?*~N<P35D#71VcS3*#hh+(R4~eAtKT&=%$zh#Jnz2y1DZpTL!q5
z&#OItFQ#-Or+l%d>;6p9EtAXU*sHjU(s9wH<2K8K)n4fRik7XG76wd{PPvkw*cICo
zBCofUFV01oqmA7S254rh0V)VN$sp^Q_OXHNS}!??!Ot*Rk87TN%K^24K9<_BXU`tM
z33eBy#HAY%p!Y&OM-ro1o>;$=FtEf^Xr8ss-!$zZuoP@gXS^tO%<pE#g3YvGR!j5O
z0vi6h#e6NC>4-o`!0sW3W+|PY5fH%%c%$@kaVD>`0=w8S_Mo~XdCPI(oLw5v%1b_U
zq~024*c?aL1lelJY=E^T1Yu&6gei$8m_HuU4!<GGI-26Zo1oa6+O<nuJn3qW)B_J0
zkJZT<8$M}rJ!y75X>mPibv<cwJz3{^a*F&UP#4-GO_;!q_)W<?%MNIm>cbdEF`de;
z5tpLM;}g?sYM#u~Oya(h%!LfMBqjk|o60G5B(%;o<FPg2HRDbAry2jW;Gb6f(}sW6
z;h$61ge*<V8fBe4Oj2T;nl%(If$#;+v`CJJR0ngI6IyMMo}1#Cq5^7fz*KF$$Li2*
zZ8T_7FRzUFm7cY8i*7v~fQ4Wf!nCZlqMsZa0)wRx!yV3u0B=t2t;a^Cd9t^QQ`OMG
zs)0HTdM)Uv<1OLw*6?^+czj)W{1jQ`ri~$<W>bTC5{}1cXO&fvr-I|To#54Z=AZ}&
z95EXP+xZ3O6j?DFInx*XHWIdh@j0|S4h>|GG80%D6Y88wKEddbd$9bx7VPGdf|xzq
zb9~IEs6eZ^UdoeUp=r_PgPE0-bZ%0C@u_(&N%pEU#xr=D!qleaF;)1E8N7Ta%qk*J
z8^s<)+agb!m@#UNe0EJ?w&WaUE11NrYZlWBH-~huqpIFAV1pIzXf~wMX+(4~v`f#i
zj*RE5I=xUlPL@~8R<`coG8?c3nv|~Yj&lhv58E$(eC@v?jb0VbfXn%Rv__kp_TN}7
z|NG*6s-w}{6OYW|6j&xR&y(O->jIqwSIr6JP|x7}K7Q+;XTPk92S~a6PfhDw{$I8G
zUl!?8oz;W~Ml`H{Hf!G^G26<QJiwZp7svywI?W*0%j>CPk|v{~oUcIdx&%Q0WFHVO
zF|kEjEvV@kkj@l?mNR{`$>}t^1$&U7hQkqd#_gGEMXJZ`#Bym{?^QpE!HnQ^0K&7|
zg4r@#JB_s|6^G8G){_jvvZ%y@VIo(i_E)nXdK$4cyEm&(XM1?wu=@DGHg;BlzRc`k
z1&Ir*9_rPz{6D4nfAeC*|HqnL@?Tq9E&u=Ge5%7J=E47)%?%({Va}53fLz-HDjQ&J
z4|qm@{P@2}c36!*O7s8LSc_Z!Z?5J4UYw6l{P!$9z&7>9`+Cp^tR-sq32TXxhK6Fc
zXsD^O(Gmr9f1ym61S?X~M><-<MY@{)X*I52DcASn_SJ#1<|gRpCg|xUSaTBebP{B4
z<EDEc^<gmm2GK{y{z~}0*PI9!(}{4G&5^LQCm}0`u=x#!mtc-nYYa6#zQ#&5O3{~N
z{wMx!h}>F?$ClnMhI4RMl-iXX6#aUdt@Ghr+#O{AEaydUh$?hUoP+zL)aNX;1#|AR
zTAJe4@^%Y07Fm@BT;vT{DTvfS7o0JP=X;p3OY9$2XNb@tsL1BBSrEoZ``}J<AuE!|
z<G2zQCSV69gi~z2%ahO@Wkb=)@_v;(5p}T}F$c`qgjGn%HT+o+^cmsRIR`4^wTKLp
zb4PK;E2Ji`o;j>cQqcEOXz6&&!VF(wGFB`Q3LBPWWD9Sl?G=&aF%SuBtgm4eFI}Wk
zo*f0{C&Zjk*YUL#1}1rX+UUQWw`ZMvd>#g=2ATjQu31CH2$U|Y7P!PvC%6l(<0csE
zAl{2&tTDI<MmRz!vW#t;LaVYr?O>S*Zz{|YV-F784}}Q2b;4+t9O1~=vn^%{qoEaw
z3Ln2OL#$&_Z?FZ!_B^5F$Iz7;7;~DTPSA|P9C7O8{k~p-%|4OH=qa@`I2AmIvm2>^
zWkirB(A_yQJL=<52_WmeA8{Np_D;LN%~0ZQC{gixY%_P%K<KPJo2FKG)Tl1kU;NZP
zCGzsv+^%H7EXzbN`^h)DNsYs@*KqyAza><8htTARz-6ilZ5!~OR9M?<!fTl3!7yGu
zlylE>MRt|5nJjR@D@m04XiiR}>X>K47nqmVu1#@A>6ot;labD5(eQ>juB{y)lXB#0
zs+Wg9hlpz6l9^Pf+Dl^-^~P&5<Cv?{usI1-G;I>-=R~al0|pH)RU%#+sMQv+jgjLR
zF&?tq=f^M^Z4&+CS>tBPS)8y60<tX!Kh`u2KxeVpL0P@Bw<ndgJ9Jw^p^%NoY>$#_
zDD+O*c)Z#5NNUq#FSnAx`nlrS0<*;?W>s@c1i!$d8uO9D`B3?M%n9uv>EQiNn5H*I
zTbV7&DMWOyZ6Zm~AtX%#bXo&rm@1u=N;*x=rBiijQ9@qL=u;{u07IsLCKm<B*2Mxp
zQlbeR#A-~j*{?2#q8Txm(=e9<P4CsPnNnHoGq|_YQYmeG9N^0q0+ifS>V7noE(m)|
z06g|>hA$P7Vtfwk3JC)KZ;{rQf*9sZ&%$*zS{}#tCh*TB{?UARDiNqQ@jpi{i`|!A
z@?Oa>P+GDUftCBhv<u3SQB53SP=v<yIamcgZrbDG(D=A{k86$N<CZ<H^~n-!ct3V8
zaF!jz`*91}U`h_TvJsDak9fj+#FO45))s5Ti_Gmj2wG0aZpC!~Rf{x^K)ntQ6G3Tt
zw)@+B3I5qa?=)Y2=vhef2M!)$nwLV*#?*qA<aZ_*_O)OYqER}FxE9=*kSd}MfqVyb
zn2(#hA2)kHwo`{#Zw~4Z>&-zOV!b)2L#($lYr>TT>QIk;+<WX3-eaHi9=o=t{K~LK
zza&=3m=1sZ*9Lukh?YinmTO}n_lw0|8?zq!0`3}%zc#W9wK%8^1n;Dmy<z66AyWNi
zd?7SMX2Z(ho!3mKSr|2sc3{`=9NGVvB{M8Et4<OeN0-asnyJ{Dpk?cA3foPg)a=XZ
z!ds_L&q+pj{G=2#BU;x0ggUbekK${lPD-r_3NTm&Y8jSIlg@e$W$`4#QV`)gb%C%C
zucYqDOqJ9sLMKNwg<MiE7KAh%nw18*)<syIgre5QAnD<_#3DjORvbmT8!LSx@&MD9
zg9j{|XJF$_(sB<0SCK1Ah&;2_qMlk4iD-;xXnVw@_$+QF3oqQdcF&8=h{AJHn5L7E
zmn3LYi56fUEo2<1?i{*C_sp3@7FkZuHmQ_?$!?|9=A1*bxFoeK=u9$c#gTb*-V^E^
z^)qNfZAm36n^c#Iwg@w-l$lW!hh{UQUc;W_tb)`5-<ROj%GyMkDRpWVi?K$_P3deG
zsXW|JmC41`_8b@gQl_91qPW}m?<0y^b6-^%yc(@|U($n4d+G#e5QV&wH5BeL<G?T-
zyUp*CW6_52lx8sb#`4Y#d7Vr1;5ph1Vq4FtdBy4FRKanJ?eHcft+z^+EkK<u)UOT6
zN78cV1)b-Rsh4G494}8_H?F{<Nd*^(94XKO)&5w-sU+<7qv{}Xth$J7S{jISQap1!
zU|HuW&$BF0dRDcL>#Ipf*6`WrhXqUvJARsHkg}@z6OKR6Q`S`MmQWI3Q6GHOh+`qf
z-_U>=NqzlQSilht5MbLPGWG_}l+b4~!aQ2hx18PuonxV6NNECos3|4TVOL7<7T^`$
zx4{~jo>bV)==y2%=3UPKu2sSQi*IZ_s9Epb_t`|x7(g>iNzM@n7-WNT?!SvPAz58=
z6<RQEx@Z$pT|4w<l{zsOGg)@SJmXIoep7wtR@zNM%Z}@Z!s%#MUOyrmuEV)<!on5~
z1I^HEgXf8r5rbiV1rk$ErSK-4bL$Z;WLpLHOLAzHkUc=ki?HmqXscE&28l<l7CENQ
z>dT5!w9$ka3+Pkd?A2AD0bthm4C&+DJG5NpK^|rhfSy|cbiz#?`b=Oiv~&3;0d~%Y
z?>dQZ=y(OgpbE9gbTldO8rBcUZ(}OEd<Y}iE#kl(uxa*W!HEj1+h~Etgp6U7fH?Sd
zPZMnoyLC`RMRk{=9Y9&)W&lbN2|jW<a76@KvCSy2QWsCm1psUewz#B%_#9Jt@Q?k#
z%V`e_da<#3&tt4P&0}?get3w&EW>%^k+C+MW2-dg$Bd0&%}|(F^YEAdXgBAI_htTO
zCGpCI3gU^9m{T{%@aPUDDqp{RbdkhxcsKM?y1Z7HA<8($q)1_tBA(1_P7d;$N7RVC
zX63}grBsMm$jt7~F4Goz5xV3u!OYJ%Y|m}X37Zwv_X^JnIcARzoPmb(FPbUJ*AGZS
z8-**MFJk<*#LP^x;DjY51zy6e2d~tST)N8&*OklGT-l^Ch&oUO0U21$?kg%d+w^)z
z@uDFnGj^ZcDsFZ!U5mHG**lU!f-a(ZiKHYHJJn5(5a@*nHo%1+-(OI(^!EBHwQXgv
zMUEdhXyHLMyRu@&scZ+LIC{=#IYrAGat>TB-i_OChOa&jc%ogN4I;vBXVs{{LsMp$
zJ^~1K828^y(V*L}l1i~$8Z^9GMx`K49gA_Qt$tD%GgmsjTC&V8?~)5b@`aS3qbB9-
z>+Gex+0h3L)_tYaW}#0<?AKbBypPo5u%H4q&jFd!sA97nRbeu(swAW5Rd!WOeL*h(
zRy#>cXdWXSt9+z$YCpNa?WY!grdpgcRp&KLJygm!iO(_D_5qdD2yCO_C8;AUOE0OS
zWqx{|Lu#&+_{6ACD8aJ!iE6IMQZ^qz%ddU;oSs<O%c~qr{Y<_B&UyJ;Mc2OhUijvJ
z)f=F(Pgkgp&bu@-riy*TK;$q$IVwzjbzGD0_dZG(ltsKjLP0^1kVaxCQc4IY4Wk=I
zNXO`IC8SFbiO~%M>F$ovHDKh%7~AvX^Zo0$zxH}|-}j!^o_pt<`<&}sR~OzX$1aWe
z$74CCXajmWS(yRkzI$uA)9Atv2APCfj`dTqSD|^#HC=zlH$C6{&X;y%g7DGTV9jIm
zf5>o@(MBA9Zex3|JO0MRQ0$IO?iTU{(l_KH?BLb`xiV@j-=$qvQQG^iFGB}fkPYH?
zdPAI-_2N}YC(EwGqxnpx0i@zL<zMrnFQ?wTsTEwq+;9`w@Z2cmp85C)F4Jt!x4%ib
zm0UpkBDaZ{-D-4zSmCGo?o*1%=g$1ZoJQnFJF;`n6pVFuuKzQz(79|Z^Z&1vbLI0%
zdR^cy*d#f3<mGkk&x3vm`E^)JOxoQFvx+Tq?vA@mQ%veP^up6gspG^^ioy@ox)Lwf
zS_>NHbmJ#lg3bFG?=$@@f4^Ds=Ft-p?fIB+srl|*_OOD%Q@%Y?Uj@ntTI8Gdf4$eV
zOZCP6w#<797UelU<xAX0<htALpw-??!1eX~jP|k=-ypJSMiYSpuWs}K3y*9K>jP^v
z=_pX6)e=An<~ryT%`2kLQWci1BOszX;|#H|Frz;RG}C9dt;BR1bc!SQy+Xa~yTjOu
zzrP~_@&Z*a;s0a0XWZxvxQxy1SQ}3u8oT$B`!k=H@kQ3HjN^Iii6P(vDE~J(y_-LD
z1#z%(S_U52M$P=Ma(q>5W+-xga@(p=!-hd}sZSv{b>e%K!6-_|`M#BOx}cJCRYbAT
z;*`Yw@B;2fF=UzvhX$R*t;FezileOm(La50lC`47FRJ9V?t3yW`rq<|_=h@bs%$a-
zsc9yTbT8aG*A4CeG@j&k4qcAj0?(70A&P73h?oAEq~dJN2GjvHE(HM;0YlOIo2!C<
z9%dr-grz?psO?<MPzDg+p(3GTmf)1MOJL@iU^Oue3g?EsukjlGh&=suPqH}EgeAbE
zN}^pg<^|L08OPvlA1B2e-@B)i=5Hz75HY?FW~yI^1rJ;MDk;{d1m$`@GZvi^-xR=U
zd?L6Uq_`aA*Id&@)poe2U(Y_Vw<%r*nmDt+6$F#?iP0wk{vwo||J6>)w4a*ky<l8X
z8m`;T>u_FAe#AFhUK^2YJ9|6sS-wGM`gm&`Nxkj-_Dgj*@U!m0-mm`G|8dWc6`5la
zrR?9pZaUA|n?MXv!lbvC(}mre{O`=^kW21sJ3X(c0!i^t)QTO6niQsl#z$9a{jRg(
z|ND5~rZ?lt<*D);@Srqw_SZ?pwEDP_yw(X`OcKnBZ+R$ihmTU=l||Y88Igr2)=x3<
zHf%&neCyw=iwq0yvHp7R8;YgSp{rO^)T0$2N^943?X}P@*IxUOs%CWm9;-^Q@ZFqA
zUD`3C$8uBn`?@oWJGVh~2k*b2#qN34N)#}LhHh_d7L@1iEQ@}g=8n<m_a^?92R9Zf
zTmME>z+7!n<T$pq$Msch(vH)`o?g+9jS{r^`H>$rB{fw7PYa)!!m#^fF6NJzP`Y}x
zA|>A=8gseCeiF^jE#z;O{;jJqX{q3y4;>2Z^t;Rq`$~mxAznGq8kj)-@42|OgrgCk
zL_f;Xn{u<lahF%>;Fox2!6bP{>GQ@)TXvN?2Ae#nMm=dI_NNJV#{(0_$J}qV-)u&P
ze2h!xcwcSaC=IF0*%q+*)G5ONnB;%*`>=JG3elHN3YI5(@yJ@q)^tM3rfx5^H{`Dz
zM{w(79ZA?rdQ5wHnM$Uk`^9<1t&W<6p3<xtj_(t5pid0-B0qYD#T7P;9$O#Wnm{sH
zIozLs5lf!L=!sOL?s=>TH24Ms`-nO2HV3Bvj`onIAbnPj2IB{Ys9-7Ki})V)utIj$
z)+gVNS(x8#Rex%_(Sx7Io5tu0|Kce$dU5qLZ&{?~V_rgGU8r>dH|({?y%cq;;QJjR
zOqfDr%-o(*``^k3tnTUada3=lehJFnV*5_ivT$HK7HcG%*duu0%3Ucuk;;!e;ctV9
z#C{hMagF^?acOBcFqz>uFR9>q$e|7x)&A=XOI=Xw$iM;3Jo%5p!u0g#MDJYRZ-F_~
z82~cVx6Vyjg&?B=^}TxpIYs4HVroOFUnldJB+GOWKTX~Xf~VBaqaviuq+%+fl>hln
zuPpj}VhoEXmXC;;@dx&%_`@kA8&m2VyH+`3yeh|H&tp<9bR-HB9$N(8H|z61CW0?R
zL!L#w2G5vg8p}$C%^sIUV`922JMdUHDftzavn_nf@<awAe{2csS9;}xpaRo0_(i%b
zQfxH94oS<?ovS*!0xN)F*v0Z~pPY9E-W~tgI$U@ahP-$=!JXc`3O`rKAC2a<vW5%}
z^{cxSzx^&}D>9{TEavbaE9iBrYQd%4Giu+C`j{sOBF&yVUPg$D8it<9<NCP7^%>Ry
zIw7&wNK+R>-facPV6ltb?v4s{9`m+LmVYn3`(veTXQuwxO#+??Yj)>P7Za9BGU<p2
zUu4SfuF{*TUcr#8OF<$>R!`;LD}L)$^BSn<yBqPR%h}Kwg*S;^O-^HZTWP;_gOV#E
zY7&gtQ!`9`-TsOr7n*fo{-KT2B*pBg<yTU<XX_cix&H=6SPl+Nuq(-xn?ACz=AX<p
zpZvYk6&un&e@n2Gf#zXs@|1XDw@<J3%h_AVr+r2D2)y6hUmx_T(lb3?@aPq5ymtxy
z4GoM{IS~g_9)x|lr0XMStq>UX9C4_ox*Pln#P*PYlEn^<-dr0&Bj)&Pfu7_>yolyM
z0`e^fxeXA*oq?aV<@`K!Gr$7}6A83MgQ>-(?XdGu)35~sx$|Id1@Nxdpc>#Y&jfVL
zZYIRzwRA13D*-Qu9U&Zy4grougF$Gh)dAdPg`Af8o)8YDK2L6g2Fuk%nF6kMj4oBc
zmDPi-sF?%!=kA;Dd4xtJy6}t5is@|6Y*wKWGa(qjpuT+m5NIy901To>TMpo5gY!VW
z>#r-Ij>iQ+%se8%4PC0@|2OswxOh4+QFZe{3jm}3-~HAz<+x(8KpnFQfYAKT7x6j@
zLgYr-VnJj$@Cm5yC0c6YqiRQo2$PdnU_uS6iM*W%=2o}R%S1Qw$R1M79sf*oEp8jW
zZhk*ZG8FFiR;m3c#*|0c2*jP|GoD825i#elml8_tI81g>aVw<?7!Y&VHZ^@?3E0Qf
zik?EtYz?#qfm+V&#s%nbw8G%XB^N7LGa2miibuX0M(HuXjg+JzH#>H9)qG(K8)Z$7
zE}qpdCO6x;=(Zj1v(>mD%}S06(Q4PL^sFzs(KR|?1l}Yn&zk-b3OZ8PT;qDX`>%jU
zR<`vyCDXmCflz%HMdOp`w@GhI+b$N<ZR_;tWWa`@i;sMk5jKm}M4F3Y{8&<E_hFUh
zuc_A=hc%yno{jc=jOuEtK<l9JInUEe;a%XuC4q5<&-MG=!ae-h_Fh^&fj`VPMGNNV
zudIQj#Ng4QIA=6s`{fRv8o7{Wi@g!=6|ls?6kfrv58zKvx6A>W&rUiEQ1exLG<dXF
zn-d4CuC|$nw%)1yegHT5&GQpKOAWi(9LxIcCpC6Ab5>-XQ3iLb9k36ll$yd+7JK&|
zlCIkF_d<tOrka)7F|+7gLg{d;`B1%-p6##?a=mwO$Okz(MZ2`;_N=t(Xsu5kA~bm5
zyguzxH^)=|HfeR^tad@uA><;ddGM#VoUXCc9fR*&Z<gz9HRsZ3+^~M1=AoG)Z$@h4
z_|b?$ZM}2>Kt``-`+sG{o9ATj?#v_3SV4iWsv=%Y-gK@ZZ6;$~48j+g2iX0~V$$sA
z(Kq4y+#_tK*G+E5!V|HP7Bgq@Bi^Z2|DcP1DD0n>_Bot)xq|1W3@eoDYcf)s)7Nmj
zCD_IeM>{8N@NC~kZvXdsqNeflh^4mQyHL%9douB6Nv&~QdJeRMT-J*`FJ4X^EM|H4
zpH?}gtVKm33tLFgDYEUR!wqd;(W%&iBJH#r7?sj)pc&l^){|;cO;#8?(WF9Zo*hx=
zsZpS9hiiE;IAwP(#OQmtaq-F=2m=J;U+o;;GF%`ap4i&hI&VQ8%I5*PEdebYT$XWg
z^a|3^R%!=KIP1qIL+@NxEh8WwX#4h2;|57~gf?Owep;yYGEaOfoW#v`#xFgj=iiib
z<%Qk@mdJw9QcP%J->ZbVCQ{*H@7S8;CuXl0RbIax;e9)(Ap7#6T;w<5zCqjK+JDg_
zgvIZ}`$rv<DJjFP?6%;g?;|d2XXH``X#qaP$5=7Oz7+bi>=>PlguQ<Z-S&eHJdJ6e
z6$$2_r5<x5e0B`&n(H6X+i0R>OfKqN?>nxW{X|wjXCEkWt+%f|(!5V<#8zE2eP5S{
zmbPHI@`K?wy7D!hADSVQ9H*w_w*?m-)8!dk(Cgj(&VI2p^g%j9{XY2zx>s|Nw1wtE
z=~EiylcxlIzh?_fycR#m$Bzn3-rTLuIpiUt3<@vWCMUn;BsX3~K3<+BqbopLwMW`s
z-Nr}6d$&}~{DVQfY%hc1gYdJSzzUX`<C~?mUh)qF`e)2mg`9*~iNVY?yeyvS3L9B|
z;<-zgH?S8dIP^7|l$8=)BBG}q-a|g1?e$*s(|bgTMXd{6;bDt#rSzNPR6S1X674bC
z;N!xdW|a-BC62F!>R40%cT3!+&7Yir4*@OGT#jDq!??W0ZSlHY76`z5Rt39(tS$iL
zZ0&kXSdiXq?er;>XP^k?zTr4~Jks<|YHRO%4u{l)<dV4Hg1D%3ps%d?W~o%-fUSm2
zR@1^*U<VP1`ySEs?oG6&pyz%(oxFRB{izLbdzgcTt~jd+dNbWmu`DL`UvldRbQ_a%
z+W%Bt{+&+_kuNqT4B0k*U>}>K*X|y5QvA{)8}O_m^4-I~1-4dZ-)&V<Mkb;w(*mMn
z^#X6Js-YW3h`Uo|>m1U+5B*QQXI`OAT(Ldw(P*mg82iJBA1_@<sK$~`@SYZDfB3aa
zB6Xxc-h1<viPB7AlrHkI?DQ8!d{2vWc{0_nPGKXH8mFooM9kkd+es>-hzR?LthTlX
zVkn8{@Q-whU1PgF4`w<O*mteHb6~bcXPV!YyLj&{5!X4aFt9{~_4m!h#9H2)(=%LL
zoLv-ppxyn|FYsj{iSCDe<5@^x&$QkBRU5m_VN=KxrwBs%5ozv|BXBhQ_M+UQ#r00M
zipdxM<H~+SAco)RD_m(4g-WOW8|S-bX`f8bDqGGk-_iEa0MBkG5Xut-6u(2yJhCH1
zy@Yvb0%n!pdXyDXPM?S_^uGO<MZMlhyP4p7aLd&z)cKktCj%4^$+(g3edjib6eEtT
zd6d25;n>sa$DDc?i{1-XZ*$tj`~1QZw3NEMcHPI-WhD^X43g#xCAneRXrojToaGlm
zs}3$dJ-5$Ehutop+{i}#Dtmr?uRnPe<&XXo-O)~B?Ab=0^rzkOF}X;HqM*_-Ox1J0
zn%E}7zwkTKcRx7sXvRe#$4`~Eq6HhIubO5Q_WGNXAgo|2IuY^t?Ush~1Kmj?)~5<H
zR8KycNY#c)(-N!58|-`*q`Ff7oBAfa!})#eunslN&L^!5N(=e1WqrkT)=E#>*XjDN
zq{be{16xlTl>1ZiG*&2Cg=`CGRG6gCjUNR?@G*7)r1AmOZ_r6UV@SHx1sk1E?R6aj
z8<OPzj0$|i_<yC^bL{Ui?Hw^3?JdmFaZDs8p}%~jV^Y+Rr73G2S{Mp!K5MR~NO)h}
zxE+~x_Sagbm^=(U`&%S;e_h<jo-T^N+B`VgqB&m8HR6MufLvjNr3v~J{0a+l<J<yV
zg|Ii+Z6PfDB`~`Qq+Nqpuq?vVAf1NSr%=21TTu86b@4SzNk8y^LsB~2l?h-4EZp_v
z06^;B0Nj%SW3~T(x;qw5a|o!J-=guKA(bRLw#R>YO;lD(?4Ne~iw4oaT5}=Mkk+l^
zWS|>=I-T%#@CpzT5yu0%y0!#R)ahG1F!wXX9q4o}@Z*EAPuld2Qa&J`ZXrtP?6t(7
zr4Rp|l=lP>FL$mW_L2Vw{4Tv1Mdffe6LK?9RblS6=I~Of6(o2hLjsT*Kmp}vKyuy8
z4S+m4u92`61sXUZQk#jR4#x-?R&0XIXQ1Dxhz1sb^h_L7&*if{0RE{uOaNB{vj>0>
z4$waUWVX3qlR(sp$L{<Q`TaUg4g1i4E{b-SB1h>gZ1;h5au4nL6X~?31vTkI&K$QV
zd{J3hYVx;MPT{it)A4Ty_W=7!+M;U~+hQ#6W}v9@q&*<u{R6d7BiG(LP2L-9cc`EH
zY8BAlb(2BKcIfJzBt}*KXF?jUu^%Qvyid4&KQ$Ho2=evSX}WmTzTkMTqpftTv`=HT
zty43JO|A!fj)Do%Ox}ytD#;+I$#|;#{80yiP#(bStrl37;=UI!zSbcnzo-2KR_a7U
zMzk>!Dn_p~vjIGf#9|BqO|p5LbF~!$oog9zQ)KSV^HIWOyADc=Az8TgEODj~+hn-;
zX(bHm3fi89xv@0#%+}Ujl|wH@XP{?Ib=x!rwF~|pzFAvHge{?4*>ZY6p8|*zs_oJz
zu-M;3zIi@!;)-5So{F*`ME5@C-FjdreBp4!?lDhh5lcl99PMr*=}i|Xzp*dX!deKi
zO|b?s&MmOqPc*W9@<cZNcW9H`<Dkr%NBEUV@uxOF)#1onFV9HGM6%vaDDE1N;!dQZ
z!yUdcP>`-Fiu;ncUN}76-H($2(1-#i8zX^S>C6GxJaV7;>3o2?J%aTvm^gnb<3E-|
zik`fLZKFGG<4n&foARwcz+aN>t<XIhP7D<^pbzi|92f9mX%tf@M~T|u3s+VMjx58!
zk64)%1Tr0{r_9lXH4@f+4?~@a9!A~SPZXoRv?o<Zb1<=IzM$MF=wNmJJszIh?3Mc<
zQ`F{ye<5{7;Nj|{*xLbSy5FjZETn?$n^{dX9&5|094ObO&vJ$q`LCy?7vC#;2#Axm
z)zx<`=&3v-mCUF2Fn=yq`BLG{L2ne0Z!ygRGrYlu0yC~7mp7o~nPdh49DTEioie_+
z9DaQ!eucZMe3ikm?VEIsR_8QnjUn+O|JcFBNqL)lmFdr8&ljfc1NPJ;3}bWYUn$2;
zKB>~4j1di!deXq(PyhEQv@nY7KaG=rYDz=owfzN&${qFn>%lfN0(~`_sZ&v;iE08~
zexd$#xdr5DHs2o{*lTBwQMAYfeIw)kovNH?OwaX_<K*3!#9*FZ*0*~*dsAO;cbgZ9
zk-a5M_3k|$_f8e!x}O%LHu;*E>T6zL6Z}EI;jRCk>Ph}=?T&9266rCCsnk#?tz{zI
z<N<3M(r2$M#i1AfbG{GdRj|~eH=QFly&E)p<|bs#Vsz|8LONq7auRbD@)kxq<}>u{
z_J%(=?hnO#r46J+TkDYe>AY~PbsCpd4!NCtKCZ|RCC40mS3Bz5>lJH5&y2#<%tOA%
zT6BHJpXyL{Pc2@<J`I}^>qjTaNtfLC;>EwGCaEr|m9p-&msC&Yu3vu`?s%BEPIpRs
zJ6U4>o(bLU<mV-0(Gx}HQ8?lfJ5+DvPn^&f#4U+Pj#qB)9iNvWy`#i5tHFvN=)`Z|
z;xTjOzsKXeE-W?k$}hyNF7-c+v*QXw#g`X8H=OR7w735Ifj~!}tx%cw)V8Scl@!+8
zE0dndQ~Z&kL_y>6VSw=H@1KN-yAW;$>*tw_cf$eWYTqky3xaTVh2oDVVJf9`73{`e
zK%0Yv2Spy?rB2UDkIKxx8ePiecze$tx8J=rWv_M2Uzw4nUPa2S=$3w?;A~;?9Hzoa
zTKfz}8;LDFG*^FnpYoG#dIf02>broIzi)2NhPiF%VXa!9ZGRwQvGo3ChK-SR#UaeO
zDfG@5rSxEkqW6y<pFU;RNv4gMZrcShZ!mfUiMc+`(WPM$v3mGvW=x^;CSSB`t}Zra
z9xfE9%6=F~5VjV1vU?Po{4!A}Y}xXn*A}?*u;{OF`~2dK-A~UK!XZq2uD9V<U*kwD
zKtNgLjB70x9IYCG)w&_M@v#2*lKj`X&lTs5jY>;P&p3mZm))F=Ge)nHB!iZx!X8-u
zqOf0{n_W~6q>PDKOmAjn^p^APi{;MG>FRy1#{c1WR!`3*(Z&7yDzx_-(LFtTdwYG~
zT|SPg3dT~29QB5pX#arP8~syf|E54HLNc=<a4r8$o$<CSl3e#$nZpB%a5o!1qdbw<
zdz_VdeNk!kW>$TxXElkLoUb46U&+mo(PYeQEO)cR3dMuujLH7EtA8VZ&;LuSSKQp=
zzvZ1&4F*!CKT?T;(X8)1%LT$;`?3)nK61Wa`g&Ir@&!XvTRdV^Pi3NCH^z5AB#6D=
z??hMhA5~(;M>d&U7vyeXs76K7MU34LviE#yC{)_W_fz_F-M<3iwKVbQGykl2NT*or
z%9_khHHjhH)1?Z-Vk4st%EFJ0hJ#8EUQjxwS+FcTSg;chGQrC`&)*Z?mox9YlG|M%
zzrA1FV2n={t~8cZs>sUZ<8bn2gI2U9w4rUEzYz0sNF8jMbejj6;RkMb1Q!%!f}+h@
z;(0kieXlhZNX}S3I!7z6c2X17-!;?Kx<g{VrbFCn2igkjpwv5$j-(Id&nt!OeS7yu
zMI-GU(-L1F{O#t4lf(;uF`7s@$IiR>`l@$1vSyP_x1-9!pe3cuj-pc#W3z+L=C!LL
zySwuR_rFl3Be+V^NzApmq`Mu^zyIkr=sOyGujZ}OMKWS*PVUsn@qeoOQ-Hm`m}L2F
z`Q>lL{c~YCou4LNzrios>qLzH)2+CL)C!^GD=~NMd{Avj#Sbe!?c6DOJA!es_Vil4
zJL*9n=(t=dr2x-TpVX9p2}<B{W+u@mp*;#_=>HocHxf$mxsGUeULew=pDA+eKh{{)
zdFK0`FB-LmMY4ngFmf-9jC<397=>v$`Z&EeLYvm>V$6ER9WZqdQE2*=GO%IzbfOI{
zOv9|t9A40Gsw~?0tLyhuiWrpG&mv`EV^CkBc+dws;%$l;y&qKOIc5%>oE2ZA|FP~9
z*zKN>@)s6fSl_l)dzIs<Oy4`ct&;X<&4+^T9;B+cz2R?R1;x)d4=hrpqY^d4<JBCr
zQj~V<)DLLI+5CBj<T`^5=QyL0p3|I#<Z@=drm?r9LUA=F^xJ=oYCM+$&TRNvL39)(
ze@-ZSG=^vuI3md2IEwe*diSjT-C2mJz)Yu%ld$yuylCeW`)4jkf|4JGc`iDBDDn;E
z#%)gP`#yk9W_>7q^lsTQNb}n*QXIzYQ9fkK?)6a1M0N2%M@9W~`(hRG93Lamt?2d+
zX;%5&0MHobduv3=7gqmt`!p*ZJLZp^(|@QFeyZF}G!F3cesq;umt<QcJzFF*bKgJk
zJoi1vqrrtpb!myH+eQk!HDtG6*(lgY=~|VO1dLQLbxDVq>0-*I!SoXe)TO+vuj?KN
zcf=q5%$Py{{jC6TZ5j*cm8zV6976R@;wNU8?&NRrxKGOX*=sI;UdFP>M-&ZK9yl{y
z-a-vK$)C5^&Ad*#b_0ANc?iZ!3>m?2-&{Iuk4q`gu3K}<@3k3CDmPPW?|g?&Wc#}E
z-<mJ#qn##0dpd#)=_Qd<Ff9SbruS7LzFNZ=PEvDUHi>)h$;s@kmA+L!kA3r@X(BW>
zZkp&Y^S_Ke-C2qs_a2x(rACo}rTzZB`k7B+K$epv{fTksR5sY|&GV^O&s`pWfMIF^
zq@UzJ;jvx%m#xRgXXkQw@1E@h`3u|67kydHVn0otj+p{9{uS_dZ`UW1R?X;U8Y0cg
zYNRD+l<49Q+2eovy2e&cs|kMH)M=paNfLC}IHt6U;SA8%Rs8$I>s@!Nx%usw_yiN4
zJ8vSmd#uM_pE9v~H=&8Wge6V6ztU%9P5r5tTu!J|eMdA?<awWxYfgXt*4IJ`vU*MD
zTk)T?)3A{$keM;{zpY>MTeV+AL&U4-pNeCWdr#IQ-AlJf4cZn&@rv)n72{)B!;Q?!
zh*QZ}L1fu$+ILM~$LAH&oy|OYQt{COZdM?>VMuFYJqI5reWxd<=FtA4$N%fdgTSU|
zt1@{m;IS6HO6V8*__V)d#PNz#mUO{~@^9?^P&ktu83w~VTokv)c|Qt$>07l|FTG{2
zlFI*A#*j{3jBbVrQvC4WvtBM!uY~_Roq1f%J}KJ1B7MMfVB4=K)QG7ux%s`kM680Q
z{>V^@I=JZb`kPj0GNiucVK5`hvA-PRKP;n2RHO;g6%QJ&WOYpYYFs7YG4SgBL_@$H
zrx;ak!mZ~4sHxd*i|2(ryk$$du*S;bUmx=iD>cTqUKDShkO&XA8cNR^506=7Dwy0o
zk;^fE{TTJ@t-YjBlRax~=a7!yr#avTpDcmnv;^X6#m<1zsOh5{r*?DvfJYw!$sNU2
zLH;`PfHJYc;azF|JpK|8peBHyRRU;qj&AT`WDj_B3+L;9`&qCqR4IDA@6RZmilxp<
z=)FVR{I7>Q`9&=C!7XA##<<*r6wJ3(BLndYZuoAXzZRRdeYCw?>AjJp+=ttDB}|zg
z&Ji(;mb~sLAf5cvoU2&Cc>pJS-6l1sq&G*w8M+4>XpXOBOXa7fiPkYHY`*(RWyU#|
z)Wb^2Ao!fNPp~F^J>rS_cQ7Ndy@u$h`WMf7<16CB;;DF@oVEi0zeKL|R6h>esox&u
zF+VA@+KA14z&+|4_$wxSE&pCqtQY0Kg%^(WGb(FoCRu0P#b)EjFaAdS<Y=!o(9p8L
znyjY0*XexuM)qNBe>;)vhM63%dQx+^9$ag1YFeMzkR9_uZ?O;Y<-YMqUuVu=;)H}k
zf0Mju+~25s6TJ~)U!{7STJQF4hC1JRnak?MI<X{N33fr6St<PvG5+_ayP)`M$CH;H
zx-aBj7Jhy2mO0}g_jWNn@|;<Fj8yII3+>>T*=H$V)IU)b7v%h~mW0#MC9`<W@6))v
z3Yq<3^>Wqh6A{U|!EGPu1`<CF7gKm*Hsv+z)LJB`O0=!?8uG-$nfQPm$+#!tMt=*Z
zKvuV0GhnA((d5yHZw&wD##7PDK9_HQ8&g&t$W(woAW^mcCox<5mb;9`Vv|P9+|A3z
zcJrs0|7*6!N_pky8QgB7il%!n`{Zb-?T6fS8JeB3jWv@=BgzAm-Fdh3EZjdIvmWY8
zR$YdZE6_eOC{;Liq63TG(bVySkT|Y1fPOfbrH4My%t)6b8ogHcC*rmbpR042xDf?+
zj@J8<>L|9#_yRnZXpO?(yUO$3jx>$=WO^{Ap=uwUHQ<#(!BO;VXE*vLKB`yu4gK)s
zV|)vm_h)J9)<f^?>6!a7$0lD2f5wC;DeAFmWhvKz{#*E%EZa|sG__$q9xK_73Qe5h
zmveT0snk?ed~Nehk(S&>K1WacBEB_x|JU?=Z{zr3+2Jn~l4YyE?lKGAk0bKtZ)iVf
z@7c-Sn{7WN(WDwJ>s`916kX9k9sH0^>^A-Jt+6L>z8HTU|H#`DlGNh(sciH~CTw(H
zY{@c^apa4|-Dn<rKCwm9s!Kza;iJ2B%t;JhSsmNc!wvk&vx)a9Gu1c`KlVuTAlT#O
z5Q)s_w2@a=dUpFv;nbcZrDMUnL-*|!hTbHKNrsG9wa4>I*o7u~NUJ}t`Tic#`<#+E
zh>}gl08g2(*F-k*RBXA^tzDd5i6(~R<8y^3bJY@S`uL`au1S@-L8s5(j)_F6Nd)?1
zkQqe5oIgc^e<q926$HtBili4M)9H(?BN15@a7%+c*_;>OO!n$|KpoPU#en3l`^bI4
z{T%IQV5&i$wx6E9pqIY6JC&A1_yxQ&22xxLJTKIGZjRb6-9WjmwVqZrz}r(~0f2kZ
zKpFrY2H<XYEA**u+0<QIHgkiI6^$M0dX0xB10i*<f42L>%%6V0HMy=MXy#p$*cE)C
zoA^3g@$1QH>QLrpB=)K6@6ef_Z^sVan=6mzjDA%YNv(?|bKh4{I=!O!Jo?z*LWJ7R
zK8FzV{_D}?zNn+c_vbPRL>lKG-!L9X<$Sl#*uLabI+K@PS>hYz990^wx62<NFzJYJ
zeQ-bFp>CvlGQH3ZV_ecb*~gQ5A-}2c;>9k%wTd3kKR;BSvdieZ$6V$4C(b7IqnuFF
zds`ibop`R;_uPpSPM9^Gv=uaaoc&_?oypvTZ_^nmx$MfreE%v!*z(^qCHNP|o4#Tz
z+7g<4(is-?K%+?1*stiP`dD#X2|X<(^_MDvK&p6(%cb<jUt`Y_WrH|-4F3$X%2;YX
ztm<%<J~<M!I98n(zpoMY@v0}afEoID;mIRw|3ez9G?QPNAN#@+i3_$)cc0lBlkP}&
zF4`EyS%{e#eaIP?Sev-@(*A=)B<t;__UFQOI?o>oFhAcc4528Rs8N}JV{t3}{lH{w
zw>A536BPr$)PI(2=4vH;SDR|zhwLlLGqqzn4|0lsGkgguGMI~a@uBn=i~5=1uX{-P
zgj?-_d?Aiu^LE6tIW_NcL-)?tBuYGGM#;|KK2fsv<B8Ol6CaB{j8=A5t6LM0j`LQK
zRMBt@p1m7t#qsJ}?%K;sm6k^ZPvS3Sw9_2kTl?$9<R_9*KGUR7sWQHADH=bnv2dxB
zN<`dgJRV}D6sq{Cv#{6SHzeY{7DrxYR-=%KgQ-x=_(!pUmLB`DN*A&73Atce(MT)!
z<d17IB9|MDA9~(x>zeyz#AXh=HS$dn&ctU8v9G2atx^rcPWkee<$?$36=EHlEHX&8
zpIIuGvtkvabLll?S5%ZHVv83p|HL2Px*soDMLIBdAu;%Ko4%}uwyvwcZ?$mz25I9o
zAs#5QYKJ_Gz{DHP-o2&@?MJVSa|h|k-}^~_#6Z8SNG6g{9+0^?v=WfTSNNIXM&~iU
z!+2s5G&ReJy7$=a^9NMBMb*Q7N{ZOTwiUvPn$`F3@kU`S#Vevyi%)jrsNEp}*#?Z>
zI4^nk(Eh@e@mqE-j|CTGLz_b7y_@UNu9QK9cM^i4kHU_;Zxf$C&o<tD5&KFy08cHg
z#ok8g7oWgw;OkpcQeH-c=L>;(J6i2HqPDs7%?6FYsy-g<6>q8H$GzWLY4QCzYAatM
z@a^sGqZXbP)sp2V8S6&N)cbzUkP0L;k=-^}7EBOc4SpFDmTgSGb^J%i)th%EYf5NI
zJn-(kpv2u_ws*N?>vlvgRa9L%T;Vn*=?^&r;q|dy+}d922EJo6cRvtO-_AQutPE!U
zlx;p=DodGLq|Gy^HZe7|GBv{-Bc-RG{COT|xCEi32C#sfo&gqEOtU4xqfU$G0UI<t
z?WX-5DEZ%8P|>de^YiNY5}RcBi-T@k4$Xshm5M}Yl6|bAFTw~Kjzw>OW4`YDYX9Xy
zf_&6&pS1C#c>WF_3JrRM;#rQ|UH70H!;z4X{*Hnct@Lf}EzOUCtl$~h9I2_!_lz85
zwFwPO_A~U!11g!?r&m8iu^vgKlcj-28A14|rYEUitQBgw@eLpLX&!nF3R<;%c!W0{
z!-nfh?HXBaI<d2sYH2EQH|yUPvIz>8H9319Jw`Ji`EYpa-yPYfR1(jHY2}JughVCd
zb0w`mhpNPjagpUZ2u);+5q-D5o5Mi-;r5$E2Bt{kfwB8TJiF{vcZ1hD&gDMB)vJ#i
z3JW!!M>Y8#lbZh%GqYGX^)s+K=|YRf^W}#7Q^_4`s`5d<KH^+XQRm!j6*o2Re-r4d
zp5)c}dTP})-b*IwdS6oq6394&vejk`wW&gXxuYIcyQG|Yh-c@h{eGV_n?dcBU?JPv
zo`axw#Y2KQyiduOW_y*jhv)N@j~g!E)|@^_tNAY`PD19MP$$3Y>r{{bU=qLm<zhgz
zNqmb1A88WD@1?z+Tl%td>GKdnCalsE7GEr=$Ii7u{&3QqK=#2t`EZDT_$yyPT8zW|
z{cYpzaF&R!!!yN9^4gY%(j=zk0j>KKFBx{bQ0KAluVqh|p5?!zyci*GxqTm5dm^pb
z-2(Wpe@X4W=kFi)Jh~4>q&z`JVQcuOHz#$;AG7H!@M=9tnOD!C`tx)b{}kVhwskDS
zyUc<g2MZwzUwRThM!1qSo4n5x?0_r3{}>S-ul2HT{)-vq@FWrVcsWb5PLTc$$LANV
z|3p2VpZ%cu7fBvsXU)P%rK1EAQaXKAq??pj_`Nh`Kit*1eaYNi?JvbqrKBLZ=h*X0
z1Zn4yyYhj-k6CdaC9pfTCH7?2dGJmdti_Zg?f1Xtz~i4nw;`(`+$SCWQZZj`wwXJs
zUtJHUyc^`@QFpo<+Kx!>&9aZ&CyrJ}E0<vZQOw`zs-g}zXL&FvCHKZ6jk;SQW`kJb
zTkbp!{rqv!oB2Dop_2*r`(<WSBl=X|a&Cu0xZInf_g=EBbIOX{k+jIXFs54h!B?tC
zT6#GqNBX20M$&zB_OjnM!vt^W61lu1Upf3VXhm?Ka9X+Wd4A}--xkAVJS8e3M(=pD
zXzs9c``mZwVNP`pdj?6m<(J0hGHBVDo3;opPG~xuw=1|&W;)OqAn?u;-*lS(hXb0n
zHFxk}q;9&dE&7I<M_*8|0xKKv*wGjM$Nlpt-!+cx8VKL{hiF@lgIaY*YFT=F-vI9s
zxUfM>w`e;!hAR#Y!7kk4vAP_3s}aVehZ%P~{wvaYad24#X~Sg1%_7c^V-2(n(IfDz
zlwX$$C-Am!@WXElPOv5v>Ba0HN!~rrm2@eWUYo5Q6s~?Uu4y9@$Lu?+ih8<`I2#9A
zZ;q368tnkNNjYVoRCAPHYVG8Y>Ueg!fDyig`8WeYXi*f5#j}$}6%E>10>ius5Z-1>
zq)QgAr`n}4HyaG#ca|<scG}RjF#J(ck!0p2f%Fdgsrx&z{jPju`Sl8Jqyb$VP!I7A
zIyp~!Y<Lpc`fI4f@Z#?ep7|={&QJ|Q&rW5LT453JRV#u$9|fQQso(fhMrM1loo1GW
zy7da4Z{M;#&Ub8iT3vi@IEVBg!xq&nc7soS)ke2cz-{=@We|4#JcdsH_?m6ye5(Bd
z?l%t+&pNB&7j_%2os|NV&6b;7+1S{)G<`N05tkcyu+QGxULRrCopE_4G%k#VFk}hx
zo)~w9NZ|3vb1j&*)443XWe+6$5$tskS?-Ry3!KD3uP55Vs6d3n-d22FN~_~_dE7a|
zv6E6Be1745^oy{co~0T)cQ>e!bNc+0+HYq&-QnHdA2!WW(e(-u{Lu^OJao`CNXu`v
zYS7SGZM2^w+vi*sa9f=Fh|dm#siL5OwQ>h6qjjB>SAp4gM-3u{94ChZTRY_;{I;_M
zd<)=xc@zgA!9bJIMi2tK+H{tEwd`8Y?6FSFa-BnfXRE*DKwM2%L&Q-1`C6sgz&<L*
z_g!ZHf%sMuk=ANpvnKu&rs}sNj_};g4T}}qPAwd4^Ti$7e#l)JwT2Ur_Tuis!Xf}+
z3w60M%>}#MN#TL}SdJP)FGre!O#5-*^MAP}N0lrr1hB~Rc|9C|7)Z|JF`giAh)IZ}
z00a4$Hq0Eba-7&sItzy4U9!$He$@M#0NK!oqZW{c(}8U8V<?UddMUGkbojN@jG^g$
zde%~og1+;_Y4c+zj$=#mU;wH*H)f|y+i4WdS(Bpl64tODnf%!BynGQv=s3T~*MKhh
zVm?3aB^*NNz|bxjwCK=#6AD6O@IheEGmzhQBp1BCyx95@#e(nRXv4=qp0=6Dt_D^{
zM34hJ9bg;(NnYQ*&vam)6CKM;*G2n!S6A0=lS)vT*H#pOXm0blQsZED?eb)N1Zpft
z{(*tccRp{(yTRIOZZx1myHXIIi`qL^7oaxd(cVtFrQbeo!^3;xa7RK4_=)(*gt)uk
zQ5=TZ<Gi11F)m#Jzu5QrGz>w=AP@*bL0Sc)Vmp!`V3{qhK&o{^6^gq=GoloPLS!Pk
zM&Vb}u$6gF9woI+U*6q!`<L}#$J54?3w!Tnq#t@Rn{a;A4B!X2;tt;J=ViG7r-S04
zMx+bq-G+no#3+@77qVFe2iJI>KnKUy!OZtnJobwrK8MhwtB&NZ_QoArcLb&cglgWj
zAKzZvA?zHZ2s{7SMkO|)f$#&*%e63K5Ky1(pzFJbV)i{3;)P<1?d{XcnZ1n8z|b?v
z%caYHRl;Ee2ak^+2D^Ool4qJ}buyL8hM;yEj5Y?yg$X2_TjfZy0Cp;5({5grKZ94G
zWh-`$x&^>PfnHFX>%!x!&skscc=d3o!+OF29tGO};Z5a3n8ejBK{uUxRez&^_N^2E
z$(D`n8R6jPTEUc|e9qE2G93Tef>K(qn-EJ4b;xj$Oz)#cm?0d%fdJ2q6A0)q8@exb
zHY5P}%{1;vU9=NZ`)sUh9n81lR<a3S;V5`>c{8$;g>dYm*>aEs^Vu3SbesNy--rVd
zsvz*=%j_k0gfGN<aWU%}2@&qyaA$V8v@Bw2g>E)+)o3y7WSsS-P-S@@gt8do^qsrJ
zZZ3qZqkxSCTj)hHUF&+lV=BZ~=z$1$%t?E8`DU&C;-YfH)~k*?EdR4P4Q$t!s#4-_
z@w=nCrj>Vqmh7h|Qy_xV#>lAO2A3rSITriwpfDXGMVK=MU#`=!_{|w-&tc~~p%Mny
zi;;t1xc!AebC`<6)jqP87x8^EGtQpyuRf`x1GQX($y#o92M#WPzM-YFND+gJEKJKz
z80dN}fssH+f<f^WG+Z~!=Vh(F&@;RYq-!70Uz|(5Jf9=Y#x0#A4KYp2&7kj-$|AlD
zAgBuba5{`-hO~6+H?J>3Lsjx(8s;`^#k3>krnX28AR?>D^Ksc;2h|AiLjx25=SGR|
ztz_d5Eb9?|%QseZ&%Fn*^a8H3m+>cu5a{A!dE<84G{Os2??)=JRaXx`AJ6tX@^)Xo
zm>>1A5cTNCZ~#bdh}hFHUu1HTs`yojC2*DvEV*?aaj@V=rKO<%lu=&S14W=p`(9N)
z@$09~T_O%}d}>tNjRn9MNS?#p5e7cj3EBG2{V!77m53Rxs(6=btS5;P4aivW{l&#m
zJU$Ne%jT+I6614ph4faH&~08<=7p}_VevZ&?Gm~(3#?H$Yk?Q8VZ5zpMK`&wjb;RH
z1qQrEG~nPa)P9H9$B*IIEnW><!1pj=9F4A(XF5SNLmE~C7gxl6k=*r9o#tlSfFo~l
zUO#Lt3r^bvr=wS2=8ODK)#p@(4!nez#T??`qLfPqS*l06n9ak-$|=4)-cTYbUa#>j
zMlb1LD+Ew<#|`R;L9s|-7UH1iOE)Up)&{PCc-v_btmP~dMe<eZxP2Z9y^Rjv0Rh-q
zLvQXk?^*pJe#XmsP>*NW-Iyy5ht}&N(B<E&c_E1BAmOZSN@k_iq<j7c#NHlzH8Pu3
zVY@RZ{*Gr_cf}36l_E(vt_)Zon*@8>s;;K7w4F3kn@z8*M3uK)b$CM-aI1{C5ph(@
zY#Vx|W0G(I_C`gtTp6I6530mjhHCdf-kTkFU~R^`H$KSs`g2jbVV&jiKri$>pRVn)
z51w`Ln_CNhP|Pvv1>P)V0~@s*_wB8|;I(VrIE~_I!oW@-a*K7cv-<dLUoiG~+ufkj
zZ+q7?4nHo5S&~BUrB8xx8KMEr45|zg&5ja7>_8_q=$Z}XwWh`kogZw&EFUl-Brqe@
z<lfnS-Q)7tC}K<S<we$wKaK<g=PT6uzJzR$-$n_z+8FZ<-XxD5vh<so#mv!Q6AVV7
z2bH~qvnFKQ^(@NG2h)sL_PEIQ!v#@ipALZhPF+BQs>)1l>wonebP#iM9_tYt<pzwG
z)6kWP$JaCUXaXXLuI(^cFBbl1hb_g=>iD=G1QK&Yc=O<wSG-4B_p9cR!1r(4M{$|J
zF)wPNdPk@z>+~pY36pO>>UrAFfr0~s*kXCjQjgUeEm2G!UF+`UMjS6~RK?^!!^ZtT
zZ2$WcZ>@N|%kjl<ixXUd^IAL}X6Jca2t(jeP;AFGOzLWj7lPHhD&S&-wC#a`ld_F+
zubtRAa>J{eVDeyPL@&Dux2=`ov_1|}M6|G7@29ld0j6;Lt)Z^B@+|m1wz#F^COyz`
z0CkHS4oxm1DddA^1ALsz2)p@gozQEvIE(j4WdBf!-)T3;OES27aUoMZ+McCh^Tj*_
z-+RV#gzdudqC8eA?O|{XNK=36tP_U<I@#iUb|bk6m&cu8QB?nRBn=Ta5z9MtI!bJB
zD8C%HGPvT@2`8M)nzF#n*4N1m9r0-aF!<KL*fH<X1;0^w5T@%f5;k`-h5%m-)EoMo
zfMV@&3-^GN&@dLMonsML%lQah+i}PbZWhtZYxG(eLeQ!E$4;vsYNhqZj~|UoMI+ed
zW}b5I^|<=B^=Yl8_{-%p&Fek7`b^2I{KXaAN-Q;0^tke|Fodwym2}c?n$>nT(b}7J
zl7>Qgs7#t?U+&67akb=z$3@gF+tVmrmwws@<_;}{D{)i<n}|^Do(zk%1Qw%(xM<~C
z0A?^{zxuM0QrtSM5PsKNHs|ClVuxTTbT?of1+n(T{Yas5c-p$PA<*lK@6bnE)-Q>n
z_iUxE*AO%#lEC#@Q6V#YBes6UBcDoQ-yXi;)|F1i1Hznu5QLATLfP5Z<9Y;n&z%y?
z6PC*XY8iL<rhzTlm4hcfALfm-1>wVPxH~oVaqIOE-~CQ+l+;t<)=q@a%<e8P^dt(?
zf?KxCc2UVe{$X3GL36_>4b?AKXu#LQ?)83{$gCN#zLf8^e0l334aYS?Osh<?39|<>
zxQr7bMzy~CK4}cO+J8}^Lg?$qws+==ED4k0(3y+i@)kJiCdtd=*DLPmgg;FIuu*W|
zcj#3;!<wTw&@9T&8?nqm3P*3k;AfdrV83(A{CZ3TvV7?a3wC37qoXt1y|Wx~eRy=p
zfpGqODaJvt+T@~MCX~<GiK5JVnQ>q&IP<N`#932p6AC-KbkVHZ4Qg<jEQF&LF>L~)
z6327>i&8+W>Y?bqGFSP{ZtkIh_-qUd2sAS=ls6k6pXbZTry&58JFths)p4*~5t!s#
zwkyh8y?K34Vc8U9pznL$Bk6Y5SKEVNugTv2{m;C()jOl?^7zZ1;Bw?mP>WmyyAZ^A
znykRNd{>uoP@Gzo*F_lUB;s&K1P@m|3@`Ux9EQPNy$1EN-A@X&&wvciLkt``6(geR
zyZ^U@a6E;`^4f_4F6VZ#Zd@%3)Q=#EX+8Y`_g<uX3H9&*-yE{CMR-~SE@+KVqfo*!
zX6bAqrR`j(Xj27#kVme{L1*BD+}({c>6u-JlZYLDhEfxb%O4&(JNGjw55w=sxuWS*
z<{D0t##YdoMU>g|iG=zjc^`_qyLyOs+u@yV!9~nhJ>3<<Bu%3YXdF{q;iLMtx{Xw%
z2nZEeiNA4eG_I~J_VCTzu=0Qx$DPemgajNJju|)6_O10K;-v6fiDri!E-|IW>@*`O
z?s|LR46@s_cAhU)qXJ(a1QSj<K)?QD@<lDSVbjHV8u3@iX<mJ=<wgJpM}dwm?bf#;
zv&Fbs_*D?fZ#8eR=Qi)IHva4^dkCU~-?lCPl|j*Vy~PV$4}n3aH__!<Wf_=YfS*A+
zi7?#+uD@mp$89*b&T_Y<BzHem=;@$p_I19k_Yq;g9(;KovtvoP-cg0%d^^>`B=K{u
zP_Hw<`^*(1iBEyx*V~p$K*#(K+@WW!T#sdBHYbu0xQm6dqS2ut|Dhb~S*QgPeAJ3r
zNryOy9}&3PuBJi2TG15>ZE(>+opIb<4R0dI!o*9Fs#n-%sqCh+p12mXt%m?^?^`-#
zAHF8Tg5Q;gwO#EOWxc~7QBoTXlb~y2BM=me1S2leCXHOc&_(h%=tX)Kbk6vKEyp4F
z!=x&H10695x)^6OG+J^$bALp=T#foEU(PZwa;mVbIsw8RZDr#+Kw$ymZG;OLu*rea
zzSxH@p8Lg1SQ1XNMV5}&$$_FZ*ZKqanIwnrJ`yIn7Ch>+Ef5E~I_p?{(d)N|PdRKk
zZH-&Lh^=P^UavCuw(L{0XsBM}<1kBJ$L(Sw244Ly00RjuZ`g7T+Y)U|R#w|_DZF)$
zo6hj^l+NKbtsXVhW%;4}Q#CCNwix6?R5usHh&ZnWz4*ZxpvElfI0FYRt6<lgRXD%P
zU$cK^yKlnpVmf5~!Jtny6t!Zi$q0fTyvY6!z8`HX1z>-jjo^0jVbJxcigCXKQx<WH
zVIqak(&4sXM}jF_vhXZ=w$!6@nFS8OSL%(sBjX^rYhHpxm9NJR2hY_huv}y6jhZ2b
zMfaFk+ApGG5Z4#E;Oq6dPAG2IHhQmP5CP!NvX(qnn^UqIfjwwhL(5J>KH<DP&i5cD
z*R|aX0UQRQe0Cz}z-OZyBc2Sw4b!Y$&@)h+{z;N52l$eA*S0%N2<q8e_#<}VbVO^U
zWn&gfY;KE^6wwDT5SmGrhK&wTD*>eixn62>Svhue+Aqwl+d1@h+(0n1VrP9&vEowq
zt7hro4YoUxTAA1FY@mBfSLZ;h@v1mT3|GxWCvg&Vt|~>Eoep7!Tw&a$zBDkSLwZ@f
zW;Ij+q!^bUu2&1u>iT^&OF(MLkC1X3H}dYZqMR*G!ujI&EOh-cW^sk@=7{kyOnC)&
zd=ryhZfJ-s#lzQRdzmmHnQ$-b)dG{ZrBuwK@t4yOO(xIDtC1UaauEa}#<U3R*zbe@
z5Wq4p3P;&CB7+Y_2$$|0g!2{niU&a%u1rce)5zXm@mw<Qf!&7QLwI1fFyLk1HE;LO
zzJ4tO_vH{veMX73%lc(uA1oUOA*UP;$e=t`(bUwwQtlVFQIH$<$2)-E3cQvHyAAUb
z^qSe5EuRBQ1oU97b!YX^%eV-UmCN6?Ai^39bh7uE2f#GLYyfm`J@gRm?t6l(H^5YN
zW&tx<w$jIT_b8Unnl|N+u4h(8=|-=S<GG)k2`87Za>98Obm@HTVZa^2l^Oe^UlQoQ
zuuLbf^)4aM=#g)C97`i~dRr^I4xrqLzCO!cM0tqyeai-}&2JJT?O4E#hO-0sc8#yw
z-tJuSIbu|WTU^1wxMjc+rMPO^)D%}{-h{3BT5|sDi@@9Y$Dg0~g+7S*6gczf$1jn7
zQ+|O=5t-*ETwuLsSZ(kP$y)6<*>8v314UNc)2{=^7E+$ez9P8$qS}6mD889S0lue5
z)gPFnX3Ubys3a!CWpv%@WM?HVh>qDxB65;6%hq!l-%;HWXZ8_Cz1ZYxJ3hZvxnZ9k
zz;N-Qyw>~X0r!4>sq#c9D(g>K+2kI&mYc0T!h`?H{IFnjhXVZM!sFuMO=7G0Ys=N4
zfjGmPn-YLmkep(Su)df(vL3;k&FOQUttv;_qNCenah?wLOU`VnHZzUb-j`>*g*vK4
zt<SvF+9@i}tiG5Thx~PKcDufGYHvX6i%ynL#4@q?o!b<tKv)({UW*CT<4X@WxNunI
z10ynulHoFD*+~^Cr<?^YNy~G}wZA<U+*q@ITbA2o_`^*+M;rX%TMK-P4L4*c8w5Sn
z9Y$kpr6zxC!K!=X^sX>~=wEpp_q2@4PyHo9Au9;%+n#i7=F~Ix)ASfshxwmLixLha
zF7;Y4U79cZBF(11)4s_drI<AZ(K7H<RS0^KVx|bUo`9>@Z*!c1Iw6y#?P5jGPgnLc
zw_OcVrMyf#r(9lXS?F79;A0xGTKwnsU@viN!`bi?ZxM)_fpwdkkIF*LcV9i3%*!;k
z#cz>Zd#)8=D<GquTtE=a)T|9_<nH)6--4$bz2`U0rT4}&4dUhi^*Kq*`u5yUYE2(I
zS=5Sb6}5%N#a+etlyx^p(cMvnZik!dC{71?b7-}F!OTXbQ&FpUBlzrRqK?vo0`b@A
zn?8e(I6t>>j_hcI1aHrOse_Vj8FQl(M<s3cQOr<6w<Yx2X%8#YSQb`}n~imF0owy^
z#z>to%wdTh%<vqBZ1>v1TeoV;KS?nVe^*Gni?oYb_<sOJK)Syg@V(~I{yBY{rnl|b
z@yHU>$J@6L;gctPJ<Pmx*HS)Z+mx0!Z(W_Ub?b^{OZ&W^TzB}ecMJD5`K9!g!s0(y
z)~OS|d}!>67g~H)T6(I*%2Gb;&5b3$U!8C<FYAxe$Wd9YU%%ZvuhXOjoN=f1FwnTU
z>L~-CzPx^(U%h&J{M&ciaD2qvxg&1g7&^b}`Y%3jW$Axo(ZW+xhYVS;XZOsFwWAtL
zxOsNjuOBX(aMm>L`xEu*)=j>!i_>xb{&U~2oc~_$CNFhd);4a$vuiHC{L<?`E?z(2
zl6mFes#Rj!7RD4@Js-VrVQNYAoH^rlH`~nJx^Bjdo=)eb()Z5%`?0W`!Ed&VPP6o!
z@_fme{?#(ynKB^t=MfE?_|JW09Uzr@&&}y~00<UYbt@0=o4cs*g322n)jczM13yxq
zSKxnP%e#-Y8uY`~Up1Bd@~$MG8W8)(>{@G0`iKKBPaZzo4~UD7=Zu;mL((^eh{LyU
z|L6APk$j)--9`7@-k-I-eAYibcFL3~tr|SF>!oiF&CD^GG;6-ATeokoUOK&g_=)cp
zrJYF>MgM1?9r=9S5wqWVtH!8ym8&=Y>L>W~?5<xQf27JIk4Brb=bmeErhb(wkH2S&
zUvOYh{wu3i7VXJ-=FvyrUlN*9rOD7vQ}_E%-!NhP_?azU%L3%}*_K<G^Adiaaq>OB
zeY@R#9;-HO`q8KAYl_#-NSPN9wA9~!uqJU_pUCNp-UeC%SfbaeKRI{VKdi}PXPlom
zufNrr{9>zp&4#Yq`^yZ&k9p!{2ly|(%ExQg49t16d-tnzY~hEBi#yNjT082@4@H#^
z7Vjt={K@GvKksipuW>-sg{eV}HvkRr<f%O~!?S0$$=eylM{X_dJ+9rp;^M)hqiXNo
zyZ6^4M`nLEB>q$5rmWXGcOEx-W85!|8vk*!>%{3{_L)alH4fR?EbP+M(??fd=(usi
zciHAOJDq{{W9?qtWO|#c{(cvo%{KZm&C<$1OFnmC#jdko9$d-~U-d?d9aUYc#%;K<
zZOYA~wZ?BOxp{FywQrA4+?8Fa>hQpxe|D)_<>{xNj%n5EnW0Z!EUY~I$dMyEcaN|R
zJ8`<>TVq{6zEv~BWFDE;?fZ!xMxM<1=JxZGuaD{6vHzJjHLHh|nx;>z`Dn!N6Z&;=
zJJ+mPGc9?3zwfL0`3>W)mAo-#dGbU}qkm<7VCgryd$WxEYmOF^KHMjaIXGm;p_w0^
zZNB1*W-XoO#^08nEneND;P4M0K5w+!F93pFzI?g9X?y3<V==|WfzxM9Djd4|RI?jb
z=Is9Q=8fFnPPGgS-1u3i2tU8^FJ{)S?SAdsEGyWqU%&qKrI56V(eJNV9@#17$rc3z
zPB$`jnRxEkZS@WwytSwLF-OO7m)?7~L%n9(f9i4Gxzm=mXz}8KPG{GW=i*WZ4cdF-
z!U^5rUrzTsw0mi0aieuN&hHpI_SxSeUti+iXj7$i;LK^6zx0zeYq~f37a%k6dc)+V
zz5V>aG{5b=`lO#<M8s!>gHyI1YgqHM&Yf?R6m?pdKH%4mx!r!;cK-a!l`Eb3l`ooj
zr1py!hJTawWv@zaB@D~B_WMs`FRW`?zkcoHHXBQ}7k&B8JKUyChgT1r(4o;Ik3QP;
zvDr7$-r1D3aModA)PlsE#lsTE9FG}Pdgz^R3@vL`oi{Jzg_!FfEIRj<3*fuv)5iwf
zxYBda)jr!6E_|*-$LkAc_noo!=Fn!J55AOiYsKMP{VI)bH+Rk8KN=p5o7R@QcIANG
zWHME${EqF_A8&TmKKaJY1BbgU${d<|-G6x7v4>K+Jvk$$;rdTMdcMb!qeoYYXXZDb
zytq$|Ha9-`ZPQx|(m&GwIr-GO#pjFrzcps{yHo0<&h7l(+7f5Ap|=Z80pVzP+e=s1
zPaSf(^XH?l-~9Ka+Bs7i0<AN)X6eP3_eRf}w5(CX>aVW7UTgXj*6G8)9=2_2bYen_
z=;*gE<{4(}`1r$<-)|KXPGueV$`8nv&(}GA@<`iFeM4^EH1Yh}{QMnnFWUZetyag5
z9^A3Ldj0wbJ5BBP(t$R?ndj4cd|7|VACtG57o^Ubzbhx8+43r<1N!FVbkIHX{>3fD
zyTjHvN{Utr%RYSqC@zyHuU@-$Qo*cVLCyXBkDXg_xLfW|a}P~-y!P6~_o4^xJUh)L
zh6CwcS2(8A)xlR@sro$7kHI-tQe}O{qiLy?woM5HEI7xSu>5Mj!|NLFFF0G2mXOfm
z#i(aSv~D&1<q?B4pDkSqWb&p4Lqb~h&w6bCX3Uv$XMboBYz~T_H{D`xbb8Zc-<f|H
z9~2hmG@GloKK%To{L9JqgZm=BsdD*D^#&8x4k<kL%esY{&0DtYTJcH0ro-aqG-}f1
z`&knP)T~?UsN>e3t6C0dF>U|5G4<9DUKu`pBG|Jp-oDm8Bct~8uZCIv`HCj>V8+)y
z?SB+r?p!+dF=6wyOWSH6_#!ajxi4qW_Ve>AZFACEcW-6C-*&bCdgv|jm$QRAt$3mJ
znzMUSH+H$@=-s>b_p{ne7&k65BH_%-DNU<&XjE%X&Ao@J?yGlt*W9L=i&vc-6Rf>`
zX{zp>-BY)kSFT(+bLPyGLx;BAHt9E@C|}GQoRy{hwozP7*ZE$1XT}Wt{P45Q_W;hG
z^6r~AkG$S?dBA}~hx&vSJ^td1v9%U;{OVtgJDom#dS~+%T=nw@pL1M2Kc(pMBa5H@
zw|V2c@9rqLQgvZ;u{}F`!IaWUfwhkuJ-T%8AD3ngy|r?2>bUw}04cw9!53pvRwUm3
z*1FWuaQT{6`8%F}>fGG8*S{F&$jke3%$RN8x4HdEw~XUQ<BTDP+PHMCpidfZs}y_W
ztKswJ&5JHBo-~l(S~P81moKX|IM;sptS4$$uNpU}OVLxNz3;r^y0Cw8&&=<4AL(6u
z^jALr%Gv$DIkJ}@sx{`DXM_7}%35+@h5z>x0?h5^&)plRduQ<N!ap)^UCME#w<+ko
zWBYG!JoUzf!|M}zXHV_AuypgddNDCE(F4wgH1B@kgJ;{_)(kT)YqIXv^w+MJF8jH3
zkYF8qU~TkoSJyw4VVVD7<)Y*%K=M9#a82%kW(ld419mQ{yb1_wO`9G&cI@Q_eWI(?
z>3_8JRCe}vtxQW^ipZ-UGiAzVaBKo}{k$)yMR#4Tw?55W-=IN*Pp|(Hl;HYg7*I~O
zO%0BYih8MW<2e^!n_Y8G7w3&;;W2AJnmxPsiUsFN9Mk^YVLuRK&-_%-zfIzY+y9IU
zbY)ii{p!_hv$;o)9@ax^UMWtw_{=~5nK$r!$mL6~HfU}AX><Kiqei`KZWP$;$J}$T
zrq&L6y>!Fa&nvy~<cV)5H|^7>&&S;s?M@n5>#a`~3Lk#{`GWbD&psW$_s3?t58UYZ
zv*Y<UHtzfRA40^^#fyI*QSI`SpygLDElpTi{A6fmVPWBrA^$%9=E<Uk?WS!xR&p_K
z)FVGf#TuqKSB{v|u)(b0;W3F%SAV2kyGQEO*=$}qN3-$iamKKs=JrD$bX|Dhi`@A2
zxs@la-2K?}Z5`(A-moF=k=J7v?CHL^&!PkC`!$<Cw_)``r6>O}X5Q^xQ!EjYkue2V
z&W>w-=*=->_T(4M99N60GbXtAsvq|3S!VrtDNx3WKAvi+UVQ}EivK7a*l)8TBQ~t)
z>>rm;RI64kK^xkz;n!b(ZLHJ!qtKdFYmAC39TTuWq*ELJM_zwrP2Q3P3$lj{S$C!I
z#B-x|SlSG}1}HM`>iOa*t9A066Yc8Wy8gn;HQv~$4+{Ep(IOyQ@7lHNyYIeRHZdfo
z`<9H1jB(?}fxef$-4jsaJEd2zZfvsgyH~SHdsU8#jvh05^!@_}faF^z@YRF`dnVWK
z*y?GZNo~Dl8X4E{$v0+<>X#iRX1(xL))GK7K!0z2?MM~>xkbGfja(hEW5<r)fBzj&
z<D*YCc(?Q9)a(?UU%P<GDKq2GojLRI#~+I>m&@VU=}ZyAR@e`J`q4)lN*sWcTDNWu
z{+-_W;OWsVKNzNuXx<#mXyP|nK=`lq)-(0%$K)?~y+fl7Sxf3ZZW+V}PVU$q{jBVD
z{<q&kijwE=Idy5lxpU{jinedvDvW=;{qY3tGe^(EpP*+nH?Cj5e&fc1efhJZ2Lb`*
zh@%CNzYKL&+Yh(?W5V_lN6M_$PxuX+H0d8j$uqO&#m}7+RlDHFX{#HzjVvxM1}9nE
zoSLowC^)ry-lg}sNgZ0e@Z_Wp5fKqT6nw9l^ixKq+mYM*O+C|m{^c2!OSjuKJHu~3
z6}-J9?sP`pD!>g}xe|N0NTxwQE-BZT&2!nj4b>w=j;-xeGPw3RcF~0+i8!5^A0U|c
z7>6y_X&k86Y~TLHD0t1Cl$et6X<XkCf7dnpf9y{g{vS-}$-RwHw*N<Xv*saQ^<Ton
zn?3aZco07i<3At9e?E-=d>H@vUmgER$dN{TmRr5&e>3d!VcNI<z2MJ#DCMG2DdpnT
z$(?2A2fgF`U^tE-4F^8K^!)HF0AtD#1x6UeCem{OW?_obs01*A_b|K*OplEOg*l~g
zIx^5rK8*Wv!)hxi&lL(lvy+P0sGl5nwp?vol(JCe^0|OXat_{xlifwDL<l<hY`{wa
zl5lrUDV7v;gHqq4By>2?F)N>`Q_h*)FxpEB5hU|KA%GS|`EvvAo2EmPrYKc0wL7J<
zzRKV}7>-2)iv~bh2CpPUH%izCSA&M%N!`*qDJYg#!vHMUfW+gr^%o5^&z*FTX8|nO
zP_&+Chne{m1=*dvi5CWtNI#3<6kW_<utO%fo|A_GxT4fC0$bGRL^nhwsq+IX03#4c
zVR?!OJ!ckR6%klm*-lf(fh~zsmC<Nsxdbjst42ox{dkZ8Mud&G2riVtO@s4s31B+8
zFt-^@Ztsy*j@@r^9x^iy+of6N5OH%bbDCTS1s1%awNOxSq_0vDWwUP87(}@=8Ehh#
zC-crCDaAj+Pf)xxEiYqt%729hX_83w855u<(SV4A%4~{hLU9;I0pT=pRNR9(_FzB|
zDVCzi1sWP0m7JsC4NUmQJFS3WNU)(g17;p<Ml-4-AXT#=`-~(LM9tW~NQOkkJngW`
zJY15_#{N872)rgD52yjB8MIl1Y&TwB1ie9n*9yNOOJ&d~#s<SeAqNM+i*CV1cY#YV
zxdE3HTqr%8g+xJtBgh3KO<gcRU6aLIU^xe;+h#+>k<b9S#{M+e9EYnTU~|wu%jG#a
zF{X$&G?-kDNQob?1KtUvt?`NoaHU{Kz5v-24#gIwoeVz@(xlo@DnqaZjW!q4J>}WT
zx=PZTQ#_Dd063>0&3g#HlUG(seyC9+Riz|_&ox$>VuR($RLr#I6GDx=5-1s-8OQu%
zwg7p#fHF@y)eDljjpz)-l36ey^k9XMX0`-60N;R>qD&CcKvX~o$JH|EPQisPSZXAb
zs#sFcV4ScNioWpwfswFw5nG>xR=UFDKpy25adGuBYG3K(BnD=yl~S)~a@6}*kxS1R
z2N(q_F7RGXfsYE+5K|`Z^vydT(E8)$M{27?07^=xB0YRZ#Ckgw>nRmyh;AsIpkr8>
z=|V&@7fR|Voiem~3fRLy|8k%#uSR+{qYzCZF`<l^NGx$mX*1}dr;)@H=FlbVP^zIv
z+Za)GE10_j)n+nk%z_1}e=cSJxjc}U%!<l9INFyP7@f9)NK#c0dx*%%x+UdW^aC|P
z3Z@N(Rd@uP<p7^1l5pf9HX+8#9P$85Fn59mSA&PiZL@fo(H7>6rO9vIKnI2LEN^B2
zr)gRvpgIaB?S`ZTRxv_Z1WuZYN*Oq~@ofA+9h7;cj=7!&dg9ofy^-LnXACQBWin<C
zfX4#K)+nWYK*9So+bGRr;xVq&D~|ld_;m6vx6_7~o%Tq^0N8LE1+?af&+|^F-3gN`
zqt6xcoID%6vhX~iX+Eq9c~{QLAx)YlGoXLVfy0QYpv2WAgDl)tBG`WLSaX0uz#A!6
z9=-~~rPZV=WD%`9BdQedY@sl$Q6{Th<aNGQBi?GKH79X<oMaa%7ho}n+JK;k$&6hn
z@dsWe)Q55qN!?)TS<yu$EpZsX9?NHB4W#@EHnKbz0g`UwJt-h=z#ZyyT3s1}K<o$Z
z3NVn}iqbwid3XvB;JJ*hNuoSjS;I-hQK2zCNT~utV7!RFI!AmLOG>CzmIs5ttbrum
zfICwp(d&dc(X|4{CqM*X!#PHW2v=C|-BWj%)0(JxG{-Ug90+-CS&EmnQ?SHVlrBjJ
z*(<Y4L>J8Of>QZF28BAoP4z*ovS6lY_#~a(>~tf8qX#Al7OWgfi~_bfiP$Gy(}JUT
z&$&&2=~~=YE7s;b8w1JDEK0-$vnSDEEPw_W8Wf}8kOqXnTrnG=5dS452*7`u>{jv@
z%sh|Q2>j)+i{z=SE+gR;4Vw!Sx1gleNJItFsm-061vVVUi{0wZwUI|ygeQsXInb>@
z&px?3!b@0nH^@gxMoMA!iqJ01xg=o&kuoV1OO;Cqx`Dte&)*B$a)1%Z28RFm0xFGn
z$>tT<5Ysfy$|Y3-@Ug354s}Ev`J#)@<peXB15DTN6w8MUFjPC#D|PgjG9biDLfWyg
zDJ&#x%>fG(+F%bzGYtd_Nk112pt&ewB^z&Mun5|Ww7}T3_@pF~>_Ut0Xbkw5&}Ldp
z_1dJg)W8-kB3lNAYQ0a8c*>CI86u^PXLuD-l6YAXL1peN>{h}y3^W@Jl+}^khEGdD
zvFA*(cp>X}M)Lrmiy2|%QFz6mDNDKoxB%p4LeQWT<xtA8@nq4dz!cjhNdwOooM#Qd
zGSG+&CP3H~96(QX@!rCZqjfCFK|^Ig6WoxzNT(pnQe^TBhOnWFwHFC4k+)hf1C|87
z@<c;fcE#c@F;oFz4J`pm*90Xzxhw%&h5{yRN1ve=N(f0NEjkw>$+)msgp$w;xx9vE
z-ok8NsgZb!L4bP-CQ^a|$|nFgi;KtjXL8`+(hJhZQGmmvTB=~nN{QkUjIf%k#72p)
z1b%{ACh!&`U_DG5@+1*SO3d>_n>ikKmqt^cNqvAfi8Q$o+dPGeT?s%gX4@0nLLy)g
zuKcdNh50PS?n-lkfsIx>JpeT1Il`vg6>8o^GJGZx@>hbE2F-omU~|$t1>o{0Dxgc5
zYBFqS%b79wQUk@Bit;K-l*Updqn|+C8Kp$C2qq5Jk1&FhfroZdu!&*%BV4P4RYlmn
z4y^<ll$wSJm53Zogi|PU<pC%&ZRlIUL{gCnL@o3XpJ2gl)#f5Rc#vHgZ3UFxM*12{
z(}-@3Ca7j&#!4~4?huWR(3vEW50sT}l(-5d$fF_zWIyDhN)Lh4_yCUVW&={lFwa3K
zz<}YU(4f;ohjJ1L7G!iH2*PTx-q-FlF<A(~+_QL2Vji^Gv;`~&FB$m27Q}{kH%>+e
z6T`u*hsdf4XXSRGgmWTXb|l+@MU$0m35-O*yYs!3TUnVhvi5PP4*{(jGYqsg5D2OP
zBIZf%G>lBDKc)6AG6yTF?t)}szybjVY_gmuuL=dWVw#eCL?}2F7b5|nqskG<$mvU)
zB2se>lV1vdiAe%r$ewKz2Juq5&-jGc^jIvhqn_#BRh3W}I5FpZ5D=R1P?D7E4X3JF
zBg0B|*8PVy2VF&Yz(k~JCpNE8p$zUnCX*N0`jQTV<#n{>ZB6i0(QX|mh)^6L(vUfb
z!-cWY<q5qc%b`~}Pype9KmqIZkaU@_s0y;?Sg@*3jhRaBE7<S>1U50<!Psrkic@An
z#tzMv96VHbqZy~dWIKT@j!2Hgd}78($5(<F((<WFan}B~u9w-)i{K+5#Gs{;)&=)s
zkyZoaJ)c2y`3QtUiCI3~y-|3#s51iwY9iVYxhXVa-ofU7tq_1j#86vaVugaz#(e^m
z*fKFIQ6zxH70kdV%%Bxyex9<N+EgSP+g~~v*^(zsM=>x>=Bi@a<%!}fcLC)Ec$&%5
zwaParJtx(E2<oJJcST=Joht}j1<>j#2di=bcNYB>YUBo@UniMK)hbhx`ChS&Qi&?|
zATiO9eTZ#GN&^yNDikzXHk9uLsHjSe!)Uo&IZQrbS+0V-kKQ5Mpd$j6XFLIh4e=!n
zR_BT0Pi>vbi%UF{AaAf`!-gy=35?~E6t}~s4s77?W!T`7kU37|QRO+Mr3FEoYeaIQ
zO|Yr}LRZoUFka(fD6py^8@CD9#CH!^<3#1>fc_3dT&It*Ded?en^YzgaDhD=RTHGs
z(R)00rsWa7Ldp9pcs5C_&6-Ssn2(J)qBOD=Un_xK?|_9PrH--ngWVOdBpQ#Z0veTD
z178u!=)=gtIqMY=z(WwJ8Yr!;3<IPc%uei_HlG)@#4L}@j53NVgi}dDR^`v+J>-&q
z9V>xg(~;1}%p639XEVT{4j%5(|GZtQYFkkwE$oeAKxH282LZ|6Z0K`A9-Z9C;(Wny
zQ0e56)!%`3r<uhB;~U5HBzI({CNkO$wEGbO0L#h>u~={sc|q(iI2`oa4#>wYA_>US
z1oD3&It7HPe3WBz)n6{qB9A+7;R>t9O3}6)Rg<-$l_TI9nAH4#;Up>`?s{!ABU7os
zYooEH2XLl!c)hBuS|Lx3n!vzbLl<d;Vm-{$@NBWUpx+U3zvPjHNA87k4bnaKT7;4)
z_FQy9-x(^E5<ZJ{ey02Zer=R|Jv}DQ7D{kJd%Q^80^kfdowAIsU<1b@@=gP1mZ--!
zP&U+Dx-HYmjXe5BCN|ls$8JvgF&v(~q>L5W4EKUXzLv7v`{Pxj$U$1JG@xWQF}htj
zb|+)+MPWdUi!f7C1iprjbViq~BFl@RL(8spIH9I$)<Wr&q8qKT-ryq-JxqBI;pH$a
zF<M3OUjwZPtmP1BG1@Ln7z;oWpgWvlpX5}>e1up@*%BT`5h0HA0Y(8y8}DOugNEjg
zR~a9?#K4!`0Y)BdL$L%NqFMRqmnMp@7)yMx+9wgeq&__bnX+|H308&dgN+>~liNw_
zGDv$`l*L7r$x<tdfV-gH;Mn0)`X*7@3&fEeT4rJWADag>yqTP-94U)KfGGcL^1k*^
zW%%fA*+QmL7`+F>DK>s9L`-4`bQ541TOPiZf$YdzHX=F$lFhM%Pa))VDezR(<7)(8
z49Y+mHgZWXgBvtVOi52le+9+WacQrlr6+dgv;quVh6Po#?LpasMa!WfflO!d-2Lc0
zlQ4|&AaMjO3f42I2(7dUR)D;QqZeCVQaRH%Y#4;TZ-<T*a4=Hl>?%iCl{$e^XSp)I
z)OsLT5hNN@*Apbbqw6w+3UtS!6y~Y7GrYY*b;Y1mD!7yoc-_=XZkLQ}8FV2-4nAt$
zW$b;vbcCq1^nF9G!DeUTx+Jx~BcC;m5BQ+WB0;4i7hKfL&47da8L>tRd4@cos7L$=
zd`Z6oD5P%ovKJ?bYGC1S(krCNe@tx-OeKFufeuujgYo`F6*|IbiH_#MVG&$NNK|-O
zRAd-XV{-v{qxu~GiPbsO;{O3UgYRF2IgbBt9vSH){vZ8##Q#S`Muz!uk@ph_UqAoj
z@&CTo-<s#J3Ryv>`!Pm&`5(f=B0cMWhlPbc%>VEpeu4uu0RbGYH$;{kakJ1!!p)im
zhlO%sp;6)C9^4FmC#P+IDs+}$!@guBwEzzFg6-0Ho{P6T@|}>$aw&F~U_vS|8xgAs
z2-avc{#Y%AF>N9^#9To+t(j+{%M3yEcm{7i;WPQ6mIRt=*=I0<13Y0K7~OfOJNVGT
zHI$A+U2;ZjX1BzyX-TOmnJF2a_1xgWoX0b+6&D#2%JgQELUK@t@OI0hQH+oA3xU#T
zc$+(y>(K?q_4B9>82BAXfd-BX4xk5kKX@b)8<Q{yzy&ab8ru7VcCev{J|CC^BVMTY
z9Bl-nv&0<eDkHbVrYri!>l5UPW5B-?&u7n3oV*d)3}_`)_-$ddMuP<(NJE)0_6QY(
zh0_8^&%~1qNQRZ<fZml!B3|$;qtOt|)f&&<E+NPSSPu@`SHRJan={55`IgB-<yQ7v
z1)kAFqA^s-nQ?9?>2LvAq)$5(;7p)}4Yeh8Ad$bO3C#xucZzhzFii*`7*1{G>>r@1
z1`Z7ExHcNYik+TxijM;F9B#cA(tr*Io(Hz}!XAA=&`3UWxWybG1nZLZ>=V3Jx?}_D
zArTIqh9AMd+w(5;C?3exI)`4b_!Rq3(@#NDQr|Zj?35Jz&QY;1;*o>1^bOaP3$4(1
zarrJj38sHwKf?azTx7JSP{ywko%m)FJOg-U5K2(&iFtrdkLA$AuWbB4`UFBIf_-SW
zC>r9)qotrk3i^WFqHAKil%!-#T`)Y_h~0b9+KWL!L6}0BMFiiaWF#j`{Uv)oz&kO9
zFbj#2vw0UxP=khtP+}5+sc9qxiyln^!&o$e&J~CpU<cwcm?VlVP@>P^jXIfV-8L|L
z*u4TB<sk@eaSNwo5P|KFGPSpJ^1R}Gv=79=IcPNaP>Xfv3046Ge^P%sxW}P&7n^)Z
zj6YZfcG_k;YT~^&4QT(`j816KLBBeoDplr&#fO-VUA!2~!S!_7i2UJ@5O1h=NaP08
zyMYVQa}8tQzqnSUClw%C!WB9ZB}fZ^(c3;LExqe2Nht}5J=E63dsR>;zPiw3QdR_C
zU>Yt&h{tG;hngC+>LBM#>9*BD+&$3c2lll^cotmLkqG%}(rUb3t0IU{4bA4svEz$%
z`a(GIvr^kh_WsgFf@}zfYTzES&<B_zbch5(;gUp`KV6o>Z~!5>!bAT4QP6-P+6}M+
z2UNvfG=T<y3v{Q$&Y8p(2%YYodIQOOA=)_zCf67Gc{XA21W6Kbf)030HTp#c3Z%|+
z0T{G$$XD8yDyZ~a64+4h^CLtwdUCgpcuokWCKSeiNeW-nOUBP=bOVQOV=%BHCN}Rw
zjm(AeI)DU;&xI@YnaiGKw_ACm4Y9ybJp@kLTc}^V1HK9++d~2s(Kzm>A#5jzl3^70
z#B`FJiKYWzK$(y0+gNNO`}UG3c%#IWv<mnOnF*r12LcYl6~6zZQDg8-;U&jmSlrxd
z(PI=5xI+m;#FSbPb5}p`Q%qAL{PpfSiNVr6yQ3|c@?|KeLyrR7=8B)rZZln3iRkeb
zmAmc4=hG#|7{O??(ey4DS?u->k+-)JR_cccy1cKzGX35!P@%_lf&!_^olj0LD{s3S
z_|=XwLi;Myqp(zLdfvPl?{VgU%K}0>REaPgRMN=Ovpdum$C7(7n$1?3Yk}{9WM@Da
zQAH?m4flahBm~|&C6G}nhA9soNRfd+DdWge&WpN{mocw<A{CDblHu-bf>xCo(v`Zi
zX%Zjo2Rm6j=mVd!;>ys+jBV%&k9`sVZ^XqroxE@10V2~Vx}d8R+|5|2OQVicvGn>q
z-tM-!6w*Bx%!Sb&1n_BSS)86s^RD(yGQL=rBnP1F5y=5P!X^(Lix&)sz_p5z=BAhG
zxO;1|Ler*1lu#R+bj&so8QCQ;oV+U3l=ZzdM1>lt3{dDnR$+*&5c-g0A*oNu;DW=8
zF!dmbRCWb{mJzj+vjUWOe~!|7p#{3#B!Vb=r$O2Tlfw?A_{yBqvGy6|9Eszzfh=`J
ze%Q~^P5WJbE8WlE<@b{7XoZ)EZ1oHgM}6rW`Z5`XhuH>fIy2q<IRB}y1y{J&do4O(
z8*0mr`Um4n<{`4#(R0S2fGlN-5%9{!qwjQhebJgC+k>QMG*ooN2pzIkAd?C1jI$VF
zt|~37!KfQj@TNpFaMLU!$k|>>sRQ+CixDZK@^tS+$5-W&D5-$@D@tBIUQ5*Dxuqhg
znuXUG1LmcnNu9Ea8MREoCun}GEsK(jk5f_UeB*;7IRJWuygS)2$}Qt|3it0A^>OYg
zCUUo@AD*a>rGvBZT(z(=6r?*q?fqf*_l^R}^cg%<NWfA!<NG?+Scm)ylG5Gs{CnZ|
z_r~k*oO)T@-L=%l`j<UOmZd5MD8pSm%md0}>@P#93_wK>LJwoY-7@2H*{*t+fsai?
zLJjVS^Lo(m-RR?Yf^60K+$|yF`T8J4RdwDc2UhXl^nql?hx4wFxI2|d?_DNU=Tvv!
zgMx?rh4kXRE_X{T^1A)CJg)-$mZiu@i6X%y3h&N7%pv<Q%T{xYB2I4Nas9|Hp+#05
z@!h(p4!%X9<+Jw#l!rl<M=bm3`n+6zhsN^Ugvd)#_DE2<cP6bpR725)6Rq^;^TnRf
zQy*Itv|iytFh`X~NIZO`NV0(*U}GZ9Z$+$8@QuPS1s||R6w<x)7yjBSj9L0jA%KyO
zJ)Yq%*fSrtQyf_Efhtp#(sOz3AT3t93h9=k#Ddf-Ic<zqFYPdfE@b}*V&K81pF9^{
zWcB+Xv_qYIu6+PcGUx${y=%82*uQismG9u`eN;nyF`f?ev80st;CqR?A*~JN-NRIk
z&u5v$!Pf?vi1c8b5WR-^RMtKP8*0XZcKB{euz94}0@zjQ9$?I$w~D;1(IRrkuE@9z
zUKJLOXzB??FNv8Q4mm5#VVy~IZk6rA8dR{74t9*lL+6(O1Ogac1`-^NS}oNOy*Rn2
z!tdch19?5_IR?2o>$x_Zr=G4uiar-rp(Drh<CHWVMh+N6HWoPU%0NI+Pbnu9EAr{-
zv2n?X#F)V{A`fpM_FhqQ$36gLRnl1d4zg3|)i$HYWgOTL>|6HsOZNEyU9$`hpQTPX
z3VUa0P~OU^j?P{`Df?#`reXm4iF$wX9gVU({9M@)ex}+Fa}}cKhdfvGL!On@k9^Be
zMsK*0qEGzD_qws>RPU8z-YSMA&%Kw8yf7$?!m6WtTlSPAcpgZKu@p90-;?t;9(YgD
ztBnE-#ar*`Dqb5@OeCtXd1}YX5t)~Y0ofP6x>ah3p8d*iJv)})sP^nr9a4;-+Db8!
zY75m7)dgzBaNbQ6V|l-3MZ3_loC+ahRXeZn<)L7{1Jjnw$lcVx5PYxZzL%T{)I`*h
z*n~+-t-@Ir`~f(o;+XLGjGlG$b0%vz$|9^S%PCN>(UCH<P50na={e`n3eGsRocS_F
zVR{<L{yQG?pvfUBI16Ug<#Q8~B_X#sn0Qx#UwNL4c%mm-pW2ZRls}Rh9F_-h!Qf8_
zp|<RKWZ#E*s5=R__nwvB_a-5*l&SjM5kOAkK+vC1VOK_<P@&E<jqbd1-B>-nWPC_@
z&;>Y?brWEG$+Nugtt3ZYRWDxbdx(8dz>}A<==|X|E!I84DtIfTOq48T8%CxC$*Ly_
zmP%?B4KTRhr3aG&e?THtTxs1;7eKB+x>!aE2YT9u`v2VV(xc9@QR*HcTYwRfxngz@
z+a1|r3J)Q9ie4*1gCpoPFzOUKA=oR7UDU%@FqDo1RV6T4$zhg&B$*GSFaQZ_stOWL
ze049|NhVmN8L%`?rG219Sruv&)>K}iPA97CDTR@|^b(+%h7_SnM9I1~<KQB=U@At$
z_Dn__bce*V3{)g^qWx=?2o9qNCVxvCTskP!T)8MZRXo}~&Ggja<nKMsJW$?HfpUC;
zNZ@*-0Iy$&&x28>Y_2sR6VJm4Q!M;S&MX_nH5RqyTU)&h2Y8sKq585<GDPe4dpkHP
z7#{N<9nli5iWw$_{ykwxc?&=~jPW6@_?9ABHh`kmLK(Y~gVw45ZM3YtAdwaUP@Fwd
zMF5}Vfq|xRR@gd`jjcz#D@Qh%7GQZ+Ymgadp#eQd^iQ6n-^ue#AjxVCvQ$eR13ILg
z*hTV;Spo8nc|zK-5)f#_{wcRWQk{WHZgTJBxyU}p+Zb6oNt9hV2!XCzEJAGjKmsje
zXjAW-M$MoCNFtN!Ucj}b><*eV6U8V5c}8dez%vD##qLd?H9QzUhpn{nsa;;_n$*5S
zIwTVHHge3UE?y4<Qo{pbR4UgAMJ;orkgW7Q^=;!M=QbZhCnToDcTMV&o|Ky6d+=mM
zc~n@23*|1u)UBv`s)%>Jb7+WpxB`%b289NNlraF@G>B!mjdllb%k&le21y2xMtMPF
zo`-d2CMv_MRWy*SiGi}D3Pd;n9OGh0qzv8$kc7a+)F<s>>8$c>2O}s51tZ#~4P|PB
z(uIct@OKAQ|3CUEBmO_g%v<iu7-h%*gP*Vn&-nk4@Q3mL59BAYN0-#D>1l|eP?qs`
z!}Rdy!Tpr6|L<E4m^;t^5*ZGfKg|E~0Dj6^e^Nd5p2sMM|A#e;2=(Ou&0zkYhy4Gq
z{|OANSaKH74kwAhG=Xx&poCYEFhxvAOD?o!RA`H+h!D=@hN3x65u<U!a#l{9{6wqK
zSfSSt=Mro%NZY`<us;P-hF~UKT$)IFi~gcb@L#YY=><o6gBL(zg$}#|N>Hovl(dJk
za18ucqsg_K-B4_XPz8Y*Y4sE|Dbxj0g$w3mg%?KP|2VlVw7cMjI8Hl;b9hv;3_>rY
zW<bd1rR2E<u)i3&HwZ5HAGBo=l<3gc2Ie!p29`DOgbqAoV7p_eWRS=T;BjF;Bz~S|
zltmE7C<n3f19+Gk60U{(p<)I-QJdaUdSLZgph^H}4tcJ7m;)Y>fu^^NehQ`p2Qqyj
zzX|fFr>!@-mC<6$hZZVyIJ3Fj0QAEA5flUgCKg`QlFpr{7u;k*aMEbv(v*pzQ)idw
z3uEI7lu15gB=YmLw<)TPU@Guz;#qJ>E$m44kU})z_VVPUi%?KdSg3eaD8Ws36RKQn
zQY@d#4b(K=>12>?_km-kHCl3n9*iB1*6t#9O85=c@=#4t_zkZ4AuR+<v|xq2%g&kY
z8fhvjLs+SERD}oO=wRqy^<D{mRjfk?t??^suO>|7Jwtng|1jzN#r(gV{BJq;V~ldn
z|IqNr=HB_=!XKXh58?+K{VJTF&7TxBm5oI;w8%82mES2`zG~E{q2k3VwPhT*U`tQe
zR;eB1$OYRe{axi&l6w|vM0{YS*Rt0Yd`*2~Jzq=CRB{{QEUTQM?EWOpk^0TD(^EEM
zoNMJqp3Y9NotMk4a&S+_BnpAj`Id!4<qI!oU8%i?6B2}6;lax`RJax4hKy^kOff#(
zglhP3{gpmc_4Wbds5k|eXZ(zQXc_eUQRDycs=y)uX?vhxyB}ke$N$43z4L!Id#L|C
zkRRw_k(3f2V~Xkp);}^Rv=_-&sex}2lDaZ)!2i(G<fJ%{7eW?&!92|pY~<G<*g%sS
z*D);y=4$RmgbRCCKaD1_N0-=i2tsm3LSjsOR4;U#1cn8L1cmfUv%8%p9`%pg!4W*#
zBnw$0Y=KjLqLG43u<s~M4U?4%HgUo2?2X!T!Kq<fa8e^3nXw-Ip%@)JO2~}wnx2`K
z7@yHKF*7AKGa<1{*TneP^hB;vD~*Q09%Qy!qqs&oI3c~JhE=fj=YqjA@DFc^k{a<A
zF4*pNMS-zNTaFG0rUCyTIMZ{GaREAn-7;fnY9zJeQc}~o#2!g$>2iC3d_9-j-z+$l
z&%k`a8P4|L`Cg?z_yRUpbVwg6d+bG&f6qo56ZC}v=r#krPys)E5P;X(pCg&GW&VPb
z%|b&$^Wc#1;IJ^5Yc?`6DkKy%6HP`ZZ_AM~&i>t-<-hPpjsLrN(Iwu;4B&TR{{?5l
zL;LT8`0>5|@ZZ4uVgfGD{u}9a{x^>Z`9JoawySNN+0Xb_sP281um^0C0A(Rb4-neT
zvrxD|x9ma>>)0moHnCINDPep1-|x&wvSr74p{2CFOHN;GS(+J1qmgDL%{=OV5Au8Z
z#2iMUNwymkW^CjFX{dwFXLY8UaLHJjm~oL!=%mTQ#YN3(+srE0^_{ZLtP1>J(HkNV
z4jK{vg71qp6aH<yeY;F0-ru-ke9PWLq4!YeJrsIhp?DBh<Xkt%F(ewVpcKAqHItVh
z0G|}28aE9mr_NXj67V>_L$)|nZ^--Gf-q1a$)B_Zk&ebT@f3ti*R=&+5Yoj1CSQWS
zMwULsLd{CiGSfd^`ub90eDVWyi}b-FBh<k1!icC@O3hIPFa&<X;0TwJoT8o4Mu$c;
z1P;|$K%-i*Ic+iu?j&7AaVqH-|9MXVp_W<NY6N}>5uiOSLBbEQ>DUZBL7aX4Jhah7
zv=T^S%$o>RX(4HvqkOWRp!w4rV~v&6LssnW)%eeQojN&3b%KgtqMQTp80P}eG0si+
z;y&7FjDMFC{+0PA^QZm^vMvZ)CC|oPrbD)+oTZz8=G!up2Ba4lHyBTjGR!fA1r7~I
znuiC~F<c{!vJwd+8fFVCD-l`Hsn0smu+1xaap_-%m+@PjE{RHM;6%x$5i8+rCk*r;
zpPrBUJ@&y3F_d{-$AeeNS;e~EIz3w1++6=<rK~>(fn*pFjvT6PzA_~z5|n>yVPEi@
zKL6j#_V0}Ozr0>8SI72$%a8j1gZzr-f6&;qyY351Zb>(WDR#)}COmFc*YdGL<i;@H
z7Zy?i7Z~y|<dTM<+g9Y+1e^OF^aJ$NWc6WuX=A%kFsTo=ltZ~Cb&xJ;VrNrq)xh}1
zWr=MK>iW9g=z291-eDv!Y3aU<rb%po<>ErSgGkV{+LPwd-q|0=`>YeXZj4gx0_1B=
zMu-~?M?<DlNLo5zito>LiqKbkvU7HJfI50CmJN7FGH_%BSH_;cXr1pjnSOk9dWI_#
zQA~iQrMnX7UHoJ?I{u|>KxHJpS4U?%cp8?Sou4K7;!&&@08T>h$$T=wzycz+9X#f$
z()GHYpa#TD&+>WrJpuXY$^QSoZk_Bmq14-k_V%q@WuB)~O2>`KJ$}hBj3suCf;;T6
z?6fmVGTF+$TJo8Sj?Ho<C_!h~?SgOT%ZMhkoeQiv^~V{yq+@eozte862}LOyB=BN-
zPmUkd&h7q+I^d>kX2Um02ToUaUnMk!$+LUsxGE{i#dj?wlP`^ZL7tCs%y|LK)3?C#
z!0{uzU7&Y89lI$lb8h&Erb<ph&nY5l9fl`=tGwk4qW~&D!i!cH)wi<X$VlLG1XyHb
zjE3+ESi~zI0gyy2pI{vcM7o3_@=J`PAx}t;kCaB#9F?)k>L3DwhCbd3OIew4$Ij2}
zRhhKCRlouHUHdz9^^8u`p$8jQB1%UwhN-MQxgb$;QLA;W28g|esC?3!#T}@^sqwOE
zWemJo;_w>qJ4B3u7{|M<c%c>ZMR-y1FPU#~tP_gcAApP{Ca?!#02S{eV17Z0#WyfV
z8O-Wg5ygi@6Qal!%{fMt9-r0Wv-(oXB;BU_Q)AnqY8HOQDz^`+X23flz!c|Pi@gut
z7@HgQggd$(a7OxF8ARvQUeyf0$e|eNi3|{YGf?tXl6<zFFqh1iCRBMI5CBTqYEssf
zWvk;jl4=N+{(`|<yf>K}zQqpik}*7IFL7CmQ7voF(a7EnZkSvh3^1#M3|_+kBaP?m
zIod-oJFZx!k68dljU|@?=Ska6#c-#F8xwkB?>*O2(vyB>Ol(gcFtL6&P8V&Mn2t0G
zp;@z-%@H?*3v2xT6N_&9?EnN4#?+)F5>njcgiWjER)Yns9xE)I=jy7GD?3hj$4I`<
zjRDEh6WN<Uh%QWON?N=+#zcmhmCp??QS8#sHi$lp1@a7#J;0!&{>$SulZ?E`tU<{n
zRO@<XLr1$_hGTLoBUMgj*G8&<L<yQdK*8$DDo}OaoC#vxR6OC)coA(wP8P6XOzxCH
zy^t&*30W)ac_AUb6-!5`*>qMO$SB991k1c~T<|^nNm==Cj|&Kz@(9CHrZOpy&yeO-
zWf@l>&?Eh`<ac4#wehTLSpx3Hkd6p;Awmg3c{+ZIdL1=g*JD4S3bxIt*+2nFt*^SC
z<4So}D9=>U61PI)8PNzkoqh2XT|zRK3i^mljk1_wP&Q2y<Q7sZB4B(!G%Gf`5+95@
z?*p{a<u&7_yY_ez;XM-v9$R26csz1beic{XPBo*MWn4h#+LT8}$Ve7vf@Hz0#M7X8
zb4Hg1IH!-q6jLC9ps#?CuOm-tsIIGudR@;b|GJs8l_=tX6Q0SP40fdo*)_=;|CF^Q
z@KPIZvrQp1%?)ITyKzJka$RMK{34~`gk5Il@yEO%jQKuSr=#)gQ|7d3$GtN%-1K!3
z44>x(CNHfvVld(Q(H4<fU$o4mNfv44Nsn8WiL1*|BewwJihDU#+!ML)ORZZjOAw4q
z6FsZonxK-e71#!HQ%izDf%e==j0$Vx1>Ly{ZWI)pQmHZ0tAZC91yU8>U4Z4ZtbJ0b
z#xz}99cu9aLp9W3(xC@h)#I0B{*edG`%!0^^*o<q_Vhrw+>*x{Ih4s&w5)@43{uA<
z=bT{N7XuL4WBB+5L6SX$hhz+T`0|SaibOO@Xzp|o@$!E;tQyMBycJd&RJi_ir;1Fe
zge0}BlDf{N<1P0`vCbz6HV7h*q;c94*)cvzXH&#DidY(CKw1!$mOhd3?~`^XRRokd
zZoZa*A^!qci#h$RaQ($=no;F8GGcUNi3}h~Qx5z7GPBx|k<?xz3wA~X^5C;NSyU89
zu!&WKobixrXHmmtT7z?YMV)|sQl^XPIhV&TnqXlScM@hf$3x@R`k)~eW<~a)ycG%5
z8o@anopfb0^b@Z|($&x$h!N-5?H1%&s{X*B-dk2wH01&a&FEtP*z=tdl$_vTN3L-A
zeh2PxzTA`Dcj?Ox>{wwN<E}!7_uRxB!C%C;($Y4|rwIB{+I4JnoB&C*jan}+muVl4
zA5j4G&d^0WfW@LdMt^D#JGkp}FtiNA;P+elR@^oEfm8C985HJT?f6xfJYKP@EQia-
zPkbkI4uVBf5-#BCk|dk0Fp#-5vfv8#){lPEzxqv?|DV62{ofDv#yy_?`<(NCYik?j
z$Mb&=@tf5D^2KnXn=i#N^Zr*QfB);*YGvbb|NkL=hn^h<QE(lzCSKVM25t!Y$<Xlv
z_9h75ac${^*MsTp1wa1uJKz3h8^-FY_LRNZIeFE3^>T|fkNDa0X6uX{ov`Nq!T#Ak
zJNvbD%HABE{C0Z0v$xM)v<~*4Xxh{J{b`!;1hpkx>gjdeFfQSbE6ji^cnY090jvMA
zZfxR>flJBZ105!nV_3!E#Cmk&yJ5Yy)&QtHsa{)eXdgd*)INRsq$I8>iC?ioawJ|k
zy`Ek-F4cFW{ktRmWiM!3y{%a^RKF$--+Ea6FuzIi|73rsdANT+IA-~O+E~lW|Mlwn
z>ZAOBh~HV)ja+8oHc!`OzkAUTv;;8$Y~Y?bN+H@j|KK^?wJ>JPI^feZoFO6@@(b#^
zA$^mwN=f0a19>86Hjo@H$S*4fG}mMBe7mi@1p`33U>GKdar{eX)4g^s$;qZc9vAO4
zDet-OPCmmJ1jiUSZH}5w%gLKg>AN$Y;Pu{VS~Ixudw~VoAYE!>*J04#(iXaLJlHbL
zo0}Vhk44euMi6$=A^Fw%f7bd>_S~1?m~sBIys@^CU;k~aKYJYi5Al1-rmO(P@TT=2
zEHlu?UC*vZ3Kt(!VWwkzcZgwZr>!l2{yDR%{P}0RLU^`w@{*2K>Tf*1T4ANp=Ef3h
z-uhPGvsVuAGUkEs#K~4itL4>-rtQ6WSy$->vU%aA+a7kbCx`o|r#mlUwTc@~@CWTT
z7LQ_--d1F10c#V@{KSN4oFSQTULEfIw!fT08b+>k4H|?oI}|`@FP@@i!{2b|rv=g{
z0>#Yh?9$HwI&`Bb{~y7S*_O{DimZOiaKqof_Bunpzk#MlA948!ooQJR=XA{;KOwn&
z3p$QLb4k~xl3uhj8rV(D9a(*l8C!QG9f4+<C)){n5xnCdiab1iYj*?Bb|bQiWorjh
zS0O3Is7~CTOM6eH#DVK<Hd>kml~>?%VIouSx*g9?rqieF_~huA?eu!V&9NKqQH7iC
zz{UFzHXfo_m3dBW8zZOujbjrxewE|{wD=ucaTn9~j*shh52iO)J3Kq6_dSQdoSg2}
zLz^D8C#@HZ>HkxLo?6o7(V@w0s7YkIJE!~Xb>v<hzSv7COH!$Iu6V^Wv{R0wVLTYd
zS4}TudIDL^(DFfr>${EzLSss{GYX{1GbCTeh?+`|N{X2AVJb|3jT53akC~^c)$xPS
zz2X7@(WQv;wC*&Uyb{n$%=Cj^&<U7%c*e{(Rc5|C=Xckez*enS)rwA!ubTV2uV3=#
zD@bo1y*U+chr4_7@%8CR^WcEL9K7D)x6dKvO8EVRFMj~|7foi`f{-i?%`6QqY8m*W
zD%Pf|SYxy4lQQDvf>l#^7*KP8m=T_b^arabwKxohw6-d?K1NrAx>Q!7`Zvh<qS)O_
z5F!|8%<RF8v{v3=rjwKtc_x0|J>9ET>g~wJd5FfT0+c>VYUGDZ+Cl5pZ%`h66yyu@
zPwX9ZkK3zOaHWgWRwy1jjwha=F3}(edh`N4<@7q@i{*T<1~OaJb$b#{&~wu#YZy!L
zL(k!<PTQ6l;L#q4m!x6IodV28U6^;aTGh=BLAfBB7>P=#o*#acx^TY`x=;~lxy|(m
z;36mqwdrn69zH0SX6Mb1NmV}a+2$123!v@sb=Vm+igtSR`ebjv4s$@u2T_QV$C9qW
zEF4p&tG&Jx)oq8RlrQ|_p;qNGDGLGRs!?7c{x{$wlPc0vJk3yqRC}_2aJoO=+#{9>
zpE>iCC(b+q?(})5Ak*j1I_3MBb+R<w!<^#?f#2ss|IZc(ekU)JukKqWzx;FJ1T=x5
zZ!i;m)mj(MMpt*9jb@i9o{g@i&qh~|vytiGP|FMQfz!sbHCvH8h=24cs<46uGnFHz
zDz)xkapICP|H=NVCd?A4y2M2qzH{woy0$VkS0Y9^<d<PE959``pCS`QlukP0H0>26
z1KCWs2ZL>U+a8U!Lwg&v>FsbkaC+OIVQqH@e{Z+ZIbt&BrVzDcw&hz@T<~1tMiqZt
zLC;yXE+<Z<<TPl8bUt<0a>k|Nn#(RMjVaVL`G)${wH#=Q84cBi_84q;p`p6{ZO`w0
zL9=x4+$@>ub?;Wa6E~WR6FfWEwuj+%yFb{5Q49P~fxq!KjGgVU6K!|A>+Qb>9r)|g
zKY9)+J`1MiFVZ0J_3VE$?Z2s={<Cq+*#Ft6Jj?C>z?}8$(f<1&zb~-=a?bdEOu(l+
z7**EzyOuNliilM|nEh7_!XMNGtWck`0vGkh*E0m?u+6ds=lH463S3x$y90b^6Y!i?
z-w6%&X!y;w(3tIaK4p7O<F2Ax9<+96S!~CxwR}<^^?UqQw4&=mH72XT(+#mRiTbui
z&s{~!WGlFbpHVe;#{gu~Qmsd@f^x(_pJ}fu7HW?sD`mW7$-2X6ncpfkkwGV#nkHMB
z?rQ|yoxpEvtob^l$VrCLy!!m4d1zL~??<cuB8}eoZng3+)X3-7#=n7L{4e=U)c+qa
z{%5(IKmWD<Z0*ti--G->VxR1s{IRegx9Kz`HgXzy7{rHg%*SwluR?zNDR8K!gxh!=
zjz8QlJO2Oi?l0<R`n&u6uj(3zi^uz45AYlBe<!f-nFl`O{$Hj1c>nJ~e#QMiywC6t
zpVR*vYpaj_{}8{4{V#015xM#OG90t^f7UBw=l?1G^W*yO>;F<O#n{j6`1S5VYmezG
zrunA2XPV8kCOiN2?C=1Wee9GxIhf}DD~g7oD|c6Js&rxH?8F=)pfZ*ek1N~(gyF=F
z-q328hW~+b09Qb$zuF*oH?`P{du{`kntytOEzs^Q^ry_P05K6l0uPc=Le1p4c}WVr
z6uP~-9>urtwd=aE&bpy{UDu~xtN|uB>?qR7F$%gi8pS5Qn;3qg@5UCx;w$K+`a@mc
zLl19$yn^u#b?)!Yk3}i0&Nf4TrjZ-hU!T2L+0@B>4zFOX9XPk>4chTOFwd#$SlaS@
zH^fL6X)+M!4DFc0U*yuR(3qk(64yXAYmOS~jhff*Fslc2@|I-;2E#GY1`M?5O1ZLW
z4EzqzTQe=uq$Xf5A_BeU0MNGAY1E)Y1HU7BtY(VWnn@og0dU;N4!r?+tZ2;YWP-u}
zW8}k8Z6k8nm^NJ>nlsy&zV*TDSR4~@S~;N<9)YqU@ZZ7$Fi#_CN{loxB2lL|ehvCA
zwa3DO%sVmn)8K;}e(>BIy>TR-uxQPM>{H8e?;v{Pl>VQuj3aK4=?!_8Y`$_Jy5b<b
zg_`k)`AXTL>v%DcxW^ynEQRcie7wgWGNo#!XnK*50n)epq16+8a7ZuHdqFAi)bnG`
z9MtD6<!uVtSpXD&&5{7pw>beof*YbI8)R<rIJ@#<=<JKhRvAl}DH-u9QZedb2w%fE
zcMac-O?gjK&f$7P7|4=woq$3jSnf9yejHl%J2y0+chDer1!HVeZ|n{`?2La%D|%<p
zk=@UN-TVEt7#wfF^sRu0)X)Ta<AA>@y}&`_<%%LMa-v0udh~)1a-@QYd^!XnS4TQY
zPSJfJUn*F7(9lkYgFz6v?8aqX>jOUua2?=gu9SML>$#y7+TGhNAZS44&_#C7ilPKQ
zAT}+kve`~*ZsW0PNUu;zyJEmJRDt&@K2$Zq1C$8>hc1GqYC{uHStjP7h?9lHERw^$
zMcz!9QGjLSfKdu&Sx_Do;6?3<=~QyX1u^p!Z&yvbYC6>%gtQjp<VI{!eC{qTC(kxM
z%Yzp9%&!$onAG*!uG`~YkEMH~h#DGjzy#!Y(V%DDO8U5~b3DlrTvI}i@7x=c`YH*P
z1>_`Qvi`ZI<1O4{6w-;-veIH&zeVn%iU+}vRU{{M5^rXf#02bHJOM#1==mJS7G*2(
zAUND_6rEd<;6(HsK!p@A-a2#;g`@UjLGg7tA(!BCf<<d4p0LX3Ev>v2!c1P$e@0h&
z9A{L9`oIV2(u~7UoT+p4#Bj1soTWuXo_t$j`O>0gwoTjQY??TS;(3=ervQFMMIc9s
zKv9{1qhhuzX3Ed#s0&J^o)kqvKv*fjSXD8~;V3XxCt$3a8U9~pA2~{nx~hLlaaSeo
zYJxi%-#LjU<(3d<xv#Wf%1Jt_9Sr&Eb1){a=^T^=D+jsCx4W+W?)fnE>U`D<#cGq*
zmg7o63&@E$lohTLV2}q~nf^{EtP%y|39Q{+j5br(t7V<tcuw4{>zkW8<118>lSCnn
zU3jM0GZ|Ht0?@3905nyzQpEr?YwKH;GPA8PbUV-+JO&NS1{@55%{LNnkm3eR*YNT?
zU**?G8)&c}$PPYH|4-L+UyNhM{r}a~XO*$|Pt`~L|3Q9_`v0T;|1Z}61?gPn7cY-`
z|G!A@rvu&S47sr@p1yB`frOM<^XQ5JA+I?<+77<C?O-8mJ4i(bLQlnqG#&_XO*(21
zSHm~7CN7lw&>URaLm`C5@G6~87bt|X%Cw;f?1P$`5V$A~ATcj@4R!{~<<4;nkpo?~
zEb{tZ57tLe9Q96Ma^JB+M+0=MWgaC+po}4{7)k}MLl+7K*YOQ{7^Bb&k<0b?2v6=!
zX#8H<_{@sX^)SODW&(lQmQtKzRw+_tJMIl(xet1+h}Vepl#Pl}HCQWVHvrcW7gHR%
zP0$YFu0XX)q)tJbN@PTwO66P^id$oNGo$S?SqSlkK_B$(NW0U>q&}jq##<O2ZloSq
zkejux*=;Z+KW=m%r3i4_^XVL~p&}u0yW$Hq_&T2Nk!LJfMYHfQCD0x*0&ttOXK>9#
zJw*ktgCX8*iIe_CHX%wGQCZNC$rOdClWB@KqtlZXmLwNnqBwCfam(96)UnA7&Muyt
z{~h`!DuHid#Ky9q)7WvWLCnX)O%T4rI~r3u9tvnvaaI(Zl{NFw3X6~)dOjIzMrhLU
zlN&|CjXmD%m;+T=LAAOm>$hHr3h(g}x;fyks&HZ5?%D`<EeCf3pt;tfl7B(T)D_fa
z>@gItX$!8)YUR<t@WLo&#}q(C@+Kz<{_W+tDp|rH{A3xE8=PDML|(^t9nllQ!C}+#
zy<Wi1hX2RjwSYsle*Nu|n3L$rq1dDj88R;AQkY?kDQ1{U<Ib2FOwlmol0rzO=q86s
zNf!}`%B51LP)_BNQZ5xqopMjQAUVFh_smGAbI$iY&w0N8d7kfUKb7{LdEfP}^{#jA
zwSLz7F8GK;xN;zqA1Z?4zFAj);e3C6J|aAfKhyq6rwJLS*l`k%6W(cs6ySo-J%{(k
z!D0(WSVv9qD7b;4JahOfdL*(Q)d}mUN3+M0)=;hgWLT^(&KYDU^iiUEYy!k^L~sIG
zkRPluX~)I8%9w!y<n6%<0FfdU;?p0+_LDCVn|8iHylLzY2Som@or8Ip@*c++7;9R>
z&)@(d5L)_E#rLlRT|$-oH_$Ew>-yqyBS4p#2<Td|%+MG#z?d7Fnj0BSt+f0d<NAL6
z-SwCF-&Bw6AJX{m@IPY==8yS57~}8w-+$!#j{kkf|NbB2f8X<ezT<%3;k^G#aGuyU
zi6Nw~5~}`50uUUzP4+sO=<^p?mpNQ@UIdFE_}e7H#AGqqoFFKQ6^5Kp{KZEOL<|n&
z!x=*Y7(Ze93V4BGp`5@-xV$}!CkWL?(U1aiaGVA`;`1UQ%MS0!hO2~;=z4+N^&Aiy
zZ7}o}^n)xUpCf$f!u2in#e)oil$GlTw}PUBKYNS7c?m+yO8k-(EEAp$0(T_RO){M8
zAl#~nsFavxeH0N2Bt>qcFrpN04@J)HKuS;l8BPBUVM2^R)Nq-9u-FI?oE(tQZ;FuN
zgIT!32vb;16=d^Z`!6hV7{K|Tz8t@e&r$0+oM0G}17Ruh;kZl)hXx`k18m4A;06lW
z@`ZDV^e3~nEaABU1;JcCH}p%U5W<bHygD-!B?jjZB?;vrNkt;AV9j7|h!iUTJpZCe
zM}!7NXmAP{l9R-PCT=|vxWg2A8zB7<r5qt8LdC?mLNJg$l?)n%lxKsV3!pv&*`Pl+
z9M(-xXy;+vL%5M$oc+WMh9nluhd1$m5eYm25Nk-ebWuq|q*Fd9dO5=i2@6qNT@P7R
zf0UKjArXPc-yktu*!aP%zr|zpQBGgb7-7~H0+h2ke25>m5Y$89)lea!Nz8gGUXA|3
zk&pz9!}8}d{m_sDY@<iv@+L<dz=xeV=)X3TB3J^qwSWU}BRx3!MzrK>g__E+6Newf
z6^IdNSY{ACh#1TrTBr~ZH?RZg&p{(|3@ZbNFMuIdUva)16B#iI;T!7aD@>g!5b#)B
z<Upmb#4hr#v|&kTQbjE^br2$K4l@uXT1n!MCiQKK^*~S23h~E*+#s%q0^A&tiU1|l
zYN2G&U=WYZ^@D$M5VnxTDhNQsDRxlTzF}|?Q30}o;dO$B`B(<2j(`&wh=O|Heo1~4
zj}9$d<2+b45Pgw|1PGEFAe!$<PPhV;Ul?Ch=@Dj^2Z;=!h@9CZ`gO*aj7-SRvk@aF
zF#m(DGJPQz@0$f6vN!NCP+z83^br&%!etXVBFQ1YXF<V_#C-ALalmRBiWq*lJ}Jz|
zANc)h(b(fbD%p<4z*6uakqU3*UrV&b+k%={Ds-=j1{p+}J(*5}%W+Y#B$_Kowga&w
zS8xrHWQzvzE>09Yl?sw6D59g20}&5BBa&<!=(a=>0mMP=;1jkSh>k=W)G3V&!URQK
z5%E;GGe<nd#vZ!G;)o7JnkyP*N2HP9KJCa95DPkCDKw%D-2qF1mJr2>OvOXwZJ};S
zM3Nl^qJnqClW6)NL>77o;@3iVAk`l0-~iJ?Vd>EDDewS68?uutg-Eccf%aqvTRij-
z2Ol<p#W~=Gv>>i*9I!-3G-!);#1imGD>Bpz1qFXiI6RPHkB1+@^svw$8)QE-#D@);
zM592rXoyV;ZL%qYNX4T;EQLsgC1OV*JEBprJfRk3q!Xwe2`}sgmNod*lt5pB@99+h
zWQU+F9_s-01<eoXtNELp*MA+#{5Ny<rou}Il4<fKWzPh}7@M1znHv~>Puct5zWy5j
z`wAlXM>PH(|1&gMZfN`s{<p&DJO1~dxOO^`2=XWuSpDUR_O=x0XDs|zRucNx!Q<l*
z0MMO7w8hdkKJH(|4W;3m%JSNK7prRAL~HE>BvKR=D>cCjGFWTt<z_EBP@T7PO;6V5
z8a+Gowkt|~&x=8wq}#bw;0rKGa%l#7&umS_eR_(ril9ZS#nDq^*YZBa(1u@R52Lke
zN3Z56<a9sGXN0{eaF57$PZZ3w!u~2T&?WJC%Z_8R4HbiPB+Qj#G_9vsk)^wQMs@-V
zXIRb3+KTPzk|<VuTBnrYL{P|EJa`NX#BE4WeC+|ckpcM+orOmP)dxRX;Or-S+;<b+
z%K=B8sbp@H!X*l12ZOq17AKT+oB7|yR5zpo1vlM#Esm!yl1}iEk9+(Eu(r>ly#XY<
z2v0rEawpoZZI0k_bzWaRe}2E>1)mDZi><ZFRm#mxO@4lU+qZ2C8+d94DKHvc8(`eC
zxuFpZKGEY$PJGc?ZC7%sg~ISB$cFW>lXuGP=STv{A=Mi}c7WBamzB*O?4aSdJH2W2
zf-`4yw6!nAjDOnpgVGYm!^S>00QrbrC%}aGty?W31{N$>fKE#UGU~#gS5C{Q^SjuJ
zo?o+S_^FY9{ephI$K{H+!>5MUNZpUc)SIPic`*DZKEHeCUiRvUsj~-#lA}ErNVYT6
z*AE>T9ND2x%2;W3#|KO`OaNHk<7MNhhTxmZjV}wAlLPMFR(rin+04RX%zNS!!^OoV
zUElLcc)xjIOVK&ca+%5kx7W)v3eKK&NYQ$ml{GxjR?cg`Y6g9pkRW~F&fG-X2So~i
zY{j$R!#fqWn9^u8nOHyzkc<UPf$2T~3g~&V;`f3w!_#E)=~Rt`sD_U4onXY=q*3>R
zCYv2IJ<G%O%*{9TwVe075<07^X)igdu%MtIH#adU$w+y|fY#jFe3Pa(#cFr@4(j1r
zTU%XSU9+>ZWsh4%f2uufQWLn`!nqc(MlTuPuvhU!>a2L(r9JAA>?fJ4a%LI&1Ogq&
zCKbmHJd49v#D0269X{u^3ZEwT+N&AsKKlkog;D6${~&vfi_5|7`?qi3PS0P<Og@m3
z!sqjQdV1zB^Lkp~z5**X+-|&bmyB8oIIPp{ul37%>84M`ZUts$W{h(lhs*@0OKrM{
zx@sZ6S7Pk&__UpKCNd8QY*KLA^Ad+kH<(r{vz+K_?Cd5MTEzG*uc?=~w2lyD2gr{d
z&h`8yD$>`tvr54VeX8P@=rI))6^L$T)DZFQgT0oYa*K=KXQz8TcxP(drsp9Yp*pl<
z>~MK_zY3tGr4>-vWbfr&n5;Vd{QgPCVjWvLJ<j|YPs;j&!`$rffu|bBqCXn2JgAfp
z{f}?VZc3V#90G|hGSUqA+~;pqKHR<;FLmG!ZSC6dk-_H`Tc=CK=H<yA-=Q9J>G<*I
zxA!mVAQlp2<<9YR$31<h?nGZ^$WOqH?#3L(S(o!6FRJg}UG1nScYor^vw>Bc-d{lf
z(6?wyOT<2cGmVI9yJ|Mp7ID$Q4rdb<*EHKY=ZJH12o_tBN6#<iJ(~%%T?tD{Ol&FU
zQt|j{fJ5d=*ECMjElEI`wVG>hZ|~;z_>hr**0nyDYuqK;66S0AE2gV^TwoI;BS(jR
ztBL4q(MV9xfRq}w_FOGa+r>Em$mL0<8Ul^Ih3eYqvp;K{bqxx#0j~W<l)ZE3PUOV+
zu)K^-SXjvkZ2+tpDp}tQiAN3y2?^=$?k4P2n<uS!B1`bPer<k9n`{S3K}qF(&!gUL
zN?r$7@G_~&lEBrmfm!wa%B<K|yVl<{`^h#hH`l9dz!XUQ@Nl_w!<uzC`?YJE9+#}o
zam+~Dzu%d`_-RnLW{9<SRa!=d?n?(dyXv}(6$%SXV-+<M0P77KHqdBufdDth9kK1k
z&yOhlXvltC%uNm<RxVzgR(SmvX`fT6Ch6nT<dt6lLuq=iwK*v-cMYbg`W~jlVcMbL
zLz*%l?P9>bz3;`Zd-L<4>wdtgR67EJeAGPb*F6h~M542^Gc?0*(!FCM-@U3E85wEJ
zA*ZLO-#co-=q<|bnzOg;2=F-n)+_X-ILr-Y4rd;X(d-)-?%y7}<5!87g4Y`|Ef~vv
ztdooOm0T}fH!bn_#Jgh?D?_^)QWme-KI2D8!0+NA%DRiK#+tj;R+(#PFdI)h0tTDj
zcMT2>c6N5^GS1l&2+KUL7%y33XS6f=WXoj%fAyg}L;Ug1lX*1ynStxc58TJ{KW>a=
zH@MFOf_rFkK-DGs>=Z?5AFGISwb2GaS<`Oay!p9P>3Y|r{Pc!<36b2gCm(`d)n!07
zYGcQZxT2z>=T$qN1eT7zdwuV)iSEjk9&<PYGv$JNG*Tft$#Rbr4XRTTIEOZVwx3<C
zyy)fN>ZPbhT@sm}TP(FDfE61amU_7oWF?B?<K2cOidReT9H`!_Uf8-C@G(}Aus#d?
zB;#spd-JU8#nQmml*~*^W@SQcZSDBjFd5R=zV?BompeS^*~*J>Mb(FQ?_P(+1~Hla
zA9_tz@R}I3ht18p;TF??t#JqI`0P`o=gQ;D!+Pf`DXFNdLsmf6Y~`6$!)j#><r_wK
zR^eDDAFDj<t?)ZJU{wlDjI?p1T@>b!1JKaYqW!xTk;38p)>Po0<8WxG#`||eZS6!w
z!^okR1@2`tRhOeRH7jp*O$X?l%Elx`JK46Y+`79<O`}Gt&$G6r>(l4XbJZ@9%54vu
zEe+1{P24Tt-)7<4)o^M5qH=k4HT8uH<Ih(W-neX|IJVd(xajFxX<5`z1ARRsHs*b2
zIl3l65epDgb|ob>pYv3mH*cPrni}+Cnh#BYl-~R#rvwkDy_nfvPkWo!hY!?_cP9N{
z_1VeiybGWW%u-KaC(E}h<`4_w<L}1DXG~Xk1?=0muYp<B=~ru?i8;x`;V!u_Qw@1+
zYuS)`0K{NC&K`W#n^hKznHf80PF00tbAVJt@tVCdTjLZd-rfqp<;$1Vqu)Dk+Vtsa
z<U7DxKvUjbot!-5+I5F4uau$_4Q=J`nhGq=^Sr%Stc8HgKFo4C|FqzkkeR9cEy`F~
z$RH>$s@~}7`65nAY3734uBGUWl?h%+^W`%Qv&$;1rO&KP!A7aCyrdiZ(0AT#BCv#b
zy0};y2oBj)61~zojYCY)&V~%XdemS=st$GF`b13JrfYd8b(|sdvrp@3Lsno*a8Kcu
zx+}rQA&)9KL0T$!_2opKafDW7U#MlG97Y1n*c~(e;ZWgq%f|AErw_8L)HnAHbofYR
z&xoD#;HJV-<71F`Sgfj~Bt6;vY5g~$@%D9hw~f8u8S1?*=-9kC%uIRty4u>$FAtDk
z-8;4gvToGXZBiGNS@l@@t#h*KTcR#_U#BN2Z3%yl!&Lj>YJo&b&;2bA46{<Ht0fdQ
z{F3X^^?ydYUNAEWdvqnN^@x;)3;mE&@sV1Iyt|cEju-uNBwO6ra$BiUXRIbhtuZp`
zR%PccQ~*U>Z&N`{P0i+^J3ozm?AML59jM<_F_O?xwWIL*VC6txUyUqLSv73sX7`Hc
zKeKA<FOLtDZ~pzw1WC<kiL>g@e%3z8Lqkia%e%QU2uI`6Zv;v1!T33JKho`ddB=PE
z_T?d;N>@qTxEzzTYgb?RW?$bE79UHB@?`tQKbAc^>lUUQJIgoxa8`f!+)m|12?p7_
zfv)Zx!spR@KQft1=o~jw#*7aIWxq_+@k(p>0fNsV3xHYi+CeQ>NAH^nC_0?VYx%r~
ze94Ut^X?O}iUVbo`tp|^;0#qMOxtUDrN8r*Bre{R(7$JslA%vREM@(@OwZ=RV<zip
z5y$5y9`!!E^|D|^P%Gaft!nNznWCAdI9yI{^yqJ6&o=eO#6<@;y1L<j^w^yQl}pl3
zp<xdO7kEU5c0V|pYKTiXknh_2sk8xr2BcG>k<cEqxu-D31gBm<4JbcapLwl2zmT+=
zl1q}eX}=<wmD*%A*4IMMKfS3cW{qrzTEw(1F~-qOszA)!q-9nk9TvFSBQIvMqcH5C
z%c#*k7`sHO+r-F=Ma=~nq{Ky9pv*lp@6x`Eh;}pS8?y{|72vM3<m7C0e!J?N=2(+%
zHQ1R{Wpby{55s&Ob}4F<Pa@TCRj`z`>?cM$Jy}P8Ro_;;zFCKeqCX1vi`ro;vtw!H
zk)`sG8-uQ85sZkHdFu`tXaqee9c41@FdKtL)hwgNA2Eg}#-1^NK++SZ+IR^kz|Ov5
ztHSB4qpwCDJ}iI#gs95Kcc~V-oY&OW4tU#n%W{64+L(#S?#9#6L*v6ri*-&#pMPV$
zij^!-1*RKFPya9Wz5}eOWotAP6=K7N*kDtX-iu0=CZIGaq98;F2?Rp|NvMK?*g>&Z
z6h*OM@7S?n2UM`4*g-`U5v5q(%r40e1oYf{?z!)Nzxgc5-ZQh-tXXx+n)Mm8G{zmj
z6z02PEM>r$;`@|dr3*LNKi(gD`pl1(TL!^5!l<*Vx>!X-3{3seJm<!ZA<fPHfngK(
zh4i5pYm}^8d3(FpK>az_k5%n_Aggfxd)a2k>0j%DkFwXkF8Mq+)i^Bkl5NtbmK!&$
z-KY~QnBBevW~3e%Z#>cP`nLKP(@S&KS_>lY6&CK_gsk<M82mW#jnAud83D)GSFc{z
zb#QgKQl!*{;-*#*HO%tx<tL}J=gnJx(W$5pL$ISjPStsH&z?FC3jH;#X39GEu^mtw
z;50Iu;?UH8z<|>YC02)+HwTaAZJj<bTe&rl?;Ps8ozwJs{ZKb5E1{N7S;>!ka_Zd7
zZ!hk@eCe8y6`5FhqVe0beX0Cc<BV19!?FjMDcPJT-Ds0NXwl-&$}uO_%etA3i?r)I
z%eZTa%(dgw77VW}D>DLidV1aQZYi%D7f7kjRy6pQ=eR%H_;uxzoy+SRN>v^mW_jk?
z20LlEY;tS$zBXV^-&xhAURHeO)#YA`w;tZ8Kp9goZn$<+)z6aDZ}rjZ;x%7q8n0sH
zz1dmv6j{dLH83BX%b53hC*5|e+mDa)>||{<(`)9>pASNrH!oc3b^yPz-|Iyq&jcTM
zK6Tzl+v;)m_J+28H5_U>!hXUI*Pwp4x<s7Gq&J-(rq<P(&!no(mFZ?MRgYiyam$9$
z{FOc?p$>-Qju(G=_&M08;o9}<KkKt+ey)9BYGUGZr##4+GVoH>mM%|k1Er<$Y~Ps^
zg^{-`vOGLhTwC9tpy+8hJvmgpAYF#uf6hXqL5a_m-k+V-qu^TcqIVMlwlkR_YEFe?
zDfAb|szQbuA$w_OwVs{*bf6A|TT_5@{I+~2a4A|n^rmf;yKQ+}Q&2dv-`l|0*vHQ=
z(I`mC`gaa2{i#`$THT56!>kK;J@$0IR>*Z4b?2yp>KfxOcY~IXUG&z2mGSXhY%j{~
zL#3RvGft0Pw!b%bW#Xla3;K;8H}2q}L+5rLKMYL#g@t*Qg|Uu>7O5i@f7<^1wtCK-
z0kf4xalNLEZ#p~pa`uPTa^DPX#=)%bb+Zl36xP2F;(GALN-I=nDI7n1`0erPGlI3-
ztc;55PQ2R-y!Yx?ubNX?V|2%y+PQy!%*}P?YBz7bIC<%e;ntVib2mOX_{zm$*6ePD
zr$MOZx?}X&AC0FUE|FGA8!O|_P#-IpUbERRZLGtRkBj>CJxss+rtzIu-&xvm9;fGS
zn{XcZ{D9$xoMJD(sh*am?y^|$?ykO$&NVB?*plNK&)&W*z8CVSJ91>^(E-Ip$8AQB
zW<I|dLK!pve*U^!88f1~D^|YWs+FdGQ0r%1Le+}Z_gWR4W*MoO)QlXUjz~|<(pS6=
z95|OOC8;M5RC1)|9jp5B<88(5_<^>ATgqc!BwsO^P!Z(PxURcH)!DC4>YhCd&6;rT
zK@Q)cN0%-mR~!B;aqAsJlQrn^wy!K(S?aLa0f3=`L(A6>A5zEV@Rw-h<kC*_7>a2-
z^N*)QQ{KFZ-IFxsN{^BxKR?$GPl73a)hnEbUOmOU*&Db@^TUI(v)}!U-lIC=@G;<J
zmjHKpnTE>IBTwfiRN46W(p8<JJO<lmrt>Mt<C6)uU*s{6ZT(bKx)y!z;URY*aL>%|
z(?%qYJ6d5=qTtZn+`Qf*I&VetwAb?}>kj4u&u87bw~oyNYH5=uwSGODD{B<LB6lsn
zSDO0>`M}lsRL{*(7S}ySyXi^4(9F%bR=V%Yn%KSF+?Fj?u?z9`ri6T+K$9)wB5KD<
z=e@B1c)q1k6Zrn}OCMU?9yDsctn$g=3ZwhuBH4bAM=j{5Hd*h8%FLXePX?wJ`KQ3o
zw+DwJPB*ITP}Df}`YCHdX41I6M<2ZbfTWkqsY?k`sO_yFP0=}Mq`KeT`-AUTiua^R
z-JhzxbEZ`6kA3lGZdd2<oaqzXM^Qe%xl{eEx#4O5*L%73R=rL><{X%mQsBFIM_IZ|
zKuNBl{gtu_wTAm;D4L%Ak8SI&-)qW*3Aw8S<i|{5UK~ADk9KCt(FCq?;y8<2j!{ts
zd0G_}70N%~uB5ChvYh^<_HD(kRJQulDYENF=62bn)@!EKgxYQil-rvf0|wD;6HWKe
zKy=@MD7$Czvgs;n`tc2~`A?F|KIei6Cx86v__yU(>83w*5j#6OGc&(CGp%Q7gl1kk
zn(*P(;+1xkA|)4BTmH71N8EksUiz1Yj5=mXNn13;%gP_A`=Lg;FtTdO&Vs0q+p?+1
z>@_!;+(+9DrRU$BGiT0%1q+_O>c3QRrEUD~{hK!RRXx5XbLM<EpUoqpG_9ml?+<cZ
zsgd&5?<xq^C|N6#r)rl-(RUs`Y^l48LOI;f?MYEkVo`4?J;m`LEOT&>PQ16%d0y*R
znv{1?(z31k6yxGPCLb!3z8oqo8P|8B|LeNL^(IS$T>4R-t_=91Gj2<EmXrOP@2!Td
zW00D#uF8*^`q(eb+nS$$>GI`_ge{(kjcLQ&R%V4gViLb~`1tsc6Mm}KohIy1EdJP%
z)vtBoc@6oq&99H0jNhPsvG&5IXE`!U)Ll4{t{-oARiXoj+TY**CX%N3E&1hAms8Qm
z(;FLi7etLp*xRG%SWBtYm}UE$rdAeYP0vNF*ZCwJXFNRI^WMIDa)Tr714phbuBZ7k
zR`4>?cZa0bCY*hgap1w0kF1tWE0+6)Ok@u5WUE}M1aZEnXRksxUhSa-yK}O89<0<|
z31TFvCfBF&PCNaMc%~>Fvf>AGyZ2P0D-AIW(Hk=QQ^tq0XAQzkq%WP1AAp=c|D3XJ
zYGy!4GxO@QXr&=aGF2B|3{^N^QE~T_^*)2-m==vNI{o^!Yhza595Lq8?IS<Swphqf
zM$J4kbd0Lgr@ejDDTDj;IXLy4YjL9YlF#42-s`P$hG#W0x?4|b_i4q8gTK}uQm3Uh
zo>{X-VIWP>VX<?Tf@RFpx7Q6n*u*}ksxrr^F40mhp6~POTk|InHnnbab#j{R;#*`Y
zCEdej*7Dlbh5^z>D%FWbW3vvdS+it-?g(A#O2)yI=CAX5SN9F;@A=}9i_GlslIH0j
zhPAX-dELlaYsqJR+GKBh>z3+R_0X()6%Y1>?D_Ha?7q~NHxIVB?4wXr&!unQwNM+#
zi~N&-v?d!ZEmzqq(w2E!>syai%~-!;MSm5Q4}0>mB3I?ohPf{6Q@vRI%t7~uA79Sl
z_Kz(Y<uY3~NbhLRAqOqkP4=rY>Q3n1XRlIvQBiTUpuloz`1}L%lpNJlY2~AzwO%jX
z*VS;4<=}4Hw{4p{Z=PeCnkyy$^Lp+Xc`9{bcJ|k~Q|eDFTXurdJV!y#ZRpU5)sMO@
z>9=Ri5+s&axMRn)t1slzTz%#@^!IDn?Ygw5pN~(sCv#@IP8sj&s_=Tn`0;kKMr+;A
zojYfnJn(FQzxj!z-F0SV2dPU(o!#z|=h@@v*1=Bx{_2Gr&fIC7xohi!@uLksMtAcb
zr=8z5<DAQo%|Gu}Jg~AnXXhP0dZ~0tmc^JW^|y=^6B8U{C+~@mU4!iZ;!$*uy8qGp
ziM#x*ZoccO^kU)dUbhkqG?Yet>ASC5eVqmU$s>hvqpSULy2bD9;VxGnu=GZkC3!~0
zg(IzxUmnr8_0tjQ8_b4TUAl*bg;7#2eKAWYdvBKE%<DD4LN>qg;ZmyCO}~gkU4v~L
z_oORa^Yec<>eyQMx%cmXY-*anW{oHFP&(fkJluZMvfrCWeKdafO`hERW_#}4^72CD
z+UmhkW`mvkKN%@?QEFPuqpC*=3Jy8D+}tK)+u3^iPxkk}0C*xUp)WFfR6y4r^Jg|a
zGxKLSJ0F>LPx;=FXB0X5#Yw4b_RG?lwja~GEld7dcYEjZ3FZ9`O=2e{t(^X4%8#ZO
zwab=`%etA~W#aKwUuzao<WzT6B!7B&bwNK(hdVY!*{ZKY_LkAdXQWr&RiXeUK9cZZ
z{=JYPJt@u26}tjd_z5KonKE6S&bGWwh4V01A0D|ZP;!!!qA$uEn4R4E-c41t>uR?-
za|WG^?>WqLME%IK$G`5}e&+s(#{R`4s>~D?Ps>Pe@_#$3+TPxNnT9>0R&!VRy~b{C
zK;)z~2Zqfu8eDv-kGzWS0NT2BiE7pR>n{y-Is5ZR#)#z_r?xgWj+-%~F@OAkOP3T6
zEPeRiOz%e1gNWW$2{glE>Cw42FPzV6ag0$u$2rC?=_2*{>1Bn6`b^Hz9peX@j%nyy
z7D#!hGjRIuk%dQ2#5JB%aLCe@m!AM4>y3O*xq>}MzW?~z?O616ZNq)rR}5LS)g`;6
z)NW>Jo^!_g_$Z?#jO%r+btiS7vp#%~rYQCa{gkdIHF4JfdhK4HmbF(~8sB9Pv+8=L
zmQ6_mfq>Q19Xkz+l%%x2R^|5Z8^(_G?&Hu<&7JY#bn2x`6&C9Y3d*C7yn5N+_WNhM
zfZbP2l;kKqlq=26%r34~td>cfGG)zNYIdY-nr&)}UdX9QtAcg!Hr3AsEYg4Az>I;%
zb{u_YIqihNY~A;BMd=49Ab6PB`o7}v$x=6;!iFq$>7v<6Qtm%n?q%o2PFiEEagp+L
ze5E{X$qvUCjYBmYa`=ZH3>`M?{f~fs@o6;%Iy&PbJ<sSrd->9UvNbr$`mll$U-sRe
ziB^=9pQ*NK`(=i94=8k&ib*{^xG73;PTI2N>ZdomZdv%lQ{E=g-|>>nvuDrLwqH8A
zMMi2&)tRLwrXLb&be`tOTmd$@@>KIE3Zl_3O!lc<pJ!d3=fv)nE+0PPOWd-HKc^_s
zDPuLIQjV0LYEjsvI%4pp;^Kum$DRaGC}SKP5*-{yrO{#^q$9n~uMZ!6F`Vk?y6tfK
z?PUKWCU@nE92`B|+-`Z<*@QN}eUtuWJ|(UA^1Q~HTZ2xy43|nXo){FQTUMiXb@+$V
z>J-=U<Hv)-pDJyn^KV41=-PAPabCVG{rKr`H}s`S?EU?nSv{!KVP-qNK2C7?`hEyd
zsEH{llLP|S@bD$)#vC?UQT1f@1LK&fSz666ms0ZJ6srHOiTZ(uuY9M<+6_1)r+R+i
z%R2+4C`R$@=XdvLS`EHnTNKMN(YV<3>3YA7$x+^5KtqtoqY<o~<|Zbt%cLh?mrKhY
zv|KL44_Pz~pr@U$c39baOmUab3894(q*X6UO}(*3SuXD7T8iBc2iKgy$ERECe|+CE
z`)gO#^0H0+6$7c%C}09kBp!HPwmD_ogWh&}vnW%7R+vyO6vo;VsV+YCz->uxuF9Z6
zJ1g{h%%{vK4X|84x^8Ywm7S%H%?PX3uEoWR{pVG_GtJ0wY@VlLTYh$?AAL)diQBy1
zG}@uplbEj;&6*YHd_Zc4k__EUU*C94^My61Xa2lzpAmL$g61W<X%9HN7RXzldGE^1
z<P&*X+r4rX%}Y+FFKNBAUDK-f^2!kDrcrEa5uKh9JY&Gh4414L<0KyU<c4+bw`o6k
z;pIEbe}1dJwJYHIfH`U!{rYOSsZvHvsHsqqbKB&;{%$}{O@po9#nB(`?g<(<j+z)&
zlXh^6-S^MFeZ0S{%2zwF!CcpW8Rx|T*VT^#D}VMXlG;DjZJ-{d?Ae7EQbkh{XXjOR
zKVl8jG~CX~xjk1>&Y$A1O&Qp?LS;UE@V3$Xmh^<VWo0%Ab(Jq)hS#04%^M^;HLFXv
zZeMF3G@PH)J>>GN+1abN=R13?DU&HucAcf>AV-;&6liPf+3$_w8uw)nYWx0B7`?$v
zr{E5tx6Lv`OG~E|U>Ofj>Yp`y>7IP^B^uIGz1-eNAM2r|ayL7=_Ws4spZ5kz4Y~K#
z+~$dNNM)ncu(Fza`)DB{8}qbmPd#y{Gn_KYX-L`!+tC4(w|*4``B6!&F?FNVHFGu<
zT+7?yc>4~WGPq|~HJy`geN|;;Cef1LoVjuZnc(rTi=Lv3P5qiR-WgK-lHqRChr0DW
z@aSFMmXoJ`v^Z(boR18Q?^p2LidGn7l;~D;cVMQJp^K?()2&&DS1f%0=osx(;sM&(
z8BYY^&lGZv)$?cmEHsT+Xl#-AXyK(6CF{aR%e_2%^fYfNJdti}v_9YP?5V_O4%%sg
z@5zhuyz85Oek*;Ml@*qmKXz+;tmo)?!^e*}_3e|^p8eU%!zfLk-}I&If5a-?*e6r5
zC+$d-9ldMulKF39dtI12Jo^5}C0YdzawBBvyQS}s8aY~hnuGDVtOu=M7HzOOsUo}N
z$>w{?GI7o|xw2`V8!T;FYPQ72#y)j6bU1cR_4&XMr2{d~BIE{1P4V|B8TKu&fc>p$
z<DfyOQ`T5lPB!`U+T-1v?jtp{M~yu8`Qx*9^vhrNKPV5q@Z2*e@yp|cLkACK`mbz!
zThV;WrJLuv^6nH1j`fD6w@fW8{JIaBKjjDTpQ~T_YYdN@(7&bbWbaD8S7k)*23`F<
zrb@2+Li(68HM}-Fd=$B&pkT23h^yfaW4C<1PFoy!K<#?ek$dH4meuEti&qqs+SxhC
z4si0&^QydHR7{)s{m28h@<>k3wreNzO1N(|qXP3v6Bg#kMfMnW;`L|N0lA@O3gd#J
zqVDmlSEbqAJKkMNdFHo<#&?H$%vCsfI`qntx^BH~2lWk87=JE*QeV}?_YYriPsJi5
z6Ik9$o?TWM-?e9;{zbjw`3H)3`nJBWZ01v3O3(MxTr8U@d#Ru1!hw4CPb4**DlgYs
z?=hfpW=LY_y^|l5)imb&%vE?@xiM#G-1Ccl4?Squ9Q^)rOH0ehs+5NGZpupLQ7cAD
z%LZBn=I(lTz-iS{xgK3V(SDk9N^-m^m0cPeuO(CkceiHWP<mH>75Z~&{wqV-)-%36
zY^qoJ`JQXqt;hVkekR6iPFOz5{qgy65chrdf(4^e3ODg1?!38^@6mkgb45Uerbpn<
zAFX#lR9E}b+Th@}>(}>uIGyl$L&BLufzxcieSAs#VdADc7LnfTIY>I^PSwvDIS*=A
zeqY*Pd&GCU=hcIH28#8oDyy=LPE=KF+AKr2j(#|I-x<s8x_37ZH$ME-R#rOg$n37g
z>}48@1}!&>XFE7J6zVPi^r>aJW+w1v!dR@)#mr*Lm_CPO%1ScT_bgd>HT>F@8k;D;
zuT4!xv%TFGysEjCcY1n5L4l63h0N6AT2tm$kKB!Hi}7>jtje~vjQx=!@6gv_{(-q!
zSuaytmA}Rtub-<`eE-v{>&urfS4pl><<_cbNttb}DvXs;-OA8OPB}K|dUa{lP)ot0
ziUP~n>P`0DEAs=*-RkWQ{1|miD$*?{jM`P-CTMzQP;z$Sloej#p2NMbxXGv<biM8@
z7yD#Kez}ZNPTs8b?pnI<)}H*ZxPH>SNnUBdJ}nwDvSh8P%amm@PmY#S<dLT27sZPh
z42I#Ero1mJE|(q9THRP;wf5|f#(^io7<(2>ew+J>;;P$CzT{Pndr5t+^Yag}E;7-x
z)V#(on_qDE`x~!2AxVtGYc_otHsSv8E0YhOo#V1%%Kn_COD6;dCV#1&%+((AJYmAt
zhJdq!N5@6Y^dE3MZcmny`sxoWc(D&1TGf^eni^oMl3-T$<JxG=**l`XUtF+r-zk&8
zO2=1ywkN;1zUA>F2kA6EeZk_z%A;bQZnT+Rv^qB3Y{;jK-pu$9%5JR8%nw!a$Y;;#
zY<Bh8@9$Nk=PExmf2=OE;^<AS`?GT@%5-#fo$F<|GgRyJEGv#otC`!gA$;v9L&N6m
zE$Kzt7nGv!8y%be)ibZ)#IeJ}(iJi<<!zYu^_?F_S!z^upFVv`ZN5&)wM|X=tQ)vc
zJ#UMPW=hjDHf8+|vw9V085bS(>Z84F6C=;h-k8^t_d&yc{mrAiSJ(P!dXAZT_25kf
z`-hoZwrn{ftA4ti&oy+L<o{+?mxQ0qrFXQW6)xTT;TTyYwM0X8+#c?k(XV!HzkTVP
z^4YwZr5kOYvkhgpHJAs<9?$(Oh_!x`ONptx`RVp}b=u5SYW_qwhoABXucW8?A35{o
z;mZKpFnzXx%9=hwoEbBIBvhr2oc@Ike7UEMTlKYrcSoO%Klzw>D2YE|{!NOilbnzL
zm)5H6<_|wN?k#9k%3M~Gpx1Mh!x{zeiWXoR-wxqseGQrw(wh3{XtYe%9>7bwV^I64
zyZ$MAM}?H{EsbNh#Qyl!+_L_LO)t-!l}j`}o$L0X)cVjOzWe;jx&it!>xLH3=Fj1u
z;JtDjzp6)LW@_1>g68IC;0@;GSsy+w$D7wjee6)Hcs(ntN0)<lJS>wxx6mPXM)JqK
z!Cvuo?7YMF%bdJl^_on5j@X6nRy8Xx<X67{E&2C<E7O{M%kZJbh!OE`%e9MkD@y6B
zrg`%Q(NkMKueFGNxXoidl}gP~mfm-F5N}G9qo&8(xNl8|9Or%UuCR1?T4K~^RIx*C
zdC#Huzc<y>fG^=vV{N<tL*1Y|E@vJ-=@sLmOJ`RW#_rs?(<;7}lB?@EWS3So@cNpb
zUGUNminq(B(k&e3UtVYZJ|lT{n!@=t8+=-C=l45!P_eP@v2%?z<>`=Cxy=tBK0J8P
z<o#JG=JLw(?$>(_c;n(75D;<f(WTQnk_D~z_g$Q$|J-&}#Kz`NwGUEeyDN>)Gn+a+
zy2s*a6eZu$TzAj9A3)trspB<FtCudiwo-S|*cW%a?1mLqa%H5`R-5m5)!3Y$uE;&`
zpnRon_UZcK&2Qfpd{J}kS3Yk}TykTDvEeDBDNcol-(5%<A!Err9eQEz_|*odo1SNG
zuu9;pssXJeZcT3;_@O##-IT~lfq`GYJaW0a*Cy&fIYr56Ri9Z$Jx${ZN007S+@CT%
zCgy&gv*T+0Av-S_%J;c^^ZQiVw>Y3Os!KLZuRC5HMyK1X;uXG^Ez3|k*W6Ie=kb^~
z*LCqs*hI_SGl@Fu!@^AcY4@1>f>sCn3HnheJ=9Dq4rl~Y)lz#8?b5xLqR_A3@tDvS
z)6yObGQ0CbzRi+;U~PVPLjPCGy=;$vIMcdp*|Jl?TklB8UMVf59b$R}20m2Jw(fgn
zjamF1`njkhGaD=N8{f^e7Su$gp6)`Sgj3uuER8RDJmkcskR1~Sju|jAX8q00Kxl2h
z+<)BL_I^Olvhv7%m*$;*7VOJAob+Z-?yAtU`tq9&jCFIn`nF;holYO9H%Xyy-@aGw
zzVz%`?>b>Aqjck`$0r+1Ou7C0`^n4?Dsr0bld?`wo3+8X+C?dO?%v=FE{kg|l6beb
zy1CWYFWy?SZAZ7N>-{TDR>(Yf|8PBJmbOuGMFohF_j!7G<yt2le4^D`qn`skDE8Rm
zRTpyB2QA$YENBt1JWFoQn)UFY$*xOb0sWm5G?k@`4(iRBt(2EH>&1%;K0bAWjgaJz
zPxoqTFJ&Iu9Z)1aa8ya+AobZG^c$$C*lUo9Q}$uSEoT<VKXs6q5Pm+~<jqazn^Swm
zJPcG`I$n0Eaft7oNxt-5J6UYDpL0HSa`A}e<vW*a>)lXN=I}zJV-s=<&5umB-WA7t
zb2}ey8w%JL(tV%-du?&jBl%6+(>J~gI>mI>?iZ1q@A$d<@n`qO47lyi?)uPUTi%7&
zo-PwsWOVCY_wdNHZ%y@gws}m;zY&{mamF`<f8#`1T-BLWZEfwmPpfF}UGJ^m;uXWB
zL_J=(@>$)dxUg<!md6un2EH(e5`=_2+3YxPW8(7#QZii+7d?0yu{ipqv~|fmpO*T|
zD%G!F19va(bImRNyZ1S|H7|pfH*A$t_4gk#c(8+`W9r8KQK}%gsL_lEMSuf4Z{EDp
zT)VSD$2jZidPHCI)>qyday>lj0o&rxgWWWR=)8tP$03<WcE5gs7x#w(3j3S^LekQb
z{C?llECb}R+wn)18rho?^8Nk%QtB@aT(oG>_*HsR8_K$SXGDJ4^(eGUVrBZ{{P)pe
z#ww0cv*c!9yLPRYvUTF~iwg=13$=Z>X$&9!xL4N6qW8g4Ew{S&y4_zRea`OPyH#d>
zi@ml&`|-(y1ml4ZQ$8i1%FHppxp=@9OWw;Xudc7oO?)mNo3kTz)r)AFlyddH14%%u
z1H-pB<n-VH1Iz_AWk93{EgF0J>FqLEeYLq(0~&1`ii^i?xwWI`Hn`7F?fOAQe)PNn
zWiw<yrf)cS@ZgObH!=qr8ibs>KYVNTQg*WSlXY&s8IC^-L-fbWRg{-cIU&%tvO0P2
z;HT#5+=S6*9&wiK&yatbmq-CV!)%3{t4c~s?P8xhjT<-a9^m)$=gmIbXKr0yT>j`7
z*Dj?gCNeTITiK>-&%x!#xU|^Ou1Lt|M^eX9dw=Yjyxe2SxqRDgk2z<PK}3FM`{?R}
zdZlZOx6J(cW1V+YWMq-j^@Fv0uNM>q`uqC_1qB5M2YY+R+zU=vG<3Aj1r~t#;mPUg
zU+eUp7TM0aKX~#zp0!|;-0h4Ir?kbF-@SV`e%!ddQ;sjo$<gb<vQPV3HS_HL{obzG
zn>KB7&Q$EurOSeR-zig0MOElLTVSHp<IS5l5BunU*EP%7Mc=c;Y7Qm&qhf9O&qQF>
zfcJLt@m?*eL*$hus)Jn~z5nv*)2FhsvQ3+iJtdiUGoF;akC9QRbC(|DJ2>+Bqj@sD
z)-AhcJhFOjN`$4Itl+-#(;?OinKm_s!*A~@Xi;gL-nd~wY9T$K=%-4gf7ElYvg9T^
zDW#%;@fV66C=`mdz<H8@j%8AzAa2p{CiDp573X0|@PHoT63OKYumjMDRyZS`MQ7N=
zaH4sk3EI?_OvMJc7uU_%(`m26)LH-J{@)Jwf0NF({<|=KvH#oHsQvzL@c7UE?|<U+
zC;!8r{11QfKm5u6@ZZb-fO8L#@!^+Ac>kn-{gW@^e=7ZJo1}l@JPRR+^X-2o4J;LA
z1`x|g@tYZ8-2_<9)^;iUl0hMOdpDLaf|O7ce}UqG9leH!pW)HwNO%k%p3oQNiX{@x
zG7@3(0~9NGXrGjSHU>|WDauF75+$UK<Hx}ZOVImtKp`|`Ae9-%!7^XKqy+ISJgZ|z
z*&A`%;SR5%xq%Vc_f<DHumJLH=p~*@0H-RJp2CfTFoCMmLovd$=kmFt+_{kQFoz_5
z#2dWD0H7Hmz(@f>5D-aWiL3=!2|a}Rt3(A7(n^Yy8pKbe*xDv7p`&>q06)MA0)q4~
z3o4f<`elrE5Y1ge4+WfnW|BbIp`3^~80ip69N-W|q8HBdah8IKEnrardT~3EHkKL<
zJZ|iCJgPGp@cJ2;M3S9^pNuA9$YnCo?2?EFIb|vs2L_-gmY4!&PmSY=@*U_=tzlLO
zTOzM2`a_SJ5XquP5~(i$bZF8rcH_sf1Xv0SvQ7tOm@xMyFOI`uMc{41#I1OXSPBlD
z@!)VrGZ0a#6qpBP8q9hth~yKj3PqB~0i%vlj0GtP6Qr<U-Ux0CR*gtw0;?NPy*Lb*
z3xmspxdKSdW0^h}Z8Gr+$AsuDo-YMUB0**_5$XADlMRS#Dzc5kG!@y-5&T3->4A4B
zoX8a{A~>4-03~=R63*fQ0|Pt}B74a138t}_V8(<q^<#huftiKrkkUZ^qZCJlQpn0!
zR#F@fyhp$1LK|Y~YoIFw|JOH%DR^N<YBrxMQebT}FC+dORwDW+Iy4F4Fo^sUn8Wth
z)hJ?QU~Fn&Y9TyJFA*r7q8U>`9p-7q6H@RIyltu$#@ET<yD_}|9cONB14IHlkUSQM
z49ROD@-?^5&rIBQglGwGp(4c#<P5)lP%jdi8@*6T?CLNm7(9j`j)y+xFcL(sP{j{(
zU~^Cf1^bJ(%HZ+PWHiEh92OhX9~}H$G=tAa(`Wm0P<h3u0hB5PPpA$^QZ%Co5GD*;
zOc#KE@FGyTgPsBL)`OXq1VnBgKD-2u2h~h8o~K3)T3oe`5=)b>h7u7B3DOgpbAE8}
zUn8Id;{C4@EexjOfo+NRRG2IX_AQ>p69_#5eiC26h=$j=f!0u(zzRVAlTbay107-D
z{*M9LFjQ~QB?81i9gidsGjpe*aVkvGgcDN$zQN>498}xrVHRD8P6QXo7f^3;K=|Te
z2CujnjIx4A;HgGLqRtSkNEk6LP)}NFhHBbkz=R$cMoBcoI~WyU0m8|0p+~e$MgeAh
zLKE{aqVeoOC_JEsP*KEQ#l|uC0=)ZTv}FkCBpM>bnh|X)VnS;}@Dp|fW`)PxFqDH(
z`iP3**`k5}!$Hss-XMVRI3AH<3idZH26ZuU#}s;4JS-m%4-8KX%*ul$z9K9r=G3Ao
zv#?yqP``$Tu^DLNXqGWi(_~!uu*X1KbtrtIYw8fK-;*)4FghA&$02bsCk@xCxH#hs
z-zi)?Q&UH9eF)(Nofa@qrV*im`j_Im5v53*>lV?*L>Z6BNyX9B-U1fTH7qoX7#(#E
zEUE3HJ~U!NdqZd^ymOXVKBYK<w*fO?;vyj$#oaSP0BL+yvUoEj;e_wVw;)1?AuLG%
zBVEbu0-|)%GWqTAv@MDovC)IyIvBx!$I7A5(P3n@jl}TV9+BVSur^{WG$7Cs!Fi$m
zFbR84OiZ=~jb_2aL|5px2~`(Dc=MWunk4XIrh#eMk!AROtAMup3wtVYaL}<q<6JF_
z-;MPU0|SGO1uYcSuOcQV5DTRPokZ3~m<hld1&$XUV8k%!EM^k;6)GSiY!Y2yN`F+?
zuxfhvaNz79l3`p63e_2$UWP#;kB_#f2NfVR%q%9JXA=7P@C`Ojp@L9RT?{1_mV*)i
zH9!JjCO}Nag*n}X{b1qoK1`{{42@$GuLv~*=!2UappZENc-<)ns96xPfM7+7&%o0o
zYPVs=(D+ag3`4DiLxRq08x12b5@UFws8DiIpeVqENG_X!8$P&hBS2H*VHb|j@#|h<
zxO^;KCE^7%8z-DFOt5Ph7=q4d7ouYXNjSX?M1n7d3R@B?<W5gx#l#Rs4TlKdXzPi2
zQCu-}FponXRS0-ECr)t5*jTe{IdRcpaNZ0&5=Tp%Z-DtjIThxUL~9Uf1~En=aD(Lm
z098P$zjhd$HYiF|gl&bKd@m51V-e#}EWaMgIRqU!1RaUUR4C9L8D&&@0Z&asw1N^M
zq4^Gm?l70h<TC^vdcwX80TxL|z%N1tM=%CVN*KzI<B=ocFh&H6gVKVe67>jCCu(9c
zk6pV==wJ*Nq55LS!Et~tCrR+I*(YLjuzFZ`gjz9_kK1NGNhsvSZJP*=B?bYeA0$vS
zLbN1yLfZ<Tz-(iG<9O}bYAZpKYXSyoSChmvR+5;86lL(^=yYIz^+alq=p17jK}E8F
z0*{yQ=OqjvVX`sB-}!K&KD4-}%!D~z_1c6xdiW?30S~SmgsO}X)A&$!9LnR8Mif#7
z=X*d_HPJY8!bw%cnFmxc5`y8O^G}!@(a|{zp-Dm|0{V*WsYMK78+s919*93D0$vXV
zfv^Nt9k;Fq@KO_k;1hx*WH($gBoZ3YA_tsC+EyqyVrok=IKV-_0S@Ogk${o`!TYpO
zHv#x{ohp=n&B>SSfeC#-p%2yxU}zNnMlT<=K0=<yf-i}lykw>VQIUX$uQ~{oy2Ojk
zA;Y4;SlApZ))Dlkap+7Ts7gR@qQ-(SFu+&`0Kwwn9ZGCAg7uv&j^g(>{h!W;Nt)M0
zlVKVg|LR_!KdCVPeEyD4`~6=)1PuRP7;u-@NOSWJ_J5(DHv7NKOiWEFi22`(hUCxx
z@%>+t#~=G@K>vGSbiV)3)YQn-qRsf5k2E&=v;Xg(_!#O?iPa(fUu?YtUc~R*@(6q%
z`#9ik@+`#?_frv327N8MHYt66o2vq;2$mokXF<#!8nv~DCYEO6_D}}^R>v2(5Nq6L
zkF*tg77iEM$j{W^LKwOPXAr4IdW-`Xe-;{-h}MS>nTRU39t)g7Eq8x=+C*m`UpFsL
zny0^qHj<Kpw0VYDBj!fNq}J%dHAS>R;6bsNpaWQ&NT8edST}cPS9?z<cW3BRsj&e*
zW5Fn>k;}Mw`Z@b}+Pjm>q9xrp*jlrA4S*A<MDwtpM01|x=j;iQ^F>Tes8qNcjYS6|
z4uZcpK5(7*Fu>6QWT3$fY79ijT@QWB(!=~lbRq%K5l(j^(}C*;sG`Nfz9Mk^Xt1p?
zE|<*+<!FHhjPXbS^I{QW_$w9sWw3!eE?x`pjg~uJ95yQigirYr<(Sw&!`9V?^DU9#
zd^J7c#HSv*&PfAB&_GTL{RO^qxLWAH+S)h-h(M<etNnIU!VaKQF0gw0qGD7q#i)=f
z9E3nPMow-%Iy!*AW3YIt{Xj6$#Se_wq#8`b2GJ7z)&>>bX{fUs2WJH#K3GjXaUMf)
zLJ5u7*dU(%?(W(MS{Lr!KzmH8sTLL*E>sI@XjQy3Oe;wp0sZ(Fx`B6I1XzfpjtEJD
z=I%5hmTI8_0i4w%u2~7iLbwhv)@hG2qzXoS7A{7=jXhpfGz!>*UkpQgG5(JY2Z|5q
z+P~AYHiY?S1_;<G03MsU<}pGAgqgw@viW)-97_mI;$v^ofPE^~tR}e}Yy{ug1A}(q
zT{m>$s<9P%Q3#7ETBis_q8ZU})dTGT8a%^huq7jGA`@P^gwG8aKugqKltH}Sp4RR7
zK1PE4(m++XiG^SsIK9DTiV9)+L<g-3Np6K8hC1Xvlcx6ANg}EMH1Uy%U<lxrcXZJZ
zLTIlUAR7EOrSwh6!xYn@90Bw@=C<}679&Y`I->zv>OVq+4&?H;i9t52&<J2lgzdXe
zwy2<-aNW)Z5$O$)Il`={p$@qgx*moX=f(&`g-w9C@qj!*@2EYe;Y^8JT8w(Axe90T
zP;9kG=;+}yd8mNLh)H<Iwp)@p#kL)yJJTRR&_S9yoUaLutO%UAl{6uI1(ENN+K#^X
zyj~{~hU+gvZ5azYB<wZXh89yBcF#!EH=VXZDd3X%(O6r^cYy7pL*X4%=w1;%rrR(+
z>%=J{+@Ow18IjqmUFVq{vX-dlagw?&$(QSZ?M(g(+nI{kPF%WK9GvgOEeL2EG9dOA
z9SiszW5GBk*`p)zASkWf#-F50;=;ekgJKLQVn56Vk(4`Gs((kZ0d!FW$pnNOR7`>-
z`sKRD!4Lt$?F5MPX#zwCt~%PF)!H@opVJ$ijv5>b*mD-2%q$|&0Rkbi$=Jpe(b_b&
zA{I(4_3!{@a7rIt^Vb4CG=s;YhqASSY+zU1k>m)VgR9>*x&~dB5wR@xf)|<qbT$jq
z)fh1d?06vl45ec`tq6?p6+6l3;(;*<7rY4(P$<u0v=LegGHLLLDq0WWh|r1TCcydN
zB+_=L1n7wfmlN#>$Q)wmfbHTCu!SKL2eFkL@nJ$UT@>(;eKP@<+Xgyc1X&FyXetH;
zE(>U}01`%^5AZ)Lgara!4){-3w;dEX1QGZUfDvHn65*g^7ScD?CW1Yp5tKYwXfDKw
z4`O&$j2gj0Lag<Wus8v+&lR37fM;9~H3PITPCqi!kaUBAnh-JUJs58WPe3yBqE|qe
z=%E5J+M@v_6zk|<Y<z&N5bKtxg=k$};zueu{^Z7x!)5H1s7WIn5LsP9B}4;7Xe_Q4
zNm+tF78Yjc{!v18k}S=1iOp!WRko>wl>hS@w~eZWhc$oULH|YoZ2Wt%Z<{`$lN22U
zH)v5dy5z;iIx8ulX=mTbH6+G961^OPn<RRYP^*W<F_}T8CaC%7IHnf)K5aV$ny1Gk
zX~AZMU1`$;ehk1sz$D5Hj{&17$t&uR8-!chw1)Gw)$~xDJ9lxI|3b$*4_g1b6d-mS
z{$)x)9*CfKE(V>AwJO2mP@A$MI9znWmn+-~O=w4<M~w>rj*pQfeBhR!Uxl~Mo_;!T
z#~9%$xA#u5$KW~o>lZFJd=eLf+In>IK?|of>}4EDl7(>~jO5u6(ImXPb|ec<Hi42$
zt6};b>p(KmX%I31Xd*`leNAR15!I*?-4+S<r_Bad09eATB0P?68&0Fc5_kdN--zN-
z(_gg?Y$OeYu#w#G&H=#Ue+fXl9k`ve&lk}Cat8=&L2g#`8b=#5Cz4z3G?2nKVt35O
zh>oN{3TFu5Afqh76hoe*=Os_AV4e|t50?#moL$^}{d^|7c{({y5^IPKSuu`>!X=9x
z;dOS@t<bo{Uj)YxDWYc`=t<BHcN(;=SbQcPC=-&$ou*BWm$7Dl5iv^+nZq&Z#Jj|u
zCcz+d*d<~bM!1v#Aqt5ABu@{MPzh~zqFFI(@;k=lcU3GIrA}2Ws`D8FIzlEZ@Wq6t
zk4~zN4-jMytr2wLWEm`{je0-CpdogMv)5R}5;*Z3fi|5C6&BXPBXPKkQVWY0ft+FU
z!>~;~GV8#Vk<e%iBUk{yWdTu>7sUuzZ~!an8{-jzJm!JY35^Q7sD-y=MU|I_<b)Uk
zZ0XwYOg!F0%uvY7gQ7vKU>iD7R!egVM-wXz2%nOIfCoJMfsP?;fe0ngn!38dHn0Y)
zE*}P<PJ`c4sqhchG(b#qijgMl2o4%N$L9jz{&jo<tMDu}rr!AN#*WFShXOBKZ1mc!
zq~ROF;ofwVh=zuUpO=$YCtLv`((tXlZKm+WxCG^3_}&vM8!k5Kg`uX!#B`6RzlVdf
z56#!n-ct`55sos7aoZ(5krEH@Y(-CqH`*EOtU26o3AzEN6-Yf1Fn}QdJo@Wy0J1}>
zKmn51is!NbhL98RuguPrAWAN5!}f0w%bn&B2M-@3VOGQg=$XL-xUl0R!qA?h+-+q=
z5C}3iO@Od5qF@6XLj>u-B*uiHZEE4Q$)kV@SqwS|0JQ(uv2g7;(3uccOr1<e2>=LX
zCkkP)wndr_wvA1?pxP0GC@N0q2-GqPc)*n6Q7K{z)i_oYhD%67Bm+IZg$^7%-z<oP
z&Nto?7L>9<=kQiyNL`8vV(S|RLp2D+OPh=-aG4;L0GhysBQ3v*&qs)rLiC|_MKKHK
zq7fvqiawRWWo!Psq%gL^XMsRBL*Y_RC^`ux-gqiie34ejP-x<x&Nxbs;0g}LCHOB$
zGb_=2PaHi`s6<eZL?s?pNPGuBA78LyCy{FWHq%1TVBFep8U{zeOA_LN?l?s;6YVNR
zA%Rht{#Q601!xNifP=<+PCB=OL_-^io)iq_Pa}*!0{SnU5Jv4;Oj~mXTZBR)oaqy1
z9u5zG!$I_Igw*5<;1<=$(0GQhvr~cLz(|WiPKD=rU_1j6H$p~?KryjF!Qo65#{sPn
zJCf<#IOreopm36g<M)`6kVy_|mZ9D1KswtnU<3_2*wh*GVT-vuz5w5%0e*5qc@cbk
zY6_?w0i12phC)WTdH5E6;wOi&7kEX~b-+{+FoED%9D4dzsFU#O0D@5EqHDy$k+8uq
z(#0hY9Rf@g5q#$fHU@+t!POoIy1wwJ2~bY_m{2;l_a5#o#%l3}o9nTiI-2}8B2S(b
z2aQ0a&@Smh%je<d>Fa0jIG#KQD(o9EBPi;cG4=p80Ky(wVeRSbLxv%!h;V?bBUEq1
zR41IuLJ>gKJ4C<_v%T7+=}y9)K(8D7j(gG~3(O%+CyKDsVhcSy!nR^VfLM~$7Wzn}
zhDDQ*VhUM&ks(IHoF*9uVwVC+X81A&(jq3vC>Ua-siO&s0}``1=w@pCs4;oMm7l;8
z0Br+oh;cBP76^8NM3b#)iOmB;OHP`|{SD3|KDevbw&hT~Wi$+F({eka&Cnu7#7JA4
zWI^CmJ5;AMKe9TJgrYIJR*3IfARf0V-40Xy?1^O?<WT8pw?TwVXw1JP6FOCF&{J`N
zgZ!zAV<YDG3FoBozD9H7VHOy^Kul)a%?6{T;cx7`B7VSLDBn2hKs)0S)IK6>uj9mm
zJWL5f+$2S=SY#}D!m7P52qy>dg3zHv<1_rshJ>wf;fdH6RH2K!?Di3VC;JF~H}V&*
zX#uEWFGy>|7#<`eV+gG)W^PcPh6j}3Rvi{Uk|A;$I-FU6J=a4_B}K^+h=LJ7;_Ly*
zsl*OB3pCMO4H#pR_Gq9e35kx+)px%1-N|4|n%(&2yhOWcMHA7q;(usX5qFZrHI}wm
zOhqz-FdoJs2yF?M#0Bj-V5+T6m}@*MEwEYGiY!Kb@n8a-FT;f0NT@B^v0+DKf*-M2
z4U)^l5{L&6qPVubZw+`1JNDUrM2Q&+)F{ESa1lEQhU(LOot?+ie4YLD5cHd)zYqS+
z+0!Z2s%>4&pkd!(8*t8$k2QpzeuI;xaXk1RJe-D28Kqja=c$fn%-CG?SR6dzM_OZt
zPw_1hkiP%&R$_ccPUw82nL#j<EO|K}_66ueVNVG)B5tlhgCK0vH^%A^)&o|8tg4Q$
ze~5!dD`S?N3``srzQq~A>S5a&;K@HGahw+`9>k3a7R@HcfX*6;O{9y@=@}6dd6<WY
z9@j*9OwyKO@g2DW2Ai$LY_l2HxGgVY+=2Fz$B00%<z$RUK*{N9a4i$tw}h^prs|<j
zQGUlCqu=r8(CNb;!>{0}p&@*ZP6~n-EG{<xj29<%mXH9zpV(X2Z=5Hosa72!%#?^O
z^LLOXkYbAAM59H}@xl>w;WNS;Bsz!x{7aa&K^4vHphq|WZEz(ffAPnVk+7%m8~zZr
zA=p#&t9S>{sa{F=lNK7`_~@XdU<3Za-l1RddI>yW=CQ}<*Hk@}_u6$B-@Izi=Ywd1
zPuf@l%mI3~HHJ7BiN+=59i*rm0)&GG)3vnMhVpG34g@tdG)FJ*$v$o_u6|HvC6^%`
z#&GQTFov)`v50~QS5Z0u?d0t1=;P+?2b5LEz&k%@^4Edl+OcDR?$`+zV*?Wd(@vUC
z6?gwIBZ+2%mSBfa&gC!?I@>x++Wmx{*cFyV14r`yWlU`mUIn%=#~1g}$lC>IG}P>>
zNp=$9HWiWMEdnZR4%-by^c!1&AxatGZ39VcU(+4c96(aFa1Pf)RSag!Iw6WA7r0Z}
z5GGYJk;LErPf<%mF2HU0{wy?SC<j%B=tdqW3X(QC2>G$i;<2bJ#v-du0u4O~0LR_U
z!PDNuSr0d3gr7pF7x6_X)YJZNpHBPp`A>g3J^vZ`_rU1<{HGB-`PuILr_sni=Rg06
z&;Re|KO@oepJw>+Pg6q^Q}ET&%*@i<6rqRmfaeIT0Qm$c6KG>5UYiyvJo_koAb!dd
z9=;S-5^3YMM<&4|d8kCuS8dK}iYr%nbUW(rD|TQt@dp1p<KJHXiB!vfAB<nfKahL#
zw(@UmWcEk?|A~(}CT+x^cW~O;%+l0C?6fu2&ju<6>O>pNsir!5d5(2+u|W(BvBcX{
zDj{YXTG%^n@QBHXMbtFf&2p$AYUV~pYM>DhZ+kzQmknA8{qE%Eqisk!EX}3j;^*t*
z=xc-E#!AD_fKK&t7$^3GD{93H0H*?%#}a)F5Ws{LJQe?K397(mw5jqiAw5rkc-T97
z`A!01jkmkkWDjRgKboJtkBhUPjhe9$h$XBb3=lwpf5*DpyZFLypfQ>k8Ubk|`rI}U
z2>^&b8%{$|sU7#!vSTXHsqz?HeL4v=0H!gfvr1Gv|8+Yu$VX2LXYmmI7z7&}@B-GR
z%F|=o<1bzyT>Oa@!sa0QOhliLkSqBa@VQhf9ZphOQssHku!x3x2ekR)cK&mp_WIw)
z+1|;+`R|1BEC0{Lv|aueQ{zAW-#_vpZdyRkIfL)*Zw~n@w}nu>;r1B@0@HwobLo7z
zp$6V3C%PaA?veNnFY=EH_=i62<sY-(e<zGz`G4l7BiqWqh1s9`|NfDWIzqnFLzv>3
z#o$xb5nnWcz9wIEWeF(<v{nL|AOXK@LR11?N+G;pM4Kw|4Qvp@I6lvi&83I34MBOx
zaPYbvF+g#l?Lk1b)M@)|8wVrBW00DM4G8bP5H^oib@Ox-tBMzcmCZrTK>PrqgxZ0D
z(9!FlK8WfNFJB~_0iwQe21h^@IfXXBH-h+uBkFLX)1AeMOQfocy$_2+m&5hrIK;wW
zcoHWxnnkDKdF|1f9-(vqViFbaAaUIXu_IV?nwHN1G7Z{bMX>NYh{SH>!DvYG$88Yc
zjZ<;2%m#Db3^XQEMSdml^9^v<63!Pv6dci;U&vg<iU&*-VDAHa<Yj{B2f(db`b=*(
zNAMl~jEI2YyMUpOPdVxb&_nqG{ZKY50{)0*@!{Pj`oKB}xNyCU4<2&RTMP8D%XHua
zK+AA$0{DV1!RX^hrKw<CKro>1hB>F;mp1xCIB3{UlBZ0?yl5DDK%Aj73flnB!2n0l
z(LSP~5~d%~K*{2langTVynp#=um9nOG5+700q|eQ|7T%j@hAV^Kk?~k{PF2G@b}+`
z(YgIMHXdozHvgZ6g_-Fe`~OdTyvNJP_6PsVQM9)_FnX~q&npG|$_0PBg1=ZSIBbzs
zuk%I<PSeL9zmQW@H(I8P`G#}L!-vydo-C5f+1T@@^_%w*+hQI!1Y68k+j8yT!}Ss8
zZ4#B%kK@`VWm((aU)klZ@tW?;oqjtSpZTO5P@w&6{2EI=c5V0UWm@0gbcr`{)3tsc
zwQr&A{&mr-SG?W$-OTc}tzz-m@xDz`BK)iYeubG;A(c`T%2OHmghC;vt@ij#;I21P
zm=Ut|+q~t=<{2#*yYBF6S8MN89`0s-s=logj~9D;6^}hSdHIi)$5N~sOO~OdbZx`e
z)US`575CdDZ{A=w*iv)clEL4WQ*I8H+9o|*MgNfIj;(z;w%2dJoA>^^>MY%esZuKs
zEOC20Ed5R2!7r>+%0IbYxzr_aqc_8;%4p-j7`t3m>ArUk@0fP(@WvjAGDphJn-~_^
z7-z=cc;R)<203KCS@UY?;;x3x?^SOm^qH;xt!h=spe-TX_ZtrRS(UB`JH5vz@blE&
z8cPKML!awSNA?)Lv7HrHT^l&4q<rv^5os#*)5l!iw$kg>D?^{NnO|S(|CD_;?Df3;
zCp`L1xpQ>yo*f6wHxD>-Xs~0>Xcd#;(;k}L9=-G3{v*XhW=74qut~8b)1-gm<%zzO
zR=;%-Q>=p)_>=^_{LC2MWrU|DGyipgZkM$`{vUhK0np^}z2GAGx$747GY)2USORKD
z0t5m<!c;V70g;fzBp`~jZgEttTTyWj+@r2K>ef1n)v8sixUH?$z5m~R-<KT{P@vj>
z&eD9}eed4AdpF+QyL<0K7IhYGdDSLtmd`&e|5)V79A5v>scSD>!p7{m5v*u4Bzj%s
z-aW^fKcDW_|Mc73cRN-N+)|+0-gxqagY1*P299%)dA~^Le0T#zJM8`YJ#^h=$%M9w
zjUin*zl^)>&0Y2T5|^#JCiSebWaR%IooXG%Srp%3#@4y}<G$aak`L$o>eeCS{NdxT
zDG7UN$=}|uPatmJ{-&V5>-##!7ND9ml1e`|yHR$-8Z~MKqAdU$rzF3&c`vvU{vv}m
z<D=-|{92b<Zd`J){mtnOViwF=&7$@A>+-FZ5yyPiv1T!*yN7wc+;RQwZ+#w}*i60u
ztlONX%dYNFU4NPXcI(i0nLD1o>bbIG?DD4MU;gYem9%nsVC+fH?+8)sdc$Xg{lz<(
zT5rVesqI6DJ)7-`yZM?u@$UlK)afS|-q#LPH;HJm?ZDjjN9BJs*#6^?37h-8+eXj6
zRQlw1Rm*307vVP0TQA#kioE0Fu9B6wIrENDqL$?ifA-?nbD6K6-gt8IT-<)XPn`uD
zic+?_FJ4-@<;L+RH;&cma(3ym?+4vH+W&ZI1n2&!gdU#DkKH-Un0+{eG^XyMDST1X
z#M7&yxAaV|C6E7}Fz3zAd!t7{Pck+WmF>GXA>hZfSe?;9?I+$HS(5T*LS4@{k6g~&
z-n`)MgnK0q+kTinpu<C-8J;h~2jd6<Z=b}~Znb%rdg_H4H|OTXZ`~Ef8d%#~To0n1
zDfxYAKproC>aZPG1~=>^_Iq&Q&9Qndo?aSrYQTHKI-e;+iBp23z5Zs-D4iYQ(eJoy
zUI%{6M3;s9TN$16v$&oOMknvxA-bLE&XcMA7QI?NHQ~uG>$8%0t&XR;yN@p&xU^^Q
zv*Paiq^FCQ7yoZKVMI`qK?N7R3lAP>k~?Dl22uF&#h3RMZ52%G&!Dt!Bknyc^+alt
zE1p_c@|4qP<(Rbayp_{5-#5x4#K&&!_D%on<xSfC5aChK_ubtGW5>JJ`PgW<-|KfC
z+m;u7xW1Csm`NJB>DKh-<5w@@iBolB+6&(X)IM{<HEy`{_xb+rqMhG~=0#6Sr!g6~
zo4Vmn>}>zdtsYI~E#{6KFk)h(UwNm0c^BTOeV+wT$mkY#W^8S`sb2I!PmkaQ1Dl72
zPP<s35$eXTJFxfY#^$wVWeL2C$h7)CP%~ZEt<4X2ZzSF!(M}m%=V{1nZma7Fo0(BF
zXOUz<GkVM%eqdL&TiZx(&ze`RX?3%T|DpUL-dWo}rO$<1No%FdxZ%?&vtIu>YV^%z
zvQzGv^vRly0$Pm+d+PcoE?Is;?2Y?7_fOdto%oNEb?X+t+}}+5*l+#R=EeNfHK$8_
zxly_qo*vUf3zn_Fm)aQ8vi28Gs9A7npI4i@_d^Q5i=HNpl(%2hbpD*BYl&Gwxl{Z8
z?K|ORR?@1&F>Crh8tHxEexr*U^5{(<-@d<v$L9ObU%2b~tkv0T-f!O&NjWxmk&rrS
z*nyF8sei1Yojjiy?UFy`z8{W|rp%ey^v+~)rgziXb8cN5#nW7;aRc1g6X5^9hH`1K
zg&tS`s5k#^$ku4im2NJ39<}5PJM^cVtJ`{2*1}oY^W5(&s}o#nU9$!wbqCiKBtolO
z&MxZMefB!{CIce&zbzC$aC!4a(&1J+;*xvQcCXr4|4?pQ^?2`r0;t)=o<Yl>oys~J
z^O!hEv$&z_&d6`vuD3gXlQz}0yK<D|SgTq&N2iYH(ros_0e5G#KeJr6CS=Cji;Yfq
zY)~5IJN8go`lj~B4t9BXbL_Qw@+s2^^M068tWIe&L$F&+TYYHe^sXCz-bL7SeBO$S
zjbf*_NeEpqd?};x#gx5G=hiEtOrO!dUhN4<9?O0>bhaPm+|Jos<D`c?&qon1JxHFj
z<U-U9--)HiJjT*pyccnBDSnE26Ge*0B_5RfbxZn(^80K0wRFR0_HOus`ucaje;zRE
zZlBC?ndfmR#eZnw!Qwq`UGgF59lg=CSM6$bE-EJ8e!62GWBL8)<?=Y)R$1)kpI_{{
zs+vz<bD(tB9QTyckY9F;jm!UI)P?aH(y?z&cWYj2f6aQQ4vzA8)aufPPIYJW&JWN1
zA?HdRBCSW?v4yo>Z_mAV=wXrT>S1#h*6cR!+NBG#2JPO`dG_+T&1k2jV^(Br6(7x*
zq?6QW9kDutlkw{1)q&S@2ke~q>k;>#(xTR%o!KY$dr7k+-+FJ`@?*yKA8U&qkKcGN
zZAR9S)|v;|^h?*m{CBP;Tp3PYeLkK$XvWq2A5)g*pA~Ky5SKCeP3XzfBWt-wH1d8o
zXRb2jE%Ac?i+OiO-Q3)tpP#55Ir+mNYQvuzzRkZos!oU0KDf1RY5nSNciY^iA+^<t
z=6UBDtXf<sU3_W98}-f!nWx9RT$cG$|3kVBjSfCuE8Y0!?8oj<y>5d&Zmu2u?W_T<
zelP9fQ~!@Pk7~9oDmq!~3hu<b0nBFePfcUxk0-3%G1}L2M3=SEOh}nGq>f+T_y=1?
zvjQ(Z>hGR$?|q>bH{}%Fd)%rerSeN1_i0bw{W+-h6#_Lre`(8)2S@|{oW-Z-MMn&}
zQ(BPTE;f1NlEOoeaQin=qsLzE_Q0=jdn=Dar#GiH-}tiSmQIc0IFyo8V}9Pgh=0T-
z%(KR-+G{26KkU7?WPhtO(x4cRwF7%R9`}gCzmT!S^Jv2iW=88aD!*d4y9rxsJsNs0
z^VGFXCw}0peDeG1dbMI(NC`_$j-J_Jmah1R^Q;l)cK`I`_~VsJOSa6oK4prq!SI}(
zwKEqzUGQRi=r89V_`G_0chTQj6exS%VcCFYl;z2Dmc8aZ^lvk%_lo2bZMznZd0n`k
zrM)658j`$eR$ssSq_hL`l-jvxcs~?Rs}m@j{eDNQzt^Oknwwe7-kKY?9k)BcQ?U6v
z8Km%%Y>HsSf2gPE6eZ8}zgDup_}J==zf5e}ef*92$v0b_U(dbNpnrbJlW;%3es2$!
zmel&8W59#P*%$r2-sRpt!|3DYIzQspj5g2lty-vF=FHtQ;G`I*a}UoA9n-LpLa}(n
zw4}ws`)jvpGck2$y1##o)+Zj0+CL(H{>MoFK`xo4FR$0GcdP&6EzyzZw<pkt)QCUb
zP+ed2+Ycjt-f*w+=&+AZ8uYk%r~Bafr)Cjc)3-kEx3*KW!yzYsS<sEPxOJ_gN5nlh
zh#J3&yB$2Qc<BFPp3ZGJZu-K7ZHbq!_8IWv&h7d6f7S_T_w>l~zkR2)-L$&neriqr
zByR6cgF758E*-dGxO?FwzR<nhz{4fD)cD~yt|(^yuZ!Y(boZZI*BMW2l5{U(0P~$X
z<LJ%R-+!01f6m2zZcRsqX-cC6$2tWaewCe1^qPF6d)Sz|;$1E0G+y_*s8i9Lr_a6(
z>Qd0Y-lWX4H;<}cB;D+HJAKzTu3W#}(4NBZerrd(BX_L7|HI#X_qHxv&~9)0{>gV1
zYomFibZf#Q&t-5phfXgf;g|1OS$l)TO_tp4$<$Ttp+d>MyUX+9zqu%waD8P;24`Zk
zx))xxp4oNk(ZsvZme(h`9lG*fJ88~6P4>97RR`jF_3$}AX7IH49rod36%tC9H(k6I
zN}f+1H<dOy;NuUGZ)*NJtY+>|MbWGCuIrZU6WqC)DO>eSJacZ&wz-{7D9`(xP{nP#
zbmzeN(ao==kWaRX+8G*%R~>KPqO?u^@tTUDyA9%gev`MBwvW2?dqJamJtN+4r_H;+
zz2hqO(N});7rhuV<=eR3J}x~dVYh!7M(1tZD0j^{G;?)_TH~1>O-_HC8j2%C>Dq0(
z{;gl<orO_{UW{y<)iZp6?}`r|@{|v5L1Sg7=3gHvJbNEE;qM76`4i^Uyxeo{r4ScJ
z+^N{e?)TjbirwE|NIEs|#p<hmOD0W8RZb`+^}5x$*{rq2(@u2!Gw0#_z{iEJUdxsY
z9@}Vk)So|XJNLFu>!LYzT^2Mxl`n2Gu~+ory5oEzXHoo*&KlJ7Fma4aF7;fioj9Lj
zcS@h$Cw#bV|6CE)haUfCztBB6Fr-ULuTfowx{1yUS47r7z2ri(^A}c9cZF_CJ>M}*
zF?44Q-^i9vwvBoH<oUTL_b=Tj5dJ|CtneCmsQxHo%<#jD{>q8pMN!mmS^C1i^>@uz
zMlMcS6SnxThLWEqXD&_{!B{Y0`u2WnpN-;#c3(@|8};ji6{nY<Er{8+s)YQ|6@S!w
z&AIQItuIy<x7m4Bxou+2*r%74bWD25kGvK*e@W!#hI_Tk`fu5Sdkj7Fe0}R^<Gh5i
z?Q8UE;Bm1h?tmLD_TvJ!Yf`^quI)3g@cb90injEMI@w3C?ohMK^Z#g=JSp+os>et1
z-4k1p_P^i$SCNqYm(ML-;hK)ZxU>60ia+$-oh{pXaooNs)Kyc@EKn!C|E<eOq5R(F
zf_Cdik>i7>Eou1S`MOwWP;t^0`Q_iDZa4X@=Nc;M`Qj4N?!y5Sy?2oO+ShA(aZA&i
zd6QCqpV0DuZMCjP2fEaJ<yX9Jx@Y$4yb%dY_Uw2vX=lsqt4n>3N;+-2pSHfi$CF)i
z3!eLgwK>c88sE6#Lbn}pBcY<qf9AILJf1S{+rxK`tm*BU6%cf49RIi97H;~hF@>1)
z&y~aH&&a<!^?q>FBJb&|=0vSspL#i*`C_+tIJd=OW?)pK$qSpTZNB25hj+k}pEhm2
zv})IbpLDIBl>C!J;;xHRO1j^@=3j40V9bTkwa4GAe4dgRdbiGw?fKAF8l&CQ=UuuS
zT|O((SH0=F@}cHte3yQ!J9iR%n0{vBs<z`-Wgk1YIJx%B+9%VziSGt<4NS^uo+x6E
z>GE*=wLDslpL~|>>7TGsc{uI}yWgIAPh9dF?O6HK4RUG8jnw3`B?SXL9?0|F{iEEt
zaZU-bd&ee<qUMuU*S?u4`j}T(+TN4b`*&XnqhbHn^LDk{AY1c&yMSxI@4pJIY1J#C
zQREG`xnnzg*J({~`@o40UravO{DkXotxiwBGBkWWy{<UfKXTcV7DK=D-%ihK)8z(h
z-ooVV_>I@s_D+oMS`d0Q_Eu4ot3B@TeR6PTe&X)$2mCqadGE_B=r<WRB1MO?Nn|Ra
z2lqsO*1apuhpoF^Ab&Rb)%ue^NhkGRQ24x7QbB+B_5<<;w(wZR#L;`6AZqsZ5Z2%9
ze<0a!a#-9E*U=4U3EKIWv|S&utqVyfZ!?u#v-Yr738Qw+IX`60#kw=nR<>fbY;s`d
zp4hEQ{=)$bdb=YYp;4_yjJv<-2>y9do1jfUE}i~M*G{urt}F1k-*dyB(;XyF14FOn
zTnd~&Cm?x#!vfbSUSo1*xZNByuiuq6{53<Cx-|&->yg--xPR)Ao=sNNXDXH^vE8Ct
zl(tY^`;e=7R&pleR^iV*e*M^|bZ=(C-oC2gZH5i?88$7o-rY?*2EF08`o5X#d%y8X
zPwy`7ynCN};g5kqgY$Er-N`%r!DI35$gBU5M(+w=zVBso;g-Lj+<16nV*Lp1$D!X3
zt$%Z$C_23}{r$qd3$I0;&;7kau?By*_u<LMC%AW>c5&@`g*LrYNFJTvGNtR|UYzOO
znD<VM>fZ0cxz-V<p3d2<$>R2z@N&`G6MHZ32s^gpPsYbuS^IOF=Bhu8UEXnGuSRV{
zZu9y~R9*OaiEOic&BEk~ksen%Z`Q2*`1j~^?&Nh18`Mw9cK<Q7NaLDxZYc5D&Lg`!
z9_jH=c-3dho1_E%8jm>o&2Rm6&pN)5Cd-lpr|ykNdfRQ~nrFjn8kgie{4mPF1$~YU
zhu`+sFk6ymmfns(%{v**jS(DMeZqJAnLlpF*U`|P#@`sSI5NGjCRQG`=G*vKc~Rf7
zP1yB{PI{c6L)WPLzgg0-%fb8KJaC)I{W<zLuja#VSGz>H%zT~K^>xsjT^etfV%K^2
zlGWeMO)jdj)q5Z0M{ei2e6h=|Lv?3&nzhV3^L1vgQ8C}n!_|n3c5!W5qio$42re}s
z><QI$nWnL&Z!)G?Y@&TKO=U|*VN6xzYSdVmrn1FGV=BKUMyAF^*G7o11^>GM|6XqL
zdHTPy^uHoHNtUOhe;#ryI6D8q@S|Iu|D`$af2o!Lx-z;;wWeS&)$|M8<ZFoOWFx=^
z3xGN(fW#C=mp76MJ@a{37k&nR^$ajlI!TwO6G37~QXh}D{j&2#LnG`Lp~9HJ79GX}
z9ZaY)rm;mA8X)+OV?m|9lhuU(f#D+80TaLCV5k3A%H9tMj{85=vj6+j{ha;3IzlD)
z|50#1J6oT0tTy}%{%rRDYVZBFs6qo&!*TD|Ibh*e9m?$gm3RW6;`{%86q<AYzgj}s
z^)Ifp7Vru6Ph$i)>%TgJz516_(iFgv{HOX`+W+~}s80KzY6(WsJqZ?)3+Mw?K=y$@
zASk5<nGKoBQ(K^DfUsYwsUUTM|ACdHS2dN%8Ok5Z?EkdNn*e;m_)i7*zdFbNst<PR
zUrYlkAlm2W;b{D)Q!VvB&hfvxf^qyGVPhpGp_#1hW?QVHa43M3W^-X@3mqEt3p)h4
zF@Y`gXn<;<3p+z*dcoof{{ub>Vk&_V|4)Pc{$D-wKO6m@N_Y1EY6%tS{|l?O|Jy>3
z2B?O!|5sHgtN$ZzgTamy9Q(O>IOzX$s@48a0M*ag|EnbsiM@LhD=FYj8x8UTNx%h@
zz*r44>m?HV^r^J$U~CX-geDiu6>{AmV|JznaegEUq}Hf%<%n+^KN1xZ%Q8i|a+L-z
zPsi?bBmwuCkf+`X4s{s^QWCrn6FT5YS1poci86qfdYKXr?i&G-z`87snGlJ^;tcPh
zkV;F+km+Q~Tu*{N7RCk>M<9{A0~Q4n@Hm-L3hovekR#W~2u5cO@E0sQk_3**v_{9W
zz^7FOgCD6vf&LCs$i)QUECY|n(0h8oHQ?ce$EW8gC5W9KQeWuRv0iu_V!#LuMlTeS
zX%Nr*a9tvI0(uzjfnW?cJWixV?nE>~BeBS(Xr6>{;FV1whwEP~%aAJxUg$kAhAYp&
zLs!IN+|vt^s$jOE2|*Oea2p`T94nl_qEZU+qdNe+=vULs6W~IDibiumJYE_Kmrga5
z%<$FI1Ks-v<-$sZfgxD2gfv?T^_%jhNoo3|7&%6G$0Tbo|4ZUQm=&jya&SjZI<+g}
z>zWG3qSq5hpkbkiV{L?qauo?Ng7ic#%dt#>GzDYkSl0Y#Q<4xE>*j%8?dD}gFK}6D
z_?|7wkV^<AJd;|sBE&te2clUdBMKrDzDX@PZq)`&Q_Cz;%YbKQm=Bgnq_i@yfY~kC
zFrV-MK7Qe)F2RHzniWBgaLLNTC8L!^9=!~dbh7D&6pS(-#fjpk6NZ`)O1C1^5muRF
ztTMV4$ynVBvQ;X0JVI)_gH_uxG#NO;toe94y}Epn!Fv9eEAg*X>)%hZ|D^)|4^I7G
z)d$=4j|n!Zc3@@X;b8txrBJN)f2e-`&iQ|Jgc!L*qtdF<br4&YD^tM3wFVOCa-?z<
zl&sQZq4(^BBa^&v<O&fe37b~?lPJKq25^?Zjg9CEvH4IeKLO&fxd{+I9%6HNoCFS(
z5Xlul$^7_eK^&9Cfq?(t4tRXW$_;ot<~*`1;?xm1dW7e}giunN@eOXwz{O=8Hi_pC
zRLV4=A&hQtS~My&#IGAZKR+Kobm&l%NQOydrIQ_@P>Dr~u8wG+S0xSqb_;Zde>2z~
z|0~xAoFn~jfS;BBU*!CcbNsLRkdP_U$`GGQU@?~@*XF=02uuL@LzrVWEv7$#m)-Ev
z6aZTK>;)1+3y)(s^8wfJj=I%1jRKPkJPvJW@IZ*(OryUb*NBOvl!y(_Dm9!HjzmJd
zM<MeRxfoG5$;CFJrB?9(R+gu>in9SHwFPJsqm-nUiczw}a-{($%mK?dsqIL)A`6da
zs|G3+D&(fk91XbIPNT~1ipOED^3)nB_FYRt0n$~P3>ir&(~$?GE~@muL<)&YBL%`s
zJduVZ9!%@5PiedU?au!+l1gb~4*EYMfMT`(1C|8N{$CA&Otv!v%rNvyjSOp-T8T!k
z){*dJvWX*Y{a4hRHs%+b87D|cWOMmK(8u|)yi}neH71PD6ToRJG2oH^Ad>+E?m5U9
zmB2|!;Ks6eiEIu;GnBxBbWwU9`~@Mra>?q5IB&DVg-T}w6sOYYax!wjfbJQlfqSsR
z%TR1B9=&P`b13J@3{Qbc67Un_SsWo7Txm9B2xR&ZxH%TaC4_l_bf6@{WNs{-hUYP3
zBNCYr90)uJ<M{Cji4ln$0ml~-B!*eU3B%%<y|_FsGZx=btr2Bpix3UHPz}#&J*hN5
zniuB$93qo3^af|_!Wbs2N?HoGegSXzB!R*29XB?d4`DCh8IP=0un36iOY^1rQt(h*
zJfEG&O0bFtz=#967^WZ^qU6!jc?QO@Ibn$rCLr)<8kMKNOv@~q!ZTcy1>*T2k^#m@
z9vYF58pi=}*elF(ECx;(#);s@BDYzE@%XH0h#)|=Hh^g6D$`X2^pgR|1P~pD#T0_^
zgBchINlacM2izN!joygr3lY*x5}1RiMan_3qHJ(E5`im~iR9WcU;%M#89Jzdi$D!`
z_1J;ODiFY;*OY-v0?UBsVi(2ei9rQh8NfVnnSkMz0swA4&4E?}e}8`VQYUCcQdzbL
zUO3xf5Ff@bhlvWub~=oNfeAtxiQ+W!TzGs7%aJRjc5uU_N^>MSeR=IN6N9Y?KLu);
zL@rVosDQ~P`jIFk8hWdm$^63<0VkG?H~qz$U6M#+uW@2o!Yoy4QOA;Sj&Mtd352V`
zfDruYhY<+5YQ6(9cHs5>&oBgYW0UyN9CnqADkj1P8Cj@i;)l%@u$b{|W*CnHne<Z=
z!3o%fl!R8Ughl~olwgE3O_~yAB*B1=UM_UDQkt>UiihT(?Mt4@<u~3aBdVol9n37~
z<}-^*pGKIn8EiOP*TiSd|Lo2G^{cqgonzXc|5ND<hUNM{fI@ZJ|5Z!q2-%tc>*XG@
z_fCX>Pzg0vu-eq8+Qn$>Oo#}vt6BE;Hq$A4djl7|U|Nbyc?ijJC7lL&<^}qDL2T4L
zGLa`&W<fmEZ#@CX3MvJjQnJD$LXA|zM59UBGI34@zC#R0AOQ2(1h|HQ8+_2o^p_K7
zV;24-C_x2@5sGyH4AYB1Ilw_N6dS{g=J*;h<!DiD3J1GF1VaMOs$_%1B;ZezqckQk
zJ|U<ea=NJ=n*>uqAlZUWRpmeukrL7ZshmCt5@F7Xb2O+QX5_+WI47lnN@H5_AauH~
z-^b4u!IcKVtU|7&%rsI9F3%)^DuQHrqHK7y=vpDd0ZP+GW6pkpEnIObtyT{1(UWAV
z<gfriPV|_UOr)_*hOLa^Wyqxj1jth?0#_Np$sIQyFZ(!A;y)E5XvksUWQ;+9))6c$
z;vl9%p&A$`)3A`jvN7-B65#fnqK6SkBtno3^hQ|xn@01%{(l@eE(FK3;^IOj3X&{O
zhL1_$g=Wj8=u5nS6{?XSkN6JUa0pz;1J{uk0qpqO;~!q1RTxviffBVcVN5v7NS7fN
z;f;`IaM*4R!OzjDb96$sTm$X_#W0%!AXD~inN$uB6L!E75Fh3!fZ>Z3QFiGuCB>-I
zGa$1j#K;`7B~9E6rAi|cqFo+jX3WNtQYM>?76Gmyh^$m8R2eFW9FqW%lj#sSA_XGz
zX%LwWHz}|pCLoWo$QlxT1}kMYKUsji#e}i+kBNeKcqxy*U^kF)QowQ?0Hnf*!`Tp7
zf{|dJJKH>WF2WJ`Kh)8>NI}HzRq~_gUECAOf*K4M=@7_#wO|To^eb;&b`zF-A{*Ey
zce;fNg;JSB0ftXcxKhz8pS)l;#apursWG@C8F^+(T6UIh5GW6g0yA+S=r&lgil;y_
zf;%ZhR)EDn)gK~D4e2nLGCzk2Sae#bSStaN3+dw~NRf|vYV;q>;&|NHXgEDQ<Y!qX
zMn6GWa23iFbQ;iv13{<39y6qJ><KQ5R;^MgkQcZvrHTyfi%6O)QtQFAnKFeQk4hmk
zK8bR4dh|JRDH<ykOY{KnqeP9p7#ItND>5v>GGSTOl}iuw$0)~$M%pcsVlWU(;NdGN
z2Siro=(-ZD_ZHw51g8W?L%WvUQ$a^`42$$v<g}<>Dq*X9Y>t)yGXalk3PWL8!BxV8
zCJ-`S1UxLMbqJ7<l`YkVN~DmHQXIP5qQ82P2=0la5|Ne;j*&w8O_Gif2cBiv$P(Xy
z!xM1IBcZUV#3#xpYMJs0!)sqU*#P=<*+i`j*<?;pB}gVICLFR+0nv*K3kj*!cwBiR
zDxz1JVyX;Mz9e}i{8#0bDer8`EMbLZmg5w*WtPys%n~|f7Fi0qs^yTcmWsi3H(j+d
zweD*cWHt+DL!L=7fo59nst|9mK#66;^2E6OLI*(bj;^Nct$ysl7zSJvYlKFXqlO3q
zbjK7q8etSpY+1S}N1+qK(J+w^L84X%OM)eNdBGY<FuWoU)&#4hiePxP7M!W>A1oH>
zOysf=Bi<m9Nu)IRKXedEgA1HydgUiUFJ4Vj+QSB80x0x83M-mA&2VtQW=ar)FvpTr
zkus4KW`+Y+Wx^a$2WP^p%FGUyD;1x?n9R>(OlHN37q8zvcThmNL=`N_(FBXL)xmHt
zg<Av-{?i4+eI;0vp$*QErw8{}XTX0l<bMQvnPL*lQJ&>uqG^Xpv)t$b?`cxGrsA!w
z+}LHBs>F_H_^J-QT$!$_LiB1y4veD;GXQ6|st`S5vQ&lmk%7!McGJECo-uKNzUWnR
z|F(v{YJ=VVALFUL&&tEW`L6(fI>U1R2V4p2-2bVD@X7l>XxsR5wtxf(Jr<ik471H2
zl;p2#{|D=WU*#5%3GHUPK(^|ksy2cw@^Z8nWYLOj>;l;&zT)Vrdkd&syFO(w%enDm
z#viM_pYo~E%DK5?q8H+E!#;W623&q@L#Jg^*X2;RWu?oi7{&kYjz*Y?atI=V1N>$h
zqA)82W^qP^g|*EA!GVg}_BiL%QX4vwIZ+kpM&(yTm)ST!L&sdTeXHW+|GV1Ps_9=+
zQpHquWr;5PU|){n?lYBkb`^I2qT1~<Rc@cAZmTrSSLJHDDp#{r$(pQ6)?8J(rmB)P
zQ<bfW`f4>#w)H>8bLo|lha>x6e;fWEf&UMu{-^2#nVg>=%ZDceaj>A}#Im>?!O)@L
z*n7Fm0`*o1$hZSiC2CO{VdFj!I1>+lh?V8(fVKgQz(Bc@gRSP3vVo9Fj2IaMurh5n
ztd9I!+0*Im4uvp?FqV^&V6<;TElIFIrBH3aviLDE%viQLC<IKeY(vK;#PfL;&{PUg
zT3G?Z1ad49V`QMFUf9pSQvbI4f54aE|A+4M|5F{ocKuhc{WpVZb^lX9fYbh?T7ua~
zkGX$f`S>_ZzdwU4r|I{nnSNI`S3b+yn^K0gH|77CwYRk?cf}03%WuX_f&Z(35%*`9
za5Fx^EW7;H))lg~F0;_(x3u<!j9M1B(<6#6h+3W2*I$sOb%m^}E5V}LX+`ZQr~eOD
z)L(C~J^!y}|8G|I-%kH;)fMdde+&3L|8KbxklfM*oOvust5Dka0*3(Qs7(F71=#lc
z7Ep%Yw*VV{-vVs-eG9PV_btGd-?sppe%}IY_<ako<@YV%3-J4<4|do8aOG4+8*|YA
zX?}hIR{GxnXaBF3V72(i`o2J=$UzQR**u;X2#)7ro!^s?9~j08VsXL(iGg7ZCXq^I
zQ;30VDwRl~Fe$7cD*Tl}8%pqk%&hl}(`%E_0z~GA2heGBY9NIe&fo+R89_k|Vi23d
zAhN@P0{vLwG&+S&A4<UEFaiWJ<hlY+?A7$h6v$Go((3f%6po{mny11WV?L`u*l|c-
z%foM`#bWpcz)Agy3~C^i$Y2Msh+#|`lgOY41yUIl2E&g{sfuEuPKNO~^jD8oU%@QX
z<8%mOjZFUykHaB5<Zvu{SQ3ZBHrC-7><P)-47FuW7#-Fb!6h)sseIK=LI@!-Vbr-Y
zR=R<-A;^Y)MbRLuD-z{Xkzgz^qXvunR8&TatPz!`{gi`06+lxqf69fVeEg{psxtZG
zs1<VZbTXwDyC?|#q_u8^6~e-lO1aANATdOId8-V2^50}!{;WLg%YRw`mEmu7{+~g0
z%Kz#JA>H$`75b~PLJ3q7g#f`qMg{I63I%7G;c29n2o$!2?%nVq=p+H1BN(I)_K+}0
zEej<W_Yh!FmZZlUK%!FMcPkH4hQtwxTy`iSpBBVsFasFj#4rZU4;~EI3}PS)9xNHu
zASR6g51>Ize;^|T5($<NMTtfk4nM;Y-SD`OIE6?DPnff{@Qd*ce#Qtvh7JN5fRasN
zL(F6qn%XSNh{9|XB7k`GOe9;bfr(RT289y9c_{tD0f8_*7HI}&%fAc^Z<aO6Wi+cq
zt&E=@6V3`HP>^?K0xw3clxNEa%e1Wc9A$z$TZWxIPt<~&1PI|wo`8cQ%@k=w5||Ky
zOb76RLgGRY#|t<^>5^D19?${9b3hIFgrvmr)jE&|LXMskxKO}KARN0pij$`nDX}Jn
zeuoE3Irt({a8X5@zU1(HCe-?1rLXmwN?+^al)h#sDUp2QG%|R=lE}1Lm4=O2Hz0Kw
ziXA8pM)n$l^~U(YnDKqEx!rxRBb$3PFI43o2QvogEeY|7C~t8v?{!Ar8+gP~io^;7
zk9go*1#l5%kr=L3xDXPQ?NaoNo&kl`7cf7!-F8ezakV59s|KxBmJJi3;mMIZyg-*h
z>(M3(tiq848g_Eh)27PMh_cxtohS^B1@LGyvXdrRqyhFP2rohjbd0Y#YIqi^)e7LD
zS(l>@6DfgZkqL{iHp$e2mQOCL>B2+1DjS(FAZ@oSI8X(q&D+>gP3PRmu!R`8!@uy4
zxfOmH2JsmCkP!i6pOv-%g#kps9YZ4n-gQL^L$`6r3L~{xYb&E)VFQq9zcLVLQgLFe
z;>?FFgjTf_1LtOgK456vR)7Y)=&80C)czk7sjMo9;j($g3UJVcQJ|PCcqD{rU||<P
z0+NkfamY55G>$S?u2Crg&kY<011wfHed{$<F&X=mPJtEE*by;dR8}z!?s7P}aE^8x
zCCr2JLxRTR7*KD8Zatuvi{Y#sg)T<}s*%F*FEf*5nOGpx<jN)R7^cb_glY6t8oQLG
z#PC4dD<3eN1KckaszKR~3LGO+!a`4)tP!czGEMogGjsCbxjkI>4ikrv&E&GZNrK7Z
zsS>9M*x~greu6;xLM8yh%AWwhVool>ggq-$CdtwoWSHd?fL=+$9jW!t5$z}f2ZG%c
zsC;7GG)0&OUNj&(%Rp;rIt%<XagX3OL5FH1LkWz3cQzn3nGQ%RWj-MNLM8<IjTlSD
zo90ulNrSZ9vj%C^O&f&HX+!l+8-&hjLj|S{7BPqdB3_m*)4)TG40$7)zapEh2rkr=
z$vDw4w_JmxQGn3$7^|TrL+n!!`6UCVesX1~I;Ct|H8dF+q;rHpZ={B%K_RVXOtuv(
zXbKa?+n<1xp`&m#3DHAUREGepG(UAB5!}f$R>f6j$~1C#Rzb#CL$&}@K&-#wO?h}`
zI?wz}j!`O!V`WUbDvx6r0d{6$Wz0t$u(}*g+HgwVvJ)UraKE$JN6n2cP5P*no#iL>
z$jndZkrhajW^&-WBBi#l$uudp!(!U8!gLNK&Vl4VFp$_c4t6$jXCwa)H*(Bo-Py{W
zt^7aS$}v|8&Q|Vh<^SPUZt(EoZ0F8){vU4VnBy5|D|fc?|8OhU`$KXzb7wRE4>xn?
zo`kcJe{GH2uCCqkx)GdF*<RrrMl3QzDL{51F&hdb((oKYwsAtd+m~nd;0#!>YyV+p
z!}jTUII#bqFen!O|7aAN)Bj)fgn!Zg12dWYj~jDX`i#ffJg&+3a*k_$E%qF!_{L^G
zh<9uR{tL9pFmD1DgKI^OZ(1O-bB5C<q~n8}Hj{l3CK`zAd6Ckj(V8EkwDt_)m`;bs
z3jZ?)^1j4#{Qu$8`R3OfeDNdxmvTTKTaa0f=+%74-n8;Qf2?+R+TI3SxyNbKL|?<n
z`ic$WQs*fC<sYkd9+pPNA?IOf>*o63Qykh?>{X8P?rS(6>^$k~>;<3Q3;w^IhIKXs
z=ZR5gOK_g5bhZTN$wOybsLHnRwV%#&wgl%1HfK|Cp7L@wgo-IsoQIPt9&Dfgsn+{H
zss1#E_5Ght|L@fj%5ndv&0FEhck`$ILO3p4AdHLWN5wK@Oz*%n1ggo!nOt_fFgb=D
z!{bLpaN=#jQqAzfa6$nm3BA(GBGAf!O=iZ&TEo(8!gAu{`IcnRD0C}WHZy^fz_l(P
zjl!_T8_%-I3L3@F43^Ca2k_wXFDqEOMcDvs3^V2b*n1Y}HmWNXNJFX+$Z{4IXbLZa
zrZ(tf$#Fi8A|lJOt;DumS<VLt$!KOI&t{|%Gb20Zvk?B2Kw;Sh3OSJOfo6fyg;G*l
zKARR6NGah{*l+@;;deHiLrN&yg#sz;z3;sljb!<gl4gOm@{u%p@4owg_uY4AUT@;`
zT5Uta+V*y&65UJF$?6V`RkU#&;@#1f&UkAz+)CQI`qJ?gtC0)IzH}81a{%8j)=99T
z{WuA>F*I-P{BfTITO0Bh@gP`-|IbTJ2l(Ju{@VZZUqf?4O%vz89*kF&{3T61@H(*n
z@^5UM7n+d&!Fbh>f64g2KmWNQ6r7O%!Fbh{zXCJtI)A^JR}aJ(qsRZjhB=|?^PlH}
z3QWZR2jdl<)tZdaQ)N-wq^GZ?GZ7;mUm&o&F%}54rd!F1j&xTi3Hlod)>eyVAQ11S
z$6R{&DP@C$gZ{xrzozE`=~Q4H0t#YJ{?TX9Zhpy>Jg^AIYxpJ$QiL9s88#IY*79Ag
zP0b{x4;4+Uek=AXBH?v?G(7Aq3E=>1$$F_uVJ#kay2xXgL$K`cmu1sK`gJ+G$cY$J
zaDI>-#SwJeFB*o2n6wbngm^T7-|4LbdD#>QcK69=mz04;o|slJ<$~$Ms!b0O**D$`
zNm)q5enB^6b5UQq%{L#RgaeGYa7L4cB5rqBQU-`3E%IP*0b)WOb1>!0MRqnUz00BM
z+G<tHX`YCEDr;C62Zf$USjp#zpaP!2RYGA9Ll+l$z{dT>LJqJD2L#T@0E}5{=z@@!
z0aQlGMZzFLt&l?*g#-L^I6!|Hskh`f3^+1|SSbkhM#8gvz6!1opU=s|JTS15eFb4a
z$q8&AXxJZQXu><7RZ?k^NL6eaI<&lO6G3xHtPO8vF}UmkPtpdkhE5*zM3VdyGA|r}
z=A-t*eTb6biS*L<@%6Dz?ej#elL5!q58M+LA$uYn?8EqaiMlK)rhx*YAI8}W)fn|P
z#y*fL;=%#Wb$+1&PF^UK1eF5vM7rn~s){2D!qMR*rC>6xpu$c#zKw#p6F>&5I2AB}
zNDKco&W=g}q^a_QkYVKVw{Zf{t*S&%#4b>@ZLs=9IZ^8e?)hpDp_YWzLQ(NVz^Gt(
zoG4?q-=IVWC^j}2ChXx?YwAMHak(o4?8}E+S_hBPpu`j5x!Pg;s>!D@ft$J@u9fw`
zX*pdh6<31~2{tvMM&wAE{WLPkV*)qCd^O<MvfkPND|uJbTvSDr3x>??rIUSgs2l@P
z?K>SVvC4h&35<El5ROxzx&N|{L*QjU2W_BbG2+IFM9YHW8YF`mdm>i&^sFG_nP>`6
z=D2H3RCs_2ot~)E7b2tyVhW)k!F#aT4IKodpVUc8PBzSXlI6E#d1(`Y6a__Rg9ap-
zzWaghq60kz#@1z-VAgUFkF>>(B?C~xBWn$ylZ?PuwaizyVBn-=!*(*sa_HF3a_Sa?
z5CMK0CB{nr5amNgGy4&oO)C2wL|hBnAQ1)xMa3J?uyvVfj%h%0OauNJIF(ysi}IvV
zAvjSekc>>Mwlsfhoj5CM5<7O5zyvT%ZX;V|mezNoEZeXF<y}#LmL!oSLt2R*DqJ$a
z#f}pwT+Jv20k@9=6mARu#&sp=UkAEC_&uraV);G}oAFwfSmX+-p&`v#t%T}hmUY0w
zm@sUy18AN*Bg+M1g6aXhL8UA<f1{<N@TZnm*i$d!X-~h5|B^~XRWJ-kD;9J~rX7$h
zb83wpnUFI=5JbyjAOwr2Rbb$z)su(KQ3>S;NaTgJvdsY=Qz5$Hj7|cqE$11r`0H%u
z4_aX$03H>&U?p<VQf?IFgd#H1)X1QwuVoA!$r#3mC<tP_h&DKaR3~a}if)*sSjvFC
zTO9K<c<{ekEm%7`Lc!V*lGES^!C63{tK<qO3ZO{ILoAL@n5UZ|?v$31b>Kll)=P$<
zDtSZfAEFJr1h73-AjxxPYl2uZ<%K$)x?2LHImho#gRY7t9fAatND8i>GVC;79I%K}
z6y0k{Yx&s%>ur$sl41yk1~3tRoApBmz;+3S2!IQy<`jT#qN$)ojB`OzdEWO(zQ_&?
zDZ?DWp~W+>JCfJHFDT_(j!2Q6BkPDm6xGz4v5Buc>Fe!@cKOmB(e9<ai)&yeR>Yuw
zcTCG8{|)MX24xj|ggnchCsu-Avb}>Y3t~S3r3A`2ffC+6r4@0O<C6z`0vv0cc|NLB
zLmHf6K*JnQ1h0WNBq|8h$-%0*+nS;I#9j3(UH(+f=|V;;vDIU7SZp!?S|{O6HP#AU
z#4YyIO1iR$MWnjrk#NaK*NDSc^$EbqV4!?#P2b>Q%gbeWt(+m41q*Ol$@Rl8jX@7s
zy@Vwh^XGdATX0f}DVjze;^)Z838|TsR~Fs@01^xm^eTa1C=d#f;JoJ0+~$S`kQ$gn
zPEbjFU6Gs&22KG`fYm%={HV>p@)F$ooh{PCbTJ<x|KF+sYUlr)(b4B0W6b>Dyij%i
zud%UdBL8<VUSFvEAF<arU#>)-mFcUQ=$pv%eV#nu{-^ndC#*a?=QmoGX(HYCRZRCy
zWbG!hcH;tmfU<VnW!lr2?LrSkuFi&9k=m(FdO<vGTKS$5*5uh~C_xk?IS+mrS2iLp
zlXOuLRClqY7d6b12__LTu!4kTqdG(i8Z<IYKY_(4=F;FFT++26m~U`p4q)56`+Tah
zRwjUI5vJy>>2d2ao9?m5mnB!u#sd<w*hLtgU&4tE)>{Q$Z_1}_BOuwO!rXTxp%G!X
z>{ErZ==BqK0#<uGVr9!d(LUUdCLU@Ink$s(XjaESu4uWb_MT3*mgM{`XeQ>%a1F?F
z2a<-<6J=yiU(A<MH1}FrE*h9ZBghLK7eSPDM5U`13BnCUW$0yKi8<&@UScz&sOXBl
zEazC^=w`oQx~+T~6}73MWGQb^xI$rwa2cWqx!fq_unr>qpkJ`+gieC77CN%*f>r<#
z>lpg56DF;Zh{BS0l0Amk4G0zJMFRk;63Hn8s9S_hCzyy})u413fGrfk5fpWNI!>7x
z$VDIu<d&BQsYWRjs7`nQfC`1|1M!#WnU_@fRVm&v5-#NPBwTDzEG@wWFUdNPE3phI
z7mH+DTR9=92N;?$o8Z|<`$AmIHu`WyYpIH#kf^E>+Q<MI7!YL0lHVq@N7nO-VQ?If
zRX`ZTR7j(jX#i*m2BSIIOXZ3RAnOJuKr<M3q96pydN<W408^0@7Ysua6<Wtz!EIX2
zYmhn=qNkVl@YK^mBpF-<w*u=YTgMzm?{z4H^)tvp;Ui#oM!B1*v6tfMC3#I!viL4j
zvZ$dM{oZo=3oaVe`cMLNQy>5uW5}xN1_;z6Wh<~_8wW5-5gBT778x`r*$=|3phPj;
z*^*v>Az9WE^xx3vh&YAe6>Of>R4`p64SX}Z`@v|o1&2x`WFUMTru7UHltZyBT>cX*
zD?uAFvQ<)zxp_BUvZ&G#3y53_CU|RtkDJ9|tEu%n+(}2A^d{TV%cH3{N%WGQRB~CO
zHQq`*(O&rO@sj0<bO%=GLW@+iJH3)5+eox~C0Uy2ZuOG*ik?)wx0fVS?nGBlXCe;Q
z65X-RzScx{J86M_-N`iROmrpE05qK>I3Nd=i1#9}u6Qce0bipniOxiNrPtk-NOvR5
zwq%M#Nl!GDPQ>~;qbV?oR8O)u4#T$s*zQDkTM9;rcg4HYU?_=hxJcs5;2Y`fh<0}3
zSng;apr1knNi5m3GL>lWNRy6aXKNfTw!{H7tW{=X0adZiXrjwYTBBXj_Bid81Slyt
zHe=|K<sEUngyTiwZ!Dcib|W3MycfQDfy`9e?z%kD8~2iED$$D^X-g%$yl&(t^hi=5
z(62krpdhbFg-D<Ye(&pz+W<*xJlYAcKtA0S@*7W*aDQ@yG-UZwqzNrd9hpLBT8ich
zn^>x_VSXSKB*6vEp~mJpp}$h9uqspd6-gA<&i^?U6$fC9G4g*+^M=)b&JE6;H<AB4
z7_To>{_iVR|2L5qJYZ?T@#Y05(t=;?w4kL(JP|l%73M_o-)Nbvi8SI@GmUt#i~lMu
z3kRsQuD`Gd&{^v9WhwD1`v`1V_7j!mbTkbHOLlBclLHp1K(+lX=qHH+OTCH$py*|p
zJ)w{*2{}yh(P_|)6!g=FJ{mm#g1p0~CT4g{yR<70p(@K0Q2!%Km^mxTx;j+NB`zX?
zbO~!^gvt49$VEYCSvki873ip562?Nn2>T@*pkKW1K@e-dmG^_OaeiP45~HNBnmVi|
zQpA!f=uGlFFTs&7TIV!m<SZ8c=%oTpPqERkbd8V2a&Qz`P!fV^LQ+lwV}f@rj%D^6
zRx$=6Fj+6aGLLZ*#`d~-MW9Z!BJ0KyFEZ`!C&>a$^JzL}Qykz~_LG(dTI{xH=V?He
zShMng*tRT&;mN=X+j7nw%(k5Khpkw&=F2K*r1ft@j2&g}(~J=1zCa}Fx#OT*6bsH#
zsfjbxZRJ--tHtFjy+9ML{~S|5QOf$T&I~IgMdUh82l!6yhgS0;4+_-axZ(f<&M>s|
zBvoBy$<($BR!GGup~Y96FEx=H9<%f3heu-elT2BL-qw4oaF7jz`yZITMjSaSt4c)6
zg}1^OrCehbz4|Nj_*7)JERfHf8Dq+k%j@%si%AO^Z^^5sUOGY&Y~u(^m`3(DmfPB~
z1-7)~3ur;f#$-0#i{RdzZF1;x4q{M%iTO-Jk$}<Q6EaTbSX#odlhon0vB*NBlqYq0
z*}&)D*N;%yiF#2o`80sY@b*47)mTo+pofE47_cU`|FNdxH0Eh7VgTp0bmt1FfDwQQ
z-VH$tdPXtnT1J%%Iox8SJ8N{3wZY*vT{cU4fr8QKBhLX&Ff`u>-H8XBP!6?S!F*mF
z_<oNy1Vi3aZ^PnbP*nVmvRQ_<Yyns39FnIAegWqJZUdZrYQDj_bm2-55HQNbCunb=
z0d>BF(qp?q{4#P`U=RIKQDd_*gaIg2OtaI7LAF7egPO%G!`_9mX6Z^2y?o;2AaF;+
z24l745CppYRDh<k4-a9(okhu-Z7QLbsj4$%M_`bpW(EKI6+`jMQYoMmeBk6|BcNx+
zU}GrgH`jr)NwviYenYLVAFcM7YiYl{P8d^DdzCym9!hQ5OF(C9%7vK1wDkq|!{{S2
zs2FW>xEw(n8bbs}g=k61<1V9;gD(EDaHXM@jj5Ncm50a~Uf_|mY9zGd1=<OfiH+`M
zwf)rCz;nggT1Z_?DfY{{FAIP&;EixkN3JhRp_bX9T46n|ZAq1?YSJ2hnGG&W)vy5Z
z{eeUG!>K_)$7)ze{$B<RdoHx0rMT=+)x{xX2<D1N-Ec#!uQuVb6=rc87vUl*U=;)4
zKqVGH+MdY{dv)2sXQ^n}DvC72j}O(VtGCFqvGsF1r?*h#<$`3{IqvcTTpN(2Wa+$M
z(rzp?rB%~hiVF!dX^N?7$ZFOKn82S6fCKVY_(47e@;n&Q$eR&KFa^+kSrl;I26vOw
zfI5gCp&8qCv;k#cW??}jcZarmSXhn7SGFHdT{Z9PkPwdnD}T2<N>MEt6<Aa@qYR*J
zw1PaQ{qe<3r3H>;d98Al<*~8?HXYS8DQlrnTQ>xBodb%78~C`*XgeZ0j2*eP@yY@|
zf>B-*jAVjr6*tV7ykw9%Z<$px*u4P@Co}47$5aP{QI2>iTk9Ej$f8ArVuAg}Vz9gp
zu&*<M03kFYUs1u(B2Aw_Ct`V>2m-{~2IvfOW!yF_ih{Nkm8lF33m#f<xo7pHg5ad{
zd5@_L@PsZd1{JpTOC#b6<txvkwh&R{xdu4sw{Ki=#A{+XT8mZ2YUzqi?8=A@k2Muo
zyylpi`Z<ZC1Zfbs;A6kAjAu1;S&d5pQink!<~(I`O6N#2z@i>*bv!A|q9qnOvR~Ma
zI!2vkba@>Div%#iD)ZZTY-@MoH=rrt8l)ythZ~e8jeE!`w(Y4J-jpF1y!;0iM177(
zbM)|%{R-nbCYwsXGoJnoN#}e8fdl$#=EuRY%fKAx{7{~uK-bHf361go8xsS<%n%Y*
z2aze7g;8Ha&n9kHajd)O9`yY39(0H_gqj<I&2yT*G`Fjau>Z^Ui4MdDqigK@KN=dV
zpa0SnYM9vnJt(g$d%D}FyN^dbnx5!rO~Lzx_;2bI`2Vqp@HD(l$t-Peb$y0^Ha)WW
zdbslSV#i9u<(iblf0G_RZDSfPe$$MvFs*VVSG>1}wD)U<$@T%sJb%NyA3l8RW|!;8
zYZI-}^tz3|Uv=s~z0z^aBhRnAcfEV*rkkHx{Qdl<$%p2Tt$Xa!xp&uRe|hOKhyV1o
z#nZZ1Ov|pAHd~$C*m3`+vwr?k;rzRnoVaw$-UX45R@|`XuH}1;U3V|nzWXm*zxlIi
z@4T@3wQHV!!|$4R%|otN=f8VM@y!RPZN2)<ninou_3^aydgEQ!%dX<F;-{_;cRjy4
z?>fS@@wCg0!lCybC$8M}?A}A3e&d7-AFf-m^T|KY{+4Ub+ut}xcC|eA$vW3tr%D_C
zBX{FdpFF+oo|~m3x2`v?dEtSti@$k$;rF-x<iY7{61(J~4^D8s<;u7c-+B1stC!rg
z!ByOTqw9k|KHDUELl3t1{G$B`@`KY>Ul{zL?e&3r*NK_;CT+dv7k{^VpKI34@7%WY
zS3i01%&7y9$#XAsEnc%SeCWL|9ev5RsjkP#PS-ITj=Ou_olS2X@uAE0oRpo>^5P{k
zGe^zc_}`OTW^7n?Qt|ZvX`j0Ox9bmm4f>tp-m>h^&)rgg$HfbFCudy$vpZh$zI4`<
zHBTRV?gNKxc7;|gz2fL;PrQ8bw)4GLEu3-vUUT1)de^_#?R@eb&moKF?woY(4a-m2
zecqw>-JJQj_vZDkmZ|&hbg!Sh`_%>WzP8bL==bLiuK1{Q#Z?#Gv(tZkpKHm$qw0>M
zrrvVfbsv5<`3K8Rd~4I$+gDxj%PWr+UwQt~Vv;;FC49@~<-c09^1LHwy?wsN``!Qg
z!|_)iw&}TdT=(6z>$;P+Ty*W9+PD9F>8ano^rp9eORl@&iud+h`^@w+rcU2-*n5vJ
z*mdKs+n@XK-ff3nV!ZrT>k)e=|Ks`L#hrh=YYz!Nk<mAvFlo<%-4RiJzWC4+CpPvy
zr(KhH>}%`tZ(e@Wd5bsfn9|}pHF(*Smlyx&)zUu?cAmQG?=QM~-vvi)44wJYbKkmt
zis%(L<c~Xd%QJVZxS(#%@6J7Z($rZme*EK1YSP0!f0$I%r`$Gw_rmQTU1oebb(ZV?
z`#*CZtG_>K>wVs{-dXX1-?jVtGf#j0g};4q)|55I_C=XjZhvNV%a8V5erLPuvbT?a
zzjV$MGa{fLx5oZ;-^>|zeb0FGhaV1{a_hdCkDMRd@cNDiXH463^f^bn+&gaH{BCjk
z^3d$rmj^Cc^P3mk7i_(F>SyO9^z`~Y_bmOlE$eUG^{u{H>E<<uPw%<vcSEi>o>+9n
zy-%(u+OMVWoxJdv)chqg|Ka5wzuvs<gZIL(uZlf2`Q#Zhw%vHvC7Dfs`fTO{=WU%a
zd(E`J`Om~RK7DFI;M;@CW=PM1^1r#@lO03vU%6z}3wH<pm%S^Gi+OwhpBA)f7fJfG
z&rH)Y(;`#Ro-`#|L^7p@Myr|0)*^{EN|r0SDs7Sq$yOI3LUtudvXnM;-K0qA_gQ9X
zT3q-0yTAMW{c%5fnVEB*vpvsw&UrrPd7pD^9WB?+Y(2Y7=-lj?HpkT-&5Cji>N60M
z@yKS*EJ*Vv&Pdtp1i0;rFFcK(o25b}srW5+H`zg35s|RA?V^Nft#F68tKQCFd+eFB
zakC1bUaqOU!g8;btya87)DF?c$I?y>ixg#iRt#mnxgz}}yFjy^v~#;`PW_1&hOsx=
z_6<_Zi=L>elP!ft%)@)NlYYl1jZ9H?bvYbi9&yMlTC;}arg*~Kli{D0YO4PXs9NXH
zW+OdcS6Z=ZBz)g1bsSS7^+jEOe}aDIi`;q20;hFEo*4_bRG1oiJ$>^vNh7G%1~4^k
zED^FiYSK3ldwqdIi{wUZo=Qqo+?&g-$0RLWyK0>TX}cYpzU}fj=Oz@^%eQE_W=4mV
zG4qM&q0j5*S4rrv>GiKu(tB#{EIhv|wsyTh&0D*^Lw~pyigmUK?43QJOs<s5PTVy8
zHQ#mlUeLXy$m=P8aiZ$`g<qq;Os|$}_TCv4uh&|7`c-!Hz9k=3GBhi$))M%ZXZ1EZ
z2S{)I(p_u=Qu}64b>A6YJ}@iGV11!~QKRb93p)ml)g&$R@+@{`#pK<8kR|`F`B95Q
znOw*++;U<%b;SHVPFhI%?ro;nO~J)&p*0>1AvHqv9g5Djoo(|&n<PS;29A$B{B$)n
zzd2P+{_Piq(xRnOxaA+kx7#1s`7o$=N9E16pQMs=-ly9xP1GC8v6s}*5OisnQ(i5m
z(R{x7?dGA~!{7J!wg^~yXJmX&0t<!{bVw}%#%;m0t2uHyI)JR47cL=3tbRDUx*Et>
z=VaM4ka@a!TVZ(P)7+GrP>ZsPo@u%`;DB&f`f#V>`C<3)x_XNvDYFCp$z|r3<SyAb
ziq4b)-d-Ijp6LX{-RRx9zkWu=(fVBbegmWOcmUre64Ld^P~l>3(*h0SW@Q8W%^6Sa
zyX$=}oD2&0z7gnSt>?X}Vm+XGtI)NQu*IOD%L!_-qth`v-(0b`o^s{(^L+U*K_6@H
zQV$h8xN~E}2MhPBv2BLIDzDB3b&=whCVCABs0#wb9m`72=TF;zjsCT(a$qE{Bj{3b
zfb%TjX!6Ib{Aa)Q`#d`_@DTsHTxsey+oW9$vq-Ub^`wE)c?<f&zua33jR)sPB0Ek2
zvv$iL?8HVscrK`SOZsS_l6~*F{7rj~Wl{MBw6lt6)h&EI`zhNEhD+#&d!FBk{G~Xv
zLbTE}OF{as7rA)Oo?oD8Lh(guakY`~R)$>0HhFtuM9OW0;bZi}LFQ6+fGPcXz_F8j
zrfKu(XTit^gfgJ&kIdVjG7ArNCHsgijc@#-${d(__k1DgLFQ76cG<m<)Tvu^?Xz%d
z3D4Z4D@!-~(zeJO*cI1zt_KtbgI2D+G^l?4V~RyjI(2^bqV$Vhk@&DFm9YoXB97U~
zWMdSoWCJhQb|-IDa`57dKepuiy_Et$<@y<_4@Y{sqkO*1*f4azC1<6ty;JzRbyJIl
z)xM3?drQocD*47&{jTl72XEOtk5k)zrzdSHi~`PVugHJ@-0Bl>)_sJU+p!5R7hZR|
zSlZ{yxvmz0t-eS2kK?)*i)jOlhMOm2@ilM0Q6zU!&XFzm`F$MLeIA?=88Q7R;oy;M
zquqydfuT<iLv&ZWSZ0h=Z49rvabx84>XBsQ?`M0<@ikJrC{W_p-zbAjwS(1Vu1d})
z`3`IWa3&iKQ$jD{raRkaj9AO&X&hU%y!}YstUAqX;E`$!`NP)_?acvJm$ZXsFdZv%
z#huG@Oqhb^M)cZibw{E_v+D_pD+OLo$=bHc7KkV7^|WrPrka17DiKEW(ViZf*HnH=
zQO7#&m&M&?eF@6K8v8^spM*nR4Y`LO?O0bOo;~eiPx!^2xa9{n?DM-_I#jElCBS_5
zz;-_&k0G#5xcbZn<D!)V;&*$02SZcUbkx%hBw5_mdwl)emGn|!(35WXGK%uNJED6}
zPDY#9`PL$SovkV{Ey;5gH9mH3+0omRVKBU1Z%Dv?-(`=cl5cMeI-VHd4_!@rKb2Ws
zcE&d?8Sr})(h}<8^lp7vL7>3?{N^QQJLW3cgsqAr>K7A&8g>0$WeT=GPUt<Oyx){I
zm{Tl&pmT1tQ6DLv#P8kv`s6&mD<d{vS2jj9R;z|9x+u;C1@^WZ$JAEz<li$_oKt-(
zxZX^~sC$~nH0pHcPSK(yL4AMzx|wRzz=7`-J>ka5P0MMQ<YXK^N882Uk~$cpKUE^D
z%!c+LbdEy$eLJYC;+J!t#|y5f3sy@;uTUCzu?q}MUwKuzhVHi_8ETvH_l=4CVm_ss
zIrSKG1)FQjYTot=T{;=lHvg2y!o+1F-=g|jKRfu5`ZN1ObRMfpfFTjF#<OjY&vV}0
zU>N5=@O;PXulRf@qtAl_S2Qn+HIa)1=r7ZCh>rpBzM2~<_sD?j5vzlz8iG@-oEBtZ
z0lxu-3TM8xZr2C~M@gi!!S1=vR-zYV?uutFt_ztq7wk3}+OIbQXw0%`*=v_WJEkpl
zw(;wW?l-R2e-k&Y^!7cj4dkw*`yb&WxqVu5&--wGQ@81djo*{(8FLgYUc&?H{r3wO
z58!{7Ce2-_D)e%(#p&(~&%1|~ue3>3xJ`CabKCj&l{x9l<CaRhExBaX!RKPqyC@XD
z#{O?h7O(fRbSfc#cApVjwlliWzrnavTjX+2W=nw`&TLLaS%Us{Q`=x>;Dv<VD_1a!
zA#GSGYQ!|!1+lUYSMqE7)cpsnT!v-bP6Y<o77O7-e({uRe#`H5{nL=9T#}hlddhL%
z)enwdgt&#-8hF3+pz`^+NGnOaQ(4H@j1|AACSN_Ov7m-NN8G{f^Qo6oxv}a%!N$<b
zw^IpbN_&k1jFYF=4?DYQrpfMnW@Kvr-PGcv!Q!^58=nAWBQKXmdI)>Qt5QSe?!%Qt
z_cm-(-z@3o*}2YOwrQ@Ig88Foi67?3KAoMZ9w8v)_%>?Ux8KW>JD*10mbWy`oL)4A
z)I@i0d9-LznA3ODxSm&gO4dzt&^7e$vT@llqi2dLwMEjGIGZ#tK8q3KGRyB<yvnoB
zN+t3Evt_i~kGv-4(?fHmEtsty>3UIlg-Vpq2c8jiqJqKD?1Yd8teDB8%i+L@J1qh-
zQo!pLStku20~HmQ<0&t$ndphi^NBIGevy8QS5}p1F8wlBzgs&nx&Tu)Ul!1;7!f)%
z=$IJBCziw45A>I7x2pS_2VWzsN_ScidbirTeU_nEs^~}MU-t>zyL)@7EWQ*k9{;Yj
zr1-I`__aSa8Eul?9%lLb>}b~!xwohJ-+khvMMtcfxk4=^A#?XB{dk#0Q*x9^=M&XQ
zwbfz9aZ*(+3Ze#zb&V%&e-)I-f?rc&w-GM%_KI1yZt6T`z2&<d;G<MXSwr;kR!EFd
z2jtRbQY863`t-hv$5QITrGs4g+6%8F#<a@nFZ6z~R+;~!v+TXxtanrV?}_(4bZg#I
zZYu*k_zD@h5(@6J_#DYjzK8O69IP~M%}tDv-!N!+TKQf^^D)^|ayegtsud3Q{f-IQ
zxJTDy9k%ZAq8%`=CEfB`9<FHI*6*x6XdA|VCp9(sr8^`1uylJ`ow~K4ik9D?wK$;z
zTb28;T=-V|Qu90c9X+}RG1Lt+ADSFqwe^IEjX2@)GS8b<-H%ei9yK@Z&JT$VvD+he
z+_P0&k}96}pvzp;cUtPS4#V1j>-R+}519MB;<E(nef@0{?3p6kH!lS|{jLArne88w
z)_YzO+liI3m~Wlt(bzDUc;@C54W+a+;jGB1rK%n4@pk^?y~P*e;yWDm)TaZtJmS~U
z+X~5iZ7($>Mue|7qzh`~@g4ClSKT6F{4`K1_RzwFW}>jBvs8HR^y`GnEg6#L{$<^+
z8mreh@k?43Wt*LNlH0wg?2JW!(}~dcaxP{;R3i=ZnD!R+Ds##zV3C%6=L)&1^G55A
zh^*BF9Krjqw@VvX#krNeZS82sVz35=hRv}7GQeRe{Jhg!&-w1^?9c}aR5LK)SpB4Z
z#HfQ;v$~#~DEwly>L9S_(cL~!LkD;2_E|TrRQ+48jyCyDd&9V$?=iortMK~Mld`~!
zy}CX%^<t_?t3%K7hsIUrrd68Us`dhc=WOD;xM4_1YwEWm2Dm>AUJ$Uiak4J4^p5#&
zElB+P{G-p9^*;vv|Ht|72JrdM|DON-fB#G%f9NxiwnoSIZ!6<Z)_;ix`eV=kF_@?S
z@BKgj$fJwHiQqsG^=z;NKYD8&d<vHyytU5Ikfb-(tpTUx-P-}X?-s!rU#_o?g#?Ca
z&DkJ4*!hA4_=GY2q4<gSZHwS^MMOkY*;fsjGMIjF{rng3gdq-5o-i2n0EdhUg7I@a
zG=V;0n^~E`H_Cv@C>oUN2V%%>78G}zWiIwhoG4Cij#w}v0vr<tnu3P#wJq%IRCsP!
zXW!#8DjxBqsz9w_@tcQ7IvmUh3m}c`>gRYjQI9XoEf~EU#CAB6Cc~$ov?zoK1T8o~
zGbC#ciLMCjH-$uocyAH!D38Y$3>N`WhbZh<^duO0!45<QZ7Y=m(Zk;-aHfK0up^jE
zLA-W>XjvFC9wgvFjX*4%2r7t+dI-cLnIjQ!;h|v+|52&nI4G?V86jXbh+rZT$>pPm
z_7b`dIJqld8+GNwP&AfPel#Z;gg;>-i;Ora8H%MF<=KZZHVgu<2qwhejZ1?9WQce;
zDTtnsfFNzw&^XYPam_*?!;nTYLgDS`P}Z>97CGCMpv@qTl`?fR1%^e87c*O`keC9A
zV?_(q>_<{1V8<mOPL_ZOCm^!LO{Q3)9_uxn03Z4~Bn<|Hr~?Tw<|B}Zq*Fmz#o&Nj
zsPM5ODj+vAxVOM?Znz+gHAwg-e;AC52_$H1V^N~eFeY3{jK&%~h=H1>rG;G$eG;Kh
zZccDFM1AHMRz|#ikHu01R)AC&LH|s^S7=;8LTQZPkYFlYF?}o)1A@9ZHoj{i2+0V+
zc|d~}Bm-s;#5@GG<>W?&IzB=Rj|bj#sDFe6X`)agR-y@%27?L#tHBJyBZ3WCi(v+#
zt&2pe&%T(-(Za*QW`!`((1;UcNnT>*0AC0uOfVARwiNC>Fl*NYhWG~XHWbe*dMb=k
zLq-(zD;kWX<Lznz)GcHC4U9tkQOAK%KqhRi!o&+$O~A5wL8egY^bk6nLIoyZhJ>K#
z4$J~j-4CmRXD2{LB5DwW%ETab!-INwZsXa}zM)&#(P(RsMvaTr;v{6DmN+$KbsG%C
z5G)+XrJSH6h4{gTXi%Z?<_8Q$piyid!apY6-NpNik^@UVqhvC%F8)BDpn@Uh>!GPx
znZxz><h0KVMVlZU2mJ~U{H*c=S)XtcEE)^<a16~%&jh5IaxwumG(dJ)P=uBi9{C9=
zGpp4|nKUnOwHd-0EiDsnPw?^cV|O4}*<n(s<&Z+5wc(L2Hxg2|uuwmk^ISEHoNQbe
zD?&f&&j}I59CGEz`uzh@{=MQu%lrEz2u{eh9|@IP1GZezkcmZ$#{K8gMYE<M1b-$^
zmR&Ip?yLh}aEZ>s{-bR-1Xnf*{u$1Q1%du~>uo&bnVS|GLjEk>7>F}BttSHSCb2d~
zK^FX9K{q2A(f&hFGLDT|n-q);@|a7mKLMN`W7)9aw3Ayl(C9GEWQ7Kn9~m}KJa)9n
z%SL&Ro$rt-iKCJx9IF}r#Z@OQbms9w<5@NX2DNMvmQGR?eYh%|X$P755b_11rmKmj
zKZI!f{Kq@TL23(wh!I-E`h>r*ZBlf19}n1?B~wJb(e~+iK@~?#4lIX3JaZ#q{M<Q_
zrOz5xU>Yp~YeZqf2bl%?`k+Ud@f42o8Y-G&mB6`-Du|UO%Qj^X$}kZ!gCbKW$TOI6
zs)m+{SRIqUcT51vW&@^2W4iGiwvItTb991@e*PKcGYbgH)oHGlkT^hfRDD_5!e%LQ
z?9`-?@Sj72|F6fO(YlR*`r%5C)nX1TesVqLws@>6jv6t3q}5!qamo#)<HkZgdm?4$
zq0u7zb=~KE%^~AQHwj!|##RAjmP86PH3LW4mxKwd1Ql8^f^}up4Bn86v{?o1{oL%e
zIN2jL85N_=8}nDRYqZe=lW}w9Y1>5FHdeDla5&I{!3YatO(E!ZK^l4he@G~I6CX6U
zj_x~%@derP6!^-3@x4cwGvLseR5~>CAp<0Zb8;BWr-^B}XZc~Qu;UN%<0OR2M(YZv
z($=3eKZ>=Di`6oFXZT#O$xF5T;m-QMUMOqbYVrb+i${Kt?<hMLk~4f%BhriM)OD;S
zLr-`XfYmfy1(Kc$9$8O{#3KRlRtzWvS$kjwAx(qAkWW?^OZTBr);Ba9ehJ2d@c+=e
zs|i$(pV(`_HHu*>sCq~vAz~<Vw7$^m9&6%d_n8TnnEu-<v;WL9@%sPYxcCqJ>H5C`
z(a3P@`ajX|-}C?fk!Q^MKWp(H`N!JVK!pB4B7sDJ{)o^x90bkmoYjAxb!>P$49}`Q
z_srE0?qREV?qa{r_!WNkYW_rP=j>Ig<x7@XgZji#3t27>px$O%)*}L+>jmEs9~R6y
zC>F7S;Z*uW6Rr&hzq#?e%T4l{Mq9(2cwHE>l(}{nYBrCK{vY<9wV{n1$<OIup>eWn
zJ77?&-z3f*;T3j5;DDRVT*xx&mKvPcZpM#5a=H2KS0$+*egT<d$;~c38QiUws!CPW
zrB_L%x9F@D`*N~;S57&KRC{}IGv-kBMDlJL0%_zMbDHGU`q3+F{uR6a*k&fIwrODx
zC3F_PaOj;4GH6M8rbl)CQAcD1#KuunA{*+tWWj;RK?gdnT~gny<GHA#&P8Upxq<-q
zP1YgDQ(}kEymKrLqO14Ey*jzbpgqgv5UI~ahNwrfvAIkjOA~6l`TV)M`wF)&UNjJV
z3lo}1_8w0L0P(l6ITAzyb1$I%La2BI98^bOTqD`d2=AVOvW<F~7H|dUcH?T9K-c<9
zlQbHQt0ws?X?$)fl#SovStWdF0?NF^&YTioOo`9x>33D2Eb*#Z0t);cQQ+S%l}x+U
zO!_tE{aS*<N`I203<DA&ha^^iJnE>LW-~R#ilWXD*^A+)tNNfQlCqDal|@U99KZA3
z_wE0lKjB2LMBsDo1|c+)S29e3IPiSDXD*`w71(@UC3Y+lDdmD$D|(fBK|)iWVrGC9
zBtGMK&qIg0zU|<BDqKJE=)6v?2I5B{jY6R)31iny0}U{R%Zp=MrAJ;Of_O0{ejHI7
z8W)W*3IjV**ts7>t`kZ{VHCSGWQ!?DeOofmS3nZ#(%5mS;)(A`k9&#|8O44QaJ~?T
z@L6h8Phe)sT-SCzMTrQxE&Wgf351izNw^RQv!$H~sU(s(PCx^p?o(HIRD^-5j^}aP
zg^v0nAUu+ejHssyCNkwts+jBteoC2$6k`SBZW1o84hVrek*jzT27#TLD)=H2e!+0*
zIU!9JQ{u)_a@SR4$I$spxx$|MaqPyvVsb2FU`aq1^CXPoKqiV0l5?8{sZuuK%G9Bu
zswQ>A&=yeTh0=+HE2yKeOJBrMBvnB><t#`ve-f7`p6@RPlDaHn%v8r=JWV4d5gr4h
z93E(fM-E3s3pLjBVlPURZiFdKk|fg1Ol6w7fzqGQ3tdl$YrdV7hk<nU_aa#$eW{qq
z9q3;<wx&?h(6;$CY9Dw`AVY;c77kCDqj<u&2n36jDUfmK3n#L52faEbyUYf{VWZ6K
zE1j@GPt^wYsb)&Ann4%;0}Lo=WzPD;bN8v6&sG}<pCFHhl1~k5DDOTjEtS(!jZa{w
zk#)^yP~rs)vBU42xmbv+vI>UU$*JB#+{ig3bcKbUWy6ot^%zJ`4ZGjjI&o`zV{`pw
z80kc&6Ql6u`sT*=mQHkZqD>v<xq+V#x3Sv;O*Xcw=IHwoC#sp{qd^7@%5aEH4fJ}F
z&IRw_$^4Zz2e&>?4Z#ihlVa{Ild1YB`ReIM1ah!`bhK~lc|Ema@Bvp0l)&L<sa=TO
z@Bx38pfN`dEUPLnt2#E9NblW;_hbp0w-4{185PFdZPVMp`(+ZCB_{=^jZpGuM}v0^
zc&Y&BNEG<Shvt%PP{7SImAeG*Kwg_QOLz#M7Vw#d&kTG=LC&!h@L3L@Dfp}cAFFDY
z^fLwDDd5{0zHQ*=jL}#M_)ZSrQSj{we5@-g>9-Yp_C8-UsmP0ctGssR%d6o%1x7ai
z3g$W0bTvM-Y+!Qm{#g}BRf67a1h}(6fPk=p7;~h}9P1LD!0Jq3MJ7hKk?YO^xoWg*
z4%*4evI(?G-tKMWy|X~x8m}`4FPp$?PvBL0KyRZ5&bR8ps|9-CfF5|Wdf+&V^?<my
zQG{0u6u~iiFohJ=pn`N(4Q%^1dhlw29ymq~rm;>|b&eMJx6y)E3$(y7N-&L;O<<j)
z1I}%9!2MPo*j=Cl!P5`38sJ9PXn=nk4cJ|v0fE+lS@~B`&XGU8jr?~P$Uo5XpOt<E
z=N##Kw~_wt0_g`@`m?gH;G83Sdx7kydoHSTH_CKhj})Dkt4W`Si%REC`4d!~18iTp
z0p!Y}Itc9!=#YB6LO*~uj=(kSW}}$cQC+Kxk!sAy^XDWaU#mUY>k5Dtd}9gwTT2**
z&2S7lho^eFsLHK;=0<a2^(lH4;2{17{drxzvt7l89A5*Eka_OlGz3n7DQQ6_Zz2=q
zdGVs*u$Ib4uYzWEu|>~!s|6!Gn|uxDohWIMJ{}&}EvB{_>A2e^zN<yu#9TJylKpIa
zb`DyT^^`PWOhWbXb$I?4rcBO_kp{Y9x-EpFh6WlGTL4NQr!@_tIIbo#r`6zbz|CoQ
zfUN%smz}QBM(sw^ANTZ4))l9k38k9$<)ul>2P36Btna?h*W&@kbH6Zj`Qo>7T}3oF
ziB+s;bK^6}`)6uNeb9kl;IvsjHGVU>XBxm*QWOGPeOFC~8K)dTTT+bc!!-AsQPe?B
z)Pnj6qqMGzOjO3!X&1OuiUo3`KJh8zB-O>JS*a$jMK(YUTF@72&O&9CC6w}o*0(=6
zZK;@QWGLPlp5tM36Jk+?JNZ*}BqgeTPo~fhK<U&-Qk()e4frDQvg-Fta&^&42Ydix
zTOC}nMcMxwejRH>rRnUePlvqwNsXsI@oqMdYWQU4^b~PM*cvwsQdCP~9_{zKF*A?s
zy|%yR(Rp8K0t!~-O5eED%4c}H)LAa*UN*TaYE-HaFr{Lc3=p(OrWw#2HR)oq;Wc%5
zmNyor63_Am%hcjo-e{U?7&35SIwvt##fhndhFB)WME1YT(%ijV3)cUHOz#fI_3MA|
zV9%`odEUeRpL@Ap@4h@-Km3KL<GV$-YgJqnNbU8QLpQ%>85aVgJO!++pAYsAkB_YB
zb@+$x^3QiI`2NrD630#7zw1w*|K>8!dHDYC<C<RoKUeGj%&h%8@DE0xYt&tHqv^H(
z$(?__OpLoS-|e?@``vwMAJ^*9hMX5Gr21)g|6b_>kgtiGQ5bGl`J*f2w{R)Kg$=W*
z?|TdEj;{sZKh*y2aNO|y+l<ca|Mh~0^B?c!YTe;wwOXYi0S!{7#GMY&>8`=e)IQ=n
zrNTlFl&<R0;G~w0ajm?FFsWu<n<00Z!8pxYma$|F<ucf`?v^-UQSL~s!YSt4L5rz?
z{0MWE(~PF88P%cWx#yCO4UmugR78>4Z~&H7IA|3?3O?fa{i7N+Lcb4^bxOWr&G<T<
z4aafg<1(qO)Rs#xuSQY^q##8ZQ$)v|Xw?2f*;Q>hPsLFj6swd2V+xP(_n*z6{>iQ>
z`=1Alx>FoC+JENE^#A;a{@=Y^kF~|l<z6+}`sfEn*X&>oZl+AOb=*cfWc}1Oqr#2-
zH`}{AZL+eeV~C-zw(h+>Y3O%gOFOCjjntmZoUu?NHILF70NFcOKR(@Wt3v92bN8^h
zS~*`Kv&`uV`!D}?)Fye4B_oxyOR}=~e$xVEm5k6Z;e0$i0U5h5->mO#HOU$jKzL2-
zk-WnAU}SH7WB=&q)6K1e*ZaR<H1gBq^~0U5<95xaD^BehV%TWn-|g4yJ4bj2&`$T&
z$hk>cnw|=Z9D%jCW^0RUomh`F!d6nj30R)|`*npZ6J~2|iW=)t@1y7pNb7=VVZaMj
z8b$gjxtJw>D$}ZNII<Z)m_b2Mk4MdFvXyit@2^>p20hYBbB;`t_Psxef2nJM{a?B4
z^zRJEP4=Jq)8{{V^kM$*ey%C|k8)RSfHU0&cxzs8V;fMIeBA^fw2GZRQFc21kl!my
z4UeUPJ}C|KN`mj!a<jLZkk#!>8@t@#K38V^WWE_!;lWo$w+nw{x~4N8H*sd0tisrT
zZK`N)j0#KFoHU*%RpYt4P2TJuldYe3kB(<;Bhe;tBK<@g*6iXlnL#|2?W8cRbI@R>
z3HZj|BH-&R?)Ls6`AY}alpCg|O|rR9gzQ4H^$35b=u(fzD<Gu&7Fxy!<NQx{P1*m$
zt@X{ltvkkX)BLX=Owa#1o^3za|NFSmi>oy?mHXPnV#-f$E4RVUY=O0|joOMf@BbJx
znoPxvwyH6s=ZB0|uF1)Gpu*PWC(d<-c@uS9#Gb`{#jiX4@zpBy^jBXVZ7!1wbS}|h
zj?L*>*p87RhBBn})kb;C!q~;?PZ7#i#eeOhbINceFG!Dn&L@}9vqgu*13*xZ70Wu%
znAARSg-T?}xCbQbn9O`c@?bpLl?G?CaIY#(ui##_JCgs@_pj@FN3iqjrv9Jr&5Zvk
zV-Mf|eO!-8H5_#jjTk;h>oGa{42s;V56cMKm2kxkeMX%*0HVyn2bI{^YVd73H*Esi
zJXlrJud9$B!z^PYV?cyo{S0JG9A@J|A}i4Ih<OzZk9EY}JcKvkgR$@{%k+UJu!0B&
zatg2MvR105itfJIm?&zpVPVg<pzQt;^qwv-c4mKMl|%nFX(=p%JXZD$?Thtz;(a{s
z3$Q1xaX&wEQhe_7UMD&2X4%K_g)X_r6F~8^WtkpXn?M(An5{hd$q=5KHguhl14wM}
z1iFsG9K>OQ&{v|IuR)%)GZ>auQB4q&r^Kd|ERmsv&tFWwgd%d~tO(@2!btlC@hDv`
z;Hzi5crH@3=qr;vZFOd5IaSdnD=TKU0@t08ryDB%c~uoLh@JIz{Sf)K&q(Vn+U-_)
zu)6{G_;_}PBa)G9nR)2e+XO6di+4L`_|WSNF-&a>nx#>O8-s_C*oT%xik1!_j|m_#
zkzK;g<)8zg^7xIdw-*^6RWfK{aQkx$bOOdHtzF&0hNq@_sLZ}tdT@f%S4cGW#jy~i
zgEpNds*-BJr48-WberuFJH(+Dh@;1cFxry+^J2;MAM*Xrwf}cI`oG2euj5bKf8TzX
z|Gk&%UhRLfc7o<}#Xf=T|7f#cK?Z%;n{9oW-{i_kufBrXnp+$gPugbmp87Le=9}#A
zD%f9R0#_?0@LH3Xbf+v{F~Ou<OagQ<0jtOCH5ROSGm8x0`|J4UzvkNi@!(Du0B<<|
z-=@y={IBb=hxy-oxgP(p3N{To#<(^|-r=&0`B2d#fxLgFhP)Oby-yP_%o<<Xu`HRK
zXQXyK_-xFZHscsczOdHHC2VD-rjY2+*I-2p*yw8oRJ4CBUj168o`NB2{|bLFwl#TT
zQh&8%SH-EHE$i90D2;^U0}jk*-(#s?4M(2j*>LATtyW=)uDEJf)S=r&&RX$uBj4(w
z`Gqg=aJ*JWbFn2!ZTPhuWqd6_e68gy&OyC_4(edsCv}{2sH@qCdUg7tUdvfh(xo@z
zz&N9r*~q6p@NENO-~o_8JBVvQumNq>6mPz_UOrs+b4}TQ-2XGY>j*G^ApT3>2M_UI
z?&F#(fBbugE}%Dz|2#XG9{+i+|1ke|FBi1`<s29G1h4_6mQ`_^#G}{va3}|(1}@Ly
zfsT!OeVNqj>S$W{nSIUG`BWL^I-%A7Oqu+BGxydkybC+ZmytAv6@SD6?y&GE9LS4C
z{e*d5y-4cHK9n+Eh1L~mPvpgE2G{e0FskDwZc1mVzFNLg)J>qECOd7;E1;=WhlfoU
z)U@SA^RlLZ`6>A@!<M=EE5(4BfI*j4g%`X-|5bt?Gz_Ythx4(YT`E7&VYN2KFSJps
zDNr@x+9FIu6sDBMjJh%kDUG5~CTZxhK-QXbOLJ44CJB7tag@;1j(r|FcH%^lWPTI`
z%=hg@#pA>Ph$#AiM4^)i=B6<fe&jo8AXq5vAPv|80QqKNy;fvkrI8;4Vi6>95ILdn
zn8#V_*qo=fZwtDZ7#N?Qop(Nb?DqQE#cwb=AAh>M`uxSfO`J3ljtG1^V$y{cPNcCL
z`ANe4K-x~c0PgzBjm@p?omabm`|<VOoBf0TI6ON3&!67@{L6nW##rhu0M!Dr1DD59
zC|D4PDD}AK+jhc|D0S@!63}nC5c~xfIyg)=5OOeA@Kw#_^<~e|I#rXA3_xyFBr<f<
zl>3rGLhPj?5>AjN^D8+G&CQ`DQbdx*p)FGu$K0o05+|NyGVu9AQA|Vga%iay>J<AT
zO(Tv@q+aNGEb?3~s7QV9cF=qS&53Ce@+6>68nQ5^ZsI3)6hO-byk>TIJ7|G{=6fuT
zpr}td=wIl%G8PQJg}_Z6Pe#tIp!vBJVhZr=)QN1*5xx!8q(1dy$)dpZeQ~>*`neQf
zcnu%1a6=k<f$c^fcR6)@2fmIpaQxtQ&~hmxf$MPBlT<M2^9TeQdJz{~QU++8+tJ1f
zp}KyYFgM~J57WdGK4VF0v&4mez5_sS2`-mvXxlWBGVwUKIRh1rJ%<IcO=XnWevIGK
zJa|^E_~Pi@+|`utJCfuDQlu_tES63ZftgO+NN^^ZO#@I6jwIosTO(3ms^ivq-9U~q
z=%?|1f_oaEx5j1~P8cq#*hWLscIww0PiFofbKXX$O_9~=Ag_0ZXDS?0r>TwzL$7?3
zHBnKd%r=0u(-+wG)>okU7Mb$m=kF3Mqkfi%Z4p!0p#4-fzq(ys#W+LLWGF~xyGB{S
zkfhOQ;V3lE0qoO~4>)>N=`SFCwMfS>ABGy$5ioqx(S_<)<Et@=dBXd=UX^@)4!_za
zqVBMZgU9cehwxAJbQTsdogO?X9XmYV0)WpV<xoghK}W2p=sIetQ7}MgpRf~0H~qD|
z<5BE|5vVsMqB78ciWE_sOP7wSQVBuOv<f9tFDC$EK%Kuoo=O#vX!3g%p-zrfheT<2
zZU4vG!z{yhzoy22pA!H7Mf_KXIS=Fi`?%)FANRnDZg)itFYX4%_2Ykg&ib$CJota#
z&-Iw>b?|WQEFF<e`AK&1U~O_V8jDUw4zw>H*+%!b7J0*avRyOkQG<j7o_xgd*8XK*
z4%*M%7uL1lb|hruxKHurxYHF1>@vp9>G2Wy$*gVqE0hA5r%%y6S$RKi?jFM<t|Q_O
zoa0{(wn*)5r;mq?U4?#=Y-;D3)@$_mHol8BJn+}1&`a9b-f0_>fnr^5Q^w;n>xaFq
zqoehmtzsP+XUp-pbBv|Z%N^p$aYkZAt_q}M+#AUly-LWNz4afrmP<(Ep+4Mw%j_XC
zK%o8Y^;CBS{vV9{Wr6Zefg-CZ$r-!?B-B>sW&I@^6X?K@;e|{(>1UuhU$)aLx0mRo
z2x$5RiDlXNvsre=wHn+?ibtyxV3G>5a$b_!?ewJ%Y6Kl(JRWxK_EaOhLQy8UUYiHy
zAR7)l7;+>z&pL_m1f8rCAIv9U2FsyT3mrAmh&e8`K-rtMrFjiNP4*uJhidy0V`$|c
z6FeUr?jMl#Za2F;kb@0X%}wJ;mY}l(&GQ^3$tf1Y53eAsR(<;#yLShCbWUoxytZ+0
z&`!E5@=98J$FJMHj?fQ>M;q-yqHe7pcDD&`!2=mJYidNYh=o>;>E-&-7RJ9j-P_(M
zsVh<yhfZG?&Ki?B_SHEHr<<JtsTGi`8FtabswYJUOv5$Vj``qB8aTz9|7Gt@0OYEw
zgyGHx=?9nqK~Y>@$}HVbsp=&Ou{#~pThbjmozUGOU<jR8Rj<0Asj64ht4epXnGh6k
z{F$K0BFKQoPiNpqT*h%mW(<oADmXAAf+G&{;qQz(%7}yT&q%(r+<V`BRj;}`5QFfg
zG;}TZ-R0bK&wkITnAD{6(WerNQ4At5Jk?p{L<D5w<rC^1$+-o4n2$M*<d0E4&GxP?
zo<Ho38PB;Hcf>X08;8vJ)@C!l{#**Hh<5>2_4YS6Md)pRS9iyj_56MqzVF(!bx?fT
z*wHE9ZW$ct>g(eVeOubs_4aiSo;Ntuy>VD1=z*WkgZ|fbnen8UNpKQf!AbNIRN(&{
z7-wac;mtfU2+Q!th}Oyv-HRN#1rR6!xBXS<!)13CC-ShZO%1TDF+^tZ*r7i`1Hrj5
z;~7kp-ni0?r_^(zP1T<}20NRZ+7ez8*$5pwtyB6@&PM(a_^z+F|15YOuP~KA%s+ur
zR>;|z<|ewH16-#d-j1Xk@ebDF<y|*JA7HCenGx}emD*+HWixNo&d7d1gZAH9rK0S<
z<fQo9R3a%Gz}sYAd{BU;+g89)MuB&<^fs?rDP}GvO_)Sayg{bV7sU|W(KCXwF_H{*
z`<0|1{0ff2XiN38gAWP9&8%P$88@iqECvn1GL6AaTLwD2+kh_jVn%x;>Gk+PH?ZQ6
z=ElPAzQOJ(DY;;|uab^8R;A;j-^r<XNTXLz!y8{S4G&J|Fi`N6pq^Q#pdaW3Dw-;%
zgu{oO60ZM1RdQZsMu(5C|8Z9nO52AInYK^;L^y39o}9K1AEoW_6rQ1S8ktWeFtEPG
zv-8C_Ai)n^(`0l%B?!O1?n7b&K)n0AfOh-30h1j391!&@CGu(w6mjGJ))(AT-i!=#
z7&YqIp3eok?6g(N6o=t!n4=j<=JTz|*5vqjYa!VR%3*7v)lFquL3d~!&3~{pVHGvb
z<@abPo)wFo5C3PfaX#J^)>BX@CZ;_(S#Qvjya=8=)JM-3sY_q=ka#0Kd{q2~pjr;&
z9@|O*6sLgkD1b8GItnlz&9*wZ%xi$?=xc!J=%KA`!1ktvK~B<bO_mC+iEO?V&Mn|k
z6Z|W-!s%%(jCidhPP+Aj`4RYM(|;mmgW`K}1o(s0m0xe`*qi?qZvTDV^Zzbid9?oL
z5qTYY{@=!<`G4O;uWIMt8#{bsOm+XSv7s{mchmBt=l@8&CUMtnbqhPayd~IwHAfBJ
z`ReUo-x6@wY#K1Ty8F6^K;!S}9mI+XXAN#{@9Z{F7hDK(#NmAzh7cH9d@DIigVK>1
z>Z~%vS8c0TtT8UWm`g$=NB|OY55-Mj%tOJ=aA}Uz3i=z186t~iXwyqCy;SRcIrmOq
z9`=>5&$tOI(^9#Z;2fI&m~(i&k@)EARlhX)KW^=^az*=3BK~7#!^)%aA4lR9vj3QN
z=CF=&==;CCdBxHApCj_Bvj3&Sc?s;$_kTr0L(|dyKN7F%`)`kfEa*^1s!VLOn9aQE
zF(#M)m#=7UDvSSWYG^*1|NqFmRxj+@)JZW_xW(q?EggNmon~ZNJifKLGam06>N3ym
z8QR!~sz2qSPZs0x?tZ+;Y(})?Z)44r@oi`zK8_tV;*;VnrPE0kW2s^)vc_1A-{BwI
zO06LwdUeq$X6!YXJndXYLAss1)lQg$c3~GNB;6V+nj0xSzqdNhk8u~2?XzHK+9F<Y
z0)8E}?PA0nE!gR{$fPOi0NG<n&x@F7%5RGl?eSt9KgZV?wX3NjHa@-#Z^P|si*$l~
z53^V{1dZu}HhvOM;ksI>wuomJ+qMj?Teb>&Ssmw<8mkj-Y63o|oL#1qYK!30mIJy-
z1b>v@!rW4&WHBPvRrd8T`Yj@BR$J3pn(V^Kj+j;kW+{P7ePB+{wum_Lu@NU7G2?4i
z$1U+t90sm31-vK^Q%E=?YgWU~y19`xqUY6d@p*Neex0O~l<g%8P98(MB5T^q_nQhG
zbgu8ER4}DHx@bjb{Ks6qaM`i|xXfkCbSP#4umP~<tX<BC#lr#aHTqMA_ps9?K*`!#
zKqDWvPA+AS6XA=j>2b5R0*-vqLuTMrrGxjnyKtK~!GCu-_89iGIu1>z`83z)i>w)>
zzlZvC${ovPTno-#mw0!mJpk#$R5<_!esieLqw~Ve!AXHN=z(sB+7IG^mB4I~Fqh5#
zheMuE0rNY;WIFlHp|1x{E}qd&eq&bKl+|$^MfmqJEX!KClHjkAH5=)}AtRdB$9qM7
zhsYX{*2&3@Olx_1A0k)9nobdc`D*$Q;ir)`1N>(C019+12+E-KL2FziFBR?N6f#cI
z&Uv<gXCHs^$1VfDAfK6%l?H-o$8vTtE-0v{#3AUWWUa&BW$>@oA1|PsDrwY)2~&{j
z!%2wXv!hKol^jJ?>(W+)2yr;mgJ+Cdcs7rV0ha06lyJ*3)ApFDcOnXMc{1l!im9rg
zdz8auVktbCwwyv{LR}-XGSDy9@Xb=f*HLSijcKPQ%mP*DwNoQlMidj0((f2D?b&vg
z+mt*zUCLnYQc7kOL-^#i`S#|_5sCrNL~(qWyPPD3Gbe29AjRR!n1~N!lyk5w$+$)>
z%$r#7Vx|c_WhYD|rqFF2&4QCICMKXyuV|h{?9fa}qo!BS#ZR52nYTtTO<67_SquWu
z%>fXwK5^bEK%-K|DnQR;)`W*CZGd86C9p9&;W<U|FnqA`d7R7;CA`62-~>#VE-Vdr
zn0OS!3SbhjUKiFo;#wIm3O!Q~xKIux7fX!t<lQuaCyNs<6nWnyJS?+^p-=(bb_FNV
z0z=wA2;wawhrA?M9EHspv5OuhvE_<E9x`1FBF{LOF&A(CWBvzR7IZ5+rE*Gn6mB@-
znrODvGq()%MF}EUb_kQJaV8$ITLeBBi~7R=Z_my_xAND5owPB>m}z+?)kU(4m?>Br
zfrI944_F8Q&`r?ki~`(%*1(>P+0;Gb6LcKGM^~dYc1<1h5QQh}SI6nIHbA5Td^kHf
zDGQFlgjlF&>+_<FIV5ukFu-~p#5*~`sA)U2|4Amk(6c`wXw(ABPt~QYqNQe~Hm3l*
z5wAyNCg_BL7+I8I`s(?ZARyvl=sxY(8F9ERS=GudP<G@(!J0s168S9kHIFv?v?uAh
zJAoZD*%2Qw{RdE+W(`7}{EMJBcuxT4oQ4^f@cg71`QcQ^Lx*(8%xA13CN1W30vIW(
zYr#9zr))U<US<M%Pr7*r;FvDBSz56;n+{$*P-&4F&$vPh!oOhK3Vd|hBn_c%B)w=+
z>t3CQsU|a)=OM+VYYjk&xr$bsDWzcv0yrlo;Sj;8-Z07=c-+9_22oLtYa8qyNw(hh
zkY`e`WUNfC9t*aIi56@P=v#@l$nC#S;tYa8;e`6KU{8H;pilgcQ~M#N6*a^k!F*A2
z2lSI46{F#V<!~bNBCP>a*%HB|qtEw9aJ?#VBMOeNFAiTaNfg{MAUm>Gf?HX)49lVm
zozk;NAS}^qR9n9QT{#T6Ay6mrd(<3(_2#G-6a&<1+Jd8lOqsDmiGx^>=ueV+;3dR#
z0;@v)Nz?U2<ZjYJ%HX8c$f6f4so-ck=-@+~H4>U5arJAvIXS>@URr^7m6AH7kTHon
z!8B9o127C8#SConLXsHOixojUsH-GB$OhDHBG98P#10c1Yp^II8$cjEQmBw@hz~y5
z@ImJv`V2B2oEGmWB_u&oNZZM|%z$E`e-SuePM{)a4ho}@pXP|aqLji=_YnV>cg0XH
zAP|Y{@8#5k+Ve~SKmsRe27*^2XC`fw@PP3Qej@3>N8zlU1vLo8khD4_&<b`18Md8*
z=K$-)K-53<i~Hh+2t`9KGC_AF=UgOEm-#RdSW4PqC3i*@<`dlv93^fIs}a~ooPd^5
zfXTaAnD~ggcPFRR+hx`b_IA}Hma4-Rn}SRZY9vx_H^zSm8i^(Dw=qf6>7Hzv%%J?E
zHx(@f#nX>kD6Qcm1BVGu7i$8zDW#DS%I1u?f!MBiU@7NZC@BbKw-ZDziY)=OP8I=<
zJS#a$`2<`{eF#jOrfUuW-rzaJ)+2Nn1g=4MMDpsKG(KH#iet%>4lK9wpoLNv!Zq>y
zpnPJ?Edg6k;DS&F<~BGE=ZVFmsbkA7m^QIQ$3rqqvMCcHNrBZ_;jU~DOaXcc5092E
z_Nm*2OmzW1J3;pa=s>@eu$PWYj;}+8lgq6r*y4C4LP)>^mZAv-@G$|Us1n_#4LzL{
z!z8dXAMtsi%wbbeS+GH2JulpE2D<yGkQIcOM#;W&R2|eUP}N}1MVcg^0l_9$WVv(1
zDkLzR08s{*shz4WU8QW;4=G)x?5%bpM7ol6WDJg^)LICs?R45n;vU1GjKY8t31>v`
z2}D~d=tOx}kzytheV|)rQFzYr5tIutn{%;9y`Zimlns>PO^)`U36NAPb(^JhH+Gc8
z*)cqMEN_B#h$qd1>4HwDra=cxjBBELli}`ha?quK0W&-13<!QKU7E=gdk}?AK~)i`
zCuQMErN?7MfFB`yA=wqZXqgD(m+_!sxs|34+2eMygk;1jlEeX!DdqW;AsTtu2ERb@
zO5CiqbGsaXMV1&3X{4yTA*-j+k?q-5&J!A5k+dmBb4eR}hK4qq7hf8}jaxABiJQb*
zEHviWsEfxR<y|6Z!G3UE0{Eh@C>>l{ug!7-0f--qW%6=Jx1c&>oD@=!YX(P1jyUjh
z<rpa%hc?$AMs*pN{RKNis~hH)4t7^X=we(E0)&-Hc>#46dFKd73wEIb3!~--T`I01
zL_Y3<sDC-$BV4Ca5_~zHPcTenqbL*%I&BdY(n1C=0DuaQY|!$CvDZrerVI4=V7b`q
z6p+A}_><5oxUJ~EtU0ENg--P|TuKm{a28&=;?2_}G?&mq^2q&W1F|QRNGB)gA!=^2
z-8SOaZKG=UHH^|(wGb%;P7tgKQxsN=mbDDZvts+$T;TJ37q58a#Bc(*z7AZMwlct4
z_;NdjrUO^DGZ_y=ZYGIR!SP0kt@>aPa=Ic?Q9&aSV<aenvD%q*nBd0ZH9*d<O2kG1
z8A?a>Bz!s-)wYGTSmZxSfd!pH0A4e7kzvBNQW9b1tm?w?g63L}yBX9@G@FYs{X~X`
z$xkB2P=|{9g<Ww2c<!@f2|W+RT%0fq6f9|b+7dD65|djN$<R(m@pU;xk(LfGReYLN
zJ`!N8>Jn48Oh>@qS2?bt$hYA9s>-)n7bz1=BlSk*Z({NAn=A%y6-Joc6-Kr-Zl|n@
zlwS{~y%eFi)buS{Ox=hL#$vHJc@D6>f-nQ#RQ4$?4HoVtPd7%!w$w0ea16htMvgS*
z!~hM<Iwm;F8Y$UQBp%`VRH6_36N}-uoSDm1(mUF{Q;G}=TZCv%vyF%(nsSkx9|KEq
z6;jI(2~x;XSxG~4YG8HLgD>d=tZ?i~n@J=)fnP@8-SQPH;m^g}A{(voW$hz&1XGJe
zRyIT~6;ErHFZgBKHf8-^k}0+-7dAPnH5Ybo_s}}_Vbd>7u?F&8FBvJe20FlB@k@H&
z-QE>wAR7(!4)t~8FP+Q*@VmJBGSFXKc7h)|Hg%mB+F?&4e%<5XrWNdk{2+a21lnRz
zAbLRgS)78^NUOk|q31086b(G4%9WKr+9V#eivFW9dYdSOPE<Y&D2JO(kK>g6$Cr9i
zFDG;e^cIASga)rxz<v96vB{L}752IU``9v%c6-+Gg!NHL_O2+TMhXY}O9MDbAk%Tu
zKXIOiN!3F2S;SF?)ab}`@NiNzI&3Hez*3~Zi($FBU5?AQzX>m7c6xpVC#-*p#moqH
zp2wbr?HLIRym$umLxkg;fxCu}*YqmKV@AAm7bToQ23HW8ZMESKc?5J_<(86rDu+@k
z;L(UVVHX!xc8|z5y{^OYH^PtW;E}t*m>j^vrq>k@-vGGip_T*W>HU26QJqCKA5=iQ
z5VCuR9XHik5Y_{%y>r;mk{4$SFCngt(EdnbWmBYrz9MZk$wFx%b4T8hq*_3v5u3U`
z9L0ywu%xNXzJV4RV84P@1e_|u@&O|ZC&xh8qAc^tu}D4eh;p|FS&cms=A{0@wempJ
zMq`|E?Fea=B`PJNO67(`5&v7If)I9Av?kd2Vy^FF5UWu?#nA9eaHCrvB(Vx}tPq~Z
zhH>(`N}YD3J((;VC^<Pr;j*%lNn2#VB1Z};BA&0-p%&I+ieLpaWyZ*5TL745;|!!|
zMYU3)>BxfI7A5q8J~Pfv)>)<ypeNCHBf}`OiIF2wC0j?tvf-;@p=5`cb`irIiSlO3
zCDlkdw}PGcdM5dl1Uh=UO3PX$iwz!v(^5Jt>5uxBR9#P{nUVUGDh~9@dxBl5MJp{#
zY>`kqgX()7s>P^hMe3tuirXn^in5ed?7UE&HJ_y(oHi*A=pinXHe`)t`pxOI99r|H
z={FaLD-cjqTj>o5oNuLUQGA21aiK9v^A%}Cz&A2s6bgBsWTcNg$->^w_=T1{biL)s
zx=xjH=*x7*9>?vf#{dtu#VI|?MddGR<!J*$%~@eo$+u0Q!QFRqB5LJ0*#qlIL_AnW
zCWQ&r<f1aO`yQaE3<k(r<4(4eHIWcQXDb^7FB4XU9OAYBAemo0@gRBQg?2}Zli)Yu
z&I^#t6*`AeSB;LA5m@1_5i&emB`|_R$~t7LD|Z!=dmp|BHdRUrR*Gru(Hr1<pGgl$
zW}M_s%GpO&6?8seoUn}Iusz&b>e<TWTq<8BDhN!rdkSBJyH}EdF``zV78oH&PK(b{
zi*^<RBSOY$S0+!{hBa@Z>1a(V;=bj4Zw{g%+Vo4-X3~!^bt1=3v|_uol`KYuQAsc>
zLgdVZsYhJ!6H8S;K)|h>2gADsVICrjMascK-Zpy6i0P62-14U?#D~O$G9m?-zQ6Sx
zf+WE~u5C-1{v@kNYSjp3xX-AS2hrH85K7Qd!?6z{-hoW_4#gFvEq3gBLg=c9C#&3S
zzpx|$O;CB1SWtG6>z#syqBMqqh)P_>FW!&UD5cOSvvYG`O_-HR#^%)fdNh-RsF_Xf
z9Cq_46IKSSNSeV4#``N~fD$`5VH?5wD};WMM7iS@eymMCL5($eHSk<1BLz_!2hnk7
zbQhu`mTLFRIx%fbBwseH>>}gf*U&}{EXQn<U+m&9Xb#*wFbNtOt<Qd|Qsp*~0AFqC
zY?UF;mn6t#E3O=fc08`OyiEM*cL8HmvRTVaSSguXHL6ClGQ?(JP(gW9?10L+a9{up
z;gm*AH{m6Lwxs+Z2#USpGpDA7Dho}^k8K$VAvh}dk`!e@TJ(8UL?1=N!;eIS5uP-3
z9PhH=>`F;Ykx5LYTa*DaQxFNqGc^f#3jd5!u{Et3AixIz)f_?4H0n#xB~>US1|bml
zm~y<lRZNa@P$inNiSJ-k2x@Rd1`&$n&X#1QmBbP8iFhhX7}P`>%apT2p@l6%hKN2Z
z`9s7uNEervCAYa`BJ4etQ645xb&O5~&?yv(YSN{+qmIFecooD+VoR9&QWuoD!cvV2
zSGYU!0CVQTpp1{PU8Vdvwvtz}x~PanO`#w~ehxjXGF=q2n_i@wppz*rG?OH|v~VAL
zqfvUtAm=bziUCnuPm&JtemY{P6-|ShE8;B*GEC6;jZyio2`E%4m$#BT(P2<;yg!T%
z42gge?gK?Uauv}0>~X-;;Hs(w6|jRs1QpPSvVa0T@QQ>JA!yNHJ8e6UM<ThCcAw;>
zD2F+7lri>MDx$7dl=2-axkcY;2T)6A+%dr24Y;x7=^|GeDeWrQCPDQjL6>3=mQ<{8
z6o({}u>wfUPEiU0VljRP6$)!L3Q+E>z@B<k%#RcbLFyj?OafqVYmRGIOCr1=mmx*e
zV5doUbGa#lU1JjC>mu9)1lCF_RA0qH6w##ve2>?|i0|d>m@uG=ZvtE;qV*?2soKm5
ziUF=W<gq|_KVoCCKLT`S-V7kS3#S?x+Gr86m7;jrMuf#RT06Daa;7z`Rn>8vuv-w$
zQKg0uudf%u4T`GOX;BB7<9m`2^LiQPFYOZ?$ffXFnl+F@)usJB>-ETsk*mm%YGBD$
zSs+BH+7LK5ew4Z(a=brvBDBU9VKWt!Rn1>b9~qX^>}c;bGg#1ZjO2g<6iXgm@=7VI
z6pc+9gD2QoAYN8FfK^Y#Sw+BtSIWvuAxi0?lPuv%O1K`yT<7LgSV~!lE<G*U)x-ST
zi^Bft0{Mvsf^>pw)uZ%jSfyp-rlM05wo5Uus1MNqqnq^B0j*a=kZN=Y`=|9{ELcwR
zNsjPqt%z|WAXE691~WMV=Kc3ZL$uCb5zZG7`^o|hX$~|;+CE2I{1_FHB^KL|Mf^`h
z1RNtR6M%@w@LN)ksayH1Xie0}Z!MPwV---;4SOVnsK^dDJeO2Llq{KT<vA!V4ZIf5
z0hzOfay*elt0{sX7Bd3cZpb0?13UQKk{K6EUJK^OyCN|o3EPF@+ENM|L_cnRDToRs
zEK?0k4SHO^rPstuL=;Ufw0k^NA{NfgN$WhiK61X65Ee`(i6IR(S>$Or_Y_zg!sdAP
z%+S2i;Ub1NVS;3!3t{2AS~QF_LMLn)b0X9WGA1BAT9NYy2_&B-wLHmr%CrnV8vu2#
z55Y<XW2`!EQiUf{r*|0aOPc?2Z6U!>7=2hu_)%p7EzvwLqm%e~0h2%%GH$6(8i*-S
zslF1mavWP~rV4aTp)6jB7bb3@X)z~+&MIUlKy)POE@PEt*dZ{LSDJQcj}(hgX1z3p
z31Vk?S*gPkAxlC*L*f94+fCu8^p$7pU{eva0uKb42uS?VkX;VOh6%nwl!zz5huqSJ
z(i{RR?kG~Q)6mUmgrd8gw2y-d&UR5#KY}}{Q*aW03#EW!Tm`gh7J`f^oJTGw!_a72
z{?8OVQAu`$Ol=1vpQ@c?7Dk(<A+R=8ky!Pzd~S(&PMg_K{%up)mqZ)d%!`#^=;W}d
zpFcpo)|+^DMx%`SP<w<#+>c~Q*;DqhY_dKs<;8%oMe(yGTUH&clw3t%RhrY>)oD(3
zY3&IUYs)S~^GnRE#a!%}b&I|FYSA^aV;Ny1wgt1YQ<M$-^@D7t^(4THo`k<uo~$l(
zZ{Hr3GZ$}~G_#}HbAEG1qY=;!rpG(#m1|p<?R9BLlR8)}WuZrSY5Y4JW3E8ET~@(C
z^5sR<d88!-Nul;rlYUnWB%-2YWt@xHkKLf%8c-x9a6v=k5`3vAKs7aINQ?6JB*T0m
zutB~cEl;!$21PB{OUhRrDFh!nrfBqlwOeAbyavhygV;kIDH`OVCRec3-%AWuawsvC
zV&{k;vUqsKrCyzogJJ}~6gbo~K*58smAk_59JBCpN}8{w5>AvYIe24)95)#F!EWoF
zQjgGifwn!49=@-*a~LwHX|Wq5<)j^X%OSAeR6t8{5udCuiHNF;j!8?oeR#Mk!WRds
z6OD4RqB;fMH+L&I11pRnY$59N<x)OHc1%eL)d?sADjJ;GHdz#xqZK<&xfmLSHpOWf
z+{nE`H?3i!wk2*uDXvIi1s)1z*?e(Avt}xBAz>4!OnKeMcjZaNOp_HH-7n6Lo3f*B
z*2$u{LhMJ4hp-|E(z#UL#aJ#?3<25FM&A@ENW$w$VD>Aa2}qlD<x(nYidzAWAbDpU
zj|LLAWPP29i2)!Brq?MIBZRmNeZI<-5h8|vvSIeDk%?=~{^cURDaCk<N8eJni;OCX
za43?yEDMg6z=<$Al;^ylDtF}G6PcSRe)9dLg3|`gK+C|iM73~=Fnti^3aU)@)QetX
z?r9mPdTNMps-bhJhMr0swJ-wu4Caeyi!?Vz0FhJ0(YDB{RWj!gt*m@SJbSUEvfupN
zN%D7*Tq(}krC#r>T5p_J_55#s!kgDR#uW8GS2i`5=YPhs>qqmy9f{W)A^+POHPzen
zbG_BR#zb#|PERY%o1ngpO{;vWj2|k~zg5oaP;<Xk_V6d1_)RQ;bG?ZV|92*QOKC~k
zUR%nxs;T3Gj~`9k_GU}mrtS=3<~9K(k;P3VPpfD=&3tT|{WNUciGp=)V2)FDP5y7Y
z5P$y&)*%`Oa<MY9rlT}s4)G6VQ=N9dUNRf(v-6z6kiJBy>l6T-Dx=*rGth-3pfdsq
z=$K+*$3E4<WOD}Ul3J1zPLD!2*Fk6`;>|I=tm}|IEUvqPTxAuKqfQYv3qv8Pg0cbH
z@RosIP=oTA;K0A=sse5}cMFErV6dSIepIF(O9lJ}V@?dgIJ6tYu1Jrke7z$59QEi$
zX(AM|o2RG;j0Bnv$BpxKctAxl<ce4WLQW<hF!c;eF{2%!)YX2DsTnMUiaCZgHe!a1
zI|)EKjV2!~%`rytRIo%p#uVL{RZt}3qlf{TGfYqQukW|yG1yM>8M)t`B7M#-QR)LG
z(->=FOAb!h&$a*ykA-yZvmor=XG0YT6)2v;VQBJM8JY@ozG7D<rx3Kce%eOb8Mds4
zO*O#lXu1J@C#NiDthe_g=g<^V^sO0$Z^{rTMond8GTdUh^kjCr1zm)K7NTiNBMU)p
z5=Mp)TLCsK70Ue?4<q5#o({ovDm{lxMV6qG<p|9cueImAh0GlPAc7rAZ%Hqf2mY3{
zi*7Dvr%Lh5QjR_1A~K}e6>en^O*|JUd69rINN@2LaOFTgKLg;S2w%QYSOP~TR#Y2h
z)=3v&{cGE^O4uNVBN|V5MLWy53?B#SV>qm)TtbjM9*IRTnbfIdtnsy>%%OwjP<p2<
zi6HslA5?g!1~U9NBS;$RuUdv;bc1TdJcV}BEaf8s8iCgEgp;!h6Q-XW*{oAY8a09|
zL&{6Ds;9S<7?G1waGDGXCe?b<!U>SmKzoCe7f^N|o@IvKYh8s=M<u@_D3lD3G;vaL
zMmr(#Yg<!8e9+Fvn;IHcZVy4R0D9qOZ9z5{PHxJ@BtDUznJs02+oCHY#j?pLmF4s*
zpJ-2|WSit@DTnt%vdDd;E2Z*@ehf+wcMY<3anwykMNXfyx;OWA4-EJA_YR>~S%o}@
z_mLD*IbUetLni~!6sq_G(M6QXo(6>ML*W&6j`HC&H#CV$?|P^ue&1-;VTMhWQ;v$<
zj?`Cn+X-X=<D?`H75B6-j=boqZ>1qYM)pfjQ$cqHVq~r~IYff7pMl@RU9d>yWC#KH
z6l#y3)1BKT<)(64R^G!#C+A|YIbMbwx4o$zo04`;kA6rnfnXfb&VrzM>O3?y#W$2P
zcpg?v>pTd(DHKY?JYxW(d>v(?1I^JLqX=sm=q*Due7lgFk5%a{>5k_qXrwW=G8~Ch
zZnC5jDzY3XG*|vcctd2?E0KnoZ=@CrB~k=Ju#e<FjFc(mqnMme-@HTECJp9hhh4OE
zpr0AvXceXp^mQCdR7!w6jpjzAKw+m5FIZ7NMiHZb=%P;um%&YE$ryDeAO?jI>0%cB
zW2Eh*!Z4=m!Za_Sq{z47167hHzH3GS@_f3@0w*7T75mU&YJ0HGPT&SCpL7Gr%t9%>
z1=Lg0&BvQjUwt0<PO)U2jVZ$sf<PIMDzp()axnj%N*l`DdIKoa0EG1=yHK#AW_vDG
zSYlh~Z*Da^El`z4tW4Bcx5VP_5{_$bw7ev6+uW$duJt|}1gt{JHP^c-CpYSbseFjE
zI66$v_MDNN@Mcdo8EOzZpP1QOGz8x8BTGF}-gsjrN>p?ZXvLB_HqkaTW~hhhF3gxp
zrzRSOudP93Hmts~&~=E|Z3+n_H~aJ~;)3pImLd*0Bbw+WN*ugK`sIL~vjD+53m`w_
zT$)&ym2)z#IaDGug1!blwKc5AAeq4xiRZ)SmbMZFCuyae5eMrifs7VQ6e4SUWWis}
zF8-NycJ#l8^n^^yQyrk-LzE*_Y*U6#!gtNssZf3$rto(u0EPpe@Zjg^ycwEZ(8(0t
z7HqPtf77zT&FveP4fVA5pEbBP1m?+rQ8i|O1ef)tQ9FZ)UKVP&Arp;S84sf)D0DDz
zKhsa%FRdR1k7HtO!B}M7&kBGAXd*5{GsrbIERW!Ia=roOc*Ou1Lp;rBE(`ZV|53c|
zM9+?x+nuIK7s}Qw>P@wnzPUWQ3p#0TGEr`iH@puhx7pa-(%9J2bSCVZIG)|(d2<nv
zc<SJ_`tgst@sIecy8mCdD!#TcrttqaHo*Hb|9^91!%_eLk$Alk{Qsu%dK`@dIAU=C
zwQu+!fZC(w-;Pu?K(M3N8XIsl8sKO&z|m-czyN}-Dn=Nng!fvi(CO6B=d(x^b*E>!
zH@XF{?ddh!&={O>@$LcWx^~u~y8{MhX|)Sf0ViK7<XwslD4JHnb2BB1fT!dtqS%<I
zp$1<S+zDV|Kwu2$c76YrWt0N|W}OE{p9Xr5l~z!upc*<#YPb;479;xU!nfQLL+6>8
zR+C-MQWEgulvmK9%Vdn0n=tn#o8Jhj<f74}g8AzRMy%DcZ`4Uhds*n9Be@d$uEdk^
zk-Vf7>o@n2@~L}@(DLQv4By~ord)~{pLTdcnEAt?j1LZ7smo6kklnNIC_`!-7Q=8d
zyr_hYX&rn;oi0b@or0rs=8Ki^{Yr~cYtWNvu1`RAP`M(!JBXLD1p?syi%lnxfo>?v
zNTBuF!xX;4sg=u2$kg0fzCX^RIh^Gq6&NSVmo})l5MQpN92+IiU^YQsH@W~L<Nd8X
zfGl5dI1!A12|^zhN0;U~k2!1wW#$mF23;U5dO<sQEC4IHa!sUhCbfJS)3xc5k1<%&
zNMcON#*3pOWJ2suN}X4Kf(DU?w!`r<h0e~_r-F%+ZyrtB0+dS-s;y`~XkLak1lrXg
zX8QBmjNVasg`Ls?!-kC%5Rj=TBNk>-15tZ~Yd8>2*#*zd8EyiFYMHkrKf!2<i3s%I
z8C6gt72G_79Li=L;zVRnJQ1mna*{bX8^U)af0AfxXhbNg;g-bejFWZ59??}Tgo!6k
zN0jCnHRuY`M3fEuQ9kc@9VF#=Y^KD-W<&&Rsx1iXh*M?2Oor390fkHlW+(2ixd@xA
zsHP=yzKo5E!ft9Mj%TDx1<DD)IrUrs8I4FrHDPv7yXaHGrQyweqLeD8g)!brxVu6Q
z5#PnaYe4?y%JVg9(S2Y;RVPIPr&dMf4@(J3K}g&KbO8Oj@n8jB5A}4LgPYb3ZEYXu
zHhTxn%>$dx>Fw(7G9&GS@HrASxAqS8Y}ztpLW_a+{-N{CP3z3|{`1VUdi%SgM)$d!
z2f7Cb%}oPl@5ar2z1>|=v$wyqZ%bEi|9Z0np6lN<WcKxL>>Ywmhc=lwpy;Z%8=hNd
zZ0sKB?17K%9ld?ML+3@!b-hFV*ylRvwB6j?J}}hVxuvgt0JQ9Z&6@_hVfZeie^Y;N
z|GEJfrF&y{{}3>lei+K^J_kOSgFWqieKb`27MT42&98IQ=JN)6*Y^yWJ)8Qvx(5c0
zj&7J)dq-b44+V?r>}&7c7&W`vH@2_url&SRF9Xy}%x-H>H+==;wf7tCokP8w`Vl6b
zoBD?a;A0e4IWVLi-P$|Y9W~nrdIu38>jpMK_XtjS0%6u~z;pfG+zW!*4D1Lr!OvR;
zyZyOzb+`9HUxPRU_`;BlV}B}^*w@7fYt)h%R=2*9A+}K(Vpqi*SC|dWEe#DV%bUs!
zu_y}uaZIsCZLx38S9SZZrUt&oF($YFE^lgHUUC1cam9+G_TMA%dPCTMr9tJW`S+;#
z_m6uA?5OqksP%XH)?b0{l03bdJA+4!zDJF|e=1kN6#ik~Iu2F@%CSj+^U#GcCnuMV
z<x9zB1;>pg3h~PdZo)1U-FV)~G=ZjN<%@QqaYZbjN=MdUwp`4*fl=7(G(lrB-xp{U
zDeux0sZ`YR$;rvusYuKiK#h$GJ{-c0mU!i{5dn|@7%lod@Dtzi65-dRPMM?b7!EDw
zqm?J|&}Nvo3z-RnQh16h5P`a}S~%2JAWjHV4s$}|x-8zFFWAdeK4p0)%a6BP8giGw
z(C!kL)$bC>fOV{TI~hI)FH`we7iG5ALx3F*Cpn=?Wym7xbp4Oxx6qu&VeD=JIEimf
z;>0tH`g%KLI+|q!H?hEslPFjP;yq;#Y-tZZP_^aOZmnxMf4UAJt%9CrE%kHF>O;t>
zPiP3K*OcW_MSM?VGnQ@?wK}1T;mz$sJt{?DP9lZOT_p}fEKt%@wrZ?5WOAxXI33EI
zI?E^3IlWmWt4s?G(`eh*wp4nDFsY4}e4Mkl<}rh&KVc^=vo;%k&hx0uH0_%o<p~in
z=D1MZPhsd9gt%C!a$bo`q$2&G$TvDH7|Jl+y3ndM!Qh5U6<+O%26b2$NWxjsQGHB9
zp=ym(U21U$g$@mlDk=tfC9bDxNPOaW$WHOLpf)!u>twT+#!ZT=CTS+rG}yWA=d||^
zbq{OjU?k%vtc+O~nryN1*r<(Tbfnez#nRZ{5xh}Uwl~VUO+?hg1i#f;NmcI_k>cRR
z0<8dW%#g|8EkA$0g#}D(y4tE87xgqWUrPD=caay1+(tg&s_veZ1i&H4@UE}F;z0H-
z>Guc_O3vp=c`C&PQf*r3H>(WG_awqC>fF@7P9homH&U3@iqDK9Jlfp2D*H}bqLY{y
z_bRL5s9d6Y{|5Q?+)_>?B1Qikx^a~Z04I8+U~!!kxyd-C@_T89^o^iOg!j`V+Hlr4
zeYNGdqwbZEcan}iBb<I1C*LT8Z!CrF1kf__UP}stli!ka#{JsusuZ=Mv2Q<}9FMHs
z2U97sLj$c{mF&(?X`?G27V+4kw5f(gLFZ#N3aCRy<j2!f)$zd^M&GxN&4FDY-xxc>
z(o_pT!!4f%`6&}w!XVx|fwc@kP$j1iP<_d6QhtV9fQ-ng=qgI6<w5r&+nd+Ojp@~Q
zO;m#Bx(Bp=apw8TKkl4jWR|*`#8=~FhtQw{Wea3kct5pC-8O78s!2D54mn%puj5_8
z@Bqqw4yc(EXev|o85m}c11onIA3M5HFUn;j1Lbc8>*N#X<PJqL({Q0TSC#M}lm!4d
zwc^;Qi|HcaXNyX{JDhQ^DExAUD7UMqQ#8m(7xiq~*sU<0lK=UHjKcec<;zoSj1iJE
zL`tk;nQcO$Qy3<fW4l<M+)k+#6r>~3CQ%e~|Cth(HK<fh-|#063@R#v4LDV()QC)0
z9Wnq1LRdfRu_`KOl&3L}+Y~KlGvu-MDY2MffEVkN3I=C{<^QGSkR}O;vZ5gdCoZ7(
zgMK(YbsN4-h_j*PRFKC-nZ$S$*wFG(w8qr1f-uX5a--`4Q4AsC8K;kBEtxo!QkcbE
zbIn4*giH;C<8*2j&!z_gk?2FLo~@E3cmQ7H=(?jrPHKN1V$Rc_h@vv(JyI7a;;X(g
zX|HTI4`na?i}QMh45b(bOq_HRJ}}m_N1{jN2&8BRdX8tYM68Y}SYgQ@>QGk1$sM%S
zu*Mr4j~h)sqI%TFFVy!8{{d+ZklQ%zX$oV5#31?<m|&)uYi#ndBWyzWLa+r|g*WrK
z`l;3sn$a$lAC*^wMb(Z&0J>OrOuV!)=_=u?8WW%N;U_N4mhC5Ag4U0JT-{{W#yhv-
zXqxKAbMR?0S(eQ<>}fV_1|Q`tBY{UNw@JXMf^1AVqI`&P6tpt+E8Dg+`ANH=n#+2d
zutw-2GXpQ3MibEzPU8CN3qnU!l|CvSl4-z^skfs($gx~yOkG?#CvmBgaR+4<p|d4h
z&Sy@4K4tR|x_xnKjhs^U8VL>rq_o?jMA&4E7gi|biiGPHL9ev(2InbOpQEN-z|{39
z86Zm6xm2|gbc(u&rT|3hK{zfm*H^x_ZG-i(7=M15G{1d&y#WkGjZ4vy(4qRGuHF#k
z%N;l76@l><TBwRiUD4$%*LCn!J#Mf_T%B_=TsB;@AW-f30FcigvlH958>*VK%mbn7
zNfW5+>H~Ye&K23i0y{mWs>1iwrLjxxlri;AA=2@=B#UgG3@L`JZIDZ^Xh8V31t5%z
z!{4@VM^t9%gP%Y-2{Z<HsPYNg3qpQkDB=MpQT+iYp&kI%A2=SM=a5!9g%;Fart8o%
zp~{SJX>XWBu`#MEHs-5PYz(Q`Ov(VND>lloa%7})vb)oQLM3%0Xf@OHo&dxq$4A_1
z+H;_(g*YKe91sBk634yq?OH}H3W1<e1u5%c6#{En`qKw_t<qmDi+$wjBI!$Yez@el
zS}Ev-kKwam0}o<3u)R^hp-^!DF+{)GDP+FdDTKY+Nu<2mKZbZ$D>$|65l1=P0-e}5
zDaqAND#D4zn(S6PsnAC4eQB+B3NcNt7aC3`n5kwuGt;aRM0j<R1kn;t5|f~PB50v7
zDm*;V5J!}ud0b*xHjE6sNTO(H97hUK%FOMtInr~oPR1%k=_U^wq7BX7uSr(X5R<T0
zB_hl<fYag23Tp9e1`-x;Zz7v;@oEc~97!unpzhJ4`!3~6o`R0zw9Ae*^VWD{*|~nR
zn-6LMcY%dqbFM_;vOs}fLsx;XK`?pK>Jvj1Hc*L-zUN7}LV|Wl4gadUehRj3DAjD>
zdGfHzs`W4c_oU%v!pTYhO_VOYm>hVXqT6eX_Z_|c)5Cjc2wVjXakaIz02wLNDEnJ&
zU=6B?grE*Fmi9CdrGg-mX4*0{^`WgEI+@PueR42001&%tp<lK~dTux%%5g*D;YOgG
zM1LvCuJB9PDOEe&rPAeC5_SqN6Bh$_$=jpMxqL$=%oZP@;AN7#A!~Z4rlqgKZcGlP
z_b#Lz0L+Vn#>s};*FkHoB+jp+_8Q75;;%-F9h#QD3I~OFbEV!o4GY8c_15rZvHlvW
zwpJ5{{pJCsHC$1F#ufC}4~<gMV+C;$Ef5HxA~vMP%8u47#ez^Gx(P$N<W<QrWQ_sv
z3Qxasp(Kj}N+@H{MNZETgG#xRgBztO`j1>fU}e68pJ$^tlyk~j6Ef|kX{EAQ?Wu^a
z)m^BII=f)TBX%JFce(Cfb)mSP03uCs^i5XqmU@0@l%}lKv9ewsW~FP^cB<aMSRo*@
zUA+TsRa8|YFjC2?93v2&6*fS5?*ViS^zSq4>TAK9gcNNaXk9k!;CX|?z(LAKhAwbC
z)Z8*a?g*0*!*B`c5*0=Bu&W}*s8B65TtY8Un1Rg$-SFS?4&zL9p<6%A8JC6)#D0{8
zq$#q60&ZKlc#C~14kM}>`jI1sMySI&D5F`}*`{DNHZ8b|V~#XmojyG^SJboH%tdwj
zkM+2I)dFSkkS2)kWrVuC2@vQihmk_b!j6r&DP6EL#8J!itS#*-yx5nxHJ`SuOzFt_
ziGk1@QAS=@_$<B{Ohz)Q-(2NUd6=arCZZ+zM!qjs=IrsJj6AKD^N%9GMan-v`ddZs
z4hhqhIh{3&kPr6QtJ(~KsXJ9845GXXGOjJj`brSuxc74S${<D=tOWGlwmgT!dqtR$
zVTD>Vd6zt!YEA$<bqg4E2vk%>tWXhRr6P+HY^Vx|f#k#joIcH!HR|y!g)AWif(edW
zE`MrLuv4W)UMH?WuG6nIkM$lo1lXYEP`Ze09&a$vqD1M2$s?*X(nEW^+Rm;4W{cGa
zM?rw{R>$EB-+JnSWW{o=LkB=y5QuTTXYE1K2}G=rB`SGS=OTfu>=kH?LC@m%up`Cf
zD8<2H(=7vivfw#CAl5F+dicm#Stvx_$j}RhsCyYv!*5VtLBvl|ix}aztCllAw3bMp
z5vV1iE-{4`1yP&Pju+9Kq?HK}Egg?k*$+{gm<-C3G5d14HHK3ZYlu|-%2tZ%ze`}L
z7AS*u@h%gqWriCbOs(t4LXrg9-Q}P@p^<n){3bFEQ~12BC4DjK`oU5yvgjuMOz4C8
zkmC`q`Ai7o*CH;PKDVLTr8GoD8ag7E(l3`rO~ZGw(%2gKs*HSk_|V#e<-?*Z%}`))
z$iZ2E^2ZKrPUz?t!|*u$s7Y^1R^-yq$pm_eAsOtE^}u-w^>PZA@(w#*K4VQ#IUmkO
zFDX9WeRpNf8&&TFZ|ZqL4QW_BSmzh;rdB)>?>N@7g;|11iSOzn+ZLa<Y;ktk;*`0#
zr)BZRmc@hHBitSfeiZ8hWxDGki@ji+7+*2KQR=*UbFmkZwZyUaD3@|Z;tmMOa{;iy
z|LaLvq@vVn35dvyfg-FKU`<pGb{saG27&jh8U(!QKSG-8;dcCZt;A;yyM0(|VvLYt
z2%x5l4CUQXT*YM}RF<r#4B?7#8Zug4CxJwb<PSlrL`>7Og_0z$4v1(y;?|hA2F)_M
z_@}wukp1{UvO*M4wq`9q2kT{mSD3_Q7=QExJ``3+7kPAZ2W^BjuPD7aDJm8qC;}?<
zWR&r6Zms^4&OFt&leHs)LF~vtQA)$~&5`Y4h+teQ(I6<*sk?Y6)~Wk=N~9Cts3Ra~
zH?s>?c>EgxQX>YA3CJ^rZBxW?s-jF3{abKLBgl(`&&Co~vE0U?!b>qR*aRkHVzMn~
zq|)JNPKT=2EthR3Rbs-0OPXqvRh<`G<+O}th&DKm5+__WX$_(2zDiK)71vVOq9?=B
zCy&Tn>$~{<U`hYGiggDxn*lp(XA`o%+7yr~Q!#?~#f+)0z3@#f|8OfOhkrHIce9hz
zuEL}vtT^l;*RpYu<p%!G7YKBNN4lsfnHXlkR2(oTZ|CGbpm4>rm;M&y9eCU{93k^g
zq5wOHG>FGl7X_3g&56iGK`;?8u4sv<;bZ1X1afs9qEaZ+)<&jswmLbUp+7J9CCt7Y
zclBw=+ZSG7qH^PekzuE@B?n7zpuCFdumnkwLN_{Qf`%o&1C_H#Ww2H31cBQx4&v<O
zWdtr+;cn1f8pn@}Fm^iPwqw5FVzG8UQEuL6$5@_=?{Bj1ZAQwm*Uf7njl>MWKg7+F
z5%L!L$RP`w_~Zpi3m;ZrB`o6IgM?KuKvc{)Nf}FI6{VWMH#s~-0ZhKdq|F>_w!`ZD
z%Nqu3<0SZ?sb<Q%7_WQoB2JR=x@D2q?$%QFqUDV$dr{MJv!SV_v7x28`Hz%F{%9Wg
z>A$My|M9Qwzt%A(&;QfZ+|+z#W&QV~`G1bc>kX0rM`Vq7v#0-|h5gB70HWD&;+@cm
z9cmt+&`yq~0(x_$0{Xuw`OneR@6`Yl=vt5hLBfN1%PYn|n*FD8fWwsir)v5iu`_H^
z8f{+F0ZYfZ=TiQa0%aqSjuxcIzGWdaaRcV_Ddf0dD%!nRpp0udpo|KmOvq(t?8-`6
zdGwp0k&?RN#OSm<FODYW2`^4=zg@N$2br>Y)rwetG!IK`-_U+8MO<pypci9_f^$9(
zvfhjhK_zrEJDp-Z)vEIg=o*`QHlwOJH0oxtW-dS|hZnx-8NL|-Y9tz1BkkTqE;$NF
z?v^|(yl08v11h2i8;DM*oIOU?JyAjx)bVAWy9~cA+R4$J3k-Y0x17pBINOlSnn1P=
za`LU;(u*1~3TaX1nDjM;Bv|Nf!eYcCK?o)y;!?27JSSyq6Xd+nBO-l>Fp7eb3ES*g
z?9xHoB3c#LQY-7_8VMVp;4mv2tF&>@pD=yUb#hD#0V1Ryg6yx3HzMWQUT$eoB<aYw
zMfnIP5{cqnZ0ZgtJjf7rIZ3rN=25H;Hlew~OxaQ`Ljj<(9zdu8UW4vz#b=hDyHxqv
zabwWY1a!E3nmC3C*=BRI@0w1zh#;0sRU`c!%2%oaBnh%;u}P?GG-N!}R)%vce~x#J
zV!Tr>n=>%o2h4N?SSa*J2;mQlyUCL#qm2wC)Q4H>6-x<ksaZ!_xArXdZm{cs#ztUH
zNb3_Xpx*cWkcpI_CM=`ef)Px0s^K#k{P_M3j*EsRdD{k-MmA@%EYZCoH7R9b6s3&I
z@YnDcJSu8JW8<tf;w1ev5?i>YvLtJvM&u%Fa!v$!v+d8yBug2xw`B4Pb5u4fw2TY;
zx=K>wa{UIL4;uelCNmE&$rM``6Y*EBSE7{>_CqS)85OzCXC~^#qvnJkDlH-$$Ia8t
z3Hp-a9PtgS@EFolSFe3xkCTnEE+RXOL{;D1&Pj`=49j7L`LLh>CYBn;Y71gy9B=WG
zkz%WEw`T7FVzLY}usAJP5#!!0AKwU7B^rBZBPP@m=3afq$}_<zgjm8q;2BbgLb#N$
zX?ol#nlGtdNhae3`wd;5ZVboLAl|4zCPB(6T@@NNvA8P@WQm<NL=Um4b{jQB0$446
zBE1$rZsbh>l7e5y)%V<thxb1(21%5cfi~LV52~|JR}U?CLu!p$1?QAIEO&W0nW(#{
z-n<xkkoHRq=<Vjh5*-u0sk+ETk@^@_R5#nqi=d}Vt94e#9qqCTCL$&@g@(1`@L1Kp
z$7SExcw(}a6MD<>;lL4ymMy8CXGyTrfJL7b!~-ZQJx}_csN_3Z^0YiVzeO%FbT?{*
z)WG%}d=zwFhHj2Zx+N&GKrPm8jUWLp<9JA~{bNHsfQUPAE0?P2BxM3ZAM+{MN(dFE
zSTNa@$jsvdQ%<q~Fo6k<xhCy_C$9pHSKiT4&k*G#wx4$FOiJ8#qO->doAgD9?#c%S
zDJezqPlBbu87gw@giR-(`b&Tqrg{<~dQ<evAyav~K=Z4@+oFOZ5p8p_S<o;o1h2ov
zfsu_0=m9FKxO|7oTu4suGfft-WFJdCIUd2;u;g7_*i^Obm`N#peBVs8a^tk2^CfmD
z8R9qT3IXv8T^JxAqSwgZs40mSnzMZB<K*%vlPM!wL^!O+Bcx=&A6iOVq$vU%@FIBA
z9O0)=pS*(!?qEW7&|Ka@+vFWw#2s9uIw*g>{9zC-i>N1wI7)P;sAoF`^S2{Fe_Wsd
zPI6~kBtZRI<=&;OjAyq-e4?WuRz`I2dr4Y2IB~=dq(~xZUY;L$8@r4e__Tr%mb{P@
z5JJn59&dT>s-AImf-qwgDjQLM2E@M|yfNru)IgDL^igOrs%^VaNg_^IF1$K2HXB*5
z!5%t_TOrj1b3zuGE{Jm=l?kfcMO#DeIn16KD6j;A8vs&3t-prIcr3yxs|xDNJ~5vL
zYu7|7uc)0*O9>XZR4qQFOq%sszb<2-k|JV0u{sfFzY`8#a*<-(5_Q^}_M=@Gd0@ST
zk_dtka)z9nkU>(47G+R7l=cF-_A)-<5jJ!5om6W)k%)6_)Jf`Oh!+=-HDP0MU!`~z
zl|h)2t|}q}s=6~CG98v2lvXIvHw>5@Ae@8mMO3zBa)=kt2(cs&)QE3}F*BBYfEw$#
zCunob+=P@9C37_co)Am7p6GFEFsj|r_<+EYJe&y`o)F+78rrl9rDn`6>=chx1p}g#
zoNZKHVxi7Lxt&#9%J5jK+Z>j%+~V+277Jt(5gnf%RC0<mA$f|3CW+#E$m&y0S|rI-
z=Z}&zdz7+4J7T`;zJ(@2B8`)j7JIC2CF)W6-gyjxb<)rXz3^FaLBSVGfCL45iB=hr
zSHK#DxXLWykH#8do04jmON0XVcq{5HBEk+RQI2#D5u+hVvY5X>gF2BT1BrBfR3{Fa
zuvXAzu2!N1B3xxMG9;0U7)Mlg>q$bI1N<t9>*DO-5YnPZ*JokAieOQ@3Mv5o`IiXc
z6bfjD%B1QzAfVbcS}oW}DPJ!7Mg=WFBL#9myzWFqjoJxt;*xMKf$qc3n!I4CTbs)4
z4B9TqNO!{&kf4@|I3TvBNahis@##&GlEM;)!O02~RTSGWH4-C8kDy;kkzu5a-%;vE
zzA&3gd8#EHSq)Dlg36__1uIIF#0&fqB9E%8i~(9y0aIZeVS<E}^a%e_LGzO$#|TnC
z7*t%Kz%K*X4LVr`pCdUGPOz;B7n9+-4u%v!HYrxjinC~o74W3IB1|E^W-n|^GOet>
zOF{zjg&lvk8p-S}vekmnOtxdW!^biOX2~)zr*bYub_to9F(dL*D=mSUH)nw-oU?`T
z37`%gYQ#icq?S9a1PQrOtoQL%3lU#d#PWGL=(S?E)%>-cmZ(~0=H&^r3hPDSNd%?q
zIcQ;z29Y<wqsvs7axgh*AAq87taxc*RnZ(?Aa)6p;hfk7x<!I$uXyn4xSJ6yAYF~*
z`*>poFT0G{2~QQ;RPn@4k#9~|m?lHAG-MlT%*S*1IK%WAgFJ;=BJ4Z`@r#55auW-D
zT@?nViigmnG^Mw!PEesu(+osIQj9S{fITfP5{QB@g2XcUIL-*qj{s$PFOxATw9TWB
zVpLvhu`*+LD<HtUrlRehZ=29WOo2*H!50f)%~4Y*|6<)5Ne`#Sx<#1CartB_;7v-3
zPA<x5O%$UQr5I!C6&uLi1N5+z4>^nhQ8R@2A^`)~Mb*s9531qIdX?v*s46QsSrp4f
zVslYZQymH!FTvNG{ew%!1bGR-kZK&MCt}B21u)Q><R5(oQ_4mEOxi9A&B4zjCD@ZT
zv<@y7-wUJxVhxB1A$fBO@vLp-wDTNLM|?a1Ra5weP!E-(XzH)W<zPKq6p&59$WD3!
z$J}YFf(QmxM39<<-+^Xf`BRDBd_5~q`f-00xq0U6T6XgF4v%}&zpBT7YO!Lkag531
zKO5nHD=X?hHXn`uJR-04z3Wz;Y3;7rUGsbV2n*a*Q*+texgW~qa-~w~l1na`HEZ|r
z$L~Gqq>n6EaMfw2{aGaP=ZhC#d;00uEnj}aiWN7tw%*dwacg(??He}i9~}JrmMwpI
z{`q%W))!N$FJ&@+ec^?FQ!M`N#TVbRckkYhee7eO_{1k}zWL_eyZ_;;tG>B^|NcAg
zyz?tx`N}=_+;hbh_kQ%F4}ARN|9IVX-@fIRM{c|Ad;9l4cITZx_|lht_|>mIb<aId
zKk&c<-~H})4;=W{#~*+E$3On@efK@{@WVfQ^wFO`{`kK?{q(P&d+xbsp83tMe)X&8
zp8M^ue)V6!!`I8Nyz<KH4ckM0)h&K$>>#}6{{JV{G@SF&*bw~NH{%au?}NY3KX^*b
zqwsIh>bKR@JoASS$!AtU+b!>TY3!wQ_}QA8lWR_$&Hs>m&WC^aejfatf$is<O#gO^
z=j53C;Pao|we=EwzDBe?cI2mH@;#2Zxn`i|rT4w9W<JgVUaR4UA$Sg7cON{d=7yhb
zz2pnf$3gMR^mmH3C)W&#e%8Y0(HSttQ(yn~BKU0Ddp}%bK7c>X*wOa3nhf-Z^TT#M
z@XwsV&pkQwB>K1fzj@xLig|az=l(N!-g9df)SNoQpSS+{-F;m(S?F)|*H5Xr5dQwu
z>#4!#af}P@=ie5-Je%4^@jrMb*3LaxbM@SJ_S}8jy?f`LeERth-F^H0SI&R$hFf~R
z^qFt{*}UHC>J~n~ZqI35mz{cd`~EBUoYZl}z9-Gu$@|`I&Ra7#zjpT{pIYfXyC84w
zo^wNOTYkal{RienI@T<B{?S5Y-rHjX#Yfj}>AZ45EdTteiT|AW$j$F7{p81g*<52p
z&ac0<A)j0~<D`vq9_+qxZ+p$HJMRC*Bj30obM7}+?L205_pEIDabw^5^}9~n-PwKZ
z^0}{k{lt@Rzv_!EJ3szkciiy8v$q~sTzk)*e>-yJN808N9rJ<DT-kotX(xT?m2Z6g
z#mucUQakQk`@-)3ujcKizGya{-819k#``Y$*~9;{@`8V8J@eRcYgOdKKl!Kcwj9&)
z=&avfG5`952mk9`2kt$v;Kq9|`rf;5+%^1PzkK=h2T$1ZjRW(qJtf@}|Jvs#_S8N9
z`wKQLnEPC3@yt2-J!@O8JLR2QfB5YsH8rQtojrTzYUhdbYEF$Vx?<;xwaY)@p7zT6
zuHAEUAKA92>zy~gD|hdSk3Hiy9zS&doD+Vx;J`HpPx#W>i}rl-A0Iuo^TR!l9(U4@
z9;kUs-xHf>ePZ*vtM?xNzP?Ad)y%u<oXzvUvuv$>+@fcf%$Rq~oX761`F~E_e~a7p
zw+9|QzVGc%&Hw1>KYHS(Pv5%Y=NEh=z2)=!YL9t%@kn>){(T3o$wa>X^GiPV(Nk(>
z*6;u1wP)`=CpGh`PtLUOzwoAAfA#1Ii=Q;>x)(>g?;E@IfBn@j{_4(w;@%lc7asiC
z(`%Q^&o5|Sa>b6zYnS%CxaZh+-}9}f=f^f5sJZ&sh8;7GpV|AV(_xUB|2Vs2e8+uj
z+s1c0cO3hNeFwaE{OG3Ju8v*1dF|ZBiH7^ve)ipqW*_&KU)^~7t<PSw_{kk-tlGJ6
z{&A~*AGx5d&Ahhuj_!5$AKP`}4g2PwxZ|A9U;NV-Ke=>bY~gJ+Gh1GKaLM)U@4T+_
z*ps8T?Vfo;-@chQUDmPa3-gaT{~P;`oB8Y7Q+FI(cjl+N@A>3g*B*ELU*GZD|JV4|
z{1+}Bd*$ZyvTaWO?D@vpch-F6FCKh*<YDV4H`Q!;XV>$e`RMX9{_gggcNA~gcl=M=
z9=@O^8XfAGyRc>7Pe(dt-njp<nX?Z74vy~o%!lfqJNWe0n&a~3toik|Gp;!PU3I%Z
zon6s*o7>*Dpk{gJvGL`zXFdC=t3LD1*&lfFg3FKl&XZ5gn3cL@>&)X*&vbs}5AWFi
z{h4i>W-smRnYm=q*7w%j{l9;G&kH~K{_I&RZW(>L{`kku+~-fc_x|lyzj$5Ech-FQ
z%G3Vo)^*o>u;Yhcs{hv)x46H#^zU!^{h}FvGiTzu;m#)0+;Q<QOP7xPw|zp*ikIi#
zH2d;@I^pGKI_CW0*B2D~?>YIv%;?=S%}0N;d+vgV=53gB`41L7zi0l(ZkxTd=U$`#
z?!vET?wQfCWB0sg{(Q@y-|@`6o@Zu!eeMIZ{yuWw7dNck``I7w*tX#IJ;$7|<Gzo~
zzIVerI-huO_ujSF?!SA{EvIj&J@~}pE8ce5{JJwYZ@Bh@4R6h#ctX6kVaNaKIIuEu
zW6kWYmfP=J^6|I!et2`_{DqGkTwph!`R&>d&z$l238M$Dzw)IWb57p;7Y9GJ^&S85
zgY5dbH|{p}-}vRdv%gU6YTmZ#3wy79&ja?VcSYBxuDNRO^P_jB$1m@HWcCX+Prvhu
zV`t@`{Y>$}-S2JMU$^XiGydh_Q_lE9v_Jjv+5h_3hUWO)&+jwOKl?2&%>3Us_x<E^
z<EK1z-K;x)He=TAwF^%=_g_z5QM=}(m%GlId*Pn#moM1!kC#3cS#Gw^y==}I^R57R
z+&1I*+GqD(_N6bM{m-+`ZG3Fqi9h{m_l!HXJv48@w?92^=){HZs`=;N-+JnMZmxeM
zvZiP4jTe3S;HQtxU6Z@{y3{2nrFw7q&wpIrSvaq2!}Di-`1zfqGwjFjzwr|{-?g?l
zBe8SK{C`+{*H0h$$^{FuyJ!5xdHYUz=!N0ho{^5v%(?bt&>zpgx29`n;@x-s&-Y8O
zeBin>oG;fL6MbgeRUOy&f9T}DyW*=qTlmZ3ZSC)<dGu4upIQCvWB-27Z<lY`|J0YR
zc9XZ%oO)oHciCIcT+;DRKY#J9HP6(?&+j^==Pj?CwEN<f$IV^+%xBj=eBM`gFMDpw
zC$`P4{n}OYPhEBVnwjILZ+*b{=bF18>OReQ`eP3z_bk}IduIRs`d>a@Z2tIndgpX{
ze`U?x`L$Et{%?1*ogLkFqB--ExvNVzolp}ydFFSny8Bm`%zbLl4}bC2C%$>`dsnVb
zcSpC?POQGnSTy(4f4==gOa6P!jOWb3l@I;0{oLobe!Js=GgkcNy=!;fwr6hFGc#92
zW*&FW-<)%gSz~wAJuxe?Z$`&4x7XLdRKM+vug<@~+J9_(*+Xx+{N}f}d~KlfrJoJ{
z<|j}5{gM~2nW+8k_KnBve)x+2shRzq&t27X*Ol{^%>3QTp>O^B-fOSF;qsQR4&M6J
zzifD+X<L5X_}aS`+}pY4zz;Wk__o{Uo&CKh%q2g#=Ee2vbJ>UHJ$v)%r!A<BteJoB
zpBKKc;p(&dX1r_P8C{Q_a_@Dg*3Vu2X!|D$`)0i-wcz@@T5gzg!hH|Ud-SE<x8Bm!
zkvnkjygR=;c*ge&pZn;)4O~7t|J>i-f6j{cKi}E-jh7ETlE3CFxBR^C=Pm#8^7rm|
z$0twt^3^{-_RE=LUS7E8*f|}Ez0dvP0q6Sf)~5IUxP9??$9CMcV|m-!Wu;Ho{F!-U
z`}MWIy*+!=?%8KPxxD?{yOU3)?ws*Lr+M|r+Ri<<9GEq8;f#-7ePG~*xeGt_mj7(O
zC$jS0KmNei1{RwK#=bEA7pMQI=G=F`w0qz`l9&I@b6aNJbjoPWlfSHAHDNCK;x%X0
z&R=&$_Olxvf7|VQI&S}$<b#X8IPlb4uZqvP?-yU+{V#)m?Ok*0%>4Q9ed@r9=70NS
z?T-Jr_U-?3;F#mz^4J$o{PKG)c-vQ&-tpI)zVVySHaLGU@2#!9@3>X-o4)^tx1D|5
zjWx&acs})!{O6uI_}PZsNtc~?+R#USP&l~f`eS$e_dEXf!0wr&pZZ+>KlitFo&C(5
zZ@%>dKRD(`JD>l%E519YrhQ(+zwLYLlXF^sH}msb#va&xih0EukFFel=)%tI|6%W0
zpyMcx)N19=t`8$w4mg12(Hyd7<<)9eAAeS?Wl0vcc>c?lZDeH`Nwd<T-JSK!u09Zh
zg$;%P4(7ln1cLMU87?81a6ldx4jed>OMn=T@ZKG~6JYY-E*E~`ckf=fuIlcY*;&bg
zSQflP^FZF2sjjZBuI{d>uCBWFwu3qU&^r9Yf!DluEj#<2xkbI-kKT9Z-#mQngGJB(
z_Br2?${Wv}vPBqLT)$!6qkp+z;FhPayX)exe*3Du>-~X8o((pC;JESJ_w%%Q4Ikh0
zr;hC}KDYOpU;O90MSFI+UOhIyf8T*AeaV8}vyQ*KJE7OlIb+jL&%g1=@q#DwT5s6(
zp}2MGIXyW$w|}^^^uK=dZ1Jsscp`G}o!tW^fB&o9cPua5z4Nn>K3zDvddfL3I*)DM
zy}R^=nx9M`{@<bL@gvuD2lh<y@4Te;-2K1#cGu^Pd7*vtzPt13`M>+a6LYVa^P|px
zs(ZM2ZC=?M!+D2S#!DW!y6pjP-fv%<`|kaBZ9StvT{5)(Cz|ufRr%*F3t#f$*3Rmn
zV>or@`i1gP&TXG8`z&wg%#~HI7Uo>Jz2JE3(9-_=eZNXCdwpT?fz-X9bU23RJEs**
zQx@%4a$h~8pgN~_hC@rgaoGp&%g=8r2n+|^vubBKa@|+vR|;$X=-he1w2s>w3tlU!
za@^4VaiBpf&3~$^U)YpbS(x*Jvp}954+SotajfU#!>zT`mp$&R`%~e{<A-zReVTF>
ztiABDGq+!z|H^E!qq^v#DVxeZUH`}R`t+p3KkQsxoVVnL+`UildhGQ%FPxos$?0;A
zw>!V}gH3O~v1iF!p^r9()14JhzOwU;&pYRNJFmz++?!vu?X1>4`yadVhlh%me027<
zXXZ8tWit-1dheAzyQZwa_Vv0uJA>Y<w$FGlN4snHhPM~H0}by!l7G*fHM#5BqR-Cp
z=H|^Vxo|l5oEOf``|n40DDQ7{%d<911=n_;{p!lRo_nuZd#FvRzkc9w&gz1^vmVTO
zVkl>(FtmJl^Zv&IpX|v$I<;V4a`&|2*1=hejxTOe3a)?YSwSfts!3kZdG&?Q9V-+g
z^Get4axY$&yLIn|{=Gd-Mc=!*F*mZR@QB!WaB<JgXHJ<q`$sobg$DLbd#ifSGc}D;
z@ZtBRf`g8-eCJO$=O25i=Bm5bOie1Y4?7=SS@e9*C2OVYFTZo|&py|Op8H_7_jiud
z*UjrWRy}-t$Mo$@h4s!A%lEvyzQwt9&y;tTT>kU9!DPvY2d=GLw5{h@@R66+x(dn)
z3vxeOam|tAH@`g;NL8P=_U-b2KakV$QrnJ(ycyBjy2Ja|Hx<3v;@NdH|NRZ3v)K9V
zCmovtKiKq?Lt4Cdv9RLt!p@z8mxqtm<`3(259zxK>Klg_E^PFj=Fm=mZ`Fc>ITug4
z-o4K`^U1+zLHhWyoc$kl->=Pm{OvkNYQ?OF0{55Z`rgYeyTMU+#o+CSimK}!TME8)
zW>OlccX;!^_4voNrxnkBt6`sO{oe0BdrkE#=dHTsz%Or+hJIak{Am6%|E+KR;)<Uw
z4i>yz=>9xEdVlUsd5)?V-`rU~_3FMyzZa_i{>;05r$4;stgHLy{eE{Wo#=nYbMr%+
zPd}Xdz++eb{Mc26Wp}*PTK6As&)U4_4(C(Os@DguKYHa4|F!VP_bCkz{&?z;v-n?z
z8q;k>^XJUGNIuPx`)*$MHgUz~n(zKwcf}P$Ip<t-;Y>$)(S@FU`kiGT=FawCcl-z9
z(pv+AyY(Ia?CZ%p|F->3@4EJx2iNAL3SGlFg$ErA4mvA7o%MH%?>=MwJ+5Q1zbsaY
z*X6vtx&GI;ENfWSHS5pL(yQ*t3ph_(URUB@aLL8_Gyd!-yZ@r<{M?()I8?ZA`7iSh
zY4SzAUAf`k7dY-c<U8hExXk&Fi_Q%B@7+J`f9^Zz?shnGYRCOcc=DQ{YXtkBu60(7
zYaL+aTU1jsiv15SoBgl4YEey&P&2MnjB<U$?SG^6KWvcoD;?t_2VcJb7vlN<$^Jj}
z*BJc||87<~U>E+cuj9n_e}C1YYFqq=N+K^+llK3KxXQ=#a$E8`G*ZcN)2H?6RFA3!
z!7Ts|%&kZ(nkKtxDvLpk1tv(H9@uKE;emD7Az%0SQfNlEq~Q>KNli(L;Hn6bNF`Zg
zJ`P%UTcF*8aS-dlr%M(X2yPvN!$~xy)WU0wkV+4vX86lk+&-`j?zA)i4pPnq!K=J!
zErvm*gFIUnMoR|=8Q2f!-XH)TCot4a1l=aA&fknQfZ~;gWj&nI6eWmmIp|r8bn<|J
zBhY7!y{j6#@8FBEnlT3{78uE1A?_9I)p^`5QeWH`4#!#izyuuIVLOSim)+$f2#vUt
zc8shbK?7&XT;Q$H>+J*oiKHCWbU})Hgf5k!j7D7GyDvz+9w8JGMCvgt;&~L8%f(_u
z>gf&w;SG2L9^o<q6*d59;XYcJw-sFc8Obghn=*+3G#Pz9pI9OKe7*2`tR^L)Iei`g
zB@D5%i8JO4;lXM-vM*Yo%qW43q<`TLo(&{Y+d!S*jL^39*p4iulsKe;24O-G<oAMP
zO_zpI{z@a@QB>-oURKNzO3()rDR}^jvq081-)?h=m<NP|W*-O=8K7QG(Y-#O&m#gJ
z!a&GYf${w;8Kdbr7VBYKN=P&X@@(-zVK}1TFD+YKeDHzIwFk~xWWv)(Zs<*>D={)c
znAf$npm{bGeP2^@XD>sd#^X`+pAP_bIB6b*JIU(4WH|(6LFzGwAaFk1*)K@Qa4$fS
znaKrA2_b99FbTME=ux=_fK18e5=YB)E2#+lLO_BjrYqTHX~R!YazTKNQ#Tte5g07s
zU;~FsqpA-A_%WhA9uAb$)NTS6=?TK&GD$3xMe>f^cE(g)k;re$#O%|Rl$uUKGXzN_
zJst#S%rKlwhf)lewLnUf6FL=Gc<UuR09hsDmeOGq68WK>5e07>VVTcIi6#Gv+Y+Q+
z5m}7S7*klgt@%;d*#%zvGE2=+IwEAwFcIij!VZbg6~J9|Q`I@E0fctCKnJsnlTKbh
z&p;*=80p|*DPZE0tPwxz`ah=rr}jc-np3I&Rr_oFcKwfh0Z!_F6LF2Nc9o(3q2!pl
z$qCg!qVy!u1G8h0`}Z-?`%08VIyT9=Pll#>CLePH`p8q!J-WikhBcp6V3G^7rr;Dq
z#wPje<Bt%(aYx4QrFhPor}VJ`!2xBW3^HJV6-5pS2W07UC{0)fKKrm3^(uoQu}_YP
zRD;UUshF13jkygZR+(2QmD;{jqSuDn7kEnavJm-SBu~WlGLKkF)h{}gji6+~x^b?t
zWB?seJm|+_ZW`{Vc%D}Ww|7o7Vl-P}YDlzwq&&L+hitW0Qmx3!!!{F3yN}2EY-0!@
z_Hv&^En-tAClo`om?UMO?S-<J@)PlWUL%eugo56IGrCEBNa)R)gAJL0zQNT-U<(80
z?n`Az0&D+B;)7T-MI=mAcbh2D(+L*(vH4h+rHoMxE-2;;A9L!rJYmfpsX;nzkWL%q
z<tGAI36yv}L*jM2#9JS=@s2W?oq-R6#nWFqY;<%fn5M@{ia~>rU7S^Jyn!$i7(6>f
z)F~mWRpP+FfM~&(#RI}7-P&2YwQI39_A|Sef&I3g1%!q)0gqttP)an*7m)=W`!+I*
zGhM_OG%SCF)Yev_hr|+HtZk*|<U(RVY;Wfc)oAZ~Xdnk;05axjrX)b?jA*)`v#@bY
zHAx#+N7O1^u58{LnE;AQ>b*iqS9wWCdC68I8-TE4^+vNB4D9Bh2BJs!bTsH@Y(h%=
zkSG!QCgYQ^LsesnoUqX8%4Dc<<MU-Px3)wFX7<v#iO(@#5(D-RqA|YxSo17jbkJ0q
z(STVEBvWd<mMZwH0m8zT5ur_NQBvh}nZ}s(*3<}AL@4QBwVpD0otkS*{a;g0wf(o+
zzc9=G8wf0#)c+^q8ehek=ut#!HuhlLn4l#qg`SS1?b1Bo21jn-Fy7bBK+Km<dX~td
z{~MWY=&KWb1Q5DaLNrF(har?sL9QgjX3OeO!^jxWQo@4}>jP{V9NNd<nNJV~k@Gy-
zGG(n&L5ssmXa4{Rt6GX<(7APhnk(Qhr1%260oOXhDY={J8(b?fgFcaO1TQ35_L%ky
z&8w$$sw*c6O;j5P1V-y<sdOR<2TFle9*=<PvWw<QG22Ju+X6gY@Ax8(S`%R`)iHo-
zNo%WYH_Rby350`deW3k$1DWNq>}4U^HX7_-r&i;%jxlVztm`~<CZ(S;RpO*;2H~vU
zbRrdvQS2dx9kNX_<XvP8i0)CTV=A|aoUZBK41RN7Ghl-xsLRGvrV^l1Y8L@!8A4r_
z3P6S_O^`$gg^W-^(dQ#Sd_ECFB8yDTb#rOta%vMRl=)1_WW&X><-xLF1!1GYg`aaQ
znUhBd8UqfW(=4tC*CQCoqX?KQg>wr4P`psBC4>gEg;PDY$K!U5Xyp@_!e|b4RLGD3
zX0_yC#y6S^-V^PJ+uLaY%L7%jh%#k^AoVaMnh%A{GEjp_4b`W!heKu=k11S+&~nnz
zggO%KhO)@mp(%RCc7U5&40L+-S>}hAbr!0}-gnUi91<2Jlx*mgQgT~ro})w{y(gTq
zfMAD{uXbZk%jgmsVnU)wiPlQWd4Za+9E%xdW8Nm?>nPo^5+0=7=FG!kNZ+t=g8fDy
zp|^mXHuxge6x_~fXI2b&jfd`0|A*UAZ0Eo{Km-LWVq~xvH+oVAbmmTtk#LZXLIUVv
zpDN7yj>yq09U%}s;uph1ndXBNwn|qxt;KxMG&X09#0?~sPFygpVq-9uA+j5O+6i%+
zLc_XX@^j$-&ozer&u5lXssC42+Wmis{=abY{O5#R<EuPd?Eg%1bj$kxb=31SOzgI_
zsPxs?#{RI;R#cqX!?-*Uh7IwMP_@wS2NN^IBkNJqTtyFeDUmR<YKvQ1H#UV^np#>!
z_I7pins7_=a<E0Ri@&Jf!d@(4SC+z;Q2N7ql+O4(ttu#Oez&W?2ew1u_B>t#=&a;^
zDMw81jTW_$H|^A3Mp4AU5kezOP~(EcN|@FqTqg+N2)0qq4k<oB;4R#V57?kbQNS3d
zP`5)GIr}`gLkon6na$;!mo|Gl8e%ORBGeciNZT6{>`%Z_461SnP5l{qqYcze6~zp5
zCd5gSJi-D)D4<eKo!!h#ka&elS^1C^*$yO@a~WO$NjC0{rUQ-}`+x?}o1$G@MagDg
zA{sNS*&I!laemUS_%*o3SpPwCwUb-@$6o*aRax;L7FGo&*Z+yQMqS$2nt}olj$^`G
zAsogWI=IXUJFF0}eZU}n49a4t!fjRhnHP)dW|V7uE_p0-S_(37Q8!2F(u>s&9VT3_
zf!kyFugP6q6eHY3$mD7UI!Zu7V6xU?l7R#ZQfJnQxPnk#BHx)2V~HfSg)W7cA$Uxn
zLlI-DkK)>14o+5>zMgI@McK|0q^R%#v4(S^(1&xruv9R=2Puvy{OllH$=Dyp85IDQ
z3VvR|zOTdTfNwtXhx}xoTPFf#P!_*GXgB!)mQ#@E^Gh%=q4qC8P>F@W>Qpf*UV_GC
zqM@L4&j@TLAE+^d)ka6hBD4#vt0RTUq!d2wqunQ<6w-4FY9xih+rZNRl8&OUD<${K
zQJS;~g#kq6)D@xs*qUK9vEQx=jR3&g$C{8-w5SR}17op4J58x5nD;z}*2X&)ERGlm
z(O}-vP{vy-eU{x|^4!?r<CaK^oS;dP{PY0<k|{D@_3Sixo$70p_20}94T0iLQUMtA
z`#(^fz5h4q|2H8QnTWvIuErO@$nMm$8`e1X9nU`7*O94F=6U78#7HAlLQ$BA8kw7)
znK~W3+|9s^U^d1;)@mXG|CZZws?&7g%wt53c?FD#2kwA0oH`Gb&uZ~7bVMv64UbT6
zeaYWNJJ`EM%Nx3a8Es&Z0l^ZgBrr~6g@-|5EWGStfHCnZX-vF8Wkq0#P+18v@oH-9
zG4b3M)?#gj#UT-?2>^*9p{;F8eQW(1^6B5WcFp<i?F@vqi$DR$s!jC`^({>`0rNd=
z8-L&2V7$jlqaB*84GPKtSrm2V7jFikq;VmoE(m<AtAdj1^q6Q#8ICjDv}Ge;<P>gh
zYRI6N+|vr#g&b5P)^MF88C*=W|3H$6&N{*w2^!-?#(<v|^Anfx?1c!KW^r4DNDc=1
zg&&up(+(<1z(@v54`~2^&)3#gQ3w51OK7ASk!)a4X9k${(Z~<E3?NFj!UM7qH{EFS
z8jbdO%rcg$p$5u!c#v6P?8L9@G65(NrduX;>I}CwZD?s;yT&VsOcq5C=NoJu%H4{O
zvBlCKhWvS%w0bPyof+`7frda5^#)W@fo>{GB4&XyCl(sC9V3zADJFv^r2ea(3%`li
znCm|*k0+@BjJf`2`~Or0Chh+da{X;_MOxP?I--dRIBY`td3^2cbTMrKA<{EqUqhN_
z7P6YHxGh9w;4(<n0}wkS5f+&>z=?)u3X=_o@=R5tOG(MmnC{EiZ_sTU4v4fq(M42?
zMz(5?xCc>P4hwzuM#KmTf-z30hEQ#)2sJ`ranN5Ctf>^@vQD%FB>_?2sg^L_%m&IB
zxgDySB8!2XWJ{BAZ#}LA(=vR7cas%6(I<&~b#GqNyir6`xw+!Qv-WlmEHVZzzL*#f
zBx4DPsy;o{MXCxy(o#iAsdQ;VA0*3i2*zSuyzDzLqWe_H;wn|<IU2HbQ05(k!kVc7
z8$4(^pRl22Wz%w+(v>~l*u1)F?WT<w@11M0LU&B<kYhT}#FW6Vel?NO)R@qt_8UWi
zB?-gCh5eYJ08^@h{-z}`nJOz4Q@VVk5EIRaXq}N>l)6|zo|Kf5#KfvBLcSFhZ$Ol?
z2J8orZk8hA8K}tkka1*<Z>JcJb-;KjyK!DSm7YmeVZ5$U?f(Nw5T9`g0P<JF|ETm=
zPR9S3h-<9==RZzH0~{;<hrcpQ|Emd9PwIaYagFy}j#?CVc-G|zQRz^AXd(#w#d33T
zb4*jBQ%>rbW09GcG!^o^C_JGLOFd`$QPb4RF;z`c3kG~@>U@FifP}*`&s3wbyy2LY
zoPBQkDIFDzu&Ay>k}a&or~|D?=r%`laAQge<Agt16=_+b9<kwJS2s7P9g0TaniVar
z%du!&@9Y^ILG2XWoM~M31lJd;c9z=|PeFn-5Ol;Q=_AMpkzuj2j#pd$27jdxs0vp3
zgZ@Q!Th(|=!Ku*OnjsZw95Y9<p3CmC@vYSKsbEZ%BFul98>u?g3<q|)+bLPBSj?Fm
z4jIxt9846|rJ~u2d$vLx3-lebJO5ie=c$wT4of-a9vtEb+5+wP*5+<bU&0oTK$yrL
zv$AR=>%0L^|BcR}6v{BO85%pwS4UXEoa1>l9*>cLoZ+#%GlO&gh`#r<0>&@fnTM=e
zC?D8&hJ`R1>Ba_aA<426I=-TkDW4NAo`!VdfdPXZrra`6$zyb(WR)vmjF(QN9$|9h
z?;CWDqW@tMpz(?V`Q`Qhni_xAr2an<*9rUI$iR1Ub(~oL4^)A%*XI9KHF^GXVlJ*X
z8eNS_W0h&W3<!ZGLGoYa!mJHWrUP|Hy(|P1jm5<8xPKT8*+p%CUP0BlBZ~Ezn{WC>
zA(<x}#o^01xl=hD)B8eS49@i17O{1r;jm59T8F_G&FZqv(%^;DS`>HE_z5=9+A~h!
zFc&QgJcMvEj+pUeixy8I7NRQND|hH>ES*vywv1#v<zWE%6KWXmleH)?N^EJ|(7bMA
zcuoE4CJaj@R^UIp9(Yox=^;%QJ!X6m+o?EPcE=1qCe-I_;U_E+Y*_F*O5uqbcXG|J
zhc>Y{faV&{Ji(V4(4dL>Nn<nvaW%wvBT{=oIz~iz$s)mD0~_^zKL(IMFNAVoId~_s
zo$;isr?OD4A`i<~t6kAZl&GqJn8&9OAV7r-0V;%&4#6Iv0*C`AHkvCl&JbjwZ<ITG
zl=4Pu-lcRW)bdVv>cs@`<(k401}Y+AgyhH-WV+5mwN8_}<1!`DKq9*6Wft^Xqk3%D
z23gn`%Ly`?JD7zR;>YiFq9?NR4K%ohriVdU&k7?%P<jQC!k4s_w1=d&@5~RimwD#b
zi9GT~roSSE^)ig+aYcUY3}0u9H66sJKvJhoEN%|(|6}h<0OLHWgIAKTUE4`~BqYH}
zKCi84*WN>?kG17QmSkJ;AxDxECz7&R?S7IzYcKD&tHX)8nx-Y8+=L@s2^0v>ghELm
z<qV-fNdw_7R|EVhP$&(h;V${-y*a*_@B4OFvSpis79#J?ym@oKdGqESgFJVb?NHkL
z@?I3PMmkh>$%o3=k@8V8%-lqX-N#6Mj9dk*LKN65Tcuj|#pRZHkd;CnofA3k_lQ-+
zzVJyy9aLzIWY<g`#b6{$SZ14JxcO*7o1+pNXxItL46kK#QcM+l7?I76L~>_a237Zv
zeM`|LMY70}x{7NqfaNs;!(SjHR}$KXEo5YeEMg1;tDDIL*mTO3@lL83u9^!5n=LJz
z7EFnE79`gvEZRv`kplCZ!%zv-=%CYtM<cR_IemhyPV!h2>Bc8Sh!ed~HIf%BPxI_J
zRjL=7CCMvG^X%wVsu!w6^MW>-XGg`To`i!GsYvtqTvBEw0zT2CS#hTweBE(Rlcgdz
zT^CM!$S$cj>BN#vkLO*;I@;u=XElRr(Kzdq+$(UpOKKiuRCRFJFGGl3>65%A&|+fq
z3p&B|d%ddDPYSQP(seH^U@PK40$(15aC$(C2wW0Pu^b(F?E?>_D`-!oHMs3hkO|G-
z>46)aBC~6JjiJY+OeU9&A2VgMhQUFCHX7xTm1$INkSnLDrXI}&m4l=r1%@r87qS_>
zIG#&^-anjPgqxzwdOW3%l*Zx!1FZuVZU^nSWp`)61&aD~F{s_b7D>R4f}STBn?2y~
z>+gzbe$dE=LL}#;6Dufn#d9Mdgbpyga&=^_+Cb=QbR^>EhVR&wjvdGl5QYO$csts`
zCZr<?!RU|n(z5=8=5!|A965UM0BmS~5X+n-7$F*UKxfrUSjwO=l7*a^8!g%}S*UW!
zpoF26PP2R;|6_~>)^})EUWscSp3(^-!b9{i3csGL{ZckX4)83Yn{-S&z#fh?Mg<Mf
zs$nYDcThlO_&SARDl?%W=W$kN29nsH2x~oCWH^v6^OVZPg$OWCS2{V}LK@wyxA1u&
zC+u`c%OXZ#?*ec<Htx_2Z6|_8(t38RI38{yNt-tZ(bJokI>>~-oADH;)Ttd-4m~*o
zm|_gmmfFD!*%ZRU=)j>A2!a~Q09rI)0kAZ3S#2~A9d!i!d%M9K9CitIy2#9epO6_4
zI_pVt9HXhJBnG{Ob4h{e2txJ)Buro{>l_={9nQHa=t-Tds}yb#C~oF+gqIzF%|gNP
z5AIYHdhZaw!C;eN<l=i3L4-86&`}IDGEC^7#Q|iNMwl*5GlRoD%}@f%=I6a&Te=&a
zyI_j}B`XC)SL1*%RmxNk2Q1K&bXdV>OaL|pO_hg5EHIc|<~tRtBj2h4PbG{ZI>KX1
znwg4Dvn4$|Y_}&K&rMmRR`wYUM}eIVa~C!)<T{rH#Vv3pDsgx+KPvODGK`?@b~b?1
z`l&)9p9i<<WG~g5Ho80=uQ&M`B(TX`i7?tQ^gFZ>@XM|p={q2e7~R3-;HyV25B~y+
z2q}WPaAuHiesCD59%=S($V^LoNjQv6b`Syh%_b2XMe-zEj7r_^B;!=+#pw|X`=N6V
zC<ST4p9YzLH8(=ow0PEySPUlSKqjm)fu-X{8*C8O2!d8-nJbIi?OQMi_X18(Y!m^>
ziYrO5lNT4Dpp5dE86QuW@ey6m#sO=Vb7-m;;P|n`WP-ATlCOqiT+SlA$2!ru+K3)A
zLk=bs4f|YLqjJS$_l{;mamib%#04{{jeA|vNMwcZk<&)iqv$a+=x~|~BW@c6`&cX4
zb_8fz5a1O4Tnp3x4}QwL|4iv4sl?<wJpi7<``?z<h4^1*<x_e7$$xu{w0^jd%b!LJ
zh-&(OF7}^WTemE{|DBD`{Hml#{-4MS>gu=-RM!X_Tr{|b9ctMFTLBb%j{czRF!R}R
z%lIHYIt!OidDsyZ-C`gFJXJDC#VrQZHAz^mENa*{WF}HZK?~>6ny|snmSAo?uLYQE
zKbk$2NKY_<IUL`4=SvKYspTKMDLTBFKfSP0@DB@Tl_#l*ViD~@MhRO_z8WJX(8UY@
zRL~NQB9w?;LttsM1sIp$5pV#FpkxXxHAQ4GMIy*;KSFlz^yI#w>C^B4qs@Sa2htRd
z!N?H~p4aCZ+DeQXj(dzS5U>Idf$vE%fXsjq{T~!^xnh@5h@cgu<K=NoXOA{ao6mim
zxXVR(oXC_^90bYuMWc@gbQ(!xVJ4vp99+cBp3Q7AHvl%IiQr}tX>@J+a}?HX%mlAy
zm4KToa9&wEuceGAUtW-?+?z+i$qA4B<Q!tY>a1dH)JDq;3&lz{3$V}_GfERdqhie2
zRnY1O0d#G)>E3J>tHNpq4LQLEGH0sJGOF~%9>+m!TxVfrxEvv~s#Zp}_0$MHxWFi&
zd6gF6J&}e*9f?e0f*$2C3gFEZ_X2!Dl?wbKBGAy^ycGgKB*0T+<Zxf_;r^&!>Z%GQ
zO^oW>hk}I!bzJZTc8)%?;{W>ee9kn0c%2dxSVjM<8JzvA{9kip^Md`yS^3N_7v<#t
zkl!na_47x}@;Ur}W{iw3CC?@NmzgUSl6pn{kb(dk!eK2AQM~L{N5g@r4u}(#C2GMu
zIKKM`ZC1UmS*HyXq_~yh6$JqF2uM+tgDhp36E2JuMp2Ylt1>JUFKr#fg4>jpBSe&f
zP&||$#pfYeQAD)Ne^Vf`DH;UUH@p$_{#2&4UFFB9(XYf<A&U@Zd{tENRg(V@4G&~-
z(!2YwBSoxPCSwv(allV$)cDts#gM~4SO~jH{`$NpL-IU3<Y{!e=#$|&n=xR8IV&T2
zMK~6J(Be$WUOFVaiZ<Zfr~Hp{QaZtko2!tW+O)8KNjETS%p@6fJZ((s{1!@hI-iv=
z=qIF^Hi$F?^=!C?18o^pY!QfAY5#<1YjKm&XB5^Nd$pvo`E+6i*jV>kY4f>bWPZO*
z5DwXK#l<S!?zyZqlu~8Vkm24gI!zS^0^Ru$TDY%IAGM^;4n(Cq$j<c?>BvMye1n5K
zyJ7&PXN!fIT|V~9Op?8`i~P{1lj)L4ut#_8jLLZ&60{Hi5N`k$5GMQhFBN&2st9va
z&{OkJ4}V*63=0`I2#}bOb!q2q#ZjzDT+e0J9p9nQX!pwDel25k929D_L_Zmjq}a~U
zU4G$@lLPoA!Gz0jFcr)44YDn}P6|JO>Q=Ou<+0M&xw+u&H%_=*8u_rfG+@pHhU&J_
zQr4IbTR?1oT2vnWmf7jNywmF=fx(+1!<&LY=e-=9{>wCAS&cF)2g7V?g9tXv;Hq|&
zk4c%X0(Wcgr3Ge^!gNh=9;VSvQsq)@7e?g?R+C3LWi8TiTNv?6LMbcmw9v0(VkhPt
z26nJd4&#I=lF(&a({>td72LmIUU_j7=1cM>E8qyPM-o!ZSr8=#ERjkn12!@Xv5GW8
ziOp1oG8!{=eS#1hQVo?WF^S4ZC25Li1$S&NDhDNS>S4z&KyoromWnnl;ZP^xy02Pm
zbE`%JOR^YV(y7L3tgx_p!09dF6!g5rYK%d}in~3r&B}2j{I`h9L%5TaQQ+CMLUEhG
zZepFdT^hw+8N)3rDaPBwoH1I(xPGQ+YGG<BkBRF!%!)EOrK;BYa9#jV)56Id^2>nN
zYiY(igtZk=y4))iRKWk>;i^c6#aiOwOdWM%nKBY$w_PjEpnBt@t73FI#C#_rVs4gT
zwUdA0|GG~prwZb<bl4juOCb10K;;U;H?;lAz}Fyf$U#n`s?WUpuqw#J(9UUOc@LP-
zmX4O|5S`K#1nq)+m)*phfa^m@`>96Bn4VQG)@~G6t9(oyM!OiB2*GlN=~{*}&C*G4
zI`4DxIe$}h6S>pTQ(mcPbUG3tWh*t%di1dhGu0N0XR5^Ou-5|n^9C<V+AUqM200uJ
zuq}X8&OjvdjZk5bO?wNhmkPyb&ne;WXDg<fh<{cBenN|?NbuEb@3|IdE_~+rsVe_x
z;hWB!|EHGb=0=D9N9&e__#bEGGruBrr~F@v{`tou_qW9U)A>j`mnkRX=X&626w>pI
z%29tQsWj1DRelB>?4ZwW8uXnzq)KG*9VAVzRges^=L-oVjUeOX;$h|!N!_jmLQrJL
z!4Y(-o{u3*qW*x>v)<eU>f-(&>WpvNNPk!XC<@>evIuQG(0ed!7H7c!C1<NhuL_A7
z&`vpe@BnDBXY36EP!r8j$xv8#pAs{vXMs|Xb(3PHBwV#gNhyaKNJG8Jl+PPNROqT{
zi9z@>Y*#c@^-K|&U-Mf%B`Nt5?<sbODu|;Z60{DIz}AU&REc(~dA-vyTRDtxnj4KV
z#9~ZB;3?D8@}wVN@x-opW8~P++DDJ9yJBuSlhy)+rOPqt6E&opcD2LfH$Bip=iSf2
zHJAKB#Sv1cEV4J5@Ral*l_QNZiW)i?C5z9RW%DYmcN*DgjfYrfvTnqnp;@dv*A&<i
z&yxzM)6fD%&g4%FvxF0x?%#>{rXvt6nIlFM++8TGz(pgkmub#}O9M7&46`v~{4d1}
zytajzB4k&L%2h`xs1zj!W8reMUDlxxbzui~@;I6a6IO)0>0yzu1>(5V9FJq$$rrIz
z%oEJ^-m>9mRfW0m&Wb;Tk>2ncazebZWSQ1K;GhI5#%vA<1vp{#UI3~$1Rm7YQC7Y&
zaMqQQO6n#6V)dfRzZfs-3*JQOI#MsPCC9+=d)PFJC3%dH9D;D(8Z0d_TGUbXDG71p
zvSaqqBO@2jnz&O^MzUxLPo|yL)0K7+2b|W}(gkdIk53jY#TOcS$i%e_#wJpqa@c$T
z2M51kxM>kNYRx3CT)I!_@`YWfk0!tfR^aoAdn$_pNt#Q#nl-J<B(`kOk5XK|NkxHS
zvHl5mNJv?@O>wV=dzO|p<6u@|yK4zdAy#orT(@w9X(6>OG_i7fEW*Hq{V?qY7)Ph{
z1{0QsPi>sNVYo-xlU@*weX%*X0eLe7SrPIpr}PZYz?dIufG*LUFM#Mt$*Lm7>EZ&+
zoVKx5rc?}b!7AqXtPD<G<RQSDIFJmodXnP?8g-^%eqia4-a{)~=pA44BwMU{MNT>`
zHXq>_3W;Kl+L{qg0{v?OUjbnjuu6=6m5}KZDF&<t_|?SY2_^+y$+(<Torq%h%s^u7
z5C&~0`;dX#x1vvRZDAudT&K?~zvQc;?P-1n#6x;o&$u20Y=;K`z}?!MKtLu=56qnS
z(caD*E{SU#G8jZGOKE1SGb#6(bw@*=7}aJ9towBCJaD#C1^X9?6qV_^&0IIb`DZ+L
zC>yhq=Xol12xdb4!qR<47!5jku*m_AFoc9tKt>YAhHPiZ5tD$TN4~|h0OY|~fgeX4
z?{d454)?sypEZ42wfWPW6R6Bp`G+9@2?;>ADXIPrBww?@885i22i~1~tWoE{Wds>q
zr6J@`x6W&g4Iglpc)GY<X!t?GhLw_kmvOatTLfXuZN(do%UDn#Eu&{f2s?$N!2GOH
z)f41ep})GG(o^a!hqOONq4CE=Oq<YW9EJ!9!X^R?69E=O@WxjhoB(zJ|6xoNZ!}4=
zHVkbKUG)(E!pM^D5PAkKax^e!O(Y>`6zx(z4NMHx`XD_ag_#%VKt4x!#E~@eW*7&|
z;?D~DD7l1Wle)ccgtPHlU=sg^nIt3T6|^Ns(4<Nf2OnBs0~r9aD~9FW26$X-tTeI?
z<{$7;lAW~zGTXfzF-B}K7QJf2u;uGW(SCB1n6q+(RjR)}7^t7x9Q0c+#PBZA$Ts!_
zjatgqUY18I^#V+Ga}(R&ld!8nx5;j*;k43-p(XkRS?HtFjyDNbzdnWRoj;u+w==*8
zQKB(*m}^f}s{o;SC8~x6YV#;JH)}V*bsafWCVe3bBZu;qgyy;y>@n0$EF3`IQF(^q
z!i_THsS*MzxNyAcQg*xEYzO%Uyy=oroUAO?pqMPVhFu(!O3?=cLLAt(x1J8*+hih5
zR~`Fd<DbD!3m?PU9sAtE=ohci&5ey(?|yz&;3(UzxNKhgNQfF-hGS>F8QlfLAl_T>
za?cEk%HqN0>4t1qy}2_={sEMfQ*exhy)Ha|<Oj*Qj!0``t9B??+><L&ErQeSzF5`n
z6Af1U_Q{4cv0A}_nJFz-EMToy0q?eIv1~|V_;73}fSD87LF)>`F!N)LW>dV1863b3
z!rx(Q*_dUPi`6sKlH=ufK>(uJ0CPavMs8PS$h{ZOyXBDCtfnee8dYm82kD&pt{C;l
zfJ;{VfW?5LU#+uI$Iz(uaJI#hN=(K9o+-~V7lR?Hp&uXN200`6%xE&7?HG5fUD^Cw
zwS%Q}(Fpe=z))c*>-X7RTQXVJ09S8o04^;`DBlh|?oGYe?k^Qb!`u7~g3n?a9<o?0
zf@wBA7055>X+=|oxxio-XGP?O!g(*sNXfwhr9dn|pP408K^Y3G1u&*FBj+V^nH<y<
zBj>cmyrE1?V=xdx-Ez@JA4!j6%W<S_D)pod8E`=*bb+}eH>;@1pi<A3dZ7>px+8m|
zl-X9xi6bZgJ2p9!Ym#Mj6?A|F=4kgfMH>C$yyTOlT}2mIc_dx23@i%fUxXfUUG1os
z=%-~Z)n0o1vUYLB4j4dw*~4OdsrnhQ5!MbyRvH?IeiQC%X}ZL#y5CaN=4N;jwMY8I
zT%3wFMtBdni6*p%Iv(cV;>E1(9!FOKX$51dWJtMhHf@x+bpqHBas-w}iq&jt8(C3z
zf!(ZOMe!0S%%+=N(M1vnS*C?g+9-<Mr=kPIMBC%!oM1ZG3j51P)qy~;FMJ|G7803%
z5z0ft`(U}TMFn$peC5F{r!8U|;Q8)}->-@%_$jE&g1xP_sbEc&374e<cB;*uWxEv(
zrYf^QZs#tG{H#oZeRovf9&=oPe_V5C@9v!T?p(TVS74KFd@9j|JEf8Kxp0>3yl~@$
zxbrHFvF_py#_>{L$aBCrUeHGwXN6w@t6eEAK(Q)(wLmJd)fG;@sMU6Q(6JGzSVB51
zu@EpA^b|;|+%%R#u^>Cp(p)cAb=1thiTfkCWv;{o=Bd-mKRzz-RGGXvb7(dO?UdQG
zKN{xDg~8(di;!KatWFi~i{#9d^3)YG<-wAfRGiAN@tc!Z5zG%IhS`*oFTF)rm@J0K
zdhSP3$i3eIEs=;TD^`YC%BBQOg$Pu<mAqSI$;s-voK}|g5Fv|<Mde)kS+vk08lhy8
zo{o+-P^*ABHG>SnEbC+^GnFt}A-rrSMLF4qL{FhCtMe3u8P(3NVC6@)IZ%1|+EMZ7
zsC0Kx3HTW~W2zo8b2wq<cC?(vNkPLIo3l74EUHhII1Oge6l(U{E0^rED%DFyu1cMA
zCf>?b|1@cMm1C}w*_?aP1D3&Fc|$aKVQHkb$H2*EoZ|^F>P#)Oj7nBzlr{<sDQY^!
zEVg9%b4C84<Tg9O>L>Wz&sr~D{3)ozvfU1i(<(`iES;(X*d$xp8!pq_R_&;!YFUyc
zN@eY>ptczvUzmZNdBW$VF(6fJyR=3+BN#1F&1r4izJ;nTji9y|{zijB`dfvkB($t`
zoSUi_L4#!2-a++un6{p+4VRTSiv^RJNaoUKYsugmuy5<Kj4aIjL3FYY0(`9_oz6|^
zDaOva5HBU{iDbN*%4KzK`KK;e#p>U!wNP{xEp2XW(mD|%Z=QG$tI)d^ZBMQ+Vx&@f
zmX~5PId`hejU8t}nCE#ytI%prs%71)L%jptF{*n;F0|lKpQ&w7nQnNLT(F8vvS_E7
zOrYrR$&P}P*%`lht5;1t-ONCp#+|2dkFu{kH%H@M?<_9|6gK4|piOZBE#>nFjNmhv
zcz`4c7KeSca-_!#@q=NC+EGD@%9*$^O5DEH7F~!EH_jzn%g|wz7DRo>f!?lOX`PoH
zdU&(b7@4F4PaUGW?P%vj&t>O2YjSpnJ3cw(O^v>-Pi<!-<4}P<SH61B?c!agJ<tre
zDuIg-lufjQ_jPbGx2NY2h?L~#0B}H$zpD_<IovVOxlhW%f+Vl^@IX)Rp?;Rbm{^j&
zw|ju4ktG8-j_}`vr6Io$?(gh9z*6wcB57US2f7EkSt6Y)l6s)Gb3aRiu?zW5+AQ%z
zP%&42*`}&xaUP(Q!bS=RAq+@{KU7I!+QfsEi!y@5m&kG>0>mXpUTegei4N<EGX8^7
z1K69bTtamzpk!4(Ak;_7b8Q3l=lm&S|Hr@2OC59f|GlNLbs_%mS@~3%f9j0?G;Khu
z_<w}|+3Y`?T3Q$EKhMf%eoZSS`_In3JqJn&$^O$a0X1zlp!gQukxdmyDHdYb)hx6%
z3{i=-{kUYovpCa__wgXcj@636jGLQiG~>o?(dK5YxjEL@6l>XLk7hi-1L0%FW2Poz
z2yw%ED=IPfPNXy&^-_`(i7`E5>Utub4oZ$H;RYbPs-(Wk=e6l{ID0aAZjaF4ak%G9
zR3Tf0C3A%WT7t2lLg42C{dJ(yJglR(NF$72TcpXM568*`vOyn2xU}ol#;@z{>nE&W
zNb@s9T)9?bAFlHahP?hrgojuq2qO{yupi-&CASx#tqeHIgg}2k$O@{OSQusqgA|dK
zK`t6R88J~WIy$vRvsl9{#mB3KW@d*eAIFLtsW{VeZPyz3dK>gNkaEMr5fQ5?&_r4{
zI0$x14gTQ<X8;_%7*FI4$x8=JKIOu_ef)72o{d77K<y*h?~{1t-bcAkpBG9-co}{h
zLE{0%Az2XbIS>~y#fQ-9474*MNlRVitS;SakTmbrRupvV2j;Yza3DwB%+0-e7PM5Z
zd>qt%tJLp@`azl(=TT2xY7MDPX~x7LS&6I$Yz`7t96-keQIA)Saj_Y21pNKohq~fj
z9RnTyvfb1nhEzH?X2YgAyV+pm$OV^lsX#q$xpgckk0(&3EQp>D_x2BH)Fzfyj%yJ@
zf|1Kc(P8hJ4O-G7N1yt-JG*<X>jqVGM@3_LRxh9hE)~2GY_=-ZAm?RkWwfFh?nCMz
zFaX%Bnq%UR!|6bfn}aT6GmK5P)D0LWq}WIv*!Gq7^{l8PoW~%)ig)%NB=_sKCW~Ii
zL)w8O9dVMn505sbD}Lc<haO;XMfFpv%#JJ&50KO_q2qp^psDeYQe@VMv5!*W<m^f(
zS#hgPG*Y+UM+0_)_#40ZrmY0})hdH$w%?aY7}+?iC<KyCmJ}N@7Ssx$1I&`lH$3c0
zfZ2Sr8?@vx4x?%F<-mw?e|I05z<7V}o`LH-`ntI>I4((ubUKwNfT)7Q9qKs9VI)by
zI2kAa+S@VEeSOCb@t#8i-F<sHIsw#A_&AU_`6Voe`+5g@sgy)Wq?G*Lz5!<~;1d;(
zjqYoYboUR$4|Wgi>+NE2T*yK4VQG;j?CC|(l}H)r>p0YZfV2?hK$hn<4Sj6M`c2S~
z&c2?*17*6)fk-p@Zix2}^z|It>x3ekyD&rBd$4z)JH8Jn4k{u@i5*>CeRhjtY)WFv
zoG5}&GOz0e`UDPcIAZlF?uP@gbR2<>-Eg?uf%pg+N-MFmm(0ka0S@Z^>O|d$%HRjO
z5A9{!w9+#bJ-bm=qmmE_Ntw0&265`+WbEDCkd!d^B_V(z2r@|i#Qi}yFDJ{ZrYl^q
zEI)EOO)Td#+HE-mZEppf>8|{~tBKI{=Ahv1K+*}FxCI834l9<S!eQ;C*XQ$A+`+;o
zDvoR*lmmu7LQ;U`5*aZ;x-51vq$%x?%sdLYI5`)%zD7ucs4yhKXZiB9<!J4iOI4go
z3W^4Nt#aV_fuG>@v1bnOghuwM#TLjf9@YbMfR$kSFsu|mc&+&A3^}J`%4?;-0f(LC
zQ8brlcJ^sKfu2^WnBJ7f6J2;xxpTQm1q~x+L^khNoj&QR<G2^kZ*A@ZXlV^r5IkEP
z(k!;(g7EfF;!{ojm&=YCW2fW%%~Li0UsGG7J^l+xT!{a7RzCAhe<TSYT|1=$UYalv
zOoR&S&YUDr5(SEdOJ#s9Oa{0;+PqC`+8S$Yi8Zxq$Hr*2XFvof$Cpuf4!=vrB(UHn
zmjF8R2}4>w6C=Hp&xV07pR39qeLkPcAJL3>L5O->TMSnb?xo1lV!Wpe61GgvmfNfa
z{P4~Y#k5E|PkG}(ny8dg<-5uWceLZW4#M@uukYT?iyN6SwYW4AN&)cGOMtQ7lkkeG
zjsaPQ5R4Go2@dtPHEwGp3@u;fWNneF<hkC)r~Iix|G6s3X`KL7=zrrD`}<#WV@pfp
z0{uT5pZO(u^7{|FWp;y`4_HFx{89d`72bg46-!A!6x$kYY>GBD1LbdPB*gy=zy5Fn
z!W%=yHJWBlj)B^ye>yyN!pQqWzLV#A{;TYNiDaI!_|IF~TH5UIzl|*m@&C@sXMPvH
zwErP)<k@}wwXIdU`5W2pZ;m##XieK=Ese3Zwllf=xm+tf%HMvims;7Qu&dAEYB31y
zbj5Fx8Y{$2yGz&``t<BZmYiwqnVP#n1)&8;q>UDG8BBq}2DxT~NdxbI`l-WT6e$G-
zP&B7TuPz(s$2G(cIE6!CcTt`rx{t$65Lk~n{JTOogj1k7b&Quf8=bS}WwxDzn8%4i
z(LhCOrg{JYZcNcXt(XHq>YAFl*n%GnTu*6eEP*?dJ=1geY>9gp8<_#wt0)p-Rgad^
zQoX{17HOoz>0FW4Lgh<V<TskCNUaC`%zDGp1V<pZkkMY@UpJ(Ov_iZC{_M6-1(pZ5
zS@o$+!FqF3nEZ#|*_2S9pO$8Cyn|pU=2-Uw<TuL85V4%R8<MGL6v}YHrU)?v#)sG{
z)Nn?q-AXs$_hzk03uAd^6=y|O7vM_Jq7Z`b4sv+O3#+tB_yPf`tV#8G#j?i;Nw_vf
zajJ7{L9jP}=BXF-bp-<SFA6<}g%AR=L4~q(U!`D;j55z}911+Axhw_1hjj-=nV^vu
z5Q~DvjiNuM#&h`6ir!fnqzKTVkHS6Go{Z%oAQ#DlNLDNs3SgkvsFjTbm4Q$<86(SV
zqaZbe*n@nTQEMJrob(=R7S=rW@L2+hWFKIK(c-gD=g-kFw1}l0!+*kjF{kyc9BpfM
z?HAhg6>Pw$b_uxfO%N3P9JkGza-p`Q#3Kn)XTiUjF&2B?!&o_cy9fM?vZxvRx;wh;
z?#|s_Ys#BxvFBe_zsBP4s1_(yE%#hcE%!3r{1}FE<qidS;I0x&wR{}aIXzklOK$YB
zO1)28E;@s3$yX27=Xfo3e?w)jZIulbS{j?QgSkm^q#V`@nM4+h%4THKDtEmasAHrA
z?lJ>v%|WL{7T4-=waoH)UG;|~V@oMipBz0-M2%Cz>Di;{&24_Xjt$YyH-zGh4-cn!
z8W{+eV-k@FkXcz6ZP5-hmcV9#QgwJlMS^O;gQA0A3ovM(65P+SWpP;1xmXgar<Sk}
zvEH>@g?WPF2oJ+N#qMNS5C=gfB0NPleXaOBR*mfaUwRv>a{s3b`t+WEs@(sZ8=G3}
z`u|(EY-wA#|DTP|d|rK(`#%t$vwQy+YZY()Ev@v$r>QyGxLs>(iM2Gxnzj*k#w3@2
zJqsR)&xq)+>K#8E7Ri?4SvX8J%_QBkaM-DR=F}ahPf9L2<LoM`s)A9{tLA}T77r0l
zhLTPhQ_IFU-oVJqcPGLRwvj`HToG6*n(F$v8c>E=?y0|X1(5(q<nZXlf|*YnMbsS<
z{Qgv~kmBA;sdCbk9R8akg%WU|?iX>tRj(L`B&1C_&K1nCc-(`DEEzkv(cr6PR%g+C
zGKrZHaz%zXNz!H7?p@lPC~7e+nMOy}bf%^5S@=kECxH1T6PzGNwO;H7MOpEJg=({G
z!yvB)8e{~Dnl6$lFDCP0a6OYw%#aB$7D`rBLbEVQmH_x>CF4#N&!8bp@ys&2KF-tz
zseT#-hSxGu9)1ukV3bPnaD6>&E`_Eor~cTXFI02P($wL~e5?e^vadkfnzU|Ga8Zh9
zs3AV;<;WJ-)Cw3u1it_<KA#-47#T(26M3i|WHU7C<t8q!vpkbtSZ$A-){&3b5`r9%
z`Wf4!B4MlnW1E@2(rCJ5jw^=X!2L|<dOn_j7?6Tx8zJ49uv<e)Ye!xZS|DSNf%;WQ
zqsxdJ+%if)fx*M24UR4&ka=*1u#ve7LLN|ou)E;y0_7>K9!=5_IyAe`?C9;LEZV_A
z-_CtaySn@Odi!=p$v5B5JX(<FcloH}TS=i1d*jEd{X0hr(OuAHDT*12@}$U2k{n9|
zM%cbvNnT6<SRpo;po;mzCwmLT7P$#(Uki~oHR_&&?`33gQ&bpIv`}-#o}NY;UCc@*
zS(`CD9xP#7AOQk8GMOVYl<XoY2`a^yg+If~erbV{St8_qMr+`_enU_WCTiPHoDe{$
zXpR}i$TD$v2?ixeN~9w0qBn=VGV8JRgSVVq@v?Ac;o@NQUqT-YD#)zkgejKFdE{(p
zAa|$+sfaj!#V-JgHb_SR%<-%i5i`0N1zQ0J?Ju*M)HT8A6$`Kc$Ekud1fj&Jcd%VF
z$g6D%ReHzfkSEGfDe?t<lDfp_B(+H<q3KY?X@*%2pn5Gzv#2xopme{ql!)7T^_KOw
zPj&oHBRg4fYwhyaG=_H?yeXy)ZwC2m4CJp77Q28szvMEm+?38ddEqoRaKb9bf`P76
z-<Lv6!(&oWKb<sNI6~u%;u#>z2w{LYIs=wtG8G@_FmnJt+#qhmQRnKdB7;{aaPXXA
zxuI4fsXpyE55!_{9B$la_9$EMcJd9hA{LF-n;1tynm|<f#|XdvkbRr@{leD361y;w
z3=99pYvi-xqUrCh|F5Adr{nmY76TzqQL3Sw(1$`ZDIS9@Wp%>L=XE<cbB!R_JCncm
z@DOa`2<NNVa)d!4>|2h}4CI}<sOI+U&OtOrKz7H;_#pSB&M+8xk;Vx_FO(}V3odJm
z3y05^NOGLMj0AW#Y+i5}D0?R1Ql4?Hh))+Q4d}xPx&>vjyZ%E!W>sbhcNFZmSWqWz
z@?`pUpgb<{S#Z!+GiHB*U?G((hzJ~<V!C2*N&{sNiQNS}XCe)BbOsOE5DkY(=-fDj
z8Wd<O$(d9sSDXiGW02m^##8P|6tyaMr|)=Eg8sX_dPuX4i_N4Wtbn~|HY)}>oV!qt
z%jG6$s685;PECgU23E$w0;*inAw9Gu0Aa9sn`9zHR+gS8l;2a!2AOe*bQs7+CZ^5E
zgiG*fxO0d6jwD0#)YvEpOHLH>|DfdtO>LA*cp1jo`jwMPio#;U;O7jp&$;s2aoO##
zy|HnLClyeqF`h2v?&!@CfjA2EMn%^eIh9QspUA!=v>h&6!t2EcoS0P~{H(U@Qp_tH
z==EbXPr>J54w*7)Mk&X1k(ZzBl}jBA23&4|TWgoLlZ7)ypKX!kcquzUm|{h&U2z_d
zvN@EW#IQrbpeq8}S+^W9!Q#cWY~eCTwCgofTwwX_TUZalAjvmp`U8@!b>(^_0f=M~
z+-^HLLVWZsH1^35Ak0=)Sr+tSue??W#$7i0laCiZadamz`Mzwm>>ns3vgW8>u-?tc
zer3h{>S<yj!^>A0zm#I1k>ds#39$j#`?c6>8s!3M>@bMK0xW_0+7VNzwhN=Lxp4Y)
zPtM|);teaaM{RcoMOuJ|8gDw3fINa8)K)||UF&M<bL?~%aRuLOe7M9GthAr;WTNbX
zRM-&)kfUI8Xx$)ek3cF3moZA*w_s2lHQM51SAWTp>4ST1bW^jS$yLT;&c5ENwy)8q
zxnU!SgdP)sfP7-Qc#lQnZJ&BuLz7RoI-n-f*8OA&g*#w*!Nzkki4?O`Mk(TRtWmz{
zr7f)F3MD0Pg|%0CX$e&tbdf(PyU16Hq#%NyqSr7PwCT~<@@<PjUImrjDBTY%=b_Rl
zq-R05BLj?tk<jqtLK3#v?UCK3E{sYuEQ&Ibm8_^nv9xv;tx*8Avm7pSC%-Z-Vs}?l
zY0Xcr^H&bT6`nG3;F7Lgc_V<w^g@OPD-5>7A3SU)9QQfYW|?#(PqLf;1PErcMp`CJ
zwBZ<wQqA*9IdJXq+Acmk*F7Gs?efEcncEJrqLfN*k-<*d$&2z3!G>F15pMbe703+>
zJf~sgx!DC_@M92$@nR<J@XqZbt6ksK+li*<`vwjk&<-EjeW0gP^M|9+p6-D?(P-B|
z7tLvoG)AM{hy1&IJK^`PouJV}ehl;s9O&MqG;?Q^Ci-?p5oqV`-mV*Vp;%ag0nzY)
zqL+B2?*L)iwW)+j^)LXAhTsJsuXw$V>^ux;5g|bV4WW)kC1FEwhm)DG4S(D0hrfdN
z;IlTiZf%&`AhYuIR7nr?kSG>(!NkUW)+4P5foC`D!Z{DSk~p-k6a}HmeqCD{n;qN1
zRb$BB1a9etE-~m6n5If?1V7KDIU4r{9$=5WBStnQm4{1+^A*<q1SY@54#MAIair2m
zH^N9$kN^V>Ni1K`d8EV<RRGk_7|FMuc{PoC4AtV|A|8+%fb<*G)@0%rz%0oN!9);{
zqq78l+#m>T%emHTSoqBDQ$_zrw$nUiHK1zt->pqs?Djv+O$+)zXXP`$+Aos+53Zb9
zDFC@@`&3f&u`f!?%<o*O`v}Ub+BI9cftb!>t}&N=ka9$Rwz1p?iC0s9bnvF=FuDwq
zF*wW4@yUlH;Id3rP9qLl1#mu&TW9zPH)r4uT~BpX<&l_;y5?-=gk8(d^=>@-pDOep
zl;KZT{j-|?-{#h>&366Iw#JqP`hPY)^GgmT`hT$JU^iZ|=h5!F(xJdtDjo(~ESv8p
zwE1p|H8!4Mn{U#P?&)G7k%W6H+EsPr6UlKfB*eDyvCszK1~tk90Tps-a-SV1#Jh(K
zTOq3#wG5$`2|9N8d}%r)+Q7i0-ik5F&9;QGV!#YWG_7ApqkF}>u7%erA16&RGQhtl
zP>B(8XS9iIZb};`{}FIXKp8$t+L_fL_v}Ku&)S_#kc+fIvJ2XX4zCkrP{<E_NF14A
z(rW_KkxF4)EP6ta?qFlG+DxugU`|}H0y6^fF0@Rppv%5EwZurS<UVvE6ybBHV2PC0
zx2F?Cvuz>xy9NJl#lPD^xC)yaw{9gP2X|o?d{jvc?uUgL7%ehkJK147H8mA664^u~
zR~U<u%b+oqMc2tuERBx&%;>I&yR9y`1<=tcKq8+{8}#IjCSXTQh2iQ|^oIyYqDU5$
z9f+iDp3bBZVEp*BJwKC3hRJPoT%T@jM3`j0=mvv6Ig`bFA%{?4IF?B}0U=dXm&zp_
z5GJVAVlJuGo|_~4q8KKlrzbKL1IimK!=%R()nQJISB251^{Oz*G?}`pP-d=r$I_0$
zbLsq8RhV4L+4)q0W{o+EkBwngJ~e93B1v=&8IBxq;*%^GdAi8-ykh`t5LE#R&gw~$
zST<(H(FT$v@*D#vGRF!D$ND!5V<yX-b}m@R74>EeN3$lgDY6mi$V`_U#W6c~!bqnR
z5t1!1O{X10fS_hrpHAu&Chy#53?>h{Z26p#WuxWj6TlU+VX_F)NIej2YQ&{~06CS&
zM=+CuWzvpKDWFIm2Qn)`(Yd6slWx`KjHEs-QG$_V-f(P+=`bc!EXkBJI|*u@6Lhr3
z9K?d;kLxBGuCXj5Ty9l}8j_}i1dv>FoNl#b!I{a;9w~%T6=J$7#H3?k6NpKJuI#*H
z7^lOdC2~8_Nmhb2bPO0#2N<MM0`J^e)8TQpwWmRr@5qKkYvGPN7NrVs%(1Yi!^g;p
zCGBo=BJYHm$R)BY*JYxmTxb1qu45}mx#>hvcN}liVN9l-bLl<rw^=qTRdhBulMa()
z%+5OY$#j@71xYsMNw*1+^4%6Cn`&~EaG7dIrP)(1n9cEAa$+hmsfS0!k|BL_4k}5r
z=&j*0=w`7rI%=>PoosdATr5KX6<h{`rXz^!+T}~Pm~>hHB#~yi%`Bf+@-J|Et^klB
zfT}>aWEXOybe@WCEf=})rBZ$-;X=JIJDg#wH{)PF1cXijTy`D<pa&eiq&i?Qna+^g
z^h_lTGfchVBG3uLv3sc(D#99+FsGC<a?z25Y0ybEvnjXaj3FhH9|lh~T#_eP!)?I%
zv4oVI*T-0LvukRLOKO50>6khlCO<isGg>wy>6(#gDaq+j16b<e>@%)|W##F~j6Yd^
z#cZ-&<$Us!@n|EEOwPCrnTRx$OpVYDJ#)gALsIB5o59I5GKn!gN`6ohG?uXv$q#yt
z(1D?eV~oQwbSaVipcJ3<)Ji?ZNA_6WJymx}&1WUpe0Ge{3n`KOu*ebff9A|7vRR`!
zMLsn}!!0#+Y_en}1M>nYJgZF3lrn-A_r!*>kT9)W!aZb4VUkqT>Had3IXRd7%(Cuh
z<aE41kEHc*B0G~wP{jEWcaRaIC_u*CK?u`pp~<_$<c(<#QWzVNLC8<Krql*ZOBGM6
zNT(%a(^DxWYs$!`a#N`i8!iK#NBO~zL^^7W=_X6n-I6o(D5R+wogH5A#U<G^(m9vp
zDHM0J)X4%{Ht@wI*+^nDP|JaABR!j9bkZ0danDGaQVEkboAXqbvII+YCMGCPjfsS#
zGwA9lP8VHL3&m-XS}>C1@P%cJS{X&gM2tyofFC^7nOHO@MIu=nVG|4&AyjY}^_or2
z{tF<9>lar8w@mqlD7BrO|GH><hLMs<Bc&^(+dWlxNj+Y)5|5XR<V4Zn=VNZNY}Rzi
z%EC*QM7<M~DW{o)u$%aeqcn6m(;PFxn8+3oW)eD(%Z};=J)1<Lkjtfui8NeWPX39!
za95H4^QW8BdIGNU{@dKr;&}hv+O!b=@2q_0RS2%W00@Piv+4!HWyRu?z*Z3iu(3^R
zY>hQ<i?y6tH?X8pt_~oaP8@7)c5~-Ix|agYbC9c#=v4Gx&~<Hs9LrQ~JTYSC(j~Ch
z9?{2)tf@^I#c?ot4N(`4sDPQ5y#1jiodG`j$k~+CQ?vlo0_dn-whdW~Aj4*W06d>3
z$0sPh<^(z@SkTF}+?XWoC<jS8ON}|LcG%z1Wo0lCe1f10+I@YwSpEr!Q8=sE13A8}
z1BQ^+6l&r|%?Q#CUaYvrCqt_|$ukd7Hw9Q^85~L$4uv*K7=AK*F*`o)FU#4QX3OxQ
zLfw`g0GQ-b$6N3Z&X%Q9>gKtN4vF2?(pr#ZO)gbqYKM}7zy?DzcvEb6b1aI@+)P_3
zX}MZH6r9#F!v6(Tg`MS_zT5g>TDMKZf6njubNy61{|TWo&#?YiYipZ5{zp@D+k*f1
zv+|kW^G-VbL1P$K&+L!?J&6$`ryaCZw&tuEW?!y&@;BKu!y328+RlPz7&^=~P@6ho
zg$4|Rm$;N>6m@bn%N1hO&a5~d&+CPJ33QK(geXE0B;PPBGt`QhoX0vU?&=A0kaK;e
z2_20}i)bwB^`Z?aREZDs;EI<Y%ib)xs=-6|3>rSu16`Pp3GD%@;>}Wpb4WJ?3{ZuE
zQzB1mPbWxA$Y~(}EN8RyP@_IT!E=vPpg5I-Y<PY*X^)`C(+P-2jJB}=No`@k2q20b
zj+#0I89;CK5z<Nx+#?y>{LbqR<d(OoY=)BP1mpQ~4oxGybZIyADq)SCmNq7ITW4T6
zqNFEAu|j7M$Sp%jV?XRn7GHN6TzA|HsVzLJyKif)l4t8EcWuq$-Q|k(g)Ja+KeR-+
zi8@(|QhtFtEy0x!seWomG+Vw%SnWY|l4%gMR~YoTb`M>}Zi*28j=;+1hZUd|J7HHi
z^grt~78ZIt3APcqlWfA;bGktHbOLMyz<mMP#yCwVv^QPnQIxb?*4m=oQomhtR8qGE
zK!cO=hD!c$kkf-bE1ahjzP^yl8{h?llOv8D4O+pqxM>j@L5>(2aKli_3s=**95tIo
zmt17g!@>eOC{X7LieDb)TgmQo9(Z%%BL$5lEYIT7ok92mX5MtrB$ye!QL6~&n9|h<
z7yzp_m>;GqZd~z^!~NgoT|InRM%5Hf@%sv!OS!c$U*#McFCmdl(IBk)Fm5s7^Vhkz
znpBf`f;fmaZt#U!h+6(soW<>BH#b?15spXrth8(6Wt4X1vzVOSbRL*(BaR=;Cz{}4
z9&UKq(Sy^id&P@EnThA~%ch;Tht%!rv)8&|j62--{vYw^I=4?1{@)7YbsAd0)#QIo
zZT9#tjSKR>v-Fu?rq{;*10k6m|37C=UtO581&9^muQArtcqT*qIjleEc}i$;NXuKq
zF0artQ`l_h+uQwRXdQ=DI37a%k=u!0#rYkuFL!T5Ic|WqFhp+!x=R%1Q$0U5X5+tb
zfX>?iDuqz|6FEN5HL+XxI6hU*e<jT4sj>jo;y-S6#(!&V*}8E4pN-G_9*ENUKWP+-
zB_JKJfX)mL;8>jJiVbj(ZZ$e?fc~uZv|*823a<^?%{PaE@bXMQM8i7m+e(%F&pUKl
zCV*A;|JKIFRy+T{VE=uVKJ&U0R0@ERqv%^V+qL^xYypf70fKq%QlH6!si!g~GU`OX
z7f|d7q;>A?IZ#SaSII?mqONE1pa4$Tn=ue?u{!#7oo_=adOb>y)PUqEy_hi4W~3rb
znm4rsX(J((vPY+AZi%&?@ka^L9=q;=o34QrpMp$*OZZ6^$K29xpsv`QfU*q8CEFJE
z90uzknH9yr&oH%oX(VkVH63K8sE#1sFA`bJANTv>oxO)|=<C_LZ$N_x8h&YdI?GQF
zDc9BA-`Ur5c%Y~E5R~hni%z3&G_c&R*GHJI7PctqDl|)ZP{1S@uIujWhte9YS&j;B
z#n}KsXht{91jaSAs6X|#0?M7>%U|_u84$RzxQ=d)pg_P3YG~Xq`_JRvS<nM2_l|G7
z+QspqzYnG)fD=PwlQHj<kPxR1Y?+f7>Lw;0!aU2}8Y|0v#8@c!8P8KKk8Y$u1cr~g
z*y0W1IuZ;Pp(Gz>G(*#@i;}<-kYIxpjtb(-mS8~WtcHFRCt$V~%1*#E>EnV}jzX_C
zORh-4f`J+WevJO1(Fh@oN=4B46o(rq0K5leClhHSr8PiZ4b(Md#4jP2dPHY|-=488
zG%|~ALIRlT;zUtyBu8_Lg@<`^<`8Ug5Rx?^Ee?hoF8Tl@EvrF*M8D^@b;6PIf4Pc>
zRg^zR%r7a#!vbQX!u~2jum;?r^Ine>>4sDkXVpMp3v>;o5(koc#(LYw-CN-UFQsbA
znRw>94kvzq)<qXDX-*dCT-rFngAFMy0T{M1gr6<-H-srhpC)7(Z}N-qH`^L1?UHC4
zJ!WL$=40D|VPr0L_W?F#C&(p%;nvz+pEm+BX?5bHu)&~M<-B^_jSQaMm*`EQEER%H
z2O!j6HFjUP@Nz}OH=@!Lj$u~)8MpVqzGv}^Dh{$m)M<CW7zN};1zpf^e{2C|<|EX(
znwmykwejOPc;+Yueblse&>1Ed0mIxw7#?$6PmvSf$mqFJQ8~9k^Noh}zz|^p#$<&o
zE{hHnJ2Wh}w(7!C4yAN1fzBhWlL?g#2~1F-)C%zmsB<UzpreK8+dhWY5v&7gjnzNo
zwXL6lAPd+C5@6||W8t%kdOo0xhxEQazY{{a((xSi<WKfBxIeN&V~hKarOiQ3)lw3y
zd*{6^*6NtjL9+%O{IPb#X_8HvZ0bb@nlf<u7#LYF9Qa({K^H#f?&Bi=IY>BKP?DOr
zI;zNj+FBcJ_8(1c&20<*pU%o>0~Js3Ij5mBTb%Bbnzz|)C48N|hxYXBZPy}9&f@bK
z*<`wu(zT5Nniur>2IBn#9eo23Tre3e#@QO92L~K1zM~!2bsQS#mcg7r1M!|iJq{$~
zprF}SrX#Df_vqoyjspkc2aa^~YZQow(-dD2vcKb+j-xV|nK+i1rhk=|0*F#uG&yDv
z07($7=2}uHIhn@`cVtN6g&lb!#;NA!rA@11x}}v7?P?XDe6&gqLACPQB3dOyaxt28
zrD*MChRk<;_ii%U<jkT~N78xxQ6zjN`R?oL?IhW$TryfR83dYbvXr!u)U&3pq-7FW
z!XGP1bdu#1K00H@sITYXUfzVv7_Avhq<Ml2>LaTO98{8}3*lNf24HChV`N9rB}{I7
zAX*B8(CpTs!J$F2n09yccegbS4G#@t%Ekami+A<(1u@Al1NZE91t#gP@bVZ-MdW1H
zO5)u|2L!yCD~p%RjSE_m%CYXWI<D=~*l578D7&7G5B)BnYy-thK&DHjSVpOpp@VAG
z+I-&RcqW(9HcvaVd?|9_h-vUQ4(yQ^4u^2^#3-Qb=!@^^InWJF?CR+sz&Y}H!K*^J
zaGWIG*mKwk5Z&bS7BU24R4L};Rm6PW%mnab;k=4BnHN-<J3>?P-AcjR4VF~K)0SPX
zpdg0~gF-qTcqHhu2yt66Y!-QSqGE7m@vt4nFv)b-iA%t`Vk3K&VF9`lbmo;S6(w|m
zl?0OGC`t3nmL_z9l?GzsEDiZSMmE$H!HI!uV$~^g0dzxCexmFkZlx<vj{}VNGmPhZ
z%&`eIrI!91`s2HM4v9VCfL1{Sa=K;Iu~Z13)ogML9n{tXttkT%RnrM$qYZ02==C&d
zM+~`T@a)h=4WBoi)xzeeG&1U-Nqqn=CT0;tw{}w6s<wuv*<i44ftjqi7!GH+fajQ|
zl5f{hgAA8#;K=roDzd3WI+xYOQK$_m(q&}@l*wZ>&pi`Hrc4%WV_!0@C$ce0c}HDN
z0G`ecq;t)MpSw?m`(I?r$j(b0)$V`Itv36=rY$6K;r@3vKDPTG%(-PQU-b&eFMNz&
zCxz7;-_Y!Cd_xs)d_$FPd_%Lj@eT3QZ>ZvpZwSx0p$a!XUfYoCjnB$eZhRuye&Z7v
zE;l}rr`-5Ns(j-UiEcMO6~J~0Q!;J$L6Poy9~8N6_d$`V-UnT;d@f^VUHOLOE8mdg
z$~ROphtw+{q}Z=~kY>B`L6UmqgA~^*-w@%<hU6<BCOEEq?pHl}#P^Us_Z{x*CVzwE
z@b;VSMlJ##i31IrNZE#<pQcLM-T^bzP(N62-45%A>xUacgYAQZ(*1CFc({F-lpgYV
zy=5`*E29GgyEM)Qi9B%%9)-)9Wpm(iNs%-R4yMxS;o*i^R!`Q2Ywf^!sFiDercn_*
z%{%C6&!EhMxi%gvs@D4QcUkGu(6dK7)H|ScA0;;nnY*N{oP3ig11YGZqsWkS&&cIx
zD%~_B&~nw_)^pauFCnx7_iG3TDu;TS>z>(>3ub>$Z=Y6gXg!CtfbFgl)Vg{#texb$
z;8Yn~mwO0XGYj)@hUdXvt91Vp6{^=p+LcNdM<-TQN@nknYwqlD3_0(Mwg#5DMq1TO
zV}WQl97v9<TbVYXSPtB_+q=Ls#GDvem=nC;+2+E5t88tQ-m-qVUP!G=T1rp5T+wLi
zpZx{x41Zkif0PrO$2zLU|JvGQfBz$?3-`aX@nQErI_K0~N{diUZfet-w#6D-Vr|VX
zs>!|$TK|k$)H4mHmNrHT3Gh-OX+Z?0FyP0Ckxih73l5RM5FW_2=&7L3;zirFXvr)@
zQL!aT;G^U+5N(SzsWp`n&N@IRw_*i$?BHr!cg3$y>&X&oB$e+=uAot$m<qJ5TI+C8
zY94_*@&>Il2Odp|%-KaThh0eKG8s@T!2nwZ#30ER2u#6eV?yl+p(B7)XrfTvGpYTc
zH-=jGglLyAIElE8?dv_*tsoR~+6`P`8t&ExsOnLbY`Cua_IDpX(A~#w>CV#5mst5W
zP40dc!G{I}qxK7;3kWPypL7JdfS~Y?DS@?v7Pjy3{=Js|S$JbWXoztEJRl)JK_7qL
z;Rz8!7$RdQeEeBQq@OVIe=;XhS^7V3(!W{I|K>J3{cqdax<LQW#z&$5Li*Rrq<<}N
z1T=%_&n14=8KD2k*bt!ugd`6U@cAP95>iSg&n&ICs+%8Dui#@}Pm|aSlvQZF%&*H0
znIml<s!rR7s?+wN1=@ZFK4s~DsW5K}fN12|)>fAOH?}l7=zrsa{r6e<Y*>#Bq&e>M
z;q!7>7)9g?#+Wv|gR6;WCY21P@&|9qdU8Cc`3DL!7;iAAQSv#HD_Im0NM0lo@na=Z
z<3@5E2)e*czQ;)`+HV$FH(RNoB-4H~_ZhsArQYmgc2&-@ZB4T%4Go7M;C9TJ52bEq
zBeIc$Y3tD?oi!x1<3P>9&12Sr^oz{S@dQ|>^6`QURBJNmC{pz%i+jFRpt#k~hnS-}
zl$+8DrL5Kf7H18pfR11JC^z`|kXY>kRsT^4%p2m75czvN<OTpozEl+P77up}><jvF
zY|iz%T=<-wj|=?=eUN#rqYC|pkB$DfwrpwfXl?V_iZY)+bNXLq{z0#G-s+h9{I@lM
z|CfdNKl7go^Uq(sPrHsP@xNQzw%X@^%a-OX3;f^N_&ocKXP@+3aLt~cJ)WAH8qYrR
zKhLw@Uvadjvon6UuNUq{B*WubvG0J9&DCDu@no{aLf_uq+R+<s)RsQ(sr7h0OFT^;
zPa<jN5BBdF0IWUTotjC2)VhB8HBSxv`{nSy!(_zg_F0w87m6NF&0+GrC8e85^8GgQ
zJv~*-L;BO?``VES_+GmRz86RX$@h!l`xyNmLKyn}YWSYYfK#$sXmdW5Nx}C=$@jmW
zEa~KX-2w9b_DMsZBHzD4z7y^&W03E^hO!yLPkB6xRzP}@uw3LjEZ7x=fxb@ieW%B>
zY{i)LeMI^WVUwU!svnW2?c29$`}C=_UMz+WgIA713Z(~$?2N}l`;4E}Ft!>Q<Sk9x
zw`>VFN1CL8s+c*;56mt7_KRzA&T1}t%t~{E%iZhoY<q@`&C9K{k=J`X5B;UbbMZH=
zw2g1|c+MyD_TU$!{#*p>MGmH|CnGSR;!_o179Xj;2%r<gqjfO}3XEGamj+JQ%qNn%
z7Pc?qQ!eP<j!>V@f=g-FkyQrwgw9+xWl+Z_*>aP3ip6Xnx~|D*&D;OrSsRadF8IP)
zPu+h$=2^66xu<UE%_OHr%-aF)bspGx*I)5Ny6*8)<HTC~GWcVXyAAy6>>JRMrNSi5
zgKg<q?D2Wd_pJ3?;<?<j!4vR=J<Xo2o*ka6J>8ybJiVR)&kdfNJW0>EC*vu2raZTL
zUg){qbEoI!p4WKZ;CYMZ?VkHQ_j}&&dC2n-&nG?q<oUeki=MA~zU6t+^OWZ&o~J#(
z^!$zxvZXaEYu40UQgcO3ea+^Y=9+CayK1^?4%GD3+)#6K%~(ygrc`rl&0o~qS@X)8
zH`Lryb6?Hh*L=9<lQo~Kd7|cDYra?W<C_1j`E6}o?TXs9wU^aiSsSh0R@+g#zjmN@
zxOS}ec<qVW+iG80`?}hDYu{V@VC^SsKVSRR+9zv&Qu|Dur*3)OMRn`z!gbr~I_rAt
zZmb)vE7U!&?vA><>h7((zwY6>&(wXn?#a5J*8OJDl0|D4X^X;(b}ZVr=*XhvqT`F6
zx9BB{-mvIhiymC`=%Oz#`re|a7yV)J%EjvzZ(bZ*+_U)T;<3e3i*H|i*W!09{@~(I
zFaGM{rxyQm$&w`(EooS?b;-UZH!L}}<d!8bS@NbO4=nk_k|&n@V97H}moB|z>E@;F
zOM90lmKK-ZzV!7=-@EkVOTV=AsinVOwtU$Y%bJ(%S$5;H?6MavyKC9Imwjy6mzMo-
z+3&m;c<a3}Z?8Ayo$<cR`*!cc-Y<Bc^8U`Z%Gcm)_YL@t`CjOIo$r3%r+we{{bKp@
z<^JW{mtVWwSpI_LuUr1U<)2;tz2(1Iv3kX(6`d=FR+Lt}bj3SYd}77FuK2~ul`F4Y
zdG*R0R~A>kbme_3Keh6^D}R07n)4#(^_-VF@A>E5ecprTed)ZPo$o!r{``*fZ#w_P
z`FEZFf%Cs`{!cIPUU20Fofjl7c-{qfU-01zzJ9?otJbV)TGhKMv+5<Q-o5H`tA4b4
z>FO(2cdt&ZzHRl}R)1>s57yMJ*|4T_O>)g&ta<yIPp^4u?UJ<(YkSrnTYKl)zgzqG
z+NUpEePQc`*IhV$;oTR0^ui}Es=MgQi+V0fU-Ytz-ha{8F8b|rE_+VLbM)uD_&N7K
z=S$D|)y2=f`09)Gi|@Gjfs4O-@oz8DF6q8x;*wWf^3WyUxpdK`n=ZZf(y2?|eCekz
z{poYpK6l4+lh3{5x$l4OH`mp!+qAB4-7V|hw(hZY&s=u-WqU8nU-tUTK6TkoFTd#W
zt1mxx`KvGg*yTUIV$Bu1t}w26^%Wn#;y<(twGJ(<y-s^ndwTu4_50SB*59-K@%6v+
zH~5eEU*vzl|D6rK4cj)1Zg};EM>agY@rsQHH{QDOJsZDS@2%ffKVJXZ`p?w=>dJ;I
zufOuIu6*dqA2nRu(9>|D;XMuC4y+7Z6*wNaH}I9<lHj)BMDR_)FK(*c)V67S)7_iC
zu(@{gmd(cIH*J0*v^caqlnvb*`g(XpxFb9neoy#&k&7Y+A}@+O6!}?nWAw)8E25u?
z{-Lq0G2Qs~#&0#PZn~!FMNJPk{de=G=4A8T&0lF**|MkQ`7Ix6`FZQ+R=xGjt>0){
z({`}!ui74I``;~Fw-mPAzvahUH*URo>l?RzecRe?hqt|C+h?~g-oAVL^S6Iw`)^`f
zV#V0|WB;`yykla=yLbF(XTwf?=i7Jwpxxh|XuqfZ$z9s6n|Hl+*OOPRzbbLny;ptz
z>J3+?u71bWKkNv09P4;*$Io^*?k?>9;O<{_#yU@Sexj?cYj4*bU5|IK?mp7}hVJj~
z@$VVi^PW9V?`_+A%id4yTfA@ozE|w~de3D&$)5Xqp1x-5H7BombpML|{rlgr|N93v
z9Vi@l_+ah9YYx8Z;I|LeAIctjsMpim)BCF4?;LJ8eEje~Uc2Pl!`I$@?Z5Xm_1)U{
znf^8X@&0%B|8ijWz{>`{btG`4bmWoi&cANxy8EvC)%9K1zw-Jgk4BH4Jo@<?F1^9H
z;X^krz45vm-*MwJgWZF#8GLG}ZRqx)uMIa0PY-|Yrb};1-}KS=`SC>j12-?e`TCpR
zee>@Vy@`7h&y4hpym92|WM}fV$)BXIPQ5zyW4&E}rT)Xw_R&|4{%EXy>{Vkw9=~e*
zuJNB5oyHrCpC8+I>@CNBHPJiq&WUH!*QX!IEX&-S`EYi1b|U*|?(*Dp?uq>7{O$QC
zkH?O`=J?Zv{e^d!HRiDSq2gM?Og&Z#l>V~xy~$mZcTfI$>bj{9Os|^GPCquYY39W<
zKRmJL#NXbs=$7OykKDTc))(ITy^|d$?|EL$^G2Tc$n!Tm|F-8p^@6=Gc-ISkFPwPc
zzr3jNMX!9(|NO=EfAR2bm)-V)+kWtud;ju1x1V==;r6fp)sDY<%U>`0YvZpUe{su;
zU;pAi+>yHDpYLqE^R7F8|B~cO{`qg3{^oUm^XyAUU;6mVw!G}kFJJQV?90FQimP7n
zu2-&l<%w7R;8h1-_28?uSKsmK|9MUPHJ`hy^{%(P*7w@dYoC1Gf!BTL^&4OR^4I_V
z4dZY4>fO8Ve&CJk-uU7-{_0JsH+|{NSHJoGw_Ns?JKyr#w;FH##yxxQdGOvV@4f47
zOWrp5wts*7b#MR7-){Tc``&TsJMMhP|GqQ(&L`j1_pV3p+j`%9?_T%rm%XR<J*D^j
z_`O5#{o>zs{oRM|58r>!0~bAT=leYGE4}YO{{H5_|JwWazyFaBZ2Q3d|4{!AZ~Wkz
z58m-$&4V)!KK;=6Lr;F_h7UdQ;cGtp$iq7x{@_1G{_&k3S^tr{KYHOuU-mKI$8P)B
zvmZb4@n=4f|HMx}IrhmPJQ9E8Tc0}msjobG?W2!>djF?C`%ioR=~JKS_{_&Y+y2>)
zd@lC65C8MFe}3rmTR#8bV{MOp@L$^g<%5rJdHlgIZ2iKAzPSC14?nT<iI08hsxN)=
z%Uxgor?2#U<?~-X^wlT6cI0c{`1;V-pZrGZ8$bHj^uPZ6o0H%C-M3!w?Zw}|<2x68
z=dSOr`|iE}7W}sdp4{@}N59wgy~n=a|NU?MAo+uz{6F*m{r;)j{(a@Y-}S>Qet6%H
znt$|>AMg3`7yo1MKc4zY{wKft>Fxiy>ObH3v%t^(;lHl_ug9J~`t(yjFZ}%3|9;6Y
zF8Ref|EKkT9(m^QGvEDX=9j<w)g8aS<k#=|&9>is=C{}X_J_Zl`u)=1zwUp7|NHPC
z_W$AA&t{%|_StWFIz7vlELpl_@iKBUdA-YgE7q=Dv3&W8OIEKrf9++LUUB(lm#$l<
zZHzQ%{?LYX>jGPYp~j}x*48T;wzqF<-Wh3WZ3ZMYUaxn>@)Z}aTzPRbA(qW^{yh5$
z&#GmfK2Nr;#_y?JRa3XB=GjL*>j+P?816yhv&2)kXz|jTWwj)??E+6tU0q%6;@ZV^
zi|UX8s;yh(S-fh=`li(#OV{|XO{{(4hUVSJ?-_Z;-(Pr9-xDo`Pm*Gn)_Ce_6r{A+
z5|X!Jm8Z70W>IZzot(L9(dzY09oH^i(|r7%XTRxLQCCBnShvb^mFJ%4{o)-DT)*Y1
z&(HjS_PztIiLC2;l2C&{Xo`w3M0)Q%2!t+DLX)BpLVzfckOTn*4NVjk0ck2C2(F-r
zps3gZ5wW14V4=9kVs}>r3$BH4CJ6|*tB?Ec=kxx)&$}C$%-nO%y?4%>Ip^No^KUyW
z9pfkbK;gwP+>_q3=aOeTZy(uB<0YZN&7`@#+dK?;b35m~8r+e0EQmmpZgtLDr+ZCD
zWyvPbk-g5xlfbo(mvcuLC)W)j_M7T2zN}iaE$!K!Astpv=5<G_i%F2Be0U*l^r2GJ
znXb74t}=;{5@(0jWftBK+pM0d^his8@u(yZ`E*t(VUfG+yYhxVbGxYxiy|K{E!x$!
znjUyDsmiyuRn{+eMazj_{I=~2slU8agg>wDRJuYjugt8$s^@0gD@9eDGSd(HJ$}-<
z)~#=F>+9<Jz2Y^qbRQjik0*m$-9H8qx4n@najV;-e(XZovXBsDZd$dr`R2`U9-cU7
zmFJ(xyP8383b}TE)!0EnhQdL$%X)zS@kPYm!IG|?#=vsDD`LG-Z4a#Tb8V6@9yq2O
z*w7=LSw!#6?d83Q>G7j9r(j$K9_@O!f8X<{z|j8gdGw{2+hZ$YNnN<wIA!zj%;)L9
zG$__|Tum~%R%w$`BY%G^;Z+%K<2#e<_i|o}KM4y9RrZe(N?Nd_;hu<~%%d|NOYisZ
zwJW%NOW@^hP*V$$UebtMcR`nWbK|l>b>k}ZCb7PE(SY0btz#c#^+%VT>Nq_nSbuX4
zE^yR%uFKxV>koMq;#4o1myB6<<E!@m^3rg_^S!Qp&6k%Yn#`809?mu0^Tf<w!f0*7
z?&W#XpXj7H&f5tmH(Yva()z2x0&$JXxOmT!5oe)_GF1!7_giWgJw2tNsdv-uv7gAj
zgKwUlCL74cMr$W^^?2?ciLw7P^Lp@2pRvc@XH7?C%&SVveS20I-b?HX(iS$#KP4l-
zzE^ryxvA;3M<#L?j1z9Y70SEqtD>vQI@A<eQj+|K+e<r(S>;W!>PxJ4F1#LF>zi}g
z`o)g@^%SQ!%lxaNoWu_v7C&nGsJP+sb;P2ZwdKH$XPfZCg)+X*5+@9m^?Ggdj@=-n
zrIlGIE+oFG-rAz>5>5^Bef^X;sF#+y`L`0j6)#$@l(+le4K%$Rk*-M8l*!+>Fy_6F
zw-Nc)v)HVR-K#wX+&^4GSest@*zigHxR8bxO7KeEiItl_Hm~s3)a`P=gBAp3B+fkq
zMHXeAt{+>&_mU(&4$S4VaxU`ok<24)d+t{I`?Az%*P0FUm({5sKDuz$$=yydsA437
z-=gG$M|*Q1PHyj}$62=V2U!I-OnQmV52a*Ag#1sNANLzH)?%mzwp6JTPHsv@^GENh
zq`KcbNVr$fwe+%HPmuGbEhE)K`En(_gWJyPoS`KuS;R;mK3lEcRY(w(<4di%9dR-%
zIJ&QS(7EWb=Y3^)hb^qWnBv6SN{u~>Sy}Co<3Pf_lJvQ+l_ZwDJ7k%yBO0n4b>de8
zr>gq;fD2De#{rjY@$(d|OHT!DFs6-i2ez>G92Bg$b8|MWpfA?-Y+fOuM%<zH;@bm@
zpQkq+JNrzt%C*YGadFa`51I3u%S*00kD_lYIeMRSKX`2Ja`E$<o)GxVC9XeTVU*HY
zbN!6NYNGQU1+%=@yx~bH8BxiLs5@%9Yn2>I^4qs8$WTzOT2h}a_$&3!%l1hBMQ;5X
zw*o?zEk-9Es&T$mot;ulG<nhZOP^9-o7Q7NH%DnyCb>1`ea?uQbFFDv`;z@jZ<g51
z3MV_RQP69<oZ_IiXl~>C&U>EH0_pB6#^Ov14(}v29T$7rWUl?^iea@~e08UU=euM+
zxKD1i4hiZu`R(IEfl;H#l7wqkm31HH7PYi?Y7urv_3@s({O95|#m}v;bstr@SylE{
zFS_B;o<mFSc<hVXZPj%`Puk|3fTgwOzQguF&%VI>$IW^^#QBdB>M<TK2<axg3+tC}
z=KWpN=(l)`<}th89n?zI*V?0ztDZ_fl53ZIB8u)gj+=cSm$KbSHO6U_?q2E^)4rk~
zW!l(I%Y1PnRo%4lwxgTuyHZW!L8Uv7v?MUOhdsJ7B+K6Rns;_JjsrJNyy~}Hg<B99
z#`@zV?qZ+ay=NAtTBc7U73+?-et5g*px;o1kE4IM)6Oey{YN#tPyV)Fh;me-(UfQF
z??<Iu&jjR4HD6&FT`b?bFed9x_4-GH<a^x@YkRtWvyLa;$TeF}Pw1OhefZZybJpAq
zyOVcH%R`MIqdeC<U*b-TcfgJ|eaT_zXHm<C(pqL0<`opUd7$VHkqqA*=zF8XzDW)F
zIHh30&{HQCFWlOzto+{FYraEAuh(*+Io^xK#7C<HpP(03Em5v*@;$IEb5Z7omxG3~
z+K%MB^*6*BEIy!Sl|ss%-b*8el&%xrDtY+;q12(l;7<k7)uVlP&vf~hG5_@T-qI$e
zc|5u5^3}PI0&HJ-UXog{H<ge>h?}e2bZ^Hy?5;!U?(aAL;&XjRNa%VQCNqCEpKJH_
zUl%^@_Z-^W=9DfKJ`T*gWs_^~>YM@m_U@o}H^N<^A^li|dWsI^{#xPKk-AjiM8uP=
z_wG_$O%*H7b#^&e5iWfwFOIoX{!qiHU-l-Ss<ZN0Nwd>O(zSt{oW?f?Qlnx{ZBEb~
zGV0Yhu~qxZr6*1N{1&-Ml`B0~c-gEX9of!2*-I9?p?~9Sd7tn`=@<UphfA=2ggt%9
zl%72=<Ifn4x*Tl6NLI~#wfB6s$eNLebLV$<y^A3mnwH<{xqgVBvFowWV%^wz$$IX+
zTlJQGNK_WQ#9#bI?&CrGO9K97?^ZGnc8h!2$6V{%=6%dbv-0W6yn7E5J{eV=X|Zv?
zaLpOBEj#;6W&UodLv0a?PFY8JQC%Kw7bSU}k6o@@T%SPe3XrX6mzUM<zfsV%QBL0K
zAl|a9FVXu{iD9K=5^kUL!UI?1Oy!7vBCBdrJqrr<4eaUeeNd88AKy(*a@i9~(akG+
z=5yKEt(Wn!vQ>2ByygDQVsxP7sSRr!kQ#c`;2>owv$w3Jq&#_P&Ddj0Qj`Dl^sTdH
zucTW_H5>1m?dhs8EPn8b*?^;|;e*PPXG3WfwSV?B({l4kQbwYgzIPTQE~#bTqZ6K7
zTl*oi@s;u7&CH0BlA_bCiEFo7UD=WMsN3s?a%xVu--kuwrGa^v7lCoQ+ip3yCM8$7
zt}uDDPJdya_sSbfXq{&>pZ4Y}xSm;&EUdOw%F*jwM^BdiH~?8droX_H?C(F&-Y@Jj
zqVo{htE{+i93a-2URbpzd+6T$hB<v`*E`aU?>$=|tgzjRn+2M0j^#-{x?1W<&oUv?
zi@1uyS9(#c3-ur9<&`ax>UR6IUvzoJ)<5<W{kLo$*}vz;;*J~LT_?l5o%7XhB{o(O
z_6ABkX1MN4b<S5;6}dQH+2ZC3gDQg7<tr~8{FM*vDC(_2u#SqJQS*9awSB=w5&BWN
zzMB^uEOvP9@0`1v*CDChV6Pm*Ip0G(eEja;&&&PT@|E?UDVrSsXEMIA{sa9tGyj*d
zp7GE9-#?@{IN6&R6IlQYcng1pI=Bh|)(Qx$i;j+tjg3uAOhlnrvu34=i?5fI+%SLs
zCM<TVqGFDkTAqPHp`qb+bMs;wn-V*_GH2%sPtSec-c^Bt)kNZ<(9pWb$fGea$C=C%
zYu21jO-<drdGoey+jj2U$zq+|u;E-qMMZUW^^qe-PM<!Vme!P+*^--kF)!~@adCTT
z>9vZA&g$y!y1Lu-^><I7?r&*nxpL)7W8<$~U0r>Bea+1SSFb+k=y=rC^`yW5kD;NV
zfq@s#pFbZO8hQTw^((l%`}FD4e|v1dyQnCR#X&*xxWJ#{fR4{toEP-TMtqDjh5in=
zN&y|vN5Nta01SLwH$h_p)%BJeiyQOd&;o!2AkD-1z`x?bKp*&66yVI)oA64oKP)cY
zgv@N{`=%P-M3^4n*5wbsA2)Ff%XEhV<}uSb00wRYR4kwiUJxBzYRAQa!Uw*Il@O0{
zZi#fobL&a~UR*v_(Dw)gB;#(wB?ag^NKQ=$z!vr*Q!s805DD>v+XvTkggzjGLw5%$
z&i)v@=d@dz+iqLvyQ?v$-2#9lAdUFk?y2Qfvn>z>@v~@<0%D-Q_Zf}=Ob^Rgex7qp
z{vCUX0)W>E0r;7)5*P<I3dlItmNumdNT>z2)s~&lz$|nwcC6cTVUws+o{Idiee!(U
zwbHfL6&cCmHfh;+Kps-FEGTLzK(k`C?=WHvO42|UZ=oQLCK++QQ50)qDLLFh$BNF?
zA}~9wyzv>5TC`#5keA5zou;w(`l|E+G&WGRM2AMQM~E-sZM7>(wFXLp&p&NHRT#PS
zoXJYQ2o@^JS}5+q9}DKQ@OC){0-qYhB+51%GFzGZ`at36V2KdZ>U8yq@Qn310WUuP
zJsH+D^TpSFI@RzdvIG$tTx~VVdI-#wego=yI3jY<ril-(elS{o*4&sso@jzizjytL
z8J}4PY9tL)Fh2fzL1R;+WKq-VYqCYFf?hv+r`9T*e5w(XBNgVTeQaMsvdZw=<!+J!
zLwKe!FD=>1EKf?t_x2?v08kU);XztZZutSy8VYGE-v}CPqt5^2V9OGSULTNbD^s)}
zx=E~afT}yo>pZXUE6K*Jap5|v)yer6JNWVGjvYecJuQHU%Pn`*Hh24tsk2O7IsyRE
z4L<Ie%bHeXA%#IDgeV_xXA`hRtfH8TJJHxN%Vq9eOr~1Tt?j!?3?D6DALhL;TafRn
zVz?c?BD*mw65H@7adV~=fK;u>&+$n02}N$mN0QISY+tp%Ls;<+sA8w6Vb>g2^2`3G
z`>P4eRD`np_=A2cB@9i{S}83!MNrxCO)|gi=?ncBE%!!XBfm~CViwYAhZ-aV_}#-M
zKDgNm7tf*`;QyH2$e7o&y>z2ij=PnBZi3Evt8!Td9wCwEMP(&}S&Dap)lF7rV}wlJ
zVwdA^V2<DcJNxtewqk|Z7_nfVeQWN&$yZK@lP?93W^Y=R3an-F@ca@Qr7WbdOEz-*
zS{sE*3}4`>Y$4<yg3`g`_Qt#HPUp|I5}I}Nz{o-L1<dH0xKBI%qHq+N2L^2=1031i
zIv0DDcyBx4En_>pC(}UvWEn7zS)4uVKJMyrKtsdJMnK*y`+m3$vZ$gH$<qkwU_|zw
zb*e+-{l0(@4Mbs71rcep7O1dxMH%XrQmt{4fB~Lg+kgi(xMRbfb3FccmZu0^zH=9W
z3QhDy&I%pCANe?M*-a$QjYk>ph*VPWT?o|v_Q&bbdpCJdhQ$&6s<XPl=zU^M=a+4K
zlLuV3Je)EAdWn733Y*(?s=vPRroKozQ~Xu|ahx|HF9@#(g28K^#U_QnCkq3H?=ahW
zQmzZX8?fR1_{Val>uHHbq(&_g?0CTvkZcom=1u8V7*57)F6B{nY(l%%(w`%f5jMdr
z(SfbrTMrC~Iu0Nj1X@sMu+4{@ty0VTf&(PWlKF&#o7eL+InTr2YGtKb<y6!v6stK4
zj^9#Do3j?9V(jjmvqEP!O-xu@P$&2on?@sS5x`?>R@SVPJKHJU9UCa$J}ybtH@+m8
zjzn|`M>G~>j0N*bxbGg{;XCj5?kER=A{M%$=x{1eCDT?vz^yVhN3MlzvOvQsG;2fZ
za71-je2Qy3&nVC@lg5vt4envKvKH!9sA!rZdap{Uf7Ead%jNmC(^+4;b~qah^bi?E
z{<hQQ-rjhryLqSs4-hDpmAv@UUnL9$Eyds2E*6MMUX~)6d@-pLYXDjctmRb~O@qdx
z6fsM1Fm-L+VUHWArMjK=V)yUcAr1tziArADCF&(6zW})LwnSQPr)oRa($T7D_2Kbd
z{Lxv_JM%&l#Y3HnUtTo8)BS9nhZm<0uZ%#DyUrJF+gW49M1-vL#++5Gx!-<dxnvXz
zvD+_Os%<n#&@tR*4{we{Bm)d=0&G`?$ku$g8T-jUPn~iY;L{ig*kDuOx=!L`TKxn0
zXUtOTc|gYwg8_@d&L^iw47@Au)@`JciUH|HO~zUgV<nsGkKW7%22`~JZKWJVK8dr|
z7zqhj43t}4^{Z!T4tZ}25D+}J0V8cP%Mux{=G%h40o1nH%}4idZX+d2R<Mw+6{^pM
znfkexop|w#{X~J4$E4;yK7jMk2oM92`OzC=w+jPW63ELNYM&<x+)cjyboQ-t<JU4Q
z!t68x1QRUQq7?+BZ<MW5dT)ss0zHk|o>?y)_Pu1&qHb8#WVNa^S-^GxX^2G%`5gB-
z4FY6am0KumHo}IlOjUJEH9)-{vz%DLudUf8lCpEI*)als?1ATtd$-Ogy~#=t99g!6
zk99Te1Hf~6?*_-342%-;m66wlC#g9Fg(+tBo+b5FI-`04H2Zj~8p$TSW#et<^wKg>
zk88I;rS7aZ4i3>#ZK8ua)#ghIVl6RETj`a~8$DbQ3$oR1JEWTOq*VnhI;^+Rvr%%P
zk_9zpg}lPet)d-ctde3qo9M<S(dsLn>Nn|oGanODA}~wep7$|aG>q3h^=`bKmUX1~
zk;@~q-gnmy%*z)(yzvqL;YhxB^2z+XHX*4)Pg^JjR|Lbd`>YlH_-$%}4RBVPvAcjx
zV3Bo!;7D22b{3EE9Rus7wWPbD)re6%xG~%cpIqFCLdqjDH#QOq1>|>#ytF=zHInV~
zKSodl8{;bDcdPXPOJ&Dcgx^Ui$A`R8+od9aJI_>25<sOxS&IcR_GwY&&RuiLl5NU*
zNv#Tp2zO_1(B^G^+Q91dJj%!_LDB*j-fcA0f1EEE{Cm#a4~=}YL^=<N9hO@@=ZNxw
zqi&~Ol<QDFf=z;g%|a#^y_+BBcnB2%{K3Pa>uGxj#>;i0#n+0>_gddgA5Sje4}L%I
zL?a6sv12doWd+XGV}SSEZ2xY)o|VHV)2{FW)}lI(vuEGoHGhTN=N;F=k^<AzJB;Gn
zV(?L$ic5i`J_Bb9`!y=8=08~=yK*a~s(e=crdru+SKGCk^>P(>mx9SA)&%$CpPb{1
zS~gd#2x9DV$@0+AJ=SLCG=j)gc*#STvw8E&A0aU}+OsyEc=|#%BUP}kQz<T|karbL
zY~{S6?zCuzwe)Q7gZ8=2Lt>3QKG~_GSU*0Q2!Itc%2IxIrA>av!?R(fPtxKQ51dci
zZ7Y$+dWT~OfESnW%G^M8`lh8RXB$=v417oyh-%&(uA9ND!&+^wP;g~#=s2DSmm`<R
zYEkNVcy>XGbP4I)qI!8Z9<{*%o;t@U#hMKPH5xou`xm^}U*R`fjB1+fQB6lRug6$e
z1+Bi}M=~%&3^3<-7!i|!;<r}scvvEi`h5~WdW_hRPqJkkCg*&t)qNxRLgv1=A&3Db
z6u&G#*|>m=?3*oS0IU>3&|?SJj=UsZ^A^(`Fhh%*izATebc`P8`W(e_<`3D07wcEl
zM`SO1qiaJ~#x#Y-f!@)M62Nto7*R3`r@Kz5GvZC1kGX)=Db%7rBpiq80J$+HO3cl_
zVNT2j%xy_*h=FV{ueaKm$8!&c01crtfLbEYW15Z3YDsOlFMWMJ&uUR3pb?Jo8S(yY
zFvIi#?zLA?EJ?fZHfwO4B&R`2LDsFr=m*a8$tY+@-&rYZ`g(rgg#|XCnoym~@a>FL
zUXM-p7nPIDG}gxm)dKX2G{R#Ow64vIW0+s0U6Jkqls0J%B#)$`{{T|vx&qJd$CJn}
zz0gE)Ulp-U;q&_(c_Q|0bgK*?TW^W41D1&K%&P^?CIcd1vh9FxL4)qw49rD7F*#Zq
zzr0U^xbcvQCs}OE%{GuMpKM5TCT;L<@07rX$tk<1qD|b9ep!ULtOz^V%zQjD%tfLZ
zi!U{a$e+W@Cs~rGkBiUYe_)Vt!4R)vR{v5(tQ4V!K^^qPblx;vzt@$IMwYBY9e0$y
z7O~n*Wy`wqtV83B<n|FsjShsUyIe%4!N5?GK#ZM)HOj#@<AsMO$}fZWiRro{3(RPW
zqlKIFi~}P&&5qr46BJXE5JSFm*w{Rj|2SEfX<*^@ShKef2)P-MWWyswF<(?y;9)2G
zo2P2(Ma)YA7A23G+lcVi-R|9lP%+6e0Ub_BkXQ-pf-ah41{jMDGg8H@@dHLicr9TB
zU3Az*y%bo%y9J$t5@}4Jh{X<d0tK(b_tO`gdb|k1bPzwRyI&cpHH=itMl4E6*i|WO
zV2xNRCN+nq5^s&rz(}2XV=gQ&`M@Se&?76cZKJ_$3zwq8Ges)Nm(+$XVytv_JUEeZ
z$iz&nTLL|fq3lQI@gVeX{KnGc+py|*CeC`R$X+ec`iyxS;^c0nMaD+QT~N(G>?>M_
ztZ7I;(z#wjZTC%|MZZ24_s!UiYC`GXkKb}JeP@?MSryr)wu~<sC4V^?9~&U6BrOt5
z6h<Il@Pr3q9efQFd&0F-k^z}ue-VVHtiNgwqg-tiDXFu0Xgk(&hi*a|BdJv@g2%qN
z0Hxu+Or+EeU`hxM01~AL^-`4fnD{o6y|X=j5$ufoWI~pA2fBT&FBMtYScQteLMgBR
zg+~`9Y`aKNM}74QjL<8D+Wuez3^H$ar9_VH8J<cyF?eMtGU%2VVqc|JC(6hQb=r6i
zPG?^M|DRQ*=x_uAF#p#h;h*IPmA{$)BM~D>v5_!zvsNVSe=6f!`@ao!^=8ih=@{z#
zod5d~#X^w{N6p3YgOfU8VXWxSc;K;-ObRVBK_y-TOi=v{I2sSCfeDj{+?-^3@OEGo
z)z9C_@oY>c73>5Pti~iiPC8p|5<U)E5Gj&Ej%H4R22J3<a0PNCDOy^<Df=wZ7BDWV
zC0fveNnu8kEthcEQpj`*ZO$3!5@+8we55$hBt`@^E@%a$=$vaRs^(}xMayYD4y6W7
zG%|=3qOw{QTmyA`Vk<R_YhxElh7WBLoI+KwtFfwDtB8@YFtXHYh+ER%F;n3%($)qc
z7Hj~aFluBdnGV7`51|XIAT@*s8R7wP5QIU@|5j-HgiyG0!q;jhOsyFoH0^e3%;>8s
zr}-AzlLLpg(B_P@MF=%C0Uk+8G`wLD2Cl+k;a{<1+0Dm6EdnW_>_2R2IIJEPWKdQ^
z2l`luPVFnC2^`XdNmBi3q`0q;uI7-go+O<{IgKnNmdS)M2RVeK2r_BqBo&@(?Z}Ys
z3sR#YMI^1nVW-_Y^9el+BStdF<`8=eZO)iLL&Vm||Mrvo&&uDe|8Ns;{wp%RW&icQ
z$p2xaqxW<F_YWx+^0sbxFF$uXkev$E-P^{+2@hg5wY7cq@!Hz9Ubf&;N3SI=pstn<
z=*gs0NK9>QJ6CukGl-qCBO^{<i%JjI_9AG<!;ExcO75X1gH5It$_#}cn`!o&YrcKS
zktAvq8Qwk4O=}@PX~!o_(1Z=LAd%s88PEYGDjZHB3j+YoT(HD~+OQ1Wzvc{`M>~bF
zx2VI3Jm5^8?7iy|FxV_HoU8#_Ky9W*hg(`G;y_NWUoOxbWTh!^3J?{nryaq^ju7PO
zX7A-|O|ZkNg3!xJn@fj=(`1E^q1P89mP8^m7-6xIkqJ{a#8bIjt{LoHBw7|Bbasn5
zf9&bhC~$HYJ&6c|pi$!(WcFLbf(S;?$zeDwoNRpx<O$YtG9w80Wx&qlVWCa5M8jE3
z;JxDvcqk?ra1-i&CWKEgU;-_0dV@aiQ<?zNH3T(3Gn%3Y9D73JAnd{_fwi2Dx(l<P
zV6HuRE2rDi|Mo-i|55oH`yWZA(*7;;|1JBk126W^*#B$vbN&Cvl<DRe1i1#8i*pUD
z0oy8kVT~t@G0oDBofZksi3C-LtSC&Q0mi~<E<zIEBo?GtI=opeVZyx7ATmXEk|GLZ
zx^*=`eOL(~s|6WQG<*tFNTehxKt@8FT@&*B;Vb`d_*?(m%HKTy+*iZDBja264@O_+
z|1{S98UO!~^2PJ72y&+buw1`~M5V5zkQrF?1Y#?6UJH7>>C*sYr&orYB__;x62u;g
z{3pn`Ai^9#SH&+a$}|Hs-S&i7;;E2ZLy3mH8^|75noW2Tig3eJ;$ht6Xi6k^<^T?%
zb=mmq?8A6a9sbI(CU)^O$Qglb)I{vA3rU6@JB|^gTe4ee!3^cFjtAGmyf_#;oUTHl
zrAj~m7!nTe{H5ctbaE(m*)mnG088$`Sd(Bd=1D1#KN+vc<*m)+jJP(F?E!J6Pj|ea
zF56S-Q6L*(9`aGyokm-P!RMmbptLwFjmm%mVj_FOVTx0S_GWM=7tBCzB+Q9@;hTU3
zqlod5<mhl_1Qe?4OoYwQktN!l$Y8`#>7g^oXwYdaH<+ezt9*^kwCI}=8xlofP6piW
zY~X6<%vy9Zq&Jh52<&h0(7@fbMEk&}8D=2dFLt&j_HceyN9cuu#VT5AfD;{<QUPx8
zM1?Ph7|+q#sT%dAkg4h&PG){qZB-6q*!`c$*pmZQ?!yflrb*za8yEsLlnkklE*2z_
zBO__VP&gLBVGXepng}VO<&0p1tvm2}xNS@-2X{c_KMhnkkqS($%~A9jQe3T<{38i4
z-B-9fSbN#|TKjRb8`@jrzfZ;&)ZgxhJHgG%4e#diPx>-J`yWVgBY6EI2@u^^xD)I=
zyzM-_f|l5MIl9??mw@S{Uy%Xl`+^44-tD{CPf~r0vlqeI)zbyKZ{OGa8MI%!19*ay
zyVpO^*Uxlc;SLQV!7s?ui{Rwy@LlYu5`Og#FL7fhxAgoz{h31dZSK~#wuFDe9j5y>
z_wUyIDRf`qZtV?gfS>#K-PK8|Z@1eUdItYVyJ5O-b9b_}bNxrd!Y2F*f4m!H{9L`h
ze`ux>{s;VB>|7nZ9RHC74(S&%zI1OaZHY|sbRP}}QW;vI&}kLbzj~QEMG?cvT#pbY
z<4*tKu+y?tVZS7_rO>%)f)l0-gwsUAX%|7*Rfr5@XmLVSCXA1v!hNly!Kn@()`>}`
z6PfUAAr*eJW3{wGwY0Dtj#${Wh2vT_W-BF{%@X3J5~>PEw^P|DMTanG=2QQLII#iP
zJ~Lyx$Wz>v|0{E3Q{q1uJ@sGWI=y^<{x>~iy`TBten^>d|0m`E{#6<OB>$ta;m`a3
zBg)_0|IcWA|ALHf%>U@?8_t~nHPZk2`;Q+}H2>X#*3_I#Oh1uF{BuHiEi|WwSH#S#
zq2w@1G?~F(;F_Q(N3WvLsqDEPm<Ugef)B}|5G!(IC?^L$l?IbTZ*Vx3F%;v+Mtx3*
z&z?qLpr<!#LJ-6no|s`{Te9ETWFjd7WKf_g^w{WV_yr$FVMa{Q!7T^v;3`uH*(-A#
zhU|uOu`W6M7&J185=J4hI}Sq)Fv-yjsI3gGX=B83I3g23YFHRdN@Uk}<Z$Bj3gpa%
zanEU?zc$M3wL*ABlhZ8rIwRb)i7{b&CXgo=OJc^t7zYXPRhS)IDV6~ZXc!115Wq2*
z2FM_j!6+&nCT9{Uk?bVba7Ah~8@6EDI^#sUtYeuGR64^9bSAE%KwWT%CDZ9dc2BIM
zLm^&xE{X)_o=(kwII*^91WsQvL~|8uDpCbxnb=4bdXqS{I;JpAt-h|At})1YSh+YA
z|FVWp{#t5cxp@kDEB4E)(~x5S;`$8GRxBFssVzsT*h|2ibm|kgdpfQI7n*|eEWoZT
z^mw2-E^Qn+1onGz;1o~=H1`^V0wYqe(O{tpYuM9~Yd}b@H^B+gohTxW20sAgcp_Yn
zeL0HAgp?m%X~$}?Pq3ekN$`c4-Qd)r5$VJzwg~LR4@$5}>?=tcAew#fS@x7+{2R$?
ze=T|n;Y_h1L<X5N3Y_7X5YCyL{VaRhP5MjeYasD(^EE*BK`arQ^p}m94h#(EXP<bM
zRX9yhooGT5=T1`?v`AtC{NP8C84NhW;XY)LqBE$_)5;dWeLO=!_!o5y^n^4vUUCqZ
zP-XI0XDaMk97)^&2ht4ib9{vjQ1sJOjM7vL1r;656qlGOdM?9q>T{t-IY_4P#48aB
zR}>kO3dk18F)XkY6$TWmF}ODdWXsV2*|DA$yz~bVv)cj<8}z@bDl7vEYgEybU4Rvu
zqk)`|5*}-|afR+Ubi>&~pkosq6CLh|v;W~5G)GQN4g<jnjh>?4pGW(@{igljS!Vcu
z6FA`is*G>_{!7=;;7kAir~mgu$_)H>_B+*N68%X>AJo$~)73LGobgUYd*MKi>aan8
z&}bMSh#92d#X)Cx!GYXE8z)yiJPrm^(j#%OTs^(*?VXmYa&WU@gijY38kAj+4a*FD
zXP<^KK-pLsY>bS+fWXga*n!Iem$A=GL5GD;VW(D}0KT44nG1XUMSU)w9Sl!2g<{It
zzZ3z3Sx;7HP`{`$<>fnt>ogcu4v7V)%N&Gi7xqAKhQy3Bc3LDDj2e%J#|m%nV(s9m
z3Tjd(2X3;`Bp&q4krm{?zG^~uZ=zQOH#c~YNwmqjQ$YQuQ%r}`rG1t={n8|)D?JKE
zl9|zj|F*9GEMJxx_MfXp|E`R0*nd5EZfJ)6*ZqnA`eTZ=8d`1Ac&NcnC**@Mxj`$F
z3Pp&J&j&?pu!{<ZwZvE^6><roxHgi?{?#l*<Pu9+4LXve>6DmQI93Ghp@5VOg#)2f
zP$e=V%!)}Sh0}>)TC`Y_CY?gn3W2=f|HIz1Ku1+%S^a~~$C&UFF)*Dbk!}o~bRc{Z
zBA+CLumJ*r5#-Z$I-PV&r@QG-0NFsGi6llapsf59g0i#B$SUKPL5^XAhTkBIGQ+yd
z4!YnZ!m?r15f>zTZ&kg1uO9)FaoydsJgC&Wb#L8!>-%oqdi`oJP%Vb(ou7x7X)>E&
zff(?(ogQ5YEQ_5wgCC=tWG=9~(GgF*0jTOCrwi6R9^V3;)#dk4RT<lKAWk0%D=Hg4
z)iR?8r$t8(bh>S>ASgQ8hA$qN91ly9{DCr%B2RKTOEC?PfXBjDd7NdsvS6jxfF~pj
z)|IE?A$~fyF&a%#YD1SB^qd$i`G776%l`^olG_~6;l`(w&6$_8bgo;U>NaNceFK9#
z$DEz*e&``IlbKD6Tx~fO_JGY$Zp>!3FTUzx%gM=~IsxW=pWV73TeRFkYRb@Hsy@|b
z%nlQ~b8<4$jj+`51_LPFFlerO5O8znq-X1JO;jyWdak=Vd#)Q40|wQR1umy0X2n51
zP;Pfb!FgrmKxw>ow*jzvUnww(ib@--tAwGZ!*pEX@Y5A5Jy5^UBuvlpoSZ2$i;Be3
zmvg0{0qj0ss-AY#Ec9~V$ySt?o|n@L1RfuV<gk6QGhi@N087V@##$OtQ=k;AYzC)c
zD}*!BGM1+bV7blZ@!PTTDJNNt*egNGEh<EiM2iRZP>}_PO=%FFJ%*xGX;ve2iBx=l
z##3&9TVv{6Sa!|T8*_4?>F`)EFD&F-kV%)${u{Gt?}2|*_iB9h2VlYKbQ|!->Z`D&
za;@OLYR<e!mC|suL+yu0v=!e_uLzH;(j{zO!1Zz7RCdUFUf~Q@U9>g?PD_OZEF_8@
zogp?Mtxg<M?$mUlX|U4tIW$qvQ*US^EP^vz-dw_%929<EU)XE2>T-e515-sM9><1m
zmMW{u4qRY{!LmUPK~Fx~oG{vS&e5nb#4zf_=89}DlmQig`v%cri_pq;&ND_TFIL-4
zrL*D1v!^<5O-w5>l2$s3s|9KNXG`hXT`z%U&;Ni$V%7gh?*H5R|1-=(<^F$&?>_&3
ziVFree@@~_==2m=Hl(oIF*huC>=yg%UaOD$=<z69fA}ej&fQ#`%c=h*=x2k|XSXv~
z9G+|I&q5yfqNvARj`5H#_6PhrgW%A|nagflfb)>O99_^T6=iWLM$QhpC_4FcL!?Ln
z=Pc#8TnPq|2C)o&hbQPNqi=1(ERtsA6nT;j3Bh^3$X+TtWfx@@TPyJ8cQ-xc5=<BB
zkd2mjtZx`obdfzA&5_}0=8QD6S!W)Zl{pIj-*CjT*gRZa?!m>n%S^{Y=IG`~*RJ#C
zaSC2BK!g;+(m7qkv&s?he6@^tQK*>-mC7`KADQL|ndTd0nj>VI1)1y>4RNc4c|5s0
zl>JajXDD+)-vA2_EFz=G7V-!@aY@cO%8y8nXuycmhG}L=!c7>sJQWcKBNt6Ah|CHJ
zEGxfgzw(qz#(^$kGl7>N?76is_Cil8hFUjZO{LOGH-_I+p(jY^u(wj2?4(xO^XSbo
zdOT_PrEE@%kqLdV<tEddIca0C17?Gc!W-BTWGFL&Oq$enqR^=+Oa8DyX3@yL>*D2x
z%V!kxNJOIq)~1*cDbRIm^q5EjrUd@bocpt#P+0~GKPNhs9g+%zOK%kFP1yXxpP_{B
zVWfNLOTTt^l|e5gvlo9QEfyYfseF7ISu>%n3Ik;_WXd#)4HSOQ9#8lR41wXMm$Zs)
z0n95V8*d(I#f3+%kskPZ+tQiE(g|!MxJKx1=DM4W-%|^-F?{SSHNf>V9P~6?;W>h9
zGC%GZE@3+v!gLm1pn-a<nf|9Ah5s+FuKYilcXDLhEv{R?|C5oPnSO)+KYhgA-+%uk
z*Yf<L3DUDklte{8x7xf)tsMsO8|>?@WEjzr?!-X!<Y%NCg(1`c4TQ6Bk3mD&8E<%&
zNiSg1YlT{i0Y50)lj9Uba%>#r#Sjle9|Pvc@6{rnrfmisgk(raR}d-}@k)r20iTRG
z2!{a1(2dK$U;ugp$i|=pSSP_vJ0B?PsxE~5X)w2?xypvXk}<g0<oB2|Sb99yy<o~r
zURPWvUS|BnZX5(HgnJ}>h4Lyn9pQ4Yyxlnuoc*F8#6XDcLN_CiKZ1Zw(vQQ3I4q2n
z%?bwp6@+11)LN92K<*>Lk$u}ZUeDoCJbxaC&v5)~4u8e*_%7Z^3BUOqpTY51p&RQ2
zd>on1@sDwS!Y88shSN)r4%Fcvi>0E{<F>FJZ3}@Wuwm5?C){U6*vghLKM$t*3H2Zl
zOW{-tI>-of)ez<^BIS#G&VZeuABa$Q6eXltENEDQL=?g$qT7TNfccnf!BZ23yL8rW
z;y)GttDrHVG4_jiUX}!>^B!#FTAmh9VI_Hn<1a#g?H0${Mx$nRs)2^T2I<|gQULA_
zjMW%JXVGE|9VHfH=qT|RL#OG5F?6)P7(?et#27k`4r7p*j4{ZWS${rsQQP({aBeFG
z{%vzW=;0R9nfVn+>`b`=e^IZ_6x4toso8!Ozl)rLnm7>GeuBcNkpqj=-b`WC%z>w?
zw!cPU)X;%V*}k2^sHww%a3h6LV+Yn}dkuwAbH_-8y%fe0IL0FU7=^JUj)@2tQy5F+
zz%wY@$I{PSv&;PN^Xoqio$Dx`G2L-uHBg*|Khu8hSofq_+x7?$e%06rbx;zzsBT00
zIV)O7A3_?Qy#~12lL1ZJ4!D^$=Wt6Sy;yzK<ctPsBoKQcG1RPnDII{$lT8>k#Mhn-
zUid(Rcm-r)^i4XbyxQhKk9SZ8+(fmilQFIHgh11`AwRZ0FIf$UtuRj7j$ZHVY|W3w
zCU3~s)~l1-qCk=Q{A;1=Yn_3NhWu-sx*4fo0P0Y6Y_DKXNWr<HZ4S$i@<PDo!fyca
zK9Wuc#Niey)6fbmjzA)pu==_nfdof4VHX4$u|PzpXe35;fYEP}krSwS#((_|gsE{J
zCT$r!nQ8YaQg(iaNwj#VH!lmn{nK}0efqL|v5ZzL*2qQVvX>IBDN0sDdv-3o23e+s
zE+*GcZUc(EdZ1Xu)L4%93#iPt&`8B{QxlFNR3B>tWj=+K!(qs<0y8`TDz(4K66!F)
zh}`n8V4*JP8}hFlIIC=!*`^w=ZXjH(V@Re4vJj8~1)#H)fBi9FG*1Dh?V89SDS|;f
zK**!MS8|*0x-9>x+vhocV;*&~7G(xNChcUQgUPe!t+8I?{Z_c3(&n|S2|P&FygLZV
z0Dk1>C2creuV~RgGlwoFw*B#HXXl!bj`p_>c4N%%I8faIx^%#xc*xvY|G}EK2<@Bk
zp;m>YwOEhn>=XJxJ*v7R_=nKJ#5waV^I94blUtbll70Blh5^?^<13wk*w6)a=ZOXt
z+y}o39aPVm*CHE}E_f!i)j-*1!$?%|dG+?&C(#5qJ4keOb~N#ok}kFfh~VRgL31Zg
zczufhmL6Xmi+AoxCrb%)gOk75w~f!yF1^;bD}gSWfFjj=KJDalYo}z6Rq$sSPBv#l
zYAxC}i}|yDBG^}G$JDKa=Nj4o0ArnOBFvV-e7!jzY}XFx68PMl1)&!{FCpLo0d>F^
z@4XPCeSi-ZoRshZ1cSjd7Scf_59-nZu|C9}TR-$l-Yn*e0~>b$1QUdZAxwcVAA%dg
zG6-uSya?g%SBZHNF@HgBZkEmfW}s0w%*5Y89iBcaW2DaD_1S%PmmPf@I>XG;pgRzx
zH0B}Zp+O2}f+=^G!T$yZc;QhGO0tgd)2YchXzK@gKab)4yr;DPP<lLMg3*5+V*R<1
zj|bsOBFx?=l=l({GV2qsHDMz9;HARP@y@0|i@6C2e2DL^d=wM4N<8>O*<D%566a!K
zHzgi5uGFZ&KqhL95|6FdYLsZqfh{==DK!EY8_l3zkJ0@N_*bJsyInICg@&j?<EcXU
z_(&@aI$dS#Z&_Le+RH;SOv6~hkbuu_Pje0(IeZ8r(ro@<n#~t*no7P;J~0vU;gU)>
zu0#i>_Xwh>VQNgLYP8&;8t%Vb4Ml<?zFQCYn-bSEMiut}nA6H+qKb=&c^JBe3U0OR
zRy_<-vtqJi3VV);RpLtaK~jjlMv*|`yQ#DfXj8O3HC@01X+irVMsYRn9>R|arAMAn
z$0~ahXCoz>(iPbctr|jj6VVQ*QDS#f#VC@}l5!qRs;Edydo(F2NvQx4fW$$d8VJZ7
zrG};8a8M29<jQW4SoI_8<`#9sv89Sqgw??@rs|;(6vW2Ly|bau>(=kUmy2=K@Glp^
zAA}-o4GAusjzlbTM3QWX|KRRNO#UU60c$D50UwJU!krVpl;$NSux#w6apMbz1gsUr
z<gof3#8kG#4H;P+@DWpmJ7}u1`*05>0<ZuMDhKJ<jn@?*^s}wRgrC(U=t6b^%2Q?y
zSc%E*u$1Gz1u@}{i5~>8=y98m3bR%^Z6LrCpnn)Qmb26kWH$DT9Z0j61}iL9pVeJq
z_Y0smSc)Im2*XZyxhG6oTI#b`2@w9+M7YQDec$T=)(`0vOMOua;cz2%2|frMh21$F
z^%*I+Pl8{<ypCQ`4W~o9XClxQOYnk!X#`=m57MDMv=Qh!cwPk&eMw^ovx$%n?WZ~=
zvzz4l6%cBVd5{k69zA3lAd#!&0gqU^&gsxz8mnS{A*o!va8illdC=bSs+hecEeAe>
zToO98&+1gnZd3E}33NfuAMHP!GR~@)O((BEuY~Rj&|Lw#W*HrZr4l;yLpDR=JK_P!
zVPDG%2^~&Mi$R&hF66EzVn28e=$-?*D#eX-&q(NEVX+k(E#jnfn>Zb+M17RetRCca
z+a+{;fv)dO=zbxgL#Ki6CURflWkovb`;2D(KaGSA`M)XQhyJFEUGT&38wnlS<sCpb
zvJ1Kv37r8}+J=}&AEm(iFqe;X=v)|f6T0Ih(*K8at<vMMdHj1B9XeHKNkE}4KbO(X
z0=g6lEa3huqpQA$`9tM&N<}1H;=P2FcEK-RMz;*;a=PG`$ms+h?LO$hCuRIF;QB|>
z&B+=_7}Nznp^ple8V2tP4YN7N5^;WslJWZ(3=OX&A);<&7tWW2=4VufFw7)R48x4!
z#xTrU8Rs(wv)(DJ*HqkNJ~j+@r?58+vsSGO!%-AI8;03F;gv8PL*eFC0?c|G&Ib%;
zp7`g&a2$nkd^7l73de62U^ct-4Z{f()`elVA(9-1*%Rer816;kjxfwtzc_9f+=s%$
z!mxCvM7XaEzF!9Slfe(j;6xeRUj`45!9SD1IvJc4(NEOma%ZdzHpt*K8Js19@d++0
zbCl3tD`j|G776X4fcDrz#P(1?d+Z`&dnlki&{0MGu@t_Kybp2u76IRf97BG!qP))_
z9$R~J`IjK>C6RxX@O3|zkAj5$qk#U?M-i!y9_@lUk-xk?Mk*p<uMA!ca2e<q;Q6Zo
zJ`HdqheH56o>Xg%9IjJ{{ZXOpN!BUE`XkEAojVj_e^e-YlXqnJqY5@YguR=STpwYt
z=^VhRygn0@eaK~i(buk__*me{=!LzgUK|$oqLP*3`0WAXcd#;YZ)&ts9KXmf7wLh&
zlfxxSalFJs{a64-|Grtl@MT<{u(!2BDULTCwExo_FYI-_s1)ai9xy+=%<;nB*IOJG
z_P#!l$^R|Dg+hL1EI9}8SP8ye8M#;XpPZktR~Dm++$-zH=VW28ELA1y9}oJE;&@^2
zY_eny*Fmt#U}7zG4x#IW5@Ir?`Iq?1>|Q@zYo*y;<!N-s3vhfDgb~{PaC@igeRL{H
z_U~{V=MMzS%YmiEk~?GSbW2fT$qb7Hpu7lZQf?T)*I-=sfW6F=Ibyh(cp=Ih1teu2
zONGl*YIRxY>ce6UE+%wUVkrw&RxS|)<WI>H`3t~=>EkBnhanUu+>2aoVXk-TW)OZf
zgRk!r`Vud}w{wXlZ}yaNlM8b}9M-Xg{*1z6cb5@MLDAIl<BBX(Crl{GpJACXZhTR`
zC6bI)q@~<zaV+ASo@2*~+mcWMzsJIUXDsYwf=U*;fa6=HQhMAkjmS?|eQc{VBAv?>
zIZ{H41y*z%N4H9E*gTao!8IT!X1lf#5~zx7uU1Sq(~a5)Iy+rTLZu8JIUHZUvUqKl
zfFtN$U@BcqXf@Kcwlojj=an**t;pG)u&f?MWrdyO2!csfmg)8iryrKzxh|{U4=YyL
zUiJUwOY;7YBT(kC`TrX}0rkVb|1)%0#<08J|M@Ad8`~d0ruO5?xP$LMWkAy1_Wud4
zuG`<`sqo-28b6MVTmSyUoStEpw}0mFjJv=8_(`sU!U-csSn;g$ZxDo~Srs8q5K`T}
z`?9F0<sOe`;lhPgRaH+s@x=1w%N2?mwR(kC8;Xfp6&JVi-g|4~;+{-MsO{5dbwWa2
z@7_<{fB#ec`aRvhe?$NNYm$=IrldTh*Ego5tTP(dr=~uenfbigydg7lli9p6D{FIB
z*48m&UKl@qTVCFa<Hv8$&u^ME>7|JiUoI+oY4YTq#l^pvG2?HiP5Zk?9{JVm*}r`B
z(O2fq{nh;WyB~Y(Rhw;3Ma3Sc^YzCcf8FDG+vR#=;lj78s`do}dzUQPw{+?L<;&k&
zwru~(l`Cs&YwPOj)~;RK*x0yX!-g$ew!HAd3pF+GH8nNu+_`htu3fu#?|%LD*WZ5o
z?Y(>V?%%&Z6gsea^*_|tw=^`ozjo~hjg77A*B{!j;mD><M>lOcwr$&oO-&!}*zu1$
zcb?p}>!V$}KHk0icdx$s`#pQ$|LHg1{AAz0Gw;58rlqB&wYBxgkt4^B9cym>!^x8;
zPn|k-`t<2DXU-fraJIGe-&$MG9X@>S$dU8MkAHsR#2-KUsQuKbFHWDn@X03^&z!mR
z>8GEbKY#x0+5h<Bi!Ux+y7bv+9iM;xWn0^q?d@M(y7cGEmoIm8eDn3!Uw`@Kx8Hno
z_1ka1y?XUK$!7iC>&`FS3??`hi1s=e6qPvfwe1H&+Ma{w9(t{*Wp(_(Nn0oG+3|iu
z-=UBH%b`6lwLYWEeJZi=*DoJ_)==`xxrcwf^XT*Gwj)~$dp5ni<yr6V-soFDttsnC
zZNGj84bvwTW<Suc|HOh7CF&CGgmJ|$A6hqVK*FXZUv9U!haT@2mACng?E|w)*6U_x
z)h8s5tBu`Ld9`Fp?+L2@=1tQpOb2r^bXx7$jjz>2XDc^k9#W6%Vf34_)~`Hh+)&q8
z6{}5uOcDBU+kGy#cjqeuq2v3?KJFHmmp4$kc)*EGZ?zqd9sXX;u%SJ+4lJ56Vac<_
z>sFJ!`47E1@1OlOy)(}AoffZIaKsSx^gEZccWM5lIofi4bwzx0!SUydcWf;`?1)}z
z(CpWFrgXmLJFh&QI>kBh&E|rB>G#d|AN{8Xo1+Gg%BWqQoz(kDmnv?SrE<~syn>mv
z7e^e9QRdCsw(4Be!U2WT6XP|DGV^!*S9{+9)<o9*J(ETfS`s=UgwT8ME%YW3LPron
z2u(@|AVpBRiYOfwm5u@`Vga!sprTko!2;+a7DU}$EGU+hF9Yb}x_|fGeco^X-}5~j
zpGR(H?m6d{GiUCZxpRKz8^i^LA7scH)MkqbP1g521v^>U!H+u0-`@ZWE2R5a@<{hd
zZ4@J1l-y`cedLXwrY*}bU8he*7U1j)rPmcoW^+k1DH(9?)F))5SRpYBN1xGnRDyo5
zK`Rpv5}^vT*q1((47`X7q`}br534hHdVNru>9H4A8#`mfcf+v#-MdjZy#Z2SeLp~J
z&p}mg9?Q{9ui>hn$|2b(4uYFu79W~`&;4mu=Rs{#t8xh=3NF36a?O+RU6;~yBLKqF
zu?t&D?x_EiR(Q*1RXEev>H=6~{b&Ohg84SAU_?`imR-P-wUoftbT_BPtJ(s`#jS(x
zS>`<|{2Aa%9aip$8`pgX7!Zpo=!tfDVzT-vt6M?@rsu)BN!aseA-H%@#ykXFD0UVm
z)TQcZx4bs9N7zicb;Gsj^2{IuQrX#59yQxa!R3c?$Ib0_6ixMzCPv58DltTJ5vi?h
zJ&B_q44HsY5+VooTt_;)`t8>Jab?y*DqXxNds0?UL9NkBz&jCf0Zh=Z*BOv>JkXwA
znc;ab?a}$JmFE7^qfL!j3})_U+Z-a($Fg7-`OR?l&56~~xiG_JQIB>IJ)85q2f9Pj
zHHj8NJ}Fik__T!HpfSoqswr_<1{4b(E5DanTw;+S+Q}qki#Q2-aBPlXh`jDghr;cx
zFP_$J79?}{&8#exPI=T%-q3+0TRdqRepAeOd5?)sUoF1S`jS2YVTZLU5n6pq-)1d=
zYQnWH?b>ckASiw^RHdKyu!eX#kFp5$t%Y3%{=<iCzN?6>j7}A&O!Rcz)^pgIB6+bI
z$+csygMeLI6n7xEIUP+60cu`M)<|Yv<g?)_0`Rg{1Y)50l+~K5SHb;~d9A>tg}PqO
zDG=mp-pDV$Q5mr+GUxN1Ix3RVu-87UX5AYs87Im@C<ICquwih^x8!tlaKIK$Do7Ug
z-h~y80ueJ~7NcF-`RLkkj8FG*d10%M=q?_CyJNp1s$seMwP;zcO~+65+9+x4gB9#V
zQ%~SdAkjb=XOW}5U01CVHlLi!pJ83tgL?Ab0U#FIpBI}{6zaxGQ4f24yg1df#ma&w
z%nFTF?(5TSk4Y84G(>et0el;+aOfl<i#Pqvo*xFt#rY4VUsU(_V5==SlPz<lEs)}h
z(rKK}eI?FVS8<XLZv6a_Mu?+0Wb!|V!Mnmz`Cp;Ags*Kgv$zcu`rsLla~%W=cU#m~
zBR1*7z_!m0cB0Df&xcpOPH=c3J9fpO`|S>zBuie(Dm6=J@_@2Is+C+Lst`=JK_~>I
z<IY};gJ-lO!T70-(#Dh(;X$!!rdTqcaYdnRWOaR~W-y1a{)SwZl>=8DK_@G;LH+QX
zq>_Gf*sMXii5P<r=v`<3QpeB?74GV1%qtXlN%>XMgS}$rd6c%Mo9kb_@yZ<qh~pgY
zQq(eok#o;1xiYfFM9(4iYgar-F=%TUw}l1Wp}t4eZWPgeRi7&jS{f$e45hpFaAa7a
zf-dP=t^)Dv`{9VZw;s=t)rgQrNpqNacJ{qJnYD+~L%7G$(%FNOOm!HIcR=12sRRV#
zK3^os_h0Y1n^4Y$E=2~Bv(?gRoF?*MviBV+)KgVS>sEKm=CLdOtmj^jHvKFea@nT!
z(ok3q$bb5ljo}&+0^^Znw=A=+P)EMaV4zGTszE`g>xPbd^xBbWuBO}^<B%G;T~;Ew
z71no}6FXJ*srY`ht2|Y~iyhlPAT7@CbhaV!#B=UIt7Khsq4Qpy5mMKM2J`Uwo(Ip|
zXlRMD)Ezr2qIoj+P<7YEBVENwGrRFAts8HnKrE%Y4W5_2<tLFQFm(*&c?Tv`5t!w%
zJHZ$Xi?zuu4$w&5ZmPK|Mh=;dy5E1W``CbGd04e6*g?*}a3l-8^@Z}RO`D{vUC(C=
zUHhx@oHN!R48}^VUvp%Pju{<22eb5>x*dZA!k+9qtGUbqsiP##<DM3^vEh@QW$)b$
zctg*_<pRL6UABY>VHj_EKeE(m99Ob@2cX`Flhz-Qj0*e3oH-maYcX?ry03stjOs9S
z8NX(%`z$_f+dYu^z*vJ!>WklvleWXRVTk)l7C-xbRH?{0Tz*7%GBUI_HeJ~eAg6Lr
zfO{C)HJhyTmpB4O>XEBtP9cmYcc?itulMSUY1gCS{?&)>e=vgKKxx6EjX+xYs@I+Y
zNeE_CjxY@TID)P^z31s{^VNYPsAC6Wuj(&z3@ndYNe0H`qXGwFC9xL!Ge4i<eyG;7
zG77xF3YA@Tdi;iLY`iq*=^8Fwo=}9s$H?g;5|ytocbDDvH+orSGX)c8cJtVo=kXqr
zPtR)3ZYw=~wa>qdg*hbFn;DcL{2|a4&SO4iv$`u*Pje%m3Zli)Y5dyWPhp!l5gbW8
z#fcn;H=1~7@Zzi1d_+9Qn~RaRk)wJxEc^UyWABNdy#=?Nz9-`AqSnJ@meh?tg$B-L
z$yYy7%I34WkNa6UnAaff*goqkYckN4`?$RaPd_hvWG~F%B&hQbqHq%jpZjYk3)jJJ
zrQzfXy(AT~e|ak6PdsXoO4ut=h<aiZdx+DD3+TGKcdJ?4r|fje&Z>*c@;|5Vm$E6D
z(yHv72@sgLS*HhR>GQT=oCQrEULha<Rlj&TveS;go0~5-dnI?~#?8kZdJpNz!@{fw
zbWzH2_8&6%pX({WYHZY>i0#Pc_hhD5O#|7jxU4`#)?55a886LVP$z^=($C}vz@v}i
zRfo*s06?ote=P}G4I%+DFhT&t$HLK%fPnhg<qTV?0S*s$?a3Ve&6I4Lq-<+p%$h>0
zCp7+bMA%0vcm{<z0gs0jq9$I#jY;xCIK-=Lew47+QS(TZ2bsd<D-R`v9F_(tGPrfE
zsKi18FERqwodoMjv@1fd=|Zh7G)M%(N^l&WQ@Ue#K!-y3oKx+GdC9Sblo0X+x4%5b
zDj28P7`pGasV+{1t`5kz`WUwZ+^rfU4Gxahj8}XJm$#rI6Q<Cg*D{mW(g>q$ln^XL
zrgtqXPDe*n!!mDxiq$a9K^@o>m<PiY1DI@elnhZGPDboFi>k5^r)5REb*<&fKs>Z^
zR+Dkaxv}N`%oeUJF_AHFIZ=2&L0(u(n7bO3=mK{JX&jXXC8|O1y`cXF9F>9)d5PL^
z9%nG&J0PqGQ&`vg&iUybmD)E_IV}I$jIEsnz<Dn&zZ%F3!`m_=IR`RUA;|(ZKBu+Q
zB!bi)bvtoMBAXlVdFOD2fcguMR40bXWbkKe>6@k!OeahcLU<El-4wtYa%g|7A}cG(
zOIG#c$K1Mu*VkLyS+5l+qrM?HPD#Tq>~+b|kY?4iCS?-un7;m#7RF1x>|BENFGC87
zIUWiMN|@I5WStD*x9T?sZE6TW{6%ZN9WD|@2*-Y$T@8}LM^1aRihBn#q77lEPDm>$
zdGCQj1Zt>bR+l|4K5h-rt35pm9i`1V(zgYqRD*#R-1)PuuN8p;1P{KxGHvth?pq}w
z%9uc129CiRSs^79v~3>&U6)yT++w;r1=mUwCE-GYbxYFGnmBp%@d{e9Jq!nrn%QYH
zhG-|@Vq5c<_t4M0DVZk7lRo1@apuS!$%L$QfTE5MC+{9%Si9ZWzO{JS$xI(UJaYX6
zA+r#00q_Pv9NGYQl9aamE-8r*z>(o%a(GHQkO}Z5FeCVD(1Gm9KUCF$7oFCusnt}5
z0ifa(@}VsLm)PnvcgtWk=nw!QGiJT%h*Czef2IW}10X`wHy!rD<xK6CaL}r}$q`bG
zG)sqTjKP$<U}{XbS-Mf0x2MhroNM}aAsIUjU!1lBUlbE?q3qPF<qIA#ae0Hlb|o80
zqHh*48L^T!z@CqI427b?$Z!lvtUoiU8kvG)23DxxF%j?gzz0z1Ktv3=VGn}Cn&PrX
zv4~m-q~zujJSYe(5t$&`2=7Mk%^|pvkxl0sc_fkcV<;Czd=3Tqz`9A;oWms$fng&2
zKH!RQ%~&?evnF8;^jbq)Rytw@4(XP@r-Z`cK}Nc^BE+AiQ2S9kE;UPOBPm@7+rq#N
zdE1<E`+J7>U;D7XU-ZC@XLu0&`gzzA{mb;{&;P!FY5aF|{KfM>Egik@pa1DDegFHf
z(CnSrF#zXaV{ZfP+y(5||A5(XE^m8FO9%rCO6Ub`z6H4KR)j~#z;FN%6&=r_+FB63
zeSC==*8muR0Z`D^NE$tk>EvbuZ9)X>tu2Xh>`LG2dV6brE6Gh2I|_Tm{~qD#OjbMq
zfY63ZtzbqRon6jmmm?G7nb2`)gC&2^YN!l@Uaa%8*bQWtq3tyMq4Q<sxjOS@GE@$Z
ziVkL%p*Ayvqk^IGId*yDngnQvJ{;OepSvcUk;pC&vdhwu2~pwf@(jcq#h}Fj00P<!
zBOTA6hq23$!E&+Osg~@rF#w>sLKl^T7M15V+p_7~{O1}52Kq!hMq(r*K3;_a<z8R~
zLuv1swCH32nD6r(5umXpvIkjL!$4P8Mf02Q^?!KsKO|^w=S#0$=eMT`UitmlpVf=0
z1pxhN_Sh8uek^DQ036E!0O8@^k4aYp055yq+OIF_k04|(i$J8q8FW>8*djfDS>ZpR
zMfy}BabJfA%Jnms-31yq2+R?J<z~|8P~xCJ81X-5{PT7wQyC!)2pg9{^kiEZ^xc<b
zOmuMgT&|Sx=>KUF{~_BSXx^^b#8>|r;15s*aM$?(_|I1W1Ro~=_p4-|0l&`M3XJF6
zR%b7XiFv!9qd(a|2!l4!!s5b1=lCqC?hwSmn)!19U>cw0b2|f(02bf{_yG|>9FPL!
z0Tn<K&|}~K$$&NBz+PLq13thifDVKKQ2+}_1X6(vAQ#vS6ar;H1yBXl15H2+a2PlS
zoC3OmUf?p&4-5e#z!>ltcn(YfZ-I|&N5%nigM6R}C;`fVN}wjF51NA3;0llm`hbC8
zC>RYUfT>^>xEU-4E5I7C2|NTI2fM*OZ~(juJ^&}dSKtR29L5FXhb@Q6!qi~;FmsqA
z%pK+r3x&nPQefGzt+4H|TG)PAJFFXa88!qPgFS~$!vQ!aTo5h^SApxpE#WS3Uw8<d
z1z!ixgO|f=;VtkJ@C)#p@G<xc_<IBj!G|CsR1ii8JA?;<j)+C9L*yeW5RHg-#5u%G
z!~?_>;xm#PDTY)+8Y1nH-pEj7A~F|Qj@*N6L!L(tAs-{(qEIM7lpIPAWry-XMWEKA
z@=?1{2T@(90n|g(GzSNV2!|4f35N>@jU%2TmtzOVevUI7H#i=1%%C~Z5@=1d4cZqS
zjm|`uqnpv4=o{z>^hXR1BZD!-xL|@Y$(RC6J>~@FI_5FvBNmU9!<t~-u@Tq|>~?Gm
z_B?hJ`<j!Jlf-Gj>B<?-na;VLvz7BA=L637Tm&vfE=w*yt^}^FTzk2?xbAYj=H}*>
z<tB6ca>sLT<!<6W%YC1FhKG+wmB*eZm}foDPM&t28$7@8Vt8eE&3RYxrtp^Y9^t*t
z`vQl-$>J<=G~7DePTX<aZQL}T53hlD!AIfq@y+-?{8Iu4L6%@m2qt6`>Ii2E5BcDH
zQhb(tbiORUdcN~~kNHvja{TuE5&WC^5Aa{(pAsMlXbX4>Bnj*kI4v+H2p5zUv=@vN
zED$^_cuVku&~hPjA%@T<p%$SVLhpo^36q5x!g<06g@=Sch!91rMOKRxi5wHTCyEeN
z6m=C%6s;6JFZyB`|1zUx^ksR=4lf%PgNZ4MQN`AZ)rnmZn_e!y+;%y0`Htmhm%k7f
z6eo*Eh?k0Yicd=LNtjB6OO#5Sk$6TFAes{+iQ9?ih*Oecl6H~_k~NaoBtMemNFJn2
z(m~QaDXf&fRESimRFBk@w1l*ibgJ||>0ud+jJ`~m%r=<|GVf&NWW8iJ$R3k@Dkm&w
zFP9>>Pi|D6Ti#4QR=!q#PywZ&udrHSw?e-nOi@QMOmU~;btRaRu2Q(tZlwWbq_Tl>
zv~sQTZ51vRbCoqJ`&1sN3aYM9%~U<6`iq*hny*@s+6A@G>N@I?>h<a)8UzgojZBRb
z8m}}JHR+l=H3zl0wQRK3YjtS7)K=1FXjf|A(c#l^(%GQXqw|}to-RwbMR!t9S}#y<
zm)>oCetn95zWzl6q=ALOdV^C2?+tYg;|&iR{%WLRwA!fI=&7-sF~hjt_@N2Ogl1A>
zGG<CN4K%Gb9W#?OqnXv3jgzIw!Q?&U33CPW2=o2szgVbSuq@gv-dP%2rdf7b!L4kq
z@~o~|6RbU~E3EI^kZeM2_SsC?>e#Ne?XpAKIocK3-L_wDPq%NfpK{Q1NOL&n$mQtf
zSm8LnLU9Fa#R(^vlY>)<)2OqIbF}j@7r@2drNrePMUE0nIq8aWrMT{NeL~fsrcy7s
z@wo-KHM_law{S0TAMud)Nbu<K<n{FPZ1Q~PW#v`uHRi46o#uVnN7N_Wr^A=S*VA{8
z@AOLRm1Qd*`|0@Q`rY!E^H1{cTP3<Ga@FYo-T+#_kw9diS73ACCz=bbmNp$^AG9lI
zif&2YMt>em4lWIzWSB6D851EUA;lq2Lrp?ULMOw_!pg&5gj<GJgujfii>Qitx7ua(
z-qo{_UXcf*&{2U=$D;|+tE11wh{q(w3^0|Lxy-Rx!`QOeDV8H^PaGKMAJ-Aj&t6Pj
zNsv#-NqDfvbj{8+Gl`ywN0RVK(Mea56_Yn5Po&tSG^|CerLXNtl}yb@eUN6JR<jOV
z7qqTtz0~^b^^enS(;G9e8LKm{W~yfvXTHhu$~uv~JUc!6VUBIizFeMMR_^T$MjNU&
zA~uF^ytYYe(~eD_^Mdm(ZC2l0zWGx=J^#`cjV;@^%x(?YdaXdWpt2BE7+rX)$gHTb
z7+;)H{IJBSq`j0_npgU!ETF8fT)Vt#8+Kd5wz2Iiws-81-ch*YQ$<+C&`yh;2X~3>
z+O+H4?%>@wD#?{CRm-b3SAD1suf9`bThm@ETU%a-s#{a{q~5dsLW6!o(;m@1oA>;-
zH+t__Ben5dlU`F(vsiP%KG?p5eUtnB_V*vKI?&Og(o%C!@ZjcFpf#cO*`dHgw+=fV
z?m41=q~)m0(OqqPZF%irdvg2Kv9M!f9X=fc#~qIMoG?1kc2f1^-cypNcAgeEUC@c`
z%<h~$lX7Odi`n&}JGA>@Pe9MeS?{xh=UmTSJMVb@Vy{i_*$d_u&RjIPc&g8^@AxJC
zOUEwjUT(jlbEWO7&egVSy4TvT>s{~YH|RexU_8)y!|X=)O{<%|gZ6`$hn$B7Zh73g
zbKCFs*qz`zPwz(FeL1{l_~S_WC~`FK9`0WGeX;wsKPmila7=gX^aHC0SH|7OM;_82
zK7SPV=+oouC)`iUCnP4Co@zclHEA>1|7_*6$IqG1KfcKQ8UORHU*vx|`YZX@D^uQ6
zk6*H0&c4cjE%JKr8|^ne)0FA^Z=>FRe3v&PGSm28|NVszULPhtCVt}hwEZ`Q-%fmX
z{5(1vH9I>y0$2iQ6p90dM6>Tq7z`TA#m~*f$;l-`;N#_AE-E3uTvSYqD6J|-Bq>XY
ziOK6JD64B|Yimo$8JOs68mnq)YeGUm3<kr+$tBFqEv(6QmYRQ?X1f498lVEvaF7JR
z@E{xy&Ypwz&V$Is>5$l=4IF{w0MRh^Ssfez!r^cj5{85$=JwozFgOB0;!%<s1al5P
zk}HirLrT*kwkD|Pkbod{K#SGQW)lSgIQWgwc{UXLoD?2_!9WBI248#<k03~Dn7bnR
zG-GRKhXF1)$ZjGW510Wp>t63U=%xGka`MH)!m&QwkEMTYH<=viJd+{lu;Wz~6G_Js
z^XVcZC9XQi;sMb&;}xat0aT`Nufx{$8rRh2oi@9@YH&D~MqFoisrXggiS>`bW&<t9
zOA0L|+0SbqsizO;UAH4&NMn1-C+8DiKaq_(Jt%^97E6uf>wL66Z`*^Ae5EYe2~{n}
z*Zc^^sjbyiGm7~8x{eRULopp@kx#w1?;cEH`CUkB@@nlB_bHAzcYKde$=;x&mv-`S
zlpZ>nBfSeL#x>sb!f;0;ue^O;&S9UYlfCO)M#l@L_aAK_v~X!mw12c@5DO^31<*>~
z3RJors#R(~U*jJX1S`(ouV$2=|Mto8Gvrd=RAfpV)jsIj*)=l<Fmcic6fbE4zQ@dH
zBjc5W!(D!LnwRk-Q5PSZmla!NT-evH;ny)NoVT4dQapmZfE)G+@5#hDqbGL1Z{GVN
z$}jldkSNO=cY7uxfj(%`nkZ)!n)f1SPlrrP|CKb|YmF9}Es_srlHb&rY<jPM{eIC)
z!emHDu$*rcXWDY7j{7_qv5C{J-Vg3ISeM_vg??E@R8a+UD!X9o&uhfo+~hy5q}PPq
zj30d;4Y=$mnE52G_1gbr|EU?w(VIdhey{aJRx~)~9(3PkqHw{ea>jJXvZ-OuOP!4`
z8k|RaF8QbG3-a%uDmJK{H1y@uUDr{ys#N$hi!S7_gL-0P-#h)@pR|_~lp7P1+$vu=
zaMsr-81sMJ(rWhXq_T?UO_!%WJogX0eSV6eEuIjqmNq!-R`n{@=0o1~z?+^kPdz#f
zUW*wuRo8h9N9f#79Sl(8)-5|JCYd`T%vEP#aBV_g;=Eq+&3Bxox4q;w6w(iN2Uk{R
z{NnP`+L)`ZJ3+~byi@9WLaSHNCG%e^nvaItzxDTRin1phI810WnAp{E={jh3v$YPW
zc)r<^dz+Y-1K)8SIn5EP()JtF?Cct287bP^{RQWgR)od`cuhZ}jcaCS<v*-MMf`g1
za@|$myM6|j!g6G2Dq>}OrD8vNdgwB4Jx|!Wp(@1<P5IOZnj7@}*6~^C7^ku-9CP{5
z@zwdi^+b56Xbe*BU@=57zB5mVJZ5>Pj?Sz_y`&Rn0TC40VY`nfe<{7>g-h$t{#nt^
zEgP5lA5uEpCdGB4%03pp3kGr+SAKH6+T&*;(XjdHR;#1~>E$={M`#XD1jJr(`kpd6
z<}<FR8mHiQu1Se{Vsi$TBYJmZ4CVd->izOT?@OA)0S=qDyxRY$OrmmRyrfh8G&5D!
zI9B*@=YFNZZB$+fR94IFuoGJYqepwj9kxGpdmtxiyCr=zc30|c*{)&7^sQGTXMyDV
zl{q5QvV2bO51JOL^9IXB9sfz&zUk=EmFJ%s%mOP431`Dq`<`Jea0Xox`?jRl9>CP!
zxhcpjA5C!XEZs(JA=tKFc(>2-MNW5n=W~@N=O%qS$F#Md@|N|~RbFv;jlC^v=W&K|
zpj~7Y;q2x~D$0oO`iltN%z>8cr)^Vc4tJytOQ(^cX_*_MGR$HsT83I>Z7a*JZdtxT
zTCU0IXd&jOm^&}8M*5n$+*7`_GRWT%n|iRt;nx1b%w077U%U2<%8p)CeTs3h6Ncw8
zdNV&3y;5{&HK@7j)a-q;(t<0LVYgOV^WvpUTSYUGu8#xv-GtFOl!%!`gYv^W>D|Zh
z&$^A&K156@?nWIt$-Qhv-s1<1Uh|-UA^nHHNugisMph<YBR3xUB(nWn?|>?`DryvY
z;?f7lwYy%JUmI$ZzS&gsPBXe=qV}NE9oM~4Rpi0rn!*-m(5B`pdk@<H!+ZT695WpL
zl<51KdKBmSD>X+SDRp#JKJsT?-G@mym3HfqikL=)X|>mpYn};DNL=Ng<i!pjGZB1X
zlDWfPA=dsii&E_pdo|)7+@R|!Gw;{qSxN?7x9wcS-&d>94#?h_Q02oFA9fwwz+dxj
z#Asl!YZkb1{LMYnH73jbLehUZVRB*A`u=lc166}(kuryl^?rI+d%)*Wy{DaTsQu2%
zF8A7$Jx)Aq<_vG+>oPzT{M;todwOM=K+olL-3xUMQn6d_?9ZJTXWSop(mFi&&^(ED
zqu4N)l{_lC|L{)-h1T8;xl?*l)m4!yCMRN4#&;*yV`arfE&eIt=TWO3WuFt=R$5-}
z;tFTkM#gznVDG=4@=EI{Gm#C%1fM+aC{-{bC->3AeVJ|li2Eu|ArD79;dK*c5-Zi@
zB-h&QwXY=4EN|n>aUF3rJ4R{l4MJQx3TRm)omo55_i9`C;BgQ6(lUTrZQG&!L7F$^
z_2}KxgT6KKA3Qv^Toh0_meF+Sipa!Dt2b_a0?Qk+s72I75xMUB74J#A59UxlZrbB{
zy&@<$S1dlhECuB}wBskKXZPG5HC(jM5eS_HL~mIX+c-OH03N<S;4uVJq&srj>y<Lq
z!yl~UPIz@F3pgG&S#bYuxU+#w{h5J5TQarpQ{ArEzPcyMy7$Cyq7)qDI{6Jx9m!Dx
zii*14?#qgbJ(-`Z@kn<>`FMfa<-W;o4i4kuw8qu05$+ai=tp+MpBQ1_Z)n}<tQ+Ot
zB>b!I(BVpw54CnQBYe2_WzuQg*DDTm<M^9I-ZY#o<XQVF?9ADngYRP*ItF#OhOZyw
zh}->?(@`TqG((dzQlRPoDOC>B$Fb|J#BT>|`p~{L?^nki7$Uga#9kXM@o2YKX?(W2
z^!}6N&$>;g&sk8;Uvt2f6c(OtEUOYYcri@Ierp>NKInS!0zcBB{Zgaj(PZY}O7Z%u
zlHzLjZj^U#l8_`Hur#e1P4zfgsnf`xX0lgUYTuPa0|}ZB&zhDjxAOA6W3@vgk1I2e
zCJiytR@4TEYn0YJ_q^obG7|S&V=wO}(N(@ZcotCk%p!dj5P0;a!&bmltfA&yWnG4M
z%gj?#dbjV3oB~1d%Q>b3J$kzZ-JGST2nQw&$LtJr9ygxo3})81ei-gy7MIZlbb0f<
z?l^*diiP)C)X8h>KIL`2(R0j?538))eyTThT><%WMd`$l`wh9Qq9LD8W`t_LQrxe8
zi5exhY@O3Gnw%r_C)R68je4xU;lv#1%zHLcChdGWB7<A8K)}xZO#kp!tyv(R|K7cQ
zSMPDJc%}XXHX<h@H4D%V8Ju6Uw(!yYWgSAJSm!&!T_4?gA4gafm~at|@)HmlZ7Bki
z!~UEG7fkB6z0r*7mC|~wSz2QzFy!*NnRiuv!7t4;-!1vCnrm-3_TLy9JQ3pIP^Ne*
zwX2ER;K%ng&UtT^Lz$8S&xK`j#y2Cho2aUnF2A((mD^XbeWV3UZ{t0!=srQ-vHSuL
zt4(6`=6PG=3isv#kt(EZ+Ewiai8zNcS3>CQ-T(Qy+`miTzyG1rBIyZ{wD=g7Y9#Z&
zqT{dd-*hy-!~fOLSla*nuaL0}7V{O8G>#TQOCn)0Sj^Xq-BAgV@!`zKWcegzVzL4j
zgIP$|okUb5CSx&B;%0XBImWp}BJv8q|7Il3fj7#Nz6c>Hf0f6s1|_bZt2h4@TL3*W
zoDm%#0JVk@$7Y+)TKy$I_`D_=Q{%Ass7O<+aTtRZY>LGg$A`y9GEAN3#fCFj#%l9N
z*r(>fQK6E|mnOx9#Uutq(ALoA&&ewoVKFkM-}E>*Cg4jW1L#5WDGJ23>~4R7T!lVF
zvyNmyMT=znV0lssNkMfEX_#n2Okqn)`=5l#&kIshBeF%zrL+%;i4112h)@<3_K7uY
zGlT}2ErTrqlf;(yKPpZ7q7<r}{G*!5i)$tYd^4TOf9R{ieDjUfz78DLSZ#isje}x>
zlcA9ek7g#YTc6Bin2?~iSfsh;o3L9%3=f|BGpEgjq)8$|dGt(3S|m1~;tyDp=UJ1#
zvTA+9YVrftlzG;audLs2e!~`&5FZ~C{e^K3T;eO2<$}v&ux%d`6U{b6`f3x>H*;t7
z#STMgk#P(ows>Q;`7vP+(VRv8Z(qs(jQ-^P{{m9)e^19>;(x0D5&um`T~}wx|Nk3g
zENSIp>Fz_ZCPG$Bq<C1Yu(u?VRMgbGv@F%stlX`L-gfRzD~KAZ>O{AARyaLgP0iXF
zLMkAV7QK;8)KZOMg{rwz)si4V8W86~Q6+AUO*J?^7`kk}@!t#X+lvuNkBMSH=`80l
zXC%M6@h=|eiwiQQLm==hb|E|}lo-dNLwFdAzgZ&@)gbX2e=3xH7;7IwOpZyIgUn_z
z<}mE$vu!eIp$ugR?2Q!@9cpSUW3m7XtvU}(%=XXW5U#O2$<3PTX-y4qbFp#vGN)RT
z6o~BGlG*|vHjEZW3}UcvTyY6>IwLMFBmv3>x&X^L51gDl_ojFb&_vZZh&9*X`9C(S
zn5cQ!Z>Wh7nma3jEeYy|F^w3;VuU~rFfJZ~qBeyJamH#iQ&r-(Qhwi7@C8y`kErsy
zfJM_bfB7@#an_+3B$<ATy$*^0B3$k3(Eoqo`j!azGyfkM6T|$ky8plO|LU50e_a1-
z>uG5%`Tu`|zIDe$;(|lAw6%xOSs+^=LT=_ecl^a0Gfl0N81#gA2m*_^kSQ^SsXPze
z6qF1lZ>A@(pv@}D#07uFWV6Z4!DofDeYb`(Q42Bx_F9zfMzPQ#qI7C_sx;f{sLj=c
zAe3a5oX-Cp`u_S~xV`)rb^OKkucQ0j{!eW^ohAJDe}%rg{$+m0rJ7&;&|_j&hcn{l
zR($iQW1-=y?8}?=JCYRy>-SA%_L3<c5-d+zKu}{x{$JP>=2_-(u4KOVDBn1sZ+%aY
zsbx%bJS{vLif`Hez|`=|(nMx1^*K9cHX%lbM=m@$fI?`EIaJZPViHja`Z@1Stdp4R
z)eYN6eTm&Q*qWi`-MkZIna;J+I6in@bP|NFHjmx)rK{}FQhw!1Vo)fw^N(dhVljeA
z{{9LJ3QQLU#+)9XK#TmUg}tgwl39?g7C%4YYVmVRss-)euH@KVwuxay5$&KyB<z*y
zT&J<dA<(fX_87;oqhDrB96KPU%{_2fv^vCk#4S8rFeENS!t=2&GzlbP6fG%|5gi&I
z#tzlhzl6=~k|~x#i;GK)VFmwzjmbVtS_r0@3srt3=9}m{E+Hr?JpOCIO<^~g$o~C@
zS}X?JZoXEc&i#Uh2I{UU))P7$XGnzl1vP1YIDa=s_6>zZk}*{#e(AuX3Q&W;RQP^~
zE$6Lvu|<8aWU+aNGU9(XZH0NkP!RA(!ESSr1JQFKbofTYytxsB*bQZ{%}0Yoq%$HT
znY3UiA~7N9kiJ+V+Xzkn5OU1f4s;x9TYSts{+s-N8m`R8D-gHZyrKU=i?g}YKhgm4
z{Xn{{xx2NOxle$-v%59b#@zDn>G+QOulqrvy12Vox~%voefh%sA82u*y8j~$Y`z~z
zr&_yuSi89gI9a>fxmf)z1>ds%KnH|k$R1D|m%k<cE7xC1cBh&<yRBf)+uv*cA9#N>
z1C~^Kiu*sX*WdYmAe}vkRG$DhcdEU!?cWl=nDK`*?BwEZ9bo6;_V?^(5#L`+H@C8)
z{uAjC-(O4r+qS=m?+4P&Js=D4q5QpB{mS*%?e<__ga4%65Z_-*x3{u({zt<y$M^&J
zmM(1P=j{IXhh{P3e;|K_wX?0e-9OSW&-$H?@0T~GR<wA=w`({P2xT>xeOO-M&u*sn
zQM6FT!io@LTX_CwLR$RA8tHpJt8f+s5e#7qf2;2+tS+=thzyBSosU%GgV_x73wL!a
zaq)VOWFHS<`aq8iW1t&5NmVsiRh2X^kp!)5p|JJ~Y!4)oElWOF0Sayxi;;~Eienlr
z{+}%gVp}9^ZiT#PweoHF`@bDGEYT7z(Go4u5-rgZEzuG!(Go4u5-rgZEzuG!(Go4u
f5-rgZEzuG!(Go4u5-rjHJM@15)U9Gk0I)FtbP8{Z

diff --git a/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz b/httpd/kepler-1.1-snapshot-20070521-1825.tar.gz
new file mode 100755
index 0000000000000000000000000000000000000000..d1caec5a53f93f043a32ec04807dff259223c32c
GIT binary patch
literal 768249
zcmV(;K-<3`iwFQl4pK${1MIyEU{uA`IG#kn<cb*Z0V?X{CYmf}HxCHPLXbQ*B$AMr
zgqMI}vwM?V+1<PB-OU3*d4p&b_0xW~J^;0?R;&1^wXH2a>Z`2<Yg_xUA6jdDwVztG
zR=>af&6&r&Gxy%zBtY%g|L1;RC3hZY&YU@O&Y3f3W>%^3h??-0`^rnR{#m~=^gE}r
z68<eer?Q;?m;JKJ%VtzepI&wj`ZueryrO*iv@E&upN0|lOBu;vLYA|7HKR8eO<!)P
z{D0HmDr@|kgR9hTEutRrHei5fOrM@+{AW~@m)pmG+Ke(Z{$)oT6PMrr@$r`mY(J?$
zu2+M}R6><QdaPUPNhN|wO^-PXN?I%wNrhQCUn-^zNT~XJ%u;eBn2LpZwOEfF)x&B8
zWz-?|im7scuNLa1*{EDnm%CD0B<zzLyX8SWCC5}X45?ZS4NU|pMs<WuvNsr$byT0#
zEMX;ZYA`7W<)ju>eW=2sU_=YcdK?fp{Bo#AE0Mc{MiT#l(5Wbq2ZDXUSW=amsuwP(
zZ3wiTSH)6L{T5s^7-4;h2SclZJ*puW2T^aM(V*8*<3U6iglR-Gk{)N9kyJ3E_w+#j
z(VxcZ2>hcC#1Wq8k2P9cj)p6xme!8OmIc*Kovqci^Q-3t+Rv-9DwaSA1bHzgSU8vr
zb_EU9B$(Wk3btR+BzNlxmp(@aQJW>Q9@5T5{|$GAO60h1BzqF7Q6i%(4f?*Y8Ug66
zYinEt1i)3G!FDw%*DP#os_R50pgr{egQ)jfH?%1my?P2Y-=$(a5Zxm>>Se!{?4|T7
zK`?@`Fryx#SR4&eENQT+Dd+~8QF5P}Fc7{zc?luDIk*M_(XXMgB}G*Ri}YN_i1;X~
zjSJd4s+*de$fl`hbpQdNJfs5uS#YW_glIgXp?^(MKq_jKHru764x`3mI<y6x8;m5>
zV0cjO4fY|1gr;h=STKQLc!35H4RsMCKpVvq%O{!e&w~ae4h@nZY2E5-xwx>H%kh+;
z9FHW+vW{q&(9kp#(3I3zSnHPDrgvZ<sV0EA!)hFrQez>6pv&}b3sl!NH7*Er)-@vL
zC`}m&E2*im2BlUN7W0KXr4g;mD$}^2wrOEqz^xpW9Fi1R(pufYH9)>i=w>znO+E#<
zTnQ8Cg%>uqaxn3y36f<Ji1<qYXyu#mT5225rSN+7s9LHgf}x07+L8!1pwDuWZ#KY6
zlLp9Fpt;4KnFx19jnc3h)k&Gwg*8o$weF?jsji3?k|Z=)8$0;%pb2K%RsqsF{T4dN
zm$AB7S5wQu#h+G>XeR9ud<hV(d=p-Mb$dtcyhaWrOEIBxMF?P)Aix$%ncxwV*EBAu
zZfgv*b4~E6q?z*&1Y23s7N2Of=UUus)MY9)a`RXYYY8=!)D!NrskJRo-?)TeS{l(q
z!HCqpw7s@vK|O7l6!4U)$&e(X#BvxW2*u9!h4mO*Ww|8H541J~+B%tZ5NokqXbDE&
zY|~RpY`;=u`&l3wJ5V963M<vA#k8ak=_XcmaiHcrt0>pDr?fX2)<cFJEkso^q;6HZ
zw3uy7%uM$huB8Reu|9C&_LkcDfsSDSM%)Gj9&tfRRvY=G+LqSpVfLrKu_=JYrz6lj
zobuFe=_FI;kctmIB&?P-H;3Jjy~^+#L&CCRBrOT$tC1zu5P&pN)B0Z6M5na0q<T^H
z0xTDYYQtV~$WGWRq~QvCF*KWmQs~<wwKXo7H%!)PYMD0=l^$MUu=$2nkm=iD6eW6e
zsDjOPmBT3ICTSNDLlId{$lQ&lTai#`$eL|OW_1-vHeOD!^h#g3uYwZ_EM2bfm7ywb
z?axzVY696zV8>}x;CDxYJ#M1DwzjG#6p~t-sypgi+L}9S>zk_QwO4r;M@qZ_E4itT
zrbnW(HxiCWNN06IQk54iH4|uQ;q7j1thLNP)4=nT$PVkzru<+T;T5$R?WL#GNQ6KM
zq7t|O)g>NZFfBkqu(mF)LrOFwcxHXtkrHbV9qmbji=c=D^@tN2s=Rejrmdx=qiXr`
z<%&~VL#j!yh3$b(W_NNV<LfjpWrKquLygv!_QoZ$^<CH0(i&L6B`}b(w~@1Jd3EDx
z1ogBXC?|4+2M;^?53Cv@ur&5Y(4q*L5QFHiSSXb+(CWk6#I-_6CaDoaJ><TO3_m)S
z)@*62!|ZJ(aIMmmx<Jjsd6+)#T;vhJk@~1C<$u&}3*!AaGI<5H#mYI*<dP^fPo~BZ
zLFgA=GCEb(KdB)o=`?aZc!Wjs*sk1As*^}Z96wW8(nJ#|O=egy&BWL(!!Wa{D0mvs
zT*R&hHc_mcPRfYQOCil_&ruGwVU-imrR<unVep5fYZu0WTgw6auR;F{MPf;#Hw_NZ
zd47#Y=q;}3hQf*YWzy3F&Et-FZA4@aK@zj*NT@>mL7C_xtTcf#)P<CuDvq`1kV6yh
z3Z+8<&k=4_3K&57H0>kCUbvuf2~;5CA+A|HoJ`~R%r?86XqeX1(46n64|s7#m1~>O
zN!|m(l^;fnkZ1Rhn6_Ek_Bii|S$LR@*_<cDyc=33xVxN_;1fp6V(h+jF{*fI3)`Bi
zdXvexzqGW!zaLhmK0VP>+MSGZdc{_VEMwyd{bIC8$Hl=dtA|#pNvU>GI|x7|H|GVa
zykURbP!q@u@&{vjY%r>)4FB9vp8@S4<FiNg#nhy~6s06|JqiBOB}<mb;D=83s)kDZ
z*Vy~#MTVxFP$MdK+Xj0i+bXXE*?N8DofVzsRH8yc1Jd<$)o6aQ<${$@)}H3K$tQdY
za3BB8772VB459fA<418S>#UFpETnKsnN(omg;L5Pg+~qd1xi`i^;M#Z<x+uwAcN20
z*jHgD@o3^!NHW6|H&WrsMGa~st|sJQJRZ@~bJF5@fsU&F9yKX@L$Wtn1|!&kM-Ca?
zFkGl+A9l0D_=3-v@Qxftwpl{!O5w$ai&4%Qn6*RN->G0ouy}cs4%fD4V~JHDqeW&#
zNY)H+JA>aH;YIyIVd8>Ed?%qcD{8Bt9b8<5<VLwx)M;2)$p+%qP@2`1X<OhvS7DdB
zwK_3+RWt><f<`aUwMY&1>T+S>B}g4DZ4I1x=CU&H%oS7D6?sa+!9>3n!<4c?Y-wNO
zB~a=5Ax_cq^Og-R>)wqT?B!3SBCamD0=X78lFZGVcqC=e4#PeU+mO;@kwMo*7aQN&
zmbL)Jn0N7$Ee3NOxl%U8=jz7K43rh1RfQsK7ffuKm1Lx};GbPZH$}YGHWHSD^c!X`
zVqWsG8~~cXT0I^#tZMaIL~S25l4{hobQ7g0%mZr9dT7BmE!IN;Nj$n1Zmd@pb}WVB
z$3ERK<SKJGy4P^Uk`*O*vYkkbX>C)WdVz^%2nqL?xYNT@DB9$kB27NrP&TV^2)mVb
zMVAyL$l|{Vs`CX@S2<8!WkYopkLs$lsIGEB)vdINYN$tJl~@wpjm=ySc53Yv=`Jlz
zCSAsV!~Cuehph>%4kQynbGE~bj`5O;2&iJm4y;FBD<f+>&h6lOO7Ij7Ea_;gHs=uP
ze-p{3d~BAmc$q81c*rb;`A957hR!T8-&un6l!=oO_XieTY5IZ`amIc?ex^P^etP^N
z_b_qCd*|t}4?t!{{7H#SJs>60_krXeW-r!g@pOH-P>W~m0pw@GAM(><54nefdo*0>
zia4?v(_;;pX;FsEH26XmkF4ZtZD?7r)K9nZnRF&%k4OSA&SWDNj2pekXrm%88BBDE
z62Gw6QiLA%MG-c?F^1;XeDcM^;7H&xKRGB|N3Bl+N0M+K{0>Zbm=f)w-vvXlF$vSa
z@4%eLKw2e~neUDk-mSn2<1n<@NOYN?9zyQwAww;!9768O!C8&djSh(`h%d1*K`IE7
z%wk`m25%M+n$CC7bcAYmBue+tRPG2Au9K##>@;1))6}IgL6Qoh$(r|WG+kxUv_8;L
z+aS=i8#@pznv!oyQ}W@Ysac7msk5v=Q(DDN(+ssRO>NZ}O`X*UO-;lYO|9-Bnz}T`
zXlj-NnvxHosj~*9Db6tW&FUK4aV$+0jS4ll=h)I!EQviCRV-|jh5?#UgF;-O(02Nz
zv26NeNC9zw&LcoUWJje@BWNU{9^hc$F|?L)381FE?V-c+Sa6_>R?sqyW{^O^fDAR~
zw1<9RX7t!pjwCT%#Ol-zT_-QvCz~{9gW>U^Y+uhBmmDu^!@DvZMChJ<=F&5xXNJ9J
zHk{eKl2%Ix6uLT6h^P+Y00C#el$VIg-bA+xFx2#_u$GX$ZY@c9zEX=-yk0dH?24#f
zh%m_u#bs|>gRK(gHjfJ=S<36yVqv!&Z!8#9<=RE<$ch;VCJ-+WWTiX^`t^p^xS^e%
z-clY=&6`*~e1euv%|swqSB#!W2D`L~mK>Cm{c3QPn=8Zglpy*ySJ$G?&N>9VWodI@
z0r=S3z{gcy=9`9EZLXdlfT@!wr`a!5tPMf}OK~lY9q|gwv+r&z-tZuzwia>}U>kf2
z+vqmIv;A%b^(7WYBE*aS!9l`dnL_J~==!P@B0AzV^mj1K;U;W9D!jm8TVHq=ptGU6
zy|aDcg3cz`#_f*j5R4hsV@^m-byZ4F$m{`iaMdSNwWht!r1!`u>b?b=iNYjKAR`%V
z7-sgCcLdryVDb#ZC24aMIuxuwgY1^1^m%kjVd8=Nm2Qvl4t-B);oM9hIKmIv4w~L7
zS`B!SOqeULT`R+6Uo+4b?;cLoP&ku<I_oSM=?bJwz43B+w(Rp|h=c%P)<x;(L(7<M
zk)q~0z-_P)In!ih9D|{;cW^HqZaRV3;4=>6LhGt*@fOagJF}KG5o{qEB#y&A{H!=v
zpG*aNF}w-K3iUup4ur+JI79uigVO(7Xv4BPT3XZ98V)HBjb^Ncz>)yMnXRLdg7!vb
zIHP4RS6AIp?I<^6`gB&Vy`!xWbt9QbsVs@D_l030t5hjZ>z0?nyv#5TD`vqyT8u&)
z;g}6)*Z?Y^GYh`EH4)KO6wv}~DGW<sQ1zZkGP(+As&shqoWb_RBAVp;4Bh8e1ownr
z|M-Wnr?I@vke^0uTN|vV(9Qrv6x>6%mQi>Qr#fMoOv?yYA)cWE2y)oVwS+joVd594
zVi(}{<RQmoc=(HKPej4lZbp!4Y1FycNi0anDrC?1D13i;>B^JfkdWpCVP|_obz4Ae
zTL`Vi0g*6DrDzyjBq@$AOkX{sb=fQPVv6@|i9#w<huj3!FbUw0KfEVMls?1ZcuN9h
zoa|01#5U@g2qJ50ENbYV<R2XPFY(?KKV5%I68RS)9qKc{#mL1{cxZJQEwIt51|bOr
z%-{fz34`Bq^mAqSxnxiC+iRQ5$wR}ONwIL%@Zj!HOz1;19pf7jE@qi2vR9Rzu-JJE
z#iS|mi$K*Cm<c#GGFQw)!<of6FD~-~W&s~22w*{p_vms{fcDVA>Q0J^EX_MJEf)bB
zFc(H7aU~`nf>VdEA^r>hmolN{x$_g}4`M<1Cmjc3|B%3dEQZCy>T}!Leyf1Md}5Mc
ztZ8wc1qgdF()I(7js0YZo#PmIIw%t72<B)?5OK9I_)sIx%CJ0TWZl<o_;f6V>~2uM
z=vTv<-ug^KaM2aV6W$U0<gvqVa>f++ofT~w)-B79In_@bVy?mfEcx^?Z<g1BY?EPy
z!-DA)JNDcbPCERDi4{FEr`Q3FM8(;6Vnj8^Vc@3K+!1srG5gMhpVv(MFuR53;G@J|
zI0oc!w<FdU5-DFWFE7Y4_#a|VTMEoHTe)N>O_%ZvIAMVVwy}2kvgOOT6L8B{EMI}s
zxZ^2}9Uh#lAbYWJwme71hOeW&kP|J^7#_P?kL=aKtSy}FTDjM)b_gotfG!WTyjHgG
zMvyz>AvDBm(Lg6tMwOMIq(RZOg<fc)wicWBj(~fJ_2lc&E;zu1Y>RrtwI18RS>~f-
zI0avEy0dLI0a<DU<7DJP)(QyWoT(sa4+Yv#sE|`&9%r*ao+0W;&TUUW5d=Jq(KI6#
zAbbFIb(szo{a0q3B{{eJ{4QIou1$dW2H$G9b+~g<*ze-!CCjkSO`6XBb!J4mp(lo(
zwhC64X*0px;kewTt_w2BPA>n53Ia#_q4cyEQZP7y^=5*0gam~RZpIdSGYpK2OcBo4
zc<h420l`(Eq-7u%L`fEp2_N2{5i3MMFRq?pJb?Eyau;S!j=k#XN%plat=r^;$X||W
z=9Hwu1auc+E{AvpyFrv^jtM#<NW*U5MF!KB-O+KC>?4Le9Q0hJyj`9RqrP+W+@wAO
zXi9!-mdX5tGX*Id7G6w>Qqeu~!-Z#DGz5pv$hCwO^1!PIoNCt(kO=?j1TO=x1z1Lf
zUBp`%qHxFQ$xfDYM8!JSX2=EkiXlZg51`i_LOStXWURf&2MphY_dmN*-Q8-!H+2>#
z%K4n)rjlYrF(WC55dTm0)RdPP+8R~wF0Lu}lqjw(E1p?ecQJ)mRpz+_tA~`)8_{}t
zQJR{7%ZC7RpRR?cdJ>*lc0GbJ%hCUpd1kF!Ta=D`bdb~Zzc&q6xM>pMRHQ?bh}CWB
z!FUjTRJf`ax=)MdZ%3fB6}8hAxL_e#uAy}PhKwRb<Q%2Qb*OFnfoD*=W}to=n{L3p
z6fQJKrx)<taw-LD%DIa?`%Me3LKA?9LJ;@FRS+KzKu!vzgDBF%-v1D{=<H4>Nk$}k
zT$vJ*)5!oEMs|T~p(#pRNFQ3%nn$geFNcOHVJ{B-yA!UnOWJS|!p;2V)n^j@BaI`6
z1wrvH9PYH2$AaT%$n@OUQTDLoa*N?^uc+Rq%33U`(?BT6rGkYnP>kU;grCIaf)7^@
z3FiQIt>WqdZeQBY?g4SBN3}jH%(C(IJ1)gdkF2fy;y{gCadJ<HqcoOEcA-SexHAVt
zg=J))%(*@tM2aQ93Z~$Djk>g0sT%78e~(L&up5g6*^n(DDVLeW^FqC7>d0pg3{lR>
zp-x#T@b1veHe$9J*~nVk4DlhxDFY8uA0OM7NXvT+>acevhJ<9>n{a_YY$$kp!ac&9
zb7Hcwa=0&D2GQoYbPaU2e3#a>kPd-N&&M)xjH6BQDB-`rsm_J-`bjjZB;kM3$XpVz
z%1d1H46cXO=g!XgtpdDL+?K>z2A(DjI5@hc=KS_5g+pB#!rSfKc;@ef0B^W(bj}UY
z4Csi`+;I<5Mp^D!UYL<~_c(Vpfa55FnuDJl7>nG*#l%}IL<i1wkH$Rh%x%!n2xS(P
zM?a|~vjv6oH;v*A8v1wo-5D1DY}=aQj$L~Mm|Tnej*J~~wjJY0_osu#M-zxg>FCA?
z!!(lsZgRc+YKYBS9t*a+#w9s-FHH1Z#}FT4=fikbN66S2orSh*F6d618OHCYVdx}^
zW_2X}utBW4ZOG{1d5;OBi95&V=gQb)Qus6z0~W)9+HnxPg9TSuJxL=W#49!21Vs~n
zhlW{zzwJX&%&rI#C*~2we=VwxJvrNjYD34Hu){{SU=!3GPTm|^ADy8k>=cf`(B!6H
zH)f{SG;r*Uk4F%O9*Co^Q6A<_ocPUC6qt|kU+FoS9JjFXvUxj%hlAB5ob2=qC2c%y
zOXV=4ge0xHiV_+k)45<_bCptAR-Tq$#JgM4a14K8i&+FN9ksf{b2Wc-^)OJi^Q7bM
zzM&RC?sbL~qulv8k()^;+_sY)-E;6PcR)<wTFMr#e2eb~;kb5<7H0|+{YiP&JQn4r
z$9*urqJPtKE1c`F@hZKF#ACu};!f}SxiU5$71B%$=%7P8hsT}#JwIu9)4JWq!I|9g
zV!wDC`H&H`^Q7&P$RXvVdDv3qEI`DKuWSf9xXL_dDDV^>Kqp7xyKopgMZ=Ytm(ah!
zNam3`Kfc6WLjOs_KX90gXC8XPj)&AU&rbVU7SAw30%-|G0ze)PpJXuM&HJ0ce&^0^
z`?*uzhlYZ{3AS56hZ0PV;+bWVc`lb@8bH{=F}7Za>|&lowRnZx#_wPh>T@x91^C2%
zXR^c}xAdEz=Gfa{;NiEYk^Le#kvQ^`3L^d8?yk)|1a384M}fa=S`qKO9ibn@B$CO4
zJkbt=7NYyk^^$6jtvmR_QFc>8SWDnjg?4wFN34^{C1*N!c%KS)^RGgVK*A|Vdi=C>
zs-uWWAZ|C&MiF*AJu_WQK-60;9AW36W^_*ftKTvC;&*62?)@L)ockxVk@@|fvU8@F
zPq)ASGi`eL7w`Xk9={|0Tu++EdaRdL4(qiZx=+e>2dg;mY=%dBtjBt~24w@KtB3Mn
zkMpsfD!vkZtf!^jd{-qY8)`C%{e{ILM35e!i*Bg!VvpRU#Zm($sQ3~YebF<<czX=z
z;P-QAD#KB#Z*8otBDaFe5@*)Q^uloNR9Ri1-sMVW=Pk~tz2;yDA-%+Gr2sc06$lLs
z|A02R)-e+nF6XlON(eJ*GN(P+uE5cDWtL2P&=NCAMM8{?68!d0w;qY;{dh!yldX4)
z-~c!pA4IXbCOA1nF1kiYK&YYCl?WyVWvt|jA%z_dgd_llm<SOen2IFvjj8O0+6ZEX
z$};pXL^!8^8U$Vs!blbwv@HP5N({=y{b;(VGCnvw$d!Q0Db2@<Jn(o3GwEdOO%eRK
z3EzS`poUUOxLP578;JjmP(q6*h0-qVQL~9}58gZgo<(GGfQLjwPbESs*A4urQ<nf5
zuHV!QxYIIakU0ueg@eKpvqAYLdBd}eHSQpnD>jZ&!^Wo8M8}=zc6{iaoE#n!J7B=q
zq{aB!)i^!{<X#F*IIB8|eW+kBTTm#dWg5^@N@^Gu2nP<pehiF-3B!THF-ugpwz-x{
zcrl(x6g!E`hxob?mj*z(u~0pd_^vSRp~G%)>oWkJ&u(wEh``(Rd=2wOoHF4>9G4<#
zUd2H(q)N6HbkG2KaEK-#9&pLG>f?ozJ)Z=?6_{_N@jYS7r-qj1fW4xbiCUGbxM&P0
zOq%7x6I_bmmbnF+OObvR1P(dxC17TSG*z+7cgVT}uO8`9Fm|Y~xz#LZ9$LfYlF>Mu
zQfRPaVR&l}$Be*T&MNw^T+F5^C69+rw2nYqYg?cLj0F7b5nJ1pVlmBt*5da(RQz~U
ztxL%eDoRS$5ZQr9(x)bH!}xApk174E%Ym(#rzOGEL92dlB9qH`ZB1cVW?QgHNzE7h
z;t0|r^hTIs{(fS@*+|Oci;B$_;L)LG`Yc)%t&d;jz&GGp@0XAY2o}f;L`^Sw+(gB;
z2YcL+#Fav-ZpBU+Bx=VO!Z|*3tU=w2j|$+|8*zx09M>aS2x*%b8%@N@p@d4`azSFv
ztS`pkwYIg?2HM-D^d)GN9%_sBAVG~8KPdiH!~h^#9ZWAOX^7CE>Ys#q7qB-K!wE!|
z1frJk0;aIzQYEwZ5(|(GHHb3I0_@6qCZfS6fU=>823Darvc@b*ud8nqWGn}`1-~^X
z!-E1&@NTcs(e}893mi?kR<qut8=?q%j1I7CB`+7G?>iQm@gCR^C3wYGyLX*0$-lTJ
zqmuB>fDJr*et^)ZuBJ9q`=n+3T!5`@{*?fyR(85MhW+DS41%Rc6eN{_nGftzlS^Tu
z0f!>_BQ36O14Fx|LiWbhFp^|iNcJwq*KRC^KY9?Md(fQmBC(fB#86TQ@i8*HwI2A0
zYK8%O*YSj&)RTj8csXWqOhsm3*sJ0fA0YwRPGP+t{n4L5<nw~ag3yHdY%GX`MqlKH
ze@l*V4;qk{4Ct*SC>aokY*;qn`?+ud;Zg*cwjNHh<4^7?CU`Ol8}qen00|=a?h^Dj
zw$eQk%c7-l!h&k7_&V^V7>i&E7dD3d^zONmKDpdCy+W=iE1OYTUS3);T`oV@UsmZa
zn<httMhF>_vEHB|2L|GD;r~e=mc##(N*wVApfkV!J#9v1nce?09esV_|M@(A1ygW@
zCQ=iyZh-6ik=U{B<)iCD5M0FA0DsK_FgA41s=*l2sKFT0>cls0BvakpGPc^0d9X@V
z<8qI#heaF4ClTioET9ecFlLov$zO$g;j&7>C*dv6ca^f-dJ&U2#})Inq$-8_gA^BM
zjS>-FR#wF4kE;}{brtJ1-YO-G#C9mD@GtUKDKTA<_-DYXltC4tz&~(HI-^*x+p+}q
zxGei-551yqH;t=E=4(D?C0<i1+>5X#NctEn`{o`{Wl8+0hcwCDgKr9Nnuw*?mJ+jb
zVAl}8$izXVA^Xl0?nOomLMgo15@t(TxBjCx>X21m+d&Tl;Kz<>3T~WFVAaVp%H)9%
zNiur%{!YZN@nVmBi4;Nx`s~?(mU^kyWP8TzlGh96WY-^d6F{~P6+`B8w>D6P(6kq8
z#W^xr%hI)|<%zPMpO)O(U_Uxtz$;Nmm>;!i3>q*~kr{7qS7=js#vL2%#$h2q+Q;wI
zdcExJks)xXMT825QO}Q9^UOx`;>(!~BzF+`iOeu-(MKaeQjr26mEb{fjjTZc8F2F%
z!){zDv_z947ei3Hl~5wnmkg~WU(o0Cc@UCR&!W|G8ai1b7Om%yR7-(_5-;qA%@~%D
z1gg-bS{0LxW|hSbhdv@nW(o+da_|fiFFkY8V;?>9#19u+h8MyW-mUTK)O}yY1U6Kt
z#;#g4zNQC10{6V5r6?<Ix%thViIH}N(+kA&U&1{9CB*X&>SEaaaws0wK?2)LmX=jS
z>(IgAmYkGB*;76!XT<%%imU`)x+`H%%axGzQVDxAZFnQZ>qm*dqSs!Fyt_l(2Ik8v
zGWcqGNKcqR^?Jjakp@bgF2|5%L9Y1M6GMYyRIMT+Asr}GzXa2?$-3uH?oQ}Yxd%}^
zCKJ&;eEDlrpBy4g8d_6)F+`lC3~Vc57YjZtOHhK%vrsUG`ex{|5m!T6_n@pL4Z&}F
zXlPmLo5v1GCsFtu5_W=%{m{@Ob^}9=y?!d-CTNc~_C6~3<%g#*7Bb&`DmZ)`c^i&m
zr>Bx8f?OrS#1>*kDvo!o`hlXD?SQDbaVdaT-$+uieZdfBKt17<VSYvvEPXO+R2(9C
zXavDkhffvLie<>HK_by%=?KVOc%c?QG~7_d;bX?kX;XzDk(U`UFt`r^F>u=8s#Hkh
z4cuV}XF)GeTc07zM00w!r`|Q=5D_-39|qFA{ml?3s>DWT0r7TR;t<iMl@9}HYf)q}
z22y*O8Dn8g8^DghLu3x9dN|BMS8WVotim(Sf9!ESL~Kdj!$8+u<uQDzB`9Jn;0w<7
zLqwPD3^J4Ta5#Z%a%N&)wt0GJl!b%bX3WcQ(X`gcBAQ;h4yNeVnLDE}X2L$PG19iU
z)wcv|-*vD&ZVe`onZ)8ir2bym_F0A&J>`nLLJI59NMA6LQmd4e<iV(NdQU}>QR<so
zwY=Cjb-AZ>d3kBkN(Bms;NeqTUBj<Dk>#|9B5SV0>9;zdCFL^uF>4m7Ko{0iStaH!
zD#VB=w$j{^*sRgMw4I(Twb!z8I@<#s*hwIQ<5ssOINmiPg0phcfa6xGCO9E3)3s0B
z($TEN`@`I8iKdlVQFK$Kugcp!tghhois^0*61&B0jdOryz!KXNW*y5%mZ1vP^kx;y
zjV4wR9ehy74VI~hEgs{&P6Q;)vHO)wDu_)nkZ#RU^=Yvu=fcZ`zV+a?gBYOQEMk}r
zz>LJO7J>pSCdf^2g8$G4k$GL&wMs7Vh$1tgaqdA8mf*olLshaZ>e2`m>Simv&(XCR
z>N>RAVLicDlca6Il*jg#1Yf4uqOAl72I4RlTQS`=mS8Y_+8O47=u_Z@3h&v@G?AFs
z#o`~Q<2*A0LbIY{S**x;*1?HR5*@yE_eRX6wQFPPWwJ{tciAkgl3g1y4^X6S05&CE
zfpbm|&tVY5a=^Gi;h0JQ<6t(kb6ABdfkZ-2_>lp;DyH|x<nBnY$Bz^{tAmwtxd1>l
zf>?GKy;^q?nFTQw9#@s8U{gU<f{I)vV+@e}0H<#x*``26Z>}Q2*&7p<sGr?n3A){K
zOcOW-a&4~~S_PMLGlw&C2uTt=8Pyq2=sk&G6z>BdXh?VU0-WlO2HbrlZ==lAQ3@ef
zvFx4Y#mg@8uR!*W-#3*rc?b-*I^Gym!<GF0sg|u2r!~9vR4i-`yJdU<7SLyu7-j;C
z9Bfi)ZYeR)NERav`B9)86QExg((J3~XEzhuhtk=@>Mv#-))%D^W6F=Q*caLWCI)6g
z`q;IZMQEsjB}*ZilLJGgn|U1b;Ccv4rAgOukPux8F(;wV=aVVa7!F~oTFG;bEV}wv
z@_nHd(se_uNd^fvC6;5}L(|U$kVdkuWT%kKk}Dk&!PIWNI3S4*;@J=a=cx@TUpiFS
zymLx<OAhiF&{Q;1!d!P3)NXS=t>Cv|CI}VRc8I(lstr@_+u`FKPudA5zoB_-=QRc2
zdL?+KeKNeCC>yZr7!=<T*Q4=>7L1u5@oo}WOeQjc7wija5$uUX<7CHAF&~8I8aEqu
zaj6TP;fBnOKpe=-etK6dfCOAMpWLC#M7cr4qzbnTgp!d#;<o4Yo{vd(SEs5Z!P7CF
z)SGHab^O`6N*(Oi6G#|R<;K!s9-+hvB6bn#ouC6z$~48)a`H4fyQvs*7)c6yC)v9i
zi$S4D#Z3r+;KBL{Bu^oaj45}Z7UG3)mBK!4OLCHEY6U0{1b}@_vzvB>VV1A}IJAa2
zT384md1O@*3eixsGAq$kCl>C7_+ME-hnNlw{g^0>OzGn%RTVDR&2*{7x*cjEBN(<R
zz!MWk%P+(gIBZp<t|Gu#s;A^=aL{p#DXjLX5j~D~Va+W@P!O4b(IZiCbOO(4gvg+H
zkfMZDfH5?g4GjgHup~g(&I{}*MChK29wNK<cxGAkd`>IP)PPvrtxN%yEAb4*=Zg3_
zY+uh0Q<U*@45?iN*pgZbXGy2ql7g^mUoR31v@ISDH&NqgkL|iBb~lH(gJXu%vTXAY
z)H?K40Bj!iQt<YOB6u{oO%M|*&OngtP~a8<<wEpdh4*h*n-wMiNJjM~>Le4^Y}jE2
z4hxTi0`zd20!|Nw_lH<p4CFwH)<pt<eFmO2$aZIL3C~D`8EMZh!syu9{2?~;%^_E?
zu>u}Hv{)5wsd!H(iBnl=lUdZ5B9$_WEYod6d5yi7*;rU?f)|{6B*>M|i?8b8vK4pm
z?2Zitx=E~#XimU3Il!7(k@#v3E@z23gq(}0vw#XF8WI@^yPbAeLe2{8w!`C>gEA-Y
z#g4dgtOZoD``*NzCUc6I-9__c7{lxaLr#-k%9^IUooS4P`Z${0na05r#@Hed9tmqt
zk8bk&xvujaQrxSdmV_z{PqzAz@kGa-vLimrv2*Uwr#MFH@Mk#z(?>$PstSvFu!yZ_
z2I^ZVm6W|*a=AySPMZ^;Aa;x-<>`F0ZY|3$vs1QBP_nf)rwT#S3}hdzPH71>Y@0-~
za~{c}=_E5(slelo&Qd1wxKuP5*ii{s$aBaNNC5WF6+)PnM^OG?c#7be=C(4$(>J`p
zaTy7aHjbK#y^0`2tm3XGg5bPPVlWPW#|#i5(KHf-Zv0x}!-<~aQh^E%5iwC}kR68f
z76;v#ukZ~h;${ZF(Q1;BWDz<d;IQG49yHs2SNJ^*Yg?QLYC^<rNYi?v-g0a>(ftT#
zb6`Ev-DJhK;~^JvI~`_w>_G+AChQL|xyngK;^ZH~c_l3P=<Y2QK>Ug?y#R%yx8+_@
zfOe-MkxuHj<Z71kWf|m5l2#OU<`LowUj-*AFgu|nj?shh&Mqz12|J{P#f2s|h`1;j
z3?88<gtK;%3k0Bev2~Y@1xN9e8gL{5M}o`VMNCUIbab@V(Sxl{n7Dna>BNQ<rV7Gx
zkx~RV!&h(sOuvwGpC+>!a^3mi&~b}qH!G)+S{&JhC3Pl-aOl%a93k?<5G>)=YsLa)
zqEsFM7q~HkF#N+C_#-j)BN%=+S`3#7Z0GYu%JE9y{M+)$4|~Q^Ol;<YFceH>cpSAj
zTS2H134@ctpf&^kC$<WudR)0zv>ODYftN-Q+H3LRuuO<Uv>(W15&-em1EDh42ZyR4
z08C9m29gigG4%xISzoVf9vgpJMoK?mU{yE)$gZgjY}(v}*PNvGVFq)At3&J&xS}u;
zb(kUXWG}c)@C_;GKLXrg%^p`i6=#fyOS%a|#*2;`<_Oz87k-oc4r53tPfZ~kRh;E$
z`w-{scMF_SB#Q<}!Z^qPMO;k*!91f=#Mx%rCe5m09WJHO;hrHi3R42{w~_Q6#_)(U
ztsizD5ZHLoFf7NsmW&M2sBzcm2%pn%<-L<KXS@~2i{TtHJ)$H@bc+C`0d(Qu5;Bn#
zoG)1?w&Xdqj4y@kM|N`yzO0}>Xvo1-Qjem_@IKL?+=I_!C#_gL`zc2_+SrytMw-t$
z3QHr_6f94|YBH!r44-w}&^pB8jGAyc2qK1M*v?m2`(~E+RXBObZ^?)!5Cs>id7_dX
z6yx^DxgB+h+dAVm?fIjZ+>RiB0FyswBp!Pd1L&>bFD``KjPA06x6SA+D@0lhz!HLx
zxo{~yywi+&vO;P3$R*ymcbtE8oajii!<g=fh0A84+i?fURY$udN)EMbOK>|v=@!`O
z=0b3$Np^>U_$|5n+uXfYlGB0a^i|=2Q##j$YqChJr(ZUAlt~%(LWkcvG{&-8949DT
z4qz#g6opMzavkOzxfEFpr7>jZ$Q9fN!HB}G(_^YnUP^ajVtT)vK$4*dz!X^r&8R^7
zSD)cNoS)<TKNh7&wv8d~e=MIit;~M@e_Ht$=l?&K-{-G0**Q_C#uU%z+q5MK{uF~t
z>|rH>Qp88TsVcM%&hy%kJ5CRWnK?=Cau*Dz7vX_ZULV@7Bd{q&fW_%T{Ap@I{ADUY
z*Gm9IWr!<qI*<Th$`60>dJiYq^_?Tp-gB<ccE!dH>bq+*hvstARPJZ}-ISGGGo?{Q
zE=uR$S|)#<KTiHb@GD|%Uq$H=ZX@&kFZk!U|93`ZmRxy+@o@e9AD92G<Bz1+k>r7q
zkN@=YX%%0L|L5^bJN^))Q+{OH80!A-vgy-o<6ntNd}0569zWl5g<O~h;~fpg@QrEZ
z<>bb+vhvch8FKjyf7vwuwCQrBx0~LS=IdyH5Lvk#w!n~m=yxq&s7Su{1{rQ>gI9Ls
z<z9L<u6cPU&Tn73pry6Fv0d`j02b0R$=7HeLR>*UiM2`o4kmgaeFd&u7ih0-Ys97`
ztB=fCFjet&p<Z%dsI6I_)R>gvu4)6{SwU_+Rt;Q??yVRllBy-)eiSVxC)I%@vQ61#
z#>lRX%6dZ5@QRgQ<`-s{3q!6?DsHvsusfXfR5G4QB7+*?+Xe`S<PwN=!>zNM0ev3U
z8(4pKspKwVu+QbLU^3Jz+<*#wz}Gb3#2~)XGcxFtd`+!V2Lg<*x!{RfY^W*%8qxbb
z5}-s0KyL8B4nc+w+iB9s#X;OqXa=Srt;8Vs#0K$DK?_!(a#H7jpbpV12%&|b+!N8e
z5S{T2)c6AKFeVZLBcn0v2HXr4KJo211}sO=@*+m=bT?pULC0eTPoE<?z@3Zu>I#6V
z6Rv=J$}qiSBs$Z&ifDC8ha16*yU^&w(4TOLeG*r~Io4&-2^AhLHrGTLq=)p}LQRXo
z2%>KZKh+A?z?PLr<T8DVHsezufaGgyl#AGXYefW_77MEb5WouMB0(c*!iV4zBdI6U
zFlh+W$QP6CSdbe|v>3Z~GD>fpgyBbw3Ip248ZD8C-4Cu;D2{h#Y2zHbmDmOp0gu7O
zlp21^Ijn_LgTqNCY*<YQ*{7ljg6UBr5d>rv5bQ;0MOeE$nk8%+m~)h_LX)_A6gxH6
zrzP|lCQKiiX@D0-fLvzT*a3a(1`jqO8@<1t@e?`Fj37ZvtUPcxg$>i049;Bhz9_kf
za1d}ZOM@!bENB5X?AHvngd1aMJ!lwcXz>137mfHQSK(sh@eMjW9H3nbz1xTI5jfld
z)uQFzA_>oYM8vQPW7q{e3A5TKG0zne8&Ft5rM*RpgjzMU9`KhDvW2ailnl}sB1%l>
z7zm(aCSpBCz?OUakSx~}iR({4olx|a<^=F1h&d>N<Yyv^L||l=q?>f1ka!>zgBUNz
z@M{z%7a(yIjVB2cpspcaguN*PvkJY_$B9FUBnWv_APSPyjLilRm>Ys*W|+GwOu7)U
z96`))4HXq3Xz-AjhsFkFf*fWs&4@>WgG4q;1Uc4{oQfs2h$~E}3hbuB^+yr{J&4*L
zkX6_qB6+D8!n9p4!Eb2v2M5VEC?ZxO6(=(cngCWq;~K>GP`kAPe1IAX0R!@l_@!VN
z*A8M1n^h!BRCGkOaF|>H9Tf2ml0bLB1!V$Ia+?qjRw`BpLTVfz`Ov}$SSo@@fUnJ=
z!XE~RzR6(BqEbGJEHnI8LqrGNXYD<C_`$-H!eFzaO)jb`k}XyRo}q(bSd$&kZP+=+
zlVAW&3K)2X(as|I9t6>wpfUiDpil0wm1YPEuZv*eWe_nOPiRq*F?e}{Kd8bJgce+Q
z-P}rLRua5(qza)nrWikwFdX_G1=kc942V~>C=$~NI7)*jh6}Tf1g8oavmfw}`JjnP
zVIhmjP?J<XClHn5s3~9u1_+pybpYDJoBg3)9cc_pV1;#}c7xqu*?<?4sRiC_1V!)E
zX+(A7K}7w+fnji#qBlrxO9x&;v#>iAA;&0)RwqPeonYvh8aha9i&?Tsa10Z6N5SC<
z=aWnu02yr^j<Fy!UzsB-n9G$p=r12OU5Nt}nY|sYz^lu>5*SpxIpro$u?+}H2e=&H
z097K9<5ZmOhm2QHtHTn?K8ipi!T=$Pr?<lNtu@(+rGUO<GFU7M15**3bdX2YtVup%
zn3Ygkmq^34(0mqEGzng6NjQ`OVG+?H<rJscrwHm3C}>3jZo-K)EVsCb*f>QV(-^_^
zu{mbhMQAb)#;HRbo8bsiJW}ROXdJeE_;yhi*N2b>flfBC@t`a1fq-1y)ZU_4=6`WH
zvi7?Y68J;?rKSD-{c!2NPfzrek~L0a^}Gcw?H!G^?Gla_kfTTj;V>7=dNtHYHx`n?
zSP<@rA<b1U>}Y6dYnR%5a-*6^8NrAaHA20JL7IGWgAehlT(9+{R0vYmv7(d~`{Y^`
z9I~)9gq^y7^%C`q-#_t}$^R2NLJpvz{XgY)|4;e!FZTaFmmlx{37HO{igSnO0ID6C
z2Pni`K+MhI=Kl%V96<6iewk&Y_4|aF<45qLfTt&!2*!*^5R8B3-I3w_gQT@I=6oIa
zi7zBYds0ZkO8A`<=Gnn_7h|nUy)pna;qC`v&X*`&L4;w?6H9Dl_?S*3Y-#kSVyno-
ztvGI-!h=mvSnj}`1^E7A;(7{!;=}8lU?`-)8*@l;!b*tRV+N7odUv;%n8(Bn57Dr5
zf>x{f)C)j1mpfV%j+;^(s3z27NHvCn+?~l5zQ}~`2fNyIa}in%B9wKwy_D+IE)`ng
z2t!B9AngU=i8g~ijAvCQ_L>pw!*Hp|gLjk(%}xC5T|(tK6ro=+H3aH1p`q4{D4fDg
zkoO6lrYfPb&l<QMJqQQfxz};%I$j(qYq$kg!LQrkb%EJyKniXO#Rjn+0|G?h$b2vn
z>eXPdQwfzUXNWNb_6ZyzN9*=A<Y6A55n3OHfw`eo1{pC+I0eoZWU?ZZBBrMiQ;u3>
z%$PO_EdfbkEyR4A7;(Jf_enM8LwCeO$ph33&OwKT2g*fj7BIot31)MRpjllaW|A(E
z`E4%wosJ&{B&rQa;DBW`wK~GRF9%F7lHMxD`)CPkzyO<1yuo?^)-!sv3(pv2Ipb$r
z9JQ!Xjb~q2>+V()um;9!4)(r5MD@tX0!xC?XOs}(VGf4_BI&$~tA==Lurn=~VHLm)
z8J_jSbo5BY=E4C6o~(B9s@?SZFi&TaGH}qKWW^L9E2crwA=O4Pmp#^Gz$QB&L5yIw
zz!V0GvaK*lz_+ZeLhBgWT4?qYcS}sQjBE2o4Ah5+8YBx|WW^eI!3RX+d77^Ic^^NK
z<-lmx*w9JEt<RYM&A#5}to{g_eb_BwB<Tt_X}$FmHm4lBWu^$N>$L>lSBM7T<y8c*
ziPp8`punT3lL<tGE|_U)AQ1l@>9OUzlR1Y-2rn}Y_65^cBD2l_w>9;u0~_$GC>^b$
z$o&sg2w*>c8<7RT=|~&~!>rR(YKXGICl$N%IuOL<Zvvjk5s=;x7RY84881DKIKft)
z?b6_tAzg>_(hAn=*x$;rgiJLXo&^@gs5YnC%SG%_(*cP`%b@_6q5;woYvPxcFhgm2
ziq0F3RpMloPuhb{hRI#!EYu3Wslv7BlkokbFh?Wg;!m4S$4UXeETt0WaY`<~1Zpl7
zhp9{&#uFUzY!}i)R+txY*BNB45jr5A#MioDO&?biWE_H^uM>KzhipXkB;aW}XkXT2
zuJX2qF+Uzbh$qLE6j*FfOEXM&C@AS*w_3tHkA@mEXf-WK@WvPDz!g?@zmQLA(ECAt
zV|A4vN=lcJC6|DZGYZB?;Vqaj_4FcoC-J+-&=QDn#HS0uze;U9I)j)Q1Won^Bb3rQ
zDj&s@G-l|LKG5oj`wo2)0yXTDaDi^E_p!6z^e$7^6=qD6rmAg7INmcPaBs!Y^z2IY
z@V*Jg?fo?J-p2J*UxHjk|J9L6g8e!$>F|zD1ZfV{)RNc<*UflI4~0?*!cmD-EJnS<
zfJU70hqWC?ecfhv@o^u{6OVhF!gmf?xMN+EGE&$<6V`oFJ$pPL7D9Z4?ci7{+6BHQ
zpfO%X;MWWxz|V9~ve_?CY$$h5ePdGqd+_A)N?|aW6Of}~8voDd;r?-T_Sk(w@)zEp
z|9iiT@jt!EXygdAF_izOvhp0e|7S+|IbZmHK9Aq*DPHf$1At_&caAi>p`*D8{s~mq
zp?^9WJDLJ>ASwt!LF%YSon1=Oq}ff43+Bshfu<_ONDd<D(yOXTMebPI8mLmhY%2{J
zh9Wn#1?urDZ9e!!)k+CyX?9IZ-BP(`UTsTLOIwvvP>+8K<TO;w0q+tjS}_L)898H&
zpbYadk#e(Z=AfdpOKavx%cR+jbLhfoc4^}r9B_n^i0>b#;BSazq4_H?M9u-_0Qzqe
zfkbc)0n)B9NL-%|BMxbH>l`jD$VTr&k3|wkY3O()eiR)sNg}Xe#3dopAZS3Ef5XTm
z3;AJ2Clv|w8DV%5Y0VcS#2R6MlF;yx4N>BU5P0;^gOs>=GV(wrRGGyck%>5TsFJOU
zJzS}1E}|OqnBxJXArZFZe@@I2kkTb)3E^DiEyCyyD{Kjurxh~CEkT1r#VsLdinmYp
zY6>IRp+_!ZSavuR4Y%MWjyt{xVEViQn1Fp|5$^eSieUn@tBOp89OIei-zt&`;Z1{v
zOriF_AePC(s)ES<FQS<aC7S81p5!bR&;);zZyz>{soR_y#jV&d_G1417lk)598?*w
z0DA&WeyskSK~7w*TbL8gmWlE_QlU-^L5&y?nWCK>Hm|650ZN2*)70`f?g?eluqVha
zF5(Kf#XkuR4JQJMHQz_9%CufHyc(lEFn-~L7a`yZn_bg}(yHld(8VdH%yCJaU0OYd
ztjjEK838{6ml@QjE;Ca1P{OA0iW)8_!E5AFSi0h+EM6@CtC#zZUt0eU=;5e(L|i~a
zo&T>av&a9;sHprR{^xV~xjS)?fzO_x#?$u5dUCMe1}1q!`A{=`c4PBAxxK9x0n>YQ
zUys(UAj#2D1$T}sa!pHHU7)S1Y!06Nbv(w<B!X^k^kc(<FTie%3Nu@Yx>k^pg_LF&
zjxAw3%y?G#5Y`KuFbU?ENSnJfFi(^@Z7Plm2*HM9EES9psl-=cZdC<j9_J}@DHpN|
zhBB1&`AXrwf#v`%N&j{&rY1u|QR~~aIBXsX<+%h>p%myL;hpFq#!>I?*0AR5SG&+s
zE=l@f>dsU=jLlAAgpih}`Z9vu85x@(^e#msg<4Cv3<J?nl=0e|tD6w&P2jU2ZTqGA
zgeEs5QBW~WE}!l%pXr}AL#}D-07vLKsH?Qf|9*)+vR``tKb>z!ppDG(zr3uX+<yMM
zva)j87xMq}_|0pqKlhyA`mFU?e}m6NR#snD)|#xWbw?k4X<puCx~{KYy}GZjZ_S!D
zmtA&QcJ}&Fqc-H`ZaU_e&Ev*xJnpzH<Hl_rKYq(eCv6))e*1|h?l}469jBaf<!Pr~
zaoTBLnlk08GtazQQFfkr<~1JAwIwCjRaSnvy!`sg${Wke|I_dPir;_JdFS0+Q*&!w
z-7PgWy8?mT=bwLDL&NP&O}8~S-_hFo^^T6OU2wrS7BBwh(xrD@c;Vg4mw)r3i|$#u
z^4?HrZ%@x&O?%+tiyzSSha-^(SFe7!ukU-w<RgQF-@D|JM=!hVhnHUZ=*Ep3w`|$6
zef##SuDWXH&Yjm^fBjd#`qi6nzIpxnAMW10`;I&Axbx0C@44rm2OfCf;fEi7<dH`n
zee}^yn;zS??eWVmf8vTOestAUPwm|K^tIPMbN%(t-FV}VZ@lp*x8C}*-MfFbXU~B<
z?s(zOJAZ!XoiE;V&oA%2_g8!OqW^#Cp@)9+z3;vJ{qMj0#1l_E{q)n%J@?#Ce)5xj
z`~K^N7hd?qFMjdTOE10r^2?7scJS$^|M2wFuRZ(hYtKFR$LF7aegFPH{ru-|{^A#J
zz4X%CzxmBOFTebkS6+GLkAM8*!Gr(()?07=<u8AE_0@M@fBmm-yz$pJ-~8Y&fBERW
z_uhN=-M@YK;fH_y>)-$Ow@?56_rHJo>HqhSfBfTL%}D=$_?5taU@m0kewI~~H@V@y
zU5{<bJ$~x)XYSkm#J2o`^KWX{yXQw&OqzD_@1EIv+tXLewL2y^-hcbE*A=(lwfx!p
z@A&bT%R<lH)Oh^v+rN5U{Fe_-y8MFO{;j#EobqIG+xd;NPCezchIt#>N44kHSGV5&
z%r(`gkH2wBqIS%<voAg+ukI@k?ke!NUn?*5Up{_v^_H=Fqo1}fII;ey)5>pb>+wBV
zRUzl*&i&8()=RT;uCIJ%RP_Xp;qza+@k!71+jsVj%`ID*z3FGSPK?Cjcidfo7(Wqy
zam={7x`Ld6)A!%_?KhquJL8Azr%#)3Q$bTl{or-2*KEsrByje<D}HONKe6KFNf+dg
zUiDmY-j&~ZZ`Pfo-yi+sCqCQOlfQ4?^IvY=b5r-Tz0$_w(T~ddf`5EF@yDE(N)~7h
z5AB<GO4-DVj358{tbKV?XI5;vY}S+$w?>W{x1=-LzpHNE!Y%Kd^XxG>bxUsD{94}X
z(;M3+=a25M4D6}icKS(^UfFQg%srbYPki(C{mtR#x`v}3Y%c!&ww&Ibp{2Fs3ZE_5
zK6%13Q?}1;du_@14}+&}m~-j5b4OpD-?+2z(w$Q_k1dS1ZaC`LwXe?|J$a|RDL?da
z`D@qZ{=GbS{pnpNx1IQ{#{c-kl$FoquMFno?*GHC4db3#I;LX%>StEXUXXYC%{kKk
z$8H{zf6f7A<?Z{kg5TaU=9ViCZke%u_t@Lt-J;Y_eKGrroSIMW%=&Eqy1E}_PoGnF
z!x^($^VjdXrSJ7uZ+dRsjEl1-ym9d9FJ1Ri*?+Cu`OEr?wD^T}PiJ2fcx~GNRY0o0
z*irG1dawR%#o58lS0~P@Jww|4*j?+AzIj=XoF3?Uxpv2EJO7+DcI|IUzGJ*P<E^Zj
z^0lqGfBJT@JXrSqx?fJ55MOlfZExnh{Z@B=GW*Qx?%bV|pU9cG&o{r}v^^UipLAZy
zecPUo-LSE1rgHrgYsZz&yXB<Q_HKQ(y5Yua-hEv8)9+qgcT1jJeR9E74?W)hyHEV_
ztXTu2w&c8BS-5%EM_1i#TpyU|-FMuWMrG6ESMQm%ENe;ssHd}2=iXj<V9NY^zP<jI
z4U6tw_u7y4EvsHp_`5s5u}O_@{cPSAIli>^>YL_%@SDv)|I@12)*Sz-(bsO27u~gE
z$$`hZ*H_3j6PK>3+jji4i67+Vl}z-lF*eO?tr=Ih{Jl+MCr7%c4=N=!#u=gT>MbXA
z7teU_{GI=K-#c&Yx#Fa`M=$?)+0Mc>ukD|^?K`9A*1Ue_Z$7y8m>++ws`A-A<97z0
zJ9omU2C444iK~8jZv7<_+N#E0y6*X#^Hye`{=FXW{^Ra1KYjhUl9Ss$s%h9T{*zBO
zAOF))SE)bnHgC-R(75VJ>EmmPC-0te$-xU=%xZWjdhE($t3$bM-C4Wed2{!ajn5ok
zKlYle@n_XdkXN4mZe8E4?}ztK*>PXin>A(UZ25k6_Sn0&pK$v2l2I2$wtV)|ZEd4l
z@A!IS@9s-Kkmlx}k{IP#SvW!JJ*xJjx$CR556nACxq5KYlAEMS(d<zlAFTP^zUf!y
z?$Pp=KK4lQq`FUY_l-O8*9ZT5)UKSZ=kCcpYwYEZeE+HXv&+AkbM;qq+rFFs-O;&O
zy~kWLzp-K8p0lMZ=Wab=Lty9QV_yIJ`C0PL#ve_7bLzy$q=L5l7k~Q9yN`dVu4Y_s
zU9ME}?6Whzt*<>X?~drcf~@1W*X8F9Osx4}|6PkdIWYIyEB{dV&aTIoO1o-~8LZt}
zSTp+csfFu~dHcdMei*p*n7Q|E|LoJ?1f%u*jVHXKkG~*i?FsMaj-B-Um(Q#DRo2d>
z<JCWIJ^!SgH`m<0Yt-fE=43zg+4&8pl>Gfi+AV)go&U~R2Y)j2v5#&HPDvCO)UDk#
z@y&ZmX0EL(`o@@@*@N|?Je}+FpLoVNYQwijXD8p?UO2n8N$Xm@ZjLnf_}O3CIWMy7
z_8(M)kDheywylY}^T*ycp>k8t9cA}_FmT=e>YRVfTwgU=ov?DrZH@0$`p+AqU9f!i
zaT8ZQSMvVAD_@^ny`%M^JAZ!J`yVXc`nxRo)uTHK+OD7Z+b7?u9lK%k<Wrs;b@%kI
zys~EIL*IIJUQX9bZGRuLXZy+1-@kopVRo&*Ki^-t?`ubIs2kJu+>F|bvd3Sx|EN(r
zK3e$p=v||_zcHmcr+V||m%p}g&))Uj$G)0dxcS8?@v@xYaR-X$jXpbTW&UT+D8>7K
z_V}+;H;m2wkI`LoH<zvt9#d7EJ-Fnhf-!ISrUdTmsJ-jpPgW$}Ui{kSe=h9)as7SI
z{i1hE_6d*vvfkgPjLKU$&~WO;+jdqKKQ!~e_1@?mp2~eMRCdHJ`R#{e@7%g&cK7b0
zo9a&9`jx;-clH0k`%UkKpElg`{jVG+9lZNM;przdKXFI@ci%pCW!>P6>WM#E{DX@N
zem3#N9pkTDbng#exZ_*V+8GBQJh|d~TlenT_sj$Pt{wRJ=J9Lp+y1LD*;4DShmP8@
z{!9OL@}1dh4~|*%QqIJ$tlYHl=G5%$-qrP6uk9>f`=4_vF4BueuOIXK{r5ih@PXPJ
zdUwsq{?6PhpMGFd?p5!U{G<M%DHk+6{#nh8#-A1+^KsylnFp^6{PpM!zdJbV!6$QS
zm%sZfeRNju>)(8$;?$bam1h@@>sS}ve#ieb)IRm=ZR7om?!V#0tW$5AH{s$*ImfNv
zKl(qKU(LVnv>UU^zL8&e?tv-M-oI4Gf7AVsnvWm-@Y$>9%F*xmTV8#B_KdfZ>%RPQ
zcKnsu<#Uy1lQ-uVHjIBLPrh5J`SXRJdcU&e{u>^c@n)oF&+7Fh{;auck8aI+IWPEp
z{igNr<xj{fc<q8ITXyCIi}v2NamQ0Xedogq9@JLs+WY%YX658(7oK#@_N;X`T=dsP
zodcud(Jhm5vOoQ8?yZl0?Tvrj_0t0njCuH;)jvJ=)cGrKh%TF(b+9<P^1$jTQqA2P
zKl|aae<*!?Sv33UM9*0lJ^JbkXRS^a9`oq#u`|Z?jPiUM`S5`=Zh1fN*Qfq!#jN+P
zuYWh^^!Q`r8mf03x3_rxrn@#j^dFD@^w|~HC-U}AerjXahDo2Syx^#D)d%ZW?OT0L
z#rEU9qrNr2`PJvY{y)8!A2aIcfpORNAASG!swEqa8-Huxr=#8;Up;y5m*++w-*)O}
zZ*70-yMJDC(w826`Q!^*N*^D4-oRtI-_Ol@a#QiH*U#R3eBJN!|6CG2Zsxj&zZv*R
z--g^<zIp7D7ax85`qvsKsmDwxJK@DK`G30i?G@7pC*79w%XRrhI~Py!Z2rp|C$Eqn
ztXVtZ>u2m7^LqX2y~osz&D!_VuU~bZ@jsi_Px-;E&zySYXY21SsK4&rX}A2~<IWTR
z^z+-!$(nZVao@^YaMGMV{ABJU|9$SYA4Y!AaKdB99>03?vST-HzvAKZpW1s)aZYdG
zz>F~^M&l<NPI&tqPtNZ8vezfyxcP)d@%6WUn6>%7{7oxIZTe{ZvNIP~Je6J99a7HS
zctTe8gRdohzo<ScD=T>0`oB)eu6uEG*4(V$PRKg_pqBeuR_E=jPgCa=95{Mm$MiS1
zoNz_!=K6unfk}CNJL_H#o^Yw0^J!c5569$v_o!sf&M|*_@2J^I@x=U5?{7X~%%sH+
zR!6+AY@Bq%vc0M9`wO#M&&<E{zA^nfXD*&QD(A6*oPGTb*W~u?8*|Cdnf+P4*X19*
z=-n9y$7fZxPWWuguH|{}9sMOG)%|+@-8blU;rxnk^nCMIb7tgwLuFaT_br|M?W|+(
zD_6>oKKi~5?;k&^<)iGW@f^?o9pCzR$G5(b)4KhPlXi|?zwgv**XLfmD`(>i*;9Ar
zRJ>T3^KSNzoV;tZ@-~-^Ia4k^YVN2TpBQs%&FR5SvG#qJjNLHm4|NMl&pdz23t#&E
z$6p$|Y4XVjvrm&J-94dr(zHp(?#e!6U-nnK${#GuK4Vw*lCNj4*p}bcI_l*2#%%jh
z{>(pJcwo}h9M7ds{cXV;FM0QTP_QMjV$X)FelQ_x!PoPz+?BPXcl^9~<d_2+E*d@e
z#QLR=PG5IMSLthyHIJP#`mQ_1?|3qQXI9xe3)eQQRd0qr3l#o*&KdFMylX~Hx_rW=
z?`Hi!_O3NHj_W#85@|^bv?V1MHJqjyuWCiI_+CCFirR>zD2X;L(j+C<bzEt7XLfhY
z*`3kOu1LxdEIV<66h&cMFcK$7VyCHV2QJ{YXiy_SZ3h9`^he;tb<nhbT(m(E{|Ev!
zE*iHede1rc&fM80ch1Joz~&F~-pl*l=eg%T<~*ve-ulfS_wC<*<8K`A|K#<%fA~*5
zhsW>x+plLX+&uVMD>yWCy7ZsdUVU}=t8WZ1{-o!&tM~tJX7`<gkA0^;`_oqs-ty4d
zg9i`oe(wI`qYvEhUxTmw<H;xYbkzQScJJd0AA6+pwwJq4KiRdo_xP26|ASw9yzAb-
z?mRuX=gPHfzc_nc=Y^rc-K&rN_|fNQJMvGQJNxi$zdN<_>gUg2eq!5&zgxNf)3e`u
zWZQ4<IlK3}kBv-y`lTOU+jiaLo~4g$du{vE)xx#KU8lagXV;%R_?73U-+1YA_jBfr
z>F%O6cJ1n};qC*wp8uk`F}J;YNBO_Mbn>;%Z>GC1KKDl-{dWF^pI>`p&w=#+br-v*
zx*p%y^Qo&Hi-SGR@h|_2J-hsaFZ}VNANkgUckS)zy8l1+Jos?OLPyV$+|H4XZQn{?
z`RI?*>w7!8kMH>HkM}HI?Rc<bZ{5H5`X_f?5R?BGU;Ue&8{Zgy@@vDr+dH=1^0Tgg
z+u!rki%-1pqsO*CxvS98dGl+tpZlvr4?KF$gVWn??&vHGe(o>t>VD{FU;fywnXkOE
zv+zXMC$8=odTo2}i`xhM9iO;*^vds@8-26;j;mkzt(#8|{eJhzt$WLU$HL;5#=o}L
z`u?$npLeES+&FsEu2&xM?Ta^^?0D*bdUh`^_Sp~IR#^M`3qR?1FL(PFzS!5Z``%wX
zwd4EO?YhwE9skp(I(N=4E?m0hk)?+_E`R1Td(JL)ri`xojZg1*Y1f}Uv}gHv*E8RF
z`qyvjntScKg<E<aTI~AQ*=KH;+PQF{bGP65$v3+n>HbDaKwf|5hM`^eO>}?iYUg}+
z*Yee;t}X67d%Ww8=Q@Aq^~*~yU-$Swd}H58*W!zvryjoW*+2aJneJ!5{m;*S@6Bgl
zzVXk0@Osa-Z5>D7<D1_H_NTS}_uC@?oFxA{GT!w5H$FP@;rrja@e`B(<tu=<6ab!i
zPbGl!MuU#|R`S33Ed+p#yLCA^CH31v<~Oek{k}i6&y~pS`%L>Bnzg9c|86Uv>l602
zDWJ!C^^WPEw^Tn@^Szb&x!&)$R|Q?leT1dIS8C|84WN8Q0%wVe=pe1)VVjjMx|HC2
zZ*|cX$-kY7=#pVb9e24{S}CT(NHhuKhO)SAYo>E$dEW`u^r-0vqjl1*W_kmoe-E|O
zalJK)*=?<&9!iDji}QW0rLGS(Dakf0?Jc#{RbM?N0S6V}_8sZ0YpGjmtvA%yptr6q
zg%5(_x*AkJ65;$%cl`sZyUtsh?}!e&BEvu`Eq$oQ&QN1-M<y3F*<(W6v5DPGpM5J)
z-uI&<?=PVN|End)`%C_8`Ti4=Y<z2Vw0{2?9U2`SX_WsR8~afI`(63jQvO#^g3%~P
zY4n9G{Vl)jEU(-(Kiilsn-WKo`%=5%bk~Q)_0=|fdqQwe!TpZL{^5Ip1MF)8coOPl
z9Zg*UK}{(5oe(*0ls8tR6bb#_j-%8ldMvhLamxnw9bFAXtL7JGZoA{`!piLC4KmB-
zWx<=p(P99e8V0<aV|l^A)biY!fy1Lm1~cPF4remBXi*QBW~gs?5C%8wLLLrw{eGnw
z_5r8uSUOkVpbO*_))V$^NaUM4bw+gFE{JJ7y}URzGka_Zcsugt>FieB#%%&ves05P
z(wi_g<G)74Y6WbbW}w%Ysu$rJ1MiRckGbXPGsfZ3KI(H{rZ0oZ@7$otQlgo^dpbT^
z_cW4%Xpb>7KRdM~z^;oAm$CT;$zv!(T<%OCp36KRHyfiREm~g1Bo$W@1P8Bra99uO
zKD^&x&D!(fy>`B)q?}c$)Io{IOEIGMgD#|3I~rx&rxtcP8!hq8bK=OQv-oF=Jgo(^
z#p%ebDKU78$W339&7KiMRCS7_nz0{7>nPGg9|&U`A*C#yo#|V0;HXr!;qV=4eAiLw
z5e5hJz?61$YSJ`Hf~jrVK-bB`aUGkrZ#0c`F4HClOpqT}GT>5>d>BX&o}ME$fOK|7
z8$5X?Iy-M5$2ykwNjr7IKzh@~?X`K@H<Zo}2~Im#so`y%^e-Ca^L4;*Iy)=?aCMxQ
zFUJIEQdfwf`b9<J7d)5S>!96bh{lV<zI+OASz|xc*$=gzBRy0g<`u!J16IwlZmNC8
zv#a^AlLHCR3;;7&u{`i5HFX3KBLcCk)ckmj9HB;zP$ThHkXRLs%LtClv^bb^AQ^%{
zpQZwM8iOV#!>C)>F(A6C=ZX$i>-2n^3?C)<sDQ&oBOIG#<QO5x09mgfeHt@@?SU$M
z(-^lZXq*Zf2MWYH%n3X1n&j>~;86qi0{So;sWY=Cca$b~6eo8|+!sq_yXNGL1s`4$
z#Embh`J*(|qd3(|HhC}>eQ2YA3>A>U{ugltwt*fYw48r<j;)vsULhbfXgF-hGwe#S
zRtl?5#*Yym2mn5N*cO}ul40WngXvyDCM}vBAjPu!dzj#do5(I1dW4`ybm$4Nt>Lsm
zYS?S&^EoGQa*hjc6H9dl|G|Dkuj&4JTAC3_f?<E5x3}A3O|du~_7i$J8`&921Pu-1
zHZUk)r_5?jY#w4_T-Vk%o}_(bP;MoIxSC`seNidc1+l(Lp2cVmEiCve3cC}Y%2u@A
zCr#53HH9{ost4N4Jg8WW8Mz{+e6Z6%&oYbB>d+iK)fLP<XKT&Ccw}%epg6%3^Q*1<
zoq<kgu*aC&SavQaEU66ej|_5;#lWsxUf&#<wn>7G01VlNG2?nc@^+B{j*&rrv1AuP
zKXM}pFb06JCYpz*wwWaCIAF)Mwc2#L*cy8nu!rTipTPIQhKXxU1Y&GP6cN<d#Uh8#
zLG!5PzQLGyJTlOMVavw1Zh#o+Q6d8RN-(c9>>0J=o<=*`v>AxaENnyTVZ*JAHnMQZ
zz@^Ud>n>wU!HtZzvD?X)b5i~h$WJFSv`^7oS3*BWsHZg2i)IZz=JAFXNLg-uxCgb<
z%`t!iQQvNY4Ic86&L8A)fRE$J9zT={vRI(k)RSf&_7f+0<PJj_K;N`m!{9A%1meWi
zMj1z-j3co%5~J|eBPa%8OiI`+NA~Sn*C~2V{Z^l+WlJL=196VHgkPP`(Gv-S3dVs3
z#^vE0rB6a}n%E_1Yy2?ahd05;*WA_xWT1dda{*I}bDW_Rlc`wMjIwgHOdrVT<FT$~
z9lLMJEBKtcg3Fuc%GC7yta0buiIvmG(nEuTH^Vh^Wyv@v-*jr8k16odcRCXlS5PEO
zx88zI(W2-~cGCxieZE!bJAW#jJ%0)_#$NlI@|~MqTAo`tBXY}7G6uc|Rcq-i{Y}oF
zrvpck&L8lQp~sW)mWLM3v-CGPKYr!G7YsTzx6WO(YX!S<DV>!87NV@qeh3R=$ymoX
zovN5m`kR~|KIf&g@SB&HMoNWv7_vr0C<-Uz%DAJXv-CGPf5l!G6a&AL^U5J&j*y?n
zr#<|`$St}j8iIe4b63qZ`=UrmXH|%W5hQ^K@t2i9kof~vezF#nj?4xnAp#qgTRKaB
zIr-&^2)HXEh^>gAtrb!8=<8`Zt3n)%qFEJUV8l^R<QKn_^VTcAIP9mh^fx*Gx+KE&
zI2DRL0(rV(?E5RZz(1P6x%29%*H3bSz%Sz|9FD6H;u29W$I76Tw#uLn>#;&8shv{5
zKvzA`3!#*D%2=zKzFq>v+re)*wrlAHU;<+Yg40+({ubL%6yYMnJth`y16}gGRSgZ%
zHqancprIk!1{&oUG&siFz-yeLIjxOys`8Gj6;su&z06YTJ{ls_3Xv(?GJ^PAvUy~f
zU7yRKy}1k;W+P~GHiAuNqdjgNVj9LVXnP!MRdM&vA)9STNG<`+HWO&PGo6jXOkBaO
z2PKKaFcXL7Rwd3=uU8BlSZtFp2r^NDZLdlc1lg$CrChxb0x`zKqMV^bVwiE7_4?&3
zs1OSyXF!Em7?fg042D=3Ib$ls!hkR+LLk6H;9~({FvvprVMRW>CZZ%6U?FN{pKb(E
zn1{o|k_@mAl6q8#af2{xrG7If=0}CNn7kK)M39RLoQgt;AQx3LE5ix~;Wls@jETzI
zjw?|R<f1%SOkt3Zia<<^WfvtzgqRq6-Io{<Vqyxe2N(D#%*Bb@sDg<g7gdegh+!tK
zRENimFvvu?R#Y2?xj3%~UxcDC9~YsRn6kMpF(Smpgv+bUUR`323JN5GOqB0PjPGy}
z-kO4VYfMblRHRhp@LHL(VtM5d29dUqVxzZWXh>j|Ab6VM0ubb*A`lmI5gz}-AQL6H
zplTlk`KSn#jPU|Eg}{+gg;*F1uh}xdLpX&(%_&QijIfYW=MjN2%)~i0333=?E;5R%
z4c=42APYsVN)SasCJMyfC5r4<Gf?XKLclP_!iJ;I9(i&82^%THoVUpQs#&!A^S&TL
zc$3tkd^G93L~x3?hj*P^ya18FFCpIi_FC^(ZF+`oNZ^+s_!vFX#^Q{3MSR=q2Zc5e
zlMEwlB-nTlkq}`ct$NuHkq}`c3r@ufkr3e{QS~FjVw8<8mcjE=h^8nX9n^CXRz%oH
z7w$1pn2+<;>}YZ@#>U3G+Fnnqb~Ldf+y)Nh#BB|WaW-Bb;C9Bh?)%y}VT|$GjcQ|g
z6hKR7^%xiHROl<89^+!gv9Y3%5a#04=A*~B*uaZg8+ck<8(-mP=sWP1kMM5YJU``%
ztq84aQ?PX-Alr<RHy~6PO-7!eXXP-Mj5v)ih$@tvA4F}6Ktoz28FfZ}mWjg2m?c|m
zY!XA^WDJU?5(I<Eh&$nhLDoXyWQ<w!&59%ER7R3f^jSxR82LegHmKpNW<1Wo(o0$x
zWFX}7j=~I#ul0%X(G>IHXD9h;+>nrrrkzxUlJm<iu3?aYpb!3GFd0#lgivJAfH*vZ
zEs}geLR6H6q)!D}gomQ<RC<hsBezN+kfJPPDP$?E&r4dyyjQQ(Vo*$B<I83cuNe|p
zX!@+BMOY~L0Y#6oaN38H#uOG_;|eOq!o}<4*M~wyQJ94ZKkCHe$yjw*h{6m^kn=p(
zHsy{PMmflQA-3CU2^@4IxE-tux=&zR$r5v~3Wz0gN~t)m!d8+VdSy0kH&!tYE)?$3
zVjP@Cb~3_3mFOFV9^>E|2b4dSt}QxMQbeR;44kLhnS7OnTorpQhz=?$#=>bssbV~w
zHke_Qg^UlUmcT);*Ay&CSPOD_xqI;f7=@ED+7X0#0`V0y^EsT%uLq?VZ_yHX=zN|e
z@FTcNVdCQ~CYHo2p`b5ZErEx2^b^09z(a4s<C>D0B{lZKZKoF@my{7EO5>DKoQG{}
zZab~jmunQ~VYO{Hj53i;gmQ^ZDUo=i9%JE9#4!qUF^&#O_<SQX23k#t0+LZaM+b3g
zLQx_`H!8-#(UV0K=3so+%!eS1a8M-57lo5CLHzC#@b4~xes^IBIjM}%-6de(U4r=C
zCE(v(0{!m75~q?GwR-?hj7sKgxCijXr)2Ipwhf%x0t4oGK4>`4b49c;uN2md!pWGL
z7u$2gC<ocFUup>)bZoZ^qa0*xe+r`<q`u4W1eYnNkIf5#GRi^5o62vgzAvd52Nyp8
zL~#ZdrH53Am!Ce(>9J&-Bxk90)0mQsUyoS#I*)U2M9eKNI^6ikY=&BjuF~OZ_24{z
ze!30@L$PQTNo>yi`6at3AxlXTIhf0|Eczs-$9On>spttjG}x$(pn=q)W#AerZKuwN
z_eD_-vRcGvTZNQS9x{50jG_!=PE0tcy-TEuGLUe8f(=L_Rg{B-UYV5*g_Kb)(y7#R
zWTHMzENjTF<4N2STrZ@FFwVxtNJ>xQmY}izSPB<UMs;;OrEu}lOX7Sx9~i>Sjoojr
z_aSrF;#_P!+)wlb23n~AY7rJH)>(_YY0jV5moaw@%NOD3{2Nc=mk^y0=i7T`7TNJ5
za~NbG;Poq~?>$ih6Rph*Pwz0y8k-%i_914j*lUd=r6=)9h~D$&`44*Y=RsUsZ0dnT
zswfLti?}95*eH!-MhQH$#w}%xiHprol)yvBxMUdTVH+!E*XxVhbc~v#1P;0$l;CFV
zsyT`h80e~9kT4Nq<=0*u=J`(!^YQcYJpaH<SvA(Cq6}oc67>(m49prBOqLi7HyxJ;
zR+jKLD9C5q@B}`1cp{UT7&@|vCvY$iOE|ItKVg)eidQvk%c-TnWbChm&DbsNziNa0
zR_kbK|8+bwJlN#_XDlQBd}#mmUHF;2>BPbeSYb6_rj5n3)AMsPM!Iic;Lgm<z`%)>
z69y2k0k(-wIu+9$7??c+MkF9R(0EDQ@<p`f)LgrTZBY7uYSMKotKbkJZY`FKGP;p<
z*jCvjWhxIr)PU4v&a*bKK~-oSn0aks>@l64bjn2|sOEJuucliA6RA0LZE`F<C~^&$
zEe*XwJt;7F>WMw4<~3P8tvi>E({`omT&&wo)=y2>vde<_qzzPGG#UNFyg!X!%BIoy
z`Y_U}yqKxzWJ98x!<wv$lKt&tZ_5vv@P<ai4^Rh~jS($@?d({32u!Ky);7(ooLa!l
zlNS%OV%Y07u(OYT0-C)wiTMTVjkcxPXibrO0`ymqx2?JihFCO!19uYu=c^9h&r*fZ
zmJfQ6GTp!vlUM-D??unERN?43!OMZ&*FLZ6h_MuPYo+(5)Z=En)?Tzd1hw{ARWR?b
z|Fd897mj`vi+Yo@!S#hj&Ru+vpe@whUIRbW^{v_PCncM&4+uK-scfj?$%R41wk<)E
z=txA?1h#L=)O@T#K4talezGR*ayC!Tydq@GM6P0#)g5rzBc?`NM*<r?x=fu}o+DET
zGuY#qLx&Fbr)W~AZE`=M&8cd3FB&&0ndpC^;?<-x7t=_CBa5`^%|yznk^7`Iueusw
z18s5iv{2$6+K6tWN*<gLT$mm3!{dTy321GUU3z1HG6@HMGRQZT$_Rzv|D+28EL4pu
z_<C?Em%LRwvfKlcCbd3b#vEHPE$NU3yho5nAaeKtBLh#h_|MRb0DAJmqSblPn4z(Z
z)d5b0s850ks?wp6<X{8Z4~{29)s1KxW$CBFtQY0{gG(K8(;?SAruZY6W))rRh%zE)
zN0tY35rE5ux^#4f?##q)?v<U(@pTZ+EcgsCtI~G^7+T7c39o|4Xu~X$=PhWM1^WI@
z4n2H{(apPci+oy{K&*`ufFm#oeTPHn<N$_xQ)?wBUxERMT*FDyMxQIt8N&>{hxC$f
z7&53uzJql4ATefC5Io-qyh3fwtlBhJ4tgxQ<XE(d(31r57u}5rOl)A_6%_rNftwD+
z{K+$tT8w1=kl0d=GNaQI+J2EEsvRd~Do;P6Pfp%}itU^rV(1hNi?-Rw;R$=>tV+i*
z;P<4-<~&TXs7oA4(E$|HYl-o5(7R3^I3$>_#R(I$uRJf2JD<FR24Mw-m7Izt6M;v|
zwa}XiY+G)W`BDXG0S$C(eKW$osV;>z+BH+To(uO5m{^_k$Z;K2Bo7IqsGR4m_TtK3
zY|3jKShmI1Xc@B>nkPLd7rxxMhV_kWIGv4KeU5Eh<n2V7;8YVyr0Ck~z&X)L4O$$d
zJ%OCoh=CXDB9MdB4=&MYZoms%ASa}$TuJRU!G|j3gyfPq2wA-;a65v|O&YwA5!tQ*
z7Z?9_s`4MEbY&%2y&@6lW4Nj0mDSkD7Z|$!K*whFK>2+k`bX{#D`NW0N#NyJIQr+o
z)~4=*IWTdAuMmTRdIJg$0w*qmLzyVo#{(Rx)ZJ0iJsJ>={rhsujk16PoJt>@#^4A|
zqXX_(D(FcJyc>l7>`krO8#vI7xh8YjRrtr`KrTyTN3)`kVkXNuuetOK0(cBS`%Tyn
zj?y|;Tt~TNQo94qQNa_3NP}iZ`DoKtzof=tX+J!oN3hAasWovV%wb8GFfeDxx26cC
z4&VVtaZ!<it|gs<V^=B1!Ibj<D7TBshCxp?=>NtB`;USyEvG2h8BsExfrGr5Jn;{7
zx+JzS^4o(v5g3NZE%(#BCs@2==@tpC&^|EKLC$tWE6Tw5!~LW`bzr3_FSSP``eNYV
zq(i5ZdKGsrQazkVK_B3wnAn5RAwUIOSX6;`yMD>cp)u;*#wJkZ%nuJ_aKsQyJRC1@
z;1mrWQUc}^TnW0MdkKQ&jtmZ8jRSqH6+G~X31bDbq3DqgCs3pqRJ(e~w$vGc#y317
z;$Tf+c~x=eGvEhu(hqsRf*;G1Nrvr;LqZsG3WTvkOu<wc;7BRclqF|F<rjk?f5;^g
z{8SuQra>d=$E#BQs+b|OMxk20ifDA<gg=7E$Tro*cv2~XX@K9O0qj@oav+8wu=~&r
zS4|wLLlT)t(f((GdLD)-yBb2|slDh-jWSL}8DY$1;+YdN5xsZT*1YH})JuGpM!i2Z
zg^dZ9Uaurw^!*S~e??m$a=OXUA*y{rU(~WP4xrC5F|E{;$b2J452kd2!08EnE0So9
zMsr9YbWq%!+-OmY9o`nRWh?%MJIX|ioDSjdKKy;l|FiceaB^f>eJI>Bp2ZWxu#Ulx
zhxuY^rbn6GS=m)3se4*A5~$VcZh?A1s-6XnMvlsis)|--Ms`MKExil_w%I-AvjH3P
z9*oCevxAMz!`Q55HJibJ$3Gj4H!vUO<9UDBVBS63z31Mzk(ni_o54Q|rlpLyarb-f
zS^o$BdmsMyZv5|i@xO1TqDJ~Nf8K}xed}PlN&ncDf0!q!JfZURSquN$#{WK#|9uhv
zdkz14oeI$xXYjur{BM{3+ok_@y}bg5=`utS0j;Ky5&`5B-OmTbu%L{sDaIP&oNyLZ
zLs7~ZoY!Y(W^NRN?qwCTQ+Z((iNCp>4MSsY>t|=cRGDc!LF@P)VN*|}t?hg;Xm{+J
zZS^MW-NYnm>h+F$4UwbijuGh8>ydjs$`1e#N4=c5m%VIa_Qh__hffunx<Y$Ku6?e=
zJi~@qsWSVn%)Vi&@WSy+yeAmNAglJ&>lODJCX~3{VK%v$Ueoh@y-gD>pPg`@Wn-}O
zm18sQ*LacmlWy|3IaiQ+$6Q9KZCxKUBmt(+JVgm<|0|Li`Jo859FduvR~H7B<2w-2
z%i$FYsnEuT>opV|+W_W%WZ33OK^fu(vpjJeQm{4ne7^^FX}?b*tdeAMW`pDvkum$R
zx%Xz6oCf@Ui1!|vHt9;ntb|j^gb1Rv>lOE+5OLC<BmBMtlD4Ea%_-4?<@NGIGa)D{
zW4qK|JGsh~gc%2zA~`2;^S*6$+ti6O(qZuqD`WXReJ-Drl?ZTrJl)h9VkrAzP4<H&
zXomj>bZ0rOE!rAw+8Z6Wy5834B&aI!I{^7fLH-4)QBw_bF=F5z&QY|P3Nsetl!5pS
z75j^AHj|aO+@|7Wqy1u%<D622jpPePxq&)j7W69QPwa8x5nBc2I;3oqoMEz}1fP=Q
zu|l|NO0TH&ERv2=_^+W^Ly-?XiixWsyB!%XyA{klK^|)gXHWDb!N$dRM)>aC%%>G|
z<?oa#V2Yp+7+Fzcpb8UDx1SS3KjMRdyb$yI_)SthJA=DWzS0}neVC%_GiE@p{JlQH
z)kvfVer=dKSTz>!polFl*Q>j?uU)f;dAVxV<JFwi_4HHFOpbswk$$eM!dfk{khQAJ
z9XH4(gQLx4M`ySMwk7g?(5q9?UR?(z?{%wKI8Qb3X+hSfvW!pD(19$_GJ|}FtUJp;
zJH-Tbc=68J9O?LRSN3aV6((GkxT7H+kjZRB>2Nv6H^Rml0fy4)TD1@MDZIg1+p{|=
zG0&&k)G`V>*4&*fkh}x(M>%8j!(Kj~s%Z}fWsc<7)kB97G#|uV7CELRJ&=^A(P>5H
z?lA8c879Z|X}i!t%wcA)yo#p)HE#Xd707yc)WUW679;?Cq5<cxUbu8AX^DU@blNdH
zDD9DsjCRz64;TT_weG)MUn6mnt66WZ=G2328p#f_|FQ`TYgHZyKWn!N4aa9`v-E6w
zA{&(N8Le-eTsh$$uE@jptgNV_?|JY6^L%~nJ!_{P^gp<E&3r*Wp{ncG)vL2-ukkOh
zh&eqTt4inD-O{LZ$wqvd`JRwt=uQ?ZKIHZvn}dhDHTKe6<mJc+DUzkxP?D?%JCaNf
zyJqX{nT3|((gVoM3l;@KO%9op;ah{2XzkFFfs3?F@LaHrR2vY=$lf}fg#UHd@W1P)
z*6)XZte@(x-=D8;n18QzPr}oS>+tWxogMt^^!<_91A9a+Q|1vNxwQ9=#&CRE)brI<
zCsU1%h~tvfmYF>Pmv&fTc{ugXR<;8-cu<oZrv|b|8<zV?3>|d5+5_W~?!ItBhHh0X
z4tt8B94S~gc@ikkK~cfcR25>IOVkIMzVpg#3uMM(1lMd9RTn8Zb|y#~fngC{N5800
zwLxjS^WnIJgbstFt{4C}ID4JaTy3nJtLL)w)K*s3M?Uz-d<a_!c+Vq90zI%=SZAmq
zr6BOVi4%jF%<pA}P{60vCfSkpsd>o#yoIX|qcgk_lu<e+n`S~9G-Powkgq|kI%0(?
zr~u((q28((^Tio+^?1dt_6#dpaf$dS(oDBRZ1J?55TRDaBh2JY*1XB?jMfTF9(Xe;
z8xR?vK>nlBECwm<08azj7!AJ+X>D-Mcm!uqs>YZ-*jG3h8xLZih))=9J>25#=w(Z|
zFcAC5#Ua?wB&Y$)pn3)#k|!We7iu=SGbq#S(Gtrs!KnjHF7|jE4}xJ*Q?O?7g*!cR
z!jLm~VfImXxnn(>AQwr-@JSAG5lysdDBG??F3aFp?96!GsE-e+DQfIz1sz4z8+4V%
zyL}GyV(`10JX8YJwPTS2?u%gtrX8TQWXd2t-ewYv1It0ic+|P^B)S#TLqnOlMdWkU
zJS7WHx-%%z0Jw@_E^Wz^Zp4&JNQUyPLX+F}tQhn|(;Dw=v{NDrZWUOzVYW#C%f?lA
z5>bnh;1zZT^fgGh_%5q9(FBAdkTn#ViP`Dy$$izvfnRkyQxDvn>g)(_GAC=9Q^F*P
z#91_tpGibeip#wAbFhNM<=(ValWyBaz%<>rz8jQ1^sQh7+BE+JLfO_PO4LgMt!Tlf
z7)p{QBcD3+u`=!>DKcDl^yP)5);1<WlGe=+ul+6A%e6!7*+|WHfEdLCGqq-3&?w6`
zYV^mLmWfB)JnJ~qMQp`gT6k)WP!D*Juu_xkz>v;iIXOZm$V$5Ts>nhmWpQGfj)p?v
z%55f4JXWOPH>APH_U00N%y7}DUD`fkz8A(iREYwSWHA?y21XF{vyq6qs$tmFGE02!
z>l3b~TPFKy{~KioAk>~dS<m{UGLhloMK@LM0X*mDpSr}8>P*%69?#DNh7Jw@(4M)~
zNQ8jb+7KVz0E%Sm^8|iIV4r~rrXqN_$Y%n4aB$X<cnDKrE#s-p>rh3Gg+3Q@Fdn8G
zAI>|F8Q4qGC~}0QWb;~OVTRulZ_MsKm2S5j;Z;n<4K>R5Q4WK<1gRPG7~&~p>x<2h
zy}#TLA(v}a_6%<c(hLzF*iY<n!_)|WGaG=8TV|r5Rq~2K*8`!JpzdKgff=2&#arFo
zAZDg0)uU93zAr$dOYoyAXSA_5T}P~4SqL3(M!5FO^bn^ouOT$2fLLbkL)u;yC(%XC
zY7V}=MK$F83oWxaz3nV(c3YVpZ^$W75}7eF$&#VXbhpaEK51?WG^D3y(~kFG6ccdF
zNb_m03;IJ>pDhX7!1|G(!H(>Cq=CY@@A_tPyJ=7d;ooFn=pj0Yq=O{nF1dEI>8WxK
zGN!8CY=U%xi(XqnuW+YuaeSI+G^~=qEIV$MlF0(k1y5*<v_GIp`vd;f0w#@u(p(aG
zqpgHoj<ROT{$Yg(ZuRIcxHLi`wdk4K$=rzBIjJt)J%j>AjX5@LE7PfW)7npAR%Vq9
z*XrnrKWB1H2~pwXMdsl_Jr581R~+vr#YyuCC$_X@*u6nJB<q&jC!axT`Al6fF{@5I
zB}uV3F6yP3@hZ1-fX5ulSf3pp3@M9;pstZytON55Ibh8_1j2!JL$qdG5(BCv8{md<
zJcDxys>rj_@LkjeJdTxjn~4ey-REHKZx$q^f*-BtPr{B^wtYAGE{hZGcZxj2f5IwA
zPn`jVePG0}0_79jlDp_#$$U2oo+oYEb1ixTGv(5tqtJO$37yQdm=<T#67x>d`NC9*
zW}i<F@_fX6A5JQfUAyd4R5${FG3os?m+#t6U7A7CTjq;oU{lC~NIrSc+>~8^_+?3k
zoNZu4oZ-<q->5!LX2>;NpeOkNd^`6HN#92gIPR|8wWRv6odEv*aBMa#xD27L&=%)z
z`MqYfpg9gzIih2V7J)8nFWK)!Y!_grOTkBp?<zbcUd7B%cam8}mj!JLfz2g~Y4;II
zYEEY<8!e=C5jb9|HUQ<d+pf*Z3sGO3^!Lz7P+#yt4)hl9a84g)Xyi6WcQ>-PyiH8?
zj*OEv4bBd0&!h&Cx<lK3hkY*8gC-A?^J3D*8;qDzRF7t%$3TjHc7DZ43m?jKpQvbc
z2adjoatT#6j=Eb);Mdo-TG-c_N9ma}XH#%ZVtpR;7k+XVE9GhfBXm}cVl-DcvSUZ?
zheuZ+mo*z&A8Q`|Yy|LP=+##A3eaoyb94Jlz~QE{6H>b|PU)NTl)X7G`|DyafdRQ`
znc6Gxxb5?85G<p02;(4wUXP5g+m3QpiJJseR+91wYpwV4e%HtQy*urpe5Yh)j0`SH
z1j5rTed?fHn=byMQun#kbk#GR`Cd@SDhabtUwYCjo0&(ixogU6E|rJZ)kC#Q;7$QO
z89Sx%L?Q94`N1UN(Xg(O7)jPo_lqob(i{+Nt`KKpWSMQdmH48%R$Nz_U&z~Nrimsn
z$w(lll7jGf1LTHjYuYK=mYHi^T_F6CU%#WIDs;idnnYR&DJ9E$mT<DJ+RDZg>@b~_
z5%~<glibOTTt?dQ5gL^y<N!L#3^hAS$Fs@Uh(VP#Aa7YGS022XweAy&*)<J61E%r_
z$D7zMuB|+wdEP}^r>nP)A}CG~TiX=_6tybZ5@yU+oIrt*RjbNRG9T?1lah~!6Z~BO
zK@yZ|Vm1}4DU9aD%#cvKHlVwJQwJJl=b=rTQPpn*p3>=wYa<kks8pMv125J`JR@w{
za7<>^!AO#M8--O2=owOs%w{N9@2NkxH?jSa1Xfm0p!cUao%yu(C7n%V;V!F$$Q^X6
zpkw4+<Q9O}?t6l<vX{5Wb#V8l;L*}hQRP=uMJj5&8$TV<?pJJbIEYBlMWQt?m<><Z
zlg)5bDEY%mA8mV!X>wG%wW;r7hf6|AB#wlpuiZoCVT5<KStIbotWhs*p$mu?RMbgV
z4p-WW9J9lcZAqQ=$UMO#PBp5?(?>8Nyedu<9mSC9acU+*R~ArGw4N?WOD*Sl%I7>!
zt(-$VbtW)1lbO{-pyLiYP&@xr@P#3lgUZ%ns0a;@hyv)eOt+uPD&R~^4=;2jw81(G
z7_m`_n!?(PDo2aTIG5~1VJC_BtBmD#E2y0c1+`NssO`;0H>*HQgG**MDyE(iQJm_5
zU=h_O+hGrCV2cqr^_gE#hJ(I*uR1*~bVkq|MzLLeE;=oMkz=B5zpz>mHoez8Fsgi5
z^vXdwa<>_E2JW-xp`P>_TxOf<GQ0kw&-6GmWj-8Fk5qp-qGV>B<u*69`vmODLB5*}
zwB5k)KYe6Uc~&wyt`OTx${g^M8XXPGnK~~CTh;AyvVaI5i1jh1Xo@OW&R3{m=uihL
ztuzlMoMe*sa?+1-E83vx#4470Xhf_#bcThDj6$XF)9G00K*i0Mq1`mH6FST_lg=89
z3_zA7KB+`MtI4cqb^eAQG$ardJ*G?GY0P0{Q*r3ApQ907wUnT@nzo=>55J&B89SXA
z&rh}9!EIu7K$;_4nS|FlbD1Ta;0%q?S7v%Sf(p5ds+>)F6w+ubhYCpsz#bEe4GXwQ
zjwhm0!Si8i1<jaqS47nzy0E}wbL$~bwrgDpETz~8DaFRhxre|K<R}Gg12PX46z5t6
zq|c1p#U%oD&s=%yJ(St=;m$3Uf^&;60(TU8%UjQrE5+lS!q)n;9x7f)KDXU+%^*#H
zRt#0>muTdry3Ox=grP}_JY3|KsEifFc4mWwbV^92aa<@YDosN`l4CXDR;o(SV-0g_
zrb)6slG*KZbPTbNpt{~Zhmj}v+mT3irGVh{0V(as50i%#5wcHdA^Vip%*a+a8E%D>
zE9aahG@{=_JES=uv%$20=u&r=v1%P8V;!wWjE6170=V8%j_Kz3qd~r7BpgFi$RW!X
zWPfTT3tW_t2cRt36mqc%naSD)n?HQZVP-j~T{vU`ymGQCvRO=L;FI-QC>rfW^9IEz
zD#IV7&qLvkE^MB@n7mFt!Ga)e)eD-ZFZ$ci4iP%dp`vxI&1rQZXswM>O(-@aA-^Y?
zZ*r@lIPk0w0;R-(i|=$k+67zRPVk|%DU)j#U#LT;nFFz9gmLqt0R>ZrHAaZS4rH_J
zAUg^w+Q|=`D!5h?b_0n!2TIaiiu(7XR4G?ZR2bTYpIR@p*d{{HS-z1yrVAS!X%8an
z`Gdw>=8{qf1fN(RCvSeiLgSVKCmHv@*mkTpDprKjBs+l@Xy`Fz!C+8rrZsLLSbEQ!
zKxv{J<)G^}hmK{S8N?Q+m7WU<(j<#FjJ&po%tf6~;DUlVC3Ddpd98T@Pm!KYPx3#_
zm2j=NZXOi(u6NRnHMP&dx@b*wC#@#PY`=}Q4lYRvkqJ9H5W4FOf7eb)QEUHlGDTqp
zr;#o1E17r#`f1BFbh0fg#QuL3L1M6vY)x>%*cUz2!%li+24`L$s*#!H#cR9L&Pirh
z_>!gym^%uB%tP&*T7igy?w0g(zP56%jxGfXH)zz<S=m2O(RECbmqJZfeMG3~>T}qn
zSn#H=u3qquSfaHJ-j~PHIaCcg2aLYF<BEr^+mY#)pLWHwgfcy_ITx5gyK2Q~kColp
z%OjF@Vy=v02Ynmi_P~f)`o->n6m^Si7<s^2d!Zaq^aRU>h-=IY&l&1$oe8z|BP%e6
zEA_roeXs@54OwdPi_>_d1)$~X)90ZPj9P9k^kRCAOSxy)<2<u<hTlUrAN(l+H%~LI
zgm`mMraOadznnyzkWT6Q>{R4Nb1s?gx<bO3)K-)NR!F3^&O6Tev*sUay+O&0Dq-zd
z&hu0boLlEPk_L5wn<&P3DBq1#S%%jvn1$#h$TBWM1AK3%;}UTU-mZA-sGn7Po8GP%
zl;xOsreZX*0z$vc=`iLFFTwkaqvy#33Xddt>QD75P<WU3h_QEAH6ExQ5-|vBJppu(
zdZky|7lf4HQz`!?rLRcH)7a5_x<pXj(6WYAw3oO-Fqw}ypBWIpoygDC4~cI>#WmmI
zY%cJmn(5p=M`?g6drhPRKb(apA}Rp7d0-$7QKf4wUY7W@%-by;mM`U?(oU&v7UMDd
zNl=8-p=KZ5E`Z`^;?&J{SP_Wx{z#DBw!0FwtHktD=tMbg-VA)qTq8<%XAKN0&WDw8
zXgtm;7udohLURf4KO-Ly0|*Y=rj}6-0t*8l&6mxI@lQx1SCxwRFtQ2^?;t8v41_ph
z`Jw0+<*;HVpl|nj9z$6$uL+#Oy>%{Oqw-+E^jZEMCP(W*i%~)*@fLQt%}R_wYj8Te
zfei@<hZU<^4-^Noptb7(Zw|a3K=XAbf#b%3Pbmo`d5W-fMNjVyDH3dCM#-qOV>4<5
z@ieFl!*VAW)FXx_(AYX}BUI_pZG*^md%UF-0)$-mk<%dELWhi)Dj|(&0!W1&KE1x2
z25XD=I~K7%<TND=cY*OGXic_pUU=C|Rlo<!{3J4>P4;liQ6v=oWHvK~%&?Y^0HAb1
z5Rt2CKDKC%MqZxyMF@2ur9gz7l!wv%0l*L*a|^@RH@q>{wyr{8@(umtB=y7`lVD2B
zys0^hGUTvj{CLMc#~%t>3)H!vO;m%Zn^eDH{M6vtR8pa|RG-_O;PFQM@ks_1;^vDT
zyue$!12(wF^}#-}-Ds0okI2TYHqHW9NoS+wcN!5!)@(JlDFP+&8*2ku48O;6u?lu$
z6}b788I~oM58ZozJ^kml8UN$-UVk#=BRdQJrg%c)U+qzc-7rH4*+D@b5#)3x^dt|o
zc23cN_fm=B$4VW9#EQZ!CF&WO6!b8Fs4}<`Y+%sa?}JvUZKD2qa6<i4_sUJJed%rv
zZzk-;f+mOkqAGwYda)xpqw+uzl+~KVG#snnTL}Qg^RKw~7Wo|J<2EW@ApUDAcP2hJ
zltV@K!$s*=EPe%W+j;jIVo4TLpPUeDp}*gfMF`||EdtX<6osfMyvd#r7&}7JtN3;~
z4oNjjkXq>cxjg}3AmlZm4p2>!7Lj>N(g9#tS!vb!wr{+1aFnPOn&2SCgVi72eY8>e
zLg33YPFx8L6rD<)ceZxg!N_p4$P!`sq@f^Swx#C?*@TP>7xUd-7(Y}SYexBj<))`4
zv7D?21wDbh4PE6L27(KCYu7StX;jyO#5@vVm~{2?1ateH_+Cad`tbP0kO^M$X5)i>
zLoPN!A`buV*pd<#Ig<Moy7!V_emnZAQ~wSKu<nk3-ymXHo$TN8_|K|twVHa>UUXY<
zyRMkIZ~c;I5v2_&mF2$|-A%W6%{X$cr!lI|wzmv$sx~s2ln5j5B-1dQlNd+QQ<@K$
zFu_2;0B%8IQm{C}71}c|R7#?XqnFiA(^XZ?yQYFG?xnh=?)YU=`D3_I)JC!RZXqd5
ztY%HuOL(K`kQcg6>0&|ODI3)8`gsdCixLCx55>UyjTk6bzy<JK0y(_qaK$QFiD@;<
zLJJDoq17BsK9$1*CnqS8nXNOCAOmB?5n?Z&!`JH2T^fn?4uBts;bOyHlZEmTza!+*
zBp|M#RW=gr8_3QNgp>Bb$~p3Te^|K@cvBU+#S8Y8DAp_lhXvtc)yCGI=bV5avKN{@
z<IVyRzco1#sJ=I^HJZn->)GB(IhL;zZ_i%e1T`aYz7&xZ@iB<0k56j#@kv%6D|8Ps
z;_8qB?gwIT6C6v;FJHO35!_3&lf}AjpQ30j-c&<`f>McEg{6g00URaIg@o48x}9K9
zSy(aI#2WxlumP<<K@tkE{YMn-gw!&ua_&YCLnDHKpFlx$dgYvQYzX`=p+f|gp~WZ#
z`cb<hX@`Qo#B*kMkCcA?1z$V=f`)}~9}t9t`%TCO?zi;<w@=W*X7Qa%^)0&8cePW!
zdk24S7bA05c>SH(C(bipd`n*NNSXNw^|xZ$q;@^pgJ$>%i54?kVh}*o&0Xa%G-xwf
za(k#Vd6GV~<XnTpETE-zr^n6kS~xZ}-sEstwR8(>sYm&CAy6%w?CLGsNht7&T|^M#
zv79=D3fvP6QPJ^~))GlLN;I4yQSyCiM~2N&-N&9d>mEd&ixf%;LkE-lqyXT>Fwin;
ztvjvv#A!?JCix&^7wNelZ|ILV=wm~8b`j@l?w2R^mnRjKWlL1g@B)O#ZtICvb4phu
z9&t}M%?a9j@#U}>&6b}I_Z?88lB~DK9TZo9;cw)PHP$?Qq&n>w6c|#`1R9<law`wE
zG26jJ3uP~1aS>*nj?(6cSt_G2V-av8SLOZss-%#*q=l!zGJ!i<jez}ZGb>w6#S6=N
zf{E`Mu(kjPW8MEa*#>yeW#|MOWAzq{#hOQ2Ec`%6+tLKFC=sVJ?(L{lPG2da(f9MD
z#qp9$_<d2tKa^qUQ%FH{2t&hr5$mRkc(JfAz~hgs8zkV&do#d1F1w&PiLP`G(2rSo
z1VBw?_`(3vdZ*P+gFmaQ-fFCg5XxaNE%QkyJ#2d)KsCWCuJd>D*<lAt`Je4VR85s0
zrsKh^QcBZ`jPs^E!v=P?J3S-ZQ`1W{nznjWwP7Ay9j1mZfn>XpQZYAwe2iRNZ@P^|
zoNAyxUCMgWLRVG96*3>f0fa~|&@>e69yzZfbg>Bl>B0{2aQum($(=JX8~!S)37x-+
zC;jjE)aqShzO&E-jSI-%>DjM+hfxjv+Ianz4?9O4HBzYo9Qa7*(A<aT&A(o(O*zHo
zStn+4A#JY1j9~dX8iw*bZez12UeuM$J3^jcz2`mCKyp&XvrquvtXay%l?EI?JFM6-
zXBsB<xprGArML>~n9u57#QZ753sPX&?Mes~ix6h?DzkVga{xs^y1$y!M-WPDH(kH2
zgpBth7u5S=-D5%rB6dI{0seFtXN4@ldB;3GIkq};EyC;IGUrAXW4g{D`@kV4)W>_J
zkFBiFnRa9mEPQ6Gnr%-3E)C!EhxgdGe2*JO%lrI3TcBU;BPN{v_HOrW*`E!{wpP!*
z*S-{N)PgGBOem#^>%8mXDBsQ41&4259Q26u#|Quu#ssr?qG6jf&_yB$7&R`#lUg=3
zOUAdU17L~!^kD>t8WNjHBte|Rf_=n;gl31&_qJBox~J_H1y*u4wfJC&C}NSADfWL-
zmeaa}Fj&Z8)-@b;R(ZE@mfme{i?e6VKUN_J!(Ml1P?nQccHegUo^8)FK(fzG<;+ZS
zfN|_|<XI|<PxC#2j5-x=Lx5;6$UJb6L82dGgo_ahaYvqR>vR}cg#7*$CmO_$#uj!b
zB0o44fH&+gNd`W&DKY%C8NPdjh2KG$Pt!USp|qZWh=s$CBr19l0MS8f!Z5gJ&k78#
z0B@V+HvRQMDlr(HH@XAGMYt~t@vzxZrV<k%z4Bo#J++qaU0yp(+>?ISlm4~TFD1nN
zh_kSP%JWGAT}oR51}5lC0d|wM8d7Q%TjO?swZwQG;ON76PNAD5LCxcBLoCmcRsEou
zz&fqa_vVb6qjZEgL8$*`z%DW|QkkU1Km_&fBZ;vNft)4GeTiqT4rgk1(tc6SssRuI
zb7iB#oV!E&Lo5m8dyl<0^GSz_G7if2aEXm9@Ks^~65+d*{Mi-s+b8I)I-QHa9C|*p
z9-I-<mjy%;0T>9Aik(QtnAfqS#er>4{VysD875?JWo_l`SwY}bfhOcZXE!hjw-Q{i
zcD?S`Hoa!5vd<Z8$F4<U{)aG6s5fQE1vhFd_)}f)JFAUlHuna&H|}QQEtxkSX|Lu9
zl1fWF;7UOJ3sg(esU{xYLI`^|njGvS|Kw#9!0UriM{BaUPEwOH4tX_7)Tg!QdI`C_
zmJq4KqGllmA#A+CbR}hpcV&>TB*)%_>OwdfUI-__*g@)^=G&mI5K>ox*-sgn<I%O1
zjA7PepOr0Lg5R4)-Ts%1lr)>wOi8^jLbYg_=DL+v<VwyqRmo)l`N2THFqwI~*X>HX
zjh*ty-d4mf&%LXd06b&8qE&r7b+#h7n;61~_ghlzDA$zm3Q9dLdNV2Ac50}dMO>+#
zjZ#Gw?H-#pkJG#5UGu}<MjESiRze44WLzhI3Wi!lpkM9HY<wMSX^G`Zl$6i+bHsEH
zZhhi)++9iovyKTLH`aWa61kxDHC;qJ{-Q-d!(hs+WGl5=%rjR8dcD3@D`Q@<J_vK(
zK`GZ9m!Sg?lyaHwno0qBwJlU@Z=E~~z2S2iFUqhb=3dFqy1IIfFgY{f$(hr#c|^=I
z5X`idmi_Rf(_#40X%0Vf3g{X=<Cu;HEj81&qVntqkT%b^9$4dnyKOv<Pk1{8{9U_u
zlmKN}!SKc)hG9sUCw1#WjCH6nrYkg7kArbOVaL8kLUST$x?y53lVbcys~E50oCK<K
zlBSfEM%3&9>+og`7we*-J)lR<SjOlb+eeVfs-@9>gHSO9Pav2@st-Niz@IKrxzaG*
zIM(JdAi4`v9ipjN91#-<pwHYli6kc>Bsuy*a^4XrJoZ;uuaORx1x-juOr_kt>$;@A
z4~90GoK>()uQinJ1U(YJ2GHb7;^IlZi-3p-QrwXo(W6x$4$S``*<a@<Oaw9Ys|Db#
zN+!_b1ntmWQ4-T(wpegO3jiy>Said_py$HMUTMzCiduFxW86K4JY_Au-*?eV@TQvv
z6M?x0c35?QK*HE*XC)+Zm2>c&*RakxKNZwp;#)8!Ei8WcjaWU%bs({0ZFf`uJl-Fk
z$NN{#Jw<&%X;0BVIh)c~fC^%Y$ILT{!|dp49&{+I3$TAMo@}q!g_#>qiW0EZ{d-XI
zqh{h`w@4%4bO&cSduF%m<>{m!UZPIE2r((^o2gXVLb|~U-uG&EPtIp9xM}29rnRiV
zZ94(c%?l^R(pQi0a_ZiQTnKdY`bsM)_Fh{mQM!+bAZIA(bP9N6M3K-;j81C+%i(?C
zZHfoNP4R#s(zvV_l&#&r92-sX)*7i`@KOn3SF(SmzxFsQPG877%i-`Lvaf4TXDD{S
z-xP}}Foxwsy%PG1oSbzeB3_MYhG58Azhz8#ZNmn=@v1n%(51wBlRU4zJ+5KxU^2Ll
zFJJT=P3%i@TS0*F=czyWn0~*=RhS3Y`2*Y1LKM+>EYk~f;+$R}#}?ZMY0C4NCa)Ha
z-Q`&?2;dQW%JdM^({Y+VQ~x^P6qvs^tVW?vDK1FdKd@^Ch#iw7LgBiZi;5a*(7Fgt
zeIxHSEH`kzu@?vsjD1*ul^}rhUSV_H6(d4XVibpZ3#w{7B(b^+zuHc!L;MT<IqWkG
z8r{!Tsxip`1OE9s3G+I1P@q0h*N9|-fS(;0JNj<2gJlV>XrN7h1f5DL3tlaY-1BBL
zw$|Iw?cGfRDOfpL*-QccU>(ephwV;!?c^F1*f_bFo;sbrILC#3uH*U?+Ivx+O<lw8
z5$+??3nf*g>ky`Dwy-U<frXB|LK{SZZ6U;OSXbf+T70jWs^Q~xSJ}zyXiz=W7S)pz
zzcM?1_v92jFq5IHKV=q5eFoDz4IR%pj(o>?H_(RG5H>EPBC_|ady4Ng5#Z-gBzDcY
zWC>Uu&q`^-jtc@}lpQ;$L6kS<*#S4>{j#8Nn~r2!rSW+^7B7!lr`t(jC9O9-50HoE
z7e_EewsAlAatux<Suw!46~d<~Cmn*$R=F$j+F+o%Rk~58jCL1X!fy*N;kSh@*#X3x
zKMBm4Ee@*jd=h;~VKaM`?{QrNS0bH``h;{YLGYYqxUC`BeStlctT28;G*OWTKrkeG
zCX%$5MFp#6t%<O%trhq*F3NTiv!3W&BZ?}QIwIb4GkAq-iKNtUVnF<91?HeY&eizC
zVO?f*;GR7bhAV|@7BWRp%?jrLSwS372hY8K1~wbU+(0c9Xrlmcnsc-4V;Yy%ekb~^
zO)sV7G##E7jecQg2dg@_7T)HajQdWQ63?&J0W{RzYu#scM_~Jky@-`;pcZ&e(5Q+O
zg^9KkUgrsRo~Mk6a5dxXz365rX`cC=R_!~Pc0XZ}>#cRUvl$VDtD4un6F~w)NlA~H
z5xC4sP)4%dr>@AgYeAXoqETqi-(owhS`UsrP~T(P?lI2p3tJQo=frD5?txWei-hGT
zVBL-m@S&{hn8uf)$kd9n+}3jVvo!+BFjr>xm@d&{yyGg8LbBm@u{$%8NgheR$?-yf
zlabfBu^swnYq#A!Y-JiM3T}miayIBA8Xdu=t2t75Ka9MFTn*P_nOs1QDYyd}Fl+~<
z1`SSaCU^qI1kB%61pT#Ilqu%w;X&BsKU7(%$<mG`Bev2>J}j9W)Tf?jeb;r?27<)*
zwxDa!Ue(tSd|>ex_}a-heOW<do`dC3@9XlIK@rYmZA;Ser1KKIo)~TjZM;M`&m?RW
z<u5s7E~#8q>LQz)%glW5CJ96~QpA+@@x8V@OwS1edZid*E+Cvv3p&cl3(fYP6jqr9
z$nD{w!5A);8c_8*HD?W7(MCs%`d*CaJmEIq23SDTW>W7d$5X=2RMp|-u$PU;`N%>&
zszfVvMmr3JHr)$xXMoQDg)HxLpIcHXV>db75FL3+5*nLO3+h5j$b?J~WPnm@pjM1d
z%?LVSH=*2RVjCh~2|MY&ii}$X_qn!~GHjHn_8s&-*+}m}(IoJt)Zz-d{gO*sX5Amf
zN%*k6DPKj}W!L1q?^lnm8PY&wH$|FJtnY&%>-(T$eIIsFClM=wQqDx;RJ4x9zLtP;
z%X)58SS`SRQ!xYrk24ly29T{Y7EJ&zn$hz(8FlR;COhQ&sbZsu1xdyRfQk$^l6V|o
z_~8@&N46e6Oum+A<VA`jtns7QeZMVtNBCaoHjP!<YI8Q_{!uK_-N;y@YQP>TejTX`
z?pjpK5<QuAv+j1c*S(D%xhn2N&q(ueCuWLk+C0{jA>fes6U8e$Mr|!*dpMWKO*DIm
z^}m-pKwUxL*D`*>xdE#nL!ZwqIDpRvI*{7y3-yUwvq8zRN#JXiP8k%RGUZuVc?*(G
zJ}0O{miEnP3Q32if#|0t<z64D^mI@y->#Lf;&7uNwm?h97|xG=tYAD4BxvC{$WxqH
zj2gZwd%t>xXOo=K7Oa2v$N~wJVZ=>0dDuE|NOkrqtc0xK5>j9iqYOH?4~%`q9M~c9
zAmwvros0XRo{C7Ay{D|tJ@A%rzlTAw#9vJEq!vT$2@#~-auj#05ySl;>Q1O#_hUz|
zvu-?yD0PP-mT`!66IOMmvr7cw0#wLam-Qzu0-=+rxFy{ZC$i{+|GGsl(ea9`k`XY*
zM4T^{36d0CGLB@1Q{l8L&`FRygZ7*kKaCN;@?^Ws1hyGEfkKLLbDNSsDzKi1hWu&A
zJMfsDVXjFW`Y;hG&n0PM=r}!gx4DDSQz*FyQ798Y#v*k_d{wBIf&p1i6n(-Td)a8z
zp1=)iBl(!4LNO|$q_r_{5`)TcM6N_qTFi3|eb^ifw;*&+MXW6wlgGsuHGC(c@O*in
z>=@3N?la^ub}QgjT3ILERtRkN%`U#_K)6%vHF#C=9IkgZIw$Ka0Nez5OyxDq2x^Hu
zneFxlXeLGQOm)1yYg@t}%Z2loFKf%jQ|GUofBfRs#Vc2Jkl9Y_q#q=hojqyBch)(L
zwao8R?OK6T`gJEg-EMe2fq1C(HTQZQUW;oRzSkY#_Zzy8yUl&Xbr7erv;}9tOkvx8
z7w>u}O&5P>#?(pQ)}Hs>=`?+td}0dgp=4)I<2b`lHq!K@CoEi1C_vWC;vCGIfNPgc
zBXViSy4Fs>i7D5<BZ~MW0_JZ{7}x}J!Z&Ve-+4IK(k+Ykk0W3TEf$y$&=fJWB?@$j
zP!3AM14k253FLl0Yn3bB<<iDSVyi*93g9@1+`3ChFzE-Dfn=}v>C&RYnH|DT#7bEM
zK9>oO>pPbaA)uRthqY8&9-c?w@N@slxpz1Skt?%$9^Zs>i5cP?<Ze~ENEBPbY&zgE
zwF``TrUR7S{zPK|;31J>Y>KY%8sr91E;0y?j)I{$>|qkMQ9&iC*|3DFjGRRxgq|+~
zpD?1$*K^5*KM=9(CkGJobXby0gJvE3=9{mf_QSB;iNh1@6-T^-kiQiCrAE`%VcW0V
zbN{6tAKq)t(XlRphDYZa3L)FLim<Hdm@8TDi}Ylp29h?v=j(}II#yPVGbN}=o`1t<
zw0&Td(i|dE8geFXy^#Q+PcnMBp?a=@umnM3kL{co0YUg7ZWI!J;Z8rwrxqPZ`GyCT
zpqOJFSOgkK_K(Z;LwL`^x6?_(hM*7V$lJNYS(1V0_G=^(D~Z-dc?<?JVHmpE7`G{7
z^RdX#AiptjR;clQ?J^5$5ec2rM??1&SB@x49x7PEV2X}+>NDk5;`Ygg@FBn}o7>v#
z#n2xGlE>JS$eD7qD&*+w(Y@<dgL-)HQ4^9NItT**orIKwc)_B$=aZa|>N0jcNugxa
zr2=MuNmVJD4l*T5`x$Ip+UtZ7x2@%5m{xld(1%ie811Sqo4}Fqft7O?A*vvK3=%G)
z9nZUJ<P^w_W4QF;cHV~sQHY9#GK5?@q+r2VBEIR-(TP}NPC*Mj68T0aG_*DcC0W_L
zy-+3Rrwv)C!7RHmMjwK6Ha{ReP|0%Jq!~grPR2mZY1sn{Puia$&m<9q#UPVx2X?D>
z632`Yvt($;1ra^r$WJpv&5R&0DGkj8N5)~E@diO>;H)BIN?A>~14D>O*>$ey)P;V|
zb{w0WPkd6`mylzPrwhzAe(GQ>BC~-%)J&)Y?tvSEd2b5G8_G*anD1qae681#H}Bz`
zd!)o}zrcm&Z7b&<x9O9Dtw)Zi9EwC*J?G;ij3#}`+CS8v)nD+&ttZhY-c)E6YBzIm
zIVmSL>Q~%H$nATELEXK40@}{B8t1(t(?RduFi2IP7cwY2wPZn>0h}8ZGLK-v84nq7
z-t#H$7;I?AaHK9HI0*fAlwq{|0cow!9iGAbZA8~}&&D!KB2_jq5%!IdHF^?|uXT~k
zE`qxiN2T7lVZOBf1ob{q>IXBoeYEm%^=!A)icS!fDf=1G%)aD8p?&bq+{I7c%#S!e
z)iy-8+<q=e&8-g|JHg3*&{9cPlD$aOvC};uL%Yuk4IZf;r>)-iSPB$ZW?S))s_2+x
zn>;&1XKSv`Wg8cC3@=Z2E!DXFM&%n<TR(mjb@P&lyw(9akaJqEBCS{P))UwIyPcPY
za?<x&CI*)R_>umbU1QVwIRV?tS>E1seh5OT__{g&)FsB(&1@j~RwO<gsS4;%_lrKo
z6$w>JTG;?(>|Legi$$2jeA;Wcn5Y`sfb1t&0uFPE#z>ziE4Z7DF&DB)fyhB1S{Bc%
zsak^5aGT0QiEmExY0tS{xQ{u21#h^$@&Jh?#p)xW;*jtVO@%ap6uhls*E@blMaPd4
z!zbk3-!~jJxcumz^e{EJ;odpZa^_KqZEL@03MZ2fa=Ve$x6N%TN@wtJMCWLa*;2$7
z*%XeqK*q~bSwmz5r=2-#&W9J6nB;&v?*YFBP0k@sN@%O;JZ%6MYD+o3+&oyLhYvi3
z{XoiEl?tT7jl-Ht3;_ZU{FYCt+QP_GxX$QzRG1B-$*&!N>=buFdzpIGKtV-pnuf$i
z!rjVCjOFV?<czsHP>_LJ!XFhd1EjBjF7Mby({<R`KpY=N2LhwZu9r|T0$|_;ZA2-|
z^v+g~8#l!0v6<|6_vBPH=~_c_&orF_Iipt|t5^h9H@XE13{jir69p)V8P_pHOO$w&
zkZ~Itf@L9T%q7+KjE=SC+1evqd5D!h7^MtVEDSqEKo16nG)^$CXp_BS42`qQP6580
z6LNXB-s-9cNK6RcW(eFYX7I{)%vmAy8p!2E9y)~~k=#3Q$8;(`wt4UjsSK2czWO)I
zBs(zInA|D!OWh`&;3ATYF7ko=_C5i+M<^;h)nVkVf|@)nQMZ?Zv~rj;YEtC;d3gV$
zBup;PL^q9SklUL`nRc{fYY%(NeAB*$N85MJfC=40x4>;&u^L7ZO-@VS`dAqVFVDZ&
zA#$M|4INk!G9{>;AZwNyjWzNWqy6%xM58Dc%Ashw8U%Spw8-xEbM@_H#UN=FQ}U%b
zvd%{Y55&Qe6rJpl`pp|Wkm$yOdpAJs@(zS^<dJK`GDhZj?SYJIw+017TJ~QEVsEc3
zNfPJc3Gu>S)E+kX2q;fIqz|i6We%H}VD?wA6JakmZoy^%aCamr>iw#Hq=Rl;^X-i^
zZI$Eoj`?E4ZU)wfNG?9NZ^rAg3Da`oz1Xn3Gol`O$l>ZJo}LtVp)^HnVOmP>g+3{7
z>gZ6+vQw5-H;lHg<SF6lhRy;7!|3Rr8#=vHxlW1CHd35kP^s2K{aIxCG^b(Z$ttnm
z8>EUoaqo##I5LtXz-bc#zD}5aTlFmBk)Y~!Y8au6&_HXLQmn`1mO~}*9)wZpWmT)n
zSCUG;VTOsU!$_lA0wSWwP_j4hsCvWKU+|ds>Qk=<H7adw*}gg5uwl-?_RawI!AiNR
zT7s}>$~>ama4PEt#hl6#0YsvjZP$pzYK%xcB)d|X^WhV^_f^TD0duw08o1|9HeiI0
zS_Ajp(Giq&I(qkQG|+JYKlT|1OO^oSNQimm`hDd_`<~K;kA^3vxyR%3pw{C?bi~^n
zLU3i6rfox35y?^|-~n3UGdae1W}~4RPZY>8VDRc>(bVC{Vn`5uTIkU}NAna`P9w2f
zEs4ynHj+8hk2;yt>Ls75bzKvt+!kd31teZ|4azig4KYHfFQ#_)#tqYpTcv%`mORS$
zkxug%2qrus*3Bzzd9rwW@#doPjn}T3;1=*Qc+Ub@<O&H$1Zw8JV79!S`qL|)Z!~?r
z5q$11r(DH`hv;^pYq%zESH{qQ^d>##-O3ZZ=z3jrS-w2GVUUk%Tj9-1lNIxIgscD}
z7_E!HUeQ%CFHJ32R{q2mhZI73Rl-(Ctr&0Q&E+@^{&<a$0;S%@GQ?z{+xwrMm|R^V
z#{nAxl)&x`;sIz<?Xt_Ct!+mO0O{?=xWEQF#Xw?fmerhinh*+z=p!A>if9@|Xh+Qm
zpwf}LkaUW~50fyPkhg(_f3(hjXk&#9YXxC^qAC}G&Q`96+aR{7@ixnC?xYwp`@XY^
zXyWb8+YLaF)cVtg9}d@pEx+yycCO$?P;etGXu5&boyEesX?Tp=JJyxDWgU@Nt-Zxz
zF$;cCgQI8u?7S;#-VDL1b0&7w!Pl7|g2@ZY%C4xNFW|1mI2&*wQ8PYKLLk(7JD8}E
zSTcp&i-jZ20DA@5QruSemW{76wT=9{%*?c&q>#2X-(f!W)Kj$Re&T3VvkKcyz%7FC
z0*RM1n8IxrBpTjtbxsH1r<T9r=JGXB?giBaQO2a1FF}wj<V=vlvjNsor1-@buv7JR
z=ia>acF|u6JS)a~jjcB@LybFV@Un73o5x~>c&njn+M><2O>>nsZnQkQ(V}-(126Tm
z?X<IhP+RTnOT5?eJG$47x3wD@v`qrFf@U|Mf_3l1u;Jrub8n*`ch@hbvD>_EZr|Ie
z?v7Y}FkN_$V@}{8sOyG2IGjEj2yzE(kFy~ufGw0r#x1EHC5=>HPGck8M^iDM$gREH
znvTW%z=j{-Rj%F4kFMK#8d)tYD@T-J?9G>fGG#A3vsiMDgu<SVW~;GfCQ>!lwhvdL
z&2`M1YTsXdUp}FxjfjGS4-UrJdSw9z=<mu~tNPB7Za1TQG@G(E4J2nzPb9sG$YGu?
zO1{Jm;rb1n)&$&M@@%S1zF=dX9#7aF<p<6C(xp@l_hx!FWhdRad$elYqaFJG4{EDs
z2bEV?x???Qm)XNIck{OKaT;1`cQ0=ABV&ViXq?Mz@;z@$rTWjE+vw=yNt;|d-#BN!
zOb~n<V)FPOvX$XC#o>i>1#gy`E_mI-NWMVK!hF=xO%c=iV0&g~=&u&B8ui}4EE+zQ
z9UQ!912m2YSI%8@Vb`G_?L#?u+bh>h@Y-T=v)o}fG)diJ4Y;0jTf)Iw?6^j7pEaMO
zeAtmKLN0LVI^{YhxI7T~p*o{O#wDPRaH*Y}U1DADr01Ty9qC_GJvOJ1S9Q>1-}w)n
z76?onv^Qpdcauv~>q8Sj2AX3vn~>WbJFpKqro^^l!EC2x;#}31>KW$&A}mpg@qoGH
zNSoYSYxaC*6nY)YD{4d?lFy2%V&d8`vx}a>gf8S<b{NuEko2fL1U!&WsPBd|D6{@f
z;e0{m_Z-h1D8iD4`bf~kobxIKveZ7*pJ+#a)W}I9a6$6cVK_PrAqXWn=~Bj?w7Jfg
zSS_wn&79wUay#uGYh~$thW$x`l?=Us=MGLgs#UHd=nYksgZ(_Ah<O|#9)KVok9>lP
zAnLRh2pcA~zO|uyy<If!NJ1%HD~dq6LQdS1OlG4I2|VbOrGhbPKGHj;LggL}Kh<t^
z;R0X>UAFzyZ$D{lf7fq+H`4xA3E4Y}F?j7oXMm<vRG%%E>nq%39r0==veLG2b4lGJ
z+lvTUU-K`s^|h6AkFqcC1@h%BY}yaG(>(v%Y&I<c!mMWq_^<>GX*M!nOF|s*S~P^6
z(bAw>q{uHJ(Ud7Y$_wl{!JnC#EFp~}MD|l{u)AFPvdR!kDGO14n6F~$@Nu*v7ognA
z5#)$~ARF*VrXUvRT_x4q-eVZASxjDDMzssvnk7LsnaTmA9sC;1-vBSbWzgpv^Nqpw
z<PI^?orYzsTyF(=MRl2uG^LGZKm0bM*z-p&Z&X^%$X^`pKerlo8O|j2Tz6{ccxmt0
zSzQN3DHJ~pgEZ$Feu1eXo7`MAU#(ULc|LZNgjY9V@g0=n6pv9(?7<99c|5hNJ-f@&
z-cb*;0ZlpTJtzXVJ%qz?3O4|CXe?-M)3HPh6dX{keRdnF_C2&=E!YoSN*!d-cLr9p
zK;i_)kKH%BEStaza?k;wIR$kfKu5N_i+-t)Yv3JJv>F1lF(HrMbv!m<>)<X9Y8&VV
zWx9a~Kd<@o4r*mX9lhu{#85UZaXINo6c}&@JGx)aD0Ri0(JG`lf6CodBGtq!m|%q-
zL&Tfl0owl9_hwLXG?^B_m9cP6(J9)^X}XQXq$+8@W-uP;BBV0_G!^i0*E<>d-nb6+
z)~02dRs)RH=qG+s`Jg04Jpw#KwMTQu^S0$~(@wh4X<jKqkPt9nWqMHb@)a6~Ok!lJ
znr_$1=Io2#nGm_T+tYEJyFJYanz3C-YTO|AlaG^p?LQ4_LEavdkHNib?vWm>f$8M9
zEQkm4kfKYBk`tICGv@WRHJ+`EJn8LzUx!FjmWHZaF-{Uli914wP~y+C<yTvIcemRy
zTcRZNZos02Q&vpbI~qY5*Vn>q$?(Kpo~!QiOdr?rZyrG7(>9{YUC%D;)37WNI;C8}
z@%&mjY8g=NEu0u#1>7GrEhIY<c=8D0za}E!JYpZ<Ry)86MS4zQol^`FK2Zw;5{wjw
zV+L&N%&fS&o?MVF1Y@HFSm13n%BPr&5*7!<)vUtY4x_whqn|7jU^-+NrGpWl2rD`W
zFJotkaZ+_G<qfyfSrP9AknzntO>AtFxe|wYAJ}x_8K&++@h(9D<3fIEM%l546hO%s
zUps=P?k0@%{OGNY9HCR(*Dz9T2#bx{vBNAl4iegFu;TCbL@6|bPePrhr>vn8U6`pk
zM(n+yrifaF!{0pgGwgX2JHVKJZUcII-ihcK$AF1>F%dN}T%6l<hu0J(5}e{}NLPDV
zsgN~0X_iE*a1Dwqu>J4@;v}+nq!lyHx79@{vPgtDUxft0q5{K9c3?=!Mvb^^tekr%
zpgM2qaBZO^=W*}{@IDB=W;F<5IOdj<gLI?vg~N^H^L{?{pJN=^u3^2MI2YaTEQOd;
z3vnt1``M2MM*%dY3vq-64Ems8l4^|*2PB*}20i#`in-@5o)M)Dd<N0W9r`En5s1<O
zE=Mq675QgN6S1p;11f-hSYHB+2E;KF>{zrQwH7pju1=~Ya}-q98e2~AJNt=L4VfrL
zaI15gT^6dQ9Aanle{dMO-STw04j|W?VSoz^Mk6fozVioW|1#iMpo=45Usblg!bT<z
z?Dj~6vJTB(LR)Qqp?avgGxf(l(GiFYb}IL#O)p6ICkGwgl$b*rpTw=(!PsqwjmH|c
zn5rlI^bA}huTn#uycLnS!%Yb?xXrEQg__c3&v9l!V76szY~HO{Pix6N4hZ?(kNxo@
zNbNcmRpO#v0a0wkK446Ztd<~Tb=Dy-=)_3j;1C$m4gj=dIiXlnE(P!;KAQo%(1`LB
z8A*}@$)b|b0Mjo>1tRcHatP>i;%Gk~n|p*JAyFfQXo-v+(oLQo4JchQ>03=Ds-d(x
zGFSA_P=Y<iYfm!OB2unuRzU-l6w~4FY#(Wm5N4;%*GITeQDv7TS#u3AGeTyjvc_6-
zu`Ye-m}~#Jr&78EnSRTG!fW+17zrL6Zi*qmXgKwjh-6YbfzMHsx*_!m%#Q%`uvBQr
z2BMJwwn&fx46*=MGfV&31VSkUa7_riZ4)B4ZO9%m;9mFi8Z%M_+!}D4=&GiK2@Nv}
z^4c&mqx4*>&66?MlPL{OBxkeJ&3pNtZhIv;!+{+w&OopS&1Tg&a+vr*sH<MuZgMd|
ze}yrT8u_*-h|rs<KG<JnuuMTuG{+l^jWur=tB*o2VcdbDBcBXW%BTca>&T^dQQ0hP
zjR*=P9|Z>&X!b#wLeB9spiLZ7Zn^^jbM;RJ?_j{du!kLDwukbolV)~E%+^u59EkYX
zr1a?9t{LKqD53|DeMW};n-celhD(c$BAXZ!df)aUspRUCOx^74!K`v%Ct<>}Ig5B{
zgdIali-<*cxQjNexpdKoY>KToZHQ)TfNL2`);olcJyOc((_tI-WGW1WJ2!eIS#}cO
zDtX87y&~B@7&$Jm8j?$ZQZq9=Uyaxk+v;cEvHA}LX|TWezUD3A)zY?`Rdxeke|KU#
zAhWR4wp~ojmR@qW@c>7Ibo+3ZP{*8=+kQ=uA|-%|At&h37|S}NN{cg9n)28paNQ1J
zWWm+HWY>A72;l69z+97;gx*`r03t}<nQN}8nuAF;u2%w2WAI9>#<J{)S}NM@sEvVb
z>L$x4b7m0%NER<3%ei>CQhZM^3O(<RDrB6_kB*|3trw)9?1HyK4VeATtkLbws2x0e
zKSl0`JHS}k9C#MC!7Kqn=4_XSgSAv2K51J<{th&Jdy`|CQVrP$7yS|Uw*a)ka-8jE
zQ(1Oa6iwoY>q!IRI<(mYwO*EK%PHCjDt5&@1()CuW+EUPt&Mx6h*i+he|r$X9G=#e
z^BTxH+n%>IH`^;$0c9DQ2K;wjf^>-!K>sYuR(9|D{O>2Rk2`7Qb&Cd(-MektTV2p0
z__!T$B{Scyn8B~uY48g1bZ~8O=dE<oa7(p%We4*3uCKM*OP61ntQ@B_=M28JPl7xe
zc$>|D$HnXrW{dV`J%LTJd(PB2o&_3Xo=%(d*W%EZgsJS|&Lf9l{%~+rddjb35-+vR
zb+10?7Z*_IqlV8Ik=pKKDIg(a40p%3I9lZGwE2m)*3X^PI*yYo=YSbF4;eDZvX(x@
zdEPDoG}BJj%USQSF1X-?8I(&_8iG2i0`rczw{=qC(#WEhqbyu=X0maqLP#`fE16)1
z!`TQEk0jzUM2-U3n5zgaSp%X;=yZs_S|ugNsTiI~kewMJ*31`LF9*4s8T0`&ZR{yi
zVRtXWAzTFR6|YML#{^QD@-Xcn-87R)aO>PI^c<|J+o&DiFZ$$w1kM}1NhvoujS_7~
z_#9!bG~!$_QTHlmrNd;Z7ST}b-@Z@}m%Pnt0&*gI0wKV1+d^D(W^jcMdz9`K{k|D6
zQ1jIsQ-)WH=7aJHmXBANAS?>jcw-a(nsEyVTvr<q^xa&{MIR;(uSs)>n28znj#T==
zqtFhFm}smV1ZfFDcNu~=ktBkYiBYA8l8K@P2=_v9BO4dkOSLE5L+|nh`2qKnlr#O_
zvHPbhI>(c~b@e2eR^dQig~W~#g(Jf^W2%~Bf(c|QDoW|OkP8z=1}zY*;J(0^d6IRd
z5HK~&AgPs&xIlyp+H#0l9k!}>SV7HjXId#`^H-6__Jxk)2$bx$n@>fFhHb0dI$Fs|
z36}{r70b~<HjnvNxs%kWh;=ZkrUhl#LBEqNH&D*`G&pja@66+3nfwG*D{MNKW-=&~
zj%U>#i%611k*sHyq4b!f7{>Gk$#$sy6YN7DYnmqh5jqm$Gu%n=<PqYlh6r>Nhff>b
zg=}!>O?iGGqa*mW0DEukx>InGBqUc(-GyAB-btK_6x;*}sEaWzF&F|j=b7ZZ5fdwN
zp~uI8iW{>+Y**!AHf6IOb%{PQYtV9@Ia8YYb<jMSt+boXt+m|QsdCO>ryOwDC1`9@
zl|gge<Z*NYVwg^?&Eoz5iY6w-<8&KrYLq-l&<F0F?usM7{DJQ!XJ->19srUz>?Y7P
za!09gtOEUy6V;OHPSB*zw6v)|SzQ;^Lu2`d9+EPaYMBDygaul~X<3bT#2b4T;FhcG
zhz~5!nk2GAYEOpk0@0l@c^9V-mZ`Ov2skaKAF8*7*t#HwG~a}9!xpyCrr)Nt<eu&(
zsWSkb^sUh+!4!>zIK5gtmj~3?GMflt3AyI1C$sf#p)dnbpRtQ0_%DpAnOOMTMdrgm
zqRG0c0x@nOW;gZ@AYgX}fFy-_;&%sd>JIe6qcwyR3l(T$<DP18WpKEjFlZ>X2`*-H
zi9cu;aI7}vo?z2?*Xre`&)<0b(i2y=&R_UU>4$!%MN*$0uuqRLj@_j3;{fzwW37{5
z>W&P&H!1xzOg0ln-*1<EaCyvQ!wpLwJ@mvu2m3utGFXo3%p!uWxF7hZ*J9l|60I25
z9<pi~UV}w1SGqry!y|Ewvg(s#vhBySu~4{Sc32E&L$z+sJ-I@U@G#Wkn7gB!T%Dnx
zA$QyPsvt?nagpVfO7J#CI=kZx6S+mK97R6lTO?@$?VtlrLB4D0TeIPK6aV8Meh3!^
znw7rrg8$iW_?fHjEOQ(%(OTMc$*R{7giP{2g#GSn0^<u`5RdRwmCyR+>Lr;QkH|bt
zd#x1HH*8SQtD-dF0l`zN6|u^8Evz%30<|_&3hB$38rF*<yqKlkl#Sjpgo?vbj@yu?
z!o{1Q5|XN6hcb^t=q68j?Rvo;g7oT)jVe$e$a-3PGs$-iIh`Ci;8;#o!(JRAyH<;f
zIpyMFPI)}mR<u89i&(*0B+9_B7i|be7pck!vUbdHONR9C(aTRhbpG<yOHVv}@m-n*
z>gP56eGo!1RUsSUNUeaEEbPj~C*E=C%9Bsjx}u*)WZ*5kb|`H}oIAo<^0R(;v3PZK
zb8of9Psh(j;qM;XY!)`$fgC<w4rA~D&Zp>j(z@J9!-<EG;0a7pd(+pXz;Qn1A7`_J
zE~FPY)lQ6GsPDqUhQQ&C2};${ohujShX;|jGozEkwx99moRH6)VL6H_jW42cSN8LO
zK+7qy;Rfh5=bvxy<k?)s)L#xAjAhI**I|!4;w8>e&to!;%c2vVE>4XLa+W>eFeda3
zhbw;SQ1*QyCyv46ItgMup|Sw>CS_vR7P`%iQ9!;Lj(%P{ro{Kg0rdTpzi>81)QMN#
zS{L*R4q}14t89j`7}*V<IuXIvkr4e-!UH5Yz|F`(0Wc9H_QP4y<P=zu-fV)9RnFRK
zm973Y*dn_WUQO-DrFhyuMW<KJU13@t3&<i(nP@>Kwj|zPl#^SSJ&ue;UssBjbcxRV
zAW4id0fywj6t=u9b6-=8tisvFLab4+?qp2o)&A2&HmMQWD;FQVbam^>yK7X|d*N-R
z^RB;=q6%H-vCr%YEtWU-xWh@GiqjqDj_P3~bIFKy<S*!;$Jm++Z(y20mM1?~r@%v+
zv|ko|bge8fPp_Gcqp?WJ%FPeG0nvRl>eYz+vy27iCqWFrL9x3x4cypa8)p6f#5!d1
zOt5cNF>=hfzOq3ugJ>G<7Af1su^oKgoe%IZhx@CjhK9sQNSG^^%?^t}0e$AaTXti@
z;X}^JQTCgQ939UlW55#hw*US9_P;+&mWClI!AU^n{D|h<>IG3LWz!vwcApuFoa<E2
zQ^A5{i(WTrz1xc#p{-$xp_Uo-$D~2pu|A#`?!9+20dhZ2!`XH@Ou&dh;taOw0wHQ)
zJ=V_#o#o^QrGk~8INuX+ni@)xHe8)Z4Kl+d+nbEuZo1^K;%k>t$lEis;ke5#<;p)P
zz!IRjwb8Y1Qb8)N5L$SW_mELRHwbMbg%+$%5jAtBC@N7<HR*q7HRuB@>GAl1#Q?`?
zN7(T)j->rrF6kDc)5{lAExe*4yV)ppa{&&xz8dJr`FBRA3}d!uqc)4!`4J07evi*2
zKBq9s576qMuT^>05ZsUADCGP0<WqPs=L0XOpMN*l%$G{}NB3~hsoGb)@H1KIOPrp)
z#^wlb?9W<rK%1A1&prrRv;^k?pWr;Oa_$k&ezpa6vw+|{mZRG@C2G&StSbWTR;3|=
zIc(QrWaOanUbdZM^l^%@Ds2CloP#(JkI6a@n^lhlAE=Q~FbFd6(5SiUQ@oJwNn7{W
z^6j)m4`+r^Oy~WfV&my#K{?Qy+%S?B{JmV!5&YfW)bT(lNFI%CY6d!>tLlI{{B^#Y
ztU->LS2@h3O3{iL$(SulGn)u4Lwc`(={eU;o~aonHUTaxF&v5u82MN`!w5#w;5W0r
z;zEtEmOVRT4=|u)5f`juobXL<!z_qv#8%FPl(Ie(ZZ6M9-oK9rhX00exxUneYi4VM
z3T(nf36!<9$~U9hH)ya5i+5|?bqW2Rc>3~X`*4S>SBM5I+G*V{`0TlSQnEW{y%SP^
zlj_)AfQ!%G9<_Eilg7qi$+5n~@rW>MYJzFjaV@tcfq)z6+@9LngWg(4$FQeKFhj*u
zd>VEN_RgB*W}iVc;S%i<S#F$VQW&{z*#t<a6je#1hx)8Ex7^U0=)Yo3O3pjgn13<}
z#sP5;a}_Y{YT%ITtQeqCa-?@VV>Rkd%ANC=cx6+9q}<^iWS$AUPG|(FNM+fov%|jA
zoH^x}V@LmT?CkrX)$kTliXwd;+`#TAs;&t4acJ`*a-BXe-(yqlS$|XhiPf85_uYew
zinDOfeJV_}g;fBw*qW**#bebn9o2Yld}84Q*rzYXLB+Tz?~WFZnD3T^zYFqtp+w6&
zCsBZz*b!(_Q~+qY7?mlxaIj4+n<n0V#4l))+v*&}kT&VKv~*F!Uq5m660rjptU(B)
z`@}!PNkb8SAe)YjFy?Ut{3y;7cn0%S6;E66<0|aA^d2)FzaSRb@o(#^&QpPEa2~j$
zz9nUNpFq6d$O@mAb{xwlp6rqU9=Q4_<E%5+l4`?m)Jr?dF7Q0<`C&0_U3}N2ts9S=
zzjXQOD;J%L2Q`H7Uc7+OuPSryUT7|ygaZT_gXDbFC_n{}{E%6B>sHJV0{xQIk5;Ji
zH0MFpJ=P7erq+viVB2!UDBrw6YRtCJYOAe*<B=lab^!nNk>PeK{wI5I_&eePuTB{D
zwng!NTA^1<73<_JSpKqC4$dSyl-teIu7&~EQ9l6G=#Kby4SiSKHU+&Veh%(P6zV|y
zw~~qLeqpLre8IQ~Y$Xli&6ZdK%TvMhDhlFj7u7JJYtU45=;RKk_)<3Z*io~t6~<ng
zv!?=l$wkG2DAkq9T|Y^Lqz-iR7`kKB>teFNF&1`oHVdJtt^drdV!nzehTqy#%O>XN
zTVyb67WAhtZ(X^#<r&cFksme5PG1~u1x8j_DRS4K4%*3z>>^@GK$BRpDp9x+>*2&2
z;vFyz_)~@U(_>F?uy2!=+pdB|<8Risv+cWpHH&YG?k(=aa@0s}P!Z#N-K_z>=FjH4
z!OzAA*`!}3EmrWylyM$)bYy|u<T1l)WmB|zey~86`#3!T&^4|q-XCS?OP_&LdTYhh
zw_*-^_pp<$pVDUR$2evO{qOjmK66Y9*~-pJdlML=I298vNo+r)42G((TjtY-Kc>cY
zO_+2=3wkuAYE2CSj|m+@g?!K>UD4_~x|X{hneU;;vS(nIbPv<k23pB>+g?QkD1g;$
z#KvUmq9W;u>4|_U)#iwm*HD{Tuf`d|T2D^;@i~I|hZ;_rO1KVF98bfEofD*7KN--{
zbs4L!sG2|7nLlF)=tE}L6WIx<DCRYRhY2~=ZI~0Y|5nTwpuy~~oB>NU#+r@D|4_(*
zVI9fe3*TBf9#qf8?o9F}AQwz{4H$4@R(!WC`xZo%Zeh^D_VRhW#nSGW5v3Gx5u}l_
zAGCd@BhU?jUI>J*(5uxc3yB5>-tg?jY;I@qKLaaRs8C$MiiqQfq&|XD2Zq>;vk4$5
zAs`Y#L^*nmik>r(wm`*Q?6W7Va^z-wKcMOGhHm44z^ARn{79Qp)z|M{3b5`d>nWh{
zm*bWbcr@1@<2|_V5j4-OdcRtzv^Z+B^_E;J*4bCMqRYm^Cy+AD9YnB9f$Fzj+!#ku
zpXg^$@kd_AQ-ECZFVD`r$!)wnL)oUr!;mqO>{;TTrj97(J0_-pb_-(JY`cw`fRnMg
zC9Q&!(VBf6(%67qkS@teBON}Q3_-TCos31G1-rk#V>9a~!sAZNxH;oV7IK|xmLOum
zh(;*FfMI?%JQGu96bK_*24ukL3Q+Pe_qDe(Hkqo%wyV=Wz$Z^o3Ddf%V{KE{TG(Ge
zVp@eMu)diV?BF&s|Gf8JPiX=Aj5k50Ma79eK}c$QWuiBFF~XSfp4<8>e)bV-o`A8r
z7caVh!T|22S+HqFvGuyDL^|L~nUC)qdDoG*;r$t_eX4F+yvQ&YcI{I>pc}Dk*;^?&
z0`lpLz6()IoL%1UQe8T*#D2M$e2X!-{;hLSd+4GOo4ot1uP!SX%!k&L3|eC5=?CSs
z3f%iHxu9Z-PV=<6ffw<VS#|Oz-qLZytlzBm%+9)5Y0=m7#z*%HaLqe1^cKN0o#zT`
z?8UKaknfl~a75l|{kb}YMRvugRsqV)yWt<s%`qtnZcD@4LSJ`_eKwY(Ry1jeosYOA
z4Z;vXkW)a1os=)7ghGFE0@+IYM`m~qyx6%uP-x85O#hPr#Rybvkd6o06k(6aqXXm)
zOtPDk*vj&hmx_Hm?`7!nF>vUIj422x_NYIY<glwGxkF970r(;82I|!Cf&pKJ4l0&b
z#k-M9n|of|2(q-FnPDMxb(S9F+h!aSL^&FwH;Htcn`e6(d|8zs;8tX)7Ii(rD0dR;
z>jIk=*TRr)++=h24kdHdn+KmP+C5k(s+9_KP&Vl-^J%OlkmD&1adAyrCmDmII&ceQ
zyEZejpI7R>R$nUAFsYs{<f7s*jE?@0RXPy<Gq7n`OC25L2b4HS4h}U3-}$z(S&fv+
zV=dNHJ{*II6I<%4nPIuS50Uonx<{Ab3Pa{{!z-8z8QqB>Ah3ohdfIsd;}7ef*tqPA
zt^P53J&x%jebqE20};bVOd+W(?m>c6_^BX2ea8+lUg|=OQG}ud+TvgeRiu|?+(F0)
ze6^HwS70cPLFpvN_L}h6Qp&|)ffMjFAJ=(<AXc0fTClp}TA|Ivy5XZIk@SY_oN$&L
zWP)>mRyxZVyhLpQFg{uM<GC9S-Eb)FlAbm9coD^MB^#9C6RQjF1>4TULZeg2uzzM6
zY#d}wbGya2GL;466KVy~XVV(*(V59=j3;hlCfSh!_OvEf=$;gU6eE5?<|<SROdQO%
z-I)#OCW1Te=E!g+;sgQOx1kDhtOx*&VJ*#Cg7H>C5~fGX#ax-e*H%oP#k_SQ>)xLY
z$NF>lJ)g)xi5Q7_=cE7y=>h&F6b6B9eYORC*pz7lZ`|!-gife?vyoZYD^7sA?B$Y(
zA0^~XoU^c388U<jstV3o;7+@1h)O518gviMDO7_JI4z7APS5$ugMb(#Z4&@MXe^{c
z3nrJXZUK>{36w1u@q?#{*7d$qe?lo`tfwonf>ah(LwOrwOL%!}6*39omaG(-q@jW>
z1Uv)9L?VbxsOrJ)Y$j`Ti4f{I*oE0eRNB()xg~anp}<PKh4;0a^Y%05A@*F?;KBSI
zjYVQa3)L&@>famwUcSOKdtE|$0V2<VoYrI2cpa!-<?fNF=Np=KW7ohTQ*#|2zaeu)
zHH5j!%ZcKWfbYh2QVf1ulO4W;XxY}_nsI1i{E+1VX<5dF&N3qk7n{30i#!Ws%Y$2Q
zjwJLbV@U|TP;RNdJ-9_`NwOJFDO7V?G(|4R#|#hDuI&WXoZGp_brL5V*}TeN9XfGq
zLpQic*Ut3i+QeM0&CFbWaZU<?$c*mR+!qLMjdH3^(>m3@ptDj$K&)d&+UB|uF>sny
zH^Je$*F*gKU7;6t=BH@iXC1MS!#ykPfD#OI%5j=M720;;>eiD_NioDgghT|5-SyK2
z>UyqRyt;M%%9d9Zr!u&O+AchK`SQgJer+xVkeMoT7@Hv6=hyr66JZ}6Gb@oa*|3~Z
zI3J7YEkl$(bNk4gls4xpu`1IAZ9UZ3*dzz^AO?)@7yCuu>KSU?z@`Ce!^@c>3Rv^k
z`r5{+d40LMb@8c&$@FvVU{)1~6Rc%c=(?;cE1=F<sUvaMFU!`z&!hq{YeUNJl8<RJ
zGvpRIQVetw*%1o7z{(wD#85~Mjj8m&hEF4<$q&tN3K{{p&dx?b)MKq<H3N8XA7LYu
zMg>@(<W~0D)r(tCoqzi3MgMexGgGZQ_d${o&UprmIl;b&3m`cm*-S*WWHvRa8M11L
z(7e9pa&goLjD$n*T>^4q8eA|u*j0}|efd@gnCbz>GAO~0e;I}vG~JCQ;*4D#`4mN&
z9q$H_hs|zr=oz1Sg~MBgWPqBQ;ffl{9G`WHw?+1qRf<-BWK{v;rCaj=?y&Z=oDeTY
z1@3Vlg4e^HbvB=SKl^Fz)T0GrHJ57SPW_pEie%-$>jnAuFydJ@CHpr`m9XH4R5px8
zBdqFYON<9Gd7B2*A#^oNQIOtqbJ_9HFsM7zYd0mIx{XSu7lFH2Wb793z}i)HAa0lO
z$SxBSo#u9cxt>mnT}(r#IBZM)I3;|_*<+SSJ2ZCz$Ri?H0eZN23D}(?SOY!r6rz5d
zxo0ZGRg1=D=p4q$-CH52FfyHQ+k7*_c6dE)UGA7$b_qwFs=d%8W-74R8-nSx&lj-I
zs^o1SOji?6V0}|2bqtV8R{SEMBcOq}buqnDp=+{|HRVIrSv01R3r6HTrFvssx+exL
z*qyQ2T}F#2#cq3AUmkjpIKAP`d380p1O@_=NGuTK9Jrab#<QvQx+din{IVVsph+JO
z08{28h(?)VhkKx0pk1Ug^Q3*vJ<z&HwifeU3`MS+JjBLC(N=K&M}d8VgHTk;7(@yo
z-c!!}Znec8MqP`s6FhAfc!{tz$&{HpPsOOpC!U3mo-8;iRA|X_@^~p$Ie(IPh_$WW
zNvgeK2Y1+v)NxKzj_!3hVKn=uj&ck<8hPYiAj`au5ClPY3d2B|cYOdEresz>6JT`B
zo5oAz;i%`4AI*2H8&4;IS#X24AAb@Lv(y3pml<|+sxa>eB48r96|JW8p(C3Cy5P(*
zHvEm+R@8~XD+Ni66s$)0tiY{d7d5id3U&(bkgT@{cP546SIJ7R9GW8yl=Nt2?%t~y
zG~C;M@^Jo1wZ)d)gEeJogxZD|9U66TnA{d=*7&Gd1KRu{_AG9$H%R+<(J*bnmvW%E
zD*~(Qtqe9k)@6tKvW?Utp|&{Z+J%$=p4(*mJl>$uax8{pf8^e)MZ@<BzvOe^+q-XN
zu}8(gA1$Km&L5*G@)D0sq5R&;n95Ne49YxNI4aD7aBIVwKN`zfYedi~0lY|7M!8TW
zDo<-ai2=CPnJ6dqHI~QA%n26!NS>IQxROmZb8-9I3Awjm2JzX#=_9`HrKSSn7(DS{
zjrI+1XHnY(EBh9PPc{0(r)P_X&wY8RhfmGW@MXqB9QoRO&_}m)sA_^KKUy>$$B{~J
zeKuGwzlC8To@6jCP7JtUV1z{Zl8+3Vxs{>C@AYM`^q1{6mxe4ygT}pbLf8B)ur&~~
z3C_nJzz{#1KWZs;M_d~01k{Ed^JM_{-y!1BC)RO#sTww{2(+}X0|Xm<WP3X-z=w)0
zU0FMe0RjcQyFwX8Ciquaz&T!pZ?t|F{gvuU-peJVdnJbmcE-9SxfjWyxxwLb!BACP
z5hu^c`|O~VaeIm9=2cUeseHYK4O6P;INaKkg%x8h*iDbsRWr`e(_jsaf^PJifjzN?
zdwb=|)ptL!b>0WPm4~V^Ha03my0lMt?%-lbGlgccdW$L<7uWvy#m9s8%#&JUO)zf0
zwXm+8ME~6Z?+;u$Kie#2NfMpMF{gYsEr;2ZU?0<dKE+^$gS~tz`M7DXfNm8M4Fci~
zI{DFsLcJ=G!jNl;sRgx{5({9P7S9+jYWjGc)u38J`Bx!z^8oDr7VM<&ocLTG;Svw6
z8d1c*k50Gl!4+MbG7i`5(|&xQMbjb*tTXE6Og!q?6Si7QA!>E+vTr85v`I+F|553$
z7^%`bpX6u@afJB*OF*>0_6(3H5wJaupZzw6pS@VwyrhXXFkv%|)rE=pl5KmZ(NA7G
zEF(z1O*F%nYPm+E*j*gF#K?zC;~+|hp%w?2g+aV_c&+X1vy*pVZm8ocZ6dq^xu)SQ
z7#@34`b)r0D!~1o$$-6OC~(bXdJ3%Y9e=x7d^Na=fwChs)Ddk!i!0)KZ1w|qh|zVu
zV3n8gcaEvcrPw^n!mawDUlOB14Z#T7QjYOpvs^R(@4|EEkG00s+lR~U=@@rEZ_v!9
zdxLdD^}~5RAiXRgVpqe{cr`eRv^%`CE|~T}`rzFAX?yx!$NFNb3_~L@=Fn9K$A_m1
zHa{DsB}&dB#^S0}ZGtTXT{9<-k<;vQ(*|ZcMm+<DfHPcsU=<X+SK`d{DNfJIKrk@)
zo1)pO8AXXeN|c(fS|>p~H{d|wEK~OvY?_$3q#n;XCietIL-B!;&0;u|dO0NWLbep4
z|2Zebz%!jfD#uYnE>(bnR2{;Z>SZA3Fwh)<aqx|-+0#;iGuN=X-8pPu#w38~$K^Fz
zOF@){qY@$jM35G=MN3CptbN9L`7zn&gp%NkjD~pxpg0(5^E?bmB0-2Jl6>okT#=Km
z2saCcCj>Kvh%|=mT5BdH>P=fSbl03@2lT3#9(h>#jQoQ2S}#?9{zU|{j>byJ(#T`t
z;6QJXj1IF2$KTp2Aqfi{ShExQjEaaWs7GSQNdX*C!3Z0om{gcOKdx2QW!_;qocgEa
zu)*jm(itYXUeYt6#3+}#C7+g6<QFKgD(qP?ab@}5skvnlWYG%toj!56L{!Yw*se=$
z=&c$Wu$>!7J+f%-+}M-0mbU7SB6c^O2iqM&9ZV+xXi%Ad4a)K+<5a>T`_4ZWU#IYm
z><;S!ux>(dn^7?!U;`VS57REC3`;84K8ynH;AuO3lMkzCzC>>Rg!%G>8Iv@(y3xj6
zdji+Ud$ZnFA^ezQcBi#+ca^TDcUSL$9G!K!9W0r!|5_X}1-}{Kr+uvQ>+QBfFR(yB
zm2`8{Oh7)C(d;0)=OGxMIT1<-TL8cii0Ko;3J^(v`Qrs7WIo<El4!FI;WjM?b<MMV
zs5cS;ieO|YoraFeh(%F!7TyO|6=<x4Zipfn1I8$ZJe%HfPk`!Eq$MG~&-ISnB$p8Y
z3bI)FILGzO^h+G4c~t6&ngQd9Ipz!TYUr0UI7Y5`BXBe+-QD%)oE18J(NJBT6nG?^
z{DP4WoOkUYl9rU36Uid?p_K^n-%qwmpl~H?^m4v$Mijq46;vbXHA6=37#SV40uX{T
zS5P#!vtiNobkdXfbTZ51iXBspjI`Q(wmaQhY4-1{DMrtrLl$k(ik-M59G=WFROco+
zZczp#ub2WD0|yc;ZIz^H>jVw|%{=N8ZK}!IqWvaAm}<q$`C+#DR;L;ju204L$?991
z7inRvb>wc2hQ2qza58?$WCBd<d`!+*oI88<0O)K4iqZ=u_MjFi72qC6n}eemlG6%+
zm5v30*`$;e-60+{^U1Lj5Lg^(iCiW;>ErdyW>GGrlZ8sxar{1+{naC3)XE8&z(TO=
zv1S#JLGrXt0SuK@8uxHDFCTk|#~%V4GUb|{D!*Hc?-f9s)qF*5@B{B#56yyjxZ22_
z)a(Ig6qSe1Zw2N+m#$RqO)a}=x2~Ak2=f67UNLy2Ii(aQYiwN_dA<NXXt<Cctg&bP
z34LF|Zd;>3_z7Itq0^-pW5_V=kyx86yAaxZU_T{EX3nJ6kjfWt3wuAhgh#Gd;mld3
zDkxj}ePZZQjhbjRD$CE_$U3QmwqXzHN!H7^adUC9O;>}P@ZAiLZ(oTRJU2C)$`a@p
z=EU}LcAwPq25Oht=%6%GX|qm#@e!*9O05Cumi=KS05GD#&j37y_%>5$sSf%hX-SBJ
zW^61|)2>CKMvOmKo_->*#F!^FOHAf(+gg-bq~hB%@nDie+zXNm$*PDgBj3COm+7DR
z|Db>7|7-oD`bjVo9HwR3ogc_H_Px!=O|IrvCp-=v&7%lOD9Hy1LROGo9+&`bu86a(
zdc3H&u4Js&+tJ8~OdMw|IWweB$3|>h3wkZL@Vt>6BM)QKSfuCzxS~;fQDk_aAoO!o
zHe^YDITB_D9a)?bHj+vcspE0eWg^a}>#Xi)#H*NeBwoulWl0=3J822T8nc`nW|~{p
z9{Z@0Q`SLNx9VD^WA3EHju&<8oH&ftPuPQSbwdPGm;cYVrrCo%%?T&ZBKCyylZ06}
z_2P6x#_)LKBluB?0&<IUJR%cyclTZ_b2ytk!GqJ;a4P4oLkORt@KQaC(gmMMZn6<v
z*5DneA#gZYYPcyO0Ub!X3v=QPW!W!pTDKIfJ`P5pG28=Ga>@aTd=lwUP|eS7Os?kM
z)WRcE&<Kv1;<hX-vXWDn6(y9Sh?l_9VA56_JAXGEH#XC&qjkBn(@txo9Ugbq7KdcQ
zH#>DToq8PKvf803_+Vaa>&|f6NxR+dGO>gi<&>Yod1qhMMjI#_(@7;s_8^rnEk>Vc
ztQBdGtp}VKBk|5Lq7g*$04fWoRy9|H$Ad!3m6Ua{q+%$oUWO6TL^(tI=}e+jM1{C}
z@w~z4F8g^IYU&;g+(3xB+&$@74}!WOv+ePY$lsGwZ-us12F;kz4fyP=KzlEAh%8%M
zTGg>L$UvWSQ1qvJ=5I4HvxYsJJhriFP%)xC%n)(bf8BkzD8K+31>)&oGUTOwXDt!z
zbu0y{*w=vHw`w-Tuoz`-({$*vFx^LOnhXy5tSa1zRp=l4CDg&H!f~uZ*|B)a_wvK6
zZ{}!d#D7Gl&IaoHe&qX+b=wpbHaWN2k9tdeM9ss2%*-NB+Dmi!E}KC}D~fsXe%|#a
zxqKs+8%F>(Go0k4USp(3x5h{}hA!1!E-|dR@k^ZHtYKII_-34kKBf)buQOsq=bdPc
z=RBceI;W{-+qoE<JnK0p90R}H{h|+M?!bIbOfr6G4altw9a|3ITjZo!0D#Epa2|9p
z@QUFFSCXcT(x}tr*-)+rbJsq8<<)IdjqAPmuB)uy#vqSxX=PQ2rD(L;YaA(3FYc~2
znk3<FK_&?Aj}~TW1QS`Cd}}DrwCUp5dQ}U=3(`r>^J_1hY1j=mK4D7ERBAU1JsjqJ
zV9UWS2<oaRxPgE_QJ4+boCst#&CO2h13V;<?}ZB&#ANZKB^Im}jMYSBih)&aABURM
zqn+H-Wx5v)d2*M`%S9C9=VIw&vBarpJPGmZd+y2j!@K>7F2+v4CM!cI?IVsm2M^Gx
z67(s-?EICiyD++^3+#Ee+!7}Somr@`y<jw!+vTQx7=*i^MFXp0+s2T5jqp*qBY4%*
zxq&;-b36p$u<_v%`&VwkrTmQK2<j~*VV6xvCbb>AU@#4`+5WMGv;DYqwjjxBD7!5v
zzMtKowBnQ9fZMs~yXe+*HA~B&oislLlRf!EVAQKsVbHhS2_X@N5uWlMswIW-a<I%>
zi%E7+gSVAu^AD4h`p5*iHRA8En40MmXGImo1y@Qro7zP6cRrYl#L6Y2xy&T)=F?#E
z&65QunhGs>oUf|<>fZKT5>tu1bQq5oJUmI0oV1E=-gUF-&*GvX7xgh0OAWf1gYwp_
z)L)3^G<wO<-QarUY_b3dlpUzdraIP%^oDvG7tCT++c?!S8>hPcjZ;N7PPNR&sQ_*U
zXwq$Lo~piis--qhb?nXaaLIgtio>vwsjz3#v+4dzvu_j%*#5k_>e*A~qJS~DXrTPZ
zEo#^1PHxjB;?5$ThWc{m42ASr`*@c;-`$PDtMNZ9+ujokN~p!SSpcVF#rt)Wix`}Q
zhWdi?`Bc^;aa@?2e{K?hMd5_bQ(oeEAx;Wau?Q$$#DHj>&7iACiU9^}KM0H|f#+Vr
z#z9O+UK<1MXdpf;eVEy`R+LgX0!pGS`OPrKz<q&d!$1uyk{_8|`O$U>`#EFhgHhj~
zPhE)~U@f+;8(nmW1LrSrpp{^}qb_3?bw8ZuYmr1FrXG)^@v}uVjf*XDC_)&{XrZ}w
zI7~H<_J%OIgbf?4ffxf=_8o-ol<~GMcSc|vdXG1VR?LEAM$wV<uom{ykom>-Bl4^B
zR|TFdToX*6yR1vE^W9q{Un%&!KE(8>Z{h%YI|X~*>}KOXI0!u>Is<~FKacom;Y4Do
zI|)W8{pI))xDyM=Cn`*conVz#2V-M6<pOm{9E&1Xx->AKg~>tv;ZF!WSs-m;nI>Q4
z;HXk&0ZE5DWLbV<#t26Vf#s>g5<SS*TPY}(t~6!WBjt>EN2rL(NZyI%qfE(Fg>oCA
zy9ILTHh-5>mN-5JvSGpMSlL!p5s4XDVy@YN!#Q0GHKSNKBxo^_dTWpG9Ba3=83Wx^
zSF;MjJ|PXXK;~0inGFKv*ff`{OXreiJsJgDvv}MDD1H=zXCDQ~*@)ts#glyD?OXPb
z8of@Im`E9b`cj<u-hJuf<%hKoA3o6E7CXVrVehL>vQ~c;pGbR(#a$OhtG%+d>n6Ll
zM>g+5r_gpZQ=IZyCR)kfr>J}lGj9=40U&*r<a8CwD}#}iQ5K&QFgG04@eJdu-6=x*
zv?W*&DxYjy;D*fkgP>4A<JMcp=A9Yc;sKjS3#(Y3fNFl80DD7JO(_E4*CMn93d$nC
zts2ZhElq%nzL!oB)c}(nX11xP6P!Ef5VyaYhube#Ky^IWehL;PEt)UzrOb&Fya^?a
zLv#X#=P%wJ%~1ZA8bgnSX-Gy4Tctu@Mu^JB+Hd;d&?;+MhQ;&bT(h<2PUSvaU$hh<
z-K>^NI#AtK(t(&}!R|4@7XP0_vv3=*;buqPLFDi%mffIQGP^-_i`fn62*zdxb=U3)
zzO-^v6{I}y_U|p{Jg6FS9#l)`Jg9CV=fQlc7MoJnL^Dl`WJ8!c@MW~04IAk=qx}P<
z5}o9hNW`Mt1<z3SJMm)0ymyUcWxHfQ7zom4F60jZoe44&RC6*EcpD=gITG0x=W(;L
zAQWs|a9(8FR41|bys~^iD$G);3hYIWLY;XFY3PGA_2mGZ_j45yi0p#ZK1_1dHi%Zi
zq3f#jN_um-h}{lxmcUq2|GY{`nKIXawh$92qF%11lUa{Q5Y4symp9E%67m$4o?#e8
zHf0n9n1h48a=<WK#4v)725Lu59af794+q8e1hU8C#-uFsW{i_;G(D3zk25CuV#%#2
zC9@8r%eFzl$+%5Z+fA?+7bEK>OdWMl8Ffcu_)t<%IvKz@VAvoABPI}lmX2D6ay%Gk
zuD-?8Rs!tSvtUt|XEHQA-c@e`QMz+an<+i3ywiqH7Th~nX4!loTv`%>5a;T<fan-Q
zF3vtRYk28E9>2*Db<u)Y>j|b_)i$-BC*BHXfdo850_reUZfP;w`J=FcV*VMMmXRPc
z`*8kT+hR-7whM&IOjCc^Mq$hc%caN;A}QQl!VWKjj>|-Gz0JYd7?x;cXnSu2!pG8M
zRtXYusTo&`(iDn&{gkEa?Q=WX0Fo7Mb4<Ublqz+*mR{D7-^-Naf!R_j+(gv4kS9`I
z=nxI<r-`IFBV_<9alI(Ms*`|v!k>htQ+XhP$teJg>N`O>HoEP(`zjh&q#nojmT#vB
zJ~{3_JN^#SIEI<TrU^~0l~N1av1=GHGtHZ(h;O=m*gQqzb?z09PEY?19Ku8#EMf^|
z{B5;VS{-+Lh7&C6*v07fp>}$syU|^D+?@HrYG}1YAsJY5?rY9M7GObXkewZcE0Fk5
zb90Xn@&u?6hUi2Rzs}nsO9B$jaiz1x=O{G9GG250zHO>)Bb<a?be`bN={RBXkTj~q
zs`sc5ogcjhxM|*4TukK+@OH*D;{6&s$(~|N<zt9~qAial1tU!qpcLsYiIm%vZJN=y
zBNBiNGFjl)4rS_Cpi&g+c&j6TxnM+N(>o*7S#TMV=q;oh-Wzqy=jGdS!F0rNo4XO|
z5_80fnjSN6Hj#*BLD|3~0c?b|f@q#-(YJ6%?^%<`q;^7(7QnU*GCo@vheXjKBiiW~
z7#S3y<k?S}+&<7rI_123V2yD}=Ac{9cnr>Ss(?dxXBkKpIm;?AA`t<!x#t!qH4)$v
z;xrtBhacu@H$IDR$A~qami1@@dDeW<aUg*%{1S4Ta?vs6irjBY#M8x0Ps@bieWcuq
zOD$96PHbLy-lu+*{BYh4=3r)R@mpE^r7x`Ae3Va$Uc$?7n`CvF>CHV7!bpq73zZ$w
zIypQv!8~-COlb9@oMX5EOHS9kd+K2;oCt<7o^Kd@>I4_Av+8;X#Rs5PD`kgygl3y>
z9|WHj6eyg88a7d&s}nRL6jDH#sv)}1-$F4ec03m7SP6>edHyedQ7P{O#k$x4!DC7a
zb;k>N)=WMXy0;X5Nly?^FYzAHku{m@Qrot7l8UNE^Qe|vV$$YKVk~slJ)NV;y~i)P
z<SaHDQk(J|D(vJ=B7;P(LE~4)IMFaap#IoK&MJ(yTbn_1C3<sbelO4x!6kZp7)-$%
zRf8POnLg5*S?$=?6Hh*IQ4XA_={z-xiW$j9Y739j6-4r12^`^=;zPHpc?{S5`9ak;
z{Iae&4pR(Cmf`TKWG<lCnM4osl9QP9<EI~g=;D>wn}?o!^76&=PsCnb-MVt=iAQ5^
zw$49v`C{zFBTqkZVe8V9(dwSQdhyD`=eN#BD}3zA#q$r_H!j!*-(J4-=wspMi}ob^
z3g=y!Ru|n4Tsn<y)akf+m*PjFK878ekG$3O0#U|xz@!})Vh0Fw%8BQeH`ly5dgr7F
zSPFVF-<kr$Cm($(eH<Ts$HLu{j^~z?L;=suEk!kj&OUG^53p~G-1hskp=Y~;-*epd
z$CI)@!+5XIb3f{}zo2&IwNJebz4p;dZw8DR!vsOGDF6slol;pFG$R%HqVucjIrmO1
zsdEAVQk#0H#@Q^KqS~BCF;dSYUT$-j1uMaDx~YZuO<nSH{1|PTQ^e0Z*5rZ^nn=W-
zn`4O=Xg(E(p&$6+5^ms!H7{^zzoTr9_e{%Z%+bX|*3j@t-_EB8xmjb!kxx0*2a^;~
z2~|kN01JbSh&G_O!L-hPC9?2QP%!a$GY>sqK$muH7{=8x5i6G<$P4{dBWwZ|iPB$z
zMfT_N-RMNBeI(;k!boh4<YOaAaE#0%K~5H6s;qZlh=7L~C-9yQ@(=L$uKyT;VEfB{
zHgn(vi7Xt`+m|?@3?NC4$URj+F(cl|o~6+dh&b;2GOobbGCHUN2_aN_Y1P9Ga1@7k
zWB_l?&LhqPJGxUTQVqj?Yi_N#(tqB!uyZ%go$S6XU3JD*Od<wde;9>RFkDP_Fq{Fm
z?1m&gWR0C6Y}>P9FkO`dWxKEj=7VBjSVl1NU!pK>jIt|tFwt>F7*pAR+zFui#N1Ux
z3C$$P)*v5$AOL%i0fY6tTjblpAEJBffxyv?$Vq^Av85@=&0<6ph5DESj;p!d084*T
zQJzso%P)-(OY;puYv~FrPnD3q;#SA=hG?P$IFWii@WIk99JCIQbprv|!G{NOPK2&`
zn~F`i@1C?Z;#3=9xdSt_%?0Ij87X%)Qm!gzlb&i>mxInSRJFO1yzXJSfhsqejVrH!
zDmQDZ(=i+K`LLft-7G59n$TSVjdiT7H#8WOp_P;AjcU@n27LIXhp%4x?2Feoy>jN?
z<4Lg(^mz<E>i7_LDQzKiJLG&AFS;f4U7VELjUZI_vWelnlx9jI?~;g*42CL!CaWo;
zVK<*5?FfS3@tMar6hM8g6TKc-QtkwvHyxBC2N?Y~gH*g*Dh^AJzK(Xi@D!xtac<;)
zecU=p#4jHL<xP=baPX*sSG)CY*$f0uO64>JHB@V2Me$IGpo-Ydtfz2zw3%~o#b_l#
zvLORny&AeF@XoPz#Q8M>Wt&r9MIlt|UBR}VPZv`U4^;{1fI1D-qlRZqb<3IYMxCWA
z2-1kYq^Y0_+W2y>LmlS$3799yP+P@YRma(Dmz=mp_Esgo(J2O|fb)^u4&DUPgfukd
z(~jG3449I5Q$TrZ^|RKNO01Zhcg1dtpkfP5>41y*s|)%Y#wn_!9CKj^N~@QLmM~lm
zi5@bEECxES*p+Ek41!M&GA}s@?&Ch#*HS3V2`o9e!2nQ0Cm4Rz(L4sxmO35OqmR$1
zx`S#HE2$K40o}@xc1=$zGmmickcl-t8c?XA>k!Q7z8Me!=`}TuPH8!6)K}NzJyt3k
zi+P`CRXHO38_>3hbFbf1XHRtu6vOM13+tqsuJ+7suB=a#spQDRK?TZjXwD!sb0$Go
z4ObZ(d7M%QLgNM1I&|+u4bOnD1^cZLZ6{&^K|;l@>p-4$g5EkscMH<n%X>E~#G4L@
zVB)Z@&FO<ZR?Uj3oj4?%ltB<i%ta_*T+vFM!Pl)<L`U4Te6?c?880!?(J3Z$BWn0|
zVxzUO-=!Q>4*9S|lpjO9SN$nDhTF$d2L%X)g_+ZG&#h{C#U5|U8iOfcEzYaWCJi$d
zTOo_S-hzE;6M^Y!$N|uv`f^MZI?snF?tqWQQMVnRe8WlBj(LQC3@GxlK&rbig=NT7
z!J}sL(_`jss!A^Fmn*~xztNc53p&>;XQOGPhxmNH{y~?#rEcPvOZ0J=Rk2Bg$4m7P
z3f@u&;ll;}Tg+F+`vryO#ZSR0?kI`wo@^5DbkrlBT;+Nygj1t~jP@B&T7|j;fL5%k
z$XBF533U~j&Bg94lI$4+qDLk;^ya*aDyB*}PGTD}4Vt0t7v-#KP_!&7p_G$^?Om02
z-v=OOJWh2_lgENH`j~$}+sBzD8@yjjVol*E7^Uo}x~A1a&BRU5IZQFb{np*-rtsX7
z;0bdDR+fW^+=DhGF^pWO1yZ*$c};;PwO)=qHfDz`ASDJ^UyzAWgJq4Vbue^NMJJIc
zZ`3Q-%yyvh)>=Wg&$G#<d$c<@DsN?Hg;SEkvM@t&V#m*3%CiAAtiS|bUFoE6&4%Mm
zI8Ri}W)|&3Qc=@`u43P<N|N=_8N_JVmGN-P>uZ`+Ii>g|&d3Ut{0&R=;rSuihL48X
z&f?uf&u#V)w{oFmdBWFcpTN6~MR)Eo1?$#X3zb^WXC*d+3zXZq>a~&7+o<C5TU-*f
z+qfn^$ro|qs-yb7xX*(n=cUe$H&i%VcA_1-(NNQlKb`S>9NuAOlYAojY|mq2kniV%
zhNdnr)08mW2YZlhUE?`|EkII)N)AjjQLK1?5=8uYpE{1DMabp!mgW{LHSCWu;si=~
zU{oR)=xWD7uw_~Z6H+rqQoL=XpPS^p(M_JP9t_mEV$>VV`ocfbGuS%4a!5cX?SQqb
zTSr{ri6s3>T00)yMCS+|{a7e&ZFA0zn>195xN`rp!)MFc=cRNE4Z?C1QIp%F7&IKY
z<fuLit*THVYBzk`obf+1i?FpPUP*y5QLX^KLj5@e$G{PAYty8)E?N@`J#>=?W?s_X
z`d<^(tBl|?f|Skz28Z6((GS`Yt?x41OxZYXT_?o<EW+hzH!6~&X=lB|qVi^d!i3C_
zWqFt^wX9aLRgQDi9+}mFTuoIwaY+#@&bL({B&|VdI2v#wpOjj$kWO<*@M3=FY`Y0f
zia6fN@_AR9yu6~B*b@tMWS!D9;$0w8M%QI7X5^BaIxb}p6^~em@n)DSUpyLRbptb&
zO|R%BvG55dU58`TAS2B<u1ei;O0ZENTD0h!JpckurWK}et<(q!8CGg4RngGFeVOUo
zvYT9nzbv4!FBQry>vW)a1sOVmA7d9r_paM3t$tPSS)GRdgl(1Y^i#lDH;~Zbd09ed
zgE2RgNR%YC@4+*=o4=orr+XMvq=GN!?o!bK`F-N2OJ7=CKDK9JBAd}^8?P<Slw}AO
z*KK$Z5OlQS8{$1h*~8q8*&|G1g2U>9NwoV^C5{5j{lL)jXJ^1a9tqpgmv9#D5^x*g
zx-L75AoEm;>;$(C0&vQJZBl0_&d(a?cc+1XGkYp4;DpO!L|z4WN;oT{j=VCH{j|(1
zs*KI123k<`W&oyaPAGVGk#orr&K#4-sY+>2*aD7+yjpf#c_OZC$uj>x*)FDtFMxI1
z(5X90)dM#S**lc}HMm}?5QHPH#SGM?37SEy`X2Zl*Gls_T)?PAd<W1;i#!&gaOkf%
z?~2$0_e~p_uuEATmHM&LnL#lR5OY`-pSGj0cO7?Vd9uBX_8<yTya&;x!7*1;*?d;#
zMYtt&ND1mBCkGyAno@_z{gF!=Nc^T!=_czg#%Gcm!oXusKKYp!&R@Q)K?dZRn)FT`
zn*d5(xwsX6XddbB;w^5SzjQhBEk9n|?&V8QTns;kXI{%FPe;f5<kL^o+Qx^TDgE(s
zl9!mG9$f%HSfe?XJf`!+Y!n7LlC>*pH_wdZydtS4D`448L`q81;)1Yo>s|qml;X5$
zhY;C`Y_MutPwEciUJy}EJ@@<i5=O0@gsOsB4-Ng~q`2HW^yyq+I^9eJABCzTTkQ;l
zl&T`PlH2p1cqdx%xR+KbfeS&%=|x4iC@mj5`IcBfqN)I1wu8AO*iL|jFp>%?hD<rg
zzj?|?j96d`GY-&!g_J$B$101i51S`!cP@lcXvC@J8F3VxSKWR?<P>c@JH*9+iGluw
z){q92=>`I8p>6zJyF2O}*;Am5SNKv{PiziH1lc4(l_{eAT!LMRZlB>uec-l4I5*cW
z;&qf03odTMGis#d@$*+}q*I>FCxK8ZAb<R5@pmEVlV^)bANDOIefFVu4xCk5+tA#l
zR<QpRy9I&&l4UkvQ4;1BtF*Z#qDpxt3)OK8rLf=O44@$ymIzSBLPhbGxV6HUq`Y*W
zD-OuXdvtCxwVSr;4I``>#Y4k+%`sw<Sf>0y$xhn@B<-=%y98NRX>eg*e+dmT#ap`D
z!qB2C<}$tKu0i()c_wJu?mI{bE9@+%Ghsf&;>uFyVjoqw$@yeU{DPJqQBjFRUM9|}
zq-fp_BU59w5QBjl)N(@AndAG+Y&d4BS_o2e-w0kgLSZvg1^g$}&=$Z1;;wK5?`7k0
zj!4gn<SWVAldx(Qc-(tvI*yImMbqm+Gug*pOpcPsDJz^yZ*>Q|?3BUh?RMdt4A&L_
z>l_oWNvoO2ML7?uh!(Coma@0HWo56uVH|69JU#DIHnVn}jd!*rM+8BukL=p5C?aF{
z>PvoF(|s;E>zoN@3Ao3^5&)jKxFjtARtunFmlIl{j+aXjSw)o-)iG5()orMFVw*Lh
z-GLcC?xIPbZfnhIXQ8GqnR_Hqhk2{|poXKd?B`1>zmKuw8kHnAoMipnDIH95ib6@w
z&kl=00UDgk1g^+iYMr+Maaf@2wFL)K5cIC&Nx5GD|5U*>fw@3OhI$n_Z!o+Z5;VO?
zRLBJq{VzjiWs+c^@7q~b^bnceR*9Z3l1xweI*N`a!8$X3D$!~eB<DMcfwg|S`uB=m
zBLS_FYSynFOri-GDnYa}H;mP;04}B~Dx0#_N&;I=xqa_(8Xp+0Sl4HVrmzj1Mi60k
z^fbqCrw~1(*+-XesIazrH+VnShYFp*7$9>aC+axb$!4I|k~DlgGqUHz<werB^h>cA
zqs(VMm+oBU#b2^Z99EH_w`k2m<Yl_ZiwRq>@az&8lA0H+LckiFl#lPq@$?=$Z!lvt
zdd~@Wl7SdyLp&wp19ptjzbbPHSAd1)oOqG_3v(urHXID-xItwUNh|N}c01_`^=v!q
zJMrYrl2CG`O<p`44v1+SsGTa@`6SDe;Xoa7h!;E6UH6VSVCy_$KZcbCEn*eKi#-M=
zkON>nL6Yz`7HZiMQee(b2UYN3yqB2+2-qsD3U0dEF5k%deYm0&nY7R1*P4X3+G2Q{
zUB2-U1tj0|P>1fkUVv5H?^l6y7c;SnU&PZu_0Y?QL?>LQ@zSE#b9xj~_j!Y_!?Wne
zOH6@A%kyU;o+-UyT9(d|PT+NNvfSh)FUjO>xvpuTvZYg+;}pTr!wFVt-{#FO#jb}_
z%X2x3&E=e36!C9Zav~B33b^C1faPYyLt_B5H0F?b@D<{&7>b!iJ77K>Z`V8F9v^2r
z$9MD6n|Z0d+^~ahCA;}cb>@R@+nkGh(R_wHq<gr;Y&vFNO=iRFEyb(f@p*d6W9vOH
z2G*bw2A5SeOEP)xN@ckcVv@n&&`!eSa^Q6^on$s0oA%%od=oD_0I85NTqbYm^OtL~
zi>!jbT>Nn1a&ft3Kubtx4N0Av-a`Jc_*;FFa8`y@khSdsMeP^~19=Nk^^C;jlW}4x
zM#t>z4zW!N8Y5!NW6sD=4gt%mDmBvIq{uy>#-0V__q~>VzUi%l=_ZUAyo_PJ;5XEb
zzgzH2MhZ_BW)#82z>$P2i4W%*A6&7f6nUK`mf*@C(h04*Ad&G|QpzFVC<iryFHr%#
zDv`M@Fn>U3z)vg|n?tW~Q`|yPbh1k^+-)TlHLmP3bZKswzon$=-*MA?Mu;eyT(Pr}
z3N3f<1RsH?05!r>0&VCs94wTsDBOIQXAq1DXlZDpM71-{V-)~^SgXS$=-dc$ML+Ki
zP=In8GZsgb6H6UWbh+8<DrNJQq(sC3+iU>L6a<=*7Ze#hT~#m-P!J*pFi>FIE~%<B
zv6UM7Y%h5V!S}Bz0og&5^$zl<{yl0XMddc3TY5KUoP;b0z&c2Enn#*ddxY=N3OcOP
zGHNRZVo(Yv*OXPSuKIqM(1}qkMuzNiY(#8ENeT85I=QH&b$TEY6RSZ9(lmJTkTQNo
z&`$h)N4&ZbA-uwDpLof_V~k2cij&0pZgw9TXmplAdLs&%YKAr&(BW81Fn8RJ36DJ@
zO=Wz+^UmJR2H@!3cPYV15oWV)X0^J4l!(mWkaY!AJqZUs7sFxR2ak8aXtpL0>-HR0
zixv*%PALBf+Wk4b$z(Rb{szZqS$?kDPR{R4)ea6hcDwC-j@>@iT6Ayt3KKOUO_x<9
z@(6J*>}fSD2BtcVZQcUi&&G4ftsH5upYm`KOC;qYwv|SH_LA*-<u-%QuXckg%4U@3
z{EImy&>m;Kd{Yax;yKUMlT)6_F?)$L1h4}jS(I0YJY2wuNU<0vQf@yJFd_jH$kt|;
zs4B=LKv2DKp0pRFc`7uOFv?xhGxE_as>D5_BHAO#hAAb!<DMYW73`6QwIRk*<@JV4
z2b5fdxfyomVZWQeA<*SaQJ#q6mzlVr9}){fn=&IJ?6Bi7Ariac86JRt(+q}#a`7xJ
zagc!?$dx5dqV5DQ*ebxcn-Bf1!VednH7U1TV&_0a@Z1P+QJvm4VV^NVRwV}uBxyF|
zOdB?lO^Gcba5n$(;xQMaX?@Jaf*5L7?DmJ8`A$GOd9zBp;Q9CBPT-rl2Vo-w=Smg0
zzArWSAT5ahB0dQ)VwIM~|KuZQLT)Wz%c3a*&Z0hF@U&sFfD`cxek4s1jl=bRi3x~k
z>GX@G?8*Ko&C;&T)pF<NhMKI;4L#pXik(nB-ITh8LuBarJyJXg61JSEY|55JQ(MbN
z;5~0Xj4pMA_rV|ZK3hCsinFW_n4T{~f;m!iDX`x8x-DP3W#sl{iqXH#HokWKPVZ38
z1e;BIz*Z0zkjv#FM$yS66TP(Qg;lEhu*<M#m2%r~0vbAlod9%&4kby@4NxsG8yQ9}
zR4=ieQ~OCGKkO0_CB=@e%UOZBM#~z~ILy>9I(a0Q`H>m5kC8t#zcVA#Fh2zHikE6;
z&Qi$Gipm?CP7CTQoHK#7b0KtK)y>9Z7_}&14B2HRO>Ry}#iHP>npuYj2|d1Sb8do%
zZ-K54Aj(Qj1wn3t3@s7e(~{#>IfA*Gm${BlP#BS>A1}rDH3lnI&-qe9O;h>kL@+&B
zxd192mm0Vnr}w57^Vud<?IfTwrW4}tL8^uK*X{&xiAqudK+V>Jy7G?O2vkAHK0>aF
z{19)(UGy?3>(=?jG_C1+JpS!C|8jh}Zp6hS4#3*g)1~%LQ`!XL01%h{j*Jy#3(`x{
z_F9_bnFVPy^y4`ryeBBSoKAmQ&%k~=Yb!}IB$QT9fCdnWDIiAqK`b}A|6*xnL?3Z@
zy?W@;f@_`%&BI)R_w`x3Tmrl}Zt5A|bPS|tiboRA2NsfgGI}zF4otOB1L&D;!|4kz
zpwsRcgnD?hM!+|ZKYe-Y%Ec}7yDfGOyy{eRF4L|sbQnCo*WngGy@Odidc0tUBebVK
zH+hhn<v6wRZ0FO-l2dE}OmAb7sScP-X!j#yhU<2{WsG`Ji=MZEhtp2l?RMwd@yIX0
zcNHT)F?8U>dAB|arbgifQ3VT16f$F5XR=P>7Q$+^LH8WN&jroWPCXTrdhE&2;&%%^
z8KN}b&UXunDq~6{V<7FYU|s^#JKbwSTcy!sT-XHE%fg^FA#}!(4PFwn;;q^gck?OG
z(wzVb-+!@SgXyBTqOX0b8Lud!UUl|hdkM(xvPiGn4HUpud(O_PwnB_}DR%r;g5pl0
z>oP#CrS+ijWv0J=$LSY~*ce@Q-Z_ul?afoKl-~|d33Us2Q0jMh!Xn(noHTPNk6wm5
zeYcuz`?F>qEXm?R(Iu1Y_|AySlxj}Hqe}(X*#&fhr%W5;BeHp_7=P=@XsGNY9}lt~
zam`0UkVd`S88p?0lEEd^3<(vnhvO*+_dupNCpdbl{2<(6?h?UO8gbBbj~CDuS8%Dt
z($fo{H56Nv2r0~G5am0p?}OlBV;FI0p^M}PhB4`T41Rl7&oYHa?D1>rWbKG}L&m%U
z;g#p=ioz`KoafX{&<suHZeh;)ksY(+BH;$e#%>sdfs8)$(ae;%u|ib#1)HnJ)yu;r
zHr8!%_QW;3Y>SW0CD0qW5T$qea*Mt}y-`$$g%O>|?Rrs3qkcAlSdZ~++U3Ls;C{ns
z<c?(m)@OHwSlfic?j!zFn{R%3HlJmr*oMbmlQvgYJvjT~l`D^2y6i=E^CKM~RcI`4
zz!tj?b9>4hScj<Nb~iBQqS=>L!mj)#_;*;Q!^k+x5Zj0h<{mF`CYF%H;>SVM#xKW#
zNapxV`?uvwPVyv*3FM8BggtOv4lA|~bkSonl+0jTCNLYoaXBLGmw9nBKZ@{<ii6gf
zQ<I)$i6AC@D&U8b!z1w0fIG!yWku<)us}byM@XESx}iCnb!!?hlC9z8QBto$M+;9{
zv00iG)10W}#GcM8;FlMzDrTb#R}>#MTjpF=VplqCf#lG{dcr(kMu$zzeRpXZ&72nL
zPOLZL!k(~qQVEHzD-VVkuNsnYFIce_i--P=l2Hvn`r)Le<7}j{$|I4i*%Zs@Uh*R?
zVvvd+;hd`^3(~@*Zk6d)WF5e43b?UKeY0aW-5_yFoLT}?GqE^7DuJ#x<`&8m2R8Mv
z#M3ii^mI|e%-JJwISq>K%G)FIaFGlt<>mq2KZzg+?1W9T5g3W&Oo$qe^C!;f@-%dS
zp+^e{6cw7UweLp>(=lz!jxa6l^l~X;wac~<ezctUCOlU=TMum|I(u}ehg&$GHJ=*y
zcu9{M_rWpp&@Q%c^B>*Z%dtwg=85wMypA<TAAYvT&4-IMpACHb@=QB*UVHcaK~HLg
zJ9dwk)Ev1FUW&uvd4Vh_+u)vb+|`uCa8c{)%dlde`^7@Hrw*qJKo@u4^U^v&xu7Fv
z?3eR`GAkSLfwE7R^MJC&=Nv)z$xC+-|G*Dh{Hz`Ks2%^LEqBnobM}Y({4_4YaiXL3
zGPnhBMdyd&3a3l%EE5Jc%P0~7RoSSH3{)_tx~Cs`<l+@bf2!0l`mt8U_<0*pNp95+
zLDcIV5BBAl7SpCRSc)f{1kTV{p?elOG<kb1h-Qg+en-7<)_k2lOlxmCGnF4<5Lx0x
z+$F+%j}v_pl@naa`5WR93_TO@XcCd)xB?JjCUY8u=|tnS=8n(IwKuSd^~Y-xB}|DJ
zp$>h1L_k*h0g90{-{)w1L7QtwtYB<9^DU86cZG3oMQ5>$4OM|BxxyB6>3nM2W@npG
z@$8JC?|`+wnICmQFDb!j7(Gc@7>C)&?I2ZNL^u^z>G~Y(<@r;c8c}gJk@d%pjesif
z@Ie3KK;m88okaZtA>p~fK~5-e#SPfET_v#)#~YLE01#)vT>}EWojqKTWI|dn8-;_y
zCwf>rlN|LVt|zcWh&<`cq}21qprhzg2RFg-CR^(>1wOT|@V;{KktZ&B*s1iy6MMGi
zR`JA><`Z25KG0nOXOLMoF<<9QigT4Boscv~dL?yW(y>N8mk?aZea^%DjuV1dl(Z>~
zxzKCr&l3_}FW3zPJi;a=;Kt7yqN%~FIY>G$NS~nm%V~Sp7oA=Pb3hN5v%5K`6ZUS2
z2is?CQ=AAEjzb(hKRRNs?9eS|(InF~n2#Ki1#msZC?5c}E5R+1qd00;>tl#_H?xQV
zUY69km%?)M7`^bM+%g=f$G;ZaWbSM(X!lwuz_FrDaH%vNz6TD%!=aX}pYpTd%N<K4
zi+MS!VmKZg*^O5PI9YssA%d1KkVUzt`8%NPG=dye*c3M2FhH}6<!E&@bFuc`SXKVQ
z+JdGr+d+7xRRkL>u7MUH5_On<s^NwXG}XYa7iMtawGBp{ynl^9z8;txWF;^zdFl1=
zgEuARnuWBV-!#e|qh!J0COIda0BXY3Tc>}VUkbj52`)#uvX>B8dKI8FD>MQ2+iKnq
zji(t1HvIJVojhDpu9V_2&adbnHs^W8kF+l{|Jx!EX?D-lv<!KIdTNfH@^At7D#dQu
zx%*MWmQ9$o)qpLTHGm9?n?WW{-(?n<V6jpl4}8W4WWh{DC^7@erXdF>;0aN5^N$lL
zdM&bL42tB3kl75feC(F=`D98CjmpDTBgfQwpl-JDr0manQSJh(@FpFfcs>QL0o&o=
zhSfVl@;y1Ma(9KPaRfEsKGM~Ye5ZoI=WL$EENk>u!$MKHhyF5e!$V*WFA#$o3+^JG
ztP9Cp;U{{J%;)qNlnl8B!Uh_a9x@O+ZB`s^LyA8Z8<_8=oaW{@3<kKnsLDB`DL9)5
zaQuDG>b#p3qnh5*|I!U_dCnQkg0;_<;Mr@!!V+SPcoZyjP+fdTqWg=EXDox<{$Lpo
zRIAtFoI6(QB1cR#zvB8U3H-9DBuJwk?>l`mqt#mwsV*?+fb%&x(keUas^I+7$w947
z_RvGa60S4&NT;QNhl*y!QpD9$!wp=i^%@(`h;hgv#Xrxdy|~XyQ3+Zt<1$%rUJy~D
zUUvzCEuYp%tfyDbUA4wvG5iKd%UjxB?pufjmp2GitP-064cJo*v@>1p7ZY<<ad});
zFZPE=%-*Y|rJ5ePtTbbW1KS65O8I2JP%uk_Y-GgL-CQtj{gbCd%7Q?$loNfZ(lICQ
z2LJ8$W`d}<u8S@W#7a4vR_4))>nwNf(tS^w520cHxQE!f+x~2E%w{pI^1%+d!@-0;
zJA+i(JmF@I(RsZ$DG1`$un)MqNfI|@Cluv~J1yzw&=u6i*p@O05WOJXV~?wH;w7mS
zaA&vp;qvNLEq8W`9xRkwUK}ud!&8O+K2;7GPN#Mo49)e92=o{D;2lx2qxvDXJJNQ@
zLl`3<X_mM)6_OS+(y><-C394aF|SfN(y!?nY<g=b%3cnBuRRZLx>Xe;Fwz><4UTeK
ze}W#FxB<!kM89KnCm86F;n9cbPSz_1W|i|w7bBlr_pYk}yD(Kb0z##tprmOb#2P&h
zkQFt-Ofoevav-pne$9a|S1OBnCXyA40O&wXAT#(LL2&TSwth5QB}ZuJlqr?h6-62L
zO2~sdDR(E?P++Jj^Y31b?^xDn#!KA^DvPr23uAi&5Z#yr642hwhD^wT6u*H^3^66P
znJm)5I^Ct8e#rC%zPJG{Q>uUVneJZ8UoT#hb|+pVFJ)LMKaSQLoPwsBYc@aiG+Hko
zp#{~3-i+>Hv{E{F3+jaP7gh<+qBVMlbwR~N8CF}A(Mk<jXJn~7ebOG^t8{$rZfZwz
zOG(B3APcU07;TUazjPltVDH)_q<=;Tqiic)n+Wo+n$w{FXrV(0eh2*Sux#ZfKa+U&
zF**$>VY=LWK)!>ZH$!UhrZGo_0RMcC9;iyY^T6*=Q4FZ^r+rlU(|{`f5FQwdEgvAt
zZ-qxnrHKIEqX+4pJf-esNCsh~0%dKH^zq1KN<9T4{~6*p9uGJpu?L(_fVw@i6z1L@
z9NF+|C^BM+M0kkAznop-2cf5m-ZM$9ar>~ufJrv7mO=WJw)WF&9pMbGw`-jLrK*~d
z`atvtjB??WVLCAva|`=QSlTgi7T{}jb6_T{5d;OI?Q{4Rv9_3ZVmr84;rO=EiNCOB
z?y(l<0^d$fZ%o#BN;61s9mI~&_)*KB6=oB^X@ywgrrBfBayOf7E8^-uh4kc8m`~H)
z$Xqt??dHk^HI3PYF87FdT5`SI3^)W_nhIA}Im?Sa<vqy3#I|J0lM2xtGJ(R+nT~S*
z!u)S5)wCS1VD7C1{#iBk#82I|GRZMMgumop%YMvn_+vXj$h&2B0DmuQfUtW<JqXXJ
zRWlp89yrC`w455s&Th8_0e~861GK1Retzcm(KLr#??H8jRFCUjiu48w3bcAYPFK(k
z05g}7;K~`n_~cm!lcY63z+lM_2igD9ArKv?rfOsMVpNh#GRA&-kR4eHbO2U7$j`~*
z@l-kh?K@fwDz{021O%nw*(i^xvo)}t&G@r@4gj?&5!;SyfUswQX-^j}N|jH?kc~w4
zRIal7N{jccudRue9rVqdONnnb5WTSqQXw*8uH8+cbNEJgeQo93TPyQ&6aFo!zG~fq
zp$un(+v^z4#}MKv4XI}!<=gEd;p@(!Mn2w!pjg<5wi@Xno0DiX`yAZ{@pzIw4^xnv
zeT3p+80Hh2ZZKo2i}lyNu!btBSoAkov9klHD73W2GUn9KEhl7NQFj0zkQ&S-b?;J$
zvmjK??~=Jt$JuTsox-9CQ%M}0Stdd6jaJ}C>WrYmDXJUIq3!1!&D^+Vo*97k`l5z6
zcLr*PBDcnt#6VT7+93Id8}@KW^S&4261^!iHF$?R<a{Pv@8k;)(Lgwirz;e1I<XHh
zHU}9LFZz=*Q`)wzj&A{mgHE1`bL33L%yYO*wR?ohB&nhOhRimmEHO$0*CNIl`GR&Q
z@(~bm3lWh-25T1pP|Ro%x>^^wLB@AI>!ybeb;1U~Xysp|9asHk%DJ#$NKZjlJ2cY`
zwEi&zWi7QS095vLsIj@_kvtk65>?|?zVWE+;~S6GHthMDakWL5Z8B7f$w~Ig0e6wh
z=cD~%QjTy<!-II^(e8~$)3d2<ugzK8Q6J_`=1hQerSZ+Ax0j7}1*Dwlw*yu-3{;P@
zKdaU|$;eC-DCt(s)~^i9-+H>r1HGWRE_Tc}G7<b!OJ;C0L)*EoTTs&)=XTexmw%?M
zYdaC*pskmpJlE6ccpcyGgB>rdHJ!{SeyUT-p3NwX1axK(n(sk7CCxP{_i-Pd(MO=J
z==Qz2cD<>yFdhu3q&Q{TM!Jsz<q?d>lwFf+$*<jWrmF8dA~u5Sw_{_ubj|Av4#y&e
zv5^wU)vrN7utp~;R=a#^a3+r6EBHVaXIW?$wG&ku!dz2pD>rVqZd>Z+BcLEXah`CT
z8b|vttAYw{S}&+`pPMs>#W*u!i_9MVGBlxS%G@!S<dSXq4C=KZ@gneFcEczYQs6Iw
zWOdEAGopQ+a|e3{BG?*5XCDq2_0Dt-Gy=d8ZkK(|I+>69+NxckG>aDbwA>dUe;ONg
zX1z1Lwk~cQ=0f7f8|Lwbdi>U5(eIbj&G7F|G8>ERNOGTY{}jh`->$k~A-o`G2-I%D
zOai}R&0~#{uEdU0TsNt9c6>%dyMFP-4OE(vW^|K_pn@h<QW^OIr5naca=zktkCr3A
z%SX0}LUe7u1dbW$qK7Sh3KEdhOSA|a9XC-sg_N-w$D@F=n;0aC@zgG$Ap}?_O?=1A
z;TZG`JR6x#m>yMqs4m$=2LabcW^+gFO9{_rE?LvgCVIzfPudJ;@wC)VLb2_r$(f;U
zRYcaa2KuqY_VO@3EN;g&5oQ{<*VSTJ82K5uhIccEd)Bk2gW+sfat70Y@Ia`HrvbnQ
zTrmy!8Aw~riaUrgK}%a=+<`V-p)>H`OC7R1I}46XJA6*I(ctN4I6j;Fn}cI)MioRj
z^9UvB*;)#8uWGkjI@49-B#rVztFDB9n+pKx_O%YVo;1$MdCFImSvwJs#7PFcTuvT%
z%3j4(@KQ}xrXBCZ4crLq<;b}|C5-FlK#s+i&U)>de#cl391ndb4rgdEi};)KEnD{w
zbp(R5O9Z{^%;^L68WWOGFOJi&6+<a2cOqV8szac-f`o$O>5;haH1|cbEzJ7`BXMC>
zcz=%=QV;c|W*be3M0xcX={%cEi{8u}4pO~K<{#G)$50Tj4mx?!#9NokiiY9bE^^8o
zn_35F-1wtD+VtTH0PJPF<oh-?uc+_LG#I`hN5&TJ87PQ~U;LVraJ9Ddc6F|wQW~2_
zq$T3d;h|Ya(58dDNV;|39NNTF#f+dRpjh)rZrIJDoH#Y1UP17MGF_gH7=@F#o?@qy
z^k)-s>fxbe16l@3!>;m(U?>?VIrBqsl?4t3fdO@_4aJZ^!b&6JqdsC-_KO|BoiyJd
zV}VCHTzCrDg7mC|+z`oH>ACdBo3C4ALF=m!61AuqdI6KFLrIqAR&Nrwdh5(85KhBJ
zzSZ1+)!rtp9nA_*ut;ZJ)@>#F9b-0l7x&Ee$w+rdiw?GQH$i=ufz0l-MGLD<iul8@
zwP>|jZ|1F=7M}7Eg?z15+Ze)_xLegKP0;`gYHd%2$OHgQL|_cy9Al`SAT06`_z;m;
zU6)LO)L12Fe=}i!ZqcEPmF3jT>a@4#X+r(zH-Pt;RS2%7FGr3JEG)9R6iQoJx?Ps$
zn2p*xbLj+P)^?P09%Na|`<2xr3#iH^%)mxCJkcJbzos?}3apctLb8)cj<mw>v!^Du
zGa7A4T};+K*~o;?-)R$tfPz2L*76(dijjhf{hSbXU9vo-c}LfsiRc##Ye}-=QZ?<H
zNwz-!B!tze(lkJKp4Ne#m78Ko$pj`-vhYJ<07@GmTn~0B*qCrxkNOM_=yK4LuM=^k
zlpPCp-?Os<?qWl@p>j~`W;C=;GPQ1<7G-c3In_sE_0o;+EAEK1rJ`1SrythB&>Giw
zk{w_~j#MMR)7HKrCHouoHI3%5-CtLe6@>WgZ`jq7BU6m_%bSvnOXoqeCKEY|i@R^6
z0M&UAz+0?ULhi0UfJa4a03@f-hKQeDBkp|pZmVxS(SF;qKbu?zYqn*~_SnuHC$V_2
zl{eTb9BhZB{@R$Y9&^lU^;81IJ2DfU*i1NPO1T68Rn(k<i&oH`!f!#PTF-M`1JtYc
zZo!mOz7VG($Lt|3p6laYv{o<b4Lu5!feAP5RZACwl_i*v*6Z>#nX&!GE1^8wSatg5
z6}!Z4mT9;#;g8%A96=Aj(<ycuNq>Lg1jmdJ$j#s~HEIoHLu>Vsih^K+fv<x92s0a0
zf!QGT)K~Whqp{eY8Fdko<RJ5bjzbZXLbPGF@l;7TouZ9nCw>qNvc8}5u@kRRIxT9*
zMS@Bdu{czo#eu1ueX?+0__&L1_E;Kgz1wBtWgAyb<xl>8;9$=zn%N~Cy5r#|!vY#<
z(;n>5r@juL0+B&;tqY>fVUx$C*hSEZTQGUVk&NyTVVsse6p{Q+Td3XuOF*>00teuj
zD*!s$EB4ECy(2kVqXYSgvjnU&vy^AzwB}r60XisE5vyDLPS($sg(dPd*$x6ClGy6}
zh|@@^Sh#>vY-5ON>C`-=IYZ^jpex>+x#k1J+#xxgH&9+ad4Gr8G$FY&p1^I4cFVTS
zc4A_)Mnd->hn(f<2^#Tv9_k5n6Uz(S(X;WGCT~z45F%RMHe1tl5EN9EtB)&r$W~G-
zwB8Y0zBy&nJz@~#yU(tF2P<{*v>idZz83Rf;N?Ya3E2w!W?CUPH)uvWkYeH>hZ_>N
zw_Sz&a9oZs`YHp*(3-=N@>gPaCDRQ$<T#ytwr3;I@8lMFgmhxy+&`W!yw95C5OXf(
zibrk>>7=fZ?}InCfW^Advk~HaWR)2^lR3lrlN15A8nY2x+?lBqWDv=O1_R=HL8W&G
zL=1%_;t@7>1d$UL5HCAh0qye6tS89Xbj9f0Y&Mlya&#8Odq#uVYKI}GP=?()lhnqn
z3n-Oz&x&Y~xaY5R5Qb%BruhyI5|Uj@q})Lb1S1BE;R49RxU4E5X;xKGGG3QL|H_jU
z);|@Z09XNKhL|?sigVtQDmie+eyFM9ihb-&ynD=&S?#&LJ=|02XuUYH6Yepr48IbT
zWO=z@9cH7kO43Ka(iUP8fTacg^UU=Hz9*7CFSH`@bzJj#hFCN+p>%C|s!B<FW17EK
zT<`Ed?p?n=$LdXmp1H2nmpKJGS=A_#dQwy|*LpB145?>aZp3jh$LG-OB4%BIFXvHp
zlZTFk##+h1@hHNsI@bRg#lX<50_cQtQlPg;g(Y_tbK6pC%svY>5`4OQ+7V&%L*-Cu
zcGY?ZK&?Ibgmu{B-?!<ur5T55R*b?3UT2z_q@a^UhI>mD@LfWc!xqdLZ)6ZFPIuRr
z+{cHWTKCZDbqxczv@?FyWKON?j6H*@-fv=T0{sHPXOPO!@X7r_KJjhthk;gho-(=S
zaw-Zv>n|Af^0e)q5A?_p8E1hCIqYqqL+&K*eyR1zc}j{A(X!_ZyN#YfosR%TbWK1z
zd>J&+(G4+Q70r`Cs-9rJRg^cxMs4`9Q5!4gE|e29Y{>fYxC&y8gh+AlDMXh{@<GPQ
zX?pT`h5XW_Kyzd@+g_C*D0YJPBdlO?d*mC8TTofL{BRqt-9_5)1CMjM8ZxPxOI^2S
zBo47LJFTBry-6_^hgdg=xuH|GSeI~zYMtWehTJroi9Em}`(cMp16bjL(^%8CI7OgV
zx9D`saDKhY69=?Mht4JFTp<Qx#oH}QOaN@TVPpd6dD`lgz%ZD*eU2%u*_nl6hL8mZ
zX=f(H1%nB~HA|%rb_`qA?`>KP39Xa+mFZb=xoku^11u%10ad|96ss(i8>o3i6v+<0
zF8zdQuT$p<fG4c6TeeFAZ6Tup=Kcs6cytrM2C4Io7I3eN>81<8yWM`)XczV&5K3Gx
zF&U?g0TJR=HTAe2Mr2b)a_^}(PGf$gauO!3B5WUDS8Y^YxJtsn5O1y{wb;Zm5cTCD
zZH45xaX`0e8B`~S_F&{l@#btT_Bn8BMzzf;!ctsv4wM@Y&(bhM9}Ch;F4<eUY3rTk
z8`zxxWqQk{=bh$`7U$0JYOKg)S$%tLX$yC%T@XPLgjP`d;!rErrIl({jnPPH>rZ3#
z+hU|e@Euh3{uTFhPF#hqKyZZfzU|{tKDEt{Ks7M1(tNDxtOu|IDOgK65D98Yypcjv
zv~9s*k2Ey45{4S#7W?W7sJFL=&<-5wCnU1wd(SOGtmrs*aF7bXdWmgyFv-UCO$AT?
zK<`v#*1#F2X{~~JLZl45amX)C!hi@}Q?3C==scqadRXPmu_vJ^$Zji-4t4#*1dgW>
zLKyi_2`X|^T1#;lMc0W2%q_j5M>^?j@c1}R5X>3Sk&Cbc!ft!SPmpe9h1gWF?dW6#
zg&<R=*bZGVHh>^p%;<4fw=1kCt)<+rO)Kef=_h?I{p8BI#|Z)_!j=c19S*wy8SccP
z0w4<v4!C4-?h`^3V%t#V3@(Jh<)8(|xb1_|;tSZ|atqnSzIk<r@-vAqHZ$swwYt+!
z?N(ApT%umdC-lqX`Y-P1lOseoOLG7h0EH5ETPSiwpa@V=>S!o)1%OzW(iVDrU%Lf9
z*AXtN>Ue0MKFX-Z?_|>$*Qu=8e*P&9(G&RWIpLfXc!YAhL>o&WvZ6kI2~bwns`^;L
zKIX*2c?ornD6+H1bMc&Iny1|xPn>`J;@rX8l8@Jl$wmmqNkNHi?F?W(f9m{&&piKV
zy)8M%&|1=>yTLFNTsQ79!>bx@34N|X)<!eUW(w-T?R-!k7#{W!(4)9`T<_4NDze?J
zg^Oud$JYYx1z49B$;QRNFS82HJ@vR$A+W3l9;Mb|90aRmG(9uZS(!~{i_DbKjNAEh
zXk&O;n)3=^JhADMoehye1ez-c%4I-A&*FB1+nxw6G6l9ZGAtE{yxyY&865#V%(~m%
zo;u;yoD;08xtMZ&9v$J(xz%mFRJoJr=iBbNfAq3oy8WXBc13niamGXNWu+hF#ZFE)
ziRv01CJKDUxuN2;Y}&UF*fD_30Vh5Qk`r<>-@z-otJ0SFIF5>-!_?fVm$tSvm&TI!
zHl*+**DVWv9q5U@(-2%Y{8Vpr3i~is^>Y$R^T0Qdd#`sn?>VXr?~a0Yx!NiInezN#
z==|d5=|l8=^cZuqj-Kk<#PE;eieTh}J}1k-FBt&CLTlND<1ivFPh}z7)5Kz52VH)4
zmSZD+_r{YPzODD~l9fc9t0>tOV6-h#1T*{+a{SJ&AyyjflfKiU{i^b8f@*KlEFuIZ
zewkYD+GLzTlJ05gptd4gWUMgC^fQksLB;@lz!9xBD+VOv1)X4C_SX8*i*=;8OivQK
z6EbpVH+Rr#F<LDdA5|u%rLQW525*^CI{@Nko$|$-dD<*!f6mhWky(FKEJN@bF}vt4
zj1OS&3VcfiE(z-X7RM2VJ2?;woSs_2driwkWvSJB2Z)A4dp4icsuKkWTF=<fCE#vi
z=}J`mss+o(lt_Y&p_l_jQq3inAcFFEkTEPa1U-#R*D3%r>n4wz{{mIDiVa;89iF|T
zv6&iJ+e$EGDXJLr)ezj7>3dtrko1WHZ;o7dVPopD+h1P|?z<qh1qP#RTNDt1Nxac(
z;tOgU2SmpaJMd%*w)Q9msD~`^_aC1s>MkQZTDz9F%~M76nCIj@Z%-(E#MR?*q`Fm0
zIN(WHPCcA(|1$EY6LonsMrZ!>nTBFYvqs$r$b=eYc;lNX+yMrvL&@XIo18VMAUFg8
zy0q&f{jX-*)K{<>rht8yA7<c2(;=#HAcWUn!^~U7chV^>ET)}dXfw+ogH08k6Do)R
zb7-=*=_<jl!m<DbbSRPRScPZAmQHWx`B;?y))eWDPWIK4m<mW%7P^O16sJ;dt8jTf
zzuct|iOs*?tzCe>b@7@<a;rrfrKmd5=(7&U#@8)(!^c||CsY)|M2ktyp?>k`c+Gh1
zY{MY5xj^!-Av}CnXP@XS<a839v%5)NsZB!=)US;K_QC>5!20#(mQYxQDC?W(N*Nu=
zocdhRyr~e}0jo$&7sV<b<1Y6-AV2~&8&v$hk1MG`fKH6Y@P)`cHbC_#={ux}x51c*
zE(*1v2iXx&zOX51eoi|}Fk(7%N;`SG94lcmtqV_`-+D|#`{M&uWzu3(7-{GQbO!q=
zo<UXxWay>g33e<Xt8)99zaf^CL%i^L79($CM~LGja@~oj8PO3m5MGcEBttEUYjW+z
z#UCI-%N%3zWkD-l=h#X~n@1@wH4$l87(VPeXzrod5}3!}X-B!F@Yb0ps6I>_FUGzB
zlS}>b0I@Bb8{G7~iM$LzKul|_ZHMoCc8IH^wP;`r?WhyDRaSLQx|_7FmYsN2WQZX+
zcT$Q?%4yj%JE)#d#3g9csKEB2n!I+~(_o;c!8EW+IV6-RerjEQ5wROp_?4%egQ4=i
zBn0+u^7IIyjgPstkTbJbP7EuGcLd35NJ?2zpE#Vd*|cPUYRc<~)`ffoeswnLGDsDs
z!<DQ@vqLIjHZv5wEPoF-*$7~GDs<bS?h#}pH*BqGv9;ue4HMX7zSgSf+4}6aoUnur
z+NFLzMy#EYF2?{m6YK+Qe-w1{emkzE66A&1*tL58iK~~=3z#+&LXA6Yt|MRKeIwCI
z8Z!hhG&0l_F<+C`JIy^_9vI2{axt16cGAbQUi#$K^j)3wYB?}BfO+%K)rUI?5_BTx
zPmhe;L|cWUxVbCJIj%q0>5c4-&&V>196FD2X}zTPywiKwkPfzPug=Dlroq34wU4I_
zi}&>Z%U!JDy&7DrhBr%?<38S%YJCZ!-QfMiwU9ZGrT5KEk=unASvaatN}swQ4(zSV
z0*ig8MASK?S*3)_m{cnt!WL!N5MP^J<>sO&2S^+q5oNS|5avT!y!I$b3YH;Mh3>uP
z&LQl`VK%vG;X1exXMhgil$1|q^oDnmS|1!7v??Q6Ap<0!IP-AJ$%?rm05>4BZo~KK
z<$!b8-Xu<2Wa8<B6h(k&<XoT#7lg?pWS{8}%3G+!u*_spd7kSl-TOYRYc|y;{@vTW
zZ&pq2gUn@v`#$YHI12D`Mfs>B*BU=k_`u_Xc1m%KNupzbo>xqeyZ4#W(3<sP@t#{H
zf#RlAXH6N~UFQbF4iJbvvn+)oRc(z((c=ZoCxQw96gEu=qux_|SWgVsVYacQcJs0X
z)>N%szP+btRG2M@qs)RR%9sfU31MN)b2n~y5yxb$p=4(a=^i(`YaAHB4xyb>jLc1B
zQBSMH1!u&7FI5gS6&Qw^(KvX^LOZ?Z+HlHuZ8!y~rf^Vmy^odB)%rIGT)y*5z`apV
z*JEadDFX=N;{AYb89hp-Guvk5iVkPNf#^RlaZP)aJPpMYTock$yXY~DW_2o1$iZl8
zCG}9|QkZdYNJ7CBQwHco=QhZ)gi&-3Iw}JO*e0YK<-3?=CY4-C0pOMG*S6W52Znd3
zI&O^>TA>SxnpGU;n9b>Oy6WN*oepekFU;pMFDX#y-R&n+@q_$oP$S5ZqnV+Kog-ed
z#DOT!IXr^CT&jY8NSuvPGPRlN^G>SK!j!V!%iBtB)vM*CpmbN&^r)_<)y;Jw$v_LN
zH$pU$AQCAPDo~xlvbNw{*A!KI5NQaH%;mUz6c=u<5kV6$s2G&Cu<drk*p6N+oL<j9
zy4NC@&WqWS;?HQ84aWsJpnWP>kGCQp=%(_|gysEeWJ;eXr#TVMaLfeeIkhrSVT1(W
z-w6+}Hz}*ii3p1V^l3q0{(?2a)UCGy3G`e(DN|$;m@Yu5t#(}GO?yC?=NMULk!8@6
zBZenrG405E!4e2bxYn>ksAh|$??smCM5izNjQ3~5aWLcXh)`_N_`ASaITq)ZrQ5{_
z=%0<t&a^Y44>RFzX2aWMFqd_h&L$*KPpaXlB<>EYT@v3cSVQXYbs`P!uGXD@HeL>H
zf&-ZiwGCsNLEjBDPA*b}>MSsj)T~@Ficz4;R^jAsQ@nt|UqzTNtj-?kktWOBgTN7h
zOnw>F<atKGo0waKKsc5=nqX9x>*m`A6b3!=kLu;(7lM3+X>b|*gY!_y1UyW|dBz=t
zAdeEvoz)KrHiGn|q{dSxMr<M{=~F~MJe8pmgt36mIO~YAx)3~ZIRj9F2u=g93aqG1
z4~?_j*<rPr&q%2pReT_ni5In88Eues1^19;%vN0V85{9NrM`!hkEFLnwsStTz=nXv
zc4e6D7QL0OqCeILOAo{%_<DOrFN7Q-M)V^vg&<x=#=nPI8^&gGIE~?m98@v*u&N+w
zCr%M%i=l#j@#Q9l(1sd9Sdc^%=IEcxJ9f$A+6+d3IpoaW67qhW>&W`aTjVtk_Z9D9
zt3ioeIEhQ(Nq4ym&ZF4{c=b9kuc!(wHKUGmB559zFl{A)0b3K%giH}SNEPAgT%zl2
z2se)*J{Igb&}3KC5b6yDa7#FN8*$FwaQ7i*Wnt!oY1uu2P(BELUk-kcg5P7ya5?W%
zQDNCD)T%uba@?doi8Yfw)2WA2@3S5o=06izkhe*IqJbLhYF1dmeH*5FCr1NH)=xk>
z5hWL?1#N8jnM4tCNVUSOu;91!%Nf-9?93cmhC2jV!+#7;sgRP{{3|zGtPg=Xz#j1j
z(0pYCo;`AOcMT?l<1t~McC-013}As%${h(A`Y8t+c#0qIEVWMD{p^WOdctSGR;a5h
zNQB=rLN{9I@`-i`xymW+RX6?2)GL0)@8O!?!&OruTmMR;vvF^^Z5g<R+I&aB?~B3j
zJovq1HzWPt4c<Q*{4RpuW$=3z{C<~KRY@$i-Rx!^Ah%g>>M)Hwv=Y21tyE<<vw~=o
zN4A;(_S`cmIBN`o*~mJuaz!zS;V$Hu8`ZZ!APvshas+)BZ;pVV(?iXJ%^}*6{1`|p
zIQMTYqRCGLf)M6%x#<}6;3`HZ-ez7c`i%pEg6rPDK%wn}y%LizPf3x?hX$4Vx#Wz{
z0B<AhjimEN56W`vALjIIy0T|(^fEmtCxgC)E?aR>$_LPnH{mefD|cu2t^lqwpFsj<
zZ5_1f_cHLxIJ9!o=jn`2S|`DJ(F<jig9Q;!I=ddin($C1`y8of2&tK>x|tuH^)Mhs
zX_RPGfAag{U=*JSP0b`d|Du{OsNgKlmzm)5tUp~hJL!IW##(nD+}l2j|Mg~WdhO<Q
zQ|*2@bF`q3lme<?@v<`k&3Z2n=|sxcF!9KU^e;@Aoa4lF_$Dhm4SC;#khhF2RphP)
zNkb5$2E>CY^Px+gPQ${6XVW~=C$odr4UmmSa}+a9!V3fvE33ouI+4U`YoZ4WV-2^>
z)tY#g6|u7r3L7oI%Q>lH3CEUQNu0e_@n9W`Q<{1n1R{~b960*zU^F^G4g>4KT}R7A
z*`S!t=pGwp{XF9SY5U2xGwvLlfhsE;k-~ciBRlL2aP*)^8Co2?+bZtO-l=%=5a-}N
zIFo=q-`eYnQKVZUu><cURp&$C_RN3X93vo?eQx<8lI9-l5R2-hXV38HzFURB7m+Tk
zY~{OUqkdPq%spE3jMJ_eMSkNS-W~Z+JRoD!xp)P6Q`sB9Mx#-f0IebTg&wiUuN<~m
zLr)VRtiK_Gn_}@5%5cnUM>~L<>J|^e1Na{WJ~Q^3<ze9Un<cCYf%9E)WHTK2`f^q(
z^wd}Bq0#Pk2dgSit5P|#2BI%*!4QyvmJ8PE2na)vkdAn2by78mY{wdJgDJ1mEMNV?
zVKF{fg9nP>Mmu2(zphk;kD)+k!9-<BZUR^5i4<*ZEwOqN%Gqg%!w~VXe7Vlt-a|u?
zC{!vtEQYgTBe4VLX4nW(fAFAM$W%unsyhNoan-0>bB+lzmd7Nw6}rVRcTxEq!J)aX
z)iu}BEYynJ^ze_n*VDV#SC}VSU485BbTd6X%f&U{MW0f+<=QY!;9qO$-D~C_>x&y%
zx_ZY2%2@8M?r~$<h>nTAq*_qlYU)_fB24hv^evA)`S?YIuAjiKr>|bTg3Y`|S}d#X
zuGvbX{rV88hWp^}`zEE?MbpyO#J}hF;ncmSp;5-+Gr!)#ZFg7Ocf-H!p>0)dVc0Zs
zpU(8uQY8!<SL-e{_Mq1z^g<vOlenq@PCKiWz;?X8@?t~h-vVE(zC{q{4DZ+7ea@e|
zX{{5c{#8?{lwKw^6*oG_M*)v#p1`~`+ifg`)6SE?k&umsle%HzBp+jZ#j$WwI9=-|
z7d=^%p-E>W1SYM-C4VJ*&)VABb`Sm=tLOA`JS_s=h66?r+~W^f8!nt#L$0?3L3R<2
zf)IHtc0cNq)5`(9>_Vz9cDPeYVVHzLzB5hDPNlD`Z4q74NI7{xsa4XjDIkI5fmn$P
zqJ%@^)?DQG%M%lm&TGQC7)X{hivUN5b=WN9w`m_KN4clx=E^<eh}KOjm?&;jUAavL
zk2@sf3rq14W<gnIFPIxO*a_wd?t^*i884${VKb?7U?A_};MO;Xsz4DinX?0y>oVpa
zt96^QlEu&aoPI}pl5%wmvm8+4b%|O8YIbj!@7>_!o|-I;T}{N6XZMc0Wza%Fq%+jD
zkWhJXGq4Ft>PklIiBQ`*_F!nd*hro`!+9f^6RFm%6@PVIoTdw9-^jcPCj#HDCBzd&
zb{fv7na=gjGwpx|U@k=r1+D8Lw1<H|94{M&ZXsPQA}v(2on>1nj<uJO!UtQ2P~7kM
zy=AYa*u7<MnmcfBrD03UU0X0kr@N=R>wz~Oz`H+1<hk;EA@)w4yI|cwE*MFsI%D3Q
zI!C^ma3MJ_ksiF}9DppUO-tt`fj-Qri*sWZlbz^ed*u+ED@feY9&zSQBlF-kxnKmX
zf;2K4fP!#PoHLgXbnFnjat1CTI4D5!-D7d+1|6!>m!Oqc^$*MP*?#X^TJ5{L*RJ1l
z@9L-VuF=5%zKfLC6ym{j4P$9K=ekHcm}@#i$%ixWdTy&s0VM3Z`HIzXcji?Re9Rj$
z{$+38mlDObsQLc9O8Q1>o;G|qnA`90D8=g-&#Pk$vdWAu%SEH8=2cXUjYPb#irKs>
zYAkKMj)Qr1WP`CG44emaQEv|C)wE~icu5N}Z;763s>I*zNB{$WsI_>F?qK*^KXyVf
z@m)DujgNb&)7Q1ZUu+H_lRoE`W7RDwU;Lv_F&@z!l(sO1D_X%25yyPl7I)4ufaCN<
zv3|l=be>31S5v2rL?g(c&U|v5U|fTt89IuCyRN6OHXA?~Q;$QKjrbCQyDD&_QPpB{
zbd2`!h_!Gq+A@%EAchN$?dvZj2@+PuVL3b{t1=~Y8)9!Q+>6YY+73+qLH~zf{?HjT
zAvm}7M4>y?hZMVVgHmciOv#~HlKoslXvBcX%W(I>4I6CQvTmo>ZrpuvJ$5<FIlT@*
z)**F>LH*j=>I2sutK_Y3*_+zKt644h=I+7WtIK?cZ6h~W=Ui;J!Uc1E*XmAm>&OJu
zlI#???&KaP>l+4ADZgvp_u%q>Gq>}ctv+W*;^sM9z58x?oS;?92$7I870vh2gY(|y
zPY#AlN<JC=nIKqso2H(M8h5Dc#(jo05zA$!_PTABqqZ2dg6F>#-0rgV?si@q`Lx$<
zGdJ&f-PV*Eb4O^YMcje??yHfV1mghGT)P?7mT-(KQUdBqhb~ic=?D&Fx;rUn<0|nZ
zKtnz@$norGo!uL5#{iXJ=ua={NE)ypU5QmWC46vtX_^m1W>@q!g?UGdPc%`ppNYl#
z2$)o7Go`!<XeA6wvhoH$*wh=jv07%IX%C(7z06L8ZLV3TakG~B)Gdxr6xEI}3t8#X
zIQEJn>9T>jM=RFR5EX#~KXsXR#4>p6L%FwUDC>XdhO!zC1@Et0Um6ZUudn&^I0Hpm
zwg>Kl6%({OIOI>8yAjuYlawddH6MgVdpX5_G@8pdDIN^w!ks~-7xLmGnylyKI;c$N
z(Y|dX<8tKpuEycwoo)WX8Q9T(^q@3XGi0gnsR*qq)^#!aN*2utWqDxxx^1O{JemLI
zh%YnffC{6U+cV4-pAFz*=*JV4qs<irYH<7X)KI83M%4x|y~Xa{w3DEj0+oWMu6x%V
zZXjdH1wC2SB~m>IW;>;-BYP?PigSMMhKn75zS4e-`Fi4f%aU3ge!BwsAzX(D!a$Ln
zGCy!XnR^CKVdb*{;Vsi}!8i%Xi~H8s4+toYZcp3!ZbA4&p6e62IWc4?5&$Znc;#7J
zig`oCA<{PWmar)fG+d$)9g-MUKV?=xf)LGRSs$DEzSaxj{Un7e^MI_hi*fUI2`;eB
zL9c;}TsV@LA53avc~i3#gR&xxlv-tsMmw@X3Tei;em*T2OUe-`HvLe?*G*UP38F;0
z^rbb$ph=$aXj-Z{I-G6Fvpz$Yml>!WFX->c!vL7oo?#sE>=4~6CUj1{4IF^^jXXaR
zHZiucds^N0-3P6^t9#mQm!N@)PAs2k<8(PPL@bo*YnPFrN_c>oKF#9E(_&O&k{>9=
z0*;FfHWc@-t`ytoim!ZIA?F(=@f2pFD%$8If`5!739B)EwiSh)I5{WJ@YI@mWkgh;
zBQ&zsiDrX&25q=*OFU)T5!l58Leo8pE?GOvT5h(9+fID5^Ufg4va!pDLB28q$OyNU
z^zlr3l7?*NivDrhgR#JtC1)_7EZ<YQo2E}&)K#l_N;wCajVE_8<)?iu_UV;#Tj*yL
z4JkivKsmWA>3DLCOFl->vyWZkrDxXJ9yR*><ACPm1sc2BYzi$j2f0WS3b59q8RWH`
zWJf6@O;!v)O<bX^o&AOmpoYOskXdI`;R@MWR*0-q^#?gpR(8D7i9dt1g>!?IDb|{d
znBG+IGtN{E=DaE&>&WGZaqm$Iz>>kz#SW`tvr!U-WV$+${H@N7U3K7EalP9$ZFal-
z^WOFA&1sZW!6oCD%@@kZ=T1I*rh2i=(WvKi-BF=>!TA{{T~_RRwY!LJ4x1wzh4woy
zK2rC0QEFFg&m4z*5-c-4vkA$s86wuXPLtIXihBt^sbp2TkDmX!1}|V&gR*kuBdwpg
zPEzd^J5y4XFzaEr4Y=6>3@Ga<G!WMOMb@p#?i$@|({hRKh@LNAu_ZHr>JVdP)72B+
znsyG`ik{+xhT$}pox>~ukpvD)t@<!K9QkVwPk6<b$qhBgCL(tih<@RmI}qO?lJFgo
zH!&i<(9=g~r41EP<Ya5hh+7o4{!F<Yc;s?mDuh=+O3+CL-U@&bOWqaapF(47FTm%d
zQiP7|&kj9PgwJ%hF>%NhEbK+w=v_?<$me9<p-|huUmlDi2LPE|V%TD*;7Sb{Q8fJo
z04;Uh!g;yX(=zuMP`6rB<#s?bNjuJLH}3Fl?ft3@=^Z>#YYS@E$l_k5lsj0;E&`f@
zXp^G@cL!yPVzi3hxh(sJ8{wM8-f%ijdNI0ws}rj(4(PwWJ1|h%`e(a<+%RhvdsG0s
z=#SFR_6qUmWFT|QJ}_)%*U|k%o>~wglC*4U5gJEHAdan!vPGM}>_j_u6_UWZ7;0FY
zcJt_<N<Bi)eh3b|Hd8Zw{?@^CQ++-oA<^=#7DNZOL^jwhCq~W~TA)Ilm(9ewoZEe%
zg4jtx#m@6;Ya}48q99BX9Hwanif5&1>xRM~Lni`&ru%(n`u>%3k7pn@6YOLv_?q=p
zREnjh@M1KE?0{K-b!lNB^$_6GEE50iFx5kaf;bE_7R*cN1R#6acBQ|C-)ZY`nLEmq
zEC;h`EhEw4a@2xa>y<(C=E1V<PkLrwRK+OLcG@by@YXM~QMCx`jM_Ez_#H71j?s}j
z)eW;r{BD>B$LPisHaJ`CZoelRwXSTKzI4)~Tkp<&N3jld5=iDa6Tn$QKsO(4n>*PB
zjkpXIAfg*G(4S<^b|-nITY{TKDZeWf-Hr+bPVYzkvArRz3}BzS?ImW%(DH#dIq+b~
zb*hFC;Z#ipv51&G7CykpE*kjbAE)p%Eq|Dr50dYAdCXm8s@)5Fw6|oJ_KwWevRw{}
z=3~B07y9|G*8}r=*#m|4op3%ZD2L1gx#bxVav=%{wx1u4z5bZrOZLa{nZN|)Z?9%!
z=okFO+SSFa?+nUv;<b-Ymh6FuC9-pAE8mf=yE82Ne!t9v<*AKfWiybBCPEJS#ePwF
z{^52BZ7A>2ar!q27Y?5+F>(A!-6`57I+&pqG9w!e1oR9yaCLLFy5bGvWx*QRr4Y49
z)2%#opCznOBZnkt^4ePWGz5#0r)Nt9NflCes9J@0OP&6`nM*clA2iI?mfPI;{;{VY
zy?Emt=PeRU!Wpd^sU<iPkO=2QT>N60o(}rq>f)2MH8f1<!UYDO+4_Qs?}}Symw3yr
z+fws5D18!UelK}oN16FIL|>M>8L`^8L_^Kz>uX^b*4LKo#J0I|S54{L?8GoT^txbv
zBYik-8eQEr2{z^IF2j;j;n>*Wr8*X{jzi=eZ?j{?=nizO?C<zJGY^(oG$W!~J@J&?
z+IC?di4iMQn=$d(Vc)mLlFRgZTzGvR7Yiu{`=>$4C9lD8dEhrv9xQj)kWn7a_>p(>
zw%*NnsmOW?XsWY~%RIc-a-5hUWH_Ep8BmXC)iTWIB=c`d^ZU+lG|a`c6?e1DWSV=V
zUk-yV!K1WwZAj1_jmo@Q!h)#i44FvsWL)L5e!0qZqru9@?V%39dl?(c)Hd@0iQX5?
zdOcC5yR!@gh#X`Da$9EDO0XXS3<vmdS0wpE8t{Aq*nPM}HhUkV6$pBy!W>XhLteip
zxkd7bUBn%}g}Z55Yr#Q0`FFZa+3Kd=srUpV)9;0_4fP(Zchcc?ZLQZGP?VvWuNf`f
zt#ERZ=57sP8!dglsk$o9!;>P9=Ny=;dBiS2=Vt|LOe7$+VMCrth$(@>7MCfNXXMC&
z;w{hQG6M?L6U%ESUJ|*^RJs@T=N9C;TbJspXPuVWK3H}}%t}l++hC;erAhf3*q&~e
zn1>3V<@G&tbUnAVwx-^_uuHeFwvF8jRIU&BD%S^A&RrUffs`70^5kp^|9r#(r`GhY
zd3x!-C+pq}<UvTNlvBbbCx-@1ZsGegY*{rsxb2}53htYthY{if2gzAZDy5qyClJ_3
z7M-=C1Tj;UcBR0vU^NKbn8=Hgh6ZmOrX!ZVk6)>3u@%k(T`AKy<hu~?A%u*=k<u8<
zhK-NG%RWm0L5<@zT^kI-o&d1sfHAQm>gb}B-BXlm%XD>vjh!QY(>53YMHgikjMA=t
z{HYpI7fVpH_zjHGc_YfemD611ed~i3RHKa;+C*lDN>oEOq8W|hs306lQtyNVw&}_W
zNaZwh&U<X&yl^H7X17~S`-PqZ{H-RT6Rro8Fq_K%#60l6!TY=ZT|Sxk-<byy1H;oJ
zG*CGl1Yn*Jt=G&p98qV?V2l)pjsQ+qkV|<s$!$JB&NVp%TkCGlh)cA`+4BbSwq%@L
zYL#Lo;H=Yk&_DVJQ4;u@c0w5)h9WpP5<xaZuS<+iJlBL`rUZ?|YKq8c+`0w}-N^P{
zjD%sp2WRkW>-$F8V3Dy@g{)@^7Op&R7)4eV(0bF=9W&Q^s_XbWZ5_MQ_?`8jlYI5J
z)Fq^Vs!K#a7tCgaPqs;n5P}@2geXLYatOfyF$JthBNgXuBEpz!19*Qj9thu8r{)pf
zm>Z=pF~uEcP{c~ftHKpHPSvmhoD~GC)=o*{6B(;Y+=r~)1J6g8s&JAOvXSsTAf}<s
z7QUdS$emanuf=PLc*JTg@i(s}=BaF2&nNA2u|Q@M_5mvc-GU|atme0Y<C<BdU<d3%
zlegu<^2kPFCS@|ix)Tlj1&jrL4^Z7a&X$Z4Fg+=5pzO2z{W379G+F8r;%zbA%OfN0
zo1M|)ur~HEC(a@YN0YY5kXBR@<x`H^#GiOM78QNbyJ>6B!_BZGwyp*(0jakO*M^CA
zv1f^;A9BQ7?K6HQiqnE+qv@#}b@ApWw(~DBwjgeNoo~{4^<ej`s|CygCNNmMvm;DM
zY8M<d9<V=`)OiqX%4EH$FYvtzF^+*5K@odRT$-l-cJ@dSfVvhT3Fznz5xsTwde_>t
zIYCHsg4%b1^JE|k!K2^^)RoDK1km#dHv7;mUVD>5M5Ocqmj)DanvkGC#s#u5#z{s>
zOz!0(vvEJ;N;-szFv<6e(u~<W&j>x)FxHd(ydU;r`6|o~t!m$A_xio`s%h>;#}F16
zI77lyc215f^FvN>vvZpgVmo)iY{)qJ%GgMBL8R3oEh<gnD93RAg7bpfq@L_0YEP3X
zz=>goct>n0fEbt~NQF8$BK#KTAH+WQ<RHU3x?190#p*9{LXqjvXOy^*1)RjyVpt5o
z&#|ma9#PiBW1+XL)TSxbE%8C)fW(Z6#z2nah4kerVK_-XWOg$&zmzv{rgCMPSHS3M
zh@Zq`X2>?_Wdtkf6ywI_TeGlDCM}y*L~lUr-e@R+<zY1i01sAEGo5&>8Wq6DsQ5rC
zZqA5HTQ_wQ0}PuT&};(Sq$D|U*;Gqrg<w9^g5mTWBdJw0i><CmsC4NgFddFz4OO4`
zNi&D<;LCX7DbNt|nU<(v5xz)xS)fg39_bJ(+J?Lt19y2Wg}BDrTUU1Jau@IPXzUHh
z{7hTr_A^Zby0Dk`ZUX*Cj+SBi(3ICUbdUv$zTWS?Yi|$>1XF51--%aAx4M4`^Y<J$
zw^TK$Dy%MZeQ`H@iksOV(xR!wQ>W&ZPT`%}!9@Jb7RG9q+rv&EmTtKx&3pI)F|9Rm
zS!X>$#Th|s)fryeoC&F9#EA^b?q-v1P)2Z00l1~NF<J<2%<LwD8KkojD0_+?XKWi{
zd@XQBAb?Ea)&)jjnUQ<axqH$)@~hcC11d-g8KI$($ynUJC%(BSOHhxG6j{u5x^?HI
zuvRqZeUrHB@duH}in>6OL<Eurh6Eg^zJKh4<DcIvHf$ZKM_ucbgwe9jY6^LgIt;c%
z!V7bH%r2-r+*F#hy-p1gqGz@g1bW+QN;MV)R2!j*#Z;m!9h+i5cXAc=BCc?e@qh@8
z3iV8foDH+7`1Q+t8Io5_IQ<B$ed47SaH5oDGF&RDiHDs6a>G5N6+z|6Foz#a0!YOU
z$P2{+zccn2k)2qnaa>*>9~fxmp3G}%YNL8kA|+4-)c#C8ZIigwcatYap3Wf+)Kh-U
zT-f-a*0`O(v{l_K#$%1D1pqqcO<O1iUd*1>R*OX*>Y2ZIHFzXIy1+S8fQd5q8sKs^
zwoIu*sCOH3$&Ovxu`5LWbgZd?_ROx`t08WVf>23+$A{I2U<>mphuNk#J<0(OjHCpF
zsFz;{d86Ffsqz>?voe`Oe|Ph#A|A3uI>|84DvT?)RJ{haK>80RDK=<}Xp8mOq<&cM
z4%Awpe_7&XYN@epG!!dzWCGJtg*pmTI}7aFs5h!ySJu*2w9}#D!W@vGitxw;ADE>J
zK2VFf8OZiZmCFW-PADnE@`a8T)LC%MYFZhP+>fRj-8wqjF6Fq;7a7=Ys)kgborD*O
zmqX!~T5WTHmKBYX^A=DEd@$MWW*YU?C;nb35Zxr?BAgb}ZhWW4jOf@CfA;KUfssY1
z<Ct!SxWcYx++DW%O3sSiVYK<{I3y&rX?n2M-n4<x@upx?EpAGokr3?;5&5g)xka)A
zH#*(lp6vu=1fQiX)b&9)yQyqG4Z&?U1EU<Os^B|D!|}8yTh{hY_EmSK!Y4H#+?7$u
zx6G(?)o-e>5xgKlg&COMQEit2=G1U#xO&4I4vuPf*v@Pqw;23Ww@|AO2uePIJ1Fnt
z{q5L2`YgqhWoiN52j79-MeOARA%vdE&9aU`tn@rHpIU`>yEY`un@B^#o47tC(@lD4
z#zA1<ndG2EtpJuv$WcmiZXSt(9uvEv9+9y?P#`ni2S<1^+vbxYlB<5cU-a^J97m91
z5~?X<a8!`~l4+pXYCOcmVeFGX)N?jamqyUBw9k*!B}v}wfJr%?z}hc;8a!FrJvlx%
z{!aKTh%iR}nG?(ET#86{B9b2RoVJ|Ar`91MOi9tbksm!Jb%Z2R;ij6Fe!6b?tvxZy
zFw6Ji9K8DTZNjr*>R(eDSofi~`R+q+TRHb69X3Nhu9B*6j{A@wwpj=sB)CrPP0HEs
zUd+M81zD9^zMJbPP*&g=(7Wlrq~A+P)3^l>i=mfdomC5<kw?D>6jLue^)!mt2`bi^
z6JizHf{kl>1nN80LDc58uCah&=r`2d?8;lqeL%WHoIjNq6l=x1%hc9MT+ZYMxzgj~
zynPZR-QuliYPGI7k_SUfD<hORolGD~nQf89AX_jJQLND0zGgz8xSAi;6mD6^5aGym
zCTD@lCy);#GKrszO*)&|4Q|CkEp0(twcKjnY)Be*lv3EJ^CmIssOW8+|DsaKs?8R<
zP~z01IpFD0!59x)*ywqV6-Qk!d-q#`r;`-%-uO8$7$oW*dA-6Nst?|Yu(Wfm)b8-{
z4JjY=%_Yx4T;_hZhG$6E&Zxfaj<pnwY)o|8T3=mV-)OsOKhkebuD3-|YuGwh?b_<<
z#z|M9OOy_8PCsbhn3JgA-0!M8&@CMp4$b`Tq*rGn^S8^cVv8T?;!uPSJq)(3agK|s
zUrlw%0RRi8Rkn{aHOMd<<#uW0`E1l)u!C4}eEh|-`zlk3Cg&aPdKU5^y?AP`haGjy
zJlDl$*ZX<93X&n4Eeu=BqeLNaJL*$hE(yF`_W+oR?MGP?G_T5-=TTB8S9q=vPCYB-
zR_^Xu&V7-?E__q$>;!~K9;L16hN0T)OGS#gbbEZAkQ@lrFl7}CA6!KBe8agRjMAr`
zyn5+fo%Ef>sBgq;5-5<>Bc6f{$4rK822!yL2Q?z*CE<tqU06IV`C;ChdDj^~F*jPT
z91cytmJdqtmut>;#nEZ6jIjoE=XTXJ0wObYi=gsHA}T=cS=wk7B+m;xJixhfR-qeK
z$AR02zK}kuhi*BNVn-?;l_LQW%BXEDZ4INao>;)TdM>jT#nfAfVv4IU$A*2u9PW99
z0qU@FKe^wH-1Q`b?mMkDtQ*M`Q@Y*pFk9AWp6)@_W3M$*y)5GhXY&-Q8K4JgYd@Qy
zchnN+(*qb1i@m9&n3N;raZFu>a!BT??f7dda;lWS2?6OBjmQUavJadSRMU_i&IkEa
z`IG^Z*e?K|p)@?Wz3hqggNnMz!~7ZqIFVjR8A=C;P0BBkVrtPmz)x=;&;_hj4*KMM
zYGmU1OAK$T$Xt-8DpyRkDZ)X|xpGHvUj7-V@+sYWY7*?Tw8eh|?2|coyJldE6+r%d
zs`fk`RceM_de(9;XZI1MNTOnrnN0c++Ul8X)F*;yt9*uGK8PVC%;$<BQ_hz~bdrWs
z1xc#*9K9FpiR7n-J<Sd0epD;YVeIa?B}glH-z!H+N4soSor+X-k%L`Ad)t&9qh+em
z28$EdKsP23#a3Ax+cr?s5n$BT7|hx-g%+Vs5-vH3ClE%1QT<LTN5*Vb0x3p>?qu^J
z=oY6ndhLlJ7d*zcxpDeZV4GA5v8dCznkEmaR~S>~d7R_t2>oH=OAzps5^+d$Q5Jde
z>5NFM=H^AoYM~q-il3y7Z05R2-1k^%p(Q@2T{G1v6hpSzG43o-dvsGIkxyVdoWvKC
z@j5CL)rnCgG+B%=uR<m3)n&Z8Y^NL0@>kMo5d0Bw78?Xe*9PT6MEMd^E_kM7n_=8C
z(l%i@*l?@dB7v){ct;>36R&t2j@`3)B5b@C91<lsR0SZlV-=#p!3?7$k(f_b@^RVQ
zTcM1MwN_lG1r|>Bivxe<Zs-i_b@dOsCZj5hJZKpfn6*OFG9oFey~9$}(jv!nI1ac0
zezJ_iotH#WMLeJ|X-1OBNSa*on4hv7lCv1FhaPKGL2Ya*!l_h+Jjc9INtr(;?Dre!
zTp#pxt`Dx9gXSO3w`aTQWm2ck)3mDKICmLkgJNpc9DS_H!vO%SL1qD}ZUP~?45wn`
zrwPo^gb5S{7*17#{;gLzPyn<{I8+v#-u$p<xFWM{$+d#I0;WBR4-)_2thxz@ne7#(
zMl<>7-|*BR&oJ#sRa6X34cA>JRyU3(9^z(9DB_RDH6#T|IXFW&`n-Slb2Devpgia%
zkDCPq-y|R-<}ZX{^`Qcj{h}P8siMR@sMTyZ<~T=$wuWhhotU)p?ryh3+e^fNO7f1E
z3cfONmwbjok67_db%;t>PAF6Z60D=6&Cu{OQ>xE>tFRZP4{bTlj9m}og(zxMIYbbu
zSVAKqV@~hBy?r5(SpX5Pb{K31S>;55CweCqS5^)y{?PQ6ZzI1Q94C8tvy&KFAhSND
z-_p#afBAbU=o0#dz2|LZb?Xylsqrr2y@`U-j8Y;TO1C~bdNe1zZ$t@LM=p!mK1ZTh
zxeV60lT2o0o<>WQPIN3qz!wTFN>AfqB>aw)l@OImdPQB@u?8Aq$gqkYb_8huG~FGP
z+mP4Vd`COf?$}O38w;8)tjQ|P;U6%sDm#hXY$^CGohJ_?WtYGk0-c}AN#9ETBdZ*x
zc&R)HopXS@Vv5JxQPL#C*(3!IdP>nmJ3mxABTm_%mdcqia=Zrz`62tMjtui{b~Y>v
z`0|gATz_Pck`jajN<O-jINqDU1=kvNXE&ejC=G`9(8#*;b53g|g&|iZ<@De?a=FXZ
zHn>-oH*39shrre1(Kr@ci(eXMf2y;NP(2-D;=#LsHr1J=_NANj+N+_tARN2my+Yn8
zX=Nm4FbnLngEX`%HeP<%$Qmv)i^XWCtj!`kw6oZ`?&Oqf9dzPc!tSRmHc;Dy4VHBC
zxEqD8Z#dt;9;TWL;O#m%LUH0q7qdQ%S)dSOO9t2Al!BCLixV?xsh6o&1}Dng^YIF-
zAcmQ5r&;f2;$yDkJe^6f3Q|$7*#z~x+_p(Zg5z1XvMHuJZExy2)@{xv4?UWtu2?mj
zi6U#48m2>w1|EW*uli@2@3LcP!%xurx<V-`nMei^mq`dFl%!)6!8{(`o&rO?Zv;D4
zJ<?v)iSz6AJ^q|stESN5rZEZ@VK@A%SG%407R?eo92u%ZZE(?!cM`)s=3|wT1ZI`u
zOVAx0S4f$nbLJPsV7ns*+a&AvDJs<T)YApR;z*aAanu?sIL-F_W-c#ohPHzCVRx;`
z$P#a4wD|S>VKw9&kL0x0J1Zk23TpkP3qp&jL>$#c8-+6HVQJ=?cMO$P0^@>CjLpum
zxcEub293#Ut)H1%{=_AX@u@ggD!Uhd#HjYNL>uqz8r7!TT#;?0B^|oum$PrxR8TT!
zp2@*y8xkh+kcvVn`U2W%n+QlP{yQj(Bo=Z}SiPA=JOIU~-#liuz}A^+D&DS>kUN_7
z4P&C_*U)XpRiQOq=Y)+T^nGG`5SS{kGYsTUU<x*xI#iokEDwJgX2=~O;+evrBInKs
zb1?53_v9E*S?9f*HU<vo1s8)1utnb@+Py;tM>YxT`LA6{T0%Mu-v=>nDo2{i^-Lnf
zNHdyA3*%Yf7MPTpgSWa2;Qw(QLz5p){X+06I|Ww$tWA!6gF%Ca(O3$K(|+VJ0L;K*
zH9|OIaVR#-hvThnb;}NClJ6GgYCEcpMqVsdFOklkOGne{oODTbPI5|}W&1Z9BcZ5u
zkDsS4SjSE}8{bKC#Ff|S&}`g9glgAkgEgd?1jvYDXMd^Ls$z0fW#uT`OPzFXmLO{-
z3&g6q8`JlwV@;{bnbQrxs=bew9a*ESqOT|T-9hPyQo$Hnz1Seg0cQ3#!2o4b5ksGO
zs2HYZt;$vWt%&rqQOFpom^<vRq)H*8?X`kE*O^9?Uz&~r3bqJqw1a39u?vcMj)Fk8
zq#HIqGR;v3hzfL6o}qJu6R7-n60UV}+*)P-qjGOS<%8o^p0jev#dkv36e#q9_?CC-
z8`57aAFPX_rl$3lDYp%^AE~Brfuq&3{$#fyoYS0^J3DrJd5zZl-ywx=zyc`)cM=-v
z_en9BO_41!Wp;PbEg$NEI<2v~7qeE=vfEhnma;M%W;gX;TL(po5QrGWR&cVN!TAx1
z$Hi_|YQ+$Q#0HGnec_~hj6WgFH#-qvGD3AOQGiZz<S|MyK^2dp60tW#jKehJHAMw>
zP;>-V3Eqmy`O)T_W)Rht5z*e$9kqd9<>XGXmd<t`Sppx~sDr0VAY!Uwh_IHtGw4Hx
zm!ui8t|PTc8c0KCN=U8)W&X0nKO&t}3#60I{FH}2SCCbd6vi<E;^w4MAo4BuGKngG
zh~$UZiZ3S^C`a`mtXGTXfo!$po@wCIs|cUIEK}q@^gSkSfhS5@;{1d91h=ruF~(H`
zV_ZcT<Cp9t{6TWbAq&J@@^TxB>sV^0r-tdux3gYw7u(00{#;{dGYo3R&Axm%3!gn#
zZ%sqoP0rVxP`N>wZU==$fM9t)iDj!tEt@nHtJXXFd}U5^WDCXCh(*BfmEA9Nl}SsP
z8P_}h7Jvacj@o|XyQHHt!1_5aVcz{K=ioNF3NBNt*`OTdJgMvF#A*w?)$Sf%TEMJq
z=YUd@!;U8OU7&i0(|m-Qx`82PGc$SUy^CI-oGBXttk8j%RRwH8$0&L<oEp|*2ffrr
z;M{<geU44AeY4f${G!5QJV9m)Xb1GL@rzEv^q3Jot%BNG9}4AWpcK^XOV$TTyx5*O
z0BYTe?n*K04QAjg!JCY}Cp$OlOQ?W#v_gBT$|?xH9)MX>U{I`sNils*uhE{W%wZsh
zrSzI%daLW#6)eh@)g2>DMO1)UC5V1-N+(}^EgG<Uy9I&sO2%Z1)d3~cDf{)xR$xhs
zNnWjZWuny-em6+|s9Cm2SP*s(JBL%zT<^YDFRFDb@X^2>tGLPN$E)7Q)wCQl)GVHR
zn&;?;@i}GBG==|6d)DHO$6E+xE{gE7rGW3|lAYSthPl#Gc`#+21R@?d(x;dP1z~#;
z_)cawgvw~MR9KJd%67g-kVlp4X1cnc+O>Cby*)Y%C|sYpHpy5Lc+6b0SF^n{rz-RT
zCh#G0V6m3P(UIr%=^yDHVUlrNd)$Rz-*T6qK7ZrV6PLE+dXwMk-a>m1ij5SjX$6Q+
zhglb&e0`og%buE2yS1i!g7;91RctCQcN?3aoTH8+APlI5B%Cw)vdJtsw%x#zgx(<g
z;Gv5*Lvb_r=-FG4qOIm9va{<a%-`t=JejSmeIljp*);`1yeE>f!3@tvFU3Etb8HOO
z6SFwm!Y%9D!#Z+_QaZt*dI-D$K6W#Ol*v2L_RSMl4I8D-Me8w_tN1OUXETQAfX|ev
zCVe;fcG3^jQf(`YbF1d(-D=hQfX>7{qwYkG8e^VOa#|Nn&cL+n$3n12l(U&Ub~yT1
zTd&Q>9%so{55YSFRRBM7;9`hhU1N+W-<wM1FIJ!Lf~p<p4t}}b(U$S^>P%MR3mH_P
zLifT$i}ho?gtMkr?PRxv_D1<GIiuT@>i*u9Su)cQ+q8o$-G&{IPS?}vhT5ZHCukBZ
z0an{6>uTl$_ifLxywltoF};S(M5Jfa=hJJe8`sT0R?NpM9rJ4)f0+)gbf}>GxweLH
zu$#4a^wo47s-XI&8!PFHY9PTOsC9o^b>G_+POC>Q_OgRqitmnkxZxf)0WBn%0!`RV
z2q%pAMRAcrcWt*-Eca%pGt8T^B=d3acDr)m72tZvYG9-^XsZZf0qGfdJ3>4ZWlM-(
z7Y7*=cGBn37od{bh9Hk>MsY4qIm)EKkB#T!7{6d{Jay&C$DgwI3;)zgOm^MS!M#(8
z8&olz!em2x(h0`X9UOHebYz*HYy@4|SkRZoZjknneU43sk`~OEdEcMWRTWtQurqEs
zm>^0)j9=R{VdBdw&Pp~ASdqbi21GBb6&~N&6T>5F;;p;W&Gf{I;b7G1L7#cU3z^L@
z&I)wYd3IL9*`_dlcMr(!8A(wtV1$`AdQ`EupmwIlxKq?A@Ldqw1r|ILoip7XXs>Jd
z5P9s{zTb505_L}yUk}jl`Wf(7&(XDdK*HJtBiJ2<r_K$%Sn05LtSBi7BwP1W<hVpA
ziYHtF*ukL=N^X|K0E@0tcaaz|GP50Kqnm8))gTPi)i-OpCc6rHMIEx6YMAx0!IGIO
zJRPz~aM;PQoh=%BkRA8lFaaY8!`!ZbKOj@sNzh}$+lFs`(|xmQavv)1?%OU#_xT)B
z>q)TC%qFsK17W^cKY@y8H9;Z20n>{Vopn@HPaA-xLApyq5mAwn&IJ^ZMv))Q0xBIM
zohwoT!YYVJt~8R;&C(%KA{|RF&63OJ{rJwg^T)mC{`1~BGw+-`^FB|_z21tZIFX)y
z7sY}6QV+!t^gm4HAU^BSjO&g#mmxu1hzjaP@KMa;?(=9CbZRo4v<%`dkwmbWkVrRr
zUTOx&01q@=AXGF#k!oa^TC!)_U7bX&%7?T$^ixqrx`h*b-*8V`C>D5<telKo>5T(t
z74|eDs+F6DJ>ZXSpgL>6Awt?vyiZu(=Gd#pYd>cBc5C^@KSPi0sn36Ms>n^b9j`2c
zZw$!jZ9Qo!@H!Zp5q2`A5q4;#I=Q8#Ud%e5W|2bGy1(M+H+xN*Q{Qt79vP|d^<frf
zSWNVNzuxg@?Nl>MEP+pCx31#VP)x0z1kI|pL5WC4Ts50BDP3TM?09hNnVC#bZCwuQ
ztT>mWf5iTP@)%eVvi02gqsMpO-cnHoaY|)n!8iXrLX|$#4i(4jq`fLvOnYe;PrJ7&
z?~R~rX8cbD^(Ou1Yktn}n;W<Mq+1Q-59kLdPqsn@h`i!z2K522kG7wDsj9XWdc%18
zNe0A@lUR{sQO$K{ZgnDgP5O97@XUjQ&P~<2{Ia4ly@b5+{*OpLXCHC!wU;ith}pw%
zWssMswo-chYI0sn{!~bIiS>K3ZLf^=1mzqFo81aj$o-IK67C$i(jJ#vWsgw|KL4U`
ztP-|FNU+Kdq8h!VZ*%5%JrcLSk{;jhMFrDroxNLN7c9nf-e4P*HvQ~7le~7}i}&Q9
zxHUs*2~GZBI@<e=nOxi`H=Ulw^$BafXY;2`q}kTg7rQ>SpkWO<i5qtY)#l6u&VR?}
z$-JVjV0-&gCJk9&D-B{(d#yclnvrzrbVp=}gNAYqZw##w5cg8`Svq9;^wz|Qpi$Ei
zWD2cYF*F%Fqnd%vK*ADvai^(BfzGhqyv19IoB!-oxE{5<N(hOU4P0s(<m=in=EvFS
zAw|8bNkEyFq<Oa#+h@OxQnBZ*z%%Wf$vYYBauWaw#lF_h*2t8e&_C970aJp3G1pw6
zNHG`(x$3>w)7)Ym!%jkx2C~4vm&KqF3Q1;$RLj_T!6vE69@JcKY{+*0Q=gm7;zMj*
zw>~>@|0Z!J|JbmvV*4jBG}~LUb!{!Yd2ua6=bmei;N2LvTHKSGal^u4_cZp<>_zp3
z3)tSbZa1VwSWzL}*nrnKt^edpsEcVu9!Dr+1FyXH+x^^g@8#46Yc$?8orhZ|)UE3a
zW<WKM%s9sN@5J!@!s5b1o^QtwIBTL^NxGn3fs|4`oNV#SAA;;?Mz<L$9R8wuFRfRn
zm(9<Hb{@6mvD}f`?H+l=qWelts@7NOt9CACY&~8?-PlHRG0$O7M5i2;+20kSkj}{F
z#?x}k9rLc<b)=d~+vtX^?z8maE^`*>nx3{&TKx@u-rEbCGL8>KX8s5z&FP2JD%XCj
z{+E<n?=fCCpU3?1$H>w}K$49b-`GUbb+KjS$oXdOQ=>N1wrIi=it^QgLH%-Zi3N*v
zALnWD-Ploo3}x^)B&&DQR$d@n%#G9Vl{8AZu8O{yTVzXPhiQv0ansW=b!AS{&tZmP
z@Oy<Y#W|mEza0<eMdO8L4M&1VZf96aM9jnAbrEAva>9An1Z<eh*3DAPpZ!a6rMqh|
zvB!TwrQR|@L25(AAF|H8Q=4#yDgDjhZ1>S`-1nC&_imE->z*pTFvwB#l?&%*FbX*|
z=AjH?{f=mIvTs~$Cpw1EJHF;wv6J`r5YiL-7uk>@V!_4#UXm^odcoGIQr>yjo+ju_
zGqe53|MF#iIi2cb@VP!|#~{a_<6E!!&bl}h=APVoRUZUR$7&8&H!{VN&0Bd)I_k{Q
zCEUB1KQn1zX4__e>^oSrRJT8A7e7ZJ=lbI48^fr)*6UtVGMk=B<;pB~|6z%Jmk>9t
z*yxLkImy4Ctz44~l)!rxrK($PFEcgQbc`Qiy8=$EHpE+VGd-Qr4?I+D+!X39`en^g
z6hRH19|?x!62^AU%JeV?=iIn})>ghC{GA5Ky)Xvnt|Q;lUi^=T?P*fR;KCF?nO{Ym
zs~$&eakV|Ojw2DaAUb%dKdV#E*mqE&k>|7G3R}-Y(wfT4JLl1QFJ{w*@E;_kHpX{f
z--G80!s|Hymfux^tA`&25N=z_<@|?8LQy<6T(B_`{zoCvn8;kH)^kT1Q?grtd->mb
z%;!dRMyr}&ukyHdi34W^FLTA_pZ~t)H%ga&|9KM_c<7c?p2K~4TP-A4cUoiqxS@cW
zDq&=8{=>TqhEKuA+Dc6Pq2KL0rU<FKp4C_-Ftn=kXRX|`UF4Y^NQ#u(svx<OtKwUG
zfAs?^OmM>b*x)%%tEyL}SsXmq$N_7=ZyDjhFdPv%o^%*fKYhZf*lxCF)PE?pbzGSa
zt^~D~5O+GU1?U-pWm^avzllN`3V$ugaO#jzQRNM8=M}rY!sJd5!kza!B%#uwR2c$(
zNf{5acDZSbsi^-`+=8wWvO0F}oiWvb51O%a>_T*Q;duPk2r^}aNyy-*==fb|*4btA
zZBbry$v&^M5h!Q?zmX?uy*se5KvsN*xOwPpWm|O2Mb9EF&u0mLE;-|Ix4e8vu4kT{
z;jI!m@uUj4Ktd8g@<|F`jsKf%+qajs?PrHqgD+Rjo6OAu^OI!HkVMmx)#D2)qw0P5
z+Bg=A{n<7%dxTK%cRM6GL)*IVml%6`ETvT~#}9B4G9rtV4UZQ@%Q`&fY`i9Mph5_0
zAbjPc#nzAPY+Zzbeu@{*dhUhSkx|z~+d~O~ZV>8S$t^?kz*+|>1*O#g=1Z+)|GL$X
zRTpdTSdUWnAMMa7X{nz+JqvPaPP{%UXvFMH$Hya3RuUC9s48=?vJxV)yeJ7MyAlI$
zV&mxfH_tDq+n-Q13QV87*t?iZ$yQ#LexUpNW`&OGvN1N2y+Cye_wz6uv2^woNxi_c
z^#U33oLw*y1W`^?9~?Vi#^zL}@IP8a$b)U#nqz6#-0m8)+X~~VN|gkHqd7T?xvUqp
z5!2ES<mv~f+Kk+Vz;E195PH=b2{0ZU*ds6iN;(JeI*q3l9C_9FUYC{R10_be3_Ac}
z+vo~>4s2bW?G)*(T-smG2ZsN)1>uJS376i$xhS{=7c1XRL_+}dc#blG9-&113B#7v
zwx5835jgSso!=6`={P10jOiR5l>oX0uCOp%3mn4>KiL2-co7)T3OW`bBHQ4Ez+!+X
z4>@mwTzC_a0+@CITn!k*2uH~RCkO(osqVyFRs_<lx_Q6KxU-xL^kcNmj(`&g+o!_z
z&mM$NHPOq-i<f|u`G{w|-nhdi_^%UAP$1p{nF=gHA<LU05qnU`d3pr?ihw}PBZzC>
z^T047<Ol~xtz)3LS5U|j4w&%;sbbpzJU~3+?A&IRz@I-U882}~B02$I(D9kw6bLUg
z-f?+RjbEQ#zQE3g&m-H{3V?s+#Qqa^J3@lQRlbC-9r|}0@waWYK_`(6vYXYpD**_=
z@XvMn&m_X;<2sKTs>6HZIx)xLTTMh5<g6jEW3K^>_8(3sPOSPPFp=h}K$!q!S_ksS
z9ekAs1J=M{C(d@bI`8`tTV`;q1Q;C)$-wKK?gxegO+XSHcml$i+W{N>w2*L=02u!r
zg6}zlAWz%8iM_@^w{iFd6!P-4N`Tk{a}Qr|UqMZ9!Y`=oPUOL7rm$1uUPCniM2uVq
z!a7cz!j}kuLeIisr#Qs<Ks7$Hx^sULO7s@Epn(*h4UBi3cGZEwVIjy~C}b3dEAWOK
zfc=lLp=ijw1mAy<%@HC7biKFIxf2S$N(KY-#vS|q#=ydi$O<}rM(qlVAk2XyMi|3;
zq2VZ1VAB?c5dvA+gl+x=h{fLXya58un91tkZ5`sG2!3M_jPpIlr9rXB5Q1?#j$Rpl
z^<2W{DoGw+S%)~A1Z6{(<v}eqgu2D!4)l=(p*b$%AtujzuVcH)J9riWG)hAbMdWm<
zgEl7-%}9Jk;7Z^|r~qy!)JXN@A17hf`zj8OdXNrW0arDLp=EHa&UhFa9dRnr9*p;_
z4#KT0@ETWN!2M9O#2!F`a0<icIv`KwD+m_?Jn*BW@h#`htv?{#Zb|3*DHOjvA9%#y
zd9<Ny4Gjm7p!2<1$UzC>q8k};whun5Gw(c#;sxW<tzj5r;)zf-aV~BOep+U(@|Cy>
zBSx1HH%0Bv%8qf}Fx(P?SeaJs36#v2gK>KxV%2|_Wl%VtXdX6pJf?;(0RO@j9~1xJ
zfJ<8dWgKxiK!gHI<>-j3jVhoe4t|(ZjVU#TjJ5$6Fj#=v6)VKi`S2$i?zqp_562_~
z9)@keF~89Vz`!#2WX~AL8ONQPLxNA-!42ry&XZZ<>1tcV#%!k&?zg-xzO)I@JlO}3
zYt{HYSO|d@*piPRxFdkfP~sug^_Vzrbw6WVRq0%U@a#euzt{{GEH8S$A|b$mLQG&6
z0D21y16lw$83aE6#|rJdjd{Jgyz+LpCa(HBTp|<bKtntK;?ZydRAj}C7&3i?85~FW
z&myjTtAXW%>2364F(*Q{!|KR@u~s)?wr%CMQPJ-35!UKkvH59u?^Ca(rjylh##}w?
zVhR-d&S8<0cLM|i^_N)opVhH#Jx5_Gdx4FnPOS7G?DUlm=u#0LcB%|Nd!>Z%nG5Y7
z?A)4yA0(x#?RP>@K7b;o9E=~Rz5?(yRB)eDG02(-821X;&QjZofm~fl5Y`LiucxUa
zTm*8YGjyM~>A#2rUJ-B17l{?z2s&(-SAu{uw+S8*RU?W8hOgMd&esGmoy+h`V=(Tx
z5p+Ujhgma+{QVslv4a}~p`-y<tRfsx1`g$cL3B6{4Ou!SmS3V(&)*369ulf|!@I|c
z=>mkEYC<IlCo)Eu0thRJV2@+(uz!$Nl#g<6lRtdVv~$l?yz>$(Li__E!hsb5+(Z*$
zA98-;evC^#2DV3uCB*I37AnYAAmkVvwpsw}9@_<9b-?^Cl$8mvt3qdBejL(&PF4*J
zf-g3kj>FMuf$i)4kP|XQFaa4sIF4|+xUQ9}1Dp{r!jZ#AgJDa~5M+8dVHSQA6$n`w
zT=CyhmIJ-L?zL|S>?dE)NghDl6d_#l0{zOJ$dLs^Y6DyqNHGQ$fkk<h(943(oh<l<
zel>nBuDF^Y@BKRwf?fa-&Jcv3pr%Vt(B+yuk$}JzAQ6`_=AFl(5xZbwIsO86E-g>Q
znu5_eU>}Sr-2a$tx4iR^HUS)dWCkg`a0aHwfm3J%!CAEl6PSymb%vvRtDo6*q}UQo
ztzkg!`1Qxbp_EtfK)o6OKNPOMayBN8TyCv2Ma;@GiZ9`<y$K2O;r*ELARLrVjVJ=T
zDmP97;c40yVZa<Gaf}xM3Tq770AW+7%p(YJLM4PCEpU;RzJjHIw-9N8tEwak%V4~7
z=SCk@Cq}w+lL~Rx4?lNDoD0MK##;#J>(0Rh3S7~qgVx%{AoIq=0w^3;9&z4wnF7V7
zFy`<_%w)K0Va$m~u;yPU4Ir#7IOzHhDUjIPD-i*364t4JKaAdCligSF+(lwbj=62{
zRvhTW7jgm*1C)s?RKPl-6Nz5A8bt&kc8&4F)#2O5Kw`Hj<a$`|N&}Zr0+BP~1WMd2
z2O(=r!5BUWahMT;;XJRc2e=VfOBi7mwB-!i4~@VQ%LT3qC2$k+1`r|w#+_?$2E#zT
zA$aF1HB|iYpv@KJD0tQwKL-P{7{h)GgdZStF?#?OI~f<@4?w}eJ6UlcY?SvB?gR<n
zO^1tOK2-zj=v*KP){M7YcFw&j2WHLT$KHg$;46_uZvp)2mNE7mL0mWYUjP$lu2b_)
zP9Pk)2*D5`=aB%aNp0-{f_IPDH4dAN5;%e^jEC<L(;=gvAQTRc?GPYd1=?Y8Xngtf
z0XpLNI?7ZCDil~T2Zdg;_ZKimTnb=*Lpy3O$AEJIwGC&`E=(041<weZ76kx;1hH!z
zGMiNe*#}{}0RNM4`G~6#_`V?{kO4stBNlmxQRCQA2+&$hWQ3o2B2YxQR5*A)72JaL
zsU~8*fuGB>#AyM%vH%tV2GT>|Cv6~NkF;|{_&!9r^?F*xR_83^ssh7_NccXL+Saf!
zb}|*R?F}c4hxdCE577`E+%#nO_X;e0a|MJutMulx+gU-lg=<~FfOTMGCGEYePlJ0?
z*`Lbk#)sctaFgnNxUFvS@~$Ax@dmFthlYXX`!Ap4Ey>9X#r?aj)GKE?{u4XmU7xv`
zKYOz=;j5d^;Ck|Z%$z1)fo$p2n5X9uua0vyz&}@KID1QZ@sA=R`z-vp&0FfE<kws=
zu)C#fDF8>yd~fq!%^VV02E`{BSo1fuRua=yEw`AR&2zY#ATRcyV7o3Vudwl=3ctaB
z2hN_bq~9ybVS066+i|N)TMOm=aRGc{>r1T>_G68|Fq@R)qvFUV<OOGTr%7<BPI!`U
z*AF<U5w+97icS4=QB2LBr8Zdn+pyu$@5aWIg_#l^%LPn`fYWlO7-y5JpYwFH^?NbF
zjEJ_SnT~z@Cca-_`qQwyEbLpG65P$f-rP)g!yA@vl%cHjdTKu9-n;%jFYe%QRVe#+
z<evoMa*y|ZVH>W}JsU0)KNdhoaGg%c3(l_nFL5GGEn^B_o}GnEtb;+DPo#s3s``2`
ziPb#!;BV=xj$qNSl+ddF4$h_|QK`cKHhIwcLBsv3qo2Dra57V5Q$vXOii&)J4r-G!
zd7O6IZvLaT^q^=W(EiP}Q-=8B*w(8fV)H1mp`MVxO2Fm&ozZg}`z{R+ZRZ&@d1$Tu
z$%q<&QM*`hZDg35FbSwU+B@AKihWu<@I4Y+ZXHYK#IM?C_!~u|ca%V0*lW9i&qeK*
zMCd=G^URrkq5po`Sn$boi_L|MFAI~pYh+_Cg!b}4eJ^cPhioQ_1{RjEr#~CMMS%!w
zgKGO%_!YcA-PDU?gbgKs&N7!@9j2->+-pHG&R%E5=kFP|U?r{0JLG`ZJICHO=&(uS
z4S$;XHJ*J;TtI4Z|LvV!OIT;o_=MGXjyrq9Z1K?&T)}B)lCv%>Ht3IluY_O=W-giR
zsJn<g(2aqr$xl%{SfTm8AZlBr={HCr{Bno{cXP^zzaibo2IJb~_~XpnVcHyet{CLN
z389CD)>immni`L=)98zWtWGbAgCJRiROHuC72me-wj(4zvR3CmhO8{&D$}s4?ZIER
zl#qv2OD%8JCryO+x6E?k71r@j@>Z)y((Um4xo^xY0*^I)-c4_LkJuQSHHh60m7=R}
z^N5%Z2qx26H3<!SUfm+@>?Ktg?C{%Cq7{Bn`=`AEqZT;-ff0Gpobntlgq~D-QMAB1
z^cWOzzu@HH=II+#iNrM77Eg}K^uONB@^D>#cPDP!=Wp}Ddl&)@V)&iebWu32@$UFy
zM3_z~e(xUzj6QSOid*h>lf$CGMN$>~Edsr(=!<QAuW0_*TfDg?<Yj*YdNDV=EXaFi
z?L*h@H?i4PzAV30hjFSAmOb&z2#r>8dKcGkx%k#OA>{(EWas^EGR`!C5Ku^c$@$5A
zY=>*AG$#^<J?b0EiuCnutu}8BlWeT+ZzMY+&NQ(+q>_P2btmUQa(zO3Pv%ZU2W-Dj
z9*<j3D<*NnDCN_v4+J`mWzVjr_Ue4r<u3TLA_K~AwGKYy4P|I@rB=H*pUgc>S!keu
zjiPxEO#*^)Yh}D=`U<Ntw;QvNn`mkIP?-TGameK8z$gdN8lHV!X8d+D(`@95Kjsf;
z&-~lz@&HI*;o9wB1wOsTTZ%nERNXqIPeh$K+|nOboSZJW(AZBzW{v%6VP9mj+XQB}
zK8pwaxDYAl|6)AdM%zgLV435%CF~C>p)_q>RFr$8>5;W#OL$LSu?Xi8V^=Z-)u5cs
zT)N7krD0DOW;UEM&M-pdt#9L>M;F?j4j$u48J^RuqhXa*(u4O+<&kd=32$q<&M+;t
z`I%%Ko}<D=MWz-kP;zv(Gt&HX(QjuczdnOl^Sg?lg03q)S(>gkw$Z6t=AqDCm~RNa
zF>IcsLCf!?_293Q$!Q)EGODap!ddX^2p+B#AAgki@X*)RslMIW&VTE_o%$DO-o?&b
zY-t1_F&f{y5&j5$*D&*L*6TL?hTGo$sbCukS8F@MB}v%jLLoAB!%l74R4(*IyKVP>
zrp(n3PXku&wzr!!<A+L&^Ak%d2U)}7tN8<V%Tz4e`v2xZotHDVN+@-gudUX;^;JAe
zE^pj*JwU8)Yv8_XfrV|?EZEg`Vq3p1{|D$1$imI-@73McUIr3PCyM;#TC*wqFoaL|
zt6HS9d#+9Gp_FvVT41g_CoJ35SI8`Nj?l;tXX!<R<JML|L~2KYPq%bGDS4!&RW7|j
zpB@cJK0ZVjXlaE<1pBE%E}wZVW%diN7?p$%DZbfN%bMH$4-W81hCJ08y|uVJ<@~*B
z05`ad@cSzoq<Q(}*Ut0o$97k(*b}W5G=rTAQ-hV15HaOio41EDDOmt>T>LiL0F-L(
z1UM9)YwwS0os~#wMHVF;!91;hd36k9V8s<*A;A$bO}NA^3NZ>VvB@WAptqkOENc60
zVu&SgKE<uJzpl<WDwXz)t8Q?T8qsXOVn7wf^yZa=q9ZclbmW7t7$m~<ygRC>r6$i=
zrS(slyJ9ZpY7zH@a{CRaIUI>g->dPQPgL7`r6&hi+zCUy9gPaTXqYm-89`ftuf`Ya
zKcD~dQ)GM|p*LS2lghes8ax}0=Cd8qDPhgmpdC?Vu;Z%l3E54~G?cA#a+1F?<YM3Z
zbvA3_JzD|NXEag@D`-J?pZy^|b$itg+P~~@XJ>8B(3LmM(zA6+H->)=hs1=k`i875
zYwzk@bzS|*?RPi*FDS)l%su>U?B15rKpVuRv8<}o4UQXM2_4m9p8C@ogzgPE9+9{8
zJ?wV%()~Rg`qU-N_K8^ornoezLwgP~=lMjxe4a6_pQO9rr(-_R&JP0ooXWhr`zaPG
zQI%qW{hIEJ9Bmb5_5K6iU%RKoTD<LKw2CR;Gfg-hxXe+yIwDq!-}73kQBWLv_h#G^
z_R7H>NBcB#KfLL;oY{&(m$Ic&_*!O1)=)zfx>~J=uO-ygKGHka^ksjNa0axk5_Hf$
zHMZz~oKAiuFSz|`W+e9f(`e_OW8wpGMCe^3FC*?gx6b|*e&N#Z;j+gb`RnVaLWU14
zrsSrW$0pHjhX;-J`p=JD(0{}odb)VYbY53=-cq{y`@Q$z36#(t^kv-Z?I<g|e$TAJ
zH05UIk*euu@GB1X%a-BTotssr(*a{R=`&+?R9a=lS<NW4c^8!3W+EIB!9!b<_&^ap
zA{@Fg^QA<Z(i_wxhF5c(tJ>+?V|IGw7HDh>>B;+x>EBdF9x=c=_vY2~K(pp*ney_D
z7L{{n`!<(-!{gm?x)Nq4AHmgi9aLc|_|%jY>&jIsqtD>d<ACFMY2r`D3Sh%L4gt7o
zW?0=17u9+1eMJm>>-Sc21@I3-6A;|y39OnD)BH8AW9NP)mWo{W%y(Gs$NywO`5&)7
zChsRqT|fc}9s6m=@TbC!ki<7#fnm*w`f<nbs7c)M!4BODB)!QZj-eVr9z)_bVA?|p
z>rJKuyyHN24jmfO4GlblINMw{eius~;AyIhI+BY1^uCdu@&~mbv){|;U)u5HhM0tQ
zbD7--P)ho99;(9hFG|$(^sw|#GVc-{roMhth|1@l^c}2e7?c#{QD6#;6Hd)$W9*Rp
zi0;*O*rB4H=2n-a>-+IV_I7OAk6+c_CmsmjQe2rkwY1=f&3~<u3Dwd1oe?&3|KZmg
zkUaKVsjG^~Jv4#2ba;>l7cJSoAj9p)-=pJ%5>vAJUibavk`zgJzfLW@^>Sphj)sGl
zRL$iD!}G^;k}(PYj7iQk$--1g9&0A72dPwjxk35yb^F8Ak9Uh$@(%p__e8o?eJEw3
zoL0RQ$TD>H3meA|<(?*!qga2SX=F;ZNL@1Cu_V<uiYb1ta(?~nZqm@f`+qcZ-L9IN
z1JNi(7r}F#*b*O_S3RFl+8ZCpHm4YAvesK7qqG`wV4tZoL>(%B%+ijeAiH`}cl6$i
zP^sj4OwgI|_O3MfzIOf1tgl-X9YT4&k28kn1Lfv%XYj7^5&6F3%C9HI7)Wys0Y-*i
z#(+y~s8ciE5u!cztxO(1Z7cgvFXi70@^Z~Dwmrra3>*)h*yVoR=Oo2-E8Yq%()?3A
zck@14l|JS1Vb??R#2@~4cW4k{43tuSf*)89m%iOIpwPNYL-T<5!=E{m_L4h!)G1F>
z9*S{Sk(+Bi38)khjWwwiEUU`=eDBUP4i%gHo+pl18Y^qR4wwWpJ}|Q<>Qaz@Pt)x5
z$zuy!bi7A&`#EW)lXu!fTEw&Sj1|n{+@<uP|K^`>JRt`%EYCFEKiec{2tKlpmt-bc
z>gJCc4vVEP5cMX@S?kK~K{?D#%u`FnX9PXpO3a%Q8B(7z-!Pa%?6NR3Bw@Zz46)Q6
zb*W{NPW7}uvXF|Aw51H^Ui(W6#8R{WbQ9*kp|<jMooz`q11ptjqOb7KU+MN2pJ>Nq
zlP!%|4Tcbn+)NKD)uZ^=(P`B+fHqC>eZ@O@H>GJx>`Ttuc+5xaUvY0x_YrxkUPQ6;
zAfvHb>H?b4f^r;rky7ef6mHaY#lBFAa!QK73=8DjSqh%df7m?}h*X`5lq2n<_<Wb*
zij+f|g8n}}3YRrOW)9X2@hJf{!3q1T*M&BvCZriZ)YWe5Pv3d%F7)hX$+LJF!O>UL
z8%)rf?^<+>6<tVPszzhCT%)<zZkh{7#caB=<T3qbUf?Bdj<kLF?dEO2LXw{B7hrMW
zF7-WNlW_c&s3S47nDJ^w2Jp?XP1=T}uN`j#W6ht5&;g!3fUQ85JYZ_<*G@;s^1-v8
zyYcoZF<t9!x0${PdX*H?ZjtLO8R_fnKf?*$JXjI@BtvIXGEDzr75PEKq}Jj6%M=Hu
zlzY0;)OiZ*bYxq<iuIyQMx!UinS#%GV{X6Bxr}7vkJtF_;MpZ(zx3}x?9XDB(kQzV
z!ju|cG?OHQAscrb^QLIe>u3kK`ajN%XttCjhaZ0x=*|;;1P?eLPOOqKM&qZvhapGP
zYxwHPtQAde?@Yk9B^Cz}7w<)k0y*z2Z%^|+7~-i0Nn*J;nB~4v)rZiPPO2<r(s)^#
z^bUT|3}09drHW~6W8|!dLaCt>D`cww#W<)5YSdbM!d#tokoE*O+j4O>C4N{L3DB4^
z5QI_ujq5X+d}MHz7#9T#0~;3Kf3P^lSnx0Gt*Bvd#kto`5K5Z)W142QHo32x2u1Hl
zHNS(x$5PScW{w}2_^WOxrbvF;X7TAY(AMvJaMw$k!zG<5N+RYiv-sDWkB!Qge(?M>
zJ6shZsf4aMHa9p%v02EoS|v6(VSn74r0=QJ>23JtJxbp2CNe~w+IG&~BACNTlik46
zmt3##Map_%&Fi_<d4)l{p~!!BR+ZC+#)i{uMJ3Hv(%nJ7K1&E-G9OoF*mFI9EOo0K
zMg2|n>6-8Zis@u=cJU*}m+j&oDa!^WCuqC|Jd4<9J5ppYpY-y~90hxg%(DWn&;?Ib
zs**J7zaF6j6fgsK>cw|-4LBJ31hef>IRAB}v8cS~+Li3l@8$9-H7aQcgEjr08qV&x
zn;W0#>1dODq$ioC+b`#L&(o@UF)*xLnCP4K=K%5@JrYuNrVNZ5wN$)y`;m8vSd)9t
zj;Ai7k!5C4_+BB4CHZ9d-?Po;(P$qP-e%^)B<{f|{>|2)NR9UQI-%e9Q^;dtb%IVX
zG`AKnUAvd4<U>5ZUS_h{Yt@vz7d!Bj+@oTgT~mLR>GzK`O{-`qGH7JszMI&T_M~2k
zT&5Maeo|d=T017Ffi?5q*KSC1YsGDcPApAVLBZ!P^WQ5<?l#GC8BmSKCeh-|J8U&3
z+P|qYQ;gy@R1V2oe=Zns4SjufU;VwEjG1+-#>)x^QK^sAYq0~f=9(HoLgr=?+($ah
z<{Ad-AhEbK%1*9=B*L<K2ZiGI_xB#Z>y=WwO$zCHn5t#=AkNNZb^RdqF8jUSIl=u$
zwhbmi8E+khuc_vrFN|i7|Lr%NK@x0;a=(L835=Zgaj`^T?Dznpv{l<QD9byy>a1fu
zCpork+Z1`Y78$UW=GJ1Pr=EGUAtBns!Ljetos^F;Oq$HkIn=dTcxX77Z8TiJ8?oeG
zENs}g={FPztpKRHma%4~Fu>pXAEfP*{4PY?D3%DR5<FPOA-L0X_$XyS9cR>Uby(X7
zygDqBvUjzm>1H+i7F=o<TpS$zyK0p*+3v^DC>C6B*}RVa>gf3FuI0aCX%)pnT|Ji-
z(J$o1(a!HpKA3#VNH*frP4d|D_&g!$xo@DaUMH1sAa59RCRkka%_lvBsp|uqj^u|p
zH<C3LscgNBG_r^Xiz3cZ_c<v4aiP|#*YDnSX`>Y`8JUbQE`D-{{$Bmqk305{-OjS^
z$vG+2_-HGT75^AzVwt=bc8BT>MH1Orv7OIjT_r8HfhqQ$mo+}zys)19PcK$qFITy3
zygA8qa^3sFaN0|1GHp`j7skVwE8i_G?Z*>;)SX>98gCi^GN7DZ{#AF8%ONJ8LLb%p
z#YcgTmy)-n!g6(12J8M(l%GNDg{0xl7)ieK#wx{^_oq?jO;~?J?Mih|8Mm9uOdCoY
z(UiZwrWCl6*@E1n)n!w6-ToT)fC!F2*8lVKk<Gbx`bjJXw!i7|30T9A5vxtb{fL}-
zHJePjf-Z7~n}t%9>QrNzhx3B{<c0kwMPk}av@w;FH43bJ7d1XX<W$5G{s$acP67X^
zKXn!E0|&n2&M!*5XU4=Q;8jEtDOI>Y`PlpSXS?_Ub5pJSf}oF8G#X|8+YkN)XQd?l
zh<=chx{Xj@^ij{|=VZGkSLWZoC>yIFIgH%<jADQKxbT|4kS<L7grNNwFHUVNFz`#(
z;J4q&#Ac+c%gy&#hRZv&B^EPZ9}3ddOy@s&mN57Xy1*RJajE_-Dwft!P2+Jj+f%jJ
zouXBjt_YG^JBPfk$Of~>qdQ%9(@JZEZj7=^DU?cSu$2qEn45}W)8*Ehh^Ee%c6~<=
zzmcjGC)};@cd#?hq4Ue_R}NIx4YaO-at1YO)Og9>g88rJIaS46Iewa1MuI~3yFrit
zQR&E%O+$^|BU6JyH;i5vadY!<A0ZPDFz?QNlg&Q=aBUQPVnEtKzbG!x3#Gr=>seBJ
z!t{lQg?zOUCBdt+3S)Z69Iehe6wq&=^)2<B-k=%+ebF0gk!(|G@P%dK@qY=Acz!-~
z(LM$r5Nrc^b-oEEv?BksO0Qe_j^jUs{w=Mg{w%1ao?@$&`Oft2-8#cBZYl3te$Pav
zsDFs2aLWHolkg}#1e-UbM3{kW5u+p8AlDG>!Qf_hLy%$4oB(r;&|{Vx!t-X!uU=Y`
zKi=>iOy&zco)g%6FD1Ndpc(ZveB!;o&=``lH}XSytS@G7E{5Z~O&JH+&xh~O&pe+@
zRf2p(uW*~j8$veBCo-9Jk2HjW{ez(grQG~nMyvF+{3+GH6!_004mvfr7JW9FtP$`p
z61N*xlEjt?Y>ZN592tc$@ihHjEu<f2i4~|F3<1=(haqT?=sYCia(5gJ2Ms%?*zDbE
zICfb;gTMWt_s{Rj%~tp?;%|NZZbu!*`>ZO0Km!$xr{YO<$l0%k6@jEoycu82mA`6>
z(NOgbXy66yW?$G}(^pst{SLJ-Gl<S)hjZv;M?rw!u{^pUv}0$*E)acHANqGb+-GT*
zpWh#?G!9j6Q!e2n?4fp0n||K25Gs+m4Ne?Y=yFc#(Mq?5jFqLi>Uk<NgHFy$*m2+`
z0b<#6<16~dzYY&8k4#H-;YX+f2D$^MbFSu4^3Pl%8mDB*WIr@w0pZdg^vn@cjnA&4
z3_h1Wb?S86zk}Dfd~%g07L8KQVtUS8tIT48<YqOJY<5uLIVHH*t_^`hjtR11PJ2LH
z$H9|xDP!W|RsCxK^Mg=_N3(_#w+jH&b2frGo(SL=1;WXh;lzDN5#j=l*(m^!KrylG
z_zU*fy9N&_OaSuA`XPM)<Qxh-gRDaKM&S4ncqtsUIerB|iFju$84#s&OZ*fBxOyLt
zKxC2#NLBm}72pa5g-KtC5ODgI3;*sP9G9R%jl+IjfdI@nn23P^=i}GAaX)&lj};&x
z*ph;M;IaflD1j{FtX&8&^kp*9@BIIF<~!YZHLSo@s4=jDI|b)yoZ%q&R2&Wl*nCGg
z-q=Qi2=S09B!E2wu2}IibvSRxe;05WIQ-?W9wJbHCp0->&v62WVKtrasp^53J^B{_
z)O&zIr5fFNOFsyRS1+600J(lX4aq<_=4~EBiLW`CLH|0hN{Ij-3Jk&kqz<q<4qzt{
zcnn<h>lF}jJ_*64L)EaPMAI~Y@ya+2kKn`@r_WxPSsR;WK?)X#Spa4dcye(8yih=c
zNRElI01mj3OSY{eV5t&Fc^F1KQAOd6qklo}{2`2gs;SR~jFh8_>^fHw5aO)rqY@^r
zeFA12l6Z(egA;|CtW}C4n5LPzcf3!|;gFgpv;=S+KLA|8{xwhQg`dN_ArPW~z|RgN
z#I=CO8V;mGFFWzayw?w#?*jyYAfG0P!JK&?u&Mx{ABPfQ+t~n2HE3raBH)D&1AwV8
z6&$$nXx(pLAO2CWQYlMxnDlGm+o9pNf*XSAW_QwM7c_GY$b)tDb`lKfidiLHlR|Eu
z&u^g^=Qu1#J-v0>z(=>#4xg5Q1M*YHc6W(uQ>i;X$kiSB$=&CEr;dOO_HZ(Bqty56
zf_O5yRyVfxvy2_D9tEdh{8htKv3JRGi!5~q(>=CJ!|*D5>-9!-F#7aDIH(~h51V)7
zjk@>6i_u}AFu=bUn(H*s{oL@SURy8+`wxf1{?w<k^0%J$yfZ{R=yzp<ZOyw_nJ7(P
zlwRW&cn3dYSl@}igWO?kcPod*=g#m-8a5=zYr7|A+WzKeNZKyFUZT5Q@R%(Mit`Kb
z<;a=6LJ{n}f$!w5|0c`82jc_fv7H|axnlQbRO)Lw&l82Es<}CW{GV4aOZNIA;yh25
z9>0lFL5HWA<yz}~-wr?I-A=<!ZLuwNMn@-;DxcqZpTp;3bfsljTvKr|AlpSgQMb_$
z#gbrVT4E`qD_&O~eH1CwOrC4=j^D&0pnZqyUNCDluiw<96+<O&`(D`8eA+$<+<~QS
zoOgSEWo$P&;*u6F2zWhpPiH3gs1f#)Es4Ifd*dT#|67?ytB#JY=C{?o+sTJ#Znu~%
z%o4oZ6~t6=dJeMzei*CUsJ|y;x5W?c#y-k1AXSPBot#YF>DNWhO}xL@LETq6@Vk6Z
zCz&*-h(Fv--zzF+1RuekQsLrqhHjIzS%#z)J{fxGdS7EK0N;)@ZY&52s+<4`Xgez&
z)ZdMSBXu(kVpUD-463IWE^F~T6;0!a8;2&c{|3xPQdk>4(#A9Bm*_;JZ#qO+#@YIx
zt`DaYym^|-vqenUnr>Ku;%!TkV0T`fkaN`Z$T7Oz!T-~T!!Ed1)*J74xTR6mtbDM1
zzkZzXO0oAF?CuWmt4b`mvb!pCV><^tLlTx$B#eFc_hbDVmED#6w!rR72(p|ZNcE9e
zBrv$0Lp(n{b=qZs(TczQ5$$)={;ij`&9Ez{q^`rd#eu2h7AI&v<0%s}#*}0*xcssm
zPcQRhE#QH?0a=F?o`21`nZe_B)doFn#8~A<5?@4_(#EqAH@CH>{6xf7R&LmIRA9P!
zZG||pAj-7Dc_a-*sm&nrVtPnbvUj`){Qj8SD+2NY{l{beEhXU*b)3v{D%BXa^$F0(
z9&dL4dE%|#{fyn7l*=!N+DZmiR0$PM{E=EWvvc2%8z(2j=H*{o7Q%W-7&>|VoO497
zj95cJb8#a4yl-A?>v6d8*$DiEDCn}qd`Jy_k4E_k(=U<*7JJbi=7+d(xR>4j^>5%S
zNJm7!*+DK(_12B73+RS!7>!*!hDD|E$1fpOt<KxqS<coPHSVm>($reJpDq--G*#sK
z2BSt^kuYBUS4`!u$Z*g>DX2W#%zTiWZe6KcKbj~sqkZ~@m<JXwy5=9>3<zuax-ez*
zU~XgU#m&*27w<2(Ubqb^6xmZzEWFtK?Mb&|-m+8$_L8?@2uL+$h_`FG<sn&e%ZtE-
zcVHA`-Ay3hudNuEJ$W5O(RA{rov-a9PWF<}u!G`)-AWXBT3q0%Uy~CUQu+O{^6~ji
zDZ_UwyZ#P5=H)9M_Gp7`>F`xV$<GC%{pCk42F&}(7U333cP^E%44tR3{EwI@7&B~=
z6L~#%Yh~W$)iiGF-FKv3Xgf<E3}68VCL3Qu?K!TqS%~HPU%nIbio2_4ufnRD#5w_?
z;C+ueQ-+|CEi~IcoNxL_?Cd&co$}+aC<tZKM?YPctiO>R-cr^0>>&5jX{g?l*^*<8
zAdrRrH(pE;Z{U_{TF=#<-}ly$88ataU(LtyE`y~oCsyxszmU_LCz`|0;($BPie4q$
zlLo|XO+R1-=6(qLf(FI|SE%ms69Gtq@fH?%O#~{bc;5iy#@3)k0Jtk)48*BqmlI4M
zBR$#P|8+IZa>6hEC74m&|Lj8(@Kv&c$@y;<){TzWq-#LvmpDr9N90H6A7tEk>W7~h
z3)XIY@pi@;Sxny0&RG_^;2<TGlCc%wO5vN+H^7haoJrb333CO++zq(>jWVLTdhR2v
z*KRUHADLX|t#Fa4*j`l9`oStET~(^qt>;vo>b!H*yc%WB<|w*D9cc?jo@)`qV}~S1
zkLRC+6Mj9B`tSY>B}M3@_Wc=hE$ddMJ|i<Qe=`chtcHBiW>aDQuxW&X#OU>Z1#UMI
z!=oRnL@N!AD~RDqJ<mAJS|Velh?G?@@po<s*)P8ES@%(PfBX~@m!>-R9h<Q$po203
z<}_59WNW#(_&=T~5B{J|h`{uxd<B62%vJgm-my$Pq)M|G`Q^6k!2{`00WG|Cipb*N
zp_Omp^_rr`{a9nRv^Y<#apac&VjHkwU!fYhZJ{F;ydIe5(yE^_T=iA2)G)+obTLr*
zF8<)zZrrMYCUc}sd#Ls}EZ#X&ZH@QI@n&c&2j|2uUp;kHzo-7i=gDIlvx;qWJQsA5
z?@y_-=()_jn~CBUMShkq`ix4G-oF#gv}@zPaATfY;bHNw&oX`4h{Nx^26#_Gk5_ks
zk-r8U?wajBheX3K{VwWsr4nYwzW$-qi<mCTue5{3PMEeS$BE$d^%D;MV=rHJRN-3D
z_8<8g7I|;F1+~r#r(ovQksY|kV9fnx$z`ZRIw{?60?FTi?tM4P#n`GW&Z{b6DDS!)
z`hSV!DCOkKd5U;inRG!_YMD(>?e_Er=bh!ApAXWl)hWiGNHy~0#0=!tX&W0g&G*$(
z>O?KXFB-f?ebCh%wlqBM_mqi(&di{W7i0`m$sf(v<jZ@yPFqe{ySLqIT$8gQ^FbWl
z4|FwA<w+wp)<-+z!d!${#Koi-QMZ3_1WX#=Io-EV=62C}ju%-lc-PsvzHCZ2J?UCM
ztGJULz?Lh7tL1*)-gD|tr}7`<JLow=yLZIlORxO8pZGsg?aU`F>H(V{ETFWGZ^b{e
zx7u^;kXrtr?H#spF^XNBOujYLYx9V^>dll5bqwXOxt9L7hWUDru}?R*TV3NZO@>aJ
zr2Z%j#fg{0$5ryB40o@ip0~cFZ`CHK4XF7&5=iO_Tj~u*tHtDmwx7!T$2D2o=87{!
zm*6{1dmCjq<}O6SCM>%48J5oO&Ct@dE$O>Z&iUFKYR++Gf8x%!NqU^XGSxBM9%0{{
z*WH4m`Sb!^+n3*ak5O@=Ggq%vAd|nrvgLWY$)owczaW}s{VYhl)<?r{!lVWFZRsRj
z^WK;yN+cfAvUSSQls~B(T?rlyf{{xOX`Kp-zVWn*cdwZ&_|vRw+qrMWtY*%%CoDAU
z$-`WYWOySU!unwL$xP2-@dKQZef6yd#y1P!v_G%ZFSa2M{1#)BzYB|Dyxh2hYKkUL
zvBesZ@Fl5Q>Pp+cAu)!_1JDm9#BF2-mCO4XFOSToNRr(SCyw#t5*||<>POtd1I0dN
zmLBnz`?Wu*2tp)(tnXDq=4HyhQ|Ray=2O2&z_2C9#lEVXb94ImV}AZFV?|7C?9E)m
z^>OE!(n8v^c_Ux(h2@PTgo9%GCsNNTmG)&UOWkJfM``(JMkD2~qE@Ztfg-2Jzk#pZ
zzV}K?jg|^$NTX``cx@igkMaIx5xtUYNVqT4pasohs_(C-a{<g-Ht`r!%+Gc}=)qOg
zxfG6gyha#T6U6`xkV}B*s>TGo5yoysfcI51&7X%7)_O}TXAb!BKwatdN;@#`v|s0v
zk|UgYCsAp3V<+8&kxnll_qf-**?w_!Kt6R1qs7eU)c-5}7kf*-3=`GU&3B2u{mty3
z|BR}UtsufvI0-@TjzB^w_-C8hCL2eWPI26MT^}M|BqXX+CeVV&`n437`(j{T>-k@8
z*6;kkeU|EhXiw3;{?v?;*0za$tZj3}Eo8r-uYbpHnEG-5MQZ)k<(v9Sqr?S?>4#q0
zvZpugM_@d_ifRaPaf46-&Mia0@#2*Zm>gH1FNW`Ioss>!={kcVwS9>jQKLJfS@Qcs
zbcSOmqa1Wkt68eJ`!e)XpTEnPWfXij!*|9OF*~JwjtO`PvIu?odc#HR1z7#dv<rD=
z%ZsI#0%RXFrt=X0eldrC`Zl4n>^C&BCR^}BZubRC*ZqWuw|i$yYH<=Bw}~zuCsWhY
zl}(b;M)E;eS(^tsq6*&vmLw?ByU#xm_G3ry&cT!UwRq13AJe~{Y|Qnk*DIRI=g?M;
zzvJwO+B@@<k|QY><NH&Ys|9Tg9-`-SFXBXM*#^#?uRZaX>K9BOU!Anh2>eWGTzcjQ
zY@S~=;o?Gbyw6|jZM-c1MH2ACJzye_#211OU@ud$MS90-9h0`1+iFdAq`72^Ohq&n
zuU6eR=6{etMjz?v5ge3t&x^O1BYWvBHP7?hQM%?U##={T=DOWe@uVCRBn|5JsS7d3
z#U!5?f+7PbB#~`yH+4g%`vm>nB4?%<O;f14-|XyK2XYxRCi5TP%5E-DlQ0O}ZoHHe
zBA@e4&ooc$vgdeJex|g$Rx%|uZy?j0O$cLNo-S&hXev9k+JEzNb6fKxnu8NxIcLR1
zaNkmSFvNECknMuzGfN;T*9*xP{-JIFS#qJ}*TT=+%my}ob6pZLRj9AQCrm?b=}%Of
zz1O+YpM8>YwG5HXe$CaH!lT|-_~tvDdMUjtK}_0~Z^4Z!O2EfJ5}LrIAz%MtyGqhH
z%?tVMwQK>M@;UV_?ay}#l94zi1vbx@6#FatOrszA5Oj_g?kSr}M}O}}9eSR^zU?$D
zbiU-=?TbLqkIA=*lqk1>Ww}^dK1@)OWQL4ar3~M=Gl_X?wtN`x(4$i0s=r0fj9*G&
zeAMT1U(cgWxUnzDDs!oeuH@(Ug1lQTv|1f*%kF+#DNN)d;y26t852I)XIi~yki}1I
z=&yNwaeaJvqxBc<!*S!iJN}51sgkQEk|eblY`3P?Jt*T91>)Zq4NuM65kL9YSPh{1
z`tmQkw&_~hUr@3;lr1gnxtZ1%d<+q~@j4q8E!w^qp8q7Qr@EPI@Mk_1e@ZJw&CvVU
zjm}|h!i~MM66P-CkD5#B{hlW$rX7X%nw$hF<PI5gb*RBpn}$9lfg`tn3&ZM3g<gUJ
zU59gzP79*`i?%TwZ2aTRhVOq+7~icSYCuma{em&pRttS^sCci@kQMvhYceeTS+dEZ
ztww^}Nzn%mu7Dpg0;hmlM_%E`Z4>ItLRw2(QX9>;`&*G5s>!12HJ{_=8*f=q_{L1_
z<+pT>SGBj?@EvS@&6;tl0skgpqI0X7#+$kdBDnLVa_6l|WL{<Wkh!&)P3_eAUO;qA
z{GZO>CC(JDx9yVefAq>BzPEn&jz5a^dDKVm_vDnf#~CW>1R*clSB`ZyZaDS+p@;ub
z4~+jhvI0F3CJXnUPQg-6<z$a_omlB}7NgzWNo*L$sFr@-D>7|zQ#-#v3wXFavxaz&
zl~nGap{uY4S?>>UbKqL|LN9TzswvFH+q?o1#D?au?0O`rAM;}PB1q<dp7ve6puPj@
zo#_xc9cyg5)~CP9UZHJ$&QbPE>&xf!K)rHC@vZF|?rApp*$sP&58UMx<2q)!t6!Jj
zX*`ZIAg5fm_>T0I^L~E6n~dyZRt{~(kkF$CbDGnCV+y%7sr$&*9_1Rue&^+Lmldl1
zuA@$E_|~x~KOhs99!<6mGc5FULecNr@PEpVcx%$M{H2TbRY}wB<J-y2^;p{6`1S0>
zP`$oC^a`h?M$Rh>1ujj@Y6l5fCz@^LH&q){zL7A5oTjjJOpqU<c77E^my=@4aA99R
z*_Bg~`?x-ddZ@?jcX;Dw2hA_#9bUORRR&@`?iHp}0YuM}$B*3U&T{D&i7O_|m1*0a
zp#~-C&Rh0yqrgWdx1;vsEqr55UjGZTJuGi?-Qs%IEpIJCPOBcqNBTILB7oV*2-;1y
z3Wa>?>uC?VZ1%NLq+H#T?4GT7zT|c3FX-HA+d!_sf8j#DV1Lr?Xpnkkcp6GA!^6Yu
zx5$E6WN@n26Y4#s4}Ii(X#b_Lt<q{MoFeu8?>s`ILmE%kxz+gEvoEs-N%HRI2A4U`
zH$A;{eV(%@7mlyWG3YqH>_bi#tuNH6J>SW&&!iFjjPhdSqhQM}R&$q8Dbp%(;Ia_X
za!yQCFt|%3bh+!U|DAQ3X^P4b^5<u%d2%O(pzxKknF4y?n#RB&D%=^PaGzmUtTznz
z;WWbPF4F1G6XFFc-GW>CA1(_xyRJo<UYVKmf9JVY?q?tOSwH?O$ZaW8^Ex>Uv*7x6
zTY2Phy&dswG<M^Q(hbTQo~|&;+q|PHmCw*KVlQ{^+V0d-&Ozt~NgHU9kvBT(q`_-y
z_a8rOF;Gsc=zS$z(CNS!GzxJXF=Ag|zSz2f%{8&l(x7v_O^&?jKTWslMw-7b|5mMZ
zwzi_O?Xd6fbCrn7Du#!yWv>}p8@}H)@Ab%J<^Et<rkmUa>iBVktIy)pUSBA<?WHR5
z&g}Qr%V(<0&punTeWUIgp~<=bmprMR%DLFvMMk>Jd|}B$66q)|OWK=O)XmMJssH_S
zDx=>xkYB*hz*06zLSy;sjD(*U&>5F;FZ4@(-tC&zaFdq}H*}ud(48h(HMGki<4w|<
z@V@IazC>YJn_taVmiANY@;3Jgc2HcD!I!KsS`_vr$I&~S>GSFLy+?hyo${AysGn6_
z3Q?w$Wnbbw)5w~sC8l}XkdbieO!cp`8apwGj|w>=2HDj|Nq60IDDI2*EavWX+C)n6
zch*5y&~`Th<LsJE>iY%5hj)pSc@JDqO6!qua&vKglZT5k?h3w<9XZ>p#o2r9vd%dq
zI}(Kh_MG(;&z4n_A`4F5??|u*QdDL3nu;MbOPG)3hotnJO5X{-<2u#b<I{Q3O{M4L
zIe8uBhfGV=j-)XWg|eG7&rVHR96r-QWB_d)`fEClxpR?TZWkY;Ut&|Pp~rc+b4}OX
zgUS$wTH1G9v78QcTXyu;`y}yHbTeDJR^#Eq@5cl4^Svb@E>R=-u0^N}m?%X6O7W8j
z^3|}c=@YkEO2383{^t}z9Ei>T0aHM%zaUZfss=;N&l1$Ir+IT<aO%<e`g-MD<b)TS
zo2r5FZ0k@3=X1L$tNKaWuiqX74np>NtVN%Bw>wCk>vN-d?~N9lYtZ-%Wyldt_6h8@
zT^<X*ZbsJZ1nokwG;%VKffD)81NVZQ@2AqWHQF$&i$<aTF4fg`GU-db)mKwZ2J|^6
zs6cOIKuZ>s^<l1hDbyLK8b0r3byecMiNXw_^Q?-{p1Fj!eujo#+I%KSaedI!7qWZ8
zJ!6ab;`brJQn%=jme`qb)p*D5c;Dr?)KWSOW%i}M+jZz#e!=c7lShULkeZdd2Gy^7
zM*-m@1-o%Djps5Pa3PQ8P4gMQ5XCHRd9_yPIeu+=#>euysC0F-2zIE}2E$}j#ZJ4l
z^mS=ktV?;F+<dS}nqwU|ziQbY>G0%rqY@NU`2CqW%24~Gt*m>cSu`qc-)Kp-IIgAf
z!o4B9<(!6<%Ph`_>bvXt7sBq`vZ}e+c>#-Qgbz4d-e=)RrBJyq(|9t8Z}|Hp>D_|S
zEE6J}0OO=?7#n>L`Y3a2hbEw)h~N)uGta)q4M~Qdn1EZ$R@Fv`kQ2;XQqxC3G(G#i
zQaEMq68qKbsfsJYt0$z@F=uL#Ue6XYxt-~v?P#G=R%Wtad~3)4vQ$;;1Sx^JW!SZ$
z<&tj@P{xBxZG#(F@(*Ak3G}&SzPqro$-7x_%vVSlO#=fo2pLz4C5^ckLV;kLLX$bS
zLDq5D=1N2eti!G9qY-M(L#+z!K?$iA+yBIU<SzGN%p(*VQpJ7b@5g-vnELknvL$&1
zThcDEC6@PZvtnQUBBMHpRzrp>$nh>h^Yb5(fvL2N`q4R?yqdG|;JCJCfp|;MDV`vI
zXFlgWaA+0-RMZdnY*i27dx`H^Yum4e&o%Z`6?Mv(cPkjZC*SlQ7Iw23DhF1;NZF|q
zFSQ_?vM`+H+M8*%CBGHhQpK>`3T|`wma5}TF#%hA<O5JqA19dUCBr>v)~U*#xWXjS
zHV`&Me0wXN%G|Go87kEaK@C2{#aK@xTx(S!wA`v0!M8Zao##>|u5k2N!c5t1#sWhT
z7f5qQQ}Wviv3AY?ye8(DP#P|*Rf*oWVZoT&)@<L0BLyK=Z9$~GJx5n!-ewrrF38Zi
zyxZ;DEAexdJ#_iFW}xK-css%Lm-x8=3ZM5Z^{nV`5u`J$KQV)^Ab8R;GD5Gw&S6=y
zhL9HgfRiIIYiQhZ``=IVLN%r)1X!g+(Y%2nE~4lM+>t5HkIWvQy*M~M?wqm_IeRY&
zhux6p*H-ja^oK|%x{Fnhx<3~y>+r(s_m6*c+|Sm;D6sgN`V%XLeCbX|$_Mk0uy}u-
z8|fZLCO0R*aj^}F4XqM3dh^tsm=2%}Td|wfugeBT=!d6<Y|YM{%KpN+Zv&?<BTDBw
z=}pmoVm!%;q*o+;G>lmXyr59y(XRS^!e%|F`7N^O)u2mwg>0e=8VNep*_QPuMc@yD
zpeOb5w9kH(vgZ{v?g#%>_py@W`eoqs)*caj)E5B+$6U{7l5c?o^edT6p!L8g&D3G8
zQ&f|Ti%EYt7<7vt5o=&i@}OXQY|wehxa6xIDohCUq^t&_@}w|L=kZlyTtYL$mh{%E
z(b#opfc!-X;#$HcpuKfHGcfuy2oy0y>7r<l77e!nt~p%oG~MCQAR4q$ZofUO)fTVh
z+nL*Cx4dC0cFeBWGT!|f<A>e_!ELj<_`a#yIR4J@F7hgG<2GjB#_^tGp`zj*jpR#d
zlTmpgRlYA$J;0D{8(BKKfxFPDbq5b?ODtuO%7l#yA*2^13FXC_4fp^p@OHl0CmL?O
z^(nZ+PWv+vezyYSS&7tSBeq2lx@7mAm93%R*Krc}(L5La=xGB|SD6AxO-b)!n!X0V
z6oS(4_K%`J%!Lh_mWrC@s{%;viyGJXT^E9Nq7LK_O*1?gSR(*Jy;~`Qp{`{+c~_`G
z2$&Gmelr<@J=YujBcWzJPVD@REPGo{-*So?Zo~XQ8Ux}INl?7N5hIZltodkNZ81Go
zTw6vYV_;(1XuS)hNC2WHs-2I?<JY6OPvgm1e4ecJGIdbc{bzifOP3!dFLikH<{~cW
zo4W>rS*K_dy54zUDbD#mK#D@pa7he$x_feZ^xR6C=WCCi?!vWkenC#}&vw4)9=v$g
zc{X2me!6?yIXT@qKAq9rIiNuikIrriZA3r2$=#!agU+sK5(SgNbTm4bQA=hw@#0W4
zpvdymT~6+TsRTK<nmQkcY4jD2Y%}@={=L`!KU*8tNSD^Yc%D0xi5@+QS{sWG=&>Eq
z%x3RK8`t*-gM}JCIqf``km_D0mx=*UG6o*4^nfW(^!ev<ys#r<a29uZw<?X<E2;K%
ztXnc0F<8w=n`{B&6{sEnu6tf2W3lQmXjS~Yhj9onhQ;p5IG*N7gKbMNeqryXH<IqC
z_Lhp`iVV-wcoYo_TVf`VJEzZgl&J5o9}WaN-?G@xPt<Dw`a)~iIfZ3Zf@81)fWYN+
z<aEK$=5-=0QK7jtp8haJ?m5cFmeE=0>W<0Y<uLChqfwkD;HqGR_pqlcI%qFo3sZTP
zjKI?yTe-~7=UBpU+!)2t#(1i|i6<#!Mua(rPRKO5UifkVo?m8@BtU%M@jd`rqm%DT
z97#~GZ<I!;a#S^BTndk)G~V4D-3U7Xa4I&`#K5vQ1dI+Gtl@QX6TDY3z@^EDtrD`d
z7Y893Hg&BuxkD`u=t$ba7pUw)gBM8DDcj>!2L};aH#_xuy5>2=Q_tHJ_`|aDGQp;X
z;DT1UwOSL6-e#>9kSypOdsgd_X2k{cq%gRj&AsM=S3BSyr0>zuS7;Cx!;Cm!YYhUp
z3~+#wD^nW*hZz5X`8{B-q*+@r<kG>a=I|)RuzUf=8=@YR5lP%pf#6c1SSmZ1sP(Ec
z8f0^A8|mr=mRgwxpccT=DQ#^;iK+GyfW|`Ns)EY2YzbiY%7TV~Q*cyaQmy54De=V9
z>n<CaMs?PU4SAn74X3}N3V5cp10(tX5i?BuVAwFh1NC(hirmb;4~7P%1|W_P^Ig5I
zv9Wp!j{g*Nv?+#_b7RVt+KwU^o9f{1z_FKIYq8x6m#@{FtxY{XS7MghQlRY}pj5F{
zJ&>{D_SH%)FcNGE%jGzZwMSRZP#~#|A_uBL-53^Q0x-+?Th%mcRi>-326*H+WLCBT
zqN5bxR8s-OWzkh&M%_8dOg{}Ivv&bE452o%bJ+Gom#w6JRd`H8p9P%!#{rJs69GUC
zhW;UMK{Jzo2|yS&-7H|rOBETUMU{7qKLc@A?9OvaE(Gm)@t-d~NQ~jx@t-#~9&D8I
zzqTKI`g8o}pW@@kf4;!@&us|*{P5n!gM00VQR~;6?FXAmMlOYa-kDwxN5gn>BkuDs
zeBr@u;zIvoI8b|PKyjQe+_26UOH1K6%19{oyKuv6IE~xH%iL1!D$#K`_+LEU{fzz3
zImX_<kJ<bGL3`u=eSiOd_G$a){r^*Zoc+%$u1J8whljuB81VP+wOc?0?zc8Ke!U<O
z@KQ-fs@+Mfj;#FFq2haB-QmW7PbQNzTO?F`e^@Stxl}45$}cJ5>=e>UV)kk!CFFFm
z192F#!C=@MDh?2slWYL9TF2?9cH&V#>5VYk<3%!on0M1rAFdTamt7<&L=BGBzhj7$
z7dy)1b)tlZ^x;Z)LG2IrAJ2<v&#7W+!lvQLai?>ze{$MA?mW4(aR=@^Ckp=P9jK-;
zNd{`DDM!pk2vDqyB8oZo1X;1FC5OC`5E>Fn8WWAPyeq@5->E~a^+(YLnnMgRHf1UN
zcJu|l+JuCc@L}ecSVatWP7e4+|MWveqVG8$ydwoY(%K{$XOlu|u2!m&htF@6m0pn7
zSg4i`x{%PatoyQ8_^#P*a$QW~%lzC5ynB#<Ac`kO^kTS}d$kS4LB^AYiDgaeGf>SW
zeh_OMkPVf17WeJ-<S#zyNA*wgMy<)iGDFc^FnHCZgAA*tHR@H5O6`~4<+vVC)`5+r
ztBe}OPO3GuIt7OUjcZF@o!~Q@ssX&plhI&V#%_V4To*MY2u8ILhbaX?QRVIUhXwrp
zLh9^8bJnpTDNDiMLxKXe;{X!a96`XSivu5?q6Z)CUcql&9}DwPUkxs}97QIFIcI3J
zXra-)t-ws6p^IZ?VI>p!Sarcs>4cXuPUn*xE?DqJvl*SMW&R|e4O#OkXbNVK@Kf8C
zG#Wkt^#;==nvtEhG)^eu^N<!=&KHC1#dh;q7}>_5t{fDUF9TU~p9kGHNc96<j*_cn
zRK3srZH~qDR_FLdAZOZhCgwI}Tp+n;PeyvvVr_8zgLjHrXVXI5f-oMFYO25t&5x`)
zbO_0LVM<Wf4fPp7fz3}84^czBR807!=qfG}e~H%3t&R<BZmn5$vm?0pjYp(V)gHv7
zT%m~~c`%g8B^{peRXiMFZj|+Pq3<tYe-IU_-RXVb`3lc?yX4Nz#XGpkTeWuELwQXy
z2<sFa-oD$J6;+;Dh**3rv=DJn=l%j)+p)U9@1wl<_GMTt1DBVoSqN2wV^YJh;G+@X
z>&@By+WEM(8~QE>l{^%-etTmJM>Kp%QR~fa;M0xXH6x;g){;$z+?zw2ss<a{J>LDC
zJ_@-18H7De-c))iRFHJ073g1tx;vjcYZ6r!v_oe}p|j0IaYp`x9S)k&T1zt~P$<R}
z>NjwJD?ZxiPWaYtl*EdgG$GJPyNAYjYM(*&Z(ZEpi;T0eyWJr0J(-8|fH?%01&gh#
zBM9?wbrbpG&~PEK?e|i$xpxkU6^o(MssLBhe&xb(NCO=i)`>;L26V70V;cyL$T)#j
z5%W0GRlbl103(E%3b&`L_cJ9Ms3YS7)+)9$_6~$wqEs(aheEIL0Vv0$1FF($ssGyH
zF#&^UnkyU|0D&>>hI99MmK7Ja^V~HYptxT8ta|I8QZBCmD<)@$7Z7yhNSwfXgt>Rs
zWu{_IQkHStOI(b(Ohn8c+@fB>6sXcLF?=Ljn!DLoSVn*bXK+2(dR265!ED(<X}-!3
zXuw!@tud^drTxX+-eV<$S9CtBS0|3Og-4motkD+IJZ`N#An&$<$2B8<CN*3Npy`BO
zGCO_bABRxhNQr8>15gto79E?o`9oKS(7b^!#M}FP0B{cF8SAA{=SY?&*@RCM5&*>2
zAynXQIld+E42osouu{Y!n6QaFUG>zt7?dZrTp}N|9*kgsHlQw7tq!Vd5l>X?o8{!-
zvkrTrW{5#tFgcn&Slx1Tx)SL?nU7K}C>B)B6H|96$;()>RiT854Q^pHce)BAW>40M
z42LW6gU24JCfKplfu7{=g2NCofw|(0xWF#lbyW*^9iaEG8}iPSfg_wf;l($j`*A?D
z(30^$X0DmxOqrvobYsuXzW4NDS4v3qPA;D<A;(f}>r~=IWZYBD@Y(%M9q4xyI|g}+
zwn2n4Lu*WuD)<P?zkqj}opE49o^=8a0vpkTknN)0xx^e<{!-Wylx4bjG=i$P1v@z)
zI~rZ-T>NoqUAcq?t+O&%VCKpgR$O<2yb3!Pv^0-Do29Pfn20M+CXHDl&}evu%BH#7
zh2>Rf_&7ON6%9$*S9>B!RYSNhxV>m({Wn+%g)1>UgR?HGS2Ty*8x&xBS(HnaP`dUA
zZ|9>C<WhqItE=+(#x!*m+>jaG2LMB9)J$-uV{vR#Q|6SmGvdkDwKa&*U@4LbDkUgj
zM8xD;EnY5ESqI&LLO`?W1JXpTdvLU~*V(H%`Tu+|1cU}XMk{%6)o=ODOFx8o*Z3Q2
z62NE;S&gP?-&cegfmCi^Bh!*&m#qT)|Kvs|le~&2LlWJAda&fG*dQ2;5^qq<fsPSG
zjgp8I0F=zxBXE>V+CG-5Y6EPMPzi)uNG?Ab_9%zbW!9gn;aP=*fv2Yn^yO;(PRiD6
z_x<%Kt;IG5&UR?t+Xbj4x8qjCwZt@DSf#FTceSNM5@I#FmAv6<=mH3GkG9*gcGAJk
zX|aAtGq$Rw;peI|&WA|h=f^j;S=AB9tYDa0(y3ZF!dA0*ErVks_0fK%ZZQYkIAaJb
z!sB-Af*5bHx&)=1ys!X&j~h4$h_(j7JT{3u0GKeg*n8i?{X*>nx`$K~#%$Hkp6{G?
zpLR|U8xAqn>`O4$Q8v!TmL{hhq}|Ah3ZebPI;5y{8A>R&2?qBre5rM5dsV)!0NuX=
zOwbu=0o6(ko}KLfu5(hG#mMNx`4#lF9J!oRH6?=p)S^(8y3O7x1StY%9mJmB3`Zll
z6(1_1pS?-TTn;0$!}&3j7QQ8TeO0U418q1gx{8b?`YORTd)Qc~S8!dY+L$?mVDs}<
zgLB$uc!v^cHbv8wN~H#DmLRG+){TYFtXbyP2T)oI@V$k>7QH=a`E@Q#_YNqAj3&uM
z;Vdz@uhQi&e1Q2~n%v1{?2w|E04_x)vZJ#+vuO*lC^xsqdh<w60eAHZ@5S7%*Y4|;
zgNDB?@K~C^Q=EZSbLZz(iz{f**6o+quolI7YE|B$)dr`B$X#;1=9WgefVGNE=)r&`
ztXZEUW0ksZ2fH`<$CY3KZBa%N-Tqr+zW3g@Vl#DN=lOIdH=Vmb$L}hPn~xLAyQ~vb
zw3A%2Ij}s0J|O*<xlTOjKAsK+iprds2WRSmaZf(Og6x`ChX$z;Fj~(c6mmmcAPB8!
zzpr&=ch4}MJ62tba_I-J_};<r+TrC@MNw}eOLNjuGU`Yp%0QY8qH$a(<ThIl6rtGJ
zYBbu?>3oV|I#pC@0QB_Lc-iu5fli$vVglbBAaZRG_y94Oc=b9%$jSR)wFr0?%u}Hn
zw!A9D+M;OU+)@)Ok7CvzfQpsTBiRaVNbQ@}&v-!-TJhe+q|S{luP-wx#0Vb7s0E8+
z8OV`Nm^KgsfT2d>zMHL56l(Y-OY~qavyxAH7m=$<m_>pMFy0d!3+ohY1YNeGs;}S_
z)vOgO*HU~N15~vJ{TdMjSXD=#bDJ557>Ty?P6k9=d!P>;C8OFAs8MC^5J(;}9&9s2
zR;qRZR)-3f=^C|oRZiSmq1&>0EfIqeKHA}ngdwUycV?4JRk=jgb{tR8!Vp9qdvCm$
zJZHpbhc6uPrE5Y?PpT<R#>{fcolBlOA4Z0Gnxx44Fllvjo4=<ip*E!iDh>PVapO*1
z{j>H6<JG{IGwikDlmshIDoSTT10*0t`(HeH(m4kHQ&qMtHX62{gZ*dwr*}|bdbWRf
za=Nqo)xCDZ)n1_!Bz4Q02A=uKV~#Ll4<Or%kv`az&%Ny*PYdJin58nYnWq(%+w1Y#
zBZVK2H4Kz2%RA^Xz-QaOF;7QVBT|`#)TL7Fq9{D}YPB>+m<lx*Jp#Vij!+YH8UXu;
zkuZ6V2{YKymTyheE<kfF6#dzAR-bJIM<piGr52I}qO(%)Fr?doyjQr6y|0S6aAF2)
zJT|p;FfJM(0cL5Xo*zY{hUp^GPgl2X{<DZ0(6H4TnO9GGqU&8r9e&P>BF+J8@PtJg
za_tDD-iU+xZgJi!dNH1bt$3(el!gs~T?!On^ktM0XjLhtS&qo>v@#D6jfTN9(uqNI
zYf!wdDzD_LtF!LB4RbT6Ut!!RxVOhu$#}{gS*9oqRu`n6Ih)zJdhN~nR_OBeK&_Ks
zsl$rB$Kbu9s8RE-&_OMH_saU=sWE-NEorJfKMOj4X^Q5|yi6{8;~SXZ7-4y3!%3lW
zB?-)280nPSM^_`kF$I|y^qdk@(Yr6I!r_vlvn@u$o8l}PfDQuK3g;*{<dQBp`+ZRa
zXa3mDKUv-{Gqf05>Ik@fmlhUQ5+VpOo|GuN!JUmC%@R^cE_1~42^kYq2<8jkAI@2H
z8-55?OHU5>*=p#OYIT{JxoJB5y;>n9!6bd_!QqDW;M^EEzNX^^BJM&4LnZc+LkI_r
z&^Alp)NN#MU(u;&0ELQgW!q9G5S;I@C`}mv2W@>U)J|a0BZuXvn%t>P;2JvA1sd_X
z)$*ATsrz$**{SAVHvA2##S=Ni+%BL4JXdkS1@x9<?J4ZK>UGS$$=YKIF|u+4PSYx!
zZfbnC$0HPdB%C)YuzWspRlwUW6T!3!b%J_2J?#Y-vb>HkJE50*e}Uit;?sRFcOtlJ
z0Ba_W+Xsz5F=PiVPQZE|An;`Wpu^D_@Q4Ev`K`zKzf?FuZHTCi@>o=B_oOOvqczd8
zVK8VsD<i~f{?VX79CfJII4}fou=dD|*HAzC(8h;a;mhKd!>rf7OHC{X3?q?b18jCs
zj>(`~7+|tfC<Nd@;{gvO&4`+innkLO{tjP6x^lEB<VGnFO(uikY#VDE)eQyJQc@dc
zNmNUuexZ9;bY^V$j0^O|(yp(7l8vw00C>Jhc`r^=^u$sB-$aKT4m+otRtv5Awz^s)
zjEfEgxZphM93KPzRU7?4)W&&W()~-+8d10r6NZo?DB6&Oc!#II*zqxRr0bvwcm=PO
z++_fnrG7f?(O|uVm56Z$_9ZoFN%Ou9PNu23eHvi=QGDj!UN{ZNW%^rO83PliodKA0
z)a`oJCN-%w!$Nw9yh@Cw*fi9xm6j93;zFdcr08KA_7(_rD8E?NXYh-3c&&&}(p$&z
z*(2D68*g8&P<Go!U2^B>3E0;4;QR7-sp^0=U9X2@W<jtmVTeIv!LsGSzLf)}>$azd
zJEt#>JKt`+gq{#IAM--!>6{HybW)a68NiKtVq2a8`m>thGT<HPtGPwIL6r9N^A?6$
zC@+l#3ffam<5BeL7ay;$uj|XM1!3%iM8P|>aK<QYnqp(UW@G>%gLLAqhJnMep+u+A
zpc&GNGqKRy7Jx_;&OtJ7X`BThjtCx*19lz20D#8Od1^CbdwD~$jk-IzNpq$LE`W(H
zoTnfN>A=p&C%)2iT=rOScg^B{crz_RJY^u!z*&D%J|%=$%QjzBvid|nx$TL5qE7T&
zpXeu*CwfkikzAFYe*)`Lc$%0Rgkt(41s=~nI)n<R;_#sJT>xfLb3W^BCIK*_fWP^A
z&U#G!lZLNnB(8$QUO0ihkh70gaAI{cGukOL?Gy8|1+Ik&I&KK94c=*KR`&g5VW|>b
z8FeY3THPWKyB!r11NV$#n(?pHVilo|M59cD5S_dQ9?@<^g^Oz1HQKl7(?z6FBk|w>
z>o}g2jsHAeZ5*e=UdWh6qjt3$jvCTftyD3nD*~nVzuNiFcMkV=Hx-ezG1l2VJ;hM#
z(9i+JyFrf`#lHrTvYKRS)7XG5IFEnCzJ3$~m8KC=h_QtZ7OV4GHt8VJi=aROrQ!mi
zgg3(Y&EfSpIMmOdfA^oc@qa!*2(a1le_Hq3t%v3KKcD>^|L3Rp1mgc(VEmt7{ffi?
zJh<0_a9|Mrr}gkB3;&}-f>9uxi&AJDComYq^-=FD!v6$f=FGMn4W8m)wpBX6NkP0-
z;g*nBR?&8RTT8#d1J2A&_oV3Zuwl=RdO({vY&6_@IoE4`->~)YsMs)`8QJ(_jNZex
zQx#x1dfquy^KsfY&INZy<Q#-QOiRFqkZTkjj*!g>@!*x=WR_*zAfZm6k@5re|5Xh9
z<FUyj?TO%X$~vwi0LRZ@^43(_S_&vh>vCE@lJAIho2bH)AKQ6ls}i4$n@$i(%br42
zO=*9l_iRQxRR^1?ic(Y2miFNdw>7=2j>fcAW!S}Y6;7j7jqkj>QyzSbi|o9ySV!Ft
zG?Hp>U3VzZ*P(R?bv!y}3}sFu#>+I^#7@A?bgR;NQjCl55pFdww;Ah%Sv|B{fLV4>
zo`oO{)^R`BZ~h0*^WR5bzbV*ZGj`YP(@cBXS2p0y10F|QSB5E>N#_Ean&eM0hAHK?
zSU7k_C3rD-Pp}~}SqM^=Fj)yk6Dq?)%z{F_EJ*7X3%XMscBg72cmsGVo(As}XE8OC
z5<<J05YVX22A|c1S2n^1af@q;{;&x6N}8e>BUnhGQzlPb((DS9)Eg|(Z&h0r^O>Db
zXY(l^!W`YTK;N1(BxC6u#EILOI?pq9Mi!1QZr|~))!w<TM0s|JAwCDwQFIyiCfWO3
z;@XB~6i;SEOga!XzkZXM55sTVff$&~r`N$*SaD;2{G+LCoHOfGv7x@1x(#0haHC(P
zjXPzgh1zPcR>-R_BX6b6zOHW>4O6?`uV_Mec0m7HaB<IKZYIz@*TlYUU3&n_0R+1q
zWoGVm_<oztbzSP+)~@W{Z9&8e95yhhsf-?|f2;5HVYzZY({~Mn6mrhqaY?3rL8xJq
z@NG0@4q8k<Qfk;PUGBB)yt#eTUU&w^w|V}G1p5;3Rq266Ixij!)Pbn6eQ>fI@Po!*
zxnXxuhUJca&;}eU<E=Y)AS^G3N#rQI8Qn0lmE1kP`c{02Z&*xAXd|VvIWt9^G{#t(
zEIW21$s}kwB8Iu;Q!`_v+M~S4hH#O+`sYzy7_6^)ty{uo?RCM7u}LYG>nqgC>MCY4
zQ~fmRJzix+J1@s-RnCT^VR1vzF@!dO8l4tqaCb_>Ezbla6g(zMLBn6&M&zvG7qvlS
z>8O(nyYko*+r(jMr`;&ow^lJ+)^fL0r`pVTMq`V$HLC?Q4_$l$)`&P%=l$=mO33kM
zSX`jNSALTh$t9KobJ$6;#=0&q>b2BK9UdKbo-jXBUu!p<mt>ErU$$JF0%lqfCdjs-
zCR(SzUl`lcATgvE*xcY~>PM`pQSuIVz>v-`JIk|CQY5toohv#_XqiY8!>$@bww*tg
zldmGtP}*xqQT0+wBi9yiMoaGQn<VFVw2sPpa{hed^wWQ;?|&eb+J{L1F(?1S#)HrN
z{4bxjHXi(Z|MOFP<o%CXaY_L3>sHKHK<fYPsP%C3{)5epKpL3GajrNh4yLl;4bSWh
z54TU<V8{zk;yrRFIK@mp1<h;j52BlFI?;!V3DJ{J$CzT^l^SR^EtZ>5Eb7H+1TGVf
zgQ`gSpxcYm1Y)P_Dm-%R2ts7MLZgIbQ&Y(T*=Ur#!Nh^8NzBoi^^*}s%~fZ3dJeB%
z4HQq5FJtb8X~Fy<v5Rp*S>wm*AV$AyXrdk?7od(7b%>_@>`errTB1>Qjs{sxywDjc
zHX&9gQG;{L+lW`w_;D8p8nV66u~kOWVAE%2bxi!+vb;lmxuYsk)FeC^wIu~vL~`Vv
z7DV3JPC4)nnV6KUs%AwfF#*;w77&_uBz@m5-TGBSEgNAMpp3H@<xAnr$eVo>a4Hwk
zmSxB&3`*@L8K}rAfFYU=>H;)TExIJ+!{V{dY6;l}W~pU#OE{gHb|=Jy-j7<12(hYO
z`>ufSTZrvkf?nj_(^1(OME!K8i7}SA)zod(HIMPpO$XDg!Z@G?1aF~Th}un^78&M5
zWwzlFn~DO0_v1;QQ=#N0XRZt~9;Y`vC2RRPb%RG*2Ox_*_AMcSQ+mr?UpB4Pp@)Sj
zv4hnuJwq?}xgHu9Ytyf33dxWaT7!NgO1JE^q^_!sK5+n<yLaiY`hEXXgk24PLnZ-8
zAfsqaqV1AXvTQH1>8PHAn_aGoV@_5JBsE;H|7;sqAIN0@F&QB48HGXb56_1(kTcu8
z4s(oMT(6rckdUaRro=?mr1q*o8`@$L4>A7-RuU1OVGybcSr~5^b7xF0K>eGl(0<%2
z6bh8XN;_*=w--~5)GVXFkbzjz)DGx4WRw*+P-0CN1Cho3ZBUtVd8o5bgg1e){<kKx
zHuW%JvqUGft;W_wmI&|~q?><{o8b#*znCluq?V|l!ZOH`pAzA%YlZ2gMJPc-s--Go
zYK8W2Wz<p6kIydHlC#96xTIc85<hZgi$YWB(ltr$OrmD^l}E`Cqb7>d9NeL<1`V0*
zF@`6^>yv$lV3W^*4c_GF6N)3CwQXn_bB)Loz^G`aJC6@Kwu~erg$<pi1ZQwJHxIBD
zpkeSNszDSFH6a?PjJz$PAI^nnFv>Z5#vqrJ5EsODo!(lw8>20sdHAtawL^7$H()G+
z))8YbF1pCI%a~WOPdvX8nN!By_Noh!SVM<=!tK0SQrXK*=&mI1`)yDQ1DxqMvKMCw
zh8Ibb^BB^D)w~n2BDIZ^Rikv>(GpoPu#$}MCR5!EM0%<UCtTTw2zHrSb}vb<hLbEs
z2iO5(ox(me?lqZqKIvDaG_o}9Z51^dsP;pfjS(Y6c6$;HOll2G;;?JRT?)Wv6H0rb
zKpT>tQ1r<QaA{c1btqCb#C02uLxOsMS*uMjirFVoUOn3~0cn>Ah=9n3*>BFwO2L{1
z|AgmLiK}uf&M^`#ZhX1sijUFicY=!#SbFNjm~%bu&Es4EtnD5VZWQRMwQif67`G|0
zUmQ#pNU8aDu80DFOYOW#pAW&qhBBts7Fb=KlH(SqYUy#?S=X~nNt<!1`C*y!qlKa2
z78(?YO$%XM#gP>rUx@bG5LSWR5ExnhV~oswd_OSY`*Of}<$%k?s)u>PDgu#uUfEhI
z?_pLyo!EYM2fa**)V<<7o}9(!K@KF~-9+Eva{60v=Ki6Ut7+EID+{!DAcxktVJ6Zw
z98wK)nj~0M0bv|Z^Mt>{<I5?eNdvk1?Uvs$AI?Bts86J*yC<hd&zZXJ9(PVocaBf>
z&)uVggU;?L^{*ejI5h81PCKURN$2$W&Wn?d_zkb0y`Yg`=Z;WE)<XJVG;_rvHgpy3
z5bJUI8>WB)m)5`_iPaO#UP2Z@a{PNUEP5AF-M%u46cGBvyf%$!i-NY(uqgJpX>xLe
z1Sc5MDqNRX`RVLlYoq;OmN4uL1^~BN60-$enI!qlw))8+o{oxg8_p<a%H~1UL@6cC
zJUZ#!{){}Ef~d8~21}JJ_8t_+C3-SOMI5zLk+pI-(8&SwbeV*A<CZx>H>7JFTvVQc
z?EvpuDN$9zb{r2URpF8snx(^1zyl6@P0=n)lyDx&IT#7VMK)<xggn)HEi~uy3Q6G}
zV(GyR@(^Rcn?O9=&Hd7f4soLK^twt^8#+|N1XNvAUK?tS31W>HQGnVHy)$sgO%5ee
z1|r~m5p5_zqaDW9;lHJo6u{Vc#{~tWn{H`6n<Dgq6$iB+waJQm^p&4aqqV?pD)Xu~
zIuwP4BJI&-lIL(FyFIiW@PSZ19;rbEs)To{wK58x^=z<!W+~;kU1iHP&?%Cz<?sg=
z)AY3sm*HiQY?HIBRUq*i7#dr0vsDtRX;KGB3r(yX>Y^O)V^BG+mhjA+H8gAfC5A(n
zQO8OsNhT<=p0gp-D{{5bBE_b3Z^w-0ifW_%Bjt|93mpiys}MLZ$Yz$(6HKUWSAK9R
zt8-#K+E-ImC7Td->2;EfbByaw%6-(n(&7)(D2AG#tD0OT{U{%0z-8sbeqs%m<du@^
z-j0*&@|bSn=x$t+XZieER5OZ-Hr_F1U=VhrsACT5A>-gy3sWC?iDOg?hJpyQI$aPo
z3_3RYtoUIo(x1N4Pdccz^`ek*$Yquhh}1z6MX^j`jc}Q9rCh2&LblkK_eCNWGaOIh
z!i#4h6S|smgwO?2CWdxp)mdr7$vCuQ7Tu_A*P+EmZO)1M<i+9c>Hg7SSQ2xt7MnJ>
z2bnk{Jq7m3-5Ln+iZC2<GY}C`1k1#a3D6QgTEdi!EKffS9Sh&`E(x7&nWAyvw~?dQ
zFYOs&it5Z#b`-67={3w8;~WmacexBGG9gNM%&dpt7|JJ%N7O%hCdO*={f}#Yc5?}?
z&<v*OxRe7_@PP`gnsk}B5Z^cBI!G?EIfpcRi93D7x_1o{sFh+|<~7ywYB~6=8zB!v
zLBMrlDMB!Yx1<}zO2V81Vdi{2S#&nU+iU`kumwOvfJ9{A!O-tYc=>j?zP_F~vF2v5
zvlZBsCm?<=Zsj1TyIB*PRECmtg6?u<<k<yKDT>MDFnEF$O-+zsS8j5HhgQi7^7?uh
zeGY3f#B>*{I;)X6S%%RgNIinDD=rCIu&hI^y~hw-fm>n?TtJr@G9I3eb7^_S{&gs)
zF=_XyMXO}uUZI<Gm~m6cvem8X-7NWMZe=xssp%j@6-U|iy8>Xg0@E3@kpzgJH%Id{
zbx!KCHB1=1zQ;i8cHk7e$&Ua}y{~S02+%9`aJH9>*2u=(%;-EhmDvwlG9gYb<wdP^
zb16hg^Tzq7Ha$I+qcZa7hf!OJ0Nu7dB0YY4r5pK*+K-Qp4mvxB)x)U=4$$ZeMZYK0
zq!w*PwLz?iOKr{|5BCrJE}Y~yLvuIiG@#XbUR4=<4<jRvYe7|;2Id%J-}(kRrXOLL
zP^pl6GoEDEH&se?-}Hi%XK!S7_YGGQN6k4xgAZhTS2WK&!4n)@W=EVlRf)f13|?y+
zeRa7E&ad;cfk7e6nHo=CV=WAAOgFy4lwckWk>(=ylA~G!^hT{1w)yQP2A`cwjpCwo
zRN^QI%-fndfzbV!!%_iDv}Ftdrj3^XcH6FV172ZJ;$JEShtDOQL6sKW%exqkzU&15
zHi<agGu(DVw2u1#V+`utHO4U4#J)*{n`{jTB(}VT;_*-z{_!So>bI*k-Cl$XurBMu
zNyT?Vs@f0CZqvrr%>UaazH%?1bP@L{7bU?+7olJL3eQXZ27mAix<J!!=$C%Qx3c;j
z{j@Kw^@%NEo^dfPJ?SF)w|FgIiN}0giI?<*i+}=Hzl87n7>{=S9DnE+Xd0?tzz=?*
zZ*cWH{oB4)(-JS$FZ(KYUghQ$G2HqU{W7l{sOAn-^8i%yGE}v_fG(nco7XPz^l$xI
zog3zr`p%D8CTU9XjbB|mV7(S_C0QP?B$wW9eTYESyV*qX;Ak3e4fNlwIdW?h=UY6z
z2Bzz>6z^C3>Scazc9(rMg0>LzpbjNow<OAn*+wmAt;H2>rh&K_FsT>ST*D-I7rdl?
zJS)C0Yd?9GeXtDaX@Gj-%o-oD%u0{qbC<+j>ky%4b|pE5x~V$_yqf^94Y5CgKl<%{
z=U`7}qfNy%ubHWp@_b-}2nqL_6=qTf+M2!gU@a#H1J})oG`lyz3@4mLD)*RTC>#)2
zOO3W<i?ePls@EZGj}XG(QgFpyX3kt~3S@)?xL7xWnCtJauj};|bdOGm18%mEu22$D
z4HisDJa>^*Z~z-(Jp#r_!3!N^z?J+Iyw3?<Emd$}GSTt`bU+Qa+lkc+X(KdXlvblx
zH2q~`>pEkx6tLb*;_<tzRTX1}t2cKY!fQ~iZWjnh##LmwN5$OSYr;BOqqu8P?Ph8V
zENs|fS|(aEYE_c=C)qeY2T;)n&1&nVs<PZ+j(;}v4@DeO$7-&$JqUEJxhs%p&S=+j
z-@sPF3Dpj!v9R29c2r1$wNyjuGfeVrhcq8nR>4To2T)T@Z~=?_UN!?$Eii?yyOiNu
zVEkgnTQ_79UhY!pQEs%Yw2$B6N$^qg&cyN7G!aA8!qEn&bLd2#Ow-g{6bbqyRVen{
zw{n)zC*XOhwF2Q&KcD8~L{W*pRV+BF1#WG_nhb@EussRTvNjuR0R2c`?4uK*5{WKi
z%m@@KI_&tHR46{c*<z%_(hrfwFmz;PN5J=4AJIj)6JU8H6pV53V$kDc3}hgY6S~|B
zgH)%JGv-)$HwjUCn2`2*YG?Fi{Y3^W6VolEuThxEKn$r~2i8yDP&Y@>!rFq%7z1*k
zE%7jChaQXcuA%iJa&9jxNx4KqtO!fLwKPRMnt4gT^-JDFO>fFtY{LCx-_mb>3G~Rm
zf?xasNsE4iKf*H2hYVP*=p$xhm=P0eM%+xOBw~g(y$4g*^3^$zrj>Mi;Q3WKx#&f#
zcsUJJVw5LB{c}!Ow$txEt*~4woBZ1`2*=s(Q`#M>RqRkng@F5+ZeOU~MjWaE!;|XD
zO`&mdU?4Uj4CQNx`QqM)%Te%aO(Nt3`4x=;GM|x=*fMGhU-5VFmyXb9+Yde*=Mgh{
z%u6zkV87IqMpF9Kv}SfVT3OyH&ZUixM8olwR`JrXfYUPyLNOd+3Q|f)teFm*`1jSD
z<%)$i8dNCqW;hzb<qTXXfTy^pISuL7*4kC;R(pL_t3+M!tjhXH&DZSJ-!#_gl_E^g
zf;;RIOQV71Z4-eUx<mju1gQC%r<_Xy7O#sgs)5a9cADf$C5}@VWYy&1&a+O_kX^}s
zwf`N3$FGk60TG-(K=6-`=EeVb*m~G*`SIT$wAw$%|M)3BGX4jxc=IZ1ueTrS*dO=r
zwOdi^*PHEMZ9e#QIrhgc?0aKXi^dm9K3h1<dpWv?jpPBt@xplQ9vye)#PPsMxKTX%
zz?S>ZGVj58&wDURuDvIh$))#%gnR$t7{-u$Psi~@N$%c5B%mCTo~L;c=ig5+$9X-0
zxMWFV?NI>+QuuA)W$8xmHzeLlh*DklAiB1c`0B~pqu0RcfBn_ri)SEQC(s^5lQ`=B
z-HT_>`O!c;V)jI*k^HI)M!$7nikOlPa?Wz6L}DGt9y<k7PzZE~W{*0ByB6vO`P!p#
zPsu#+WfbQ{0q&lK@V>`s<29QX3GWMepT_NMi)5ijNJnQNAvs}r5ZoVaW4CGCE3TB}
zWw=2Cla5J2y-|d%cm%BbP1M7?FXzTg2%VA5RKFeFg)Rnbk6`t`rD3kMUT%r8JncYi
z{oSLzPTjx<1+k;&-Gif@y~F*3h7c(Mv|}9qcBHEA96#;uh>BZo!6LK89*2vmAy9jt
zZ<9hpt-k)P>aVsmL?H%^;-OQ}T%9SQ-jhZ(TvyYzmReC&)fFU9N~35-y1W>Vfxmg8
zWx!IHgs-{))t$$?b-+Fgt|nulZr$FMa~uWmaT;C@{}5|qT)=H+6u#;L%6YhL?<l?p
zG()^m--M|w=9SF`7GG_;XRHR(;aZW|Rq*h8Qj_pp^2gVDGJp5%IdXw^2bxKvQV)vV
z{k{n!;@N?vH5i;+LSDm*Y}9vjQs4VqcmiICp)Cx__nP|FpfK`I3Ean>(-+5wO<e&B
zuM)6*85$zk2EeLX8RJ=zjj6vK`tz9n>{fIQrBz8)YS*&}qQz5%0^-zQcpV%9?voz<
zRphb=kge}8$Np9x_g-pEaW)tLGrEnn*XrZms^wwnmbngZfMCnDg#8kq<#nnKil1jY
z-@p!0IAE^0zUk&SX%SzOvKFaij*7Chm}Dc4A*vW@w0nfuEySwxUIT1`!8dt~j+=m1
zt!u*iYTR2kwil>*LfZ?38Ik3vZcVNysxN3o?xdWeEP|Y!^rqnTk8z<GjHK_-5lO*r
z_zXjYoncT!H1aoFP<1wn&l3NLp`~%p3f_(5p1=hCz{5gSdIkpAJ#H5CsRg6A_GSfj
zS-ZA;ZeYxe3`DSGG*AQMfE;<0C=e?`Arnz+({`o`M5_E^zG8?FZIuSV)+q3tM}*>g
z3?U(>U>&66$GUcK4wf@`G;Ym;l6$BRt2PH5Ej>7ATX3ipY7?A3Q}3N4uRb2a^@yu4
zgJ)ZTIgf`DgURyd%|(K7P!Lj>3O&7Hti6cUmd+6GlziBq_7XBCno?jhGG3v_5Lx$1
zZB>0E+3@0+fehazi9G}u=$x^WERAtAcE|IBZH<FS$FPz<+a*W=px$!W3ii@gfN_Wh
z^NJ>)c1}*!?r#Y7p`+j2&?a9H(_)(T1BQ{~xaeKLVkrqYIN4OKp^oc+9zckpou?c<
zR5SZVqCjcz0o5trx#QTP3>Vy?Eh78pIm7+9gZ9(>z%oHY#<df}Jq?>U6LWdMyr<Rx
z=ummI{Azv83(XJ$+5uT}OsNnKyT_fK(@qzTE}mf1844cp{9qTywzX8HjYi5#Mq8}P
z`oO5D*;j!8=53Qf8aP?8Jd{Bn#)=`)w<{vr276{D0>A^=2n0(e;+Hoc$I1abRs%D$
zd!}M;u>5-Z%qWPrJZf%6+;)_U>H!nh5*f<$^@To1wf!Qk0}PsWsSnuxFb8$@c>-Kx
z=qQws$3ZZQ+2kWoFPi?{s9-}~#?Z7nXEEj40BrSvtWRXa#c-2FhL_sTs(8i(%r9|E
zpUYtfW=liSD5a+=7VB+jW;BdBd&glzh@lLy-v-<~AGbFu8SH3f)Z!l7;tr|p@DWxH
zGPiZAnk+(OW`v>sd>?u}9XLux9G5_E5&ESQM^|l{hO@~~rXH#T16VKZyd%sITwD%q
zjZr(eCf4dGeAoyd8cdC%$`OJ=o>(C6tK@lt9z?nXX%rMcav5La6YKoxm)r)v`{Z<I
z_bXxSRKa%}rGlcY$u+QaIhhV*7;b!&T<crLK=*3cJq5e&*-ep{{(~T4r$05hFo{p4
zU}TN9@Q^iI+<<4>^H?Hjh~I{qH>WyUhV7qxRmUfMmU?OvowV2XxVE<C?`NpD?W|fO
zO!45Y0&HnmzA6hwX4F`RM~BCqgQHzqKkfjbp^8k`^L4P8DGQ}>zh6eV)350We{H{B
z1+(hHT+q>07aR6D(#n@zHamwR7tM&)`1vGL2f@lfBd?JjM}0<)0cFU3t&zDXOdu=O
zwqtkCU{zm_j4kca+4ptLg}?q5F%8_gQo16-7GA2O%rn6XmeV{VkrU#-GK}zBSk7_F
zHTGB3U~;4B0c4#t?KP<rH5J@Q>1#a%HT-AY^GWvRD(MwuSqNh%z@@L71|oVb!rTIj
z&5y51Fs5PBb(i9lCWBG-M(;`{c^c-Qn;sfC<l%@0eHTH<rB+v8a&1*4Q$Rid!Vd*#
zm<Uueq22CTJedsX+Gt>33CT2ly}D|#-^jdV2liDNBTvXfN#_D*e9NE-h*?BKMs!pI
z%e=S-faG*mW$+*G0@EqsSGiL_GES*C33kiN3$0G(_a}B8m<pEr!#BZ>&TL0#x9Ui(
zrr(d#fx@aQJsGp`SNi&v<qdGl0#&!-?_Vc3TPSmY^#(j=7X}jW(EyfZe5^q(TuL-`
z*N3tDB0LrK7Kh*-2RS5JAZ1N8T{H?iG{_B5$=#iU17n3~&n~b*OzGC&oNi!xZnV26
zS~yV*0!a5nSQ|~#7puFRfCHx2uXm1BZB4t34tP#mLOAnF`e#T~Ix?|nD|oQN4o;Jh
z;&bK!^RA$y2J8W~rJw3UN$T+3iM~HbwZ*3%1dafly^TPv@Nbm$00dwtkPm@@@gi`$
z;4|`wI{0VdBFAxI<2x9D<F)uT4CKJt$%VmGveMGEUp)WXt1ZA8(o-uCV;z*WMR6H~
ztPG{ugCL`t1x9f#MnRSQVZ8Gg(4wcaX9p2reYE|`Y|iKwkmLxxJ|qL(-F7;J*PG%A
z>^mm{o7lmO=ap?5i$Qur`caNerlX3hQy{*Iha-x63}%I#{WENCj(5)?y|i<AaYlbY
z_^A>lc`#Y-DabG58!+1uD)-#E!l}CR0-syF5>b6)zh!>kY~6N<>-UclBLS4Ry?}f5
z1_$q4cikX-4b%jkPuPW6qQaA%gOkpt{&jl%qT@AJ2?T84kV>d2cX>s3Uj<vgmaTtf
zn=b8}s#XtQJX^eB$&T3_3T#%;6Iym;Hkj?rRnUX3=dOD`=q9Za6x0~@P_67t6KN6Y
z(P~{KbPTT^TCitFUw6t7ow-!Oh>R=<*|YIze-FH&%!9w<+cx;fi+#o1U2xWmekNR#
zO<Dzq7ET~peCVL6-ez%nGkd3be8$I8khP*-6=xH<JDOJ2;f~fM3na&=hHyI~5bQ~#
zio=@xomNVfG-Y67;_V(2X9DxzAkiD9(W_!vTzWz4!uUn%dI!Ta9=TQ;Q9J;x{F{r6
z!ozDuO<Rh<<wkcP6rXNw$TgGNNKCLh*%!)bptw~7zU#NWNYcB!z}U{^=L6xWfD;B&
z0T<TM7sh61)4%_wiZow)a#<q0A?Yy9DpaiHg=#J9atGf#zD2k$nt$*$r~xG|%(O|h
zxJxzW8HEeKaAA36G+JVFCTV1Gi`{IwUDzj}&s=01&pantsU@Dw*x0-~0~?zC{v7!o
zN-s!hW)3l|PZRpmkDXn}{D=VSmKKgsD&lJ~4jjjqWnvS^^(g5R*&pzH-TFv?m@*Rf
zMjnvDWQDKmQWICeo&nCt9lGzYyoM3E<nT3)<jI_t$_R87mzl-T86d%HDX3juu~sq^
zf7ObXkmR_ma|t2{k9i?34;dWs8~L;n7gxm=YP-GkHCUQG+xZ5?nd7e-zQ%DdM6(e!
z14v93r+vrp%-z}oiNS16(MM1N0riQjcbEHd%^^8EXB8_}*-H6?iY}~fdjJSocFvNZ
zuk0g6tK+YBPQI!q0d7;9!=YkeK11toHxJe!NGojGbznSqOyRM3A{g&5wmyh$w`>zc
zHo+JaY!f#ykH(`QQWgsA4^QD!WE0pK)yS`2%B^ti>MqpVdD;tyx(n%7lBjElpfU*n
zPTD%o&~acOcYUV%lfHJ3XOGi9G0Km`8^i*Fk+0>r{Wz}0IJEl1AIQ8>l=K{>VH|(8
zAShUS;laWDRBXm#N`-(7vSAz>DO?d?-D|ioRU!tWq1{md_rnqv`HIWYU?#(EzQ0ax
z?2Rd?B@Mq3JWR^G31%g7?&>NzmbPVPN}xV?(!{1b0ncAD7;b4G@UYCb>B-EO!pM{>
zXzS-6dSyX5V7cUzJZY&AG-@078hBsoJ#)>RRDp#L6ZNTXOPYMLApdb)*oH&C^wRYR
z%u&f_nL^Ncf*=$MXvK}%A!x#u5GYG32j6fl(YEe~N2gZaVN3ZnCs36!tEbW>rcPTK
zYb5lnt%eC%TYZf4k=t5ZhMz-_>q#~}zp(KSe2ISM-kC9w6Nr7NO;nsM!NYMk{CPGU
zpy)W4c|@~J=6ZW*G71J7i2T~;?p;)PiiMDBtdJ(ou_2-$6{9!tO^!0}7F%9kIG*RT
z^?gpmt~e{3w{x4(q!N$ifuRY4r~bm8O2WV*lpkx_O{7JU$|F_yEI3*bCHoo!ev0EE
z77+9y1E~)Q3gD<iV9MwSzCK+vm_=HRzZ7br7*M_NA&kNS-wLGysQMu>>VqRrrB1vG
zaf*3}Q!Iiw1C2O?S%?Ev9GLd^(lNXXLg=#|R&$=ZeLlg`tzjo~np=#1%+<)tS(Y^C
zGtL(Hl+PEQ#GG3?bvAyOtIkE(T{e`sh{tdbK8wXgJXK<x&Kd!y8~B?LF#=TO+pZtT
zx->zr8$iu1soC4oWDW{!v2DAxiFOe?^rmd6iNT+e8H`XN8EnGc!bl7OL4-`c3I;UG
zFCnj}yclGoKE@Rhu26Pcwd9YsHAG|EoGbPIs@<eeW2mMR-k&YhE6XSCh6t{%YFvTk
zXwuT!4SdvwM{W7YX8&?_twOY&JtdS)X#PXcn8f{loyMfF!;jkwV!?~YZiRe$HnYOB
z7YA;I%jsxlg}wc+wTcGdan)w0P}iG)okHRQa0vZ$`ok+oI&yXsZ3w<nbgT-@9_i8E
zkJIsGHXEkTkACBVXq>&7S>eUuGq=Jty;K##g%3K1n<d{7p)q3Y1y_URQIam}IT+I6
zk&Fq&&UG|G96txgqOdhi>yyTOz-iZ=!<eIjSVRULzhK7$UKBtv;|X}H&G1N^y$xa1
zatGJ33Y2U+&P-ZmE3U3G*kr0a%W!HzKv*=t70itqQffEakervZy<jt~kPbu!@6W&!
zH){*IN**b#@JZu_igO&BgXJn(<?5~3#}xog9aWivTV^blTA>rFe31$5fZ6ptuTo&M
z+|}f9zsskL2Xj`!EO=l&OHyRuk&X3;!n%%GYOtmA_wrVh4n?|)(aEeQ=NzCDBk2RF
zdG+}+n6SV4eA{eTK5nzt7R@GWZ_%)Aiy35c*an2sm1smFxrDpgjvNfDK`S8^+bs3p
z1>8_3$zWJ^0E|F$zbJZ<9*rm7{v-(K-wF9bwATwf%hsJ6U-g?*?utvqUxs9C%slLl
zyU+FyU!0T_>wI<KnLCtqZIW5SdyE3_rZ7h~oX<MAS8P(E5P+FZY2HrJ3KSRaitQI>
zLSe{?6Wr9yyBSEC${!P%7hK*gX0XVpRrB*lU2$ZXtuOht5Mn$YmNDbXRp$p*b?0!;
zo4HoK;NY(ofb!9CpatY=7j9zr=x}%EG_VBn8uE(QfUm(!p7o6GPhO!H$nrcn7AFmi
zoB4%YnMLy#2jZ9Er|kP9Sr@qvxg`X@c}0op9ile_7$Iq6vAQKUuPk2_L4rs7EzreS
zAhp~WD!f!Efa`UFpjR?hVU@J(#BlZG{x)iiptpf3r6vJhUPSh8g{pG&gP&&f1&zLV
zm(f@55_4m1J4f=|F6pX0t-Pb52Jwh=(bSO)yW#=M9&*C7*l)~<Yf`~^RT*%%8%^gl
zm6yh4_Q*eYNq}=TQ_j7yGqHfdLwh!<S@uayfaVhn4NL3~V;*txn^RA1TfsAo$e3SG
zJ)KjJ2%cY0J)KhzNMpI4dOEMaqtN`+(>e8!)RyY0r*rCc{(jT2%DPtP@6obrX1&8s
zxZcK`dIzWFdIzWT`#T8q2bZ<;>OHOKZ{9ecR`gd<Z*lfSojoIn+7<RNP7@o(WU%%K
z9>6x`;80-X1;Je5aVQimNl&GwovSy$r;zKRbS<~)aEt+i(IZ)Q(BU@090R=khO(a&
z!KdVlNql3p%#KGNdp&Vn5bKrBZg=!hj6EcnJ=^)FyMK6!&V8ykblh|O`rPnZ0KMVX
zk`2w&%O;Z~A1l!VG!?iq0PxAB3I8-};Cg*ZgSRgr1>(C7+*^LT^j<I<a2a%rx>$&=
zlzj;aV#g<;XBCKy!0OC78sqgf1%Do@CjBdJRpzlS0wU*lXL5cBs>L%>ag~ej28;J>
zao?W-x1R`=p++C0H$#s-zD6AL2a!4mi88xag2Xh<hv#Y1Cy*=zjB6Np`8kAWnlbHd
zJ?#Z1d#xusW2%k=TV-Gdh+@iKfZ(3bPa!W&HW4>^aQy^k$WR1LO79&!f#~Na-RGU-
z?vsNTCtqS(1}=UEsw!?oXBW{aS2>M4zx4p3>wK&i9aR`?e}*1~j;XkBsdKOom-jR$
zL<CQdwpcZh{z3pB{E_RD>{Q_y+vW%x+-+>z=B<F|#z2h&VBrecV8j3R!otpp|9bHu
z`j{R6b>m_Cvvw)|YrFMx{MVo2Q;Pq3(Y%UU>koca4*$Aw|HFoV{l##QDo%?7y<T{M
zUoVzs2V;Gw(5pI}*fWfK2jUIKUW+;06zu2qXun{GUu)n8_T>->6C>rNCfXV_7Wez$
zebU4mP7I`nR6)^|*HQgVHXZfpJNS!mEEN+ij)LLonQI4+x)LYNSkEWPII0~T?{$uW
zm#qPDy~(DUZBvuTVH(rR9GZdzWB^onptT@CMOoTvYVoP5<)Nk)aGF|TX=)Lq$@N&g
z<6noJCd(T732@-V)i;?-=f53YV&{-sJvuhc96jDYR9}|f@-QLWnKOFQ{{CPUvQ4e%
z)ZHEGCoiC-=q***647*pppEf#75i&r*I`UuEjzz#h|t4+kj|{R(*#D~j&JS?FY54S
zRYr7l8-n=jN}6Ct)`T0ep8nb_L>{*o*L=SVdF7*9az8sB_k;XPWoz@eN<U1eZ0Z(b
zP`KJ6k%hxG=ZDP+*P9!GC<v+r;&lY;EfjJiJkW*x?}HsL<|`ELc|l*O>dJHcU@8YZ
z+ixY@-|dX0!)@HsBqZF(B1W7QQ@E|)LM13}A3CJ6rTL*Vg3B0+r(Csx7mG+7u6@g}
zbu${77a^{Kj4T%JEeNBkfVUNcT=-`6suH~yzd@@Q!{T==SMrYKs$Gp>?<m^h*{*oD
z;o#qzp!HY!sh0oxXONNMLnHv1E&sLeKltpSFaJIK^#0HC-%s(8@*l4_3V^MR2Ot4H
zyw_^qYyUcGJ>0zC-fXqX65u}Ac@DtXgi<6<W0r0rOuG^7Jl}tpY#_r7l7WO0gve*W
zeYr_Pa1LJ9kc0ilbCQN&BB?V^Y@EjY%+<{I&wzxJ9%yn?l^U^>n(MgpbpPb^__sDU
zS7jPH>cM7m3U_fp%&cPbL@rvL-?uvBydE4xY0()$)6CBsH8V|~8ecwVd`Po(R!Ak(
z*}SA9KO<zJRgI^I`v;(dwGY^ZuN^kxs)6{BO*lAPIT2{i*)2uSeg@l7AUzf*hMluI
zkYv1S?fJD`mN}4|(H1YV0bx@BrgEYt{k0s2$oDvMGCV_re}7OniPRebVAr%U5Gx&2
zx#1*BQJ0YoqVwTZl5(coTJ?;P0f52AXL&v=W#7>KdF5^^n{4+=g1|{uHf&V(Je<=r
z#;$gI1Y7oViu1T|m!c0yx=EQJy`GU@w0Y4@I$@bbRqtCUr|s{YjIQORt6t`2uDRjV
zJP6xa77*tX<zvY9kd+cE%3m!PbOX$7Xl8;*Tn}14*|Aydw4J~R6QAo0yleNJDVP$R
zqPL}UfmbZTpqyaQ?pd^$sMxbIbt~Q>O|&npoiDjLT4>+ZIoc%{2yUE!{h+IUT6|UI
zS0R($V3eLr-Bk4^{wo)=3omIp1^)#o)YTvxwEO})sV1eDZ8+9HKFJ>?S4srQrnrA6
z_5xU-NK0B>d3j{ryv^=_b$0_h@!F$LAd4cyh8Ny}R2MjWkwkkdj5XBLmX8(+D_TDG
zd;0_r9Ygf69WTl=fux*{SOXu>2Vu_xXE4w02Uc7wlBudaqso~eEeTif=v_?ernlvj
zWdmbPMJeHKHl6e!)oVOir|%3Qx70;8DY}Za=YsmDTXu+LL1#w{RG&(V2f^}ukLK2K
zABM*C<{~brFnlx17o7cQnPKhp%qeZ4A8JTEsD|V;*j73n=hO&%tFE0^tOL*<u1{1b
zSi;U(|C&AT13gxsHfyx6#XU&C12fKR)uSHFZ3i}kcYL!?HvTf~AsKN62rS0#sbU9j
zMNxf{>?ic~_ogL`mT7`e*Cm>WmTrRTncye$C`FlI5~yG_Ou{q-a2$6*X%`$!yI~f|
z9+{P=T!`-x=v95L+GM3Aj=(z*WbsysFR*;-kGH&k9ZOjfs-VLC0GsVT51c{eCF2Gb
z#E;ohgOXNtO5p%QY4UUg_YCOOG;bn1ZhH{W5=V<A4$$D8>U_?Y3vhB`w@R*DEHxC_
zw09Bh+Put0Re&qTTL{vCe4#fI7v&+O4GMY(AoSnJy@YnnFCc=m^nIMMfp8Y+QH^^C
zOnX*c0T4#DS}6tw*TG4_X%|Z~=)t`;qoER7-k0NZ+t&&C+$8dd17CH1+x_zB=qm;3
z<%{JlkMY0Ave$zUw@=%2MW=r#x4S~$p#cCZCaA}4_(KgMWUHgDMnkPJV^KphxoHZg
zV6BLi5YO-5%EcOiqG+mCrmsYEm|7jjxzf0+Ct?<G62Cd8Gz?)yOJ$P>fhN}49*Rp0
zUn_ID7O5-*kU57yLl_@Y=M=y!fa;;(P#_}ShR8+YOPgMCZU`xPh=z}xd=Zvs1;C#m
z&mr<LbYXQ^sUVG81!`W#uanC-f6d;HyxuuH((ZO@8SNQ>Wm(b`JP21<?g8I~W&X&<
zWjiNdLEz_#@{>^c<IZVC@lmMw!Tw>#Sfs&dqetMXTN=gDi^Ef~tKhw}Q)%kc)Ph7$
zxGBM6VKJ0|z#4a*IX5D#@a=GQ6)Zs&a4HI;^_^RGQdJga>lYqjVSa{BzS~$9Q_V|r
z#f_$r2M~Ie2J%DiQ^N&76i}V4-rI3>087@WEJFE=(}F{stE7nE<g<of!8HLCKM2z#
zR0Ua@WE0%^A>rF)R3tQbILLs&If>xX;T?2JNhD;s)dLI0u|x(OR>D(sXtJm2giwhH
zZs)#Zx#@8q%(0a@kn(i!0BahOrKti@DE(LS!V<Yv?OCS;bng}jC?jUDff{RCq}w7}
z^@L395jC_?I^j0em7%b(kWkHA&L+r_d@yvwRX&>z2H!q3`ETu#>#h*i0zh9v_c#Wp
zm@b0xPvPyy#HfLfmi~<^*kFg|BAGyJVR&Zvdb>geIvv8f=9H}YmcyZSUSOqNa@8U_
z5aGyx9kk2lYA;Q}>cy)R^WFyeRD0gk37ug*8V)uJZb85s(H&+iS;hMyl%ZR?0K!m8
z$t~j+snH>seA|Aw!FkOG<7tuC;jWAtdK4)(BQN?&<`P`b0K~dFRc@kpL^j}`4J<xP
z>3$;m;~$wB0#0+%yBwQZm<aj1v?ebyB8Sa46!M@u%Hlp%1h|-vi^(WSZO66kI?cY9
zU0%j%zfo(*0U(4mleEF4Qp8ulsRvY-9smrGzDs@BybX}-4Htn-gmG=#Bl1<4JI>D6
zor9CsomTq}5Epbl8K8A5TGK@1cv9#mWcwy;PN{PHPHV%joG0k>AFS;m5sKJ@vnslS
z0=K3iI3{d#TPv9I0{oE9k^wjom>IuXUteFgdDY)r!4Oijx9!1+N`dVeign2gIDCkE
zS)to87a(6mEez%%^zIuv{|Cmy&)$fvLM9eI?`A{`M0%K8B^?x`Pq0z$i7e!E2D}nh
z^7uTl(YJFpXw+G#gMED`6xjYd!jNJT_mVU9ZIepsbgm^04?tse)xEI5$s?E^Y1D>e
z!r+bFf_!xiSW{fYY4nPbd6}MJBe@7~T%l&dL2y;6)HlnigHygvl5upNIWg(VKDGgP
zeOD-4u4z6iQ)7nA)igfoSvwm}?hw5+o#n<N4PH%$v_G!gfgAcIkk?^4O?=7}noLdX
z1bH!1J4r#_hvB&=t-K2QB;O3*K#+XA?uf@_>DXzizZq8gQ)4Sa#|{hz2tEY1Va^GH
zVpIh=5wJrYfu)Msp*6ZPKk+sF4kqaSv2V3`moK^N%XpYB)E^X7r|vX;T{9<%%?>M@
z-dzT>3FlF<+?a`y(H9yUcO!WRhUyqN^IQa995|n=<^81ps5Ue1j$HhT>m`eT996*b
zH%t-NB2DZy?=-(;P^C&j4e|}g$$5kpM4-gNwfv!mEP_Ha%`3fa;$t@QpcnkZzCv!a
zDOhs*3U-Tm1wZU7)DD|>_{+Z37Dwj2eqf6jI~G&MJh6pXTWE^#Z!VC_Y30teayhNs
znO5$MJ$J{Rmj;%X2bOyS%l(0wBZb~G$3ZVil!bp4V+5K_wLuT|A9r`2?`ykTNZnV>
z>*C^T*FG)b?>$y+9PT{pGzlll81$Dm-unQb8TOw5te?RC^ZsY|%l>~4Kl}7&`_G@^
z<Jf=FiZ`#K_Imr*v9<qfN3BmcTfg3X_-WbxlelbS1^O<wo{Bn`j6Kz9P-*NbtUaM~
z&)ReM=(sb_+;cqiY(2^K(RoDB@SbJf1335I-7ygkAirBZPv;?0O8?oV_u%T%HCC0%
zIyj)zQ1On;yX4tbr~N)yMy>QbySo);Zrn(w#A=Ouv)U0k#fSO9G_I>hM)p|K{?wXh
zFwzIy2<oR_SV^ciL{Vz(k!po>5yQ1d5bvRn0hSNU4?&>Ez2jt57X{VShFxeJ#<KQk
zwC<%&6muh2wz;#zkl7IWPD2C^j^5Ddxzx+gHUH{OJxfP75t(hkt}v6%qYDgUK`pL@
z16cURO~5Lsf^~m>6f_#=NV^<`O_9Df#aK^jVhQ-I-lV;YNtQy;{d%%~z8>|bC<`i~
zaCn}^qXz6;*kIyR4ePg?Ruf2RA?#I&e`y5DAxuKS>OjTEl8zArs{RnrOB>!<UN)Ij
z7SM=h2^C(jB2uT5P*1?U#3;xxZlU^1c#}J-v&NQfg1f@p=4UrWg37o6L#d%-rY|&d
zGp>la7q<-!VWDT8--Nx&sc43#J+mDLLY0lN4`tc>0A<eL)iJz<%{I*ea&kjyWrE@w
zUo+%U`v@DK_Wf3*H3AqBQ@wbk$J&LrYNM|?nj9svTlHgC5Fx;*0G%-vqqS|MFCYoQ
z-pE-+^?EptMp<515lLK;Se1p2+3Af?<1!T*DA3x}Rs<7k+Y6Vz!!FJpF%B+E)UP$!
zoK!oB-aogyh8}=+X@FVP<j5E4dc*0$6tsbXbFk^4Ud$E7G!;vz?-zN=1+C>MML@Ww
z@fd&9%LJC|*UjQZUzBKgv`O|J0fCOKl80$OV7KHSd*u9EX*Q$7Dve3us7GBF)Ly+)
z%U-wUU{8z;2hY^|W(3hkyu+f=&{rYOL4h4>RRt%-gET`!N<^P}how;1(H=M{UhhNL
zfy*HfIp+jbP*h)(XslqTUaYpjBc2H)V=`7-!)<^eP#$eZDa<aV%X1#qa=Hvbq9CO8
za&Ndy%3-mccq+B}3dEJoCh_E^QM0NNx0EH^lHka-7zqozunE6IbDTAmi%lejH&V1}
zaDFSW_HcG+1fm7g7DpbrGRAyXTeX9V65<A_E<<xw6~$;grlHWbA=H}%jIc%CUm-BS
zpZM(iyq$-^(A4<2#`<*nsg<r{^@ePtW|A2TFKNX9h;7aO1w3{YMVvySuHHz*_#UYp
zvOdgBI!piuSyZdZ*S5dieOa@FQYfv|+ciN#J<DhBEh*`u+HTDuv4I}(oSopX6s^-Q
z8dXCu<;3GzgR<q_SEZrWOMM}G_C-_!C1p(!lA5AMW;zPgM_trh4*OWuQTFL+kdkG8
z?_~dXoq)FvtXfwe!rt=H@<3CJm-?#)Ee=J(8X7VW%aAC;(l^x7OXy)l-JGdJ+TLmE
zJeBE~4%k5ObH$=V%GA-Yk5=BLvrHrNK(N)4ryh8Ct#)KO9I+t-?zWKQ&?((pv*E^<
z-86ZluR?`w$BK??2lPQ8pbbch=1|P016w!TR$RpJb6r?Q*i+9}R|VZTqcLLlFzD$e
zx(qfW6HIUTvSBTLfQ7eSmpCz1y0H~$J}vD{x}+5jS=9!8gj|^z5X$3j!>Vq(CRM_t
z%X~R&X2ZOTO;9)2DjsLWq08{To<_J8!M_TUdc8TyF}}3-XBZ!I`DEFK*^LavtOJ#_
zfrp(auJ$U4S{OMkl(&v%-t0r>eiY@<lyOcM(^40_Ul6rZZCSifTWPs1OFMY1LSdrM
zy1Tk$gSk%InKtdT?YQe0>`756lOh!*0{8MxkT<upw~Ng2V0qK|Jy3Io&Msngf-4Gl
zb|Y`^WY12cCK9SI0JsiKy1w=m3$XqH8S)+WT2PWSJ57MfV{-K40H?BIF3lb-Hyrkv
zbqba{F_)UdZaf}Z59UHx3Bwm{WlNh-2#^?1`H=~xjQQG`3}Zd2R_1?PKHm}ijL7z}
zP?;$4tSs!!=Jwoxj&er8vB_D<QJZ&~3K=}H<P<<eONk`K(UGwUFTF+=C1C_0$YI5S
zrKQuP&;t^5e_#$NLG(+GR@}AmvML?6(Bxnyt1i);G;Kd@ztabm=Qo#U*+`v9o$I7G
z#YKm>au`<@F)o=vv3KiWn*#5#www_7x^d?YYHHOt={MmP!`vR@qB-t0?ohoAi0?V>
zfn121&T(NQ{WiSX5NupkR)2KuI(%2P)MF)oUdGobJwpA47jI!aNwA7GLT6cgti4>Y
zIp|zA!m&qBPIq>#{V^jql!e?$@g%;?SMldC?<(OM{G{(jU+)}4Ah$1fPSl?UPSR`K
zZ}8))HV!+TJ!(ammC<KTw`_r_rv|+m=NTT6@lkY(S#E6GSrT9aLuEEZ8zNdh6vZHU
zvW>OYOC2`<xO4jA*a>>eI#6fb;np=Xc%wk}v@4&};!`X>RbaIRLHPK9a7spXC+fAE
zx<RIxHS|L#wE|OnC#yyGbZ7sd{FLV7KI0g(mRT@R;w-Zb3qbgk{iekM>N-a0<5LFN
zjt7wVJWe4Je=3YHN_OQqjGf8(GYk*z?Fth0Az&E9P{i28&p>y43ER?vn|-3EjDd_d
zd72ZRTsfdR6nn85etx{^?0AT87cThKrUTUdldtL%V7$<t9=}_X@;ZVnW}k;QqQkRP
z#x0TflPeONDC$}PI}i`Yd~1PJ%HH;D@i!=<O&7C?+LPlfACe6XXHJz1TL6PWku&<y
zE7c@309er7rTT(s4916;%1Lb|WBsX4`{-4gOp8f8T9#cjs6nO#OfX@0SzS6_RVnO4
zT1``gA67<ib{G$fC_s;meNC>dXghK?ofY%q$Rx?wabBF+s~R1dnt#$*RimG)v;G-3
zdeRUtH7><k%3}l;!Meu{PpX0F=90@li$wO0p%80&_QkII0>>ry8V=&D8QCc5<3?kC
zjULw64b`Y-;2|J+)%dTSal+XxM`S{hf7Rd-oyo1VVDEWl_xYmzAG^{InhGa`@x9g7
z>e-ffDOd_DqnHZ(>#-HG3iOL*P$w;WlCGy1kx*@;IMPAq=nBjcwOr)yOXP<h)Umha
zl%~;sEKi=kJ{bAX;N&xeR((Dwobg*RZl*x@*095ne}1Qo?kEI6`$(%aP2pV59Ir>4
zHbt-EWhtxKhED_gh=@pUwOv{UZX38Vlxu7{uxdV{w`#eEzk|F(Vie^pOd>7i(azrE
zqoV_fj=a;f&p<S9kPwc{P5e9y`?*t0Rs4g4=P@8C1V&Y>3xCwFGZ`<*gFg8A*nsiq
z^b8B2(DBvT^1@?L(0uXy>z#v5@A-*-UIL8X@P<WPte2+;M~{Qu@QYGEASSXQ=w0aV
z^|xm)7b9=j?!l8%lZMo<wmcGp5&5_Ag#hznUHQqRB%E|!?HI1Eq21z5rgI_X3$M}X
zlcVE<qod~`Bz?4PT)IprSqhsHg0LbJQcN;?z1MJZExAx>uj=vUV~n|{j&=^_Dr;$g
zJpzEWOH?5q43vl)0f&hZl;bmSHGxfnH#3V)TF<%s`1x_iJTA@QzF1lCsLB+BG|8st
z7lMp%Q%+{?nMa7$qfIfP4eWW4nkhkg4q$o{Px|<b)5{{=dPR)T@)sfCeT+HMjyq3{
zi0d9r+ssBu0-%bmDw<#t*@D97R)oh&CIN}Xqef?1=i?uw7S?A@VlsQs^t5&f*dHY*
zth@e2wvS#Z5lE@Gx+m&^*-@}lqqFMKz^jMdTMKP}z~(u)%%qkO`c}xy0-)r1G>p#X
z!03!vkeQ&LLkc}Xb4I(-YINqohO_NNlsagk9(NCpPF@^${LQ5fjArz`&(TW$aV+{)
zrI}S4E5c95jb9fw1Qx91<WM^Ko}9tHhh3#gt8Z2?p^p(hTCVgV7!1|Z_b(kDOUo85
z<~#IJ3Os{-`t0cIP7q;Blz?m>z!Y7bd0)6pByD{hyvSm`oS+&nS>{9y<2;%6vo#^R
zEq=(5il}_VROyoTPv}cS(JY65jpl2tB<gBgDh-me5=~fy4%~iw7~M%J2dFjk)T<9v
z;U!A^znEfH5$w+S0d&}Tpaug9+vx4P=~B@T(o<LULMj>8oJngR2t<WUkEW4~^C(rA
zG`%J(UfsNt?+ca(R4F}J^T^@PfIVa7O0V(Kja!$K^1M_CVD6in*1o7!4(%K*J?2{(
z^94@t^*GDtX6P=PB%7%UyFR-32-*-E`z;_>z6F`pNmLs1db$yMv{Gs5HEx=@LGXgH
z^l#(wyM|o>n<?_9;d-hUi!{)n?LfN}PHwOWUK}Lm;y}2ZYuz^<y=LppRH24s1Mj>z
z_q7tl(T%dRcobn?1>e(6TrfG9dF}`f8n_N#o=e)U0Y!b)sz@e~c7M=89hH9R>xsx`
z54Z^u-_A&Ui<iqxz~_oP5x8uvvw2JCd*m}6f64?Dz}dn%cuTPm!vOo!d+jN-*mL!!
zydE0LuQl4f4geU#t5(AIX+Q>rK}<tn)G@9q2cnkQ+;V)Ot)IlhZ>KNe?j0$RKThpE
zwy3!IBY^4>Y^=+$THqMN>uG&+JIxa%#%QEqyMStf`>uW+2#XS715_3kw`j>MjG>7m
zRos*D>mW-;c|h37KoxKy@I5_%M%NX(tDn>Kb(*~~3hbegOZ=+j4H6*W%mDa=`=y?Z
zL)&!H=N+<(3cb_Pmc6qJmSW-8nR$7y3pyjB&iO}b<?^$ShJyv#ePrkGWIuWn-vB)#
ziTBM#0$$CK%nV}}OvE(;<Sf(4Tg6q<Fb7T)P5DFka{4tHUS@<XWEL^DcM8$AvFF^1
zfX7E<$rKAb)@EF=1aukMa4yK)Fg7|j$Wx3KkItQ8%Mddn7p1l0FkrK)O+Vx-HfcM>
z-Y8~UfiZ_N!W)O(0vCIT3!y<(M?30fl&O>Qi)!Y@MFy^84Ei%`&kq4D*{rC#H9ZRe
zCydBMf_U1UOj8r$vKAL$Y>gS_KFQ(#+FM<HsmJgD$z&topba(?&@>?`+RZJwQMhOJ
zWgEvx&s5)CTXN72t}dfi%Y18FE>AEEV~AmaBH$PUo61{wuNc1;7zKld9%?*}RQ*>g
z4H8psFMxsLR_O_knSTRt^pdHDzU~$o2Ooi|cj0xzShygF$8DIHc8|l@EjlZ^B9(6@
znGQS=m={EuR%O9gEW#<M(@1S{3O4;#3M$#8pG@9sg3eZIRqZ9U2&K(bv@1)uEy*rg
z-?m=@Xo|M_vH+?>Uhf#9fV{~J7D6cJqIC-#){T6^xm`b@7Sw<3Mwwzs1KqgapJ&T<
znV(l#-}lVHTM}o~s>4|c2b?wIGI6=A5%Ejbh4uRiZAQsv*l{p2`S`4$BaAV(G>EJP
zGj!9`jF{*6V$9J?*38^UAn?a0{Y?TZH4L3MBLL0TlAl}sDY^Kom%*q)kYQl$kt%{l
zdeZjI#`Z`f!g92El+1*ICD9t)3S8~beLj(Sq}u#a$Z#J!)^YlM0|vd<1y%MN9YLUT
ze60R&ZIi7Rgtk$Wo)1>kh$rV$%&no_w8~YXN;5Kp<IL^(g~u?JtluIUrVeXm8f)9Q
zb7*-oEUc|zaAL<V4ojp{@2puHVQ^VAqxJQ5TF0xni<h!$#z-sGZ}7)2>hPc$slsF*
zPaBLwdk|_}3EaX)p$d_G)k>1~u?>3+XmrxH-+yV(`@fFQy!a0vA_4TA{Lk%;2d#4c
zuLnQJfA}dr<@gU582{luMSs|MaIgIk^FKe>Y;BaIKkQ7ehofOUxe+exs3`HmLV)?%
zbhKb}2$L9^!aH2}@g6RgmV!|ftnndv|AV4z+_+Q69PsMsYl0ONgafLN+3c`^l-EfY
zj0fTX?G@|w`k-N*S-?8Yc>tDC5ZO&MQ1T+bQ)ky~?QrgUST~lI0yz?IAqUM<pSmAc
zXkv*p)c@^x^>7=vV5M(2i!xstNVRz@PWN4)Ske7Eo`>NkDwv?)bZ6W^RF@AM*lzut
zX7hiI&y4dw`yj!eKAIc<>A|P1&;0Yh)oT5G{{Ivo=lst&_|yGg!Ri0$J@`MK{`WuK
zY&|HS{wJt81oZ?+wGj~zaK*|7Ah+H=7F1Gve>r}~#Gl#i<3PP@h^KS^!DZqHW4c8Y
zsBt{WlgW=78fu#MrvTVMyeRSD55tTjNWH%sQwPqiwMo)b@~q?z-`96(iHuqSgFtQs
zb9>N=p^X&<cFsw~4XDWOe(AZwD$ZU~db~28Bv-?XTnW*&Pd!yFMQB`hm5t(Jh#@zO
z%OOQ5$8#MIThPmI2|0KVJeBdiLV{3;9QBUw`-y$ZM*TwTul0p27jfJ(Snz(<d1mji
zR8MqAO1c4R3WekoaMu<gKUFoTd?HLcy!$A(8}<Kp>83`28Tz`H+JfDl{Pys4=bO#a
z^WztX&Ty<gL=UE<N}&Ph5XTVlid0?^6f<{wflE1VX`7oarT@W&W>rxabwynYnNpD^
zgB8>er;G}N1skgW>FR|-vsmA?wW#yW>G4h%z1K`s3|4tTi7rJK0*>z4&Npybbz*{L
zq3Y{RoTDR=+Ixdh_T~$z{~M;$Jdv@5Pz6~IFT^TIEUh3AeeQS2R`$^=MP0Jxa%ZeK
zQt%y(vfl1KE007IR_o_Mc1C<D+JppL8o6|8-C8nHzO-_cucv4&o^*SoEY~+Oc>BUi
zFL-QYkB@=*Rdl6CzQwswyE~g3nxXNC=4b@zF5Q>1n~Qn^P<X=u$@m7Wgh4j!nAJ&c
z*eBWK?=HvYO6#pdb5K7wgWC9dQ*2Aq7x4%Ykz9DWCLsf^-07FcN58R(QEFprsT4Wl
zK(u0`rs<Jb?0Tvuy!L1ur^BALI<e~yJ-L+vPPp(9?U<)TTas%9)y_Bjr`;zz`v)(M
zI|Aug5ZZ%G4@y)6%{Hd~^r841S7Oj4^jw+t8&!wN2yG`v->(aId3vBv8Nx~pJL9CG
z=p`fs5i~QI5YD+Pf0ufo#W?;g#=IYWPtt3BWzfK+5fnqYQN|lF4xMBGQ4k1SsBfJ}
zPtON&?tKmB+{h-1BKN|Z-Do&QeSBZOK7k27-9181OD)TIOVaMTIS*_DtA@^+D{M4j
zRZl?-MiY{)NIl|^T=;!k{j>JyymzslCf5aBMxFPv_Vh|sR#<lhow*O@^y$+q@XY_*
z1iI@Dt?4UYr&CypdGm>EY$Yy_-{)0eGGko%XH<CWP}lmwoE}^P#pggJVORK%KArLk
z)hvFr?F@umGvg5+m)p839#gCG@bs>T-}3}kEj`oIxKcRB`O~>#(`lk<#-}k^??>Cq
zwkacDb=kmO|6b+U(N(J5FU<Q8+$(^+yFVAwc0;Mg0;g%^q`3@Do0yWOZrWNOnOQU2
zVis#loZp58!67gbxhJ|hkGtgn7NX%b&7@f%oU0SD8r|%HnDXwke#LCTJ%#v3xKzVD
zN>cDqk;#Z$oW@joD^4^1-E+BugAc11PED{wc5PrP{$e^OdL>(k;bxgN<NOllKD5NL
z&Ah^N6Ucgu9nG8uArAN%BeUnZcO_3trpHz@`~{yztE+rx?k+a4TcJ?2$N~Xd*EF}^
zmNS>xs!SACk)`VHU59hiWO-an`oqDXOQOVf1R;jylG^Yjwq$SE4Hss@Zf|Fu#5I^K
z0mlyv8T>U*-55*o$HJX!keNPYxC5&;Fx6+MtLi4sC&>*uT+9~Opi!WFX+RL4LB8Cf
zxsnzU9Bo_kMG9IfN*1R<0FDIvha9SdB)1d;`dkjv;pOy_vku`F;odFSY<!+orzHzb
zOZ#;dvD=Z@+ORv4M|V@$;-xqx#^acmaVZa&$ClPt5N9|qkyu}+l(b-Sa4k5f)>e7`
zzR?0<niESXP|C)969k785^?|gsai<#4JieibNvqD9>_}~?WI1R)4}i>tD{-3iMIl;
zIj-DA5uXYBJn9?Jr5UNZ6o!z4no%!G1l6r>DKfxaFR@0ziw~rjs4cijj5wxWopgfF
zp6{HpBTa*M`gl(4mLCuez&NN_C(9spOs(a`jhY12a^&k&J%jj1G~_igWHj(Z3oy`I
zDQ0pK8&i*5B9b=NpA{j-V9ze?r>DCHr5La>W*-bnSa@K{%;=SBciGKOC*$)$9g4@t
z)+I%0%xb<_s2Q!IX{T(mA*1)f@D%c_I*~sSYO9f^6FRa6dFv;rP(n-e=vBHb%wkeE
zJ|LJWnI1ygskGK;uoWhZ26}DqHsJd%Vek(~7$Mpw=v8Q<ahPZyI1nl);)K!CODjGq
z;+pkX9R(W9ayBQ~x<V4F?pAcx$RL-H8Up4*kYfu6v8o{~cZ_`VcFCBM(ZU)4*ns>1
zU(uN#auGViA|(np%oPVxBy~UyB{ES%4gZ8EeNBlh6_Xo~PfnkO@1xNWN|+~V5u&)%
zCWnv_=<@7_6*m-`{`46dgEuS%LNU^w+fZ!cAKS(vtZWZfTsDNkqGO{;JyKR|tgYaD
z1hIbLC_x=F9xOJ|UR*@4pwhBf__4s5v0|z)bh9F{YYlhZ!BL3)d^{7d3R^dvsJ0~2
z+6p}OAXgm+lE`%eK(oVhJ2N$P%}ks}<P5>qc&OYkmT77q*~9}<(LiCSF@L$f$x&lh
z+yi8B`c9RrGiO2a8p#A0tr6K{D7A^@@B+Ml5l=`wf&dqos?pa*T9#E&1!gQ84XGM}
zU^*rMZ3yL9nqVh<)=P@$!U1dwBMw^;D)8}|o3t1uvqfG(vmq=>ikKGw_E);<vRo5F
zrkQx%gA|5$o!EqHk48pjt4_ax^Mb&_6m2#TZeKwZ&1@mufXp=JYj*U0%pvFwYj9mp
zKGn;(lC2yELq*NTeZxL~ERS9hRFPRCq2gvLj_s~SCYCA7K5!m9ia6Z0WP_}um|@TY
zr5r^jN?$k-<_LUCPi8-u>5{xS9ZN(Y*X$s9>@K^<v;&(l`qlR#8BX3%J0BDn%<k6S
zFK?n(37q%KF2yhrERDL#My$6ADWU$d2;;~J7RC}cO2^cELBXOw`yc6OVDY2?$r>GR
z<gl#=l?{BQ9&5S*dJ+D*Wf?K82SQ?x(U6RPO<p*0lFd;r2T9Y`RisRAGK%;)>9r2t
zPEp4%CD}&-NO2<3@|fsTJc7)tH+aG%z@a34@AgNF<yz7MSroczM#BHw_Ga9_NYO<d
zIe5cI#q-@`)tr0vK<3{A@~pLa4V$h-bBNO5#`&NU>U*O1ECLlocvII9q1y_`bC7-}
zw$4GTTOve2mQF!SxB?mva{hzsp58j#cQl+>D=c-%bEPD4v&v6rvbX`U!VTwOaqPGI
zorAqCL4f5{6r*0UqfZS|+eUUR9S=y`(8Pp{MoY3bvl$=+93#AGhYEh8e1wa_jCM+D
zo5jdgF3WM})U1lkqr+@c@N{Pwaw1!;r_jU?xK!g}fGQ23bLQ67PpvZ(X;`CWMkoY`
z((akKK2T=q7KArFo=|vkXyZ)`q^?QY4xgM<Zw8})6FuNjZ84y<giAJXGkVA3EOW8r
z%}pL~#bpVyl@~hF6vC8-&h_OkK9F}uc;}%VJLOHGjj7|Dg0_n01)W;DAXe1!wI(L$
zdPU@ZJOW#BA?2#3X~0UrMK2$d37Vnzxj7#p15{c3Rh^LRYpS4P$Y7|dWwQ*+gA^<3
z+Y6&Y+p<VjXGpF&p-^bv8wv>q2GmZl6zj$drch`%C-V5zcOeU}+ER`6=oAvT2W2KW
z;M8)WWg4^sC9P5hm}`tW%DY?v0gdk{zHA{{#mc|ANKzfysEKiupom_aa$|<aQA2>o
znQ9%d4%#xq)flLHxEFa^`nj^yv6Q7?H=$&vEh-*u+lvHk`XUb@V|h_3XDNzz<FFfr
z?i@tGD!2Q(+b(3Xai2VTbidJXPQBorim+0$7c&4^8V$X1bBqa*)XLo!U~1097>N)g
zLHdmTs2rMz6WN!2zwE4u?v#{`0n43fIS_$sH6cjs&g7g0l{!8(rVF!tB!y{-aQZ`}
z1TvCM6>cVSo|eC1wSm4q)RY8<VRE$z9-#zmT^L>OocKo{8@M}%e}Fwj5TP$3c*z){
z37L?<pq<%5m&lL^ImEFuVd2%ucSqg6>SdRgpa#H>1gk?@$6<aEVZ?yRbPOcRhLBMw
z$SV$*u<RVldW0f4!b%;ONO1^IYzQ~zf)RYpXW<rfWCp`x*;TTfm|i7L^#^+UQBr`q
zVSRmFhV(cP?6DE6Q1zJ_!xX&VQ@wy5=2C63p=!&Iw<yGO!%ilB_m*fg0udV&lL|Yh
zr28m^>6u}<#$K4tmYsFk)+lASp{?1S>yBdllzs5%p?IdC2kgkImF@5h+6XBgOMJaf
zI%!Ni!>K~TWW^{uLODS^rr#wTAIq)e9v-&DhP#y=0OFy+7lS;wzLJA2{Rtf)l%hi{
z(yiK0vve(==3tkYlsaPc7<Q*>OQPjC)xw(}qsVc|iZL)`rpi4zDX6`nE+H#9=B}m?
zD#D6CrZ-BlVWG){2<K<$PuNb7O+48lI-Y<o6Z8yGoJX$!(942S&N9e!u0efySQ2OA
z{`5%9sAeIpu!t)mEK&0izB+1Rcge64u9z-VjmU->(P&!cX+&TH8cy7sWO)uc;F$El
z_jcFtxIcsFGV$c5rnz0`W(pQnO9`y#Lj=$|k5L9;V-v70F=BxMq~2w-0J+xkWwQ{I
z$TpbB?=VAA_Sv&?aW?9AkuKRs$sj~1rYU4MR$B@awLv{=xoZLKD)FIlWK7_Y0{sr#
zaqxm65@R8AbI+}r-{tnKy|3Myyd3sbGFWI=5|pO1wxNlQkoC}vr0<19V9WQiB8mZP
zH8sMbnjIN#VNgAL2kZ9q4z?>}mq~1IJ6c*3TBefH%sbCKLDs$AFa@LyhP$#<q}rDI
zt-pw3wJXR8%Z8Ky2v`VfnasXIOV-8Z<T*a#b?wJRi~;HfT`J0?@^|}3(aIm7zh~qn
zgU&J>-j*JagsI38CI>@-4~`&x?^{lb3r;VR``2C0=Kqb62;bxsh|}JMnKw7O?g2T$
ze_=!hom4_~{X0c4v)A#3Iw-(|;t!gR`i2q(B(kd82*)S;PY-uaUmSP7-FOL?imJ+s
zE_qHxoAB$mJi!LvFa6=RUd!GG!WvQ_lrblkGgoi8u@pOX!21O)b_Nt;w;Az;`#Ink
zrwSTTI^^w$;AylcU?mWJZt4nq4#o8s!*~QbYqLvD^gXSS#%A$p{_XIk7#KcdK!($A
z^+shL(53SltHWqRDBCO{o@0Ek5n-%xz*6?{`XAJI|FEULa3nCD%^7h7rcaoU23q5F
z_z~cG#zwH<)rZ2(pvhk;UJQ0Lm?TNKqrlex$^AcP`u~22;2$5&jsJ1~;e&@||KIk{
z{=YxP$MgTC;2)oH@Q+{JYd?rupKi7uZa(<+kL3PqgMDO9q>s!G^AYr@%>!<-#*Ni9
zR=Uzl8+X2A=BQ4TrQw?2uSMcH--^}K#tMWHX}~>SHmI{%KUt<kp2;~f@`@GuPOE?B
z7^H+P!pnXL5Sc+5$7tFb{ZO7IDD|{O*4A5FP13G$<IWuegZjAP&YYYJWONhB45knw
zMVnbQN|3}1-=GI|I!4}XcCSW2_WH%DDOR-_LZ@Hr8NfX+vC0kfHK=iOjCvIQ=`Kip
zcjwN=9dk4SzZH{46cY$ZMXFbI_s*RbRO}DkD!Ww`P%669hB{aVi)hu6_Hzc~G1yC%
z{WEUVO=j075Fqp>dL=~wWci>jY%65G>MPI5_@jz5+gd8e2YL4cIuyy|b_V)^a3!}l
z#i}00!Z#4%alEs9TJ>>6!LryI9>t<Jm|-w1<RCP&YPDz0%-VCDa<)RzkQVT64Z`Tw
zew`J)zmq?|4WaYb97Cs?|HIqG4-x@pHviXZZETd{zdUGv`ZNFcQ+y=<M=OpTV5=Py
z57=toYqyaH{PpI;PZtXSr`})2>2N$9!7jmop>Q1KbhE+=pxXzBDf;R_bA!G>pSKVD
z@&O~d82(dzj1EJ~$h$n(Fp(T3m+Ba2Ul{F-Y1ANE;bERM$rJMuX)kKY6phtA)Ty~f
z!|FQJIZ6sUHns0@oYqsIZKwN3l)JYFW>mv`SGyMB?<57E=EVF?jaooz>A6cG$g=Hr
z2@VH8Ivfr@031dPhYj=Fg~Mn*9N4CWo`9`WPpD7m=}Y19<bv(RSaH%8Xjm)c@X6(-
zSEQkMrf=QwdG)-fS9;=@umKBBugHD<E_|7;<K$SOW9(qCj9lgERe8K>_w@q<)+gdf
z@ptSaM)^8)3CthDS|sbqzcR*92M5wC-%fnIC4nHo4%OIkA1<`eQzBJUFS6+sylkLv
z{-bR<9N*vS3R(cY9798x1K`_jTbu6AF*1Kl_r>`*BPBQEiMVE`=+1C=RX?|D0?A;t
zp~kSlJ47d`6xr&zE;A6~R$CGP%J-yKrp=3FO%4@%iQohsV{%<+opcrc*i?EjwN33S
z7Nf-~q%Fj*04s`uuXqTfG(y3J9U7P+8q(m;9dtto@+|>}<e|hMqoEQ^;Q;V##-Sow
zF>b5ncY<aN3te0tGh@tnAYHQvlf)L#!<ep*Fcby==3M=}0&TIjBt^Gx*gxF-D|)?5
zA*alUpbZ|CX<}VJ-0})JT@u=sE16dUDXSWRqJZXdHgZhxKD2G6#(tW@EP3OaEmaC!
z^xi|50SNn3W3@=OQw?{&E2j(BHT(%`V1v}jn=))t!qJainkY9ZkR-E71ppDdN>jj8
z?soXN-(WZxr$twQ2PQcVn+Mv_(?!}my6O<bY9edxat&#9XeLqxLo{WvF!i)VJ1cKA
z*SUF^pN&9olr=QYl;Ldd+wADJ&F&8%2o#g(Q6jX`3Qr)yOz=Z-$JpCnWqwR{rl`~x
zb7)5P#Kg*>GuF5Rgy<he@RFuhbeNY1jwH$^Rf223^WG%O3Kt~S?wqgOG>d_pd5Fc}
zas%&#z{k}b#y~R|&ySBzkI2<<?a^z&@C-Nyx#qIe?{WF{SiHsnd!-WmbVEGSF`2!`
zf@9N<;TlZ*6eUD2#sy21w7%H(nRFu(kHu)bp+gjvcp{s%Pef5@fF0LmQN?tI-%u)s
zGH*Eu(ZayG8@K*}q5eduFli88f6-zz<r*|){wR$Y<$7aNX>9tbF8$h+e(i+L2^Q9X
zZu)qD(#4E=1oWo2EKPl{c#!qJ=9mq^`WkDRKBB21pJ13ye~MVK5n7H4>B!1J!fu7o
ztggj2xTbdGKv!OynNi3UoLm9N9lDZ*(cq9|EuI4@4i2;rN4i#AP&Px8#~QO;gIN9w
z{#`~Feyt5B7gw}DKjx&mcm}bpCGwtV<sg;IBR|!m7w3Aw8f19gr9cZ!&g|&f9yr(I
zpL<&q?1Bx3d^>!(j>g510GhH63r~BL3m`MJTOmpN*rjG0EJW1oucTZc$7<88qFt+a
zLl${vDQ&hfh<D(2t^OKIf|+UN3MZ@BUs?_I^XD)0nWO*xAQk}g@_)3-`9B`q|M~v^
zC;620zhnXM;N8=Id_e85u?;{y?}exLt+Wpi7tW53)JX-xm-xGU%r+qE+;`QdWvL=_
zCM$K-?pn*e=5{oap<WN(uUExe$bQA0)dC#8yeWG>mG#V)Zl&~<EiIr2tt!5d8ZvY(
zxqy@%t~Q^YuC6zq@2jpmN1Y)n-im`VSKtm4wYZrhb6aSn@^k)>e*>TD^Z)z<-Tuxy
z{~vtT`mCJ)W8>k^=l@Ufk>~%pzWp`%KOUk1;DgQk4>mUfm%mTr$r;4f-_1rN3=O;J
zu|6x2$N4+l=>F7+JVIuNx6ICAXZ&>c<h1h~vS;3DZL}Xu<%{2RI?tc&d~@f)hW~W;
z=;TzD7muIpAMPBeR`|_^=mO#pz`aa<$KG51L;Y-6z>E6hgPq;49`Bzv{`i|O_fI?O
z+lgdnF5}mH2X)@OCd0|7UcYWoP;7JEV_Po0ylV&0i2mqa49TAGS^FH+EUF`n1K(DI
z%>4$N5e{@ijg-H(VECpTR5ZKosAkHon28JC4ObBg)N^+TxvE^`S969Sj5Bi##-RAN
zetp`wa|dibaTL>rz9ef#dd>En@xxoE@~Eq)P+i&f{8i_-zv=9JWe#P%&ivfz>g%0@
z7adVrmo?A1ZD(xke$a%p;1OpXOY>n~Bx&!ap0U|0sp5M?8(<%>>R$%|JnvCE8Qg-R
zQP~YNP8&|OF5YiNZ`~1?LJ*;Ydvfndiw0We-nkQKITD4iX}kPM0ltR$MK<ay<Wz`$
zzV_(pu6YK^H}ym<<?vFGfO~42HKG-`$~*6k<7u8WN-ptmU6G`Pl9B3%m@XzQU9dqM
zxO6zGpM!=!W$T49_|9J^H)Pj}>N_=5%$&@RS^2)#+1XPIt;6Dg+oXEGrSDDXuDI;D
z@4`q;(!D}z%A20j_zmoFeLr^YU-;HZ?`yh0&}nWm+K)w1N_2C2a(cXf_|)cnu^#oM
zv@xeIPCCbXJEuFgG)oqjcsUEP`Blei<0NW2@J1`zU`TC!EkzKUq6-y-y+{?`KfxmI
zJ^rN{t&2{Vg}Lr=U)Zjb)LseAoC;i}+j&T156&@=IeqD^=-oQmtIX}tRVGS1uB|};
z6nJ@Q?nf+0u#|6d5T1@UvavIQS@cE-livDy4=<|l0v!fm)`fn;m7;!Boi*t6bm#Fw
z$L-+)JNQ7&e|fC-l-qvsAv?hPGPnKldpEBLT09*Un{uCSut%c5{Q;4R%V}xX)2<XL
zHfSiSC~Oi<q^5fF_A`5B3iq})Ylg*G%SwQQDtma}fGN8^)l`$CWKehkGM?^Agez0@
zsn&SwEAA;=F5AJ1nd|sN>`G1>zPN}%F9A08bnwPH><%u$D{cmD>oI0%L2OJ8!7LTD
zsFi@OLk)GF<rB9D!%_UFzSWcVP;91h8LJl272ewN*kW*(EbjR0@Ea{=8v2S~UR!)@
zs5X>SY}p@asOqoeT!?~U5p$Q0!+}R)f!TB>T`r=t43bb$q-^!=(z#Q|IAV%ZEbvN6
zv@WPKM&*6Fi(x<Hup^H#l4FwtC@-TyozT$5rV)W!E-_#Sg~Q3!K%L;Jw83b(R=05h
z5dqvG%^x(EAph3DsO&ZWD|o%EV=g6WA0x9Etd#ftw7wSgEf}daRT9!!T#kzy_XH3%
zywUIj89f|A3-yMR-gKnIXSaLDcp@q{WjiX*HwwPh{a24wzj_<G_u{201w|<)u{zHb
zBZb^Tndi}g>I32J-zajc_$s|w^&_&y&_<+A9O_F>rG){s1-8?!a;cf~9x7du#ltyo
z9j^#(m}f_O9m6<cdBuwXXGtOrK5B?dNy-!#<FK)P8@$iV4g9Tp7n3?ge4!?q(emqM
zOH#H>6+QQgN>`;yFi_o>B0HuHF-Riy_)6gFg|RZcyB+<5mTQz`X`~htgdkDa3G!R0
z@*f?cRgdKJ&m$oyMS*}t@>91nR}~$p$!zZn_auiJTb9N^ST`6Zc$;B_wx_$85ZaEI
z>j(p@3!Wbo%QFnk&t{PE7z`mN;Jp?w0&-!l@I%0y_ex8n(8qE;XuZ@3F6gctZ6SE+
zO&~peJ~({oT~z~1e>;3>0wQ4W4Ao4ka04c@<TS(Gv9tt0qjJqiq!F>QlaPTLI<}7%
zg8;9B(iP3I^vZA;Mry04u2~<_%?Mr%t)ILf8`K!RnGUq*CK>dPc_A7u#B|wGQC<wU
zFpoTV-yhms(t2YDV}edz6LSw9s%Sf_B#yJB2hyw}4~p>u2JJ#2mXZc&l@y{ub#u1|
zJ5@=<5KAV(ARl-_^eIY(WivIo<qMM%xphsDEV%`iL7O-=q=v>mwMHG=(xl_Hh<AX2
zgg6(3SvVI}!TLy}X`nSN3TYD%+pIRigDaI>nj#8QA!wLa)SZGXpf^aM_i?$~G|4e2
z2*Aznb}agH4;TG%Mqg}DQtlD2h1QHcOK83UW0c^uD~wi%M-SqSxiBkXjtCz@$m7l!
z!dReNi#Z?Z3B{<V!E0=D;X&n6Z{-a*;9&7%X81@&O>ij*cR@5n?}B<z^bO&4vaREM
zkQF0u`tn>=iAH!Xqj#B$-?)hfQXx)SCv?E2ilD}q@wMIOJ&c28w8&K{q`V9|uX;nY
zDx2z%v}ht%YDx7Za{cLW^$;&owLxA6P9qB>RIARQ#>x;KlN#)-ifr1uur3X`?dHLX
zp7`f7m7O}5+bfTEPWE@ZyZc?Z7;xU3h+mc2Ebg@%Ivza|<>5JJuQP1LLg_K|;8rQ_
zfF5%$hir^r@7`sMX|L32>=?8FhrcSK7&N?!<=F&7A-wmLOsh0}FGQk4XV^WtL}dgT
zk7O{@OuZUj0)YHb(C$%P)JN=?HpHAXCJdd;3OXuf1s#>Mf=Uu$gSL+XLEF)gP<3V!
z2Q;{Ekrcoj0a;`l*@`k%iANY^I@f?RpUj?<SbQ6yU<*qxGAip4hWZEr=NOdgH9%J*
zRB{pZX-2TGV9O0LrXA`a9sAK&zn{iwF)VJDO(Xqv!GessAgu#;9G|N-M4C5G;gz|%
zH%H~o>TH~tt2|v=NWtxCEw!x4irx#M=e6oSBS}c!(2-(MG-R(b5^EK2=7~>{ydcxc
z-T-$%h`-lKG6vYX`feSfh^>!M9#!<fwSkIO9I+r;oh>qP<wHzLz2eIOi|CNWanImF
zjdB@YboRO+^SB8*);!(3!yx!3)}ve4SbIj+qq3Fte0{SZJB3D%B8(qJ2|<dBvKm?8
z|1k9`<1<I0?4XDTJ0hkEa>a!YIbK~e=peelsO-@(2VVrvn5?q84La`@Qmc#1L0ZFJ
z2H>~^KPj`ojK>udCg&JCS?L*}MmrXsD~s(9?I>X@j~A?I;XKw3H>=S?HNj`XRx@5K
zi*?IB6QVvF)Gs({<2PYjFubZ*;EIb4y&M}Qo|M(=hVo<7lpx{fl12s3ItfM(C3%Cg
z*EvDhvz7b4lqcCKraikZL=67~qF27TNKii>!@Vp-`zO({2a$ZNDhO^rpcU57ksV2N
zn5AptMwrh=c{fK|3aXD)@lb`r`FcbUhH$MH3ac@kF2Q%X32LNrD@B&A!wC<KkXE02
z+=P>dm2*5GxVzz)#dwy0>VFH_0|;>os#<7;6a+>c-n3<b30Dxwo6*^{K*m`;py7#A
z93`b(L#ghnSjp>0y+@_W4_cAs8zD3tT+w<UR+GYOA{jzloy2cA>NQy-5F<*!1gKSj
z5tq&p3^aP0-vMI?9V8t`rD4Z+>o6Hs-8uFp){?^Erbz#37Racr40aG^_=*~=#!7L^
z3^C8ko5Hw&mKYa(nBr0dRfbZ1$5t^H)~v-*q6Q+y2dW5#t<>(#Y1`f_m6eY;GmTbo
zX(ZH`_8Nk1Gzc5(3jH>i^`brfM(r>Ie1`!mamP}{=y;;aD~+JyG(7ql%2SbiQ0hJb
zr^q!ZU9(Eg8*kWRx(W~51yzOw5_EH@U!Ln18;yp9shqaaU6v>B#p<7>k44iOL})Js
zt%TdiXP(Pi3oxq=1b8ahy)3}mGw0!2i0k{#F_92)VIN|3eJgQY8yVfI>TEnx_H{O<
zBULq77#TqxUG1%?#gNK60X~&?wP8_F9}k%2Jb8-wyX<YYK}^*|2m7bzdKATl7PR0q
z!;-=`8lsLAr7jfLohR1A&i8H1$isrq0PHhIa=JjLW$UAg*5wuP%(my*Zdh}*HwwAl
zK=N3?YYME0&-Bmcvz>3c2QQv=o(aP=VOd}bSEKz3W_Lj08Iv*lGP1sXt+sD~g8;8!
zAsf~<F%mK^NVUNNU=DW5S(=3Xg1uEPOrm>6Ng}~GHP40#(r(A7jKh2aHe0n1$LKEO
z9or_@FbMW|5kue$#s4$12DH&#GiRGXv=rmT4UnMC=8Q##KEeE+!1nVSvilTf2Ew)m
zThQh;uhHxe-$iwF*2Ro)H$4#M-_<lCnZO2MvxLxm0@JZbux$)YPs%fyVGf~J9$HXr
zIRra6?={4gHfPKR2P259pcWh+!m9eV4pg_?6Q{q%ge}yVsmDhI>P8X320ntL8<!P}
zsP{T4>%!+52AN#GC?=z}8bzdwIKQx3<a0scK+^|4V`{^yU3b6TjPzSnqCRL?J*|A9
zHW%iFJXYrbC~Q~SMlE{+=~q+{q{Xr=t&lZZCM7JOUREc0bBE4R=FO-_5E~m_a%^m{
zZ^Fpfq;ZElm5*OMdD1ynV`02Af$Fgzvz{!qaoEX-W55TSz8AF(2l_jnn261NuH&)W
z5SAfM;pwiQgM9JWR#}z(3(oL7DLe$mIle$cmlbXAqNEXhh@e*0OLxwg!~79dqHrnF
zh>cbu<Bg=P<j6!QwgWIwb}VjmlnIkNrNU^3pG>c8OeE(C0i$Hr#^Wae3Dv!?{IDj0
zYFc~c5JCbG=76_mXLb-Jn=>O3UiwCJBC$sd!j7NMBhsfN#Q&s;3Bz$J;boH8(2`^}
zj?jgLv+VY#xXqvLma=w7UbCu^_6h($E8-ChkCU{-jHs&ZWNfbUWXg6OrXP~F>z7k6
zi2rJfVPymJU?SOVv5hFAu9E|`-Q@g1q0|}ig_|0ZW?VHnfTdgBzU9n#elkV%p946Q
zZngL1E{?Wp12ZE+T%+C+I54PTG8ov#Ff524gm)e>Fqge*wjBS5&gN~)K16>E9FY1v
zR|hEO%tXNwC(N6b;TYm(%vot|8zPe(Leh0{EsTMYII=t7BeZ65DcA`%1IH8H4u=el
zFU#Hq!RQ=xX?^(OS@(43=?M+X@LsU}3+Tf)xYy6OjHxf&^T6Bz!6Q%60Wb00trpO#
zi!~kel<49y8*b?*<<YuAkmlE@b3R+o5__Yiehgq6Ks^~E&%bGOn{JdYBPYqZS~ew4
zAJ~_d1vBL6&VoK}FzekDqw)-;e1w{05m2$NPG~Y*TXJV8$IOFxav!@9`KB^V925#%
zg1&crI<3f|+YTGVtP!+mvz``Z)*vpjOZEL$=*0ZXv`^a)c`6|1hIP_9K#uut)P9E3
zqD6pQPH|55TT<ewU&c3Qiql75AVLV<#d7g@>F>!aSk^B0;wfl6&TgVN6QEOP@nkXt
z4R(sDf|g}7%v(rhyKR}rX*JrpIm~%OY4gb7=5d83*WJs*_eOcM9T@rv1Yw%uWwI0m
z?G~`*&J;k=^gHJ9)^U$F7MLZ@h$upNlFl_;1@#EDPB;>62Ye5J0&i&5G{2aGIqde~
z&iK_BoE|4vkVn8&r`U_sxx515k%?(zVgmEtww5Nj#to}ouJanZ8a=D7)(B|S)ehFc
z2{jsyO$<FcL^Z6vlhqpfI_d{a?(j5I^biHY4fznC*z+?)9(84fQ2bi^2Qss7m@~y3
z$!*T8zAo%K=8?TZt{NSIncw)fq9c?>5ll6cA)()5?tt`{b{38T6UaT7ep+poJ|yc0
z=H>&8rzj#UFP7tEA+I_db(uU$Z2Nqk;}x3`(6ulfxNP&Z5os1(!io3_8dx?sBZPe-
z%4YbS?-sFrd|~pLhsN$Ik@XzJdP|+3X8!#}*G<jim>e`*U47}O>s=guwC(V04Xs|f
z0Gfu-P`ePz`&y4O;&K{lMa%K$8Z&zyWCZPnDL(S%D6i5DKCdDFu5dmG4u-UFXAj{E
zj_Ec~cJ{5*g^D*#;acxNc}3PX;@^VMwOXFKO;KD1x+cON+<kz*{fPjtK(I1r4fKdh
zTh?d|?EQ`rl=K5GYR2}+i&S8@d}$7D!7YD}hF`yRC`9EdAdRz25F%q-sh^CCXxmbR
z*)(Et>jW!B-k!SC*+8azbsImzaYu(%FQ+4|(7?hbj38Gvw*zaf#=W)<4H#kmO3Sqn
z2v*BySy{zlTtK0NwQX^H)uq>uTn)P%8Wqfah;inG)*i7^!K?qVs4uPu?6^M{0X7<T
zv$%Q&cV?@i3ISyeCUnn%YsmG(_KN6h+E}PtSDP%_l^1KyIEfhOEo1dKGK4`0;Re&u
z==_#aiU;=3UBOU;o)k4o&?cHj&Lx^!x~hsgZ3*JS6*j9<$dxsOGN{a!&1B3(|75Mw
z(}8JR-9=e|uVlhQa>!f`@a>YnXaQ`+ThY=R15g$wm|2O_8<Rq}bX*8CC8se>w*w+`
zX#<KGz)el~y~Z$qQ@>quxx^V`ayDwPp%VVOxXZ%lV8%VY{Bbpxl*$_`8KGQDm{)#K
zi_(Lv;kQ(|6yZfjn0QT)U)x=>GO&Jacu{XuMQ}$&hPx^H<QRQ@n8+IBTB2jD>_%^6
z*ps%^v`ft*QL>KKm&4TPrG2ftl_=w!MKioogS>dSnzTcCIdebmy;<n9K&mh{IVx^<
z?P7zz%v|>$Wnlvb*Qn<s1s@V4N3&4Ou-YwK?7DzMfALwnL*HZ+a{-w7e%p=^Y;I69
zQMNk$hcTD|L**hg>P3<?+;+8D#aA_xszCbm+PiUbCoFY_=vY02z46b<V7wKI%3^hQ
z7{@>>+uVcz{FKrGxWQja*Y)DO*yJCIyQ>R-3Y@Zg_y(`hst=J{Z3dB&;4dBi?tl5u
z%=nK#P5$RkTkZRP{Kt*Y9{e2t@u&EB@gFJrbL-(^383FO{v(HVK6ipTpU({GOapzM
z<@pefOr$Kiw(kiH<em(eh_vU96GPFE<U1|-Sn$Dj+NBqF?#oA-+}(L##+PT8q;*#!
z7Tn-Qs-@oRTn<NvBh2g9%}dCjeBFRB7TRnFPUdFx5A{p9eG*~myc&O0()*<-!Iol9
zqizX(pM0iXw?6+|{dL~8>1C^V)>Z{fVX*79RokMDiAi|fR886uijEqkNmF47f?#oN
z_lBj#)PjXgh(=YKhA&#L%c(^$0dG)VRcC0kD#NI}x^keQsy1sze3MNJybA>!0bvl*
zj1lX!tYp4q)ZavJ3H5d(T4SX)y7G|~A4Xl+Xy`Jn$}%lertOqL&O^VtuU<(<jZLsH
zi_VfHwO2-dS-Od#k|-a8?}je)psJAe=b&N_ogoc|*Wl8j1i$I1kH(T`;xfq0<5Q<n
zEuW5)NljPI($Ni41iT;T+d$4F$_r=Wb_#l60(c5ypo4=7G9UwP3Q}Ob55z<1X`l#%
zZGwzB?mRS)jDg3UPu&55A;=wrNAu&261S#yK7K5M-ZFZs7Kda*bHb<EsygVZ&G&V!
zr7Ar<5pC7Ei@Q_zukEBgt>}Zrvn!x;SAL{fr%Cl&v|yT$c@?jTTDo?;+o6sH$9^qC
zvMvx+R-wI}{~a%^=XEeD>a`OY*Ab@fxMziW;=#?Gwc7~ZQas(Q<HZJqX<gKB-tqQd
zi-b$R`UL?3Owd=hpK|n+^h{_!F*vJHf8*ucTYs!p${9DWbf8xO%PWQ)i&0KiP2IZI
z7pX>U0TWyH%8M;4tH7mEaf^P7P`_scy&}+!swXFyQRQ$n+pJMNRS0rBW2&NwS!1Bt
z(je5Pztu2s=GC*dxd?6@IWd$0q0)vgTsUl_7cLvPiK%Ebq(KiCy^T7ix`kULe0UFC
z>C9$kYT|y*`0#J@Q!W1w(_!&pGC<6c|6BJzE9ZZD(E3^a|0zCF{-+ghUPTHUI000v
zeXsrNNQwXV+ncRcSp%@Istj$MRV9v(hG&zQoQ&bxO$q(I#k2zUV1jXYIUo-9AJ0hv
zF;$~D^D-^O(`$Zctg6UaLX|$~9w+A!Rm;DHwCtdn{h?OFI6vU;)rCkrZz1{34>*LQ
zojo;-!<}axTV$+gVtg)2!TpS12-!SaWdEpCVwl<2M<=D%S#DpSoF13nlfJ^1dA4)<
zWvS3*TwK^9d*xxG2LhFVo6aWQcfMVEyG0qMRQc}C^L=wJ9CV=;KreKW?7?|Om7_ZW
zs9+3%w*Xz%9zlcz{OZOy8c*|!o{pXXET}2m*m4T7+omod5+I@x9Q!A<v|GZ@nrHi&
zLH{$@J0Iczm`(rhx7wezeft0Kv(J8}|3AgYq5rhvr~>}%zDWVJ0oi~yTMsr{ffPV$
z*Qb3YJx2TYj-onPgy%Pki@t2|L2$Du@i#evlF1~^ASIAY6VxA;A0cUfG$)%7&gs^N
zi9I+%CyY3&_K&*zhtFR~y^(r!^x_nrwf$p<lCaVD0mjaxgQqr3$J0WcJhg0Ez&E71
zBH{@UIVCqwM<qXPbed^8?GJ{d1WBOrs!8CU7~#qnjWGnGQOkHRjU%Ax5aE@SB2jUH
z32RLR3KRo<s(hAZqa;R}++s>A!v_cKm!K9zn~+vuW}xC~5y}lLJ+FO|Z$_Ww3N*Sf
zrf61k$tLy0#Jx3sh*gc$g4J|c1*7DgZc~%gozMNSp9hQvTMG)Vlk-_Ca_ecr!Wm11
zgRW|xUZ{%L6*O36wzajEjsjzp)!7&tR?xpwuRqy8=tL_k4Qve6LB@fgMM-3!#FsmV
zdk39H!$rhl)<v~);KWC`tW5i6oY-`n-dHS|vR!~0t%+-6Uc&S9q(J32>YLO+jyq5H
z6~pt}{lmS^H>I)ZOL%CO;|2WjkI~26ka60eF3hV*{3iMRl;UEnwFz1wG&L^!F)oTQ
zfI&-P3&&~SW-4$R;$XwLz<jq4E!A+~24zE~Z85v81PW5mMK&Pg$kI~q$Od3&VOCy4
z3m$u;J?I*Qs>MYC(O-Z%Pyp!C$azRBoLipnG=6iTs0;>vrT|ZBWEdqCQliJBH}Op_
z5(m7ZMwewdiVlU&ZNONvT_B{)R*QuNx1v15{2&y%eh4j*b3=sVZ|cC**s6LBtB1Kn
zpg}hpB!ehT-pm2w7@#Qk3??NN*vsL|s03|Os${cmi&?_3SXVo`v2Z}-!j<qbH-Pgn
zh}<i-)|P8C9yl>Ifux%#WN;S~8y6vn33WA`WGNVBHsR{1cM%cQ$Tc{7nHq1eh`O95
z6<GJ>F~F1-uoRyw>y88YR9&!^aTCHdyk-JH^<iQwV+N@(z|^xery>SfdEL~>1>Tm3
z*5EzHQ>V&xh)aSN)bBeU#a)E*&Dzre$e>!5YTCG_2z8B@!`YN|qOOkA1O%=g2215A
zI6^~rn5S9F6x0$o2tbe&LyexD!>{*`j}Dng8~%qp?=uZjYxIV(JJrcG#RvzujV*=c
zi5M7Fj67_<Op6JdZ^d0qh!1j}0&NlGj8anPnuDcBhUpo|AT;;`*w9q|f=gWSQxPG8
zkvn+lFi@U|KDci+9U5Qo&=E`pQ8t=zqvF&Vl*)fHZU7%refsdgF|tmj<nJ;*w5ypV
zusya!{0geTc}`fpP}rjCpsr154w5i4{bsPxvjL2(ZW$>|KqB`D7SrB6UwGSg!}4H_
zXfr(Z@n7xSaanQx2a=ck@E|BI$BP`Cp)qpR`mF{;FZ{t!S3rvbybv+tkP|$)cJ`B|
zs58kJ*F#kmY(R$vaQWA@){IRlc`HL|KFJM_LfaE|90`QfFI=g<lmHr(7U8@*W75qM
zW{G&1mau0NWOk9dYbVf36n10`E%rHboH1^#MgjQD*`~T#i4y!cvVs?jE2i(V@hjKy
zP9Ta(gz4Uf#WI{daIxEWcr?fB5m3>@MQJ(xFcRg}NMyVkY(N|Bt}JBi`N%kz8lwgw
zv>UmS#ujK_D=jox3D9;_LoD7L9r&ufH{tfc3<shKmo7}b=n3lF93kf!(sJ~#>5F1-
zV9&V1v{@ll%&<(JszO&3*4FnxL}0EK5a7)P**p#N3+*LuG|?gwqnMH+&*do(LeroD
zzbiT#*f^@}StwCC1edvUX@GVC)a+SqTwK-jH$zN^mtbrGNPVH*9V0?NF1ZMchzRJa
zS_XQ4X48m$eCv~SHW3PwAbrYK(w{lh$5|uh*%jladacrvSt0F*?RWZM287Pe9{hc`
z7Pd(ND{u!;yUS@-yp6~wsNH*qRIG0fz`PfygZhA${qV)J$DQNu$?nc!GrCK9l9sPb
zq@Dm|{UD4O4-6B{#57i$Bp!~8=a85HSTS{ztYr7#j2`pOfG<c=^y)-lrz!sEX@YB1
zGZwk%X3W`q^&as5ouemZI)IQY6TUJW54w*jxZRmipFt!#xCzBT0cQ<+XSQYC=g69d
zfJS>`tT)AYl8klyyEA!Mt10I7F|Lp56+`TSk1EXB_jy+!bYoQ>bOmDu&00$81o#t+
zh!a=v8zov8B~M;K{d7chTvM>1CQo~jxsC$(aw}son-NOnpxYaNJ6dbKgq2wSE?sWO
zF~@z3xuFKEcBRl5%XqC`DKu$wviRtGfLBR2T7F-kv;-2zpre9_dvWSEZk%LF7zImR
zIwKjSnkF8i6Vo0bN1a||Z=y@gNR&l3_>HbK@sli3U!;W_-G~|sV=Z(YZTtAffsQ6O
zW*m43;>ajQ>+q6~KI2rrAc|v$j{pGNb*isDFgiVUMqwP(0UO2n>%@35rVxO3fU$?i
zMzsgsDhdvbY0415nN-IEO~LtF1Cr7eVYq!g&sXU(LzN=fX<u0w^9JY>QVeej-RYd<
zscJ<heZ_dVkT(DboLz~<a8Pf`)a;vz?OB#KaO_n$N0QbgFDz|M6$_EG<Y3N0*jHM)
zmQQ=VB+vCv^lhZ@;gbmyWLQmZXB)%+R<kGE8idExL>FaXvnbm%z}1!xv1K-6#8+z^
zP|$InOH$NUQKYqe9QR252?m8!i<C(C3@;5859e-r$)d0+Elz2bqnx4%t>Qf(tm!5A
zd7HUuX2eddMGx>CFf-bs_SV(_cQjC=)Y?*5jt_l`VE_#iGMSEOCqz3RE1>$M?=16*
zYchRH<_?d^F$nPb2&Oeqg1aSL_{dV?%8(tB<r@b?P&o#DF@|u4mtz3N_}h(_Frwv^
zWmR0k7~GkGyUxa-9IeSoa8#u6w@U67gWxDA%jxo_B#cf>{1Wn6j%FabfR70EEn6RP
z>&Pn1ZrexfIW5QBvQ@C!Piaa1p{^Hv!$##-yB@-X0L|{6O2QQyqS{;#eU$Ed^kc7d
zX{0)4iZ?jioTVF2xr}NbT*if5#<vbi$)vXfYGKgO&hG)0{f5!lv!;Y+;Bc%!$C`#a
z;Fx6?GFOt3@O2{mj?@E1@bbc(q#}593XU_lsVk)DnKHSFnXeUMQrc%3q$H^>+^UgW
zgCcLWl<%vuXK2#k3A;a|8mz7p57Kd=PYXxUX3-mN5=JnH8`i3Q;m}~KhYOb`Jfd#G
zyR90Jybe5r1ABoFEl>|`!ew#dC_zGIR3#t@Ek+4O?S>KD&yy5{b9Fp$3SI<^7jHi2
z!`MdY4X9D7RsufG^@d<HhK0+smtr2Nl5gKlMvZ(K^}I{5C}%Mwifr759Z`);%^}O?
ziF~qdL0k4f^^a5RsOmsflZNBwl5J!+fq@%A99IaUkwnS0;;j{99h1SV&MIV66X;>_
z7Zbl7K7+9;UHIbmlV_*eD8!ybFh=C<Dix)!IO(3hxua_l@-P~p+_h(UdAMrJ;8N9d
zpP?RUnNwHyBk4QDnHrpN#~VNhkCM?i0tAvTEGsDFEgGIpBL`~lC9gv*Ic8!|6tv-F
z9Cp&_eAPYas3pa3yDyIUTjy}^?Ur9xnwUWw(#lM2e6TU=O(*b2i4!%p@wGQgWHRF4
zf{&fmC+10COi^p5E7F@}kQ#R|fIv+4LJOWkt^1nrV7mhV2_P_)r>4Hm#xD)M%*Klx
z*~G1*NtU(LaTQI1e;q(BHX!0vN;z-UiYvv`-*Vx)`$vb5pEM)&_X+<!c>LscOO|G^
zRN!p{f8jLx0Bc4%EN{uw%=QUBQT_+9Y658YOG+ct-6X+1PjG_Ow0*!@s@?ks$3Deb
z!wKcK-f;G|Z@@7E)~R|Ax-AZ{c)enqH_E*^%l%G$nH8vR-Lr{D(^TPkK-L^hW0ygu
z_%&>v9^+SjtW8Gs-48!T^)o%julyJk-SiZ`>4#)&+O#)5{9<g2k41Ulh-&8YgCFv3
zE<NWT`jt8!`MLVW50O;TQ~X-ta1aLB;8qYDH~`a-890F9ISu5LfFj{D_+p+RYV%|K
z?oDVQ=Tqx;&wDho^PYL6rB?<@CjB<5AV3LZkedU8uL_f)1F%Y)X*WiE8n$EOStH9K
zZS~wMFT)M4wWI)JtDDlfG)`)xaT2nPHEs8!tE}@2wT9(p4!RVUp2!VB1eV+c?j0pM
zse`BW7f{NJe&|}<;S67U_PO@<dd1!p!QrIOpw}|}R1iGo&CCno*XC|31hoO*CB1b$
zZeYYC<0%xhJ2ChnG6&IG*A<I+g^{O(p<h&gGb}DB&_piogT+-YTbDKL8dHM?!P?R|
zZIX;faW4r?T8{^9X4om9V#Pi0C?t^nbkJlgDH`VLQJ8Hx2tYhzf0#NK-uQ$hy-;aI
z2Hgv7dRARQaU95m)aZN78?J=8G@CR)Em`#u?KOb)fW9GtUh<DJhL_Sz)ZdrFXi%46
zTSK-X4QM&kPj~1TWWF$Kz&GgH#MHev_eMCV9$|UE1dSZ&w)-#bIrH!1Q|<pXO0GYQ
z`|mveuZ{MnpZfk^?a%K2?Em#se5C&ut~h#swKv%N>;AosUq`K9f%n(_fcx)3ay{(D
zqi83MM>l^+7L5NTT()|^8M<CvqfE7!%=he4qxJl{c8`uba~!++ndj66b9SHDpkw0U
zIG*Im#CwP_$V$&>q|QU)eB5V$7-pU?8N{ZnkMf2(;BynuMKK|NK%)eB_6G_gW#ibW
zGW+>q@&?tEs_GrLD&2+SEua5*vfQBjNJqzeo#W`ZbJ98fy0ZtQyDXI|Kz^gx)z?Xy
zM~3~5qFRh9gc>UJ;Y%N-Rgk>(-=X4|sVu1*YJ-^Hs?(4}TRI%zyDdD#--rqDB^}bA
zjC|y<qT)Ez$*3#P$pFubi-i78rq~bOox&HqW!2@^*WuAR{n_4ze;?t$pX0y(u&oPz
zP8zgF_zu`J`bNu4-;-?ch>HWuO5D2%P8MG!T?MDEU0ryjzBT2dG@54l8y;5+#iP2~
zY0UCLO|)Gh*6*3VZAAa-oH7_{wiTSAqt&RTxYsj!lZ$xJZsJ6He=dqb=pKFhb9%2W
z%qqU=s;xu%Z5UB)#H2tcE`;k$(D>A>n%QP(ls&9e=VXNGD7N6tPskYQ29n9QFvZo?
zmz?4SRf~$bZ@A%Qzv+TaLeLhjD(RTs5u6W=Aa;5}w)!gtD@0E~?qYqp-XfHKjAwMx
z9SpDQMQ-CNV{V=3O*ZN0B2~OidLyonIL<0x&wE|0wjc=m>Cso6!|p-nkh?4t$cp@G
z-E<^V-wan<p>fDedKz!lqMsb^T21q>Hq=W=8SH4<YJ4FC#h2FN5PwFWD?#k|<kWyS
z5SyF|Zu5dp(|mZICjE$3mKt@{b`Vc1RWPda%jgSe?#S_PU{tC>EA>zM;NrmJbFUrC
zpUS2_>6u2Pp_&|-Tr&K#=Fa|QKtDv_Ev}1Ggu`sW>T7H9h;M#Rzv_Y%wdp+J{Mc?O
zyfn~IFvMy3yNzX|)wk36U03W)OsYy{ygS^|`~gX@T?sIEi)wn}Pua0#&(BLRz&9|I
zZwYB%vS@MC?OjaM*Ta6DlDdN7TR{WQv+1OlD56U>a5$=I+S3)Qoo{~9XD3~158lAR
zOD9AV8ZbI*8s5@u{DBD1YUnj&UjF_BTTlSvl^4*`!qQ&1xR_*bbPFgh9Uq_k_V5(*
z*tp=#Z_*-O2%<)d<k55-4)j&5>s5m;3=zZ{K$+Qrsk#$Y!q}yatnsKO#e8z1FI||#
z0$)WE_e5Kc=!CZ!75fq-NiGGA4b*=Z3V@pOsxxVFgH-;NDkW0j7R4}!JNk@obRn!C
zX?8Lz09(H`s*RS=euzrP#Hz^4$r6G4GYI3t%brG*8AR{~T2f~6SYrAR8k&1xtFza`
zar6p!KbY@#a=NAJa78EC!;dj}P=inGP^-`$wfkKvT3%gscZB90_76|ZPH@nY7zf;>
z=#^?Lph#6)#^|I7xH&W<7w>+ze-y3!p=l9`H#=dS8eu=_jlq^lL3w$7d5fO{5+3Lu
zqbz$JV{S@5jDS#fj!tZb993WqOVAc&l?U+Xz_IIg2D$JO^`OHS&G=LubZ9ssp3$h`
zQU$*-5`-BfO^cgu=4@WJp^nkyngY6OOZL>5kB+wNJ?Y&2&X(m$MC^RCzq@k~?HukL
z{PuU9<M%dHmv=RIw}q_rOzM*qmJRt>?cd(Tq>guuk^^@x8S$39#JiVtP|ofK;IbaH
zG#VHOWHIEgMdldirqQ-NTane1hpS@&7e0Tr1?k$FO_4kPHbvt%=(Z8jFV%5*+=?!m
zE#Zy(B)QyA2N{6ya;U!0s6iEvmREG&x~Z*rr{g}<RE-TUl_WqdvZJ}amQ~Q7_S7Mu
z*5^uzmyq3+1b%o>xAV1BP>*e^ynXAc{ufd23LiqBU3>#pf19wku{p6UNN`lkO{bxT
zHASWw^vx8!!E5iiBe0ll_v^v+XhwG#T5FFc#;wkSS%ms`?O5+XY|~^kq)S_43*t{i
z&Y?-uWozMnrlYyk;lQIFFOxiv&uxZ>fDEU`0E1KjAR47u9m60BmQD3xtxf!t%Gv-D
zVp%MPPU37E=KbOMu&6ux5;`^};K4m<OsGTkL+TGk4LlDG2_YDCl3Igo%3gJrjpdYI
zYIRNDY|$ct;CnsJQs@BW6(=#%FpozHB6CO8Ww(Xk9LtQkj}K~ALBt+pkb#}I8FE1G
z4t;mj_OaT4OOO;CnqKcMVe>zqT6h=pz<xl~*eb?}4C6UZ7*?3cN1@HZ^0%lSqwg=5
z8<k{VC!+I~Y<sye3o#=a)at4h5RFre+fEKLD~*3Ms;}WUHcl%i+y=A6EIsdr*=~Q2
zk+`J5CIMyPREI_zb$G<+LfM(##F!l>Cy&Ti@P1i`RGH?Q*DX)lGK%fAAHDi^7U$Vu
z4+)$GsNogMk8}}J%R(uGP!8wpb)?M>eeWn1jh$VmZQW4#?Hv8i3jbwtST|Ja3s55(
zuTZpZ;*0#b+5`NQYWK2BP?8aSReYteU?%Hm?V{i<2BeWtpd=klzfMZ;XU}&|y9Y|N
zZ^+3h%(nSD+3=J%5OV#1bs8!3XW`}4A3zI0ZWxp|7<Ba$MR5RX^V%Gg)sU~Hkkb%t
z$f9q*U0+{+`4VuipN!RU2?w+SoSL748iyR#O}+KNxTGID<p@46e+2lvT%NZ?AZ-O8
z)%Jk8wzgFPJ7@qm@FVoJ;CXs*h@$gMVUK#K1eNjDeE3MfD4}lCeK2uAB~GGrSzvB?
zk2=u(*lZ^)$0$MD=VcuVL^wcBHv;W~LpOO>y(QIsR*+}-prxSySU3=9Fm5inZL+q2
z&qJ-Q5E>EU(n1Gmv>Mgh>L0+c<{}g%s*n%V8PQ%bO*JZxi||PSM?pUsRk3A@9)llm
zLn|MQ>PlK^tffj+5_Z5aohCB~<y@40he443^gYJ$olA7!Ft&}kRE7Oc@%je>p}qRf
zA-*#KZF>a&AMkQs{w`kLs&W!KGlkBo3k^)6L3N?j6iTZLO-!Llb)mu(Dyj=znL=09
zg}&3iTjv>MgvqAo7v3pmshmgKLVSl=a=!&YY!4w&O*n~%5J)d&ISjQGKu_F31PB<S
z2vE+TSmcq7inB@E^?mnUGx|;;@pno_028Y3zHqyDTu{EdzP|Qf^Ho{oWWwgzhaMV<
z%`e&7Sm^=%6O&n6-jD~0{**~IeT=xbx;p&)J|(26kQ;qa_M%78i`_4Gj=PZhz0_lX
z5+r#q9z&9;-%pdYm(aZ?IHXlj1iKnozvsPr>--Agk}YAs1)D2_$8XL*9G&(8r=j-0
zn8oKPS`XR5wHEQ6&%f3}=U(-xS2o-RTaJY_4pj`uyT}o9Ii?w$QPq-BJ8Moe<poDa
zB=;;<b&PA7`fkg@9SBA*g&;F5fXGcgzjczA-BX5zOVCpb?pfmVJZ|rmuDFb0i2K7y
zK`Ffa*a><_&>b<qE`jkSV?;kPA_nG&Q@slD%O`QO(ZYTf-L)Fx`9(G<LY*=h`*@K%
z8FjiydbRlG4@!e`R;?P$K_DAdLvC_}>(YpahE9eg5ff6EB^(Grpz-%xfxlQTK%liV
zun@~FkqQ!N7c$%Lu*bH=9^3ZE_=8~NEC4!xzvX!+>j8ZJo&)%Nu>l-(ss`}rJqPe;
zu>m}-9Kb)k=K%g;u>l-b4xr}K?`3C1LWuGWw}fs}6c1y)+vj>osIHJtLt5(fTEnBm
z6@@$ssRy=qbPAW5K%&;y*Ihy=qb;eTyGMt+JEx|wEF0LwVP4g&)Ou;9eA>cS2d>&U
zNK)wjp-fU7Fe6j`Ltts(Hn)OJ@^lEp990nBjO4(DR=G^eozaI_+VXJ{fNL16KLYfe
zKI75&B3|U)!WjwNIrr7e;Q$hsXOob%nf?fK4>`_~^e|(8IQKsb-?Yg3x8hwF;akIO
ztJ5c%p7_Rk=wwu~&nt;)#>B*{z819<XYHDpZTUOfgR8^8yNlqU%g(dTJbtItybiJE
zUBc*3Xeo7&OqMv*N{o^<zB5Pr<NB(a<~^WVjSwl4fj?a9k+PM5H3<<07_OBD3{9Ut
zzEQ}>+A2gxUl`^bnLaMrhuBCIux7d&-5}rF=A3;avq50y8>4_Q-yh}xqH`O9!7)Y@
zCS1_7VxJJZ@6vO7H)rfX5LCvl#k11WqY1*&62jofx1}a8JU4fE_PwQMKl}cCz|U;|
zpNkLD$DI6s57ZCe|L6Y3#?SsgKgGxQ|GB{Qe-D3U{D0c_!T+ayfAfC(L;3&wVmL?@
zuSG6A7p_Oo#nN0~9OF4-b85>2?@s&SXK15x8D9@Cr<ajBgU^c#xJ!)7oQQ72*wNpq
zbC442n$ox@<CZkoDlYoX&ha5wQ^NsqlTB>`r9|;OeTtrl^gJQ14BBd{dgl`*=+<1n
zn;HNH%2`hwpr>%BkW4Ni2YZy?T%KhkxCKo!uu(d@@x2L<@+$(nbGWAnsS6d9gC8Gv
zcD`y-p}ixzRyjE7m@oTJ=<6XBf3l-rJ~=w3zb_7VPxp@wxeYGAe~5n$j&^qr$YN-p
z{~n#<U#@-JdEVJM<+{h6(-+57@$}0Me>r|Z{k=Fm<tBdf<^DmZNua>g-erL3X_KJR
z)Zz_I<?ov$deR8#&tXT{HSuuB<JgF7`pOBNd7OBdWteLel3pWs>gc?HmRWihp6&l?
zi%}_xCzJSwEFb6;e1&m2@VW={@$T)M?gWB`xNceCbp+mYu(PHqxZ&y(nPc=KGvn~v
zZ?%4uxvk_fR$O~8kKm*QvmSQlwGFfR9=RrHdlDQ1G_JL+d{#pTr}VDWg5e!>Bbq-X
z?`h`MVYYD(l+C#Jz@~}qNkHFgxiq$O1>0a`<IsRc>khFjGk9Az%pT+_g{W-|asa8?
zraBi7&CnZ;F!iPP9tQ_MqmorH&-jTVC(JGla#nqsXJ}i)p89Z&2t<T@4qdZJVfPFG
zCtGJZeF!=hUs5IO8U`+5Scsp1iklIKX5-pQyR&9XWQ@2?ZuWqK#w?R(j>csr!?L$#
zp*f4Fms~pNm=(%GeM{@_IWn4W8!mf%Z}*1q@B`vUxL_57T~Ye>PBRtYUCdp?9ml&k
zg#DZ;{IBUVgZ~E&dj26qfO-7?gNJ_p?@v{QpZWiv;^XlDyy7SVeEMsf0sOP5_1R{t
zy}7Xw5CO1KGdhd&VK0JHJ|_zU2;|Nz+baln8jnWEP^|TnvD*F#7?dLCG(;=++lmg@
zts_0?Co;Z(o|2b3R@K2^0)b!whEYK(_hSF>R0%$#sXC{M`|U0N^|Q`1czKyz`mgW}
zzd$aJBIly*Y@A2=C4`Vp<6=6A6%Sj_Gm3xy3W^~&U>Hp}tPLZSBLiglJmDM*0|7T*
z>3(i}x9^zHzV&~wL4McT4Y%w8%t)1`IYC+e#$}zt3N}$){R6fX>Mc9Uk<dliZ9wKq
zk@nZu+7#b19wfyLPJ(@l!0|)Pi_^y==Kx%O7IEY`lfiIE5i&309Mc12>F8$5rh-f}
z#Xn_dqvVn^M9TUc`TYXCO5oKS^(`@d;aHahC%>N-&(U^$tR_{rF37-t8qka>7z2oC
zkP#KlEzv_zgCHKMTKdY@MH?jnbaxK+pB_HzDDa&|2i+H{7FO7zHaV6s3aziEIi$ce
z8S^Z}mMII1VDd{{?d-Cj#;7}udxxym#6EELAW4zR4t-4k!ozg!0>bh}m=XS*b1|r`
zhda-x_(U8Eym(5k$Ms$_Y23L}m+p#<W>ilUtaRacJfxU}^$`{pWfQ<gR9o6@En8A8
zlfC*zqq^@T&=vMF?5f}R(=Z^Gpu9L#i?U~G($D&JL-(k@Httl~Wc#gw@MlK|lAw|U
z)fk~Ug+lPHVQR^8?5E$jgOzwgHz5Oa!z~B59JZKV{!mH4V_g#EQ7mGUg97rxs$UH!
zkmF(PGVWbKWuVz0bZFvysZL68cU2qOYzUND>pFu)BYF_Qc!8WHfIS7~X8{79jeA)?
zQG~d$BrsHyRkh(vUz%L%T||-hF}^;gtCm5gWUvB=qJO9Ta6?yD=L%K_w?`CrE)s1W
zKtbo~dP3vu4T<*c2ID!dA%^BZKHYf?^wV}FpWeCOwrd~ilsmMREV^;WPtyrvW1c#V
zn{!VswUV`7JNpA3K)gEmFuKA$l2c}y+ETWR#X;Nt5S+{*EH*^tl5IFIbbmiMjc>{E
zY`vAhK@^I6lMJ>HTzO8i5hYd8q#qfE3rLR#LDt|Jgco0RIsyR`mR+GwWJdet&hZ{D
z{AuUp^u(flmiD0?tc`7njf|595;ME>wFS+;Ygwh5|G$ij3rKkX{xQI2^Z%{;_c!kQ
z{C}(U;Aj5-r}#+z->f(Z0H2Wnu<@&V?N31fxc_PJ4&X#5wS?*kC=KC8fCD|=Iv|*0
z&S3}+!wwC*vA=kvUi`0v{l{~{e^H7S?><2tdh|>cog!U%zHi!nz8}@^ueTnw9{#%h
z>BIXEfA#Cneto}v|5pz_wa4u7&ffmc;Ys(o;_CJ~PmepDsQ!HaUh7vI>l+QvV;x4`
zjn9I4`E<lYkv>F~tdC3-XZxbnXq3It{ciGMFiCB>8&&YVdI<(g4t8_#?)~(#1%ajt
zzE>{`&IU@pdp~N^EY^)G_+Gs%I2$PW?)}6Iqgwo4xE3#r1o3-eLA>zt#P78}P`kZ&
zN9~H9no;O^dm(&JhNA`XU6p+InGQx-Hd&D9LDBc<=`suEvk7#hN`82Vsz!sE0{Yn$
z#Ev1lWAcvym|#PN%3<6cj-7bF_HE^h!B`Hm9VXhpp9I6<1&H?VC&jxjhLWuo>t+mL
ztv>WpjI#5^dRGPCeU7SfYh&SlS{v`)Q=)jTh57+?$UFDaPZot*u!nnPc4&T|lW-2I
zMf+TNmp%uR3V1?^q+)MPszIwZYtnG`q{y9-%-@rv{=(~vMHkpFp!=!XECI?DKEyG5
zlAk%rPZMgA7TVz7IyEpfyIrwxTTA5-oNWlfxt%(JH)VSjjSbn36wEdI(dXE&Hh<?a
zV3y*yL5O1MGK@+fim!hZ5XIL&J%}D*zZOI|hM6FWuNMH(M2UmhWe7^3J_SeSPnJoC
zisrIWUCD__gRJ$zzGi#7MHfh*)K8K=+?R~<EILbiF({?8ltzr|qWmT=l1s%Co=nrD
zlaCwGE9k!7AYU>bXw0_}=(ahbtgpvAhkI~uQCf=$=CL%t8+B^%6J4PZ-E-dS=KvVv
zDk#xFTL)9F<4Sa3e}#?BK$258f1A516UH+h{#jDINs=_$KoGWUP2n8<)^^v@-N9{2
zG#!uOHUaL;Y(-euse@2VRdmveK=#en=i5_EkY2+(1_gdt&E#@i+|*>PAm=w(nKn$I
zTIgNRsfBZTHC>)JtG1ri2vxgKOH3_y=Qf%>x60|atEWH0>9^l?`t|AB2&}_aM*$$b
z8Z9pX2II;S&QJJe0?u*)T&$T;wu@}?Ty4)_QY_pv0ia6qu`w$*5-WH_uAle}BCke9
zfx=03K+c2bMm*HdbBrNw#Z&zp#3)EuX2dV?!d6f}_&JC@<~jV(&oj(16j`-_ec?Rk
z$BL`6kJS%;tj=-!Sp6_5j4}*!Ze=I^LP-m@0{qf1Ce)N=ZFJtFzIcH@^b24{%?tQp
zU)V0x4}Pr3zkRHJ=*I+T!$RoCN~#gh)i0A=>WzJ_e&|F@v6$Dy<YFR3!#9ycJ?Ayx
zp`M6+qBA!QQ?XF+%f4`)>&HsqF$)eqbT+G4wgbQH3+H)7J}1(&9zhlyC}}mM_o{OJ
zV6m!vPk!E<XFI1~n#?)8eJTXR=lkYGDL>43SgWY@<%_4C?$<j9)pakX=a{IaBL2~{
zqrJvbMb;Zc>*|*It%-8<b0U}z^_g-1lU)8J`Cq{QW22P+<>AlwKR?OGx&MI`$Ge};
zHmvd2r%~(v=KY784?Zj3{XoXZ$soqCDABXzGMn5)&*C&be}_~s!Ys?)^CXw=kmCic
zR=hi&Qr;Js>jHUSOo|snz<18FX@P<ZUrQT{giUyjwjnE^C!m*gdNA!b`PEq13TN=w
z{7N~)g=(e#3STX=OCd(XrLwP5=S7;l!50lx3$5{{F`FUfWKULC{n=F6!vW+|r6e2>
z+F_lm*#XyKq;z&|G^6W=PI^W$8KX0}+sDg#XyeuOa=3x9stS2O;Aui5rJAqC%Q!!U
z1ZdNhkCWbT0Q{fg+nW|_Xq&-Q9)}Ji1&ervLQ^Hjjc%G1Lsp&kvjhWGf|(fh_U2-!
z#4=#Pe?J{6Zk%lSad348Od9PRp6o}v8jxlrG>9BK0Kr*_Mr=*SDc;b(nGF=k`$x&M
zG4>0w%%$-HS`Vc#3MCPMc?cK*Lc&!5Cbv3>hog@h9O_zHo$UXvvvYjB^V>TQv_B@8
zTtDlcPqH_Vk=wV6ry>Y;GQVDNunqq}vX;EUSe{%gl)U5`fTIv$k_J#G3Nx@Dt*Q_i
zWkA)iqBF^0bNAXtBBmK@#du+(eU>UUWCfUUlw2hs*^h=r;b%C1+MP^OBkY&~lYC^8
z&|t&t`BFfjt_ujYrj41<3l}gXqKMv(TP>?xY+E$k#!A~NSoF)!oz>Io7F$)m<zxfW
zjL7t>flRXKvo0eRX71xv<`w3)n_`V|@+;h<ULNu~rZBuH|6{CINJn#nd&k5JI{L~<
zZD5!Ct&569mYof&l*jI>)Gq0?5SxR8iPIz@%$91)$@_<a^s58yiFozriRwvF718=c
zk!`h=)?sIfAu|+b@17at8fSN|4v%=GYeO25r*+FGv-zT=yYO$FSCeTog>>cxuCJW0
zJ<=qoQCB~J#_?!)82Y&2oK3PZ2p^Qv{?Wl!M>czi%^dQq^Q<(=bp9ySaEh#mM`Y`#
z%D4~KXoL{tE7fFxSJ0x(Uz+dv`9q)C{Qpnl|K0wq-7fL}pSFMI|9^^)&;OJ2$Nd)D
zem%I?ei*fWz1e=S*$Oy+yf^=E>`sBxzi=7<i%Ri8q;F*Zj#@}0(9Bck8PK|ur*|NO
zpkj|P0w|q7(v93dRnMAP+Dw~@kbSpwr%n#NMEjfSbO#kRBw(}I@xaPG`U20V)mHF`
zf`;xm#|{wV`WcwWXK7=l4k@YX^raDP+TwJu!exRtTwqYtOzM;+FK<+}o;RA2Fq$`Y
zv0|fYQ0(@;qJC7=N7rTUJ#9w7r<J)AY%4|XoLekP6S*W-{-9X|=3tn6tmxFE^n0oj
z8MrGhx9K$~`YhMIQX(HRB&lix;q5ge=V6ACx{bQ60(WYfy=tb!W8;}!G>M@`loFh_
zI=|~w4zl_^iV)2jZXq<=ZftwQ)6741b(iWj&DczLr9tXx>2XF^O(kQd8VnV^Nnl)I
zCY96&Mx*TJ`wooOsE_ap3nmMFgp^Zuc%8wmR+PP^kTq}Mz6{nB($>7XL1Apmy0qMm
z{#T#>S=|3H=HGM9{|66S<^0c|J^1<j|4Bab{MRc^Az&WF90TUFdmH!F*Ui?an-6|n
z<^lF@()d!zT6~{@&2Wf;gK4|~8-OD?1#Qq})}M~hBcq6iX^y^wmt#sOOHv#JZJ=Rd
z2QSj$wYC8uKS3qFqZr>G4SH!a&;nH3izjcu*5z5;i;hmBZyHb#>IcgHW|;P~H|*0I
zM|m-&uF12N`(9tfj9nzLw#1kw^T7?-6%R6=s0OcTtZ?b1)s*Ovwad#jOq>uV(E0PD
zCwK1D^c_?U+p=kSZr$9`latQ#JGHLlwAB2bA9tSYe{-jHaI~|her`sBVZ#ydP-LC%
zlb!v8J2mK@=SblS(6tOlHX3ySqA)f&4#obd>UZw6<P#wAckZ-Bs^+8^PqOp=P#uVl
ztD&1wLG=OtPK1Q4-le-XS!#uc;vX22dXMAc!d8QFyHB)to2s7QT!xPu)teWT;pP&<
zDwJ;C_72qlkDhl98>|@l;T==&1ylQ-vRCfRZF&}i$1~_YFL+my-zi89>(ol=IW~F~
z4@c;zr||1wm`<;o5gPfZKiNp3n%a{4$NS$jqbG_FeSEUlgvJh&0=`B&``<(l*4xeK
z%jYk?iCSz?gdW1G%^O8&K*NVy7-`60q?q*y>~dEBL1QsaExDYM<9alTZ@^pv)VO1q
zVyYf1Qe$?)`g`Oy3_<vwq$mg?Bp!<(BUv1edZR2)>V%zsW{`z3R496(mu=N9Y{5Fb
zY(~eY2YcPaqu&@!6qeB!4*D9IgKB~m*@$$2jxC6);|%aU_kyvSv~3KuS(ka#=#Ny{
zIyOKXh{iv-_2>sUc14cfzS~Mitn5!lq3wI{f%ophJ6D{3(G((a{-_A=q5B)^m`_V`
z%d!O8#bo<Dq<VJJLwBF=oPG(}2QW!A2d+7T?|Z*FI^JWg>9&?=Fl?(6{Y?}FHE&Wp
zL!RZyaFiUzm&s0@gha~5>Z)i{%HQ<IKSubCx>CRDBiK|5$1pD`)r3qjjfTNQt-_Ty
zT+<Y(qhiI*lOl45L27exQ?Y`5K<dCP+tztLJ!6|{B@9_4UjrjzR1tsE+1=Yers*_H
zO(n}+W>*PWXPCI5@F>a@k4M4TIEa$XEH76KHWh~&sxZICmk8hkMU6YO>9*u@CX;Vl
z?O(mr(0zgd%brn^%bog@qvK~_bJ96E*?HRO?ms;|I#z!UPddk^C($1x@BNeGqi5Zd
z-=3Uyo@oJ$77_=7LO=D{l&FzR8co)V8`!w?f=lVua7qnqu^RD_Jnc{V-+@ID{%A;3
z@%bbl&cXv?#Ow7h!B>6faJSR=5GR0XEuvH4K-J`~cIwQ^1Wo|6)O;iIm!$X#o1Ray
z-cG+iQF!73sPYu3n8A-q^?!S?_al(~L!#eW?1}DaNoe0W1b#fK4zVTHvU~lTQJ*Ng
z0w0Vf9z#eVFfw@6U5?I@0i?g(wXq&B9wKt|?4T<I1CSP!c%fyN+fW)$l>#CDw*rp`
zimJl%!xP1azV7sgM2~XVp<9+<K}?Q7vHD&04tztX1b>4z`K#*HF}bs3!M-h7$_o7t
zBzOi9D5@Wx9H9{l90U88iVhwls_w$eiB5v8jnvHpHkvL~-cQxCOtSH0s9*+9b&dqy
z05zC{&IuYTQU{r)YFjf}+)*c---uQlaC9HCOx}I|0t1uGY>g<s-`-i==bW^&htlgQ
z65v;61A`b}MliqGBTypBbi#1)k}T;a?J<p{mZw|W3Z9EIY5U>Hixe=6j{3S<ZTd#U
zOT9fj*gyR0+0ovMgHHG8ImBtjV56tqgPq^~R(*ZaIqoQ8ck<pxK?x9wi#*>7y>Jl_
zirnL9PH(d5sE_evB5(j<1E8~M0g8(&^m^z`IMfrF-CQ7*$aO;5`o~?MBi%6s%1VoR
zLps91J{my+n0SQeE0jb$<<i;=Us@I{8N+vVavYxQqIr+M;%cwK4;Fszs(G6u11oNq
zVQ?}<bkf7q%Ldvm>`1JsYOWbk)9QI?HJ=~vf4y_siT+rnBMw!fK)YS_t#f>Qbj%Y!
zJlRVWX~}N9!PfPRXihlBs)NvgPnGiBh8!YhX%teOl1;~lW&{pTPB1pG;<0lAahAQF
zj_Kik8s0$i^v8O7+AdbPTpRX6XV2fCs4r;2l_^SCvkg{Z86|>t7?i^k=1q<UG*}o(
z<AX68iUEBuo&u^qiASR|9g@jWg1!gaKx_h??OM?n(EP<`xOasnaqj@{b^DGEdPwGf
zQG%qmzs0UsH`x?b(vgftSi21cCXFDluCuL>-kq{i5Ab_tM$rI?LrDDSJ4---zN$AL
zZlv#r<0jaY3x8Mu?JRK{UDwJOWt8yF|0MqeynKuzo2a&7<G}e3a8KJ>9e1AYpPU~5
zcK>j%^9@VPgp`K;Nh2EM<mL;TGW}y{Y?!CR5zFNbFVRS<kla>@qA|&4jJPWe678pX
zGU>-f%#B#xfc7-RMxq;aLK~}Ak%I*053Y>XEiTken!J(yXr&24n9At{I4fLT(?hL}
zNQ%ouEsX|Tt;?4KHKBUQy+Uhk@$wd{WB^J)wZAK%Z)mBheD(^uRD5itSt769?s+dN
z;`2xi^&;zUD&}T1%Jo_==g})kW|pm-Lowhl5-17{QTA4#j=}-&yjKL>Yc;x;mWI9X
zrg~{wCD@|DEs{Aou=<MjAzBd&#$i4u7I$OCs)3@p?^ua$lspIJ?aZ8wSV4YxQfjAQ
zrWnTw%27d35q*N&3ef-T!t%hTdn2}!4f63cW1(m(>mZ2GLZ{G=WD8t9gDW@i1(n~o
zI`sNZ2t<j=J^ccmNnPG!L#ydXcj2_~wql|12%If70~{UaSiAd(R>;B_>OEYzZQR^p
z7<R2-pnAQ)NMcx+RilF2I%5`4F_g*;Ei_JIa^|?X;D*`<qacXb&K4`<E=i*p4Mjl0
z!X|GvesVyf1^rMw2AI=^D3qPGnFApjT90XNC)xz>;h`_7+;?W9dTqMnq>HXMcshv1
zeSf}hc>>N8lf+W1_vQB_#z9<3ipnVw1_W?W{jhFx|DdCuDdZU7{gZyHsM(~(hbkOn
zYMamvHK-@dQ7ROA?v|jkN|M*~Ye2VVgX&lZ&JKXZPp%8a0gp$pO%`G?oWS|e4=1qW
z4W;-QRA=p+etFV)-azzUT@_iF&4qk!XK3nzn!n*NS9*tBf?iFJRC8!_`2cqhw9A~X
zsVb5k%wS+G0ZhLmabc#~!cnY3lOw()bhKL|i~iKzC|YB3%=vB@j`A!SRe~Qzh6_Cd
z?1&^)B6H~DteHhXe<@*Fm=$B&y-#7JT(1%9u(yAVkhHv^ac;#+mcy_2kB<(Ku~0C<
z?x3tCt^VbVrht0AtFDMpDm|#z#)@Vs(y*?Wp@x!CO(0*sq^ZeXL&_7qxrorjz1|eB
z#5E2u>hf?Re?yq#wgDOQq(~jw>O}1HFCVg%H&uYH-Df+;UlH^dx~szRy6C1AIYf*M
zg<-ZE{mKy8l553w=pZG!xNt(!$E==|djct%kFD5@Dq;5ZyY#yv&8V!_F*Hr13(Yau
zkAizI)-fz7iD19aGJqnU<1EjIK#Sc2&^RIm2n#DcLh>(}gOwEU&EV<_|8{%PNwuLJ
z&;_!Mn9#X^Zpj5wRNDmD0rOwl_C5*$2HBG&fMAU>AB$7!f+}GSdnB>ir${r|Cb0oD
zg%gwoFxN8fwybx+wRE;4VpZ)jY41zi0hW%#XprgR-t4M;ylwo5^l~}{oRiY&lzFY3
zbfAOjXmsOYiIb`3H82-AnHkukP#{c{b!8viD6N=Nj;r%QxBnE#h5;rNZA4rIg7ZPu
zRXG2n$c)XSN~S?W^3mw6QLf`}@#jZRYAB-WVul7+Z|P;|c3CF~kf)@bei&hQ=b~!`
z{N|!-2<OA7+xzgiD?n`VM|Wv2rCou-Zg~Ux9~H~xGEA~87<_S&rFdtG;xI3EGY|}x
z*Owgu%y1Z0OfwvNFbh}5XZxgP$BMNxkgLFp;E{e?G{Lbr$Izl^Q4h<T0rX(}VBW<@
zpdW8*S-nw(HafBHh)>k{M}GN`8>Su~P{q&ks9h$(g_gZmcOf=2>=PsJc#@R0*=6*d
zi;nX-;Tm^kv4FLqR`=IxEW-Ahb{yUpTd4)d0ugCk+7Z;k8t8qo5EG{wkGvs$yZlMM
z{IVu`n;~xE-h`~`X)@|6*luhI%Vm1ZHp|gU<E|;$D5-W>kbmzbG(icqzSQW55j?12
z?Cf#2jW^(6e}?Y$YV#-8QQOiE9}gT|tJYO^_QH$R4y;v?on_f5iBq#)CPDYGAl11O
zYapm42U??{*pM3gEE~HK`6ROnZy~e;Tw)JZlhI7>)sa@*P0FZ(R+=MByP;1RvsXbR
z1FaPzHSS7?XMlnmXz(F3khP+w{hL=q-P?U!{=IjfX=m2%n=Nr_38W->ax_c@u~H<=
zN&H4laHu0l4Y@%um5jBEiiZKt4iB$xnJyb5uo;v#EJZGzbM1zZ;9R|+C*HyB0qgDc
z=7L9&jnZhRAXUJIQuT*`8l=UcDF|7WVh55|pQcyA%|Ky_2w{421tku-h_EGOR;@To
z=*H;?38H$56EQnuIT^T%dh1}&`9<N}LFw%)s8pG7NNV*hJc6Kux~j|J_)Ek)HP1=L
z28RKiq^mHexM?A<j+1Gs!7WSAxcf`9bWJ^D06Ry|;<GcWLxE9)G$Bk_XA((8Wd#}m
z*1`73anE5-rIS+7X$=yH@mfr#2u&&Egl_C~o#eWh#Om}KqXOeBu@ihJ@L>00mgv3B
zFy3DgPvHGvdiW?RS<?@a^r|Wl^&UjmQfMyDV!RY##J(F(<S`9tppkMyEJ*n-bn~hg
zN%ihM6<gldFZI=dOMYmc#sC8mS&MSyROrA^D+~dY!F#_PLfILZJT|DCsBTk`HL4L)
z(=)lLOGIF!5w-$UmC9L>7gT}tvmy-QR*(o{bj9wonls$>?lVeD;7~7@{^<c!Hwuv`
z>4aBf5)KYVTY^HT&6|z>dk}aDiVsuWzg1ph)atCTG9b0f?HQv6^>lT0Yl$<O7g6{5
z&hA$`Pdh+QG*d+yCOFxgZZ3zZ;@EHy5NfPZDc+hnz!26J00xht7EmURx;%tA{J7Og
z&1T8@IPrp!qYjIM2?P6`4Lk<@!*Ju&xj+xIeKd{bH!n*Eox@lf)0Ciy<q8^Fov%4=
z_t4-=K?>2NPNB(=?ioROFKk`N#8gL)BL#oMW3LXnz(F}?Ax{sE9`78SFl-E3wCr66
zGcMsc%($Rxkq4t;ufQEp5)dSARqyLE-i249v<esvOrih_79{Juxk%8$kKSuJ<O2Ad
z2sb#(wL#>;z^;M}%rR)9E>gVYAI78MACeNYTH^j3E2b?`RdA01^Cc#*J{@~IgK(O2
zi76T%Iu_E3478*OA2ff-6NrLQ8PgYm4tDQ+KmZP$p6)z8=(qs%Eu~tH?K5GudAUJ5
z1=f_%9TwbFpUGQE#PT|<gqOc7W)Q_Lk|J~V6zlv%A!YYz$d>2>FkewTy&jH+ptMER
zew`BDaw1&Cdp4xw_|A)O;CA57o!WP;TG{Ea6rb6@)l$<Xg5Wr9q*n{yNIOS+GN?4b
zQ5XT($xVlEh^?{T)o_wgW@1ebON_a2c~#w7&YZm*N_J03hbdBGZELF*o!zLv3_kS}
zsBHn!1^E%Y*G*YXzP$9d*DGWuAdC{^_jyp1)pXyEeS=kDxczZqp1;*AIQKHV37p6Q
zRrqeOA>__8(t+>Cue-or<|6Vvn_?*j+S+C5Smj7h=nZ|Z2tFR}Ox5x`BZ^Bc(svzc
zowSDZhJP&BnY214Z4h(_Rb8cWQ{1eY@4HRs-h?~aqA)|DsOg%=tMDuxGHWP^A*Mjq
z29f40I{=H;Sq7<kt2kzNV4OLN<em4ZvK_%I9`Lfqh?PUUbMF-5T_Z}PGTu5DZ$wpR
zvqr4oc+1?4EN>#Q&k{74AcPc*J`5Nyd>91IGPWz`3dT8GBi6>thB=ARaEbI}XjrSz
zY>naMszX_ixUpsMbNEs-a6tjlS#n!P(uw#@F7=PA?vYu-46AM>ozk>`VdJe2Fjy8q
zIAA_}5GnDd%+g0;53|>Kvh(8Ll$!)uh#P|{ftGrrsa@OFuGg5`R!=mBk#xbt3|QLX
zc?8lwc;Xo&%Yd%eT1dfNNzEbH&I2^>!AD_||9`Xh?hkDoN#gkZivNl+cQG1}014Yk
zz&MAo>~QAc1)OBp@yUZUz}V7^Rx{$UiSKX!)~la0Bf$1%?>^sXH%6N2u6|WlS5?=;
za#%MNt=s*|Y3GjWEoqI5xw-{wJC>OLI>|_xv(_*4psGcof~H9%K+<46Jm;3|*4&s&
zT$qBZ(;&3$BGCjGsAi_*CvST?e08P0?LwKl{TcoBf6-?~{5Ot=|4)zq*6uv2i2wFy
z{)a#2<HUcH6>nYyo#jqP!oPJ^+N+rU`{CO9qpI}Zn1)To+crVL==Kr#xPXD?w+#oY
zA_er3Df8o}4Wh|e=~<GM9?c59W+Jaq$37#y#FwU$aGr6$oQD@9NjSj_^zl!eylxsD
z^wLCi8yR-uyg!MWV1H-VN;3piVF3z`@WWXs$wM!|%u;Y5ryyx$lveDzK%O30HFk`~
zY<sj=jTk>yS65+E+zC|93%N8(@}SYi_rYS&`EM>xtQSb02!J1;%?wF@4Jt|wqnAm}
zaoB}zKLD}6=$xJejcJ-EXULx6n=30E4B0!#RnIs>$<;PJzQQ~K?Z=8sLj^+P3gh!W
zeae=5AgZ!X_>&06SHY9uJ8eaDrFBWlEw>R<c;6?%S{VEuQ0!mqWaA3C%kM(1j?nW=
zF0uBIPER`cy-_g|?C(>A{2*9sD^Xp=T(9ra6_o!rT>6gs)rf`7#g6DkhuK-DdKNvI
ztcUB4>1cbMw?KcD{1*U+-EMZ^e{1r;hu;4l-S9sG^0@hB|05vZHoxqDUk}K4%`f}k
z|64$C7wNkOz?&AKu)Pxjp-_Q843;*7?=}L&cKTvnroubHzN>dYwHzb{(TOso9GrYm
z?m$8V7mK!1rRgUf*;}xM3R0aGtbCUrozOB}R9i}gK+zSPKq!iwdXYSYkXS|D>^<uq
zdZl0l35I!z|K3QM3op>1QGM4&9|p{`gM;1f*1iYlL{~<-aH6X-5tM6lzNl7KHSOU3
zeJ7VFf#2PE`Q!1MqweAJt>Z1Pk+IXr*fc`LynrUi?@N-1B=2X#Asj;_oD^*}C=K|m
z??Bc+mCDRnZ#V=y1K05@XL}jRX}ZWaI#xKh#W)>|IarUpl>07(B`NE246j4Qv^tc3
zlFfo|(8`27C#Oxz7mWO>Otpop1&r8cKlx=L6pz^J6S}`RkFP+&>n9^PDQQemYBJlH
z-qMi*U2Q;@i)=cy`rE{_%y_3-joFS}ZFOafvzCoU&~sXK`(RA+e2f|xisP-11)RdB
z8bk=l&)@ijw41!|HK~k$5u1|%U?0pBvJwa|>Vq(;oG+^rP3wS6FyvW!a}0UJhgMwV
zggG6$XxYUyBV$61BMJPDx5_eAX@Am_#LMb*CPQ&;?aI#7Ij6dL|IJ{b3IF!t-)~Og
zzcG7GzW*j)koZBQ9C94>5L-#S76Z?j%KuT(1Wu_pBu}Bq+1Sk#P1Ho@LYcfNP1MFl
zm4{SpjJ65(!Z!<+AF*W`Z6$-fVFHKJIKhis@JH=rXEq6vkjzEmj8y-G&@AK&>-ve?
zYmC1Fvj7v&z)5JzV@)u`lG^khE6g|2>2Mg%n?lx1<yKv5s4DZV>QdkBk`4mdd1qC}
z2dnR7H#T@*IK74C3PZ0#`<)X?(d(WSD)ELM4xApsQpq8qR!LKca*yok^H=JIR!={x
z)nRWM^(Eu=m$W{vS(S&2qQ@2cWnd4!d&jEAa}_8`5_b?qqm2^5ZXH`$kYPAu*p|hq
z1ks%T2J_xJ<8T8}eD>0P;|#;z#^21}1VN`}u9}CnO6-L8s&J6^qW7lrh1kjerpUWV
zGBY3x05V?cC;`fXha^K(ia%NAoas_qFo{w>6Ka9H0$(s3w9(M3H)x1uj*Z;LNK4GA
zq{X)-#mmdf6*e_Fg)OtmwERY`P$5X81_`B^&2UcvO+ksuOMN&&8~V2jlZCD6lxYN~
ze?Cn=CdmCzf3m5UZ7<KJlfKD0hRZjMQ^WE~0b&j|7Zh2Bex?2Kb%Vfh30x3W+w%~e
z=+<~6L9Mq^v}I@=3*VAj63KG_=lv*2BRh_SW08S*GJ%$J`>+vV$Iinl$Zt2-pBcq}
zE||kbMm<y*Dnqdy;ZZ5^{y*(h=-hL}DIqEI!2&e95Ll_#`6xyIbOx#4-~p>9Zr)U2
zH}|LR{M&uP?a~;w+!;o*Cv8lI7FQ*2T-7A(8g3FgYFhntuUx|EFBd3H`CHi%^WxwA
z&NQcHG){$^$j539*jGhIQpj=dk*6}^2Qmvu8qc0))$Xr2j9;NyZvvsXHHF*<`B^#t
z2A&Iu`}-EEy)!H-PXNh6AQd4YvaQW!Pq?$#3}~(Huo9Lf`iy1qAi+$`TMLHL&%avh
zYd$yX|Gz>CxY_#u&g#QQ-<I|N-~Orp|06yX`u}s*|F4SvzrE7_E@-#c*S=j}dsx>0
zAEWUEY0wka{7d4OyD9!nA~?}+pO+N%rF3v|8F1@-a3m2%XWT<#G4kLd;ZO$@LjZei
zXD``0I_@2By_{n+ydMv{ThGn?!Ty^)e0en2Q00IZ)B5)=IV9-T&}oBPytnA4M>&3d
zcyN5+0&(8IdHvJYuJyj-y?+k9de!}_RbtI_<4r0t{n6^s(%G2BS-FQgFr4`*m3_I*
z0YUW_bEmM)N`@a}o!_ShDy4TGMg2)el5~@OGAO?euL*f^bL>c|658{^4RJejx<iW?
zRAfWzt_$lsTJpsMzoX~e(FCJ5O{Q#LJF-VCk6&&}Nj%i;wt-pGFDboB)vO}Yn5A_m
z69Jn3pY@41<SgLowq8_RsnV!o9JzpWn`YvVqq8%Zv!8S;dZt(lN(KS>9BV|WFB=4_
zDDL@V#U@2{ik-9TW5dT*%NUq@lI6H~MU1B^Zggvvih}KUvv5unsTnEzl=?JuOR`d~
zx-cnH-SWa(SC&6IKHS-V>6T|zWMy$Spmj=X^PS2H=**3wbKN@1RjIOyC~@5y+E=Qw
ziqgq?<2Xkf>zaWO33AK3K5v!P91U>jEv<yQ7INq;FN2wDz&{{~6{cOK&V`p`vD}NV
z#-2_%qm-6Vk4i3|^-b+@MdhlIH~_|`ep*vsW0+GhH5Dh(rD(&-l{LCGg9lE(VdS|r
z<EDP&fddcAT{vw`YnpO~=r=YsAf|3pQ`6GaYN$V~X~shFax?v*fpA^}z$~O+``lDM
zsi|x>i?bRh)>PKEt9C%eQk>g)EYaIF0)||$UQr`Tsp9ql^I_|r@;z&)h^u4&Js{^c
zR1n+e5%mwHax|Dq`yig2eBdmZ)}6?GZv$Wv?g{N9{E6wb@rymAv;O&V;iN;Q)`rPN
zoMMiOv*sNd!%~e~wuo~AU<NqXXHCBtC-QVC1zM_=$pk786NQ7=WJ4eo#ilt4oZ`B0
z^NI)do4(CUdf6t`hXbsa={>yJxKd9vSUNNCPSMHVc4ye*3fK<8^qV-ja}y^OO~`rS
z16P`_=1t%^GpyCfS)Y@&8g>KL^eXh*<)c&8cTo*<);FPa==W;+&+e6(>pS(UIR9sN
zj8EJ<c1w}ue_po~gL21?{qv^_IjuW(YFzxYdqon~ZF+Uj=@>N1ooeGh9n~?{{2=R4
z@9<t;KWfvXw(fD(mJSD-LDrG)8}t~uh)+<KsqJ3YmfrDsHApa{6h#;SGM}Ruf`p@q
zoLn}cAR|Dm2f(q5Zk7ZFG=)bISH-Ul8acTS^KX})L+A5OKF8ngacFlg*C2mPf`dv-
zdKi{#o6059#;^E$88!LsdFid-2)~vedPs$ejZA&gR>p3ZicaAUsHU7>4BbOAL9SBS
zw0@YWHB5(Osk0e`VmO1Hvl@TVv8&4aEVaekKlMbRdq&bzcz9HN+!@#|zj_&C&h?bD
zQyin!5vy8R*kz@KXkV%IvTS=SHBgM)?Y$XAR}paVX)u_MM%V6b0lZ5_(@{VL$nDI4
z7Y_^(Pg$+*%HX817eOCw6ekz)fS)>cZs$>cE?3oB$4wVj$h4De%N^dZCYWLuOd7!9
zbJ}<N<^_|@=j1kRcvj8riw0QNSI?b=;CXt3y#D9U()(f7kA@2Y1#iFAT*>QWMsV%G
zRP{1WFRG_(N;5`Xw-q1SjqCL!D>9-#75Wr<S)oh`G-`g-HaBD)gXtw<6;H0|HpdOi
zy^}IjdVm>ZHp~ogLyL=JH>_E%oS`t$M>2>jpi-uGywE@o6&2Bb%=9E1b3S3*E_}Cx
z1zkMd&H6vlEo26w@FZ8e%y_#*CwLV@Yo~oI1%%o-i;GicSEaiAGP%x7QFRZfltj2(
zy0Z05=9Lml!nyGN<AND3K2-Cke(M>qo{c>iV-JQJvOGc%GTr(SY$flptpvlHR@Q#;
zo=&G@nE{sIu~juV<!PcyjxhN2D7UL8c@O#%P0s9xu$PF`VTTcu2~$L^HHz|&qLqy=
zTX}IkM5P%*uu1$+TZdbRFMB_39l;+vbF{qJIpQyvLE3w@-|ar<S`Y7)6mWt$zuAZY
zt*ZzY5`b}1jQc9`HeSE6tu~us>ktMQ8LUqU{qzE%-4<57MO761$Qwtxv|;Ht$3~&)
z_y5fp_VCQjeIXuf*lunPos1076L^$ergq#Rqbk)fghS$7Ve&I*T%!LlCz{Za85Av)
z_{>v^be5za(ZdgK^tlqcGU+OTJCsF?8?jOOh7`_xZ^w7gKp2TG;%iGU4qZYD?r3J^
zp(x9Ly*KAfmxaCC8}?361fjHH5JZW1msV$6n&kzuyP)*VR&EMw(WK$Gm=^bwhO$wC
zzB3ze=`!iKWh$wGT;T6kz-KIQpsOFGHrEXgsfPxD#Vp-UtBZ;cqcv+i?JvV3gch9L
z+rznE0mx|Wk>)#lNI0ig@wM3GTL-zTinow)ACu?F<p*tR%y@quC8^1;8>Ant#Vjs9
z62Ak@RIDI@GrE5el`bMeZt7Oj`-rtZQL&2JjC)nvUm@}7Fgg=@-hT3A9E{>9#poVq
zoC~Kh4pquX@i>7o1Xlea((Dvlm(W0G9g=a>d4#VPf@m^{uAL*fir-NriAqa=IjTqo
z8B|+lR}M!0g$LN_B$ggT>2-j=FfKY>abo`^MJY!jR?i7w)lsL;POBe!JoL;O&?g>=
zMULOAfL}nyCd^(S4xCGJ#0G()Fp-zhHAZF`XP118cARUqA;4+mP0C4)<fLKrt_0%&
z{fjYKHaAzB?DT@}E10JQeO0(rhy_ANPAM*7zk}dC*MJpA0o*XmvX+ekcM=tYudSzg
zksUa$i__d(<ALY&6q3{bP7ifO!7T5n4NILGCqqOc>YsL!X~0hmUq|dc1I2wE%=V<&
zs47|GyHr`$bqcC1a#!z%N+7p3skdu?k*Tw`in-&*v5>y8H+M1ivw?lK!5te2-P5_{
z{?+ChU;Q(~{)gqDuiyYY+x}<u(WBK>&;I9edu{bk`=3AJ<JkYG6>nYy?d7#^(E#Yt
zO1r(X`d!fee*NL2^|i+p4#2lC?$M?^+(M<(t>Zu|JyB*m2ZztQhrz*X(pcHsRmYfl
z-ODJ6P5u@Qa}Hi_A3X0KEwz<n<NV&iPhE=7JC8vcUYW0W6Jvhu@5qmrUADZ@zc`A5
z{z<BC{&nQOJaTFtIYsxoKRXq7U+}lB=g;NQn`iuG?~MR>zVnkjIgm214}Rt^Z}#^D
z?7^`Np}Wstwh#8Vx8&h}?Y-tN-M>gFU7G(McaM(EH|Vjz*xHpo9B=LHnqQnyn7_X`
zINUurc&&fDKJ3bmW9JnB-Q7{GZ0{Z%b<Ni|hw_8vXZnu5ARJ6cAxbtL5hKxznkUVE
zbA&gIz)L)N@-2DjHX``?n7^LD*N6PI4_`a<b%d;j=l;rQgK!<RVWa`H<IiyrY~kN$
z@_U>9#aeT7sNN@Bog?N?I=M>G+YZKCle0tlyWb3wt!LX|FgJ(z{JMt-NgQLdT<Mil
z2^bftL#SI<>5chIE!mY2$?NL*J+$k=cDSiIzna=OcO9GFVmI~kRk=ahQ+~bG8yY;S
zYjE|35gyfy&~MQ1=uu5aZ(2Y_H10YvNM3GQ1-}juqPtcBl6BWAK-}(H1<2r?TRFJ%
zSb((Nb(;VYzH1dA*LU8G-Tj-Y9C}sw2&h9+r=i^17I0cPb=o&0cK0uLt+9K2=NetV
zhChCP+u&LDIdx#0-gSrK*?8AF>P)>W_2JX^R`_EttDMH4QxDJdy5-uh8(mF%{^<OA
z!Y9;K+pn1v;wWx+Qe8QffcLoT0moblscJU<?+b)C%YR?)0CGe8r*9v3Iwkq<;iEt0
zzdzzrCI6k1{MYV05)Y8ImG(mv09PNbKdkToIgkre<@j-tOp0kVL=S*-;M{K;`APYI
zh=_PzmKx7%Ts=@k{LBOhl}QnT;AhM}kx$W{<eV}V=}TzL@DUr!1HQ7%m!ZxUMw+w>
zo<|oH5Q4kUiR+ZV<>TN4JMUg_=RqIiM_@H7nGJ{8C91plR$%?!-21JCU_JPbD#Nd5
z`0IQ1Yuowt><WLjxoptDvJ~F{N)_1|h4l`hSkC2SIM1%`;Yid^oy>%?oSFzxFqHU;
z?8aYh$PDF8>NC&By}-nX!l!z=_$i0kf3+OE!UFMC)Gvm7_pfXq*l>o!ArO4slSZEL
zlNOZq`*m`SCj}03iQnD}{P&$jctatrlKwf?KaYl|PTSlj#;}|~#c`IRP1QZi+C=qb
z`QBGVI?|KGFnzF{_UMWR4;?<S<V^k~v0tK`0*V{E2sS&gt$FB50Ovv9O=PDE4^{W`
zW&3jAXy<R;-uB$w_wJKt<tJBja}6#XEXkwLEwVK?_uW1B(ZTDvxyR<&>w_bDwCX&8
zdJTS~ARoLAof6wpVoMd+a^F9b_quD_-h1dgz1K6vRD>42Vty8b%b3DmH+bzs_N&PN
zS<+<8d5S0ii>}n9=|>!muh|>*l;gOPGWyxh@zKuyajPx6626cr6aeR|n&ec?a`42f
zq6f0K^$VIAKoR*g@ZLqL;jM;WGPjEA%1@uRl^GME6;lG(5Q62{8*+E8Z5AH%pl35$
z(<MZE?ibxEk6^260ME+ho>i6GE|=S;avZCTVhQ5~8Jd7_NZ|MBLLiF~6=t`H)r$dt
z^s3!Rn`88b`5*khMYY4#@X3=jgn!22%yw39)y}H4^FO9h?W^FP3L`enKaYoF4<+qm
z$gxUz**z8|S0jNo=!WlLybWmIggHyXr%!qR;dLLkFWa!W8d}$SM;4eSxd<g>zleVy
z@E}w@frl!%U+=;0<TkD8YX%uiofLcEHmWMy?h!BqLLD;zzM|B<-|{-YRqDIcZ%*rb
zzSU$<v-&-ies4M5)-@|S{j9dr&%91QtL!w?Z=Te5`dO1f&Fb`tbo!aoX<f6T)7!P3
z-u61ZUD@gF*`3~QGN{{hdfVx=u30tHSM^hU<<Iq1^<-b&Fxyv60e7qUzH%qrRIccK
zF5R~W(=z0>)YV+|)pQ+dG~K9QJPjw|k_E`VecwLpZXE;uKHF|&tYi;w+O9O}If;+y
zmWuS|m{G_e<BURmz4&28XRo-ke?VXRW+jc0k8zJ;<BT{se1+!LAm8N5@ScoBfb_#b
z!^SYm?lowv$`cig+cBnxlOI!$G};vJlhKBv;qWm-PPr;Uk7l<c1Kk3(bMy-BALh{P
z0g#^{GZZvorgKH7g<{^f0tUtpf7O`Kj!26Tz5%HJQLwC|m`Xy|8}yF4EWuKdy)wYL
zNlGRJ#k5JFf^_(5i@Qy|{$2N4rd~y%Q**~+!6_cGz;20*WP#g1z<}*@bBg!SfDSpT
ztAc}%UgZ+%)hrdj)IZ3;D5SdBK{O2m#*HVL)0`jxnJ}ae6ru&&xo0uyXCRsc^Xh7I
z9zk4ZQ@q$r&qxByG3M2D<l2ytjDWXOt*`RAhnJ>vbHKmmb0A~)CkZ7sy7zUUw_4D3
zx$J7LEY58O&*lyru+P>vVLF}xM#6`S(A}1lxzdGj9!X{Al*8*RDH?3+vW;h1HVmI_
zP>dKjo5ua6C8yf{&aU5y<>h777yO$hLtR5%WcgLdqH!9(efCZ|b<e)NDvjXf$?&a=
z;@zALobGhWqrk4b1+>}@ZTLqe_%>Xww-p-rM_%Vmrz^`=^acCyOh99Atj?$lsdDFk
z`y}RQo58cDQwJ}jobni7S%$k2R1RKhZasfqF-zDv5c2G<@m*A1*_K~+?@a{`aoI(`
z?DL(U>dLN^;2zZW_Zz?L>w}-`%Ko=s_RapDkBTjC5A7cu`$f>uQk9aO(B1b74de6-
zgcKnDR?&O<4yhVRVdpH<e}~*nsq$ZYudzIE7jv)yH}S6pu=^JS47X{62fHaq76$*b
z8Egp+<^3z2KCZ0yB&ewu1ZKF^HS1cGn)l>3h$~Z7oXQ5xz?03V!M4-OIW%H57f5cC
zhuom4V^1TW4Fm;Y+>`4hch1S8EokDl*=}`0wTBzLkF2-PD5V~cT-`7kP!fl3MpZRy
ze9NTp#H#01=)l>W$1%=K9I9E9n;)*53ng6I#2RR=2y>O3@(eurfrf#UfTrcQKrn^~
z!qQr}NyR>Km*ghOh1*ha0}I*I@;N<WqO)cXptH1Ho=S!X0BbE8x%&VLQ3q2ot2Kps
zoASn8RCBTA(b&c|O#0%B*Dsb5MVOa>aR*Kj@RJhMKGRzfueiAS963Qy^cmw@B<f{$
zwwRJepz(Awq`~n7%6(VqgzB>~ed855%D#Pe^{(kJbsFmB<?AntfHVUOmH5Xq$_y=D
zHMAa|0#-BF7Cn~5jV-C^Hk5Vl*H`cF1HR@M*SfJ720N*`!fg`g@Js^n)2cqhY|z<w
zIoMXZY~!TFyCO&aR++z2Qqd^IXr-&``ev9Qp+9Kw9$=yVoqVKvY=euD8S_j4pqW2s
z-mw+D4c$SrHLcsy5Q9&Xnv&oz-*ZOBlUXq~tPu6-s>Te8*9`MU43tkyj2h2z&=@8k
z=@vr`ixgYi4AE;-^|92ZP!h&Z>aAN*ZIkMipbB;*z-_w(&E0!z-WK?N0LHhiT6uxa
z6B)XZB{^{OO}y(E$Nl6qfh}~20z@Ab{xs{j+9YI22wDu4GcKg{28CV+XcU6Pj2~}-
z-eY9Sd?9Ec0SKL&B<iERv?Q{9n2yF@{W5`t4CC!)w>qAnxLUxVmxE(cD$)%?0-FNr
zkeYI})m{foBs(|#u+v&whb2c}Ip_Jq)}wV;A@6zcc-?6gF-c2nTdL5v>moa2A8|Ht
z&OzkCyyS8rvNbu|LscqTa;iIdcIGhmQ+PU)8z~v$sT+L1lvm=gTp}`Eq!7cnHn1^H
zvGb<ltDvHymJgw#0<vO@(r7T?J22d6jJV<WEA#D8W2BT@)|FAyg)w@E`9&<f7Sw)L
zSy`sHNoMs9fTvG`hhZ7a_T9mBd@#7mTN+Ne=dAX4?A18FvBtNgo$+V+me#^5^BHL>
zv?DGlFARw!e}$xoM=F5Ubi`_RaSDn8WyNA6zom)TeX-NseSXw?-97BR*nM;K<J_ZF
z<74p0-v7_A|Hv_o(pO0Tb(8(a+T(WHkN^1?{`_hG@dtby`ww1mvi{KFKfhmTe;>5h
z)*pSlzWQB-^*_+IK{Oe_{wL?O^ei~K2EsSO)PcZCT;DqWr;6+uPbR6C(u@4)%h|wY
zr1>(>iewafiNA1|o(sb6&a)fRenrzOYR`)-D$krm-&s!1N|Nfs^Hri8w0@pw5Wp!M
z%Wv9`8zZjcL`b9r;Pr{xpnVM{yhVmjD+-g`_NPX^DDe}Ps#s`N5_CJQjfvdt)S@))
zUgmi#==uCN`Fik8KHm(~2q+&1r?-#O(5oqV$grjkyDXhp<4$}k&0~BO_oqc=GT#cY
zIbmLd@>^!(!t}JwIW8r2ft#JgZBU}3SF~5PVk%WNc~V-<+08iEfNv#*v{`lJVa*(d
z)!m}zZtB(~8{OC~yF!u8DBihY6j-&Pn#3Tl&S>O$<!Fl0xOO-?6#_Y1@4epN+I#lq
z1>SzVQ?9gtV9K4HAxXXmcy3btz;_$NXn>5Fh`G~LMGd0Vh1i1#-LwBbjrBsfDOJt9
z=o|{O@Q4$#&%#>+P?EP-FIgz@*kMqJ!jyc0v<{2qL_2O5K(5D_P4zvHh?%>1J8FDG
zL#o#Z!xj7C_U^&<D`r`ay4w}Q=Y!<8&y>m0Umghc%5&_e_H(A-(Z2=PaWvWd=C4hV
zEz;tA^P5pK7(~~b-wc`oNM`Wr$0pj8ZGN){Bp~i@ese@tI6-hp#V%38zNW7qfd1x#
zyx9B!s0|ePO!<nAEIX-@%E~*-G4*47&D5W0buA6!w+i$8biV+Eca+yU()Z8m0qzw(
zJf5H+O@U}qiQJ;&=krQ$NRW+~g)Ni0c+pPnY@IZB8wz&p?Diuuhvg*BRU3Yab8Z6%
zkV}FvjuOgw%7Y)^-(Z~yNoIB2%3)rW;g}lq_S@NAFko<}&QtCL?z-NvsH>Hw!I9C0
zEDys%B^icwup_7et+c2ys;MK7gfnRW<p{ovk~~M&4tTZ!j*Koq=S>$?KL(1KxXaW5
zsUn~^9B#Qfru>tA{+m9NYGn0#MNn7;iMa9e(9l<&M>ye{RHwnbffd1|7-1H&k(&KQ
z%1^a$U#FRPbG)rL2b6;b&qf64L80<xIax~H-(PT3q*yhHxwR`(iVJ+DQexRT*9LZ8
zi!z@^Ys~;A{m~ec%FQnp^AhydV(-{UO{X)56Z?BPXugL&8DW=AkM&qB6rBfBJC6+C
zsP(iM!S?Q}q1%OkE?b4*S5+aT;#MjASyc>3xD5+_R<?+Tgk3I6b(SQjARa4LIsCcQ
z{(g0}s_doPHvX&u>K45A3To;`h3PD^O4IMKf+43J(C_Q?P=w0QrWgqlBgRvazR4AZ
zKfF9pR0BB|%+r94KRA(IamqQs_YFi^liEfQ|2~1FtcQ)9H1Z}BAqDNq?A(b;nL2TD
zuTbOBV1UDDJUD4WV>(reHA<Qzj=KPK!paKc<ZoMD6*Y~?40e*7sqA2smLR>h`y_Ih
z)gPE1Nuaf~WT%tkRyi}yDQ!t+EG5GYF@8YO`?O+KJvBbb=S)N7nhep)BlF3uh{aRO
zf>=pXE4e!CRu!pK#Lqi1vNX;na^&IFppquz0qO5CN*(I^^>QKcG&IrVG3rkz9CS2M
z*^8`&GgPz4Ep#JVOW~84P+QUXjbw;HG4(+qk@!Bw0mXVMbeyw-wei_l_cLE+qJy-z
zOqJ9o=3+p0{9;U(++s*~{BlB?+8q}lY-_(HZ~Ru<Etr*C7W#w?NK0jv<<dxk{Nh5T
zq%@Exy8;mmu2Dr<R9B$H=%XAlxyCX|nM)zU<$!ExuA=&2abFqX!4eaS8wDebUt5R6
zW!S28L-)}?#Rai%2teaj2gblu?jRaeX$AllKYgBjz)E9x+<@n-#;O{)lbstY^rPY}
zg(2A8?$N~`{M|m--Q7Cw^7rGvzUFUx2m5IB`PaG$fFk>E_PU2V+f@8`XRrHd!*9}7
zk3-X}8mIQ>fmQ(e&0{3mh*HJR_i;<lGbRHEF}a?Xw&yYL@g%|hH;?l@&svvHzSdz_
z$H_6x5zZL)x~-SU$SzG5OnRldS|h0IDR1C(X5)9wV0g0zD85RHsx`vr8ht3OA@#ZY
z%g%A{=*{+a_vpw0F3EE7ih!iF%V?6SfVW2K(N_|?y~FqnHCV&s<gE%@^4mNK<1keG
zD4G6KlU@yYJ=81wsou!0!ME0yleeN%qpC*5re7w71r&eE8`e_rJFVc5cdXLV@A#*F
zN6HlQ4u8r!y+W8C(Ap#NT8%-fT4N9mk{W~j<d=v=f_Ze~_NDt6FOzn6p7l`gDiOBu
zhQ62OH8gCur*8i!=`Ngl2S)&4e`~MXloc*x;lD`#Uw{8IjwX3L`5G5MGw*-etKY6Y
zEZzTn`|Y3iKYz%_zW-4xPWj&+b|Sd}g8x4X+K=!C=+XD(8z8)rcuh6$eAQ#_Ys~Eo
zccL;v)Xe)Cyt4IfXDFMC|19$!V6ac`(J;R9o{Zv=_eAB&o39C5Wj&Q?bsr-6_xr1+
z!+A(NFkdm5ls!>C0+9jeN8=+|^?xLx>?bnI!K5?tTkNPD0|JiU+&Imf0lJvLm$3Ep
zwDnZtI=|%yQNMs+Z<BZL?2J3p=&wD=P%whS5MW$1hs{yQhLsoL)5Z{u-BFLEOW=F0
z9!|BR_z5YeIYux2i|N!jnlZiNjBsA`(P#K(J1y+!srnfO@=da-1RtdksU|WqWjf|a
zx)fGanndf4oYJO}=L3iu!%PVoIxH_w23P!d)k`|4sH%=JPHm9L!hJ&##(_jpaD^>E
z^C6hFJR8|@nc3=yCkN%8REGt3042F@%LVtIsxGiSiW<r%JxNwn(XkHUPU|rNCIH0c
zi<oj1N^0MsiK&jOVe6bJj$+W*jj!bR8zL8Gmx!;%6SqJUpP`dMuy{dH7470t+CR@Q
zm-t7Jz+JdnQ9aCCPm5(P0{DIWs)uJPVto0HWJXZYbyckGg4BpqI*&&f{CwGxS%2xJ
z@ue`3*k6+%pa~Ke<@j1w^1O3h$s<O@$9Sqh89=`F#?GF@A652XYAwG`i|C3KuTbWm
zRwp>&E@|AtNsu~LH8J00Fa)-PJ;jE&k<h()GaaOz88k2swDj&&dPi?ul{K2gRi@2G
zrSoadl*7b&7d7J#_bP{R%EOo+;m*_n`GJ@PBMznu=>E-sZ<M7k-2VD(cp6m1@#qmq
zCDfTRVtF)fFE-So!STQ=hBa`)VLDiq;0Y6GutWxb6`0Vk#p=GLrbT?b0;xkOsVeX6
zwY*VUZ=%(AX#GC6P7S%JOlZ|FUp%oGK6`{zMgu5~>XUV>aXeyefQgm*O_<zp?l<b{
z{YD>-m#U3}OQ3T2lsecOMMeL-s*AX;>RYD1#1rdk?7mt<YK8D1wC++kto|lb6vP}>
zE2!I*idodC<Y_)DM^!@zTr@6Gg`ffK8Jmb(S2$*Ggr$v8K}4vZmE;AcisEPBJb7uY
z_2g@E3zbA!L-+k<vThOP4F_9<xbwwM9nmgr5!nkxUfv9-_{Oye8u}E9=|uXNq=Vq2
zSmubV52OGsaG*u_vwzV0uQz+IH~7Uzc=A!cPnYv$><&CiDz+bTI})(C<{X3`n7LB7
zg51vry!+`DEy1fEgLy>=faE%_BJX;lYg<#KT=k1)nyq%sGT~g7iJ1~<iSGf1#UGNN
z&4Qb9P8nImQ(8Jn5`fc8lvk^Lh6C{+17hqY9D%9W>zz%q%L_ns+9PxT81A)6uu}8O
z0Z~Q&Ir&91IQsGMxVN|U3#zU%3Z`)Fr*C0(>g9QYIy}|QCte$&)tk3cXld!)vdl`r
zcX|lODra}vE@~wPfuV2rK<GG$CX*yKLvN}=Hu~G}mX=&13k*(At>G|%1&xM?1sBbf
zGo0D)6%q2;qWSsYqRF0q*(vb-EAkDwgAfC5G=ntskkf`+i#u#dglLf7gg+I+2#=e&
z^`&%)Zya`TRY4FsYNCKvv7lH<#2u$T>fl@t`WzV4qFLGrG$phI6?-xoe3<5iDw<cF
zLMh|T?BQBnlYWsT(6FB`2`DPhw|Xh3C!#;CmO8pzG0+Cl5)jLhghqDfxL?ijvZAkU
zU_~~JFXG`%Lz5k4cjKw9ThZTE%PJZ!Q_dT!pB~*JCvzo4`CPAuc$Rpg4K$KF5i2_@
z6D>iqxw;V~PvAA@IZDhGD>4uWP1ONud-)?W6Bl^MJa`cJFZraQ_v+vYZ3aSRhdp(w
zVGT_nEG9Cs&u+fT#bkG>7BwsO7mosOfz93`KjSxD++V6yZ8_&q>r+jwRXGi@>Cayk
zsn(0tRDp$%63rya3S4NnYLR7^9P0woD|}r?e@`|2)pKjD0IeWuV0I6-w@4+UpU`w^
z!c%GzF~Hj1SZzjO;XR!48a3<#fh(x9z}g;p98LP?M3ZaxhPN36udPkkY6D_pPC~?W
zLuL@cNu=@BPU?sYD=^Z!|3<KEVt~2urs+VgP8<?6iY6avVyZ=2Lx7B;=wvAS_+)4y
z4?M**(L<XGNp-4#Z?uX@#Df!hDJuhI$`?v#HZ?>F8BMQdOtDRSkR2hFRg_zj$Z2j2
zf__t$7bM|QC(RAM<{t^rPZBmj!e7W0JMaP#+C(IIa5l_NtV7W?`BT*^Oj5{>5KSc%
z0@2#0p-S76kr!%YEC;BYx|3*jNEl-ooVXpQtpn_hrduSB(WGeNpckJSztD~2F@Kp1
zhiDu^E?<$+r5QsIHAZU5P(w9L5BL0`Yy`#R8bFTGP%4cLSTet|mYrw?Vh&6Xv1_O-
zAX>naYlc&vbo}53b0iJxMB_;(s4{r!`z4H*Ne}E*6Rg~TLn_0h$W1;-3P{v~+KXj6
z#x<&CJ~l;F<F42IK~F2w-?7<^D~4>$WE?6cTC>A4(e3g?`_t*jR~7_ica5b?GCSEW
z)Zq$h#Oxj(1DNHrj@gs1Feeq#*^Kd`?fX?RiSS$^rmMw3)MQxq0w}0zRRvX228nXD
zkdqk@Cgh8Ur}nnw7RVY{HMXi1q_6OfRve#cvWRPfQflkLNrWR>M*Z?dLU}aLW1Y0P
zAD3Htii<>`CA%x|*8&^gi$RS~eXu&B@qN7JIM{hEAfV|E>H`1<gOGl)Iz;sj8p?IT
zF1IfZJtC=B@qCjQd!{yJeTPG*2wKqKD=6c>uiifxr*y)buSN&Hv_zsGoKoBD74%ed
zV%vECa}?g2bJdh2v9Z1$wW3<QWo?rjAM-|osjqwD2;SgZ+=_Dz{MT+74*IIz^W}wq
z)Y+$Rv+5p$M~H{1zN&FmFZjwTkA%>=1(5<qM6%cu^-`VEtLlL|&K-7uztMs3adj3N
zAXTxYkh0)MvsX12H*h0X^De((WG$_DwnnTihxI^1vu9D^gK^z(A#^ASyEYjBvoRcc
zHOmE5oKS4BewG%K3@|P4XJhhtr)dX~F9qa)Us-V;8Ycjmto#0Y0TX=Rbk3VvXYKr{
z4FYH8ou%cJh?t&FiRC(JEDU^%n%^QrT_p|PL9dEMLtU$c!|;i>y@v3$EG&KnRo7U(
zNoH%i#v-(jwcG^Xq?IbkNr!GFLoPdrSpX<CIUQz~v*oBU2~gu&$!W~0lQF-*`H^AP
ztF5Gvn0qPC5BR>rE^;myUdl$^D;s$+iU~QHQKM+JSdzCHdWF=@aY%xUF0iOnN&aSr
z5Zyymo}P6(v&}~J#>%)$C6LHKsLfR-_+&|hm1f~vZp<T<v5_Fyu7_Vx<OM40=ytbZ
z<V?an^#iGjK~T95H#u|B>K_^>3kBIsOmL`<0)joD))@@pwr-%Ws4P{4Q@4mFXhpn<
zGMzmBK&31K?{0EkJ^kqX8auy4$>}`PM}U4r^wdIE$?MHiU{Y(t8#{3{yzlVr7}B!3
z(xw3Ll53NFGV~Ok^9uZkD<EDKhN#m0w%T>4R`PR-)2(jf>GFmR22WySkJ0dwu62aO
z0{?YR$koZox~%oI$b=r8%Vz51HTqaqAIgu5stV=8rTYYAnktZUHa6ak4qB%gV*RQ*
z7?8PQr4vu0WVA+`1QA9QmEY@Oh!;czCX-Ae`xFpE$d~*e%xu~b_d|scQpizv*1}e4
z)6M;Yc_3||Kb8es6}TPzj~ehtp>gn+Q-0b&KdPhf<4kDIA)$^9SqdB6Sb-bQ9(>K+
zig)wE_bSdD=&fp(oY|J6Cv?<<MscXcNV_eaKYmjc^!N?<`jSOWT=vFk=rbgWY-}2%
zWQ))-4aJANor0D{E69PI_qn^Z(I?sp(nScYWG23VpI}n<OHx)Kwcu0>z>cGVgSMF1
z;JETomPtxd7{`A+Dr`#{bIC3%PHJ7YNb_A4|F&}wEdHYz?47V<(IUIB*oGhGVo&7*
zS7ZUC4LUG3%sWE}^l?JdC?%H>Jo35lM<)LllrEEWJY^3hRk9iUgLr`>MOW2jOJI)A
zhE@83ZjW(7{aQXnj<m-iu22C&=5f89BmSbiPsBK7*~+ObRTRmQJ7?WwsFog9kMn!*
za#DGcyzH{~)HS!&<>Obq?!ghi(^S{1WMiiu5})NZmR6NgihDB8@wb9n4@<*ntBws2
zMx-x{#s+f&Q}yz2Yj1DsFgSd(+dT^C*%tzJk1p}Wt+hTQ9HtWm%e9^cZx@yqg5QIM
z^@Vo<8I{r6)t_Yw7NtuMjPd~lYo&X*sIYf2E}^6r$tYG79Pyb(7Nh+FL{|Q_1fKMM
z@ql6Lm;RxB%~6$a9y*tUp)b5$U}L?7cMCp>m-~#R+5ZcwP%ke+X9h0lLYd7JE)2G7
zBN}KW{0boh{0~KAo({#FaXXVkKAYrU;OJj&gb|JC8@92{vavXb@El)QsxTcZiiv}o
zI9>~}MdhPH1z(2FYopclT=|d`PLRI$6W~@R16a0UOj$>)Dp7S6&M#jsUt~EnDORMl
z#m6ya!9fM+2_9c`G)X`+??Sj=x%DchY_Z?hxTvcEIyTs*GkE`Y0cNWG9?%6%ap3Ds
zd(tTE_?e@$vo<V6CeRf=$`-CSFtrTwN>`$NkoMAZ`$m!@gTWyp0pS=6l`me+2G{CM
z!W_33ddCH_x!tPV1H9TR?X=AWrsOz8rRl~kddP}y4MK0_2bOB4q&CuVqN&NkDAAkT
zLbKcef~!#A;F8oRZYpIE+(m*`o?3AhUg3gbPcKBOXEm`M%c3CjJqjLZ?Np;a^0mni
z2%MgE0?cqXtoCF}VVk8$Zx$+%Dji$Zc;rkeEo&q%7^0Gbh8O}yFv4k2`JAbnK}JQj
zc_jcrNl^)O>dPkB8t|%~;CrPj37N9cp9A&Yo8h}m5?VR#z1clJ>>jIqMsHdz6|{sd
z^7`2nZ|}TYfClhqX?B@f<WCX4(2d$)T|TJw*Y^+iET#Vpy!q^<uU<Q|ZnvkmX1AMe
z`J_!9;HoRPBX3+<NRjEhXLcaAk-BazuTtpq!7dF)#1B8*<|rU@SKl;Oy(HyR6_wM$
z?SoZIfm1P`{XP$KImIh7{Cm!S?d`}V$f@2@bQZ3nbKH0Jps+H_s0&5RGU^Z5)?&tV
z9T#B@ol+}TXr0LwN{CS*QYVG-MHcC-AKE;pJ~V#gLj$&q-lj@az+PFz6jl1xc%N!_
z`ii4;;S(I=q<WYA>CknxOH`nY%cSU^+aS!XTt9++C<pVpT+(ASJm5<-xSS)f_TAtm
zGMHa_Xq*t813zXA>+N3a*TyOyPg1^J*JQ&9a1ofc)y}d2Yu|ZwnclA}X-$x_MUW8#
z6QD+GZH68lSg<2B17&sUuI-3XNL4fAXi{J^hThn7I%DV+4bjD?x@mCC>ld0Z%Yakv
z!;OW|ND*wy&o4eL5VkgHqcat=k1_|RbOJ5$^1x01cHDm_HugXfI;STM+RPYm4F#UK
zp#7Kt8_nD>>4a(AI<wV{(9Tu(HX9r>{0iI`MH=uw;<4=9X`!8OUR0@Yp<VSBMPU39
zjbQoTHy7mlr{LX9q_*yMD<ud<HSg+PR;yTU+-ac>vIKnDd+FW+9pCY2TwLpYrwNpz
z7eO__s3sXaJQ%eR_SL6k0bMdnX{y03Em^qkVY}H_rU%atj*m(`c)z^7yx>t2*RKK7
zLW)mPgWX~GUT+<%F!@$JwB*4s@G!><X!E4(yp*|0^&l-X@L(RQ&ex5vT7UNA))6Me
z{$2gv?{=T#lMNNoxCX%QWewbI=2DZXN|%}WCpgxpcmRm=%Wh*HCU`!y{pS3DJc=CM
zcRKjsK~SPkT3YiAyV(ewXH99Mf#cA7pxR=)6*Sxy-8l`7Easb<I5*@XLsJP8z8nvE
zYCo<Mu1>PS^(@yEwo-}*Xd=|qJe8&$R2>jFc;8sigyem=AkLxP{pUXIK&)e`VHCG?
zXz&XfE`MG29Sf=H3K_StpiLiCSJmFH#c?cTMgOT<N@H~-15><$*L=7jPf^J`ERBE;
zBxe*QZqz^5P!+uYoc_Lev%h`3bFgn6ah7&iTC;2x?71Y{C*K+s78l3TzJ+>F7lj2T
z?I0fu^!1aaZz8K#zTrf}NR+M68q&A2^0b9@$G;;RR<X58it^yWq_fyznGdIBsRQSY
z(p%Jx0B%5$zyI_mTMktcp{SD%ZBq5-zft;_aab{@*U+4v?k=7Zu*cq-Re47n&9OP9
z7Vk@wf_Ua|sG^qh(dZ;Oo1z7j7=tymFD+RIUXf1#ssB+P4h`X~a89k}`$OTJk-V{v
zCHD?;+JZ1jSDQkM?8b&ugJ(3yD%R;#sZDUoXnxvfB*O)wBi1hS4xmrg>ikx@I<|nS
zhh;si=yElD?YUmn3cs-%a2)vvezW8#S+iy=IpIwru?$jvL1i&`j|D9ZD|Oe13pV)D
zd2F1sRf_D2W7z17j6;g+(85yZ{=q&;%~TP$9bfP&)rn4!?wx{!%leMgQb{q|NzgOH
zuv+RQl@TINEhwHYNRan-svyPz-zZfl5|Q~feX%vCz%Jn6mdxR#H3o1#|HLVRDlPu#
zjYFr<J+5Oh7^le<qCeHp`@mJ(a@!^%y}Ii*ON?gndYSPTSwZF&TUY)xrs)t)3JGUF
z2<iARF&pX1@#|j|b<O#Nx8bmb{t4GamJl`p4&aKsk8eDAO<5(L{Ep;F?&uWNzuhsS
z2=lB1sg|6V&e&ViPQs``lB3nYnX>M25AgD)F9~W&x>F|pUSG=fZ%LA-sdkmmuSX}@
za26pdnTSr3Q8c-}?NaK(t*3eym<0x&3PeA1;e{}Q_wVo~`u)1R&<DWp=If`MgmT@4
zHD~M+x}mUSrqIkNv~12gU+H5MJ{Q&@d@KExjI&JxwLp4T>K+j-U99t`>PF0}S$$`I
zi|($Q?v@tf7JV*nrrN7NtG6hZ)O1xfewQgn3g9ypwM>kwBrP9Y7oXi3y(@3tTzN7Y
z598bIEmIcB<eR-`-9y+S!Xo`1?C<QtzZ4hgcTUm<e=(uq?-i$!&A$B}D6xwL+~4h8
zd@It66pZ>~6JX22`4zl1(r3W_yea!8xXhcT&o?uR)hyw~40f;<CQMyT&oP6t)$v*g
z$A@paH6ZZStzf*^+C8cRLho(`#n!mlR$Tb0C!YkN9F0cB2+|6hx`;ya{V0`$bQNkS
z6*DYSJyHymIfwj)f(M(y|M>bfx!Oz@SW6QuklN44g!YW7ERa>)p?bGU0ZmuK+lxTA
z5_@iQ;;Sv^9o;?=#SN+OdbR0C-MIr}V7BxPT@*>g4_PEc>rHw9JlPr4Ni&Rg#&K)K
zLQ<%N`fcs6gJVSuVfqj8_l7mStp(@p-p>A;Bm4coyYF|q`y1{c9nf#~;qQh|ZJ#Bo
z=O@XnyS}jGw!HQH`HX%ay?JK8UGzrvX4ihZ;=X;p^OODd8?Wwx)9!z}Z(kq$yx~kY
zC$V<Q@FTa_e%GD3uKT+C7w2{NFLoE6cuV4e-tBrTX4ie{)_v*Ked*SH>2+&s|GB#+
z`_J712Zzr4gTq<K@@%IPTi66x?!bS$XW|eJ<5Lw-5x(KB$|gy1O{``d0SW<j!8S7q
zKAk9r6eE-_+c;XNu1+xv)h`Z)OpP2IK8HgddML!^x5v%k@u#Nw`)xD$w&E|baZ3xq
z`xgAS0{?xZ$mDNr%zS}GA2oxApPD5~j!b-Z8BaL1Zw7o%5j42FQJ!c0B*JKrp#rzo
z4Au~u{H+2P{~fc&!6*?T5HIz!8bS#oY9l6tSkc?xIv~d5d!XFyPvr*LAO0*skN5_(
zxROmmWx1yuJ>Tqa9safV`f%sqaOe21bKfb^#jNGjSw)=`6Gi5HdP0IJTJ9N^?DqgE
zqI!updPHY*Y0AFD(bL}38xC2SUY9V2vJ6M2JLfR>FnS8>_nwSZ7OdEmLf2F?wOnK~
z&{2JK<U?`HWC$5~K`?!v@(<&itB#~8#VA+g-{A*I4SX6ju*m&Qn-<Rq?<d_>C!D)3
zw)qf?cUq>NqC?MxYe=Zq!aCqst&e!e`ggOS=g~#1<``2USIjaaoEkA78>JyD2SRJm
zOjGbOP4DPz{BD^D##4LdEeqNXk5$$JCyAG!a@Iu9vnRyNhcV2D$!%G;5`<SWOq=jv
z6>bm%5?BlJ-~zUqGXx?7&az~AsTWjH3K2{*8saS+Cu@AF67G%FwH}+{lUu<wEhul#
zz@exmC-T{mSNVu{QB8cmzm_3_m?8WV4ZM%koy0%Gyj$OwksoyLG#d`HOJ<QQX-{!U
zl>%UwgctkQ&I{`|oZ3$DH~YsZbm{j8N9ztls`7;R$M$OJtmcbd_B*e%_~3VVXF<2L
zHz<;{pE`S|8xMchW}`FzYWW7#@$6o<9Qw7xCl}K`@{Lo)S<9)S11MuGOA6(T3TGX<
zO+`vZD$+VfibfI@TCS&9p963pe(>SI&PqQXsmL6(ex;|2%B#yW<=4S+8XW$k$suN%
zDr`zKp#18jYSO2xjD%yb!cm9D#!WJuOs(!weh4qpV3UXDJVQ`us0?x*dxhbVDA5Zn
zXyiT021em>u!HfXn?a7m9mv)hx=$h?1zIA$L{Q=s$p0|vv&$NatrP}^p7*oywVH3$
zraQ;W<>=5NJD(1deknR^#l#QK@8VEz2STyU{P~2tfF1!)1$<jhk~>Z@O@TY3<_=r;
zQ<*Ap?7ZPQ{)Y{pv%jAm*9xC0TgaXL=iOhr&)w8nT)@Pc@x!($`I%aF?n15Zv@Hdp
z2ahLUL){pZFoD7!;X;}<)NOpK>?cO3`ik8oa9`d_C4`gFwKVBi33$p3^w)3NSkbgc
zWQ=Jk%aq+<rJ0SoX)DF~v9{c;klPFNsBqm_w0N2(i5&N2Gf<cY43zr%#2{U*21+jU
z>Dpsnv!hi87koW$286~2XaH!mp4Lm9^w1w=dcjDLUM#El0_Xh1)3rQ+5{fq?tDOsN
zRLpS~eEl0OIfo)WcdMIzDacKp<Rw37P}LYW7mPWDj-6JRh)Q+tGyxZ3rzFcDA+`ra
zCGKz9Yfe43<3q8{82d|0FsKLS4$XjhDp1TObKRTJ`<P3%RKQQm6PXF6_(RJ$?J#FX
z-$wQmSsLTbxZ+_S+$w^Ss*ZNxd{HO031gjM+5R^i=Rg@LT77e_wjW?1WOei3^atN+
zdok^NWW7btJS!>Oi8ag<y<&?f*O^bT4N6w9U4r$_HZ}+f<M(%V!$ACqNU6=$-qVFe
zz96wChO9IQNM1IBI?Iw%yx=f{y09gP3+1uvaE27Rr-&-;fp5VE`r(RjzMQy9PBcY7
z2$0$cT;umm6PAh5qcZT3qW%C($26+A)kPmJOn8AlirAhZdS4O_Nh+Y;M{&GX2qDp@
zV-^wQU@P2lX*$aDU13dWN&<fU{Nv7Um$B{nfw1fq_LNnO5y8RDqaGj>%;QzT&eu8m
za`V)f2B-XGFqmg_5)T_<uc^SJkt=*vB0!a-(5|qcq&ph6=b^$zf{^e{+E2=v>Za*f
zrFVd3MM;CPy#zd|qb63A8kh2;p({kam2(V6lH}*Ys!O7kk~i!ar1e{^zEu>K|FHYI
zyLBw<PO>56g3Yq(HND9p76JEWt)PVzZQKW)>h)`z6rD6+?j2LXQsIu_v^Z>-Rk{xA
zWYkvF1l#7;U0j+J`o^_v6WI!ctRluB&y&z-^)ECO8mLWYnJI^fx2ocbm<-G=E~zLr
zh!_mkW-bjnYxg?oYSUgO=fJhmtHjXsGt}|H!sqcQN&)S16f{%uYsIre2SSm4X!37n
zB{{X`q`>M_sN8ee8-CxdxTAQze#?omi&oE#x82JVgpw*hHIp-=*@{gnCeiJxv(Vwt
zvEWDdglAmCgF9aSsEJ6G$?^jyHvh*8tK@7_Wr=T0ixssfg%G8b@FtjrzySiH4-J|b
zkLu4R7;yBCK^RX501ls3S;wy_92H+kqnD}hC^QrvK~vmD=ymXebr|O+zT1m~!`HB-
zm9?T$7X|AsLd;M`SwsgV`9a(tMi{Ta>tv+^hmN0LDGi#}?palVbTEIYjk>uTm1hr5
zlnfD<0b|w4QrFMg?!iIDtW}GLRcz3)2V=D~9c2?yCD#`?+~OQ|;(PAQ0ve4^irk}L
z6{mVbVS^0STj!7`gA$Kd?i{RqLn@Mr<5nsv151uC(Zqk=(!cNYX1WE(r3{hXfD^Ue
zC**xg+QLvfq0BDKmn8Fwftp=7F93Ju(YV(y%gTN=Cu>#iEF$9K6j&#O_$^wA=)7vp
zs%o5QOdqIa)dLHmP94tj3vJ;jY-4Lj#G{v+LEAY&yf~4&2V2iyd5R#8$V<i|uSC6L
zU*FUze*%RJ)OFq+Opci)szS@M%cX^vwD=~L7UQFG!z6_Kt%-j=1v~pjM{!GxEFD~_
z9U)QegxR=@q@6CB>L~nd6g-PlzMVomWQEMqtuPluUEQgQbkDD3`d>$OOZ!5vi3_RL
zQArd*w{R7;pp_2BoqZ;+b+*}MebHL8q;}FQ2JZuGgM9r7iPcffYM^|KI)1!UL9K#b
zCkbI$gXJpL_*yB;ox=88i8!hp;5eKR6ode2@b3!w!`n!>K5f6{9aX!;7SN$2Mjcfc
zUMHlyhstsnJ}Yp&aGrQ+t1ldk7w(P5`<n~vaz?pCTaH~jkOGx&TBg1``|D~-?aFSo
z*<Q5DVsVr06>VSIB&~3z{WMzwhvlx9zl}i2i_>^d-CU5|tbnU@6-6QV!wLo-w`LFJ
zmfoyePrnrUyYIXJ<m0Q^cPw8Y|JdEP8E0SAu0sld1e3&|<bbT!ij)Wdw&-z`tO3Nn
zl2@%9p&~w*-jwp&o!)8}N--Eebk!g9Z!!e$`KRD5zThA4ZmWnorF6UU15Tu99G9cI
zpUNX|eau8u^wQ|1sv>sr5WFiQqrWp9DJ$<P<z4c&mU!V<;Km+T&!Le~s{@T;t$$vp
z>kyZgwGo}7rySL9vcp_9nZWkubBS*Pl>)&-Q{>KUG*udko5x|gSJ``0^d|k@&I?Uk
zO7W5KY_1DntX21L+RYY=Z*$BuA8#%#E=&p=i@B<oEt%P@cSYAH^MjK*+h_NtgD(WI
zykdzcA381P1SXP=pnwa=(&2TG$E<78hZW<5A-(r`eP^YPYgeU>t6Y-03kXC@p-z1N
z$;>cbM>0SB*1olSXSt#KJg&aQbJ$@WGvuy}TYbQqnyb}K!y?w-6<QZ?vG4t?>aD8t
z^_EwMv(y^i$%z}IoR_saPO2)Z1r%}s!vzudD0?v^4uk4_l>=Wj`CeFF;92wC%c?xf
z*B4Bn2i>5UBKY;~umDoHIy%7ZI9XK?Sy|;Qq^HOTY4&8;xTq*j9aYvaMO4wFQ*G!=
zMxQX4XdQ;#s=og;l)=&MXzi=f?~s)+tB2p8N8@pv<_pRmh&fz3CTa{3Z?V;hK>uF4
zxUHwhW$S|rRxi4S2Fg%?FI?4?EBZo*<@V)#)1jS!&~a#R1<42zBs=M#2xz`S5hU4X
zIWK7~R5N8O3T-N(aubwI8ZPQ>P$qH3)lzA454*>24z(8H&dLK?V8APA%+G~D7PP#n
zNWM1r4D}a0)EBK1vdt@9S?KrQOHoiaG-;R+|Ak#LAurYD&YX@|1XhZd$grz+Qdj5B
zrHP+f%Zg!H6L-S3;)pHG!&`Cg$|mN$VhkywWJp-$7+3)+_6}ZeA3X2c$Vl=&s%y7)
zb_ta?bOp=m@+G73mRB>ZO0J`fF6_zmvL{&+Sc;7xQ^w|*HyD|aO^X>lO+9iS=<?5}
z1jBIVLG`K171)|-FIY%*^aZux(o+h5ah9==i9s+>ZL(0+cq!+QHSG8BJh=ci*d4#O
zBx>AlKnH^FEraEEX3}6-8?k(n8)8(IHLTY8-wvKAmZjvmgL;5q6z6$#riOD1pI0<+
zb}637npTt=xq9@%1=z;SzGooa-ur-!t%QcHAKeZ7^8+7t+1^4HvXZ1hX%iyFz7(QH
z>V=l)2Y2Y?3v}Xgd#RLZx^a1Mx6$+6xewd2MbO~Qv%9rWcI;HllLe=A8vAY6!zVGp
zAApfDZd^YWGn_a|4kK?3Aq+)Tg;vDMW!IrpTHLgez={5;duErIy+U|omRG2>JVg!E
zwiW2-L=5;0xo}9eYV+A)ck7kkq%j=3aZahe7dhz5dsp(|RorFeRPwp1QYl?VlN62@
z=V&T3RO}E@WB5n!U><(s8F~ADW8s}02rbE}^CI$;eZ^FSK`F<^aW(9ZHZ)f-^^};g
zmV%^eMUPJGp$sLxv{p|`@$sQI8bcMLdL^t%F7MzMES0NI(O2dF^wp!G{@b6QS)Y&b
zco<Jw?dA3gpib-2a(lV6l27_8LrxO3eE#KatitE<!-x2{{q3W+{TDwE*E;QgYp*`;
zJbbwNE&Tnr)%K%rzkT#?!RnVcee-9EDyty)xAP=Fk4E+7ZhHTJ^uta{|FJVz5A=#R
zFM{^+qi=%_EZfTJ+REzpLHoP)_QUnHb}-3+aRj>By&4DqfmL^>QSh27;;$pv<=ff#
znmwfVGoY>HVg$Igd`|9l|DK$tK+08Xy>pXqRzHD4oTNCIACeV8zI;A!Kg>=(#Qnm1
z_>UyRC(7~4ituG}t56p(85ec|*<hly9A|xQ#R{=b1d8IF;9m+_f?qiB2!4CjoSR#b
z^w5%%+fM6;gMP0>36A(e@Yzxt8jdGP-?ga_b+HANSq&Y^j!RJvO66K!(E}@$_j_gj
zr}`nu;Hx@LK4TjJd+q3_cDie4M9Tfd0>xpiRc~ETdJGMaEC7n!C;aqZd#}BD)VcXE
zL_ZfYf%0!Esl5cOf)Yy3n?;I<cM~`cj54#-CuBoD!XP&cUWs~2=~Cpb0SmDa;WWki
ze8j7u3d}>0hZ4-&25=U+InehxF-0nN@}GjKQqPD|hAvNZ_RjZo@yM2-lWDwQn3U5S
zij$G^f*u!kA3Yhpfe}{ep{ZyNVgxCPoiQ3C0MSJ^Ox`4QU2ka@*`-ktpuUPPz<iGq
zO)>jA8!W^W=7?m~C^!SrJ2f!~p{mziqwT`(s&M6^%9~CmacXkw1sL~VA;~ej392Ma
z^b6{q;zBmq`gEGdp-Gcu?~qdC>|83wfoR-|W(;<>%SrWs0aej8u83OjeAs2}6n@Gk
zb9_x3`aCA$T&`m~b4VTXutoAE^Fgesl_qN3mlPDhaXOBbv=EK>@6!YpTKrkxr}$Lu
z@kCOta0=KBCR*>u{RM1~_}lk*n;GzX3t2y?Miru}L^j$mfS?%Uw!J`EZ{u*CmQMbo
zpYN)22|0@W%%Wqp+UMB>3ag}+v#LlLoobCYjKeHjdALZk<aw^jx|nUK(+#Uk@N`DJ
z=^njfc&-(=j(owL=7x1upn0mAvYl$_OTk<vuKZ*W8+SHUMmah7+%%KE{4w)WN=b=*
zkYMxwYKH3n*r%TVC%UoR{|ar)=KtGk@Yd)5AGaU=$^ZWmADjP|6$kdev%L0L*#Ac>
zoreMN{_RKWk5<d<|4U{NX?x#J05B~3le`$fIlX-T)Wjm<PW1Zv0q46o>^edL0-JZ9
zkZpq}5DYT!0i|_yAD#IR;HdSUjN*~^geS^>hIWbGL*g0yXCszU)Bt(FsF`V8g>w!3
zlAXfWU@0K7+WqDDaO>#x)^<14bug1K)oTo)3g(t*sDos&2?RF`gI0ZQOxVPAftIS;
znnX7PAKtL4FQFE+_9D6r7VoOj2{e&o5DI?6>_<fY0kM)Naz>XDtG4^nOD#_PE?1H#
zXUJCWQmPO?cqkrD?C9nkIqjyyC0Pkj$*dh!V%yPhxPvS{XZoRIa<|=jidL|_e!`be
zdzgOM<fneNb+ohH+urFN?fk9V)F4PLhIOf$1w=i^1!kBI1oawDv7TQQr{AjCVk-xC
z2z)eq{pW}Ey+1nM+I~gNLld;P{K!c+t^twuaPx+$ss;y8(sdm`JyC1w2TKjNk(LcH
zY*h@G`8${lJ=T8GdP+C>o2q>>6^M&884~-`kjH4!BVN|ReJ`NCcEX{~$l~dJKUr|G
zK%inH)=z0fy)k3PZ%cevy0b6yQZhFI=9Cx6<B%NW4b_g=>tO|2U|c{8J(@Olc$ipS
zk(zC~D{HN}iNiyI@5kcF6BTq>*pDz^2T;Xqa^0e&?QBd&*M_+t3g)y2T_7;tDCzCu
zbif02_V^;IkzY3WZu`yto1^aY1{7q|54Fi@ES86gomCxH{an_(8Jt1UkY@Eql|X!z
zW8YhHoz`{a6%bg0m|V|<qY7ygh$FP|L$VG92@4L7x1QmK@!V<%<1?axlw;QfrvV_x
zGFG*izj(iodK7U?lA|jJ32d>u*F8MkJCY<qXRW6%w~-_R(?7&SG!GZg5KW6{h-5x5
zqbG=~WX;F~+*>?vxp)n6#V|S?Z3#nslyS?hOGZ}Z8KKR8jmB=t^DO&Velm*kk5*O0
ze|*e&J<W4O%1ePjv;&PT3tduX4+<h)s^|rFH#Lb?5Yufm&&aJOI4#rM>x@utA^tYR
z=pr7FU8MC8MlJ+v)hAVivlRxdoc^a`Np9LjQ1(TSYSX@vrEpx0(Ud_;ikcM4F|P1&
zn~BMA*id_~p8?MVXE#=7y{xeUQdd!cYLhH0&iZHo0fjne{fr0b7lTbuET>3d>|FI8
z3By52(eo%jcOD2SQ*I&(!rur2i<}7J0knm`=)I=ILQ_h;GW!I(B`n&mY^?_FBmhCA
zFvQ~1LDOQ<kZ4#;9#k`aG}aQr*Dmg1ned9$b<PD;xGFvlCul^?;{dF-bd6BY^>%NV
zq%=^y4(*UVK8}xnJnU{gSFXBd_cxG-dZ`x7Cc*8QG#Fb*6$!>x1g-h1_#7S7tEn#@
zOxAw4cE37q{jKj)gAEIcflx&Y+WvYc`Q<s#(S|iYq3yxF+vc@nb7ovM#Gk5Vt2@f|
zPHbCe@ZI;K>M(+^C>hfjHL9csn~CnpW9+6HuZ!|+cca1Cj*l%AZijVv#dCq^v-Nr>
zaPb+@*`ifjh@ru$fAo{)d&9%;65qc_#|qa(a@|-w4I8-8aIka|yL-%-4eJ?E3#du3
zy@&XegeMOgP#p*dQWSNRk=oOt-G#D+lT9OMtmsb(fiRR!Qgje&8$bWJbKG5hwsYJJ
zUhMqReGcE$88nI}A2~G~Zcau$_7ea+?Er+lp-Y+C&EUuZ<n343YU<cmlnIU4<k1wH
zn-1jH2;?`xEEtk1azPnzr^`cSqxwKUEf<mbDHU;9j#XuFHu*>?iSuBZa&U%tV5_Om
zEK;rxNB3xOpWzu`t&V+;TAZ6X32>rnP6GHoj?%<FsNvCBpL++#>GshW*<X2~4mImc
zQysgE<1w^+*0+0$59!GRU0F4Oa+}*IJc-Uwwssz0Vr&lQNimuZq9XDhS|^ruVCezT
zC>VuzdM~$MZvm5SjW!;SrbF{uqP5e@K|FRNB_^A&u*sACH+#L~t(Qme9V9G5tm19*
z&gvHJ#%c7tH;FDM({wz^3i2T&TBF2-rtH=GluVv4$q;Es+z5PeW1Us}D4`_o{YYT*
zN)2TuyK8mFcU7_|C3ZyWD577%i$Q1L|7ZQ<z1gyjE5Xn<$GR`KkM|50g%tngHjJ~t
zgq`QvfayLR1hl+jU#}>wI(_&ksbUv)h5fU4_=d5$MRm-`R^3D?nqUz)>x?0r#;?so
z<}oHAD`FZM0@MDv@<PT;GAG5R_NIop1eb+YL3-GHRo|=)ro;(W0YG;kEBX?KS5Afq
zVuTs+Se{kbq?r0$N1>xRe|{qh0HY_+Wjp~w`xDje2Mf8J9pUjRyuO+O)E@n^YV1nq
z?F+!Ff3+6+&(FW=bJP9LS1|v&>HeqvX!T*~{-@LV^Zw_L_>}K|&guTA^HA=8IxDM>
z(fq6P?fRqdzsCKKHUMLO{oKF$Iltkir_%PT@ULjJG1xuJP-2*+XCFr6vf;@fvy4uv
zL{im95@6>V4}hW%duK&R6>QC)DrhmDP@Kv1u&18#<%x>PK{B(B%z@F&p?zQ~_{5;#
z=Gh2(gkjydj?*VgRSsv(BkO9(xnQvF&%g7FSjv3)G&+m6_8L3vU)Hd`l4pz5f7=JN
zG{NE`a^zwT1f0iOCqTBn)+$09TOgl`*E<$u6G+|iTZTzF$)+Gd&=ghNBkB7b?AKB8
zac4jQO}GbiTx;IMwZP%B_-sRadeU1qV-v4OOUpqO<_eXq0U3ZA&}_7@V_A?bidIk=
zbEV=zr~<Y~j!H9Q%EJ%^^QtDuA}mUVggE|mYbUcj00sb=oq=-j=GzZ4>rgX?^RAHu
zrCQE8j@aB+*D2=CB{Y|d{e(;Q6RRlxDwRC#CHd|&;*$5RdH{Dh$+t~Ot6Whexf-+$
z77gkxfaZ4cy?y1l&}6j}paaPg!kOl5FNFc`Yc3`oRm5+k1T)BwLMYERNuvCa0~$??
z*MX%05sBPGu>xI4MZi(_D-vi%#EA{PgP~qDy-J1&=E`AKISbw^z@BZ9t(35h^hB&R
z?l(;JqRB~g7Aw7OX4y>{p;qh&l_413Uf?@2aKh=39vG4!!meY_g$p39Fv+#G#}+ja
zv3XXT48GJV%Fu3`Bxlz&q$O^*iYkqPg@Hm(VAD=eM2d=RgjRXOYabBG=q?PB+6y+`
zYA~SwFh)!a{mR13OMQyB&4iNd<pdrw_G;NrNID`Y%BBkc2tkTR<7|RhBCiZyN;)fm
z92pV<xB-|KSc;ns^VGU7@`wv-8U)dXT242DB-M}eA{l9n19?+DKoCB#sE=73hLm~&
zbrm)s)<Vdh%Pxb_w11A1fLFIC@i`i3=Kb?{Fdf>~ucGx3e3x4{R)n0y1>jN|<kNm1
zjmAmh%<Zb86XD9x)O)~|bUKVM8_<H;;oC3Nb|yWN_Cvx2htV*<Vaa-ql*t#cf#DNa
z-R>KDTH-uv7sgO45Vaf62nyRUv_UonglnO`9~!cE9o@&eR)Nxt*u0L4w@RNQ#(*e1
z3j!kw!6BOT1Ei9w@9M^-7@<kt+vC07zEowS1acQIqO%r@;AB&t^Pyu?S99RMAJh4S
z<6JO=xilR}jkmMWC`*4N+g+Q&@g?1cKG^j+ZJCGW!>p(~*nO_SvXFI8URPB;?2&zn
z=0X<xiKXQsTXKrBQweGYpTJfN@@t{KH{5q)YGKimn}^Ki8tP1dcQkS;U<SliDvBZ}
zl<u7Z#z@@Le!{EnRa2T13oW3qdcR<^g6gJNF-LMI>uz2K@m|0#RNA+S=EbL2DbOA$
zvn?!<b70z+P3oDxQ&t@+T{q!F=K<pAk9hy2s_FfGR?M<JkYaIq;nQ$V(L+Ak=|wWh
zQj38$Cy2fa^3E}5)6?=Z$D`KYItlwKc2`+?g2k5`d)I`X)ozoxpIu-uDMSheJ1!=J
z<n**hMGR~0)+4FMv50SQ&p1#j(TNR<C4EV(D2ZV&4YT(q70#fBwLk*G-WPhTEV+o;
z|5=~J7A~SFT9KP)Z|KmSng`p!OJka<{&2%5qUY8VHj5rxPZZg%B=LpvInatz$tV?!
zqW&by+44SxiAEtvj|HY2(?8`PI3%a2rdG~HS}Kh$&-z)X$QxNW$KL4}Ed_p|X8(M-
zpa=zYt;LC@n|K|DZ;RaG+zpJz0~;h3y9oW(rZ+eC=BRu4eCv2iH#hZKn>vk6xy*%I
zra!#7A?3@h8|n|emd<Yma!kHR3c|SuV0<%x*M|qk2O7ZGAM3>}CXAiH)NEZ?AX0!)
zWCSGm^_~kyX^1ht${oSdBHw0m=sMKk4Ni|nTnBH{Yw}OY9NaZD$Y8CyT)R-VuBK2k
zfTtww85e}x+Ei><b?$zbzo9)2{!eSqXX$^*p!q8}0NmjJ`*`(X$J75lUS0ju{{Ij8
zxcXmSaZ&((hx*?~EA7rorxUavueZNnfAqMl|2?ve78@T?KM-(uELMH6Hk0%%u-U`U
za1mg$de=n&pWWR@plrxrsY{-1-ESHGC<9NQP;l6{OMDgjno)SJl%uu^X|Xs_EM%gt
z%2{cwZ4b!!Kxts0B1glr(`ogiG|kY{l{#haJ(bFW*)i!srB%4}x@q;8t_+J4v{^7#
zcK+SJ)RU`!X~DhxCp|eeOuevc7bk3TDb@MT-}C^lRI!M_<SSLVJ{_wNS~}x+iVle?
zJE)F$=0X&6l`$V)_)EkJylJMFx{{M78YfMdopHz=+K_Ve8jbRXqioPP*HalPzsXCZ
zxv~SOsEb@Y*HBm9IR8eY&Sn{!4s>Gm9sS8=#?RaDY=_Ro8i-W{hpyoSoROG+Tal+c
zlS{P#{H@B!Qa$JHDA7&TGo5q{DKrQ)UIxtax03DY2d|qf1_G;mYllI10U5iDt|G77
zh-j*^)DE5ojlHd3=w{?NXemP)sUL<b@&G#+>I`Fhy&}s_k~6t)FYwl%_!ix6Gw^IS
zv9WN`hPLFlC9sIcULImlJob)Jk7Sn5?PpcCW!jEY6*8u5%=6ptBuec-*)0GG?T@b;
zMZVOgn5i%jr`K!{+u#KYsazPo9U{st{JOfJ+@Hyfca@Q|ing3v8%g1n(`UhZO%~1_
zyvN<9?=%9tlx3<_<Qi@9c4}!!t-E>xi?2MP=n~873f?woe1EbTAdc+pAFp&Y4%o*3
zs^nrvxg2D`22ZlffzpqPkx?OL_!>{NUH@IShJWT{8}};c7!A#Sihf?o2uJlxKuW%i
z#_;LWN8yshY)Z7p0$TWFn0+rjYX*ZXT`2e>gp^%?{n*Fc0XS^y6J*%l9B#mar<>Rc
zerwUUP>jn*<0)!n^ufW%aUT3PpxOD8C(xh9`O~MJaLFAIwn-TJ767*2F=A4KnKp~k
z#)EGau6cIk;X6epgAC1YOqfo30=Q(TusXLa+JeC+Ea{kQ5{B8k7%&~tsexN-G;YvR
zo?$qz38E-@-;pW22{}ocIch{=_YJglm1-f$@fq#)W{^Q$n2+=<7Q<#gTvn00<X=b1
zCB$Q!a@^`oAfU?3s({&?a!NWxSyqf_gk^gq4`UTJHI<fG*dwVsRT~g9o>ov@DppHn
zrwXS9T8YHw!IB4w>!F-GgHSTA=R9Iepba2ovbm}upGu2iz%rT6t#*_a-QtY+O`M{U
zZ7i&kKEHuo;JM_4GOT2^%=SXND?$~0qd&G^M#$A~ETTBIZ62q8+J^l<|G82A|L4d5
zYCn8bmjB!BKjr^F;!`32bNsJ|YpeiReYnzj6oB;KdAQ!L2mnx40DQUpZ<&aZq<>zL
z{m<{+o9V?rTd=pB?}3^#$VP6Q?;ZU=Fc|Qz^%Q8i&!dMfAhu?n`f&KPS%Mb?#HyrD
zOFEvQn$7OfGdg&o4s^g$#a4KGR@I)LM*zRxEGVh&=AJy$YKMMj(b*K*8e+ujlceC8
zF_MPm-Eyx&yLuaiiLI6WOs2vH@rA7P|MP)mX43y*a`MmD|2}&3@X@0`>Hojz<I#Uw
zaiah2wN4}^z;FU!G??{=?e%tr2{7!VbP!F@!sLW*sVx(uY>e^R*klugg>h5>$x2%k
z5*yy%SsmO*ixboaR|S!Ao}vA(_Xr2)J*!kMLpe{myu0)42HkQry&~}QZZUc0-hjPl
zDRlwuSAph4eF;vcTAbq3MnBZ_*%fQUMxSoH+yL;C-q4S+z|xhXWnz)A%V}=pASK_M
zX7FIB9ZSa399E`?&)7R|XbS{wM|WrL^~YI0iHDeq!g*%ss0tQON?<66_Emx*N-Me!
zC%_rM8O0Ic%L(58lcj5%x@wXJ)OotOipg-{Td;058{#Pq50}~%G4dz9e0p-z6gg)B
z3xu<#%nTUm2x*mNG8(3)HJ_bO&8cM;kq%1rFe8Pjwbl$;ZC#UOWNPgRW>HWLx79m@
z_tcq`P};Dcd5|`-h!(C14Xgp@OH{1Yrp(YS`mxkDNsM$A!;;L;*Q1VFk4elI6SqOz
zXJXp;8H+@((f(1z4Ux<@$_J~}3b{-)7|`CsR66<F;X6|s2gl~u4XHeHV8iUvk9=1i
zmV8hCnM1ViS%!SUqSn|QZjn)+8%%uix5+ybGvLm{pN_}>=Y~&x{=DIruzLK@#%SW0
zonm-*w5zf{-+=IGs|5sN)tw5}4&lBcHJ`KiWG?s5qOy2g+(0Zl=uTRuvg3@rG;biY
z2;UG|oaLsuk)_6;kYlp+L(|*_k1nKEo}$uL+8a8RpVDI;i9noI<I%W4J7=JsWVKhF
z%m~-Jfk{vs1iBS)Czd2Zlx|}QN<P_?hREF)i0mosZk?-whR)eukx<J?oDUQ7Kw?e)
zyjg!MqcGkP&#vKI3%fhc=PlG;!(J~XT1&4+Ux{3VG8M>WZHV4kTol<@yH;D#R3~Rs
z&*i9^`rJTH+Bmq))VZ&wRIyb%GBKGMV4qFS=$#pUpVa$(C<pVJV2I~Ll4;F56)jq&
zD$@H;pRr3XCrMEb%*uNbW%b42#0b`O)yq$x@n9SHE8Nu+Wf6~tHI<8D@T?g$?5!RO
zT)TU#mFqmfkigY3a4MFH<`hK(AsddZpJr`y!3&jA&0l4iHVIQeUBJRTTZ9AbgI%?U
zrl|@KO+9ymQqSL>mWm<kZ=aX&0;|5>IzH|m?gx8Y$J;;d?7zfkpP4^Hq%RRmwzppQ
z-t52F+21+(vHN_k0UW9G?)AaZ4$e2c>4YV3!95iDjK#il08IK6lf#N5gw8$Lbkf&i
zf@K<SDgi61Z<K?^`(IZV!kU^kA}PvFSx3}`Y=KekHKFK7V^|dQ)zR@uVCS1?C86Up
z!34nW9F2yan)3%F6WXr|_*?R?-1-Hk?)c3i#%jLz$(kkG*m<|tJ=&g|Tli){KRSBd
z-QL;SJ(`>U@Bdg_`eC{8_M6tcyN%dRQ(6le)&eY!R8~vbR6%PqSZFV3><7VOm2&W5
z-j@+34a2#@C-_4RVE9hmV7jPbTPE521ncfvR8Dn`OuQXwVOXLGQnpuQD&U1X9xK%u
zb=B&&xoXB=t=0w?d5UM0JPP&ItTR4*SvN-ARn^4J;}z|P8q2&J-_6FK{t(TA5UKrD
zvrCPIuaeYki(_*dQ7R`w8<Q^yhlj>gY>E+Ty>La3N6`?SZDZ4C6e=a<qsayT%{Q0}
zK2!&lo`dmH+gvEC6!mWxD!cOEuxH0?e1RVwl4FRD6CC0H{W~WmU)?xvJCae7Q|x^+
zj(6TLq>TnmC>l27MB*hqG<(0?EOy^yzv9HzIi`I)TMpiT^KKzDz1ML+1k$^O8|JQ*
z^-2}9Z|uFjLfW++;Se#5#9iQ@q1h#qm`$Gqca-#p=I}NOEkp~!Iu?cvmE_TId>#Sg
zvB5dLHmq`eyIemlCd2A-1H0THIfH|@vfR)vCw;3bH@3@-@w}}rm)qsY*S@;k)Go&&
zVP&~XcV6J=s4jP9m%ExV;D4BcjlKjwv`cA3P)e{q1vcwzCQv=s(=|i|8A4nS?!%w3
zL{kY*PA0(D$Ayb64wZ3##(jfCd2(jUK)7Mrq2ASuMqEa6+qpZ1Qf~gY?CnoRJY8BE
z!vUlkvNt?!L}LhJ(G8;A2Jahv#U=xl49#YhNrFz<n~YRgB*j@nXf2SL7d+^2Z|rtA
zJ9fj;QezB^Pl&QtA8YpUo9V=D`=D#^@_NOsmA+4peBPO|sM1W_YBft|h`arl7uF4f
zD$(1ZAiC$K*8*dubmB;j>h+)*R)(zRXt3+pIEgi()A6{~4!xbAQQn)f4WB65BbKR|
zb*`3<*^L>XPNHFy_AB@+7ov4s)P5??c7yuFj~VnVOCjpSo2JqwedNt+v1T#HQwM>2
zp%AU)x#ZgzV5trL8x<Mcws{7<)mmq3>*laouq(o!hwhnA@l#{-kRP{N42(1@3g6W^
zXp$4_Ey7?x9K&jg26)D6G&0*(ju;q>8iF3?vS^Dd^=NX1E>6)+JlJhk_7?lkhzW^_
zWk!yqIc$lmWHcQG(jDZ9Kp-9Q#*=w(<V#8T#F}>`Ko%{~Bnr!gvZI71B|L-BAiHlA
zlWVf*$aph~<2FT$<Bnjov?AeKJ-ZVLUCNZDAwJc(A2@&13G9HuCs<TGqSWFEcLFbv
zT_*_-*M5);(72Q!p_Xhgg*9wj{h>t87$%V7ChBv=LH4=@Ptref!AT(5*tpGf<yBLq
z%u&^`;!m93EBP(3BKI%?&I5H&<7^TFV2W-Ei)YQYkbY{*BPg}>m#&WLrP8}oO@FpY
z!F3*qL9REkj_mIXi6r{ci>H$3+(_qP6{$td=ZFqM(HAhKt&kx}sUeo2bs{G9S`|<o
zq`yl>%?yofI;b%YwO40o4(Q-Cf-O1F8ea`k?Wbu9l9pNp`*L;S#e#Q`7rp+!+R9ZO
zcepfU$m>e`Fxb$)Hjve<Qb+`O(DGjx1rzHJoUyB^_4nQFC%4oES6%Q0lP+A;?WWz<
z>X^%S(mvv}+8QAmqulaPkITdGFE<(%DQN+<#-zYdRc8+t6ZVRk=PM;N12DXcKIo;T
zG8y@bES#WM0&F8L1StT{vI1jHz?p&9KqE9vqaaz6xIdlbCM#bJZ`@e0a%4{mcVQK&
zwgifBA#@`cNd+f`xSAB3N@{Fe>NFiqtJWPjImTy$Xg7ULR#{aO>XG4@Q5u&tU{M1L
zd>NdlhSJl?f`G*ea^okuam~jv2j|Qaz)_o3idnN{DRPuYL0t@R^#PIY;RazuU?_!+
zkuF_WdI-|F)tyh?AWrolPA9;lCh^4Uy~`79@HdRKon+J8=~%F|8Fc&siTdcRqlc<i
zfR(geZ&BMN;acWzqSHpzcS_Zg)RijKha7~I+LESe96I4)U}EunBUcK?!;%Im14rct
zt(77)xE83!K$Tmt4l+ot#XvI|Wtoxr8U-~p5+n#w?uhT#RbI5K)uYWOF5Yd?CLY&e
zO-aqC#-@~HuJEk9Ue(rAfdL!ethT=SKJ;+S+AIEst&+*@=5O9Oq7Avj*6D<9_dZ$Q
z3CiGfsE%sfOfolB6Zfe^x&TjX+C>4rSnunTuiVmSaNMt0`{TJV|HIc@8=6j6PU0a%
z>a71*V9(=7?QXMSs_49n?IbV%5TM4+h_7^LtHIcJTKJ)9Hj`#`U1Jo!P*al7{)_aS
z7&($g>(Hdn-Or?1L>}x;f`>vWeLBSB^3m{vURyk{vospk6ICq<nROeHKF?>N@kEUI
zC{i+&OH_T)O0a$tE8S)9<Jmat%vjW;TgBT(PuR-cq3R}-nnLd{XFAKREa_I-w{8Vy
z?uSxSIB(pTpzDlATQ>}?0n#_B7Q*U5YSH}WLDmw|`=eSCM#Ao0C^@4{^=cZD#3FDN
z1B;O;IE%Eyv$l=FZ2Lw5%Bk5gH9JOeIP7>TwYF_;q&##m3lExMUSFQaip$g50|4<9
zdgD$VM{h$T5TqsAZ1?@Jy<k<ZxfNFd5%V~jpeV&Rd@zIs%&wjc08ZZ4_kF{T5?I>`
z%w;khQaDAVi|kqS9tDr{iK#__7}~92M}^D-=n@^{Bo@b2W`HQefK*fFpy>9$O0+`6
zcGrf58*AWl(aaBR(qRq?s7gu{r}IdChv<2Et^4nY3nD>@$kahZ!xc3`leI0dP^)c=
z0E#QfCKL4hrUgNT7R_i`HO3zpZflc)<!!Sqa-2hB$Kal|C2Vl~fj#XHXOo-e=e;bA
zXPP4<pQZnqwKHO~8xqHs!M<BcWSbB>V015=m{bT=JWjk0+b~*qY^3h!rYr|!G#CIX
zWy4r_3rkC8;M~C`;*-0hEQ=CPXiv1zZe>35%@!(e478PtWtvceqNPr6Hk3u5fb)7p
zTd3tQ^x9<6pOmV}tpKOg7Nv`CLNa5!a|Z=MZ1hiw(h;VF2PBiYSV7DTGHPu&`5X<R
zZ!Rfg5J>eJL$)hq&3_U+Q57unNpJtqIg~K!IYyJJqHFl5XgxxSwa>n1a)&2UFPdIe
zdFSCfSF1#n$=AuvHsx)Xba>;s@*OPS@ho_S8sA{SOSZr5P-V%b4UQF`;1(AUt6JaW
zsJB?!<O5HUe#>J*!=tks&j*~SB0I@ovqzNZ?jcH;Dt!Ae=_hDu@%L$*7Z&#q!yKPX
zJ~n`hQD$65&8S2>z=$;CP>#UnYCoY|!@(2=7%^`=M1n5Isk)4Hm;(x?!W;))z3>id
zxA@DLP8hS@^Nu;gDr|Q1PAgwBB6wYiq0zwzW_H|LI*XuL+jOL^eNv1M*guC!*mNv~
ze!%<qC0u0KdSX=I@=%*RLVh*MmoW>{uKuM-km%y|L-vn>j>{1^$n-4KNEJ{~Dd|^j
zV*pFOctG4@oAt;g4#D73=y0o5bK2%vx3rB8qg+u1deNd2Nr}Q$oV7zRxx1214^w_y
zS|`I`JF3Q6fN<Pwc4C9j22go>X^F0imn{+TJ}<g$*i7R}6O(V$V>M>FA~2I(wj$Ol
zQbYBWS#Sju(Kp{3%xW3T8Eaok)Rp0sc7P(Xc@2RDqGJ(Dd?0asiEU^g34AatUzv<`
z?HQFjVW}Rh5MQ;J-Bhuc{GF8RlMNozrOZ;GNG<om_A~Umv1X~Gu>O-xs{#9sW%Ott
z=z4d1o0PU_tS@>PRVV$LJ&N7h;a&!u%#vK~;#O{Nd5X>lKtf$cU7xb3MNRzx!etQQ
zeGKY`@H(|RAe^_46-0;Rg6xcupl_PE8JiPF99z12>zaJEVxLu_bFF>8a6tO-FS(NF
zW4^*R-#qhXV%2%k?{nm3%5|xC7jOWxT_4V9qhgT2(-}M3HSSkBaB&wV5Tp#hjB==f
zf$TA~e7!Q=2SDAOugdQXvO}+ebG5x57Eiv0lvKg|>d<=30^21J2}_hmnA<h&rR8(6
zL)SqDCLG~lSjhXzl+PB3l#9y=BR#s{S+)#Xu69fa(Jt2!pzpg1a|I~$%$;l7ve-h^
zS>!z`?2Ik1mlInCbmVbesfvGB4Ybhq-s0umMmU4ci6vYr84&{}_xsb)bV!*t_!7Xf
zHTE=7KAv%O@IL_8YVgh8eIm(n{#H=|6Sj#@&zftNO#VIlZ}y&b57)h?9K+D)|7b_i
zbf0)rETK~^wT6MBe1|N>KT3o?+bfBX6xG2G-lV$(S1EuU3f`v_>f}vlxM|DW*Y6O;
z95=nGLZ{V=X3!N59h2NXmf9(4O_j5nrh#kP>u*JQHLY;WAC;#HB-x;5W<QDCbiX7o
z(cKygJiz0j&~qBW#<4vWdt=*YtJ*u=RlraXqHF?W0B;BieLJD$4&9d|H$W)bjUK!4
z>{6N;Iddr!k8GVN_$CkMWy>I{;!&Vr(QMRjV%e?s9_Ca_6%6Rv?6?JRn3tVuC;eHn
zI99nq8uw3Wwiv(aX&Ij-Z<2b6p%{u>cn9H4d2P~<5*K`Hx6B!gspecQ))aU~HD$^n
z8YK}N+nrd+YA({SnU<YvYAn??>E&AFZtZhpime2ZD1J(eB{5{F%TF4G0xfoIor@;&
zuQ3EfCfb^b%Ci@Hv&c-fb@p2H0wIZzW*&dKS3VQ<xJ-*J9Eo1XvL|E}_gnJeg{_bm
zNinr<tBi)>69roN^m*Qn!QzSv)WUYID$5MTmFDDwc+S$LY2zuHGd1{WW8s_czhD0T
z`_l#7`tjQ8cX&l_MRcL~u*coKxkv2|w!jqSbQqmcB9=&?>&zWGA(sO1Vt4E1(cFA%
zDfsu*dGQgQ(M=CfBggz$z^pEO(^{pT4i+dBTVtuciu8vKjgf!jfm{XS;S?>8CqP39
zHj=~eo;Rcy2ZwuG$2!~@buu(zHu2!v**|`9xVPKg$LH<Uu*`@2eVXB{mXj?wTnG`B
z$=PQ{5`da+s0fSyTbN%c1q0!2tM8(7vyu5ebADl6*&F<7zNQQIwPUFrC|beZsn?6S
z_0rmKM)xAEOe$NkSkd`kf1S)Ls(mxO)my+@U0t0=<>n0#D=uH}I!yjIXL9+ecDX)P
z+ZOjDNfLTPgtyblsA$ShtWdTU#<NfgTF7Di|L6{&nBYYqp?#B#47L8ib#&s5ZY)ie
zzIlvH3pYZ>l+Hey$&9E`a^mt>Xh~>1Jv_T1bb|6ab(su`bJMAr6&js@-sY&l7-e}8
znu>D3FKdr4?Ui-AevBtTs&Y#W^4Y!lR6ms4%q34qHnDo7LR-khE)u;br%)iJ<Sq@%
zmtsV8e9;UvYFR6*Z@aJv8uNMY2r#{q80qFj8&@g_fD}@wFCTpsRb<RnrxSB|SQO6$
zc!v+)4)J>AoeV(rA9_R2S>s_Sx9U99s-x|#po6j1v58xiZtIBfm1^6HJ!~%MfS4=4
zBgFupmX89N;F$*k)GO;cxuW6~`PY)PaBGfKDY>N=PXY_9<JPE3%+!c5S0-I?I5UE=
zw4_IS7bvuszWK&s6n~Rk8aVx)aTv}Ht*bft-x+I;0!@0*@=dMX`)`()mu=T)0)SKX
zR&hi1)is-?Yr}#W7TPSXq4*M|oVTAwd@8MvaXt2uWm$j0wHV6BfGNdk1N+P1njCw_
zU=y>Xf=sUMq;sy7t)T|cn0!sVcJ=mdI76uIlG#|j<FC@U%=B$)zFwKHzkFejbtuEH
z-u2jYva6Z0(}i`f*qMI!@-~akNmRc|2mfB4I%a;Ea4<j{9=bOs>C_hNaE~lNMWlQS
zc>du7?|RQ~H}}VBvCmdhcVnZ~hjb~z3GtK>D*)^fxly%OSKZr9xm&OfSxRtU$|NC4
zb2UBKaA3g4)$;g;vHU6N>HHb?H8euLZ(M@+H!Oi`)$HklX$>lHE%(~?(8-2bW$?(V
zrD2YCUceO6;^)Epak@J^U#PtPtzn4RxYmjD@lBsDJZ4>TsE?||D>olD(Q01^HXQu+
zj&W@!t91xGLBi1B4+X%=Rdnm%SB&LU<1ju8IM(Z1<VA3Gew)Y8b@NRf#qLv+p5m^M
zr}$N#Vw@*=ieKd^-3>MMm9TosbJ4W88+mgk6|8$H^@eYW)a{mfnomyz4t|xVFgNlL
zzNu#z1wuW=@A6!M)i>Mn97G9u3g7fIiqEN^(=T~vI%4`k0W;(&edp(FQ-J?|;zXu4
zN83kajZI>V>Py8Q7t_k@RZ<AExg)(X397C5!#b~TWpq-up_z_G*ADq85sj8}O{v>a
zuOw$qp_8)cju>!Sg)JuZ<J-1td$3D<W#Fq!1!(s)iH8F&598|fl<6Q<g~H;RATOwU
zl7f3y|C~{L(t*hiFp03+AJhuLrr+Ip*4ui$!ybs!2(u0Mq+s1WF{e3?^(E`k@gYFj
z-`eXoWpBd7|2v#8taBPPIMLtU>#gJ7%NINQ6lqGXIm|48{Gv9Gy>9L_$tCWFitZlx
zcqnOQ95V8+4%Yoo_|(ULr&;(K;oonF|GxI^<Myf-|NYUUZ##d+fBz#scKml)aZ3NW
z){)@v?UnX-LA$;F@cZ@EPC5Ad?lj`uA9>KgR9d&q@X77&i~#%aMve8<*{OyVeT+D}
zd)`#ZyPE;!3D3`^P`HdBj=2JHgQyaU86YP(zXU!rniTmuFqx7p9)A<d88IyUO@Q{Z
zw55F+<O%}7UbBY;B@~Bh$pDB%F3c%xo<ilCB<Ki-00zhSs9#KxH5L85E~T8shIqjW
z{K)%sAs`JsIU_^`LSZYR^JvKR@?i!;I*E(R80haR4IrhCLG#l*rV;#z<C!AU7X_o_
ziUJv89x3#o?UTosq-mjm4$m<A`a&LDM3aQ3pI~fpaw%j5;c;3>$MaaN4D~$%85_tl
zOsY(`WXM7Yl(#BpFxtYYku1l{%sDHTeZjn?abqP~5saOgBP4XiDS&^3YCOl7(LJHu
zfmXB9UUr$fZSs`F80IC$V4Rl<$}o!t!D)m!Pl3Eg6wL_4ly8~=Ff7EJVVy~g(DL9c
z%LdDml}6<afWzhd=1c-KVRz3`JBUxFXI>(KLFPRuCA|59+_t>!B};)^ENP^*HVw>m
z=fC&1etEWYd_*@vfB}?f1s{L_UqGP0Bp*BtI*;x9A$&eJhtJ4pwDhK7*T$HkDxtPj
zato8d%{AJ=lP9WTXhp_Egc)a-okr12C0|1047unA+BjoYzeXCea}+-fSsCmAz<fDH
z6aEDV7C=(pg(kUX=u}ch3`KLS6E)bC$Dy82;zzR)Y@zFMjCT7pm#~>>M`r9w6+maF
zc<FWm(@oLiVfKMjiFhlV$JarDLMD_y$27I%MbHsE&X?`0IqU`w9p_}uOb1Ry@QqwQ
z$ZWLQ;qT;7T$)pgMopueGw_0)w0MoL8spH6&s@$XOnAwSD<Z~gpWfNMgVI=RZceAX
z6(zALuJaI~#*I>4sLI4OW8VRL9_Syv(39}?F$u7Ft>ilrL_SG);Qbx^8t`rGRG9VO
zN@YZD`6QMllv0#r7#=%OEL>pI`y59r-Jy;wVj&o|@*|T(MMcx96i9{)Cr@YeRwnD6
zGL|6AycBN{+R923=oRK9RIAWnY-+8BhP{^@!!oH6g{YGsDT~vR*EMPe57K6!3%X`~
zZE;TFK8bN(^mg?f_9v3m%)&5RID;iZC%Q405szskv({OVxyK4#j*DE#r$kQY0sBWG
zEW|o>a?nDCrRm2O%t_?0f&Bi7kpNcMjfhu}2^v10ZGq;D9K%5Z=#)h{s=VRV6+5+Z
zU8Y8uITQ#_ef?(#2fN*^{R#kvG6g3y0POC({86W@tN>$3Krk+WQCg>&)z11}y-$`P
zY2yG3rif?nq3i;(7V;%0#%(;FWMkw~V%mW~0*B0`32C%XDPgn-XHXanGWa>UOo&HX
zv2U8F5;xtbK>|wFS|qvXd~GbSw=V1rYpLb(6I%FaEY=u82g%(>GHcOSK=3xf*YV#u
z2{_`;#}LbSvAwjZjr?v23E-&$&Xi2HC7uBuH!!GyHZY$x^SI{(3@!riH^~|w4fEyT
zMKXcuIm?i>91anP!)7}xApDwNz%bj$8zYDlkp9z@vP5C~x;<QVB!bWqyZ3^0>Mb1#
z@3M04J-^x3N5#jTL10!=d-ka%O@^|b-gKVQSV>c4jPsHF8GO;pjKEfbBqpfurqmDx
zr+TKcIx>VHvz&{1rnCi@a_CiExQ>CkBDq_zSE(U>y=-j09hQ8pnc7h(CyV0YPBdt#
z<12Gm31EtGdzkHph{KNHvTh_n811nff_CCzacD+WZ6Ul(_7S^?IkXd^;qNg-gr$QP
zyg%pxm5culLejy>2b|PS0o#Z;Hd;6@Sc}l&GkAyR7TtCtC41i8dj6{WS6YJ{WdxWc
zQsEE~9i2)(iYnP)97^SQXh~LK;!^-e0?kdWhT7WnS{5itE%DS=xUUGGp!Wm{ZcGtk
z<%rH`k)^Q{f<a+Mu;gHtZ+JsUfD3<y6WvhcMLS!m2QcR^dy{Ee*7*xvH9CI;G;fd5
z^SkohMKm9K8BJ27dS#L?I>8@%6e{FSdloGg)NZF_>VnO(S1~M#x&u;712xQC3!01|
z&*Ds;cqQoghP>mgGsH4Pxvyx&0{}rq$elplwxCgF3oVxke{7S?xG+aTGtiVhS+Z_G
zpb#cr&T(8&488rGW;WadzzPih$?#>ZO@DM~ZeUn^ceqHJH7Twf=oxN7jpm6JZD{6b
z?Sargyq6t7GsazRb@t$WUnPzyqBodx;C*H?4V?sIF*uBI&b}a%hK9A`r8VIE_LPQ}
z<23`4<Zs`x!Q)~o=ZJfP!I$DPE3$+K-}&#v<g<xP_*f&B>1oL^9Xdz7NZoqr?253v
z&nS1Hze|h-w~os*QaUe+?ctR-K0-|y1Pd1YeFZ~p%cu!&b)m)0pyPNF;WQ=hD2<iz
z^*}*H-YE1TgJmeD8c@hQVvCa~WhI*)>39<7@Wlz%gafo^+!<w~z<?xacIgDKq4|u&
z+<!Q%S%Q?KnN&}$A@If|Ji^mTqXl0Om)p=GM$oP|)-gE(RTKGDbu%Kep}fHb*u>7m
zSqlF?F^yTWT^g0sb6`vOrOZhyRG!*NIzG<kr#@o)AF+9*0#eJSxhYRB5XCA&(@RH~
z(2rq;v$GEH)bEr5A@vsRp-JoN9%pUEWot+0+B`)7f0{GZEsK>EgC3sg?OVWi*}TIu
zYxhnmXP9iJd^#Fw#rS)KwO}Q#3bYP@hePpQBF?9X*uecF1-99F!?R7?c+fm1u^OH|
z*%YN3{-Es!uNF7;F2PD<SI()v)Omq}>3e~y<B9V+L3>6Tr;&8v*;9{0R$EufI|muN
z%6yo@ymCT8D3lZ~7l|p=;IZ+}v-U*kRDdbsxpIQM=^3;|mPwSJ!QSrtH%u9&-o%A^
zrz&#vX6E>zb;r-Ko^PNGXS$=qz8$$-uoc??8aC|n8^Q<u+dB8~MGZdE>0XbH@^zd>
zl!!|sC#67g(9chbWFM}dg|0SJa?eB!HwO1cfWcYAqMDGGS(Mb~)YU{OI^+ryv<=mP
zpa$y4jaO4b$}E~*J=>~E*&G)*8Cu+nn649QIa^N6@DD%C3>4q%0m1@>>N5ypaRp<V
z&VFc0DmEsqmS%3#WB;Du4=Z#G@uJC444i!a(ylCPR5?ssjk}L>$nYez2+l5tTKY|G
zP<wA`zEo3i!2%J&8jK%JquCWP02d!PsS%*wd;QKt1LJntYs-s0qF2Hc(+7r5R43Gn
z-aj?B5VDO+A{C2&D(RvMr6kaajbK>v!i<ryA&oB$Ch&^y(?|{Bk?e|Qne{d>8^~g%
z72+$|FxYe=;Mv%rWa7$qvgzDi1HB)reXV3=G@Y`Bh(+M>=_HQrj`4fVyeM@A3&&L0
zb%rEFoW#s?&B8$5#`68VV%Oo9Y&eM2l6Zo(ygoOt^$78`%rTVUm-L(oAl}R1b3$Zo
zrbFy%B-o?cW!;d)@{RDAJDXTpI$hc#vagVB?1(Xa0-UjgI=bDpc_V6?fI9nFK|EJ0
z;r8{3)z{xDdz+t6lJuj!S#3(fU^dhdJBeFKimayD@|4{BBEryPCYz{z!X}#n1h8Fo
z=9XuzebTbHS#%1Cm+>Q-1EDa^6M!OlrQogE10JZ1-*_g^B;BgNO^uHh;r?`Q=A3u}
zx|W%kcqrWD5LW@kwL^m7pQDVSh^R|R-60AuO>Bh9c``Z|K2NEJ$m{f7jfYSN+q}PN
z5oj}4xTR@s$gdL$HvRD^N+)r%W8O@9){zzv5umOyB@pKOW^!O<iIsib(1h3SZ}3B~
z8m#-Q3OD9#!6pN$h~Y627ObvQu7nhSw7RA-M$sW+3gyIEYQNL+IR~b&m^0$@m3;_s
ztqBIZMk^6V$~XE0&C$4LiV+8BmzkD?$3x+`P>E>>Y^unpB@NNt7x7#ccTGJ^(vp~K
zF`jC-t23cE$4m{{2FEeVaqBK^THLQ{9xpQ^>zHx-;cYS_1zdp`rEYrl_-x)X{%En3
zE;~t3NTowWxmFEA>H%B%)9^a12n0dU7h1?AAzZ0B2v~6>UeFadswb!gkK9YxPhUZk
zB}gr*-OH-TfvM0#K8?|gg3w)U2aD}#s9mD0Hn)32AiMY&wS{N>tbx`*CLD(1E{v(F
z;cVbBdtKT*$^WdXi7n#MI78!Am0`O<wp>{{yhcJs*JmT5?Ud{z7u}8`?`}i(skf>)
z9*Zeb&u(C4@6{gpS^-mie&eLt(#nQMDv6ZVkR$7!Q#yDX@-1Z@!y1cEt*lTf(pYDr
zu0-Wsy2`VKR=)5aIK`mh_FqIvi_@eG_tH&UZ>Uc{<aDj_p?}+Iz4K&mD>QpH9rCR!
zT|`8DXi=CDbzsS6<71w~C11*w5vu&G3!@FbhiG~?bExbRYdW$nRCWwWPOU8mJEzzK
zznU?XqeV4#a%D&qX|h<y=}D9!Uo#ki0OLc!9;+A>JW4!a2-vi+MpiZe+%VVhsGGQL
z-@>MbN|(=02b7&(U|kNYQx$4qrCXlC`o>A@MaDC(P|G~j2qVW~YUHuUN;u3I4qrmz
zSW=qCXu7CDoPtLsL{i9`nrsXz|3g}deU|o`xslS%8A=-dMWyiy@;JY6!(&%90wb8z
zh4V?#45eC5U6R6c!1GZ(&&+7zv>LWm$^)d)*wO`is3htAO6X_Jhq_*`!fzT9&tfSw
zpO6?9qPaJr>W&_a^VYhe)cH*`I2R7;<7J8mnRV?>q8yqB<5&nAP_;H1TUY6XM}V@5
zB8{(Sj%qo8i3PHV_pszEhWje?`-Owrbi#XIa<f8p+<Q((LtvK8%4@3PlGp6}lI^au
zTu1?^g1Rf2wM>?hLk~se(ZCiESY0h1wGQ${WWbAJMaKq|YdvM7!A-<h`LSWWEeiFj
zC^R>70*79LJHpyn_nfU#qAT{ft{!e!SDPw|zJ%oB<dDoJlNq8*=V)i2k?d<uP-e|E
z3B>pcZPaVy9>-f4_*1fL(RvNyWo(;88WzePPlAef4iqN~m=V9JK52a|J)LcB^-=M3
zWGSUBTMSjTE$}{mCA$~T5=<M9pr5NT;7VOJ8ns`F+b@bVQL?j@kA1CiTVoDGt`B;E
zG;Htfo7q(%i1^0U;|CP5@#FYNywtpNQq8qkEUKmWvZ+=REiRz;L|Z12w($<Od+!c2
zTsgnq?AFZfC(B0O1l?AXTR)-pY<`Ko>CWzY{jyg@L9~x_UfA2%mWo}g6Z=p*BHv{A
zILqGg28&0>2n!E*HmkyOqNvKAWYIH1K<hd{0;dD983cGI>K`hSI0>+0l1<OfUFM|}
z$LKbebze?nZfh53ha$ZtO{t|S6?A0=WwFDFIyjD6p}R8M?qdl)Nb6}&tR={=D*l_I
zFuA>R4ih?g6krvT&%X63*?`vF;%E$nqUt6`2VU_kgYB~bUPNibL1?o%X1BB-?a#Xu
zo`o5YYp7lXI@xDwLvJzrYByN|&zDZPyb>B>Y~vn$Y`RDJjDbJ+IAh#&V%3eie16pr
z-aE_wDTB|ohc}MjP>>r(ZQb=x(-XAC?8y;ioiC0D$%hKB61++Hz?33Eg!@N4$pT8l
zB(_h2i$pv=XuT#0GVc?~DD=U0StKy3GQR#GY6ONM^hHa}9-@6P7x~;Z`uc%PzKj6)
zA$VHFQBo|S{bQ3hL#|z2iBH@fqdYj7CPTR*JBctY(FCY@oa0HEXOn_`3(^?FWjPr&
z0x`I8rNO!(q5Y!Dt8T4qqLPvrfkK2U%H(m9q^OaUhLtiO4hlEd`v-u6W-o0uYtHJT
z8BHTu`Vg*IlULKt5q9$fo@zE_Q@<^hS7Nh1#}hIY7NrBBA$B`adVu%E!g8<`yjO3O
z8;4TgYu6ovKm}eh5X!K9DdG@3TWY@(+KWL)2f->1rg*ELhU6EZjf-($zGl$f4OO?j
zf?Jf;r+kt4fr6E31Z5N2Nz7>!ov}Mk5bHsMS2MH|otYE4v>_#=Y~2#yw8-u<o9>TP
z_pMd-*V#+zl~@;)RFLj^D^}aPKrzQ+<-M9Vf>*wzq{Z`HAU+rlhRQ^_33p*9<8#R$
zQxUn{@Z&{1?>>9;GQ4+>c{oCp&vFRUX#lGjz)zNqdy;c(57F_XW1lAN&ZKO>G%KIi
zf0h6LP4OSjzd{?c<3Fr+I%^Nh@gLfM#((%DKIQli=M?{;y=vk=tOo71b@>14<F6L~
z0XAuhDLBMQ{@nMPKfhP)%5FS?l^szM&NUvOC$q8_G;Z3WBtTbT_|tlt^x(mA`q3)E
zVv|(@9$2qMRGMoz^_TH+Xu4tvXl_%*#YgmBCO3D?C=lF99k*ds{473y<HnX}DSBo#
ze|vWO=042Ujm+xBT_jEi&fRXUhw6saK=^z!lxiq5Z)oi*cXp(ztn4vL8}+BAsr&`U
zXJsEsr=$+W^e;aX|Nr!vef}pWUn2n2?DN0<=yAL4pa0*kJ^J(f|06#B`Hw3O3_yE%
z?K@-u9>M9q(pd}I->$EHx88nK!2oa&IFfIe2<$~^GRAx+q!PbXG$=ce&H%_zIgn0r
z;ziQg-FbFHAf0G>g~M@!-Ap5SX5d3PqKJ)MikC9fkxy0fq0})tlH3GRgWU8T%?wNg
zddwts;j6U`9x7w4wo7T!RP&vto0G^k{cnpCO6r)!mLdtNK!W-j$QZHu88?#9<lBxW
zXH(-*E2-zAOXzSSiDXpi4oZg=rB#}vj>+F+CEua6j#lO!-`TSwG~pzsi+fZF*!iv;
zmr!3<CMz;KU7eckcFDr*mMfy>(#}=Mp2gahP^Fl_`w`?UX<VPZXeLhNn&qZ_V<9Wr
z%~xKdj=M(O5bAAiy;7s-Dy<6uDtAs8oJ!Osw_Ln0UzJJ}bmmbmZgjpfya89?3HUb6
z%_%8^xzI`VOjPNX$p?l|FM_8y=1>NH;i?by@N{)7Yu#X0WI!b5uX>I>THsQr*<kZ}
zus1A{mIbjSf>E_{)pXN>A}OaROX<IhkLIvCT_aSdsKpqN;v~<8aS=NaKTCV0J$s0S
zSU=Se_P9jPDZPV*a%{Nfgeky^z)N!}z8u7`cia#PCr)WQHQt$I%yjRGJL}psjKZgo
zrkl)KJDNaSW=LpDsWV4av|1J2x;jhUntNTGY&b1ctY5{!A#oAQ_BnJ71Av|eaY*y5
zr|dmipe-o(-&5#(KhASxNOWcGJ`t0%1lMJ63GoDn-8>z8{*7j@dMBQ>KlS^(d?FTX
zH(!w3r|-~xn-qN2F}g1&7#rQ#{hKv)qId98&R53DwzieBjMuj6I%JqTD3~%mEclKC
zyHHl=HKe={GI{IGvSD^ZIm28><ww)$c2`5wwspsY{^7LE7W7!$5mO9usj*B346U{^
z?6az2%L%rr#&7&`f(>}^1W*h9xExps){>pV@Wu(IFG~t{Dzaf$u2ihS#N;3Xe3HFR
z6+{i>^?r4-m7$;QM5m>W$7;0_pv_TE#sN+Wfp}~!qLo4bV=vEBcItRs!(EjR@uZ9p
zYnoriIH~5fxGouDL)i%(j$KZ&VNL25$G01Y=5y914p_aRjG5G~^uo_CNfqS29}^2u
zfKj~j5{s;P2UaO30sFh(=Wh8aUYxvp@wgf28NPLp{4Wcaf>r-AP5K}49+i^Ioxr&;
z2+%2aYj~DT;3OK6$>-j|^EbO&t+j<_a7f}Lh=_x;_!8=FV8vi-Fi3KkmY?H%hyf(p
z-+#Zh96G^Mlv{GAN_&?y?aS{<8eREZ?vQM*2FB7uZ=0%SBK~t?d?;L=xub8T6$`Jg
zyRaTCg~dX9oPYI;sHJEZ5G{&kFdD~cj-9$uN;uKs<XfG(x^%T4E!-d-K*u%T>gIB-
z65H(SJsGlg!se(#Pl6Nw9uPqc;ULE-DKv2Czq2@;3~PEtm-ZEFGvq&0$3J8UO-=34
z7O(?Rj_gkz12I7%F+@QB&&+nwjNT64VN}b;aA_K@bl!0^>9^B&^<whSCH&T#skOH?
zvZ*lkEyN(2BZU5hT6Uu@b%@ds81Ct1G^S#3%-LPi!AyLCO*cMm4e?lQJ5gnXar8MO
zq{lM)x^X47BOca{xFh+1dBn-PCpF_u3=k)?O1-Q`Gos<tuflEC;R$xlu|~A|WdK<-
zUODHV{F(2RXMU|T^Yt2-*U3dz)NcM(yB-7eJ9`}ZA&nYl4^G3^*iD!MWN4qzH`oW%
z(KP0ugtSq}g?YF{1ZoPj#zLCm1{op%1P0D$?S^*fP*KO%vCZY>M4F|>J}fU!twp58
z#pH*<(ozzjXXcQQ2ECzQm)thW!-iTI7`k$)f71&`NAA;U=(FKERnBAp%#mwd4Itql
zp4XT#8!?j#;lPZo)%u{v_CaRj=CMJo(%9BivTbK<AD#^ViDUavF*a^Bu{&acP)aJy
zKr%**ZqgJrJzzEYM=b>Y;B2#5SYJ=O6u4>2+Gj*zscS)l_d+NU7p$e^O#=w5w+ae_
z8kLi!wvEgt%n{~pLem!&B#c6nv7Zd$f5K-C<qeo%tVnt>v|$m#w&<X1S(E%>6SiKm
zNfAbeo5@ngo*jpXet@^ARo<L#1k=qAEvKX$xHu^v%#<LDpia??7{~!-ERZ2!FIj@I
z@fu4^vT1?(cRGkwIs{#z%!k#9k~itm0St5G4_B?cKT)28;A|2yc%ktgt{Nv7#nnO2
zvWdmpi4PhZghh@j!%kp-Tjg;s3LT>y8ATsqBBz`hk&VtUrG=-*u@<GROzj=9eB}#M
zVpk{60x_nC#38rxXR#~^@|{SPCjAvE;OCo474JSz%!@>&xkBAtlXR6jZPgV%!9Vgu
zbR12km(w|`kow?b{-)AZF~r<J#7UcHGFg+RswS(^tUOiaq(&&ls-#AG&dSo)zv%vN
z#{KW;t0e#Vw;S!h*4mFA`}e=?&Y$*Qf5^wV{~by4pYI&oug?0T)%DfY^40HgM9I$1
zvqAnD_q-JeQ$}~smU8PXC#u2f)F<|{5nm7Av-Me;_8rp|Pa2J4L-*#<IRuUtk%jT=
z6bRBFDkA*O%G!A(G4tGud8GxyFN(qPs}<)M#FMLyCs~nE0Sv`I&(uko4;}YVgH=V3
zDpI6d1Hr5~1&)LVLMP6_;q&fcaJ;9EFP%<~GRvj$rTkJa&-(mklnrA37XRJ6jRpgL
z$hiWs+;qra2FZo4X)27fOMW^{NBo5|8{(HjJut=faf9FC_{Q9npR{Jux+bUCHphFt
zeMg!1vayS<x+9tc($>Sg9H~$w-W=(uP*mnLxoUXTwJQBW!Y=?`O6nv+7p2EFhV+`X
z=4?{aT;11<qW&ZU%!u-$7|pM9yjgN(qgXO0Ib}7<PAUC?y$LJ)50B}h$QT&Xi1H?^
z@e$=kvJLhKud6&{ijn6cqo8mN#leUdGrdGk7iPTs7p=Be*6GDa>&4Q{>c8fh7`XEL
z`rVG;(w;tfLa#OJ*~i#8=jfLn^$Smnq++yaeUpmqF=B;h-DI6y16lF4N^arInn5R`
z&4_g2t~X~^;mb+dZIwTRa#@SCo`qIK8ztdb;*J5~C+{FA)7wGu5_nKmM(9!TR`vRw
znmn1e1{C|j!2?XT?d$`Z5D<yheUGXCR}(1yAOFnc|GtLt|G(YH|Fyq;T;~7Q*8b%G
z{)msq|FQA^V>bOm7Vt6J{;#dBcPdQ(?#%xgtN)Q>@{hl24gRr*!OvTV`{d9L2g!9d
zMP>%$Go#vo)l`)B2R(++ubeZtH1A=Un|K_|E3Rf9dx5kKJAoycaPReY_MdluY4Z2|
z?$7qmm)r7X@8Ee?zIOk@iNomb(HvkBt_6?ng&^vqAp##rP-W}+bE$mv=9z-{W>>yF
z-}%Y3BHvyg{4C$z?C;69-R{2ncB~)Cm+gc7?Jf0mduvz0-k+OWsf_6_PHQv|sBpmp
zZNpBscE$`y<E$AMP2dX}jkpL^2qHKL=+AoaE3`we)QSBdpmVx`LA6XVbG$-X;2fGk
z<IFlYFkq){SsEU4!*i-5FB`)UYGUnB+$!+=t7C92PJLsx8^+z4q?vvVcVQ#6M)Qsz
z!+lh_6jaIt8x@xI_4FTh?H?llch(+tzAe%J_MiEG|B#PO|8d31_PhO9d4IwGJ3;%=
z`r5-v4Z!X+LLoC9w4x!aql<Vl25u2kKHgO$Kq<fcw5o$7D?K6$?whi&;??yR8i*^!
zr?rXB;Ao15yE^{ky$TT<g!MC|5dqtOzCJv7iQ2!7d!F^eFfX!_T><`jju~Ks#c0A(
zLjy~P(L{oqq$DRslQTC9{CSp<lAD#7tC*lltHJHN9ax&lbX>%P`}1KrcI`0gOTJ!|
zphb&73)4uN!O_mk-t!k|MvIznOw>pL%<wtpe?5=JXi)&NENXLkd^gcI=*}ofar7{4
zbYeC{GzqvXVR@9Y2u*2$W_fSx=oKD%!SDL#VfWbjwSDkr|Clca{6UWady3vPk1*o{
zO*W1Dl%Ah90OMfJNDo70)`M^I;4RAJu;}lCw|Re(jEmqcEJ^<E-SV#~sv+jLE}~?}
zk>JNVuKBvW41!in+8K~bui`$2i)9?PO!)9Mny;EFLsBH5H1_vtf)gyR7go|Pc<<Ip
zWS(P6&_T<O^NI;%(eH|Lk8vNo=4n(eunPf}pJ$gks!ozp&SV^;DcMpb5ygR5gFTCR
z{&*%#F@*(Y5(Wudq0Fd=E1~unTWp;Ur}??8Qx#J8Mrady7At2p*{2Ag>1^FmerAk$
z#;gtT&>)!qCSMQco59$$UoP=0-Bkdz8~Vp~K;s%C7A!Q)O^^6D1}Z2U=PLz+I~r}L
z<Jh4Y0}LvnVoGxP`38{-$-1rrc|?Ms;k;<U)SNcdQkd~pSO8f{1Rg|%y=c^rPon<E
zI@@%Nm6^oDfx1_DxqI+zYxjtG^<bXTX3uM7lS~lj0d%LR-aJX?{_)#uk=>r^VW}0R
z$g6LtGovBj1f4IyBOrym5DIxU9rUd9)oo$^F&T?0%(mw;6RQEZHeKcpms5{>6>2R<
z2N_kW_MScCZ~bAcjxmGKN<)kGfr6mgn4JPuPtH8g7b_r*nt;AN>AK5m_NEwBSC7NB
zjiWWA8$&XSgHGsLl)rMCqCnX{pJK>=zS9*sPEJBT?wabbq@|Uu$)g#o3Fe7t&@4z~
zc{-2Y>>k7E6sp$Cp!G>B{pG7nufJkvQ8!Mual;_JWb23S55ZY9IYC?!{WQ-ls}xZ*
zM10H5#kUOVK3QASGWGTD+ulCd-R*84D@LP!cUxzyIy0<O)({frToCwScelHB)WsuW
zUM_-O|Md{_6_=^!8HUV;1@gr#qJY3dom~h{+F|x5Iun=n#zWIx<ya(!HCP!>_5Qn%
zUc2eT{PalPtvohDNzMRl3q$uV>AhBCy-!vX%u5*4b=QJ{fG(l&^L&wIoCDs0p-ye<
z?jv22yxrIpD=m=PNakdq@yb01kqOE!qDd$tvkb(&TXCR!{%qCoOXjy|{fF_9QvbZ*
z)hf}R)5O1ncaL&&m0<{vvJ)R>(E#i7sIc7czY95QF!Stq0`UQjZ{$F(=#H>&Gdh&t
zt$!zEcTbICyOUv@HuCVR^;hwZx0*qr(9Cy}93d>|yyIhMR$8-0r5-utu`Pm%+d;bz
z&}t7DjM2D~KO(Ox4A*7fSqXEuaql*4gN6Xqc^*Zzz1PR{K&9394v%nL&qr~DIL$+0
z$%YM8L_mNg#9siLnX5FO<GFTD;BjdgL26Zm{r23WxFvQE50C!3f4udJ+ONvF1Gu=2
znXKf{o&$8{Fnpg~rJyM4InpaEfkY6S$W9wd#CQTfp3a9MyX0t|6u{HfQhsK9`E*g}
zeKB@@DLr29b{S*wI#41@d6SBmOlx-wgu{XIMt#e2<}W+@uiqTgy&2EK2}}Z);8ULG
zc*Dom30=S$Y{vna#uT10ClH}b#Jm7VAy6}9e<+*5G<k886xkX+P%yt6Q<4({Q^h_z
zc{@aFMF6$%Yr4SJZ8Q&YI>=eIoyM2=L|@dZDo|r}!9iaY=?q&iyMbC+<u*2@3HFSn
z*Qkjrq^b9t3xRD!M+D~7VBWk8^qU+6t&=6q#`3*DLV^6=bD0GbKCI?oI?<aE1F`7Y
zo$U>ZM7oS8RlKfi+_!3^2Zd_lm1HlVN(Jw(pl2^F#*}Ozj5o42t4Dp437mDj_;jt!
z5e|BSDe`1~lVtOGYoFdX<i|Q|94mIoPf&2gz-Ta_UggFO#-D{%F{@OmJ8A4rHUl*~
z&QcB&)NAn3^lPe3JO=|wxPjnx964VC(0(yc!V0=brk2!Q#~p@DPHa=<4_RUdX;e}j
zCWA9;Tjt|EdT&<i21a_26~*<<IA>FrY&fuVlIrV*rAD#x*$D63FesBLf)i50gO(0T
z=pHH{BIr5}Z?dXo-x6C=0Y#$dS`y(?lQ0tbU2(+(d?J~`LXI+<LM4o~y1VYKpS{DF
zI2~vyHiZQtt<bDefs`qgE?)DQXCWV3b`@~acX-nHCJ*Ot1XRJFRJi}TgormONv9-Z
z2$g|7mpA4~hXuPnn--oLOFgmB$HK7^r6e_8+!NX64uV=WI-e@+Rk9qPoG1k<DTB<Q
zb<PP?V|mh<%!Gw1P(Z{c84*b<={rTNVPgBEapRQNdA>CtYIK!XTmcS5e2wo}Zl)DD
zwRah7Ye?0}YK2<i<kT^*vPf0~$Gs$;to}Z9Nxs>OEWq)0bWcM@2z-yzhMyay2_5E~
z92T?-|9O;CT31S<hU*pefi&k{AOUqt1BXMD3>#PB+;2Dt`0}>%4(AOSiqN9=rF7%8
zsx0`IFlcd{s4x17p953}1%Pu_<Wg*x*T<4#Dd{@DN6rPi)>=?!6b3sM-E>uWdWnIc
zY{3*5^cay~#bY<j0qJ1?{<?-F6XZ(HRul3D-Nf(fdwKW?vc{?|&0t|h*K2yHiX^vb
z8D=-osmIF^^cAd&+rhf9qbhrDJq#$e0Kq!mrtP6s#a_UUu(ya?zv&Wz9jV!?Vgx&n
z^H5~9qT4!>gU8Bgzba?dOX5lCdSIH~Rl!xla8%Hwb$D&Yh(75_I*ko;B^I654%p-!
z@Oh{WYiUiqW41x+)=j+^mx9iQvxcgKT0f`4(vr#(?sc3?$<_#6hy&}eq;kmRHZYGg
zIa#6LHSeGKzHnJu{7*h2){GY^ynWDA4%rk^qxP%S4qO+k8@nigSkUCMRf#3q>a@zn
zSdp}Dlo9bpXFR<Pyig}IkzH5?7)YH>yFH0ih7SKYy&$#1&i>A^J`?%1w}Dl%dOjWx
zUU|W*v5rFX|6FiHGS)ege<2i-U>^D$)rAaFVKKxh=INwsJmAR`c#<PZBBM4fDNwcE
zfHt;ba<nY4;i)PJK&9co)xaWh0S)(2$lRjxH!$q5)jDbmFpjv@58~j|FF5LZ6uP`g
zUoXs8o%GU}OYEveA+&`F2EIwY!v8~?m6XR?foI)0933CLHjFDFrLY1(>;_X(!Q!k_
z=9kF1^1<jJaSB+U>o{QeKrYdf*kTOr77x2e$6JT`mIEe4GgdCHN<<do#dM+jZk!qf
zz)bL_&B8R8h(DkSmA~q@QT|BHCq^1l2MWT_{D)=C&`?y`>U7(=hg?;<c5Hx}4c(iX
zMrqV?92rhqb&SNcAJhQX1$X+lniVs?u+(EmdN9pO@!LYDxn<xaLCbRKeXrI<So-^n
z#_HRJeQdIF1i1HJlJ^jl<yBoVd47|Q*R7!`Or%*i$<`3LGKWC54iVm(0D2rbFA=L9
zoOFjhsFJ4~YM_-=iin7+7xza)$x)nXKIaljwYO^}q-35!%fzyaf&PgS$cC^^%yXO)
z^EQe{+2q>GdDH!6=eYM`YiIY(VOJq(zATq?id52r3n3XBo+Q=lYjOSo5lZ;0{4OgL
z5maNC<*_W2Vz33|@4rK9N~8XR(>=g-`g!zbd%Jsd^nc6IVW$1(A7cOCdHiVY(VzaG
z|Dum)|9MXKpPlx1(d`XDTfr9W*DK(`@&xVO<SU%LyHR>J1!5p2mowBqyneIYI!v-=
z@N5$O12emv7sYseW##hna(T#w>XQgqY6NBRkCai_lIlQ`wtE5naxF;FdeXNlRbhu+
zV^Cl>Pu+0A$QS(7Jv`bu*q@un@xz{(cixKmf_}T)nXjtd+kdk+_h_~4xx9*{!`!?X
zd}BMr7+4QmuqNM@X3_<|_2&4;gTtd>ZvJpN*oh~=2@I1_-ao$vmS#ElaTyr%;6-va
zjT1^X`ylvvIoOVean8;baFR?ulJGd5#Him-FpOj$jRhO;pTv3pDYU;3T3VbrZ1!m9
z<^I+&P{X<TUsu=Gpv*i$6FCs!jX)YmfZ7OYB?pA}TJ0)%rIdNnf~_X9Y-Z*ft#+tA
zD93p`9b~N}9RPBW|D(GOFL#cP5C2Mcy;u>+P3RQq?*FuNc(8AmXuBos`(i242_57j
zpIn$uv{7ncItss93!ZYH19s|F2QelzQZk6$=3jTZyU*ub#ONL#9=_S1>-Z1(5_fLR
zf4<k<n|tU#g#XVyf}SWJ7-0j<*{{ECm_o=oG|;V~xBWs4jKZ>Kf#=hjvtAHKyK*^6
zpxDVU>wnBK#%W4-3c#zc45olzz_a5<ArU;cJ#=hQPkL|&@Zw46D?{jJWN|uZsvFkD
z{2yWE5PrtKlmT#42nLW!L&^WqlxNd{HAeErM$nAb#J;ouXR|(w9C{Ay!EhI)7h703
zWHTu4H-8%!6Ww@*fAz0avPY;soJ2VYfe5^W_Q(4N``tO&DDI1$-MP6{_t~?91E5y>
za~`@K?;;UW9;P1JNl4>459=iB=$wal?CLrPi03?2@lWRF9=k7eqjTSSaDF`OZatry
z`|h4lDv-NI(~<H*=zk0%ZFG&-jls5K5$8~ooqdq&wqMP4R`ryg#c4c&NoC!&It0}5
z;wQ+!UiN+r&1qpCnnV`3;}K8btYV`tB6`?g3p21HPbh6a4h_9w)wYs4Tl>p{u(N;M
zeJLPzxbTLF>BxNh$cfCqa*xi7*E=@vFJZ7Rse)`1!q(u_Y%_K_qN?<WKMl=7m&wD7
zmY5_~P!zk4raW9MD#kFBerX%KMXAhbY11&O)XfEwiolMrTt65dd&AtSmHI=<*uhnG
z9c}k}w`zQ0e78D$b9C2sDC7JsDp^xz%oQu^F;%W;?5aE_3?tXH5vItLqT8&fcv+fV
z(csl>Jq@-wV5r+k^Wk}s{H?bhWU0Pb#ea5vZN~ihAe0jCb0HuVxkX*;G{(=OuFH0U
z74?g;z1m*eRGxAi*R|c&-#Ya}P|@$c5+oIK^mdRO5+x!1t$EFEja(Mdw(ASg|LlcT
z(OExxb(O7O9RR~`4dc{;CQse&WG5f6)a_=&P;ot&yKEICEpyVi8p|E_iFxlps649b
zXH%bzs{WW(bk=%m784y9EULDR6piVseOP&?38qB7&1q#aMpT}lD!Y4q<vPT)@pwk{
zI;`@{rIod0J)qmbsYdcea|EB>0?O&A_*_rz3!o|qC({|<)R)_K1x?lJXQhu!*mP1R
z%I?NGP0e{)18ElhIGM4&sI{owZX)VbGZ0w4mLt@RdSUMk(m~y@JCKz_x!`Urkg^@G
zCx7<Be5~Q4D7NSwc`uGfTHo%Bb+f!SD(hovL-{s|`#ucKme($ymW`_y5c;j-4pp`f
z#{j8H>Zd$TFK$61a~BIV-v{VWhXwg(VL|?tups{oEXePK1=cd;pRo*X^;<5(d(`EK
z@{SdE)}r7$&Hy!Ku^07-b*qE5>oE2#*C>nDpLq@OxC;pW6;CGE-x_JA8lXo;;Y+1x
zYyrY~s073MEK-xj69r{(hqI<+Ln9W0PA{lo)U{RifmLDwY3WQKaO;~@?q@n$udUp2
zhDxBXYj;ZB(uuH%(Rgc@uCk80jVm1!a!RnPW6N@Nbo^q)r<?;5*$Q8>GVt|e+7iH5
zlxauEIZsK3FW&4Q`${r-{LI&qVYA)WzLpH0c8_0gy*cXoYBG9*RrcQO&V5_4-e+a?
z2)?^Kk0c|lx5Oh5M&scyN@L)Z-DR#qX);@$p|!D!Qo7_Bl%$FlkePioKKOzctEbfI
zL3-HJ8m6N{cO}%0t5t1}D(x35=Wy0OFRrqaG$qeQ6#VgYI^@WY`BwqF;s!%u8(++I
ztxiHV`fXvpYFkq*=fAjpN_o!}l+5AXDpuIzw5jI5<fz>^4V8O|ZG8=W2t9ay)zfg!
z=WhjIxi8vvC6Vs4=t<=hzahtcUlM@oJbu_Qoybo|?Dp!bX_;A>vl)3c9Y*;k2#!YH
zhs2Q}D3y6Ffc>3aznV$kGP7y9Bq$A>81)-RPHOv7hqE-kxyJ|lr8#rLuva$xWV3`3
zo|8}>&i#5%<CEpkI6sf>w#rd44_D+H9<X6~pV&y8hiYfd@HYjJ?s(415N3O<5(Ec?
z<@Av-1jk3Sfq5>-M(3V&oR7v)k(?wjC)YxB=umXYzTFBN10ncbeLv9fdICLXGJtla
zX20s-7Ntwsa{aSDdDpAzZomPG;NvgtHgY}8K=Ed0o~m4i85}OdJkJ;Byed=O#ekzX
z!TItPsJMZ<qPyCq=(@;Amu~)kJUE~rNFMKkkMZifU3$8^v)}dD7J@;H%UbFA@z%~R
zMpb&~b!HUhA4{E45t-&1?cm81r+;CoAl>Xc<uE=*sTlRwEr*ZF1$hKs%lIs;y!_@h
z)8E8>5aT5AjV@Y3Oa_6hLh!;|a#Q4H$+daHnJ*}c3I$sV@^RcxPVr9hLirv!_rZJ{
z{9~4tuS-m~Fc6r;FSJt;a0uQ~z#K_`1q}|%Kq^3B_@-IvCgvCG0NEu4AYOx)qQdB?
zj0Q?seD#6lUlSPgObj)u<_qZ_iNm+*)!hJ<W?kZ#RjoLpf=HB!Y%B?+gH+MeP*Y(U
zTNz;Wa$`A!dfT!b>!hrSD{UTSV@jCryX=w29)=-psCaJvTSPNm;yoXU3r*B6^!W=N
ziTH(MtuB<o7!XGQVs{#0>20bKB`N+zFQkf!c{ZK&V_kJo<>l>9CleS9dV=uFq4hGI
zj`Ix)t=gD|R!A4Yjog&P`eHdyZUaNe))t`d<>#2kDWCKy#K6w;qn*EX-%$iUT@GUx
zO^{Z_!8n>&nT3;HKe33Jn<enm#+Rgq@jr?<e$~&t#o)G9aLYlkg=vVeXpT<8@#G>N
zEZ;*IuQAAA&e7`f08{AzsXm)TX%P>a0s8#o%HeFE#Z59DNw0%(JjtO#c7ka-ftR|s
zNZ$41Yi)U$XQ#zwG~pcQQJ!c01eO3@wEN@?Db_&A5U`;ECj&s3Kax80AvH9JfxJl|
zUiFFsAY@ZY5D8oytyfd*QMezfz%Usl(h4P1;<01ewVVRmjjx*+<}W$LzcCGNJUtmE
z`8mc$9w4KZoJ<R}GQ!9GIK_G}nib6T6~lA_40Mg45t|-1Ij~p;K*l(=g-jN;eR-aZ
z-0@IEGT_+rbIuYsz(jG>CPkPdI9TB{15x`D?ZIGo4k!h5zD^5x3~!?o^po#vbV$V_
z6nlcJF*b`Vukv$@Pj-UyE=D>7oa@LM*93b3r)Y{UBLSL))3NT2m$B&h$8K<R@Z$LA
zt;24xa}>NjJostndG~oRzjXw^=bORLJI6mByg9~b)rVXA$A1kDUIbhFe+^y%vx_s{
z{pIyx_vk1%I1G07UhnR7pErY@{q5a1&v*7;2G5}8{=spuyR)}*3}BBBs7V2~(}j93
z0LWhVaQjDiu=Q+bcjx%8&EUn(@jgO*0bsX+*IS3jJKJw|w+>-v9KJp{>OvQu1K|Cg
z{TFDS)!pmvAH#^CWq2BNe}bRE(T^BA6Pr`^qX10Xq6R-6>^|?p!)IOS9SXAC*#2K}
zgYIta>@|buTYFnCyHxK0;2csx>EX{mcIgqcxCQ?wAsXjq`(Xe05Pss^93LDW>&idx
z9Ce$)*5S?(PRxtL184vz7U~=j7^u15WjHwL*mHoPR|g8=SU^}d{dwNq0$%au5mvXC
z5~kv-e#jEp53~Hg_A|@=pKYJNyp7rR|Bu$z%JKid{q|4$|3Bp8+W+&4lMldm9pwV>
zkg`C1x8C`7y|Y$!0oaB*$=P&bPCGJKg!B2{Z9_nd*?ylO*{1vYiDjx!hhAQ9zRx52
za)yR`A5Hq_G@kkY{Lgtjyr5$PIYMOIXl_a!<`ZlA>ojj<{{Q?>HtgR&B4MPMWJ5|i
zh^IVRmS$-yO7kQ*jiX`;Oat`*&xn^@jD*yX*-VO1rBAqo1CQ?Gkk=te)Pe`h4+8MP
z;$bOH!^^%wY_Er=zuU*u$zIQu$MKmliN$L7Z9`go9ipe52KMvL{#wU{0gp6@3QOD`
zQ1&;!xK;2m9Dh5%l%77{J$T)fv<PuLK+TsJ{mS^(gVt~`^lgT*Drz!G38Cwf_TH{7
zuB5YiySKG{aCEEgKHu#<|Lg8^>gynjITkNv+jTl@H)!LG2C5jKoKROu0T^?pxDL=f
z1w)GG!7nQZ=o5Q%4G%{5{u6ivv{yQf`cToh^)!Bg6}u71fVCnp$o~C8sLMLXVO&BV
zr>o^@*?V<#+}(R!dcJeCb$tBSidlr!Ej@j+d$9lVzYvNs&Q{a(dJ9+xWF+y&Hvi(J
zo07Uq_`x{6NG4fIfleq>@d>i_=;(lRMfckr5+x(+1Rzr&j}_;zA*CVo0hg4a9LswK
zV0NHDGWwqqY9$v-aL2zH6@m6zP$VjQo5NsFW0YfgEX%&0j)p6rdG)~cDcZKm%<Bhk
z864W&y!tj@n%~~@?u)HAyL$L4$~#Vw9x9R`5+a7A2gxRCUiH?}Q@Q<RK(}p>m9sZN
zz4$o}@0>hvksbp1MfC=49hle&Ii3@>JWt{Yo)y<fChh4jFo0W*_lpeF5Q!vJWVRA)
zqSnf$vqBpAjN3_rpW!shF7qZytnpQU7;z+a_Tp+R++PTlcu8}TplD2X-AY}FfasN=
zq8^pTP4Y%2jHJU|9*c5Bh3zk))$a41!@2qUzy1m*{ja}z_@v&=moQPUXz=U3xw-k}
zUw{1py#hDp0}XY);>oYS;<k|ISkp0*P;I(3x4oJbIInvHAh|Dt;n1xwPxJ#c^?=33
z$Czz`;zKA7hweWP4vt+fHFz*LzcS4yE2Qk2R}`u=o2qm$zXH7IBt{;61vvJVirKZw
z0>;&pteWtZTg~^%jOm^=+bg%8Z0JXxc~eafN;92j^HoG0iX3%cYs#R}I*-Q@Fsm3H
z=al9DQ8t(YA@`3opA6{p7x|?5m3cfcYd|9)JWnKezU<QFpmCtLEK#OtT4cCk@dDwR
z>D2tM^UGn~zIRvy8sFSJ?IK3AinlA3bA!`uO^%M!CE3S$7)UhZ5fF=lh!v1Pq!Y^y
zQQzA-e5IgB2xJ0*<VT*OekCcU?2&^8&<qTTumZ1Pc7N&O(sFBRqG|}2MVJ<Hgr?WQ
z9Jeo3{~{)cNQ}=?3@pi-A<9#d6zr6EG93<h05O6aO15XCGsW|>>aZX*LN;&`N2oHi
znI8#$fGAU(XE~8u6BZ3HqPu*y+(amtKZj^5l(HkIB@)$hgonL)j9?O$wpI-O@c|zO
zuR%zIdAX)jXpkAE5yo#ar;RFE0m7P%3Oa#PIXC}<`$iTFh`GlNyyW67ml04-YJxFj
zMm~WvkKEiSuMMoNx;7Rg^A*0)mS67tN3=`F#RQq0o=H|QKzEP=<}-D+FmJ$7mKO*`
z9>U>i0GuTk$Rh`5SvG*F%1~NWF+s^{5)SYzJ(C^kus<}iIStB{-SA>XV<9DRB?%I+
z4`1n9cZIn+>v*XS>M94(WS}{Jt8O(Ds1{y2%lKt%H1U=aahI+tVJR-7Yl8HGSWRrM
zA2)rDMq+s&%Bo%Ze0P^4_Yy(LSSyZz@V91qngnJPU29OhGi>Frk)@SXfnabNpS{`H
zecszT>S1G0_l%hAuu`6|%Z6n!3{y*U7<KC*OuHw#!W#5?gSbD$>1n{39$%r7IIN(!
z<+900l@(Et>iCuB=0KE-C#lvNl4~nYV0KziDB6fL+G-+m3VfI0{Ty0tI#cc<rC`yV
zG-P9>q>C%#7x%??<3?$Sx`5Z+NE~?@7_qWxktYL6D1^u8vTlNM^VK%Nxp+cPkg}S>
zc245iP0dDmrup=u0?UK$@O0&@-$x(~3E7heYs(!vy763^gcb-m?dQ*v!5~ga52SK3
ziwhzGp;H8pbr`dboItVzv1@}`^$Acon3!JQK|WrhIS%*bz98>t3=}jP7bN>5YB}nd
zm-}zFdp%OCH1yBK_UdY|6v)rLo&AGDEc0|TSX=E-*<VfUHUZS#ec|bIq+h*WRLJ#F
zuh(c?B)OOqHPkF&_D4bOa_=>ud*!VpE!5UkFDeusf7yk;V=Si=z$eU7<)qNbgTGHR
zPBjL{&Pb=itYrL{LPeJRjOoqb`~`woIywKci$P517v_Vj0RDB~9nH;2nfY(>`OrNP
z={{G^9o)yG=!%@$(eRA649m3~p9*QB$X|SEje7)Dc6O>9Hb4oiyj-^&A2wMU8Fz5*
z@#@#Kl_K4$l{c_&>yW>u{?yxLu*GbeZ}y$62pf-@&|Xlo0N#qCRuH*mK39%l4$Mvj
zZUG7};3Y4sf)Y6BRF%tk0Z7_pn&Krgwm@u;WMLa#S4$nid31q^dw};qw%j@r5hYM(
zK)SLO{3a(bf?=k!tT%8qW>(OGC(|^60h2b}F`%`>o6RM8gkM%ekIsl@)`nM+u2CM<
zgYOCa9tEPz8uU8!&)ABJZ8mMl(RV<CrO|2>g{u*@1Ru`C;j4={!-!%)a|<)k%)qVO
z@oP)eRMxxP1nO3bItGH$!Cx`gafEl)xy`!Y<0vFpC>UG=+s_hY6Xya19Fk%(iN2Tz
z((x5FfHL>WFF^c%8q8O`=-?ZC<xM5!we+Wh^qPurdE-}<w?@*=t5b=J0?t)rD)!RT
zG!y$T0YG^3GF!n_Y;n6R{m6h|u%w`{2dgrBsKF{K4fuLi@C8wn3PGSy{;YIET2M2n
z>TOS)3rZOAgmVv+dZ~Ic_o&^uXVWc}7({j_AAhKc#=nt5Og5K@Q*t>9BJM1PS|EA6
zMBSD(Rg`oFKJ<BfF%N(Uo*H_DtWu6L>AZ%ZQfv4S$oxh+LO?_WRO6YsXHcLY!O$=b
znw|MBqKl12Ov3dEs#eHyW-$QPC(tv6lOg>KPNP1uFA3{`s>!Fi{RwBMs8#S+^bo3F
zOVd7ev@*P$G{@mwgR`ZfDR<)}+|;kfoR5J`yB#WNQcs|V4eHZO+)CvcfiEazCx<dm
zTg*(V{4Q82zziBa>1D$+H7DmCE71n0Tv4-WA+5dkI3#;O_#DPmMe6-ofc{wZC_}+m
zrzdE7$q6_;J7K=yJ&))VZDt!MO=l-H`RFi{$<f8*LMP>zF}ZWUNiw_L4fz63H-b+y
zhF_|2LglrPsD;2!U(N&t?j`b0@8vdmlj%+9-kP8=uGAf#{~YG1xbB0{g@l6W@i+zs
zG%cXa4E_?~zuZRDKo?NV<Bn#MK(RsChi{GZ<P4c4wwWZYObmo{h?aO0?hrCxN&lQ*
zNHycrw;To)XC&(#fF7`&u60EE^i<EtTnB_BTzL5VP0+ZEU?3dYi%r(1c&LcR5FOfJ
zRAI&J?!DQqoLdk)V~SZ=k%4g%V;CYNVI=cPt5!g<J50CDC6I~Z6y_3Xp@<FAJgFhg
zBnFKi?RDU}?q|^?cP1M+l2ug0qID&RO{|0@&h(o2U6`6Uf~A5*9%Fw|0HNTuQ_^<T
zteL1pxzo2@GxU1I6@vu>^a9+<fd{`tbsZgIINJ+2=JI6HnpsEtHgGsw$Gw-`<9%aZ
z;X25Wk|i4skSL^p1i+jpnSX-UnOVeF!0J~46h2OY!`|iqe}x*6Fkz3DS9$bPeSu{4
zw_+H(2Y5t1s~bslf_9^lT#hsQoOt6vom?s>A7WmfF$Vg&<Vb;85I76>toVOq@M=k=
z7|b{UEHDw;0OZ0r>VHIpRuICP!OEyA#{1LO;nv~H8yD^Z<o3y#GG)2_h$o6;&DlC8
z9bN|u%gf6PWVNc}PYHOuHW|gFwQr#A6uBAMci4#qC<7JACBMYiIpe7q=-$Ee8%H_9
z`<YQ@+_*k_pbG@*bcBZXe4Rxm3-M*J@XZ1SPUjmmYmf`7@rAmf!3e4l_UQQV#(^P6
ztnQb9vSO-oq?E$5U6+U1DIG!xMz-2?(!?W3O@&m!n4}0NJLMIN1{X<=w1ZVhq}-FX
zgST%12j0D_8!3(n{lqJ%%!{4<o7ZuHhq`=*#%2qpd#4*V>4XzMct99m^+Q;#{(0?E
zQ8z2PkCrtvsEZlE&<eP}z>3@eX+W00N}@S?9CY7@Wf-1vF<#JeAF&6Bd~SQygObkQ
zv!$k_7mX7(+7Zc)^JlP6q!#1x1(4&`HeT1*L-0V9t?T3zWbLz9@rZ0lh8LP(Bn4;i
zLs^V2h4AQu1NRt@M7%IT)&~giWvZ{vM3N*r6r5nLiIZtTWl!SZ?^6uADsJV3yrdR9
zL-gI|c)omprY*ckg^eqSii%)M)t$ta_9;>B1u{>|=e5ETjA8r7?)EENSW=Z7fyYcB
z@W+|MA4@WmEMyMZlM!ZA{8XX*+37voIX>FiKXw>2<GFK^$kjAm_1UXToDB?-EWG$a
z*S)#dnuZd*>{KJGzJ$Eh^=!hTKT20*pa~-G<aCHPZJ4kdx7{SkC9o-U4TgmRO{=pS
zJPFo1-#%V-IVKtUT>G);@T3CBfSvZkZy$cQ_W0rI?mfyX!CAZ_^dba)9iZ`0d?rkR
zT<fT%VM;kqSA0{bY3)HZ^_)kvX3p_~x5{2&r}qZxu94;qN&>T&oTcQ<!J)<osNY|6
z4`tWATg^9n-MzX-Pm(j0!2s8dbAn^qNX!dv@$rg=SenG0o`UQ5XC_dAh_D@?Wkl5$
z372s)87R91TOP3tmerLT!l8R_=>P)pZqJX;9aCpzTDE}8zaRt+_Qvosx(2Z=n|#a-
zO}a$c4>)rq>13eBx9_|Jj~}*R<`DuO^|!WRNQ|o6+2DAk)p4<vF=)<SMz;XJFFhtL
z0ltw9<3YtR+Z++gs|L@FEdcKi*j(+$IL;tREB2G$L!61KE|#C`KBA3lO($o7#n=3_
zV&?%gblE;)XEUE>B144X;pwcZ*JuI)GMNOqa1!^YlN`le`-CItuqEg)o4_35Md=2a
z&=S)<o=(PSxWESxr=w!gGgc6@ROEAn5nr80Q)bq9*OY}wH8PYVS69oUrU22^!`{^q
zr{PpC)XlXOZ<=g&k!s{M(z+;m>4cyVcA)}D8$|EDZCj}FC+oH|<pN>KlG3HgG$mN^
zz;3;Is#Lt}hu?kGunE@eG_b!T^rcsdh_Kc)B=@Y$$p)A2+7SXQ1q}!-ekLWG6UzpQ
z?1D+#gb+mi;Tf<qTq>pDDm{80D+Gxc?}{u#KTJ5VWeI_l9c9|mJCE7(I6?v-Tr_Je
z@Vb|o1!_RWlSj6AGC^``^P*y1K$<j<8*Fk0Uy@|-{!w9zeQRM5+1rea$aV_^r_>1H
zwy?I#!B0GEICP#Qoa;U*6C*WY1V>mHb3CzvC_81!Kr@4G<^L=n8b)L$XWm85ARfy-
zj*zr%nUMzhUx#$vgts}@X@OU_7?wavqVl{z=hGA~+t^T2UvpJ#BqlmYbxM5$>A%!7
zvsfGq!Pv`;t$6U*w+1m?!27FBM5aTXN2?`mgKn(48*g6!w6*)DJEJSw%l!-cpjy)Q
z1!Di!d-mqV3rv&pH+{dz8OwR2*n43ZO|L-e)9-1|`i<ED=jPx$eEGUM_OD42Md+5K
z05bmSL;~LJSPiYDgTd1ipG*^w)WuDY`Czrc)RehyC6Sah;LD`B#r;j%c45dY4K7}H
zFq94o5)Zrw+Jy7VXUPq5X6CE+{NT;A-EPI3IUa*6SZr;((=6%5$qz1AnC4U1ayq*)
zIcgBAK}roIXnNMl_^n~<hAoYXboOX_YhN|Z_Bup_@b-(8UA)-KUac2<#}$<@z>#0c
zntq_IGJqnt)*2IKh*rp^0o+mtwR5C^u&k0`Zr~U|MOtpnh`A~*CLIB8HK(k@v)T!>
zr(|w!{+r?HeAR0hJHB0RKRlbawE@;J8#%@m%PAS(X`_*cO%DJE3M)|~GiDHK17g=<
z8=NHt1*1Mon{2?&;SYXYEnN-jfkOwz(1Bu7WCLy=Z)^4XqZmc{3n;y)!f$E&T(nQa
zBO6a;*0k~-Mr6}VTcLCzlU7UFLJC=5)dB#b!JrZGJ!}*%@%5`$B%hv`BCX0Iqv_BT
zS*$EFNG?o~m1-!N)t8_Z0DF*4bn$Ai<LpxEsBh&m({uztFbNL)DZh^Y&Jd{C&CSYY
zhJ{t;Np+FfE>aC9$<rvszBKMzt-}Mri6{(1U+D4(sF=^9GLqSL+)s9tcJePP{JpO9
z3Ad?^zjmsu>y53&$CPYH<oXt*dmCEh!sA=PB53fLl3oXsY?=;O62s6vw0l$t6U^XE
z#}(<0a`IL~-rHESEu){?YjlqT`eSVNfr><QX9{OkAC))ODJ7F4P7-A1jPA1WC?2vN
z6}B@6d5MN-O3Jsd38^gbVs3Ix)DX`XAOZ)-(MboIcs@WOreheL<zrB>6`hlaENiP>
zp7qmS@93!85sO{6!flv$$=Y|1ZNtT&(cA0o{Ng^8asVSV-QG)(wq&P;X6Tz*dpkNo
z{>=9@+B@3D1a*EuP>oiNq&Wzod%a$ik6^zJf`R#!<ORs(H8l~zptcG@>VOQ=Q1YY6
z?K)2_@ZM8s0X0bhh3&mI3xRqi6e5ZQJ#_oSC<pNhXHIyT=j0aiOOOnb47m3GB+A7q
zkgV{hDJl$TOKv0j{HAbc*c)u{h10M%+z38x%$x{ZtKWi)3~%s<C{MdkryId^86aW?
zW+=TBJpT64qqXn9fB3My`smTO4<9bCZeWB)c#q|VzU9arX3t4Fg<1khy;rS`Lk=B9
zF+CwO1_|UX2{$phYzTu0XLnE+x5x@t`)8ZBQ1Y#<-JO^F7~!UOEViJ?%StY~zfS=t
z3^NlA;Y>%quFf2h#eZE-m(P`f3JEugGj6=d#4pSBn$dvr=@?xZa>g#MmMcxdbs&-x
zX~2d`Nl6;RYfPVqL{xle$bb*&vg{AEzp`Lj7fghYch#mkJghgVbBy77w*Z23T;yDB
z8bo1dU5<Y|JotHqzaIWo@i}Olg=#eNs*JDtF=H!bduHlec@hERdCJEYk}+)Y!)Uyc
z#|8YM*mJ!7x0jYga{={G;#nC0&#oPgda7biYFZcBllTm6W|S`4fL{)tT`T>0llso7
zsdG8IxMe*QPIbtJHb{E$kc)Ec8Qs1$xp=83bX6DSA9-!WJ8INa9;H;t8#d{AE|a_*
zSfSVJkB8G7|3jy7YTW9ezu2@=jooHHoTGEO;d`XO`r+#)urqK-0v1HUr=X8l$qmd%
zf+lvqQDSJQX;OGoLT=|t&}w^>F6qHYK!l&8xZxP>0+_>V6AYp3<f85wRbYpZFRy|(
zX>!%XGrT;v4RWiBPfwG60^2y8H36zJ59Op8wCm>rM=Whf@lZxhGgLWF_|t>G_srdZ
zx|&g2z^rxf0l40o%XP=jetus|7WJe>e~p=6XQ+$%(U>CBC`I`=D#(RLwB$gL22&Cb
z<wc9k6Ff5DDbHyw72sOMc$NLM>hBz0UD|wiF&d}QNK4krcu6Zo5013krHUybo{-v|
zIit61u^}^by!U#4YmaqKU4M?0KpnA#I)l?T(A=RqTF5>ksl&vgAq$V9!Df@>i<Y9-
z+$0{z@q|j>I4nh~Kr0#4U1Jmq0RkKsxyt#ZkIojF0xriyg^8C0oXL%?mog4a3a&Kz
zi09$B><5?SFu(OqI+d|>I5^B~pO(@x%vsliW}+J>%^1xHfQ*6c-XCA1sqp*?yd)>&
zU+6O*ZeW2JsF;ic<h~7MWF4awajP8$oJ&47h2hmEy`lrM>_6)EZ&$ih+e_#sK~>La
z7nAvNl{K-2<YP3G!Hb^Dl+-}+rHbK!h>`-&%twzM<Rc@+#00N}m7f5`0)bhIqfyPx
zpSUoIw3v*>>}^LS94Gl1@qk`;_x(uj6o?#Y*~qpe=g0Wa<xj`F4!ce4uVYIuZ|J!!
zT3B_)kb~20y3o6OA9}T&upNc#+LS;2W-vmFcZ|b9c2LBQsJQ9qbx4)x!(g8HK4C-S
z0mdM0yx7_8E{3Z!d+arc2Ke|~VzFzkUPs>8?JX)ckBN{N^R^WA6o#0tQJIDHE=p~S
z8@zr43<Wwe%F!o3%Oy$!I%H0=@dTr;V%?fn^j#{(njmAWMx2mqo_NkJp!0e&*o*oL
zIl~za$U+cViG@5E3~~O#<zS~2*otnkJ|>)wUN{fzI}utdkO0a9VsFLPH4KyV5He*P
zl?)F3;gAL1QxPW$Aiu}V3UV#lUAF!m1OPY(`5tl7U)hU3#<V>fV`2M=dmNAsh9aBE
z_69EFBOcJq4u;$t#gh}N#Avb|uw{npJrx9vpOqM5nVgSQ+tjN8H78F0Qx3a89j8~%
z)jsE;qg&dd%(0SD*hdw_el^Fk#_Aky8Y@n`^`#qDV*JM@CW3u*aUd18wA1sxOPuxI
z);1pSzql{|y8FDAJaM<Zs4QwBYXiWs!=ztjx6=5c`^)j+*3s*&?JilcU$SAOOfBXO
zY3T^_m_dXuABQSdH{HjP(GR{m!$tjoGUg(iNl0i09obuDr?mH>D4{~uC<tK}YYs*}
zz-eK=*lypJV&TWINX8~;R7vty!u6nRZB!CP&17J5CdY^qr-Cw4Eb=^ga})K|HCVtY
zOKKwrC<R+-_5ne3AdQUmPUqrM#*z3~ZWH*#bulZqGJrjVe>ug~V1+VdQDo{Bm)X{X
zU{Y_$?rvC9P^k1RO6p84yY2AC!sL~88>l=a$^UXg*=tE@;uQ5_!@M}$+wJP>F!8OV
z0M-d!Gh1oU&9xKxBLUtk%Vxe0TUd6%_Vj(3f<Stqeg^zaKF$VmHN}@Na<#?nlO>;Y
zp*B)nrGkh4fj%2*%C9+sOvyc6s0vE6_+RMWZR*)U@6@3mdXI-VH>caJ3^wAxm<8gV
z6I<bH+|>rGOQ%3CWX0fk{4Z;NAl7%_!8#VxZ=`fI$F?1^wpGR}1ded7cmj;|&t`~1
zbMQ3c**3%aS4Z9b-}9Lj{~3LQzC!rt8{$91_isz_pC7kZ|BV0qM||A)&$Qwc{(0>&
zIzm2LX?IpS-v;e(*V~=-)zxzJXR(B|V^SsTN^qCR&(yLV_*p$LQvE#DW3T++Rea5{
zn1^wTm9R|DJzWpVHbAYP@1jpX2|8Hcbq(3wc}7nE^E$=lJmx~t5x6A#359|?iE=+j
zB_>00r1-688X|dm)kCYw&FX{OG5t%jdQeGr1Dt~+4JXU%;bc|mG;KIX$A=maAGr0v
zDsx%;0Qa_zf7B4sVxb-$zP$n3b2Itm?NSenUf%#sybc+jxGL5|lmgXhs{@kTP((58
zg&i&00?LV@Y=@@uq6GKc-P2=78ApZ}-<d1TZ>?Ik20B4OJ^jBJE%(0;jkzKI|06g6
zeEQ#Bd-Ny$|06y&{l^st;@??*yryFR!~Y)z?MLg6zFU9veKqyJNG1gu$%)){Ytla>
zfCfCGlgNEW>^+9~*I0fr>h(Qxe%P%#Gpr}H@$sSkEb|_q>fd{G=0C_NdyW5aOo{ot
zrz8NCp7D5`hjb+P&qm&ZixHoLNLKj5gQD$l)SKw6B~~{5bKrz?GOA|}vSF5ubLY-$
zZ|j%iEs!=2UeC4344AWG9g{&fWjp(+S7dUH({NwH@SFNa8dCl*%MJ)CVG=M@i5EqZ
zi&-303Pa%J(bpC;klRHhvIrJIBN%{nKo)g_M$QQ&@l7*$0H8u{E+Bt-ewjA0$#8=n
zO9LtX`UL-xC}h1rHTlLpyr!0HXFuu4CVo=3qvGSvAfQhDCY`<S56A|+x*_dJ4>^U`
z+p>k>JMOAIWx-~UnxUHaj$tFEl#{XZ#B_4h_0oDk=_Aa}$vIBl*=X}@e4^xSsK(=y
zrkH@Bg`sq-v+V7NNj^nR828mW_sAxJ63J}_yRD}xt(-~x=2XmvgK?irV*C{Nfd$Pk
zc*T!!ehKPR;SM<GBVJAhD{NXJKwFgY4kqCTPItz2r7P?>C)b)1(-4DJn3Q&nU6~!4
z;^&ln9$zZ8xlS0_q$?XL`bp49ck+SXNh<bwlEI!^9K)dcNe@X0cB`L+t*67~F@vHE
zax(72c-R>Co547=-o=*`d}b51ksR%(i4~;C$|89uP=Fem2hu*psJ@dc9d&ux<X3os
z9Gq~nNFW2DPB5=L+wHn4?2VdK>L|=5-paw(Cz}DUC;U|Xyzg|B$3%s2Sh7QA%rs74
zQvnOB5f$ql@8KnK<rbZwVT?<nPW32DAGhGR?N=Rlcr{IAV6h9|3=n0>r3D87PpP|r
zTCf3mC&FSE8O*||L`T9{#!lkBs^Uw~g>hSIwDZE)oYz(8K!uJ}=wMD7rvgtk`J1c0
zu7$Gc&?RhXGg#ZWXDx|=9JGQpv>?FOINh6+h%TErqlUS#z_nUt5_0Y(tp~pinbuaU
zW;M+*>sMZ<$`$q3u2gT0SMz_}Dpgc~sfX@zg*7x}ylGh<ddvE-epw&ljU6ura|C$u
z!M<hQVdh#C=CJ=5U#m?A=TE3Je<ESQwvihlDg&6ax<QYFCl;^4kCv7cz4RIyZD_)S
z2Q4R8FG6($ye}5Sun%8o;vWRZY$tRMtxCq}LX&v62}Wud?T<M4#(6V<A%&DubC8ku
zmNLJ`AYi%ybM`0025x*LfLKXL14SPU;HA|mGUP2r&>Y%M7b9Gb^VU;f(V~JaBaZia
zoC@1q;KN8)$aW3D9q&2NY=nV98Um!wI6Ugr?@#g<BLyQzLRX7u7)9<xk+#Pc_*|Sy
zYPJnVO1+24IwnjRom@i)u=&F7yG7w&QZjaZ2MxvMDIxBB=q{|<YtTSwPH9c$^$3d*
z0ih+jR~{z!8VNICjv4DD9>-C^CRFc>5oUc2<oKpOPNu2u;yj@!$R}zm%$GJv{{Mqb
zqB;BF0A8sb0wX7+t=}Yh?IvMJUu~c4cYnV7R-xW=M+l*;-2&s=?wv%FNrH+J9;931
zkKa#bj9+<6QANF#+=2eH_EYZdCt(06w=&vvoh0c^JU|s|R?F5|oZ#`^5vQW&dGNPS
z^%7uXT!}}HYkQhZpeFfYrLwf{YRW>@!t9h`<}oI?oek6xC>^Ru<HM!I?jmz>&zAA5
zd3Fa4-Rhwwa(TvuD2$4>^}T+Ut<Md!+;;Xe!I!D1DBRJ?0Ia9>w=J<ts8ZZ!k-gPO
z9xJF4^jp^fI9w%1%Sug3;Ou{D9x)ur)(xHTdfc&l%$@7py>q0?m_(PDm1KATcmZ9*
zCG3Qu+d=7#reoGf?p0_n{QZ<o2Jz&p?x<TW@$8*6bE!4Lw++U(+7*-egS|qtx0zDY
z+%)UP!Fk5ix7wxsrz8ggSKfp7hdrRg(GV>&Z1KlhtRX74`e=|YGjqhcr^TU>Vbvq_
zi8B+=3G0Wf7eIy3P~=YvK@$w=*v_HZ{9<_+ryE|yiK#eoE8?4pTaj3ljSY2>V8_wg
z6-8j^eFm}x@}Kq*gm3SY(nTRIJlQbEATuYdXydR$v^K$X%>H!me_dTLN4V-*oN|*G
zxOga3l#V~V;b-zp72&`+$%=Cg-{DCJ3e3%f*Pc8h(V75rk~?gJ^juc}_T`6QHCSi;
znRB9BMG)rjCYTDbsh|@d0Vet+=7<>+6~$aZ3JoNv>x@tWg%gPP(3^z~%ng(2_+Y5c
zj7|&5TY!^f0fX{OOIinpk|VA=qEJh|PRzrJdT1%a9Q`TK)tve<llBb#2NS~?!|pO<
z0oWZ_YeXjgK5@0I#Bva|(@clPMVH}XHSMreUAg#*!gUxnmF{&CmcfW_+6N=sxB)~)
zbg=};`U${*tzUHjHdy|&DYhB_v4FeBp|S<GTa)>@aRz)^0}I2u?Elot#DB=jY~FQg
zx_W77H!}4>mJYVxf_HStwA}=JLh#*nH+(n4E_~Sc?}80_lM)_W+=L26i9skj)rY@m
zn$%S@BSg_A@l1Ync+GMU9Qx;hDWc`tC>O(t{hi%)=dQweN%tn}KAOaTS7-ttHJ+$O
zZ2->>4tBd+`x?TDu7;gG(G?YwZY)`Yc5wf`ntlUtcjx7g$LJl2DTy@Lu>*E&z<RY!
zMJ1&nhD@E>Q!^TGUPRh396c_$sqDzj28#W77Qff){zXfMCzCk($aA8lU0^UB3D=AY
zjbFO%kj|YUo!@Op=hZ_xuN=~6^jyrs_3EAVo!;u7olxB*vItO;09G}}s+ABmEF=7f
zOsGOMy2Vl5x`BZ-+9=qE{iyJFF)?TuCz8Joqg;6QK_*MW@^L{*CjgD+Ou-Trgg<TT
z_6gp1WJubFPbJF|uh#*487G*ZGtYs~P(d_1n#Uk6+@{iaQ_vxGkaYs^Lwb7O&M$$_
z+m;%Gpc%D+D$<dX`WK+V_QC%4*0I*0h>C(|&1g}q%Ibp8I$PwJ;Mc9E!s|)C3@yM@
zXbDW5VexxxZQ~6kXa#D`jT%hp7GU=BK$%Mk9P195b8M*jEiN+^OowA|ZIGHeLcey5
zXaNh7<#{4bvs_<T=>o-rijiqGISC0INJ~AVAS4^69}>o2B9e-Ywr+@I21FlVbyMJc
zxYUCOfxogTIl`qz!D)5V?`7)uQ&@To^SQV6OAj69j$wie;7iKND48qisfs~2Z)y1o
z=6-!Op9B;mar19vi$zAs2=u|r#xA<fLWw3et7+IU5SBtuMzRU~bMh1@MAB+0{j6+Y
zPUz`LE49;*_>(Y-N93bO{ah+w-#ev&2e^5Vo)rO2x3MEYD;0dqP0&!SyYN7k7es?p
z$u?&oxx7yo^stPJY@6<uWtc>Bq#lx14qAxDDhTjt(AIl})Q;1%NQNB6tgZIXFg_){
zvwu&#H9;L^^&N3k;&M+ak3z3dpY@4Ai3wTdISRKYP5RR>YdPS}qBd!0oG=<0bD9RU
z96TTpCXEkl6h%Y&<qCbN(6{pb$mX%FNKT9y$qDjAee+wH4=8R-4Ty$}hXK&et>@3z
zExQ_=vY{0?Dm_7vnD~beSg-ccn`d>kF{acFwfEla*44&vQ#aIpzVlOEZHz>9Q`-l%
z<HjIWH`IQ8@N->l3{rJN?Kk^-b+s{&ReDmYsW}&m{a$qoDQgvdq<M!YA|T=vww8_M
zuq5({31iMR0p)V)4xjA>$?Z|%mLZjs^wdR^b9nprEN)PO?s&lo)HlJsJc@fNZhO!V
zC1%9^24c4GZJ$hy!>vXV&NYx*S$f$$-a35Q!zUE)ffCYkI7n7>=(CT*w34fumH9=(
ze1<To575nV15VIqd)XjvKm)yl*V_lryVwLC`3K{z$=M;$K&$;{)V>C`T>`d!2VmPS
zuvd5N+N&md{_Y&TYS^6%eh5A;(M^)~e0|nHUfppdrM9<g+TN~c+a33-XIFO~_eVX9
zD}rTkW{{!96QI|)-vp??HPCbo&Oa!&!F!86;>0U0-1uZwMguNjaT=7}%QsRBe!JTE
zv_S(gTr|hLQT1v60K)+EwONet%>Pv%GUnic+Pu~qRj>Q>dfR*LDNiORWGZPt>4$E6
zwP(Y`KOAt6I~84m1j8{@%oO`%eJ4s|Lr@b*M>5fp$j}|U<T8+mxEKjXNJo{3lj1vy
z&C7?^?)EUtr<nY@PuvY3^|UJHtX{0MOr)cG5`$nfxn5_r3w~v1SZ#BoNNketP9w4A
zqqDTas<DrJ+k^g)r;f_Dp5o0cvTs<xLmha6MwI<w>*=`ll=_JYz|oD3?omPXvLi23
zmps*cd0YuVgs~|FuVR0UuD)RzZ3Yj5hHc0g{I2a9$pkVC4PyeVNvl<|vP9v{1?U(?
z8ZJXyo6?<4U-PG8yJ;c@Vg0}Eba$UCmU#fEL8gwhWgYdpw?#n`&`O26EBx{rsCTF@
zh$fgq_5OX>0w6A+w<3jt#<*#6pr}-t5(zxPjgkxyP2W!<qpXW?7vo{Iq1iOSB<_F_
z!(kh%uly9ThWw4Ht3KIOW?ftpzwtBf)sp^-(nJ}ER55MgFIYvEl#vLdzyq5;2|cFK
zBgYQ^c<>tdsGlqqkZ%+S`=5?pOE8i2xv{@Q3LtvnyedO90Quy&BSh2(dO%MMv9nJ{
zSLk%kGumLR5crskIdGw6q70|aX|NsIsCt{Oks{Re%snxlX=K8W*6ip(q{&dxcMvyC
zNiAUk7!aE$(H-Us#!PX#?Oq{u#12_AwNbl5NZTl4c>ea}UF+$^-P(S+d+=<lYD&&F
zswasN!s(8v3{iAH<Nm~{-3>>Jt@Txt6MOm9Y35i>Dv)%lMR&nM7@4OpozVoXds8@q
zyS8+6yE**qX_5_CH&wYeRb2ct22n!7H)9w?usFSt^HXrl!pV0&QnIETaIop_0oxXg
z%QWw{Nsew>PJ0@N4!*M2^e$7e-~GAN)Xe=z1|sI=cKz-U(ep>;L_#(crzaE&6d6YQ
zcfW4QxA_2hxebi<on~<Ng*_x;S}Mq%cc!3KHf+^f>{Q&PpSOodEn@nnS$s=3(iHW{
zU51S6k{M9*=}A-6DtCZNYLppJM^nCVgmQO)O6rvvPzT9HQ`9hb>FdGlc^zduuTbs|
zP)Qv#1L_z<K(pHB4p2!=bGw7NEU1OfNnJ0LZCIslPzjmC-4(&?hU!Hy#w-|9HKZGf
z(7~}!f5fg{-(Cr)$M;Cc8^O_`;{H&Im{QVT*L>Gv$Xqk`8@Z_NzTG!p<y%2eoa^b*
zYSrFwRxJ|-BgbWGC<lX7U4kOq&{^QX)#|w`V7Gg8e7Lj!@|F#26NeMNF}PEkTC@0@
zHdpmc8qG&xm-Ddlst(bO4i8{Z*>jdrk&G(#t*biqDVsebh<QrOE>}6H^WMP1$}!y@
zr}^IS>l~}j8N~NJr0r~-;BnPwHB`+>>6~vQKZ?fi<PMwQzxH0+BhebM0G;xr%lTbJ
zr|w_sDc~!2cB)iarP;9-jG||vfr@ZxqIX6S)zSLe3tl@YbXB#QGqsFP<Tk_IJ+5Ns
zyiPmzZ?s}AXZNoiK_x@#k3iXo{cr32aremGj@Vg!z5oY@7h#S%`R;wYdyjzCzY8B=
zb@-&zVPAfCbtN7@aN8k$`pm&$X0kg`zm)G{bC(FZ3OJmC6EO=`S|?=MPb}{e9TdgZ
zo}gb5maf<Il@D<8djx38^${mgb+YPEf4zMO=c|9N8WpoWd-yp+*KSc4Yio`oniQ_u
znsfEU9O2$|DlM;(>B_d>5wvv1Aegz6Trz09mmw~YW)f|2(7hxYP<ThRCf-?1p4{r)
zQ+GLx4$$KiD%7NP$m9>oFcMBR(Z|x*NR?YREuZRk;MUIW-4OMUKtM|~;_U>b%?4@f
z_^^9i!F5(4tzF~Rc#Hg6l(4#bJs3|54h4WY#_?8`)2Z9pyRtO)(PSIy?xd$#u-H!&
zX3&OaFKJbif%+(h!CI$RE}pO$kGM+#5%?~os>oQ%H2TRB8vIZ>uT`}J*#5r)!=b;Z
zxF$^ySp&W3saVE=r&71pRPbCCusRwnVKM{m5WQ+~KRp<9Ap=8aZ%!()gg>7M#%<ud
zps^F(?Era@38Z}P-Y~p#K*4GnuwLUzeZOhYTa^?mLkx4-FCnvsx6YM-*aoU=EOmdi
zJZ?Q5MOXgCg549dKiqpUufKq&io#MK5fvq*KL)nQ^1|;b6RDOWyEKaizrDf^p}qy#
zy&J9dTl?QgCxLRjIo$tpD%tYR@>x5~+g-KPQp}-%>Sej1dR}i@EprZAwwIR_4%{aQ
zlWB@~cENj$zP;di7Ta@~X4>4>Dr31PUB~&lUNlOp%%^(k1g9Ch@erMLdt6b*x?Njr
z=(sUz7J&|n1q3r|4wPz?uS1U)2Z!iqZsUigl*)^EY^kN9rB1j}RW2D^@lqNCF;xY_
zi31dN8BfywM56!ul-q*F(X8xd+deOCJa<+Fe(;0sH3A)KGMutX!T+q=6{$`W2jrc%
zGX-bD7!zE_!4FqEgMhjCbW9h;bg7T2HfTncmzV2nV^9!NABy6gb9`mjw=3UX;Q>hS
z`mp=DURj3mc8Lyb)D#%2HN(ZKEhOlKcvMdvjGhpS^L0C=AyWC3tRZrk0c9GAy<~;H
zyQy4DV3iF4&T7hqK(T}=p|TaXTxTb>bxX#CPB%Fgd?6gYQ?oo_cWn-*gj(y|tu>nY
zS&hvw*0grAe5Y<WI?S)5RywYrM$8oUPY7>-6<M=9Cg{8^#d;8isegh|cRZTqmuSn<
z)t2xMBu(X^uJnY01VYC;7^4Rhg_D^Qn}fiPbeIH78))M4U?a9JpsKm5Lxtvq)PiPO
zOhR6qA4j{c3{^_oN1U(wC!uAR&c_~F9{o@vNcQ}o$3_1nR37#hu})`i=j<}oZ_r)T
z6VlIBW*l{ocXy6T+T8TBw7JTm#!_!eBo+63QcfcF0g{r_UtaX^(p1M{nna$S<c3B6
z<h0Y5cKSAKGWfEim-wc(CRB`j`DulNaWBQuN`DgtpjJCv+<k%eSVz6rm_vE@&C!pD
ze!foz)_97cTTnWPCX?to6uKS{a%S+!i^4-Lx+|H)x{^d=As;4<;4L=20_quIN}|4l
zVQdlyll>GWu#|i)tOnFk#F1@a>!%wf+~!y@D(Vg1q?ld+JU=+hZ34*L;qGDg;Hc|y
zV-{z9CtC!B_2#go`Ng1w28cGBO#4F@(Sf&b1|KX9sWDF+YvYP5*SZ4g;3?jE3SV;T
zabE%ny+DhC-9ER81ENOC7A7e^0x=VTZMcj3VG|bi!xN|of0mY-L=W6m77H!SL67^2
zTUItqE>|e6iQUMDcQtk-2<M%>@TF_kS{~l?01e|jak-*-nyOPcK<J^8sbHfyopIn)
z-E;x|Y711+g7$5^{BmoJpSBL6KR1Y%o+cOySZGzHY4Q-!rfym})6&WrgfEDRm-^8p
z8s$~WXHNrHc|l$gS<kyTwX8Wm<H%*9*P%L=nC(*1Pafj4R_R0VBsd||FC#s^OG6JO
zz3T*M<AYIx!91n-qz08Laon*ljAqoniR|eB694M(*Z;r&%#8p3HIje)+l~1@I-S+E
zQvCPMpZP!jkdGJt{hZ>zKjPdUtKY43Izjup^+ylaAAZf~?>ckA#mG+jLBH<J49s2`
zbiI&(=n9bKYm9j@#HuF?)j1&6G~{yL7~0XlDOO+@hBhn}>6<cFl|XS|3WW5lLn@t5
zqd`?XhfaiOJUOj4Eh~tu-OM_aS6MY}N7ukt94g(!_MjnvY?gJ%A&LTzzj(919ejDH
zo{cJKUl3EohWGiA=PP@4b2xXq+7|}Hy;0F<e@sl!>K=Snq|vY1gWLIDRoA_JWQq+d
z3CW+If7z%0{QpOieWe62H=O@#?X^|^{O^3*`Sbk$BR=-|Pb<#ZzuLk9JYHE{gRkrD
zN9&ym4j>B7;xwL6s4+A*;C#@0wQ(BtKPMSXIm-)l>+We@NXzc$VHw4KE|sdxEI19s
zPsnNVH;~6cz-#<%=O9@8heVR+5FPjjB^#UE!8!kr*3(^lY=>UN5E`oJG#zFrVv_WP
zFSrgmB(wJk{J@;8&ESE)WXF0|EfQ?0ri6|F4uo>aZ`$z}y9a;6!T^q9DB^n&kKqwY
zo~l<;9=l4u9g7Vt0FtH~LhNtQh3sQ=jww!^`M~aQE0+3GF6?;z8vh{11$v}ZFm4|`
zffIo#(*UyueCt1uz&V(MWP{9HNN1c_76aIOPD)?`A(Y05g}m5Gf9uhWmv?^gNJ%x=
zJETPlc&(az^ey6I@u+d>QJEog%*9Z|r!Vr9^6_p`T3%~;R;_h0F<xQ(tuOmf+Xw`w
zN5z)Gp-!x2R3kZQD%=)zg18N8<$}Dm0+73SQM=BmGTh)_I<C|x$tj^XuBN`@!&qRA
z6g^sTa`28f4c6&9Lm4IMa&QtCmvIcR=+cE|QB{}7IJA?-m>-?HOJ!P{s`oV6OZw*t
z86VMZ4Nrn4_1M&~uxOQ5=gSwztP*rxqPsfbhJ0MyldwdK9DK-KEWUzxO52*l6A}He
z_9F&mB3;<d{<AkPUUUyb(y}>^c-Vp>2!NYZfq+yBB5O8Gdx+zRw*TsL?a$BcKC}71
zucH9EiT_*eRPcX)=KuRcK0g1)*<U+~|9iC3{x)cTzy9!hU;+O>_P)KZZ6sOrZ~Ig9
z>Rcuk$R3+Vau%ZG5HJ&V3FKljk0tzAS(ZT)S@KvmnAwy4Hur1Z->pY?tMxEWCK+bW
zT{IJHx4NsVUscuB)m3Hr?-i|hV8|@^eRkYe6z#6_l3r!Z*Rl+k$%nvcYK>;cuGMPf
zy<>n(MGB%=8){0hGPdg#e+v`j=SHYcEfDy24Nn^y@SSf{HD)nhSPLka9x!{l@|qR=
z^(vV9$nQ|W^Q#TKrP;J!w1HXW1Sy*(DK<CK!jN6UOi^|u)<sWzip(3|6?F%CtBM+p
z(y~mRcB49sJ{7f=vW6qfWELbrkSoBGuqbD(0Lac~HP}W)cH&B9*y!QAkUK8oKw;cW
z$XSbGiF2ty1q)-oh<Y{1^yX5!^|%TADcjNH8&~cghTzaZ+2jSOq64{^d31)8pn!~B
zy9dv9UWxZ55<->6=5yuUPgXP;a<N%&rTDojr1-fiO!0H4M&cr5BBQW4lMqV^zp8!7
zPQ4&Ki?@^T2AlX6?`u>`V0D8^{KH&#OkEg*bc%bCSxmUGvsYuIH{PMF{%k_A1;$Al
zN|SZvQBr#q%JnTSZSDlx7jT8%U_hn4h*GnnYOrL!BM!rjT01;4WQb&e^l_(33tZUK
zJ}Tq>U7yAB-(WTxe;ozj68Z0Gd$V-@w+Y!F<-Z4bO!<#ToCLtmmJ9&B{%z+e1%Teb
zBf#i-m<fMm^oN%tlF>NCixEhK{Oei#;S=S+T)=1Gk$JTrV)OZWzsdu`DlOkErsiVt
zf*b~PUsKps(&XUJA0{EXU%RCbNHa)vov13RF30*i`Y}VvY#%BiNQP{NX>Wp2qwmBH
zNfG;Y4bxtcey{H|VtchgvID%ymHOVBH0GFH)D)0!=1zy8B*Vs>3go=uW^kED71=CH
zF&fKN0RW%_P*t$6{IR(%NFh4Fvs7NfTh>Ho*&3_xojb^;_fB87k5yiIJ*EOcb|6KR
z_kfk694_uEkRv`jcS%)a<5dT<Yj&!@9mXWpi+KgKrG<}Wq>AjG!fyieJ<FDbVW3mB
zWuu{*5EJaG`BPaVhY-rg7=mTHV7OtJl_FV&2uf{El7nyH=#s8dHCf|;Dj|-wUCf_F
z7Fz4De56+5bmD~(>i?eT;6G)!#x&NrIcBvV^Q&tQ{e}){p%`61Y`(zg?9Py_Q|Y^0
zIfn1V>NRwrLhEsFk~!t7$RgCL-W?Zucc)@*V+k*wrX^VAals2SPV7pIKkSs|g7h(t
z?!}*@qjA`1)=RNERz>1|128_EhZm|hX@x0s2HDGbHz*0+G$7SsK1xTumU$2<N7$&>
zG<fO2MZ&KvB?EhKA-U4x<;A2w6fP#`xe?r@TvXk%tJe%e&9*JYXWxr4<kGb_hD{Yt
z!mQ*+n$>y;#-B6<`6)9*yV>x9=3O$I_zM^8K5YN4K6zH`AX<`41M5+7swAQqNjr>(
zi6W1B38)v6c);Wbcyb2Z2M>0~-X#5u8E6a*R?Fp~A6oDkdn0pcBe;AXx>P^*@67`{
z7M0`Uy|~ZDGE%}Pk6nhhDvJZSVAy^uZBV3LR@Tt-!*$6Qr`Z}J&D@}D3g!9*hLtJc
zp#08Dr<Lz%l@8fxyDC-M)Rtd`=_QPUH@PamGOq_4Zxuz>zZDTQ5_$d)7xnXNJ|C@?
z2d>Y7Fzj8v?(Xh)Pcb6I1q*KPF0Z-RwW@{r$hA|*uWDt97=^>U_XfUps)bz=bWx0z
zJL-3rRHR{wj%o&EGs2W49Ycn6G7-|47Pz0^N32^%?h$>mbmiXC4=m_P33R_jg<U0u
z;%^el+OpNM^S;rYoslPpG=Tg@9_Xmz*du@R7Ul8z9iPSf|C#4Mi2Y9ow)|VA^PkOU
zkNf|Jc+CAjjW})pw>IVWA2k4?^K5(L*><Os-~Q8XpQ$16P*et_q#s4Gn&Q3;;Z3?D
zyeLgX6iRyydTW2Keju1k;sn(LIh8?JPKv^QF|BM+1nvAZ#e$LG&E^E#y5ByT?u0Hg
zI;zxBBxCBDlIDWZU!=OwAq!4VzB}H1)2$)uzC}W<6nTMbC0D@3MJ(N9$TGE)cV}<k
zoz-fptgu?iY-*WB;WwJs;7CgCcotU@Mifv3{=y=3euU|IpOG68#@rp5n|S5I+{DDj
zCUi;xv_L)(D7;Qa6w<>iNK(KFA$)$}{zGu{#K)aQ4O0D)i<XU0R%JGqp%DPjCo}g?
zERS7|uU*x*CXC{E<m8+ou=A*4!Wso>>RkmS77WKQ9j3zu%yd{1j<u3*i<R_!Y&oh%
zM`Z_I9?ZjOqx<9G+2z6R;nBO(Zdt72jZdz=+iP#Surj$(T1iDk)mYNu9&+#imhPm}
z(zQPkof)FOu=S{=Sd|H``=t2<_or1@;?ax`NPz^3LE1=sv-oO!Pgo1Pi!>LX*~f+4
zbzxB(u!uP4s?!T`juQrprWY-M1i5x^yf7j=Z<z_hA#d|LA)4wK4XX5^GJ(`C)^8*E
z7T26kOn5@6DJluDYWGpY!q?;zprKYnn2Pt%zW0``p^R0<u*V80;+B4u%2x~4qRw}t
z@?9sl;wG4+eEL<+*wg@%F-H|dJ&^1V?C`o?NDeQ>d!~`1YKOf>YS$Vv{wwTIZgA&@
zs;su1BVdCBukDjs5We`1oN!d)BHL$6jjn75iPJa_DO>yEPp*vHC02Dx+s@X%Ow4wg
z9o%VRedbP?CbmTNPc*S}#tgDYcEpDu7-wdVT1BD#ML^rFX4A446sI5ssyOL&*4FsO
zB^H(~v>{P`-O1JRu~gH-iZG5f&Di@fjWhsa9-Mb=O>&lU{zT_5@Fm$ANwujXp=B4k
zY4U~EZ?38Y7%C<?YK>qWFgN+OIslrX&l>42!)&*zi|sV4I%lkr&6bjEqGE>aauZWs
zYQZX#ATkcwDFeC5fS5~A^{+9ySguy%ys({((Hohhmz<k>M@~(tXu*0y7rWWViQkap
zMFBiz(`-4hb1fw(&1QI^_^O7crXClP6cq@Qkc1aU=d^p&-R*T97T4bXbc*qJwJEe(
zo`e+!P|m1C@7>;Bx7U-%%l&O=(hT&AhCB4ekrUdYVTA617i;L5gRZ1!<RiDM2N}2z
zKnfdw((7xk1&C2FZ&`a*ABP^zbmpwuV^>*9Yv8Ku^Rf`DYJ=%`ngwo@0cMBx4!K&o
zgdZ|vrc{blP)AfD&_yxJZCD}`|7=T@Fm*UQ!^Xb5z8bTOAE`%o$#Mn&YO9&C@0f~o
zRlU@;yWA|)hL(%Q4mZ~<G<IWIHO-$&MI*0#sbO`Ef#e9I@+DS(j_v|3+`ZH8?pgP8
z_tm_Sc}j5FPIzzTy@vF-1vxuTN87*Nmz^E3QGqrUkfT2=9D3oHvtFlCdBjShap8=J
zQ)e{8-W|W|b@zF^WgU$nL2Qiql%(S{4i1mHtM<(P6U;<fw)g^>l@!A0=(9&*rzGnm
zF2&llRpyI3WKCkAJ;wYwtO+3#8W15gtIj3aSYnz0o0y>b3ay=}OI59STvV=Irruy`
zPOY|MuxfN{gV1v~`4JY-Y?iI9X_9cLT)wkH+f=Kl3@);0QzliyoGZCOrk<6AQc)#9
z<mfU=yaAQ~JXArOgak&1yFy<-#gNBLsfMniEV2Qzd6L}PtaKz|*%&%9^+iWzQ<Rv|
zr_mStZk`t+=D?>R302EzP$pkH)@|R?#C2cgmb(QDb6QomQnVfv8|(0-cJ>|3t#p~(
z4H&Fr$h(DoJFA6?XIKo`7mAsKQmi~>XT$uELJYv%yhpq%9P;OuK&s}HE5$^DfrYU)
zVlr;HL(tY-HSsX{c_vd>abiv}aTVUkZaYHyM+STiHC#ukkL4uAT~-h$v#V>o%#cj(
zXm*kz1A$0ev{2+Kp<g$yTpe=iUHW6`X^NJq^G&*Z-cd33Ib%>0laD@Xg#W*K?$Q6o
zU&{h)iT)Sf7483@w%d>P{}1xy^uMuT0rs@L+yV?)+gGyytI*TNzs&}WHcbVc=~vX$
zF44(W+$3FUU`9sJcnwn8Zm){ImU5VHq1b@-WJl2D+MX;NB2+rZJUe~YJG*>!c)WXh
z*zM^aJ3MIkPHNZxgSHrj)LM;P$=U2*v(dwhIdz=$Dygc35p_gfRd}a3>B;4ImR=7f
zKk1?Im(-k*=kemfspUWxsWiNkjA#FnynS+E9O~}rY44}wv)vy_MwJH2*<=8;&<d*O
zC_5;-hG~4fi>a9%owlOm9CsiY_n`T}1TRquZDT5(U-#@Be6&L9IdjOG)s{E7E9B?x
zOcA95n)y!7aL#vhm8Bj_*Zh0pYAbr|vcE}VJM7HE1JRfOuXltsi-Y+Xu!4?<{<Cr_
zR}^q`%gxFSD?5}{jE=};f_W7rv^OXLBE!2f97J;d9C7S>1G+MPB|Vc?)nHiPAslHb
zRI1A~()%>jwRHx=VsWSlHh<kagQ_~5?B{T=OqP<W9;qD4cK5t$Qa68pgC{)v$p%oE
z6FJS2C1AaiM@u*=&3SOgTdQT>(aW}VC1Xn(f3(fWPd>G^(gPT~YJ5qPvOonuxWq*z
zfT;tBRsX4#qKxw5DpS1Nbd@+^X>GfZ$2zmLDcap}GnL87lC~<_s$z>jENCtp*%>YU
zK+UYOEiyf*DT};&ji{;(_{gD(Yf!Bn(|T`_*&d|SOazie)^*yHPnJ-2e2!7$QiHzC
zu`rjDOLlQdZPN!O*^X~L<}PLca&Z;`WR`tMQ96>I_;RqVTxMm=R~*@rLQ0NorjyF4
zq^d?%si5Sdzb{K}2KO?v!18$*=47L&-#BHJvEPFBq2*uJIGwp_kye`x+SRqPjoyMv
zj}jlKr&+Jeeoxnytq1SvXkIzhrE(K#r<6^a9p+n9$U|m_`5cv#N?8srq8gG|86BZZ
z+|v_=J>rtNX67t3`!^C*oNWuV(miR-pVLb###W`BRs}NsbRI|6`D7N6Qahp(#@Pgy
zW{u@(m^XVYy+^A@*ANI*s<e76ztUEZ<ySe4dH$_tu|4d8dVv=iiM-Nf0unRSWXfpl
zKG{#&nz{{G4Wv7loSkF}<_bC@4FId<yh`gydXs*VU1eTgDU?vnL9ZO6apSro2Mep%
zG=^%KwwR@DrnbG5labKj9azx-lXq5*v9Y2{vBj+w^@Q#k(UUUWD$xx0$$veeV?+7N
zCBuVWi+<uCIu_Aqa55Y6wBF%&$Gd0mPP^yr3!{wH4`Xj~CwRAHX&KRkiGwT6K6|ad
zxqqY2zAGK}7z6rE&k${M>-d|VQ+4L^(z3JO6(jFMAUhp<R9y^K!^;j)R>gHD%F}_6
z^squ!v{^G1Yse+qd=PWJ<}P>(FITVE*5rjAni}8Zyf`_ocyn-a`eyem|6-Mqw7;3}
z)bxpT=*2ObPN3Lp<TaSrPSpz*^{d|%<l1tEZ2M7o-)NZc+N~|JN02vR(p*Fp+z7!?
zk!jQKuWDVY|N9CqK$hJ9>})+<FX{g}kNUp{c`EdO>;h!7%`QMX9r#~#Hn-aw+ntTC
zuK$ycK%}bgx}^NOUVgh%Y1zJ&2qomx1CZDe!$~sA^qP6s0bh@I>`>hXA-%ui#Uz#i
z5h|rdR6+XcR}V6!qBN2vH|O}ih!3SMZW$LUU5LTN;VeSWqe`8JfmA?#m0ghxh2)KV
zX4Y(ScyRb1=N6DB!-7?qtfE$H&$l|C0S~>jC&OXrV+<g+uPMQ1W&@xJE_w9;hznpB
z3uod@t=3up7xl2Pkp9a7{u*^Gv;W^J`+wTp+IXb@5AhiEUye9m0NC>6@z2(`8$kXy
zwl~__?X5id=S8lqxIg#E$H!xl1xEd!WvpLy-t!qY_EqNe*fJ$Y*D{Kh<>;vcfLeoO
z$%+Gk?@tc*8)H0XFfV=EkW@GUpxUZ0Yfn?&qZuqGb>$W4X-XSzR!!qA;c0fu8eWWN
zQ!LPUVm-N6!$@(D+*E27l@ig<D-i+6wl>Ur|NgxN8#GZ+;yro)KA-7*WhO6|$*auM
z&*kY?<{9Sl3@h`*xjb=Yo=Gmxq%zMmmuFg;=O&luCZ9(sDe1&5OxbED?_SLIIkFpU
zVARl|%}=dHdqYgsz*pKEGs`Iz&orF*vHw^x-IM~Nl0}Ecq^ndwS6mdQ^NqqaafNXl
zMtMDK)va-vS>G8KFNFoWt-uo7!lL-;i(qJ#vjl;OoOXHe=FHL8$rlvYdS`PT<}Q=x
z3hJR;bah;{`lZ0$aaRVGqx;DKR62^0<1z>eV`2=3u>oBrC6FtRPj+~3KK3(b0Wz7^
zJ(*C#TU_}RHHpW|04G9M8Zr_YIH3!>Fz7}sBeswvgDO|X_}MiQ`)(nu8WWa6I5o;S
zcg-kLDml&4)7%Tx;UUq(&&JRh^Gw&vVY)JaB?-wgoF5y>#lZ_Q#OF-sD}xKngz2y_
zWz28+u6glZ+IVZz<K~}J%0BbnUM6F@xpAIc<c?VYp_B0&9Im3HgmCxO9-W<J@L&$8
z0A7e5lzk<O{>eQV?@q3cGh7AcKJ5J!gUh}Yjb^8Lc)Z{J5r3l-!G0dj-f}p80gg{_
zR0!(=Ap_*++f|6VT)|&$qg7Oe=K$#byx6V!ZGXO~rqrw|fePMU{^iYEJJ)ULJ&@Bf
z=#Rz-CHY|i=tn2J`+v<3&HL$&Kw6!rio=Ci8?nT;&BUIWn1jBOS`MqS4HZ95&X>y3
zim9ycU*O=NS?N91e|L29s$9R3T0$T-&m8;n3;RCsXS=VCx&`P*2iZ{Zq{5()%X%@J
zaXT{fQ@O%kRfW6z`*{T3y~_Q5^Df`~{lo8bzu%txko(>J-?^VhXZfGqeB=5Q8%8#h
z-q18E%^FV3O4*A#pl=r^u^!-Ty_Nv_ivjwJ0WRuiSX#M8tC*{WGzth@nnTk>$kn(8
zgm!)5>`|cy%ad?yIV2I&Dd@d3P(|+4L*l!xLCXmm;6idYF|9Sg=|Y0b^@++_rgi$%
zxI{g4*;rZ@8y7`-J(Bq6c%9>=Wo=ujmA%7PbBD52Fm|b}U&z`E!o7JY%%=)zb`Fv1
zLx_|jqGm@AY4y27>ROFHpElUWaRVkBsaeZcQt^Bx-Ch|uD}xuJv4ZwFT2xp`9q3f)
z3)7pz$l82auU7Cwf}{4*Lfd2LDdk54=8#jb6&#jS_$aB@dJRL8u}!Z{tGx=ZO+2}1
zR%MI=8bXJ866Z8Zrt+&KxcJLrgfe$0=272EYYnisa9qtiwnET6__Lj!@}^S2Lqv)1
zMY3vTn;?Ixp5ePrM!V&ivxG{9CC2x0-a4i%+86yxE%GR(uvBQJIN&x3jw@rllIp}}
z=Pukx76r0U%40<e7Usn_W0{qja)iD1DecI-6DhdV;a{gIFfjZ%;CT)eXREYqV?a~2
zY*Vn-DWsDf0rydL>)%P4;1k+!csNqHtEBt8K%TN|%L94N&c}(L)kOf=>=(oOz}8L7
z+P2VVl2#E{v=Yz!O=3z1<=M7rs2fD(3C+Ta7-ln4&MhNF_xDiRbW|Bu<gwSTy;!OJ
zKksTprT!NP`}EtdR|jf&pKWa|I{(9`p#R<6K>x2>Uk`=F&%e3;ck%cK{&muVv@fq?
z$@y=)Q`Y}K+j{z_|9^<5*%Ua?c#C<2QFKrQ(-+^<dL2n1P(X)b61IT6$9T=n7K21`
znnsA%;*iSMfua46qksSI&*JqTg~Q-M*8f(gQ}X})?CInBe~<^(zZ&Q|d`~9fRfy3B
z`gdX<{d>PkBD_HmOvLkj{r$ht-~(@O-vllA`T~O-;0=>$g6DP32qBG<K{yOK5&ePe
z9`_E#G?<JCe31IyI1p*@%PfffAgwAvqz42yi~w&ykiW8!3^@>4y-spH-<Nm8gdHN*
z>$^vX-*;W>|5&yC?(V*8{a;HZov5Uy1=LJAa~uSbch|7d9^m-oth+6GKlRSKZ<_nv
zx839Y?(vx;yur^fH_+{49H0*#Z*o^>Cj_C}aXL72feNCfS)F{@Fk+#bq%EH;A?>ve
zBi+c7o`<$7g#R*xc27@te_G#f+&b5|VP{}d;fjCUx{&5xf0UKqLFLy(e&Ly(-(6rH
zR{7xTIlR7AuQ|i{{K9RsZiH~<zseN_<8isyJv!<!C>#sCt1SBAWO|LG;Ry>S|2VM3
zZ8*ISW3rv_gD3({G4bxQRxp_DbnM;64JzV9!EowKld-MwZ#(p+b=~YJL>Y7S;x>DM
zjxM6%Ir`y%h9Io9IkuQGp5Lv?0&DZN&PAb#)GmyEH)DMFb}3BUc#;feen3eSSA-&1
zl5dq#JA#`ex(OPXEgO`(QOCJ+?#A#pbP+pjh{InT^`))?=iP<kg=nkhFoZckm^*WT
zFqaT+6@*&_;g<3<jCl@*f|AZKNFH?$pai1~f5e)ZQ205<_Y#EpaFzmqrTNFjD#!UM
z$FfQZ0Q->VB6@>p0P?Q8Zqtb93NLJd8!mpi!7n?M)|ODro&z}Y>$tOq3C)f%14M3|
zAg}yNdG9!{IZKq+tm}a1G*0`}p9Dd9RtzTIZ6lixP|~$5qyV1p&qlKd4Tz!iB%paV
zj6(lIFfmpy&k#ABYR&SXXJd>|;a{uOfd0@Ogr^4BD@5C<XOOnpxpwQ47CG9I>Ff>!
z(rw*j+Ige;ESY3&q$cL6kPp3AAWwdamN>lNKH;DAg4ay;hJVv5?6~X&{>tc(uh2rw
zXjP{$!$S^*jh%!X0jZB*;sX89PXI0yc-`GSJwwtZI_#ZA{)PW`#I3sl)N=!N^WPmE
z?srcqU)#vnF6Qh0`1a^zzbi8uz;yPu%DxHN4-R{;b>1vzTjo~ZIw}RrZppH*-kqIw
zPY;fM(%82hv&yys%D`5oDNtL2i8fAN@?J54aRxa)8`Y!3gRUAo9QjE=lk_&>$)08$
z2gDp8h=5PUM8Gv%dYOZmCZmAl2~LF}f;EM#(x9>_GIPMpL40EjAsmHhPDhOXu1PK~
zpt!_D@)90AXUo~NOYh`>IqO@%mCLVjfSgUIv#xMOhA@k#VZ?fW-8?AbcJxxQ-nZAE
zov;7JvTIO=q!&L5@InMr1x1`St5UTZOap$}<~t|rLHW&*Z<yK}6~8v>y~bYkXOlFU
z<Z9A{NEbbVt`|+CvxVhgEu>|ojM&I4jKZJ}SK!BsbsQlY4eAk1N}5e6C)E&_IAO8L
zq?|OdHrviRbo?JJ%0527;aR-@8;1R_v;A9Y|KHgt`G0=ee)RwRAP=l-80aJh*(J<;
z-4mnrJ^wl&#&Q!(&|6kO*3uZ%u3RMJHSn$hWUqGY9s`v@gSYtkI#HK;t)`+s*OgV9
zy0V6anjL$MzW}YSnbMhzGw(&s@oWN{%|MW*UZSY0rk{-=6qb^U3)>l8h02BJvo)FH
z&h<g8s*@)SG~>Ech}Q1hA!n>%4)+cX@c<i*@m(H6WGX0`O+%p7;WWbu*HR;OhSVeN
z46|%csM2nr##sNF8abN2v?>EYv2){0ontA+#pv_t9HelNkk&VeOrx-rKr1HPN2!Aw
z&IltJ@PZaU{s_gUNi2h{*mVYNS&kLMKPm;E*b?{%;CBklgW6$@BRtJ@0F+&aKd$U?
z{K*+8VIXt-(Ube}S^C^V|2^CpgkJQ;Twodf-)I;0f6v;T_9Oj&hzALVCZAD~&L#o5
zq88)iHkb@&5$`M}o{mF04Cle1IZo(S&=}=RAUJd<NCC=xoR7lzs*byxjQC#JIW2~l
zdpWfA9cKKl<WRj!^crT~vTj0VyK3Z!eOZNJJc=F<D*;vj_m_YKq)YE9jR-dOre0aZ
zXK{-(2~fO8HhNI#k9_;HH*u*B<Y2;eg_PuFiB1U>v=vfpcy&lz*XZaBVXaiCXZX6}
zr^bOTXd9KK%F9$VF@&5LLvcWDjgwnqfn}bE%vC9H8*|6{6F>*Pp`c<gL*BM94lv1L
z7dE|5alcg~2=U{Q(-%MYoc~}rkOw*c-PkJL|J{1_?D78BgFLWA`#|oSAkPPM4;`I(
z;ay8yyfTyl3XN(u&|OD5Evm~PdMtqc(~ZN3Bw+l#e&OP8$GQ&!EbXByfdC;Occ>J;
zgu;-p3tC&%GTdfDA)W7$k6HOjJJ@ARY<#j}?9J4E6h^C`#p^#!CesI5|Lf1zpO)_b
zZ$94te~<@-yW2#BBbWwg@{y@%J%KYI+u$2lr@dGNa}SG9Sc4Yb&A!HyQsDNU=+DAv
z+6)bG#X?XP2?W6$gh}#8NHXKwOi&bW18)++esv5qLv%XrOkns0%Y%>*IWyczqpTA>
zpYdK@iEtx#<V~+z6QDuKs4;6cBJ^pz27hr^>|ZCSHt+<$7vt~-w)?0n_hP6mYPDtn
zX?`AEIP>$-g^Pb2{8^(-b$aWKWf=;rG69KZoTMZZXUcO|7QhmmnKsjqVdO?STj)ll
zer5e}_}rZ-6*3eH;~NjepLn{B$gFi*t<i;eE~etS3kf4k2%GX$4SHeNn4|gO)K-0g
z5A?*ElKW&kLTpjUZOa;jNkp?TId_N@y5X8SBKzcS@vyleh=7sj%M$?A20$5Ffu)Ux
z%&^XEXdx2~u1<nXa=gpu<!KNF^iAfCDWB?KKwbB4%)KioiSx4?I-$}3KkFQ-KY!-7
za+gA9{;YcCXZPo<Q*?K_x{GTIdscR5MKi9G+s4Sj9fg*KM=1B=jkJpP5M07G6P?NS
zDjPCr1?3{_buQqiQp~46S-K%&o8mckYf3vEdG=%C5F-wd6t8s<+zx()Wk%~PnSuBp
zFfmE%+(1j2l~~kLHNG7jwQQs2-09ul{P~^SM{#*?h;A!>nT7rbq9g>SVhU6Pdr<{!
z5@5`bAcG<@$X|@0@UBQtHqTC5^{H|{pqhd~eeV9l`iqA;w}YS$f8Tf$_`5rv(Dys|
z`<Gcve<MtvUBTa8FowS;J_<<3$qoG74}9xmy`CGiPpAKj`TungMPJ7Nbh-U!iT`)t
z^&|g(fJYu1OO7TZ(*auyNar5`bDRM;uGcey@fzoaxJ@R}z+oP4Im!tO?Ba=@{L!s?
zd_MJAy#7zSyZdjtU!#s?^8flqrxgEnef@F$Kg4r(9iUh|0j5NI0A~Jlhy+4?ONbsC
zAHa41sKf|OhNfs>GE0NuEFupCtvZ0XBM76wi>H#sk=0$oPO(s_Oj`ulI?&z#3Qi`#
zb)!4h7({7Om&F1Ps0!L%1%bfeWmrs-r4&Sw<U^}oe;oik+=if6swP>ir?b%rJuv~I
zf#+YVBHL*4A^Ks8zF=T}*J}J7`S~cAUMB+%tCB=FxB-cin83k=2!5IIR){X94!Q6&
z7?Hvo+XG#p0;{o+Qo|3TG@NnhTj-AXIta;ZP^g;}c@675R`(=`-;|1AVmL`+%p_==
z&_};hu<!C_(_}=q$F8EJk7tSME!mivCpoqIw9lBCPYG+a`;Ub=Cv;vhGaoCaGH)VH
zky09HX_t~r2rWi6WdM_4jB--}ebzu>W-X1tD0~9H5<;6b*J^u7eCypkNyT>_&*dYw
zP|_-?ny3|&VEC4AxG@OW@#eS42!=D%Nj>ikXeUgWY0?)5Lg&H!X$bgct)ZV3L2)R$
z*g+`@??I}MQDC=R=ud(oH8cR^)3)$XhVOA?Xwq*-Tmf7R&;)BSBCl|?E(kY|4zz<2
zm4>Z*(8Q=hJZ$t^(C_TEIj)?+OVjX*rZz5)swp}jFizLOoc!O_A4Q0Vc^32kjB0*q
z9m~#t*V{$=pQjt0$NL`-@}U0zvsq$&5JXeY?F7xIxaXfHFonF>4-6dw18oe^|BEy9
zoMB(95`4Get@Z71*9|p9>{yU)IX--PF8X${L?1r;%5*Ut!h6?4I~Vxu<0q;6ynfp7
zntl5@p_DuN^qqdwV|53qDpdVLJnZ!u=FnRm`p@%6rUvRhp^g!9j8jwn-p8i-*tDD}
z`7i`lH%SsY1sw``T_Qwr;RdQdhaS0T$q=){hG(x18-Tx|?M%sll)BDF+}jHCU!B0s
zcPtclu(+u|l1C)$(o(4=(D}hM7^e<n2GY|?tMlxN*$Tz^!35w0Ll-~!o;cJ8(0|4A
zl*~?kQf2c+nj)neS%v?a^JXXCBfka{jE5)AJI?w=U9}N@JZ=~Nz-KZ2XQB6N)Uize
zv$<Ka|J>Ys-2XkugXH@+>}tp!!*9FI^|rIsZsL77vdhTSM0*0rc8#*Re%tZeYn?XV
z>#Efjk*bxAR(mMWU5~W?tQGXsH8bVlo*IU3<Imr2*{lBA#`-5zIIOHttH%H6LHZq^
z#p|C%@~=_Hvh}~UwOLyKkN1Bc=7IIE_gs044<3K<oa{B!z1w6sOoJ&%BzzQv{yFJ5
zN?u9C8@UvauJe@TtCZ|Oa^h9~{HeGg+yD8afCb6*pjaa_T&1&qBXz7s%O-bC`cwvl
zv&F#He*{=E75!DA+caAq+!RYqf-(AFb2e51`=(5cg1C{AL5Xo>mcdk5t@xH>wJd3|
zChDr6_+zc}^k0^YEMEV{HvS9iShoJ3ZkFOdY(Cq3T>lU8;ME0Ku+sEPMiFOi9joNh
z1v)u$9Dq8i+iO(EdMX?2EO41j1JeJJTG*R>Pzo$-)gnWZyK#sFBO^DyXpTiQ(#B!p
zzljJLlMqr!o5e4*9;;qA@8K2cP?-uDH{2vi``}zUk&}#_D_0Q^*ssvCK3{3RY^)4c
z?Ujp_bhUB*UGKtHel}apot1R0(OR|tm)xKxACwga{usNi)w8%#_yH~FT_k?Dq)CCM
zDOW%_(BCYgA$PoLOZoeb|KjyuQs({UI+oi1ZxsFiJllHuX#e>j4;%L{*U{E-b<s^M
z6*L}Zwl@{O%o211$w_GoFHx~?1-!4#$3~e`5mmIM)}D?)@2W5AjeemxeZ#YPVUa6s
z&xX|{!)IyJCn;bQrGQ`1_i|k*r<W?5uA3oi+ZcsGlw_5Q2E{5)qJa|!w}yibmtzlH
z1yhWT*w}EaUSwtO$#eCz<<BOtb0YVa=Axgr(rch-m+8cpZ6mkUZo6o^vn?H07paD|
z4WbBPW+B~0>pRQQ%|cA!MdQ{>&17f<B!d)X&>7X{E4(nLh$zS}S^KA4581PE`>wc8
zuFmn}B6}kfTxt47C<ClfF!hLNqfhB!5Z^Rx=O34sKxu=yd*xhWlrsJSnLiqKGuqa$
zUiaKiz3;B$XB)rZA0X`XwJoo)p<2v;R4IMxvyA@hvz{-gV=4XLD(Ziptv}lTKFp)(
zKOf?efiA5!-UK!yV;UF->1sb11vfzi+d=tL(~IjQ`OtuO@l>n*OSID5QxO~>Rxe(>
z$aYt1M@BDgma(SUMS~n&EmKW{x;jWfbJ-pAw#~Guh}Sw-M92e^!Io<l!_B3?WY5VQ
z#Yk;-h>YV`b*dn{$TYr$X0&dBdjfd!j%<jHmDL&)zaIcAMRK0!9g4SQ8KI_%Y=i^k
zHBmU4d9o&)3?x?r??f{Sp!!5qZIkH`hS+}qJf;KniLe>~1X+rBj>)DUXYP7qC|(fL
zA$*s>+#`tRn24x4)`d_EtI~j#$1%l2ESP=x$Fckgyj8RGk6vv5g3mqlU+u8IxQ?az
z|Bd4P->038NB!S}Jm`1tGwnd=mI6A<0+DlF_(?Py#i?lEJBP~HiXH4$?9HRX-aNW*
zZ+;0|a}elq`|`+nV!dpfU#{F<tl8E}+?V4X{0W2e{^{;AuwB>7Qwcm&-d0pUr_Jj#
z0V&XwKYC~$<hj@Xi!|^0(mIyj|9n=m|K3=C)c-xmlL>retpJOi^mN)%Pm6S^Vca3#
z0*CL*o9N2qLfNOmLh{DOEqvQ>e+Ua&xT538yXj0KJiHeaXa4UpNOxfn4S0`^kLL(1
z-gktz);I1fWmoLUMJHMs7-%-o2^qQGlunD84E)i(|HnUz*MDaI_@#9$TmS1@Mf>lk
z8=H^*pC0644a-8?)@;qocn_^sYq6~nzLbklg@@qVA}cB16oF3w#la$y6t`SKd}F=q
zbx$o4`O$4rU|c7GJRnd!Uf=%xo_qZNvjzHBsAK8+e_Hnc_Gtg}FpoU{TYR-3Bpv>p
zxW!Yx^09!_`{Xpmp}r=m*SKQ1%M`)Gk9JY(tJJzkC7idrXRjY=!B>3l@&BOiD131p
z%k;mS?ehK4$Me63dF1`i-*N+`@*H0@199w<%U?Z##D7aI0lSu$QaPy@$P2r?F+>u=
zI-Wkpxvj=$Z86wC|GI-)iP9z_v`d=>vQCcBLfS+{;fPW0#NV%;I8gg2A%pnQESiR6
zB#zKke;+?F9bXch#@G>8pN??Bi?H^!411ibhT8Nf-(HorR4NDA!;g|dBX-2t7XQ?)
zz>3`vXAZxL-Er(5qacRk$Ic{iOw3zq^*JII#EoNi3am#H$n*$0Wj4kEJkBY8j3&*c
zFJYKAA7IbN{VlyQ4-!5eEw<J4NzBY3W*{Ss&(O!cBULV;p}z`rqDG^EeKEId(h(UA
zB5JYHY#9G#EwdixSxo=UJ8fT9$5Q=oyJ-LU^y$+_`R_p<rT<-gU2&0!N0&y>;VZ>I
zpU4BBlC{|1tyU{+wX7$Wv(9wKFg4(>-?>^6EC`61VECPBA%Ie1DvNZStCGk#@owQY
z8dc3LXTz?~-SzsN%YJ|g=>Glg$-nXHU$Fl7PTu}>didSzv#(Rfvitwfo|WSNJ$<zQ
zewYXE*B^y`5T|I;sh@gX-q(-#-2iy>Knh71#3@y_U2hK0R30=K<={FXHU&{~i>?6x
z1iA%C*;-5j9Zmvtf-{`nqJ1ce7O*Ullh3dw6yf>_$eNz-4T4eV*C_`GA;HAQd+X8%
zI0YZ}`YDK((;&LT_yj)4t*v_f03Zy2iiDB0WcAoBZQ!t9f$4O-{q486x3|dKTFK<<
zTiJxx^>h>ofZ%@Jr(WMn#&?tO>Ut^~d$#EO`Ollp^>+IiIavS%9P#$uUh_0epzgOA
zBrBymIM7$95d$F<gzy;TQHT2uIv?XjUj^hV!He(27{pf8-1X5v10CQ&XN>RaG)w>{
z*V|s2CeV{8-wqOgmMQ+w`Zfjn4g+iTWC_crN(O-!)#Y7A^~&%dfQmrk4j94Jk7fhJ
zLA{Q`Q7CJ`;?xgmox^-Ngr~#Nzwk4lW{qe42v(dU1|fp(!w|#ZVImEbgYEbh@2Lh+
zR0jxQpr@q5&S5K&1p5Z+mt92Wjknhz*5+CgrXa{qVyKb>kiqUDO{m771D~8)klTSI
zf_aTi^OKl8BB$GR^nk(PXs9hb%)n(rpSzm|V4RJrd<FCbc0m0=c36Nxw(FRrnlr)b
zDR3>#`edRn_M51~j5&MV6}^*#vmbU(yW+4X-kzR(f4JY>7uIeMep`<C;qdJB$-6W0
z0|xRrKKn_W9EjcHpTu7ekM|wX{qgN-x7QOVr}e`(Z;uYUkal>ycl2)m@c29N3d$Xy
zoQb1DSnL4w>_lLN64YV0hrr%+PxoHK&)rvtM~7!WIrW3XvtxvLaB?bk#oOJ}v%|f2
zN4uvm(NEu=^tw>}K7c(wJU%#uTDot#$7d}8)k31^eh<Gy@AdA{5!O}TeFx~DB7#Em
zCh_{@Xuk`IueyNR?yI9N*9EQGJK8;b<B0v;H@n|;sniKTIjv(hMo;|kx{FCz-!A;W
zcXoJkjP2MvIX*jupAIzh^h_81;jq_r#O~=~4}0X`^yH0G$Nq#8Cj<n_9d{WD_O-|j
z31q?F?|NMg5Cb<I0W27w<J|cD9>k}C#y~J_bl+tvv`YT}^<4kZvyA_5mF|CRu5Ug1
ze}9mNhg$jj5itJsdJj0v;c@Q_SDy;P2y}@FcqoI0At`E6*4KwUSSvqKR?qar11u`O
zLgR2CaBLJFc_}iBDDaTc%bTV!<5$HGC>{Wr1SDRP>qtWu5lU|Gv{!lucnVP2=50X4
z)^InkeZT<6O2eyI3KYS73X6aY%!M}|0~=vq1}zOcN)u$R7?2Vj6Okx_u62r`M}R2+
zNgg!4i1ih!zE-7l(?SnKD34&s%qW;5wdd0^;*~dH8j@J_Bo((oAG!(^W78@T1;i4D
zL>ryJpG`4FqwMa5f(?b>(qfI!o?81s5OW)Wr;kvA0QNf!&^{7-6PX^y0Z3-VzXJC6
zrZEs?&qvpV7S;^FQ(f_@*u4R9%<G3yIK5jqz}R)@6pHi8$Zt7WP%MxI5jC8Q8GFEt
z%Ot&FCMdQf7E%%&B)2g-mc~g?IUFj3(ZoYzoh)pkK5FHzALFfSit@GRsJ4ws3Y*0`
zAS&cTx!^;bP>{VbRDp9y3f0#brxmbfC<?%&1^9qe1q<$79L}3j2)le;(qVUBI1(V~
zSf~Qv;GVRCW!SwbN|@7@DAEJ&F~ZBF1<(U0bkjq(J!|y<EijWY_okM4Jy<;bgzQZ2
zlvuMLjJ?T}&Y_TFVW8P5DfN07ddMf)SIWvPsJ=}=J{po5dd~xS69yPtOvGhMU@_|;
z5P$LFAe@lz)L6Wlc)x~`t!DHnndDZc3|&XzAZGw{k}h6h{9exk#cY|f{;MBWRq}s1
z*k7xTCH(){=0;Kfx4F6gxc`5U$6VK109X~TW?@8IIE)0ah?KD}Ke;DNCqA$c^y-%&
zJL=2TgLx?EE{0H+#I-KSk>CV2Q_2lE=@pW3lPtBx8z4t?5fnL=i3(beAT<-|T{;bb
z00JMHMW}Az7-b+=+_l63Ifu*Wnny<mxO~H*xI+&%iVm`d17lYMwH(rpkAgm{vSL1;
z!|sW%xWad&9ccjs+N-w&ZUHm8tZo|I0Wlqq$=feph25qz7Z33F;xrWfbU+*rKS{_4
z@dj=@n*&4klN3In*|+3pe2z|myb0`50mNZND^RJ)ErH$o<c=dWW9S2D4ah0DnIt%l
zs>wk?2(WN?07Kkw4uEUaB_kyb4owRmdL$Wzzn0}cVpvK-)QNQc14Fx_OGg@hVk{h!
z?1wN0&Y5a1mA0}LiCgJE(!UP;51GbD%Paqnz3%{zs%rjTiW07(fGF5rFAK^BH=Ar|
z5=bC~0HFnwASiXqO>$)$dv^&DQ50;54G|l55gTG}fQkzGqM{-q0)l{u6vbXp@H;be
z&Mmu}gr=YVU-CT4?%i`woik@<&dhHTz$2Z;I>C(vB)cWBBd>{MTylN@)|F04gph<Y
z2<AsPKI-_ADq&xn5A)P}0Czz#oJP=XteX19iaPOG&{M4shs)2hikrm){#B4j&l8}t
z+y^HQttgQ-p4_-3J`c#7`Y3rtb|SZ=T0BBlBcN%~EE#pc$iZVWpgDbu$>&3F*%GsA
za3H#c#$>Y4lIlyfY_!<W3sDpqMF<HH(5IZ1jinFAiD2w}i`B5fQZ#371TPYRBJjpg
zZv`LYbU|3U8i2XtscHqU0!xcm)y-B4Xck^4h{VpMp~NWE9S{r25~LBpC{&QsSR^?i
z0DY<rpSmjXc{o%~pI8I%!4sdzKS7a5gj{4*FMCJz!ZQy(VLi!Y|GB9uH-T2Vp<M&J
z6{BoJfojXBV6FgVjLU2&fPq});_pTk9-be<j0*(%3WLDAUe*e-29&--QATWBq7DXV
zVmx@ojVgl=Yl%bje+Wy!zy2_*022ahw9No5R%|h<0)Az+a5Pyh7B5G*G$rOEvh;^T
z?P4^B7>?CEyi}vw9}0n!NexlYh$oqjExfL_Y&IeJjwvf1lACZG=(OsqWSll+RFr~?
zT394J5S$Pug8IP^HDo^pW~Q6SeQ^Ci%VbOf&>FbTA{aHfEhu20L_;uaSUP$#n4Yb0
zBQT)rCd?5ygR{3x=P$j~kBZX%HWy@ver94}_`O^~I4R9iP~QVMJI4BYe6ctz4PWRm
zy@8htylP<oJ`Y5c3)ZSBSOQ6q$qXKg*IE_E0fr`o$DzXps{~stCP9Vfx{^(Slgk5o
z!;}kvNW(k~Wa;e!0W3%dTZ&O3Q-<fT<-q#^7!Irp?M|Jd;D{!XgjFHRpepXIMq56r
zp#ha*@!=4JKH}t~C7!9T9I8u$13%;=avKIbHX069u$g3J2r4q32mE~{ggTwSnz2)m
zGnncMp1Z^vK|>>JhK?kRD}p8+)<HwEAsK^PyAAadPb)rMtQLoWbrw{fPFkd8!gTEC
z1TsnxKS7?Tajztu%eDOJ{GlD2J&>2;8o?OA>;v;c$ubrWLk=1|M+mpkx^G!6X7Pft
zpa?2_R9c8NIOS|jk&g+=LD2?JAM|A5MivLeT(F4*1Y^!kL?vKCNhceKXcDbxsy7NY
zAD~3+A(MF`QHA~AsmlPO4ky^K%!d_!nVlw{i0Wd5fFR!NUy7cD4`KX&JQ#t0;npAi
zt-${Wl!-1MWX}yUF$JgyuSf7x1S-<tBU9itCP}hSn9Q9%pr1ItN`Zy!VGOH?heT5o
z@cTt-n9A|<kv;M<F^GTkd-(@7%s+tJ6aN_2@PlZC9<rvz&mO;cIi#{qOK1wvClAkE
zoLD@O@n<oO*56<%&=ZLY@lyx*(|IaVQfVyiSHrSvaA6sVgTSHTcXqVF2AH6^ydFG;
zRD}Ds7jPG=Axs&H#O&fQgT1F8XsTu~VOU}ku1sq$m?OmI!JDj?$UVv8;Q>2r1&O<`
zXig^o`jkja9Q!aR=mH;@OD>L*G9>!Vs$`E*c)*)G>;PIw`P}GYY`7|<3)L3h2?GEt
z7C(FpX$%^MDyb$o-ce_;YzJ&QAMTSwup0#zGRBQO*<ddT3|&8yyb6RjC+uUB;f5dh
z|8&dE;rUBx|KS$>!_`LZ_8)hb4jmKYe>-;Ud?f$N-|}a^yfN8-3i#Cx8fOF|XeU<|
zY$_;H=dlY`B7QLfqUYIc`&Ypof1EKOuI1{FH6;jl+&+?vxoOBG&rx8aR?`bi77S%p
zu>Y9~REJ`oiJ8`NtU^z;!c<Lw2}=UG$hcQvQkPL=EbDSRBh9g6?3oZ}EZ$c_6=2v9
zzqX0tPrCn_rpr%&Sp;l2e@Kxr8+v3VI!=!vPRQf1;Q<?x13(bV!D*KsMdDheBNk2v
zwqF4p5$a-mGm3Vm0PszAFoQLnwaOG8>@&Ow$u&WU4hJd00r=A4;hau&ut!j2OnakO
zx_hk;Wmb0NM8ollN@AAmbh3nu8KVN`t5(Fx<wn+gm8_6FLG{Qc@gK@E1vyIZ2jmJ*
z)C)IuKClR4>r}?8#9~}lM?(x`_Xznj!sV3ogIgY%Od_U&sgWrCvTDI!MkYx_1}G#F
z=!Fa8SP%yIQu0=~r4HAubH@xXJ4=EdUnRJ@b9(ULjT;vuEaeAzd~$KAJe&&R{h%l6
zH+)yfa7HRRXaeHEbZ~2chumJk+Q2p#>i+39Zo`gZ8)hBEHe{29S0x%anIIAudx#2$
z?%1C&2;)eGgFE8!jq^}X2{V8fk9jJ<XA})lsK}Uh0m`JF3Jx!yT#P?=q5{cO*eJi1
z)N7z7m_!i)7c`F=Aha5KjQL)S9Og{WLX8BRyg?4({-}IkRaL6KN}(?^hR&KYHoM_r
zYU-9#&_8OGRj3dskl_tq8K+d!nh8Wgy)rM`f8%tHlEW5i#0c5ta>=7c8HI$^7Xt0|
zhgIP2ZXP&R$J7#qbsIQIBA=7(R`eY^6>yY0(nTbe$j}XjaRlb#&uJ0L>4iz`g~=c?
zg4-O&f2KRZK!D!TQoS~k(RM{htlEeX>^t9$m=GN9%E9^^Rl`v=riww~jT^sO7vm^5
z#ha6{QYD9D#l<vL{TGjGqN_TGb(T#hgf8r7g@j>5bvaPV1*<s5v8Fq^rl-4-IkW7D
zsX-+ZVo;e%7>s~8?Udso*aZ+1GCr<?pBb=(_D-~0VJ$kF_f^J2<H+{PFO$91T<ruV
z49~jJQ4;qI93v7L3j-WI@y6j^UNFs=@UTSx2k!m=CjbC%I8n$)W1D?KSoOEJ>n?a6
zV>=n+B;0?Uy|N7!3o{;^!!<}$lkt>PqNEmR{1tYJK*W#MjV?48dEj#zDdC2au#XkN
z{)q|=nei3hIMW%-roj`7ctW%bm}0;v)CZ&<kLab~wz?wZ31n!VayH$7?88r%+D;;V
z)1L!As-~*SJsN6DQKbTG8PN<cIisjiFhdER&zYc!$Abq+6i^H?bcCIT3R+OO;9zB*
z&^$foHkz1q;$*sL=BzV$vMD))U5ha-(p70EIU-bz<~~NjhTbNWI$Q@1xu{X>HCh`G
z&ON5bHGxV*@{V!tGqn$6W8$1iq>2QU2M*02Q#81!3{7TC-_*e3Di_6om68RVkz7w8
zUa;2N(M|;^z{vRMlsSkD?gwDaN}xP>hEb3~M;*FzVB7@zN0voyMNSA+uV6=Vh|7(p
zTw2`tX{<(q-AlKjfb|hhb+#`V!||}Cl`*^Q1Y{$+-HUgYk)IG&GPtmUi>jYt;-pfz
z(h3_srl4hnZnYF~Va5cwDEKEZ5zhzaJg*u8iNMcc8q>uo%%xLSf`l6;FMv}MZ-}QL
zX3G#k{C?Gdzhnm)6+*C`cI^Z0((&NKa9<AHi^)G2Y50LPL4po$d`=~HbZ}v8UdMwH
zJ75Xy7|4a!v9g^_f?Y-llrTpfbk7hE!g=Tk=r@aW4)WQEhg7@~ih-ysTtqlRZI1YW
za|IM_ND>~py)l>{Bcf<{0{hX*&N#V*=`3m27ENO9a&YF^wgLl2d)Be`^Z<V~JB=9B
zhI0(hb7=MllNB$-h+7_vB*EJf=M}yX@qi#2B0<Zq02P6cHj%$Wi-D=waE-#n%jjKD
zJZMOM*%<IPVgHsDmJBX+kz5OGna2t8!y9HM;?aa>o5(k(V?3dIo;h2X3}~Syb*qLx
z0C(X1$S>(zQdmYENEYiYVxY0SDF%Etzii{Mrn=;8RDkdEJ8RRCJD5#Be9?7*46Y1t
zmnUH)#U)no3KegU#JjYrtcIG77CJw`_Dxyma_G2Xj}nd$YzC;I(xX)prd9=rK$SxE
z4Tmy#>b(i6*h)fiM$35ca|JIh&JpAK8dn2-`2-xVmDr7KQ;tM$Ruo}z=nPMI$;_bL
zoh@pS?5KhyjS-<l;sqb9Rw^GhxWk7n&b`!NZVJvmo6iJ4p5VIC1A!f6<Hsp>XCc}0
zlMDh;P<&z|jD_O?W6Na#<hD?>aJz@~zPD-3#D%CD5t=>XjRP;_o%O<M#b9$nw~!N~
zoLVz0bVK!wBkmU~#I?h#L6`@&ftaiip<77u{KV6rRXC=wq@=iHP+@6le&0gu%b5Iu
zg(YPsjTvPXjHeI+6_23>f7@^fqXl@fMa~XEXR_{T3bY>W?hI{akIwGM*AGd*0%jMO
z8W|2~JJ5Y$c$}6l2azg-o;n6uxK8P8+h7xh01Z^6`bik9P-ueb@(!+@STm+08k+*u
z8V+^M#ALBg9v`|80g=<h8E=xRVl-;!_?0RXMC_E-TeinYal?-k2n-*=Ze%xVQp1*N
z0&%Sp>rj+&_S)zni|Aqh3}cMZ6b_U76y}!=Eh)@lQxXnU2g7mA)HKD~2f`X!tQ}xK
zvBx9C#_c9eh4dV8xl3xGVK`&+L>h>=n-!)Gru-|qp$*&WUCcGs!oj^oX{0B(`vS>c
zY!`^PhC4eB@}DD5!rR8EKLh+WyWs^Pev~JRdiGN@L*b2v$aE>DrO~it%r54t&UN#z
zVW#>)F7})X$3-GQzFY?bhghdLW2V%CLp)Enh*NM|KzpC^*)ra%#?T@o#4vz9L{-t5
zARq~C({mxpoPN-En0{NqG#Kt7g@QjE2^sN7H-l}H?GrC-=+02_sV0%b=mPF;O>FO2
z7%XIUZ1QATTEw>t`v;7aF*wa)SmSGvQV4==74-mxn=A{))-uF6_{K=iZYVQCkVcV5
zuy%gPhvQ!1DuCeu$ZgPB1GJZNCZ5MI@(C0nd<$Lr`0>I$=#vC5lc>jJhzwo!Hi-Xh
zU41Yv%*dXF7j7Eq9%$kLwFOI&W&kcDdXi%3Hmb`Y&eQhED4^2Oc!XxC0sxay_^6p-
zWV<>M!`MGrnixhw@!*2OA!Rv?e;HDgo#wJE*}TRCl|aDDlx>9Zfpq~rB_pW7ysKK!
z8WzF5DP)td2Z?gQe-2$n;1*f0uaXI?dcuzoUaL9Hq8(OL6^@RRF(i@hxhp*r#055D
zi9&h4!w_|p0^1C6UzQ6eQaTdaX6S4HH{zy_aQ9DaN?1B5>cph*r{Fvm&NgX;GBGkr
z&SjGkaiWQCa`JxCjU>8CY-~wGkY)sEvK{dYhxFvy^yop{nLw>X$Bwp4y@npN#Z)2m
zNw;tbIn!7o)*d@@Nw5VmOXKzv%*$PaZ5tT3p#j4?4&jNGZg~kzjij^+Gl!K?=$^k;
zOL27y84FJge$ijcrs#+QiL29oZVEL_;sm9mFvcSkKr-wAb{#2JfRF-`YXzCD&@Ct6
zPk1p=#o?v}R)wkuuP{+5tQ+ct#;y<6s&nDlt!Jj-`fiOE4@|<wN)s+1$k078!hTAO
z*>!TUAJrLhXw_<&;%u7Yj{7;qy3tGbNug^h4Z~4!g7}F^ep<Lmxp|#iJV{>?=1V17
zj=Tw-_jJ(?-40+%DL{+c3z%$1JjSkX`4lEv%kI=264BO$-b2KGQoM+^5`%QHgsx{o
zAg`WHo-Z(n7I@GczU6S!a_p}jVRRk{4Wt+dRZ@HbxX9qPdZzx_NsO|ScLrGGYSPEy
zYE=h#P2^G$HBw9G-J<jREA-MzWPtZ3MnCbUxKhnoI(0(uGryT>$3(X9vq{NCY69Bi
zx+=0@!;ORAZ2xb#aUArY)&E0d8h{eZ$aZD1?}x1o4D#vJsYd)C_Lu1Y(W#5uCU-h)
zJ*egHf8770mi4Eb{KL>jUGd-U&WZTHow^+H|M`3V+HeNl1`f+oTz>SJM)Aht%OSOq
zB%^dOnXs@J955RDxo~({E>n_9iwg!6mW??t7s*H(R5YlNeR1O#{#$8rE|Hq6t%JRl
z&i)Z^rOWgND-u+Licx^-NtcEWE*cKM#zX2v{;RoT<Q0j*7u=*E#5>l*fkX3)1{dUJ
z6lKP>XeOFVGI?Pj|4vy_o4SgCf0WT$0ZNA8HfK2hvv$ZBp6k<pjdn7>RThrG35DK`
z)L&EJa2vTq36QG^d%056UBp=_)vxHmcCo0Uu%=Am31dq8<(CxZnmUdi4$$pP@D?!_
z9az-MT#!wYUaZZ2SLwEvt+7rvWujc~{IdL9Uqt_2IJ~d`z9-Bnikkd3Zyc&TF-%O!
zem48tu<^GkD9Ekw`J^_z3;X2aRRpJ`-i5t}_LVbwBfa#?FC9}lbnuvgg@f4}eFo<D
zEzOnNI%u)e<&2`X4qCHx_LSAc9z_&CYFTo|FtFKX6lcpB<)JWG7lN=%1A9|78QwS;
z1mp}rNTT>Ee%Uw%g3aO)D4NTpMG&h7<rfr}4rhHEGO+l3fIJyfmS57huq@Z^&T@6I
zcavc#2R0W2A!1PCvygfcq(c~SMD<DfP>baZa+=Y9fL3L5j|)lqs*#8M|7Lhc{w#mB
zoc~O(IXp7pfy;lLIzaxPBl6#0|5wNQ`$Gh5a7b;`A^&ym*dY=Brwb#2Bl6$h@z=d|
z@8W{8^M@45{mKRnl!pxMHL$2awr6B!4(m{mnc2InH~rAjmF3RNEF5f?(ROAx0bx{i
zKpc#+l1!kKj+q1n=kmw=_B^ROJj;{Vzlz7tzJd)J1;$)E6VUKd7CaW|ej*gZY;+`s
z=E%JVmkJ|+-TLY{rMfB{^=sDmoQ4eRgqNN2U?m2&VfKS?_bD~%i>a}Il9#%@?wRzf
z)Ey382r`6pv(*7bt5lSjU9OBO<+*m<+T`+StS?|N&9%cdOD240FK5!IrS9IazZ(8+
zosl8KGj@!heJFo&Mg~;pS0~86fJf7EsZyA4_@56fEbxI$bQ~neG`Wz!HH?!G&FdcX
zlUGqLf33TRk1rYR1YS{tfb8dwRpz?0&tanh7exH%MQ@DUELNL&A?+Zp=Gt}k;);Z@
zo=i_3n`S@!FPge1U_*s(v2Y}hFQvsmC8D4N1e0X0j}q9i4-q~^UJpFh#}*C}2#`Gw
zK0<Hgvx2JMAC7fPQL2r=`?2SVPc^(^7Up>a=0`QYMV_6Ow~R+Myk!s|y`q1|@@x(w
zFcCU6AZ=taq7kIX*!!W;p+Sn3*|O@-WfkVJZNvyao3+p8K2I79mpxGhVLB0GQnz7p
zt9W-Mn8#+PdnWtWa;ryRmL`Z039ErPNp$KW;^w$P=xs$KX4?&}vN1I^qp4V)c+W5A
z%9FZ#*({tD@@kQ8^nXk^nJaf!^L%g>ulh3JN%u@O&zV$~(W6JB!uT-*uDeqgRU=eR
zjbwQIe%1q{FqWMRBpS<;yJwnu%cqQzXmgkf7y&j$<)IQ`VpoEZShY)xx;5gl$KVPG
z$8?A*D)tT5#n#qTHCtQ0mq9@2?#(m(=16BF$`gGOm6(`)o>XG;N!LyAcyonqiLI^s
zQGpekyEV$@!N$UeJl2{9YgC;yR^ulJjFc}f`=RcE7mybdx1<*hk@?GDNY}^jN~|K{
ziGqKr64iiB#`5xci%1SY3Fwp&GS?>yS8771Nvx4}ULFFM>RuQkQb5eLOcx5|!i^il
zv_^c_q5Ca%%46!3lSdr04Tmx9vN@OlJ)kW6T#qSWg(av}7W*6kLD}#C1_du;;QrA`
z+dZ+@Z2qAeAvJ(qz@^Z8fr0hb>q}O(m6X_iJ!m4TgOt=r3L;V?he$rgVle74*8cA!
zA6ehXDM*H5P0V$cBbXp;?j(AV4w_zME4@gEKrV7Ba*=d$F;h!<I2=3dA{<qkB*Gm&
z@#Wtmx^T$_{?mf2`8;VLxF+k)q-=qDt4c+f3HX&BFI@5Cky=(6m-8c0IXg?v%F4;^
zl#|s(F6>>#zGro2Rr0D5r6M5^Ws;EIJ(E<H|KFO~-}6_8{$C!8{MGt@c6O)EU6S<w
z4oB{P{+7SLSpSy~$pFx&Y{<bI0NBe1Y5*{`_YXG!9MS)e=>La7|7Yy|@aq4p!aTN%
z%=$lUD%sHo?t;pqo{+|RC<D$7hMK0!gzK%xp2~!Tg|VZ0X+p8_G710`NDxdl7ed&f
zB+1$&Sr+f1BOb&EF2``k$}nLT2v;LkE3ySjW}*kn>V9d2;gt|#2sc=Swj7pHZ4IC1
zf{06>5@SoJ_~V(E_(3+wjF$W0zpSpEy1HT$8OJH<Qy{Z1ur`K}o+tHV8%QSLQ^Pib
zp;{t#f_GoI&j!iI6RsgS_yhqk6CPk?P1Tu^r@^_LE};P#uZm3uz9E@rVyKRe#R_m>
zR{duuI!sekfa1~AK(#>fVK1mr2_o-})*(KgqBqdi6RIX#kKT6^N-CG=*(ynbBwPg1
z4E7MG4h@>PN+xxV{jV$x5p@v%<yAsTxf&BDBuGbtj`$ENT@eoRyf$cr;0O~*YYezJ
zI9fdBs?>36W*<y0r<I1|Q8ujnkiV2262R~WmJQBwXS2hH3dkCjAU{<ogBuf^;T4z<
z@Rl|8TZWF4)l0YhBvZE&T-0?_R|JBikiT(v!#qfa1^h`9Gbv&Z(2YG*ZE|>3V<L!M
z6KTF;V7B599d^#K*;9Kuv=|j8s-YzVHF?m`(lW6<4sv(6yL325-yITsgBfy?^-I;j
z_g-dg5tk5tm?6XBC#Nv^p_VI+D91jG8gW)2)(zJ0tcqB-5jpS;Vjw|$fG4ARj)F(P
zR7?dJG2)LSGO2v5lD>9V^WcyNBVMlOVs#WQjg-QKSC*J9h6io%z8kDcU{NSB9<Yru
zIp#15uL7>~5bRhkSy$8;eLR4YN*<ETko?lpVZ|lAv2!_kJw}|77{AN(PH{<DLU}x9
z^^8murB1zL|Axqcw3|^wS<#@v;-R7vHXfos08jw8d;x`1lv!+ITBi3Qzi*8_hV^4*
zGhv*@*#*gk4~H0)!qS;1LH%UeL_1A98W1)b)HRKtC+W}3=3g|QpaGbuHnou$cmkDT
zoWq@sJfa56GY>L=vf(I{LHD4#n;3ziEs4cOC6^OakytiGQ4wpuKeYlCVL1wzsHq%A
z8|+7YfFo?4u}C}^L2%)kUf|~vz9Nn!V_0knC)a6r6Osm7Y~sbbISHVtnOrIpNB~L?
zT&6&t2tOkVik>Cb10e)Cz<7lisp(q_LrCyQ29Ae`%eb|Q6$c}@B#hwDjtM&^h*7+N
zkBJ9tARMCu7QN8<rbQq~Wnv_NS1J-u&{m77u!t<YI^A)LZ|Zqab;KB}y-i{*QYsOq
zawuTKA={u5VB?0WV4HB8F?=QZ$FGR>8B*v-27@8*2(`?uh_D6dfg`z0%rlOiYY<hg
z_(3R6ci}tzM3ac92rH&U;ZBLzZ-~-;QPEP-9mo%cqi54f3rsV7D8d5LFIu~h3*d=|
zzJAbQl_PPR@{mAGB6TZ2VJal+R8)wUDS-#^2@b{rmQv`49=wBNM~adtej30R^nfM-
zF0CJBT<*{h9B3KFYg$9WM>sPd3hW0tD~5RpCL<0O3G!zEqN9(?alMK8qts~U5>SqQ
z67<wR!31Ly_HKGlIA7u|m+`|=a4T#wrb}2fpQh#{Y>w?Y8jYQ>q9Jd9K#Ip*V>HJN
z1)?ovbri{1+nH${Vz%3;k3<W-K3xF{LOhpT0Ps(MOwA*Uu(v986^H=8d+58h4IN(A
zO7Q%cHQFaOitQgB!q%Cy!70Qd03lGAt$w>}>_hA%tIRqKRQHkT<K#myncic)0TVGG
z<LBea56L=t>wN(@RYhb$VpVy-bx|LA%tyA*He3j1-)WZgul(wON%U0$E*NMn9unE5
zWGV~uPQCG?xQ|jy(q$YZpopWIgbA)<##tglZp>I-a6}lVhUs)LFo5+FBJuLWP4{XE
z_aunVASGYVr?@F0O(Fr)h>lFJ2qwiJ&1zYViVATUrg#W7y>3+mUL6>&fN`UEW7pY&
zo$z~*lI$R)#S~vf)Kl(?#C;i2HSF?6?M})U>_<cb^il=ul#8)TSH(qkB1qkxTee5y
z=*W!WR21#zlFFSj$P`=%b=XPSNZnp0uOQQCq#K$FRf|$p^ZWoDlpaF9Kbjhq2*g5c
zub9f<1N~<v(Wa<?J>~Ojf=k4+$+#aj<|aT9x;oX!p@0^1#3?MFngQu=(qz*E=r(J`
zh2V^$Y{X^Aly<1Z&L49L8M}^OT$CF+W^N;DU5yC+#tAse0SFOwIviqKlfBGdz|8OZ
z^n*$P5e<jQ9G0k3u&Q;PfqfP#g;Q+dRJsK#cSyPg9rQ=Ei+_oB!It~*X&3Pb=@z=t
zgrFl3ijD(TvJ)g(laLNnli;bI<s>J8{nRCrM}63I38epjk~U#<=r7eLz}Ez~zM)cZ
zQ?gan<l;|+^a~eF%n{w<kaP<TqK|9PEFgINh-Pt^Nc@OuaR91CFF;;PlI-08=4n<r
zfDP6m?MtbpeYkFc{PPI9<WU3hsL74-FBSY*$Jw?`lKOd5AXSpMPq1-1i?C~IV1mca
z^H2e*1IH?r?UcBar$g15CDdWBg8VvqB~Ch2<4laTn-v0(?}S2tz01MIdM5OXr`cwG
zAeV}oE8jmY;lL-e4mIH~nQKo3^X2GAMi6|RY2pVK_q98bg9;roBg0}CrOQYh6@Q^1
ze_#f@mN5O3*o<-^Ik|^0-CSxFBLe7glYlBZEXlG-D}kQlGhK|y<$Y$)bYYt-D)`j}
z-E=S=5U}+frtUgrd(@tujy~YDu>WSi!hfe*#34Huy3hGP;9OXT|DV3lhtftJ`CmGB
z>6jG%=k9zY|L@=O_m7MJD<hvS?xxm{(H|tIJaG5F8a@A<auEUtDXDz`_s7pn{)c-9
z9&rym;vRT7+yg<oQx7ph(Bd9Q73K{i=N@Cb_CSY0@|-b<kh=!fN^h(*4#vnEAYce3
z?m~pnbzz=f6Rc?fPOIgxnhQAaGL+*65=~B`pt6D?5=ekUdk-PK8Gj9Us+oeyMOyUU
zA-GIoq^DXvehYxM)lSD<_;}(|9(Dp*oP>slRrnQ8z=*05tjlHbb`uFCL{oagY>UsI
z7Uo`6G_#1ttplKAMpABEBtrw-5#jt9ScqUY<oQWW9c2;{*nEs;CCbzj0Ejj<rn13a
zWO(+O0a(=#HADmOD@Mm5N3i0@dB?;QRSLjn8;Kdr2|+P!r;({aHYO%N7#4`5d}jFS
zI1~LS1Jztt7xRS$^qr&yc^pJu=^*fK_2fwop{K}7MvzUAmhO~|7l2ghg??q?g<->n
zaW}|x89Qzi7hx9UI}7A2Imj-DEfCBku@!iL{;=shN38BANfu&F_Zww&$tJ6s09tuU
z1!3wnkQhl3OQ1{vWCLl00RYi(#e@JWM%5}|9b#@u6?1}%T(g#WLj)%r7@#-d$Q;~p
zm9e3)A2X3Sjq-3UgvE!J3?v@q(9@n^8cl?IWxH8ZF+PmvdG?2SiusU|j>FU|By9|<
zG}(?E<z!!Sl24}7;-(44AH+GQea!vya3%p}vN~z&>De#MTZKG~b+FrHtCxw3WdhhF
zrd;QIT4J3Gij;I5DV97(Ig+pWR3lm*R8%Gs-f$;o#yH5z3|qe3l7*C~W%n4VK;c&o
zri)mu5E1CrS%GXYWwYaQf#|k;7L1@9s6rhxKp!$IP%b$id|IF!Sf0>u;CGQul^+Ke
z?Hsv#{(d`-+Vf0x8?j<Mo}F)!Lpidn@$9_9yx#h$p5mY~@I0B`B%rPnFl0qdt%0k;
z!U#}VJ<gHUN0&;FXA#!k^uSFg4e&?yCz*JpDLpb39zMiLm{9bJo|+C(JQ<No=nEc0
z&}4(LA}<7}EF%kfYAWaZ!Q_{O$<)#MfjnHdxte()nR(efR46WXd}WI4$A;3GX$avG
z{}t2H6WPaLGWy`_veZk_@TjKCA=du_F<sV<h^!_;0YHB$Q%XLG!@q0#u_6##o#ZMG
zR-$&A$Ze0gAv_x6o-p&UcYKU2ql#s!dV4}@AS{=~17s9uM+3G29E>efhipB)gh;t5
z6c$QN2aAJH<0k5X2{ne#nLH)Mu#%94_trJ-q8~8tz4&MJy_S#z)Y!ghusrcGbcIZQ
zltDC$C{J)_yfQL2i$@+GSAFB87%YjtVRa~g3{L>=={!+iCA^1sE0}K$ldbTx0B$fP
zlOF=(;GSwU-TQJz>Li60Y~+R^l+fUJk;sbQ>4njBDv8TT1F#QxGnEk;E5zGF^2_?^
zzewU~f$<nC4UZ#RxEe5kvVHMr6hsTX+c~v4$CyVl61>l`7oz{UJuSamJ6_AX*w5S^
zE`K0UODSFmsxmwM_o1!riJ50!94s*bo}Vb?!2~jX!;cq~6qvRn@u`VXvNIPXl{Qg>
zs&Bgp=DFcaMHhgb9KIeWi%AgvaLT*H{hV3Ce&p2a%9ds0Xmb>#%kHjS@m%XDmyvUi
zQywz3AfrSLOZYl$HN$`|Z0zvVP6aR{n*)VHD8$&u{)9*XBsP;4Q7SVrN_)DLk%86X
zrr}q;VVblm#Y;0*0S@>8xXu&tF^Ph0@_=PMYuLYTvpf)Lhd}^R4co&d_s1OJv_%a-
z57@+#d4HOAP=RF&C2uTbACgHV@#6iGznW*2JFvAqXv$AbCN4Lp6L(Ei(izhxFlPDx
zmr4#3kwE%~kWMCk;LS|eszygcyfgL?w@VcLlk6PHW)95&At$&O-0!R($N*J9s=p(`
z@t8zu;$@RQiB*`7b#@?{VLX_OGwyI&EU3b~(um?yp>z1vBm|aGR%D29(T_MLGO$@D
zx<{n)h!VzBERdI0i&s>zl{FOnN+rOiU*aI<j3K&A;ci9LqAv9FJKz{-A=W<0OeSWB
zVs8&q{p4P8c2sK`2o+%z8mSQ(@<*E|4>fw8%NpYQ*h-9#lL`o15V<a^BFOrINp%B?
z2Z1+W&C%ka#p31V{748Z8ZZkD7A+ouL$9Py0TYfA`ias7Yq!7?4TLrJ52M{sn7Rs-
zh1Gl23bfORqf_GM9gs(u=%-e|iLQji&)kwjCKxVffG{qXC}7=!94>=YMyo^M;L(i?
zFe#XR07nxGhg&mQ0sF|hhZG+Ow6@@Wfc;8?={j8G#p*(97$cd%N|lAKR7`(!A#hhV
zAMuKea&=;6JOa6B!Qc#;z+B1kUqi8gKL=G1V(M1T9qoiXwwp}li+G;59P*$t@gCi&
z34On!VK4NAQCQFu07DB~CX4}e<oly4JN`>m#!G^p^lpjun*5k+XhOF|fJp@$nbF^*
zfGqnNU^dS&+nX{cW-xx30iDQ*M+0a`P{=RGE^+I*W0)EUsGgu)#w4zBN;J7!H4axF
zDHAx=0QVf>dlkKV7>A4iM`FWfOX1GS$^borX<Uk)8bxwg_MvFK4>;@9)N~bIvkQL;
zNKAq^*nB`t(EvYNkw}isd!IlUC%zYC4v!`@!LuEq2NmFC`=|{_+yki=(4&Mxqd`;i
zMKPNWwZZlmV+G*|TEQHHJTX?HN*<y_ed+{HAYBj+Z-`vLQQv|Agu)Q7$dd`PBL-*@
z_9pZh`8WEuvQtV<m?4w%3T!kO{vk2(#Er%(%qwP<o=2*>nT3OS0`f*pP$ANg>+*ns
zM8}eer3kJmlwh+K+}$JXckF8oM>gxDJx_vcOBf<9=LaC85v>u^_>8W>No>j%Y=lpv
zj#~{L3W}5}kqv;faf3JVb4y|yM*JEh$A2u+(ZBGH<#4$gWOw+hTn*~F|BoF80H8YX
ze>!J(=$Lr_pY6^*a{vE#{QcwZ|4mo%aCLHk_&@N9>B@iDuwhQQS2SFuLE2y4B|ygj
zl2bSUm|Oja-}4{2=Klv@^B>G%^8e?W9}N?SbiyYHTTmgt_%v{Ua9=t4RYN}FGRU=T
zzyTR(K-`Ty0SyRb@rjhzQ8EKT$^sGyEE*YJ+UIm{#vN1zPLM8h6JSRYQV>t^o<LP}
z!OH4_+f*(N;xJ_W(p7e-F2&_U3o_GTK#)?!?SGXpUePEJ+0xX}1O%IO3Y16yAChGQ
ze+ZKnhDGW^_6L2*ggk7RxRV3vIu8bhCA+h`vjM{b-x5)Z%J9M*abzf$i8)=d*@c2;
z$a<d)(bj4?Qe{j+Qv(4Vc-dLu;h_tCgo&3ci;@Uj68Yk|wuF~6q`UCj?86gLfY~DH
zMuL<-Mpp=pB(RUjSnB1u$+?l=q(+%9pG-5C3e-oZ#Dhik!8twvSRbqH(P1$@rU3Q{
z#?dq4F97zD4h`4``#FO5;;=&d$YK^!fcb#)0za=w`HCtLxXDJcM09FQIFF~Sc?_ws
ziL8gQrEZbB9*P*}GGUmDGN~ZUF$gZhonb(kizgV-lR9*hiex9flwJ2r9g<$^P}@r`
zm#c<~LP-^cjEc-K=_$|j<dy0Jb<n1w8&U{yhs5t8O~sU24!A+rz#=IWFyqc5>QCpX
zo&%;Zcq6;8O#A@rEH@g0*hgxYhfhJn0i_&nMTDl8gtQXEJ_FEuj+{hZYKUhDr%*{0
zsPJ@PdoUa&j}IsY_7-5fY&L@IU^K{*Takj~<)M>QlIuz;gsKAvq%tw1nh>e#LYFdP
z*fe2a!uLvwho7JLVl+Ily3RKb2O3p=-@?I(-NwKXCS-<y#d6F#4Ew`SM~e;1Y~nje
z@v4Ska$YIp2{DQk=MO|wxje!tgQ_vg5>=j1ICW?_fdbSO^j#xtRf-5{$_c(d!Pf?d
zV@2sp2GVVf(b~xo?mWa+%^Q`f+XoumO|-TjT^Dv)D(el0AyxNZ95XIRYk$MV4Ztah
z5T*=kGf;fr!ZJ%R^pN6G{(!F_-s5XLtF{Erm^dX`3OFjZqex^0xrEq*rH&L%D*Gp}
zCCY32gJ4BS^r>RcE%tY7{JFqVQDc&E3C%boTGXQfe)nC(p)ue{aDs&B!2+=NNYP+*
z=_sBabG_!kb{?WlbH=MkoPEh8JsRy7!$DA`V&gH>tXmh9UX{$R?oYIS!o0zK6pv)J
zgy*B@7$Y;t2Of%vczig<q{I&E$TSII?}sTQ*a9FX*NLaaEk|&C=ffo}TsNACL+>;{
z5W|eYN15u))B<lcPcaHtG6-y7x)37CfG?NWqjdbj%vwXzEqM)0#FBt~z~+L^FS!>w
zpygXDDfO|lp2;>4P;R)(x3M;5&jXnQW-1+UZ~^8@Wr~f=r-gEuGm<X10<l4_-~nSx
z7!>Ty<31W@uVHYj^D+5JOPphhga`hhhe#WgCJ+FmS`h$<{!PK_$WO$?(ys}T{fzSM
zTo^!Yi_R52T)SHLU}oLH+Qi8t0{C@rI^K+_G83vq&R-4R5Vqhph#>=a!F56@P(pSE
z&&X>Bys6A@GU7E;r=4zt>1s8ggeo|&gIyBUbGsyxF@}UEvno$42APNS>4Fl_1IFU$
z?$%cs4~-LdvWzanuuSN=u2c!jjIg$(Cr9FAS|fgzo2UNo1Q7^=GX{~bEFCaZfXhH~
z01?7Oy>Rd%#v{oV1~36eLYNyO*?wZRX$FLt!Rsp}8J%y>a!){0^bJZh09Fj{n4^yn
zy*hvog@Nz*5GL7B1Uh87VbMEeWsAP)vW>XiHg)LV283WjJ>xJ1HRXp%W_bzuVWfm~
zLN&v;;jwPUZevPXg!P;)3g0y*!NA;zr7Tm=VsQ<vOHRu#x@AC|u8FS%)R2-Oq$Lhl
z1S*)#t4=VwDv_8;7~sGWsORe5DeyC)FUfA%A$WmQ5mxm5VmVRLlY}<0I)xL^mMhko
z(;qC9mdFefVF5VzBCizL0sjME1WGzY&Z5Fw6ar2FAxVoP=^L<S0@?x>#o;mB<Y-a^
zC;=kxfwKd)Kv|7o%gDgy*eA3PGJ+3a)+4AO9jwq{8IvM2B8k$WD;fCbP@9=}2<4m)
zj3+zdi%I<3uW$*l51`!0loSr;f}{jJLPnS*$R-{GY<AWSrkjA^?gWT51lR|w@_{%o
z)NVCS5-u&OOFuAOcnEKUod&|?-Z*m;LHYN?D2nf)jg!m}-0G=@%{EUptV3SZZVufK
zSPTQ&Nk_s+HD7jt;)|k|X7+1_S`fto*|EKL&k+3@o+?B~QIPnd`IsL)B~8YLNpwd`
zs{A4NqZqAnh>~P1J^^q+y#PRqT4u+L!a>Xmt<@%B6hT&4chm`tk7t4zY$A1l5jt`K
zuj2DSKvJR<t??L2m*i!;$0-AHoq0+e=4mivu%u`U+^c1;&KGc3i|vf;Af^NY=r`yE
zQxaLmLSRj#=sqW6#Z(%MrACQgz)<@1vbYI|y>?^=u_HmyFCkj=6A|jumukKNOvVMK
zZ@YPd+3eaytL2s%#T^8y9Qbh}XHzCJrs9$~wqokp)LS91bQxn_*r7=gAWEun*(tG{
zV4Zf;?L#Vdkq=={+}a5sL>w>6uw5jDG#(7UsGT9eYbE^l$)d3l1$cDz$%zAnXXbEC
zmCYinVW_4cbGHO8@LMH4l2O&b2NtX3u@DuWcm-YZ0Ey$ehvjkL-bu{zBK>Mo^a8EE
z{s|E61*?~0JIDZ#qZ{Vz{R;DYBZ^Hj%SeG{%H#0ZUKb1QW{tqV*;zdFr;^`&a(TfL
znIV*|9NHzhtS{_?Ec?kOW-p7gX>p&!gxd&I=w|=R>6o39?UwrvDkFR$ak~q}^CKR1
zT4uUk9bAlEJ0KW1U6vgsY&-Vz#4<4wE?vAf!p_JcmLaV2_EAv7Fi^L%IvEXSb<T0S
zbF#C{4UVu|l_q@E-Kle@Y;yr_iKcpefv~0|zh71zQK$gAh#<>>GLw@x0x0YV9?EtM
z(^lxVU>JonQSh-x21AjMew;~XCuq8d$D>vUY{Hg6oFoTjw5kKTCcopB&|Qd|AbEfZ
z>ZG0!zd2=vF@21A_nH#Vq`E1ANwBg}eL6~kJ>#V%Pnp9g)<`6yMs){XJZFuJ5@LS|
zZ+mczgle2-(G%}Mx%o&U@lFeqnJAI1L&S?Y|D~?3gJh_3OB5Uw)snuo4Tygs-Psw}
zCo6FcoZp@-UC~t%dO7G00eV(l9?H!mK(Gua^qI2&EyrYAk`fvg#wA^XWW?NCg%Acg
z(G10l3M6R*A{4Iwl^8p2zybJRyc4oI8+XYve6xBdm?r|}fsABH-P4Cce&#Y+49$1Q
zr03~@eTf&!{O5Rx?T~17gx~#`2}T&W$u<L*br56<{v&Md*o&H{96~sU!Wj~ahZxI)
z*aSwa`t1}K;$d@HJVD6Cqzd$(py$GH6x=Ex0E1IE2B!)K7~#hf)8~SZ9DoimPn5Vw
z<V|6hX>s|fAo6fQ*XV~>I2;%U*b%6pK`^G2EQRp{)W1LAf1<38YhC*x3|Io@U*S7H
zn+p!Ryy-Lv7`g#J8E7;XMq$dB28*SxE?Lw94!B=}DYTXkRxL(3j3oi>KtPs{M^^I4
zD6_qfb8o!XHgyxl2$M~bEIdFQATXqo7LrASI(iH8gvn<ik@v8=h&1i8%OyJyDZ<;i
zqr+~V6?=L*I~PqS<3G$L{r@~T(4l*-cm6*BlJ|f3uMYqJB!WDcHtN9tb9e60$?E@~
zoz<m7ha>*~f5+cH+5f-D#KeUD0dbxO4hC3OFvJM}Udb^4PN~R5;;AD7iYzSn9~}{J
zBqZRU91`#kJKSpt2{3o;pb1is3COeVAQ5?)5UlN%bvFkHu?9d1u(lE&kwD7<;05&9
zV6rZ*Fb~P(L94>608AM1D0>|>G#)ig*B^$PGzY|klozI_;O^lIqw!OYC>|de?E=*@
z2l<Z*2T4m>S%|hIg<HLdn*+eW8ep~X*h+4q6UD6l;b?r&VsRh$Gvz=eWHX=({S?SP
zu>0uv=CD2-OAJCfGfffSwB)2@xj3eufF&YHZvSdV)p`IvmWI%CsJb0nGQ|@l!=J9R
z8aQQulp)p<^pddV384EJPe3eCR}9=f8Lx<{6dFH*^KrC!#WIN&FejIATQYv-fCNFt
zn86GcC8QZA)J*qYV4LFjchC!PVu@=ULsCOXCcLW(Rm-Rc85Unu3u#P}MyfUTHK2}D
zfK~zoSAsFN2sPjdX;okXFwiP0JLL7&(<rfFu<aa&z+d*9CZRY)$c7w`%USc#`M#+N
zqfeZUx}pM(6{v@>b@(na{E88NhvQdr%bZb8GJ7CnNtZkjfh~L-enV4aQ#-P-mK5|Z
zDlsf2l7M%Cp9Y$La^fX5SW7{Rb;%MK;gIQsAQVCk$-!#Iy(5f900aZ9h3%lC%(xcK
z#QV8Swqr4=7NZ@kvK=C9rtS#zBk_GE&PA14YOwUz1<S!<)|_}H1hyKDh!f`6NQp(b
zVSa?9lG<@hDn|GfQBRQO5@2OU>W#XH+(iNnvA_mzlq_rQPbQk2nr$uSfn+9tL|J~L
zJH4dG{9qQ(3#`vGK^j9qofI$8^<fP)X4djkc`d&o5NAz40(xZ9Z)jLZ>OVX+dT)li
z8BA!IWLinsfpqsyFOh#|m4Qzb39z#Q*{NPk3v=Qz=lCuPkwd>OsF<;`1o(}IjyFyL
zh+rE6u8Ofw3ZyQZphm+XyzQC5&MlB=G~M@$-1o`lgB&+fmB)KbN<);;1^tSwCQLLD
zc@zVBjmF}U9Jyv1G$6}rqegQKlDJ#Y!Ewduuj3=OwtyqT1aS`n$;6rk)APpF09=Zh
zQfeecLh!o@#zRw2E$}ATZo&b{1e?GoBNmo)*f)PQQ%zK#Nvgo>P#vOJfQxc3QIo;W
z%)JRkPh2QieM|!iS|jx;wc0GMI<S>x0TAV?8)01;09lr8f@oRYdL(U<{0a|DXQ;-#
zLc9z(tX~(=jNyx2gS=Mk5|euv(w)A^T*iqxRG^fVa)3Ymv>c{SlNTKK82QH|;&ii+
zH_m55&orS68ZdQi3n?D0S^%IL_@{(-#&(sGw0XIRs5@J8Q+0xSIUpiJEFd`xSdu7l
zN)lIQwea<WhN|Pva!FQpd%78ejI;eQ=M|Qe78MWH0p}6~b_-1u0#Gm?fgY%+Ms<<H
zhZJr0I)sB12W#we+(exDh)n_|gngRV#w7Z1s8*hHc%b|e?;vV`X>%OBlMQ5n;geg*
za~;%;%J%QIg8zGz<ilkE?~wJ6Hh|Y@|4o?KgK497`)`M=Y<IH#x8srgFMrG5|Em30
zN=yq=lj%2g7mk>LkC=h~C(OVm@;@|EL@Thl!~YWrU!Xon86u}l7eZJvDH4P9!ROWt
zAX179AbRQ#%5O|oygG8sNc*2-hV*bV4Zs5F7SI9-tsIt&5T?i+j%HD+hv)G4RMv|L
zs)s`Fy$DAy5|{WqAxXzDFc4!{-)V3A!(g{&#R~{Y9aRWE+vZ4HSV_|=Qnp<%auP5l
z21RLnx=a@bXw26w*ig2#bRauNz+5Qx#<rQZphm!M+6P?sd-D@4%wASvK9_k+rYtPN
zre`=g!chWcJ-%oda@Fc1<s+o!r0@{djT%xi<PRwlV7LJ638Y>T_5{$Zz%&MMZ3N?w
zlkP1reKug}fR##L>;kL>9H(%ZG##d0Q6RH$5d73Ap@~)Xc1fiQ<R&o%I;lR68%+Mb
z3gHPS@?b;3mLf(rkg_nFi%RrRC*v{>#3|n9Gz488rzjDT`hjcI9PR^g`hy;DG15$9
z6W(fiPz;d+DW`Fb;(M@*Ixuhr#F4Q*L&HM+4&8)@vtJz2ovuY0v7uBE;zcpX5r~zH
zLeyErL-rz<lyBaEaGM0T1+pn)F_WMaPf#ZYhZcv-5E{^Qx-3CB7dqy_2R0bMK*8_$
z2}3sHY!U(@PKrAvBX>ogWWNiq&wv1-Wx6r*#*qg7`U3LZ3I=(dKp{sC$J~+(qD>ep
z)fZAK*x9Ti>WJCcmd`I6&_O+hv(J|kZ_5G(MhAx;k%9_9f2mr~CFdh;7dUn74ik6>
zjRK|s2-RCHAUh~VN_V(NU&iF{L&lvc@KE6?z7eg+l($DO%16uNG4Znzqi9J!q`v~p
zJrct==%euh_rR4nHL(@u%T5<cd~vbUU^9V<GiBbQg~n6H2qqIpU_b!}Rfk%RnKN3a
zyX1c1D)>lI3XCz)We#0{rI?Z!UkN@j;;Y_yi8}A(F~&x(fTjs!r&?z0S%FK}pb9KE
zB<X&xY7EPPr42_(=e4ofF_IAd)?;BN9r0LV-iLIjr7p9r9O^_y8^Z8DfL}A!kGFZn
zr8IPCf?VUVL_!m=kq~hmGNqV->VeZTqDF(4k+cSD45Fb)KskuCGQ2&!Ig<4(S-`Ia
ztsBTe62z3VJwgHHV1{D9ahL*Q7xhs?WI;3HcE~*y?$yG9ICpqPPh=EfJW&i!5wU+V
zbpyd0Ojt)izMLXuqEt!~Cl?I?(T3HnaZXD?JOqDKgi8)lS(5%3nuf$LA->~u=;ZNn
zg}iX#DIIL>G~R9DK`oJ^E?EI#FBr}1@sKVV{QqTBHWIYGvL!P2RTB8+dZIhaB|w?^
zTHVhi3#9y5Sfwar_+V^Ry3I^33}c2N^H;=I(~HIg>v>Fi4=&YjQKBXvV~XZt6A{zF
z4UMVBnKuv5dW{jTP=K{M`4LKhi5f+n3K5E5L<TwBnz3(!aK=#h2#Bp<HRqTg$ZxfT
zAReB(K_fN=nE$$Tf_WHxhm0txD-Inn4}&j~$C#sG@t1&AI&=t0@Bv4lDhrk*DCTt6
z#g9}YksaQ{!E{MzJaAf5FPcKk(F>eF{-8->Zc0c*Z_v?)XSYX_fca2dczG1SIC!(@
z)bFj1!HV^UqS!f&H3&*i2yc*Os1vE5y}}kZ$hz$}?_RuVrcFUdr~)EhS*3`l1;79=
zgw$~mK;n<owHTi#frqJYM-MEh#ywleHQp+Vkar6g4p~=qre>V~jG#jC0BaSXFLMkr
zfTDcO0OTmUz+6YYYK*R4C^saqUk#(E?bv~M#1z*Eyo>}FJDvP^(N_@;`^`d1jd}Ut
z`kbv|T-7RxsldvBEe3<fVNLn)a%2Sb2znS(iX#7o)P(FG!T}|Yj7$JvKQPdMp7HlB
zJs5<w=wdaAL{)4JIY@!IVI#<!2mR~7FG;6zEdU8jJd%UvRuO55R-V)@NSlSqE5=Ar
zA<0vYsW>Usr^X(t*gY;Hz);a&f{&haVZ<`6ReWHFCP`HAAyMA3LMfOlN+CUgFOCwz
zy6B^6#0AJJHH?JtB#d6-z&*qV_0e-sS6)b0gm}l2o99HB$AMEq0)B%8M2V+u6BDOV
ztd~A_Q6-3|JEqCAkV$dKx*SQ2h^K5!JvDU-mVoqA<xx4{ofx~ZufVSbq6B60USouy
zXrT4Mjsfvbvd$T4xH4z3oN_JLgFLFp+zx`<65rA#44pN|1kj*IQHhpxWtvhNB#j?#
z%2-ML^fi62U5IDWEJ2kB*_OT;FCC0L?5sijN8UyB1D{OfYc`#jr<kXBNCZD7wyc95
zV?>{sSOB6*vYK#`bWP#Fr3e3|oSjtK5QW7ZkUAs@gdntPnGZ{T4p|67vL>sLQ&Am9
z7CSgfNcmbs0ad|xO?)?R^1q3GQoK|dkAdBfUg2M?1a|=RW+Jyj(uW1$mK9`|Y3U-8
znCadksLq*W1HvT~u5G~QHA)dJD-rOCWKx2JwmApLH@bBeyj?@$q)W1LrGt<Izi^}u
z5Po5l9$;fyG6&PByoV4)T@)VesfC?MF;l0x{R2%YhHx$u*Omq4QoJbRqFxUeSYTEK
z@|&fhAUkALjOldA=ZE7YD^j*l5cG_YLU6qbQKD1mhKUi>94@INMRR<TT0A)bf`c$7
zJti@OVnkKS#>h`wW0IZV&4tOz*ffeJM3g<qqfy;01nO|u+cRM-3%wWgd~H03sUCX@
zdN2Am!*-4fENV64q$0VzfgICjbzp@AaAF|x7yvv~lq@SAk;o0hJ_Ivi@d+j8HP#4{
z4O<dy2O|s-YD~P8k1~%~I)GgQClhqnb!Q<F)BO@B405T1t-wUkbXt*c1V)91MW9SH
z$^#rN(x(Pu0oy%p*&mi<88U~N4q=00cuab=NaZc_1>sb#PY@mMY;LeF14gI{GxD{I
zaXXQ@BX|N+J?#hrN)jA3$KX8<cNVYI43fx8a~vGBGBTxxb%(#t%ZmP}9Ey%-fFcFR
z$&+Q#rqS<C#W>kJh%pkyJC~5rGe%lC=WNOBBSZFd*o4#!<{m`RiVD+4q#o1ZV2lud
zVf}-bYrypeH8t)(%xWsDFmGsYvziLGNRFX^8VrgbG95!j<riL|a4199RQ;luNm(rl
zanVUmrL5MVt>OiiCbUW&#(=A;7LaMuzsxy^adj%<9;Q9SxL0WuQ^D)%r-bS!LUswn
zu4>4Ll~@iIkmseUp<=Hh89K92kadlfw8&UEsQSpAU7sK@V0qAl28sUgVobujE*;Ag
zCRZ=6V^j(rkAN9rVG6U_H{f6}0d#Tr1`mk6LJ4R39AvQ&^@~gsx?!6uz@Uhm?nfLU
zi(X5fiiA6Ewzxwvkz5VHz$g=fB+{*6LNyhWMwkwD!y@Jpsl!+``ef5o20a`=4qW&>
z)tbajL-eZ#cSvEsOz9^ni+u<>#h8*B^~HnaqR(gr!MmV4OoFUr^hntlBbd*@XSo&3
z4-qL^v<K7=xGKzL0bP<|yNDzi*iI&Gmwh#4OC4$vD%UL(K!8MJ<WNZ1W?ti<#%ErH
zKadG?k*^z9n3DPcJ17>`#o<`k=mM#jMurcw1R#@MO=HBBj)f(@8x5L-&Y6sxNChay
z^fQcpWIG7Q$X28HB>~yQ=><pwO|B->FJcVAHUw8_#gvMK{oqyouvG%plE&&|;~$i$
z2<T(4Rk*imJBjbW(Pn-Rz8g0OTs0R8jt);HCWc@A1<;hll}sT#!F=&~5(xCj=FoVo
zp<_VQBQ#ST0nZVujB7kMp{xbKP7j;{P`xDGIBeZcC`ww<CS~hAHfX&_!cY~Z2=D+(
zS_SB|ph!4jmL$vN2*3YCJ*)<@*Alc6ErnJh3>Kha@v9b(#Cpcq2XJ)YfFZ~lP|NDp
zLfK}$;(%6`wuF(JkT0@+=UVGFOQCZn5DIP}Ji#R0C75#JAQ|vE7gv~xHl6*WYl(P0
zo+N^Zbh?CeG!=Ls#15NsJs&!>D{Qg4k3@&8Gc7zF-M;;CBM);bW(hap!k8puk`#k=
z3JN2^j57_qezV-a;awA-kd(w_(Ui3mnzGEV_Rxey%#vF=1@07+S@k&q7HUEw$6Ik>
zfRwB_vt*!_xteI`iL%ZD1#iagQ}7D5M25_uO7VH<9|3bp^%<&+sD{xE<sud4Ke#_b
zKF_5R-TWb&?NDfUfEkx{ON_<xq|f6184glR|Nfb*QZCzmn-9z{)oP}wframv!Ae*V
z<ho1<Ovu1XS|PR9YDM6uG#L`O9?l`WQbYLQ+Vduyq&SL$f`TqV1*r%l4p%a0Z|!<F
zx4Pl3<_ZkAN6_hGM(zV|1-6?dvqsIeT)VE4GL_lg;b1j-el2KRv9eaxh@f~~xlU5o
z;i?jDG9B<{y45-Wf!09oTz{fEKr2eDggtYli+;dB^<{-xC0>}7%AupgVP`A?9j@4z
zg~m@6SXPd&k%4N;#sUD?k{WhZMb((%FjcMVo$2YdX?25ue;iJ&4sMY1xSz1__cO&F
z<r~5_Sf(bR8x0TbGJDUNT#`lJISH>_gWM}Igw`72duVawL*JK}ajPXM6X3qw@3got
zn&Y@}EAuRTz*59-<>IG4{1?l;HU?PY&)~L5xZ4W42SE&-5w(r_gYerE0AA=m07nC|
zSe}82&j*+BMLSl{RKqcqqvKk+&5?MQe^I>45x}Q^(_bC&KNJ>zhzX$U$p73aMgC`Z
zmm~R~|CYaha{LcZ>2*K}piMzPJpYGNrVJqLUo|w&DGiASBL@7F$Q6yTE{V}U)B!r(
zjzs(%iTL>+i1?wb2Zuz7)?Cn7p~$(TXM;wa4?TL|=Y&+ai6}y<U-4)<1du-!i0}cV
z|B+Z<vfSA^f8cqBcmM&EA>p&k$kjlatbsy=-7>s7T{6FfBvc_IM-ad8^D7GYKqDTq
z#gkaF#_H%!peQS&=PF`0)t*Z@)eIh3GGW%!Y_~OYMvciYtTE_(1`h|ZprU1`8tr*}
zZG@85nv`+%;IYUojV0#O<juOU2}U6#_3($?y?OW?lWWqm?poZN=VsC^`^PDpo@LWB
zSsLM#T`rgTr@{1-o|3cH94RGwP8zC#8yP+1ejNyq2~^cXFEstq4~_niUkZ#SD!DkK
zAGTPmWc+Y*>OUZ;K1pNL6H39)$z$ReOHq-!MXIqWk?5zaGDXTIydSP4P%=LEHA9_;
z6m;suL{6Lvxv5z9EhS`k15^s?7kNDB9m%T%!c{s@m>-OiWVAqYwJCc6IniQ9L61fY
zf%a%M=9J=W`^J=m1--6gztPXNU|;K|98CoSs|xqIz)biERllCF#Z2T5$o~Krr-b$I
zu%iLRpMf?Q%s!p&Oe_N6Vx2phe()=G{E%F!l)yoJ)xN-?+G^_B)X+q#O%2a+Qv(gK
z4eN_dbkgO~fo{@DCh+hq@#g)CEdX8P&IGf4m9><&S^`p{93ixIF>@Xv$pB~}<#<35
zccKvyfCm1$H}b%6m7c<pEaVC8lV1yV)9)lSd^QP|chry?Q{nQLcR?V!;XLUj!RCWc
zBt2bd$_6PsCgvHJoaUiU){r#G`{gx--N4PYf9IP3Mkku4jmJA*?m^r&iS|QmL^~?e
z4sv;j9-~W)e)nkIcSvvE&K;ey-EQ$rp{)R!1P|>fO*~AYMtdIUJC=hK&W}TDrsh3|
z=@3~1`hLR)Y&)@MxYsnUi(xjn{n=&MeY}VA1h^Br5u8AYZcQmU>Ds`OZm#B2C`HD;
zB+B#ftVOt?75I!!-mx&`X~uw`Xk1*7cqt<=ghD|)A9sVQp<4brPuj@er^c*F0KuKo
za%o|<iem1{zj7_1fuzNRhljeF;Sj%4B#y`C>&UVi%L;19VdVu-qdl*b)SJIYsKx|w
zR*@PXr4XnOfPxB8-qB3Cb2NUBh1u!Mf-)D{qWt(Z39m>~{GwT0X_Hf|hfB*f&>GAc
zE!$r>XV^f}oZ(ZPGfpvwFkQw}dA#8$sM+Srbv-5qo0KRCGc}2`VY!x34_SVzeKMed
zq`APfgE00=HZF+jKBy@%O#^v&6TyT@?NaI%u=-)^h7?4zL4DFQX;)ecrOc(BG{?eA
zs6x2pLQEj{>*9%P4^X>G9<8oNa)X6I_@*x7ogR7t@CZ;CA^LlQJFb&rq?5@B!kZIG
zO43P6P8@D(J+CM+bDSQ;&wf{ZaP>?{@X%2flaQ$zN5mlYOahGV5G%?wBb}<DaW(7;
zM|dQeIcf7>B2W6lk!nsH=7SVOBJi>%%ErS^&!-8UbJ)4BQ2_0u>8M|&$h}Erp%Gp#
zQOOF$4_)G`b&o;=NqZC?Iu1mOGN_2HALGoaEge=~%+WWh4`q0@4ox(WG(7PG$w7y9
zdT~b?oB-N|j9NS)Uv+KA5E=6S!c`@eJ#pOl6bC&5KklEdoRa6p^hHJ)5W|Z-G%j)q
z;*Y_w6Y!wItQfwU5K0>kK{BflIuVQDR`R~2blOQ;W+DeKgT{2;EW8XW!vQ}xM?nXG
zl}jo4wnYf^@i8LMMO8=)<bV}joFU=DD8P5P`(sSF#)+QoPv8(CKUob<hnxY~V?xKF
zY+)5j%m`f8M<#x9#MAYV67X@FG+F-&Q1HU-3DOsvvKPmlH6$J;GK@i;P?0dz;gl0u
zH~=IBt9J1;Wa2BR@5%c2Um$ZMPiIm$T`*YWZbtuy)>JK<myQzFgt2+)5lG%_VhqjA
zY~%$KnCWS@FmJnDE~jMr;eZU;#=b`h9cz&V{+d7T<5GpOkxeiw$oY9Ozl4F}Jk31h
zJ)}9UTShBQ8mPsZojfqZnvEeW{0Nq6Y_QJ#Y>eC@Isc`q7bgL$@?{W#u6_vxp6f*i
zzNATt`u^)*5?8<s?|wCQ_@-A0Mq-B~7Suhx*hGry#pnAW`lJ*FLcHg^y1!5J<YThx
zp2nCCr}k-L1OI6K(~!wi%*f%=L2KcOF~TV<|G%n`nubn+*j(VV7z3r0dZ~q^jCf}7
z0dPt@K)V)&H3bD8QCa^%D(hdW*HOQdH9LK4TXj1+-40#5BbrO0-x<eef^v&G%wcg0
zt8o&riBwa7KhOl=$HT<$Yi4oCa(G+Bgy?2~34ZwDh&%Yd(H*>_`-nUEKl!gN|8KL4
z=E1g6hyQoyF4-Lu^FL&<pO5%|{|$fF3>n<FiF69=wI)UVdY7<&r@(({_1XUij{JF!
z&6ZJG)H}ay;@Yn#SI5c<SN}Ty(ND(BT+!$4{>|U+wdVB|4X@rMO+BX7ZRh628;;Mv
zz1byOKA(}ZV%{Yyx^`GG<Cq=CF3;LguXn`OqpfuAtTW$yvTf7L+V<+#>+Sw&MPE5T
z+dF#b-hB`MxaGsUzKQkfciYDIC++znHu}|J3wCUHbW-@U`AxT-cFDAT4c2cw{ntNF
zzoc!?9&g;x@T-bnZ?f$@wny`O@7dJ1{*N90=r`q(qaS&-+Xn@ajjzbl_AD&Tz3fk0
z{fA%dlQw?EQTIRB^0}(%lUn(96sNWRdg|hj&;0N#TV%tBCr``SFs13{(=NXF)R&K{
zdVR;YBcHr@>cmyvua}*A->fzbr;WY!xBT=*wq6&{-7~+REpvG3tGhmZX5Q0J&n(#y
zIVYC$*&E0A2xQ;h%GYYkW5X7F`NbE*owGmx{PTJZjvnqjY3h=DgZTp*Y`o^t!ra!U
zzrQxnf6#T$&0Ts~Q|Z`_y?g(<GuF`7YRioAW8VJYPiMbw8=u?NYxdSFue@^l^y$a6
zbj|5;=_ULA`0bHL9@#P0e}3oN2iB`sua)nC5BsH^d+M|6zFxX?>4b%!g<cpjfAu|o
ze9`XOmYL_BQ8xavrX^j6-rBKgm#k%7x6Pb3;)2t<Rh<;vIQq7G#*~g&XMd-K?bxG7
z#bP}#xZvH%zg#z`OXj%?+Re(IX7h!={$-ssWZr$#k2<lL*S>ArwoCu`?yV(DmNdh^
zEz7REcE*e!mFFLA@!YzvZ*`5D**3j>`~FQ^`4&~YfA^j}dx~y8i*@Ma>-vm2XXf<D
zww`JGetZ9qTSu=QGiq{UTfKg^hPHYU+i|bi{I-s<%6G>tc<-fccem(&a<8|KX|m^L
z+Xb`j??ej=3rCKe)3#`HyT?9WyJ}U76HhEm8-LT{_MdiKx%-s8&#v#Y_XXdxX<OOf
zmtU^__~X{oX5M^rhwSWuXWiU?qV2U-k9}79>X7AWOPVwZ9^d^*-|h{&o2~Rc-stlg
zqps?)?czquPO~llerxHU`+oT?=k!hMx8!{F=ZPPzTJ_^+RU282>C>OS=%*d`-Yd84
zp1thNFXEqEo^w~}+Gf}6ZsohR^N0~6jydL-0RslKbd7wte_DpRw9SgMPxF<H3NGIJ
z^YO<Vli7b}kGb`~yL)w$w_5p*o$kG>L&d5mM*XQ|Z=Z8|<m2o2TyOiPa%rn=UwpA^
z{YxF3&cNn3uVM4~%y4IWd)Xtl#Sd;-I8gig;uae-N4{vYjUPY$oBEH;A9QzD?Trr~
zP-cFyz%l)+2Yz{>o_yE!Z-4*sJ$nPMKOg+Xy=>^2Lnob4y?ySjdyf8TZRU>GS`-%b
z>o<JS#P2>|GPTLkQ<o3y`Nr^z23*=Q^TgBo#QNNI@%<gHI_~tfPb&io3JPMeXYaY^
zo?nXw{#kMNr_X5H8sFvWd2S2asuO?i_VydCZf?6}`$sK%^{T&e<<aLZcTYHd#h@|u
zTt7T9cW&W=Pj>!vQ9S?Q5$%@vpN+lz>E};;Hhb1Ae|h<NLx;|tH*cf%e(vQzozb<V
zYxVb&Y!CkaaPtRz_uaSb^2^8c={w@hoDZ)5=Am_$mpOeiZun2`o*j=ZxI1t1DIMor
z@Ijx)`u=?Txl5Gi#;-V`dGqt;U+~ip_x!oO>xnko>L>PIuQgiM>fVJddd|^$J$U7n
z5B;?Bh6YoH%pJM=#p*U?6|3hCxb^w)#?hlk=T&{P{*lso(o0o4hlg`MyEg6PxzDf8
z39MN+XwdWjDL!vn({0x`Yh#zB^QPaWjagtjfA*h0Ex0s&`uDq@d4I(nod#^}vG}UI
z7nhv>;DkQ?((bFe=F>aw9P#O@*onTCTi8yrz1*Q<$NO_$Y8blq-dn3)zu?TiclCe0
ztm!GIJo?Gb=RTP{@3IdzJi9FO<A$r#J0Eq=*H5VL7H-)*r(Vze{0!S0tzOcO-*{Qm
z-j8f~_x1sgJkrdy_?toXE6;rNofVGk?3wPf+Ri`k)gR|}T9LoTmept4SljhYf8O`(
zy|adFI`N9>iyyvsdhyZO?*&_Cj$S;z&vi}fkG<uVVN2e-al^QVA9(L+S~7fiW#>D$
zY}qn2<L$SuS+I2B{X;H`4J~1eM%nuDqmMpz;)(D5^iz;+iD2;QH}dQCT+r^Un?tYJ
zN{8RJ@!tH)KK!tr+kMi_MOQUF>G;y+t$c%<?|Hdlu=Cs(hWKA7{pH%li|U`VZQ6|w
z^t~apVNusMZ3>#&<}5mK(S_%<@6+On#se~YwQ5~9W+R)Y>R-QI>U-<a6?ct$_=)FB
zcG!k=-`O^;r@i+XC!c)dtQOhhy+6)MpSp6T_w_gSy1#ky?8pYshr4DTd&wm)Z+QKN
zPuCZfE_OD^TGr^e)7HGCZQJ|H#vaw*`-eXA?Y>zj{nV<BXX*ThEBF2J!x?$MKmP06
zH}!w)W2tAotACXrd}H|TN6v5EBVAz=(*Eq7ukL-m>6Bl8Z#3|Z7K_K`FTeb#f-Rdb
ze^Yv3R<(WV2OI0jd3pUFzwMiy_kJ?PecY5STc*AilzzVclt<T|a>MD}p0EDlOXZ!}
z*Zn8=0;Sui`$xC>)ZM35oAV!<^z*F8$K3Ph$HUI-JmMJJ(I0pQPIJGr^w+JYH~gsO
z_cyyGxk1*{CE=fUO?&G<r!r<eb9C{dR^Oa>MN#t=%iG`H?UymFP7U==YY-{wRk7la
z?5@>Qnoe6>WSf8H&gHk9J?x2*MFR)!nz{Y4J<aEO+g!PB-PY?)J!ZqiHZQ#RVso4A
z*lA6t9CyY?*EMLJW;?fky<IjokBcvguYKeA8-D)bqsJ!O-n+1ApQ|4_Yu&e-#*Mr1
z@wA`Dwma4~#qE7JPc7MXQ=7Bb2e0n(?D3HuSB$*t?bfYZH*Vbcm9b+gubOUu(0=i^
zORj0wX2ayo*94a??bPbdG<ReFPbd9cZ%WDF^rL!CyDh8pUEPK)jBcIx##OH_ykzo!
zw)IRquf?+4R(sQ?zkd1UGp;?UNuwu!scd)b;GgGq|Ml}$A2z!6o=LCN?|$;eqcXqu
zyC&T8>s7}Od;Egu+GXzU-mCetqvMTYH{bWhEAQPlReS5J4+}P2G;YI>+rPVT!K&Ow
z%N~C4i{)#c+WqXaL*{K+`b$RJw_0^Lt6ke^bI$qhohi1-3+CJAN6)|Df;;ZK^Reay
zSuYNL>DBYrG{1b^x?9HV`~KP=fBfb9@0X{2SJ1CG{p%BUHL!VSl=g2nGwr)f$HTX|
zeS1$R-W3YQub%t)Y4sh_fPu$Wf4B5}TQFzT3m+`K>*4eE{W!0>UcJ+2tT-woxAl~q
zPu<Jr&!2y1=U`6NH*<CuH{LYii+)>w{ch)m$yGgC=ghcn@Ty;)il@1co>elV$+WLF
zUi#<fYo6Nq^fPC-ZCtwisBZR#?q&B(?mYRs&5fT9e7wDFyXeAJu3r7-y)o;8PaePh
zxryIJ`k%b)t{G3XYxu#Q-#Q1^ez9%a3;zE$|EXQ(nu-~v%i}rUujtly-r&i*cYT`E
z>yPvkkN)tIj_<Z!)@tsYrhl$nxkvqI!=-zF+TFJCG3Acc^|oF7(L;q*8@l$Hedn1)
zfwyyS%AYp3>5P}0BksBA!Y{`y`0PIK#?yP`j;vSzzT0oVeePVw9$mMzEqd~S!Dmii
z{m6Chi#A{L{-r-Xc4>pLGk%&i{XI{Qv1ha%)}Yzk7QWnND?7ZuYvl90I(YJ%kB+a%
zpV#Kk-(MYY$=;paS}Yy>NR!q#w(WKGlabiPY56mIH{CqzdGE0cUVY`O&#HE}ShM@R
zhtr16+_mn7%&e@)>(d%Pded7cY;1Y=b*s<&t)j=eJzH-*YG#Xj9gp8x|LdbKYal=M
z_5EejGOxbOH^aTmJ8Av+JKK5+pIUKuZuG6|f6q8+>Q{@_xcfEFyZFV;zis>F^zOr@
zu~pwRS?XwIJ8JB-+jhS)Y0Vjbo-^*(Z?g(L8y=W?Q9oO8>$K5NZd@N&xbulYpMF|#
z=6_!eKeh3)i<Y(8Ho<n>y}$g>;r92M&s~4vbMHLeq-VVkJda;>T%()r&41^?qQ+w`
z{_ffjhTPoh^0EEBIoq}l-M#+&IX7!hEn0MLlXv^~OS?TUH?NIvcr^O(DX(w+?3-0h
z>c2QCW6{pv+izRa>iqfFSO1W={J-fpwe3-O-{h{}-8Cxs(e@e7l%JU~@;1it%3{wh
z4Xi$Q`5kuzwyhZT+t2HszVy$9Pd@nIDXkl~&h@phwY|pCf9IRmOnv6**+(CB^3tBR
zo{v3hpXR^)`4`SkyX@1)wb2dFKdJMHH|+SeNwc284<`k#zUUd}Gu?Kt|MjO&u9*47
z#%*ifvPs*Pzkg}ozOA=bJow<Tk=@Tsf9vaY*N&dJY3It7r}TPvR@COI%nDxc{f5QI
zpL*=+n{q$z*roBzhi47RY<{`>q`VnV1fO_CVtUMyeS3c&H*Q?Fw68vXIsMtI`<}7)
z@i9-{;Qn%bvsRUBUix9v{1GkNwY#ch`I{4l{eIu9ce2lH$jJZg(s}3QegAfg{_E1}
z*&cM1&HUrI|NP<EzVh@PJBE!~pEK&JEBgO*oM%QXr)12f+t-DEIcCfYC&jz;wmo;>
zGZpWDv-Y{i7BBv6z(<2uzu$Ptf>$mYyJcCMz1hE<eDeeMI~yIJ_e#Vw-C4S6WwYTQ
zU6Picb9%E$uBn#=);#(7EyKPnz3`1zUDeNDjqiM_<(Tz-(;h0j<x<;<y${_e?U)`8
zhc`YqZdg%K(XDH)3N1bAnySFsXVbfOtzP@AdiRXGR!lkLtfF%|{IJV+!`H8^`Rdur
ze!OedQDgV*dwKDsTdzC$gx2qr&3tlR#>;yae85=vdvm(JIJfY>|LxlM>a6Q*%dTwD
zXvISh^|_&ydq`l*;@e)jeCpH%BVQ^RGUUeDv%lQ@WvtOX=S_L}o56F=Ik&X5L&b{I
zcK>oreEvfZZM~*lUW1-<sy>+(ePD{aeq_;aU*5Ilt-f7PE1NcBQr~G>_=dD4GoJcn
z^qqI!eRpql;gd_oA7@)xTD&)0Solm^Pv+0fzni`;{OaQ8pYNQRS-f-uBZVupZ7T-d
zmgV{UwadJF7H+(EZQpvIZ=Y8+Y-p#Z_itO2+2!Te_bGRF8u!)rTeqYuIj4V9(){HQ
zdZw*oO&lXPZqRt!jHaVTjoPx{lIPYbw|(<kD<;;S+T)T%pZ6NIXjR{gxBt8Pk^3EM
zFTQH$?(JEd`ZwS3^ww3E?){{^*T7jnKX-e*)^EO)+d<p@$8Z0=zr!o-j(wzZ?yLdL
zSG>LEX|1AO>$C1_(d_c{;P2nQ@%tH<Onm$q<(n&~9rx~<uP5}n`jlN?Z;!w7wESI5
z->y!NUZt%#vvHSBpN^i``k0>4_Vp(>YSm!d^|NMOy)ImAv-NtS@xU|kyFGi=e@<yK
zWmWp}R*gQ`yYH7VV_sSR<rU4Yx#hu6b{3A!op|EXQB8Y3Hu>d6uT9=F^`lMSe)4Mh
zt+#yqQ`aBP{czs9bGi<n*XGfoFE#o)ZSti%R;{^LKE_veb;*jZt@kWnzNg2ZzukEA
zf1Y?d-gof4bAG(VwsyjE^%p;L?)Vk?Gb7d2A9dUPMg3O4-~HReS)q|XUf2DJ3wky>
z?#JT((osX^Y&r3gwjcG_H~x$DFCD#Pea_^OzrWD3vv<Z*^GCced-iO5#hhoZT6d1^
z@ln5z(w@1c>GnRar(JaHoCdaQu4}St^Zga_l_#9wt2cIS<3VX^FgSV3b*FvhTyx&F
z9j6VcuKsQH{1JEc**N&MQ|p!OedN(ccl`R@mYHp<7oX6!@vxzz_I~@u3AQWuWq+rw
zsCVOsj(V|zZ!fBpY_IuOj_PsqoA#{0+Oi>|H?%$JvX&=h7Onhl%UfrkefE;6c{@Im
ze%<%`ZlBld_4yX3#oR6P_I%ab=R2YG%J&9$`?jHd%3GU;lpVW4UK5zUZs6u={m$F@
z@$q?YH+cWro@rBWgTGeIZrYe0%eOr>$=SaBDLFC6#HMXF-_h1{)zr}1GTXg7kKcBG
zPQZ4rT{_|7CmT*Yy<7b$OyIP+7LESav-ivQHoow}J2R){`mSuyGa8Madv3GJ*BdOD
zG~m{~PhK#8`u%D3Cr-KkoGZhxq-V5$w6NdCF&~W?+sO9)592})Hty8*-uv#G|KJyr
zZT!j2woQ5Jn?HUVaQ^vcesKPi*PL|a@n^W+iI$d@&U<yj{40-c*zobui*q`6KB@aV
zu@4s)_sDJ1vvBsdLCc<g;kX9<e*fiG_p(Lr4%)c(vi0k)ZPMhuRs+5XUcF{ME4Jm4
zqfQ*=cDtFze%!Ig?)tHFxZ#lTU(cNW&2clQ%|CC_d8>chx3ve;Df{-T+EMn?Wer-s
z_So#rjaS|4wyjz8+oXBYo1cwoc<-NkcCK8uY(nv#hi$#C{;&W0FHZfopDn&QYr(qn
zJ6*qH%~OvqUw(Gl_B{)Kp4O`Ei5K4g)xfH|2G7badi|)Qo?}|*$+iY_?;4oCqMq-O
zC!R>}@<Q`_+e}?D;GMhIHyHJf?Td!re)UIv+nN^^wCK6L<BxO0_1w#vWl!Gs+xFnP
z!2_C~*W!jvr-T~3H2V&l?fu+a&wQtIX0vN9U-|pbcl~mCPRoWb7qo0x83;ICuGOoL
z`s%^PGi-9ZZTByHa!0$S%Bc_Da(0g%RZp<f{po>2FP;5X#hf*_DrXh_dc&pNzhy^B
zn!Ebb4<ak-y<N3&RM}0RZ~D*J8H@mrzwWy0K9i^PyvXC(^n7sLqCKbA^Q~I5=8`Yp
zJ=3;(M~_CfqSrT1{jN#j`bkH5hR$}4d45CulV#JVm*+S5xM=4?D`S5==9p3P#3whu
z`sdy?yDxpUrLT0}yW93On)~|e@7(HoPHOY~TgSD2HokN9>#z5U__nXnKC;=GG-<MF
z)27k0pL}uj1sBbI<&~x5+G|(c+W*`O-n`0vRfp9-J@mm8_mxj=+V$yx(uWq^bJwWW
z7iZUBx}sx`Ctm(gxm{}4eA!noZF^<(OVLKlE_!O$;zd)no@re=JvVz+N83d0czK$=
zO`FV7FE{+;trIW5_1Kf$JMX;Xj>|8<{57rp4V8~R{8jdpfmeTVew#kFj&0xk^S-Md
z%3Ahbd3v{no4?((^3L>UyHySu`f+#PvOV+ezT^8pet4m<_pb{lW;fk2{LQrc7)6hG
z=B%@OygIAt33ETcw&n4@-j9qdi&Zb5HGFpiCWdd1o&CX4^)9^d!amoXvh^0*X|@&j
zyjuUYMPGb3c19~-vu69kuXHV*{m9_H`~KLr>y4`}mEV+SEbDT^(P`Vy*~U(SKi@e1
zhnB9>*a^wx=4P8V?K`@GXT}T9p0j-U9moA=(UZzM+aKsVpx%_GJ^D|+?$i?s@-E#c
zO&ncs^UI$GPC72TWycBmQ&c8B78d3Y+w|qut%F`U=aX}`*|U1jYqR*a>P@E?&grnC
zS?f#Adu;NSW$Ujy^@guvUp|@D<K`mo492fdJ#|Fy8(S~yV{2M;T3$$*_Vt2AiyC)-
zv8ZfOlQZ&0e%t(>;Ww^bJ}bR+)tqCFuc~ibwfgyA&l!`pWag@KS3gmlX1m`vtHd_&
z>f5y&l?z6F_SKv%X;b>me6{J(pEdbU(+_(-_gu#3pZ=I}fBBZpn>TOSGU|h!H`(s!
z{>b1*cfR;}3)?BD216%3HloR@hkG@g()8udk(<)zE}p+Iqf6(tw%6WhvDh_r?cCE^
z#<m|n<%x?=>Gfw&9slFFDVKJ+aqDS!T(JA|3nDM&gf`xJg7e|$K5l*gn#l|Q%=vcN
z<<DNcalp<Q<In%5!S01`58HlQzJ1_*9Ufh{ep&a81&*zAN^d%T*T|D^Yr1l1VfL`V
zf3tlvCOtj7y6;0TOzt^gz&o=uM(o(RbID^}3p+LX?A_p#X)EsY9-pt?dBX3Do>|vo
zTkz{UF1m6@lgl3{DO5MD4|Uwprp;8Zx0l^sf6!UE+n&Dv*~s99x16y3v!-n?c{#du
zIjfDSIHQ_w%_to`d+W{ZiXWOg_lhg7sQ&H>&x~oCKIwb&fa7iK?45brIg#xv-P2z`
z<<xZ>FZuo9g*U;|Id`0*ZJgZZ#4Cml8#8(L;w^VfI%moNQb4W0+v`Ht&N%Jc&!_q>
z+4Iqx4?g(8Ydsq*>-U8;Yu3n57yj}`qcgtvc=hNdYreSCcgthrZ@4>cO4AF2!QAni
zr=_)DW&h~ZdTooc?|g5=`1Wg8?)>kdpX!aB;TSq|X0Oo`J^zorD}jfqd;cRUCTS0?
zW3*6=r6PM-<1Hc;+Ke$6&B81xT2$I>?RhIAZ3-z%l(bV(QfLv879^#zmDK;7d+&^y
zv81>9{eS<@|Lv1m?mYM0bDn#i=lPy<?)g3=aC;(j+uGjWEKN+UJXcgyUlo11KMs%g
zE)RJBcb|>YO0IXBZVahe*H*iD-MUA(i6PkohYizQ<NuYl&Vcv%<Gph%4S>9&`dsr#
zd^BX)9{rRjYG2=6I({-ZbF|!+g}u1ktO1dllX5JAgQ`eNQtG@kD52BS+oHcuVU%6S
z470R$vVL0f^5e(joT?Gt-U+5V^hXuBY0;mqC}*UP*L?lgTAg$!S?|G-6VE&WajEe9
z!`k|Dy&C+pW|`M{r>aaXk}Al;rH%=_kQ-$k9CbadSe;yFk@GSmV|~&^?GTQw^acOo
zZ<QhC?;hK){LCJCtkjjTv2S0Kwg$T~0rZR4XEyqOe4CO!THkTfp{B1SoU4+OW%a3g
zn}7fV(^*N6{5IkgUfdiLFuUkuL*zO<Zs2If2f{Gcuz{8b4c^UaXx2?lyX}$k?pv!#
zSxS{u&f3szaol5P&b;|>(}c;`yD-UCGVsHTBfWZkO<XY2^jZ3JL;aH2*lVMu-t5}7
zYs|W@zRd-PNM9v@OEi^TS+Z$c<GX~K2jyPx@HwH|q;M(DeibvG95V78r+RDui>)|K
zr9QY96Qd)C>Mm02vu>SHpzex^^qH}8VSZ}+XCL3XRl0fPxc7-6A9>!Ef46?Bw6U>K
z!PUf1k~EUY(T{9QOq9dj$|v<5*cvFeX4&5s5<ZI#R%XsL9ooyrS`qhXiVPz-(q^OW
zplXJ4&NQm7;rhoi14ioy4m30AvvGw?BnMY^BKlBEL*WZt;EwQtk~pilBklvMLOH!-
z#v8AV+dXc{_Dx!STzv*tjCeEiNWVDC3%0s$&tm&$;{h~SyLRoN%E1=%e0^tv|HqC+
z4BEw<A2P64g~CXgnL(~w%nqlP-Cn90NFrQOfPL$W-O|;*7n0P86_GhNqy~%`C7XXf
zZqB&*pSS#Fn%3kdFBO-Rv@D%j7Cdb7wd>c7K1{dSf0Yn6dZfLJOUT*NNpJ5MN#xJ8
zAL@K=|6K{n%?V*+MjLah1Fvob2CD}At7M<Q8^MryVaCSCD?-5_!N&NcVuG}i{o(V8
ziHxfJr~!ucfwN9k9Pr=uCb|0B*ntWPxAc+{6Z;Ps(072_jM<+Rr&Ol1OzxK}G;LlT
zq*;}G`7-(LfhTzp+rz@oWxO=(ceJQDO-{je-?(KfReMzwp12u5t0F&kXWs#1?&Rl(
zhlZxQBxYx4`}+D053v}RuAP&cn;RP&d*j2PXP~rFuc@0iZQ2_Vv3-nD$&_Q$akHb1
z6%K#9BU9aLzO*mN%EGznt+T#&(F}6dOzE`ry!rDV=H|vzsbQY?bl#RPvsE=<ztpO~
znrfjcS#U2>PeI@5Yz12ZcYOB#!DGip@7<fN(E9b$J%-M~Y`1N}!8WsJ%gV}rZF#Xh
zdi6(ZU&2=1Uea!IBc{e>WGEO)k8cd!V}In@&9IPLd6_G(H`XzSrnYJfGe2Iixqox`
zh-n2L^Fl3a>YoR%`})GkHa{CwB$?iKu4bQ{>RUTM7=Ij_GwO(?Mfm8Es^54IaMP=X
zhm2QIiMwz?pGb6jd246Yz39s;KU8k&C*SnGyu6@b$F5z26%}PjYq#a^nCy6GPgB#1
zv@td({2X$}%an2KY?dxnG_?#om??L0+`(S;w`Q3{#0L><>UK{YuwPf>_VXCaBMs@7
z*EAn2e`~tc_w>A4*TEY`%VnxGlnmQSl>WHHuYb0}wp}W=Hhw-do0>>Hj#SRz!Gkx;
zDiUw7DU>5m=zXR&7x!!GZ8sa3j;(FeyU0NiQ?xgKzxRDq#wx`Rq!Vcw-{r1IocVhf
zi6Rk0qiNw{9_@bPU7M%jDKTr;(Ro8Blxkno#a-!bRfjh}u-W%R<)C*_zWda#Y>^wC
zo0n%M-G9VXuQx>}iB~30o$9#vQ{*R-p_|LiqbGt)UMAetW4pJ!eX>zv)FmkuVi4}k
zh!d|~y(lFvkvw9ry?=4(*wN0Zl70K+N9r9dydSisHH7u*)xv}YiWF<}<tKG#4VLhc
z9Xb4zVy0C;!@xB;p)I~IVvBm|kXAkggJ%y94}jLen8DUI{QC3ht3Domv)De35S`#s
zLNPH^Z0lXVuHn9nx9-IufgHsc3wxL1x$1Uf^M_T%df;MI)C^14m1aoe4lXUXZ<)DE
zT1g?MQTOtB#uZ#j+=RMb3zlzj)+G{WB;AbUSUZfh+GRc}d|!Qi!NR5I%k)+}e|e4h
zT&L0iT;M~+@IdtyNjx6!X87nuXWg>De*QFM@L+%q`t%>M=itFi##5aP<F&E153;Mj
zl*~RfL-T6yew)Ka3|sTYv44)gU93~W_75-m8hyM~Cn3=%$$6ctwsodov^wdu<c>*`
z4p8?8-~8TiVio6gkyGMbVrmE{S1)0)UclW0+_W>>hpXaRTHi01xbi&4Y;%xdlT%6N
z`*)Pt_Y?+~C|7CH94d3dnuB8}1-Y7P=HLUPI7iO8jyL^V>t?~>ogu@+aOw4O>yITT
zCl?gV9n{D7?c=jSK~lJk=4S!rtE!@a`GRp(TG0%7sksyfxiN;1OG{Tbm-+d*9L4G7
zDZSyYEIxI6yYYqoN*gm(hHt9QRy#Cp`K?GjnWg6puYH(oopI?>T1HFkxX*3%W@XQ>
z51Zm4d+zC8>)o-RK1I7^>gZ}DS=u|9n$~Nq)$(|D(H!?U<7~z0%w1+?ci-%rd*kE#
zr+$}?9#zuPa@<!_l4jC&+b%YpVK8suqu58ggMxPS?&t9C;*{I2I{?B6v%KwP-e+S&
z{IX-0KUgxC#~(TW<n^e2Hx=fcGHh#bf9^PN+S$}N9L~h#G8jbZkCMw@MWwz<a8AKp
zaXYIJW-0$YIBC^2|EzDB?=PjeBzn7UI$=>?U`BD6*Vn#e+hnuq1fakjCnjw;gri7Z
zd6@9z>4Qp5g>lZuLC8&9Vqjv>x>MO|%+rgj?vM5xhr6=u`+-lnlUp}z42#+3^m>%$
z1O|f<zi^#uvYz6L0Y+2(ADtd=6>fMaD(ma@0rI59f4gbU`uurXP0h&M+!2FJS7au8
z&v%($JY|51VV^6O(t~pc9BbOMCyttzbAI-^#6#Nj$C^j(XMh37#ful$OZK(2vXZ<~
zQ+Pu4SY@Ui$+`~U;jp~iT>VuaUoz6mUf))mG<^M1yKnVd_J_!`*!%Nwafx$4*x2ws
zhnVB!8gusCx!$<R`0I~-zP4;~PBCt&GLb)id~>{SeyqveyLB3uS6AHCy}WJvc0+F5
zHTuISeV+Bxp*cBs?i6yW)}}JcjLbGm8B`6Fw=ay)NWaw9bpO#ZlcJK6i{$IuF1ImG
zyM)e|zBuY?|0{ZHK4kBou)DTl;VRyuMF*eI*S_3orNb;$X|c1lwVg9(4wK2WwA_5v
zwSYY+x>BaMd`VV7^X=UeqXXXQ)jiq3bb7bL)UPZ}Ysx2CB@fS|(Qi)ITwNtCg^QQy
zANpjx^#Nle-<;5lj0{3l_~J{Y2cnl{1~d<7Z0xUaP?3_KPQXoDHtOUi$56``k$ToO
zHD|T7h6l}MBsNyxf0K}~D<@~N!a<xSCA@b(%V!+B;M?Qo&v*XbnDjL^)+K0M&_GHZ
z=k?Lmjl~XiSLu^XdpBKfsSN4eZ+JCV-+7-MPzmsUU%vRKJc&GXh?K8fY|D(6CcHbH
zlvI9!SG#NcUqKUURTnIj8Yw@l*e<eV`@;p<+cM=wG+dz_S+INPcfA2K&q~J4j5K{*
zU0hFZRA)Xns`Rxt-l?Z|=1Ycc&?{ol^z@TTjX3{_@fDWJxp$Xn`E!F@`a6znv6QCK
z>8ooK(-$N-4H`6PrYg@wddTUU8|+kVD*y8Gs@`p9T+_RCw7T0-75d{dXBIBqFX_tB
zlHIz*F5Q?^Mh^9r3sM+=J9^+0r3oK;E5+*9PP-SIKgKHm#Oy~Vw#7GPv`&U8kK6Wm
zNMMu6SMtN^`-8mi`$;r5Huh@W^Pr-l;>;P%oeHueva=Es=PXevu`bVgsVaZ1C1<Pc
zkjg4|^Y4eR$SCbOSGG35X2HX0ua$SWraW1?uB|aJFc9cYcEnU^rG~q@<)if2<HnCa
zcJ}Ojj}*O8;m403*P`U8EzT&&%3su+yI@1k%Gzyxh$Rk2>$x9a@`eqYqfpzLIfHxe
ztcFd2m1UoouTO6c>p#@2@Z;{164+-B>2W-&3l8^_CrJgSKl7h#XlSUZS>Uey`SWK*
z+08{oMYj8`n%$m6I!C6arA;Fcu1x8Fy133@W&O2Cy^-$Djrcat`!O#X6oQ-<JWPI)
zvL!=4*P+S{_=|UCnScHD*Ujx?m)YB&b-lXb<x6)4<Eica;;aL{v3tRQJiUDFBB={p
zo6B;Z2ZM%fnsab?I{7*gml@~0GA}2QtG{?q?yd7}ZO!kai~_dCU8*KI_BOY&N^$}*
zBX}54YjJULU%63UG}@p^8+VYRY#%bmdWH<d%gE@hZt<Bnudx34_2S`WQ_QAU1-V)r
zrrfmr(t5D@oza}F-~9K!UeHG_aGZ>N$(NfZ&(3?#KQQZU&D6ffv$EP!?ioKlOR=)I
zzkk$v_i<3EAw%XlI_}xKmzw^RLZMg~E;!+AS*9FVu!^U@#L4OL=_Q!}K1eP5H1I(1
z4L!>}9~&B+OdHBqb1Zj#Q}!xYzs7>L=J}>o-`mQkqy~`WuS-(iwl$Zt==9lkc8_Ws
zw{6?j%Y;Uw0Ze3KvhK##K@)b%7*<!5?USe|@-hC_@&bev&*(M7FCMQ~s#2Z5D+mO)
zw^fH)BL^x|GT!Ii{%mX$q?r@>pebV6q3>HvW;Z)-SUUY=_-KQDd-tY!+#Qh?c~~tk
zpy{o(o!tOAx#N2-jLLb}tIXimoTmj*e$Q6D3Qm7JqpmF|Ft(t)jbt?LMygx3T)vjl
zg+&g!uM~#lQ*CMt-m5J=&yJn=Hh%MtQ>RXW0Y=tRjXdofC&y`eU|boi0^%Pl;(hJs
zK@*0DQ0ptMk_Mlg=NGoSkJG-I7u&ag|Cnb5T>GALf9>))RZ4Vo9`|ubPKjhM+30nb
zxUX`zCC^@RCP{9$-n~5`!NI5E;=CA)VLR^y$5wMM052VKw1{-i=dF%JYL@+Wb>D4o
z>l?O?BRhjp;)GEq-->Q*+c@mlrh(NppBHC^t_jsricwLg<lGoz^6ljkzw!N|ZWiKX
zl-!cHk2ZKn*IC!{d`qlDe8#7bukyS%WH!tDE$X+SHcvZPBZ9QVVQ99y_A326^FmgF
ziW<-Z{fSd%l)Gni)nX;{_YKueMpkcb$y4rJ)mxI~|9WDy+L-AD%c>1aK6tln)j3!P
z`kK}DF=;M|_wV0Vwh9LT-*{zx%+jQYajLqy&EQu61eVR6yCXujJUoXr?&Pd#dzg>U
zT=h;fZfhu<#JCtj^>q!IzMYyKTz0}PLfQR>6Z>@SB_&BeOB>b5rw$Hoj}kL$zoeAv
zZ<anVuy@d03gyL@##+^5l6~dWCQlx+uWHAR9U7OvCdb6g*hd9%8${*+(3xB&*UV80
z3@!j+{L+V<kzlOxR|Ki|J)50PgXT|5e!AE1nO@VI_|}65MzjXYK05r&O=k7C&o%K2
zj>!y&s2{v>_tjH{%lcQZ{@&Isqm&n+(KqnixpUi1zGbAQa*I#R2Lsj>nORv`Mg+o)
zX&Y83zIr@lICr$fAh%G(upILB&2>*wsw%TXj#zDP`sSu?Fxax}<UC4*`pAAUCcIPm
z9x1&Dq2u58cJ<%vhkH5n6uzo%?b_FSCl{vEoefz_cd6`+*IsirS&<^Iu{0quvGLQV
z!rDgZ!@%Jg1vII-q^hW>Y<2L~RLBV%xp48~)vxdDx86NrkZGu;GW!s_%4na}m9Rq-
z6IM($G+h1p<E!$ut%=v4YbwZA@J7cK+C&BcM5}h^y~eupZI3S72E5O@*jW4NRD7)j
zZia@`l62d%b#Hmsj8tv=@^CZEZv<M69i8r$9aQbrk5X#!Xz0dCs;W=Ub50a{58J@_
zP?>%5<jKl~(-?m_eO>pZF#7be%a=}{CK(zoR{6HnyI+I0L~2p^_U+5g(f8}iUbVg$
zp*MGVI9|=%yybGkgV1TqkGp#uYOOx9yR|tYEzKF!pfBO%bcau+Mu!*q$nCxFdwT9E
zoX>7m*OJtiTgHxA(_Cg|vF~Vw-nDDWBZgMz-@Ety<!(EVJAdyybjViv_MJOJvpsrA
zO1`M9y!7Qw{PXKuhL{eukO+*4A((D0WA+Wpx@uKEFKKjj!s*3{7ulC9pZgA6?QFEv
zSvKZE$pt^w?L$W6_4MQ?Pd<pdq3U|gOx5_&w3?}G%_=K;Lxa8j%z4LU59n(6zAL@)
z_ut_$UX9YUW`&xZoSe&FUuiU#a_n4O4(Lpncjv^HFJE-aS5Hw=dVaO<*rFP)^kL9H
zKfb)Z`*K?yYfW@Z)@<Bf*+(T7DjFIZL?TgN|3Y3}hJljmE9oT$@$p$pzCGWv`QpVl
z?=L4!R!c}qxaeQw5MTUe2i2J~VN9<p`cW_6Cykw6pfMpwo9^V~?cLJy!T$Q@{+j!_
zF1_y*e)isQ%-z#->~x<Bzss#r`VoUn)z#J0($XgERs~l|PX4%Yfbra+RA3@uVPT+y
ztp?}{3;`?ilqyLD2R(B$6=;{ge`{qtJ*U3toZ9&D7EAD#QgOI9&Ie+HLhq}DDGmXs
zVmf#0nrEf-<;-)sx=-mk7LKP1YR=qO>D_09`f#(kJML4xLsD9AoZRG6yZXdv(Df2Q
z;GZ++@ZrP3v3nvS#_F+;W@J3}NU^s$F?)Y97y)}8S~UT93osy3Qc?n5_5GFglII5~
zE{T#oFTXGl|EB&Dz)?xyu7(@D``aks+@mA9hH1*zW|%*}D)&&MWwZR2xI&Ayb!v`t
zKF*aNUmVr%bX%D2GuP1Z6DI77h|rxn)!f1YE->EOp+u!ppQf|EXM@4SinotRQR;1G
zIQ8b63ef-!e0qKNuYGEY)4ccWi*8ED^kx~&cb|X6FZKJ1^ff_q!N3g+Bsm<8sp+*F
z+lE+7-P=MdyTDt&emywJeyBy+tERx#a<yI=g)zsDWxHwu(AWP<(W&uEmglaKaaq1S
zPyTuFu5mSW>E+?!;rX|24NR`<(^`IA`EJ%m{mf0;r{*LN-8_`nTycBtqlg&q=_Of{
z{U#LMPQDZ6DQ~lj3y=y3hydqqoHxC^;w|uQ3BA)6xs0}5{JHwbcFi0`MMcRzvi0`U
z%f}TQ;LV)!s<^ky!iCMC3*I?oWH4=7<D266)~33=yu5&l^?ixT%0^K~A2Q4vpS+zH
z!J*M=<d?0sx3`BnaZd5rCiS@XOOf)2g0lR$!o~A<raiUvblsA?{L$&s(#5-PA62n&
za&oe?w4~D$A|w+s`>o0PI$t}|C}0H`*;-p$hYVL|KY1HBp>*kqppaYk-_<oV?%laF
z%E+JV?|&ha$*Fm8?81c$02s!_sa(~|EOmJnEH(G$kp*s!LoMuw?j%jlp`<)<q%5%d
zUb>?=rFp~V)JgB&t_T3|f9=|}Yu2m*H(<11=^%Oe6Km31lk3ZJUn`fYDOSk6(U~JV
zLu%eB&$|+VcRdzmu1L&w+pkGBb#T}<ooyPw#mh4?<m&ap%+%(MPgO}o)?_WM4~Msm
z8El|hr%W1bIxIUYQ>E2P()Ur5)OFx$-vVvli#B1UxfDKlpslU#f9AZOJ+b#xUEPHX
z77QOgJbbK)v69kEs{f?S+GNu=b2eOBB;n%Y=iMuCoHek>k;bbtVpXd0qd0>kt-?nE
zPpLT7Yp$znOtzbhoZRq{{nTR>DZ#OGZ7jl+c@r}zH|3o7$tZ#D1SCmD_VZ(m2Y!o+
ziCxF@k#LdgXKQ)*RT<H`?(tcQ+?MMeDYug^vR~y^S9@vgeERh1qoif!4;~N`q(Nkw
zyzsQt3G#WMVSp(>kKeg-r|Gl6gHKM4_1lmxB_ZW?B4tH<0(C*?*@q7o#24$kUcoU4
zMIT<=9AsLFD~ySWdHmQZG011<@HXv2qpRxXIJ=k&eyJr&ErC`MMvMpv$+lkKC8P$%
z)Ons@j#YOlTkc+-TtC(<@cY8&#}!_zl`4P!z1MSxoA<uiXpF$&aE4q9Coaq~MP+hv
z1ZxINc<D)H!qju<Mhh$3`2;JNW&_=6Lr`(2uAot<Mm|gio9w5G{}M9%6MUB2+QQcS
zw5jWcpLzcK2haZ_bdJAB|NevL|EEmR(bnz2|E{C+@ALoviGTmi{O@zD=UDu6`geG?
zfZkm|_)df**d2)8kt_Yn^ZqZ-`~MrBcZAsVmpY;t&pRy87}}8#%R8RW@(zC#Cwa#*
zAo1Co(Y@F{kY*j-J<4FMpd!f^Sxh`;<btHI1cZZ?#`NUC{6{clEr(!=GPc5#?NQ$0
zxqRMX65bkS&*ZT96zd$p25Kaim>Zi)UQR&xZ4nkBn1C4F#ENDBL$`r5-PKth>PT{8
zBo`MG-GGhw4w^7OJ%dbxxdUlTLI<9DXiyXm2{Iy6s9bP5)t#rY)*bGo)L?s1;GeeU
z)M+H{O5mv+EX@e;n`m;kpDRiSEed}6m11-S#pwQ?Vy1V@U;lGOO&1iUC!X7WCY?^`
zj#-~7?C%M9bhEy2ssSH1l>;ruz0-U62XYN`&+y-g_52*czi@Nmm0{L$jOQF-RznB?
zINfuN^S9@t?qgOv8S^i@4}>fUvO62k5~p|;;Y>o)5YzmB&2M$JAzn~AxN8XNg`61t
zV<_Jlh@{J@>>d&yq1pOi4hIewb7LYd1T759bBJberBN_;0Q9#X(|ycA<V5(oAsY_=
zbl~*dsUBpQP7hwj%we`AN?ArBGg(Y<HGIbk!7~sBeql?24EpY5w)@YKc8eu1Kog+~
zHvR+caFFcHofB!mRMz_K300XaqyU&WT9D(oJ&P&}_;?11U{3Quf*@B|(RjY1ku>7q
z9;~3zF(!YQ<`td{LIiLTbh0Op3YrgkAI$sBfj9#i3JK;7rL{*4HOS!se^5h9K(Gl`
zIZzIQPGBVAC$~mOJdmV#Xs+TPbO<#9jYK7(x+hZzcJl}-W)7<8eVfmutt6<-wgg}C
z7zi>)1;8<(pv1xQveSf!w7h^{W6)ND3U#6!F(x~tT^z2Ub$(PjU9CN*IE^bvnSd80
z7e{r9bU^`07s_OWMpL9r$TpAWE*By3LGuOt8KMicY$2n@k`q7+=4US8TQovp(3xC^
zL<YZ*#RDyuBSLqLn!NzsU~mV|M>(RzR?I)AEVOJPWnsA=eyA*Axem&L%yJ<5^pGmD
zbFHBlz_doDfL?@<HVZK}|5$sSxlxR;M;tLCY~O;EA#8+#lAmVV&x?v=5Ehsgjf004
z4-*9et8}9=kpU-gp#0<xf<O+MfUzkdJSQ9i5#bsKCnJZ6;CwuC2rUFXNJ7q?BRE&s
zr;DB6MZy$8f>JjYBoq=;R6Ce%&m<0vmO*PDY9YRYPGx#>y-=m_PZ7X(cNW6x4z7o?
zx_1t#RX~AwvO7d#9(3wTni~zmGnjSV6v@Ow6Tj^gei%g+BEnaU0sb!UI|6l(dLRr@
zLe;<s1~FFzfS5nEJ0c}47etTpsC3AM;>RZYv>z7cIqEdvL4_fWgxUl?8`UP3r~_37
z$`i$p;V`J;#nW`7Y3|WFb(@x^CrxWdK|RO`({*!EMkAhw#~-6>gM|zEF66sPyRZ6r
z;-XIR3sNkWdI;vo<@3IAx-dQglIfUZS19Q{JOsbBr{)$!V>}Nf-=^^g%LI{}>Lh|Q
ziwDWgKsbg}uSn-WxFu;=#`slW(1GVOJwpC7WR#7ProrF%Eg-<TDwro-DB8gL`KN9e
zEL-S)AzcTFAkb|fQ3G{3OF9iX?c&`9rgo{{8N)HJf_i^}U+EsO!yX{+?%`?bh>Ee&
zu|#uN`Qq*qgcLlD3DaT2{s&QCr$Y*KB8ANYO@*nUd{`VBh6>TNK!{SsVu`K}f^)Gd
zq8jb0k`NPe2;Mw^W9hWzSO#{qAp8$oi1bKI8oR&PmD`DwL9j(;YmoDh62)(xQ0Wl7
zl9xk;Pyoco!yMd#DIHX8*iahIq0y-b*BC(F917WoicIjZ$rL1;5CR2Y%;ATAJfc;!
zjs(Q|AbbWAKv|vJI!rhwVElu2h$ZJ@iU&+VWbFVvx{S_9)Z&K+H5hP3m<GF>4Dj{&
z=N`VB#9*ke?>@;_r@oMXdxW|+I!YqAcQ%9*8ri6!&I?Z#%m$#8!F<Q)!KJn%7VIkG
z*`lCZn=Qyp^~-JzoxcD#!FaY<x+{^{3pWsEf6<S2=}1A@z>m&UBbb8w%=diYAmaGU
zpd&T!8TJ-$0qnzA;N!zB0jloc>_kd}MmtkvW&%Sa1Z?2X2VrzF8^lgX3`hm`1&<=<
znvqE67)>x{lt^+vejz;2b~l<QkHzD_2nf$GMaAJb7v(2~)38V?zg1im^NAL$Mi56$
zLQTV{Qq8+(Nfm9R4+?CNo{Sd($yif6sS;A7F7g?P!v~Z{5~vE`0klY=SqVhTEdJn-
z%;%0oER4pT$ia7kmW3K^i!ziVHHW#}K!czqdQmwLma|zrl#(6~Q3szs8|iFrSg1f;
zo;wYARyN8y$^k=N0iZ&YAaw^u5f`GO!Y@;Wh|Kxw!%-Am>?5kGs^ZnvCwOuV2rgE1
zx{LO79g3BuKV^#h3JSyCNEB+ivwodn9W}U4<`h_5)ZUmv_6823{K(MWOn=?p5Ns&`
zo5-{+vpquaS!!7xcs~9_ZYkEmQ0@Ej;EE7|2$2E_z7T&rrzmQ)$n`~yw%yi9go*GA
zN=Z8r8HS^oaocBr1mTr~PIZXX3jr`3n9vZ5(7@-5T>+0=fq`8C;~?fzVF!dIftsr!
zsXF=L6m)<UG~g64%Fs?ts@<Z5aWA@rgU)>-!!1u5#zc(=t_LB6r2xo`s1lu*gpNZE
z&B_2rHDp0?*tn9u3PlkfG&V5W_IB`_;YG%%l+jdV+TA8|z-$9cYvIY^xuJFfd!4o#
zfk;}+Ud)`w?=9T+#vwnTFCcUii0~5;zJoU*gCdc-I-N;E{(cbB|D(ejykG=F_5>YX
zj3k})=h7R3vO5M^a8M}Fsu6x>nV>rd(8=UHV*1zuGXX`Lf~28hbGT4fNJv=DgcB?L
zU<>D-`8LVVLM>`Ep!>q!34$$f4O~84?pPOaanJ*>JlUwb!1J?&iY3RxaumCPNaD_?
z{zWN$2{V~!qEitcgBOqk!|@LX3m_1CBlr$!GhFBp;|1=SOXKUXqgOM>yjpuu=C^C+
zJTq%+%uZR|s8Y=Ts6oBc(44_!5I33bG}u(cTeSmJWK6C}V8Ka6KN^RM4bx0T9Wm^J
zWR6hXL>(W6$A-ZgkEuj_bx7cw5xsSCH(`7cUo83oxwt@)e0<ljyRr!LZLOW~Jh*Ow
z84R=*O*nkvKqmxz5J5C<`~LEDLzmX;>(kMAeSQ9j?RFT}bq$-l@2&r$<{zPEM>N3*
zi`R~2fkjbJgP@=%AV`CZ<QnmzlPT@Xn`oYcc0*Ak_<7MNaEXgUrF(Q^5q|`u_k1z{
zw7Z9JozMZU`}+KLv<|F@$RJm}5JnUXvXO<Zk;N1var^dT|49=ErK48P5V3M_7%_Av
zg3de4EdI2iqf-kVZ<y$e-OpG%8BMw%f`5UJXS0?g09knPg3Lu%k&zPULeqJug{TO3
zTU{NvydnbBg<&+zN5O!r)99(tM(9+J_PBzAS9B&!q-sdS5JBf6NqGb#0JK~@QYZ%V
zk<ckz;>;e5fK4&*fG8dTsiLY@6SFl2c{z~g@UT2i$O;yJ+7<zm9?&j&G&KlU>*4wn
z3cF^~IV?52=*3vf_DNgxE}@UJfr|rw>xoVqqd81E+%A#DT^{o{%oBBG97y3ELm+ba
zPfQgdE8YJf=AkR(zZmoQh5V72C)Bck67vwBjb?d5LI9FvRj6isOY#Hlflr#CkQ{c}
z_J;kQ`6BGe3qdSG2I)PVFZ$;Zh{yZ`F$nF(#Li}hgu{~PoRVm4g7x}y#@8AAghzji
z>0!^y{@juR9=Y9cJ>g#y6*EyX&y#^Z0{Xu?pWC&4{%5e_AF)&vEn?_U6f#!55VgoZ
zi4{9Vihl+tiZA3MeF_<r2p;ux#O69csXPXM4w8>g_)}}jf|WXCT21gxXj%;%`eD}F
ze?eytL8s$CL3y1k2+e5BrgDIepd|~hEyJfN;ba=9D}~N;M-3Hr5A69&{tf*%_0|8W
z)K^pg52U{O!TwK?eQy8s8r|>z)YQ_^(dm%?NlW+N{h$Adf5_5T0J^CYI2%tIQyqFu
zeS#L1VIXpt4R`wqANK$_L*0YSpwU<96Nn3_Y<Dt~OjILq01i>-P}wvOAh-sP=W+=F
zot!X}=}rc)We$tUBEsi`nJi>y3wn;1mKwoJ8~jZHe^WsPMe3#r>j0$iUQ@tNa0U^0
zRCO-P2df_V$w&Mg!4D(^00eZ_hOVmwWjkD_qtcLy!TOUIK}WL$T!zA;v)K9sW!Teo
zJ&-E6(SeyEkIjfzatgnaY$^$ZPMGf8$du)t2v7rMQ79Ax;VN}i9l_C`X(l2IABoi`
zAU?|gxgYFKI|*zrUPh#D{C0xF$fi&r<g*e8p}R#vo!~c6B99JAq|-RyT5xx*I^065
zk04A$1L(dz8q=M+63Fq30w)V=Qdo%V4&)%tQb%@<>LZB401i-)g+%^QaP!2^L~0^(
zbCKJKHMIQz(k=B7Yyz6k<-#2xcrWc99GN0=r1MSz;sBPXUX1`hV^O~Ip8xyozsLUn
z7f1lQ_y1bcrfO@8`~QFU|Nn>n{WtIbw?+*cPHtem5RMvnWctsO0U$-G5#}JLs}Zm*
z<?ZwUc#Ix^FVZ<pK$jKzFDDK7mowmB&Vb**8PMMAf3+uiX&XDVUmSdceO`cyg!Jyt
z<Y1LGx1C2&0b_ZzSE!-`wQkQ*=CWu$L}U0Wwr5>P0@CV0F9PNGpSzOwq;lKEg}(6j
zpNrH+<Qq0{=l-_ItWF#5fjxIcG`4h{+l_+wa<D;2L&O>^_}zyGeg`i-Z6NdjziIxw
z(~86Lu@=s9?6!#lNoBZ?oyy_D-j00eX<LxT<^N=3(C6{d*35Ra)za>!IqkB_=+q+7
z7=4H5=yxNBKIl(0M&873b0@;9D0I-Zk+)9u^rOo8@EAU@$1r@lt{D841pFJ(7`${{
zB}9zFrGoO{>p!XvWLN;FgV(OB1ApzImJm@Yo6Q31N8WxQ3baZ^Zj`u35f^0gpgQ2|
z4+N1V1DeMw*eLYV4^BXLWEf+6X8wr^k!@q(ddNGXMnX4&Bnlar8hGiZUYKCdRE`QG
zi={y6@a@OKJ-b7waF6a0D*98($4)_3ZD0?E?>%)rzmc1#)7vW`bt7VgJze@8fuu6z
z=K$D8K+qv(Q0;<3JQ_mF6C!$Q7v^uyN8h^?<8Mnx-@6pUHh>~;T?(O_4&iIh?V<f_
zI?In}Oy{rjbg2a7ISXW4L{|-mI|$ra;$|Y$WcZ{pc<E9At|t460~_IHBCYIN0DDpj
zdBZf(Q3!it1bOSSBy?pPT`5FFe%Qg`<KTa?gA1NOCmO?D6y0?2_Gi_x=iQ0M*axxZ
ziayj1IvMgXd(Z3{g{;42!KU*@paUhW!N`~Hn%pi8?9Yt{+|x313)A^lUBO=P0rXWS
zM_eO9<p2!HrD3R;OY4B3g+-ZEKQ0^iQ1rbUK_51#Hw6Mv^g}nI94Z}=MBlp;6afTX
z2`z`i2Kd^Y5S@xZ6ZqDhScmW_B*>*;T?%{vF`Cj{L5R*eDvalj6#+f~8+7lk2<%x6
zaJv^+ILx!Qv+ZgB1vUGV*2-4{(b&;!ZV$(J0@aZz6sixn_2_$73U;GGn}x4kNl@r4
z4urn&txFjelZo^*>_b;_zzBS(RJLH8$p6xfJZ!N*p8usgc`ljDL51O`t|YOo7jW={
zeCSF})TebW!DXRSb;g2^-N<6~<NTn09MoN~c!=@xKX)nZ#p9w&$^1_}?ZN-U-kY|!
zZC#7P_p9+d`41>lSENl*A~iUXEa%9woaofHd@Q+XukGqWBq*UK0R{jqtEu~c-hcV7
zX-@z+Xmrvewy{WHk87{J_S$QNjd7D0taf4T$=hf1VzA!1Q!r1LnG>Vz^7CMnE<XcL
zisjG>NteYRlgdxTE2l)BaG5-rT*{h%Hhcb=J^yU>{O7=KyX*v<oeLAwYx7R4Myqt7
zQ1Q)+Y3L{Az738kpc=qQeJf5}l{_9t1Eiw(XKI<FQIMZXLHa(aG+SB&pG$uyl^O*p
zZV>u2wT$#@zE3JWj#ba<+uS0&tJ~h(ncm!j>CL0xf$7a};xj}4tFJv*>0?Ix_tnn&
zaxwmUr@eZo|GkaRZ(0A#5fCmL{~c>L{oTcvK{Qa&;9sKgCAu{?z4-#e+e7$`D|zp<
zymwmO>(KIEqi~KR!()RYhtrYa$r##Kp&^Q);Y(54If^%i+Q1MY;o=bXw2phimeocy
z?Qg%{L$Z)XS<bN@&k_^weFM0Lkb+2Xv=8$5qXt#T3yMk(|0NvdGx38i#`YYXbMJO=
z3=>&17?5#1`cF`7aE^Bi9rScy+$^-B&dU^mwIK(^AojwT8giyA5lCa$LW6Vi6-JXl
zbWGu}R{=*ZN4yUya5S_=K^W3x0Qb;7hWDeOpUO!n5I>Kk7dEU&f1@V|!b0QFjznzc
zP-6%5-bZ@sA1Y^)*J+X`-DGgNi16Qa+E%E0_{Dtqw!j{r!umyss^}<#t~-HuiC#KR
zFCD%Yu&4J)@+njf1bf&~43zMtL~?nK8jQT<>2pH|d-Ut5{ttDOQVQ4}<ay9NMF?gM
zatpvJo_Gs6k+eB@LosE52W?y~8veSTpr=Cp^FEXKw$@qeA7iN1CQLl(F>2AE#ILCc
z-wOo0_Y1-9y~<$s^ed;`FEiDe1g(uyvFfAD6L%QERhUU1b|P;H4!p^w&csO!VTdT6
zVLUiK38K{ZC<Y&S?oJJ|UqOd17G&QZ(##<HL}aZX`*I56<C+~k?+K@u;FCO4Aq;eS
z0*os{ryZZ^G9BEtdf3j5ws7=2Z9`?<lHmf#&&X3{w)|h|!u6;4I2&#9zi=@d^cLHT
zWLCZ9KaQTLC*&0Ncqw|)oKUG#s??cXX{A(YWm=_Ht2LpaxYST=8lpO1JaMe5;2;XZ
z0f6;$Y=g0f77F7?`WUV=#`v3`Lcb2nr9%Ci5EP0eH2ByV3_Np6NceU176VK>3sY*d
zZ#qI6&i&HJEnli}tZvOygI1K#3vHrDaL%CzA<zS2-`s##c1(T_z3<V+6SR~7QbR;2
z3pwp17aZ<WMXsc?8h`+YwK#@mA;s`i2bmRL6yBZ&pQ0pHQG%>px1oC&4~R*B!fv1Y
zFSqwz(L!$cy@aR)P&D$eJ4wSZ7k9=K_Uopp_Im%#p{gW(6OTz%b<`bJ1i)HZH4k>*
z{AKq|p)R*SN9{vcko~vCu0_g7RguToTiW+AO94@~%&Pu>_h0Q+)b;-fTn{3`c%b<_
zWM;01&nvoCQrs`!BjEuCVuqi;>d3s#Mnrd3+JMSJqG}7L-BDgFg)x)#gGI4#sjAF}
z5LYKND_`m2s!G43Xz#@leJGbx4&?Kcm9?LzRm3nV$G(h{$_X0J({~<@?8&29mCpuM
z)fFUUEmK7yL|B%K!fJk*=?8lN>z!Hg@F+-s3S@5-Ayq-Aj}~x~Xh@2vfh0h)RS`Qv
z2EaWqyBT1-4!&G*97O-^n-?l?!gJXCfCy*|C_Ahe2E<dDDk$1sAWqlJQUW^xWa%fB
z%_9p#i3uc(iLwcxGf<laC{J5KEaXX&l=FUg0s5Pq1EBy?-5(EtH92Q5Zn|k$HwPuQ
z$c$^}q?pkNBETM)6z4gRV?*vNL9Yj7SI0QUk+MPtIT<=AB%Iir?kKn1eht$=rwiVR
zU^p@l3b1AtOzvCK6^9U4kt?E@&pCZ6P*`YePS=<4&T7WWdtN~T4;?)-j(g9G#D4r&
zNx!7cDj5W7<CEL(0WLalVnKQ`CXSs3!m6KOAncQSl3=e^umD8@gxtQ(B#fFS4V3I)
z40Daq1&Mjk!&06VxHO<$oBv|}$Gun7!0Q*=_|2&aw_Uh!z_x-*orpUu7J>;(ozgqt
zG{$ij^uvaAE^rYU>H(MMBNmS!_}cQH*?A?1O+^Fen$?I%!LW(fNU5eY&{?zUF}aeO
z&zN@6Suyb(cG|)Se3F|A5EFM24vbpZ^sOlpRii$x328L3G)tyNjEiigaKRx8L6F-r
zPo!0xh|gr0ps6feWwS~b3^y#mq*$i39c$z?qv0R{G$xcM;q@N)A~kuVIOp31{N`w!
z`lq30XQyE-Ov!LKjs@#7WxE6$Tk;tZAIDroAqx}*+Q4*t0L~1kUm+l+^3-p){CySb
zu(}AIG88%h<8#mekDmy;$T*K88?^2;a+oO`E{kw!H8g|CR66Q@JZJK!ZcPF4ye_>X
z0TaO)_f(Ukbzmd_{a#TtO2t9p>i;yzHvs}cocxzu7Fz&UjBz1>>nq7MCBuU+sV3Ei
zI0^RfR+c!b8gLZ5UYPi1Y4|khJop%zctRAV31veVzaQ=pmEe0Co#0t)r{M}%YS0TY
z)lJ_YMj7mXG`wMICXm$eOhOO%f?OhJ>7$CTFM7C`?uzk%0y`Wg9ND4CKX<zF6JsPb
zSzHFE15h8hFi3=5F8Q=8MOD+V_X<gAU<7{PRhBO1!oX;y-2i726*Gl#<b4ko7U*6w
zqVx(hVFWKhHT*oXQ(U=V-ACNfhht`42rZ;AD1h7&4?yfKte71*47CM(f7d;=IhYyW
zk1Xk?3CCL54#z?c21$Hk7F4elo=zy6BbE)80(w0(?<oyUpaSry=&{aOkCLEM9bcA2
z*>*6-n>gyNU2<3rT@))?XyQ#8IjsV6r*uV)>HG`gbGcbnEcN9?q7}kQj{+f`F*<AX
zSKv$qy)(W{Vqn#k)_Q9N51-QZ^Jx2JHL6@&Lq@1OPEov0BJ-ZQQ`VY3;_<)=D2^#b
z!qhX{I}6QT`$>}s5ijW-0UIa_&a(;EbJ_13N{GtBG#P9?%o--NZbZ#$46kPm&s`;p
z<q*2D;n&ZIcwwp9PPYa{1L&i+6QsuglpWXsni`{|CZve!9AQvx5R_w}9`6jmM0a>e
zHi8X|0su+F8NBBl3?#|MP;LovW+a8@eQXUJ$rwrha}`86E@9vh?h=B0y$Iurb1o7T
zwOI33bj_VOJk>LQIzXia&)=i@Tf=vTZV{=%Sk6fHZ3^SeRN@t+FrVOnU_OZj`4d|b
zk%V8`I)|*r6U}7xv1j7ubcuIQ`C2zhg_qP~OQgwIou%%8j~oseAHyj<(1IpZ1qjY&
zyu)#mcrXo^@Q{*-@$=I4063p48HRZ8;lN!J7P)k9v(tQePRys`h1rU;&HRVHC>kXM
zOoC9&Lz_RBz!&z&USF<k2)QAtHwIRpKttjrR{MM?Hx)ZByYEq8aq3!4Jsbd5oFE?H
zQ++ZWGDMrzg1m^X`q3arZ6-(Iv2Y78j!`liV<7=xcR=G*7l1uloAF4_aU#vVo^DR4
zj5_S~$wu@a8)xF;+2?Y?(<osu<pK<mG1#>Gri?`s2O#vQGyqSH0OL;xdtWgKQYL5+
zL+_dCe!It#5!JQ>K9Z-93>sP2ctElO8m~v*R1Pz)dtvM?qymt%pfq#Q;?TM>Cp0)W
z{0|~E1zF{D=`7&0@-!HY!uSuR`vdRzJ-F44LKfe^^Avd^Ny?mM<Iou>;3^6oNVQG6
z+-p-ldY8>eU3qTLh@g%_Ek1cr9VFNKximyrdxx*y8SBOAMsHo)nK>v+;)tKZ>b3F(
z1<(B2aX7$Gg2fkDg;<6x>Xu%&@GV}q7$>CZnj%-Fqq}LksaXsuwj$>$Q7&RP!-zJZ
zqC`k_B=DLVif#f9ME@9%w_-!ZLr3J!HN2;38<gTzt>$?mdBzYtwaIt7T2sBRf}LBU
z0(#un7Y|wR6V;uiaU+8(SUDK)bL!vk1^z)a_!Rgv#^n3mE>v5nJ(Y3!&s+X0w0W)h
z(}ugim9z2jKTx&<9lt!6pnS?r3JQF|QgmH_0`~5u{BSKiVkA>=)87-S2@8q@LK#=I
zmzS4ug<z+*2m~n*A!ttL3&F|DV&Na`QPu?iG|?DM3;3y$jIU0xY>)=e3MZ-d!42p<
zl&sjOJ=9PrDG(0lf(Zu;lF;k99VsCd9otMDVkeCyt!NXI24)f7c8A*Zp$;1=0(?m$
zyab2gs4+X?VS!Omf)XppsS-nrEkrT>4Cgr~=s6K#jrNda8THsiI8E_FlOgk!<>|N!
z;0zn{sl#di$wO7Os0!Dcw4^#QTlR7Egnvv^Ov%ovP)j+wE%m^ICweUw8K1PC+G?D$
zU%CY=hx-opMKHv<&Y?zXf8bKO-wM@PXLgw?W&AtTc9Di@b{F9&8YGyey?V%BB+u)-
zI{ONwea^}a))E<mu)#oaJCs-lg*9~54RaMvR92rl_mqtb<<f+87M;VP#Y{P`lw6Ya
zAY|1c`V|~b1u?iTS&8_mqoI?v)0GU2Id+vDOYKwygr_$d(SkljLnXBlH4qS4u}ujy
zC`W@ay;Q<%+TaQmO^{c7s#aT4ffY!NmO48sm2?vMyk3YgHi!T#a|CEw&lQ-2V#nvc
z=n#dDH6_;)yiiGueuDE8Z=)j9)CA5`fdGm9#<T`L3E+@R4uiDi|9r|B)OyMI7>-2E
z6q6jq$^(nWVL?V$9wTgYY)p+Hcz$-3Rx8RezgvXo$z1HKXmcVmztLszw|>d-SFE@6
zKv>_dO4sZgr3*0^fpuBI8`fDu2q`wA%)$_c;sppABKa1D4Qz@Ch@x7nB7y(<)sH?f
zuZX!Siw?k$^W(O>O5UT2eFLV!e-jQv3Q$bAW82(3h)&`p4SNp|A2jdNVpDs?|I`kc
zbp)jH_Xn`^qLdlHNh~EZahK&BZSK#=_8jP1=8i>vkY{b3Ftxot%h&nd?klytF+jAN
zYx<O?&TqANEap>F;`l7be|u2|OL#7~4Czf#UqwG!6B~Q2s<;w<yr%|YQcG4$WF^Jv
z7ke^;mcR*}!ZccKpiz`sS(dli7&gupgRC1xEme~a1j&l!4~pT#b^MI1D$O%D!Y8xD
z=G5S~Gi|+lr>Ffwr9%!JZcmBigTYyFPJNjG<q8RXmh{uMR(6*Nvj?yC4<G2nA5MNc
zZCF8a4%G^6Q%$ZPJlo$rcu<}55_2(yXwPXggt{G92uQ<F>-*tDgT8&yD`ai!4ZS|f
z`c?<bXYpI$kI2xP_Pl8z7F^{caaM8+RZp{}u;Z2DgvB5kGzTc`2v~57S+?eR%k+;f
zY<yIRjUUirqT(=UAS-BrLIHYx&Vk@22_-3}v}7%j9!Vm0ql0rns*ZzHC1Qp}YBFaE
z+*-r(3k0(zfZnEf>Cgjm?T{O#TN5|0<R<3^3<cQ4JrK^<iseSctpE&yaUP)o4%Mx!
zrq*sztr=CWJ>5RoU0<z9g)dEaUvY#VJAzSNH|@N`(buD-1!sC(w`S1vYw2;V(P$Q`
z71MI7kCTd9^4wdM?L^!S{ZxH(c7eq@*GQB+By=IEWrhLy$0HVxn;hCj`i>WLB6qRz
zhKTaYJG(ixW}i@Up`RsSv2XhHrCGe)-v!41eR$`tweP%he=DC^{=X)E%;o!-?*H3)
z)Lw5F{eRawD|i0CxAFNc`~R}lD5{o~N6sa@faPx~;`4OBU*dIH_pCd=^Z&i`|NY<K
z|9gGW>csz-8hlc{rL;$|r;M{Q31H{C1UuG2L=;@#;G}PMz3pmL>FQV2!^NEaWFm4C
zRx&SsSdx0#9(@R5j6-%s&zlKKC~TQzlmv#y#}x966j0iDpEk<7CM6Vs4L@IIv%_L)
zx`6G@x?{2R&;mJ~5)R8?JU7uyCnQYrjycsFI)pIHa6M#fuJBjenm5U9nfxd`j`F5t
zNXCCEYx(;kPad2%J#ykfkviXQ$iVX42;_O@u7#}<n3j#FNnRS0@`t|~qiMFucT=CO
zbSl(hrPO~mP)vGzlBkfQ3K{vZSuGh9ry<M<;UxCMp18<KCc`{MDY>LFbP~!c`}`Y0
zH)-6#IC)l$bhzg5jK1Kr8^=Du6u~|jTi8=BNkcSQAni?(DU<6Qt(-{@<Dj97VPfVy
z0m~S*m5CSmgowKY?nkdqxWu4vkzT+;4;#)pQl!qCSw(8vSwj^Mbe?rl&YNr+HxVh(
zZ-ou6i2Wj`ZMfZ!qCwd6NZQCVl%w34JBJFrmJ_KscW&C5JU=4*B}qs0&oG?}O?N7>
z5Y<qqsELbOC=Tg~u%fV@LQ_2B+d;VnO@Ie#WIWOWJ``|&R<`#ZK;KV;D62{gZ0R@I
zI{LYumvIPl`z1<r%n3p9W>0;3_F$o0%9c3RI9g~6SEx%t4PfdL#x?9QAmHdMn@vyG
z>9PI*E^NsV2G2W2564(}&rIkT^+KQ^0ox1V&<4su08N&)$2A=Xg_sy*D##Hpl*hcf
zGE89|`bk1kE9P_=4s|tP5!_j{8qFz5^i40Am~>48h@J9P5!;%sQfvCForY<Wy*UG)
zT>G3Qrht=~ztCMkNe%haSp8vn-J@&?Gh)BHLDk_~825B<y~K`sfTDZMzutqvYn;GZ
zB8<i+yBjDmtk+IMKy<c9{eiSKG6kWeadt)yv|L53z3Nh?C5j!pJ#teyJ`e4-^q4&w
zvtr4Z#>lE%g~&`GG19U_V-yY$kpZaAM_-Z{vze7QtL#L*3o}*=1mv*fxIaXhp)X{b
z(+%?OY3S6Y*0h_c_Ju_<St3?+ZmAMNOUZLff;%flNk=pw0%4hLL+_&I@;$t@5gKMQ
z6WBgSm`$QxNOv;Ji??dzem!ABS!g}fjHW!3%mH`?lkqn}!~#*7#0cFo##^wV;0gd&
zRpdV0;TcCgZWy<UX}jquYFCk@db$(bRKoW(JPT4$L`9;C)#DQNTSk<}hpif(po5o+
zFCZ2lc)Db|+oo~}VWM7eYUP!svw_BF&P3E0SOzY}u3h<C&BQw074rF+pp388gx%91
zj<TU&xp2PCS8%xS8{sRsX=l&#Biiynz&_<oQlJo9EYTh2<A#3@$l8MJluX8B?uTw5
z2!IocE0T{ZaJ9IX-r!)&W&(CLO#{m>(rP)!AWX!IoI)dA3i1<t3Zel?l<);!)o4`@
zq?Uc{#_6hC7j}UNc}4^X8FG&-%ll%TzW-<JFd7cS9vZKpb$Lo|cGTXm#lgc4Rq)+h
zr>6IY!RKf=9{Rx$?wagHgLWnqm6_DQSp%Cs1275{1z=b}VCHXol{w;L*ccSb1p|-_
zqdZq!h&>L9#G*Ji9FgO$ixy~P83oK`gcIY0_tq+?%YX$hb<6PJ2qm+9HpR*m#VQQ6
z<-bbeMG;3xU>GEL@)eiXi=hOdPnZBqK(oI_T^vr-MOQ0XEn1#TAKDqJV$r}~%v2__
zZ4)f9tT+QULh-d8o#X{;nsbyTG~hrGy$V0zLrrlkoqDafL^Z^-KnGPpq==Yy1!%UB
zYfs!F{Y{h$f;c|vo4YIrVl)6G=|+SmO+sr)7DMx)9Ymdr+h<ovjnJ@_5wT~`aDrRm
z@smC61Bj1sfE&;z+Q!4l4c91G$e*JaH=$2dH4}{D{0PLpCw?FOXgruU;sPNi0+xg}
z4E92}0`x!=A|9w=2bqT}LaRphGRBe3@*Q`)aLrmu^p8p2lgCd~Ah@Vvx_Hdvc!i3y
zMUs-NsIIju6**%WLu9!`1=I@1_#?>@u_n%FPsUIw&cm=Q8R9y0KB@Er>WC7DT|V#(
z5d&)cws6E%#KLDMeJixMYE^<js9kS$D%yOeE;u!cJun%6{zgd7z%?Lc8!cwittFP2
z7G9)p_ZA{GwSzRet`!IbowBGbxzZUs@sNd<-6Iwru(>^4E}Js`3*OzY$4=CvSxb}}
z;B>-ZsKCjxsM+W8OG<TwYpd*Q$@0j=zv4ZHS-yCiYJ<^4IC-K*>Uge<XhKt5B(tKh
zR};rkb_<}`7RW&1ZdRB;rXj&-#K9=>Y$Ndo*SF1~dSsXl@0x^7%Bo-5p<oleB(@!P
zYlL-+_-YYfxuXe;|9j6JT27HSSjjiFD=Sh+?PC~@7ST56GQAAK;FCo4!zN4@Iy45E
zNI<(P7mwjiDse#v718lUvG2*Zj0wjqp`1QBZOdPUG%c6?{TN*}(Ceg)2`#%D6CTjU
z>>;}gLw=l%kDs(3FX12apu-RFM(^u~ulV77%<(grbLKF{R(u~zF2|?Bke%CSUN@gP
zOIX!526=+66))$^Po1|M+ryoeVuwTFyQIAf3dZb)dk+iU`jfhy8a1UPa|awngE~Aa
zKP6GmS79{~4!!Ykcn;hpU>mYQGqh+YD%1~gITVXloD~u7InXwun^xQw3@(Ts$07=2
z;!bhRlvz3ASEs4&lo)omj<&K*zxMa~{T}|WQE&awKv9sRilh8ZH?#?`X?GXk6WRup
zBWoUfex8QmKSSk3nVbM#!hJUEj@k5eoU-Sy_>DL>o@rRkV&Fr{)K!Vua#JFrL?G%D
z^>DB+PvIM#nu@=c;|iHjQK!XWz>#}_gE|R|1c>eVZUp$$v<rQDRALWEEfvNm`RRNV
z=K47Wi6eIlyn;CUTr0Pry?0G8EQ@bM7279qkeS6QD5jjLnmWg^S({BbK40YJDh&X7
zk3K`&28)l+aiy#PU2Gk|=C4S0R8(HkV!)`3LYVY%)Dv~&@DF6Vy~x7sDS*%{v@!K2
zmfOQPD@p**1`SG+ePtfP4m@!=HiGf-0*pj{4f#qZZDdI(=<H;9R-fOQmag77N+Se9
zu4BN$9HCW78l6P3+AQ8Ujxb~x?3ce`_z-rHfWtFK$rlw7af%iKkjUIRHc@trhaEbC
z06OFG$yHj@ltsBY*7QU@R<4j|goj}W@_Mm|59<JolV8)c8>Tlx{45-KS5~D?UaX=j
zRq0U+44=&d+AQCtIKD$xexN8wYeQ8~N{r=(!XPGj<~@qjNc}-t$}!%Yy`sKDscqOj
zQ8G{#CD5)q1H&Z&Rq<H+GAl-1Sq@vtHBMyTl+UR0%0Blr`zVI|7zi?BZ<1UKs}$BE
z`)am7i9tL#IPy@Oe{8AyL>e-KA0>F%3vW$FzmqxnQQw<bPolzBiaM>ZAdyo3xLO>N
zUf_9BYG1H#MwpJS3baAyg=KWBB$dwMdo$FxCTvI3|8BX+q)Ot>n}}K<O}o|~Iz8xx
z>_1K|txnOKzdKG-JX4LWsdVffBzF!RzY_<J)jJ1{|B%lN{|_adzEU64{XbSaD{HGo
z|BvNP=g$A*Ha@>~|Bu6+*Gqd>$pR;Tp&iTjLwkcvcLH(xzH|S$bN~2X;Qnz9$=+S}
z4~#kvJ4w5G7$1|?mHL_}`O~q^ovUbfG+SQaPq5)dmG}@iC2g|b^0(awco{?E43=vp
z=}`IR2L)SyeOC}wt}#=a;%877#hcbvt1MlV*q*9zZhNWFkXWeLy<-8--FsI5x_f2I
zPl4xEetT(;@6U8&W|gs0L_3)Xf&xfHT4iQP0x#}>lbz>|A4O||oNCY9<|Vj18j8f>
zS-C$YilKn$jtHPx8C2e?(wr~CJYuid3S7q)DPpgf6rg_xV$B8&njg&}>|(<(qJjV)
z<=tRJiz>_mH|+`3TugVdrI6Dpuw8B@si-gsKw$TZegQfs02&d+QI0p{UbEDnvw}Xi
zRAHrq<q&6@zP*!-^r5`ap1rolDp4-03q|{&1(7Of+rkvk7=WQseP)6JZGKd^2(vh9
zn&M5FwWwWVd0>AlR)tm$2g?wHE_j?O48bO3$5*fgsKuT##Y>H~nPn8C1n^j$Ne$AP
zlBo&GyS!=}nQ~#W45_q)@r@;n5VJWfU?v*Cc(wryi`yw0J=?hOFa_B#+69IRc4ZIO
z;FLGRE03ww#ze2Yxx}4MBZ=thkUo*CO?RY|{V!Tnls2{eDe}l|yD=qejD28;m17eb
zPwG@Gl4t0(?rw;gfVh&V|CDM*nPrjL<-6rpYkl?4=ry<3FHHj-TWEhiP-!8Egq_3e
zhqPv-qeNWgY3amHnK#z9AXtCz)%LSzZ;rNK{Y_>hax02c>cR=STz2|#0$+RG(<D)r
z(4*6ENNI$~X{l^*RdI%yLkxRR7_EpGrbj8AT@qi;DR`|pQXDC673I-<hCFoG4e~xR
zcEA)6&T-Py3GXbM0mo1;bA1-c{_IA!BC{a&UKF1Yot}<~MAaK}BwKH$>xx;!Cmf_=
z9S=_>|5$8%hDm!TXOlS$S;45INiv4(?Z?!av)Eeo&Vo$bY*EVzS3uud8y%6KthiK`
zAG8;S^-uYY$t&p9S;#F+g(|@^b~{?T;pYUO8$Rok1s{{x3zYAV(!x%|M+vEJ*?r<v
z#V!#K6oQww4#pfb#0#)ZIqC{L4$}!NLWV)Rn@Dp28u7X8=?v3bV7y9M0H2Ix;o!r_
zO*&mJ@{J5&in$dHBV+)CD!?MJR=?%{7^KIr#}>P=0ofgb7lT*_&yAZeV34yG6Xc|P
zp;Jj9+;izV9C&BA@7lXzlK1XhhtoEvGRy45U=>G|_PoWjqiOC;VpPW$7tdi00VX^4
z?@V9%RbDi6&7ka)PR0n%_pA$uiu{RiLipVjvl_xA3V<C5E-GvNo>YDm;<h&B)$gid
z%w~6>amT}I(gkX!Zt>R6^0q$9XCH)?8_`A2HWeMWlDqb+E{qkuw6As~+81V5pLex`
zQE{n-gRwHTSstWxHzT&+Nb))@;9opPojn`b6oV1;`<zvvU_n$A3^d8JK=v#do)C}E
zR}js8SgLsKaM9xIBNzmg0}wXZ>>MM+=j=TO|EO!hg)Trv&k;dSui#H38Ho=qJ7KY4
z*Uk)9LOkm#>jAlj*HLy_uyVKd`lU(rWD^)oRxI|!dVB#(m?-8vcN7-#I2q^46c*_*
znI$FG{ar^pRb+Uk<D<G$>vgbcj3jajF(_#9M(z<c7ox(^l|xQ@%1BmDnv55QOHz~R
z+y^ip7-pF=Tyst+JkK}=c$DcoXzYsivLZgHv*HHuK_5%j(QQ4hWM`}28>Y7Oes0Su
zH{6ATVd4wLrfG&roo<v?SU(r1xHAi@$Pr8-j*)Njh3wJ@Qe4YC0Frpwg`B>Y*mQ9r
z@!7;xEWC7=u<&xOR1@7U8V(aFw-!%{3q^w_2H<@$g30p%S&#PpV^{%F{#<BPU3+7;
z)KtC~&C0hZh-~W15DM3{U8`*fX-xcFMw*4{H*>8N*}Z+Q<VVCvtAIoEu+RsR4bllS
z6|pZSu{p-V(+Yo7V50HF)6gg@AzHr509<6IU3vXv|F))o1vVLY54Jg0oCyD#RQ8&9
zWOY%f5YiNrmKcd>DO^<MERRA_66?r8=~>I7;t`N)=$COgM&r7G{a4xlG5r*wMK)(+
z<03v;kYc(u@^F>wI=Aix>V{={5h=JUamOqGct@TrrT^^+q;PX8oW6m*scw4~5mf<1
zaE$Lp2vcBO-!(CUd_Vg9VLrptH(}6ojlCUKsYzrt?a8L4-K;acqG%f3U_I%a<kNte
zulZ*tfYaJ+5=!hX?Mss4rVer6i~6G8MY<<(90L4#9Oh>sI)z|hd(|wZFF6@RClT?#
zv#yP=)##jSqfV!#eF!R2d$P<nV4>}XPfovLiqB}K<u2MZ-bP_$wOLR?vMD?Ky&b?D
z<|A_sdz*I0gF?rFPjwO7(HKMf1ZZg#-36!&^bC_8V%k)7+w@;NHz5!F`u4%j-X3S9
zX)iaLI+e-boKhZiDL)KW^mg7%s<+bM>j#v;wX{1h=`^FbI~a4Ach6Yx!fza?n-Nl_
zRg|T+JSLb%iIalz2Df)Q9VtQ2H%{pi)xfIhdnI=Y1v;;o&aZ?;w5#k06FQN(Fm@bx
zA5%#K%wwBfJPuEyI2J|&QO|YHbUa3;X(WqT$t#!<-LinNN{3v<JeF;er;<Gu*m|;?
z#GONHAsOcxd3};u@({`!1jW1}O4NEga&xc)|LZVogAjp=QXZ>IudMi_E~&?yvV)$H
zQLj?LioY2%@=8kF^0o(A(zN2nJM*281wQ9<HjgOZWrnDm^u6K)CPxOS3V`7HES^~b
z6(|=F`oxEWbD_0+EObX74J}GkX;3x2tfL+M9*1O%DRX)jl2`yc3Iog!My)g`Vg%+x
zjZA72Kv&6;{o0vmrhRpetu3u`5aX%kondqoTW_wa%BCNn*{&MErzjclo<YR|#x_%-
z<8<VaO!=>fkft)WMXcm!(8rjvgjyg3I3)$|z3|2qrX<0&&TES4Mef76>EWP`@SlIo
zc~BpaZ#PaEtDE3;=+`}6x>522*7c1imZ4vqv4bpS6n)bk8B{%T6|?^k4LO>ysT8V%
z=%XSEP%KC}42ih4X5(Y7LM(w5R3^~O0*k{$k{I|NR4I?~YIG7~*L+qi03jlt3ncc7
z7_;6*xHt;X0lNkq<HlhSVWv=(6{V^CJ|Yd+HVLDT>AJ^T4gMdJRFd<J5tT^tVBl3<
z5uyEgZv9pEK+|o2%v<FwR1FG$3Mjk+DA2WxEf-XhTy)P0PB2`tK4=NPCgCBrBMggs
zvdEcII!HVvge}|?aC;ZjQAGmmaT$Grh!9S2s={){*C&W)P7vFSXVM`uMIN_5&PU^N
z9GT-W@xDFIUdI`7cwlgq@ghmeOeu|k8O}K=n#E+`2!;~G(f8_FVo8%~wPZd##3XI#
zgu22l(3yq)f^jJBQ&wa*WyNFR9i2ZISrGt{6-lYwfv-SMCz4Wi*>>ouJS3tjT?0iW
z*Dy^~3&N%OD$St8sH_!#V<phFRpa}XFEW`MO0q@RZzeldl6nZk#V$sIBFUqp%C@{U
zsR{CKIX7&lgunAW>;&Ue(l6`?j=b4-qJ1N*5M@q5;4Qu20yH(PCm;zY%}Eh;)+H%_
z9C9$Dd_%5L)^!HMl>`H&ro>y#0SZD0zaj-uWdy`wcd;i<SeCIkG)yA^MAzjH0aI13
zM;wkV_g5FA0|q5t_{~e?+|D_E6x|-OQ4%YjJ=6KDM55p-P|)rMm=p{PdYmR7L(Wb$
zN)tSHLM83DgkN$QqHD>fZ-WJQnA}eQCOZilM-TXr3gm1IKB@pM<Ct=I5eI=vc@f7X
zb}TEBB(s%)eX|r|%W>VTM3}7U@{W@PL-PW-k#^I_1VI*zaGK(*aS4U^;*boe1uakD
z#kC|;Bt&lO0Fpt^1YY)><##NYSiMEYafA&FZiRwkSi!O-zL6{XDMllLH7p?{7{Vm@
z>RvH$Jmk>lk_>VCo;&D>d9i*lP$nY<xKq0KUTOHA8nhWPXR-?by;9!}muydwX+CTg
zjLDb5vPa#I1LCeF#W9NC(775f+(GYClrce|a6CD0FmmUWsJ1MRgWh8ApJAG~80m&-
z2c)dprxb0Etjr~PE1V|d0U50EJpf%C0LB#BgOwa1i)aTC7chq4Mp9aB32svRA%{rA
z!%gpKY{G2Qo<rUpEyhVN90cdnW>KOxUN6cx3LehrRd6y07w`Z+Nq|nD4yzP+UP*Q^
zMPbmkb;(*}iI$)hf=3gmZ<dbVI-n5U6B4WsL&JRmegQHAHER`)?3>aFWfeLh^-P5i
z6*UR-$S^qP%ytg?`Kvic{ruIY%Sf@Q8&oh=1T&?<TIaK^86>q*cs5b-#OcQ2!kAyM
z0l8P9sm)0trVf-2PVC4N6YpPhBE4oRrbMSKpsHfNZva)5dd5Xoc}fVx=O%E97;@#q
zWK5m2j)SJN>r6M$B;kgM4?-6d36P-ZmEujGo+}}1(?jZu;&{tek}VHa6it)^0Br{(
zXp-1c6Kv~7kj*q%^XIi$qXeIG=<Pf<$1ew=ZQ6o(6ZlzO{4!>Nyb2wh79*?3LvYt4
zLrJy0Rahz#zBAK9+$6$J8SmlEl}9D%tc}c3xErPLFcNAV?TT&##B)f*6J{OQjtL5?
zPB2K8KORw2#JakcO5Li21Vz<gA*is5BaDO814G_I8y#7UzizAPaCV1uP39PIXNf^W
z#A4d(z+l2S<#I2g!;_HM5X8|wDMiNd6g|wbI>_<<Okn04w6@3cU9~f?8ql~}MY=y&
zi^xl8tj&1wLS8=-N3(Q9;SpYIh>b&2T4b9o4X7ZP5?G;mF1!+Dmyr(Gst!-7IuJmc
zkC$MU4*R0-NH|#%6BQ=w&UMOUNn3=Ib?3^vCm^wb&%~r0x(e9`kNLC~jnSW~Cqdk*
zWMm9J6tGEHU7G?CeWB5LZh+}mDr~iCOh}wgHAGTp7O_obn1X?X_bs->O%2gVL2@mV
zCM?P%9FOtH_69+Eq9`Tre2)80>P;=LMs6IZgLg|Z8+QBajYCgVM7$ACO=_8(Y`2Kk
zswiX98S(Kw!`k`#2W(GLc#bPe7c-axrsefn!%;}h!d`&dW;UayR3>X}^G)x_R(!xg
z`@~Vn?3ZH|o(GD2;!W)h61>{dHKRcG96-$EZj(VpfN~+&5vIV#RYK(f3$AIbN<`@?
z?FpGG08nv50G%N#lN^o=vaBZsGhd3NT>=I?rZ~@@ByNLdU~b3gk?>J2_z}f*ChSG^
z3M(^`<4;jCF7Vo?<D7yD-T<#HO*^cJJky~9=Vo^gpk~JL4^cv*Vk`{?i@h<BxzEKo
zZxfFijOXXW-W_D(-+>AtkuzK36uI1?T>li+bJ#H=AzGZ^E}-&+C>!QTplIlLq!2RH
zHhjFd(e+UIcStZ?atxK2c1l(ydXg&5Gm&G{gXUx=_uw>YRkit>s@juAHTg1W>jlf^
z-*=&hen+8)9^Hi=y3Wsx_&?*`jmQ64X}8zc%kh8i@;~3o=fd%SZa4hT+h^Ah`v)4i
zaO@we<KKATpS!p}cX5BN7Waoy5lH>@2L6EtpTIV%3jA}Gz6zXt4aq?b`>UD8Yfr4u
zKk&QSp~WFV6Y_VW;?U?lkt!&8;9KkYR6F__iTCoPrX_rNQYGW7DIs5NmS?Iii8ofK
zG(M=VVOizZ<}uT+89V*jY(xE;WvO4AVyf?ySMF=NLfKokP{W-;RyhMl7FuI}fLfK)
zEC;W>;E2ejQ`zq+A7}Rx;^G)%Qf*ooqiPKErUWyp6ctShX5>w^yuXHE3zK)G0N+>+
zRK-=WravRNLUF@#c!j{(mWQXM=nCGn=n7i0?0T`GWLHI2@JwU{-;JzL5m=!ZSHV-a
zR!dN)!YYvX)(NUm8B@ViF%{g93Vt!9LJ3?b4XRmQjd*FdBPy7H3S-ku=219>Tt!nr
zNt_C%U}7n_p%m;$3TR*M1*JF&{v2@>ys2>%{3&r1ys9_~*X*A=8O={@%HbmWOfTI6
zPQM9(eGXB$QSGUVjd_+^rKCNpJfbGkBHMej;7Vz`;aU#6vyp2)m)UXo)VyxL*{SPf
zPLR?%Rd~l1NYhLg+45pu#YuMZ`c-I(tG#5s$zHOwvNN4zy(#WpGjM{gP!gd<5fUb!
zY)_+r;Tg^21rK{MN1cz;vc%q!nOyD-UO!5++++!5LPZc^)t)uzLc}L^c%WXjx7ZER
zo|;tSy4~9*W3}cQU5s{|+_LDO1vPpBwI`RJiQ_u`3fhHHh9a#<u@B}wcJDBc{3tVY
ztI5WistNL1QF=6s@Zl*ydKYAitjPbl?H#4ZLCPg<%mXOrQPi{2jEv}A_Ler_Cp-dZ
z6g0S=>j$b*&SFVLH1!~~p9j(Po&p5U1pXVc)pZaTx?-~u!(WJdh-#Hxk&ummy)9)i
znoyJ>5^^uT>17~xbFnv9FDhKW?u~HV6f+%KJZir%12h%m6uIIqDnQbJA!sRXy3V@}
zQGz=sX9(sKm~-<mk7|hC6oE28`>y?chX>QRAmg2v2`F~qc$eWI9pWhWnR&elN+B*L
zhnuXR6@;=kMJxE;IDrP>%Zt;2pOf@sru|qX8~2=7TNO{XDM>Yu?xqfl;+0qwH20u{
zO>SC~x&+xF+$WuUHbAKqq7$AqVZR@BQPbBbnDbrPnQ4k#0vaz;XUC-pF>OvTvollR
zkQYT(DPT$=e9I(O!XbIew~59v*|OcxRhGDBa)qwm*?79*sGzC!)j#_{&Bqxsn}gsS
zhxsW?QBc|Peu6E6YHvgO$wI(Vev{ahtBnG>V^9YYvd8PE!3mNDBs5G#Fi~+2Cl@6t
zI(pcC(SRRIl&E|V1;^1K%Fm~fj+q`&j(5Cwg^*UW!ZjB7?U<$7>awV{ty&3BFlD<3
z9W#TDSX3oPY{^1aP<SciBMZ2kFqPD<XgNXqjNtBZIDt$jDK!CZOTO)Dr`DrZ*aD`{
z(;+$K=oSn8Dn5x>w(E=nP}qjZ8y3kPKX*1GTyaO!<KE4=Ee%*EU$d@db9(=|n-iwI
zH*#!h%Q2<U)@T%wOC5|^S>zCl;`ody=?Tu??l=vD3<Wk`A?}@YXkUtz$-eIKj(q%f
z$j1!|d9uku9_tm6k%b2f)9zZu;&TPsEXqDD%Vl%!yMoXtQ!!d*C^K}f0Q;SidIC~m
zkQ&O^6_oMH9oBQQ=`09%;BGh0PZG)trs#;L0`8GlRtXC@MjRrZp*)&7C)-Mvwqm(V
z2k+C@AH{L+AGFXftTf?_0$QS6xFmK!R;^@-T~sPe=Vq0`vE>gsr--7uo9SAfIgXF{
z!hd>J_|I8XP~Z2QkmG=GcC2nKTCcqCYs^*hFL4m$l(D^H<>L@<@+BlzSq#u)nrJC`
zStCI;)XhZp*2!IwYMsPMS`i_s^5V$E^%D2K5@DVcowOKEsT`fuCE*8=Na?G>E1H~?
zXqW4;2!cKGO2)4H2Mj534XdILnMb-MSO5SXZZ91ilMIJVphjgZs$88dUsFCt5c!Pj
z^mv4$Sy{gCoW;15WoN4!6AC+$#tKrcCBBy>)f}?FAp0VE>&S#}WFJ@WQYWH5ucI4K
z->V9!Z@K2`q>mMm^+~`rBcT4|5c<C*X3Cq7nL4yI9ByV=k}`{H07@S<4<2Q5?nxLD
z7diOg<8(V{&|wKWJqw7gI_y|unT26hX%T1}PJ%y0ok>V3L2a>U+#0vXaVxfUu%Cin
zgS>T`ei*Sb)Ey$r@nrabs+cf0>P9)gtCI3dPS==p2cfb^FA|5V22Yqu9Fz@2iRGI&
zghH95Tq2G_>AqPJNx|m+tVjyplt>Exe32BqsgV>a11X5TZxt=OKo|vYVi<*)Q4|WE
zP(<>26eD1q>p%+gcs6?lhi%Qw>d*<w4*wjFSP}Jd_#Pj7LpN5~dw8FX!c1J2^q7v*
zB<KOr$}cn~%v>L4IYlW@(Hzw6O1Ee+&yxE^Sw-;>3ik3-^^23-uP@92P4Uex($)FA
zv%O01?CW-Ub%}yDbt+MXl1J(cS}?Kv1ulRE=cuCRs_nX3G)<d+lex@&#P<qLu?3%4
z<r1qrV$A`aSz#(X*E^L}#1gzCMSY_L<*4#V)vg}mlIjJnM{3cD^E9*^&$NeMg(s>v
z!xPn?&lA;~#}l<2rnao6oW~nA$aL1PxqMM8xg!BV(W6y-5Uusbn?}jG*f=11mvKOx
zBD$J&Z+AiiQ>nZ+)jA-vC0~Bs5v&4O|AA>R%sq;)PZ}c#qt(UG%5~NdCtu_PZJAqM
z<&}rn6DJ<SLNInX2c?|u>E})L^z-NP^z){B`uWp5{k-`+{jR|a>-L?nexIh`SM<bM
z-&k(nd1C$kKePP5(!ovpe|45u9+mUIudLqrf8ECCx19g|?VA_K-$$b{6UmEvfI$nE
z=hurU{y4Y)7xex6@c+7V0K0PlyN<-~K<cmA|0^9lfo-JyzeXy|32>(HPND}94>>~h
z?kG(@MHutOx{Xm754fzLItL5nC>|xQ{&*Y##|!P_brNolAqF-IGOI2*=nO~b;(+0V
zG5$tK6+Dt29HT6QeZ2<Em`Y=I+6J!*|GQahlp;r*!}^51@zTG0$S^IX{Vx93S^0jw
zm461p^5*%Dhre7k9RTAn0rnS}Wqlja0MYPh`sp~<Vl3d^1$D#E0UAO+@i3=N5-8OI
z(n`P(*x{1k7uR#kM>$cHhIQ>6mkw$TY%~pdFy3}dl_?rXpV)U%o|=fmc>MvQp$9{^
zqhH1xiyfs=e;VYQ(DI*7@=bqZW6OVs53(*wmhsufhj&X$_$U~|y&;7w1wMs`_-qv9
zr~Gr1f1<pKAN+t1ei?_Ul>ZigD~l3(M67A4Wiy6x7N%%xk5B*W13p3J2>yDvLA?R_
za2v8~P&?|ORSA{>Pae0Tng><-l>iXxfi8V1Jdju-2s~hpEqF?bd4;c6-;AXc^V0Ma
z51BhmFfR`zR}pSCwI$|DNsT*^bP4t@Q%O;1o8fQvK(II4>~MZhgDjjPBi3yvsTVMr
zAd;Z+`}rIaQ0AiB@rvy@gPInduM|Y2JSH0kGsE*x+)q|npP<o|$~cHri*wzh0IeTH
zDLOn+tgO#04G&VCTb^Tr_JA=$bDa3fB+EA>>yV7hiQf3fAq8O(SvQHWFdHc58%X;8
znG?zshu4}yx@2U*((zJvskb@$;TO+)=y@j_n7kf7TfPt9y%XQpznv;4UTf)O(yNoD
zNwt<dRm*vI;w_b1JMn%vpU}<^=iZ5WS?U8`ew$6GNHhI5^G;NWQf++s!#TgMXc}H`
zexA_y=4bCjy)0Gbm)vs2OKQ0_3EBYciEmn!Z{YdTq~|9U&rk3Lw`ITJr%TmOPl}7E
z4>cs9%pP0|H&Y~_)U>9a^ovL*)1M<e$>+--b*u@erk4?Fbb>U`=1I<^yE7Eh3QSER
zRU#!Znu8kmnB#Lxq)&rpi70)w%!*zlXBZfdG=-)eOxR$=%T10mrP3au`3BN4SQoen
zNL_mn6jD#v72ztTXAPW#;vyJxhumreIKo5u+M}MDrd=$cM}!J;&}XQ)$b$aG&QUtG
zY>q<gJroori&j7x4bjp;mABaoCFLhfddemU*16J@WJ(lFwP)v^>a&A0g+=G~=&XT(
z1|vFY^28&Nu42bA;v))*n|_wCf>h2_wDQ4)qBUUjq{!Ajtv){W^qgj7<>RQl3{wl+
z1pq4RgF%T&5b*>eViqHd!xs@sO(j9Tea!n)nIJ^N%q!&U8iaicot})lr&IFo(G5r=
zwaKzqf!Dsrm^}j>++e@FPS@(suh726ZPzr?^KU|Uk-*HCC7uGAn`;X-gEN;#Q2!;@
zFP-Rn7ahzgxeDfjiBUs_sx2rm3ezrC(s|a3Sz0ivDpfrN{-XzkYe=b>M!1s7nGBE!
zNw3On?o~%uETZI&%z9!<AQ@=|HsI!%K;f_zHATt%Gy4`u*FC-fded%x9<~c_aS3Jp
zYD?e#unDg)7zDqp-S718cUJDN^zW}6*W81ZPKld2SgC1^UG$5P3m!C;0(&kDqoYwD
ztjMayj4ZM^V(yIMBJ046^2|D_W-k6)>)=(WtPCyF%(!53<|!FHCjw$$%ghrLY>J<;
z3M-Q3Dix1hX(-PFkga{R!r>pj)Kv-2>4uf^>5Dnc0WS+$M;s<~>_!qMb*6%@XIT(X
zOb6=hqE{k2JH}w3fn#7>B}jNI<XLzcz`|eoYEAhP`CoqiIFf`|kC&n+%~By2JIpSp
zB?hyL(g`+4DYCSgS&jr6vx_M?$Lx|yWHGxWS%%J@2+CCF>UAEVu&kt5k_vwD)XC}y
zK(2wxIf#S=g{g^sC6=~ZfR;<$lV~swmMEVWino6VwmRRE3n|k@7ccP%Mt&ANqeg2@
zerjV?t<a4sBj{8sbz9^23PEZx3RTC#h8hn{UdWPCU!!q%F^!VeamsJMOa?@s;E*Os
zzClaW`!8mONR=}hA1{51(s2f(4>w7b5zPaL{scHwcT)m~)2(?cyQ(JRkmnZC+wB*@
zQtnRhmMWP}G?v!vcD_`ceK&KbFipD$pt)1vm-+4yX&8K*e2;KQu^fd!rSbHeeUq5h
zFJDR}u5h)$jzH%el9P@Wc5i?y1zuter_FKl4Hxc9l2jJmV;|?_+C$72Us*hKRv@Du
z>&TpW$#M=)i7{lNyUW$XIpXB3HdnvgJsr`jCG#}1%i>YAsOhtbkHf}~<Eu0Blh}CG
zwqfMelMA!*Z+KRco|aI{H~hTsYnI+uOua9+SB)H3XR?8%pTJ~K;ZpKbT~Q6hS%ABE
z(7%Ux(CZt^Yj;*iSNTk_{|WQ%(zWz~Rz8o`)+X5h(5GPkv$nFj`hWbjYw3N)=YP5V
z&y4jyUSCDV^lE)fxBpshudJ*U)*njW*?-;2XYo2e$TGi(@_azX94Zb5@BqMl<&NVi
zDt6absk}Br%2>~cfg>|~vrSis4f`Cx$8UBH{Jm!z{vY>x8@}LY^ON6heTS#O>eBN1
zQhVKBUft+?x6x_)r04W^Kac!Bde=KyHnSMyal2z*MCk$CmiYBBqN|a9i@)_tj(Z8O
zsZNW3wh#byxW#2Ta7?-=nx5%`@WU>ajB`~^fbB(nbaob1@yWaP2Y+kJUs&uda2PP*
z&1hY=Xpk-DhU&FrS{fK*ILJaO$Sw18Rhk8qR%ui4EDc7g7=Eue3f=J}VEmX{2blXP
zu5&X@stY~GJ+C}rE-B5BP5MWeHN78=hocr8{dESRdik|C*YDsngZ{(SzWZ?z?H;qs
zp93@K|N3gt{<pK-0e0bz{@=pqdP!mh{YQl$VNph*f>6i87R5y8o8na7P1sRVGTuQu
zaS|^o&oRmk_9+VZ))r-OXYZ053P}Q6S35>-=2(~}o#YZ~9(FPHOcz4YVnsV7acp?1
zc<XTQ<?jC5Lnzr^_HcF>jF)|KCA358e~i&r>ohsTgE)#mB_HvHho{6AofS#y|M~?F
z4z`{;3G=uP&l~<@zimzpG$YFEwYTWXx$!;*qOZt?UmzC#yT$l}|LbG41N|Z=MEE(%
z>rCKrm<x;Xf<Fv{7!5c%pyW7?Sw-Vw0A`nxLro5|+G1QY!-B@(Z3$^GWVg7=qBkDK
zxJW|__!ziCxyDmFJa?AX;Ov`zn@4^McsU@+p@w=Kp2^dCO(U><aPpuS!|h@5K>D~w
z69+P*zYHf8=TU$NMc`zFiStwR#zKK9W5P+8E05%SoJp9VH!rMU4rU0R7L%NC2H<g4
zAJ9o^PInP=*}~)j+13AQ$$??-)xK~o0Dy@4)O#f{H;acKYvB6pL%*%x%gi^BT<3K)
zP~k1qhliLp{ch7g1ug&@!>(F_0>3(i@gt6GFr=S$x1ZITr2@Q<X@;eDT}l{%eel>?
zd3WR#`r`ZoNTi&e4PgMhDgnR;77i75VSV9!zR={Z{Dt@Nf;%-tstIK`eE6OxEXJyL
z8&cgzw6L3~0`Z~+Vkj@W6e<!<Sz@!GM+_&5OSzDU?GX*M{LsARmB1=Z@oL?|(I=xY
zrczD6mew?eP_TFh9faphdZ<9a*Bdy5dhJ0_GjO5jk}p6%lz5<6)zg5JhjBDe!zs@Z
z#b)*K3|t=rqWc9*_rKVcu;ZpUcEI_DY_jxOV5YI%3vCf@nH!Y$3ka@;FRijV-{6{q
z4NRO!mqcU|ZF75Y$YA`D@u-KGO{0X<A`SZk3gDDGEyyHfC@q{B8&jn8%El{uR2&Dq
zcU~TnLKGZ#sWz@-C8T%_Dj=nrvyhkS8Z0H;P{l+H%z@eKwQ<bbx~G<V;eNJIYq|q4
zn@ph{*-u;j7my4HD;<z^E`r4y>a0Lgokl&5!Zai;f~RI<#&?p9kEM3){^R?9xW9OR
zv9*Z*-hTqat2uWuX1TWTV3$rPXfCWJy_w$p!n>bNKfHUBet5SVet7r1|KWc2U<>}M
z)!+TS_TfRJwqSCi)=}nbkdKeiC<ewOr}F_hJ=jFr)|}x)l{C$1%$V(j;Vi&#7GOBI
zIM+X%`NvUjEjFIq$QT5-c*$IRBA$yeN`*u$keOy-HxQX~$`<#e@OV_Ap*mN1F8tpP
z_KO@u%|>Du=_cYjnwK2$@r8_DGzy}WIgPC0_Yw`VDlWv(ZEnP5R8Z{@&nm50;BjD0
zL}R0-t2cy+;tbXLbbR73tCkG^5srj|{n~f8>-fxd{~rQ7oSt7=05IeJzr0$^|JYfE
zuXp$V+xWQLPo_k5lz!)gv+>mJy&d4b?xNv^JU;sIUG~AcqRwvOxYz`fl+16n{MyF*
z+^^xc`tf4Wphq9g4F@^E!c`g{8Ih|gpnqzKt5un9&(4!<SbiqAZ0A{@9)0aqyS~qi
z{og}R?yD+*rtklDdwH$s|G)m|(Ov%6TlrkC?5k4$qf8R~XL~z`KABlbY#<5?dSxAu
z!ckHJbvk(4SzBtim*DI2cN;4!8=dcOPz!X;%^@@pRzgmDBIC?%L`W$YxT7DHl8Mb~
zY<VL+(c(z9?6uz0152Mpi&&CZ>H@Q+qLt!KqPYwR{R~$fEj_OnE&%=?2gz|TxNd;|
zw10r&*%~1$S|fU|_ut@?&U)uNuPDF0&YlUQRK!Q@-rs(`cO&S8u{m({fAx=!$flJp
zo@j-txeSv3plv2c(6!kDT6wkL>3KaLwIo&^RY0i%0+B1?F9cxI7tl2t#annQ3v(I~
zqG<hBYCa!*Y4R`|g?kh|Y{|GcPSP;U>rRu_$g*(I2b|m>=D6PJEH|dN#^n-6jLK3R
z5z1~&ZXIel!=QRb&VlpH6OPGUSFFs(XjJbswLAj`QRj}}?)vxpJ^Y_vzu$ukd}GGQ
z;Q|Jv8US%m-|WKb(W?Am4P6#0vf$w!U#h6?zhMisYIvu*ch9*HLutAY!VU4>z4^Mq
zf!`Cba9e;c-9Xx^y^m|tC&%Fq>KNaR@5y*HF|gG$l)kI4fN`}yVEXfWRg0Ajhj2lx
z*PiV@-+Q$S7fVwSd06IYse>{WbSa7-%oiGyWpA%7+kg}i&ON;IMo1-8CAys6yXVww
zH!6S&YfpvLiVFO2Hl}U|d$o`a>rDmW5cLKY1OerOd~QJcT%LtJ0qto(j#&_XxqZ0v
zQvtvLUjQ$+qJCMxcEHoofE_Zm`f?%c#`au<UT7`YLJJq4OnX(^5}N>2t=~U**zoHu
z+L1+3DU9-+YV!ljXWU0bWNjI%v-VC|wKVq#1?S#n)3F44n2IEDmLn~_S6a#cdAoNA
zdsOXVyNgbH21&Jq{#JErUS5fg@j8z=I7)wtPEK#*EER_=^0FWl)+z^LeE0}ZP7a2t
z_@eZH8g3-uulJ3rg=FR|FSpbpB~?k^NZJZ5iXy~0yInkT)Fm<#wH2)c-WKBXto&LO
zvyZTnxf9*gC6Saa)GAsMm6EDWx+zRBK%AvTZ->36&l>M3yHYpz_oaHPf!p$rwes+x
zEgpFd377gc#7R6B6n~;4L&Hpl3s`QUS22FeQj1PVY=h!x1A!WZXczq$_w5s$(%UyL
zq=CF8-8A8=&TO%zCrO25vX&5=l-jkwZ`9xYedEK!hApt}H=re<T763dZbKSh&o#Um
zJwGV-Y#kN~Yt0}~ouy&yYI`o;lR9_G-6%R*ZcR1z$5LxCwB&MPc8iKbsoYCBoX2(e
zFL${DY>`-HeAQxpnZ6pP845XUD!_+I2u>)}tWc^lV}|vG1EPB7*rK222v?m68Mhx5
zRj+Ccu|r*;mv{X5gHh^Plm^FBQ1X>#Qe1NT0LPIqBT_XHVM#7ODeIIgj-1rVn&`-Q
zYZD1)hKudcO&k@>z@exLUkqkYTPLAKWF_>1F@rED1kht#JRkAOHVA-nk#`m*bCJ)U
zndx242Cmv)TUK@Vx&F^g`LEa>T}1{wBmV2^a%a65|8;$>b0`13jnDP+t|+nfPcaQ-
zuWYCJTQt)wN<gnF;M8V-b{X3?P)RW@OHWTMagxLzj=QHE%l`xucpaaUizx=o$8bFX
z(E3m4QXOHEAqvu-j8hpDT=35b#1y0cV?-{!mSA!HCIpK=hrZ6r?XOVKTQV^;YoBef
zhc#ZpmBpfZqT!+*u-ZK&``<%lw@OLeDPIu<nIlhLoPCr@PMaG+3{m%sfB*-iZe+?Z
zld{>V3FtH4ve877RX$mV99D(?ppe5Lgni<xF5h9f5A{Yh4-x*t7La(|Wk%Ft8}NZ;
zU~7P`$DQGdar%v{ko$u2Edt`j3psmn>@Dq^sj2a`Or!1%+?ZG9U0ayj9T|xw4W49O
zJP&&D<%TZnFT<07$WhCGmf)n|3d0&Hj)wy5Bl*u>f6r$WW(9gY#{ep@bJHZt6wDJH
z$reLqogvdjR-G6IhFr?K$>$N4buGCuyHby)A(VxPf&_gfJA2Bp>avK+cU=N#pn3;s
z1_H&bY>}(PRkiSmILub7<=#<<^A<dAu_>$)Gq8LNlNA}kn3(2L;3E=en#%Za7}mQ9
z+X%JBF=i4bJD$cDr@EGxJ7(I_s5aHsqBAM(+#Hb7B5N#_-nBmvgS<d3E);DNZARbJ
zfd9KU88Ve}nl$n_^NlPr)uhF+shbFYKF&szTe0$PYXOT8s&2zcx;3!U_UG0Nswxx)
z$ba?a<=Xee0UZ^Xn~4+oz?Ed&#Z(|If4|-akO5`q_-og_AqzAVXmqCU%?d9uy=`bL
zB?aHY+&r47TcV72zgjvkgKQ*&MQMuKMpTxfEV<_0g0V7=cbp8aY#~d;)fVqgYL5r(
zG`3|sc0j#?eYqt-hVM-afpC+}GY6GwkfGrAUYsnKs+?bG*h)NE?ki75MPg8zm~@Cm
z|GmY-uI|_F8%kr(G|I|?(9Jt~OK?p_r9wsH`vQFV-1~A<Vrp~r)*Ez`k0>x+D)EIC
zlWMtsT<;JHJFc6MBdF=Fi7bNHq&h~Z$T<{5)3(Jvmc&3jn2sy2bQ1DY%t7D>X91i4
zLxUSunzdzZZLRk&!G+kJ5rwqC%(>y2P6$PL#7Gdu@Jli|ZO^om51+~ydM%B5p_SIM
zWzmu<?YQ1jG?1qMF+49A48Ma%AMBF)99AFY5#<-XPn0O9JEBJFrL(n!k9IBHxjGxZ
znAswe4@?BH=Vt-u?*^WV@)e%NB`>TWEGYalOp$Zw2bPbN_|XKs2r7LkftV9}Q<^Zk
z*9@YMA$cm8%NUopx)A^4UzPt2vtyj@+0G0|d>F?OqUkKFG-pi;|B3mIQ%ZG=QexGT
zcBjL6XEP>FmGmaSaoMOyq^RkeYl3V8CQ-l?h=Y)T4B07{>#$*2wT5j+qD{8}4((dr
zG>G2Js-jR@vb|M}KJJmax5=4doBklkEPBi7Vz>M{e}Vl1=eq4;WOISGR}6ltxJLfK
z(6#vk#+{+OftGxM60n7I<He;`D47*$u=wMRbR3|fLn$_baTu``ghCIKeKseIMd$0o
zynCk!T}&nC?>H--cSQ!yblSpU!a@*9WM)uhmz;DyTEb^lbmCc~@D^@9(oum(SWD5=
z3&>Q{UF?VL;&L09iuWcE!m#P{F{9jyFkd@RM2-~9-4q)*#)xG^vN<}$ASoQEk;=gS
z?;>;*G%Dv&b>>>zLDbwA+!0VQ(YI*n9mAtVgxEo^$v&Te4BGKjr;tRaOl-s5RZ86s
z2$6?r+*Hjq3fo3`aFiFF-xJ}ux$Pvw{2lBl9_g*@DczOxQb@ZXqrwi}R<l>z0QUN~
zRm+FdB58{2Uja{x4bTCj4@I>|fEZ^epv;RaQZMh(29BDWnF97oaLweNt(`1}f>%1*
zY-2;)IuSn=$Cj+-v|5^KO~=0(+p$G^kQpH#<wP7^x1tpp3rTb^L37y4T9@Cg#B>EE
zoLAUD>{xJ|q$M=?+D9FNh6HdJJMtK~-6p$%@z^woa2H7)>;Blqwu>&bOq{DxVtc*p
zR&rEM`|KWDZFe#y-Liwt3d=ENa434_s;chrE4E7jvmRY-w{R1dnw*cD_65%x2e}ba
z8oA4;XRV#e0sY&;?%OzaMEW|2C~mloprsX&0Z(9@CXJ=ys_yhQRcch`u!fwnJ<Vf2
zgD4>A=Suopu)DCyMji}D?_iQeX;7K8pk!`CL_xR+(~8otW;CnUbe@Jy;fYO~OSv=Q
z3NLb3#)u$tP1mnqXtY00Z%;Oa)On`60Gj=gzLemp?B$y#<2dg$B|w@W?`QNw!lvt$
zw}5^{3oX)BXQACv&I;3yNzK{FD{{FLmIBnvA{a}ZpqpqIp}dC7#|WJRD!?#dgbD}U
zY1;Vgwtp6U49BC&9<-)A7c;d|e`@<{*keZe9H~56N;Ro<yj_e(YU#L~vnms(Xl)e1
ziwa#5JlCSW1Qp9?5!!?iVMkjkg<2_#9Z8O(^1tYnD0WALS_@*zt3oHnRe*L0NL0_=
zI!_9I^C$<(LzJ>Yy%UaKO_l{hr!y<KK;l|mi|@NYm6<9y_q(Uc27zuX6vqhe6BH;L
zty)bUdkYlmux}ck))?i6=sV2j=net4^vL+mqWN0+N3okznw91!4Cj!s8gCeKT6&qW
zqybeZp{0h%hEPaxW{8lNL`;#ps01KDiFG6-TOtssj-6lznwH7da%abj>K+ExR5Xm7
zsgNE!q)cBkMx^S`9+AVMm&P+n1`)7P=YEi3Cgjl|=(6z#2HP@*1Q?8=H&6%#Ff$B+
zaHz;Yb0l?}$CMaW$=M`QNg{aE91vC2v*bzg`0<4^O}y%MM=gr6%{*Cm^egi;Uuv}U
z*x{ly`9yh?m5&JC-DN0EDpXk9N=B&=&7-v8RIsZmDpFRz>w?9Da{_@ZQhjaWq02j3
zQif1LM`|(Hw(3)rrN8#RjX4gyT^2tSo*ot9T%Zt&ixsg-aqGTQ;P~}Rp^iNQ{pO3U
z*_8E}I2c{xrib&zWr!`Fl2mx*W3R-d+Zw+)c}j=JPi)@uYg;AWeQxVB!~Qo+1~(u7
zyS?5n#(!Av+{J&rmCyBF?JDCx1U+K9QTLei+3Ro^q#rS4+|`3W2!fgb;I|n1VU7sj
zv!a6&9N;|$Y@89Z+b*0!aiZ@!%wkS&DCTyI0qh3RKf^lLm>zAMqiRnHK;D$*FA$0R
zE++Ty<}-u-1HXM1q`j-10W;|T>T)Un1H8SX|F`l{iS^I`rXPHQKWK<Nh>p`BJ-<+-
z>Z$RH8yAd9eUT{CH9Lw}4ZmXWX$y1x#}QsPHxks{Y$W*oiQj6qq+){k=AyjbHfHn2
zKQr-3f=vdiB)~@31F<~H`TCuZeNe&TjpS<mgiM-KH#nlG&?^)s0&X(7DCv%&F|9l9
zEU$iNX(yvkD!_uPd@5-asE8?9)U;NsIbj0E7NiuOfI3f7v0fzwSn1-7LobT=@q;Z_
zK1ap%<m<A?MJPdOK91vX&=kLdfGqdOq${NWkx|qCG$Ax3O0a?v+8--i;bhe+`<S(6
zM@{@cAyLy$SOb_ymQ34m{1e7<V7Kax!e8YSosnEwn$oVL%6mJj8R;4u#gT&#%}21#
zzK-+rE!C<OhFaYL<qela<FkY^x7Fch3)>HaU)ETlSy}!VCslh;let%x!9;jrTwm!l
z^w1S4Q1+%WPBH95D}+o`kO*;HF-xjNjm!-8Jwe-OYsU;+WTZ+#R*=_l8Ls16ik2)g
zG}gIecCk--mnk?+%oW4D07O8qFq1Sor2R#+#jwz@nLECkiV+oa$2!wyUM#9q;r33b
zsKN?>Y%Cgffl?-5((_|GJwsuu+7Xyen)=*u#Sc+trP9Ra%Eh$reqk6vKM#2p3UQ@p
zAeJcfMoNR|t)*O3Cq+wz3rk}um7sBA8Kr<NX<jQOik9yeo2c=C@^Ca#0sn<Q7WUA8
zXn@<h&(zNh{vX({8<+n)dbH9h$$wTJ-SPjo@wr}!$n^N1B-mjt8uRsDUHBu|$$>vt
zzl!u{rbqbn3_fyes4UXAO3V(NIZ@Ii?D8<+qn85Ipdc;_;T-Q}oB{fDJPcx^Fvaqg
zPjl1_Ne7piK!BvGsd@MCg!iBL>ylvN-aU$D=r5ta`MrBoYzW25<=lc?@)S#|qOhQ<
zs4m-CrJq!|S0grQI2__L3I@pk(m&A1fE_CfF;Cni5BJwv%l-QqaJX61A7HpM%Z{#G
zwquno-bYFRK0eRGdBK~ZxbD~m?^6cvF~Fj|Y@mVRvyTB5_)LNL&rb!$#lpqXT>Rxz
z1?W=wQU$K@<I}0oo&c~%2(S)9?3kddprw*9mlK3{$7zb39$NB*k{VkR5KrAthe3o%
zqK+sn{QXQ>ruUlu{cI^ymJK5`<h$R&1->sP)Kpe#*QB{{5R5RVJvQdgY%Wvfi|ks>
z%JC75Pr~|1l4J0*0bb^DdG+F^oHPjD1DL4*ZzCu}vS0f0WJ`%V?o~tAf<n`v5H#9o
z`sO$G)o9|9wU?J4z}qE!+%#Ldj=vYN+7gwOEikE94Xk3H*hQgN(+N#d1rt<Az!zL~
z9iS}KnDU(xRLKe)b&uH(EDJvIC8!r=AF=YsD3&}aBg_`f=Ix4qS;&0YZezR&27>`v
zZG@lcc(H6-5W})MFAT1q)^Mj*oF&)zKw>r}#*d@uB;P$9t2`CL<ST5UpdJ||wKs7O
zOrr#$ihkKF!77dhLfA>A8F`-M7}JF4jzVIm438cEeW(_85UOFr`(lGA)CprU6QT*w
z1vrDRuyRgW7#2_Ai4Uw}wSg&X2*Nbo;2c)9_b7aruvsd6cy;yuV4R)SOV=TD8?r68
zWF{nLQubyS8&N|AldbAYDdZ7?B`H-81xZ87YDo7k+}MQQ#1tT_<0J;cr?h{@hE{MY
zGv7_~<o{aCTP6&`_zRH|C&8H6$~rvV>AM=);l}wQEdNP<TKiDgoQmY)_N3%oCS4qj
z9YaMV-DKd5|M(o=Va!LY;%uwnlcjjlIwNWsrF2GjB+He=aC0SzuHO&C9_`@>!`<ZM
z`kP63hn_MVvU7-4^u|gq-tsP>VR5mz3D__rg`EGZK)R_EVbq&~`@h}9ZVq;36em)U
z$)6M2{mH=Ye<fI>AOxuIStx$bD8eTR{&6H@#;&65q6;%&DI`Xo6;qT)&e8qM8kmO|
z-vhTsRCDYNS)`4UbXZOk`tBav$QLpnHKuN4ibm>YOQc7%bID5>z!s60)@e9SBOsYw
zl5`~lbUUC>flyD0e-Wid32=r(8V$qSh?QZHYfDRjGc?38P7QuyFw`-P^4`>JbtZBw
z-8sIPfV)m6Gd<T6vg71c3nSERU>qvi^?*JAJ6a~P-OK#PXesr?fdqDnPi>s+v-2aF
zRUz&GeL#Z0s7!$P048^KT+<X!57z}MGDud+H<cUD-3f%%_aug7WiGt}nKBiW`UuE)
zjIP{Vn}BR*dQ(6`-b>waFO)*{o=)NDrchOPS^qKGWar@`W=-|qJtm+m;$l4cK!?yh
zTU~_%N076*07ZR$*OBNm^WFbv$bSZ-tBZeT#s6DhT`R`_TVH*2C;z#X&-KbgP@?nt
znV*eEq#aWVpcjDGgCIT`1H!vfpFBwhAEUhGNPK|0^!%se^d!tk6!bFbMSW!Rfeu;X
zAP&>Or6aOAhSMbF9vm?dBQZ&d+Ln~4?JqytSYF*&UA;jm(c<E}cb;OAF@hI6p2g=r
zu@k8A+VI~z-|^e+N8fuNKDcUf11OjvatNWi1V@Q2>xmLA2P#H1OftJ*l3BJ#xuem?
z-zL!EtV}R7<z5rzQH4A%gOSLnRD3<e9F-hpt-a<Q?7sQS?i+NP$dI6h@uzx?pB=s0
ze!0so#@4%?{g<!b9`3#|FKaX+R94lz*KhV-9TuCDhf<nOf-tR>V(%%vmu?PqU*w=;
z9d#0uonN$6<`N#TRZO(UQp`?iVzY7|ZFMiYo9i1Q+?g>Rx6yTxuI*zkjMm3oDb~sE
z&W@rjT~eE<;B_x+=r&Fd6W{@?q1M?Oy&J?uuW0&Lrt_#%4E4cs7htHY8`CHZTy+<Y
z+f77JGG<mEdi&8))UFiumAX%C6v~ns+gda|;>r+QSiAZHYtPhte^_whl?hcEHkip4
zV_MNs&JO$b^>Q5NkqzP}{-YJsoei;%%-&j|oTo!occUO$;o$5>cT^2xPmGKBua4aa
zbWYQ;wbqKiyy7qV2Z((@>Bgam^y=9u0bb_t5Q*eNA(r+J{w}5dg^m5o{~v1SU;e>s
z_~!*M)%fSR|E~+RwIfl*DL3+>zao$K(Yp#Bx8d1qCIB+-Sb5h#A>xJ;E{eIc-=YZ<
z7NEP`Kayh+|7JA5JuAjSRUt~0oB$O@uPHn;2YATQ2Bte1#hSu~piX8*pTY*IvWQLb
znQBt`QfF|vZ_y|)kZKxcBRFY7xsz-k?Ck9!jSqvNIB@mCteZy1a={td5NN4ZqymZ#
zq8Lsu!A=e-rhT&s@3WTg?;?!E;+H(bupQWnQ8&Pt6*PDr2`r-W4#y)r=%W2ii#z4o
z!{D3(S6~xZ6xnaC`_o}nT@O%j)n8t%M8QE4pIjURS8oUdSMM<JKN16hm($m2v49G?
zc)1*eJ@T0=vKMLC{d9!E*}BY8@N1ODP>zEZ5@}@sNY0M<kf=Ay3b6C~GKC$Wpcgfc
z6Jdq!DUIWV22!)*1tZAB+-CZ4v1oa?ndBgm@si!3J3eRRRGRWxS)(O;pjl(&tszo5
ze7x4`_{$yG5^rR(fkq<0UXO1l6Zffk`7dn6Y<1e+^VKYD?2dV(_IBmY)+2kP{m}y2
zq!eMA5Np7fpFothJ|`fOJn={g7*(a6UJ#OWDf3SN4zVtTO(@GG^v0!#h1!GE+CeR8
z=#ci6RHi^gvPUV399E3O&p8f?FrvQRXqnk;_j78UX2F0#H*hk$q7BPPHbmbL)Qloo
zC@i|Pl)#S4S;s@_K$;%RcpJEsEF#b4LPeo6TrufOI~0fLILb4s8;2*s9Chig#wNbp
zio|VdRqh8`R@@OyUSULbUg|CRi(EcmH_V>NQ_GN4l&9}I_p|ry<(k#d)E!o}tt=G}
zmMCvBmio#js&Uw7n+O%if>1e9T)@-y;*Kj6n7VDIZoVB#ZYSsLD@4vYHsWPBB_6o1
zN?QBUY~4yYZ5kMD!m4TW<}q&=(~raQ@u!sEp?zFQE9SI<&8yBTIha`8S2j4{EzONb
zsv*LOKq9_#bVi<vG#1Nb^5U>%(?VToiA@NR4nftuT;;f8)v0x+*1G*|%#{S>D>+jH
z3?ngUIu)Hnxy6pSWl7hB*Jm0T^9ZK_VIfD3W==)gvWJY@yRfH6X@X{`6y*q)A?bF<
zDS~61p`I8GJ5y_V1%lObSCxofO`}hZX+>5br-wVQ-H=70HC#LdFxs~-dbq3#^e~To
zR2X9b0P8gsM=_GLbsUBmq81JDQ#4wziI*mM)-qxNK`V}g66Ds@Y0ZyAgj6Qf5TG#{
zggL>rbOKeA><RGB`8*gU5%Gqavap@3CM$AzRAj||dpVl2a-%e5Wp0|{%yTk9shIHL
zsRajOMimo^=hJt%#vDeEvKj!!RL}@@oK{l`Y*X0wN;=WxQxL<bIOu|rF-)4f?jQ_O
zK4F$CD2tf_S5d^NL_2ywJE%V5t!}-7mKZ7`ZSh>CZ$n%rv@(Ip7^-5^8Z&&Pe8|U*
zQuLaq%*KTc%D**7rlt+k(aJ<UfHDzC`M%VXuy05bq$$-qnh}_0S&dKhk;p+d3cDmT
zZyGkuqF6R#H6PuYNU@4DB*+NcM_JgCX(WtBtD3kH3A4s>n<T7~3q0+m%md2OO=sS$
zLJk8*wqW>$Y{AOR+bQPCNolr|ShuRdNq5&h!1DO)ql^aV-WVqi5K)On*FSA4`z+CI
zjQgJQ{b4IPe_6RNz`N!U)+;!nTm`2ac&Dg;*Z#g^^5TvAwqQ3?6QyjP_JpCJ7AaFd
zTl@!&v9x?u-fM_Zxh;Pg0ig#tjIyD)Nm4zXVxzEJVr&(Pz2g|IM2l!y1YmK+O(tCE
zS;vTb_f7{~qvbg2^>td=+E2AsOD+kR=u+7x13e_oe7m{QZnRo8zK6&M%|H`^Lv81B
z)hQAW*8gv}K7vgue*b-`qNxu=T|{EF7j6qEm#Xg8ZGrDS#{p0|^nyI0w)UVcZ6by7
zcjA0nGpa2v3E&-!hj?p1E~CECUmyt@u1f8tJIEny6BuN>^WBu@*~VbNF{oIM(Ic_j
ze<|R<nh3o1#Q7tZ$!RRn0Eo+g)?Qx@kXo{cZ5+C7<WWAr;XInSmc9ht%q0nfEJ%G}
zWI^v|ds)t+9vpKRSAL~4y;UjMSC&o9L32cnqDZpVheqkNnz6oxM)`7%OTn$yb%0AF
z|D(J*wZY{&pk}dta>@FD94Mk0Q6r<v4nijCFDmtI<{viw7uaTcX~^Zkd`QFC(A&#3
z^fn%#%~##<K8z_}jKDPxQ_d&xDM-)p{5D*m(q4zZkPUA+F%T538}3JfX;EqXSLymp
zPT12{e~=_;y=1uiz;7=vFQc7p_)FtHeixFgETRw&M|gwCgc=`5aX@Odg~0+wg~B+g
z_^VI9Mp$ei;qMd$WJKQ;VBtYZ4+f@%)I3eB+E!(5-{TB-gAv6w`;|4sU)WM#mS42S
zL@qo!-X|xcHA-<y`N$86XE6C`r6fD6Q>I1BDVkrhOSF!25*nqskS?nad}1{~#gRDK
zO`N(qQDuonRcq-nC;B#y`1t%tcmQB3vM~Huufg<dbY!292}@2<QT~a8(M2*eg_w-R
zCy9<G$akNluSl__RTo<V8E!8oiv@MO)~6dj5S|u{AKV1fQ_LAOsVm7ObQ^dGCmaL~
z_e{ebc{FmzohQ-AbfgQb37SL042Di0-6|b4PD#N6df@`%#p^e355$~<!C>Cui%PQ*
zUBj;haT1>olQBB3xT6@11O*GiTDYy=UumuM?k{2;0!`D*u(4^-Z%Em|tj+&UVKY7Z
zKsn+E3udV}YGK91`3)3T09Ritpm)?fYIgHMKQ06;V61OFcz1v4{`>bIFx5R_PN6LJ
z%8$qdG#V%_Lm6#$87$sCzX+M103`3@9s2jb>EGA%@BLOgqc3mi-&gc+t%)s|Nzmfa
zJn4l@9H}`jlQxc$;C#fh&^Lf`Q`U+f*xzX)jZNmTV%Xye5Z#gNL3pXq91|KykIa{d
z{jJPZ{<d2F!i$9#p<%1F04Ldk@b^}IVJ0Wl--G&Y{&=_E#CDNGoY?Bi1&14R>S*?}
z*f8NI9S;&Ond%USHnF3_>W;XQ;{S>r**zgn$*+O)tH02&he0e|!(8FYL-~0EB%54S
zh9Orlxy}}>iS+0>V+)LCeXXG+l|&9%kHfcbbt$v-KGJ|_ZS0DUSY6k*c2IZNt5gKR
zUD^;B+$Of~4%z=tAUcjTLUqybCXPx~v1J6@fm_EgUxjJ(CQoAprqOe!;T*8@Orcjj
z1tTx@%OV7)lLnvB#x_e~fIQhWw`duSQ{5v&I+4l(y9A32JjAa!*sUh5_?GCL|F!U7
zp(%uZ3()#s3mN>zU@2Q)5Gy>YI)#a%c(Hhjj>M|`t8xaThJA#25^Y`Y`H?I$onA0e
zATOL%HIvwNeD1BVVH*Ef6>3l^fhl^DcJF8YeZm<g?xU90reb^=n$oC+;H5{v#kp);
zg``KBQq&#<wMGRh7)-zhc;&ygwf6OYX4wD#a`X28%N_Vxvj1OSzO(<ojnCqBeyZa?
zz`pu~S#Z&$I2K>s{}}_h>n)Ns4Bq>$9t+|ZW8}YvHvX$i%j-++M}DWhvAVv|>D+iE
zh*_aNr-ca>5S2WMq$;P6FT@5#I=2YSFS;9Xi7kF$7$g-=UE+cIr2wI};rcHl^*)U8
zW>T;H!izLgi&V3VOO{QlK*6Xd6<5oz{QfwasCfSAp){fYCN;`#P41+QOOu*ov`xRp
zB9$8$w>wy?EVbJUCjrn3+Is15tkT(CJl4C<)ju=N|2Mna&tC3cv5y(&|JwS>YVrK<
zz@xkK{}w)EV9|pUsY`MYF)GQ}w1xEQ@P3GylgC-uAET{xKxQKzAJSQiZ8WI-gD88T
zod3ce8-M#bx?7`XYgr0<m`0y4xasr5*D4C0N3F4sn2!PMNcWlXWfS=EGzvdaj0?K>
z9b!%89^dlz@{B!mVXTzj4<odq(>|7c`|LH1lHCR+6h{KL{5bUb$r!D@a+&0y>F@c-
z`iDJEGfv)6GAIR<U@$~YT+;7HU7Q4*W&U_XZv0LEJj@$1|6bJ1C(QpDys{=9T4kj(
z5)La<b#fesn>t7KQx>$I^0M@w?d=?DXmDN~xc?!nUW}uE`agwn8o{;6e;%ETLs;@&
z(qeF902a)9&nZB}ghY-Rvh`(eFb)cg2gfiP1gR(SZ+|+3MIg=uSA$DMVb)|wbpc(D
z344U~!>L5Ehh|Hf;`jl&9<VhBAQbvPlKWZmQ8EYl>bS%e^e9JRGS;pJ6jTXD(}#(r
z7&A3j5rq*EB5^|yKhR2fJbJB)L9&W{Oba4a%J^tmFe}+1dAde`P0Ggm8QWo-6(Jx{
z+Hq1zQaCgy@HUP<d&8i6iguqZG^wNwH3r~k=h(925&H+<KM2`SfMMcwRo=#&Mx4@+
z#kflazA<}TfN{LOisk4#^UiFc!145H_8DiN&7=5S@$(rk>L^U{YVJP`vT%L1=@r>|
z8V#^Ii%Eac3ivNLg?N_9FqGSS#hTb#K1_u&4ETDX?-%e0w*{{R4-TN5v2ogSK}?TP
zlxbRGmJw=dQ%@Qu_X!P?1=)YY+2Ez)*!R49RWADEm0$4D_dGk|9fdN&vfOZ8;wfMh
zg^i^pWZ^Ls0eo#>jwD)AWw>Rjyu_AGO_|(K7>9VCp6SnyRb_`BYKqC9N=K?{ggp<A
zdA~O%cVG2X)`k*%Ee>G<fHl@4ElTb$Ahz_5%;bQ(#N8{)1plX`4`d4z(rz4%yQiuG
z1<{pFh0CQ$r9=)dU<7uk^Ae(bw`XT3)IA1bu!wGnXarfRWM@0|th_}?LG|rZ=#P*e
zXlH@pfNJLqN47xp2VYn*#ux0V+Jxs`q4vFd7$D@Q!<R37Qe@L>v_g?!5)PWHCC`A0
z;{2!@p%R&&@*<GsM4Ehr`w{md6hz20UBRs}jOg_I?_d~({{Icm;IRJ~H9b5NY2%=!
zUO(tYFaiubtmvA)n+ti=^akE|%D10-#sdWXXz38adpjZ|`jSzKX+C`;Wi{@dCFw`r
zX+G>U*=Plj`R^9v5B{%@F(k$p|A|DV@jS`s$b?SC9_LjEe3k|F1v0)s=B0A2_wfAS
z40c$1VKH9tGdP+6`EU|2maH;AZqwt~JQ}sKrZ1M_FW>I`1fYXirhj03wqwxGz-K9{
zV)NQK?YuFEswDBvkT|jkL5I+$wMhYG`sk1ccmR+I;xHL!uns(aXJVMVP1e)X16wR^
zw3h!jgc$}h9LG(L1;(d~9Iu6_``;~px4Z!u{Q0~EM0R7P-TBTZ@(7#<9Y%y}S^y%0
zr}GhAow2$Ku}|V|Z$US<fZLBsVXHzt#&C?bx-=2`dTK#2Hbh^W>*BGiz0`?q)L9JS
z$mrqOo#iRTsFO_{enuNuYcmjA#sTao=up!42<|vEy%~5T5ccC~4=lp?Gpn^?z{jq?
zf8hTWrto8u0MQ?JKQ=v*bG2^eYChxsr<nIE^)dba*KW5<@n0S-uiVLhZ{>5nl2E+U
zA=7om05DU;yb2*Xn#=kv$NatioXaneZ4;qzPfNV7vy<wuFe>A!mPaem=hqDmGdtRG
zA$&~EQIfBJVO|UCMJ^x#u-Z4WENC!lbmjO<t=D;O*%{$4PX)zU|6a=Mzdm~N=6~Qx
z+dTN09(2ruXWNI{sCqR|ws-!F>R0n%_syGqjEJ*l9__vQ3tA=Cpna61|IB}|E&K~D
z;2)}2`*IV&4+w!ML@b`xI<xGJEP}TGgxPB8I5K-CR37`THwEMk3Jb>q3HYWQ@8K)y
zEX<=yCx@SJr59MEIx%=AsC07H^iQLcQ+$9KcFBAd+TwCezq7Uug|P&@<cB_{hdOI4
z!K<oKLMPm0lZsUi1a8eo`>*Rg+)cJ3CP6g}A~wIm1kMkj8~>s6u;av_Nk+;g`8u({
zAY2d!gYyg+##=(TYy{UV+M)_RvQ`Xy7d|Uh@LAPW#LU66%8(*!2Ek;Zl|e)0TG6g9
z45!N)$P0{Sn4Ng{(CiSu6|4@Wa1G53-vb9&bH-RO{opKAG=TeX{!{#Q7UM$0jT=G-
zj#z@)Lb#sZEDGc%5~<l6EcL<+-wY~_nt;p3cDneDQ%I3K)KnY<nTbwqnK@HjRIXba
zM(ou_mOs`K$Cc5d#yuT_YpyV4(2gB?%;d8Y6)DMp$q5A|aU+Vl6^1B?x~B)pp{43Y
z`(gbaLy2QQmf4<_{hee$Bi_&$07Kl1vEmYOrO>gKNCR%sTYX)&W;$XfND%S_w-gP5
zo|BmoK=bcQ_^--A$2Bkj>o^XxZZHb#_)HTqO6G*?b5Fvc-Mc3qcVe1E=1+N2$D;^q
zLfhmCS!*<XYY}-I9HZ;rJ;9PPez4h-GIc`GySb!gIO-d^H{9cpI@F{u(4jT?x0O&1
zU#Ln?fN!{mqc4m?FG!HVLPqG3ky*E9cTKnjSyN1UM0RZD37I5gDqJ9Hv8^=|ZMX>z
zj8@S`H6D)#gSu`*Ts%n*LE~Yp$-H|N`NgPDqC;E?;4Wm*J>l-jRNxhWOtDwZ5^XgL
zq04V=DUJ=6eH?Q}CX{i}TM9<oC5FKo6S^Q+V<&AyhIt{(InvZ;L+QA&8j|pLjF%{=
zqcF9)1o}_%p|nL*=Alkcpr(KT<{W`;&^w_?R9nBWgWRDlWnlK~F>bfaAK=Q6ws8&a
z3M{@B-+0L<VvJy^SN}1UEQRi~cUIl7MHPVsE!tHPbr7c)M}xvEIkno8W=1X|$^~06
zr@RA~DN4IggesCi14k$|XveE9&p{5YJzg)3u4<1LH#s&lb${C%oT3bxXz{{*$aZ8`
zCSS$3#4AhFB8{~rG1fFusp$rX9!Q0Q(Fyh~M~{0#IdQIK0J1t(sk~)Hf~L+a7a@7I
zKzmD<gzvS5T1888f~wkbf?8;hSGzS+SZpVW1P3*rFh{cXbt9ZxG>mTQb)l~X_CXDU
z!cPNQbb*D+g-bdKE%=q}jZGW4)3t{dJ?2C@e8*>dUd5}qz1zui%)nIOY`CR=ZE4rt
zr}&v7|9!Eyv-|4cs>VP6XAb+{N5%YaYioD$zi;PbB(b#U{vhgxaTa<z$>=<Vi+%3@
ze`HO&2>+}*l3DLHMls3AXasJ|r(qf%pQG+PChnn+v02cgiehp%+4}b!EeA4GzZ~bB
zy~q!|E_B6uMpRlR{rn8A4oJtUIL96^V%@RP-mvLJ9naO;fz$vFnRM@XZ4=`M^@=!7
zv<gW>q+*h^HHy1~aZjb6!q<an7;z7zi>LW#qRqvt*65rhHc=n{hBU3w_;>)A(L_BN
zG<`hI(XtXB5*(YTi(5)Chwos(*^0DIRgI1nh?LtD0GbPksNb_wj(O+lnUHKEjiF06
zCFx;O3F`45k{p(z@=$~u2_DmnILtU(v;@cOu&$ODc)qBs%ttV=iCI;71$fV9HViN_
z2=W4JIw^KfLefaWMUx`0FwGY9|I@C2u>bt<=j}JU{@#KA`py1d_MYuN^K07&@EZ>1
zpZ5-b+JAfKLy0%ruMYp_??3mqU;WMh^WLjxO@H^Vuixw*9QgZhyuFvNU+nF|v%Ob4
zFWx@ed-bFL6zaX&KlEShz1%y5Mi2LW>`<E8+daU>Uhclx`3Zh*Kizw=clfua_k8d0
z6}I_&|Bb)xzutaxxVQ86#r7Nj_1ibE_YZcV`)APXtG!px-#{<BFLz%ZwxCyd=I{Om
ze)tDJZNGSdU3uGYVf1fseE!b<>%YC(`|+nk|EK*I&vxPA(_I+Z_R|-;+!ah}=f(Ek
z%clQq`{nkJyHsl*T6yDPF&>@&^H00@2>aWH|L+{`?Z3il?Ciffd;>q5Fv~ZGy6Vq+
z2fIyw`_0|~4Ap!7W*?eIa6*lJY6R-N+T~Ud)V{MKPy~O!J=is4dA7U#0@^yj%68$~
z(N5ldZu&Fj{MWx**&x13AG6N?we{lp|7ZpN+@1fo@Oc?^(*zG)|1S}RLOjUfOiX}k
z55{!VKBt%p&)L22FJdJ6U2A#y8}D_R;Gt8m{rcV0o$q&cpMJOa-P6_W#diDI^5S>T
z+U>>V<?ZF2@7wTpwezLc!0Vo90-Nev>r)r*BLBb#zpk(EuI%i#R~NtgZuQyX>h|vT
z;`h%x%Zu%`?d7Mt+t0t-S=;_n`^LK`Js+^mNL_wDg9|izOn2c_!oDyVioAk4yK&F0
z_KjyAU2-zy#M9)z_C(s9?{>d?3KiRrpo!J*o<kFl9<>+0?>ueqLSx@OYOmbXM1CA3
z$H4%~@fX#!TF{*&CNtSUB5(MkG*s`P(!FQl@fZd6^cNqz2?rr7kL4Q=!D+qJn~bL1
z8O+4)ZN4RM(O_EJU5wYe)7QiM*UwSB(z$RuPsh=q*IK@GD*^{+Jo4<)ZJ9BZTbc`-
z=77;f+L;Wa`C6F|Mi*;qGK^;8<1SimWzjL3HJ<aUtO6e|*3NdXw-?XXjDGUXZ;Wr6
za{gl)BD`o_xsO@re|x>;|J!-gzB~VK<MXX(CBJ1$q^?b{y>C6a^2u}0GsS;OM&v4U
z4%bA|;IW-?5T8(bEA;U=flDJ=8su!z9EZ^0-m8N{xGo(X?C<<}_wWerPH%R%{#aL!
z5BFd5v&ItRVzI)Dy{CoZ@T64u<=)HPX>H?q?G~QUE*0d<E>N6!!@Jk*`B~cC^#53Y
zx&7zehX2R^vZ3;v1QV#)M602}0A_r+?@V@M%YX0Pqm-g(Bn#hBj4fZy!@l{N4f(r=
zP3cK+J1iDf1tp^v|0145RWksAdiH?#c$}6+UeN6(Ddz~F#1YAG7-E<lg%DJJ19fHw
z7{iafDD@XdeigKBn5nm@g96yq?HM&@)UN2n2JEbUoU*gqnA{s8Mpa+Cf8E`|hE;?6
z6}=Er0er*OAM3k+J%o0?ozkIMHM?Nt?5v`b8kp75ta))``=$0vbF$EDm(z5sqXZD>
zYZJV?kMo&!{+mn9)%uum{y$n<UMZgckJdVO=l^Yd9{=!pI8e@?TeWs;x#m+u1vmh<
zYQSIjlCx~F-C66@et7bY_n4&wEF>^jQu%gxJ_@&LB1qVI_z-Wne^E_8YPFZ~0S39>
z;+wOn`QzKYXImGzH~%?2KZ8?>M!3?!Mrts+dyiiaf*dW!GW=zJ;t%PVD%6&!^paEj
zv2$CM7My2RGuExBMvwQ&De0N=vfQcx73DV+D1I3BP?1sf-syrtC~fYjbW#Uljt^-_
z_Z}Z6$$-AeSpKrJ^I|6%j)1_X_>L>z+aKl8F#0DoyH#73r*LT@eLyhSW8O{;DGD<h
z)O(DT9^{K_t#-QB^iMb53lsPr2*jFd=5-p1^-PjJ1KJ+5k^$hm_iClHdGu`e>DwPS
zkKos{{htpukKP`<dG_MPCLI{Ne?_x^1OBo7dT;CKs26qz==xai4F=(7vh<OTUP9Bu
zVDJXu4Y$9o+TokGyYlL3kVV}$Xv#1QcgPoRtF|KV<naskRx{7vX5njMY7knzpD22n
z0nX1sib|;$7#ZHwc^0Coe0}w4l)r|N1$_Ghq{EEenKL9pi@lhQ7XctFH`}VMGR9Re
z9+049NS9k$y~!nCMDa&=i3#bD>D;RQvA$3E$4qMr04asA7OZv3-cJLKT^1?`m>g7q
zg&#!6QuId&s#~0&GkGzYe-;3U;C5a)tWi%jc`!acIM4EMXa=-5#Ff`;R;X%5bBHR%
z{3Ux#1JRlSvX^_$Ud({%Yq-1<^mji2fMyj=!;6$f*w0h+O~{7c&NiN0{O9oaAWT0+
zT|nmK^SP`}GOOBOU%tS_nYTFf@(kF6<a{`L0xyF&I0<_{r@?3xrt|i&J^l=P2^M>H
z^~XyNot#dc9r@62l|J7NC4MyzCHChc#YLLhxdcsJy*`?{{9B@_?Hi)06;x8r_3%yD
z4^!aPuwnIXH%7~^o&A?^HGG~7n2Wn3uXp7266Ce;h<Rj#bX=tHo8({I;B$(XW)bBB
zc4eX>jA>kCtJWQjHoKeM&!0DYVSh8}4K^eA?{xH!&Ep{746-5q_nGUwjWLGJ9tK9n
zI2lm;*VX4ck5(Q%Z!hjV+Fn~+U3s*=xV^l-zS!Ab={$p*<aX!z^Dl}xWA{SN!T}|K
zd>!PcTea5vBE_|Sw7RPL64sy56gEU#s-hNsg-K6<5fjfU7@Yz<Mw_PqqtoGL6a$Fj
z?&jyLHxVk|uYCXg+RArugZlpIv&GfpWz<CNK3!bztUZ6ayVlu#`uwRtWyYY??x`A9
z+TD!0$!2$)ZXORuo4vuwX4>t*fBEKd6mO;{+2%>q-~7ku1pW)@pUpJPCNJjtqi5Ue
z+fUaQpMST!ytvw3Mm_AK?Zxj_o<41N+S}XDmfMqt&8tyZ*VcRZKM*%QG?9iAsWUBv
zjL8~xAB%p7ADbVKmnts5Pkw6(oeO@Z$bVk#{(L=s%#i=ISJq1QpY7E<`;S}s{CpbZ
z3z`2aJS#-*34Gv67W>iXrSYhT&O51SVL8~w1OF{O?rr#Sa^|a`D294&s&c?}q{$~N
zNJ<Y$Hmk$R0mmnSg5Z{qJW#0IC*Hn!k@@xQUK$0le-MRvHVhgS%~IGTj)>;=fP8&F
z=!TMHGLUv_JDh=T5e?io?9gLNpBK;0&K7YLi{o^_kwtqo6XYB}^`D~w9I8YA5Y9bd
z9jk^^oT-^)_$eAlC>M^UC9P5{^C*VFq{%2HZ>cuWKb7g+m(*qe5GNRz>HK;0xzzI+
zB{-FI&pxn&97shH$8pdnPdSQkOcv<i`5+;XKSc}IwA6zH=apzHr$Nu}2XIq}RqQDa
zjRyCkkD0WsqD$coAQ@5Mt@_I#hjM5B>oDy`pMpWD8_VzWOh**LW)MKZ2^j@bp2TiG
zIG2v1*jIY90+?F<@0(2D*k=m;zn0ja_?bcfmphM&@jusA*Y4tf-pWVOd^gA!A;6>n
zMn6aKUtc$M=pr(4=cq<4-+#@<Vi^8R1%APdBe-!XA{XhD$vF(Y0pN(qe6NnawEZy1
z$G{oZ8Wh?QY3~>bIP6^SC(IPuAIB0Ii5(E`ERe6`GiCovfY+rf_rXfOwTb&5KIQno
zYyZbzyN3DA{QNK9|8uN=x7RzqQVg(J_FwDEkBau+>#KM6U$^p^Ghh?4l@%eG@G(YT
z65nx2Tp(X1NrC#+`CweLDR^nUX5#-U9P=LoCk`Y&J%8dq?nPO5G3sH6RpywVd{EhI
zvR3#xqNop+zpX?_q)Z9#Ryad~#8*XcH0VM8B<ac0zp+ck?e0lb^SpxN@o~~SxBYU_
ze$7h6c0!R%un+|@S!}#d-^Wg(0l=$#j5VmHlWIZYm*{N8%FW_qG^%%+POKDe1^c+)
z!~ZpWPSU1bb#<mIiVT2W+@1Ea>jW<zxp6dTx?Ov=zq%7eMm&%)JO+8w@$9W=2r`jE
z@;=O$=eLauI*hN2Lt6Nj^NI0~)<W4ypWFKw0yrs+{dA}d1n65fFw{rax8iotGpO{Q
zQV7-bQq5QA{d=nP{z8?=$KicmsDto*2h;oj^{8wqZh-o0B_Ap*n{Olij7(5cN@bg>
z-OqmL4traO_YW}?@WcBV{Qpm<;b4$#X$BCVnjdf+{E32CZ>`sy2yJet9_phhyRaz~
zpecL5>2pjF2}?oyhVP+SQ-v3zyDPcMrvoM`Dk?^2*+OZ9s0uE8SKKP?Tp>#w;Kjx`
zraxRwZkfh|U6(@akD8wl|3^WTW)fz?+6B}}(xONi^{DADZ1@X+!0_dLywIpzTJn*%
z`e*m}uSWmpIRAUWIja4-gE+q&8!$`$w_42q)M<Ct?#};P`CM;oE6mUQ?6ru9HhjSx
z9RXiuEVy#ArvgfHFwnM6`_yUs%j+A<k2cmG-FVukBI~3$Cr=17{XtHo-FXDt3N}{F
zli(=yhjN)CtwZKX6Dg@|xG2f`t^=zGM+I*vd=k=-@<~8ZvzYFVdsaqXis|JE6ZTdI
z1LH6#_>BUf(1}gm;bRJE43Ar_R*jl-A~kVf6fzc2?^I;2m4?UR%Q#jIzlAfrro058
zIha1a&2_SSq>T;D<}r<QLf&9ACghDG^qg{RYAc#tO9Z5^y#c@SXAb%wc2ASb6aW7+
zhyLeL!Tz_iytcY>NB?i*bG;<7K>rbQuAlhZ_{fxhnZrOYx0jYXey6jsy1D@j<84!Z
z>(X4L{Z^*c0_}fvTckh8fHBVtQ61&s6lz{LCM285%+rFune)Pmr+1Gst!yFRj294~
z-uHxj(+j+DQUSQENU$lFfZuZljh8_vjzQ6w`s<lGCj`9ac?i}2syz2^=`$z&&(crn
zjnV)0_Hv2--}!&u&gXgw<5c=DsZFkh{wsWB`ro<bGyoT-|C4$D>!JTbqn}2xa@@Q)
zKR@3Yf$z#^gj+^&{%i0i8a36p@$HG#g07~@=(FbMAj(PA&*4~6=}3o4G@>JAW7Y{H
zH-$pqZWLTRbj*FhyC>&EZ5OZ$`{t04T!O&|P^}&X2IN$yQJ&Nby<@CQTdKtUM5Bfg
z34O)GXb$?1dRw#@y)pW~`lw9**YD#0-OA^B2_uG1-!b&RoC~}+9*#trAltFWsoF45
zcgzIs$_Ipvu$E}(w|qf(P&ybe{grbz+^aqq?%m+2kd@AaW7NJlq(6dhK*!+nF@d<l
z`x0R{$;vn$d>#xi2cD+$Hi5NheAgP!2IoJkn;XgwHyZX@{!bx?N+i?3eBAGEpeD2F
z<GrJ6$&L8Xz`I9C2M4z_z@Yf$!Um+_e~#E_9{NAJJn5&;4En#ayjsftwYGYf|Layh
zqTH@h?hi<{UkGJAMg=4(vw15lypP}FqYX;`r;^XULwb#L;De9KPIA@$6bxV&e-Oo(
z)cy;_(Uu|^rJLQb-ZRs*z)bO$EqnkvxA)o)dc73G#Mf2$aZA$DfS!PM=q7#{hvQJS
zK|hFCO0HhYNMV|h$E8M)=&3e{XtMI%)Ld(?73++FU~M69h?Eb1P-lfgtV7*;R|5(g
zq~|sNUw$nQKj-vil<}XG{y<U8R#E$4jaO<FyFLzpB&J(=Iu8HU4}c3TypJ%-T)rif
zz-Yb6U_6W^f(^baR6tw4tq}jk(hB@g8e_%w&;2tkd*>X+NI~*quXzMq!500iQl+A*
zmFCBAC{#F$dim)V{mUg8GH#u$P^mkBqhhP@@E^%>@ewXY@fl$eo^>wh_&uVhF{xl(
z{6qs7xz<T}wR@<J=#f=6BrEW{PCtSg`*-)V``!Da4-e|^?w@^l(AcWKdtdwT1N^w3
z9sS|IzWw9<`+xt_gL>ofla0*}5AogmAKtfqXw<X?M}!%{ni3Qq4(YfKgKISH^cJ=W
z1CBiU(8T_mdgIp-Ok$hSz|p?r?JZUeCe@45bsLB{mOmv>6zT}rFc|^a6VzPAJ#^fn
z{I`k^GDa@VaBDDXkwg$mSvDw1E6aOuAKhTRPoD5(>!kV*8%?9DckXG@AdTXJEn4b-
zohAX8)LhctqbV&ivrI8t)*q%(YF87{(**6p6%<Wj+F;>y+ii+%L#B59wNI(L&rN;i
z;Qy}d2QZ8O>y-JwcIPhs&#ipO{=cW99^l0c1M_1Xe&C1X@-6pw@g?%?OzEd|%J=B9
zh2&lmzlJJ>ynPk-tq)McOeKKznV51q6S@eN5@u8RyoX`^6R8NCsogfkuQ!z`gTOJy
z^tar@fRI_vUK#lrU^;7};=XuF*@@u&H{%#O_q=-xL@%ulfl0tFeR^R!Uhq6%l6z5~
zyrN-t7)?J0_MzpYryb_%rfxY~bWAmAz-Q55;2n!)SlGi9?c5!{RlpooK!$+>uath(
zN*&%!l7W`K;4Gm%Y}xURqRa!>tH)UtjKkOq)Wf|N2KiZl39+>_zlls)Na@5mApm95
z9&*e8m@WE_P(FEVNDdk|1$R@jG<ad&H5dprRWf*nt(x>>b)|UX@lo|ycyxNUp!3la
zcYx63Nl7MlZC_jl-OjUTPfM`lmN1bVrn`fA2g=3JD&F#6QNpZXFgW*Mvi<RZ)7vKi
zw_b3LY3_%VWZ@X2V_;T#&R&Z?E!ca(jL9AqRwvsjH8Kqq9GWFj<1|g5LdlapP6-m^
zu?ee!8dl2mi@X5KTF~!CETy42&cP9r+D4gc^=PRD>1=I#0diP}R6H_9Ra_}&CKWe1
z?n7YxX{#37T9Of>-6fKl@SIXHQl<_sfvGBVr`alh${_R4!ofgBo=5R{ly*zYj=9d#
zE^M!lp?{nvL9dI+$IPJA?vVwTk)W?8+(d#X&+rW}NkJSY<7`0ak)I`=6jVv%Dfe|a
zh|#)Ti@R`V>_RDtj~eBk$d@u+99l(HizY~eG2`Sot3DEva{+{E9vvbDFLCz~mnq~g
z9AI(~eTm2X_StE2mia2PJ!RSrOOuBC9Omk?NFt)4M`&n4mnb2t>PPSoEW;47tUP-!
zV5)l-#6<b=tjI{zNo~NFHZ0zcNz(HN<L*cC_qy}+y1CCB{GU19F4@Oy```7V{-@Kq
zv;Vr4&$a43zL~86B0qN&--s3n(?W^zM<)aQX0i(Cn+ZCgZ%RragSDgr`hJ!M=$q?R
z0ev%52lUMpE3t2?v_aq4>Y#5X=!3qQpb+{7r4ZjJRmnDRg2Pc!6?0()(Kn7phEE7-
z&ruS6Q&Q3VK{*N&BTOn9zm7vXXX`Jz6(pm^26i&At;N0(rOklGH6Te*jlL^2&Ntdb
ztSbg$q(VZUAE<q=&>Df|YwyCZ_nC+Oo0I->eaxW$Yb&d3Mf$(Ga;N{fmCv;jJtV>h
z%xkI>K=?^b@n>3rwdU3GTWHBj{?*^Q6__ab+d|jdTFsBYI`XtbPut(MFK8InE|L7U
ze%En)V(AGBrFk*hv()_UMnj5rW)<z|qHQ-lJ6^jm47{I>F(D%o>UbfSoYGP3vpQdO
zQ%LP@yf$hFa@RXf#&M7QI1w}SwIwe|8A$G4aRurnVTS#8jil%dZ+Msi5hqC3EV#eJ
zg=LW76`8D0BD~6<26$bg>tn!56@0}vD7-hu;Ta8t+zzum9d|LXh4C+j_wd?r2u|@n
zM>&=p4Nw+ZN+FeUH_V4&9&i$1_|f!#Jvu^N-DjP9nRFB}E)qP_3LGlS`Wx4OQRV%n
zA-tm!AIc88bfYE>5;r}uJszvm*p{t(f_iQRJ7G3_Z(4rKL(Ek<#~c`33JPxT#mRE1
z%K4RsjrzS}AxYDmjP$g4oaKp0hgkIAN>5hVuiZD4#-3@El?9=jcl4Ivnv6<?Y<L!b
ztM6aFG!z9uB+)2oZL~dFW@HhScqJn2qdf<IH#8p5Zm)ROf%Yu3OanY6m1_D&#(7t{
zd(%ecmBwuAT8nvv0>jZ5<9hiK`{Sy19G_g=rWtKr-;v1tV0)!=OIusMqJXF-b)Qva
zk~hFnhD<mxk<*lX%6YCx4Ys&#ZL(C_f8kj*V!(?6B`lVxS}&1|S<6*{Lu#p@i^<!O
zNgm6Rxls|m>%z9i)Jz&rdb6@T`RWAq?D?0Z)$`|?-9eHS>$!7(gFDcgI?2+eO<uMv
zwO^QiaYpw{H&2xmj>8$nm^i*EldUb3I=hF}7|)AHjxi0|%>vF-fCfVRb|IvJ@{pMV
zs(Z9YV3Q;izu4L(Y7`~Ub-Q(`^>10N$#hD6xPtM((RZwgwTg6!x-LE>TWM=$Unz+&
z5sh=nNrZ^>hd=xQyJMfAd-tlS+}Ad){vCX#-T&<ToLA{%`u(rnUTK%&|E#p{{C{rc
z^R@E7$R+8UVg{JGQ^4M3fSH|P;J26o=Ed7>$%Uqp511!+xnQo4x4<l`oj!Q0c9wOH
zRytOA|LOz>%6IrTmo`QQcDckc%9Qyox4~U*gX>Ej(^{HE+N~1*ndxILMaDOM-;|<;
zuQ9XCHB#ss$}Dr^6#93agyxP^-;wIOG&D%J1A*7Yv(6lk(eU(Q^{zSbP52pQoENVL
zd;BuBl8e{Ta*m5vO-5|Qcj1aG;k$UfygRx?B^DQ7yyCcbiQdi%z~s_p_Ntn}k~%io
zn8Ej$Gt00pVUG_>eQ?Y0%Y5HmE~dL&Om`pinI`{DyH}6>kDrUj|6f~KU%rd~e;c0}
z>u*?*EA%l#{=c$XA^%^yv;Vr4&(edf>-s!+?>+DpukWY8fslnStH^^a^H1Sa3DWNA
zIl2c#qw#<(bRJliU^$%gAEVrR08brjFN27#vDfm_@*{tFbz^mTW6d@8dVh^GTk^gY
z*@^#HT%}K+IM3h|!bj#=O^^7r=6Tl*=H1WiW~WVKvTL62(t~R=l%oOfp<F2#ME?|*
zFm{B3L0?}tOCE+DP+&hoSCl%?w4;L@U0WW!Xoz`K{ZkV48vct-+pKDN)BECG`>b~y
zqcGkD=)xox??a5#-^-xjOaA7cohDgGAqg@}Ad%)={OE|>q{K3fo#h6k3@2DBd$86u
z!xI5z018u}88|@25d3kL``uI6^AG4fM+$&KFOJgi#D9P&s$fq~p&?_!hApUCjZJ^)
zfj`WB=o?GJ4{=OVCT>)RJckCD*iQhc%HzOB<Lp%2@uBIORIH)w(dX8i`k`G91|<XH
zqRyvKuNmPGeKkh3m*BOfC?bG`iTu{noH9ZxSyP>sdumFF$xYbso7zNEm$Vy812X=C
zh89;!bFZAao;c1i7!33}kdvH^w<Q#9lBqt{A?Gzo5%@rrvsYRA!SkcONrZ0k367n=
zKYR!{HDid?;4&>WHcQ32+SX8)B>Z(t8jzXB-YtJX<FSRK1^)+saczU3$;NgU0JXEq
z$q0+K8#h9m$g!7+F`Fi0Ko`MVw8!=1sEfH5&u@}Q>(Cihgqmo|@woqPrSoA^1qiAC
z0gIm4R<H!4hJTV^eoeHH+MG=dbO~rlx3bu26#9uW^K#BU)PA132UEAQi;R3{`gH&V
zw0?h7Biag(!%#wKV=VJ`2h_JlbU)kh?`OK6(;qr4_Z!Yp*xvN0`;AF6jN(rewkbKr
zTeoE|y<oVsjU(ODf(;C68EI^x#~VO!Hi*<14dXijrgU_pXJpXpb*Pv54oUklRU@io
zpOr;Kw`l!@<uUEJC60l$4ue=xlxmW6OSI>ub_590lQCt4B_mTA<4sbWE*gg@Sh$OX
z<p8In-e<K0)-JWcCuJJ;k?`UOJ=qw!RSDT}@SH*-!t)nzw~r2=?(e_Y-G0?@_W<wB
zaxXUm|2HZI6H^d>lyHy-Gz8^MeH^0OgX5n`sMkbi33a?fOOitg&+@Y<yKaV_HrE4p
z?JmHBmKT&8lq6@mUD#w)Yplqr)rMXMjSrj!%D7rkx5Mn@-Rjy0!zL)Q4KI)cw^r6N
zKm0r*@5fqsA8Ry1rDqY1pbdwWuu_BlcF=?9&euneS=3jP#|xnc)zau;wQ)n}Q6%EO
zDfBo9bA<<l#y5JRX0kUgyW{6NMRDP{n*Z2eZb%c0i{?Dc3N73ub^b9#=aozBzLwg#
zuin0Rf!ptvHlDjdF1hz6^7f_UHZ_yH2onUH&WUh3HW$vvdmIfk2mY(Q<rF8>v36o<
z0AI*$WbTS({@o!XUw$h{Mcd>nB9(P0Uvl>wfWP45VeCTOB?Vvp_vsJk)&HDcp^q8<
z|Em@8|5n!4?({#m@%c9D$Gx!cZ@>NP-iy8MH%C8t-}cZ9G_)W6Hnl{49fPf@Aj5-m
zk{+^QWscG;4v%H3vCbiDkalU?dLbeLlGCGb6n-ULwCL?IBMT*s1QQ6NT^E|7!)8kL
zKoQby=?Q}lGPxyc8=tE%(nwwV++HTp6?xDYLg!P|6Xl7LQ3hz)3QcU#jC@~tp&M-j
zRFF48ucsd=QHXwtUclHe4=+(?LZ(_p%1P0A<5{N#I?}S3g{z)O%lhE4fCF{iemHQn
zJYyl`2q-wr5yg-X92_tLcSN4SAUWe1BrzIdqM!X^2HlfiA5+;UUt0c4#sFvtmq75`
zf<H#U78s$J+AM@pSovg-)kJi~+s$VRT+x)4G6O^W-W~lq#E5O_mnQvSKgKT{sStj%
zn=$={wy>%!iYeT*%FtsNtDc6@{n2d5WAlMO3R8;phhm3CS~zr8P3V1;YI#eBaUjD;
zBI(%+*D3(oAie?^4pk{+@GVRKF;v2FNZ|y<FP;z>r$*xZ(;%b3i2W!W^k~0_LHATt
z2PSYRj!T14v;|xTT2iVI+ExZ(5es<Ov{J!nM84VR1Z?SLM8(ie(lpFQ3CCkM8X5^8
z35}>|45}eiz4dVD92#=~hvFbQZuwKR)TegPsasQ0TiR!g8hTo@AIPXt8$Cl$x_O<7
zzhYxom5`Piyz~We^BToV)ooo)7Ex+zUQT%a=B{vC+q{f8b#orA&nDn6W=ZIyCd@D&
zs1f_xT+)B;X9oYT49c(6$8`R`v$D3bQsn=am+#^~-pc2?Ir}|~9<j8qVo(70(?>%M
zJnoT;R-we_Gx}24M~7+W(bqEhntqs?r!w4|u=m>INY_>(9ty;bOx|@{eq|Uqt4q{7
z4ZEMx;H*A6;;H$hgU+IVhDSNY@C|!%-aqB{4~~I~7aG9eAcYoYRS5=z3)J9pc&rsF
z*@qbk_4U{vbdzzMn`Y>Qly)dKOXZ9Um9TFNe^Q2!-LcazwO~d8wXr=9Ek7a(%M3gx
zMNv-^GHOz{^Ot+C^tBwm*FQJ?^M+rqe{T4X{W^U8!T;=Uz%w~PO~viMnu^<hwJScU
ztaxXsXj>}Yn3ba7+Hb)|(Vp*)iC5>}gmhP?jZVgeEi*cb5<g1ti?}cO`4FLT4_+@m
z;aL1zKK&R3^nICuLyw>`Ms>BG<d_OPA6idz!bxcccVD5I<0#EfG4%eHFQXvqod^>e
z-U#qn)<KyQ0Rysn!<?Bnhjn=6KGI#fOuM}*mI{s3D=Z{I;kg6Pf}KgBl+d{95+xw}
zi|#_WHWDj0xdz$ouR%8d8Wb_Oj^eilpNq*THz4hlR>wCD2+B{ayy7gHU(}K5a;uHT
z><t5J$%-z!-Xu(DyDNP&7GZj&<KC^VGKNT-xxx{pM8K$$%4iVvhXNLxDq64}2I)sK
zx2+4!Q+myqV#Ptpz5SzS`>%Gzl#uxj{DXuKgU#6_u*kOXP(*PyFv?Xxu|HuOYB5oc
z%|^e|QLAlNz&P+zim#F`)@W(DeNxUBx~k()9@4{yb`9)+$~!%AX?XOos`YlM^|ssK
z6ZM?t?>3E(N=<H2W;|I8#Vyi_hY;prFSeUlYEkBZ&^1I8ZQzyo9i_Esl8e%5F|84E
zVHzLw@dv%)B{eo~H&k+07(JV%mBV!L2^*Q{pWXa31u<+Ws!+X)aolQ7N|{}$8lP2b
zo>AM+zaYnp3~wR6h%wR6PC1`WI0#1ML@`cDFg^;|I~c{+l&c7t3!y@67hSNspMH8-
z&v;|Po`f+9cU`an(3>19CZn6Ac{=*$t&u&|<9w9Qp;panBZT(7@wh|;%VclFn_tl*
zi|7IUs?}V=2Y3}}=2_;>stJx00N3^KbDokCs~>&#m9Imcb49VvGl{zZn>e7DqEPTt
zl#DS3b&Bl*vSi~yo;55ad_fQ-78-{2r(=7jL9eHV{HNn4wZgYeGh$g5QW1`V9K{Nm
zO-24tJnK7-MT`S111RTks680eto@3uj+A%Ag9ZOjfAU8d!5n`M78GsNq5>k0dRqA5
zkf2jq37l3?dY~Ke-By$h9g$QV?lO;9nY1hD2xRPO0PIf4h6a`r=!el59-pI&R~>Hf
z<BWrd6NMgdz*1Ss!MPcUuUDa`7gormnT0+l>Wr|B5;N6lEaEE*Sl4k@KpSTvDijxT
zrkX)~PPob0+VFgY4vs@W-jE7Nwm5rsm_?9uj0ufH$?@R3$*u;_$uRvp$FpTEzGUVr
zxbM6mvdcT6?jXiBonJ)em0eiH@m6vEq#-$=QKi)>C*AC^-<@ukJ#z4L!(d;SVG%Z<
z#(6Zvh|f9vz921bMZv<GJN2TB64=zMjyM5}CChkX2{QyV*C!RL6dC{41#bs{MdSoR
zDItJ#&<fVaF@qC`<u$LJ5{w=k?!G?Q`@g&XckS;x*DT$Y^%wD$5<MwNRe_rk-o@cl
z@+1!i=8iVuX2)Un>s<ITj|7iMDq2bBrFpb#*epKG@(|gtIyJK>jc#c;HGc4|Hyir7
zbz;*9k?_*xS5siR^H8lObpmG>4xs64h7CX5;lnL!aBSHAK<=wlz!KZh<A=_3*>EtB
z8}g6{2v;ZY0yl-RSJcf+;<u+ETmiGV<+)IcaAdQzU5Z#@sc)ET<305!rEO8A8K<{M
z{~<d~2D8XxF1bn=X84#<ujv;XwRJwSx!nR97kM^iFN>SSu+ZcR#SobTW#gt&wqg2Z
z%#P5zHJqENo12bgf=-i>r-UvpI$aWZt_LB$IQ%n@f9J*i!S1t$LI-EE#1GyQCE~Ps
zoNijo=mLM|jsM~~CDBFmzJFi}VS4`JIU6;?dsI3?8E6U3+&B{u4%k@Y*=b|h7B0%V
zLE1x|9-7!04*zB`Z?+=&im2xv<D(?IKH>$98Io!Z2A^BUHP(Iy&pzPgY~g*pU=I&J
zd^?LyV!VA}6ovQcLT2BW6oM97N*5aHI+EjT)CQm;);MLX4<DLGU)+nl88F6QfbsM(
z5f=@%IF8a@!j{_{<O3gar94SW6@g#>xG9s>)|XZxxoVL(BY-O}r~XE1taIa>XFye+
zb2qhD51`{r+e;U@2HH&4O$F17%Pl73=W4s5O>G*)8D-@h1m`!k^Dbf*QK_eL&rR$0
z<Gw(|DqN!Q?$q#YvOG}<d~*)4`WhL03Zem72}iL2q)7(T<W+zOilumY3Jdc9XD3jD
zb)?zd9G$$pEzES<d5QbW#6>L;+>@kquH%gXX}-BSP}@B4r*EGh;e7+>EL1IA9vn<r
zE<6{c(H+XQLa~;n%%ar}7gZWDJr4h2sf<fLzP4%KTmX+iaKE4V>_4yK{Wa77Yh|?*
z|8f1%qepl4pSST*hGMv<jO!Qu@^3&Sbv5JA7dSSpw2*|WLh~>tA2Gx1?h+EMqwETP
zfKq!Bk4EvQWbla`fRODNB7x5+vc2C0Zi>BrfJ)=7%g+YMnd^k5Q;TMD3Y%fNv!NVn
zOOjI!IOnd)d##+CnkbOXLf`^`$>xUi^u@7ckCPo{zPi}8d<8k+_<&J=px^k%VK*3O
zp(XT>6Um7REu97D$Yl%zas{HWD~3nHF>$j*)XtLephwqEXp}UwmSc@T0f!U~Xkw_R
z6P9alY2Ocy;eHiJhE+nP9wnknTBnwOjXE=i6b@cRe<2=EJNBp;)~5!tt%(N0>}}KT
zd~E|^>j_TTwiwp)A>&}h5RfGXvJ}JsS|Ukx#IZ=ys)4GNG#OZSdQc0^fN>M^LqC_3
z|45G7UNT13McL};xMNG`b(SW1j+t}W{|W}vPd3<%kW#`&=>8#Ww2}^@W17}rZBjct
z0e*uE&A&AtC=Cb~QHrkz4eagvy);6!8>2LX)j}HiO#_DC*mN7HK&pyH?#UeJ&~B1C
zWK*@k4sC$V%so(g`G9WBIF|&$o8We#eS&QfH$}H7wOk)m06r`V!|=0_A_+1ERr!lv
zrA@tj>WTkgq~A@q7Tvs@S>@)1ZIsG2=1}jKE6rncST(o{)~eLRIPOJ!z}<Nk&Eo&;
zv=EmL27dAQ-;Y+?D|hj~Z{u^3^|#Z4T%?Z~{QvrLyX~%j2V;WY@&C8+SpuHwfxn|y
zmVb@T)9B<h_y0`T;Y)r6WUp2i;h%NCewyc_jisftv$GbX(1^>llJrCnrGae`n`R>p
zvuZ2Y*80+NXQ{L7ciJ26&c^B^;K9>0JP8KEtvMdeCdT&EP~1~}wai0nM97iZ@-8@|
z$lbico0S8`SdtVwT%-M*?LuLA-P5$rF0>1+g@W<3Hajtqf0T$CO-9QWla@6aw~5^>
z`W2CED?^T|my-Ls_^LV<5{ooUDe|Nzqt=IQOK3A~zF(YKyK|ToCbeR`U)<%&{*#x>
z1i<DP1(F7wMedexdsZAPJuDN|v-rx6e_gIO_jD>D=FCZz$m~h4S_Qt$gRM7*hwjMj
zn5fQ(D}tp8cD{JK{bKJaW<g{OCA|yZou_!)1Bs#mJ8&w0xQdCfFkn=V$0J^E!US$g
zA%G@m5`gr_7yD1QUmWbcdbayl%wB)2LWgVf!L!ql0)xOiZO0gXj<Vdb6s<rwC9o$c
za{LKko2kWd(N9@ZrV*)Zpb>-48sQ?i_y^Q_O=LaB9<#V@iWB2521)XfZeL1P<aC07
zfl<ov)tKm!lyA5dTwG-J6FxC2(o#RrSlN)-YSIZiZ?-$dwb6G+TnF7^oK;&!y9-Uw
zuR#kR;TqZ+Btb9i)ePL-7jD4y$*XI|H@$xKdJC+yjWb(CmTOI*MCHBdlCf;|?4`6K
zFxsxTD%7`YI-p~2)`;-HF6<AYZmw1bb6NWT?|!yWvo=%#oeja6R6@@z&Ws&u72)C7
z`}XACNt+)4H{z_YmnQAH>5EuBDntQb4=n`M6|(v0Old#)vSJRF;J#6&(VEUi6w#ZY
zPzQ?l5Tl-R+<dH})<Nfpz!+6${&++)5TIaVl2Krw(g_SGmw;A(MebQ(t(%iIfLe*R
zmN)(AF$@O&U^5y(x?2f5gp$(9ur>2>`tG7}&o~XGcO)}SqV*FFC2D1bTfv!H%TKj@
z3&J*B;MDrs7m>TqSNUA>{(m8b;EenK^4iLJ>HfdAdUyZ7jn56<|CcHS0IaL|ZvOi}
z>nC^iU%uWxJo@Q|*=zlo!e?)4Esc0Tg)uT{);N@;`FB86FS-Ar?EHPq$p5#xvi_*J
z{~xvQ;=kU?XK~S6T(tK;{kkUkAGEdI?ItPd<be-DEw}VhBnyC09ObDq4`qN+dq+$X
z*4n`G*31O_H)}P|8zfyQj9lomy*CHDuc6Gs(t`DP|G7LpQcw3^JUepUs28vIpW{y$
zA#U{}yA|mFr=yqKZ~lx0ez4!{{iq&qEU4jNTu^k#q{~E8-8F%*pn+}%93JrD{RrcU
z;y0ivO<&$*s;C`?zDY4YF;T%yv@2r<I@hCcr^5hxIN_fs*%;b@e^}UpGFX10en@fo
zdE&g3%KQVqdmiIpK-3&K)ATHja`7rucN8Q4it+{HTuJs0SYH*}(iMO^|MiPZ0@i8g
z&)Yxln%ADH(E_wNh39HDv0jq30EQ?AsHw-b2E1_3j(V-N^aJAUX3cN43g=2~X`H1?
z)cX?9jWk5+y0q3>zEqXVRYG+z)~oq&nbq^{S`*%xFyoyGQ>GbbNyR|m&0x|iYlwh*
z79cKEoSLsGWEtuNLQ3LtmZTpgxgt>XxEG{7xe-QTW}%3>?QRvXzl<>M!&Wam9-ly2
z`dfU-IIQ<T@%4}ajem--BwSJPF&T*`S@ALB{+8^4;@jgO!<R=t7GD72<>=Zz8r#Zu
zwIg2aZ$I08R)WG@o3S-YLo7b$rqso^N)5Q1^vy1gs$9%dqe5{WhYCl}E9m<FAy2n}
z7Bp;9jkt|vg?1^a9MT^uFEU}y4B_1qAu>`V^{RHiRcl%Y2bAK*WZNiG@{Zd0;N4^5
z>(`NH*0E3ny$foL5;a9Sfm*0Z-Ov0XIbwt`3tfzd1ievE0Gbhw+NUOASnvM6`QagK
z$zI~!yVuo&?&64Rt(J2biAWm?3LFU8T6lUv4SWtu*5`oH_wL>6Z;%U-U&lB1#D=vC
z-+_nq_#b(QVp>=Rt%C6IrCOYl=$M2tk--bWu=4WIi}Xk#MO{YkK$ZpCm5_yz){cXo
zNhS7e8<~y&CzN3UW3kXiRrz(AXaMZr&l)v8>bUVnu}g)J+%4fcRH*&G0(LG~%gKcr
z8epo4cZ@7HxR4i8Kw<z)h76YdicnFUz#x<jQ`}EAL{gl#(od<Pf?@)VelW;F!6<37
zDfZrqMe*yZuGN}qhNBqN^^W4-Sd}7qvvnd$Vf{K!L-bVW_U|HcUzVZ(?%_xLN+YjN
zArXIXJy3g&**pvlGK-uLTWK%@n95cQ%kW4F14#zGql&>SE?&!U98P!QkmP1CH<IrB
zwo$ZuX&hCnuvLX06?lxo0FA~?UB3dMt)?fe_`Nw>E;W6{%~GcQ6Sj<6{4{~yU7(Cg
zh+2R5_tu98jn?8Hk&xbR%W{keJ!<YsxNA_gu%o$G^^)t^#M3Md=ULW%5sjcrKqPp>
zP5gTcW6VT(?fPh$Y*M9>`+vL=P=O91ml;g6BBz&9!iQfAXK&LwarF0{rnAaT|BJ&!
zzBwqjtxq{p;lk*UleE03RIzGeq7X((5#gKFl0$SbA{$qoaCB=}RUF-9zppwc>vg&;
zTWt~#W>_mJS+};L*@gxmtSwbse0#Yyb0upI%dJ)#&8vZh9|+9UPuvs=e07RRr=X89
zo`jg<6J6@)$CkP_)uHbyvaKH966Ho(A$O8@()9<S4G2l(Ix%!m&X<cH7|KL9G!!Ng
zKDacD5ZATdxpJ#5u<}+-Ta!SwfFm4&k}Z^(TARS&J{Ppm;BD&70xcIO>YG`pHiB+G
z4h9&himrAo_yYClFFg2FjT5$_R7gYI;?%XZqyVIp)6yVlD*A=DGIrg#>6+@7E0tkh
z(QuxQL-znFEwAE+iKH{ps<^lD9kUK(r(eX;eq(FP;ARbXPT+GKFHSPUlpS~@op7Sx
zXtipMnj!SKf&1{RRa1|Wk3eRD^vhWTm;|T6LcO)vxZhepHM)0??Y@$aHYFejLQXMA
zqdl`u<v7>aNyXsK3t#hhXQZyr5!d*zplRg|Ixd(X6$uHQr+7R)Y#SWSRWmcj&Xw#%
z$-M%(P!uu?Lv$}!OW~3axdW?0b>2f7s1%|_hzLK|%jVMK3KCN2zs}3=k`Y``cNtN3
ziQI-I#k58xt3ZVWoKk@nBCDv?q|ypl_`Rhv9+9ZUzR4ljhHgftBDIy*h8nb5Ej@TL
z=&2-rOewP}e4t9!{y6&45HAbyvLab@B($(M%H}My2x7%%j};No-L{TiZNJ<#gO%S~
zsy%u5QYzCABcx@nQ3I<+Y$NfEHMJxnx%TTFGEC9OcHcg+0k`C|?)!Brr5LBLt#<j%
zd}iqX!q44sl;3Fnm*usU<<(ODm-hOd{_i$E*X`naKu)JV;|)?jaV(rK;fq2yV<WJ(
zwEX>2=X-y7eWTspSZ&{iJEw6qxOfg2nZa%6fN9-a5}1=gat!<+_628f(f_bq5Y0E!
z^C{(|rLcE2r4Sr#6jpaikzR5Hhs|kK9<ikdf=X77L^CUG)qyYH;Q_|Rf4|mv>~PS)
z$C=KTrj(GuQxO+3stBe@ZYpgS{`lg3*}VP`C5P#`-v?ejNpC2e2x)-M(qL4Xprq1J
zw;V*YeKo^+%iyz9wzqFP-XN2)rkG$nPgKG>YNX0{Lyr?5h@~X4e|2r6sf%Oe00||G
z|1Z4G#7f&u1Ws@*hJ6(y<8r?6WhcOFRfyFhASUe%WuiYJzl>jKX3Cbf@W4#bj;Ze$
zkRz0}QLEaM_`(cyis`Fb)>}#w@tQaE&2BFQ?>L^gzYGK&tMsXH^ozmsr+R@+ialJh
z<y?T5F>$$weUm7BA)m|~o6H?i5xw-*bM}J2=(kzt^78GA!#BH!xG6CV+OiEkY(wDx
zLi@S-9m|(U;)P%5ww!jB7Jy^pzk%m1?EuUPb#uwD_-LM-{K__~#Od>i%Es@@jRMK~
zy#!kNjeh34|J`W(r_TENTIv3`(z(0;-Nr}RSMUCHXZQ7?6#_~>xc-EI>S`#lY^tt?
z7&<QJqyS+a4$dh!3s8g}#dX0rdkLADFpbI@5~C=}kXC+*dKipGBHEx}C@b7bDY-m!
z+VY=qpnMKY)C)g_gJeYFNQr9n)8XOkrRVV9!OO$fs?8>9A~5FCF!X~_kcK4S4e*l7
zVm6(39YZnY9Cs-|*)5u;QDTo^NHOQ6mu}Ld_*I9eVTJ?IH@p*6?!okF0#Tm>vgScX
z@zHfJ)M;jCKt~~1FAO-@LSSEmvQvuiWLfkCs94D)>WwH&A4qn9GgQ7r#8~%CCJB!5
zld2$zGU;KMWvCsg!*{CPz?me2L2`zJgsxg}u=riHSHoyJ<8C+1I1(0Rgpw2mJPz(Y
z%2=Kl4VoA?3f}Uvi|0}=!7LR+3J7LquP2`PahRF8ONcKWVycE$J^fZ9eQ61<_`;UP
z#B=ASSZiCOKv<X>BLs}@Ng@KN6Je||n)*JD{4B~s!X5@*MloDvHuRJOCP@e|oXtov
zqsGNlYLehtKc;0q4o`zm&{X&tSXV%sLG&>c+|~t6HyK7%B-Mo5R4)lL1S|%JI<q#-
zhL18EJpjZVUS1O`*u@0k-10E!@zVS(aK|uZXNm5u$;N|Wke%a-p}Apbp({;`2I4)i
z_iv(6k*5&kf(;ZdEFF({UgHd-Y<1HJ4l#eCyor5MI=3uus)!#pl{?zJ3Ad6N=YKyR
zUCh^`>N6w%cYD44s2Kloef=)~_pN-cjkm`SYQvtJV^SygAzQ~FJ{hCsJ=;FI$9;=j
zMaKDQl5Y6VXve(*Qg)1woeeAaNc(klRa`|@mfEZS^7k9ds~hb#XTx6a?5?>vnA@|k
zJHYtXqI09@lS2ZX;&!@hy?&kjvewa<jf>J&jLgM^qh3=6F=A|@Y~A&HQM{`HV(qS9
z57{tFYV&H_wdsj2Fir>Mw=H<8OXQ=90{KY4ALMbnV;7+Z@LF60Rh2%~x&Ebm&CxsA
zaS)ii>t3}*oqY*;S7tRbm4_>5Mu7%^mhhQB9^nxgSh*s+!@ZZg`)>~cM(fMi95DI;
z24K)z6+i<Gr=Oy3=)K;5gC#rUtYzozQni9OiO+|et1ipVk`$O03f)L7W1Q&6$O575
z4D;m_4;0q5r5Mp;iqsmPU;u)|KTpP~A1(p|J7{@t4|d<6a~Cd|_j>!_;OG4}=pInh
zegBvKhJI(Y8(7vCzyS^LT0n$t`}N+9Y(}y_Aj2MGW$^14|BGj=2#6oR)xpr?d<kL8
zKaNykZ4$LN((^h{OF;mqDw;##0yllZ3Eh_67@Ec)m1x-p67^rX6Zq!~8%g9`$8pNB
z(w1PzN0p-_;@g7a;y8=~4%CcVM9o@6-0;Ocfi2q_w(v(xQjPgGjz-yOY~V!I<hfcF
z4yd;}ePMuL+Gp8Ubpb}hDlI|3D{BT_oJYM;)i~CxZhGpFgX~kqkV}J*1@4Y6+WCaC
z21not4kB+wqo!~DL}1Ps{2)1rVoYs`NG5x~s>gf;{SAk3*41lRy4GYa9dHsiyn}*p
zFAg!(>}YUaS_NzeZ)m^PIxVznUs-8?X(;h9RzzDPc*sU5N_0DUEI8(x89MC|p*dDG
znCdaqX$(>ffn-Z)XD)dqdKQNEsdiz&ID^toOsGRf8d|^Kd)T=DZ04VuRXu>)7Lbaj
z-vc<c;lGaAxRf8F)3p6T>omTm>a~b}0Y?hv`!xOAqkl(j{?m~OTGa>{wZ4|tdSv;a
zl2KE=cE8tB|Az%NgKik_f1-k0(A9&^+PeP`I<rE}0RC9}yaIoO00>>GdWUvR(Vz+)
zrth(t6s?YxXg8LjqIwi7tZ3v8UDd2Y7@*Q3jjK2C2QDfaU)77Kucud}M#s3|*u}C{
zWnz~C!D&5l+37S|!B(()AnulEZ&&9t5|-E50LY`#D<4>rL1PKt+X$W-cTRFtt`|`&
zYu@iQ39o2wr%h}{Io8ygwV7KPx<;f-Pb$fA<=&l(kWd6?{3ow!mr(>Ip$7VBG8@9F
ztT+NJ!&0l7KGL0}nm)H8PU4uFM~t8;|6YLP@-M#3R5bvlDD4!Q#S;67XPKSAEC#Mm
zpG3~~lirY>#NY1esFxo4P;FD{6%6;RZAyu>SOe0l%&$2kd*0FyEQe?0QO9wZb%Rk@
zcQAsgkUJ;<4Rb=*{{C+1{reAWpQw)@(~EX)v3o}8nTx(MP(3R38+*Zc;x#p2eC<wH
z6{Y!-A0}r#1?o8+ALVaTkL=RNZ><e~zEmO(8)g^Khu~r17UQI<juWXsFuau5>nW73
z8eMGuuL@nVDE<fp7;YS0zIs#IOC_^Vu(iM;X)$?q=m+`{;5D-~8V^VG$SRIQr^8C%
z)#`q+VN23wZc%f)SqkS=7JoFPP&?M57I{p13zY)E+C^-T-b>D6aceLteLa-(+&Zko
z0fL1_*d*~fkZoHv&K2I}qYn&G=BH*5D-C4(xPuuMrsZNiu7Wi%_*Jjb!McbS$wkZx
zQEM6sp%Kh%_Q61sG->1~$*_y~)-s{ZfUF^{eN!+&uZY>hHZ#MUfzZ5R&}<H9;8k1a
zwkXg)m&tcH3UQ3U>>U0n+(Ic?3Fjg>!(D@W!iJ*|G>aQ+TX5UZq4z7UH;Qr4EJ{3`
z5mB-KF+<b!9XA)F`z2CNgSi+f=PEZ!%DD@hlmn23lwW}=Pa(%`CdVB^jxSCnmDG+%
zqd_YA4YxMTM7qd#`tsg%XeCd78m*kTLuGGD3rwr8e{)vvy(ybxIv3VG>(zTvI*SX0
zVgNWSIF$+PtSw)J1!V6b_-9u4SVkQ2W(;8YLIXHS!%#^sE|06%vaWND_m^>0EgQ0d
zg@tO@%&gnErpO+lo0+1GlX_MaH`A&cY2}?0M=RZm&)0RzG2yiODLOg5QCX>xg~D9Z
zsE4j{3M`~7aPPZgKs+S<qacM@Qvt){u)EMFO1^|LPVyK+*SlV#%TOclA~X>HWXuA~
zJkFTe8p{YU_qB(1!KD#1ZPnpF899DK?|(HR^Tv|m;=|Tyf(eUi!zjy8tcpMJ+FUD2
zY)MXR)u69@7pAYa(75mH*uIGHsF=v{sInu>L%&;mN`BUafPE%B`l&&`zAfHz*pxos
zSIu<$_Gaum8>GaQa7#)NfzqIR5}l{ERBL+oGT4>m-_M$ZFQr9bj2JtTb60R~@Mhdp
zJvB-T1Lu--C4IpHouz2YBF`5vzLl?w!S~uit)iKE7I#D%g4*8^#9Q@N<Bv6i`!LjC
zn7QaLOEgtLr)rXn&KAJfgX3mU?NY--+<Fkz+<2O`C}#ItDxoG%KkTU&s8e3KQ8L^p
z0Q}>mckY0JcZ{=ygnF7=VMc;~wp6}v-HPhe>_h4u6X0o3Df?V~FT;ZNP%xz{QVosx
zj-Nbl3x&3-BfGvsEA&Vd(P)&Z1}1bxt75K>-)yR3-dGEV4=+YFtQz!{sRn(WO*N<(
zQw^?Mq#E?JL^br&2~?x6FB@i(4y{nSAop-9A``;T+3y0v36$X1FB;A*xu6PG!4Hnd
zrp}(i(x^qnBB*=o26<iKm?hwufM?yI65ruBdx^~(Yl-pUj3q9X)>jK%L7r5jgw+Fm
z6~!a9G!rGL7^4JNc2I&DDfiyvjF5g6Za}Eop+ZW?6+7(^H)aYnY^0ijGqCAS!f7<X
ztg*BE>G9;<?_!6u@AWHd-`~3Z&kXx74D)(r1F#wPU+bNfcFF#G_0IqIRzBCuq2nz8
z4W<E|{O%w^UT>N$SnF!WU<x_O8f^W0u?AaRYOnaqk2aQ<H#)0#)?l-HzBUuBi6&TL
z<Pr@X12g<RzkS)<_G$%tFGP~xtHGBg;V;{M&9>+2C0!O#qR24{fi+iVUEfg!GP{6n
zNRG1@FNZE?5oa+9vz!dDwtw7xb!d*oqrdFFIoR8Obprs!<lUM75@zL}h8&`dJUwiA
zdD9=q{bWFqn>ex>%9JUp=yi^!z&;8KDx)HecT<hgW}6049I8ld;w%8{8x>G9+S1=R
z_AR~>ofJC^U>n>dHO9gJut&`ZYbFHW*~|v%aqyv~c~HFp5hSrKK=T;L??-ALHE$fq
z6-%=ciJt$P<lL4hL=O?rgo98bb)q@yGS<AO-#U3_wZCIrqK*66gL>;hqh?zTu)MnN
z_R}cOwKfa}sF@GZ8D#|fFjVucIdU2a_a|dOhlNz4wH4+Uho5-`{5sELNMZ1gF%8!M
z(9FsTrB|nVdFEXr>723JM->nEBu*i^3@=U<6z^xXlGI8q0{?}(x5g@a{F6t1k<k}s
zk_DLKD~Kp`9!K@ET9oDCc(~lQ`)I518|4NtOZ@9%8?n;Gx;$SsqJo@33g3|QbN6$e
z2BI>_Se*=a#p^y498FCAu7;=EV)t|$e++xI4~{CiOr!)36*iq3s+c>VXE&ogqX|>!
zHOrTc<fj*<`T68J^xBe1e`#9gTSrIeN##^_kWls|&5-iX10?~9;=?}07<5VOBDF<@
zClbz!;<srS`&Txxc_M!Iwmwm|<YwyuD-fH0d%e^tsp7DuGC5P?Gc(;<X((t@6R1##
zoS>eH|4{6Q`gr0myHY``86Hd10x)4Mf;SJ-VH5`x_<iTii|3{4%7$T#YB>s(IttRf
z2yh%iqf{5~@YEfvFPs%BO&32ZB)RU*DS?Dw!t?-00IMchGoZl$kkB+^lOuI5x)e%%
z<gLP@+2?=78tWeBL9i-<`bES>mTAPy9sfJp=%|!xT8mn_Q7lBUyCUU5ZTWrrKF0rQ
zWxR2AY|)7CuT)7hB?A<6VMh&j45c2aIXH=ASa>#Z_Y>Fdda1wTkAN5LukMf_I;N64
zf{9Bk_ewH;p$msF^OgfBaKdaG!xtD^ee7ywq)D_Z(I)T>N4<19!Dj&*>Xtngq(K#5
z28je4%$?5iN;oZhC6Hxau5W7MnxpP6Vv}{s6Paw%stPEh3<F{1wb9Vs(FMrzwZI%G
zq095kv>BDV9v)qFczc@k;Et6>Hc+96Vi$|nus-}>Nql5eaU*2v^5gDd&1%ijMk^(H
zm$#PmF~i3Iiz+HyasMI}APs|Mz8n&=sN_`@ZKfG(Mzo<fgxNH^8^4`83}xjEPA_V$
zi|U}dK54Wq8rrys=w6%O&=+k$BdV=%I6`{MWyLgcilGf3iD#ksNq>xilCT-%KST1&
z>3s@f8bKHf3lg$L=_zb=Ex$WP!GHnzkPSTCV@X|56?<MolSSay7J<^9<fk>^{8inL
zVK`bua#E`{T$pSeWLpgm$y9__q@itv<}hPp%Sze+t_2erTo#R2x`tV)GIW`I>*e-<
z%cK2rzxUvN3;yxz_j~xiM!|kWcj|JR*bPk%+nQ^3YP(doUgT^TdUG{gKwo2^#Rw^8
zo%qKfE^5!>F)ZNRSSu_&;Z2G6o`_#XeV#6;tVS2Zm}71LE+XANMKic@6=KVwRP$YV
z98rIT=WJ-6bCiD!Q4;0nH5bRr`$IxL&pRWxx#M&7X8tW>+wj?&r77UG++!SbyLk<n
z>;ZId&(`Qh`5-;*poeY@aFpRmmD~6=W+8NL5n0=1B27M@ld}XFzfxcj*Z}MTo0yOw
z<RlT$Evlu^3K?K*xkZf-j^U%%Z}$KCx3Z~|;kDr-_AnOj#0_yWDRs}JQVVb?S*SId
zZgsLJ*^=(rM#L@vJOlAZ^qzh=uls3mqRn!lg!-+^e5n%9AWV+O(V&M4`6@L&F9JcM
zv<wWREgN9SFCnZHJo%{uI91Eo`_L1^(5vwO_*7X`(Ram>t+YGe>HS=+MuXv6JT7$c
zQZt`CLq(3w94+y_5@T7^5e1qK2D~HB%0-gx(<M<$@|#u}99Zpxf*B3ddTWRsm0_d&
zrhm9wvrFY6zg4$urfpxW%>by6L23M8jF8WxZXk|7%tg`-04)RXwjN+0AhldHD%Md@
zw4q;&1%bPWH2-(CfK-OjKLb5x=QdY+8e~zIxjVm(%BR-x`fA<uLfjv{cKRx~n!%)$
zQHFJ?u@|M<w2)zJWdAg1hX>_pI6~^EVT=z8n}rJK)F28uP)Ub0B&#rz!^*hGxLmS^
z;+sdl;QWB-2AR>}Ph&|(YP1SdI!0KzM7Rh``-w)xdym}zEwqiXw8B0thRbX=qIzuX
z?_8Bh_<1ylx)DbSOJYE+%&ZL5o3R!MdLDvUc-ls`vEHq=$-n*7|8Ch_2Mm>stsSq)
zECHRZ;pDUzt29%(;TXsft1%pnbDT(o17ai#C@hnjByWIN;1n51MhGZ#V8za=1a#8S
zkjTpxXH#)xS#9%doXOjSxX^r$+ZRN)l!;b@S{LS$JF6unFQbFC(xQu^N2FmdO4*a?
z7nDE{S5qbPmS-(&h4I#v7uizWVp;U=%vhi+im^gvMpZQyEJInu8l`gDD}A|*OJsg_
z%4PN8Z|>9fPee<+UROQ;X?OdXC6j^=uC!?}RzuBnZR^ove{F&hoq*hM{|4#}hiDha
zQj~$(TTKC>v%KoUWOZh(CtH4dd0Cu1F>X6rfK06A-pkRuDoM{UOKgwKE@-J0*;E9r
ziQgD777Lsg&`u$WD>KP}WED`dX)cwj2kX$LKr5mD=J}4F1?QQ#a0*hree(kMKgLMG
zbXCV$G63?x(a*AE7}~9{GeAZJj@CTG>?s_fP!(fq4y3lKEsNml30XG+C5)g_a{qSj
z3;G@29gJW_?{$0YTaNf8wykN7Z3`>6WS6<PyWH>}`fbyi$n&H*{>2Ol{AbRkEYnkz
z0Rmy}e#8ibfq#lY*v<^-<;*Hkkgf6~I@bBSjdD|Qp>VybK1$Cp(OEJQ6+Zkzoy{2r
zy@T&(L7X?0zZ>b2r4ZT@Q8*UM6BkNToIPwHvhTa<G@f*z8wnc;eyfiL^}QepCW(?l
zcoHR&Sjpm<PD`@L*rFs&bILWW;?B9zs*neYPzH&FJ%_>q$ROQA5b2w^gmMH?_PDXC
zXf{E%hQpGc8VR2>x~5Y{|H6y5Ut}|*lNbfaXcGW4SVW0H6r)W7M_1%guw8(nnmAL~
z^=3ctHD3{((}^N4cdMRO3y-X^QBX#VwwlOpk!ViL=>vN~kvG|MoQ!xlKBn#B4VAh9
z@-v#o@nu2zd{Zzfs-}f~ye)|bF~KI)ViY)nxQZpvcj##=R}AZ+>~#xNzqtELFd}4<
zZAcmhfCV}N7YA(4Q)|qP;;1U6Zn2@bHYzzIIjs`Xw5L*|;=!+|0lH&MFqPMu0yjL1
z95bbpVv;qz4#0Bk&fi|H2_7B|x3IxxM=;`72&1=bMc}b339-tP*CbtbgAramXw{cK
zFP@#9E#h5v5hhDwMJ3@g6VjtnoRMF9y?=06a~8^uxlm>p3Xa__g`VbnFm<IBQJ!q}
z&L}y-^@T4|6OG^PF-~-UaVBC+;lH+F^#7924EujLA+DPJYo`7G3MTt1#D85~U%Rva
zzm3n$B&iB98Z$*9*O8p(O900B#^IPH|5tl?Y59@Ayt=Wvys`HE?dJcoAJGYMshnUm
zssEsiU^t&6NoA5J(P&DJF1M)iO`A}GGEPwqOn?HnreyFb>^X%=r8@4i01Fii4^Bsu
zdpyC@wz^A95%%oW!Nu}}`8Av_#{Mcmz*ot?u!Q!&E0$9)tkTv93&pKBx;Q67v2%)D
z-wJbT2IQ@Q?KZpidXeZR^3+6Rx|7{px*A%QayWL+&DSGrD6CJd7iTpqe^FJMw3+#B
zCZ<JmaxPsr0{lq0M?PA=7ZiA7B~q|-N+#a0WF`=Dl2Ux+nC_^+_fjs}2Pn9KO&s*#
zHkM^Km+y=BH*f4Z`3+(0<J5m3J(sB)k~g6~@+yjturv+UWW%DCgB<vE-PE7(TcdQ1
zWfo73;`kg()$2Tr23Km5O;FOOw&4CiBv$k7vl=97t4Bd~Zy-a}?{C?sAA+*T6-a^i
zT_hM1o=j00l?SYR9zq4AD4QY~!ITnY#q408K@+{Yh(}oR4_p4;{?W7jSG$$z<|=Z=
zx%5vE0=q#$B4tlQ``&T_HOaR2Wdb2R9W6dNJt9XP8DWVxcwu3uY4i@?rtoLp9j28U
zq5;Qw64W2m>jgp!RFM&p>FLE$@!E0mM+~Ws$YyZsR&Z$|JFQR(kqO_v>#RNcz>tui
z>&QhfykA~02w=Cyu7en>*MID$X`CM!Y+l;$qcuveHW?B4EGze8+Oz16RbM5*q=mh9
z{tFo|77_jq*e-M_#yo3$r5}Z1dK0*)kr3g6D2N@EP_XHbj?_Rhg^#k4@j33@qbR0P
zZfc{AK^PzL$dBMFnX3}tgHIX`rs_@~jDV8W54MR}!lzCCgAH5}c~u_;<edXm4f(=0
zP^>P*sv_m9&K3*hPcu`2BmCQB@}|#I7k@+xc?$@nBaUANfoPaT45EiF3eh7MhjhOV
z4pG6T{JjP&QoURSi)bttLL*aSCLUcMRjU+%{niQR>mbWQ<|8$)Xfu>~LZ<+kBCvDf
z&1HALgsjaz>K{A^22qeX+@a>09#|Jt+<{Fs-Cnh1M89S()Xt$i0oggq)uh*@%R^D3
zqWYWMK{T4&e2u2A-lOrIa0c`ob?D49;;%59A`C*}K&9+0&szQZgVKxYJs4R#w0gMG
zQn^^Aj7fc>hYvS-Lhz-a()=<HP%XGrPM%O@%P+Cq4$plwh_c)Q7LueYSQVaM7F5<<
z;6ai6T>xrO^AbS2fs^(S&RMb>6XPh(8;Y}(qxYH#jD4{rSmx<DcU`xR*d|d04*d74
zeN4!mPT%L`w`u_@Za+WTdxcruu{Px!xna18!zz4D!(oCTl>4%|+j2&hTL7eZg*uR|
zlq4Dxj5v!<VxX(!<Rrejqa)>}nh&RNJ3L=Q#bHVK$1ofM2G{?@1z-`h%#fcn^hFqd
z5o6E~h7skFko7AS5ZmI@9Hv7lTA+=4xZ`19-QmapyY>JhJzF_|pv)htB%oH~yps#$
zVX{P{s#w+0ramUx#AH#Zk$>0&FUmpOZBP<zxD8yCeyR^FUw3p~F9N8^_@md-ZPq4)
zUu>pw!Xm$Yb?|z3M<mBKd^8eUY_LKk7mJ#Ro}1Ii1H<Gdw?8H}QkN9?dHZ{wGAqsA
z@D=-fzI#mN#+GY|+1Grbk;PbgplM)~`C&v!xzD0OuN!dYw7_TA2P5u8{VE-P&fTJw
z9SIKOwjb2@UTr^n_U35&)!!87<y<U^<iRabO<^Wc5dTkq@++xE@%Cd8jX4O$3}SI{
zLUAP`aTx-kh=U7<`DnwJ@@{AJE#G*n@TzLA(o8Re9+PuuX%2$m-vmWCNZ?kTox{=(
zwQaqK|JfKeOE?kvS*V|5I@9DVZuxtd<Q!^1JHsIT6b_PchPJT*8c?GVKgOy_(vKN?
zg7yJ1Th~lmzK#05u<zr}INCnke`O>iv;l0Q(j7HRh#bZG_NPfrL}{6}kW3u&pDzEw
zTimiCFEKxreW0tOw;#8`Xeu=bd9rR0_v<*2+Wm1${r^5jnD|ow{~g1BUHGpD|HT&i
zq-c(~?EmXu*y$EZQjEqN%XCNn!!18H6=1T(GIY)GpZJ}%HEihEeC?XAJ^or%7eQrF
z4VoQv8t}EifBbmM|8BGN`gr>5?)29^i(<sEwF`umHfe=arj3WEq?P{);fL=&U->hS
z{paZw`<QP3x!hS@>y+$2AFbTkf8NFi4ux2s3P1VYx9|fUbky&!Zy$PyN2`QHj)s7(
zLvr;+{U-?p#GBI&&XM%-RI&Skb{MyT4<RAz2n(@y35N;h8vOu0O#;cUs2^cra`uL&
z(3BF~wtN|3Xe==Gfr^~5whmCyb4G(8M_F$s(QDz<j}%`Jd<vog+3r(|Dhl)f*owlu
zopI?0&@r@PE0S;?j!HlqI|jh5gkg+U3n*=t-0@jU&&M$V^U21Mpkj;|(XGWDT-YO@
zm(~Qc-cvH`ZLfbVv);0~u3CHhnaD-NgqJv`qo4O)t#sV2K@5~SH>X$$Zh99Nh;81U
z=%>1?Id7cP`oW1`Ms>S+DSh3hcOBgAre09~i`QJCgMde0n^ND*XV&?jT-p0$_W9pg
zFXn$(Z?CN0o&UG-x&HHgG|rdy$C%X!-PH3m;6$hMxql?${2_<L^7l)f@BQWVjdpuu
zwS6mx1Ui1)fUCyu+O&R0$mKY_Zf!KHp_8KsdV>=u0&XH9(vBYE_z(WT6rdP`_Y?kL
zr(gQF$y)3O-Tbq<Zbu2+d_$c?ds9E8HaH)tdB|;Tackx=w1?qB^UpUTSl(OO7tdwZ
zIbOFRsB@qvMldE~UTsbe{A~A>#BH{$qKj!ZME16!gaodHQx(~Hv461pOc$z2LfCRa
z32<sk3Ik#ll@LFs$T-FTl`%uACKje>b@#Oi=6~2{_W6I++yBh-f3>q#^8akFKDs;q
zZ{wry|NBQjnHvuN`0AX2eevgk6>q;JZ8w#}&m#&9qXJGq8x-%8G)IHrJWM&12T;Ud
zNYZN@Q9>i)J2%|b1H6z^!<hIxK6e^%?%`2p%M8fzodV>J`~5I&bsf=0FwPS+@aj?&
z2o&_A7y@%$sSCGE)QBS{cg5m~F+)S@<=s*16q<sP7!TUdsD9N|JW&_%_HW3)R^81f
zT*UDrrcO<aW<c7+Fdh%(<dOr6wG8rsI&dB5xK0#KZ4e^=m5sYyxV>T!&U2-cG-njF
zu-I;vs^eICKHiy44L<&`LZ_)ZB%zd%Lt((CV-&OS(TJ7rLCv?X{`_kH=T}&DMf^Bz
zq)ud_66eK;mY_Py2XMREhkX5ka77KjPJ`22k%k2gj^bE+&Lv|KihhVwk{K!Q4f_L?
z49u}$qhhesNYxmzMI0LzxYE$<$zodUCRd`^GnfTCkv%6-<SCDK;<SLe#v_arIL1&(
zx?462Lm}GndCuB?o(&QZY13`t0j9{B(gJ1B!i;x12!_<Rr7qUQ)k6e8nhYkvn7G$z
zFvbEGhB39OVC+CwSE_(9$t?-UXVGAQ(a6ryC=cU{!&*Yxa6*o1aGxZ(y`hVZNDIB|
z0XdMEUK*i6E*&>f5!fO#%Hf)FB!ox9dUFnZUa|ph-ElUpn(l5=;MaBZRmiTR;5fOO
zb!pl(UCGVBL98z{y-hu5{N+Cw(X;Ejt!>V{rEEGvxP2DE-7){y{+Yr5bEKs!CV-vJ
z|F<7KD#`yIEw9}1|F`nFHpv5iC_&BPt9Hj<^q)tA+)8XADFQe%8V04$u9*B)V<s`P
zD{Y<qb$NxD*|m+;&hI$;>y1RSpP6KJVp7#&4px<9Rb_bf`n22}4^GEv!|xpL4Zh)`
z^EaGrXL<EIR6!0^NYmpm&&d@A*owH9oMo+6%X|7_f9KB!d;b?Xd#vH9^rIL-jWMl_
zw5oOk>%j;NFayTq`dd$xKe>NuQW*#k>Gs(@?+(yU2m^gD+OJKlQ2yPbl65H7^oi*U
zF%u!jeV|Bf=x~(gSisGGu9MDF>MP^oC6WA0tXTL?O`~T{a#p8KRNgMrm({eYtfSmx
zK<m>WqWK;}zo*E;@$hl|(GC(O2BqpSccc=46F)~oe<vBAg)y*vCyny7vB5fEi5-y;
z4b3?I9kdzO1FUG?=E(@vtenmYu6b?GnJ{HEsMY2Hk}7TT=FyXaQws2lVKFr)rlsQ%
zY>^p4Wp+MpcFTwHzoXJ0iUY8klfo348qEx#QTP!%q4=mwsj{RXv68GQ;PBsv0-<7^
z(nI`EzxeONawQt6Gz}%njTY14Rdq56D3ofdHWM_JfVKz5e-|s}Z1?W2vprx3lGQy~
zYd_EWsFusiQkf@_iqe*6Ub-gqg!>?YS1=l-$taCbi5^FTio|(UnFy_Ye9dI=fRBnB
zBC^WkDfTH>marnl@TPViEfY7q5SO_k=a!VEN1DtTx~_xE0x>6>UKTWFG#p%?a^u>7
zxsn8x$gIjHS*Eo#ZyZFQvIg_Ci{0V7I*{AmAZ+5TPIru%yXbK-2J58p;K#}cibkhY
ze*+`=*7YGiE5oByvJ&e#6)LxiMo}xIr~^)(7}1DvOzaJuEoi4hu&Fg1z^S$C2XR-S
z3yUWLk*H1rCcTaN=XJO>mCs)Na54;w8C8#x6#XSpk(qX_a`1~amZ|_sw9~HbE>N8~
zQ(=qLGZ3^O$F(Z9y+$cvAtynBy(lw{M_Dmb3r>=}LNA3@5`_`7G@!v0{QsfGuEll%
zzmQ%6t<(jI*vF0j+vN9{NQ-R{*(n8PAs`crN;sw=vblth6JW_DX5dpP4)YAYrGy>M
zJQbLkgF+vyPdYO5O#E`ubUJ3Kw@z{H6_`YvVJ<9YIkl>WW)Wb_5W+B;e!miA#HaOb
zz+w92qbP3j7nBN8ZXCq~nnZw<1E(K`lrqkGr>O5_Bo=t-4oX0`4(tU*aWXzt{;<&W
zJ7oyqXDWj!BesTI&6DWqi^EQ71*N^Y^JMEr8I=9H^e{0=@?@}B1*MV6Wr|>&$@eUj
z2ZW!Aye)n#)}XTP1cpqFA1C?m>5QmGw2(4y*XDtT{y|Mw4Z<3`8p!4N@3|M&6r90$
zo2kqw=|IQXhNYQITf%8LQmaiuipdN6zXOA>2cxE6D=e1P=9^*4y>S;FOAP)D<pvpM
zJVv^#1d9nK6zQ|%1O;cDSFwpk?wr))+&>FB6>}Fli37~(GN-UXoh?CL6g4m-<{Xu9
zGsSRuGfo61-B`Uqxr;1dB}sPg>l05`DLOaho-vyV%XZE8wF49u-soMB5G*3-0eWS5
zl7^XL@HyI!S@}|O3Z#6wm4r_2k^WYJ-72KBcUP>M%W>92XR5NHuJEbp=aa50IIqHG
z1s)Y<WG*U-xpKH9^{|qUEKE!b&Wab7_~Rr%a6YPh+Qq~HMMnH+;kILO=Os{0x&oI0
zan<W@)eNm!P7wvU_uSHJXHI(aS-iB=C$)RM0)Hy6Bsk?u+=#2TO)tvO&p#t8fTA?T
zO7A=&6M8WVv_b=TGPPS0qG<U_S%_k0cpV}XC9bCa$*?3S3E-(qzIMRAtlUt2x^!G<
zTUA_5D~<^s3x&(-R|$tD|0kY}wwSu+vQ3k(5vC2=;4lL@kzjMHzALcb+5wgOT-vGP
zHKM*XsVyG5UB6oB>A(T&6z-sf8)vz(n>)^4qsHrojx$oB66eEfYm#gU`;_o6hwkar
z>U>MqSm`hx@am|@e7J~kWH7<4qv@xk7I7D`M41>Zq*EsEM+!yMZsgfw%setYqR9r<
zR0GLaKF&}$6>vs*HSNOuDH*y<-_BTHB`nYoDrBm6bJSOFBKLHZ$_2nz?3Q^sxQVAj
zdpfUO(Erb}|4`4a;s!Ru{`=AT>RQqMV{N5#Xa8{<pBso^Tr}nOUxhhZJd@lQ4fWDo
z`$MCf@gRs##=!}iYug4N5B$#hQoFs>{{H*#jXn4vI!=T1oSdrz%)pKZETDJ4PgwyI
zc4ZE;Ecz4<pjeEYL`DaRAM-f82iivWQ<R_k*oGdA9!<+9vut{3Y%#G1)eg)Dnlet(
z{bVpm&e$rOVUYRTulIbm{vDiS(zbI10-Bi$7fv)S53-MFBp$_|I09w_tVNik49Fjk
z{A0MzVj~gSmJ(IsT$IMpIAiN|onxC!8B@5Hqs@HNKTXc?%G{I@nz?5AIWoV;A@-!q
z#-jo52R=X0Z9a!CF{%^RKz$Akfp||d_X<06i*k^K&f3Z?o10&|1H*xWgfdY_cKN#9
z_~uS7)%X9vP7%HOi?`d#F6QXf+m{WDPE&k{X`PqhGH;qgllUNCTx+$d8}WR;IeH)+
z-zdPU9Qpxj(I5&^_i6aK8;&Ns{+oy5&fz>$3B9bU=zd{8821VffC9i~6>o-XV+CiX
z0lT@(0Fo4d5>if104Alz@gNC$Q_3OtRUJOzx}o)wOxM^D(RRkYzFst#*vMI@6B{Ny
zJDZrs%v#e|UkL;%-<Ke14b80Zi~CYJQ8txDyZf5)w$>EGdiNzFu*x^)HrmDXX7I23
z7_b>0!@urh#%XxNU!0f4TxGLztJM&ZYGUkf;g;^~NRSB2I9TQOC?7jX+V!n09RnXR
z7K+~w&(IQSOfFhqVV5a~XXFWn=xgC*Z-K{l>J}`87mPw^ZGTbKT~uM3jRl|o1mmdv
zKwmd>zOn0@Cc^S9Eg-W@!r9$8D62@30JDxB3Jw2-iSLimN?A<jfahkQaR7~vkP^ax
zNo;W45dde?TZL5^Gn1!JWt<?G=oR*vxp>X{){&YHLd^b+p<1#LIWCcK(S%!q?z<lw
z$}5HL$c0RJ5|O87XTy`gF2K(m?C<<}_weZ1?$ftF+D#NgvvUbM`HL!a40n<+i0!SR
zUZ=qs20m2*y@emL<~$5OhR7smB>7`A7#*^Sc=~P{jq<E8ztZ4@DXSWuDQ0FX#ix%}
zy(%QBnVs{&k^o0K;Dg$V#UZkA^+mbAWh*JpO~#?X%aXbPvITl}-CM)}9<Oe=Q()$Z
zp+`D+aax_ajp7Y$YEcqz90e@A@75y<aY<}I^r40OWD|qMH`Eivd0oSf&v=9P|GDKq
zR|o?zEB?>Q%1TN8)47ZPb1NU^|8MZ#gaNRh{g&lK-#cQW2~r4ldhe{x^b@+_`~0;N
z$enSTqGU+rQ4;znC)IVw5H6vHa>#*C%`9q%y>iOMclKZZ?akhgKOI8xon&;LMklAa
zU*Boqx~wkZ;@GQO)x`GO!=Luw98ix=(d&-^PZ21BZi-?>7{+HggF+R|3D1a|x<i(C
zCiGSX4j4oD86^Og5a;>^Qapn#R{b|{_Bw9D7QOn<4cK?hpBd*rGQB9~yiy-C&i|Fw
z<>iw9@7mhk`F|UqZ+Z85-}*1$R*Vv>esnVCuqWQPo;tl+ttEa1`%TyQ3HBz(QHc`@
zbwJs2PT`nFpPTdi6i@QwkW~((yNN?+(`rG<;;>MBqI4sSgt*zUv~219r~iGhvE{$_
z?wK<^!JkTMOFu+fOW&h}|7rm+{YplxvEU-HZlycoFDSUBFCrnP?;^bA0=o0*Ga16T
z)FfW+z1)=<KnwVWs!y#yj-$_hU72xEuw)5g+<+F}zS{e%Y0;kcl<7L4Qs5cez{E~l
ziRZy72OLygV1KaRfFCpo{OWo38><|Sr{UfEWBtW5tnlL5^B3Dc9yI*L#Q)=e6^nVM
z#SPW^tOl$?P@P~P)ipe(RksRRpnnl%q(|(9aMbj|xEqBTK-j=>LyKoyUGw$SQ&8V9
zF`tySfWj>KTA|=6WZDo>E)-Q72#=9af+Tk(R<acc%4x}0%LVlks+C|Jw>N8tIEpx%
z9kwQ-hhlZ}9xkEoWQya`1L4?HK50CBrRMM$$v0>lK+p8&)YIs=;j6DUNcF?X^T&ai
zu6a<N+MgS$|L$z~nW56&-=JwYgPGlgzy!x+M$X_+!1MH`+t5uoy_jVq(z8K;ypD0u
zf_S{6H;9~Ev{};@K^<GLCN?%WHr5z68*RNVir_Z9d+E?$>=%iQO(J|#M$;a%>m711
zadYp+J>1)hk0~8+U;F(1+MikcAMM^N_A#CRTkou_td{aWtl#B-xRuX!%XM%|8tKi<
z<PMIohLMfsG~bD}NPDTX>@Pps=qzt^R&FUcA^Dh|KJmV~F@|~1$L9^irGA#g3%P$5
z#AG~`r)XmxX5C;EQgE)Io3o`6ngQk4ZM&g@jOqLV6c6m}&ZetCr>8q_UOXp#aqWHj
zKCV?2+5I0=XiG}ne8OqV*rIjK@UirDhyX{T!8}W+SzOp9kJne{EIE$nFZ;{9-H+qB
zi~cg2e^y~Kn6qRr$xHGgDJl^Lu>{uYHq{gIGi<VI@~H$RWS+<LLy_zNU>Ry`>u-0U
z#QG|LFvvnvNZNxpaHmLmA(n$~urx)UH9f+g86BFoMnO-KSzNK9UU=z2Ibir@WT5cN
zs5=NSH3<JGLPW~{GEQ>U@jQe5WpstH7Mq%DEwqBu4pTS`(vN6GIbT1xP8WnK1&#!2
zUphX0LklL_&-gV!<yy0d{=Tw~@oTW=h4=8pdJo&G@E)F6?|&H;UjH(3-ogeh6@X_}
z86q-;GW5(TQ|bpFStZK-IK3FdBmZU$fc^*3x3@R~Hi0c1coa8e1OzxFyXswMZT-Wh
z^BlJqpLfgc&dTcA`lIi@-+sFDZ1;K1Eyz1jTHwIR|MU9j^^5JjS4|(j{m<L|!`)}}
zb>|KJ*?WHUV*B9mCII*ph5~DTqhQk{60l1_N$=_!!|2DK_Wt|NFJ8XdfBipi4i4Y`
z<>$Zt?f(YHUEoMgPNRQ(91P=R^h=uM<4<Rw&;My4{BX&Et|t8g-n-l(w!TQh8D8%q
z)5X82BqEAXRuM_g(vqnW7IzGdE@|g8hmB9U2u;8>?U`WKL!qFJWloZO9FN$tN{>LD
z!20yHPF^xcQH+Ysq!evTt{rQCr0wk{lKai$Z8xQu`@!JcKTgBoBYA)_4v=RxsxZXc
zLLPSmbjbY_(gj5-wV<u-CIurTuD0nvg+o7#Px8|SzC!Pn07%s69A#7R?l?_8QuIC5
z1^KlAFPi`nTi}`t9P=7;4#J}aY~wUJ19XkgB^owH4;_SkV>Qu_QnWuteKGdKRpSND
za1fTFX;WQ}QbB<obj@w3d1ID{Q*SmZfw|$H+{D5(<Sop&n>Q@;SDu+|=2u{uu@3%d
zD7ugj%;xMgg^BnRc35hFK(oc!Bm9RnD0@J-R_>6Xbu*xqrvGT&Y<bNGG8?G(e8_T3
z?&Nq7bU!YhCWBB%>+k#ZKhVp9Wu^oh;ibd;1L#{wISAm|I*cgxMH7<-V`Nb*Ll|q@
zEMn6H*2fBEE9e&@yJZK6$r3Q;##xjBdwa&oA<2Q)YM6`>Ra0>^a4ZS+a}6lzyku<H
zQO1o1ga|u|Nseo#`DuL3u9<ZP<6{Dilh0j}AU!C7l9n7D#}?kF3mYY`V}jadRq42*
zGz}79F7T5fmY}GMGg31E%C9T>R_T+fe5z$JDHZmwr2=#GcZnH%sRjYS7_U;My1=~}
z1dEF^=WhC;h8{k&Gh9oT*=ZVP0Gzsu8C3|^&j3h3x4+$kv2!D4-p?s*0`tIpu>~SN
zx+xMnO;q7~CDT>gP&GoV>8!1Zm8#)$qYq3!8}zoSp1;0Ys--yb=!34V>}7SCg{_4T
zOyO?;@Y~(-a6F*65`5rAu_CZcgU4|m4g3}BIJI)}qCFTU0>TF9h+NUFz^N^F8qDoW
zo<+e3mB}V=2C@WiBz6VHF)5zCFcekrM$q7b!YJ25zaXm6SOfLmVflv-anZV)#&>`Y
z>Mei8COOz6^!#r1gW14Z@{3jv{-<Ctwhnmw@S}%v+`e1>uqlro18#mdv0Qu3a-9#G
zwy+0Aw}MkqsLG}P<S&0->FXAsJlXQsH{DvDOVw&$s@8I;mIY8ns1-Y-C~ci(SPg2T
z>91Ne*X635Fp|vM+`v}cjX8}I?jzYc#J03Cx<W^7K-@=g=J+G{7kO=<4nFN8q~}dZ
z(A6YvnzmawVZ$xo_@<gIm7QltP2CM<`=HPdK+*J_f4+#<lCU(yx)u{Vwp|WE^`Q0^
zY!-jDz|~v|Pv^tcOX4ej3VZ-ft}}gdE<x}s%KodGdUPu0b>aQ~`+;R8FKLx=2*g)C
zs8{Das8u-%8}s`)sOM68%tKc2T6hvCDTcBJyoq{7wVT-&O2dYAKlo38g=@Iy0F|pg
z^q~u3WrG}mY&EJ_fz<*lz{PuT-Wt?HK9mO7oXiSr+3cd)+s=MnFIM^2R;fz+;#E2q
zud?#tgT1eK!X3^1*3I_s_Z#;1|E^rEeYtAOx*8R8uIxEVI=i@g0K4&wr9;-bu`{x4
z$^Dr|zJ*6k!~X$J>J9aL#eUv_=PR29yqrdqWTZ{*ZK87_W`9Ey<6)xG&&fc)6yn_7
z5XWN41_$RzH3pH(zfhLYK3hv*tWuvCZLw)qQbZOEK4n5)-)Z{Kv_KG>V&1%`#m`A!
zgmLLfnC0Sxf=_q+R?B}Tc}mf|rWbvRvIr&A$LIb^3%Wqz4_1az2T@F>*hIi|ZMc48
zT)SkPKhR@sNjB0j$Rg~KZMe^p@t}uEdeFYx1W~2t^Rq-HvL<@!Nn@dO&aB!o(C#xt
zHncVgFj!BI2M_EXN{G3K-Wb7(&0{MRkcK0PorOBp-wpaiPqmy7S_+g4DV!!-LX0ED
zL}S!hho8QP;IXX*kI_7m$H<W7>5|07q`zoM5@!n%XG-Y`&kLeC)%7S%FxRTcp;f#l
z&fz;U$y6^R!_!?WaGRU$1Ca$aX{BUAij7`G3T!V1i&!(DS(wKRX9Qc9VzO08J*$Ch
zjTo;DQwFJlGf|4Ad#OLbwaF7R{>65q(YUUa)Y4tOrW9S!0)tx1i70v_%Q&Bm&stS|
z>{yN7hS1MFJ~+bioX3ZXc6f^i$m$gikXs?o73OLM0=;@ipnr1&T5dGAN1!iEn}1`}
zw&{@DG|VQf&((?UMV97wLv%})TAHS2-BX~(Pz2q%>+Ju;8hq4$ho1pTsMrUVck8cz
zMJM|gZ(iUl)TUBq=OG$O^J^}#vI6UpCgYP+e|?#Q-C+z$)y!xBG!%-hcXY9KXMJ+H
z?}?dS={V1u{x}{WHi(j5l*FvbZAxlxYh;=i?}=4`dKV`oV&q(tvHxhDLzZJGD1;6I
z0z*G0eO4qdvXU6L(3ZSAOca}sdkPN*+GWZMGz(S8O@I|#5lAZYbAnWcWOcAH&oHR%
zSx80Ubi;^2O^z)II~Oy7;>37KF#p4Fh^OE69xm4&zzJ?Ix&KQM>nv#t>59loC&WYd
zHQZ{FA?!HZ+<0b_Dv*?E3RQ1VD>&P7ccy;O@2sthqEA^Vl5$X+6c%c&tcY51eR)DP
zvPmq|TJK0L*fO)LsaFf{^96Y;#*8AC&;|VB`$GLxz2A8=d-k?&RI5ex<Ar5WY+8@n
z^r&q=>d>Q3vGNK%Ua?EA(xX-T(HcD}^}J4x*X@#z=+Ptl(RcLdyJF?<>GAh=$!#9C
zGnGI+D^!2V&z(6QS3KL{XQhdE)pP6FGk)ekqo<w~>hJP%2TWnbv*-M*1iQX|egntT
zJ|%>dAnwZ721q-}rjdN#<kp{Mgm0ToD!UCOyF*dm=H%C6m)!NAJn>gQ%vBPFnaj_y
z?2V`sls>^G#jHaR&M+IJ4&fN{IH6G;5b0hR3^?xtoMS_ji|xnV&@SJUjGijizM7OA
z&fO#h>Q2UZ!<#bhxM8n`>56`m`70nHA7ufTWqoWIDNL%cqQr7OagC9b&QcR~CDt!m
zETMTW1q?c7_G0G^^FPEUWZ^I45ZB0(VAE`o;UFSjZ68G=0$N_7?I;#i$^(*jzmFFt
zT2#5_QVKH|))nSX_;JPE_D3Y#YR@X@sL-wz?NykF*`O14i?}V40MJ#R(y%l0qRj{a
zm&r<S0!ZcDoC?>K8F1wbTa+si2KL+Jao|(p2&)YWC$CJp;Q#4Q+QehlYFz-Z__>kA
ztt5|XK=ZAz0FzglcAm4O!Qd=7&nB%Tb8F>=yc*IuLyD2Ztr%EgL=$ZpuLz=otsra0
zjK1F>kTDH11PU-$nIqnU{`;AI_W1oM4jkfo!)M7wJ=a_t?Fsh;+WX8Zn@xxt*QNPn
z8)z8%#<WF`>_xAjkWmp?zi7daIfN!`W_BgMjiA4-U>Htj*d)2-b^u$Yc%d{h;9o{0
z0@lO_9q{R!BBms(;N3RP_-dYpqX80s=gh?H72}vPPi(iYEKtS_8!Wa^)kRJWBz%0F
zvk${>Tfkg&Tm~e!u{<#1<j55#7ZrrJBVI0ZbSfM;^k6zzaV)lfPcrGN%A-p%Pt7w=
z5P2%T_&29EWCHy=)fy@h_7%j}*R+zq8zJ_M-(F9{-@*;{(k}j1`0bvxNiTI@rT2oB
z>QbsX%#x$kS;*Wh=AtZyOtF|+b`08D*l=x5Cts1=a!8E_5xZ^~k$l;2OSL)QO{n@p
zV$Ar2HwR_`_6Kq&6zZgSd7#}_HmvKFpLafdD0QW;eL<`&6PrK?Nf#l*sF+_D7`OHs
zhSllOH^akCGBFcOS}EKSCf~cD5441C05SUi+4~m2xT-SY^xcG4TR{*|Z>J=gNhgz;
zByAySOVcK8gJ}|yl=2QYGdIblGjoTzcajDuwtxsei=ZOD3WDO|D#)(S6^o*v{;RN{
zvOYmsMO|G)SJvPC@ju^p&bjxTd+$7w&ZGr0N;-4zd3@(P-}%mWzVkg2u1a3K<?#~B
zuUYVtfmf|i;*gq)Lg#y$a{7$2KCOC;Q)EBfsI<f!!U4;0CDyzy<jwUtokQ8IWD5|b
zX-Y(r4{vc{TC%5L#)&f(e|h!87k{y(*|e|l5rARVj#ByeRW8cTx?#o4MA#!Ml`69>
zmcAlwDr6382T2gwDq(n@m<diq1QzM*l@JpFZKbo6`oRtw?()%o8Dd?uF{r7{^N8jQ
z2pdc3WOs+%hh{M4ijocIpC4v=c{JwWDtkxfgA@dihqHp2vWf&|do>4TnD$muQaA-k
z-3XsD$4YQ-NO1Z&Yzsf{{avNQC=`xUFwGbRdHder)3q2!p``+G6g&jLKYJDbah5%l
z0(|&k!P}=e{@ARJf0l;-vWz6L9kvKGrBl(pCSkNG7pLj|ad8&6CE$>Hf|N_ZMwHMK
z=v4`uA!cJ}pm>NVyPzR6N0=Fr;u_HN5w{$sOs1~Z?D&&{K23-zqb3b7JT$V92pf}2
zlYT~~$VQ&f0YhNNPD(()B(yUR6YwrhGx!LElMo7n_DlB98awQb(6y;(YJ8k}5J5~=
zY$B^@R-D#0(varc0llVyRm23|XgUaoH)V$!SNaCS>|cfKvghp}KX*cw1%Rg$UaFu8
zB8{pbuMlQALQaTNR9>WxXU2#b&r!5akij{*uj5>Rh_iG|jw*<z*Ji92vvbp{by}Vr
zAt!VrXF3%sl(I=Pk~Red;~`LTa19YT`p0eEgD41)It*?eBo(()yrK6qB9SHiJk}(H
zmAGJW@0ZeR+-%$|hbn>y$aE{3&Xv4ZN8-to=)<W>X)^9+Cw>VSz1os^UZ2N`s7SW>
zT`}g;I$E7|_4Np}jUp}++ac(#fkL};*J!Ir*tKOTijvJ#M?w`OuyE|ExwM)Z(Z_OR
zF(juVO1)7pG>;dV6g!l~NNWc*F3Ds>lH>^sV-;sfY2t}XESS&6tvyPC1ifxA74NMc
zmyk<7uZxvu>Ef`66zLn*tf&N?M+)}tx>4ulbj9C-2YNbn0xNV5^yJmy-7h)Nlcr`v
zWEfI+!%3Ri?BmXdsfJM#KZ^GITB5?2J=2Q0UC0iVb54H#h<gH_;ITvTW7aW`20xvr
zWDuc)%_bH)TWN+|*ov!egjDsp-Qo3`Lq()`+psoLFKh<By8BsIqH|YwGi7Bct@!%1
z!ybX*)=`B%EBw|I-Q8u0<mjl`Owb#d;gYlx73I3Kt**Am*gVTR0!Kx_W&q~Q;h${X
zA0Fq#M*Mi^k<P91a`=>z|K~7LKjWuZ{^#bHJOAU_)-`kae`e*wv&>>Z>g|esTI9dW
z9Tj>DoT9}fL3vXH(d4@rJsfz_gbp{kPD%vGSf3)a3;R@l=Xp5CgNy@*8`VPRM#unW
zKqy??#0Iu*QJSNzYa&WF9?8*4k{mCP@X3k*uSz{WPSpVb1KIY*^)XNgB((_*SR^^J
zkAguZ8qw$ujA~N1rr-$Wo9Bq;qmI3D^HJj@&rUXKF`7E;0s-thCg-5WLNiW3O(V{~
zx-w7mDElrXc=Jt9Cmg?&v6*q1xn#{p>{H7APhK2WA4T^6)-`L^dGbFu&*gufl~39D
z27GE78(j$i*`+&#_)4njv79=lMW9qi&KfteZ6dFQ$6MTcvx%EC;mfUO!F%sE3R|>0
zVPLZoJ+rN)rLFlaX(KJ~P|MsL8C<6pPr{WAlX*aFArcOtQOZnQ-hOF*X)x3zhqK{r
z?03>i$C}B5tae3CCmcM04+0_f8Za-urHLB}tG7$&hWK7L>=#VsEWD&oNC7%-+8X%@
zD4|vnVLP@Y_yT6t4A~0DjI3^rr&uPG8d?xe+gI(ap{3amD9^q^i}9?6H(*Xu5~hzH
zHw=?L*OPc_Go_?eGE5eIX-uDh913VLNJnDVr&WXaE+n2pd5Iu26ozcNG5p)?=oZN~
z2)K_x`amoeQm)ycaGb!}NlV%vcS~eo0j4GjgoU?`AwfFfr~@e6qz=M*5sr_n&_G&G
z1}+g{0t;MJ;HMQWn>Dh*KrX#IZA_+>-P)8A41jqeg_|2`QP|1jKqvsFwz4GyM@Ue>
zfejk`3;)6NFhRriJi_=_I3e~NUsO+H=c8x7jbaJ$NUafCFA|@M6RH|n+Zt8^gsiY9
zyD7IdsN5)_NUd1IS7e~wusvR^1WLcah@K{*Zy<zZ8`u!-+z{;uAigm-Wyo*P+|1J+
zG^6F24H~0l3B$G<D?IGt&C)@$R$a@19<_oPxG}_)Ry2&GM9%h8z!fER-e;h`KHy70
zEH`UXOSASJA`(g=J?A4UjAw&PgrgWa#6|URQ6%GmTc_dL;U+}v3z^1sYm4A%GMnM1
zIgY6tfW&$frc{D~zh?{ErvNW;c=L#+U10fy)=xIF{1~IOBEt@u5;VvRnJq2wx}a>4
zEwvCMKIa7^#t@Fhd5j|qd6@xfMbR!G4Fs0ducR&sbVM~a(EP0y<oA??k)RpLFsO)m
zX^sUr<g+8bt@L*Hg)fStIboosKDK<M#XZlbi2Tnpz#mo$@WS$cEViz>*)9J!lSgy%
z|15mUuis0h;QAlwMo^BGmI2%*H<anu9{C*LN=@FJ-~1_gs3&zbE9VF2Bat2w?qy-^
z%4elEg|yU_%Suf~Ic#cHN`t!?b6l4Vg~Li_m~s>)V=~hrV5syfN{sD3t&I@s(A0D}
znwn-Cf&mjoNotr-le}O$G?&?vEN?ZL#B3{Bg9sgfSGLl}iIAHtyX_jE%9Lh}!+g@t
zJhMt3LosQB`DL(pA&Und(F#Yn%?-8Fi3k6Xk<0m6Dnd>)vW*Dor*R`TR96S`Xgrm1
z&Uf^U;3h|&aZ^&fy2Uau*^;FK0GBeyE^1vP#vDPZZZt?<gdr_5)2R?*VJN?>Hqx@j
ztY_ywxAQj`Ug6P=UR9G;q$n6nT(RMSVgzZ-=7h*wG{b0C%bDozK!toYk;uZ`urM`P
z0-onzYkVr4KE-8@9fy^{zMkR1zAbO+8iMb`16?}@yE-~M2gtlIm=d~4fdYZBR~;Jz
zC5f#F5J0lxnc*~%EtBfhVFK0N-#^ed)Hgh|r9Z5YKf}F!on1X07ciiBhr2Z`LuAeg
zt-LsRQ&(4iM^E>8U9RpDM%v06IjhXwb@ufR4fO3C>Y`M@dmG6bY9g+h1(@kfdfPnE
z*U`D9V{l0BP0tLc$eBln4u_M5QD8@z)(m#{!}sAGJ9~z@q1WM_zP^6BYjU_COQv{#
zWYOp1=m-P>RFitU;`@;q35^6QT5&)>x{1%x!Y;(DQeeyG3%3PrqVN$k1CM%kb_@><
zb!_hG3b`yIgapJ!T1-7WrddKa?QReRjDeq>J9US^M+i6pR$8ey()Hv(q$Lw@DW$~;
zW3v0yBgtVSZH$7dDVQ5J#|ht}ZZDQ0_m+1AmY&iGiBDq~jzLHXqhM}c^{ktMBViNm
z9g5UryALhqA^o22-fdk2f(u_=Qm3YH#%M69hYG9+%Ssj}P?kogpbJ(D-S1=~g^G+s
zXE+cPnAk|jckfWhPBC1HxahyQg_{2Bo9r0FJGypk?iv`}-reu%Jwe14-hBmn?;Pms
z_jF%wnX!YNH!3DGmQ%i$StgKjR=Wa-(~oH$Nsft248)jea2(k`xd_K$7a#R@NBMXT
zGx5``Vbx-?uFDlVjO#3-r?SI#YeoC#slP-3^bD8i@@J|K*k|}kW5(_%A7=QV?Sc^#
z_zAG)ae}I3u)7x|#^H|M3j~mujP8raKtq5qtvcz7rDWXOV3dw~VTfMb`?FlOqUf3^
z#%S5ntvQ?{u+Pa?@Z2FSLIb4nU_*ZJur}0G*2|Gzi&?4)bm#P>jH=}5Ws`w`E6H}%
zYZ>a=m181~4qxHm*=@Ndi0-w5pwkkP*`3VjpkU!`cUm+sJ^f#a`rpGc0WD_#*|Mh9
zqyKG*&gp+=<HK#e`uc~u`+5h5x7)^E&XXgqBla}~RWT`q)Bq%&ptTv@hN(R##Mgmf
z6;t3Gip`kH&dz?km?furKO0S(@KF=p$~4i@rsz7f(u}sPIje%2Xs?;3^MH<!nQn3<
zX0<UQ8D*z{kAUn0Q_6%c3)N%5tK6zEV2;4Of(@vVDj*IM#zNa^w_B&pHe~2i0L87K
zlGH?{=q%c&rE_SXmI|tUn%bfEX(@NwOIISy6zpjn1M^fWqD^U^(J`%kM#n2kFhnde
zb~AlmewDIvn0jE_;PmLbd_4+2MfQJFOA-<M@UDN0-T$_%S>w6?jmBbg`~Pfw%DuM_
zBEdMW8EB+Y+T|~&HEPe<eB>{G3vR>ym%+~F>^x&SM%OM*2TOPH@{PmyE?Bq<j#Nfh
zWO05wrdgv2x52+~;!5aQYbwusyOFq&1mq06TB1iUOC1S2MN{e?QcSqF#Z*;TW;6ji
zh0;L&$S~mPY}gBl&_05izZE<p)1#UfNTEh)fJ(grH*)usQg>^^s!3Y%hgTjRbB?71
z=JCBC+pc3GfZ08$gAT}pG%1KPtEkH$k|ox-2u#c9iT5f-y@9aY*<NY|c@=ewg%5n&
zTeElW<{Va~Zs};4#*Z=;xGSggFbw`T^2{rO7d^Zs(+<i7I#Yl`Cwzh{+d=to3Ru{N
z^n(5XFPDkirRo-qn4~JOu#Hi6$mBt|;UG%nOL~|kldEA?bI$cE=L%n7p$jpwv&dQ|
zDTBekSzt_Q<bQO=T}+BTWNa*pY;2PJ<z?Bx6e~raKulY5E*HJzrNDaj-PqR7;S0M4
z`hs;?WTwvVNy=Qg4v+jI0=}qOhNo$5l4+btRTv2E4>i$HI$zOj=|v~=7Nv**BUNW>
z>cM!m^fqj`yZ5|~p6*VLVm3sqOEHZGuFk$gD`!200gJ4{MkRW-5{*RL6png|_+fOv
zud`BQcM-75-+~=0ZX!^mF!*2=!nP#_wlEV}bfBPw!D)<^UL9jFvkG<`1iL>_6hnP7
z1c)u=3`kT3JNsvk-Ja6{BUSuM>wC1nyy~QHRZ8(fOc-$+?V(NQeK{$=bO(|}V{<;p
z4IBJb-1#rFg(h31CJQ!#Hwp!ss06$AnibBz{K&9k7ePXnmtEewD{L;`y;WngK(5?~
z0PZE&t(A8+Ce&n3uFBs+^eMKeW5O#8n^@2~fwEe-s^<grw=Pf^oj4<<EYfww0o+@@
z<M5HVh24SdS9Y{1AN*nEBZ)tg@ne6xk)r6(O%WXxJYa|@#hk7-VkEo(TM;IoK`Cy#
z%*s%Tu_=&#q1Z0E3#Z~-$^6U%mutTAAeDdehR#Gnrc1cT)g5`Y(!FfmT@ry{uxls?
z=yvuYu@SzHxf_B_hP_))fbfa7Wbc3?3jNVI>Q4Dkn0k2$Q^2+^qkFGBX<noP$>_>z
zPBxN-CMOPgRnPbgD-fzJm_QK!X%lVKL$As!o?yY`m&tGb-Alt;z1kzV%#558GBV&p
zmdci%0iUIEShU6u1rDuMT+`v*-P!R2@(1GdMB5cy*K8q>AKoN_1RdRjBJU_=cDSmg
za5-OgFqVI@`%R!9JJ{>Sa#1ahdyj#90_sSfvy7VeEaSJs9PZjIxce9HKrB)EvQYgI
zU%Z<FjpPdjJ8jN_%WSp1$d1}*WToBz99{&lBK9A#*t!<){m-2L->iJN{l{QePuG?q
z!TiI1aAa?Yy43hM7)wDFA#kvgQB9W56mE|xnK~C9ET1)vmIQVsaB*xT*j68+F}>Kn
z#uGi6@vNS)Kyzn!Iv_3N2%56VDX>&@^%hY&(kw(c_7Y|?LWpcd<3=vYH&B4X%H~jW
zK(l+0<4uAvAO+KT;Fbs9po<_2kAacPScphS%Z-sABYE%6sI|&E3})37UE35}t3+dM
z(dM@3x=LEB6jVJ+0iQTk&4qkAN<PK-f6B^KIQ~;?U98m||8ZS(&D{O}tbEFLHvu1r
zn=rUzs9%XEbqE1iGz^r7=NAeNB{MumnAALP4U3}K(iCe|qGz>5Tiar5=7K*J>(@W{
zQ``VUJ&*x}C{6amQX)CAC{Zc~OmU(_k>B=9!xUc`rqe8?2eDavVi&M7-j@+8W51t4
z>?$Gn6l)L2i^iZTC%(x%_h*f<teT>>m}=T8_mq+@_yrxTI?_#ALn)<ZsC!3O-_9X2
z_O($KT?L}ckc~S#L1Y)69^Qly{aRy6)stq;VAsHTT>}tg3XwN%m{vfnive8w`v#!Z
z<~8`n0ApL)8u@p7S5F_>=>kE+e@?II1oQ!Qx<`2mK@_qSRoSwwn;bK<QvlEyXayh$
zmzJK;vql<Z#+uH)9Ua}hq*ud?kOJgYFhGGF?(Nvo6$oLRC4Zm+KgyL50za72)U-)6
z=RlG+2yqpvxv;Od3x?bXyHlX7G=MzMm}GHfkX1r_%`*02uWBNTsu=f786MUNTK8ZK
zG;$Pm!q;Gt2z%W&men*XNav3_uoIDPG(u(}NWWy-Q0o{BG)E$VP`)B`u7iQD?LB>g
zFsBDH8+6J-QnVbt+IH)iU@TmuLl&DS5BNY#L7<ajfDtHq2w;J&1ARN%Fp?S8lHn>m
z@<MQA;~6Vx8O5L&*wQ})Pz?1^7)XtBK>$aJAQ9dmGP;&221sYeP)GjRq@A`Dm~hj`
zW#gLAU%ql0^ahd7A~gJ2xrR&lxD_lm%5!&i50$UWcoHI2`Lvd?UlppJG{*FFkg&*X
z7>}8gMmAAw01$c@=%uG`TX*l_%olGFV>XVgZACaj<!sO%QrYmGNve4e#==tMP|^tW
z_rRur>&b>DaB&nLKy8dq$bL@~@z6!t#siJHh7*RE%67Osh`)#c6TS)Gc_}GMUd#@D
zr;qZ;c%!6)AZdwE3IKl5r5C3!S<Prh4!<Xiq5wgHHnd3Vi1b3O=bt@j-L7Ke6LSg&
z07sC8ie^(qEZ7bv0ajgz@P}ecN;6Gzv_SK#@hsVAA+hS7xQ5;W`6dGy6YL(ALke^^
z!G{rNPmzLk(wD&PLm0sjHOj7togjhf<b*;tK&+@|R6T1-RTGA!PsYx13z-l?XbLe7
zYrG|e=4!;^SOPZ#8kCN5>PUPXrh`_ZkHU1duxNH6u%*G5xO>QSjOraKF@{n43$uu-
z;&Ma@oeSn<Ldi*u$)T(&Oc0gUXe00&q(~=<CKFce*2U)G<bdcz&vZ+ry8NrKS1YqO
zOy`%@Ad~_3Dui?(MQ;W)Zpfh%FquT|1L0C45=0z8?F<3#Rmdn@VHL5Uv=b0a$qa%M
zXZb`sh_4L(JeYo)Q#+l+@}DEPdQ?@$$+VB=AQ@0DtzVJT=pkyvAmX~3o#F>K?TR!+
z{f)W<f)f1kqV_&bi_(8rD=`UejMvaGqV=_AZFEgy!v^v<S04s>AF~41*CuLHwHMTG
zuia5QSRZmI2TqxhEMeV7Di{qbXTb+FvCvgWVi&_4fuyTRH4A4GID=DtG#`^w4C_sy
zV>;+E#x*qoc_kq#zY19{VIApKy{U|<CPayJVF8<Bm4fVFk*aY6L&?a#{}fpV<s7`8
z$Tr6DLYM4l^=(Q${5wInIcN&LjY~|yKF3FJD8X?DCv<En4}Faopq!>*kiBnxLn2eW
z@v`KYWsdnRNU{LO)d|9{b6K03Xi75R=4`M6jz-`<*h@|ffowuHDA-+u|0amMir&ky
zCl}STEFq1+$T4JUzBi<9y*-Skl)gtx)X%V~NW`A8`gVJ?8v;0GFfy3IKs{R@`Dlgj
zbQ!`HQ-FB3FVP{xOhx!Bc`I_yyHABs-oiX!u}DZ963EV~AVrv3238Nx0Bf@chn$s^
zXDhV9kZ9T$fW}4|cRJzFx4?>pl^RU>gNpgMB(O^8r?C;93BB0^&*(&M%K1$Je^v4n
z@Cv0*foswFELFBG_^nKKW-GQVRYj!XiZ3;1eL$4sCKMan(OsEr^cw=YX*8aB=9;q_
zV<oQ=2OSI<@RHg;;6<E3aZL3IL8ZeG^V}XAv>|NyWTN3M%Hi%gLcx{1m4ly4(XTyq
zgfQ8>0yQe|4Ub-6wrMIp-`S@2oUf+YrpPF~=$wtuB}ln;G0syQ^vUM{frGiu0R^@}
zMi}{<;XsHjd6zAci+7S;CnJlgKJ6XVMI~zD@|<be$Q9aW8g*k5<DaqF_7_b&w1Krk
z@){#gF5)rV;YUyp0hLTh?3xw}fS4D6xAJd+a=0uQSXrxvmD+?-JEGKHpww<}tKHF7
zJE#OOApwI76}|*4(C&uBe)gcQTg!@l3C~Csb`IbfrZ~}Ivah%bisKQ|G&$E~^#tSh
ztR0Y(8(HovY(Ef-M5%x$<BRp|(HeMYFaKQG$t_TV;?|=wX$zdrKz9(nIA~4bjN?cA
zo)eDGk%+dAE=FWdMx;(4pJPf3#tn&`f)9nL)_`g<KjhYlz+P29zF5{{&vqy9dxaGA
z$gS+-B{=88(b&m4;pifq11}!D*}0q@zv(Y}2&dn@M{&rSO?qO=eOgLV@l#zCeL+<;
ztXZ#K%JiyAMCB_#zKJT((43LSQT{1r|H1s(537$N_J3=mYu0%4f32Id|Co)BZU09N
z-39wU{-Eskf7}Nrl~FByM7J|}Ft6x*mVlcFJ6T;5ceq`88h+xvv8ku@q)M3ANX}xm
zb?{hKMzu*rC;Kv38DggDgpQ_k>9}S_l#Zlngi*B&TAYTozDFT)s0FGglkDjz7NdEg
zn$jX-6e`kC5MaQ_HDI!><GDA-mkZ5Q#eapAQ8jK+8yK>k2_Qf@(w38y%86yg@k7ok
zle#sIUFimCnnK`b1IW6g@iU@FDt<-)psYYxi+(mUikZ>k`lufFl2F-)Gzv>&cvp9C
zOS3RQdtw7Mt57HJyvm8MXmZSQ<6&rA<7OR5W@;RC*FsbW_CU1_K^Ud#SyEdzyEW<R
zF;dzj+SU?;CgH|KOGK1i8l>bgF{)aMNVj0UO1kEa#xbB5=D%fmZ<*=Rs7>f%pb1i&
zND~@b*O~x?K01Z%@px=#+?%7BhEfrwV$>-_V}W28%<v?sUOB~L{ky`a!GvOv(ZP-i
zgt6Faqi94+k|ThS(-`C15oFRhxSTI3aA`#i!qBkUC-_~teRR>fm->OD6bjxdEbbS3
zOeH?{9GzL%i-bn7XiNp=cwAx$b3A7yjLCG+6K-?dm;|?1p&JlCEkiCT#<YXGE*cPX
z80a&XwgfLE_PBvGLLLuxC=D>HVQf38rO7M!Jxsnr_%J8PfjrWz7M}nWgA0h#yB{<1
z^xlxSdl_Gvl{V5NM7rM%=lueR)vP?F#PLk3I#|SekZ(>F!U78iU^{K49bd5QXu@=U
zO-jEs{AHuWJxr0H*ma=<*L3Dgq8oO&^$e08gqVXBS@rZA21|+?NqNX4aP?g>I4%H^
zx@l=XBtD{&ipH4S6J_6WVdsY`cI;4BDP$xr71kHn#*r0DgB1e|puKGOE9p}T*e7N5
zz(F&F4WW~Ufm~dWSrm1I)K=qykcW_S0ZR66;3Z_ngD1~&Ed0VtyVPYZt!7t~KFHGz
ziaQShFhmMajDZV@X^l)_U`VkoH?83uvrP)Bz=qJ!FrJY|Ww(dX(0$tTZ9w$cVCR52
zkBwL4r?m6`;dy`*IsdO)*Wx+<x2&Bz|If;&yqZnPrDI%6X22<qo|sGZ>#zyV69#fF
zt#|4D`g?X9p36o)&kUaVTXvzSi1&mY^-uLCK`C!%PIhl5in3%4-0Cf9|4zaKNnKCI
z&+m}A6<j<Ml#Dy!xpeEn?~X;APTq%XM!;`aOtFtPluunip(nn0)dD?dX~5<D9Xr=>
ze*O5OLmFDq4g}kO*L@cb0z?sxWiB9>9lJOdCy;c&j>R1aqiH~>018}CPIvHfW9(=k
z4Rpqcq-KlEUNIyf_LZHY9>Md?Q=d0Y{b6OPFDIV?k4ef`=@l*2ZJT;}H$CHk&Ifol
zIac)y^~RdZ-#xoDwgbR|w$9WOny{1G?`kNJ7BvO{DB0JV%{}CtFxY(|cuqA(ThFYa
zZ!Zd<Zm4mR%u{2+NYfjAo9cjcC3^I+>$T?yo%f~u=Hd!y<G%f5k{oML9^xoZ9p<QS
zPx9Wd5c*>nqmoJBYRS>CU?dch2%iz9PpW(Vp&V2&85Td>s$Y5`(k0_rX>K$mEgX9U
z%&diBACea|g4XVpjd#JoDi5;qVl`F@8ae+0BziGRi#aLmu>@hiY_VJv7@2A$r}Z%+
zOL=Ai(<G5MFQeJ;V4sdaS-(Mvx;HEdx$t3|xPB!Frf928*jtco<TewLu_D)%Z1fQR
ztQOZGKL@nx0nWD8%eRZ#t<zC#;9nZKB|7=-M?|bWe3PGkI0;~=;700ukZ&#0@d1~7
z850A5Um_JaGZ{t;VjZ(+$y4eg3}24xo?>}Qa9XIj9nuUDN7yvXfJx)%Hn^CyFj;IE
zdAW@*^|^`0p&E(r_>&SZEwCS2FjP{=sUrFxB3d72@{g)w`k&^tYuCBsf2?h3UNfiv
znT=1`Z>P8P^Keb2W&J=3qftC!vz%qiC*_ASgPb2+7m+VbmtYx@c0aMxj7bSY2ufx<
zF-YZd$g(i?>=G`2Y7orr#MKK$im_93ky2DAQn(C?h(*efZ4@4v#oH>a+!)Pli8nIE
zi)J*KwBkkWoAe^(_|{sa7`uinHea|;7RQTE!Y==U>?*AUycEnc!<#E!$TuSmUTwxR
zoRiVGZl+&q6jDmcj50ht77v8^&hFrd=SCp~xH1BY*(pQ$L%STsKW|Ey61xPDx2r37
zWWUFL?E*fau*JrTi0jWTLIZ$HZQvuj0FAIN6~ISg0Zzezu!pF{Vth>q#rPws7%VZ`
zqqI8hGN!kT=`KSVh=g7G$S%Q_iHIEbNa)Bj0q{r!#ElzM!i~K!u#mh~#6oTax@XDs
zB2S_OXI()@uBGObVhlvY8++u<?1LXMy^oxElPB*J*NnyU^GOTFPOpgFN(mQ*xp1_z
zikv&qE<+Y#BTMTT2)h$K3iA%>8Tp(z2^&ipU>Wiz5s;juNpwe)dlow^o0f0(@(%&Z
zy%8W;qU0uS=&Hn%5M0ybNsnzNnARro6-}BE&s>#4SL(f>l#gdv=-vFKY1Fw=OH(%r
zxwH#JWh`stGF~_d;WgtcA3*V^nx5Jla6{m&<p4aLS`OfzS_FP(zRl^=AzC(wA}OF0
zQT0%n98eGiknN~PdFrQga$qe38V}n>sk={ry?nhjl^~chE|LMphSJFfC5S&luFT{4
zR)s4$1|8F|(;MdSA#8Lbc@uJH9LO&_RuV4WVR6v>h4f0oX7^YeIRBGDWhXQ*aFtsn
z^4?$Z1>$?Es3{exGE+q^>cOZ_&f%UgO)*T7iptxHV3mc*<{?yPhw1nntIC5<Z(x2f
zBn>Gd5(T`+7)q&Q0r@}K@TQc63Zj~kGpU~siv$kTHpRRS&|Lu>3BcfnY=9G*qNR=8
z*tp_PK$RJ+Jt$9Fryg3{!9ug|j$6VRwY<|JBv)F=xQK3QsSN4WVIKZdR6cTaC0n$e
zn87cK1r%oIan-T_IJg&g0-W+#@T3(UWs2z`E4ya=6eZH^Flb6+?v8NB=SVa!2D=Dv
zo<CZraig7o&o<15e^^!@YHjSK^kZP#mFZ<<9sS2SjD!`tRmj*rN*EHUXquzBWLN>x
zv12{c9+{L0NkQ0cOLyOJC-~e8*GLpE@nqT(u)<Q9fD<wXE$g9X*2ZWMk8+&+B;lAW
z;e2~zqnN4#lg;z<53_lO*cYP^6T%ja;p6XSQ75n{_yFkk5_gb{BR5!rMp{NU!Z1RR
zuR@|RJ3a-IbNea$2zxVEkz#1tVwYpa<YcZKC<M^tERnPb<ce&Jxp2bQxloQgvYQ3K
z?dsmFgFLfIzQl!?3WhT`@r9FJ&h1$M7yJ2>E>?ouY}V5WFu1W3Oc?NkTisQdZ+NxS
zCG+%rhh#pzZZm%v%?3r-fSgI-Np^B+Qy)u{1CBWk;s(kbq<i_X{~p%j(<@~)aNjX(
zWv6hcj=&UFWb46pk!AR%C8ESsfR?BuMLyDz+Opw}&Blf{#5OQGNup929VcBoTLrTP
z=f7Slk0^0uXs-C?h*W2Du>3U2QInTU<(-iFh8q}N2c!<FFVZHoG!U|GDWecTCZQy9
zSd45YjeIxZGK*KQRA4)c&CV(Tk(*{6L~<=as)9c0NUW<ZaFbzjsRP5!k4(*y#OHJA
zRh~8E@|u;7m`4!T{W*&!NdizTs{Mw$63`=;TZ>%EO>f!uNx=sb+Q1WO(v!oynXsE?
zp@t+zGx$WV;dpfl3l@?|`bfg1uia@%OGOv6d`2qDiM;2MBSegY<D43WqaWN+aoelp
zRHYS9z8CE?BuX!b7q_T!W0EFuM3NMCP*Quu0N)(OI3{%~KCT2w`HP~Lhy)e~7ohr)
z`Znoc0Yph!i>ESB#cnL5j2VzN4G2umbLjTg7wO%dr_q%YkwRb=g8(m6X9z)&tc(<b
zY%vJ<jqePBh~@{PbO{vuY;!JZ)a)2t?rhTa^aMG>f@nk`V0yuT+)%W_dR~y3W=|vO
zZvazPJueD@p8k5gTHcaPc`65<-JcJ5m78)RUeDIOm%j~ASrKZV6I?yoC`D1f5_g~O
zYuTgx26T%ZnaX>BtsEf~Fd1ZI;G^LzaI~ZCFx@5uG#DNn8tCfS;T-2!t|>z4MjS(E
zD&`a!Z^}olxso2g9L*M~Zr2mgBPbR9h;|z4PB5;~AcwYzVM-L$bcu9ASNSD4NBk|I
z8qI1D5(Sf-9=4KHyavgmBgG<>RFS$*PzaZ#A!W<Gn1Ynwg77v`Ju2%K<eeP%{UX}Y
z86Va6mMs)V3HJYo7yPlRX#9ufXmp*&{y(;M&i;QkK0N;8(3XB7_#^#QIp2W1t^p9-
z4rz{uOVCYlfYRehNGULu%(4633?2dvh;Cztm@wIjjf{sORvnM?X2(UOp%>5uA9#Hx
zYfONfD@#nufB_hT9b1RHd%K398F9DZm+=t>YF2Yh+2F#NA}`U#xO12*%xFdnI6p^l
zfQ)%lm7#8uwp4K1CPSn<RYKTC!gRcl&>CEwMl|quh7<;hlid-b^$lYC5M>XmQGlFg
zOjZel#HBQzH;d{wBgz(0vxjwS8l>8qj)=B9v>W28Ud&w$Oo}SvFfb<GFgnS%jZwGS
z!6%3%PQH`H`bc<#aK8`X2`8+8e;`3WuMc+|L28ex<P~3F*CHDu|3P~MisnxoMK_U5
zX>;vPFZf$&$gs!xjWMO*PPoqJB0If`KgITcM&yU(16U;g_nKI<C;n6O-2Oj1pR(`q
zj7z1|v^quunL20P(i{Rg$>A>05<P-Wfe8p@ys>O9fnw;{Jh6q>PwMG}F=;}#uGqrs
zp*lWyAe=Ir?5B3PVI`%fQRYagd&qzBtbvC&F6r&)?zQDS@;$gGtW1TJU~o@JS+4}i
z*Rz#9N*j5`o3tx-obOcZIA5%|(YN9&#DS5Y7hxM6qq?F3PGw?gGpT7A&-Po)OGF8<
zUcfcM+qc3!Mu@Zl?Ym0hGpCGW$)#|=lJcPm=EM%kWiRu{QLfYK_OS#jvn~q*@k)9I
z(NF=hV&@>JGpbJPUxbj=B)_|{QjHt&H6*)CI#MEejOD=C0sgIs+P709>x^&_a;||J
zs8lXKPP3--Tv17F)Z&4@$<bwx#nok?D~4l}j-i<#P2GfU<V>nVo+O7D$9z!1sUQbA
z@-Gam%@bPOnH{o4P*YG^7COaC6gX3)ObQNxrZL7k&f>u_ZBVF_dWvi`<(*+ZXKaqi
z+LWf4Pa`M{ovB=}L?cn9u1=Und?a4jF;!2atU~f>N36u50jjW@ZWN(It`$;N<9jrX
z@o1NTr<3z0H0|4WVSsJu@~FPb10vb4?2f`B#34sDR`%t<Xpa(;Np@dg9FXylP#-y9
zv5cWJrDoa`Dp{eyO0gs_!BPV$KdKd`l+DA-i^-^HeMM3IN@6i&Ub0iKRzBnEn?hKw
zzF!f1Y6n<7BI(*(iE$UCQ9UhO>P%y0l$WXn>h&0F`cbxxWWl`Co&@<)H&qcnwG9#u
z*$51i-jW2h)cW%rHJyX&+*nwNowY8i1a}T?2`O$~!t0jXx>r6!df5fy2(xl9TyE{|
z>4MDa$|xgQUWfi7BOOEz3y1g)bE}@z;9Ib6)N*c0chLhX*|1n=WYIeNqKJ^S(HKQY
zh~FJr3WN@`B8kZ!W3rQ+h@knVSR|^gBg+Y2K=wWUrXkqcd{*mOYu7cOwKfu^<pf7<
zBR!#I(P)1sWNzxp7<>oG2a!ERHbjhcf)-igvDn(y*4A|`YonAs>}4nL5)jLEyyW==
zVHXn=NLJDqO{i1Bx`{B_8}V|OkFp_zM>A(ohdq*sh&3^6YH@;3{F)=*5p!$lfcU|@
zd~`T_!3Ed^cy-!r7K*sGSKdNukh2P4VT2HJ8uexC?sGUY(}Gd%+lJBo=mB22D2xWR
zm)J~$GG)bX44H^V=srOi3zTkC0wV$Jgl>qecewMXkLd=+RZmKgg_I*bhblNng-m%|
z88g`A3Hz?E32vjGeI#JO*FdrbY#QCxkyyOAain<kw%TQLgM5~S?3?A&lzm(;Xrsud
zMJmHh0MV`qh83kF<5qwii!iQ0C~y1Ibbu+J?gkaYn(25kzg*0o>=PeLct)+?>FEQm
zV(}U_mkF~KiA%DAzB@%VkTqB3nPQK`G%F_BsDcFMWAm$WBc}vSYmLNL(wt4W9Eo5J
z$Z`}^!Vv_~At0D;h()6)xKnY!wckTFLWS^KW+`m({g?X_r0H{V(%N9Z6pE(Bvca^{
zpv0p5BX|%vWjAgROGu5J#XqzjO>`ejt7(Ixrw+mvWJBPJAf2oPn6nauZYZ<-JLfA*
zo^WrhNBUB0?o;xo#QWdFvH>e<|J5Ax-v2hw-T%(U$F~0>$HKmyVgg|2$<cd9Of7|C
ztw-EcsHq{p0>vk(sBO(NEK9#sf$j)#aG9&_(Nnn;6+>(}AKggRWYRXv74MMb2B`cg
zC^Pk>&UR&N&(RghO;OF3+!P*1Mt!v3P<O90tai~ZiQ%Oo<Gd|$o@+mx3$*s4cQbw^
zd{nFLrR%EvS}d`cqf2O?=?Mx<y4a$%QD$DLWsM*luM{N+|JrAo4XB5dtibq6pR)ve
z)qRTX|Cz(g{Rf|7`TwFVp7`%;qI33Nv+^n1p$tBdPH1OZAJw&lGPq-?ziI1GKRNr4
z(37*A9gywqkx~-_Qc4t(0<LX}wltBgKYCUh+45s+=8^&y>vx7p0rTbkvkN4xbgWr?
zj}JT<0V7tXB1r-Jv&L9fO;N?5nzqV~Hnu&I0j`Z!0Q_#A@tv9xl)ZfrMY!30mT>zi
zB{*roMIi`(uu75o$V%nYX&cv#q01Gi5sZroYT`yh3oG$lHj5dRO)Vq5OcE)CC+CUV
zX<X!VdH}-)EXnm7MU(W<K1o+j)<1K%o(VRGd6u4045x&>2QCfPCg6XeVC3vjAS7kg
zgO<E~IgZr=q5@(vM(lfo5@@7pV-$i}IuhMfQn{q1+vB0ykc_5UvNE>-X8311`HI8|
zm^oGifN@snzmbR%xHuhvf2CpBgVx~mfH}TR$j}E!wF_Z>8j5FvFa{=bf}uE60$A9U
z$B@o3w$C%|DR$B$q*in$WFAB;VJW-^(@ABR91{}S9!y84>=kk!Vvz`Y-9}aE#%?b`
za|}3C4{66D@e-)V#tAR#BupedVY);Pjw|Vqr!1fc2keub2vDGhl?l)~V=X<S>RA)(
zB@B;Sq&_N90UhN;$Up0mFb^zaBGZvVwGf{ccMUg9x_^6+WWTjlsRf~hk%`zY5j0Q6
zC3%8GNX4SY?qL27LQV$Ae57ThQYwI+N`w_P>m>6e-({rpd|OCgEK6M~fvZlzMMrAj
z63miC7_#9krM_6D2)vM{E@(mqu8b-ru$3~bIjqVq#k(if#hiQv`vMrj&slCk7yx})
zsExdE&{m|^h1y|R(R`ZVZwl3B`O$o8^EXBMX8Iw&CJLhv(|WP&UclhBjFcCbrXb|o
z0L-nBqcE(9%#3fu7N2Ak*dm!+DicwYNv97TCKq}F(>I}z(>a5mw`DW#IE~K*_hvZ)
zel|IUDyzI}N65Fv(8(WF+levlwy75)+kfbW?SzX};(Uwn<Zu>K3)>gv)aO#7e=-!f
zlVPa<*v3N>4Tt1R!*QRz+7VjX1pN)y*O1njKq<`y?K0lx1y#-oEHje0CsCaQiQg{k
zlTHw>cH(=(bV?Zg9_e%G+-G(^Mf5+pMCJ4Ut!rNA_5W{anbZHw#;4qOJ3Bk4ng0(d
zjH-3cn#=!(4*@0YQmMSIe9DY{`IJ|RGvBnb5tfo15Xx9anUe0YVxw6jb%c@#mfosa
zdaJMCEP-ULmXIZol&VaYz@j<+j<y7TC8X6876ETbcr=add$2I26o2$l<@58IKKSv;
z(P#SLr=(PUC8yylo_;TZr_r3{5RpRj;@K~pe3My2O~h5xau>B<<Vn~k6!qrq(=&~z
zK85;?mX)+q{OOrt`^7MM;a?+Z7~lcztpP8@Dx}lKlm==Yb6gjzkQc+w3$aQfYh>g)
ztO~r~b(|^{&K*d2$SXQ`AQ@lTatD&OuCiklLC8DupkP8ks6Y_zUu8yF0X-ln^jQf>
z{(OL$PE~iWCT5bl3eNg7>DjOPt31!3=z;)bYX{|K;la6aEkuS?>TyF()YEvviU9(>
zA|RQ-sB%+t2={B*F|{UX&@ZanX<+fRocLN+mej*L<D@#JW&Km{Z0YG6?CK10OcTyL
z3c>ON?H=v7Ux4undC8Ci4XAs`D6*KG%fSVRQxuRRmtGNIfd4R7Cvbth0lYn{El<v-
zI#Lh<MKX63!bgYUDk(>A?=TBeREjU}^>jgei6-nxDH?bkw#L&xd5qQU7?o1&dc*;R
zjfO^rPQo0pIumaf?W*MpWG^k45~A39of-hJS@C1=5URLrXO&dlC(IcVtBbeWc_#``
z<V=ZBtfyzBT7sL_;b($rEosS7vs;)hV6MYD&GO{4=7>~B<n3S`yheX37L*r$hlG`|
z5`zn?7CEl!88UQu54SGEw4jvtN)F>LI&cxhFlKLW%)FgZHKpTyGz&)Qdd*NYP5>~2
zLKdaztbIaM#a6#`tr{Hc0FPCM8xb+DYBn)I52q$&6>vr+yFTbaXN5ZyPRU!0J;<V;
zJEapWUK)t<A~K%g&W@puZ37)U2D>lpx<uj}V}`{j2YR9p^Q2N?WJ8;^SCqH}3$A3|
z38*_czw&Fb)O7$MrKMFsn{n0w4(+I+Zh_%)KnZ}ePvz8_2QGGx6v2CSq-EX{3vC(j
zG^wSBsjNOsz5+!F4Dsk)Km`^?scXx#fN(B~E}{Z^NgYR{&r<VGAzIRc@LzklbEhps
z4Z1dMZzTuur2M!Ul(t`=HQSOWs7z%T!z(!Jba^(gd|9V$O7&-)vz>LiJcG3dRZ`Yz
zull8gE06L3$|9$bH}WhANvNZ<v7;Sb`Hae`ekhvNNL&EZ$!b&{0w|i*$OT^ICZ67s
z;9^c{*~(`&^1I+HD^B5p!qr(1UR%s2R*!hDsIsCopF^fis7|h^@{QFeb+B;Ld?Zo_
z=e_PP53-9K`lg**7~tj!BGJ2vrTVi|`UV=f%Ee##Bvd}z5nW46POP*Qt0GDDEzXWt
zLV{vJ&d!&hxbj(o34}x}Vi#hB8XdhT5s5@KDfMRqG#XB7b>XVQ!E-22@~XVs917X_
z>*P7u%_S@@->P*dEOralM+nz0&RHPwZRMHfVG2?uk@S(ty`G;{jp(k6C5cbX4v#uQ
z;m%(62_6M8<A@}9%%34?S_vLILC@w`D^xnaqjwn>%I^pT1oAC;3!A0HjiM$&PTVL(
zWZ^QJPwK>%T^ht!?WY9)k4oo%gh0XG{EzGA{6A*n!yN+PdcukQMSoS!H>6<xN2EC(
z8G~hMG==ii?T<$kCC3eD7kvlfMv}B)r*9N@0+zFJ((upN=$u#JW=mkZ5dmtR7}3b;
zV|tqG2~%=O0{j%$4+re$0o-_$F?~XF4nU+89EQp?CI*c#>YTA{0fMHCG{r}}4?ILz
z25Ad}y<!vmI7KS@``WOOX-6!rmQQv?AupD1CPg@Is_A;jeyJqUlmgW4X=Rd?iGvHv
zmhC%x-?Vb&O7xEr$XL8{Q_hT?)$Eg*5iVT{WoC3#6EyWAs;->~XRz@%Wa!fZrmRxt
zMO<M=LA<SE{6DSlIcx{O!u-D_+7k2d|25GybNqicK4s_e5WqfRfH2Bs>k|C{k<uu0
zYH{K_wJ6bbZLzg&Ew3m?K!3MCz<~G!^ZVt}6q;9|`yJPK7Acn0$w{uL*BI&~%Hi)f
zp0g6hWYPXg^!TGj-LFyyI=_2I^2jX3OVO_!FDTjPlT{_E&&fUwEGm}{OT{v(HSYA}
z*8mbw;o9gB2=7bq2uxSTA&}CO<n=}$Ic{9K$8QcEmF`l=Fe$q5u}9_gI>afaWhCm5
zT<Tn9Om`W|93*_uN7M00EbeMpAxA<tUVWShrMWA~doaLRn20y_Xxbiz{O-KCry&HR
zQIj0ga8Ur4Kxn^hKgr`a=<hI?)WIHyV;joQC#8UH<ajI>>d^%Qu=l@`obbr%F6@Qp
z)A7sGACDjb&M@pegnZ9eQ#)PPJkripRM(7NcIm=?c~F|(bC+70-tS1IXXd~s14@6F
z;({lGJiU4j@ZNeD41Bkyn4sH*v%XEa7>zHN0pC(gh^WSQt7G6!27&YP_~Y>)p6&!m
zq!(`ZAa<dX&5o=?2>K1r>uK$JPaiJ*EnP6eZ6HLv#;8N&WuwautwJ|46>|fuoCOUv
zWz`apIcl~{Y4ZESQHh7$ZIB-Y?kHv2cip(rQ4Kr&p$Sd8aU*%*Z-`dJxuFt(@h*$P
z<}a*P7C5`lqR{z^$d#Vce9*mGEcl9H)y3^+V8fTLqzT{AXZ?M62+eE%ojy9vzYlM;
zd{iabfBX2~Ps;$jJQE|Be6M7jL^rim#sXU+#z1DnU}%@BTQnfH6Gzf?TUaWpWdUp$
z$kM)M;deKr70I%w(l%XwiX(Y?7&xV}ct`ZiW0UFi9IB&rm<cRY@wq->u1Su^5QE&V
zOszJU@rD!1L@;M;!d%~Gj#M<w(OfdD0P*nI@tSbtcN=1;i6^O}6-P`#V+|-#+*(84
zB@0+;9KL-9K%d7zLpPXh1}&o-VHhL`TOq;m7axM-7JmreT@G6CA*Ij}DZ~NO4g3wR
z-Zl&ZV6u4#E#hk*!q>V`jy$rP1+eYvGd3$xJTIJciC?gb+4Z#Atiz#=>?Vv|z$LM8
zKU@*!F(b96oZ{H_ha}7&L)S`fjLZ?z%91ZZrW6%;fMfUv1vlC*lh{zi%%z91juWi}
ze!`Uz=_)<OVwP|ZeXJz9=;H%Ei(u}ZnR2y^k*+yR&MVQ?erIp@`F2J~_%Xb_V{mwI
zXYX)NSFfv{<o4-q4idzBUXdC?Xn@s-uhpEMB__#CDASxha(_uSYPm_gS%$SR?RKOk
zUtlD(7a`rFpCh!#8rWCN@{Kd2_z581E1MagUmQJ-pUo_iSrLO-ul1p{f?(;01b>tm
zx0a8I_<5uVR~@tHk}}iVotnIiEUTpqOY>n>#n_sMlhKx@%gSgik(bdYE@tLxTp~E(
zotK@7d$S<D!TQAgwGg`#8kYE-r$d3^$#qKPc#eOIhgos_$nCP@Fdc!NA7Q#}`f)(t
zv3Yu|6fg8+g}zteHAf>i<dDuTLxfX1JoNSWkWX=Lt$!gge$HoTX7pD0^j~Cc93f=)
z=PVk94?wYKoKCnXh8wnW->;Qo!cxZ74gHL$@!d&d%+59L8(XBMSr*tGPRbw@7%6K|
zUf+iu7-yOXv!ZKX*2xrK`(7=`5hBOIaZZndt_iN_30KX6E+IKpX>GT!rPGYb(#uuF
zO=R4d<T2t1QA%Ou0wabs&hHS-N!^N%D?w8JqUa?ejm06aVf{#bo3x_?T{72SQpIj8
z1W{rP8j`bJs=x`54_=`7=8#+zt*+Z$0GP!9Kx2}b0T3$%fNU`UxWUWJV2I|2q4cu}
zcG<>@%klA=#cX^G0Cp7-kQ<7=dg2(A<zlH|B!jdV$e?_;<gW~$Na3J+lsQFuHfq@y
zk{tn=E6m`~Kv%~O$<|{Uj*%X%y1$F0h%DJh(o4kC(Yu4?8370`YQRWYQBBv5FLYL5
zgLkB(+481L7t_^42~kro#^`iZ^<u!a>FMfS@-<SD?8uoeMNiKz<XD5Kqqn&RuTVC}
z&uJ^@kF+Dj%k)!<|Igt%fEM%rY>xWmf1mUJnU#<2|B1Rk$8(PUtfY5PQBP2v8@GZj
z#^oTDscA*qqe8xHutS6+1BkDCEQr(X@()!Nvai6UJnhZT84^hw9gfaAQvOCh&XAPl
z%AP^R93;ICji8Jx<k6@bWc%SiXqUk3`4f-BBWX|ac!YUu$gt-==E7cUVcGi;$?GU^
ze|*({it+z!GD4moULQsBKeo2Edi+1vu4|s-|FiKa+gS!akeqktKsRWpOd`j@9b777
zm^$jNsAW}>9Cs$j{xZ-*ewaow2k)SsXBUXT(~cZDe`nj2PUOYC+PFFbk7Y(qX%snm
z%bARow-RoSe(h`8TAL+SUfvOxxj8bnPK}&c$a#Y~c9ge$mMa>?Y;qvUYFFg+tQHI~
z*Rl{R07-($>)~zeH?{H?%F`6}p&ANgkZ(q0D#*j~<75Yw112Ef7LrRj+aEr!YhbXu
zua}H30CX7x?iZ-QD7w;+P#*LOYywb64F_7yjH_gCRmO>UlhERN3e$6E$O_TYmdck%
zcRG`^;0rl=wkace8k8!mDbmmg*quTT30xx7h>;fO?aOU~5XGv~#>zZo$3F$T51Mky
zbLwh6X68nM5RWl<(WM=Y7pjd{MjOu>z9hsPQ_%c5?#XY>Dvui3lxhV7wY9a;W^l}6
z&qt;#jntym;7HALhnI7B1hf5F!=iyf@UBxawXqb<nqw#g(-Uy*s9Q8dz77u8M9u<q
zqljva!|De1#TjPg<v7cfLpXWe)!iDXM1oeRrkb%EaG={;Qw{dDI$_f~%R;VaR6T2w
zf<#EKsjfCJvM$mu0dKolO*PCH&-`xMncoS@Amk(Aj-YOuBx40k!qD6kpn{nNI|?K-
z<7zsWf(8uILKd$a)VKv+izzr)08T0HID@3kz&Hpvd`L{74m5&$)-e2uz@L@y=b8Y9
z6eWM^;ZHCSuBi?H5eM4f&nEa&2Y)uepVjc^4EPf!1^3ptk(i-$HO%0El~X<KWuw5l
zsjddgS!XyG#V?Uk*2hT+DGOL>3k$Q#S66Uly=r-7E?pA0tgQ{!?y21)u}OlFe2fw(
zK8TCXGT6loDIHc~Yb(zrH|KOvoU#?l(uJUefe%0~R2|6>p1CFv$`14Aie1!xBu!u3
z$dYNx7&PXrI)XB$-E29B=32A7D+DWO!yK034RLikn;4i+sQ{T1xVQmLd!Q*GtyQTU
zu0YhCA{fkQM<f#gguq3YHeJ$y3@1P#VCC_jNW_Ixp@7&RYb%J2)kd0RW@9?E2g6gY
zAp?lGMqo-A2Ll0n5J-N7yKSnC-~gJ~2<W)8S|S(MXd{#3dQ#(0pnq(P>@Cikps(l~
z=W4>+Co5@>mULcd!1ACYO%eCNVW=XPwFfQ@o<A%VpwJn`X8?dH5f&Q`_6CtuA;F0V
zJjmTa`jLHZ=vjm9+(~5lVDVr={!1g9U<`a<>lUTC<*c>P7z9WgH9#PMmt$Eql_E!a
zvU|j{`iMr2C@|M93&O@cc0kt0mZ6RH1dxqNTiXU@y%`_ZQrgD0rl$2O9zS(!YGc!S
zz{bXQ@(*d>+<5l-D{@+PYU8T)qgfSq*NxbWQ-d}JS6g~|)Y!Ob{kUOT8{5`{YaK0X
zzjKOiyoeM~O>>frbmJvh3i~A`K!{q;cJhr)d+o0-W=Y0@x=q-@@ra$v#x-0l7GxhC
z#WS2{veF4{RLv!=HWBOWnKGd!NkR0A($x4ky#Vv@TcM&Q%>%tJ3zJo;5qS;fi_8J@
zodUralf{m!6B=Xkng()@h6Xr^Hu{ik-Z&XVp5u58D;#a~8(0}qe1#RjFpGuG>vKa{
zn6$8hb4Hd7n=&ZWH)68R0Q{t;B8AmA)q|LN6`S_Gpn?W-6+MA&*+4dcOZv7_q5zx<
zv>=(#FrO2;JPEYIT_v9`9HRz8t+Xv<O=NgiQR57^2u>w%-UN9`D}Y4Kz7mm~RG+Y!
z1nC?d^l;_sChvi)skENtn_Jqj@IAzWC;z}+Ci5UtRxtAbwSm|H*xwRSfbesRCdlS5
zurY}*B6b3`rm(e<a*##Wo@9lt3g3#Wf{_M^iv~wS!oC1Qi|~d>1EX&7DiDx4C+nM1
zZNZ)|4PI0`c?tQic6DuIZRC=MP%Swr*zMc!m>~`aZ4?@7mv>O9YkQ#-?!Bpr?jw=_
znf8p`ZjH2(E^+X<$XK7`{{`WwJsT!Kgy9Mg479xs$`vK{PZxXPZrk16W<1@}W<XXb
zp<mpw$!eG!S1k<;4k34QQX94SiU3Hiah8GI2X6H6QWob#yt}7DTx3o;adojZ$(s}#
z6LI12RG`L7HxX*s<VS)zn*=%Q1(<z_uy|MGKur2-y9Ae=x37%d7Yj+B@$H8U-|5PW
zSJ((hU8jhQU11omfk_OEmnwi-p(TmR>@BL~(Xve}?}!CJ0sA7n5@;0?*aox_=NN}5
z0P%?`wk(q>`qP9-nyACtV*f;C4O3^3N-%HfDTQzIG+7AO<p^pSs5NTj(g~MzL;G$M
zU<iXD5XAsBkH=RYF-3J4k|V6hXGPLjrFL?}U6Adq;`VGG!?NtG78E%H!A?Lr?NEM(
zt+CS5nNsFlNVc>F{3WNnKzjiGk&AIscIs1x>r?$~u{te<dY}?`R<+YSE>38@rn=gv
z4!ovnE0GZ(G-7GzJ3!VZ4GbzEVAVy}yVwz~Ee2S%e;s%uBAP8)UP-KFfAzx0szD73
zCjATBgv4{i@k-5Y!scZ5RxM1VYg?eR7-(v8RU<#dt;ZP{6E%d&@(X83{`GB<$%lwm
ziKws(3esOmLLTFJ<V~fuR<;VsW_V0{<x*V1>%2!)w>AslmX%rTNh!K4TC|+w^(e7|
z9Llf+q0MQiDsd{~6r>s}dM`-V1K;hK9*P}A?BPqV1;!Q>$}_bH_wDnxMvq7~43ZXw
zD~N2(mQ=@gSg`Gj9r$YBIPd@#tK;rOtS1ea)p3=V)?1<O1WDAlfej+`5#bafjL%(F
z<`t4kD}PbBBUv;p(jRq%b$8|09ornmo+Q0p(T?nG&{M^~J0|eU9omP961#PFPv2U8
zJ@XTe*fBoyZ9!BW=6i+;KJqCQ$G*yImmm@@5sO?P@q<nLZbuM<Mel0HS;-aR?%=gz
z-$~eaOH8L`hWRxNvU1GKKwo&oQJ)(KR<=#nWfF0ij0eo^GepW@Wh$yU;_@WSN3~ZS
zR4rZs-~`uHH#X+izuVhyb-p`+)o%Sb9e+em6WPULl5JQqL-bTb?}OpGH_Qr>(|ejr
z$@ETG)Ir%dWA?)kyC;^fQ}W%SFap)hVS6VfeJgoeVAk+?+DPbGa-=bE-Lghz;~XYm
zrrF0X=OpHkuuZ_u@yj`3xlIk6gOziO&geOpHq}wB4fvgv&1qr#HJ;Ld1v(v!Xk=0~
zTO9&x+wv?Bc-!U@ZfL)@&ZxY2lh0w|IV;RYC#(>pe^?Ck0r;zUsS_!NR^`IKK+WmK
z7$sk6joDH!p<JJLgvP{^Kw8<TMD2rxe>>?*<nxF`mW*EAeJH|-14W7wA$M6Mh->ih
zhT`9Fnl^kGV`IzOXVr_f15NBW!fsTn-FII{+Ca0ypJMjEJjKr8^id@LORTkJt;_y*
zU2`ltXa74JpK^P6FdJUjn20<#q9^q$sr?Ld<-mMhX?;(@3}9fG1KUU1n51TN*<8kI
z1ZEpyB{EuCO_FnnF^aCb=&478mx43ngrSqIC}&PJPO7>EEg9(~Xa>pSNnk?_DAaW~
z^-)LPQB_a!;Mt>k)+9SxQjKd7#m8%eF9>RGyq2ZWiZwMiE73FCT3XtgXFXGm@K7Hk
zcp(pK@@3L0+oo#A&BQ4s;&cKw$)-ti48$)^Mm1A#%VCZsWp<)v@r%I6wQFd&zptmq
zl|(0FBpFtif77mx?xC%n!vp**0(H83-LH3vulsfmx!-T$?}N1d)vR0yJz|&(Baq-I
zgxF(v$Pm#CUr&am2%Fr=7v7Og$d3F39z6j6XhO-1CRk+7(L`hv<oJe+={!MuQ#iny
zlg`7e{WR)C>ag8E%`3I65hR`4fvURuhKIU$bdgcCqgO0MAWp$OGl!Ij!%-S)fVsjZ
z3<5dXszKey!;9EG5TS`QoSlL`8e$sc4z7kh7B+4&s9+s|5ruUNqG(0WR>-*tT~Mp{
zGJBpNmfk>~Ds^?>>zp>=XIFRc(0~wp#4crz1dDnKMEyo;7cwWIj6J=i!=Q-7I%%f6
z1_nYB;<ohk4R&=(KKIO98vN>MjH<jO7|Tn2&H3q$H*z(v6RIg2?TseT=rucvRvh@Z
zA)6t8CNmOoLNgQKBrrkVS?pcH$idOqswB;EEI?ueFyjSiN8k)Zje?b=VGwXfw78lx
zHNHQj)G4$&felF?rMkM5=+&KtEWVTQ2cpml?%I?*>g<UF4|wwLg<S)E!8*WFs2zR}
zb`1p^0MYyzHi$pkS%?h3=5|TVP5Ly)o*`)XLu}3x0`!V&PH_459}-=6k*F9-1&dEa
ztO-H@alWLjcAxh-p+GQbHQKevVvj_%wXR?x2t%DU;XK_ds)K-a;Vi+3R}-cH<TjbH
z;{j(v+^_toU=8Ho?m^ddPlp{~0J+)74pZ)+6#|FBG?yT63F%-USBRPfB?Sx14?-D{
zOh7Y0B$SMv(Lmv(gG@lAuXt89$BAIY7a<j5f`i@L`n&tP!V38^+`X-L)&j0o9%(eT
znuxVo7!_Ps>FJ!M(<sykNtuU;a<?nGo3QuTy9`-PWXV9RFeb8f_nz0$)7>fZASbwn
z9a)34AOt%?95zVLpiy_56%66b(j|z3Ef@)sVJ9m`JB&fvUft<1->4htPR)N!O20Jx
z<=8kC+x(>s*0a$&DChfp@$JXGpD335rMQ_WWH(V7omwHKL2>UW5Wa>B2t+<eX=)nI
zj0zt5#2sDSSqQ#FiH72ZZ-UC%usgNke&e^-tS8;%+iC23JF7B_m<J^y%NP=^K)xrn
zGRs)xR5Y59M}VYJ73g=k2BzP55^hdWbUo6lL0*Lxw~MwHV+pREQ?V~Y<;`5FT#$A=
z-%|5*3`RpJ%{0}qN+ewqqjpP3hp4p>u9!x~Nor{tmRMZ7Gz^q2VH9JcfO6~yr5D;Z
zwzwVyA=(&6t=yIv?Z|G<nT(2%f8}t^B3pV$oX5A!i(xlf{87xBM<nwmU-9S_1pzyV
zpa;X_#-yEHpa2%_1`vl($xYlIj8%gFQhnBu;08``^WqF4|GC}{Y7W8LaDuqz)JRil
zicgs-MtwsbUWhA;ryNMM2ntmOv64#@ag%HoX%zTD&B|PM0lX27`E^qLE_ve|?xANs
zY&U;$pVS<7$9C$Vu)0F-ZJOqi5n`$`sPt4yOXy^?OHPG_)keTZZL}*6-b!q=f1q#M
zK-b_PlL_!?$F`2{Uh$yG);H-F^d63&2-*y$=umn7QQk#qx)R<l$~zR*lNwcSfF?Vu
zndsCp>W(7I@)*ICaA;WHQY1mHJR;cVr(Pi^j~o$@5`iec({puvf=*wMMtKb>b)*gk
zx{nr`NdGOK$z!e;6<O^an4_qYI%{ElvxG>}@^*fx{%gG<?_wvV6HwaWlC(xbir<e#
zT+&x5>s+yGti%>@Wr9{m=o8=KTBTjqLDx*FNQf?|w6`k~t%&T2H$Wg#!7_;=$HfFf
zB}j@6B?+6Y)CHqo${z6OMh?iDw~W26#f845ueY~jbKk&FSEsbx<v|o#Q3JT5LQ>dl
zcUyZM)|#$|BN{m4p;H}Owa&PA_P(jNZ&z=Hk^`m_v$P;EIjFQ8#8A-?DKyMebHt4t
zgnMv~s`PP#iBTY=<xx{;FHEVs@e+{+KZQ-qEbqPu%4mm4!w5;M5Q!Ie;4C}@?^HO}
z8GPqq-Qi%I3mo4igyAkScoGi6_YihLmkmW2!&Fp0K$D?Ra3H$g6hae*Ct%ux`?he7
zhG9b&8x@bXn1e`O%NpN&YjSVl)rrAg(+P*<lgTMN>@&^8*ag}_cIbC)aNv9;LcwOy
zXDE2FaP`#+=LFDZzDZ<o5#*qZ1Dy!MOPGcz1Oq>H4B{KQdMn0j=v**iWR%Ppm@ccP
z0s0D!dNhbM;me-<`H)9KfE<>-1n80mcpt@>*shls6SIt2WMh^wJw_(;FMAqFllJ{M
z+_ZVs%()F2s}H{sx9xVpB6$|M$xK)KjAVqF3j?LEquE(312j><EUgwiEXZr6=qedA
z+?%}Lfp^+VAV1Ap>TZ;18Pz)noV<H19_O%@AEA>0pnd6XE*~EzrLzX3e*L?TTji&A
zWm@E3MD|sV1ieq79rf%HJajiBqA$2J<UbqE;<~`0726NymdVR+ne^xEoXhAq!&R@9
zNR%Zhl11gP&#f|eK_t~NxN;her>!I<zOBRCx`wv)I82$AsUx&{O|Wmcx370|4<UY@
zTtKQhNNZw^%4n6{xJ(=A##zLtq&PoZlwQ3-aqxLWu-Vx=NX`_=3`7v99N!*;oIs{E
zG6j4rC<^qx5<0s)hbkb|HZ+W9?EBGiu!oY{vza3%Z|Uys8WNRsP}h&=p-vP^j1M!l
zH!H<{yGqGr+$H?kh#v+Zs+J!HN**#c;MPPQ!9kXrBD?U+Ze`W9nWS2NCkax6vV&|m
ziV4YO^b{QN)igilvpXf~Vr7yS2{oH2Gf9i{#wHdf#ZI}xWChV`2ezv9;{K=`?&PIV
zlqYF(CH%xIkL`VfLxf8V4R7t++1uG>hdRNi5a3LPVLt+bg$WN)#wXjSLp1O48Bc}B
z($&$~Indp^bFj-92hZTHCc!3t3fu~ErY4Ms*6bbx{jpGu6}QdiJvBPEZ0Q<wDi9`@
z(oGYy0%~d9rvh{^(6yC7C!kr-l4Z3~NGa-Dk14i=dZ<Fn(+A<~MN7h^RcGH$p&&@7
z2_l{rm}_x9$XYHu*(~9a_nujpI%agot>$?*{%LrXSGx08RmuKehm``TNdBMZSj#%E
z|5t3z|7$ircK#oB0u)jJ*-wr-A2DB#ESkz^9dpQvHbvKA{)cGWno2rkl^r>o2Rjw+
zyELjNwelxR6wDg%M$2)PLM{t_QlO_tqhZ@~S}K=I>!y`p1xHDVv=|2&!s3`@QoxuZ
zK^5L=+H!S;Cj-_36Bl6~@iJNVbDJ`oz+}+mg(*4s0|tdTIfzYj%T;g7<OM4#$)q?6
zNicT=H@TIxW+g^=Z_KzI&EDYzC--MN=aHh_{RFn$=%~9bvhu7ZJq@Lt=V~^iHo+TK
zd1y;NnvMW4!L&M-gn0O45P@YpMQGgw2fUC6Ol;bUXV4Lj=W;>=PPSo+8J>9h$Bg~X
zW(=~fNC`H^LQ-xg&Nt@LJG~4(MfU&6S@8c}+tS?X-TzzW_W#-V9ErVsm!58EF6aP$
z#N4}WdZ+H)YaI9PC?p1Kj<z+o%&vQPUQcd7BcM-77@7%p>S*|<+GnOnB%(M8hQ;&J
zq~}=N{z~&g+cntH*)h~X=2PudEtQ`3cJ&Q(DwF5YBvJ!33_3<b+R^c*E_fMiMxCZ2
zUX_s7q_IK5B&=K}=&22UnY0hZWf-|q)GY|U*TJ5?%@+)H1zEKSZxS{9&2T-vy*qya
z(qvtoeO@luR;*ZCv5=_IAfw!p)YLQ?r8m)T)bF0*73PEIML<Qzd9=h%IDB{XF8-#q
zsH1w<EIF!c++CgdJfqjT^IemDq5U1%r6LvfXZLk3w-=$?%e<z#+Q-q{S+jz}xv*->
z=yC3DYKzpA=F=2=hKR=>VpBnv`yfT8*DrkrK7@rl(q(USo3%N<f>Fl<UCRjm=l)LR
zgnw+)tRB_0Q0pJ`7CuY|b8UJK<`wmK#d9O0W+Gap%$K9btJkkpkrum`Dk-k>(&6;|
zSYhJR>>k1)^ueU2WrD#@5K2fBF>*|5utI*@G9_I(p^rnnc^zG4Ki4^*bNb2Sg{Ii*
zFtD5jD-j}QQ?nOB9bm4#tGl<QSu~r);>_{&i2A6{IrbGA(41qn-xYiQ{cO&!vanxe
z!hnM~DjnR;BZuQVqMEz8XNqOm&Xq!g(|47Gm`S$v0Y*5c?dvAEFt7;ruAc1Ea6U1I
z9eYU$a-81T(}|Wqg3lDZaJ(kH#?6)Vk<>&d2*>eZT+L*(v{?xU$h4(M9(RsS0fT9b
z8ds+Y4>ajkLU0bU3(N;y1HmZ`3@CMTEN5Cem{tm#43!dME{`5^{z@o-y~*(@7&db$
z5$X|H21aObx4OZ;o?%Lh@O`*zV4!cnaoMCEn|0KDU+jpq4TduSZB|2f7?n9LMF2VV
zr2l%LrzkoUVW=NEKh9pL1aj%!X|e^-dI9R$qg(YR3$2cRKSmCGhryRs4(h>Z2P{U<
zhA(ZRHIL#W86ly~#fd0?oQOO;;T09rpd2A1N<y|@#E7FF*)JD|>4N9M%6d-Q6)NaB
z4Iz;rKDL3G@Zw2bv$5v!>MNUnbxE5}KH8PG6zYx2D)YdN&i<0NMG^x9-rZ#T<I;-1
zTVz2=q^JWok7nU__2daMRW@&LJ6uHRo{|-bedP7`ZczHtTwV#ofTxTcCpYvbjYW5C
z4x{waH%K@9k=*F0mQ}jW>l(OVXnS|>HU%%|Ae*Xvluj$^<Y+EQPSiA5h0e?`xX=JC
zlQS8zG%W$Qc5p|S#Y_W`Ue>^bi_~Qso3?F3%yA=^Owbess)+#!b7L9<Dl+H4eiZqy
zJB-WKG--pz7N+i|Zm)K#WGm|1Znrnf&h2m}Btk4*N5I!|S#8=}k-2QsOYW=@*JvU|
zi7!HSI3s7uh%d+u^YXmIWO5~WvCe?W&AEdgweH~Z@|4}c<prAG`L9y0;Dy%KG}lI%
zsejIiyP{6qvX5t8y5*j$ZddNS8%xDJRZDk4EqD&B5Mh@dsc6nw`>1f%o&o*4UA9Z*
z-E+&~h%bku)G0eRjQ6B!b}S=gATi=r(zzTBD_gt!dN+6Xg_Sxe_-gdDmhlujf_QqB
z`%o9W`#efqpxKLAx}YuO!u(2bNG4c3Y@g&wxle9&cSM|$VTYTsUozK=&cJUNFL$Tw
z)r`PS)3Mp5yDjE<><p;{H)Sa7@2OnaQF(G2PU*$`l&b|NWuA^QkB4$iY3BXh7N-c+
zKr|a?(A`2{W?Q2Qip3J<u)mZ!+}g3TM?mssHK8yf^(8Hkc17qW)Fjzq$wruiyrF(o
zc5LnL5mvyEVJImzJ*9xR0QIf(tK~?CPSpX;G;-Ovra<6iBdcch<dl+2s}ri8#Ekd8
z0CPhJr=31R+?0pX)P|tW8_PH1j-COskT3A7EiB?fEfAJAD2;=;+Zc932uYe!mtPB=
zU4uiwOa{8nbz14vz!rf)!q`eyyCSD&{U>_I;I_f;3x%23LGQ)E?Fa4X{3;RT4fPFO
z&@WW$XQoZcWEPF@rZUu@C_nhUeb`K2zl+YekreZy%-er&-{8*ve!^yafPj6$%w-^M
zhySnv^+P@_aGxgtzi1<U{V<8734bCgQoDa^p%IL#DWKz`t#pX3_?_Yc9gGV6T2w}+
z9DLIP0YL{>XwT{>dC!8%1W_I5b#x0%VvCvvP*f9KZ;?c)$4>z^LuAEHaz=C7=+&%A
zBfA?6S-@5?Po14)d+FG+-M3mUjq2@ue1g<=ZB4vxB5Pza)P<Vwy}13F{>1LPCk`5;
z)+F3_;9aWJmO4V_r^MZIi@5z`o;}E8uVwug-R7NJ1*X?)@M}ObqY@rkm}|Nu2)0;s
zhX@MF5`+fw)dxx_Sa)#yPS@Ns`oSA1b=1;0tFbLtOA{Xi<YCMcMV2KB3tn4F61+fy
zm0{lwvTFgNg&JO}HI%G@DY6Yby5wPuTY9>8`0T5AH)Wc>+v?y2gJf=88yY8cGdJRx
z9~RzL&+8gs4ADjCyL8;fB8g;DnV?Q?XpmrxD&*)g=GPW!sJpj&sJo-58&U4d+6HrR
z7!+JkJAQyjOj97bX<4!ZrTizQ6N%XYaa)#<KQzS2r^x=D?^v=u-?4;O92&S_7{d;V
zGn-a(<irUsW)|EB<UQLs*cl!mBndb7QZrdCZV&{+{3sYIA!!)92}-C1pATmz4S_GF
z)5v)!xk249TwQ{$5!8=HHi5HcvuW5N3&`Aoos#XKBXl2WpX!&>r$qn%O2+?*HMhh(
z{{PW6bN>Ic@!|1*c6s9e>^h?He+tJ4@b%fJ0f1Ux?g4<fTYn{k06B36CfT;>jtOHc
zV4a{alpYQ@S`7Qb49=y<F}vm>$ISYt0ROkhF5Fa(K7h%uTeBt~|A&u@|F2oICR(Me
zDM#nUKCg2AUu^zCV&BnqczqPv|D&yInqBk1wzXw0{@<*8hQMH!oIxgZhz19yy9zlc
z7%7b11{9!}@vNQ!w@6SQSO#?)bNt4V`bbvIPSucR;4BBXsiZk_E=o>CYHEhY*#^e@
z0FABIR)exSG;d}nvJpag;?b+Ik@c))$w9*|8c(LJd_}3HJL!)cU~?Gh2MoudeU_I8
zo<d!Nh5@2YqnR=JndXmaGZCexW}9IoNQL<Ba7`!34v|;rhE#0*i-@0TABER{Yiq34
z#s8b5vDn(V^*<Y*q!Cw>T&=Z%tMOT+sX$E)stGnwZ2=L>16UqaLp7L`YJ-CRz^gM`
z&TJty?7Jc`xerDnkr1w6))Cm$(9l+(H&Lx%E}c>1yMt<WEEHl^4-wN!fIA<=!_k6d
z1qUup2SPPOP83=PW9l-r9zbu$HYE^Npre)86FX3t=wI1FD;j1*+oM}SHyo2{HeC)l
zc6AK&cK2?xA@Lb<R!bSA==3`iij0}L5sp&ww>^-*M6J0RiYNt&Tv}^3Kp9p95@BSG
zWE&dkn@S|Yh9SPoQhQVn9)ZyW;ZGj?OwXDCMrSLI0v29ajUjH~I~%@JVA_qlp^uMi
z@!i~nFKDI6945nxmQ*t)#0WzdS|gJQqoq+;QIkpVKM3)Ae=DV|CpB;{63x&^6|jB_
z073)uTUG)zcwjVuyBN}9AO-u~2zPVQ5^Mta2TVvvMdrF}-)++taLoqj2F{Hted^QI
z7s#cxJsBFPiuxVY*P8W#FuijI1W9$=paTTgcp#uHGtV8G%huMJhZHX){t(N(v+qz|
z#4gMQ#erd|Nq_vZDO5JX93g;GiJ1?@(@d$O5$BKrx1Ix+4>kuJoSH&?8@u!L=R0sl
z$ayg13qfJ3@ol3Rc)Uy@0P;*vNuA2`krx6t(n?tXg&^@6w&Epf@-Olt#thirHQd>?
zdFM8VC@AXtlNu=HnQEqIX9v@`(83@MgC0JWfi&8-=8ZGEa<Jrpqt6=xxxF8*j1uH5
zVba$#V8mbogMtVf`Iu(GM3D_f+&OuKj6AywONkAq7rc&eu1O(`X253D_!8#~zO~UH
zf(|**9a_2QB9YDHse_L<C}}+@Q3`uZ4=8QSJ2xb~Ci|;J4Htp|E1qdg6F!zyr(ko-
z=Gdlk$t5+scvy;R5#g8sAuf#4n>{+99|u|&RSMK-U!$%RmO?3zAsx{+1dKD$Kt?*j
zIeT6L{Jx8+rVzxAs8SH%n&}Z_{*Nr^41+hKkuZZWCL$EjUvwTo`#l_1CNQiTeW4@_
zk)S~DiZw5qxFm#(jW-_fVZ?|J)bYlX-~<cw%o<ke1MqVKpVhOF8)FcD0L2D>W&{5s
zQvKVcDQkdV(b=vP0`)ywA_%SsY~jfZoQlSno|jM#5sJqnMC?pLg{D@qNG3+!lPyW#
zqaZGrgqtOTe_&4_Oq&Sd0F#7g5{@HQZidPU!}Qjj@~NA3)oy{>S#{D|`%1a?$P^i~
zRJ9eVqEP6nIa#FUNG290f12S>3;b!VVN5G1A0h(eC+P%NHJ90I6QMv@rY=?~3E?ne
zq1EEgX8C7}{IfO04=3o_NS8R{A>ch7i$pTb<i8g3U#rcbe6~!WGB$*OQ=fDdYL^%;
z#R86B=*&5e6z+l6Z9a^;ExvVS43*YWt8Ytz1~pJhee!k$unR{ZkbcPufQ^3yupK}e
z#iz~eX$$^pVZU1OSF0>+G9d{#I>f#q)Ds_Ppa_Qr`#lYk#Y#EyONAJPYQ}XPmR~Vu
zL1qHY_G3{Rb_J1K!)V+&``VlVnF={V1kukR7Ukp&Ex3xS7mh^Ys}ddB*}UFp(lD~f
zjl_zy8e7t_s7=;BOOcVY|KcI#>HN-U-H`t4FTOZk&sPk`#Z1T^h>g?-s)3e;GbT()
zURt3qXO~b2BQ7(Uu&-d19c*0}nhwc`Rb$Q3aC0oYZe6%Fye1qCuM4-V4Y#(2W6@~H
z#f^`8+IrQJRxz>~SCgY$QgJ4*S)x3$bD7N^s*CyXCTNY#e6#B{2qvWIMp|ULdq2ho
zDnuQzQl>6X-R7BX^F?UMMtteyM0Q7lH-VzibuTYTvA45JQ>e3I8VO;j;Fb!?$D%9@
zRgxKUa@N(PBhv?J!Cu>fpo6tUl*dlE-h)2MfE{swdDqE(`H+$l6wbo@gviyTgrw|u
z9_CrE)<cJ$lP{ZeNBAH$tYAGmFDt0CheIVCqX@k9LKmV|Uu@ac#H6ts!r0Uo?D~>R
z!b)=kjGsCvCJ_-K=_D+wgPD#oR70o0S6{*KAkU4hMRwD5bAwIUrD&f6tX{x|MT|P+
zNTDzh1a+);3?a&Tnk{NZL{FQPv4x|Ckln0vR>`#h2)<-1vh{+r>$^|`Y9Oo##E6B9
z(6GFgN+Msp0`a3=I<>Pyrrd?Q(tOu;OrK-Dhs%0rk*)GsJE}OVi)1UoT#o>?zJmDc
z4A^QV_^Ly^v&~uI8enQzCP2@H&2+9&Dtil4{AMK(D0r{p(wm{G+}&^Cs~UQnSY1sU
zkQ0~k2-LQrj>1vQsSEE`u$jsoQFN2~*9YT#KG9_--bR2OO$0+Ubq=sY=~1xx(w1h(
zCn{T4sBv&vVkx`w5{TU=ATi`~1rO6OqOq8m?wc#IaW-W|8_d@jB`ATD<`NlaR>=<^
zpvlwez)Xr41UXN0eoYBvSjmlu0VZxR^vv!sGp5q8cOQbY`lN1INsZBNz3<%90kA;8
z;3TRfG>cv&2Bx{?5cUby2rl_UM6}Nw1JehlOACNWsuO})RY2jS$SMkZ%z5=*l39<}
zj%3WREb^kB;<P>@=p+Pl2R74UBM^_PJ`jnJB7_apD|*_r0Aa>xzQ$l0NMjsep{<0T
zps_n?fI(g&tC_i^CAPvQXpFl*@}78Akr)fkEne2=n_Tx~7M-+wrxo{RYVXLoF_rv3
z0GeC)g#2gA#olQ!>ozd@fe@F>6B_)PA-0i9_%j!#FciYd0F$<g&#2wejHcENXa3n?
zuFp1@lMtpARCs}~Bg|HMLqQfo196Y!#!QKgWYJ<$b2u!^fJLS{tl*z$gy|*8P_-<P
zh2RD~8=}Tv=xIz%!SQ0<^Vr5zP?JsO$o55_P!H6QNU|e_H4dG(DfR|ma4&E(^n8Q5
z3LDrPR_rfFU~qC+X<>)}Zw7+I1SP16e2FnTVC{GT#%@McLX<@sxoU4o^(l-xix8uy
z$+~N+s6_&m4{b@C@db~KkvBzx5(E(dQun6EAPA7fV&8|_6p3bJO2BL!0WiFcLTFME
z6;M#Dm|xE*9ztSbl{o85mU>zH7(@Y14UTj|i*aiaaY}4j3cC!HDKW@NQj}n=2{#NH
zBQ!tAA(5U$>B@Sg+0(dX7`tKnr5V}`J1lvyb_{#4_zi}%-WV4&j6~(=gl%ob2!*Fz
zDuq&3x=AJPjLWl2OIY!YJil?9e&Qm5*ekB2KC-lrc$<A7ibW&vzZk*(nWQCp!p_=#
z3B;9^iHo%mkcr%fEGQ-Lx%W(dgwtnSo^%9+T31$>IUuo{`KBDkO7p%@J9QDAiF}J+
zLJE{(fyeUBbh~G&>5~M^H93RXXR(m;n3F)W&kQH>@(Ai$rMa+-2KZV56xcz7Tquyo
z;%u5F52Y+%SC}glrVwuczJfTim!9LWL-tOY0&sy%f1>2bA*De9bt1YMVViP6Si-YC
z0a*<e)i8RXNMmuYIuVyqv7}BUVdQu$wHn6s%)fzq*sil}o1#T(RwMHa!Kz4qf_#(Z
zJG2+7j4wk?scEvqqW2~p>q?oS&N99MNtSAvBF6nS&=|lPe}n#3htRlTrFo5L59>@7
z+D>E%2^pzi3=e6};jg#?0Fhr<w~YM7|0)Dj0P#?sYYR!G>nX*1iaXCSX120giMvKg
z&jc!mk>gP~<gy7x*B;Bcok-9i-b`jdqfyJCkOkdd2VgeZBp0zlo*qoz1LkMQ-?~|P
z>$X11*_0^-R_Zt@#$<+g?IFcOiVT(^>OiIhZ~)B>P?{P&Qv+LWNaM1jVdRyc7zlN-
zWiMVvL?dfL1uBlvijI37>YoTi^sltzQT?<nhzoBr)M+9hJ|n$|{W{_wZE|uP{6b>l
z>XYx)ye6qhrXz6ZC$BrsNLEvKdo0a4xmifk9t6^9bJ;+T@E0L3Zz(iS1(v`6{P<L8
zZm3OAZJ>7s^UPEpZ1X9hc#Y<pfvje+8Q?{wKH1~du^G>R)0|`V=LWe^Iv!9vDmPwm
z#NwO^)_a7HP*((eM!gXxOy-`z%oa%rkI-J`9jc}VcccLGj-b8}G}b2R%j3Agck(a`
zrpr$F>;^3W8!i8ihYtG(JJhhB2|a5~@gFF)3O^voB1jX$BQ9Wwk6;_%zfIR~damHV
z?E7k7*a6ZM`?kdp;ei_%(+iA46!sGyD=}QNH&o+`MHJ|5EHYdvd2w*K2y?FNrQeYK
z!hXiCMV%j(A^gNHm2x4<#!E23QVrVvJdElj#V0GuwFE+0uYSROx9T}-u*RrZ$j_d#
zK+KBJOE`Lcgr!`!avUtG8WfHzw!R)~$#+3^+o&4jLt)LklxpsSG^@+WANO=p&n;bY
zxW?5ifmqApg$xJ8@eYW2pRDsdY6h9o^{h2|mbdPi(b!pM`8=f;2c?zvZP*V2A3$UF
zxY1Ec;m#K}8$<W0nEY#<^wa5y{uaQY4-o1iW!#Op`f$J`1gB=Fq`Bb+`7!tJb*=|a
zC;W*32Y)2u*m)+-N1>8F4SIX^0Okx2yu2`l!l;%N#wU(VsxG(g>fQ~ZcO0G)t_I}R
zrH&n#r3@)<;6>Rv=J#x!&qJqM@u>it_*fi*{9G7oDHZax?+=VG+zw78J5sQ$z<q*M
z@ffiJsAt9S&Z4DQndTD8tRcmUm1zOhN?vgJ*5}g-m(+>??JkxFZg;U3f6#r32|U4N
zSLVjIpJ|&9^o5EwmsU)GzDTjc(7Vu|$DFkI7z#{6k&^jGQfMk%H!K+PK~F2Sk>*h|
z5ca#L!BYo0;2i1rMsuISpHkv~@fdA0?W0)yzqQRRp7>u7|8Xw<SLHwM$X`Jo`YY64
zAof?gfAFvN8WvY?gX^je71e?jBWaxK2tcLKUgJ`0umiqrfUD{jH{oR&?Ol-~=uH9-
zBjI!|TW_*rPG>@>awC<3y9c|fCt8(|P0&>YcK|XPu?QUjYgKq2Od4u}sXh7I5Wkn>
z)-$s@|0S(|dMh_$7EmnycZ)mzXLEGzy1Df~D<9z!Oie(f&LAi$LN(P?l?Ohlx)Fhl
zNkJO0Kad?E;!8ENdK;yhLuTH~t*EP=$aJG^&@c;5P(5njzT1hdT&BLJp3;+QHb|Xa
zg>uY~!kE;uTpXcc=+KH7Os)g9CXGdhHcq07I#11JZ%w}-gDG>2DjvxfxMngj-#s(z
zqv~^-Zi~D@>B<!v4#J!h#)@`GVP*#?s!NTmK1NQzNo2xo60opzbxpG_psBxIN^A?F
z#qox&*&vh`EH)`9y2(anhlZm@nu0BaZOBJE-$pte-o}2Ibh}U|$rttr;?BWl04>xw
z#m17x2o8(mB8YZpVP&^A6;>wHBt+P$ra|lCVAw*SMU5|c&lK#M<yQwmBkxk0rQ+-0
zHm*G!9!_hMWVg}wp!q(70W@q!dZitmAA$eJ$8^Hs%M$Th{!BmqcMJJ87yo-UKHm9H
z81XXG!1U+8HMXX8ZvJQE<3Il+*>aM=4Ca5$nz{8qE1$gcPkuGVn$L`k>7$3+M`8It
z7G1Np)gAx8rFky?_pE%jb#Fa$ow~1TU)787Gh0<PQB`$iRn^`lORlM|ese07GELL6
ztf{G~tFOL#-n@Ma7w%uW^txk?x&HX$uRY;}w;Xre4a=9m<+ZPU>+<C{o^;YpuY29w
zUjO>Hzu^t<JoVIftX%o7+S+#q0taeqZw`gt6AIlL4&Sn7&HH1q_pV+0fmrOewzk{b
z+CH>#<A*nI{%B|CM>cOhxPAM_&N=5}J9gaN)AO<Z{!a`Ief->W@7cBM-U}}HhYK(K
z)TNhx`r?c4z3j5jjEvkrHg><RKXCcw4;aShlgWR&;)>5tOnlk0zBo1Y<*Tmx%A4Q(
z)oZT#%3I(1*8ThU-+1GV?|kPwZ@u-_4}S22AN}Y@_wD=Y!Gj0yzWeTb@4ffapZ@d%
z4?OVs&wu`lU;N^O4?cL^bq~GutzWz8rmw&4ZQpp;yS{ngz$5Q@&!g{s@3%kjf$x0a
z1OMlvAN}4PcYN>8J0HLM?tlB_C!hG_C!hSsfBeDy_y6$z`=9#ffBw;zzx>mG`InzQ
z^w2}!_{KLLee}_P{nvjzbm-@gJ@(iSe(-}I|M<s0{V93%^dpb_@{vcL{nodh{r0#2
z<GbJe)nkwS`iUog^ZoDt_Nk|S_tT&L;YUCE&u5-_=GkYTefsJDdhWUB{_DT~>leRx
z{y+ZXh3B68({FzB=Rf@6FE70C!t>9+NIrl1(_deF@o)I~e}Dh`-;Xp2y>dQb_ycR9
zYUxW=tEx}me&4}|u3P$=hKnD)?~bp(b=j(OKD7P*JHPSvQ(7+n$)opw?2&gXTi$kh
z_h;|=)-A!of4KNtpS}A#?~m3tzpdN+<%a_MFOOXRaLYj7hZmkyd*g~fKCWyse{pQ!
z(dW)RXZxl_ThEQY=9!P(weT6G|FVViPP(>lg>vrvuH}zx(Qf?7f&Cw=xxH)t9iKh@
z46XXs56xe&a@;&{&Wcsl?};9F*Nx{6Uc3M4Pwjut^^YC8x3~URH$Ss!)4uP#f6>rW
z&wS$U6Blm3{q(b*9zD3?j3pmlzyFv2Gjed@*4qz#@<)$7{;qlR7Kbl8^uZVB|Kzw&
zead>zrgt6Mmb!4;+ss2>*uFXaKIOJwJhtqnsxL2j?guYjv~IyqnofV|j>N`CF3axU
zcKdBZiTAAxoG|afzklSbd;j)_s&N0t<vq*#S1cG<`cI4JfBVCoOIIXMe|GcL$2|7y
zgV!Cq@agONYD0JYY*YW~Rb8i5SFN}yP}BeZ6{`l$=)eB7-j45gUHzATe(I-J|Ec=m
z4c)!Z*DpKqilsvf->g1<!-|`h99r4G>eMHHeQ@ueuc)u8QEEST>!#GQJ^d?|d}?{M
zGSK<C6)S(yHGlEMwm1Cd7ZW+_;Tx?Q<-Y3&-*L(_5662KU3>j$eNQg@{xS0(U03&x
z#^aaWvFyarhnKF{R`s<TPrJJM*&F5!FTZ}_iRW$@NL+W-slWNfdrseQ#r5x7bgsH@
z#TEbOp&OQWXTJSdU(FxS_+jU@tp_i;`=zTl2KOz#_tHP#IREa~J-oH|iZgDmN?x#b
z=y#hAw2o|FdCiF<+gE-4n<qW~hM%mgzW1L_YQ1y$%9>kuJ@$_$UvuV-pIq|&n(8;k
zm#*AWefm&UhjIMSp^ob2r7IV|@fU3mKXTg>Z@Azex4!$7n-6yEKI7?M_AWT-g|{5r
zHBz^)>N9Kq<v#6;s`B-d-?Axj<ATq8v+W<#^Q}WSzh>L%XDpfD*LLfpCpWZaUN`yR
zn%nOB&V$EQ#TGQ|*}wGunw(N~chj$ae6Z@Tsk=@-_uXBey<z^-uRY`BH@5dLtNME5
z@BY&K;Gh0jXI8Cv?$EY>xcSLLcYagddfFYCe?9Nv#rqZ>_nv(>9`nbQ3+8?C+}p4C
z-uf3`S9kXpzjfbRU)ntSpX+l^<z92&<hJDLnTJo!T>Y0{ZNBl@s?UEkVqCrM!JmC=
z{ifq@IOB|Ke?IW0H>^B%N1J;6{I35!?bDks-G1P-1=iP3op|uai>l_G{M{8pTR-x?
z`43()?>h6(+Y|3T_EXjwZ@K5bD}Vi^`V;;(@$*FoH;>)B`MnF?KJ@uh)YnEjcHZ#Y
zPyPD%FTZfh*Tef3CKjH0@-fGbzGMA&=KW{YEz6GmVdLLl{PVq^d9dp2Qx@KI?7crs
z4gcw{zgxQUJvSWqe|LW`{pSU5oSb;#v>$vWxH<ORijFTFY<u4~{!jBM!R!9oJpay%
zV|OhN{?F}iKk=STpWM4-q~<&Cnh03)zwq?2%XdCkl|J#C`<7=Ox=?%I(G~qq9N2p6
zrt4oC2|V*+_?K0$d3N8@^ZsZ5v1ji4;CH*m7v8k=hi`az-=futJC6PEyqnHj|M0SH
zAF8@>RnNiSWuDmInCR8_Jle5f;#VK8y7kb73%~Wu;&s`D+t=K+=(1z)JmtT)SA{$K
zb}szub$|TQ$#)$5P2bM!)b$JB@`I0Dzv=EJQ^$U6*>%CHW1hNW;uCLw_=Ni&_*&I-
zhgNnkeQYrB$3=@n#=F%I9s0qur#!NK+5THzyyNw&S3PvY!V@1oV=A-rcVDaj=6Ch_
z<IHD&bnKx&pEm#LJ67hdK4<Bfli%(R81q)teEh2LWpA8!<7GE5z2fWh(%m<&Isc~J
zpLz0@@BQ}0gY$--9$m5joY$WDn@?0N+`sbO=WkiHI=lLFwP&2L@TKvm{`b#IA6(Tn
zzWITkrGbWh>*KfIb=;7;^qAXT*LbM<@$~$ITe=Q5_xv@ysj4Abz2dk3bl}0q|M3Gq
zUp=<y;xm`uli7de*{grP{lxtXQ=z*SUSp0{tJdSo&tKSZ`DGt_a^bRTZ#Z`3BP&)O
z{QXnGCk~uiJ$}mm^PW9(?PC4-GpZ+!?XIyd96IpLM-QBI?r-NeT{-`T{*{T94_)`-
zKYZyE@2@`e@z=a_;p=bw(x!R0cCY-*Gr!oT{QFn--ua%7{`gx}r@!f(bD~>=OM1V*
z{PDo%Meh&Xwfy8w$^}yweDw3@J-qwpH@|Puo%bwT_v}5v>g_|DzkBeB|86|*{;%Hj
zSo?x2pL%%fAG+p0c5vIT4pyaqk-YM?sh6I+<U5z&_4CX2eRlc&x1D_Gj2|!ksdC>>
z7v8&S!=dy3{>K;YP;07Qv+t^>jyrMJ<tP8XN?-MF*Vl#@UijJfzV_1YGtauN_x+pO
z_SMc`a$w23kG(VTe^=FRdFSeHUHZO1-FfOgr|5Tl_AS4DA+-6DrQy>*_2uRFT)(UD
zjsN(wGyWRdcijKZyX80U?0oHiUi8t4`RBbWv+VqBy_<Fp*Xf^n_Rrx*&RBNCnSrcw
z<82*1`c;pw2%oX6W>eGF)A!GN?gxLl^So&18=tS5_ut2z^7XG)@2mdyz8(AjXaCZF
z_+9VaZDaf2(9$*UyZZL$UpugL*S~+^@_GMr?WPqS^N#!8(AVoOzHQOSriD#ccO0`J
z+Hw6mzVx+lU845{^}3hdxh(L5MHe<~9(dQn_l|w%(v4qyT}#b%KY3x~+4HYo+P8A>
zX?63z-S@M<cTIhJ=jVR+yLYYr@!~bn%NM-1>eMq=EUG=Tc|~H`XU;yM@z<U8na6+h
z`@xTW<CHs&fAi$ZzkTt~@Bi(O>d##Dqi<_Jt=-YL`}5n{pTBDP3-ir4HoxVbk57KS
z>T_@S#IOJNv2)iw_08>@)ta|_>dQ;N)x7e$OyltW4Zr={!ykC6=K88d!Ka^%bzS!3
zn>YNnYGdZQhH>?no_qFx_mpGrs9Jy8$~T>V`qqOhZrFaq#8V&X{aM$)Dj(VL*)O&4
zx$m{d{o9MD&HJaPZ~MO=`})$S{`FtBeCLYl)4%`d?|=2f=XckidUf-P?Posn<dXeA
zIdtpEUzxw<r3<6KP!=D&I(x=3+kST0aPXq5zxTSy+J}Dsz(0R_Z)4S(gUil%EV}Rw
zRr`;5Y}KXjyrsVCvW91uUZ*Wx8TsI{|NQOa-~aG8uUIp7#-HB2`xC#s`G59&;XA8;
z-Sms8s*4WxANv4?KzYB^U)w%ie@4yb?2V_bP@debj68ST?~i}-rr$qsoAJNf&;Q~7
zHO^E{etp%`k1q&rdhJ^-`>&sGdiouw&g<NL@|`Ug?)u;FzwIMm`sUcrKD=P;!yRL}
z&cN}pPu>ta^oLtNQ}^?;<_EqQxc=FBpIiIv?|T3H%bySa*OT!>pR2uZ=g${zx^w3z
zPTjiU&Z;Nwp8VyHKK!?D{AtmZ_cm4i<rf#<G0}hHxnI1#CAs|DKmX+GzP9*@6W;wm
z-y@UT-~Q6sb>I2j>$koyR$qPTq3ar-oY&BQ#aBKx^ucAFQ+Iu<?+?#@XVn`&_Jg-x
zQ}yVsf2%rg*$o?>{@i=FEW7g7f2$h3VOjTMji-00|5<zWkH_Bp&|gkF|E&u?-nx44
z+GRH#ShDlrl3QNfcY1u}m~$82e)sbJhZb&nHhb^3tB*gw_kBw)_^LXu<NZsu=NB|>
zn!j*SRp_b9|8U~@*Bz|-!6%ka9k}GhwQv4Z{jxJoNiKM->LhdOQ@>2#{Pc+zD)W}T
z=IjNVa`PVD|J5s&9P{|%t&dGC?O3$@{mZ`7y5`t>VvpZ>#?Y?ox7|7Kk~?$TZtGI3
zs($uN^U1mEjvv`^>_ba8Jhd#jul4<(>&<D`o?HLcYlAn&c3pqN+66D2cxP^Y^vatz
zWq*20Z2rEteDR0rz`DK1?{DnBVc89vt}@mp`=5#)yr(Z#zxc@q23zKz^tR_>^Y8D!
z`9H?zJvP{X?xMSci4&Biftwe;@V;e#|BpABkIehg=Te7GdB=%W^UnU*h3~v?-ovd`
zRm(Qr^JrkjzTS(gsun8i<~=>H<Hd7M`FhJ^f4(U2(Bh>xF1zYL-*10;dH>Bzf3@db
z&yBz9-J6#DzIA2qLrYd&cGgMDCf;?R>&p77u}v$_e!Ah<Tjq6ax}d+~Z6|&F^`m1a
znTOtT^5gIL{O3-auV_!)y>mr>?2@l7(fgNV5{o*OW#M4e8<w8*)=f(;Kd>Y-v?O?P
zwb8%m_$QTlmn}GU`I4noLvMWir6s*}lk=(;f4Od1@8o&UC6+xN%%1aTY|Vi!BhjkR
zre)VGOCR%C)mLs=_NGI_fq5r&RBe6Z!TG_1^Us@l@A)^q_m8KndhNbNZ&u!L;IgIT
z2j?IA#JuymcdTDk^@dHcUp%w)T4izFq3D853o~~uj=rX9-d)Qs|GKs6ig&E4YdPUH
zw_O{$?XxGn@sy|My}oMRF<U~%JTd;h$E!|#e%|Q^o2OoAS@Hb5Qy+WV124RJ>AXc>
z)0SWN*eS>E-+RT9mUm6ue(h72H9UD+*1Y|l=Vd<it>nHhZkl)KnwtG5zV7j+JO63f
zm+v`$vTOHe|GF-F=H{FKw5#Evl~H}!yY4&d1ylX*^~vLN$%(tqQ106my!j2sJ+$P6
zmo8JS#k&ulH@5wS(@wZ=-TQ7_o;hGGI<fjg-~aHB*KGady1M!O@A>?{2Un{DORm4z
z`pbtmPi*+|`xfs0_=<jY(Tn;}qHE-JuUYw>llsrSbEN9j>d$`Rz*X=2==@*3?RBr~
zzb^Xvz#U6>?>q3@6VLw1_dmS&!p!-ZTe6QWTv~nml1(4Ic+292``VXZxbri=eEs}Q
zRU?^O>hIWbLr&jwaNhi<F6}yL_wsA!X#*cwHE&V%p@W~eWoi785C48D{@t5SYs|EC
zwyk*g^9%R<aoHztdB;2c@}Xt(cPu-&`-F#<_Ga!r_nGhw%7VB5HSqJl>ffrXiYdb<
z+`q8qz=yQU-*d$mTb}vV$DVz-?U<JNLra!Fy#KEHKQ_L!;)=zS|1kEK*L>*K!8Ko4
zS=GLF`GWVn^@o3b=fYLXtW67+J>Po8(huF2?fC4L1z%XV{Q6BF56@d#{q(IX_Ad>7
z?6%u~`}zkTYP;{$mR+l=mi4#Xxa$)q#FlQ|x3Io#{rvq)wW@`6oBF@~m*}2vMo+wK
z{-*xL?fOk$xqZd;%NBj_xA!i1eCbvFi!XS7!I{ezG~PFV_4D)BJ-=Yr8Si<rX8Hd9
zg;(En?}_Jr<etFt^uDSc&yTg;pZL>XUXz`-{dIp_xcK=Uzdh$o+kfzx`5lWsaL=dT
zabRWdrcYG8{oZve$JgAy_^#XUyY7zHr27|EANcgL4=&3ppE;vr>9**Jr(Sh`&$$b0
zltuqmx8fa}7S$f}*~Jen-5nh}^)G*3{*FV77u@^V70Z`=;GU&V{KK;Fy#!%Z4{m$l
zls}%lL%DB7Y}10+(ypf$W)3{C>8g?B(+k_LJ!Rm&#i_>@C%(P-oC6C3f4gtTX)87c
zmTcP;tUh?>?#C7mKDKztzyI^)U;bS3$Dd38?Q{R{)MZueNA!&A`sCIB;T>9J+)5=6
zyN|;9zvfs=izol*nl*Fzzh~vMer0FhmZ1y!yA+serGMw<p6)G5ps}fGSId^Brp}>G
z<^1hKJ9?B@B&rNrSv_twHFfpkwRd3LvNCN=O_P(8k;#^bksWIq8fe-B4aJ})``Tz?
zwMfEB1UA;JhiCAQrY1JxmF;><x02e%E!(<#a%!70re)Q-cw9^9$@V(c(vu0T-B1#m
zorpA}W>rO1c4;F@&IET)NL94HiMB#pOzP>~N>)p52$<GXQZvUj%?c>vS#5NK2s9=B
zOxCzuBk%$Ig!m(I(+ps=lnnt(+haAs@1~74)$8H9S%K<}U@JATA+W_rTUy#`93q7S
zXn#b0v05<9b_Ki+OwHP`b7*Vhnb6AmCOYu-BSvCsV@=Kagg&9@i4EY+VX1mr%Mu(_
zJC6x)iCo-*hwf*?Nn^|iY+SFFFfdX~PmL*Rl7QDks#$u*01GIJ^nhY!;{*gp<xfCe
z-=vcNNS}UPqbJM8^&|Qi`NO7eebWf3fRFN3OK5Zw!ChtJwi!+|woU(0)~{@Al<=f9
zHi}qH5tPaZO{)|77<K6aDva5{ldlBg9HGtXYC=F8*Auce(qkLD({;KU&skb~TsPJ?
zv8SXEFU*SbX>b_lDzLzq(6!0H#`AR386r@4lA@PXEZ72gvgFLb#zFkIv^wBy1$JhE
zjh*aUY4r$)vyALiVB>c3rOu#ZCM(w{t-78@^AbxR(UZDGn&}oFBvdl@r8N}K5|XgU
zptoe}GztazZIoIY))6e2t!h$(HEEcx5v*@wlgu7SEv3|SPEBG{fsH%x2UN~K-9iO|
z0zw=xa0{r>L)!%gAh$whJ(*-Q+Ks=w3#G)y2m(fRvi!H;zd4^3S7JkKQ3f`W#i9(-
zA0<|WL|<e$8mru|juj*Yu_~|t!gjSRsoSq+>(scOjkl90Sr<JNoK*5h%WCPk#^!YZ
ze%EQ(RywY$g=bi<y$bj@!m~vk(Kt5IF1Em!Ty3ze!Ysf9u}EEx(SM;?a<!ewYMIgy
z?W#DTW_2*8B2b-2zSgO<?+Hyeovotu=Flc?c%1O<B!rdSIFwZ_GM8x!hX-$`0o#Z+
zPWZNw1wu}NF)D9q`f%m4$+(fwprwR9s>l7&zjL6c^d{BZ9>U^O0^QbJ+HTIE&1t5>
z-%n>YkfjAS)^*caNGJ5TM)vPfb%ZlT%gve#t^t~-UDr&u1~%&>N!_rtxM~(Af4L$d
zU1PTnG_r+$DKH{eO;aQEmDH~!s2}8Cr&HTBks%J!FQt#%R5Lmo^k7GSw^-5DVO&d_
zoJaJ)FMD~5!=#<L1rR~5aLFKSu@iBFJREO^4ncg{5OBl;Xx&dlAf;>8XEydRB3Jm-
zE4h@a5OT@lGEkK(a+;FSvMC6UNmw&E&}8`X1&dG<WvGOn=KPaTy{Tvl;k0@tmn6ki
z2p36sqTf;=Teo3?-M*62bbJDSK)EFEA*&nMK}50P<gl0;Fz~Emfd8PgW=+<n2H{b;
zq%lT-g7ut%l%S@G9pya>$isu^IB}3VP)LLVrk0*Ck`ubkZ`2H#Uedw@g;mi~AWTMT
zYIYJ#CI~hrRD#GcEiLdm2i+$5@&DPo7Wk-&bH53Jgn*hv5Jc3I@Y?8-2M?ium?bPp
z6q1kx@C|2oPm+b*J<Fcm5D=9JB3K{bTk9jBR4rCfTdnohLbZx|YoWflS}Q75tF^_)
z)q2}&?|k3PoHOU_IhzfrecYt|VX`}C&dfL8eDlrs_<sR8MqUDX4EE;-WPlJ%4bluk
zK|&r>RLLMitH|uiq=jmLoiT)X_!JwJ5+~~?j0gt92?r`K`O?%Uk(Qkb83>>A_%J@Q
zoSc$m;o}fe9JdUEYF=D%?NFe&CVxqpG^0EQ3~J9<lBTvMRzMNQaHxa)3%o_tZ?aSo
zMI*#=*e_wzegTFiWCa>alglc~*c(Oe=c+9<<?1ctcdtZfB<u$Ar5rZK=-8#9`9i0L
z_6yz8>GBrBBIDW+;*tGCv`ipufU{&U)TR<<C)=020GYtVcT!X}sKIVu;iOD<N1IX>
zRTAaw0;X}(3IuIaC1?(`fkCoqnCGEu;?N>h8>iC=hS_B|n9%Pk3r%DrRMPJ&(m4|*
z0^cr85={kunNU$N`8*=T61*3F8&9%+*+rTxMi5XiLjGjPW-A(Glr>}$at#P4$-a<d
z3J4w*>Vd*-nf!vh*Puavz~_Wl$=OJ#B}b%)3cSm%e5q8mzpT?w%1dURfxj?vf{Zqg
z->)Ba8Ft)3_G!7OhU#ZC-o%KGg!~OtR+D7Tz&)Hue9r}C+;Y8mAyK=0(GG`MRIBm0
zVk-*CjwM}@F@YchtV7D*3a2~aQVYq+iV>M|rVJuav3b`F(2r(Po-GT<%5X`8io0}1
zIew$BwHzQ@MyAp%;)l#E1t+bdY+_Oi){_qfbW<wcK|&gDrbjCMO=rY(d@cFG7BeA*
zy@SdsCE|~B4xiKmho`5kNLJ@PFb#5DNjpf7k`(fL2O&%nV6l|LouDwi%E^Z?Jvza9
zwZqB*b)X0l9w2&HM_5VN@Bn=%P8Kk(!PAQA1ZVoY!*l#GL3tq4Llhdok9N~7RBH3|
z0u4n<W}Akdab(*>plCB)F*%?n=;jP6?C`0ylL=(@uvfICpu|YMQ9X(7M6N|zh}>)y
zJ35%T%D4)^AQf_?!lvZ>rKRJO^jrcL0%@YaCsV1AkG7}s2yjT|y^33_l4?BhP&iGe
z<lnIMKu)m<0qIigLMSuv#22niP{TNc%xau5?nz{DiZrpTvy`8LI=Ki1b!`Ub04j?;
zCxKK$lPGIyk+}5CAS|kc$$7y=p(y%L=2I1y9CRIWm=6=Js`SY+salN!5WXVyXxL~{
z0*c>IRbw`G4t6m56R0~9In#;Sqn+4F$l-Q5C|hTwk%6_*jm*t4?Ch1vAc<g*wVuZ8
zWXCz|!8MT8qDGH)IRYbLbZ;XBf)kOGUVlr6)jk17T2Seriky}t%6TYZ9K|Z$UX0Ei
zuG}<Vn43XL%;%u_OExBfb?DADv%hZ1gmx*`OlLLDU}Jq3ngzXy(_7ULEg2BO130b_
z_VcSC>T%jls$Yo{&Z<-5WKV=c5iQWZ(j$4JL480{wM?W{8ywkEiyGmS)uftaNRu@+
zEPG&&stDz$WGtaeW;Vhf<lTaTCV3?kns{+dWf6Ty_BR;)Mj<IU?*Oym1ZA9Sn!!tW
z$0K?m`HZHDn@)3+g!U5MelEAY1wyC*%u|zb($gH?zn>f!^JFbRE=tjMyiLz0w`p<=
zwIs<@;VztV3stSFMkYwKA##&|r9yFIL)KOhykv%<Hlk~V%g9v9{9tL)2Lj(pv+37B
zVo#dBLQy4F)~0rlF37<-r>@@Dh&vcgrLg_72BNX$w0U)X<8sFFT-k79-ARtD>quLP
zEMhD{WUEf5iDeV$re{5R2yg4W14205mL&IeKrU%lQ2?87Zsg1&J5URlT9bQ8oZR&I
z!mCuJ(V#dpSwzrl&3DhJ@hdEujhe3#1`M&?mjP+W>DAM&){^nIP?ByrB2Ebpr8*Os
z>W^v_k-0SYSJY+<_Tz$pT*wF;&LOIs5+YQc1$R(jT(c+$^QlEcs@)A2c!J!e+TwC+
zSu7bCPu_(L*`id}kk9BQuQyBzF_o~V8_qLXs{GD(CYOpNrTTINwNo`}>~<p34fB@9
z3?yWzi6of}Ijz`b9riW%7Q!vQT?vPaXZYh%`An%%)h87J&|Jt)4uoO=7M!yC4NHT;
zd~~_FWbsA`-`0}hDsc~*L`Ww@wh-DTiSP}=ZAh@kiN>BJo{4Gh(9jc8j&(t0R)!{)
zRifH6L2?5_vdt4w;*=)|8z>q%%XOZnyGB#m;37_ThUpQcl$pn=p{BG<@}=@Wyg-I?
zpPnw<z9qw&z{J`Baaq9=S>eVp#*|u_Ni(#ZjoeQM3}g1yF)L7`ao(e{9f~6UP^!rG
zNMvYn1x6(3EunBiod(a0uWuON+~}P*zNOY%e@1ha%{hgGNvM=}o0TM-5HMepiBlj-
zi25MlI#bLII2L;_xB4<;u;p9yOIz&3<j_u1M}I8EsgJ1XWQ1`ZXo0o;PD{o^r&1**
z&OH3+$WM*Sr~@XWy^N<(85Jco8o-F|=-{&jt}ZT-+LcgSJ83bovP4=D3MSf5EtxvC
zMB<SFF*Z^yB8S5>N7n_XNroHN(?PnNh(@OJ%F6PJiBjd%X_KZ-n><Ada9zXK8Iwj6
zQHalDe^x3{ir7=oh?n5s(};>07<n;M>dW`f=*Kbs%X|kutatPf|5Y)0(qv2g*OW;U
zru4;seH%Z0@n3!MUxyk0Wm0bi)%M>f5-c^$sKgo;md=CT7ZKJM5!M$G))x`h7ZKJM
z5%y0I5ylQ^Qvg_xQO$i(U|(Mp7}!CaqP<K}IW(36>^tP?rAf9?jBo}`BAO;tn$S!U
zV5-Ge%NEPSoUwcbSO^x7)ZolA3C%7<%Zj5lR1;t4k^C|_d+4_qGM0$jSSG38gaOK$
zyf<Jm3xtF~CenY@2oGQm7d)82O~;?r_q1KmkIstdWZ~?{ohwp+yh9WAQi<Sh;a#*T
z%nrr(hRO58UI6gc5=F<<y+8J5Tz^70Jd(9Q{~#Ktu^$#7LEiwq@kzF-@hCZfATEMj
zzh_EK3emlyG8)+^Y$bct(xI)%Sr4+xXl5Fp8ADh+$0N~_Cfa#D%yqT`E(Lv1w0G=7
zSUX|jgq2fg9>j3D24IB<8l-iXDtSmI!d-*#E0af-4UhLA?4_iJd=36}87-~}<{F^H
zl6=6xt%6V%WIXd9GDji$pz&EH+7Y60ivjBiFV(iRG=isrww0Z)uX?y1Es!qj3tewC
zi?cP4QXgsBb)^C-leNX0{Xcwtoe2*lLnAix>_}*Ep#6*uCqTKA$F?P=v;I7Qz#NKr
zBw&Y>MGGo1HKeidonUfR2yOETxy{-uXl+8T;u=D0qhYzVWdLG3z+VxhE}uhQ#UPn+
zLdjqeX+ye(nJ=EN(>OkQULnaHG%q%~pJ?08&Q8{}w2Zk|($7~91|g)e#(f$J0ET`V
zN<c<3+m1|nml8*dRg(z-oh7si;VO||h!)%$>O8L}qVe%i!AoD05M2J;0Kw!CeUHHz
z=&`fqau7@`z!w-EB8PQJFr9Tr2W#q05dUf{K$cw&vvVLO2jeCQ6AIe;)OqKW0GW1<
zjnj22xlz<I+e|znuTr9HR)Hk^3*iLlmjQ=6kG-IwVWAFLD`gv}!H=O8sKK;z%>cc%
z5o{0ROVyyKfnUoAz0olCMw4bJk(nHAct$z-gKTT~EJ@x0_2}qlf&&twe<L(%L{N*S
z!<gxTqj7Ivf?W^EZVCa4HTgc`HxBw9`UGcK267_pzG12_-8D@8?UkNGE2}w+8}^Da
zY$v&U*eP=qvZ@&Us%d7ov?;8vOlp?H9Wr=HRg4E_vHuat_T6-qD321=ko&hWo|W<#
zJtM&Vs1YWNf=`e--#wD0J&ijq?bV^r&JS30mDwMq1Sr<P+$>U@1-8PehT3u)`6mjo
zVDMB3au-xMBV-T4aFekG<?))r)n>;#V=#z>*9*GMw0?r28iKw|jRFo<oWnVn$Qoq8
zCc;uVut*El*^C{etHqoRG}R9hqDLk=tYcIkFgr#=!Awt1%fKM4M~)N8ge=Hpc965H
z9z&s0nMos)Kv%bRbLdNBq&K9UDaL^JJWm$)#nu8NO1{w<i+38P&*O2!xxxAvImfxS
z5(?|eKEyQyRX$uYGEHtH;(*zZ(vmOAv#runkF@Gh`c)Ij4$4#%0-i0CSJF;i&Fq;p
zvw(688B7D3^*9f2X8TXV`N}DAu@3T}S0XnQAuX7}LeRod%G#!!P_axyw&WOhOlXpx
zJSJqCrQX<rx*ftsXnxHC9hSf(&&3bEEpe{N9hpc+Xa+LFgOz)GQj_sar~QaWHj4@}
zvy<uGp-Yd<ZW507UpDMuD4xmO#P*UqCMVi6z4?*{6v6qWV*IokH-*||AT;5XDPl9l
zwu6$v`o>;qj(uTBlG$e57mAebCr$j1VFy3Vcl3b&KB=O@ivKi)wC{`m`8Iy~;(z+$
zfBNvB`l5dNqJH|Ke)^(*`l5dNqJI8Oqkj5upn8e`VrGDpkRRPV@O8xf%(cMeq{RF<
zBk@cF2e|=PL%nZcHfRk&USmKGat{?@2neG9OI4hRH2^9ASQ~QHQK@6COf)7KPPe$a
zl4yv8)L?gY^1SJZ?qioH)x`9G8Y3EZYl8j-rjVNY1p*Y5k<becDrWEG-bZ7Gc3Ldh
z$}}|@CtHE(=2|)Ws6$x!nJ#4m7&)7<724C><{VHNlb=h=q~@foNoJ5DQ%aXL-#DZ>
z;<vO#lQ<xDMb^sOVq8<GX`D-w$n^OOenFiSkR_)^#5~Iwm+)jW1|V}a;}mO}S}irw
z&log?$<;y@KZ!Oa$e5IqM7JZSD&p{9IzCy^u+j!hLKfT@Y?vs2Xp@)ya;Q@+(=nsG
zgspk+kiIKhs4C(#1*u!N!$87n4Z#N#St_PSn(0}WKym}u%D+@Wd@SHzP%GncaK3@1
zUyCW4OrzH#;GSdgZ(!WR8HQHbh;w`&SaS*ctB~o)i5`UvYNa#OCg=jjG)UJTiHJv4
zoCmnKSw^I$=;OysME!*xgd)TI+ki=hC8J(Soh|~b8VmQ+OqOmURv0n@*=BJtgh?`4
z{umLPLG*#b+Tz_OfzFaBK&S<h4$1Y_z!hUj1&AagO&t?pjVxkFYc*2$Szhedf-cY#
zC_q#^lH;KcWGpT^*scx$MKnD?kowPK<aFY68w(_y4tBta<G~mxwX`dedG{C;X*AI8
zG;k~vDNY8ZfYBeLEJf>f8&PPIp#)r2b=Hjmf*o~yLI!KJo%+0V*%ZUXcP(K|19FB%
zu&iL(l>`(Ln6V5Q!Bq4%vySLrrIgzfak72G?Q)#imw6-HH%=1X!vasqjoX6_$+Frx
zOFZbfqk@Hc56NBzT9Mh2|3;Wz1;3Jee;9s=B|*T!Z+b#B`CY?LaSh4-E+>54p%5O8
zo9KlH4<Ek=Q>+aT7MW38!$nXmQ(Y<>(Ulk(0P$l|tGtTs=J8>eXmY7S5d>kC$I4_`
zJAg~k-H1M^0C*2<LQw=bJ-huH2mvMvrn;vx4>-eUtO(NFfGoiX3CJwhFn-2F2tpw8
zC4zAP22ooS>70P58j(n4!oZpv=CmyGHu<EnKDI08G&I%ws_SMqF#f4;kbKQ8Uh=nZ
zo-}`f5B{oK=xd_idZcFZagDdhTi;UWZI)*HNE`25(ymErscUTTNWL>0=W;Ezx~_$^
zX;>iD&9i*yk?QKJ=PszLpWQ&aoLe`Kd_K0CQPoQcL%t*(m|j=iFwfUiUFV%!ceZWw
z**-F$lrM;6Sul@0-r{STS62_SYnXMqk4%hAlPE!Yv%2~@O{q_p0WGTQnyMGnH@A%S
zBD2(!F-YFIH4El>rG{q7yP&0^$%m6|XvP=S(+|k2sv8>5YO1TLZ6PylGTv3)P~TiP
z+t)-!(=3sujpXmKUP`2ezPe_qv7rg5Ti1-_ZSvJEB=oAQHpbULyYdlo&i2+f(6=vW
zY4Ym*d1uwlt(#4VLYhE#^L%v;l#2DFSxbZEK^(|jZ*^TmJ&uZe>;tk@H#9Yk^%?Uf
zlUmT+0RPb$%6PTS_$0zr^L)+o8aOZZxu+!2v(o3B>ihYJ{y6&o1nb-3z9YT=Z_>mG
z6DqCsU#3jx^Z$J-KYjkcKL1}|{(qk*u+J0dkS5E0e?4Z%_BjCi9Dscez&;0Hp9An;
z)dBb|LjcS$P_pr~fS#RCj1)&909@PYej>azx`S9!B5b}SPn6I>GljY#sAOeYJx1_w
zslcv;C$%K(M@0;X&*a>YV#zqG1=FiTLvojeW2I%%0<7f1depr(2vtA^$`Zq9k%TsK
zhRCe+3r$Lbqy|V#lT@pm<>@8niXXHbixGg$>Qw~7So{D6L(ytslqOfM5aSQm1M0Yq
z$nk&;o~7i58<$5qlU%!$M4+scrXhd>j8Is%pxiQE0Hv5GO(N1a_{h-tOJP0Pr-IU{
zS7MMgivG*i6IQ}JYnG=9-Y$Jki~_+F8W=`rO;{LQU`?lu8BLS$C3B{=^7jUmknU2z
z5veg7hn|YHCm^j08pptC0Exb#2%KPS>0x>SGQ<E;9=OV`C9ncg(0QVSXwl_K8IBgG
zVIwFh;hGL58lsgA80;#od1NhZ1Z;x<rU~je5ou%Xl_(bE<$6IB+f5lnmqI+50PJM3
z8Uf9V0hR#>4uJZlIT<(|3b=3b8BofT9%vepIfVv1AMvQ@{#8Y<3*llv8I9e^sc9H1
zK*kl(4=P9j^%&mXppov24kQkl8|3H@)~ZdI?}Y<x4J(~S0RfmAY-098gdWk*D`oO&
z6O9P#a&VLr1G1i8N7EqI<7gs&n!#$G5GrY8h0@+&6^=ixbb>s?>JNPOaDHp(W3+(p
zJIhS5k&}QF{ktfB5(@H)O?@kJLWP1M3hEn7;)aRPiU18#RK#EpMO(2fgD3|WRdo<^
zEUqD(EADg$a4GH!%JgB_8DbZNMBMEKX*Rrk6&5cMq70BnTV-+t(R_1DEi8~8tV8al
zCqoW|sLW(QzAE*>iSBI(nUOKI$JCi=@mXmYvP;1m9|MDZP%TTXuaz<e3z{&0E8z<&
z%fSc9N+`(^tJWesBH;Ze;&N1jS(x;6N(ocZ7e%7rKR6jhv#k>br^ReUK_^Erhz^h8
z(-uxyHEEo3rhp_G6rew1yx$JF$9%t~>W|YMH%0vcw`|5?GS0PP=yo!S#YoiIuPMvN
zCX<oybRaQ1NEp-LT&Yu(PJm30{wdVYfL1oZNWB?r>gAnmUP>zGJ3KNNK0lsJhN@SF
zq;o{jW@*@{DY8k$X|xE>$|QSK*E*76&f+PM-e_W=KupeNhLp90dI(&LB<HyhmXl#}
zq=)5_IzmW6ynqEptJU^~MlFq45rv*_j+C~*Zy4f<Xj?|{Eq!+c)UX<0K|A{X2q)X*
zxB-PQcY$|tqqn8jgqg)l8^Um~5T0#plOR|WD3if!pxD=Ja{}5TXDS7v7tRiPY$Y`c
zqvZ6YA)9zOgk511y!z{>yT%VR+XPH&`9zsqd;y^(j!BXl#W>UZGA>0?u{=p?MlO9R
zS|iXMEM|*ZzZR;zNN)XjHsgLc8Y+^69OPUMMeW~}^1b*nrH5{*ik7ZpQwy<cK^%~?
z#eNg;t5HNGGSe<g%hHrFYayF3+D=s>n$h3b(A?sbc@Db_4<(E*qU)HTJqSfYp@*K<
zRZ|iXxib`vL1=&_0a*VgGXm2Guu>z%C`#>(e<>CLN<$PcM96{SMPv>@rs$?GTjKY6
zH)u)6b(B?#Rf82DK)vIVH35~p)XX=HIgQ=AXUsY6nGiV@>crZo1^2`tG`q~&Pgu~9
zI7SO;YlknO=s;l^0SzcxMAdH@ED#kC%i?jYkz$1%U=LbBeT1{pY7~XJ*&0UqVOgu+
zl@i=y?L-A0`Dg76M#{Xb!qvbQqan@iz>(XF9?Q2PFX-4}fX2k73LhDwGI?lGW4qCC
zpa{Gh0LOyo(~SIJUK6;tSYHBp`%tkG&>VPlpA-v`+a0#B=K&pz0$(782V)(YxGI3r
zF;$p?d)XnA=w_NUwM@_^0fQ>TiJH%vn5t<Emd2J&OkY?9sveo<G>*@p_>*mAgdPFK
zF9(+C@C%2@18Op1D{qA_Z8*ST=y2o&AwW}+_#Yi&SzcQFD+TLC@`))CfYYc$lIa#H
z4@Bs8FxAU!iX(i4!Ia{2z(Npws_XA`13^I<Py%2W^3o)R=h{{O)zrW;B>}3DQ3n_=
z=FRv8l7hT4<0_Y=BQnZ1A|z-xbLk(@j|VSX%%D(u$m@ygMc!dqN&d08hWe$OhtqOE
zJ0NhJ0#`6GYsNJJLhE8kG!6iKrfqd-Zux-snyerC?ZMH6X2ei)V{0meTZ#$Q6xYX;
zc!j9YVTOi7x(%uc8pe%#m)XkDrtGj4;f9T-4SGL}^WzuIk36n6O2fuYCThXD0^$0a
zakURqA?Oe!lg^%Lp_f4m8Bv6zn$y*Wa)qGm3t{pGnjzR>S-iT66E}?59%&K$Q{CLm
z%-JSdgFR3%E#SUa{R$BVprRtZ)i?m^fk8XYjscb8t|FBg&L=e1WTP${H3Tc6IK^+}
z2Erb_xha4_%!vY*VK69qnC9RSx^?W;@bB8VaVbV37?C*PY%E83YB9UMv$oDJi4g|c
zOs<PcD*!eN62jv=ck&ONzeNTZU!+_ibgHW<5KF8yoxu(mK<2Csrk)~}qXS=v)Q;OZ
zY6JpGZX#P*l}d%y7#1=*bV8(#4u}XAWh~?tmmvcH_h&;`*SjJ~vev~c&rLsbfcse<
z9_DixtgI_pU|FH)j7lezQUh$p6au?T^Nq>7&p9U_F>1-zfIOQo0@ji{0sM*aZt%Bt
zh=^IMf17WDu*JV1^i1f8-Z$)eD#mAx?`dE9<Fscs#PiN8C5kSYE8|}Q)l=n!XSomz
z@7F4<C}mqiolG=NBZn^3F-4qTOyX#x`=1;w5tXU7PTIRC#fc>(5t*?Fopmuf4r{Sl
zZtSZAO;Y!yu$j`Eg27zCC*WihSVcS~88Q~TTk9t#-7s20^bkPO8klv#Se?#+#Qc8D
zI;`LL6a=+o;>s9brlf$`2^56oKyz9<Y5~+)1Ex|FbRRqvNd~FDCKD0LHVXA?nPPZo
zO?k-RlIp>Agb8;Z;~*s31|n=3pj(EXZO2AtcQsowL%Jptaf2%jrz27E^o<=+3FFIf
zJ_Rv#r$brg;Tk+vIo6$TEJ!D=hH?9QQp*zqXQ+63(fbIblgZ>@NIk=QEj02&trGdX
zEG$#^zI5uT(l{mB77l6c<D^8p5+&QbEv_gDKp7+7)hb~!=S4)f3l@*dSHhZN*8?~d
zl5I&vQ*1jCB*i?G6tpKxt8<dkWl?oSRN`HqN18>0`J$v7C(5~TrIM8TC6is_OcHXO
zMGB59E90*&D;sB)ftDvt64B;6F5qlmXh=hwHws_cywagxlNcRmlA`q%(FwW|E0s;p
zOSnyoYlk;!Zj%i`tPmAU(9YC`)gRV0;l3njVLU&($5=eeJ~qc;d7vyUum{r!5X>Jf
zUqs3z!{Tm6iRUIKJlgw8@roov@Rf+04W3}5c7#gX*Z5jWg=iF_H?nXp%mj|e2_6L^
zQJ1uh<cZ7HH02oP2PZY*ZJJ><=zxe)ycAj@9CZJy-IYf0)ACCV^VRYzO(xMJ%z@?R
zy_KRwHLf{Cbm?1DkMK}U0Upe#VRDqxG6qD&66tG=Zm~;h=kI{3BQOYN2_c_iO=qUL
zIz_tZK`Jc7g^UN2H&gFt#(fezlsZN;Rd=1bcZhaTSVC&hTz&+vi<GK(!0Pbq=JS;r
z3pB^L7q1vE()(*x%z#i0n;{Bl^aHwOO#vS~0Kx7wG@pZT9YCsq#hq{^85BKOL%eh^
z*Rq{TU64^lXt=t^J}Sl%r9v-(+{rG)e&CBzwy4cz0(vlrTMdFKbC`IE$MC4!g{3%5
zj0}ya90-BW{JrL#1ioLDh9f0S5od&7iE6;Z#W+n&?BK+n<USXq6{AC%wSx>jYDSrg
z)5w8>az4;bj$JC`PZP>kI5-v>`Tpgb!ovA!?c<i$q4E<|sXarsOj}S;b-h*spD3#*
z9aZ(+2Y3L~#)6*MD26Es6*<OOUpz)E&tbKhis1?A>a&|kc`Cj`>4fMOO|K?!NCYMS
zgPc<P03ob0Ve=+>wixE2Z<3t$bL}lrxtqg$`EwjMNL$_`!0W5l5(=0x59)Fh6$`3C
zz?$PGHXRTuEwavLV042N<jx!H5U!EDDn*P2IK}j&lJUlY8Rsz}RKT%NoK|_2jc481
z&~0JW4|`c4zK5TM^xgoch6RTMPj#pB5oImCw56VjmVN}+F29KC8<|~CMY#oso*dTC
zE{WNlAg~5r$Q93^eJl$o5f}+(Sl_{Bn^46&k}k|ppM>>Hd%sCBdB8^eSG?ey)}zse
z?K{1*G5o{cSZ?4~cI9yFE;H+mc<J!6P+?}Z<B`L{eh@00Ad(L~yD<!p9OV8G4IOM$
z^^FzrP!6DOI*@HDxq%}f6Qx^JGizTEY!M<CTne*JILWWd=7>p?5{k#NIouX?jLult
z$kIz-NT05SgH)9LYCMPzB^}p2C_-={zB}FedIcND&><Rei&4=`P-!;#J7`YOm=A%7
zcQkhBhDnrPN!ZaC0Z0X?y*CHta+{K<VQa2SYDAmSDAWmnWzkSZ6-^$bXX;E-)9pj<
zcbA0j-KB)-@O;s^jC_#E-b}YUC8-ztv&S7udrN6)w@W2(@{xbz5EC0UrUah~dqFny
zJh$YL)+p>`W*cH!dGCZ<PohDj{h`SRWAFFSXK#gsc&!z!0dTKvA{PpONRK?QUbm;&
z6p_#ss+7n;BP!6i`Xs5rmBnP^c^zl5LfnYRjzUcjzXp@BDQ*|<yA(ptUE^y34FU}h
zWl~*~WfJhnPf&Et57XzOf`?fzZj@qOz*_|0v^olrrmHoM)G%%k^<s%5{Y|vsl?{cd
z-XthmAy5&l$aX3#JV4}Nvr+SnYFSpJPAko`h;k_wQR3{LFW!+b6(XJh!Go?x9v5yO
z7tgC6*dvk|(JoB<VpO`)8BlBlFRgzHdKaIDI4q&o42EYm7=A$nbu-SSWDHWHHL-S-
zc%9J;)|iy8gzzfRFEv)OGTo&O0?26jJ=+_EiiI!{{*75CaJ>u&D>UX9b_d5BjS;Bk
z@E#-DPJb1lgMVcLEm&#$b?g(a5_$j-+#`g}Q%YyhN*Ubz!t25SfEW$Ur&=o)285|1
zkU=jnhY<pV!MZ5`dbWXBAYkZuh#UYffowWn@D1NZxq^9241+^Nzp67<<49~^V_-@*
zUA>fz$vj3fDg*(HkigfoOCSO+(mFt48+{wBd>sPi^y+uhC7SXj-p|aVS8eRA<O&G!
z`CvvPq7P@q%WrB7D~?Wv7g4pT8tDcrDd~r~n%HtB(Gf~+ye!-%_1)+V0rKPR7Wf5%
zp;t1QfJ{T=a0?f7yvm<RlA@_F#9-2dEsoi;a*$q}S=>N`y2#bI5zwj|X#4P}B*C=b
z2S@e)?Z*-S$sD6`Snuco|7l9aq?GzElPV|l;Xi#FKYjR5efUp(_)mTKPks1LeU)JT
z9{@oy;gpK|)FZrCANW%r_|rc>_){PH)4u}xli7f-ixSM6PZcNJDDHJi0I-Q^F@+5=
zh#xVt-M%ogLi0_)4n^a^s2@&CpcTciXmaO<&a5SZjZ;7afcffq1?3JUdQI&lHz?j%
z5dePasZ2Y@5Mf}UW%^)L;@UZML@kjl_Lv)#^s48m4J-Ik@*69+>*Z)KdL>^|oD;L2
z^Bg<+l9a0GT+g-+a5{U8&C}*dHW<5y52F-xkE_9#f&LdlnZwCLUxqfacN9ZyOji{g
zRxB#0AZR(}7GWU<RL?fbaLu8DJo)cjH6SN=Xv-n3uqh8lTq$m>PZ<yo(nT8TKon51
z1vxOIWwcpBF<HlP8TCdz7J#R#=a|J~N=a~AX*^BRFT2ccd+59gN`71cMcr{)youx{
z=eGyeO*_=t(Og+Iu74Ou{{r?8QGhIcgI+u#4mpTcWuAA>vdL0>Z&8as4~EEjCa#1T
zmX#h!99288cSbhBH)YfhchjE8j9EveBKQ#uP45mpRp5T>Kp>*Hv4ez}1yz(UEX>E9
zGR{(SeR4J(HHHs|X{9BV>!t`BNMtE)U)TtzQs$<cPY*~oycj`N0!-6aAVT*uOvGf&
z79cmAWQLA`MGhequ)6%<YG=&CRJ=0bJ4Br7O*!=xfE%W;Lr0k_?U|h5j%F`wx|_qv
zuIJ;?P;kb$`gzXt(g~H(8_tmEOt>}R`#OvRKe9~rYigJblTbd*CN{N`+%Y-P-oqxY
zj)!Q%81M*tSZ4M%9g_z7;X5s8Y+1J2O>BuReFzD%=|odx85t_PAnmkR8_7*?#?m=d
zLY<e%>_9?ALeX~J9f-p;7y5&uY|&+UmO9fQ@Lhc3W<-zF&5N#W{jjsy`<N$ee;y`j
zXhoEc4abur{tVAP<y@q$?Gj{2d72yQM04^jp*FrSqjP{uW$tO@++u@bnYoNGiHLB_
zF}ow(?zau4w`^|~>7v_CgohLs>P6FIO;=-#FEinj9R5zH?tMO0dj*6wk=#7kp{E66
z;iw`EESAIyT0wZiu`>3BkRwb%FBPZL9<>*i_hN)2*hc;yqFQE*)rlm=xHBe7W9k55
z=W`Y?g45hWa0of}>3fYZ6LzjEI)RM1;6vbh`<<#O32NPqs6COv)Kqf&RW+>0(H>~w
z#i(`Qbd3hELl$t59g!xhGDdbnlhpIHRTkrwA}lI8lL&AH4;vZ6VfD;U+`5>GfFVB=
zN5&k2&Vu<ZtxTcZv<ctr<h>nATodg^EYeyL3~-0HPHHj%A)Y-h5^G1ei~O4byUyky
zKlDoEptVsm17klS>Nj05zOfFNJgx`hGBw8@H3*|v*j8W@;3D7HE^at%*%5LWR7Dg{
zm_>S`>di7dwiaMwU5`XD-Hc`X;5tMDOGzQ1xCaQ8rSq<kegL%?Stv70b~NG^?T%6%
z7shhtn?_}y;FqEh*s9=yc^c@P&O|MoyD16T2KX6^Fin^HPQfvGEE$$wG~s<=jC`t{
zaTF%O#QBIzW~Pn;F@-}s$drtTL7Z97XFUoFj(S@qqL(K)oyuZ3A<{6c&?-HfHl#!>
z21Rn&Cy<ft?oY6aoL0!=#Z1|@8I7RlGnC^rvd+|557RVt>@ZEPq{E35RuXEjr;G+L
zGb4lv@$>*+<L-^9=*HE)*ZdWBU@x|B0cUh^OOv<0d9Js`H`@q0?wOjwP&(6-(5feD
zA`*t-SN<pCnvRU-*>NcI><GmH$@Q@3+u=OnjzgJoW*eoWH#>z-_0V?=zZiV8TcNIg
zPD4hU!15+%VwoCBZt`0ODwN}a$>Q@<g-7bt7~GkD`0LkRHUvGv+ya8nB9LXr^U@BZ
z-gync%U0F|B?z>Hg&I9FWY6Xn)*{n$iN%3`3*6LP-Bj1uvbf$m&u8YRuLTA)oe{wf
z^3zasXw?P;hmI@MT;O1DjG$?oJ}+X<v(RbKcMQybM43%$NmEe&;TjkONJ6Le=S{w5
z`;P-=;o;r4ERd<r62sJzUb`~8a>*%hr!2|Gxc(Th5{^DNUH3=<Ts1-88Yrt|ogs5l
z@hdjqoE)x8??g$DYpBNA6-G~^1alVl#L)N5z@SMhu*ui3NIIrzPisUQ_HK!6Y3_vZ
zD5p)I`ubN`xI&8NAqI1M$o5bpWQSG-a0uHm68{4BO++Al7PrR1#26xyhHz><;QRMd
z4%y&TJ28f}X>VA=5zyD2vbd$Z$WUBgLUR(7Gg!xAZ<16X@HE5_TYihQ;CRhn3mI%l
zU@ah!h6bjll3VFac%*NV5;k_CIE`;$fVdQH5R5np&<3!4mlc(W^-exEd_vyL3t^bb
z(v2ee0n)&7N8umap^CC$i@;iLeF7<1w56s}NP=U+&Kc3e>!>X)^<^=g5QoMzcBLSk
zxF)4-?;@g@r!)m+T`#r4z4DHp62mg82<i|N6`?L;8wSwSa0uWPf|$;kVO)*~B^}`h
zIji4g_#dY`8h7J>GQpJ(He;T6$wsXQeW})xGCZ_G*EA#}Yg5+%<sh9mjhRb5OKeP>
zc0)}oQtiumq-PFO>wgaR5P;_XjhVsL3{N$v9>P;}=b()XQ=a*CFcQ&A!y$hU7AxLH
za+7~D_2r}*=@iLtL=E>)2Z@?3L_`(tbEJrMTz|EeK1%jPTWp4f{^CYLvhAnBr9%fq
z5pE5K<Ml}?7L$hbLPK(ACI4o+04%_irt0%aMfioGGekJr&9nAPX)rKoLL53Exm0Dy
z1{6dY>nYf;4%Xq(FI6Zc7(jsebwOHb4_<?X=;+>Zry7UMg?a2s@<2RRn)`~z8IMAH
z5CPB;YE$8oqA4sYRQKvzi?9d*z5wkZq7Xt1CfphT#E9t_hTWZ9HN#4WeAwP_p(0Uw
zw!l_j15Yq#v}tKfD<{*1V)Z+NBH#RrFM{3GQ%~^#^4q6mpt-B3{Ev*{@11)|HNf$p
z0~4iq;FQMRD{NK@5J$mp802Sf?P+3oWIB_oHDHpc7x14R*peRV40Tu66je$-48j)C
zB{=9IV_^tT(}SboP~hNk%=}Fm3=eJ~3!WX!SIc03%2UG7WCriS(LbDg(FRD3DO}DR
zCCAschaInI0Xdctd9h)JcFP_~Ymm}p)J%!F)13(!O$OmL60IR69L!)wLTk7_wE=7n
z=_a%60WXWF)_olA)TsGVLGP4Rh9k|OKJ+rssI#$$;dlMnG%?u>{D^kA)F`oq=qMcH
z#S8_DAsk#!HG_}PA`tqy8YQY`NKD+KudmdrEux~?p{8#>K_4oj);r*#$N}<EfScqY
zz&C{Po)lk&R>Y9wad{=ntT4umy7OV2bTP<qM*x=$IK^lzx$!?41@U{yRG{*zewqY?
zFmm&zz%z)5;2?+F(d~vZs|!NMg)g^;3+wJkEYM^sKxla*gzQVz%x~Zj{BArVoNElW
zCM{1M`dTET8A~DFG($Nw+kjPfkT^Pwk}9r;lN>T&+S8ulMoy*kAui@s(z80lQ&BKZ
zIZ=x@p%I%IgsS^kER~Qs;|_8mWrSr4u1lhN)hMj)82CDf_+ZuS5Nn%5M6qn;&Jd_h
z`bE`{2J9nDtN^xhaHpr=$$@3*g00EdlDn*|tQRh9%x__gj$oFAF;*$S{2bj$IB4|}
zAZZorSU8mEDNcd6$tb&kj~5~4xDtki-ZUyQG`*&X`6kRt0r65nY`xj1ws{HqDVB!i
zS;{X=uE(@r%I^AYE7e_*T1k_T40ojIDYIEWrKG3rGZs5|YVF+Ar)&(NHf3;~p0ilV
zZ0p>nK5I!sHT`MV-Vh3gkvg@NNuf6B%S^tO+CHVbwT<F>Hm#Tl=khsSk9=Cr^AXbp
z#d2P$Ep;Q69;F_R*}l}I9GY~$bVIeI2bun~Z?6Y|=)c;vqf#q|g)QyAHMA2^`AADt
z-HTv24pLje_x9i5ou64Ztlt?)j{G;fR;KVwQxv9STS_TYw3~BVv=f>F^&H!Fh;2K1
zXloiohvO(L;WeqTL8(ueatkc^0}gDO5_pkPp4Ryp9tU78XKMQdH@xb<I<zyH3azE2
zot|JOB#Y6^rmY^-F9z;Ak;XVg^<VAU=_VBRi)|ZS=QLExbh}I6)z&@ThsFqKjAj53
z1Z14l2gum>^9}tt;y>!qkca<{^!SexPN|qU#e)BM%B0H5KK#dT<EIb*u@C>T5C5?b
z|FIAMu@C?8{{jA^J<MK-4IpH?74E}=?8Acm=f{HVgMxHGf2Ht`x}Nfn!GHvtKN$x)
z9a#}xA=E^&d?mSI&?aQAo|7G@$Hh-3Du={czo16Z$UY6EDSU+Cc4g9ni1;Dt7v3sj
z-9-p@L_@ruB8zB|(0OI<p1Q%}2q76sM#-j%LqRi|u)#~fqW>pGh|OTp$deFjjxRO(
zrZaFXo~aoKgBY?2miTZxnLXB{i$V>bR`5BobP-cU8H}-sBq7EIOQ3)pF>1_(JwiwT
zJcq7-lr?dq4+h7?d|hy?$+Xy}7HXrFs(8>2uR=}K85Uk(Lu{t%3jN@mv_vSXiY1|>
zh>8MFD5=YfWkCTs^!H2Nm>g(VJkq>SfCyK$H6hj2HG8BMH9|;E=zpe+Ay%v&6k9+A
z7s3N+el+QGj;tl{mxvl%9EOsbbvRV?t9OKz1j|G+W@8k<P7^jILM<xzpp3qCjQS-5
zC!$CPUlemmjqnN6cbG=SgFZ5hk1{zAP5G*AN&<k>f@BpW_c_s?FuWT4dM#5ddgBkP
z0hI^jnIhmQ03{%uSc+`v7+n}mV2O)X&BeDc1{dP?D7#=BxKPbWVedDG=9-FP(O7Lo
ziYn1|hl*b;$SSB}gsdcZ@m1D8s}ip}^)au;)_3b*`A@R|*7Rw|C<Qs)Qkd$R^_V-&
zcL1$Q#pA+_Vz&{R9c{gFx2r1oe_1r3$z{n<GEk-jlVD9NSE3#42uVq(<~hSWBAG}j
zCE{1(P>?%fc*li3i82I52;!%3;cw*CD=BH)7=dpzr0KYrjf?9^NtR><%9!EAvL@aI
z026Umqt8lsX*@<M7-FAF9VnQYgfq@bjWVYSOCqj{M#HYi1wNs)g`iX>CiRKOkEskF
zte*3`u(UkCqqkzHKL%YU2<L`XF%q3R2I5jm9y2}VIdRfZsk))Q#aG|5c&@L$Mvq|^
zNo6XvW<_*NU)`;jLvUCt8gkD7`KV@Kl%{uvzLBF?O-sYLU877XqC;a`6cK6*T2dE^
z+LuznEA^<V%qLdkZSgJgp0&7+%&%#Vx7u!Yko(ag8dM;!4c6a5od=KvjPRg{sTi}T
zGqRB*i^dA0aALSjnnNR-ra=$o=67a1AuHU3IFU3f!NMd%1|AWE*g#YUcuX<imozgM
zK_C&UxEqthaz`9iR49*W)bo{DS_?%Yizp$wW^tq@)zTo+je(AvAU-^ZDa(pmW;PQe
zP7#-Ybx3qTEkjBO+Z{5Nf-+M@bQ)u#gPg8A$S0?B7h}>G0S)O!q-%&M5D^nTCyjbX
z-T_o7j9=oYWV&1<tdcpm+r#phMTtHry4>t&1JF1D`;67%MD<aphKCg?#v<{wW+uc#
z5al<f$VPZJ$84bpy?g^`AVZ@%+hsnd`3rnaXDx1SX{xKQvD>`qR)+;l%9<(7S!E$t
zr?FrwhDnNL{*+bJhbmZeAT1iVI0peimJrC5o<R)3NyJ@LJk4x5#{uL?$1Tu^5REJP
z$*<R#RFiP}Wi$>C$}L<v3bDKt=4gz<=Hvx<7bpx(5kBCJnJ-|IZ(c)-Z?Sjw>?T`=
zglf5Q-SVYMb&V2ENK0VFP6pgSZefxhoZH)X*P`ld^KK6Cf^SQC4Gr(sH;k}&RM$|_
z3kO={Hb}E>1S(kh0KZpkR=wBrteZ^^@g8+8Jb&4BFRtJBbV!>Jfb=;qLerdT={plE
zJ+{L&-4S#KrI&V2Xo~{J7MP4A8B^j6GD1|OIXXj{9iiu)v0}gaL<qktonr86?})je
z*=NVFW?DLv@f%cRd48#-6G~~SlZ45Zr!`CUar8=WYVr}e+uX8vp0B00!TumItJA{E
z`TijT2=RnL1d9U3^GM(pk`x25mrCIpUkm-k!#=3>d1sqH0hN(Q%_ahw&m|R8Nt_54
zgD|6wnNMIxbTJRR2GEFpFv}*?@yt>{YanMjKwr~BUz5`SEmBI@AYi>Ahp~+I^Z<51
ziND$P&5(IuD^F3YQ948Z(APNJ#)c*bp=vfZ$TVv&rOtrBBvk$C#TMm5XliI_sBW0+
zOf|(uyB9BVX?0C;L%|lb8L^?$>wO-oX3yr-+%TtQk+&%gC%~M{3L9q5w<cD|ag!wi
zjj2>;<5+Gw+1&<mt17k031x-6vQ(H3ys6yu7GomRa1FnC!-lm4wQzFi5q3mnL9;Du
zf@$`sk_Gh}2I&4wgYifvJv6LRb($!Sx~YY(3Q>YuL!CTK9wf_RZrWoP33!21b(Jz{
zzOKFo$ZiiL6s$vm9gNpA!rOHVfD$c*K{!@x5!FFNe9&uDq;#*3)2$`_NGULqk+V);
zHnbTjoq=#N6c_aD)S64MwnE;S0xFsTE?~KKgJsa0Oth<UqQ2|ZY&;I23X19Tuo7*9
zU`w<<HiO|WfH>9q;o}hxMI65x19J`?0i6l6OC=5UGs(HeW^Nj=dB{?eophx@SsFRq
zMxMo!p905<b~uEMlgk7%Rci8P3fzjFEs+|9d5tNcO|S6cY}mw}))o|X$;(Zm`i&gq
zkG{@PR``S+i<oI2icyS;a`=l?f5H!Fn{)}<x*}zUK?2^=7fO@)P6#r;2fHzwK(y>k
z>SZh9WQ~O6G^v-_X=xUwmneQLQA#$?hU3lYRWGcx&uq{c4fq?akCnnkw)KGY)pizU
z7P&z=s98yjr!HE~Q4M+(AfZoMn<@>rMQs?5CTYWMIO!+aZz5@fEy=Y9Cx1{68<)#m
zDClL=(nzQ11)pZL<ffuiha)yjHOOp4hPBR<AUq603-T|sotV)aaf=_;COpi|$1~yj
zG5{n!@*0ExC-w#Z_x*fxKlbteNv-^Ad<R7NPnkT~A^snKEb;%7PN|sak|uwRV{rWW
ze;)tuxc)*g_~E`Ief~#f#pF{aS@S<8PM*-0|M6}7)YQ$HIz?XNTI2cx{*1d^9WK`@
zm+QjZ+=~Vdyf_kxXquKF3fRh(t5>hi%370?)0LOEcF>@8M;>{}QAb^R#1ZQY3okw9
zn9B+aHw+!R@z`T8KmPddo^ZmIBSu_NTzu7-F;|zAY#K9Wb7|={rKQ(-Jl9U1d}C$h
z^{1S2b7kdC)27`rZQ89fXWlkz)*Z8F-#%+rcWv#Rr=Nc3ym{N^&b_m-@$QzE@6Vrq
z&!R=!&pPV|XP<rF`RCt%?z!8SEP251f3U6X!BFVorAr@H)knkOA1z=0Xh+B6iNs?o
zS3Z8h1wXs^;-6o1(a$cs?6R(|t_>SDTzTb{*Ijqr_rCYNJMOq+&6=NgcXw~wwr%_N
z?f2h*|HBVI{OF^PKK9sSPdxF&+O@kbyX+SmH$Hj!<-fe@s;4(?dghvIc3*$}b2s1o
z{LMH2=N)(addrqyZ{50g+qU1_d+&?)-uu!IfB4FS55D@~gZqB`<JTU4{Eh$kk2iMh
z+V#s{{&M&3-M{+PuXgTybI+bVue|cg>#x85#vA0T{m(q}&NI&(c=p)?&pr417hZUG
z&z|>QeDM!2zx=_zeILH@#-Cn$?T>H0_11v{2lns(^ZW0=|K~sd`R%t4{{Hu$y#M~E
zfB3^^fBMtspM3Jk!Gm9rpHDyi@{2G2ia-DR_rL%BAI(DlK0hA#2lj$1?<?1+fg@{o
zbnjZ5cl1f;?%uKG$;%2xoqlWWgIj<3-Qg3L{&x3+cRq8qRDJo#x`*z1_F8xI56*q|
zp>5CKSTSb8<#pOSx0ZA*EnD~0#HNPZa)yrCQ1tO$sY-i$aLMlX=bv6%)ql?Xilg7U
z^RAq?q{byVSwk;rD3a!9`wE|_RyO>0Q`epOxA?NRJT!8&GVr=vv-=gdYnx6l8a42m
ziX-mYFu(bduKo9QU9)b_&h7Q%-rf9GRn?m3Z|vW)@2$JH4aup!W#o7Ew{{ne&b@6$
z*E@glcjwHxW#_%G?b&-(R@MN|lAYiCBKx;T+;?B%nyRaI)<n*(xm?@%liFF)8>E}w
z-czvA^?2_4uY7gRlzzW0ANkdm;LK;1#Jg&4xv3?1LvhJbSx@}^_Mcz)*FU*DjWY}9
z7Bm+1Ys&l4fb8dPo1Iq_9(iEa>Op(n>s~uJXaCxUF{N96SJgPu<vVVmt7v0Me&dZr
zqnbuHt~;*Y`?7EK=Re-}#_CT8cCW9iKRB*n$nw0FoQvhX>x(w#?ksK`HR7fBx-a}}
z`8Zd;H0F`(sv-rQjYYZl6%Le|W<OF?{I)N9Ku669e|WninRseLB466EuK9}LZ#@;L
z?|;d<;~HMdd3jLw?kQuh7=L8JmVzOzPvsTWxPGzWxYYv>tj}6pxGrbN{8O8PYcCk_
zhqtd8dFt|YH}sz`uPIvopS#u<*2SLN(~$r1=vQZ7GO7E#ZC|aP>0UEn`}v=3$liAB
zQ*-K<kKXJGpLI&hhgF*<`D=?W8se`V_2kn-_nz?E;(^<LG<4F|!s7hv7VY`ru#2W{
zxHtFZ{DCJ1@`|emj%;yx)gxPWdIwI(D;{v-+tZ$U=B5`<IO~UVt{%R*+q-P^{&(v8
z4gKWO!9M@kHLeFv`HvmSW3u$*uuH3g8~Q!)^t2yFvlBZvA6+wYbZ&OTwCi>cJ84qv
z*cDGqzUi*#pE$x*+3%#zuDl2Hlagy&`Ma-oyS|LvHEjOXzK7Ol?>}bruoI^@7Py`q
z|KaBop7`|Rv6`#s{hc*G*!<GYtxwByj@uIZ)xxI+tjRgznl&2+eO%lx>#_N_EdTY4
zFOD6%?XhQfT=vzh)<4cj?n@rMV?|APWbCOCvDKfyJ8Q!M*Q0losjH_v@w;bdR2{i~
z^yo|8Y&zqF;=%K#$?LLxe>?8}s`G0%9oH}M<cN+ZUhnV98umg_%beS9$bRCythL%_
zwZW?g-<KGD={-AEz4y~`NBy<q&Hml9+P2TSzTbCS9vv<pQ|4W;{)7A8JM!^Qu6@$8
zCMTFPV%VU;tyj!=KI@OJYYPUyI{xope7608CtRlu&)GP5`>T<~pMLpaUhy^SH~sIn
zUq?UdcjAhU7ms`8XYN^*?-zN0(mm~lU;gKW;qJ9xPRQPRZslEt?!Vmf-68i>-FsoK
zKmYlwI!Y4RKiNOHaKZbo=#Zz^6vlR)tvtNDsPV;3bFQme_m#iotuH+9xQ;%sCU4<i
zx&}{O^Su{*?KvCsUOnNdHT_QxZW(-A*2aZ1o+_xh)wN;N-0lx!FLsR&)`vQGd;4{~
zdz<UJooDAf`__Od@toSpclBQ~c<b>0u6224H!R5ca_z@I9k!+W4-E_AE7#>*`pWI=
zs<!2>9DHZNTDNP^zAYVhfA^`Qc0BwG*ZVt*>+<$AmweoRK&g7QeCy6v4h(;$wxH|U
zFSZ<i@~B<wbB635y)w4o!(WVh`i0QABeVmr4c__LaoPK~6em}oo;P*Hb9E(ZR#E=<
zFYqimF>Aw;&3Vh8%!<}+o_yxUWe>b`?XN%hqC2Z)e``_K>Bmg{!`-f&uHviDtR8i8
z{NzW*j6N#otM+|=`z-H?QNH$B56{gjIcd#|z%6$j(IV#!y6M>QI|uHKW_MTnx+l#2
z(o^L+sbXN!2S3{M#NHp?{N~AR{m-3Rcu%Zr)oCZcSv#aFCsKM>&P7`5Ksm9u@XVZ(
zmM*#TrJRCG)(`gIUR2!u(LVQ!n??+5AKta_z|>O)gpM3Nuw!ste&XzwO;7LMG<5z4
z+2yOU*Ebdii+8R4;s-yy`^JGgzkl?VImd7KX;s#Bb;S?7^>&T)Uq8EW>os@0{;X@{
z8K<9KF~^--|8n8pl3D$4EV-+2Se10v%Cqixbm3FW-rRgc|E>2FOgV6mdthzLtQWdp
z{O|D#AN={oJ=6QG+V|9)Kl!rvbl1Gw?TWq~UUf|5tM|`)e(7CrE?M(XVb|ruc8-2M
z?+t0k8#&uYow{@3-#`9ji=6K|dd&s<ju^6N>9CJnp;5nCH^!55_CwbnbAH{_@2suA
zan`goW3qEM<z78_Yw&+Yjj6u!<Y&*n;nS@n?in81^3bL4eNsB>ygbjy`yMa6XWgQP
z6My)-(O;IXIpS|w*Z$$k*~k3xoI5(Q7hV-BIJ2g{YQf^Mq5BSe=6Pmx!TPBsacRR%
z-npR*_7-_Y7vxu!&l%a3_5LfLZ(Ue1`^1B;tp7e@_>(^$xMtvUYvy(Rr7Q0TAJ%W1
z*4A~xL|@hmq1uDTH03S&ub(W<`pYF%Mc%9<e%<oq*mG~{@2|=!U+o=qYK3>*6+iuj
zXKb+kD0%HyR~D4K(*Nv}W;I=vbA8+M=g)lX*opaTfBT95z?tjv8j73u%d>v7<9C1e
zt$c35BOiWv)yc09m|U^6-!ZNcQ;YhKnL42;Sn$AUM~#1P_PE&I*FI{#^OwW79C`7I
z;=exj*^M8(Hg4*u*Pc_}7&EV7*`qbn4_;9CNw#+4giG)F{)$IkkDPG#dw<(Af6Bh6
zYiG&%m)`ey-m?>m*T%*#?mG2@zdm*IzWjBr{_gz;Dt${{-+bx^u9>m5C$-Ci=HAow
z!tlXcTr-X<KI6=hbGnPx*RJo_cYFQse7}-zpZCyDr+4l+=7`^Xaa`7q_TThBcRrc7
z?^pj({rvKQBVXSA(Yvo6TsCgR>Ip@)Q=fS$x9hh%uN(HW?CP)1u6SD-(7if7dQi>p
zmMnIkv-;P^t{AiHqlbTd|ApgSle-H>@2SW+!PPZr&#3dSymp*x$w>$D)+%|$W#23K
z;|F_RzU}GdliNmrdhxQm-`V_^&YwJg@_XfPuXLT$-8gvPm(%VaH#&b-e8X`?(o40H
z|NSFAI`XBBA3c1N`nTFMU;Q6-sx<6)*Z#fz+*QY1y5!GqR_(uHMAqzO!?sR5d(q!s
zzWnx|KHc`a+xoTL=50&PE;+LD-u0C`|8(60W8eHvcFAKU>kec+a>{`Z>;L=lN8NvZ
zDX{aAF*_E#nNziO!QCU~oVwNZ;<gp<yms4PfB9+uRoly5pTB+XmX5{^^B-F`F<kiE
zoA)03ivcelb@jsy&#b8Z?pLRceg4Da=iE>^Zs7Sl*N%TF>!ilzKfABxdj+#s-t}z5
zpAI}f>cl%=x$Gj>?nS?GEi71n>i$QruP#`1-EUm2>kI1kj34Qh|2Ss#>uneB`uw;v
zFYEXHNhe=;O2NiWxeK~;ul-`p$bf&){G4016*lh5sX7qfUbFhhGwW~2J?rOkmiNXy
z<zT<^s_dNpuF`!=|1{*xwcV~)?k-%p>AWvax%j?u1*3<D`|WWJ)mGm3PIUABA!kcj
z1xKIOuPT|fyX)u6a|i7mFlSFkp0|JDjRnt7nmqWP%Dr1hw=7y$vo-6yt;w33e6q{+
zySF9`ORhcAKX34^yi@lTgx5^E@sawZa>@L0mtErCP`PN``cwLSHDqftyJFSms`wk%
zR%Wlc^s!f?B~vauvTJ<Z`hxXU7pSL%8~0Uo-_uYzZoo?qH&4tSdind6*$*~u{(XDa
zp615+{kOS;M@e}ln{z(7q2TYoKSO&a>$OKBJBME}#Fcg0oo8RUBkQS2E>}U-J-bVa
z*3_Tta^*-<vi4_rzc_vPlN0xRc23Ez0eKq=F4)xY!8=PEH|M?EdDZ*vS6y9|`_ZK0
z`dzuBmV9SuLB~~_e5=N}+Nz3A+kevFYqPvnXEk~+ANu{{Tib?eJ1-r!_lid!IWAjL
zUfi~zsIl_AU*v`wb7R5&v!w!$+jT<T(95cFmu||9wdA^o4OAQZANi7$wWQzR!rVMp
z%ZYox%B>%}BFi=4@v#N<D;B;VEZFOgpT4_t@}_Ekg{!ox;G%-)pgpdiU0ZO*&c!8J
zL%ps!Cw6DMyR#Rry#CCM*MB^G)G=%NUo4%lX-QstclO{HvliCPn=#6DLRID4Z{=Mg
z4H&z#qF+@`?5+V7N4v7_Dp>ktV$||0Mva|#)X_IxQhL)vLr)yOKkIl`)}ZRrK`*x7
zu-7%>VAja)2`fLDSadLJ#GcC^{^a7ktp2}H3fJx#KDg_`<+&5D>bT{SeM?Sy>87}L
z%asdb_dOe4^H^2Z&WrN9h8(-MeCv-29>3?z6~1K;eK{pQb=Kxj7oD`LxFS?=)sF9c
zqRB6;3m=&bcWfIi?O5dAe8LgCa*z6IiJTa)tb1Ww?I*__wPVT+8wz8a68(n^y!GYV
zUY|VY-YH|V8?SlvzuYIwO}XpNO?-aatd3J3zaeMY_lp|k{$GSzf<FJTM;AXov~m7c
zziY(6hkml@f*bD0e)sZYk8NCAaeT>^yk%=PeK6#--@bg?fU{#~#;%R;$;lgdOK#O2
z=T;BMSu?%x>;(_Jb9{D{%OAUT+?ILklcCP;tn7W~`-Uznyd+C$x_wku|A9NZ@4hxK
z@XT!=tqi=d@woA^iL<8_U41a8^W%bhuf5`m&u=Zro>$Pl?5JIN^|5X9-}0=N`hEAy
zk~hB$Jv-J_DJ?$g!JPa}w<=4oS^n6>x8A+;z*Ex(P0Vh|Eqto$u5lla|Eg&DfE7Pz
z`~2uzuWO$ClVaEOQwsZCbJ?q3UYRqhAW_w?;NYa?dAII}dmpOq_me4w>#Dx*$;unJ
z|GJ{CJolY9-SWZlPwbkuW5mQoqg(}z6E`fn`>4viIcsvpO`DP3m8ZCJ##S{x_jyI<
z(-lLOWLGr~m>$~rvs;SR74-l02iyDY&AXs+z*z_TO)cm*en<An2eYRf?6+w2H815C
zb~Wa#-nf0p{M+v-DU7ah%{$mO?ZM!upC291sy+7OoB;>teQ^32wXZyo?d^Z_J@;R+
zskpxCZr69WPbqGn{NRAQZrQPR%hA!soPnF}FZf<TTzX)%H?O8*$cPIboI5`!U+Vvx
zu|-!@^&d0np#i({mQ}Qk`24fND|Qa(xBa1_!rYth$$Rk!1)lAMV6G=>9v=SjuzAvs
zqROg%m3hAXIk8O-S6$!_@6VZj$?&Ef10s6{1fLsl`lg(czwVfKT+z&u+?p!)!0xTf
z_T)708Ib#5KVJIyBjMK{iT?GG{~b}_n*I;H<63?k?SDoB{b9eO2mBYX_FC<KX#efA
z|9$g6|9to_vjEo-Jctnb#47-;2qoJ4U|uqSd4Wu39qEPTg<=PG5HFCxoFT}IUq?sr
z_X^sjht>SH5L}oeyB1-=*&n?GY-wP>{gcDAr~qqy_~<N&^ojiT;4Jt{FF{$V=`T{U
z7w8>dBP5G~aC>MlEMd799i%|7^y1ln3bYmWyYaAO`El&Xiv8h(zolCC_hACJz~6_4
z*iuV>ITV~0b}C3U3X$eLt>ia=$ijsCLjK92<FKSzi%cO{=vZd44-Nr(1=6>CfTP^2
z5g0HlUiRBciNjX+9$Cd3j<w5vB@qfpb@0idL#fQ=fB%~Tsic(5E@7Z5#)CcKsc7N=
z4+BTV44!Tr*U-ChWCO6uj2P!rs46EVR5gq^2jl=FFM*l_D@iA0@j+FIVJ%3qC7|+7
zD3%P<CbU!&phD!g#?=Tmg-BkljDv8HBSBrENr`rap;}-8RJ9efFw!^lh@cXD`$^DG
zJ~VIB1qn3A0eHyUm*IO8k|Jv>B^Le}R%6l%@@hH8&{GJz>snP=zK*?--vHI3S|vFM
zI3GAA@|Qsca$GZbl>mP)j3f#9C*hS`ZKF^OW%*~RNhu&l^%2PWoQ+{1MOE@v<3XHr
zJQ;;akOp#erKFO##PfwFiFP>w30RP4qOop05_u1Ks+H&lFcet|hFWQ^ixig0E^miV
z0RlQKPMM7f1`5RhH6=(XL-Ws+#7dZ@@oHRT4-Q+A1MTcn4?dG`eIaQMftvgeAR(*Y
z90HIE=mhA8$TJ2>>4@@y4DhY-ZuZ(v86X_kEGe`Kd9bdoS%MU7in#)xP&Aja{FZjb
zfC)BmA!PIWj3JX@8bt!q-izob<s~!Ez+bR9VJd0KtXt!XVkE4<%#x4;fLu>DqU5mi
z!^Y0fmo+T9I=QSue}%Y{xdIJsxf0Fck*bq%TohP7m@^p=bW>^5jiFORM}}Ulcg28!
z)MPw>WxN#5Is8e&Ke*M&UP+-MSs1c{ZAw{GNt81}YTS^5*xq=`&w(}w_W`?_j?z3#
zU4@5Mx*E@`nWQ4tEMzlh)8+|A=S-+5Z&qUE6DlfBInNxmYY+CZ09LIU)&B95%POTN
zB~0XuLi#o9chI&PxK9%*<#N4}7tOGFre0ZLlnzGzWZZ7oxGq9S*nzwZIl0J9y*aZa
z+GeFq*G)=<^i203jeia*{-j>I2C4^;Dba;S35bc>?79kx5`?}mE}O0q21A$Tq*JLi
z)CqNj;|dTb2r}DvEgB85-UWX*JIl}%Q7ZIrq-e2N^>j=ivcSah)01Iffyo)M0NVk<
z5Uip<iHpQ4KtR^k3L<&JD{%(U44K-4f9mo@?~Z7H3fVeDXftZ7DOfp~%biq8w}||Z
zwm))ibd-zN4*~tDIl-$8=$$jZkwSFBIw|<k(TkUs{2zN?0v}a%{U2N^8C#duR;*SZ
zBOx;|nPidx5(pR|Kok;8f~XMVWacFqnaqsyW)h;J*wSj1y4R)dw(i!YYPHtAiq`(L
zuEnitZR@_YTK8iA_ndRL_vXzcKoaf0nU98<_wK%&d+u4jXV!uBiQYUNn9mkQ)Sy8W
zF*#wu@U;%8BtS|9DwjHQa*MLXyHVj}eZqDhI}(mWOjy8-plNFuriC5HvN)(3E+pi2
z2ILN!7lZS<z;c9dg;pe62aL<9v@gtgW&{>y^#BVKIyg^Xk9=3vFiHcH2l2m+K6Zfg
z#4HOh3|rJnt&O26gKeXtZ**eA#I+C{nz5+B#6b@Gh0Ew<{AV`pN)jP;3Yu#njX=(k
zCpUbwlKn2(mWso8a4VPOKIIfe1?V6$Rkkexj0zpsA(#4EkO@f}OMz@|63GTH6qoYA
zodIVZBVmdA+-A>m7;bh(l{V4)Fd~_7o98@^K{=)A3p-R^mrCa^%stAJL;41zVVA)5
z6Y)ubGjcL3xMIQdumh$V+QODyRdAJGFbi^E6lI4dBX{Pu7=V1B;Fza$P%cGkfcP?U
zBghLyJ3=DEFFg1F-Qlbt=4~;x^_Nem)NDq~STF2?luf*Z3ogtSV%o&Q0M(I^r6}Vc
z*y))-Uc%8%XrW|D*k#9}^C-g3<}Nb|POntdU}R(|A(qkFA=`kZ6mCb>!h07DT^H*W
zoC*BAX9H#d4Ni7|CIG3v6zgCiR(CQRj{*<MsB%0UVZH9?w>RA(z{tVXvqeL5gxBG|
zU3_z6b9fJEU)dL`6z@U~DdNq~nW{yXF9y9@m3;))1o(9(<1rvUH-Khhe~sp3hnZ%>
z)L^EwRyZE(u_E350rFW-L?sZoF;}=k!B%KZ%6P|?u^=0>!d5aK7LnZe{nkE|h4m@K
zkQhto8C{4VJ4~|U<`uIHv3=Q25Vvun7_4d3*{GV#JZ;5{u>|ZS+)}_Fii6OCfvHP`
zG5;a~(f|lY?B24N-C@|JdA=yLBbGE4hph;^p`kB7G-6&j5sN2{)@&Ru^iYa69sFL8
zJOZ>9FScyq=Po~O%sRszX@Dk)b;UAlGqDi}b^z?LYz4eE=Fw{yzd-(?VhJ-9>`L~s
z64+rhzoD^y3GPAG^1PWMiPRC4es1HEBRKiWdnoYUR_9%vY;fHN)(A(#Dc}fs5mmuT
z*u=av>QvfPAdOLWr|jW3N*MWYG)lZ5JJDnMMTgBSTa+={`r=00hlmNVU^`>16>+vZ
zG_G_IJ!EG>;r$0SbR^RW*c-qpn7t5;jY|-KVGO5PrB*+9;)|7`RzkCxfB>KKO}6(S
zEcG0?;nEVbZ_c<3Y0Fk)IFol8GiIbK9qtUKvXL@?UW7H&YR+B2o~cb&m%*lHVi4#T
z(7nP&X!`Uiet630b07Rk5V{{o_gH&+8NtR~1T6#9-Tn+njj*&nM6gKkt!j0fjOE~0
zzVRCJz`|soiLx4~8g!7h9SLhd47n;1cPU#*3juTlgh|~=BDS!h&<B;@McE71I21*q
zWKfQCSmJd8+o$ou)O2XEWCW_%#hv(oO2Y@GCbB(@c4Bj2COg>~hFpJV63%KO9*UFT
z$sq=OD_e)QHP{!60%b-i8p!U9E)bT|QdQD4S|yg<mDh2M2z?(OBbv@n2x2_*QP`E1
zXf8OqDHKO|v?Dtf&m?OgNm*l4S<8~T#bvDv>l*iO+1G`5M{K&qpl5EfhxS|;S4*4`
zD|5Ui-x31OaNGhXWe^9Vq*BbVm>v=uqL9FXVSzEHgTliPikvlWlN3QO%4c__li5^z
zELt0?sP@i+XTS!<V^+o{cl**kqG``=mRt0J@JtzyY?eE;QW~Q_^c0MSHnqHBI%Bwv
zP*qJRR8v(s>JYt|pS<>8_RHHA)iHqmSH+Y{r~TKoYL<M|{%Zt2qxN5;_Fp3t<m)S9
z3Fa2di_F3{IfU1!McAlC*r-L=s72VQMcAlCn8VOmGXNXV+IZ9oY-pls*{!{Fb1$LI
z2H-;!0yECdOheoOIR<2bq#19C&ENrp8k&iKA%_(tshKcW`r&X{L8CQ^a(|Ya{Z%C&
z&aN09lE|llqfAREJC+iHZy5c_tducu(LJ6Apq-IeaIv@<bTM#|%Y_6he8~v;e8K2P
zqKGb&%Vq2caa?`CD}abdh7U3f2oIN`5ky^(Fe#%_h~GnFw;0%VQAJRw2HU3)KeOqC
zr4Z$0UYCONgdO6hM1$&|CHluf9hV0H02O9-px{p}qQ_J&=9XxMx!n)v?Yz`1P{nM0
zl2(mU^45rwV-|_!GD#>-4Gft0VL_^1Hi#K6JGN>-bH&ymgmejKx&uZu3G6fg_(rm6
zlgj`F$#m$WKv@JrV6zhhbx;8!(euL-#cCFufUqxkA~g5QW>Q&_8nUvvoue6Lbtb_m
zu!n6Bly(byJ;qkWKx{5;jkIN9YaY}VwNO}UUtVbeY-lue!uB!}CfTE)u_tMOWG-Hv
zW`oJniW0yEFJ_xWC<+yL9nf3eEmZ^oItGvw<XdP!0p&b0u91zO%gSd%(yf4Q^R8_o
zr-NDFc*XzkT;s-&F7kZKNlZU1DQeKfcm_hEg(r4pW{6gyJj5hD4=rK$Z4&Oxm}za$
zpe)!bIb~(SUD}q>`jzIe-$4FU8Rd>b@^*(7yQQym+Y*i0_XcbxZ9tW#LEljY*Y(h>
z>8J?`;Xy2EN=Peu@Jo3f=5kVvyero5v5t}PH`@ZZ`e=p(a`~!Nt9Vj>(2YbnmIWr+
zJPK-~o&yf9G&_N04&z$IDWZL?;uZ(RIJnJ;EYk4dh7LfRVG!8F05_e;urCDp-Zn6?
z;bp0Pn9*z(xTQ3w7*vaR#kHBX^NUEeBqV$QF&&NT3|<zsQ!6T*P-Kd@5c{T}3|v*k
z$PZ&GMOoC<f@P77x!CQtvM{sZi)C~Y2%;Qnb~u7jF7zzymeL27m%_dQ0<w@E4=p_W
z+Hz?D#WdT`D3(PHBA&n<pgd&@t45Jnl#f~nUMxnGz>B3up8Wtd7#ODUH>iWn7;-&C
zXAp(w!oEm<1it4c+p_h{?=G~O`Tb>+nBYh}X%(V5yow;EGkgQA;JJ{>(oBhYZlfjK
z3%!rW$(ApcFkEY)@x(V`38QU2TLEC7$JO#3CafY{9=@!VMKb|h{a~bvN&JK2=hQ(3
zCjdXrMeGy|F@bHbgGGfZR4`@e3-^nrv3pz=S7sR3YX<K@1r3(M(I^h2XqR`E^NBQ2
z5@(jpikxmkn|Hdfp&i6LYcr5%j$4s$>FbU~x{dB+JeoV*ILBLd)XC=Xqb?R5^ywzo
z9B^9#K3-6|sK#QEuM)LbgpM-Pn>oD7*`i>7(Dr%Y-YjCtEN=Fi#(<5R(<@p>g?bj|
zTqv1>XtM|GKW7PI8ZJA?3CK(h3@kuehQ;+j*p9Bkx6y>~PAfP*EY-k7MzVL1dQdZn
z)**Qk7ie=bWhMsEXh=3-tD9INH_9k_gBCv8l_3AV91ORG(iffGlJv|@=g5EyY_SwE
z<QDNjV|m&%1t%`G1jFV+6dCy=15r1kSco9P=-KF@{$SY1p~ViQK};<qgZ&!7T`>^<
zhKC&Yvr+Q}V<0y$=eiTlt?LN-vMCo~UUD>+9!!Vy^o9?vi33trFi^CUOHiaF(RYMm
zL?qMw+*Hj@nV@)$Hs#8+U{k6h2FnWluiFOMMc8N`R5_j72klcH+Q+D@s)3jZ(?{)t
z@_Y)||0rSo7S=HU{(EJ0MWxgJClngRe;<+0sQu5V{m=gZ{?n+{&#2YUsMXJ?)z7Ha
z&#2YUC=S$!TL4L`C~op2@7F_N_ajSnn*BInYHGmNK!*ha*WQjKNFgF@_xEsgCKTqR
z!RgME%BE8&#|P7(4htOQz#A$7agD7EiXcHhM_y;?WItoNKo8A|UC_9+EFN2F8mzG?
z#+r6!ydGWSBH^MSJ}b!ISRL*lJs<=kbQ;0ATIErYM8r@iPlFCJHKPSn;Yt%-4jK&^
zh~<m}L`oNji>hm#U5PAKCNh?HrNk+_V96r%PSQZ6K#dbiAcR#4!XZbvw%y=>M}xy2
za&xscR+?rC)vhp#X^;*O`cWLO^5l<A-Rdyo$-ba;<$^?3Dwd83pI<QuBpGJ&35svX
zh)aYE=Xjsc<vY=D@agx2Gh)hd$dcI%c$NcG3j!@`CCf|VXhcfkHeM+F5tVU8dz2I-
z0^W)>3vIuI&=O4?vX()d6bP5eat&(&X?Kc^SBh<G457^j#KVT4bq&2u`*1x9gEG!W
zqXA0>91|m1>8xxYDRECwFeuUy8|F}VYR&JMy{S&w!8|_HtUn%h7RP!8@DiW7sNBfX
z42~3mY{QGeFebvd%m4{cRT+qZunzmeQe9tSrV&7d>V>gmz3WN?_6i_^!NOpR2kv%V
zW&r0J76oGyKzNMK`vgk{b$W1_v0`kXSYgXbMq+4BWE+0c(2=vIw}t2M`U8aT#wZV$
z@`_h--Dxx=psfz^8pCN*4JfXLF#*xDhb_ARwle_O9<fgN*Tin&mbJh{M*0^A3=C_I
zqaJ{MlqW$>ACE%`j8u8}mJ+QC&`yWI^lU&ge27rw-Pg?lm1Iv)Sf5U?DoLpwO)_eQ
zHKN}nS9Fqw1-cdi0WH$Z8rzx;cO-kYZD8<iKs1L{l2Vf^c1SmZikQM46zt4E6YHT~
z!9Kz0#cci=@rMY?q#SqjR@*uY>y4JC`K`<9n(K{*7Gp_s(}4~1>gO5Wx)%1^8!(nN
zv@UE~+G?;A&2^2f2OCZEjk?Bzjr|)M=LJ0V2Q6u?Z)q`_nvI6VOBOZM&kGn0jdK?*
zo!8K~z?j4GH8!;xiy9U;w6a25n+&Ls7u8VD^3C@wu5X^Zko~Ni)3B(a_27UpzoE4e
z%AC&%tuvO?HMcg*UAm~Q*;ul)c}Y`CJ*$46r?IKAp>cjQtEGN%ePb&-B^p^(M*V^8
zhtaaIZqXvFs%|N3eKWRiZqt&3n;RA^Y&8}(Et*%~+~S#2&stVDXHh*>#X2>2QC-90
zfHALbaovJ?%+<t7X~tx{b;}mk<0DpIU8ARNZfiqRBaF%1rpDH0_A|hG+1x6#E^BD1
z4;XdL4J|Mr^P8Jk@i3e$2aH*xhvjRmr&3_34cm;cB=CD_OTB8#y!yIDtgIGj0ej#P
ziPfY|OmtYO86+4UhF_yHdtI=M5_=HSk4o&nq)%S?zjkTg(mD#u|EE+}SA?ALAEu4Q
ze;t|6sQiCa{y*yfJE{rzFVzI_btq*21Nz#HDgZ_m0HX?kQ3b%L0^t8k7vPx+UKMFO
zlx(N(5^jvI)IkBG5(pvLR0Eb~89MuM-X_uIiH8$iS;P-77)~N+%mHmfDx0<;nhi|a
z(cNN`D7xWWw8T%|L=;qkM7PxGpr_7IHGo78aGz1?74PR>myGl3VpN{Q*AdM$mk{d&
z^#eD&FovRl9#W(SZm}4X!aQ;}15;ViMzVoqh4ezT;1c8M38z<PQwA{Ah7WEW0plQW
zv&%&M1W1i7F?%||`4R&>0J0)^0wL0(l`>Ij1IVu+TLw1`M1h4-P~g^b6nJB;Y&=8o
zv(zkVzJzV}@WxB|kTx|~f`Y?`ddwrp3qu6!$Z`oPyCEc#WJ#P5uFE~1j<6Mr5V)h6
zLQhsMxP|)!V}aNXwipqzl=-pV+Muzl8wLhqOQ;qggdUA7G+f4{$QO)+u=WDlg0MWY
z9CjwM4rLq*n_{Do!#u1o4*m=>Yct)0tp$YxW5(F7V~aiD=|Isn>O};YF6b9xoftKw
zmp$xBW)rBZ!Ppt#Bc-gb)!^3&sWAE2XZn%`V??@>(jOOd_W;a#Kuj}0ZN|X+f0-j-
zibsR<!+Qu~8ycN)bCm>O1`Q3W2sN#aSW%{hs~T_%!ybuGtlfE_JD6Eg3fWp1d0e$3
z90F`4)~Q$;6;YNBojgdgke3!nbxHNCx^$#FmN9Ww7%i-})55U!7L`CT7&sJ@!$`-&
z{b=!y3b<q+oAEddAZ;2x9A?zhK|V+=6xaoz(S3!E3BOPi8r`w3Zmm#{R;a-X<qd^G
z*$Ok`ok0V^*SWg~&VFY&V(Q*-NS%mo%MdK89N~kmJ9X>&E*Tfb5zj^jpz+X@qDEPd
zm9m*pV&rIOQDQu@L9m3d!~b1zV_F?kXW520%jqH`gAz#}9VRkJ8sYQ;zSaX5@0<`o
z0*jOO4nOSdfr~8e0|&ktputnS$iqSH@kr7w13D<Bs6qv(sn#5wVx1;BGZLH8Os*jY
zJSHc{+zlp9Axk)tSTeK`VAg`*Db>x|<P(99^e`Jj)y@tLw#$+T9Pa0b7%vR*&cj+0
z`0-6Wi)5`#vIoIS_;%uld=K<co1=72R|FWX49lYQa~33q^#nMu88c<cE#u+k)QHhb
zYS{F3Q6QC_VRoJo)Cx?bm1P@^;sUuIu@0d1dUWM6H4l4t*pvX_x(GG87zerT$^U}!
z9oT+HB@{WvhysXw8esUl;>nJ1+%kNkwYl+R{H}py^2CvWN>DbY_rnRa@6&vdFyIV~
z%Yyn=^2TwLHWv}^Ir|}N*St&ej$+#E0?1*2{07fnustEKUU`=)m>H)V6!lc2bZ+56
z9109TfkvQLXyI1y4tInjD+SM)Ovk!nz(&Y!3yAw<oNvl{&@1ybQE2%f%LaQ$ZXo>(
z;dkFG+d>d*Ez_R@mJUzxJ_X}XJ(9KA#ulbBUq`_ZAeoMWLt2tYGSJ6bcTp3U@StZI
zjXU7c+m<?clc$mvokOfdNrut?NW>vAz;ekWT%6c-gYCT@0ZNcc$9jPy6viTAe943f
zOj-IMeh?sSpu@4^Px1=A0&rd-$#XWzqXnm9EK)Cb%%eMq1Tseq>NsN~1K4t7@qu&8
zIzdF$mrSozRHZ515zDy78nesu=+dam^qiMQqJCCh<EB_b2Qn`|CQTMI<*8V_vYgFg
zimipvlwc~_=@xQD3$+p;WOH<0WV5H78%2}Ns5j_A(bwREE%9hCx$;OpCG0Y-MFfjD
zXG_eifm&CC%{NXPwTD2`*>xLOTCi4vID)W<!!j0vP6XU0Lo5@*v$9q0oChc_3H$(F
z&Dkc1yE#S%gez#CO^#flga(sa4-J0e!WUGWRXMw!`=0`xU^K$R=7xvtU<`z`$I9^N
zSxXR%1`+?05Zcj%i(-r>FPma#aa34`Ns}H}^nGcfRA|<fk5u(@@N%F$VR79vJ(B*>
z9WG~dES*u~U`fQ3aI>jcM#GVz$|uZiYMd|XwO5eio9dxT3<>WptoHD#i|7`x{MpEh
z0pg(V2AVEt*y;`oHq~szvk;*xEds8{H%fMj2v(uI7`Ip^TtKpr^C$U2MhFHbAEU3J
zq&f}BU6GrpM4V^r5RhO#`H~~TnHUI3fsR|A#}WL+`Pv!&#RpeS#JkTc+y&kQBi6as
zkn`SI1)gsO3#UV@Q1P}D&I(|hwQUP5FXrNs2|1b^o~J<Y3}mek*{=oAXYx$Am^AG?
z#*By;U;%%Cc6fuCJw|kT!mBW<Y);f3`9|w+ZYUJj0&&j~yiabK;-yyXfCB>t#&}U-
za|zfc@O{3LuNNF9SldXsY^0TJa^(d>T|Wo4<n6xl&J}NWoFDw)<)V@}OLjn%I0mp4
zrBbS!C=n#i)(%7f!-&5X*nksmg#ZbVD?%xhz?m?T5diiPrwY$z6PD>7;y~0B82l&}
z$;QJxj7d_P&Iq4Qd$Y69O^T1KuH5K?&JK(ghvZ67Uc3VWx24Kb05>_L7-fgZF2dzY
zKZcfwkY_T)i6)((kgVb;V%$Uyzb-Cc9_P(R48O)T$1;f9Y4&6(Y#0g(fPdCl41ThD
zP%@VUc@G8ZSZT_uZ3=|0gfhg(g>g~t3)1kZZ+=fPPZUkE>%Py+yW{nH%tX`=rKe4G
zHe&!AG38QXg-|MC&ULA4sRmPE32xmVkZeLUS-A0B;OVu)CU`xCU=+ONnVwX+H*d#X
z;6nVKJew;gHNLeE3EY|*lNo+#Lc*_ue;I?I3myS|B|x@-S9C`np&J{mvko&7CahN-
zTuDxeb~5C<(8IZ#dq)~fXgs_i<V4C5>=ajnP&IxJ!4q-OQ9omGRY;_0R$fSRKvD9s
z%DBI<?U+ioTN8%43Btkvji>haG9YNAwBcf&o^Zdw&XqSyV3RTY4!vd_2zYSy;w1=u
zV1SYuY}2s*fC5|1ypQ^wi*$u6#Dn{&gWbv#36AbUvA=0&;X;ygN%DBwNB&{oGuRhX
z+`VfJH(KF<+mX))yM;_p8)(}I$T`H+vg}ByoQsFsg#FSFSA9FzkE5sQRy^HF6a<Mw
ziUP>fRmpw@(GZs%+t!Yi?1AuAF_1sdec3YP4OrA78mXFwl4RZl9>`3*LzNVHF7X&o
zTJuY-+`{mfP{Ik^YuaiYfSSgWAQWO%w6h^>2gI3L<0wz@a&I}i3<H*5IUvN8d)wG^
zZ@KU_qlYX<xi{ch%?l9%gIe)zaOaF{0n4bhW4Tx&xb)k5*`qd3F*}POB{(Q~ii>$Y
zL1+!-4hBohX9Ha*W#4A7KY9{RF)T3q`DFv^6Y4CW3pSOOyx-fDtN@|}(pmDE;Rckj
zZP7wq>Vo<5LQ7EC(Ri=)gxQ!tAw)2}>2RMHRi2On)z(}D&dP%@Z6;str2Mwu=RD#*
z2a1@q#0u7^rc*zwcZ193xg3Gxf$OXbV3H>+`_0zVs^L|Jd559d;wr4E$^*tS_%pYq
zg_Pz(=D<}Qc+QdFij#bHP{1BV{81@mB#TQE6}SYB8DImSwlatg%g+ms5a<qQR@JS{
zs)U**VJnFvS<3zlY;GmKIh9PDVdL^3JY8%T4wNZyy>ZxDX$6E}(37_p><@LoaS>22
z^xH)y=@Fxc>P$?)<Hw>2wd|x#Z|k%O%ee_UZh$&auPD(Y?J<0;IuYtLma(0>^Oepp
zkkceOFQYMw-Q@cP^9W_K-gp<9Y}pvglIeJKyjO_16jZj9^DC{8T6lwEk=20uBtyu$
z?OVRwgP_UmHQ*h4bOdE~KZ2iV4-UVzMj}YEeBrTSCgU%#%GS!D>#L)X@t94$qGDuD
zDwH>@t<Ax!>#|w|RaM+6Ij#xit&TYD?F7RGFA|R$y!v@S2G~V|D-2ZBxQDgtA_c|F
zkiZeRJ;N)*0edt)5vU}~*JFl-s07NUdj+G;YC%Lq^HqIx7RLKM959)SSHQ427NPZo
zKy)f(rcMAm049%hoHM8tRg&E?J$Sv<SF@n;mW{!+ak48DaBrmR9Ef*7gFsBT#YhSx
zPf_lkn+l`VkK&-o9EVgP2@|e?z-wk~bk@sFw`eMCTKxnu3uxaX=8)@G@h%%6&H!ga
z=yvIZ0yDI@ZWJR;I0I7Y&r&fC#7yv0B?S#irZ;&D8HUHhj&SxSC{5F9YmHJf(FMMq
zrF5_xVDMt%amC*0E5FoZ#x2vW1kkQ$yBL3Ox)#zD7mmKh;%p+C<Rv*$Ezc%s{zTDj
zrO1=&JHJ%l_odLIoR@q<m)a;sse>vo-b7T*SQR^AaOAX+372<b>$_H{=!8p++Dn%z
z^OS2NFr^Oql5im<nh=K04^%2@Gl<t@1<@V_ZkO#BqymuEmJY+e^4-J5b(+l}7(=>S
zB<eR<VfG*%k+P4G0hBipo-2_J;K({-W<2Wg^~S;|PW8i{mU?tB3l>*&&<7%O&UP^-
zUr^ubmxu)6Y$gdL0}bmuQ4_k$m4K>kVD+ObOu!ru=xJY!-Tsr@fj+OPpR3+VGrtmy
zEjPiEY^~D(64_cAvL5f&MCGs<9j<1J9w&4>H%g*N7`aB5B6MxiB-eUgB&Nao$&d<f
z+wo*_B{D3!L8U>KnF7gxe5cXq5G^oc3E{Ghq`wXYnxqK?3rvyOZiES=iT>w`dGOfA
zA)xWo8Y;fMZyH@zR+x4^+Yo$qDwoX$acw`AEsnCZhwxiTH5Zl^ym<5~k&ilKb0R0`
zVE#eRQjW=Ow-Ln^Pd1d63?5C>M@6vLoO!gZWxc;Gu|z~P1xF_b(w$q93VoO@%77&<
z{GPDBsd3fe_-TmwJd^|Ju0%()rnJ({JsL*MTwJYiZRQK<*i=}H*<h}QG^?8(5JZG#
zYhf<(s2P?>qbj+oEJ>~$#VK}4EG@k9Neq5&gv=%vuFIMPLo7}XI~_+GRkU0M(nW2N
z9Vu~ETcSt&kO8Lo2p0<GZXcXlESFu}(!xA{sD{W{rU?-M1lwg2wIP7(p&20eo(yJ~
zG`$8$eiaML@08F$&btDi7*3_kaM~VF2q(rMBMXme1L<0L$|JI@aBl0Wb}vg>#)%lq
zjtU&06v8IVgYXftOxCso#mGSL8MLs4vkxzYY-iKYR5+G~4JNk?V}^uuK^U#sV!=rJ
zcRUTdV<wM{gDgBPZLR|Fpbu*}4%Aa^b=tp%vd*+jz}b+jL{do9xE@BBe8@`ySR^ny
zDp*`ee+Quz$+^(M(*AE`S7#4+CFN^f7FHr2Zp!5pzH$aKZ*haWrP^3X5qQYX+Rzhz
zp#cP(c)w;-uifmzxW4f+q)u)zK<q{n1CVsI8jYeQADGOby&5oY5nQ;iKjA=STQDAr
z#4;XI?}1|iN7hDmO4uzcko7RzgJHT0a``+O538_85b%U3gK$RS@(~a2eT$5~xxz$=
zL@X=YL;DTf0PND}E;F-$kGqga1A|ORTto(uf1}jOP*K-+TEcLw@CMPMQOP=eezqD&
zge#_>Js8ZUDYR`2V-q&cfLn)3%Sq|BeE=OFRPi)Ds!I;dL`I{&iuR;Upgy1ySCByY
z2o2H}xWuH{RRI*GFiBq9^mzSjaJ9WW7+I6piTVU>-tJaAcYrcCV~Y!61#V!r`|#u;
z8&73#g{l<IeS&Rtt`Za82tX-<AkvCiBq+jAGqClfy}5<*Mjkc@t^Ifms91(%D$;Zl
z(xSng)y)ObEJ=?%EOX>7I)5ruEwn*}bcJ17QiE5<!`0dgLzczy^7>J#AH$YnEY27l
z#+DD-=?8EsSkBJ8@fhX}1|d^0h|kLTLsG9fbCk>K^a%pOrk&5&6V?Q|<b?t8zy~T7
zPi$6+QMgM+32}z1Cw%E)dbQ%{ohTD-I3-jW?~J>4N5B7*Uqr4JyQY9<JlD!oSa>pS
z13boflnuC#M1&OwT3*?O6<o{YksyzF1Jayz3?JCfv$rU02pWxW?Sl|r{0`2O0+q+)
zNrE^OvGd@HtH~3z8@q6tk`W=@JE|{paZ$v3Gltw^-E%2jDeuD;4<TV;h)WdW^025L
zP2xgwhD5ff0}kz2MwWygg6I|s#=99&n)2jw8d<_(<(Ex7ZNVeVToo}X=AODH@Mg#s
z<7%c3BR7r8Bu@mCG2D`g8=@N76cA`Dpp|9kdPRsHc}wjEot#iPp!i4~t!{TssD>i@
zxn7fm6a!Z>j4(w6<jykE5j5{@O&Qh|E*?z;V^DAgeOd|@SfDT!d<2UnGe<GX?13<C
zL3}$AcaVe_(#V*NWtu!(Vs6%GiKvx(@q!BIWQmYY4XLqdsj0Ta+=6W1BPAw1B)Eb|
zcnPskG>Am0N5X52T*Dri4zAtph6`OnTEEdU>O_0zIKQLdX@o`ffHD@YGjuS`Kp7X~
zGx1ufHIVDB(mjSxDsmagNt<aut1ya7otxZvc-T+N(b(Lmkun&m;p++acPRN0biI$*
z=dcHBMf-DpR>K?Kxg)ZumBD?<=u;h=Dt^L>&BbU8?qM{rPhdE}Rj{LRpYT#hvl|oo
zlZ=pg(Q1jhiZY$J5J1PB*bstBE3%O32E<IIb49}t%q2>KW^kA%yK|tlpekV2ibc8G
z2s_^D_Q6ptXb;L9RD&QPdjh&p+tq=jt++jGhL_!8%Y%1*TsmpE4&ec=mk5dYxg-uE
zC3CVe;Gm@Bw;sxh+*cYnWO7Bt+ZWm|%c^-?G2!lx<>*R1ygK2smfp@<rx0Zmw`q;;
ztQG{%8WWtRWIV0SoE0(@$TKPQGT)r2MgkRynh|V#A4+ww*>a!RMgoA1i68WIxXFgu
z<+FngsRgH=kX2yxDR#f)PF-o44Tia_hn=jRa5M_iAj2nX?Ka~nI8&XjHLQn>Zml#k
zaD`wK!J3pXGv(-d-GVPrS<h-2qzf%8hPADW%`X+Qh<;!xnzyfilP3wsjTP;f9`RV8
zn3$#b7XWXCYnIgdiUEdR2&Dtfi5OG6qEwg=OPLa(0ssk=S2;--vI%LAf@QK>|6J~=
z;r3cA1GUK#QF3+!65mDqCU-~DwcjGS-PTLP0pK^Gt|YtQ@UuX27#?<tlAkM#*kJ6v
zVqk2g;^P8bn9#{L*Dr2rt#7ZJH?P^tQ>$jQ_kd6jwg|Tp3r(*KhNkWltO!<Cpp952
zoiziFH`DUHsnYWZGcvjHVBs4+%kL@9F<%r|GU^py^HxtL#h#Xx8On2&Pl>QJ>#^YW
zf7EJEF)@F1R<Xm->H?T!I@VaVek`UHjSAW95Uw&7*jzuqzPY{`RDT5v(aaoeLktXm
zJ1@iw^|+Mbp0lOC`M~<-_Qtx!_3V=8DK5^FY;JSIl2%Ga-2g9c#kRZF2%vmk-IkLN
zGIS!KnR{A(!zDL+iiUNC$0KP$m_*a(&(mv_GM37d#LJ<FYP<s#QDE@rHZ|?vQ11mQ
z=tTr|f;HlEJ|B0bB@Z{7-G(HiWtG8-jw-RL2nnApENvkMMFDK96bls>TY3^xy4LV=
z2?8=P-hi>1?T})Spuo1k&XMH>?_BAMM5&)8S&i*%k*Ybz5@%<Nvni+ugm$3fnpF%B
z%=ErJ{Xqi7hf~4}wWlK~Y?<2iE{U}6!WV23h!<j=Zq#CVEY-$sHd(Xhi3E(o5z)+m
z8y|45HJr3_YRIj=v^A-p+`1hp8y&ye4&n&O|9oKD=bBBeU-eemx1c#|G0_)VguyO0
z)ojb?KWG)NNU+&P2~0;CWESkVA0B7$F~Ty_U%esNY3dSgHWX{ZkS?{{M-yaO6x5NO
zXW?{IfgzDvS27r2BM1fIsEhd-#JF1p20}F&``I0We%9H%g&40&Qo;})1ADes<)esx
zi!qBwmZp=FF}jdJof9-D4kPkbwLhQ$jp>5Ua%N0mS_t=bun4or$b)c^JhqW31<QY0
z+bHGWR$Ix8y!-`}8CohChczwsXiQw+c?*y`AWvVdnL6jFSIeghNK%%YR|>d)koyQ1
zdIxKP%pyoolohBI%Vh1Ml>c@7Z_QYU;J>Fy`0vU}qoT5=B2-ho&nW!&$b9nRf7@>n
zTU1A3{O{^1)m2lS@jt7pt48s^0AxU$zenOTivK-||2>NTJ&OPRUyA=d8VU4&76_b^
zAPx6>K=k)f@b6LZ?=1lT9!3BD>Y{(!6_|2oL*a6F3za2*kc)T{bznE3$%sU65~4*4
z5{h`3MzT}cwhJwQTvlGq0zpGJgC<M2Qs}(R*qh5`Z0QUi@TnLi55D*dTYHndk_@{A
z>k8S($eNcZ6<j1F;fiHYd9aicD2G*uS%Wh>Al4#0LJ0G4x+|-okhvj>P%ctk+{?()
zePQ9v49ymt_s2c4OWn=fniF*83hKsgI$>V|1x8p5E&UsyAsFP)qH#7O5R_M7zzK03
zcm0I%XDy{+R|q3yAgP=U-KQym7UJ-3Q8L2M6>a*sF#$~y_<l$<-10uNql^RJqOwiF
z_t;hQ6eW>DoNm(m+B~1dq@l?S*O*ZPeWGz}wH%-b#AgFeuFJ&gUfFpkR~M2FW=^$*
z2lgZh<<4sOoHJBo$g3YtihnbgC~(K1TP@HJk;L$^Gco}4Vr^=705~HFS_FWeqtY}@
zC~bc@cf(QXln-TT)@PuPLz5C}8Z<&$vQa4jUB}AM#zC5T$+g7B5%aK)NSIu{c%XV+
zN-TY+u_)1M+&we6YdX3sfXvvJ(<m$!Y>ZMAT7VjlMUf2*sh`n=3@syRr@{iRHTX)E
zctXO|#ssc}4hZScA^;hn`G|?5Y{n%p4&}oZc*Uf0b|<L4BZ!=VmJzqX%E8OzyeLP^
z%;866Tx|YM1FmpC0=WW$+!K?+6^~9q3iaxd1dMfFS}dvf$vxo=_pjURld@-}fI(s7
zRbY$Q(iuKLAQ@nb%oT8!2^rNJ=TMXK+qVYQ2PF$jncSID{)(t2(8?`H1A11nRzt}J
zd&twURYrQu<wOeF2H#QW1{R^Y_F+U5l%b(%44*xIG-E}=)d315+aok7vu!M-m-4)D
z*^b;LOg~b1fy#Xh36NzodDAG+fWtk|D3f(kzVSt68@IC?EODj9!N&@-I!L1Mzjb2`
zh<e2P0BM6yMgVM`ghvctZ>&@?1E4~ur?F%ZmA4Y{4wQVfU(tfFFUAT$_hp(w?zV^c
zSq1<ilQj_<^2;Cw+}L@r1jugijknl5F3-xxz@5?vZ)BBDiY7!*X%6%S=aRT;8Y0-X
z279=L)Q0T$;;BMB1y5r5gdOn!tEFC<_Uqux+=bd<j}=b^`3oKFr6Wrd=<Xh@xq@r1
zi4e5{tg$waDFKOJOawJ>9S7D@o@kJ}W-d=1Hf$DDd=F7vCED`nOim`_V!cRYO__#`
zLpq$W;?ic=j_J9#e49JM@|6=pmMZ2pxV$0>ID)xI6E0dPH?*oB3q%WcogAp<D{3V(
z0~#8H=7`FuH~l=I1JTA#%^I4I9QmW5<2_e!yUepTdil6$wFnDLvvBqw?1EpSEka9k
z7grbuK50_V9p$7&KAja3Fjy^k?#}9P{Z~AuibiE9ihwq}j&-3{w)<*!AjN`zzr6Bu
z0D{fjQ<j+_L3&Sepdq&<HGCb(WZVoV1{n8NYzg>d0%`2zt`nLlAJOF*iDc;r^whwm
z8;=vxf#CUVp3chAISVFCXxpO9sFm9^`CZ6R2Gl6<e}@j}FD3MiC4;P_@&mnULp_gU
zIUsK?r3`6#qulICVdo}nlmTairz4A;LF|Khnt`)^G3MvA-2ZqDmwv8xXLGuQ>C=Go
zCHZdd<eIcwQQO5j8etMG7i@zsEIkW0Z}@a7TVV8LvO%5|ODzqWz-2Akftom_cDM;8
zC7y%wlkb*bSz7tz4GgQc94)NHnzl6WEfUw{<Mv#MuQ)%%Tqw#f+EeI0rwRA*LYE`p
zm)AMR8{sIY8zoVU2F;^~47+SdENF9;E6d&6VYLVK>A@R}UR~$FBiMnNG<W564VY!7
zd7vx@w?-~{VeT?Ryr1M4H<6X&P?nvAxfm_g0L0bi6($^nvV<H<r38&8G+PGFE1m3d
zoIAWGe#vubgLbjx@!ASdEn8s&bk0_A-p;{E5oh--x*z80AYNm{j2jrXfm{~F7O}X`
z+!ih-$&pcimejQ_Y;SF@YiwCm*IGYM?z%yY5Mb*LJVGqhz$2s(WxpcR-#e(z^$x0Y
z9DsI6I@z1Qm%W?Q&A~16-c4NRqQ`~SyZ!Da7Woh_?1skqO@ms}jym!Wh%KSvW8VhB
zuH-+tgiEoI?z#4iUrFc)7WVr>?w{6}4jwC0;sro~@(>YGU(!67(O}0L6plfTIqv8`
zH*U&1tOHBlc#477mVP#j)DqI%Pwb1xO-i#VE}fjQaQJR&0vrh<oHhvnMSvg!rUUtJ
zp_GsNnDV$`B9^CSkWD=AW(#dJ*S35!sGJIhTEOS<ecS9yh{LZn|JJspq`Sy~y~z~v
ze6@Lqs%wHna-oYaQDBkZLzaB1(Kj=Vun(Nq#<wJh<fiuuRF)T{Kv|s;lr$hL6<#{V
zL&RhRNB~3^w7JS^a&8s)ddntBy15QCN4f*YrcaS@m>rrK(l1PE+42_hAiA3)_Ely-
z+AXC+n*M0+;f5}@<q1VdQW0YyD%A_<lwps=wuw~1C5lhJ3CoR`Fo-D=w|h+r=*yWK
zKVN_%?u0~EknZ4Ep6$p`5i~b*q2>lgD$w!VSOLS(Z%slyG#z*Cv@-x&fnM8^8a{JX
zhMX>ktnZp2o<}Sov~1#%%rv^UN)S>}3VUEzmkIn*d$bHd*>G^)(Ij=r!F7wr4&-=U
z-y)*DLwUa3cm&vZzdd@}-kO@kO*P^atGjA=WL+tHRhu#QZn5d|O@2<=O|z<+t70HB
z!pzsL?KDLhljUF_1duD2onrl1CW;i)y2nW`Xt5PTvz;Cly%}Ihq*ir?Iu5a+QC%j8
zATM|x^X4nDJ4$WIAO~T6M1fKe&vPSAo9dP*z{n;t$t<Wa2BU^>r&{hY01Ho}E%lc$
zkz6{f>)W<yGHLc~6S_r{Ni<fU(7{ZmU5Ti*%*C)pDv(_Cmtl9g=%7|ZP5{FK%$Amr
z@%QZSV3{q5tk{$75$wGRhG_T%E|XscHX>jup;lE)7u}A*TQ-?RU`oC*VNyg57{%Ve
zFpdV*1Cs>SLQV;a9tqMd24t9y2A$a>ATB_l#lp<aPT+%Mot*8ZvsZ<t)YW75$iieP
z2vM80GXa!d5GNuAadj;>BaA^Z&sv1b!jnnEv`I6WXRK+MbEg-tu7Ld}r`e5(R^!UX
zbnrteNO0a^-Q*#4W4xuYJPan-&6wO^UblI7UgZ-Jt{ic@#cSaZ8CwQLa*I!ba^(Ki
zec}F1y`Jl~Z-rzms1ngqGlGuM>k6*{n0nUOGRi1OH)AvfL>B^sacv>VPiPS!Q6=1B
zD2ofdoQ6>_4xJcHM_~+>YgUoE!2n5o3h06)te&u;6840WJQEB>p`Bz}k#K5IBZ&zI
zDe-U{#qc0iU3y12_(Gu$5P%4(ga^?JEw$kTd$Ir)GdM%-x~Pj7$7Y2rqZUB<0y$0E
zC1_GhER&n5xfs9_vLT0Hq|(B1w!otOgat;;4UlkyC`7I~i9j|)v8y~;Fx&!b7_T-Y
zi5S<i3(H&A)Rj``+JtM=0UgJ#LKs0v76ia0BKRX)1L1T!++PNfq-aU-SArkmt97$Z
zgcSJ7qNU#;R)I=v`0$@W89^_BT!vcKQHeMKyI2My<S0~XX0Zl+-bE-a?XC)RfsqBh
zaCsgCje1}hDCmeXg~+unM#T4+B@z5o7>#^OZ1cuCn;10J5J@+YZtwsrn@%|RAlV6r
z+kvOtyPyxk#Vhx;8|0}3k#-9V2L<8<PHzyF#P!0WAk19_T+Ev^1%e+Ki5M6n#H@@J
zG;+p-Z&KpW6+@|lLK|F;Ix~}*m59Y>ma~63LK!8`feefZ$^;Q#c@P-UfPB|#O{S24
znD}-WuAvGV&EXh@tl&Muv7?KPkTWMF0;rWm(8Yj6d>_nk<{bbCXIaQ#81NT;!C-LE
ziZvk98j<JFbON$i*+zr6Hd#f-+@WSATb+u>G6ShcMVdib#mjZbZlQwzlZrsE)DC;`
zBI!lz3M7v*0JziS$Yw8}cXxBIOWfKyo|m+-<sB(kvYQ){J<QF)Y`N@G(VR%ou6Z0n
zMduT@TrT3MoJaZdIV2!158d)Q913ke-O>~JgTL-?#m-j(#N1Ri#@@!a^TWjNnoDZy
z6!xS`Dt=yx!>CY+qSN_%t2>M7Q9E-}N_mDfdX1-CE46X4HYT-DQytzcwx90lrFL3=
zbxTK-Dup1fZf_N<rE^jR2UUuAl~gx36})$UgBN`+v2eaq9&h5CTPm9Ym(5NqZ(15D
zn?X(fv}inIGXTn)wpUNvJ3v}nBYN|;!lCVVv02E;VKX0gm<Z=tra7AB9FXMvd4!_V
z3E}ISBOdFZK@wl{q_au&?7#Ep;Bq5}Aj~DLH09OJb@L64Iy>c8w{%j{!oRqtkqoxt
zp9}3SxvO*b^e8f%9ghLQ;i~qL;BX=KwW=nxPfhjoQE<2+`{c!cljccVUPod4x610u
zsnZ<zZ!C4iDE`|>d`9u#M)BW9@!v-A-$wD@M)BYNyYS!KQM|l5AY7pZFp32?iUqd?
zSa73IaIR>K1pg+vgOSC61G#bwc^qOhbQ@&#-0(po2_z`T)R;SpCfG&Z%EpDwbf0u(
z^aw*fv=b0MjX|T%fI^j%V@w2$05rLn)kEc?$puuad?P)Xr0`4Sz;Zo3*#yL<;i>|@
zk;p#Y!kk+48Y@T@^OC_{E8JmaFv>2uWI!J=xC+GI;V1(J$ZKP9a<k-Fc|BwW0X$=d
z0-ix6Sc>IoVa$2>4P2Z`PudMQPcWJp*tb|@G}4b@04Pi+Hggdl9}fYLLAc>`7n=f+
zIj8~%?T@^z7)ZH24KzmS5djLJSGJMo@O%*SAOS&(tZWKeY<cQZfV2=W7RMs#q?PQ<
z7!3_AnE0S@Z#a=b=S4LyRsi3zUIvW$VJm}QdXmxhIG>CLsMf>sh(58Y5G9e~pT|G9
zH7{TECQJ2;^i*1Z5PJZQU8N`POBx{Zg_EMj!@YqtKPb&mz_7g~45vKdzVesD>k<ye
zP`xtF_YBS`$flsOIc>28kV;w^w5RedPYeWVv;a)M!bV3t8CeO_4~l51fJZen*<VVO
zA{7i1b@8OB7Pc5*LV?jS(FwUfLs5vpegj<Og%vhcMsXWCdO@rc03!52o7`XkG<s;u
zY`7@Bsi3d`$0%qtlSf{htL`h{0yjuy{sLi6CmsI6GQ^jQBbpu2i92&}lT+yiN4Pyv
zyO|@uymlv(?7v_lVugd*ST+(gqgjwYm9yIT$pB7pHckdYu4cNE*)GCc0W~(LQ3ceY
z+&?0&9KPdmiFq;9Zg|RF&MfpfQ&WY9vW;`K4Rqa7@J2p(NxgG4jWS^Y#79k%9Z?vC
zAIY*Li43RR0cjP^Rq13*m_ew!02u-i`IDu<>trMuFSAl+B-Y8;5_^%h__k~vbD^)P
z9PaE)dV#*qZE9?-Z)|N}RNuIub)id#VJPEfqD%VF%EBZZ3wjsj52U(@Ey*+R;8O}}
ztr*4)j77R-Q52p!lMxU*5*7hW#UtI&FhqDo>H%}HWNEAWxQiYkII39RVDB^NPAsTv
ztzTAmaC-ymOY{7?xo$ma#e=RlX3@bWOB2qwV$x;284=PGeWq~Tp^r1LaWXSS*{Xp8
z%0=OWZne`(+1Xli6=OBfk6IRD8|FMy4~82&+-Wim5r2h!tVT)TLxD7<;YKWNbKNFu
zK;8I-nq$Mi$k;|v8o9w%V?_kDUg+6GWFXdlIRt7*(RxfzF7Ya*Q4{YkpB1wD(SjX?
zWm#~`=@9n9NC9k7tZ~}8b?GKeS`KD{bLx20M7&Tn<~q6-hvk7Wlj9H&%MR_M$%+L`
zS`tyRFA696Wnp}}$}-8aRCm7>!@z)yedYGHu}$dJ0ZZ$f4{mR1ZEk2>kf%%fl-MZ&
zEfQ+2ceYnY9i+}kmL<x!lMZ{~AO@sE*Tb)Z!z*6{a4c!-00Z-~8)(?-#)LK)4Ot@3
zs}KR<h!T;BDRgp9rC{mQ6;4ONj$9`eaDhO)6#&h{W)O!l$YIuEv*j7(h9!mwlj@-R
z5J(!hU&hP<u9Pr!=BAgM+=hjWEazzhRDnj7RE=$qi|QOFvb25Up~LN480~X4a7LUJ
zHVN8r5Q>c{b7vVRz3H85n8%K?{OkjsNBm|e+rfDWqj~;ZV|rDHU3=lg@04srhE|FW
z&?3xyp${7PfHq6Wkl+}mO~xXcy&Tv>8?&IX)FQUuUb=JLvU=jNo*4J-=TU6YiDHw7
zXK72l+qxT0<_dGeK<KNepED1tOmqv_l>RV+)zaF&xW08^Q$8BZxi!4!+X<GokTE29
zPZ;pqfYpH&qT26WP~Qrn3>Vhd&4Yh|m0|yynaJRqnu{Z$x3kU;m*QAVHdHAt$6&*Y
z{AVYISdMp=3F69;S~p=7wLq)|kFioql7xUPZeAn1-^XKN3#?{!vV|^kjP*d8n@X8s
zjE_DvO<mH|oR4V1niZE#!Mx?2aBGuTWKnr@Q)|=QrbT%gfV-VA6o?O$C32QlKR{u#
zu$u<0G#RfEN{A86TrP_#ZYP`0XY%&9G|g{aR@a<wu4Vf<TjFfK64MzV;OPU&31emY
z%(UYuVpn?@1rGUxwySJ|v%}Y)+bO8DoL8v&LsClk##mWEPS-HiAu1)5$z46;=s3<@
zHZ>Ycyl?=RL&hQmBrI|&9**b^0r~}8+T*6!LX8Pm4~(^|@PHLREOshy33MfB)Fp(;
zb(wUC>JEd%P++~Qw$q41fNKnjA;T9?{`TDbL7le*)M0ZKSyKWRB+xWDuqqtI+|!Ud
z%xK<;;(`Vun>t2?lj+!zDhxuv-Mcnm1E3VI>5|GNL+m6;m{3U=TuCza#zwl6NeiJv
zv}TiBBaOlaT4-7<5a8_5UX(AS9!^$ReiMOj`VFh!%CP6!G-8Q(Vp?u;qOiM51O`=)
zYCa-vGCilLt`j7XLn5oAYD8QTya;b9q)tJP=p5K=-Jsl((7!S$d%DN)LV>cNa&+ew
z5k=T{uhU(&Cu`Bz=ipPoJPAk?e)S_f61O4H;kVu9uaI9(fsx%rq#~|lG%Y)#i$ZCq
zi?>)x12uC{O&q$ADQ?s42p0jf#l5qfL`;zfZ;P2JBjuP^&>jp8A&XHwstP)S<+;Xe
z;nz1IKTDfPjb$4K*b!nACP=%HH;XcU<}_Pu&>@;9Thx$E+Mce#X7X)K!x_+n_NpB4
z@Ss=UAh!rbE#K7rv4uNB(BJ=c>s)CNiiWwB(?$(*|9|-8+W)e}RX((JfR*pGDO2*;
z|Ki7C|63iJHnqr@GPKQb|NM{J|GLjV|2jl<Z2J69sjjXZo&S;e6r6tn?UM~}Q5^%s
zf3KQ4r8+16d*zf-`~Q*nlnvp>!%lBua*p<7{Xq{s-8XF#x-W7PYFQyGQC$hF#I*8?
zDdnMRBUD{8Wok{Rl5w3qjKN1f!ZW0;^u&{(hiYFCAlsZ;`IW!nCW!0>$cq>!?X^QC
zczL>bDmO_yCEkKfOYVDkD)V<*S_1Y<yoj0|*)HuB{uVDmKbX!0=-L-BVi>|MU=Re_
zsuWyoS=K?M;^lR*J9B`?YzqKa+!;$m@e9b2()bONWRm<EUMqNK%F2IeCE!m{3j9zd
z!7p2BVm81do0S|(2H_ijnj!yMmKwAcy)Y$&h9RHhFM25k59}RkjieQXZ~UQUnlvt4
zJ`$t{Y%SOWe8_2Htf}9V8;=E|j`%$u_9F|%H9R>>$`^Wru&@Jbe^awOku!@1MeQ~y
z-&&e*h?NmBJ6HpG;+#aedEJWT_nle|s<OxG^3&BZMiE}|iE&J=;iXw1uYUU*5><Oq
zy(Gn=>@AdxbItnS5!SBSdxzkvSc;7(71uNftHG5nUF>pQV)?xRRS^aJF;QygDP{w>
zh-;4sGPpROhy**7_pR4}8Oi&)fW4GgQ}}r|zXn)&K7XP7D-u`$>#_8UK`j=C?QrI_
ziQSav5j2rz1h%5#qrdD)z<?UqUv|Bn1$DuL3_O^a=&({V=x=Th`3)O~7iL9Uh;muE
zEH=k7)N%Q0jVX+nPclLkmDN0%{k2P`+~Nost`<wlDNMX{ruS(6;IL@Jam)00+UGVc
zIk>rD!NOMd%sV%k>QBQ}*znEu!#Pw{2KQQno1ZQr-zu-CeO^83$r_p(F&~|CXhfVz
zCgZ5>lE7lo{zSMZ7D0Q`6oQ_@_UZ{IVkxjHrch_lXf%36l>lrhb^x>=Sl`@YuVYHE
zA{g=t3Pb)0N@V02+QX66AS8A?xG|pJXy+*8K`o9b0l5jujL@0R9;Szj;)b;Kyn(fb
zo7{5vMoJfIyNm`tb`FMaN|u|2%dvBEiRU>Php=Pv*eDo-ydZ_bxZT0h^3q^XrU!B|
zOfw)YCwNme0y$h`qrgObg@?jMtQASs0#w&(KZb3MCTs&F13`0%s0h5QVHz%NUZkx@
z2(9Z}ix6~GO9GH(Myn2Frw4uY33F`!aLtHYsBBL$<99eqi;umBg4ooWUE}o=UsGJn
zxpnA+RqOS#C$UcI3{Ox@?|>rD_6FVXDt)}NVwm6JVh*tDE|Z651cOv0%VNTrG*A{B
zT8vNP!C;TDYG5^>?qS(unqHDrrP2;aO+G4$oeRVk6vdu3$Zv(z>q1dyTrv(}_Z-&p
z^5Age4TpYYm!v@n3@Tci4o@s;ZG3^r<HO`*35hlLt0CiTqrM;GX0MsMX?fHVd^h}i
z(#Eg{s9LsE`Q;97bK)X^JC!}rZX}>Y!w0sDNO7S%fvSS<E9$Q6J>@V*gqVCc7PjRx
z!JrqeEtSK$&E|_iD`jh-l;e-b5Hwg4(T*_M(8l{ELL1v9sMUc}#t+2^Z5=lvggYtA
zi5Z=~Q!(^)0f=Hf;I2`Mmw-}X=Zn8AEE>_U!H>+|D%lpXFfELPfG~gUO-oysENum6
z8u*RH(B0L*xIyTc7**?&a0)qY04orU$TCs3GyFPxly@`G78<VgOz_mXE7;on^(%Cm
zo3v(eg?zcowV4DmUGZcGyH^Q!9JD-&C4?A|+x6>YDFGnel&%giX3>Ms2{#BQhsAvn
zNw^aoKDGgh7v1ow=CQ$p#n;Y;74aBRf~LPWqDf*Fa0#?8Sl-n}f)j}}C^-mx$rei@
z7KaI@d6rK_df+74hp48{s|W&{(=IlrrLbcQ540DHAT|X54%__K3#U~PXC8KTL#GDU
z2_X)$AOvI$EVcA-V&vB;LgOU3&Aoo?DRXV&5wry)qZJflH;|0b`jJLuHlBlgZ7{Ml
z&mvJl^)iNQ)!E@wF-D&tDy&r~wne#g5HLR=iJlH!4`E~^i^@rc6wA#GCkW=1=IF2z
zt2D@F41IBfD-tCZqYk1#tjwRoibCnW;Upkp0m<niq*`)!NF)hjlvWMi;_|I76*&yI
zhAkhiJt2|AG77A_ugaRkb2Jvm7zGG#3#LS6WyNj~zD81d7txe=fa9x~02frf>V^!5
zyXL<O!UQ{u8oo^+pqA|mTaGq5Ht-gM>lXX4J|&2?5c{Q5?iOgRTXD8>*vL|boC1-V
z$R@xP6)ywu3=V-BM3{xWz>9F(yhFW3=;}_Pn?-yJF9x{qYSBbo;#ufNE%`GyO8;iP
zFbbNYqMZmE>h5G*3ve-{Q?F)T!*lc{c)N==NiIDbkwL|AfP<cG39pFs;^hm%HmZwJ
zObpI0==;Q0&=KGk0f4|#3LV^n;SUe}iQ^n`Az-%+x+aSsrg7(&T@l8e3xmm}7CYV(
zgXjx*k->on+RQJ*VHvj<={F^cCL_ca``G(ZUHn?AMOc#H`YH+?m7yZai(36dMeK)g
z%#^H=<M7&Or6xcG(xk#K4JTE?iA04JDhN0)r^U+(I|H5xbR-){xLoL({MMOJ3^07>
zO93VV!r5!_YGRp@7PQMFRkG(k;X=wIo`%&53afjvpN5GL?eIQbtT|c`^h+vc=4_7K
zK^wx^luK;D;CS-z(?Uk7#aKLmsz4mo-O@6_@R7z}m7<cdF+wGCcMY7yKJTP3UTfHI
zc@h`nO&k&qCyTmCE8QLqE=VMg9$9KdOX!a!4sqRo_u5U_dOA|;wO|y$EnTs$1a<h<
z8igeUE(E;Ng|DS8A{D}&BH)tk)~~M!;!6t(;>okUfZ|3;_E=ql)3u3;os#=lLPX1A
z*U#aaa;f$(eAFnZ<6#X_(RgSt+QM{o$Uqy>q&5Z~o9YMDJ6?}d_cLhK4+>jI*~Au+
zXkjQ2@}mf_T*`v@$cerLgJOu;H>%Bf6VFMCK=gTX4*&8LswkXtZm4hftPl%WTVvP(
z=dwfu4m}a~A1%0kWg?#dXR0M2V(*u^G&TJk1zQQohO)&W+gz)f&+ZS@Y+N>wr3Mxb
zu9#zLjneW`wFc3A1-0oothCq!b;F+dyd_pmc{%%2Vu5rAvhkYWyTiyybF22|e+{n8
zR1yS_87?6ZV%6cy4isZ1Jm8`VYfCDRZc)~O<rYke=e0;RgxywmGDmzKL6F)5?E%)#
z05+gj>aTHGc@Omk%ly9Oht`y@SkX4gKf$ZXC3qe&RnR#KT&)Zdab)rIL}fxLx1h{(
z9H2N3PJxVw;;m6uA8Pm`hz+2Xh1-x@ImoU8#v74RpCa1Mwgo-Kc8e|j7lH}cmZ<~h
z#w+X_LFS|9wAn8@DzKM0uW9bm#Q-(c+|<<SWpvesX6xJ~3O2#3Suv_AU^>JPF_mh@
zwT8%v?{#mMgx>MW0TL;Di6F3E_evBV`UZ*!dFbfphOHI7y#8Ww$mCRR>!vuF@|IU1
zv%MBLYmtnB<`ck504WC#URsZMmO4!{bw~{_o~wv=Aqi#D%22>SG^;xbR3V7u=TPfw
zfP+BZilZ?r5>7{j@F|=kT+CFEzi8*M0qx*~hB-L%*p6&=&XDPVWnNo)j+d4<2Z60o
z9!(r3zKZ9X#76stZ*dH3aVX*UYCg(t;S?Qh&;gdbg16ErNej>bi!k?WL9;D+1tQ72
zh;464H(Cx@(+|aflf1Bo=F3QyQ)?WxS|eO|y7QOAAT1cQoX3rz30qTn`6wWo8Pwgk
z(A8JJ`Dz#6VL6fOqEV^SvkksBYVC54bH)xW{mW2op%Uf2dZ5w0yo|E><E8<qmsuGj
zv^GtNJcM19GwBTMM$@9Y7{FGtkr$JP>Rx*qzpnTX7~c7|jUZjwg+sL0W|)>+VQERQ
zG+>0JiJD`~YxylBH>1$_yXL^DaW>r9E$AwCMk=uZU5Jm2>W6#_M(mDlyxd-e&~Oin
zG{30>t{+4b#QfRKj5$%@KHs#gb1ojajATwqr{n}BB2*>936aunxE3ipvK))l#yG?R
zpaol%QQV@qg?LMXj9Cn}O}250&KZ-d1Il1MDJ}K44a<D#N?)219Q!;b;x6Q86Q+vP
ztvvK64+W|a&Lk}wy8bx?_KrEy>3^Q-WYg8EX~4xxj-(4qS!qx-0!g|mFWnB&_D9XM
zyju*DF3mE$wlH%xD-JuvhElzE^rHwA5e}s$ng?|yi!~*YR7Q(JRo%sr9b`Gm0sz;J
z72~$40%V+x9yp5d>?HA2C>3If=&MZZ^5Ij)*?hZvoyw%FQ`nSsa+|VFJ2|$Qd?@Fz
zPN(^pv;}EMAR+`7S|g3cjKf5UrDQh-HX`7e)j3?Y#OgN6aX9r*gM(T&Z2gP5*OrB{
z_#5Hb<9z03PoDDA8?L$2D6XX)+MIAE>?T<@zRbpyNw_38M!223oNB|6Tp18{F13by
z9kBT`()c7-I>e%s%|0GtoatR|54DR4a>+WVKI1*p2w?+|j)bJ25w{Oa+^!O{+lOcM
zkS}@0Pus?x##2Bg8sW|iHP4MZcFscD?21_|{Sd2~ZM?88obqNZZtk>e_#6Yw80j1%
z*P&eLb8VCFwpQgO3QmR?>(1UeO$-H$vJhEzI^HdhwfPDzKD^Tna_vFdFMH`JtB9}4
z+S8+QZ`snbkMD4=ye56-aTMpmf`I=8?*<Jjvn>u3Rj38h2Yeqokh;@ZG;Y(EuCt5U
z%C*08U%1Vt1>75H5=$*|Sa+*94GB?@;pR?TJg_rwaUmC7kpJ1EO?jNGjjP|g;|O*0
zNrs~N&DF}eq>`-3K2rRd%ek<6ShyiBkJKbo!?d*kjSOc{ldI8%h+Y44#2;QjGzds5
zN56ZT6iXrulc;17!%mA1<jbV{`6V0->kNS_gDC+3gymEWgxvXluzYp^XYfdQAZ6!{
z^K;{77&VVNv}Up0o*!hu-lP@eL=PpaUT8`@)<HiwAO!s&pbhqQwQ|j83w@<2a3ffA
z7X$^yCR-Q^Sc1L;jMYlDfu7(}-{hi#fdrc71Pf<B`8sqR7)_BviTyMpI3NJh3T3j3
z6j%?bx-+`on{9TlK;!p9B0**$YEnCi^y8gYkOxtM2flpsgz365iKh0@+61H#nk4yq
zRSxVuN<=&=B(rPgB@^jdx47Z*%eJOz@!M8O(#q2S+~|I_ma-{WK7!im1IorPnT~bg
zJyMS9z(XPiRE!5Zxp<e*BAL~|Wf$^HPOcp9!VGiDJskKyh4G){KHZ`^3gbUjR903w
z@xP|AZ=?86Bk?JdkWCRi1gUh^BfuuP4iK<uIzc~%D$7GvMyRSLR9RECj}5O0FP=RD
z>LQ7P777H3=K$_U5L$U5-V+=*PQe_bQEH!+l`UWH;m1HOm#DTLJGv<mITpymQTPQG
zzHM#TvN`As>F6)m{v)B_u@5be;{Xyd5k2<bfDpvL;-2@GXL?fQUOx#kOpeE`Qy?iu
zSJE)E7c_F57@%Z1VVY4(v_;$+I8JuEnSkRWDw!~K!Qn2g_?~CRfdR87M`qi_TXM&_
zRRH7>*D5%APD(5_?76o`M+Q!CIWNT+1})mK7*=JQ&FbdQ1fL<&aKk)|SS}MOgFP&K
z9$!9SQj1QcGGdk%J+ahKfiH6>3=d@;Ko~-Rs^C7hxCmUur4<h4ky$UANYQIyJC!F7
zTlQ=#mT~knwFTq?NTu4@OMXZ*=4LrtZslH3v3Sd~R=OOM=_EYE7)-DSS}jn?B<~_P
znn7(WSv~5<Wh0i030C$1ZM4`}N@>1Ch+F*Hz}^Id-tyV7GiRX8TD_J>oqrVIb%Z_x
zoc|bgc1sz60nY!a71h(6=l|4D#pwAz5}zTwZ;}v>mW)C1j{7~X_>XE?AwMyV<3CoH
zho%DlV@0T@YB=#9^PxKGXlIO45d<BVhH!90iFk-Q*4jMShjv`Vm<0WCg(ftuNEmF-
zvkCg9PBdw5%u_fXiwpu$h=cMIpny9BR={upACM4<n*xR6KtK$NNY#E%uHcF+$HCVC
z#)yn$$WjjsZH_^=cswe_Z?6VA=rD7gVU$?4=)Y_)4cQkhy%%iqq{z$JCNhBZk^3`B
zLIS*<mS|cs!|j05_?<9mWUIJ~KJ}V2Yhe|jCQRwQevdE<<Tq?eUrQ;2LBm@MW`=wX
z_$ZzNOU>H?YlVMf%{Xc`HH|+CnyXSV=>v`-MI<N%;tzVqm(&G}l4w~;M_I|iM#;jO
zlEpP8EyjYy5F*M^3IQ?7_VF*QX=3^qJ54D;2&(#3FbACJT2-Wo9w1LNiP-rn7d;p-
zpJjs7L(4}GARk{6l#4HjA*Con6&@DLB#CZ|P+dUTHjur8XdYxzF$$zNksi<j;?ra;
z?%a*>)TBQM<0s+H*5ZP%F_1+YwQFFsJ{t;CZYHrX9f)7zvF<QpQ=R7DbsSF3J_5K?
z-Lv?=qEne5m(s=ct##}Q(Pf`S#{_~G*nidZ;hih*6ykZpRV%*InLTEPE$mDtRR$++
zZ>>JH!i2Nd%c%LR(tu&JwZ<qt1*U$u=H4w3cJAP9(j*lGISX4>G7>{$7R?5VGTW@b
zXw3bNlf=q3CB|T2bDNs>Z>UEIB0LCHYVQm@aKr;Rf@auL0Q2JGKf!*?nlyv`4`zTf
zynX^q;9$%YH`ih}IE)`FE|?jBKvq?$qYgY5urlH1V6?aMsny&ZWYxSRje_$rV+X9@
zeZ-MDJgZ@z34Z66MgiE>pKSsHa24T%fJS&%ty<;X!hO71TQZ7G6gyJeiuqXxC;w1u
zgghASlox`1(aIVw(evo%EAT0J|Bt7(SoRN}!uS7BMRoO5$Nhiml&PcfA4cRe)Fe|f
zHAbu1lY%JX8t_Ll?H&+<))~qILX{&d3~&vqzz*C_GtnDBZ3W%q13)3+VQz4RLaD{g
z6Qd#IND;t@zt%NkLLrF)`z}n_l8FeU5_T^lJc4|#1xwH@kF+=o@**D$2K_^Sg6g(M
z(WGHRix)u`7^lEmgRG+$h31innc{3%5@Ttm(p;6%88hQ-y&N{-Xk#X<H1%qharA^z
zIVv(>16N;o9C!|?m>I#7m=s@8VHHg6qpE%2`pHjgzddH0?s3l#dHq>TVE)K6oI_ng
zOc06`%k=@d<#p!dCF^DPoSGAKtx*<o^?-J<tq0?P0zKC{uC*{nu7g;Z0V77%RhD#1
z5f6dkU~M8-7qr(Rv5w&8EJHW|_L&@=46sNKD>(u{eA2*eWiw>y-WLV~DT>M6VFFu-
z*N1d6P8E0YYQ4VYD^{#XtSD^*{7dhO6(u1rsq$F@D-+9r?xl1^x)d0>(iNqXOW9Y7
z>z*+VQ`@%`?9UnV!xm2@!#F)hEi2MgdRjBI7Xm7y#PXGvSf&0M1~5^y#@W^#E*`Zt
z9ZpzrVG^AYM3?P1F~e@l6)i$U&it!Jq=?FbhOqI9HpngrAXRM#3lCO({3jd@SBaxb
zCSZh%+3f6KZ%abP>{;k#YD+tFd`VeJ*@Ov@W5NXZK1=12d2l7#^Ocl9mXZ>;<kCEa
zo9b{0Y9@>{I7GK3`pNcDHlYn9ZZ5Wo53@==#cc0^w;Ll-WVpw@c~Wfmq=0&-+0g=y
zJ?saMNQ74;YTs;MN#7*@a$`lNZIZ8cwjY~28=8wX`w5&BgqJZ=#u*)HGrW>^oiLU3
zA>1Tercfy6gJ3~y+w$zx1}>CEKTq`l75998V2>f#9^3S6;mttA4UQ%k;~Oa^Lu8AC
zpxC_~GyvEHftAXd!iE8<NG&HLILPV*n2q46w&L_XSz@ufr?w$sJpF{0%BsM!*sALZ
z<KW~k2R5~qRROIQi`nl?8I#$Kik{{jWxt{vbXfaP2s>Q&Smk!1-$5OC<Mwl?pjWK)
zB*4Q%00T*144cSE23LY(LLK^@!{fi&idgk<J^|*QxNB>M1{^1voi^O?r7C!kG*8io
zAY#l(Cc!QY6#uB8hg-i}iAboFoj?|`;A~@{$B+VFQX7jh^sbTiSX5A1EKYVVk#M9N
zWJ{b=f?v|@dT6Vc2NQ<K5$6(ywGZ0>$8pT(0j_CdQ>(<R%}B6R-F61kF11J|gN=t3
z$qTm$QaOW^gQ%q)kPuv25@y@XcV`nT2bSPKDkKgRzY8q|Q`t0Q)kIUAPNT9M)icoo
z?3^BZ1?Ef!I}WHe`E!6zaUhmcLNdRwL!NdL$(QLBp92QE>g=Vk%J!=47^>WMp8XRr
zs{B-}t#<Ne67>$#4%Ze|A}SV)W0gU~aXZu?*!F0H&28;1$6^$q_W((uJ4--`XwoC3
zaPfX#fo6TYS?B^z3?<PCy)d|TI>drnwHT>9o5;Im)T+usGz&mE#33V6Mn*!wx*;sM
zVj1LvGO*H-!bk=H2BD@>4hN?Y%3jxojG*>KnjPY$`<4cSISAVAaPLNrfejnyPul6`
z&adhcI<VN%ABfSwb&VDJ{(l#L7L@-Xpvsm@01M0iDl03e<=Fp(Sn^T%-w1q$nmBXF
zOFM!zdGt!FMl*#tF2ETjdvteAw0uQ6B(oC~Fx$i!$^>Ir#S+Ai18p;mI!311$&2JO
zX4SA%#lpUaVy&_V4xB&6?XZVAXhH0mfC~zz03@hA5|06DPY27t5|P%EL5{-%X>(wM
z^56wQS_fbdFP}8t-iU@@j5@od1+N(`azY8|MM*3n_rmCPp5i3V5ESShUQxbtjpRsg
zIoJ>lEIwN8D&G}!<jaxpI?TObirI}k7WWQh2<8y;iV(U<iszz2*it;xT)FT78AOcR
zo)kw1W6O*G5TSX^Od?mf%b(_oc3q9s9FctEW@7MWYkA`L#$|loo>&4gs50F__LV=3
zWynQe+Of$I5As(zahB~9fcD!ue*-MG2IJHN91h4)%Ao^gxP8f+kjm|Vzz{%b$g<4f
zF#qx~=Y2VtFRWf*KrpybDHL0ZF^;qX9U$pgCMz%pLLTRlFywQilj=>e<pc%`fc+KG
z69Wl3`PvY<foWn4ViGASzC(vlNJ(6u7!ffR0O%e!J2Un&5)zc2K<fL=jP&!Bjdu_&
z%#MsAQnyme&<PjJnO#C`39CmtofO6J$LJ-SHhVY+tPi_fH}<w8ji%>OGY%2dWE^Bp
zzU5GhnMa2Yd@0$=91BJ~E&K{LK><@b7Y_QW=#<$2Ll-S7o(uY+EW_v53?SMA+FF&!
zJ^Hu@46jI1f(8^5yqZCT;Vmok27|H?n>##5Y~^kYj#~zu793a8Z9}1|#icJOLln7v
z-O)6pR(%q0YRT4s0uu97j9>RHKeQxLV%4-w_SckHliAM|3HH4-pn@P_uY1FBvPcvN
zdjg<{;F;kKuW30vfqN&*LRN{|`0zA#zh{2U(MABTWdMDYcOVR&+ks7zmZ1>~4l?=L
z290_kF+9*G6h`JF7^%SKS>ixJ5<yLYJqQ|@vjOk)l1>r!4P3;*sx@i!fMY*4+|p2k
z{9uG8n#{qfa=pDF-Vn<ur&wOA>YEmVu5LwoMFRf!!p@pGw|UmgMe}Ege<j!v%{T{o
zl=?nH4@%DF)UPGv--1E*+z@ceiUjyr^(aD>sA#NuWZ&d0OUKDPYg7o6QB*C46{85L
ztQesy2SSBtfmjQ8gZClqdD23(A$i;P6LA3BAV%M$(oW8~3uVAEDd3rpw^?l`t&n!s
z4;UuC>?Nb8CGob&jNwd1?Lsz?&Vr=TFe*G8Z`no#n=ja`RxR6}wO*h+UVWEB`DnYv
zhLx3q)h&m=YAf;&-;vTlo10FP(|_SpJ?OPTuzFV{7RM;DOXvB>Xg1d())BNVNYW1a
zE@sP>F6e@fuu+;eyRz|cx|Gj7$|mR>D71TIA!_>wJ2$l<1lf)Q3NGJS8Z|GtZ$xPn
zMLXY~(QB}89^InO4vjI$sacU&nvh@_IxWJ;_PJ;i?xPDcVH;WpbK}!kD!<Es!)tnL
zL*N8ujy(Qy*(J&$s5Cvs<4(x8*b^Zv<s3P8q9ksNI1E0LI(y@j?3P~*ClAJ!r$IrS
za|pqPgGMV|t`I1WGc^@MuxzA?(Tej!)l_d{omzd9A;~No=PNXQHh#|D;~a36#hlT_
zaif?=B~fD~4|-&-ikM~;Y+t+8G$SYifvxDZm(#t|&;^ZL^9GM<L>x`(i#~AnPARDV
zLG2SP+cM3S2DlhxSfeWZYWvVakrm{{nAx%&l`}lH_<e3jNXZ^hLhxuFe0!DRUN1HB
z>>?s4xQWQ!R*w)UA%+d@geohO@@j2=QD%7#2|9HY-#Ug?L5{_@p`_-us`fm|_-#yn
zUG3pY+*Chc3B|bA5kKZR+=+qvACEZprx!0-bWfLOFKFVS4z@zzpaey?+fl1dP|n9K
zXQ|tWj}hk|9YeOmhzPDWS3+Rs#(MH3PM%XkMx=|Qyhfs_Q6$-uXNd)nd4yEC(a-eD
zYk)g3rOi$=Z6+ez4I-n1!m~oqz>AeFI8CJiMZEZ^F!q}dvC`1PomL_@VUjIX9S)Nr
zb1hkQ<HP`K3x&vFUZ@{XP8cKyF_tffjBRZg)VSN!IW?2mH#3Uu6*vR=ISA40hEB=x
z#ps#<cM*PM`C>sc7!XGo)KiMgMXUpqmwjO#o|0OQ{9yhH{kf+UfF2SSlp*}cRj=e3
z3ZP;@_cA6LR>U$vqai^SQ-Ht>5;-<7IGAi?y2I+Cg0c^OTe0$QW31e_((LEm_S>Pp
zi4m5saTNSPqbX(Edln4>YM$ieQ%^*oXBZ3UOgL^Ob7nfmLE*7GVaX-q^;lmimNs#!
z3LY2KK79dgSZt#pFMD#3-7ZOs5l;zeGf_nXOCON$(4okYu%n=+SeNz$+_(;URfzA9
zZP{GDgBow~;D`l;Z%93INegSICat3Ho?>14B%A2O4AXxJSr-0a`IU4;lcD%vsGX)$
zx&{;P@-&s)smxNWkCIS0@47zCWJ;v6+f5atU{amT9;&#D4;%S^3MybJ09r{TiN4`3
z(t}Y^%hXxRk3ie)P+bn~mD*{7ER1vZf@ziURDnxVT&{l9YX>SF1Gacs#o{EF%);P#
z1!cx13dy-B`2;&ho#P^J$KVk`KmxXWIqbQ%HVP_%)`^q{Q(};jfT8)0<uXYPGW<MN
zBeYYRhYvg^WfkrNA=X44lT9|NeQK5Gn0KyCuOnpuP7O}Myh4qma^os@`Dna8QTK4d
zp-Y3@cII8W6y@X=(pg((Db3b0Qq?Gig@!A|oh^8(ZOiMqwX7oeDy|^5W9=n4X)u^n
zqxrL?Vc5e@R5v)E>C=UlcX%_9$?1uZH46oX9Rfw(kC2|tWEV1<kquC0x{mP843rIy
z37IEgR2~|t@&l6!Ux1wN6PjKrZY!Kjs_$in4Hy@$xCvUubShx$h00Nzy`0lQ^i+Q)
zuPTm&s>`+`MH?Sq>52+n66B`_sc`d7WoOO=sMgB`#anGhid65_rA<6`-b!;|C~c{R
zF)-Q^6hQ*1z@^WF)F|eb_}WM$nHJ#)fEg553S>&WoUsvDp<D{AD;4bO24D01xnRBM
z7gFguEi8J>va-ND5fdb0M!Q}S_`YU4*f*HENoy>w?RYj)ZgHE)4NN^u7UN27@1y{T
z5{uK1JQ*4c<B0)Q+;oZ@25(BWU>5WqHkD3Ov?F%lLDYFTz6OQb*G_<lp8J8(sZhKf
zW|?I;w*zowU?H*0>@Zr;&6jb%@z_e!XlQ8h8(e)&1RK<7Iql+l0mji5=i|i&<RgXg
zbF1yDX|D!^I{VL2D??zbu>~d822Vn<jZ~-0Nvb1zPGTOv&Xnp=qX*bl`mU0wmh_Ah
zqZ~SfEV7m)qan2Wyh{^eV=OkKv9Qq!+tqK_;yrS&WmyDx(3X_-_4SpM!Pu3QWkJja
zEK1ZX<w|Y=nTW=#DF_&9ArrmMTcMpJFF}@ERhDyK$zQJFC^*Ad>GD-QaW5{}LWwYX
zu&Pr+G0VCFhO>iyr{sBQ!pf%DB_(4U@EU{NRJ0oX!wZS|KlLeS|ECN$w#W!@ApFm1
zl~s28zsibG^(g+=h<t|heCCQC#6Tf(PAsFa#g24`Q4*KO4cNBa&{k~9m*NaeZj25K
zD&1}>znzrnVpyUK&W6FkcCNHycUZ8e2R#weZ8ee7JQcJ;=-`z>R&tygoFT-eRgS8M
z1j-5F_r)%Rx<|(l4vD%Sic1`8xnD=P2L6DwusQL;S;I;DBX4o+iJW=%1yaE2FT-vb
zaCkXIQN{3FM>L^Y;n<BMPJhVHUD{%~etF{hX!a4G<`ZcVk&Hdf%@Iu&!=;joY&$Th
zfQ4Rc9APdIRUPL(y0T4W)WylvCaGe?zy!5=R){xEd08v48<ew*=Oi8i28rkJ8#BfD
z5$gc&SYF$6%vvmmiYnGeN(!xz9Y)-lco;zQxpU=VytY!{0bzX5T9-29?{!FaoEl$D
z<8ALQdxkIhF!O)Fi%;~>W2=PHQ!@1R%dONGL(bpNF8AbOnZJoXQyVr>p&xt;H3cLq
zkMQ$0mnSNC{xb%SBxJ*S{!f_}nwES1PaQq~N8&T2#23NS(n6@pV>*{%Jh#4NdZk4e
zb|@96NC+ZEYotFS0wah=$}1p=#&TJ<7`dgd6^oiOmaC0}ur1gx1zS{jaFgk`umGpK
zr^{2D<+jr>Td*U^v<t)sf2v!7D=DcEvx7C;kh2_eilsVH=OWkx?y3f`FQx^Nf4MAO
zqM2)$SD@FDoP>xMY>V=i8{Z9Xpt@IG3<dOIE*T>DF$Ijlj(Wc>f@IpvpF7QN`>R|s
z58((p<k&cX(QHr3@UgGtpdK)gsZ6DnPn%_?+7o~(lL{E^h^`h`fw5WXKlUBP5k7SH
zPek#y?n8`P>;rKPgjwtL&Y<G36odVuuU=_E28E<Z$&X{Ay~PRhd5=;k2mlGr(gcGs
zj^+Uf?x4(#$1FUdSDO8nNDSZ68l;1}R)d9NK$xS`4{l`*KMaYjK!y%z1qJj2bk4$Z
z0|(Aetd~ee|DqqhD8S$$q*zvgZJ<Z(m3)R2TtHic!eN8w5_&9nw>;Cfoc#+nAB2&w
ziNJ;Rf1+PDW|lEU4lcgH(G?TH{uT3J*oL~D$4HT+jlIkusy(h=HgfDmgby++UKTBT
z-rgB#w*u|Gk^<p)(GawE`tTiJAXH_Fd-iHQVb!qgI3hGxD%PJNLqVZ(RBKx}3v@Qa
zT8H+{a^_Gahh`Bu^T(}_*gy82;3t-<6QY*m57r7X_-L|Qj1AFZ6;O0RI8oGK%Mq2x
zGq(1cs{n{UmT@#!TWG9S-cWs{9m6K}$a1f0HD5mb4dV6tRd-qcu`>nw+@27AsrlD}
z*i-t3%cRA;@wdxijL1tolNJkws*&buB^IS30)hQRYiAxB*wJ!KI;f^|(ie6%3D*zz
zTo31O6D1p5qbThb4k)KYG@fwa+K7UmR!Dn5EE2Jt^)x&nTTWj}j>yvyA~l=4INX+H
z+VtCK_iC@g8Ob@%$(|VANPWM&9{1)wodj`ZX-GHeN?M(xa0KgquMh&uOhjKCnS|$@
zFE>43M1#*j>K-YlR_Cu<|2V;SYr0;Af4DS^GJ=X&ptXu)0M|ym1*#{T%>NH?|09NN
zSmQs0s;j3|<-~ue8jb%nBA+2$tVm1<sgIk}NI`ET4tP)`8YONVEs`7og4}L&atY#n
zt}-MqbQRS`MRiTp)Ef3|xG!|^PBIuHe_{5^tD+{zjhPcLioeR|P%Q3)?F$GxlB~(W
zcx_<c;=$(~&^g!+LOEEMU<E?yyqVg3lG`14lfq9E1bJ|&?co72#1r-v9t!u_B&#qT
zPVm2$i4m#D-xyxuH+YlmvHgIAV$7vEUI5}Lv1BV%h(rBl94%zh^aT^;it<GauwfA7
zOSC2o#Hyl2iqKE#WHQ6!J^{lkhQ7y4a?gEZk}<Uc<iPA}Pb>kQlKueQW@M#h#NeVE
z>x`M{Qj4z#*C@%5x;+M(+NeS)^GV%rj19c^(30rn3G7}eq>pxsc0vOSYgWP?VYu6a
znXj7|fK?_4hiGIZoY5$PE1;z%Q9*evZoQGlkG9@utXO#oMxtQ{x)@@%yQ2Q#u@+K@
z;+r}OL)eZS@bH*!FK3&6zX+(R+^hI=JqETJPP1H=?nuDRyv2~ZPE3M3ZTW4uLPRlq
zA}0h3^AgApcfsnGzBwFBh|Kc@FO=3C+Qe+r{nY6tBUNW0{8yX9w&oghUOD^0GUI5e
z#RW9T@J$z=VOmP|=39=1<LJi7t}AGea(s+MNjD-!2`!R|kg&<62#v}uF~xd?8ZSK;
zF3@7qVImxvGe2Y%2ZWDNZK6_Y3dH@04@Yd6i~%uVEO*Uu&IlWFwmrCL(~dNVh=}ut
zSs`kfnOIa-PsXkMvW7P|{OulAolgVZ1&7g=auER2k!ctD>1@GSp`oRTiNJCpoKp;i
zPv9W~;z?wvY<U|TF9YP4B0T5OK?1EUdn}!GSkvG8|4l#vQ4x{05Rp<+si_F)8w3^U
z7#$J=i2(y9ARQCw9F62?MvT$j-J@%RksC0!efj*Z-yi2X|Guv4oY%SUbD#V9c<OZD
zu6InZ44>1ZziUN%H+}J%^S>&t&cXHFNDt@dxu7YBN=M`0&0j8U_@C!XdBpMGiTeY}
zy)n>cs;L-cuX34N;v4&|moJ;dw@N*B+~#CeyH5%lyNv)#t5FJt+HGQo_X-OGVJWBL
z7$fwfpH1NMu8C4YpvC><s8^*7p-=9{`Z@>MRzA6xr7xrVz}9s0QeVi^=llELmR3gI
zG>04888vI1xK>&quQoMw6~5)3xZ0ZZUQgV@1n74SqbFc+CE$v0p8w>}arS6lggkRH
ze=&P@ov&+Piq(0~)Z37y+U&0`%E9cq&lcF4b8Dr1rmD+lLpmWpMsMEKfhcJR{nFwy
zzWbKkyoi)!fB9QzOdVk4pFj&#0+2<0q?WSkfEG&b3{^wur0u)!H`f<Ke$2szCT~lQ
zSUhl2`1%2D$~_a`<g-Zo#JsmxyU1GMms?~L`gOx!SCL-tpzd3YVjV-4s!F8$%CYOp
zd_BJz^V}8RecF1jZa-{(Rv^#q`C0mXOYm0wy&qu{SA1$|=m5JzbOEiAepW_`gYC7w
zA+>#%f6o=B)*bY;_+D;s9@b#z(s-0tC%)GAlpT;|^es5K*-Fg#duYjw!#ls5U2#of
zyl<Kw_9~zQZC<mlS4m9>mC#nvgs9Bv7#j=7ouQ0h3*JjIR&6$J>(HH=-;AyB{2gQ>
zB@^xCbnq7UN@baPYtrZMqp^KiUf|V7_jYs>KX*C>J<L&kJGCpzO3%ory=L0`^WBhc
zoHDyn9m*o*nwz1hxaoCfW!_6~=}K=582YF+N3VHN-XT~<Z^s_63cGE~>esZ#C{Ev1
z<0E<dY&Iqa|JKmb>Ztu<w#e@Q6dakU)bzPfp9?G2fA7)=<y>N;PA8kIMA=KFGtoIs
zfH(v73u0I<=h%|ld&Ki^c;q`yT;qy%(jA>Dc;ssvG|e|xn{_vKDoXWv#rRm)aJpod
zz-8FFWO&fsk(kf(AC}Z!61b-2vj6c2YB`b#wJ^Bsn|qivz6|9q9vAUa5q(WDLAc);
zU@2R?Zy!^btGV6*MR1N&BigJ!);!H(QW3j%S0NG9(tmv(^8o*iTVjiT?rNN*$lpI)
zZaMJk-7i};gYl+qpL!|{ZUZ9&lc>c%pFEP0yv5pC`ycm3+dsFmq48}d|3I6x5bOGI
zX3HnQ4!OG)4`20)Gdc>C6eY=z15{)50+Aap4eu{BNN7H3H10bzM@prKd|!CV%iH)@
zleh5UK)j10p3pmG8guzv-D~7djm+(&ZPt;fhU-sK*b~3Mh?0j$$aWSb-3$?UE$aNL
zD{;{*DtEXmnIZi#DO~a=UQ<@5?aibA@LJ!#ef9XGT@c+YlgP{C=r&~PdhoGN^=h|;
z!J~Ww$B$z|TwjOvuY<eEnU#y2Z%q7%QY7B*s*!RMi6&gZP{qvHXCc?``%i+{avv56
zsL%*UbxbzJ=+>c7FWD5CRez;k_sTWpLDNUCFp(w(b?UgC|3$zhPHx?pFhyoo(eYn`
zC=MAN%plUnr1u0;JFH*WybA;BhbU)!SCe}WbuDjiMHJSuIC49eo6gg`2l;L%ia(BP
zxfH4}&PF3<LU|cy+|9-m8g`@i2u7SSmJGbp@5lB2z-!SO6L=~6YAK!0^VJFmdX`U|
zfGlgrH^aS`tnGcaR(`Pr{|@i_#pc@S<(&R&ZPsp#fn}_;b#?LfJ0e&2F!t}YuR%L;
zQzi<pW8AWD?qXn6y3&`AJhStBY6AFQ@~*1g_{Us1L4IT4;F8&0c<oH~PL$VH?^9~q
z^zXKG>#CQ1>kD4BB#jOO+N<Nggs#<x2TG-6TJHS&z+y0m`}(n*6Uu?uv*Ycmh>5!<
z9rr6C@%~G}ufHYenRD3$`+pj|z?s68x?NuTzEeKQ<Te&cWY=jZy{D~Gm(Ca#I{DOn
zbxAKo+(leXUeBNI=cjkFbb7bi?-h#5honB<TX!G(^)!bjvXQSH>2)H(ks%zA)FW_N
zgqJzxF<9Sk;kTxx|9p1A>-A^qjMR&__mE3p^5Qrl-wM+lf4djZH)FmGjCS|*Jz!=G
zK<4Ade+7KJ{-RbI*W2jfEg@e^g#JnPUv=Nyey~Vky1d9mr1G<5QQ%Jwr;{D#Oh@+X
z40(5FHF^|A!+Uy?wrwO>G#J<~`z#Rz_4Fp?5gD};&j<Cke$L_6aNaY5L5kwM4-PKr
zKe_vPZy({)*w>~{fT|Q{bf-M-UhPQ;dFF9ucJmGhd5ur(;Bwr9Q`tmDFf+K-@L<ix
z;l~eG8@~C;GJ($#haC4S2SGaDfxQ{9z1q&JQJ~g+_lUfNnC}*Ln_fQ*rfk@T)82CV
zOkOL$;bZ?aDnQ2}T&hPElKYdOBGC=1WD^Sxt|+hMe*JAaG@+R;zti7zC+X{dr__Bu
z0GWx<epf-G^X(Bpynl=O%Hqdy%-1u(T^?F;(5Fr@;{xd`1m7nQ#ZkEhJ;A?6Z7S$Z
zn_u7Z{n&rA+U>zOFk{$_b`2O6ba1#Kz!?LS)w&qN{Al+$h12#h&K`u()N{0Z3jCng
z?UvtxKnvz2Pb>Q*&)CpN0V54qVJN@$Nsdy4h3RbfOLYG9^F)xiIJ-RQ&a%|H#GPC6
z5c|Pvs?|bpX<g1*n$Z%L$S3A3mXm=6LwCeHi@aFmYmb1YQnz%u-md0-PW%g}Xs_*2
zH8U>0{xKZY84qr|8}4i+PLJ#^S987pbhJ!3%RVsJWq1_p&g<jxOI!TO{HNC0q}`2g
ztal@i_$p}f0xa)cv8SCD;x2qV_Og1>{1gX~u~peIIT$zD=6~>VoV$aP-sW`$>X{G}
z6x-7;!z&&<H{^J7`PsKx{G&+|FN0^n<{j?WTEDcu=c2tV{GX8Ke+aJ-8lRWKrfm%k
zHtr?`v2Qq8pSNBr)6@-DN_ILm!fswh7`|w~rrSDfB%z)8Iig#hf!%24s@qSm$p28L
zZ#5A^zZm}zuPTMQRLZ{U_?-9B`nIp|<>*w&|KTx?AWr6JT$S7z+ex$vwb^Cp1y7GO
zO*(bYX^6VbkE?oR@th+He+W>c9`;ke{CAlaN!3)%cTA&d2q<KoAf6mJMN=Pb|8Vtq
z{@thyb|*<sLjq+PI^Vu9su#9C>^R(vlvjG$#ik6~XwuVCQk<$F%DR~}Wd);B7WK=i
zSD>fAwP1NU9uD*tAX*aD7@W&jLjFxkAP6V|j(Ri5??QX?n|#JLe*@&Yts`jvh_$^N
z&-bQ9FgU$A{BSw*CZ*{sD1IcQgZ>U@<&4OMFVJFdTC33M>MV8G9C#)CbIllmN&YI1
z`l1?>N`SIx6e<y^AH5z>5f45gZ=|2RzhY?KswG-JV%|{n?di?1`<Hyx6HfYI?*Jz-
z_Hej=q*&w4>&C2a&HalMAD%xh7A!g#`Vs(F*wzp&ElxMhR+9azS^+Qn&4%OauPnY%
z7lbH^jPdSSOGVhWPNr6hUgmCo^(m@w=oXyhW?kaRS>Lj^Z@xO8@iw3;TU_tmg5cL~
zd6qxYEi^Q9aVYw2ea79Sb_a!ymWc`8wQ$p(rXI@NrdF-lKTBVRc^Qjqst(vp#wU6o
zm184rX41~i^*$cayd744%J{P|$>EB>l8n2Yk5glmYK~b5Lz4Y81A2Y`M*8bG^S?m9
z7htw=QR52<yP(9#Cj(hiM#ms-<pl1=OEgK=qFSZ;*gbg~9WI}Zx)9xb$7ffbU2beR
zjQ;cBxt+n?a@i&2%g$ey<Zrytx(*zOb9{X%$AjUL{1qj?Ru%ew={}Kbnx%GGSMFb5
zywoiK<W^YWGf|Iy1`ykY1lz~TD`XO1iC(_L7(@6ka(IM2tl05PC^H~Tl3mZUT<8zu
zQhkT$3ex82_nZ6bW2biPU$|ShO4c$YnegngS$7WwQG%~+C!2owXZQLdb?lAAyL63)
zX?g{1uJ>z}F#u0*nzb*-YG(3v-h%~g*CfuAD*p-_N$t+|tFZ0qt;KQ#HQ#80{^0%b
zONP#(NsJW7qqiVAjTc~2JCHeWdzRwynt$2j*{|->YMp=6rN%!A)>e-ngzsN>08Ro4
zHsWV&Tk7(ZLDi#M*Rerx-y>-3n=|x9t5wzs=*dBpu;GJr{W|9hZrl>fjfB4~Sz*cv
znw0X}C{<WnTPrs6{-Zv|=2(Zzaj}5S{p=<S)rK2MH!8n8OHBd(IsGolT<RfyFm@u_
zS@rc7Z(!C}bK`qJ<CWWQ^=iFptt@}US>=wmvNuy0IdFT}qT?A*&VugkH#U|Y?)R@H
ztqPy~xkhuDF#smoK>zXua?;J$f+_MQIGxWf##_oa`N+)`qRmlwRd&{(4&75Ub3I-z
zx_iCC!)B{S)DosTofvI>$8TpVr`?Qe-~*?c!n5HcxM%s*>w5{R|I)jb`J;YHls$ex
zKjPFE$Ic8f9kvz~YyH#Oqf@WTd!NCae<JJj_j?wcL5`E5(fIlX=Dqz$qQ0umoBsRB
z^yUkVxZ*=<J0B0(iqoV{%92p_2D2<pQ%9{IqS|OEWF0}D%8OaG2Jom|{w-%Y#v$@q
zfEjnz_D*)%8J6zNPN2(T+1Gq~`^$fhA7tq)*$izSbDn=y2apQMYD%UgYrr%W*HeIo
zxqVpVW0ijU6qV*K-3|{>wBLVDO~PHNV)xn!QS*gHhA+{p1bT%()iANXb4So;-Ep4=
z3qvl4Mn0BAp@6Mp+)izZfA`IkChMg#V&B!FHkN781D#Bk%fgrGej_;3Gw9qZmz*z0
z-pDX{)~cBP-<k1O&E9>FWD_(dw<Rie=h}yupVIbD224KhZj|>bl`^nv-90$tYH!Od
zeDKLin?YBJbfu{q-xkK~O|16cyUMfo?@Gn=4TcS&^VX8|3QJ4VMC6+=QoEy*kkeg1
z;eNq9ak1W4L7ie1PuO;(r0Ytft9}lpcMV<QExRTNP#YG6ne_E#TV-VQsWyF&zkX1g
z=$f7w=v?tOw6^;@RC;1OmH&@r+9%w-*f!7B?QB#Rh<J}Sit}&e`_F<59wgu6ej&!s
z5k|6sFu&um)`8)2{^r|_X|t8?pA4}vw;O>%)y0f<@OTDEVv*r<Y2(jk;lp;y8(Ept
zO$~j5`2l0R6%7@Oh1Z^#Xs}y#f|KDW_J^1zMEgtQaMx+ht`^Z!$dAkk{r>GiHbI>R
zgO}G?7k@>K$OuYFJ>uQpSNs#WmM;l=Rv(qz6hCs&xKjQhnfufIJL!8iU;2V>TfDu2
ztG#){gf+1V`|FW;>>m2&`g;)BbimHANowGRn50F^REN3DltA3z!`!gL4!!l-&nmYZ
z9CS)cSt{t=?4rXGwK1YKwI-hmt%J1wNLHCLmMT}inwFYc-urFc9`Ef!f$n#AQor7g
zca)L2BoM?#ee^xHkeVoM@trF3m`9t;<o9~zoa0lLC|esxqRlUu^aoQlb`zzLmXMEk
zxfNT7p9Y-%Fo8{H+>d-Ocqr(>mAwD*x5e(Oayb(^+G$(%U*lJQS-sNolAXBzYu>^{
z%g@Sb{@qUh=U%;Rb5@<-Ujn`<f4ZgdQr$9BTch#y$(N2hr*i+5l<=BQ|Huvvtnjd)
z+qn)l8glmcq^<iNe-j+=4%vT8cGFHY`BMexHFr_>mye9`u@4rkr4#R#zK>nFBBEf#
z^ys7`{V<R{KVA9p$L+*;k&S{|QJ6iCP~X(<m(S9#QjSli@5mziV*k8p5mVN*l*d{=
z9<i5Z&k2cL<IK+zr$M~nYZpIJLHXo){hD7rb^4fwdh|2A`r&)`rspANR#O=5^#+ha
z9`1q6#uDHJGk7^4jhjEh5WAJBVmNK<;HOPjXQ<x;e&V3Hk;~NZt{{6)@k@UXBksR_
zRDP-8-wQ;F=`XA@9p@$c`)|w4hk8D+$vs6?fQ8$wM0$;z+`{RY>}Eo*{mxzS@<6zd
z<a!`YBWLUWv-*0;9PF%Jq}r?@0~VtjdprN0@3!mQF??27IXM~TZk@x-%%$~1iJy;V
zprt`fW~8E2;(X%IwR)Zw&8*5-rOI^5sOXl3l({#bhbwqAO^Yq<|H96x5+mIWBsf`-
z?d0~@t0oGfBxQM(np<v_MY=eS40e}=DMP#SnhUxeerFTx$V|m?&Hl8M#s~lHGT9a|
zApawPJe0UzRNT>d{GDSrAsF+*_Q_YgAmRS^Yv1*1pAS?Slx_;(8T7xH-qyDF$gObP
zN=^PED^SeGCiLY&iyN<VXx2Oa*TE`DdNdCd^*x8hAId1f61UWpY*AkV<M)>z$`u^<
zeE6f^m+AR;0=i!O){AccNt@nBrxo86e?2?Rj<8E|RYvSgZe{q7^;RXE&z*BrEF~Tt
zfIZWFUKhq6g58l)s>@XuvHb7#gxlG(69=Ky4|%Fbylg96lpMGPW{0m@J|ajYA$Amo
zk$&_Ij?6O31ramC{Bw^x9oXhlRGMKYH?D&w+{C=-YW{xq{m}{#Plg#rTe}i3dC@mL
zG$HjY9#MZd^dq;rLLxtk@{uSxJ3T{|xSpYp|C{kWL%|pGL$HPQs#}g~*Yzfs-rEMe
z?FTD0;rVMUqv2mHK3`N{|Gh_BeC*!)*9At(2b@p|A4Tu5U14kbb%5a?O*z2yY+uN_
z@0>bD^G_M2f0TH4hc4Zizhrn>+oGvQE$23~Ov=sN?@vV-Sm57+*JY!mqONVqD0w_Y
zXzL`ZV1<wXjh2ToG?shvC;wr{IDsWZrdwiLsQmX1-I2_xJB2;?xW1pC*1r}ndY(SC
znVym``bdXlzq7_tEiOOuXqzkK-AdULy|>1M@OVY<p>2bm+X^54>e7*eCs3InBgzoH
zX~a#~Hshu1huW7Doy+h1z3-e#_$iIzR$k@%?|#m|<Z%6W$x!|4sYY^@f4;9O-$;rL
zZ?+ek?!G%s)3oR6x0k98p8(IEWWM!)hlbAGSu2B>#ytJrJUV5Y`o<@25?@_vK$9w0
zto{K-mH3tzMPhhM4S>yGn9%+?ubH_{MP+)%P+)D!Qdx_msT|!2=snMM;UDnXu}Y}_
z{nY@GyPpPzWUIAeSUzlAP3*_t8Dz_UhgLrpPN%y&lbODxCLq8_ce5sr#Uv-7U+q)z
zqr><<)A1QQjdXs>-MaBHU9BR4%ZiHSHnQ=V|Cm({;vzf0_dnA^XLyTAfdlW|?vKb5
zsQSnyL7_5#6Gf5%MQ7AdeoZwh)n@d9xT>^%n1eg_s$Yn1jkuDW&$D7oBmYp>+LoTi
z;(D`jezTrtL7CM@R=?)8-k=cCUy|hBw8>_lo4Zi4RPM`E5b}~V5&F;c{~g9PBzQ-u
zRC@<R&cdS1{7+?r*4?&ryNXM!A_m|~W%6m}2I$G~^w@%Fv)p>6+8t`3dNUbQ+pY}o
zq4`VwUEq9#9#uL<KRNu`oNE>m`+#?(lX5LQvee=~G-TI{cF<i%H%^I$v+X%jDMjeM
zRhJqduuJhxRB$Xd*1`X7WRu)`RU4y?vbpqtTWDk!1Ix~c&Q7Q5?c+(dRd$(2T)nib
z7kKH7%RV0W&(@|Bm}2Cn#G)R|?F7tMqQ1q+RhZqko#{J>)P4R<*+Y7L5(PkV(#qVN
zp*x}BW_kCwB-lOkrI4xCC%5a<X3+|_GH!tS1tn`94rPXJ)#$LzEpgub%WppVb5-a)
z1qMRnH095_iTod_^<o0be$-^Wts^SO8dYig$u7jMU`<hYPS|hk28_L&TwF9%<g>z=
zer<ur0fOK22%!xRC??VBZ}<l3w}p2ys+nEEVOrU|*F_DK7oYyPIyl=G>J%J(=vZ{&
z3oK}7*g(gbw+Hd&`W~?+UMXA<WLeoEI_>_~@F<*jsYK^7PNGYU<8HrA68NPw*p?zV
zavdhuA*$f<-<=zArDeYOg&aAPC&#SrwwzInosYO-f;m+Vw`?OfU!-Uh$`vXn=-i*9
z&V_lYU>^ii3kRC1T<ui$e5Ofu8+SF?b!KU&gLFCXY}zMQUoOG-UElvE{%s^wcN?)a
z1PLUG-m~>P)VcjO*!1YZy##v?U^2sO>!>-Wj*96{29|p&@1v4<?Y9pGV9$esm<G1)
z*t_DYRw{HaGB62=-F>EB_sgXcn047#k)jp%)`hfnzFu>qYY_J6`YfXP;@a_B*B?!@
ztedDm3qfpXCsl`-Hz+sW$ph^0nhV!6Z6nKb&UZZvo}$UQ=sI?>b)Jt^Hnd(pHQM`C
z`6)xG?f2yi%5DWYd*oSwQ3F`ZNDQ)<Q1Ja_8qVp&qIJpga6T9GuIb0Y&r#>uOcG}Q
z*~Loo-tLJT|C&GvDkym2d`>M8P~L|st*)$tnTTJEZTbxOAf^m5FaNWSL^SMX%h8!R
z?RD{et(#|;K^!9^OIIx8<e~s#GC7LIjelJg8b1rwIsYn`DtjGzshD+BTCZ!wvM=qs
zY|1MskEU;}l15kK8a}m37~7mG6)x({-Ag8IFICqfC_PhiVSSnsk)464mt#L&pK4Fv
zEIRmGS2&TZ%2s5v2UZEoZ!>*SQ<?BWF!x8VP~!aa7>dtFGLuWv{`ld$sml8oYP*(2
z{T%DgIFSh1RrhOJ%G-sFuW76o<0~X-tj8>cBKnWMIK4@c98}2J`znFsexcy==bf=>
z_3E^uX9M)Nmu6sE3+tW*|Hu4B7iipP+og|n6%37<K#!Y%f8$Xqg^i|RX1{2B-q@P`
zQeqSd5c#lJ8#UuN7w9@P)nD5(eZX{(Y1u2*7q4yctI=X!#oiPD%^#OyRvv5E<k$z^
zSXX!5$nF2Rk*iv2#_)P%&ynHRExm>}S;oD9u8h*P>6HD1`t;^Mr9D@}d)9aFaeO>n
z4-ZHEdUq>AZgf37Vkkx2NqiuKhnun6U4ynG&UNuo884<N;IHZ*#-G_xom=z=>vO8#
zUWhU!{Rw3_ReFpFDjkuz{ord(xH66P2Nns97q+=Lv28xtr*Pk6fc~vZ^66x&TNGkt
zs7=<{MTkRgLAN2&ea{215^q^!3TYlc)T%bV4ZkqTNVyGsFyoud`P0x1!KfIIE&s&2
zK>s#!A*(@l`RnVUNA!Mn+0`8%YX2B>-V3+Qxmr|oN#O0Nuj`4$gACK>88uQ5j!M?m
zx-Y$=pQ=<Uq3VdFkFr0vPSEvZU;3+?HqO1vG!osHp!Aykvlt<rM(pQtb-UVS0uO*4
z)qfn8tcRV&uJ_v#u51fif=a{hEq>JhmAL+Ia<6Jk$c9exsdRL6LeAe)i(SW?<xLl0
zE5^J_cM_5~@Y%JAx~A6rd-)4_dj4zg#aA3(O!ZSD{3T-HPn^SCZn{s#s&#6-uwIQh
z2>nkfFXD^DwTL2yh`U>eGppN2P~<+(i^AOXO{zd)UgXFH+2!N8vUg+1&imV47uiF`
zL1_L1n(6|}9&rvja}y2Kqw!ujL%lADLurtTzP_;MDztmpv?8F#-<)41^7@f~C*15S
z!tsgSeXRlKE)IrUUJTO=mZ*|7X{P5KbqZ;RpK2H?SnjKhZ%dlvvU`&64L;ZZAzgLE
z5S+@OXKdZ)Tjuht*RocAm_vn+`5|S+vQLh@(``o+I=-T`H9qd=kx7SaYUQ8lqqld;
zdRkYebt&$WiCoK#QnqlHtEE+195y-KlztFGPg1=_vM@OHw(O<k<xN2;FsFHRju=SN
zci&)U>)AT*L)e_2Osf<9<C}ggS#tEcihe(P!Xt?V4Y%VT&RG;V{R_MF_BFEO{iAb<
zwP&M`COXV{Se75M+>R`Knf1!LC8qVq%g66y_xY*i`McU18hhuHPl5X1I^Pn}HX581
zbnG9KqjR1R*xu53EB<oT=;N!tAx=mI<Ac|Nq0{toSA@B<P)Vod*jm-R;z@zNm|5NY
z9nZ1@o!l75f;u={`DGIG;;DqQd5@Oocbk`V9xB@LJsO@G1Lm&F?dN9*BiZy=>_cNg
zUncG?bbj<4gCTcEW%S!q2NkUpz~$3P<VnYB|J^UerTa{3E+UZ24ZPASO^G7SZ1?j1
zX`$s}S3jnBq!v31^d>$7PFHvK#z*J)mm2*l4L|#>#95M28+D5udC=fic;k=S@(H7P
z>%*OXgQTVnCeZMk;~TBl_4l)LSMkWWJ1v~jWz`>UD~Gt7v<VtmE-g3;M$!rvvTz^y
zX2sIA*eIb+8D{85sZW-lEK{{(u~gOzUupIzSZE+`f?{5BdvKfHl5T~KP@Y_9aJ(|D
z@{kPXDL^q2FD@3f>n1qB0_fOknNRBbg*O#!PU`z8zn@)jdrHmGzbDsr@6l1gkng(>
z1=nh=;+<QqY&vOpL;=;&n!g_X$nYNeynj_W?83tOl*gJ1a@xzweAfoOwYG>3_@DDE
zd(>b&v!0D}4dhw&Pb)_Oe|MRvovlkiQBw7I^#ibNWb%@#D3?m;^F*8A#<7)FKgpcW
z(I3pN+)n+6m{m=txdw^+`+WWZZ251`r}CC}QMuB^9)k6KcF|sYY1gE$L|t+W){8%E
zRXcL^x3PGjvt3>;Tgv3?*rWoKZi^2-xy$JO)r`I`95Nm-%+vUO)!}I6<X$$l&ZG1G
z*sF&W=XUW8GT<INiVEvee&9VQ_zL+%IN8OOIS9Fb+)q0pRrCKLUj|GrDS#hE`r!c9
zv8oA?LK!3~qpYgY!)M+=uK(|P?nG|w=ddH?&;7-F6}6OKImbf9J7HLTR>^*UK9y}f
z*79%bQr$eo7iPyoVLGQLY0H5<o?MTze+NSz8LW<}$GH1j|KyJW@BQ`Mng2HNbjPZ-
z;Y_Jdx+cUmr%dx1E1Gp&O4!<vPW^s$wXhAS1P;Wg@-BkjbB^grqkY#Fi&H1X!CR)!
zvupG7W0e~+pBMSj`M<xfguVtHf4tvcs7)vn$<9w@OTI4E_;0#<YG$+VU`i0wEhth`
z#^3z9fVcW}!9$yVshysS+EUoe@QnOJ=yI_hi7g_h3XY0|KdwSXf;<uN725V4zsRTM
zHN(&yJ`r-fiBNSz<mG)}-s_8@r5&KOby0TCrf3fkA6~tbsps(E{iXG|dW)}@40{Cb
z(S3O~X?FQm?q_Pw(xt;)=p6-1y6uZZ$xI)>N7<<SdLDG=w2LgV4*4?+NV)RRs`Ma0
z2y;t+K>#c}tBdnaGQ2L-+S?c~YWTpYwUC>1V#c#G{S6(b&`oKVOZm~8JM(1!!S~5#
z$=&}-eHH~*=K@qXhzR(k5oT^~45t{&+&fYUfLYwFynryek416#y1qaXTC2Ua=^GxY
z^54T1r3i19qi(CeGDK|E&{Glx-@LVX`&r`O&##BAGfer&a=HvRMjqP7enijue502Q
zx3I^d&tLrXviBa}_+W!{8Oiy~pxP6UGF1jBoDOe6MOmtQf--JBJV;*|?4*{#{3+U+
zqH#kBq73%kr{}OyYRW0>*%Jj6jifiFP~g3W(#FLNz2p$ir6*d-b~q@Xb$B6g^*V$B
z{PI6c-X8m!Kt-fTOAsl*Hw9FV#6eiRxbR8fMt#$`cb3UggCzmaegeg5;qaL(JgI{e
zel;Q4DO0L&8+C)~vnJ>UI<ahRsGHCnL}_s7kLyvf0wros;X?AeGdD;+8%G+Tsr8IZ
z9wGAaz;IaPtbM%(6B4@diWNs#(u9(|U}4<zWWRatqS^I@tC_a9bY3~c*Lh?0Is-Y>
zgl<R);@qu+_DMjej(YIC=W$pbZZZu??xtst;DI`B91+Z5MqY}`gWCF_G+@QK-<u76
zIPL@?XVmC82%(G;yCcmaIf?Ca5)jHJK*rGP9B2tT^nAcW_CpClPR~)3C2~*q6v<OO
zHF)v7Y61b<h>o{X#m-J-WgIKALY=V7_yt160o6brU!meQQ?qmE1T{qakV*JFtHDOn
zZ|06%?quNnPol)EEaAUd3rvXM%v3op@T!)ZJeeXPQBPSRrwIT==&e99=3n<sunQiP
z31V7Z!I~`qxmt(4OZ6o0GZ~Rq$~S-o^^y=$rG8@-=I9M6lC0r43mteqvlUyO2Zbz5
zNWm+6Pdv=PX@<2vxRVv|obALN#2mHFf<!%z)n*s@ce>@VQQWXKjezdZPF_o^mzZ9_
z0LbNecWWABYv<2fbvJ~QkUn!~vlnDnFHOx@6N3ianL;Ow2VmKkpi%>|n$zf<8?I^<
z+Az|4wK3)m@;cj|m~eK(kW<Uz=PK}X{sXoDoZby5eaV92?YFgd_Z+BN+G$RBBqN8U
zfjDW3RmS1G-6G!mq$7Hk<@&4xB2wOEn-5;3N9~KHJwFfOgEy@8FfQPOqzlpY#}oQN
z6NA*#%Q6xOkL<&mL@70B_F=BoN~)B1oiV`*h9S1@fY@rVPY(ZM@?K7ZN&=+GxEms}
zqhvTEm=<<Qyb~lTIgz|RcvVP|WkobEmC!!OD)?MxwXdh^{E*51AknO|2)$Q9yemUB
zMN2?LUVFfj`eMEDsFT!aAM5#X(!irmZW6q<6JL53rVb2iH?=c|9ws}33;G%;Qy2=N
zhRcT<0q2%HZU8R$kRIhx{rWWs|KfM$2>_nPs-<o|c({v8Q8M+=rfO2Q!f<#d9wS45
zk%3-yL=2VUGCbv7BO2OKGA*rnBw>aP!}>UGWsuifK>*T<n80LO-8@*#!pxzO%t1Qe
zs>cFMm{0Y!s5^-|&WBP@KvG<!>1gUnFTO;_%V?u`5OY)rGz4#^^6h?qvy0{NIeElE
z9Y+9vo=biXDu$dTkboX%d$tQHhk5k`szSd2QzMx$J81;j8P`_Vt2ZA=AyLR%v|)T{
z`+FmgpJ?o>Eytt^%Q<i05who2c#35060#ULyA{$^HH&K4jUx$%&eghR*KFcD?TNe2
zQs)+f^lEA-$V6m~$n?5Y5L{wIJ<3&T-euHH2In-8Xyu?W<}un#o8mz^-C%{<E+Y}t
z&0us1wR?AzooA}_;7n#vnuIeX&R|i=`aDy|`#_(K-3^C%&;Agh>6?;)kU=20^_?$;
zLgAt81qI>Vx16lJ$@N?lDc`A}GmKXO-k*rDeeI3tosfV`6d}*CR=HtnjZTAI9UIY|
zKBfCB`ohxdV%YG&$&TXMd}6--K;6=|KNE_SAS2RvvRqj5<F)tuVSA7vaW*7k1199T
z7lWc4o~r;=KU3{Z<|h;f=RC$bfp+I!v&N<55*C$swNI!9&~_zA*x+nBG*jp6>Wuy~
zxvKpfMvgNIVaSHhJ1;z9BUy--msf;~1fMw`Y>TY3nv3B_Qy0g<+-I$;aJARfl)s0?
z79fNyCCy2w-hjAT-RX5k<Vk{VqH2mZw)}y8_dt{L)adnDZ3pBos$L${aDouwK3-VP
z&CLxAtSjRHAU6S2%JLy`Kv<uW3i1~CIa(2`smW9_yQ7ae9Y7RMa?ew7iwWMWB0j6C
zP!(sDUI?GphUZ}8WW?#(=_qNzdr1T>lP1))6?Kd?YB>BC-B`UF{07EV@6?L2iZP;E
zTJ|AI3?)D-A|S4cXD?5W(But~P5@~F&W$827ATb1c^;+C%D5SP1K5!Hh@3UYM_Z#*
zN3CgE9<RM1DhbUxb=FWx$v(!qRV+|v@zmGY!x}{0atje~?l>!<52|UM9mMF#dwT*P
zuc#XtHlw+xUX5R#uO7;|yxZKojtxWClhjr&pl`LlI}t$gwl;R67(&P`+2H{YVm&}9
z%+d(!C4btOKIl;wEYC=X<N+4fyEnb^_bTvpoy%EcG_~q5<?PH;33xY%$EV9af3Lw~
z)*#MA=wI!_vZcCe40)47sD2DCzcio#7MzhlE>~v(yx|fr-8Z@BSytppd&P#}*?#E6
zI7@vahr5%_cI{Py$4&<a$Xvmo{;WdPn_R7EHfe}%z<b$toYZ@A8<9I#dpDrHq$3UW
z`O_u%g8NQp*cJFWMT*G_Q9@V;7|N`twH0?;IUrXFvjEbDKLph&?Wv3HrJj+dcOVny
zM(8($)ePmvuLp;nojc_!*vqu%(ft#B`zu&sBcq?)<AeBmEC?n`EsCZ}uavq*KLd;m
zIg$hOn9`iA>cKnmHM__SZWIqnj$hV$&33CKf9c|n>iHywCiw56Fc^ZiuOWEaqW|1p
z{k&Vf=ZdcwUqcygcQ9_Z2GeRMNs!*&;g~F$w**k-_qSgKxuiBM0*M5J4b<AyP{Hv=
z%9-MDKETkktDMpHJ;>Zh2J_;FN&{($UWC)AaukkGvzNk;T?KmVR82;bkMLID1#$1?
zHf;=f2f_#UItXA{BJGl!-GqdMIHVlr2yKTxgo-MtfUvMUxK5%B(mpWh?Q$H#WlQwN
zV*2fajxQQ3j&R*I2mp0RITwUl&n@XT>nMi)I|;_yOIYRg%6l#aNOcaP@aLz6^@M5S
z78oeKeh79zE(LZ%8`D#V)AQo1Djeqa_rsKn<<B-*VP4qyJUFG_e^A;2G2MB-*2qI4
z%+C^`r+(|7w2eHElY{1rM#(bh(?Z31Z!Gy03sxPNT<oztemxI#xZlsp;~7USk8Br7
z)j<_(bqYv%Newre<Es>D+f4!Ph5y#69R|d03zE^%(Gs*V9}C-1ubEmtnMclB@f_j@
zG4-Tf3X>6PInylC>wM%4i>EACOasrIJH>pcWAq|(W!rE>sRIbwG{}S8X+nW@YnLx!
z&Y0cm2p{kgDr5_}#%_U&<n4hga{Hi{&GqE?kdiqGXaJnGF-@i&PNONO1AzyjJ$#nx
zNiOO~A^YmCb~UR@PEl1sTyUSYyr6^{)w*L^<v2NJ=yoeDc*+KYk@q+$rhjjh;+~mD
z`GxRash_=P=y~ywpCaxtlDz;<s}B&;tfrr0)A!j!Ji}ECzRRPUZfj~==6NLbY=m>b
zr`;jltG1Nmz6b$?_4yVCIP17Ry>SYfo&nFF!*MmhVHj8swOwrnlRx9p=62LuZHBoa
ziW9$+$0DKRfq8utp=G!Czfk#8Tt67h=6p0fi1KkYhlTOT|0KVQ>Keq$;mT^{=eA?s
z5JmK>?do@`W%8YO^1~NPD4WwI`5VXQTQmO9R<&H`L5pi^v!FETmHaMxM8ns0^mb0N
z5rjGqfX}-(f_gk)_jbzHe{*e&6_NJlQ%k1s@#?Zp3l{PANK(ZonUd4hQFR2;v^i@d
ztxSC~ixuu1=>&2gOvG+**3T!2NK%ZGX+iaw_(MpCJ$SHVutsK=i3ioA_KyvJ?s8BL
zTkxs2I6a7Vn?dAnIaG_gg}vndwKI?<??dFvOZiskhQs@7#3KM3Wz4zHfOBRDlqKS<
z)1=oDQ;JVzZlMKIPCM%t_LqENyEBcw@6hL;hLPSd^!_hz2R%|VWg0W*g?+?4VJS^v
zhG7~uin1^#oxt7as7)Z)hq5b%Nt2~sFWib$NVeQP+`Y<!Z>Xu+WE})R=Bk0odn9Ky
zsOe;;LJ9hC^~77>dw^!CAzv<Sr-pj&dtjy}vs0OhCZa&NJ*DF^;5kVda5ns8<8!j4
z>$cQJTb}%2+yGl1ywQ5OM!4`+K;#M9`F(GRzSD2wwpB;`Jpd2%WL&xAH3d7k>pZ4x
zHO_s!`3QX!j<(%FzG8`Dp$)IcK?Xqp?|P__*HBW`N+{K%w*rBwI;)!Ge)B^wq?>M<
z1t2qMhs2YBpoSW!`2j`r#X>N_Fv2b#>$P0FTvF>9I)VlUvW**o@Kk&63Y+b*d@zc-
zw>s}OyVKpv3OL=BG!v;kKL}C8=@?M3Cz_K6&LefMlSbhA?u)>Ilye?WM)kT)Oa9y$
z-zb(@Mm`}z+z717UM@IR1j=<QXDf3*NM2$sp#<Cm))6E8nmOK5U5_S4Cc5?I;i+p!
zRkORE$FHJNX9rUpJEM5qP*qD)wS1KTo%_O`9y@BJoyMj3jd^c#LN=SW4=Ixpm`N^S
zub&MNBVnxgnzcHCWrFo&$l(0JgmX=i!D*f?)6^PX<h<jIbdeUGtiXV-<C=qVM<XJj
z<AFnvq4)-ml+u4%4(>!4Y{7Lo-xgF<Z_&TA;y{|$FPk(<i1i?+)k_hIfcg#lTUSex
z>gLY`M0`%iq33JG^I-H3Jhb5(DZ+aK&YUFgy3I!g@A^e>02+3iWa2$olQsbRZOlw^
zm3zo`XSLURF^Z%eDgFm3<0QhH2yL7^c2m7X?j)CIXAdRik2l)UuNkEmF_1Z|n8fSV
zIP6ypP9Vr_q%eU2+&m@gm14#*rME+}h`j1IvvyGoDEB%jH<Jc=<(@1si=gHz)<-xT
z>UY*Ag=O(r7<suHr?9W>W}WJVLsQR=&0wg*W$eHM()ybfAQ=mUd*RB$l6mNMz*Hoe
zIE$~>SQ$*wA9qzhnN9*b_&BWi=22HVF?DwMQ?OT^5AnJg4^yWYE5<d=bxbYFo6ICz
zfxpq|wfEydS%#a`jD<lfmKw!ImtbHD1&NmImnL?M0q=9m9vAm*=~LHJTM6vcFuqoj
z+=#f?7&V@hNlGQDVo!;x3)?*&^@9en(#ydd>aWdlXf%KtX<t3NdwMdKnM%R`#T9B_
zTzyXK_|z{lg<RGO4q<o$Zo7<n?tyJdCK$N%r?_U2b76q>Ai&(-BEJZk)NjizXmgTn
z<{^8!na6{w@ZQLRsGhe5<srBr_<A&Y1F~X7(L7H;r%pJMxnje3kk}+CjPR@j?so_;
zFJ{UNKDNPwYMrX75vj-9t%xZtfT!`5<N+DmjVU6WgLnv6qnykrNbMR_Qqm8S;R}Zg
zy3XA5&Gm37ISMNb*}@>IsY^IwW5vdAl}2#eEeQ<i2xMhYxnIGkzI)JgUf3u{8N1=E
zcG4NHAIYr`K5IxddUN<Elt;)GMCv@7FRUhS4${VZ<Fo9g8s{Y-yHgQ7Mo>H5m+p(x
zqm$4Uof$agD9<WJl1s<y^eQ+a*=qiK?SVQU;OD}8-sc1q<}wd0)q7%?vSMZ6{$b@v
zAe0cyDaGsBszt93-KxRwco;qZxlpk`VqfBcwZldODuEQ#%phgI8xS@K%D>n=`9aVX
z6gie99^<ul8N=9LV^r^T+zF+e@>f`Kjd(Ani4o6?dgpk~;wx*YL1otVV6Og?EJ~+v
ziH!IAS^Ipn?D=SSI1kCl;^=pwi0pYsZrP+E6q^O8w^+f##O`BnVyb3qglG193`OLq
z!EF;FtX$IzJ{|mdeTV8Yhz;$1`}iWV9jUxVJ?V?A2f8atxzT%an+!X1--eORL=sC!
z2ZgOk%V%b@+!VCTErYV<q>xmmBC6i#8`!I)qp&JlV2bm%!OAmiwY=qoI@)c^ANSHE
zZyU|F;!L51$q}YF)Q$G{AtF^G3y1qb+6bAQ=@Z3_uAYH`m1kbkHt3OLjJx>32rqLX
zrmKibW`la~47Wp66IY9i8aA4*)1O})e4~Yk<`Lvkj4qQp;q<;>O2r;*rCR96UfNXI
zY)mV@mPpG3s@ZX1>JykDCKaM=vo_RHB|UIXc_{~*0HV*PHWj&D%F0yS_~Pe*F9)Rx
zNWQE{@+n`+*8thu$i8tLt<|h4p^P;+w&YE-@dQlF5tE7VhRs!V$wqByr)8J}Hi6g#
z<e4iZZ^F`qFg~PiGit5#MmsB}cipU>>x$;eEsy1Y5X#?^_1{;|<GsopacBO!2>0C;
z%#r-zs*F`h15P>5D20(?jxS$9ACoKmIke@dSP=O%W*qxI3MMR>CR=C+nJ6>tfa#uP
z31DieC{jrzm(N)_7I=O#%(hV?XSI;jF{+NNly?7kOyU5@6Si|wH^6-|=Tl|z2HwZx
z;5nyG0QGE<P&GTCiiez6Iu4@Q!N5|NRzuQpx%XlB)%peU?f?jna;p&|5FA`5^AJV{
z99aGJT0S3d1iczJ1ji)Lf$rx>^cXBUnVBHN(PF6c$g#+HuC8E@L*Z!l$i!jrQWTzI
zxjWNJ&_7dLUO@EgBD1TCiBZbjCd9vmjgXcgvG@imo{8d)#mx^=&gPh?vRgg%>UvO&
z^B|e95~O}k014!#orHlGydTM|r-TW664O>FlzJZW9x)bkOWP9ev8xW^CbceLz4!Sp
zybJjN(})V^i4#(;orD9izVQUNq|pf{`0vP5+%~wx(omo?h&r&sH`N&0Q0mqZMfLRF
zUYO)QI79B#fl)gr10?R(d%rqCDpa|zE>NnUB&K*4He0`W7&{3lSMGuUmv16Y-^UX3
zZ;<-(gB!@B7V%(3Jjlbr@E>ueiz81cVT}l^!iEXSI0)7S8A|b~r}gc+5z`0}@l)eo
zo!xwrJnoBYjm+9w=Su|~fGx<X71ZlwskKwy0d>+lX!+_fWdh?v^_SD;s_wT4D><2$
znT!x1@7{oUwS~f$xSahYsK2o#jdjFUDXKeV4dgyC|JwH03fmE|F33skjECx0DGa;X
zqshmwH~^&S!NytQ0$3hxn-_tfpC+~ss@K}$NeJs3jeF+_H;7ark8oGF{@=vv`jZfE
zCinG}p$=`HX{xQ1*C9z!#?WnDja8z*1SLV5aKO7Xo+D=EA^06D(2RuRmtmQBxzuTJ
z@;DsrjGX|I&Za<KPawp0Qo{vy>ig_<9{Jg-6)k$`G@%~=W2-r~<(Y?48MUiEbQHaD
zJ>89m8lYBp5Bvq-1v19{x=e;=4w!j38cpG22A@+}QrCg#r6dJz>}lComq8?>I)F@^
zG{S}|O?pv?ToEeXRCjxVkwtWgPX$o~fUew{+n!45xL!P&rvjKg?bn_?+pd{)yP&@@
z$)0bYV(Kaza04O>)K(P<1gzF!*etd4+`NOUrccNd48QJ;rxs@{9f5qX`cQ|nvZ~fC
zTXpHJVt^sFv-m|4Jgm?2Xg!(7vk}@JWGnBvQEW)`v>|%KbX@kxc|tSZGXYHG{j<?$
z4SU<I&;x@R(yG-UO3S4?m6w^XTwv5pDshFWfl9#ngHXp^GXXVeuc&2Hy^woCedfZH
zff80buDZn@fv`|v5X5drjZbcm5?C*TMpFZpYPjd@2V!gHtGBC^MW&WQR}UruDR11i
zAXqi|Q<=f)Mu;UTf=X#^#dtd%cLIUV-7EqWau3#)hZv#j`u#9)yf-xTS(?*)5Xswl
z*ko|7>XlF19ahfj@yG=Qb!vOGws@-dgf0f-eXN0DcRt+ZlRX-s4YGG`5t1^;NE2%}
zeypD_*LiyaDIGUvai_D@SKk*7$l&5;MZ7lGs_12kF{zpaTrcZ=kn?=biHWzzX`NYg
z%>z7V!z4=ubPkP?f|AcUcu=Df&ot@}Lnj0pzmBmpLecoSFbvAnaJYT4T*a^zuBLaA
zWyUQ#ePC3vLm&NY_v=wV$S2y6tCL0rF0<Osw=mBqf7}o!mv&m(xH1dr)4RAVa`8IL
z*YEuisZRRpvdt!>+-F^Xa8k?!IJe?fH!VyZxP=1`zVqhcrYxZVQ-rln$;L17YSb5d
zL3Wa}hwY;lW_qyR^5g+^H~4z(aqi$GE6a{+U%@L|wR3DjHP1z?nHe})I9exldONm`
z$zW!7wb6BvhHszvV!T}D)D)#~uSwK$4j;#3==%8Nq|cG+Dsm+fn^<>{S*$L*-&S0`
za2CYWI93g5^-h&S9Uh=2$JFGjtv_$BYGBC3JbVRYAWe*kh=vSCsKfX@Nr_LmQRanD
zByrN~$MsZlA%_ncYbBB(Vbib16}!<m<UAZ;CgS5-$U|KmvF-JNEIt7sx{bVd`l(5;
zHwg6pfIW4)lchl~Amm_QfLLcYyhU{<<idBW&iZzk>QC0;F|seorA;F_>dEWsXf!ca
z1UPcMlf^9uUP)t}i17Ao4YZ);Mp7uGNlw@1M~RvU5jOOC$bb})>RuS>3Q>mFZ&i`1
zXKmZn+B@+co%?9P&**WK=5SvG^$d#hz9IYFe)i;DK>ko>wj+ZLhkiLoH!v5c5S9JP
zIU)a5t6=r_7rZJQHXiTwz6bw};pJ7N&xwht8uI%s$lDEuCuSTS$>I;s;Y0`;PoyRR
z6P+(gw2cVT48nH6AU<){g5j`eiFGqW@q=a8w}i7C3{kY-GsQBW`2wA8;*>Syw9uIS
zq?uSdZ6EsWcTA6Xd<2iDq$5MA#XyC?KmUpkq^Kvq^ON;829j@aaQzKso^Om6DszFg
z9FI<MR98&4U%HwKK0UCAa=K8>_+Ggd$oYFhC>h%#J}T<PGdGwp<hm=sF_RZA7G-0g
zt7k353!2rFuH8t{-#J*bU*QAzip_vNx~{}dRuR8C>^?Q(DPj#RJ8tKMyr`9Zts^C5
zSoOMGVKdldk#tZl8kP84u7k|z#%|dtVCe5DPt@J1l3(^|c~kJS@l&63ZG$S4bJVxQ
zk<=!(dQ_f#WjuQ=c2}27bbUYdKq6%IV|G2U%xZl*C1kbbH1jhB-<mBtT9KzdxF$d2
z<GgUs<FtyKJ9^v?-_G4%G(KuC!ouozUYGn#K{<Q(zFzy=?`ZmnGUx7!q|d4^cv4d!
z5SU9-;pp-DtccM$=bPeJ*%nZ(fT%e3l7{8o46a+udHew?&;JF8D>_V0V#*c{l4!O4
z>=M~$<|}2wyhf(De`nQJx0wS?e%Kth1nR|p-&E8e|N8Gdx6!Nbp6D&@g+z@VZ!0HF
zY^td1^_5@XFc!WBgM)>)_vOb^E@k4#z7a&&gKZi#qW<_`{j+me#wX@bi-aQ;v7AE5
z<2fqb1^gnee*Lx=_78JK-qD2bp)Gwo1}j27Xsp%!lu)iUFr4pMI^!HR*Ow@klT-Np
z!(h@tf-V;)v0R7R=X*V&v$)=Crk?jj>r~F!l>YcpZ(|j$vzKi<GfzsH_FniC_xA7F
zazM06^=&S8Wi7v>K7V%04|F0z{7a3m$xFtRY9tc*H`adNRAZ@}>0u-XJ9`2AN`DmE
z8=n^IdHg|fa%wzQ<)+))y=#TnSHfBVJE8Tb+nNL1J90z9Yrb8iZa#ddvFoU?QOY-|
zuU^!Ei*m1AW1~e_<?0N-3RfQ7>!`ZoB57gkYWBWbGwZs!G(w^mN^X4G9~?98bw9+;
z5dCQ7I<{hdWr^Wx!+hafrrjI&{??>F>8i+@vaug4MzQL?f0EnsE4=T9*9MJPc$Toe
zaA@s+PRCyyygT?YF8O`;Pl+U&ccT5Q*k^#7N5Evi@If&lpTnomU^cI)npcK_l<5fF
zpqx^-qKJSz!cygb&WsTU|7reI^G5QTo0^s{KP;&tgnCXTT79y=Yu{UC5Q};JN09S}
zUZ`rqmU7ZR^}(F8l<_E0K)GY>2uEsk<jsSF(VU!(zJzy%a|O_k(iVXFoxm;?)xRma
z(J0}HN0k+OX8I6F=9oZ>xqafNhb_I8=JX`i?vgF4_48-BClBSNh%=o^8XU^nKuj9p
zu=Dj?z9VuWBltr3B+}n0Q%6IKk+p{?&1y5fh#U5jHZ-CrRBmK9@1puY_j4%nb^Xwh
zNY(%0w$d1E{cOdfC`f-#{HMX9R(#)N$LW86PPq_8*SxF2v(aNgkN%F$ejB9$>*=>W
z4<H79&$WL4O5<BxP@tQIHtr6i?T;R~?5yx$6D_>h+Qdh23UVvP7?-9DX)r$c&A+Y~
zREyYcPq;<9!6P&A*7@$;nOYS)9j_Uy(MCS*ze=n$$wV#pVTk<)qjh<EzI%f45DhS?
z`k0w>-kCEZAq6>&KE8QSZS-R9tA_nxd3vi2{DrN<=TVrur~W&WljC7ndA(V^scR+v
z$}Y!)p}080zzlG-?3(a)-6M9xIvI9;DC+9u)2HGY>Mxr2-rFl*nPvEf`mn%qegm;a
z$zBX~7u8KkqHB-uR#ZjIZyDwNw>`z-tgYc3ZFSpbKlxfdAJe407aS~~zGCD{?f%FY
z*dhNY>JLLrTJ%WR{{d7$tG}$CbvU1&XK$kazLq($<njB)@eoe$*;^sJFmA@gQrGDf
zRP6;7TF>*j?Wx2wMRAFfA*orj9^N0QkQ?uKfmCxz&(zd{oxM$J_0>-|t38K-eSP3f
zoW5f<?()^E7bE09zu9meY3&;aS;g$?`uLH3sw5bapEWD_#0lFa!b{D~i$N&FHFy)H
z-4SHb-rg?PCsO<DZIws0<KvVwkLu(n&7L6vnV96Czphqu-E>v#wmI>~ra&sUpmm|c
zL!Fk*VbJzt$K;FRa;IH`9V1E$vmyTnwkmOA>3Un;4VQANuP{B2>*pD_L`Xr(D*Y4S
zdKV;FtH^c5g$A!Ik)lT@OQ2#2DrwEj8RLs=ZKFQc;o2@JgD}Hl|8i+x+GN#S7mE@R
zGcz;nnUcbjB0@#UW{Tl5AsVwTdAvvvd28~et2{y>X#y0^36}v1#4>2Bo=?IeX!p>d
zBx~QPp*)RJXp)3*(E3#4n=SE*DzZBwBFHgS*<HTcBG9f#@u)~~Vd|<i{V)ve$#Oi?
zqa`aMRq0q`LyJ4%Dw8d&v1JQ+&6>9slJ$k8n{?(z5J#OnAv|Hy+wt#D#sY_N1C=U8
z<;1qc4mM1IPMtcXJa=xYex9#zO8L5dJ0&F-;m+N1t@hab`T_JNd43emeN*U{2+6$)
z21_^(lL7s=oj4&3bgsF1Xm7}goyTiBY!AzUcwyjkTYXiNlt<Omr`NhmXD?cLPD*!H
zQ2XTZ5D2=*2XpWcWRvi07_fWqlAXqowHRA%a9~zaP}6%+c^Q<l(qd^HZZ3$pc=vu~
zX3#95E+8b^XG<^h$Z>ITIpDPa=qs0{rQ!)uWc|s)iW1N?l}Ss_&Z`)AY5PJT^B`90
z@4RlRopZjc0S^D|=&Os1*)*Dkqhm+>B5mtE(~0-&5?qDW=3btUK%WV56P8Bnv3%y4
z`TP4XTej=`d8X*q;~h!oIZHO=&BkhLFHu#+84k*p?o4utxYU1W!W5{ear4Ht>(_gx
zyJ*U$kZ&*7VHm|93C_55$?TvngefhOu_d&2rhFllC;cXC5*n2IiFs5~d{yzQvP1YK
zR+Gi+*1vcux5r%MLmvALZbo#(LG$+&Nr`XuY$|icb@@G;9u^TXXfU)~O!&gySz7B#
zV}c42Wp`J4eq|Xck(+_;xOn#MP8<=i%co_r3So}ZLwqH}mG}AFmsPgw%~M#|l<={=
z+J4Q<%B&}rLIDLsg&!M;6`QWyJ$#~epeJr_>cqWxgZigUp93L@u##9#u`ncOY=D7!
zL!8z!z7BPQ_#?I@dY|&1myY+OcL@6_I@XH#+uY3cd%4c<I_%6DZkcCFu(4@TE7?{%
zFD$o%{Gw=U)AEUd=cnZ86P?UEuWf|F>W_}Yhf6^#doCG;&QYmU)sUSVcXz=TMV0}r
z@!HlnmC5wD(BsE9H@W+F+h)6!x=ww*dc6n%3-zBm)!<ha_F>)7GZnjc#}3YTxjOVj
zO2O0H?nS!`8q!5%w~I=u&7Z#ydA_~c{mzi6!kkozBKEO_GH7>{mm@K!Zj&BUUuj-K
za#S&3%F4=O=v>IA6)!~z*zk2w8FP!Fn({4c=ePjj?B{CN!gma`_Z?=d5!#xU#qO$a
zkddt!+%faC!P5va7HQ`3h1Yt({6dVW7xbCjsAnP#HIKGEIS^%UGSC9Fjr^WS@rX|e
z`h?Wf{ckE(tveTZMS9{_8O;-o>Ra@y8XJr16jZz?*{HN;S7ffqcODPNA9zx>SbFbp
z_g<~jHmMp%+wtpXzB#~l&1ri-FX@iM#6jvKp|Fa?^l?x@qQo4Tt6n8<bsO|<9Zu3z
z_6kX`2nngX?AtSSYDn}4oA7lp($MTTR=ziuhij1g&9)cM#K}xrdn%BcW6kuKQZr8o
z*3j^4txVa!fBy?B^{J}TJ6btG9W|PgCZB}NCqO>&&Ic}zhw!Ahd6Ef>=RVzj_of_|
zc;55MntYCJY^b_tra{0tO4BVNoujcy@<-x&?&Ndbo<En4D)u68RP`{Rf9`dKo@F)H
z9atc8^X5?1g{^m9nR4E)H#4(cvxez*y8Y?UCu`HFFE6&&rKMRFCfzEXP;n$qkL`W+
z23+-2XZG&cN4q9XXnka@wRWRwnO9bIwYwbqr3`s_y!M9DUCG;siYxE8kz|@T4fY?g
zIZcRDp-qg;G507)J+@kMr%!04PJp4D_WI^L_BQd=RQSN<mX=+0buJH++Up{rkB!6U
zGu*R#Lre<_gIn&rJ%8<U%CTc>FKi=bDVuiz2f#D5yX#fi-hoeVuMcLjK6OntFZYU(
z$$pTaA5@X#30>;N8TmIYyRgim{BEl2#g=AC(=Rj@%k!x1lvln_GlxR!^OeFsIoy*f
zPN<zWZSZx=xy46L=}2~@nd)e37xq@JF#QTBym)cllw^^Tf*Z%j=dHb*j0hJdefhY>
zes!*2L0R+JRKnN(+Rj4B*;=K-BD>?`cS9#KFTCt+?VM-d@Zsb23c1C~&MtR@R=6Rx
z3SYZA7M-7inK;oT;M}EE>R{6@8PzBKI~yiGKEnk5?Q;>)e%3i7wTq{jbr-IF{d{+o
z=g?EH)GdP@T3ZInI5{#~#c~ZOVt#hVHZo%Gwge0)S(C10`&6`X^7kuQZyRj+Dp4KN
zQ#5&@fktVzw{LBM?keIr3tO+Zw>F85gVMz($2?ai{HCGEXu5Uy@L@P{PhIXK&TE^J
zhQd{8X^eGruSpO^(-7*rs^>H@Rc3eT0%DWa;uFBaNSVjSzmA(%CMl0Qn^72<B@StM
zAJdwL^uM!=BP?8`b-l;#K}mGH7(q<2^tUrMgfC6egC#qhANFTGI@lDVe*Fu}%d6>X
za8I4;7N&SIcBm$2gP7v})VJ^Jw;fVnd(~w96RT*v{|gD)@_~R!<J@wvhuIJECNH&Z
znofL}-uk@FeNE-YTg@jzvF!O<&F$L6A4OhT6E5{;rFM$^(oQMqI;y3co1~<i?CayQ
zXWPPRv&grLcTBulTx@h;X4gT;%cJvImc^PCDJE6kZ(R?Rh4fXGH-7QHa@zHI$1Pk=
z1q(WLaQiq>LxWg$O$C<L*?n+A+c<pE!TItZBTUOfKDTyzZA%KYBprfnHLvKn2b|+{
zA6P(4OG`u325RHQa-Q^A#bkL7hrBC4k{X3&wKKH5ViK+qYgi}4KI7rXWtm1M4V6oW
z((hC_A2^*#j61eD<Z5oreUE&-OEXG3E{2LOpQ%-9ZebBId3L~yBB3tI8n|j_-PK?Q
zha;BKpd9#Ro!Q&O{;saITZRXXxI29>Z78%3S>S8va6w!@?RfpwVB&OBzc(|R_M9M2
znew&v@{scxr9HF7hdZbbS+kT&skN7nSz3!mIo*0+88FVg+&g=<e2T{z)@`vOeMt$4
zwS^&EbMtKxoAE3BEjeF49lp}I7FstgUgc{B^<nJ2J9)l6uY&^{jUAjldlQtY+0UPz
z_f*e(-RHff!?lmo-SqIGgZ7POi~82ou9&)VdOqduL(?IePRjigpK7j)Pu7ECl`T_W
zr5t)6{9@}8{|je49&G`8bUR3Naw;-RJbx2=r|;C6xMsrOIB3_z1)B$Jvv|4B83glT
ziHm2)4@P+f_dlNnLeOjX)5CHOPjP4X`*&Yy++48khH%{7TUQqyu0E1Jsj8!zaix~7
z6R3vCngxf8nMD;RZDbS=f9<5>X~nJwIA3p6hAD-M3*l*>hdO<(eQKgqHTB^_p>@@n
z9u_+%5eS6tuQM7RC?81ozVS4}ee#5xO(oG)AM>;(mbi%%ut#-$OuuxgJ<wFlXPl?D
zR<&rTB$OpQ?rVROv06LL<K6aB2URsS2@GcHA%~lCGtDwJyvq+0&)6Y8KIuq-hnbv#
zqU*s{3(4J|zVvwZw;`u4xy4#Kyb>+OG{L5%bI%(aFZfgprLWu_i?j(1u70Fm)7#l-
zs-f|)?A#2YM8z-%)-1BPxOler{hB<s4~>=@vZ_E-c31R=)AoCfH+|mkcyhx0<w}ZO
zH#Mf{m72d>A~Ac$rq8|Sz3(rVGT1Bn4g`X0m}2jy3ZJDSF}A-gS)i{!@YvpT{N6cd
z_P8AAnWF)}eU>Gf6v~oKSxnY3Uv^YGIA63+Oh_?Y(=es~wtRu%q7C@aQ0DO-D9q=b
zQn;+FY+8DH)o{oWTh>IaL__COa%N=m$$AFhr>6$Hj5=2xSnP;&Kg)`ZQ26?;c!yVb
zjLeFrHQs@~lT=+k&LZkvQBkqFKJXfMrl77SCrD`B(C5Ah+g~1!kpHmueWQ?Y*lc;{
zp3gNYTV<J9&kyvq+ZTRn+Ml0a^B!xl=!xjKaV9<G;W-<uqs0#O>sUy#XJ$8C_I2O9
z`D^oD(}wg_=OrS)8ZHgfp}qKAGL-k*%9*k&U9`UrRNU6}HK6HKi@eo*syHst;QpnO
z`*-y<R79R_+9a~_oJ?O!9J%V#T*ao`V8drKx725mtr?8>ZB^+vZ{GCK%FN#mt(H>C
z4eIt<ySCxWK+lbr67*`HMXqM&3ZgJQr){4z3*$Z3ZkB_fUaVHmj=2UCv701UV`e-P
zf^oQ(8={ZpHwRHDl(6QenJxEUr>e=h9lXM9G-1@`=H}{kRN;+nK)l(sd$#WBQ>W?z
z8#gt?5Ih*Gajv-j!i_yw7(?&x>_2f@MGJ!7Ldw$CZTf+MZ)a>gzT5-C*A@9L9@wkU
zxaIl9;~yIgmnFnH)6SPh)W7s_VLb_^WgL4z8n&Cd)I&BtK7O_iT})Ea^CBhk*s)`}
z?s1D|-BNn>>a~a{roU7DPWjc9t5=J{454XLmUq*tvXlZ!=O~cgwklz_mG0@#C0o_?
zw)#6dsuCV$I7%ixpT1`Cfx_n<`A4BU{*T=~JnDB&o?Tg430VKQ_PxTp;SPsX&96A`
zf9*Z+;ni>N-hE)dN&E02^Uy&Z=T+|I-UYZa$Yxq!i9uq^n=_rY)w&B8!V6L>_9-4$
zva(d3yW_BpL5A?_!Xp1$WipDVKp1)M9KGev{?(_rvVDPvA-g3~c$FvV33<&A7In%r
zt?V=3f9S<@GfE6_LE77W`}$U<yG)5+$T6TVS-y2^X&7YTu<sF#7F{r?QJO~mFx7wk
zyn%s%&Z|9kbo#sPk|xjecW0N0C#P%;s0#eeCnu1r&xm90pWPvQ*8I1~`$erE&hN3a
zKKKeaA#FVsrpJteKb&*RW)NTNZM_m~wsu?FVeX0cnVzBh4;+{-Ej^bLs?MF@+Ys?g
z<_TlGPi}sw+%utgyG*&u(f;$a^OKWb+}W>Gc1V4uE>hglk^eyCTK1fWuS4gjxL>B{
zg${fuKcaOTP?WYiV}+Sg<LbnDc(Dahm34LRIy*bNPdUsxzCk=W@!8$Dd8Pv`ammTa
zCDAj{K%pw}<sP-Oc9Kr%$l_AE&e6M+%Eh<j9tE#?DG{BlGf(BxuHN2W5E#}M1nO#Q
zr*0W<%@Ly6-Q%|Is~MNEDC6{L?~m{6SEh5T(p-|KgsfdJCAXQY>$mi%;f3@|9Vh0#
zCN0a5+UmgN_O0^V6dxBiZPu*d3geHrN=mrnOB0hf=r1)4$=c>Tp0G}F(W3T(&T9p4
zk~W?=c`~tlhoMQZY6JekZ|iSIIm(%C{sP1b-Tv*!{0O;%1d*DA>-pu;(b1A~^c<X>
zp8&ydJZY73=FIF#6Ea>nJsOvY-ML6Q$Aq0;wO&K!$qm<xmFBzb&Jf9&^+iJU){x}0
z)XdBW<>gmdukHbdKG8hHH`X@#w!0S1*N>`DomL`t{PX9}U%q^K_wL<MU1p|Rc4_M;
z#uY-byh>PHlMobjLdx9PJs$|-ym|8$ELecWVqthGUV*dRAT|1PoV|&Dz`MiOuMdX_
ziR_eAFrhw#{q=Y0uI<eXQ)?8d+xnC;jpCQKmv*H#Ix6ZxqTy}*>Q)Z>bveP-)@6qi
zo2^yqdggIn+r_98Po6&2S+e9wRaN}KgZ-_KecnCGT4)y+8{5>3zIL2_WF^J4e#(`X
zG@ifhQnK`vWVdEpTU#KvJ9g}djEpSaH)C8-&wbspd-uY7ySlsGvb=We-Me>PVpLR=
zZbOho(23rVO{-V`7Gk+#5L5M{&23RjggK;|J27DW7TkgbsTmnLwH+66O5s*}=A>p)
z3+gvFmrmZYWs8D>LPveHUF5_r5e?{N1OcMjinxSs^eZyk;FME-KTB~~BT+#(gf7`N
z$v4Vdm8w3sGA*q}A!lQs<g~%A?XSXyP5s<cBZs%vMhuJS8}G7dSQ2>@Ld$C4T{#v^
zU$h)C1QUGGBDp>Y17VRk2nF^EhVeuP*qX{@bNHna;Q16JfJR1){TRM1Qs4qi{A1@F
z^!aQ8-p(@9eBHMHuIIo1==pydgMtM88+yN^uRnkOUsH35uI}%C|F8Y4|HpsiWu$0n
zZ-JIMfl*q+4ld?41Pd6es;<6D%R*h<(%BMr<uzT>RMUWo92SktQCG*?VbR7vSSp9(
zXP~Yg7#OG)sHMha`KUWPsRyAGX`&+qhpKGeFf|H?f;Aai5?;_gh*tpK0%bo~6}Diq
zm|PBxfxz}G^cS%}UL2S#ex*J$b})lXWic5{E*mDI-ImA*n^(cahD#c$B+s9ePGf9<
zSqR-2%jN{r5jGV;I9NfCqVM45^S>X9xgG%^qFVq0phjl1vENnxR7cO%O)%m{z6gf|
zqr+9vx@iH%qcsnl(H}s=f}cYhfBPx4AzBlh#YQ;BF3wh}dgv@8mF@+F?u{t40GLKG
z#-f8sVBah(TGV9ZDgcebC3CRo>OWlbq%(b(*l(?u{%l+5cyS||uMbS3b5O8RWb?+u
zY!(?^T=07z{yurln!s{DTNSN>ik2#+`Is01(lQx7eA*eQ3(kzxd7u5!cnZSTc{C;i
zYw{1M&6}S81{*1=s*XVytf~sI_zjI{1@SR>Wsm}BJ|sR6fEzVO_5hABMqK(R7me<5
z8PgXT-Qu?nkt4T`UO<P8P~@8yRYIGCVNFKbobeG1Zv9JR`6b%1CPd!*-y2I|1~SmX
z?N}2_!O`CwkN6?rj6tR$00PVJ&i>v!K!0+WtYECkGXBBe8%<^*6dDHrV8K85o1;<5
zLS@K;e*pgsiAL(9R3E)QW<p;QgG-|GX2hD<@=nII6a8~m_-?ckjR7c12eT0P2Q-Gy
zU)a#t8901K=kYJ$yR*MJQ6LqNWEC|Spag+=B4GMAXW+5{_*fGc^bHmW(chW?r4EZp
z=Tiq9(Entje@P_p2SFR?Ap$x%jhv62Ys?sd-lTI$K)3iHY7B&<E>N9<A3~~QO&s_a
z{szT=HZ6xmB5y!g>ZU$G?fH2EMWm^rfi*Gb`oPZokNyJkel{_i?EB-S7AuMW4+x|K
zCCgxspwEVX_H7>i_#d_IcgmEnc*htupw`jC+Ca-LM%Uq2(dO$zbmDJ15q!=s=fyWq
zG&WkalE(HUamZAJ1$&X$z&tP+z|0Da1{>y3NgS9=V!&Pq%EG8`jd8YcP$xLR{Ca6@
zHJE@3Ji^BO%uten(PPm7e{h%#HH5-d-%Oz)K1`JU-uznIBsz*|HWLts1NZ=#9wP6U
z#|b190t5!)h_Jj#WCZ5*aYrwW00H#P1~q^%wCEc6Zzcc>xF$Ym+Z3SA_+$86<`*h~
z!Ri4t3R<&M(3Oj4_0U?aXmK81nNhGK0h;)r!6OCxdEGbIXq7Y+3>L!nW1{qgM@&A`
z4}}>Z(1$u^MhuM+z}$fFHv}-uA4x%lQ2+!$r4`yh2P{RW!yv+>BWQfXqdUy>1|RU(
zKx^S)1ltT|a(U$8$tABZ$Y1eR)PqO?B!E+_i7WqL1leFFB#4BrEWjy>)KPBnW+4bb
zhc_pX#6m`}#NQAbFdh5{OiusC<meh`XCiGi{_JCUcEk>&caGTN5uUZ+HSXlVD9fSv
z0N{Y2ipP9`U{Vm?A#|o6ptit&0ZV8I7WqLkzFBN^oo`nA2k8(n{m9+u%xG0wU>twP
z=wmd6H;etFrU2krp`WAc!G0iC{T{h1i7<)Z)diJDI-B`jv3cH#Bclbo8M~J;-UDwx
zV?2ma?D4jQ79Qe{U;{Cy2ZKNVW}$@_t7-7*44C7uu_Br23ltD)ozQnxZ2+SaLPvlu
zg0*=Fn@{uRu{p|fJYzUQ-UUCy$fzHLjve)d_;{euVKSY>W`B1VUqMqiqi!g`(Wn;+
zyD!#ICnA38Xg?eepp-cy_f!7ZBJw?b5`_Yk0Ek28FW_wgoTIfPDQE|-AD8^ActQ;&
z2otdYMh(8j7==?)SKXErjKZn?_uvF7((m^mqJw{e84cJR#Al<+qN`dVUO!vaipFAd
zU_Y)Gko^&n<xdU%(to7csP~D&G3tSi<z2pzvuQpIgkJ}GR6p_)K4uIGO9dgJm81<}
z3ldNkK4>Lppm&!8;|X-5H5XyANHCbjkHq4j`V{D`pR)f?g1Z&GOYnD23LHqKk*OFe
zlMaLlzzbBmUoea2L*<N^0)a|GK?E9}0;90gylG^h&jS!%D9fUGarq{NC+L=_kim8c
zmE?uP*wQv2umf;jaj+%W00lPZ0v*8S8z&nCh#-r?gsqvtfKZt~S9GIpIS;Mhx#lC7
zMXil5lZDz>ew{sDKN_CwVZL)EX><<L0KG-k&R&)1U}mf8yv)pQ1##(55Jesn0jOaF
zIXX5^dIJ$Ukak3IRQX}t1m=sU_kg&NsW6j+`XT~^kEnIls8MF2s*7iG#?s`^l`^`C
zF<N;E)&#wVY7;t*&EW$pfa?e6YsAG8cwRqz$_spdaLPztz<uIn6#RZC+yNvyje=Gl
zA4%zu(dJ{OTo%okFQKdvrGzFEc)5e$r-29nCN_U6Relmk1Itf5tVFMUODQR0VJd<$
zr7>1Z6AL^cpp}fVdU{w`-Gr|~`~+Zr*AnboWXCI3w^&cm4@@6OI;^Q>ps8t~r2)t$
zkg+i>!T65Y4>;oE<LCJMmX+asKH8#;-&yQ`I(_$#Uw@SU{oX_Rr)&JH{I7=2kNsbC
z&~ib)^1uIq*Z*+-SA0zJcQo4kmB{^-$o=;xa(|y0#0s*ye>tb~E1~-<q5CVL`!6Q=
zmC*g)kkA$A@KKvOs?+~j8W+{DqjU0f?DzTFF&Q}EsgKRgq8i@|#7{7ZOrjvZAoND#
zUoskkvB)&E5<8dW$7J(+vyr^mOge~`>A^6A2@EouqlR(j^;$whHE@Z=3<f3;=q<E@
zw6&d!Djf|;Q3D9v1aDwDSP0+qKqFW+0gV2DOF@u}F7fk(FbL)tY$lfl7*60s0G}9b
ztwBTQ5ip@WxCtim?&9&!$d1)81P<Dpk%u0BOvz6l(NHsp=6Qd*rVoS5TWn;Yx{u$8
zTC#Sq83|McC`NmI(D)IiAb&w&qDGMyfc~SD0cHb&`2CP8Kv53Ud2tj4xJ)!Ue^*{0
z>J8*Y^)QbC(7V`vG!|_naWR4f6k=YEek4Q2;}8z>n|eaI0z+a1j}RZFy@236i~+9#
zrUJ$UIs^<Ou{VIBYB0JWnj*vq8kq627$a*55^|L9R>AQ~X!9-$a_l~6mV?X2@GTLV
zqM<R!bS^L9jc$PC2hiomqLDbrH+-Pj2O9${?u+mnf6*8iFewWb_$w$cq8J2x!yQeI
ztBt1r|E;+qJ{Eq+!wWcsg0R5;_&H&WfEJWd$@~ToPxg)f9WPiAAM-PwELhz{kQ@_W
zP6b7xAum+t!9AA$zCq-GuzYFkksLaTV}KDK7Wyp!1;=L}z+$K~?t|cXEP?V4!eTQS
z7^WBMc%u{~@o2_pMjCtUmjWa<n@Ohep2QkMCJfr^1}%dQpu-XcBe1*{jsTy40s^rc
z`DlbaG2bZ~+;?0w!o75wFHJxl-d8dxI@kgk!13V3VSJesns+b`2AUAv7EiL-R2=&C
z7e5ULF0y&zj#3hb?n5208k^td)ek5%j6m>4pu_PM0u#jzSYLo5-nxNQw0+(8JE5^L
z-dq*~EQ#>O0MTJHc`KsCL9d{<do$7Q?daCX=r=<=#cD80IFzU)FJ{0`#D%Y#03H0k
z5qCtAsA$`IF9gHK8(1DyWuv=7<q1FmyebBVXCXjL!OKYgu-k9^<Gc(Hk2I@-2}Ibz
z$$lll5^o7(&4}O}i-T7YoR`_VIK$u$Co?-|H`v|^HnVesR}kzhaTvU-gA<-egzcSR
zf~|uM0dI+e33e7XE|vs4YuFr&v$J=GZ3wmmXE3R=J&Z0Wn2LZ0<E${YcqfZx;MB~V
zU_)?r!@*VrXFGIGD=?`U>|o~POt5gVF>?a(wv&TB5f7HP#Ms%}5$vqcW+-^HPm~&1
z6)XkgSAr9mxXjGPhPM>j$I9M`2cLz#gPRk<dYLo4%-+Tl??l9y;{jx5<~Df#QeaaS
zHf97{9BgT3Yi5n-jj{)`IPq>1K(}fco_7hXXJ&^nvv4NZ+o3o?yIwhgQykc(lk@1%
zRRkg)2b(z&h$up=ob18$C_2Fi6lZoAFwPFop9MuVJcc6R7WCYOi2nwQCEm;i%tb^Y
z02eSLH>>?LTlar1-}!wmj^CbRi6G;tr;Z+K8ffW)fB%_`C+1fJi2t8nf0Y0IE}r|x
zYy6A)-&#M(|LSP|dj9u6^7{4s@2|A+ue9;6wDG?l|9?JhEa2{uMDgEy68u-T_*b_0
ze{;6@zy0ywv5)?YiU2zG_hRtFLyr861N#s2nly&Dnje>}%AzsVyjbd+Sxhg4#bK)Z
z(ddgoBuDb&AS_L7H9yLKvG*k4QB+9>J`|=wWbr;}MuZ7WCX<8^jD|IkK%ybRB!FCo
zPNtI#naqUg8DazkS4COzKo?mARCEzg@jyYr6Zu&|1Ox>ISCn7T1r`s)1908Hs@{8j
z%uEu90rlVXrzGiqXT5s$s_NBIZtqtE07gH&>VQXO7d?h4W)kTKp>?u03JD!ysVa-1
zsvf&bDm*?bR;K$+jKKDCZ$&sLP9Bq0q2&{qaA_*-X_=%oxiV0TUGwpf_5-F8MwJz6
zD%GH`PD0&@Fh7)4{{%14DAaG63_7LUNOMK5i8G9@eP|e1C+jmO<!Hz$mxh@hw_2%_
zYZX80g`{vzMNsj;P-v3AI+?VgtSxR>=aT!YvO;<$QqPhm2-_%AknF(V;k2*Tn10-1
zUM1$Ih07|@GLBmVvt|rSQP!P4M=PS4DJ8=;;|;=7ocj&ip6hnzm8!1>KKTqSJe*0o
z2{gAk*G<(=fX%r}%2CNy4FIQVsP<N5;6=--WN)mQk?u{Pj!+dt6>gtRw&z|8eq?G|
zxEk>Sm%7RiRimoov{8YL*6X|>7<?#D7VtTlrjYC_VWD|5mC6KFVtPe@S|I3Q+lWA?
z>W1SCYP>;M0sS+7#Vy@KXo^>+qW&J~0!y5U+sCi+%O1Iyx*|jq-D9;<FRFiK^t)x6
zVA3ZVR=W(!={hj*{)QRka;tOLv3x8Ud^9d>(}68Isj+yh9OQY)i^ZLT7=S(_-L9Wo
z?emKZ0by>mZUrs7jESmQ>m>y$U?=TWT2V#!3IGyEW{Xi!A`@s~o{#(RiZURK!t54y
z7Mk7CD*~1ID~G;OK#X5sAW6L*sIMQWE#(>2y&~8sTspF$g(nBC69-KIkkzuvfIiP!
zPKnbSS`-}^ST%>$bZAwu8nVptvxb6UG?u3mk0p2I8BncL;&o)aLt+IoWIJpxkSHhz
zD?3I@VHvCFcTBB{KTTkRCY&-$yvn}g|0bjW`it}%K~GBuh^oVf0}yX4(1Qa3FHoJO
zkQL+?q&PL`CsSP?ac`1&fog+Fjj=j_cRn@52s6H6Hnn9wyllh!6LeDXdz7HZ*aFyM
zlK~Dtbhy$;j%^{JRJx8?O<4nMfL5RZ;7i2;-Sx)2$2j0kt~i#PBIF4SBsM$8NIIV4
ztQsaAy6HXZ)WLo@%`mi(kAYr49;tKzg=(shd1#ykF!>RQ!v{t(F06%!AT+p$Y&_@^
z<goOciK+p-MAKvyTCCIeBDvGh7<y=&A|Sw{=>%U#{=q51#t!=c%TyHQO_W+EUaSWX
zV29#|Ll<3X0Iz}X(C>)(P>lI<N^B4lsR$2MgOAbO#Mr^&<aC}drOqm`5!WEJbb1!#
z+v$4CYvN|F2hJm)vRl^LK(LD81@T;RomcfCQn+N!WcgKgpN906F1hL23OAnNuI2T!
zt!Y9eCR+jkv~Wd*s)-Ydvp)d)<8krngI4ciB1%6e-Hi&!XiB*%37;i?r^e=jrw*(V
zj2~+X-!I+&O21kSYsgeHt9+R*PsBK5GGrui;y5CuPMrb6ei)2u;TRCiD4n1>Ct$iT
zcgpM@o;!!t_!Pg+jzMR1ZO$2(YHtMw;Lv#^SSCb*P+g4|>5xJFcrRg%v9uw*2NO#u
z;l7c{<|IVM2;3^-7jh2<k<=+EtCNmiST!LcjSN*7U5y}c#2hl@Wu*l2((sRm-H2q1
zdT3IltKqR75$4g#vdiU?&{jaMP(vCSQZOP<E+z(#AScLnM&HOq5f#qxYmB1;mIIGM
zOVb(&21eWb{yMT{<{D|2Oh*U46vqcP7j=A8>H>>65YSc$ZAFmF5*8@LARE#Hp^6u+
zLYQqrX;?!E${QjkjKm6p5u@9PN(PN2TPQi?tyYPx)dD`o_Zp3mtpW0XehD{}X~6`I
zX1J!QK4?<s3!Dsjz5WJQu~CG@?TI7EkSDUTldU-H_1A<$MtwdAUdvz?sMs;$xHOz~
zP)P<Nz8a7LQRW;nlo2DR8Jm%n3gIEcn#PfG*Fu30QoXR|i$d%YEUVvC$=pRXE?OxX
zKj5GO5*~HlkfK#Ng-w=Brfk@OASvi<3k%7Sv<l@CBB%%#O*dvJj)6vG$5g7KqY|sl
zq%2&^-{wO4)mrXqXj;<fHD%^h3}N*uX5z)5Ylu)#hy#r6IrVxKEv7UHHNH$e9b&{g
zN@g<g3<zS}H3syBT#xM&#5J~3q;L^Si+~bz0M#PElS^V`e$rvM<RV;JIFCZ;yrvmk
zL!i8zum+o|6i`Q3H>D1+2zUX>6Y%#42^9+sPmB!_)aQ#(=P+W<J+~D!57J3@56$c?
zkCKC-z!2!EAZZ6gDMN78Vq4rn5C$xq1tX4%NTg)_89l*CVFo<&R@Q;1TSkSVfFH|c
zmaCYNX)vjoxuA<@J}`v%nqjSplMtFND+>_}`~607K6G|gm}Vu;bwJPwUf^0KT})+M
z1h+@jnN5^WR4%|e^=*!JA$)W&N22aHQB^{}R?WPO%p;XVb*o51_JL%R8N(%CHXX8D
z#bFi+BtxG0WwfC_$%PHWB0LnSXdK2j9&cETwo=jf7!?odW_8|}vttE*gH%dh&GPj)
z<PB>q1pbYVT9T@xS%P1SkBQPf0KA)nor%;&n7Nu*Yz<k{lH%2*SCH8PpagHxP55<v
z9mf{A7!G1dVVZi2C_~x?S^~0A1~Cj7ZGjuGxtjub00^D@K9paOqG{psax^7GA<@!3
zj$W70Xvhs{C!kr>b>inz6?c=yh=5|23)l}N_$E>Kcg57kT7I*h0jOgnh4=c&{9R?F
z9x3WCQ!iwNgTly~T4Yc(_sF;htEPZJ$tKI<l_=p*0DZz4Mv;(Of9w*2B*Z#l^gBr5
zi5_te8F`|30!;i@NTXWAs2b7!IvIsh5|piAbLgkLAk`8dCDv6Z(6nfdY$Gxs1kI`6
zeK0L;(1<k??=+dSOVlV~f1uXSx<rDfuas52%cClAGRn^#7;8|7&XQQ2hQ(RNAnMk@
zOs{9|gP|^PN*F-|A&Q%n&Con&8n{*mb*f36w_s?C%e!p4LSz=8eSSR)&|lkRt>tOP
zr#|~nt0BcN>!T6>|CByyNfGv+X(?`Zi~Z-xcv|c~e{K8E76Z@|XaL$`|Jh>y*%CJ3
z7#jNjVhGA9kjd`T;`bgkfEMG=lVSXc!nSEiB8@zCZ5^5jYHE$b(j=fBzBVA!%rujO
zr*2<HUr<d2=R8wcah-^+Q?}|cLYnF;XS#zR4@nR*nS%)X3GO$`?-Q8bAJtbRR70~C
zeX0?&QD>QBL~S$+-}PxxgQJ{u^#sS^7$KXR(AONkFw=uq0dzwlw4zM)ZRkZ&Wo*6%
z4w|fitZ>osgK5I?nv2e6Md%Fppm+nWD@w_^TgR#x1E9O+sOxmDJ!97-9@brCGba6W
ze1jcE%qqt1HrJ(Dhr+dGtRKBevXP_)g$k*<I_#%Vh-6?V?s<jzTC4$Cp(L(j_*)kG
z!Uw$~h;tJQ5V<wdlxr@%A+vd(FpS|?NV@?yhR>(^*oc@GMZXy0(H}%xCc7a05=JrX
zdb}YcHg4=N!Y)oJVuu8^;xoVBgC8D1VwcNx90)9~@FLNYqoa<CIC)^dF${48{1I%t
zmERB4NG-~-qY+>gq3M^oQ>$jtxY&-igeAPgim_&Brgt=3rj<p@8>@*{OuIMHpb;E8
zn+&vYPKKe5(BvwnCY`c~V9Zsv#y&J6Gl+cv1vQ~9wrpOQNhlojvyk7`ttc*^1py%p
ziMdO4q{96wP|duC_*;YPNNUbwTgPmELCp<3XeD)(>u+WihogPL|C{v_;e6R07o)fa
z-@qfr$Fvd97!MF>#w-~V(bxq#)o0`+GN?PBjv$c65gf}tn(O_!nCogXe^KrWYn61X
z)i62^#By{z@^z^VB26g`qj`c$j&3sEbhdG0b9TQ4YeKCe4aeON5Q!pndS$#k^OC^?
z5^6vxRnrut8v%At0pBQS4K*0c-W@Lx{5pRp>;{f!&&IrPZ5UXEw7$ljo)Uq~fU<$0
zM+7Mnjk4<(x<=Gl5Xr!ERyRG;oSxyk#f8Q&9w8<|SO5oVH62bC(-aOIhEm2!MyK8J
z!z;q9y^+(3t|`S0Wh9&ofLK6a@i&Mue`XG@apdGtldLdtGJptLa{|Gk-x@azh~ZF7
zi*<d>too7oX%ScHQD&KDTfWR8xzskleHPcIXaE-QXurUHgIcxRrpBV6|Ls?B)*BIa
z3zzb{zlDps{{h%0HdEW;!CM{-=p6h0hn|T0pWg12v^Y7nna2_H`7gi!iMjslw`S|(
z_}4!*sdw*|^*<R;1MAP3x3Ka{`)DNoPw$lEK2h=C`?SRWIVn#<^FC5Sg52bbT&#@$
z7a)%p;eSoWn~X<7S9gU;XfZN^xv+(y=mwCEzsbTJsa~zCu5^u$EN^JF;0LL-;^hHm
z>vO}6imRW9vkUumZ$Twkp;=nBXng=inA=13bB&IQ!EP<ZEy@Kbu9`IntS%WZLorLe
z2s1(ynf&4EQZ<N;=z3AJG{Y65md@1>@7lq5cm}C>bj!qFGTafpG3LC;dxL7}2GiMi
zg`20PJGmB3{_*`48Aj!ZK>$c)Vf@IX3ZA?y=Ag-170TDv$9$VSJUQoVsn4|>&;kh+
zJP(y2Xv$%K$m=t^=U|WrpBhrF?U2L_t@QM$H2?`ziS*=VgXpdyv8|FBh7km{bc*<@
zT0*_bmQb&3U-67QRKuK%M?S7(Jd(amd5}&D$(j%mkX3fXG$V-TwTUIxPY9NWCDq8o
z(pOIElb+HyJ;^PPt6+(Zh#8ieo8B-FV!pN+GLHr<+u0ktgkvpKDS)$T5~oaB9zqDK
zL!^*8X-OSqY^>;UNW|q5zp6kngkd#zDkY%A8^+7L9CxR5;QM&8`$YlJ&}ul4yht`1
zn^2HuGm)G&sfrU24+EGufTYC7Pu2@ElK?17bQQK@bpUoERCgv}Yp_*$3G$q_*=)RD
z-WvRc#n9SP|K#`joYwEck2-2n=%*8`bCjd~FznnQlx=uk`fy<yqmsq|T`E_6n#xA%
zU|%yb=v}-Rv1MjZkIgJ5pu{*V(30b2gqIDlFc5UGj-9eQYTl+Q#*_g8ROXvy;7(9A
z0)lIj#DbK_4rW4QM~xB%ngQCS!l>d22M43!kU5PN2E%3HyU`97X=<rj!D1H+#}<2u
zT`DnRyvi_9yRmB>1LASN^-iGeYu&t1FDtufKw<6>io#0uj`J{vCWd7f7GZT+@0#W4
zqg~a!+ZZ5J#9}{aYA7<KwSLN*wIMK<I&ZKHsgH0;##R(|u{1DuV1Yb7tcF!10>%Wz
z7gmLHmqzDC^G<?cq>lNpIiMFF%0OT%QWh04cCzWU#*o<jYP|6RzM|O~trajYa12kB
zOG?PB1q<oAbFUvb8*E67fEA``$6G840NGG&#z!-XN{lhbRxlp6`B>BSwuetdV}c-6
zs397MwStJ)z<+m2ri%^S=EpJ#1}6aqYxj|}Wu;<HFlyXD{-O%8zCwYTNJ1MmGu|N<
zy)lEMT+DvWeM9Ln<T(kWj9C!68AV?Suz{MWLS}$Q{!IY3+2Fq#<ViA2w3%RArPeut
zW348t3S%EX3f_#tpc?=R{oJsL*YZRt%Lpo?+=4=L{By8^Mw5)licyGB)etbFhhhdN
z2RoEwZJItIj1j{65Tloi9S!E?g0tKyCq?ar5F7}W=~`i{PdpMcB7x4&k)X-2AZjJ(
z_sNsl7<dJwMRdHfahHf2y$qd%F!vuGT1qwCT0EkP;k#?8Lc~&&%UEt&45&esv9zd(
zmp;c{6H9~8aY7D&0oHIGf~iAe3DfoZ3Fw%c0_c}E)(ajAlZ0_SG-0D4fQ@7ujZK)4
zq#4|i5Qv1>Wb)?X1m7tGH{vAG2wsYgGh~y%X7A}^{$VvBak7KJR100$nCoJMtj9j<
z@pCAEKGed!V&@}eVRUrtGq-AlGvaIEqN(dMDKWWwGf9Z?Z-l;xH<)G_os}pL0Nzv(
zGo#h0l;0(U(lbR6t7Ri#fGn#F`>Ql3HW2pfau+3bAc>Dp(c_8&@en3k{wk2R!q@@C
zrLM;Kn2}*;BDX!BPzam4F~e@x|9}-if)kIG1%)_?3l;O0j^|Yo3YN$lH>_yg3W9pn
zyA|jriVsS-AX-)iBiQNhXy;|fNk$>Wl?>S}(UqKOg?LH&(M#ry7z@Yi@rBcaLOH1d
zTR6cis@I2t6cGmmG!g)7l^Ri?LZQ4PBF}s!Fy2i4fRPY90d&t-s?-RZA|9-10t2By
z5(n`8l`d$`6R371x!v({Klw8FS3huU^)4j`G8?v7_~Y5z1dT>9#?(zLjKN4FTD1Cu
z;w&)@h{srVUVtu*&3@!I=98)`mQV`QPirU6h55k>HH^gx9hnn6)Ek>MHbo_f^N5@;
z-D4Y*wH;%}4k!bATEr6I<y4P7Ua&~K_ar7f+9C#{!?C;}vkTc_=!;A`1ZIE1%Euck
z!gX9mSVY5FUfc>h5ci#eTsm1xOq;5&LcGp+RE0{aNfa^57dFztS$Q>Ixd?G*s1&Fe
zeRHu9=|vdthah30?4sM!Nve%&0<aZ6yo?NEo7jx*B2EBHza|Q;GoTUm<a%o8gJqD4
z9IAQ3tc1B8Q*{Hp(bFY0DmG-9CYjObt@D;9Pc~^?NV&=U)x{Vr(xL2_sB6NY)MTev
zQXOZS!X9O#-b6PoYf2*mzhE2a#uq5wG9s%Q?W4UIg$>|a)~s<-Lo^T`Cy(}{PCUv2
z<kBxTI*;(-U^}-gAa<x_0HewR$kgN3G!$GBB7BJlFa2?Nj%uv}b2T|-27V0S8j5_|
zL?Ac10>w=A{0o+#;Vz=59Vo_tvJO5ocK1QRM7;qAs35nry~Iicswmoo6Qzlg@zzyQ
zwQ#j+w8`{sGSg^c3($O^id)Ap)irB`uO9u8E~HE-60g4`!PY_jmIZJV>N-V=w^PN&
zOG-l75sd|~zWPe@;fpn8vm-rfRfsi1#{>q?bcnC9@Ct=R1Fw+Th+#=7>#9^1HYsW$
zxFsZg)NiZ|v}XrMRLmv9dOb`P@E|su&IwtL-q_oR8R$EV-fR|x5XX?smXILWOuj7o
z5oI|7d6+E$2p&~SuuI73GgV#G>_gBe8r}(-rw>E#7PScU(Yym=H8Y$J*{F6n8xXsl
z=H6y_;ltFEOqNeHY-GJbBbboMGo!gjpu^-?ZbM}ec+iA2;z)xX<93lIMQAHVv7d<g
zyea$`fgY^Pi3YEqU(SX(M{jr-oKyhExIV7uyy6><l{DigZa4FF3?r2%3VLWQY1lBI
zz=NiQ^+X!($lZ#7gRgAchqNjH2Mo=J$|zQ=Ohmo~imilwA-2Df>OpB2yrjROah-hN
z*}}UV1!YKwiXrV{5ewcuCl|lGe`@G>2Ed9r3=Yo^0;-dP?1U{n`L|IQ6l(+{x*{$T
zQ;7#L(n<P56CPb5?L>@2p+S%>I7O0W!WKE{0Y0#ZF=m}7j;SQXuR(Y~8Oz-Pa_k@k
z@XG?ON{GIsWRe1Y_sYFU|6mepfJZM;C&1cyQ3Gvbf;4gGq?O>y9Vyb#nQZD@5c>>+
zWKt1o6Ao-WXqAw3M7+iNm;f9K@;O*mC$vJ*ZS>BB3>_~`U-XGcunjHy&IH?dNosIm
znDlC08G$YJuZ-NJrRmiy3j;(~KtMnL1=vjABEV*Ru>y=!3e%k9qd5>3D^u1@dBizD
z!iNdiG##fIfcy<tP*@^wiZwU18K%Qq07=(8oQU0;6%hpz?U2a+DvwN)2wNB%$^)Kh
zk)D>-C+-Bc*iPvRMFz;|1tEnReXLKbL{PNxQd}fqCIw6qWuky&BVR48N)`kaqy$d@
zzOWGH^jfP*=Q~1t#IqxvA(}ctw@fgJ56ufC>)NTb92%|RaV{U;uHz-<iCadC#hhfb
z<`4klW?5wcv0vM&^7r#Z+5Zk!s#MH_-Hd%SZ2#+ar=<3dwEs^_N^Y_LJsHm>%#u&6
zI&*7bc6>?6iSFKL$CunUJ^3<V3$-%L%YZRlnJu4`H#D;(E4MI1P7G_oL?W<>0HvUc
z@hK8hT}hI}L!6{bw(2SmNVy46(ZTD*GnA8TWi@gPv-21QeSSGXi+bNc6?`d4Wj<B$
zr?(_7j`7sH|6R3Se>3&b*#1vWj*S17+B+?+W&fXyCu0BOsuK;M4C85u?v%u&RP=01
zPD}6IC&IJML;%XtN5f8o9Y2~jTxr<r^T>SLnP>o@SRHQl(S&QGW9{2t8zBE>Pt^Vw
zSqPhv0cgbkD=8@@^88OtO6}9K|4+tqN!P?uuOCir*rw(3C^@0rpap@Tw?ZCsxzI>d
zPl)&={*ubQl0-S%?8U)4?gP)#IbeWdBaLKUSaG>rcIpZk`LaqG_P*Xe{9XcM$r!7D
z8f&~Q0p=lNEc}DP2jy=3?O2IxK%(oWCLKd<960_F3<N^a-?7$M4wr7CnA{ZvM7s$r
zY~q+R$xEpt^pbY{;{XixfN&8Iv-6=5vy`FNh+v*j0q>C$ybRh2=+!W(QI^Xn(M|7R
zlHFJ<F{b=LEx9W7s8%Qm46RWQy8x&$E4)D~4}{T*fG2qp8A$P~gUp%2Aw7%Lkj&zo
zcsoJ%*T(IZr|~C>{)bS`Z(a}ZCis8%M)|MB|M$c{^{jtcfa@BY!Tq-}{y#aTcO?Jc
zCoQ>!|34{DbL;Jz!~d5xfZ<cn7zp*IW?wtzZY9bNX9npQawyWzQT8bEfUv((X?EqL
z?q$e4zH}EbyYL}3dmlFD`Ssg!`-%Z}4smEaKXY)l@MRDVVW!zeI*hr=Rm@Q3hRSN_
zVpFRMW$+b+SNNuu+o@%k3=iRrWSdME86_eQVne2GwYsgFsN!nK25*AmBNIH!ZIT|1
zNU!I>ax!;gk!?oX!ca7-VT<7?YoFVfT0M*{_J@&`cw*d$L^WnZLn_AJz{pH@p2D72
zH_tS=O5&_DJT9|Qwz-_iWEBe1J7G1f_r}d9p%sx=$?}<H6*dC})`bsQ6vTcq#A^X_
zZc$|^WcH>JgNYa?-Jr3>F>E6F8qwX!uT5Zo<4-;3KmOY+XFooT>HpG_lOxZ6;1^rY
z|C8~cbt&EKnRDuiJnY#h1Ttd<?)G2EvqK?%$S6<h87>7`<BlObd?dz3RDFK#9a71I
zE+d^IgCq2mU@0wGixeG>?8rqFUTmJ_{+7hCtDm|Nx9q=%OynY7L9BdxcKU`Vf!&Em
zyxR>_{+LpRTQY4O-};;OKgJXXu&^vl%_#vkA^wv)C8<UJI~h;C>yLSWnyHT_tbb}+
zpO*DM8Bc@jA8sB+(DAQ-pXB7!mi0dwPh;!PLu+WiBn?<2{9kHXTAFqJlim2ah5tJV
z&##>S%f^#`<%N}jfO|!Rd%w3tUd@-uOOF)Ml$2f;81k%MmOZU!_o5y|GMnQ`^A)j7
zO-T2J)n!&+&hwTAG4i*FZjbj#LxO>dpi*5;>B|*=MOdj&o0RFx)<CMSh-qNTFB|3a
z0dO{&@ylitW$P_XNxm?>SFA)|4b`hJ!B<0d8cOWdP`&ySaWzz{{sdeN)@ms67S>DT
z(C06XDc@GT3vs*&vKnlFOj#(iRe%25F;?Waq>AX-`0E%OFva^f<xXl0YJ5*-^K&~!
z{wq#Zk1+?9l`Dvy3yWHe%!hSM-9+ca>eJ^KQequb+t##L*lx_MSd0dmM;{Xl8_A7j
zYkG1lYbt6zw=%YEtRhR9RhiN+%Nqpn!+zztLjnLIc&(?nC=ZAz_`D@v4ughLLJ!%a
zx4>L&%fdm;J3;l;QAAOe&_fBaP?J2}BE?T5bq`>**Mn`k8cGW-G&R0*)YBNwRnRIL
zfnt!9N~T!B)_KD+ly<>q_Ejimxb}t0V8jO(i=bls?Xu`%*uynLEX+%#%he;Xhs(vy
zAB>0laN9?Ru$l5$;l*&o&<c*s1QJI?S(rWfBvSwwEEmt*2=Jo99u;m13%IHS07WdM
zuSSe%P}>4#5q)wy4eNu@L^N_5!S2wvRO5p(fiwmjOckSJnl%z&OxJ#ql1m>mtd=SB
z`+s`|0gEg}R+g!*WM*xhmgr7RboZqk0;%aqNhc_WKx7gDsZsgQIK-PSV>B%PB_*Y}
zQzGTR<m8t8&nM++k^frczZUr~LjL3PVj>^^Lx>x4i{RHH`27|IKhctf%dne7h^TbH
zEi#~`t>2CeXiyPs+@K^PZ?c7cvDCM*4h(<<J0_q!HU#n=5nRcmg18r`Vd;-q^uB5y
zEQm#NEH}l+r`*b{C`nKZ3qYFWaUps7M8I;tM+uUVKSo$#!V<Kg3yKlL4u~utHNqgR
zR-uRj816vRD9>UTC`r&qE(M0v3QfaC4hL035Hw`7`g#K(l?PRfUr`>aRd`)Jmn()X
zmFih$pRvps*%YUj>Piy*n3qiuaV#nbxmdCRERe3A&(DjI)PebT$+;nzxF#EGg2!P4
zy%=O4`!Ps=Y~;`a;b0j^=n5Jd%A&5w+z51BY6=OUUkR_|fmoI(K@G;dmvhU>>4PQM
z#uzd&+AsC`m7rH8*Dt*<YOX*3LeNG4Bm;sBhXVzZFHp5QNq~^W<TuTgPm-J!044O5
zrDE8POhb$TQ~gN9e)VIKLDWdVsh47WlPNpkFg_$&Qk`XxN4fhZ4p!<CQNSBxO%5nU
z(MzN>xEFy^;AWt_BV>-laY1&lU)-`5uE9OS&?XqD0i=mHWpp=Xd5@We*fdzvP?J(&
zs6iZRpJN)T;z2CZvokBfiZG)gfoLYye7G4~)y|VDT9qq$PQ_Tq73);criMETRs+c}
z_dzcjY`zrE97>O?2WK;Co9iAksE>(_kJwu%irY<#l*GoWFI0+K;8f~yER?Q;GiDSD
zgv%=R9P1}~Qf|wn+!2#XPD;E=@yD1H=J{>_gWYm}5ai5g>`u%NOu&YEM>ix=S(>-L
z&es58K%T$ih;-gIHZf&%TJu)0ti^I+pi~XQiIuAc!<yprR%>OIbxsMB`E*wm%+z$b
zHK$K;pt`%lK4|iwuvb&GfKS0=g@QV>G^J4#vmW8kYWt1DcS_9ttulZinlW5&nXns=
zMfG&%oThGK(8cV5Xv)=rplUH+XHH;}Y0r6mp+GtoNyslqC>oMEIH5QvGym$MD`O10
z%pwQ4qyd3ymgy7^j9S$P6j1G|pW!3mBtfdK_%sRuRVK0|^SO&dlP7b9^E{{tOG7Jo
z8b0Q54kkV^$=%!D58ol<fl6^2D<9Q=yB5=s?ns51;{Mfjm@QA!pT_jRW?s0deKex~
zb@z#k|B&oXO=+?JJ}FO&{<lT{+oJz%vHxjN1GlJwThzc7@t6G-ZCa)4eJz$%zfAd?
zWVDLZ2xT9sVFhM7CK=`$FLJ6vDq0#q_pLI;qgH#%Bov9zhe{1n@}-(^uqJ>SPbDNP
zr672QG2gK4M-{NfQvaY{6#n-Iq+p;94i&FTIc5gs4^8l4idl5Mf-|@rh;C42$2w)@
zvMS=F@qokLa;&UG>lg7T1Ch<oG?U__))I}JnjB>dppaZdr3l5u%w1A0$cvmYWrCwg
zZ-y$fn0;3G!%Q*3D<)Rd2%<7*NFI|$qd<<qPk6>i?z8O)P^@I`_SSS+U8+*mng|(P
zLIW-ziA)~gPrN=hyHb#GYhALWi^W(>tMLZCLS-PJfkUQDMM4EjD8mxNL`)9R1ruy>
ztU#pTm_Q&z-{(reT^7s-L;r>~Ha=2Jasw~Y_=!HfO!MnuX=p6HIawrC_$+DAw9g|~
zU<#HnOrDMrRHk_SWxg<_1H%a^H2}Ywpcj*E>j1*#fQbSoRI4n$kcc|Nc>zRL1Sud?
zSkE8ovcSy>1%4xfbI=t#xU_l(Qj4NTvMPGy<5l!907hgt<yhuXgP7us>E-!ydi33{
zt8aqHch>YX;sJC==v=Oc1W2O{URHE705C)iR(myZ0f7*N$yHE}E02>Q3m_CSx)rLE
z79KG~4Qc_u6evZO7S~6i6=A3c%~-Bf6io}1dFjH)vIr8L9GFZQs7Mj7VUMRyJSrvf
zq;(gc1QJRnI^#6qh`>=;3oi#GrRGDJXdL66G)^Z*XYiK8aseU4Y0*a3DxJnH6};4F
zcO%f9IFCe(exUj=QhyE5F^O+8F*+yP{{e&z^v^-0vA9>TewLYdF&$da4_&fbG}s_o
zfO;Hfa+o#jHsN6Ku-wAw7R+Ti^&&R|r$iW3!dP7X2_#mSLa8b-xIy<wx%64#Zh=wY
z%^f9Z$4dpe@{5?QX#?eC%S8nPi-%_xX3M!n@{q!UVYyk^S+YH|2>!M^<>9%-IR!(D
zWhhaYnO{6YE*L0h=8urC&dtwqO4-*ADa<Y^k_!su+`&Wga<j9Xa&G>ByrEgS`Ge&C
zP%porSkB8GoLdZy78l6aA#W--8|n>|24@!z$bmmI`{(B67LRbs19OY>vCV<dXr??Q
zv#>aKz|g$RLXc$(hZGcLL-$!yenEb2{=h=$C3|poez6OBg|6i6Vep4sl#`j4M_pwO
zh0zz%_>2G?IR$xH*@Z<?|7;jpX8*iw))h=@Kwf6<V5gjwIXH7rHq|PCRtl*YAKmbr
zY<dO#W#&tn11K;Dz+^x{esLlE>4aGp7VA}q=N4rHT`9~hLVye`EP&<_oKOQ{mM=lQ
z{A|_=f?Bq$2o%A;hZbcUW68?S%!9Uya0Ku|5`|mTnM|E&R&bF*^RlMvGaFE6{#Lb_
zjq3j*6$nk}qhbADvO6_7(*G~1PfPr#lk-d;l0WD)>3l@H({gjN3gPEe{J&jm_&0C#
z_w(Z7<n6gxnZ?)dJTSlR+M@SYef|EX3*~N#baRKUGkX4M;8KU&S8liX_5qu>Na4i~
z4x9Y^8tp;thA*opPCR;T_3~}QuBcu<?ho$`Tlh)4j&kdsvV7m$a?#XI_ja20_R*td
z6N{wW?>D{v&R2(iXj|~X!~@HJ82Q!tAAk2$ZKk`!&3~MeUQ_h%R{z=iQ~cEU&kI`R
zB~6jW{`qiGT+!QI^5WiqYRrc9>*wry+TG)pB|pdA{D*dJ9{tbIp0no9pC4TLk1bnf
z4t&)6)Eak(%y){XIMd(hQhD)^QKRP0o!hJP^vd2lS5$vk*?VMd?GFpDo_%WDwz=Kz
zE$(?5Jg1*N=-|IU-#9m~`+fO~fCydQx9{8YE<5AyHw(hj^X|b_aUIrd+_>@9TW=jR
zW=yxv-o0BFe*5{xHM?s%oI0Re=e29sUbCclVPW0gt(Ts2&g|t??{}X5KX1MD)}ce8
zv+qdNKF^E0vZ|_T@ZdWaE$T5RZ_~PUi<d4v&1Q@5)$3+?-TUv)-dJ96-;ty{kHnoj
z?Scy~xV3-RxQ7=k=$e|kZPO<IN2|iScI`^@|D%(1YrlT|v@bRdb)4yPx!SZ|uySSH
z*s*f=?$fgDnVou9Y`QQI`0DY;d&W)8>wZSNHmg^!w%KgYKKrbqDBHGe+q-vf@AIq2
zj{RiOLpR>=&Ht_~?(xG}?=C)d-JXN*z4zYIQ7<IVdHaja4{3epEne(s_otU%e))dq
zh&RT<Rt%+&Sy*^l$BtX~9(wS>i!bb0yMKGa;0~>Cn%aLsT->UcUfMP;46Qzq)w$i7
z(xpjBTefcPJZ*R2wSTWzx$?Xvj_!{XE;)L1&@KJrJGS*zC;T%cb*#8{?E~FfbvXU>
z*|TOXU$NqUYhHZ#VR_1wDc#<D;)y3FPnzURNN5$;sg3u6Q%=44nvo+%78dqj^lsO7
z%bt1WnH4Mk{^>W{w{MS|decp<(&s-l?1}ZBWs4Rq8o6}f4au--?c2AHi@W>H=T@v(
zv20oY(oes+{^E--UN<T(Zrt+o|FCGwj2VunuA4l5&sE{f%!wr*KlAyjJK85)G4GYS
zZ=d{UWuSGdqW#I|wO;(h6C2j8d$@4Pg&hYu&b;o`Np;`t+t&UZSMieK!-o%_b=Fy<
zUhuE|^qWUddB(H8^MWCNz3;wDW?iM6J5BijR_o2XE-LOhE2rC^*Om?+K77=uQ7cDZ
z+^N%*-8#=)G;Z9u#l=129){+3>^N`wY14K;^^|LH^*vWDw9j0(e*O9vpI=<OFQwwG
zeuulg@Wj>0Kl>{dbxU1tPhI}T`|p3hZsx4<<6m8zvGJDn4=-JM;NYGOyLa#I+O=!n
z3p>UQ898#_zI{?04EgETem=7I-9^tm_uQk8JW|v5!Zw*#E$kdOR#BeyzT3Uqspn3c
zIB{aZL;c1S6|LD5+#5Rb`s;CVuW#6JM^3k0E43c!>F3}5<_ph1KYC?QT{G>poV(h#
zX(Qjg!L#h=pKq+FsQ9ep;=9|fd1id;Prkivg>U5zKloF|ty`78dgt=lyC$Xl^RxBm
z_MFvsR_k?}H-Ayncfo=M4=i&Bc3rV?3=o7{Zn@=-a}v|j(@#C+6z?00x9#gu@L=D|
zF6+AHtX{o(wfj@2!&~+qI(YCPpzOMJ>!5JSjfeNFz2lrSrEI|UYoB@j<Bv;Rv)i|6
zJ@_tI<hwVGzxeJq$GY$Nb7`kBWA5FvVe|XjzgMPw_OBfWw-39f{PU8fPv#VLkDH$L
zzn^^a@cI$wPP?>o?!<{NUA6Gwp+nCvTXyi9Z$>;@x_0B-v;zkY%yga_cV#Eo0mau|
zyKYZ#)>W#iE}TFAqbEl^7Z<l-c4A`Bp7u`d;^I2qrhW4IP20B*yS4xB&pz{1RJ4tg
zXXdm${o?mL;{$=jn^#|X<kYW^ZufS$=%S0dbzZ-Ewer)_1zqcWzQ;3H-hIz~@2(2(
z2ddC#|Gs%WCfV<wKYvVd@$=)h_3Sxo=awy7{_&5uzxa0M>_W$1(so_HX6@QjrtLm-
z=n$a!%$YNP{PB9vBsd{MU+sDYw%_@8etzJ<MQ5IQi)Yn>*WJ!pSEU~8JNd}-4?R?p
zle6x}d*;lU0~2V~suf^IpFVva4IKDr;<ulzFMTv+_y0`)=j5Z;%{{->j2Scj_P4)<
z!r@kNPcB`Wk&$uPg?HU?#~sBzU%BDC#}_W#GdJ+6E%ToK3;Nc6Il7|ai^m4feLMNe
z_fF}sX58|T`=2~_+U}h@cg~wP@6}iPxn{p~!*}EU_Q+pm*J>+2Ub5})6=%-Rf9mOv
zzxrhCWj}AfB`veKXZVXv^Pvk*@|^XayPi4<+vw%muP%P%`L3O(&rJ*TyYZ(Vv!<Nh
zCUaG&bEh_kj~+dG<jAmL!@mFi`*Hog`+E1JqF|Re`Ron%-gn0zf9^Z!r=_+zwhem@
zPMbFE$dMc7<eeJ#`tF+i{Ct>b*~sgjy>`Z-r`El;E~m?RrwoRD;c~lc_PjM~-D~!l
zy)Sum`=QDyN0yAPDl7Z>{C7V1;I9upc-M@N<IjBS$ani+dHH3)v+?7<dAaV}d*<})
zum-j`?2&E7THMrYox@-^Pu;s_&239Bxuo22Mnb|PtI}_J=%J7Py1)GFxa7?e9334y
z-oIf_?U(;p8QNP|T56x4zj^cK#Kgps7i)lyKmPdROP5w3KDg(Bu1khE^78XnyzoNB
zb35*v`Sf4odwn{m*W+6YADnXvY~2Uu&V`ZmUiji8kG!#K*Tv_3clzn4e|vaRAP{KV
zwr%U1?)l4KLIBHu{ma+-CYbhwuXb%LeYW>CN$1W;7`5WX7hkM=Z27yltXR=X%igwS
z!KFR#YxB<5t@qx4|BBMJf4=nU`{m*HwCd6(6OeOuVo66y`t$9#zZl+s_8n_SJ~MVT
z9Ers}&r1IEqBG8FlL_>4ao`r^#V4-by460e`mApb512f8%_WyywWQb<_wbOf&y==o
z+5`i9W6jO0%TvaTu6%6&JT>{b?{b4H?_ZqPIqtSK)9<|VmGPfWD_qi{efyi`%D>Mz
z501yXyZrISAHP;Yp+oa7)8uyd=5%}D=QnR3I`gJhBd*)E;ZJ{B(W4-}XU`js93ABD
zx6V`8y7jepoV~G~ZG8Lo+M;*w+&jjZkUQ{-g=e*IpD^pgoL0rdhiiQ=lx}@vPtew;
z|G<IMM!QO$Exq-jhq~Oi{_VHkf<t~ToV0OQE-d`!@T9b~v;iesKFYZMz{ri;o=B9W
zop<({)_+0o#IIE7`jSD?I?tq<XZ9cY?q{1VW&V8c2bX;F_1JS~XYYKZ^sd(`XT*7u
zcYO3x?FHwbzkTVbwsGw`bm-Q3`tYZ(1CHaGYp%JVj}P~W-|y<MrcLXvfBa*YX}h-^
z>GE&KtbHH8aKVi~?%r|W!#l59xO4RM+3Sl}u3QTLwLN{;h~;lpz3=k-o;>~RJHL73
zR@di8rk&D$-kT-8gWa7obL4h~ONu*B_W<PLrmkAG3W(vQz%O_2{@81;{Rak-kdS}`
z>5OyE8MNr#Yd-zURkOa>JiE)~-@o|kbyLs(Ak_E5&sX2P`okACZ+m*_h38$<_wp`h
zP5)c>S6%LRo_*5y!u^{z%dKwDdSv1cU#|W8-|dfn2Q=)=v(J7C4z=(9wIgooV~;&{
z^=ubx#iz%-boOm)x<2Plo-<?T8IKq5`}T{6rX1P3X8W)$ZPXWBqsJ`$&v#ER#BPc%
z`2NdR!UsJwrzalyeD1c1Ke#TO@=;u?*WL5(z1Kc_!wZ3r?^>LooVyA5Cpc<uzx~Q-
z4<?qpns@cp-yS-Ymy`4Q;>&wEDnESfKNGx5c1-(lV5f7}rQdi(y7TQZRU^DrXB<5`
z<?<_@bf@1qeE9yIJ1394T>0tEE>mVC-M@9~){4y!R_|Dr{oH%E&A6!A=UcXH*^#41
zUwP#f`27Rl1VveJ+ih)^O<LS`de-;5CXV>(W$o(y`?h+vzMFFB-Ga?8t?H&IU!M8a
z2f+c0if+&P>6MB9-0xoX<K9I-PK~>N`>1QHrsi}@5ATD6;jiWEKHjlo`kSA^{#pH>
zgo!(L?)2|^dB@hRg$sr}ylK&c{SI9J>77-l{U3W@9th>uKR&HDQreSBPZUPhk;+;U
zN}{VxMbj{Y2{Rajl(Zr3t|aXx6|E{Q+_(|lZlq1xRZ5Fek`}`EobxR6%ox#od*9#t
z{e7=Liu0WFIp=)NXFunBPPc~mgv(pzpG;yht0!+>JNRVk^w%p_?pilZ@qAO`Q-kbP
zx5WM9S>2<bRF)pQfB!yUYmHez@`Q)i#cMfljC}auLCBjsMl4oPMd5%X$NghJb5t5X
z-QRos_{p1kpW89?^m13N60sv{!yM0DEDz-K6%Nf@I6(DD)x!tHW7&JO7@F-i0fs+y
z3g|AolODB?FLX$qt~%iBw)p@Zr-fx|{rcIdzuI>0&*y3GSx4X951p((Yl=sKDzM|0
ze13TN;zf3x!s*UkyLtc(+Fi|U<@NU~9W@7;pMHHS)zxAiTQj*U!^maYp%PP5(_XP1
z8P^^?YJ7G%{>~lOBC{dw6C4JgKWeTPJE7meZ6OtouQpW}YPz`Ww6|xg7}pJpdw*%Y
zt!4NrOR%WLC&vuxGvpn6UiOQ}7v|sUiS4&yL_Yz_|L|emF3V>gnUk<<*SlxWPAzE&
zUolc|{F8}}j<3rv4W5>CEcrv14Kedo4o+WSIlwS7yXNivxo_X-7P!T5fXsaHx@4>U
zhI<Qq>sRLX?6Q2&AYJdPr<9dH-#HuDZ(GqHTTDAE+5FPE^HFxrqifd~*4K7gF0!j+
z{n~R)%AuJl77_PMFAuO(wNRULdhOsL?{dP@M{FzFcYUHx-v_0m-DckvH7%)mex+oN
z_t2UO(}(A?iV6zmk5F8zGOFi5_r81g?(N||@bxs8RF+xYc!8j@V@kWO+eR1HJ&W(c
zW}CaW+vHH2FruXC%cX{D57*!C)K)$8pJQLW-*c_b_-TC?M?`pfdfLx@zQI0ad0ANb
zz5F!^y{l_o=d+kEt{$0tvOszA;|tbb8yn6P@6;P8if9OL+7<ceV2*hS)<^Nml`AIE
zAL=fc^(?RX%1Tl)s>0$g1N9G7;_%_apFe+I^P;#knQImN@_KA<XDyx3>j6P~pFbNG
z6`kp+<gEUr^l){4d7!E3k>q1JVb>4L%)7FgGv`Qe#VFt{T)lb~n9&E9UGK!m3kV7M
z1nifcRuT7Z-}d5gE^t|aW40$Jmjh|;s@sp%|E5DoNcq(rNz*bqt+dmy4BL3nS23+?
zm*u&+4~F;px}`cd+1}tqk?6+FRqMhH))l`1#<A#}+bxHs^A60JJ9o|M)ua6HZQ8Wy
z*3FyoTesG|i)_j|eArPv&SKFgrF7A42j}AXE;o*8ss?Y#jqQD1R53=i8tZ7iD>D0O
zM(L6RtD-r_J?%T&9l3mhccrebF742vUv2hw-Mw$$Fkl2!6eg{z{v6$H;DZMbSS;3h
zHOqT<?i`$)YpC?@u4u)jf!kMY&mTW=)m#scjn_Byj{Op^<yla8?#s6)JIsyK`!MIu
zy}xuR5R00(HojE6QdK3G&|zr5HGq`9H8cSEqt|Z@kP7{EU3XWe9-8I5q@hHqVx(OS
zyD8(=#ZDakQqxhlwTw>+KIQ{;aN~x~8NrSfbzzQ<O8p`X!@JFACE42A2A%soHT7~)
zQMXq@z^T9{6TdPa-s|qN4xxoxcSS#Wa=|tGfl`GY5VeCNtIvNvar|&`kJt&i!x`?3
zL$i*BgoJ4Jij9bf;IalVz)AsMSFLMWUQCU-`2m-_L4BV`1^#((SHcL>VK?ryn<spC
zt*KGC^PE-Rh7q7MsM4%Au2_)=taCMsu#G!+>i1g%1ZYO|i|S$Q$cBq<W!{74%wn(m
zBX{{2-^~qQDz%*ZWn{z_eNc>O|MKNaA79^Tsq<3xI&|m|w_~S;nh-d}nG61i)97Sl
zQ(&N$)G0KyV5Qyg1RdqU;VYk41H%p|msd$|Usn#_IW}^ho15dFsTLL%z>A5=Q&3jk
zuxiz{npNWrzvU?x7bb)yU(dNJ=#e?H$BU~8k>3Kxtl>p{8h#6ypPxR3xJR4Tbvzzk
z`}*3oYZVn01qB5U9=LJeol8ud6%g=#OG8)H?E0#^oBBu2pD8+Rbf|suv0WCkzm09`
zy{9P<xMjcm5|f!}=HC8VX-DfGTz`LHQlH}FMSp&@NO*Jq6qnRKcPAd{o8l5t_wiQ$
zNXEEDSqoKt7)y7aZoD+)%GAUJtPAiWQV$)vS)#}ptn)bFY?86Jot@ncpONnQW3>*X
zq}XzgZrYZ6(z_x(edFa#GiIF6tO^O~&h<`q&HxOb?_qRevx(Y{_6H9hyyjPN;}0&&
z++6(nqrtqxtjQ;)06Wj_<iT-4L36|=)?N7gmviRz@1Lk_^<`Y?_DPF|V2M}WJ<N*n
zn`ocO9<^<XX8dFahv2@EQR8`=cMS8|lRa;$>m9XT9>=X;t6beNqIAgPilVx>o>7ff
zLt^q?&DJVCr?%8@gJ1#r0qdue(6POBiVKhz{I|{@KFrg14-fJ9a8qS(@_E6d2Og_O
z?LEDDNRI%;5-XDtmFxbTxc<8Ex~bxFY*oHTy6a)!r2&&1EG%$NfW=zW`DI|)b)O2|
zk?R1#M>b@PvU*f@_EO1$u(Is?u7_8gJfS+JCu6_UmI>;CV+Qq#-RC_%F7fk?TNcKn
zvqE^IMi1nN2fw_gv37sJ2DLp}gQA~AM|X~!II^+d?O%H+<!w;2d|G{KgZ@63=eJZt
z7uaGdv8yxZzued-`pLT-gRk$J3SK8weXZGf!P<1eap30wSx{Y?t~l<<OpSTrryd<S
z)_;pfmRaD)kpR<+_wU}_%`+@&d~I>$qq37PI)Ad><aRVI^+~022kVXJ&s**~HeBU)
zH&q)O8=VA)QrEN-Cw`ecEZEGH$?Wpg-Q~uNsn-Nk1*-P;m&S#CId`UP-uovpoH?J<
zG=SX`f3vQ!em0NyFgklLXeJ&Kvu@qG+oo@X?KfU|Zm6VDl~WL7V{!3iFNWO+XLIu_
z$8y%&Eg539eXMDF1_PLmy|s4kv~tf}a(=8w|7VZq$L3iZDvjv#`rf_l`p?^L-q4xs
zkhykEPI^zvufSWHb6{$Y0`N0*jE&>R@4-gs1)D{DWOI!evz1kxeGfS`T>Quha}9hl
zK0m5!Uk1b1_e4Tpg}^cUr*6sYsd(kvuDmB})1OWFGKEo9RTUT*_-AIatFFM`-}dxT
z-}ZOz-sP_qT{4XF%_%T4#0IKtOd2stO*x_#h^r};-(HPwcjw-{_356=IAL7w1dU#n
zBeo|u>~Hu*y@$%K#SuFUpXwFo=C&`nkT}8P^o@`97dQRIRTDB<cSo9h+BL{=Qnpn)
zEPLH?l?_gNY7=6|_1JxVqN8S%oyLG8qjP^-95-=g*lab?;1q@2gN5q7wDLL_#N<6V
z!RyYLALd&9JTWSBd8dxYpO!Z;7>gU<r%t=qu=ei#xx+L&=U@ENvGWO^k*w~&q?WvY
zy!-Hp6Q3)JqK8E4KCkKKb31)lB$vDI^yyJ%X5oe6nzM(7#%bm?9ZXDotF>zagYo6t
zP|NmRl(<7LELiYmPN(DE#osjSXWsD18R$|T&|`&lw{BwPZsMl;vcxy{5*F6#%=}!y
zWrcs}c|W>(W?=>M-09Q3Ga@g%88qg&wyCLIeEk9w-5yFcVZS}$MD0)Ku~PZ`f&KKh
zE;Dk{y+8U{kZDKja{J$!X15OrI$;*<)9J?1)%iCX>V@g9>^pY{2ZmTJ;ML9^H}1pd
zvP7(#S?tQDm&qwx;)Tmpy|~<!<FK{tB<r5z931{S>HV_ujX?17D7L?Y@9i%`>yMW#
z7-Q9VV{};`zL%k)Qre-fS)pZP0-q+#xcl31fl9+z&q>*diKR!~vkHp2zs>_frM~Xk
z`Gf`Hi>z)*mh}lq_scK6^*lY_XX2#PaZ6lh#~qyR7%^~L(YS6ln(-N#D{U9Hi@$s;
zbFE?L$jFcWU2iUnQD(26z+#LGOn183zGz>s`k;z1=YTubJsB%5T!Zy&LiafKoptn<
z+c}ryu}U$XEA&p3Z85&|<yrDbYoNvQ^70m#tj-Q7Q1aE%>Z5U<-+kHAnvdM7yT(n0
zNg16jeLQVyKThB;<EW^qs<H}%FW=lf2^8>=$qH%hVpc3);eO10oBoUCyT@aX&$?;p
zm)<QdzIx?KbdgtP=A5~%^H01SlDF5^c<PiV`5x8P<(JCBE00vqG3nE8x7YdTRb4&}
z8PAwGbDy%6>xo69XC=BHnK~wyt7@25a6)_{D{J6#?Bcn4mBLXgOmgG@d{+L9D}Fcc
zX<<^1@z-~62mATF6#Be8mikIh=k=S)fk)HAFa53n9Cz<@*EzLcy?QS_bEfF<>`x^n
zi*F{gdRngd+_nF0jdRL*@8h)wA8<-|kX1U;%jEL?`%9hf+`sR&c1*^N+qWxTzfQ}D
zun}^AhhS@)|7VxXGgsFQ^iDF?SeJkO*G2bPk=ddN7Y|iDy_0@v=+LqI_gRb%)Dz}K
z&p!CbcfN{UVO_=}+x|=E9JyLpc=1Ge(3Q=m(P~de_6#_8FLA?o8}_-Cy}Lv=eJ!rf
z4F2;@Ji~hamCX#L3%hG8OY6UU@rfM#x(2wtB_$c@Js*D9n8&f35VmD_?^>IbUg8X6
zAOl%0i)MSK&%3*Cq=`c9om$UbH+AQ|S)I~wU3tIt`dz!&?(T!ryd%3Tf3(nh=;ki#
zY*H5|_|BX;%suTd<*`a9Pu~_~?n!5FGs>GY%P2J9xJB^9T`}p`-#pB^7F>2~iy0>}
zvgz>Q!xa@??zIzb+_oP(bH?AML*|Pa`lb9bE5{p|i_Q!%wLFlX&KB9dE@j*6%?(*n
z=<#N!WldScXxCEHG*$bLSFfIO&#H*{{LpoH`SMOzQ&Sb@&C3zzPT1?DHLR-Y<I0Z4
zgEE$vxK9y_GqSR>3OFfhS9j{&&$hIw)a!m}e|lifo?U1C=Y~7{C3+TWePMn68uz%e
zqM}@3_QE;SZ!r@Oef#$2w0~E(^xWQz_j$@G!t?o^7`JY{_bxI^jg4_EC@p<wKQd7#
z!A$SShu0<j-@f%=4S4s$`;6B*w%c}PHDG7%3$7dCeUiQS*MK*7Jkwpx8kJ(E9q{<{
zX7<v$>e;hr-@biY)jOu3E5lqdN(aNv9d(*K+|ZpNdSPa@_)Eo>eBEw_N|8+sCxM~2
zZJYAi{tU+a5}jj(g*j`>79H8MckiO|0(MoI^LC^1(F6bZTvluq{xP&`fZwQ^{57Fd
z`{(X+d38P6J~=tL_UzSBO)lzjtD3&mBve-?o{HGmK5NI}&Q_5VYk&>D=<A0X@2iIg
zm(A#|^ruyw_KPpoTDqJ2e%M@{eeA>uRZkC>oF=RFMQVr6_l(^KeA6#~#<fqK{<UP*
zhMaFK7w7sVFRumZUfGzCkkF&!&`Y~sd5mA5zML~g=XLwd-TVrc<ylWo%#4Xy6c%PU
zahS!fvESYdFwjWum%PTmeY^exE-NSmio_WOPXa7<K6`cZDzGT*<|ZART|TgP`IO|i
zxpQs%>rY>MI&xm-ElVveg^c<che|GAzU(*3TvOA|*)Xr;wbD|p_{(l?*DNzfkNWgW
z=bc-3j;h>0Zch(~$)WZ2$s4R})qe%DligG|t6|AWrMbO<z{m<L@0=E*%6R;oS990<
z%6_w~!eaX&QJ$A07(kHS$qF?{D`n+%?4hc9@8LuDxoh~NpJhiJOFFS|fod<cs_F~B
ztVxd<y&-Gsb->HNbnN)-*|Yhn9m6cDzI_er-@n7vu1QyqyUt`XD~q0X@*dgQzJJf2
zL;ENi?Yvy|(x<kjcw2$_%BDPP^(O}GM~2~kX)zZrSiiA6bfG<P6|zF!<}P_u@ihPF
z*v7NBpAD$*Q}Zx1aB^b!d<ABLL(c=zDxRbEk56~iT@j2$ex3YBBHPYGdF;b4Z%#gs
zja{bFp)4nI2xIB_rB2bm>M<Sz=X-jw{>^y6kPVl{jyLRg7I=HV{q`F$>fdO2Y#qi(
zaf#i2YlUJ*Yk-|QPx3}Iy82%S3UYDXE7sa`$7UWn#?Gm#tn|IM@K4R6l?L;EpQs*p
zygogK^QAE9#F?^ePF?od*ywS83?8f2a3-f{^uhGEZ{BbXRW@(ld}oMJYUkfS-SeF>
zW5ylxL0y)IRBaEfsn{G_(^=S0MajXgpi-D~{*S5RoHc9KSf5jN?6dU1ffqMYCJP^C
zMs0Up9|ydd{Cr{Hxr#tPpOE$)X4~3k%{=zW$Wljl%RPmdsHlbE;g2%KS9b3&ycs`x
z>hXpZ%9|ZyOt{^8bnHIJ_2ZXnC!sL-*bCL@=;)7U18pKxU)`IUI$bCJ^6^14$L!3_
z{dDG0<~;X@z86nc<QErLWxeyr%e7Dnci1y^``Ade4VScr@2RxUU=4lkvjQ0RWlQFM
ze04xM|7q&oN{8e)t8a#WO^u~W;*eCA)Fq8yU#wrhez1AS%b;P=f8FZJSXMlw?&+H4
z&z?QK{4t!*v3_uVQDa$CcE^&27h$&+)B-14RaLcD@7`k5^xWl1ovz)!J#)?+)&Bjx
zFJ35OEPeE74`?~<!0JVdV%CNYG7kyqx9C%0Wc}MtPEK~O6`u!veSRe|4>;Wq)76Ui
z^fm6f8yK=CCM88h{^bSh>~?iGh-VrbR{~L&6`7O&`wPIeXIFIzadDZt`1hPwI^*3d
z`gi6uYOcCep0aNrFzvD%>nfwWufBAxboAnKyN7S@uTxe#wdLvh+}oQ~dtO+-{?qDp
zwI$^&ABQa)t;S(J_NAnJ{rdHY+qoOMJ#`XZ*VScT+F-7u6P}h9zHM97jvXB`_urhL
zel<UTYmrys&bNl%>&t;k2BOqZaK>iJEbudqk!h+PqM6oPO-)TRZlcPDKBL-4jUV1?
zQhi;tz1^l&2Ygsb<5GJ0`Rl1DtyatHoeZ3?$<EF|)5gZe-Z?X6H_P45`sRQHhlKd}
zX;Y{E@jNJb@7}_>X__{JyXC#li&0**=)jWGyg{|KwfXt^mA8-Nh3T%fcC_m@Rl84r
zeK+9JcInown}R~p*%1EnrJS&UfT>N(mf0CknzC`u5q&1}Tx3&rMn>&c6JIxXcdaKW
zb{+DLJ8I@-AM{X+pRN)(=0R>$SKy1EJb7};5OZhk#a2xhR{YY?(2y1SZj`6@p*75^
zm2qdBd&hO@2)9`O`pco;n!W=Dyn6D)NMXpR{Gvc0`ThO<fd~6+-^{U5QBlC9&WrBW
z*w`5V$!MBehk4nHleTTUf8&OSP&hWU%1uA<&=r$c6M*q%U%w&lG8cGNy|(VS?zm>*
zIADM9`TQwUipm;4jed6VL2QQsH%5*eIepfw(BR<T>#MTjnIEbhySBp)PEWgTcI)WT
zqrin2J$f`)gx+F@<jaMHx+6wt^oq5zvO4Ki1l(OCr$Ar*{c(%};Bmiyd|}0-NAnUK
zY!BSj(9p1d7YrPmFblPqymi9EGjtMMb^EQ!SC2cGle6o>{D5<AMGrS`?w2v=ZB>=k
zl>HhvpK6?X`WF7^#b3_M%nY-5q+<Tg*!yaij_uXsCSpC_hkeVAs2|yBHr8X9mR1MG
z!Rb0HE~t2><aup-veDU?72&&d$-Vpchxdwg)CB&kLrT!~y|!D^c2C#o)P7k;hDp@;
zqz`d@bt0#?`xcqEulu=1t_5|1psB;AJ}=sD?2!45!C+Vf+qwo5S5X<*B!7-K5A)^;
zP~Jpz0My=T24)YRX27qqVA@<Bd@ji{K;R$531uo47M_lR$0;V+I!!n_e*W_RXXiP7
z^ryA+KeP)8|8gI#oc}R4HZqaD|7SdU<Ui+s{u4j{-2eOEeE;vqFaP~>?eCv!fB)Ur
z{s`(KFZ#)(-}~pb-#@qg{{Kw+CQZAr18MsGC;3~OlfTi?D&c5|1qoM^=#;q@M_f<y
z;9;;~uyh745q?$2k5Et)O5sqTDZs;XnTsgZ77Q;^Ns_+#!{_Zhs0Y;HOL##rdyU^h
zeaYoM#TGC{zTl2uvjR&MzzM={#|gan-r^wq5)`bVtB5Cg!oLt1p2*xlk_kdVjxVi9
z%n!!z(b2^isN)5b{{)Ez0=_o^6TTKt=8QtO+0c-DIPe;nKM#{!;)FLeeR(MVx`@2v
z1Z*i@5X=^aBaY7#=_*1B<ipEqcq%aw^`IbZPN7AbQRt!;XB4`)C0DljZ9k$fE|E!&
zh6{8d3gLpDAD_5gDEE>l!C!=fWB|y6?ki~oaJ}>bfFOej=R6@2fDl5+pr;ZFup(32
z;hBrzbzXRP5>B5OVoS;H6t!uo$^86?C1GNm5DwoDF%+kjoJXyu_M<ZU$zv;;x`I_`
zDys#?BIsE9sv9L}%*ch7WZR?lAV~m5b}yAh4$5NECY6&>4%3Eng1E=#!i#$VfIE}Q
z<whB^^h|0l=pk9ib%bz&QXrV5b{c4uElv~wZ|tF)vN!|;n(UP53DX8L0skW4lj}vG
z0vDuU@p(Z(Fy$7IfPilBhbIMqDn#g7Ci=+KN5zx82zd=J3(CpD2h;+*VJjdm-l99Z
zumS!o0Fh@50)p7!N@fHb;;-m}Qf+jtP>f$IMs5<vkCx(39<C`=GxZUoN#O&eX)qxX
zAwG#aufVE=+66&_Y>$R16!4mj2Z##lZY+f2tUpbkzy!J(DOnJB;S%>eJm9=U1cpWC
zcqbHGLYjep$fZD<6lyMkw=TLQ2|GgB#&D<tvA+lSU6&dynhqZbJyJ>1hCy;MN<T?d
zBFGtFU$G?@uMI*)DAI@U$i#-kpR}}wW|+jD;nIy8dI~>O8(0D@vjNEpK=#ZK@WU`d
z^XuYwO@nv=fbLP^HaJZ@8irp3hkx@0@OcYRgU^N6Oa=Owvw%wDNkXE!kp%`XLKEmF
zuc88*!WSdFYVwLWBsDxmAqnU^a|I*%Npr>Lh7V8PyzoX)BMO9ol{o@rZnSZjG=luj
zIB_bK42-%oFS&dTq<b)t#u7a>qD^r>6k52}lfa||7R9dwg^;RHrX0p(WQy>YY$;<y
z8Z<6t0{8*49l)3hK|L~GJp2Ga=}(w2NCqxqPg3`_8OZ|L@MW+JY<~bmLVG^YsD;%j
z8%9EP-|0cj=Y9`9)b@IOF6;pK?w}`aM0Qa8LD2(DVG(8s^B5AO#cZ`h@9%eroS~oF
zV^E9I1MjjKFSQ^t76$Nik-aPm;Gr}n#A`qRut=ZkUk;nez(bN2FkN%e*2+Y1kK=n&
zLGl}54%j8Z7+Jj)s3_+E-;*#&+Xx#yF)iJ)m2Lq42)tX67;-v5xW%JQ7}>Oy9z^``
z@50AHf=Vzu12AJy3g1>>BHsQk%5m-oT3G0b#2NWalsS!X+s^PFe!i_u1Da6&B=zAW
zhD|bX#_*wn#&UWl@~A;2t00>zm&&o~gJ&U@Yonr%#A{gJH%M*JV&RnTNu&}F6$bfA
zJI92GLY5!RM59@u`W7BRFcU8PNE*3#CHNRRWeQ1*PLUYVJ0{O~4e%2~cMX6030bbV
zV$zqhFj7bXKCx#gw?(Yr^Fyd<vz<<;M9NTa8A)<xg5VLeX=x_SXYrkdZR@h4Utn~B
ze9H}gqYe4W0%-N3TpS#HMJ02<<)ST2hl|)7nI$9yKJ+6|Z~-{=L2?lUX9>VBq&or>
zaP#I1O?L`Hp+6CfC*Q$M92g@YMvD*3g~LaQnMhpny_ypu=>l+MXZ1adLtbnN<w#&4
z_XDsB*AIvzX!ihz5AN>;ga3i+;vMYc-kR&@2>Bfh3kd?4BZ*4Q%ttx0U>+_qmo_9W
zlyBIA=WhjbTH)az3j^?{IfYpwLIMXxi#Q;4=f%gJ6x^@~g6f6v;3Uosv2e{D7EdaW
z!-wlZV|dae0{B2P0B#o7Km=?V&>O@PQ^EwH(p3?V&>%oe2D~s&z!A_CM@>+Eu;!j7
zDLxRE>FfkOBw}?C;;B*7QkKEc6GFp6M4$iyoN0g%K1atP9+iXXoNx%{czQDl3JH&_
zjWP{)Bw)A=k8Z(a-h_1X68o70p@$$ydE2^l9%@PcNlT1YiP+!wJAwm!#I(UbuySik
z0lCkRSOvUL8Xw_4F)b7TCl29}-V~@V&GSD8g>nNH{|*$Asr}`m5PfVb3SD^qK;q&<
z2;+-_rBp@hi2N@_;P-Hcvi`S(JM>W|UWPOb_{AUo(yI8J#v@H+BmwBgEYekkLW4cX
zN>jcF7aTD3iDU!eOVQ#RRAqc=q(vsNK$OhI-?OBJ$*77%?36=;%p{kW7(DzW6YBBd
z2Q`P`FAqkuS>q%<9*Qp<2{51pT=Wn=k(3J`p$OBK4bn?aA)&;Eq`g3GxX8TgAOyAt
zs7($?Dp=TTRB*ULe||7Z{w6bb+UQU;i%Srv7cPV)vycKnT3sY`*zmuLHCmM|V!`*U
z4E!tI&iHW)V+Mlpqc#TKyahYshinX-s!2Pe?P{G;$$wL=qgRI@od1Mc|2NPL`HIN@
z^~`Cs$h71o2-ZI@LHw`!Y4Q9gASr{N)CWA}Ioiaeh4Y{2NBaDyk;y3d{;$bT>i@ex
z|HsdNes}#*H0JO3@%{6^#>OV#oAmmRG8tv`&-vf~#E*fFqK=Nt(E?B)$uBION|?$s
zJPOlp`}1E+01`sAqXk!i_TUGIiIXP8K^lEn37J1+US`Ru0ieEVrv*SgU_X3so1ZMl
zxBDdx=rLDXDLv*WDVA52FaUk<02A#4;k(OJC)`n)(zZBSlG>Ej=|f@?PhAQJj;mf)
z3rR~2WmK=Cj)9`029XXJn3F+40-?T-6|G1FkkG6MnLtuy$g7dAwNPXLw-#V2DE8v=
zyfF5xNlwNrS|!|JmTuUrI{*mIw^^U?gP7`==O^OPK8gjvedkIyfV~N1dh_xW1p76I
z3-_T!(#5o{1i*8m;SHXw*7s4T7jVR3fM#V1VH$kdGO%W#K+!-4n*h&B@h~lbUSw)&
z;oD%;E;1(=riw-x=&3_`z-|RANMP5=nLTZ~i>-@`vx}kz7l%dy(`GXj)QO`vVgWjI
zfii95CnN9(Gpwgh&5kxAJU;)gjK|(~y3MQ!)M#)(+5x&Erh?N9M@N|tY%~M~bvx48
zp?ZeBP#&nqLShu^<f_YqLd_fzHB+)`MCA#ST-Z}=r&~`)DV)_M8v^hu06LbUPSu@a
z?aGGr9c`WLr%%L;3|YpCkV4=r@e_zJ^utE`b&C`gpksr1`U#PnEKT|fe!v05e4ykr
zS5!dT-GJfYF}S(Xos2MYHz%g207@|((1AHQi3qAYb49pPl$@m8L{HiV5xM7~O-MDS
zBu)kSA2KQ56N7`sTd|RZ0@TWe2he$#jw2J!3OWy{N)V=lgp?%)>Nv8ICxXiaZAV?q
zhzTYJ+%Rn<S#d#!+ABba0b-F4@U1XyM_7$2@*<+z0D$@oiahb*$lut~8ZOdu6ATx*
z3DkAbNov@UE`~bADFAhVdvzEK{2qZpY)Xy9Ln!p)0oRTiH(B2Z)>n*>k6Y4Hq(?Yt
z7}bFR7735R1D|qhN_m|CCrG{%hdFU<5bQ}F=RmWPSup^;rR5@M%V#dj#AF1^omdr;
z1rfHu7ba$Di9ud$wnj2bBw1lPn>9nSqCzt)OIjjgXc^5mkdjCj9^d2Q5rT!t=MQEM
zYf!-wh%OR^{9t_=a_lAnuGT@c$wpPBFr<r+$LEH@HvuGM4VM^2iQ)Kh2s&Pn(6xy_
zm=cN?BW{PYLSWQk4IOoo_+cv<ygK3-Lrv6&i_D1qE;u-KU5x6Qh8{x+)k2s$Z2^jl
zowh-hlmXD@a2@c4kfAYzKQ?Z1NFx!)3bcLbScG;ES%SnJiuvf`zx%;Mh%MqA2_ewD
znb-u{$j=v@TteXs^5_zL_y+B}J5FXhI@?S}@lX^^L)1dWyU;lVeKPWi{(>PYxB?#d
zh87vJ48U(50iEX0<HEC3@T4T#dF6PchhDsZu*Qst2rUGuOO_czE0gCR5G>MdwHt&1
zj)1l!O9Yto$>}(acSQ5~d(&x4KQ5@FX~cmUHrY2-1OF~v10tKMFvAJ2K}Is=3|1Gz
zBiZQ4yALM>zG4H|J0OS`!WW7~0Ll2M^%W6N7oImd{4I$B;-B#&p&np8y!;j-?w8cS
ztzy_Aeoh^70{%P+8CT_n@u{<M#5xoG5x$GRh%3<d=X(YT;Ugyco<e^E!t*cy#K;l*
z1?zJ}0b|8MewNe+o<L75G6?Ymf1|LI0oyYun9U|FR#0D20q_$dZJdMw|A|8R!O-AG
zyn-_`ib!e&X_=9PZb?yrIhZkz<7-aU3T;y@u}m$rOtf0WlrS@bI52tggfGAu4uX*p
zC=s}*8wyw&pMsZ&$0K|pL(qPjt?gvCt<wZtjeym*!~moC`60&zZ%=DM2np0^n(cI0
z!4n@kiA&r+5(r^)U1DY^%Fd)LCBhi<Lc+@Hdx(Z8^wRfZLo*KaVaJ~3A`gc_vejHB
zw1jG@YX1gYL-_Etg(vKRM3XsQj*tiS6mXE)!A$fg@d-yf@d5lH!7Floq>*X|VLDFM
z#WcN`l(k7J32oGFs3oQcZ6!)uVDuvr$Ymb~ucG*48b-K>kMBcBePN-y!{qrBv|9MF
zRIo1aw1F<fJdeX=O0_b^obZ#Fs1-iv0KnwPD$^!6Eu`Cwlxl--F-X^y(seDUI+{U%
z>;bx60c}UHfM}Ztr&?)MD927ljaZV(5-mwq1_MNeu%a<wCs>!%pYrOAB<ethr0Z+&
zi409pEQVAtF<#~m*u%~3=kHtckf_ylF&Rg!xy2}<B<ZcNHq+9NQ-$%rKow-v<p=44
z*g$OSVzb(?*v8*qY<01^%vzIU_-|Ql8fxJMvVYy-l#CrM6Nm5D%yNVugnnFq_-36Y
zCPx2jBlN-QP`%Itb(AK79K&wbQXA98KQIk38VHOA0;n+dB$pY}T(HIPw^`J0uGDWX
z_AXPg#rS#AW<RhE`i|OAzqvS1pGcI!-)Pbqxf@^{EjZaE+`qA83Ix^&WFYcviH0O3
zM7ed;p&I(xJ}K6oKza5MgR<NggxddHBB7R!9*>2^tzh$Sk^T>1O@b5hD5nfsV4wqj
zYK{~c4j_yoASnb~=(GZ|_C#VsLPJ#aN{0)L1<9Y#;bjL4;SB}K--Siu0OWz8%l(+P
z5tE<^M>Z$O8=)T69Lm+R!W~jv781@WMFvnR%CalKKWK#_WYF6+gfqf``-dOy!Oy8e
zdm7cGRmJCr*Mh}FSPhsm_+*(V(xGQW_|Ec{RwiPBra&$#MqgF>veG4`JOFs_`ji(=
z7qXBh$mVd40$y0NDWYki57cBObCRACgdlwY7qhg&BLcMG8G@{Uz~Y}MxcK;}H3K*`
zqL0|{XUtZ{QpZE`m=2mWq0+Q*3|OLbs`%kOJ$Us9tl&_2u_{{ks3oY(mJNEysI(uz
z6pjnpD3CcXiz9k$g^JQrc8!f6dT5v1jHN|#c$!$0W|HoQc+^NfXGs_m)6~SMbw@a9
zks@R#ORb??h!91%pVbz`MaViChIG%ujzgT$_i7{V;5W7x(dut1i<a??B%pv7Dur=)
zDMaW+RYQV;K3l_P3qq4!hK{8C^yURq8xRPt)IJ5NdPTCe^jM@p2&MsyK3t(;Rx(=`
zOgT|Qgot3F5E-Us7*b_qpq7XdiUI&?g1w~WDo}a`I+D5sP5k{y;M4+;0#CNll{2Xu
z&{skb$e9lj2t()MpjS;zNUks^$&VB!o^ZinJ_!hmBq@1Xnq+O_(6yZXBUw8JF*mBt
zM(L)S(<hn=Agor92c#Fw%mI(Wv)SIBKsECGxJX*b5sB)siaOn9^Q3k%$T=b+r7a6>
zNsN(IBt3I!I>x}C0{AzuO{ameLW`5!I3tR*@#qU~JZrK+sU0X~f~Gk3r9imY+RK6f
zMRGuZ(iT8CI!%@Z0g5OPhAlLk=4{if9V~0Lq1_}qXW53Ztks4#6Puw66v>$@C~X16
zc*kaA21W9ECjKMnRwxMJ1<|i(%U%&i$uG#`j*?wnV$}({mJN2WNXioni089KK0?q9
z8Ggg1L~D%+=S$KEpElYBks$~sa&QRxR7cw$(C48xO=L(=y1K*=ZQe#gFieX6)#24&
zIdy47BHaOg3tCPK8g<aXOYTL>X(AyES_|5RX*o?Kgg|RTze!ECk$gsXsMYBrj&_D0
zok?kSke}F$Aunah4W6Ku-`B`qxGrp2BNH|wgykXj0{?sHVmjbA(r<&%f$9ks20)7*
z>IfqyMhHu|olNe)g8mKAc#weyLE+lOoVIxhfa?Q00@eb`AN~)+r$i)%xDZZ{*PsRf
zE3LOM*2N^iQB!;bnxIq?RVNUJ^7mk%!Vm4C%Q&Ri-}Ol0VG#L3LbB8$LOvi}0E#UN
zX5+zJ>CHl7^<Z^OhcECFk}6MDV@ZhuSW(Z40LesgXD}GzwzzCwiI#=~s{hz%Xv>A#
z;n6}SH5dSp910qPmWWJH(ZUEot)Dvr0FWF(Yv~DE8WYNU@N-9nK$7EXme!z!afre1
zKXnuUAUTHSnGRYQg!j)Lgtuf6ZOCoV(y)SlI_U<{Xje`qgO&!uX)eHjU?f!U975<d
z@4i{GgBE4W&l!n-iz8{C6``e}{11E2+MPC%>}Ts&bmZ&=GQ4r@85m|419sS8-~b*c
zJINAR$e;-z4ibJ$Ci~mBs=8Y*1lW#;%-)NRA5yEjy1La}RsE<c{b@+i{iH-VP*_zw
zLOpHgK#W9))G&p%2XtMEt(hes46CRU8J?6rj#D<(MkfucN&EElZ6}cO<`ahv<sm^T
zJ@%6D^yTy`zPbD&?v?P>TTF#{BiTZQH7C>?L1qWhQ*D8mRXD`|Uq68E0r);MRqQ*<
zD<I6jBnSkUhYunkU<CxQvnU7@fC7Sqga;E8M*;>|coY^C6#`-y4Kef}=0RcuELDJT
zp63DunVo>~^CVnJ2(Tdm!`Z|V9^DUvog;!A>WBam8gZC|_v0n3VqgihqT5NRa2H3+
zVu|B3DY*&y%f3*@;0pe!;Yd*ggL*<WjZ)(Ab%YL2N9jEEoVqW979XbG%jGN05nAte
zGz1=|_sYeeOEe7g*M~ccBN{&b&3=K$E9ClSP$QNT3DXYj)pIhis@HVv!#{PUfyArU
zcdYOhzg(5mConDHun95NXpWMJvuk&KFwh0|+}YexcKOx)7_vEUIg4k-Q*)N}iCDFu
zlCS<_LX7ehT|RLAftKxy?E3rf<8-8!4jqPGV|gNt1MRtIT%a`k9<n6vThKe9$&2=(
zBVcT%?*y-lTCL|NjOcrKt5WbeczL?(@<2Eeykb*y7%2T6@-oG8t;{c%&|u<kkU*17
zfC85T;c-)#MGCWie(DraQM;M+wcK_yWxJWsZmTvXLcmm6Us^;{Ad<OugL7ARArAXz
z)FNcrwigp|+S~Q07*PlRiX@37z`kl!%Sw!Cy?rd!5-Y9tyH5S|buX}@7=ZC?g<_RB
z+MwjoK<FrBIppSFUT$1bbhXy4bn5M1z13V@cw^ZcG9<b7Lto?Um_5|l@x!b5ORdv=
zK=ra{<+G*~-%$(BuLOrC7CbkG?8=6QaTNf+7uAHv@k!1I$5jcRiGWCVEv3|iJdMuZ
z@TBmr41Y(*Q4-#1E1t?-p(NZhAv~3P_el7T0q}J0xgz0PU*hTFuuH;!YKPu<(hnX{
z`q7chg@!u?{qdE(V$UtGWZ!T%x-l2D9{(<o8w<qd6zf6W$ZCX_Q@*v0-@0p~{U^w$
zuPtM}09`<$zx^jXWDi63pGWYtv;W-2)u<nL%AI#i_>oq8OgF@RR7G$r&W4oQ+jgtd
z>ngqh^_TAHyDRG2IQ~apU&f~Kf0%o<Z2z6vjsI<2Tebgot(HgJY8kN|rZf3;Hp6oH
zLjI_b&qWz5`%F_wEqRP(YUMR<Rm)vdVXGM5izT!1VCu3_swne*HmQCbt4vbY>mkK$
zveA{}Uxu4_f-*LZe~|X!@qe(3|F)fLpASm;wP{@D4p(>+2s`polwJwPv+_$xC<T>P
z^Q3-SVyQF_K7xInTfRS!@po}W>2@mJ68bDkKkub<rFHyI@6l2e(5VajF$UU6vwT*A
zJi+Gzpu=o&WzV?95HjqnTxoUR!kn?)XuUhDHGBPDxpP|UmDFq|l~;>cKFm(x?@6P4
z+QmCS)^Cxf6K6>)RH9peBEpR<k+jFpfG1~&>b%^C7j(vDPoFL03IYs*DMdD(vg8#@
z+RUG+m$IQXblj#bz=UFgAS;M`{P*8D{!=&R^eg+==JB5o>;JjKSG)1QjVm<%@oN(g
zICwM*a7R4n0Ep2y<lhH}JU&{Nzj=fHy?@ZBbbJY&pAX)&&eA8=^MCk9@lV7W-bb<q
z+FwY+tcIaAXF(K)`as%RIE7$7navxTp|S6$Y_EO-Iz^Aw-qyRl;9wS}A>knp`V?C#
z&=2Ac^no#6hUBD)8sI8~xCQR_b=tzp@!zSHt7o+*>0=wle>S%?|9^Fq-T8mo$`xE-
zOmd^Uh(MhHr+AYBZ;`isUP*RLOS%7KKvDimYqqISh_DTT>DVI!)3K#GU(F35%er!I
zG?8av8@^B$BJ3dA-#0|~xr#W?CS!sD7Gk+6V8WIR-G<u$4RgA<O@ls^KJHc%3>pxP
zmNDL&^br7z*>k8tA)?S{yrSSrEd7z_6bkZ2$0UIA8Jj?B%rO=e28Od}Mr2+Cq9Hne
zSK7QJZV*Hck}aM5iSjKun5W6O(tL{w?J<0NcByYY8vg%XEBQa~Bu`StCjOr}IttJK
za=F7D|KG;7&-}p?U4CX7wz4nezzf@p*XUz-u^S2kA>tHz5Zc@q;4-dwI!=kfz@MXQ
zH*JjGG_b>Ah%+b%Ih;@%eML~-db1M9D8MlDD^ND~S*r^Y11(2@%_!cSt_0I59`RtG
z<QK9;Wk2x#azXx*lgQ6;?PkCRcT;U*>V4cqU(9&UGfjsg-YSYv$4Y!=mU{jRmR_Nd
zlK#dsuc7TO${j4Bm1D^ZWXj2_cD(}k_&6M*{_Ge@u}74=(1E=swXr$Ghly#U8<QlS
zytT+J9VAW-_!5I851@$&P`80~12+_`A<1{1Z3S8j6zgQ2>z42oSGcMSRL77gR3;G!
z(xF|4x{j5gDF7evr2J=BY5z;^1iy9n-CbXKZQ%b;F#Es9`v21U-x2)m`2RMpt@3}p
z@E+NAD*GP5@4@yxcmXBy$hgY_w;vG55w|!^4l-@r-`vEq)2*CfqUrlGQGFcZq3$9|
z{;$tQH;jLn&wPCu8~lG~Gx@Op@57_~ZvTHP*Z#9K44Je&QWW!w{fcYMq7wrX7_tu(
zUIK$pOs)ej#Pa@?sVIg%vY6VN-|-O0jPr#%YvGG?4x=`eN~u%`cMJ!;&Bcw|UqD6a
zqx<Tkmx>2~N*_fyANE|NepG1JEh_J;>^*WL;dJ5-=CI4}G1o`YBF`llIwMe3Uz6~P
z6BDDOgf67&zNEN)*e<-i@C90jCr#dpNrS2OAD(vmhl}D5RW`9i)dY2KzL>HXI6Z$s
z6ZaSXnfeP=Hi<_UZdqPgpx?TS0CJT8-^LKfY~jc_=d4}sy^gEYHs88m?yl`zEBU_z
zGY<P{B0xMm{=;GRD8GyUu#IcO_s72&mHey9*r5Nv%H^|R{r~XQZvAH~7s!8aZ3Q&}
zt~`Tq#1!UCW(=fW8vd&y$u@YBd|u3EWDKE_d>3oObU;=iFCr|4Cw}Bn=eVM{_DZ-u
z?hB5v=Ng!SJQC3tgj<t=#my?{?SHT=)mvu&4=<ZbW%N=+WTAyMITuR-!KoD4siW6$
zPLlfGDgBJut}y3MB{lBlM6y_EIl2UaXts@B6k@nA6T{bJkfCz_@dN>6VtR_Zf-L!+
z4!9)lxmD*_h1(Twr@`aaacc@_iJ4~3ZBZ1pgI5b5B)82lrUS+OM}P4T{wm2NcehQ-
zh}25_(>-2!X)|A9vZlfC7_oR<K+cUZciSRdMhxx6rR#D&!PI}JUj9uLt*^#@{kMDn
zA^u!Ni}ftDSD+9cnS=UM98G)3(J!hn!YC7TOWxUh{=}j%aLOW4T%uuz-!;H0Ouh=^
zNA#-24eT9P+ZBj?Eg4Oe>Yz_~B53-8+%{`40(55qP3fZo3!9o_mv*n}sLf526s0mu
zIsdp))5PQJ<Oi87aVFMv^p}Pq&A%Vq$WH_G_TdrLU)2K>hFm;@1Vu3Nz7eRb@QcVn
zgI|Dj)ljHXRdyym&=TmXdSVYFMxVf_kim~5;Kg_nJ`a3lp$~pvZcA{EkI)BYEz}o<
z_fvT0CB|uxc$~wuQg}KqCTb5AxdB?Q3gkE^=4<gl(8NGfh!8I>h93?OGFf-@Kr{4#
z!q7Mi)tI}nbFqp%DN!Qy6v7#3WjpA*LtV}tFu7idV<}jq8dd4Y5T6@cA<zHi{)EQJ
zKS5*U?%fz2gKWwI&Qg5Lg&6ai)_~ePP0cyHNZ4FS0q#$h^+Agp8lvvzu(vEH(OPzj
zo91}L1zKz##1dkM!vAIzhwx=w#g_y8C5me;Gf=YT@%tjhIj}h}!VJ}#%FpU8Wi0cN
zP$p6<R(-m4ET6YbnAm%j=W7zuLc+yz0qWOFBz~k~xrk+%ijB~9<_2v<MR?*<02}ED
z83h#<w2uT1asawKX($nT9DOpOzsSt||Mx8GX(^=FsI5=W)ZGHacCMB4zia*Q8^(Wp
zl{?za|F?0i{r+3C|67Xxcyzei|J%y-Nc+E?_22)IYyJ55r=$k<&Ev}0bp9)Q5IX;#
z%VzWW-T2?ebtZ!!v8p(BI|tQoF)%H5fsyBDnr<-egZzY!X|i9$>C?khCZp^#+z+oe
zPYbNt;z#1E^&V?=Shd!u^=hp5y540Mt<IZnyIiSJ0I_F^vj4P~q6qWE0tMal`fMLq
znp#S|UrL0|JYz}L*7Q#rOlMo@DX#R>!Owt+CzXDB^|SK%^Jntzd1(wmm9?$KTsJ6O
z8Sc$Fb8D=KKnuRp&6twn;o=PpR~3=z%a<>{at?Sol=$TBayqsywQ*s&T0t7}e<lsz
zx{L3wHP`+5zZ^CXFJnFb2ll_r|BnuL{C_LgK3gLJq|rASg(O*1n;4}C1{=vp*CIYO
zrnr(|4A}9)91qqC7z~Z#6D==a;%O^1?(Ds5*O+=?PV+eyyZzxX&Z_+QZnA-fU&4At
zWtrPdHj`77%E@VIiFlx$W2hRJi=p!Dtk&(8Pis5^Ed218ogz$|G?HUIi(L}ow8A4y
zUD$$_OPXipH?@R^X<_ql%Qa!BDv+RM%Y>r8;xheW>Sgfm2o+0TMM$+25TmA|GQG1F
z7#mUqWV{3F<xwua0Ei*wu)wKHte5u^t#7W(sSKJp(clv@XgC><RT4cmr_c;16k}0C
z3!TDa=ts;E9V+-u)F{kt%eGCl&e2DfsS97!!Fp1t(1@&S%Ig?(NJeF`OU<U>llSOf
z@q3}>Re3C8?DEH?goq&t&+SgD&C27kb<;NH6{>nwoP*c#9A-wsbalOt*>Lzq=|_IJ
z2Cm1qF+c=u=T_S7l0Hruw}x`oYm_GDfIoD)mC{_NTjg2(gfSIOGEd_wEjn&)U`3XB
zT<+G`xoz~%PAVS7ZYs4}zu}%O4MMaQ&TQfItLB`kE@nSKed-u<5!Q7LSWlayBP#-M
z-z*WemL5MTsT5f^fB<!oEfccTM(HqV_2JZ-8-30;uuQMCFu~<&mDdEm7fVmAu{E?<
z`mD#&7kQRGeT%1BS-J{+4*d+Obla@fj?Yi|J^CN4wl2Ej>Fl^7Z_m4(YNNp)8s}wH
z-@EU+z1mq{EC9f(cYyz-%F?=^BuGRxNJO352Y$FIgEmf*qnU;FDkDuhR38+Y|7i|7
zqfxh40cuL<?_MqZ#Z5jrcQg3FxeQe62D`P$_V6535R4_39)pxR$R4uvz|ALMR=z&&
zR`R*hrLCh_qM_(RN-rff@<kx6QE$G1{AeQ`&dgu2Pw;(=aXv@(#^~Ey+ztn(xP!Xb
zGs_y&1AMB%cqrazgKKRj!R(PSmUyhO;oWHqN1|Vt1D-m#)FlAi>ND}+HY}NQgIpSc
z1S-_?KO73m1<}-#D98T@`P>#AyE~q~aaUbYtwJ_}M_3B0hYT_r!Na+H=n7BcT(9au
z?UZioyi=)_fJN7*z@(77$5jO+s6#;g%4A@d^a1lo*!$g_VW$XAZDEp-OH%hu!FzYb
zaG%vcA&4kfc~)z5YY&hPLfk)6He^@I27!0IWQYKIyj;jWp<D<O_5@O4AUN`bbLD^4
zfin-n+_nGY-1YQdD@DW#ik?nZ{JFJ>lo$O6%Ztr9qUA+@y}an}<VAXbV<^mbXM;=J
zKQGwE%=sS_B9V29kR<~lO#Ib-kZ1uu-mC%}_a-5n)8O-pImNQVzZul!bG(dG4CKMo
zE?+;z1p?a>4OJdpy${J45LMM@v!Y(qZ*Plpy$Cbd;=E`L#zmN}6i2h)ikF(>laL-p
z#g&bz)O+~h9OOOvR^hivv?J41DdT)O*I@%ph=LCPJv8fkvF93@4^yaJ!mae$&<4;B
z8(L`ujWH{Zpp{0GqB$LZMVpMiqD@8*t6Rsg@6`uP-74yfdGT^GE5aazo{)oIrwBu#
zI3L=@p?OvOZ8n5ogZ`+YLh)X7Z2lmp+TVJK?oYk^>%ZD!s*jBMQyu$ouZN%i$R8aX
z?9P8|<BIzJZ?$U;6w}^ZyL*zp@Cf^#TsF7+{@b`VeSd!T18=+4Hz|;_k0@jP{tw*c
zkHY&u2f3a9udQ6^G{cWu*R3gj-Gb*qm#?CWXc85#A25Ba*>*}vr{RY+Tg@a+hsD_-
zkxIKK1jpTbjmc}+&0M3SrrI1$QVB0;&jahmmcg7H#BV!`tE&{NJBUde4Dgsa1L;1M
zG4A}pHzo!%#zflgFb%%=&@*Su!5HeeS%G-ay%iaMOf4rA$TA@;l7Uhi&)7;E5yaZo
z=p;8MQ`Y%>h7lzP1(wUQt}#Oc{|u<H<pDYdJ~f=Gbuk^3r=|!*lLR8<y)_-*F-r$M
z#m3krUTqNXiVNdBpmP@r#dU*@jbmq;16glaZ9F#ZcuG=4_<#WXOh7^hwU^a+T{|qt
zl3p0NN3JW`RxsNz^>At7MmS()n1`T8IC39%i%!=TL++LNMzb;O%4~)kO7saSD$k{X
z&vS#H%^uK})M`R&x3e*jHD~%<gK5-YH6$;6E)_<YdVIn&$X&z1{tfxacxsRFZ)3#b
z&>L>Jw=%wiWK3qx9VZm3>flG6I`Gf~oSzm`>)MBdzBV@awK-on+L%><l~@z=cjL^M
zE&%t$a7NZ35(ie{Vs1K)ff3(WWi*G*cczhJITnK%I^F$aqM73qXx-T6K9}4vJ<hT}
z{`ez$;LD3n`Ggn6duIK!ZUv3@*v~AR!HwA2TpLa_=)t-n99c7<Dh%fO!KT%hexp`y
z_RGy`{|s*S_8>#;miM$djI8lpa)H}nG~#*JxDX6sL^B#2Bi^LlME^9W091-j`;*`z
zsnO2_USXZZw1>tR{tP~N+Zn*@7Qwx=2?e?fr5P|D?t*C!#()YWsX-YzQoVrLwDh9v
zlY=Qb3f0F&B{xP3Mw4<=fBjJE(@no$bXyT^AqYvoS-Wukhs(H8<!-mu>G_D`b^%14
zK)^wSb;%NfKApk0u3T`L5W9`Dn22zH8&Au-Uo#)#aX%J9a^9?0TGbk)lOdLRJ~ipQ
z6Yibg84j}-xL9cnR4=C}uGcBQgS^dtr2&MpelMm<X;eY!fwl-FP7I3u2cw95OPCby
z6h_CCqJC+7u%flZc<hQZDO(aGMnDX3>jm752l+E3sWC~ALj>q06fYE+Gcj2*pJTY4
zKQ>5wxJXHU&1PdEK@^{0eCd~xg~FsiBQYpL4J$k(&w0Js>$iKIFfeu4dA*8!ti%pp
z9Uc`Ggk6F=({541Ip(ZkOot%-0Q~TvNDNSlUi8w)EeBJnl&|3BLN)u-r8eh5?FVOM
zdRHiPVEzqYb3X3Q4BOU*MvT5r0A9uTyss~sKy(Q42*gi)dTr7sJ;t4T8qP#)aLQe6
zLhGlihI{{1MJR!q_#R?$g`WnjPff?vpv!>(p_of6bG)uMyS;L=Qez|ZvXs~(4)|Il
zw{vLH>2)OTm;-q$7cbPRBd&g6zCAGvc&8T9)f}T4u5KFF2G@rC%8ji=%1G)4i;58O
z;@c)<@1ZjuQv6T&OQh7svyAY6Mg&D;ZnP`CE_7`BccFoKu@4b5(kHYy>b=oOUL!jo
zxJ39>py?1|T?OmarTm1Uj&1@`Po((CE>Y2_j$5q;yL@eesGqX*%hE}?(XG8qCj>D(
z9csi)ZmsFxmr-nLs$=9g))e(sC;&MH$BzZjJ2W_)vDi)S6Y;0`y%9QNBY;vO6c`->
zK)fqZRxeteDjVF0OvL>VU%h_P2dy95AxI;A+%*XKhjHnf7}ml;jM>b~blm+w9*rD;
zBa9k(n8F!Rj1Mn&yhQYGU#H}qi+YIowh2GM{%?{9HE1H(9*J;uI6t6BdjY24CtTD8
z`{I==!??g%C&n-`x|CEB!3u%3N?66Yr(c*-Nd$C!%>@^89;AW*JPC$yz{M%in81W2
z_T8lKpj)9#f(hk-65`^!O!}9#DcT+mAU6#gH(d-HNbhydy<~2CI&hOkx>)5!mAVei
zDdl6P82$eEu5H;aj=f2Lf-eT4o=Ev+!QGK{gVk@NZZaKu^a=pzC?uML<&L@<P)p6`
z3V0}P#8;3(`nk!Fx~K>SaWdA1wkTd`Pke_F6`}rlw|0?xLj|<DVnSVSp0pTM>9cHT
z%Z{@zoDP`liPMs`+t_!O?X^CL?%W&56~mc%zuhSJPFkHa9%!@=<FHf$tf|3Gd#wGJ
zy)OZ5tg0F=2uQ;sn+u5Y2*XS=lcrg^O*@?-ZPRI(v?)nC3o}DVlh-y(niukt>6Bqu
zRa8I)MC20$^;2XJ1Q);!P=6QP6>(tz#RWf56j0fr|2cPg@4h8TJ5vUiK6ul-_wGIS
z-gD1A_uO;OJ*SNRmjOqM7t>dR=`)lPH^N-mEwxJSE*9j*1e_s?Np(Q^p=4~(Ncmip
zAmW^PLd5wF$3r7bc0>XUua~AW@;1aJ{`F=?6ByIBn>Srg=kAhtBDFl7mtltNhLTeQ
z@o--}v`#u3AJ&QweLd0M=$b?q%at#V6`-4jOG*ZEBIMzCtk+FN9(>!S)uA`9hPS~~
zfkpWA*O1%#T5A`+)gJV(KroHQ484_-s+5fHMoT@wyvB*1MEsC1s%Igo<6fHiJ;5;h
zV3ey3r6(p?QKU1O3tB@jAt_;c%FM_dXq0d$&ov7-Mv<kOoWaB!TWLX@`}JA8+9Yg0
z$<&`)=aA1lg;vWti>b0&)|!(d3=O`<q62qbZ`jISDX-H9DCg@WBy66#@8>J%<*kwn
z9w&0+6By6e0?Vay6qj3CEcv#Ljk%Etv{24MqVwuG+!Q6-wbs$)ri=6uV@3j*2@`=9
zGF@V5wOiSA>+4Z6yLf?EazzH0w-pVlVTlRL!YNrwlerfSfnm}sQ|+JvlUj)jvs5Z(
z)ijeQHgw%!Dl|OoX5)h`{U{<~9g7QDl}oTx!&oVj#i+IVZnD5nXUeF@5K2vzGiqKg
zxHQUlODno<0cdlO#z-W_RM;0IcO_qhn)fo-2e`OkOED%*aIkcq;zODeiOa}5JY-ew
zbbF+AiPUgxcx1Tx5F%IaI-JP*!u_F<XwqYRdbM)WNUy%Cql{dPP5A^2<rR>pumeHt
z8Hyz%{iNZ2p=3yp=fH4<<Y%6aj9IkF7n2gyqQu~09MQds^G2zYp<Ya1;gSvfFu)<q
z1U=HgUqc2iOAG;%;dbI@lPAJP>Ca?j*pSIg@ZA;`P30ItY+_X+Pyi`~OmSKqjRw)W
z3K7>7b&#cKG6l#WBHwm1_F_;-t^lq?bd9`Y+0uBFuN=hDi6<dOWj06yt*vBCs?hO;
zaj&3AW<xVHwk@Kr#ls#6;?&Azs0_*+rVM$&2p!8pI;dfwwau*wMpY|HCKziq+k%E#
z^4ugYykT<E7h2m*O7U5=2lERox^|;5F*K{KMaZ$k&@kidH(61M!xM6F#%so!HZh_Y
zYRm}N*+{xb#whw)5}bXud61LD>=>$DdYT{{kH_Mc&zu(sy~7utya}Unc}fP+!|x+n
z#Gp@7WyqOTEzL4d<1m{*CLn3^2VnO>pIEeENS{r|G&WyIg0qHU>_rM=ipR8C1p*g3
zs20Ig1<BUA=5=pdPynon8piqy05<wC$T-X#OE&qI2sv3pIU*#&UQF0oN_G;uus;CL
zThY-C_pCIjnjmGTut?4d4P9%JGfd0RZZ1-GS(a@&1Fyll5SlIf(u&}`%eIec7lZtq
z44aXYouZLIF$t_^B7J?~p(<$x)9MzRbb6cZ)}CTLx=^i{DAO=Jz=TvHL=|KjP>FBQ
z;kOu3758w}FGVL6&Ev8PD{#Ylo{NbL*)Rq<ip*Hib0^S3GBt!6OrnkeE&-xgAFKeV
zuE9V>Hmi2AZw>l{<5?LTIi&06+^=@ilE67ml}n0*)LRxAJhFD`9#K*is<g#$RV4`z
zLsBiRG^L<hrjne^sl|MHS_CS<@|q}sjy1bsruV+M!qaeI)>ofnr{bo_BfX$WHTV<-
zY14~=>Pq}QMH3Ddowsy$61}`K%>+vJos>O4T6(UmM<G|ROduM_$#fxCtWf{{cDlHP
zT<%vg71bpyuk0lgGet@+328DBPWH!oM-rScCAX*ov96Z~0hLK5j$5}i5X|~1l+E(D
zw!pOS3=kh_jNExAoNg*XBx$~OtIwb6i<Mdx>W*IH)MGn>b^d{u%_JiXYH_q1mX!i7
zU1AQFtQuZLbTQP{)eV{!!;H<DdP1v>L9J;(wND>PwrHfTG;A<g6(d4f_PD?V)ldOY
zWLp}uZ6|vY=R9kpXT1P;Z6-|-p&AY?T|ox_V5|?8e5N^xQXLHgu4y$S>o_-e2rsL4
ze{do+^hXUs6Ih7NWc)ACMZUR-Gk8^D#m3%{>UM`2HMV_GlTR>PA{W(FlGS;YVPZkF
zaa+NHGz4f}`FGPYj2ygXPik#9eYIsR7ILoHXs#kfbu+#|Z8Oo|3)n!F2YGaZ91vB~
z*~las4+uIeq68K}c;GoQ2onv#0r~82^GI;RuV_3KjfML9<FP?Bj=`R5B$#HnZ)`N8
zw~<tzzUw6}xVin8Yl5x#8Z`mM_?iLI^VUHJ(cKmzef)&NZlVI6Bmks%m>!jIi4g0d
zhN;JTW6@Zgpk}YMKEa}?nutOq2_(GwsGxc~LJqr042_NAKsL8^Rt>Q0#@SW>RqV-n
z?UEd{dWM#*X35+VG5KNb5SSciO{)w%rjzYd)*^P4{3)g?{kf7#-r?>HeHBgfH*N_B
z0S-_xowU-BrW$8#WV=3)DpW#qI;w3IvPw;c^3i*&#!>ATDCN>L-=x58C$bwt8-i|Y
zMPOa<W`&_Nc(ZJoS#Z^gDOS{p6lzXgyF(kfxlx2+YRja{=tkP>^;#!mdn{OyO`(Yd
zLZ^?qL_pfQR4NYeH;f1hLzPK<rRwstwJuth*!G5xb%6$obpY8gv`4*Ojg7g@uPu_e
zRWZdzpA3un!CXF{OHg$oni`f#)7T5#=4<lPZN5f2vupJthR7Ie!92aug=twSYWC$C
zS|?Kl79pCkEGB26@(k@Yfa#UWsASWY^aTybuw2S1xQY<!XKU)9u^1e#s62w&6{R#O
zq(r(Cl@^-8JJCRK0}9+}g7oBpDFw)u0keGc*dh&ClW~dc5<ni`P4;u_iMA|@STag!
z8m4h8$K|dgtci$SwoKG~7*M{lTdD!su7B*9ybfZcG0W!aEmdq<YSPY`SFSo1-E=JK
zNjp2&Kp&X<NlVTNL+Dta0kBRndh7Mp314ej(+HRml~=E-0?Dv-WK<;CGDWu2m4xJ)
z98{#6)T|Rsd%o<Ww4&C2?;b8BH06v%zfblEitMjV1)BWs*L<NNqLfQ!9GS`9flwS3
zsy&slF}bwS?+dhS?h^5gZ|E?rja{6l*_N1Lq9!tpRzNi*)$9>{G>c8qVA7^XhY78i
zr8hB$QHYxhO|atydyFl!eLscG!P%&u2Vs!rdZx>AQdyVF%DodXxAqRFLcPPpP|!ez
zP5yd__ONYzIs-Hc7A|}n+K^v>U5&KGtssUs4a7V%7k0>}pPjMlBrI@3;Tu%!Gc3e1
zr5rig&`EZ1F$o@+Gw)?9TV*=4Y8K1<FdFgcLo-9`fp9vdjk&^R34dzyu?d`)C&#Ti
zo}O$*n=*JMdY*vrLp&b`)kA9%X;jH)rSvFN%ee7Oswgs17p;^VAPwVjK&KN)8H0mn
z$-c)_x=<$K1C&myl_kn9R;vU%)n_;Zh^GkCC9H<As!<YAmz?QSsrx^hlVaN5Gpu@;
z8F{r-xC7fM;XX@=Ni)?_YEF>xbW^%cVzLw6DfO0eFiN4qEPN4$s?X#~8DgYUo{-j)
zQ(qF_D`f})@obdZuCrZen?A-sDtIo2+57-zdei3W*lui-b3|%xtIUZjP6mle5s6$M
zJ5Q~UI5T6Fyoa(Ki3Vkw=aXnyCOu>~I*q<WC(?3W>Z=qAz!8A%2paGd+<X>UMf=JI
ztxK?31e&gGZ6u^6BTFzOteKD667pdnNwYO1Bo~=5C7o!vC85Ojx(d}*yvBLNU`^PQ
z&gIG8CI;`7mz3zqE~wl(AhN(3uVI1`bi`J$9O7D7Zj50d9*jO)OqbG=GFr)bb)&mI
zu;;06`$9O8+b{*{wl3tOX1Zfrk=fhpP}2*+=3@ISjEy+0h-Nv~YFcb@c4(EYYlCBN
ze^cG?#>V2tYHd@^%to}Y**)7DZdYS9sIgemRMn~zD;oS*)qsYKW!CMseOEQNW-G&u
zWO$bt#Nt^Q$Jm>*=yoh7!<lX!1>9Uls$wuBtOXMl7Bb9cKgCu^=Y2Q7)(v)+4YjNq
z3`;@Q264-M{w9EC>ypsmFMyrCBj=T?tY3zN^ssPtQLA{0X<{WYcX{4m<UC|kACSz*
zAlD)51>(p&zOyr;GGh#(DrUXd9E`WceJW}-rNgzgQuXc4g(bncd2MCx7+WQ|X!}Jd
zOBzU*OL$~T&eF5xH2xvTT#%!b+bRogEVP4?Xg$kaWuvutm6a~HIb$@UJ?jcogI${b
zU{HrKjih9xTT=<{Do7DhSeBb&@s^$vKUVKC13E1=Ty3i1-W$jKWNWQ~Y_f}X*&b-w
z<Kg@&oLQKIsdtr0liB_3%^_<&oxa-I1vQ4OwQaBV#6SkQQAcRo2y!&B59+>M+hgVS
z_0_dtEE54p(~|s}VScy7AvD(Cm|*bOQAs=|$%q+$@&i`n<fQ$Hqei>60ok!|*&WdA
z?xv94D5+Ufup^q?yhyjCZ*nkOltx>y6l#~vSAOb~LPSvrU<?d~heo6cOhZ)KsPZG8
zSqut4^R^tvFv{S}&HyvnY{c*a5|vS{4Crq5=pxzZX%hyAeF0F=llm^ao|<g?nyeY1
zLmO>-kc0Es9g?+qNs-;<aF|Qx)#|c*VXsXjrpsMc+sf7Ul(twTwZ#Ih;V>qji2a(S
z8I-S#^6s^7)7}{Al!HzX?*r(Rrg<qI-kw7CO--lK1r|SaH${9i$V;;5Fc$r9^n_PO
zhB#AA4TgqY0(6hmOXk<c=H~6&L;dShgNfDVH1IVxlmafFj0}e3E|Pf14k5Ab&_x)v
zG)p3!Ou|yFcOW#hI_z?b7EzEO4pmDe!|`w*ub&Hx2_@F_gyOyNa3~oDVv3pkgt#5y
zp*}-{+>WKq4o4J*(MZ(90%LT4PgCZHx8i9iNtihKOWe&9cctbco%*5%(G=G|sj|d2
z&k&xt7b?6K4->LXMZOm*B$JvXVFT5$0chSsT`BqKIRML-6%4ewWtQ#S+HEuKYZ})_
zz9<)5c?27D=fQkz$(k0Kb|?AFd~mtsaVb59t2f!`Z%gI=b4oJ0$}6j0X_z?mMUhIT
z%RYo@p&M=7@PnvD^g=}3cY&asj15cC@Y--xcW{u;Z6RPz841TX429PXhoV5dVRu!!
zG7zN;(#J!C($p~OlRQ$CKIX}zMsI}k=ktP5ugL(LA<$+(RjEaSx@V&c18yRN!jwl6
z?d1}3hWcO-2%igGupS?d;7G+lc_F}_E@j!*x6x2pzO7LWP4HJ-{LngTXo?N3HY2II
znJRvzGb_2w7U(&sY_3d$AyIWR?g<!tr(km^NIHtynMRAa=;K?vrZo>WEfAIi!a<T6
z%McA5vTP8ax1chDNYK<(+GwSWzSl-e#DN~MRDc@O?Om8e$iYJDiz@5VyV?!lU<m6k
zP%Y^93!0QrzC4WavFV{{JT<*Wo+d`DuC;4YC>Y@BX_sGGu|o5sl^BS{lkTM*xPj>A
zmJ7U*(HQD|UA!Z@iBKQy8A&E%LnFh;P=qqwf_}DY<~Yx6;Q8A%Zbv#{k7XndNfebN
z;o|)y7+KF+ZZg8w#iz#Yh9YdG7XGohxreQ^fakDu5-GPw9>a4_l+uAb&@+Kv+r~zF
zCZNNmi@3~$0!x0n7|0Q?l)wtJR7{avWSeXZ2u?g4GmpZY`GBd(2caO_i52gox;Vnr
zVHBgcOQ>{FDZ=<5qk^X$jv=QgqKsv;Drlrz6^zRliHOETK=KBvNO)BveDZF?0Ul1K
z)~6_6cInx)G}A222HP|z7}l4#IwX!Wu$09`TWqkiJ|&qt($G#Lah(KGiI6yns2D~p
z7?4M{u1OQ<pK0<!=SiB0l8EA-k=6Z?^_@~emL=zKyr+}U9NnxlXz+-co76|Nq!@5j
z>QzAK$dvQbPN8ZTtc5Rv_4<2onDe9WlHow9og9zvcSyUz^6K#?>RF`*kHR0bgaUJr
z$gM=2W|azw_=apA&nC*btuo+19B^ss(3JWIl()&5N?HG?jnTOgh?ZJkGaFe`mC>oC
zF><T<W4XM1JGP6L&dkKOc9oeuE7r@@*zxR&<*PhhB|>;xZO$iBG+x!H8m}GNFU!HP
zx+_crUW}tn9Opo*y|KZ;&`_U;FK9V#j7Fk<vkZ<jI!;3If;2#^bKJU{J<Sg<G6y@?
zUz%Vy97^<tOv)YIVG&a!ld3Ys5p%jzQ!>{5k?o<IO$Mc!t4%L1nW^Ci5g<Kirl3#-
zI<SWzi7Cl8{tR9<i&|0L+$EVVH)$W6RwCu5$K-)2qRj^RYQj!pL}_76KpL}d<f!5}
zV#v{@%c{=WEQp|9*09UR6y}@F%OXMp9I-V}V`6{KU%A{o)zk!r2-RDM%^}kaPoQ<$
zZ1F(k-dv#~8^#p&I$H})q*ZAYH)D0b%uR-#R_V5F5wM1vh}ef-0Tf|{T-V%P-_xj>
zbFlsq8e&=D*>{fC65ZuCu|}?5H?B#+DT^&y;H?pb%qZFAo>e`GhGWXUS_$sIn|fr;
z)~uI7T{Ca>Gp<oN8o51-yBb0xlymVK5(mxrf*4|H3qfAcs_G3hR^6i3pB0MDtJta|
z6)w{t8-n$oKE}FuLfvp;P}A_yMJ^c!jL=cWP!%pkctt)xS6))ZH>7oiFZhU5b&Rt;
zbg4*_c^Io*BGg%xK?qVM=LFfTajr6KPMJ?L*E+e&%=_aqLL|J5s48GSnBtDziR*6o
z&Ap$ZV&1ToWOhCw`qY|cDkbJ&g13?FNa?3=>mMvPuxNsfL^2YMN)!c*8&9OS;;96>
ztv0Sm1=Ii_m*AY)_OQ2pYL*qkbdc4Ki_W_i8Urj(!h|!KL)V_olj&{jCmoAIAOybe
z6N*NALcMFGexOPg27t*0Q%IY(Q$I5l);$Pr479c}OJN+Y{I!e15E62aGrR}-fViiC
zR&p%7!yw8Hl-LQIScQG0Dy&mLt|DqB)Q=Ey*dohC=p9^)bGk*lo6Ka<Whj*U3D-;x
zoNlt1@R>EM(cyTwH!0<d7zzP3HS`5%c)IjQ#8NtvF)3>)&1Y4}>U*9$sy3aqx;L+6
zwiuh8&YpquD2e@mEoUJ%aMhPa|E-z~Aak<Kq9P9c{v$Bz_IVVg3yh*cb+)Fk81C8O
zk5q0Q^R&K)7$nKC4FqUC%r4ea3fP4<LzQVGF>DB$7aM|oFwCVh8Ks0nG_QM0!M18J
zy`xIG4C7-3t9R2%`l6{7m$_&|)-9C)t&n7_lEs+~7LH2EYnX<3*0NH><R;iP{8aFa
zR0Any&C6ru+IBUPIKA*KUCB-nWxM$%1paVoJ%{C!ja}w+pPegA;b#EYmmHA%tv>tD
z1L4T(fut1liAr0-l37uBuqdZ3osqC8!)Bk+Z=i633wz0s-AryKS`m|acvEx?h6|O+
zUXYYo@v1q4zyyi3gS^jefx;&|)&rCfV{1HQIHz-Y>I`X|&4ZX(mxPFd9EK@$t`yFZ
z*+ttv$*F}UWe%@YDUfvoFmy6UrAcUqt<1|VV*w;cq#n|SSrySZIt3WHDu>1-NkAri
z&!%CmHkiwl6jd23vu|uw1sp=jR4|+mT9@m9j(1B51zX4=;+afnC1GD^=tpLGHJ8=c
zlL|96Th@rXM@pdp2q7r)O6xRmTMFDsy*XeHWRfYO6bg+F6K=##2QDpBs~atkh+$JQ
zvAx9@rhvn7MafFz6<m&>P(oI%xMU?$=2`fgPTRx7J)t;p>zFPUd(x%8bU95sTz_WX
z9lM#fUjHD_Zek!rUUSJc)H9e`4H7%u_Zp5RJd1^VHg2NU$s9GZBxh+iRl_G~FKwJg
zcmiS=L;<&6j72PMO_y>Csu~5(M%VFxGMGj3in4_uPJ^NX#bqXh7JDn<?6_>F!6Gig
zLOtPBG~A!;w7!lbyXZ8qL)vO`&coO>)(+>GFtO8;#)l>J7bn!Slws_+$?r2MoOm`?
zK(%ab_PLN#+Z1MG;9>?!#g+`@wK2yiNW5E&udH}X#)fUM+Y?JBV}o-+FB@FDja_)X
z8)%&qPDvH3_g^i<TDs4KTU{q;<?)=k^yFa`Fin^}WX_{Q{gRB@c#vH473Av?<kv+-
zr4DonQ%mE@x0J=B3*~9bwmCc)#GKa)p=J1_;H4@-%IGIa(_opo75OalF3ivKaCpM_
z_TWhvnw+Yj3{x$iE?hL48B>s}A}nrCsGS+gk@NawDj;luXdvyuq7*uX8x$}*XpGr3
zAEwJ*^ms(i<`6{jb^`_lE=S~Ju@HmuP%T4mWnlW^69t_MvuGAcA0}jxtm({zvky)U
z#M(Ts8Je?6CTQ#|TqGJAnZ-p1g+?S~=zQdy9yZ?y^SF!w+zQA@X%w?`VVa2XUV2nS
zR?B>j$|~4aBC(F<0f~?imds**Fw`OnJ!l&;kuItd&||L5YeSojSYd4@(*jJRAhAj6
znH8W_O|v+pnPafXa;8QL{;OF#iP33pyi!V|5R%r!3r&P^X+$DTC@M}%fEc>!(&Q>F
zcwQPr50J%ptMo7x22{HVPN$R#9w5xakjqZfWlknt!3F|i>A6D8TvuMStS;(Ej0n)k
zS(=ReX{C*L?5@tvx+OC-Yj*q683S!HaNw18(zku_bXj77W|QA$kE1#}jIHrX1JE5f
zj@SYdd0k=Li}8>Nqe^Q#YGmw>rcn>X##x4%Oc73@jcMp)@|!MJhPC5fc-F&(mM^Py
z%NLK&L))b9t?VYk4Kv$pF|~sk`O7o}q$<mNFzGQIHAQ(gr&5P_#t4bhib-$TE91|T
zMswq1ic-cPek<KJrn#1Akxcg&8j1{tl05!LI!9D2>6}?c%@GvU!m9?zqvru3HRoa5
z#cZhwpmT#cX0ax(!j)$yTbSzhMb*3}GA%vzi^lh$1RW;xL(h(-+xns>DoWv$iYbDa
zCQ3Ipn!cc!p5VMbyv^nFNX`T)%4y@fp2VLpxt5>HBgwDrxw9X{NVbuwS&bDJtV*m0
zXcBUnx`gMNV^e0MX`g1{ZC&~gQXQe3RA}5Wu@kBov0!a&s82&Q{?T+g{V>0K$giX#
zY!aAw?>bGhgXsmXYtl?Crho|6@N-`&J;f-GBv2WsNFPvdsy8%D=vRl#ei8@*Hm$_S
z+|D*8cs-*^VVnV9y)K$cBsWCE9=#cMpWV{pbC7)2MiP-8;&QB(0rVi%(8^fN`RWRe
zMXfim52{XpdM8i}TXJL7YIhCmJ)sOUp)!@uJoO&_YtW)qEpSh}@@!*IQmV;91Nh-M
ztuX#?ybp%|a9=1H9*SWgA$$%+qrC%>XkR=$#NPDBLxW+-;+bB<JtT<?tqnyZ2#Dng
z$3tY_fOAQ76AV*s2A1yWDQ2BT>;ux{s6|JEmI5_o<AQXCn!0HFwHh(iWu%PxgfeAV
zB2-D)<*-Y|h7|i`v7KR`wIT9ahqqq1>RfY+|30x>Wz>%U?r&-JwVC6;`&!!<;=k{W
zt67NuKGBIT>f{ove05JSRU^Oeas28I4v9vKM{lJVw-((hsC1<XS&KyfjviR>1unLc
zHxe@<S<RJXs!%~FV`wqM0Fd+M<x+06f@{`FVN%J`*zlv%1jeMCh9&KAJhnE{hkgul
z#Jdeb!JTxKTJ4rl*D{u)Co=ir_jCn*msDwrwI0{TB;FYhG_UJtnEE?Mw&!yhx{)Ws
zKutWB%fdHjiG`Gd=~Y+^bAlFVIR!-8m{T<bVO#K=v0TdJ(s@HXSq2BvWKiRrM{P6i
z18BY%Cev9>O-O4*6)L<K1mJ=)a3_Eq93h>6n4f~7;5Kv~uNTv0WhG}C?cSVpFQb6A
zm_=qTj~gJ9P)$6Nk}j2i(M)qt;cZ2-psb7&A|o|mM@>+1g6NYAXDHL!0hGLqR-II%
zj%I0q4b0pO-K{o5DJAq118r6rHlRPS{zTnC7PpuvFSG3tgdd^1t7Exs&Cn}Ksi-hJ
zHW}%!OfA<qwRxra^LRspt{=}0bMb7K7Kdvfm1+t4eJufhAk`n}^{4#)zCbFpJiI*B
z5e~Jq_fkfh0vV$>I?@;JOS$#<-+KngVgnxu>#@T58_BoL*Xr{Nalv^!a-xk14M#|1
z_C1Lz&#V)(GW72_9!(;OK6)TeQl}?JmAooVqCG$KazS$pLxZpB-eD5SC=d!6w?t%8
zwY->wDlH3Ckx5t_jvt-^ciF^L#xkfKGEg+t{HmIAz^k>9eRQ!eoh|JhZD{VShn7cs
z6hpB2tupT3taMa}%?H`JD<X4N%h@hRdAcZL&(K6Gh+o!~68^guWc^rN_uyuXQ<hrm
zPbDI!h9zz^WB-|1D==jy4#2TWft{G=Bw%$VM2)`rciqv9PooaH3n@%1j_sDX-dQ28
zcd;@GOpR`O7-E%lSzhgCNJ^uyE;??i8kEwMhaL)=Fa)G9dup<cOWDnq8C8N$^3Ntv
zcJU^=b!793n&K*<^Bjh>t+`UU0u#nLCWK-~#5CtE2Go-#GWP~}m|Z`9&z&B0v85bI
zxt6XX#FT<Hm0&m1s~dnBPn1z@)1Jf{HTER+B0P&2qjvo_U!Au{J*T0}=z~ONPDql1
zpDZ1NlGzib=%-YF%?QIji{^)uCSuMj?fq5Ot)^(o$kwd1RJ+g$T{hosqY&67v^aJ*
zC93DfzE<)ouxZ^*e%KjGh_*=5!w-qz^_VM$Lbb>r;#(nzh5phSP>8-a1Rv@WoI%y_
zYiIFY$0*rey}?Pk8ZB2LVl-_eq@eqXw)EhvozAnsjMmKcos}E1&e?@`w?rI^3Wb{w
zXN#ZgymspYg`7{~TPxZ*B}z4Oa;#vY+u8d5U?#spZJ0xTUOHNv^8g!?y_1r<qu=By
ziBN!@YaW%`?r5debF9S%AikBVyL*~z1ud?e40WpR!pT${i=U;M^{9doTxjwYo3MAH
z)n;}ci)hWXj;-QjM?9r18Bdgu?~*>RyKqfJLP`)<U@V#h69%xH)G(VZ_>lz;LX;x7
z7kDBY(6EGLyNI8TGD;(CFNq9}s+%8O)}+<d^Uz?i0JP|3Ly@`tpc;{CuA~fN6+f?K
zb83Md#UfG%H^!zOF_`oPEA0|Y2HIXcvCdtWI}0WrX<ROlb5&WbB<<{&V#-H-iL8yp
zlOv(1$(IOs9>Ttoav8QQhtgECEY7COX*>Lz4yNt#Su{hB84iJI2fv8VW4>yq^9HQ*
z%fx7|Q|FkGLav-k=b^7T6K1cgxqk>HV}qu6+9s(JPiArk$MH{hfDDJO2k7bl?K@^s
zRa4Aq>NlZ_vfakUM%_;ol`VL6=p`H&6}gRm@hH=cHXn57ZR{N`cNyzLJ&BR;;o29u
zk03u7!0Af>Ne7ozfM>;;6Pjg{Cf~2B28J&WL@)zs;Rp=bcc<&Dsz6v=w65Af=;6a`
zRVb#@AYIgug_&*=FsQRYWN8~Rnqh#rA7cZWxX2Y6iJ;MP6D@)<1nC&$u9ReT6-Bqc
zqUR8}FvDaQjmK(5a34C%a<x!yB-A7ZlhFO)q{`%@*}ILF$>hdH5Om3RJ$8dWvycx}
z4%;F^?7lN+PCD&d4iD*Uit;1lSYlj*;JcPxg3(DnoryFI3iFVdiq4icZsoh|VM%re
z9t~;fkTmVN8LLKGf*YEFHOQo@Y#xi#Tg?*yU3Rd|d(OHO1>IawnoJjMrr}0mma}p2
z#FmPBnmIV@v2CnS-W*--==+iAC|K7r&Y!mRwcf?q{j1*opYYoY=-I6@YVZH~0=_ou
z{$Ieiu>ZGru6-KzZIGnH$nXE#x1nJ%{5|Y2`s~`Lq2bWi!C&|-!F>`*zaRN_-oDi!
zo=5&~IPX0A2mixY@XtN>+yifB$o~y9GxQJshp+IT*<AZNo#LYtFUk0*zu1>OJB^=t
z0_`(PV1C9QPYW6F$IR2FXZk|o*=N`b;hDS;pJ!@+=lRX>ZOa$ySFb(h_KWy&iV36!
z5e1l91F^4GRUPZrXFYwD=LXXwUIaD2MM^ks=B0+$&pg-gx|t^%_L=!De7dKh;at4W
zYiL--Z^&|-`4+$PJdpp#0OxhjHSD|3OAQC?Gt+Qv!_04Ag7RM3hu$-<gZsxw=Scb3
z5Kia!SgXmd^K9uHX&h;Nj&#nDr*-VpjG&;m>E9Wr@XWt!=^Kp5H@q_cB~@y8>D-2f
zCjn!>eFMGkdA)w~cliCKGa>zNh5M<h2wAxP?XJ1Z|CwTOx5}tJ{|EgbY?<eOe_L>2
z{@)uHh{2{VmO4@Mg}!*`Da8UF4J|6D`PRZa>UJi?c0=3mrP6vd92!c6h=<q^tPzQ2
z2i?#vrSbes6ER;QJIVCq5IeprO~~mi@vrO9v=OQ_Kwe7yxxB1)3VY+s-3~D=Ks}ih
zuaJd^A%l=!Eobw&QRDvlByNCYOz&XrSeiDzE8|AL@fCo}DaKdkXSq}=m|iiTB8HdF
z65B)aPB?|PCd)ggL*7=FO9jc<>y)+&>GGAdF(bSn4K=(=SGKX2JM``v46P^elwrYy
zR#1MQb_%?4-5`ldo1z*j=3#!BUq2?E2uJbY1p3j5jU**M>4eqP$JN?&DTn$X=r5BF
zt*en;c!-&u70EFrmSX^DCJG60qa-22s&hgq!J1gKK;yP*T@GkviUyQl8trl*b#9|{
zoFZOo<t!vo3geQzEmuyJC-9(Amjk<Tsg^LWz?vN6NJ~qFpMWW<Yv@;|Q0bbLGx;<R
zXQGS=no(}IMI(`EHf&0^l9xLjs8Ga~4o=TTtH`t>ji|Teul1y4;|Wq}9$uN7k49L%
zYwA|2Y2_MLzNWUz6&h74<=T1B#WiV8x>8n9JCGq~BXte*=(IGND+Dr9Q<KyeLrta>
z?u#U)rOgh5I;2uibK?a(eGa%c_R+@8-P;{fpxq<2w|V@2_`4kL4xdMo{BXAjcN^Rt
za4%<fhsWO$Aiw=B?H-swJb|F!6KHAmIQ)TDkJJXY9~1iYyRF6J5BNwSet!r1>w_B#
z_d$WnTj6&rd8Xf5$Zv<#f(bhG8j3(|ZvfujVtnThYQG)k7km1=n*hx<Y%v3DH6^I`
z++OwBQ7^$<pBcaoQv%a-z(4C}3NR2bB``m?&ia`FG&Nz)&&$mKO++2^?e?={PXUm-
z#SE~edV<+Kn>(e&Up2v8pJxd$Q0Lh^^jd;d6U_B_mH=C4{p^@s1~XeTGY4}oFGqgp
zXLp;%IFV^m=E-qpqSyAIr67m+0y#0|ye+c^V8{>o925v^Vz6~?0L&GD{EpfHOt+cK
zkOGXYaM1b0PjThLQUh?e(s{<`7cv?PqxfzWzPAgVLaHBRO=x3(eRQ_t8T=+<ZpYbj
zIh}T48m7Mk01&1_($w}2`nRJ+2NGyA0$C23T5(FnR<yH%16pfHr_}mL=3Z<**4D@7
zVB2X|M~TqnR*Fj#PIR0x+Vt6x7nd$XfFL=LM7~xHkJWmT620Fr0C-Cr*cm$FO*ljO
z1(Dsx@ynmvDXt0ru`^ofa|hOtKUC|@jt(mObhOdG*m;;90TY026llAjH(77L-lPES
zQ9_#?<kp+tVM^P=a2g~X<)CeEG2zUVsg@L`<p~%&MQ1^EdYE)ZJ0&5W-ZDuo_t&mP
zkkTi8Pro5bP|(zAHb~MzrvxoRqfX2;5$Tv}g|)Qlw_j_rUB_6ZQ=Jk_d{UqUhdn7E
z&Efd=nZ`N(7HHFkejT%-HT+Egx6^kbF>|0n)6ko*j&amQIs($hEaOOoEBOf->Ez}&
z)zHH312*qDAqRxt#`F$rVxN%7G+JuSH-=7`(`~L9peWEG05mURB-2#dw%h~^aJk&C
zJ^Po7lNXE>e``=k>?a+hmk7@R-sBErI`%uDtpIqZ1Wc26ONR-739lW?g>L~?U_g84
zpiL5cuZ=7m>AL`%E`?`;65e4grovHj(3S*jN!zj9SR+Y9NkCWuuxC=CfR^4th+0h0
zVJbD)Vl1HDZvbEc=nn>k7eS$hG^3x)y#fHz<e;9uO?-xl9(#$_hS$(o<A9%z3a!Ql
zoVN%#4^V(Q(gP+WGnyldB3^@bD1ehqkOI?s-Op<nU>U2_0C{3tn_i%$0)CG!HzI>I
zm0-jf<B3`gf$O07yqp7sXVM1(Knj4rXcs8oi~^B__;)ML9dku`J)Aq{igY^Es#m~K
zzXpDf&VlR-FtIOU?tzNIP+l&TU82H}1XHB?DWaBIDwj%=Xra?cf1tk@NM2TGcw<)-
z<^v(@68iUVq_E?1Hizalu}ZmEu_+`s<`UG6ZfUF}%Z4`q6*G;?Wf~v=%W|#{tqlz&
z!>MR&wG&ea8PEqSQDeHP@|qOMqJu-$Cck?bsVcm}aMeOikEKl*i3qK}DOjkQQUoYs
z7H4{y(}Ty&luDUEmCK`*F&BNo-7+*f8q<|+^&kLdjS%34?nxqBDF$3AJXKjx7<jiw
z5?)|-G4d7hgn~Ulob`ma<?N9k!2`|cd{xedw^7%auEl~*7`?ZklNQWdtf&*CijtSp
z1+B+vtV_GkJ`+JOcOcP9I!PeA@Np@rhfp33h1`hFcv5BJI1D?0_yO*gn2R2Rl9Zd}
zbAz0{Q+TA!7BCvy_QbYrn;qM>GqG*kwkNi2+nQ)HnN0f6xA*@3=UkkdbFRAIRaL8M
zt?GWOmI2Z*65Mztv68SuxR{6c81JSo5~Ez^E2H>^rx?d<6|g^d&AR!G{lwx8@eEJX
z*d1y*D?O3o%Mmn_$%>`>pI=+J99Z#qHfx}omBNY-y^@vrIY2X}FOt|R6s>fAZKf41
zhJNSq^O8XOn^YuiLcDW+Vl_r8XD2`3q)bNF$izc*7lRU^)|7PeAibnqOMBk5z$(C0
zlA&E$C?qiBu;W^_%b70C1R51}|AM;BKa-<j#2k-$!I<}r(H&npu`~XW`-k&%jnRRW
zT}{~NFUq#b6HLhfvky>Hka8)*BS$pERS9j9?{Zm%B`l07V!K;o3Dcd(CnB5;T|qLF
zVf2K`jDrn=)?~J%h@G}|)CjARWM;ErsRpfQ2Qo}8EF826;Qd8mHYIwl;O3R#s_ZMp
zg6O0@7W%vqL>g!pn>z7v`67f{xJf9uqR9%y$C+aWBl{pcc}BA5Yn`T6+-O9yV_XLw
zv_7UC+y2!qjdIdFddVGYGK7SR%<w0EO`fdyvzXOoBQ}dQAh3(&*>7-SqzYs2CSPSN
z1ZM@l6-pU4lsGdt=@dUb30HP-5u{OyX2s?zl}9bwk!^FU!yZk+HP*{&?@8j;9Hy<U
zhP;h*<Nmcd99Zlav_I2xDGy72w&{wMnjb1lR&_ybxIFaY$AUh?M2>jpEFHQgi!vKx
zfB<J@bHaj)WYu3a-Xvuw;2P)|c8T&bL?Prq;pTtbm@Gz!`4f>W7fD@qh<D83*n!MW
zZ-kj0n^ZLczw=W~wi-qOo)GQwT7e}!1gq6=qvV-I+wHQHm?tNDg4m5!=xHP?$9cen
zfO{4fR%itGGUfp+5bsz<j@AQ?VF|l}aZj~(5y!c9WdaE;i5Oxhou`3XVgNIyp#-|d
zl>zE~iJ%*`D)2C>5EG8R(wmq7l!S5Ou<Y&za>Q5<&OKMMZR{pa2hc>m6fKD`lEG+6
zNpI+}F!eO7qCAJ;+JW3aIHMoFBE-59GuOsT!3NspoqUM;EK7K|qS#)EHGj18Cp@&N
zE>M%4_cweL&#wc^SgTIdXF*a)cZLb8#YDy=>Y@<=n4c0ezlL#3n}Y?V7K-2#>D)gx
z^M%VX5SXz$E(FM>^fgQ|GjMb;_S!>1mu%F|oTZmG>D?FS7$nm>ikA(Jw9V0w^O^T2
zIzwhZavr?%g4Hp1HM+QmBI!_`|MZ!`?N%JYq_)VBV?sKfVPaO7o4K4cLWfCYr;*)}
zMM4Ia+1|7RgZ^^V<6m9JnfN8WEUAaHGJQ<*3tkNs<s&83H;dbN^D=>p7;luVfWYAX
zMB$|iiD-K+ilLan9*3K;06`;b{Kt8G*1+A`{Phg<^i&m3<o(NYeD2G09J&uPp8RJ+
zAhjxo56-&6o2*$fgyu4Cbcsqo#2FfDR*aN92JXnlGR$Ho?u&nA8m587G0j<D6Bkz8
z=&sJH6@*MJ{#uk^lMLu@9hi-GUV#^@DyqCq(cQeHv*!^hG;jxO&}eAPca!Ujt(YPm
z0eEk8A_~V7^vF*c_;Jwv1v!f2;6P)ngyFz}k(0e)Vp^ZYyCO;`jx#g7^7>INYa*lw
zB)B{!+&bNfS_K8&)>gdXAvK9=3;YrNUSjy8dR=A$d?D!RmhA`T9#Y8T0V=`BRrX)f
zMzo<L-KMV30E?+m3V0Ch4N@1*WC?T9q~=E1(PY+mk{?#9FjU0j_BRT?5G=9zjM(O+
zM9v`u$HP*|T4)itJQ)ChZ2PP-ErqKXH4a{v*mLexGlgh^bdGAOb|h;;byM4+7dtyY
z!ClG7{HZ_+xJJQfS@rydsmeegifmeV)`?(27ruN9lLqJHb~ozcnFB37vnA=vi9r;}
zgxX7uc>ImZJ=u|r-S)JVj3qdRx!5hvM=NF3K&%FfL^_L}2O$}U%*ZM@d~)<_HhUr2
zrR-62UcNyMl1GA<JSi@IJ`<5ziKm-(LT;OT4xz5=V<9+}RLWp~1?LD1XdFh%J28qP
zOm^>`PAFr^En$aiND^wyuf@(Q01HB%RZ5{t^(t=vz&v}FJTlML2D!Ka`xMQH2DqF6
z!O(Gvf^cq^=q5rs)m2D*^f)K6G~_YO;)81LgOw4d9e-WesQ<#k<1QTcR%BXEc5LCF
zHyIa$MEW&p0yG9EV$1>W`D9|8u_iNw(7``339s5=2zGWSPPo~8N#soyFlZ-Wc#WA-
z9;p|as-|zeC{6xlu|e;@D=I3h44|P&K<9L$!ccxKn579{qh5wY+g-$k^Ic9%WTghV
zq}S&>uv+1EZ%l7ZS8O!ei%!Eu$I_;|K*#OXX4n`stum!IY+a?-)a^(QJ|n|l8Vjpb
zQgJ4iQU@Dcg=jRg?v>cNvYab}SzeV``<h$}#4785UtASGqmXQ@WtM>_G@+(qLD9vI
zt6P(0rF&9q^vj_=iK$;<PCV&WhB)J-YIN?(obx%gZ(e@1QXY4mRegaAU6)GsD04L_
zq)sNE496j7FlbKd(2g+`v}_IDkj~b%liM@J(-UmOX(3r)X?~;`uzd?&mtwQ=9?8A|
zFp!@qZ8gdXgZnML<#*F1u)p@RSKB@5;O06IGblWtj-Su$&E&?~ps{0dV#vHoh~k;!
zT4dAG%S7f2mPsikJdds!;VAuJ>ZR6~j3Nqd%5)-;8;_3RoXU(z3NK<kQ!EqIk4?D=
zPB{-aw`Dx<_n80Vy8E=>2k75-`-CUj!o!*ixDA`W@&G7f!}Otu{y6pam^Zr3n%4UB
zq@nRw=*GIm@H&2H)|T<OKXtR0_3AC)SI6&QEFf|pB=Fw%)W%_rEaG)i_q0b9;y1NQ
zy_svY(^d>J2|{~1o$8B68fbYO@KD^PlnG7luwKiKx|<|zgLwlzhVo26o|DJBQbQwV
zHXETqsTq_OvK4EgI_H`jL@w+h5g^uUy+xx|aU2TgETblr0803@t>sEc-<b!*IXN8i
zB4S|HBijpIuRBy}`>BOw;$}y_hp+fDI0SX78WNJH?B@=LoxVfI@p5|{86FNu2n9q?
ze1O6Nq{yN`6H;+5Q4LEa(eTd4?aS0r*O5PkZ3pUH-JpJIkTC1DCb!J#=}UR|JWgRq
ze#AV>=q~?`rpI)?#<N1{O@kxRMflT>fx=5HcMeB>QWK5$EQ%XadANqQjr_zbzvZhB
z3{$jl{*Ep4Y@)ZFPyGT*b!S}CK~yo^gVX>YR7>BhETy)$;q-S&Lo0Ntwm}vdL6sw8
z*jQa%`s7;^YkdC0)dY%mb)s2v%7?S+FViiq9%e^!T%s?r+wBidg|<Qsjm3>iv1Vr_
z>)neF!*6nx1f!G;dUlEyybQ4=H$qOH#cmnRiS1SFG-z^DugdwLj^R@4EUp=v(dx)Q
z$b&mIq6@(cpe42;3}NE(`a?gJS+SI)Lz>!*m!yWtoW-PgG;y~JId)f?m5aI1f;@|;
z?Q>eZ?|vHy=qZmveCh7nQY!ODCTt%dAh*PzznnffpkePQUMN&Un);MeM~{XOX|eob
z1<5(d6QKw`D9VT{N`yF5N5Ez0218Q^8ku3cQt@5kaN>)}NsPp|J%0LvzpusE(((V<
zQAGA2W8O9^U0+^1x+ET-<h}7^LyKBbw&NzcOQ`K&l7Y!yzD@^g1ULi-Y?V@4Bckp&
z3xVE_%#=at+`x~pu@Rog8FmJEk+UqYCCj6E+{M<35I1oU0UrY^%7(!wUOK!%oNJDo
zl8lp~aROKwJ6oQibw^y<8e<k}^QB#w*>9|WwR-6U=O4KIIa5fT9-TWotE!@5(vQTj
zcI}b1-q|U|DuAY48?;KCM9C(`z}3OmMZfdauu?-IhYf;4C^pCZysRZNb)dDU<<^!}
zaKRW+sK_iVKe0xZK@pWu&hb->9z3YUGtNkf(nZ@;YIPf^86g^qny^7bSRFJu-FW@H
zN|H9@#>0i93ME*@v)mypj2*KmCL_6p7V(NhAen}>`ew!M@mW^4%51tKl6>f@0qg6}
z@|(66F+5GRi`5`WL)+ygb;<Jd(YIR|NAY#VfEZ!?XfkP)>`+|GknG}KRp94BRgx7s
z`}0;kmXFKnq+61LrGOs*8Z5?oCc#A-pC#M=(MyUdMv<&&Me^52`|+xtOgODgSL)pP
zl5bxw!tI$0D|^Pvi7n6Oo8@SQyMvG}r~Q18ov(#|&gFt>^etxS+9CpETy~MS=0>E|
z*g^1GzL&yFz{_(#uko!vuKR01@aLMx)2EWrAn<;#i&=F<nSK?U2&x>F=qfH0ozDZs
ze%fwjNN<OH5ruFiPQV$_Vuuq&qn>&N+2Mef{2CKQ^%d8{d_z^)@cUb=bsI;?ZudAg
z#uDX1mOd@6jO4KUa<fF!cXJZ^7!n2>q-yf8*1B+BgwT>jt<_e0Q5|1~!u<AK#yXMx
zii%t2XL0+^>DxoNZs9+zKUa)k$Q_$eI;?dIhZ6zHr`pR<-@|!{ci(CbXDICpZFKq-
z2rB`#9y)MbT9^(4$?at}I!SXkVd4UH(w4Q|EX5Ozg=9EZj=wbJ?7y;sB5A2bgp-Eg
z)a+2US-Wje)h1_Kfz=!gXJ=ajtIM&*(Q%hFBB~vAH};R%s2X^6WL)}<OO+);zt84W
z{+cH7*42hTkaz{Jbfy}6QJ!!XMB{C*=C($Sq5r|BbD<%fj0Z*|nUS;}UQC8(@pllA
z(>jwsk(o-|Jj=<U@|vl-%-|(wQfah-fYYX+v!V2Q-j;ud#kj1Y^tt>R@>&?%HU3pn
zM+fT__-m=H<4EYH+|cj3?OyZ)diY87BO>e#8UE)ttoq&Vt9jr`xvA1r=F`W$qob{1
z=GTB1M=s#K>)YYc@u3%?h2M(d&2T<4m;V`T>pXqXZ|#6m+=F{(ZYd4#Jt;3iKcf8W
zG|MW(-q*}+rlawNqhUM*YVKMQUyHZ>@j&<Mmi)dc*N{up2H?@}0urSQEm>tYB|?X%
z^<2eiNARUbPvcL+&NmImPi)Q-&mXb8uRxD$ppouZA)bD&`uxH6l8c7+zZd)gs^A6Z
z$fe&9^bCMJV87;|rjGEi2HAG_4)cS4kbuoQ-G}-@-9ZWO!2AOeAvZw!A1HkL5ce+6
zX?|e05kCKL5BAp#qt3)vCrj%4Auy?fF8~5oAIyJR5Oxqzy~2H|cG#S_<cI!;`_ScI
z(9ZuwssDiROR>|^V^K10pcnlPcWnT*({o55Bu*dV-&tY!hyQ8m#HajsdMBQLK@Jg?
z|8xiU9A^A4?jO`>|6PgL#ebK7!WjI&E@BY>E-mH1lO8y968sD582;ZPjj{iOJ4?TH
zS@J(5UH@-Id0qcMNmC)k4f=-@u}1$zh&E69FCWAY{>M;e*ng>={=Y=>{Y#|Be>Z1S
zBFY8gAO16g5&j3EbZyMP<57bC<pcS@qZt1$Yi|D~cLVZ2vshpgLXiEl%i)NTU))x$
z0-O4`@Bc?0xh?#&Yv#B<OnUI^{YP!K>)_8{HKLJO@3CNJ{QjJVrC{IxxbKTmV$}2J
z3(iz~-G=|VS2v7?ZCfIPR6ESflFZbjD!-jl-JA9*_W5~eY`hGdo(*YZG8QO&R&QED
zgKRlydas3UUxRra1c|QR{JBy4`qDkBStDRA(hGM}t<4W8^!VHwO@Uis{Cv#b{Iyx(
zfxS}W-wVb6Ap9~{vOdY-dk_R|!}SeCnF`qF{&@d~DL+7I+c5(89p3Y1%Uvo+y^izK
z{!hUE^yT<8s_^Y+M_E4@FuL)&5rpr(KO~^1gz@h-r!bw9=HH)|T%Tbd?&JN0K-4S4
z4B*C3A;N%`g8<GC&FlVM^MhD_X1+Xtt)e)``8RvPddR}}kBCBSrh2{<jhq0E$J&TU
z+NXZb9-9QxHJF-@BE<Wxk_`k=v0ponx(z%l`+brvqlT*=E!X`zAXm#u3Lr0+o`*V}
zpT70K*Toq18fH1<{tCTtU(8y1oa0Cf0EI+iKKJ*x_L>WU`}pfbq2BujbPK)-jwIbb
zz6W;+GKqVh!(tWx`1&-Ayz4{R{Z7*TN7T&|)DnJi7rXdJ&c?c^+pn;TyRSzD4&DDp
zmtVlbi#rZeoL_JJ^cE%w^9<ok29a7thOR3>z|s#DNqwMD-&bbeUmV@pXTMz7ITopR
z*ky4&Q@a(3($u?JH5k1K>67T6jHG9ot;SuBrS-^PaV*r~yxo|SG+5JQx|GZFTNX2*
z6m)48xwN}-=T0?{*wty2s43diczJp`s4_}dF}u`@g~h_`WYT?>%aZx?=S)oo+ib!+
z0ro}p8gcO&xF-@xb`@s0@I-FEuf}`qXZ-_O`o$hQJlmo8LhP5!bY_kG2BKPN!#Xg_
zB;tRMu>)dO-PKj5E;{NiCg`%<3<6%I13{{Er|2%}->qC|sy+1>r^D(P&$Az#*a@fx
zBXb>Km47&!mb;>#Lf<ICnaZ1raXEVMxtQ|m-IRbmxP6HNw*$<^5406tL5reId1_^P
z+8$|`cxPLX4LdkfNfOAkCyz*7iSERD&oNlYza)-ub_F?;35aAK(PkQcynqbU+dIIL
zpiq~)F`mg&VaC;Y@ZsplHcz3dj(kVblo4!69<IFFIWJzWTZKk@;?2wnCGIhp?1HsG
z-@EyJrynY9!n_n@M(%qfE4oTcXk(X|B+pLe=uaMWc!UmqD43kzuP6yMd_e<EoeCKV
z@w^~hL>m{DD}zl<PTi%a`iRzjbvB#@AxV@*#T<BraRB2lhAj8k-mFKPh)AAJ$7I>7
zL6@pl)`~Kh1r@1iO5_&G1m2Pv4mBkqgL_Qj8#~~|=7J$}x>FjfI7m|o=PChp%wOkY
zn8sKf3M#=m<m6!HM*g$QjqNl%l5h>8VO{P*vN@Sd$X3E<)ii`Pq3aZ8Ot!(D8jy@L
ztFyex5$MUA55Y90jTDUB1F3zr|K6Megj&`$Gh=zukR<#)|ILnN6!^2F{S9jlc$;<&
zLA&+9NQI_=@65h`W9x_nK@NPJ6ZWNw<h1%WV2&&0XjduJ+>M_Jm$GNHXVyoI-E|?A
zDN9(ArY9%|u6F*E7eAJAG80P5zzh4Eq*RwMDn3+oabZIFUYPsNgWaN;v*Cx42@P#o
z^9Y=~Xps(yBEoM00@-q-_w~L9YzIqh7!zHyD%fiG<l&^r=}S>68cMeO9Ij3nNBX+-
zb9@U$1?+R|qtax=89HH%t0xz41LI~It39K>HL)AR_vT}u@c8VLHWcgc*R{3kpWhBy
ze*)71Z)9zAmK4?cz|)U@9U$3t787ZvFR-J%6$0x$z)_FmkB}ygnuppsm4W+-kfCl(
z7w|A4K;&~9f4!$Zva2|DIj;Vjt^F%>Huy9}fB*8g3%j5ArIX%uA>d}YvIZWcpuR!L
zy;`^x!$mZBsl|GU$}ixLl*<yvUN`EFc3$97FJRZswmTHX1a@uW`a`kb55*n%MMGqb
z*H%$!Q1RlWyJVzmteLF0zEn9wxpVg~NeMh{)EQpX0}hGQ#%XthncJOn{%!C5XKzw}
zGi&eaw+w$=#Q|T}0!M+m(?f6jbn89w0)n5A-QEgXAR50^CAebA6)tB56XS%vl-dlt
zg3~M;p|}a3benwmBOQ|LzI<sf7kdymN>?S%K>DNMRyg$)@!bv}0~aQY6W83*Pu$YK
zgUqQ!gsk8KZB%F~ABk84eclTI{XCy+cW{icz+UHBy6@M=h86fjAYc<9TRGnuW<RlL
zP%fT3+}oiH+@X|dFqX5v#N!L(R}Xm_g>vWMvOlT@@3k#ZUFwh0>U9l2VICEiU$=k4
zZyof`GCSo!mWDmLsc<@l!5V?OL^VP=hlsia8Hu^D8>cHyUcM}q8Z@}71y#P{E)Vp7
zDUqk>j-e(}uDCZ_Crp)b3<BGOg!^KcsoiqAy{!Tva%h`Boq3eh`O45WDpRFc&rsp1
zCpYzA#aYBq(^U8BZ&kv=jVN!!**)UQttE^M8rGq3e02*3KVuA6-++F1pex6~Agq>;
z^)pB91>k+!v?B0ZDHdX1yhVS)CD5J$k6_YarDVJM6aD9&ct<Ps<t(>}0M&9qbP2Xg
zs@elOC6tt7s#!(9rj*a7+SnrBK!75*Q<!*a&sR}wNabF+FmzQH_NA1Af`<-#|6dY^
z*mr{TvK}UBP!ALUFerNd*Q2j^MD|uZRjxw^2w<!e3e<K-;EW8&(N$bGY%cl9xWFl;
zwoA38<5s72iIHfN^;7xm$u4Qe!<vEtUl}HQf2%6#0gSp8OBg=IOEA{+)yrWNlogtM
zOq36)7^qHwA6Xv5<qImq;oMkA7G~S_!(3EZL1><Yr)i;k&+{b1fOr|@g&Ouam%|ta
zMes$LRi^11X=z0C#Uw2E^mOS%_$%Ii1dW2Mf~k%`s|D_#n>Hd6;HIX)=Y8H3=4)&0
z`{({&i_iVO#?O7ej3}U~X9`bYn#@hzNVPpr<TZ7ZW#(Uk0+7U8FeTB?+{+yZzv9(v
zDkd_q-uD~@JAWr;C`Lb#y?L*Wp9~*A&s<C1n%3VaLJCgoA+kA;{fYHd-^7s`pAx`4
z@9J&t%a!cgpEfRVpV(9EMWKE~VVuko>+R&u$<5+cbr}Xl74l#uW|OfC6s|CE{A%hf
zqw%6(&<RQ*;GAY%Jar9YP-TOw9s3=3q?3CD1BhKFNZ6NH8ZL#P%X85BTljS{n$gG;
z$?Ygwr<5c`2o2xcad6ZFB=xH;C!_F{Fe=8;xe7YHqbyB-jm4G2x;&lD?&i!cM1xe{
zsO~l#jdVqs@Aj@8j>y`zr+cNtxH5d#=;cU<#c`h3MZ2un!(5X>lX31&yRfs(%}zUF
z&&uUuc+s)2d{hakLssb!{AqE@fA9UC0|@$CDs74kzBM0q`6l#G%?Tu1pPEs_bw2}Q
z87|lWPYoM^`*fO5s^d##s=+rJGAc$C12reAP2?GifNz2nMTe?QrLkWDvQ}1dGd9!F
z>eU#f?2{t3Nfj=quqL53<y7WXfxy^en!C_g;RV*tLNs@{CPn~Ns;poPpnIZkr?gO7
zdkO@Zahf(HCRXDWWfi+;>ip|i9?b}|>rPD*=B6%_<7q9Dn6{`y0vp7$a-T9rEV?r1
z38}X`8Cuhmp*e`pb%S!_vxe0CW-M9!AWEImTwOlCSO_@G7PhgE%Vw;lrzCYj$EAeA
ztSDf}*4^gQ)wRQ#mCIrI<k4krFnXFAksba)&yKWz$&?pJc^|6gmsD>@Hkmu7zQu=T
znhMppZamCyNo`B7Mtwd>hgYBmf6IfTQ!pg4jWYIt*xGJv<hFFvDIePmQ_o#24GdFn
zW2Iqxaz@PKhfPLmdZawt300oDoWWu`3h6=xn+o|PUeM>xp=<<}l{GT&+*uKjwOnML
z9BpaY*;cTphgYShuh8WA7k7tN!n1G*c@lRO6ID&#dw7B-Hu*u8?5N?qg^O`qN=yqk
z&W`%=Y6?RdH!Qvx(5t3-^F2+y{mhy8$x3(;Rb9m@s-KCqo-n?MfK!R#B*|qoAoiV>
zVbnNm!zhm~GB{pxMot11<Zi3_q}f4!kAj0KZRw4ghYpg}E5;gUin}jwNxfTLm_USz
zeQ8FO3s9x<bzt`K624QSGn_z}NGMK0B9tl{!{N$Es2n${lopzQ&VFn!6(`d%zxdLy
zsU+)ZDI~Ox{D4?Y2JaC8rarn1O62^IH%U-D!Bpge3n8@=C5jXO2%eigFEm~dinKm=
z!plTElrWbFBBG5=`9yWvhnb)<U(#VPpeIBw!<3TKy}$=q+U&7LPmeA$$}SF;F22lx
zaf5*Eg2PSxp||0YAifPDlkt1^rsWk=CzLt;a8i=W8m&r->?p+n94?B68WD<i?9w(I
zF&nejOQ970n00%51RbSIw3|H+tAMpoE4}4JOTr&-9v-FsV9bE4F={N8HiIREF6^VF
zuoH&8LrQj3IUHe>tMdnU1+!@`F@IWYgwIz<${t6lMP_MgK3>N38z#l#>Y|nsbvB4M
zd(Yl31&Q;JW|f|-<%!Bp?c(#DbaHO}0|a_taO#ARo{I6u0e4jS+i%LH+sJPh4K4HK
zA(1erCm{(R^FiG&?KcaZ_+t!G>7jXiu)~HfhYfDl{KMnKAA8--Y$VXmk<GM6W~VN;
zWGHNN{t(IK#1IFEwDuIql;<!DV5*&tY$cL&^fI!lIr0W7=AXgFFd=#s?_x<8(){vO
zqq(Z`nK+lXh*W6s5oSQSdYi`po>2_ECuPaqzXgDnk9{nyNMNUD{qM~R2b*N5Bwe&7
z0ktX2X)p4Odcunq;>Y7DW4G++$n6vPve+?3gIO=(5`Izu)B1BFs8D|WONU3h)^p<1
za^x<r@-@3P(xu9lc3y{j_L2hzriIs0`)86af1s3YBp_ay$)kAH?(f8Wf4+5wIGe|k
z;^bDv5hc=yRTI8tAq+!mrmreIWXJd-PQ?Q?%CIk7ke~7kGV`Cur9$G7qL5kX=fxQG
zCR>rG=W0EVkAgh&><%{KAI89McDCAIFE4z}y3c|JHe%O%V7t*k#{$szxOyA-<OEfk
z|6zFxe0_!dQ_$-=8*?#2Q5n$n^er~|H*TUggH;0|^<{+Q%&T$~3B$qOosmqJ`r>@r
z3gLf-?!Eo`L;t#e@^L=&7Vy&GO^CKS7XXndQq;eRP0W~Vgu338F&E(VrYgw~Q{3BX
ziS7IJ23=?Ck1&Oqu79$r{l`f<O^leF&X&r5h@<?IJd=0+N*Xq-9Uoc_t3Dvc7V9G*
zVIE{v0Jyy5a0ax$?SuUMQU`gPJ88@VA!g45f{CH}uFwO|_7wPF%zV`Th%2X688hWS
zXT9t&$G8gPkrkXT3rimOdZA6!CqH=+O<+O$deBZFo%Ann7V3Ni^v!{+wg8ddbZ4#u
z42=#y&JDV5=76p9habo#X}p$!nK+X`MQJEcg;`wl=1fMeqNsK&3w?pKqsZ5izt9SD
zL35-$I$5q!0O#iz%ALO|s+7Ms<pL}S{(|4EhmvItSu`PBJkE#|{8oE$mBkBxre#m!
zow<5e1?J}(3~BbLn_$%mx!dgH*qzzgGOysv)hfM&MU*rlh8z}|(c(roAW{9u^Dp4K
zxJjOICoU^D5!V&5B~LY>hsYsYD=*N={dIphSnY4|ZBI#||4)^>SAU*6w~}bx@E?Wt
z!@oa#OQV<ggJdp877G16-Y)Id{Kydj?&&(s0@<rd3F0bFLrHX!3`13PWJ9C#zD~_G
z`##YzYtld?&%~GtXZ)yjQP|c)D6sE!-iHCl967%Ol;#6hbAa1m_E<osAjrS_23^&8
zK%33$^M3hn7n=<MT_MI><ca|-=sON2^y*>{Ecv7@NhYlw!HvnY=Z4>{!}2ATx0t7&
ztWY_>F^jJV7OnOBQmvekjwx3LGQUX?U7Nk7jE5#yOOuB;BMwdWuQ_*mV|jj-Aq~B3
z6NI9l;NDW_sz8vQ@7lnK_&%BK_UDkR+kT$&HV6nn11vw0+o87^KEG{)!9M}_I{z_w
zE&gV*kHlHoIYH0@A*T$mEc||mu+hJQ+o*XuvfjUA%$P^O9mbe@sKY(n<`iywh>&qv
zO#y6byC#~(X*=yV8aVq<(*4q5&l_}IBpzCXB#AbuI>c*CJw(W8Ekk)nB#CQSSCmAz
zl1)&-kc7$0h~P>jiWw<m%NN6Lf@ClhCus*SmX&R(VnV@`uwte-NxQnp(wdT4%o@zG
zl9%}qRgA?+R!~sW>rW2zv*%ArYeSxpA#8;4KRrL1p`M3RAWe<KPfSRm9jd!H;ham%
zZL3wSijnnJr2?Eu6iN~ljy?82as^yA=gI-hNvG{HSFJkfR2n*Uq%O>IW#Oj7ha`2f
z!%gB477yyAoM`tH931^A01r7(u{Ib8xia>yWu0`21|>&W$LZI*-ENp&sbXUqKx$QC
z#Zk>J_}XlhpFHoL&R^2Qm3kH~T2VdX$g8*mnMO+RqM|;l&Zb2f4A3`=Dm5k4s4`Nq
zVKSMw{Ha53_viwv4Y7~%#Kjm0YM5f~$qX~h_ig&vqxD>=CGc}uxu}DIQZ+QgxwH}?
ziYR!5lIUPK<lK2>?jfaaVM-Z3twbKRdQnCt3pz9(qyZa97EF94u5w>FBfvM}g{P5=
z+zxSaC+tHU2PkED8%@Oc79GVppR`F8G)b-E0>oRmC6C*MpR$pbm#Qe1l^Z6bbZ&}(
zJxS+r)r6qLLzDhpajifau9mW3K&BS!>=Eikka~y_yp<XrUeu6Dq#1-rFsJ0i8G(W&
zY<Vs@e$5}P3@yi{W7%jNcx^20mio#7EO&Ny-Xa+JHgzS73lJ3q3NcB$n6-Y7Dh7pD
zPwgMowKGj6TI*LZYg^XK!B(=@h?d<5J+0F02*mWV){{$kfZ4KITO2ywh(Y!!EQnJX
zRb4GKvnTQCqykx`n&9{oH#oPb%=iZnZ+Q}D0dvx{BVN8d8qI|TL^KbX>Z3u<fj`Oe
zAx?@@DR8xH(tic?EX6da-Rh^NP0hhjj=isH+{3Gb`OPJ2L9-;-ILe5Tjmk%=q9Cuz
zX)ZcTvrtCe;z(N2YSOAwg{P>8O{9mx)ni{E<V}ckDkdjQARLR;YXfa$moQNNluf*c
zdB|-Qt}$0Jc|9*KyH24ovZ>^$i|j#>DV+MyBn#8236p7Srk*(S7pXLpsYIu<kY!Nz
zC~xOvzEA{Ds9c74V15Je&YRT$F5uRNnd28>;*r6`JorHPgOX;^N(4YpbpkHFFOIFH
z;k9$JD(5u$ji6j!6C&mGh@^8>*s-58vxp>Kz2Q~kovJbpWCiX|oL}$~u2p`(VulTo
zz2l%&pcDvCWVwMtV}<vW)dsOkXR<W~!)?`eyImf>Ijoo@Y5dH5MVoqrb**j=n=hC9
z$^}*%c|3d18Cy5$W(^-hTZ>0qx~jivk_Fu0SH%p`!uQKjgO?3DL~dg%<z)VSfd8RS
zgBDGUuy*R1f>o4Hl7;XhKD=5bm*N9KyTpO%k=SK51l>i6k>t)(0afUNY<}ypeCAa?
zS4ty~=kMIdov#!d%Kh~hE(x<1IfcQ#CUGJ!xFx8k;jYtIYWpfsJbqTcsj<Xdr9z0c
zuCe%~ku*uGR`bqAkI6n;mA1#*=7=#*-Oa1)&Xd1Xb4RjND1Tk#oNYrjsuGQmVe~0#
z9W{X}Ha3k)GtpMU3#3iA${DSaKaY5q=a77s>`skl9$o8{W>ti!kzYAqhScj=vEF|!
z{=TgcgA~I&1aLJY)ufYH;ri*nVtoy<R@T6S7xNS=DI#En$CtwC@<YR>sfKL&DqF4h
z0@`(bsW{N`)GkczDb&!jI-d~T%ze$Wow7e|Gp@oylPVz$%I!0tM-Y^nq8W{NC-CR<
z)riGI<~bKE3g;|m9To0}j)08C#1?o)2*)#hL{CJGhW#RO{n5v259HD_AHjQna49h^
z1qN$>Vo`M3d|Fi`GJE1Qo|zTr?#6^U!9L%JwMLy#ooLsNGd$+p<!=N9#sci@w$oVg
zZzf#H+LVe@@^-{N7<0*X<v7*ATn=v9FpwS^UoR`=6e)o?RFjPS#99!iqj9t9x@gKD
zai7G?jY)_w@Wwe|@y<__L<WR1<j43McX7kze~PGwp+(lk;4R6+`*WOCi_nNUzy~1d
zYtvk>Ah1bzG7%_iQms&VRrysHqFY(`#1|y*1?z0z%*AFkGis{=L)2S%Jor^=B7@)a
z;kNK9Yu=PwFpXgu<_v-<7Ajmu@W58n8|U_EGdfu{i@^t}yAyr_Y{4~*h+OmUZJ*SA
z<EPI3^G;D0U@%w{=PHLN5x<w;e?vpvHTc<SD)>C~)2Y%iA#D&UCESfuVl_r%?e#s9
zsCcqjKeQy-S|M!pDAP7J{-7vnFyDzk?E(?eyL42$SuZ$j)nn;W?_wVZ!ES7Kj`7pM
z8ucAg@F0c-(q?hBY<38J!#q$+Ycm$Mg~lPL`=@CKM*Pc@#wm5Hc}zacI*b*_!SiqM
z!SuEE*Z5Nf11hZB_Q|H!PCHx-$?LX|3AKk#vlK^I!w`(G{2?zVY1687A<fAYIcHl#
z@&roVdz`v**!Fs1DZ@9WmwE<miwLRaZMn&5P1$)8oh*n;nZ}Vd7!zVpX93{wv)3gs
z*N#U5^$47J&UVJ4p-#1~5ovbCRYWe75_q>qOinyu9@AP^M=Bi(^CfEx8tISvu}Iu`
zi8rIkdZp)jdh}fA&4p3bHPVr&vV@oSQoqP5!kcD;GsP1TsP)WI*o$dI7$qCu)kznJ
zo=<|^g`=|)l!K&oqTbNGgl2dvXG_0V)22L(ydFccgrlK}(!kZxILvVU<|6ydu%o4S
zj^R+SY>6bUq--QIP7y)>QCn3?X%Cp9H5(k|f>O#z`$!g$2s0$!Ww$Y3rqwCO4Z3e!
zUPj>^LTZP>&UQ#b6$?Ux_7(M86s1a~v2F&t3DlY`+dP?LOS2*!J2E<0Xs+Dj5n?#W
z<ft=QRPD%`vf?>iY6Tz{r&4gFENk`dkmuYNLATF`HOd6hp@P<0t+|v}lZ7c1uR+Pu
zOIy3g)RWUChRlvQbyw1~G-+j)qu`uFbF!;ZH!(q0Rq2YA>WtC&llE$?ZF%$3AJPD-
z?$9gq>E{~f1XpT|DY|8xW7BCN14#$pGu$FoMdD0g$4eK`TS`O(G2q3wBjF}!LzcS3
zOBKbczcRo0(o~t}m0$_;DkF}GR=PVB_vCJjYOvyJYy371nkS$qvk|j}HKym|QJVLn
z+uUFDDau*1!o|0P`0Ms8V+XCVETHBf%%cx#uG>ylh_#HH#jMM&Tim7IOd-67Y8p&Y
zZJioJs+kQZRVp*>wDc_&fg<@!#3Yt0!rd|JX0GdqgV*#~{&<Eo{-qPsP2E#YNsbjS
zQPpUd)mM4y!k{^i<z`Ng$v5)CR3M-%r4Ya-(IWT_J9M?)fKM~ueVNw2xJ;ke9WFMy
zXNiaD{Fsu+F4ZW8a|^r)3F~J|WGA)5v;7zzgLXGWGI+ErWOt}?^vGoTMr4&9ZYF{}
z{^u+yV<Db(<!bU!vSJdd4Z=<=m<TaORf1vg1i9!u+l4rBCE~XHx;t?NuGx1-iGF&0
zm-v`p9SIH66Vy^MiYJRzr4yAm)fW{|?ru^k{hVd>s>?KhWty_owzbrEde$qUG!;y&
z#!gkzU7EZ;Hyc=_>*b~;xm+lSCU<p9jmF|`Npj4qGEs>3Vc~W@oM~cNmNk>%HK<3P
z?+UufRL1&Lr_RCHUGbyo!KGuCum;jz#gaMJVR=ZIx;V&{#rc(0H^fhP>Wa&%c<J?S
zBo^8O^LW*rg}<bOx~!Dt@!i`vd+1{>1Gnd_MDW2Yr6)|AmhDn3(t?z(SIi5xszABo
zBs+}lN#%)&KcCRp8EavxvE{&n9Tc{i8L^eIL3Z+Wpp{P}R30gFN>eBN@X~bLgjN?q
zGmK4TQ7~N0OG@h;X_-YZRPQ!=!&=P@q!TJK6VmX&AQ2Y3BGE-R(EEgs(9N-jmd>S~
zZlvL=IfX<^lJ@1#=1lg?SwAM^05pZ?u8DCX%!)Oo^1S-6{K_?0f113S29h^KU{WLt
z1DGdY#@}ax-N~D?DwjBB3dbZ0odq=ztBH*<;f+L;*U!(+%GTh92T1cyRcA?^^BXWh
zh2yYnzv`W|x31`;CkD-K-94xdaJ+ihTTPF&T79?kBH50rA3`_>>15<12uY%MYyuxc
zTSOvXyO#y*MM9x$qaQwGtCJ!?i2A?8k8CzPDDTHJx*BZ#e&!kyX2_QX<q3-8cIN6-
z9TIBnbW#nyyKq@y&mI_+S`=1v<2~CB!6*daX%tX5Mr)3Z70MgyqVAj26Q7%5RVmV_
zs=>l#DJ{a}JesQ}v51o)k?4Rh_?D>d)HXSkSuyW7?k|?)Cg#JiZaZmVs+*eg6nMrt
zm)mIQ<H076)>O-KjnOVX0P1N=Wf&x?Re&3JX%rqUZ6Kh6O)-jPB6l=fgtx55vZDF%
zl8q$EgQw{`9E#d18$07=knM`go$}k=och(x;~Ub;AZ^NZMB(;@xK0h_EL>+pO5@jj
zLGMWvgec_BIdfoH;+&6*^$e}Wq1kee+|NSv=$Dlt1{-&!lKn*X{k9PiJr=KhMBmS&
zzZ3hozUP0KHB6Q&7^W25a9k?AXMdb5#JB_vh8y0Ps|4s`7?e~VuW)*9$hB)K?zcdH
z!k($T68Se}grY8WoKX2H&_LJ8L5P~{TWMPFUy%KkY^w_u;_-mNcc4^Hz-5_rX0Z^4
zwB5_x;Eg|K0gp~<Nz8Z~{t{%wTB_Y7X*u$X9LL$V=oIS_%x|hZ_$EhW!bDrkTJZNE
zU?IJ$s|U$3Utkb+?ib@8BTq>2s#KvSB&^hjX|-27;jOr>(@9y&m;Le4>cC%C;|waH
z6!%lt>^@u74WRJ5SF+Xk3d^pKlR)_Og4!w`X{+hU1Za-xe+XA1Ov|YV#e0;?=>QwQ
zv(qttyo*z<<aGr<D+2~Abb_0k)#)dny@b~`q?9Sbwu<4jQ0tWRbAO}#k)-~z-Di8y
z)trK0iMLRP(%{BDSDP1CcwZt{G>)4dBsaXMQ~@VyK7R`l7Yopr!~>xV8dlMOgZ&3U
z=X<?@%A=w;s5x1J!<XSEFIEw9);wDVgg)R(&F5Re#xd(vTtGm~CQw)RA7OXepeq{@
z+Lvl1lA(_{+!p4I?{A-?Va!DxzIiwg439qi&avTZHOJ>P&1`R+>IOJT;oh60W5*j1
z`3-yS%a(Hual{x^0G!A9*i&AY{z~VysuB@xO^n=d3^5L?+Mhg6r`A~!mu+{%FN;gY
zNlMDCs1n>yWdKG*&L0H*fiY?4K`?>(l|onKsG#7Fk*td6U$nm^oWq8Qjn&)$@iC}2
z2%jiA!Z<4F@1;dv5NO*`Qe2q)qf+yyC=!I$i(ZVXGr~Giz617*N?0rb0Tcxp(HE6a
zi39jb$8CkfHMvvsFjqenVeL9#_(Ya%8@s3^1N%8ONzb`tP_-lsB<mZ~yc?(z(a2Y9
zs0+Z^2YFGno!Pco7Y29%?5^^)5KRsq$3j4xu>kniR^20^FXyVGfSWX1|6<J>hYv%=
zakrUd{-kF1G)X1L5%uthWYRG<w`UNpV0z^xw6yMD#*m#4L0u{6CP_GvnammS+V2cm
z-&Sq_>W4bUAq>XB*OIX1R6kszNrWThmi>=eG&+pv5~r63hRVIjK9cOzc?pqh{3TDv
z*fp0M#Ge{#hr}{aTruSDB}R+n;H``824VC@LbNOae8Zhhz9l7#NcwS4(G8MxLwIpG
zwxte>S4Xvrf$RuxA{$PoFNrf_fuW)%IU6(SR%YQR>BO^ZFdXE)San&BMB7sKYkh#I
zJ$k>6gd=&uVygBn5nF1>MQkPx3Mcr6QU@7?ilKhucZDeJU+^lHZy9=nxty9PDQ9p<
zIvTDM)~`zhp4li2?<el;)p<9SZ16pQbz1JcyKc^aJARO#=IcAh!1nipFE_OPUMG#O
z(C6sSuc{r`AY06r0Xl!--}if6Hb;R?wSB>PpQqug*gij~)K$sukfA5LXnbBty;Uzb
z8OT2JK}h2GQ4_X5JY|SHnW-Mop6dVVkX?USa0EYJ9JZHPudV|AS^)R$Z*LjkkH0L@
zcEF0HNfEc3Ah(8FaKtb7PiD`30X<dLII7=-aW$vSuPzKw834FADoBF326tDidLDz-
zaiQahEKOfvMH#~d+c?nH7Cgzw_~SkdUcq<4R<1kv$(JXCWc(#lq$^iK0x>F?Y_PkB
zN%Gk0St7X;yp<5qyz_jSVr5lN5mWE}SF|&@Q&$^Do>T*hxx|nOF?5Ujqzj!W6%}tQ
zY%uA98k#TJ<>yl6PXJ`*Jhx5<itQ>9@GEw;aRRZ`xAc`0S)PW-nrDYlFhP7S<Nqyo
zwZCB$9p+siC>@Y6{LSh`+TQ68YNS&Cwhpl|9ma|*+~Xhc6K$KIq3?t~kR$v~d^1ea
z_B!eKd&Y<e^ZtgbmQuYCuHW-1gah)<196QCZNT2`99&*3$Mx72&ey8v5sV^ef-ZRu
zYMuz#K@l=-P^@a6>=gGMpsYyIr(Jz-??qfIAiy=y7tRlA3vh+eldlCkG{1XnP!t|(
z`f+;VA;=Vb`vh~yz>lEB_bGSYF@Ye?g3;IciagBOvu_1??0^Jey=cds4OHN$XtP_q
zTyeBOdI3qKY)`>U_5@XXH_9RGK+V~*Pz%gLUpz}me=iL8|0Y5C```&4SD{qoVU^a8
z>!p=R`jHQY6_#;?1R7T!LDWV{vM1NY?cm|rGw{`g4`Xjn<de5F9*Z#2I#OnuM2(JI
zFTT#o5)!&~Epd+dyDN@RJ8S#BX~1@Mqo3e>q(b>}*f6u9)hvfIdbrmJI)geDcC>D9
z8j@TCD%cBtq(*~#qfbTSGm@g_ngJ)ev+_5G)g_~px~Q4s_ApR5H2$Tnc6ElGqC=R=
zCa65)gk_y}z-1|bkQlN%SH-u6`FeA;GYwRC4({-64Fpdr)cx(ZtzXEG;SID1bMZF?
z$V?0F={HURaAEX%`gw~zD{{6;cJSb5a~stG^<&}2IoBB6!YY|^+_`tV`a>5sVYT4G
zhB?>5vlcN{g{ZajHJ*QlF6nMx@#idiW`eY5mCx`9<=9&Ju>7)QGtM#4D&RYNz9DuE
zArZ+t_dwrmhgJYlU@DD2^?kmn%rWkYx=V+)738ah)j4~!yE9*gzi#oisr!4=SQ~yN
z=(*zOk!e`yr}~FS>uJ+iL0NaBRUTH5)A(`-t)P|XPQG``_-ujlcMiNRLU>3_oBzSc
zd+A=eQi@1G9@vb++KG8M6R8bOj<I!E)+lTkw_Q$A6q!AO6*T&su^`f$KsU?;oE1wQ
z*wtaw+~BPpkwtRo8s0Zu$b})A0e~SPf7TieCGq=GaY&S_d`}~0u1?Ky43@<Wdjx|)
zIy@NaH4a=)8KYA~6Ah;<d~gLwTF(bU0Ys(%kA@)tLcwlEk@OnoD)peE8c#|A6^RcX
zTg>bDW4kZ69;)@ZE*<QGTp}H=xYO368&t#&o*8cyJISXHNiC%<R!?Wu{I<Hy2Dw>9
z65hoMcGiV>32QF!)~;!J5R2C=3EX=7u%mO#n0wuJV{I-Q&B$y72NE?z*NOo(fq}hl
z<)~twG+)>FkgTmW+W<-%+Ns=Fhv%>Zsi05tC(B&u@X|gd=O({)+mcLf?PYK)pl1>S
zlA-qZ^d)b?ptIJRC%M>y>BV<dx@*4Z<kN5f_XNB>2Q3N>E{Fee^Z@^H+tQY?$n9+@
z$EvS)I|s*N{jjo5L?hBzEGKufmAvx$#!`6|Hh~A>P!_~!+}!8OFMCOL>pFx?Nw`ZN
zfuhW)9ngM&ber+j0#<~eK?@f6SL7SPDkZB_8&NH9-Ik5yGh|mt!vtc@t4-JjixFag
zAKU`kyaA$-!G2VXD|DXF88`AeNOcscYnHEjp@kk4BxaDlq;X#z-)^(Jr~Ph5T)50g
zh9IGn?1OV}To(;z489;ll6@O&KWvEA@*WQiA5{+nF$lsOBJt;Kp;}nugLPBw8Dcly
zn)7NnWd&Bm?Hju-Z<0n^+Z6+g)rnv0E8aL~&8b2g>6LoiWj3ZmtD5+h+e#hmpi-do
zDbg6#_On}LGv{#bQI0QSR&re5IT}QnlKya2os^vqE=65DASj2)vJLr)!HC=aVtVzx
z*A7EPXM(%p9#Wva&S61*10rHtfddgPba!r#1Zg`flahGNVFBOP1^{|BoY2f<@8DqS
z5{p~0Mo5%r=z-(k(zG))V#vp6vipN=2ebt(#E$-91~ft9uO(n!H-DBE>`5`q%s`_J
zP?cxxJaPa-R`%Mw+HJ$38M@Tqd|@qGfyiZDBsM!GAKMW()jGO@5KY!h6EnX6>(54n
z2r_%cFXr0F+`>6$`1F-eAV|W{DuNG{Sl>lua<C8Af>8W+&tpdWr16FjCyXJYx7ECF
zwv}2CoS8s>+7`9F9QZh2ZAtMoM>ad*jQXr4O|zkT-nELbu#;k8U8FOv^@NLkU{U9@
z8f(FR`J12zs%_l9cRP3(%hVo0XI}WPqV>-#P&kDF>z37(5v(VR+TWY4#teOh^Mkwo
z79g`VWKXWwwFQJN(+hy}u3?165}U8=1x#GvdIlVWH~F*N>~zaBz5EfD5#NIk9EA98
z&|7a_TZRQiuD>2UkOQ+&b9^_8Lomx$w5h!*<SH`9%14jJ)j`%HU~L4A9anaSEe<Sf
z!P?<qm@fxcz#_h*&*YggjzCG&qC@~><1AK~25NB}7qMCNjLTyNec+#mHd@B8XJ-a`
z@~i=|+n81ksO_y1YSL@zvUM#+Kgull3rZ{`?XhY#3pYtC;SQH(&i-1opg3ZkpV7kQ
zWY~v-eT?BP{g^xJPv5K!f`eIuW^l(i=FEQ1=H&8&uj&?v^mg7WS}e~W>v`JPB8lu}
zNY78Vsg#$%r&NH}ZF}z-3wPIdfBB~A#NEn(Sl?d-$jQ#;X{p-2yUERR<Xq&b?QAB~
z>bIs7F!DjNf$|1J8YQwfci}Xw5}l1~6NX2>*7>TugI(}fJX@H+#>KEkxdw@Ja~YvK
z3PB;}z7V{%YW<$&D|J=+GlKj#N=Q41Sz-p}M!m`b7X~4HeiKW2<SW?1Kj8j-tOp!+
zm{x8)x;YQ`>DDXk2B<g(iEHt7(ulhE3=oz<fJK57tV(ydQSBIIx~4>cDSV<NB4oQ3
zXtKC{-6|*^?;!aJe4b6Uu@e`l=s7B4)rOg#LzaydIZeTWc#EBBCKwK(HMcRyb)CYD
z1uJ=hG5#EX7E{5tYmPMM5d7awI}rzePCEZtpBq|O3*e3kSmzHs$`;I^wA1x=(@M*+
zgT@Tt*_54qMu+QStolBoOXO;sX35ML#Ij{|Q5MwfdxLO{@X5p$*w6%vN8#{{Ge<fT
z$bu9q&_K%3v=xMlj{YFWqH#R4ez1PBa=mH4kVRJqmz@405wJ|Y?_iMKmJ{hQH*ZnY
z+gta~wWeO>>soWe>NfMf$+C{{19riVN%QOXD!(xV|8DnH(DE-ExK(@U*5C782&=sT
z7FT>Zu$H2D?|`!RuZHx`YXML7?;b01%<Gm=3q2le3Fc29CdF|69Xg7PnOQaNo@?Da
zwg%VQ>Xc`<r1;mgF@1|O1T#ZPqnVbk<$74)_dNIOIcK)xMD``y8yh@l?Te0{JtNH^
z=ihFWNN0S?rfPpemMmPsKY+0K9oeRDfd!Rpk$zo-91zz_<gRNi^A~4q1!Mde<_@j6
z7q76*Ec+~;aM3OYz=8px^NZ?!sAuMCQFt_wbTpp?5G*6DDjOmh9=yUKz3zdey$n_$
zl^w(vEP%qW+x6>dR5e6h8N`>>z)nF}uUI`P!}n-R7p<HPV`-z2tb#+W8yGfW`1lda
zJsIBktD*@OO#)mxBZ;UIUd5SSc^T>hwrGz}tZ6Myi-(Rkd5$|~zXmA_BsnT+3l+^3
z35cxLD{MG+mv0fyn|Nl`L3m^(d!NmlBRf_QM*8a6o_(|PCti6hgZTpYh=FZX-q-BY
zUZgE&jfRj~&$X*I<_2EbvuHDNdQbJE^tDBV**vXf)~<TWP_0SD$8+2P8@ja%j&^hH
zEIQ8WEtQo&3RAaYuZ7wNRy-W*=;V)4Mo`Uhk_o|>z0Q6UT9_w51zKf;5#?P+wjpM-
zE4-t)s}q)3uypQ527?q=GYr^C7jlRU+pIXM{)U`DHKPwCT5ks`E-opmoUu{6Z*uzR
z#&C)(;<Yj>Py&$z2%cg0e`b}C6MM)eQW9$*XWB^H8u6Rk8?^q3QXzVj>75j5i8LlB
zs|z$TN(afn=jjM9F>0g)sT;GmAOO@Q2}<CxlR*tTJ?SXbL@8SOAa3lSVw7pL3@uTC
zVYn~)S6^bN|I~md1{bkJawBeaHOIrAOt%Gz!+pRVyL;qBEOe&6x^&0Iw`bXQORHiL
zi>V3(s4_DMV^>4)+L^=Y$6s)&rEKGZ?EN1At3Xu0Tz*pBb}LiQC`z*Wb2VF><&3;K
zNCBpy*KTT32d!-z+v;F0KycV`0Os_xQ<ihtrb8%kxqSh|-qq)^q;D}+$YChKHiN%L
z0e(w*ho3A}t2DtTgTE!nI!Wxb4yLIO>P_}*+?gX>+_3R6jU57H1ym85^r06pPfDWD
zWZiJ^n+^f<XGiq}=9On1J-4sg(##@6ngN+tp+=VsbxhE$0P4-p4)Z#so`h<431T*r
zvzT0(fmxqx8w6PP0(1)j^IdIBb6i%%VLdy!J?@lRR;X69IESSZ%obB-TSJqU-Msd5
zm=}Nk<;J<hA{3dVE-q*aD|+J)3;4}sWZW09st}Co1c!0sAjsrAzy7XG+@<A{6=x(t
zwn3;*ucp;#t7#*l#iU!L8`OryrD0%LRslhexyD8@j!jUa0jcS`!?<tUVv=#pTbMq2
z;4iS8jTn8`R%<dBa%usf5(O*JBvJ59R-uOCx>v-R-!=oCzpJNbdYho0f%IaFmcWct
zN~c14OQ)Dd3W-(7;_`M=Phg{!u`v=W)g{F3bocl@Eb?!U-)(dgwqwC9=pI~k{Qps3
zt$SETZU2A%wzf8F{I|A+_%D0qYF_GCx>Sk~FYz$o3M3AS1ig*{P`vn!_y-n<fw%|`
zpo`$PX1~AL-y!+iJ6l^ZK#Mho0>;BUfrg=!)<uSbfmAdc8cKzR`ci}N!@=DLN-NZI
zmiPi*DZHD?6|%~dYJ53SE*Ir(Wy4FS;7r)*5Z<E)TX<u5!BPqD(v@vmR#w^GfpG5{
zjQ8u7a$~OJ$uBqe_TL|hCc<5g=4PAJ@Q)ElY9JA=1_(Z-63I|<B#{co<FR;`DQk2j
zgc&>-4|!4@H-Ol#g$dPz4`Z4x@}2~w#&Dw24h`n&a55F{?U9zcT;cV}@K7QW8%p)Y
zhLZ7EG}RN0^{!dE)J+2;S5&!_O=Cb(8dAPeB(X?IOjVcP?RE=|=U`n@HL%iBw`-Pg
zG0-yy+#e5zUBz;VG@JY#E6FnX)us1TU${Rq6iz`clHs^(40xD_gp8F-9%(Em=d*5U
zlcP}#bqz_(QCKlaW7XOhp?O^-3I3A0=LLfdAgL)PLeNbsX^rVOE&3@w?a*6HMr$e>
z=@|+Qh8gWUg$|+L<KfkjL^8f1wI;klawaw;lHtKkn|doH7@*}|rBE&@`Gj2Fv<U+b
z<ubCmY16u3Vr{R}Q4>zAKe;Xx4+A6;gk{sFR<F;TWiS*OO7zAf!^z=La)4&U_%Jj+
z(QvwqBaQV)-?~`5Pa4loCG%<ok<+Dp>WRgoQlyY8Lph|cjJ@XAu1BdHO{+4Et<B%C
zP{!h`oML?D<3@Zp36(Rx$;zV@QzDEzLPGEgQOT3>k+3;1c?5eVF4H(#*2>qWH!*Oz
zw6s#n!yAe$l!P!KIU`0k{@}CDG$6S($T>(($Vi+eRwD^hO~M3-QF+o5i!P0A!V)kz
zOSzPn3kZw^K-a-jTBQ-I5|v_6DV6(SRAC@0_6-QE5b5&}4i^ufl1hYu<&VUp@X!~D
zhkKLoBQfj&DtASP*Ty1!ZYaegEyj{r0AN~K!pJ05E@aWetX6d%6a{NbOUzE8tLg-i
zC414OZMPKk1+d<%hkWMlNdV9RIh~bDs)--WrgsSM##Rl4Lw(_RD!e`w8S0No6Y4|`
zOU1w5qIwpsQMHisBvmFep`~(>K4wg$P?;R1+##SP29UJUHXwr{NG(+rkS$u`u{E+>
z#2$mhY;LPbUAx)+*yFJwc%xwq`@eB9)`17&uG;exw4<EvT0OdsMCqCHKtrNS!AR?=
zjKLG7N2y4jU=+e%hH5q*c;5*Kp=mfNTYH+eC|w$_OfnD1B%qKs`t-3k3&fLF_U3Z{
z$%JmK2Mi)oWs3YrES1<W)JrM=$Yw|_m(m4wGFL7Wug!{-A;7BRmV}WfH3r@{UVWO!
z+ISepBJ#@i*&&x9mWVHa03$ZxEl11ji7qrej3gJ0txgSx;xJEwaDWI9Fr>v9H_}j4
z84nZT>ED8kpgZ=2l;$6u;@HKCA%(F}h)~zs!*{h@9)|Yzq1ZHM>>~h%dP1&CO_+B<
z0t*i$9RSiLNwcC`@@b;E&#q@C)A_uTA*oqIGZ@vbu%s-JFIZiwz#!r4iqII80jqQd
zO0@*jao}zB#xsb<jz&O(R@;?OS!ADl6_D2n#h^N&FbD`JlZ7_ZvlViAD#tWZahs>p
zgijPbS+4DtRMsU3>-uq-G8YjAG`Y4iAu_Fz7L2kykV8@_r}I72Wm)xT%N^Q#(4<lQ
zD?qd4MHv@Rnw&1m9@AP0o?#jl64>U)aHm-$M!W2z_`xn4z7K6p=kh3k+SOY7XqOv>
zV+_z{Ut|8YTFxZ$^*lQ6uby8|V+ZAwid>pb@GLeUgamf^S@^g?xjdm%sRaGz?lKR3
z%8S;fOF1IC&ldw|B*Q>b&l*Zkg4o<B4r}@nnFAdw)i~}}Rw=1~$?ZgDo8e7|vbABx
zAx^8n#h=A|oT^i~a%KWC8cnNZIw4`iLBK->);bbV7l6RIHWZEY!QZ~{`cA{Ap;)Rf
zlniz1Lm4@mA#Y-&zdzC&2@fSxJ@7Le$HaTe^BAw^7^CA}<8-sdhJo<`fbDbRbWMb>
zo0*l!(~zkdKf?+(UCEa_XT#NO8);&0jiV(wy@j$*y9tlh95O{yC3#%eux;E-!ZkK-
z*B5F|k8vp}?eLKAC>y7^VC)gsGdu+m4d4?I8Tm_?hiOIO1DAIAH)vr><Jlf@Mix_)
zk@2QRk@M0-IwuyBWhjG9m4U<3bOOsYln8t&MPg#oA{m>rBq?jWOHZitGcoy@$fno|
zpQaTUmza<(BvX@wE77C|CMG7P{hreL-DBljhW3*gB&Fk0pHjqR_&t^8vjR<Nm_=A(
zeT5|LAUh|bbWVDBP*&CSxLj92*9VO>Nwc_FgitEGQ_hLcI#b0bn#3rxv-~sxmtg6D
zWZ&4Q+G`gwc&Q*Mu3N~6X<q7(mLgUR0e@*U?2<AmF+DMeZsR$q*0e(i7Q-eNqxy+e
zkbv+=x>kkEGnj)0r}b$n7o=cZ^P?(ji#$z)H^~*3$74mgutuH^Z*$={5RiLA(bQn5
zcL1hEkBtV+gF9cCG7f8C;BWxUEp>M@o}3uz?F}aql+QQPN?<93cGsf*5DJ1Uo~nvA
zZ6YZXv4=L0XjN>Akyc55sgpFb5lZRB@TSlhEWvGHT<}Ne2p%GKB3;Pl<r2X*Mbo;-
z5N;$`VusZwNDb>MSAzHr+OMS;?w3vEq(vJCL+ex6;>}bkr^yLjHKc^4m8>Sxqe?!?
zR%58qgQ*q18B~pghgY)L0ku`V1$j!)^|D>cYFS7*O9@yewU7w_>p&EW9;0&CqfZNL
zt%4;2&lt}uqv^aQJsX8K^Ow%^g)}&wQ8lSYY6@`hstDeh3Pr>5q?oIy6#3H0aYAma
zfPoz&L%q?FJ{Y!G8#*{FgU&^Xk@p>mIZZEBRFP@Hph#Eab^u*`m^OPbGMN*;6|%W8
zM{{$df&URU=Ug#Sp3JXYF{)&zS7HNfQ<-&WAUae{>Ri!GfURgIkQq!}FTzp*(aPf$
zIVYvhtmNR4h=(8o(Pk2*NF$42Y$=-y5;TZ$R9uQ#H;Wo~NQfH(uzn^s>dC-{u}rk<
zY{1%t^K)U&wc$7+VxrhwT7*wztl|$;xSI1oiv~k$!qM2!YM0;RBXVrHRLB&kT{H`d
z|5~O#S<L{p=sp75g48}bsonvJ1;$dUFB(lDfv2M3Av>izX$$}WSvI~w>dWVm^jy+F
zXs9n5mL>*Ce0h(gQJm?b+)JwDK^#b{N+AW3YzkwPRnNlIJNaT<CQ?Bb1<b}q2@!<f
z4K-{W8H$HNzzz@fhWm64ii=guT|I>kpH7AIz5hF#{r^3U09Y^nr!Q!Z|J&|wU5Nj?
zS1!)LQ`$U|8gOv7`dU|R;d<4t>f>LC$-IYU)EWP6twD4A-}ZpNePR6XjjL%MFGo|8
zg!8V1^Eq9ldGTGOEXmvCOa-+A<q4VZ-NJ(1nlPPL6;!jRs9chUV~M1Mk~M1YC8E5_
zAuw3wfgA<P4=Do^c3D@&!BP-bcR2zMArj*yfs%>wQrj$zm*y2W^9v1{mSDOl#Ar`i
zg{3YqaIXV3a(QCof?GKf2=gguy9<_-^b1oLQ5{pGw(aZ$lt{5PPO|DFq8Lp8(nk>%
zVyGkCj#`LDzWC$ML{9?`7$6pZmoSPf6pX!wA`vWrhBw3`s|S);O0QC!F6G82%95+s
zjor}Fgt6wOHG~aGuvR>S=(|YHzA#<ef&_|rsf0-W$xT9X+yWzIvE;-W#*mJEU{Wl8
z^Lu^tWlk-k%&MX`3O<xe6&c@SlK=tG7N$s}$nbJBc$rEISJ#kDL$gaoEhWS4MkiBq
zHKCr%iTXT%15>IQm}bo&LPBc`RGAWz<tf-(8yFLOmtTi4;n^zIW&$g)m1TyOvC65a
z3TM=kE2-ra-A1Ii5WeY@q$?YdoY;35cl@n~JZOtKpbyFE)Dz<FsGbs^w4^?d<b#B$
zKi=Yzwqp3;Vj3#tV(HydRw2DMCT&4AhLh5*6N$e-1aBie$_%`ypCYJeY&6ttE570z
zVTN%5AGb(eujK56bsPNMN**>9oFpY#EPHc+_EOnpXgK{riXv!c|5nd{FfqCC5>Zdm
z1C3?UhV&$*fInjsO$jOG7`jVuy#ezcQ|}2SaAGr)8z&MI<wM7aM8vzrNLXWOhH?uj
zQEbtQlhiJ4Rjj)0>7FPvaQC~Lhlu7H4hJV)K})TrGHI`Mz9{Hw4T**KdSau-){x%#
z3A6A_q(EF?qV~rppq4OH%*++<2K*NEu_k;c0}HS&0A1N_Xff{twh%4k@@)6lm}{9-
zz>RNHi+E<CL`HCGWz;3$#AAfzH$9WeHyT=Q{4Ugxmt|Yc74uj_BP6<sPVmcWXey~m
z0Dx&x%~622{JDDTSPDwrwUJ=L0kR#PrubVz3kZ$y@kpUqDYH=Rc`2vQy`13a3LYtm
zP3EYJ#NEDVcxZKUpxT)52q}{rhQr3;AZ+PiLZWvj>LD?ewx6RVNybA%iD)Pp?z1M;
zcXcrNDI?+dhEyUMj|{Cgq!qVxh$Iq*q={r|Fq|BS8NnJibu^hq8*6kQN88mk47c>8
ztdF=c4wj&CBYxbh_tqE@LC0Kf2_`PRbki;o2Z<d=I&Z!u!DMNg*>Ry^Dyb8bw~27*
z#7z?_WjnoCI+wOa6{QU5Oc$BZs6Bfmrk(_FL>a57*f6=U)#Y3h9*%}__c)Stl6G(0
zD7@Od+3moA%OTNWD(NqPA(Dw#GIMR6<HIA-4GWBmpiLKL9Uu)z5@Yh|Q6g)=3td#9
z^C(o=wZ$!J<KX?qEt}yD0<>mOF$2gSG!IQo#08px)B;HhL^5Z7Om%7xneiMfE}RYr
z{ozH7V?F=%H7NDh|0Q{R56h^h|MLf1Ec(CpwuSZo-nio7)#1KKvc=)pXx+fvq*?nj
zWB*pKZ?nT}%HK^?_#>fIUnIV1leW}${_7L}!eu-DCzWiVc^=EaG2Y(VT3!F|GoSx!
zY4f!<NUif&hpN|q`S`Ee|AXl*GS2<;P(~g89}Kpd_kY>~3;REN=Q@F^NO^A){ir{v
zDM$k?L_ylt>2I@9kUEmx5)zBU!T07DxnSkcA6X5u&mep(rxqn~E^rJ+yCwd!m;TH+
z1_#)$2}cs`B>GtfSYwPi=reyBjP;>SA}KC~5|*ksP6!RdG!+iurd79;F5;3efFH<C
z7EDHv-Noi5cQcV`Xk`)DKwmteLz|E?$|S5snp(Ync;K)mNYX^SS4f%>lV-G}8Im;C
zbFz?B5tAxfQd08(tASROp$0SsEm$kTP%uqF%hLcG%5yk+`=g=NiDifen8b(N@HaBl
zo4~((#t!$BN31*j-4t2m;&_F`#uuUCIC%+z?Pw*J&$65V$=!*+2i%MRI83Y`{uX))
z7ed?cw1EUdMl7)&${mizHVl&0W+=Wooa}b`ecqt63t{yVh@>6(3%4g@L?H|nQ-tD8
z<s~*Guq@K?`P?XUMyt=8b~sKjR;80vjiS-*IAK03CKh8T#Ub`0n(P({&IVzXObOLM
zUS31`i8|>gOzD+QBe5DttkK+xrVLiyK(Ypkb7*wdDG;STR;mEhsZ$>-4(P5ZrI{oU
zgeqsHCRnJdXK&iLNnB2D+PrBqdAG<Vymgb;PH6?rFRhdaI0ChoLWQSBGWdIGf1D&F
z8K6meNs^w(P=Hh#o~5%Ty(XeJinDDzR6zMq?nwxdP&~q<T+GlQT{J#hA9c`etokem
z0|m?Uayp-9EijEGM&`z$G`S_4D@jd7#_1T%11S?SF%hAdLd?nerJGO}VU$ausg^Ic
z^?+A20WAABO2?ad%Vw#I=l~>|KWdY;OB%xilbO7nE&zd-CZ(n^X(`alQg0srQOUpg
zw8miuX@|`QLm~yQT3C=+ud4E&H!By_`6;8W{f|ZdZ*2`M?EmkTt7`ufHZVVB%zgdW
z+S=k@SpV&ft9JjR3V+WHfa;C^_JGCyFW_5P|Lv7)zV{-iw;)C~bTx^K$<}6npxM_Z
z`P(`J9i1($QdyaNmF#RLiAk-Ks3DP(z2sbx!=Wkr(b!&cmE<$snjJB2j_tOgirG#j
zM8sSvAkmsswOA4DQf%{ZV-=IFN<k@0C}5#kcQ`c+LNVJ3BepBJNim21uRZ?RKH46#
zfO`6$Hos;3x3?_#|Jp0pypBCS{spojETDzzlYIW>0I-0L&eoRBV8^S-0_e_QT1B%P
z7%=n)e_Mn%eBX|(NS!uZgFBd+|Lxl9`}Vws!k&F-1UJv=E_}M^O;>QgobJ6_cJuX3
zY|7j?cY}PmEzK;P@FO0(U?ysLxiDUyaMJy00V*qVw_uX<o*Kl}z^2xPHo($78IJdd
zdaYpj_AG8BH3KVhN;Ky{GC2%vIkqNJJx`U2C|hz+1rZKCUJ;)gptuZ6eYvDT63rbT
zgKp;_q5b3Wrb|*~nVl7Gu9S266ti{BIBbj}032#y3*`Ls9HE(PCXi4{<7mhc4-dv*
zk_h$nSsQNXO!WPiD#?>dSx%+1*%D7eo6W!spgC?g#}rFFp{Qj&$#5*rlAtP0e?O8S
zsE7A>SdP3mS#Q86YOVnv>3qs9Ix$lzH)o_ki7>+oKm^+if@Lj<UTGl-t3OW?k0oQh
zu_$X>NhvECC9i+yJEaydTj|j#4<6o`S59Ip&xrP%+;T`W=@f*WS_UwJLDU#&4zqpP
zEZAys%NIsRgi7FVO&d1dNKmVpX1>XIwF_{kLJ7qb^+=Q&g?en!1|uVx-hq*!HQ_#b
z3eHK+wL-qw8fxijX}o53h!wyBCeVL@wFI|xPPgRK>tteeHZ`KnV)k9SLFp{>X@;V^
zBe%`hRZsq7)|PuD0M?QJ{H^BmUjZNfS&;ws!ZoifNtge0veDhewm17)n*FVke|cxH
zz0<e+RTls&1rYDH00*Ey<}3ixM$ESaSZ^I#?Sz3~Vy-h7)nt;%7>u5lb7sL@S_e6)
zjuTVAyu4M;n;>h3c?_f_Er)D(0D-*nNW|l*2`&g12$!3GrxcKd#YzjgcnP(RNi;Gf
zSiw1?=$nQfCFY6sY7midFt!$^kz{xf1b|RH65SvaYBhBCdc7tfC7Otq$3DNt{Cuug
zRsOGS*6n#2wfTRG-ybmRf7=4Bfd&4*H!kY`TT?$-9Di$MK=^p8nU62;^!p8bd}*`j
z(|cNNMy^CWcnc1<(S>)`=!2Wc?y&wT%O&FnObaZoB-^~^Vz}{Bx>#aX;;Ky^;A?e#
zgzNsm?Hq?2iej7J@D>}2C#j+63h*lCPDgj)3)j*zS$OE4b;wmt0mtid?2yQEu*>8i
zioBGHrJRD!6lImUhr*28o${nyLia|J6dFd~jN!p>eDw|w`<jN4T^7C)PafJ=SSQhs
z>?<s}^pD&<lm<8+*S<}qO9e3_+Lpk&Q~O>}p!Vp-h<zW5B_q9I?K5-pq-Dp|wDyrW
zTNcXg3-^p@kf~=Iay9vPkl+!5lON{4E5%SXjsAZHH{oc3!ChwKrBD4l1s*nKj?hwx
z$f=mj)z%^{mHfUy3);NUvC^v)w&Gd^P3yVi7YXKvvQm_kG4dK}1#(AOk<wfh27iHu
zvt(Q)Craq7C|!`~{Hj2f(o_z_C5P^|h@W79e9}^=XJ!jO)F7FCm!tF`Bu4SZWq4!q
zNG=JEFC|wImrulVCv_qcC2|Cv_%R(!q&%Zj@VrqZ-Y6JK(D9grql?Yqq?seC@whLk
z3q^HSN|W|8pXelcT+Yb3t&k;6PX*JnJPxBHr*tupvWh&l@qwa=0fE#(3M^}FgeQ-L
z+@lDkXDdZlscB_VfmObXdc`uh2b8E+X19P7ANP?&sYC^8)IArcltO-*I;2N35vsU*
z*uoMyvPPkja=KuLEwOMbqPU|V27t85jH{-V0t}(Ge*4yPp8P5`wK`pB1y^sT&~w&S
z^8EFih#D{A2y$;XQ7d>io5=ImZz9#i?ezw-Vt2E7liaaroyOsEu%yb_RHc;L>rFHi
zzMBmdVa%eruSF~OpmDQllcspz`)o!ld3X5?2T;G2sKnpv4J3u`X4^3DEchq&8@Tt`
zCo6Y%xhKtT*FMS6K7&kQ-$-e0jg;&gNxhvQ43dtEpW-&0CXq>2e3;Mk?k-|P81=Ek
zH@RL5%oxkIMT(YWH<7{fR~ZIGRMu(<O9ZSI-6D8ZrDm?Gnxm{NQDGUO6bNJJ)*MH|
za!3D|%Wi{D0eC_m9<DC(VnsL2M4px{qmB<*kOYioV+e4=Ku1%ge8I&t<n>64^URMl
zZV_pXL8tH@sYG^wn*7`wel(>oUw9yb3Fs9q9D!0P7b`S$jM+Cc>!qF?4LX8LII>PK
z?MTgAS9R*UT0^l^Ppof)v+72dq?7<oqvdN~nEY~*QX*xxpRMwhD7rk!C|TK#D(v>!
zc55|Nw<qax$s_srx)WY!CX1vGEhr!z>T?U8xT*Ji0>rjM$kNROhAhp9f6Qv-*=!{4
zeyIjvvoD+X-aM7gz-i?>43QorL&z$TL7OPvx<$GtoY_K&=3V^Vxg22tN!0Uc1^A2t
z_1H>G0gwzQ)7dmSi&o*SRGCamTjjI7j+g|smd4U&$>>M8l$PYJIn@5<)UvW_ekx@%
zquA~@SDjo;y>6G+JpSBO<{D$4n)jmjkcY8)D$Gj@7J}|fOad7j{J?^d`d}=CV+lJ(
zWZfv=JvM|4h@Q{cXjbPf^KWL86{&Du9xHQ3r4-Bfp0Ox%Mn1=JpGgHCYeK0MxR-Do
z<vQ3E7)NHi!#W$$wvp&+JcvY5QDIiv%3=rzp&DRnqSKZRm;y!rGeTi2treD5S(TZc
zdb7KT-znw`%Z4%tW1(0?TLnJx@+>4u&UUGJDcVFeDPv9O6B+5AT3DdgtR$lc4D5Lx
zrG{*4<_Z<L3p1+aTs|-1K~h!0RXd|n;tz)c(u^r+6a}F)ASpRLNs}@E$Hv-$B*3ai
z)vGYpu|9xUkhCT$g)In)6=UU%=I9Ti7{S9oP-IC2Sx!S}i9nZLtL>U|Akt4w-Hd_^
zg^1H5M>+EoP0|q}TegfvtbqTaT{#@G@J|6oqpGG$)2m2p5DO$ZpG2r1F)F8$_j8#O
zj7v7XL+5wV#)KitOl;*=t>9U)Op<7bJiD#3xdv=j3^SX<^Uhh#nGllso-I%7NMm*d
z&U&V>&pg|y!lJHL_i%bJFT<FX0AN;?)1}M=n-UBN64J3%n>KBr&HEV8uxWnD>;5cp
z2ZnFGRGVSAZRZ|~xSGuapFWI2E{iM2vfz$Fx>QO}b7g!P0Ax!lz9bB|M1z&4<a}8r
z?2{Wa<O)V8ELovkn&v=Au#IX7+!8ORX(a+@6BVyL+xMZ&l3O(hC?zbCtnL^C>Ecrw
zK@Z*K!Y1pb6tEcJmt{o(@vAT`hHa$&9bGx<?@^yUr5sF{CJ^wFFBoZ+;q%7aW-kes
zv7JpQ8fUcS*<u!BqC6}f(e#>dc07IIt_uW1F6)T|#u}urcToP!hZe^cp9#pEN9i7M
zke0?_m=rj%>v%RIX;zpyUTmjvrqz<*`XjB%WDO!D*X)EiN@s-tF^Cdx_YTMGW|V|n
zMxH?z;PbOtXwPVts5DepXs8d<LoylAlC7Rvhdrc}<xXKV!NRK`^~J&oX(*P2o-O8B
zRRM#<3YPLJZgEg$$I@V*WZ^&6c?%n9!j7Yf717eGqz=-ZPN6B*DM4p9P&cy`mU(m2
zwjY_bz<+9gQV>$0lS*Bzf8dw12uaY5wTy#VVf*<i0m4pfN$E^UQB?$jNlOLdWs;h+
zsZKO#CjpG8{S8!`S(Y?23z;g!WU-(77b7TB{pt`EGeOE`|Ls^qI-A`?)_~TK{}Me3
z71=Y^VAqTPUW{SRz4@=j7;Ft||Ha5@&Wynvb;nSGtAxur8>mj0pPJYiFqAa$2LK10
zF*3zaa%j~=XlGB?bVfoG!CJS))!pBI#Jp9+Dr^p(3?yOd=C?T_SS!i#(}=shUtH8-
z)L4__ve9(nY<^ow0TaWXs(ojwz;3Q0ZP3Cra0b{Vva4E<iRrmVLPIoII0AdXwZ~X)
z92NiCkvz8GtU(;CeR*Yk{t4a!yB6kHs@c(t5iu<5oV4GZaExd1=C}PU7Obj_m8a4r
zS<(x!MTD^`b3%kMt7{GopZ{KGt*+JOLfP{=SY$PmF2X=5Pv#}fMAL*LLMf%W&;}m&
ze63JKyw2?zij2xY6KuqUJtAVGWenIOjN{0#gy(-{bvHGDb=ZUfyagxLQ^@m0HwK1E
zG{IO#t~hJF%s+h?0oTMu6#^l)%J3-#93KC6%?>@y&E$xLlG%bdrVz$)CAXMBsfH{}
zOwdJY(_JGKj!9A*+W}lk<;qH07`g<Yl|oJS_M*{DS|Z2LY&GeSDnP%w3|0vQV_eH7
zD%pgy6}in`c0_|{*|d!>ZTsFXt-f=w8ONJak@FokAI(P=w6rGEdb7O{-HpPNEH&0h
zX&&0yLsn!(>?K%aP}J}afzon(u|yUlID=`&O0*Ls{IH02E`%Qf(GPp@a~<pmhucG-
z6|#oH*#=1U?H=LO;T|jLS@UbIZ?Ig7k#3Q2Y}EQe3})o!s~p;pln}DmCBAlR8v_Dg
zZt+OyK$QnyCXmDi(-SX)q4*jPtrOn~Bm<JNbC0CQ+qTur0lO*X<gJWF6-x?k5lXqN
zTqx(pa`Zr?<Qk6j(eP=xvWk`v@O24g$R_~7AJ4d%3y<^XvTpK{ze{N^*|8b=EV1`I
zbR_#@HlEGZGVZRjkH-oi@{U*&d{1gJ8vr^4x&vxaSF;KW8@X0<Fn$(P6)2Zd9O>?o
zJWh!?H_A?FVT5<{DHD43$^Iw{3kokBxL~QZEaG_%mYN@25R<ah+L;Irm>mGHNvfSK
zU`eSly(yt2TIsWdqA|LV++yp_lN(YQlk2H8BWYt=qX9NcizbFPAT?WN-gaufYfdQ|
z2D6lAyI7&eEGDxo3%B~TL9Av_%92v!MO(x&yGEAKYVk!fRk7RSnXCpwn5&u{lGtK%
zK|+gdvS@qh)*jOL>{(j7y=kYX`kuE?D@yN%GEBR<I<`b55YJ(^|03itsg5*M*(ljL
zwHY<GVmW4Iu8^ZjId(cbK2B6Ct@3fA>dn^FC)RGzwKD=f1ucVEb+ZD(nu9IBH4?O0
z)C-x6OI1TA(*oF<NgPLZYe{Pklpm|)AhIgUVP0JbRBl;#*kln(v6atR7Hvki_J}^&
zb2gW=a#)rYCoGzZ9(%=qr5$+Y)q2v{AokD`#zeAV=ZaZvVZth)4FI3H46iZT5q(mH
zxhuBDu6pc>t>Mk+3-?ANL*YK##QY;qOgu02g!;JGLPI9=M?<FmSiC3F*B2f#m1F#9
z$TAd5!k3XDbJdI=4Oyr|D)KQDjmFmTW>xuU$V*(D4TYj9<`s$>7JH=XAB{zu{ZX)5
z+kfO)L(uq0G$|A(T&9l(lJYTn683b-b_2*Sl1><DdeoU{-R;gfi(>p%1*n#=bt0n)
z<YkchJXYG<xVh^348OuMij4i^sm+RD1Yxtp6f(HG><y|}5^mLiDS+qGHsbfDAUz$h
zLzk<^(E(>k8a2y;M2;q>ICy)=sw|YxGc--&o`6MTVAT{v<usSuYa^R1S}JMuACqFI
z*zKiiT!F|1>`rWxa01@L<y2yjkJc%9bKz)|V&9V#eT-R{SM9I0KZ}KHZdYCZFB5xS
zM&0;tEq<&2m(~UUFMH#v&r7<118RI-6@qIb7c;SSql(7e1x)0%Zs5XI^Qt=jwRlH+
zUPkTlAMmvVE#p7fzTp3PuUz!>SA;n<qGC)*+q=T(DM~>mGL0m<cCvHf#5^_O_VipF
zGTA$EntxwSTCA_C9-L0djTLZRH5g5W*C*p45S9{}n$!4_Dhu_Gq4lYO&`@7A98XA6
z(8t{gqWC=+>l=xN@nBvw6o<c|WQd%hr75}uO+Q09BCt|Qv%s{t#H*C3gqSEp-%uef
zT1iv3o5M2{&SC1J78T1<QOV~r(@r8PT9=AC!<M9_D7MR8TEinlz0r}rFb2{wtSP0X
zdI(`%Q_5D@$m;=8X)7)@C-ZFKt+%U>*fc4n>De?bE#=WT3PfJIGr=@-YL&)t$68PU
zo^qqu7yQH*yI=vpb$u$UZI;(guW)ZkM)asP`-ASWunin)zNA`KLQ69QR7%4N-6g<X
zFEr0DdL#jdY==ruyR;xr;l_gS#!cN5WzzY)0+TNS$ekrCV|p60L*c^G-6|36)1)TO
zN}+;5sqoa}qzvmAr-VB=xR60XA4+OkNr*vW3oQPwv=w(obRpkG8|Ieav#25;luP5l
zKc<vAcvG1RELnJk+ghWtgqu!KMRG6>E$}8_MS^RjTp?EmVmJ%FX~b(qHOXBA(=?Up
z*M0@e=!UlXE%;W^&fS<OU`-UzkY1cU(#h5$l*uu_c(H`g*&|)uR^K7g{IbzqrSR(T
zP#CzAM`9pLTRoCfj|@Jk^$$IK4kf6^OKW7gND>g=2qheO1=&l_L+oDBfq5u;hj?^a
zz=(dnf>R-WwbCYHz_5c%2XqnSoNPU2RApS_6qzgM5DaG^1_oAj-0KCJ36g5-;JaFs
zGn^Ln<ih9|Ub?G~e=U{30vPl;G6IoJvh%I89{qI@OtFdKRp?nGUJfyL9aRAN0%LF$
z6uQexHvLKA*-A0b_Aym=4K`36@iZab^(68Ne+7*Kw31h|?vEM_+1Me*d|AI8ETK-;
z909u=LY2F8?OC;6G#@R>`i;pns|Nx=n^7&`mMudSG3M6N<Tl&E59|^AfEm7t3Qa^v
zY|jxRJOJwwm6Mm(vSG`NLg;oL(5dbmC^MN&K}SrgghnP+P92ln@=^qlE{)reN@i@_
zuCo{feXc<8bDJ*!vbkrw4brE;B$?nz^u8ntf^aI2<#wXU1cKD?Y$<^D1^0jm?bZ8%
z3JL<BB_lOQ)s^go8^bCZ#S@9nX}0>vsW@77>=Wb~^#~m079>|y86)voS|TWoMXR2Y
z)_RX*#6@ni)wIXoW#cr)PJU*>FI^u@!LnMW=eA{ZO9A|lhN-AQm%7Nk`!vZ#6iSfH
zFpw@h7~KQULV(=9q-mw$D>~lMmMZ$R!U=iSq)YHBG{{6yMv6kH5#nAUpVf|~a%ZXB
zsD~gFK=07jV!Ed(VcMbeLad|IN)fl|ppv80oI{B2Iv5I-Nf;qnLV18dKs?_Mvt1;G
zhDk))R5G+C>~{g3I6=l4gocv9UB+(2H)P`l{=$e1(O*uTSqX&UbTqm>+Dgl|lmTwf
zzzQ<*vATt6EP#~MNSy1^?I1?F!xeSHXz9qD*pjV_(s%`<nNedrl<W9@h-FH~ofmuG
zwHAFL#WD$Q#$uzThDHW)47U1w#PtCc<w*H#pMuD1)(WCw6BR3E8h4G*q3sD^faT;?
zqcD5$O(4;bG>?(s4E}TZ98}`TO6e)+g&f^I3J?doWO$UuH~Nu)N?HYIN|F#;x;h%`
z2}Ki;p}z2XnkTgy!}ma*)8Wq&qIWSGE!C_JLMT@4I|7VQ)s9+xE2^Zk8na@97WcVI
z6<Cj1%vJM{Iz>iJrBJ(zjhu=C*0?x~aHJw`_QntkENeWkjPl;Xph>;qo>1=^(rGM@
ztzR-=@|s%^YN3S{9m}yjK32LLHx+%tW+DNgbs+BWBm3Y5k;B@ID{1wlemPKE2EenD
zvV|lwQa<7Wt0mTmN{-yovfsl?(TIu^PQD9YOr`5AkZ)De5^ZE3#IiWsTF0N@>849m
z7A=hm@+Iv(sya^L^4ub=(kFX)*=`cDIpAWNd4$;ve-gcfSv67x@~oydN-xKo#1S;O
zBn@y2f)%%Dz)S)Xph8f-T-fSz3c<>qloVY;!tQSBcR_q5<mhr}T+kBYQDA~Z(iJ)g
z2rkN~ibfVOGBAPR*+O=T$whzAej|sg!nZWLPfN|2T9VWp&ms}7La@F>rP=_k?zCgs
za$i?8V#h=UcNMc$PWU`JM52=z19q9Gf<z}ZsL?bMUW5N7y@z3F*XRs!k6mSK$DZRL
z)`b3cOJ|?0GXVVPqyIB%p+JuBj;)!u_ELEY9jRcQ#L8fpp6bnSv}_NG=CaVKabWto
zT)}v?Y4y+KSQ1zV(z)qo!k9&#vS*nFB|ZSipthe*i8{6oa}eg#v7t|5l&AZUm||;$
z$xw7~MW+MJe-w4XMR_~(Wd=nM(UwpTZ5o*tw8~Vs_vvD~E$R|P_o&63fQ-@UQ=iB5
z1&9Vbwg$V3KxyX3`_Oq0RiTLW(ctA&!S<!euQ~iM%td9zn5c_5_z-+q&9Z%hr>Z_`
z-3jv!9tYQyo?5eM%r?;%nY|mM5;Og-J`7WtyrRmsrri2GS%W)iHgSS&Kg$0UDwVEu
zYjyTo6m{I9&lADUpOh=g!w3~fDof{#x*Gy~@1n|_Yh2;YW<pf!t?|T3-!h@RD)U{V
zhJ*}GJC!1u(o=IQRH<>{HtNy3ME~XHDh$4T5!GI3dlx{7F>C?KT0mgsQf{<@3qcy~
z29NnK=7DZ_1RNw*j(P)^|MzF|8UZthcLwaS%^x=GZCSrAZ<@%OcUo#fQMRZi(k4xu
z^BxJH1cB)SnJ%1p1jAUm5it;ptw}{giKH#J(Bu#fQyhhcL0Jc~wtS)r2UV6k4elAV
zJ@8JxQ_02~eIh!C*=`S0OI&EgP+utC7x3}qiR4IsKP=mAHX1x+DN=pQL)5P$ime)R
z0)g(@%m#pYlha%Q!-inh(uKTw(Y3Qu^^Auty-;nVZzr$>Mw0Zv+=Pi?G>)S0GE^Dz
z6g030(k*J0y8c`2mg?I7>;?P3pgI00+W)jK*#GQ}iwWU_p~w&ox~$o>^o9FFBhh3^
z|71u-#P1quoy`@s)J#HdHUs8Lax+j<bF0_aoEgvIPrep#YD-53jJvdshkIl3J~9J4
znNA~4lvsMmF3T2&q}lm&O3we5F}x>Nt?>`@kLsP=vd3lA8~-hSOZ>++--7+$Ub#+i
zoIt%-!T%_TH5X(#OZP}nQ4<;t^$vss(r5*QBT1cxnR3!`g2Mp=4;SpHv!TO{%g-r#
zcx1AeE;qG${lpNC%p-Xik&Cvoe4X81HLt)Lagi%AkcvizKmuOm>W$+0goImaD&Zkd
zcmu%XZE^<nZ&DMJh?<Dt*u>9|i7*kQqc4(3_C~{@p;R&yUmZ>+XeAjjgV2i1C<`wo
zy=spCT2@hY{F8NKz>A{So|aKB{<kj>w2c2?%fk5I8`lX$iN%H%%EKYH)H5pZaCPf-
zAhYOK@_8P<a$9<`m?yz?CKS!;LZau4(V~yTkWmAq1(^jnG`6fjVkEk35TnbsVRYF*
z3;gVC>FD&efwW!%86B3mG{7wGObycN3d<xmz%{8=RU9iKV}sg9YRbOS(Rc#glF!iy
z++(C+#J`zJmiwV>mhG#G(7j}<xW?zA6|jI--Ns2NnG4i6as`M8t-q4blQ3tJi>y-e
zY23!f{Z`E<U`bKRZY+x<0r!t}og{&O0^5(q-@U6NxFqh2#5Li|v7(uyX(iKk{MWL=
z|H`W#{|6e`<1*^;|5l%c|F^UU7x@3)xSHniax^tbgGL_Y#dndigi>6kY&1!LS;3eP
z(~1)V&>oo={C*a8JlGuYN&fcEpuaQdGlU(V*Je1#s#PLBM!HFDb0yiSri(c*sTc7}
z!V<w(+cd0=dNQ?2GPS4_RN3ipBtpXxqV9{(a<LRIRlIw>Ubn}=_w@-J(-#Vbd{Pac
z=;p&H)g;10Rw2^@trdKrukjT(;E`y0@3>rcZE<T#aJI972dB4eCU0TYZktiXj2>yL
zo|k5VqPA)o@pf>0P>le`m9hn`MzEb!Z%)5@advY%9Jw(xuOMfxVG?ygLb6BZq<dFR
zB(Q>mRTlm@P*1@ENU(e*x(Quy@UuUH(jAcIk$8w_0$g)?<>qy!25BsBY|X#-d@1mM
zazLy3RVV|Qe0yta)%8DICjK7`w6!)!t*=5|EZ2WI|F`siR>{ma4a~j&TYSO5LjUiL
z%eMb3^UDTyqyJml{0sfRH?C^^pDSeLZC>=TyXR%pmjC^}mVib7+tRuq|L>J+#qoWy
z-sFbiutfYR50CUjBfXNdskwPwu(!FnFWD!pA4m>HK@9gv2@s1i<>uz_kP`(ta!9+g
zxp``8$~zVGDy8w}WW0GB0`g-{_7fxaK{ju;oOP~rtiX5pM^0x~5^-=vIakihE8|Fh
zozftNAw#Vat__G8in^kirl6_wxxyCIhjcsD@^oHSCuF(olqO2@ShrXqO4!Aca)u0L
zW8HwVy%|+?62Y<CS(dkzoAJ4MrK54hq+Cu*n7s*Q(yiT29z;8dzSVe0Z<Y(2&_yhA
zK-TRZN%l8&Ae0r&v{5V2XlbRxu_Bw>D&?}>=tT_O34?eFMd`1ha@k6zj4#da&=5p%
zvKFUj(K-auxFR<>E~WEOO@d5`0Fl&ErrSwR-xmwxw7Jdcl`EQ|OuM3q|FxAXMswpU
zS3uV(g>l+9E1KEUie~byTK=p|mvrd(ZKZ8@l8p3^wBmSJ^@-S!nwmu1q1bOkTOqwQ
zH=d^8fsXvVcJK>oQ^^xd<a1i(2b4)!t2>&fu{10d$F9!tPEfYWrL8%6%DFPeeo=%$
z@|yXmL637~g8ZFbo~$xeKwBN>%0BjMcKIeSXl-fQxpIL1m|d<6#uzC>6?^HAS>{6e
zMMCYRKO|G*Rx~rLvlj+9lj%YwohN{R9LNJ^uHF$sh7)pyG9?Sr+Y#ZZM$JV4WaA3G
zRIcn{zh;>+hyJee`7|$Cf0`u#cp;bMLI%cCoc|;ZmuxPA3A+!B<=Gc8nI^U^nkzEI
zFR_}_-sp9mGjKJZ-YSc*6Zm3&Kodm)87J`92nbM0@;2LHWEN;=n-WmpF#A=5RBda@
z*lfO%9s|ZIdkb>8nQ>Z`2}#bC!}NuvLv1^<F8FdOo!KInnpcgNlu9uLT+ZLpjwCxS
zCF!T?*scp)%}kmB_pVLY12m%Dc0A{E8M&a!Y(PiplYnCi!pz+Trfp*IY-)AlyNLjn
zgA-7<Q)j{mTxZ0P22vI&*T-$^v}Ut8HId6qpwsKExh!!eGL@dj9g~cHU_y66K+UD`
z_*kysfY)BsQ>OE(A}JV#m$*~Uk^L<WMVXwe6!7f1ERD+LDOsig0tj?e9?{`Q9BVtY
z4{}y=k)h;f<$6~%7fme~E6K7RKm>JE6&_?jMX!fdaG%$4??|hpX{}yAhcDuiPfVDU
zPfi?<4q6SZ41H$dTkNnn@cKw87<5>flG0n#xja!S;*OS{Q=iMS!dzxoAw4Cg&}Tkl
z=VsCc+(zVy={BOOR7x3{xc;YI2-BEjE`t|$-~bnZu6|5H8dgk0S}8InO)C}R1HYm|
z+F62yx1+fNF(hs#aC_Jjg7!Gl(mI$+anH1fhw#`LF^*hiOwt=m$Zu4pp>Db7O(X#a
zudPICYJ*X&*RW7cCZPDt=A}$Nt*SyQDp_XBnv}HG*xBr@v~gAQs%G4l-3%kT%(G=z
zhO+4*(l(5XDW$Z99>dfrFq^Gag3nNb-`6~tF4+~*PY!SvE2DX|GN#!*q&!tD(8mgd
zfAeOvXaWzSMH70AWHtqZ2lz#9yg&_K;>xI8f`&!pQbkSYbCYUjf<}N#DwB)TY23-^
zQl-_EoSIgZd>RK|F<mNiPo1+A*w>I(k}#8a9q1T`FdaOyO1Ivzc1Y}`YW5W{vy?1G
z4^WEa*ehlyy8}vzg0K)ZR&Ojl3Tw1<HaCvGcDz8P-ceYs^z*{VSE-MFt~RJOF_GX}
z5EVJP`|$ubx);N}jnX7-A2c?t$_`;N&*jTXCnjkciZvyMLxWApfzZ&J#7Q<t%orq6
zucH^3v`pOAqAwRY4=s_8*U+;8Mz=Q3fIDLxYUr_&#QK6EPG+(C@QAGzS=!iLwOIqU
zL7a1aElxayM9vSPgDVk(riqeIhisNKeI=_Q(*&9xMUUb*^A;_F0P(qivlCyS6K^W3
zDy3XEl}}5Y72wj5tQ4(_`UsxcrJ$PVlHTW}%gnXJNtdP|I37bi;@RYGXVCA2A(|~u
zbUQmboKo{jDj^hEHPuOwrdN{9K7E~G-0W*@_AQqJfzDt@XKT=81p?fI03ZO(IHLHl
z$Dh6u=iljCeFa(5ul(;beyFDZ6D5s3Eu)_Puf4U!r2lJ2mGFZ8Z!cW`V){QxTTlFZ
zsr<Ok&sOC(7meR*sq7o&nzYf^M8!9E1)o(_<z(8vTKc60Mc;p-qHjT8x1g_E(ANpW
zlC7_`302#?nGY?U2GydCGw8BFx-WAr4mswF`Xb`wF%64Nc@j_D!#WE!YjP=*OXnTM
zN~x%z@+)1I(xb4rh1F+%T0%dN81)%F$D)c1Zg^EvreOla^V<M+_0ULDKDR~2pgl#9
z62{6-M@go#2hzWn=~>Q1=g?!ADQ(po;dG1Ub5zO1WeAXpHQR2+-^h9L1W83`inrJ+
zIU=z7Wa2YjhSK9OIqt2>w$SlHg_OoKHjfuMD_uPtrE6Oa$7syPqLVV^NLC@n-z*e~
zZ3(l|KsdI@a*=w^LM)bWF-MRt<;m(R3o=tKPn$IgOXVqD^+0_37IUSXrUzkdp?>eu
zWe3--5fUjYBrFPT6Osk`C1kyiozHrlU<|`zO#o@K;GgOi$Vzo3Bn}=kBP8k$Ru+08
z#Nx6-DIQeH7RYOML;-yi!gq;ImZ%(|=eW6F+H?`nRV)#=uNpce8uAi)d{Sn9{Rq&K
z#KapUMnoVGPDNAW81cj;Hm0`D3F;>jl#wfdYN(?e)zwk9S|mm_S-Avl&QirG>z}MP
zTs5Um2}RrD%3iI_i?R7#<a|aGF3(Nc5WRK7a%nQBs;o#v542#sl*Yz*XwL(6pd5{X
zNwGJv+vSpqs!$Si7m=SP=ynh~0x$;Ecv@AJOpYkl4HzaTD^$sa9p_B298NbWBr5}J
zVIzir(kM${5*~p7_-8<Pj+H=+mk}STgOaa@)YF3pFmhw~S0>FOgHoOF2+k%vl1fG@
zA{+y<W}AUZR5_n_00hFp#tgOd(6Ou_ZlHXIBH}80Y6AMs(2|_$7^{>DP$bpJ0@bSu
zDG@t|M~xjLCwH)Ez|6CRnW>!yvP_Snw=pxNGp+*tP}Dn@eS$S{K9Ag;IY2-Sy#rtI
zR+X?8BytdNcM|KE#7r`^R;M3Fav&@vV*SZ=p?Fw|B&6YZY;B}3+$T9h33zsTq;-+x
zKx`x_L5g^2D7it3^-H0l4bqy(P@hK%uOE)17yMY<5g8ngM#Aupx)_QKt(JNqANm%L
zMg}8E0Gf<RSRexx2`3QPU^w180FR-bNHmh%;BoXvl0yiyKNgol(r_rAjP#B~LvdIx
z$A@EyFcjYhV22_@{c$KIJQyBIdL<|pUP|G$@FXP$LeVIe<p_;H_2XDUsW&#fAs$&h
zkdy{u(LRhF&=ZELg?gf4S{AgbHyVlzdZfP4U}$xi<ca~5xC4{X>PhPc!uSfy3&H=r
z$w+Jn+tC{vLT7nN4>U8L)UvLNB*Gpk6pthjBmME%pvQsugd8yf1o91qDHO!DWatt|
zg3lv~um(`-3x}cr3;Jis(0{X0an41<xtj{ky{FsMRhtf?+Z45EM7!BO3+1L`zO<Vr
z<)*D}vzq=-5YhKo$5coE*WMnqIsduf|6#9O|6=;T{|NiP{|IH^zl`PIf?n|7R4>SA
zhHC=r8elHi{moV%x1dK{&?ElG+Wi@aJ{Djc{tNbhv$Ox>@Wm$0a#W(t8q9ms907PT
zxlBTbVCV((@IhSY&~wGiN{u$2Ia8)pF!rm?k+BG!E1T>P4Mv9qIe=Q$G@|Z<ekw>x
zDGP;R+%V#pC|4#3&!-FH6|5pB2;veDWHPzLv_l9CQ=-1D#15eI5=r2(QQ5&}0CY-O
zLR%mx(!p1EtdgkFE#-)QS3*NUKtnG#Or)+-P@SS_e~6irMwN~gXwC&Jdy9-|S2UAH
zN3kRqDOwfoNuFs@^|r985f}W)30f8dM}4huV7d<$oaHG{wUVP<g|=$BOeLQ#<;sHU
zsf;?gvQ&iG4z05sqw*NqYB6WWte8otH7f+Gfc=vrE>2KOH;IVligMI%Zjp%#6P2r=
zKzNo*1z6~6o>x5%*4C1w6pit;F}v3hD-d0#QbHY)0G>xv5qi+$pbUWNI;lF5D?2f*
z-m{v<(_v%BW)uM^2NJ~qjbf7%+%Yt2YSHL(nxaE=fm6&;^rwZ`SWIJVtEb1a?zmi`
zL$n#lUR;cyP|S`s6=7;XGtdko7r43u|I$4IU6IC(PN@+aZo=>|<Thrgs&0p>8~3K`
zSh>}=s}<CGj9Mj1M$A<JfMdk8w@^kg26eRH%t!-*6o-ifNsjjZL{Lv_6~{1(RV0Hv
z0$&zp8Nxs`Hwu)9Gd$9XaoXY@3@W99>PVx`oTzw#ca&rmrc+e!=Gc}E&0qva%^lec
zm{W-_RGCg!jDu_8?Ah$46!<n48#*|dvF#U@B}1G+5f2~KE}LvcO(RX=MhMLTthy`_
zlS}eUw{C!MIA|YB=}bme38%n346=*urNGLFfpP2eTL?HIs+P0pVjMA~`*X(n;yxbk
zs8rBV2rxXT{xl7jiWp@v1}HxCj3nqJjYr8$&gE?wa4uJdX~3W?x5IpzwT)sPnPOU+
zl*<ze2mzGvv&^>yBYQVvSt16pB^-+^ATM<jLbfI71WQ>j1C5yhg);7D@xVMPpbimC
z-D0R1Q-zFDkHlg-=oYRRM253Yx?NcSuD~V@L#P=y-GIr1K%{aagckB>5x{UrWImWI
zrY2;9SX%$A%o~@bt;qm3ac=<Fw1@3W(7i5sE7ZM09HtOA8#Dl;gKQ5PBS7)a$mX?E
zl5FH+Gck}49flS&bgB<Q5^%W%#fE5i9@m<N@%5&)p`b^Lpa$o51ryKORf=9APf|zQ
zE1Ka~C-Wj-trop`MUw*S6w0Y;cIEQaBnBG%^+@O|rb;cs+;dNwkq{?KfzrL&%7N@6
zX(X88ES-*RGMLh&?=eCXj6{9KF?X&W@V0uFJ6CQ^!^j=i0C6sgc<9vLGM_}PUY`f+
zK27KxwI*c4iU}ulfC4Z+C6PI*%L>HrVZscKd?Gs1tbj$HRpSaOaXPP|M8_1}ULcO(
zkWcDJ(-}OYeyptC6gr^!c-DrqM=Ip<h9NDvY=*S%lE*x>^_s01E$K_ac#To6k!D2{
zU5P)G?-#8kN@!PEMoF@h?93#J@@0~;#$-#DjD4Mjgrq1!vP_bY?Ae*IWZ(DQ*mq{e
zVD@=`e*eMyd7gXUd+#~-IVa(oiS5lN@%n_bc7dh@DEHa>{F54~B_DHpe?BXH_8+*v
zGsQTFTdDZIvksremAy;!z0^Bf5w1fX#v_QZq3{P5mWxz@hgcOxV}sGBtb^h^Hz&&m
zURj`AstBJY+J~i2YsP==6{I)HDhUiYOX~DogLk#J+*T@Tpw;{_ldpdOD_Op&8S@}1
zt<G&t$!3_x4LaqgU2;XS`%ulPQE~f)F857e>Vwu}ig(&wS6lwOcrzjI#YY`8{%6@y
z6OWI+z7dJf9i-GG$aa+9&nQ$qe=WWv@LJs)&N00TzMzw)mFYqjvctjUk1b`j{(f*x
z9I*fE(0D^!(&}%!=)KxZ+e^lWeBF`3g^Mq5*nh$LIf<BAo3D`)lfAg}hj}Ich`y)}
z&oIcmWajns6T;5qcRU&C|6JhOlhL17^hLR{S63}s(xjE~PL6A8!fQ?zUu1;%?gh*Y
z`gg<)90~WV4E!lv+}(D|weYP14}5yfz`Vi)>TWQizQ*;(r|@fUqC)J66MNlKu@5G#
zi?ujy`HG~c47#fdhLx_QDoJrZ-}qFt)03(_sbsh7Q8_$(Bhm0;idocC={e6EcPx(!
z=!#G9bxlu6n;4aZb?OWGYGfM=q7(#VTr()%P9L_9+&Vh_%9ea<al9@?f`jx!^ru+d
zWzu~?E92j}k3P#+N%OVutLyzx%^^PiK6tx>uyR=(E@bhiI^k@}q*c>Vqi~eso(%lm
z)ax;V6|2RA)T5CN+ftdT@%o`UW->YS=!CoE3XXLnRWyAt%e@iJ%5opsg8a2v3@TR4
zbpQrN&;6yMPtmOfwjc+s`x*0@BT;IxI`--}ZubjB;a2C7b66tWcSvch0n@tBaN;7H
z?^7)>D=RH{HMU-KP~eeA$Xv8rj;b)Nt9IuKFnyL`gW9y7^<|>)7Pa_3i39ZF^&&&C
zlLd|3=RZq}DIe4JBKrksBgV@3r}q~uRe^<sN?_jzf}5)($^R>=Tc6PvzIY0MvwpdO
zgOAp3$H)L;anp>EXE+8MBme?^sM{0{V9_S}UV>hOfPvjw2zmyd0a<G3w}Xn1)5(1@
z1WG4sNL96tO~~2tS<8Y=Q^rB=6S&1@obLrB2Du1_LS9d3!+?!R@}bh`ZZFc=xJHq-
zS5cIKX46*F$2_OK+6ru0>6zr)mXtOKtpmc|N^s+wA`mHiHY&u30eC%y1EeNH^$nSC
z1Q=vYQI%>)cQy+{bzz%V?)c2_wd;eg^gWY;)vf<Z1@C^2d+s-qS`>>4*{gsGDF?X#
zg)li98DH2*?X6w=F*kw^Y8&ed8PY^EW*iFR@D^KY2Ms)rV8QEx1g%?M&Hd$#BwhZx
zxlZY#=f3~y<&o@SR+2mn)%o#ZUup$nZl_@+83Dve$k#9(K$`58a=12qO@0|Ie9O7c
ze0oi7t;XE;Nr+QW*6zeoH9w2mR>1Dc2!1){M41giw3UF+dznZpLAg(I+i06+Z5WQY
zAFa2ru{J(DT$Y?(T=VhH`~v><e{#YPvt!*}1ybjuVAL|1uB=MGK&@m1Yp<Da8r~B@
zfg<L|aBO?mHi&90o|tbqS_BXS*z|rpfia<Ktg&UPjhn23GF#CILZ?%kNbtbJ!F6n<
zO#N=xY8_&<$E^}Vo9a)Lh=P!YAYZT-Y!FR$Tp2+tDJUE;lwX8n9XMyuSphdCB*sEs
zq*eZ{z>*H8K$^^kfP(s#MK6dqlgkt~K`)EjuMrR?5yg|;Q4YFm66RcON3Y-*qb;BB
zlXwMDEC!(tJ>xtILUk(|#s&6GnWrySZ!pGeeR`C~Y#GdnRma;n^h&f1zc%#+a55$&
zBt$i+h~7&`HD+wk@&BQzk$n<o|FM(<)_8GDYAT$uPn#!}8l}=9KCPpl$@DZFn@NoW
zQ5TZhI@5W1qqYwNh^@HWfw7^F9<&9>&B*U9FUr*sn*=aH3s`0T=X+ToUSY&tf&?nK
zqtFoIUxzrD&`p5;vGi|Tk*~6)&s6SMu&B!U0d*`oqpxar3CiA&HJTk$ohEO>;DHA{
z3?!0Hh%=K)RML!PIU?xmkZA^W(OD?4kw+d&ofyLU?=DCi)4I-r0(U#~v9#zB0%W^)
zp>2n{TmS-7BBn#6V8Oc0+Gr+Qxn6*^&sxsQs<^Wy@E+;glHAK=)zZ_<E0-2>GUyOD
zc<@?`^=Qi?gmG^Ni#~3PIDi|<2~rKFmY!5HTGKUgBm>e{L%gyt$8#91(|i_$E(YqM
z_oSh=WhX@7?`&Cn@+wks>A}qbvl#j`oq(7hhH&8pZKg*H>-<L4$F%&&l5JR?*2W~*
ztoOo?`x3%tY_j|}`x20@{2qk@VU};3LKyh=ie!(PY|;-nn+yU%*_xz(=bKrqD3Rbb
z%c)8UkN?;kd1KnBjJ+B6xh5VtwUw_9SY~1o)2B@pKB1L}3((hXKFTHJHy~)HP1&O`
zV%_=ByP*ku3>u39kSI9dAH^C!;nUgrv394H&@L9Mwm@vAxTv{!dY*apa(j{=$tI(L
zbqO;Nl2{25!BS_CxDZ;4vz`0>OE$CQl6{!gVyD}PgJ62HHnl5{q7U(_1;#n#5OjGQ
zma&$flmt^FAPFJ(&xVoTBjf6K>$g@jQ1tbH`pwW}!9v>TnkIg~P_=&DDBZ@UC$AP8
zOzufQhriS&3k3L({kA(@CboWTq7ZFKwP_goh9NBY7=8YytSXY;+Wv0>9x}!5(+29&
zdg!y>#2z<(*H?kgP{*EcZ#Q!<^5cCG#D+sKbovSmag;l6x_Yq>R~6I~rS;ihX$)34
zy*JT^QmL_!O#~;?hx4=(65wFvVWipUx)f-{vvGZSS71T4@D|JN1>>MFGP0Q;GEKhO
zUhB1&mm16dw+bnW{rK_qY@PaNwcXON00Y8~5BNzPIYPj;in-eb;DOCedUMV!b%`us
zyoCmuIde9}(&G?^Ie=VADad>3>T}&9uz2ySA;fpaF942Q7+zWF+d=oIW+2$v!|Huq
zXy$Ap4E(oaRT{Nf4?k`;)=yljC}Q^kLL6^dCG(h>0GJb*ozZ-d?~Ww2ew+uv0!SzU
z#Mb<f#|PAgE*^)=%ybB%Pr79=*Ywf8lP(YqfSJWtMI=F3>mRmDtRstn4rxHO&es!S
zY3uFzDzG_{cb=#T&@21gsmv@$&B1q`LdgEhqAtI$i|NG7$G493!h$z6+gKVvH-90Y
z?PSP!3tnR}rp>)xVw|)NMF&qw3huDBWFz`!_f~Oi+WSR$OW);1{dz?NDSM1w@kcw)
z8Sj==iQee62>|bRi6z&u!rU^VPQGN6#RSyt4L1td)*T3}YO|?}c*ZOR#U?whmggLv
z@*?!`b237Vtq?6CSX#R@P-Qn#E*%i+o1;Z)5D05yu?9eLKDC1U>Pr|X1lc`B(I&pp
zFVdj@tp!)D=i{t!>}q+$jt_*nyH<o6Vp`_*N<u$^8Dk0QQMmmcbj{927QAbgF<QG*
zvs_!`rbR^;;kIb<Fkl^yqpb*1)DQY0^?OWwCZovWoaXn;`8S(kaf~8%qfg)K+Dlbk
z^@j!KWp*ho#<`BvA5*bJPOf9jNX*cp;)-UxNi8s|+kcxDWz)Qe1SE{Lwt3+i?X~O-
zF1R+(38=5sPr$V)Yje%=+PDn|D5k`F<*iR2YkI6%07sIb;9*Bk?2aQ<nbgTbKT`(G
zlf@~pRU4#v`YZeclAZV3S+|d$m$fGRQ6G%xjY%M=Emas*{+T8<nFefMrp@z*T+*KL
z|5q}Q3=qx-pjMP9;2Mt<p{m_7wB~kcSQ7!z(x8vXT2G>9XeZX*vnY5V&8N4c^0gMF
zl)z+n%fCML9Jytp&swa6;m%lW*#s24by@6m+B{~iFMwoyNa8B2UI`1pF`DB3=6J-g
z_WgLFY^Ub#`)%p|{W|jC-Dy*SkK0-++5`inB(XsWSEpXSVLj0=0QPBU_|X-{^}66G
zn3f0SWkC%WQJG{Yy`g*zyZsu@!G|Jp=7et{d)14WOA^f!TcFSx*g<15E?`%>5{hyo
z1z>CU-?k7Y=~D@hv>D(p$TqTkI<S-=aH5bsy9mWHcXfrwrkPnF+1a3OB|IEkOW2M|
zM-SE>2A7x+p-z|9Gnu*rS6_)1EYw_G&&jBv)Z$qWH%)DeC^?5&as{@v7tF&y8?=&D
zuW!q2^?}hC5Pb1&Z;8*Z9qqqb`;p0j7am_&e-J<zCv=%VC$(!6-g&TE32-;_G=7^U
z^j_rVF%UrgXYbUE{D@}v?(6F6PBiQ~b;*fX_--iTS(676Z2z%?E-au&*j?%1!J$}L
zaj~qqZ&^@z5B5K3z2KuFEm<7l<GN1<mU3=+r_n*AHe2~C*c}I3tvsOMHkY8NMPJNf
zI-W`mh=mmUOeL)DAr@z+z<c((%>o|i6*3MxpMpcG%+<KoJClC<5b9q50caXe+!Bb2
zme-<xUN2$o=7^Lo=HZc>h8vjo!u()X8v%sc7%G$oa$FW=9TxLrt0#si8F~2UHO#b&
zkUCTl!ez5t8m&p%j{=V~s(Tyn<EH3iZrD->hI0lQ4@HsMfZEN%TDhvZV{^wL)JFac
zL@AX5|1hf(Ojt%kNdG{<^6#!mFmb-pJ!H$-M!%l&IXMH^)U5;pm(5igK2h;w4Ez)3
zdK;#WvE0#Ap_$BdS|k?D62n5u;0GR8{e?NVq%TkJQ}KoLCBW8au~%tld;y79&L0cm
zJDolTM2|`zJe(#rrOq-ZasU&LT5^9saizy}eUE?{_dCc`o%RaY2<1UBrcH6^z$w*a
z8mk3{_LvLhk-r7@nU9<Gdk9DvdkOD1@k6_WJR3lK!9ySscBlN%SpD!M^;bB`cV899
zm<d3S13jBq6e}5r(CbpfU>#=i^6>89{SX_|O0C_xLwn-re>oY9IW8PM2ZtrBF2h@Z
zc+?`ve8#usA{w&VB9VcqV$^a;2jI48j4{^os5L*n94`Pxk_Zs+QjM@%AGNzSmJj=P
zWhpAW3m?)}o-<9F#r*diNa;fW{h%$2V88(icx~u|X0$4(6UeJOLH{U~MI!3)HP)zw
zun_*L#Ug&F2l^m0CQg0HnNUYcG`FQquO1_)c`^F%)Fu8Yf?7L?x*?Ei9JoZmK{i_o
z-1;=~vz+NY@STa8{RkiD$pF?t1l&fbmXVz^h4*3ylwm>$A;PoyayyKX)k5rk0{<*+
zs4u;2u@uT&E=yHaoi(YVZL90Ao*fK}5nwG@XJMH13jK_rg`WO8esl$TWnyUbFdLz$
z-Gq<_a7~spPIFm_p|#h)TwvW>y`3|LCL0Cx{CPf0Ybc~(!M@{$cQq(8#D!}CpvyI@
zU5WX8xMg(cNxWy9Z~$V<f$@hmfn_wmWe#C7&~7{TTowp%a#MA*cOSDcbuL>`vHLL1
z&0Pi_VC0}iLQI%*xH~&If`dF$NsBnkZ|gg-;kdhs0ikbG55i+>R-x!Pn;|cz9T#e@
zK^2#`otPu<VN>C_khl3Vi9kQNwyuiA)tB$D;)Jz_@Yszi(?WXxax&UuA*Xkr4fv%=
zAcI$XvlYbZ_ohuNuhZ(O-7~dv_ye;SrI4xvMx{TDLuhjfo)L6dH$?(pGCN*N%Rv_E
zmcUt+GeL_VcPc7W>sKFslGV_RV-2cet+d$fG0mVU_UC8$U_?B;r5S>gr^Y=~iYAZU
zlxG~QdQ?Z8rh=g019Tk7Yo{#L8j9Q?6S`(7=K&+@N>qp+V5y&DmI%O?{qlPmv!(np
z+JxCH8-Ur;8kSk4MIx>&%T6SNv=Qr25yqTkRN9serIITLA50+VAcO&uzIAwZfA5L=
zG;2ollx?NT27Rt=*>mN)K8EEtv<6^FGtq*xVCDTD3Pibh?OhBuWvX<!;BzFz81G}f
z!VA~j&PK*Vn0`U-t|aHUO{RXck~4Omm%x=m?SnA;vorsJoe`uIf)J%**pPAOKlk<e
zc_zozooJ7`o%jEYI+Rew8~r@Sn6F<AZtMtF(Ta<97>x;#>W*3sg)-lXq>c_%)K=$U
z>+3$@gNjO#z21yu;0%q_@YH<uXlMAUO+c$Ap4O|&2c`mYthsBe1+}YKL3_Ab#Ui~g
zpuFuK401b&<~UZZG{tXK^B{g1R0LjpQ|i0Vg*lv*B~X6WheD>lQ*0<0UGd`<E_j0_
zf!?hE8KuqMHVGVRhD|9~)GtP6?o_NSK>D~*D{fK3o|!N|k&p?jXF9teT@zI0Za!2<
zCZK35a0J6GhTlfJj%|KE=i|kwJ_PBYk+huy61VY^fA?M<$MmNA!N99-czS=uW>l{h
zdEr+KRK0wiCsCFy#zxSs<Fxk9^I|@LkXt1KP((egHE!BpkCa<kA-q3aQ4Wv~B))Ti
zS5U-g8>ouy4J6$VHhFj_S!ka|NnUe(D2EsEms9dvY{hy~0Y;r1*{&IkVtouSMz8gA
zdye{G>1#7Z)4s$uTl&<DsoSOWI(9`Inz`7Jg$7muM&l-XRgCZfPh~)|u{O-X*f|UT
z8LQQ$oCis4h5bj&t|2sf5hUk}yp6&a@i7s2LAfgS@BG3VN@rPDR0gT*Z~@nodeXek
zxl8^BB!reE2x4?Q(+9^0wJ#YlIdSZr)?Xhnlcdf)&chCnWW3&x-Bp3}Cd9*LpMN-=
zgCg%{fz($`XpM(c5UE8#p0y<b9w5e+i<Yz4g#z`088hrI>zWL8&YxFBLj{0?%47_K
zC4nM_a}>=m&(B3;D~0^Se3v`$=p_({-aiBdSbf&LYjw2mwUBC{bJgxq$kfy&U~Vx7
zq>Pw!fkRd<w<S4a&@RD=gn=$&k(7+W27s400JTo+N#)zByH&Q=nF<3+_?a(GjNS=v
zoA&lQW^ub4M5vvQ6vs?Z#x*fByA?e02*TK5SH9E*d5)M?@2e4C&wzZvRl0OI??AHl
zzv{+TG5*4_%)DfNZxO!@KWCg15G|iUFaM~20?#Ud!f1KVdZ!X%p0yD_c0@+vFJTZ<
z0wG|3c48kU<l#{Lw(1=<`Pwq31!BO(Tu8G-7p$W}?3D+R)|cY_Hsz|&1<rH3D`K<c
ztT=!9+AUdY$lhAVHXIH32|H`Zqr2dk;9r5@JvM6$yWE+eUjZS{O<m8(Cb0UQqCk_L
zvk#vHtOKk?Q*&Ft5j+S7ybr9CP}1<~l0|ZXh-9T$G!!qHhtCC`Phyv#$?3kqYh;4;
zo|a51j@JG|+;FzWWuH0)jYsYGAhpc34u)BqyS%&%8&5<(X@`Q?Dggqzttl{Ot91^*
zCP!g+bBYkOL<V-&hj<jw)FKX>0)ZY=JgUzrSzK_|cn%ynco?xDc7_CjwVZ71p}ox>
zQDx5md7aE$ps~>G&Dt7F(C+6ff2LoT07PLcc!4A~itt|Vf>zoF?NU%_8Y=}hjGquK
zBDlqGxg%;jz-6qj@AV{5y}HBf3h#1QtgN8@#80#TDJFw`$h>H&pD40&k!raHvm$X7
zQ4S=Jfr93Wz7goeY~em&ZS?NkMz}nEWq^Q|K@M{rB4Gj;Ep~R|6x3BMc>C)r2MEcK
zwdq6B*%?`JA`nWo{*K0K=vajDMm=$l0WRNCUF}7{o!JARJ9UeRn{w8^GxZa?nEjbu
zx{uimIiG^)#8F>Y+MKh}@~vR5O@3yK6(Uy}fsdC?jj{KC#PDn2idI(xsCe&TdRBU}
z5pzok9_$M&4Kjd!|3+{Wh`kgrySI%5sBJ6YRW>g#JdhzirNUcOQ&LpCJ_zyE0(-`7
z)@8&Ysf{SSHpH-MmQo9`p^W;#)PuLgwuNz5pLsA2YgNfo6;v6_ibEf1t10h6E-h$c
z&^x`GkP9KO=KJ_*IAA)N7{~4_kGchc`E3n9MNo^^bhx5kNHOj%y+wi%9|+xe7LFoR
zy(E|pqqVM6rY97ANU8Fgd*3RBgV*k_PxaaoXgvun;|q*J7JXm7j+(e^BZ1ffCbKIF
z7^qg(pf+XNhrMZwHw*M!$gdPS-Mp0sSG|+Qre*bMdjgsSE%!|rn3+BOS%AW&+9i*@
zB@wU#M7Jg9<38FDN6IjeW0xjN#8e6B2cE3biv-$;*I@%OqCYt{!y2wMw_y#I0hg=D
zjfu0G;E<`;=-}mLiZ)`>!CXdthaRUD#Mpk__FThk($jI1O$cmDS4jC=VUV6#kq!dW
z^U?GyX5e}iPa&E~ayGU=KA4{`Yx7{Wo9KUtOcDzDM>sXcZ*z2df7++7ej&Ot1KBUJ
zpxSiqrr@~$knk=g9l~mCNXp4@30XT>E005?w|123`n0@;fCj`Qdu!MlgQV-u8sbUb
zA{*bHTUqXH?Ipxw(nu|yYFY|^*OQF&q2LPoH}+WlIs;If`%nh6@_$yc>Hxd~kFhGI
zujxZUUW0a<xC@?XKoUO;xj)b*<kLDddss|&uyJ@KrP_^;z5&j;h%{#t`?2Tan07_v
z&m+zs(5jkOam<pwee{AGCgwi~IR*c`G-za~3mw=oP;^?$a~hxRz$V7V$h}c#wK9<S
zD;n#?$*2%J#*#QljlLRJ#2C!NZ3Y?cv>qn-q8JFFFzL66tOaXQ=kXOSthNG;)kcsF
zW9_{mA8kk#PfV598lI(-GWl}I0rE_8pY&`YlVAzd{><wrTLWyUtN<`$w?3<H6%<Tp
zXgv>oPU;sHzyxpb00!Cs6NcM0-XCzAMEP~-!qQPp%{Jt!B5e-ii)2oq%|vRHS@l!5
z2{qJs26&&TpNwV;Q?P%7JH+upz&|br)#qM`tITJzMUY!4kF`&_e3Aj+y#iJrZTBFj
zEWr(Z4d&IxDFFUU8lF-WA{RJ=*qvOE-34>DhB!d#(&vKK(m&wfAweUD`m^=ByP1cT
zns$H#14MrS51K(^A{Pj3yo4NbGcqzVNhON>R#oeuXECm7I|?%W%+`NIF}b3khEZsZ
z>3%&u;yF>vAJkknFfM3+csHZD_@D{pftEN4Ovpm4Gz{@_=~Fl^WPK*?0-!*w*GC89
z*Co;zyF7^p2bw!|We$sieVPZI32_LAWpgw&TM4(5afq4{K|s~=r;0vc@n>_Vyf&q$
z2S(dWnDV!ww?;;W$c+PBhf^yEcPJl(W-|{(R%%%C+SP3$aIM`$r6OSQVo4KBBv|oa
zbfJ-pNiJc`dImF8*^h(S^F^<53-6^p-q{LQG3NwSu+CHOoxwk}G&1Uc?SE{;l?<0>
zhTx0PbBTE!5?DZ7Sp_^RMBN-bgwsFfl|jSA%{Q~-PzXj#C2RW^1n_pyVrMy+Blo6q
zaLY+i_!-Jxm;CJCeRw5;$e`e;TQw3W<oyFvO%z#tB!spU01KS|(|n*g{}yCR&l<tU
z$IZ(7_NRihQ8aA_ct}^H@YGZd3xy$YXb-N7>Y~U$dd!vcqmVT7!}r|+(FhjVfdQc`
zm=9w4@e9Zew<-KV0bHBfKB*51k=gbKp}S-O0u;j6?0C>4Q78zIatdp9SI8K()tDSG
zsa;iGgFeSjfT9QkYyxOM!KU_bOs(G=G|a(Nk%kZTeeeMtbNW((G1+im%sywO58j78
z4_?p~e`Z5T*^krOHK;i>ZQDdG)gNM}rGAwLT`bB=9Ac*n(DL7>roz-1dBx;iE*SpE
z>Fupmk?J**{VMAOhSvVD=^=K?eyp`MS)@%|?zALP3j|K|8u01yqlgvVN3++HqILkB
z1O|1rLDr_?kLqmTCLN^Zj~@Uq^*OxmzuPZe_+o2*=|a$Z3lDg{(W8VrudNisUsykq
z{0W-+Qk3-V*Tc!kUk_D4e-Rg+>Y1B-iYk83UHXSG|Dz$~9XI&#T^&cxqen5)#TWGU
zj{ZR8hL-xgT$!B?@zEV9XsJA4x3|?RIrpZekQIGa)0CVZ^>t|Id-ukd>&HC<@~VA|
zfDBcS0^0~*;73?>Q3h*w=^?<Md`a7D>{r*}`wMBvRA#l?iwE?-jn79LpE=0~7<{Yk
zt)NA|jYyh<Vbtqh_5Kck3V#DrEg7RTBbv2*E5qn%u=MCtGh47&i%Ig{p2|!ft%88H
zb^W$SfWF2gV&|ixbFkx@dp!vkot*xQ;)B6dcPb4#HGD4z>Xa{LY2wz%{k=M6au^Hc
zUtLD^0^83?gNC$-2wjvXUr=Eik65xFrWEUt^D!BhzVF#02zB9As)bh(sT2l&`tyEw
zOR0G;q0+dX_AAx<6K9BX&#&He&43y?IoWM9>$oa8!nOr!4hKOpmz;ZaceZAfi4+DF
zOLZF9$Oim&sU(5-&!ib!bq+6ef|n!8FaokdpZthKj;&2oEIN21*F;I+z)c3385lOI
zk^PdPHKw(#Du82nbPoxD0^`@46v##iy+wsn@b2NgN+;uV@8HRg0kIEJ4)5g-Z0p%0
zG59?O#z!nUqx=0-RZ%he`SY|#e$2%YKkcD(OG^-zGTRm4WY(AF;r(@7Zb!FdS<H<8
zzd#0^Afv9XPU#Mo#;#{4bX{VM#o9b)4p$(vl0~e5$}tq$v86{f^#R}4Ol?Hq{Ah~&
zY(jtD>8D90>u)kwKfHgY`kxD3VV+sZuYEg{%g1B!FI)~b4(x{uSITim+zWuR?V5g#
zZBSm_TZBzMt92OouFJ*mK@?KBxin+aKRr$htdxs$r?Sh7pdc)XIT4M)1TOUF7s`LK
z83;)Y8iSv)OvR@tnoW7`#MBF_Y%zX47@>rvV|c#>nq?16Gspj&V*HDa^W9cz3D}!)
z;Sp%v|Jb8@Vk*UfU_Dxe(f0qxc9~d+Pd;%c?P_W|a)un?wu99lp+uP5sz;Cd32XXK
zgP{qFXvT|UO30bPYz%1TfV49srVqF2CpQ)x#7$eT<n%o>TAns5q*NHDR`J*I7g$&F
zDZX=Q2n|0Eu63h+BuslAFpDob*gUlAo9r*G*A@)^*Lu@YOEshs*2AfqBm5Alx)W`O
z92e<MQF2y+AEH;i_sb%+6+HIc+{OxNU9izZLey(2ZG8M9T&{${W>#PGA2oMAc5q>&
zAX>?}M+-vkSgmcz2;SP;45%KvqNJ3}Tqh6$FzIFo%+A4|wY7d%f;+V619tNM=&d#S
zzIfj^nEFtbXlBr>rZ@T^qtw~0ac}yz7kRaB%<PX~o#R;hMG7QnJ<GVm-<iL;&ZhiC
z&X9V*&h%1-UzDm51T63J#M{=ma*#oQRIRpG0-ExUYh&=oi|d_5-|!~+BZidPo5*py
z9R){&9Y~-;1r(#>$FQA!MrpgIXe08dN_=Hmo(F(uFONb9!se<T)5Y`6{D|F-9qo{p
zxLG0lTE8ch7qQ^vJ*#E32fewqGd!WM4(GkxsmTZeUsVJ9>*Z{!V4q-Dnj(0v?1LcB
zpCtqtj+ydD)gc!WYLtfHwc8awtG!o(T^=(eB|*O1B1F#Cq+~c`%gw_BteCUaEwL$4
zU|I2Jhdd+iPnbnAKS=x<saIaa`<lvSJTHUe4bnYYD%7L%A4rHzxes>A;S9gk(ijE5
zMNU7-h%+18t2A#x6+8E(EY>EuPn0gF>Y57h?)c3$6mvkeOIbsw!{<ko-G159T{mfi
z<-sBT`dOJ{jGQ6Jbcut${Xmm(x&|_Yw1Bq-_?wUYm7!A?OOKWygZDT5+Js+-361}h
z47pxN-i9MLC?Xb>0eu<bwXS$Ss^KGlOvaGkcuZw?V2;%CftYn?(iWW;`$@aRuKDgu
z4XX~!>s#{jFq>aN*kUL%V}ib;=p)ja{JU*2cYe96e9RdYwD2~>iv+3=p&@};ZD%11
z0jr9zdKdbyo;daaosZ&GX41j6>Ysiv_p2@p=aV)*Hs76}Zw@&y9@*P!5lh|{7Vxfx
z&3^jpOQ>pTX^T5dk-fEnp)$B(hSel(FjX*lRR)i)CH4|_{RA?qnXTB~ddBxdo0%6o
zYoZ@nQ(-+tQMzxHjroNh+>qe+k!^9eEl@pkL!|Rh=e!W1RMQ9yt;dgkf4Q<FX~Rp<
zCHwGj$@di^*1pw!s6S!;j{$@N0-pidnf?qQUskS#bV#ZT^`bS%n$=eAK<b-r{RwK0
z^X1!<edxa}PQ86{9a2|x<6_mPJzjbiis#(GU5)~-4ct(B>F5#7$=)oN{BLJ%;Ya)v
zo<+WixetFXjxk4Cdf4XGhZFz7sB2aP8MYp|cUt|>2eJ|axF#4T|GObxGT=aHFhx{-
z?mdYpR^;G1Hk`dTl>MtLI9zerHtU*Ae4OA&sam?bTIh>w(E_Wx2KM%f4>cmAb4nI1
zV$;+|M!gqO=T5xcG4QCec~%-y@mQ=rdc$7cPJ*XoTxRqMcaGWDXP>%ub3SDE`ILG`
zt}LA2SW<V3>h7I?k~H{d@VT3g9K9)QLe2ZF(6JMrIXZIhdoJp<G)izByK8K3e<t4S
zKOL2hw2nKU7c0%w-lj))HcMJZGaa8ToN~RT``~8Z6~}c8qDa&mO&?|BxMLY7kIdS(
z(d&+$%et_3O15U}N94rMtInT9<zMp>FA9V|U6vy8Doc4(EO1m_Td;C$mFRQ&sq?CB
zE?x!AEBB#`b6oAbwOZ4Ezdh%y?RcOHa*xD&?pn>R9B96dJt+hB*b<#-Ok7*vx_fg;
zO=9?*pWv<kYR+7Uy$z(LSJ3Z;O}b*mpT?iBY5%=*kf%N@adtHL>}Z4dT<{}SCXpEb
z-r!R6*^u3~v)u37{OZP*8#1pJ{LQEe$#uUiO^-Vw?hs$qZr;DyeEbNU<Jrwkd#<l@
zBJ`0;dDNNnuRJ-o%a7mc_RteNt!pIG_JSfqekbGRGXL()*7P~C*xsh|Z`ATK?_Y}3
z@9)AdG&(MvdiKh5^LF-;vY7YX)s_)Y-qlf3F8}l_a{8L|<b}UjqxK2oFfK2qoZi*j
zjyF%45?ii|p8OZ;cKw_FpQ-h{lcR$_az*L#((MkLD~&JQgK%<BAji6HO8yp;sTL0(
zn7;i8o_fvrC-H;7-Ye)<r$nX+_2r%G9pB`;RTq;!tCd~z6BRU17Sv7V&{6oNcfN*O
z-}VUfT8gRW#|cqA&?kEF*`k{p2@wrMl11@dzQ?PLN7inY;6?1uyc05sYvrENo4)`2
zslxHH^R>8#lNY2GYQVETpA8;g713Mx$Q^3%?sjQn=<+eODD#Mh2$*z&#@}oC@xw<c
z=Q@T>$u)02*!QnjR+muEtlzY45?wc{^O#fr@a&<7E%@8G!!8fkYOI-asm5E0W4dei
zv&uxLk5jL&A2*T?8~J%o?XsS_)U&W_RlhBt30?5#Jia@>5G=(X=p}fn!MB0;`k;OE
z!y|8s#Qr7mHa|;gaC&Aml7bNZK5}`(+BH5Qjc|;8_c>=qg6pK@E19TBXye@@0jIbn
ze_VJgf1y!K>)n?I>XYLwdZLxb?1Nukzj^7`mtp6`(1r5&yF4%CkH^q^KNAIg<xc+m
z%ej0U*Yx#d+`G1maSF&YpFaG$W`D=1>e=*z^JG&^IZ?hBui{MqU6ma)y7&gnbA{0~
z$*T#A*|$Eo>3wI{`<VWBo<1H$QS~wPFMkof%4@Iwk<D5^GXHCS1p9sRF{hq=t~KY6
z__ZT1gukvlz5e4Kl3{<W##L+XqW<YSvmKuTh|9I#FIgDM-3~0sd}%a)r3<?8V?Nws
z=x)<`d|1PHX6v8OgbO;uTw1y}4vx7*9LS{<J$!jr@h*Re{=NU!?>_GS7OIl*Zk&0e
z_||dWejTXZ(?)I|mxmrMxA*Q13!vM>89IR{h!4sPj>2_D^u8Xw46o<5)G@ojoAW|E
zy=7T3NdXlq^7?b=t<P%H;nrDrxpREr_a7b`ay;gCt-C*FE{?o;jK|oAJK{|2o9{1?
zJCE<KEX1X{o(sHPnlJgtrbkxN<N~oOayX;0J-lkA=UJxymv?IqLVue#{q$`JH&#r}
zsc2u`T@!x-b(0(#Y*2q+=VsECWWxF4dki~&`9y5Qp88Vr9r04#`@#Q}@T)!z-3pxE
z2Mr0&60FYA?o})`gmGWceEPj=iCezoRJ)o*DD(wQ>}Kt)2S;o#U)wVkuUh3EcysmB
z!v}s4;iKn98X(ua_d}&Eqrb#G7q-c^T<}sMUezZheGhFieA)5yV)*Kx(O^Ay<GS2<
zts+5rtpwMaJA<G4-zMF?cOg>aUU=@4%Q3|pA3}3p*h)T0jq7pz-1gG`VV&%4Wv}+*
zCI)BB73^o{T*9;i&`ha|8xa#nWH=ppLh@TU6$R!j?~g7pf7CuOj=PmVb;~#FOy=<|
zr(&t`>LWf}?#e$Tn==#FE`Rkh@zo5KP=bZ;RB$V4yF15cb3D0n6#VWiCf-!Wdbl&;
zJ&{KurtMlfEWZ4F-iu4g#m%!Ef27xRQ^v1*>#0QDx_sy3Zuk8O%R?p2m`?-O>@>qp
zyw~Koas1OO-0@Tc#I1-&k7c44UP(S}b1Y44uQ1ljm%Ex3A9*Z1^l3cnf)nk&O)c6o
zRc}1Djr{S;QzgagQ|A*f3q}vGs^hbRNB-k7{!IMR9Dc5(ML+Jw@KXzjRGIP>&$EEu
znM?9#)(Y(l#&iNBJZ{?CU%S!^k>(N;8GW9hcFs-8Qp?q-gBq<cl;9*4ttIg#5=zB?
zk!-np<0mZwbH%YcQJm9~`~8ET54*<}VxuFDoVeegdB3<oEZ;TZnfVhTW&e}bQ{p_&
z&PM#$;J+#L%H7c5d)JsP<lKwL56^TcB)QwN->NhT4x5y(Uxwd0>pb}8<E3*yPo`kc
zBs|a{cy*_|leOk_{1W)k!|%J5nZXVs@e-Hw#nPX81OuvexRm}!m~s2L3pOX6m(A`M
z>10(3vg$i7c3<$7RDFmqt>_nu{tyzu7kw}<ns5a)&fWDZ$yV#Jo#U^PPjBB@y+3x6
z<4m;JyXs^i6{jE3S7l6p7(6Jm()klp5&zG-vEZHKThGt+oR40*2<gc<{jB-=iq{VH
zU}M>hRZ+Mv-$KF7ul*?)e895`d9r_^UW={&$TftWtWtfaAW-otFYjrmpRLCoWy9YE
z6FW~rB_qF_>u}Rd8awgvO@CxOb;c(UyfD_cE{jEZjMxsmGA(_DyqOf2eFGW#?@otF
z^kRES;$Tj+)umwb2)a@jbn#a7t+u?(F$)<TY42lAW+lG*_pik4dP{#UwmV{W?lj*u
zk^Qr`;S$Qvp5|UTQIM|dac$|+P|a~(H(!ek{WXu4>IOyokEi#)IA4}(1DRcS3Vrom
z-nyFqO+lm>wffWO^|F7~`r&IjYI2qc{n+2}ulD4}T+1&C)%`sGm+wSGb1mz?wZ&Vn
z<b?F(ZXUzuzB`fTap$HK^7h-`$2mf04O&#c^W3wjag&{!ERwc8OUFPB``^F*>&q^K
zebYg)D`DTTHb7;|Md%$F$c6>(*ICwY=t%Zu3uL6?efV(Bo5_+XrZKeOyHm=OtKOfk
zxLnUacQYr~(*TtbJ+ff{KBcyy7yC*)w_S<*nMJ&VV#$y2$p1_Z6gq_En;S646V)Mt
zAN-Zw^p1SLaL%;%LHmiuOODGIEFXv!Ja(76%5g>Y^G8^GvbF2Np5){mx${<fr#O*(
ziq6ZHa{_N($~K+S>v1J&ig=wza3GGI5j$@RTlJ(_e&pYXZ7==tBb;n_=9E9o(aGg#
z)SmIp&4c1^u4d<7v?M+%KML2Aj=$OTD~>AZ5G5<~_B&4G`-AoNkq_vn>@k%pt%5sk
zR!cxT8MD64#H%EK0PKdHZr?@Ar~cMIQK49X(=y3>bL0#)od{_-ugDzdj?4+Dd$xG_
zfm;;(PX5W&jjcZ(?^Nf(iah)cZ|we*zGz6f=Eql=8iCk;@VxlK^ks{5)eCnzr3PK?
zz=@tH_L(#ZwE$mi_S4Qz89Q_JW-;lckFRu|=pA)Du63pOQWbvQSHI$6@O@4GRM9<&
zbE&7!U3&v`RF!WCxrG7yE?0K<aYtj{R+7<z&q;sODnEaMw=JJmAO&hB{8B!JYvsvV
zGEtt3D74QzA%GFky8A>f@2r-Pb9&#@+m}AZUS{i$Z+73fX(n)r>K7=Uty?TQb7l$o
zJ@;0{e`SX#cv3{<a=}7if2n_-!FfMn^B(!`&rh>kzI)eX==jCR{Apg-jS>CpZQoQ8
zb<*<ajW8>%-q$O;Z?C2Vc94I6Y6}}JxVjfX(GdRQ@TSd-P-;D63%6<4cfB;el^Z>9
zTDKancly-pCWBY$X#(f?^WC(rj+j`A_un&-%D=*?A8==+g{Hoy$}Gq`x-R1Dy0&4e
z)ak)<Tv??u{{(w(nvikzV;_Mx_~FW_o?CI}3r-7Pji2E0_>NVt<6YAa$4A^H6}c;C
zA#4TyjgQ`)EU|LjQ4{`jakf`f<GRiF4vBMoEK?=D*(`SM5t~o0kGW^`FBFwbWrkS1
zK5HjFd*N6_V($h+(Dd{JWaOKH;DReV0{-_u0|l>G<uZWj^#w>y&eg%mWwiBkoB|E5
z8p}zdkz){<*Qhn8)IoAk!vT#w@eBBqS6&#jML)VF$)WQiywAyS!OHy0qn4jLt}Q=j
zWE0}wxWLc+7~Eu((L+A2yR?2eUG0J{Sao8IsF+`%fp#kwPQ2h@1CMrLm;n!<vg0Bs
zN4HckrT!Jkx+kgG<J?67gOkI>7gIzb+NZll<C3+$Plb%gMS4xT)ytS~U_wpb1X*6s
zl?c@Rfyg&_>RN8ar+TlKd~N+!Lu4|Oo5wVpn0p&B_WoyP-Z|u5S5cL)*#gJ3olw&f
zj~cd=E62k4A$iRE032nN_~rUZgreGyR<G;vpJE+)!j$YzimT7t85i`Ja`;}`d&4!?
zlIwL=%C%wL&pVJ;(ej95%HqTBa4Ee9%4w<4w-@T7sedHd9j5A^7ayK$<(XA53mK5Q
zo^s!v&-pm*bQAF@rvf5V6l0ypc`<KA;dSADojY!F<^3l>=WhnjUytKoF=v35Bdd_f
zMI4i9{)HqVIbyYb{IMYeIDxETGUIgcShib&p_;we>8d~ma7y3(`jbjl+7;s5Qyn*_
zh6Kl2vG&}mAM;+*BlQXlf!e}$V2RlVk>#|S1|AwElF+yhU;G(3BRNSRic82aY#1cZ
zIeA`<4H(W*^9A1E7Np-Zqx#IW0pS_;SkAs-au;wK`8(5wefWa}Nd$+V)YS21)ceJz
zE|hhveLZG0W)$1ngw-t`CA{W#Mg=_6HTJ5Ddoxt#YJD=y^8>GpnyF=C*}&>wu5`X&
zW7U)b{^8sb^HW<%-yx165;sqvzK#FWyLp0;PgL#CF-uh&<)C~X=)epwb1G>w-RvX$
z4U7ts+(OePza0PVZJfVcUuz()EcGNz^;Mb*7xj7Ox!l6X@3^>^htp~<LOGii2IlO)
zlB`ckX`i)Gj-||omxs>%y>(#Xek$&~=!@+3+<w)oS5fEek`eD$j$_WB)xZ4o$H<&q
zA;;coAjZ~R*#LA__xSwW?)agl#>Dj#-Jey$n__RKk@!NAV!pBRM0^z_{uPd0R(i`f
z&xsj=5l$_T0hO)Z7zZIc<~fcZ4L;s?I0pLvRAin^>mIZawugBLov?e7VD-SsSqw~g
z-S#fVI?`@9zRFJSPTH$&@o`rXt>=GFTNVr`k(NZHVl$GXy1vwYdU#3f`b`LznnwIj
zp#$!i!HZVMLQa=OAI+)N_`E;CoRfS1=cZ@|zvAgLkGg+*j{kX<lB4|nmTZoAo#=R^
zltuH8fvb;h&x}nHEzfHC6+3Ie@0=QXeWtm6T|nhbwN#}M=fcm3>kH@JPU&$LA5Bpk
zj<yIDUf!=2_KN=ZSv(43@^(+omaQmPbP2<6;$`qv(GGu7dh6Ib(V=T@OG^d1c5(t_
zLtWW_Ehj4*@~<RX{Ie1as+K&mTQ%J;`bMd#na8}&*XtVZowF<vIJx#6?D~uB)4YD?
zo-5qn?xf#*&1co6f1ve-@9cHQk2=<8+}dJVxK2YXmacmr5eYUv`iuDE=&W>=mI?(j
zUVHGX%F77|_$7tc@se^MKbCq$^r7PE)ia`&t|vW}mbNAmjJ&ifUV45ldC59bY8?V$
zY<oPcV17NcBT>oGs(r}(WL036Z%wy!y<#VMI{A&G*X?Wf*ao-dZ<(b^R>)u-!JAag
zzh;bs*Ae^67nbj%;`8F3_|zYH;GlTq<lc*`%BGhTFv!QjmZ$Dzz7>zQoZ!|=+dRtc
z=i&$v3|r&XGavjO#`=>`cJ12r5)-jlnVVKcw`9C*&(=8>OR=o`JyOUXx|}B!yZ^yn
zeQA_9RPB!c`b4I@ySU(bS_g73Mx*;2?UMOjyxpxTJ7-jB?4t?|$i(meetGqdhWoJd
zjIz?Mz1l41K%3clmg&iB>~d=L%g?vKB9EmHRpi;}#Bg6len&R{GwS`rGz-N9hW2f7
zBSOFad+{ve{kZX)lll^wd;Fch6x5jK??irPx=0wl!A>K}tj7CP{;YXaB=Y8aa9E1+
z8O1nE9?>sZdi=MdNz=0I(vOmNEj3~u(9Ej$hA9Qu)dyD6f~tcG^9Ylu@xOM@kBx+0
z!1X_7c-5YHDGg#cUsKobpMQK`TsSZN<-^;qd2*6pZJs!rJ&eCs^7H$zpZ4jIWrkL)
zG!5Q-ao*(Iky#8n^ys*$kmkrav--X9Y-P*?nJTSzla-!DD=rhBL$KcKZ_ym&82i!4
zabz+)Q?K*&l*&^7ko511b+_9{F%#B-BrNMFOq&z~)hvgayI~4Pz&1HKmrF}`Gmnnv
zp<X>6QS15liL#ON*k|O_Hvh(tEP1p2mdU7=KMS-AQIS&`FU8KbHE@qvzkJ3`d`1b2
zu=u4IVm8|nza;$kMygxsd4)5iPYEuA<ouMZ@M-Q#?pN=WjNW-=t-#w9dmi@lr0%ts
z0Vzj1emP&fQb86-Z;COVwf(vZ1b;nte5fr^xT^YokK^~6pli2|LmIySc;2=dU2y;7
zJFIux$yRiX=i`ftr|%0c5>E%~99N+plS4&;)gB@PnqJ&FTCbybr?7LF`gBCrbk8J>
z@4K?{l)7}oMuJV+7ps={d%@qhA0*1@<u^I?h{Q5I6~5%28I;;caFtXS8}WIAh*NKx
zUpbO~@5Qi6c0f|(>f8Q&v#vl2O;mV(nt#!$;mCH>Jb#P|{lOX^r}nK1$XS_Nk5+4r
zU*wf4X<FHh?=n5K+p>?cNA=6G-rBrhOIsj)mDCCEx3MnT<DNs8y=H!ewt8h(tG1%A
z%MMAF#HF~3JNv~b6YH0w6?f7_st1lR7lvBoq#=_2zss#Go!pDgPHlU0ay{n@ioR_W
z%^SZt_E|5bpfAZ%=krnqWAfoAOSpT}pmS!+k3>v4qwe^8t~NWvpbbnCcc^(P#xd;k
z8U0`IBi$R{bD5Zqei>W$tIzj+Gc^3|KQQy1)s?<JhGl%<hqb@g`TF&mVjL%J(bDw%
zVp;F$?w|10OeuPULP`yV;8MMp&5i!V%UEmX5>o#1tc3pk*Eaf{bW@SCOcYs>Pd2xC
z&~sc!=h#u=wUIEV*E_Xl)sH;+J`_pVl)-221rTWwf+t9pVZHMLuTCo$`uVckzmaT;
zc3G=UAqU%ifEAMMUTz8afpC)t$umTeK0vAnu!5mSU9iARTah<=tht7xLFAi6sP?da
zsJ2YT(Su@34I+!RvJX&qJvysASmq)1LI7tC+UIaRf;oHK_J+OUf8%nvIfu2LvmX|o
zK)&;<uPT1{trimT*=}4qx}V9@rl`;o^s*>aGO*io^GbR_S;&n=!L1!kaaN^!0O19}
zF)p3?7w?P{s%KTB>*~weY_~yM+QH**J_Imy<E5UCM{2ZhUigzTQiksGxSN%8`kL(3
zTcufDpY-c{%4IvHK?f>h^9Owp05RUAmd*h_b*~=(2`dnI{lDvqNkxeh&4yD+z;1sL
z6c~e{FLqiEE$0frbVQ0yR^fAtY*R2JMSXphqx&o7tey&>rfnMg;c(Aj#&-MZ7*M3T
zc=%FB`=yUo=<QrbpwUyL=KQRZyIZ|%x*^HW|0bpD&SeH!yDJWI3DFq`iMO%8yt278
zwy6D*b?$Ax@WI|jOWFMjX%0sj(2Fyo7jfhE(&kllLgekb;F&H9u3o2E8$I4b-k^SB
zlTryIIHk5a9SOFIZoR3Ya!&KC`(1Yl=W~GAdV61d6ubgGYkk`wTT$YLCp1FZ^eGWh
zd=jObNx0?mYDqyZ`l?T4q;y#re^()too|q``X=X_xBO+4z1+}Lpp75>Dt}3_!s2kd
z7WIahl-muTg?nVhPs!kyIzC!__s$%<b7|51?{mZ=`K$i7NcIK6#@{)9G7Ddm?gu(w
zCssYzxA>DL*kk|m*PqI?10Aa^$qeIphl@q#SuM0X;sESF6W4vitFE~sQT(xZ5#h4e
z&!75tX9@o%6`m5Ev+EB}lrh1RjTOZXpgvos2A-jxrWEhJOnTj%pT4-5p;|$^h#n92
z@$OGOj;#rq!mr=Ys5_xTfhoSU<1QSFIS2bD`_%Hh)b6rBI<7v3ww`LPc_M$pA%0?A
z=TcMVm!(@qzg)a)1oad+dva4H54@^@w~V9qZa#zQRRiy&AJOuqoXIJ-X(g}U8y%0m
zonyXyGa=q|-VI~SrI{FcG)C#v@8a6}T50KHysc@EKeQMqtoEGrL0LNWZlWFBxmUK{
z^lpO+{bg#jre{KEJLPrYh}Bws+}_AcYO*GM*9O?$X$-6TtTQ-LCnCZ+<qO-s-8Lk1
z!4NN-goWM<1Dr012Go5xd(ums^gi~z<CQ#Om6B?s!Q!a4r*RVpZ{LJ!S4x@$=2w4O
z`o-Knao4h53a4f6tu=7>mGD(dH;6+l#%VbEB@R7-x7^-4Q4%Ghe*g)Ws~-_^g1_hI
zKj257ICq)5C?1A&Sna=ysGH2}_oQAkv595gwb4mj$UEau6IQX?Cbr+YFF&1Ud<jD;
z`6bq>h4UWLOMr5~!24Vo#z&H8pUyb$W`9S{1@<<yxNj9<1AkeXKTnV|Ng}*OU-3S3
zQAA)w@cXIQ)PB^Q^ZSnzGbdy}RLl=5?+sMeIw*T;oK?%)0@a7qmW^?c>p*Xi_sCdo
z%LbR5U$%Um7uvM@oYg`6Z0=vVg5JBQIDkZ_K|8^W)LU~76<l(-!pFpuAzZ9_K`Q6=
zIBs0}uX6~eQ3w{AYv?B!_y7H=#|s<A%&?;WcJ;n316$!P2VE=sd%fM8n?ScepOQtj
zraUR}x5=iYF$8ZqEoxYwqgLN)nx>L*FDf8{@2N_aDLNG7rD_j0!s=5@tn;ko7o=6~
zN2%nrQ<KDI8-@9mCEdxZw4Zm9bFXal87HKwKBV~F7?dodpS#o|iFVhBun8KZO4c<j
zW0O?V{p$+@{6;?3$#wr%Yhq4al<S7pI1k0mgr$D9Rg`#tqg?mzHhvE6au3yfq-xju
z3P)*>*~(0JH(BzSvKWe#e1<B^_^lzP3chag>;~n00P<6JdAugaQKMRC(dx2?s@!dr
z2}2Vy>OC*_WaHrD?O_r%wpabQ5?lm=FW>RwV&6Dq$vy78ug!Wf&QcR@1R0|(6W@>?
zxc#Z?y4i=n`jioiI>F{qIritQ$Mxz(PEptyActIM33$ol=m(UDfG7<jZ5xLztr+|Z
zAek>K0nr-ii_|v<Fl#qDP|sYcz)3V+e(?9e^7a+{j}LC6Xf5mYFMU8DA8v(#M>17F
z+alZjV|Uyg{h2$<jcmTMB;l`31hw9s4mkz|Dgo#7oEO-XFq!)w09Zh$za@^dcZh*3
zVZ50n(+$VDyu7q8S8WlEoRhcC6%uM=PIXBk;Jw856W`iuZQ?Wh2gbBptp}S)kc|1(
zLFyhz-P>U4#AVyZ`z#Ld8&gahx?!pYtt4=HEsPptxbQgxZDo9d8(lXYNrskSY|=R(
z5g+%gIQaw=&Nxpjb{6qr&tzGuzWRzs+=JTNUL0Gr2dif#FokmP-a$rj&pgBI%eaX6
zqG#=h5LfdqpJ2!UTId0HDi>C=i(50Im?yn=C$E-YAeBu=R(o?G{7*o%wdn^JEbx04
zW_MxQ7lDZKr*exyVqy8EXQw!Gw6-?g8&u3vf(a%g=8l0!khMsHDeW}QMQ`CzAw4U%
z1Iz8s3wsJLoUKjAg+IVU9V-|+6<8SrBlyc`%S~qhndtGXtUiyuD45c=|E+g3TYgrv
z6IJ;S+kCXVT#y=DUN(g}0r^@5p@;58Fmh$tppoqY>u?MFrl6}29)L>alBUz3$tGG`
z`{6?1dTGMDULa6LkXUD$neDN-;L%0EFRiVA1@QtfF!p&D!$w5zSPB|4&ZQtX*jihC
z`uAped~q3$g$tc<S6$sKA6Pz&g>G&A1Q!cJRu_7-xLI~D;(m|-uRGBKmzm*S+>mMN
z7uW+{x%BNk6mhBGO-HqndQhM=aYN8%)mU%nW_~Lf86F3?bPF|!6l7oCEqET(XWY%2
zZB9Lk#PTrvNDS}XFC~Wk6HUd@;3Ef7GI@W)%<AJkw8-8ShpSRk+*F>A-6?&Ij)2g%
zzN{B6H~<ljwsz!jV$)IgGkB%77P7^*<u1E96^nn@t=s>fgL&zMcg_=?RQ#UugwILN
z!B}X*dw6|w5sd?nhq11~0p96mb`2_$M%i>37O7;tlz$=jaMsBr&g2?HDOY$7Z>L*F
z`VrGTjtQoli$Qf_ZDMV<hlk3-8#iWXiuncHVyKrec1L)6xX)Y4;BMlA#;t6>;-*9Q
z_NFtXQX^nw?8Y$&PbwI&n(c>E4#ie{J$(-kj@<+i$`6Ym1;~v=P$bHQZ^`2FbgI0K
z%|XPREw-?yYBm*dtc~ymA44r@5lrBL+ejxwZtD6`Zf41=sCAh*s9+NTZqO4GkddzV
zB$pgHsKm8pxkT?sZuBhC&2mW27k*Dg(tYCNUbH7;TnNRUOn8jce+%WyT!g3+QX{B!
z^Ny*Sv`)BcGm|7$60m%z<19+^z<QNtSi}_gZi9AB%3Qc3iz`Q4rMakc5L~UY_<WjD
z=m6WcOUYyq3;7VQAL;j5qnEmXR&=HRrMKk7OI^bqfI89`X<8W%(Go5f{Ffe~QjDX2
zq*2g=WIUn)S2j4J@lSPByN?o(q?YBFcEyqdseEjFvEa()heYBL3^zIM)a_ZTZHrw7
zesb2cUc9iF9!X6VyYU2^!j?X!Bb#mI;WyWvcH3z`$20gk&o|mHSd!wg$P|7PEGcCt
za%D+Lsnkm`A8qRQazMK2$kF+?o|QDe`})nD|L0!tR%Kkf{<m`e$Mdyz6aV*Ke$D*9
zng2KQ|7QN*%>SGD|5uy;>)hrD*UI65nOuKMBtT&lYVu!3EdFK)0GC|q`TrhH;IjGt
z6!#&<Z~>OoSJPh}UIbuPLH>aUliN%Wh15fy8QLlC_Ml;43$1fDJ=TR9^JFCHyJ~uk
zR~71+rIW-z4?2*={YjpTLIn1}p>4@{7@JP8wIsJ>defx*2IK!`50)unMxNn4E&{92
z`XJv;fvHOo`Lo_b){8m0ao-QUlR@CjcfLS(G%M#BE%=G$>zrZrHpfJ2^8YmtO+mSp
zaFipASi(`UV9sCDzzUo|IwfK#>IyON=SdK{iJlEdfv6|TP@Pm%7m?DS4=T#XGE6cE
zOe+?68iZ>m`3yS>+*rp{n#~@zYlXcuPEF28SKSnA52aM}bT)CV7^MQXp`V3k?w8Y*
z3RPhn9|t~0P#5g?luphFVQl9{w!))sfJ6}#bSA)s*I-X|RRry=R1Y7zY{4Bx?gh~Q
zd|o>1*A^_hMnwjpm~b4g!fQR|3ZV%Nqvm3)Y(n(3yd+ESVpqa@Mb1P<5~ac<1~^R<
z7X?kyn$4r?pmriYw+AdqRzTm0q#XZNEhMhqgbdenaPuyG*Cod(MQy4S4qYP+lVZ15
z&cSBKdQ&`)a%eX9I>aG0=Ys16k=KQKM1sx0f@kyi?O|i=Az0&Y02_ZkYD^~i8q7HN
zzskqT^!W6j*nw;ig?xmLRe9*SX>u?3r))o^QCYtCQUD)HJRm@=s9-({qk9t^8%Br?
zhW&Lh>>M#{5bW>bHy8iS=3lof;~M-IkNYX(zn!&a{nx$x8vM7xe;fR_!G9b4x50n^
zHu$eXTQkge{(7-y2^iPm=*=ZyZuNCN6f9SLMTIqA%E-3TiOwrmia|aW3B)%j)t=MG
ze-N=FS`o+7c)(ucgq6X-iVxk-LwRw?`4s;`pR&Z><2+a|6kB39UN)vF%tVp2M0~CQ
z8^SAS(q4t@i1@YywZW%PGMGE!Be01PK?Ww!lGD#-_wIm4i4-}Jb3>3q4f?`{9Et!A
z0~tKP#Zx!9f)QAsvoKFQ6beKsVHxfqqSFepW+!y4w!kGe2d7s!5h+6ih9(MKJOBfj
zOv~Q_U{*W_(aRgL)F3Aj)NnbbX*%dy8TS!WaI2v^CVF_%LcIc;$V~}d!S=<I5->C5
z(-T~U@5Baph{5~oB~UlUf<Y1u8KpsV*6kIiV4#CRAmUG88l?n8Y@-lV?a4|i*%FFG
z_#}R65oHC{4Zk19hB7Ur@&dS2xKtFlQWvs=DO9`pfdNFu2(?qY1+k6FB+7_5WJd84
zJ&l7IeMNr~0?k~4`wKo_`UOa9d-=&^`H5e^uw=|k%qZ)fn<@g<%=`)Xswc4x9NZAV
zZZN>l!T`}^UIPJ=aW=p;vpJSnT{GWofoWcJgUo#`WG=&U8ep#Z<-fW3Up^1JRT<ae
ze=E-``#;y#n)AQ!<=5bU4gPnh_@A1qn@CzVegAJk0#$`d;GcThAb<@5*dT!a1uH<m
z2Otn<d{A0Qk=b*jg0$-li$(`?>xLLo$UQ#C>(*ObyG2W#f>Fp~&M@?K0DOoFSfb~6
z?i9}sBsU9>);^-MjUDq_3Oz>7?badAtP%JUONM`90;g2KYn<XbG)@be2*Mz2Vv|pD
z$(y?An!35^K(Zy)Lhvq5$GF-n#wsbzjF&P5Wl64PfPZ7DBan`vj%h%1>&Rp-o5QCQ
zhQaSIU6^{0gA4c@!6!sc5hH+U6`P?S<BEQ?6u7z$gD=j8?jP7J3E@LGbo@WlBOMxz
zq^sCBHAg!We6Jmf)|G7rYGtSrymgIbzb=dn;Xg!!Vjf<I@kOA~QOSARZtVg65|u2!
z3^-?^FxaTN(ryyD7dmZ>^={p$;yQXL+L$b$T{br^RzCNNm>~CzS^zWQB4`heAdn_d
z98CdrP*f0wp1Q+B>>-s3z<3Kf;fUKIPaIW;*qn_GDVQF1S`5BF;<H*YbJLih>Z)aZ
zOsxF<YTKE(k<)?s*@sdCQLE<I8YORcoKRd~^0m6;E2ZQs9p_^@u1%iF0CL$Y))xJf
zTSNoT%4(O5A~0EHB$0pjFj@eax&jLqn93;#z}$7iU@X`PAs!sheQ-yD9iw4|e$U7V
zq5*PMdNaWc12D5rH{jqYnbx(Bi;TA_WtVu}4*jh5Y{!ivK61x(`jCyBkcr~xNsH?k
z`>7ZtIxGO9bkU?{KL7{?MnAZCyJZXof^i}U*;_t5TJ9fjzga%{Y5VZ!{y%Fh5pk0U
zY2f=jrNy2=v;a>VDiTa+u`$RyexxebV0jYD%e^Lnd20yfJ#$u8oz*sidFyK%>zxM7
zYkoKQ&Bg!B;mIw^xCa00tUOz-#D80F&i}iYUxWWO_+PXBuUY@spnnbe*PwrQgZ}AH
zASF1bxQg+Xi~q{RYv;eSA*l_<$CcGo2)qnIPnqkv{sNclu%MsEEjj~`M_xdo;}9)_
zVUqw~GD;^lJIqbknV#FQNPGfUgJ<T56rr}n*lU>0DqB!0`60P%!xK~R*F&|r3m4?Q
zK741h`a0377Fw*Mm*5z+tVN0NsB(Eef%f*XBTqg=fvYw?f<)@T1Dd-(^|Z<JgOO0n
z_!eOXo4U~N3awC>zLs&VfabdyNKhC&jlxs{qjJ0*JEN&qx!1=Ba>iT`LRbT&;YzpS
z*4U|DCN==VxU^8PA{^L)?wn`>6WTYMGCzoTfQ_4i)rY>$j?n9ZwK{{g9P<&X0B*p`
zI2eOlAQaUdxWSdk(UEOXTunW2u{n$KGC@RNqNEqXQ;G+ghz}%yY77Beh8R$wxCI#!
z!W*=OxN;2jGYCBqMF^MR^2B(`W0%ldxJ9gkmJ$LJk*sC#N6p$tDl>><0SYc~Ijfdt
zh#S)RRWMSVhR`kYssQOF=DD#j>w@cIX&omXIny%7T!gC_t1%JDCWy!@cuU~?BT7&q
zLK7}G71Oavxzb^G0s|u9aO_MGA`8rg0ns!HFf-I2+n7d3Koz=X2xNtq65do@j!IID
zrvgu%G=Z;eHV8ng{-3=sfrs+@{vT2?T4<4|JftFH-zha1jAce+iwa{5Mq`GVu_f^-
zl~7uwluF4*qD4i~MoEj(BBfH=q=-t1i2nC^W-*r3=llJ9KfnL)`}4fM-#%vMdG0;;
z+;h)8=lz^}4wFNrko&=&{lG5rU=WrN#5M4D3|bg$`zhcBVTGC*NI63|29!k$Lqv?P
z9(XI40`r6|fX-N&+`(B0I5!(+qA3io=&8dPOTYEg%MVAvq`<Ll@QVosAczV_wgyvK
zK|qXz%sdvb*=QX2b$~#4fq=4^+$dETje~Otz~{6Dx+fT3KS<b|K##-Aoh=mZIpjP7
zRmp@$OGc~km8}!6Azs8Bca3paU=h=S+roRb!oLYwIX~0l7&Ib>z-j{m4Btqn1q~KX
zjDa0Eo_awnd3Z&`yaJ;G{|#dLa$_$s@M{vF-hm_phr+rG{>m2)w5Iul(!k$r<XdF^
zfHY|WDGuX?x(o9Qd0W7zAI5Zjd2_*`vCw25$JxjvQ2PxPEH&<HF?b=uF{xmq34-B%
z-g;K2!vhTs1OtJ?65(0qr$k_**;IeP3J!9Zo#8tOyG(@O<H1%dg$CRpIIxyO9w<C;
z%xw^|XCpl4t9#x{EDqC`%tnJz^<@NL5H*PV>IlyK>d!#<43uSGCJE!(PDCqbH!KO)
z8!T%@BoS~HcuOKreh5Se=j4n9pK%V*A{QL|3Ga#{@xwu#z}MDT5|-eM$2vilIP@YH
ztUb7o1Ucg!i5LjC*wKDAp4+$u-Wl9Obb;^={l3INc!Gt!3tZ!k+oV0-0enB(g2z=X
zmoY>P8Z;o>9b`dtz>zHQSbMz3Ah$zUOB^6*zz;yHxHy2vopB@wJOLgZ(cBgX21Z2V
zfT1I}4NtHl4SZSy=7j~GWZ^<^a-NMvgoOZTfUx$~E)H0T=mcS1oQWhHGFYM$(h&jq
z0u8#dAUe8}@YXiYV5FqpzAT6YC%h$&1gLR>z^#tp^K2}aNv=4&6XZxFff>N!oe=ht
zaCle1FT6!BeMD|kI42C+5=$U*dv|drVFm4B&GGhlOTZMsakx1L9G=MKA_3gy3>enu
zL4*){tOcG(K&T?Rpm8wUEQlo1Y+UcS!Ju56i12>|0@d5~AoM{%svK}m4n&P%$iENd
zFAT*Zpua8;^w-hU(So#%;0Rt_{bA65`1)(t(D?rVB=BGAV`%(e$52ndAO5cce;CI9
z|A}jZBf)wsS`J>+WAQeYB=Fx@`2XUf;9vWtU(-=2jl*DLaE^G~9339vf_vOys@qV=
zF^49TY}UpqE>uyPj$Megr0+YV7Oy6g*Y&Qa)<3c3bn(&R*u{&TlivDZ6P&T$iu>2?
z5;Hd!e<wjRY)jSEy|`d@d&C)aLq)~+?af`UUli4v`d8lUsyz4kD>j|oG5*Vp=g(%8
z{0QwBFS254k43EKx*t**J6<dhdrLi&BT-`f!%OqvQ%f<aGjATQ?#%wN9cufEdi)1_
zlhg#8tFn?wGvjJco$e}kc(r>fBVl@mw*pG5+$u9aD=X{5g`TSlF)7qXN3&W>w_sJH
z;z_ou)Fkcl6wR~YB{yVcU!~~SUdcVvJcoF;aqaYsJVvE4WsIV-+03|`exJ)X%71Qc
zJ$LTh%IIi2TU(No)8)&Tw_B%BH|1~3nz;%mE^R(7hP17y;t7r;iaK#qO4M8n<@T(?
zI6GxTu(=e9B-bt{QYJ1-5vAUUE!%<qv+NR9Jm~SMoQw?b>sx1uh=}~?e0Z_-^XJ5b
zgiDt%Pj9#w-SxG#m1UcA#piB-Uh=%w_)>50Byy6xyu7ZiZuj@^onPKfoHXfmLqm4e
zyZfdKBlqmm+G9RnF<vT8N+<1gLc*VK{3Ok<)p<>s@G|qR6iVvJYN>;(j!zMX{+#1@
zEXjiWB{Vd&;r71v_I9GJty0{n!ooMNUt^Y@(V90eowVZW^zf9Fl-I9c*RE(f(kP)~
zS>4pu)6*kMIq!MQv(@k9w@Yg!{Z2lj8yM>AZ=5lIMd|91fk|qViE5W8%GG$@FmBiy
zw|lqxg73jST_4!Qy?KZ7=!G7tsJEP5AA{?(DM~G8H6!2LTzn+e@rIOW($luOHDZni
zQFy#W`QjJKs95dF8#f*ohvx3s;fBLqxu4_Ia5Jsy{{1pzK(5<f2RpkbXF@1;c8RA?
zpPt^dQ`djfEBTRLXf)d6!b;<YTDpOoo15L%gXOK2drXgcp5K+4Dl>Iz&cmi^wM>im
zBT(f5w|3>#{a6(f8L5vF-HZ}Pi9Yu`nRWbQAesEl&1*W*CO)F8nHK(ZyNxR4=Jc@)
zF-eo)=L=n2suMLYsL1rZxV&Cp?p8kKs*JkFq=^&R?`!fm${RidoC5QRa`f_A;9Y{!
ze(>>QaBj7Sv$LM>H7Wh^i)4;<(j7H@KVh@0#!fSGG?u+W?Cxwk%XxRNv#m+m{L`mT
zpBru)%8m)ko8Y|CVr52(^y=lymnf_Vcy)A{zx2HcFUOVy`OiZ^s5q(e#g~m=*Sp-@
z)Ai_8a$WI?Hq6F#TII{`W{j4|I7few=kDO(fWFY!*!Z>OscCpi?arOD<%>N$9+$2e
z-Tt92ru}Jnd(*=Y?;oAKyl$*h*_gyDtataa6fM@(w5giaOurJAjz+!Tq)-_d7}yvu
zJ=4R(gT-b`N=j~@VL9UL#0o1qL0m(Vxy!8kb8YPeeCz&{MYbaE^RFAnTgXz>%O4jk
z{}Ebm+nuUDUT%!s6I972vH7#s&6Qk3l9QE{m6I!`R-_geo1k`Tkyn>`OSR6*a$d=P
zStgNNZ2}fVUS1x%p;F>PNXN$)85tQ{w@%0peIMMMz=S4yCtX<+s2Z>Rrnz}O>-Dv+
zmb1j{Dplg-DO0?PSR*O)@Oj=z9!rjd*PS;rJng)7B{hvzIX(Z_3{i@GYLV5ei~hu~
zGn46)PQ6GUQB#rqy8Ysh=+l{=kIrRy9NcXXboj`T=_Z^*gzV)30oQKdRxl0A+Zhxb
z{PEMPtLicpJGCjk?$1uqoK~&sd3HWZLQ&Vha^8wB0fB*sOYXM?EJ?7;NOC&j0>zD+
zF|VWTq1VF)57w<;9~BjqxKFG-;?tEqU@6#Ue%elT58gelZWJm>8-LH=-%Dc5m+88G
zsH|y}uF$GmV#l2V9A;Mmp|!BE7(2=$BBJBLktLa#nO$F-<z;0%KHpxje*Jndb;MLE
zeydSKRC^0}+MdN?+1jEh7)8Ywm8Ks~Eyi5kG+loFic_WDX9%LPwu>B@P`!n@xjCKw
zK26s@?0wDM2M<zr?o`=%`)+2I-42G8jkRh!sx3@h1jYIuaouA4(+N@;Qzp6HKG5a9
z`9z+^(leXW($cnU$zT3Z0~Nnv!&GgbvNyMOPo*d-D&q0@uJ#Y3pU6x#TiNlvbd9=9
z;v>2S1~bhx>^<Napz-T_2{gK~Dw{~$xn`1%ihoB2cFo?XmZG(iQyv>=qe>DcuQxvJ
zoiu%_&3fkZ^odH<4-E3$*`la8m8^9w{#c*c@7}$eI(4d<nc1i{ifU@P#C>Mc($XVF
zjj1`!R46wxF?n1EB)a9Pwzf7<nbf3roZ|f!>*dCbvV8}Xc6;*^x5bM)s)!4;%V$J9
z7tz$ze2ZV6JpIX-@#B+|lN+Xqmu}zgP_g5KR+^Z0u~zI?>%hRrsT$K~;cFO5PiK!*
zWl5U9{rKYY+O=yn&wtr^?3gBsUUwn-Rr$vK`}c3zvPIYLW=%c?JQV2c><lJ?N~O~2
zdBvmm5Zb>~5gXpTk=s~~-!>bE!{yv2X6qeqZaO;NGw6j>wjN6STlcjs_tvemN*cQ<
z@wD#FyRTm_y>&fjh5;r{n|vr>J;NIt=3$0fTFg;ZR4je?&@Gi(UX$m3a_iQu7dji&
zwq4g-^}XXlbk{1doKYX2uNe<3pkVdoZ_=0R?E=bMV&d$wva*^-!INI?!06^~Pgvmo
z=Lvh4AI%47H(TPQZtpdAk|@!-aP*e7xajfMuboZDy(t#Y*qV}dA{bTj@ZsqT7iKss
z-Dy5u=ecBw+D9|yvvVCC5h$q>f9gcG$@v>dEx4hxjat4_s#=7C!7t8KB>Yg8pd?98
zxG9zAdic(WdAf;*H_FVKwQ==!uki<@%u#u#PTdVbE%V0)=I@dsd3s(5dQuqm;k+RP
zdDk2#0}1=~?ORAl$O#N3sk^&-^tfp|_w0!VS^(%-D;%y!?oh&Q$aZS^LUGsBKd&qA
zNHs{^t}io1{+MUbkt0DtK?NR|NvKmEK3V~*SC8rLj2tifTwz9wyz~oytpKS&|Ff6O
zj?`$*KUJD$&srZePwZrx$*M<V{ZWbs&z$K18%$(m<Z_@mPxxL3@<}3*E_A$1^xqd<
z=yh=wD)_~vwXw0WTV`6fJUhQcylqoC+1gIiTvn0O7Fe-mX4cfHv#uuZsBd_fy2Ef$
zpvdNB70TiZl`Q4u8s(=<F$#3<I1@6WJZXdYxUZ#Wo*peRZZC6|Ks|f5t3@ex$Bu1B
zk0zonecuhn|0;RGCOQ4UH#Y$@(sEsotZ2;1Zn^lQr(pTRp0;B#VB4c40Rfx;<&K5L
zx-pN=M}-4^EnS*^p!3Q88Lz_Zm?8NgO%KjF?ADkz-{bN9`(g`4;yWyC*5p5!{4#}o
z;MA$3r@k~^h%Q2vUA=0kuD-IRwycOfQEBFgvUktReUhYJri(0ec8<OEvMyAkOm=k1
zqD3Olp^DHwXE$IC4Gk~0Jy-&EC<U{XMh&&TI?+Af8mg<SF9OPd2G|EE-m@o2OV%oR
z#&iV*FDIvytoj>3yR2KgR^p{<*TR4evNLnHx74~H_q%m{->SJ<X}d(UVn<PwlHBLM
za=Qv`5=oM#q-&$SM|zv=X}_PdCKWSPd%0`6tDWpCb4-Y@?TMSp5+9x|)1s7T%Qh8b
zMoQ4}6K-6OG%+)?u|Fp-4w)2l-jP<U=!Cau-x>I=7@3M2+tq-%v@hbN1bH=s!T9>=
z6D=U11FTCRToE76xA*v%TgH<{q2itw8Z2MYnb!Wyl=Z?~6@_{$u86vH_5N7soO22Z
zrHd-NvR2c}?9CQy#;30j=2B4A3@NMlb)%}Dm#WR3yGu%GnZ@Mtcx|@F<C0A4eVi{>
zLp`KV>KdR*fFe4OnYm{5>asub?gns7o)&?<ZSQ=wyq#*Uc}Bs{OYUY`uOBm2hxu&Y
z$hJ#iD)^o33yi1lx>~vn=6BmTIH;AcAm6V~56$dRGZ9-D7a(=-{sXzw%mwZBI~t-_
zo>Eoazcr5PUW1K!gic{;YC0@h)SXXR8~3*C)t+ee@}2A|<|^IDFK@-I*^Uiiu|9@w
z5r*X*FoV?9qhG9@@@2*RtQ090FkgVBx$U~Mr)SS4NzMBYAMQv^UAJ!CsF5R83EtGZ
zRNqMp+G{KG^6bR%vQ1+9-WlYby&`EIuPxb-x`eUeTUVVwAzd~r$#xN>Wi@hS=;igt
z0vR%28whD@jLLUvH)UY|$R^BhZpsa<71?uVL`p%jHe>nnii!#~4Gq5}b+EliwYHr7
z;9104E9Ijn*Z%&|#0e8vx97J5O1z3WIY8qBabI+Nd^5wP_QC80-Cw?bdbObPMzMXo
zp}B|cyRoHaD5%^hYm(vyseQWs33D7gPIBHQtE<bHKR&%$O4>K=O8KY@J)M(cT{r&e
z6gctpevh6CFTc*tLfzt{3YXANjAMGfuNx~bOF4l7JNE58rocOS0oZh{qC#@a7(Ka-
zV3{SGbsoZ0FfVq09Wj2MR=^#|J$3sU=hQSSi%m1smz@fDbtN$?E+RzZ{fG0DYi5Rx
zaC|&r;>1G6)9;^NjYdb>k6HYFP1J{{AD@QL(UV({yM4v+@kZu0TaQ;i?r5zz4O(qZ
zDa@@}HYe67ba`OlvzQ;<*SF0{R#<Q$KVN(1ObXa?!fQjW-b~X?OiZk}aU<^TSX3eX
z5y{#4%lnhJSKl~tLw1MqxxniD`ij$}8{&5t-7qOS78N%N6)$C<Gga|RrRhnp2r?$i
zUVM=#PDb*4!``t^3ioVP_PX-9o?g?uOvKT4$-WhV_eLw+3|rexkXm>*!Z7Huvx`ds
zSX5U+feBdzl#qtUDHVPF$*9V7V>VDyg@uL1#l^GiQsXbXhXjr&ITq9XYR<lC%4H?S
zEnvYo?my!z7IRg0W|?YG^q0FK%OBL@Y|btqjoHiYxuF*IEINDv%GzemCba(TNux1Y
zDeP@lnK4aAO!vmDN-DXa_VnyTdxv>+J-M}~ZKPsJCY-l-z)mp3Y~^B_mFmX$_=q=Y
z{*&G(Vow!ZXTQn&@p@Yfe(U%w!=25+D5+2LP^c24>~ts8Che`tN_o?hv~96lSDO8p
zM|pGe%b&9)6&Jf-Out;$6V|ogf=JjYb=!D*y`QZ^dc^^?$|EU-*IByd0ng6eugc!H
zs^^>b>g`4OD>=JHPB&W_QIV<+3;`0DkhR<GGVi{Ba{2?<Jv7gKT<uZfMp!9L^48n+
z=H|E7JNpy2zMffOxV2e)FN9g=hZ>jB_SGOF5}(rg=j@Z!fufs5^kkRsk0vYPFP*4O
zPc;bW`ihJ0k}I23wqlC-ts8THyjU-pmNpBAYqRx!0G80iIaas!?VF@f=N7Po;Bro5
zLP=rjJ8Ok#XP{~$KKabL-*CSD8IX>%pDRr#uTiNPlkQXI;E<Z8`;h7<W3%-%rb@o(
zW6<S*>VPj!f0o_ay#s7aizCkL+p%LE>A@ZE8@G>vp|pnA)yqsunW?OJkeVbKt1Ru#
zn5sW_MSF|&2+=P-N~jDO7in`>wV>tOq(wC~H#XZH_gL$Y^-AScrS!rt)ejyNk}t1&
z|NcF&JB}Ye{{B7P{Mrd>g=PA-70rp`UDbBaH;ul%cPYNL=ta#{lukqIrL{AAKCZ`a
z*nr(6yXa#_cY8xj*OU2c*G`U$*r4lr$NN%T$Fj3C?!JqcT3_PFn4r8!W&cXNc)6@m
zyULqN36cB7M<3fW*VlpzxD7yKUAuNI$0<AExqdyh@c1->xaX<2U0=Rr8qVmFrIcet
zMAqFlTcXAEJP<6QGS8AW=fWJZ#E;wj_de=*mz@?Tt1?o4?5+=InXec8C~{Q4885DY
z^K$C65O;BLseki^uv6;~se3QR1^bK*{c=0!?%@v9sPQwVO`Mon9az18Ut`Q#?WT=}
z<G!H3N?%HHzkKO?Sj$TK+dDn3YLi*#Pk6h09vOGs(UD_vBCNUg(4pA6ZpP^HQRNF$
zbCkc)Yl7!#9R0AbN6*FnhQ>YTclOVLHxdLyjZ7v>NJva?LCq<IJ|*1^xLH{_ZrnIm
z(Vf+sOp@|36)``$>Le6_F??J%Xl_kiVe`wav*fiOJQ)*c*m8fQx0%^4z&|^@M7~E(
z@U}lr#%t7Hyd*oPg5LW2?HfO1UEO_BWI2(f(9z?TPBXx)ytcW=d}DZX#+&HQFFCon
zreKi+8~#3rg|4AZK{=90Tlenm0WQY0`74|w3QA_LNEnq(+-D%S@lx%dH*Xb6ol$;~
zknkqU&QJuZG+l09<XIvsviMm{%-48nvW(<p#aAuT`^8G7S5KudFV3fY?=Z4`VyTC2
zKtc1{?!S5Ilc`KL{5s)N!n>+$H&<6bDiv#;#?UyjzqGVeRaLd1pkTp|?`&6B8AWAf
zWy|I(-Ho}&fT0Ey_n$QnCq0f&``+j#pFBfdxh!~1eRPsG<xf?o37~hGtee^s4qC{?
zXR4{@)IBc9HkuL=oGz7<laqh^PDjaz%W>h4T~4R76%_V$c6L5~{P^{2--4#=GeuSM
z%CBC9w>aSBXv=K`PMGPc??$LEAL_hvtM{5kcY=jK-mD|T^O)O4Pn+(gTR%SZ+SgUJ
zZ<SJ6;ywAiCiKd?F1alUiA`#b?;>rsTryX!-?Bx-|F-M0Gmcg^XM@tEn%7EZ-Mx#w
zyng+n8+)eDxme~>R$e}Cs!rJ^L!-#dC{>$xM+*yG?<~x&db+Bs`D(I4aza8e@O!84
zSYUo=e`(6D&eHmdHgQ_9uf+!w?=ea46DO{@y?5E4cR83iqmlb9@DqAotgrp{xk~$i
zZh6qrmBvb!e%#NYVzHh{Aul-Wg!$I@Ocah+xp?m$<LbM&q@-k|q|EpBm>=Q5@dutK
z*okHn(ho5(&s4@e34dnH`No>8_*gzE`bos=>)SH*<qj;~e)dkXlp*tcsQ1EH1&VVX
zz0z3m@x6Pw;2SA=$hxpIVJY3!iY0_m?>(iRMmNR=8Q#BtAGk_mrkmWa{0MzXIdEWI
zN{WkBW|kXCO9Goxc+{O;_wq`PQd;hEF~>rJ$KyFylcy|en)v3~v)6$1)mMxeqNeY2
zs_zlxU)^6MncyKcY0|-T_245PN1)VPry0oY7T<DoPEtk%bYRQqabMh$FD{4voGATb
zbjf|mT~hb%-D`aomG&G{<Jx9qAwGHX<e-}4*n?Q3k;yVS9t!2MiCVh)*%K?gwg$Vq
zziQaGPxMY(>K^xlgtu)<n(s}{ilVe+^&TEoeqmo7{jEOjz=2WtONBQj8zB6>4HM_s
z+S!$^o!7Vtm0(W`Psynwyifg69GczOBrm>Yh0?CtiBcl-WD>_*tm!-^X+QfBc~(K<
z!F|!GBaa&Xu{c8-xgI@wbhPuswB2D7(=qrOpZ#8|B1bK}y!cq;8B47-@t5M7>^4tn
z0JP0S6`BT2rJx?SHQg>Oa9_Lk#TVSmijIyBV4<%`eBHW9!rNfCy!_MK*-zEJe7?Q5
z;kKL7!R90Nn#V_=<`7+%5~n0AT(snghoj@@h41~!jJ@-UI5|Miiypte>Ztd}=cTT>
z1^f4xzB{HNkrBK%Jw1K=g70^Z`mM2`pkkR9Z;i@OsyI1kQLRV|>R@-5rfzv{p2O|V
zKW19n1}@(yYqu#{{L#lJO!m^YjE@cR@$vN)I}*S9TfdDMy|jpR1-P;YLy7`t;?Lw<
zKNr=W^{jpYszlb>hTXFC+aDv`N{*zwMAKVGqDng3{DYLF!dFVihTYzKsk74{WYSqt
z^Y~Klw+XUyJ$7v0j<d2_?Jzlb+R>e_KfR)6Wrd2<R-8SRyi<9y&jDHchV!fJw|-31
z-Ch^HW5n}$hRN)b#fJ|E8nF&eq7z0M&R45Bx%`2M$gbVHfkkC$ba8p;2$c7SXXdDH
zCc60I5mJ<CikBZ8c~rM@o4V+@J&#AFJ6PtIqEP2L8yUIPuV)()9ansKX2*~cABRs1
zyCWjGm1=Bk?0#P@q&jio3O~OMugKMQkW$z|YDM9jhKGTAWr10NO{t&#={2W4(v)8q
z*3COkvECHrq|q=fcADAJ15hbW-aDzjzJ5cVB2fYgo-QTz@s7p#4Rgn7c%o!8fxViZ
z9*AmxxnML3f9d7;S4|0L!X+;q##G<eyOp-hb18k2o@4r{aY_zdG1Rn0HwrvXtZ4i6
zqy0x1nI61P7BlX9ZSAhcMwz57yK`p78PIDs@7^srE`8eB=JT&kM814@=~8j7+isCs
zvEb8DIle{i-?jbnuM~e3A1h0dZPM_}n_<|p&0>ARTB23P;<rad<K&+PW?kA4r@f-B
zdVWP}P}yR&bRwf+ocN1%>rz**_6Ux?C%)S<ARr(#RR56AWHB3!;;@z-;U?lJqnHb$
zN^Ij_dnj3<^tA3YyjXu#yZrpQgP?I;9duOd9Y!|RJuT$kL4D$U{g#4<3`vPk`Bjb5
zfpul#`}f6M_}*G^mbe$=Jg;?n0$X;b?U9Dt50m5#?{r&=ju^4$uxO=3hMWTHL-p(C
z$ed8rO@|rdfpaD^;pOL^F5M%phwpAa{mdj~%NFZ+g6zhqO{2tVMh$9iEkC}0-uC&;
z*u93DAsrt#KlfJHvq`Ib_iptanugz-yxcDIm~_?To1>tzC!d2|wCnA5G?uiDld6k~
zjGR1al9A87r{hquBSwz{3f#)lvS!wU8hy37fghF2;y-_#<h5}f$L*QjdX<;yA)CZM
zF#>h6vlZ~f1&8lOv^6yZY1t%wS~rRv9jzNXHP$<C{Z~<qy(zC8Hzy_}$d#-ub$2ga
zGkUy?b&fU029?FRy?4H+rzg-AM>nf^y174k|6+xrm>nr<=bN#LsQ5n?*@|c>dMdHc
zoICfduv{9oMOh(4mSYgHFfQKN)nJYMzA5GDpRZlBnPu$u^u!3!w{0t=6Pk2RNh_ib
z9WyjuoX0S5Jb=d0a=m6(8Xv0hb~}u{|8O@7byh0ieyMX<{h5;UGoZuFzyc4$pt$c(
zYU%HqQ8C0VR14d)R~*C&HY^xP*&9A*v7=ogPI+R)gC4oy(<3l4c6N4&l(7U;@1!M1
z=7(?Y(TON6EqS9CzFi?CNcT<g*!?MN0?zC>>B~kbC7q)Ao}_Dm)T9u%2vXDKMyA-A
zCnBTPym+x*VVs17NN~dwr<>UMIiuJpW%E{QQQAG%Sy`9dbss&*yY*mQuAKOv_TWqQ
zNzY?r$BvDU7at?>$x!xG`V#od$2pA)TgGB*T~$9c9lHn&m#}!&oOKCuW}7Tej!4=v
z;ro3HJ*iJnetx$?v>q<iJv#cyjqO*bZ4?t%tUPjg9j-Rq>jdUxYioJ(0<-;rmqjd}
zg)I*VxD(Uuc4K;YS^1T=w)ThQB+H`<vDl|am+dg?!sMPfF^)3c;>MW??QauM;`>um
zQ=PI24*SfeADutK#IdZb=!L8FD{;jmsb3C_M^P+urcIgB@uZG`iUk{Eb#Ah$oIma)
z`SNP7sAdC{5&O^9SINn_TJch%<@R<vHpMjTnQCU{aTfpW+q+AbR?Z<Lb>3n!qQ8G~
zsEdgiML8cOCw{rW)y`y6qfrBp8C&Tpuk!bYy`H2Te`+|cyKsE>C?oQuq{K-QhE9_e
zj=FrZtS3}`zD?|Sn`zp%0>2o)WXTa6ZtS;j1(PQ`yo3rCAKJICWjC|sY;z$tDQ*69
zT<vY*dS`qvq0}coxUxEbk0=;X?aItu>WxnxqDrEQSDiaiab;=~dex(+6I^4i@6^{h
z@k8N<(ONb^Jdmz;v8VIGMtSz~Ko8Y=lj$2awS0bmGIIxJDmmZrNb0%P8$m$m6S9|G
zlteA|&UiL9LG0A2Q{G9_aW}^KonSmQk)F`#aeEX>e0=*^36jH8k#g~p6<y8wW@g2O
z22&L|Kf3FVF8$_&!>xIQsn7|cX*aw{o&TxK?Zd?w%iLKgEg#FB$BredV=Bjf{207o
z<YdBKanz?zpX_#MR0q6Qd%*D?t1q_^7zocVVGgGk7w*zHzwyl`Xx6MrsB`D^fWiE%
zNY{F+D1G}rY1C}X(HTD)77!E5SFJKpP*9IG4Vy#99vHW=VxCQ$QNyS;ibh5?pWJq=
zh<$rB=0}e?i*-z5&g`!vA;ZHr7P`gehxtd_C5}Xmn?6@mYQ@5?^2vUSP_>WeMqSvA
zQ_LtUgWObDNzJF0KPQcuJYGypEPkiV!*%1tP!bZ@!u0mtoGHPTB6@YJq8gtti71r0
zoH++IZU5J;*mT`WYV4ashs5OZCVM3*V;1_)j6Iv$_+2S^lJ;E{J-ta3d)3hMBTy)%
znIpjeP$s@R&WkHadmg*n@wRQ1I87xe^OQ^K5?NglEibQVI{o8BqW!Y-of^a_OVq-d
zO5YD;cEv6~ri{`mmy?$tDc5XN^tw1)40Zkb^_O8I4drCA?6bG68$VtZlUKHwo%#Oe
zGLcGbDiv&<_4TGJBWl%8i_K9M!&#5EwCor;x=U<iB(1<Q#3Hn2x1%YEWNvwVPPUlT
zvg(HqV?LISwoAoGNJ^e;I=5z5NSqW|lC?Ymh1#j7+Sv7h*k-WqDau-$&1m~{_x$(P
z`&ShdX3S{G_7hKNad)YnFzNLy{NDFeu@bO6M5iciJ`tFE_^?Wrl0n7H^-0rfmK9J8
z#p8@n_UW=4H~0KGe^lIdCCp7`L#6flam|`}hT{7R4VJsRJJD#bfUP}6^Fd3Um!+!d
z3XVjC_u~U8A^~%Vo7RPey|yK;K5*bbMg~+rLn>MP4tZ795%;K#$M##SadNUaal-cK
z*$YqGR(t#)DT<;x9v6g<pZ>VccWc`U)tQ+cm&Ygj`=zF&8h9M>LrtZ4C(WK?9eFKA
z_T-r9awaPyR8Bp_hddrLVxgz!-jC%*CNieuh^IY{_}|_eM5BdNkv?{xZLt;G{4`?S
zS;^Xi=R`i<ab%ul;_9F0Q!@Q4lTI!^<f+-+%v^sp`NzlHW1E&;SV}1%#p%UG;J1#C
z^_;Y#SzK(+@yfJqvD&Ox4`k?+l2{So@;s+w!@uh!UTJN6=q0)SM6Sx@yUpLft(kSb
z;@#63PemIIO}7_`7@=hB?v0Z~ac=GuN8Jg;M@CjD^c<I8xK)`MryTpW^^X(wB4?f-
zn*N7P)g8^nT4GBz#YaAEe-_2`@lk4MUfXDbMTI=Ewzt2zR&vVHO;=oZ>lzzJG~N$D
zCC(8^5LZOymC=g6oy@Vh80)Dybxc@G@>g4p?yfH4-f6E=R+g5Uy>wc%XqnTt$rQZh
za@DcQ8&He4Ztc9JiB6GkzB-Raat;jKN%^$lYm0N%;p!;|YQpP93dq+sD~=pF(lxhw
zWA&1c-B%K==Z*-jo73PL>*vl`WL~heJ4B<#<E*rEs(bKpVql<nEIxPE0ns>RX>+ZG
z6?U3WWq?E-#y`P2ZNse;m-tj2sNJx1Ys%Fv%F>Bh#ztp801fxF&@677q^Xw6r!-B^
zd7?|jyq{zR7nLp<P1-zxlpp!|P2v>Igr<Y(GYl_5X5ox`clN(%sC4np3k{u=*sbkT
z7VFg=SbXeQCGAeZ#zWp(HVb+pK3!Tn7nO6SMkSDeD)H*kVLv{V@aODI@#dH5tZ@~o
z4!|GzWJ^}iH$i=TbaFe&JO9qkoh7sE%2$3Y^(;S?r1+xh)wFx}e5$HGY)by1c0*Ts
zwRWn=&Ge?Az50qfy~{BY68qb0b;ah1e{i%*-n&cbK2bFG;>8~aaEU2W%iPqdX*9i#
zqK0w}&+lW+O;Ax=Qa*oeQ>vifNZCoN8dbC?GKKyw*KLW$Qk5;rAI_aSoRstuzwN*+
zKVx<E@2{_CyXF~f-R`1TLBEq>mIyrZo!a842geqe26@;A96I*WKq~)xRJ-R~l|vgh
zHZL!@H(9MkcD~8?-AvZu!@CMRbOIco*A{I!>3{VdhZG&X+f(yhn@#q%y{lGy@A{xX
zqvgwPoc&~}QTa~Nw@3b0(b=nW?H4P4q}N?|>aAtJcb@y6yQ{`F&bvM_Y~Q=X9#m+W
zT&7iY#MitUv1UCf^C!<s$;QSN88fSjri;vo{<1!_X;VOfnT*|&Yg<ONH+OAMPIje_
zJnMsxdk(h!Pv!Cp8tT>CTkq{PTV}knBe2v@+bSu|@Aixnp-nLxSl13TCM{lMOSpG^
z+hpJ~b)T-&m^Sas#YY%QlAc^^E!)&JuSWBR1{7y}T6y-@1(B?@QposLncD?=P*C*e
zTZSLbyxR2X)zz~~vDwvC)%nGZ%Z;ZS{^4r3s{QPBNtu=JJ{koE70j3yafN+an{u<x
z%gg=Im{@8WInOlY<&6~8eci7VKCc@q>1wI-%+sp&d&2^Sm0iu}6&3%OIyEc0^X=`u
zM~cJdH=Yiv*sD!>YOU~e^2E$qbQ$hG$HAcj*gDUm+r8})Lz*8u#dJLxlQlOX_{`%7
z@nC{iO!SG;=d5otmxR2~^{))j+qGq;_3EbQJ%ooz?3417INnJOH}Q3a>g%O&b6r-;
z76&Vcij>$c96|BJZ=Fp@+M}ncqocDhQ&C_4NH)QR{v<5_@L?-wchTbsk3>|yy|ht1
zc;I1EwnL))f>qv@aSG;#PMmmGli&LEtYl+Tla>JrNGQ8uc3r63fl_GucKztich^5R
zs7Y^?GEXXS*qz!@MNCeZ78zW=t>{R}=OxVZ+js5^a9fnACg!-=lSEoAMN*o)=faZr
z^`9G#ZIWvv+a=O3FEbrm?5#1`*X5*lrE!BFYF50HJvKMaUyT_e{y{o9v30}E*<xt3
zoLQDLFR`S}(|4zAUV%EY(Ixo&jOoU$uhmb-sZ=jqcI19%XJ=c}L(Rp<A!X&V$;CjW
z<sW@`%*$)pvhMGnZ>tfFL#HRQ+&^5{{q1GqZs#jEj$ZZ8S(Q2h%9^HJQ<$l4l>JI&
z>!uk@W`@0E8EwPMkeHs&>26+oyxq>+oIEzJ`;qEZ*ODsI$d{K-(W(v~K78Wj$z^L%
z8$RH+R8H}fHH`Y|=q{5V`tY5$RoFh&dZj1k-=2S(?={`**|UY;wgXFROZ|g)RiiI<
zHj0J3SmTs_c)Moy3g#3ERN)$2%H0WuuZmnXHXpE9)q4HhA0yVNv?-r?_2)>%a1V2f
zuJ5lD!qs#+_gWt7-m_pld3WzhRW|WhZtlb@<Ci{KYt(Sba<a^u-Fq)MW-1omOZ*Y0
zCuKyH&HVBuYV^1-Q?lZht!);M)6>^itzTrKH#d9}D*bawNs0g7NUNn{Z_1r+8&6R^
zFmbl!(PdHNW8G8QJ5C?KMybqfctbQRifX(syD0i@^yZ95bkBmo>g(I)l%Di{L^uxB
zUnwmuwT<1ftI4=<hcc$(%Zv5QZ%tkw4xDnRec8%1A2BXgSz^)S);GIP&WM@kqWqO}
ztuws&F}1*B+qP|`x@pI%FxRxJswzJoTqTMsTRTbfyk1LkOgfI1sJuUBwCDXz(e8|I
z%}oCbUmuI@XBU+w8L@yHHV&+~+w<FH$BZ&G(9q{(9p1_Mp76wfS(-{2IaW$Z?7B`=
zciV;^pBIE*XQ`DRIQZGYZp0?3*<!v$ZR2Bhc9+XLP1^Wy{%4Wcjq--$<P9*!#_r1)
zHS;;MGL|lqd~jq*cGbI<i$7M?M<2a!zC}$D|9Tto#NL&xnGHLo9Bvmej*jk<omhD!
zy~-uG#j}v^yuN1i_5&Wy&Xc6z>$%nE6Kk3d=Ng8+uX%Mf*`G?4Saz8vPkkHbox9!a
zQ(63U(^b{k$$Re^;3p8a@Ag%Tw_J5;@$O^C7)=kXcc{x#3rL1FZYNjWojrH%jk>zJ
z%ZFq{mMO+cv8GahLCk)0^U-m#1&x+Ny7Xl1SY?SNM>yq4*g1rG`hm`;FoqLF4c8}>
zXv@&Ejb~AxZ<u&-ukIYrYx5Y#KLkv5in>tjH9pu<jY4mIeH}Ql&rVP!&pZveu^4B3
z`|aD<q@=4}k@aD=N0QPc6bZ{)Yh~}x6pNE8$E0|qYVKR{`r6hrXD*n(5ka-rSc~f$
z7`VE*sr_iv+Vy(MO^$kw&HUAG-uNY6nIJ2B$Uv%S!7&x;fg3(nR-d*Jdv@+w7Pol@
zWkWuJdUe@?Mx3-w8r#X|Wl6HxE=u^0CF|uhQF$H(w%Jv{C78JPb2kG*ovB%4yVPsF
zp5u3Qzmw+zt3Me&tEs!=7?XJ|cx+?$_wQa&K`+_2H%iaYsPEJ|T^iebl0YQhzI{8U
z=UYS9mv>dF59-E>1>26eI{xVAz@tUiPaZz}ZBO{PnD3wR|C~KDR)#Xx{LWMIpUr-R
z%0IN#Vy`@T!o0q9(Xn$ngil@*l<wU!ExFJU+TGb^Y;1gc-e>!OfJ0TJaq|f%{dnp0
z1u<rZhT%Qmzj^D94huM0fA}n2ZSF3!9;4;AcICCU=Auv;legsTDZcXHy0UalOWl5y
z3`$%=!sDD#+x0ot>(+M_72SRCZl?%J(YL_k;`i2yCycY|fS=JZIL(O}hYr2HJbr;a
zfw1cB{`K>wZaYzXe{ldUpZ+BEBID`1?k>&Kg$5$1*ij2f!3SR#oi#sgBssZJ^xDf&
zj5Vd<m*Ngt&nT*|G@WRfdeA)T%7XXk4+)zyZ`vK{=8Wxnibqjt&aSRUJ<pry>4C+n
z@D<3^>j0MWnuvqv&e0woUA@OtQb*U$)=nN(rtW>oLbd1UyP7wql)?r3-_kB$5-r~-
zuf_IzpENaJTDlo~_u+vHYeZ|GOYMJuofe)c0m+OkKeK;7xvjA}CnpE&OwMZcdo9gX
zDrEM1S#ANAyQgQ6tLwK%CtZq)-0bY+b90yM+J$k=ogABU?!w~CEh|@^>h6lNw(OWS
zs|~Enh_d+O2M<DPu$eL?^ZbnrVy4cFb9Q!4*}i?_G-J}nQyQ5Uc1w6$k67euUW*x3
z*u7un<_yA;4Kq)ChIGm|T5Y=<U?Ar(dmCo1OMu?uV>`Zgx2;-L9E&>t^qx$3`-UY>
zrUic639X+$FX;YKg<UgB-Sga;<rDmqCoXgt(RTPl>t2_->RFZK7mXoo(@Yb4o7yi2
z(o3#|eRK2ArWAOzH$OQ|xw=W!>Cc;Kx(z0go2Ey|O?j=Tvd-PKxaUh15!mbpT3y%Q
z+j98ySF=(XkwYA{uyvW&AFiA3`1W-TdA;oEiJ6jU^w$q{KWZq+8{`w8cM_I$iG+U`
z7i^+n`_6w~bn1>BhH${v#MvBopQc5QpH44t#Y>x?z??29_}1B3d}~sp(ie=#{fVYP
z)x5d2dxWScthU;oGVdIbJY2EH*)A<f`{X0Kmh64`1512oSikj?dCl=LPq4AGv$M5*
ze2V6@e0grGTFp60o9(I(Gc8!?Kqrr&pyodvcH7UcIzg>ic;(By6v(8zQU3Ud^t~mU
zY75t=?%b`oY>jx_;oMxnfpDNmK7Rb@e$wwsdHGkd^5zWx@Yoe!!ra!NG1H7$ufak*
z>32)cC^%zJ@tx*vZm*V=<*Ba7ldXPndA;Vc;xF*XIS1rVPLEnS+Gx+k6E}f&4{LrL
z`mMFTr@JdzPJgbtx<htV&eR>NXTP1GJuT-@VH%)q4<UO@xv!42xt`p{m+bQ*rq9cz
zOU8x)nsjw_HNiA;-jPgq>~%Vk^Qoi4{-}%5{p8#$K5?7x2HXTH;>HbdW7OA2{>}Ho
znX+@<Q$=eeW}u)79YxE#S%3h--g#*$DU)Pm-ZV61XN)f{+mnJj54?n=q%mGzb#LFk
z1;o!$R*tX0&dWd0F7~Bk>T~q{xx1k?%cAWQudo2^C;e};D)r@V)fTbWkDGp2E32^3
zASvG}GbDvdbw7IS7?Vz?2L!07t2aM9R(B@k)ui;<vu0gEE(zDnuaM{XV@)PAR%{uW
zgT1A+u%LX&k|k<tYLb$Y6DLkwtE4Xe@vgPP_U+pxS^%p+RKH%-*BAI+pP;F!nIAfL
z?p(8u=Of4)?gbWr)n}WK+BvzgVrtYP$s%|0j8Sftgti@^gSNIdnZzrB1xj&No2KRD
z1teY}IXS&*YHF&l&$>|kR3lh~Av#iuK@cq|&~vOgEk9z~QoF-niyn=8y}PPIG2>w+
zs{MJ2el9jzb&H3yOH7VgE|c*7vcuUCJs%coF8$V};CT7R=<}o~d`7sbGYW;8$H6V;
zP?$mRiAWTL4<h?hA%7}^$|7^9zK~BOe6}32hO3ftGmt<k@X1>Wb$&1-h(!)pMRz93
ze1=2h@i>CzQFHIr|8qh5|G{g>^B+Rl9{!y^esTUoTSrH$fBq)}E#2YsAOFNPod0P!
z|I={(_u))X|FxN*c*4ie{q)Nu{lf{Mh7&;juSx&jH{WkxafLhhxyb&fGr?1X{>e=6
z&|k>rj_#Yy{a?-@-<vH%h%O|Z6qkj4(glT)S%NxzaO!Y>I@5<t#~?Ry$UanhZ(&J6
z@jCA2gM7lE;mk1by!U2nf*&2MWT8+&K#0MFQ^WKQh_5z!`+$`O@_{X!RXo@X2j`lB
zxyWI`8Ilm*4Dt{x5>y}RPl-XR2!;h%#%ChJKh^#<8TlMQvw>3LWz7#@hQg&u`<I)9
zg%5};QoEGK=`Ase*bRd+WkB~3nF6P8fjBH)QWrRvjz5w=hbc(W(x<Q}Z|h)F>3)KJ
z!~}>Al6Z<KP{G0}(D~0GHT?QK#1Kv-&mGa=kMipN2|X;t3Nn%jhF^u$m;CeW>3w$}
zu5S3*4m5~v=*=?5OT*Kfct((W4M<C1DBzw@6-PFb$RD0%e>k(zU(MYg1Z0ekv<FlM
z6D(OIBb%Tmf;I-?r3hzY&~QFGq#z~C5pE6|?wEl};C@63UJ51ULXw#A6XdbsL_Yko
z14z4&A2|&Ci-s2g&@5Dh*@FnyUm23{?g`rUqxpxjcvE7*|2VJ<Kv-`T17w2@?oHeN
z(~Rv9o9V-%a%YFf2^Ke>7q6x)>`ny<lG}ySg)(6Y364NzfPVX18+<`=3F^BD1nL>-
zfhRf~CX%lTkp(!36TG~6wTFWS)E*Yftc7SZSc3o&^Bt-|=793CT#Y4ILEMU?f~1Fn
z<XhZ|oLos2N*hK7+5*n$2jrdM&(?qzg(5Nn?~!muCPCJE40^DBgezPyfDYr(xarqm
zRmN>nINj3Vl=IXEx4qtEjX`iGICj51g$C<lIvJ^#>r3wC3)r36+!0dy<R>Hp70c!p
z89;VSCd-$rTe*4ndDI}e?R=?Vme>?3QX2uug@r-)(_lh*2ZQ?LB!sgo`u3^j$~Obt
zuq1+DdlRf<(7v!R0NNORawzs~15dCb^7%tW_x;ThXYOLn|50dKg?P}bI0d5bOXrtM
z<z@h4P^f(G*_YF+&-?ZvaB#sbynB7Yr1s$uyaDlUhj$;Y!2~2O4B2q_%b3F}-3zB%
zL}murBYP=kvXS<YS`C6Cz%XAzxWb84QiiLg!mEWGOy{Qgf^#wgiiC>f4l))lFMoF^
z+`ENG(r4m&hePI$0ZwX&By59?EkG)wf_Md{nL?Cumq<V1qB4Y;@;ig!3fJ!rhI_a0
zVAwQH=wLcE80<puD0tZ%eaV0_M0kEl5spM6l762g-tB{l3a{L@pdL1uXka{(1<CD@
zAILnO4qnk3wj^ncP%6)Wphf`0p7WcmwZb}M?SFqDyxWHwNKh!8;S$N8$L8kGgmqJB
z5Dm0}@EOCaat@Cb=tQLQvXIE|1_72Ti`6>_@GsX2(lvAFvt@vNOZTrWbt=mQwm4M~
zeT-x$gvDI-Crlvmv`SyAmFs3O1}``LYtHjaB10;FSMP{2`i*YkrTq8x3hRyE=ro+n
zV*Gub!t47tIz@^}|9!n8OZYds^&<nt_V;y*EV$q3mQCf@Bc;W;V*Rsz5l66(&DHDV
z4rK!%CMu$dg!ctFw<fo+df&ab&w>@QK6{}m*#7K=t9sL2Q@P&>>>b4Og=yoNqA&@-
zq+!v5sAv^95hhpH!3uH^OZz9@BiAfqQH3&bs`fX5sKSmJyoHbjJ`%Zaxp#r#H$-iA
zs84bBU({u1P{UOK-3aib0{f>JsGq7rSpL%saEHO^uib`z1b7jlV2N^Aq12&n1pfAr
z4WS1LqtFg6DDw{fqatjl@Qck;8DTWU?m@7fAxq9PkW{S@w+a=qgRo)f-IvMgS5h8U
zJ-nxS@8NB+3}M@mn-)2Ah>G+=&kH>%FyzT}3b_{$<h!Xtwd;e;u)%x>jm?)_m~?^A
zgUu0mAS}derqdV!LWVyVTH){dK}_Ca`-NyiL?4)DDu3y+nP8h0PUb6=yPb=}_%esG
z4hJ{90Vy1W7-07!IgcUq5UNDjQSawb2pexhE-Uyh=(pw*jp%LYFV0=>r14dk5O|2d
z7F^9H1e7B>3^-?k8-=D$s0>>FG{11dZhkK0!N9*hv)LcR`b{8y!2Lr3@dIxD2@pT<
zz9E750k;nU#0w!_ShzgpU<ut}<=($$AyS}^zn54c<s8Y}0+)lg!0cOH5Io-N>vFAF
zKfa_=0Ig^u9~T(}JMDdv!{qQCiUHLyH6U{`oCums2P+-Pf8Vzr0fGy|J02g06h;+<
z@Y}%%7@Q$IU^EQbM1??XCR%`x^1vIem&srTQH3Bs4G2MO_)KJR4S|6@fxa+kAv6xb
z?zpIRXwX2m!I~cyLOx;unq_k_J0_0;CZ7T{q8bFmYCw24TL_cjg!(dvvkUjlE-Zvg
z4xU_C&qQaqqTqkyHDvskkb?eq`WQO?OUqDOcR>9=1D)aefB(oe9RD>O|216yZ#e4f
zzbxu&xc=X8_*cLCc<83U&+J={?|)s?7oX+)s3oqgh5#YGE-eDy^5?04xj#g^A_y95
z2$+Ybap5<#uw&M*E4Vlx`RA0tFC*dKAm71bKR8s1Ka1?A5gbZUXVI7%+?o^I29#iJ
z?8Iw}AM?=fZ56oR46>vKGieB&NSMHYp$Mb6U?dncY+wLxQX>YbqKDM?BV&ZHTnv{-
zzGMX9?fV=C@}q)H-j_Ti_QZ!~1$ZrYfGT8PUl>y6MzKIkFyLoLG6(qijAcR~U?2Pj
zaejHv@mygOzy;vjfr&t7K@g(C6pk1e@EhI{X_Of%@ShPtA3hEPk(o$r1T-+_N;q1J
z#}$oUw5A`K@TmIHh~)<C^ako6?+|zxLlBh(!(ALIjRnsYtZresfg6RtWx+uV&=PG8
z4Ff$p)t`6U%f)`33o2O!GuiCH-^0NKao;rx!)UySIwnjJ9l>9Nn0y3Mh(`h$g5P8!
zoI(0U+9UFUO!~Gfc!Eng7yq5*O9qQ}7J|k@vv_FyQU>=&-jFl~z+OC6E?D|Qyjtk<
zW`QS*zj(pG6IlL};2u~|_?5o&ffF|<>fZNph(qN+BS6cMcbdGrk-w4qH8h3*)sepy
z2VmvHP!1Q$5%Sp)C`Si|a`ZK|wKcU3AsubFPL#IMFqAWVaj&8ApOAn5@E__|_>Z=>
zp4Nc#f7-+KpZ=L^82=f@e}?g&Vf<$p{~5-A{&(U(d|YRd{jV^c|F(mF!VnNL{NAWI
za^If@hkm$+FIWQ(U+|A9a1W-zaXvm|1_i-Se377Z(4q!}1M4vqh%IdenO8d;c#gk$
z!UqO<Lg<=Yh=+^T^`7N{&;q}>zo(Au1%h)M{ix!e1tj|p9bY#Pj0vGf@q?lnROB~5
zpmBi40}k*!ni>Crd73mcZXog!z!*9e-t@S4aF25!zc1t70NRGVct0AI?mNUih>!oP
zn|KJokhd+TQiFkC8O9^XhY8jd8KHO?1|2;VmNa0{{Xi2(u=CQ`WZtP4GK<DLJH$JP
zg0wbh$fO`Jr8k-bDRbTjcH>UJ2GR-+G(UJ#gPakBgw6=U2LXc-GMU@}5~R6-Am7g+
zBf)$QfYi9qnBa^iBIgLa!-B}%qZq$LPBnf3{%~m#0)T)8;tUfs7~(TH-X)N=pU@BZ
z0>q!$mwYfR1c~Fy{_h~C|H?=#0cpQKklqFH7e>N`2>TzX{JjzVRd5cB2#Hhu{UHf2
z-@h_F+;cuc`0IacKn`3Ae{)CzRnu=UxFCqb{4Mx>@YTr+W$&lchsNc(r+<+Khs5T&
z6gp9nbKapsNB4mKpuw6f2nnR+F})vM{GO35R2VAm#}A--;b`dp074tW6SsapBYUVu
zpsx?5FM3O5gkj)=H86hLdymQ-z+jD_Nd9LHOBNuSHAnU5pl=8rf_KKj_C-OoIXAkS
z+XA?e-!Y)Ug!i1v9Jo6Zq-P`x01rLZgyG;hn4!bW;cE_u5<CY3&C%A;ox|-8a1G3f
z3co*9-hl!nA{~5*M&i!lmitc*ycrG}9S*-I<H~1Wmj48(hELcrfT8hApn4dm{wYo!
zLLUaH|L3ot<G-P7&A+J+B*;%+|7Y=k@YN6h)z>pHL_zw0Q~yI=|Htv)A?IJ%U;j7y
z_(lAufu6R0-}wj1U^xEspSk`&#Q(88{1<_OIk3ql*qDJyM+Un*6+U1-jQjr%?k^!B
zg!=cMT|pWd0`7;gseb_Q|4UQ-KaKU<FoUT70>n?`{q;Ws?DsdOf7%8&P>VsK!N9Pk
z(5HXlB>@5>{l#|!$RB_4oqz@RkN?Tn0X%5%Uw#F^{qz@Me|uh*9Upk155=^f!T#L8
z{?o8O4~-Y#{6nMjLSVlYZOGRG|6-y)ek9@F0QV2Nn)qq%LdkwW_fj<&RE{Q38MB3r
zD<v~W?zafn`YcX9KKs)ZJ6Ina78wkUrMbYL#S9Jh0?JNbTgl8k)E{!@{_>mJV6e8?
zl%Rg?TDUq5-X51jy`O&XwFsN~_q`9{2^!R!=Z*hDg#QbT4RHdf{P)Wo!JQfqo&yB}
zQxFPg(csj8@Llkm5FUERMhgxj(wG`-jxTUHdx4(6@UnqtQL8NZ-B{0`MKdC|VWD8|
zZxDsdfPBEfxabts7v4;H0gF%oGaMNYZ!CZb$iwhR0r!NX6rBTL6vU4lO6R}`Vkp8e
zE*(lg2}@KO0`KB$nO_55O8xkw^ixoZ&%l21hW#5rVhxr0p*Kpx5r#_rFdHRqT%l5*
z<M*=}KI~vqF6i(d`1HRU4RVFQ>-7%)B@{^5!$goEBi_kVBTa2R_~fa!j)|TT5N{TX
z>JQ{$7!3NGuOa>a-YxOp>f=}Oe>z&){p0`ibPb37|9|2d_Wy_d|6%`s*#95)|A+nm
z{}03d{!t`=hfnaF|NdyjFaq%ZKLUVE-5~zIGf+>xF_AoH8EiI)pUei|BF;YSi~_e2
z_Wr?m{R6mJ<uo87gUbCA-RnZbPjR?8=*g4-;m7|PAb_+BaRU(jSj?aS5q{j*21+oe
z|1S`n)rtRwIugPr6rvc)M%?B>qXpsAN#RV^PooKu1aLop8a}Lw{Kg0k@`1VB`<pKl
z-gtlZBy0o0Y0i+JdkO9hb>tx(gFHWE3?t09LC_Hx&0uq9oau)kAY5kiCh_MXPB6EB
z(jFXU7)*nwe$Xai+Z7=jo*Xg+7(@l8FVOOl5VC&(frHbGBVz|1GABTgUHqrSz!NzL
zF)r}@!s15`1!OQdNG@C^V~EqZyh$IVEl0jQ{FU~&LNZ8ePF(5X0#I-O5CrGovgE-^
zy?~M+5J>5lF=qo$5_9Q>CGl7N=;;5ld9KtB(t#ycoRLUhzP9jZQQ@Pkh-|?F6?Dml
zf92waU|`(vJ)j!kOsUAJYPgl3)4*FB8XV^DN*+(<kkpSrp#kp$mUUl9$iV(}cfY-K
z{+8a@p+4MQZ}1MezxL}9QM4KmqQPOs&2yOe$S0ikayd7K6@KU^peYhs2^={vU4Qx9
z`2QND^)CUfh~D}+%-Xvx@wOh=qoOZ_1zCf_3{rx38Qyj^$S=K$K8nj_{?vlImv9HR
ztY23MUW<Y6jvf%CCm<S*Nc=m1-T&*TYcH;cV6Mi)nCt)9Ye@W8;E4Tuef$Fdg+KMj
ze{~Fp>%aaZ*D(G&jQ<Yfzr*<NF#bD?|Nc+ozdXd1i~0WIDEDv(*f0P*2mlPr&Y<`&
z74j4QsXqpcgnjji_=3MBBM-sBVQ6q8x0oeflL!H3aKN68+~doHfZ~DznLd9F_=Q_m
zf&YQ`QVg^NcKZ1dVHoJQ<HPtZ`~*`$per7rf-nG342I1^BoM@m$lyZQFiZ(?OE?Nn
zpK@Ug!NW8*#031K@{mG=m+)3iX83{;GhtrRf`Wi12V<c}3gaCRUWf+3dj^vO(=ljk
zyx2R$2;gDrLI?cV5CewzL60yDg;Z?%C7>(B+d=sR#zjM5Ehb`@0H0TY7XfO>oB?kP
z5b!6Gdxn||KJnop<o0kHV5JWgsZqdv0*r}E(;#LWSZ#<E%2l$O`Wjk&>V(p1J~Spf
zlFhH$%VcZ7z48VkP#^*UL-44eU@#j3j&q^Mfg=Xv@e4&J9c;v8q@Ep(9tmUDL10-0
zfInejfLmZ|@MjRlqq(RSnZd<8dCxK#RKe|VEjrLxBoxq#l(BhI#Yef^)n^5%&+=93
zh3L2(M5b0ib}zigdyYd53ZBK*06qO0H~zl`>A@`fIiiQ?8zmS$<8coI_0GZ1qA9s5
z<3AfpISj`MU={?8GaN?ahOd9@8WR8O^|}77K7N7!>F62g4~YLX9M1pvk6gp}-!T67
z@8N$uM_m|B6Zr1`1xO%oEL`x9_hA?T97X_#5y1b#2+(05@V@{E>{CFxR|~^!_iAE3
zGAOhsg82!f`BITGtiQV#X`t~OHm|Tf6i#MCK4cj2VKN3J!sNTu<X|%JK)G2knf`i#
zu<;>mX)Bo_U&GXDpoOTTgaQYU!J$XOc`o6AI5tKQr^>@+V4x2!z#`~cc%_nsS1MAR
z1p}dZ>k@;wpcrmk2!>Ze00Cm)h#TNd28VLky@f@E$)d3#KNgh=p7G;^lUY>cDFiG<
zLgZis=O<H6@11f8P3D5D`WjluQCu35`&keQ_M66z9r6_<w4yZ7Jfej~g1^DSH}E%E
zzBr&QxNJtsmBMHmpaiZ}s)LXPPcU4%gw71+p_W{twIQESKr})(w}LB;AK;1R4QtT3
z`mJ24+y*sawF&>B4!YAow8bDp>$L;mJ9=#a!SI9yii>*jAAtu12Xuiwc%bb5N{t~9
zA(G7%vVw0!CN&twWCx|PkEMZ7+Q-@$WNivRBEajYFiOh-g!@GD+3MR{P1%Ikvo9Yr
z_vH*?tU?w{7La_w(QzQXecmCkg{)c70IwxqA?4OrPY<R=g+N{|kH8cn98wWTkQNk7
z4`mCt^A}`8STrCKl}-gZ2-1gpQ0=!x3Dhze3>d=zzBu)+{Jx>|e-|4lYz?^BJcY_(
zGBl{Zp_;3FX;gnEEL46}HX8xo2Q2{w>A<C$`|mZs9?&9tq1Qow%MgB+&6uCe`1dFU
z|I+)f3xNd<KQ6GMxvRmK&If=6cMTXUqNoI;gqCRQX<|eDHDNe$S>G{R(cn;YGEiG!
zM`MOEkR@b6X3?2!2s{$XhF^&VP+9Q%B5s7biYj+|qk_MYX22vefvTjyI})<+kZ^YH
zkpOtF7<4*d3blnO)YaB>AhQOeklO(KY0yTrgoml4NnnP-jp+S;BZ8SlYF;au@oIs?
z(<W$GOGnc-l>YOE2b)8IKLfWV@M#9qzwj_3cv}i=K5+GzC7D5^Ga+Xr^&z|todalO
ze<tJzn>T3q3&b=*k}x9=2>&k7wtaNxPlq~m=PG3Gu^7ET)xr85Kq!{sD@gDU%Mt=t
zYYd|P1<o77BEADBsKSoCeFBmPzlmT4A+{b+j)+bZ@<wQM4ikA<p-v#GJ2_$<)SYdx
z1UsjNgV+U>UMCTVss<WpOL!c>&;#9sQ|Um9QWblx8+T?Xvc-_;Y$n7)-i<QB_QHaA
z_66SpV6pke4)_ax@dmb_z9z`f8!0>pA%j|5OHauR{tm%sz#{Ks!2Dl-N78E`BQHs`
zwT9o4{4Ljz_`k5h{%`d0%lr=px&!h*YUvE)|Nq1_jQ<bg|HJXW!|}hv=>IVKKaBnl
zqyPUY^uJF(d=!q40QZgc{x?H_1+5O|boYm=O<>ekIJy%Cb$x)l2azdcUuqDI0{eJq
z3hXhmC^R@SG?WF$Rs!FT1Cf1zB!|MWt`Gwb8Dt{|m0{Qf_AJ3yEM_Fwd4Uo|gJ!J>
zF6wYJBLpZ82KI>`*tNj^h8Ra+SZocUQjAEED_+zj8~DBG0h>J>I?HB;vM5x(3B%U(
zrTWnrG~_HcS9*!yCbScB7vlZ$hYh3I@X2X}Q(Ql|A8sx1wb8<z`ZGegh!^ikP5)s2
zLa}y47GR%20B$pw95jvV8wZE_faf4yjtJOw9_TS66+4iCYM4hX*h@rMil!rOoiDJ(
zXml>YKEMeN7eYLcBjmv}7ESQlfJY@a>nE75NZ{DRPa+b)vo?CEMI%wjj7a_r!xPM#
zRfHqJU4#OF5W*44OfW0UVJrcO`eZWbk^E>(7+4T=Nb^Jb^zGjj{N{$rKz?I`cIm#5
zKP`-k4rN2!4H3pyXbcKHR1gmhlrD=I%z^`}dpQF$7Yq^1Y7iAc>tIfUM&WW;$kqf$
z^1{3X!VwA+#!u-W#4%x;kmkc8vm#;YheD*#LjXaTK5*0kSO_hEg%G|88sdUHTxkJ)
z!-Z*hZzFh9=!+IeE+0^0X_|3g*a)~W8)l3tj0@<g!{9(a(Gn6BM=C3b#^%4@fjI}p
z;m?AL0Qq9L;sHbmw&LN82k>meVgdF!CIij%f$eo9>K&O0uCT!gVT9j+k=bC&p&>6P
z`Y<1jyeWZH;5k)t;yt0Hige;j1rp9%EBv4Ml7|*j6c{1d;0q?57DVH*5q=zD2%9J4
z7=%s?I*92@^NYklK$F44LY5;t00a5b;HG`R1YzKV`aG6n;BjaI0b*0>aA}`lM2q?L
zp$@}c#Y~ttpno2Vkbc7h!0h!I35|{R3uQ4tm)r<zuqxP0j36}tFL{O^lMa?O@_vfR
z@I`c);7tx!V#z+hwjQ_$xcUTsao9V#{Pht)M&j|&T)x4l6kv3ZKPq^Y04msU@j*nx
zGg(NtP`}X%EgTyh<V3V`cEgfz5Z(!LBoSTlmN-jD3F`ztD`6lvyt56_#Tf#3kgx=2
zcZg^OVF~V#9iCu`LE{!Xl5kE=5RnAo9USfPI7<wKCs^3KSmFuRkU4mcKy-%e@eX)r
z(5N#Jf;;3jg~x&Ctk4cPl7$WUh&9LC<DK0xkQLsU0Jmuc8pT46Sduf|!o?m-0xmtt
zk?4d2-CLpwL;{{*MFPFx9B>3@uniDER}jt>e1M#6u=e&yS6CN7Jqe-Dg6QZ@!du%o
zLpDTvOB~4wZH@z!Va@Gv+^)c&EbOs(2MlD1b--HVkf(^C6%ukAk2*IS9P$<D4@*E}
zEu8U00?ZQ&BEgviJ_5x-BsmKnb;CR1Fc6l6cY+yWMIwUcVRnKiV4e}s;5h=0+X~ET
zsLzamTj0+wPPkrLEOA(S(3TTS0r&#Vzqxl(hXd4q3cd>CfWujO|EsQ{@!tW^(7)8j
z(D<*8p`QK#{MSHVYZ(9iC$0^S1naSAIe1Zx#oJhtz<*=m|BH))f9;okO-G?L4&yDc
z&JmBBqr)RyaF07obsGvf=Fnu4&DvPSg(^zZu?w-5^nHia;?-pGy59BF`X{!WE<Rcu
zyLhp4(pw*Ff-}}zasRqqV&>-J?<8o3ZK=At7Z=QKk2s@lsHph9y}9f4i=tXn|H_+P
zmFGTx#ip}6#($ad{Mn3>AE6!NMOIAhv556t_d_aU$BPAGZ>eW;Bub2bcxfJdYAGgl
z=FP*^o!LLOLv3GCkN;qAlA2(1RaP=-W?b#5(_Q5buXaymBuvlnRzPW$TV>{FWo2Es
z&~sHGCWZRwXjW_K|6}h<;Gyik$A?sm7Fr})9upyB-`BELc3Gn=V+=-PhMBP?<t=R}
zEmBHaR1z&JN-HHT+NHE=lOif5Me2X=^URE~#rxLV_xJyP-Ou}Gp8MS8+;i_a_uTWG
zd(K)@#h4XN){2xQ_0km8laWPNBqd*@Xjos!IbJXCaI$vk`0cs$>-yv&GO{L<;;#mL
zEL|o2v9a;gsZ$GLV{NRhot&M|pFh80Mhazh-um5>7Fr66n~huKw7#(Hp(R@oclfH9
zpqU!Z{YjaAR?2`-GclZ#RI`*oiLfMDka8uiWFvl0$vIQukOxPzw{Q2oyiQI)K;TEq
zy|axUKPDz5oI8Jhe9hU|*3XTNOzZ3mez$_Ol8qWy6#M!nk&>jPr8PA*+rE8k`SfPw
zs8KI#YO>1T+%cRMy>+wNRx@Ln6=LyX8fh;R685|b5H-70<uhi)^UPafII)L|#da+`
zG)5TNBky=H$(-~lJUqPS#<u3>W(R9)Lj2K!f>$qJ66YRQGcrndntyS8WJ*fP%a<=7
z&9B>EE23agQP=eS`*%t5Y43yHjR8l#o?9v!aO6HsM^{^W)db`D#ft|9Cn=FfDxDuG
zRq1_2zh+(hmMzLtzlDBpeaCXh$laSuEAUjry=HHIA6lhOCN!K>jed1?_Wo4ID`J94
zkDIEN2s!G+SXqgb&VD9~i&MXT<;sH-;W-;Ox?5UaxRdQ%b2Y8}&Yco{0Iqw6osG@I
z<6&eQo5W+sj*YL|q#3ySh4erlJRa|PW`TaqBbtu8ySvT0U8RlJw;CSwKD{|LRbuSe
z?0a<;N}1+w2jEJBu5He(`mu0PbhI{3a1BlvC-^kr$nHb$gGr>X?mpukX0C{8t*1sl
z-Y`><e0BU#x{#<r=+kMgt`&)@XA~s9KRdr%Tk2XK`J#lf=cth*S#K-zR!QqV0hj{w
zh;#Jund)1FQ@{KEeP~XFr;Cf0|0OZ);j<(Tw$L0^{Xdvyl@A@K=cq4v!J)0C=_LEj
z?UtrGakCE}K76dXp({BgB6oz#0`mpiQ^Xg~n>T0T{Gb;HyaL5<k9a<`C?wDbhv4GH
zN@t(fe_8E%b!+SW7s*v8<~I>nEmJG?y0v|<$o5mTySW~Ac6RtPwY9aM8y*`*Hayz2
zNwRddr{{y>C4-yaRV`|M9NAoV@7>$`N6s%B>Rd7;@dESB?cFlw%PN}`O)AG<h)Bod
z-mac_JvunJc7^yPPft%KizO;5x?zIFfRiK3rqk?&Ra6<9P1-&_dNjhSaYxE5Yk{|U
zm-SbeOOlmKALP&b5ngTGma05lYKYWBT+wPFW4UEhM3*>8NlHpeNu8jSrJgupfZL=-
zT3qZa)+o2zWdZAXiAYX`0U(In++0@8b&)e+U*134zJ2?;btCe^--gyFFp$x{Nf(v`
zE3Qy~RbOw+e0iz0;iN-WxuV19F=KoRnFGnRNF(1Q&pG=et4^Ef9&=f@fRe_%K0fc@
z1VOTGYT@)3X9FERPfDhZI{GYqKxJ9h%jUB`Vvl8d-#@k8bJrG~kbV32k2hfNwa=Ot
z6m;pvjfsX4xtl^lL*IXRaZy>KY?C_K-{Z+qs`J8y-=Cb05s}dhylyoAQ&4d5zM?x#
zL30u;wkJ97cSYidO)&b>bkFDB-Mh<{FOP|dN!%vX9QEPCRzM2YnIAS#JVLh&s~Ut$
zQn$Jt80aH1<kNV~0Nn0z<ks-=YeI*dgX|`kgGFm@Za#F7c~sPwyZh&4W@fg2u9udS
z{POX})aA>UgQ;^!rC6=gtBGlD0JUwIOs2Ipo=lXHd3N3K-O<^^i>t>=8_z#l?0ei^
zFwT0GBLk^6H#0M%(cY$M21dNCymj|(>ZVN!n{M37+-<XwK7Hm4#b#Vngs=dP`7P?Q
z`S8ah#I}za<$hyltH+wdxhivyuSrWwTe~)I-aQrEij^zJs{56^y0&F3Sw=?2%F3#>
z`Q6}$5@Sske0f^DL|G#7K23#49A_Bu7T^rP`1!2}9$#CY<>0Vs$tVqlz%ScPmt@2=
z6fPAV^FT)(SClY%x&ATVr14{CE@wPVA4#aVtCQ=&62!$T>|WLoXzDll&6_u4$Bs2I
zF&VT(MoB5hVVjA#xcGoULn@CkCYI_M7(A!~E4tyay1F`GnUthA>=Qf8mrD&9Wc>y(
z?dJN2?z3lqDR-EvUOFM_ser1g>T9cc$>Sdm89qEYIk{$>aPfu>c4Zsisig_2pHPeY
zJR>;xL8{7lIjc%K;ql~wicC?n*YBU5U%GUu>giAG4jxp+(W=hGz9?O_W5<rQYu9Q9
zT&>I_gG#|JE-qjqC=_sL&OI@Bt9|pQa)+8%ucTI$TCJaKX=#~#!y!xSP<`Ej;oc$7
z#Im$-!e84it-ZZ$+4Q8Ls}qlDZo2jI<=ktRvnS{f<JC!fgO<~MO(Q%_aC1+v6=h_K
z@7;4xrIc3YdK_7|Zrz!dTBY@uwHAK+awfKQAs}bm`=?8WLk1M8JnvQdJgv=ud5esk
zTvAd}c|Ua2i;YChoDB(6J@y>7b^TGllX|rwUhGDOzOzV?+L;5_W(W%&dim1DaM-I8
z!rRxSq#X{$72Ugc?97=7E`*!)$Ev*N%u#x8!gzA(%a<se*x@}I(M?i;I$~3=XsoA{
zZW5~yAQP=-XUf?BkQE^(iI2D{mg~0f<^Utj#C@wI<m6T@-rzHQr<fTo_vq1EVK}cq
z)8M?#Vou)PXF?tp#JoGLiy*$0he%+Bef|11EG+CWk(|`l);4(9xJ_HP#sV$?`0R8`
z%R;HW2{#byv8B_5-BR~lmfe`Dle$4$VvO`b?~wibLqbCGJ&B`mM?L-2f)+0x($*3^
zT=MC}2@TTX&jQtg#DW7)o-^5BscL+*IL(&1Jj6)oNSeXI`$Ge9GP{l+{{l9c=;-Kq
zfN>u7zYNx=late#FV7PLx5XCtoLz_ueRghXTwL7RNi!OroSq}xw7Qfu!$#FiQik0W
zT()-7?y+O#E+%iRuDO@GQFm6bz#6YIS>b5}3u&oZ=`myUf?d8G4;xULv{HE3=i=j!
z4;1M)m$-=Fo;=yyK#1G8as7b<iMVs$wt(@!NS?Y{N;~+~Re+4N9Jl@RYqPT&&i?qG
zKkwf6rh|*Xwnt6^3(WY_O>^^QL++oBi3IqXJ2!o2%flTLUPRb1!t%oE?w+#SqB73d
z^TC}vLem6Rd@-N7B=7F%=P9h6M~@yj`l<FzY$2}X;zeC$<pm9oN(xyc36lntym?yc
zmn8N)U0|AvOWd{RRpBZnl7ow8%@TNul!b3SxzbcuSNCkw-8o=~nrN~>ujY}zM(p>m
zH5C;VX8~k@18f5jZ`~TACOJKM!uW|3eVm<-FsrWs?y_v@QjzD1t<!>5N>0kz(D2CP
zP{6gz+ZIkyOWQ1<7B`4YNb;ES!u=w$S|CZBoUV@d9q4PYwfRo=l2qbY^?7dTZZ?uH
z%!pzB)`zdkioAQ`rA98zlB_#H94JDw8gb=vw1J7qOxsh^!id2M_8X`9^IPB+?LWb4
z9Z{m}$_6DME^Ui?E<##Nr_(=w_&^N``U2<@EUu_`r<=d~nOUrG8ib2~TA(v;eoI>O
z6GP@RGesQkwXh8C+{HUXky9=yPB=|m$%Un=J|?f$&Y*wze0K^NS3wt>zGB&+@~6d0
zQ>JVdBY2sQE?uF{@_bN~Ib$39)5UO4@gtf#xFW!ac4lTSS-iO9uiRTfY=g&zU~kJX
zR?6L^<d&-!`n2d)=8WY-#%eI07!7PX7olLaiFJnl_)Tj=tB!HoOglTJ()px2)#>4x
z-<1r6ro{(|-M({I>KJ2cbM?lW*ab%w6?d$Qr+8GFF1n9TVXCUy&6?GgM_wBLy5z;y
zSmn}9ta8Re&FD|Bg=erFYa-(OblszLOTRz_DJ#c5TRP^`eB<3IVoV^u07-NGWfyPn
z@8?8S@7%k$F*SABvSot?4pg-FrQD+UkDA*2=z4Chjj)wuozS*7I=Lq=h?=cX7p+O1
zLtpu|wJOj)U2=Dl^(;hf`oMwV=a(N0rb~RTu}@o~SGq~PZoBDUS@y>DbvfaW1h(EB
zkdmLQPM<fgtgK8)MI|6f8Eh|NjSVN?c^5L5iuq|tHNU+-a>NMc4dZ42iO&gkHsJVR
zxz9Q@yq@m*=<ejHZJ$1Wcro?*l@qorbj>`i-wZ7_!6Bu3yGO~a6x*g5m>_TGd4&BY
zSy@@a?7^|cV&eX37fJ`6`Q9=r&TZ8m=irgYc6fd-^9g8aDbPG|VB$IaL;XeHzbzXo
zElEC11UvSPt%l%q@(iHqQdybkkRe)9s{olLo3!jDmNCw@eI78}NG<3l;*q*xiA!qQ
zbo12{l)a7yy||FLJ3cB*<?XxEqbnyx3~+ofV&upI`r~gOUJS-Z+YXuic1g^;$L}9U
z%4<nY&Dk*j&~QDond=T!JowUBb_}#ypHh%h?j;|m7d|gI_{pLlZI{=}Cr_MuCNEEY
z(j+q2av~pvUA&s6nV6VZcI8U^t)aLA+I=S%mrrkx+*o{N{}suNvZsP8@~X>@Ib9LH
zHS3B&;lY^rLAVuSw%KE4K3z9F;uA$8?zR=4C1@!jdb%cK=);1o>tuZ{e5|Hb)_Vy!
zTF==wKlt|GiB}_*w%LnKyA`Dy^1#K_H6IYwg>WE376K-u;(1g-TYEI_db&OfFsXuq
zf)giB$l0W>IPVb_JfP^{qP7?E+s4V36zMkrf^pn&++S$XMafAeiXpL|ZiUUe`^a+U
z$*E35GFacQD8)R9jhu>`F;jjuUi-$V!NlDuto73~7uD@I%viKAspyQ-<C7z8?Tlzz
zQcI7`6pM2*V86Zzc7h2e3uaTNE3R6xBI;FI;HbBWrbqKHvtH%?c)5O&)w<!kbvM<A
z;>11};c!KIS?SKW)#~eH3Ay8w)U8d|Ein0EM1FPk)1JwqGP6C-rk}6+9?`nP+`)d6
z*bV&+)dALa>18{WuJ2DNxXjcn4SI6wPI=b0h2OubFWyj?w}8EQ;CPb-QDv#hKoD>O
z6S8!JP3En)50AYAyNBwj_lrG?-0c^LJNasDes%S0<INq3>t0SO(_L3DoPiLR1>lBl
zZ~Ckg6>XK$xM%W_ieSMt0$P&ucEplotj-;Nl%A>+)cV;nwpFTRRLT4?!q=`$`SEPI
zXj+<_rDc<~?_EGbBju-G+qP}g#47iojrOjmR7MmPq`sLkG1djJ+NckHa(8M@H$MTZ
z<K)NdhNG7#R1Qh^E3vanP1C$b36Pk%?ijILy6}C-`JjrRPtJQvu5H-}Hm2E8$G2_V
zxXkJ9P2Vdw4uYXHMpjizj7pg#E3=D|Bp4?v?m-``J!O7#!;ArfpZo~8?GmoyW^PI$
z^VW+Cs;aK4w>jjw)Nc0+g%{Vwr+uopd$)jee%af%Z-Lx#=+L3JZ)s+i4pYi3($~+g
zPaN*1w8hvk_D05BtH#1-l^1auHI3(%PWt|Sxz);*rmH1qz5mkIT(hY4q4CnCqvNAi
zYP#L@Js1DQ>*R!6Z&rvcFAAWKke#KlV}X@$sia=B!mH~d0(VXvcwoy|{s<&+YyceV
z(xpq;&RGdhwW}!whsN0pdmnw>`sq`q?u1rJaw$<jVA&0mIcf~=ouMKMMix~0Gx9=-
z@7D)r-2eV2D=l79VW9NT&F@Y!UQYc{=%{>kh44g6ALkZxVOLkz>Q}GqH>v$4cKg||
zP`{z!pKfH|+V=%FX!wM2BS&Ud1Xt|XR=a4adfh7BVW04y#m^;qoIm$1qG18;_08{Y
zN~4*l5Bs`)92kGd(UEO%IHLa1-o0^EZS=vVgG#5RX3Ku1RfZa=9C)|wyOyi%6_wjA
zZ)~4}(?|$dY9ta#L_}nK15UmG`H*xg=<4<B!-frW6Wmm>+8`;9Shna#Yn6x$5QYzF
zhD@ofDyV<HPEK0=?!zI$x(#;*`kI(*2KckF63O$-4qgA(krgV{XU|E>m(dzuzJ3*;
zuc^6Bj3gzH6h3&^+;KX@1(()*H(M21zx`Eg%cty|9790lK!(4=X5uTUV{nd6PU|u<
zzJnviIOF*)QTaua=O+xxa@eLLwd&lXJy)+4h#i-GmXPpjw~ej<a@}yAS)q54q`>Sa
zixz!eAx@GI9WC>sL41c$vH0S#WX4%z^0zN~)(<VT@HIHZxarQT=YE;8B;C&=J|w&;
z&vJKj3!qR;XQa_p_U|YzE>=`j%+JrC`r{kR%}qi^R#w)c{z6-A&Osok0mi+j^4_Qi
zE7HEzx=SZdP?jwTT~ZyJq)y(W=sW`SF0uQn`iNcTQY$i*6tk-y<Y(!P2@6dZ%g)Zu
zJ9P6)(SY;ukq=ytrL!hZ+}6_4^5DUPmoNSE>n=|cRLCv8coA-K;E<y(wF(@<3>SXW
z!+m;J<&#s9VG`Q{2!FWAm+jsM-B)?fY@568{XL&;t>xPm5=s(pOXt?%7u<5qX-G({
zQ*wM0J#+0jGsWt)YXt&txOp9SoIdkpNV-`4QqkSFZke86zI@h|t>fj-mbjLbmJS=M
zQL<WBFFG?uaps!?1qE(5r)8BtUf5cHF?nKgLc$4f?j65zs@dKh#VMOximS_-gsCU|
z&EFaL4oUJDIdaL346i-6*u;3ffji8tMtpy^{L$Bs<?44eOG6GU&?lVxaVMK%YU-U7
z_KeL+FrIPSVB(>2SKlo|-25|&ii!q`N_=Zx^dk}+{K3f+>_n68)A!PePZWkdjC`Wc
z{>mIJ^FTT&_F>e^%j+|>rFPEVaPnrdm@eaVxbL*MiDZ{t+I4-I2e)tMfE+Pe*s_S@
z5h-mIGDY@--g=8W53Y?1(Y<r$4mc_e8E<gs`g`P4%Fdn3Qc_%}XYO`)QWG&vDLCN4
zs(OAQn~;_>Psp*r-t&R{#pE$wbt7LrdGZo~zW9PZUC{7tcExRb=@)lqi6(f8jT*Hp
zT{(3B`vEv5w{bdBTZGphkWboPhU{EBc-SZR<g@dTJtM`R4KBJPx>@Y@?c0q{V$z-x
zE8Uv(%!Nmf9vxD7$aI&f-oRvuY|n|Ml8I`X+F2vZeAb0}c)Y0DwoUM6Q|eZaUG}e=
z2&!)lP731GB(?4xkbP!b5&N||ZRgHGR_6+?iq;@jw^xpox3;k<UTRdk8kb;8jZDcd
zw||@Z<3xB?ZJo66+WCadk4B0K7)c}!Ia}FsP}FwveUe;$;;wD6sRIw_{xy5MIGXO?
zzki_R-MB3gBh!gim3}*X7Df-6c7FE3=;Ib@OIDnVud`V*rUt+^30GhkG?t8e&{TJ$
zAm3wY#<NeB&&$4i`2r;LC5bN^SBv=SY>}3Jd?V|z(x;C%me$;GC+w=<U#)s*08ZY)
zZLY(ZglV(pJoI#Q96ar9K#9I@ZXr7x@Oi;Qmlq!JegCxBEhm4+j^Z~5RYbOjW~8U5
z51;z&=7E4E=44zP<LtFT+X-by<Yzq+Xu$1iYgN@OeUxi=qvfwjGpvK>t&+4^9V>kQ
z{X+(8ZqxSnH7i!Es4m->_$_e8>!`tV3z-+dQFd2YVellY<Jp%_#We4JQau${BspUy
zt6}cfzXrG$?N51*r!@}56}2=4h7iOe7l_A2+{ifB(xMYK>ZG9Aielf_36fJhH*VNq
zIeq$KyV0TJ4s3e);RR*)?r>r1{F6tMH_49n+bL;Vb9$ley7y_C8>(VA4tQ#$o6IVj
zy>DNz9&^_yn*BgsW2MR?^X>`=Y~Hd3NK_VjXXk|v!1=y=Vut%_plNktfEan4%=x?f
z?^i8YuPiuh>w`h*b{2WXINYh0T6#{!%gMS9j`QC=v7w6z53@>(xG5mIj-s!x?{P;d
ztRivR{D6R!FGv+O2q9t@rL5pp&Ani)lHlFJb*Uc%X_d!3(`29NRv8^4&sZJftWq;B
zZk);7ok+2zv~N;%b@j?z83z$0biA0@`<v#&S56tG;*FEc1oCQndN8i}`P9KUt8>qX
zzo<(%9w~ZmAF<+&*0r?t-g9ZAv>elq4kOsLE~2E(x{~jCcz)A|AI(1^NVL#xlEh)(
z9zEJzTPu;Yc1!l8cpX~hnk`#Ihoz4@S%3P);ppf0&Ye4v<Gw}Ukx=Ndm~8(-k8kP$
zc^6K679J`|maJ3p&Yhs!u-<%m!cvFn+h@N%AQ&(GIC%HDmGSEHn<|XUQbS5+E2TTo
zYlaCwTed89@nX-=*xSNeEP{f9!o#)q`i&Nvsd6HsVPm9$FivmLnL$O?D_(jMrsK5K
zZq__oeo?*j^r>B-aZL?;Oyf;@mZ?Wt*zH}~4#wII`S<9eA|LX~YsG`BN`!Z8TXg1I
zW7$cE45Eus<M;%Y<Rt6;H8<`hN$cKhvk)9GVCz1?>mu8wCNkeuysVGT4#!=!n=l+4
z&Ll=W|M<OCbHCfZTWgLzF-TdvcE$>O$yG6{2MJU4YLwg?eti45{^P5m8M>-rU*4~I
z>N|1kYPHfWTa-7d>VB*9aX<6jptUm342P6F{21!0UTw3nwy0^CSXE4P^ypEe^!#o=
z9)^n>FnAbX;L|NED&_80YAa0%elJ_H;^XI0KC70o-JjSjS9qQtwp#cDJy;_vYoe9I
z)P1+2n(Aso)Mh4qST=|i8><;NHqJM9`Da0ujFcCSYZ4O@q>7dndw3Kt89ZEKM)nNi
zOx$kvjSORNZ*RaW4y;k~cK5jd_St+HAseTdO|OQ^;8y%K%UVE9#+$%8e(Kbdf>LqZ
zTG@$Vl5Cx*Y4Iyu+;o;mZyQsZ{_)bKnR5E>j}H$JeBCr(JfTkGsJIMn??GMt*|~Hb
z$DMdfYL3t3>-u{ueckt&-nq90hdU`2bf?%QqWXBz=?Ta_MsU8TZb<yMhmUA)>T!!4
z)>6!^PhPMS%3nEkAUPvaezv1cqNVJ}sJq{#LXQm~O4!)gB$9{P8~P^A*>4=V=DS8z
zadFWrt;h`%!$LG)ofx_!g=KGPa>(h^Dlvjap|Q8qrC>@@n0u5{-T7LE(D8=?gO)sd
zwtV6+5fOpVnupF;O^ve$v2e0xjg-Q)+ir5Z&v|IxzngpQ?y?*y;XSq>lXb-V;LxE%
zSF8{oBJx33@@V=TnE4>Pc3Q(w(?@QK@9GYo1%gY&3a0$B1Syl%7DomotsU|0j=7fD
z2P7}AZDOpJWvWMP?87S?E{<CzBrJ1%|M_K>k0N~z6OS}DmL^X%*%5qRz~V{7yr7_)
zi`v|;jE^iSz0lOue2<i5abTLM>Ei=l8%<h?IfoAqBM&#fa(qPd>ja$ej?~mt=PY}>
zZ6@On7!NRTEGa2`<|h6^SZ06fr@g~*WQ*)^W5#@WSY?lk0~=#SPO_m?pyd(L`Ncjl
z^*T5`)}F=}$;mltE5rm#ZEZHLUR1Mntci)|Nvp44-<&(QK;Ay7<r;$?`|X2W)uKg%
z$fskZgwN-@*%*wf)vEz(##+4Gr}XVUpNA=j9_tQkD;VB3NRKosDRGpDuJh=L2V6f`
zRNI$-yy5WWb*5p{e5=`3bLQ-~v>f{NYyRlbcF&Rg*?YHbYuLhQI9Xp{nv`bz)bh~{
zhvhC-q4vdod7;-U^0o?s5j|RvxmmgP;XPbY%!!4k4wqdRTZdnG|M3X7MVB{eYaISD
z@rT}0mc4K=P3!FUmNToQS@VKD6{`)#uUy^m@$He!jl{8}Jjea1ry8$>fJL8><#kpR
zH`{mnlc5PhM~@!$O&V``Wmv#r`eOs}5w)H-2H}K<H=h)7vU@C0DqJ+bwLZ_p<V1na
zSQ++@wyFbjzdBo5F1b%E(+Hue*StzK{!rrn?(8Cq966ktpT(ww2a}bF*N47;A3Am5
zX!~2jxDOvb*lbj(2zsk@m+d=LTWS>$5T2eR?n^&Wuvz8ws#mKKIk{1|Q>V0m!2G08
zbH+MB+J<f7xXBiSxBsY_>X2BvaG}A(iOO+?5%M(Cox@g@8O@B>s~NOJMo+KugZsw$
zajy?7`tjY2$vh|`Kl$@OM0eknY3^}(5rMHbi34%N#!nFxn?J3!bacQh+@l9mV$N)_
zl-XWVg19R%lj@Jod+Ib~^l%{|p%t4X?kyW8gcA`lEl6+P!X6WPT|ld9VNC5qh64^~
zCS}IPjoa~gooTw}bxPc;y?ceEtqd|m$wQ_EPKrC3TKkQVJWBnRf|k}OvaMqH=>a$#
zVbTEbAI`vk<7r`nxc9+ZUtTvY6s9VKWFB=*og=9!pyuNfOQXFX>0s-1x<$ny#sW8O
z65-p<%+|Ph2W4?;rBc$;1EuQq3SXXx6vAD;eEE6AKwT+`-L_flmkl4TNX#vn&B}ax
z)l1;IX(|P5oz>Nb3!)w=9}|+76|$T$*uvt=z`?CT1EZ<=7GdV$m0KJQot(@pF3V>L
ziFsArySM0l@nD-&qKK&Ik-Ae$HiyNFkwlsE5^%UpT8g!;?;M(RmOaMJ5N6SvKHNI}
zt?|yqi4!MGXvhi>PH6COtr#)trJPm9TZ&K-AP>PYgf)kQbN201*iFzWo3uP>e5F@D
zSywn-4`-V$xoXY#J;sCLHxP(d88z2uEFV^{nyV|kqd;e#hlewj`U1$>V^r@pRQXsa
z8qQ~nMEO40nIaG*@34AVM8r#Lhs8U0?%ci|sh%K~EPRu+aQA+Xm{kXNm@jd5Ha~pW
z`oPIEkDC^I{&12J#C>^?A31#dgDU@ZP4g8eWqvt7JUK8RH6>NYbAJGCEZH|{viywb
zON%6r3>hzFupmm|=sl~j2SWx-^Y+eoU#e#yVK~g;nCJe$8yO)~YFN3``?iw})<SC@
zM=d)k`e@fFf%i8Z87CQ*)lc)tnSs}nj?CWct=d-4Sbj12$NQXvtG&+5CFeWEYsE)d
zts5TaJ!*cvu#o(r>uKxb)R`~tO3=tfaRT7T^OR;9`AsA7LSxfCAJOH9a}-A3s{i(N
ziQMI~H;*Sg7Od4Z+)yZ>hm)|mJxmnGzPd>mcQe>3I=Xz~_e0Xt*2yyBW#c|K{&m<^
z;P}(M<Numjep7X}n$TQT;en5vpTscy{0KGmOKS~GabXW<*xFuQDmrHF>I-gLH1+kP
zYVQQ$66FOFgk^BKCDg*NN3v(0jq_F=J0zkZ`Lnf3TWhOB#<&+L3yO<Po;%N)<>kD7
zG}+2xp5jp1mAKjK*0r2d#ivNuUo@gRxdaDqB7a!<xxr=kzKStBD<i7~@=2H0$P64f
z&@HE8RmGh5Z5I+}Oc@YbC12wf7vMpkWtKm;Elj1-^Q5>-sz>M{hu~o0IIA4For3YQ
z;$~{o%4}30OMn%%&+4J6^Lon#!Xh6kg4Jv0u1mSNR#rT5x4z!-cYwn^E-;B-FKVdf
z`XNo#+emP(knh9Yp@qeB20N`8;glEs@m1m&)r7iT=@WF%AtsUZ+c$SStGVv#n;RZJ
zDzQ!7uO!Z=E%?O2gV(7y^H=TlRhv2Wd(?+>OQ+znk5?)L({V*U-!)hdjwbAxoGD!Y
zJe@hLEY%L2M?P4SCTbht-rqm60q2`{bJM0GIh)c2?~A=lk0!}HD}OQW_HDoN@^`C~
z-zi<u6kn{KDsVNuE+j)+W|MCzQAA`%^CL|mBjI<BHpv;A33nU><IbM_vC}d!Ma;`x
znUY4;`cha^s^a}^sF?vSW^KyH&rO6f+Le?|)bc@vv!YXIZ*tt{sLWMZEBo%$seMUF
z&#l()ycVFZto-fe<t(>cy>%O0Wy)wbx0@t_6Zs}}Vcgw=Qw>8rZG-k6e6Ayw_bsN`
zdy2x|Rjcaf<=-By)F5eW@NEl&xo_X*d{2!a$ES}9R~`wx_=fEi8@t6@^-a^vto0cS
z=YMN`H<3!slUz0V;at7aO-^6$2VTTyEzYr>E%TmMb>^|Jnr()W$JSd5ht?Wh9vQLi
z%|1^GG60G|b-zw3b9!vl=iEx6dMz=thfj-1`ub(tCzThD7nl(HX?b|v>Y#iR37dzP
z)(&W{Z{3ib>_!`S($6aXDcJTuluA#nsa9@oyq#g<rN7`yaB+b8^rW<a8xszP*DYGf
zytK16Y4$8@``ee-j|OL^wqsQ)<BX1<y-y@3X-PFcVi~&SR;pf6LE`m~$xi+}HJX`L
zjObr0aX&)~35or9P50gL7pp(KxOkEfmsL?-k$0kYp8j~<zuasVHlMsKDzV_rd%fV0
z{0T-;7g)#C$ycj<d_3+CiKC>Eat*_tUrABi*7joJ$7MrB-7GYocu#-yt!C=P1+Dd`
zWn}&uJ9c+$%j+8%`%gp|*B%Qg%TOmjo-y(9=#iO^@FkXa*mibhK-PH@+w5zT7*_wl
zc~R@bA-ks}gdTqoB^+w+vncj(@l)p4Npr%UX$D>o(%QUs(u~D*PruvWOJW_79>w-e
zs<~=aRiM0F%yNqBV#yPs69ol|tfvhi2Ux9}Y@f7MOHo5ZV_K$+w)Xxkdso`Sh`fFK
zrn`6u9!j_`pz!tiOvPP0@6~15B}z|S=xY%_(QNPG!*43{8Xun&t*xt5)4_oi%Bq=M
z74E*X7}>BvJGSM`<&QN=;_JlBlJf1gq<$%PNKP0R9a_4+aDUOqIgHaAHf;)WpOvX3
z<haJ$$!W2e6Jhk$GjrZnf2=vUTB?a;lSn)7WjOSNugYkD*CW2y^=krfax0u|O>^P{
zl^9{d@5GZ68&_VPEQB}7ma~|2jwx=Iz9nVNeBAz3uA!$VjMr~`seCM6p<<fX{yQx#
zElqXzRA(PTWMxZ6p8zZ^@4&r-K0aPvZQnlLP;$@@AD_tdcz0&Y*XM~_TrONWa4|4@
zVd?;6_c+<gf=p$-tQQLFR!?9sw%a<EP**+=TlD>7y1UO-U-#ozM-Po}yRUfBt*G2-
z;PdlGspb3j?K^zrh}Tlw%6FD)uaEJT)Q$P<=pm68e(#O?^oVVW)r5y;U!Q(3_8D*T
z<jJ(J8-S#>w)*ay^1)|YYK6j{EpblYw?Q>)K4Xjsu3(8}%B>N)FACjM*6cK2*m(KW
zUjvpXG|3)+v1g!6q^FsA>$evZBb7ASw;LX4-ZrN{d~^Fkd6vV$oScythR?mfRIlco
z#b}9FTQbf#X37-YPW%y}C8kG_%>48zX7I32V|K6bT3Rn0ucfW6SUt-?Yf9v5T>8hN
zqN2cz=;?EXUX?oE&>y3?bL3=;170!1<2+KDzZ~0X8ly0&=9Pm<VNC5E$yu?tV%KcH
zPxH<XuDHBjzW9jmefvX5^@ZZ%V(YlIo9pxoHp&vqK0RB`_*&=lZs$?EN6#A>W&?)B
z$%@Q+(D-W0kqL{8TxCDAFSSJ0KcM7$u3x{tSTpTlIq{NudHMDCyA}%KN|ugNJ+0M{
zyeQq0nkc(t(O~a8t7ARrU+WoxXFfj=+QBL;PSRt7W7sf2aW{;cC5H^s)lt!A@7}kG
z`7PmLpjVng2`NsDAaq$Hrmbn^kB?I$FEf=&ckcRVXER{6*kmF9!lvPiHno*XJC9m*
z&-kN2+$w3^VbVH8eSHrvdZjU2Zu{I>qIdVt$tr)-aQ4T->evH!%+@N&SiM~Da5!TD
zb5hMFF}oXu^aF!iB}ZQ0pI+{o)8Jh|b6H+Fc*9Ol7nf0DFg>0A@$izmeL1=jZ!2G1
zOb(<_M7+*Zr75rDeRDRLd?;Bl-f&?>R&vH|9jg)c8@Bi>t*}^lZuXXg2kCWpXKYlK
zrsO;6R=OWqcx&>MDOakhs?P6~5b%<T6Jw4g1A&<J>gxSNBy%b?+v(iHp+jXw=Im#e
zCYj3H8)*l-93|?G6x3awP^2zF%hH#lJY6~RY=)-1_a!6xp?5)Jony|N@EIOzp+u%N
zzPt<$u}=<DM2|lXyE5BS|HkXraY;!ReWI%)toJ9SiOAT`YkVYmXOd97SSc~ZGgWol
z{Fj&39Y21??3DnnxpIcEwvLXQySvhlCbi8k$6RGAXU{ZV{OVOe;)M~Cl6!T;3a1`a
zpzOTjH+}kt^$y=RZS{&@Gl9G^&z^G8Yig~f_{=nxv)}WgWRuP0$c=NBOR3^=J@c)z
z%E6IfWX8ufI)Xc1xx{*|&vGrtZ^{8jP6bzd(0x)_b<=TC=B3b~wQb+N`NV`gXWdvO
zK0&3rMeSH|T>TMy2ZtLsZY=u#wWjscn{vgwRYQeBtp{8je&A#9fx^p2_U-$+HFDUZ
zZy)mZOr8`cK^|&$^D${peSrP-ztolDE<Ak5xV&!G!BZOcAACj-ZeKGjI`bvGt))p{
zU;l>DN86yFz2#2BjO}sSE5y^ME;7;8jr{)YtFPwZh@d0Y`%co7rffF(t~c-6=G?}{
z92{=@=(X8fPh7ZrSysHVp=t+C0w*jY;(1E1>9YKcWy@O&3vb<hvq=Ca<Dc(&_FH4w
zL;6W&fX~=PmZ~GS@7??Q{P3x^_Vx>3?^td$cKzW;cV-7s^JouK&(a^iX=_zIR-hw*
ziyJh}DRkG%!jopl^h8J33SN3Xh`yva@?8Ah850VtuN#iENZn-?b7AUR{JVrTnOAN0
zx3Pz|KDNS9s4i}92fR-kXlVgro%k87sh2@a*(FiCPMxCOJFs}Gp{RzYjkS$5u0+}Q
zoVnun18*u{8IlX8?s!c-e@?J;m9!cw;BC^_JaO@Q(_8m;o>?OJ=&9I_x0k7rnIee9
zz|!M8c95ECE3&h*!OrBORGndArcfra!^dJRklek!L)_fH-aq16Sm<tJBb}2oXY*#F
zTh8dX>{DlEXRcka;AmTG%nXY!a&k?8E~83T9NM)DSz?+gQDhXTr?Y76q<9w>my`_~
zR*lnlT6I(<^UM|z-x&jD`I|i=4k~Edp>TDA{hXDP4u3>6N>@!^e=A5w%5L&{;uO~)
zt=R`Rers!5xbQ?A?)2l^5|Pa-=QtbY2W+r!{P=Nd+oy8VC4-c`PaU5(A~1R6G`j&!
z``$HXxK>rjT_-)O4PzN*8raT!^l4{$(WQv5?txk4e9z|khsVelS1UU2xtgX~V-UT1
ze3aCfmof^=JPc2K|5WY(WcHnnZp&}4-FNJ>NwI{$Uba%ivdqi(mW_9O{j!p@T=Lk+
zOi?`k^Si1amE`1=(uq%7?7dnABHs-QHJE7qCU9G9>c)+_&|quiWVVN2-7Los$L2L!
ziJKiJ9?Q@F+R}33+NfH>C!)Zek%oZPyt=k!fS@2`TTPD{H}{L~D_i1Xla{1@<UUPJ
z@{aV*IsOx7ybh3f$@Vi#m}z5UV{QH5DAjr1yqrd*%2T2<Hz?lAG-u+2ojpTB>i5`f
zv7KCgm{K<F!Y88?#GtKK`p|&%jH1<#3YMpC+9Kn%L^yt5P7c68Bw!@(-@o@b5^$lk
z^s`WD{r14fxcQ$V+?U{q<Mf#?0U;g<xF)3+x_#@3oAvA6UwD<|D$dW9tax^QxvJNR
zPjKYyozh3f$1E7ExApAdtAM*l)ISLS+F1R)tu<Lndy2BMT~>Ma*o})PzaF7JE_-i5
z8h~x9eb$gte+_XnEvZ${S*HaIpO%Uj4UGUWX=-Y!f@x&GaWdSP;e0sz!<RDK1Fm{^
zl5;Nj#jm*)bQQ3OD_20ln9uhE>u*OgB<0^y1S>@*;E*y68H-!H0RZ+HMrkQ2qa-9=
z)zoBdAAX`_Yl`J*a7su@8sg(q_4@T|0KB}c?20l|qr9EXLZ7~jeTu&`Wec*zE7msg
z0u#V~B=83Fy0+A{M}@5A!^ZDZ+g(tglax0-Gc1Kd@i=hsAcIDu1qCT6E7#vUSam$?
z#i;bja&i~YB;uC&8Sx%|u+Ct@{IvtKO|KEA<(JNxGe=2DNmNvH<j9dr3ChCnZ_Svv
zVZ#QIhG*5)`TmzjsH&>wg-@9>#pKJ=0i>0;gYyCPStq2njIJ#k8#7C^&_j6pAouI`
zO&dW6O-)S_i5G(N3GvfckIT*tO1$9Y?EIpxuCBUz_nC^vDxm^&!GU6Qd%>c7Eyv1Z
z(gViLwb}Q%@cyuuTgt!4Y`=FM*Zed^JI6FuajmC|>!NIv9ESbd^L8f(e1A7hb?(>J
ziH_%g3_k4?W3@ff&;^IX8L=&Av&opNCmdoG0;6{XQs@+(%fK1-uE-1+w-$3qfhhP>
zBB*4FaVR~6Ns3g&w<Jn@geLM<mi870%zPLB=Zy6K#q`trAAHyTf2EIJ{Qu}`X=!x!
z|F5If@BinIq<;TD{r-RY{r~rS0{UO^1jJdIT;D&v26X6m0MzdQsNVt5|4;7!J35=~
zNVBkmj&%E95C;J1ix+=9$BX|j#tcyD&cQJ1b_n{>pi=<G=z#!Zfi#96iH1awm{gJ<
z1d4>P;SV&*D8(Poi_eJdx>y9r$RH{?2nk}){2}f;1hm9LOwuWl?fB#|!}hk|`sPK&
z<Z?%Te>YSXH!vc^8Jh`K0fPxdMlyvOLE-NduP~1ec2MYi2@OC1hTiT*96ay}D&jjt
z{KSR_y#aTPsmd3plmn0{{U<HAg9WCH0$oZ4qJCs}?oc`egXL^wED9}vx2qZOLaFlh
zigsG%uZ6~??4}wjDPr%stHv2mr;5C&v1p`Ow0Hk5@h$o2lYdLZ=#zh2?9Pc7<|783
znJ(l7<zOm3KqWMstjwe`RQ#B#3z-Z*3X{!H4W-gFRDo<B%BC>YwN*m>0|+L73g<y+
zL%_1Zd;#)>bwK?zf!0xX)NHP=CNL^4*c5+)3f>8N>43xiTk#zDcT}(#1E_)FOs-JM
z=gz;wE6j%%1zR4d3k@tjDFflagG~V7ZqUgP^cY29(xRbPC=xHu0EHew1+xWLQn$ew
zcvJ=Y>MUk(C&RSkq5?c50Q$i0=)VV?n}Qhr98Xwid}UUL0L$%U09}4#ZngtBD+sHJ
zdiWw@zQcI&crj|{Ej^5Lgpi`)v_LmaV9&zBuM+Xln-uiTg<vl1St^J-bh||dbOmZN
zqq}bljp0EDqB<M%Q$*ra@8~zHGe8_N!J6PWl!N?`GbAn}WC8pGD(2{*Fb`%f=z9P$
z=GQC~>?)XZEiiBJjKm3x49-eyDqtv7b~I$}(770jEGnHE5*~ulDRi=gabthfZyZ0D
zRdF|UvgbmG`XB4~+RA>q1NSv_^VRXKg{7J64DM^RFIIb~Y|Pson?vj>yucgWkOi0@
z8#<ZNP0)f)9dsL_!G*(uIb|T1#D<G)xFoo=;GmTQnIv@Ve7@tsE(D6Ap^CvmM4N=*
zhCsJ&?eUM%aJDc4G~mTRG~qf*>oI&lN2L7}Xsk%LFn0vAJ@PoDm>_Ck5Dj&3#f=>e
z=s6Iq4W3^rK2V{rIx+()9e5}}JL}63ux0VnAz($i9YQDrid|H|d!msb5;FwilSO5R
zlQ5TtedyoP$;rW~7XUbAx`hCX0nRtafFvN=SZuf_lOQ|dp^zVCoFLCsdN>7PhSTX7
ziT4WbbW;~o+g`xsl<5{+z*qo70=Zxjb_G2W?l7F$rm(_80M7s{jY9J8GUJdl`2q1y
zrBf^lO%pqeeFAo^`S-|>!Zd&kS^<Tb$X$<$Jq#9X4y<;e26Gz84&o1^-KQnU4JnN%
z{Db~bhS2AJAi4dcZXgNwxtB;1lm3r-fmGJ#Ua+O}Pr5;Asn7ickbqqAkNQE0pwIoV
zC~RAlRIt_8Q%9%>kI4ssh}dYS9X3EHy|pt^J`uDto$!e~?TQg7^t3BSxZ(~ZYfc$#
z&*q#*VDB732qj(^*@%saK^QRb?8N~F&+%^vy$t%3nEsroYG??kNKhFv1WeL_jkF&E
z{23IMB2V=ANf>y98??RW5b)smq`+-h0iG0yNGDS7q7~?nP|!Maho4trQot!0Fe_#_
z<!1$fi1X8i@Lg94-|oc=KM(#W@bAn-guvoRPw1hzOPqT)Gn(Vim7_@ni;4+mqCKKL
zq-F&ImW%jP{ZTmwu;x$(9XgVXrm)+~qBO}X98O1L$3UqM6ah2Hq+rX*H548XqbTHX
zbcVURIqKGuyUaR@(lqpV4bPZ(78Lk7PC`4aB^AUT^LL3ZMs`>61MqgZSSTzu3(pnV
zf<O~AR2C(ZpgN#CkrGlGdcNTo1%A3FQC9Xdq~S3x)D>0jh~iQwpFRSM6^IfqpXL!I
zQ<n}1<JCcBJ$|>J9q`8Ud<vyKgma|+JDSVBX)XJrvFy9Hvagy-zSFjAD3A(KGC-Z`
zasohc*;}W#9YR!rf^Y$#LJNh&ipHEVccXFP9tEL;?Qkdzw)>M-L109s;BX*t(<$hg
z3J>O*9*8YASQ}fhT&4<hvDP{sxw`9>Uyai~Hm>T#A64N&g%qBvJ>e*spo)%!>dW9F
z1EXRf;V2qVy#*R!jL$tYo}+&vbviNypwrxO`~V&xt`Wfjk;US8Z^m=`foC!<AS#F{
zi>qHmwM<mriTHor-6)@G1Pk`0+3#-j-%3BV|KQ_8ztYFg?LX9XH8gd)*neni_uGH`
ziPUfZ(Qp6JAOES}>f^uL>Z3pY)BmRVM~AT1o#PDkTYdbuS$%NBm-D`-b5sN1P|D5g
z5bO!;I8Z;-K{LWLkRWj^C{*yBnuQ_;8a9O9eUKzJg$z!T9X>&K7ttJ5W?*qp0O!L8
zGyGJH{FvZegvS&_@PjBHU}(4*I-T?J7mNr7fP&#__`kWMx*9qg&ke5Bu?CsO0Ha0~
z9o=eecuGg^`4)p&f#mNGzdI4p$SBAhB6#gcVzVhsx)+~ftAjZLdM4)7<D8HUIHQAQ
zOtClI$pHUaIU=0mFdPd&EBro(o|yws4JkadbIcOZ7TQ(KnBfH+wo3b&>;wq}yc;mk
z54mtmAy7Gi0Rp%@1u|DGk~vpp#6<NKbJSH-bhK;~d+w+mHQkLG3B}%V$KC#^grk9E
zGHBQr{SI@AR)$~D!CF`81in8dfD}$+V;_*=Bx7(8<ouz+LJm{m$#L46ODAx^Qt6^2
z;%o{$wa`yg&4iBYqi2OPXZ;Y+*KkG&L_`~$_&Td$JC;Y-V7a$zRnf0Q3Iy~IT1rKw
zi^>)KBhyjM+G9MI{#Y+RQ@-$>`BCMIZols3zd8L}{}cA>mw#}5i2tpj*;)UiuC3Xx
z|M?TCU;opu|LNEN^y`26^*{akpZ|aKKU}@eEZg3cI{g=a{>M~6vur!-e>mm?{BJsI
zfl%}G4%X?I<u|B<2j?{syv>7MV1bddVKr7Ct^J|qCyb_w>3uLAB@w~5Un_tn>%1N~
zH+nGl1Xu-rNPlW_(^YvBMvFnGqFo6TK!S!6(cpw`L^a`7FjA$O5Yd8j&=I0a7qkRs
z_l~~z!U}-4p<W??N}>7xqztNc=&cY3(?2Z+qk)4nZ3G7(KL%hNBotyVB0lzKx~DFK
z?pFN+jS0D`AHEAm{MINW-bA$P(m2*B?TzrNcDe@yt@@(bRA~9ZUmu#maI6!t8AAK=
z?^&(Ho0uMySm>N_49T#2R=h>cQJV4en<|J!CzTP_7p67>JBtfyvDQ&f)V-#Qw-ovS
z6*kQsph7iN;B{wBCx+L~Q1U@&0V?(h!1i_c&mhFKXa595)Jm~WF!GbZKZBC1DEudI
z+F^Bjhm=Q&-N0x?#}<0e>S~VhE0582R9|;c=z>=qRVOF9cu#6<egFcv*BO~eB#Dki
zK8Fx@u8nnyz)ZkaG4*RS-}>k0H_&GF_i9VSXoU7mbYD;j_V*+6^rsYh1QFf|fEv{H
z*9!7vMu<vCH1}D>f(Za*$}9G)b`7H;ko9-R_<8ofn7u950vQIC$2tZu7;x$-$iwao
z(4NtYs~jb+D%8))6Mt^_3zIyX94b#l<kdAa<+1JnhA2$70=GXblVc+cGV!P-Fl@Q=
zL_luegU%QX_ID_Z|L66-VSE;M`u$4Z|B=+a{uiu3)!)|#YUHP_-IM(vOr7+<+TaO?
zX#YMCdQSi2`rn@CpZojQ`}q6wucNK5)<6G$BK1E1T<r~b{SW)-#r{`aL%Y-W9}P7f
zZJqw_KYt=A|K5ZLdps&m@U0qDqR`+-6dI};YEYt3(>2i2N7&(D@nPZw9;@t#-J#=t
z1mL?N&9RYyt#ZnmhO>hhOqK!sjUL2FfegePNT?*l5sGh!0vpYnM)jwVs4NvINBaSx
z6RT~`2#sc<H-#0*iV!+2We6f-gHi;-(a+(3H-b7J3xM?BMRmg&rb4?l2@v-AL}mU9
zeF*XkSNf<76&Bkch-wDtaguj=4#>ozBqjwO5LtnIU=R@oO9h_W6%@O4^z)wjauE>7
z{yn@?#DjPLX;S&GOuh4eOeg-&xqq+xUsFv>r!)W8RO`S0@ki3{W^Y{n&s#Nri~FPB
zTzcgGP?-}*ji8{ek*J|mXzBQ0wG&|47*+^76fs7)Z#iGEU~YGN1&U||)Ey0rvrAwP
zpb5?o1`~;i<$I$7jS=AGSmVwa?IqEFr~%vp=-o<VV}wpceGJige44}8>CodCK^_*9
z=ktw2WpRh$k6MiISbTfSOmZl@4=uxDy|&!r9{CGfBxg?e)N36#N6s+%wnzSaGY;r9
z9V)DF>{4k5y!4cMsM`zNor?cs;CtS?`Oz4{3IqVfAU!QWA_7%GAe)86{<JwxH5MbB
zNrpN?NF6F1KovkQKL@rCkTQt~uU%*(&ZDrORRuGM-gNKVgz+!%pL$2=6}kVm<khc|
z`>##C%YUdf#;=Hfy~%$X8eQc-b<O_s{~t-eTd3j6f815`x5PhZQUs-Y=?`^b2;2Pc
z68O4`b8w6bTz?Tn^cy)(uIQo;fGz-|L)*(MA`6WX0%k@*=(q{-Tu^`l?Su}+mX3lM
zUpbE3Lu?ZGVB$&$e6T70L_hJ%vR43rh00KY-){M!Adm=s+KdDK{$|{9;HWto;w#6J
zN64uEPuME-?udO$Mz1G9*Ngz=L>~Hnhp^PM%=sIH%>a(Zrx%GPzyST)uJ8-;RKNW3
ze>wHO|MOVIzoh?HSJTw#vj6L7>Gtpce<J<vJ&wEo^Q{_G1kmejQJ`+1t>4L_09NMs
z>VkH6VD~`S42&6fGS0)ima#BfH>e39hcj7J!2P1Tl@BaPfUh$U7gXR-K;@3Ef&nOJ
zO7~~JLCm>8DR9A?*2S(<@&7Nu1KUubtU$zY#@*zI9FrU(;=@C=@y`o#%i-~uqiLQg
z4)m@E#%Krc%kar=cpq~IM-L~f88cm=@WF=y^PW*a!24KOI-5ILIl5Rm*u#2%<EjX#
z>}KiY%&FMHpBa!v2`H4%t`74aYTJt^;SSP37l*<;XTq@2pZgQWWBmb;&>!t^w7VDW
z=p4A4o`2>e7_{~eTm<9M-T_eXZ#zuw&Pe<2?H6<V2bzL^+neHZIQmcg_JUS=aofvr
zCI~u4f3)|^=YsTaxZs7|w|n1(ZT-{%FCOa!^p5`ES@YRix>>^P7`(_Fbi%#BgE|pB
zK}>rg;7J2ML1dv%n(zr70W7HnpU@WJlQwDq_uCl*WJx?bXUK19{5MN}dv`o04i5&H
zEk58GBHUvPCkH*maEo$|F(M)z)WO_~C*4?Ys}S%as4iHflXYZFEX;xrD%grJ#uxxk
z@Z`M2pa5^NA9!9Zp7YUmD@ug_P@@Q-<QO=jb3X^o_3Cn-2&Z#hv}16<qXnUzuW}sV
zD#GSq>pW;Nauw+S6STPP0UW-Az;A~O%ou-Dh!N+p9bPZ)ym2ND{DOds@FtrJT-PJ3
zh)BCNuyK3$e51iy;yY|om<HHvb@5Ky5nUKt=0_OzqP+sru~q0%7F{KLCD7hE4Wcfk
z|89erYufG`M7>A<-3B2G>8U}C!Trq!Q7+WOkTH+Yf3rc9k#%mcLoxK6_pfj`N9^p(
z;$4N{x@7*{eep2T`AZAusP511N}7CD*fg{_`b`A$5(4I}M?W4NZ032onm|^#AD2)7
zo0O9yp#OruTyt+u7yRY1Otc{Ei~s@cTX7UB0+0Rmr3wc)LMJsv`%(Y}|GlMPjs^DM
z-0I<6h~SIyf$vldy$gfgxj=<W5-l`{<VQi{aDeFnJJ7$kh<J<-g%YBPqZVRAa+a5e
zO9wDh1(cg&Wgst=N5yt|#dft<=R(Gy5Y{w*DTLE-r%gdF3``Xd0tBJZSd<RseY(QQ
z)#vcaVt|vvqcD6Lb3Za;H|pR$I1)Jst50m#7g9mTT)h)I1_tJnM}dkCl&aWKvxhYX
zq-MC$ar+{IVw@6ukoQ=aHx??-oQbQN;<+fts<Ie-6**+gL!gR^e2hHb$XSpbK=Xen
zB@*~v0I3tbmBGpEfDbCd2Ut6^r4q6AXwRo*gxG0EPy1^{^af3LZx9niO|cUKxxjRs
z&^g`I_Uaa=-1@w7Dk=mxHWiglE%FL@bw+Xr9P+THqJlQfEy0gWz*9QT4*wj)%Hz3B
zbNCC$@7E`GNWJU-IQA#M@CC59?|+&aUG#t2YW?5;{z&@W+ZR{=*S>20-WNbXojgIU
zs|{Eu*L+Ag>SCSeUGKl^;~;16z((5H9;~}>huyjB>*lNBA2yKc<HxGL^ns3#dsC6K
z!nl_eJB+$dUk16}=Ki*=4wL!sS?lmFWcqg;rvYk&)HnMhSo_Zpivwr>_rm|LQXlsJ
zuwS$O?sfmyR`2Zp4e(p_e*bTOB>nDfjJN-X{eA0i%>1XP%^x)Z!kk;QZ~I}i|E@j1
zTQ@H4*4-k#ns)QMaOsi-6-qo0AN;jC`E}_oms1z@z0s*^2X`;sW^*cIUNJh=?&Jri
zhZmd{xc(}zuLhj5-S|1c?8!kTRPoVMxxRdAuxIeO>E&}J!R?Ay8&frlbmLZ`lf`?x
zZ-WkdG@lcOp5RsB*RF83(cdi1K~(~jAv(jV2$2aLH*j#P*f#;A?}O?ED2`myw_f@1
z(kIadrryMx-yqe|F!BMo;L5=SIS*yI5M?=kL~f>moSlK3b1z11SVNfJ3hAn?v$A)#
zbaFwg>|GoXIToTI2jpSwe?`R2)YjF~8BvgzV?n1Jynhu5eQ@Q`W9rOfh}|&{Vz*p@
z_;Z}~sozd)g2=`3-&^#3xew5O@Cb#@oggWwU_tyqXXrA=W~Fa81p0dJ`0t?~PMh4(
z09Xt-=u_wm;`oNqXXO1G!}ujOz!|{L_ko@g#8_VrSN)eo`cvOi_vb%5(mV<@W&S;V
z^m6`F)7I+j|65yEv;Y3@A4!w2;~ICu+if*<Rn@dr)pZdK4FfG*18{J|5WqRG;cZ<_
zeJre;j1kpv78COgrV8FODR3F7YOAQDMVyV19$bka-Ci+Ay1RIUbpJI1=|)L`cXDuW
z@#)$zpEW9i$NPm-!HI$lT}c|?@f@$b26&N>dHz%;q725Tz!{z*w<cbM%*l3E?D;jX
zcm6W}xB21E>0c$1O8@mfdZ&NgF8+V|>Hp89PV^5a9OVI;93G&ls;-S_s2gbLcJ%<q
z#|6j+bHVZfWDo!Fk^WrHikjPr^m+LmNS~L>Px`z}ej?`2@5mC`vpFoGM{>8Cj@Uc6
zAeOVOoL%_nmD>P<v4gHJ@FLS4oDexGIA$RV9G;+vSU3O)Ei@YDcT?p*J<UC)?&;sj
z($vDv@^|&o8~v;4YIWZK)wQ+y>Hkk8yd$6s=z5w$LHrqH7Bmy@&7t-G`9<BI`kcC_
zf55E+sDa_k-*W)y#s8nWx@Kqk*U?Z@@2CGiktWHg`cdgXbO$?Q05S(r4rrGJ7))v)
z;$_HHPlQBtdc}Rh2T<{N3OR^@5L}qiaO;HrsiBK|B$^S9aCTgZKeV}o&Un$Tu#kRW
z&GFg?zkL8K#=g8)zU{d_U@tcI1^=KQGGsZqzIcuWTGzVT>V2pU0f!Gv27}%8J*?%+
z!HX=n7$O7B_4v?&4IG-2Qc)XGUP%J)rFjsEj*1jqj1f4Xp(iF|UX4yCC}`{Ek0?_y
zY%5a`0&799=dSh=vb-J^5ZdR83zIz~65gLd<U_z4?i|SzxCm_@6?%!95e^L!Lb1Jq
zQy4X&Re%<Tq2X*eaxmFU#L?7crXm5w?0<S~_ov=d_xv9^)MouQ55WJx|F0H2|MmNS
z{rA()<{$q1i>4oF>P`OF(CIw?y6Wov=l?&FxL1Q=$OiPTA_4w1Z$GUQh@8CX)J_?8
zoRd2*!<lywZ_k=#%XyB)<2#$T!vbAQ+qwQTMEn^Ye4(J<7XFVb)BZn9z0tq<FMEIP
z3;lPo|I*UxxBvPhsdJDLj-IaPn9f|^#687u=Dh!vm>eDJaJ&*kQrSU>oED*<1^m|3
z8~soJW$$l&p#Lu4|8#ZL`|p4Jk<^*~vD0Z!#E<UC=*BLG+TNhoOF1S?gq}D8>Oboj
z*uj4qMgP^QH~P2xRp;Nh-sxYb^ZhSC{~G=D|3^}1`bWRV^~?a!*GNon#!8q|X9UK{
zqD_M_!=Sx&?{<cmm+8M<Ev65KgzfH-33KE)9x6Hx3gu9}+a$&k5oKkr1LJ=yD%qc#
z|K8}IbAbD$K6;^lbv4b--~V;B)ztdw|4*d<WRSw2vynbTFYGz}LR`ac!WQ<Nx(#U9
zbLtT4u;;`Hg4lEVW8o41)626z{mZFW{{PFj|NC<O)99@K(a`Ca|Ncno!vDFq%X?zm
z*d22Mk81*v32fGCJstkIm#q6)(ErWUk^W(*`rqHj-~axnsRh_Y|M$N?kh;#lKjU}C
zeue4p&%c(2x_bZo|B2N7{QEI~=Mwk_^RJ`cPyc@;^*H~WIQA?wDEP1S@pJi4T|=kK
z{Of9}_xpeUBgsg{!ol3d!_g9f^NcvUn%P>JBLrntRd-EuRaFZYi}twkh%=i>C9_pk
zE$z`u{N2Q;cX3k1Les;VoS(`pw3>=P+n->9H^PFv8$k^kC+0ny%BE3FY{N;;vuq8Z
z^F?^<kD&UK{3!_d&yPeWLyy`B$Y8M0+mi?hp#ixuoD@h2fp1X1*Q5~AWHOoJPo)`7
zCb6kBe~KXk+Nc?+VjW<efqL`6Ih<xpV6mgY`VOK1aTf_<QUZ(#KQ(*?bfH3Ku?VP3
z0b>H262(@9&#ESP5u*_3^c+@KhVpcTF~J-<ouIRoT|i+1>aiL;acV&f7$W2#=!~0f
z?CLUISr4{iq>ACh2*yA&!Q+kmsSya(-<SYvLyz4|fIgA-Yyg~pIGGJIJLmZTS(-sG
zF(UP0V6eW35j7+bA<+PY*fbz$1MohDF;@!|N)N=ws!B33QUx7$*Dtix0R8$=15J#;
zv@_^|oOv};<vbdxqAz=Dz@Ne*GpV7dM+K9AVJV>9Vt)`L85nSY50i+pGC$r!0Ma|6
zoKA|M29hw~z!FyH4G#PSg9)dhxTI0rF;AuYQ=(8FN-&wp2%$jiL9fW1vOSib#E76U
zBdC-}f{7cI)jo(B6efv=O#!I*(-r_@V~4W{CeG;JzSZ$(MAB&t5+GCy&ab}JBQpWA
z*`PCX=41*9-s(04&x}6yiY{=tk|EWQ*o+Rfj8r*j<z#edB!ol{C($_gwL>3%j$ytE
zlc;nyHu30uT47IJ*3D0bz~2~|5fVy;D-n(Y{v^@;`&yS{P)p(h0-w4r;665n9-P5U
zxG+g<K#g=X8UgC({%5nn--17?y9G^PO5DCyqtGL$fW%>!K9~b}f{AH}9}Lq<=`#|!
zI$vH3kOxHl?a2sdvKY+vHqggD)(vH_*f5BK4`9_4ItvCiAecB}nJBIIsTEYa+@T4(
z=)TuxFiB(@r9*WGG^=;Y;ILWCC<+kY;FR<DZa3rugc_(>=kh1;G?{@>FW9m9kj>RQ
zcdU$UDqwpE0NV&fg-&6sa`qJ#SC|BtgE<&UcTj1g<k?xT-D~@7fQ5M!rs~u{CL=u5
z2k>Nd4T6bTcp&0}z3B>bpW9}ULprr<?&jQmdl=^1pSnRUjY<Y{N8zB>7Cvz)n#4DY
zSWBHZB))y7)1JhUB(QBMNCWl<_grHFS6&CZFKE4e`au~`J=Db1k3@}P5RnK5c`}7e
zWs(hH9E`~%Y`T%~5F`|cE)+Tgp<s0pe+EM4E(d>VAes@*VjzCpN-Qeej7f+e)sIGH
zuqkAc3f?jVVNn9Z!H!Kt7~x>)@tT7{Qowc%_#|kTNd-bT=o8Pw*CZ;Ng1Ytf;f#b}
zg68;Rgp05keoP9&Kww}F8XIIot`;6b0)IfU5GtMI4;!bWZ&i#`L&2~ChBVtT<VOMk
z`-HP77>Zmw4+Y>#6HG-Y=!Q%qu~<Bu0%U`E;oN;?0vIp`$^A@*@FXM-=OCcP(IGO>
zP#PEuCUJNn9xzH6UIP7egeY{Xte}X-79yjf4`>0P7v8zx$~<_~1rx6_|7R@@7|NKg
z6>WtHx@OYRR@fvz3XOz^e(*bZUm;jHIXEINre?O5U<EMXa5;szeee~YGY2esb0<qv
z7t0P+5CxPN(AzUe1c?b{TLo=3MeHjU_I;f%8xLKDczK~9lKiP;7~2L&pMl|Y7DAy>
z&`pblr%^dJ$?yw5Higy<7FWCg=wN}fLU;tgHxcW?m=MfhQKpg6Ow4oui6!z?2Lb|v
zLPM+>BrtIy?bSlie3f7<e;Sz-5Dqr)?ppxUigs<mVDk4I0$)t?hnem5V(~CKAeD%O
z!s{`iBr1~y<{J!45zrFqmAVH!D|GbhgrXfm_`N$}ct^9lI(Aa@@&bLTaQrc0_6;b~
zF$XOG>kL0O5SIY~Vml=s{OKMNg0rQqrMU}&wS~<jYNo+iE9e|jLqeI<5a>xCO63d~
zkSmZ1_Z=4WiUh<wOj@S^hJ?_85X^$hnG9$P%rcV^2^VBI(;$GtCI=x3F|nNBj*&so
za16djkp;S-vpXS%U=La|KwVr}Dnr=dZ-9GHi8Ffm3mZQ~07??!K$f7+C-G<k0>k4f
zEI2KlK>`^Zm^kPQpn#=}u)_ghuo%}Z55J2ZlrlNL0XJe&FgEPafq}8$&0F-m1GpxS
z85>~St9wp_jktS4Xvab)Lg3Wuxc=Kq_q_gj6+0|@{+b<@J#VBPId50i&Sk&=3+-GU
zW4}Pw@`v}4naJdDY=ms+$}fPzq>w4-ropX&o&U&?@pBg(Y><cGpW=~s?Ep+J3tjRY
z$&(0uSNg!i6UvC%1215t(veI!b-2`mD0Hl=*zS71{hC9Eh!<F+*g`|!z!e7n=UX$D
zaGCH1&71dd7P^Q?*oF&zT%uHgjT-4;*q!$*R8A#yza^pX;C|HOo<j(U_VM=vbb<0Y
ze<FuXaC|XCrpLoBARrdt?PNAG1!EwbLm!Kv$VcBuM*>F_2y!eAO?POT!^!xNWQw5S
z;UL<(Is22yR3Iv}Q$CqNgBlyK&}cv^f`8#<M!25vC~d=?8=D#x#1gQGQ0|%xq0oYW
zbncJV4FUWPG)98a!eGBlJm?;}o1?S1XD&b?R2G05pq&KiM*$6R2$&*}3=rNzL7>Vd
z6!2k=u%rlNCv0_dprJ&;z++VGKu6&LhbRC!gc?94!^0*XtP&DvnFLA$VgURd?Him)
zgGekzj!4v5(&WmM95J)gTT}zmNdhJL0l5xUI)!$Trz1!-Ao;<N4IF(SIfz1@H#M9|
zH3r211v3HZLsb*1Sn8@iw1NU0)`~KwJX9lKYAH9E*RG0`As|5%=&;q8ps7wkBB}oD
zAY;P+WA9qvqN=w3WY(vX<=bod+MyZR0K*#r$pHo!9y8N0fQBJwX3oH|dBB_*5XCan
z%rrGk$rLe(ylSG^clD>$H6yJ|B769LMrvAMrsDPS>0NuDbLIhqdh>o=`@Wf<0&~vU
zYwf+(+H0@<U;FGG73GJ5;<)I#h_4}QhM6^v&dEL}9;i0i=p=&QoHjftWCY&mBrFX6
zwch9i!gP)fq1#$YoJ71!(1qOz_c?SgHi*MP|I_$yyZFER)bI{@+yeg(4h;=%jsJ&8
zLwxxEAMx?w|92h!?@Ivq5&*sgfG+{yO91#10KX#vAdvG2b^Y8BVJgmB!k{hq?~yq0
zWdQEJ41i|>fDhO?Y{gTXl#m86m;^+?`7{?58SG9&2nm!1hB&p4azkKp6cL0cNzXtf
z?Lq-VT!!H2G3<wKvlCbxW()}sNS}g1gVp1SGoD5ZusS0BBrsNIgSi}GCgUMuoPRJQ
z%7!B>V5o;Vc^tP>S!@vb!o>r^Ei=F65r5MwMUpZgTb+4{7YxoSr85@C1XW^uf;*7}
ztIfs~Fb-TPe5|m=`8d>{!C(-+N?WkPFm!___$Y&UmPTrvvS4Y;Ft6mG6oyGzo*Ii%
zfw2Us5)@I0MzTbednql=;?uhYSi;J>-%PaX9qj-jP8`GidC)H(lY6y_U^lCfhVWJq
z-pVSR%@FW>JnrCt8(5dXUoJg!^1L}qsk<SD;O$7guvA)0oJ2u9ASC_2vl2*$gZohT
znuG=g<HKyEVeK})h_+Cyz@E>n@%3=BYoA%G{udm4b7t<1#M^U`IA$W;A$WU<n<?>@
zi8t-SRuxEyWjSFnj`r<L8iH`RL)pQ-!^I+U&JK>fDZLfU(dp_*f5gaIcwlfK%BIIt
z942LeMw$x2ZfUb8%ik9i1>T1B62ZEOHCW2)Fq9W7{4^2dx+qR8!?{tnpc|KWqI^W&
zX3(zLY9QE~vrbm-d734@fM%Hj3+RKw$r0#ld|Jyw-4v;WNes5rwl{`SFs&(}V_H=W
z=H=014wm9ZBs>O@9%1(I&!8R7EfT1i_leP*I>1fpNt6b)B^Qh)2)P)pbO~*W5yrn;
z(T4df<*-}9Hq4Bj=iyN}fmn?jX`Bz{Ekp|3!A?A%Cpest7{SjQ7#QwA=sXbWKs27_
z2p8Ja)Mfg_7RmgPbxk0-pb8lCgAOUpjmX##hFWxNQ4A;Dn|!+qP*u+4{}a$E!BySS
zLISG>OL<%s28jq192p%P6&)Jh3Re|SRlfV)99q2vvU;}xtACPDyZEnbc7De^Zh`-X
z1-IG%AtJ)J|Jxt)@!`Kd{MU#7{x9Ia0<1zHU;c{^_x0hvKHS%b``#6}uWt?bpC1AC
z0DxTs2d3?9@W3E2hBx>j-nEj<OkvcBwizisjaULtun1V#xOGu@p*38_Yl<jT025A&
zo*`?|+K$NniSZek!}vv0cwIJ3(u*C0fG{v)lJ1ZNkr^NM(E)f76VPchQ70IvEKw!l
z=j;-0$}Zs{EeXN1pr)=48zYDplb7=g^uSwV|I8xFrn5120a>syn3)x|E~bG}Mfe~C
z*8)+D?U03EWMNeR6+nJ-tI>sJS>CV&FH%RW)o3rJY<Lw~i4DULt`%x#8s^5R9aA#3
zF(t9VD!?d#Vjh%mHx3~tz|RVC0dEei!7jd@BoBc6-5@;aFbuXhUl}kkY?0OCj^&W`
zbFLNru9(8$7E?H@hZn>0D6C6q$Y^EAZXp;jhkz~zFO@50B^(5gff`D$%0#2#FQ*{&
z-asX>8_mc-Trw(fLZATNsNC`2c6cIxH`Fu}`W8G6{24tAsGv6_1NpPU!a8@F#4vB!
zkegQ@Q7oqx7p52%D3!pEU;>j#y)=cxvf63PEg7m36etSG)QYy0dDOUF%D=lwA>LGy
zdJ~oKXkjW<LXjCM4Ns@RUtxl>IN@_jK^|mrW}rQt@MIHI8RY0QCoS)~_Uu_ME63LD
zik<~$3l-q6wSA+;NRFmAIQyJ)nW>S6AR3VssdmOj7Wq0TagosX3K$DMm_vL!<8TmL
zXf4HgFgCELu*h?81GY){dD1VDSWVJrEOM}p){YU~7B4d9>!5NrhGv5Z{doQx$@qm6
zpQ53;b3{VKc;NALK3p_S*4MgWw_YUV%&TEN@ZQoxKD<XH?eppqol_TFwKmfiE@4_2
z7Uyz@a4{^7&ktm`$q!)L0*W|CP>5@Vvwa$?j<$g!6|~L4QYOaC>I=(Y7_%6h>`(#^
ziHd2YwVItTB%x#n!&0o(#J@6yEdiTK8$Gl$r{`lXltylGj`!wkq;JuCT_8Pfsh-b$
z@D24|a|x0g9Fz?d@f2R5?qnrF+Cqi``&VQ8m!KrD87p{pRu5w#Uac%aiIjygS&`NO
zm6sqft^i|!p39hB$pD5Wz>1C0IT$ZF7z1(Eg%s3ZW3?9oQ^GS5A}VGg@B_a^TP>t|
z$<P{0q19z3PPGTStDV1w+fQU|7qYr)+F*kQFea!i(%>FoEn)DhBeY-wVh<C*svxh-
zFt%G{gSa>5+EE9L2vndr!@<~Zo{ci%>=W@RShP5GWpT@L;}<7DgaQKteg-!xk)c6c
zO1hBJA%8qh4wHz%Sn*3d2^7mh8zt>oEY2@_S3UA~jmyJ$dGlTp_nZ=|sf2OPUESqP
z!6aSJkVODR_@y1M{lG{;PzOfI6hKo=_>Gi6oy{*UNvI>a3k@T;ai0L&Qz+$X&{Kj^
zUF_XW2p9!%69P^lyjIEiOp-Li8=u+CUgR&~LuuM9cANAuCcBkvmKLB?1!Ssa83Ec9
znKCVNl$Xw|cfljr<gKh8Y&F4(1?AzW-CUB{fkzM>Z4M~Gqa6FFE9?T}yQwqBb#tEu
zNyBi&$)|Y1T=Wi>^_ZArS6k%aZ(Pm<zXVEgZ>A790{d(m9(?&W5o31ho+hsnfh%k?
z1c9G1QFe+W#4&NI>;HT9&4sAB&Tn?6-lC#IMnp^RDE0QId#l0sx!q5@`9Jpw=N<C6
z)%zde!EMif3h}-F@rQiwqWqr+rh$aS%AYfL=QVZb%iR6ZnLFQ$8@>ddFM;Pv;Q11G
zz69RClE4$jzgB4$&#koXENz$0#n&z*fgio`>RTI4J5xi^V#W@0Hw#SVVNy&R@KhS<
ztoA}g>0xL!GkSuy;3c=TP0zsmuE=47o<OsRvLi~zT1{XIrZSwi(&Hm_#9DGPH_kf2
zC7ZPjVh0AE2C~V@tN;^!K>_Mo1Ob*2##QJ~Bz(iR94H`Q#bED@5tpJ^uRx5o2pVT~
z*z~jzf3ZOZ+Q?WKOo%sC6+DD8$y3C#geC`y6?VLD0TB>OYRX|?jLt-pg8;qqEU-8T
zGofHmL6I=NB&*Xo1k@#De5^HN!H0N*z;sXs8LT*JAku`Zw~Mp#c!!$1M%sZ-=Rh!~
zA}mE4p3D=WBNLf^<F)UMiEEaQHd#vpoxlu!h%I7lpmD2_RE=*7uCTq3vWxL~>bM{=
z5j)<G%MB&7LEXy)^<(YxDkma?$vi3q+vHAXr`TtqELSb71+0VL7ldp^!81dQk(}Rd
zaAzYC<73asbrxuv45$DfL*jtOl0X9K$`IM&!az6`;^pu74FMZNk?bok5G;OZ8mQb%
zb0@_M=ZEtF9X3ZSLWA%M3$YsyNeSUDqq9-AGDKc0z)S9-k6;}-VO97JmAWI9B0Ei)
zIcd4jTC$r9Z%GCk54Z+yXA@p&24^33rj2Yt1no?4ieV_0NDRhnLIW^pgD?wE{;o!=
zaXy`8dA3+;&@PCWaT6t+Nr2hlxk&*nAzH@f0AT<Wu<GzM1nYz%S`ZTh12WDOG?p2~
zvQ|CTl)+Q*<Xm1B`D1<hW%4Ebh7l$Pnlg#`o+R9ITAZ8rkhs}}aNER~8J+_!PGrK0
zIlGpSdP+E48~>(Bvq)!U3nfn68Yd7~(u1+kCAb|yU_2~sGKql#acxGA+DW)RZsiv!
z@FHUImC{1cpGQj=R%~?GEWnZ`WuP~(R*CaGF}Q*sH(E{5lX26)%NvN3W1~H+mD0hy
zpiKwhy$!>1b>WoD-(m|PvcztmlN+#SEMj~~Xq64u0wPX}ow$9gjj(OqT9^HZwJCCx
zsY=r3$TV`K$V6(5DqE2#PegvQO!)36K{*O-iYiNs;0cXPsU3q<Nl2y~gVGerL<y3Q
zR%_&$nMkD(D>BsS3OQU;C==4N5*5m16c6Q;DlJM^WGJ*iRI5UmAx}yn&&0$s<eG#O
z_$rH6q${*zB;q86R*7jQsWeE2)H01$k&u-x(;#)0My<+}1N%fEt5hhHG{8lkAy;Yx
z@m^?f5y`XR8_G<PrKe+FVp$ecUxO=%5>)Cj8bxx77Nw}t6XkF*UJg|wo7NFt(5i%V
znIc1i5@i{(WH~9N0xB9YevGRg%1M#qOPHSw{v~J?DkW}5f=a2?z*h-0Q=@ej%~52^
zB}k@GWMYXVX;c{!F_tHkP!S?fPATW8U|Ay%mB1tTdse30Nf0H<W$8c*^rQ69-|g(@
z^RGbPcl~ZYZkzcK(AyoLB(Qh*?d;_9@7l=c{|e&WKK|>3j_#PpE%4t+X?W}Ne<LD7
zgMIk#AMu%~Rwh3vegxa^gNl?y4g8*h|99#DKhwvyEES0ctX3q-v=a_ARhEs-%sKMw
z+4`M5QsSq4-UCg`8Z}K#cQ<q&?q}J~#58G-Zh0!X@<4J`S@h&M)k;;>oa#N<2Ul0`
zX}WK1v}Jj~;8!}m?4LU?W20z8LJuU_Z*9Jse8uQLWOL*f)4wjbc70(({pM54*yjqK
z+<Nrv6ls@x*RAg#mG=0tag{k8)=SrQ%%}1?fBeaZJ*G@Adrb5|=-iIWwZk6}i=$&=
z0xIW?n4W*S<F%f#0~;F88A29UR8-V_8&bNfy3drl<NHh{lO|o=`rU!AI|Sq#3~z7Q
zvSrPhv{hOt$!;FoXI9PSS#`(1`~Lfx+jWn;YCJuE@!*qMk+e&WR{P_rQ{SGpKQ!as
zsrk9NxfvN5>FK*(>HWm0ZWmfw?iVfp=%bObv4@JZmoHzgtE<zj>NOR0n!3?^@TI!{
zIrQdZJ-+yMrK;(dUw&z7s$9DCuiD`Q=T_D9m(80vVRUqeU)^!h{dF&;{_T_FqpEdp
zWZv`Lo;@c|oTz#G?Zl)cAR`)Ov)PJ^&s8VSHJMC0oi0qi<J9@?_lfG(FI?EWQu$fq
zxo>yo3}3i$<3?qAdb(1%`uj7>moI;{U!-nH_f^`m#vQYM-rFxV?Stv@Gg~$<S@KMI
z?A7|n7d4raJ9pF`j)^K5P@7s4J@G<ee*Ur5S!=>-)&=bRp!96q^ViESH6PXv4-X1j
zS6gd2`uE8P9x*>6?efIJoyU(;B2gd7=;f31Mvsn)i)%i6w!!$mV#xgWcE``V^2?Yb
z1yv)@{M;|H+peQk#XqTS6Sv&>Zs{3A^Zm!KU%x(c=FIi$*E389nKU@Kd&h07R}UA7
zqWaHC^n18}|FH8c>NG#)?fV|+lO8Y`dRy3=DMPkQym;n#-HaR8FKtb$(Of7NcU-V)
z)&7{0L&0OOh(uwLv-Z?}w1G~Wqg@@=-`2ck`OKM}MI!%RJ9lk0naz{S%MTnl(4%Kh
zP|&XvVyhZTi;H((dtzZ~Omy@c=|f-KCVlc@ihLF<Sg>~O+NP!^L&(D?W=)>ls8IZ6
z$(z%D+UmGoo>6eB(9&!j*6X7Tb9P5m@nu<Tp4A#OJ$}pvL+486-q%A!qQQd)x3si`
zjw`m=&YV7dkLcr_J9pOC1IhZshbtRSZQ8Wy(#4D2J59TA!Jgi6`L;cKO3wYTeb!%s
zuG8Hw9WRO+x?sfnN8ebgeK&9N7k~X`uX^;p%grA|T91@x9z8bu#`&rnv(2ZsmS6tu
zlj#qP967R=czVMru*+#Ly)^#|L%)7Ye*4YV;e}(3jiKQmrVM#=>C#`CoBPb#o>mcf
zpD5pCdiR}oPF_BLDz)aDg9l^c;-33{byjU{?Y?)|p>qe0+`^ukGYaL0ERKkX$h>jo
zr|Rc_Jh}0WK4$j)uXpb@p4OCB-q6K%x^(GMRZMB1pP%2bVKYae&rkeT5j5_~l`G@V
zX!G*&9FB`$RmOyy;}aAL#ZyncmRhr6)26wvydv(>Wf}t0no@6selz$XUEdCM09in$
zztXCPAb<b9{rh+6+I8ID#xFGbsWU@AKCw)*CL_py_`*ZqZ1`;d{*sg9`fi$%yU8*l
zI=c3m53)nUhji=I<^F`+m!aaZ1J|ux8z7acW9}_3Egduve@@yq4;V1O9$mRzHzFpc
z=gdzxOTd6eb+Z>0b?Vx+K-$-~d1>A8!ewU<U!A*U%cHDr(U*_r=4#46te7)bx35Ef
z-?$0C=9ib3gIj1(6ciMg%}x9Ey)k1(GW7Ig$BxycRgCI3`{kF5N=iVk;o;%B_o4<5
zuG_n}^sAkZjI6E>$=MrJqglB4-1_}taW}e#uIaVtMQNw0UGA^0tqlwd)7EIh;b(TX
zczXP#Nt1GO4<^qY*tz4>*|TTw+O=!NiWO(hj9;ZqeM{Y;Lx&aB)s8v4&cCo?h4Osb
zAkmaLb9SFJJ~e7e<A0y(+c0(h{P`Q+f4}RXxGr@-|DJp9VHjrFvSp~#qKb-BCr+##
z{od51>Y9}+>!j~yuPKf?)c;cGj!zmd>U(E795>#5;Nyb_Cw;jn;MG@O?InIJDr(<X
zUn#FvR8@`3%R2(iHC8{^aohfbE4Iz6tqp#6#hKH)yZ3JSSrmysn-({K3TGy+fQ~Za
zwL0mcy^%+D2Oro!VtBW7@$??6w2v)VB@(UQ@Ja5N?gIvxmo7DZ_+g<b;&6TaSJzHH
zR-ym;Mxol@o;dvlQGVa%rY1APoV#!V+~=Mj$GoNP^3X%$TNYD&YuBx7XlPKSrf%4{
zF(Tsnd%<PJ=f3>ro7$DCN#mdWuNgCTTLyl8I{VQ_cYU66iT*P7haX~BX`kq6D|q(V
z3(vh4XEMDUI!K46z>srf>+@BqHH%(<eaPdFC(Gq8pwUl1edQnL8llHQ&;RXmd0bW1
zym`wj2fRh)=l^iBen-E^yw?|%EXjT_Imxhnd(f;|;|4}+Q-?NIuNd7gqT}Ds?TF9G
ziMjCFgtFbcf>zuZ)O+&D1a{?H0RaJfYoEDVZ+))u=bx_v{i#!@?%TKT(@zuozBK5`
z=dNA5%ubI#-rPK}XV1pw<~c*-7p7KL?45WrJu5G7NoviG;pd<Jb;7R~_fFnuZmi8~
znqmCxAKPAR`SHgav%XmQ!IqW{qrYRi*7yDx`tCDh$7a`#?JOE4ll_yuFM)@0efuA!
zViGE+?I?3pqQ;P=g;cgkh04()X=Y3evoH(oT2-e-PN^uVM4=s7k`}EeLefG~DJlt-
zk}UuGewLYM#z<#--{0^5=5szBo_Xfpuj~3=%Y9u+G5I=xdV2OOdOQB-;%>LS6SwsD
z&u&UQ9%sLPYG|*VX9b_%ZClpXV(jmKc+H|&33rPdZoWE}o14EOl=iefD3_`!Op6`f
zXR}jW7t%q%m(HFQR9xT2zt|G=>#xP&pwkwlAAF=_ue|nN)t&k-T`%6w&9WRDr$Hjc
zOgiiTz@@dd{J=y{*1?2%9(~J~`h<UpDa|xr;3GDhLz+2rX3u`q)s$DCYDxj4k4m00
zGGb)7<NoMqbIXIF28K2B&%VgrZ8$zUI<~T^Xl~~D8$oZ=`}Ph@Ja%lhmrq@7+mKjc
zvz^8kR$J>=x<#AGOj2}obkuK<!h82FEG+z`-xl+#O%)Xt#%lcXY%4><yny~@6KUnC
z)i=`9KNJ`5H4K_w@#Vwit5>%~Mh0JF4EEf%u}4FZOGV!1wo?9_*L@Eeba5RS0odvU
z@f$Zj|5WAX%H~r?k2>gvKh9oRnxC(6=5xrW;~Q^ViJO;f7=M22fWz)NM_uM@*bqI^
zuqNtD?Zp<4dnKt#@z=8WUMXvWXFTe4t)l+&<;!JdWg0^!tfp)N+-Kalj|~k!X=&|>
zh<Nny;c<_&?UM^EFK?hXHrD@^R-R4Mblm#o?E+(qk+=U?=6q;}?$ENM_kYn=UyywL
zVqzlL+A$-q47N=73b}B1b>jNh$&>-1=JVCvMvBWa#nbhYFI@0E;VvAf-F3Mdxm${`
zD$FO}Jzrcn=vM8j{>z#~nGwZCiQzU%EjL0QPYQZFFv@+JUSD->$ELa*$DHUjfn9do
z^7b}a>bI3~rt$sD+ct-c$H1Tab)W7urZ;aJd$R0eewy2vLG~-M9-Q#t7y1@G$ags)
z3Tdui_x$;uriE9ZT}t)u+WLOakw_1|>1Z30Uux6W+KWevUMIPqh_bi<gm~_qJ3%7R
zis}<-YWoAjwmKHwrA0(E%sn?Zm9_rHI%BoTJ4z-i+1aI6zPwQV%Gb1Jyjo6b>bkK!
zv)#Ky=H{vnQ;twnEG$cD3tnmI)TRb9HTTW1&FF4&vYSXOe);0XP4BbCNppHAEBj_E
zSr>#4b@)_U&VRa-aprBqgX9BN)v1dPRn#wH=q_(*y7bDo-@X}X$wRF*saj5N-gNIt
zE;+T3TQFWjT_ZRnq|K^FkJz-+u8fZZ4!Y_OnYg0y?W5!!J9gZ==Qe88s3Bo<+}+O!
ztDIMYHFE=qBW#HHj^CF-l>j|W{7SuC?!}KeI4j|l7r(KwVr?X2)Aq$>7uya*PE%UB
zcbrOaP>^5L+9}b)h7M&uyRyN;)<(1We0f>(vyGXL9IXbu5+(KQfB(e1b$)%uk3RG;
zc|>jV(kCfZfYU5If3A0!gSo%Xz<~(~37f;h9Ey5IF41?1ExdB&3Poj>z7`;?CMO^l
zy7q9&{!%$G=p|d5Mhn`oVIPxeH8XTXc%A?K#)|s%D_8C$<a=dlCKd-Ubbp=!1~N2_
zS0)gP?PG6xXS%OnKm(|;zP|p>ojXleUR0%V%cA@Z#37cJcXKxGv$5Gb<wCc$ix%v!
zYD{O8tT=S!1#3zAmNm|tKZ0wNyI9-WcHMK^+;eP7R#sMa_QDhHKdaO|z1+2{)x)Px
zuU6)z8KxJsRPMWHzop;aI$f2uAuZLv#Z3zdJlP}X5+MIg^A8OIkZgku9kj!6EbFqG
zo}Q8MrKzF1eC20Pd;1Nu#(U<t(ExVe19<oAeT_NB`y-d8UDPS&z2cnaMBa#>v1P`p
zXveEMlMamGb{nPXc#fB6KRa%K+7w4em6))s=Y?h6)=<)Y3w4c*j1IYieKj2t*28+o
zlzC2l4+3eMl;q#i)X=0HP%)*VDyDz_!Y{gl%G^OZIz5Dp0C8&4$#;BS>$OiyJW5ZW
zGGZ3$zTj=kc}883u6d@X&E9U8jVA!?F@Ju^!-tN;`V7_8-A(iK^Y>r=_Tibjy1K^3
zCDHtCVYj<>y;xmiUp(KZtC7)skJ2H#cJ}M~;)U4>k6>1bt&dM>Wo4P^oSX4$0`%0@
z9^A5J+LS5R>*@mL&6~G$=@+0c0FJ^kdG!16X&*0$>z*=u?w&{@jhfT6*9&0YVIzc&
z!?J9YW~>}%X7*)L+wA6-dkppt`-wYpu(tNyyLVgbHcqm0aPSw+Ir>_||8=d-q-7rs
z^fsGDK3JGDC8Fed=m4!Fwqccx_3uy8M(f2GpNw+V-*x23kqgT|)4Z}5c<r^_=rm$P
z#PzGcSsgf#GH;uc-t58ST-R1MynFX<)SQz8URBLtAN4kw7qcwPaoBiaJUJ<M-_~cs
zpxA=6u7S^N@}5%OYv-4gWP$^H{=A15X)E`tb9Ca_B@I1{fAuLkR`z<us^%r#o>!}N
z&w2DHBO_y;7m3;p(9*@WC+~~F$$rP<Soo4iY9AYb0E*w1Zwd%KKmQbb(P%xDl(B%e
z^H#yzM?dugd}b>nLMS|zc%^ce7i~`QgKG1<S2crg=Q}L)`||bcmTS-J1IvnRyp_z%
z%?Dd8yLaip`rSIKj@=kmTKOR?B!zyq+pM_{6HfKK8}P;CJ?+%KeWk4}UmFHart~~`
z^ytQ0-nxmukBV@0cHa4A>Gk!y`xWjSQC4|F_{?V8Gt#8ihiiRRx8^)ko4Y=?4{1>9
zowH|$d|Y;0c*(1E7AO8bYxd5k*SAf{p<loLV)$^+SI>)jttFYwuk=+8s9m^k{Oe2m
zv$D>Wrp@4o`<Z7g4<0h8W|67sb_yxM?M+S1wkf3UDazDq=eQX)HP;jBea8nJd~tbQ
zkl8QOoOYP1=LGosSHF7oD)*wM^5nQ#fNIJTc2BVgzvb3%j?w<jj>9}NOiCXb7^p$v
z)%qahr^9M(&0n5gUEgK&TxVzJX<O81^EvmG3=MTRUwvPFDl+Aqx`RVZaRT>P-?%<a
zMKNR()7rx^b_QCm%-Bl-12mO^-m2VX@a5BIdM72>zI?piX*mB$*4z*0&z?P%qP1=_
zS=Y*nSzq5j=-rB%oi5KsC5irkq)(p~mS-=Y@MN{>Bd@bp^8yC+=&><8JUlZ0Oz+A5
zqY_WvFD(4@s?aU3c3lsh{B0x>$u;3#`HBy3zt$#=<*3|y)or|G>GJ@JT8>j(X2R6D
zt_7>U2s~M=7<PSH>MuSqHivx0kw@23RzH8v(9zMca~K#MJ@itRgYL}5J`ccuT}X@g
zF7d98gElgq;xa;Aeebtvt2<P6&;CW}lJSE1^POS~HM=dkoa|LJ;OCuT+isot?Zic$
zFCTB^z#nF%(01MF>pBNMX+I>*Zi#Q{soN*=z)IULu1Uq3%7+4vkD0iA9=FMy;mkA{
zMv9xInqxdj>E=sK#@@DTdv}8ODB+F+2M+Z8SY5d}GF){vWs#4=;i407-#Y4@H=n$-
z1%MeqNx5b}o13WsW##G9MP>$+K2=w~>Ta}sFn6odus@70t~hKo*HJ~-0w|uO+~wA-
zotYXZ0IVLvoxgu~W&c5cq$Cfm2sk*um&^2<)o(&qHJ@pCoZ%Ond$hpYYh=V2bMv_P
zc<1HY^DI`|MfI%RGI8S8{E5?mN<`UfMp<3p8m~8(89VtX$;5Q1`e3JX$zL}Zs;c+6
z>wEvqnFHXzkY;8sIDKPzS(77;O$Ltts;R6*G8WF!*%x(tQSR=RE|n`9=`S|-WtZHY
zlSB`9yjwnr7OtOK`aqP~@bdP+@bF_RMv+LXudlE@<hq(Nt|+M9YZ{40+tsy)yYIbj
z*BFluSWOxoxpDAdjf~78hg`E&RL2K4iQ?jIfdGqHm8s22Q48(G7yy(aiss@wzM9HA
zA|m1fef<Y$XpCg+{c<VFTxn2_L+YS~7hC^GE8p!u$JkiS%uEH~$**~1C;3NQySn7y
z$F{9{UnfqSINNHgzxBi&y~*JhBHoCunrNu1x6aEuas2r5DAmy2$B)m?(;#o~=5F)j
zFq7Gv=m23j+mhF76ucHi-%u%1QL`K4u~$RurwiJHBf64YXC8X6!1eqwyV^J1wvA7m
z2q-YNP&8!d^qje)w5A2NEURd!R=JU-y}i(>#y6$7VNF3dpu;*1>th$K6&$?0e}8hF
zf9T{(OP3d!nhw2lz|;TU7IpRePoAh)8LQ<0-O3_DS#$p60Qh5kcvOhC`qtkVWm%hp
zo^t|Kl(qL%UwN6?U3pwn<G9n0ME!0*xqe;C>q2<=yG@C80Mb1?!z@kXKge9)=HsMx
zadT_G4eOOZow6Zmk=bpndjYJR9{*0y(nL3|XxrXjV@F484;VnQE-0LN!*$Ig@+Y8&
z<c4{l3k*CoVaaLsvnyW5nl*aO0L&rnoch=?>JfWBlQ;a{)Kt#gSO4xEPj6>J(K@xo
zUFsUdDrAA5ujXEzh{yqZvwVE`1-pQH>Jsy5|Acv8o+^cuuzx>ws`t9nr%vUV1-?0w
zl(gj<Bl6YR=?QN4@83V1@rGG(okHz-*R3D5pezj_L%m_mk3Cm3{QBrDtLp681N)Zl
z-V@$?{Ss~;wH%Sf%90bR^LKPR=$<4L3Jd2h$o_CgmuVCj)hm5L|LA;xfy~9O!+vjm
z?b5C3(~d$PCFM22PgJdYt35tVUl$V-^Dh6FY!|(q^Qi6~KcDR~WTUN%W8IY_n!T9Z
z8TTIKyC%HYrBx>0cB^^bhz<EVqYpj^TQ#Ha;5?h6wgKIXhmD|64gx7u5tmP*sI<0z
zo>pMzJ7{Eaeq4N@LA+`1h?uL7N~=H3J5uZ=3{HD6CoejhtD!x2jfvIyAj8q+W6cw-
z#~B;fJ-M*FrlzK;Bz*TrQHYn<6#r3YYh7p$Sf6=rcQZpSdJ3021K@Fe6p;81VJD|g
z&l*=_JjT@Yd2HC>6ngw2F*tdCX<U!SgxN)72YM~fYq%RXHa;r2@8)F@@2#v7_*sV@
z*sCrp$V_7U`qq8?cyFm{vDuxNstawaw%@rpPJ83Ib5_^&>Mwleu~=3QnrVh*eFnFD
zxVE#VW@!1Uug9~p<{VnxrHgj?awE|-GM_}cvp?ZUc63kDWM(Wy|5f^!AtnRM@1Au?
z7OGmmxxJ^F_jpNRnW5g!dL^ap{`ZxS9R2#NKD}_}z=)<~k8?R2r(JAHoKD@HmzDGE
z#jTXw+y|O{Lu#K`<&}-AB$KS1hHLc^Frqe0a_^$j)5F#6V@Ukq#q2fo#*eQPfmBFK
z3mG>XaKEh9Oc&m}(qX?pS?1|sc{;G7yeD}~#`(6QgRJuG=AjO&0!cR(7kOnhT0OVk
zJ6+FG@WRp0FLBMjfoCQG!mAHy@qgdcFlTY=@SO&Q)wle5tLUX(T$;7!$dN5R`6r{t
zyKUcgYf?)}-NQ3Sr|a2&h=|NS^{&i++O+ecCXvNHtCgP@i`)Qlur{hk{NbH=>LTsy
z``cPwTfVO8I@NdkFV%0}Ox9E*o0wU~M4TT+AFwdP<mYWl``Awdp1yy1puT?L!i8pi
zRE;zp6BC<+f+*L_hkBX;1_t|Cw<pY{F4tCnP(G>k?L7X%h1G6`AI$xmi|($dd3zJ6
z$d4YS&Tfd=WAvFyeY|yCb7JwEz9XDZKYE*zV%GKY*1oF&XuJK=!szDSDITQ(zOQb5
zNl50YySuM{^JegxH8+#<fs8qR{CIimr?k+9Wm_%#(rC17fba%wnX03+(J0$7MHEQS
zKN@pA)&McJmYnoFubG;-weMsO=k29SlV|rGS(;RKeoy?70IHj7vJKD(TU!cW<;2b#
zK41iC#E7FnRl0J;#%voY?1pDn`jfo8O<!#)O{eP(ALZXwZ(%?@LnKmFRRwy7(ZYiz
zO<t#03u;RE@k<xAn%n3;JGC%xuf<sNOINQdH-#7bDiyr`$SplLux|GFZLfUqX9)eP
zKC`$t_gh3{ugK^hwZkOxEkESz&tW%g`wlRkF?w3nw)5SWe67(u-aKvIdN7xg6ay{R
z)3s~6kVpk{3dU#NT~YhwSX*oD`iw9A&aHSq_3aHEBinh;GBYzrjv8e?Bzop`{%(@n
z$cP2o{}`jBe7UVTKYd+~In9|(hk=l6Z2n-kEAEtgQtji6irU(+?53`ZPp%JXeAc7S
z<`jBP_gz!h(;MH;dvYf_I4^C>KCX)L<1@?zofVpNH=okd(rK}U1q(cnTsz+HwCMHS
zrlw^dyQ-_K^+*eCYpk$LuIe?Uudi9s{{3kHE#*C|Sv7X-*jOhW<JqJqPoCV~W7PKg
zXiQVn*3+kFI9Iy4ajFD9E!&qAsq|v)-oy7u{Ug8mSiz!q6z%@~t7>Xmid-fQERF!O
zWZJay@{5xePu%~DzmoOS9F3v3|2Wswr0c<ANABN$kKHBgQ*32z=pWuD84H}_q7ENw
zeKGa(r<&kFgK{&^4DJia-6eYd;Qm#tdmc`4@1I}WvSh-l4~t*4%#6<cBPeC&&6kO_
z*`wN;Kj@x$XmajkP|y*ViJME4eG<;xq5Yzg8B{ah#U+2Yp@+8i^pCT-OO<>zRrEA;
zXjXxT8MF%vOCD+lzunYWp~L)`U@&O%3HS1>rOBzO;-dH&n+_<etv*8n+me`+R8&+n
z<NV1LzP|6TZvJiOh*6=TdNY;`w%WdZOk`wl%i!$F=ZxnI57`__U)JEaV8Q;QBTA~r
zi`If~pFeNpnfc<`vonDeQ_Lo+i*)xS355IdW2%1A5>YHF&B(gF_w2azBx`AXQ^T4{
ze(yK4FB+5Io<G>y+IsvrwfnmI`yTv(mIenxUG+1Tr;Rr{Rr4%IUHEvW@qqiPs&DVP
z#S|yC^h#GdtCDQeeUsf`ut`0Xm4}TO!R&L$DUQePy*r}e-hK7^4>VHK!ajc5{@TO2
z@8)r1$1WeUub=kYEZ@SlHyuB(COPb?4BGVNO?7ooRcm(#yL?WsD}6Svx6>V%ez$1)
zE+=1+o1T`_ky#PfXPZS%KYdQmc)%F5s0gKNeRr~XylioGzn!-pr?C4jOIEe3yiN6;
z*wxyVPN%ck277LMW(bC#OZB6ji=_{sjT|{>(Aj3c+h+6U&mTE*<oy#Kdv@;*UAphU
zmVO7_MkXgGFJHEd!DQ|+^cb_e<t|kzrw-8I;acaSy|FaM6Yg`|-TP^2JuEFfH7_~z
z8YAzr!;J2s^o#}DTV1bdR~|EY9*{nK+U~}$U#qIB_Du>t@T+o{%Q+i0Hg4P){Py9R
zXN!_FdTLyWI+foy94yuI=g%`UE%bIq{{H*(moLqGs3r#l=T_85MMVKEyizYMbm{vS
zQ$s>Rrc9Z#XwlRC!>?a4eERbCp0FWSZ(h9$5D3UUdsYZCy1#pIU3-Jg=;DyA3uq(y
zY!(*OOlK`T-ZeBd6daqMfBtz=<I}DyKbz7wEOsg?DJdx^C@3oWQ0SnO7kAUg#7Oy|
z(%ORw%a5&Gxw4_5VaSjn)PA>ft>O}1R93!UGC?=|RaI4gEv*+-RX!!x4c&8xDou|~
zO>KCVv(eVpR#SOq!o6L)b|vgqCvWHycB3L7Ju=!{*_v@?F126S_U-B#8b!Wlv^_~J
zX|b`kC)~l>-r4!`W|rf6=M^jA&r88lFE6i<kTx@`+GL;n-|TdC!yPG_bxWGxm7P!h
zY2L6t(c=OE*YfxGAGB@EjA<M5rie#<+CMtPV>KNd>>D?3ycA?O#m!1^1FBO=JkXNu
zbi*%PxDXK$am~klQ}g_8br(a&M++`6^l;B;^CaHy!J9rSC#C?=IYDGUS7ZyrLU|$*
zWh$5M!=m`Gc(4*18WHE<{42%5moF4y73lQ6SwU<j%PN4!70`nX$ho=aHb58gRC{N;
zlQxUi{x5l`fBgKLKOM$@5Q5tOZXe%{|1dL$m;L18KgNzR{Sp81Kk@S)bpP*1{?8wG
z2!Grm{BeiyyKCIzw+1`SuKMHZ;E$_=Kduh`xH|a%RqjvOEJd<x4R+8mYr`_r{rN1Q
z-Uw%ad4|wjph99YP&DI~eBMqpA1Eb&A0Xz?VQL?JAdcu9w0eh>z^GV)PqfsLTxL&6
zkq&D+7fZ@iI79}_AIGB1UW)!ABqW&PAt^eAaF_vrAM=F<l52m+4MY|)QES(!6uy9s
z6rX}10&)!?v1k-GyoS9b_Z%w-Knv-$F9GOIh&BM&znDuU!-YUHp^3TD)kHITq6Mk&
z+T|!|OA|v$ujaHLAYS~O2QyX$(FJT`5fmQ|pF!tXATMG?>;atQ!ZBc#SWx=IOJ9-g
z;gGR6WeSMXF%%`>(wDJ#u<o@`wzvzjmuxT!HXUXrRa7NQx>l%6L&{LWE?Mo`B48P$
zd^rZ<0Oq5^((Z)hp^5|xogi4KWIl2YRlXj&Onby^qzc3gvz?fMiP>bIq8SI#`tG1j
zN&Z;4UEpkj!@-jrXsV)#$cZJUL@ZJ9Y_IsJ1!%Hax&Wn}cBkXpnPY{2A!{s!kTq6e
z>N5$vL6e_JA&%UwWy#RmWs~Eh=?le3!Y@BDhD@*`ZbB>rrY%K}=S>&-T9OF`-q4R&
z#F}qRaDpWh;P@hK!_rsaY|D`?S)WJ;G`!#ug(X8DG$!`k03U#Cf9Md<BZcIoL>i}&
zZKZ!8`~k^GiKnjQQ{XhQ0!1*p8DFkuom}5!q<tS`;~_ya*bEMvFJdw2Gzvnu(g)J?
zmr#v`gOF5(qQe653doZ}=8N%5P;k)1@<}v`HD$4wr+}uvP4f6|lO^+k_r1L^p2Ol!
z<N;j=U7iU>;7{q|came0k0y!(XGGy$UC;rdileB>$ecFXNCw1tFE+&PF@pn(bP300
zh}{szMuDDtM5HM?^RloU6{H<ObDRj;$qbAtge)I1kR2T)E9|JITE`{TWXq{d2Rb?x
z3M2d_=~2{`Fk)RAG^oJb)qv>0XA1ZFPYusV4!fh(6EUs$+tn1&>R*QDu#zAhtJWw4
zBrQOB1U6_y24T|%XP-yR14#CU$rgD?-b`5Jk0qi5mMtWZh)|kB7MI;{Meqfo!<uuD
z#J#~OA)sA8CP4XQ1@aSKq!+Tpl<B`(d)c~LyE#f(^RIGw3h_k6kWjfegO{0+giR3B
z+REqBhS$pF^Zj}&po(vTZ{*UpY?5E;U2?egKxPQ=5uoIU;xB+zMC`@vKrxbz9sJKi
zzQ7y`2nor+0n~(o0cqy@P7@fUA3cbUW(kG~orzEz>BEKM2W6pTk%;|)^*}0_g7f4H
zlS4|<kOJ}tp8@Our84|7+O$lw#6;8J4LP$COh)Mk**M_g44h$cDIIo?>j52(LOv6`
z!nH?I+qYZzZ>=*~;X(r%01{y_EkMjP1SgWl5E!izfOZ4nf`e}%%Z(+vCY%T&3&f2H
z@MDDrg^q+jR`n7JF(!&e=?nk|=qM*cWVJ#WCDAd+GL;6}S^Q`~V-Udm?vU>x)h<yo
z<0Gtq3n?3H8On-fh{=KsQ(<t>8i(z797srM@m6$FQVO?6Izkwf4EW=M<Aq2o@PJBz
z5)XmO7|4c(Og_(-#bm?xSt2HligOqt8Hz}B{OzWQ$V)0@S<>YZu;AT(6fLtj@Nb~B
z^9W@Zd2EgZOTf+*$#f$bBu+(S6C17F2=@zYu@JYR!l6+h{zlXT&?EU9J3?3<z|ZyQ
zOtye&$z_S)Q#LOMKe!w=vP^WbP>+SY0<}gmaw>>un~E!9?Y=9wh7_4K1j-n?aAX+;
zL!xL(UhLRB%t8<t7kiZe4!{Y3A{Mf3xC<yP1kpJdE(EIy3%v?u7G0v@8MV`;pnV%D
z0}2cGO0sN#i6eUeUV&5(84w`*0I*a@l5J$c37K>i=Ap+8ct{$0+=wU1Q~WDe_JB*O
zbHIh-L*@lFS^`6YG7{D)=AucL+fgFU#2{oxTZUkSh(d7G$%pI`qYFjaDd5N~)KUfb
z1)aTwFG*DlGykCVsxiwJfEXCUqu`DSzBhxZ3%?;?VN=EWrN|Wd?Q9Ire5_IlWGRsQ
zf~n)hYAKQ_lBIJ3a|gTtsaL}BLA4x<zcBE2Pnqm-veU7Li;6FhtW4taA$vuJ%|}=e
zp=LD?K|Wk$D3CoufB`ixJ{f;ec1zL3;6gSRR!5d^i%(?AxbjA$*ujMWy_5NJMJR-@
zVhS{SNEH-#ykHG$a7sAvQznZc9W~C$;Ouc$M&~0;fQ6?Qm%fBqMKRk3A+I%B2pOXU
zDp)Kw#+vxJO$p3F1}q{pELWAnn+-<}_=b?&URI#RJ>XJd;10qjsCG-If@^!23W`{T
zaXphpc1DN<^vx$`VVB5I0Q`kAY7u(ih-Xo*W&&BdPw3#jebN=>I9FtBfow!-$;bJ~
zuZW061*ue-6F>_f%9|lLQ7nNv(JBekfajSAdT{F$TI-?XxnUrdxEpwzWPM0(FtI&q
z=!fFO0KpSDX;HsLyI_GRRulr^>KhPgRD>7?CF8}dK+>f`nT0Gzg4(x?m5;TA*<L>*
zOEakxaVr(&Re+4xLR^W0Pq0@IJ1(GFTmhkxQEf3$jEn=yGcZQt5UB{?Hbj(3A;hNm
z3Svl?$PQ3xkJc~XljX!d?v_<}1Y`^#eqbFX{Fks37T>)Sumy@fv{TU#DnlO7P~oRb
z*dbrDi8EvbF<R4sJi(iT_kgl19+QP<bBE=_3H0H`<nV<olq_%uBsv@Lp#}1xzJbKV
zAn|q+3${;T0SbZEApBHFzAssY*|<h3B`yZ!<6^jw=*CF^2Y@$1i4OvWQBoe}CpnBF
zxEQbv`2EFj2*~&00bv6yf!Kj2FkogfyscRXzNA}V;}Z$QIJ2c9iTfezf@UZ&tck<7
z#OsRFIYQ}s*g=y{R?@n3WU!n^5K`<04vJ5#;@-g)peEc7Hv#=vA5A<6zve*|10aI_
z29I?xU*PTO*~vDcVFv`$8djwTmjDD@Mu+Qxl|GkriZdgO=A~{T<S{-Vd4nWAJp4Iy
zYe4@C0nh^I$3qngxeasaa14mO5PA>jNU=7c017ZAUB;e?H-rgLFmf*L0K)35Q#t|-
z2rnQya!?t>!n`+@lD1{hSUdS|H`|%O;xHH?_ZB?=f*?t)7jX1g?VEQZG>=%Fxwyj2
zm)i<m$So}NI3i1LprRt4B;itsa`b#emO!1B`2?;ie6A}w;&T26N#n@*z(qJXCj9mW
zWZCU=hiG30*jY$b`|oj06P7{xy>B?9JEC_n(Rc8@4ihQSf`6ffqh0wF`Btz(Dl#oe
z@daJp0Rvs0Qpih3lm0<EY_D*(TY3p%BFjixxgHR;R>&e~HwuO!i+1P|v;(lOjFN{P
zE*Vdjlyeb~7S69wD-0?Cr1gjXmb`*3cPy~rr+-FbwOa~lGk;QW@udO_Is;iSZ7AXo
z1B_0AoZ`#LDGH)kv>Ohc&GV*9qzQyVBKkir(ul7u2HXjz%KWy(LN|fW1zL8;yMTP$
z**4fOW{JdbAAqvQ6DlxXAPOGh&_Qe!IE|p}pP*#`OvYrxnpaY0#g#hq+eg?zL`nF%
z)Cta&9}2;z{V!n&Ns|CVK`&|hRp7}vZJ`Z9z(TYQa6X`sk6`X0s29>{dDFjROHp5N
z$CQPAt`8&dkY+pEUDUTs!Rbo!J^bV$4gv^}I#^mh<-5Gi;9&Uj#X-oT;KfX-a9QBW
zVce0+5=a-?8wy|_=+K3P$N_{XwLxNH^*feJz~^unbf$lY>xIA285P*Egp29Reo(=G
z1{DZdB05;yPWYS5Tlx$>pTnZ_I@xDyz{in+db5Od^mnx2t}bkfg7x^_n@rqX;?e#G
zHko3t;M@@VP}nqRjzQ-D^njTwz(O&Ra-ZM}y2wO{^F+;ZunEGDBz<%=G|Vr|WijbI
zHnfIFq%vWf`6wwX#H9btCsr{Im1T?w2F0L<jCBjE;4BL|<*fLMqIGbl3eARiF=$Nn
zz=DS$x0H4uZ#;t)7r899#37@|d_tComa_6l3bk<=M1+>)zpZAFS%mk$8Lj${;aIWY
z8!%QZ_%kRLAqaHw|4n-b+Jj<ihvfI~vUtGB1K`K>?P&7Ihx#5sLFKSKsDN`I$<}#3
zomx1ss^*Zf1_*HAzJ$%?OXNM&wIwJ)Zn<XTCJUs09HdCkGwPv(zK3=S8kHg?6rwT!
z6GbC@6b;URcRH}}mmoR^k|?c{UZpKzy`vs1+*mBvFGZ%{Z~&Wln*_5ivn0PtnwHEE
z^}j-<Ly;QusZ!pB1|o{3Tw2~j$`3$96RZV+N;ce6AlX9PU4ZK3LRO%jSj+{SfZ#hN
zh#4jrIupP%7Id3>0|gg1co2irc%WrMkyq(dy@}QBX;OQYwZeYo`t!zQGctK3I9XsJ
zHAZ;L#dss<8#|J^JYCu22~VbEP*QFR9dQ!E!N(7033}&=C7fA+X#4sBbZ@EW+yEu5
z4o5)$`y-%p7SrWNA=@h|jU<1`8tza(b|<q!T-z`TKmg06LPP=`SA3zuqQ^w4qH_a~
zU}%XXnr%Pb-qy{M!dKX@;<?E6O;q5qpa<yxN4k<@6xR4sO3piW&Jm6!iM$jNR#$OI
zvK*I^bbxa!8f7YA%<>*>1##5acu=RGG;Rw9jiKSwLe#7$wWlHHn#<z&@&(99U~mvO
zfW`CWBk=+pxhXpnkjfIs(I`H20aBoWBIGj!EVybSb^sq;H7VIypvGP-oJ9ulVALA~
zLxUvh7v|I=Fc`YDX&5s^_htc+gb=jzw@XYT@%U6?^rBSi12%{l4GAlbus*Id-WFrf
zD7!(K7gF#T3PgZn3C$vQUlwlK#ij&VJ`yO7wL?_NB(v#AUK35wcw_|yFj_7h(QD;{
zW1t4iliwgN>R6R1x>94fBq9KX(lRza<XB*fA!y$b9`Y>NV2VsIOXqT*$>+d7gdK@~
zA0Py=S2{yKGS*%EvH(;(B=n2KOmf6Ly70RO2JgRiGBD(ozcDb3L=+DUgZF5`3d}h~
zK%pH3wJF56@LeLt#q|JdjuiWQqp>|G2Scu+3MmXp(Q`HoB0w*Au)PtsENB;tPL+m7
zxZ>_->`n;c$Aghrh}t0E4IS`h_%~ZpOQsXt{1;tf9#ohH0(-_6h&(+zg^<qjQ^Eo?
z<q1VXVBUPTu)V<^lMHN3!$rUgLBwE`g^y0^GsE5gaJ2YSh?4};pj)^HJb7C&(bYxR
zVzv+hIH^y&9b%IWyCHxbsXMmA^6xT8O)lCEVHAYR6Cxy5N>Y2NJ-3!+`QP-iyUxUR
z-<v^*V@9L5A#RgyoTO2G))E>8tFj_FMDqR$eO+$`LQ~K`hD7@#TLbZgj|hrzmO%26
z)Z2-DtV=joNH+$5#uwJvrJ#S#uceR?w&QjHEeZI+opQQwPfDT57LEAt(BLa$u$48`
z@(7w6jNV{~h0M;)BkjF~uz$>B_^-1?)Mt$PasL0|j9AE-0{HM(xFSW~ef@86#UJGN
zKSh3koB+TCts&u^*oo=ndK4fDxllzjnlTmpGa78ZIn5aKM}}dR$ibsgtkH1%_TNG@
zAQ2l034ve6NDjJd;nBe(n>(~E)4@lwfte_L6OwK0Y#{QU>g){AKD>GaZ$HUIE5aee
zSA^I#92EUyfKSp8wf#L*GVWG@W^sw#4Sk5akmQ4EWZVxDA=utYz*Q7bt-!(w4+U=J
z{MVTxrYOmBMa(oz=t05@Ie&!}{<n}3&?f@LY@tF*`c?_NKUD)y^*_D{o+_aVo+?rX
zk8m3gse(7!SW*Vh6#QypVQgw)-mVOu>OWNnPreWy<-fKP-v7-X#rfaFLZg4M518d`
zthspy`QMNqx%_WtW6X?66!U*@3?2UbAJ6~R;r`2{lKFdmbW;D(WVDI={*N_<`~M^V
z-@pI!pO^p74v)CS6@?(SXem<NT!a?=#xL=4VYy`v9ZmlB-<ISL%kif;$)D<fPnJK1
zBncklPv!RetGoOc68Ne9FK6&`!G8OX&fACl@>lZpF+~))VSY1183C^9N)q^eYe_rJ
z-G}`3SM&8DuJ*s2t`Gg|Pp0UD7p4UiUpmkGPxSr|X6Lh)KKok<`mjeolJk9Mwn}>p
zP!Y82@5;!>hnZ{ssYHC}ZG->oiTH%XUHj`9_*CUC(PA5nnu(;_jT?#_;dN*>ywX6y
zUZwCCBjOGSLN*gRPVfg<#v&TodNJZ-@}-NY;Cp=VnLzSop)X7{1OB1FXi))+4paQ_
z2${#&Fk%~=A1}%6N&E?NX$VRvq&L*i0{f<85hCP3F$;8$+LOR6O{KF$#_A=;L-K6!
zp@VsvPVC^$CRkG_l<=qp`77@@ee1#(v562k7X@V+*v(IP6;&Xj=*xXq-@pL*Hp-Xa
zioly&6x6y8(-INBN;LmtV=xr4gd$zE4H)SHIu#2jNSq28x@)aq%Xn0!uH7sbSBjgp
z&2)Q80E-Xjh`ogOKzP~10~}A=S@za$_A+15M@}tVQwqGG2Z5r#xv>EidCUUPg+qJ{
zo*IxnJ(2Ozy}hC1j};7KM&JSo$uL|FbiW+DwjA3hCqBH;L>E$QVa&f!mx?xOrRxVi
zn9M{T(qKLqDrF^=@I4@t`792_iBAWc#Fc)Hi#(_Kq0c8X>Hm+tD}isS%K8z}4<pJd
zgR))AVv1>-ZnU&eN!zqdm!u|XfvG@~=B0V?nuNTBQfU<tL<9jrs0gJ<tqdRq@f-Mo
zI;a&#5v;hduU0_NmO&6cmJjBh`<A?f7EtEr=+EQ_ZS$6M?>*<-?SIZa$L0n9{}w60
z(PAh%6%arv34CK12^HykuR;!sK3a)fh;|^CnRc^SxVSx`i1-e-%2);GY!c2z3{wz3
zBc#<CH3k#@WzzGECYSTo*?AfxQasY1eME`iXXvO=xXf^<GW;f0By0}Fie}~X02cuM
zb7sM*6aQ+tE+JgEK^!$sdN#MSL{JYRHy5t12d}>w1Zb<0>w3_IOKE(~LJU2a9?8vM
zqbbHp$gy(#4CtTW@QD<YDwHV1jER=oX@=0?SVam5U`vP&(?~%5ae10Bs2BW=IgelB
z+YWzmt%v55c6(V^bVL0}4}g(@8zaD$eO-0%1-?E!<A_r(L`HO%dF+^yT;iz<T~Yj7
za&lUFnqKX&lER%{kIU=f#zZ`B@@XpYu;<0Ru~0WWCeAfGpcD9b5YP$u$NhER_jK#J
zFTUuf^3pf`R9<YQ|CoCHKuzM#@mHmzE53+nmVvh5t2QqKBc0P`gL7{VB+wD}QJmC3
zn4oAkWEdC~V7lW}QsG<kDG{uje21B^3NX$hGb1>%`*nx_|8u19e>aqLXph(JKw^1{
zP|`#B%N$YOwHfY!PQibPeh3pOnfh=m#b(oRbeXbp?L@a2hJ~yPLt36)$UT@^TAe^b
zO3KDqEm-%-C}vgiLjWG5G4H`C#K%wENmx8$<JoB-H#qPcDK;cj(tnYE2S$pJ{w&{T
z{YdlUl!PrN%nGvw&*~C)KTe_)LxanagK(?Z?6yEIm?9?wl_54LuFJ~dHt!*iu%Z?5
z9S!KYF<mP>S&XM}e9Z&v60)U%a2pUhij^y9M-k(-3S$R}fap^jt{`e6#Hpk`Oc_5+
z_{x+k@W4l`D?p*tPLb6P{D6=u6med`9f>eBR4~~6S#3X@@y8FO<;*|PqWLFkFp7#y
zh>5}felzn=(E9TS`?QMxOE;poS;kH9e^pFObRhm86&)GG|9^{55dRP2|Nq@AKS4`C
z&=L@|1OzPse*#NDt7&=!s5l@^4?miURscW4LC_TNJ2D0MTLSpCGY8{{(&Ov^KIcsF
zsq0)bqrz3;QKGm}0p8C=;eU7)J<8uD^A^>cckm>rKVHPxomM~*xcxlmdhd$?fp}L<
zHF?17i}hrqg;UAm<jkL1Hjkqq)VvtODv*d@k^u4LJO@3I90|O>Y|tGWJrVqZodT3V
z`@EzT7P#;9ItWynLyx0SE<`G3DM#oH$#8))AqXwPgD!+z7u;^8uW3cJgJL~?ck*0T
zk~~*Dp92k&KG2HCI><B9U!JNckY{XwJg=*<AA?#au96auj)-cJI42BWqX`dK2&`xM
zb;SY<WJb}FvLkW9(NK0wK-oF81B+cO=cYuZ+8-IoYkwe7ky~&Mzf@2XXjP`K{`e-p
z+I2WfvDPpQ;BmN-9GPE|_#!09g~v0%&fuUvBMzUS(R@}8?tGSlr6i#;Zhh^5SZ*dI
z6baU4#mt}?0(aezVg53RQ~|r9d3N~@9OPqm0C{-J4(DsQ*o!P(?0}t$qZrNxVD<&z
zhdlg8OikR$1UEN!OyKF^y`g|D`%*-JNLq;4z>Pl%T=Vd_Q3R()NU7wCjiDye<aD?%
zV}p-Ui~jr^Md=HCN+UuQgu=-$kZfuhmkNhr%7}TAGj+HLW+`08`$)<fSQp_yGe}8r
z(#Iw7BPqX~VFR;13~*RjS0V?v-Qe5r0Mg{N?7x9)5>Qi$JaL$26pv}bG>9VO5+dUh
zqGJOv&7ed3ullr#|M|9gw_V0f@W1FtRUrO1Xi#)8|Mze53F3c2{4a?A-3b2^HsJ*F
zyJ@QFAnq5${erk(5cj(++%M=1{6|LsePcg4GA@q)VmdB<1_pOvKGT9E_crkkf|(D(
zSs}=vP5f~v2W(N{4auyCpApke5!E9(4pV%7uv}tol3tM0*X#0YbFdg}VI{GA#C>d{
zz#5>d;r+VIZVT-J7iE7hAOD99f&(S*JP6)UW^msLvy_E_8zJvOW;3&P0;C1(m?ccI
zxhcw*^BAh?C1C^b3V{U|+8bp&<^(J^vtp{_mQo-Ivo1U<%)Eipn&87v!lRJFhx@2P
zp^^YFnJ1WOh9C)W*XN7vo1m?d30ji83cR<Z?B^glKxr%#<seujWd$EDKEtRIWz!Dt
zL=Jf{7wL^?1c%+Q61YQNN_*^5vT@<u8}Z>2!v*lc<PZ4WpiHE|G>ll6dGIiYE^<3T
zDo9-fu~FsxBo*pMTZ%B>h&WL6waKp?h_r)ezc1>AoCA1N{!QT!nOiHbg;Mk>S`-i2
z%KWJMBhdemRzwBJAoJE_K#1@uQ^~H313a_v-!VubWwyT<B*5=2Q0Fs*VuArO_NN_?
zf>2a)l7moGbm&LWjf}(_9|3G9fTkqdpxFUlhQiypLSz6W76!fp$!|2TMZif2lI%9z
zWq0{c7SiOm$b~l!;RtDMsLbglK83{7`PQ@QT4;wE4{0oyv^JUlMrg;9F~LAF6zpZ9
zlybAkQ$GGPXn-(+IBfxq=gb*qk2s{sg_`rVZfVRCSMMa6wXlNcMlE}cke)RP%mWa1
z8AKq3fJ@B~_mIPXIk$6z6Ov~*k(P3MSu;bIutoMVJb5^*ZZR}X3J<%H&S!FpDQ{Vn
z4goq?Cu2rjVm;n<o4U31(jiG%<PwssO~U1%xq)!>^?gbT_?D8WfmYHWdCT=vB8}B+
zhD=D0LwqSoJT{Y^HWx!^G?Ec54GY|fM_0B8>x#op(q>uZsb&YwIFZTAK*~!}K3*r5
zf%|R|MDb(^5<tSzlYUN=8FwSQnPM=9J$76SDJ2!(rk|v7vALAh4F%C=!qsdF0@vf}
zr8}*(!|s%X)8=IwDacfkh8G&{bkmS48nA1rTzUF51N=3B8aweWyU0!$)}qik&f91=
z>j~t4skvnV;8EEeF3$m0l;C<pf-H^!rQpF^0-<U!OYkh|fq;7)gShIY(iCQgj<TCA
zNC8t(s8WvAjB&D9+gRL1K{Bmq8g4+#!bA$+ycg<A<|-uI#_JNs=_2Qgph1uw69U$d
z`n0I9HnYVIIlnN2@x~9l`NJ*lkfb!BR^%>j3c1Z?+(^^vG`XaTDZ1S8EsdDsPMXh&
zB<`k#rAL}z3F5;G5(&7tK}NDop&7gkgh#@3`Y>azIw#DOq1I&?hqchniu^Y1;c~nW
z=1e;<AeK@LZW;Bk$gh!jq=Yfb%&-uW$BdPRJBG&hR-Tby58;<(Zqe1;zeC@6n1wb-
z7y7E0kR-T9Kp(6w(y;P>b_<CQiXrxqs7OEiNPI%n-~?6BJ`()g!lzaHk8~q-n`PX@
z{u3D;Jt)xsJ2EyVX#e>wKEF5n4-zq%KbAd5FzB>s&-vq+bN&F~T!Jp#K~ql9loK@N
z1Wh@APE(HHaUiS{{G;jodIJvZ%SEEX_PZ4eM1q|52*@3rI43im1@DWIxyWp#O6Vf8
z83sQ^%3Va`J($bu#+nbt8xJyDSSRE4P)r$@n}_ufw8eMK+3hUD^Ex@R?MCUkyf6lQ
zoN--Uc=2Py6Qi5r)>NRo;evGnvQg7Ec+1STh+yDdx`PXdBCL(r2rFfy9W?P{=2TOU
zA3_{ZOH@i|a=2XUVG+M8;IM)K5U9m6iydB4nDAmmu}hdR(sQ|F)DklfU_&&A9k{#}
z{0_1@VcI9$ye%YAK8~VXh$arKt}-|5xH*W6AzNhL&z3aHLNU(La6iKg>!RJX#}}Q4
zv;`^*k$L0-m`qf}<0OH6_%?xF5NwbWKS-Y!Ibj*zb>qon0y#17#9|wV-{q?1bYSh^
zLlqE^iZ2Y&9C&S&7Ndld`wnuQkB&i3=|gs9vK9bL%l~Y?*@gM#a?=oMM`Q@FA2&@7
zZo#EQA8A6=jrbKAs3Wj2!2ey!DPbwf1u%kIi#Vj8XE6t~-Ihp^hccJ6h7c2!k%IY^
zw<hpHvx<FKgySGMHLiV%$c6#Hkwm~$qQd}KL8j}lEMKE@A?Xy$^2GwzaJz~j=M!aB
zaw>t<2KEibl#)mp)B(@>U<I(i76D{pCQ^`#p-!ZhPRKM}L|=dK01=Z1Qh+=|jQkrR
zp`;KiWoG1jPZDm48YdY&loGuVZZmWV&6hx8hyYJmIj7f3QcooZ@WOA3G>ddr)~=KQ
zyGq289t=z;#^nfbt)>`84jK1I1{}ZIaRz9Qkj0B<5jl}iYUiy%VoPXNZu7bwxJb?s
z9nuXtNr_{5t2aE(Ir~G?@F;I3gPbo0iX>b{U<cqw8_3My6E1&?wVQ=tJ-|0yJnfLf
zC81Srs0HgGIlmYP@y=o30j>4vkKB}@K}LO=X}H>;L0TiqHR$uTshU(2qBi31Axbn{
zYs%2)nGk-$pw^j2B7GWC>qeq1tu9rGG$V2i8lw^E4RUQxZnjo~uW5BD*?Fm2T{=p}
z@9Fd=l&#ItnlMq59zlUTDXqo`#Bwx-lnne;ovh8)nno(+X<CyGXr}26NR4vU29q`=
zFI#Ouxp{_My-|aUPsL<)T3wm}m!iqh=uBW()8UIqlaIe4V}?3A8_JTa^KkVIP(hTU
z&mC#dre~N?hCVx0gD)m)aMegyEK(M3RZ6y6o1;Xj>Kt{thP<W6R19)>jH@0Ro}qzD
zP@Wq9OEGEnI%r3VUS~4kuS(oZgGqdKxYnpqBDFzl1dgN`^f^j7@DsnGCq(djIt@n!
zc#Zr-f**nJc}9&$5T$C=*_alVkIqkiw*pZA5`6l1ACp89l7t}BQq=Gl#3T7nfz!cg
zB)|02I{qsnNVi?aP4M41RqXZt|FN+_{P(x`%*fTH-zR?vddhv;j8p^uJsJMDYlDAg
zKXHDEOxA0aHdSq!xUZ?I><Q!WL;pIxV_WBp<jJ3OMpN^KP0gh`Svw63acrd%n@oo{
zKb~H-FTJ`fp(07YLSH?*W>^0HRW-Ys?pl-JSQggzg?7&?3g+f)kgZSYjFfww&6m?J
z*%bXY#eF*Mi{dL+7c}hHbYdy{RPke54xgT^YJcb2bv@&=9yv0mYIvJ<s<mwk&7<#m
z|HF4XPo7rRUv_WwoVLqM1Mii~6A}}{s^$)!R(P`Ql`cbiH#DBHMlGtWtgQVis&soz
zx5@QK_b?MCO}f10>wRCe2`jW(U*EiW^Xk=ED^2)KcGDBxX4YPuS%38FZ@!ta)$-7b
zwv+P~^*wHqsoD=WnZ7%5;;WOM`={SIrLdr&ASWj$JA3;J4?H@o<GJ(a@0Kll@4cZz
zh8%F2E?&G?Ute!n*>wtPH)TV~{^#od|G=yLJAeAs3VqX$KmOR%RJCNu-%JC0&#A8M
zsh<1f#1RQmA@xUPch^6c`S%Zx4y&=eV!Y$)UAvASJ68Mp>#1pJn2c<g+wC4d{!C5!
z9EM>m7E6rg;}d5)-6gAEw_w2oRl0vRp80Cq@PP|9Y}la7&d%29R(*47*|KFX_K34A
z?zGZW*7)(vA9nZ1%z9^9@{IGF7B3!EKIHO_xMvN<ihJ6c4kpGI_o~aRO?dL0y|D1e
zs=U=PwQIw+y;FKR>FKNG7n%>62F6B2tgWka9R5eezK2R4Qni0{!M3AE%`#ax<%ne!
zqeqO0PfBV&eY(N+wzl8Aw{|Aaz4YVAL&eoYPyNs%uH*K@)#Ja<bw9cJ+Sf}?S)1=Z
zdiCnn88c?ATeps;+o)BMk)7IpuxiynnJm8N?9`A4d-jYu%c6GkGG4#y-fr1p6}Y#>
zyqeK(^OHZHI$A&d+SLnNvT6<I#>?BzU%7H`;)DZ{Ph678V&Z1*s(Wuel{MS6DyFBq
zdGoRvGwzYe6kWG%-@=rXRFs$R+qbWCmo8X9|C%_Yx}kLZ_?=fCU625jKx@C5n2_*F
z_JC(UP(AjbnSAEYpTB0!nx>{EYt)0sW>!=*YPEk^{OZ*2w|K9X=M<l?JDQ!LUEj+o
z$#07)KPwwD+Ubm#mOOI3^`0u-?w6xvvc7%$o<Dy+ddzsY`_##kcgWt~wr$&v9hl^f
zg9ob`PHfz`@xsqPcWO8F+&NEn+hrf@+BM<Kw_9iaCE_a8>B3Q0{DAp`-#+}x64RTb
zD?a_(m%DRE?77(dPMq^lx$*FkS=Y{1Uz=5Oa!dKepFW&+@6e$`yUM3EoWOcH^||Nf
zeQNE|WARTvx!XK*q_HtN_T7wruP#~gV{>!2nOn0e!|#$6GR&KAym9>E*%O(yU+&+Z
zn3VL?H>>jM>gx8q!48<yd+28N#Oz_HFly1DL4%CfE`49~^moTMywa_Nefx`@J8dTo
zrB&A~L)u-qaG^S}G(03EBs6r!F!af>pDH89T)K2=>?zae(WAZIpFgikj4eq{(Q37i
zKmJl??fQ)y=e+QOynXwr2&>lQ9X8x=`rdEp-lkqv-4LNrbnn@-eTNQX{yuhrEhN_%
z{r<6~hSfO{ih&Cbe7XLgd-qN_KBoJ|$psr7gA)?!M!l0C9ow&CyY_dd6g-bBKBV{B
zHEY6Ds@%jo$CsA&=?$Ob?oGXV_3|WCZM6(eOzbk_qfJVzK*KtET&{K<IuxtAyEiSV
zKWblk`rzd`n>RnqS{8oxa6y5g{N2jgb1Zw>6n0OV_^-n9@^U;ZoYxi?7nhVY?b-9n
z^y%riryn_Tq&BN^SjSn<Kku3_0rNFBHrDc1eBZwHyLXp<zU`r*H8oMgcSqD37A!im
zZf{J|wGPp%yDofI)ox1ryKCy|!ee4gwT4*yGe2KGEqT(UNd*P_)93WQr|pzkvu17I
zzJ2-f<)==KU1`dEEw@dZHp^>jytB8TeP;P`-Px=@vdOb&?>ugMeAwj1|2@&YVamLD
z^VYxpc85Mm?dvi9JMOrHrs<_im!ftHD=SYNJGN%TTT{|%YFDhNSG}3PdVKtWo)@A&
z{;=`qq6hN4-fM5(`~Lp@lRjG*_Tq~#c9r*!kKgn8=eo<4)zxE0k3NK(Ypc1h?FW1J
zFaKa}U0vjx%TJx$+3A7vKgi<XvvE-a7U7K4<+!5^eyLt{V0YZ1oss+Y4j$MsTRyGx
zN>l&&D`m2E>pv_Q*{N5rk|j%+ci*)$gAVT4@%feG{VR*UxMt5)cv7c5BP;CQ+|*P;
z(`U||!^7vU??%3s+y4Ih$DUtg?q0WcZ9_wYJ~MOuh7E%TU41LEZ2XzezWlOog?`f5
zasM-Y`c6mhFHYt^{P6ZqGA>Y`4f*!lAuCOfc5xSv8+Y!hmy#If`RG0tG#O7hhqgRj
zomso^<(K<C@<_Ty^9&mC*S}u+zcY=v$Kjs;)5Y?n>gu_3msRz8&0JXc?eQHS_lO()
z^1=y=^Y2Sfvu@oQF>~ga-U+760gW}wNAwuf_8(_HP98oy@!U%j%XV&$SbnX~0~N<p
z*cGpZg@x^|8+Cby^Qp!kez=V3Pnj}h&z?OWeU#e$xjv6Qb>+%Mc3Se$=H}jAx->R7
z|C_xhfroNye?-M3wA{9<%$-Wq7_zkJYC(|-#nobKFqn)PW+81_soNsAR4S>YLc3&1
zT9oQWNKzz~qLNT4$?`wvyze{nj_odA-~ImI|KI$|k9p5~mghYCInVQK(=?5+irQVY
ztYY>rE-w45VzWknSX8^Tw!UcP1>f>hF4du)Hyf_5`}E>P>*m|XE~b4tx8OcUHRp#b
zfOegooE%O$DN&|Qn<f{Xs{yE|SFeJ%6Mro1e#awz^FW`B#`qJl)7Q@o>7Ds3@AJE@
z%UYZDe0&bCSv)W9USa*MSI4unb2o%ApVkFrGt`91F(dnKvWo3SISBaDxpRW@tgZaZ
z%>lpsQV0;8>6CKtk=%5Jwf8IU)^(G=d?!17()d_a3MG2VIiDh%mX@*ulbzWI;}$yh
zD+}@p{}Nr2X5{20Hk?nHJ9loc0gTnOSD&g&0HfcVIAe6g=y1#ZQBg*d4u)v!R4+RB
zB72w4#Hgs4ipqioX%}w>yiMuX$3On~aXVM9+M3p3F~TNu)y?eImai=1R{gn@sHmvD
zzd{P{(<eVa|EB?)jVd>mmzV1)^UE?!baZn31{zLgmL*l)OiB4rShz<gV0QVJ4_B{W
z-y9hkc*AX|^VZOw^#wNNIh$Hb`14=)JEYysc60<_t3Qk1*z@_PD>hX$oj!KVf*$@j
zV`WKhuIky(!Jkfq-Z2q3E!{Bj;+8>&9WsyE%-^sfYP3%E-Y+$mn;q{LC&?YXk<NEL
zzb0_bquw{l>#knCT3TAFI_&4ww2grKOqlSozW#^){dY!0JbL)>gk$oysd<yGZeTSu
z)cu-VmcdlB-16nElb-SDJHIcpKD3=ay!6<EpVU>H60<JH$AhgMH~QMpNhz+um+q~O
zU;jFhHYmhsk&69jacP=(wr1j`OU@@9gcH=|mn&1dpBGk!dF49fit~ruu30s3S)(W|
zqEI(J+*GdlX7J-F0dEKIb(p2uPet9bu{P5(Gir^0x9zt*JoJN>Y;il=@c!i;(?fdW
z;O9Z@r@IX)O<TvGD!rVWY=3sh^cCqvCms3u-UUUuHU~t(O?B&@Ki}Qxa{bwrBp>;f
z_q&foI`R$1no^b|HGZwRe5~Mgg2TzZ#+QH)&%S#%KqOjGbuw9bzkk>k%Yu8%h=}?H
z7ZxP3*WX;Hr#y9g@l-i;^OTC0m#SWQ8&pqJ&P+;LH=bv>Yp2M_NXcTx5t^d$q!Omn
ztNt1_N&fC?`{tOX_Rv4oT_hI2eDUIz$GO6U`8^dByffsc<%JKo_*7HIf4al%?A!XH
z!~-T(NsAAa*DZFVFK=$V^2&R_zB$Q>!>6e+`dhtu)1w!)__T{}-b7Uu)xgx?R+FAR
zW0KF<x_umU&{k{M<P{BXA0=+zzWx4v`!Qq23=5m@;BY}$X}uD_%pPbQVZ+3CmwXvg
z0ko&dUl~`+T=~%l=f$0N<u^2xuZ?uuxXrWla_fP}S#m4)Oi&CA2w1Xr?Tn}q!-u;+
zySBmD%v7!EVp(a^v(U6hmL@}9i4uAZd~kB%x+Q%ljy?1+aa2uH(3A6(fYZ2KywE4i
z!pKKs@Zh+(xJ_YU76rW`mulI><X^jXjixwHt3M#DMk^o}<a=6We5n{5@RFm>WCm>5
zu+QDyWNyf)@LHb-4drzy*RI`-%XLjxi!bzZqyIPuOk{X6uT&rwPmj6fk>;@8i3zmE
zy1Kf%ckeb{dr_I}Te{arTO2%T(!I>keWs>+W?bsNcCpj`%7zrT;uVLEykIX)*}TS@
z`+H!uLbqvVX7ao57&(tWpPrtck>PUE;YY>Vr&s0WO&&gddc7hiStlj0xnke_>6-`a
zsiiBf4Q{UbHFj38|EZptR{;5MTy$s%P{}r!vOqs>mZjZRvr<x1zckiYm96~jJbn6x
zc@v#8?U_J#-wk;8>wOKGdix`Tk}qo%@?LSza3gOXowIq)swm6r8dDC8^X)!H&GG^-
zXS!YNAmtgBmWt6~>Cf{^yRV_8c<0k~b#)Kff_*g@7S?mx_8AMU`W*z)HX*^Mxv{=c
z!LNKqd1ds#T$e9&K}Gfu4UL{cH$QPw!l`$BUdxS7OC3wjoYr;Er@!EB&3wjiN>Mx8
z%XClot9m~J-DA<B;)f3{NAw*|r|)7qFY)nN{`TS7+S=NNhNV&btzmcM<u6xNPcK~L
zC9kWy$gyPD&K(2fU%W6p=@`f^HuLf-si-J5n1Ac&8b3|twFftEo;71eR&A}{!i5Wi
zg1!KI0dN$y{-fVU&iZ&sT>I3$*RIJF%9#0$dt8CeJ7Sd3azwhR+?<sY3=O|bX|-#5
zxm$bBh#!1M4^>ycckf<HZRiwp3kx67{9~_GeO}jSOj-6(TXT~^WRXkejELf_kU{;A
zn1xj|)V)8&9IF|vcWSS#*3KhGj$B&)ndzG0<hsW!)N0hIh^*_snjAQAe&JRtO}n8J
zY}Z!QzkBy?%=}Y>URBQF9P`j$7`-gaa>PX8QEEc=zAev$0Wo>W^8U|EbDq-PtLGLM
zrvU`Mc+t_7vc>nhbyWPhrS(1ae(@?eUix~)s-~sgpI0gO$b9rDH8pjiD}~V=(9-4B
zC+`aZX20WcjlC%p<&X7103F?$YXAs6H}^DbsJos)Np)iGxSjX*(GLRvpV{ITAru~u
zzgDr+l{vq#sLCkkRrSz2xfU)<zI^?<`Ns1)|Iz|e4>?04qoF3t?q4~uewW6o<2Of?
zRD1{vKF>PWecpnHai@FT^ZTOzo_TuTzLJ*aul0kc(s~^{b}aO^2R;6`F%h=b);qog
zWv$;eAb-cG(u$kHXQo@9QKqy!T<fj0CG(l`g7q<dDMOO(o;x?}<FY%#E3Pf`xJMtb
z?RGrP+BzeXm6i2k<VfdN&kK65r5G-%@K*4vaoIQV^_BhU=@&|p=kUXq7^N={95$qS
zv4O!h8YRyDO?CCw8I&I96&N=z_@-7@XT{ZdPxL$Z;_A8p!=GkZZ8uQK^z-qldiCm6
z_GLANsj>3_)s)8VnqeG%+kU`&-Tj*^M>wbImps(gR))f>r6~A^!^*8qU!GoH-)-yy
zYisLSn^o-i+y`<xI`mD~-&dWEJbyvO!Xmmb&i8n~*uISg(Nukdn#0lN+Wl?aW3KoO
zQd0nSt3tP-SI?a7laOHc^6`4Bk^Cp=3qD*tckcB0{_8eT=_V%bb#(&+-mR$KVe?#6
z9Pa~2`pg+&S;q38pR87T<a+LUj^Ci3JwwC8!y|Lg_L=H4CjQie{QOU^^6hhK*7elL
z-AbWQY~${it@!ZvYfZv<uHyYy-6u{edG1G3&a{e6i<`N?HgDAzfis&O&8bUH`pGNW
z^pLkW^4MD1>gUhhG&D5KEe1zL4Zo6ZL7(gCRRsQZqb%mz9JRF^66$Uhn;K&4{h(D{
z#iFuD#!qrr^qdwgvWm%9>%RDEqHDpRA9sXpy?yrAlb1EVe7v0rKkgMmvvp^(G!A@H
ze@L-wKHA)i-Z%2VO0#aZ359A3hx|{Bo4jqIZ=;c$wY&ZZO6)wPOuZp;w_d8b?P<NS
zX9s9U3%49Rc(C`!s)|jK;YzD%i@huk7o2?i)>8AL(bOHyK$!uQlx_H<k)a|mR-Qgx
zY^Y7^TY2p(J=Cmd!4|6#zw2IJaaebOrJ}GIP&`GU+wI#s(o|0ZwR)WIqW!xn1`hfC
zeB$tOzk`c<+swXI^(JIh)7kpRsY_zAkL7u|j*b{-WE6Y!sP*z~ImWBa_x7sUJbCh#
z+{v?mNkrRYNL!s}dsK6Qd(6~h6n%r?DnqR<B!1nXqomUFp7(>ZXAgjX!A<Vj0Q<)C
z(x*o1=?|XxRZT&Tq9>fMv2X94#o4=>yH%`cV7=JXk5hbaegZ4p@?O~#X1G>TNs%b6
z{^gy);o-+ujG<6gXRR<hWV@O+p&+2nbryxm+$rDF!TWyq8*Yydm`oWP89H>RYHHfB
zL$(=;N)!DXMX^WCfB=hLm8Q-<uN>0bZ4fYuXlkB!z10-9M?}Q>d;1JhRUPfN=gXD7
zMsh<kEs}<~TyFV2xonrud_6s7LqkQNPkzlAKgB2F#`UEKKeles{5pB^WIK~BKGP;|
z??Vm06!AuMU0+p6rDb8x$rC4*?^O!fb>hUL998ND58tgzxbBIZjVz#HSesGTtLD8H
zMcq^^P*gS_=eS3;{|}echepU#Z08;-a<aX6+`Q&Z_pKA-Cj$zM$rlY9K09;4nEtc;
zo0pZ>S1I01SKpRzRqcJguzpQmcVNR>jp%D0)ju$B`M`nHTAz@qSAv!o7#Iw{d%)S}
z{$>@G2Tz_Tn&>HK0^7<sLP2fOR6qF9J3J;>U1iI!Zl&p)0-kgI6&2KXS6zFV)<a=J
zW5a|qk3<9RJju%H?|Lab{N2X*TA<QBJnLSP%r8n?-|A(he0fvLfDP*vKAkqD^rv!K
zTlN68a`w@8nv?YDu?1WA{1P)ZN`25E%Cx-vxi@XsJfeOAc1U)Z#|3}?Lq9J)!+Cbi
z^>~wN?>T@uBwtV&KTaiL_h;&c-x?ds-1pVJd&kq<5m&HI*|S@1y;zYdSmLd=M<XI~
z(4KTJFMi%mV4m7Uf7<`^!Y@zdf{Qu7oj%=X-I>#;GY$RU97#yne8VmB)w$Vm_75IB
zIGp;%y*!J?=ylJ203)w78EA%@BbpvNuc-g!(K&YIxpN2h1?}1$-e>(%-@eM3BIA|C
zCzTd$?|#rBK`0dFFL28EaF_0`>%X^miqpWTT%ZFPiET&x*7Vw@d*i3=`Cf7gYXYAr
zP3xol_zY`ZbaeE)+@CURG<PgyI5_@zuG_FsGaJj=Ye&?2yZg?$UzBSb_hM)NQt{T?
zO$$eD$kiBouqbTRoPI-dObc2E^(Y)MibgvKq)>TmE`_Gp((-v$p1Jps(S^CONBy;r
z8f1@(zW%7B>eIp_g|5QD<f8dGQBl6C>I>HBn_LXg8Cy2qD1O=mJ-yl|mzGyoS2q@i
z@A@bTc6FWMGv-{44YP>-nP-15E%>staJe;5JhH|BiEj~hYWD2(3DtVz3=E#fgdIN5
zI(kS9FmFk+uVX`;UBURluFG@k@5PQkx;L=jrezWDO-$nW>4%D@D=o`QOW=5W*M9tX
zKS-(2@NRVFrPfv3?p~gt9(v(|NtR~arO!Mz+oY(8sZ-i_X!C~~JF2UPm#zAGB0YWn
zq1D~Gsh2I+72TlnDU`eW<DO(h^`cC5kD+P3N*Omye{k8oa~6q0rD<>O?5^THUYcL3
zqq(C_PHvme1BD~UzCNo<$)7toqA}6&LT2c!%Z>4~8M|`QGoQV<eLg$8NUdLR%@dQH
z(g_t*iiy?8{(S{*dpAsR=%(1q(boQB@X?{3oHeY5kFVo_R7g$^o?r*KUwTWL4ewpa
zh~J(pb9S6`#=pF*7j<0f#nys@?6Qoe;TEg>DK|X}T+<s&o=@8|TXT}&h2@eZ@oV-C
zK05^vUR`jr&-=#u`JOE!cWCEV-Coj1Q8VdsQ2Lr9M>c!qo{E}izisR7Db43=AD%rn
zTXXt{h{%l7?@E1U&AKRR6dCU`S^3#hWDkgg9jX%XyGQ)#%gnFu@AQ{%{<=nfruVj=
zs@}Yrs-{fUH=Gn5ad8A|kV~rmk6Y#Tai01;egE=6U7d@Ii(y|ST{X-2_(q{%uWi~x
zO*KDl?fvXKKQCY`S63-2o6_=jA>YNN%3kM#kxx^>y%p7OZvhke(W4~0`sm%dpBaqD
zTP8Hc7ryB?%KFTsx986r%3s~mZ#7Wb?z}YCy|rhCV~L;ltJ`1V5_u{P4(s2%8M<c8
zt;Ad)V@{knQP%P)Ii!BsmP!4XOlAhq@P=%jsi6_7n_+og<j=}I7M&HNja;q8r<^aU
zCB<*)H<inMd*#YhyMCif5=t-bK6=EDVQ-sg3M|5w=KNQgF$+fy8buj3>KHJUu3a-V
z+)4?%>71VOBqwL%SJMiE*_tEA_{eLz_#Jf<iIkL-fZd_%a<I73^~`EPbus^F(Bc*&
zQ~I;hE;)OQ#~WR_eqEt4ywF=N@AXIDk_&@t?Iv!0<^3R4=u`Qb?R#s#aYV+7)PZ}q
z>qoxj2Y>xB?50`2L3(q>&Z^vcvB%P{)oLf2W-VL~)>3?4yFdHs+O^#%l)U+Q6VvXk
zsCja{wWVf#>X!i*R=l72_NIoe*}`XOX=$U!j4>J(H8+dDi()@I!fD&@<Kz^swl?La
ztm`?yDXsA^5Rwf|AIx{go_0v6d7N5aQxlfaDDQb{eQ?9Go_#l+XJz)-IdeU$;qAgF
zccTJxk~i=3RaAI<);&&Rg&ND=tE8l4R!n}Llk<@qCkC7my}sAjxa_06isD+w<dD{e
z@=1x6y@&PlHcZ&RKN)CCIS;E>jUPWg#!5raj`HNmlRLY0TVEfGZfx9g=FA-H3VVBQ
zrNFCs+tLEX-t1kw`Ho4y=QbVBTl|iuK5$@Vb#-%r&6L4~5kQvAnpIYId5Y)c{XhB0
zO?#TDI{eP>7aAMsj%-fk{{8nk-NHV_RMdq0?xCORWF5Qr@S&C$Ge3W-4jeKhJMHYy
zet_I<q81GuSjoQcXchbZ`Hjs>e_r*$^F{OAsO;YZ&d<H|GQK8bOl#8z`q_v27fuBP
z9I=_asU*=W?(ALWPl{;))r)Lwa(C%Cs;kfbXy+Rw=dGrwsj9&=@jvXwyyQ~+P%ZH7
z#)fhY_m6SfL#Cc|C`%7YOiB_L9G$cAfP(VsvlOr`@d*h91qE|1o?7AU{r>u<Uw4ce
z6B431XX#LrZQI60M)sK$m{IZE?YYY#(?coC>X$e<?LRiExN4$kEqMFlMP28#7tfxZ
z^)H`cI9WwR-<=>3?#qp?{Gq>yW?W%NrT5vr{mPT{pt{ETH5L3mZ|pAXQQuxX*wWH+
z;sm3|y1ECB{K1p74}{oir7lmNsC&BlS*D8c@m#$@50sSN-nWk~Ola<%qI^y<QNPDV
z^TS}1dMYT47&Xeh?;)#L9;eT)i2C~vR2~$mCMAb`{Iu=0qjkSc6UL8UK5pLt^|$HX
z`D<@keqK$n*jW*<@yna4s$NRd94yRpxxKIT-L&4EJ~-uG!R(z@-XeR={#HlkMP%6-
zM$SHSK~rzgIK#aWayR<z;P7}E;;I2VZa+TH>9;IV$-LqY!+Wy)G+P#n#o=i0zT=!K
z7<nOS3G+e>YY=nv=pjSSH7&VgxM<O$(W6H{IO({1*RGJDeFruVIA}jQF)?xZvSn`W
z?z?py$1QKZ$B@gc1vGfL#=2ln4Ab(Y!+Zya0sZ?wEGap?FfrtYTh3LBIXyyHsZQHk
zY;UMn9M^yDmojqJu7<B)D=RDaO$j{ki$b@nnW3top`n3qAFg?}I6<|S>b1S6bNht@
zP(6SCJT1*wb4TQFzde8X(x|6WqF-QkdEMT<dw~^Rp_v>K^!~-n;NajHGiEGa{B-}w
ztZO<?U*6drHq7MBt5<#k0kv1JazSd3cQ3NkH<*qs4Bq0z9MyM|Ft2(x+vS9ONJt1k
zn;(DtaZ1Be`IVmySQ|X83W|%1^YZcv3O?jpXynA+^3vB;I4HOFVBGTKD_5?pudg3A
zY#3v}ootiXxEB=_@0b2e4}VozIk12K7nPM>#aTKI*~8^#$0Q}yKg$d?Gc!|Dm>YM0
z=gysRyHuzfx`o{=_e+V4GE$i4c6I?{K-jizDypgl-iFNG3C+ndF=i(n0BrB>czG+`
za=rD6mGJXY5ajCW8XVkeXi}5tmHVqXogQvUQ>$It^se+`(hmzq^o^R}54e_(kI#^;
z<L1l?&6yz{^J)LsV8_)gfY>*0-h3%YwThh=XAexL;-kPyHm8SQx^yWbBI1UZ!^WmX
z-D@w0OpFp-a?>PEMw_Paehb|ASt0&B5S>4ZrY{iTv7Hp!OkbF{)Qio7rIN7AcNW&a
z&@8<9LJ?kAOUr{Dz;S1r`0;!NtUzsQcJ_r0@Q8TkbZhfdri<79hfb)!fBv1HPVaw^
z?#utHV|0E0!%)v)T)X=3;Dzt^KmLi&|F-zQ|1bF;|Bu8A{#T`c{2n^^pAQ|xF@y*f
z{KI^j-y;UUM+|<C82lbF_}`TLQI=1kQob_03Qvdj7g9j-#J+B90SqD`(lWx7Q$P-)
z&@f?;P{j5X!U#PgECuz+MiFa7wE__ztM}l?_Y-r0$}36mNYw(=DF7XDgGi|Y8F=DI
zEIDMGjFChlNxX{6Br0ttoH?2p{LU^2`xOfzLlI;^atpO3v3@A*kWE@S#u;?@0uB}&
z2J`Pxr*XNG>EnTIl1MKsKnF%x@_Dc|g9?*NVfl%8Y)QnXq&%{ebUVleg-r&&2lK&!
z>3DJZZY)%Rodff>!EA0=0ykI}0!$ApM}bikQTK*w4`+lm!z&RZpo?JoCRC>w23oSX
zoMl*W6;`)`2o0j*sqcuYB`~fHZZqBpOIC;V2*foD6*`f|&UMJ@N#Eh{MI;~S%>h6n
z&5-Di)LjQWU-}iPGq6Xrb`MZwEKvbkHa{rB4t4<eRSc7qQ9Bx1R#f0QLc5y3q)<CV
zX*{LoUrHZJ?Sw^ioj$Z}CNGI@f#vd&=ojr{iOK2DSR_(4qhaB>SY)3uKsrAb2a!FF
z=lEl|0BA-4w8moq$@s{W)LMb<WS+R=PqZhYJaY))r6VG(8&MEm`iDAQ`iHdcIt^PY
zm^(`Sh9Y9|?y+uQm1x}21lER!g5u;s1cu_l(^!EOB4Cf@2a7{v)B&dA(WXEP+k;8N
z!aZdPNm5E2^e<U140d+K36$+S8CwM0s-JbipJWJeL>LbS`_o}CD(D2+hL}E}Ys4I@
zE2Exxc<SJRx?t;3w{UD7e5LqEC}5QoFip(4!(6no$|fd2$O<QcQIJ0pJWNuP2F5)8
z`M_Gdwoyl=jmTw<@c3)c9b{%wR3N6x_MkIq^I-fLzL$S#blo=UrnFiZkgaB@i4IoB
zhxACMU=kRV%Vr69SWS374WAZPT^vVOD$3r8XEv1JF!rSkcKdNKlw<)y6`&I7L1<$-
zWcySiMtb%y(_GDLr`cOd<qMGj6ibQ+QC>_`JST>iWP_Dv1eK-`X8l3Vytb+xVg|A~
zPo;6DGa*fRU>ih=P)9V333*t^jV2T$X~h!ZS*1x8oe(wvQW1!GJR)HDPgc+Z6I=q;
zh2>3!nQO^P9O|1CJiY{ICmbP>2ms}|b>Ik~#DJNOy@9O8O6UQ!@NU-!Ig2hHbPFTU
zVP;2(?gYslrZdDx2*5k{?YMJ1AvFYIS1?2wwq-%s5x}S&LQKSV_Y$x?nSNq-9RY{W
zbQ9>V0&H2}4<QGT1;Gu^$xF(FD9bho6B9OQYi1HDc%?#UiC75hZozC6P=!Zi#AOA+
z#lfjVi6iDgZp?<sf<=KaUod2mC?s79OHBF16IdYbfK3CTJKr6MZ<q}d<;LK`RFOgk
zp2tAQ0Hh=2cwht}>Cc^u3WC8*1K3j;21k<a)3ITMVwlEM2q4de2{OSp%W519nwaOq
z;|KC^%?yG{NMnoKnN*a+0@vrDh#;nbEda?0l<+l>gN1wx*f5-1lDR;_!*%hRia-y6
zLFr(lF+RcLaHSO!AzOw#2zwO`0hBwT5b|7DUX9}+?YJFq+pIMZI!$1PU9c8d_mBZM
z5kgI>iow8s6y%F*PS}zeRML8Z(o9||gNo^xNHLRSm&Z2~D-}pXkPxsqP`5|OjUJOW
z1<80fHq2=O)<*!2SUp@H<jMr#ggE4cRLmvlhQjGF&7Meg0Jab1)I~{01L4SMZ#_B`
zoDx3?%0Er`N+fCAr^zA{oC{tI5K%MEF7P%GJczJaT^L<doK}GS1T)BbNGd4e=t{H4
z7zK+M66WXt&_PNP)M=3R!NVkGd*OoNEE6#{+<$<jCz0fh7qE$PqWE(lF>!5#MtF7k
z9&YY*_=bRu0|JgLY+LD(V254I!<sL`Ia?5(78b3=7qf66!SmR75_nu=Bd4^ci8!#{
zARkf)G)2KaqvWnWY~#PNo_625b0)~H5+Nf2HpK8@qHsKqigc3@?x2JrEN&nxNJ!dF
zLYa{`sbNzFN@Fau&sY~Y{E!ZeQ!dR8802iY$tXA<q6Za$9o8U)Rx7p%?NZjmZ&9DP
zLJ8JJYz0(pfbI{l6~`Dp?uf#zP^rYXL**SYDqu*MhlohY&%ibh(^FyY3Y4s-BVU6=
zNkQpu2ptA(DOxO=DQ<%xKO13YFljS!a&|{@S45;{@#71HNDl_^Kx80;LgX~*lIi|w
zEbWLfbYvbQF-bC!Z7@bjQm=s(+s=eW>Bo`Pir5+Cr$ka6Y=WbNZR``O#6H0VALbJ9
z_`{VjutdLPLkn4}2;BHi5+!jVO)zMLs}wSO0DPD{8pnS|mlOt;Ni(65$V*F`Oi753
zi+~nPc0P0j8<bAJT?JWbLL>H4ceWp4s)=N^H3khc?0IZ9#zvvk#=oN?#~6=AxPx&0
z3o%Aa>ws?q1qICxCDf6bAA?3E0Shf3Lt0;`1i8T+`$8dRjEf{`&n5DepmiAz&0GS&
zBoXg~HAe=y@t=k`?24uZT?kA>KIjW3Cco&Uo$xlCJO>k)MDllOHEAsQ2VgeP9jSzB
z#FCKT)t$>1vN4<|&S0?BfQQEDp_aD9RFxd#!Sb<6u+**@mrpoM$lEUILc)ENY~Vfv
zUIS}Ic#63&Ulo=fhtNz=RvjYm5j53ASb}&o2@eeRu%<FRhn$BrDxonxkVqhAOW7dC
zQvi#=N1H^Hn+2?1(hOn+RSC{pO1>;Ez!Hxjd_=sou2M%p!zSG+*s#Z1m<t8I=E#7i
z9`+kVsX$;YI6HR<Sga2rZf^pPOL%02er$J`&JFPiy!@?XAYyqK!GW&OpTywp{XfKH
zB+x^QH3+#Cg<|M-fq=k(ZZF|U?Z@+F1wp4Mc+nk5Ne_GrWqd|TNbF!r5ANLckQJXO
zn;qHHjPZBmI7SZUN!X5&brbedKMYKSV8lg(xt%r9T1JSH+Y8~jt2_1{-q@;xuEBIg
z0zxCfAwY+eXspQ<O=_c)YkG+$0ozUH3G5$!PsgD}a5TvAvCVXE=VHTQZpX$n6k}4!
zpg(c$#h@xFp-q;&)WtEEj0?OCeX(eN!}p8Vq{iz@w<~PWwiCR>0nt%=aodq68M_rh
z0w7C-yG}8qL}~;<j9^i5|2>(Iq`h|Rt?pEy<NRL6$u8vyBtA%R0?es_xrH#xhE%!Z
z?{IF|Z|AHVKK*OFo3wao7k|vVkqf>9zK!%pR7ePC-ng5PJPuNKp#A`zqJN98lh~LH
zYbUkzWO2A+lvNF9<sHHiRSoYPkmzyOkVH*zP-16hKrLeNge)Arl#t2c36Kf8fP9IZ
zax}nteV`kp4HLml5f46=_>wr<0xU|}X?t4zS71gGhkk6#j|w&mdOqO{pd!Q;;BFLX
zzeANus<e}mH+Bta{OqSwP~*?FBwm`XfR2}(!=MiHTJn&G2bWMp4+Ii-$=LqrWJw7V
zi+CbdylNeThTlb!8b$(C=*!a+yeD<qK>R_6Dukn=YZwXmT&^3--KSF^5e>S;$a$cV
zkOrH5N6J4yN+Das5{vkMzy)MlX}R(FTsDi>)ehLh_0zBeE50YDl+a-pG<+m<qVjLr
z1<10yeiQRGVJsQiUT{0e(?heP13d!zG{8Hg^L5fd49tl4WxE3log?%`?)i49T%{`D
z|6=UuL|u_(4M<hN*h5EZ3Yl?8RTSc=zU_%L&PbrxM7KIvJSxrrJ*0kWCarD1vTBLM
zvTmo8$Z}k%<R!Q)St*g8IuZ)!U(+|KvdU(cx1u_@aq)MxAhDneB}gpzD>@K_DgyJr
zi-Y~4mD$1KJlP_5@6Hy79%?xvkB}n+k}GDWbZu7>wO4VA3G4-wT1a?dVvSh;OiyA#
za2(0fg~Z7SkrkM9+JLQ;DC#Ob9f5#^$86}(lp932O;AUWEBu+EXe`3_)zKK(*({LL
zJiKr0Oh=-20`BAm&u&>*PIB3a!5NUek?{5sU@4FsSX_K!Qs@%1lRAM&>E2;aBIy|#
zVK;Jk9_aQ0_|+RbgC~(bHYf5iGY`Bbc1K4U$mWKF6J5c<aK>T`Hxyngq|p%K;CoHy
z(Pj4??s`W<A}}B^02CNDEK<kCW(x0(c(6TLptUxRoo$9-{pBH8TtBb}ZO6fT$2hMN
z+0DTAo!midbnu2>ngU#jBa=eelf&kENKS|Crq7;kW=~a;FjCyWhdp;T8FKg7aiC1s
zWIsq7{6NcXj~eLu2nGrydnLO}Rce0=jG#qAC1`&L#iEIM9Dgx^-Oy!#3QQuhVGD7$
z0#ykj2@r4sJ}%<nRdZ;s;R2Bbm?>#3C~Y>(KJO)Fq4eY^{k0f734!4b5-{LYXN<Xs
zpvwo%AczpS05QQxBK(qs2iso^J;La+BI>5CHZYSXqnyenYsa|>sYWrXEF46>)Phkk
zvPA<}TrsL}fK!T)ssy0HWlNpT@O2qqkdT-#Yy<0MOQ+gS2tawwKzFiWW^knXw>!&~
zF%keg(a{Ao3BXdN2V}Uygbs!=bp>BVyZ+D(Fzl=rgM62=!ky1WINO=H@B&DJH|g4P
zkXlHvydq5tA)7XK*^Ddp<zb}pM{_}7?0PP!$-g)ke79sYI4n6f?yV)MAf#(AWEHPN
z^#-;jq26@KBdNY;%7)hvFaiZ?HuT})S`^qaQIO2xJxh9F71d-Q&{`-xaTekiQc;KS
zvcXcIXcKmUBt3n{dXX%9{;Q5?M+OY`#J}SUM9$8gst|A>kI6XQwyR3ckU?&i2h@23
z`BGjfRTa>EZ0ytvlZ_ai67#@3czgjmO~n_%MDI-F!hHT6oyCwOW1E8oa*0$1>IHEL
zq(S4-qD}n-33c1f#k=uvYkQ=FI^wj01a@N$J=9_|y_hsS4Z37g+WH2y=pJqe5uwW%
z$vxsOB6Jy}D`JvIQa?Wam`>U!G>kS4<6Ln3j(o>|?m93Qd?4xQU-AaywAm4gLRJ98
zFl3RPu>lO>I$B9rPMgl=-+{LV-$5W%1wpcGwnKZcy&D}4g-NAv&Lm`xxBnYC1bG4f
z0CV_`@ZSRA0oFooMW!MOM<S>?D6%fO1!Bn5V}KvntzcMo9gkqZ&;Ukm(9lT&@^%nc
zIbeIN0Zt1-bnpoG7X^EgyiF2+2i4Tv6slk|t*wD-hpEFt(p5u-%*5clkP8U6Sm8wy
zY-U2Tf{QvqvV}@`YzY4!bcjjL?yxTjFD&Uu75Bi%cnT$s0B8vjZawKm;F(y_ChUS8
zw43ldX8I74e*t%>&|Z*S4@Oriz&;b}2fZ=%Aq2R9mINJM5$(WZ15pasm%lk@lRcA_
zWo_tg7KyX{b;kDJL1zE)V&(slI^|R)R1b!9u^%f{t}iJEW1vUV*EiNPFg9ve4o2yF
zvGRZF(?0(Pz!cqYI|j`1G2Y0ill&j((<c9ip}v6ug=X|^r_u4}|9Sq8j`yGC!T*Lh
z@Hh5<{P=O-_y3>xbiV)KKMZ~Q24i%c|3_bc>{$J_^`G<&^}px;`6oU)-{M0B(s!D<
zjl^~!oeWFVT{D|G)NeBwar2*!helDqQNLgj7zvOfg}zbOTs}O2;Bwrop<!!6#4LcR
zV^3@W;Gq3$LR-EPe22}#1Q{(_t`?5?i_Y3K6YwsY9UU28q-Rj?M=zre!EV?iiwEn`
zgAWv0><P4Gv75*6y0IBLVaCq5wdmk2b5o}DjvifG@*129^sh-@wP1_j5HrD-TCh{u
zwqRQL0^nQ5c;nd|H!W#9HqfPocq`D}7$|?h9Gs3$Y><aeh#Eul(1$?_fVwt}hZbs~
z7nv|919l2u(59g!(j*Ia^l=6~2grUG0KfAA-?0JgXjJf%fEP^dgzY*27--<?O8$mU
z<fZ~f+$aGND}seIp<rjJyB~XpPL*sU(^XpZ67(dkGOJ~#O)4=fTV9qfdD(oro!PvZ
zwx~9xWFmhmXN0-w96M=04%6q^$@YP)#cxSGvSAL`X$L$pN34P5i}^+)N`}Li2;>z)
z7XrIDLNn}AB3LsztS3E#cM&0)<MaU^NWNn7PzDhbnjV$(26kT`Z;O5a`(Lu(03!n!
z((TulwgL~BBw{3fl{Ub-mn;U|7J&1BG)3wMd7(WK=1FGi2%0!U^OGl&2?alAlCBw>
zhlk{M$uDhsGNJJ}-1ZNdkYAAh(xHuQ-xoeAygxxD4~Tw9mPd*<XuB*Sn~R(^JS?bC
zi@uOA#^N(@7X!+Z0NO}Ah;(h)QSi<r8xQSy(zI8BE&W%ZCF$2hy2`%`0vUI#P$XcW
z0{{k!Lt#K?sqi0wPdixP9g~Biu-hwi?LPpGCnl>T>(PeLrejC6^iBt|lX#;gfjGov
ziZ&xk{`i|hjQlbm2oo>?U!fQ1!Vlg(LGp`f18{|bx@OS+)W&oK21KAfouU~aFk<jO
zgeaO6O#jA)V!w0LMSap|;^Dqh4?n%b5jrD(ME^2)-8lmo0~o-c1ga_9i^H>r&Rq<&
z+MSXOt^+Z#OK;Ns)53N{!WgyN(-z(Xpe#(Le><6mO-3Tcqz3`tT8MSEdVtyZ`u~T$
z=KzeWIM&oy7YKx2lCVA-`_7zBcWO40Wss$lEv$x$3${6)?w+KFule4cWnm0~gb*OK
zkU|MPv=AV`2SP$g2m}Za2n0yzCG-|ThY<eGmiP9RYtl)U;9i1!Z{L>L+1c6I*_qiE
zoZT%hOJr1-dA@Neqlskbe0Hm%xF`zWadS*&gfzn%7Xq(xVT}_?>56cXh%&El1UMJf
zxn^19XdhP5d}CkfOx4*ecLLIk?|jL#XXzL-MPJpju4o!u<F%$~#1JOaTAb6E8ok}@
zR79WHI92aEeXnaWp+qBLm$^WJODMrNbJrMOgqu*ysuaAK?AAv;za7`jfm-Tgk^!--
zkD++XX7v_Fom8D;1+{PA#ITFi{1`@B^A=ebnIfZYi|ZtuI;In$csiCcBc1uUaExR5
z!=|rU(N2VbB->bIL^`X9LqQOygXA*`3SudN!J8nkl9TQ1ET9)6=@|QA9=IfP0>u9^
zL5c7~yXs+iG_A385hBAvmNsE&GRk=3;(@bU1SL}*o8@CaVaFtkOj!qx4MSd&hL3aR
zIioudO^q3oKYz@z^n4{bq}6F@k`Mc&Squ$=D<E!jQ$eoL7xz23e!AZ&&R)c3yF-m4
zFpmUhe@tcWao+YYmTch2mOYQ{7KV)$1-Jn*>oS^}l!eU^AJ#~an*Qs%0R2mfY3tyN
zbst1l3_D$))+;d6n=mcc7^MHCnngzE3!{ycUL;Kzpow}nrTRTc_r2LX%!`svVT?;k
z4hB=?prhY1K+Mf7(Ai>c(V({pfXgt?jXz1DA>4jWF%DWK1WLS<LHCyGr%E?=JY*pY
z0w<dU*=p9u!Q6r{LfO@OVim|4%h4M+-%&vP^l+TDP(Pd|5QxhC{Afo+JaYnSFqX(5
zmXgdG|7K1;ttmOmK4CgnMkT3|(ivn`8(d;c5KkIoqGX#IlWd1@m9n27<WJJFcNsXt
z6wtmj_V#JR^u#eAFvQ;(S5!KN?eX<;hrA)h$zT*4pqw(5?U=w8f*k45*=#>s(=mvU
z3$rYfB+r>%zma$3V1NdHohiWhh+>*Ao&+>a8sVw7m={-EfeWz{<9@PlWI4V%EW$jY
zVP4r1umvMVV#`Hd%mr)ekQbG}%;ZH=Gm=+Iw|Fp)u|{4g?d%nOrKn4@fS_aszt@bJ
z&IDxyq;GCZrqVN-$KL)AqMjAc0JL!X&l-PKP09XqBAzVcUo=DTQH=k*%IebiPsEdB
z{7KOMv9?k8_}A7}m*)S3Jo$`2I0}uWjl#!&UUgMz{!hr0@Aw<8^eB)T3LgK;$|_%J
z{!hp=y76aO^K7H=@vo}&mHdAu<QdcW=ebQNeEh3x{JzroPsB6!@u%(tRL$ds{FXMd
z`+xcUK7X}o{O8qH&nx+VO~k{meZymHy0%NWo1os|P@*JM1B|a1lDmnkdykx|&-|%f
zPD$XTW6gpICcv+Puzn?~D!olx&`4&u8mxtBJL_|2$CPSqHEVWiQ=VU5Vt|C9u9!R5
zf#&iE4<yh$(-ERpW7Je7MlUz(mqSvTT#qtGrP0LXfdM51_h5OUDhNbJ&PjPxm0<{M
z1lRm2<Vr3N3a811LL^F@L?TtnBn~N5PpW|b4wTZkbP`vmNP}_I1%U`~dW9pA?vE%T
zb}fcDogLr`m0-SUyo(66)eFhmXrrVG>G=Ny0|>X+V(<t8lPD4_p-t&0fn0FYhy-ZD
zjWZaO7|rL>T5EITG9=W3IDEL^Mxuml^Cr^jkVpuwm^_RO32p9;T*1shLj=4gZtY;`
zG_xq9-b)G#Im4laM*x+ZCT4;Wo{gF=RYVnPKrZdwjk_@@rzo|xB;(OORZc=EI#;E;
z-m2@?`^<bEpvPhtTx}lQgxjtxQ`-9ZC#ovn#IicfSvJuT#pIr%!LE(XXoKW2bk3~}
z54gp7+cdRu1En37j<KMnQ{o|J=NkFYzXy`T2Q9o}rl6q6HYTWcA+I$Us8~6i3HH!4
z!J@UWpg*~gHUejiqmRs~S0m-B#y;RB;)vwBe2A*4#Z$8ew$!F3BXo@qQYPfm-&v$q
zhB+OH!uTgg9O5KU29Rq8m_*7OQZBdKOqQ{9B*H0^{X_3`0)ls8B6XN%5?^9aG)#yH
zrV&qbY4op<tMMR^U=uTSjfNp-lb)t$hSMMylz<~4e?9(ZL4#Ntr|h>Mhg_fBPy&vZ
zOqIi0=2FC&STR>Cf{}p-)e8YMBWmkl472_wNu`Ds43pxq5S{n*gG+1#jty}mLMx`D
zX<D*_gsuT-G+rif26b40CB_Av&|BRo)Ix$Glf~KF+R+<W9O$kS(-yTZ#>s}Hp7zGJ
zHb}Iur8&^ligOr>G<WtbY6}>WTG~1rGgZ;i*B<C@Z8GHV4w&lfZS7cTg2G^XYC;et
zqvm)Tti23qg{L2{8f)t_RVB3Aw4~99pk<BSB+Wj1TW7~&p2JX0Tj!!WhYhrh5Gb_l
zB@?vvO)hHfXzX5ThLNRah0><vA_8X)3>#oxG=f*(JP@1-cq6SX>g;R_G<M_!VG)h#
z&tYJ1iu(ZMM|H?II$)X`djlqtYquu!^ftD46^0|s$bbgDsW?j>H92<lwYBA*0ZPPG
z00!71RalpDkSc%G5Aj9g0D(7pdE|XyqHcSZRRGK6nTa)%tGv?mNtIK*#Qd|o+HD79
zM%ZH6Vbhs%u^<uU#CXEx*D~=e4)bT0z~uv|oR*;_LK0aR#7!GwOT@;kMK_7k++x}0
z`YyVzs$PS@$HP6-V8G^p#F@ntgDDl4$VI4yT>}=GDH0iWOhOGvsz5ASva4J}RNle|
z$!#l6*ohyySizCX<f<5r8Dc}d+Q?-fB?I+CHNqF2imKe=V4JAIJg`OyT^mzF{BSm?
zd5tLz?3`;%nf=n2dQ5>!Z_aVuRI=dt3O+gXzc_8|HXx%o|F0>X|4q!3$M}=WXvY!>
zE=T+~f0eJwr2qH%{r-~ve<GgZ_;Zz)8}!}gIB*h+m|?GiE)ED&KL}h~Un9m~u&X=J
z(z-&7IyN3*;*5@Wpi6GzzH|Ic1MX#qfNjpKXG305Bkc4bC#dh8?o#+O7XA#8%e}`x
z{24Ukq7#pKOX3|Vn~2Ph%V0`wbV37LeJ^TE4wCCJ&`iG;kO>5O(gpGIbT4)3GMIyB
z^6uf})UU+CO%W1CiG#_Yw6}G)^Xsv*KQ~fxAhzD+9xt!haUV;&z6i)2?~rz1?O1eL
zaXjQL;IhK*KTt@VdvenNx!aY8xEFCjqo2u<f$Tn*)F;Nk=)GR2cuxhrj6AQ1Yf~=H
z9liaXUpqo$s=>7*lOO%IXdgxOaI1#d5sG%%<P&TTz~{C1p~c|nsI_JD!gyth6KASh
zd!gKbV!K_6NrSQ|9cb*_<<tx}n#H_M8^>{RjR?hKVm~-p@Ltf%-6?@&?3q@Rw%QoL
zrOFi^l)_`|i$_2~MxV~&HK7we%-1<{bn>U~x#xR+E@2{C^JBCH1pTvAmPhQq?4kP#
zne5hxs~e4Rdd*WW?{K}F1Qs*_!33!sF_nV}8YRAb#E36>$iL0Ddg)Y@&*H@*^YJyz
z<t~0mLDqyh{>k_S|C<V^&k;<B_Gff~gfa#`C?KL<b`mKZ9d>e#EwN1cAyZQ{q8%Y=
z!cKemO~ZU|W*%Qf?e5VASWS6l9^6k&jW)0!RGAIRq^#D9wGt2tiGru5AX0#K3g&WC
zXa&}7iUkDEgv7<8ko6_PWF;fVYKC0+J7YEV*-34*vGb-5t!88|yhjtpVC(|YeF^Z0
zyVZ!h)nwq-9%LJEZ%im1n`lgg?jnlDqF6kRG3S_6OfAogQ+@6@a~hWe(S-3hL5R&K
z)?6l4x+|%Q_fgnHq0^(?=ohC5S3^Kp(;yYE`L515)y#3`Hs2JZxEPc6q@b{MX6aI2
z1#ARPjHb;M#BK_V$k-#v!6R}`^4$>Hiy(+c*MSTkFp4)W<XQQqsiT5+4HBtgI@r}v
z+jvvW<^VV5W?9THWNFb7`pcLFB$kYY0HGP7m^88X3LdsBQ5tivc*f9ZnP*&nL9N7?
zX;WaH=@HXx@nZ;lR=`*xK3D=$Mi)Vk*PI;+9>Yz@H_Gu7gOW|s@w4=hHJ5oD4H3pN
z3zycpCg5ZY0T6SI9uJXL;OLE76eU4q$4L||1s*HHlg0k4U0N#-C=q$gZDhCq^7*T)
zt1R|^^Gg2T6Y|U?7F&*knwK`9S+0W`mo)~LbhZcFj+yl63Wb%V1F{5rx|<phj|t$I
z2^TzS-`ZLiHGpN4V`hI^iG=kJi~3sInj28R5_8Oia)gCon!=xPQ%%M;D{wYadkBB+
zw*8jG4buZigkPw27Um};A1TAWVuJSdS9?hT+9a_-gA2UiUP(t&XM0y`TcES6w*i%h
zp(PDkH!3GKE|}8|@ejCv?uuD1p(TtU?mAC^Xl!fiYHV8CxH!<$fU*WmaP;&oYHsbu
z*`#ndk;GGM18)YS*zLhDLS=48PiJ3uQ-GEb@>SSoYr&lY<>M?Du3SwIK;;#4NmvG`
zSg*_N1|0X`pAE?CVAXUqwg(!RL6O7Z0BD1hwbwbyl2KHi95ABFQ5Ic`$J(4o18OQU
zXpwf-U60UeM_D+ITx?jI-1vt+3~miN(giny8$DyPqYQF)!<eimZBv+`_X5mr7-&@9
zWEw}Wqs$Qk@2-r{Lu!s{9bfMCB@h1Z9adsvY9lBAuQBugc~$eOOZ<N#p2GS6>T%=$
zt8q3`dkD@<tZM-Ko+Mv4+d8niv<{TkfiKOIh5wVO?A;KJjJ1s%{J*BMs@g37&#SF0
z@&Ac<794;F7{TTp^TP%wW|vO9^$*3vN^G#f+1J}rKHqu3LdSv`<>jcMI1ef>XB93Y
ziv`FSXiSe*VNoGuJe%<K2Ie;4<Sy?GPRtXWs9#cL%=j9dUgttbS+QUs?bF&?V@gVq
zBFYi6iqv>iM(d@d0@@HYH(EsW6dN{-oP?ZAjWFzBrs1VdBTBy$!x%~9M6b7k{+}(z
z&Wda$F&g!fTJSmBGL$nJ3t-v6Hg8z&PY-JO;`W(99Ef5Z=gJqB@j@LUB7~lGV1VW=
z4uXZz>PjlHlnQpE1L+8&l9gypOaRDE2gMwERvBiOpqrxz!QcSlmo1P(Lva+9RTWD@
ze1N#D2Xe?pW6~yqGIKFP2Sah<9W`sC_GX_M%xU$^+FO>Isp|@n=d}9uH2Z>dXe(%^
z$7hOnCFO*aBmvwQdPc_qiw&D$pc52G;C~4@7FLC!r=lO>f_#|q%ccpyToXeV@lk@k
z04ya1FvbbN92-*sa~zihdt|=@`znS&ksoe?LTbv2T12=SB$6K_LE}s`S$oAFIeUXI
z{P!l(eAxnRk3(L|77!F-;LYG*#*S-(crvOSQ}Lp-9#=OatF#(i5Z95ClQESHHce7u
zp-4I`GepdtOLibhI?v#Hg}Kav3f4S@t-=7@0;(GvcdA+}$K)iqSpr$%9YNu<aRR7{
zNFN$SaT;S3m4r<(U=kKa?jHyR(!`8T7&r59i!{bYPbDMAHV1Pl!(^-y6tbq_FaQ~r
zBXWvCMSmk3sEm9969tvK7JfN5T$Ajv-~UC_U~~k=Csd3!vhV+@s^`@JL_oX0)SCBy
zm9-`R{|R|2<~ru`V6`69J_4@MRMi9Njl^AFtwSgfPD{yf937m-GN}}Yk3F)Cbbs!S
zcuEO@J2r~oe=$q<4yB?I$TzDsT!(au@~lUGZ)FuYf6uG%RaN-*NB-)%n%cTb9~Ob4
zl8OQw5@?oVZiT}!ldm8PFw?<uxEC)3dK#>ZaZ3_jsLW|3B9|d81P9@egwqD_mJTg%
z?Wn30G7Kv*H6B`9Ns8eNN=!x_ox!HI)<8#Z5Tf9bKaQE00V@Lnq)yt+A*Yyzrxv6L
z2~v6k0TdDk&<sSI2qVxfa&PruM_;=e9eE@&rJ)6=#^)Dmqv!JFHC{idkbz`uUjvGD
zhMmF(I+nF|cXqTxui96_=sPJ92pbKjxlmJQM@OIuobrujbW2-nk-qMp&Tdn78Z!Vw
zCJW{T%&q|Mb(mHHReOC99SRWTA{A)JXl=&0sP_4NJ~z@@q*;1bb_IgV8oPr%z1^)H
zi}9M=(i&)Mwxrt?(~2Ntu`EScC`(Hbo^IRBlFsg4WYY{uw<`f8hipoabh`p1bf!%K
znr_<>5`WWLf~9AIN`uS<RYu5KJ9;atZ6KrRb|qE@1X)ZdLDKCCK-f>a0wg_Cfgr@O
zv?)N-?Mk%=np^wYSvjGUn4Sr3cCG2@cBOa$bEh&EfY6k71xUJGfsVj(y^K(Rr)O#e
zB3#-vLelNg-EIq6)&eAkrcD8wZdWP*EYqeLl5RUM1KN}^&dWfrEx!8N+U&AJy3TLO
zvJhk*5kWU{xz@*(usi5B<<PuOvg8qbD}tV&A*06qVS$5%4X=LbPzr5yl&M1y!=60U
zIji2W3D|rvOk(usSE3BU-mwRltw*K@v+|@oASdNmh-frKeHG^6Wpn|6XKr)^jN4-X
z1^hc|Fi0gizz}>u01BaWEFBHSBWk^=bd1E@(*qT%=5m6qB{SQrw`rBcI8<T-@nn=9
zJf^7bRzpRwJJ3T=L0q^t!J5bs!B)=3u2vFU8n5BtJQbvCIUxiD!Bv7Z1pC}J2<_*f
z@*Lm7f>#BL+d>Vc6Ol9x*hpWQnu~_cfn;bJblOk}TsttxDhitlC@KO410JX_>K`$M
zE}{Y#2yiU8KLZ~~cR*4itP%t8#Pvc=q0kVP#^>V3j0sUUi=YT)AoyWSiMXK0Wjuj4
z3X$&(z}RQO^)q)d>$fN`g4+*CDM;dx6q(^+B_1dZ)lEZkXf25dN#iOA1n(74z~>p7
zi+8!=q%aO4kh`9hMrd*A32vOZEf|6((<B9;^LsK1bF3?ELA<#prAPs&c18mN{zOV=
zh=5^Rb_UK{zK~8sYhl6f6PMOK>9ZkBpPC}RG>$+JCQM%|zJ#ps6EG$u<v^KPl(p|Q
zsn>uqTc<L6j6qf-%IrO5b&N5#m>Ff%WLQKOV;dA()TY@6Q(7+ki{MF1$b}|Be9wR)
zT%!>~X3Odf*hwc%$f4!z5tB}ec<I6um#{5z5(3P6rot{;hTo|)1PDvUheb@mLWy9;
z(=sL|M83|&MLZ}Hj}21JCC3Q%VEci;fM*8u((NcK6Sxtg?1*@=>K`J^6@%Q!L2AX7
ziCtJs%$!*mvlzr%VH}uVCcq-<4q_G_W6OzQ*a>r_rsMb%DT3KWI*Q;=kf4I!r43>I
zaX0XCDhB$8j+K!p;kMf*7Q)=JH>v~WAsZC#i&Ae>lQF`-dGBLQ2HCgHrXG3)fF--(
zvH+VMiCtA>gJCTKy9jG4Nd9$5>?{=wY&)xM6Rh<JdjUI`G?Cw0k{8hc=vQJ=a>O3n
zdK7xAJa4E3)W8|5AhGMsxl>BizJw)r)|@N^z9~B<=V-#V3<&8q)D!46QlOl&Elp$I
z8%8e@Avv|k^}@$=jA>yY$0m{gG8a{tiV(k=M7m}-z*B!1h*rcBSVU_R$Dz)lSf+@8
zG-zf!2F6V0B<%#*O`y57W(*XW@6Z6Wx~j&vhDpK-{#Uz^p6(Hd?-u0%s*5mLDr9o$
zCMFM4hYa9bMB*hK0m0PvGvy-inMS`BFGqpeH8~nWUK6fj6s-sgq~NSl%KdA+EN(T;
zmz0L_7%C)Fd6fq#<cpes6Yv4bs%Q`;=f2)bpX%B-5_UU1$i(@?>Iru<wupJ}U}{Kf
z(<t`wChS3~WFT#Flwn--q~b|N4w}5Lg6fk*Kd0*#-M*xgGQk;L<=94nM$u}+qcMP(
zz>2p4i(4^kUD?{v93Vm~FTwq-a+WZzDN>Aj=D>nwTtqCg1Gyas6Ck}}EVtAkNEl?v
z6ZSFG$625@{5c&{l|fK#k_B}x9RyV`*SVYkX{1}6;$p;VUUm(%#kK)-%ND1Xr}5jH
z0PlQm`{~%R#!Zc}RMsGE5gNcVolOA`s&uoZQrMKl6De(E;I~faRn)%~NC_&#UqV9|
zU69Fx=EUZ>xu`@d1)2g)I=AS+TSx0HPNX~9Y%kNNp^r?%OtY}8Ob~Xc6tYTLLj)1%
zH2zJ%w9-6~{C<A=5u=X$XVV$U(it7Z3NE^muriF4<qd>`vhEBZmx<DegIKVm6K~%@
z#M1WL1_sI`P6{1^e2_zKnH?TvXv1A!!DL6C0>IdhLxwB0DD-&`fdC<4Cw_)oAln2N
zVyWOtBE-SjM;V2u5i=1f5*g9+(Xpfu6h63&nzdntHppy>Cy2-olc_77Q1t<$H*moL
z4~ofT$4}bcBuqmBfnKpT>8M6TziEJ!+(e~hf*Orh^z8?pbo!P;L#Jt5?@Yznb%#tn
zLnmAA0deGuGkwP))S!1~CQIX_LOUji46t_**8|Y~#1otslTLaeV>iQ<4MQgTpUu3D
zGh*FtPp3~|vRyOs=YD#<5~<o}qz%9qSxq~zOr{Ks2rDLCw7tU0$s;vDF~+)+vK*wW
z-bTD>3#MZk7fX#D#9{?y=iH-^B4oiQtBM^;{KDSWZ{FDw?Oi4nVn%vu9T2W4RMgm<
z6tNskp%EEEoq)$Up-Nz<5IKSSWrGB(61fIyk&KE=B}Lk^k!~!4F6kp%H?s)29;7Nq
z$U(RYW`ORlK|u@%ZJ<}H%yqk5beVMnP3}iB)>DdU6_yinZph@SaGZD%lNH9pRt(gS
z1tCgGK&i9|(;Aa;Z6U3(u^`eOIqGJ;vjf4c3D7wfB!GhmZCtajp$!)Zd7^IQ3L2Ae
z|1tZH4`{O;XL7qWis{xbcjQ;>=nIN!C+`UX18kU#FpO;;UFO5mmIsMb!H#+}!eZGQ
z8DXKLSTHPnj%A!l^x7#+qYrlo*#Uubkn4r40BGVStplJSndr?tZpx8B<3h`e5NeDm
z6M%GciDw+#;>v>X$LY02BnB?P&*q<Xz8m|%$k;~x=V5nX#$q01l-Du;<R2qyKFbSi
z4b%L7+BQ0m1*&v2{s<Uhp#b<Cuvvk~1RH=0O!4l?Zp*|Ozfa#15f!gCe|b7zkI7w~
zs?7$<QbO2{S-#ORgBzd-hJ-@|U2x#*hX_{AU0MbjAS=Cu^iZvg1S~@gitUVYfl(3O
zkWCF<6fL+(ILM$9Cjx??124LSAk@u7ggn+~Qb>-icWV*_Lo5Bl4kyLqqr4XG01ftt
zr!L%5MsBy3*;$ar7bVj)SF|}z^V0h*)}`g-h=&H)7*^<!oN$A$&d!LM8<!XupjR~a
zj~J`7r6CrSGOyzl(*X>j4sjo>1I{J@ljF7RFxeFt^#E!Lw%sJYV-o*xX?1XlVW;7;
z6bTYc7{|q<chAG>!W(o4+0D?CO4>nyfD|`q18mMB+xRUQ=7L^o6jz6w9;P&)fn<zi
zqO1Oawk;YFT9AlWn#^h@GaW%NNU)eNe#YcoqRS7F2$<%wY-bLu4BAMPb(AFdRn%;=
z$hS1cWr9v+5~zhYO2C2r9o?rvjT8vX_c{D-y>?JFVSLpibts<3t2|z<;5zC9v^~B{
z?+xbU48~a84ovYF9tM*RUO0}kfoR9NK({uyoneWlOQ<K%hB=s<?~9EqHaXX&rW0(I
zkd@kI5X(gVqX9xT$^;qqs9+r@mvC#np>wE0tTQX&;XFx2UayBS%b)ZBK*R2n7>96y
zJqc4Ym6T$tWI1Qm7ZqA$wEVze-eRF`)_tErNMwdC1wqNJW5x)lW@M8Wq;RRd6Krk}
z?Vl5AZeiMum)aRNYKI7EsI#M@v!%tZ3x?RJqwWXSQKsVJvc$EN7Be9e^JJ<g=op5f
zv%{j7$yI@mDZ@=`W7eh7DCn9cozV)r87u>+OiL~ape9Fi>59dNIzPjKOtLP|l}p&Q
zidESJUZWi2tLI7748$O#ilaf62xdxUBc?JLN31IM>4WX~QB+g4DCKT6Mg);<;7LeH
zDO!g|Pi8hi#AZR3LPMef7Re>2$n_YK66S@WLRz2Q9Wfp>6jvFM#FG}8225mF6ZTU|
z7gmJ(QY_MnCaj1h^qWacs(z;FC#r8#8U5xGn=;k*Wk?6@^4FO2LyrLqLT;P{S!>zU
z)M*}w!f0~DPxOc_i4>O2HhP3ad-19Zik}!?Ml3rMjb=3w1v0xhq+IG3%_Xd>U|31Q
z{Xk}`Ew&=^Mq`6@s54FU2vIp2$3mG?JE)l<2#PGfi}EPIr#&gb(V}oM3!u`&b~Qe?
zo62xxOvrj0jH-jH{62EnT82j@7D|jDm-fknEQ_<-gZAH_tjm_21w}pG?-BISi2H<a
z0U=yi%P24)L1NJH17pQ4M?|qfgOc%UlL)Ba3__(qwhEdzrXqpZ?@P)2%djmq*t1Q5
zIh&D^GTOEQ@d(Cj1@20PlKP%A|7{{$3$@sWs=z71!462>ifPf3KqzWKIj~b^KFe7B
zpg4w5b|@ZJS3$&n{YLtYPSPKzM<2~i9`P%s7XF>S;T&aU8!7JLFT8K6w}n8bwwwUy
zY7PSgY}3j!uvZh1L_+h3LaiYK7yWn^{%*)*kkNQfL!wQ;p=hSAlf72%Zu3JQ12BS~
zmgNyrY;qE%mLVreG2|o%-z*RLZTQL*q3k<*%iLow0a3~{3qh7y?6IRocdly8vXsY$
zo^n?rXdgYMQPEUASn%XVzg80<Jh8>w*+3rQSA8m0O$(i>V>0*6AcFEtIV4a!7Meu_
zHF7myR^~-dL`)nEk|^I&8Eys@6^nW#Gn8f4=wQi?DB=myvf8=_?Tp>gM!bxh=NYY?
z%`Z%?)EUp|u^EXBjH}Fsz3S@@00n{11Pu2!E@~rDqWIl!Y{AgSBuFj3+DsPb5e4H#
ziqQ3(4i0l`b7sj&RZBgAZk(69!3o)MbNWF^d6jwjvHE{z^#6^Al=;PR|IOk5TT@->
zGsl0bnO9wk|2H9z(f_wIDTOfc*f;?963^VlX+_1Gw1|YsUyjF!NAO~Z6*V*}k6=n;
z)FF7@<Z%e*Ub7fHqt|XcDbW*5V`@l|5=l#1SdLCfFW}Cm*7?ZEC?QWTU_+VQUckoe
z+zU9n=NGbf{z8aLdTFqr#~*R!c!g%)U`-uLuvD^VqN&LwPKBM=j2Sav<uf?K<qwE4
zIT9Znl*93u<pYR~OcvGr%y8R2vSdc3SenFzC;C8>ml-q$LZQ|><G0ax;9*SktPeG%
zHV{mx>qCGEa}9WIt%u1wgcosUwv`iuq7$En!gLH&1{-z2!P<-Lt)cOH2nCsj^$LZl
zA0Sw}1c~y>ejw8Ql>(&jy`F(=besT)Q}PBKS#v>L=6RV_4Y#$!wN?wYLUKfo)thrt
z3o%we1S2YKsOOl&zm;e@O5`+>RW)P<19T3BqLSAGIC`7uTmfL|w4rvbYzhfOA)*O^
z9!J1k!8B~0Orv+EM5FhoL<PH4ioTSVDU%G6!=-uy3_uUmDG1lp4@Wf;RktvLWRwDQ
zV}k=iPPhYxb6ssprJ@Xixhno?o>MTTv?BRWsxo0v5vcP_h@~}4$)q%5Lao7*)Il~Q
zpfG_;%}jc7s;30#(irm^Kol4(Kynt|*n_3cUMyG28xkIHphO#4Q7moaw0cCWgZa6j
z&>l3xd@d)y-z2O}Mb$Iq;X|3ZrYY@EnHiO%v?R&LxiVu-Q_Isb3+@WG(9Of^(zcSk
zT`<A@k$9F%F{7V2LEPw>kHPd#bFt+9i?o#B!HA0od-|H10zEx-jxwuvCS$Dn!%pY>
z@j9@!-lmq|^48uZ!PbtJPD6cyWs4DSJ?RkcH#sIIE7S~Xm2T5OM<CD)zIKiIRct7d
zxzf%;tL)5LU!c3Yv%8MEFp$L$k4k@fU{#I3lAMKL(WV;GLh-Q7)J0|5iUv+dE;5WB
z<ihfm8_3K>s+sF%)H|CM_7EEhT0758^<1P1oa!dT5nMuj0s$`F^&?w1Gv;E|YM(>I
z*<W;y(D1QI#7S$%vc|U7=HQaXj^?&N{-`#V%ZT!x-qtp}9<2y8_4RT$+q~)*3udk!
zGiO|FUjcCQ5~eEkqa<T61aO|A$A!AsjAbn$Nmn?6eh{O5J>JH{nLo}3mp>(mv#0gc
z1J@j6(h#ZDC5lEM8F{FHM&x|L6b$xMWZMyslrLl_xttQCaOG5p)JDHi2ko+`93{tm
zTDk|(zvhe<mlNT;=5nGXu2RS?$#L3KmzZu)H#ZWfFoh0)?sR}!m;?H#yNOxROgh2Q
zLrdkbz9%>#Xwo-1N-QjIKuIY!2-;i-3F2q2XvB64m?fNDGI`UQ+b85M_gmyw7$n^J
z*_y)_b<1?q-FX*S1;D{M{->Vp-RPdp;V7fBCm~UumGBo*6P33`2GP^o-pgDtC<nqr
z;0jaU{<-eiqz!QB6!QQW#%3B*DayrIeyG2h)Zf+E-PkTx>YnW)WJj47c{k7r<b~pm
zy}jK*sw@^-HiKbH>y-Y+3MGMxxyCY3eY6Y#4VDAqISs`!L#VI8dVTsbj5$beuxUwm
zogty8*OaiVsmGYm*wSQ5SVj^G@36JYcvp@)Vd-j5>mdPJAj@#D>5FHcmzbA}90S)2
zmzWEdK|Ck3CN#oMcle7&y5g#dcp02@ujMww#1=(`u^-X^`;8&k&rkDnJYzXW8<)8i
zxU2~opmd<)UrENFVvN7B^_QSE(9+n~)@y?i<I+MJ21k8ELQ7k(F`>1CBml$F()wCE
z>X;Z-Y*fwGM<eXEj!@VwU=71MQFv-1VIGK3W!SMYN;7P|H1Q-q_f}>|T$W+i7EHzY
zNg_QT^5^eAE1Js_z->+{vsBLyRV(dhg&ImKiBvpEmpy8hK{U74L7|h2j)gw;F-~z-
z>QY9=M&tHAn^74@N>hPguw3kB<i?>FXsw9?n}gU)WS1wIfvhTqwjf(Sx+Sy9cS?+I
za*4up-!PiFZ`jGW3MBC;3^qca!92EECL9q24JJr1xy3A{5SLAZkfKg0DFxscWHxax
znsFUuJTD7ZWPH<>RTOa%1>i+8&B~s#&CwPe3v?Z_PQ`2#nm2W(V{2paVS1x3+kI5b
zr2#=)PC`nIhFtDC)JHO-UYxfMNSPd%z^~OYrw0bntEA-UDw0fNgLr5j<gPa=0XB(|
z-h38Shs0w|<+f1H7-VWv6FIfp<P3>WGj55U)saw_4GZDCm?(V+>Z}?XQ`C)|lf)uA
zWSTX0j+nxNo{^@DIFD?0&D>AfD*a_&{z3kZ#QVW{DdXaA6%j@)4vd2YFqT!nE#8mC
z_%?c`#{3J&X{34QhGj0Ay$u$bIPnM<q~O^Mg*HrwI7!g2Xd!VtqDwd#F8Dw>NCQ;@
z@T|-Y2u4SW5+2c@4-@&M9fh!dbjwmWdk?H#Fi7&VX+yfEj1}TC0@8uyc^E{3AmQVs
zKrQFOh4>c_YU=Fh=|$Qrt^oe{-EO26!qNu3LG6AwkZMy;u(iFbt+lDuPU5hQa3?}Z
zd&Dx6#Yg{2Q#T>a-NbfUIT_dAG<pdq9pj2{s+V>e&7l38F=~>i`Np5w5n>Ci%^-z}
z5~rVQ5?TViO-q6uffc<T!xn^_#q)|AM9r|q&O3OhByd;Hhl$gn5-Oh2AS%kWikbRe
zuwXYH12RRwk(xH;h`FQ%i3t@s_!5;V@(sO|Z`?BqFz!CiYVsH-%RQSD)MGOR!1&#C
z5^5LQr}Q~y4#}j?i5$V0>^qlVJfoaF%u|@qagmv62pU$iZk1ull?9jX{P1UvdSq~u
znoNO<a$!Cn(y~&P5iy$_lRCVSuC6zWLzC)Mb<A;(gncvLFc%bGQ6~l4jkS>|7)=mz
zFi^uLZC}f0udvmHB+$fjtMNiZHEB4aYnhuaUQ3Am3*AR*(n}Uqz5&~G)yP#5TP|(R
z3<=^xNotA1#+8}Z0TEmL-0}_RW01LXN!-k8LAUHHFR%Yn#I4F6g$PLy*dkl}sse))
z<r1>2;RR=yLO<m{vN{%R7Xf3$)IwN#-fL;WtEX9h(88En*FbUaW{#Yb+g;dRq|Ozn
z+T3x1j|n|l$`rx6I0qV;LPi_)Y&J011t&JgB+edVYt%C>QwXj?W*V(y3^Pp&=(V|L
znxJM<GMbWDsoHIxeu6trep4_1IKdfqvqcGeMgq~;$X({a&u~Dit1q&i)9WW8F>+cB
z>J9Ov7SBV765NyZ%-m+gVwo1H;zZjrYvv}c)#RAsZ;7RKafN8p9HN(cW*rPDR4}&j
zf5hpJ5{~N3Q>3)U_R;|&x;7>YYl++mgGjnW={6W27%(dssWMYjXR%uwGRu@=VS#>^
zH8u6}S*U}MTSV2f<sqZ$!z#$BR+s#|1yxazn?sFD4V4A|ntbI{p^edb#!o~z#JC5U
zCas6-;iwhA@eU%g5fV4377j20ffE^bu-QWFw_knX(G>Nli9&$I(S=OZoi4=MDAOl#
z-l8d<NGKmsMkZ9Pnv#eO7>N)UPA90vp2+I;#WU{KYsohZqZTNRdSfKVWBQ0^Ab#sY
zNqGaYc@Wl0!T7-;nyqnBg|C0Q`H8?ibR!6=*%yivLkJ_^!#E(9HQV~;<XY6}1R+qE
zR&<AGe`VB#={9FtL9)gZ(=EIT_I31TH$5{Di*W~`*>dWZKK!E_%{2&xtn<vXC7w<t
z(kZlFN-DZXk$&h2YzGcJ^`lv$GA-b6){@`mc(!n@kFC*X-ddk8Yxv6CVp(y*S&HX3
z_0)qf0iJ5Gd8PahlE8DHe~!k(ay@k&Bz}v!-xzlpb7)i2?6g@ZV<M4}=y{5nFS#A!
zp&3rJHwrR%A&Gi1>eNtx1z0BEw~WkCU@~@=V3?_}tpqy@Gi)X@+JG5ZpOw4ySh$;J
z;+2iR@j+)<t(*;`m7LX)Eet)xiV4gu8(2UbT}e3s!m~>|4itq)ZpN-hL*+XtYhYDz
z$>``^7VKHs(c8Gf){fBxrg;!G58Hg!2;BiB8ycxePNwAn@>9EH1Hx?JRM>4n{N$6A
zWU)bkA(B`mbbd0SpC=jj7J|z*l#5aq7wQqw-rm|9#5*;1_^DSV<YK6#nB&~a=rw9S
z`{lgXxK*(ob^^1wS$5GAeyAxXCDfrf5Cz>Qy6h4GQjRVL$L!hW!(D!AOc$O^o0-fy
z`|L-+#&O$}edzf4GK=ZYWO~Cnvt3kMD${ca4KaoV>jVAR%cv}&^^*k`ziFXkp=SjV
zzLo9;!Z%bc%m7Cj8(nP@U<Se@B$SnhjAo>4)F%eOtcron8En>w{a$E{0g-W=@5#a7
za98YSKMPrG8FSJqhCP|3QLmTueiDVhwdsQf$avxoHnsiopc3Oj5HsSXpkTY~!jn08
zt1Hj(z*j8b^8VN(l@=I~@Z{$uR5FTG<B)3vCL(&T4Ias)14h*s3&#<_w_Y~DN_o}j
zhSy=WFSjsfjak|O=VQQ`N0}K-nDjr{)j#pfL1qhx_-c*?U=AK&75XPtSXhY7jOADo
z29jo=ixImsM~xX{=WDQ&jS0;I;L%(z4yhX*z>DZfb!7BdA%Kq+;-CtJ^dwrSg8M1j
zADZV@i02btIg3s!i?YnBPS>_awxN^_8s<#%&#DF&qcn5HvmuepHbJeW&nrFAs?YM9
z0UoVBYpnVvgP0+NB`M3Td_pGG6KzJ^P8dQAC7If!C=k<w0gnxwRAZkNP$TbS${akn
zO3VhOaJmpP_$wLKO&frypbp!%xo$l+F`KQH9D2-RHZ?6d#6ZS`FId^PiNt+&ihZIz
zwh*#E`-L?{j0-$@;<bz=F0fEo!0lL0%QVi)PRy)vhlw6jmB5lLStm?0BnuNoyZ=m2
z%632{60|VMJC+#`l=GZR&t-eeHHvegDII{7lWGCsSFN-pq|=er))8Uoc^ZjFHqy^x
zODt*Z4m1;t!E5i5?m%NRPB`Fz12poW!SmP|oD1_WfnJ2&ERz&1&IkMz+z)i`1IBB)
zvw?l4jJZj=T~<Ad;mE^y=E1a`#(48K^DYDzxWHwJOv4}sK4fE7^yO8UM8#cQCqCl1
zB@%DuaN`h`*DlaFNss3rV%*ZC&MULDsGD@KCNstqr|{TD6NgV(;)uiNQAH59@0MNc
za6^}bsNs;FD_*#sCv&85$YU2H9MbcR4qjGJXmDVTV~z|?E3pzn?mG0-_0h!zpRici
z5HmNA`DclQ4do_JAnY7bsY}m9J(=Twhx<bl692op8h<s#|E~4<eWm!{6Y-ehe>X2`
zvWx!RC5Mx7)GhTZvG{t0oOX7{`{iURj#}kp8t*=os2Um?@t|f!9*m<7c}VK_KozFA
z;iHNYPAHK?39qV!DB-mgzWEiEl@KMoy0Wfj|A~tdo>HPbNcaE`*6j)|Z|$h6bPL&r
zl~@>zZH@J<i{K4ANs}W&aR@Ki-QK!FsKALC<%Up%Mjtn1?(1k>0fQuFW-+}D2{vKM
zdHZ^3@F^FW9H`St{^lE(TrZ&u1sS7~3z_qaNp2TIS=_AQFS!0CxDW7U$R=7hY%7G#
zscs!nKtOU^C^7{NA5Fw?=mTH{`he%6O&_$_+kz%o?2D$+9bISQV~I&U+JMwt8rH8n
z&l-(78I?%uLQrbJ8=SBL-iZ05r3-d;F~-QvIMXoI2SubK$St;<c!z+jfP864Nth}6
zH`1)|5#IH$Fqpze{HlGUMnRGrx!})?29l2%IuH{9OR63u)r~N~R_PU_Kg>&r5DUEA
zD7@BB{)o`PZ;Pp6v{v+$i3pt$m80}+utBA$?VhX=p&`p?+?O+>kJed?xX?J;=tD!}
zZ)Ptf*c>O*vO!a8b_a*U4clAnGO38+o1K=cMN%Rv8dg$6#z556>=y7xEC6DObP9{L
z^y<+R2^vK#kML^17;#!9fn#BFo+ON&=A~cjvg9&GJj39a91oaF0Y+(0dt+N$Yez5Q
z;iy<T<;tuHjtB_IvZS#ak&0H;uBqp#xPrjqKsV};z$Spi-_X8kEwrnHaGvY|w*~gC
zJJ8$L-9gQP$#Mq=)HvTN80_}O6~T7Q+Zz`Lf_PKExOd4K?T)Fo;38^k+;6<4Du%mC
z*twPuY?8^Hpt#$!``M^b6KC>sct`;!K0ogx8&pJ=m&J0bS&;_2<&cZwhvEZw!9$UN
z>lFIz0oXmraDO;FOk0mXx^V%92e*E;H;<LjK-V-aPzsAT!?V$;5)L!hTi5J<)}XaU
zk`>bzAe7{rvpP0MY!Qyy;KwH95b~=->^5-?Q-%P`qSGhUHWAwcOt27heO+3?+)1YE
zEhS~(SQ0VfCN~=y`Mz%UK(`91IFxhQlcsi~B=gJ_(+K4-pVnYs$I_0@<sHOOvrbP2
zx)olRHFnb!YXwBvjqxv*CTYE`?Y3z>y^ZZ%b~TwQfl1Q6tg%h3BU|yd&W^<#P6J6<
zoOLZl7qu=1w_vfMj+Mp~yhRFhw>H_r9cXH8H^9l}w~)dI$F6)!TW6!#RCmBoS#xLK
zB8XaU*CowM*``Y!jomAaLug53C}ZiiE%YlfDLLY-FVo`iV<L`&A%G$=GZ%6aWdlHO
zh8pRzAONkoPK(*87Qp2bW}#3EJt`wJ(&%5EROIz|^&;yrSwCRfDZ$i`F83R(_mc5p
zZFSL?7QD{T_<ZEJ4=k~?JqPpECR+x!zQ8`A&ay9{AC)>St~wbjfg{w>96sP@YB~hh
z5DcUv5f6&RW93K4$++%_QEwBbka>~V_{fR7Aih44&BYM)|IrYNKlEvAL*e|v;6F#B
zd6Q&FpiU6*%A6hqq%eHz=*iy;LiZjwXD{~?zZf7t$io?^5S*S7UrM*@3Z~+^g;qHi
zJ&1b+$yM03)~#a1RfTO9z5KpMYWz%FU*%sTEU)ndGeHB`@taEX5-@2P{fG%y9Is(n
zicoookg*gB#gk!nVKg`6hpd^HJM5JE$WGZjG3TV`)R9X#%lI8$m@2^{qD+uV2IDE7
z#08F!zP`hWI-?_4)nTn*EDEpHxHb~8dp53v`qL`|?AmQtGUPS{HX?Es#?TOT0wHzk
zWpD-B`i|#1UEv*KJSr}`l<BU(CX;C5P@ay`Ji6U#8H*Qcd@$1bJL3^6%HkTz$PDNo
zJGwAy1mS8@U`nv>?9YZMP<-?fZz>CdQgeh=4ba#MONKR{q9Ib0R#Y~FG&cfVAJ{Ka
zR1x{PPQx3lQ<?Bj85Z@at9S4ygSy;n8X`T5MdXFhg|ry6;!7mu1Wj@A44KDRrJ^s7
zsfd{ghN7>f1$3>41k59DJ9?)0io*CAMu$dOBmrp2MJNiW4x@5d0rZE4(y_HXNF0;e
z0qBf+AlfE}X<>sIa!?wJ&~^rUJ9``3c)>FA&0L5A%{}Cjn2loQ4N+<lfQn@cx~Y#b
zQ3CZx;&`#8K=WvMj4pJ7a048~tDWPZjLZ74bsz$~hUDBsng3W)sIrWxX+R<pSxE6f
zur86Ei+K>fw5Z=??J~6^Lpd3n?%spNx#UP{2p}Am2^J`bwp%b;_GJ?tdOV_s5=NIL
znt(Y13lqQu$qX?EVybwiLJNz;h|DSgMzSRKs7o*9W;u;m7ea}0mTcxNCi&XWx4T*l
zQGIF3F?!kKf*M86ddFx2gvN;bJGG_H5GIu8BcU^`IVEGxyn_+xQ5>1{t%r`(g>KG1
zbSBT;xy`{Y;TwTa<oJa~HnS<lgk~nAtCp)%%WR_=RnZdRbRwdJh=EK<xW7m&XpGNE
z?%9NaUIh(+^@^o{5KuvrhP9X#`d&d`86dZr+B3&fHOex23y8NMfMFlN$rM0T;5zmJ
zM6JXtdYw!_B+=s1U#6I%%vDgZ8i(KjnHgdxV{y|7M1A&XD}o149_n<HHgs}C2Q4(z
zrlvS0NTv}Q49r~P<&68{aTGSMCI)OMsMihl-PFw0Wt(wy)t5qY78H_GSX#-sNt@dm
zfs?9;Dd!=(e}Qe=27xOe$YwS{WK^q8=0KvEx<Sob?7NX~1jAx=LsK_p^IAv^Yu8ni
zesBdowG1VlBw!oVQEDbjZ2Xy;QX2Jjh8~hW^HU?b=~z`+0|!TjEi;Q3>LKbOcI%G~
zOH^3Y2bEq!r}D5~JQO3vnh>=R?1@uk9p&gWW))(K8nfoRerY_3-b~XkH^n0Yzav{N
zzSm-hK<x4Xn^U6M8X9Knc+gE^b;nH1t4t?GS$82KpEHEn7o<_)N(8ff!fr!X3@-Y*
zI#N8madEiawl%S_Q<yhz;SpX74oqp|xx;xoozFn{cokeP^Kfo33C1I&o31*t)nHo>
zy?BtQd^TcPyjTm1>qcdf3~}9<Hmsn~ZfwC5d|g>*#Heq&m^RATZ(5yv*U2`V8KSgl
z+4bc(569N1w3gC~nu1#^GFe?wY?xRi<%|4WI-@TmAx~Q~nVf+@&AieSfr?RH0roQ(
zX1`|wjAtfyV9?1N0dq8QOY;!)M7Z?zO;H&F7`nj*Ge2P)6AZ7F7qS)QZSsw#^6Y{s
z3vZ+{s|35yaw<K=42j|8>R5a^Mk-W8hXti1%?r9VcG;ULc#jxRPKZr6fMRi8OJR}a
za!lee#g)@E2;9~dPzpLc4Zrn*Jt^n0Hj9>x?4}JlaZNOC-=JnJ^c1jxBg4)HT&SCc
zDdYNXekGcYd3s>g(c5Fwj3CfuRO8z2KK0L*=!QbrEn{>-7I=n&t;O8Rgn@AaEi6;T
zxonQn&B)sTWJfyMP12iS(dH<gEyS{%0HB#7jmQmz$-``iu4vPfgni^4VA@*QJLttD
z&w_a68Lx|VQ0Si+stdO#aSL-*n9RJfzAiBSVT}oAd(2U>Ufer$$A_DMd5AcLOjI{)
zgVbDD&4pGQt(omPvj#+d!=#1e(ql`hh(!I7j8THd7>p}7!!s}+HpgONh(u&rX4nxn
z38z<(^2o4IG0m;bx|3&|EnA!v6liN4u+rVx*0!jzY3cakr3aMxfD<9s76}VjoTyg?
z;-o%TOe_s=7;Y9L3Zm}0%!nhA@*4YkJ1Je!fB>*QbrKsuH_fDd4|aAi=~jpbIBspV
zwD87?KdQFj(=D3QQHD^@;2WUrxeZ$$f*ehV$%{U+?4re3P&8~%%0jZ-+r~V{Oyie%
z<lr<uFDfZiKFYH1w`}aPMQ^u8@W~#GDpQ;*CRQ?m(teL#Smdb;p@g!BaM3*h#9cQd
zQs$6K?I`P5_&2nQ21$Z{f$Z0;q4GcdS|>(|qaPqM&1(1vv@?X4063MTHVc{(fwyZk
zskELx7)>l`F1R)mx@B}a&}=Tp7Q9Y$TN+~|JN>9Klusx-eq3HqEIVWhW+!q3E8izn
z52m*4dP?mkc^gMU+pP>@ODLhkA;N!V=iJ3wY&C5|!e}5cu!sf)s`F}E3Jr2ToOaMQ
z@u8+1NZ%X@vAfvrh_WJ{K@Sk7eb&C|p}`8<ScweEB3~Lm+U;Bz>3jH2-~M#YB;<>0
zKN0lFFtK(l$HR8IodV*DW!1-J_X3<iC%~x|X3R!$gy|WhNSJw<C{Vbml2f6zV43!&
zhqSU>RhdzoErmDws)RSn6qd*u(#RCg$Ql>P7!+wN!Hf6`G^XH1+D>qk!Ha15Q3Nj<
z=a_o+dKiQu?bR%+8<dlTJ7{*y)FBd<b$cF@Wm$KbueYEKk@NvX7177sY1C-q%>zaX
zY#cD3<J%g#a{x^9fERSZ21YX14H-I@k<V538wO!P&PN2H(BgSTfCaVrdO4|r*1~CB
zy*WG97^=uT!E`m#tsTP73+Y=gG^!AXY?&-ph(op<FtW*NVKHF=xL^x4ngCq5+~f?v
zg-Q{)zOqlo_+N>*ni@>XY7t_9Wsm<=Rq3m&F~|R!S6x$z|1}YhG5%K<9duY|#uNpt
zNlIcCkN;6soYy7}m<I*IX(<_wql43!$4c?h1P0SdlmrKx53#}KRrqQue3i&wRaY~=
zuBLY4VuOW<pFIr@rp2{V`V;HQ2V@%AYKn#1>RODP0zu>%a?4aIci1g+0UmlQuP{+#
z43jmQXjnpV;fjEIp}3DoA5kfmmLgnD4JEr46XiF4<|YP%EYQqUjg7@@6Zsyi(AZeU
zSY_<u(0T(9aI+b`PZZbI52hbdnBkEg`BFS4!5Y;VG>c=Ag^nhIR6Oa<ZZBJJ8@x)C
z{5ZdvY5}ae78g}>Wv%F|622-EBEMR}t40&KDkJ6!cC4{Onr;AFc*H7mxGJ)1qz7V{
z|IJjWSs(dLnNc!6Y*8T!hiFC?qp_;FNn(E;V=RsSROofmc&puYFc>VV#HH3nvhr;D
zjh)=bl5ODFQLv3gIjM|+W2sB*Z*iSgEmUH5sxTmfJE(FFUZ&xOe-YLNW`9IKFKoa)
zjL~ajT|ymhqYj;Uqtdk`j-qkFdQdb(;yzcVHpwYwHt$n@3-~CUPKiHsCU;Xe^H~N-
zm=dDOZVQ%^N=S-m7Yb7^$GrXh%8Vzy2Ew4WNm=|OH`#+N<pi6!q>deSTPhzQXO@)2
z8EqHZPr-H5>ep%G)`@btb!t>GVcwjMJi2V>nJIK-CO7P3<3>AWzU_w@P!ZEyThkHk
zhG=tmzpRd(lV@p}aG%YtgG0E^q=AXmPfn-90&nYqm4!sh0)=i2Pkb#xFpsk+EHs4R
z4MGXwrS!Z8e<DR(Z1=>RdJJm`{+BJN9;AnEA>-Fc<j1fw7)P*d4A8o?GQ_9>N`OV>
zD!<Q1qAnR%DsUYsQxll+qz33U%$Sv{as*WNxH`gwNVqCIf~5Lka<~d|K?B-1OisrD
z0Ae9uMwh;>gW)93Mf<|7If1!i=1Kh2a1-em(*n?g2`VN~xO(V4z0eOgIHGke?hf<>
zd;7ZD@IReP*#boh@P(3Og%e`RQ7M|3(T6TDP-g1mB(CxNXac#YA%e3%0cD-;h6W!f
zBTQe{OG)js7K|iD%(N6d8Ip7q@S8XYs2o*O&a9!C;b32Hr4RRW->}<B-Qhf1O*+%o
zz4tLNF#(0NKqc+VCc>!sluH_XHX(baLxl)l{DENUR2IB86EwJKZc93o>!yvLt)1_t
znZj)aCZ*o!Tv?zKWsYT)4i8^h&C)@6rRGqW7v`w<*jO-U<Jvna%-IAJ-~s7q>@~s%
z3<xg7)tp3!qhh1kqsYxAgG`1QO3b|Hb#jwDn{BJT&r;C{0;)7|VY)$O>MIWth{U7e
zuK;pk0fME>K7E-)jn)CdHyrPr=A`f}R`6ht$l%l|L2M!rSg7s?4Wwhtl#9C&5@#dH
zsI$^NQJH+8t>hM}BxqtN&O(s<J~P~b0gnM1y7!9_Djk5aCBNM+Zr}y-%YIOdlN8A}
zL$K;}JMxP10_6-&6wtch7)iwT9)gnm@qrBP%tGWBLV;zhPr0o}ff%@6Si>mJ9r8py
zcm;O_jfof?n4kpjT2IuC^SMoN1FY;PbL0cTEW}1U6-Jp&1{ztT&FvAjpho7NNh-<+
zT*i0?f>BH1!12JHM*f)zI8FIs^rN$biaDs*KxA}gVG9ZqL6A#?P~Wv@J=o`#?4nEH
zXsy^YdX3wQl=*B=isJiCb}-qjzw>qQE;D&|W7N~Nmo4UQy=b9+-e&cP2nZcWoI+cv
zw=*o~Yh!`V-$ud^`7betB4;Zu({fH_04C=Ng0`@1IjLR0ldHqb73-In7g+Bi+=C9N
z7TMOzt>{KmHFpVe8g+PdZ!TGVJqq$+pQIY{F?py@h?_PRmz9`;S&?zP-1P-+n7Jb=
z&X>tM8V1?G29*JmYb)`<T$h%UBOcxN04hl83y;p-8CMqlqz%>C5>O%T(PMFl))jMR
zt+D;|(CXr31DR*fM#dd8+4eOw(CsqtfX0qyZNE(Q#0)DGV{+Ii=jc9~5(pu9#zw=v
z`u>^<zHA;NzQ;7#Zfj8xb3>?a=qY%%ux0b7We|w&vvlJ@N@fDo&WaMy4kg>EYm156
zExSN^=$*;sa*ST6c64Q04vfr0IHw0~2~$iM89lIUd)DID-2<~RA6tPhm-FeEeNQvt
z!m!dz5^VIyDdZG<_nat^gqu@RBYNB`;iQ-B@#etYF>^fdHHI|I*rSpb7?3b%yaX6`
zrI-wv3-5(Hx!NH=yBn*`2oSztH)f!q?~8@w#NB<pY;;;SpF7x9?5npKS5nM0Y*|;P
z&EQc=tgQuoFJ3V?r^!!P$;+8EFW=0ZvUw)Y%uF7b*0DFRQV7Y(ZG&vYXeM=tP2}EV
zXBMJk#Kta&ry=-s!MZ_j700q04~#{ZYUa^MLt>FkZk(r{{bXN3zl{-vKLB3=QIFhb
zC#(u&(CN9L=#)w3ZtoBlUzkNU257w!W^wa|r4fUNow+n|)P!4v29@>XW&;BwK?x~|
zw>re^TLSqAPW>>2CL{%?s1UUTlU|s*aUu|chKH1ttR^Hlr&K`d;u6UKE|Fq};(E1i
z(tM@Xd^{%e61oeL4LF!8B}Ho&`a`?p5xo9%AHSiv%H~=;X_3sbyOW0Ubq*CoF8!zl
zzuLH*!h|4-N@&MoA%|&^fT0KW1A@RPf(r!s5whs~IHy54NOm)JMr1wKt#H3sz#!9v
z@^NG}`LX8b$ZGOqH5M8qBVt#iCSws8JKG|)S`o4Dm{P<2ZE@h;v^h)=qz*%DLOA#k
zacQL<cfB6M1=mXDOv+91un5d<QDbvq_n8E!Hw~k1daDRO>7y<xq!-kbw~KQbcI;(l
zK04Ymd5;QFVr=%nR;N+hd6HoVJSk1>#^NMu=fs)kmUKdVDuL_e?^ekTL+za_g|7v;
zSlU6L6I)IIbcKomf{Y%QB9OLzmwJXQ-j{l&QTbp((M(;p^Tf32w&0Jcf3-SS3Mn=@
zML$g;#gH?TrzcZCvoGu|b6@j!<Lp{IW+zUl!b(H=x^R-x`8aS+sQ+emmq9_k9)-hT
zF8SK(FE}Zj0J$l6er(O+3&@L4PJh6XJK$I6$>{%wf8uRW5xoC$`v3W>YpTrtf7QO~
zlK<aCJVyUN{09%Z#rLlc^(xX}95v%5O*uk|7sY#z6BzN`^ZS_dUR8x}f8?*OtEsK4
z^ks40E3%^=17<3^=|PCg-T-p4vCGp<&s0h<H_G6qXD(pxrsrS_pzgGmm#ZEwCOW#=
zySk0eUC&T$few4=n5qoM$Q9rGdI=JtKmdYh+W{funM;o$ays^z`)k|X(3o8NM(x{I
z1m`}AlHmF%!^rxm$wM!za79axlat+;HvXCS{d9I%_Ws54vYT{HcH?J3kOh;YG$OEK
zQdHV+E-$-r@Px>Qy0Q7$70JzxqN_!TVKg1VwrlI7f`tQkx9tZ<)KPU1;o9IGixA|_
z*Ek8gD68hE?E|d3TxP+9wGl-utzW+oi?J)MBGOUHw>)Sz%}vzP6v5;?o@glan?>{z
zTJSRd&E$_}Nr$$RQpBQMwaKb0j2TdR7T$-XEJx+2%kmwn2$7paxt5=QVPjOuuRyn4
z6)R-2_;^f&_n-!ZzO2k8cowj(U9+KS+vfsE;#klibSk?D1jZdI;m&I&Z1}YMLcrvN
zHLRxOgbQebPNUhl1zm5?msg{wp?04=H~47KsHnNKBVcJ)qe0C&*HBug!S2rG`4rCN
z!N};h5HCi96QjW$(AJ5O!?tmh?u<TSsBW}V*K0LSzs&Ol578=Rjn%!8c{lF2pXT4l
z>)2%5HK~BEWp;Tq!^#Y|^Yq%vi5}_>Xhf0eN>6H{?ZG+y0t+Y@e@3@S5p`p6ptKTY
zk)0@Qkp?v2u(+6-IzL$)D2;5>VU@e;3z8$oUyR7dr?QwXm08zv?TmHu-Z&{5pcdx*
zS-9`#Xk9<EnhTA|0mDMxWL3{87!=M+i|?K>?x5#!&*Z3`B_OVI27if+?h=AD#^#qM
zW@+5nERdN}a3*pD;m+c(k?$pcWo1@?vH+ts%|?nZIT@K}@!UN${z~|e60_q&+R>H3
zinO4mDX^4cxdj_E<CTHq;ZHK=+XBms8znBgJ4E3_lN{oi{6#Xli!d3S(od$_Z@C~Q
zdP!>2(JU$$B~R;>_qwpa35rS#CMl1LoaLI#N#!NRBW&;D9Ca@#-p9F@tjK<&?XCG9
z(R^KiM(y;HQ*z3ou_{zyHSTUN8KtK2zL;?gE;V_0)Buq%PEN;-e&mXE8^@Y2lV43f
zRBBYjj_R60zTy#mh=6gbTB*;ZE7Mm~8+{9B4R)FnIO<X&=CKsKb~K%esB+UabVl8W
zRsS~CbZnf5GuuZ*EsL3-QwpxMOTiH=r8&bX3%M>FJn<QSw^vZj)`T90R!!W|*AKjW
zL}&vC0FLEoB8AC2npWWsll3wm=@|_^-Kf{7!2%r=9CVt~iDnCIefbT3nDK1X1vH#l
zPPv5rn7t2^VC?BZkXsPsw9b@mGAhW-K!7<q#uzKw(BSi+){dS)cdv(D6X<CUv;}$t
z#_J)Cv}N8=3V`!0x+1`Ox`t;*Y>@hDS*TU>CganD<W<cq&q_#sGa+eSU6~*@&MCY3
zlIL8>F;BA15&QX}&y6DZkJ<0S44f=Kj%whJ2KKrxf=h4*VnIKf$+^l<pq@Gi+wn-j
zt5IN(>mtUB==0}|mPmM$o-3B=%J(9<&`lUQXwKRB69g|(B8fstVk-F&j#8krcoCY<
zZ8A8M2`f_C-gOX_BV{lKM^t3ZFq}(dBRieMjnv22aH9^N*Ju?Y361jEl+kZdr-xkA
zfrVViHYKu83nRb<PKG=uL_U)u`^4a1>0L77)ZH}MJUTNubTUIJ%|<HcCVaH6oc5Oa
zMzz~Gdvo$WG9?#3nX&B3X&VOBSF!v&bNgIo@*%WeHEq2JwG$V9`edE-Cig)tCT}M9
zK{8kJaZ_Ya#dHP%>I#Ejq0er0q-Dgz+^M^f6w)TlTh1|gjpp+4mm9si+-CEZ<5smL
zZ@H4UT%q1_`FX@;@Xn$$G=HbKY%6cxesP&j%qD?rTpp~iaM!r3xX&)HOj7SSI}2`N
z@}A2tjutF=#ZBCk!~d(Q7!F{$?tiQF)mr?&YD@lK6Y@;3|CiMPtcrPnRWS#!>WV5K
z^7-m2tLv&OQB+bxQc{i$O{5!G)tA5ztZH<QU{wWsf>o7V!PvvM!d3LO<O?SFf>j0K
zl7o^vSjio%<PKJH2b(nRV1iE5-YKlg){;ECGZ=%HYbC3KG(oE|+#ejG_uPwB3QE4s
z?@d;i0@4nq@pl+wn99p%j4eMI+{VW28CJzDZ`>tEu+8EKR+fpf`S?&7C76;oP|G8Q
zUlwOFSuOd5S#R6Rf=3%PehFQ}MnPC5f3Yd$FP34MFS&}9T*XSRV#RV5<3iYE@)k3}
zB*Ihj3@dqt73?#WQ&510TpG2ByFQa7I;C92a&|i`hsdapx$7mrv6A1I{Y^|7#g)9q
zG}E|TcE&7UF?`2#6^pgnyq(BWk`l4iuOyOiQA1V-GT6dW_c5p?4{LbNeKP6mEF>hd
ztI4E;<7~dT-ejUu3%==#y@|IIPGMAjZ7$!kD$TjfunW(}t;{`v&SX`hZ<a8yMe-x7
zDy}1$9kluDxOLUG-L%Pb%H)_X_EV+gSjNX@O1lwN5j*LUUs=BNklU}UL=i@cFpn}G
zr--By%U~sJGt~J>R++goR321fs+>$=iW<gk*zxJ9euLf=^nA-OF*d*JTPDD!mhW4p
zd7FLi@~>0g^R24n`u62=eG@3#;Qp3n=c}#t<LMM<<Qx{KxY@#XcC7p3Nw6!nQT*hv
zS1CEnl^o_u4s*qEm?Iu)y0pym84^p5btT8Tl4D)*9P6q^?O9h<a;+;ph9`snAN4pY
z#^rC*a{2%Hsw->enf(81@V_PhzlnG#Bcm>PY|x22UM0DZt+v89zoN1dE@Z2&tgG4I
zcp+Q9cfOfC_P8tF<n*wk2<aV35JO#lnKe5XQI%AhoSfOSYSnmMw#fs*xGm%+?AcC5
z4Evxgry7Da8rdE)r3GDo=BWDGL{xmeU?en<j%h9}X_cNgAC`*K7U!7PZ`L>d-R|}l
z=vRMwU|^Ns=Uao>dqS1d;W%5rF(j~{8`9i1){cI@C&2}@JqeudrIMk<2y#IK9^@2U
zN{HeOXGmbUQUh9!eG_=4!<C2!{{tNOHpqY%vwc-J&PBn{Pz|r?1W`vQv9P?s<#)S1
zq-QymN*bEUijOxy>*Z{kBzyW1?+4CIKy)WhQ?x~YE|=e6Kmdy~$R{i}>5xI^p|D#p
z>hLj9h<SUmTDT#rajB<L0?R_zcT-u(R9@WtQ``rGgCVClG9ir`U3%r^3n7(f!@`5!
zf$}PYt*NPUGHizWb>&id<tQrT)M2PoASQxOu{%JYAW6bU)6`)!ULXY8_!&SDGa2{$
zBk}Yc+<q*M1@lNGK8)vgDh@g)Y9VN?&JGqkT5qPqY!G-&@~$1do5-E);my{N*@>Od
zG@-^pTEIlkdOwUG$$;zd0P{c$zc;FCI?5z=nhB#Lj|pmmn8~pgE@(e|O`TmUyIU78
z>CHHLPJIz|HMwEsttyA*7cC{?8R|;L0kv6%D?`)Gfu5%B)-KpBW^TNVc>hy-B~^(g
z04t!P9gy&9K9Gz@AwB@rqBbvT?<pJ#wl?R4pwjE}R%NNav{5MflU4p7Doz_Y<bOYw
z`z`W+>Hg=5d93pP5WSGuuU*JoiGNnr`LX;z&n_NELA!u~7z92DGR~?6n9vfmEIRKs
zN1-4|OoTUmqN^WgCw0gY!9vqeaFO4VLr@eUX8?53Oi`m7uSqe(S%AKnW{$Fvu`1Du
zKTAbKTbHF0YKSUSV2UvTYZHqxp~v75q;cCA4949|wgsB*PR383tskrKkgWo{wH)Jv
zk=W**pX2@5^Z)1wZ~{y}MQI}k|Hs0PCH|AIW?qT^Ps9^g(bd`A+e0KSQPWH);7d>a
zrN@5$$3x2eqD}ui=6{V@{;R2}D$W0icrwj@pn%f!|MEW>=6|?9v{~nWZDr~FXF{Hg
z^B+?{Y5srtAN%>Ah^wi=q^uT)2jrap)qb=5UsF@k|4hh}Y5sExDDi+V_hUc*skKnC
zB!JxOzuEqyw$fjk{}b|Ln*WpnO0)mV{$!i~RYhU|xz~U5`A==-Jb!8aPsEdb{#TV4
zz?b~7&i{64tvsMa<l?oF`~0`cy#I%PO7njLo@EWx>cY{~+0oLvxB+=9Lh;yuGU#w{
z>&RIy`pu1#2IO_fIm=>%=|s*NpU;UaY42+64R$t=LgaUIYqz^XFu;sE*x7C8qJw%G
zkYH^PN9^j6S-tqTRzW9j*U{76WXwDyzJ$<fM;R-uZC%AgqR%oUfP!00peJ5p3X_3D
z4o72m1Hv?t45c02jU8>RiyBZ;0*g2d82(#FK*309T?9wV7+m9f9qtQs*6k>hHzeQ?
zw!N{bvu8!HIndSCxsv!K^fq=c4)iuS{a^r751nsv!{3&+#>G8uRF3g+AR<);JBc-q
zn^%heZSHQxgAv3ZaT|`zn6Jw`Dj`Q1ZL>UN(`?2<m`3pQiA3rgWzn@^C5g%th*Adz
zhGeHB<R}XzOjxqd=QtdXRFEEV<4QweQVJ65Q4}*K43EPR0^c(HH5o<a1LkVsb*`Cy
zW>O0W&f18DLrtZ2<A|>oEF7w9>wMKV77m+xijM1(ng4r-m6#VM&Y0WC#s7V^X8mt%
zZOQ(BVjh@-tsPAbp}N(0{PC<_&DcIzOu&p6zTkfx`kWO%U{=UJ7_$SHAbhg7fhd$6
zj8)+l+xnUV4Gw{IksMW(G{3eutmcbD|KaqNE)V^OI~?8+{0m$nf+|9&q9u-*RYhkd
zs%WLW1-Ifx70tn>?%rTepsBAr5bWp#uG<}GYU~Z@oRfirdC~&HyjSBU!kDY+j60&l
z)}jiWhX2R|bv%zefGXnYR2|`xcI;T^a&9DY%hndu(b<avD_VPcjhv8m7*T#|_X&LC
z6C+56(>|9iD_sqVj<OixrI>k&lik2u!*WDufxdHWe7QN|SL?Cz|L#Czb9<neZRFzr
zwSF`Iudb>r+5b$)Bieq0l{e<TNht}jC#4hw7h11`!Pz%N0t=?%)bbyT*hq<jC@aNM
z4(_}mVR?B3N$VvgLM`hdzTk-NLKT%_(x9C5q86}Kgg8858A3HeY&$u$)-jYyCF&|F
zhKGl}lqwU{>fIYp4szmjIF>++(ZRS(jMbx<o8ns3P*O?IKrYmVA6S|S0KiLF0oRNE
zH1XRaK2(@*dsERwg!_1-@^a*D4z!?@j8ml)4doMwOJNMIo)PCFC?e^my!sA8%iBHz
zm}PhAu}o~=p=at$N|@!M&Zbs0-<+3jT7<mKi<(S%5`%gUlBbJqe@rb);dsSdgbX<w
zn>)oU;drPbtqQqtmgaaU4K}XS<qZ;H`7qRka~)&`i*L$=JP>ye4-Y35Rm?bKlabiJ
zDtcDFPKjByH1I#^izyqBI-=rHp(PS>lEk@;g=8;oh$2T%!^4M(m=X@jPuZTaXVg;;
zH$ieh30jpfB<sP6A%eiJRIJfK_8YWLvfG#sn~fS`PF=}28#M^;G?Mb56xn<`4J-er
z+y7#=k%RwN&YNdG|EaF6Dd~SF<e7<@sXe)i`YYlIif166^Kuw<cC@WzR~*Dx+;Fpt
zDV_Fi$IRXaL`_EF7cm|qKS0`qAKGy;ys)#S-UhB@#{2VDDjL(UwAA7}o>ZU!>LIgw
zj>^_1oTz0OL9SsEbh=-O!K$U_fGE^V+y)m?VcUW*n@d(i;vp$gf%5~|SKxh$p&>lU
zEludFV}|<8m1BBI%0l%}0oz;&J#g?Hm{^o$gTgg_2P=yatpavfY*-f!^9!z~s*ERX
z7}q(dq)6BtOw!=&$4XG}1btlt@sGyUcJ^RSn~-B+Jm8L*x^}4nl@sX0XeKb%HYJwc
z;4pmdPeXK9RGyA;&+PCBCJZGMjKt$>(+OIzT?*kQRyZ6?J=1{jenO2qbcIp_@_Lz0
z2~M5>D7*wD6h;XNDGC0hxE~IUQq_bUQU(-ESnQ!Itz)LRnMCDn0zL_8!f2!N2>Bg~
zDB!zM9yvlQhQ|PkwOWet4YAgozGlz2HaZlK$`x^vqXK7Kf?xft<s<Nap-3#H4p|$u
zEtU-TM^(JxjK*_hNu>KDB0_X2ARAT^gF03c>#`w&=CmM!-T-TEg5B6@tj}Di3OUSx
z#S<xgT58o)Im}?``K%*@MUiYhrWI4JWURKiucLJZ5wHv$=PfvvH+BQrFNejxe0fw+
zRV6l9jwRGooL)(wC&FC^m~4sgg36_ssyI08x?aLTb*wnCvl4Htp?WvTAm~~R3JRi2
z;QwM-74O5FFw+<eg*5dhUAc+4QJb%B)4KkH7^7AcbB%#TeqK#Y=JQ{l`TV!K7S4Za
ziU~xf=PSPcXBvNbg9MJiAn%U3ja>4d-(PLk|IVwfEXjWp@!&m7eiygnjIi<L8@;5w
zE{#PP9yx`}cTUL1uA8w2Omxt|UXlu-kBQ5jSk~oslhV{95|j->%uWYR7K-AE>UhXb
z217Xzu9Mb5ZUI2JAa(M0(1@70KphXC*WBINg@`*S-YLct;4?`x@fL*4t5)ItUlZQU
z^#%+@T=ZT95QouvDGC0Dt{R`4MuU^1k`fV<ajM&~W(|Q)3Wt$|2IOHRN61Y9s)Jl3
zMnm0gBy~184}wsVVa%(W;_3AyOdYAT!Ff3TaA1feda>+;Kadb~yj;5!i^~yoP+Y=e
z6xEAGNxJuNntotN8h}X2_BA9Gi8S3DPl_!^;lqL9cv5V6lLKTu#e)(+HVFyKrFd|0
zf7~b>ckp<mHi&hxU_kUj3KzjMVs|Rwe|kF^qDk_y#<spd4|2`fSDoWQ@YlU&4Q|s*
zeMb{s0wO`P8_t+19pDCJ!AI6X@9wgJ#n}^R3pDj2S{ofb68nIW2N^dKWd=fO!2PwV
z11_;8_sQ0=J8Cy>@*t<=beG}0uswoYc;kfg_rsJ5<F-ho9pRcg$M6v7FrX@eEYgGt
zG0qO0vkvX6dQhMoAcNl+_qY)2J^Z5m2LxE)BA2Ogz>;!WrI&^A7#MiRz^<v~h@)Xl
zG3JsZsUe&h@K#3yth!+;YQM=uWWP5zFDpHTKbh8l2{VRbto`uhvj6k@Ea$(zn$r32
zggi562)mtrB}P;ZK8NGrz5s;RUL5S{?S_APS9S%0ByvInW+dUZcx-T)lw96~7dK~V
z;!oWt)BLBW8O7lMx#WLet;PSpy0#?$PsmeVjK`s!c5&StISiqZZ>d%y%@iVD$V;>p
z8if&sMKudI>944)!9VLN=hs#F4B;k=18H`~M%Bo!+M1fG8aG5yAwd)ARV~QX)Ylzs
z5A-hSZ0^C*R4g3@@eT`y#$16Fy@3wUwDyp@#UPK{Q6%Uw?iQsLEII<NK~YaGaEogf
zd=9a5Ef(ytIE|9E0R^d^H%KMM1|+^}N5F<u<chhqC~}74_yh8KkrM&(ab2ykSiE^r
zy^~0v#X}V(Nu~r>QMK3S-GGH`5*CkyIU`$B9{jw>=+bW5Y0z5G(WHIEQZqzqWIN$t
z`$`NkQ`A$<KHUeX>3)}89un%m$_*DlIdS)#<jNjLS(y^|4ks17!E&l=l|%xheXU7C
zATBcdv?B$A8n;uA38@9v3>rX%@qzy~H`gjX#d<QW|HM$CNE?7$@_()0vi|#PO7{N~
z@)U>X>4q!?2mqYK$ogN!*8iG{DnF|9*Hu^5`7QPl#R0a6t9o;wrM07#-o;=ePH^pC
ztq%(mSp^RkV0PliKjZud<D-e0|CKdW7X5!^Wy$|{LZ0GGDQ=ur$n0kXMx)J((!YQI
zx|-^`O8<mQ|7;REh~<~eH2ySZWUxEX+t=L@BuZ$~FE~K3`!*a;u2rE5VlPwfhv>rX
zJ*bfwP&Tt`F`xn;d;tNqM^1uS1O4X6+-d`^&5@~D^09cLb1w*q@d0`QLl3yA`6f|c
z3x<frlA1GfTRk>77C@=uz7lioOla~T2)n6i_4&?-Y)F7AgJE3%fS*J-9)z(NsMJnr
zs(fzzUWNLV6e7|v#zZRt39L=2-HiwAPHF6K8de;}Qi82x%1Kka0+@aiIIM%X@wf&J
zDWu}OJ`bAHxTvW)FbAT9<Ms&vP2`d{dYnL&^tve)tqu<gtpm4AcOUeW16H=qrO0J~
zK$RnKx;B>{ZZH_2ue2mNDUg#%`*RJUXHFVv)I+EP4jA0@mI8;^dmlZS7{F+7E>FfW
z&Y1C1Qcl1b9WyO8R!mU9PB#WBwUP|!SxUl1r>t0&Rt(0{QidS5IT=p~k-({;EUzoW
zJo6dH)8!1~N{rOybR%;9G&RmcGOhn6^Vu=Ak$wI5`)jJq_8;?V{U!b1ggkcoe@EU%
z0ll5Qjcvj1&gDIrU*ILYh$|4i+mhIJO9H1&4Z-0igkUBYvM2*^!-fL3{^aV+Vl7A7
zqN6bcer=+M0^>n&FC|glfI0~-$Yi<~dROM0IhqQECg8tb@0``KIaG_n^<w-an)a}v
zLA##OLrZ$S&SApG*c}$DoL;YXTM0>X<1A~4EvhVqVa>)la9J%AuMqOVqEcKP8@uy?
z*v1zd_k^Lc2H-{*a-$262~AiyAre>>I2d>>5|>{mzg>o}Q*b2=UK*5GD4rxyt%ZVY
z!A~Ve$muw}FGILGN2rzu7|;8j4H!-F;tCE3rDDu%qe?0T&FY>u*4uk50IHb)BsX|_
zP$C4T3NG<d3=ax)Ec2j^o7^T0${XN*I`E9puHB?<1GaJ9#KZ%x`SdXDGVV@{42yQ_
zOgIjghY~S@rs3@R_f^Uo{8`5#A7)`_R?)0$+-~C}0e4SAwitGhXc`2e5D=+lv{KAQ
zq}>=PT;92fP6JrV$5bD?8dJEGQ@mT#a)l;umda(LY?WU}X}asubfM*@Vo&sTNr@F}
z7lxT88FDE(xXQoAjgHbcUyO@VLmQ(R45pbr6>mY%zA9QkcOMJUss)0P7=HDj1u*C7
zuLPzxydMiMT(f2k#tAg%Bg7R~y_nupE`}sZvn;TF1EOH@R9ro+oqefXgYZ-^7@e`K
z&@j8688TLpj4>s`K67Z;=W6XUH>N`zAr7O39H^z@?2G_$PQWT9_lr|`on}}?yRing
zOM<l=6VB<q@if0+Lx)^?H$7TEJQ~P)RaynKE-nZogCtByG)V37fOgmoS^Ciw16~8g
zSk<ak{O(CheaMA*$bi30+_6DQr6r}xl2UC+sj;NgT2kg&Qs#>(jxzTeVZb<U_&Xu<
z7(Jk&TOZ0e(vfg%4!;*w>>nRqZRbfX%>?c%$Xvj1vtkm1YuIuM4e?#)oB{tF&zylu
z_)`Ucs^L!!{HcXM^We|?Ic|NYrT4N->?X?6PetzvlR(%6r@Kgohj2YLnB%)zCpkBT
zGerq+dmY-=*1oT%ovnceHR@%B0lz|89n<K#NC$KT<1P$~yH>E1qg|k|r2MeLsb0*R
zLu*}7sW48)dSR%_%V{yZ9me}wyhk0V_6*c`25LP6^E?Cd#Vt3f4DeJ)32I3=;3tjc
zS412NhUYp2SLbP+LRjGN8!%YM?l>pN@*BvRd|<bc&;^W*p>A=g0)rHpz~mTE^H8z@
z28-NHxyLnSRF|aq=o!)>nGR8k6tjF32SZ2GgpCJPD@l>Wkc9guCzTLdE03sO;$iX-
zotDi|!8fY#$~a(p7ID}J_6XW0c-Z)e5pCpGYY1am$1s-1AjT}C7#Y7YBx@bn>P-PQ
znCFUSKq?tVKqp1JkPc-;JjdkW@#1l!yqdGHeg~IUfx*!vdvU9ui*st|e&NZe|K(xy
zif{&;%l@OrS83M&`b+WOC*~>6j@}q}q<~Xkk<4sQg8en)bP`-NBaqEKf@6C!&3_jC
zvM3fHx#B-n&a>EmmF|C;pr<&q2@Z^iTYn*QUneoc%oi-cs;b7x0<1XI0M|>#!|4zS
zMnyPZirjUH1pzGkVDS<HTSVlP92vpVnWU0@nr${ZkVLnj2|=Pb?4f7ewxL#pa!gMw
z<~Fom^phBf2u?b{ExUD?b+xrwSsRw2>r`spS4A|6ir?u$Vqv0x)!HGa5q+_>vG{PT
znZ*rr1v-||vkI_frUxrPTu^j#&z`COWas}?6XE~wud>L0wY8=A{}b~Rhf$1y|5s@X
zfIrWeCB*@`v<BqY!O|M=rG7H;e;(|x7;R+d|26)3R{6iG6#si-9$Wu!ufI?eu$I<9
zTQeAeRr`!aVbwlVUY?GnRXLo~T_PoKNagU8pjomSN&B+cNEg#Ut;F{8W&3vQzBo{p
z>;yB}3EG+omaGJAtpusvxMm+nj2JY-K`_!We&UAjB`d;-v?5$(uq4cGN=WkoY?(U4
za!|{vIjS5Pn4`xUCFn~~1C-2mh)i7!=a%+1hNG}n6zUZ$6f?C{sP*A!>>Wh_bn8WX
zi1M^d9EJU(&}ISK1#RqON`&B6H+OSZq-l|InB?V9$O+UyCY(A12Ye8+i?1I=XNb5#
zyhqli&A2c|(gw4dbL*}|Hs_UiVq)yz0bvyDvX~ND-E0UtY2dG{N1_&X!^ePHo6rJb
zu|#GTgxmD8;*103Fk1wM$+#mw<mFP6UCRtsDk;R*5@<<(w9FJ=9@L*sAp#rZq-2Y~
z3d<`X$)+O$)@WPZGTgdIq&y=Eau0|$pqBG%-49GK_cYLdE_2T^@%-F_r5aoXM&g_~
zM2rCGLa%{I3}u|VkTO<+(NE&-C`Rvtg<!ZPge1z?h9T4oXQmy<<7HKO7-Edxfg5lp
z1a_UcH<ONVMC=(RGl5Z6QfZ0xKO;jdqi%0_3C7Fwpp@(fTWZXhBNTO<W+ZBfQzowW
zE(tI8!C*8VmK&Vwott2Ey?L+<FVF<oJ9`VGJ_Z#B(q*5-a75WVX#y5QfxCf3#mdpe
z+*AUf)7NYgTisNmxLkkYWA|hU%ww>-5(Tpu6~T;0-(V*-fTz6z^B@14Wh-wInoKUZ
zbZbKD#&{1&wC*{cIdtbiF<v~BGt+ZPw3RccEMUS*A&~k=P)@bzn5W(6m>1`+VdD<c
zF`F$KBQ0dou!<S3^%Wo*HU(>PiQONCOEu<_(XhMNQ=^5L<5g;o%*Cl#8w4VnR&w++
zqLwfN#yhxh7Kd$2tp=BEa2*Giakp+i-w)AfLtr3JE7xMq!hq%Bk*!<!(W;3DI(5!=
zirXt=eL`NNMYrA+0@;AykQACjpf}6L167tJp-!8%T#p8u$rjJxnavk5y_jhr*bNrN
z7>_WFhs?%fRA|SN4qWgAaeDovmO@cZAR=pRB?{p^gs_vqds-EonDQNzd>Rdprcrrv
zQ9@FV#@EY?0926zDlHTsY8O-NOo>Ev;IlDIN58lniiE_VR>MpV)XY~sT1;iW&cNDE
za)p(F0SsR(<sjr9mN$T+bX?e55W{0!X4q8WF~&zRuYe%%f7QbLk^sYu>FKyGM$H3I
z-yr-Mf<H<Io{BiCHT;i~%R=+nr@UP>43L)eNuUS6(DZ_$Yg8pe7|uc*`%J6?k}KC(
zI5Z?zt+C8;NUmOEnV&SmhJCVig46IA_Q}<tgUQ<E{CYfK-{V319uL{~Sed9EPcXN$
zA!sooyYAS5shY=e#MEozFkX<B3tivFO7LG5dM5$%-CseP-?(Wr)4bq=)-R`&5W6%%
zHO>V+6LHg-z`0-zg_IX{aO9h)Lrbo-Pp-00Hc|(lZzk&C^UXvZe7>2egU`1dbHWk@
zYIFB}z`pN;_I)3+@4GT5_sr0HKPhHNe;ohGJU7Va%``P)1<sA}TrVbiZWP@2aa=Vf
zes09ZYjO}B2wY4rTEmQXhe-A>1LLtnq&lo9TzXCSG~=_)BMlgLc&6}wRFmo9JF5od
z8~~e3=bZKaIZj>ITj?>XLW$a!mc?JqHa+{Qo`HSCxEfx&f<Y+Lny|?}XZ^n6IZh4+
zEkHEGqH5Ay&a_$FSJgL&_%|_uFm^BN-jk{-iB^OR4zCKhWIUbX(zLsv9pqdKVKpFv
zS_6Y5hvNc^a3gW!$m8AU@e_duXto^8V_7=`8!(fWwF@wdEMY>#k<};l`Z->&LV1R=
zh7U@H$xUV9@tfDyaWN=SSWpU0b>g;@1PxoFaTrG(85@f`hL+xac?OZXmXothBBemI
zTVb}D$56{ING;<!l2lqTg&rOAfSP;#B^ppeREhis)v`sKfDx5)j3|ghg^Z|Ow?{du
zSn9yPC*jbFyNMh_YTj8)#2n2vq=imWvAgaflZ&P9QBMBJOhH*hajWt_gD9?#eNkob
zV$@=POAi?B$%A+YkxEK2RbnPHCJd9l8|*F_77YjwD=L+5bn8sF-MKXLo+H%&w&Mvo
zDVeRD@;GiW9NxHv`IgVL#ZbpmuDNdUNLp+>6=y+YT%xQC{blj%1|&Rb!p?CbN4o)_
zC^OZ{(5Mey7M#PtBYIg<anRmhT(nnCO0)~pMXWd(kF$%XEV!q34K%7fVX3-;D;|?|
zYk*?Xsg5s-u5J$X_#%wNF(jOD?39+7rAl-1wtC2lFJA_Hm8fY_P*Zt1gh<V3KSLd$
zh{FP1reUEeXB-f0IK9-u7Hr+g<<tr4$_Av#;m0L~h(7d=3swXE1Q&qNN`{9ddR2S;
zfH8B&FDYL%$pi4k(1IMZmj=E{^b8I?1xl7C$3$n!PWvp#11KMXV1mXk78fj?#*JG~
z*!UG!jlNhWHrVNCj5xv4AQHrTsQ9+Iq?w=+8;EZXo2i0~mUuK@lWpjrjxFd0Xwj(v
z!2&}A20iQwC%U&5yt81;^(2zXU|MLr<cAb-8~wZN2+LTC)T)=Fkl2)}7F`1Mwsa>;
z15IeIj2X&nty;=c0JQS99*L}Z(<Yr7z<VeJc$=OFbll1ww;6<1NaNy72=tf`zBQnX
zp6_{dgXjY^rlSac<9PmH`LJK6mnVTEzD^vlU{)4R7L2H%xPcakOG`gEIq-99>oAep
zpji_|<W+VusxhQVuEih}5oA3l9hbPD7+s8#GO<vFPzIQd;Uz940Y3X>=DTD(uQRLj
zoOW!?WqS%Ys&Oo?&l2;nD9{^8>=~`Y+_!vPmNeH6S`C4TR*(O(mpW~%SX<gV%?VdV
z<lzn#f|$Tgibty_RPOS*oudSX!<r$N>Lr!b2$BZCrAF}j<nC}<b)t{r7@S_jIV%QE
z&bH(5yS3X1=w;x18wD1{R4~h=+cw5#W`s>M#@BMg5Ygq3bew_)<Ik%}i`ORzLK}fA
znM{NGxxmacvS5TI1T~(-tOu?H5iHVk3fK9|)@*M|Tqxt1DiD@|<=DEk1fxx^r{o{X
z{UT$}5E{nH?uBdpCOLZtG6<4M<Pu0q-2Rw$r#2qk<KZg-6F;yaCCA`~`C^&E=n;5<
z<2yF#c#yTGbeDG`+hI{041bh_q$E`_hA$KE1`Idb7as>KP%sN-;ib3BDn#HR5kE8&
z2LRgx>u)rzlI2$lhiNDf;vFucl9Of}vN5VHeoPxJ);qZxGsh}#kqg}7g_?Me8WN+&
z(~sg}M-s~Q`&NmHBR=dkUdx&FK2@8ujy%{r17uXa@)z2x)KF5EQ8b>E=~XwbR6K>T
z+JLIvW9Vsr{yiO4{h@KLKRo^;Rc#)rGP_}FCQ`mee5SEBb|~wPz|b3(li2an@R%}a
z{)fldrK)_1kM|0M63A;DsH(gaYhwX4_uLoF43Hjuy~w`cU*;?9%$L{Yb!}b73+pmp
zRfo~o7MI8#oi(XNeC6wg3do^=GF0&U@9<_*Gx!`-)BW_qJ0B=g4t1?Mv|`QNeJkAF
zxwByU?CS?n57$JCk=TDUBqc|18LQCgG?<kRfQ?22DdzREOUk`YQc%mHU73fwLh`%d
zuUiY#HlQ`ZZYrUny2uh;hcxMQKmiLy(nPr-@GS+xMPsa$!3$W+cvr`|lJSr%hqYiL
zgK`W{wFqMOx$sbM7MTP!v2cPUS{H-~fhe608e|tFp|Xw0X$&faktjp}+T<Zw#8?bC
zgCRBn%R<jgQp0h^pTXjnde0j&XwH}XyWoCm$Oz^!S{`C6!#)eKs<dM#_Q_tU2>=TU
zTb5TBjKIF$Bn9$rlf4pEdO$WoC&IJn5<mVfY+MXA2vKT0qU4P;Z4$0=WV6ic<OG=C
zjgA?Dqme;&3zz*t%np)B6p1?POyP+S;W?OTRtn}k(2>Yo@#b^JYJT65!!G{o`cQ2}
zabt`^l-GGRH5u=J!H+5aYqh_+avG{BE*SRDS3Lf!{rKZ8i8qBAPI21Eb^njwZyx`e
zn%de@{NIUq+FBQNH+HWqD{Jm<T^8u}h9eON{uegLi2WPv=xbjT=*D~RuFme>9tWlq
zh*=h-^g_!`@mp}dx{v+*XX{s39WF*2Ip%*=Wwqu02Y+o<Y5q^d)2@V)aWy`W!n?%v
zas({UP){lyR^n)RJh@g)NO%X)qCkw37P^I5CMQ9_LbYC>&oL7%Z|v@9?O0rgnmbWP
zXD<pgxAvmWZqyuT3-kt1?~>LYw7j!>X-`*UQvkKJwgqN595ajiI2>562HCETZ*Za`
z_)oPjh}oI5!Moa$h)Fwv%25}VIbl22IgG{dh6U9NaZNO-VL{D8$Ht8t9h)|75)!M0
z#0lzz->wt>snv-ZyOF4wIwKJeDf5jz;3-oB{BVEB1U^fd65#Vo0*ze|Q>R2X=zTZF
zPUvZqvI~nN@qQ^%mkWlf@q}S>uaIBvC!73dS}#Z4Mt1qn@2|zb4f0>55C1O7e-rV{
zL|G(2#=(gEhj~+n6qOrn1T0&&m9^r<MC}PC4m2cgHUV?)T!UyicP{2JsJF3uF__08
z=W-=hRf$|1=GVGW^GHmJDxvZ=CAJo|Dg8+)IpRdV4L-lG(&1=oS=?X&9>Y#+XqNla
zgN_;Pfu5em#R1b1Ex9uUMWwYe(dDAvI3lKM)P_F6&_u(vbhI}v4S4jL(kear32aEj
zlPT2BD$zm!6E~1_OfR7SB2}S^0UN2-i-B=^?Fy}or%C)rs*oO`HaGeOY;aN)g9c+7
zuzK145gIC%o8UzyJcI}%j(ZYtpd(5QqX7>Xk~c`8nXVfR{7|zEK^e!yX;*VsTvZiN
z&xVHL3RtcU&`8}vKc%ESP+8jRmLoFU1b|!+G&>BP&P`wLysD;M8EwTt@{5S~A)Au;
zy{o&k3pK)hAzgB^iFCbLPROya91AHJBR-y|Clm@oF_^w~`y(-58z`8&;9SM&^*S9*
zU0n^K2!u^{wD-0(M3pdo>F#N2NQTHy$Bfn%gq*Wncr4vca!`{S!4BT$qQ;&8>Qm)l
zdrOlJv6f1(7NiI<^oiu?Os5j*RIph|BBxffn4vY6l9N$6tiT~h=4`!Ea!_XVXkRQq
zWrars#p|tzDE-1Zs?}+Q$AYQ~GlZ>!v3ODrQtkmw>y4V>ZftI*9m2zgDq`_Sd@znG
z+IvyO@+wrZcm=BHtV9*fnDkmZsw$o2XGe2jQQu<vJBZVpJD2ycxAsL%{AXWJcXL}C
zeX)QXWQsxjc_nV6r5RO(7&KV{X(gz_|A#}HWK4>btH}_#f6P~*#6ppD7|+BExk&Tn
z)n1>svbKB}Xv?k$+`%QKDsTbk`1ZS{+uC<B5_s0=2oRf%u1$?3Fqu^PFh)oRSh2!O
zkcRM#L=_Rd)>Zp!QAJoQ$MR(Syr`$Cs<NS94Z-3@CbUo~`N*N+9}H=2tsP5odAuB~
zH5aCz&{{lba-^!#i$NzQob2adSYf|#U(`fA9w9Gy$ik69_C*S>ml8aiIwVJUJ@JUF
z|B})vUVT~#lOGxaf%#P6Rcr{aS9Psb^J^J|3^+n;qy+wt3@wF7jfd8<Iwu+Ys3M+D
z)d79OWqmr2sbGZZB?1{RAUFW8%RIw?Mdi+GGtZ!4JOQ`x%?Pyh1Pb8(Y&jn#@Aqfq
z{jA>XoZlwX==r|C_<Y|8UlF)|m~q=E<+z8mVy+uDv%%oFu>Zw}WLyF=K($%dg7HU!
z?OG5lcrD0X!hS6XW?u_}U!k=i4AacaQWN2RFy^XL<wR;KE)cez%Dzs7*+L<9ecYFg
zFk1j-1Uj1Wx}ooCC{Kg;44V||4kC9}jib^w7ANEB1akIJqd3qwsQOyeOl`1(I2rs_
zoS{UbK2#stu%SK~s>fU6`ec1P9I40qpZcN1;r0DeO0QU`(c$Rn?CWj{G+?Bx#{Z{G
zXEjC%`&nM&^?O55Hh_20V##c^;hLa|h#I6M7#d}Hda7G+>D9DVjE2#b#8OGpzEMaa
z<6<7AC9(u@XLF3w5FU&~{SY3dp=iAli)0@YBNm1V1E^b8^CBE26t54ZllA@4L_MD8
zn0zYnf2n#r3+t1EYW<)xP=9!05dSBWKTcDl@SDvB`ocH-<D~z~t^f6pyZ(1x?L3SA
zx2C3~|DA|uZ2DjSRM!9cr>OqdKgIRG{w(@mn=u(z{jY!g^uKmpnPmE3|M=^F?Gaqk
z|JvvQ{8LZ=>)+h^Uo5w54*jpW-zEL;WZv_Ch4jDvank<^^Q;j4ukCVP(*N4={i&$`
z&BXpUkN$VmYr*&<p``zvENekY|4WH>V)VbJWn)zO-wZp5+*wQd-^rr?^-l`@Z`Lsx
z8ts@&acy!={cp|q+yBm+S7p`zR+jX?6Y-2m|64Pa?SE^gsQquv6u1Aa$zuO&Hzwn$
z|E(E6`(N9xOfLOz&G_5@W<YRB|7+C))J#45-<r*A|62nFCO&E66~LB`mlVL0dDH*Z
zQ2^JBj{&f8q7|S4wqMXo8elulKLs_w85e-fp#dJtYB2s-D5-!a%W6<k0aK!#2o<n(
z;TVk$IMXg7ch-^)c#`OVYbJ*ca7hPj(gA1F|B5kg#-d})rT?w*SDWI0&8wMLivKks
z&uI0(T12ENr~KuRPbtl>HWjC$+SdTQsPnZSig8l-S{f^owl_m3CXK3Bo2lcZ=go-M
zl9Jc3)#rGcDjHr6Z{F(N=HjV$p>6mxK{{QVu9g(KlX(lDk3ts@>SWxg=e0uzf-JHk
zSDR9hJ*ut`<xt;dTANF{TMI*<T8i5&d_A+)ws{=1wxeY7<J|9(o_4Y@`BCd>Cn@JI
zL`4h4I==c@`}H6%oor@_KS#bVqc)Z-)f26ZrSd@rU2I9Ay19*Nr_hsC|0@IuA4?m#
z^uJY==KCM!)mD|_KTOCoYW*({DL?h}zYOxJrT^tqaZ2icMc@tkU)!M=Fa58%v0~|e
z?K?4f^uK(jj+g#76JAUDU!%H!;c3d~e;K?JWZpX-YTevDD5-Qe-)<j<hiAY)Lkad$
zxT<%GfS-A{kINUV?#-dT&9JnV)VCIXJjK+vnVH(S8{LkFR@T}b@#w9jnVm|!dej=*
zsn(|~e0;20+x)e#8RhOA`M#7|SXe<PTnkH<?UEL@q=lWjPd5Fp`G&>Owvj{sTj{T@
zHOGIb^_A>@C*&Ee{?~9P=aka{i_lLgJ+NU)PDNd?r30cqIP<WKlTO&S!6NB}vvg+C
z=!Olmc%1aZS#ey_5gT+8BCe*2o>+u=bJz;=_SZ$q=XtBW{z}kKjJg!gG9Y1ILUwHH
z##up~C+bQ{>d9h~mS-S|#Jb67f0maDgOg;Dt&j7YZaT}$s@u*cCY1Eswrk1M(sAeD
zixX?6JPFp93BY4XxjtFen6ZSXn4AkwAu4oEvg2#~Jc{KgFP(h$y-pr^zl^$hO{AD;
z{k$&AlyvkZ9ewGsd$Q^O@&6SpQ;yjJJiGqC(qCCyX^H<_Rnq@Y$TM2~zfK!dPy4UK
zKBaX3!gQR9ntv1cqTWB#fQ*yY-=?`D>HITxWYTE-g?T$p`u;4~Eou7=8X6r_Q$^RW
zL%cbHKGW9AE4}l*{(0l9nz!v~DJaNfR-ELcoS$Txk-StQloX4skQe7tO`Z{*GcVI6
zt-B3RpISQitgL-v!#R(J&yRbzOA7MI!skb=AfIH+zYw)JCDZX$iW{cgXks;Ill*h$
z{4#33*~&f9dT%Z;l(gQPMeA*76vGLFk*m$TkSNa9)rQ%+T1urb8!4Pt^QbwU8kc(e
zQ%PAKzlsYctvo9ZCi}+)XwWB)N5xbzHXi5*#S<gr0dZJLjSF3b@lrHCHOsM3JUl)%
zZ%8D^quzmZEHobV4oT{`Fbh)eIM6T_@#JJ`JRpurN^CspjVFNC)bXr(9Pk_;AArXN
z)`T=DkIST^6^{$VNp)P<53P7SAWlkyQE6O2PAaj~z<AW0lw#p{bUbQS@yZk$7cN9L
zr{hvF-C~RbY0$UUSZX{fPf7ieahWNp_*yxp95Ft1CzZi*VoB-5cu8C7lrk=aw_XaR
z)8jG=*N6MZ1rwy+aiC?WS4wXfFObJ+1`ZF&$&6?&*^W*4V{iYZUG`O!HnQ7)fd_bv
zDgI~8yxLOy&k1?jS{HRUcCRceV?!Q^IGO`JP2H_sy{(-c$k~>bdJb+w;iR%&P7+fa
zlF{j4rzH+dHSvTT3r6%i_)1fB>O5KIe>Gg$SBy4t%>U|nepCDhf345&FU|jncq%Hg
z*l7-GcA819J6A(VC6V$vDk>Z^**Pw9@~<E;IA#(fLK!u7_4M{Nw{`}*1C7m{9c?Rv
zJuBN6b++~3vPFCx<o|+6=|D0bCFY8~ffc>29ZhY0%>h)Y^}qzWG_WB_bsj|qYi2rz
z5s?K8MMnebiYHU)!L+Q($h9ab9ic?rTDMg^Fv<X$K?f)7YHV47L84+?u(_?xjgCAL
zi66nlHrUm>$PMM7CqZ)B?r3Z5SlkDuiSQ!`Ye3)PzCcgFgL?WFnbLxIZ8@a1t+lbk
zF_Uij5vZ7gpb2r|RlgEfF2}+cu8Im)J+wv;7i@2A8W&1o_Qmk#Sk@C<7U=H5D_yX)
zqootE7x?W!Ev;<<mVhcfJ`euS0jD?3eNDZVbjaM&*0{K*y|HI0@@=RZXwwi!&gO+I
z_;aNnf0iSvY)baEF^tgkPDrc<9@$0{h|x37$6hhYSqd(=D6qJ-!-4R#sI9YUDRTDU
zonveeWb4-0K-@_`X_<tKlnwX$ocaetHh7jbw)F*&vnd{p%CVH{^dM*Z2#5yNaK&%+
zYN4<(dqRqhz}YX9SV~r#40!?2W|=Y=JV212twUJ~u+fCfl^*2tAo!ahKe5@t+Y$~<
z_S)OzK`GJ{PmJL0_fQJ*YcJ>uREd|gYz2FhQdo{k$+ZMi8FF^w+7t{BbR=d33M8=%
zrMj>zhB+NEozGG^-Y<pIp%m{d6XfWaH4||zd%;35+XLq2QbYrZjx*n~iG>0k%?|Nj
zMuE$uWHvfw&0wU))QH5W0~5Um`SCz#6~cd<qu>Wm_8EkYIQUf5xN&R8vd*P}=5b*#
z!n#A4jNh;lHMjOOHFh^QE@}%PVaf_?D4>h<q%yC9`dX$hX3o{g)iH`lr&e86Ue(!^
zG@#UiL*wV{i%@a#?a-Ht2^rZOLPnKQ$SAr*A)*;PQ>-IVxcrw*{`YTA`M<Ix|4+nI
zlK)Hce@Xr?$^T=K|MB9HNfs`O{O=!E`9D+bn^pezm*oGF{9ls)bKtuq|Bt8qUo&y~
z|9MvVzZCyrLY|WRUy}bz@_$MGAHDov1NwiTG>#j9nsGe<$XNU4+yK;+4gg9UfYJsa
z7rsjyfU#}>?B#!czkG3I%$)XrRaIvDzv|kO{m+Cvn*ARg^4#WskPo>!lTs)myEB;q
zLZ*@x;8b`r%zt*XS#jFPZU0+op8qwK)us7A5syCq*&Vbw=ReMuaoXc=rD;E<9{c$(
zMou1k8@bni%lUuxJYQ-4PsF3mfAQjvTs(m1&BO=z_YyCd^iPiYUz7uYocjMN^ZH*~
zRb5*DC*&#V|4aJ+lK#J>{~wM1ze~GC1;H&UdD;NAhGj`n^FIRMYtcBJ0pzHDGaUkm
z(%5*M0tiD_ItnNq1(c2g3TWv|brfJP|LX);3>h=m{=e2=ZI=K2)g}9%33)0iHg4?b
z#3D);p51|trq)2urcFTKd2I_gyCL_YK&d{s<f4BB=?>(C`tg?zc|!^WObB}kH>#xB
z%^fj$7{&WxX#kFZGID3j<hBUZeB%+sS%MvSF6sg<T{GC@_xWw|Hg&eQH+D1|vm%ha
z>~nYYc6YX!a{GO7WsM~>1~6c*n1MlMJ@(J$7=QcuuSbwAMjN^He?H6n_m|>-Ovt0@
z|MXi1a%ul)&P=*L`n9C_n<9^K{>vL6zJ9UWfH^*|rY7V3$B$|LSIw)forY?P4T#<I
z6`%ih<Iit8D^?ph_`koh+HbZ0DCvJE<mqidkqrsQvIc}n!0U5h!KS5kaRY+OHXw4e
z!@*^|SuXm`jgtoCb#OsUTVJE5KkMjgcRP`@#)mhGSeEK)><xA{kV52lb8EM|LJ0jH
zcTkzf(YffLo(4qjD%b$`VR++up-#60r__<JxV6?r9gXb)+`jQ0)!`CQjoVQsvupMm
zn>u?|fK=PoiG{C@UZTzn^foyCK5vz?9-3%!qw=_^YD9hpJIUJT=GCI|2$>iTN9OL-
zW$tRoQO24JK_;T>BW=$*Fk2yvcubm+NS&iBx;CsNQF#JUlw%MfyQ3_Wuz}x@A#6;k
zN0AsRA3)_Q5)1Wu)wrb<0@18qy_MdINIdGrT*8#W5sJuC41<}BLfsaK=+HQ3qFJrs
zI_(-o&w5O8RaHcVRssK?kAK!x`|GObqf|U9sc>Z?npF}c#`m$~|FE-a4-~JBT=IX-
zJhT5#b#2YO691ow2aERs7<9PpR6;A-+Ykx*oJ87vmF)IXoJIfYb+o3C1Xob12-g62
zpbjRbsETK9ox@QM%HEKy@*2bOP#O*mKwXfO;TJACf;_nDw2Jy=xNsB#^WxHINQ#B=
zuc7pytd&#Iu#y^zr&A~@N8`y6gm)WKB&En|J%ZM{<v~S-YcyzKyh};PLZBFif}tU}
z4itrOlT<YU{b79!r<44$(*%VWUgHBKg}3gZ)$)v5XXJ=Xfx}y(l)NG3#mfUQI68X>
zd-DT#tE%w(EBy13zoriVziQs(;%;{HpRWAHYa_?}2OOE@Km5Pa{GW(tCTgW(2E92K
zO8{~x6^9$~@Pgelf~Qq<j*24MHF-S42y&57zNlY`N%&3A0ke&XE^^rI(4~(CRFPJb
zSct%Lkz6l@39h2X>oYWjnTe$d;4oS1H&>2FDk%%qLj_EX6?#C5wstfbin44FbC|M4
zYq7uz5ZE#m#3eg>P?%lFn{w##WCIqv0I)Ec32Kx!C6?acm}&UlpC;U|oY)S)Q9KIM
z3xb1@czkU-K})tvA>70Yhl2@O4OD{j&RWL$x}II39ZN_1<s?pYNuf|Y874d|PO@Mb
zlil_V<6ejJ3@Ax8r4<b;gGvg`1(hb+52-Td31Q<$TtxN`dRc8gZzXD2h_LwY(dsAf
ze(haLp@SxD92%gULzjf{_Cvhv4{!>H$O<D;%)O<kj2XV_Xj<Ob-O+<E>Xu7znOH&&
zOR<y^LaVj&Li}ZLFewj8DY-l;r_#xo;bTZrQ{_@b88jwG6|xwV<8>hwhs)Mf!)G;>
zR6?mtUt=;R=Wsa<gKhkjh%0aaU5;rvHDs)END9Y?4N1dEh@7pGV|*2EFehdLWLHJ{
zjdu}JOjS^MXC*3crBXSjOE;|qQiR<FdDm#y?PzMkH4TPJ2D@MB$8P<{B2H0tfQ9S-
zs%xsMO8UQvcruNDS}h(46h8hn{@TjY_)o->W&Gt0QWSqwy+f&JWGroDm;e2hRh8!P
zpI2Mb|4z)aU`BIi6R{zLQAS;Ti`rV7kh8p^VtG|lMMZOOGg`5v7jNSIULWcqQcp!i
zpo3TiIfqiIL|sM2@bIvAxXK$(4p#JbS8RZa{7{npET_VfH=GJP7djR|8vG+m;f0Q}
z1t}#Jkr#3`L>*BWP|+JU=^(L!$O}7fLD3L}^oSH2OiP3Ef(lv(5u6sl-Nh&=M;e@J
zY6Mg7kSwR1XecQUG>Gt0x=&D}Gy*!NdT&Tooe1Q)1}ALkE8x8Xpv2;)grIo2ye_S*
zZ*Vrnu^1OimG|PzP86bVtQ7RH9)*TL$&hO3>uo8Y549|)pnYD@9}kZ#bT}4-mGwvo
zH#niRgr)r?Mo*cZoS?RMkZ4W|!ZpIqg$txSI_6xcNt6qe=pd3J7*0*?Ln;EDZG)4~
ze{Ui-NPAr&EnHB6o3?|1SSl`D(60<GT!05S9vjpKaX|%3SWrPeXR0DB7<w)o&A5|#
z=|5<}jPh~=+E979h-A2s&nYIvr1i=mwI2j>^b6qQ7YuG1lWAEQCMX@x3f`A(ApFp|
za7jEW1BP%Oo;PFenQ^>zTCd2%&V`-q7ey}4p0yliPN}r&T-ZbY&94mJMZ_X;2~W0W
z_A9?~n8U&T7Wa()$gdQB$9wcxNXAfhYrpd=8^W7mC4~z%(I0u1g6RVDqKW=6lv+^1
zhK(f{Dv3(5v=m|E*G^utkDyRsCf>JE$|4lgD!gR@+gO3FXn_j!w>&GLT1)4`E~>rk
zq*hb8yU%80fUW1k^t8bdobgZu!Mvkwp!RrJj_3_({6s9sco60yc;XJq-k6-KU~EX$
zWeW^FO(TdG%%Kn&0c3h|wvb9np|x_d;($T8H!6rHw!g}`a8Y^?_0lg^sPnE{4Mk1$
zHZAM1uaDwgf3riZ5|U$ZogzgpeG>+cR$=C50+%u|G`8jto;Fko?Ep(|aB{H?GiO}6
zKIk|P&Y4))i&-joVIX-!2rm>V)GtTk!wAnsDFx~^t{exQJE|m#^L~s;{3RB449IdA
z^5C2)L=_XDQBqP~)XVhhf(qS`i{4_VI^cs=sRxk@8@X~lDXZy7O7$+NNDyE_aUYRX
zRqGY*Z4y@Cr0k4rNH`r1qI|>sNyk#C0r?y{xD99{84%1mlc@kz*5gEeHh^5TpB{oX
zw>EZ4+)LChF6Vy8>0!`&lXAl4gm==Cn-&72`<PQN%AuhD?uY#3iyRAks8xC_oIe=G
zy2@EyMgYqT0T6@X*yL~|5IOM2^gZm-aOHM5V6lxLB?i@F5lU8FZWN9q1Z0>Z)}DwY
zle!Xh1ZY>pt<M0QktC{QAR(_ID*?ndD+Ubcg_Hmwc?qFzUJBHeSfEo42Qj!nC=$0X
zKt8C#kq@3<n5gJPXu(}JQgTFDD`z9U*^yK|9Q*iZ52or#_dwnwKlrE03hi4oo|I_@
z_*kJA6kvc!!|F%F@pL3i=R-Ci_9G`xlpg5sO7gp${Vr$Ug;qM^c=%F7Shk|Gasv^v
zQdE}?*5mZxER68v4ap=^D4xWVF%ge}(pZ~S$hAO@E^NY*Enau!WV4i#7F6IAH?Bb?
zHTBDKjQf#!QDa1nL$d53ty6_Fnd^$GF##kEz~LR|3&2kpg))?Y$pEg!5mpA6eBnil
z(g1ZBiQEK{>pcx1AW6-J%M!Q9%q=JwhOxGVgjQ*XlDXMhr0G@;WttppMPQULB(108
zo6iK9tItlmc`{d+pf+=+5tHo@CQIY&?5DFMt;)c&U@{Cy5m?6YFHCDlawH;BNFItu
z!pvG$Bv3EvNhcDRCDF+^%xeX{17uI;z9SxsjOY^;cP<`Mh_yXgk)ch}0otZ^3XNy5
zHpLyVnNlg-O4bR0@?mM(Co;S-RSC<+TouM_`7plaz+#~9%vv7$3p3s{m&bMbDg)#d
zH8db6>46i#i0KC~<(T{^e5z?8^vjqOm3TU-PeBfgx9}+=Od9L7;8Vl+i%if$8AYxR
zXXyh_IYkKU4KY3hI?o82eJ#cZgaM(dVlV)aL^G^{c=_QI8yCiM1gu_&&3J7}CBZI4
zRzb*MbrP&$+8oqmRFk~UrE(^$o4yhygh`H<`r~P;<VjezBkQGz5|%K+xqdA)B!|`>
zkWMNMbl;74gG8xA6gXCOTq_1grL~k(Wt`7R6+p`%O;_#BaH1g@oLU>4RemStG~v`x
zgLD3TC#qOT_b3Slp&G?Rf`1cR7lVqJn7q_5gTAVY$|~gZ)%o`alb4W`gcH~ZvwFdM
z9a;^k){G>I5PJmbsxtnaD$^DarQ1SOI?OEa$)f+)RW4&}BbWZ)Uu%y4GtXbT|94`Z
zlKy`R>;H9yQ+@{l1?m4a1zqU~Kv1Gmtv`Dyss2l<|GYH!{SXWT6E0|`>95ItX29z*
zNO(>`oh+4(55APg2Rgfg%5|2-j}MFv19l6KDs2$gRm{N}S3q5vybBz5l|+<&x){+a
z7+1!XP($Dm?TEkt&_Gg_5d<w5hP@l8MABUUtHQ=N12!W%HXV|x*{iZ9MC@>;3|Tp2
z=9p<p<4sOXH=)Jw5T80PYE7YGTyK~KQV5fEtsn0;x$!Ikl{M=jFQ88)ip&(TCB>+6
z5QAY4T8{Z4_+7a0M$1>RqRUP4Gn-(lBck}I#7+C`I-#!;&<%a1unaMa`4*C5p!nj&
zc*qmXwJk%JWBP*Qmr7Ve3*;gQhhShBMFVIgo+exFG%WpgH4{^F1@j`Y6;j(G_JvRg
zHAe2nTXjrisL~;6C}Xzje1PHuNb4%=<3K!(k;xS0985$&v_Yh{Y(l%*(n--6j&Q|<
zmWxVL;glv!u&_#$Of;zitvaCMpmeMPHqvYGgii5-Va_59ybid86qXV|C8;<Xjwjc`
z#L7fohH~jdSYqV_nsJz!5(WadodtZ1Z~^?vs)}|gSqS`CsDl}i9vo0Gg)e~P$%S|&
zSx`ZK(ZdM5jzsaY8<D9F3(qc=Z$rYX=N%2~egSr0EysOLL9k<KKQ_ohno!GirC*6C
zsS$BTuGbpfzs5U%6rhSou4tA+0B5xkPE?V-3baUuLmRE0>Waohay0ccMiN6}MSdTL
zsLEOsPKcOik0?IE1QJC^3oGJ$+`<<Q$FnTC){Ajou^}3%po<0<R?Lfr1J3-y7y(K|
z<-ToAsIjXRB`CKbFu`<yFH$n4gd+Cq6K;#NnMn6nNEQD5_us$5w?A!NP@Eh9oTI_-
zT<Gj0`xyd}6F{<Czd*90nn!58prsXe!Hz*`QZ{7LByEmdaWv`rq$-0k>Lu45@0XJp
z53O=Ctx6Fks)mL}Jg6}iPR^F4P&y^oJDRvw57<j@JUUyVA5^qBt*DY3k4SJP0!NM9
zBET37&M`a${&}GKRbe^7Gl#|2qviw}MyTHhzzCBZ0CZ#kP!lX*!zhD_p7#q1+2NFE
zp9wmTip3MK&NvqyB#j{4yNF8VY@5MiYdKN716*)as>YKPHoIm9r2eE5l8Eb!L}<s`
zkLB_fjx_QWHPg>zOu^owrL`l_WjnHbCqzb;?}qru0-2Lj7$t@oQk1#P5E6F?+XN+&
ziq}Dw@{Z2(p039B^4=wl9ZP!-w9y@~1`*wgdL29vBw4bD<p}POJVV3NO1zfCk}AOg
za1s;D5L2!*99?@nQ~&=jD#@)<C?QFTkdOOyN>K?>?zbYzom__5R)pkM$~7#h$o)RI
zZRCEP`+bIC7@HXzn{7Ye-#_PZ{yFDy9*^_7KA*4m^To07^Qpy(g`LIs&o?gj$hzoD
z+?SlS-f}qYv8&>25|<C3R^9t1>B}FiYd%5nj(f9F+(2SBf9myoI&N(_G5-A1{9kE#
zW;**Qh6vLhx_U~*var@(WOk0VZh6(Oqh_(-=<@Ff*I+_>Sg4@WcP#mjKW;oMZ&ZL$
z9+mm3(O)K*N0pEFs=rT4$O>o{9#YBmupBcomOO1!{-JwS`GkG*^%H?caY6sxeeyTJ
z#{w`vjg$9!b;A44y?|8W#N9>H{<tF*(0gqZ4gcDBZF+AUIA2hWb}sB#;OjfrIKLdb
zw;LKPwyE`Gz4urgInQ%LAhy2#Znn8lW|sW4XS8@n<T)>y!4KgN74F$KPyUFFeR|`B
zNf5SIHTVVgQG(poWwC_ckGz^+b-akAeC}}cc@-OX|9RA<n)6Z+{<t83LiE1?8*oP4
zAB0}d>uEJ&)FbPO-naiu&Cg4Eij+-7=AJ9yFE^O|Y@nc;cm1Nt#kNMyvx4~=We}Nf
zDW3#It>@*J#IJT3YKR@XR8cwUqWu2u^}SPH#%k+TqInZ+8~RQq9`DF{R`?I#?cHs_
zd%j0F_@m7spDf}1L$RRJW8)VRYyLSJ{yJf3ca2-9O3Ug6?}hr(Q{}@dF}&hu9X!q}
ztsje2J1*WJcs%ok6K7q}xj0#Y<8Mt2P8t05DB!)U9D7&Nt+>lY<$Rjt9|i3vFZ0h$
z{7sbur(D&#A+#}R+8^UP@pZ^zr6NkkL?o^we)kJ0<?HnfZXc1)@85U)yU?<gm!Eix
z<Jb7zX@eMnPFvF=a)#8rK;*4B^n=gF9$eP08m@v*zVYn`ea49|N4|VZtvGM0?s5IL
zaXaP&l5Cd!?Ft8U`*hpDEk2yp%fjoX2JbGWekqA<Sr536d+GL~J?ai;l<$|gLjJI)
zHt&lVN{pSWsr{z<+M0pI@1~BDZ*$!F4`F;FKl1T!U;O4fZK8DHOGs?&6yGsBvkT)&
zpH0vEU9>p$wc)aie9D7ww=%ev&feo|Jhd2nTHqOh_x{a2*Ph|Wli$8B1Uy`e>U#t^
z9dVQHCJq;jtT8B5n~=L2!Fw`I*X7o~DcqyWw+6=SUn<<@{*gPFHouaHIX*VSslIUA
z%ZFb@%H34}0t_Ge--^i`Fyb_R?FejhjMK7z>e}_VrlvN3nsYIwkyBT<uv)aX4p>`z
zDogj{e9F*FrHK5$6)i20xxE+2OR=m5E_gSpq-f%p!sOB$fgpAH*7C%7yIDJsb@)?b
zFF&ra=}0-B`;LhiM5zhbClM3Mp23Vy3$_fXYio5s(8JWH9{X^tV-v-x9?j9W&9h-U
zGBshC<+<551QguQ(rU5_fh#zT#HR(-sd6=fuEcYQ{P$Mzl*buh(cjX_T1-@y=>L{<
zJp60wV65KL`NJN0T|dPilqi<edE@*;QQU_UiCyL5bA3do(zP9{dfmU3O|@KSM@BGl
z#auy4=igQHf9#n#_oMb$(U+I^{e?nF1n#v86|T#({*JoGj+^>#_kT4MY}E8gdr&K6
z{$X&^Bn@0xRaI71H;88xW!ygEc9qD`exIY`s(a%$OYBLj|ECL&V9}%gJcU*Mi!JxR
z+ar~=-k-b5YsHVVP>;MjyslflX?a)?2~K^P@TIu48e`%E`ublW<d?lq^W78T0|+Ux
zzmf^x?s~e4oMM}v=NgaCxa9rn#J7Ye<9QZv_o|D;bjiX^<PXR8F)oIGv#62m@E03C
zpCi?sv>cJj>o~&2k6m&d{hk-^;5WTxW~94*JaPERcQhTloKjDa$J}kZnDRn`v(xB4
z<*t^2PBMbO3^4-sTwgg~k#BVlcKwv-eZ|bY{`2PF6-u6UziMd%y9SWHomC(H@5be*
zy8AuHJo0~DbFq?2;119iZhQyt6p`fLc*J+=sP53`d7`*>|HkS1rMuOJCz>qeDetZs
z{nPo>SV_6%F*N5^w3Hv>_=Eg`F7i24|M>B}Zwq^A+xzDpT?N@&$fnl#B{WJu6QD}k
zzTx|HHahu}L(%Q2@qsavhOj3JKcw~C)^&>*{zC}d=ygYQmYeU^mpgwVe%_ZJdK1&W
zP@N3_I`U9+>YsTRbN}6`Vl}&8XI6!=0(Ro}Bh{jIzC5@o>1pHnD4NTuU5@A0kFzVu
zrqa*VZ#|9v5%h1oFv$C3K*WE1UYuJpD+Vpki-J-vl23m07@Jqhvx*CU{pIzJh<=AY
zJm{3NdSFYk{!%CTdS~=wi{N9Ck`pa<VJA5FR9gJrc3o{g7XdQ&%dQWX(R5Ne<JkL7
z>W0A_G{FTPOXq%ZT;jfnIQF>pBiW~W0g^&d5&mM-sJ^jZ@2s_&gF-F}6~!4A=9MU6
zMO0sDm~-0Ip80%rFZT2D5!6A?d05oWw$eH-J!jx_`F`x;?ZAiGrw%!hrM9l8qwcy^
zEsx3)Wq1^RRo>IV&G{NkaYY(zjGA5e>fPN__W09Ttt5A^k7`xs_HNeaih|0Nu6s%_
zKNG(lnkMhrOEaxJXnZL>_)cCJbF<opa)T-3HI?vMk|HZ(`a5+&aX(6O`>s)hNa6E%
zT@LqW+k=0!5)}sx0{mlIkgJ`!FF!i)KfXnXS$XAoqO`5OieIo#>&b1x&B`|~^{%Vx
z9OL#cy7yD=Y1PZWDpOpgF~eV8uI;_xU$x<X@Pp%%pKeIw$Ms&`_AiNV)ut1)d<+Q9
z@-Nq-K2@f?SKIk96>NJmBuDpAnd^n`>&p34!I?MfKD`{uHC(T->-lCh_Ia{T$>(o;
zPut4b!T1LqttmpkmXz|jv*z+X8UK#TS^YS-BUe`Vnr{8`R~b`Q?r4uxz3%ibJ5ta8
ziO=#78(mzagk`Ii|LL_pqP^P#?^$;(ZHa+e59g7=j{?<Mw5DzBt~?oAH!i_)nW-VQ
z+kF=Wsq2s@8l>dH(*WdH;7s~l05xD`a;q6aaO_o}X((z?V`ER2A;@uU<w2Nj`X@^~
zEVvhBWXPpx!p4Hj+^|+5OzJadpyPFQXmwbzYk8A<-R>qD1zkv@Wz)vA3-rSLCR1KT
zz}KN*c7B&S0<%5*Y(rThhZfeRZQq}PTroE>lAy90u*_@V=V&0B@e3R;<&+B_D0bJK
zhj*lPT}gWwqzmdWuy+VtNsGPmw%ZvEScqRR=<;!>CLFD?x7AL~VK1Ns8ka|tzNUe#
znJ$A)AQD3DGLs5NAxP`SLJAHVY<p|0zk!M6_$2}4`JJ4DS?plBHf;k~B)}#prkTt(
zny0NK&xeH!UZU~y^3H`5j*h8sX3wmd%Ba9V#D>0dCng#z;2by?F#7~R9ZiyRn#YaP
z<&mH148_Lf6rZFAl+^*k`g*3?78=T;%$l(wv>YH(FM?#M?aS;Wlsf~Ndko_9kpB1X
zgYi)JnVKBa{YgH6{n{)z-6OG}bi0{JorRZz0%kF$Gkd?9s8hZRUyNtVk@Srm(|QWI
zE0!I)srH6`Z7x&rUn(e<(vqk?S3yb|Ein0x+^Z}HQvjmA4JDMrYP1&NyNn76j)iFF
zY%`naT#lp==X2BktH)CZ0aw(v2+jgqL8K(C_I?gdq7mHJpn;xikdQb)O-dkkC};q{
zcbFoOtxQ@ob8gz4NR-F{4{DO3hlZCg(-$QKnpV2aLbB9+T7lx5D7Ev6W#8HIyy>`l
zqt`3~!c07L;k~ePL;yYqSf)c@HIZ_0A@KQM&4=@ja@JPQEfJOY<awljXBZo?H5X{D
z=Et1iq^Rx1=FUT!%7T`dU3E;9sPFzllt7X;v3?6UwOD1WxP@FI0S<Z;P>%a1T>;h(
z0Ubj2-j&!YXTMNdwEpdoy#qV|WWMlA9UES}G-Mw$QHBBGbKss4YcoR_X5J7n_oDEA
z5`F7seNyQk6Hr8hz@+e*=s|5#^9G_0ut$_b$2kl)v9`vOiQ;oBQ39q&7kXd$EyDa^
zSGnH&P#E5+=l$=|L8!lzn;WewolT#lu@BI*rr%dJ%Ao$+`v6_G;z`_Y-K?+n!SYuD
zz5RtIVq<Y-<uHlH2Cc%8<l1L`0RJO9H3htVxeZHKC5GaUWJ%9W<#|vq?F9#0bNK;Q
z%2+WcdBmH-2U2r!;$O;Ofv(H*STQhz%CdEzYufn(hfVDd%HSurv_x1CwEEZCdBg({
zh><-=xfUzI!nr$xC<EKIax7+RYF~MSjKg{WR}`8>PKGwa7f<WlpNBya0bLkVEnk$>
zpr?JvS{_>G=wp-h=%W-gHZPz{Fe`Z<jUpmE$4#JsHS>gD?rO+D!e6dKKjb7M@hh=W
z%C2s*0LD5<0_g6*rCXDvk{*^rHhu#qb09y<i$HzOAt-7A4rmiTbQeG=3uEq0ilHIw
zp0sKAX6m3eW3vIzs;!k54$+10Bdo>S(W=&td#y$iVr<i;)o~LO6K!8i%^UOoGE0if
zk1Q|&C&Uzd)+?1B?2<CoNd6#b+A=n@sk0Ai$_B4yN<gX8V6KP@>{X)_zvKo$Y13Y&
zGJ1|&q$=u%48f!n0H=cCdtVCBdbByTB7%sP1AH=N9DoH5R}?{8wUd(S9fOF?RIgPv
zQvmg&RMP%nB%gpT!@I**Mr<1kRhM^c+{HyDYb=f8b3sJ33<>diZ$l<G;y>1ypQs{e
zc`06T-epD{OP_#Kr*M%9ld%$z`Yz_|78PBP8@|ylXm+@auomLtpb?w5_S#4~n84|<
zUies>0F+W^Vhpt1-<G!jxqkH2K54}7a5Kf&iQY;D0pOE$@@0;!ojrP~s04U-_^8!}
zQa7j30QR9$*Olsjltn<f#1#lW^D>Hk096064uepqRprXr6bXKNtMbkIJwEmM`dNi0
zZ(5?CchlYk$|;Olm&{iH$Os{t_q_&GHF`~$3OnV^LE89eN7JW3nsH8!z<dRjJYH-K
z2pn@C{?bL$qee=w_qzlDhui!-09IQL&{x-ICdnRl^aH>>A<k^A+{{2Z*~m$%1aQ=(
zEmk~yZDSl&zZfH07LCVr$6=>K2!{Q3Ay_6J2BEJ@u%|SBj!BSN+_eHwpP83`=lNhr
zC^L#HJA9R$b{K(`$qif0Y$72y=>&A>iv_bbQ6U}5T56w}7P&oMq45nB3}_%p_dg?Q
zdC-8l&Fig3;ti}uLSs$=KxG#S*l(>9!N3&`mfq#CLZ_f?2G-5GoVA?etd-J(@YUFB
zqoDTpsxGo4YC$|IOf(RSpl}1{q0rfAM|SA$@NTRhi?Tav27p6E^7G{D9F2|p0-=!Q
zT#!R>uu(I4%5t$6s>j+lv33~N@{(C;cBMrS{e+>eFSmc1@XUvM?QJR->7lm1$rQtN
zR%>8~%Y*4D7mK0aLs>~ar?{LCCQ<(ap;|yLXGhGOSOGg^Z@fzkIB6E+hgeBlx5tu)
zJj_(GoAJ^px~2a?E4Xi!wf!TxjNZ{B1BcgQ*t?`yC3VnYktId10aUS5^4-Nud%K!R
z#VdH1wO5g2pa3{Md)%)X(k^Z71Zh9lq%zqbK{tZ#w@H|4u3Sjy#ph~o;*z&7R}QGn
zI=t<X4n5<-vEN5pWo|FxhF2!rp<qIT8EY$fXD<-49mQufKapViU2Ur(Ph#RZwqfTp
z!m4zx8p-1QO>YlG>k`@~fdRjoko#={-^GM=Bl^?O9m^9Ff(p&s2Qt1kj6)?KBk{0h
z$ylA?uogTUP7NRdO_>L_?ifbIPc>HmcQgRHIPMrb-#F^qBw$Uf{6jeuV6$jj$jUYl
z7q)KspROKrc>xCUn_47nglO|>n_<gVa|6vZ7UO6fQ1Z9}WuRdjL}2-om!6^R?^KN{
zG#xU@T_hrk+Sv_IQe@23a4N~PRxivRx#v+#2Ce^{-KxingLL*Mr*xs3OY?0OUZ^Qh
z!8$vXSb-yXL);k%XUI-mwW1CkBUgSfsK;aNygh;&37*s)ouIP9dU7pio7pS|s(G_&
z7R&HrIv=Hg2f{4IILc9nZSUtCJgVHYM}X&qw93P87Zw&~sCrGzH6*1&!i=jaNX7(<
zbbvE!UP;54zCrFLI0yNHM%40H1(1kNFE0teQe^d^5t9+QmXFe+??H8|UJvLo(15Lx
z0v6Ic-c0XcdA$Hu=FDEL@jxS}-EOmfD5h`IR+?!6`EmSYZ>F{>*0Z?ueAkta!$^AC
zMHoOg;t_}eFM^>K2aTX~7)qXn(}rV_%Te7(y!BjY8y?W)H_2mayU3;!p@<!8GnF~|
zdcHalJXDgyy3`O5jn@WkRxUEF*)c{g_?(b%%7A*g-tI&-T95I0r7zj<poZ~Doz3W(
z+t()T2BE<0TO>avpPTe8D2tWfI>?27`ppra8%kZrCSYjQK2CnDy-fUsU#;<$x!Ixj
z4EKNlfVpe$hdhX<41ySYlThHYOpnLtof?r)ngaBIj5G!|Z?@_}g7)w*1iUY{Kp;0_
zZn8XMGypG<R1Rb>FRUaxLq?4x<Td;{;w7LAd%#gLLx=oDxR%4fw7p3IEES|YSPyL4
zsuL~JW9aX05XvRAL+53T#A`#gX7cj#?k}mwqCz%$+$0cS!aP=!w6Wl2Z^EGQ0L3O4
zv?j>TS9-i+$f0NX(fh@90C#FA!nEAVkn|{O*qaWaRCgwQr_ULIt1o9WHo?fijqK6%
z7v`&3a%J_jT+n&KB>Zq`<P&qge)|g-x|s1}3we%|b;(_2X+F1RwxNmyOc&oi=u*^6
zhv3pSzUpb_2bz=Qt&=vx@szkJW%%4IbnAhz^P%0w$NXfya3)=V)PRqjbP(*)*=SEs
zGXd1$=A`r@XvE|!#m2BT5@7#pP%m)e7mU%?Ml?c&ZDc3a*(ZhLhraSRP)prs1RkQ9
zosYmUr)KJ~5BVp2i^fmfVovfX9`4tS@@pUZ8{v{hlXDnR2H6D#;yNT+`C%=o9Irar
z>`&bGO?P@bIS*ozwt0>QWau5JWVW|ymzhEkwqmamssmnyq!ZJFnu#o;BQq3(1Rms$
zWcnz&`T}>7At$~Pj+|wMN5X*sWpT}-L5%7Be3@F^#&SxMnG<B;{q~W`l+Dc0hu!ds
zL19=TbEsj<%DOy!CCVtB1niT~m4D4d-~|-t!5ex!$#bshjx5E4k-Jh1-|>3fvss7T
zZZ8yfc6H(J6<ja@f(%;kq|xj{D9Mm&moC==$6?U=PmiuEfw=DOqMe<-GNO)u*L-e~
zGL*iC0yx2Sc9#rjPq6NU&RQ?@{xYICd(b(XjFXBjl4DoliRun<uVDcbn)urfwDm$v
z?uaLo{HObXq`=)|Q;nC7vg3?J*K((%*J$MaB+3aAv@!{){-;iB7fo&q4($<uYc+H@
z?-l$`*V!FPnw+a=sS7)7PZUT*g!ih?L)d@h;R(&m&EaIgUTLwDHW_Fj;5R!lK^+^|
zAk$)?@1_}QvpV#B+)-v^=urf@a)bYoxqb?oB5UC^5@au_1yzw9GTSv6E3s}q_@Ds$
z%y#e8>*ujd-|`3X$Y_E+a_1fK_xKkQI)f$mM4yH^lHM=14xK>l<G+&s!@bd3ONrgU
za&!6V{(|7;g#3aX*fDt0R8z_3PUEO^1o@iINpZ+>uQ6=H8^o>)R<`Gi;!IU`A8hB@
zQb!#O<h8jsAM_p=Ib%Zi-fOd5oDQ4+7nq8Qe<Bb7O|oM7Tp%4|?I6h}CiErkcL4_H
zg5fsXos7O^J|1M?pa(j~-x`G@>{Y{b>0g&qrm;<HKl3F2S8jz-x<Tnq!Q=KM8itis
zOgdv@0-A+8g!i<W>DFE@_iW0AlA_3FzHAp1%6a5)O@f3a#(O0tAsNKlzWJNj0D|H?
zY7>iP%+M4-8}aNp+P`PT?l1(G5YRbn`|yReu$F6Qlp=ad+yB+86Mej&-gX3o*<nj@
zGQQ1~A(I7Y22KJCCiLuk5fn7=n+OPWN<!Ehx;Bx>PLe=utZpMF9q0p>M%e*d{T=Ex
z&dm5eMbzQHBWKzjl_KhF{csd$-uKI39^w%+Qw;uCbG>4{R}%&qxT$9Ex3$qa%LfPT
zkD`g<I@{{$X6#1#SfaoQ=ZFZ*p?dk6?Ih*(G(ZY{xHtEmMaBB|izRDq6c(2?x~~F}
z*ta**bc|S(zT$FLCmAXW*iGZ3u|l!fxdxgO$PtJMmOxUx3n;sezS@+MR6Ki`X$0AA
z!ypqIx(2Zjg7r>`y10Gd(MqLQtbgZv0b31$h1MZoMi)%rweP$=Y?Zjeh{7df1Dn!<
z8eh+nQcYlbh?33KJ-?j9^r;8&NeCP^Z|GY8O?6+L{etA2y;x}O-dNk@mXx#5)N3}=
zED2ksKu@REdI57w^%yMma?$#QAMw7(u;p$kHe=9Sf+?<8gQAa@hvbgF|1JIGV;~B$
z%P1$#`48!hA{lF`W^624*z|kIO4WDgP`G;-t=Adm&tUu7R5sW8;ouPvc57c6^B|Sx
z6tNiXSO?zA0go*X2BIU@y3K@q4hap$>Jj9Fn!xWs3>jO%+OY1b$G@BatunuxYPwDI
z2s43`ZK#%ebKbYx*(>SVPZ({rd0Tp2J|^Fl@c@A5G_Xs$Ai`_eND=x@-QG(AMgNpc
zGBz4S;t!w_d*tYNUpwGF(AlgUl~){69E?_^FKB+7!?zwG1Xuc;P;6#V>L?O{4fJD;
z1`veV4BswJw$3J<j?<&tFT+r+=tOn?=d9gtcnj-=;Kep!Gv;nQ8lFMjn8k+GlmiE{
zq7=%s>1th#QNXFjfLO7R3~=W~)V$Ad6)B`4BonzeBv_6O=!%snL(w;u$7e~61d<i9
zrpXl>G$RG{ofC;zPtDYxtN4-klDyObWQV0Mmcx()gQIFbh7D;hqklo9Ia8**s&gZj
z5MD{h#qkPUI_kh=wAT@C<^1-rD{!CzuLpiPN(R`j8!{aIr`@_Fg5m<pF{aJMj5&38
zW@!n6DGXo*Y?cc9nL30%q&J}?^zb+-lyg(tktsHi7C03%>lT0iR!w&p+1{`Ri0Z6n
z&93TExBE~?>Tcjs;5`{kb8a|HYBFOo4S<eyT@$m16$jUDhgxYjiUU-F))BN)geGDa
zku&G60--J%3p+6qyJVfSiJ?S<S+f&qNI`fmVCa3TZD4L<DTYz04$E!W*XHuxCobx;
z!DJ$c+WvNYKphs0H5N01vN@W$S*TsnzM`T!*8I7yE1|>NAYgM^1{-TsUQ)l*15P$5
z+ksQrD$G8NT-{bN>;Q9w9??qF{od$EQ{9^r=~gOL5!>I=ogu86(dS*3v!snVpLOA*
z7;)R_oO3B)DvZu{4DGiJo;3l4Ojo(F!{{{k!>#uu2S&Rj0-HImMMx6B(y=H&=#fXw
zG8aUH1EKpY20VMe4a<66LCM3jcbjqf&P;9!@gh5vHm@n+I1@&Qrm;xTO@9;_`zz_r
zoe6|5!1*`ROYgZ9*yEDM>AB=3OdcLvA4)!;!KzkjJPPEwU1Ne<*jCxWtHrZ`hJjv7
z{FPM$dv&TagWxskm~?5^8A5ND6M$HON4C<vtJ&`9PT}jNa4jP0O_yV%RXK#RlFl_z
zhN$xGSZXR@IEAq=+E5}mXpa<5o}lhZBeR-VyNOMt&E!G*pv7G0LlzMAox!T%;h%Bo
zDrJJat-~gg6<`zod-z!PrDXJu7n0qMAt5NM{a!-E<c`%1cYa6^eZ;u2d`*{ZrmThC
z*x$|;5XgWWc1TH38w9e!h6HKMc!3Tb4=B*f1`=)==(<xI1$H+lYH&3BI-A|YjRJmJ
zxtNygGZ;=l5!pm*wh6qc;YUsc$&UW<)4WsB8Zc=<^8*gl7S|QA@NzxhB~al5^NehE
z`zL2H7BiRv4H!_p=uX;kSfb<Mkd0xO@4=wBA_9c3HljK#Yf=uuBQObbC7&6<HFUOR
z@DkCQNuLBX-lEU{l|jIl;00oOLp!l;{5oDu2<kMmva1Zl$XxrE@5dl>_9^JSB47G0
zl*`@(uqwOeL6fK;QE?I<J29g9dyx~H%p)V;8jP^5E9OiGM)+(Ey=3f(hYsCEJBl{$
zuo%fHv!+ZOux*mLrPY8#!nW84Y`w<qd5~WttI<Hwa~79DV!4b0Ru2ix)bF`0(m>Oe
zRdCyIVtIrY%Wodau02pkDO$6(&Ct;8;lCu`wW9=(g`+=HWUipoZ|gGuyRLg7Oo&uJ
zyqmO`gKc7_cz{UE?*5KGV(7tCyrLeJf=)u#FsPzzzt)x+bXnt4EleVK%q>|bVjdP!
z${73$LxnMo)19Fk-}AmoM7WW3sc%4dzwYSQgU$Ot<&6d%mEEa#Cnf6FrZ9eCw1sIb
zXftbek}VTK`C{)k9=h-+CQ$<62<^C-gPwE_UA$F>7O3B!pB>b6xBTw_Mni*fx#iaU
zVh3$Z0_c<#)4LpxwP`ZhmI2sf574ge{h49pI`~VAX%L!60D7KB=*Z~8`d<zg^EY|-
zX(Lx>R@$|fNlohB*$0Cd)IL2@iUlDVC&~Zu*{|5D-AjZyRE(BN0{6ahv3E0g{=5uO
zsw`O6*eIOW25%_Qu<R(tEK*UTF`^+089Ly{A3++(L?i+j(`cax_gK^bl8{M>xhL5r
z55>49w^@~kG+?@#cP5L&=T8@I^kaZ*mJ{d-sFhpho7iO4$}X6_t)bJz-uk^&hw+>(
zACKiygm|$;vGbnATZ4(Jj@0FIQgTor#WtCDYp1r{F{l*fTC8cL$UG2KMk8@!&rCJ_
zSdEY;PN)V3wADBZpn)F`T<MS(kf87R4C*kV#gJQ}^oc+%g-im%ceP(i?EP1PQcXsY
z^0vZpf#Jq=Z2dmn&u|73G&q~?P^EU>W7fSD;F*lv8iwZJ!n~vCP8@8MN3on=gInlY
zY+pJw=w-=9W&z9>^$RrFsLp~+q?ze5TmDEvnRHQhgbP`kF<1)1<LAMo7VQ>mXV7wU
zQ7eUiYWr!9Lm+9?%hdOvYt&34%mq^>0HCiKqjiC;eo3B<c8%3gM-Zb&hUGDgdcDQy
zDaI7!I9>vfqOn^9P+{E;003o1V^M)aFycPp#eQ0B$_iQ7p4y-sbSevCo-QY(O(rA}
z>e`!@;Yaw7pC60*m$2*#0UjQ5)tNGh%i4NPBzG99V)Pa?oJ9eeVOA9tVN`gle4XB(
zh;e9B-Mr@!BJFEa@ghARMJE1{PYxqC;KjrDr@D`7Lgo)a$hYv#4`PgaizM1@&~}Y9
z78<-(rbwl)7s%8~)KC*8v>?ziMqahqEZJ*ZB0D_PS}Uwi9-ciNvc4$btL!ra9PUC(
zKu7p|3N&9cHTL`7x0yLO&8qJNxUkmK*#?^HfAhsdSDX8=*}&1nT82y;gSEm`hq0KS
z645N?4&qnnq1clO^*R425UQg`*vUJTzP?k9)&!3Z3!tnR)3L&Ohf{di12%JpwXy=G
z4~%ShjG9i%>~A@a5?CV=t)qL%SOyLnp<6KS95l+OYOIY^g5v0t?$M2=Ai{436|(V{
zt@|Idqy4T78$aiKd%B6r>auRmiMTltIIcR$EAthDCN&h|K1zu*H*>5Vj97%dHdxqx
z<HBgQFJp6y3$mM!VLMU~Uhad9f$_83S=H?BU=(sCZKWEL(8CKw;tCk0nQDAMilP^U
zy;0*aK8~6Wdewzc9GoJnZ*9SJp%Wu=;YTs?Y0$JQ4Z)<g+WV3_jdyGdbm0U&(v?7K
zwx6|Mz&#3(p~qSvOCSPgAy^i*%!li6{eXd{Z<#?NiOrO0tN^U>)kK{$V+P`kTBy#2
z%}ql)4$!h)jzS`ht4;5}I{9iWG2J0=)7{x(aO83d(oZ#l-d8+NH#ma>b>%oau%}~-
z#Shko7-jV?XlX8Rc*n`uoInEJXp)8f!uDWdP0%dTw!EoF!+x3+Ad~#>r?S9(3F!VS
zoeO7tYFEr$Vs)rtaEfRbl(k&lS9V5Rj2X15#Kl_6Omf3&6uj)*vSxdhUz|j4{~Op4
zO&?^etH!2@ZBLi8!FcZUJytIh3qyv?s`>#C)DK@F?0DGLL|6c$0j>v|TU}FBL&iks
zyYe5Rjo|FVLfQ<Q)NTeq;ddQlA!?i?Em2?u8xti_3SjRN+y^os-K8*M5S99+I{5$x
zBr(FkKf)kj<|UHvb~dFYH62A?Ks=^+G0j*nFQ>`VX0}$WVcOe+Z4of2c*=^sk)gN-
zu80Ag_h^k*)Y)rcj-r@b1!=6q?P)Xdr{^M?fE|7)@Rke!p&nt2KS*c!yz$-Qvq$LB
zD)REA%N!NLX~Y7FvSw-Wp{=^yq%%TyzW#8x0EOC{7*)?j&1n0r_6uVh*QecvyA&a-
zo9&Ikq+ENz;m~*YKV!1D5lw12HM{vz0EdP>r%-6ZWCNZJL&ymv7j;uVF5R*2I(gE1
z`+UIK2U8Bo<2NMl-s8A$pnvaza5o_cYpM{`2%^v5;Ew<An(xP65XUK|e(trUn1xTG
zvQi4~&eT^*(H*8vNq*|n2@M|n+X(knyskG)7VVMvJZBHz82elF44+*@(e6?#-#0iI
z!dVSGcE47C<LT~htJ16!@(u0-CUND#1F%B3E`=V63{+@>H1D*J{C*-sS`86Sg@av|
zHzo_VW~v!Xy-Z}nah}zEuww{|`3o39!sdQSy+}SVy*U*^Oo-w9oi`xij)EM%cl6Q5
zkVk62>M=K09`qgo0XB@yeAh-3g>39^uSp;tqeQH!p4~bvLB~^|mnQMVMA|A09<fxF
z8%TWRMU8C3@)Z@n0pL@6Sfb_6V|>d(_cn%TU-@}G8n>>4SAY!bTI}wV@L^3f2IyRD
zRhmTyU(#SiO_Wkg#dbG>V-wIJX3e|P6dtEJ1Z3^g%h-SUhKb=oCzSRdGjxx_Ot7sj
zTrH}p<~wwT%ie5%zd6T?M6znwKTs@i`*UR;FdIDCIPG_kCU36>B+e<8HxZXCm8nVw
z2LyVYrR6O@;4PhjInV%CAcc@S6JkZ$ds3B-0a4h#u(#w<kMDK9VmafXJ11##6U0hm
zrvr4n0;VAl4?-{seQ3UVG7<iyl1@$;1wEVz_7jNYsJu8UD750kZE3BTJs#u`&e+lp
zxt+7mWQ9$N+0})v?Ixk`$fI8TQy%TjmDf8AdErq{8C9hE*aQ;)f{2RQJN>)<U}oUx
zpVDwRcG2kQM@Jat6)+|sfBO1EYbZrHx*v4Kk4NZs_iUA$VGh*_hXD$J%1jD$qjGa;
z1ymoio7sR8@^caw5aY&j#q}4<VIAS%u{1GuzG_4h2#56F8?~P`0WnMZhoR+mRqN9{
zScKGo`gSV=a5D&_O5XlOk`ve}S2EiDe#diQ1FW7CJ_@LlSG;Vg3)=trCv_Cvheo4C
z;Y}ctoSLrxL`z%mEA&@KXFU~sIY33XA<v^(yxwQjIE=xs0I2=PUN9&XHFj4T08v(j
zz0~()FVARgA*4%T?!9(!-~aI~ZaIed+VwjjMx)l_<D}g^g@eElaMz)2wN;hR*GjLp
zE>&=ue{ItWxpyT;D>(cx7X9C+ej^!W+^g};{^q$kfOF9BVL3Y->p_Wq0NET@X8(>Q
zHTjKI^UxyBBN+p&qM4VQ2>INujEjI8IxKqqwcB?;e(@6Ofnm~>OH=fvRQq0}9;H*1
zK%j;ID%eG)C*LPqg=A|5Z@3{9))9Ion85KN>ZNB{PEA{Xaf5)Bc({9rsBZYKR63xp
zY&j+buG9Dsy7sp~NN)|gM4kogS4=jV0Gz5MBZww)dh`B`xriY0l3$r$;0vqHQ7)RI
zyj|VOH}TZ3H%uC-GwJ};L0{(sP7(w+YKAO>g)ha-v52-`+$PbaIS;2*>`pxT4QQ$5
zy-dhj#RxnIc_gs9o?Fs6pI0it>s+&*Idi<v%N}i0NBpH(d`i)VHscj7W4ey=XI_jq
z0@QgNWH<@TV;i>i|0tTl>K3+VY+0Mx*@xU%V(vVMFmPmQes8k15jit2?N$r%SZ5Tg
zrzPfhzlc}Ft2&g=EMeM02W)}KNF{z^*(Nrj0NW3aG@m|Mga;81H;T){wJzw);c5g~
z8nqQ3b~ByCbZXOf`z>pv4eHh6zYVW)@WJdO=WONRL=?82G?h>Ss0SMRUcD2@66Qqf
z?Y14HGs%B0{=IZ589)^oEuAcLWE?TwI$`d#L%I3?aT9uAtzt&ck@);Tds7y_xWjO8
zhqkq)s^h4Zx}x7qDcpCiCe8yXHc~EYR}XpJWlYa)z5N%?ALe&+Gosgo_C)Mij@$Db
z_T%yMYVH|Kr)>-sr`U`N7;{x`{)~7%kaYy>#|(4=vS-%kC6!~X(i`mfo_x1e1GeNk
zHXRW|=h{>T{Pz(LGjsR6-^}8UNX8kNmujhJ&YYP-1;%*KhY_5`GqSTVP3nZ<oN{ZW
z6%<C^J!CTjTjAfkpipipugQ4D4wVP5N=I$GPpg7xTZDNV`U1V2syJ8eZf1qsfX|Qk
z0m6px4{o^=r+5ID++_i*?KS}bt9~076BZWy<nFXMv29lo7%O~l_6!o`x+k+(6?PKp
zsT$UqFe++{w~`m}XCKZ{1@)R4(eVm{M?F2yY|j}y%xatYp?pGqijCb!Xax@f+&ULF
zH#ccA&Bguug-i8qn#D)!WX2h-oU|HWJ28uSLfHOT|2XUdv7`{1`=|~1n*8vq6knZ%
zv8V2MmR;#dB?(C<Z?WfAdHhA(mu@^b|5pK~W=iusSbX8r{w%$y#EIGeTw_(?mV#V(
z^ERN2Z7o*Kehp3XXB(W+JqYu;a=<b|J0Y67R-o&d7~B*y*%^noImB1)qg~0ct|b7w
z6bCp6x^NCQ@S1c0jsc5Dff>w`P*%cog~yT46#`NZRe~T^+KW-<SMF+_)H|*N*gRQc
zqW!al^R9Qyl<=|WTh@=xwsg-MgbEXKuW+BqusC7VS>*AqzWnAZ`@7k4y!t%kgee;{
zlbV@9HD8;X&ui`E1yek2c+O8bIz^st{b)7t>Xz$yOW{hFN4Bb`!O2&HF09#%UtPIn
z4L1Kst-5z23~=Yf5a}V5_^0vYm8|gxa`7HFU4HKcpQ7E>NIQM|GFKyS;`IvA<BS(7
z_xE!wOS`{DRyKdSUm^bLvYCp;gg;NVwwF}7i^FM`n%r|7uOLSEs2^9ycLQ`r(B($F
z&pdf$zqRaLyL@8dvQ@{!y1e>?n-wYegZI2G4>`<kD~fz6q6c+f<LF5>;Lu8ve-tSz
zINTp{#^HmdpnPSx%b(*)*9s4U1<%c0_=g*@1$rKz<!#w=eY&!|_Zs*4;HJ0rkN(AF
ztK*sjgHasZe)knF@FqP;lU?fmsr{1oXHFLHr>XUxCG+d0`$qdGaK9gfXFhFb6&uA^
z{HsQXPDlJVr}5~+;Og3q!nU&~@81cyhv7`nJ$-tq$Kspa>%6<g5fW~G$F|MlPh_-I
zylK<n)Jv2%lvq7iQ8m3C+}V1fGQ&aG=wZ;V@(J73mk(n?J3Teds@#a_e9hU)dx{wz
z{4GZKFHla!YBxq8)jptRAnT-bY~(^>q3<Wl7aQ|8zos<CZF@t+Pj=K@6})C*a{8%t
zkqY2f;K%z>cb_DE;2R6?{PZI5jJ1)Amw(Q<XAxh5$57<!oMNT+W%nihc>NmH#E<+^
zCnXQGKHfUhp;nU03v<6|5OvzEJMD+eo5$lknOptEuM!&;IJ-EmKDqlIbQ(J?<@H`d
zHttW+v#&qFCKG>_UxdwHgmoW$D5*5!Xx)yuKrwSU{;DCV`|Fo>?w+6GbDWQq`(6p^
zj^_P3I9z{uL;dQrZ^9x2&riP6aO*oO7k%EbyZQ^T$nD3E%o8?eiWCoFxttC0%ZJym
zjb5zf{7=^N>DxW2W#rrGtEZ6q`u+1Z{$u&+U*s(J5-4lOA8*e;iA)w+IUC3Uypf)R
z8rdJ+&Y$))Ifj2CB&*wu^8`OE+;b7K7BL?(^%o7f<|tAaC|Q_a+xKzvmN%a=LoVTF
zxp<|z>&F|D8E2IQ$5TF@{4S}c+hJk$%OpMCKrS}-Ca!hU>K*2NL#ECrGg|(EyB48*
zJOjBL_-Zxpjq~4^b3VaQ2A2NNk9jk7zdze8Mcw~&p(W;?ka*5h{x|BC-||IjxlfkY
z^e8JF4~e`ty>NW4?lI?m`<8@@3vlz-QIUGZ2iO0deBz~+kzX=up7GfGLUqogg_5%C
z4>`Gb6br{2^zpT_M<7MKn9PMs(VzT^mTkT$e|-dg@n4!poj4EmcogmAOks;soX2EQ
z>NRK_?A$<tVWi6DPs90BIK%dQTt<HO<h3tPPqd_x17r2vX)%UERKeqvbN*{hYO=B8
z9>-r_Wz})UnipR6S2g+^ZRu9A!ZmA`q55y$rgCRnHp-&d*0#HfCuX5U1u~<5uC!rZ
zzkA4`$Iw;(>h-s#7GWII4{(uur_@D1haXc`JGUPd!%gs4bIBC7(34XtY`z{%E=YlN
zcD4MoKE1OjdCI2lQA9yT<8e6^4|t5RAV-Hl$(f0#H{VsD&+&yU24vYOHMdvTYg+_P
zEWa`TuJr8hNt3hA39nM~=cG-zpSg9MK7F3=N)V^jpVs`z2LJP}9d%}%r*Fh~>Ad7L
z)KEqKkvle;^*xLOC!**6*lBEH$%pWbFW}f>io;c>-<B>J??{nP^{)P?I4_%(H4H!V
z`R8KK>9ET9=>9tKW84#*vK;vpZi7<Pu<>h)H%l7|)43g?Drc{HDb(E=J&cG^Z8)a;
zNCoE}sGk*OsGzcLcxvMEc=tVeAIIq*07Tv~HqU2#K*E&s;^$V_%<6x#<x}4B$KY4r
zs1_AI(dIMsDxQjzLVn;Fp1BIWFRQ~<W^G&BIK|l9sK5PX0F!Y2)};<!p4wMLj@6V7
zzU*Ed^O8FX?}O9}CW+81wF75ew@>o2uS*p<DErXPT==DFQs`iH<K6Y*%Xh{C-l~ZF
zu`1rso8Wp!NER7*)_KD7^ycIA{gu-fMm}%9{m+MAATB$wMc}dM*t;|jEzyVMhQ-$%
zd{GJBcKzOGEo6H~8R-HyZ!NwMz7=GM`{NwG`#8@QW?`YHf-r++qkhpI#$oTCI{p4S
z^(>E?Q;OxA>mGGCB0Y$QI~La@PEieyJBsb8&BzCLWl?4}qJ3~-5x5Nb)%X4R{_Q`m
zJZf@nela=_KX&!L<{Qnsi2{vJGw1?x<}dstvsDd^bGXEAJeeME>o--c4PB9O7=pPD
zofaG7;W=6vB<$_@3Fx$RR<rRH^o#FhyB0H!DU1EAXM8@G)G<e5p-b;&{^S2t-^aKY
zNPixEdhCTZBt|j&!rSZe!@^}f8NY-iPa~X)Z*hdhw>OVoi?fW%*d0UYoIJTElc0h6
zdyXy5d*w0W1vtC!y3VSFoACt4C%GMcHEZL9ou>1<Cya$WAOeEA7MEDRL{z2M!vcoX
zj}^%Y54l^3ZJJab6HbXw=dLaOxZd$LjA(!JHOD`1k+Or|=-zv;8+tBNPuz3ie7YaF
z{KxU4ki=_EJ>&gdV2Tw#5gA%#Nyv%vXM8>J%l@J2#k&q~^{!!M7et=5i9hiA)1z!r
zW!4g6_)rB!w3LK?h~477y#HwW+Npi1-f_wA*LLi<6yHY<sW|*?Ute2E`4^YkRanBi
z1aC|?__98CJHZ@wbur}M(kXA9HS5mb@3z$@CV!dWn)gCm`>(gkYDku!?dZT~{{AvK
z-KoxDEvcXTR8s$NJF4jURntfJt~d|)s&qeGy~^|P&gC;Ffjq)4=hq=YS^=lNT*}V!
z4i1;TaBqSpYf}3mwp(q>y)Dm{U$5>&4_RFLj@Gdl&M|{s&wJ%RZ*UA=y0ck0TY0xS
z(K|lD<wld}QlkBA#!fdYpdvQI(u9Mv>(s}yLRZh2LH;a$`N7JbXp;0P$-tZpesP22
z5?5qhu6y#Qt95Q^DToIe*Hg3n&MlnpJZH50<h4maX@lXv^q-0zkMHnD7e&!S2O=3)
zo{mB9Lr116Usr|*dfq&rb6pe4cLp)`?e|LOXy#B!rN@dKVQthd%IKVuN`Q~nJ>tc@
zZ>{vNpPTnb;NBu5lL0+kO%~PxwG->73OOA_cialUiHHiAwM*J2YV;mIdEfQS$z{T#
zf9B`sClQ*E|MsGlM{j}muKMVEpNqfvWbzc}iA?TDvAHx^Z`rIaqo)~frLQj4uXbZ(
z^jx&WxX=F{IKs7@7$hwx<mcBF$r<OP4BQfV#+TrRQTy{(D;vU2MOrLX18Jc`ET}Es
zm1C^0R1#vbCOIvML)CrMFLSwm*@+m<;e)$*t{0qn{qdD!72jGDz}Hk~?kx%z_epPj
zT5)AO&~^pwln^y83%w}gc4)e+p1mcj@B9waKT#$a5w)HDkG@z^J%|wteiT;ru3o4@
z)k?th=JB7FOV$<Lm^q{ZnOtHye;$ioQM(tXHE|U<ydC@yDOJG99sTL*zy#k`;L)Mo
zxA;5!>9$gf+_T{qyY&KMu6&3;eGe8VEplc=k}s1ow=Ik`#kWfDU6;!Bo~?Z8^|*1l
zVYz3kd;Bhc(yJuC+7p<7n3zm_cCOH`x{0W8m!|^Puij61b>3xZMoPB(c}32wgXhRJ
zr)_oyBx#!Tq$BaVhkbv}bstLq2QBF-o-@j=Gh(>eub`Q^cA!WY>O=o(%S=_@x4#F=
z{YoWi&(>_>O6hm5C)LQ_AjLMzUX{*@u|2Lk`1`KW2Q|h=%@4MuAIH@0s;HiwnD}#i
zl|Sz5=d6(*mu}6;C;J+H?~q^m>vmP<8~RZ9VUM%vw`0>kr4Ma3q9l8~<3vgprev90
zr6V7ZsrR47`{vgx4YUns=u>^v4jth3c$umX!n}!g+Q~kwiRf#3nSvu2jlVaVuEG4j
z#Cf)mx-K3YNfq;~^nD9%6)BEwTbfE*@47L0!rO;~g!2E+QRtbwvV1fwc+svoK)BrD
zi^t}3pYKYlZW4CNXUgm&SJ@}EhdF}PeKW&;JvkY`V`8eS|B&F{ywPv>5@=H2GG*5m
zrK0ERIyYJYKVec2Y%h2ATwAR4I%g4OZ3Y**EBO0+{EfMsb9T4Vt6x!!*9F#UyBZ0X
zMgug>@0~a#pF#;8(|zhVsL~kz*(W|!J8{d_P&P;ZWMzG@-D(w2$5^6*+HA3mqA6KP
zMNz_ns{ZN&2;(PV9DUE#<J*bAq2AidHFGy|3vC5IJ!CoYa;B7>Hoo;>LDk_GC8I9R
zTOfufR#*DUapUoHj+wtN)RO{=w7L0p_2)SevcoB`rH3qnkmmbm&#%h^+%hh7{>x}z
z6_eZyd=i`@HD@eau)QtPt)a?&Nl?Q(B4q;esU^v5NDuU=U7~@*Mf}@22N!`#>qi?G
z^~v&raj3Gro^i$EL7NAw-E{>IiVbLz?y-}ii65JJC$iMMgO%>OM+-kFkZt$zZ`}3(
zKl3g<3HfqGr}{HnM#La-6$dKn9bNLjmWBPkl&pLHOhg3emGtP}1Qu`CElre|><!=v
zL(R$*#bi@A{VN>=!@1Y`m~54ZyLlV3QI1NfN#|0yZ^F+`g-SC|kNgM>nEse@&f3Kx
z#}49l@Nr4f^ArF3zRyo<wZ55`GM+v6PFW9PO^qirGCN)_MM<BtxMPFP(f7Fcp!?V-
zFVidD9Udzdn5TC*Q4$|#&&-NM`>TC7w<>+CPw=+tf<K<DJa>28#zFV)N%7>q&lf{G
zm!7Y7__%8z{x!S&NZt7JHS$REgD~?usFt_v^WsU^eR$t8CBlp6(bNA9xDoe!-66p}
zvh1(Kl3S0~ICDCF_I3!=fB0^Hjf<q5^5D#WZN5VfAB43dFE}d+ee$AG<xR!Mua08(
zvWSjQ<p#|+X@_#>gI<L5uTvFYuXUflr4{b}+N~JVgs1lR4)nOZ_Ll!Xp8><cGjgQN
z4*{<3tHbek3ijFanwpQ6*kqX-EP!_GMeD$%8|Qi;5ImXP(+PMg!M|pCX+D40FmPW$
zxB9IM1?ukRCea4nSB3mH`mIJKb%&2EY2+~>6>D7WlxeFwRwCY@3+jBRygwM@b4;-D
zvA~GqfBf?Lc}`Eu97e~E=lL6)_)uae^k1-IR?FM_B`IltZ}vvNO1t;ud#jp~a{eFv
z@Yfl7SCv*TWk>u|X1qKjpknd`cJ~Aq=$h{KeL|&H=$f^*{cK)w%}?mcN=I9taZH+J
znkDZeOBvJWuDO4~<Jm;rUo*{C5BaT57uZ8OhV{t8A1yA(i<DX#@kiA|_$coxv6(_^
zR^$CDmG6_^%V#n&cF73}oszdjF8B4`y~_zGFMj_~H~?gNA#&|@{;9IwDe0bI>G^hW
zq;<gDt~To6%IxF&lpkpQR~FHJGAp;v+|s)fD=SGoE%@&qTx3-4?^loCpC2VnJErO^
zMTcj`nmjb}%8F?G@NNCG0RN$!H=$rDrMgqkZHEV8$(m?&-+U-;ZfR#La?-@eq<ASf
zM*lsf>ipf?eH8sAu!$m-D@vPh*!3OvOF=`EvA_cXtLN`yT9ZXDD3t`Q_pI#SEY-VW
zlIVK5x^;@O8>vBz6V6UNto9!(eEGPdSj7@@&vivM*p;tiC{$B762;|lL+^4+ke9WF
z>Nxop1||fn`l*BRyJdgNZC7EgO7YafNq2&1?f04d2iS{h8Ft()fNqIlaG<J;S>`Ls
zWRIy<<}0)aOgiSRP}kesO6AuY7K_C{tYmVJxt+3)l|<!V4Hl2R_r$_V_+k8F2WQ{o
z#~vYfLu+EoXiHO~mo8mWG5CG=6*krKTbkWoYNy_h)C_cVwCdMlRl#GP6=6S8{+!ky
zwc%BB`Si=Z$NN>Pwuq)e`<Uy*qXc>XDzq3{3p8RFRYH4;h!Pu6I-OSU9Q-KZDm!0y
zmdj9OfUKv;jr$?+>E3rc_8WxwkkbCMxq>KF{&~l@2RkBAwKH$wV9DF(QEHfaNL21=
zjiBwx(-{^<4iz<V4a=>4GTgbcjftZYStpP$x9;>{Y?|!1a*IL+W1+XKUv1uQX}Et$
zE8vC=r~ancE_4&j6C`DnT4-SN5u|=r&re;Z;_1<(vW=i^)%96rSNq)Vy3KRssicyg
z{`TC^U5~zjZqG!!%d@;O6(=65h4s;n@#sK|9}0<7>Dy?CrWw5Z+9l(^zsY@q<9HSR
zT-Egt=<{mFcZj8Cz~Ex(J{bA>f*!@(+8SdYOqeJ=B3m$zpZrNNI`3*gZgT=#%*tJO
zsC!ngvp1<tI3YIu*5ajUF7syw#r(m8H6ixKbC@V!$Q@_<$L@%0SK<oG|I{bK|5yhJ
zjt@0=7UYEgtQK!=fTd18{4dF#le^=rc2VoqS8tAYp7Z&3^4^p*LQdU!^-jpU&wh*M
zP`0?ri;NhF<KLcMEdO}y@>9iQlbzYh4f1Dmh<$p1WYEjYCyE~><-zc#ai-lVSGlRm
z*-nSXd>5YQ$TZoETfK1hvI+k@f|1S`wuYZ|yDWjVFZiz@DnL-Tv&H6<&!~MT+NqJ#
z2<U3#X42_h`}MM4{O4f(6UKuNuHZ^sUh(Gt_#OZJL`;N@rkA&Qy&*RsdVjm3=y6zf
z>vYUP(CB{&|2;hadHB-ImBV*ldT%#f0t>cg`^;Jk<nw-MZJ=(eekST}Z#=cDWSRwd
z^5QQHyuH%dH^5V^XL!wtbXNFd!ZWi6le;g>JD=TPIf#C~X^-iX3J>X==au$R@vv5%
zJlu2`h|8_b$mKH^-CUVTS#vQwXW04kH0j?*X#o;HC{&vudwBNva*UN#WRtn&gJgmv
zmwAp94DEEXv_6dvGI7hM>1N4nj5ts{-IPUfBPY_|KhQ3^Un1`E`~Lt<K(fD)@yR2!
zp2V`Dq;t7~Ew!LLtnB=hBAx{0uHkj)Nf&|Z=LC+WIZC-?pdbdVN`ooO*)HKm-k@FU
zVii{dIl9#~u;9@`(Nn8yCilVK+{QAbo8Dx{mSLS17wHzBoU#jd#Ld+<zW(9?iJ3Ml
z=qiPynJIOX!f`4lw%-ShYO&&2-IE{*3kW(C4K<SVyqRknH=}H0*;+Y(w#QcvG>Mr!
z+GM)0dg!DtYPHR0-Q!-X$?BJ0%9j#exH(`sgDI_D+9UkaveKx$g`%kp9tf6QY!#+#
zMaf537MA)%4KD0>5#t`ZBDGyX&@$pRb2h<=8#9%zhZn?fvlycBNJHL)#xVy{wq;J*
zWc!S>jok6s&%3&rM=nlx+Sgdt+Mi!zdCPUQ=`P|!{h-NCeYKT*4F!eEYy*QXCq_Su
ze_F4@9q#otoepBdtJ^7jz;Bs{_+Y2$l0ku5${ZM2&koXZZLEK3pHka{rDtq&0Fo9R
zwpL)X2?IuE(-^Btl{FY|Lkb&|v;|cWWrRB0TOoB&pPo%qWz=r&YIJ;0DM^D0cz+V?
zRp+zCJ?<gZDby_1$E;#C8kz-ER?LKD3R7tNWLuVCnL4wg)A^>3L@EJ!^u^T-80V0w
zmi3LBM(fObj)tst_G1mL({<PicdvyTC`hXy?Z$}v^^-sdeTfcDEwCKU`1PhW*&)A4
zR$8mfUyr<BpR8X!_sX<e^QukuFWXF!<+%!Q9(Qq>2b|N`86&A(fo3N{moZ_j!gxio
z>wV0i&Y<B(4OS(2T|B%NeS9^<_H55u8JV@W4kLQ1^K~V#hyP|BB1=A;Yo6j(yCPlx
zn$%lTtsR0xhMYlusqL4wGK<}BXIADlA#Y`l?6No#8nL`K`!J#QVOgxsrA-#x#I^k>
zcj2t9I<mcW)4Te!4lQ5a9}qGOMIN{8)9v#W<sHT49)#3O(e_C2*mvf+U8<p3VS!eT
zYfI)7dg?Qaf?9K22xC;aj>Kb<Bgh6#V8%od--=tK@QcGRg$c3|g@d==Sm~N$%vLeS
z0*n`Sr7;lloR9e&6BZ_T3RNpSSIr1gnbNf^hMZs)s$SV)V^p6t!X&=1{Uf-6hnapB
zE3A{f_k-vNEo<|}NsUL)1CCv@+YrLHHl>zIn%Ixp#x}-NppPZSMxeYU-Kf?^<L)u8
zX7jVn;!xUeGm#JQbodmhsI7hKMVgI3KDIZd7hPetfVv*wfnwXWf~naWEoFD+ip=t`
zUXkn3D?FjZCb2ZaQL<tT>lv<ddkh!Zpu&`N7%`@X&M&)Y6#%<kNthZ{RcMGclH9HE
zyF6%6)>Ft)>gMbt`-odlZ=;Gn>1k@paTgw&Y-7X$B(|}jv?c=qC%xdD5L4t+so211
zoEtM_LFDoVlJ^yrRr>(&UYV5bJJe3$^BRn<%{Ukk@>hBH%l7#I(6WGIb7>i|$a{u<
z=dPS5c6s~B311eN4g{izH#~cf#tDw4I{~pYPdL(6hyxB!cfjFkjo{e33=N>MOb(bV
zseZr7=G5ArlfF98^7Ptn;~)GEqp&CTTFagjgL^`9;Bwex>o=~}cu?EKnmmqbIKI|4
z*YVl!VIuLYn_D|}Vw65Q5Xv9wfpuz#Zn*YWH(>jVC*->7kOPBfE(a#h9G)1x7t{`P
zwOJgvYCp?MyHF#iLKLiC^A+1X)N`vaZP|jnD*OwfyqEjl=nSZdG$*$S^PH-~Sr%SE
zVmhV?S1~cyiQ-b!a2iEeZR8ZF7X_x7e0Ci^mF_l&nrv}sh4xBDVKE!o{yVOAh~N-S
zwnFN4d)`F0<m@(pfp;DBwc9BzPkdbK^P2KO`QxF%@p_O79{$7{s*T%`-+*>_I|+}}
zw#rw3knp-RRDD)ep>lcw;OR}fGS;mX1wNCmF0Sat>h_YUv&usk;2GIXK=LKe)b3kZ
zj=Y{;yv+BI`Jh0`B^l9v+@@u^N4UvdA!nduE7~wMC0JHHYhmf+R@0A%`zt<Z6ucml
zI<~Yn(gl#5vNo2f!a-B_3ICr}cRdA`r=ffFypAU#=goXT2FHh(!$Zh!Voi^T!x5qx
zjC2m25XOpR7j^jxh6El|m7uYf!z{0oWj?Tu0a#S?RFGKUtMv>gn_;PDAoI9b?SmFo
zaHvsCQ@KPqop|=Ab&TYaOMqv#34%HaW$W6KgNt6lP>fXUWz$7;hh(j6cLa12@Kq;)
z!-By4-5TK5MB(MiCCKUF(e5_W3x|`lJDs^mzRf{$HiKBzttA2LzmB>Sqs`f*AK1h_
z88ME<Qg&q79&)j%u54|sF&r>7mxg?eXEMs`#`-3XCXdHFsZX>-JSiiE&|epYoVx%V
zV6@I^rT!{X76bIuT1c`hmBd{YkVlp61#xi+fMf2lZUm^y9<0*hoE5W9<eBwItIXL3
z(^G6ctNLxhx$LLul>d1;{ms*7U?r>i?Nu#L20j!(43noxJ;1+7DLjw70)kBPtDS?c
z>ilBmW<%%crku`(F|~B^Q+6v51YNacf)up{UR%k~<_%k%nxPjUnNp~Go!u>Eltj=>
zdPX7OKA`~>pV5o6MlFA~x&%LAR@%Ywi6hCx$o>>EiFY3R%xK%74-ce9+VNB>xtyL_
zCj25<tGw`SBbIYp9n?ed$-!h|B9#~)tB-utaXl(t!$o74G46KUdg?guy87C1^KcV2
z2?audjs^&D&`^<4O&cYxI8*QN8?p?r#!83A+>`ap484X~b!4!tiS71E6_#*NImyM4
zuQIeE5Q$coai2AYt+~pb4^L2V4yL><GTPjRs|%L`aJCOsKZTwK=l=saZFWO&G(P_i
zPq@>4{=Xx#b^d=-p7`O3@nmX}3KStS&UT%)p3Qq2jQ<Ub0kit}FI|!Dj;;7FoAEU2
ze|~%Fx^b)^|HIv#A-DYR#`r&5^8d^~?d{D4XMubyNDSi%8Y6}Vyz0UbF&%qJXm3ww
zPfuqDsZ?=k&O*c}WxUR+%z~e&ic&zYAyUzccu3n%D$JjPDnl3vmt9R{eWh<A3wy(i
z911(>4If~|iVnOw4N&Wm%Jbt|IEw!&%Dj=Q;<6cQ6@V70K2bI6s0(sM1>>>eh7tVF
zg4?3qg=J*tw4<cty2&y?KUmpdk*!(5b59|>s0|IP3;&@li<6{{mi9}<d<tG`;I18{
zNp)Lwt?VlC9$<J84nIFHBFfSlN1aFt+DQ#VLt<ap1syGzqIr&5;eowdL2m+}ZCI?V
zqYVtBRGXtV`9(FYdQj6B^_$>HQ^linS4L%)4;2+U7TMg+08pftKmaSuExa_RXuBph
zxOs!H(X`=KlewX@&9K{xXX8#egM3CU_H*0Y9Jh@yE^udYU%2FT?8x?zqC8No@#GYp
zaO%|Zvg6aTRc}6;=*`7hNB32#pr&c%vP5j74vnSUw96@Z7<GuayNlZ?v5e62=$)ci
zhTZvLbp!@lD4^^zNX}5Krg)$z2<ND#kr085{_72u^H*~KOX7}STYJqiCZ7r&g+GjS
z&anJnA^zLkM&MXs{trdEcGt##>)x9GH{)SOzoz4}ZRZ!7+Qy<*m71nh`<uh%tF^V&
z!;96*D>-msPPc2Tl}~cy!hBADS38&Go<%cpA6V<N?RABpg-@*ev*k=>=i$z>&KBD4
zPgWa+->lp`XEw>X*3RU1cEWr$F1JqPZpS211E=$?Tn~>DHO{(LewPyx*4*L2D`#}L
z6|szxYp=~Qb=-tn>$v_}1wFle0FQ@L@Jhzd-Yv_Z`|*<hxK%K#!)kj$FKz^mmE?c8
zv%5zAcW>!`oARKCMPh6)n(di}{_hHerg^+d1-}d>lF}FWkEV_$23#NXjQHTpj=?bT
zqcT45lF2B>X`bc_3nTMVMTsAth@}wy=)s|Qbg*ZdP9^Q(Ku4fsdeW$tvl@lX@*#9r
zo>4txVh$GWlVS>F5q6K#nk|rEmIQ~59hZ^dc$fqeJKA__ee}hF9g>D-29v3o$@t*G
zWPE09d}b&<k&F+<QgO1QPf>W?1Gz$>hwNy>2KkiMf?hmMf{+IPXtO<5CT*4kjcTO_
zaPz!GAcSV%3#XTlpwI#yM6ePLr8O~3#>P`5emF6ivhxGsePsT4PA@ytpuI4E%Mje(
zJ>cO7%<cdv5}gpIx#I86q-4<#2FRTQozPK#k+6&P^>)IeX4|rbh0R7I!tP*4S1_~(
zjR;-go~{m(O_$4B9@GhDM>yM~<WKkUlK&OWte6`Z0elVi-%w=B{<|qp{r<;)+c(4n
zypsJFgS|WZe|Klcmj1UX&-QJ>s#y+F+f6W|7m*8up$<BqM2T#|rN&arjEihSJxyAt
zrux#EEJ=r=YAmFZbQt~*tNr{U95f;xgYP^0g79zu(W8D^;>3bht}KxgQ0N2{Ist`F
zgz0?{X)`z5PXj}u@d`@eyV4hAB`APp$*9Im!<N?>X@dlG$Inq)9I7`o`dceEP+^sq
zl~$gP#y0-TC=*pxT3JCz=RYuc8uT@4>60wfq|Njb_0)7x^;yQJqJd$NPNu05s+88t
zCasOnHb;5D;P?XphR|o_<a9<G9U9RPI5eXbjcVTJwE8GmkaT{FQ=2+<@d<h%l%LpC
zqu_mr0PSfO66VCFA{kf$_kCR(TC*-%0mL%q)rBfiNSNkmK0zlSzn!CoSXMhk!&cvn
zi%+PulU=p8P_aXlO#rUpTmV|bxfWk+1dVF=*KhH!$XA~~)n&-q%59Y_8w;5Z*?cZb
zH~Y-CW$Fz`-3Tn;eR4EI6GNEeP;jK_=%|j@HPTVmMuia_X07e*Cbgi`KFgcc3~T7r
zbaA>oT{)`KL!v?&<V<VRh_vBs#|`u#pY|=z7syGij8~aQRdl?vd=;Z=VsgBF&z`Qm
z?ICp^2&6#3#F0ar>uyY2&g3;e+rr-CX*~aL$oB6F^M9x-5{lI9|Aw~o|4n(k=6}%I
zmDTPG3vRJDhUwiQ9edzsPo&d*cZk>+X8XciO5g%RI79jr1f5BndX~awu?LF=MrumW
z!}wBacA;QWFZD=Hxoz?w^(lO3lW*0)_{L>PHeHIUU26ZF-WP;-7|A}x-j`7nfeo-s
zO)0Ao35wFUZD@Qjbz~w=@?}k{pj4Xz`PwILh+C{KR*6clq@@m~_`Xl2H}v&wi=|Sd
zsHa!>vH_hWjhwi_m5}YjiNo<BqE3uYrf_A#i*e9&=`LOL&L43d9s3drKw|{HvGG(4
zy<th}aLUS8S*)lYfUT?dL_U!azykbkJNW5p%A7u@^V)!zDWr?+`aKSLdoq5-!9+4X
z1f`DlD@TutRpw!PO37;#8Xmtb5D56lVHDiuJaJAti&mzrw6A7;rbTOJxi%<4eb}=e
z-wyi`jbl3(ShL~77`jbGa$&#I-P|A)rME!>FWTqin4`99_m{T;H)S0gzE(PLy1e@;
zph-;b+&jlriB~SRYbluASMvpVzJg;;H(;J#0+t7kU&PY|>YT1(H`!$l2a1R$LW6=H
zrZ<vCVR*8)@KLrfGNAE`c+hGpa#R#t3|R0P0xYr^SggV;VBxQ91V9pHc?;_zN2CfE
zJioxWSY-*e`$*d&B}cfXu_}lFqhGD1g3l=vR@wQEy{aJH-tyo8_pbdax_X69RG|m^
z)0QY*tl%}3ecPs}D4FW(n@jhD*z4zww|djN17$dUtgPIa0G=$#u@<m1M1+7C$Fr??
zpcV6(cu?_}$hWhm6TImUKxz^#*rl=o4WCEA?0^)hEWjKUAn8Kdr1wMO4U;^V+2k0J
zdVHl0U#TyJOj5J-{8Y_$sGNlzv2yK$${FyC2r$KArp0aqZ`90<s>L01I&g;lT^dA(
zDZL^Nei1{_R4p06`KBc03tRcJs>NI)pPdk4c|ZV2Wg}KuO_Yt);;@>*S$Z9V*L!c$
zHGI7T+*xC|$zEcz7H_re+lPksIb(r{)j<if=8(br@Pd*4ePkcnLohq8SQ?L607i)=
zmI8+@+BU?nD#FzWJ-+wuqLhfF?-&!k^#@EvT^*-$8d|0!g<hfAmnK<;xSxlx#_yL9
zb7?+ffIz}KHE9wRQq1Ipq*Yw2K@V21NG$B;>WGxfIZjx|2)=iX0m0IB*_(pkU1+tG
zYVq<I;~7?LylZ&zV$($@LDZF4z|8<o2L=`OUv^J3m6219H7GR+_08$QeiiL{4vulH
zjAS|KTpP&(5+$hHfr3P(RiGTa*>Q>WkQ51zju%cF8e{<p6J$Xd<O9hZ5|_22ol^qh
zQNDD9mNjPOlDOr#&BD^G9OrybE|FILy|n^@PI(lA&(Rp0$5)W%5osCcA<#{AP4e3_
zYiDiNPG<#H$B;RG*#*B!2+C9UQ`GAy>E?8D394Ydgpv&u5Zn5ysxGb+zCv!MGJVVn
zi9Vtxb~;)26y1i^^m+6VH8qN2fdI{>D7?C!wdFTpJbCIY+34EXU{qNjppDM08T(e-
z<JJxDj(gyd0yUS%BR9EMaUS7R9h#XV1hk8$>~;i)WXaW$ESQz@G-%$8(M18q>5F`d
z@sL2!S5T2NBTxEJU6&R0sOnJu)u78(B8dZ5aYt@zuuDyFu1PxCC#NlemFhm~Bn8(r
zyOAMQ#}U?*>oQBY7bzYdc8-~+SQ7=ICib~J9o1%UFsC(g_jb&1jn_pmeD-;myp+C0
z0uyf0?4ebS?o0<QlI)}_Px`Yb9mLh;V!vwv#1!|Ct+-oqzbLeBu`EF_B8~T~gsYB9
z-sxc*a7`^11_|1}v}IK2tSzWDRj}KmV1q{0R6W9Zk<g1&d2|<GImKz8<f<{9uG4u+
zaRaYv=z~dz{-CRR{9?^N!qI%*%=<|}FVZ`E3LspTXv7*Zlxe7F(FPG1B#JKQtirf2
z1|Xbn`1l1uQhNxylF=yO%U%f-711c6S<pqq%l>7s`cQVdt+2wN!t}3IHKai!L{&p_
zRlAsUTw?Jky4WN^N`|RZX>9j|bBx#1*(5QJB9;y^sG4E6`If2iZ&_KDDgw$JGhd5~
zA&&v9oi6>&bN$6y>QLpn9b&ZGM-3nrDXa5EKS^iIfYo}1TCg1=kX=5jQj3Zd2-dQS
z&|o|?v@>s^pRU1~y&_71Elbly<DCB5gC<y5#%*1*?BbzXYrWCW7iM1eA-5F?)Edq?
z44nvNQ!QFii$tiQCJ-aen$s=Fv$Xl80PQ`$q@qa&K<JFl_mA~rt_@1o39utpIBdTI
z_c%ueMfXh?MF-~7<qY1t3LRe1EOP{V;osVPy~Lfu>yOedpT)olkVLmpqalBY?!z$`
z1wfyxYG?;Y6LTJKf67$zxa%`oO$P!2cD`jkU6~8a8@V>!PoOZ1YR8VcxbgB`Wieb%
zEwi1_CMwKHNpS&Jw~1<#b^<cDk6Lg!d#mG@t7rVA%%A4twf}oE+r5F_e{1po>+J0A
z-17h1jHh1zi<dyoTv#uT70-W#-RHk{cSJ&4`~REq9MH36!!%|qWC)M!8YQg^`bjmX
z8|08tKF+kIVZ8v;+c0x~x{_^wlkPxAhq9d<iY3PqV<SCeXq@?%4<%A$JV}P)qw!Rn
zr1mE!$)WM&<&zV!!8jRCjK;Sq%Jz+Y6op5E>fs^v)TkN=Ov4|In*rO=6P<nnR^Qtd
z*n_7ArUi$WRG3sIU=@cG>-a)ZD@Xe}`vEFTiuQH&E2mDKQkIvOrNmAt@eDRdjKrB-
zp`b<s)ABpk{Yh8#k%Ey)7kXBzL*z`>;cO49r_57N{wL$Hp#$-a!Ld^Or|wR-{O^i%
zMYiPsW<04m&D2O5w|V9?a;0uoK}+BhKsWB0qZFc>=O^_X3oVQpodNh11!o8ohJ35M
zZm{2ktdde#=s=dpm<=R{2J$Oi0W`BU@QT@t^k$R*X=@-51Tl_(sc*WTaV6!PX^=<5
zb4}8_>wC_fp$0-OP|9T(YU(W~PCMD}x!MH1a9mM_jD=#sNP{*=54MrnvN7MIw9Zv3
zrJi7LVPPS_#v-SAz$oYKA$i97f2H-G=(+XaSi%1@)LnD_b9Z-lcx(J`#<QI?SON0k
zP1k?0%s?A=)VUt<TzoWyX^-)NDqdsTXl=P`mt$4AYZo3POvRET)U8rIq!%M$(zdv#
z+ee0$is^Yh+dhg1GDmqNPSUa15$Xsl%HZ%wRIWEvn-w0?GS$4Y?Ld5TGByIMRorlb
zKWM*6vs;Yp6N@BekPNLe^O)eosZtZp*n!yPalZ|zYHA`hs8Ozv0~`q5i>J3{!{2hX
zXcw@5QBWi}>s<N;pdM<#EB_IrO0wx9G3m|fO9VIki?e#Z%Jw(V^jJh(MXR26SrF&+
zm_2^N>dvR3;|P#Tgf<oRMJr<fyNPIv>3NVDJ*%ub0(CNvvlCP=coT+c>gax(oip^T
zW>Tw|vvn|ac~-?6RZ=TxbnmIn3gEgj8~Ij(${Mg%n8?%vT3#<&)9H3HksO~Ou|mOE
zn9$0Dw82AKNyGCHS#+Z45P2rES-d&rr8qWm<5x-^MT_4=x-y69gA)_cYyqY>O*xPn
zjn3;i_L7_&jFz+Xr?M?EOo+Op4SLF_3fH0fG*kq#f!Ji695l6=1H*%M&8$>Pof+0}
zN8M?T@oJ@1t;`JRWujV;<qU};sBrUIP6wgUAX|!Fq{%W^Uur7Vus(8C_>2!zp#`kA
zA~Jb`?ph`CMWd|EFadz*Y((z5#)gJiBcPW^uxJ#Fyg`BoQY3gNLV_cQ+4=P$V5`Jf
zB&^b(V?*(QgCp$s45SZ@ADZNE2L=Yk&x4c6q0v$HGI}t^PM|}|43GN>UycCy;UN;t
z@`^a?FyyR5f>H+l$clAPR;-b1YQ2njxS%7*BMiv7K+N#SL+YkAlu{f9gWXyg+dST`
z25kv<K=T)n@p-Y;m!ODXppjq!W~9zgHwosfay(Dn&jXW#k#IC)W^o>(<5U7lKZ@Fj
z5013a#MtFf9^(|a3$st;ICPIzh=g&ai_=z_|IFuf{tMb-mJFjnU!bRQg*^X~&Yet`
zL^g9yD+oA7L9>6Qs}%vhs^?g0E|V1*;AghPUo67XkP0vx&B46WlZfo;<~8S)ri?^O
z$k893Ds5r0Aylp+(B(GMBY=ybB(!F(r~dFkxwLX#_n4IB6Ps-&alHWA9$SZ{fGEo3
z_`&30JPLC_q6nf8Cl8;hz${#$nPvv(b7nM~BX-SOU#6p0r4b<u0cA%Z)K2+703V4^
zk+!2ZgBMa|TYPjf-rU^7mkMi~c|vt(9uBwhyyKB+?Xym3V`d#^oi<?3$#H={&xHO}
z2@w1_w@jYdXqh~6Row}wPKD0GOms$D?KvCGta>(DxrFy@G}CxCn%SC-f;k*&Zb4qk
zWze^#$J9!dr}`A-*+7q(D#xcPx$S3g;u11{TYPK?W(iweVj>OSnfB9ITWOff5~B?A
zNZF{Ch{{4xQ4@t}PdeP2b_SB6+C<HkO1;_M?BZf?Iok``bZ@!W$Q61)!|I(Yy|g!j
z!4a)F*M_KAvn|`IVuEKHH>%jrc8s2tRmH?9m23npAOcXWwp?IZ3eT1GER89YG;Tue
z*U~v4#R`O)1A3Ht=YUXi^Syepunw}!t(q*3=FP3Hc}dM|iWBs#(VMN7do%N;UKq8&
z4`KLQ>4mY=Th5!kd40C`rKLRl)#yK}3n~8QOwC?|LEy~U|5mjB+IIRi<5*$;r#rmc
zwf__D=<L|C|8B~&4*M_Tj3<u?c#>U4<uv|wx{Sa4#;T{7{g)5Ir>F^7s=dn!?A04*
z&JgUvwvsK_#ZR7AV9y4u9^hu1fSa`X)*;xI;nzi>8ryGk%65~+T}ihbO$@ALv8}b%
zvPpe$zQ9gJOS&#JqrM8<*buv7rOvL=b3oEENjvW0J5<eq8UT(oTkGMhAh{T*E845P
zh1!<MN*XWDYOP|lG;fuv%b;~lP4%rz8#RJfU%|6$tT{8IC}$0$X7%}c^Uz8epFCRq
zx-|O0lU6HVr$*kiHhvZq<3E$9uKvG?_kV^$ZvU^Y-JM(U|2E|TiJgokkF>UmZ8}A|
z8`-{j7{mt;%tvs4FHB?i(~CnD>AH=r;rNt$oa6sx`o`V*X+Nt!{}t)%+`V=FYcrnO
z{?8fN4d#J0oc{}lw$A@;%H!St)s4LVVJ-dN-5J^H|IK*n_CL4rnl#Ms`f#kY|I-z&
z@&BjyKX0x7&irFXDaL*#69)%I6N5x;4+alK27|$&)DStmKXqUfmwjZCMsf%S<74zT
z1XVh_vJjyMR#M5}A_59wN&d5)1%L?TDmk@Z>BBVq50uk>8t$gAqE`x9KP)w`(n~#{
z-KR00GCKl9_!Sc9NJbO-f-E;HNv~fjYlWz4R+ixFoTgP&GFR4SqiVy0HNfP7tZAw=
zFbak?TC4=|J&4y&%xjf2!Q$;0r21r39mEK4#Y#Kgcc`*>Z^a5Ph0W<D7|+zyD$#?f
z;r2Z$4WGjr*q1SKOBfA0r=KKxE~;Ybv|iN8c+-WQ43*1OvlV*%g)40ajVWrs6&k27
z-9!u3{yu#^PtpabC!;K(VDL&Nx&Z?eZ4ZU_1WLs`)VD8~<|GXQcCSic)Eoes(ewR%
z(4j^#&wH#d$Y1+{^kY2$InB(L^%9L((Z5nBQyA<&LSs0}G@=0;ZPLvHIi18Trcdhm
zG{Xd(7P4vzKcQw-;J?;ZV4i-9lz7v?A{BLN|9)d$qx5KP6?yCC-fo=K$|rSgLG2&s
zzp!Xu5VAKc$D)I%{gd?n=E~&w2{N@`oF!|n9Eh%pQC@<Uu^-Kq%9gd9UV$nOvL8*B
zLiR>J9%MfprTT)L^gO`<WIkQ2rVG3e4$zmzy&x6Xt`{qeIcT3Jq_+mub^@Sxu%!h6
z`>ja;kf4<@k_|F9|G9GG`Ot~;$yORmn8_OPGEzS3VF=H{IM)J2tr8UHG{qdQ_HzT7
zHLfjCSP9~KR)k+Er?bbka&TWB4RSLu#`dWF1Jyi9u@81bR}I?C&O5;lUODLvjuFs)
z^WY)*Y67)?l)Xv4z(Ba=iX<*vqJ@ikjDinxB#elP)CoeYj#Mf+dG~>Q31jI}zcN`Z
zl?+oO3mTbApJc88vj%SF3aLltbgi5&XXloBph6{D4nt%Y(xz#_2gJcNZE`SUwLFV%
z)sP;hDVcBprlByrNAO2P;XFVy0pPNRplP##1hg#SbCAiZg_YS!1Mcl)WWtObETI7y
zg<uv1g{uH7nhghYVOMcpnP!S-BEf7Vn2Wd|*sZ9ou1R+C&vQHd*6%F-7LFG9n;k0_
zFlpB-16qMaJr?1OOiF0L0TWP8H%o=|lBgdGb&j4K#w<-Ju$}ury}q)p%7W@x*JQnH
zmb$mFh*4Niw3fB)wA;6ng{WeeV2CEtAaw$-W0u4O>|6AJpcK@L3`Y;m*2XTuVR56V
z---aoZ_fc#SOdbSLmg2VYQ4g1JR7pAOX0E#b81?VutFFuE!0znnY>Nig`xBqPBR4U
zfe#|28G|7OQ)lQY!-+OAmgYC|xM_vu+jgddnP4`^*whLR#q#=;oCo}{j6jSMjv`zK
zM>v=X2W@`FKwVJEj-<#70>ZEd#)ynj3`dSJQU_xs=-_`pImJ*i)Dd;r#vKv3BNlFJ
ze7hu?kXu}wxxUf`lS|U2Ge(uIK1((7n)*SdVdWrJ`Pn%wdwgHDtVh|bSLUlty0)xU
z3KCEqlR;@`Dgj>dfGg80sfU%NU~Gf6yN0*TMAb-0B@244G8a|%>`@6@p;9?XYe>f~
z{HAx$I8;@70Zk{rfF=?QNALog&aR$t$bG3O%mxe$1?wgfBZxNv?KQmk&Q|$-R2%3g
zPa!*aUH#u))2$oF3g`bjI(CO^?tkjs(*HN*+0y^F^#4C&{hwEzsr>w9OYi?P()+1H
zHwHuQAK<^9+y(;y$+6~9B?E$6bKbHYoORnltJ8L1iw=Ztiw|Ku;NqI<s0CaNFVHoy
zr`!i}Fli5k5E{XwbVYiAf-9>;sq%|`P*dXq7sUZ2y5(+wq(HfhO(YOG)N6^D`n+C%
z^$`?Dy%U(cm`j&)3ZNs2;JAeZ$^?WJLu$ZmS%X5xY-Ir>jM1wXOpWRBCVKAGA%4Lo
zK1rJxdYGV#8Al+~QixN`DnzQF<6sq*`=HnI`x>!6p+Gng36MmEECAdbKbVrErwKAf
zWsaljpjB;v)|SYK*p|w!F65`i@MK0tBcc%ED;x8mZ=1@hMkehe+SPapBhQS~r8MLw
ziCMB_RB0SHdLG3Ka7HguKi+_hgn}F3Uns%5(7#9cSdy@kMrTT>yGba3C5xWMEaC0s
z4V*Qqc(SEp^)Ipsttp|k^dO`)MImZynqp+k6@-Pw%Egu_xr#M$i_=21W33sSOzjK4
zq*@H35_l9wY(*5z^~ZAQQiY9&1*3c%&uBF0cqpJW#2J=whC71?(q%8C2lOH})-0k)
zr)Zrh;$iIZWJeRILK3QuJ)(VGo~ZB~FGbe`+zuHotlPCL!tHdytplj3wW#1<P%>2s
zbqIS5#j8!hF3~JE`eD6nR>%asKt=E-s}lTMaC4QlghBY$GR8GHnFKKPd{N8sp5Orv
zhtfs8V31T5LmcAGf$4IEo8oH5Rh`ARGd?0#!;AZ^MH8*3SU8D#;z=ud0T;$S$Fp%r
zwi0c+BCRO&LdEF8EbU|C?UNI+1MR8(v9Zf1FY~BY)?S=}oCqlVJ~opIjs>ldg>~>Y
zOOA_EW$A)RXOHY0p_f#M=#N5vmQ5kr%ceLq<_ZwmP|jf+q<K8l(W&-h8Y&0{82U2#
z&bpzCvE<pXc2QfGz2v5buD#sQwL2K@Bpsoi@SdJXM80Wx%f_|!G<xdV|Kt_fI&rLI
z|LY8e-2OkIt}XlDraW8rzb*UUpRxUK%l~J~4!C8``%^OK3E3n}NDhap^*8{b=4L^)
z9DVB8x_a=|d2SY=_BYGIl+LDe+B|5nOyvaqt4sqTma1j+7&6g*lFpb$p<2-jOL)C~
z)-WppB}FfgLp=?W%El5%c07}fw}g!yY%l1?H3GFQ!7Mln60)qZNf+<842Vje0A|%^
zu@q<rUb6`LB`}+nm?X_0iw%N+IB$-luLC=(Nm)uXIiMs!k>txprctuvp)_s>y?WXU
zXTDfvHUeHSm@f$-FfuVpRX>Ty7??$88Ya6<mE;VR|Ll^(Ijz~ru~t7<j%!*8ZE^&u
zSVp~!nL`WIWgrJ@0=>YRl|dh(faSH-k9|YTl3vy;wx<wn4ZB`FT~UN_jxtHbpiV`+
zRmd6X;*wwh?0??rlxU!#p$i%HNiv}0j#I@QF&ahS5AJeAuLu>$bY=|9$!Povy`Bxz
zO@LX*k-UBqd6O_Xk9H4skX?8`rAt7uQW+2N+a$pbfTq#w()pE!6lj_7$r%|Ei70N@
zqoc}AE3qKq#^V}GjE=$&OV`?C0?LGKjbUC})KH$&%Fv!1GwM<EYK0-PY}T^9+Hbdr
zp-5@jd^tVqhXwFpdr~*78qbw+F$X^fEfQRUWqVQaj<lopO}WI$P;!GOwDP=e3JWyS
z4DbOmY@MGm1hfVhka^8d`xu!)E1PIy%?N+FG_A2h+YMkGHubb=8d;qNRC17=uddpV
z66z!`q53G2oR%&qd?bla7Qac-!!L1#_*~HEb&dgxQ>vH><7!4(Kbbdj`Yish(Pq)X
zYR>u5#STDcs(6X0Nk=e_6F;^i2&`jjg@OVQbldq&)XvYwxPi0*{G3E4wdBt6{<d18
zo62mp%x`+c<{CgUijl@_;@cUvM<&Sm92IhAkBe8+8Cc@g3;-@~FbtI4z5EmCiFj?I
z#wkblSrkkX?J8qEkS!}z@Z<fY*brBH9fM|noJ@`nrw+xEagvzCgZx(}hT=m+jZMP4
z>L-U1sr};zQ+OR$GB%bvLdJ(lZ0rcRJTW%pC-K7*$@t_X8BZ#S0~4c(IHV=U21gGL
zCB{a`0F=WBTce2si4*`$jT1!3K_%jo2<$*SIk+EQV*`oNMCyoN8BV0e5a#fBlElbF
zESX9S9vqD&VF)EB#wX)|eh9#hCB}x6fF*t)K9&j)KnsZ^ekHt-$^Eg>QN*Rh4np;l
zSV1y4K5-<O7}=j9`^QIz;*dCi!6sq@qj81{S~WNtOC0c%q1b`gNSu}$2PjDev$5)t
zL;K^Hg!p3cXONy}hIR~&kEN3E>W5|~Q&!PKiOIO1#FB|gq{wh`{D5CUdP0eD3IxiH
z#TgW&HF0zaWWo1?lW_|m8H&e70T%Snn4|x!em(1^%(LmUC!3e3C9}(R+3O;q&YrHl
zJssgKm%TIn)VKdROa$w~(b)bM?&=PA*4Y1ccW>GMHsiT|Vr=Am<sxMN^Ar1rlJNgE
z`1ic0!M~%^zkOFr%cajt48>B5-+L&kS5oo2KlPy>{@2AX*!D&LjyJTN^QH?f_`FI!
z{*2gVmv!&G|3}JCzI4l;f4b|I$bJ9#%LiWm;(xgR5#J48y5$SxesaUpcD>X856@LE
zctiUI=UqU0@9F(NA9(!VKlIouQjgw$)1&?!cm2<2ZhrR7Kl_glAFBT1^wh$Kr>--f
zwJ-L6&w2QPbAJEI*S+VwZ`|?7^UmqH@D=K1&-}vp(;qnYyX#y2_OJFm=e@6vJ@~*m
zw_R}W*Z$_(iIHc2=;BA-6Ki=@@!AW1I!&$`Z#n<Je{$=)%sb!y+uniwPaK>2-y^?i
zZF$#y7rlG&+=1)N^B$Rh;90j_`^lf}&3`F$=QrNca{7x`{a5e%-m?Aa*B(3nRp0wX
z%VqoDoBBn|(;gVPclsmx6F>O(QwzH8`{`#s_OUl!@bP1JJna+r+;!m>F8t2jchAnw
zzV<b*sXlz~-f%eV_un<w`QWK<e4CWs|KJtl*WG{5ox`8}^mmho@+0R}AI#l&ed`;w
zr?uR8;?6~qo7?xC|NQ)Sew3Sk^q1Gqqz<0`=YRIKwSD>(e|YRQfB83;9C%0PvCp-f
zzwr0(C)fVnt6$x_@bC*?_(K0%uWNbd*G~TU^MCQqug!kq9{*o|HTvkik^I+R_)z=z
zZogpQ9Uu7B<>!9$n$XwxzHP_!q5KoS|Mjn@KK1|JwdacIWb)>==eOKAyf+Z2{O*z8
zz3#<h@9f+A<zwV6;cHv6Gk^HhACzyDzIfrc|MS-F@wu;j=|w*cUbwfn_wku09y@gS
z@Zq-wj{e)phk6R%{g;m(z5N-VKYi6tyWe^GBOe)k(~e)h_q~rk{Da$#AAV*pe7*MC
zr@#5j&%bWyTmSOxmh<ko?~f;c^6XdcNu^THxTa-C%hRrD+0*jOV=YR{gWuo%$J3t*
ze{g*KgKyb(?aROMqm$Q@h3DV!KU1gg9(>)ij^2K<y{G48KmYE>j{aNaIS<_Z`tg_F
zdiwO~TW-1Th8rRm{?)@fo`2VeyYBwQZ7=%r&)?oYaL+yW96562rkid$?|uEtkKOf-
zuCErld#|{w<ud;ze<;5Gg7?4WIe&NQt_NSdl>7d>qc=Y%e5}y&qZ_;Kc+Z>fdsV3S
zn#cZQ^3ji89gV-W^`}>VCpPum&uJGOy7lUZzID^(hY!E~wQqdwYhQct!&jzneDj;$
zR4$hveDJ})4qkol>8ahZb07U-XW!pH<3*n&kNSR=-|^YwPrv)I+papjckkXqAD#Zk
zz2*o1b?|}2r7t@1$Ipj`<MFp%|GX#O{bqCUO#^NJ>$*q(wYcZb3$qgkFCQL$;%|Fj
zG28vsub=bjmyXO2x19g@J8n7p*_SV6GC%pkv-kNwaK~qtAHV3LivaJtU;eAaFTeHr
z{>N^)?Y7_C^tP+N_3J&IKWLwR`oar-^}5I3ar?=KE^67aW5?XBckjP?=GGfu@aT`f
z`A>%~_6;38_^O`!jB_vh_~`R*I{EOu+upPM+m7t?Wb(fs`rhZBd-n~0apMUf-O|$D
zmf!z8zwh=(e|Rc>?wh}yy7J1CzkB4zcf9(U=U(%n51seE*S+`^pMKx_e*C33ZvRo@
z){*mCKWbe1hoi?PrxKa;iJdK<``Nc|KJ<~pA3JgXonQINOAcJn`pqZ4f8WE=m;L7B
z{=fYB_E&y);SD2Kq!P*xKC}1nA1r*LV|ZY&`l`F1d)dwJy5hzYvDp7-?>*qDe%r_K
zV<faRj26cz$9Al;v-c)t#&K}0gL7;$D@7@aiYU@h%F1X`(I8YLQHlx~6)B_gf3Gu)
z`t&^C=lOj9-`DSRUX63!@B6;5>%Q)5-s8G!3T!Tv6T6n8US17KN=$rSMzGS+S%5Om
zR@t78PpV}^@!$*z`uh5Ib}x>}dYrs5xa|gEBZfiAXsBi(pF@e8L0H(t$h-QG!RP!5
z%lHANX5V_LK@+ph!V`6l$aq)=^>pAeA4dG*5uuCQeSNi1H{KbrK6vmTZ2HHyB`jJ&
zL057yD0KbE74J5HJZz|dfPnt~e!Uc4PG*kWlce6ptrxDmWPNSAjC;+O53K{cxSft}
zB4%6hFruzc4KHsT;=#qd-{*Z-QCPd++&QO;;mxSTu@(j9W+N|6{jFP{y}06i)+96i
z&>;(3Tj5V)^&_|x)%46vvA4#$x^<5-H!WMYIfg?Z0ky@?&(GR=70T1jWKYa1xi?wM
zR?E1(C?g~X7~I~lA^q~Lo6I{-AC}Mfv0w>L4{9V`q8EcteY@{d`dZiHma*7Z0Qvx@
zaEWh|cDsMD=U&Q%0^sx5^Ymd|Jw3A%N<sGytT!+)u&}TIM)+ff^Uko*_m9TM$Df`x
z%gD%RI-zVkP?X=dGNmF5_2NS9d-2LxY&8!a&uMMj=IRsd@hWD|J%+cWUcYQ*TZJ84
zl8X*rxmE79Ao0}nXwI|>xvx2OgVFBAs~J)5rN=D2O55cG_VcPL@$<VpJ!68B4*$~k
z>C>m~?rt&LOWJyRQjS;UHg43F-5ZtnyowZPc&tE1=TvuIfwj%~;aka1?58e#4UKVY
zw&z6of3Rjl-Kn%$k;=imLp|hDLzJ}d$py7{?|$#*zSY-yA)~n|A&gMbG3NXJQ6`|H
zLSI+M78Mn}xwEIkr+i|xx9PaNn2L(SO8oFrHvbR&hXFXrY^@y9b*TyXW1-*mSJd$c
zzWrn<%HG<?kp2C+8ioP2$*-l{X}caPLs49u-8Y6ZL*~81bt!z8+YM1W<km23xrh>G
z*{-d9_u}@_a-a6p>})lc+X)Q~4L_#7nE@O-_-a_R>b0XyK98VgQQh(V`@J+Yd|h0I
z#s=g!5ue#wx3sm11uHK=#m63f6zFz(;?lLaYe566xVhKx@c~+ZRZ->qVVOD}ex7RC
z2dbL5yccU)25Q{%hSke~fnk<=svC(tW{hfn{v7jD$iNbhfA_4={;ct_k$UH!G8jxE
zhfLVW+d}(_rE3+$1q5!__ANx&;BP-o;?QM%d7bd+q3Gtw@w#H%t_(?=Rh-)~SD4Pd
z3R=O8UhbN>f635GW!Jvu%0q(JmhkcNtzREkeCKj?l@`a;1}*=h&aKR>>?6%K-nKD2
zzjR*{uTS96KpCX&OG;|H<hYiTlarU17cfj*zyL5wa3z^1IGCqkS2%SJw0Q>)H~i>M
zTBQEnd`Iy%6b7}NFTpK&$t#Yt28D5P598u87cP5`I(YD4v&)@s_XhoJY#vclvvQlu
zVHu*^7S@196dH?lxOnvaz{!dj?9!N(EAP~pw0Saxlo_S4#K&@2Iy)~zRaI5-MSZad
z51+gqHj3IpvgX-emz=!##x3KMPN_w?%`dNwJ}Xo%COSLeaO+Vl2eArl9_ju&1C|~R
zjONi`1r!30U|p!AV^1s-_tJIux0j2D-cE2z;#!g|lV4G@h55WnszxNAN~Ks#i!0}S
z1Jp)?Gi7BMlz%|@l_-@h>3D-wOg^Ca`655n92T(}zBRowHvC3Go`?mYehvzCHlOr)
z?*HL(^rNf(rvQ&CIf0qU->@o?C>J7hdyuS_$cAM=XYSwmW9-=FTWU|Qg>*j2zrz<X
zIQ)7CQ~u(Zl~3+26P3#W$b-Y(NlKDnJ(NCl7r=M0zyIabm%U_XFW(%_SnSdzOCB{e
ze1Dr}_P!}68qjW5hA){)d2o#yHno>n`Jy9BoNw7AaYqNg(ZtrdYc`+~Ek8Vtej;=7
zu$3VL2fusrqYTL-;@e9U<%3$U2DN7~@o%#^W?q)nz)<k;_8pT_kF$)=?cCVnts>8>
zPfu*YvSg@N6f3VmacB-aE3B`tj~IC%JoR-*EK+;8F}!9x;q{$8mv4Q#Jv=yA&uYN4
zHb^DHzUIvlTtj2kkKt<(KR-^J^2%<sSbM~M%Z}uc5z&Q9?6%wLoruk-_GLVPbvN#B
z73+Tcz<Kv>g@DO&Rfg)Sok{!l4F*TJy5=f>y;4-bI{4#jMb|~UAfA}zuEEDo4)w3<
z<`GPg&fkyf>p!daeWGc#i_1nEyxnHo#bbpPH>V#F%j*L@N#6t3p_a#Ce4k&Rc&tdW
z6v5xVae>$p$QWwO`B?8{nGXy1;04h%{K%bU3sTgs4t3WuYQ}BW8#)lqEwdvb#?ref
z+p+C(j=Yz3$f;F{C!8<FSCKaPwg)<--&wVbrD*A9P0h3Cq9)!=b%hV?jE(Yty4_9_
zl@YU7Z%rk0CxG@R|3Zf_a{rSPhh;Pq(k^Ttm@IEb0SJj);ZJzAGvdSLo${J|jSEoM
zPBdoU=)Z8;)X?&r=@PA1R~b(pex^P(_}u2gneaP1jaXmvhAfEQDHmnF7Pa$pl9c-R
zYh}%bte&NAkytn1D)xy3SlvV`yXo;B!M4Io(?mfbG)t4BbNOIq$SXzW>g6)~3N>%x
z*x0m0-d(pyH>uB1|J0pyNB+T6cdW~spvuUJKvUDk_+@IWYC{H5<{e%(?;Bs1dAEre
zu-mi-yGQQPX4xZpJ4<v4;KqnI;Phk-ZWnkRljisBD4%d~(Zz=PPVlNl{%E!RHa*p4
zi}Eq;FmH%sFh}X?H^(nKbA96dcuUK*FC7MJ-E{iaUfxzLfWdfv?ygniishY>m*4;N
zOw`DaZ`>P1PDd4g+@gw0Capy+lxAL-86PKPSXJw4byye0xuxzoYH8EHlNv9JTyEU_
zIr&)9vB8x+u4{p^hX;4m&xu_P4QnSRZ0uaOUUpiJs}pKGe&oqnGj54p^%Y&`+nG6T
z|7bp?74dD@vE1j_`^GQ3qp+??wQ6A_lMM|j2JBl~-4}kfi;pTc!futSKl8aKqABZ`
z3fZ%*va;wT`k3Wb$Csh~mhWofZ7X~pJg67b)YrUU&9eYyAW-17Ua9Qfs~ahM_GI4G
zu3nBOpDSSH*EzLhiKr&WDk0@)W}W3~oP)O7n^I7k<EuD1Z;Uo7m%2Y%qZoKPVrvTT
zR4z%!#p<lz`1{Ot2JD28K^*D`Dd^Spn&|I6&)>e)4@ve6?Yuhn-TQJB>75~#U&A$p
zQ;tXVYE!mq%If_GzVP~A&15!^GxStn5r<`IWO`WTy>~-rbF(yHrz3`|7Dm1w+snY8
zz$N)TSF0!m`@Zwl`LxfYO?(|?1k)TfM{Oa!lLk}f4>@<Oi0f@KQzp4TNHaTdx-6Rm
zwWYvtgUEQ-bYs-_&%Vclh2JM()A70e=Nn(6Q}KbL?(H@4d%m2<sp%U0{Io}%Sxq>$
zFEKF@2xa<v^oGv?e&fpb`#0TmEbiX1=aX8mVcR8_sc%y2WH)M9oYS{o`FMfH%_Q9T
z?ezjIDkOJy{@qLqC3lFEhCk(<P$V6(lyT9NGOVf_dGW>3a`a(+{q*OQ=r4oqvNAH3
zPh0GDP~5d$c?(`Y0hE@|o69$^R(d{GNH#I$)1Ml;iV_#nepTALH<k&vYS%vL)uG)y
zL$~4<7d))nKVV^d*4^DnK)X^Gh3l#4a#|;izT|uh^XAq_@h}i>IRMV_hnDkzOEG04
z?w!s0MCpkzxpLFW4|V|oFS~1<QRv3Z0ZoF$j%3uJ*jD59DwP*rn(92PBx-MdTF$|L
z6#Mm=eVXq64<>~8Pc;EcQBO*n{BG^Mp_^K?jCdrp_U_)5MuvtZrKL6JtI7Zqe`jBA
zXJvp^r9#vuu4%RD?-{#xaVGF=CYpI0jo(^xFXiJ@i&eY`z9jj_aDt>9N9K?{(Iilp
zk)t=6qpGazLsjoh^070@(sjdE2QC5Ld+)n<6H$aMVq31CFDmkXbX;EG(W9PgwKt_s
zzdf6i-CpuePctrIVdV`VRMS7Fc<blbjTZ+Q`C@dLZ194*<cPjg)-k%82S4p!xuOhr
zuYYX7Y(<<%kjahRXDn_5K0m;4Yp?sHJrazG5!5?C9(X1pD*8}aE1<DT=*@=@b!|=^
zi_ll1%Q@?+t5g*g-MjBPp|&JG&p-Y+ey7(WuFj#;m>9tl%=B<b*Wrw|DGu#8X#ttO
zO`L*g#vRELT=jqhr<csb@T#3Ji(yYi*Uz6HTAu`StF4)A3FryGFJsYauQzslk!IJe
zZ?A^mym3jksA<n4X)a!{U{i+FbfdvCe`jXN#UEBM`|vW9$rS?_a%fI|`}i@+FpG3h
zC@aVLMj)Om=6rrtq%W$!KcFzo;r`;rFl%f5kFOk2*1d;y);+lH{%9HCDkZwvr=$!_
z`xf$VEUN&#>_)&{P8H%Szw$aUq)XM(3dgVQWwJ&iDVBsnzq}Umq$d}TKC_aKkEQy{
zViVS4yTa%n-Wx*=%Ue|&IW#9GCNdR#a}S4mzu$v8UXlZNKF5!L(3;>Jbl$dY>f5ax
zX6fL=Imbv#V~jVl*=0zuo1XGgs5enG5NGTW&dGY%bouMifJ+MvQV;N{JDHoKoW58%
zGdB~_0u@brdNe-Wo*WYfe1En>FBG1v-kiwHd(E*``njQ}kM+yVdshl<7r(+6owei@
zcWkvyB>4H>Ug~jUjPD$m(DnDP2^L9VhAYZD`T;<U2X_re+H(vp<6uOImPqp#8JmB!
z(nXnX+qUSnz<>^_wJ4yce>aPcTULaH@n+PQ{-?d)Cq`eddVh)dS$XNTmwv_DA`7ez
zoNJC{vTe+f(zxGjF(_5Ugc3GgRdHsK#8L+fi<}Hwwk;0scNKStJKuCD4<Yh~8Y(>2
z^71Ok#k97z@=kv^f;wKU6!CTNL+gboAHmlS%$b{V7Mv7V8m(+GxG)6u<dl}}YMffA
zY|&1%*Z>e^FR4q7;1iGt9(_-G72f<M2Z(U;jWU8iv^>DcPK%+{)z#(Xte-}!#0j}1
z)s}~Re0Si8I;xsSPhX96rmur|Io3>~cJ1a0B~;A*wPwmT=;5CNs5_gw9L^VbeL9oE
zj!roG$eq}6R*Et4*{)r?_U_&L`rWESTu0P`FBY9Vxq`ncFDW|F!1B~aFJWcIsOPJ-
zjtE75uzmmpYpCSI;X6bc8F1&z%9O+|pipI_3tv^+hgL6R5a%)i!ZJ-w#?ZF&I(w$R
zIWw5shozpDKw;~a%Y5t%`&!!6Xt-jl&HLf9&oYPX^;V)@AF=%^YM7UjtgX@iV@hgj
z3%bvhg|}mTxyHWS)A{+e_wL1q<e8#XWk+{UxwmSdWr9y{Fba0MYRzA-ZE=pP?$c!Q
z%Bg*~h1hOQysx+xd_wT<;GL6ivX~AE>iK!<e|o~gg999D8ylNP=oqf=;cpM=UH3)5
zZpgk^;I%pA(&Flh$tH#^sYT;EIt!8`a?mQrEyJqtFUpp*U2bDt<Ede{=}6sYXB+(C
z!1&mUPEms)w>sjB+w(pVCQlwtvvS(%082o$zs_mu!*{<Ei1STNmsT1C4wi<f*Dx2h
z9}znO#7GR|`mckv&s$$HjpQj+COHxpE#blOtd(*SU#mD0|MAu>Nmm)h+S|dL=-aou
zQO9>A**Z<QKS=fES<A!Jb*E<?$L-eEXV+COONRST3c2EN^$#Cz$#}GJ%gB=})6IDb
ztf<Y=H`i_9*B-gFToAQp`SOw-HTrd-<_Ew0_|~?J?`EL#Cf|ii*cW-%9dP_MSSsio
zHFoppQ4VfrF3kfv$s9`luRqjFeN+wTX6JV|<UfevtxL3g_kCgn2%Dy|^|iGV^sK67
z85kF<#-$BrNZB$<^Yw;G>n0Z;J$jH+Y@-<a5qwGH#J4@mdRMrvGVSTmV@hyqoQU|i
zesZeItRd@|63Kn!qz3l!V}4yhm*lqA_RCI%Kfm3&95vbBo~L&ih2pP?J$qrF2p}(P
zuWVz+RWTTS=KG9Fxu-u*RdnslJbZW+AK%Bq++@%69Ow1=`<C|}5WHDp{NmHwUBp!Z
zjhponnC->Om#i&O@EO-gj~~7&_S`3(r>C{Gyr4kokXvFg8!C(cdQ6Mro2mMy%Pdl>
zmDVggd*;mUJ$tlb1oTn)Uowd|+1T0lrKEh@?eO_(YU)+g#4ZkTgLUgXGCCF>Tv>SZ
zAUYth^4z(H4|-T*^eq!dS6Po<)IYSu+R}32t6d5D4o3R=9PbYs8L2Z%A2Y70sZk5(
zzGZ78e>Lpluv~Kq`=QOZ&g$iwE-pX4M%%_lu=2#sr(@9<PVY5Rl>Fqo(A-cYpC!IV
zZ|$k+XRYnZN;T@{Zi<H(8<Q2b-2ePonkzI!lX-h#aKKS?(N~k|Huj>9p{*BelphT&
z;py4;Wa;A&Ng<xiUsqi26+Ethd)2{VsMu?rwJ`Y7Vq@0Nwuc%P9L$xjtK6hgb#LR?
z>5(gp4eq0H3l_P$x}qX$zsiL)56Q*r1TN)NV9p<VafsdQk+nxDi=(PmVJyc(Yny@1
z6~~NsKY#vdd_3{!QB(KQSdtF#@a!X{mHi#dg??IZ-#*cQHs@JOOC|bY#u_iVH9D(a
zZDP2~;O*bh)xp7`nRUUyz#>Im&D>_Yjm;f^CxSv&pc6LRvMf%F9)BZegV)iy;@!sE
zcI6F<6?b=Al#kEbrf9WKu?thfzYRY*pJvgrvUHnISlE$>uMR)Qdj?Ze4U-?mF4$U?
z{;h96ik1IDYxv092YXivYd%%2PT_y=bg3C<6d&99j0XiU@s*H|iEU16m!KvlS})l0
zkwO~xxihh7-<tdo1<u1fcyZ+(nMa$I0k=PiJ0*N-$bg@pCBtCXuGQCqm#mlF_<7T<
zs&D7d-h6&_Y*pRHE;)_^-tn>HHXk<kYG`Pr3TdDP`kwI)30)-GdTu*fygp8PO<nDB
zHa;s(=i|pi1$v7<*K+IKn*JHTF-_?D>9H}xojb?!jW}y-xrz_H7?Klj7;pDj))nF`
zRmZ59^XSg)<Vh`m-WtCOQsV-KFR$-$jDAk?D?ew%ExToOMYA31g(!E##Z8r0t_F?O
zaA+oru(4SHk##o7l(nGn%8#Gl7FPJyi%4BQdwA{s(|Re5P3qB2xjOMf!Cuk_@%6(~
z!`H;R2_HW)qPUj3jKm5sY`wsV8@yyWdF;XD*g(p9WtN+RKByQV5Kw-7?z~hr4+G{~
zSI(*xu0EdT%QZ)Pi90{uh^nn^RmdzTXz{x8?(HhIA79jMFW#5oVMQ(G?Ua|3yL*hQ
zmnqc2;plGm6i?<DwWvvPr|a9&9mSrFf8GtS$SQ8`c<zdG<pWCISIKh6f7DdR7NdaR
zA$n@4_2soD1Ix<MWI@L21Re(C>B+W~+<<LIu|juIuZ=p{oDZJU>KR)nq?tu3ZC|&3
z{m@U_%fT^ylA@x9o~Ab?-n@M)i8}4*rBcShLt-8%+^UR<oQ_h9DPmf;$hK04!9VK8
znsG0#T`{R?f;Ud-=k5Dx%BC7>qgBiF=FJ;{v$faqm>9Nn-8|GN`!S?X^mP`~eZVGn
zUZ2>ELJO^QWq!@N{LO;ytbj|5EgLp|4NAQ`?ZAUW=?XJMUTL{L$#If@<C@yKx_zP*
zuWV7MEt;C4nwpzqoCDfp(MxY<x+&guW7pC@Qx^Lq+~$hRGuCQNEfWKS$7brPE@L11
zW4|V%V(RYg8S8tz`nui*h8XNtdwa3wK7j`tKHd;S=^Ggt0fk38RT=XeJP)%h*;f^q
z&y1_O@x4KUp;5!eMu)JNoqfIBxo<B+^u7(P1r%y%WaKt7S>Mg=V9k~?>BC*G656r;
zJCZRIZx5kz!6{Um3tJ`Z%I^PQXIAGdW#zxk{q`v*14=sBr~6r<u=1KaYSjULGD3I9
zN9tE*hkKa=1L}nKEcYOsmzR;zPi5R*&l;1mI*rxI8ol2eKu;uJpp4giOWlGmAug2`
zjQn>Qb~GI2Wes|J45fZfQ$Ne@<&CM&KY!#Ud}HBnX+F7%%Z{Dh3orp!LyNncPemHG
zFH;wfLpj(VmO<UA3{b7+KXAR>;9yP;-|E%pTg4YAqINdfDrG7T@9yhTS5j5os653|
zS9ic>Pv?Mae7x4g9zL~}ThZ3IJTDo8J<FV(OW$vEf4@I2&Q7P8;T#VWPEJAsyJh0e
z(Hqgz&o$y*Yb=Coak7iS*)_Ys%%rya(cxEfF=x$kxa1pe#2%b_dRAC@Sz4zP<M?JD
z_G%n1-f<`Ak$Ao2K5SSZ@!E;w#!sAo2D-JJlb`<H`}l%wJ?Aa~p_MCy4ERwSE&5vd
zSPf1ZXFjvd>Kj$FzN`50S)sk5A$zE6Urb4!`j0PG%gw*0=L=jtAunc=>eo}OpV490
zIlZ)+p=gHzw>YZ#&7B^G>K$kuopkk|0a7tS1~se(-8{Vc4mKhv?iH<kiMTaq6iJh@
zA-kKKRYQh5-@bJlzOI(Lnt4a^f`tpe4YrTo-nGc-UR**-#@T!wv!l&S)x7#~0-CHS
z?=U+xHPe;-Tt|&l+Xq+t<WM{zCtC0nptowOl#-HmBw!iKwyjFuaHud}{-6-!4l{#(
z#)`!lzGo@EgU|1N`EtpQVQt$tdDT~pPMu>6>zn)9E;~CpW#?kluD{Y8mU7svy*B2f
znxZZ0gLP{`zE{|k|L|r(;jEJd4|DUho;<~&)+}KW5WQxwf}fdbn{#;o&HMM!7A7wi
zh;!+wem;8CJf4BnxWOP|oxzIYj)B~~YuA5HY70jvqPc@t7IZ5+SNcnb8dN{yPGXSK
zlVu)%99MRD-%v+|^YzeT=UY2pk=@>K<X{E!qo*rnJ@#Q0LOb@=PV%T!cBGk^E?y!(
zS$Q=UE1j7yb?bWQ8%>cI@{jQSx#pk8r@uG7O-^=A%GW&|9AK)rXM@qk>)%H(g+(d6
z>rvxh`d6TeItWeK%agd4IA8Hn$FbBMOzaO>dS~|r-{+qWVhS`_H!|ZcGCtqDNm0;S
z6I+wqKJ|6~3Ds+S%m-hcYU5=J(&@`#jxjx<q&nG`7Z4EeT1QH=;vs)Gw-ZmX{~Hh1
z)eH_cmW}Jb=N9;UAJ1OB`bOkYmCo%lBkxTHb}iZ@B(ix^#g|WS25|Sj7PYsy-03#W
z3jO*rq_m_o$>zw|ht`S5dJ9dDw=6;__^F&Y^jKCw!Fti!M2DY%|J?h|MrcEj#j45S
zYs)%GW}O~6C&VNQWqI^3J1v)W7cx8XqQmoWLBSg1jSt*3b@RT|J0Gws7O3~S($*rU
z)O#CScetQQU0suzQ`<z`tn-d^opbb$EA2kKoBXoQJiM0MNc<q|WtZC&vM-C(bMgAC
z@4pa=S=Y&N7}|SzwUK($W7ONK7BTQfe;*wiC|$gp<Jt|E`v->?E>l~*!j;3QCV$%s
z{?MTpJ;dt)=uII6^Mh~h@foo!v6HwfUYA&0ciw7hsB?mZ(rdcCQuqLK5_9cJ;eFiV
z&##7!UT<l^WSVe}MLUJMv|aniD<G6;xtrsCXLi=QpzgaXO4~<IIS$>MoSfX$6*(Ha
zke5f^>+mK<W;<oOoC^cR+Ue!2i&;jTr{(<`v&=eq^~S~?hIBbDQt@fv8EAO``g1Wh
zM_hbVc7A^`{+Vxjh$y>oapE&;8SK%kN*y^rzr3_34yEkfyE(G*B+27x|I>VviN{}B
zZ9Rld?52NCJq4n=!M7@sC1>jE3qRfn`EnxUW~rUG+V@Xyoqx(0i0PskFPW}p%zD~2
zy)&zQ@W_utqiR>I&YC_b5tropoZi`$EPb`B_2elgoQm&@-Is4FofUg_Y6G_HwHh;H
z%#{R|I-gXb{j1aDf_*eKH7mu_Mn)#ngp&Yo#+5)&taGnJZCPH*)ZCaPSa@*X1Gk6w
z`&7NGzm1PeCzu=Teb@Im_eR8ML4hb%foVtGpsf38lbmcH1*2WN(o@uw0)9raX|B*r
zEZ&`*{5EQe_ggSFb2p~$`N+Haw6rw7@IHRxARmT7?sQjW02BXdyl8l2#kTt1rml5L
z<o&G$N&&qmH5PT|+sPYzRxkd!xq`vdAj_4VMMBj+BFR2HCDh@tnVabb^ZN!&{3ZJJ
zI;;V&&gHi-@nq%3Wg26|2990(c;NH4J=@G;0Q<Cm?WV?KvU(1wOs~qDP;BV&@SeK;
zcsyR}=6LSc!}pqtF&Sfx%ExZ~9OJ&~iZ9%|{X@<>l)l(Pw#IjT#*LqIbh<wV=rQ@m
z378qBCKf#V(Qo$DDGXnB^yJ6&7SA`_-(GfWm)>EAqO3!QEbQ#UzYcCEifri)u{b?y
zduxqikXN(~XH`&PGLK-!$HRdEFEpnF4zAu|tHu{1*ZlLLqHw}FuOD~!p1*uu#;#NA
z-SV^HJ@t7nJ2V+%NVvTR4)AXFf1RxwQJoPGE4OweewlmlM_vO$QqspRHuM+M2p^x`
zTR(>QeRuP|kbf!2bh!Kx=6OO^YqO}Bn9gS=;!gfyai!KP-hI25jJh4$EG0FOk{4So
za)-zFxpYOuH`CmLs}*JIV>yy)b5D4G8?g4{W!T)ieEISw)o%_tYEhA2#O(G7=H}@M
zM~=VoL1mtk`^=}qq$euaTfR&!)bn;icJ5^EM<I>ON9BR<9<CHN-Lm6B$s-Pp7fE?}
zc~_VPZ?uqzQU=>>`r{UaOiwgD74hY$ZTqR^S<P@zh~Kb~cvJD+`Lj=IYj|(vMmJ@v
zcKb*%pBa_6XRgZmLJm;r&q4WjJ{oyqB<LI+#h$;_Ky#X{<bG_F&6S&9U%a(-UN7Mz
z$#-<Qz2DBAKSR2rHbs2(0erdFW2YrV954Fb3cmKzy)=wuk@yJ3ugz*{^L45#W#Z#>
z_N9U`o}|>q5b-6OHIH(bw@w14@xxkT@;Cc9r>Urpa$hEv#ekReRB~`+k;HWkEsn?^
zlViGh0YAS_OlCHyE;Y?Ma!_cbW?_4iO6h)*abo8%rv%gSb#)1(U8Jjl@3f547mp=H
zHLot1n3w>(!Q5PxvMScVJ<A1k*C_{!D=T;0b3FH=nXP7@X3oy=PnR6cf`@%_%QRB8
z&EGBE&fbkyce%(f*HTI9?EzY{S@nTwD*Un33!#l0gFm#0RA1y`kl>Fo4_u9ln*4H1
z!S}@(lT3DY_AFk;%g<H^I(TUbn|uiRK3=M|=c{?ElIH71>E)a2GzVLjtb6`r{IfIQ
zOX&5fs1<!2Uj0<>=8IQL{q@9fKAn{T=g*&44jx41h?%avfawLizVSDA%p~lC)$`eL
z3Yv-cj;jpChbP2v+&+53a_UL`%90YUvEi3GeJZHeYo}OGy?F7Wq(o-u7K3|Q=WXNq
zrJVhG=C-yT6&<xV&V`ewo?pJZOQKsX-6MNqWUxIl!I;M=S8hjy@8SdAC>|?CqOs}l
zPe9!{3<r*Se`c(HctmW!ZqHLQ_4SpVL?*_V4Eb~K#wPM(xroK>El0#sZhWpg_2EOo
zR{^b+Eqitag^#sjrLIdmXjhgE+=<-Cq~w0X<<4%S49Oeg-AN~uL;TYFfL20J$4+s7
z?DabC;JMAt?%UT6y=RwHy^32<JksgQ<H}8CgDMpj7uKypMfm$a&(+b&kXU=ZR*G%;
zy+=QGIDZcUR7P*(iHPB<URNAWH9fF$h`BkQr)FZbmlPQ2{^<Au(~y(SIfdKU<38?7
zlJIVGzigl3XiZ*;LM;}MZ7mkEV;6{8wr;_qK@`Wzl~w*Old?^V_a-eOIem{~Y*&$g
zX0hsBnweVF$D32Bsj1f;Pd{Z~zTed3T<UIOXZJ!dMP<ePqjJGdaW!67qQ_eE#|ENR
z$bDW>Hx{5!ZYYC0hk_eluDx38bk2f%3+E>P%txmHp;i0({N*yW=eAj?EuNQa_uP2n
zXcbr%)?b*D?s7|l?PRg8fx&|htru`O9Jly3juk6b+<*4gl;yL&#UXrC_Vt(7MrCA)
zt5#VvCE8bOCs;-vCl4l{!1n6#gzvuOct`KRph8&SlhXzUpFbZs-FN2P!mj#Noic}+
z+J|0bqT)oP>sniZ82PfPnOTlXSjj8QGNF~4IQxK#1L=3NGVKqYa3oKX38syY;^JPE
z$Xuv(wOyqXBFxKJT_V0KfhRXNuBYdYrRDG%X>|Cf*Ox>@4!M_Jw5?|3-rN|vS}*|!
z{kXZfmadl3PATKcySbn3wI-8=+if?Q{zp2Gb}aROVaI#Oi1`rK$?EAgE8K<i1Ro!3
zoqYD~bsN)K&ZmipH}LTK1-keKgydApU)ip5At<o_Nj|u3$o8_+B5p~aV|8I2Y$wmg
zW)Ik3ch?bF=@Fi<^<`1jo3<^SPmFz7UYMN8z4P8w&*E_W!ezrRu6TbR|NQifiFbZO
zK&-+|D<@LJ)#jkCn^7VnBDo{!&O`cbnR#aZ?kKO9`;NRB9tm<?D5q2v(#PE+=|y&O
zdUZ-`Pj+bcUIr$Xvg-EN9tV7{F{(7~v7G#TkFWRrd%)cb`qKAU;@NXQvA(zVX``oE
z`E6|0u34k0r4^OE%8MTeF8YLnfg*qdyJydyrX2NK_7#4|hZp-kG?(B#?NslU-0q`L
z+J4cQ!#8)dQfqAzI%VZbySqg$0EI1Y0zxu589sFRb+RP-r9oAPl2FRYkbE0!>&VZw
z-23<MH%b?0IMKYwJl^x`g$|bmp`EcW^M`z0v3y!yajXdsA3j{ls}kCMcW-57rHIuT
zp$!{eE=|5xJ><wR`FPRNC#!^FcU`=AkuUmtz{A5LFRz7!V7XsJj)Y%N%94L{fHO}i
z@a_F~^%*&#-E09_=c3Yke4QD1doLG<0a_g}e3zVVtl{L8C-*f2BE5RQ?v2+^nwcd8
zb}Ms^sg2gv>E=B?x8w}C&rqPggp1_6hqHMn^QYJoB_$;d4Gl@$Qj$*BpKmzbd&nnT
z<<)Tmt9Y&HN+$_j*4CC5hpS`}W#wxnB_k8PIU$NSJN#0M;@Mv3hN1wUA%WvjdSg?Q
zdO)|fp`l?L!0)$j%YD&EI-OS6(osQFj~w^+^z=;ORb^SSrlo@D9H6L=cKXu6P!YB4
z6H9oS$-$a@wKFgMZiNF8`O~wCy(QvJN3nU)(?5@!dwF_R^VF9NUaBuBu(PqTvA4H(
zbaXT~_iu9y*}qQF@(uxj`0>?^h;PFZ+WXbwp0C;77N|l#$@(PTNjv7iy@7!NBSXVW
z4ppgHS>lTc8ZqCxqHh%ynd_&VJb6+liEF`v1$*<Y92~BDwTiykE5oz6zrX**a)}>e
za`6{%g$I>)p~63L4Yo{&0%i^H-mbm8gkjh8ynm2?jb6vl*O8Ht=H}*;C((tCNzdY6
zH4phSaSR(XZn0Y9+1;^+Y3cFQhuBTMyCXf6)S1c8d0($p+2^j>C$-_pg@Q@Gv52t~
zd!s6Gw$;;oo;F_HX3gQ_>I^*9+`)J1G*Kv&3R!0x83$)lL7@$N!JE)Ms8^i3hJgq4
z(0ZOk5*a=KjmEg)g9$jis=uFapi77d`(zT=D7Y8bK*v=3lID)MzjOcZFZX}boo)S}
z!uX5*-&pCn`@f~7|GEF~Z~6R_|KXqf5C7zU_$U9v|6cwFgnK9%AO124??35Z|H&8e
ze=7a!tfYT4c@~5)lW+e!X<*sG%m6boQv6{?SOYSgvvp1izi^-sczZXTFoG_jDDncr
z13r2U9)1RoHhY4{@WB)Mv|O>2gtPciF!=$56?kZ$F8{1Qk|>jwkCs47NE<{70xv9q
z?$ZGZK`8^--Glt#%oku%f?xuY)$v!^8xh(e4zHBFq%^(nD=06i0LZtL+00x52vy<q
z6b621cR<yNLl`01b4f&6?p%=aU=B&-h&S*S1^{J*07eQB1TrNlEG26JTtXbp{#S_#
z=1D6_Q)(c7G{rVMX$cO>0|D>@Sb<C-J(vZR7)bktg*pi3F2T6~oB(B#K>N7(c?5xx
z4kd{LI7FV%h4UnYrNG1%U{Nx3aXTe#EW0n@al@zMA)Sc_ub%;vNcw~!C!^^wB)Ypp
z*(K2?^eIz;alixggcDPM*;9i8Y55Ms*;T--5NedXs?ZN{_7G13&Xbb*0)P&hG??8;
zK?E|K!h&9>17+O7+?#<xetrZGq)jk!E7BsIf&*bZaJYT(Xj-ZiFb|41nDv(INusbS
zD3XDGz^KC%BY>0y6QmHpyb(lyxEdvm30Pf{-OLXU=E5Kbg1G|dnujxe;AdsxrH%=u
zw@AJeIEe&3gV9J&nw@N5rlz8|aj>SMw{sMJqD$$4bjXd8E0{)bDER?Ia2K>2ArLSy
zfG0x99`a{`iJc*s{%-CP{(uPqGYjKDN(1^IqBta!R91$wk|KB@J^C{jS_)2I1G+Nc
z{}S?G3SKZHwGW9%Q(&_*FQaYz2%*p;UzaenAD)tb0(RK`bv25Xmc+_R$|_LL($5PN
zNzn|epkL-`MiNqx&`8_t7?`iaf$v!G_IHH2MI_PlumhdP0wP1_wNUak&&|(Fx$Ovz
zq25A87cbCf__YT0B1LmU7b?xTIt&zyKs-4p5PIx~523w+6hD{)+YeGuV1J=j@qvL*
zG8$?<KY|aeKm3q)zIYM|N}p}x2gxf;4M3@a;3=vDBq@|p1P~?|TUZwW{~$#`<qq@=
z5N~lXvl5w-n}-Bm0v8CX8DAt%jR0tI1%8!Sn*M4i8o|)^;xuzka&-LH2sjV%{;v|v
z6->ngwl%Y-)MP<m-+~E&WU5C%3L}y6zTh=(Kx+_9zzTr;he3KO5a<XV@qZ+thC%fP
zx<mjmAjcyNh?$ArP@D=TX+nre2EKvGll&lUBMw`1DmorSK)wL=76b@iFqpwB$RDOG
z*%R<oJv<?22&_mkVnjeaVFaWEL}mb^dSEamp$zZ9r~nqgjb1LqDQ(lE0A_uH67%4F
zk?cVbJU|UWq6ohV2*Q)dNcU&Z7Eh%UZHUk+cwaRd6RJo7Kf#WGS>a(f4B{Y&KD1&;
zwrIfr@k2uwynz7Rf&wWSrojFN`9m%y;+TRSRv?^@ClDAOe=sW#ocM}jL1CvBN|^=c
zLI(A#i>nVFY8=WkMr)cL7ZTWGKwJG%_-NPEp)r3ZV^CpeG@y=y#D$$SM5`j=j4=Ff
z;Ubxueg)T(BD_GS$#{rqXlOwG<xJfOQDoM2i%?^<j7RiI#i7*RWCEaT2v8O=9ON7*
zvCoP6poj_T4MjU4ol}DIDFsn@8(;=lT;_>J5%-KDfX*aB_{?VLgcE#6e+we$Ft~=1
z!AN)hb^)UNre*rKf6_KBZiGh<{Pv3x{GV7k2s$*3gxQf8a@!;NPdIFr7*h=h=!hV^
zFn5@!y{Ak}&IS!-!GlGY>b6l;7n<VD3rh*pfuCU-+?9T18UEZVK&}3TJ)L)Ops|7C
zTnx<bSaGzZq~xy!%>~l0G$yAY=7Ixs61_HpO#s{|;CLYchCd!ha1R51xsWLlHXU8S
zl>U&g!PUf(;Xv4dCc}spq^dJ;dKnB714&Se;-CTq4Ku+V$ukN1`QRIPoLtB*w7M`#
z1ULsJ08|of3uXd@Wt^JRjoJ?a67Pd4_1s;8d?>FdY6hSWVsZe5>_-N#JM{z9ED*5(
z!3u_iN75sT%wk5DU>6`52DK6b33Og(X&5$|7=sszQY9Ax3IPo9B>LbH!w0V0kfGFg
z@P#8d<hmDsA_-1ci8cc?o1YuSFo9iz!BFT7b-~x49EQ+ak|y{wQ1O`$75Ywl6a4)t
zMh$@oz7Y|h;YAT=paXjxY>+}g!nv6QpC20)f|_5DuPZoj20WUH)=a(u%pb(5U_MEx
z1|`iP%t#d6!14fgFq~N^&Z`J#3pxG0Kv0fFm_y<GdJyMO=;%kGBPBAW3iPjxG9<kK
zPkEy;_9332`E~@|VWPV`2~Yl|Cv1f$!;!QH_=T$AD2xFnC3GPL1=2^vu6PfEA4Cf}
zl_*XTbxKWG=HY9XDLNR&g{r=Mg1~VAT~0c|gJ+*8qXXB2yF=BAE+oV@ljwwkZKiFb
z!BK)CfawP*s7a$S^L9c+8JWPGWq*SL=d?9jg66LYFvy&mbWEc>AJfo98KfW_4zR!C
zG_^<R9NwEkMS1}RJYI@FKhFSCOg60ee?Od%4?WXUb_a91iq8sn#F0^?1U!gxpsF&8
zm<GG}1VKDL--v=#LHHgZs{n1B{oLrP%w!&*iZm5WAT<93%MlKmv!I$JNFqRAaW1te
zLpY0G6fF;kzn=$qJroFpKvw>B>jD5?0#pzriXc(h4Uvp_35~|k2b|I($`Clp)Ykmq
z01o;Ca0s8#1e6{Sc%K&JCIEijZxzbF=j6}tfl+-wst@)Xz@Sn14|@5K^`Y`S9DL2|
z$<NPJKvYByL{=TBN`2mo%|V8RfDzz1R=6Y3P2-?5g@#lDbQ3ikgaHE#cK{$*FnEWO
zj}IE|JH0s0yua!H>1>#E^O{gHOf2@V?)CX673M#m|HNnR{x3iTr2exoz+GOO<mG>{
z{|oxe+W#ddBddTy%l~K5nE&(t`2Mf?#~=PGiTlsM`2GGrSy^dduxF0H{3fjIKl}gw
zj*pZmJ7sl9;xD$|0bazP-0}$cJ{m!QyBVl7BXK`FnwCKygA<`kpFiuWKz1~oAR1vo
z*d9vHwudrGax?9rC;(UxS>QseAU?aN+Kgvz;6fYyGXZcR3|fMd^c0|bi~yhc%q1uk
zst-PNNAtt$v4As(F}Bfg-l}71WngCNY-(d7f{u(t&w7SdLCZ^H=~}~4*A$@!0S}7c
z4s-x+6K!W;u4`bdqpxAAZL9<OR02K#KDxjt2+)@?FtygPG}SPsFAJ44@PpTyXVw64
z0xCJ1Xl!%V*=DU{3L<BPmX%>=2X~_paKMNI!Cw#waGgkCfP(?Z;0$h1!=puw#i6$Z
zaoBH!CKAx1)ag!i1mOAsRKXD7uV`@moWZtSi9{c~iysDP0E<KduosKQg1@4Gzjz<O
z9iLeX;2VrFQXFiS3J96<rId4r2O4Z$U;{}By@4bkPM!D^ht@frfg(^Khk<?pU;T&}
z=wA^L1OkY_ZyOf)<EE$`fTmo)>T`?Epn@z+g(&JE*nwlDZD1)X3h=i-98b+12zO}l
z112_I4R^FE8bkXn0#r11hMe6Xa8?k+2d*hTlgA*OAVQ;6Rnew4#>OIOs4lp71L`qd
zO#xRIH>z3?fT|*$aaW$NBS1g?jcy>FrvawoC`v<;LUUthDwYB+WHLCbN4aLj1rFhU
zfwAaZltHS%#3vwP^vBpERcWIDKlqDbm@CHrwc&v90lM}->Des8{5=B%*eL)!JaZk0
zcOg^E6ta*_5(mPu5SK6#{1yt>cfidG)0YDqL3Z|lK|A%X8yt1jSQ)w~gy2qFr*J|0
z;(ftY52y!F@C-HsFB!oTnc$^M$lQP=Xo=>EG7zuNrS%-X_n$|8oq?+0CKd|gfYTd9
zcUmD>pNK+LL6R$@(Nd!HeWsh*^9iF-1wa!S84o-e-0}`B8iEk!Y6cJu(yUSvGW5gb
z|4TUn(El~J&E+uv`Gn_pG=NI|SBUTnx%^{d(3@4z2*68(bGuJ(QGs&QbvsowO>fZ5
z5o|@JMCofm>tRT7qCc5dSOyTcKtP^A?`STkAxw!_T9|r}xpE@}LfB&H&=E&w@*n~C
zpCRGDw%zlYQ+V4Uv@;DP2sB7LHjsotBTEA}(@M%vd<B~C5H*Ls$h_WfBn;7C6t#t=
zc8J<*s11y}2-rPoTHi!x3niII&yQFUD&GNY=j#IAK?Us<A;G#0=Cj{8MHDyaSEZ!s
z*=tVc-G9kiw4Mje*Y){)xnHoI%)i2RvNX1vDcuA=gzsir5TI?40pYjMSb)!A77TKy
z_vq+&5GXA&%b#SQj|=}r9-P5|H1>mS5S?<Tm+C)JYyi3tg7gFgH>k+i&+C_qVI4sP
zC~hZ!ILVoe76n%wRiSEg8vF0*jo*$MI2K^f2_$-Ep@|M45Hy<%Z%m=BO~Wf<E|jI7
zKmapvN*`MD#{fPwK9GQO@eu)J1HR&pPL2R{5cNAt*FftsG?s;51iFL(I-3CNYM2-l
z>;i%K(*+0bw4z{ytk}(uE)p2i;es?l0}9IX4BAjF1wCnyh{{(S?MFk$lNbWd2ZzyZ
zcM1VL5$bZHIt8*HW#|Cg<wt={4VnDVYV${Yu+T)%0v>wbj7%iXf=;4A7C;CZ1w#Rs
z1uz5v32C4Y;D5?!0ubo>0so1K&4B_Afd?`Kzz7h;DB<AzEF^&yp#*!BMj-OQp*a;N
z5)i`^`~@g1M8#Sh?HWX;>~jTA7l3D6&;pWBVT6A4Ohcy|Bn7C5!S8|b#s`w=%slNC
zAWS$H@(kKT0VOEbzK-zt0JdUAw`eW+iiuHvMA65eM1T5l8Gc1;QW^n7uP#9)<O~#X
zCJ-@n$`bgapdbhBAEl^HI!hBVZ!?(L$~KB3<$u4%ouz8Q!<v8LLH|JjjQz9NcUGUE
zNs3<tH&9U@Xvxb5?(BR4%^dqqUt`|bXI?Ld!cFsflAu<14RUw4mz9Cc$FE~*n(s5a
zLqPL5|1b>L47Dq>dO-3AFd(~A%53llMsYr`=$G6;-O`5HKoSuUhj9MAi{t)pbo}>0
z>;EnVC_4`SWlDfN;DP(S82oOm`6)aOYEy!T9}!ycB~rISQ?w)1qecV(!AE*Ne84R~
ze-+;9m|Ba1JH{xU@?7r}ehfT^e*J~Z4L%9-hipAG`G7%a4fZmKPLio{AQ;K}fQW`6
z-BqWv;PfVN{?Y=leup~{PU$odG62wMju7;ko|R}+W1rV;naBRj+Q13`o@Z7OJdUpB
z=8OYNAO!&bh8B;?{#EOMjdTV=SWlwc?*V|t|0Mu(cHsV|eG=LEU+w_KTF^I3dySwC
zo0Iul{cRwHY{dRG8>2<%3#1T+032k9CERBqPp9YSpIU)EBk(=AY+$LQXJBP*x!u52
zTW8yhhHxM&1_eTJ>BWxXb^fYbE<vGx5gda^QF`_ZJqff!^aiaf9G}e$lqr%&^cJCy
zm*HmrB4VCDWOjq46X_Dsdme-E%Pvu-VW>+PAVew=0Lc@FC3K!Pf1_DpYw{<?<WE&B
zJxae-v5?NklW}NzvI4#s)%4-$sv`pgG6!ZOjyhQemJ@-zAIhMi)zLa;x@aZ9iT5Lm
z;OL=(g+-A_9Na~Tf#XF$&fxiBuuXA#)&W;WTzp}SzybhV0w8K^v={*n4#0{MSR_JV
zgFR3jMWcdU#2_sxv$L^*<ODGUu*HdhXX23_!iIv44Jc|)a8$)n%3_2a{Dk4s0O2De
z(ZGX1<bkLZ*a9V#fNF|~IjVv+!0K$S090@ATNFF^2W}cbOxQtM80-iF8hDP(1%Uh4
zkqxZWv(&J9Bh48*cM{G8@Umx&-mH~0WJ5T(Hyt9PloZ<9Oxx@?TmeFKMz;3On!=yK
zB@hRL?@i&dZZjsmVAL?~u<kLnG11hqbhgscFcn8{bb}ZLJ9|lwro`QTx1vYI8|n;v
z)*Re#33LOTR-o$%84nl&fJgtj8vxlss(=E-h6yGT01QD+K)$;FP6<Nff;Vjc0kMpo
zHG{yz$7ok&$^+0d0}tSW9pC5*^&H}EWn~J1K<0KPqkUkazys?~3DN<R=<f=(i9u@9
zj{+oQ{?H%*plx(@!L?&M9g48R>Ldap06-{pS_libP1AH>+wi0dq#a?1wBi&U0a-?J
zAYe+7s1&URs&Tj`7%rhhJn_)+Eok7t^UY*W(D_DMf`d{YpmRto{&ZdPxA&32I)Z8t
z6fY5aOaYe(q!NH8;KI=@zs{VGm{AHX0cuwWGdCg>K~h%Hci@RW!v9lJV3m<sAfTHr
z;8KnYGzm4c@hJA0i?mdRf)fAyj-$jWT;T_E3Gxf1nKEs@CkW?BRU!~bN~J)!(99kD
zBxJ$LCycJfA2Tfo8W^`(oCd=o2ZmAcfOechn9+8XLXdz_i1=4H90I5Y5&!{>^qlV8
z3fdR6k<dv&7m_!{_@jaTQzwKWd*(meoPjNZLPDMCo5?(Wfyf&_w1g^^nj|u~Mb*<K
z7*Fl&4#050q=g_yf#-R^cm_mV8ohBNgo!Ey4q>VwKcE%Lj$|A$2=tEvLE)qujz42Y
zicI=JW*M|wzmU#Z4CvtuA8h&^^TCU`fh01rMFaTh=Mv~aLZ+qwwL=DHn?yh%qqup<
z7JbT3KZ?CTDnhOUtcm~=2s{gdPTx{>5>g$2KvlWW8ZmVwRAG$75Xpmv02W0wvhxHU
z1BxL*)Se&c`hrJI0OdsTcfrAX@4>yra4iybb3MFMN0>BA<mqR{fkr^2pe~7lme0h%
z)XG{z%ZPpsl-f7Sj3BLRSoi^C0H{4uhTD^n02zitMYJE_>QL1iWvUaL%7PGp)H{fP
zHEerD=%za<_5}30;qQniO|!s$bkm76>@Yr5507G7;UPdP(Wx!y5ls!#CLw1i<e7^M
z{`1Uf(&Iqcr2vr`eCZF;!rxxn5yVJXR2V1@keJ{HZKg(!8q-g>l0pb%K-&N|1nWpo
z3p9L!MA%1I37!WAEjisp?jLX-<%76-vs-pST86@qSuM{Y+D;5*M5IMT=qw00)efpt
zXKQ+OG9QXqXsr<0wLp11tMnX9k+UaCvyg+NXU+x@dP2kgB|V{|W(;~1B5)vo@*~*H
z@cXE9(nw!@iNRnN7!rAg%+8q&hDw9K;q!{f0eh-^Bd7z~8Ihp55!qZFHzUY{l^}@Q
ze32_08P7jqHP;seCkK#%phF48XULh2dA7p2g~DGTg--Lb=SKX$*+=lFkw0}!3xGP~
z1>G7kj0c^OkpitNY;GW)1`jBKTXhH|Pdv?O_~pz3*mH5T?0ix3JVb#BFz@UEol^-P
zawZEyxf)=`q}!tbp+qG*GFSimrSIPi=6tgoe>pEPXIfE)Hm&$ynpH%cq?sB^WJXLy
zX9mG|7=b{wB}6(dn9~7S5fO^HMzYcZHVa;ng{eO?n1JTXU}2Z0YKu8+_$xAjpBb|n
zbS@8pJTrKp#kF&NYk<e#W1n+JlrlpB86~hRxQJ~JhUyVkIyy$qRyx+=Xy}`kjV1C;
z$5cB?d3Igcpuyk4Ho!SU65J4U`VE{c4GIMR0}rRcQ$|tBb9w4lGiE+S=vW+h!jEo^
z9ej#xkpSuYZ*L_=X5^^OH<TF!Hp%lZ=YxF#^dYsU6g4u_TmuaPVVeXNu0ydNU?q@M
z1(EfSnV_M{uqCGlHWL=I#TgCPgSRz+C;!|j$9du6_C$Y2+H9gf&{^pj6X`SO^rR^h
zd9a5F9oK|-Y`!hUGk4^Y@jgBn_gR~9v9oy*<_@Trfp`xzyqpa42v9OY09?z2_bowd
zr%~e2Q;6S@$Iy4=Iq38ukHN3NQz<F%IW#E<ydV(a`Ddg!WoHQ;0PrXL7VI~|lk8E-
zze3o3UUc361X&7F?lW+5cJ{y_g*|Z8XB2Oc(mCYkzl7;5RH4ic;uHs97Os@ZU*s{!
zNbpne8}bmcA@Eb^>&y;7Q@!)yPq)wrj*lor3Lk)f;CIkhq+UoMVCLb+(AOw&i1+4n
z7}>n4K_UUs1c`2A31AMOv#tJ=bCFP7LcfC)azg;&a0b)0%+-c$vm6dIWNMtX%*?l2
z8tCa;gEBjR8M?z5TE9MwL9I_&L_t$mQGNkhTgOVv(!ksrP*%SN{`+$#|2j}aJN_D=
zF?_-WD=8x>`<v#YX1af{k%Y2A&tr!m&h^8G{BG+k-R>vo#4fcg6gblFUxw8d#jAi9
z=14PrH2UoV&d!k86`0>i1h=Ws9B&#>YIE>zC`!NK6&Ok>Nu+H+66e-5hBOBtsThRA
z#UT{~+p^yfWj+`9x3r;{)cJ`t^X>mBYSG9Aa2v8e3(6Vl2Ps2nBM&GF^KEjV^5d+<
zV_H|RG^<Vr8uTClIK~E=rWz(X;)ofe_$d_iGIJ3M^0fcAPpAF!`EP%Id;Zh&KLg|U
z=RbjWSed!!KV|+o|M_=({{Mdd(-S)XDTf^Yl$DZ^1->fD$tlUpqH!*PfaeHU0s0f5
z?tnISM`}BJQqMk8AIv=E2_C+rR-$R+*+(XUM{J-Hg<j1%t2tA-vO(KX|6H*HRugIP
ze`oyX%0DI5@_!D-U&udJMn-<N{9~mz{UiT>$43yBHp-y?;<UA#lB~jv)7I?Ps-R+E
z->M2b)$Cekrn&}ts%S|mIPo?+J4MWdFz`DO;E_8%04*RiXO=?%Eg&x~EdVrPVy<EB
zY^DlTg1&1TSc*u|9hN4tBjRUesb!^#MvRq^wIq(+Ow(}26C$k@GXOX{;PNOzuK@&L
zVFjMf{H+930h<wFX9E+`2a?ey8d_#n+kmjf+}LcpiH@nYv$ck$o{qJu09G1^C6qxJ
zKmY~&t81*GX9a!(8gn*-A|Mg81aTHb3IMc(4>%3M&i?D3D*c)YICeG|t^|$_GyqI!
z%kL_&Bl)lAkb%wD+l>&2mheZzg9E$(YqPWA{O967vw+*oC(39aKeU89T7rb8uVgJr
zBC@mNz)4CacD6uYu!xZHFKF|R+xho>=IVb-9Sv<0o&O|^zw-ZNWas36k(K$!|NC1$
zl$#cybI!o`xi^RWE4PKPn}geD@Mtg%s2dSS0yorv_sP*N2m<#={DBwwj|%vkK6B+C
zw%`9r7=Pve$;)n<E&mE~|J?ugw|oTA^mlqtQ#=#!Bz8fx6_h|<m_)m>gf0g(CIm{5
zfLt~~D*;|gLA_u^gq`LasG_BUNP$v5M4XF{6i^;yIPkii8GwRZ=7Ip#(r??J-8e8(
zfq1&+!3L;zUr?Kesv4MT&8UhL11rk|HSLfCg!9z4vjZKyU(^SpI<%P;+6@mxeQtO^
zGCR#FR0Vt^5I;AxAUM%!Oz;Z|Wfz?B-ZcnX4wne>qbv-%h55Po5^&B)UVEsfi3<(@
zv5g(+AmzFb%8p>#X<8B<kZGU|f(HS)gJ{N$JTMLE{Bcz@;El5*UYRQFyh#deWvBU-
zfS)gkxR&625r~2obn^>67ZHL1CbHGA1bbvAgO;!bw`xhan;U2W-@%_A9$@%R#!Dbm
zjuN&w7ZO>*#fRVl{_rJ`z`IQ(0P8>|g6m}@;GrLMYk>rOnGW~>prsoz1o#3i!AKxS
zrP+aT0fGSu1K2qQeu+RosDlRor1O;7VJ{jCJwTj6XB2D$cn%D(2M+2Z6e_{`5ek$P
z{xVMb-xlw`{LIz=;D#~Me>4N&zmfk>0gL@7|KH#7`PKL%({I4v|2d4`+kY%}ll1KT
ze+mk63jf&uzvE+W#KgP`_@5OelGiTXb0*g;68Mz^{AB_D!m;4`{mM&kOLJ&P7**ZL
zsvcHkS|ER-Ce3XFPVd!z)~xI$k5u}HJkI#P9CcJk6v%s6@*>mYwrVI(rXf)+ELlbE
z`H=<ButyiUpSM0Y_Qo=@n8SH`>{|eP#lwpUshA)A3xZ_~#8kSyF7Hz-I_{fs_(S#&
zIi>e%Ty?reR^tpb{8Rw^DwDdLIvG%?*G%9O6pAu!RcL8J%#`NX>2&)0p0w0G(tCA}
zmu2Xyn5UZ<%USbVO>M2JGdHW#E#IE@bMhqvp-+h*rNuZn`Yr0)%L%R`)$mg%<klz&
z8y;NqJq`6}4Z|764SW)%!skw}@KdXQGO%ap2Y;NH#}0-g#Rm;uu8-|sv8G2QvSmd7
ze(eIgY;(MJmvlC_zj_Wo<BF$c=e%pmvKNOkU1`28BUP=6O$u)4F{@EUm#Ul+e$aG)
zMQUP*|53>D1i|lJ=}xQjoQOjwO0AWf4!hncw6y!O<D$?ZvhBKV@d$LGRKHqWQ177K
z>c*BeS2o7*eU8|2@5~XickiSuZzX+uD>2RdX8rp;MORH$Iy^1ERCumf{uJlU(luIH
zihME~ykE#YQ9M6Tbfs=>wAZdXC%GDvWLAaV+iHcHvOezNpklw*veEwS7yO0=8%>4X
z^WPVUEjad5C1-<k>G)dBbg>bh*EtxC=p}a>UVUZI+;#npvd`K`ql@}CuHWYxOJ((H
zoC^M4aW<qhiCDgT|K8i$^{t!tFyKYMT5qVmEKS<^<HvPb@(bMF^*%)^N;*&Wyc0Dz
z*LjMe>}s+F>QwBap@ub@Iysh0)5?xjn;)(q5~7V;S@}I$Y9CBUTi=kejq6_`AW>dE
znY4uQ2Mdh@h{>^7+4~tBzROT3=FKn%AbJYdy7q@vhwfJonY3w_flTIho}yE2eBG%_
zO|sI@YsqXGe({z^@4nbYt#rB6b()xO6<t%$9fuy4VEezQ9bI+$Wd*V8Tf|gZ)OXK{
z(Q%8jf~NVaq@E0JOp!dBzuB}Nb5OugdvSD{=CE=7_Qf&RQutJNe#yYFbx&yT`<Nt?
zl3IVFpA_Q1LXZ1O%`v`vgx5>UZ$|Ddar}No*0;Uqb0?AKOK%R_W!W{SOB<vrrmsFd
z%XakmeQCqfq0wKywm$Y8AAR$={;_$rnHWpf<=k!M>rUqNl)icJ`OSTnjm>$d4~KQ%
z^Lo&ur_&#Ay#<qh|9!1oMy-nEu7!6Gn7J74YdmLEYGKPvuskeqbh4^1AqM@~qeQ}w
zPkn^|`!4SD9{m3DuGjRRZkyb@5HmT%(Dbe(t9NhT(}DFrQv>)1#L_Tdb;H>NHcfpt
zU$DC5s(;F}wC-b}mStBpwL%t%x-Le`G(GLi+Z1YSnX<E@BYc^VtNe#&llK>MkGAh>
z2>2mzQS3mJ!~ta^k&hZ_JsEn!J09SV^P8FMV>n^<)?-72w*h8pg6)k8mv^4)jPd^R
zIpg^$)}NnT^4@B^`hml`b%{M8c^3A~uIjhk8VmCa7ex!iD6R-gY7@=AU9%!MCiAk3
z?t_yrZse9(9rBWsUbEKKe&_aw+qW{ZV;AB^bvVxMa?lMudnoWQhqr*GX_?weFW>wX
zyp?*wNlxE;KkQCqWSQoOmY?`8d?i2kXV+Po<r<Q)#cxx&63^!tyKX1%;&Yzbw4muB
zqj|JjXQskBm#Tv<$BhoT%V@~GTgA%uu!?Wx+bydI+{a=AV)k*g8aF=quFJvan1xnJ
z;C`Q0wyJos(QS;da#jeJs_LP(q(EnK;>DU9_lmff)4i=kbERaKh@m;jN@ZNN>Kv{W
zIMRUxmQj@qgVkNuB^riD(k1bVX<Lp&*Ie~wU9WFo!PN1JL{2Xpk$&x3wLoE;<FmJ0
zFSu!#N2f}sPYlK<bf3mItn-xJA6R51gZglNp}5Vd{D-chY#)OM@ug(f*H15AJo&Af
zlk`dcQVLh0+4h3Qr{V^N<TQ+Ms%p~dOMTmyqe)uTg?pKj+HZ-hUD&UZebDHTn?8Xr
zXI19WybBWEioq#PAI0~6^WJ){)}+8`C|2}YKS$f;P}vn|ai{0HrV$F6C$4s-pZ6{J
zQC_Sseg9aFGd6x_O|1F$*99{5EjC6B5eNF^*#sQ?f{v_uzu(nUbXCUDx3A)j1G{7l
zHnD2&1^%5t2g{gd3%`85II~x!%t)t0jp6zbkC`*Sm-OR>YtDI}NcTOy?)_;NW#)^V
zOJm8mFDBWb&+}yD3aV#ZT(=@XuX-xm^#jA?B#!?ruf(aoL)Xp~Ex8-K-ak<^#0t&X
zW}%q>rNO(|<dZ~l;K^l-Rr)JgyLel=Wl|W`{o--=S2G9QONrUYnK2O1o5t6ak1tS3
zn`+}|6kOV4D8BoygL^UG{o5M{x_7@iPB@S%aJ=$Bq5rnEX;#-<WzOF{lB#t1(N%%s
z2glE}ahRsAwN}lF&XZf-w(Z8MV~ca8Q`7hsFW9?P_;lsn<{i?Ht1`;W-R@#q3<cUh
z*d9Ig%<zr)zMlKSyJZ<fb9C6Y$@?tc=i>9}sjzha!lz!UW?q3icv#sz?U#MUPIStT
ze2`mMzF&voxbWR=3Q^g&3$L?oj6kEm%W@nV=VjiITPX2vwBop2e!o#Z!JJ%%H!XSe
z_3BGvrffk?&()*rw)Lnysn~5E@jCulVxZ*xm5pj#%+*Yb8*ax753O#$EVMAqK0-IR
zGN^+^LS~E8?ri3X^5DL^1G$XncOE^#q_*c(`?K`0Yo!}9@{e)KG`Q_L<5A{%&m)<P
zL#@#}@1f%{{_SN*S8zbpzSg>RcN`2aH6L*_J&fb5ixa(4defu)<^q>biA8-5Y2I~f
z0zdf5w!hL;sJbA~5iNDT#nK=w?PbKxZFv#R&ZPn79{VR%>l<U4*XePHem{E5Pi0Et
znZnoO@8i2myv!nONU{5WhGCc8SvD2X8_&YO-I47AtHX{Z<*X%Zmtj|*;R=1c^xVm8
zx0CH>CjG1SdN%I*cG~lf*In{uj@zFuxD`z{PphLBtAz`9Ur2~c4_MvVvr%lx>$O8n
zJh{2`%pGhGj|XUQW;Ptsibxc=P>~>xiP?C;NCWK`8p$H>Wci^qL2Gl{kk>koz8~2n
zwgU~aqI=Gr>LIiX-XhiaK2luMA%L}v$m5x=kqj72H<JxD(hGavljP28YFl(F`|c21
zburdx_Y1WT^4aC9h3__&IB*qx<0%#5FxQcO+OX?Ud5&2fgC+)bZoviIkDoXCPF1gN
za#J)Bz7VqI)1Dz|vu7TsF!z>uXn3qyOO!8U?X@mr9*TPG+3>3PVWrO5&z<KNGn;a|
z37o1=IKrP!F05?Pig|qP&gTc8&gMNWP3t;vz<FtOki`PeoYAbW<*H9wK8THv_U3%_
zmPY#?uf+#&O6S`iJw0JOps+UC{*3Lz^-9^hCbBPSkvd#*BW;V*o#gu^9cqsI{eSE|
z2V7Iv*MJLB5v4AikAQ442_T9XNPs{fk%Rz_hKvV9LxKrG6mixC?y7ZRkyd4hd(>5N
zAd0(CXVogs;-{sGRa^CY_q|6FAV6D@|M&lW9LO&(_nmX@dFQTk?|t_i?V5|+?~9jp
z_JzNGx8Lr0VeGjzNyV%^Y5aXwhkRTFyOzR`(p9!I#4GB3SEXZ^BFX!9MM?4Lf*n6*
z^$eJQcU{aqyUJ~x>)pm@RMZ4B81a7|ud3+yy@SuMJ(90_yZ)8-;G)+!ON(_O_rL02
zOR(#s{zJFs@WiuHtJDF(Y5sF;x+|5rGnR>Rhm~~d-#;sEWrDZ2S-<k?*(EbF)_n-|
zo@|~}^~aq~UGI<2-5nlUxlc%+Y8G|DCdFEE?fV($w?FRjW#EUJZX@qK44AU++$y3)
z!k*vaiyV8E4nO<j`Vq9;ejUqBNk?s$^mxsGFl=pc=4TNv*4WHjo|7}s^Tw@l6JI@i
zurA|i0AfI$zh|F8FHY4y_gFk|XMsZrwF7S<XN=<%`?BJyN!zCn*szc%9x!N9X@yl>
z)bzVIl`B7UQr-y<INz`Hd{0}^<B*BWzfuy*?iH+9Dk@ohHQuu4%s@?5nBcVI(9+k*
z8J@0-P6Y(c=^{PYcXf}gZ}J@TR=;>TYp7H9;I0dkF5N3jc_q3R{~+Pu=N25sA?Wai
z;P|2$e~}%mOWr^K;z+*@>jxbfJU-@Ot~Q)IJGC${^l~DbeeyyMiLmMLmQLGcmT=67
znkD&zp$)Rfk2a-8eSTH2;LeuVM0QrME>~XnTj{r?Ecy|&`%U?XlQ-XK7p{J+NuD=0
z{}_MtNcYM)Q<lB6KWY`Jlu?}CI=SY^Y8TC0LR;kX;rr0H9e$eDAuUsx_qx(z>&Byk
zhqsd8{Fl;|Yjk_pIF_p_-OJVdz1JTetNgO}?O5_zyRZZPz6AA|!F{UwXPoJv9Qvpm
z|NPtZBHB^vo)v=bT}Oqy+ecgbWS>JmtL!zy`kPl%7ti7!ayK7I34HM5G&*<34uys8
z<jMm3j`Nw$wijl_`CAdgQU~q5GmA0gz=p7suV(g`Fe-SW$L9CWirDv-L+8Th*4>#Y
zzVyUu!Se-Mcnel{xG`$Y_2K4T{Bx0^0Z#^G7Y}%MMRacMtAbmMjSCmYsTNd`M&BRO
zYgJM4vT}!~y6SblzioK^2HrSjZuhUlo}Soy`OnV%@>X{-U*F?ghSWA|ba-i(dG4XB
zDBfkOCXXuhoMWCwy=-^D%Ds31W!#u@ch114n*+zuqu!Q?2MqHa?i4$Ewo|61q*A;&
z)cV54E4?bOY@r_X-y2uy5U9*NVCE6pw`T90H#N1FYo1)cn=Sr@BG~LY>7?~+&xq-z
z-#pVr9i%9&`&Pa3?zgn}meAbT!ob{THnJ0ol5&MJyw*=#zAwJ$<!rWpKoRXo*iQ>K
zU)XdhJ7RBs1-aUSQ07*6d1<e0#j4`|2X3kMW_5^saebqM=nr1#ZQpepLwDI6(SA36
z_in4-plX*l_se>u3+E0t8{N(M>L{yYmbAzZ>sc0}_-Ph{lWuaozloFV9vyaeoM7w8
zUN_eLViU74`gZ<rWrToeJ5tHJeb4g5tY_}`Q#TYki20X}4ljQH#i3+)&((QH7gO_>
zTwI?bdUws~tXT1QSN5Q7v&m7zmTk0oU%NFDnp`Z}t+;V5?1AmIQH4}eZEgkWP^nLr
z+kO&baMzw!clW%PzA*0R1${posI@4YWZvO5qj>9bm*j%<8N!W+_tz{u&^P(kx9(*!
z$DL2cZtM2ptY2Dot$SeqOFY;4J#2C;_w#2$c}c&o8SHW<cHXSgho=h1xJ>XFdTt)?
z+O?dW&w5ZiMZe!Ht-PpMdhXqnuy5R!=dTVc+7@>snEC3EbULR`F4H%x`=T7%qTZX2
zJG=SRoY=YRdj7#*Po&z_RQ#?ZaklbRvVcdoy}K^<jkw}pbmr}r+Sq9SN1gZY%YgRK
zyav6fb#f}(v?|&oW#=7LwdP)wQ+&Y?N5T8$7qjvQ&d*OieK|L#)5=a~$GUm`HPO#k
zr0X3mVa;)>o_{-?W_H5;yTjv!J5;6oQ>^&IU2DuUy6@j|;x4(W;%;2brHbrH&c7<s
z|N33EW5?<W&j1HoWnS-v1)c6CNj{`+s2c3T9rLq?%*$qczqJPkZHEh24Dz}CbIC2J
z&~CJ_d+1%uHFNEkIu;Ha?3-2nYSHoD<rdfME-b&98N7|&MH=HB`dv+*%%$G@=;{5P
z?gp*RiP=Zkai?fZbhux(|E<XTdA7GkJ~>iz{6I$Zp%oLK&Z!-9V>A7p*WFOb$z&3l
zN*u{4A0PDiX76cRA7m?DE_%J~><Rh8@#{C#b`)igA24`g`lLS2`AjSNsB%xuk&$BS
zUEarH7>fe=r!2m-StS_cT`_Q5$X+K>s-piAa)(aS?1ZxquCAO~c(uz{W4G7^^|d{A
z;Be#~6|Z`t7k$tvXa6v}8S|d(JVmI@>pyho58p2T(a-VgzFV`MpN!gm_=3Icg|Gi@
z-F4q}t9@eD*<@QRcAca9%JSaiwedIm^9rYaYuRo1v;UF0d6q0WHOh9gHB<Smh-Dep
zr>c+o_WLx=%ZiJM_cxp$`O}ASRY#Jtk9?t?-hW!A`?O_oT_5e-Klv@sZbdJPcZ~U>
z7msp>96CB+!w<egr(~qPe3)MP-Z}R{=&j#LUmgtJbo7tj;@!_{?pEK;vJTOH$Xt<W
zeeb9wJYfj^UCxo5+hLVyKid~;2&H367oAx!V92toMcb6x1jpg&bY9<Bzu!i)mycjR
zE}tC`|Lf&`A?IGK-ldtq8Mok%Z;Hx~+}Iy@djC_e4;?3zr1eZoc|UiPL)Pf-1BXB0
zj>}SCIlmF!r6|ma$qIG8Ib@e+%ZKM*CU6#QwdrOZn>^qL|2&O_=yIm#%LAtlIh-0<
zExzTx_^s$ze2*DrpI;lF`qJU8JO&mC&OM$X`g6pV!k5!K7^dW0!Zgb9_2W)YM}C!<
z)tizhRXvEhz&#tzi4dGFDEF9u@s|ftoi(%<QFo{2h9-QWiByCY&Wegu<b5&Mmen=y
ztaCXXx=k(le4~xi@h6}EYPphgKKu-~L-niz^Dy(3Z_@qV41If0<7QrLv6fI#uyjpK
zp4lF^qY#5U$YoQm`Tdh!zII&oom<kIq|vh@X05d{<A<AD^fYUFZ3}?88H8V9D_zDk
zrq-JbG`U8rPsUWH)+h{Ac@~Bh3u7u%YBW$WYz<1~hj&7S?}+?eLB4O;e%$(BQ|rGH
zItflsrGFfA99nw+!;3+0^!_icJ^o9Z0BFkCE>&Un6sqwZq{^E~>0|@K_67)@F$9@0
zPHOs0D)iF5x(jj*K3(-VayltBJyilpA(=G+tNTsoi$Qn%8<oO9U`h@HfxVGb1{zax
zVE`c?b^|Hv8d(SA4|Er4EhzE77@BGSt+Mw6pyl>YZP@<3y(sPNzb&AZ+y88&on5jf
zo$iEOgOADf-{!5~lvEf%W-Yh=)D~3uUky#R|5khh;GggRGbr@-{r@(BrpsU2YBk_r
zls}C@YcKz{fac0y)=DNoOXEM)yW#miZyL4z{7;*JVd!3n43g{Vlhk1B10OI@%JpM5
zWIUdlLd5{WzvadQsX6ioW|FRL^i1vW_o2!5Pis8`;9vCrR1p8Qz5oC8&`kMDX<!M6
z_VIbN)c@0|4cC9#`~S8AL;pX+#7s;^Gn(6d-C!1Fg(1jkCMR~L*kMpNu|t^~2u!iZ
z05ZcScKXcf1{MqC5BMmEXaz<5KZWMof7{r9CfYxh-roM(1pYz$&-t|N-xPZcAhY)N
z|EZv<_K&&^20Knj>c{5MLi?vv8}0x2P#Nv*zfHi?bIcgeRsw=?r9po{G7w-A99F}R
z^?G`a8`o;tA>1JB5Sl`&P%2U<8?rM#5XT@<pcIWdO@aEhVUVbh6i$+)DbyN*A_0%-
zNCNINA(y&SaG1+DKuL5(kI(^6x+xOb1W6+BQV**LAl?W_1gFdROkpUVYNh|}52>}J
zL^u^zrMVF6QW0*5a6}S00H|mfkzfU@<RG@lM4dtd6AjK9kUMyGBpH&F)R<jR1Abcd
zFz_W;DzWd$N`;gNoMjLQIC~doqy(H@34{clN`{`(L(2;b9qUT4LJu%PQ?P(Sum<(K
zkCY`E6VTak9th!JMX-`+(U^z^Y%~=OisnKL242~e3Z(p{aH2v*bj9Mp=tG`?3qSP4
zxQi<!S0ie}2tg7_9}N&!P9vV+M5P?!h1&zZ*j?kyg~&sJg2r+|JznY`E`h3lGW}f_
zXKe2uJQw~{I2y_oC#0DotlN|~CZ*Mp;^G+aTNYV^`(Khy#!qn?BnL5a5~zNtuWKrj
ziiIbTLDT$E$J(e86>1WC2+{=&meY^|tqO+B@vM2_#v-9OjjIP1+Re3*yuf9p{(iC~
zQ6VE5=}g|R7NPEOozay=GP*!yq&Im(jW?=;#?){FY8ZHCM)c5-iJaC17hv6z_4b4_
z@bQaGb%{pu&>9KU5-+$ZUNEgG@#sykq?3&|q!5-F7*C8hotSAPD7}%OEpdfg<_gmr
ziHw)MAX%+O`XjWo?Hkn{eU(8H>Qx_?cCRk~C!w+ZmnQRW)ziQK>ijPi_<v|$|NHb{
zy8Q8hO|G5P8hNx}|5GWHM*Ba=U%UO^77(G3Y1CSELMp_9(_kgiU27mgs!py@LosU2
z1T4-@Flyulqaj2f5pGs{lPJKq25^?Zi45_BSUf0_CxqB6ju7HSK`b_xEo4K&P>ukK
z;YEcD_{<<S1pNQn69^8i3j_l0Jkk$!>IfV?B6cv*pETC+3#rV&#U&p%;(3!)u*QG5
z*9e3bOY$Gi7(vL$$RK29W*Q}W86~#5*da=_RHF22Ne23-l;J;J1KZ(038wr1*7X6`
z()zCtqmln#^!=aq{{Pd1FbUSes81y@nG-3rI%Ecc4*=c}?wC!Bub&{(Ze(f-5F7gJ
z1tWwO>Bp?<cewiBm|K10Bw$<+tgwoPbc9%Bnz{hF22LcEOsc<DryyBbkw~cbDAZ0-
zNYUjch15i{yiq#9h0{|SrJ2B!n?f|nQBF#cOEIye3YDHGqJf5Ka?^<l<pctOrJkfx
zs?kWBIt>VIr%@;S5v*`mc_|t>eqT$%5E9gyM3|(4Q^`{>7gcrNo)i+5M)F0bcoGds
zI)xTcM`^nJo3;NmvR0{MEwq0xA4;SB9}1=Y{r@%rGPxNGFj3zsH85T;wK9z&C6z=V
zlZ_l{*WJauY2$venS6mTn#JLXK^x~qa^u8;xQIX=SAfvAA`sAj$fyHBS`OMr3E8ni
zPGk@_n#G1_`X^{0x+EbTxq}Mcx?(w?&fA*NLaVC*;;S{Ox<no5&|LyGNDEfF>K|K6
zz(P&o4&_{!!Lf))0$y}f5L?UwA<d>vg^X_kH^*YWFwhmyfhQ5ia3bk60+$&X63q-@
zL*PQp=S2ylL!#LNwg)7L4s4Jn4vb=s=5RU8NP<I(Mv|B;L09O-DTr0;LZvZiuDJ7a
zh)l-W>z%QSBbY&-q^98W7x0T966pQjaUz3x5dH&P6VSN|o&ZrjXdYA#3IXCr@mSG8
z!ba%;8Fe5R!4!l;lyrImSFbo0J1{!L2nD%KqjKwlY1K=naP@(*Kspa3dVxNYizNu-
z_-ufO|3p-dryzuZ><~^Q8qF$@%L@vJhyrwL0}Ra^Rf3v`-O?i&A!6OIltMJzsD}nX
z#N<Y^LENBZEF!80L>y~GP#+~lqM95jNe01@h#WaAQD~dM1;VjltWyDjK=rYDn!(2l
z5a42A%0Q67Ch$3UpqM&guz{@!WG)CMppQ}j(CeEyPyz7w$7qgPsFBFwWC=2HZbm^o
zguen2Dj47CFbD<=geHji8bun?zXj?PN_jK95mDtjS!&($Hmgh=_n+ufkOIpT5~W@W
zL~Kt6i9(`bQPqs>4`T-GNEX5P8?SaEiKe;AiD!wZRHelnOCmWUH60NUDF!`5@Tu!Y
zAT-pxJ=%8=>e`>a3+6<Mc;Rf;C+Ss;1{<_zq1GFISR6qRGm6Cw<gy{7c4{<m0(GHJ
zLi<~Uh5^hlf)U4R#;Pzy67}rpe~X<d%6ckoq{I5Rn;&^vSKkD~7||vr+k$05uWwnj
zx*1`tX0YMhxFkNx{%g+uubahvtc}^c{ZFNPc{QB>`%q}@=l|LS9H3_G|GIGx-Fx?h
zz@Xx9yufO5J+)bmhQ@>rA<eEVySdd{Q+9I$E_i`iikdvc7=?;XgIv;my<H&|<{sIT
zt58jVxR~F1A{Z;E6vU(q3J&o%NR0@Mk+NW^E|Fj#!4?RBJu5^?7`VX)jjS#>aWa0w
zp9BfjkQ9|T6`<kkB9IO^D25^<nBi;>11FspTTNl(Aw+N{;9Zqu@G=SbXmlzAf#C{e
z1(6es*Re^66hx9K>^QX!l1WsM7L3XXlOYN2oLHy9{4k>dpOKtYdMORG(#e>)U$>8+
zEI|qlLR5u@q)akM3xa2oKoLQ3x+EFtE&TqG;DDuZrKzueqA6Z{wN|SDar9(KY6UWY
zpl|fle=>>2v>2u`ih|Lg1VqS1DgmJk5b~BQk8AThG2#C$M^KRi!J9Gq1vCdRvEV~Y
zrBXeK4{L(Zhh^d3!)3tjIi(IqAd`s!8EB2j@Nb;V1^fSe@VXF^9>nMS%akNI9VSEw
zx&FxtIrbw;5ah3sp_c@EPA~)l@*rj8N(4Lp&FPO&msKEBz=oo=us9+($RL+K71fQH
zt9RI5AA_e$P0^)_Sqcq^1B!DtMnFyWWLU01x`}4cgs2a53_*XVkx<RbV=RhcO;69P
zu^<NJkQ>UxNmQvduo!FdATvWY4JBo=SlA;VB?OUGYNa|+4Ur>+(Eqacq|J@nN`AI}
z1;V6KlX{k@%g2mlXJtvYwb9{{<e5o!wp<iROMIq8K9cg0Z2tRp1K>?vw(PMTvSutE
zK%>!UbOViUK>Si7;@MXs_KHMo088PFSfICEI)`NUI8$!)z6|(N=cMl5UJm*&m1ht9
z1hVE=oQ`9H-vRJxgNQOmAzXSRTzZRA1pcv&)+Ig5&sEyXyIb4~i&FiGgj|^@JX;8+
z^Y@jH*F8XzN0OltIMeOu>Pk^%9mVGdXjFFO(=R}#ew<vi#h@ekGz+3Oy>T9}KE*r`
z@eaEU&$f9ES`c(nBI-E#FYFUh@$&IB3qPL>>ZRh*$d*xa(LNpkN<X^TxF16A+O6(y
zkRL?;O*Aw6L~fu7RlQV1OE@Yzi{FkFjo(3CY|}7w`T%XI=wtpxQf?*FO=eG2-GyW5
zs(&ZV9T)suQ`lQ&B)bXVRyO&AM_3eBB51G)=&Dbx(&0YGoFh&7mge{q)e_#kk$Mo(
zm^+_@_}T(+5adMH&`*ndDt5%xX=#6@-lDEn;<J1{MjHYVGR#tV1iGR%1EGmZ<`*FY
zn%bd>uIf|8K9UvUW4gmuTil};vv^KiAxk+O-AIYMNb)0T!YCu5$jlGT_Mo|rhT=ns
zN9w1-LjA<yF4s;8i5{<;3fs_4VT`t*nG~)Zrc6Qn(E=r*#N_ezRMgoY3)R#DR9=(5
zy85pADoDFToprUb&RU%#S!Z1>*I8Go&Jq>us!@?|DkD7Z=98_O&RbSwiIq#xX9`zn
z!FoT3dIN>hZGb-Ur(a9};xn5~Et~x;N#hAz2KCG`<|YvaY{itiM)=C9p<YXK-MNC-
zfFu!Q)2zr9`To9Q$rYH9SFDPm=oOf)RVL=YD<jDX=w%;b#?#2T+&B2ggwQvr@VDTR
zpMtAi138yL14szM-J@{R+}}LMfyA8nh7u=As&iFRfEX)CH35p4l?jk)GOcJc{RxDb
zJdH4u&8pXTSI<{eP?L>{Jhv*Nsab(u3LH^{|4s$^O2r!6m9chR`L{WS|0?|>EGv|2
ztW{;MMZ{o-`W9X2!RK#^W^K-GYeQG9=Y&oze9s47n_U~v2;S7^0OJ`8K;Nxr1W!Yj
zo)JD3WXaHjeFyKkI$#g3Y3_Sl=%4pmy8h#P?LDcC75-lb`=xSp{b#S7p8xwI*Q3{e
z7;n6uC7=PtC$jic4lVvLl;76+5AT9+atSDaduSCXsU4ncAt+MTs<og97bUC$B_h8$
zxR+i6T5Hv30kP7BpAdawYd`Cm(bint3D||&t&>Nu+u-5H2{x@nTh~h4R?L>Q8OGmt
zMdKu393okC;15}dPGSH;?|g$rJmx@HVWLi!bE%cu>qudwHt0s{8=@C7=M!wq&)c^)
zNB{d;U!SLcDY?x|c8gTk@?@{aaQ8%`-BN?ycQm^_(d70xbKBM|U)!~GZP&83WlPqU
zEmvE&RBhQZwQWn(o3%V8+kbq&^lg-}D*ksrVgE<m|0A{kJpUz%fBn_%!C>G56m7Fx
zZ#4&h|BY_%YlQ{6Q3zD-V6ID>#R&WBK<E<>AG+$jgVqL=z-U~V^V$4Ny(7km1{q_r
zg)tj3m;YEiof~&}1xc>D&96g0zKuna@T-t7B&4nPI-Od#5l%`l^eQ=Zci8W>BdH5{
zG+M<H1A@&cV2%b0_2NI@rTvro|G{h6|7Snl|K}yH<o18r`0sKddj8WsvP3HXU*HN!
zdcOTb{a^n|L%*MZRvP;KxX|xyQ{_p~-uVU5-uZu6w0As|d$U09^~1RH@Na`4?k9wB
zmmd+9y?(UyMzPilE4_ZC^)B(PEYRtx;foYrGWz-zMOtqZUA={f>NJXaRZ0JZDC)O+
zC6E7Kc>lLp{CB$l+e=-`_J2Eg+Wv31GG>o%0T+Iov-R2XUEpY<xe?s=?I3yIw}S=y
zz8xg&`*x79@7qDrzHbLf`@S6{?)!F-u<zSJ(!Os8uVCLd_gXsthsN0kkFDtc#l5|Q
z*!f@iwEw@z6`TC?zCSSZId!l~bk93P_dMSDKL~#vp430qn<t0a!;^9?TPQU0*~3Pm
zkj>|7`TEBKd@UFM7Jeb2=skaU9gr6I@~_i_Qn6Gx%x6!_&BJW@<HvILW20HlHcmbs
z?$u9=rF^OMw~*Q42n<wuT)_wa7<8G!B2B|~TsgJVoGIa48UM|bD#YC(ccad4!D^NF
z4j}7(wp=(YWXp|%diJDNtYyokkB5bFzFgjG<e#HjY?I;44*PY%x(!?py3<j>mg;`X
z?Cj7La(K&}C3klC!aBU+ceL;j=x9kCk9a{)gFs2^HG7UClB)seTeW`eq4s}tL4Q*)
zbas`?KNbilK?ocE?y;bJjN*XS;h#0=vjLdJ^jQnYdi2={)I$2K;=<;=qt0x8P!RiM
z$GLDLC^bcC&DH_py?A}IjAi;iAeWz1#&Z2%Jix`CnE!t{)&DPXRe!yo>h4ilM?xW&
z7YHaB1J5BkLSJSWM%r04*b2WMXR2(Fz{Uuk_Te|f2U9%~{51qnWuINR2f0EXo?|;m
zd6~~HTa6>(uj0o>xpq)K&7PEtdms!N<?LY{gk`z#u?GCnJp5SOM;$qkWuB3NWUoBu
zXLxa(*{NRWk^=+gsSOYQ6Wnt|sOS(xOezM`Rztdq<qo~_L4>4`fbW@4WJ9w6Im3E5
z63`#YojA}GLAS_Ix}^POAbqH4MrBsirLFd^JE!#{Ay1!c!*)lTX;bY_)vovFv!OOs
zx$pU<jVB2Rr?vK=$$(BIOOgSRf$AVUtmICWZoIJL)$Vh>-bNcRi~%kDM04)+Ob5%L
z=(wmrr7%k1l%E~dyf>v8XDRj_gr$aGB)!E9ZEnqBJaZIxtlW+JRPM&zDR)Djl(d`+
zO9g=?tF~=e4I14*+wh1x6j$h4L&XioukhgeN;vMmvMT1DmBmc%7eE-=TZa8hM%x{r
zz2no~qfv7vjdYJjZS<?aEutcsp;e(0G9$afeDpjJu`f72Pv)JV6gTAwZwA{|r+|dj
z*60~t*kxEdCW7D%P8~Fsl;q-Oj4f%}kR0g*-eP*jMoaR1kt~cqp|m&>N}R596Gox7
zJpj?{%*_*NhLJ@95^<ia*~t0gBGv`bZcOQbf%5L6bl3zz_Vzh7IOe8eiw3#FFZ_g~
z@D~KcbMjG%z{wZ07O*sk1au5b#ocu!-Rm|hN#SG5xotte;sPkxuRH_;4L9Nq7ZzI-
zS5x81TT|=<9&^VMdT^OnTZhH}W0e*)L8sMd`wg(73$sL>8<2#6L!BQ0i75M2SxGjA
zT61=*S;h=$?ok{CEU%l(y+IR`-=`d%SJUr^Tp2B@rng;A^A<{6%9KEZ^;07AtWM}g
zp~nUKS_H4pb!Tp2Gv>?t3k&(8js~iAtH~h4jQa;}(KD>2n0@WEk@wb13?)Fn)QyMf
zstR|c87MvFizS(+YOM#oHou3lJ+%GG%vCX@mzNC^0+XjL4iUKX`l}xx<X_1E;A;B=
z08n$9%$0q8qRKb6r^BK{fYO$fJ8ku+sCEWmg<=mTT2HM9bDUT(X`n01Xf+Iu0w1UD
zDeM3^W{o@&%HMZ1pag~k%2vh$$}1TVxC=2+!UxM)YtW#qJ!(*%Z`g2^4jW!}*l?8&
z8#Wj=MBY#XL|?sDEf6&-eG<cubg`AfVxdg_KqDNv2CrFyqjiGSSj}jB3e{gKdi~t0
z%$%|~R*hv7G2bc(Zjc(w!&1gZOv#27mLov;<pYofHi}h)5I5DPHUx~)eC$A?^3#W|
z(V9(EOM_8`$Vnr{XtNH@g5%65QY^nEiY*v)ZI5Ccfh8lc1>=zwq+WxiJumraC!lxG
z?-KiHIOsCaM`Ll8kLr<=NA$=I@_Y+8d~Z_gNK9s++AFKMBnmSXB&i^I2ZCgIaB#}x
zDU-irCg(BhDVL{Q{*JkvZ>5lOdCKMQn9IE#K2knU`TQO8Ip26D<?@uv-!YfF`yr)l
zp0fEnX7hASB4zTo#^g(F?a|{#c6?*|#wUzK3S$`1RY)E~L0@|JRWZRs{P^{SJ){@E
zmd1aCV%Q#E#)|lld^sQ4|F4)Yru+ZB%=I1PKX}OGI}hfF?is(6=&o6QJ?@%sC7y$+
zZ$A2=yJOSzuP`Pf%mNYNx{3Q{1ke&6&cu|f9XS)Ty^0VGy7jy?3ovcii88)3#A-ZO
zx)r_~hrHM5$N!GK^TWp*yn2cMS{(HGge)r2U)ae$*mzHu)hoU26Vk0Mr-PZ^f@l3^
zLR?9u`0ID8PMxKx97>&~<LvtW42R1Nd)qPIy#@E+)YCWZ1yAk;|1@vdlo3*o(UcQX
zuga7YQqRMb7oL+B-nw^Q$_c3lTgnQlmsiRNn;BD5=cLWAWdENRJ^!<?Uo6MY|J+OW
ze}9o{jq^VfPla3W<WKiNxK?9ub<ywrcemCFo`LCIg}}j?tw#UqOQ+Fk_s-6m{iL*o
z5L`%iHE4cjM|wrB;)1kaYW;3JZ80%zv)}JU(J1Civ9yiausLkS>sQQ|<8b@+L{b#<
zd!e+A<|(Gf!@pu_OOd)^+D`53p!G*m+F~s2;Jn}J{x<AIGn68A<2W?CwUc(U5rrGB
zTjz4v{Cb5{=v@vYIFte3*L4zXaf6d!OT~lz!?jO>O@{m$4}uNI|EaRK<%3`OwfXt4
z#r;w~J^%G3u1NbUhP-_q*u4EqrGve+{a@lrX#ctW{m*~S!;mm-{};HD+g}3>d!L&)
zQ+*p{EFb?D@}<4#`EUFAVlf^6zr<Djq0y_;Q)RKW$;IVKyHzJbRusRK>Y~^fHptiW
zVW&+BxjaGNYS|IRW|tmwDezOu?(Xh#ccq+Rjm2SKyhlI<%*k)FHqDk(97TXhIKIOl
zRZ@=WVVPA&b6_stY3zL>b?d=&(EH7tXfok`eRO!(o=a7crDVBuZFYmlogN9c^8nNS
ziK;pRnON%eQ4lf4;QSyviX-rNPPT1<IMfl-f$^w_&op#ksyY(E>{<0cbM5v>s2ej!
zojF<b+7yV)o_H>-N`=T1$+A`F=yG_PJwzx~kyWlbGL(noOs1-6w?tEp1k5eLn9xES
zjQ`qXXT#Dchse7t-549fv3DwKRa&El!f{obj)|lLo<LPXVG!Grj|AxBIde7!EUTi#
z2`NIENkz}3sS2P*+W5E%O=!%<*hW>6-&aNYWl?S=a2W9Mie{xC*bk}xkj;juLbBN)
z4W~fBF!^TEtu~feL6C4#U}(ZGpf%U2kx19PI-DC*)vE-xC9yO-l}lh>1pa8;q7R*V
zCmi?q9TKl9Lh_~ga2;Z93&#WcyIvmm)IQ<ZJsEJld?23C30XKkXE*ERk}Xxy92*;m
z-mIAm*%<k?&TdGga#fL2oxcddnM$*{q*Fk`afd!oR$SN+feb%tGly{nZR}RyX$j^*
z03-C`)Sv?#pYXdiGiozvO`RWv3?=(dYXY!buSDV4b5Qj9VDzGtNczAfUvd%pT)L7>
zO*n>51=Hh}kJ-kcWCp0d8Vqaf_}fHYNGz9&GQi$H+|oUGlnzRSV{WUB(JPToD}g(f
zB;Tl(`0Lm*=H?a1kiy;`a>SSn*{8)-UJ2Zmr%}N5&x2%uVcI2j7hRLpnXU5v(q>Nq
zmSZ5IvNIqOBjS@QFeWLBSk8>v{(TvTz<oIfX&|L}oIyomTm$3UWP}!bB8O!9wIt)2
zXc{->WResW9-u<i6BYW>G1<!%K4l=GWKYNkMH{QO^9#A=p;)^_nkhsgrleV{Fi}zI
zZw~5f2GG)=OiNV>S}X7HC|k@pw*eJAs@8`3kp=YBeR^gj8<mj<J4hT?kYhSmn7f2Q
z1bFx)j*)UjSFK^~5Ve_cN2FUx(=pBrKl-!@NP8t9?Q;nz_$e`kuNy+`BTF+fQi+?E
znrYpGWo1KQr^^zM^Rebx-1)Al8z(l|DJGz#G9^e!TG!;knA5X^=Qc>vHG#t0kv5ZX
zl}My;PxzC|61jV5dcs3bGo~M|;nCT+CT?{l-8Qh!*Tx*V#qpcm#h5T`F#|AKW~8b!
z;sB=sygSXA&=QM@&F<+`#LUyHjN*z;WL>iDKq@wxQXFrj@j1vA-jIX*PySHsNDpEW
zX2t&tJ=bw_^6_v@!IlFgrqYe-)j7ab)saO+mX=eAxD*X0%N5=69ROa6Tp@s5u^`sw
zV?=I089B*B(m4jXGprj%!jS=gSgCp1`8Gl{pDV44Xg)Cd45D_bS++yW`3O3+OR*e-
z2Y>Zw!+OIWY*=sT6YSA<APryytBq&a6i_2=3WIFiI-ag_WctQPwSWdK)tcLqu1#%u
z@<0=IB<O9rM0$VzY)JClQ7aZ6r#pvk@@FnH1n!jQ7HEHmC>l<TM(mhfEYL*VLl;qo
z#`I^2<+jP$T(c$H0GJ5>)cr65upP;k0q_hNn*y*L>>St!)|@GX5At3leY_DLC0Jn8
z=h6&%8krg(2{b>Jh?wkv*uVfo(;edzCdqbt*}+AvlO3Mdy1xznD*-b(G`P%V>c$l5
zZ&QJDr|KXT)E_)W@H<E%PaasRBu@x1CDe>pP{Ft;!$kGPwFBG%jtPgEFBM~0hoFAX
zmxW_|2l9{T(4avIMwGIvdbvi9e5Lc6h_aSO#+*$H&Dfyh7PwBqXc>3vE#unxuX9T~
zVna>Kl}I=jq?5n+biD;Q*$h;cP1f@Qn>T*OcmCA>2bfu_+IRwAN(BLWy@I|Lhlc`T
zGf7%wil#k<f${NAE#(vOrwqHd0HjbPDDuSoo|r!*#lok;;ip0wS`E6xSkg)J-XuRk
z2d4liz$lFvJ(B6?&#m3>Z1!EHv-D%~&tB$VcqQBaf}^CTm$AzJS3Zc@|4QY2YX5tQ
z>s8tRh&R7^TZTT@(wAuHOYMA5vGZ+i=8GGw1a9+NW@SpveecoSms;&otKC|_w`8^B
zBGXf2o(SEBt<HlQviU@fUoh-;Ttm<teezKH(h0gGONu%Lxr`Ga8D~?LtVw#toLi=W
z)-uT<(g-G+FuT+r$jpF5wv!_;XGNPD{D)VT@c{Y;C-4CFtb3W&wHuWHswSxBYe&df
zDpU99<jbrs|G@(iuQ7`hH$0(YgK61}`<rsLZHtQMD$Hd^4-yd;vQHVxt#6KGS}-Z(
zBUUy$l)c0KsC^=_(D7_eOLH@dW78E=XBTZY<>d6884eoKaH_~n42ps3i4yYSvYzd0
zM&?FUO&e`%1ZiR6T#1s7=yY<Uz;Hv;8G0j_iQWZ`n3&8qHB0km?;I;E-I+*E#x=Cj
zrgjW$SxQ@MTxs?|cpG99@^+&&hv^cT0Dr;c6f#Nn4P<0S2xA6KY~j#{oiOQ^L^NjA
zQ@k>EGl0;HzO(_Lu8^^Ii@ZgcIzf8{^9H5G0Bp$wL10?AJC08bq#{%b+HI=dQI66m
zP>b*Z05TMk51M~Y&%C6KA2Ic=u*;CA*kwFW%zD8aUQsQmuEI>Gyjc{lxA}HMOJr!)
zy$b(~b+6!@x0J<+ugfYqLTb8BXd)Zhz=lDFs^q+iUZ~bovu%z8k_svYV=AoUF5>{;
z5*&<<)m_@I$N;Kkqh)l2<4$Y{iIP4;`3b;;Y~zw`8?r|Ictg~t-n=&XfQ={&cn;wg
zT8N^8sNlW8{p9gjpwsULn8E!F?V#}zFgvSxhOzN3#dDWT4Mn@gUzJvib~Jmk>s!g-
zrA>Puwg6om5P@TCRo62Bfl8$75O!<<0ZK8EpbjUIO-+{*Xv|PeG&^%Ww`NczGj0O^
z+XgKWRT#d(<kyA{T^FkcvYACc*q^+HLne|&Fno-0J;Mas!SoxKe}ZWxaKlJ-U8>P&
zpTSpdtt`X>MlLf4q&30qX0h04ZF2!}a^56^-s$j5t=}ZA0lDb+KDQdp1`%olcoufa
zm)7tcJ#-;Ozt$c8PI{-L*8QFQ*6KEPN%QMPzd0C?UO&_7T(nzFc-QLI+n0@2_l%rC
zzHV<w+O1A&2tbEDf(3F=t>yrMb(;P9IXu=*TJ6^G_ub5CYuH7Yr@cO@k&9Y?*s5Q)
zYklYx{fpk93B@-6Y`4`t?L#TePP03Nj?(JFOVa!dPh@ajYqzniOzjfT?<0bw-n;m{
z-#R-VlJj1>(S(;LO+XEOm04L(t9rZE>g<w6ty4Q|(p)`&($D-qdshMv)!N37<;tEE
zDdboZ8e<nySwe#(drAy*WC}BPW{^;nHKNk4P_|N9rA3S4rc&C7sI<7LM6Qam<U8*<
zX9nH6-S7ME@BY5;{!;jvdEe)KpXYtH^M9Um1`NZu2Yb%50WX2|EYbhgZj=R1fDf#_
z7yXljvgzW+o9an%wIRWlE)-WF5nGo9^GTvWp6HAP7!h=ylMPM<$QmAXB<K+Ex4Wwi
zk03nP#?ld`g`SVosPp?XSmM6}C1NSd{{@=J-RTHGaU?8-L5jwIBck{Pp!g5L6TgoC
zjku`z3)c7!{%53bG~-MBPha=P{Xc)p*Z&m$_Ydp;`vD97Ww79%#RY%Bg8$pFAXkwH
zAn?0gm_M5T{s_tX0VDo1VZ^_?`ERskfdxie*MHaqNOS@HU$poQ`vx#_*gt%Ybt*ic
zx&i@M39)}R!lbfrv}?qJ3NSQ<1e=4-yV>|V<~rCPB+&>|TtQqs4ZZdUeisKG*kN?M
zi48RK&;!DPsVrQg#PvQ0z&;$9$^HBTe<Tp}-LS$!G1v!R4RnqXYvI@ywpsKLU;w|t
z!{90aPFH}nI6-VK$bn`y2rCr5d<w=N*o&}9qC^WG3uZ9!X*i&PVAIL)f=~=TW3T{9
zF@ijfDq_8O+_o$(?*zPt16Evo4U8q6?N>pzQ93))C*wLh(l7H44r{sMb`WCiXOXx#
zhNX`oEtvGFFpc{>Z}c(}+XW#}nh_yTQ7&%zM?J2@6_kz<xUL%ETA8#!ZP4ZgS`q_*
z)Pb7?zcKy9n(2THLNSFV6bBW+Vm2e1798xuJyTvg9p1+T;C_JCf~f?DgtSG8R>|Q8
zRO)vcoW9rmNgfSbW0K^F2(VA=@w?(B#Q5Jz5f>s*Fs>NCsxBiUFc>o;3ge0rWH3CI
z7fQiMUN}WZU~B{I7K7diCx&DCEMys)a-lQ<e8;BKP(h=n>OWFA+`}VwM+^Ra$0!gX
zJ1hj&2tnB3aqpVn=ywE9X$j*H-Vbbs7_W_cSgx;NW1oe=-2py?=N7n;#|^-eTxQTc
zufPg5C>Q7oC=<jqK$6Pxr*p8>Js1gH1}aKeAqk5qJaXVQ7QzW*g<@nF*b}}{I(qsh
z+URsx1@#Tf!1W3pz*ib*m{8#^fp1<#lShkS1KSFDL^CPAZG=mlj)j{L49}(l_e|IT
z!9HeHddApw8uq+=_Av7lY&OaR(D^WMdUz3pco|5Uia+Bf7-(!Df<`@Xr~p;Q0wlsC
z#fe~Wg~jF-UAVz%G>aqv>JF0t06vclcO*f9id9=e(V>Vo_{=d-NTYFsz-X$&Txqb8
z5%Dk(Gb{8bna-w@5n7lIJyaX@y$D-}6&Rprpsz>ftVELn7h7u>`~|dL^N%`m2`vpm
zR#LyKsjl=8)bU{44toi7GB*;!{#f|{*B4O!!JY_#9V3q&;v7+JFwlp=s%Vlx4*^9r
z`Z9D1`FnfCG78>KN$?6J5?)L~WkmD&*0yazu}MIg@YP9pk2_{;sOPe_wSqOQ>C7O6
zr5%V8@<+W9C}AL)!>8~yvjb`cx>R|VG+I?TST8$*FOJZ@q=jz$-=Tw*e=&nVCw@r_
zu>YSC12bpxsJRel2UI;E5(or9Be2Hr4N>z;6CSq0Kv1;=bir0os|ZIOD2;@dT)3Wz
zm+i3-Hh6RhBk&837;G|lhLnaTmo46I$%LI_w-SUPp){_YgQ6x%mq&<355(dE2b+dx
zu~;uLaf&lx+@!Ica@a_4AUBUe{aHBbfJmeKAQ1uy*az@P41;M@4i(jXB!CLyHtKGc
zF;MQ%qz)a17uk4({L#pQ=XQiU<f#XDSKpK?UVg@0H8FR@2@$E;==ZrEg&7>i9<__n
z!!QA0V;G^xckPeJ=|@}Ow=8ci@`dH$RdhTYebuBw!qAB4k9<QnsK9lG(;1*%4XSE9
zM}#fIOQ>v#LOQVmdpK49mI>k)FTXP;5*&d!Zv-#g^Jb&F7%2=5o@3HL7sDh%!o;eH
zO9!4c3&wT<=6z4V$Vzng8f-n3g8nz<3KR@jBuATy1!81n0D6F+l#fnE&lQ(8o6C_N
z&x(e*)c;-bU<DdWxHGYXAXq2j9<Da1Ot73kf{s@@u_pad$~PQEd4~uzp3s01{PS+-
z7?H093}<WBqjNR4Q8nAq85{T%Pb!|TjR;La1dD%=q@jrmc*+&%TJc4v_<{@_)&NN(
zfcOwt%kf)h0D4#mt0OQ_JX^w3NBkYUfDE$E;q4M-cRUjScp^gF+`_Z=k^2j0&{5Yw
zGlDfhJ&uFrJ+Kzf_JSGURs{sT_{QJBlc@h9)BNM~5`Pz6Z$z*e?RWmne0-B5;}x1X
z0AG#!an!LRsBlKchv5i?>iV!|qJzO*DIAax`bPrBG|<cxm<3z&D|+_hCXNx;U0BK0
z^v6vc|D>;P)PM0h(O<O2_wN7DHPHK_{%fSK_v865f6G^jvy+{K=wx765|nv!UC`gL
z;9FP-{aHDiT7&))@^`SC3k`vPx#x>A(N{#6^A@ooh;IS-=Bt{s+YNnDkz?b<;kF||
zHm=UFT@ZuK!RvtV46^Qw!gJY05HxlpWv->$%H174)3-FwlRbZD(a|_jhumE^Ep~?F
z3JQeCX;dZ{AJh!Ilprf!`ou!a$xAHIOH4gj&|uz)+@)vgLt~2Vl^n|6n$G^@we3x@
z=UaBmK~Ki|eHDtQ#M<xrK1r{6MuujjmqQOtI{BH;Pm5J-c>dKF*7)>^xy7+Np+<-)
z7w{SCZMowc0!c!<=OnR11&&S%Sk!XsEq~3kDY54?yqc;9)u%#+FXdMukX2>>N~m=@
zE$x?O+pqT5Tr1f{8(R^_PQQCnB;dx&nL8_vpO)~Wv>=f^Q=nGJAEGQg*SEobM;gSe
z-46A<zhx9a(m!qIeAZ49-aE%PR<FnQX}Bh&<ln_tQF3--+W@4jurR0T^6}G4gu^Ql
z<5<YTZ;`pc(R!KqYr;?!+yu#{O*%N^fYCF_UI@BP3zV{|i&yZMHs1YC&`K)JLzU_M
z!A>~tUYx)abe@)InaAMmEX{&-rfmzPGEWuMlj@fW`PIlpo#Zcq^nDzXWyG#DuDcdP
zN}VZ{`Ia+auL)h$XsT{k;kPhu;@h~*Q>!gn;MgwzKG$7wkd^Sj0ns?Ywuh!Oe%j40
z?}&=<`V^L&y0)Z=JlP$x55ExHAT6Agv#EDTaIc3_YwpjrKFOC-<N})STwpGMZwi@b
z6?tCvTNFK3`DKg>Y5j}eCT|#%d%GPvR@|~lwQTLik9M_Z9Hvi8*zxinylGo<*PD$u
zB^C=yl#S`CGHu!3l7IW~+iPRu*^RApCEp5ejxo1zd|&(q*1O`*+C7EujcMELfZ#jK
z@+(RP?zb7~l**r0hCEN&5p9vyAY=ti*Gm*?v^exIY-@z$bf4vGHw>(i-mSl+G^#aI
zD1a1@7BVTS>}G-28V$q8QQ~~U%5{B*{ayIZIseATWC`V%w9Tyjl*s-ptPGtvF(fL-
z>gKCBMq1kL)kB8bGM9Kiy*r^!S;&uFJIlX0|E90ip@F0Wc2MHW$=zYAu1L*B^&{JQ
z|A2y2aR&QBVQ;ur_JG3q80)mB4X35V-pH(yfkYefi#nOLp8D$QNjmX<H|~nAsaPjG
zw2H!Vi+fYzaHK45d&^XJWj8ZFaS7+t$C1#pE3=Z1R>#4N>$D8DnX)b>_6n;T8?F~!
z>*+Fo>SKLXP)$ne+V-XK{<$BA6i!B0NU8gYjk`~g|9sU{XIg}Z6zvwO{LfAM8zQ??
z?0xPY)Ulm!6*%$N6E4ChCr`8~QoAj;dVa`zL*emW`#2N#@9@)?$yn(GxhEzUA0<u6
zRYA;DX!ag6*U=Y6rv$d09&27F^2*OmHzAawdF(`z+<sKcrztP8+GuS%Jz0JAI<e+E
z(oPTNDUPQu8pwHiLHh2#{nHxE65=N0H5_O%imz<j+~;d?=&tHiM=RkWi>Pkx)VHM6
zp`Vo9Tz5uWL~oxJJFUjdUGad$Vs=pOCUb-PP}MSrHXCVE9cjg?p{UJ|r)qJ=ZfdIU
z=}9rjY096WEO3-8df!B(wcOmu=ibv#sp=thHjue_^I>7DJu~0;#$TQ--zpWZS)h`!
zI_c^8U-wE`y0zCi3DVQ%Kk85PI_WMP*3CC>utw&UwF&30*!B<0O{>Nl_;&}@E9u^w
z>nvhg6<@bppyrv~`|ZEE6^p-a71%hrSJ|;*+`jb@5>NOpPwIv}4j=Nl$6vBu^~Ib|
zu^%O>Wn26bRwwKJdi?0)eX*Mtbg5)dE5BH$$LE>b-R!(Vdez5{5*rwKKUv5lA?j?e
zT(05r;-Ev#s`pN<>oZZ4vMMOBOw3(daI-dd(({(vtq!HK3>Pg={VZh2;)Ry9u=Mq-
z9PwWS?c10&UTk4Cz3OYe<TVLxrp!lUnU8vlhHkyPxT&yZliH+bALWl9S~yP2vr96L
zvL)eGNcXymUjpBaOV4|eWxH^_?m!+zimWc^`at1qwYYjqS<ADP18IYwGrL;_to*XG
zKc~X`2UEyqtpX-(q4bM+vSczeLDokrB~QFzFt)lH%3kJV)!CbKv}H|kRP(+3j2fn8
zX?f=u9W7{!NPE`cYsIobkEr?v%Uv0hgM%DPEzZcEv6(M6aXj?wVsFVrCn%}1J0Y_{
zrhHFBKBdRd_-rynY8Pd+-!_szo&RXIx=D+&A!TLuJxWId_0++TD8I^J>ResFCFRQ@
z)hoqr6?&0|``evRmghU|wF}4>f3{fmEM-OjpGHVm-F0O9{@QDmKfkf`xESAN6sq$0
zWJtSN(!%vVy#iAOA^mkOhsz4bWL{!@YOm-WDtHxgreuY)oJg!=S8n0`b3N4i2YPRj
zo}5(@T4S4<_(0Aq{<^L-bbQ9__fa2j1fu?+Y$)c{5lAj=($?3SF}00?x>uz41S?Ux
zPZmaO*qe*+3uxyaqF1-_b!Pg;84ez1?d)v47PGA+r(CSUJXc=&x{qUt!iH^Vm{4pw
zUQ%r=vWhL6y=D?cKRV;8;ox4@&Jc@nc91!%amC()eC9h$StsC_TD?-J>bIP$?{bQ_
zx2IFZ7bZ7<ROR#vT`wy(tIb(x`EtTW^wg0^9ZIg2TFQNo*oxyT1L%>H4DCu9UN48_
z`$D_}&-6{b+?8S3nT43{o0oOEJ%$waQ$_ri9npL3#_!WmteOyf%C;kYm6C%GU-I4s
zpKo{zKo!enRBsJ+cC4m;l=*q!W^0~z0L3Zl`7)sr5w-rI2EVa#;|}-pRX=a5ed9Nw
z!0X7Gx2)8N;?>Zxxbngmjn?m=6COiI{;LR*Y*hWx5^3tklkKens{(fM7io3ai)%yd
z2frMQC)GUd_mxWYJ?Ut*nbtL^(-@i&6D_evZ|kmo#%VkAp@Da|7&=Q`t+I!z!lSAx
zD~FCQ9ZEO(e4_g-sb*ZFFFN^2zi%H$ZEJO@o09WEzAcfE*359D4CWav31{2vp}7+Z
z)b}p&e7UP$u727+=(g%w$2Xteylh!veMUP(hBLn+U()$(-b{|5g)yt{QvI%2v3(7C
zirxYbf6866#1=|+)b0E=q8hR27aAKzr)o<u3m%<4qDY>bw9UR_*83D?5%tYt8t+6H
zj|V)W_PknFCAn|R>CULrok^Zse%?&GdVHYHAXk9%yw)~TuYfJEOr-kQ&nAbwdnK=T
zzlE8b)W}nJY)Q4eu6yV5$qQM>Mc~COqlc?~8#|&qHsocuiI@F)h@ZSlWo>Kv6h-x}
z*OBYGJF^W3<8%iED4WlFJv!X~)bQ0^L(=w(J6;HJs!NXr>_~@bw;8QWSEuL8!}bRY
zWEQq8n6++-l1<o>Bz=Pty^v;|Ah+@R<L;z%A5+dWr}yQROxp5#O04mFvqCd|zwRdo
zXYgGZviaoQyt=tsHA>M{aSAN3@ukVyy7JD#8y1QR)mK6rW~mr=jPV+SNI1V1JCrJD
z5X4_UQEd#|`?<U`$|U`fC;g1<c!v+McF9-9ZCz_1G&Z-?hF;55kk7hlhi+B!d|qR+
z;BuB=wN&gPrQW7Qn3?5$QMraiTa=FSX7V|FJ-;~h__VwR4GVdjOD;9fx`odiT-#=P
zM19VB7t#LJ?|=Q^Kr`#f>0yxXsE&mh(eWmeZHs0&r#&!A3hHfK_v90)5GC}XulK^V
z^Wu*j4+*dyW|8&pK$7okDphVcLT<aPw;p*AnqloUJ698;^~#q!^98zJ(lgv+W_BXf
zBj4Ft?9}+{k~#MEj4@N-j+q0Qx-w96u4U^+yFB_{?QtiXKQ(ncb-R2{(!9biphz3a
z_htp{;xlu9=YPX*XW^p`^Ect2Qz>i(dCMojvEF<!$G(^JR@!XJ997|m_LfIGPBnH6
zczWAxlE3Qcq~@M*=dp#^$2+YRc9Hpxs(p>((uuylwC0}v1@_B*teg%ze(;cqFHMLo
z4tij6TwC;fXHM&WJFQs?<)tYGaptz6oZwR_-4`xs*rV3qEoRIyPDDjnuXT9$OQFmy
z)~<u&-H!yXuq_eR65X~~w&fYW&*gUm(_~X;8E0h_1uU)Ia~hSF#;V|(ueU0fCB;}v
zk(^2ypRyNiQ%%3PM}2k;OF`1X{lk%m<MQLDLi@v+=dW(ko29hTWQ9q(M8lx7`?MVs
z67CzDQ$Cwpb{X2Y35EZQy=Q@rtGG@!5TeBx8ypA_@OX{oecD~={r2rglCfk-mTJi|
zl1%I)3GsH{TWjT&R%lnY{0%s?7*mp%l2ZdIP%tz&gkRjGp-l@MFrPZX;g>_guV5G3
z1VSnC;nNd3cV^yicb_a%9nmCu_R+pKZ|2^ad+*%2bLY;y=Suc|_R1w&R+V;bpRZ>w
zyrKNQD?fPo8w*Bft?W9wMn124_l)xwA9!iUZ@)I@`SWgDu=%7fx4yZx{nOv={npXv
zw>))jUG;6J-+M~z)!|DI9%yPBS^kIWYu<b9`uo<Lx~wwP_fA8{H^1`UDf9J%vl8NY
zvGDfWv)ekps(rfM`_k{{-goZW^Uew$zWELD?%|=`XV&Hpt-6KZde@%0y}!TlC9z`b
zAR4;k+RV$`jH&}a+f;JT(+5vFYj(*S2j?s=Q)REW;~&2L>qo2j)6ShXBfIgVGv5r%
zn}5dZ4}Ek1R6wi0q4aJredYIkd!uto7XI^RUw-hD)*U0$X52aLSjn-6gNGLMEgpPS
z=)Pt7qM>J=tUvtK(2Sj@y+7}JH=MNpnWrw96L=^vbNgF|?)%{{J7+%nU+b0ibFLbx
z``vk0c7AsDn-5HX>%XU^uH4*x&gzT4eeG?3eZRE*tfo`$oEQ7?js>w7o*ao>GyCy_
z=bt8D@ZxWN(D=QR&$u0?DOZ0(_{j$!%&0rG{^<Sn8~(7gM4h{*H!iA|pTA?<f|9d$
zozpvO`l=84k7r)p`{JfE2Rf%6-t(_JwjG)yU3~eklk=v(zhch*-M7DWO5gsOA3nSC
z_3IyQJgejvA7dl;jPoy@6S#BM(P__~`}DFUW&1ANvF+R|J_$WAZ~v{Y|NWf%&%X2H
zlE+ssYd+R`?H%O@9-Xsn<MlnM8yCM2+t>5;O&3JoKDHwGN#n@$r+4oB)+?80H{EpR
z;ax8-s6W~3*FLGADIDP*-~H^vrTY$FviRw{kGxkYZ_}?h=h>>8x;NhAX_zVevc2nx
zCGQ^CiQc<tW$@^4cf5S{Ra?Hfzwv^$oip$H#XE~nOPsp%)FYu6);{)g&m%W3R$rS|
zhkljlYrM8O=LtUX)3wk4%d!0rUiJQU{artu@t54}+Gzc*Rlj-plN}E}aZ1_TUAsze
z-}0r0<{#+~EbVLg&JTZb&GsX${DRX<_O05!X87$rEz{n9rR<E)N*{aqmXpiwns)Q$
z56|D=i9Da4ef8g7eC_LE>B1GWH+^vWW5Ul4-a2b>-`;mS%PxyApFXSZ-aBgUd2aW+
zO?w}#J@)E7L;rbpN6mn)lr7$N_~3%a7x#9TH2Is4u0H$mA1iBa_9PdUw4$HCan+gf
zl51A(ee=+f!<>(kL!sBNUVB!_O|t{x2R8m=;;)V#kxITl|5o27PP*;}aqD;g?e=$`
zyJycwO80k5nhrekAu6jVzyGNpt@Q7d_PzFZuO?3YkL*)-uZq6<&Ys7f|G}J+uY9Lc
z{r6wZn19`6LqD26bj>5XcRf<I@5!E$!LO~K_D@&*&s_hPKD{@K{$>Om0?iG}>+h?(
zeA^f0keIqA^~&@AWrzQNoc}Hh;i>b#C*vx@fBc(H#VZmMhT}N?Us0Cw&;OCb^3?vH
zNx3S^%RS`?(WM^7_##{D#2Bx{r2KUrDCykW0qdDf5bJ9#Ub0AF$h+7$%n(+iNP;?&
z>%;Gh@7wm2S9(02`NpS)s<Sx_>esi(kw#XC9cd5+0x7m62q<*qNvk8H3>bV-2F;^U
ztGb4KEh}q#FKuY=Xl`5HyL@FUhc<6Ud1<H`h2XO-1~{+d3+u*rTx{>j(y|w~hSA$W
zqY5*Kh6PHKUH#^AFI@r$YC)9ofUyD_a|_s^d1*`)LbYb(9RY1-sr0}?GG-ZB&L+#n
zjwNig$%E($F)Xxp2}%#FsAf|e^<JDG?u)E0qZ(KlZ|Nn=m}!d3*AhTN0F|XVD1;GN
zVIb)M0Zv{3@}ZGzpRE+U!)28gl7TfysPb&F=(sA_He7++V;h1rwgF=ESd@aDl3C$6
zL}b}S*K9Pn&=%?dK}T7^$%3K*i3Me7#E=+(qKKZ5Kthk=DKl25pjjle8TZKS5Nt=s
zpkW=G9QrB*vtmA%_0e946Dee~!Bxzrw3yFYT(hybDsTk_M7IJW6c7z|xAfN0CH%OV
zpboDgWqb(dP74qOlNL!iFC|shjP}vtSP?I>fPu6?*f}67i<9*AeGr}OOAEmuM>7qL
z<e-wivUmXbaMS#L?lSx<;$I6Ah#?Ik@G(G6*<&OnaTcVyBpj*;U9nyvsj2K>W>ANU
zNgRHIP-VFh@OCl6JR*TFSZQG%<OVSDNEqAll`UBCNnX$gmk(q4$P6r`u~)26kxt{I
zOyJ6L0|CO=OwyMdpsm|Ns&9Ols<n32vWC^AVn{KQ>RQ^CEQ1e%l?sZ-YAFa0kT#yq
zB-T0`8gQ~+hp;`OQRppACgq%>wpQPeFE<dDIhNo+SX7lkRmi-EHGwl|(bB6A4`+s<
zgcma8G8r1~;#-6kXq-1-6d;;NAIR!CAE{da@d2yx#_Pn;2IDnt4QW)tTfbS5g>jiR
zWn$yQ1mPgj%2`B^G8!DBp<{hB27yVem_b8$aNXVIyli}6{IT(*cwZc&KVig}_&hDm
zfJ6Pe%=Y!r@EamH^cEC9!=GlqP=upzLBf5h8ommps!brMtPB~r@C&~`Kpt^tX00YT
zQ$6Ui8bTSrzsiyXRnrUsg3b<Eam#UsqP1~w*LsON+sKdxl()Ls7B{_+&q7Tf9}{U1
zro~70JO(Q#mVFf8#BmT6CEHj`wQ6ASm8KMDEq(X-xl2K(NQUF_li3vo@!u8jflE3H
z_t|YX5@_cV5DtJ?O!)Y%x55~3t1MO_$19f?^KF&wBJu7qwt)*<@Fx=PO#r1nXOwoi
z5ya;josAskQs+1#$@4557GLac*<kHZV6tMxGL~V3-*a}8*9d#hAMePJWOm6a(`tq%
zt2_DW$kRjLGn>IjEn7lTm#Rom6?51jLm$b$$TnOR8~#Y9!tu{J#^G)YQPm_bu|DC(
zuu17IL`U>F<0<Lhw0(RJt~fC{IFmq*u~8@-JBwNROszm3zrZv~4h}LKOsMoIGY4`?
zYmC~oN&t!t5d+C=Q$s03CNhGOp%XcjnOQZ8lUN<@^Nu1>>P7^)J;*&^k~J?Z-0TxZ
zIQV!%!C7Ri)u*jq5;G(BY4>Gd!7L@mPPxX&k1ss_|Ez=TeVgoZfJ*20VsoE>dq1{X
zoZl5~8e^<pZDlLy+_;?e7E5-q&hE(L7f!tIJEu7<0eh3sq8g(MkWrE#tgb;e`%)-k
zC3sVVB>0!r3^vY^HhZb`Tj2dBcv2JFo1pW}iS#bJ(F55msE)Q3>uvcx%Tr#CYO~pq
z0XBrt{gWwrPJd>|+SQ21R=eyF;|tsJz3^p$Lg^_r6;3Lr595)KD9B#(<S?L9@jTX9
ze!eAK;X!_8L5!Q$6-osqS9rbk4IN9`n^(ZOVD4D!#@tzd;z*g_${iv3KFJtxZFVl^
zGaS`Oq<C0g!(4`4FbY67-Q>mG^9G1NX-j}4z}^&`LVOP_i8KwTkzba^`aVu&cQhR)
z!2tw+@!Yiv*JB);FD#=Na^dQcM&isEIIS<9?y-T_keMPbrZ3tvJ2_Wz|NjI!|4WYR
z|CdE2l<)r+m8tXpC*{iX|1;-5`3DM5spLicpKSEN|3$2a2k^*ldjB1MY}g;<@akJ<
zu4b&mRs)u^zoO8?Z+P>I`OXb5)z{nF>yaed99bR95I@?;E)SgR1z(6C8Ds~=5*rvw
zNn({{!@<nWF_&|hrlsP!;(lRlDO+|IHJk0P>7J#Sxlt)&Y*Vskkz}(o>`u)ROT;kK
z0Eo}nsl=hC+Kwg|{t3B0-|jAGHXC8vb!;qbRIzn7oWUchnxV70!CXqqAj~!uSfypM
z)R(NOxRS#uY`CV;!uo}9E^00{lws7Y0Dx^QYgUC*VzYR7SD`p&-NM0<frV%&gU7Rs
zo`u>QECbXz-B%w#I17hcTVGvG?l$AwMT>j@J_rdMRJ&D83}c8_jIg6ibWGeKJbnRG
zI06ngM}yBF>FEqo(`&G><pwg8!8V+YzR>`}ru9Y+`Fy@n4wWI_29BWgZN<+dVIzl8
z8YPw%DY222*g&4Pk^)wVCVL57;4(k~e>d7PHQO`M*N}I!1r8d$PS0iFyG1}D9hyIq
zOOcjl3R(&c1(`$oKpg+1i46)Yv1}wNER<`gvrCbCYBm*jIPs%eSW#6u9Kplns2)j#
z<Kd73_o6KFVP1pbb2K5uwS=zgE?z5sG#Lsf_@tVI%otWUp@=Hns}YHp6+wdgq$VrT
z5MRuwr9hNugpWovQj<trmXl!$Fo~~FJT8#*XegnD<L)(4;!$1@M3G{QM#4grU{{rJ
zRF)z-sbMrO^AXX#CP_um#gIaPBzT#ROEOPrqJ;F28X`5(qj4n>R#jIZnj$6zKBPfr
z9uIed93nN*BC4P(5eg)%Ny&I3;tE6*bRnVXgd+(_3iDx&+$Uu%#A}f-X-+7l3Nkj-
z-GHc3UDBg`h!jldNmWV`A}e7f$%|T)5LOdaIT3Mh4rYQXMP)*hNH{DcSrZg3swpPH
z^^g?d6Ye#U<GQZOGO2bP8-GcaU{5OXxExmqk>h$ClO)W$(<Bm&hxG)ZgRZKA7)}yl
z(_}p<@e$HYUXDZr4L8}9J5f#6c!^-w6)hf(>ZG8MRK;+D(kCISiIAeW14+taR1{fr
zBvDN!ql6=B91}`X!<67rNd-i%5*rG|L(v40jYyJDBoa|d%%q-7%3&fukx)bqY1$Zl
zC#golx=j0vE+%wEC&W}GY+p$Nt)b3G1VJ4`?86}`tVam;xF)GdQ6e-ERV}QEaiR+J
zctp{ps6Y*L`<!fjW>}NNT!wA5b?BgSvZFt5n4+s@*u?M06AIquv+l2!%Von`%^<A9
zc_<XaHB6y&_51ynTgtZ%>uDezSA|O~!c*+X7o6E#h_jOlPqh=hbWgR<ppZrztWhr;
zbWS-WV(yV?cb7mD8yc6?*VaX%G*P69(MVlw{gTE8nkdmkftSRP99E3!Hkdtl$c9ms
z9etlu5gBIH+;9dDDA_CwHQ4G&q=wWKoXl?<b6_uc-V~fw-^u2I0Lp6*;V*SR0+1E8
z9UW}~_3M!pgML^sAPmPp{u-0*j1KVQ$AdXgAV8WNAZ_IQXrQaV2l?^v*56abL>O|{
zFlz(u11QXvoCus6fMPsL6uiX1^8~Pggn;+;bAExLz&BMSw*_9pc?FTP-~oKzgfCL~
zB7-jx$OaY@zG%P~34GB8ADSvy^%n_z$%HRZ_yU7(5Qbtg;Y$X5iNF_Z@S&}uReyoN
z7ki9F6C1z86Xn;^;{5W3$}u6iGOV7Hv|hgcpn!=S?y0f^v2!pq9tJLTVIW561B?bz
z&cN#D9atp?Rv=<@JbYd1!dHq`EP~eASkZx&@LL`azn8l3o8py<;1wNs1qWUt2mE;C
zKsr%5XmXJQ3ClsKP!1%?T@H{u9zkew5d?|JK^{^N0~^vpF%X3D$U&2f97s$I^07Lb
zT0{zz@kl|Fixfyq2=cLt4y;9FKpKw>$R{cT%`P$!F7Gdt0698_1SsQ?fMyp72vZ3t
z<i8DN5&rYz;eWFW|HG93h1|E{EW-WJc(~u}!u>Giej)E|IE(OJaN&Kv<wA_RT!z|u
z$TVI?oiPtXHsg-O6WD_T1cihF7{WpfgqjqVA@Vp1aR4<i1E;V#pXt~krqxi63}&dh
z8b#1%yCpkT0W1Y4SVB0_5{zI46vM`0FLf8$sbzR>C>1KpA*ui-@$+c+8toEfLIwk$
z56;x7mcR`G4lu$koGIkUg!3#~<dei8$;Xd|Is0M@^>>p6BRHEp27V_V1<@d!rkFNe
zTfXE-I*k;WvYLZj0?wrmW=7WZVX4Us5N_f*2~W@Sg9FhZ#pxSEJ_y5<g8+q04Jatl
z1r$ABEFXk<eovGg-vh@2bNS%_nZb3i>@<cn(lDCAkpX&>No&272$q-*>g!pWF&VMK
zVHLT@SdYgrsufew8H?W}bQREm6U$uBR$0uTI=F@`sSl^{FQznGK4oz;Mr0a>;U_i3
zWL0G14r4(%7_C)fSRdw%xEWGAoD-yAVYkTh3uzHYV+5Ku1WTn*z)<Rrt_)79p&Vyx
zCagvJuowifEyNW<6>Uo>)(a|cpVMtgh{|}VbupU5>3j~hkiseB$v%_P>~T-5&^%nz
zyqTodi>b-Ln~Ce~anHyQ7b<j^4!E+x6s*_+?=Obl5kn-6X0I&Is_AuPKDACwXNGk$
zePTX6QaQ$KiW^T-$VkE-g&sPXu}86o>R<LK_1K00lN5%~`_@z8W3=_B0%pAfEVoUJ
zED^#)u_-171oROb1}H^Yy5<~sSsSX1!GblS${4U%E2@k^lQn}?0~V%@DjK5ba2@!x
z05Tofe>O{VlXAJN|7m)1;&6<;{)Zogg7v?UGPVC_Qm&Tfy7t=k)rcH3uBFo+TZjVk
zwv4FQ%=da&2mvCI0-lCdE85ySJ3RU8@KgQrkMDBn|9umQ<9PjFR`Sn(lf{rS)&D2s
z%3uHQBkTVnTl<&re?0q)@p4R#=CA!bcm54zw2`!K?Dne||L(rzAgtAc4(T&jNa<7I
z{yi%Oz*rM!voP4M@_ARr#}QHl3ma@x-xtlW3BFwVKW_cR;W$qJ7eu~b|F6PNo&Pu~
zS8xI^PcUdH5-dSPmB>t$L@GrA3DKA+$M8+wKH>?jg$E)~(!`<xrxyLjHHjjEBrki-
zrrcHr7BuVeFiqwoA%mP}Vk?J9WCT)^&nX()K}}bHai%-T$!62`jO3JdBXWs;EWw!h
zkx#4?ejmZ(F$1*BuQsfO`TJTjYs7XRPNpfwhBX%Jv?e<e_pJ>eZ-qBtMS1xW))zXE
zS%wv%AL8(N7x3b!H(;c~EDjg5mBY#uKjOcCY6|s_?8?*s#)qvY6vuJ(zbF;Pe@@wd
zlXA_c8r$HzU1bYmrO4ykm=KQPn>>~6>8t@g<hitl%?g*aEpKdIT7xPo>9@`xR-0OH
z7y0NrtV>f#{R-s0sNjqRFY<<X-iv{>uBh$oZL1-L$bEftJ6CBtUm@dRrz^D8{Y6I&
zGAx!1vYlO$v5L2G9*oSE5f4n@kH=5A8qIafYg-#Q6vG7o9_K05N8vkWsI_)UTgR&2
z`i2!PZL8sH<h`A>?MoXvYrFzqA$h9+!x9euHn!9*?SMNBt+$QLoH-Pv^|7Ha5O~~M
z7ISZP!c$5S1`{@%7|TVA$13DupGk}5)y7jguvSYAqu>yt%)l>5X<%t-VyLk4d6_Ed
zz>z5c1Q`ef^4P)IlRb&Ft`5dLrNaX#m^3JoU$rl~OZ-_~F8aS>eQI#Ra2!wn^9Aw$
zA%05#PtKL6|AFsh3<z7t|3neb$9OR&MUFcLm@1zR0RYXWr@M)sj`th)L{sBOOF?&A
z3c4Zz?_!49t4yHE#tc<<hQh5TYP`F+8YiCzuhi0M{6|m5XvR(sJlm)e&;4V0MGa+S
zYC6uTJiG16v$+v1Z|g)2tC~AH3w0x+D$$YNO%-cqXag!hoR_WJ^u-p#1GyXsn8F3f
zW2xN6wsy221&hi))>IDFw;@eW<77`M{N_~*9!XU&pR5NwJWgroKb<R2|F<{P*0(lH
zFplH-f0Y9NuM`rbDg8eg*Z;Ej>|bpgOaEN|6&t1J04=s9*_Lg<oRioj;R^&lOiCZQ
zhpwcRtwxqyN#=2H`~B_T%<Sr6WAjKUz3o8>pvTVa?Ck99tTa1=UR>3MSGfl&IaL<9
zt=I;8V+(Ahl#WP>lFA<|)3<`o`@)>jY$0cKrJOT*dCF*VNp@y2<?qWP&G|_-HJwIT
zYGK?@eBg((t2$Wt_1D9}CYz#DiA=++qH5v%#qu1_a4)0{@|6naR;FJWx(X%24bUki
zNyU^+_;vPD2|Ze5Za_c;?Wk2M$Fe5c|4mi7ku#eB$ueg&Pg$0PN4n79TP)n8imz30
zkJ=;m|HAl}?SAAs?y~=^){XVQZnmDs|5F?<SvhTXo}L+oW920qUV}hS){-I<cqxDL
zx{Oh$0zecccwEZiO^a`3-1HbobzG;{uXQMod8aY8GgO45{sv~enMAYL5hd(d3c*qh
zFJ%hjEY&#F2W#PX6=ed=)e2o0i-mfX$y#a}f$o3k&w;992;4F%0DCk9<7tY?M8mXF
zEd6_|O0~G`CFwKNGnJQf&+S?0f?lc4!Yt;bdmZwL@0<rw^m#UwkcZrXD!#8&ltI>G
zU!TH)yY}^WittRuq3eu@;pRGbz(jLZAP%KTOWD}Bpp56oNueF-1u^@E8M@BCWr={{
z@6JC25K$Y|6gE(#thdWry1tp?r)wj>&hN;sFTLdHQOwNZRYi~0YU*tTes@Bi_9;($
zSrjp=U*+u83G(g8WYsg&-&OB;zYphlIU3=LBo$Tl9=dwwfF`c;z#rko#7{79ZxyDc
zG{TL+3ET`}MiFjRCc4KP&|_|N2`87a52&()mesRqgrQ2}DhOXXu7FIyI;FZV?Q6K&
zpo`Mmmx^4R;Oi?S8clHog8Lv%BZnGE3ofZ>7hbm+Er#jzT3gT^6Q00oON8V6lk1-{
z{+H_iM_v8j<Na@QG5&MYGM@c^p5%B^{qJmjLiJfQK0)z6TkV%B0~_{kU0;+}r83gX
zkD#^c6j#M1-JGx4|IWJkE)84<4Xl)4y`%(hReDaap!4!qOpS$1qIzem(O!JT^jD9M
zfBLah|Igw_{Q!7J{C`7l+|d86#<Tu^lH=uzI_NYojPctX`w2hGs9}m83G83nwDheo
zHo2I4puX{Wex)Luam2LK_*yA9sm8CPS)r}TC9GD{s1lhA9JFYT8-1;Sir&xpqo0er
z=b(mqKf^Cf_RYRlcYm&kAQ4MpTgE-0k#M}g1^UhB2=%k#$k$mh+&Q3WC6>sB)4W1K
zxAT%({;;2I^^p9+2N)c$>Ps$G1=Et>idDvMIf~!3jKvwM4`86ivyiRfyN5M;E3sC7
z4Y8(WEGg)c8*yNrk-y={UV-4#b;N-IAc1!1u9)Ejx}gzo{%W~=KAz@S(EqsqCwc4)
zFkg`WrQJ54^S?aBv9$m3_anN1-m(5`8EtFv`)|{Fe*gC*2h9J)J1(>Ya01mUm6F>e
zhF;@IBI0x%KhI)7$Mv<fO}4g1p=sgI&BvVLQ$<+nlV1L(V6x{MnYU){UFef9BU?{O
z{)jo=B=;zc#dLk`li6ym<+lP60+jM9tX#3)Tv^>P8_ky0?sV616SuD4r21;}im02b
zLRZE0jb#9mS_&Sv2q<aGKr>hcp#BtmxWSgC<x60|OsGM^67Y&==)cNvK*ORMES%3_
zbV+`oNx3!3FLYhg2$kkG4Y%XC-Hxa0wy8Hox1;ObZbvv?r)jo@wy_kND{$R$V1V0Q
zNB0cd;+=-!G`d}3T3yiVmSwC0w;hF`tD_G{x6^Q3v+3EoYjv%L*LKa0Fxp<*T!A3l
zEG)knDO_IHvY}$P?bz*ZqvN*B7B{_y!MSHxhO4h823F^zvH#2GU=l{tUtw)NySTi%
z{<p&GG(5*`xNXbmnxY9aoa@=muH`t~Y73)bufY52b$_t;=Iy)v|9O9K_~GdIe@}*|
zAHO^M{)Zn|*I39dAe9|tw42=Sc3iXFcDr7Sw=BbOOsDHLjV|0kzvaB+r`(mvVWQX-
z@zRbjOD<pAY&E1zX`(CI&~Liyh)&b<xFvMBVYfWD>o(e+v%Hau*qRwON4Q;~+Z{uA
zrfqXeZ#lNp5~gTdd}UWGVrymCJOjkZwp`Eaa&#hXby_X6+iG%GcRj0hKWvu5*06P_
z!=1L?@H%G4)|-yy7~M9^T)=D7=-dxmTVb<WrriZlOXnbeon}+mt_fqI-SiqQ(QVud
zo0au~tph&8YjllP!?g@(rf%t$EzEAaX<6?5T54sz0LyC_#BQ^r+pV_I?6!E5>kX>`
zqr+=AtoHq|Wxe3En+@J<3Eee?#k<g<omQ8-T<9iL)3_gPX5Ohy%XZ9Wm$!Jwb6T!t
znvQ3fP80rH4M2KNbXl)<3`6e<;j}n6xCtU`w;E>KHgwT-49mvxv<zQG%SW94IA<F9
zz9UJkws5^BH%(hKoGz$or`dJ6DNI9egMe@(34?B>Z0*}M+&V8O$TR{wjfW2IX#i`@
zyfJaYa*=WyC2H=Jk2ywW{$0h}@OwJ4ngV(Kq<BW@ko*k_5r$s*s;EO*q|`P5&ktRk
zd)I0(eY+8P@$;V?grPs*GNZy2u&VZ=n11EFT*o{^i)0WcwOykCP$bD}Wam&dJAn3^
zf)BWQrTe>Zzn<U6G#`o@G6WQ#WOkvotJ&3z+1%kFUn}=~7Kfj<iO?CEI2eAv2*ST$
z>8u1%Mh`|xM}y}f2>8uPIRMEf$cz;wSw|^V0tOWtpUh7UIrVFq;gRo!aZzrHii$)7
zlqo`6N|(&4Qc6LvQOSjj9?lP*QWKD9_J8FH<!ze`5|VE1=)Ly*mf<fy7S?|kj`d%W
z|FvOS&+GrEIF|H3?tyiKpynpi$EoA?^}hj1?8f@P@f`o*X^xld(8u7~k(aW8xDWvb
z)@H+W=K2vkmcD%K4Z6Wq*#|xmJxz&+1~-nm^BLD$N0*_9dpphD%B|?$3Mj^LpW^G8
zAGm~e6Z7Uwc*?$0UpB3pt^=BHzCrI~a(*7{pTZ@6MZ_IAr#~F;G40F`G1%Bu$J$^6
z={!?CK#y<byQpEnUqc5gssH9}Pmv51OSplsXQRrC!@c3~)!V)NJ2Jj4$8hJEOJ$Nd
z#Iw_g*+ecS(oyb>Y=&MX?8D)!_j{WKrdc9`yYHzzL<$Mazmo}>EASJ~!UCW;BUG&J
zv5dhrAVI4wEBZq;V_?9rWGWory9S!G&vx>=?Ik)ZLN#GdVgYMktB=n3tp>M}VrX>+
zOrj(!<AT({4~0x>1O_pNhuykA)rc<_lzFae%di|rN#bM55oa9vj`9SZZxfG~6L6!J
z6G0z3G`4PY{L})lcT3C0EeIvqUy2UJ_BH0v$_5i$AD<i@vsXb7T^@_LPt6=CPcjFc
z9rUcs&~eTY3<q9Lm{xvzfacvXPsdEd&ujhT<DL`L#FeNVo*wijzAG<IhW%db&}rqx
z{u_o{@Su-2G+L3YVqqn#>GiAO9_GJ0KYY_KsLSsXht3ajXN~z1M-*q_eBj4S%Q2S=
z?4yU(M7TbvhFglA@^~Z^p8UxTqHd+9OiHarK8P^k<;ZRlqBv7uBxrvWMzJ`T!yIcW
z>R2T6)nFj$hrVI;Fbbkk#OjBqtbW#D^|#-XQ$>9MQnmk~VQO^xVX*i5<6C)t4)+H~
zXG3*$_`08+ejJ_*4i4nS!N*r`_7C=kKMYUz4$oD99(eQv;D0k<bw^P$PsCuJh<)M;
z{Fjb#JgDN%JbEFVxj$;9QibcD_H+#(R)TC7tteMF`J7%)p<7KInstf7tiT=)K^4Kc
zVf6q5r5hHjyE&XHv-0ulVZUMa?8L!ogoa%SDLu@n$sWwzJJ|p59^i2c(;~2Z1dFmb
z6hXtJy*V)J#Oie9`sxhYl1!s0pbO|KHyEiW+`Zt_tXMJ@L52rb(8U>_r5XB}@5;Nb
z?PLYu)S0S_oUydq3TBis%pF_%jgF-#S45K}5yanwe7R8!#T~zlplysQBj5c>RuJBT
zVKClWJ$4XCDQ-Cx3~}OyWw|tiPNA8V;nByF{$3CC@;*kiN0q*T0DCYMFDYJmv3D@s
zyHk^^DfbKYxUo`?E4;UB@g;@6T!$NfSclJ(^9UN;RoZhRHRzA~phew9O?dw3n(*z9
zE7kc5iXKm||GBMMs@u;WtlRH~Sgza8Z`bYT&$_+t;uu=gkyF=3$NH^AOw+%i!e82^
z+w{Jx6o0wh51Ix*d4Cvy?k?5_Qsv<FoT-1)B41S?S8fvD+c=s{nKqPe)VR)0idkSF
zJU$E3bGQvOGR>Jzx1DY0>S{Z7wqbF&9dAc&unlX6?eX-NZJVd1nXAB9$>*$E?GyZ$
zYU7jKC|rb~$S1K9<ZajhQ??P@c_`>76}t3`tHd4Y%WK6u#MMO}zZ2XAF5bc8F|cyF
zJq8|+C)<7)`~i-R{{TnF4{O_rNbV&;z7uUbvv}K{Ot)d&f*hIflWxQ4*^Woa_Q?0P
zf0>TpN6;^Ap;A0oLqJ|+YvsTC?btv6SpNR^FOUD*Y(MA!e3Ikg@qdly_`m<4W7YUi
zE+4OsyY~MX`px*?X8U>kKgDs&=bE!9{+vv?n*LXPsKFgy`ybwJ&3&#pI$?vogS}H&
z@xR+2Vn&7c!{b-|J%($+7hp#`?op{IgJG+9OD?U!>_g_#k5v_QtGCnIt^DUdG9`pf
z29UCQ$ZrCD9^xpFsX5#h{jJq1DvIUOqQC$CdkK3}VyByr-txCWWb<I_W@F}QX#ANp
z{MADIe0=dy(*IZdf`_U2ukin%{ol|2AAkO_r2jGe%%j%v@cwT$TF?GJPjam2|Jh@1
z0(*G>w{$QGpZos_j@A7yuD}-bDKb@18>f@ti|e@E{%^L>*>A4@O}+UX|Nm)@ofm_n
zKKWE(7qjD!uMhV7Osm%GXN`WnJ~$n)@86vs9^lfS;?O&3y}tJWH!?G=6#VV7K@s0h
zPwH2Q$UsPSO5t>zwC1L+wp-c3d-z9icbAOlozzbQv5P^}zLz3MyOYm^&4wbrfCb53
zNfg;3h38Lp>Jm(%plF}52zpwQUc=L|5UIw-vG97@ts&|_*lSLbXbfNF_q0@8rFFcn
z?^eFrp^VrFUd7#T7d@>H_B~KhJ%z%wK^w0W6t-)da*HG)?R`9bQ|%y@ow{skWyg-(
zYq)m(3+B5$4WYRYYY`0}W_N)$cjly;YS+T;bNp_h?e6e<G%Z8nPezOfKxM{U!hr!j
zdzu>ZwUO^>tiHQb=L)C}6|W!xH_8JEwm;h4fu4=R(XPV0Q&-nJb$WUW5?3Tn>`&3P
zOWS?5*x!`sp#OHCLcz?Y_=#2_lYiLGi)wX_U94Iyb8!NUonvdrFZ>ag)q(681<7y@
zJv{@F{OT(Zqk^}7=!z>+eA@22Xd-gvWCsDUxnl)_m(c}w^AY^M@Wmx!+Nnd)dqT?`
zecJAj{yr4ijV{9=;xP6G>g=HyK=om$9AJYyc_=)7yof>=DbR+pquWFApd4@;qeTKO
z$Hm2i>4`DUBM{S<Cl7BAj9eU}eR;xGb;?e?EF$vxf|N~oI8*bhwtGky4;Hi%j+ZLF
zgSM-}I{D$~Ud=1xP_Zg@`^p3JOK>RnQ*HM|p4^{7bEuU<8S-EFRY|?vD3_5C_>Kq@
zq4;?quZp@Cn6K1lFykI5Oi>F(T2~r0$;}}^GvjaYdFK3E!Y3QBsFh0EMk=Oxtq&tX
zL)fv2q=e*EUADF~QpC$AJ%Fiv1+Y_W3{07cpnzMPdE%0lk*I`RNfz_Um0DHlJ&Iv+
zy#|mT_v7F?-$up*z>7J2Clv5?%r686ow{Z*W#|>|2-ApSU{ZRHF4Kt+6Io`K2yYf(
z3{whaRYU$vOZ4uCY(zfb!6w!Zv}Z)3JF_hifh*mYF%Td6D2LFjY~mVojGGuIHO2tb
z<eH%}1+?o#g$%lAUjxo0W$$S^WN!9SGue>IPko0?`3S?5g>E**AOoWin1K0-r#yy2
zvw+8d`I28J7}5qb24(`g6n5gL3K%Z<bc)2BQotL;0wds>MbI>u!xSjG6#x;?-U!+|
zig=K00%pR14V8}Ms)?JD_{c-{OpxF>mHn3SgR^&%3pbeiD(90bfiCU8fO(6;k!=!8
z$Iv+=ktP((R%Q%JaMDF5^1#Q)xw!Km<3C`t0Bwep(kV^RxRC+ZRI#;$eLOkXB#vO(
zAq=i2Bk`!-BKARDgby9O6A=R1>}f0<ff2?SPZ;Gz5-COsF4Z8N=0yTi2rw|RX>@J^
z-$2(upIr(<FXagkYY4i7Z)11Y0mCLhZtT?Qx>SL7gMCO{Mihr(aIG4eh%#LiF^6mp
z#Rh1vk8+n0xXFZ1{qIQS3z!RnpwJdH-(7ck%5$pn&WT}e#O)EmHH|PZBh$=HKZma=
z1)_ifz2}QS4Q`%gwTfbjk{rkU8ih&4vn;oH+$eO96Gfk4I+kijU10bR&^C<{hx+n~
z(l@wI0BH7r;u($~PYOSbifquK9%9pgrx?6gjuVhbm0b(Ya6Khp@F&4FV0WUa4}A3E
zXhJPkW7Eg22YGm8DQ7Z63-Uh}B4;0swoHc*noM78<?Y^?0;x{GlLR#`ZEFBcEVF3!
zSY{1pEP!#sNQQ_{8<ompfkYNaWPweUj_W7rJ+f?*e=UJ=p~;w;JO`UE4}`{|#Pl=L
zEm`;fn#l~ZA(x5#W-RU=IDixH$-sUnX=zFDM;I?E>w)sf-&D0B!C7@G@*=eXL)ntT
zq@geOkzjlCz>R1)LcjQOlZhQim!Nhsti-nkw33%;1V{-M6$DpUH%skTtXt%PEC||3
zJ>O&_Xm3bZ&<x01)0?jyY|20^RSv2_3SXw~VJ@LbXRcK^e-gQg^4xVeY6joSYgSk=
zn}T2JK_7u+%t$DX%C*St=7%8PvT3pGRSN3h;>4u(1QVrz10)PUF#=n*AxYJm)KV}H
z)^DmFoCfmUM6izLC>;z7mw2(DHb6lpw4g$@p)LxwQLwHU^Z`yhNS5qT3P^&gkh)XG
zG6Ri)-xp!#3zaCs$|09%oKHiVU(rgDTu)H`<lI$5yMS1vqQEa|4=OJy1qLaZBns4A
zi8C{;MoA8&oWUcq4hj*ThzTr%&<yeNQ39o)S8&1>F2I4*tBMFe;KhE4mKa5+5l({9
zDD?lWL|4wkpkOIz2X{Vi=8{i(b8aZf($E?ueKZqLGh!e<ngHRWeBWJ0(*A(05BCQf
zD5d#etKFd{hb0x6bvOEdC>@C@?thXht*rO5l1_m3Pr0ZnsWe`Bs4dksa>&47!qFvH
z0@x|D(TJisqimqG=X2mJ^ncAX2t~J3N^TQN0&D#VG92eDXH4+~A`E>9lQxmdPC#yO
z9AfDa4F)A^fR0q&y6++M22;aQ5<S=4n*(jBW+7Qq@WTw^GMd4(ZexSc29{;89vLMT
zhh|w?E`V&B68!|#FxjS35oH=UA1e}-0K*ixXD2wc%4T1_yHILf;Lm4R`vP|WF9qzS
z;S$R2kjvHO85*`&-;4wj<Um@{BmxMgxU`v@ZujP1Srr2jh^!EN*-$ydx|><zhFt1p
z!;50Db{{KSL78b3>^r3FpixX&gOdn#QU(KtO_)l%bHrmC-3d@+U@{f%YU|1s&>xv~
z<%<7j?@QpLs?NnH3rhx-u&B7<WeQ{lhsnZfFq#z-3IRd@5is1$+$6V|%#3qqNa7j<
z#jO<F_hO~hs?WN$wNKjuTD4VMsC%m|T70#wt*EWl|7+!czVAEd+;eA1LbclVkzXsx
z%-PR(zI|C?v}WM01Rm*TPf|!N2-HSfn;C>VW|I;KGmvOC+c}*8uoaAspKcW}W)Q%K
z4ND{n-Z^vuz7VoGClWXc$U0ou04`o5Zx37ma<xLXDZ<#;4q|7!;pGv($)rPgX%<^9
zlj-C#@PYApH4tyYG(0Sh4av`dh#gS|IDRNy8jc}(;Dt_^sKP-{@WSark41t2bwPb0
z>J=@23JYVG^T27Tl_CxqJw`AIXhcsS$H7h}8KYMQU}QlX_yE`|9$9Nd)|u=qx{&ao
zL<+JSkb0aQ$ey7`EH2?CP?{nz7r3#$xp}d6&UqQAaXBPDi3TBx1?TMUh{E#+eisp%
za~#+gKYTuxA0IC6*C0Lt4~V)2!Z9&rG%g1tnB-hgRCCS{Y&Y50>2ri|9=u$88aZUK
z7|%HvXx$*Qv~##DOc%ilXCU-Y$a09YKs(zRw_wE6pwO><DT>7vILk*vAofp%dpOsD
zgan(9rx(nYvXB=FW-@Jp38e8b1OPA*9>}0>wZN$9^i5^xp<^oBYsLY=Xz&%6DyS_V
zKBYONie-bUZ#dbCU_x1VF~pmeiC`{H3(zBt+vVUr2}PO_jt@a{6YW+Zy{_nxx355y
zN~$?a!C?Z=8X-kOMMp|YCqK)tkJJS=&5uHeM}$wu57(A~y={7!kroPW2iJ5)m5p%N
zVk|eIL?Pf<9Y|K~W8i$cL{ff^BLQN>Q8L16gxfMPZp2=*le4Q6ky1do(qTOb8_)Tb
zYauBX=#La&nM}bCUQu<SV#3fv0$|0eyqVzw*Xo1YbV?_R&V{RfJS{C~C*gC*M@8eZ
zTZua0+$P83^ekX=VZp>u5T|V^TZEiTgl>r?13ex3*F_{oDrzZ`becpyWMK5{98;Z0
zM?jxvd9J+3H>dov%D3kAq%fu)pF90KzIpbYC<d;_+X>yp+gFvY!K{jyUym)j2u`s`
zvo%_T-H;3h0)b+*96)<{!gTPO)K4jCu;4CfxdBwRg<9AJ2jEj|WC~?YfPsPLC4@7z
z6q7A^iak`PijM*R1Oo6WW#-Z(_YQjRkVL~=7r~q3YCSxOrr0Fq$AFSt@z7KNf)J2Y
z64F4O>ewBQU~~HHtYGeRor$Nb7e4f`-=@!)$^JQKm1m*eGqtMS@IY!Y&&(3fdAzrx
z`C{L!S|zprlf#KQ(u9qMYQ==zP}e+{Y}oisS)c@M*OS{5a~uP}x9}nUURPD?XdoIj
zH#9G(gKuhx0>Ed*@<YdX#bOZnqk2*8%8Ucnm%_*OCR|$Fm_QxzGq<BH6a~T#(#~SW
z^-|mg+zj^9;V-|Vn=D(F+O>>#)f0Bt0RGw<&$v+0nSmT!Hg<<4+ue&SA(taKI7V}x
zj5rP2EkE})YxpH&wpVu7Y0yWSdC=RFjK{T)lCzKUf@&ymkiFCalXzq*OxiEbvLLBi
zMtK%s)I>4bGZ;AR7mPkN5MqZVQGpeJvUBUqC`ErGT!`%S^y6Hx`d1*Jd0_AujLdb<
zfLPcMtpLC9ke@T7u9@d6`v>PELR_>C6V3pEi*v~~+w=!L1DLKNMQEOi0GG<(s9ozd
z5);yg2VfiA(3#=aL*3Qm5w}5*?100v&lL{;4Pem%DTkq_)9CGkI16Gv69J8QhTHqp
zVN<>Zu04RtJD(a@(&h|qC4{{p*ngH#S>{Q@uYg-M)KKa`+<|rku@VqU#F{D(`=Jvk
zmK2fMR?xBrFfJz*4x<X!e6Sf>g58YS!YuQ_ZjX=Ah*Yx&YK<*q=7ju0welFN4azua
z+Tq+Paa58;6~Ya&BKD_J1VQLbYmH}Pv$?j7f$v6s6#&IAo*PDeAjitpv7CACZh^(C
zB6XW7^vS5<0M5xwaFdlD3>rKG78+7O5V35r4y3ShjXNuVDl>p4+c-PZu3|bQe_GX2
zF6oGZ+&U)oVq=EQPLf#$V4(YvcRek@v+<cde#u*V__o<ciFne;pxOlpGX=<Np(u(*
z(zxXu#FjJBro_R~Qbk&lDv52d;5c<D!=n7CUP;#dq^lWmOd;a1QRz-#D7k4Vh4Cxm
zVy9Dl_kvgqa+b&EM^#*>z$sEwmUi=8bXIJZs&iVuFrd1)^xKdmlEF8}*K%;p%Ld<^
zKQ4zuO+mUf!12DNu!a5&w!{U>D8*K!AOTy+1YRg;c@myJ;w5u^JHZ!d^1$>KLG3zL
z%E1rY!bT5Vmk%5~NEavNs3-`3U3v^JFrzvv6IQZy6QFRnjhp~l5lZ$zauOmBl95qh
z0x>xu)$Fzf$S<4$y7V5iE7_$1B4&flEa9|_YZW2@+x!4g{bKQsXpQI69STmI-efjj
zFwR_pb0+Mn;L#KW%gr^MhbOHBcyI__2X%F+rb0CDv(FisN(MP8g|zly4X~}xC<g??
zX0Q`;_Muh<j1S-^EW9`j3$7MN)+3Q9mapO!1p2!@39ruEOA5yrUa3!UjNmAz+$O0B
zqYE4(GR#vYRi2^^N#2OlL7S9-dyClC8~{Vm=_mEYC?7%UMDm@O1MS-MV8YLpN}O0B
zAcuQ3)#HMC6v=TI0@ouJn?4%n>LJuvgiI*pZGg25i5}|Db$h9teQ52KN+bu-x38XD
zki>DIX<L`7KS3&jN-aX+?$e>i7;9{$F(qKAA>Rk??|`a%6a9+XbTaH(oasvQCriI<
zyRal48pra$u>kKP_B#Lx1#S!+5hc3}ADjl&C<W6fvU8JTO(rds@Xhhrax|d>zt$D(
zY>CEzCro!(5jcYcjMLIq0316tAsxYKX-q$IqBL+hb*m6Pu(86gI{GEUf)T}e03190
z>i`s?WV@w#`LZFAe9E+9h_DGCvo>;KF=vJNU>$vcYoO+iMc~w+eYRUA)2{&;_-tDz
ztqfYe1VT>Par#7f<HhpIQ`n!zD1#W8Y*yD=^^nM|>X)<WVI(tbQjU2;WPl1s*@IzV
z$X=;mi?&)phFe0m69oER(VLUY0+9umW&5_YXFxd8`4R<Xj#|`prFkFuGrJ#g4<mSK
zU^rf<v$rcaF^MK2m2N^f%nX1eOiNQZ-~sG2Qp8rIW_AMf06@&)2u;Dhc)BPGW$;08
z_&tV9E2bxc9pqFAYHXxC;1vQA9HK!uMKos%v@!?T5&jp_RNyeMiBOhFV}}F_gS!kN
zewO?P_iYd+E~^X8=7NZj^;CFyXbh`^cOpAF2||8_yW}zI;G77dAZ8F+vb7gQnJ^bG
zQm}BExg*BToTxAp#=A+clG=~7<msf&&wWutz(}E;Lv^ccOYqeV&eM(K$&lijiJV;<
zHy>Lae*BG&oZM*92Si>yaym%+@ri*{Gze@ikvA{M(2Mhz`o(W$3_~R&F+JD`1_Ph_
zv`l!QnLCuw7{KD8sQ}k!^e{Me?kbB@0U0Q`Qvv>w;!vPEULkYB87-Ww(=cN2B!ZoI
z`^Yc($<3L(jA6`V0%Wy>;O{`lP1r^|c4}?mXg7o1`Eapl=|WQ)3hmO_rWNZ;GFgf&
zSVFLZSxn?iy5o#vHWPvg;G3}rNE2AIVSrR)1&mZLeSQQ}$hiJ?21)ENs5SYu%Pk>X
zpve$DYGBY{baARGgG^%r;=LYf!Wh<cEac0gA@Zo)0sIc(VMzBPMu02O`6mvl;!(!q
zu2dCTFZuv`4|*=fynkkMkv)RR%ybzH?M@hIX4XdWh)rk3Q!XNtU!&fs_?8o{A*sqs
ze!|f>H;zg%1ZlmGJ2yzI=2g576vKBvF6KVr<}dUU<j5uATBtPuLwVcmJnKH7#Xwbr
zOEn|OdWs`NMzO*1Zfq}gj^yZmyxg_M;BGT%m{qP{E*}V%knHg86*ZXCa17`G9Tbxm
z26=^~Rto1viNWIJ%;7I948U?Eq^#Uw!Af?Cpb#na;7b<gibA;R#q5nnq+3dgi!S!&
z?R;$gRSB;Dj574&cR1-d_o{m7<Fr!BhD!ybCc7?4y!`fwItX3AQ3tqR?m?>HAs8R`
z3%+0xK_|(>Z%&$z8y+&c&nagnW`Ml^R!0V@vw^$wIoQ4wM?+i#t`V=#<bfX@+_OX{
z9WwX-@o<M@z-9a(Ji`4J#bX>+^yRG)8`-VJ*4SKeV0ANf$$(VE0OX#FA|Y^=M7Cn&
zl-9;*ExZF%XLI4WHwao&IDWR7b|&p+cx1L?2fbTV<3h=6PW<Rr1Y`u+bpg9pgl>ai
z$Bh*+Rv`&xsu@vZBhFjapg|B3dXsbM9$ppqg^Nanb{<S05nD>g<V+@zAx_qx=V@l@
z$)Pp_nWNPcL9;qq65!qh36dFJ$mG7Oc*6)KbgLnJPPll1$^<x%IY9ZH2$J5C+@7F3
zDN+W#4R-2OAA*Dof>`<7gb0tQP94xWmQer0-ZD5tf%jpu)%GgmU<vAZ;hjYN`I$I|
z5PnNup&&*_C0{ydMaZ{Q3&k-^A;n*bHpZjS6rU3WXX&!zKso|-r;y4N=-`k_J8d)Z
zjwFeYYP~je6NJHHqEd&>U6#0j2FQT{ZXLRx;zyRD9-H)_<#52!goESvXSijjZy2W=
zh>2(c^vHE(D#aim{f<0wqm2#I;X&^%v(1J<dCo>c5kH(asbX+sf8$AqV4US><tjKD
zlQ0idP`IJtvh1(Xc_JO{aGu(5dOl@)$;6D74T51U%fhj$W%;5>q&XE@N$RI%DIX$k
zsL;-ljG-BUqJH)SK4moi+exLu>qFiVAaUE1C1eaZ#?=1CIFB~Nm@V|5O&X%=U^?f@
z9jn?X&7D^<stavTCbl*uAew&o%F4A#mgb#g`LcP}h=GNN4Zjx1%8p((>|fi-W>7uZ
zd0|iXZ<e0fneH`f{9@(&moi1|DDRwpIjPj`kPZe%JABf#t@8FNH>7YKB$g7>!>u%S
z3`cjAgWWnkZUXwU{PI2G7M!S1`KnBf6=NJx!qmg&*<{BqQKAMUN^t~eC{%)idK_3&
zF@}^&YfmtfEreZ=%}9$EZ6AZg7Gx!*P)BsZX9J@*x<lJ7pjd=~62d_8;6*_LE!1cV
z7V>+Njuj0`gr&$h!jUXIULMq|B621ev2Wt!>gmAX&a)M_Lg(47LvTtPg{2})q-@z4
zF@lC0aQq;%b*GRcR9c{1kEy!vOX{2n8050Z3=%TiOcCYaxNj_=C8>ywRtQD-WuRkF
zmu4TDE(`NTj_Qb`%r0J?0^-f1X_SEk#tdY^Z`0*uEQESYfeGacNI6tcIFoKN!GohE
zISxg^H41c!gHpJmc?Bb_*+LDSM?*=fh;9WIFlAk_M6aUFl<Y#Qfk&l@a39;0Cj>Kv
zS1?t(I2mqIp1S50MR7UX4-yYTMUZjlLU`wMMX_QC<1G!aO`(9qt)6(yb|o}^(waAw
zO9e@B1v^K^d3Tu>PQ;^RZJCLX0Rt9Duaiu85OC@ADU>VBSq%GSv(=MC#>1NJ;3A5Y
zA~=SpugmBnca}sr=*gXu1xIg%g%CKT=DffvcWB<@nVZmm^0Z{!tYFQUlmTgp3fL=x
z^g);_C_ULz16YY^q^XqZsl-F6hL&RuJ()Oaf``d7kT0UbGp*Fa06CQCsPN35EpiUw
z&Qf<otLIxv`OeOrB);d#m5M35)aRX5>)+=md;T{&;ms$VV}SafGs~u>=6{}5QhKQV
z=V$Ws?~woP-!;|S;B&nde8NO;98V7_%^SzQrDd~itPFpor+-Ud)xqX|OCRB1IPn|b
z0Ofk)fBfG}_!d%<w0*LaZCO*tIlCW9-1eWAxJ||kLFP7oN<533OrDn3c#!$n7Tamq
zXb^eU1&%ciG&I`3jd<~C?NEoPg`ta?o>Qxn?OHQ^k+Rf5k81_HoMYB3Uz%Yo?&><g
z0S=VWZjc%1G9;jLI}*?l#)5%utOd#D+#pLTNlqv|3P!ForV)`h`Sg;kgYqyBcV&E)
z9uIby33gfF3W*hz-Ao!@*3`hnpco`LumfGC!wuzb0oNLEHk8hfQuU)thhL}9iJKD+
zC4xB0)8k27FHb**BU*l32)gXX(CYy_fd)fyizytQfg+!BMxX>vP9z`D)C@}jcNLsc
zZPjv3QCM&hvm0t`1l+>!#BtJXpz?vz9Np+o#kOesn1UHI3y6em5OFifnJrI_uim$y
zG0;xX8FAk=JblhOUh0D_rZiASnjBcLoo#__Jdj~<n*_n|HW^9-C`a)Oazhh+g=;Fq
z^J%xzKZd}|wbM4@&5&k2(^4I@4wvhocVfw6#cF%oa}HD?30s?i@Fo?3eAZA{B*RUl
za!*=KG_JBxtOaixQqY2vnq)#l0Ilq7h$|HL(~}8>XX~8-*0J;)5EW5^PLw0mW_;3-
zV>%FX_y+*&U`7jCff%E2K_d~31dLF!`23J*v_}CL+Q<~HhXG8iD8u9lJdCCID?|aO
zPh`_GcKE=;r(P74z!8ZR<wa>;VFL7hvO7yZ8-Q>C<6bLabP+7GKbPX4na^s#EjZER
zXR!%FlPZ=BlzuXhIrw8an9(syBIA7E9}sv4K4kXaFh^-1zbYAu!3?S(^APAsyD%RK
z!x5kjZ#5%&yjQc6BWqp>q<*(^XMlNeRX+R`6C+Ym3QCiK&ZNpniaP;N8rI%T$qO*M
z53Mqczbiv!!j6)Ehog`@JmAEB(HY)^fUi|$CB;jPSaDfN$;>qwK+FMNa9PWM08>D$
zzszMuH>qqAy+}*zN`@J=1ye?dc#{q+%W0+es0xKdn_x#W0`VbTKz)QMCA~)@I3@5{
zgDxY{5e@lyPM<H<EnZO9)Y8z{&<s{(>GGU;j3DRADWHKKop3;tpkhyifhg%CHF4et
z-7Aa;=EIp*QpSVcRaZ;+yj1f-hE17M4vXBj`_hN4VQ2yTqy!D+aa!O<o`}j%g(5+C
z_6ti>Tr~xPXRc5=c$~hUj_-IZm?wQP2mtg7mF~;yBI^X-l#0tzM_6b^qTp-}!H_+M
zHBh$!ap&Ohhd3t27<-hrz;T{@52a<r^OIqC4>Jb!9=P0;@syBw2G|+JyqJlONsiHO
z^sp9=-oi!0)(b^rfh?m1qdhTn8YvCT%nZb#XfP=gDiR;aC0F`{TSG+FE1rg#B2p9a
zBnko<pbz;!@RUi${E(bay}X0CCgsevY9pbmhd!%#p&lRnq0c2>qGT)Mr$OBa7%0<g
zga9kd$H;y351#eOKxN?4i8BV7i6Mh{yD%~H@xjx!UuGE6bwQdJCZvd8Gf$L`nkd!`
z9pveCYjH|G{tw(kiKg7aT%#2(V0yn7fNB;@>CI0)B+Ptt8NTf6fZrrZR>_!D9KjJt
z<x!e60zwYt-;-%WiCWKR!ZbUCc}XK4*Zo>mBov=)=wNT2qt)n4RBG45e)rtTI(^n^
zMzw{y6=c*l(xH=SeSyIktavD@&5MT2NJli2$Ok|Rv$N$Hmf0TR*6jWkgAFpSC!jSX
z+#GJGOOb`b8(pjbiL?P6t%x&+Cd!2d+_E#q!gR}YYP?bAy_N9HhS_(PaUa}w8(jj?
z%sx1cILAARrifh55GR_gNpfC8`LfA~=nTMW;*5WYL~&uYdc+JzwdN$M5!5}Xsjb<5
z+{iOTdE)s@YirY6<7Q9~ne8UjQDQt=pf&C})dm*$R;#72NoEK8dxnvKXjyUqV0;jB
zWMtc<q7&g=QFcm@p9?Acqv!xb4o~p#WBA_OieAtRC!*!hWNPE0sY@4EEu7k1U)A`<
zrIi`ZJm^rW2HcE;>$15~BMgaNCMd8W5{>F%3%n!Hb<h!?X(#U&+K;$JKCuQTETZmb
z+JQN6B5XrZ$d#5%_dqx~ML?NW!f}ilEX|-U%WQ}Kr&!$)pM7R#cU&e0l$|=UAylr}
z>T>@&HpsLx4fyurl9L(c)=H<9mzI{7&0_b)pJ!c9Oq<A1JPz<l?f8ex_@DVtcKg4o
zRs3Xg3}F8+En&Z>*#D=MPCI1(|15s~9qj*_w0a!!1NhAR01E!?od60Bm4ExJyaAj8
zeNx|mL*4*~ya5h*12`t&cvTWYM<u*ZQiV>%hBloAtf(42Q?1eE5Voh*Yy)L*YZPJ+
zn5=7bnHW3ZhAgc{94p|&lJQs+eFGAj-fBg|N%Vln<SM+_7_XtmK8i<s83|(u#?6ME
z*SKsd<^W);jxj>t#_&B<S^=H{Yv@R>;VcHW;L(o(-{MZ(D$Rtnnq+booPbq~c?C@j
zCL_RH1i3d!{f0m#HVrBj$X|zNL{cr;M$J~CFUvS-dn8G=E8erXJti>4yu}Mp_*5-L
zp!qT*Zd>7{g`(&)K4|xZOzICeW_&O)q%PJQ2XargqcDnbPz=Ki)23PtNb6t=>KGgm
zGvlVrna_7Z@s&EJ*1(=^RG$F#pkhZ5I|#wp901_{`K9BLG1*X*kpS(r1u1;FQ7aPe
z6{)$qD1Mw~GbzhQ$T5$ff;O<Y5Czv^j*X<{CNhCmHw=Ig{{DK59a$`HQX&|BCUE*}
za~L#FdCb{WU}g@^YhVCj!gA`t1CFy2J6Bj5vtP}Zd$2k^v@tqs8VQIA84x(iT_*Vb
zgyeg*7wAUxQ1NN}Xk2C|?NeL>&Nl`sZGM!K;Z)~<`e52r&>`ThIw8|u*J7}aiV${8
z2h1+4Jq`yM@)KY|CN;)tw^I!VgefC#MI-KLD=^g}Z%M3|z!VY@sLnI8phn1fd2Tc)
zYhHi}&r;sQ<MUIJIrcWV?MQqjz}BrGA-@7!0;<Dim&xx4L$%;cEdDzDxK6(tLy&s?
zq~Q0{dxvn4kZF;c5)zvs5-_l~AlpYVRt5}*DSaEmkZq3D@%XhUoJ|+6rp0r<ba(K=
zZgMB4<!(#HF(&}!)Qhqs!x>Sj#?|g^QLrh&)*x~pF{SirA&A#oqw6v}B8tU=Fd+MK
z#rx{eF&@}0tCIqPle@z5hsjn<L5S3Y$pC7&@zON7ZmzG>mM)sxyrQb9PHR}IEpA%0
zyrH(PR`XOXWq*78+KPte`bEo{HP)i3s<C;cwrH+a)wojoVnbuC-(7e5;-<Q#OSMH!
zTEoJ{3mWQb{aQm~&4OjM4UO}(YSyoDQM0z7VPQiv8?<?m1{3n38tPcTx$cE^O*QrG
z&#LN%1r5zB{o34y=0+HEE*rE;TU^!D+)%S@K~)ozvYQq!T3W}ZuXQ&rYHVnn+r(z6
zTUgiF%!o`Qn@X!&&i>Gr)>kc9fKyd1W2<k%_0=p|yt1ibUVXDxzi2^iUDHx`bsbw-
zRrP{8nu=|zW<gcMLcdm9wXkYl9rjwpMrp!ke03}8>+mBsUsa>Ks;0SNQ6rp5&7#KU
zCibVF?Xsy^c3si1w9c<pH8m`S1DV^jhz$?N$$G$<HM&{9#yT1Wj#_iv2x|g=FI!q?
zucfxGY5^N-DXf5f;1-Po|0<f;&qWFAE<iP`s(nL6Y^hMh&Mq#Up_NQ4FDWUXUY4SW
z1y=B%ql!JGi~Z01$*%uZ#K2EDNB{cY>1ETVr^SDj&MY~k|NSg}{w?&sLZNa<{d-9L
z`_GL5JEZ+Rr2QSd_LqaZKu`Zj%-|uV?;)k{ze)(0gg+Qtg~2pOIZ_Ew9=c4#$&9oG
zV#(mtxET$!#*5F7M_Y|}B3c|X!(~j;(qjoDUOFQX3$=Mpg>1QybpyPx$!G$~WQrFk
z<tgvl&{HX)<dYMNHA0?%y9p#VEckE`5iP~(&xSidvV&2)&mCV;loxluMsZ5(h<3x&
zd_78e5({*OF(V%Cbz=%o9s=R08>_fOtzgIr&XnAoK)Ei8x5whfRGCj%#AMn2c10Ot
z3EWC7ftEd%Ksc;J)!Y8y*%?e_Yh9$;T6F<7Em&l)ER`XOsAKpa`EP+bkKEX!aYjjO
zZ4xD(nYf^#TBM_yis!~R7&cqudK_s_N{3}t&JI~yuBcOn7VF1w0HGDM6m6-UYgU~?
zEWK9&NVTRcl`5h*jm1#9k=N>EL$oZeYOa?l0wV$_MD8m77y^!xo}yK$&n=QurJvKm
ztf?k-Q8j~GRWQr4Krs!vedS7pbqJE$D9Ohudut3bXxa-l+eFr8x1ICcFEUNr>PPWH
zxQ{t(RJBvMRSALz7RsDgJcyL1ALRK)TR1^!!Ke$RS`(YxEmMVO3(>#<y^bWDX#@EJ
z3J7IuB<oW17!-UoFe|SZWF@Jds$0Ml`9s$5U*qy}{i04bS!tp{9%|A?h#Dt5y=r+?
zV{=`L@($X=(N;aIc{3(kOn)}=;s_jZH+Hc!vUfNmic;=IYPS)IT9Dv3J1NO(-9l9C
z3@lIz00-P68N6=i&)1=ViGiW5%5#yuS@R;y-@gv6SZFq~4=(HN=|OgIaAXkcYwy^R
zeM{Iq9Eg(gd19VQ9zd!r3+!g;Zuyn~xQR838s`ciBl|`OvRcubk%&iG8&zfRGz2*D
zh0&;@8jj2*s*dkQ+g>yo;fYAWJ_lx8$pf$#-5%GePKvl>SW;?Snp@aLKqP|rGyyi0
z^-bMvD(uL(60}a@(<gvaA7lR)<)(<GOgF)B8CtIehJnQ|i<muj?RHs;+O3dpJDnWO
zti*%K6xkUat)nv8om-}jPVdb9v3Y4z1&W-;$7~o-JsF-KPfb-v532=i-zqdaZUJp$
zWC&}+S^x@c**M5fnMfQ4(%xREWxyC!H2N^CFUU>E&XCJahUZj_N=&HaLAO2Ir=2P;
zra`?mUJ07&9^n4@o2QU}xH(D4bQzjNp>bkB)}R`A3m{n#pIRoP4a?lwxElnAh#~XW
z(XD`c0A@dDpc&y{DpK~j!Oa{dmgX*cb{J95%Vh%rrB6BOq!(vK4u&&RV4)$B74g6+
z^8=vNirpPiNEgYz*0JQfNg4MN+%D(l<#r`@@;eFX#QH@G>m<Zu@;@7qp?g2qd|8r=
z5kOLgNC8#Ev-L`F$^^-&(9X9fu2V<_abZX_kQIg8f0}@0<y6v_@3t4t2$Wwq8&IlH
zArWaLI)vFdAi&yLk7ZFgcWN2~aZUbIGJ_Ut8x!*dI%u)FD5rBqru@IS9h4*)pv))<
zuovf$`<Z+=IB}bO+RERCl2buE7pW4XS=fc9&Z0ENhG~ddG!z%@b$BskV9zLhEJ?{o
zp`^gfW6c!}1tBsy4a`%cR6HBp5%5GGeD|c4M8<=`MFhhgO*B&5>)>l1{6Zv_NgWY~
z02W`46>hUqZu4O7(hi(gGh|4?(4peQNO;FwgPsYyiWyMQbc|fw1tnrtNP!AV_EZP6
zBTDX|?1m&>=X}(t{~2Xh8@@o^bK4z+IzU|GpqI&&4FZDjFUJDIiAZUg4IP;l1V3<W
zj#inQSycU0X~>%4Eu=n`e*}uMJqO3>LftX`qs)n+g#XZ-(9=FY9x$77pAZDCKL27F
z$*jzGdfL;}WW=+xH>xaCR-36esWzQmDa(kXYx*_ub4o)S1I{Qq5sWgaOnytc?QpE$
zA+YAM+9p#YFp+7F9~DO<(&9#9U-k`wAu7ulX`MtGa3JbcAP<r+R|-+*A?L_0r4w!^
z&%$N4VEJmI^s6zO2bb*=154zXve(^8j)0hUo0kadkMOb`a=xN98ci^{QjfVQPqF;l
zuNiSjT@RcAfV4M?RU4U1;q@p2fXBy};}ms$`p>FWY=6YYuTJ6S*R1im89|ZrqIV=4
zP=4U`xq10=Ga9fGjPS<Gv5JW|5v45GUiOg>E|@2-j+kL88?I;&u=c#;kXLsbt!vh}
zWi@A!2SV19#-sN79Cto9%Cm<#ZhAmbh2qqOvP<5Sd*GV_prdz*8rc{sQrx1pL8NU)
z37l_*<Ah;z@ZFj<0LsLDP!Hgfn8d(3rT4(QK;TD$!aJC)**lo6vI8Uij_1MT9F$52
zkb<gGWF732QJAqc?IryPHty_#jrI=+Hf|x<^h*G;3pP@*^4W0bsCUN=W#rV|POX_D
z_c%_he|Ute#ye*?HC~KBQp^AW4x||F#@1`O3xEk^5|tCPeyU7h0daroB%hS~D<HNH
zEnUcc$-zG@ey>0<dYR|2Nw6CpV(MXA9Snvt9``?k^(z>F=PMY1*(>OW%PaV2uy+NV
zQi~B`mQS0Z<M$>wxq^OKINn&{-3t0;+OWONtrZNwriuNshW#;SvYATE6s-gzUR5Q5
zxWp33#HpWfYAD=k79M{FLzG*wxCEeV7%F%HMd8#ik6@ytn%g3Eq-A!QVLk50NFGu|
zyA^%E!ddw<sDza&5t&Q_upA0jkeeqp5Z8EHy<M$Q2yLN~BW+R>s9Llz-X(R*1K?3u
zcFNNx+FD$i@~;2W)dvL(b{PqQ=2VFyN(=>j%!YD&%ovmZSb3s3O$RD~(Y8EsQ;1V9
zslZ=$(@)$`6{U&}JcbrlQMH~;KqDz|*=k0F{l<?0FB&<XhcJ4L;J&({ad2?Y8ZxQ^
zinxM;0(LTjsge4(0>>U?6LEs-i4nJ_98t)5L_$rQqNYB$-LpXkvwIsI4153p-34r1
z(nng+%m<MQ8v+g&GR%qi7nAIAyMz&vwbP?mx*STv4q#=XV&GA<_DFRuMaX2*#XB%~
z3g_+?HN8WFl2_Sn^nXfUn1DCHAg`E7oTRw@9HiEC<or2GuNf&t@joKPHV;Z(We){u
zbGqC*2o1yF<<`vGBKb9=*qV(QwwpVI*35zmYn+CEZPzI2Jr?JIXbwjJ>9HXsRx-49
zp)Uv~qU&`Fle{cB2Bgt(yxh_+O(?+xKPBKXFp$%--Jn9z{*N2DDg2Mvf@5d4fuB~R
zHWX{>(tAbPOHB`TLA9p@m{!+;ENZS}D{eO&`M*<T_pBR*{Wt(=fTypKfLCPMu2G7x
z>Lp=4)y+zktc{S*4ZcDQ&DJ(FRb&xW-Hw@(diop=@2pG{q>k<YN5}X!vCh61h$KXB
zb4TlxX_u~C+QKME>db5im=7ekFhh3;NdRH61u%*7qIob>0(?}k78-1!fnk`Y#Z7hW
zzo`Qj6V_$J+G)<HG_1q-BgG|6qAg%>D>AdUFs7t1ysDw?IpS6jb*2GQa25=<$eE2z
zaqc3YBgIyyE>Er%<m?J<qF4RW2m6;TfCtae1i(E7QKvRx2s+DSL|3v*&xS`z$Bi&j
z)D$^uS(S7zwmELarY$N{nxcN9!!?JOkyiyiodSbVNrv^Cvvd`YS+HW<TaqI3ZN4&M
z^dyAmX||ky==sf4{@LE&(tEd=tFE-c?3ufKki}lsW^gRs%<5s_r&|zyZ9$S(oF@)<
zFQ!j-Vie9w4Bs2NWs-X@cQbP98MT>oOO}B(Cm1=6#=+~5VNvO^f<=g>h|FKGTUJ1H
zBq!#_Y2#c`qaNN;hAm_`!B+BHPVLq2v16r0+9&Km?9;9_5A`0&1=x+-!E_N_F^FKm
zP4UtV{d-g?s0Z)(6r<}@Mr@(_U<YHMtW%2F2e$UqVw@H6wI)6Q9v~2)de2HnlnJ=6
zkj^W4<KR4jtQeKy7&rEX&)JP6f*t4w2ThkXEf59IsRQ4;DC=PZV|t+w5s{%543Tje
zez)BqwStJ9q!u8;ZkH`*e#TlN3*3%cA~J|6V^I)!8C4L7W(M`J18J#nB+GvA(!{7x
z?vL1~@~r__BHx22{aeyfWdB|qmTUn$Xf53`l3F6TnVqRs8JTmE40qR>AWtYL-p#+`
z8Hdq*UeuC42V{L`sTNUm6TU|9fqclt9;*3_0Atr8PFX&+!P=!bg-0klJm=vz=lM0a
zZDPf_mE+4Y^OVd}D;-m(1zws?fsR8=PV$pIx8rg$&VCM?9+vOd@Ry|SIWOa493uq)
z4c3c#;IssvSi*U9!=@Dr>%CachqBQNj1RHzQIYdT);obnJ<BN}weXH!yMQ;gqM7K%
zp_VOMB@-#(H?L>aq?J=AbxoZV(k9iHPg+<$Y3UjdwTFTq39q9}x7Rbta{7r;hyl#v
zwS3wn%Oh%u!{~l0<qXK30VJ)39UJ?f4~0c6N-ehlfJ_j`-J021BbH+~&Mq7$VZYBV
z;pdJ2;oMw3wWIC@0-hD<w$EB&V>lOs2dYWWP`VvSRiea%ijwu1AzTtpxA0b1Q6OR?
z@r4sBA<?u9E+p~L0q(7b)Ee^EfLcan{}i(ukRRJgma_s<*R15{Ai0dw3Js|Y!H=52
z2i*!WkVjQ_;6(`aij<p!ykY?yg+qky4>Nw6SF3)d5>I*UsO|886FU%4;L;#{vu8~v
zKyaTYz`)7X$yhvK>tsBhWa;=P@(FO<P2_?E9y<a+NW_d{GT<3Nx5@oDWl<*d{*6bI
z?Ldp2eFLp}B2~vB-Af@cST7`FBD5`5B-7z2Mu)80ttjbCviO8^lQh;Q%epSo$|)Jk
z0Bm3$$xcM&q7{I~coiqt%fnJgqbJ<b`}fGKv`zfBv!wl5+P)o<O_R}ObhV25Y6F~9
ziiqKi7jq93_Ck?b_T!dD4m&i}HnXGAE={GwwK!xUSF&-T=7#-`0ti%vM_WP>GQrJ&
zusDO9m=O{80L&GwUf5fJcEEE}U<B1Wt#NjPfP-jW87Lq*X-Y)S3xaWnafwTK4IeF%
z#3PsC5a~>rvNu$flh(<!+-iSLFWKr-VOL#-h`z8K3l$f~l?<Iym+UOT0sJbY!{R7K
zFx_C7aVnN51}dVX$Y4m{2|RAQIEdLv+i(O~!EInHjcI#ExI0ZA?HG$kp;$Y;sA$Y4
z$55V&;x|e5);y`u8;vPP>It|x{os)$?Px8ufkPBDvC#{l7J96<NSJ`wgH}E6W~^e^
z3<_T&Jt4#disY~)2GA&qNm)76Y-hW(gE!nHjU(d&s+s{~F+TU)MU*7tbIT&H#MWZ=
zqUohFdr{eRt)#5Hw4{96w0}|>`9pc+2mg~j|BoHE|4HZQKmSkJw6bZl((At;%K!73
z{QO(w|KV99{?pU{;Ku%CG63OfDDh6lg&k}jpp1hYN(J<vl?v$pQ1YKcso%35kYi|$
z3OEXP<}FW~|4{ay^a(zt>_1u4|L~h3l~TvFQ>)q5VeOHS9a125B*M@F7}?e=WK7%u
z`F!FLDwqm-FJdT*l^js+G^I?2U}qRg59u+mn}CuMhoZ#jxIL>FRLs3rF`E6>8CEgl
zDW}bz5r}of*cPkiSDlU?mx?rK1&E`doX<;1Zia?TB#eeT&4dqY)!7Af-HYoNgQ(fu
z5$%GSx$J}@5b%wCC^CYHk)UApR9U@|U<U*8XwrhhdpdVMz#@9=0>KCsF}hK^$4jU(
zaeS&3oeG~Oj9^D3$_RF^tvMBwP_`kFH34-UXylu>tN|oqVAA|VG4W$`NzlRE1jUGX
zf)GeVM5SP-T4u;l7D#!c+j;sBt`ucLCc9=+CzB577D1~(np#mW*WGGB4|20Iph_D#
z{c+U?hLb~D2*yI%F39%o=psT<!-^Coc#@8AG$FcBA`w5tV&ibI;H7k;QA$!RlzHf@
z15I$PY^9{B7OntnuzChiO|%Eq*b04$PA`&ncDNWYG%-A!x=fgZyKIxX*)~mwq5vSe
zNL3^39nw}R9VGE&L1WV@v(cdPOxYQ%Ewvxr8v1yLqNL7%bRTS`?Tm!75fLElY2h|$
z(WtZ$j)dwoMOGr&Y87c-l)9C^FuI#e2RJtzX0Omb(FT0B?FUt)cxqfTN-YS$<e&;X
zqr#8kcVJ#nEQx3vwl&l_qh<-?hUB88hLM*tPJv&yz2OdC6B-(K>Fs9FP9w35YAOq~
zmQjhEV3!=>PTr*Z)5F1J81*gTn1mde%?dQ*T)!@pltih11FZ*?|K<IuhbM;<b0#73
zm!?<5l^(J~O4}J0xsHW<y*+-d*LIcW9*#ZQ6s;FOL_bIPg+zF8>GArM4~!nvQF=XM
zK#yOJP3_D!-jvR=h0eT%V*m|G4MVjBJ~PZWX>xmFj;gmN>j6Nra5B&-Em#8l-gFz@
z5L5*iTc9IG(BkS|b;Z&$K_CQBLSMiel7ND+)N0`JXi!jJV!e`Z*m91WaeJyV97=;&
z9UPcAD#vtHpwxuot~im-Z`#dA2n=-FAR*#`6~JF8*TSC*=@J-9fsc#j=hTd*xBs5R
zI8oXL=xAHMB;SJ9$6C;Z6u1lIIftSx;+9*2t=_YJ+Bs|lp}z!&-a0BQQQg}R@_Nqp
z_ySl_U8~T}W+R=KZ7?qlv`&v}0GO;PYgo|3x@8@^M~n@Pd;4qItG4WEaXbNk%9ebz
zN<2H|u<&nr;tmiMmM8U2Wbz#)d0LE&-#nKXm>U&D>W22@eB?A=X1pAkbc<tT4q7DL
zx}69-h2jCewx12s07UMLT1By%PEaHuv>_jptz^K$=nE!>;+c8u!xW2*vom1}?2c-9
z2bKs0>Pe5$k$n(zBH3><jc|xZJK@`-giY!u_;9HcGcGBF{!g5wus4(--w6X>K91MQ
z*f2Q~chMVQTymL;8F5@+7TV_L7zuHk+114)OdXEbzGBDB?zGcmpeX(FO)PUED7{TI
ziNO+M6j@?EJZHBqVsY7}%54WUOzC6WX8h?Fr%WA7l0nJMzZ0eq#(sebgYk!8HL@>i
zK%@ogEF1fnkr?n~Qi<l_2J0RV3K{Gl+)9O~%)=<)+3c5T9_l@%{{ebwfL=MkwA2AA
z`XAtI8sKa>Kx+Tg&WyQCfSknrD8ZN_`_^#cZ+IB~i82ge20JS}4(vBa++CX<wv0I*
z8|lasOF=sDxj-%CoY-zSQY0ZaFW!%c#!kToHm)FmMJpsagy43B#aq0)tZ!VtAjlX6
z!iL{o0n%?1A_gt+8c1M7AG#KU*tQOYB&39?%&RGUvw`%w$wG&ID=3;kPRIn|1^y0%
zFoBi3@M_RJ2ia2{1(q1&1}-udv2aqW0`jtr%m+c*6_(0MDDP93j0J2}@efJiW^K~1
z@)#hbaGy`8PDI)7xPcc<q~N!NgEq9;-Yx_@Y`^g&cY@)3hFBZtK|&H2g+V$L`U0`{
z6gpucG?Vw85Nj-+h_k!H460~|Hs|0q*~P-W3iiq`oG=Aml}Lt(>Sj-d<q+o}r9uwA
znGTa2gd^;8?v<@;<l;pu0w{?wY($Y^M2rO;z{V=<aoilx76Il2&Rnj57DU{w#YY_Y
z80GCKbbv!ijJ*lrp5UM&3fRoyLQQux-pRXVJq7?Nv0A?jV!^>OQae3SMCVbY>KuxQ
zZ!zg9^9_=U2%k?q2ssH{ka$IilX&qxAoU@$jVH;J?+=qRTbQyzd1AKdz8n{VER7iy
z8hfa2#p_Yo)_HJ&HQQJtu)=ro00o;ZVJOHsia*PYv;&eTcqp?te^AzN-INf!qKGKq
zj#q%(!aeL5CW@fU!F@CYO6Ke5VBqCBG5|^Y{3>!#n6<ddbIn0az};2)Lqh_%kZ}0L
zu$Dli5e8pL9xhG>4$dv|bbUJHt8f;zOTz+eJUfVxy+VGP8F^Cq9N?g;6kN^8NHUhn
z`uaI80VM@cKnQn2q=xPIal)2hEso(cy)_YFscM^2^bE=^2~T&o#!muUO5_008bY3j
zAB~M~5||VgDGV%@gQ&#VZcRZk9QAPg733L4Qs^C~ex!ieP{@)k@yRN1A^=oujWk$(
z#3YvEn+*J@3}tlSqO>#R+7UuXP)QHrFXU7|NpuWHYCD7S01Eif0o_a{OQUnhhq4!J
zD9lBFu&y3Mh@EVZ@0bK<-WDq034VpELTt&N>zG7ZS@o7U2V^rl_G%TB*^nTu1%jDq
zM|_73W%8H>$$*^7kr3)7L~6z`&rdC-1R~y)1s-9};L0a<>TEy-naDtDanq8K5En&q
zAB9?Q|FQ&>&x^28({5X?U%6=kswrw-TEHBxy>Rq|ql{W6XxRNu;C0aG6cHx%n9Mf&
z0QuNZ@luDXq7eunjv^$pcVfgbiUh!3(%@5yqhU@0+Ona18*X%GuuHemYRN*I(x2E&
zP~?OTX)**!1G3Qu`FK7($}o7sAYP%82s?&O{5;`+xWqVxtFno);vpMRsM5<%X~jaD
zn&$9^L?2^30kX720YSvM5+o3g6~l_){qUnq9i=}a1-f~#QFMr~7CqbzQ2`F(H4tvM
zY~6&yVscP2<2GBs_UzZV@Xz<Hp!CexSk(w4I!;|o+IgdpqN0lwT;m6CMZv~sYQ+XL
z_b_~zjAeL?4puV*@&yFO&dx7ap88PTHm{fdE)ue`g4qRZIZtfPD{9I|A^asM%-Mdp
zs7w$+0B#}1p?Jb?d=5Vh&?ebWpN=UM1^Y~!k>HYpokxn3CuM5&xQKm^qXY;wAbL6H
zO)12?3_YT}XNNdq!wC~LxorsKP%(=l{#sNH)-rej*$|uAZ0m(NI}KS7!HpFWgd|}P
zplDeBRlGMp&&rdw-yeEz&iY)-PJZ6*asTl@+5JBiU$IX(NB{nxr6u6=nOgsG`XT?%
z&*W!b!`#`k^gdUg>#y)9+u%Bv>-^!vFNj1U$z<}}bI;Ao>pSeQ4Wmb2Ja+6Q#~pXM
z$Mcm*leSKoa`p7-*Ugx5!<;!cS6AO!S9ja|`P-K+y<^$3Z?0Z_kFI|!6uLhg{`OgC
zeK(Q#-Z|$yx?#hHE3UZWs;jQL>86|d`hIZ9B|qH0efvH4-1Fdr4?g<nqZ>EwyzH{a
zue|cftFQj?%{M>0ZQD<`Z{KszJulpU|4R=&^va`;zV`Uzk3aqN(>r$j`uXRdfA!T@
zckSBy%rkH9-u>I>pa0!!ul;G?zI}W5zVr6mZ|~dp-rH~g<<Ic*(Z?Tu{CS`4LH~Fs
zeb{|~{S5zqqg^G-KkRO1|KF1H_wJL~zx$s!(zToYf8r@eyIgz!eu3ySo3&kb;)mTI
zE~maO*BIBheEL72&qDTp_<bb%HwW4e8H4}t<Nd^(TiD;1-@D>m=<nifhqb@nEq;eN
z7rUBVAD(=)s}R<}eokRuG_!v2bKil{uIt`haqgXLj05~9+*rfgj&U{faVpv09XV`{
zS04WHME194Y`Dm!Jq};xtgSfO6=vhX`k-As`@fb${a(%;jsKtizqIageBHI|@5WiQ
z?%}Snu5mf`y49aQ@2YimvGGoM_(<1T?BCa|dKdJEInI2HzMJq-KDPD4f8b424nN?!
zbolZ0_ifv`VfdIStDm~>w#POVeqsL2_4j}6N0*OmxY|2m|J?P*)t*1@zN+n;){m~<
zxaDOnKe%hWHuBWrvC6(@Z=7kpF*c_44Y{tMA~v?;u^l5l)u)c#zdP<3c}$=wvAc3v
z&8D$|*#2>?@8&*x)5*zSz52~*F1Kg3@79u7aBj}%g+rdGyM9BJ>(;f8{r=fUt_z?3
z!`YofJNojvsz!AG=uamc*H=@wb^7p+A09R4woATM-g)I;?!NB*H*Ot~sC@LE@3n8b
zxMFzo&@;Zasp{V2MqlvpBM*NNzBMPb_MXc3`~Jsu%(xG<(k1mdSGrF=_swViHuKCM
z%$YT;N1yGv=vO~`x_oH)?!5Ol7G8Vcz+X<-v2(}R>vx|0)A84@Yx&C`KAQ5x;p-pS
zQMmQUw)*1l+|j$<yZ^6eE*d+0Url1xkl6al@~e+Le#J{ap6qf>8J?e?dy4tuO4m65
z#EqRF6imM=dfdnJYWs#qE?%|1_W0{hi0mA-XK%Fhu;#~x9RBCAJ2oFU{Qk<b*I)DG
z?qM|-)$blL`WKJ8j#%*G;=HRC&%JcRVJ9!xy~;K6lI4pFe=@bw7%}mU$vGp34%xHQ
z_2p69Z;n=cZ^!P#798_R;bl{P@!}1)+&bg8XI|X4?2au3L!X({URSey%Z|-q&%?hx
z_lnDobmjWCU$b?|hUKB$ORmW^9y{xXb$9JPeA3IBw{DWZZddoM-?;1dciq#J*pO2+
z;lP`(RZcF9jjfuzaqWc#MfD%7A2$BcAH7x>SiHk^>9CTuIfvyo+&G0z;`-x~>YlZ`
zDl2;W%)5vEeajB(*k9bR?b5*3#g)TLdrKaxynXz{{1HdIef@2>zOi}I%WF@X-MOW3
z#O%L%&a9}=wieu7H}|n&wWF@vQaEbu@;lCX{ex?Ydb=lVbLEzQ@WkY6tB$|AX4n}2
zw!YlM7i`JB;r!}}cNPv^{m7OPxqm7cxAwr?S+~?Zdd*RlBM$ra-S7RE`$vWEpVR&E
zO)I-9%-E7bcjfV}2fzBnF`j4iU)|tZc6{yruU$6%r2oFnb!_71Er-2c@ywYnzrVS9
z_=NH;ueVp{UcY@$ZvGAigB@GGc7bo-f!9{JM#QwdLSI47#=}nV_TADoqjX!es$#5b
zdd;xn>G^qY+<3{?ewcs8%V%CV;wLY^l9LxYcSY`Dp}jQ^{{7fB&*fGu$}g&^&z(GR
z#TQ)n{pL@PzW=M|^7Cfg-0_<4u;;bN9iw(Ww&v0gu6F(8)CV>l_p@8)ZvImBOZWSJ
z{lT*6JLi4>=D$wN`R<V3t6OTyG;QrUe@LF!{=dfIt{EQ{-jILc&kp}+Z}pJB|LM#`
z<D+AC<ofT+)pozrH+<|<Bj*pf@P&!{*B4%~Ex)LKr@QgK_}jVbbE?<&jokZ{WnZ~_
z@5uVSIS&tiJn#FSUEi8tx#9L#*RC3S+xnr0uibTV{?7Tw*1Y&c--gPq+wYrr^OX4o
z2VR`C@#ymly|Wh2-}<GJqhg~DFD@uq`;F=yGd<V4@@va)+co*hqZ%$+>{&hG*#l#Z
zX|sM@a8Yi~^M`lrxOUTrYln<k{M7?Dt~mCOFLcctetn;N`}GfO$iFjDJ8jjXJ2z}S
z@o{7J3I58^=1Vs0@3^O}=fcKk^WS&9cKpU+d9gRXmUyD?3uW8AQ%}zM<ugZ~^ml(_
z+m-ph-ZOt%@qPQZXseeT@qX@aZd&lGulF4J%GG&yznPQQS2<zy>AxN`qu|uhAJu+w
z_*v`MTsU_9ljrU6OxLQ0pFiZJksH~0Y|A;U;EfIE-~YgppXZ%kx@YdF*I%#8xqH=9
zBgg*umXXb)CY<2<`Co4xcj8UHXFaFZS6+Yi0|#yy7TFxR>FUtAqeBfhzx(9$n)u4v
z`TM_k(f-bk9OL=NuD|N0dn*$;t)0sXe=zCZ*Pngx%&}d4IbU75<;bVrZz-s6um0MQ
ztz(${xO%6nwzGBoy?=Wy`SBT7pJYDZ8tUJ>>XPbf8!s61-y0u#bHX1I+p3Or?Y?pP
z-c#P#^Sejio4#!OEB9X-4c_b;w_~bx{t>e#SO4s{9~|Y{>nmPedu06)ACK-kXXc3E
zr|iAG@|l$n^-bNk?5b763%+wn;kem{otoP-WyRy}pS$jRs_r=VYgarKTt9YuUvA@e
z-yilTrd|1yh9Nc9UHb6O?;Lr|TX$D1@vj=C<z5rHG<n0}uE3bwpIma^+vg5{W&KOP
zKkCIF9{A~|Q`+kMs|tEgIo~~T__&|ncERNTJvC>awshuGf2cZr|B4@1KYr4TZ|<yI
zw{89K+P%3mJh>y5e|Pz#n#-v5zL@9Pl2bkOHlOc9->Q=yDm+u)KCF1^Q%78Q(=p}W
zX{!0~&86@B>c#I*{$O)&!Fy{K4()qp<KJBQKl%D4_4jTnoSggTnaw}?-G;5#UUy;n
zLrZUc=$j?)m#vD;?Ww$X?9Q4~cf2(JqHVX0T=LTwwaG7R{$Sp`NY_&%-?(YYabpWS
zrxxz~O8n0Gmo8b5bHbLBYIh&G^XhTF;iv4bx+=aU@5Ip9Yws<;Zph)go*23N!@gT@
zE~}30*g5i^r<b1eT>R^oz14JKN8#yzeQf!R)ArYtKJw9lXJeZmy!p2aep~*_kA8ah
zvDX~_z@@((_CR>(M-$c$8&ci6Vc+i`H?MuVpl!>mRg+c@tG;*b^oq)<$y;2PYu8s@
zTkzg(T{raQ&w6=!)#>*IUkTll^L~wXX?tbO`kQy;<xa@C?9v@g*A1U=;}P#xJ?fb`
z{?#+S(=<uj(S2vnSEu~Kb^7=Z`<nh3yzsmGmgU`WWQXhJKlo<%YLmaU`HKaGb2oO~
zKL7cnZ(Cn|+b@GpO#D{UD@R>YJY?7JAMX3*(r;UvZ_SOZ{=zFeW=wnQnu4`|+<MI4
zb__l2h&|sL^}vZ|9{pg^-QQmH$UC=}n19!H78L9nF}twrxxXL1WW@EZVQcq?E{=VD
z?}6J(BBReAbzJksFT@Y5zjoN#|2_75JNj}vZv1-e-R%{%OZE==;ZbM2F!UFl`~Q36
z(?eWUBTL@ea@5O1=KMMLj%D4C_Z_KiJZbmLo~O>L>AL*pZLV)G-}{5>Uh{9SJnnZV
zjPLx4`OVu8d+74}#{cx0X9K&+uADgJbZ!0Ys;0%?{dj)Q^^ae%{Yx#@Eekd;DJlKV
zQ{@fs<y<-O-Te58)gOH0PpxPD{MpTye((41jNi1O;MF~oySH99WL<1j=dt@<*ch>@
z#vQfnzvf=KYu~6H`OCL#c;B;f=<yw{zO&x%EBeFJPffV-e}2%m?ROh{Cf)tm#;?|n
z+1U3{g*9Aza^aBUf1bBz#m0?ATV~udeDB}Z5AWJ_MSJO{Atilh&zX4b)5nAk)Z|xe
zJ@MSW$0zUppC6oX;ka9aKRoTB35)Wlys<a`{`#&-_g=E<UVr{GubuGDUE5b4H7a`Y
z`X%?o^LAZacuHl<**{+yoL-)@H*xfmnfiLy&3~=@D8KKB`f0C@ab0xQsC~=VpW0ox
z^|55->oX@@m$>7vtvP!q=M5V_%$Rkpk^AaVqo%t$N94qlZ=C<$yZTR;jVj$+?jAj7
zbWX1OqQWw*@$J06`NLXosTuX!q-i-@)_hP}9WN@}8S2)SMe4`6ewH^%AKO(?dclZ2
z9Ut7ke9rL7NAgbl)0p~w_q$H~Fp)QE(HRdPebyy~FOBuIP9MK^$g(LPE_r*2H9VG6
zvNvzxg#44Y<Zga^!^5wS``K~%XOGlf{`SJ<?=Aby8=Fpkv*It!Ey-Z<j+gr0I1oJ1
zAG|R4{?5W_tB+m2>Dq@cy6MjGC;#QR)jv9+TAMQB{ssGA+O%QFlFMH|?e<`~|KhVo
z+~<mK-`MolY<Fq(JKrh%#<<4Z#jDJx#`$ye$4)w9Z|?Cwo0$K{@1AG8+w9gyuken#
zy#2UW>+?JAxOCB-tBk5I_uTJVI4b|x`&>U*?>a(TU%Pk3wGWs6byMM!Lr0w$+c<2(
z^4`(2_RU^ujQa9(Pie-4^)q7ggO{A~?4B{6wiAmMZ*b3EoV#*!Q}^bMy78A?Q<K}a
zV9YL0&9>Pc*Bm`$=-6AYo>tMbb=aHJH~nZvjko-vcfF&w<xDBe`>z#+d!Czd@z)!N
z#*DG|=Y6++{7*a1UgZ7q1-Ebh)&Xn%v+s@d@6H*y_{5Gq)A#N>Z}?etW2*Az)oyxc
z$<n-)n}+=E<O?1=p*%L}{p&6-o3*-QPx*JATU0P=%9v5PAI-aT*S>4sT3?!&e#)Y^
zrvCCeSL<`D&a2KJVa_@2{%e=ijsMM3--ag(-)-{bO~^ZDN6xa+8<y?N@y^~nTbuXD
zm|$P;1uaj`DcozF_JFlvR8`I1nKNqwhv&pc?q6`yHrJPieA&G<?}#0}=BVVpJ+5p2
z(tcO`gh$>wEhjN=^aG`L73Bu@=T6y@bJ~Tyx7;~?dR5NpqmDc}=IyD<@fRNX$Om%{
zpD^~#>a7J!HlO>{rPE(JWx@5=egAsz`X5i(_heyZ$&GJ*@4|1*E+6&6825of^RC>h
z^K+*C{5O45hhDPoyO&i|edUO+2Sz@$>DWuUPkeD>I2q~wk?)!ZR*bwq_uhvudT`Ih
zW2Sudx#g$*`mNC`Hhnd3XWq2ed%pbSMK?V^=C*Gd)%V>tbba20pRBJ*t{Oji+!1T_
z!*g=q$!}lnnYUubxxZ*HzHq(k__b#oku!Dt8NRL7?Ni>*9b0n6z8gHJ-dNhZ(K_#m
zKu7-Eo3G9DFJ5!RwneVQn1a2oG23!Z+Ll-R;pnSofBmQ>-zeA<{&==AVX^Cl6;(gJ
zzOuS9H2TkZMHhb~zclag+S4YLoOJe=3P=1oXUbh`rx)g4ebk*}w$^?>|IWC+wlkF5
z^5UqRJMIkZ$(vc3_voynD@yLTcG&;><~DbGPL6BNr!EN}`uU80GU)%Tc(C|WoddLd
zvu4c5qW{C66#XCjt;D6x_*7Ss<>&vn{x8e@gMqBuX#I5H;Nb6nCdU6Cy8nOv&j9xi
z|E@4v!3zJ6&(XjBzhv61=_&ai${4)NJf#2sEPkebnm=x(u0st$j+;KMN+vp@@p5nr
zfPlGqNh2QD-Bik=7juDW-k=XmjWa}I9UkQC{&ZJpXSbwuh=Ew#h<U(O5i*f_^*Hx&
zh_|mQUE{+%h*jXzrE9zinvTKY#7r1-;A_l~N&%@3e;LK?1N)$*o%?sNeg%-c%Absf
zF{yO9sFsD<(!oIn?BT*21e$lTHsmIPZWF5WH(wgG5|g&*R!bso80F}egPz5>PLU8W
z!}`?RyHRO<2VabZ{BUr^8eg(s>+)-<)A`&5Y`(5QOG_8e9~gnK9d1bkTXrbG29$Xx
zQ%B?-*)R}ORsh}#o&I&;KM~W-xTSf!d|D{VhBVs>z;|EscKWo63e7_v!yb%BDJUr5
zIU=oOD{J8|^_Tjz^I5AF*?>B)qt0Tl;Ns7hTtK-gW0*jbuP+er6ng@JPWXDDEyZ9v
z>wM6Z9Z2diiGvx`I5@2sY_J`s$R2o*^k4W7#s)H|ttKZpnc9}Zc62RabU_(t044-M
z@wetx%cWtKzoItqC@S)imlbz}(yZP{Lhpg@Jdt&ZZ@2wK>;U0%`wlcOd!YWfVfh1r
zfX@Ttumgl@6`0>osTfUhENZYVEyPR!JS#pZd<+x(rFF%{2R}%0?SWVeXM4)zhTdeB
z5oRxhdtIv??buZGeNE`WPCiJqtII_H`BE4iBF#<s%d5ICDM3KWpg#Kv!pXM;yEQK!
zxF1?E%v1n}Qh`Uqo=K@2pB}+AG;l(;fH>;YZY0{^H*ClT3R^~cU)p#-Jx?m-@6^p-
zOB*~EaIk^kQZpKW1b%$cKA&h5i$~j8v$l?M2rlz_rsy8_9s4sFj#`G7{jMP9fMq12
z$pmae^Lp5gmxD8A3&f>EFFuyqAraRj76B}L>t|;Gu*%*otwVP5h@hQ}fVY|*Ss*}*
zW&e6sN7%d`JYxKe9}3^MS|5eSE{NGHm6@S;o94tYZE&&dIJ^Q^!0Do!swIvZn$V?d
z^q338(%BbqGf)WyUOKo~YFPLr?Zs!M{{!-W(N3sL^Uvh}rkBhpN#*}aryt_~K9iqM
zm%DQCe+W4?Z_+Ot$e5lOdSJHp3jaP1dY=oENN<zTefBi%n0%}a7+{}z+}RmM{;UO7
z0VLPLw}L2!y-oJtfcOZ<mw&PMdk)4~i;_NSBM4At%ph+JZ9N{*5&~rDbLh>E41D&1
z7<C%G6`pl^*h3tYgQwzLQajc*@bbz0T9J3vnUkzJ6>CoNO|qs`u>X75C!RG^e4Zj=
zzX+9OV6uR2Oq3)8)?s3xAJ4fd-A^%|*8;b9v1lC8-i6H}(f(L}bpNkNnYE0#BJ~Vc
z*`urph+Lnm_yCZ5d7Z)*anvamim6%bB{_!eguds9i1>AWnMV{-L7#^h-Cll$)|rNb
zB}~BGAhpprVZhpb2?r$b{bvFn9MuUTEsS+f0VRq~P}Yyz$GMa~avCHk_7?%})USNP
zx0`807H!C)4f#bx0PleiZ#f{|N`-j!qgCRf?8A192g%~;xARig5i+n$kGd4O1}(ii
zpIm+eX(ljvb_HXnw6tA$dU|?1%7|%az>djMFUwM|7H8wXrr$Cgf6C3mfD)SEjNtLm
zO5%z{qzuPpBfC52MdYL5^&`BiR!y=hJd-TXoaGcJSK%r3tXU&A8mHU$Q6dNV0Qup?
zZAgIK$!xm7v;2Sdo&&JW;%eE>vXVd+G@${$C~+($8kScQCr)r2CvldI?M&MUS^8`%
z)`~vKBM{1N36#B|p=`p2LfEtHSs;uOpp3F<%P5<c|K6?dz9GvYPUzoSEsk{e?%jU(
z?%f-79}`YeH>##wWp1u<?0F=BNqH4cDKF^CYjNeR<<S77Mavu1Y2et^O%07UxjOQ8
z(_z9b?Zl0;!Q5!Bge|dHSoTMScIIjal>czM4TC#7Pl3VgAhe0mn4QFc=Le(VcR$)a
z;YJ5tB@qp%)WEK;8mCYNqZ+VS=rJNS+Un(`iyYI~C%qUNK}3XC`p?a$419LaCnNu#
zi0y9qZ*f7XLH_G4EF9qf_r#}v8E3>tp;gn+j{U}z2~jDOR0PW|Rr@wDxdCIm|2P3L
zJ3fgmk--1+$TlRaw@UzOcMLTed)tRCluAOZBrdb1b;NvlV1P^U^?<JrkYzAvH_KB~
zFbqb{;%NKH(8?ZC98Nm@1;iIiBpC*UNe76y0{%jXFOVBBuEUq~w^4qBaV4tLCv-<}
zLV#t5D!)iLm83#=<v3~+;l=?0?;R<XipIg96o$&-kTAQPOJb#{{UiQu0iK+9?2yJ>
z6B<~;V?e9ziN?ZaE)JnbAQ-N70{7?iYRluYN0gJk5oiAjks7BI?87!Fp7Su7r2S-2
z?X2ku-f&uPDw+(13HEY|9imNA<UzCtY}T}`qb#?IoSf-S&3Lo1rog;OP?v5@DNBHv
zQvDL3k|E5?k_Dg<rAc-hxI)HIWj41PeQ~>O*d?-!vbk2a8reG4Ei1g{wJVcu7vaf+
zM!zb9hl*T$ouk2=98wwIa5$Yram8@$5)U4Qz;ctAwg3RZ3)KoPG^i|`@UiU<Yp$u3
zPofN?y45j5h8sYomJE#F(Q+XlaYszvP6`MKv4pUc$uLOvcFIJvt)MLfHK?s2{Iqd9
zXv;X%#l;sbYdRL8nzfxXi*z^=vZ8qouo8)ZLTsP?%y?O$u6p!y7m9+Buw=(88)hXR
z{mfVGC^3-I?n??Fc*4=Goxf@EDIqQ<>;x&|T2VPCw8rNThq>68^@-n(QZ0)iA!$`9
z4}(E-L-z@uHv|c@1<h%M8*xI$&pFLhiUHZ!=pOU`@H36<90m^%K>=YI@!`b}JxLC&
zeW~FA2gxo(fDU?9q0)DZ9E+t}5k$MKZ+OU{xxvC#4*F7wup7EYX@=Qo;HDD71!NU>
z2FEhQ!wp~c4Y8_=hEBo2b>P3}lY#$dlx27F|AmEm{hvaJ05ZV;?}<<UGS7nipROE5
zIRF0>`FxFtT^AOWWMvli`*>e5<4hAH{%#*Uh?h%6r3D2bVg`R??XeVN(S1R=)kme;
zwl%97s(kfT_4PKIyS#dZufBQ#$Rg>7WmK%88MEle!0<)oE}s%26rY7v1*WaQn%mV5
z&!O;h4yyrpR`h!=LyUg&9yOwzW+E>mC?cQ;kwAkGi%51_LX|Gza{>XH$VS<4*dyHt
zUKpK7w+=cD14c&*^LDt6Z1^1bg%%oO({`6VUh3rSSP(0W5NZvdK+@lGNuL6eVqlfa
zv8Z3eH|jvGgi+LpGr>=i-62iqivlWTt<#H{5fZ0#7%g8eBHM%;%SIV8ph>#XOUDED
z+wegffNu%~8H-{ZzGx`SrP&OPK{!7kSNsq7WH|p}<tBFR^v`_$7Ze%%Ka>^~51jvd
z;*<7hqh|_U0KNzgcq{pQIED^B=A=y`1Uw&5NH>KN1XcK1m0a_}Aw~6ajnnN8fu<!P
z0vAzpv>&!U)}jExb#mMeuD|9F1_?&^(Ta$x>gXs60fEt3i-QbAsgpXjPK>Jz%G=RB
zvy~r_sJ8OMAhR5j5p;PgC-otGw!1*d3Wu*J4@)8XvIHS2+|XFAoG5i-nlH_j)cYX8
z5rVHRXjC-s!<eE1z+9<-70|!y&^qAGhyI|iRCB90PzojJ{XxIc1=yd2K%YA?fYDgj
zbPQ^zF0cYI>=iFcd@>PNP>RE3n9&6_%!is!bhwpFfp|I+7;Q`8Y9DIrrKJ#_Q;M}F
zvGX?2G=QL^Sl5*_cjsCf*DVSTMAm6;EBQy)4c^5rJu74a!1_nK5SJ677&r|KhkNvG
zN`^qZ=ipo$n^=%IVn>L4@aC3la>?owUV~9Of8k@2NMW5|ktF)+h6dQxCG&Grr-9Gz
z{-ino)fmy>C~g-SfQ<KlZ?WP2?;X(p+an)Dh(Ot{#O=kN-HB#5oN@FXPp|E@h&1|H
zTzL>N5)YM76bMlzRr6Crr-PQe>bMca#@LZ{EZPeHx^ywsNw{#TG2#z9CF~Oq)B%Y*
zb>=9a*5aV((6WRuJd#VyWO<<$npY|0kQ0pefqDi6NvIsfei}Uv3Wa^)8MguUiC0K`
z;&}@_-dR#%A^5~ADbf4HvkF6tYvU4!XlscVnpiG1Hm<2yRj~qH{VQu$ENpJ3Ahcfy
z3P6^vte9U>Usd8&^GV-We)W8wk1GweB>agUN$y66qC)lJRVS3hFQh#Pj*pd?Bqsw7
z6)h^maQdp&Gyq1{!qrvtH7!QJNrm)-M=;hZy6ZF(xTs?P0C7N$zwS6%I<;tI?9dq}
z9vINmqI%+fY<ppYNVE7^1g#wG<QKjift7YJqXYv<VTq9j0Jz<ajh=ZhU$apgNkk+a
z7}Ti&6O+sn*&4to=?M?WOds7y_bPe+9BLV%YN&w>J0xf;4ELTrPYXaAp{ivPrB2_f
zs=E5>niWpTM%SXv!Nv_95B+Vjn+}UGAAJ2e>1uTd-~kOh=^$T_h`j-pR3eYcb{mcY
zr4kn6v>kgQ#a2wbO}O<xH!b{M{A4`;;dtCd1|Z}4Z`A)ODjbmi?~%{sNuHFF@U(=Y
z9xygR^W493c5;~3!y-~NzONz7Gj&-_PuzOMGO#sB*aKL0JP;P58lXhOB8B<6Lb;Ze
z2+B!+D6F_O?+uFX!2u(!hz1dBQAtm2(>I7>7aa7)hX@k}f$tN-Arz}DLW$&^SyoU~
zR#GTM{0ia{<S2N3CtN~*4>q)nHn$}fOQOTTAE!qX|1Fv;0a=DicpEygqn&meJKd{S
zR5#eLs9ZhqA+5RD0f!97#SRmmVCP3bDCSm@K~z;41TB^A$rw4Bunv-N9D=YIA71(w
z7@Ku>ti@$9Ka0^|;6bT&5MHcW2AGdQ{X#Sh^^2<(kdUr4xuJS_Rn5u<?C+g%u~J(&
z*5VH<ED}=`-}+<GWFi)p+GAaOE6^ZeIB;PXj!=L@ssjI(h~i+Xv{YCQy3;f!r15C2
z2`@@iEFexwQjX)ms?<Zih>CR}M1}_B2M}(SAYu`y(Ejk_oz=gS!WHXa;O)lFIrXh{
z46q9Q^+_xL?~cRr=@$neKf(V;VL{1&|BpTK$u$4$%dT*Mnf!kg6dL%y67P%w{%=ow
z`kR(xE{Z8UEB;o*(&6<(0zu$!G&UC#$5cfF{<wl;EK>1OA_j3@WERkehMrUPs7dJM
za4Z%l5)8O%D(rx5fq=t)7O5si<A&p?<n+2(K-%G<4GSp>1lhv1@H(&*39HSK7~D7{
z1-I}=ry?nf*dw|<^z3F`tVK>BxN13(QvBgiL<zL_n6RCal?@tWJwf$_u$?X)<0;u8
z3<TM+agqcPAv6*zalh)~Hxv{~-lDRig0g}cdRbL}uY%pdw^c(Z(g=<mNoUSDW&K;J
zs#8G+)!s_=r<sr{5Ys5Ilh;nWAjP7}<X~h--f(cBs9+3>t(ayj__4scLwe<ZL35rc
zd2bTRQT5<*hM>{gjB|DB<|GrIcqBB4G?|u-wHoXVSom+O97>?Ln2mGnG+rGV3aT8>
zs&P1Y0CI{)ug(n0{ieG2qyjo#I-3VWEo2<%Jws?1@pPku7Mdiyg!b=J(XP)uzC8Kr
z#0CR=IMj7ZLG2Dcg?4dW!N52PA$3Rt4}bqdpEUd*4g%C)ULbd#|1T*){|xZ|d*IXS
z{PPHWyH-c<{J*!T$XlY<|0)`=|J*Yl#y9e*#!O?8D!ued-dSbn|AnQ72TsZZwS}D2
z1rzbb#C|dTFygX{$o`yCOks*BVw#mb`h_5vCz#@}V;ud8F*wTimG=!!)!Vk=-r2aq
zHVJF(16?#xWt)b<^Q96Y{F25j*nn%-Sm96=Edd@}IB^p*7Hm<_6rwJwA|3t~B^FL4
zW$-Oy=c&vMAWI>F@lJmt1OsKOudJ)CZSbwASYCzQQrSHCA65^f%u6Wc3B~46{e$SN
z;&jm+HF`{#pVPUY5IopW=XIooy>)Kax}kS%qVE8SHLkVb(>gS$B6`x;n}KaP_;^FB
zc1bFXmhh|@Qb7qk)E5+B2NGBd!6hvK?L_)A9``Fr1IlG6(X~7l47G+3s|tvje+mg4
zRQSO`g_PGK=^a!+<3Ndx#LA3N1P1h#{y@9zswCoF((Y)?6@XMH4gl{;$TVP}Y{M8K
zII;(kYXhp<gugA~Cr#u?Y`Ns47Az3GdTdDaP`5FH1sRDQOx+7H^E(CciPXM<IM+xh
zK48`jZiEm@r(`4Wd5w9^<@Uxyrj|EPb4;CQW1cs(`icbBNinMCip=Z`XB(F_*~IFC
zBubmOxVpU?S#C4kp``cey(mUQVQ1PU?@VJy%0?-q#5$bxK8EU}<jSrVBEY$#RjO)V
zoNk#rXerF2Ga|?Q9?`1k7dB~F2NhZ)*fkSJF*uSXEVJolc=M5hI!7fsP?r&u8eWU$
zq&SuDVT`PAB$7GX3K4Y=(YF*?QYZ^8sd-Fu0W7aEF#H8FG8NH2+(Jrr&?3fRU}YuX
z2b)f@GS*2ghIu=KL1#+~rv+8w?E}fRa*K9Ul{-QG=1^1|HFnUcz@rh`!;C(`R!4cX
ziDcs=BE*QEGZV>kq^Eg$oLZ{q>?6rbOY`*TwN%g98_jd*Xr3MwrFsGmRHRp$$L5kS
zD{k<KCd`UC?O^MUd74Zmndv%r+JkmUo<b%TZF+p(In|?0TzYCVh!%~pKEb^Lqr0f)
zMoLv1n{6Tl-<4LuTLLM@H$SHnOusi*>-3YrYhCG@7v`|N;=lwxJqqshfE3}l1e&5c
zI?B}#JdiGjK9SU5wm(58)PJW3-sl9GUgN6`drXQ%Vo~3EMKo(@Y(!{19u`@dMCAs#
za+ql9kz7zY2xz3hu!ZDAG$JS4V?ogShtmsjQ-oRf1?84hn-5^1b-=>SCLLGp?o>E?
zQtnPVq{HYUvFlNg^909cx7+IK7nDgh(8z~EC})!qD=2mOVl5zqwo|-fb!e^XK*(#f
z+ihcp@3<=!voS+}7!Hggx1t<uLMj3fjDAfGDQjD<bVtI4?lsGo!G^XuaG6aABSfRN
z%d~m{OBytxKq98ZT9Z0VDymq(Az(;_!!+N@{)AfXlPaXCQ}LRIr*wn}@ep;C!cRhL
zKNSt413Zf8CK=NTu!lp9(Sq7Z)i4#4DhQxv_$s+#Dm9@&=W$e~29mfxZrXaf$nZd#
z%u_Jt<03#GS?TC>b4p~h9>(SYov__bDT*-yduNB^v0%0olICDgcUX?LCEHzIlr(+1
z1ABVQB@Qy-?{s_$6Y5kBD~Ft%cAOGwCN0&2C!#?N3!?*vlHCDnC=J-60T%#EBa_ue
z^01>0yKPYwc!R@Tf}PGYqu?i`2ZYXY03FBJ)Kn0I9>%yNd$$`y)&nF=U@`3+9oX5%
zxk<<Y8Lg`z-Xc(3iN_Ex+W?z|fa5=Sr(&V^Z2lVzHYr9XzSkmfqsAsGlJ)|M3HxU;
z04b>!s!LNy;qacOD1l|Ov0l(EU4@;y;1&Z)S_+7+!~kKcG*jJdS3x(CVFjNtcGwss
zRU8(+z+iT%?^LJ`eai&g<qsvXBRsmKsi|l;UDD0XdVAvbSeHs_MW4}d6zJ(Nb75mb
zu47S9+yYmk0*5E^qayz*!f@KIX9F0m?@IXNad4}S_EMgrqs!gCJcX@61RIE@5Tgx4
zKU-=6zwFY=x@E$MksXW<zC6t3;lF^wjf!AhIK{y>KR6839%=e-n3)#%5|;}%*+2x~
zH=RUq6v>kCV${@aPBMNfz1THkp+9tf21<dN@ZUiuV9m84Hq93`BNmPRogfqHn84C8
zqYXNUOawtnv&=P%+w7ae0rvt%P;?XllND2vpeHXTKn@Y*dd1i7S9~q99Q6U#DC5wy
zUVwe;{hfZo4hp^+)-yQ^_a19RXKEw5UU3?jP;A&|(i$ySjCOBp)aetvr3zdymD-rs
zC5%Lr3m+M6)Or+MuQ&`&b791FgP<R4O|~8ZHZ8C-3jcEp)BhiS(!Bq4$t^*DXFojv
z{)G3x(vpGrUwh=!`~0K-7KXxdZ6X%mg%}W-^#4rkKOuYI{cjI^`d1}I@c)EX(1MCp
zpt^?G;ADtt*kLVuU@L%P@1#E{JxqVLTs1xjxAwv1Qyg|guWm6g1UywzNR3+zsH+pP
zTv4oHpC9Q6h7yu1j;#sv^=t{w^~EJSb?ry8yZqq}DlmuRJ8pc5Au+XVjfZ%er?aOQ
zS_=N5;jH2))t^jadyrPd)}ybXmK5k>+5yU;ibgRMk6wddNwYZ^li(q60Ci)@6j*BV
z$YL6aAhZ2&>b=vW`-UWU!vl=e10EhwQy7L&3~}(RKGV=veAMu`mmvlMR^SToJ;?`<
z8Zcu22Z>lLxgeBqV=G9*%VV2NA8n{MpZPd3my6;!p(*Kg5Cr2Fi98;VX+({MnS?6v
z;9}hL*-RI617MvJ4{qibMpvglM_|pyjPq)03Anie=M~lSTAC4M%L@`U_vTh`a>8Oi
z8HbpyI<*)bwbnGlLa?IE0xUF+871+cQDxNGl|$_Z0yJ&5V%}^Tt3quC2{}OrGNx#q
zWn}1yK8^$5xW>Yo;WC8G%2*lN)?F?5!39PEn^#G8))Qe^v?CGmcaWnTMghFJ;=KT0
zuu28~!Xwa-->elJfG5CHqr0}QrncT=6S}H}5++9L+lPQTIdvTH1@<$2`o#a$$?=#H
z0^;?Pn7|DBUxi+;-u|NyOhN|uzdi8jUoOhX|6zVF!Pn1!Fw1A~{}~BIWFdKH!hb2T
zR3aev${!LCU_%(J$|3TX-OOkh5YYiKqEbaII1i5RIz*ebUf0yqh6+;5O0kOU0J;*S
zsG5T;7*aY+7%Ln_QDCjouu!bDdJuDNQ&f)NQ3{+sXS@|Z4~dE*yk)jS?CxnE2e7`b
zDWLbKWlGDn{1`F%6&NebBDg4D<>7pl;6Fsd2QokD&HdM*BI+!oF>z{fz)xY+*jJ~@
zki$Q?5bi4aYt7x{6zAC>Pb1Sso(zAs83R_Bu`;|@h-0xiRL&&rr9;50(FWZ4DgTe0
zluEGTW-4SqZCYr*gd3PTW`Ydb7Y=pG>=uf6I;)z{XhWo#Gzc{W>)9|32huXASS1jB
z(*ALh*5XY@o>6FP^wpxq#>4&|U}Mc|CCz7!k=gy$k2qw*6&F`&cF(1yp_Eo84H@R`
zBGc6CKwx)%h!!rclUr4(vjI^m4zhDOh&s~IE563YISa}FN{%KIJ#($}ml8mGXD<37
zcL%~L1!4Eho#PSn7$j&R03f~rs6aT`%6@5)r>P1tHwih|5B0FO6~nNgaf1Mf5mA@6
z-&P#K8o=v0&AMYd6dG+_Ioz*BjD~|k8!gd>1|-0@vuCc2`{QH)HbF39G8|OJGJS(|
z%dV2ZH(+%u(#!N%$?M$C;H?jBG`TdgVKZsKP7fGXxAml=p>CH7ME9pk<+0x~J)IYK
zdY;?fc!;}sngi&3E(0h3QVm#IqsYp^Fe_3c25Y8p8N15HBu!U=yVdtn1yfLAvL+Z0
zQ(z{kGO2a}j>_Z6B#$!6T7=^^(P9&XQfl03u3tyRPSiOJ>|m=H#tEkgLYJA|StQyj
zxPQTU>BUVrUywJc0Y_Lpf{<dT1yOv!{K24Rz*_nsRuM+XKb^=>TFVq!?m)x_RYT-T
zRHD+-n>2;Df;l$lm4gyE@vx&8AQ_n^RYjYWFsPF--B+o&uvj92C20&V;Z&nF_Oh_5
z!RamH6y&(TYP3Pc8h3kqo2BDM*l!+}2XQCCP=aNX3i)jUcN5o%w@U%vD{Xko3X1Xi
zFlUrjQLdjVnyQ$*=`k@qhdxmzqf}L0AI1v+*0eA(hwL(to2zQZ8-%sJpftHxXix$F
zgAZ4YWSFld7S7aACoYplLTt8cg&EY|_{geg?RHY%i5M|6OHkX%zOaAIr<73zep(vr
zjRGkUd}Bb(6@+bQ{gr{OLEw-bj6`LgdGle_Amc;3QzOfIK!vtsv`mNSCryDvFUU99
zO{@uceQ;?%(I{z?qneAg8O4=)Kc;H2U5rkIpt`~|EyI{*;iOlL_c`&LKg2T)-Ra0F
zuc@fD+wDeWduyQj=%W^<sx2zd)ElouUkmil8>}p9w{XE~WN;+FHV4vj20WQ<gkA<&
z(YHW-sn8hh872Jnbj4&6@%Kr<k7!W_3BLB)`*Vvk2R=Lb$teG);hT1!|EHqD!UBW-
zM{(&u{Et2I>0gn$QT{JP|NKvp`>SIA?zlS~i=>nBGd=Jy7Sgkf-lP5!QmJ5fRq-Bh
zu!DVWlc4X+A(cOh-$BCYS_R1vdp_Y0g)vAwx_BsYe?Zo2fgltSbZ|I~s^@K(CDHzX
z(=$(*2I}HA2i6&%Hii6915hNuD`XPdx~yioOG);C|4YVJp<X5YJ)oVkX8AJEVvpz>
z1fU8wM@2)S-hEQkq@D&!!K|AQE5&cBO^Qkx)Ijp{6smll?<7K3N%A+smu9`9saDSv
zBeO|1wWla0o?<=49U=<iSP=<Y2T5S-L^`U8b}HrOc9-eO;rOPp)-sBikBJjJWhzn}
z^#d%P=oPOG9s5!J=%IC&jCDuCk{z*hF)Do`hIHMgc6jWj2YTqN`!TrYqCZ%11l1{u
z>=i0JMLh_{P@_Ug2|E}?i%*?pWgf1#8?)0A3$aXP-57&}&0@v5CcvtA9#ue`h9(Gd
zDu1Gw1)R`y+Z>Fq+YP~z8DeaLI~PkU@S+jdOE=@eg#l{}HPbPp{4c=_ytay&Af#7}
z-mCTyP$5bVj)lw2c4>#4#DyK$$>Y)VE3hKOO%IENE)c_=W`hs69ev?jMcGJg?^PRq
zT9u0l@6`B1IMN%whHT_-EK#cU4>$;cDx)?BhyrX>d(Q#2Hv|^c)lgQvF)-GZkV@hv
z0AlrGm47~7#237RrR$h_p)J`4j^ABMD47z+2$Mq)&Z~nZ`CF4RR(%RU9Jy$le)Q1D
z`JxKmDZx-6sR~cJjn>n>?IH%)EzzY5*zi3*kW>|4Na!I2uVpYc5&9Iv%?EIB@C$~U
zDv=}BOybHV`-CiC*oAVdAB<o*J}bYc(kPIqxu~mAMZHYomNnY26qjvMUZ9z;e}o+p
zf+}u>->c!CB}Ek<n3d@6S{##;R$RufTX=*?A#GboV(;xy2?G`O!?cIMI65fjE3h=I
z+Q#V{hW99a(sN*AU)&tL0a-IRS>f_4qx1~Uz%m=u09_(Gp97JTl2(O^lf?y?8EvDh
zOj9w;1+AFjQ!^NO5r+WZ#DQd>)e~qBVWZ9<%nvLb)O%=!3B6-$9%b`YuaT2>^Ua4i
zhJ-&EBerIUlfeEpfv<ot3%E)g{mL)WCsYhr4e+apk0+QE>`KPuoT|hq=Jz!C+g9M9
z?PwoTaQ#-aYFu0BNDb5J%N1YpwW95Ab_V#Ia#)U-9t3oU+X2Ab+8jYZCY~OcIsT)(
zoHbk!*BE3l7_lg&>8sA9*k{@u3H!vzG*e*RCo|`PeVr=UznDl7nXcK)RZ*P(!*hpa
zV`_3gPo)gOOo(4tvd<8sK_(A2Ilv)?5OE5ak%X~9+Zl5BBw*1a+hUR(@?fmMk0T!M
zbi0uZcfZb`I(<^6`IC$jsF|zu4?_Ur<bY;VlKCA-yk>zjUT{|rygTz)qn!hj5u|Xv
z4Iz8FHC}6U_<*y-r;FKzh8-kySPA(z8CR9J#UPZq?e&IZG8P0#ipY@`#7^N+pnlef
z>Ivprp}(>ml!Mw^4r+fHfyO^N%A^jt$6$!yM{FX%P!V9#32%JK#tvWy@IRD^VvR;g
z>V_fhA*&wZUxcElJBXfviyR5eS^WVB8b!Jk4+9fJv_4QzP+{r?+8&P~9<e2ic{3ab
zOy$oKax1!oL<6$EZ-}$WRlx-Q4QHZ^vRqDEVhBwzMR2g81vZcZV0I;>dba@{7dKWI
zSp)MA_z204ssWkxUXCau)>!75H@R8$b)?aLGLx9oa)?#RTkWvtbxn8J)E8oS7bu_`
zyMsh6rE4$BqLt<XOmw=J?(a_6)u7v?H`Op&X_R40^bWMpTe}T!610A~3$u5&a0K1X
z03Sq&#;MIrdn!`}7@Ae0)v&<YJer%Ex*OoSjyY5+eL)K&hUG1O$#gB~W2h^*upRS`
znrA2`+(<K?T0%es7lv0|!fxj&<sjdHH(fM}oxO`S2qsmop%=#lgXF;g5eK^M)u#ja
z*69zERY!m5_-C-w!jEC)hJCJLwDH&I!h!;+W+}TWFqGwLT((^ONbnj=hGR~i;+YG>
zz~5W&<(?W8rNx7nrx~)jdCD9Q`Ug-FPQfr1`nvG>BR)v(?1&T>6iX{&$%U~L(IVK@
z?(<b`KG9&sub*s4<Es@Mm?^??#Rb&$%HhpcEiUVnC_X$k1VD-LY=?S<p_tjRMzRTB
zjTs!kHNxL!b=fFsmW$dmtR=_F&xHU)eF0{Gq>aq3DkS!vKkuePrn8#rtx}J+)^w1@
zsb5e={4wAq%YVRPz@wk3vmV3HXzk&2izn#s^Z`6oo~14ZokT<5*TM{PTJSTYLVdR5
zxLf6#%|An0o(d;Ju6hj6lxT|Dta{g$RF>7i)Z6lbOY<PgHya=KikvLBrIM|#nYMh+
zXHg9gQ7q=hX*xX>$WO>&jiw59fk7|M8j%|o&gWtoDLPo76o>`LGqZroAwuD50gUR*
zh<SlnBnCB=p>tYg-mpweqA(CbU3Jk$9!WRgmgAAusnnx3M8E|V*9B&d+|;6429<cO
zloJUb&>hhmrO39bP8>l2*s#f|ToWy$dC&nGn4{e0br;z9dC4Y8nnxB`dL#?VBCsf^
ze-U!TEhxu&i8fMJRqZ9mFKri7?0^AempxpJEma#OHr(1F6cvWXpx=b|wJ=@$Ro$j4
zYBMuDf!bsGL|vTnHo934n29E|hd3T)-+ala?jA>00%`?iszgY!Z#r!hpLzo55HbX+
zMvB^OVjJ13?gG78!-`@hurQl!c8x9)M@TbOe8NW2*nMhrfT(D@9i0<Y2V2AbvQaf4
z;Oq;V2&alf<X^b*5cfWqZfvoFxpsWT!A++vq8s4;?upH&6;H5JP%{hqw(6#WHdQ2C
zst(vsZFV2qt<hl0Fbn8*ZnDVt$Ry}@N9OIZlMC=aYwq;j-Ko91GhNp!un9LlEzyKK
zWhiVl;VkKSVa5qD=T#DA-T57i;U&J1cLHO3LT;s;75)lX^-5`Wf>py;bEE=W-OI`6
zQQJ-qIyxe~mJkk0TnHEpategC+%ztQ#e(!e3p2e~t)pi8jo%-^Epu;7V4OI;{LkY8
ze=3u=(;S+PLHo(<*?$akX2M`G{)NjfwX9AC?hEDgq~gRCGvUDkk)V&ru<<t|ufmxh
zLJXrpO}_9Jp<+@QBK5f+lS1bG4rqx$Txqd1%u+PSX(~jZVy$G|LQ76m*JZRat%nFv
zWXvmP+Rwa&2GIy1ljL+Xw1HR!>{K(*5cIK5dNLCUqZ-0XcT%L2Z3y%f%F;T2f-ob~
z+2!c{k!>faym;;C_2}sB?xH2&yXB0@c*N|)3A1xY%PyQ0B%HC*hjT)u`e=!hU>06y
zp-o@8V4u}ny=dez)Vb5dTXWUlMH-&rnCs1K&b;U{)nG5ZAsW1}6p-4>z{#eM;jvTd
zOf0iPy;+qJ+Q=~kiRl!z*b?Q>z48w!v)OTEKEZeXtj)z2e*$W-Y}Z5MX%(bLs!mk`
zY?4*&4U=gu$#hf`wJgCBrFZQuhcq1?U#NkdveBALVnAxK&6NtsjNoXA+MMEoS*1jE
zsRe6`;osPxko?xd6B3%%I?hbh3!%YeSl>bIZx?AjT^lAVuMZ0*(h-P-_tcWXYe2uP
z(=xI!^UJZ5eGuSF72$BKOAb<Y)`WOz!k!4mtHD@QW|n{21*@_8H)|~v?L$io3%pV#
z#>kq--@|(8U6HgfmS_nDgL0IWqBFVkRGAq&_JJ_>^Mq!g)r?e&x>qY|8mh{O?isq!
zf<t|(wn1dNu2yuxN>a(9o@P>kqOCgG3QlHwZ2YZWYvO5U25L0!{0a9c{mL_QG@hH=
z$IAhM4VnmOgG@k6_&fx|`3x!^KuMg%p<mS;;qik1pqM;*RFI<OOw1T1X5XrdE<}hM
z<C4{7XfR51V13Ajngun&I!`<F@Mb4bGD!xWI7Bzw(Z-41nVoB_$=Ds{_~a*VYV6zk
zr|oRaIP^lFd%t?`+{HUhd!QL`RRR|wST<1(-q*p&+`{S=AW{;aubd>OwxXeOv5<ue
zqP&{ghU%IX^)!bvu_%2}RRc{!O9pVPWWNzhgMKexT3NG<rr<LRr7fshR@G2N6Ukhm
z)MYi5OKBR6ozuEWXNkvyikb4uI#n%|^8lq3I#NIgVL&46p-KqT#viOqlo15JM3fsL
zASOA=RY#nf=+Lfc#=lW$0DZF+OK4pRXtH`gAheH^Ker9k|MDk|{U7_@FLms^|L@X*
z;(_?Td*qX0{)sdGU9<ts;QtZ+r?da`78MWJf9{b_|C&|`_MerDs+Xnwg8ipz0;=e2
zK=E62MKqW|rD%v@Q?t-w7epnNmf|G~p2ewtyp;tpHmp`0%(&1?q8S&=^b{6Kg@t7W
z-m;>Z`e?@eI}lcCJf=uIh7dEnSECX$??jqrW4)9>hrdmBE3)hlhaG~WO1J@tt}2PI
z@_ubP8P4iRoY^DPSJYPTjw(cpus|%4z?NV%s1W#h!2UY0(mbrA5_bWNUy0jm(1)XC
z>`{jmB3$bAYJID!>go|I=#*>}5mT;}=!fZigCVcY?PeiX5kj}y)@;LYm?hU2Ag#0;
z$~ZxP-$4s%HL-A*AsnO#tqgS0V96L0@uDLWYc!QLj1qjTT4-jpnecJ6cqr(jTCU|%
zK3i{%wtQ5sx!KKQHQBwWb&ZW+r<8AN&Nl|Yk&`}uJS2GOfXOFZcy1kgoP}p2Cr%*t
zk@WW_eC1wDxK3*>lytK)>^6dp2Q&`J9Qd9CaS?-T2-VI&JKch`)I`o|(!G2^^IqGE
zgiQRv>{1h!#fY1^ov)q-Efp(o2esb}_1mC+kmmVV)KimMo!X`p;zS2piL?gX986U4
z02(HUc)T)<i_U<<ZmX|avB0;WqM^c;wwp4<kP64zbl4<gH}gX=biqYkN)V4*W*u{g
z;|Y{03Zm!Qn)(Kb*u>Jx@mhqCVCb@uG}yaF9jdg*(5Jep%Bt#BRiJ8asHjbj$_Z?N
zO9U?no32W2kn^;)Qd&_6_aW^dPypDhl40UE!0CXHD~%>&(~O&}svA&Dm||n{K)0{3
zulqzD;XDTUm9Mg9Il5n$cvX7ob4trrR`^irVtlk|x?<ywcE|w+S5zCJ%Jj$r@c>G7
zAv$iea+>OMYKrt3G47*KIMBD!0a{#b6N%Jqvyy<_ApXYRtleq?`Kp$|XSU56@rR;5
zSWy^AG+ENvkkO!40Bxt1WY*?pQvyuqo8F)Wk8wDfHd_vqDA!ljp$YWW*DP#UT~SxX
zjKT4egh;1d{sf3B7~G1A<qSrUB($S}0-!||4OOcv*7~YfG*s0stf&M~8{*?Y;$#!B
z)YjEB)DS5Nmq=;yYw8+|wSZ4ld~8%5yt1mk!MD7sVR6j@3de*TC?A#<YQn-AEV|+;
z4RsYO>X)GwVmXlNc}>DTwnY6VXh>yUb!|hM?lK_MjJmbH`i8pd6^o2eXmcleNPCyp
zG*tN(1I59L2ts1Tf(3PYi(=dqf0xpc1fgVHmJ{R&9Nch}<pr4^4!}~e5<0fFw#tBb
zB^pXKv9bou$chFAYX0g(+=z<c%c@o^qT95$XDV`bV^xjbgh-f_sq3#1PrVO~y_p-5
z6b^og2%r;!45B|in*+|v&h)D38ZKCr9~qq{rt=wXwj3O~w*tm=_x`>s@zC{3Bj@cv
z(g~e73<i`8D=tHX!_uZ)t2MXR9n5W_e3%V{a=_5LQ3|kJJfn=0E|pz$N}6^EW*&){
z51k84U&ARuR2Y<CRegEta-?#}q$)-wIYk4$R&(IkfS+LX(Ps|ugogI1$`*((9_j<L
zotB{bFtijqc-8po6gi_~n%7E>0}eaYqi8Hn?d-#{AA4FQVtPd!Pwc{z$eq(oDrgu{
zBeH(K>eLBW9mBo2e`_-rKnrWI7s0d2A@yM^4hV1mD?XXzf3aw5sBKrAzgaTI|MQj<
z=;OZ>6ci4`|Jx&<{-!^I1dyzqR03a`a3B~r5!UTKNuVGK<O`R`0E?&$aF(ZVrsSPb
zR!~&tEtb}|k!p8?2vCeKqv1JhCK;W;f-6h{Xv{|pY5GhY=_P$O41D@rt?bciwQBhz
zlHp5mQIBbh;VQzs6d78K?<tLlEfcfFHcNIJyfb)knmZgPym2E*)RfZ7cQq&6nu=8w
zi0k#OuA0w^hazp-;=)L13V@$p1dQw51h2T-F+j@@f)PSH!J*#Ff|&(~p=GNatu1tw
z{JFRBPyS?}|4fx+mrj5T^uM4~|Nd84P*hYjK>zo|r+-PF`2It0nN{HC1D24|f0Tbl
zFK<BNiY25Uip}s8cs<@ip!_8Ti1_d3*B?eeSYwE|Mv|1yHc;ENb-UU&hT=A-b<@v1
z{~7kbKr(k*{O8h=q7wc4Z$Z&O{J%Z&>EDGf?0<+Gxo2O0b!(Mu{sOxD3q9T<$vdm8
zsGzK*WOwd<Cf5qLvbSILrB?JPZ0d73Qw%~qU9qX8Mh$UOZW8u}JUyF{C1V<Wre<zX
zL1@7cNv(-k1gF4YgIqITA%S;5{nX$u3YCHaSTv`NUY$11k7<Y>a0-Wk%|&^J=spHF
zL0~;*@b3!U;7);ds$;Cwp6Hx9FMaJC#60#Vk|C^UO;rydz>UKDCnaM5NL*7>7hCXy
zg3Cb(8%yAwNuTK%d^E+pi?#HC?3EXB)2drjVWD2`K?^m~;B+oYY9aC^HS!xt)kv)y
zZPa>0)da^tW+9_<xqn@!?35C|3ivZ$KNYw<xXsE7PIKfb(_H93{GCn-@%gE0_WCLi
zhGdL(-;RD`c^O75CeMdtA{vD<Ot8sA41w_>ZWY#W#!&M$-GJZIC9mYd<*8Mi8d;r#
zYl0RzG5CB3gBQH83af-I5Rl3$M4y*0dmJGNuZ>nb)iJst=$k+F)C>B$90B$(3O$E~
z-~_TkgtBB`1!0Y}QqOM;3OuKoECs-a>$bO2K_e@`7X^(QMSgU($M8!l_RdNnd4LYN
z74E6}WLzEsa-lqkWJP1400x4MSlI|r5eRh?2}P-G6r?&ab_ZK##F~c`N4>{2b88-b
z_$-b@un$nfXtCKR^Ji!nwumJi!~eM0Vh+nuG1^w&+RwG=d$9o{+9lw^*N;%Jb6huX
znhUimC2sL6G7bJsjj`zS9*&i>sH(w6DT_8^aaF|vy}NU>*P8TZTJ-ss)-TccJ6a2r
zjFx+*r<Qq{Ds~J*xpapDJaA`-rJ6pD>P|gcaZ7IOW0iQHR$X*D=#tMItk3XTYW{{w
zU)y>&R46L&O3P!N=t!xR6A^zDjLLdM(<*bl8mOZs1@1EK+L|3ki!7$qV``aY%{A2@
z5{xZ{P<>+bI36`l6HZSbO>gJsC)cnc%Grj{IOD^IlP`=J2$N$HBjF%@vM?%@YAH*g
zvp~r>JiH=KHQ+(fK(IL&v`-V<Pqk$+SkakS5^7H^ZXcq)Yncl3IK|-}hFOZ<$uK7l
zoJ_b`ifH=U>+@J9viJY#Z7jq6pDgHId;ZCA|1T`?7U}i>XOzw;7`XrMiBErCeKq%g
zAU=Ec{?FGczWEmwlNTRvp{HP$R8Uk_R9NPniP#whUH;`Lcp%;_qQ8uHe3y$StBPkX
z7tu5mbkAHaqxP9mcbq&andpqutEg5LjF4V!9_VGU5aDPj$&^vGY#hfM7<uvTg!sV{
zbf};!0!_uHx>lwJ6rq-T+TXDRPXHuhc=TjKiHAc;tUJW{{jOLd$h?;l<)kh#{5L@g
zCEz|?&*Oe;y<%V_PN~aquHX!n$6fA^qOpS;4SuzZ$~2l!#NX3`uE-E4Nw`ewy-O<{
zNvTW<gs~%QGSfo$RD7tp9l(5}3HGC-T25AhqAY*G!fLa0!(d(wG{_JXF<nGco(#lY
z;Cd$P??DruOr+GPgi4|lEdlV&ipHHNo<T#X;+bl8y@9F?68$s+46kLVJp4ddz$lgA
zVfuQwxdfWDocLphz7WkZRa1v4^U)GCOTPkjYf`;Q!9~dzA%^%^FGsYvCRV^0g!2mk
zW3`Gwi!q}Jd?E|AgV_v;c)9WM>nzJ87gpUPr+Vb$YY9RQNNtqu(ITO&0cD%1zEW#A
zrL=1d!GZhfkmb0~4>2G)%hrOr)1kM96xNQoBqV!8X#@2ur$m+!Gq|OcfB=JsOC20p
zMj-QG3}FFv7le604TRnW_X1F!lJc-gI)--kEi^m!c9RxuW21G>V(;9ly1JUWIUe-Q
zIwy`T$m4UZ#PO}5P>6eD!&Tenv?M%pq0K@RGc3vzA~OkcED0E4{cc5hWgI{au|Wk@
z)E7S5TOhWGbrAbnh_opY_Z)05V+J=!gds^4HDm0_X(W-wtjR=cvkV^(s<6%O2LT<L
z%$6QPb}=b&Xo^t_e~Op>lI$rZg~)x6l+Sqme1{lJRJWfPA%IZP3^R<8YT|AZ3`&rc
z2t~|AZw7m1+GF(xYdN~&Md8fCi-XdC0lmYaL8cxjRIyadLuW%ix<lm)MfmZ{e*usu
zUpN9_j{CHTsL@3$*a{eEf11^#T@#dE(Etl@oN917A(R;L4mOtrdDTs!mfq1hWQk%_
zig-fqBrfq8N%e{(H0<nknqijhSiKfYvxqZyhj71Cm59q(^{Vx^RqOblM0Qf+*6QW2
zVI1D6@sKj9c{<2n%Rv6>rm+jC^Ghb<ign4<lNX-Gd`4KsSTN9a;`@?|X;@4u;-`~j
zb4O^bQ7i*w8BQD^j?94Sm`sZgbeI_c8*UIc;!$VntvrKO$8oTnX0f4aBC0-YI1l(@
zFdS~oXLc)H@OttMw4%)8$y0C~1z`fQ%0G_qYjf(iiOt4s4OFoU70J->Z>&Z(8z!3m
z=KB8<cIC7Ie<#I2$deRmNGJ3m&{T>?VN+2VG4pX*4^CYpaQ04NuRSaT8$ZI?Dpnm~
z5D5L2qcj8aP78?UcHhoHY>a@}9V6p|xhL%mgOL|%95?jBas_I^rEYQV@L3f}wv(3;
zJIjX63l0NC&m>IB)6Nv}$zmk|eP}_mpiFw#e;ANjm8rrV4fexSs7*R~GI=}DJT9<V
zFwj<|O#cEwLn^5dZa6skbd|v=4V2x<cNg%S{xHzd9(>3;NjOYI=h`9EAV;H0&V)*t
z;yh5B5b6zSJmH>rQMGb&`i^f((0`Lx4`H_PVpE6+%dYR4&Wb?{=gyVmVzCYqYL7&x
z(<Z}x16Rht>{_{`L3*f50K%a2Hc3T@v@AJK2*0N->!8LZ!eJm9nJ79V6DGkU;m!^6
zJCqE~)5b=@u;@fV|97Zv(6o&*2`@uATbt&j5~8r^FxVKwY&EXDa=h$j>)zOy#FGf9
z!#JKU;qJ)I5d$$4*c%mDYv@!~NPHswj*w=XY>C`l{D4!Y)(1Z`ExRD~3I}@qIGQKt
z^KcHDGGaz4#&i*vpXilKI~Wu=-2zwFE@>wXXNrBcxdZK~Xa{17HDc{v=Wz|4L-9!r
zcgW!|ML;@hmcu8QzqqC?oaTr&y=L+YEW3Sk>me8<@#ai^K(e~7Ophc05iEksbti|D
zjlPOTKN%c^+RAE{1-aO3UMo1`E*kxb#|xV{vJ<F$U$k1bH6;8|rBzO-?`CMf(qcC4
zX`&*-m#;K_DfvD_#|>sA_y(Zw*L<%@gbO6G!ypa|umsxIjxr6^HevK76HcG($vzxY
ztYK;PsP4|7krv=XjWr!gKpsL5YAZaPu6i}K8g{ygxPomqHe7rQ_O_q#$wb%%p|Bwg
zAVWdtP`yFu9)YwZT*N4F-<&}))ToP(o%tn8qz~q`kxfm5CTAFno%Z#Xv3&(P%?%wv
zMD!Q|*u@jm#Ct3@-nMFQYuMzIt`4XPwRI_4Laqu}Ua;|uOd`Q7l+hHi8rCS=^uiX_
z<Z>mY++NmR?@NoT(qI?)ouZ3;O_3l(@YCoubUJi;G`f7<Vh~qBZ*P?52bS?rDd5sG
zhuM(<M#7lTu;W4yw&?AV&804sN>eNvWg<0MqZ&oi%4xJl4pdHan9LphikOJqO--dG
z8@kR<ZH6m6VdTIiUAg9s03Op55fZG>Q4W9bVcTK2&tYwrPD64hz4>>5U^W^Gi-d_Z
z9LJ*6=H&`GaP7&}U3^%sc|2O(<%a=Nw;g;%X(~BP1ly!1FPeu4I^5b7VWvOO3%Q|z
z=Oi3?u5UpYY&Zx*domI>c;_~e)lOPaQ;AK_7dI?lCe^N-zpT1avbj8->Z*o?9?yb?
z1th1?UEuLlt+36t&Vk=^=YU2J`q5C`u&ipXrkQg*B+)v@gMsGEuUW8mE*1+5Fd!Ok
z(C8(utXqbdcB#v+5IqclBO!Rf$1A>GyXVvbT8t2(fQAr9qk^!(G26&Y=!U<f@5A4V
z_uxG?wq|YExk0Ao^N5lj=phj-*aZ_E_dbubMhM)uVdu_y=#|8vb)``d>fNtvQ9+?$
zJD6$=>6^eTy|7CR@&qPnr8b<Or_vmWc>}l8N8XlDG$@pZONj9mR{sPhzQs1e-)4TK
zl1DehND~k{1$7E6pTl^h_%JFvsGm`iuRili67d)+`S?ZLE;azuZ%|tkiJu*330?>~
z9Dp1<OJK(h1|e<vx%C<bK7IRS(EkzbG=H)hP$v8DVsEM5{->~TK>ufteEL`WMbQ7j
zE2mEiK&IM0y(#+W7o}?E_j9THaLTK-YgTmwaXO8;MqTzn%1ZIsMs**=UrlYE#zQ>K
z*kzE2!B}=DpL`esCd<^yY4|~_0ql?C))+p*%o(^r*Hb&H;z;yGU9&H9La${%_io(t
zpA7ULl;L+({WFvQ-@@V<g?jzZ67<gi{oezh{w0S3{a;?ayb52j`_b;Zw?l!gRD2ke
zsy5$VZ1e3cD=65_Hs7crRo%&iKLGbsY*$qg_Xpa+kPx?xjfK<zH>g$?2q+N?qx)<-
zBHq<#*b-4WDMb*y^pml}&zFipq74i@)>{d6GP5mitY}vpZb_<_vC+N8yRM4YC?7{n
z3Ppf__hThS$nB9jqOmTi9sP&E2?3?}2x+HQgUquF={{|Dz>hA{A(WkvT4Z>gK!bvQ
z;D^MP9xA;?FcrZdj*CT32-F?in5fhfOC_ii7hHkjhIkiJB$kjxU!0P^C6+QDIwuz4
zGpAtwpj5Z85=65lPWW4j|IWaFXFBmJEG(EY1C1Qqg-!4gB{8@kCVF7B(1gvQhiz9^
zmpkN-`rWZan+IJ6Lv2y)I@yCuW5;}oXRh1aRu|j?$k-`>KOPT<$jR&R!;a{3!PP5i
zb0QFb5-lh_5K5cg9SLKA_6^<o{D?o`LbuU&xx2Uk!vx|<GZ^fXGmwlYVi*bx$0A`P
zAf)o@g0X-BLIJf}oQrDJ=f=>!NV?GI$^HnzfaQ(7!-U)YnPE1zXM~Zv<%}?aFq*oI
zP)aOw$HIoeGwFO=MwnR8*!iHJWVIQKx3%G{c(7HUg_6h`3K??1iBBLAijzeq#|;CZ
zgUASwFjkL}__9$VhBlxio@W?1p4pc08`i&)Xj5orw{gKjF0VHdGBm3*8blkBj7)dR
zP#kB+Hip7szZ+$9Ox<C_5MWTnC3gp80uwjxGYS(2UAA~E6s4nO=o7#tqAs)u!kBts
zu&x%9{sCl{Kkmkv1S}FZY)TG=@)(fP8x)yK0^4a;Z7dX!y9G+n5{QQko1)u=lL?kU
z(3l+nHO~$*T5Semf%4mB1r1kQloBqpDtHY6#Xtg3uF_7nS|DM}WM+>9B9sxLJ0nD=
zVPPYP&JbDIal<fnyIND|b|RxJKW%6mFro%9NF@Z`xU;%l?R0B*gDl^W4T<W)Z8t1R
zEx>xi!tQphM<<rByOoZ(5vC*NkJ4O|i57B=^^3WNtsvxv{Ylwyymh;9GU=R2?^(Z<
zv{}KVvB8nB3nk<1s9~RUyAV?lpkp2|n-C%2Y*EswMpp@wsfJXN-DQGVX^#auy8NB8
ztCcSq)HmaxqBND>hD-)sNv2v`Lv%(vi_JF|&EP-@lffYA7{qk#vZb30n5=)4NHWc4
zmdz{r7q~rB0Lb7#86Zru6R}n@Pf4?u^IZ7STYkiELcMUdD?(Rq#K3%T2$=ww>^urU
z4mfg2HNfCxGDBw5)8!8-F5(Rr18oc$b}#Wlg;;|W&PfGBF;9zM36V)vqCvCdNJvOV
zKSC@uWRl!L8?FP6xA}$SxZFmQ3r$mtOj7;yNXMz&F7%UeIjw0k0;U;}qLi2pHGria
zo_)%7(5yH)nek7W-)lD7u3|p=NqMvuNJeK|1WiO3N(NiVhVI#@%RwpRn2q4c3q|~G
zvIqSjB&aQ-CZZqY93cZk65A+;6Ox5Q^n*}*)KfKeJsa8ear0E!BsCrtVB^s?N-u;&
z^g|^_)c=_=CrM|G<RsbDBtvGY!S$UfH5r%}NMTuNa=J7lsB%wqC=-4~%|+ZpB;`U$
zNtx`gP#`AeqMuRP{fL;3FVHPv+2xP+MEnGCyu}=(C6weKZRQ||=~dCh&0*r9ZU&NQ
zYY{=vPqL=84d@ms?$#ph7Lav!1vOb+p=dDH6-?3L3Ss9_Ht-`6_JrDGg{I18$q{lC
zlGKPy4=?y)lB|TnF_YvjEbgYMoe8>Z;EPFeD1e)RwH(kklA}RNCqu0*<{1G+D4~#M
zGoDISmY}J|L_guFaU$aALS%I$yOSoViDWlVO@spN@P%fysu@YjM6?NQfFCT?n3z;L
zc_LaHE(Hu1Aylvn>oqHk{pUae*Uzs8W|`s*QD{3l|7G6x2qh(*p`ffG-R7yXN$Q5A
znz$hq3Unkx?0k%Mrp@Y3sag1vB~WiaVaiD+BJ2wO#!!Z2F;i&^xo{#~KsXc8fmpOv
zPRP*!CJM1wIOz|=wPn+P$qRP|`9FKQ*`+7o4DY{%MMZ}9-x=P4_<wuk)2~8s?F#@`
z=-H!QAWT*)eiE3$g8&wkNCm}Zg)_^FcCQ;))F@L25Jo2sx;C4+b3ok-g628M)mvmD
zdQZr*)Pas=qBibtQDWf~*lV}QZK0?lb%m1cVD#!FE*!A}W?b<0hb`$s;G++nO#wMb
z3P3G@j_76Ukd+~1xEUY-kH^vR35u^Vjt&YYWOOYLb)t5pgG8Mr#++(9^zZ1RG8hj&
zfzUbhzP?N>|2RY|oK^IJ9KWpt2B+k8dYMr(1}O(GR!rlQqSZXfQx8yw*lA=LJd`vX
z3TYHK{G|BG^!S*+EMsd5Rl|o~>Q?mtz$BMA-hzMdY^ge>W}dsqkmzkK)diW><Wg%)
zZBSC+*kEWH4=HP&Ugp8goK9LPXt}CB6pYp~-2Vkph3(^;zS;VqTDRWj|K<1mo&97w
z{}G{5cC-FhadC-0{)e})WWfLX9{Kd|c_*CypfQYBPv4LKh5nXMOj@q0Z0)pWn0~q9
zli#b;3@eybR<Z{)!?45L5Z0#ltDym1;3Y07g_1J5n#B@j#Lg_)?u*NbcnWlnlZYrn
z5lp^eSbB&RF*=WBthg)t(Lv7inL1=_RGP%bqPe-)h7_vA5A)!PmmSNwQFK*<hwdJ1
z_)HFTZa&7f2Z)L{P36uZ%@9yPEexCzaZ-EOk6MCG3l5+<n<a-D@c{~+dxQeXt{7y)
z^SeTN1U>HdLp)+^8w-%c76yy}Jh;OiMTQ^)*jv3DwNe82NFio^mun7WmNzYJh9=Pn
z#`47+l7@O|(r)OLUmZIs9O{sDoq^%-pq_-1y>tcxnPq6w=np-U#nxQ}uRG?2R2LrA
z+_$yVn`dheb8SuI-NlmRh0QK<Kcs}qOPnlu2){s_mf)2SsWxIr)K|WUTkS!0f@u)6
zmmBn$b`QIXo#saT9fB3j4|{>u*a@4$VgIv6V_~kh<EI;eImt$>J);X`Py4|}0NfX#
zZH%W03+)xtdE_Nkm$kZRx5RIk7?sp)0g&LNtf7KG9L(v#p5@Nd5nrE(#Y5l)gOMYK
z9UHWQYjH&-G@Kk!G~k9I73Z#|V=-bji(PV|MGp%L=paWOOKAM^P~S>=pYy<*a~~<#
zNJ8~2F5DToKVa%j2b%;_qc>s|VH{Jk8UX`fl^WyCWW}{>eB?0ycX3k>U#d|xfz$YX
zh0Ue8wNPK>3>sfT+|xV`SoJQv#kkL3<KFUWP2v$^2exs8FVsR*^`~Mit}i>?t2##5
z;AXQ@F14po+7-`Ybas<@ptg;8{9rz@2_DYF8(wtuV07!=>%}0=#IyOO)6Uw1>NfS+
ztKKl$4eopYpLlfLxlacEUk&563tGUL<bU20ef*b#0r}q^`t&c;tK<KHko1lJ-)T-?
zyD&uy5H-YKL7BH;cZT>gSbvc76wzX*6jzB|Ttm+kZnGUPFSn(kbqrR+@gVAtxgF0u
z#_xcAxp^bfaRa1<PI4=dO`<UW)bmrKHvR(#XulnxLI}nGlH>E|CUyfK!zaV}uL<+{
zQ(1sa@gHXx<G&Rb7Y>~Nd*ai-2cmHPcZL$l6p#*BK)Z(rFf7iWiw!W4Zf$g2JNcRE
zX+tHo1YT;?n{PG);boaNh=#Sxx0MY0pLJ-LOaL?N{}}}Z#d`jK!2Wv=efo7LXej`W
z97W!`>8@Q&V+-Ke5FnUmF7>G_n0P9qBBM&|_X3KogtW><)yq<T;wm|bov6!^I4FQ4
z_NEQQTeOaPS!UZ%h+dDSN7{hoK{@FUg%x+NG^yXz5`>L}sgyoCMPX4{@os;VK<&}%
z9+>GG2=OV<6qtmcq;bqu?FQnC%?K#UfK0M=Vb5W(mZMqG82E)0DV}NxhXRreGE=OM
zz~3+YQOV}BS$&l?wQK9D7cFj(AcBTXn4Ze?(}T(_sH(55tFCRRu2}))D#)Uf$QunT
zx7BhB_0>WbC0T_^Dh>*m2*awXx_T%rk($M*;A)%=5QIi#Me*afhAQ<Z-c~@l6MXq=
zJzLs2E?iv3ZjPXUU2#a*xL@?2$Go#(52(yLzV2%0!w>y+FeP?8F(ft_^-c*1KH|WZ
zI*B1}Vth`Vr@C9CWtoo{6$LxvS*q&M4Ha<1@DUeVtU*jig2G}b!G{^ikR<h@#PQe#
zSO<Y4g7~y0C=hm5Lp~ZOV7eBHPQWDLV}e+WLa%L>Sdj(`4%A?`;piU{i4a1mlp7nL
z;^77g0Pg|OPJcKQl=7jjeBzqYZ4;0SJtDKfZqK+aBr=O`LhLxz#EGKVNQUMx6%X~~
z%pmCEKqRX}SR52LT=W4*SXPYyiT$4I)(Jz({$(m2YEkwa(Z8e+9~KZB74}yOf;HeB
z+VAxUk#0~$K3WX~w!p5Tw8R0W?zZ06G51#ZftOG<&6&9Sx(+A4ozz7ZFKSK{=v+9o
zkp&ylv;<)2#^8Row7(%tG4^SKmhm(j4}UYWfY2_1wvl5-ByLu^9VkZXVs|lM)9eJX
zBrx1kx#{zUT_mkWoCMb4;H#Wfk9Q-5r}rgtQ%FmNVABBz@mGzz&s}(#B4Qg+(-VfF
zPyK1v_dvgA@fWQ)NEcD3-27r>7aQd;LBss9*)=ooCeGEgX~b0<JB}T@k7AHVO?3zD
zW^!Q<DGL$9qqNIGbmE61ax9h9oZF!JM#6gF5Mg%8WI0tXiwqP!G*q{?+J&V#l)^DT
zb{?UgOjy|v!8kOOT0^|-+PM>a(2+vqZ6Al$;j9B{joLrVYpXx)4jQl#B*4N!N5f|&
z<+xol9>V*2|4s<uO50<^lRw(m;QmMrjm_^nsx}8YRZ{`5?(O%ssH>w(2F)7m;E%S$
zN0M~XWJOL=&|nBp9|c1Th5`TFchG^)&-XEr|13uwEhtI#TOAqXKP81Tbo!s(lETt~
z_uoD8nM}kJY|csO%o6H8sl?-*Ar%&t6_l107fECUs9eHYS+inc^`dggO{FYWYbY8B
zr-A@(K#{+)G{sKx99C<CufCz8t^q;|20Te0U18+dfMdnFreamaiiRo?%m~!rt6ouU
zK!T15lC5SMvMOuV)K*q3TjpD~vZ7uhKrEOh|AHawE0$EO5y2GydVe?hivj9tY8u3R
z6A7ury901qus~Y~K?t&HZLTV)5|dd-aYKd>f!L78!=OrLj@+aS)?HGsuRl_6zCoq*
ziX&2QI^}%S$g<ImuR1i=)m8J+sG{SGRP7GO@sA{8G0}JHf|^Q{9gGD$DTP8{3r?C6
z4h7_>B5Tqj{wQLVHA!T~#S}KfZJ}0c_3}lm36VBZGgwQr1QFDVmKOM`MC%wLw@$Ic
zI(3wx?LpQvy8MBZ$p!MW!<!nL8quPeUr}FG;%#bfYQ`y3>?qB*pt{b1lWZbz^?Xxc
zlx_+yj<HZgOg62=SGA^r!z;10c+uRLphc++>m0S?(p-s-1`Laa1kmvz-#L_SpjZjW
zG^rGq(bP)OLABc2ths^qNGvE#?>1&xgXr#2Cc$4Ha7wvwPPhUaTLEQ7oo`|FvMOle
zg6jGPJV(}CaIoM?Y(R<Ys%wn^o@v(HL<B*!YKmD|6=l}kNC&WHuDBL&AkGOi^NFU(
zH!B6tIJl%{JayUW3Ub;=F=*(h0gnKk79rkN6q`zGji@MGT0C@zQB0gDJB0Z&N6ZVF
zqDC8-q68x2Fy^Hz<v~P(mIV4^C`t0umPSN_mIlgVEDiZqN<*~EgHeXwM#L~}+L31{
zXi@$68ERk+ap9x6%&=u7O#|!K*8ApHuP~{AuSOAsBPR=7+gS~nQhSW9kB!nKpbTk1
zJlb@`lSs|dY;vy*=n+G18a%V5){r$f9F<&3t1vR!K@<7_3`m(uzRcQ5D517BBuxi{
z>*kozqA0_|=}O>JN752o(@}#AlXYsywxTMcL4P<FmHELXHEG1cniY^Hk5VY}Oc<Fo
zS+LKnfw1h4mJvGHYC^ABIz2vqZua^A{im1vpSvp*?Uy<--v5gA_rKDDl9GY@-=6sB
z?td`ns=2(@gKptWy}3NU@=+!o71rMQn)-I<YwGpR*VNmcuc<G0z9z<?H1&GtYr@P&
zlX~YfT<2JAO{Uj5HCJ<;<H`E#9M3Sh&hb3Wb&jWs*EybOcAe7#=x$z`Oz|Qsrkh>@
zd9K+dkY{Qyfu{F7lQC28c}?OyugP%FYf33i+It?P=<j)urn~1slJ=elDW><lCd7d?
ziT6C5V7TX*-|q;gP>uRrS6f$w{yGp3U{lINF*kT5w&zbnW%C_2k}7C>+ZAViUSpnm
zCCqEiYtDBzmNzyEm%`@e=JIA#y2+ZGn-&ARCmJx&n_^#(h!dy5qhXf%*c`Y~5+wPJ
zjlpoZxjDa&)uVM`T01Z>+R7yx)u?dn;>B~9XHaD2OdF3Y%GCPw7g*tPP`yxEQPUt*
ztwA>kkx3;Sp~&v1f#lTDP^3w?560p>W>*Un&~(+{t!J!*T@gtI=2sO4ln!+_(>>E8
z=XZvMHFZ*6NUB~T*>zVQhqRzZ!nLD(6P#N9*yK7x*UZ2??B;pU*D72id4<~BC+SLW
z_fI2Mt!PZ&A=BKx;b<~mJ9Q0Aa~oBw>Ba>-Rd65~Zh&dpfMs#uwq4%^mci#F6oom#
z*F@c17;vSnjnG@#FVlOide;leVUwF4NgcT7?cR^c{f}^B{a8oF_+K-;`u9Ij2_Lxs
z?ST)y|B*Q-?ox`lYO=RP^3E(PC@L!{G*L~qPL}F>l%yQVSEO*LCE*7z6@nIoy$c8Y
zXbDCA*uw>b@Z%63m}`-P4y($GmP?+LlJH=~77v2=pv!=##O>AAl=2(v0G-@kE6`&H
zSKG2Fez{u?q_9R(`o6>x67h+tf!0;49xj@iTi}j7S*nbIN0TIVc9D$XE(Btc2q>1|
z09zr5K@v|On1ofwgz6DOM*u0;L?OCoLi<5)3~SvZqMgFQN%(DSan1574MHyNoy-)b
z;cguQRXw7T4cArc(yH2JRdw{1ZY*tlixqFv=<cTyd}x5fqrV`UfWRWP3P+F$2$msI
zC9rbP!nW2fU8L%txu)2;h8PpH0}=$}u(C%Tmf%K&!QHme%HDE#`o>WFzve_rOaJ>#
z`q!8Ej|Tc*GGoC0Z;yO5^q))r1O<?pl6MxO|79g52I*h_)BiwO6QTqCNb)(tCQ2fA
zFP+!4e-}x-rs)*rE)aN4(|V!nB9AUMVkhZ&Q)YVJl$oA44bb!5{7FmyQ;B|40K`U~
zB_(O;e?d`!f&P03=>H!1OrC@pNTuCs#jn&ZZWIwqgxaL$*-TA5(y7UyN`LS)EeG0T
zlC2@pgX0axBtk-aVkwnM0_k(R-8NiFS9>VX4n&>fM&Es?73GKWtV7jQ(2OZRl=%#v
zLQ@a5QoAZ+*%EIbN<+ip2e=(G=0mAN>4;2WVA3S)l1?2G(s7{b;N~%^LfUv{WxF4&
zQ`vYy2G(T?kx?W%O)B?%I7e}~jSVqFwIbFfB~no-A1u!Du>v~&%0@Zg#)d>~7pVHT
zLSSAei-gFY^&!^|IO3@!kGEJ`(XiNI!(;PvugihYp81&2e^4vw*E%xLfB5L=e{oT1
zsYNR3*H)zY{EyTBH1iM2to>HU&d+~|7yQ2r%>VBH^fLeK)q9ug$PoX#sAPtI{!2@X
zyaW8-p7{Lu%8zeaMlD%bz0i`Cm1S9s{%85|?GbCLD=U4qbv1BLLKzmzh{el7(OC8<
zizO0GCh8W=m)5LZCk=hZl5NSg46%4E7JopAFRx$N09dQ5DkTL0Y3usxB}*3k`+{q6
zEgJEi`-~366G@9Ds}_AP3d%|VeLog`4|gTwkp3z9KCYz$zGn}D?+MgE^nE;hZzJEG
z7>0a52)+j+;FK&I+8hr?g7Ezz^!+!TDH(mwS%$tJ-x-p-(D&`=JL1kFA@uzlC>ufi
zl*KY=1f(Ys%Z0wff*p})sH;TZ=U6PmMzjgvTZHcrHVHbV^&{e)HEX7{SndkT$)u|m
zymBOhSc>3}_E;>W&-gP2##TauT<V=wTIwovdxe4OHM5T&m|ODgi-Yl;W$pWvnq~$U
zyToFd`6U{gQ`NMV^DLIzj<Z<CzpAE9`Mt%mH=4I?&kFt77uJgyOj{1PVL<sOBS0TM
zLVa#P$A?E+K&2@#Zh=@BIAJC356F^BzleWwLGyMv>tq^SN?L_h8Qc>pW6@xUI6jG{
zo5Y`3O!pz{8hyrI_HWBLpW8C(*>RSfzddCcG<LWpr)dky$>Q_2EO(U!cHZg(-zV!H
zf3l2NvrmCP3cB0CugbaxDUeEZl04X!mcbUQWpB$k%LK~-mdO^o#bqh9%&^S19Av4o
zEV0yB8Z2uqhgbrZc1y&Puyk1tw;W|T-g2VlRLfbG^DP%yF0*X4TyMGAa+~FD%LA52
zEKgegWO>oD!}6x(UCYOoPc2_rzDI;?Xx7NAu~`$c4$R8Snx0jdH8X2&R#n!rth%hV
zS%+q|Wks`6S%+sGlXYU&=~?GzU7WQw>!z$bvL48KJnOlvKWDv_^<mcMS>I*nWRJ)m
zm%V@X)ND`o%<PKnrP&SH&Dm|)8?rZMADex0_PN=YWM7-TE&GA&C$nG7elz>y>@RaH
zIm2`I&6$+r%9)u{nNyRqE~hmok#j`O=A5&0F3Gt*=gyo*b6&`KGv||>ZwCz-G<J|Q
z$Tev8pv8k$4hjs~FzARuCk;A(&{c!B4SHzM3xnPo^y#2~4<0#q;^66n%LZ2uUNg9D
zaM$4D2cJFoiov%Iet7VUgWnze)sP`W_8pQxWX6!iL)H#iKjg3>Ck^@CkQ;{FKjgU~
z?+p2J=+L1PhE5+^KD1`2e`s>(@k7rWdhO8rhCV;^-J#zM8$Rs7VTHpM4qG=YI_&6S
zXAir2*uBG^ANKyR?{i1x=H-^<*5n3rdvZ_7y)5_6+-Gy&&Hdgw+L~`Iw>DVUTaU7y
zYrWq3u=O?T7sH1Sw+){){NUlC;YSWXcleFN9~=JG@NY+q88K}{<%p&csSziSxN^k(
zBmO+%i;*KoP91sB$aN!=BTpW=b>tsMzA^Hfy~gh4-m7}A;9kGl>w>+u?e+X#f8RTI
z@4US$_C93qjeDQH_aF9tcJEI{<&K&<s&bTn)DfdD7<I>}mq&d$dhBTL=$g@y(I<_*
zdi3L?KNvG~%+xVeV}fIj9dqfJKaP24Y|hxpV=Ko7#vU{Fvat`3eRtfDarxt_$E_cC
z;<)R^Ju~jpea7rlyw9qAy7#$YpL_OsbKjhOr|w(5Z+PER_Pu%Em-hYc7yJLB;urES
zPWZ+3zj*!^UyuLg_=CpF<2R4LVf>5ZzndUUsG86*;j{_2O?Z93LHkYH@8JEq_S>@G
z!~1>m%W=P){mZ~FH~;eHU%omqd*ZZ-brTPpc<IEaCVsj90sAl7KfeEY`~PwOPY&4k
zfP)TLf54ds+<U->2aY{(?t!5L&phzH13!}Xkt(FHbguM}^y#FDlNL`(O}co}Gn2lz
z<=a-;j<(%kdwsHX^32Jtlh2&|;N(xI95`k9l*6Z7Gv(F1+`O52?Rn?qJ(~CR)cmQd
zr~Z2CZBswUAD>^HzcK%s{MYOw?epv#?3dWLJBB!BIyxM`bNp#q_Oy~|?b9xp_U!cR
z>7~;{(|<SpIp<*KEN9etiSuRG2v>!x({+vOE%(0eW$vThx4HlBnc`XJInDE^=idb-
z1>u6r3U+wMc$avO_TK6Jyl`4!pzwmi?L{Mt78d=g==P$|il-OL#aoJBDH&U`yyVv<
z50?C^bVg~S^!m~dXH1!K=!^?zygYN<%-WeJ&3tUu;92u${c6_Tv%W1WElZZ&T=tLI
zuGt;4ub%zEocuZRoXh6CQ*JBwmtS1|=3Hs+p>uyf_sw~e=K1GcGVkq!CLa_$=!%2h
zuW(eXuei42@AC`hC+6Qe|Le-K%1xE`FUVQ2Xu;+M&s2@6T3K~|)f)?K3)>c6v+&bJ
zC5sMQbpPVPi<d4wZSl+1`&S35w^o0;WX6(BOCDM}Vrl)-^OwH8Y}&HKvOAY&FJH3!
zjODMb$XgLzaa)b0rn=^gn%8UdYd6&1b?}gbYY)EQ;P>jhb%)nIT0gelSATW=R}J$U
zPHEV&(!Mga^1)SmuWDMgb=B9a7py*g^_y!vYc{QUa_xR=Lu+qeH+0>qbyuwWvazc1
ztj2enN}7&udZ{_Txx4xCL-so)e8@e%y?uV)9}XRS=;}kSKJ*8FjsFt=mo3#T7q)yF
zs0^GF_&9h_@XX+ca=CoE{C;bB>*=i@w3WA=(e`2cy!Nx(KM7Ta&JTUIe)0N?)_>hm
z({W|TkKxtf8zRFZheqy*j)`_eABr6i>yAAapB_Ix{^o|V4QFlmG_f>sg_5N-E4L@d
zA!h2Sls$D^>aEVXofmX|)3vJW58b1?quo#SOzSzJ=lzWfH(q|&pu+-(J$U$}!;d=r
ztxXl1E<Pgbh?XNB{MF=N9s8?yk6d)*RYzHm>Nx7@qYI8c{pf!lv-+4jkKO;+BaeOO
zxJAcZbNpV%Cysyl*Ry|p(QgL*CiI(UPAEFzyc7PtIk@?W6AMl}`@|nk3Y_%BZ@s@g
z_qRWu+<Njer<9(u<<udkMo)d|w0Wmpb^7SjH=h2^8OzVucBXXZ<}?3!mhY^`&n`au
zqI0b0q|SNs+-2w9e%_SxPCf63^V`pV@q+mm+;HK<3s1Q4>)!=`_xzTFwp@SF{uiBi
z(RaTO{r;7U7hSyVlBt)Red&-(J1>3jvQ?Kodil)Dw_dT|6(?TtuPdWhzIj#MRS#{Q
zv32X!6R$qyn(S***L-+w)3txPZozf8U+=p9;v4q8;lvv)H>Pg<=%zz&dg<n+H$V7?
znSZ$cmb_aoymjoYo3~|c>)H0{ZSA+cdHdSipSxqp9S`0)`_5bMa^H33-IMOV;GTW%
zIptpKy~p1B<9!?N`||$y{hvJ0_P{$2`X1cz$2EW4{?Ne>J@fF=haY=n;Uj;1wBphG
z9xH$B?#Ig>zvGFSPu%uo>66=@DtYSGr%Rr`^_kLVwmm!J+1vj#>rZz+H|M!~pP%>q
z11~Ii;gRjt+n;=K#f#6qwDP4_UT%8%%~yi2eDLS+pFexG^VRQn9QoSd*EYXC>h-hV
znE1vee{uZfhBr&!yyvY2Z$0&P{o6a<3B2?1UzNZ9@b0nijePIy_YZu3>j#A&-2LIg
z5C8O0<45m)9RK+HPmcfF=)Ya~cl+OO`Nu*3c<R$NpT7H9;<Fz=Kk17JUtIam;(tE)
zW$l-5d=>fX`>!{DGvS-7zMc8)qu;Im?)~q(ei-`0x&Lzf>&|~K{r77>Mt=P9#~qeR
z%djCsh7K7#44q85xx=g@#*G{?eE5h7W5(`1ZvXubJYfI*CQg*5xbr2ObMnNA_8AUm
zfw#E0_`v*G<ueQCxQmJl0ZCSFZtjTTBgT&$Ild4P%fg-h{CK}*^e{`EC7P3Evt*CX
z${C&Y<3pB-h^HA0_aOcmV#ygacxcwJY?NCv%953nlaoC-dvMO69LxY^=M1t89zA4|
zcTC05v9^Q#<BpnKIDf;%EvMbI&%Slf6(t@(#rDgx<YZ}(l43(p-sI7i?Ch*T+1WW_
z=IB9VCV49k9z3>i!^J<oY8jD}g_@W%+A_~_@eyBKal`7;cc1Ke?B?+s){cC4%0IT1
zf4Jk``;OXo$$6h&6dxS0N+$&->^S4#lEJ4xx8FbCKL5;ZzPkAMN0yxYEAKM}_T?wm
ze}4Ir+crr@EPmqj&y_oW_1CPcXB91d!g2i>$9{atUki?Wb@Q`}4|;SHqLlAF-1WtK
zQzQ3mpD=92#KXg5@BQnqHlOoW>q*m(nfkuFXz3T@2FZ7y{QJ6jwFi8A>FwX0{$lL*
zdEpP%ocp`&8xu{BZrZx~#zziVd;0o^?zm#@8CSO4^27yu4L$RwyN;W3;oylQ-ro92
z*?Cv(ZLi*Z+|6r0`0$Y<YF>N$lrOKn<?=DtkMO>~?fXhuI;HksKK~hC?X#ukrc0)8
zd-&q!mX_?(kG<A2`=pb;dhd?=4mxw);e$6Sb=57;{IT<!>vEMT*G+q((6a8fdHx-5
zZ`uCp{Y{q^J~?_v<gs@v&N_YmQIB4;&D(VQtK&DHo7i#sj=_(PdUb8+!J|j5820|}
zzP<X&Pa;jh*I(Q(v1ZiE->gpswwK@7l|Q>}^C!n$aeLnNe|l<D=`&Z&Kl=JfZ++AA
z&x^}X_;%*AZ=Ckom=9Z9gZb+s!#C}}{Ps8Y%ANTBJqNFO>-Ed4&VKo&VV_+jx!hUD
zZMi@DR}Xt*FPzZ)_VgKBttXCt?c1oO=DbtB`Qd<~FPiWA)7{_X-txjP%A3BJF=5%|
zOOL;y;hb{EqqDbsGxx>Ht(RZ%S;=ocxqQWI4?fX+_{@FBUHj?jvo86tY~9$>BW}Ow
zkTb{sI}!NBlJn~B{LSNE&wS)B#ruzOUe(oIzvc5K!!NtoF=yQOzrAtZM|U}0g)h{6
zuy(IEuKViayXE2oQc=&Q?XT8f^!bK`-)(;O&=*#H^TEn{XMHho_SWBDy86}iC2t(Q
z-RBuude&VNCmp|I{D@0u&3fkjnFl^RqvwUMhoAZKYP;8Q<P8r5w`@7;?=_!Q%^7j&
z1F7lD54vFTv#A?bpY}w>KhD4UmQeLq&Fi*Cs>fV+^O##_y?^2DPduA7?}ZyLwVeO)
ziIpSInYen%*gHz{3wJCybKCQE#~yp}oV>~YudY4iq3O%oV!qX1e&m0<@YrKcdS}a!
z_5XP2$xEMJ_vfZrPqZJG=XXs!>&nR+zF)PnRDS8>)XBfTXk-1b+8-Xzs+jfozi$8c
z^xK9z-8s2W-gHODN&k9q{Ysa2d+jUMTxsIi``(lGnz#AxTfRAL$Y+5uKUyXXIcUkb
zYgdgsGjPTyH8=jP`IzX6>wojh=9{M9eCy;9cV1MzA?L#Etf6zZ{BZEo4>pw_c=?GR
zoV=j>x+Bkie&!DUlK1wR`1$a4chA0U?b|clilgbFt<&r7Jn<;&(CF{3iq*bxUELdJ
zZ(s97;j6wSC;s;HYyW!Ifm?RGea5{7_rwpMI%mW9oA14L`u20`_C9dPG1tG`e&@-D
zMqhjI?Iq`aQ2$o`q(#3y^0f^Y9{%#w`(Isp<jGHmf3)<xvE{f4Urrsn{M#Gmo?5VX
zFh6p~Uy7@@-f~Oh!ynE1(X#B+F@FrXAO9$K{-{~^A9&4gkG$l%+{<2hVc+=KuccPp
zd*(TH*N<6r<D*|+v-FeW9@uv8$F8j_w$5C<bkku!Z2skgmu`7#$rsj_r!HQ3U+s0<
zCLA*6k0*XuH)QtMXFpkAdh~PGKYP!jjs7LCOes6_%fW4%j{bGzsClvTuYd8zsf)Ip
z_4IG||Misot;=sYHTN&ES3Y|>yl!62>&}-NTbh?z55M91B`;lj>d_baXa3{<D_)!W
z+GFkya%&ck&)F<La`gA7eLii;jk7L(dim9BUf42!M4P<$uqlO)J#qA+Y4axB|NV1s
z)Q=x_T<!XAx@Mhy^96wiZX5m41G7Eft^ah|?}prT*T`Qk+x+fZ@*@>3z87b{^RLOn
zz9<cE>3Qa$t8V&X!nqGU@|?TwqR4B5?|kCBrH5VkNyRfS-a6%ltrve?7`^@dOKw>H
z%E4DgE;?xY9fjlP-#2V-h3m?j7g}Duvgxhc%3l4UYuy)hw~RXYA9csg96b4!Lrxm}
zx4lc>=^o|UR<+~&*j0`%Jzs=7KN|o3flrV7aBu6Yx0UbvR{7EARXa9Rf03yDea(ia
z*T0@K>;9+XoBwggG1F(=|MKFR1HS#e%YWU}SKfDz9d-K62XFuNxQoBuG5fjg_y1^l
z{*HgXKDV=c|EAU>|9)rrqpwxH@$sBl?pYs&^KQEBksrRk<hr$gy=>Lub#2ubJX!Pl
zt<IHqzH{~P(5++dpEc-|zuh|ik$W1?+ULP1k1T!k(#t1rIQf-pkAMGd`HdIfyYbcS
z?^JaApFh3q_(acZ`(1nUUvButVSjFY<;=U>2T!Y;m_K3mSz}+>u(I*|$BM>%I{xFx
zA%8vgp?%Le^X#*04$es|3M;G6x4!Ykr>i&JepdO^Lvw?7-LZ7?DLeA>zhBw#%SC_M
z(QwG{U#wg@ddwGFb3e3B-nu;h#s^kkbH?U*n}74!+a(8h7RzTI|NI!`$RU>NJEt6d
z$&SZAKPR;Pj+OQ^&$870e$nm4-%Z(j;}@^}`JV0TE>3>8a^-Iy+sAd=QCpvQYQp=C
z3;tRE_&)nzeoWnIbzKwkA9&;ZZ*9N3;kerGPq<>$v*))2kDr)Kp0#nviWkrO%jAz<
zum9`ik5wPHPuq`{{a%`X`oa}Uer<W@+v`@om{mLF_T#o)HvQ;=&|620OnrXSF_t^p
zKRo4)KZjP#%De2o=e938sP6F}F1>KW<CnhYEPefe7lt^N<lj54?Cw7t=dql2+WlW$
zb4+BzT_^Q;|601kdB-W9Cm;XtfuTd^oWAL*j)T`X%<l~R;k@LXJLJ*N7d?OPrLT=V
zVf;VVy?FB$+uFKIUOOuE>Ls6b-&6X<vg;lgHE!#Ke_sB_Q};UT^Y;7xc)|8>H^?Qk
zE`90MXKxs){O*I{OTDT6jw-C(aY|wH4~OUHK0frquMYgzbqgOKw(jC@JCy5Q9MiCH
z!!xg)v2t6r>#C1B&V1v&o`08az2~9%wGThDWYig_o_fz!XI-?<4Ue_wRiAw8;GFFT
zKlbRj!ArJ1an;gWdg9v~54h~<Ne6gdfBx(TPB?JVLDyBzz4*1mSKhUy<f?I-%C8(h
z`I@J?{*S#c0ch&j{=Nx&KnR=ShL;GMU<AS<2n2zI%_2J@f=WmNL_!jiAfTdQ6I_a*
z;x2+>U8~~mQ(M3V_kvs9XwhO_Y898dyteYq+?#|1t3Lbu+yD1{j>O#DJLjC4GiT<`
znYs7;Mh@a6noiwT6uV@}hW53WuHUXM+?{)gpC7)KCtxhD{blT_(UI3>e{MW(HmBdj
z@lEDZr22lKq6@L^c(y;p+Hb)6+N0I$3dU`FdDoBIIQ~J&g5I{LOZ=>xJXiOQjj->u
z`1+oAd+11y+Z+G&4Np?H<KNesBnzv!)+5a3CS3V~aMH2j2WiZ`b2I;#+wjcui}~`5
z>gr{Oj?b96!2k4$#dj{nogZ3Mc`5OaQ5H4Hi^-3Ya~O**heYHTY>Jrdb!V2_;2ZIo
z=f_A|znOdgdX;^|;mHNP92Z!J#(mpzt=z2(kz2L3Z8_W4EBuMe&&2CP9R_zHocfW+
zrcSTu_@V#)J~v1aS8N)7k3D{SGJ65j1ofGpty{2Xn)SVF6O2bTGwYT<bIm$F*zLCK
z;@VNxmm*(pHk(+t;NfP@_%G)_*}V4r7cJ*6UHn&C{OBsj%QG4_#jH=Zyeo^?P&B$~
z7|pb~|4`oxlifGPIGsBEIAr|LEi0B?-$qdEF+1!ScgKJEz-CkFo<TP*91HPX5x2Ru
z?;5?3{Il-s2gycPMO&nIU48qy+^0?N*#FUZ$??CF@t*x37r5u6z5nCs>iPNo?@y9K
z!h*d#ISNF9ynsJJ1*am&Ohdz2B9SONJA1~A89F)&6O$qfi`iCIW&Qilqfiz&I8-`1
zE_Qcc>fy26$7fYwV0BPX?dZ{Uv9TNC<2NNIZ{={d^LX__;hrf|_Q~Z3rcXaqR8%y7
z{`^IY7Oh;lQla>!tnAymy1K1fx9-}t>(HS?#l?+t=N?_SuzB&~ldD#pt*JRzSJ%3A
z>!teo?|1LMdgxHw(W6ICpFZ8t@Z-gc7jN9S(bUv_=FIJumOB?O-fL@n*wN9^-u~#p
zg9jZQPaZt@?HNq3UcY|*PwV!B6V>5m4sepY4F7F`xQu<769+yOgg<jeg741b)<_HZ
z*!%WDkoG@ksc5`F-uOW;b6$?cX%WN{vC+jp@F^ZL_`qW`1YfWB(zC=q3MHLNW(D{?
zZ(G6)NRKG<8l>OMQ5{2>QNUq-IkFEzhGhWB7hH$~bTIAcvOt#JPMEO~@aR$|VFXK=
z*Aj_S^6>}1GYCM&)%_>!!EcmbRDz&Ku}!8FW*<Zd_`&kQe4*fj5^%aJL<{WW{ySc7
z8)doK;CF;4UT#Cg3b7${ms>MEYhoi=fS>PvYh()ez9|buAU%{Z@d$p+?iIF0fxvx2
z1ojDk!!Bfw;egN`HH}4vmX66McGMmzB@Z6GDztv>v3X`;i>Y><!3F)<Gi`PR)Rh)k
z1Qu6ZL3O!Jwy2q(p~PQtcEt$UEh`DC&|7N6lvrgPX)vP%`dM|hNGWE0onquI{_(6*
zD<?^(P3mLf*_9)+f4H&94IxpIY1J+gZZN@OjNb8}Wkmr<b;^<ZXAdqFj{DXtQ$ItY
zlNDf`bL`>3{t8x5rMuzl{pOanW!t?o7yh<o>C;=)#&Z8dTMwj{&So0M>5pGq8nCUu
z#jMu{_dgd_6L=|G{hum+M*7-3M;XzfgoUJ$Gj5;xW5mR7d^`<uIbM{KAHF;7t?%8U
z^Q4%(q^s+<fenofR?8ZvowHpwb<%IYymCC=tKeV*xzai<)OqiQyaH<Hi;0m|h8--q
zr=Fz1-+Qt3fQ0W)4nYt{LtR~>ui$bbVneqt&U|j<zDV5vbqHHwD4LyAz#gz{ps3Nj
zwO!0Gi94d#>zP$Uc~`G`|7itP%`FD3lF$}oi)%*_)9}ktI*X!$=M<TY3~xz7%*w__
zkxvcx=NsGK8bUDB*K2J=zBI2}C1xIIXfX-zdzC!b@!I9(tE)ZkOq`t-zoEiN|BOR=
z5UZ}Dp<GDWe`m)0xz-4gR##OST{M<QEUO~&k4#xUb#qHEhbt&G$blZzlvDlH=KGts
z#>k5ZL+!e5xA_ktORNHh6sHs#4Gn!>U|@UbSR2_XssWi};F3ZxA%?AR1VWHsqXTnO
zn*5o$3c(hGKPwt!{jM#qnd4L$<!{Kyb2;L_&emSn*!01&+Ui^74p&l!d1Y3RjlEt_
zCNi05rO}q4;3EcX^Q9GJ^OUh0rr&&CH8d~Bt_C4`KR-TXNx*=`ECWk=je^)Kyn?uV
zW}y8>vVQWx3S;6!Bb$`2V9(V-hpKw}8=LIe^5kpMG4j*tIj>hHW-$elXfnxv0J3Y%
z@xGKZoFA4W@dMbMYv;NT`&TW}Prj<c<R<gXM1)R{3pBLzuDF>VNL*IeO4MxtHkeVd
zb{4Ipt1SUBmY_Ohnh~McWFS?sI?IDmBMx9%A?_>#XLntlTPw=eeycnF%EUtBQ&+AM
zba*ooh$g&t)~-MMO}Id0M(Pe_g%XF@Ck#e*{Pgh9(;qJA>UgZmXrq~2L`56S8;?ww
z^L#OK%5P_B|L>}U%O?kZUr+n-dA#^h{^3<G><Rny@)l2GxuR&w^k1^`(|_mpLOfoP
zm+KaO*Xvb#px&PkC(0uZSvC;qJBVn@BZZ;W3A539g_rC*3&`_pbccpEk|K6U9}o)&
zfhh{J_66|^wzQjtwiEUn9@RNaY1%&8zi8c!lq9R#0{vboO|x|yNB3i0KCUS8udLf)
zzshm6QP*XM;yyFURL`i<m6Kh1OU!#Y8@Z%>71%I>vJBB>d)GD%S=c+QB#M%3cecxl
z@8)^ZsDwzk*ej!9N$JZJJ<F&yT`Lm${dy@Y#BiB{RJUwrk?ux0+bt<_V^QUxqkOM{
zbbnrXSy5-k*0kKhh_kv+k+uQF20D^kYvsokgI(*W!$%UXpRpeHCp{u<q3(~Zqurc$
zbXK6r(WXy{KdlV^VSTRk)x|nnZWDAA{&p7Qezf#3^0Row{=#rd!GuDqg68~IiaQ!$
zI8$$!SuxN@4Z+0dR?*D*ozdrY#xYuh&2QceB5X-IVP<u5wOO3G-9Y60i)x!eD`{sb
zexd%$rtR!nZ6GQatz68TVZjSq^|;xcB~4_H?);*pGc$w0zj$QXqLthH<%HDCc=9(6
z+isrSHPI?dL0FSmVSVE1B%{#uz_ognmO>et+=#F<Q*F2XaUuKl_{GBnI}v?)ds128
zl89NB|0>>n+wK>6O+Y`SWrcgY@2%E*hn~2{*IlijBj&C`Y#N5kW}12q3H<KP^WI21
z%{iHE9cud8LNR@Wv7vAKI{!0?yA{Jb;uj?u8tpA3+jyDy5px|Aj*`wJJ5B`kC$-H#
z!7Z?=QxGHSXuovI-4>n-(__gta||>0TKB!Xg&9pxGDnG3qB+^idm&Di#8YKE9?USj
zTJZh--j~1aI#=qO7DP`n%JZE`vNyCjUps5a?|y_1G<L*^UjoK;CY%gBI?Q8JqyN;J
z0z-B?(St%X9=mVsAr#@Wsh4#q6@)<jS{m&oEos<p@<dLZf%EVariCl}dhd;4y}TX!
z=!eUPhdeLOGkP*%jK1Pb@gIopsr6-{+e*nph|fmE9lKXlxnyaf_wLy0-J4vVx+Y12
zbN#njHM0B~z8_suQ)?D|?lL;$Qu*_c5K-0%vs)`2`&$`N{K$<9q#H-ii4G?WtQf{_
zv2I*!Lo@Vk30Nep&>6(DTC&Z1sa~(9<7O={71gU;14RvuW?N6k4!a;-Klg4-VFr2J
ziz8z_Ms>0n2VZram6Y#Vbtn9e_w`rjw)Cs&wR6rLgPlVCS9S#kdV#4$9ruq4mYg<9
ztGE&1kZ2INEybPbKRkOiG7nuAu*B#|ZPs#yuICl^fN?vxS9x0rPg&@kbbnUCss<gR
z9bxXAhM1*>b}LLD2OOe|u)Q&UZ;S)lkh3v&jpH?Bob5|R%&*+SeI4;S%dInzE5FdZ
z^3WmM%fB!p2N!3p8-1})Z9!n|b?$Nd?J-w-mpSV--QTac9=k_YUQLuF55C&q;dZym
zDCO76zJE06o0zt4H{UsEVxL_@x9o{L_-LJr;7_#C$f(KKi|l&g&py${%MgQ<PTp+E
z`u47ME+UJW=KbSlUy^neEHOy=z2AWb1u<jAddcHDCOf)a@7vzvFX>;)?EF{pX+0#s
z%;j!H?<;yf&xjl1bB-#k(c)n(BXUnnVP(x*RfFsq+y2ecHhP_Z|9b;%GZzRptuxs@
zZ-?!<GiRNeTo>BwjYA8(0%D@}y&j#r?CAWu$&+NO!^@*x7<*56hdm)Iw12EC9TfQd
ztB0vm&YvxxbKw3X+tMPV8?8ffDwpa_m6&Jt>$p@bk_FiGj{iD%VN-{BgYMXhqNkKZ
z{Q((>V#-s+&|glUuv_u-H)%EZigO*d94TJIwk%e>V#*BB<}rE$&g--$6c-Pz@YrhD
z{zrjfR@3}+MyZ~QVw#WrlGA;8T`XN@<)9ggqeEJL{$^mIO*Qx1QM>ITbscZD>(+;6
zIczIS+D6ws(>CzY=DNh*=HihB(OacDO|!|q{*$JiPvp9L6WZl{qDOEFkX0}IU+F4L
zL)~szA|+GIJH{6H<&Z0nWc%M7VYgJi;YBK;eTa^MtpVS237>eQx4Ao#X-tr2-<tX4
zG3Q*oIiua1WZ`2$Ad*VRu4u#q9mQya)YUBWHU~FC#f0aKK<Q9&BQFPy7lm3P-|3ih
ztg@JlS;nmy&+Etf82TU78THUIw4)vw^ir;49yxx0pDAVJ@2x1Q?zSm<@s2N}A4JOx
zB?OmtoiTR0BP)pIM~n8~wE3>T?ldzFLQf};eG>oEt<sUVnZLzN%H}#Ze6P6G#T`WF
z782_-$!^L0#+EMGU$Sze?a1HyCm$Oah&meAhj)HoTBH{}@8+m=TyOg9DaJbxX<c#5
zT`v+N@X=oKS2hvEs3gG&8#+<f%3*vvalm)>y1(wr=Rb}kaV!$3=JV3~-w4&s*f1w@
zV-i2$%iMZojJa;V9mqEYh$&jYZckXUpYfuU+^latNK$NIH#X10v%@QvZ~o<l6DZ%V
zz(X>cTQ>e|t0g6E(9ozNl2;Tlu{<WHJR`_<ZWW7|7H-)@VbyqLRQ1u*x2j(3#>}lW
zxb0qg%!5Vs-u;+rUPEvs>wKL+ZoS|!dwqnygl|=^voF;4T*kCW>X)<Dm2dBo6`Xxy
zMQ<UPMGeYmb#L#;H=Gh=8K4uwE`1aotCLu&cW>mZT?4%(4o{cPbM;KlX!YKEA=1d)
z(bAmwDr8PmN7dZ|hTPpZ^6v2KOOezIN%?`g#sZ&F^-H3IY=4TS6*ZF|$53?abow?B
z;u*{18wpgeaxXOGpe0w4H)~R}54l}7YNxEoJb=|cVg$>n7eQ*)89uBAnXLCEsZz(Z
zAx~hQ-O-9H`7M33bl}0eqX_a4i=B+kLy1nEM8^uksKUI}8*SYK2;<DH`$(v{0R%eP
z`rvb)UUpWu11pW9%V(UJ<Nm#G__C#kmr)B&I(9UZ{asevK2W&b%iH{tC8>)n*i2lk
zOK>~?lVZ4j+0=b=nE?w-*E^Z*F6~#AGw5=$Fk6&!j8?TX!K|LRZGXwG*4dVhYc7l(
z_2XTOgwi!SjXG{ObH8jZS$Wa2b`w8vN3DK=j@_vOR(6u@5F67JPA>xSk#2f2B_zRP
z#<g_k!UAMK%6L=4aNF^;O4&Ncr$j54`5ntCek&Mx#j^b4P8qtvtCr}{qb8WvL?Uua
zqjtoyhA^x~$N8njBCqwmqrWn06~6Z3+eIOl5&}*x^AGgrSv=DjI{PbKhE6Z`C<m8e
z(<YORpAj54r?``ei+gXhtYjb7-6-XxWb%lUE}IiJY;<bX8R4&U$g>aAWy2DKe{ZTG
zr4tB<&qw!!Kc`QW-m?D3<p{aiLI~aLB$WKOGT!(8H+<Qz$NHa(hui1%zfX~T9WXd*
zC5|5q>O_H9(cO69*+RKMBFv-a($PFxH{fV4>WJp45xMbTdhpd?Dy{oBKNrJfqEb{$
zD0DSHJSwg-2p^6X#1#toBDoqgNQM8R6o^Z5@biTs`}|105Es>tWaKLs$c22rF*sWR
zU+U|Op8=Qfcemk@gQ`ff3~|n+$-vO@YgC#K$;iP^tHwO>Bvm0NaZ{<&Xy|lMZPjbl
z5Z5M1$cKl4d0{*%Wg3O%G?gRFhR9OW0Jr?NF{9#)oSjj?0s|0A6AO8KDGJ{_1Q(_P
zGlWV8JOBqH2x9(Lp}8udFmv9!a^`8~%$=mwob(=brQyZ*byh2m<m-&<**8_p%Y&K}
zh~Nu@5V(p-flskhu;Md8iBJI#`@*C#DXtV$CYS~e+$ey~@g1ajIBA}m)J=<&`3}-)
zIO#MssTQRcS!%Xi4lxIDLT(11o2jN^DMvd#uze%32pA$alS$EPJ0F!Drg4Naz7JsU
z>x}CJs0g#jf4V3Cz4W&IA7$Xpk0RrJ<G-t`#~bl~-9Eqn{YjFq9Xpa0mlzd<Vxdr@
z;se9OSSV$<vvYzQ%h{P7$41A6#*GO_8BQ)}tXwMK%AK8qBH)Y6C`IFqj2t&7u{7N|
zF2*?*GGahV<>7D{M&`tm^I*5p8o!mpcLHC?6=(6`+vCa*7k27#Tr~u##vorVABN2U
z2ZF407(x~T0QTIlq@d1F2IH?egY%@YH0%|17|a7k^2FX<&wyaFoOC`N^#x@Xi_-mk
z9hfK{>sJXh2S#ZD3<E-?#0JHT4T_l*8yOsz5D*hYp`qaB<gBD4!7y2=d~o}cWplZF
znJg_^D9qD%AzrL}<ywZtBXROgm0~5vzk;RWEL8m#J(mMP(8M`1K6cme<)9f-ej1Yk
zW43GHoKXDK(Lt0q11zeCuQSJw1S6TicgJN=6>0{`fV$m;@PrH!IHB4F>V8j21*YqP
z4)129VF&nlBEb=Mp-E8uv{82<dlhqMbyI4OrT=uN`2Q%qW&9V4#gdOT{J(GfcX9RX
zIsf+<@p=FM(<JTT7)6x>vJ&SSngKQ{yfGT924jg|5EdE<#zg|z!6*u8=x8<!bCH?{
zgII90rSN67Jk{_b0b~wXz#;({x*2rT4H^L$wZH&Mf~QdX8G;%1V32Uea)OyZyz>9X
zeCvN(dQ1OT-WooRjQ8O`jCeEtrzhjH|NlwS8~xt_RW1iml=B|0Sez-~%P1rjVk<cB
z1iH6W3qV#oGng#NA!9X&J@EWhWJ(ZW9MIL_%@IXw0MZ_NQvFzBFs%`Y;OqvB2Y%kF
znS=u@7&RB-CW{0@<;nqcp&1zdI(C?g4ue1O(IhBW0wyD1j8ggT3?La!?C?QQ>W7um
zSI)y(=b|$qFC3}|uPSgYsYyv_YC3%LSIVSF`8>*m2{feuKc!*<xDbq4Ed|Uca~+ht
zo#nX3o#ogJNGV-=;svT4ES6@W7{WZ5qhggN`KG~hSr{lSlOhqzfJ4l|792Dtb)<Ni
za&f^MReHj>?+Y7&f@X1Yg?v%EJOjAuE-JSf9Ql!=I5Js|Sjy``CIP1@N@rT4%<?Wa
zTHd!TJ2gunS3BHM7;v?`XD%rp*o`_<4E77E23FUPG!~wgd84piShOZgo!#aLZYUIr
zgC8ALRX`&HEU+rWn<{4ER;y`IZwk>g?{vPr+q7voV>tcq$v75=Dj%zK8nh(f=7y$%
zg7Sg+FeoUOFBD2RJm`xsDIOG+B?2S#>)~u*wgb<@vdP6b?f~^abyRRq1yVcXhTcO;
zM8KH8B>~dCgL_CoTu?$lA|B;1IDqwGGTxwme?6jNBI6=ik>P)*E-KppKuTmx+~1M_
z=-$CSCMY^SC^l}=n4q}ONcIN_&?bF{3>fbVC^R_ogV?L7-p4sECLkg<9JJeq6~71V
zyIO!16BZTsH|({W?j78L5@Ql4#m2>iMTC41driW3w(yupEYM}_huMz?-TS!*u-P$x
zhdZQuKlcx|eGR&Ia1V%w7LXYAVXdmBdVjg&K_C1(<%V?c=N`rmiuhY<!3f{MpA`uP
zzlgXGSB)m&f51OHC?X^-^lwSPN#Bt1=Jdvo&5`r9=Wt9^EOX+4(^T4D-Au!>IO%-l
zj1ZD3m;aa)t!P!0HwoDSsWMb>p0+?3CK85SMB!9Hm?m?=T~#^6$Dk^2>m*cj!bb^{
z^Q9a)TrCvCJ3Gb6iRa`*!8uak)E4@+7*MM~gs}v?s5~0<ZZ+8q5v9r`KAQgnP8a}N
zH#2OCtTA2rA6X;Q@c$r6>PO<LojyGNo2#eW=lE}*B=u;2)f&J@mGL*?Ke~fcpWFWv
zq_?zxHyYnZknx`NA2&CTp6kCO+&(}5@oCcVkDExthpU6stKx`v2bXsu;W^?mdS2!6
z(*z>E4BOyR(ep)91yV7#)&q%H;w*T`=K)rHArFtkFP1=Za0iE>jDe4zoz)#2A6rI{
zk+ch?5(HSog&7Rn61!*fIou3XCIDHa*&-3V!RH9%87ewhax@5L(ICWj=5U5s!IfB-
zI6s+$&lRKzxLCy@+<=@fl7X_yoV0X=PdJ2ms5mVRl5(*8p*SbJRw%v}rab3FdY6{5
zy+XL7i5CmoXM{yl=>(gZfSFu2SDp=V4)Wkt$PQ-8mH~yPp%94x`e1Za#^<A1Vksn-
za|A*x$TiF;7GdxOTKkNuas_0|GsIGvH#(X#RRF3GlFgS&Iao~sL_ENYr9_dy+f+0D
zp=xh&1ggDdNKzV>CQ=0$nJ}aZS2a$p%Seb*>&EbAc%pb`RpL~9WD8e6Ev4FS)<AEi
zym?g%DfTa}_W*6BkYG*OxKUwSz<4-yRdZ`&JSgEQ@V)@2vY>mA@F{H$KNZe<nWzT9
z0!evICV<Ek7#b|dFdbWtoQ?vy@iAe*cCt7U3G4v;Tn@~KUC!djf$_tgb_yLkf%OhG
z5JS&u;CUn*DJKgPK~X(WLdnOj<kL|ScF-+bLyd2d?D*HBH3)l(P36e=xE64AsD$H-
zv)!__8tE^kPY2>*@#!dbkj<gw|7Bscfq`Lsc2!@d;zgjTija@Dv_K{ia`Iru&*IBu
z(8E!7GGOR3G3c$B0A=^&q40@18A&A#!%Lo|B&4dJI-_E_a7juB2UrH$?O#!n91@2+
zWDR%Vp$?(m4r9C>Vkc1W{7UFi9LW?eymElM;viESASMzYSfCWD4ESm?Wy7GD96E~m
zdQNcb4-jKz0crz(G#Zov+!`85T?J^+xCP=aCDb)GxPlf34UP!`$6hX8E=rAK|0xHw
zP&_Bjz({4$8us0-?SJ}C`@b{wnE$D8z(1;t_dWl`@Nj=4{=4Vr`QIl=J@DVLd#ac6
zp6UkvP**o^hO4(nk9#U9j)~%?g8>4ONDwSYKFK}~M`sUbqRPX-un1Qc69Ou^a&auz
z*!bY!uyHgTHya{+hC^sjEFT8T41Qy$AqFUhm4RVoBqt?zqhTjcNS=V5(LjfVrzo14
zRlwIhGAm)P-^j1Tvx87Y8Wb95|55}5vsP!9iQmYgar4#Sss*EpllbCQ#u2K+F-71i
z@y2!M#D!qgEEd!iD>ytLB$kE_7poPg&ZNeJ?x|TL9QJiMXgyV}Vj?4<lDQIfUJXz`
zZ3=BTT}iiG?MrG%S7{bRlIc-|f7;eRr#DlN@n301A6LeE#(!71Hq>MMXMDzg{WQth
zk>sczJRISq6U@QnN~cvW1|A}q^8t?yPEny-%gL6D!ITjAwL&rW)GQzh&lXHWL-``9
zU`jUh713bekn({$z!RfXVMdz2oX<^{a?+e6+1%k$f!HY(%z_<3u3Rv@D{=8WoET2P
zL6nO{0x=p3++qPrmBFvK5Qp$Za3LOB4S+?>5eR|LBbH{O9HC5%6%}Xe0y4XJ0gs9c
z?`j?-M`sdgut3BWW`lzIa^ZsqP8oh0r(|*-kka#%P>>4GK?rzQ`Ke+759MWNNvIGZ
z!4XZPLoh#7L?gkeC^m;qqf(Ta;Y?nRW&`&>9lGS)3}A494!ooZ%<0J@3SC6=QSKX1
zMNEc|k7(F1I8Daqw2&*8na-DUscAGHeC`V$b>T9ZL6N~=+?Vn>nLgb!cOcclEt^iE
zb7?;6%pxY!)rAIJ9Z9wvN~aD@77Yd5L`)YS6#7K@8ih_4<@+RyK*0cmeC-OSVKv69
z1Nne@i?k}PR0b2&M#2|S!BvVh6)-X~a&|<sKvzTIdFbIN5f-z=K);|#@N%XxnGx~f
z;oY@QQx*y|0ADJlQ!qpIhN~P9*$U%DQPxueGKi%>r1CdES0JY{uph8?N@%R<TABid
z0-lYdGi(JlAy&sUy6R^dS16Y8q4F_KJv7440#e?g5S1jXdSE^jJ_&Z4)NHueLk*{E
zlG1=l(Bbnl;xsBaq|uXs+m%eAF`1z0AS{>!IC4Tjgu38=G#|`*z(1_)`S9K^2M()1
zM1=<&X*!p#EEPDOnlwSXNY1dg1MRDOGzUJRp04g!sd@Og0R3ZjBo6Y<4vWLpg=s^@
zX}anJtRxic>)PFfm^xvf646~$O#_uiVPYpK%Cm2@5v+p1r)P7i`s7gc^ZKg2HV(=H
z8O30z$bxWeaG7N)N5}_Uzz75D1}IeJRQ5Ij=xwOL7nT@&gI?F&T-xmgWdOy$zd=yg
zBABuT6KL9n?^fGerQ_X8Nlq8MJ2R$4?Yx@3IA0}A`P!0;&tJR1J?{VVNgA{IkF@;%
z-uu6sYtQ&^BV0XQKHvX8MFO2$d7p$x=olg_-ld?~;mfefh21DAU&4_p*XSXntxSEF
zg^Rl^IF@7UFWEA@b4vMqd?^m%+seEl5BQ*{Sd<38hyTU?fDEOo7WCoB#ph<iafqJ=
zm!P3kC`&1Yrep_96fW|i!!<9et_f0=*H{`?;6-Y89b_5eY#|SOY7>ki&NO8Xw#J5p
zYVkaWpV|X)7s`y{q{D~bMHt8>n7UvKvLuZa>o@uo=46lThFJE5PPVIuH^ZfeldWzX
z23}a@@-0-H2LslSi6&_}t`jCGb11a}GQk{bzq$K5t{K&Jm8%S{V>0n)CA#-4@TEuP
zx+MO_5=!L>K_h{w7MPmQy4eC66;J3JD>?SWE!NVc76dRxta0Kk420rzEwtkB$PjH(
zZ~`Y)Cai(QX&MHJYOU%kYoK02<>yL3lSTopQ=z8ln9^zL2SzYRXD0r5hyaI7#Y_M@
zn2F(ps-KQl=7nEQa8WeP$tfwxc@(q+A5ccsqtIH}piHf7nx~vqhJ;Zo2Y5(Ff}H-k
zCM<PTXx%g#QlJF9`EVxi<!t2|umIGHI!TGMOviymfk{$mswzq#R8>0PNm&C8)v4`}
zt~6SjMs}`Ne!PHc!=$OfOtEPlB`yQQSXGTqaHcPV`%roK`nbAGc<KM?QT6|xq;dbx
zkn_Y`+5f;JKp+16hnu^r=jZ1?K1F)7{XZ)7Czk%k^FOXGZlBx#Q>4Fce{g#h|Mzj9
zRq5UHe};=I;|=^*@Z<CR|5KzM@t>tw{O4&1l5b!z)5vI+SS+40Wy;j4Q>RUvHfz=_
z0zsjxTVQBdWNch)YFcP!R$^*8+uXdQckfbj^D=AexqbW2?bmPqz=87y4*b&2uH3<4
z0fkcG;801UEu_;Id3Y>kFseK}mNOX3yuDX=d#@TbYIR`X8aBH+Ft7#-BE2p&v@Se+
z-Iy`!qoOv%#eEeWy)hwSOJd^Y@#D89CvTZJ@#~b7?ObksdV0M;uxs+<U1IS*p>X$<
zDf^~QJt&tS$jdu8efr^9v%Z}<^KfBdVM$3zSy@?md3i-eMO9VR%9SfuuU@TCd|O*v
zyMF!pO`A4-{q@(ocJ11?Z{L9f2M!-TTvXIpTG}*c&XIZZj+K`muc&BVxbQ?()v4vn
zPcL77X3d)KYHPn+yS8=x`T-Oq>)Z32HeJ}X>EhR4U*5j``}%tDcV*9>YX=Xu9Xix@
z<j9fc=H^qUPMtY(rlH}-^XJcBx^(Hvl`Cy+ZH<lX&CNeGH+P&o*>URB?Q`dTZfUu5
z;ljO3m+oJ=^2@br58B!u-n@D9_U+s4?T_x?zyI*z!&|pHfByOD-Mdfk-Fx=%;q%9j
zA9r@X`0cmfo<4o`;>GW;UcLJL_dl_?&!5wOo78ci5yRKWP@}iSeYSC%eB(s@y5<Ea
zYwm!sopmP{QDZkJpWM0r^imh@sa0W?wRI~ONiOfUnG;>>J=?HfzoXQc(P2LQ`wa{Y
zDTvjLH4F}jsyk5`U~9hIPRi0Z9X7e25qrh%n!(<&3(-XHIpzZbN=)jrevgf?4%QjS
zSRRw^bd>3e8XEd9+o2%&5UV^+=muEOWKP}-3y;#O$||Os7`mhoioRRZM<|l4-#Qo=
zzLa-S-;~WBOw6@yS-$t~Ig=6JD%{;HRt*l13(i{<RauH02pYD1!gZO#+O^Flnyi<3
zifS}}|6`v`dQbFDA9-DxPHqS}w=`<)s<e|Cq(Z9RVN@K^wO4wZc!eGz2;I{V($A&O
zMA_-9LmG@6N4l2G^0Bj?Ez~g`Hz_Nph8+@L^1$<?F_ArPO>u|O6x*<v0c5=#kD#>y
zrMA6oZWas~xwd#fpL=yJV|ZiOp*p+AP=6>TW>jz!S*G?U2bT@7IAK@j8`Ck){5MYj
z0>7DF{(1|@VHNf>E9{C*>?KhJI=yE6?5{VV0xcqQUotut8NOn0s%%sH##nC)Tl|w<
z$_a7`hiKUHQ%!;C@kD)B#gr47z7a;YtBItR#?|^{&sIuGT?@k5TcTe*uf1f1qSmCY
zvxE}tc#$xV82Il^$m^DT_A!FHAA89lpD41Trh4knw^p6XA2AuRxZB?R<)SMtKjv3l
z4xT8GjAu6!DuX&oO>`yCGZtKT9mXkMARWRQM5=AvoG*6@K@QjkrM9u=c2xX|n9R6F
z-!Hp0;yyAGT^MC}XD=1ab2-Gm+{Z#PcKf<}#9!{Gk>v!3fHcF30Y`{^8l1ie9k{lz
z$z~LNN9j4ylET!Hl&T{$Or1ljdk?IieJdbzd1Yr4<<5;;`PD{fK;OaTdzx}?{M%cC
z_~h!A5P$KoFRpoBzExHg)Mt2unSL0hsA<7kpCn{lj&3s{+pEr_)$WV0_bRFj#%|B=
zIM$F9Fv0%Drj12>$?Vr5C8#8kwP2P1vuni{?qrH)6TSOqbu356Zk{`?wJ}ZMiU#&c
zoW?G-bnElX(1_m0X_~BPWK^IjJNa>u$pB%Rdme=zC>zA(O)2S}Mji2Zbj7kA5ALp=
z*W2IV|Fm}=P*G(2y07Zo&_E}k$vFqf&;)665@=e2ASgKrNDd0xL=jOk3Mv^1A_58m
z3IZYs3KA6o8N`67qX?o1j$CloJ7><Bxp(fl>%8;cS+{?z#rjt5+7<TRwX3>n@Bin#
zzCTm+$cqumiB>p8|5eTOr)=i?mvmGI%5a%RgBp04DU)Fi=b=X$#z*lq9n7(~;frWj
zkpHHS+z4BfB0rr~mW%dT-!vY#v5`a=f}Qc|l(S4gt%aTGWm?aY<Si9CI&U)pm^KHp
zxU%SZplIGe>AR&;p@e$`V@wu+6F0;Qy7Dg@Mi#GljtHeS089D`>dCi25L25<<WH4_
z9SBJNK2=VGQ!A^?d`pjgVxnNVLt#>`qIf1>sKI9nT@M^JfeL5DkoH|*A_ao5^?Ci-
zE|qjtnIGD*yG@d0xQXgwWq&gN0agM@(I`WSV@|f+>NA#6ybQ@WkD|3>+u<m{mpRMA
z%(SaahAEwrLX0=c>_NQxY7Piyn%(7HlIHAY5}`FYY~EY$Ic=!V>T8H%k{uXOYdIXt
zj;;*s5&;OQhFDZIr~aprTKkPrN_P5l(RU?1j!Y%`%rOQjqWW-tY0)_5w@w1Ljf$Bm
zS5v=ly5Ym9<_W}ShjBKLSmFu_LmED-tN$3tbi{eROfl!kyr^GM0z0Vz0h_;@n{vy3
zz3W%B8e#rUeEtEs`*VStP^hGcVQeDj(iK^9tf53TA`^@;hDjZyWAEGxgT}YO!SLl&
zQEloTKlhNh-AojMc44MTKuJZXk|&a+aUvzu&>T~aS55S(RA~AXoim~b*&@?*c)jqh
z`^wEes%q*Y{A`@H**IMXWmlq~Rq^VjQJZVVkFR`kNSOr$7m&6hv^?@m?;8V5d=f8r
zFRV_b@YxY^bNzw|#C?kP6;YPTrLt0yA_^L4MqxEYyDlN)4H52xY6b^D-0=}8EbX)1
zTX+e~yIM#OqL-BP^io1uBi);20VSF=Ar!0tabp{mG=a+iuGsJQge6BF_B@Hm$DnfI
z?v$imbT?)lNib&LlnCOrypU0YtwHVl1DDXZ4lhprEb4vVxM6V8HyI>$JTlgd6o#Sg
zqD^@c$}?3Zo5`bja)Fgns$FBMwn0Z{)-W|G$=cqf5*G})QVNZxYNI;kF3UM>nikzE
zWMi7I8x`dzTHdLQYJbb(Y8a!Y$9dPG(_iEv=R_JV-TvzBvC8^D1GV|<TuL`n8cVwF
zUF*t@UcZPt(vbQX0WwibnxSd*(?4<5fU)xk`zZ)#p=+Yu#RzTCH^ew4`=Da%x!p<!
z4okr4h`Eug-8V)J@_kEogRPYG{%eV-Gw)=#jGKjQOnbiTtC<Z+GOrtLkmqxZR*~_u
z^IF$?AqLLNj}OBE-&dFKDDmjSRb@n3ZQ}w{E5Df<^gTI&)3k5OX9svLnBe_M5H|V<
zJlApoo5NQCC{$xbHAaO3ec$T^PkV3auXn5sWKaYHTQ#j0hPBn+gvXtI3I;#ZR-_0I
zgkQvpn&O(#f_1|BKRa#86(%?3UsGEO@F@$S%W49YSR@sAigp_|PNaXt;?W{6Y=n|C
zA#M_lwFzl`L+{pXuKT%^G|p{kL9n1GM^-8jmw#Z@{$MmLI53$60XJt*#T}PkZ`BTs
zUPIit5;CO0W8s<~xSs;dO9r}*h6pj~*Cl+v&GLL#&;CHLKh#J3K*z$Ecu2S?b4Mvg
zjnxMxwHdH>O`vE6{e<VSi`K_H<7Ehca5t-|UK(4YBt5Y<sX4b}Xuu^e6y3<%m*5^x
z+Hkdjvg*wnAL<HGS4t(w!Rjq67ly08`JQBkA){HdqmWIhI{V_;aK(|Eu(vopUdmZY
zV9yDj?{8B3+JD~1ak}Fvmy`9b9*k~uH|iD&=uMO?c_ouXFr35wEbGZej=OQ$=s{#W
zs^~JyzKM>vc`wXJUd(s};sgS_c=fG|N(`wS@+b}~k?9~LmGu5Kmy6(a{aAdJKqlgq
zaY!SxAqMCgsyd?^_AQAn)LDFwC;dCUPQ*B8S-Gfl{UH0|c)2>Dtie`~w&K|R`~juy
zgGTmRK&L6On}raPw4Ws*_0$dXzD9LPh_BJ88bUVAY$KldR$U5GYOL^zw;+jVA51S^
z1CkoBiLS83&$#_!4oZEXs<(%*MgkE4ufGVFpVWf_fLl3zRR}bkfCCg@1`qJh`=MR{
z2P;DOyi7z!k#@E!OUcAj)Fk8RBqI_!GSl#t8}XPRWRnKoMxfiF;gC$k;zy{qup}oI
zwvt3dkQ}b-1;{;1Am#6GjPPy}1*u}#V-1L?OtJ$72I-E5bVZqFp(48wM>EM$fNu^K
zX}_#Cj{{Vx`0vRj&ghTG)4~znudsFbhYdZkO4UA>AMaMf%6TXNk`0d9EdWb{qOc+o
z*$}@%fLVVArGp_-BWd;PY4z0*YN`N7CY;{IlTAnYmp~H6K<N^Q(u68x8BBwqvjKFH
z0zyns5=wy;+(8uU^SdPm?d>{>iHAKmwAv+Ro;-GXZv8YSk(X;8<P#*-;U!7RB$g6T
zpbI?ju6SJ(6et1rRe>%iurw-+>m%aCT`YOgX_O=lkvi7*#p?BxT-hg)<WQHg_%oe&
zz^V$HUIL`~;!J`Am`CFez$xs;jvXp-0`9wBbX#JC;I);wv|el`pzzKv*3wI7$@9CB
z==g4dU`uosjC2xzY#9ihG;et+Coay-Mv-?Wq90A+G}MoFRw%oQDV*>OlTkGFUCo)C
zR4QImqAuYq=*Pb)qa76TdLxY9PfAHA+et~upc{@;RO3mX6~-rwOYuPXJtIPawLlik
zVgzei3a1h%aW4+A6u|wPVWtZBxSX7?b_kfOq5}F*-plMZBfz7?-Y(NZR1Zl%d+<mJ
z=-O{fOfnkI0@?9)gn>L2y`=6(IUqtCPvZgSA=RPYIaHL%03KDIP}HWs)_nxq;KnVC
z_3>28p`(<rlBl*qw-_@B78<yI-gq9?B8&}bNaySExcw<-4KFGD9qWVDgBQf$6X^g|
z0p~}#IOAosckJAmY@VA5jszV1_#!?b6R-wwWOt+r0Nxai<9i|;O#rYID6a&LN(T}E
zLPW4Xu@vRHUHOg0tvK#ArP4AbSqK11FT<aU<KBmq+<uY=DMfh$FtK@~lh<V8vt1JO
zK`{X4t#Go*5u3bxQNUceXdLNX0@tNO73U$cU65VDP+huK+&+8N4Xh3Q9H*G6q7zod
zoDdicSX0ldmk~Tib*w+Zn7U%LgizyI!CoOk#=xab9GXg%^NP3dj;gr5Bp+}D8|+#r
zheP{+y#yUapj=^xDV3LCNF%Csq;wW76F8ERg14i>m;~Vw+||%-R8=y5F9lxHTg@s2
zH=9RTOXHHM@MlIfBt4|HD-0bBbKbyaVQZPTv%IMxDWZ;QViW1GJy`f&`lTEy(vAYR
zX@K#+IYJvj6b#misKBXRFq2Hz6KQ9yuysAtb;BEVBivWU-ryJ!r2pUX$M66C&t&R<
z&OZL+{hzX``tRTWsWak#{!7@J+L{Nj=Ei2mz>Y<=>GmJ6wSd`YW?--r17&AG7qDYp
zjWONh7jzhc1%SYy@KBnGzTiGbCqd*e00Gbd0#Mw(i+h9xTkbX9@%aMGj0^<BwpaSw
zeSLoPtCQHcoGEp?#Q!mH9>JmE002_AwX&yIn8&tG+SUP4;lVr0m$x<1{m_nv?6`Ol
zL$?obTa$LQ&#zkc$2z}i%8vF74D#I8JI5UC8R)sAd$)CJWQ5nYhVI$cDUp6&QQLZA
zTZ;xn1p003^_{$dUT$Fk0K@Do5BKu$-PSt|787bqGuYPJ0D!{y{6@R~M(@Nh-Z`ni
zo&TmtCTj?qdPN0zg@?;gcfOK_dhSen40a2O0f1l6`3Lx&vK8DeWHm*ynwp%Fyy9;P
z>c33<Z?aRjzp7Q6A9V(DJoxLfKU(i_831UkZI?~vUzfQT0Kko803c2Ob(v@h0I+S>
zTg$`WoDauNd-+WeQ9mya`JDp&3xB%8e}mubPkv`}e<_}wu^vAL73`GTPB5>Xu&lvu
z9y<d^{;m=Kk2C)9amdoVyuEf}BYFwiZ@03YVKWAYgFO9ye7E-t`p+uyf0*s>__bYc
zL#X%;5D&@&*oQ;_`tt(-Mqmb@&PCfP;9u%(5858sx$+zY7JqH`KLCHfRY=Cpzc4?a
zANdSuwmVZ?BY#c%VXg-Um;g3_2yg-XfCwN7$N@@#`u6>w0vG}2+s{_EfFp1K@Bn;)
zKp+%|0%C!9AO$!DWCD3WAy5od05w28&;;B7ZUNmuA8;QS0VaVNU><l0yakql&%ow(
zM}`DhKmy1G3V>pu45$QZfV)8>a1TfW9YI&n2Mhuuz*sO5JOyThg<vUI12%$fU^h4b
zj)G6XXW$aJ0&YN{5DbI};e&`nc0n{CdJqeUEyM-l0||i~fh0lBK+ZwRAa#%yNH^p@
zWD+tDc?(&C0#Ifs2UG|u2i1TYK&_!pP;Y1`^cXY^nh!05)<fH&{m^mfJoFv(D+~c6
zzyx7(FfEuV%ns%O3xOSjrNatg)vy*=FKit447LpW4rhV$!e!u^a5MNmxDPxEo&wK@
zUxGKo@4_eHFX5jN2m}X00-=sDMK~h-5l0c}h>M7;h%Uq^;yGdsi9~WCWso{ZYor@8
z9GQYFK-M8|Bgc?0k?SaClmJQzWsGt{1)&m9`KVe{Cu$6}h}uMB(PC&#v^Clj9fQt5
zSD@R`5795tn@l(+2__vTTPA;|c&2kq^-On}W|>x*nVE%|$;>v)e#~^{bIc9Q_n4nC
zf5qT2(ij7bGbRFa22+LU!aTvOvaqm-vrt%^Si)J(u+*^JVVPrDXC<)8vzoDbvL0tW
z&)UK|#`>NO%_hdC$99122wOheHMWOr@33gBIMx8`hCPNok8Q&~#;)NAI7OT_E)bWF
ztHllAUgME?al8@U6Q6`H$KSy}CqM}z1OtKxA(2o)xJ!6RL=Yv2W<-DDDdH94Fmah3
z&#uC5&mPTwp1p&8o&(Au&SAz8z>&ex#PNt@gOiU_kJF3uBxgP680Qxf4~atZBBhb8
zk|s$TT!LIiT!*-_xNdMg<%V%fbK7u7aTjsl<$lLQ<k8~s;7Q|Y;+f`!@JjR2c#ray
z^FH8R<KyQu;S1&~;Jd^3j-P{{!tc+Y%iqbrBtQ_@E#N1RD{x!jjUc<Ao?w9BIl*4R
zWg%W6Q=tf<QlVj?O<@UPJK+T3tHMu3m_#&0yhU<FdPJ5*1w<`HV?{5EPK%+%G{k(x
z&WiPmeG!)scMv}zenb4V1WCe7;)uj$iCIY&NnObh$uh|aDTI`U)FG*hQX|q3X;o=o
z>GRSLWgs$YGJY}_WkzM;vSisH*)rM3au_*1xk$Ooa?j*B<oC!Y$ls8Eze{wN)2^&t
z{ky&^s44^~R4B|S;uXym6BOGOSCpicJe1BWO(?S{8!I1IZdLxMBBSD^Qlv7aN>H^_
zJ)zp8`iq*nTBusR+LF4cx~uvH^~V}S4XQ@E#yv8etWQ2pzD543siqmO*`)bFOHS*M
zR;|`+Z3%5J?F#MZI>I_`I;A@Ey9IZ<?k?FquPdbMrdy`FKoOyMQZ7*z^`!Lt_3HHA
z>nrGo>No3uG0-%KGw3pe8k!iU84erajqHpHjpmGnjeU$S8!wxvnjAIhGKHI3m}Z$i
zHsdq%Fsm_JHdi-~Gw-#)SnRbZv{=|9y(e@}yCuZZ+%m^<)=JDO$m)hQU~OidWBrsW
zK@Fkav_aTVZO+@gqAAj1Y5jW%dk^ld-TT>A-!{W`#!k{M!mh`j&EDC*#{P?gp+mOA
z{JvfL;`ZHl<aYFPY;{69**jfwTH9~5KX3m_XI1AE=SMCQF3~On2e=Oe9OyX6cF^tM
zHCMQ+gKMqpH#cjyGPgB%GxrPb%N_<EXFc9}Qap1#m%Mbmvb`3)b-c5^U;F6z<oGQ4
z>iXvUzVkEiEA;#5Z|Yy{|K*VNp{he$0S*CI15tslfo(zfphH2uhxrdjA07>s2~G)~
z577+C3t0}e2)z^rhPi~bh7-3RrXEB{MkGf(i`*S~K5{+EKI&RDE;=asL5y_F$(Y3>
z#z!iT!j5_z?THnNjgNg6rx#ax3_Rw3tmnAM@ucG~=_d5*c&7M6@k0p;3E2ss5*-rT
zllYS8Nzao_k}s#Qri7+EKB0A@I2D%ampXh>`DDS#?`fWCgQpZu<)8YN?vXxtTJiL`
z(_3e}&kSd%WfWy1GJ`T7W$9*BXXCPuWIxZb%xTFL%uUPvly@+1AYUcF_$<@eh_mzO
z_MB@i5G}|o_*Up!IC)<G{M8G*7fxRIa?$hRSP`YDzL>B0RPjcMU&&OdNoh-&cv*fq
zqCB$vRfT;;f2Brc%_Z(jr!M_c6;w4}O{?y$QLm|~<*m)Q47nU}d8y91ZsdyLmDYN>
z`qHZ$S5Gwn4G|4*8eJP7HCZ(ET+_H#e_ibQg=Ru?S_{|`)3SWS_r`pyW9w*}d0S7r
zR(tbJ`I}X@gl?VhVDHH2Wa>=n+`4___F7kP*Sl_??&m!RduHzJyED;i(>r|E;_kgZ
z<Gwrndi}TW>D;?DpgGVss4;lszS{kk2dWR6hg64}ht-B#9;!cV9U+gjk7|#0j_Hnd
zj~kBnO_)vGpR}4BePs7&>ap|V`6<t-*G~eTe4LJ)-khP&!e`T-VxQ*E@y?a~B=ytP
zdA0eDXNJ!nEbLvFdG7K2?TfG%-(DuYVtJLnD6m-bTIuzzCF7-$H~Zhbd>j0B^Igi%
zxSub)mwbQy1Lebm<$cR9KZbtXT1j8!TCMt|@~LNyx;FPY@bl)Ev~{la>aQAK`!^gm
z7B{25A-|pbMe3LK?-t)@w*t4ewq^hW0EIvx5pdM@oe7ObF=2=-7-nV+7oNaI<l`3L
z=i}z(6%>`15EPab;pLT7my+EH2c#k(LDtbw(w0|NQQFxEh(@C^%oq|23rT6avsC(r
z+3EstD1Zh8K|x^vf&-yAaH|*K-F~Kl@B9w>3kU!TgCju{WII(A3xH546at69p)lx=
z2OtO(2EcI$Aw|3%k|1p3MvNCx(hn(h&uV1npp7brc5i3n1_3DeHyiym8)7?61P4GM
zAPfS5{x%T@!wV_u*}w@(A*EZ>00s(fA0iY7=mMq3Rxe$3P<wel=3Wyi#F6Et=!X`a
zrJ2s#@f_v_E5*TZ4<^BM53ZRU8&!DrDEFs@!rYdFv|v)7`I+O2!wQm?r}nN?n%{^M
zJZ3tWy%N@b`~_G`R<;<Fs?SM!TlPYMKArZ^l+qu!-BZ508@2jMJg{Se3uVO{8$jrM
zaXjtpGw*bnMDay=Ws6lJ%<I;f5}GcR|7&^cM)u_4R^5Qt`_5gQI1=jIA6Mhh(8uqX
z?cdvW$uXzO{rcc}R%CAD&1BIFa9+$p%{$G4YBou;wB#no*GqlJtY;T8*6OZT;_ESr
zi!GZ5UV<6aUk<wEd}c4QZY+~&xm)Vu?heULs@tWNp8ok&+igm&Q!M;Q7|qOm_)g^d
z6?B;B73o1G!0Cpr+ss1I#B`T)xzc^yOyIqjdU@IU@%@)u6rEeANonUoXR>GD{n%+o
zzn%oF6>9O~*V?LgfzF;!C%HrSVIQyiM|e!=G(<^g`J}x|zSJsKKk^_>ZMa%Lp<d|O
zdd#O%os(ZR9?oTb#4mY!drCM3GRN^*w$8Dlc^5lu_C0%AX_Wu?5$a>HpqxCIT+{_Q
zepm7E_(_)q8TA^bQ@Gi$L4b8Z#`-sY<yDuPBe&Mk*T*?^oLAMk_EcJ=T(v!`Bh{}}
zw7z@Npr-QDN7dAKl~%JogD$Ze9K^ciY;xI>rV~N!SZnctT+;VY4^Hy}T6^li7mdE3
zRQT|+)lt!Vi&o5;D@vubiJPYzbl=>Rl~WqGe(lIQcjfcjTV5*s5kb4+CZ_imuY?$H
zq&;*Uw_ks4*GXRG)v75ecbN89or|3~xQj(C?<TKM$_xopP9_g8Y6#p_j~V~Mocq{8
zQc;S2wcE3(DE__mM<Z=ad3S`2CFQ)x!-xiltU<jGg|*lH%s#s~)dZU1uQcJC$%_|S
z2OomE;|=9N;oDONEN6Kg%n5C(5=t|Mxh-R~q@+@9F%h@Vbs4=fdwdQbbXa@iwxE=h
znEt#7;s2rce)*8o6KC?EZ?c%19B*EgNXVwWotoF9w-IMf6d&1(qJA3y^~eLiw0@Vl
z!7M8eMc;31JCy!QkH4Lq;skYy2`$J=xcy3yRX6R{_4T8Oj~@6ffD1t}Kj&yq%=O55
zXWj6#OJa~!eJYPjqfAq?2&TQ*EChN10wT4GzS#`*IO_;ho_c-8F!~BTe@tV>&HNQR
z?+UZiEv*}l3+nP=QqH|KGPL$n@l42|i`9pzb603{`4jsFm8K7xpE|u#_aaZAXl5a&
zQ=ua`R$M!T)YMrgGjW#2CV)t+f9%_S#x-cRXTkj3>%Gq;giKD;XG1Q;J{IqqwxFLG
z3fKZ-=8BTJ*2D>xU$5@YRABRz2yFXF#jNJ~_5F9>khg$6nfN<?@&j+s`dD(8z~$5Q
zvMcC{sd0|r{MiVr&fK%Kdb~+P|Ch@a?~=P)I^W9GSk-8lTErdwmd4XlUi83xmFcm#
zsoibrl@_i8_&cYTXb3IB!*~8_38VE7J4}wanNNvo=B~kg;u1~-#_Jv~te<QUHz~>+
zI?Z=NRHDZ6dM5g(!&4uJ0-SWMpUOVk@9tv36nnMa{83$I!UZ>t4_%jL#b@uyzeZb|
zlAvi`eF>XcE7Il-<kBI_+I{0i`WPQC)1#tF_XZP8q;<KvHb>|7l2FN1|Me(xe$#o6
z?i;u_-CDag{FkLKA{uY9@a#!@`OK?N&;8(}#`9l9P^)SIMKQya>c($e=X(1_<!Qx%
zv+(x84U3}}-sufbHj9qelzvePYF#Y5YB^<76<AD}Xj3BT-$w1$ldEbn2Bxc=pWV=$
z{ubr5O1qA=`9Mq7fQwu|kPiQuP3?I!R<6ZprtomJ)Y`7qfXFwbMS&sW5*yR>4IPeW
zItc}4QXyumq0|!VkRku4P;%E$aN38qL>Y3|V^eGXuO)JBSH!0l<q6pACYy;9#L_P_
zTB8$PTfkV`r>DCkb@-gU>F?Wh`e%*i-fENO$!`M08gKM{`%-qr@kNEbsgsY{`TN#S
zn`Q0VpVu<`H50nXu#BIZNqrsr^Voat)7ARRD@8)iOx2|<E_lsNzG|4Bc&-=iHkPfK
z5*jnhUDx!}RnDVNyr*(+%G*fOcqO>B@(5EQcKZwODHE4TZvzj!Nb2P{o133+Z37K8
z2?%p2WSU!Dc8F`u(-C(?d){ob5XqR4kl3`d<uMtVu|2@dX=j1MuhyWKm_%wUB^tUN
zF6X4_rlo#dQ03oc>Xn-^h7Y47fci+$gtD1|m9u^mZFZ8mc>t}%q*Y}@l<mms?30cO
zr_%5ZJG;~O*yV1-*9<=3THJ5=Y3~3#Uu7aKix$Nt(LGoARruo7Wa{S0OZE>7-91xy
z!^88AAgm?}eiC`}bnlDGduGY(K3f3yBmHb+EAtb;^RHLzCPAubYjR74OoD>nvtuj~
zD~*Xjo9|M_+!H@5vRK9K(Fqd@ZQxt^g^+>rSF&nP`Nt7b<`SJm&0E)!cL7;hU7s%}
z28P^Bk5PP~HY3}XvFrZ8Qa2K*ogG(w$j0ARKhon`L3sO&7j8^>th0QU<s|8Y(_~YT
zup_N(Hr{W#>|=C?+UlMw-B@A`*Qd%mnXE@wd~e@5Kk+rhOO;&yX!_w*WZ1>m%od6f
z-0@1(nG7YDZ?O{S0px|x0>4}_9zZ#jemxX+WfE^|95OtcW7lFPSN-Nt?%b=G?`kz2
zz53L<!{*qW%*>AJykhpN_k6|7&NRcJ6E^qyiE#6l!D@@^F~Jl2`74Hm_;)=W%kMrZ
zAVj%hu)B0N*6wDJYBe!Vr-~$U`9Ty}z|E00vOaNdety+_+2qX2qJ-<wlU{Lq$~^rP
zb4%aa51L!gg#A+8$99tYfKv}H6exP5Pu~LAUwmpcVc*SLS=w7v9>1@C{q=5-Zl`z2
z865oglXtWCs9)sRYbCmjzp|t`Z%S5uS>4|08C=n@G2IiKo#(->#+K$VWdROIXU>Jv
zmWGdgOY8ciZjm1DTU2!JR$uI~49fk&+{H=TF^R;iNyl%x_!8$_><8y4#hgbbR&nt)
zR{k1`$CX89?GBAu29I{8y_v}qwd(MXXOYfeH?_SzGJQsQ3kWAZeR_H5Da)P}g;$Un
z2{Dl^z^##dH}Yuai#eWF&RHg_DN@(w-oBUqh8a2-L9O%%SbXyl_N8eTW^%ty#o13v
zfqf#%FO_mjb=fDazt^%IsK|I<>*jPieWkW+%wlA0a-!Ya&OA^0QEXQYt<stBI?Spn
z(L7H^inX6dLVMg_rG_Ryc>kk`lf>o1b2IfIy_u~;+IEprz}L?j+AJ_Te%D01(6)Az
zs~Bz)H>6T25N4idgZJ5b@}Iw#``7aO??3-k>(3wjS^S^h`+uq_Dl*1@|4U%_e=__(
z8UCLP|Igoi|Nm!NfBxW4<G(5Vef%F)1;+gUe+~cN`G5WzbKoDe|NQNowLh}{{L4oF
z{hUAl3){|rz^+sM|E68%ziHRU0QjT+|DS68`GY^{|Np@MQ$<}_jnV)AD`5D4{_p1Z
z*Z)7&`tt{Wa{a5S{cilHiaNvp;a>y8|C8bW$?*SV_<u6|KN<d?4F6At|0l!$li~mQ
z@8<u>u>WMhfB^#r3>YwAz<>b*1`HT5V8DO@0|pEjFkrxd0RsjM82oSMKL9I<xXJ*)
FFaS(TVi5oU

literal 0
HcmV?d00001

diff --git a/samples/Config.in b/samples/Config.in
index a17f252f9d..ecad25eeb7 100644
--- a/samples/Config.in
+++ b/samples/Config.in
@@ -52,5 +52,12 @@ config CONFIG_PERL_SAMPLES
         Build the "Perl" version of axssl. The features enabled are very
         dependent on the build mode ('full' mode will give all features).
 
+config CONFIG_LUA_SAMPLES
+    bool "axssl - Lua version"
+    default y
+    depends on CONFIG_SAMPLES && CONFIG_LUA_BINDINGS
+    help
+        Build the "Lua" version of axssl. The features enabled are very
+        dependent on the build mode ('full' mode will give all features).
 endmenu
 
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index 433a622823..68c7678609 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -133,7 +133,7 @@ function do_server(build_mode)
     local port = 4433
     local options = axtlsl.SSL_DISPLAY_CERTS
     local quiet = false
-    local password = nil
+    local password = ""
     local private_key_file = nil
     local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
     local ca_cert_size = axtlsl.
@@ -208,6 +208,9 @@ function do_server(build_mode)
         i = i + 1
     end
 
+    -- Create socket for incoming connections
+    local server_sock = socket.try(socket.bind("*", port))
+
     ---------------------------------------------------------------------------
     -- This is where the interesting stuff happens. Up until now we've
     -- just been setting up sockets etc. Now we do the SSL handshake.
@@ -226,29 +229,26 @@ function do_server(build_mode)
             obj_type = axtlsl.SSL_OBJ_PKCS12 
         end
 
-        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, 
-                                        private_key_file, password) then
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
             error("Private key '" .. private_key_file .. "' is undefined.")
         end
     end
 
     for _, v in ipairs(cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") 
-                                        ~= axtlsl.SSL_OK then
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
             error("Certificate '"..v .. "' is undefined.")
         end
     end
 
     for _, v in ipairs(ca_cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") 
-                                        ~= axtlsl.SSL_OK then
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
             error("Certificate '"..v .."' is undefined.")
         end
     end
 
-    -- Create socket for incoming connections
-    local server_sock = socket.try(socket.bind("*", port))
-
     while true do
         if not quiet then print("ACCEPT") end
         local client_sock = server_sock:accept();
@@ -306,7 +306,7 @@ function do_client(build_mode)
     local private_key_file = nil
     local reconnect = 0
     local quiet = false
-    local password = nil
+    local password = ""
     local session_id = {}
     local host = "127.0.0.1"
     local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
@@ -379,6 +379,16 @@ function do_client(build_mode)
         i = i + 1
     end
 
+    local client_sock = socket.try(socket.connect(host, port))
+    local ssl
+    local res
+
+    if not quiet then print("CONNECTED") end
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
     local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
 
     if ssl_ctx == nil then 
@@ -396,45 +406,35 @@ function do_client(build_mode)
             obj_type = axtlsl.SSL_OBJ_PKCS12 
         end
 
-        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, 
-                                    private_key_file, password) then
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
             error("Private key '"..private_key_file.."' is undefined.")
         end
     end
 
     for _, v in ipairs(cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") 
-                                        ~= axtlsl.SSL_OK then
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
             error("Certificate '"..v .. "' is undefined.")
         end
     end
 
     for _, v in ipairs(ca_cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") 
-                                        ~= axtlsl.SSL_OK then
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
             error("Certificate '"..v .."' is undefined.")
         end
     end
 
-    ---------------------------------------------------------------------------
-    -- This is where the interesting stuff happens. Up until now we've
-    -- just been setting up sockets etc. Now we do the SSL handshake.
-    ---------------------------------------------------------------------------
-    local client_sock = assert(socket.connect(host, port))
-    local ssl
-    local res
-
-    if not quiet then print("CONNECTED") end
-
     -- Try session resumption?
-    if reconnect > 0 then
+    if reconnect ~= 0 then
         local session_id = nil
-        while reconnect do
+        while reconnect > 0 do
             reconnect = reconnect - 1
             ssl = axtlsl.ssl_client_new(ssl_ctx, 
                     client_sock:getfd(), session_id)
 
-            res = ssl_handshake_status(ssl)
+            res = axtlsl.ssl_handshake_status(ssl)
             if res ~= axtlsl.SSL_OK then
                 if not quiet then axtlsl.ssl_display_error(res) end
                 axtlsl.ssl_free(ssl)
@@ -444,11 +444,12 @@ function do_client(build_mode)
             display_session_id(ssl)
             session_id = axtlsl.ssl_get_session_id(ssl)
 
-            if reconnect then
-                ssl_free(ssl)
+            if reconnect > 0 then
+                axtlsl.ssl_free(ssl)
                 client_sock:close()
-                client_sock = assert(socket.connect(host, port))
+                client_sock = socket.try(socket.connect(host, port))
             end
+
         end
     else
         ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil)
@@ -456,7 +457,6 @@ function do_client(build_mode)
 
     -- check the return status
     res = axtlsl.ssl_handshake_status(ssl)
-print("RES: "..res)
     if res ~= axtlsl.SSL_OK then
         if not quiet then axtlsl.ssl_display_error(res) end
         os.exit(1)
@@ -475,9 +475,18 @@ print("RES: "..res)
     end
 
     while true do
-        local x = { 65, 66, 67, 10, 0 }
         local line = io.read()
-        res = axtlsl.ssl_write(ssl, x, #x)
+    if line == nil then break end
+        local bytes = {}
+
+        for i = 1, #line do
+            bytes[i] = line.byte(line, i)
+        end
+
+        bytes[#line+1] = 10      -- add carriage return, null
+        bytes[#line+2] = 0
+
+        res = axtlsl.ssl_write(ssl, bytes, #bytes)
         if res < axtlsl.SSL_OK then
             if not quiet then axtlsl.ssl_display_error(res) end
             break
@@ -513,7 +522,7 @@ end
 --
 function display_session_id(ssl)
     local session_id = axtlsl.ssl_get_session_id(ssl)
-    local i, v
+    local v
 
     print("-----BEGIN SSL SESSION PARAMETERS-----")
     for _, v in ipairs(session_id) do
@@ -532,4 +541,5 @@ end
 
 local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
 _ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
+os.exit(0)
 
diff --git a/ssl/os_port.h b/ssl/os_port.h
index b8042ad033..ea0e7d14ca 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -70,6 +70,8 @@ extern "C" {
 #define SOCKET_READ(A,B,C)      recv(A,B,C,0)
 #define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
 #define SOCKET_CLOSE(A)         closesocket(A)
+#define SOCKET_BLOCK(A)         u_long argp = 0; \
+                                ioctlsocket(A, FIONBIO, &argp)
 #define srandom(A)              srand(A)
 #define random()                rand()
 #define getpid()                _getpid()
@@ -139,6 +141,8 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
 #define SOCKET_READ(A,B,C)      read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     write(A,B,C)
 #define SOCKET_CLOSE(A)         close(A)
+#define SOCKET_BLOCK(A)         int fd = fcntl(A, F_GETFL, NULL); \
+                                fcntl(A, F_SETFL, fd & ~O_NONBLOCK)
 #define TTY_FLUSH()
 
 #endif  /* Not Win32 */
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 7628eea216..03c0b85790 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -30,12 +30,14 @@ if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
     KILL_CSHARP="kill %1"
     KILL_PERL="kill %1"
     KILL_JAVA="kill %1"
+    KILL_LUA="kill %1"
 else
     if grep "CONFIG_PLATFORM_CYGWIN=y" "../config/.config"  > /dev/null; then
         # no .net or java on cygwin
         PERL_BIN=/usr/bin/perl
         KILL_AXSSL="killall axssl"
         KILL_PERL="killall /usr/bin/perl"
+        KILL_LUA="killall /usr/local/bin/lua"
     else     # Linux
         JAVA_EXE=/usr/java/default/bin/java
         PERL_BIN=/usr/bin/perl
@@ -44,6 +46,7 @@ else
         KILL_PERL="killall /usr/bin/perl"
         RUN_CSHARP="mono"
         KILL_JAVA="killall $JAVA_EXE"
+        KILL_LUA="killall /usr/local/bin/lua"
     fi
 fi
 
@@ -129,4 +132,18 @@ sleep 1
 echo "### Perl tests complete"
 fi
 
+if [ -f ./axssl.lua ]; then
+echo "########################## LUA SAMPLE ###########################"
+./axssl.lua $SERVER_ARGS &
+echo "Lua Test passed" | ./axssl.lua $CLIENT_ARGS
+$KILL_LUA
+sleep 1
+
+./axssl.lua $SERVER_PEM_ARGS &
+echo "Lua Test passed" | ./axssl.lua $CLIENT_PEM_ARGS
+$KILL_LUA
+sleep 1
+echo "### Lua tests complete"
+fi
+
 echo "########################## ALL TESTS COMPLETE ###########################"
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b9ab721a17..e732581957 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -37,8 +37,11 @@ static int send_cert_verify(SSL *ssl);
  */
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
 {
+    SSL *ssl;
     int ret;
-    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+
+    SOCKET_BLOCK(client_fd);    /* ensure blocking mode */
+    ssl = ssl_new(ssl_ctx, client_fd);
 
     if (session_id && ssl_ctx->num_sessions)
     {
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index c56a9650b8..167a57d82f 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -39,7 +39,9 @@ static int process_cert_verify(SSL *ssl);
  */
 EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
 {
-    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    SSL *ssl;
+
+    ssl = ssl_new(ssl_ctx, client_fd);
     ssl->next_state = HS_CLIENT_HELLO;
 
 #ifdef CONFIG_SSL_FULL_MODE
diff --git a/www/index.html b/www/index.html
index 989ebef0a9..1c9b86b55d 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200705250611" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200706142340" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
@@ -7096,7 +7096,7 @@
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="200705250629" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[/test_dir/test_variables.pl|http://127.0.0.1/test_dir/test_variables.lp]] to see an example of Lua Pages.\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="200706060303" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[/test_dir/test_variables.lp|http://127.0.0.1/test_dir/test_variables.lp]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From 4fdd6a7054e88f2a27eddc6ab7ee6716f4bbeba0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 20 Jun 2007 23:06:49 +0000
Subject: [PATCH 092/301] some documentation updates

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@112 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/lua/Makefile | 2 +-
 ssl/ssl.h             | 6 +++---
 www/index.html        | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index f370703386..5407edf9ee 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -40,7 +40,7 @@ include ../../config/makefile.post
 CFLAGS += -funit-at-a-time
 
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib $(LDSHARED) -o $@ $(OBJ) -laxtls -llua
+	$(LD) $(LDFLAGS) $(LDSHARED) -o $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
 
 CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
 else
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 7cdab2aa86..6622415aa0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -31,10 +31,10 @@
  * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
  * - Highly configurable compile time options.
  * - Portable across many platforms (written in ANSI C), and has language
- * bindings in C, C#, VB.NET, Java and Perl.
+ * bindings in C, C#, VB.NET, Java, Perl and Lua.
  * - Partial openssl API compatibility (via a wrapper).
- * - A very small footprint for a HTTPS server (around 60-70kB in 'server-only'
- * mode).
+ * - A very small footprint (around 50-60kB for the library in 'server-only' 
+ *   mode).
  * - No dependencies on sockets - can use serial connections for example.
  * - A very simple API - ~ 20 functions/methods.
  *
diff --git a/www/index.html b/www/index.html
index 1c9b86b55d..3402da7b2d 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7091,7 +7091,7 @@
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="200703310030" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl           - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet     - VB.NET sample\n* axtls.jar       - Java sample\n* axssl.pl        - Perl sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="200706172117" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From a1bfbe6b07c1d13f3e177c1363d28183061b3323 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 17 Aug 2007 04:08:39 +0000
Subject: [PATCH 093/301] lua samples now work again

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@114 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/lua/Makefile | 2 +-
 www/index.html        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 5407edf9ee..30a5e92319 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -40,7 +40,7 @@ include ../../config/makefile.post
 CFLAGS += -funit-at-a-time
 
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) $(LDSHARED) -o $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
+	$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
 
 CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
 else
diff --git a/www/index.html b/www/index.html
index 3402da7b2d..cd563d14d3 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7091,7 +7091,7 @@
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="200706172117" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="200708170228" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From f9ee197cffc36911c56c808fb4c46b0581b59e56 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Aug 2007 09:15:39 +0000
Subject: [PATCH 094/301] dir changes - things are broken at the moment

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@116 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                  |   2 +
 bindings/csharp/axTLS.cs  |   8 +-
 bindings/java/Makefile    |  33 +--
 bindings/lua/Makefile     |  24 +--
 bindings/perl/Makefile    |  30 ++-
 bindings/vbnet/axTLSvb.vb |  12 +-
 config/makefile.conf      |   2 +-
 crypto/Makefile           |  33 +++
 {ssl => crypto}/aes.c     |   0
 crypto/crypto.h           | 129 ++++++++++++
 {ssl => crypto}/hmac.c    |  32 +--
 {ssl => crypto}/md5.c     |  10 +-
 {ssl => crypto}/rc4.c     |   0
 {ssl => crypto}/sha1.c    |   6 +-
 docsrc/axTLS.dox          |   2 +-
 httpd/Makefile            |   2 +-
 httpd/htpasswd.c          |   8 +-
 httpd/proc.c              |   8 +-
 samples/c/Makefile        |   2 +-
 samples/c/axssl.c         |   8 +-
 samples/csharp/axssl.cs   |   3 +-
 samples/lua/axssl.lua     |   7 +-
 samples/perl/axssl.pl     |   7 +-
 ssl/Makefile              |  13 +-
 ssl/asn1.c                | 425 +-------------------------------------
 ssl/bigint.c              |  44 +++-
 ssl/bigint.h              |   7 +
 ssl/crypto.h              | 285 -------------------------
 ssl/crypto_misc.c         |   2 +-
 ssl/loader.c              |  18 +-
 ssl/p12.c                 |  14 +-
 ssl/rsa.c                 |  42 +---
 ssl/ssl.h                 |  14 +-
 ssl/test/Makefile         |   2 +-
 ssl/test/ssltest.c        |  30 +--
 ssl/tls1.c                |  24 ++-
 ssl/tls1.h                |   3 +
 ssl/tls1_clnt.c           |  38 +++-
 ssl/tls1_svr.c            |   2 +
 www/index.html            |   2 +-
 40 files changed, 432 insertions(+), 901 deletions(-)
 create mode 100644 crypto/Makefile
 rename {ssl => crypto}/aes.c (100%)
 create mode 100644 crypto/crypto.h
 rename {ssl => crypto}/hmac.c (76%)
 rename {ssl => crypto}/md5.c (97%)
 rename {ssl => crypto}/rc4.c (100%)
 rename {ssl => crypto}/sha1.c (97%)
 delete mode 100644 ssl/crypto.h

diff --git a/Makefile b/Makefile
index 568770c1e6..01c2219d87 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ RELEASE=axTLS-$(VERSION)
 
 # standard version
 target:
+	$(MAKE) -C crypto
 	$(MAKE) -C ssl
 ifdef CONFIG_AXHTTPD
 	$(MAKE) -C httpd
@@ -100,6 +101,7 @@ test:
 
 # tidy up things
 clean::
+	@cd crypto; $(MAKE) clean
 	@cd ssl; $(MAKE) clean
 	@cd httpd; $(MAKE) clean
 	@cd samples; $(MAKE) clean
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index a59209168d..a3146f16db 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -95,9 +95,10 @@ public byte GetCipherId()
          */
         public byte[] GetSessionId()
         {
-            byte[] result = new byte[axtls.SSL_SESSION_ID_SIZE];
             IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
-            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE);
+            byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
+            byte[] result = new byte[sess_id_size];
+            Marshal.Copy(ptr, result, 0, sess_id_size);
             return result;
         }
 
@@ -470,7 +471,8 @@ public SSLClient(uint options, int num_sessions) :
         public SSL Connect(Socket s, byte[] session_id)
         {
             int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id));
+            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id,
+                        session_id ? null : session_id.Length));
         }
     }
 }
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
index 59aa6203b9..0c58c1e7f8 100644
--- a/bindings/java/Makefile
+++ b/bindings/java/Makefile
@@ -16,18 +16,20 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.java.conf
+AXTLS_HOME=../..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
+include $(AXTLS_HOME)/config/makefile.java.conf
 
 all: lib jar
 
-JAR=../../$(STAGE)/axtls.jar
+JAR=$(AXTLS_HOME)/$(STAGE)/axtls.jar
 
 ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../$(STAGE)/axtlsj.dll
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsj.dll
 else
-TARGET=../../$(STAGE)/libaxtlsj.so
+TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsj.so
 endif
 
 lib: $(TARGET)
@@ -46,32 +48,19 @@ JAVA_FILES= \
 
 OBJ=axTLSj_wrap.o
 
-AXTLS_HOME=../..
-SSL_HOME=$(AXTLS_HOME)/ssl
-CONFIG_HOME=$(AXTLS_HOME)/config
 JAVA_CLASSES:=$(JAVA_FILES:%.java=classes/axTLSj/%.class)
 
 ifdef CONFIG_PLATFORM_WIN32
-CFLAGS += /I"$(shell cygpath -w $(SSL_HOME))"
-CFLAGS += /I"$(shell cygpath -w $(CONFIG_HOME))"
-LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
+LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
 
-include ../../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 $(TARGET) : $(OBJ)
 	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
 else    # Not Win32
 
-ifdef CONFIG_PLATFORM_CYGWIN
-SSL_HOME:=$(shell cygpath -u $(SSL_HOME))
-CONFIG_HOME:=$(shell cygpath -u $(CONFIG_HOME))
-endif
-
-CFLAGS += -I$(SSL_HOME)
-CFLAGS += -I$(CONFIG_HOME)
-
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls 
+	$(LD) $(LDFLAGS) -L $(AXTLS_HOME)/$(STAGE) $(LDSHARED) -o $@ $(OBJ) -laxtls 
 endif
 
 jar: $(OBJ) $(JAR)
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 30a5e92319..617a0eb899 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -16,36 +16,36 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-include ../../config/.config
-include ../../config/makefile.conf
+AXTLS_HOME=../..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 all: lib
 
+
 ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../$(STAGE)/axtlsl.dll
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.dll
 else
-TARGET=../../$(STAGE)/axtlsl.so
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.so
 endif
 
 ifneq ($(MAKECMDGOALS), clean)
 
 lib: $(TARGET)
-AXTLS_HOME=../..
-SSL_HOME=$(AXTLS_HOME)/ssl
-CONFIG_HOME=$(AXTLS_HOME)/config
 OBJ:=axTLSl_wrap.o
-include ../../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 # there are a few static functions that aren't used
 CFLAGS += -funit-at-a-time
 
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L../../$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
+	$(LD) $(LDFLAGS) $(LDSHARED) -o $@ $^ -L$(AXTLS_HOME)/$(STAGE) -L$(CONFIG_LUA_CORE)/lib -laxtls -llua
 
-CFLAGS += -I$(CONFIG_HOME) -I$(SSL_HOME) -I $(CONFIG_LUA_CORE)/include
+CFLAGS += -I $(CONFIG_LUA_CORE)/include
 else
-CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`" /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
-LDFLAGS += axtls.lib /libpath:"../../$(STAGE)"
+CFLAGS += /I"`cygpath -w $(CONFIG_LUA_CORE)/include`"
+LDFLAGS += axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
 
 $(TARGET) : $(OBJ)
 	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
index 71c4055108..3f5b15e7de 100644
--- a/bindings/perl/Makefile
+++ b/bindings/perl/Makefile
@@ -16,15 +16,17 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-include ../../config/.config
-include ../../config/makefile.conf
+AXTLS_HOME=../..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 all: lib
 
 ifdef CONFIG_PLATFORM_WIN32
-TARGET=../../$(STAGE)/axtlsp.dll
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsp.dll
 else
-TARGET=../../$(STAGE)/libaxtlsp.so
+TARGET=$(AXTLS_HOME)/$(STAGE)/libaxtlsp.so
 endif
 
 ifneq ($(MAKECMDGOALS), clean)
@@ -46,11 +48,8 @@ test_perl:
 endif
 
 lib: $(TARGET)
-AXTLS_HOME=../..
-SSL_HOME=$(AXTLS_HOME)/ssl
-CONFIG_HOME=$(AXTLS_HOME)/config
 OBJ:=axTLSp_wrap.o
-include ../../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32        # Linux/Unix/Cygwin
 
@@ -60,22 +59,21 @@ ifndef CONFIG_PLATFORM_WIN32        # Linux/Unix/Cygwin
 # work.
 #
 $(TARGET) : $(OBJ)
-	$(LD) $(LDFLAGS) -L ../../$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
+	$(LD) $(LDFLAGS) -L$(AXTLS_HOME)/$(STAGE) -L$(PERL5_CORE) $(LDSHARED) -o $@ $(OBJ) -laxtls -lperl
 ifdef CONFIG_PLATFORM_CYGWIN
-	cd ../../$(STAGE); ln -sf $(notdir $@) axtlsp.dll
+	cd $(AXTLS_HOME)/$(STAGE); ln -sf $(notdir $@) axtlsp.dll
 endif
-	@install axtlsp.pm ../../$(STAGE)
+	@install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
 
-CFLAGS += -D_GNU_SOURCE -I$(CONFIG_HOME) -I$(SSL_HOME) -I$(PERL5_CORE)
+CFLAGS += -D_GNU_SOURCE -I$(PERL5_CORE)
 else
-CFLAGS += /I"`cygpath -w $(CONFIG_HOME)`" /I"`cygpath -w $(SSL_HOME)`"
 CFLAGS += /I"$(PERL5_CORE)"
-LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"../../$(STAGE)"
+LDFLAGS += $(CONFIG_PERL_LIB) /libpath:"$(PERL5_CORE)" axtls.lib /libpath:"$(AXTLS_HOME)/$(STAGE)"
 
 $(TARGET) : $(OBJ)
 	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
-	install axtlsp.pm ../../$(STAGE)
+	install axtlsp.pm $(AXTLS_HOME)/$(STAGE)
 endif # WIN32
 
 clean::
-	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend ../../$(STAGE)/axtlsp.pm
+	@rm -f $(TARGET) axtls* *.i axTLSp* *.c .depend $(AXTLS_HOME)/$(STAGE)/axtlsp.pm
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
index 9cec32c789..32f126321e 100644
--- a/bindings/vbnet/axTLSvb.vb
+++ b/bindings/vbnet/axTLSvb.vb
@@ -46,9 +46,11 @@ Namespace axTLSvb
         End Function
 
         Public Function GetSessionId() As Byte()
-            Dim result(axtls.SSL_SESSION_ID_SIZE) As Byte
             Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
-            Marshal.Copy(ptr, result, 0, axtls.SSL_SESSION_ID_SIZE)
+            Dim sess_id_size As Integer = axtls.ssl_get_session_id_size(m_ssl)
+            
+            Dim result(sess_id_size) As Byte
+            Marshal.Copy(ptr, result, 0, sess_id_size)
             Return result
         End Function
 
@@ -170,9 +172,11 @@ Namespace axTLSvb
         End Sub
 
         Public Function Connect(ByVal s As Socket, _
-                                ByVal session_id As Byte()) As SSL
+                                ByVal session_id As Byte(), _
+                                ByVal sess_id_size As Integer) As SSL
             Dim client_fd As Integer = s.Handle.ToInt32()
-            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id))
+            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id, _
+                       sess_id_size))
         End Function
 
     End Class
diff --git a/config/makefile.conf b/config/makefile.conf
index 829d3bf345..4844e3e5f1 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -71,7 +71,7 @@ else    # Not Win32
 
 -include .depend
 
-CFLAGS += -I../config
+CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
 LD=$(CC)
 
 # Solaris
diff --git a/crypto/Makefile b/crypto/Makefile
new file mode 100644
index 0000000000..c824facc92
--- /dev/null
+++ b/crypto/Makefile
@@ -0,0 +1,33 @@
+#
+#  Copyright(C) 2007 Cameron Rich
+#
+#  This library is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with this library; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
+include ../config/.config
+include ../config/makefile.conf
+
+AXTLS_HOME=..
+
+OBJ=\
+	aes.o \
+	hmac.o \
+	md5.o \
+	rc4.o \
+	sha1.o
+
+all: $(OBJ)
+
+include ../config/makefile.post
diff --git a/ssl/aes.c b/crypto/aes.c
similarity index 100%
rename from ssl/aes.c
rename to crypto/aes.c
diff --git a/crypto/crypto.h b/crypto/crypto.h
new file mode 100644
index 0000000000..ad49646c09
--- /dev/null
+++ b/crypto/crypto.h
@@ -0,0 +1,129 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "os_port.h"
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[AES_IV_SIZE];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    uint8_t x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
+    uint32_t Length_Low;            /* Message length in bits      */
+    uint32_t Length_High;           /* Message length in bits      */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks      */
+} SHA1_CTX;
+
+void SHA1_Init(SHA1_CTX *);
+void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1_Final(uint8_t *digest, SHA1_CTX *);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+/* MD5 context. */
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/hmac.c b/crypto/hmac.c
similarity index 76%
rename from ssl/hmac.c
rename to crypto/hmac.c
index 8ac6ad3c1c..880a21c059 100644
--- a/ssl/hmac.c
+++ b/crypto/hmac.c
@@ -45,14 +45,14 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
         k_opad[i] ^= 0x5c;
     }
 
-    MD5Init(&context);
-    MD5Update(&context, k_ipad, 64);
-    MD5Update(&context, msg, length);
-    MD5Final(&context, digest);
-    MD5Init(&context);
-    MD5Update(&context, k_opad, 64);
-    MD5Update(&context, digest, MD5_SIZE);
-    MD5Final(&context, digest);
+    MD5_Init(&context);
+    MD5_Update(&context, k_ipad, 64);
+    MD5_Update(&context, msg, length);
+    MD5_Final(digest, &context);
+    MD5_Init(&context);
+    MD5_Update(&context, k_opad, 64);
+    MD5_Update(&context, digest, MD5_SIZE);
+    MD5_Final(digest, &context);
 }
 
 /**
@@ -77,12 +77,12 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
         k_opad[i] ^= 0x5c;
     }
 
-    SHA1Init(&context);
-    SHA1Update(&context, k_ipad, 64);
-    SHA1Update(&context, msg, length);
-    SHA1Final(&context, digest);
-    SHA1Init(&context);
-    SHA1Update(&context, k_opad, 64);
-    SHA1Update(&context, digest, SHA1_SIZE);
-    SHA1Final(&context, digest);
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_ipad, 64);
+    SHA1_Update(&context, msg, length);
+    SHA1_Final(digest, &context);
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_opad, 64);
+    SHA1_Update(&context, digest, SHA1_SIZE);
+    SHA1_Final(digest, &context);
 }
diff --git a/ssl/md5.c b/crypto/md5.c
similarity index 97%
rename from ssl/md5.c
rename to crypto/md5.c
index 39272d9981..caf21aa63a 100644
--- a/ssl/md5.c
+++ b/crypto/md5.c
@@ -90,7 +90,7 @@ static const uint8_t PADDING[64] =
 /**
  * MD5 initialization - begins an MD5 operation, writing a new ctx.
  */
-EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
 {
     ctx->count[0] = ctx->count[1] = 0;
 
@@ -105,7 +105,7 @@ EXP_FUNC void STDCALL MD5Init(MD5_CTX *ctx)
 /**
  * Accepts an array of octets as the next portion of the message.
  */
-EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
 {
     uint32_t x;
     int i, partLen;
@@ -141,7 +141,7 @@ EXP_FUNC void STDCALL MD5Update(MD5_CTX *ctx, const uint8_t * msg, int len)
 /**
  * Return the 128-bit message digest into the user's array
  */
-EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
 {
     uint8_t bits[8];
     uint32_t x, padLen;
@@ -153,10 +153,10 @@ EXP_FUNC void STDCALL MD5Final(MD5_CTX *ctx, uint8_t *digest)
      */
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
     padLen = (x < 56) ? (56 - x) : (120 - x);
-    MD5Update(ctx, PADDING, padLen);
+    MD5_Update(ctx, PADDING, padLen);
 
     /* Append length (before padding) */
-    MD5Update(ctx, bits, 8);
+    MD5_Update(ctx, bits, 8);
 
     /* Store state in digest */
     Encode(digest, ctx->state, MD5_SIZE);
diff --git a/ssl/rc4.c b/crypto/rc4.c
similarity index 100%
rename from ssl/rc4.c
rename to crypto/rc4.c
diff --git a/ssl/sha1.c b/crypto/sha1.c
similarity index 97%
rename from ssl/sha1.c
rename to crypto/sha1.c
index 3feb6d54c3..69110d4879 100644
--- a/ssl/sha1.c
+++ b/crypto/sha1.c
@@ -37,7 +37,7 @@ static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
 /**
  * Initialize the SHA1 context 
  */
-void SHA1Init(SHA1_CTX *ctx)
+void SHA1_Init(SHA1_CTX *ctx)
 {
     ctx->Length_Low             = 0;
     ctx->Length_High            = 0;
@@ -52,7 +52,7 @@ void SHA1Init(SHA1_CTX *ctx)
 /**
  * Accepts an array of octets as the next portion of the message.
  */
-void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
 {
     while (len--)
     {
@@ -72,7 +72,7 @@ void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
 /**
  * Return the 160-bit message digest into the user's array
  */
-void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
+void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
 {
     int i;
 
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
index e4763d6f34..6780237683 100644
--- a/docsrc/axTLS.dox
+++ b/docsrc/axTLS.dox
@@ -1005,7 +1005,7 @@ INCLUDE_FILE_PATTERNS  =
 # undefined via #undef or recursively expanded use the := operator 
 # instead of the = operator.
 
-PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT EXP_FUNC="" STDCALL=""
+PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
 
 # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
 # this tag can be used to specify a list of macro names that should be expanded. 
diff --git a/httpd/Makefile b/httpd/Makefile
index da173fa3d5..8daae7690c 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -37,7 +37,7 @@ else
 LIBS=-L../$(STAGE) -laxtls
 endif
 
-CFLAGS += -I../ssl
+AXTLS_HOME=..
 
 ifdef CONFIG_HTTP_BUILD_LUA
 lua: kepler-1.1
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index f188cdd149..f4e26814a5 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -112,10 +112,10 @@ int main(int argc, char *argv[])
     RNG_terminate();
     base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
 
-    MD5Init(&ctx);
-    MD5Update(&ctx, md5_salt, MD5_SIZE);
-    MD5Update(&ctx, (uint8_t *)pw, strlen(pw));
-    MD5Final(&ctx, md5_pass);
+    MD5_Init(&ctx);
+    MD5_Update(&ctx, md5_salt, MD5_SIZE);
+    MD5_Update(&ctx, (uint8_t *)pw, strlen(pw));
+    MD5_Final(md5_pass, &ctx);
     base64_encode(md5_pass, MD5_SIZE, b64_pass, sizeof(b64_pass));
 
     printf("Add the following to your '.htpasswd' file\n");
diff --git a/httpd/proc.c b/httpd/proc.c
index 0e4b3e5262..8a760039ee 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -903,10 +903,10 @@ static int check_digest(char *salt, const char *msg_passwd)
         return -1;
 
     /* very simple MD5 crypt algorithm, but then the salt we use is large */
-    MD5Init(&ctx);
-    MD5Update(&ctx, b256_salt, salt_size);           /* process the salt */
-    MD5Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); 
-    MD5Final(&ctx, md5_result);
+    MD5_Init(&ctx);
+    MD5_Update(&ctx, b256_salt, salt_size);           /* process the salt */
+    MD5_Update(&ctx, (uint8_t *)msg_passwd, strlen(msg_passwd)); 
+    MD5_Final(md5_result, &ctx);
     return memcmp(md5_result, real_passwd, MD5_SIZE);/* 0 = ok */
 }
 
diff --git a/samples/c/Makefile b/samples/c/Makefile
index 0ab81e70f2..d4cf848cda 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -30,7 +30,7 @@ TARGET=../../$(STAGE)/axssl
 endif   # cygwin
 
 LIBS=../../$(STAGE)
-CFLAGS += -I../../ssl -I../../config
+CFLAGS += -I../../crypto -I../../ssl -I../../config
 else
 TARGET=../../$(STAGE)/axssl.exe
 CFLAGS += /I"..\..\ssl" /I"..\..\config"
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 999f3f8ac5..a708fbfc20 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -607,7 +607,8 @@ static void do_client(int argc, char *argv[])
     {
         while (reconnect--)
         {
-            ssl = ssl_client_new(ssl_ctx, client_fd, session_id);
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
+                    sizeof(session_id));
             if ((res = ssl_handshake_status(ssl)) != SSL_OK)
             {
                 if (!quiet)
@@ -635,7 +636,7 @@ static void do_client(int argc, char *argv[])
     }
     else
     {
-        ssl = ssl_client_new(ssl_ctx, client_fd, NULL);
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0);
     }
 
     /* check the return status */
@@ -854,9 +855,10 @@ static void display_session_id(SSL *ssl)
 {    
     int i;
     const uint8_t *session_id = ssl_get_session_id(ssl);
+    int sess_id_size = ssl_get_session_id_size(ssl);
 
     printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-    for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+    for (i = 0; i < sess_id_size; i++)
     {
         printf("%02x", session_id[i]);
     }
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index 1f1f95b584..665c72dabd 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -508,7 +508,8 @@ private void do_client(int build_mode, string[] args)
         {
             while (reconnect-- > 0)
             {
-                ssl = ssl_ctx.Connect(client_sock, session_id);
+                ssl = ssl_ctx.Connect(client_sock, session_id,
+                        axtls.SSL_SESSION_ID_SIZE);
 
                 if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
                 {
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index 68c7678609..d6e06b3067 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -429,10 +429,12 @@ function do_client(build_mode)
     -- Try session resumption?
     if reconnect ~= 0 then
         local session_id = nil
+        local sess_id_size = 0
+
         while reconnect > 0 do
             reconnect = reconnect - 1
             ssl = axtlsl.ssl_client_new(ssl_ctx, 
-                    client_sock:getfd(), session_id)
+                    client_sock:getfd(), session_id, sess_id_size)
 
             res = axtlsl.ssl_handshake_status(ssl)
             if res ~= axtlsl.SSL_OK then
@@ -443,6 +445,7 @@ function do_client(build_mode)
 
             display_session_id(ssl)
             session_id = axtlsl.ssl_get_session_id(ssl)
+            sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
 
             if reconnect > 0 then
                 axtlsl.ssl_free(ssl)
@@ -452,7 +455,7 @@ function do_client(build_mode)
 
         end
     else
-        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil)
+        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
     end
 
     -- check the return status
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index 15b0527986..1eb6aac56e 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -411,9 +411,12 @@ sub do_client
     if ($reconnect)
     {
         my $session_id = undef;
+        my $sess_id_size = 0;
+
         while ($reconnect--)
         {
-            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, $session_id);
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, 
+                            $session_id, $sess_id_size);
 
             $res = axtlsp::ssl_handshake_status($ssl);
             if ($res != $axtlsp::SSL_OK)
@@ -439,7 +442,7 @@ sub do_client
     }
     else
     {
-        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef);
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
     }
 
     # check the return status
diff --git a/ssl/Makefile b/ssl/Makefile
index 139011d3d1..ec99b220c2 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -48,20 +48,23 @@ endif
 
 libs: $(TARGET1) $(TARGET2)
 
+AXTLS_HOME=..
+
 OBJ=\
-	aes.o \
+	../crypto/aes.o \
 	asn1.o \
+	x509.o \
 	bigint.o \
 	crypto_misc.o \
-	hmac.o \
+	../crypto/hmac.o \
 	os_port.o \
 	loader.o \
-	md5.o \
+	../crypto/md5.o \
 	openssl.o \
 	p12.o \
 	rsa.o \
-	rc4.o \
-	sha1.o \
+	../crypto/rc4.o \
+	../crypto/sha1.o \
 	tls1.o \
 	tls1_svr.o \
 	tls1_clnt.o
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 25e30f9aa7..b248e3e213 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -19,22 +19,19 @@
 /**
  * @file asn1.c
  * 
- * Some primitive asn methods for extraction rsa modulus information. It also
- * is used for retrieving information from X.509 certificates.
+ * Some primitive asn methods for extraction ASN.1 data.
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include "os_port.h"
 #include "crypto.h"
+#include "crypto_misc.h"
 
 #define SIG_OID_PREFIX_SIZE     8
 
-#define SIG_TYPE_MD2            0x02
-#define SIG_TYPE_MD5            0x04
-#define SIG_TYPE_SHA1           0x05
-
 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
 static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
 {
@@ -44,7 +41,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
 /* CN, O, OU */
 static const uint8_t g_dn_types[] = { 3, 10, 11 };
 
-static int get_asn1_length(const uint8_t *buf, int *offset)
+int get_asn1_length(const uint8_t *buf, int *offset)
 {
     int len, i;
 
@@ -209,7 +206,7 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 /**
  * Get the version type of a certificate (which we don't actually care about)
  */
-static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK;
 
@@ -225,7 +222,7 @@ static int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 /**
  * Retrieve the notbefore and notafter certificate times.
  */
-static int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
               asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
@@ -281,7 +278,7 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
 /**
  * Get the subject name (or the issuer) of a certificate.
  */
-static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+int asn1_name(const uint8_t *cert, int *offset, char *dn[])
 {
     int ret = X509_NOT_OK;
     int dn_type;
@@ -332,7 +329,7 @@ static int asn1_name(const uint8_t *cert, int *offset, char *dn[])
 /**
  * Read the modulus and public exponent of a certificate.
  */
-static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK, mod_len, pub_len;
     uint8_t *modulus, *pub_exp;
@@ -364,7 +361,7 @@ static int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 /**
  * Read the signature of the certificate.
  */
-static int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK;
 
@@ -417,7 +414,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
  * Compare 2 distinguished names for equality 
  * @return 0 if a match
  */
-static int asn1_compare_dn(char * const dn1[], char * const dn2[])
+int asn1_compare_dn(char * const dn1[], char * const dn2[])
 {
     int i;
 
@@ -432,34 +429,13 @@ static int asn1_compare_dn(char * const dn1[], char * const dn2[])
     return 0;       /* all good */
 }
 
-/**
- * Retrieve the signature from a certificate.
- */
-const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
-{
-    int offset = 0;
-    const uint8_t *ptr = NULL;
-
-    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
-            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
-        goto end_get_sig;
-
-    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
-        goto end_get_sig;
-    *len = get_asn1_length(asn1_sig, &offset);
-    ptr = &asn1_sig[offset];          /* all ok */
-
-end_get_sig:
-    return ptr;
-}
-
 #endif
 
 /**
  * Read the signature type of the certificate. We only support RSA-MD5 and
  * RSA-SHA1 signature types.
  */
-static int asn1_signature_type(const uint8_t *cert, 
+int asn1_signature_type(const uint8_t *cert, 
                                 int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK, len;
@@ -482,382 +458,3 @@ static int asn1_signature_type(const uint8_t *cert,
     return ret;
 }
 
-/**
- * Construct a new x509 object.
- * @return 0 if ok. < 0 if there was a problem.
- */
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
-{
-    int begin_tbs, end_tbs;
-    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
-    X509_CTX *x509_ctx;
-    BI_CTX *bi_ctx;
-
-    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
-    x509_ctx = *ctx;
-
-    /* get the certificate size */
-    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    begin_tbs = offset;         /* start of the tbs */
-    end_tbs = begin_tbs;        /* work out the end of the tbs */
-    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
-    {
-        if (asn1_version(cert, &offset, x509_ctx))
-            goto end_cert;
-    }
-
-    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
-            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    /* make sure the signature is ok */
-    if (asn1_signature_type(cert, &offset, x509_ctx))
-    {
-        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
-        goto end_cert;
-    }
-
-    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
-            asn1_validity(cert, &offset, x509_ctx) ||
-            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
-            asn1_public_key(cert, &offset, x509_ctx))
-        goto end_cert;
-
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (either SHA1 or MD5) */
-    if (x509_ctx->sig_type == SIG_TYPE_MD5)
-    {
-        MD5_CTX md5_ctx;
-        uint8_t md5_dgst[MD5_SIZE];
-        MD5Init(&md5_ctx);
-        MD5Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD5Final(&md5_ctx, md5_dgst);
-        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
-    {
-        SHA1_CTX sha_ctx;
-        uint8_t sha_dgst[SHA1_SIZE];
-        SHA1Init(&sha_ctx);
-        SHA1Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA1Final(&sha_ctx, sha_dgst);
-        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
-    }
-
-    offset = end_tbs;   /* skip the v3 data */
-    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
-            asn1_signature(cert, &offset, x509_ctx))
-        goto end_cert;
-#endif
-
-    if (len)
-    {
-        *len = cert_size;
-    }
-
-    ret = X509_OK;
-end_cert:
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret)
-    {
-        printf("Error: Invalid X509 ASN.1 file\n");
-    }
-#endif
-
-    return ret;
-}
-
-/**
- * Free an X.509 object's resources.
- */
-void x509_free(X509_CTX *x509_ctx)
-{
-    X509_CTX *next;
-    int i;
-
-    if (x509_ctx == NULL)       /* if already null, then don't bother */
-        return;
-
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
-    {
-        free(x509_ctx->ca_cert_dn[i]);
-        free(x509_ctx->cert_dn[i]);
-    }
-
-    free(x509_ctx->signature);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION 
-    if (x509_ctx->digest)
-    {
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
-    }
-#endif
-
-    RSA_free(x509_ctx->rsa_ctx);
-
-    next = x509_ctx->next;
-    free(x509_ctx);
-    x509_free(next);        /* clear the chain */
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Do some basic checks on the certificate chain.
- *
- * Certificate verification consists of a number of checks:
- * - A root certificate exists in the certificate store.
- * - The date of the certificate is after the start date.
- * - The date of the certificate is before the finish date.
- * - The certificate chain is valid.
- * - That the certificate(s) are not self-signed.
- * - The signature of the certificate is valid.
- */
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
-{
-    int ret = X509_OK, i = 0;
-    bigint *cert_sig;
-    X509_CTX *next_cert = NULL;
-    BI_CTX *ctx;
-    bigint *mod, *expn;
-    struct timeval tv;
-    int match_ca_cert = 0;
-
-    if (cert == NULL || ca_cert_ctx == NULL)
-    {
-        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-        goto end_verify;
-    }
-
-    /* last cert in the chain - look for a trusted cert */
-    if (cert->next == NULL)
-    {
-        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            if (asn1_compare_dn(cert->ca_cert_dn,
-                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
-            {
-                match_ca_cert = 1;
-                break;
-            }
-
-            i++;
-        }
-
-        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            next_cert = ca_cert_ctx->cert[i];
-        }
-        else    /* trusted cert not found */
-        {
-            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-            goto end_verify;
-        }
-    }
-    else
-    {
-        next_cert = cert->next;
-    }
-
-    gettimeofday(&tv, NULL);
-
-    /* check the not before date */
-    if (tv.tv_sec < cert->not_before)
-    {
-        ret = X509_VFY_ERROR_NOT_YET_VALID;
-        goto end_verify;
-    }
-
-    /* check the not after date */
-    if (tv.tv_sec > cert->not_after)
-    {
-        ret = X509_VFY_ERROR_EXPIRED;
-        goto end_verify;
-    }
-
-    /* check the chain integrity */
-    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
-    {
-        ret = X509_VFY_ERROR_INVALID_CHAIN;
-        goto end_verify;
-    }
-
-    /* check for self-signing */
-    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
-    {
-        ret = X509_VFY_ERROR_SELF_SIGNED;
-        goto end_verify;
-    }
-
-    /* check the signature */
-    ctx = cert->rsa_ctx->bi_ctx;
-    mod = next_cert->rsa_ctx->m;
-    expn = next_cert->rsa_ctx->e;
-    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
-            bi_clone(ctx, mod), bi_clone(ctx, expn));
-
-    if (cert_sig)
-    {
-        ret = cert->digest ?    /* check the signature */
-            bi_compare(cert_sig, cert->digest) :
-            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
-        bi_free(ctx, cert_sig);
-
-        if (ret)
-            goto end_verify;
-    }
-    else
-    {
-        ret = X509_VFY_ERROR_BAD_SIGNATURE;
-        goto end_verify;
-    }
-
-    /* go down the certificate chain using recursion. */
-    if (ret == 0 && cert->next)
-    {
-        ret = x509_verify(ca_cert_ctx, next_cert);
-    }
-
-end_verify:
-    return ret;
-}
-#endif
-
-#if defined (CONFIG_SSL_FULL_MODE)
-/**
- * Used for diagnostics.
- */
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
-{
-    if (cert == NULL)
-        return;
-
-    printf("----------------   CERT DEBUG   ----------------\n");
-    printf("* CA Cert Distinguished Name\n");
-    if (cert->ca_cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
-    }
-
-    if (cert->ca_cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
-    }
-
-    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
-
-    printf("* Cert Distinguished Name\n");
-    if (cert->cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
-    }
-
-    if (cert->cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
-    }
-
-    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
-
-    printf("Not Before:\t\t%s", ctime(&cert->not_before));
-    printf("Not After:\t\t%s", ctime(&cert->not_after));
-    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
-    printf("Sig Type:\t\t");
-    switch (cert->sig_type)
-    {
-        case SIG_TYPE_MD5:
-            printf("MD5\n");
-            break;
-        case SIG_TYPE_SHA1:
-            printf("SHA1\n");
-            break;
-        case SIG_TYPE_MD2:
-            printf("MD2\n");
-            break;
-        default:
-            printf("Unrecognized: %d\n", cert->sig_type);
-            break;
-    }
-
-    printf("Verify:\t\t\t");
-
-    if (ca_cert_ctx)
-    {
-        x509_display_error(x509_verify(ca_cert_ctx, cert));
-    }
-
-    printf("\n");
-#if 0
-    print_blob("Signature", cert->signature, cert->sig_len);
-    bi_print("Modulus", cert->rsa_ctx->m);
-    bi_print("Pub Exp", cert->rsa_ctx->e);
-#endif
-
-    if (ca_cert_ctx)
-    {
-        x509_print(ca_cert_ctx, cert->next);
-    }
-}
-
-void x509_display_error(int error)
-{
-    switch (error)
-    {
-        case X509_NOT_OK:
-            printf("X509 not ok");
-            break;
-
-        case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            printf("No trusted cert is available");
-            break;
-
-        case X509_VFY_ERROR_BAD_SIGNATURE:
-            printf("Bad signature");
-            break;
-
-        case X509_VFY_ERROR_NOT_YET_VALID:
-            printf("Cert is not yet valid");
-            break;
-
-        case X509_VFY_ERROR_EXPIRED:
-            printf("Cert has expired");
-            break;
-
-        case X509_VFY_ERROR_SELF_SIGNED:
-            printf("Cert is self-signed");
-            break;
-
-        case X509_VFY_ERROR_INVALID_CHAIN:
-            printf("Chain is invalid (check order of certs)");
-            break;
-
-        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            printf("Unsupported digest");
-            break;
-
-        case X509_INVALID_PRIV_KEY:
-            printf("Invalid private key");
-            break;
-    }
-}
-#endif      /* CONFIG_SSL_FULL_MODE */
-
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 2551f593da..8a736cfeea 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -54,7 +54,6 @@
 #include <stdio.h>
 #include <time.h>
 #include "bigint.h"
-#include "crypto.h"
 
 static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
 static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
@@ -1366,6 +1365,7 @@ static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
  * @param ctx [in]  The bigint session context.
  * @param bi  [in]  The bigint on which to perform the mod power operation.
  * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
  * @see bi_set_mod().
  */
 bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
@@ -1467,6 +1467,7 @@ bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
  * @param bi  [in]  The bigint to perform the exp/mod.
  * @param bim [in]  The temporary modulus.
  * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
  * @see bi_set_mod().
  */
 bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
@@ -1493,4 +1494,45 @@ bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
     return biR;
 }
 #endif
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * @Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ *
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param dP [in] CRT's dP bigint
+ * @param dQ [in] CRT's dQ bigint
+ * @param p [in] CRT's p bigint
+ * @param q [in] CRT's q bigint
+ * @param qInv [in] CRT's qInv bigint
+ * @return The result of the CRT operation
+ */
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q, bigint *qInv)
+{
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, q, h));
+}
+#endif
 /** @} */
diff --git a/ssl/bigint.h b/ssl/bigint.h
index 5a13c5ae42..5804a1c27a 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -90,4 +90,11 @@ bigint *bi_square(BI_CTX *ctx, bigint *bi);
 #define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
 #endif
 
+#ifdef CONFIG_BIGINT_CRT
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q,
+        bigint *qInv);
+#endif
+
 #endif
diff --git a/ssl/crypto.h b/ssl/crypto.h
deleted file mode 100644
index d4e4bc0163..0000000000
--- a/ssl/crypto.h
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/**
- * @file crypto.h
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "bigint.h"
-
-/**************************************************************************
- * AES declarations 
- **************************************************************************/
-
-#define AES_MAXROUNDS			14
-#define AES_BLOCKSIZE           16
-#define AES_IV_SIZE             16
-
-typedef struct aes_key_st 
-{
-    uint16_t rounds;
-    uint16_t key_size;
-    uint32_t ks[(AES_MAXROUNDS+1)*8];
-    uint8_t iv[AES_IV_SIZE];
-} AES_CTX;
-
-typedef enum
-{
-    AES_MODE_128,
-    AES_MODE_256
-} AES_MODE;
-
-void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
-        const uint8_t *iv, AES_MODE mode);
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
-        uint8_t *out, int length);
-void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
-void AES_convert_key(AES_CTX *ctx);
-
-/**************************************************************************
- * RC4 declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    uint8_t x, y, m[256];
-} RC4_CTX;
-
-void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
-void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
-
-/**************************************************************************
- * SHA1 declarations 
- **************************************************************************/
-
-#define SHA1_SIZE   20
-
-/*
- *  This structure will hold context information for the SHA-1
- *  hashing operation
- */
-typedef struct 
-{
-    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
-    uint32_t Length_Low;            /* Message length in bits      */
-    uint32_t Length_High;           /* Message length in bits      */
-    uint16_t Message_Block_Index;   /* Index into message block array   */
-    uint8_t Message_Block[64];      /* 512-bit message blocks      */
-} SHA1_CTX;
-
-void SHA1Init(SHA1_CTX *);
-void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
-void SHA1Final(SHA1_CTX *, uint8_t *digest);
-
-/**************************************************************************
- * MD5 declarations 
- **************************************************************************/
-
-/* MD5 context. */
-
-#define MD5_SIZE    16
-
-typedef struct 
-{
-  uint32_t state[4];        /* state (ABCD) */
-  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
-  uint8_t buffer[64];       /* input buffer */
-} MD5_CTX;
-
-EXP_FUNC void STDCALL MD5Init(MD5_CTX *);
-EXP_FUNC void STDCALL MD5Update(MD5_CTX *, const uint8_t *msg, int len);
-EXP_FUNC void STDCALL MD5Final(MD5_CTX *, uint8_t *digest);
-
-/**************************************************************************
- * HMAC declarations 
- **************************************************************************/
-void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-/**************************************************************************
- * RNG declarations 
- **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
-EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
-
-/**************************************************************************
- * RSA declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    bigint *m;              /* modulus */
-    bigint *e;              /* public exponent */
-    bigint *d;              /* private exponent */
-#ifdef CONFIG_BIGINT_CRT
-    bigint *p;              /* p as in m = pq */
-    bigint *q;              /* q as in m = pq */
-    bigint *dP;             /* d mod (p-1) */
-    bigint *dQ;             /* d mod (q-1) */
-    bigint *qInv;           /* q^-1 mod p */
-#endif
-    int num_octets;
-    BI_CTX *bi_ctx;
-} RSA_CTX;
-
-void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#ifdef CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-        );
-void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len);
-void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int is_decryption);
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing);
-void RSA_print(const RSA_CTX *ctx);
-#endif
-
-/**************************************************************************
- * ASN1 declarations 
- **************************************************************************/
-#define X509_OK                             0
-#define X509_NOT_OK                         -1
-#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
-#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
-#define X509_VFY_ERROR_NOT_YET_VALID        -4
-#define X509_VFY_ERROR_EXPIRED              -5
-#define X509_VFY_ERROR_SELF_SIGNED          -6
-#define X509_VFY_ERROR_INVALID_CHAIN        -7
-#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
-#define X509_INVALID_PRIV_KEY               -9
-
-/*
- * The Distinguished Name
- */
-#define X509_NUM_DN_TYPES                   3
-#define X509_COMMON_NAME                    0
-#define X509_ORGANIZATION                   1
-#define X509_ORGANIZATIONAL_TYPE            2
-
-#define ASN1_INTEGER            0x02
-#define ASN1_BIT_STRING         0x03
-#define ASN1_OCTET_STRING       0x04
-#define ASN1_NULL               0x05
-#define ASN1_OID                0x06
-#define ASN1_PRINTABLE_STR      0x13
-#define ASN1_TELETEX_STR        0x14
-#define ASN1_IA5_STR            0x16
-#define ASN1_UTC_TIME           0x17
-#define ASN1_SEQUENCE           0x30
-#define ASN1_SET                0x31
-#define ASN1_IMPLICIT_TAG       0x80
-#define ASN1_EXPLICIT_TAG       0xa0
-
-#define SALT_SIZE               8
-
-struct _x509_ctx
-{
-    char *ca_cert_dn[X509_NUM_DN_TYPES];
-    char *cert_dn[X509_NUM_DN_TYPES];
-#if defined(_WIN32_WCE)
-    long not_before;
-    long not_after;
-#else
-    time_t not_before;
-    time_t not_after;
-#endif
-    uint8_t *signature;
-    uint16_t sig_len;
-    uint8_t sig_type;
-    RSA_CTX *rsa_ctx;
-    bigint *digest;
-    struct _x509_ctx *next;
-};
-
-typedef struct _x509_ctx X509_CTX;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-typedef struct 
-{
-    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
-} CA_CERT_CTX;
-#endif
-
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
-void x509_free(X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-void x509_display_error(int error);
-#endif
-
-/**************************************************************************
- * MISC declarations 
- **************************************************************************/
-
-extern const char * const unsupported_str;
-
-typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
-typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-int get_file(const char *filename, uint8_t **buf);
-
-#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
-EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
-#else
-    #define print_blob(...)
-#endif
-
-EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
-                    uint8_t *out, int *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index fec3620893..29a28f9b36 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -24,7 +24,7 @@
 #include <string.h>
 #include <stdarg.h>
 #include <stdio.h>
-#include "crypto.h"
+#include "crypto_misc.h"
 #ifdef CONFIG_WIN32_USE_CRYPTO_LIB
 #include "wincrypt.h"
 #endif
diff --git a/ssl/loader.c b/ssl/loader.c
index 717373a8ae..d5ea6cb43d 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -250,18 +250,18 @@ static int pem_decrypt(const char *where, const char *end,
         goto error;
 
     /* work out the key */
-    MD5Init(&md5_ctx);
-    MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-    MD5Update(&md5_ctx, iv, SALT_SIZE);
-    MD5Final(&md5_ctx, key);
+    MD5_Init(&md5_ctx);
+    MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5_Update(&md5_ctx, iv, SALT_SIZE);
+    MD5_Final(key, &md5_ctx);
 
     if (is_aes_256)
     {
-        MD5Init(&md5_ctx);
-        MD5Update(&md5_ctx, key, MD5_SIZE);
-        MD5Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-        MD5Update(&md5_ctx, iv, SALT_SIZE);
-        MD5Final(&md5_ctx, &key[MD5_SIZE]);
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, key, MD5_SIZE);
+        MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5_Update(&md5_ctx, iv, SALT_SIZE);
+        MD5_Final(&key[MD5_SIZE], &md5_ctx);
     }
 
     /* decrypt using the key/iv */
diff --git a/ssl/p12.c b/ssl/p12.c
index 19b00b8727..d857a9b0cf 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -190,16 +190,16 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
     }
 
     /* get the key - no IV since we are using RC4 */
-    SHA1Init(&sha_ctx);
-    SHA1Update(&sha_ctx, d, sizeof(d));
-    SHA1Update(&sha_ctx, p, sizeof(p));
-    SHA1Final(&sha_ctx, Ai);
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, d, sizeof(d));
+    SHA1_Update(&sha_ctx, p, sizeof(p));
+    SHA1_Final(Ai, &sha_ctx);
 
     for (i = 1; i < iter; i++)
     {
-        SHA1Init(&sha_ctx);
-        SHA1Update(&sha_ctx, Ai, SHA1_SIZE);
-        SHA1Final(&sha_ctx, Ai);
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1_Final(Ai, &sha_ctx);
     }
 
     /* do the decryption */
diff --git a/ssl/rsa.c b/ssl/rsa.c
index 6f5c8a44a8..97c5e67007 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -25,11 +25,7 @@
 #include <string.h>
 #include <time.h>
 #include <stdlib.h>
-#include "crypto.h"
-
-#ifdef CONFIG_BIGINT_CRT
-static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi);
-#endif
+#include "crypto_misc.h"
 
 void RSA_priv_key_new(RSA_CTX **ctx, 
         const uint8_t *modulus, int mod_len,
@@ -180,7 +176,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
 {
 #ifdef CONFIG_BIGINT_CRT
-    return bi_crt(c, bi_msg);
+    return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
 #else
     BI_CTX *ctx = c->bi_ctx;
     ctx->mod_offset = BIGINT_M_OFFSET;
@@ -188,39 +184,6 @@ bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
 #endif
 }
 
-#ifdef CONFIG_BIGINT_CRT
-/**
- * Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
- * This should really be in bigint.c (and was at one stage), but needs 
- * access to the RSA_CTX context...
- */
-static bigint *bi_crt(const RSA_CTX *rsa, bigint *bi)
-{
-    BI_CTX *ctx = rsa->bi_ctx;
-    bigint *m1, *m2, *h;
-
-    /* Montgomery has a condition the 0 < x, y < m and these products violate
-     * that condition. So disable Montgomery when using CRT */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 1;
-#endif
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    m1 = bi_mod_power(ctx, bi_copy(bi), rsa->dP);
-
-    ctx->mod_offset = BIGINT_Q_OFFSET;
-    m2 = bi_mod_power(ctx, bi, rsa->dQ);
-
-    h = bi_subtract(ctx, bi_add(ctx, m1, rsa->p), bi_copy(m2), NULL);
-    h = bi_multiply(ctx, h, rsa->qInv);
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    h = bi_residue(ctx, h);
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 0;         /* reset for any further operation */
-#endif
-    return bi_add(ctx, m2, bi_multiply(ctx, rsa->q, h));
-}
-#endif
-
 #ifdef CONFIG_SSL_FULL_MODE
 /**
  * Used for diagnostics.
@@ -294,7 +257,6 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
-
     block = (uint8_t *)malloc(sig_len);
 
     /* decrypt */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6622415aa0..05c9178575 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -56,7 +56,7 @@ extern "C" {
 #endif
 
 #include <time.h>
-#include "crypto.h"
+//#include "crypto.h"
 
 /* need to predefine before ssl_lib.h gets to it */
 #define SSL_SESSION_ID_SIZE                     32
@@ -221,10 +221,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * @param session_id [in] A 32 byte session id for session resumption. This 
  * can be null if no session resumption is being used or required. This option
  * is not used in skeleton mode.
+ * @param sess_id_size The size of the session id (max 32)
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
 
 /**
  * @brief Free any used resources on this connection. 
@@ -286,6 +287,15 @@ EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
  */
 EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
 
+/**
+ * @brief Get the session id size for a handshake. 
+ * 
+ * This will be 32 for a ssl server and may be something else for a ssl client.
+ * @param ssl [in] An SSL object reference.
+ * @return The number of valid bytes in a handshaking sequence
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
+
 /**
  * @brief Return the cipher id (in the SSL form).
  * @param ssl [in] An SSL object reference.
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 43c9a6cef8..ea61e2ae5b 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -33,7 +33,7 @@ ifndef CONFIG_PLATFORM_WIN32
 performance: ../../$(STAGE)/perf_bigint
 ssltesting: ../../$(STAGE)/ssltest
 LIBS=../../$(STAGE)
-CFLAGS += -I../../ssl -I../../config
+CFLAGS += -I../../ssl -I../../config -I../../crypto
 
 ../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
 	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 3e3d47fecb..d97e153ae1 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -250,9 +250,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
                 "A9993E364706816ABA3E25717850C26C9CD0D89D");
         bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
 
-        SHA1Init(&ctx);
-        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1Final(&ctx, digest);
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
@@ -268,9 +268,9 @@ static int SHA1_test(BI_CTX *bi_ctx)
                 "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
         bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
 
-        SHA1Init(&ctx);
-        SHA1Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1Final(&ctx, digest);
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
@@ -304,9 +304,9 @@ static int MD5_test(BI_CTX *bi_ctx)
                 "900150983CD24FB0D6963F7D28E17F72");
         bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
 
-        MD5Init(&ctx);
-        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5Final(&ctx, digest);
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
@@ -322,9 +322,9 @@ static int MD5_test(BI_CTX *bi_ctx)
                 bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
         bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
 
-        MD5Init(&ctx);
-        MD5Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5Final(&ctx, digest);
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
@@ -1250,7 +1250,7 @@ static int SSL_client_test(
         goto client_test_exit;
     }
 
-    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id);
+    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
 
     /* check the return status */
     if ((ret = ssl_handshake_status(ssl)))
@@ -1469,7 +1469,7 @@ static void do_basic(void)
                                         "../ssl/test/axTLS.ca_x509.cer", NULL))
         goto error;
 
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL);
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
 
     /* check the return status */
     if (ssl_handshake_status(ssl_clnt))
@@ -1588,7 +1588,7 @@ void do_multi_clnt(multi_t *multi_data)
         goto client_test_exit;
 
     sleep(1);
-    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
 
     if ((res = ssl_handshake_status(ssl)))
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 43d798ed6d..1f7160cb1e 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -834,14 +834,14 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         q += strlen(label);
     }
 
-    MD5Init(&md5_ctx);
-    MD5Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
-    MD5Final(&md5_ctx, q);
+    MD5_Init(&md5_ctx);
+    MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    MD5_Final(q, &md5_ctx);
     q += MD5_SIZE;
     
-    SHA1Init(&sha1_ctx);
-    SHA1Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
-    SHA1Final(&sha1_ctx, q);
+    SHA1_Init(&sha1_ctx);
+    SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
+    SHA1_Final(q, &sha1_ctx);
     q += SHA1_SIZE;
 
     if (label)
@@ -1532,8 +1532,8 @@ int send_certificate(SSL *ssl)
  * Find if an existing session has the same session id. If so, use the
  * master secret from this session for session resumption.
  */
-SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl, const uint8_t *session_id)
+SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[], 
+        SSL *ssl, const uint8_t *session_id)
 {
     time_t tm = time(NULL);
     time_t oldest_sess_time = tm;
@@ -1641,6 +1641,14 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
     return ssl->session_id;
 }
 
+/*
+ * Get the session id size for a handshake. 
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
+{
+    return ssl->sess_id_size;
+}
+
 /*
  * Return the cipher id (in the SSL form).
  */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index d14bb6d6ed..1d07f29acc 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -29,6 +29,8 @@ extern "C" {
 #endif
 
 #include "version.h"
+#include "crypto.h"
+#include "crypto_misc.h"
 
 /* Mutexing definitions */
 #if defined(CONFIG_SSL_CTX_MUTEXING)
@@ -156,6 +158,7 @@ struct _SSL
     uint8_t record_type;
     uint8_t chain_length;
     uint8_t cipher;
+    uint8_t sess_id_size;
     int16_t next_state;
     int16_t hs_status;
     uint8_t *all_pkts; 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index e732581957..eda5b631d9 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -35,7 +35,8 @@ static int send_cert_verify(SSL *ssl);
 /*
  * Establish a new SSL connection to an SSL server.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
 {
     SSL *ssl;
     int ret;
@@ -45,7 +46,14 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uin
 
     if (session_id && ssl_ctx->num_sessions)
     {
-        memcpy(ssl->session_id, session_id, SSL_SESSION_ID_SIZE);
+        if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
+        {
+            ssl_free(ssl);
+            return NULL;
+        }
+
+        memcpy(ssl->session_id, session_id, sess_id_size);
+        ssl->sess_id_size = sess_id_size;
         SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
     }
 
@@ -176,11 +184,11 @@ static int send_client_hello(SSL *ssl)
     offset = 6 + SSL_RANDOM_SIZE;
 
     /* give session resumption a go */
-    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially bu user */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially by user */
     {
-        buf[offset++] = SSL_SESSION_ID_SIZE;
-        memcpy(&buf[offset], ssl->session_id, SSL_SESSION_ID_SIZE);
-        offset += SSL_SESSION_ID_SIZE;
+        buf[offset++] = ssl->sess_id_size;
+        memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
+        offset += ssl->sess_id_size;
         CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
     }
     else
@@ -216,7 +224,7 @@ static int process_server_hello(SSL *ssl)
     int offset;
     int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
-    uint8_t session_id_length;
+    uint8_t sess_id_size;
     int ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
@@ -226,17 +234,25 @@ static int process_server_hello(SSL *ssl)
     /* get the server random value */
     memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
-    session_id_length = buf[offset++];
+    sess_id_size = buf[offset++];
 
     if (num_sessions)
     {
         ssl->session = ssl_session_update(num_sessions,
                 ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], session_id_length);
+        memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
+
+        /* pad the rest with 0's */
+        if (sess_id_size < SSL_SESSION_ID_SIZE)
+        {
+            memset(&ssl->session->session_id[sess_id_size], 0,
+                SSL_SESSION_ID_SIZE-sess_id_size);
+        }
     }
 
-    memcpy(ssl->session_id, &buf[offset], session_id_length);
-    offset += session_id_length;
+    memcpy(ssl->session_id, &buf[offset], sess_id_size);
+    ssl->sess_id_size = sess_id_size;
+    offset += sess_id_size;
 
     /* get the real cipher we are using */
     ssl->cipher = buf[++offset];
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 167a57d82f..e7860270e1 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -311,12 +311,14 @@ static int send_server_hello(SSL *ssl)
         /* retrieve id from session cache */
         memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
         memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
     }
     else    /* generate our own session id */
 #endif
     {
         get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
         memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
 
 #ifndef CONFIG_SSL_SKELETON_MODE
         /* store id in session cache */
diff --git a/www/index.html b/www/index.html
index cd563d14d3..08bd7945b7 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7091,7 +7091,7 @@
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="200708170228" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="200708230117" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly some stuff.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From 2bbf4cfd9276b57f890d9eccd46a0bf576f07d3d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Aug 2007 13:22:46 +0000
Subject: [PATCH 095/301] fixed win32 build

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@117 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/csharp/axTLS.cs            |  6 ++-
 bindings/generate_SWIG_interface.pl | 10 ++---
 bindings/generate_interface.pl      |  1 +
 bindings/java/SSLClient.java        |  5 ++-
 bindings/vbnet/axTLSvb.vb           | 15 ++++---
 config/makefile.conf                |  3 +-
 crypto/Makefile                     |  3 +-
 httpd/Makefile                      | 40 +++++++++----------
 samples/c/Makefile                  | 24 +++++------
 samples/csharp/axssl.cs             |  3 +-
 ssl/Makefile                        | 53 +++++++++++++-----------
 ssl/test/Makefile                   | 62 +++++++++++++++++++----------
 ssl/test/test_axssl.sh              |  2 +
 ssl/tls1_clnt.c                     |  4 +-
 ssl/tls1_svr.c                      | 14 ++++---
 15 files changed, 143 insertions(+), 102 deletions(-)

diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index a3146f16db..e2e5f4da29 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -471,8 +471,10 @@ public SSLClient(uint options, int num_sessions) :
         public SSL Connect(Socket s, byte[] session_id)
         {
             int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls. ssl_client_new(m_ctx, client_fd, session_id,
-                        session_id ? null : session_id.Length));
+            byte sess_id_size = (byte)(session_id != null ? 
+                                session_id.Length : 0);
+            return new SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id,
+                        sess_id_size));
         }
     }
 }
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index 83e9ef68ef..23343ce8f7 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -177,13 +177,13 @@ sub parseFile
 %apply signed char[] {signed char *};
 
 /* allow ssl_get_session_id() to return "byte[]" */
-%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, SSL_SESSION_ID_SIZE);\"
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, ssl_get_session_id_size((SSL const *)arg1));\"
 
 /* allow ssl_client_new() to have a null session_id input */
 %typemap(in) const signed char session_id[] (jbyte *jarr) {
     if (jarg3 == NULL)
     {
-        jresult = (jint)ssl_client_new(arg1,arg2,NULL);
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL,0);
         return jresult;
     }
     
@@ -275,7 +275,7 @@ sub parseFile
 
 /* for ssl_session_id() */
 %typemap(out) const unsigned char * {
-    SV *svs = newSVpv((const char *)\$1, SSL_SESSION_ID_SIZE);
+    SV *svs = newSVpv((unsigned char *)\$1, (int)ssl_get_session_id((SSL const *)arg1));
     \$result = newRV(svs);
     sv_2mortal(\$result);
     argvi++;
@@ -330,7 +330,7 @@ sub parseFile
 %typemap(out) const unsigned char * {
     int i;
     lua_newtable(L);
-    for (i = 0; i < SSL_SESSION_ID_SIZE; i++){
+    for (i = 0; i < ssl_get_session_id((SSL const *)\$1); i++){
         lua_pushnumber(L,(lua_Number)result[i]);
         lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
     }
@@ -359,7 +359,7 @@ sub parseFile
     if (lua_isnil(L,\$input))
         \$1 = NULL;
     else
-        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, SSL_SESSION_ID_SIZE);
+        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, ssl_get_session_id((SSL const *)\$1));
 }
 
 #endif
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index 816dd47752..ab7b914ada 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -90,6 +90,7 @@ sub transformSignature
             $line =~ s/uint8_t \*\* ?(\w+)/ByRef $1 As IntPtr/g;
             $line =~ s/const uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
             $line =~ s/uint8_t \* ?(\w+)/ByVal $1() As Byte/g;
+            $line =~ s/uint8_t ?(\w+)/ByVal $1 As Byte/g;
             $line =~ s/const char \* ?(\w+)/ByVal $1 As String/g;
             $line =~ s/const SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
             $line =~ s/SSL_CTX \* ?(\w+)/ByVal $1 As IntPtr/g;
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
index 02ad38c7d3..6ca43d0032 100644
--- a/bindings/java/SSLClient.java
+++ b/bindings/java/SSLClient.java
@@ -61,6 +61,9 @@ public SSLClient(int options, int num_sessions)
     public SSL connect(Socket s, byte[] session_id)
     {
         int client_fd = axtlsj.getFd(s);
-        return new SSL(axtlsj.ssl_client_new(m_ctx, client_fd, session_id));
+        byte sess_id_size = (byte)(session_id != null ? 
+                                session_id.length : 0);
+        return new SSL(axtlsj.ssl_client_new(m_ctx, client_fd, session_id,
+                        sess_id_size));
     }
 }
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
index 32f126321e..c941c595b2 100644
--- a/bindings/vbnet/axTLSvb.vb
+++ b/bindings/vbnet/axTLSvb.vb
@@ -48,8 +48,7 @@ Namespace axTLSvb
         Public Function GetSessionId() As Byte()
             Dim ptr As IntPtr = axtls.ssl_get_session_id(m_ssl)
             Dim sess_id_size As Integer = axtls.ssl_get_session_id_size(m_ssl)
-            
-            Dim result(sess_id_size) As Byte
+            Dim result(sess_id_size-1) As Byte
             Marshal.Copy(ptr, result, 0, sess_id_size)
             Return result
         End Function
@@ -172,10 +171,16 @@ Namespace axTLSvb
         End Sub
 
         Public Function Connect(ByVal s As Socket, _
-                                ByVal session_id As Byte(), _
-                                ByVal sess_id_size As Integer) As SSL
+                                ByVal session_id As Byte()) As SSL
             Dim client_fd As Integer = s.Handle.ToInt32()
-            Return New SSL( axtls.ssl_client_new(m_ctx, client_fd, session_id, _
+            Dim sess_id_size As Byte
+            If session_id is Nothing Then
+                sess_id_size = 0
+            Else
+                sess_id_size = session_id.Length
+            End If
+
+            Return New SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id, _
                        sess_id_size))
         End Function
 
diff --git a/config/makefile.conf b/config/makefile.conf
index 4844e3e5f1..347bf13dc1 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -54,7 +54,8 @@ endif
 
 CC=cl.exe
 LD=link.exe
-CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"..\ssl" /I"..\config" /c 
+AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
+CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
 LDFLAGS=/nologo /subsystem:console /machine:I386
 LDSHARED = /dll
 AR=lib /nologo
diff --git a/crypto/Makefile b/crypto/Makefile
index c824facc92..2f69f1e491 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -28,6 +28,7 @@ OBJ=\
 	rc4.o \
 	sha1.o
 
+include ../config/makefile.post
+
 all: $(OBJ)
 
-include ../config/makefile.post
diff --git a/httpd/Makefile b/httpd/Makefile
index 8daae7690c..57dabb6b17 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -18,27 +18,27 @@
 
 all : web_server lua
 
-include ../config/.config
-include ../config/makefile.conf
+AXTLS_HOME=..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../$(STAGE)/axhttpd.exe
-TARGET2=../$(STAGE)/htpasswd.exe
+TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd.exe
+TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd.exe
 else
-TARGET=../$(STAGE)/axhttpd
-TARGET2=../$(STAGE)/htpasswd
+TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd
+TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd
 endif
 
 ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../$(STAGE)/libaxtls.a
+LIBS=$(AXTLS_HOME)/$(STAGE)/libaxtls.a
 else
-LIBS=-L../$(STAGE) -laxtls
+LIBS=-L$(AXTLS_HOME)/$(STAGE) -laxtls
 endif
 
-AXTLS_HOME=..
-
 ifdef CONFIG_HTTP_BUILD_LUA
 lua: kepler-1.1
 
@@ -53,13 +53,13 @@ endif
 else # win32 build
 lua:
 
-TARGET=../$(STAGE)/axhttpd.exe
-TARGET2=../$(STAGE)/htpasswd.exe
+TARGET=$(AXTLS_HOME)/$(STAGE)/axhttpd.exe
+TARGET2=$(AXTLS_HOME)/$(STAGE)/htpasswd.exe
 
 ifdef CONFIG_HTTP_STATIC_BUILD
-LIBS=../$(STAGE)/axtls.static.lib ..\\config\\axtls.res
+LIBS=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib $(AXTLS_HOME)\\config\\axtls.res
 else
-LIBS=../$(STAGE)/axtls.lib ..\\config\\axtls.res
+LIBS=$(AXTLS_HOME)/$(STAGE)/axtls.lib $(AXTLS_HOME)\\config\\axtls.res
 endif
 endif
 
@@ -78,11 +78,11 @@ OBJ= \
 	proc.o \
 	tdate_parse.o
 
-include ../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32
 
-$(TARGET): $(OBJ) ../$(STAGE)/libaxtls.a
+$(TARGET): $(OBJ) $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
 ifndef CONFIG_DEBUG
 ifndef CONFIG_PLATFORM_SOLARIS
@@ -90,7 +90,7 @@ ifndef CONFIG_PLATFORM_SOLARIS
 endif
 endif
 
-$(TARGET2): htpasswd.o ../$(STAGE)/libaxtls.a
+$(TARGET2): htpasswd.o $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
 
 else    # Win32
@@ -100,13 +100,13 @@ OBJ:=$(OBJ:.o=.obj)
 	$(CC) $(CFLAGS) $< 
 
 htpasswd.obj : htpasswd.c
-	$(CC) $(CFLAGS) $< 
+	$(CC) $(CFLAGS) $? 
 	
 $(TARGET): $(OBJ)
-	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $(OBJ)
+	$(LD) $(LDFLAGS) /out:$@ $(LIBS) $?
 
 $(TARGET2): htpasswd.obj
-	$(LD) $(LDFLAGS) $(LIBS) /out:$@ $<
+	$(LD) $(LDFLAGS) /out:$@ $(LIBS) $?
 endif
 
 endif       # CONFIG_AXHTTPD
diff --git a/samples/c/Makefile b/samples/c/Makefile
index d4cf848cda..3fecbe66fa 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -18,22 +18,22 @@
 
 all : sample
 
-include ../../config/.config
-include ../../config/makefile.conf
+AXTLS_HOME=../..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 ifndef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET=../../$(STAGE)/axssl.exe
+TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe
 else
-TARGET=../../$(STAGE)/axssl
+TARGET=$(AXTLS_HOME)/$(STAGE)/axssl
 endif   # cygwin
 
-LIBS=../../$(STAGE)
-CFLAGS += -I../../crypto -I../../ssl -I../../config
+LIBS=$(AXTLS_HOME)/$(STAGE)
 else
-TARGET=../../$(STAGE)/axssl.exe
-CFLAGS += /I"..\..\ssl" /I"..\..\config"
+TARGET=$(AXTLS_HOME)/$(STAGE)/axssl.exe
 endif
 
 ifndef CONFIG_C_SAMPLES
@@ -42,12 +42,12 @@ sample:
 else
 sample : $(TARGET)
 OBJ= axssl.o
-include ../../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32
 
 $(TARGET): $(OBJ) $(LIBS)/libaxtls.a
-	$(LD) $(LDFLAGS) -o $@ $< -L$(LIBS) -laxtls 
+	$(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls 
 ifndef CONFIG_DEBUG
 ifndef CONFIG_PLATFORM_SOLARIS
 	strip --remove-section=.comment $(TARGET)
@@ -56,11 +56,11 @@ endif   # CONFIG_DEBUG
 else    # Win32
 
 $(TARGET): $(OBJ)
-	$(LD) $(LDFLAGS) ..\\..\\config\\axtls.res /out:$@ $^ /libpath:"../../$(STAGE)" axtls.lib
+	$(LD) $(LDFLAGS) $(AXTLS_HOME)/config/axtls.res /out:$@ $^ /libpath:"$(AXTLS_HOME)/$(STAGE)" axtls.lib
 endif
 
 endif    # CONFIG_C_SAMPLES
 
 clean::
-	-@rm -f ../../$(STAGE)/axssl*
+	-@rm -f $(AXTLS_HOME)/$(STAGE)/axssl*
 
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index 665c72dabd..1f1f95b584 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -508,8 +508,7 @@ private void do_client(int build_mode, string[] args)
         {
             while (reconnect-- > 0)
             {
-                ssl = ssl_ctx.Connect(client_sock, session_id,
-                        axtls.SSL_SESSION_ID_SIZE);
+                ssl = ssl_ctx.Connect(client_sock, session_id);
 
                 if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
                 {
diff --git a/ssl/Makefile b/ssl/Makefile
index ec99b220c2..2ad87021d7 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -16,8 +16,10 @@
 #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 #
 
-include ../config/.config
-include ../config/makefile.conf
+AXTLS_HOME=..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 all: libs
 ifdef CONFIG_PERFORMANCE_TESTING
@@ -29,76 +31,79 @@ endif
 endif
 
 ifndef CONFIG_PLATFORM_WIN32
-TARGET1=../$(STAGE)/libaxtls.a
+TARGET1=$(AXTLS_HOME)/$(STAGE)/libaxtls.a
 BASETARGET=libaxtls.so
+CRYPTO_PATH=$(AXTLS_HOME)/crypto/
 ifdef CONFIG_PLATFORM_CYGWIN
-TARGET2=../$(STAGE)/libaxtls.dll.a
+TARGET2=$(AXTLS_HOME)/$(STAGE)/libaxtls.dll.a
 else
-TARGET2=../$(STAGE)/$(LIBMINOR)
+TARGET2=$(AXTLS_HOME)/$(STAGE)/$(LIBMINOR)
 endif
 
 # shared library major/minor numbers
 LIBMAJOR=$(BASETARGET).1
 LIBMINOR=$(BASETARGET).1.1
 else
-TARGET1=axtls.lib
-TARGET2=../$(STAGE)/axtls.dll
-STATIC_LIB=../$(STAGE)/axtls.static.lib
+TARGET1=$(AXTLS_HOME)/axtls.lib
+TARGET2=$(AXTLS_HOME)/$(STAGE)/axtls.dll
+STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
+CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
 endif
 
 libs: $(TARGET1) $(TARGET2)
 
-AXTLS_HOME=..
+CRYPTO_OBJ=\
+	$(CRYPTO_PATH)aes.o \
+	$(CRYPTO_PATH)hmac.o \
+	$(CRYPTO_PATH)md5.o \
+	$(CRYPTO_PATH)rc4.o \
+	$(CRYPTO_PATH)sha1.o
 
 OBJ=\
-	../crypto/aes.o \
 	asn1.o \
 	x509.o \
 	bigint.o \
 	crypto_misc.o \
-	../crypto/hmac.o \
 	os_port.o \
 	loader.o \
-	../crypto/md5.o \
 	openssl.o \
 	p12.o \
 	rsa.o \
-	../crypto/rc4.o \
-	../crypto/sha1.o \
 	tls1.o \
 	tls1_svr.o \
 	tls1_clnt.o
 
-include ../config/makefile.post
+include $(AXTLS_HOME)/config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
 
 $(TARGET1) : $(OBJ)
-	$(AR) -r $@ $(OBJ)
+	$(AR) -r $@ $(CRYPTO_OBJ) $(OBJ)
 
 $(TARGET2) : $(OBJ)
 ifndef CONFIG_PLATFORM_CYGWIN
-	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o ../$(STAGE)/$(LIBMINOR) $(OBJ)
-	cd ../$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
+	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o $(AXTLS_HOME)/$(STAGE)/$(LIBMINOR) $(CRYPTO_OBJ) $(OBJ)
+	cd $(AXTLS_HOME)/$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
 else
-	$(LD) $(LDFLAGS) $(LDSHARED) -o ../$(STAGE)/cygaxtls.dll \
-    -Wl,--out-implib=../$(STAGE)/libaxtls.dll.a \
+	$(LD) $(LDFLAGS) $(LDSHARED) -o $(AXTLS_HOME)/$(STAGE)/cygaxtls.dll \
+    -Wl,--out-implib=$(AXTLS_HOME)/$(STAGE)/libaxtls.dll.a \
     -Wl,--export-all-symbols \
-    -Wl,--enable-auto-import $(OBJ)
+    -Wl,--enable-auto-import $(CRYPTO_OBJ) $(OBJ)
 endif
 
 else  # Win32
+CRYPTO_OBJ:=$(CRYPTO_OBJ:.o=.obj)
 
 $(TARGET1) : $(OBJ)
-	$(AR) /out:$@ $(OBJ)
+	$(AR) /out:$@ $(CRYPTO_OBJ) $(OBJ)
 
 $(TARGET2) : $(OBJ)
 	cp $(TARGET1) $(STATIC_LIB)
-	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(OBJ)
+	$(LD) $(LDFLAGS) $(LDSHARED) /out:$@ $(CRYPTO_OBJ) $(OBJ)
 
 endif    
 
 clean::
 	$(MAKE) -C test clean
-	-@rm -f ../$(STAGE)/* *.a *.lib
+	-@rm -f $(AXTLS_HOME)/$(STAGE)/* *.a $(TARGET1) $(TARGET2)
 
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index ea61e2ae5b..deda7307f3 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -18,8 +18,10 @@
 
 all:
 
-include ../../config/.config
-include ../../config/makefile.conf
+AXTLS_HOME=../..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
 
 ifdef CONFIG_PERFORMANCE_TESTING
 all: performance
@@ -29,37 +31,53 @@ ifdef CONFIG_SSL_TEST
 all: ssltesting
 endif
 
+include $(AXTLS_HOME)/config/makefile.post
+
 ifndef CONFIG_PLATFORM_WIN32
-performance: ../../$(STAGE)/perf_bigint
-ssltesting: ../../$(STAGE)/ssltest
-LIBS=../../$(STAGE)
-CFLAGS += -I../../ssl -I../../config -I../../crypto
+performance: $(AXTLS_HOME)/$(STAGE)/perf_bigint
+ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest
+LIBS=$(AXTLS_HOME)/$(STAGE)
 
-../../$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
+$(AXTLS_HOME)/$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
 	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
 
-../../$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
+$(AXTLS_HOME)/$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
 	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
 else
-performance: ../../$(STAGE)/perf_bigint.exe
-ssltesting: ../../$(STAGE)/ssltest.exe
-CFLAGS += /I".." /I"../../config"
+performance: $(AXTLS_HOME)/$(STAGE)/perf_bigint.exe
+ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest.exe
+
+CRYPTO_PATH="$(AXTLS_INCLUDE)crypto\\"
+AXTLS_SSL_PATH="$(AXTLS_INCLUDE)ssl\\"
 
-%.obj : %.c
-	$(CC) $(CFLAGS) $< 
+CRYPTO_OBJ=\
+	$(CRYPTO_PATH)aes.obj \
+	$(CRYPTO_PATH)hmac.obj \
+	$(CRYPTO_PATH)md5.obj \
+	$(CRYPTO_PATH)rc4.obj \
+	$(CRYPTO_PATH)sha1.obj
 
-OBJLIST=..\aes.obj ..\asn1.obj ..\bigint.obj ..\crypto_misc.obj ..\hmac.obj \
-        ..\md5.obj ..\loader.obj ..\p12.obj ..\os_port.obj ..\rc4.obj \
-        ..\rsa.obj ..\sha1.obj ..\tls1.obj ..\tls1_clnt.obj ..\tls1_svr.obj
+OBJ=\
+	$(AXTLS_SSL_PATH)asn1.obj \
+	$(AXTLS_SSL_PATH)x509.obj \
+	$(AXTLS_SSL_PATH)bigint.obj \
+	$(AXTLS_SSL_PATH)crypto_misc.obj \
+	$(AXTLS_SSL_PATH)os_port.obj \
+	$(AXTLS_SSL_PATH)loader.obj \
+	$(AXTLS_SSL_PATH)openssl.obj \
+	$(AXTLS_SSL_PATH)p12.obj \
+	$(AXTLS_SSL_PATH)rsa.obj \
+	$(AXTLS_SSL_PATH)tls1.obj \
+	$(AXTLS_SSL_PATH)tls1_svr.obj \
+	$(AXTLS_SSL_PATH)tls1_clnt.obj
 
-../../$(STAGE)/perf_bigint.exe: perf_bigint.obj $(OBJLIST)
-	$(LD) $(LDFLAGS) /out:$@ $^
+$(AXTLS_HOME)/$(STAGE)/perf_bigint.exe: perf_bigint.obj
+	$(LD) $(LDFLAGS) /out:$@ $? $(CRYPTO_OBJ) $(OBJ)
 
-../../$(STAGE)/ssltest.exe: ssltest.obj $(OBJLIST)
-	$(LD) $(LDFLAGS) /out:$@ $^
+$(AXTLS_HOME)/$(STAGE)/ssltest.exe: ssltest.obj
+	$(LD) $(LDFLAGS) /out:$@ $? $(CRYPTO_OBJ) $(OBJ)
 endif
 
 clean::
-	-@rm -f ../../$(STAGE)/perf_bigint* ../../$(STAGE)/ssltest*
+	-@rm -f $(AXTLS_HOME)/$(STAGE)/perf_bigint* $(AXTLS_HOME)/$(STAGE)/ssltest*
 
-include ../../config/makefile.post
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 03c0b85790..44cd606206 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -106,6 +106,8 @@ fi
 
 if [ -x ./axssl.vbnet.exe ]; then
 echo "######################## VB.NET SAMPLE ###########################"
+echo $SERVER_ARGS
+echo $CLIENT_ARGS
 ./axssl.vbnet $SERVER_ARGS &
 echo "VB.NET Test passed" | ./axssl.vbnet.exe $CLIENT_ARGS
 kill %1
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index eda5b631d9..e2a0b298a1 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -88,7 +88,9 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
                     if ((ret = send_certificate(ssl)) == SSL_OK &&
                         (ret = send_client_key_xchg(ssl)) == SSL_OK)
                     {
-                        ret = send_cert_verify(ssl);
+                        ret = (ssl->chain_length == 0) ? 
+                            SSL_ERROR_INVALID_HANDSHAKE : 
+                            send_cert_verify(ssl);
                     }
                 }
                 else
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index e7860270e1..dee48eeb16 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -302,36 +302,38 @@ static int send_server_hello(SSL *ssl)
     memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
-    /* send a session id - and put it into the cache */
-    buf[offset++] = SSL_SESSION_ID_SIZE;
-
 #ifndef CONFIG_SSL_SKELETON_MODE
     if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
     {
         /* retrieve id from session cache */
+        buf[offset++] = SSL_SESSION_ID_SIZE;
         memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
         memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
         ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+        offset += SSL_SESSION_ID_SIZE;
     }
     else    /* generate our own session id */
 #endif
     {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        buf[offset++] = SSL_SESSION_ID_SIZE;
         get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
         memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
         ssl->sess_id_size = SSL_SESSION_ID_SIZE;
 
-#ifndef CONFIG_SSL_SKELETON_MODE
         /* store id in session cache */
         if (ssl->ssl_ctx->num_sessions)
         {
             memcpy(ssl->session->session_id, 
                     ssl->session_id, SSL_SESSION_ID_SIZE);
         }
+
+        offset += SSL_SESSION_ID_SIZE;
+#else
+        buf[offset++] = 0;  /* don't bother with session id in skelton mode */
 #endif
     }
 
-    offset += SSL_SESSION_ID_SIZE;
-
     buf[offset++] = 0;      /* cipher we are using */
     buf[offset++] = ssl->cipher;
     buf[offset++] = 0;      /* no compression */

From 58212f218e22658f3fdc61a1dac6b56655276443 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Aug 2007 13:38:26 +0000
Subject: [PATCH 096/301] added crypto_misc.h

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@118 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/crypto_misc.h | 212 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 212 insertions(+)
 create mode 100644 ssl/crypto_misc.h

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
new file mode 100644
index 0000000000..9811810f90
--- /dev/null
+++ b/ssl/crypto_misc.h
@@ -0,0 +1,212 @@
+/*
+ *  Copyright(C) 2007 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file crypto_misc.h
+ */
+
+#ifndef HEADER_CRYPTO_MISC_H
+#define HEADER_CRYPTO_MISC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bigint.h"
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+/**************************************************************************
+ * X509 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   3
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_TYPE            2
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+#if defined(_WIN32_WCE)
+    long not_before;
+    long not_after;
+#else
+    time_t not_before;
+    time_t not_after;
+#endif
+    uint8_t *signature;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+void x509_display_error(int error);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_SEQUENCE           0x30
+#define ASN1_SET                0x31
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_EXPLICIT_TAG       0xa0
+
+#define SIG_TYPE_MD2            0x02
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+
+int get_asn1_length(const uint8_t *buf, int *offset);
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
+int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_compare_dn(char * const dn1[], char * const dn2[]);
+#endif
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx);
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+#define SALT_SIZE               8
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 

From d40747d1b16dddd8d8bbf47da855f57bc87385fd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Aug 2007 13:39:47 +0000
Subject: [PATCH 097/301] added x509.c

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@119 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/x509.c | 435 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 435 insertions(+)
 create mode 100644 ssl/x509.c

diff --git a/ssl/x509.c b/ssl/x509.c
new file mode 100644
index 0000000000..32e19fdbb0
--- /dev/null
+++ b/ssl/x509.c
@@ -0,0 +1,435 @@
+/*
+ *  Copyright(C) 2006 Cameron Rich
+ *
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/**
+ * @file x509.c
+ * 
+ * Certificate processing.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Retrieve the signature from a certificate.
+ */
+const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    X509_CTX *x509_ctx;
+    BI_CTX *bi_ctx;
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
+    {
+        if (asn1_version(cert, &offset, x509_ctx))
+            goto end_cert;
+    }
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
+            asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    /* use the appropriate signature algorithm (either SHA1 or MD5) */
+    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    {
+        MD5_CTX md5_ctx;
+        uint8_t md5_dgst[MD5_SIZE];
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD5_Final(md5_dgst, &md5_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+    }
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
+    {
+        SHA1_CTX sha_ctx;
+        uint8_t sha_dgst[SHA1_SIZE];
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA1_Final(sha_dgst, &sha_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+    }
+
+    offset = end_tbs;   /* skip the v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    ret = X509_OK;
+end_cert:
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Invalid X509 ASN.1 file\n");
+    }
+#endif
+
+    return ret;
+}
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - A root certificate exists in the certificate store.
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - The certificate chain is valid.
+ * - That the certificate(s) are not self-signed.
+ * - The signature of the certificate is valid.
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx;
+    bigint *mod, *expn;
+    struct timeval tv;
+    int match_ca_cert = 0;
+
+    if (cert == NULL || ca_cert_ctx == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* last cert in the chain - look for a trusted cert */
+    if (cert->next == NULL)
+    {
+        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            if (asn1_compare_dn(cert->ca_cert_dn,
+                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
+            {
+                match_ca_cert = 1;
+                break;
+            }
+
+            i++;
+        }
+
+        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+        {
+            next_cert = ca_cert_ctx->cert[i];
+        }
+        else    /* trusted cert not found */
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else
+    {
+        next_cert = cert->next;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    /* check the chain integrity */
+    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
+    {
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+
+    /* check for self-signing */
+    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    ctx = cert->rsa_ctx->bi_ctx;
+    mod = next_cert->rsa_ctx->m;
+    expn = next_cert->rsa_ctx->e;
+    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
+            bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig)
+    {
+        ret = cert->digest ?    /* check the signature */
+            bi_compare(cert_sig, cert->digest) :
+            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        bi_free(ctx, cert_sig);
+
+        if (ret)
+            goto end_verify;
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+        goto end_verify;
+    }
+
+    /* go down the certificate chain using recursion. */
+    if (ret == 0 && cert->next)
+    {
+        ret = x509_verify(ca_cert_ctx, next_cert);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("----------------   CERT DEBUG   ----------------\n");
+    printf("* CA Cert Distinguished Name\n");
+    if (cert->ca_cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("* Cert Distinguished Name\n");
+    if (cert->cert_dn[X509_COMMON_NAME])
+    {
+        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATION])
+    {
+        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
+    }
+
+    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
+    {
+        printf("Organizational Unit (OU): %s\n", 
+                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
+    }
+
+    printf("Not Before:\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    printf("Verify:\t\t\t");
+
+    if (ca_cert_ctx)
+    {
+        x509_display_error(x509_verify(ca_cert_ctx, cert));
+    }
+
+    printf("\n");
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(ca_cert_ctx, cert->next);
+    }
+}
+
+void x509_display_error(int error)
+{
+    switch (error)
+    {
+        case X509_NOT_OK:
+            printf("X509 not ok");
+            break;
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            printf("No trusted cert is available");
+            break;
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            printf("Bad signature");
+            break;
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            printf("Cert is not yet valid");
+            break;
+
+        case X509_VFY_ERROR_EXPIRED:
+            printf("Cert has expired");
+            break;
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            printf("Cert is self-signed");
+            break;
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            printf("Chain is invalid (check order of certs)");
+            break;
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            printf("Unsupported digest");
+            break;
+
+        case X509_INVALID_PRIV_KEY:
+            printf("Invalid private key");
+            break;
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+

From 114fff40774d956c53cd37af112c81a5e1517053 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 30 Aug 2007 02:55:46 +0000
Subject: [PATCH 098/301] fixed some of the bindings for the new API changes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@120 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                            |  1 +
 bindings/generate_SWIG_interface.pl |  4 ++--
 bindings/lua/Makefile               |  2 +-
 samples/c/axssl.c                   | 14 +++++++++-----
 samples/csharp/axssl.cs             | 13 ++++++++-----
 samples/java/axssl.java             | 10 ++++++----
 samples/lua/axssl.lua               | 10 ++++++----
 samples/perl/axssl.pl               | 16 +++++++++-------
 samples/vbnet/axssl.vb              | 16 +++++++++-------
 ssl/tls1.c                          |  1 -
 ssl/tls1_clnt.c                     |  4 +---
 www/index.html                      |  2 +-
 12 files changed, 53 insertions(+), 40 deletions(-)

diff --git a/Makefile b/Makefile
index 01c2219d87..e979eb1c75 100644
--- a/Makefile
+++ b/Makefile
@@ -85,6 +85,7 @@ ifdef CONFIG_PERL_BINDINGS
 	install -m 755 $(STAGE)/axtlsp.pm `perl -e 'use Config; print $$Config{installarchlib};'`
 endif
 	@mkdir -p -m 755 $(PREFIX)/include/axTLS
+	install -m 644 crypto/*.h $(PREFIX)/include/axTLS
 	install -m 644 ssl/*.h $(PREFIX)/include/axTLS
 	-rm $(PREFIX)/include/axTLS/cert.h
 	-rm $(PREFIX)/include/axTLS/private_key.h
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index 23343ce8f7..d9a4e888dd 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -275,7 +275,7 @@ sub parseFile
 
 /* for ssl_session_id() */
 %typemap(out) const unsigned char * {
-    SV *svs = newSVpv((unsigned char *)\$1, (int)ssl_get_session_id((SSL const *)arg1));
+    SV *svs = newSVpv((unsigned char *)\$1, ssl_get_session_id_size((SSL const *)arg1));
     \$result = newRV(svs);
     sv_2mortal(\$result);
     argvi++;
@@ -330,7 +330,7 @@ sub parseFile
 %typemap(out) const unsigned char * {
     int i;
     lua_newtable(L);
-    for (i = 0; i < ssl_get_session_id((SSL const *)\$1); i++){
+    for (i = 0; i < ssl_get_session_id_size((SSL const *)arg1); i++){
         lua_pushnumber(L,(lua_Number)result[i]);
         lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
     }
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 617a0eb899..66738cbedd 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -27,7 +27,7 @@ all: lib
 ifdef CONFIG_PLATFORM_WIN32
 TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.dll
 else
-TARGET=$(AXTLS_HOME)/$(STAGE)/axtlsl.so
+TARGET=$(CONFIG_LUA_CORE)/lib/lua/5.1/axtlsl.so
 endif
 
 ifneq ($(MAKECMDGOALS), clean)
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index a708fbfc20..41b93af3f2 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -857,11 +857,15 @@ static void display_session_id(SSL *ssl)
     const uint8_t *session_id = ssl_get_session_id(ssl);
     int sess_id_size = ssl_get_session_id_size(ssl);
 
-    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-    for (i = 0; i < sess_id_size; i++)
+    if (sess_id_size > 0)
     {
-        printf("%02x", session_id[i]);
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        for (i = 0; i < sess_id_size; i++)
+        {
+            printf("%02x", session_id[i]);
+        }
+
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+        TTY_FLUSH();
     }
-    printf("\n-----END SSL SESSION PARAMETERS-----\n");
-    TTY_FLUSH();
 }
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index 1f1f95b584..174d3dc851 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -732,12 +732,15 @@ private void display_session_id(SSL ssl)
     {    
         byte[] session_id = ssl.GetSessionId();
 
-        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
-        foreach (byte b in session_id)
+        if (session_id.Length > 0)
         {
-            Console.Write("{0:x02}", b);
-        }
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+            foreach (byte b in session_id)
+            {
+                Console.Write("{0:x02}", b);
+            }
 
-        Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+        }
     }
 }
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
index a08e9a79d3..76fb06d773 100644
--- a/samples/java/axssl.java
+++ b/samples/java/axssl.java
@@ -737,10 +737,12 @@ public void bytesToHex(byte[] data)
     private void display_session_id(SSL ssl)
     {    
         byte[] session_id = ssl.getSessionId();
-        int i;
 
-        System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
-        bytesToHex(session_id);
-        System.out.println("-----END SSL SESSION PARAMETERS-----");
+        if (session_id.length > 0)
+        {
+            System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+            bytesToHex(session_id);
+            System.out.println("-----END SSL SESSION PARAMETERS-----");
+        }
     }
 }
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index d6e06b3067..bdd97f4b1b 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -527,11 +527,13 @@ function display_session_id(ssl)
     local session_id = axtlsl.ssl_get_session_id(ssl)
     local v
 
-    print("-----BEGIN SSL SESSION PARAMETERS-----")
-    for _, v in ipairs(session_id) do
-        io.write(string.format("%02x", v))
+    if #session_id > 0 then
+        print("-----BEGIN SSL SESSION PARAMETERS-----")
+        for _, v in ipairs(session_id) do
+            io.write(string.format("%02x", v))
+        end
+        print("\n-----END SSL SESSION PARAMETERS-----")
     end
-    print("\n-----END SSL SESSION PARAMETERS-----")
 end
 
 --
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index 1eb6aac56e..c46c70a401 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -235,7 +235,7 @@ sub do_server
         while (1)
         {
             ($res, $buf) = axtlsp::ssl_read($ssl, undef);
-            last if $res != $axtlsp::SSL_OK;
+            last if $res < $axtlsp::SSL_OK;
 
             if ($res == $axtlsp::SSL_OK) # connection established and ok
             {
@@ -255,11 +255,11 @@ sub do_server
             {
                 printf($$buf);
             }
-            else if ($res < $axtlsp::SSL_OK)
+            elsif ($res < $axtlsp::SSL_OK)
             {
                 axtlsp::ssl_display_error($res) if not $quiet;
                 last;
-            }
+            } 
         }
 
         # client was disconnected or the handshake failed.
@@ -613,8 +613,10 @@ sub display_session_id
 {    
     my ($ssl) = @_;
     my $session_id = axtlsp::ssl_get_session_id($ssl);
-
-    printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-    printf(unpack("H*", $$session_id));
-    printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    if (length($$session_id) > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        printf(unpack("H*", $$session_id));
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    }
 }
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
index da6f71984a..a9f7e9fa85 100644
--- a/samples/vbnet/axssl.vb
+++ b/samples/vbnet/axssl.vb
@@ -538,14 +538,16 @@ Public Class axssl
     Private Sub display_session_id(ByVal ssl As SSL)
         Dim session_id As Byte() = ssl.GetSessionId()
 
-        Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
-        Dim b As Byte
-        For Each b In session_id
-            Console.Write("{0:x02}", b)
-        Next
+        If session_id.Length > 0 Then
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+            Dim b As Byte
+            For Each b In session_id
+                Console.Write("{0:x02}", b)
+            Next
 
-        Console.WriteLine()
-        Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+            Console.WriteLine()
+            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+        End If
     End Sub
 
     ' 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 1f7160cb1e..baf44dc970 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1504,7 +1504,6 @@ int send_certificate(SSL *ssl)
     buf[0] = HS_CERTIFICATE;
     buf[1] = 0;
     buf[4] = 0;
-    buf[7] = 0;
 
     while (i < ssl->chain_length)
     {
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index e2a0b298a1..05fca96cb4 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -88,9 +88,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
                     if ((ret = send_certificate(ssl)) == SSL_OK &&
                         (ret = send_client_key_xchg(ssl)) == SSL_OK)
                     {
-                        ret = (ssl->chain_length == 0) ? 
-                            SSL_ERROR_INVALID_HANDSHAKE : 
-                            send_cert_verify(ssl);
+                        send_cert_verify(ssl);
                     }
                 }
                 else
diff --git a/www/index.html b/www/index.html
index 08bd7945b7..1fdb6b0d3f 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200706142340" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200708300254" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From b717f94bd0905e591a3bfeee24155e8412cdaeb7 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 5 Sep 2007 13:44:56 +0000
Subject: [PATCH 099/301] fixed server buffer issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@121 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/header_issue.dat | Bin 0 -> 1159 bytes
 ssl/test/ssltest.c        |  65 ++++++++++++++++++++++++++++++++++++++
 ssl/tls1.c                |  10 +++---
 ssl/tls1.h                |   1 +
 ssl/tls1_clnt.c           |  15 +++++++--
 5 files changed, 84 insertions(+), 7 deletions(-)
 create mode 100755 ssl/test/header_issue.dat

diff --git a/ssl/test/header_issue.dat b/ssl/test/header_issue.dat
new file mode 100755
index 0000000000000000000000000000000000000000..a48d23d2b937820a533bc1394d6c155fd28c1959
GIT binary patch
literal 1159
zcmWe*W@Kq%Vqj2XW^_B{aBjXp>E)wm*3`MA7YKbx?VUNb&ow+D@R^CtrU!`(45kd+
z3@iZ*EWQj(j0R1Ne}Q;86SDvVivceir&gOs+jm|@Mpjk^gU02C@&>YO%%Ln?!eYS%
znMJ92B?`{@xw)lznaPPInfZCehI|G*AO+mQtO1U?;Q@xK2Fh?lI2pynic1R$@{39w
ziXqyQ^K<op*igto0HlpwnA0_}BtNetzdX;7+kg`!#v#n)=LO@i2{VNT!(72EECw|O
z%@qc6;=Gm?28ISkhGs@4CMHqhyoTn6Mn)D;u0bZMc_=oK>_r&^DUdsvg@wz@%k`ix
z(#=UO2Kme&200WNSs9qU84Ns_92wpo`5|5!qql9!X6NU%!l&1>n0uS&D5^(1N_N=q
zT3#1Xo$~t3DZM?rcUCRjoTpWPC&fDJUdopHOj#<c1G(LwuVi9oWMD)#8yG{(jtrqD
z41)X>EUEFSSFWs-_7#%qy;W$R;IY>2#oG<fXG~^lsd#>L(LO(Mop($Bszg1H5j-<7
zYyB}vW~D>tw?BFLXek4en?Vzk6EF?DVd7-C`OWT+eQSgcnmt1@C72qS8d)Mz0)#t+
ze1a<>?d5STc=(BH&V_n5t}ZuuwkKi#Kd5eDJK@OGejq5*ct+H>r89oKDBiP7sKoTQ
zuBR~j#n<b<tD5jM{jdpG`eP!lgv7<}tK_qnn`h4s-YY5TZ~Z?0UHbX&QZpIN-d7Jz
un{I{ue9ZX$@8k2^^|rJ(9awhqU;wwnhlMXaQ!Q?q>TEypxQCB{fdK$z?p#a&

literal 0
HcmV?d00001

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index d97e153ae1..29fc621dbd 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1718,6 +1718,64 @@ int multi_thread_test(void)
 }
 #endif
 
+/**************************************************************************
+ * Header issue
+ *
+ **************************************************************************/
+static void do_header_issue(void)
+{
+    uint8_t axtls_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
+    system(axtls_buf);
+}
+
+static int header_issue(void)
+{
+    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
+    int server_fd, client_fd, ret = 1;
+    uint8_t buf[2048];
+    int size = 0;
+    struct sockaddr_in client_addr;
+    socklen_t clnt_len = sizeof(client_addr);
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_header_issue, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
+                NULL, 0, NULL);
+#endif
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+
+    size = fread(buf, 1, sizeof(buf), f);
+    SOCKET_WRITE(client_fd, buf, size);
+    usleep(200000);
+
+    ret = 0;
+error:
+    fclose(f);
+    SOCKET_CLOSE(client_fd);
+    SOCKET_CLOSE(server_fd);
+    TTY_FLUSH();
+    system("killall axssl");
+    return ret;
+}
+
 /**************************************************************************
  * main()
  *
@@ -1820,7 +1878,14 @@ int main(int argc, char *argv[])
 
     system("sh ../ssl/test/killopenssl.sh");
 
+    if (header_issue())
+    {
+        printf("Header tests failed\n");
+        goto cleanup;
+    }
+
     ret = 0;        /* all ok */
+    printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
 cleanup:
 
     if (ret)
diff --git a/ssl/tls1.c b/ssl/tls1.c
index baf44dc970..de5597fbd4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1241,6 +1241,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     switch (ssl->record_type)
     {
         case PT_HANDSHAKE_PROTOCOL:
+            ssl->bm_proc_index = 0;
             ret = do_handshake(ssl, buf, read_len);
             break;
 
@@ -1723,10 +1724,10 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 {
     int ret = SSL_OK;
+    uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index];
     int pkt_size = ssl->bm_index;
     int cert_size, offset = 5;
-    int total_cert_size = (ssl->bm_data[offset]<<8) + 
-                ssl->bm_data[offset+1];
+    int total_cert_size = (buf[offset]<<8) + buf[offset+1];
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     X509_CTX **chain = x509_ctx;
     offset += 2;
@@ -1736,10 +1737,10 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     while (offset < total_cert_size)
     {
         offset++;       /* skip empty char */
-        cert_size = (ssl->bm_data[offset]<<8) + ssl->bm_data[offset+1];
+        cert_size = (buf[offset]<<8) + buf[offset+1];
         offset += 2;
         
-        if (x509_new(&ssl->bm_data[offset], NULL, chain))
+        if (x509_new(&buf[offset], NULL, chain))
         {
             ret = SSL_ERROR_BAD_CERTIFICATE;
             goto error;
@@ -1759,6 +1760,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 
     DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
     ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+    ssl->bm_proc_index += offset;
 error:
     return ret;
 }
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 1d07f29acc..45f13527d5 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -173,6 +173,7 @@ struct _SSL
     uint8_t *bm_data;
     uint16_t bm_index;
     uint16_t bm_read_index;
+    uint16_t bm_proc_index;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     SSL_CERT *certs;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 05fca96cb4..939318b0ea 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -221,11 +221,10 @@ static int process_server_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
     int pkt_size = ssl->bm_index;
-    int offset;
     int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
     uint8_t sess_id_size;
-    int ret = SSL_OK;
+    int offset, ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
     if (version != 0x31)
@@ -259,7 +258,9 @@ static int process_server_hello(SSL *ssl)
     ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
                                         HS_FINISHED : HS_CERTIFICATE;
 
+    offset++;   // skip the compr
     PARANOIA_CHECK(pkt_size, offset);
+    ssl->bm_proc_index = offset+1; 
 
 error:
     return ret;
@@ -311,10 +312,18 @@ static int send_client_key_xchg(SSL *ssl)
  */
 static int process_cert_req(SSL *ssl)
 {
+    uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index];
+    int ret = SSL_OK;
+    int offset = (buf[2] << 4) + buf[3];
+    int pkt_size = ssl->bm_index;
+
     /* don't do any processing - we will send back an RSA certificate anyway */
     ssl->next_state = HS_SERVER_HELLO_DONE;
     SET_SSL_FLAG(SSL_HAS_CERT_REQ);
-    return SSL_OK;
+    ssl->bm_proc_index += offset;
+    PARANOIA_CHECK(pkt_size, offset);
+error:
+    return ret;
 }
 
 /*

From 3515da26fb35e66c6363282cd1ea919b49b6f45d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 10 Sep 2007 06:54:31 +0000
Subject: [PATCH 100/301] some doco updates

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@122 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf   | 14 ++++++++------
 ssl/bigint.c           |  2 +-
 ssl/ssl.h              |  4 ++--
 ssl/test/ssltest.c     | 20 ++++++++++----------
 ssl/test/test_axssl.sh |  2 +-
 www/index.html         |  4 ++--
 6 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/config/makefile.conf b/config/makefile.conf
index 347bf13dc1..e19b565631 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -33,21 +33,23 @@ ifdef CONFIG_PLATFORM_WIN32
 
 ifdef CONFIG_VISUAL_STUDIO_6_0
 CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
-INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include")
-LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib")
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
 else
 ifdef CONFIG_VISUAL_STUDIO_7_0
 CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
-INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
-LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
 else 
 ifdef CONFIG_VISUAL_STUDIO_8_0
 CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
-INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
-LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+stuff:
+	@echo $(INCLUDE)
 endif
 endif
 endif
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 8a736cfeea..38823ce990 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -1497,7 +1497,7 @@ bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
 
 #ifdef CONFIG_BIGINT_CRT
 /**
- * @Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
  *
  * @param ctx [in]  The bigint session context.
  * @param bi  [in]  The bigint to perform the exp/mod.
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 05c9178575..83c6af7557 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -290,9 +290,9 @@ EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
 /**
  * @brief Get the session id size for a handshake. 
  * 
- * This will be 32 for a ssl server and may be something else for a ssl client.
+ * This will normally be 32 but could be 0 (no session id) or something else.
  * @param ssl [in] An SSL object reference.
- * @return The number of valid bytes in a handshaking sequence
+ * @return The size of the session id.
  */
 EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 29fc621dbd..737e3d699e 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -689,7 +689,7 @@ static int client_socket_init(uint16_t port)
     if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
     {
         perror("socket");
-        close(client_fd);
+        SOCKET_CLOSE(client_fd);
         client_fd = -1;
     }
 
@@ -841,7 +841,7 @@ static int SSL_server_test(
         /* we are ready to go */
         ssl = ssl_server_new(ssl_ctx, client_fd);
         while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
-        close(client_fd);
+        SOCKET_CLOSE(client_fd);
         
         if (size < SSL_OK) /* got some alert or something nasty */
         {
@@ -869,7 +869,7 @@ static int SSL_server_test(
         ssl_free(ssl);
     }
 
-    close(server_fd);
+    SOCKET_CLOSE(server_fd);
 
 error:
     ssl_ctx_free(ssl_ctx);
@@ -1294,7 +1294,7 @@ static int SSL_client_test(
 
 client_test_exit:
     ssl_free(ssl);
-    close(client_fd);
+    SOCKET_CLOSE(client_fd);
     usleep(200000);           /* allow openssl to say something */
 
     if (sess_resume)
@@ -1484,7 +1484,7 @@ static void do_basic(void)
 
 error:
     ssl_ctx_free(ssl_clnt_ctx);
-    close(client_fd);
+    SOCKET_CLOSE(client_fd);
 
     /* exit this thread */
 }
@@ -1556,8 +1556,8 @@ static int SSL_basic_test(void)
     TTY_FLUSH();
 
     ssl_free(ssl_svr);
-    close(server_fd);
-    close(client_fd);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
 
 error:
     ssl_ctx_free(ssl_svr_ctx);
@@ -1603,7 +1603,7 @@ void do_multi_clnt(multi_t *multi_data)
 
 client_test_exit:
     ssl_free(ssl);
-    close(client_fd);
+    SOCKET_CLOSE(client_fd);
     free(multi_data);
 }
 
@@ -1622,7 +1622,7 @@ void do_multi_svr(SSL *ssl)
         {
             if (res == SSL_ERROR_CONN_LOST)
             {
-                close(ssl->client_fd);
+                SOCKET_CLOSE(ssl->client_fd);
                 ssl_free(ssl);
                 break;
             }
@@ -1713,7 +1713,7 @@ int multi_thread_test(void)
 error:
     ssl_ctx_free(ssl_server_ctx);
     ssl_ctx_free(ssl_clnt_ctx);
-    close(server_fd);
+    SOCKET_CLOSE(server_fd);
     return res;
 }
 #endif
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 44cd606206..2a8bceb8f7 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -24,7 +24,7 @@
 #
 
 if grep "CONFIG_PLATFORM_WIN32=y" "../config/.config"  > /dev/null; then
-    JAVA_EXE="/cygdrive/c/Program Files/Java/jdk1.5.0_06/bin/java.exe"
+    JAVA_EXE="$JAVA_HOME/bin/java.exe"
     PERL_BIN="/cygdrive/c/Perl/bin/perl"
     KILL_AXSSL="kill %1"
     KILL_CSHARP="kill %1"
diff --git a/www/index.html b/www/index.html
index 1fdb6b0d3f..9bb2ea50e1 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,12 +7086,12 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200708300254" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200709060714" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="200708230117" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly some stuff.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* The test harness appears to be broken under ~VC8.0. Debugging shows a problem in the _close() function which is weird. CGI is also broken under ~VC8.0.\n* CGI works under Win32, but needs some more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="200709100637" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly some stuff.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From 15651d6de5ded84c4936bb8261a7c173f89b4bab Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 10 Sep 2007 21:48:04 +0000
Subject: [PATCH 101/301] removed some mallocs

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@123 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/rsa.c  | 20 +++++++++++++++-----
 ssl/tls1.c |  7 ++++++-
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/ssl/rsa.c b/ssl/rsa.c
index 97c5e67007..bcfc310166 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -125,10 +125,14 @@ void RSA_free(RSA_CTX *rsa_ctx)
 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
                             uint8_t *out_data, int is_decryption)
 {
-    int byte_size = ctx->num_octets;
-    uint8_t *block;
+    const int byte_size = ctx->num_octets;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
+#ifndef WIN32
+    uint8_t block[byte_size];
+#else
+    uint8_t *block = (uint8_t *)malloc(byte_size);
+#endif
 
     memset(out_data, 0, byte_size); /* initialise */
 
@@ -142,7 +146,6 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
 #endif
 
     /* convert to a normal block */
-    block = (uint8_t *)malloc(byte_size);
     bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
 
     i = 10; /* start at the first possible non-padded byte */
@@ -166,7 +169,9 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     if (size > 0)
         memcpy(out_data, &block[i], size);
     
+#ifdef WIN32
     free(block);
+#endif
     return size ? size : -1;
 }
 
@@ -253,11 +258,14 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         bigint *modulus, bigint *pub_exp)
 {
-    uint8_t *block;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
-    block = (uint8_t *)malloc(sig_len);
+#ifndef WIN32
+    uint8_t block[sig_len];
+#else
+    uint8_t *block = (uint8_t *)malloc(sig_len);
+#endif
 
     /* decrypt */
     dat_bi = bi_import(ctx, sig, sig_len);
@@ -285,7 +293,9 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         }
     }
 
+#ifdef WIN32
     free(block);
+#endif
     return bir;
 }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index de5597fbd4..0e2ced092d 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -623,7 +623,11 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+#ifndef WIN32
+    uint8_t t_buf[hmac_len+10];
+#else
     uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
+#endif
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -659,8 +663,9 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
     }
     print_blob("hmac", hmac_buf, SHA1_SIZE);
 #endif
-
+#ifdef WIN32
     free(t_buf);
+#endif
 }
 
 /**

From 7cd4ea1b95f9b8d9ac46d586b8316098dfc1a2cf Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 12 Sep 2007 07:26:00 +0000
Subject: [PATCH 102/301] css + added strip option

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@124 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in     | 7 +++++++
 config/makefile.conf | 2 +-
 httpd/Makefile       | 4 +---
 httpd/proc.c         | 9 +++++++--
 samples/c/Makefile   | 6 ++----
 ssl/Makefile         | 2 +-
 ssl/test/ssltest.c   | 2 +-
 7 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/config/Config.in b/config/Config.in
index c68e95a664..f434bde45e 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -48,6 +48,13 @@ config CONFIG_DEBUG
 
       Most people should answer N.
 
+config CONFIG_STRIP_UNWANTED_SECTIONS
+    depends on !CONFIG_PLATFORM_WIN32 && !CONFIG_DEBUG
+    bool "Strip unwanted sections from elf binaries"
+    default y
+    help
+        Strip unwanted sections from the resulting binaries
+
 menu "Microsoft Compiler Options"
 depends on CONFIG_PLATFORM_WIN32
 
diff --git a/config/makefile.conf b/config/makefile.conf
index e19b565631..4255dbe46a 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -89,7 +89,7 @@ LDSHARED = -shared
 
 # Linux
 ifndef CONFIG_PLATFORM_CYGWIN
-CFLAGS += -fPIC 
+# CFLAGS += -fPIC 
 
 # Cygwin
 else
diff --git a/httpd/Makefile b/httpd/Makefile
index 57dabb6b17..bbc72274bf 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -84,11 +84,9 @@ ifndef CONFIG_PLATFORM_WIN32
 
 $(TARGET): $(OBJ) $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
-ifndef CONFIG_DEBUG
-ifndef CONFIG_PLATFORM_SOLARIS
+ifdef CONFIG_STRIP_UNWANTED_SECTIONS
 	strip --remove-section=.comment $(TARGET)
 endif
-endif
 
 $(TARGET2): htpasswd.o $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
diff --git a/httpd/proc.c b/httpd/proc.c
index 8a760039ee..32127e8623 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1026,8 +1026,13 @@ static void send_error(struct connstruct *cn, int err)
 
 static const char *getmimetype(const char *name)
 {
-    /* only bother with two types - let the browser/OS figure the rest out */
-    return strstr(name, ".htm") ? "text/html" : "application/octet-stream";
+    /* only bother with a few mime types - let the browser figure the rest out */
+    if (strstr(name, ".htm"))
+        return "text/html";
+    else if (strstr(name, ".css"))
+        return "text/css"; 
+    else
+        return "application/octet-stream";
 }
 
 static int special_write(struct connstruct *cn, 
diff --git a/samples/c/Makefile b/samples/c/Makefile
index 3fecbe66fa..c1cdb4c6e8 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -48,11 +48,9 @@ ifndef CONFIG_PLATFORM_WIN32
 
 $(TARGET): $(OBJ) $(LIBS)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls 
-ifndef CONFIG_DEBUG
-ifndef CONFIG_PLATFORM_SOLARIS
+ifdef CONFIG_STRIP_UNWANTED_SECTIONS
 	strip --remove-section=.comment $(TARGET)
-endif   # SOLARIS
-endif   # CONFIG_DEBUG
+endif   # use strip
 else    # Win32
 
 $(TARGET): $(OBJ)
diff --git a/ssl/Makefile b/ssl/Makefile
index 2ad87021d7..d0bfc11497 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -42,7 +42,7 @@ endif
 
 # shared library major/minor numbers
 LIBMAJOR=$(BASETARGET).1
-LIBMINOR=$(BASETARGET).1.1
+LIBMINOR=$(BASETARGET).1.2
 else
 TARGET1=$(AXTLS_HOME)/axtls.lib
 TARGET2=$(AXTLS_HOME)/$(STAGE)/axtls.dll
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 737e3d699e..469be5141c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1735,7 +1735,7 @@ static void do_header_issue(void)
 static int header_issue(void)
 {
     FILE *f = fopen("../ssl/test/header_issue.dat", "r");
-    int server_fd, client_fd, ret = 1;
+    int server_fd = -1, client_fd = -1, ret = 1;
     uint8_t buf[2048];
     int size = 0;
     struct sockaddr_in client_addr;

From 7c7e89b540304bfc0b62d6e8e760d0b426ba15c4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 16 Sep 2007 11:28:22 +0000
Subject: [PATCH 103/301] added md2

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@125 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/Makefile    |   1 +
 crypto/crypto.h    |  28 +++++++--
 crypto/md2.c       | 142 +++++++++++++++++++++++++++++++++++++++++++++
 ssl/Makefile       |   1 +
 ssl/test/ssltest.c |   4 +-
 ssl/x509.c         |   9 +++
 6 files changed, 176 insertions(+), 9 deletions(-)
 create mode 100644 crypto/md2.c

diff --git a/crypto/Makefile b/crypto/Makefile
index 2f69f1e491..b449a3f86a 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -24,6 +24,7 @@ AXTLS_HOME=..
 OBJ=\
 	aes.o \
 	hmac.o \
+	md2.o \
 	md5.o \
 	rc4.o \
 	sha1.o
diff --git a/crypto/crypto.h b/crypto/crypto.h
index ad49646c09..e45c717b57 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -82,11 +82,11 @@ void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
  */
 typedef struct 
 {
-    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
-    uint32_t Length_Low;            /* Message length in bits      */
-    uint32_t Length_High;           /* Message length in bits      */
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
+    uint32_t Length_Low;            /* Message length in bits */
+    uint32_t Length_High;           /* Message length in bits */
     uint16_t Message_Block_Index;   /* Index into message block array   */
-    uint8_t Message_Block[64];      /* 512-bit message blocks      */
+    uint8_t Message_Block[64];      /* 512-bit message blocks */
 } SHA1_CTX;
 
 void SHA1_Init(SHA1_CTX *);
@@ -94,10 +94,26 @@ void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
 void SHA1_Final(uint8_t *digest, SHA1_CTX *);
 
 /**************************************************************************
- * MD5 declarations 
+ * MD2 declarations 
  **************************************************************************/
 
-/* MD5 context. */
+#define MD2_SIZE 16
+
+typedef struct
+{
+    unsigned char cksum[16];    /* checksum of the data block */
+    unsigned char state[48];    /* intermediate digest state */
+    unsigned char buffer[16];   /* data block being processed */
+    int left;                   /* amount of data in buffer */
+} MD2_CTX;
+
+EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
+EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
+EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
 
 #define MD5_SIZE    16
 
diff --git a/crypto/md2.c b/crypto/md2.c
new file mode 100644
index 0000000000..7ee3b91fc6
--- /dev/null
+++ b/crypto/md2.c
@@ -0,0 +1,142 @@
+/*
+ *  RFC 1115/1319 compliant MD2 implementation
+ *
+ *  Copyright (C) 2006-2007  Christophe Devine
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License, version 2.1 as published by the Free Software Foundation.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ *  MA  02110-1301  USA
+ */
+/*
+ *  The MD2 algorithm was designed by Ron Rivest in 1989.
+ *
+ *  http://www.ietf.org/rfc/rfc1115.txt
+ *  http://www.ietf.org/rfc/rfc1319.txt
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "crypto.h"
+
+static const unsigned char PI_SUBST[256] =
+{
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
+    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
+    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
+    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
+    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
+    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
+    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
+    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
+    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
+    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
+    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
+    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
+    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
+    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
+    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
+    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
+    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
+    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
+    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
+    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
+};
+
+/*
+ * MD2 context setup
+ */
+EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+}
+
+static void md2_process(MD2_CTX *ctx)
+{
+    int i, j;
+    unsigned char t = 0;
+
+    for (i = 0; i < 16; i++)
+    {
+        ctx->state[i + 16] = ctx->buffer[i];
+        ctx->state[i + 32] = ctx->buffer[i] ^ ctx->state[i];
+    }
+
+    for (i = 0; i < 18; i++)
+    {
+        for (j = 0; j < 48; j++)
+            t = (ctx->state[j] ^= PI_SUBST[t]);
+
+        t = (t + i) & 0xFF;
+    }
+
+    t = ctx->cksum[15];
+
+    for (i = 0; i < 16; i++)
+        t = (ctx->cksum[i] ^= PI_SUBST[ctx->buffer[i] ^ t]);
+}
+
+/*
+ * MD2 process buffer
+ */
+EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen)
+{
+    int fill;
+
+    while (ilen > 0)
+    {
+        if (ctx->left + ilen > 16)
+            fill = 16 - ctx->left;
+        else
+            fill = ilen;
+
+        memcpy(ctx->buffer + ctx->left, input, fill);
+
+        ctx->left += fill;
+        input += fill;
+        ilen  -= fill;
+
+        if (ctx->left == 16)
+        {
+            ctx->left = 0;
+            md2_process(ctx);
+        }
+    }
+}
+
+/*
+ * MD2 final digest
+ */
+EXP_FUNC void STDCALL MD2_Final(uint8_t *output, MD2_CTX *ctx)
+{
+    int i;
+    uint8_t x;
+
+    x = (uint8_t)(16 - ctx->left);
+
+    for (i = ctx->left; i < 16; i++)
+        ctx->buffer[i] = x;
+
+    md2_process(ctx);
+
+    memcpy(ctx->buffer, ctx->cksum, 16);
+    md2_process(ctx);
+
+    memcpy(output, ctx->state, 16);
+}
diff --git a/ssl/Makefile b/ssl/Makefile
index d0bfc11497..2dcbeceec9 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -55,6 +55,7 @@ libs: $(TARGET1) $(TARGET2)
 CRYPTO_OBJ=\
 	$(CRYPTO_PATH)aes.o \
 	$(CRYPTO_PATH)hmac.o \
+	$(CRYPTO_PATH)md2.o \
 	$(CRYPTO_PATH)md5.o \
 	$(CRYPTO_PATH)rc4.o \
 	$(CRYPTO_PATH)sha1.o
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 469be5141c..b91c5fe89e 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -604,11 +604,9 @@ static int cert_tests(void)
     ssl_ctx_free(ssl_ctx);
     free(buf);
 
-    /* Verisign use MD2 which is not supported */
     ssl_ctx = ssl_ctx_new(0, 0);
     len = get_file("../ssl/test/verisign.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) != 
-                                    X509_VFY_ERROR_UNSUPPORTED_DIGEST)
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) <0)
     {
         printf("Cert #7\n");
         ssl_display_error(res);
diff --git a/ssl/x509.c b/ssl/x509.c
index 32e19fdbb0..85110951b5 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -126,6 +126,15 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         SHA1_Final(sha_dgst, &sha_ctx);
         x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
     }
+    else if (x509_ctx->sig_type == SIG_TYPE_MD2)
+    {
+        MD2_CTX md2_ctx;
+        uint8_t md2_dgst[MD2_SIZE];
+        MD2_Init(&md2_ctx);
+        MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD2_Final(md2_dgst, &md2_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
+    }
 
     offset = end_tbs;   /* skip the v3 data */
     if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 

From 1d263c9ab461aebbb42fda62a0bebb6caf91b89c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 17 Sep 2007 03:29:50 +0000
Subject: [PATCH 104/301] fixed POST issues in axhttpd

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@126 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile        |   3 +-
 httpd/axhttp.h  |   7 +-
 httpd/axhttpd.c |  19 +++++
 httpd/proc.c    | 181 +++++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 199 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index e979eb1c75..4771e6f1c7 100644
--- a/Makefile
+++ b/Makefile
@@ -60,7 +60,8 @@ release:
 	$(MAKE) -C config/scripts/config clean
 	-$(MAKE) clean
 	-@rm config/*.msi config/*.back.aip config/config.h config/.config*
-	@rm -fr $(STAGE)
+	-@rm www/index.20*
+	-@rm -fr $(STAGE)
 	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
 	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 8b05d3e03c..affe5e051e 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -24,7 +24,7 @@
 #ifdef CONFIG_HTTP_HAS_IPV6
 #define HAVE_IPV6
 #endif
-
+#define MAXPOSTDATASIZE                     30000
 #define MAXREQUESTLENGTH                    256
 #define BLOCKSIZE                           4096
 
@@ -88,6 +88,9 @@ struct connstruct
 #if defined(CONFIG_HTTP_HAS_AUTHORIZATION)
     char authorization[MAXREQUESTLENGTH];
 #endif
+  int post_read;
+  int post_state;
+  char *post_data;
 };
 
 struct serverstruct 
@@ -125,7 +128,7 @@ void procreadhead(struct connstruct *cn);
 void procsendhead(struct connstruct *cn);
 void procreadfile(struct connstruct *cn);
 void procsendfile(struct connstruct *cn);
-
+void read_post_data(struct connstruct *cn);
 
 /* misc.c prototypes */
 char *my_strncpy(char *dest, const char *src, size_t n);
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index c67c08eca6..c594e8f859 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -24,6 +24,20 @@
 #include <sys/stat.h>
 #include "axhttp.h"
 
+#if AXDEBUG
+#define AXDEBUGSTART \
+	{ \
+		FILE *dout; \
+		dout = fopen("/var/log/axdebug", "a"); \
+	
+#define AXDEBUGEND \
+		fclose(dout); \
+	}
+#else /* AXDEBUG */
+#define AXDEBUGSTART
+#define AXDEBUGEND
+#endif /* AXDEBUG */
+
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
@@ -161,6 +175,7 @@ int main(int argc, char *argv[])
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
+    printf("addcgiext %s\n",CONFIG_HTTP_CGI_EXTENSIONS); 
 #endif
 #if defined(CONFIG_HTTP_VERBOSE)
     printf("%s: listening on ports %d (http) and %d (https)\n", 
@@ -176,6 +191,7 @@ int main(int argc, char *argv[])
     setuid(32767);
 #endif
 #ifdef CONFIG_HTTP_IS_DAEMON
+    fprintf(stderr, "ERR: fork is not working on uclinux\n");
     if (fork() > 0)  /* parent will die */
         exit(0);
 
@@ -283,6 +299,9 @@ int main(int argc, char *argv[])
                         FD_ISSET(to->networkdesc, &rfds)) 
             {
                 active--;
+		if (to->post_state)
+		  read_post_data(to);
+		else
                 procreadhead(to);
             } 
 
diff --git a/httpd/proc.c b/httpd/proc.c
index 32127e8623..2333bc6571 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -54,6 +54,20 @@ static void decode_path_info(struct connstruct *cn, char *path_info);
 static int auth_check(struct connstruct *cn);
 #endif
 
+#if AXDEBUG
+#define AXDEBUGSTART \
+	{ \
+		FILE *axdout; \
+		axdout = fopen("/var/log/axdebug", "a"); \
+	
+#define AXDEBUGEND \
+		fclose(axdout); \
+	}
+#else /* AXDEBUG */
+#define AXDEBUGSTART
+#define AXDEBUGEND
+#endif /* AXDEBUG */
+
 /* Returns 1 if elems should continue being read, 0 otherwise */
 static int procheadelem(struct connstruct *cn, char *buf) 
 {
@@ -267,11 +281,113 @@ static void urlencode(const uint8_t *s, char *t)
 
 #endif
 
+int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv)
+{
+   char *next;
+   int rv;
+   char *post_data;
+
+   rv=old_rv;
+   next=data;
+
+    /* Too much Post data to send. MAXPOSTDATASIZE should be 
+       configured (now it can be chaged in the header file) */
+   if (cn->content_length > MAXPOSTDATASIZE) 
+     {
+       send_error(cn, 418);
+       return 0;
+     }
+   
+   /* remove CRLF */
+   while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) 
+       next++;
+   
+   if (cn->post_data == NULL)
+   {
+       cn->post_data = (char *) calloc(1, (cn->content_length + 1)); 
+       /* Allocate buffer for the POST data that will be used by proccgi 
+          to send POST data to the CGI script */
+
+       if (cn->post_data == NULL)
+       {
+           printf("axhttpd: could not allocate memory for POST data\n"); 
+           TTY_FLUSH();
+           send_error(cn, 599);
+           return 0;
+       }
+   }
+
+   cn->post_state = 0;
+   cn->post_read = 0;
+   post_data = cn->post_data;
+
+   while (next < &buf[rv])
+   { 
+       /*copy POST data to buffer*/
+       *post_data = *next;
+       post_data++;
+       next++;
+       cn->post_read++;
+       if (cn->post_read == cn->content_length)
+       { 
+           /* No more POST data to be copied */
+           *post_data = '\0';
+           return 1;
+       }
+   }
+
+   /* More POST data has to be read. read_post_data will continue with that */
+   cn->post_state = 1;
+   return 0;
+}
+
+void read_post_data(struct connstruct *cn)
+{
+    char buf[MAXREQUESTLENGTH*4], *next;
+    char *post_data;
+    int rv;
+
+    bzero(buf,MAXREQUESTLENGTH*4);
+    rv = special_read(cn, buf, sizeof(buf)-1);
+    if (rv <= 0) 
+    {
+        if (rv < 0) /* really dead? */
+            removeconnection(cn);
+        return;
+    }
+
+    buf[rv] = '\0';
+    next = buf;
+
+    post_data = &cn->post_data[cn->post_read];
+
+    while (next < &buf[rv])
+    {
+        *post_data = *next;
+        post_data++;
+        next++;
+        cn->post_read++;
+        if (cn->post_read == cn->content_length)
+        {  
+            /* No more POST data to be copied */
+            *post_data='\0';
+            cn->post_state = 0;
+            buildactualfile(cn);
+            cn->state = STATE_WANT_TO_SEND_HEAD;
+            return;
+        }
+    }
+
+    /* More POST data to read */
+}
+
+
 void procreadhead(struct connstruct *cn) 
 {
     char buf[MAXREQUESTLENGTH*4], *tp, *next;
     int rv;
 
+    bzero(buf,MAXREQUESTLENGTH*4);
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
@@ -293,6 +409,12 @@ void procreadhead(struct connstruct *cn)
         /* If we have a blank line, advance to next stage */
         if (*next == '\r' || *next == '\n') 
         {
+	    if ((cn->reqtype == TYPE_POST)&&(cn->content_length > 0))
+	      {
+		if (init_read_post_data(buf,next,cn,rv) == 0)
+		  return;
+	      }
+		
             buildactualfile(cn);
             cn->state = STATE_WANT_TO_SEND_HEAD;
             return;
@@ -349,6 +471,7 @@ void procsendhead(struct connstruct *cn)
     file_exists = stat(cn->actualfile, &stbuf);
 
 #if defined(CONFIG_HTTP_HAS_CGI)
+
     if (file_exists != -1 && cn->is_cgi)
     {
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
@@ -503,12 +626,13 @@ void procsendfile(struct connstruct *cn)
 
 static void proccgi(struct connstruct *cn) 
 {
-    int tpipe[2];
+    int tpipe[2], spipe[2];
     char *myargs[2];
     char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
     char * cgiptr[CGI_ARG_SIZE+4];
     const char *type = "HEAD";
     int cgi_index = 0, i;
+    pid_t pid;
 #ifdef WIN32
     int tmp_stdout;
 #endif
@@ -531,10 +655,41 @@ static void proccgi(struct connstruct *cn)
 
     /* win32 cgi is a bit too painful */
 #ifndef WIN32
-    pipe(tpipe);
+	/* set up pipe that is used for sending POST query data to CGI script*/
+    if (cn->reqtype == TYPE_POST) 
+    {
+        if (pipe(spipe) == -1)
+        {
+            printf("[CGI]: could not create pipe");
+            TTY_FLUSH();
+            return;
+        }
+    }
 
-    if (fork() > 0)  /* parent */
+	if (pipe(tpipe) == -1)
+    {
+        printf("[CGI]: could not create pipe");
+        TTY_FLUSH();
+        return;
+    }
+#ifdef EMBED
+    if ((pid = vfork()) > 0)  /* parent */
+#else
+    if ((pid = fork()) > 0)  /* parent */
+#endif
     {
+        /* Send POST query data to CGI script */
+        if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) 
+        {
+            write(spipe[1], cn->post_data, cn->content_length);
+            close(spipe[0]);	 
+            close(spipe[1]);
+
+            /* free the memory that is allocated in read_post_data() */
+            free(cn->post_data); 
+            cn->post_data = NULL;
+        }
+
         /* Close the write descriptor */
         close(tpipe[1]);
         cn->filedesc = tpipe[0];
@@ -543,6 +698,9 @@ static void proccgi(struct connstruct *cn)
         return;
     }
 
+    if (pid < 0) /* fork failed */
+        exit(1);
+
     /* The problem child... */
 
     /* Our stdout/stderr goes to the socket */
@@ -551,13 +709,10 @@ static void proccgi(struct connstruct *cn)
 
     /* If it was a POST request, send the socket data to our stdin */
     if (cn->reqtype == TYPE_POST) 
-        dup2(cn->networkdesc, 0);
+        dup2(spipe[0], 0);  
     else    /* Otherwise we can shutdown the read side of the sock */
         shutdown(cn->networkdesc, 0);
 
-    close(tpipe[0]);
-    close(tpipe[1]);
-
     myargs[0] = cn->actualfile;
     myargs[1] = NULL;
 
@@ -617,7 +772,7 @@ static void proccgi(struct connstruct *cn)
     if (cgi_index >= CGI_ARG_SIZE)
     {
         printf("Content-type: text/plain\n\nToo many CGI args\n");
-        return;
+        exit(1);
     }
 
     /* copy across the pointer indexes */
@@ -631,6 +786,7 @@ static void proccgi(struct connstruct *cn)
 
     execve(myargs[0], myargs, cgiptr);
     printf("Content-type: text/plain\n\nshouldn't get here\n");
+    exit(1);
 #endif
 }
 
@@ -815,10 +971,14 @@ static void buildactualfile(struct connstruct *cn)
     if (cn->is_lua)
 #ifdef CONFIG_PLATFORM_CYGWIN
         sprintf(cn->actualfile, "%s/bin/cgi.exe", CONFIG_HTTP_LUA_PREFIX);
+#else
+#ifdef EMBED
+        sprintf(cn->actualfile, "%s", CONFIG_HTTP_LUA_PREFIX);
 #else
         sprintf(cn->actualfile, "%s/bin/cgi", CONFIG_HTTP_LUA_PREFIX);
 #endif
 #endif
+#endif
 }
 
 static int sanitizefile(const char *buf) 
@@ -1007,6 +1167,11 @@ static void send_error(struct connstruct *cn, int err)
             text = title;
             break;
 
+        case 418:
+            title = "POST data size is to large";
+            text = title;
+            break;
+
         default:
             title = "Unknown";
             text = "Unknown";

From 69003c01acc871a007b7dbc1bae36cca944b5d7e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 17 Sep 2007 05:46:43 +0000
Subject: [PATCH 105/301] added vfork()

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@127 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in |  9 +++++++++
 httpd/axhttp.h  |  1 +
 httpd/axhttpd.c |  6 ++++--
 httpd/proc.c    | 25 +++++++++----------------
 www/index.html  |  2 +-
 5 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index d7f8aba59f..512aa33e73 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -89,6 +89,15 @@ config CONFIG_HTTP_LUA_PREFIX
         The location of Lua's installation prefix. This is also necessary for
         Lua's cgi launcher application.
 
+config CONFIG_HTTP_LUA_CGI_LAUNCHER
+    string "CGI launcher location"
+    default "/bin/cgi.exe" if CONFIG_PLATFORM_CYGWIN
+    default "/bin/cgi" if !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_HTTP_ENABLE_LUA
+    help
+        The location of LUA's CGI launcher application (after
+        the CONFIG_HTTP_LUA_PREFIX)
+
 config CONFIG_HTTP_BUILD_LUA
     bool "Build Lua"
     default n
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index affe5e051e..439fd91273 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -24,6 +24,7 @@
 #ifdef CONFIG_HTTP_HAS_IPV6
 #define HAVE_IPV6
 #endif
+
 #define MAXPOSTDATASIZE                     30000
 #define MAXREQUESTLENGTH                    256
 #define BLOCKSIZE                           4096
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index c594e8f859..2f5fd19bfe 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -175,9 +175,12 @@ int main(int argc, char *argv[])
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
-    printf("addcgiext %s\n",CONFIG_HTTP_CGI_EXTENSIONS); 
 #endif
+
 #if defined(CONFIG_HTTP_VERBOSE)
+#if defined(CONFIG_HTTP_HAS_CGI)
+    printf("addcgiext %s\n", CONFIG_HTTP_CGI_EXTENSIONS); 
+#endif
     printf("%s: listening on ports %d (http) and %d (https)\n", 
             server_version, CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
     TTY_FLUSH();
@@ -191,7 +194,6 @@ int main(int argc, char *argv[])
     setuid(32767);
 #endif
 #ifdef CONFIG_HTTP_IS_DAEMON
-    fprintf(stderr, "ERR: fork is not working on uclinux\n");
     if (fork() > 0)  /* parent will die */
         exit(0);
 
diff --git a/httpd/proc.c b/httpd/proc.c
index 2333bc6571..e995fbbd1d 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -672,11 +672,11 @@ static void proccgi(struct connstruct *cn)
         TTY_FLUSH();
         return;
     }
-#ifdef EMBED
+
+    /*
+     * use vfork() instead of fork() for performance 
+     */
     if ((pid = vfork()) > 0)  /* parent */
-#else
-    if ((pid = fork()) > 0)  /* parent */
-#endif
     {
         /* Send POST query data to CGI script */
         if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) 
@@ -698,7 +698,7 @@ static void proccgi(struct connstruct *cn)
         return;
     }
 
-    if (pid < 0) /* fork failed */
+    if (pid < 0) /* vfork failed */
         exit(1);
 
     /* The problem child... */
@@ -772,7 +772,7 @@ static void proccgi(struct connstruct *cn)
     if (cgi_index >= CGI_ARG_SIZE)
     {
         printf("Content-type: text/plain\n\nToo many CGI args\n");
-        exit(1);
+        _exit(1);
     }
 
     /* copy across the pointer indexes */
@@ -786,7 +786,7 @@ static void proccgi(struct connstruct *cn)
 
     execve(myargs[0], myargs, cgiptr);
     printf("Content-type: text/plain\n\nshouldn't get here\n");
-    exit(1);
+    _exit(1);
 #endif
 }
 
@@ -969,15 +969,8 @@ static void buildactualfile(struct connstruct *cn)
      * end as we need the directory name.
      */
     if (cn->is_lua)
-#ifdef CONFIG_PLATFORM_CYGWIN
-        sprintf(cn->actualfile, "%s/bin/cgi.exe", CONFIG_HTTP_LUA_PREFIX);
-#else
-#ifdef EMBED
-        sprintf(cn->actualfile, "%s", CONFIG_HTTP_LUA_PREFIX);
-#else
-        sprintf(cn->actualfile, "%s/bin/cgi", CONFIG_HTTP_LUA_PREFIX);
-#endif
-#endif
+        sprintf(cn->actualfile, "%s%s", CONFIG_HTTP_LUA_PREFIX, 
+                CONFIG_HTTP_LUA_CGI_LAUNCHER);
 #endif
 }
 
diff --git a/www/index.html b/www/index.html
index 9bb2ea50e1..afe43485a3 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200709060714" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200709170536" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported.\n* ~MD2 added for Verisign root cert verification.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From ab7cbe83105feb92b57b59270269a8d93a822ba8 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 17 Sep 2007 21:48:39 +0000
Subject: [PATCH 106/301] added lua test cases

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@128 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h                         |   9 ++
 crypto/md2.c                            |  12 ++-
 httpd/proc.c                            |   5 +-
 ssl/bigint.h                            |  11 +-
 ssl/crypto_misc.h                       |   1 +
 ssl/x509.c                              |   1 -
 www/index.html                          |   2 +-
 www/lua/download.lua                    |  75 ++++++++++++++
 www/lua/env.lua                         |  26 +++++
 www/lua/overview.lp                     |  64 ++++++++++++
 www/lua/prepara_sql2.lua                |  31 ++++++
 www/lua/tcgi1.lua                       |   9 ++
 www/lua/test_conc.lua                   |  38 +++++++
 www/lua/test_cookies.lp                 |  13 +++
 www/lua/test_cookies.lua                |  14 +++
 www/lua/test_err.lua                    |   4 +
 www/lua/test_fs.lua                     |  23 +++++
 www/lua/test_htk.lua                    |  22 ++++
 www/lua/test_lib.lua                    |  31 ++++++
 www/lua/test_main.html                  | 127 ++++++++++++++++++++++++
 www/lua/test_main.lp                    |  31 ++++++
 www/lua/test_main.lua                   |  46 +++++++++
 www/lua/test_session.lua                |  43 ++++++++
 www/lua/test_sql.lua                    |  13 +++
 www/lua/test_sql2.lua                   |  24 +++++
 www/{test_dir => lua}/test_variables.lp |   0
 www/test_dir/health.sh                  |  12 ---
 www/test_dir/test_cgi.php               |   6 --
 28 files changed, 659 insertions(+), 34 deletions(-)
 create mode 100644 www/lua/download.lua
 create mode 100644 www/lua/env.lua
 create mode 100644 www/lua/overview.lp
 create mode 100644 www/lua/prepara_sql2.lua
 create mode 100644 www/lua/tcgi1.lua
 create mode 100644 www/lua/test_conc.lua
 create mode 100644 www/lua/test_cookies.lp
 create mode 100644 www/lua/test_cookies.lua
 create mode 100644 www/lua/test_err.lua
 create mode 100644 www/lua/test_fs.lua
 create mode 100644 www/lua/test_htk.lua
 create mode 100644 www/lua/test_lib.lua
 create mode 100644 www/lua/test_main.html
 create mode 100644 www/lua/test_main.lp
 create mode 100644 www/lua/test_main.lua
 create mode 100644 www/lua/test_session.lua
 create mode 100644 www/lua/test_sql.lua
 create mode 100644 www/lua/test_sql2.lua
 rename www/{test_dir => lua}/test_variables.lp (100%)
 delete mode 100755 www/test_dir/health.sh
 delete mode 100755 www/test_dir/test_cgi.php

diff --git a/crypto/crypto.h b/crypto/crypto.h
index e45c717b57..0becbd5cc8 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -28,6 +28,15 @@ extern "C" {
 #endif
 
 #include "os_port.h"
+#include "config.h"
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
 
 /**************************************************************************
  * AES declarations 
diff --git a/crypto/md2.c b/crypto/md2.c
index 7ee3b91fc6..93e1bf6451 100644
--- a/crypto/md2.c
+++ b/crypto/md2.c
@@ -29,7 +29,13 @@
 
 #include "crypto.h"
 
-static const unsigned char PI_SUBST[256] =
+/**
+ * This code is only here to enable the verification of Verisign root
+ * certificates. So only enable it for verification mode.
+ */
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+
+static const uint8_t PI_SUBST[256] =
 {
     0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
     0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
@@ -70,7 +76,7 @@ EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx)
 static void md2_process(MD2_CTX *ctx)
 {
     int i, j;
-    unsigned char t = 0;
+    uint8_t t = 0;
 
     for (i = 0; i < 16; i++)
     {
@@ -140,3 +146,5 @@ EXP_FUNC void STDCALL MD2_Final(uint8_t *output, MD2_CTX *ctx)
 
     memcpy(output, ctx->state, 16);
 }
+
+#endif
diff --git a/httpd/proc.c b/httpd/proc.c
index e995fbbd1d..bb50b5a246 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -622,7 +622,7 @@ void procsendfile(struct connstruct *cn)
 
 #if defined(CONFIG_HTTP_HAS_CGI)
 /* Should this be a bit more dynamic? It would mean more calls to malloc etc */
-#define CGI_ARG_SIZE        16
+#define CGI_ARG_SIZE        17
 
 static void proccgi(struct connstruct *cn) 
 {
@@ -771,7 +771,8 @@ static void proccgi(struct connstruct *cn)
 
     if (cgi_index >= CGI_ARG_SIZE)
     {
-        printf("Content-type: text/plain\n\nToo many CGI args\n");
+        printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
+                cgi_index, CGI_ARG_SIZE);
         _exit(1);
     }
 
diff --git a/ssl/bigint.h b/ssl/bigint.h
index 5804a1c27a..ff54bac672 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -19,17 +19,8 @@
 #ifndef BIGINT_HEADER
 #define BIGINT_HEADER
 
-#include "config.h"
-
-/* enable features based on a 'super-set' capbaility. */
-#if defined(CONFIG_SSL_FULL_MODE) 
-#define CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_CERT_VERIFICATION
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-#define CONFIG_SSL_CERT_VERIFICATION
-#endif
-
 #include "os_port.h"
+#include "crypto.h"
 #include "bigint_impl.h"
 
 #ifndef CONFIG_BIGINT_CHECK_ON
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 9811810f90..36b4d10f93 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -27,6 +27,7 @@
 extern "C" {
 #endif
 
+#include "crypto.h"
 #include "bigint.h"
 
 /**************************************************************************
diff --git a/ssl/x509.c b/ssl/x509.c
index 85110951b5..6bb9afde01 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -27,7 +27,6 @@
 #include <string.h>
 #include <time.h>
 #include "os_port.h"
-#include "crypto.h"
 #include "crypto_misc.h"
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
diff --git a/www/index.html b/www/index.html
index afe43485a3..5730303d32 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200709170536" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported.\n* ~MD2 added for Verisign root cert verification.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200709162253" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
diff --git a/www/lua/download.lua b/www/lua/download.lua
new file mode 100644
index 0000000000..2ee1a71e93
--- /dev/null
+++ b/www/lua/download.lua
@@ -0,0 +1,75 @@
+#!/usr/local/bin/lua
+
+require"luasocket"
+
+function receive (connection)
+	connection:settimeout(0)
+	local s, status = connection:receive (2^10)
+	if status == "timeout" then
+		coroutine.yield (connection)
+	end
+	return s, status
+end
+
+function download (host, file, outfile)
+	--local f = assert (io.open (outfile, "w"))
+	local c = assert (socket.connect (host, 80))
+	c:send ("GET "..file.." HTTP/1.0\r\n\r\n")
+	while true do
+		local s, status = receive (c)
+		--f:write (s)
+		if status == "closed" then
+			break
+		end
+	end
+	c:close()
+	--f:close()
+end
+
+local threads = {}
+function get (host, file, outfile)
+	print (string.format ("Downloading %s from %s to %s", file, host, outfile))
+	local co = coroutine.create (function ()
+		return download (host, file, outfile)
+	end)
+	table.insert (threads, co)
+end
+
+function dispatcher ()
+	while true do
+		local n = table.getn (threads)
+		if n == 0 then
+			break
+		end
+		local connections = {}
+		for i = 1, n do
+			local status, res = coroutine.resume (threads[i])
+			if not res then
+				table.remove (threads, i)
+				break
+			else
+				table.insert (connections, res)
+			end
+		end
+		if table.getn (connections) == n then
+			socket.select (connections)
+		end
+	end
+end
+
+local url = arg[1]
+if not url then
+	print (string.format ("usage: %s url [times]", arg[0]))
+	os.exit()
+end
+local times = arg[2] or 5
+
+url = string.gsub (url, "^http.?://", "")
+local _, _, host, file = string.find (url, "^([^/]+)(/.*)")
+local _, _, fn = string.find (file, "([^/]+)$")
+
+for i = 1, times do
+	get (host, file, fn..i)
+end
+
+dispatcher ()
diff --git a/www/lua/env.lua b/www/lua/env.lua
new file mode 100644
index 0000000000..c4298477b6
--- /dev/null
+++ b/www/lua/env.lua
@@ -0,0 +1,26 @@
+-- This file should be executed before any script in this directory
+-- according to the configuration (cgilua/conf.lua).
+
+pcall (cgilua.enablesession)
+
+local put, mkurlpath = cgilua.put, cgilua.mkurlpath
+
+cgilua.addclosefunction (function ()
+	put [[
+<p>
+<small>
+<a href="test_main.html">Main</a>]]
+	for _, test in {
+			{ "Get", "test_main.lua", {ab = "cd", ef = "gh"} },
+			{ "Cookies", "test_cookies.lua", },
+			{ "FileSystem", "test_fs.lua", },
+			{ "Libraries", "test_lib.lua", },
+			{ "Session", "test_session.lua", },
+			{ "Variables", "test_variables.lp", },
+		} do
+		put (string.format (' &middot; <a href="%s">%s</a>',
+			mkurlpath (test[2], test[3]), test[1]))
+	end
+	put [[
+</small>]]
+end)
diff --git a/www/lua/overview.lp b/www/lua/overview.lp
new file mode 100644
index 0000000000..4d17002a01
--- /dev/null
+++ b/www/lua/overview.lp
@@ -0,0 +1,64 @@
+<?lua
+-- Tries to load known libraries
+for _, t in ipairs { "lxp", "luasql.postgres", "luasql.mysql", "luasql.oci8", "luasql.sqlite", "luasql.odbc", "socket", "xmlrpc", "soap", "lualdap", "logging", "md5", "zip", "stable", "copas", } do
+	pcall (require, t)
+end
+
+libraries = { "lxp", "luasql", "socket", "xmlrpc", "soap", "lualdap", "logging", "md5", "zip", "stable", "copas", }
+
+local colors = { "#999999", "#CCCCCC", "#FFFFFF", }
+local i = 0
+function color () i = math.mod (i + 1, 3) return colors[i + 1] end
+
+function pack_name (p) return string.gsub (p, "^([^.]+).-", "%1") end
+
+function idx (t, f) return _G[t][f] or _G[t]["_"..f] or "" end
+?>
+<html>
+<head><title>CGILua installation overview</title></head>
+
+<body bgcolor="#FFFFFF">
+<h1>CGILua installation overview</h1>
+
+<table>
+  <tr>
+    <th bgcolor="#999999">Version
+    <th bgcolor="#999999">Copyright
+    <th bgcolor="#999999">Description
+  </tr>
+<?lua
+local support = {
+	{ "Lua", "_VERSION" },
+	{ "compat-5.1", "_COMPAT51" },
+}
+for _, l in ipairs (support) do bg = color()
+?>
+  <tr>
+    <td bgcolor = "<%= bg %>"><%= tostring(_G[l[2]]) %>
+    <td bgcolor = "<%= bg %>">
+    <td bgcolor = "<%= bg %>">
+  </tr>
+<? end ?>
+  <tr><td colspan="4"></tr>
+<?lua
+local pack = {}
+for i, p in ipairs (libraries) do
+	local s = _G[p]
+	local n = pack_name(p)
+	if type(_G[n]) == "table" and _G[n]._VERSION then
+		pack[n] = true
+		table.insert (pack, n)
+	end
+end
+table.sort (pack)
+for _, p in ipairs (pack) do bg = color() ?>
+  <tr>
+    <td bgcolor = "<%= bg %>"><%= idx(p,"VERSION") %>
+    <td bgcolor = "<%= bg %>"><small><%= idx(p,"COPYRIGHT") %></small>
+    <td bgcolor = "<%= bg %>"><small><%= idx(p,"DESCRIPTION") %></small>
+  </tr>
+<?lua end ?>
+</table>
+
+</body>
+</html>
diff --git a/www/lua/prepara_sql2.lua b/www/lua/prepara_sql2.lua
new file mode 100644
index 0000000000..6a37c2fef7
--- /dev/null
+++ b/www/lua/prepara_sql2.lua
@@ -0,0 +1,31 @@
+#!/usr/local/bin/lua
+
+MAX_ROWS = arg[1] or 10
+
+require"postgres"
+
+local env = assert (luasql.postgres ())
+local conn = assert (env:connect ("luasql-test", "tomas"))
+
+-- Apaga restos de outros testes.
+conn:execute "drop table t2"
+conn:execute "drop table t1"
+
+-- Criando as tabelas.
+assert (conn:execute [[create table t1 (
+	a int,
+	b int
+)]])
+assert (conn:execute [[create table t2 (
+	c int,
+	d int
+)]])
+
+-- Preenchedo as tabelas.
+for i = 1, MAX_ROWS do
+	local ii = 2*i
+	assert (conn:execute (string.format ([[
+insert into t1 values (%d, %d);
+insert into t2 values (%d, %d);]],
+		ii, i, ii, i)))
+end
diff --git a/www/lua/tcgi1.lua b/www/lua/tcgi1.lua
new file mode 100644
index 0000000000..b152cd9dbe
--- /dev/null
+++ b/www/lua/tcgi1.lua
@@ -0,0 +1,9 @@
+io.stdout:write"Content-type: text/html\n\n"
+
+for i,v in pairs{"QUERY_STRING", } do
+	io.stdout:write (string.format ("%s = %s", v, os.getenv(v) or '&nbsp;'))
+end
+io.stdout:write "<br>\n"
+
+local post_data = io.stdin:read"*a"
+io.stdout:write (string.format ("post_data = {%s}", post_data))
diff --git a/www/lua/test_conc.lua b/www/lua/test_conc.lua
new file mode 100644
index 0000000000..bbb9be784a
--- /dev/null
+++ b/www/lua/test_conc.lua
@@ -0,0 +1,38 @@
+cgilua.htmlheader()
+if ap then
+	local pid, ppid = ap.pid ()
+	if not ppid then
+		ppid = "no parent pid"
+	end
+	cgilua.put ("pid = "..pid.." ("..ppid..")".."\n")
+end
+
+assert(type(stable.get) == "function")
+assert(type(stable.set) == "function")
+
+cgilua.put"stable.pairs = {<br>\n"
+for i, v in stable.pairs () do
+	cgilua.put (i.." = "..tostring(v).."<br>\n")
+end
+cgilua.put"}<br>\n"
+
+local counter = stable.get"counter" or 0
+stable.set ("counter", counter + 1)
+
+local f = stable.get"f"
+if not f then
+	local d = os.date()
+	stable.set ("f", function () return d end)
+else
+	cgilua.put ("f() = "..tostring (f ()))
+end
+
+cgilua.put"<br>\n"
+for i = 1,800 do
+	cgilua.put (i)
+	for ii = 1,1000 do
+		cgilua.put ("<!>")
+	end
+	cgilua.put ("\n")
+end
+cgilua.put ("End")
diff --git a/www/lua/test_cookies.lp b/www/lua/test_cookies.lp
new file mode 100644
index 0000000000..932b9c5e98
--- /dev/null
+++ b/www/lua/test_cookies.lp
@@ -0,0 +1,13 @@
+<?lua
+local cookies = require"cgilua.cookies"
+CL_COOKIE = "cgilua_cookie"
+
+local test = cookies.get (CL_COOKIE)
+cookies.sethtml (CL_COOKIE, os.date())
+?>
+
+<h1>Testing Cookies library</h1>
+
+<%= CL_COOKIE%> = <%= tostring(test)%><br>
+Assigning current date to cookie!<br>
+Reload this script to check cookie's value!
diff --git a/www/lua/test_cookies.lua b/www/lua/test_cookies.lua
new file mode 100644
index 0000000000..6af935e894
--- /dev/null
+++ b/www/lua/test_cookies.lua
@@ -0,0 +1,14 @@
+local cookies = require"cgilua.cookies"
+CL_COOKIE = "cgilua_cookie"
+
+local test = cookies.get (CL_COOKIE)
+cookies.set (CL_COOKIE, os.date())
+
+cgilua.htmlheader ()
+cgilua.put ([[
+<h1>Testing Cookies library</h1>
+
+]]..CL_COOKIE..'  = '..tostring(test)..[[<br>
+Assigning current date to cookie!<br>
+Reload this script to check cookie's value!
+]])
diff --git a/www/lua/test_err.lua b/www/lua/test_err.lua
new file mode 100644
index 0000000000..4d6ffc9708
--- /dev/null
+++ b/www/lua/test_err.lua
@@ -0,0 +1,4 @@
+cgilua.htmlheader()
+cgilua.put"Oi!"
+--io.write"something\n"
+cgilua.errorlog ("eca", "emerg")
diff --git a/www/lua/test_fs.lua b/www/lua/test_fs.lua
new file mode 100644
index 0000000000..566ed8b204
--- /dev/null
+++ b/www/lua/test_fs.lua
@@ -0,0 +1,23 @@
+function link_dir (dir, base)
+	local path = base.."/"..dir
+	local mode = lfs.attributes (path).mode
+	if mode == "directory" then
+		return string.format ('<a href="%s">%s</a>',
+			cgilua.mkurlpath ("test_fs.lua", { dir = path }),
+			dir)
+	else
+		return dir
+	end
+end
+
+cgilua.htmlheader ()
+cgilua.put ("<h1>Testing Filesystem library</h1>\n")
+cgilua.put ("<table>\n")
+cgilua.put ("<tr><td colspan=2>Testing <b>dir</b></td></tr>\n")
+local i = 0
+local dir = cgi.dir or "."
+for file in lfs.dir (dir) do
+	i = i+1
+	cgilua.put ("<tr><td>"..i.."</td><td>"..link_dir(file, dir).."</td></tr>\n")
+end
+cgilua.put ("</table>\n")
diff --git a/www/lua/test_htk.lua b/www/lua/test_htk.lua
new file mode 100644
index 0000000000..ac1de6c31b
--- /dev/null
+++ b/www/lua/test_htk.lua
@@ -0,0 +1,22 @@
+require"htk"
+
+local a_table = {}
+for i = 1, 20 do
+	local l = {}
+	for j = 1, 20 do
+		table.insert (l, HTK.TD { "cell "..i..","..j })
+	end
+	table.insert (a_table, HTK.TR (l))
+end
+
+cgilua.htmlheader()
+cgilua.put (HTK.HTML {
+	HTK.HEAD { HTK.TITLE { "Titulo da Pagina" } },
+	HTK.BODY {
+		bgcolor = "#FFFFFF",
+		HTK.H1 { "Titulo da Pagina" },
+		HTK.P {},
+		"Uma p�gina qualquer",
+		HTK.TABLE (a_table),
+	}
+})
diff --git a/www/lua/test_lib.lua b/www/lua/test_lib.lua
new file mode 100644
index 0000000000..5041253725
--- /dev/null
+++ b/www/lua/test_lib.lua
@@ -0,0 +1,31 @@
+local function getfield (t, f)
+  for w in string.gfind(f, "[%w_]+") do
+    if not t then return nil end
+    t = t[w]
+  end
+  return t
+end
+
+function test_lib (libname)
+	local ok, err = pcall (require, libname)
+	if not ok then
+		cgilua.put ("Library <tt><b>"..libname.."</b></tt> not found<br>\n"..
+			err)
+	else
+		cgilua.put ("Library <tt><b>"..libname.."</b></tt><br>\n")
+		local t = getfield (_G, libname)
+		if type(t) ~= "table" then
+			cgilua.put (tostring(t))
+		else
+			for i, v in pairs (t) do
+				cgilua.put ("&nbsp;&nbsp;"..tostring(i).." = "..tostring(v).."<br>\n")
+			end
+		end
+	end
+	cgilua.put ("\n<p>\n")
+end
+
+cgilua.htmlheader ()
+for _, lib in ipairs { "lfs", "socket", "luasql.postgres", "luasql", "lxp", "lxp.lom", "lualdap", "htk", "xmlrpc", "xmlrpc.http" } do
+	test_lib (lib)
+end
diff --git a/www/lua/test_main.html b/www/lua/test_main.html
new file mode 100644
index 0000000000..a50dd639ca
--- /dev/null
+++ b/www/lua/test_main.html
@@ -0,0 +1,127 @@
+<html>
+<head><title>Test Page</title></head>
+
+<table border>
+  <tr>
+    <th colspan="4"> GET: </td>
+  </tr>
+  <tr>
+    <td>Lua script</td>
+    <td><a href="test_main.lua?field1=ab&field2=cd&field1=ef">module</a></td>
+  </tr>
+  <tr>
+    <td>HTML template</td>
+    <td><a href="test_main.lp?field1=ab&field2=cd&field1=ef">module</a></td>
+  </tr>
+
+  <tr>
+    <th colspan="4"> POST: </td>
+  </tr>
+  <tr>
+    <td colspan="4">
+      <form method="POST" action="">
+        <table>
+          <tr>
+            <td colspan="4">
+              field 1: <input type="text" name="field1"><br>
+              field 2: <input type="text" name="field2"><br>
+              field 3:
+                <input type="checkbox" name="field3" value="op 1">op 1
+                <input type="checkbox" name="field3" value="op 2">op 2
+                <input type="checkbox" name="field3" value="op 3">op 3
+            </td>
+          </tr>
+          <tr>
+            <td>Lua script</td>
+            <td>
+              <a href="javascript:document.forms[0].action='test_main.lua';document.forms[0].submit()">module</a>
+            </td>
+          </tr>
+          <tr>
+            <td>HTML template</td>
+            <td>
+              <a href="javascript:document.forms[0].action='test_main.lp';document.forms[0].submit()">module</a>
+            </td>
+          </tr>
+        </table>
+      </form>
+    </td>
+  </tr>
+
+  <tr>
+    <th colspan="4"> POST (with upload): </td>
+  </tr>
+  <tr>
+    <td colspan="4">
+      <form method="POST" enctype="multipart/form-data" action="">
+        <table>
+          <tr>
+            <td colspan="4">
+              field 1: <input type="text" name="field1"><br>
+              file (binary!): <input type="file" name="file"><br>
+            </td>
+          </tr>
+          <tr>
+            <td>Lua script</td>
+            <td>
+              <a href="javascript:document.forms[1].action='test_main.lua';document.forms[1].submit()">module</a>
+            </td>
+          </tr>
+          <tr>
+            <td>HTML template</td>
+            <td>
+              <a href="javascript:document.forms[1].action='test_main.lp';document.forms[1].submit()">module</a>
+            </td>
+          </tr>
+        </table>
+      </form>
+    </td>
+  </tr>
+  <tr>
+    <th colspan="4"> Cookies: </td>
+  </tr>
+  <tr>
+    <td>Lua script</td>
+    <td><a href="test_cookies.lua">module</a></td>
+  </tr>
+  <tr>
+    <td>HTML template</td>
+    <td><a href="test_cookies.lp">module</a></td>
+  </tr>
+  <tr>
+    <th colspan="4"> Filesystem: </td>
+  </tr>
+  <tr>
+    <td>Lua script</td>
+    <td><a href="test_fs.lua">module</a></td>
+  </tr>
+  <tr>
+    <th colspan="4"> Session: </td>
+  </tr>
+  <tr>
+    <td>Lua script</td>
+    <td><a href="test_session.lua">module</a></td>
+  </tr>
+  <tr>
+    <th colspan="4"> CGI Variables: </td>
+  </tr>
+  <tr>
+    <td>HTML template</td>
+    <td><a href="test_variables.lp">module</a></td>
+  </tr>
+  <tr>
+    <th colspan="4"> Library Overview: </td>
+  </tr>
+  <tr>
+    <td>HTML template</td>
+    <td><a href="overview.lp">module</a></td>
+  </tr>
+  <tr>
+    <th colspan="4"> Concurrency </td>
+  </tr>
+  <tr>
+    <td>Lua script</td>
+    <td><a href="test_conc.lua">module</a></td>
+  </tr>
+</table>
+</html>
diff --git a/www/lua/test_main.lp b/www/lua/test_main.lp
new file mode 100644
index 0000000000..917ee1e536
--- /dev/null
+++ b/www/lua/test_main.lp
@@ -0,0 +1,31 @@
+<html>
+<head><title>Embeded Lua Test</title></head>
+
+<body>
+cgi = {
+<?lua
+for i,v in pairs (cgi) do
+	if type(v) == "table" then
+		local vv = "{"
+		for a,b in pairs(v) do
+			vv = string.format ("%s%s = %s<br>\n", vv, a, tostring(b))
+		end
+		v = vv.."}"
+	end
+?>
+<%= i %> = <%= tostring(v) %> <br>
+<%
+end
+%>
+}
+<br>
+Remote address: <%= cgilua.servervariable"REMOTE_ADDR" %>
+<br>
+Is persistent = <%= tostring (SAPI.Info.ispersistent) %>
+<br>
+ap = <?lua= tostring(ap) ?> <br>
+lfcgi = <% = tostring(lfcgi) %> <br>
+<%= (ap and ap.handler()) or "" %> <br>
+
+</body>
+</html>
diff --git a/www/lua/test_main.lua b/www/lua/test_main.lua
new file mode 100644
index 0000000000..0e997a2d57
--- /dev/null
+++ b/www/lua/test_main.lua
@@ -0,0 +1,46 @@
+cgilua.htmlheader()
+cgilua.put[[
+<html>
+<head><title>Script Lua Test</title></head>
+
+<body>
+cgi = {
+]]
+
+for i,v in pairs (cgi) do
+	if type(v) == "table" then
+		local vv = "{"
+		for a,b in pairs(v) do
+			vv = string.format ("%s%s = %s<br>\n", vv, a, tostring(b))
+		end
+		v = vv.."}"
+	end
+	cgilua.put (string.format ("%s = %s<br>\n", i, tostring(v)))
+end
+cgilua.put "}<br>\n"
+cgilua.put ("Remote address: "..cgilua.servervariable"REMOTE_ADDR")
+cgilua.put "<br>\n"
+cgilua.put ("Is persistent = "..tostring (SAPI.Info.ispersistent).."<br>\n")
+cgilua.put ("ap="..tostring(ap).."<br>\n")
+cgilua.put ("lfcgi="..tostring(lfcgi).."<br>\n")
+
+-- Checking Virtual Environment
+local my_output = cgilua.put
+cgilua.put = nil
+local status, err = pcall (function ()
+	assert (cgilua.put == nil, "cannot change cgilua.put value")
+end)
+cgilua.put = my_output
+assert (status == true, err)
+
+-- Checking require
+local status, err = pcall (function () require"unknown_module" end)
+assert (status == false, "<tt>unknown_module</tt> loaded!")
+-- assert (package == nil, "Access to <tt>package</tt> table allowed!")
+
+cgilua.put[[
+<p>
+</body>
+</html>
+]]
+cgilua = nil
diff --git a/www/lua/test_session.lua b/www/lua/test_session.lua
new file mode 100644
index 0000000000..d97cc45201
--- /dev/null
+++ b/www/lua/test_session.lua
@@ -0,0 +1,43 @@
+cgilua.enablesession ()
+
+function pt (tab)
+	for i, v in pairs (tab) do
+		local vv = v
+		if type(v) == "table" then
+			vv = ""
+			for _i, _v in pairs (v) do
+				vv = vv..string.format ("%s = %q, ", _i, _v)
+			end
+			vv = '{'..vv..'}'
+		end
+		cgilua.put (string.format ("%s = %s<br>\n", tostring (i), tostring (vv)))
+	end
+end
+
+
+if cgi.field then
+	if not cgilua.session.data.field then
+		cgilua.session.data.field = {}
+	end
+	table.insert (cgilua.session.data.field, cgi.field)
+end
+cgilua.htmlheader()
+if cgilua.session then
+	cgilua.put "cgi = {<br>\n"
+	pt (cgi)
+	cgilua.put "}<br>\n"
+	cgilua.put "cgilua.session.data = {<br>\n"
+	pt (cgilua.session.data)
+	cgilua.put "}<br>\n"
+
+	cgilua.put [[<form action="]]
+	cgilua.put (cgilua.mkurlpath"test_session.lua")
+	cgilua.put [[" method="POST">
+  field: <input type="text" name="field" value="]]
+	cgilua.put (cgi.field or "")
+	cgilua.put [["><br>
+  <input type="submit"><br>
+</form>]]
+else
+	cgilua.put "Sessions library is not available or not well configured"
+end
diff --git a/www/lua/test_sql.lua b/www/lua/test_sql.lua
new file mode 100644
index 0000000000..085ce978c7
--- /dev/null
+++ b/www/lua/test_sql.lua
@@ -0,0 +1,13 @@
+local s = require"luasql.postgres"
+
+local env = assert (luasql.postgres ())
+local conn = assert (env:connect ("luasql-test", "tomas"))
+local cur = assert (conn:execute ("select count(*) from fetch_test"))
+
+cgilua.htmlheader()
+cgilua.put ("Total lines at table fetch_test is "..cur:fetch())
+cgilua.put (string.format ("<br>\n%s == %s<br>\n", tostring(s), tostring(luasql)))
+
+cur:close()
+conn:close()
+env:close()
diff --git a/www/lua/test_sql2.lua b/www/lua/test_sql2.lua
new file mode 100644
index 0000000000..a2f6ee12dc
--- /dev/null
+++ b/www/lua/test_sql2.lua
@@ -0,0 +1,24 @@
+require"postgres"
+
+local env = assert (luasql.postgres ())
+local conn = assert (env:connect ("luasql-test", "tomas"))
+local cur = assert (conn:execute ("select count(*) from t1"))
+local total = tonumber (cur:fetch())
+cur:close()
+local aleatorio = math.random(total)
+local cur = assert (conn:execute ("select * from t1, t2 where b = d and a != "..2*aleatorio))
+
+cgilua.htmlheader()
+cgilua.put ("Aleatorio = "..aleatorio.."<br>\n")
+
+local a,b,c,d = cur:fetch()
+cgilua.put ("<table>\n")
+while a do
+--	cgilua.put ("<tr><td>",a,"<td>",b,"<td>",c,"<td>",d,"</tr>")
+	a,b,c,d = cur:fetch()
+end
+cgilua.put ("</table>\n")
+
+cur:close()
+conn:close()
+env:close()
diff --git a/www/test_dir/test_variables.lp b/www/lua/test_variables.lp
similarity index 100%
rename from www/test_dir/test_variables.lp
rename to www/lua/test_variables.lp
diff --git a/www/test_dir/health.sh b/www/test_dir/health.sh
deleted file mode 100755
index d5c7d766b3..0000000000
--- a/www/test_dir/health.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-echo "Content-Type: text/html"
-echo
-echo "<html><title>System Health</title><body>"
-echo "<h1>System Health for '`/bin/hostname`'</h1>"
-echo "<h2>Processes</h2><table border=\"2\">"
-/bin/ps -ef | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</table><h2>Free FileSystem Space</h2>"
-echo "<table border=\"2\">"
-/bin/df -h / | /bin/sed -e "s/\(.*\)/<tr><td>\1<\/td><\/tr>/"
-echo "</table></body></html>"
diff --git a/www/test_dir/test_cgi.php b/www/test_dir/test_cgi.php
deleted file mode 100755
index feecbb1ec4..0000000000
--- a/www/test_dir/test_cgi.php
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/php
-
-<?
-phpinfo();
-?>
-

From 6ae00e4143e367677e0873b64df1472e6e8cf2cc Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Sep 2007 06:51:14 +0000
Subject: [PATCH 107/301] fixed win32 build issues with CGI

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@129 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/axhttpd.aip   |  73 ++++++-------
 config/makefile.conf |   4 +-
 config/win32config   | 245 +++++++++++++++++++++----------------------
 httpd/axhttp.h       |   2 +
 httpd/axhttpd.c      |  10 +-
 httpd/proc.c         | 216 +++++++++++++++++++-------------------
 ssl/os_port.c        |  12 ---
 ssl/os_port.h        |   2 +-
 8 files changed, 271 insertions(+), 293 deletions(-)

diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 2bac4caa67..5d1a2254f8 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="4.9.2" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="5.2.2" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
@@ -8,10 +8,10 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{A03ABCF7-73F5-483D-8F3D-64B822A1ED64} "/>
+    <ROW Property="ProductCode" Value="1033:{E8FE72D8-1458-4F35-9759-EEBE44D96732} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.5"/>
+    <ROW Property="ProductVersion" Value="1.1.7"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
@@ -30,51 +30,47 @@
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
     <ROW Component="another_dir" ComponentId="{3F073789-DB33-40BC-BF88-922C6DF252EC}" Directory_="another_dir_DIR" Attributes="0"/>
     <ROW Component="axhttpd.exe" ComponentId="{0AEFFA20-29FA-4304-8227-F9ED0E6B8A0A}" Directory_="APPDIR" Attributes="0" KeyPath="axhttpd.exe" FullKeyPath="APPDIR\axhttpd.exe"/>
-    <ROW Component="axssl.csharp.exe" ComponentId="{B9373428-79F5-4D77-8924-48D23EF3870E}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.csharp.exe" FullKeyPath="APPDIR\axssl.csharp.exe"/>
     <ROW Component="axssl.exe" ComponentId="{E1E96774-7BFC-45B9-BA33-FC0C631921FD}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.exe" FullKeyPath="APPDIR\axssl.exe"/>
-    <ROW Component="axssl.vbnet.exe" ComponentId="{31F03DA9-E099-4BBD-88B7-4ABBC9F77EFB}" Directory_="APPDIR" Attributes="0" KeyPath="axssl.vbnet.exe" FullKeyPath="APPDIR\axssl.vbnet.exe"/>
     <ROW Component="axtls.dll" ComponentId="{4C741E75-A18A-4FC9-972C-C1EF583713EB}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.dll" FullKeyPath="APPDIR\axtls.dll"/>
-    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.jar" FullKeyPath="APPDIR"/>
-    <ROW Component="axtlsj.dll" ComponentId="{AB8043C7-8291-4898-B34A-561335956DC1}" Directory_="APPDIR" Attributes="0" KeyPath="axtlsj.dll" FullKeyPath="APPDIR\axtlsj.dll"/>
+    <ROW Component="axtls.jar" ComponentId="{796CB0A9-6214-4531-A330-9B37420B7799}" Directory_="APPDIR" Attributes="0" KeyPath="axtls.static.lib" FullKeyPath="APPDIR"/>
     <ROW Component="bigint.h" ComponentId="{FC3E492B-D4F0-41FB-A977-76F6E9FE9FFE}" Directory_="New_Folder_DIR" Attributes="0" KeyPath="bigint.h" FullKeyPath="APPDIR\include"/>
     <ROW Component="favicon.ico" ComponentId="{9A1AB507-100A-470D-A002-CD8262CA4913}" Directory_="www_DIR" Attributes="0" KeyPath="favicon.ico" FullKeyPath="APPDIR\www"/>
-    <ROW Component="health.sh" ComponentId="{173D7469-C57C-481E-A315-19DA527BA1A5}" Directory_="test_dir_DIR" Attributes="0" KeyPath="health.sh" FullKeyPath="APPDIR\www\test_dir"/>
     <ROW Component="htaccess" ComponentId="{F53CB1D5-A3B9-4401-B0BA-B6AB1DA860B7}" Directory_="no_ssl_DIR" Attributes="0" KeyPath="htaccess" FullKeyPath="APPDIR\www\test_dir\no_ssl"/>
     <ROW Component="htaccess_1" ComponentId="{953D1999-CC00-4F85-9B48-2CD83ACAE2F9}" Directory_="no_http_DIR" Attributes="0" KeyPath="htaccess_1" FullKeyPath="APPDIR\www\test_dir\no_http"/>
     <ROW Component="htaccess_2" ComponentId="{6F181A8B-B313-47E2-AF79-AABFDBD353D8}" Directory_="bin_DIR" Attributes="0" KeyPath="htaccess_2" FullKeyPath="APPDIR\www\test_dir\bin"/>
     <ROW Component="htpasswd.exe" ComponentId="{9FE1AAD2-4E35-443A-AAE5-3A7D03A52AAA}" Directory_="APPDIR" Attributes="0" KeyPath="htpasswd.exe" FullKeyPath="APPDIR\htpasswd.exe"/>
+    <ROW Component="test_dir" ComponentId="{832C9295-CF2A-402E-BB3C-65BCBCBB5971}" Directory_="test_dir_DIR" Attributes="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
-    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.csharp.exe axssl.exe axssl.vbnet.exe axtls.dll axtls.jar axtlsj.dll favicon.ico bigint.h health.sh htpasswd.exe another_dir htaccess htaccess_2 htaccess_1"/>
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="axhttpd.exe axssl.exe axtls.dll axtls.jar favicon.ico bigint.h htpasswd.exe another_dir htaccess htaccess_2 htaccess_1 test_dir"/>
     <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
     <ROW File="axhttpd.exe" Component_="axhttpd.exe" FileName="axhttpd.exe" Attributes="0" SourcePath="..\_stage\axhttpd.exe" SelfReg="false" Sequence="1"/>
-    <ROW File="axssl.csharp.exe" Component_="axssl.csharp.exe" FileName="axsslc~1.exe|axssl.csharp.exe" Attributes="0" SourcePath="..\_stage\axssl.csharp.exe" SelfReg="false" Sequence="2"/>
-    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="3"/>
-    <ROW File="axssl.vbnet.exe" Component_="axssl.vbnet.exe" FileName="axsslv~1.exe|axssl.vbnet.exe" Attributes="0" SourcePath="..\_stage\axssl.vbnet.exe" SelfReg="false" Sequence="4"/>
-    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="5"/>
-    <ROW File="axtls.jar" Component_="axtls.jar" FileName="axtls.jar" Attributes="0" SourcePath="..\_stage\axtls.jar" SelfReg="false" Sequence="6"/>
-    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="7"/>
-    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="8"/>
-    <ROW File="axtlsj.dll" Component_="axtlsj.dll" FileName="axtlsj.dll" Attributes="0" SourcePath="..\_stage\axtlsj.dll" SelfReg="false" Sequence="9"/>
-    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="16"/>
-    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="13"/>
-    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\ssl\crypto.h" SelfReg="false" Sequence="14"/>
-    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="10"/>
-    <ROW File="health.sh" Component_="health.sh" FileName="health.sh" Attributes="0" SourcePath="..\www\test_dir\health.sh" SelfReg="false" Sequence="18"/>
-    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="21"/>
-    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="24"/>
-    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="23"/>
-    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="25"/>
-    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="20"/>
-    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="11"/>
-    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="22"/>
-    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="26"/>
-    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="17"/>
-    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="12"/>
-    <ROW File="test_cgi.php" Component_="health.sh" FileName="test_cgi.php" Attributes="0" SourcePath="..\www\test_dir\test_cgi.php" SelfReg="false" Sequence="19"/>
-    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="15"/>
+    <ROW File="axssl.exe" Component_="axssl.exe" FileName="axssl.exe" Attributes="0" SourcePath="..\_stage\axssl.exe" SelfReg="false" Sequence="2"/>
+    <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="3"/>
+    <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="4"/>
+    <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="5"/>
+    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="12"/>
+    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="9"/>
+    <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\crypto\crypto.h" SelfReg="false" Sequence="10"/>
+    <ROW File="crypto_misc.h" Component_="bigint.h" FileName="crypto~1.h|crypto_misc.h" Attributes="0" SourcePath="..\ssl\crypto_misc.h" SelfReg="false" Sequence="21"/>
+    <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="6"/>
+    <ROW File="htaccess" Component_="htaccess" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_ssl\.htaccess" SelfReg="false" Sequence="15"/>
+    <ROW File="htaccess_1" Component_="htaccess_1" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\no_http\.htaccess" SelfReg="false" Sequence="18"/>
+    <ROW File="htaccess_2" Component_="htaccess_2" FileName="htacce~1|.htaccess" Attributes="0" SourcePath="..\www\test_dir\bin\.htaccess" SelfReg="false" Sequence="17"/>
+    <ROW File="htpasswd" Component_="htaccess_1" FileName="htpass~1|.htpasswd" Attributes="0" SourcePath="..\www\test_dir\no_http\.htpasswd" SelfReg="false" Sequence="19"/>
+    <ROW File="htpasswd.exe" Component_="htpasswd.exe" FileName="htpasswd.exe" Attributes="0" SourcePath="..\_stage\htpasswd.exe" SelfReg="false" Sequence="14"/>
+    <ROW File="index.html" Component_="favicon.ico" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\index.html" SelfReg="false" Sequence="7"/>
+    <ROW File="index.html_1" Component_="htaccess" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_ssl\index.html" SelfReg="false" Sequence="16"/>
+    <ROW File="index.html_2" Component_="htaccess_1" FileName="index~1.htm|index.html" Attributes="0" SourcePath="..\www\test_dir\no_http\index.html" SelfReg="false" Sequence="20"/>
+    <ROW File="os_port.h" Component_="bigint.h" FileName="os_port.h" Attributes="0" SourcePath="..\ssl\os_port.h" SelfReg="false" Sequence="13"/>
+    <ROW File="ssl.h" Component_="bigint.h" FileName="ssl.h" Attributes="0" SourcePath="..\ssl\ssl.h" SelfReg="false" Sequence="8"/>
+    <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="11"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
+    <ROW BuildName="DefaultBuild" BuildOrder="1" BuildType="0" InstallationType="4"/>
+    <ATTRIBUTE name="CurrentBuild" value="DefaultBuild"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
     <ROW Path="&lt;ui.ail&gt;"/>
@@ -105,13 +101,14 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
     <ROW Directory_="another_dir_DIR" Component_="another_dir"/>
+    <ROW Directory_="test_dir_DIR" Component_="test_dir"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
     <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="aicustact.dll" Target="PrepareUpgrade"/>
     <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="aicustact.dll" Target="RestoreLocation"/>
     <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
-    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][ProductName]"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]" MultiBuildTarget="DefaultBuild:[ProgramFilesFolder][ProductName]"/>
     <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
     <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
   </COMPONENT>
@@ -127,12 +124,6 @@
   <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
     <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="740"/>
   </COMPONENT>
-  <COMPONENT cid="caphyon.advinst.msicomp.MsiMediaComponent">
-    <ATTRIBUTE name="CabsLocation" value="0"/>
-    <ATTRIBUTE name="Compress" value="1"/>
-    <ATTRIBUTE name="InstallationType" value="4"/>
-    <ATTRIBUTE name="Package" value="1"/>
-  </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
     <ROW Shortcut="axhttpd.exe" Directory_="SHORTCUTDIR" Name="axhttpd" Component_="axhttpd.exe" Target="[#axhttpd.exe]" Description="axhttpd.exe" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
     <ROW Shortcut="axssl_client" Directory_="SHORTCUTDIR" Name="axsslc~1|axssl client" Component_="axssl.exe" Target="[#axssl.exe]" Arguments="s_client" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
diff --git a/config/makefile.conf b/config/makefile.conf
index 4255dbe46a..aff7909956 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -57,8 +57,8 @@ endif
 CC=cl.exe
 LD=link.exe
 AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
-CFLAGS+=/nologo /W3 /D "WIN32" /D "_MBCS" /D "_CONSOLE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
-LDFLAGS=/nologo /subsystem:console /machine:I386
+CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386 Advapi32.lib
 LDSHARED = /dll
 AR=lib /nologo
 
diff --git a/config/win32config b/config/win32config
index 3e0b4223cb..be5ac45f8b 100644
--- a/config/win32config
+++ b/config/win32config
@@ -1,125 +1,120 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-CONFIG_PLATFORM_WIN32=y
-
-#
-# General Configuration
-#
-PREFIX=""
-# CONFIG_DEBUG is not set
-
-#
-# Microsoft Compiler Options
-#
-# CONFIG_VISUAL_STUDIO_6_0 is not set
-CONFIG_VISUAL_STUDIO_7_0=y
-# CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
-CONFIG_VISUAL_STUDIO_7_0_BASE="c:\\Program Files\\Microsoft Visual Studio .NET 2003"
-CONFIG_VISUAL_STUDIO_8_0_BASE=""
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
-# CONFIG_USE_DEV_URANDOM is not set
-CONFIG_WIN32_USE_CRYPTO_LIB=y
-# CONFIG_OPENSSL_COMPATIBLE is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
-
-#
-# Axhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_PORT=80
-CONFIG_HTTP_HTTPS_PORT=443
-CONFIG_HTTP_SESSION_CACHE_SIZE=5
-CONFIG_HTTP_WEBROOT="../www"
-CONFIG_HTTP_TIMEOUT=300
-
-#
-# CGI
-#
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-# CONFIG_HTTP_ENABLE_LUA is not set
-CONFIG_HTTP_LUA_PREFIX=""
-# CONFIG_HTTP_BUILD_LUA is not set
-CONFIG_HTTP_DIRECTORIES=y
-CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_USE_CHROOT is not set
-# CONFIG_HTTP_CHANGE_UID is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-# CONFIG_HTTP_VERBOSE is not set
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-CONFIG_BINDINGS=y
-CONFIG_CSHARP_BINDINGS=y
-CONFIG_VBNET_BINDINGS=y
-
-#
-# .Net Framework
-#
-CONFIG_DOT_NET_FRAMEWORK_BASE="c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-CONFIG_JAVA_BINDINGS=y
-
-#
-# Java Home
-#
-CONFIG_JAVA_HOME="c:\\Program Files\\Java\\jdk1.5.0_06"
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-# CONFIG_LUA_BINDINGS is not set
-CONFIG_LUA_CORE=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-CONFIG_CSHARP_SAMPLES=y
-CONFIG_VBNET_SAMPLES=y
-CONFIG_JAVA_SAMPLES=y
-# CONFIG_PERL_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+CONFIG_PLATFORM_WIN32=y
+
+#
+# General Configuration
+#
+PREFIX=""
+# CONFIG_DEBUG is not set
+# CONFIG_STRIP_UNWANTED_SECTIONS is not set
+
+#
+# Microsoft Compiler Options
+#
+# CONFIG_VISUAL_STUDIO_6_0 is not set
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+CONFIG_VISUAL_STUDIO_8_0=y
+CONFIG_VISUAL_STUDIO_6_0_BASE=""
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_USE_DEV_URANDOM is not set
+CONFIG_WIN32_USE_CRYPTO_LIB=y
+# CONFIG_OPENSSL_COMPATIBLE is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_TIMEOUT=300
+
+#
+# CGI
+#
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSIONS=""
+# CONFIG_HTTP_ENABLE_LUA is not set
+CONFIG_HTTP_LUA_PREFIX=""
+CONFIG_HTTP_LUA_CGI_LAUNCHER=""
+# CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_DIRECTORIES=y
+CONFIG_HTTP_HAS_AUTHORIZATION=y
+# CONFIG_HTTP_USE_CHROOT is not set
+# CONFIG_HTTP_CHANGE_UID is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+# CONFIG_BINDINGS is not set
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+# CONFIG_LUA_BINDINGS is not set
+CONFIG_LUA_CORE=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+# CONFIG_PERL_SAMPLES is not set
+# CONFIG_LUA_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 439fd91273..2da364e742 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -129,7 +129,9 @@ void procreadhead(struct connstruct *cn);
 void procsendhead(struct connstruct *cn);
 void procreadfile(struct connstruct *cn);
 void procsendfile(struct connstruct *cn);
+#if defined(CONFIG_HTTP_HAS_CGI)
 void read_post_data(struct connstruct *cn);
+#endif
 
 /* misc.c prototypes */
 char *my_strncpy(char *dest, const char *src, size_t n);
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 2f5fd19bfe..701d588530 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -301,10 +301,12 @@ int main(int argc, char *argv[])
                         FD_ISSET(to->networkdesc, &rfds)) 
             {
                 active--;
-		if (to->post_state)
-		  read_post_data(to);
-		else
-                procreadhead(to);
+#if defined(CONFIG_HTTP_HAS_CGI)
+                if (to->post_state)
+                    read_post_data(to);
+                else
+#endif
+                    procreadhead(to);
             } 
 
             if (to->state == STATE_WANT_TO_SEND_HEAD &&
diff --git a/httpd/proc.c b/httpd/proc.c
index bb50b5a246..35388e7fcc 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -49,6 +49,7 @@ static void procdirlisting(struct connstruct *cn);
 #if defined(CONFIG_HTTP_HAS_CGI)
 static void proccgi(struct connstruct *cn);
 static void decode_path_info(struct connstruct *cn, char *path_info);
+static int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv);
 #endif
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
 static int auth_check(struct connstruct *cn);
@@ -281,113 +282,12 @@ static void urlencode(const uint8_t *s, char *t)
 
 #endif
 
-int init_read_post_data(char *buf, char *data, struct connstruct *cn, int old_rv)
-{
-   char *next;
-   int rv;
-   char *post_data;
-
-   rv=old_rv;
-   next=data;
-
-    /* Too much Post data to send. MAXPOSTDATASIZE should be 
-       configured (now it can be chaged in the header file) */
-   if (cn->content_length > MAXPOSTDATASIZE) 
-     {
-       send_error(cn, 418);
-       return 0;
-     }
-   
-   /* remove CRLF */
-   while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) 
-       next++;
-   
-   if (cn->post_data == NULL)
-   {
-       cn->post_data = (char *) calloc(1, (cn->content_length + 1)); 
-       /* Allocate buffer for the POST data that will be used by proccgi 
-          to send POST data to the CGI script */
-
-       if (cn->post_data == NULL)
-       {
-           printf("axhttpd: could not allocate memory for POST data\n"); 
-           TTY_FLUSH();
-           send_error(cn, 599);
-           return 0;
-       }
-   }
-
-   cn->post_state = 0;
-   cn->post_read = 0;
-   post_data = cn->post_data;
-
-   while (next < &buf[rv])
-   { 
-       /*copy POST data to buffer*/
-       *post_data = *next;
-       post_data++;
-       next++;
-       cn->post_read++;
-       if (cn->post_read == cn->content_length)
-       { 
-           /* No more POST data to be copied */
-           *post_data = '\0';
-           return 1;
-       }
-   }
-
-   /* More POST data has to be read. read_post_data will continue with that */
-   cn->post_state = 1;
-   return 0;
-}
-
-void read_post_data(struct connstruct *cn)
-{
-    char buf[MAXREQUESTLENGTH*4], *next;
-    char *post_data;
-    int rv;
-
-    bzero(buf,MAXREQUESTLENGTH*4);
-    rv = special_read(cn, buf, sizeof(buf)-1);
-    if (rv <= 0) 
-    {
-        if (rv < 0) /* really dead? */
-            removeconnection(cn);
-        return;
-    }
-
-    buf[rv] = '\0';
-    next = buf;
-
-    post_data = &cn->post_data[cn->post_read];
-
-    while (next < &buf[rv])
-    {
-        *post_data = *next;
-        post_data++;
-        next++;
-        cn->post_read++;
-        if (cn->post_read == cn->content_length)
-        {  
-            /* No more POST data to be copied */
-            *post_data='\0';
-            cn->post_state = 0;
-            buildactualfile(cn);
-            cn->state = STATE_WANT_TO_SEND_HEAD;
-            return;
-        }
-    }
-
-    /* More POST data to read */
-}
-
-
 void procreadhead(struct connstruct *cn) 
 {
     char buf[MAXREQUESTLENGTH*4], *tp, *next;
     int rv;
 
-    bzero(buf,MAXREQUESTLENGTH*4);
+    memset(buf, 0, MAXREQUESTLENGTH*4);
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
@@ -409,12 +309,14 @@ void procreadhead(struct connstruct *cn)
         /* If we have a blank line, advance to next stage */
         if (*next == '\r' || *next == '\n') 
         {
-	    if ((cn->reqtype == TYPE_POST)&&(cn->content_length > 0))
-	      {
-		if (init_read_post_data(buf,next,cn,rv) == 0)
-		  return;
-	      }
-		
+#ifndef WIN32
+            if (cn->reqtype == TYPE_POST && cn->content_length > 0)
+            {
+                if (init_read_post_data(buf,next,cn,rv) == 0)
+                    return;
+            }
+#endif
+
             buildactualfile(cn);
             cn->state = STATE_WANT_TO_SEND_HEAD;
             return;
@@ -860,6 +762,104 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
     my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
 }
 
+static int init_read_post_data(char *buf, char *data, 
+                                struct connstruct *cn, int old_rv)
+{
+   char *next = data;
+   int rv = old_rv;
+   char *post_data;
+
+    /* Too much Post data to send. MAXPOSTDATASIZE should be 
+       configured (now it can be chaged in the header file) */
+   if (cn->content_length > MAXPOSTDATASIZE) 
+   {
+       send_error(cn, 418);
+       return 0;
+   }
+   
+   /* remove CRLF */
+   while ((*next == '\r' || *next == '\n') && (next < &buf[rv])) 
+       next++;
+   
+   if (cn->post_data == NULL)
+   {
+       cn->post_data = (char *) calloc(1, (cn->content_length + 1)); 
+       /* Allocate buffer for the POST data that will be used by proccgi 
+          to send POST data to the CGI script */
+
+       if (cn->post_data == NULL)
+       {
+           printf("axhttpd: could not allocate memory for POST data\n"); 
+           TTY_FLUSH();
+           send_error(cn, 599);
+           return 0;
+       }
+   }
+
+   cn->post_state = 0;
+   cn->post_read = 0;
+   post_data = cn->post_data;
+
+   while (next < &buf[rv])
+   { 
+       /*copy POST data to buffer*/
+       *post_data = *next;
+       post_data++;
+       next++;
+       cn->post_read++;
+       if (cn->post_read == cn->content_length)
+       { 
+           /* No more POST data to be copied */
+           *post_data = '\0';
+           return 1;
+       }
+   }
+
+   /* More POST data has to be read. read_post_data will continue with that */
+   cn->post_state = 1;
+   return 0;
+}
+
+void read_post_data(struct connstruct *cn)
+{
+    char buf[MAXREQUESTLENGTH*4], *next;
+    char *post_data;
+    int rv;
+
+    bzero(buf,MAXREQUESTLENGTH*4);
+    rv = special_read(cn, buf, sizeof(buf)-1);
+    if (rv <= 0) 
+    {
+        if (rv < 0) /* really dead? */
+            removeconnection(cn);
+        return;
+    }
+
+    buf[rv] = '\0';
+    next = buf;
+
+    post_data = &cn->post_data[cn->post_read];
+
+    while (next < &buf[rv])
+    {
+        *post_data = *next;
+        post_data++;
+        next++;
+        cn->post_read++;
+        if (cn->post_read == cn->content_length)
+        {  
+            /* No more POST data to be copied */
+            *post_data='\0';
+            cn->post_state = 0;
+            buildactualfile(cn);
+            cn->state = STATE_WANT_TO_SEND_HEAD;
+            return;
+        }
+    }
+
+    /* More POST data to read */
+}
+
 #endif  /* CONFIG_HTTP_HAS_CGI */
 
 /* Decode string %xx -> char (in place) */
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 9b25473897..5f3c47722d 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -65,8 +65,6 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
 #undef malloc
 #undef realloc
 #undef calloc
-#undef open
-#undef fopen
 
 static const char * out_of_mem_str = "out of memory";
 static const char * file_open_str = "Could not open file \"%s\"";
@@ -106,16 +104,6 @@ EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
     return x;
 }
 
-EXP_FUNC FILE * STDCALL ax_fopen(const char *pathname, const char *type)
-{
-    FILE *f; 
-
-    if ((f = fopen(pathname, type)) == NULL)
-        exit_now(file_open_str, pathname);
-
-    return  f;
-}
-
 EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
 {
     int x;
diff --git a/ssl/os_port.h b/ssl/os_port.h
index ea0e7d14ca..c6ecb6f83a 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -86,6 +86,7 @@ extern "C" {
 #define usleep(A)               Sleep(A/1000)
 #define strdup(A)               _strdup(A)
 #define chroot(A)               _chdir(A)
+#define chdir(A)                _chdir(A)
 #ifndef lseek
 #define lseek(A,B,C)            _lseek(A,B,C)
 #endif
@@ -157,7 +158,6 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
 EXP_FUNC void * STDCALL ax_malloc(size_t s);
 EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
 EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
-EXP_FUNC FILE * STDCALL ax_fopen(const char *name, const char *type);
 EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
 
 #ifdef CONFIG_PLATFORM_LINUX

From 91f0c4bec0494fdcf7e090ba01e008847f0c1ed8 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Sep 2007 12:03:09 +0000
Subject: [PATCH 108/301] remove vc6.0 support

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@130 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in     | 10 ----------
 config/linuxconfig   |  2 --
 config/makefile.conf |  9 +--------
 config/win32config   |  2 --
 crypto/crypto.h      |  2 +-
 httpd/Config.in      |  2 +-
 ssl/Config.in        |  5 +----
 ssl/Makefile         |  2 +-
 www/lua/tcgi1.lua    |  9 ---------
 9 files changed, 5 insertions(+), 38 deletions(-)
 delete mode 100644 www/lua/tcgi1.lua

diff --git a/config/Config.in b/config/Config.in
index f434bde45e..4721ac4463 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -63,11 +63,6 @@ choice
     depends on CONFIG_PLATFORM_WIN32
     default CONFIG_VISUAL_STUDIO_7_0
 
-config CONFIG_VISUAL_STUDIO_6_0
-    bool "Visual Studio 6.0 (VC98)"
-    help
-        Use Microsoft's Visual Studio 6.0 platform.
-
 config CONFIG_VISUAL_STUDIO_7_0
     bool "Visual Studio 7.0 (2003)"
     help 
@@ -80,11 +75,6 @@ config CONFIG_VISUAL_STUDIO_8_0
 
 endchoice
 
-config CONFIG_VISUAL_STUDIO_6_0_BASE
-    string "Base"
-    depends on CONFIG_VISUAL_STUDIO_6_0
-    default "c:\\Program Files\\Microsoft Visual Studio"
-
 config CONFIG_VISUAL_STUDIO_7_0_BASE
     string "Base"
     depends on CONFIG_VISUAL_STUDIO_7_0
diff --git a/config/linuxconfig b/config/linuxconfig
index 220060c009..d1d883e09b 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -12,10 +12,8 @@ CONFIG_PLATFORM_LINUX=y
 #
 PREFIX="/usr/local"
 # CONFIG_DEBUG is not set
-# CONFIG_VISUAL_STUDIO_6_0 is not set
 # CONFIG_VISUAL_STUDIO_7_0 is not set
 # CONFIG_VISUAL_STUDIO_8_0 is not set
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
 CONFIG_VISUAL_STUDIO_7_0_BASE=""
 CONFIG_VISUAL_STUDIO_8_0_BASE=""
 CONFIG_EXTRA_CFLAGS_OPTIONS=""
diff --git a/config/makefile.conf b/config/makefile.conf
index aff7909956..fe9ba26d76 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -31,12 +31,6 @@ all:
 # Win32 
 ifdef CONFIG_PLATFORM_WIN32
 
-ifdef CONFIG_VISUAL_STUDIO_6_0
-CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_6_0_BASE))
-export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Include")
-export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_6_0_BASE)\vc98\Lib")
-PATH:=$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/common/msdev98/bin:$(CONFIG_VISUAL_STUDIO_6_0_BASE_UNIX)/vc98/bin:$(PATH)
-else
 ifdef CONFIG_VISUAL_STUDIO_7_0
 CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
 export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
@@ -52,13 +46,12 @@ stuff:
 	@echo $(INCLUDE)
 endif
 endif
-endif
 
 CC=cl.exe
 LD=link.exe
 AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
 CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
-LDFLAGS=/nologo /subsystem:console /machine:I386 Advapi32.lib
+LDFLAGS=/nologo /subsystem:console /machine:I386
 LDSHARED = /dll
 AR=lib /nologo
 
diff --git a/config/win32config b/config/win32config
index be5ac45f8b..ae6abf18b2 100644
--- a/config/win32config
+++ b/config/win32config
@@ -17,10 +17,8 @@ PREFIX=""
 #
 # Microsoft Compiler Options
 #
-# CONFIG_VISUAL_STUDIO_6_0 is not set
 # CONFIG_VISUAL_STUDIO_7_0 is not set
 CONFIG_VISUAL_STUDIO_8_0=y
-CONFIG_VISUAL_STUDIO_6_0_BASE=""
 CONFIG_VISUAL_STUDIO_7_0_BASE=""
 CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
 CONFIG_EXTRA_CFLAGS_OPTIONS=""
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 0becbd5cc8..4b4cdc406a 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -27,8 +27,8 @@
 extern "C" {
 #endif
 
-#include "os_port.h"
 #include "config.h"
+#include "os_port.h"
 
 /* enable features based on a 'super-set' capbaility. */
 #if defined(CONFIG_SSL_FULL_MODE) 
diff --git a/httpd/Config.in b/httpd/Config.in
index 512aa33e73..cbbbc7d5ec 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -54,11 +54,11 @@ config CONFIG_HTTP_TIMEOUT
         Set the timeout of a connection in seconds.
 
 menu "CGI"
+depends on !CONFIG_PLATFORM_WIN32
 
 config CONFIG_HTTP_HAS_CGI
     bool "Enable CGI"
     default y
-    depends on !CONFIG_PLATFORM_WIN32
     help
         Enable the CGI capability. Not available on Win32 platforms.
 
diff --git a/ssl/Config.in b/ssl/Config.in
index 1b6f4641bf..0a11ef55fc 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -234,15 +234,12 @@ config CONFIG_USE_DEV_URANDOM
 
 config CONFIG_WIN32_USE_CRYPTO_LIB
     bool "Use Win32 Crypto Library"
-    default y if !CONFIG_VISUAL_STUDIO_6_0
-    default n if CONFIG_VISUAL_STUDIO_6_0
     depends on CONFIG_PLATFORM_WIN32
     help 
         Microsoft produce a Crypto API which requires the Platform SDK to be
         installed. It's used for the RNG.
 
-        This will be the default on most Win32 systems. If using Visual Studio
-        6.0, then the SDK containing the crypto libraries must be used.
+        This will be the default on most Win32 systems.
 
 config CONFIG_OPENSSL_COMPATIBLE
     bool "Enable openssl API compatibility"
diff --git a/ssl/Makefile b/ssl/Makefile
index 2dcbeceec9..a8ec01c9f0 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -44,7 +44,7 @@ endif
 LIBMAJOR=$(BASETARGET).1
 LIBMINOR=$(BASETARGET).1.2
 else
-TARGET1=$(AXTLS_HOME)/axtls.lib
+TARGET1=$(AXTLS_HOME)/$(STAGE)/axtls.lib
 TARGET2=$(AXTLS_HOME)/$(STAGE)/axtls.dll
 STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
 CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
diff --git a/www/lua/tcgi1.lua b/www/lua/tcgi1.lua
deleted file mode 100644
index b152cd9dbe..0000000000
--- a/www/lua/tcgi1.lua
+++ /dev/null
@@ -1,9 +0,0 @@
-io.stdout:write"Content-type: text/html\n\n"
-
-for i,v in pairs{"QUERY_STRING", } do
-	io.stdout:write (string.format ("%s = %s", v, os.getenv(v) or '&nbsp;'))
-end
-io.stdout:write "<br>\n"
-
-local post_data = io.stdin:read"*a"
-io.stdout:write (string.format ("post_data = {%s}", post_data))

From 18cde1355dfa9e191a813ca8f73150b9cf293a33 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 1 Oct 2007 21:49:12 +0000
Subject: [PATCH 109/301] memory reductions

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@131 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.c   | 19 ++++++++++++++++---
 ssl/bigint.h   |  1 +
 ssl/rsa.c      |  6 ++++++
 ssl/tls1.c     | 39 ++++++++++++++++++---------------------
 ssl/tls1.h     |  2 ++
 ssl/tls1_svr.c |  4 ++++
 www/index.html |  2 +-
 7 files changed, 48 insertions(+), 25 deletions(-)

diff --git a/ssl/bigint.c b/ssl/bigint.c
index 38823ce990..ef4a917f49 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -96,8 +96,6 @@ BI_CTX *bi_initialize(void)
  */
 void bi_terminate(BI_CTX *ctx)
 {
-    bigint *p, *pn;
-
     bi_depermanent(ctx->bi_radix); 
     bi_free(ctx, ctx->bi_radix);
 
@@ -110,6 +108,20 @@ void bi_terminate(BI_CTX *ctx)
         abort();
     }
 
+    bi_clear_cache(ctx);
+    free(ctx);
+}
+
+/**
+ *@brief Clear the memory cache.
+ */
+void bi_clear_cache(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    if (ctx->free_list == NULL)
+        return;
+    
     for (p = ctx->free_list; p != NULL; p = pn)
     {
         pn = p->next;
@@ -117,7 +129,8 @@ void bi_terminate(BI_CTX *ctx)
         free(p);
     }
 
-    free(ctx);
+    ctx->free_count = 0;
+    ctx->free_list = NULL;
 }
 
 /**
diff --git a/ssl/bigint.h b/ssl/bigint.h
index ff54bac672..5c70fcc96b 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -30,6 +30,7 @@ BI_CTX *bi_initialize(void);
 void bi_terminate(BI_CTX *ctx);
 void bi_permanent(bigint *bi);
 void bi_depermanent(bigint *bi);
+void bi_clear_cache(BI_CTX *ctx);
 void bi_free(BI_CTX *ctx, bigint *bi);
 bigint *bi_copy(bigint *bi);
 bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
diff --git a/ssl/rsa.c b/ssl/rsa.c
index bcfc310166..d58864b2fc 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -249,6 +249,9 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
     encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
         RSA_public(ctx, dat_bi);
     bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx->bi_ctx);
     return byte_size;
 }
 
@@ -296,6 +299,9 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
 #ifdef WIN32
     free(block);
 #endif
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx);
     return bir;
 }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 0e2ced092d..fc03bc3082 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -269,7 +269,6 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
 
     /* may already be free - but be sure */
-    free(ssl->all_pkts);
     free(ssl->final_finish_mac);
     free(ssl->key_block);
     free(ssl->encrypt_ctx);
@@ -408,13 +407,17 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 
     /* make sure the cert is valid */
     cert = ca_cert_ctx->cert[i];
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
     if ((ret = x509_verify(ca_cert_ctx, cert)))
     {
+        SSL_CTX_UNLOCK(ssl_ctx->mutex);
         x509_free(cert);        /* get rid of it */
         ca_cert_ctx->cert[i] = NULL;
         goto error;
     }
 
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
     len -= offset;
     ret = SSL_OK;           /* ok so far */
 
@@ -549,6 +552,8 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
+    MD5_Init(&ssl->md5_ctx);
+    SHA1_Init(&ssl->sha1_ctx);
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
@@ -673,7 +678,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
  */
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
 {   
-    unsigned char hmac_buf[SHA1_SIZE];
+    uint8_t hmac_buf[SHA1_SIZE];
     int hmac_offset;
    
     if (ssl->cipher_info->padding_size)
@@ -709,10 +714,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    int new_len = ssl->all_pkts_len + len;
-    ssl->all_pkts = (uint8_t *)realloc(ssl->all_pkts, new_len);
-    memcpy(&ssl->all_pkts[ssl->all_pkts_len], pkt, len);
-    ssl->all_pkts_len = new_len;
+    MD5_Update(&ssl->md5_ctx, pkt, len);
+    SHA1_Update(&ssl->sha1_ctx, pkt, len);
 }
 
 /**
@@ -790,7 +793,7 @@ static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
     p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
     p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
 
-    for (i=0; i < olen; i++)
+    for (i = 0; i < olen; i++)
         out[i] = xbuf[i] ^ ybuf[i];
 }
 
@@ -828,10 +831,10 @@ static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
  */
 void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
-    unsigned char mac_buf[128]; 
-    unsigned char *q = mac_buf;
-    MD5_CTX md5_ctx;
-    SHA1_CTX sha1_ctx;
+    uint8_t mac_buf[128]; 
+    uint8_t *q = mac_buf;
+    MD5_CTX md5_ctx = ssl->md5_ctx;
+    SHA1_CTX sha1_ctx = ssl->sha1_ctx;
 
     if (label)
     {
@@ -839,13 +842,9 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         q += strlen(label);
     }
 
-    MD5_Init(&md5_ctx);
-    MD5_Update(&md5_ctx, ssl->all_pkts, ssl->all_pkts_len);
     MD5_Final(q, &md5_ctx);
     q += MD5_SIZE;
     
-    SHA1_Init(&sha1_ctx);
-    SHA1_Update(&sha1_ctx, ssl->all_pkts, ssl->all_pkts_len);
     SHA1_Final(q, &sha1_ctx);
     q += SHA1_SIZE;
 
@@ -1476,11 +1475,6 @@ int process_finished(SSL *ssl, int hs_len)
             ret = send_finished(ssl);
     }
 
-    /* Don't need this stuff anymore */
-    free(ssl->all_pkts);
-    ssl->all_pkts = NULL;
-    ssl->all_pkts_len = 0;
-
     memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
     free(ssl->master_secret);
     ssl->master_secret = NULL;
@@ -1713,7 +1707,10 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
  */
 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 {
-    int ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+    int ret;
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (ret)        /* modify into an SSL error type */
     {
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 45f13527d5..e8be2e44d2 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -163,6 +163,8 @@ struct _SSL
     int16_t hs_status;
     uint8_t *all_pkts; 
     int all_pkts_len;
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
     int client_fd;
     const cipher_info_t *cipher_info;
     uint8_t *final_finish_mac;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index dee48eeb16..6baae5b67e 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -432,7 +432,11 @@ static int process_cert_verify(SSL *ssl)
     PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
 
     DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
     n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (n != SHA1_SIZE + MD5_SIZE)
     {
diff --git a/www/index.html b/www/index.html
index 5730303d32..505e574559 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200709162253" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200710012148" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory.\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 7ac1528ecd3a7152dd5b8ea2ffe2914224490642 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 3 Oct 2007 07:26:10 +0000
Subject: [PATCH 110/301] minor fix

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@132 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c     | 4 ++--
 www/index.html | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index fc03bc3082..60f66f9da2 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2045,8 +2045,8 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
 
 #ifdef CONFIG_BINDINGS
 #if !defined(CONFIG_SSL_ENABLE_CLIENT)
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, 
-                        int client_fd, const uint8_t *session_id)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
 {
     printf(unsupported_str);
     return NULL;
diff --git a/www/index.html b/www/index.html
index 505e574559..9516ff52ea 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200710012148" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory.\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200710022244" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 5094c5e81c2cd0afa331ed9fe9675b50ada8d536 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 3 Oct 2007 22:00:33 +0000
Subject: [PATCH 111/301] fixed memory leak in renegotiation

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@133 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 939318b0ea..c33962e781 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -131,6 +131,7 @@ int do_client_connect(SSL *ssl)
     ssl->bm_read_index = 0;
     ssl->next_state = HS_SERVER_HELLO;
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
+    x509_free(ssl->x509_ctx);
 
     /* sit in a loop until it all looks good */
     while (ssl->hs_status != SSL_OK)

From 6afb2ce28b06502dc97c44f04e87d6f4ecc8edd4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 3 Oct 2007 22:10:21 +0000
Subject: [PATCH 112/301] made inc ms5/sha1 a tmp

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@134 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c      | 16 ++++++++++------
 ssl/tls1.h      |  4 ++--
 ssl/tls1_clnt.c |  4 ++++
 ssl/tls1_svr.c  |  4 ++++
 4 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 60f66f9da2..2a32f40687 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -274,6 +274,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     free(ssl->encrypt_ctx);
     free(ssl->decrypt_ctx);
     free(ssl->master_secret);
+    free(ssl->md5_ctx);
+    free(ssl->sha1_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     x509_free(ssl->x509_ctx);
 #endif
@@ -552,8 +554,10 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
-    MD5_Init(&ssl->md5_ctx);
-    SHA1_Init(&ssl->sha1_ctx);
+    ssl->md5_ctx = (MD5_CTX *)malloc(sizeof(MD5_CTX));
+    ssl->sha1_ctx = (SHA1_CTX *)malloc(sizeof(SHA1_CTX));
+    MD5_Init(ssl->md5_ctx);
+    SHA1_Init(ssl->sha1_ctx);
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
@@ -714,8 +718,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    MD5_Update(&ssl->md5_ctx, pkt, len);
-    SHA1_Update(&ssl->sha1_ctx, pkt, len);
+    MD5_Update(ssl->md5_ctx, pkt, len);
+    SHA1_Update(ssl->sha1_ctx, pkt, len);
 }
 
 /**
@@ -833,8 +837,8 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
     uint8_t mac_buf[128]; 
     uint8_t *q = mac_buf;
-    MD5_CTX md5_ctx = ssl->md5_ctx;
-    SHA1_CTX sha1_ctx = ssl->sha1_ctx;
+    MD5_CTX md5_ctx = *ssl->md5_ctx;
+    SHA1_CTX sha1_ctx = *ssl->sha1_ctx;
 
     if (label)
     {
diff --git a/ssl/tls1.h b/ssl/tls1.h
index e8be2e44d2..8590215acc 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -163,8 +163,8 @@ struct _SSL
     int16_t hs_status;
     uint8_t *all_pkts; 
     int all_pkts_len;
-    MD5_CTX md5_ctx;
-    SHA1_CTX sha1_ctx;
+    MD5_CTX *md5_ctx;
+    SHA1_CTX *sha1_ctx;
     int client_fd;
     const cipher_info_t *cipher_info;
     uint8_t *final_finish_mac;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index c33962e781..92f60fb809 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -110,6 +110,10 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
+            free(ssl->md5_ctx);
+            free(ssl->sha1_ctx);
+            ssl->md5_ctx = NULL;
+            ssl->sha1_ctx = NULL;
             break;
 
         case HS_HELLO_REQUEST:
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 6baae5b67e..1da3d8fc42 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -92,6 +92,10 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
+            free(ssl->md5_ctx);
+            free(ssl->sha1_ctx);
+            ssl->md5_ctx = NULL;
+            ssl->sha1_ctx = NULL;
             break;
     }
 

From fa0bf09b86a0f5982cabaca2b4e05c950f67f3ea Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 4 Oct 2007 11:25:28 +0000
Subject: [PATCH 113/301] some more memory tweaks

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@135 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c |   5 +-
 ssl/tls1.c         | 123 ++++++++++++++++++++++-----------------------
 ssl/tls1.h         |  27 +++++-----
 ssl/tls1_clnt.c    |  16 +++---
 ssl/tls1_svr.c     |  11 ++--
 5 files changed, 88 insertions(+), 94 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index b91c5fe89e..a566ea954c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1470,9 +1470,8 @@ static void do_basic(void)
     ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
 
     /* check the return status */
-    if (ssl_handshake_status(ssl_clnt))
+    if (ssl_handshake_status(ssl_clnt) < 0)
     {
-        printf("Client ");
         ssl_display_error(ssl_handshake_status(ssl_clnt));
         goto error;
     }
@@ -1722,7 +1721,7 @@ int multi_thread_test(void)
  **************************************************************************/
 static void do_header_issue(void)
 {
-    uint8_t axtls_buf[2048];
+    char axtls_buf[2048];
 #ifndef WIN32
     pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
 #endif
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 2a32f40687..e4c8bf5f21 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -269,13 +269,9 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
 
     /* may already be free - but be sure */
-    free(ssl->final_finish_mac);
-    free(ssl->key_block);
     free(ssl->encrypt_ctx);
     free(ssl->decrypt_ctx);
-    free(ssl->master_secret);
-    free(ssl->md5_ctx);
-    free(ssl->sha1_ctx);
+    disposable_free(ssl);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     x509_free(ssl->x509_ctx);
 #endif
@@ -499,6 +495,7 @@ EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
 {
     int ret = SSL_OK;
 
+    disposable_new(ssl);
 #ifdef CONFIG_SSL_ENABLE_CLIENT
     if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
     {
@@ -547,17 +544,12 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
     ssl->client_fd = client_fd;
     ssl->flag = SSL_NEED_RECORD;
-    ssl->certs = ssl_ctx->certs;
-    ssl->chain_length = ssl_ctx->chain_length;
     ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
-    ssl->md5_ctx = (MD5_CTX *)malloc(sizeof(MD5_CTX));
-    ssl->sha1_ctx = (SHA1_CTX *)malloc(sizeof(SHA1_CTX));
-    MD5_Init(ssl->md5_ctx);
-    SHA1_Init(ssl->sha1_ctx);
+    disposable_new(ssl);
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
@@ -718,8 +710,8 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    MD5_Update(ssl->md5_ctx, pkt, len);
-    SHA1_Update(ssl->sha1_ctx, pkt, len);
+    MD5_Update(&ssl->dc->md5_ctx, pkt, len);
+    SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
 }
 
 /**
@@ -809,10 +801,9 @@ void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
 {
     uint8_t buf[128];   /* needs to be > 13+32+32 in size */
     strcpy((char *)buf, "master secret");
-    memcpy(&buf[13], ssl->client_random, SSL_RANDOM_SIZE);
-    memcpy(&buf[45], ssl->server_random, SSL_RANDOM_SIZE);
-    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
-    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->master_secret,
+    memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
+    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
             SSL_SECRET_SIZE);
 }
 
@@ -837,8 +828,8 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
     uint8_t mac_buf[128]; 
     uint8_t *q = mac_buf;
-    MD5_CTX md5_ctx = *ssl->md5_ctx;
-    SHA1_CTX sha1_ctx = *ssl->sha1_ctx;
+    MD5_CTX md5_ctx = ssl->dc->md5_ctx;
+    SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
 
     if (label)
     {
@@ -854,7 +845,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 
     if (label)
     {
-        prf(ssl->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
+        prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
             digest, SSL_FINISHED_HASH_SIZE);
     }
     else    /* for use in a certificate verify */
@@ -864,7 +855,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 
 #if 0
     printf("label: %s\n", label);
-    print_blob("master secret", ssl->master_secret, 48);
+    print_blob("master secret", ssl->dc->master_secret, 48);
     print_blob("mac_buf", mac_buf, q-mac_buf);
     print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
 #endif
@@ -1071,27 +1062,26 @@ static void set_key_block(SSL *ssl, int is_write)
     uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
     uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    int key_block_existed = 1;
 
     /* only do once in a handshake */
-    if (ssl->key_block == NULL)
+    if (ssl->dc->key_block == NULL)
     {
-        ssl->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
+        ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
 
 #if 0
-        print_blob("client", ssl->client_random, 32);
-        print_blob("server", ssl->server_random, 32);
-        print_blob("master", ssl->master_secret, SSL_SECRET_SIZE);
+        print_blob("client", ssl->dc->client_random, 32);
+        print_blob("server", ssl->dc->server_random, 32);
+        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
 #endif
-        generate_key_block(ssl->client_random, ssl->server_random,
-            ssl->master_secret, ssl->key_block, ciph_info->key_block_size);
+        generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
+            ssl->dc->master_secret, ssl->dc->key_block, 
+            ciph_info->key_block_size);
 #if 0
         print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
 #endif
-        key_block_existed = 0;
     }
 
-    q = ssl->key_block;
+    q = ssl->dc->key_block;
 
     if ((is_client && is_write) || (!is_client && !is_write))
     {
@@ -1123,15 +1113,10 @@ static void set_key_block(SSL *ssl, int is_write)
 
     free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
 
-    if (ssl->final_finish_mac == NULL)
-    {
-        ssl->final_finish_mac = (uint8_t *)malloc(SSL_FINISHED_HASH_SIZE);
-    }
-
     /* now initialise the ciphers */
     if (is_client)
     {
-        finished_digest(ssl, server_finished, ssl->final_finish_mac);
+        finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
 
         if (is_write)
             ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
@@ -1140,7 +1125,7 @@ static void set_key_block(SSL *ssl, int is_write)
     }
     else
     {
-        finished_digest(ssl, client_finished, ssl->final_finish_mac);
+        finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
 
         if (is_write)
             ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
@@ -1149,14 +1134,6 @@ static void set_key_block(SSL *ssl, int is_write)
     }
 
     ssl->cipher_info = ciph_info;
-
-    /* clean up if possible */
-    if (key_block_existed)
-    {
-        memset(ssl->key_block, 0, ciph_info->key_block_size);
-        free(ssl->key_block);
-        ssl->key_block = NULL;
-    }
 }
 
 /**
@@ -1249,7 +1226,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     switch (ssl->record_type)
     {
         case PT_HANDSHAKE_PROTOCOL:
-            ssl->bm_proc_index = 0;
+            ssl->dc->bm_proc_index = 0;
             ret = do_handshake(ssl, buf, read_len);
             break;
 
@@ -1379,7 +1356,7 @@ int send_finished(SSL *ssl)
     if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
     {
         memcpy(ssl->session->master_secret,
-                ssl->master_secret, SSL_SECRET_SIZE);
+                ssl->dc->master_secret, SSL_SECRET_SIZE);
     }
 #endif
 
@@ -1470,7 +1447,7 @@ int process_finished(SSL *ssl, int hs_len)
     PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
 
     /* check that we all work before we continue */
-    if (memcmp(ssl->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+    if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
         return SSL_ERROR_FINISHED_INVALID;
 
     if ((!is_client && !resume) || (is_client && resume))
@@ -1479,14 +1456,6 @@ int process_finished(SSL *ssl, int hs_len)
             ret = send_finished(ssl);
     }
 
-    memset(ssl->master_secret, 0, SSL_SECRET_SIZE);
-    free(ssl->master_secret);
-    ssl->master_secret = NULL;
-
-    memset(ssl->final_finish_mac, 0, SSL_FINISHED_HASH_SIZE);
-    free(ssl->final_finish_mac);
-    ssl->final_finish_mac = NULL;
-
     /* if we ever renegotiate */
     ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
     ssl->hs_status = ret;  /* set the final handshake status */
@@ -1509,9 +1478,9 @@ int send_certificate(SSL *ssl)
     buf[1] = 0;
     buf[4] = 0;
 
-    while (i < ssl->chain_length)
+    while (i < ssl->ssl_ctx->chain_length)
     {
-        SSL_CERT *cert = &ssl->certs[i];
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
         buf[offset++] = 0;        
         buf[offset++] = cert->size >> 8;        /* cert 1 length */
         buf[offset++] = cert->size & 0xff;
@@ -1530,6 +1499,35 @@ int send_certificate(SSL *ssl)
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }
 
+/**
+ * Create a blob of memory that we'll get rid of once the handshake is
+ * complete.
+ */
+void disposable_new(SSL *ssl)
+{
+    if (ssl->dc == NULL)
+    {
+        ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
+        MD5_Init(&ssl->dc->md5_ctx);
+        SHA1_Init(&ssl->dc->sha1_ctx);
+    }
+}
+
+/**
+ * Remove the temporary blob of memory.
+ */
+void disposable_free(SSL *ssl)
+{
+    if (ssl->dc)
+    {
+	free(ssl->dc->key_block);
+        memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
+        free(ssl->dc);
+        ssl->dc = NULL;
+    }
+
+}
+
 #ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
 /**
  * Find if an existing session has the same session id. If so, use the
@@ -1566,9 +1564,8 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
                 if (memcmp(ssl_sessions[i]->session_id, session_id,
                                                 SSL_SESSION_ID_SIZE) == 0)
                 {
-                    ssl->master_secret = (uint8_t *)malloc(SSL_SECRET_SIZE);
                     ssl->session_index = i;
-                    memcpy(ssl->master_secret, 
+                    memcpy(ssl->dc->master_secret, 
                             ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
                     SET_SSL_FLAG(SSL_SESSION_RESUME);
                     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@@ -1730,7 +1727,7 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 {
     int ret = SSL_OK;
-    uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index];
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     int cert_size, offset = 5;
     int total_cert_size = (buf[offset]<<8) + buf[offset+1];
@@ -1766,7 +1763,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 
     DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
     ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
-    ssl->bm_proc_index += offset;
+    ssl->dc->bm_proc_index += offset;
 error:
     return ret;
 }
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 8590215acc..b21f4d67fe 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -150,35 +150,39 @@ typedef struct
     int size;
 } SSL_CERT;
 
+typedef struct
+{
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+    uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
+    uint8_t *key_block;
+    uint8_t master_secret[SSL_SECRET_SIZE];
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint16_t bm_proc_index;
+} DISPOSABLE_CTX;
+
 struct _SSL
 {
     uint32_t flag;
     uint16_t need_bytes;
     uint16_t got_bytes;
     uint8_t record_type;
-    uint8_t chain_length;
     uint8_t cipher;
     uint8_t sess_id_size;
     int16_t next_state;
     int16_t hs_status;
-    uint8_t *all_pkts; 
-    int all_pkts_len;
-    MD5_CTX *md5_ctx;
-    SHA1_CTX *sha1_ctx;
+    DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
     int client_fd;
     const cipher_info_t *cipher_info;
-    uint8_t *final_finish_mac;
-    uint8_t *key_block;
     void *encrypt_ctx;
     void *decrypt_ctx;
     uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
     uint8_t *bm_data;
     uint16_t bm_index;
     uint16_t bm_read_index;
-    uint16_t bm_proc_index;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
-    SSL_CERT *certs;
     struct _SSL_CTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t session_index;
@@ -191,9 +195,6 @@ struct _SSL
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
-    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
-    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
-    uint8_t *master_secret;
     uint8_t read_sequence[8];       /* 64 bit sequence number */
     uint8_t write_sequence[8];      /* 64 bit sequence number */
     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
@@ -232,6 +233,8 @@ typedef struct _SSL_CTX SSLCTX;
 extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
 
 SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
+void disposable_new(SSL *ssl);
+void disposable_free(SSL *ssl);
 int send_packet(SSL *ssl, uint8_t protocol, 
         const uint8_t *in, int length);
 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 92f60fb809..8b38e3768a 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -110,13 +110,11 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
-            free(ssl->md5_ctx);
-            free(ssl->sha1_ctx);
-            ssl->md5_ctx = NULL;
-            ssl->sha1_ctx = NULL;
+            disposable_free(ssl);   /* free up some memory */
             break;
 
         case HS_HELLO_REQUEST:
+            disposable_new(ssl);
             ret = do_client_connect(ssl);
             break;
     }
@@ -185,7 +183,7 @@ static int send_client_hello(SSL *ssl)
     *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
     *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
     get_random(SSL_RANDOM_SIZE-4, &buf[10]);
-    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
     /* give session resumption a go */
@@ -236,7 +234,7 @@ static int process_server_hello(SSL *ssl)
         return SSL_ERROR_INVALID_VERSION;
 
     /* get the server random value */
-    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
     sess_id_size = buf[offset++];
 
@@ -265,7 +263,7 @@ static int process_server_hello(SSL *ssl)
 
     offset++;   // skip the compr
     PARANOIA_CHECK(pkt_size, offset);
-    ssl->bm_proc_index = offset+1; 
+    ssl->dc->bm_proc_index = offset+1; 
 
 error:
     return ret;
@@ -317,7 +315,7 @@ static int send_client_key_xchg(SSL *ssl)
  */
 static int process_cert_req(SSL *ssl)
 {
-    uint8_t *buf = &ssl->bm_data[ssl->bm_proc_index];
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int ret = SSL_OK;
     int offset = (buf[2] << 4) + buf[3];
     int pkt_size = ssl->bm_index;
@@ -325,7 +323,7 @@ static int process_cert_req(SSL *ssl)
     /* don't do any processing - we will send back an RSA certificate anyway */
     ssl->next_state = HS_SERVER_HELLO_DONE;
     SET_SSL_FLAG(SSL_HAS_CERT_REQ);
-    ssl->bm_proc_index += offset;
+    ssl->dc->bm_proc_index += offset;
     PARANOIA_CHECK(pkt_size, offset);
 error:
     return ret;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 1da3d8fc42..d763917da8 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -92,10 +92,7 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
-            free(ssl->md5_ctx);
-            free(ssl->sha1_ctx);
-            ssl->md5_ctx = NULL;
-            ssl->sha1_ctx = NULL;
+            disposable_free(ssl);   /* free up some memory */
             break;
     }
 
@@ -122,7 +119,7 @@ static int process_client_hello(SSL *ssl)
         goto error;
     }
 
-    memcpy(ssl->client_random, &buf[6], SSL_RANDOM_SIZE);
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
 
     /* process the session id */
     id_len = buf[offset++];
@@ -233,7 +230,7 @@ int process_sslv23_client_hello(SSL *ssl)
         random_offset += 0x10;
     }
 
-    memcpy(&ssl->client_random[random_offset], &buf[offset], ch_len);
+    memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
     ret = send_server_hello_sequence(ssl);
 
 error:
@@ -303,7 +300,7 @@ static int send_server_hello(SSL *ssl)
 
     /* server random value */
     get_random(SSL_RANDOM_SIZE, &buf[6]);
-    memcpy(ssl->server_random, &buf[6], SSL_RANDOM_SIZE);
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
 #ifndef CONFIG_SSL_SKELETON_MODE

From 27f866daac0eb55073a5cedccc73c0d28faf5570 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 12 Oct 2007 06:40:24 +0000
Subject: [PATCH 114/301] removed chroot() after lwn article

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@137 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/linuxconfig |  1 -
 config/win32config |  1 -
 httpd/Config.in    | 11 -----------
 httpd/axhttpd.c    |  4 ----
 httpd/proc.c       |  5 -----
 5 files changed, 22 deletions(-)

diff --git a/config/linuxconfig b/config/linuxconfig
index d1d883e09b..949ac051b6 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -65,7 +65,6 @@ CONFIG_HTTP_LUA_PREFIX="/usr/local"
 # CONFIG_HTTP_BUILD_LUA is not set
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_USE_CHROOT is not set
 # CONFIG_HTTP_CHANGE_UID is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
 # CONFIG_HTTP_VERBOSE is not set
diff --git a/config/win32config b/config/win32config
index ae6abf18b2..8640ea0f7e 100644
--- a/config/win32config
+++ b/config/win32config
@@ -71,7 +71,6 @@ CONFIG_HTTP_LUA_CGI_LAUNCHER=""
 # CONFIG_HTTP_BUILD_LUA is not set
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_USE_CHROOT is not set
 # CONFIG_HTTP_CHANGE_UID is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
 CONFIG_HTTP_VERBOSE=y
diff --git a/httpd/Config.in b/httpd/Config.in
index cbbbc7d5ec..ad66e2a167 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -119,17 +119,6 @@ config CONFIG_HTTP_HAS_AUTHORIZATION
     help
         Pages/directories can have passwords associated with them.
 
-config CONFIG_HTTP_USE_CHROOT
-    bool "Use chroot()"
-    default n
-    depends on !CONFIG_PLATFORM_WIN32
-    help
-        Use chroot() to switch directories with a certain degree of
-        protection. However access to /bin and /lib have to replaced with
-        duplicate binaries.
-        
-        This feature is normally disabled.
-
 config CONFIG_HTTP_CHANGE_UID
     bool "Change UID"
     default n
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 701d588530..1594f1cb83 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -576,11 +576,7 @@ static void ax_chdir(void)
 {
     static char *webroot = CONFIG_HTTP_WEBROOT;
 
-#if defined(WIN32) || !defined(CONFIG_HTTP_USE_CHROOT)
     if (chdir(webroot))
-#else   /* use chroot() instead */
-    if (chroot(webroot))
-#endif
     {
 #ifdef CONFIG_HTTP_VERBOSE
         fprintf(stderr, "'%s' is not a directory\n", webroot);
diff --git a/httpd/proc.c b/httpd/proc.c
index 35388e7fcc..270dd70942 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -916,12 +916,7 @@ static int hexit(char c)
 static void buildactualfile(struct connstruct *cn)
 {
     char *cp;
-
-#ifdef CONFIG_HTTP_USE_CHROOT
-    snprintf(cn->actualfile, MAXREQUESTLENGTH, "%s", cn->filereq);
-#else
     snprintf(cn->actualfile, MAXREQUESTLENGTH, ".%s", cn->filereq);
-#endif
 
 #ifndef WIN32
     /* Add directory slash if not there */

From 2f2dd5954515de8277f151fdf35a089833487cd2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 22 Oct 2007 13:17:02 +0000
Subject: [PATCH 115/301] changed var arrays to alloca

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@138 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/bigint.h  |  2 +-
 ssl/openssl.c |  2 ++
 ssl/os_port.h | 24 ++++++++++++++++++++++++
 ssl/rsa.c     | 19 ++-----------------
 ssl/tls1.c    | 12 ++----------
 ssl/tls1.h    | 23 -----------------------
 6 files changed, 31 insertions(+), 51 deletions(-)

diff --git a/ssl/bigint.h b/ssl/bigint.h
index 5c70fcc96b..8c248a9306 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -19,8 +19,8 @@
 #ifndef BIGINT_HEADER
 #define BIGINT_HEADER
 
-#include "os_port.h"
 #include "crypto.h"
+#include "os_port.h"
 #include "bigint_impl.h"
 
 #ifndef CONFIG_BIGINT_CHECK_ON
diff --git a/ssl/openssl.c b/ssl/openssl.c
index 1c5ddf7e11..3b63019e90 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -180,10 +180,12 @@ void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
 int SSL_library_init(void ) { return 1; }
 void SSL_load_error_strings(void ) {}
 void ERR_print_errors_fp(FILE *fp) {}
+#ifndef CONFIG_SSL_SKELETON_MODE
 long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
                             return CONFIG_SSL_EXPIRY_TIME*3600; }
 long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
                             return SSL_CTX_get_timeout(ssl_ctx); }
+#endif
 void BIO_printf(FILE *f, const char *format, ...)
 {
     va_list(ap);
diff --git a/ssl/os_port.h b/ssl/os_port.h
index c6ecb6f83a..26bb709689 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -87,6 +87,7 @@ extern "C" {
 #define strdup(A)               _strdup(A)
 #define chroot(A)               _chdir(A)
 #define chdir(A)                _chdir(A)
+#define alloca(A)                _alloca(A)
 #ifndef lseek
 #define lseek(A,B,C)            _lseek(A,B,C)
 #endif
@@ -166,6 +167,29 @@ void exit_now(const char *format, ...) __attribute((noreturn));
 void exit_now(const char *format, ...);
 #endif
 
+/* Mutexing definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else 
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/ssl/rsa.c b/ssl/rsa.c
index d58864b2fc..4d70c10b67 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -128,11 +128,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     const int byte_size = ctx->num_octets;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
-#ifndef WIN32
-    uint8_t block[byte_size];
-#else
-    uint8_t *block = (uint8_t *)malloc(byte_size);
-#endif
+    uint8_t *block = (uint8_t *)alloca(byte_size);
 
     memset(out_data, 0, byte_size); /* initialise */
 
@@ -169,9 +165,6 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     if (size > 0)
         memcpy(out_data, &block[i], size);
     
-#ifdef WIN32
-    free(block);
-#endif
     return size ? size : -1;
 }
 
@@ -264,11 +257,7 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
-#ifndef WIN32
-    uint8_t block[sig_len];
-#else
-    uint8_t *block = (uint8_t *)malloc(sig_len);
-#endif
+    uint8_t *block = (uint8_t *)alloca(sig_len);
 
     /* decrypt */
     dat_bi = bi_import(ctx, sig, sig_len);
@@ -296,10 +285,6 @@ bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         }
     }
 
-#ifdef WIN32
-    free(block);
-#endif
-
     /* save a few bytes of memory */
     bi_clear_cache(ctx);
     return bir;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index e4c8bf5f21..4a6a8cbd2d 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -307,7 +307,6 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
  */
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
-
     int n = out_len, nw, i, tot = 0;
 
     /* maximum size of a TLS packet is around 16kB, so fragment */
@@ -624,11 +623,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-#ifndef WIN32
-    uint8_t t_buf[hmac_len+10];
-#else
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
-#endif
+    uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -664,9 +659,6 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
     }
     print_blob("hmac", hmac_buf, SHA1_SIZE);
 #endif
-#ifdef WIN32
-    free(t_buf);
-#endif
 }
 
 /**
@@ -1520,7 +1512,7 @@ void disposable_free(SSL *ssl)
 {
     if (ssl->dc)
     {
-	free(ssl->dc->key_block);
+	    free(ssl->dc->key_block);
         memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
         free(ssl->dc);
         ssl->dc = NULL;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index b21f4d67fe..624eaf4857 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -32,29 +32,6 @@ extern "C" {
 #include "crypto.h"
 #include "crypto_misc.h"
 
-/* Mutexing definitions */
-#if defined(CONFIG_SSL_CTX_MUTEXING)
-#if defined(WIN32)
-#define SSL_CTX_MUTEX_TYPE          HANDLE
-#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
-#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
-#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
-#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
-#else 
-#include <pthread.h>
-#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
-#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
-#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
-#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
-#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
-#endif
-#else   /* no mutexing */
-#define SSL_CTX_MUTEX_INIT(A)
-#define SSL_CTX_MUTEX_DESTROY(A)
-#define SSL_CTX_LOCK(A)
-#define SSL_CTX_UNLOCK(A)
-#endif
-
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
 #define SSL_FINISHED_HASH_SIZE      12

From f72d53348e818f8629927d76bd00ec56ba72c0b1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 1 Nov 2007 21:33:18 +0000
Subject: [PATCH 116/301] minor updates

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@139 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile          |  2 ++
 crypto/md2.c      | 24 ++++++++++++------------
 ssl/bigint.c      |  8 ++++++++
 ssl/bigint.h      |  3 ---
 ssl/bigint_impl.h |  5 -----
 5 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/Makefile b/Makefile
index 4771e6f1c7..b63c1c2fac 100644
--- a/Makefile
+++ b/Makefile
@@ -75,7 +75,9 @@ win32_demo:
 install: $(PREFIX) all
 	cp --no-dereference $(STAGE)/libax* $(PREFIX)/lib
 	chmod 755 $(PREFIX)/lib/libax* 
+ifdef CONFIG_SAMPLES
 	install -m 755 $(STAGE)/ax* $(PREFIX)/bin 
+endif
 ifdef CONFIG_HTTP_HAS_AUTHORIZATION
 	install -m 755 $(STAGE)/htpasswd $(PREFIX)/bin 
 endif
diff --git a/crypto/md2.c b/crypto/md2.c
index 93e1bf6451..5234c4fb83 100644
--- a/crypto/md2.c
+++ b/crypto/md2.c
@@ -1,23 +1,23 @@
 /*
- *  RFC 1115/1319 compliant MD2 implementation
- *
- *  Copyright (C) 2006-2007  Christophe Devine
+ *  Copyright(C) 2006 Cameron Rich
  *
- *  This library is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU Lesser General Public
- *  License, version 2.1 as published by the Free Software Foundation.
+ *  This library is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU Lesser General Public License as published by
+ *  the Free Software Foundation; either version 2.1 of the License, or
+ *  (at your option) any later version.
  *
  *  This library is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- *  Lesser General Public License for more details.
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this library; if not, write to the Free Software
- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- *  MA  02110-1301  USA
+ *  You should have received a copy of the GNU Lesser General Public License
+ *  along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+
 /*
+ *  RFC 1115/1319 compliant MD2 implementation
  *  The MD2 algorithm was designed by Ron Rivest in 1989.
  *
  *  http://www.ietf.org/rfc/rfc1115.txt
diff --git a/ssl/bigint.c b/ssl/bigint.c
index ef4a917f49..4b778a5156 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -55,6 +55,11 @@
 #include <time.h>
 #include "bigint.h"
 
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
 static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
 static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
 static bigint *alloc(BI_CTX *ctx, int size);
@@ -68,8 +73,11 @@ static bigint *comp_left_shift(bigint *biR, int num_shifts);
 
 #ifdef CONFIG_BIGINT_CHECK_ON
 static void check(const bigint *bi);
+#else
+#define check(A)                /**< disappears in normal production mode */
 #endif
 
+
 /**
  * @brief Start a new bigint context.
  * @return A bigint context.
diff --git a/ssl/bigint.h b/ssl/bigint.h
index 8c248a9306..b96721d600 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -23,9 +23,6 @@
 #include "os_port.h"
 #include "bigint_impl.h"
 
-#ifndef CONFIG_BIGINT_CHECK_ON
-#define check(A)                /**< disappears in normal production mode */
-#endif
 BI_CTX *bi_initialize(void);
 void bi_terminate(BI_CTX *ctx);
 void bi_permanent(bigint *bi);
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 762a7ccbb2..3db467cc05 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -97,9 +97,4 @@ typedef struct /**< A big integer "session" context. */
 
 #define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
 
-#define V1      v->comps[v->size-1]                 /**< v1 for division */
-#define V2      v->comps[v->size-2]                 /**< v2 for division */
-#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
-#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
-
 #endif

From 70ed44946eca4ed0d18b9a2abcc298f11b03b693 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 5 Nov 2007 02:28:37 +0000
Subject: [PATCH 117/301] changed to BSD style license

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@140 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile                            | 36 +++++++++++++++++---------
 bindings/Makefile                   | 36 +++++++++++++++++---------
 bindings/csharp/Makefile            | 36 +++++++++++++++++---------
 bindings/csharp/axTLS.cs            | 38 +++++++++++++++++----------
 bindings/generate_SWIG_interface.pl | 36 +++++++++++++++++---------
 bindings/generate_interface.pl      | 36 +++++++++++++++++---------
 bindings/java/Makefile              | 36 +++++++++++++++++---------
 bindings/java/SSL.java              | 38 +++++++++++++++++----------
 bindings/java/SSLCTX.java           | 38 +++++++++++++++++----------
 bindings/java/SSLClient.java        | 38 +++++++++++++++++----------
 bindings/java/SSLReadHolder.java    | 38 +++++++++++++++++----------
 bindings/java/SSLServer.java        | 38 +++++++++++++++++----------
 bindings/java/SSLUtil.java          | 38 +++++++++++++++++----------
 bindings/lua/Makefile               | 36 +++++++++++++++++---------
 bindings/perl/Makefile              | 36 +++++++++++++++++---------
 bindings/vbnet/Makefile             | 36 +++++++++++++++++---------
 bindings/vbnet/axTLSvb.vb           | 36 +++++++++++++++++---------
 config/makefile.conf                | 36 +++++++++++++++++---------
 config/makefile.dotnet.conf         | 36 +++++++++++++++++---------
 config/makefile.java.conf           | 36 +++++++++++++++++---------
 crypto/Makefile                     | 36 +++++++++++++++++---------
 crypto/aes.c                        | 38 +++++++++++++++++----------
 crypto/crypto.h                     | 38 +++++++++++++++++----------
 crypto/hmac.c                       | 38 +++++++++++++++++----------
 crypto/md2.c                        | 38 +++++++++++++++++----------
 crypto/md5.c                        | 38 +++++++++++++++++----------
 crypto/rc4.c                        | 38 +++++++++++++++++----------
 crypto/sha1.c                       | 38 +++++++++++++++++----------
 docsrc/Makefile                     | 36 +++++++++++++++++---------
 httpd/Makefile                      | 36 +++++++++++++++++---------
 httpd/axhttp.h                      | 38 +++++++++++++++++----------
 httpd/axhttpd.c                     | 38 +++++++++++++++++----------
 httpd/htpasswd.c                    | 38 +++++++++++++++++----------
 httpd/proc.c                        | 38 +++++++++++++++++----------
 httpd/tdate_parse.c                 | 38 +++++++++++++++++----------
 samples/Makefile                    | 36 +++++++++++++++++---------
 samples/c/Makefile                  | 36 +++++++++++++++++---------
 samples/c/axssl.c                   | 38 +++++++++++++++++----------
 samples/csharp/Makefile             | 36 +++++++++++++++++---------
 samples/csharp/axssl.cs             | 38 +++++++++++++++++----------
 samples/java/Makefile               | 36 +++++++++++++++++---------
 samples/java/axssl.java             | 38 +++++++++++++++++----------
 samples/lua/Makefile                | 36 +++++++++++++++++---------
 samples/lua/axssl.lua               | 36 +++++++++++++++++---------
 samples/perl/Makefile               | 36 +++++++++++++++++---------
 samples/perl/axssl.pl               | 36 +++++++++++++++++---------
 samples/vbnet/Makefile              | 36 +++++++++++++++++---------
 samples/vbnet/axssl.vb              | 36 +++++++++++++++++---------
 ssl/Makefile                        | 36 +++++++++++++++++---------
 ssl/asn1.c                          | 38 +++++++++++++++++----------
 ssl/bigint.c                        | 38 +++++++++++++++++----------
 ssl/bigint.h                        | 38 +++++++++++++++++----------
 ssl/bigint_impl.h                   | 38 +++++++++++++++++----------
 ssl/crypto_misc.c                   | 38 +++++++++++++++++----------
 ssl/crypto_misc.h                   | 40 +++++++++++++++++++----------
 ssl/loader.c                        | 38 +++++++++++++++++----------
 ssl/openssl.c                       | 38 +++++++++++++++++----------
 ssl/os_port.c                       | 38 +++++++++++++++++----------
 ssl/os_port.h                       | 38 +++++++++++++++++----------
 ssl/p12.c                           | 38 +++++++++++++++++----------
 ssl/rsa.c                           | 38 +++++++++++++++++----------
 ssl/ssl.h                           | 38 +++++++++++++++++----------
 ssl/test/Makefile                   | 36 +++++++++++++++++---------
 ssl/test/make_certs.sh              | 36 +++++++++++++++++---------
 ssl/test/perf_bigint.c              | 38 +++++++++++++++++----------
 ssl/test/ssltest.c                  | 38 +++++++++++++++++----------
 ssl/test/test_axssl.sh              | 36 +++++++++++++++++---------
 ssl/tls1.c                          | 38 +++++++++++++++++----------
 ssl/tls1.h                          | 38 +++++++++++++++++----------
 ssl/tls1_clnt.c                     | 38 +++++++++++++++++----------
 ssl/tls1_svr.c                      | 38 +++++++++++++++++----------
 ssl/x509.c                          | 38 +++++++++++++++++----------
 www/index.html                      |  4 +--
 73 files changed, 1773 insertions(+), 909 deletions(-)

diff --git a/Makefile b/Makefile
index b63c1c2fac..f6948de35f 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 -include config/.config
diff --git a/bindings/Makefile b/bindings/Makefile
index 8874159435..7654fbba57 100644
--- a/bindings/Makefile
+++ b/bindings/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 all:
diff --git a/bindings/csharp/Makefile b/bindings/csharp/Makefile
index 87073f5e43..3414f85621 100644
--- a/bindings/csharp/Makefile
+++ b/bindings/csharp/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index e2e5f4da29..f056df70a4 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index d9a4e888dd..cb157abc0c 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -1,21 +1,33 @@
 #!/usr/bin/perl
 
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #===============================================================
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index ab7b914ada..dad5ae5cb1 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -1,21 +1,33 @@
 #!/usr/bin/perl -w
 
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #===============================================================
diff --git a/bindings/java/Makefile b/bindings/java/Makefile
index 0c58c1e7f8..8df1d0aa83 100644
--- a/bindings/java/Makefile
+++ b/bindings/java/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 AXTLS_HOME=../..
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
index a2dfd370b1..b53a6da067 100644
--- a/bindings/java/SSL.java
+++ b/bindings/java/SSL.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
index 2823511b1a..311bedb795 100644
--- a/bindings/java/SSLCTX.java
+++ b/bindings/java/SSLCTX.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/java/SSLClient.java b/bindings/java/SSLClient.java
index 6ca43d0032..f65fe9c53f 100644
--- a/bindings/java/SSLClient.java
+++ b/bindings/java/SSLClient.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/java/SSLReadHolder.java b/bindings/java/SSLReadHolder.java
index e51e0a593d..91fd76b23f 100644
--- a/bindings/java/SSLReadHolder.java
+++ b/bindings/java/SSLReadHolder.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/java/SSLServer.java b/bindings/java/SSLServer.java
index 7aa7fc09b5..514ccb0342 100644
--- a/bindings/java/SSLServer.java
+++ b/bindings/java/SSLServer.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/java/SSLUtil.java b/bindings/java/SSLUtil.java
index a59de3f1fe..3d53de51cb 100644
--- a/bindings/java/SSLUtil.java
+++ b/bindings/java/SSLUtil.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/bindings/lua/Makefile b/bindings/lua/Makefile
index 66738cbedd..daacf92150 100644
--- a/bindings/lua/Makefile
+++ b/bindings/lua/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2007 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 AXTLS_HOME=../..
diff --git a/bindings/perl/Makefile b/bindings/perl/Makefile
index 3f5b15e7de..92fd3c50f7 100644
--- a/bindings/perl/Makefile
+++ b/bindings/perl/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 AXTLS_HOME=../..
diff --git a/bindings/vbnet/Makefile b/bindings/vbnet/Makefile
index bcd6cae4d2..7da60d02ed 100644
--- a/bindings/vbnet/Makefile
+++ b/bindings/vbnet/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/bindings/vbnet/axTLSvb.vb b/bindings/vbnet/axTLSvb.vb
index c941c595b2..9388273ce8 100644
--- a/bindings/vbnet/axTLSvb.vb
+++ b/bindings/vbnet/axTLSvb.vb
@@ -1,19 +1,31 @@
 '
-'  Copyright(C) 2006 Cameron Rich
+' Copyright (c) 2007, Cameron Rich
 '
-'  This program is free software you can redistribute it and/or modify
-'  it under the terms of the GNU General Public License as published by
-'  the Free Software Foundation either version 2.1 of the License, or
-'  (at your option As ) any later version.
+' All rights reserved.
 '
-'  This program is distributed in the hope that it will be useful,
-'  but WITHOUT ANY WARRANTY without even the implied warranty of
-'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-'  GNU Lesser General Public License for more details.
+' Redistribution and use in source and binary forms, with or without
+' modification, are permitted provided that the following conditions are met:
 '
-'  You should have received a copy of the GNU General Public License
-'  along with this program if not, write to the Free Software
-'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+' * Redistributions of source code must retain the above copyright notice,
+'   this list of conditions and the following disclaimer.
+' * Redistributions in binary form must reproduce the above copyright
+'   notice, this list of conditions and the following disclaimer in the
+'   documentation and/or other materials provided with the distribution.
+' * Neither the name of the axTLS project nor the names of its
+'   contributors may be used to endorse or promote products derived
+'   from this software without specific prior written permission.
+'
+' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 '
 
 '
diff --git a/config/makefile.conf b/config/makefile.conf
index fe9ba26d76..ffe86c54ae 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #
diff --git a/config/makefile.dotnet.conf b/config/makefile.dotnet.conf
index 110e27d3bb..9cff4fddf1 100644
--- a/config/makefile.dotnet.conf
+++ b/config/makefile.dotnet.conf
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 ifneq ($(MAKECMDGOALS), clean)
diff --git a/config/makefile.java.conf b/config/makefile.java.conf
index 2e51b50da3..9b22462908 100644
--- a/config/makefile.java.conf
+++ b/config/makefile.java.conf
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 ifneq ($(MAKECMDGOALS), clean)
diff --git a/crypto/Makefile b/crypto/Makefile
index b449a3f86a..d1dfd1ccda 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2007 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../config/.config
diff --git a/crypto/aes.c b/crypto/aes.c
index 520bd01a92..038a45bd85 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 4b4cdc406a..e1e8cc9c94 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 880a21c059..9199ff2207 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/crypto/md2.c b/crypto/md2.c
index 5234c4fb83..bfcbd24bbe 100644
--- a/crypto/md2.c
+++ b/crypto/md2.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/crypto/md5.c b/crypto/md5.c
index caf21aa63a..b4f86cab58 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/crypto/rc4.c b/crypto/rc4.c
index 83e4363dd0..57136b82bd 100644
--- a/crypto/rc4.c
+++ b/crypto/rc4.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/crypto/sha1.c b/crypto/sha1.c
index 69110d4879..be19100797 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/docsrc/Makefile b/docsrc/Makefile
index 136264b08d..28266869b7 100644
--- a/docsrc/Makefile
+++ b/docsrc/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../config/makefile.conf
diff --git a/httpd/Makefile b/httpd/Makefile
index bbc72274bf..b37c9819b6 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2007 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 all : web_server lua
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 2da364e742..de3a1985e8 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "os_port.h"
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 1594f1cb83..bd3b48dd48 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <stdio.h>
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index f4e26814a5..1a7a2311f8 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <stdio.h>
diff --git a/httpd/proc.c b/httpd/proc.c
index 270dd70942..f27dfabec1 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <stdio.h>
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
index a6cadc77e1..813bdc578b 100644
--- a/httpd/tdate_parse.c
+++ b/httpd/tdate_parse.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <sys/types.h>
diff --git a/samples/Makefile b/samples/Makefile
index fdbdb99709..afbdd43d1b 100644
--- a/samples/Makefile
+++ b/samples/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 all:
diff --git a/samples/c/Makefile b/samples/c/Makefile
index c1cdb4c6e8..f0a9d0ec03 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 all : sample
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 41b93af3f2..28ea71baf1 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/samples/csharp/Makefile b/samples/csharp/Makefile
index 267a49d15c..46c2421dce 100644
--- a/samples/csharp/Makefile
+++ b/samples/csharp/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index 174d3dc851..2224f89ea2 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/samples/java/Makefile b/samples/java/Makefile
index eca097ec70..b10a79f372 100644
--- a/samples/java/Makefile
+++ b/samples/java/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
index 76fb06d773..cc6bb711a2 100644
--- a/samples/java/axssl.java
+++ b/samples/java/axssl.java
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/samples/lua/Makefile b/samples/lua/Makefile
index 3c90813cf9..a460da3c55 100644
--- a/samples/lua/Makefile
+++ b/samples/lua/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2007 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index bdd97f4b1b..3f37551f26 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -1,21 +1,33 @@
 #!/usr/local/bin/lua
+
 --
+-- Copyright (c) 2007, Cameron Rich
 --
---  Copyright(C) 2007 Cameron Rich
+-- All rights reserved.
 --
---  This program is free software; you can redistribute it and/or modify
---  it under the terms of the GNU General Public License as published by
---  the Free Software Foundation; either version 2.1 of the License, or
---  (at your option) any later version.
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions are met:
 --
---  This program is distributed in the hope that it will be useful,
---  but WITHOUT ANY WARRANTY; without even the implied warranty of
---  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
---  GNU Lesser General Public License for more details.
+-- * Redistributions of source code must retain the above copyright notice,
+--   this list of conditions and the following disclaimer.
+-- * Redistributions in binary form must reproduce the above copyright
+--   notice, this list of conditions and the following disclaimer in the
+--   documentation and/or other materials provided with the distribution.
+-- * Neither the name of the axTLS project nor the names of its
+--   contributors may be used to endorse or promote products derived
+--   from this software without specific prior written permission.
 --
---  You should have received a copy of the GNU General Public License
---  along with this program; if not, write to the Free Software
---  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+-- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+-- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+-- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+-- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+-- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 --
 
 --
diff --git a/samples/perl/Makefile b/samples/perl/Makefile
index 0ad96070fd..5200c4302e 100644
--- a/samples/perl/Makefile
+++ b/samples/perl/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index c46c70a401..a8b4e26d97 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -1,20 +1,32 @@
 #!/usr/bin/perl -w
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #
diff --git a/samples/vbnet/Makefile b/samples/vbnet/Makefile
index 7349e67cc9..0984d4e02e 100644
--- a/samples/vbnet/Makefile
+++ b/samples/vbnet/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This program is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 include ../../config/.config
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
index a9f7e9fa85..a33cc9466a 100644
--- a/samples/vbnet/axssl.vb
+++ b/samples/vbnet/axssl.vb
@@ -1,19 +1,31 @@
 '
-'  Copyright(C) 2006 Cameron Rich
+' Copyright (c) 2007, Cameron Rich
 '
-'  This program is free software you can redistribute it and/or modify
-'  it under the terms of the GNU General Public License as published by
-'  the Free Software Foundation either version 2.1 of the License, or
-'  (at your option) any later version.
+' All rights reserved.
 '
-'  This program is distributed in the hope that it will be useful,
-'  but WITHOUT ANY WARRANTY without even the implied warranty of
-'  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-'  GNU Lesser General Public License for more details.
+' Redistribution and use in source and binary forms, with or without
+' modification, are permitted provided that the following conditions are met:
 '
-'  You should have received a copy of the GNU General Public License
-'  along with this program if not, write to the Free Software
-'  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+' * Redistributions of source code must retain the above copyright notice,
+'   this list of conditions and the following disclaimer.
+' * Redistributions in binary form must reproduce the above copyright
+'   notice, this list of conditions and the following disclaimer in the
+'   documentation and/or other materials provided with the distribution.
+' * Neither the name of the axTLS project nor the names of its
+'   contributors may be used to endorse or promote products derived
+'   from this software without specific prior written permission.
+'
+' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 '
 
 '
diff --git a/ssl/Makefile b/ssl/Makefile
index a8ec01c9f0..2354dda572 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2007 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 AXTLS_HOME=..
diff --git a/ssl/asn1.c b/ssl/asn1.c
index b248e3e213..8bc3f396cb 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/bigint.c b/ssl/bigint.c
index 4b778a5156..303c20a1c1 100644
--- a/ssl/bigint.c
+++ b/ssl/bigint.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/bigint.h b/ssl/bigint.h
index b96721d600..ee55c27213 100644
--- a/ssl/bigint.h
+++ b/ssl/bigint.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef BIGINT_HEADER
diff --git a/ssl/bigint_impl.h b/ssl/bigint_impl.h
index 3db467cc05..c23572733e 100644
--- a/ssl/bigint_impl.h
+++ b/ssl/bigint_impl.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef BIGINT_IMPL_HEADER
diff --git a/ssl/crypto_misc.c b/ssl/crypto_misc.c
index 29a28f9b36..bc802c703e 100644
--- a/ssl/crypto_misc.c
+++ b/ssl/crypto_misc.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 36b4d10f93..f8336c951d 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -1,20 +1,32 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 
 /**
  * @file crypto_misc.h
diff --git a/ssl/loader.c b/ssl/loader.c
index d5ea6cb43d..909b5b7474 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/openssl.c b/ssl/openssl.c
index 3b63019e90..712e133820 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2007 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Lesser License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 5f3c47722d..cddbea32a2 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 26bb709689..8b47e36641 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/p12.c b/ssl/p12.c
index d857a9b0cf..6ed92e431d 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/rsa.c b/ssl/rsa.c
index 4d70c10b67..ef1e5f50f3 100644
--- a/ssl/rsa.c
+++ b/ssl/rsa.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 83c6af7557..5adeecc0d7 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index deda7307f3..7c3b885c1b 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -1,19 +1,31 @@
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This library is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This library is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this library; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 all:
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
index b7a872b98c..dfc39d4f53 100755
--- a/ssl/test/make_certs.sh
+++ b/ssl/test/make_certs.sh
@@ -1,21 +1,33 @@
 #!/bin/sh
 
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index 74844a5e05..a4ffab6a3a 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This license is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this license; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index a566ea954c..9eaf543595 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This license is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This license is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this license; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
diff --git a/ssl/test/test_axssl.sh b/ssl/test/test_axssl.sh
index 2a8bceb8f7..acf11a630c 100755
--- a/ssl/test/test_axssl.sh
+++ b/ssl/test/test_axssl.sh
@@ -1,21 +1,33 @@
 #!/bin/sh
 
 #
-#  Copyright(C) 2006 Cameron Rich
+# Copyright (c) 2007, Cameron Rich
 #
-#  This license is free software; you can redistribute it and/or modify
-#  it under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2 of the License, or
-#  (at your option) any later version.
+# All rights reserved.
 #
-#  This license is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Lesser General Public License for more details.
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
 #
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with this license; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
 #
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4a6a8cbd2d..6dc67bd133 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU General Lesser License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 624eaf4857..4280cb2ac4 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 8b38e3768a..b1a58ca133 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <stdlib.h>
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index d763917da8..26813692d7 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <stdlib.h>
diff --git a/ssl/x509.c b/ssl/x509.c
index 6bb9afde01..849edded06 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -1,19 +1,31 @@
 /*
- *  Copyright(C) 2006 Cameron Rich
- *
- *  This library is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU Lesser General Public License as published by
- *  the Free Software Foundation; either version 2.1 of the License, or
- *  (at your option) any later version.
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
  *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
  *
- *  You should have received a copy of the GNU Lesser General Public License
- *  along with this library; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 /**
diff --git a/www/index.html b/www/index.html
index 9516ff52ea..3ae8d4c03b 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,9 +7086,9 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200710022244" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200711050225" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="CameronRich" modified="200702242339" created="200702240022" tags="">!GNU LESSER GENERAL PUBLIC LICENSE\n\nVersion 2.1, February 1999\n\nCopyright (C) 1991, 1999 Free Software Foundation, Inc.\n51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA\nEveryone is permitted to copy and distribute verbatim copies\nof this license document, but changing it is not allowed.\n\n[This is the first released version of the Lesser GPL.  It also counts\n as the successor of the GNU Library Public License, version 2, hence\n the version number 2.1.]\n\n!!Preamble\n\nThe licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software -to make sure the software is free for all its users.\n\nThis license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.\n\nWhen we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.\n\nTo protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.\n\nFor example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.\n\nWe protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.\n\nTo protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.\n\nFinally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.\n\nMost GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.\n\nWhen a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.\n\nWe call this license the &quot;Lesser&quot; General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.\n\nFor example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.\n\nIn other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.\n\nAlthough the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.\n\nThe precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. The former contains code derived from the library, whereas the latter must be combined with the library in order to run.\n\n!!TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION\n\n0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;.\n\nA &quot;library&quot; means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.\n\nThe &quot;Library&quot;, below, refers to any such software library or work which has been distributed under these terms. A &quot;work based on the Library&quot; means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term &quot;modification&quot;.)\n\n&quot;Source code&quot; for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.\n\nActivities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.\n\n1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.\n\nYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.\n\n2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:\n\n    * a) The modified work must itself be a software library.\n    * b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.\n    * c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.\n    * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.\n\n      (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)\n\n      These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.\n\n      Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.\n\n      In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.\n\n3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.\n\nOnce this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.\n\nThis option is useful when you wish to copy part of the code of the Library into a program that is not a library.\n\n4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.\n\nIf distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.\n\n5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a &quot;work that uses the Library&quot;. Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.\n\nHowever, linking a &quot;work that uses the Library&quot; with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a &quot;work that uses the library&quot;. The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.\n\nWhen a &quot;work that uses the Library&quot; uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.\n\nIf such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)\n\nOtherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.\n\n6. As an exception to the Sections above, you may also combine or link a &quot;work that uses the Library&quot; with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.\n\nYou must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:\n\n    * a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable &quot;work that uses the Library&quot;, as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)\n    * b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.\n    * c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.\n    * d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.\n    * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.\n\nFor an executable, the required form of the &quot;work that uses the Library&quot; must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.\n\nIt may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.\n\n7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:\n\n    * a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.\n    * b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.\n\n8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.\n\n9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.\n\n10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.\n\n11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.\n\nIf any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.\n\nIt is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.\n\nThis section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.\n\n12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.\n\n13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.\n\nEach version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and &quot;any later version&quot;, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.\n\n14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.\n\nNO WARRANTY\n\n15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\n\nEND OF TERMS AND CONDITIONS</div>
+<div tiddler="License" modifier="YourName" modified="200711050226" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2007, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
 <div tiddler="Read Me" modifier="YourName" modified="200709100637" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly some stuff.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>

From 4a82037346b476a79e496157cde4b0a5df25ca3d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 13 Nov 2007 08:36:58 +0000
Subject: [PATCH 118/301] some directory restructuring

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@141 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf          |   1 +
 crypto/Makefile               |   3 +
 {ssl => crypto}/bigint.c      |   0
 {ssl => crypto}/bigint.h      |   2 -
 {ssl => crypto}/bigint_impl.h |   0
 crypto/crypto.h               |  56 ++++++
 {ssl => crypto}/crypto_misc.c |   0
 {ssl => crypto}/rsa.c         |  46 +----
 ssl/Config.in                 |   7 +
 ssl/Makefile                  |  13 +-
 ssl/asn1.c                    |   4 +-
 ssl/crypto_misc.h             |  56 ------
 ssl/gen_cert.c                | 316 ++++++++++++++++++++++++++++++++++
 ssl/x509.c                    |  44 ++++-
 www/index.html                |   2 +-
 15 files changed, 439 insertions(+), 111 deletions(-)
 rename {ssl => crypto}/bigint.c (100%)
 rename {ssl => crypto}/bigint.h (98%)
 rename {ssl => crypto}/bigint_impl.h (100%)
 rename {ssl => crypto}/crypto_misc.c (100%)
 rename {ssl => crypto}/rsa.c (88%)
 create mode 100644 ssl/gen_cert.c

diff --git a/config/makefile.conf b/config/makefile.conf
index ffe86c54ae..cc06e97f53 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -99,6 +99,7 @@ ifndef CONFIG_PLATFORM_CYGWIN
 # Cygwin
 else
 CFLAGS += -DCONFIG_PLATFORM_CYGWIN
+LDFLAGS += -enable-auto-import
 endif
 endif
 
diff --git a/crypto/Makefile b/crypto/Makefile
index d1dfd1ccda..3ea8bdde0c 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -35,10 +35,13 @@ AXTLS_HOME=..
 
 OBJ=\
 	aes.o \
+	bigint.o \
+	crypto_misc.o \
 	hmac.o \
 	md2.o \
 	md5.o \
 	rc4.o \
+	rsa.o \
 	sha1.o
 
 include ../config/makefile.post
diff --git a/ssl/bigint.c b/crypto/bigint.c
similarity index 100%
rename from ssl/bigint.c
rename to crypto/bigint.c
diff --git a/ssl/bigint.h b/crypto/bigint.h
similarity index 98%
rename from ssl/bigint.h
rename to crypto/bigint.h
index ee55c27213..2966a3edb3 100644
--- a/ssl/bigint.h
+++ b/crypto/bigint.h
@@ -32,8 +32,6 @@
 #define BIGINT_HEADER
 
 #include "crypto.h"
-#include "os_port.h"
-#include "bigint_impl.h"
 
 BI_CTX *bi_initialize(void);
 void bi_terminate(BI_CTX *ctx);
diff --git a/ssl/bigint_impl.h b/crypto/bigint_impl.h
similarity index 100%
rename from ssl/bigint_impl.h
rename to crypto/bigint_impl.h
diff --git a/crypto/crypto.h b/crypto/crypto.h
index e1e8cc9c94..a4e6086580 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -41,6 +41,8 @@ extern "C" {
 
 #include "config.h"
 #include "os_port.h"
+#include "bigint_impl.h"
+#include "bigint.h"
 
 /* enable features based on a 'super-set' capbaility. */
 #if defined(CONFIG_SSL_FULL_MODE) 
@@ -157,7 +159,61 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
 
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
 
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
 
 #ifdef __cplusplus
 }
diff --git a/ssl/crypto_misc.c b/crypto/crypto_misc.c
similarity index 100%
rename from ssl/crypto_misc.c
rename to crypto/crypto_misc.c
diff --git a/ssl/rsa.c b/crypto/rsa.c
similarity index 88%
rename from ssl/rsa.c
rename to crypto/rsa.c
index ef1e5f50f3..7fb17b330d 100644
--- a/ssl/rsa.c
+++ b/crypto/rsa.c
@@ -37,7 +37,7 @@
 #include <string.h>
 #include <time.h>
 #include <stdlib.h>
-#include "crypto_misc.h"
+#include "crypto.h"
 
 void RSA_priv_key_new(RSA_CTX **ctx, 
         const uint8_t *modulus, int mod_len,
@@ -252,7 +252,7 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
     /* now encrypt it */
     dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
     encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
-        RSA_public(ctx, dat_bi);
+                              RSA_public(ctx, dat_bi);
     bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
 
     /* save a few bytes of memory */
@@ -260,46 +260,4 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
     return byte_size;
 }
 
-/**
- * Take a signature and decrypt it.
- */
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp)
-{
-    int i, size;
-    bigint *decrypted_bi, *dat_bi;
-    bigint *bir = NULL;
-    uint8_t *block = (uint8_t *)alloca(sig_len);
-
-    /* decrypt */
-    dat_bi = bi_import(ctx, sig, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    /* convert to a normal block */
-    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
-
-    bi_export(ctx, decrypted_bi, block, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    i = 10; /* start at the first possible non-padded byte */
-    while (block[i++] && i < sig_len);
-    size = sig_len - i;
-
-    /* get only the bit we want */
-    if (size > 0)
-    {
-        int len;
-        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
-
-        if (sig_ptr)
-        {
-            bir = bi_import(ctx, sig_ptr, len);
-        }
-    }
-
-    /* save a few bytes of memory */
-    bi_clear_cache(ctx);
-    return bir;
-}
-
 #endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/Config.in b/ssl/Config.in
index 0a11ef55fc..ec5fca84d5 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -251,6 +251,13 @@ config CONFIG_OPENSSL_COMPATIBLE
         Note: not all the API is implemented, so parts may still break. And
         it's definitely not 100% compatible.
 
+config CONFIG_GEN_CERTIFICATES
+    bool "Enable the generation of certificates"
+    default n
+    depends on CONFIG_SSL_CERT_VERIFICATION
+    help 
+        A primitive self-signed certificate generator.
+
 config CONFIG_PERFORMANCE_TESTING
     bool "Build the bigint performance test tool"
     default n
diff --git a/ssl/Makefile b/ssl/Makefile
index 2354dda572..eac1e8a701 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -48,8 +48,10 @@ BASETARGET=libaxtls.so
 CRYPTO_PATH=$(AXTLS_HOME)/crypto/
 ifdef CONFIG_PLATFORM_CYGWIN
 TARGET2=$(AXTLS_HOME)/$(STAGE)/libaxtls.dll.a
+TARGET3=$(AXTLS_HOME)/$(STAGE)/gen_cert.exe
 else
 TARGET2=$(AXTLS_HOME)/$(STAGE)/$(LIBMINOR)
+TARGET3=$(AXTLS_HOME)/$(STAGE)/gen_cert
 endif
 
 # shared library major/minor numbers
@@ -62,26 +64,26 @@ STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
 CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
 endif
 
-libs: $(TARGET1) $(TARGET2)
+libs: $(TARGET1) $(TARGET2) $(TARGET3)
 
 CRYPTO_OBJ=\
 	$(CRYPTO_PATH)aes.o \
+	$(CRYPTO_PATH)bigint.o \
+	$(CRYPTO_PATH)crypto_misc.o \
 	$(CRYPTO_PATH)hmac.o \
 	$(CRYPTO_PATH)md2.o \
 	$(CRYPTO_PATH)md5.o \
 	$(CRYPTO_PATH)rc4.o \
+	$(CRYPTO_PATH)rsa.o \
 	$(CRYPTO_PATH)sha1.o
 
 OBJ=\
 	asn1.o \
 	x509.o \
-	bigint.o \
-	crypto_misc.o \
 	os_port.o \
 	loader.o \
 	openssl.o \
 	p12.o \
-	rsa.o \
 	tls1.o \
 	tls1_svr.o \
 	tls1_clnt.o
@@ -104,6 +106,9 @@ else
     -Wl,--enable-auto-import $(CRYPTO_OBJ) $(OBJ)
 endif
 
+$(TARGET3): gen_cert.o
+	$(LD) $(LDFLAGS) -o $@ $< -L$(AXTLS_HOME)/$(STAGE) -laxtls 
+
 else  # Win32
 CRYPTO_OBJ:=$(CRYPTO_OBJ:.o=.obj)
 
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 8bc3f396cb..8cdd3e433c 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -29,8 +29,6 @@
  */
 
 /**
- * @file asn1.c
- * 
  * Some primitive asn methods for extraction ASN.1 data.
  */
 
@@ -61,7 +59,7 @@ int get_asn1_length(const uint8_t *buf, int *offset)
     {
         len = buf[(*offset)++];
     }
-    else    /* long form */
+    else  /* long form */
     {
         int length_bytes = buf[(*offset)++]&0x7f;
         len = 0;
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index f8336c951d..b311b50ec1 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -42,62 +42,6 @@ extern "C" {
 #include "crypto.h"
 #include "bigint.h"
 
-/**************************************************************************
- * RSA declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    bigint *m;              /* modulus */
-    bigint *e;              /* public exponent */
-    bigint *d;              /* private exponent */
-#ifdef CONFIG_BIGINT_CRT
-    bigint *p;              /* p as in m = pq */
-    bigint *q;              /* q as in m = pq */
-    bigint *dP;             /* d mod (p-1) */
-    bigint *dQ;             /* d mod (q-1) */
-    bigint *qInv;           /* q^-1 mod p */
-#endif
-    int num_octets;
-    BI_CTX *bi_ctx;
-} RSA_CTX;
-
-void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#ifdef CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-        );
-void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len);
-void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int is_decryption);
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing);
-void RSA_print(const RSA_CTX *ctx);
-#endif
-
-/**************************************************************************
- * RNG declarations 
- **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
-EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
-
 /**************************************************************************
  * X509 declarations 
  **************************************************************************/
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
new file mode 100644
index 0000000000..840c445e69
--- /dev/null
+++ b/ssl/gen_cert.c
@@ -0,0 +1,316 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_GEN_CERTIFICATES
+#include <string.h>
+#include <stdlib.h>
+#include "crypto_misc.h"
+
+/**
+ * This file is not completed.
+ */
+
+/* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
+static const uint8_t sig_oid[] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05
+};
+
+/*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
+static const uint8_t rsa_enc_oid[] =
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
+};
+
+static const uint8_t pub_key_seq[] = 
+{
+    0x02, 0x03, 0x01, 0x00, 0x01
+};
+
+static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
+{
+    if (len < 0x80) /* short form */
+    {
+        buf[(*offset)++] = len;
+        return 1;
+    }
+    else /* long form */
+    {
+        int i, length_bytes = 0;
+
+        if (len & 0x00FF0000)
+            length_bytes = 3;
+        else if (len & 0x0000FF00)
+            length_bytes = 2;
+        else if (len & 0x000000FF)
+            length_bytes = 1;
+            
+        buf[(*offset)++] = 0x80 + length_bytes;
+
+        for (i = length_bytes-1; i >= 0; i--)
+        {
+            buf[*offset+i] = len & 0xFF;
+            len >>= 8;
+        }
+
+        *offset += length_bytes;
+        return length_bytes+1;
+    }
+}
+
+static int pre_adjust_with_size(uint8_t type,
+        int *seq_offset, uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = type;
+    *seq_offset = *offset;
+    *offset += 4;   /* fill in later */
+    return *offset;
+}
+
+static void adjust_with_size(int seq_size, int seq_start, 
+                uint8_t *buf, int *offset)
+{
+    uint8_t seq_byte_size; 
+    int orig_seq_size = seq_size;
+    int orig_seq_start = seq_start;
+
+    seq_size = *offset-seq_size;
+    seq_byte_size = set_gen_length(seq_size, buf, &seq_start);
+
+    if (seq_byte_size != 4)
+    {
+        memmove(&buf[orig_seq_start+seq_byte_size], 
+                &buf[orig_seq_size], seq_size);
+        *offset -= 4-seq_byte_size;
+    }
+}
+
+static void gen_serial_number(uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = ASN1_INTEGER;
+    buf[(*offset)++] = 1;
+    buf[(*offset)++] = 0x7F;
+}
+
+static void gen_signature_alg(uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(13, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    set_gen_length(sizeof(sig_oid), buf, offset);
+    memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
+    *offset += sizeof(sig_oid);
+    buf[(*offset)++] = ASN1_NULL;
+    buf[(*offset)++] = 0;
+}
+
+static void gen_dn(const char *name, uint8_t dn_type, 
+                        uint8_t *buf, int *offset)
+{
+    int name_size = strlen(name);
+
+    if (name_size > 0x70)    /* just too big */
+    {
+        printf(unsupported_str);
+        return;
+    }
+
+    buf[(*offset)++] = ASN1_SET;
+    set_gen_length(9+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(7+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    buf[(*offset)++] = 3;
+    buf[(*offset)++] = 0x55;
+    buf[(*offset)++] = 0x04;
+    buf[(*offset)++] = dn_type;
+    buf[(*offset)++] = ASN1_PRINTABLE_STR;
+    buf[(*offset)++] = name_size;
+    strcpy(&buf[*offset], name);
+    *offset += name_size;
+}
+
+static void gen_issuer(const char *cn, const char *o, const char *ou,
+                    uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    if (cn != NULL)
+        gen_dn(cn, 3, buf, offset);
+
+    if (o != NULL)
+        gen_dn(o, 10, buf, offset);
+
+    if (ou != NULL)
+        gen_dn(o, 11, buf, offset);
+
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_utc_time(uint8_t *buf, int *offset)
+{
+    time_t curr_time = time(NULL);
+    struct tm *now_tm = gmtime(&curr_time);
+
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(30, buf, offset);
+
+    now_tm->tm_year -= 100;
+    now_tm->tm_mon++;
+    buf[(*offset)++] = ASN1_UTC_TIME;
+    buf[(*offset)++] = 13;
+    buf[(*offset)++] = now_tm->tm_year/10 + '0';
+    buf[(*offset)++] = now_tm->tm_year%10 + '0';
+    buf[(*offset)++] = now_tm->tm_mon/10 + '0';
+    buf[(*offset)++] = now_tm->tm_mon%10 + '0';
+    buf[(*offset)++] = now_tm->tm_mday/10 + '0';
+    buf[(*offset)++] = now_tm->tm_mday%10 + '0';
+    memset(&buf[*offset], '0', 6);
+    *offset += 6;
+    buf[(*offset)++] = 'Z';
+    now_tm->tm_year += 30; /* add 30 years */
+    memcpy(&buf[*offset], &buf[*offset-15], 15);
+    buf[*offset + 2] = now_tm->tm_year/10 + '0';
+    buf[*offset + 3] = now_tm->tm_year%10 + '0';
+    *offset += 15;
+}
+
+static void gen_pub_key2(const uint8_t *key, int key_size,
+                                uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    buf[(*offset)++] = ASN1_INTEGER;
+    buf[(*offset)++] = key_size;
+    memcpy(&buf[*offset], key, key_size);
+    *offset += key_size;
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key1(const uint8_t *key, int key_size,
+                                uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_BIT_STRING, &seq_offset, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    gen_pub_key2(key, key_size, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key(const uint8_t *key, int key_size,
+                                uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(13, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    set_gen_length(sizeof(rsa_enc_oid), buf, offset);
+    memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
+    *offset += sizeof(rsa_enc_oid);
+    buf[(*offset)++] = ASN1_NULL;
+    buf[(*offset)++] = 0;
+    gen_pub_key1(key, key_size, buf, offset);
+    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
+    *offset += sizeof(pub_key_seq);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_signature(const uint8_t *sig, int sig_size,
+                                uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = ASN1_BIT_STRING;
+    set_gen_length(sig_size+1, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    memcpy(&buf[*offset], sig, sig_size);
+    *offset += sig_size;
+}
+
+static void gen_tbs_cert(const char *cn, const char *o, const char *ou,
+                    const uint8_t *key, int key_size, uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    gen_serial_number(buf, offset);
+    gen_signature_alg(buf, offset);
+    gen_issuer(cn, o, ou, buf, offset);
+    gen_utc_time(buf, offset);
+    gen_issuer(cn, o, ou, buf, offset);
+    gen_pub_key(key, key_size, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+int gen_cert(const char *cn, const char *o, const char *ou,
+                    const uint8_t *key, int key_size, uint8_t *buf)
+{
+    int offset = 0;
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, &offset);
+    uint8_t sig[128];
+    memset(sig, 0, sizeof(sig));
+
+    gen_tbs_cert(cn, o, ou, key, key_size, buf, &offset);
+    gen_signature_alg(buf, &offset);
+    gen_signature(sig, sizeof(sig), buf, &offset);
+
+    adjust_with_size(seq_size, seq_offset, buf, &offset);
+    print_blob("GA", buf, offset);
+    return offset;     /* the size of the certificate */
+}
+
+int main(int argc, char *argv[])
+{
+    uint8_t key[16];
+    uint8_t buf[2048];
+    int offset = 0;
+    memset(key, 0, sizeof(key));
+    memset(buf, 0, sizeof(buf));
+
+    //gen_tbs_cert("abc", "def", "ghi", key, sizeof(key), buf, &offset);
+    offset = gen_cert("abc", "def", "ghi", "blah", 5, buf);
+    FILE *f = fopen("blah.dat", "w");
+    fwrite(buf, offset, 1, f);
+    fclose(f);
+
+    return 0;
+}
+
+#endif
+
diff --git a/ssl/x509.c b/ssl/x509.c
index 849edded06..2ea0b5d05d 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -205,6 +205,48 @@ void x509_free(X509_CTX *x509_ctx)
 }
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Take a signature and decrypt it.
+ */
+static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+    uint8_t *block = (uint8_t *)alloca(sig_len);
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx);
+    return bir;
+}
+
 /**
  * Do some basic checks on the certificate chain.
  *
@@ -296,7 +338,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     ctx = cert->rsa_ctx->bi_ctx;
     mod = next_cert->rsa_ctx->m;
     expn = next_cert->rsa_ctx->e;
-    cert_sig = RSA_sign_verify(ctx, cert->signature, cert->sig_len, 
+    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
             bi_clone(ctx, mod), bi_clone(ctx, expn));
 
     if (cert_sig)
diff --git a/www/index.html b/www/index.html
index 3ae8d4c03b..75fe4731b0 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="YourName" modified="200711050225" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200711060908" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8 (yet to be released)@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200711050226" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2007, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 7cac88ca9cb32b3bc8995c33acce450ff03819a3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 18 Nov 2007 09:00:42 +0000
Subject: [PATCH 119/301] git-svn-id:
 svn://svn.code.sf.net/p/axtls/code/trunk@142
 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

---
 ssl/asn1.c        |  14 +++-
 ssl/crypto_misc.h |   1 -
 ssl/gen_cert.c    | 171 ++++++++++++++++++++++++++++++++++------------
 ssl/x509.c        |   8 ++-
 4 files changed, 145 insertions(+), 49 deletions(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index 8cdd3e433c..d843b7988e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -113,6 +113,15 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
         goto end_int_array;
 
     *object = (uint8_t *)malloc(len);
+    /* TODO */
+#if 0
+    if (*object == 0x00)    /* ignore the negative byte */
+    {
+        len--;
+        (*object)++;
+    }
+#endif
+
     memcpy(*object, &buf[*offset], len);
     *offset += len;
 
@@ -349,7 +358,7 @@ int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
             asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
         goto end_pub_key;
 
-    (*offset)++;
+    (*offset)++;        /* ignore the padding bit field */
 
     if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
         goto end_pub_key;
@@ -378,7 +387,8 @@ int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
     if (cert[(*offset)++] != ASN1_BIT_STRING)
         goto end_sig;
 
-    x509_ctx->sig_len = get_asn1_length(cert, offset);
+    x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
+    (*offset)++;            /* ignore bit string padding bits */
     x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
     memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
     *offset += x509_ctx->sig_len;
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index b311b50ec1..7f0e4e11d6 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -96,7 +96,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
 void x509_free(X509_CTX *x509_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
 #endif
 #ifdef CONFIG_SSL_FULL_MODE
 void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index 840c445e69..9cc7d9fec9 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -51,11 +51,24 @@ static const uint8_t rsa_enc_oid[] =
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
 };
 
+/* INTEGER 65537 */
 static const uint8_t pub_key_seq[] = 
 {
     0x02, 0x03, 0x01, 0x00, 0x01
 };
 
+/* 0x00 + SEQUENCE {
+     SEQUENCE {
+       OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
+       NULL
+       }
+     OCTET STRING */
+static const uint8_t asn1_sig[] = 
+{
+    0x30,  0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
+    0x1a, 0x05, 0x00, 0x04, 0x14 
+};
+
 static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
 {
     if (len < 0x80) /* short form */
@@ -133,15 +146,16 @@ static void gen_signature_alg(uint8_t *buf, int *offset)
     buf[(*offset)++] = 0;
 }
 
-static void gen_dn(const char *name, uint8_t dn_type, 
+static int gen_dn(const char *name, uint8_t dn_type, 
                         uint8_t *buf, int *offset)
 {
+    int ret = X509_OK;
     int name_size = strlen(name);
 
     if (name_size > 0x70)    /* just too big */
     {
-        printf(unsupported_str);
-        return;
+        ret = X509_NOT_OK;
+        goto error;
     }
 
     buf[(*offset)++] = ASN1_SET;
@@ -157,25 +171,45 @@ static void gen_dn(const char *name, uint8_t dn_type,
     buf[(*offset)++] = name_size;
     strcpy(&buf[*offset], name);
     *offset += name_size;
+
+error:
+    return ret;
 }
 
-static void gen_issuer(const char *cn, const char *o, const char *ou,
+static int gen_issuer(const char *cn, const char *o, const char *ou,
                     uint8_t *buf, int *offset)
 {
+    int ret = X509_OK;
     int seq_offset;
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
 
-    if (cn != NULL)
-        gen_dn(cn, 3, buf, offset);
+    /* we need the common name at a minimum */
+    if (cn == NULL)
+    {
+        ret = X509_NOT_OK;
+        goto error;
+    }
+
+    if ((ret = gen_dn(cn, 3, buf, offset)))
+            goto error;
 
     if (o != NULL)
-        gen_dn(o, 10, buf, offset);
+    {
+        if ((ret = gen_dn(o, 10, buf, offset)))
+            goto error;
+    }
 
     if (ou != NULL)
-        gen_dn(o, 11, buf, offset);
+    {
+        if ((ret = gen_dn(o, 11, buf, offset)))
+            goto error;
+    }
 
     adjust_with_size(seq_size, seq_offset, buf, offset);
+
+error:
+    return ret;
 }
 
 static void gen_utc_time(uint8_t *buf, int *offset)
@@ -206,32 +240,39 @@ static void gen_utc_time(uint8_t *buf, int *offset)
     *offset += 15;
 }
 
-static void gen_pub_key2(const uint8_t *key, int key_size,
-                                uint8_t *buf, int *offset)
+static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
     int seq_offset;
+    int pub_key_size = rsa_ctx->num_octets;
+    uint8_t *block = (uint8_t *)alloca(pub_key_size);
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
     buf[(*offset)++] = ASN1_INTEGER;
-    buf[(*offset)++] = key_size;
-    memcpy(&buf[*offset], key, key_size);
-    *offset += key_size;
+    bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
+    if (*block & 0x80)  /* make integer positive */
+    {
+        set_gen_length(pub_key_size+1, buf, offset);
+        buf[(*offset)++] = 0;
+    }
+    else
+        set_gen_length(pub_key_size, buf, offset);
+
+    memcpy(&buf[*offset], block, pub_key_size);
+    *offset += pub_key_size;
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
 
-static void gen_pub_key1(const uint8_t *key, int key_size,
-                                uint8_t *buf, int *offset)
+static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
     int seq_offset;
     int seq_size = pre_adjust_with_size(
                             ASN1_BIT_STRING, &seq_offset, buf, offset);
     buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
-    gen_pub_key2(key, key_size, buf, offset);
+    gen_pub_key2(rsa_ctx, buf, offset);
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
 
-static void gen_pub_key(const uint8_t *key, int key_size,
-                                uint8_t *buf, int *offset)
+static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
     int seq_offset;
     int seq_size = pre_adjust_with_size(
@@ -245,71 +286,113 @@ static void gen_pub_key(const uint8_t *key, int key_size,
     *offset += sizeof(rsa_enc_oid);
     buf[(*offset)++] = ASN1_NULL;
     buf[(*offset)++] = 0;
-    gen_pub_key1(key, key_size, buf, offset);
+    gen_pub_key1(rsa_ctx, buf, offset);
     memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
     *offset += sizeof(pub_key_seq);
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
 
-static void gen_signature(const uint8_t *sig, int sig_size,
-                                uint8_t *buf, int *offset)
+static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
+                        uint8_t *buf, int *offset)
 {
+    uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
+    int sig_size;
+
+    /* add the digest as an embedded asn.1 sequence */
+    memcpy(block, asn1_sig, sizeof(asn1_sig));
+    memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
+
+    sig_size = RSA_encrypt(rsa_ctx, block, 
+                            sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
+
     buf[(*offset)++] = ASN1_BIT_STRING;
     set_gen_length(sig_size+1, buf, offset);
     buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
-    memcpy(&buf[*offset], sig, sig_size);
+    memcpy(&buf[*offset], enc_block, sig_size);
     *offset += sig_size;
 }
 
-static void gen_tbs_cert(const char *cn, const char *o, const char *ou,
-                    const uint8_t *key, int key_size, uint8_t *buf, int *offset)
+static int gen_tbs_cert(const char *cn, const char *o, const char *ou,
+                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
+                    uint8_t *sha_dgst)
 {
+    int ret = X509_OK;
+    SHA1_CTX sha_ctx;
     int seq_offset;
     int seq_size = pre_adjust_with_size(
-                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+                        ASN1_SEQUENCE, &seq_offset, buf, offset);
+    int begin_tbs = *offset;
+
     gen_serial_number(buf, offset);
     gen_signature_alg(buf, offset);
-    gen_issuer(cn, o, ou, buf, offset);
+    if ((ret = gen_issuer(cn, o, ou, buf, offset)))
+        goto error;
+
     gen_utc_time(buf, offset);
-    gen_issuer(cn, o, ou, buf, offset);
-    gen_pub_key(key, key_size, buf, offset);
+    if ((ret = gen_issuer(cn, o, ou, buf, offset)))
+        goto error;
+
+    gen_pub_key(rsa_ctx, buf, offset);
+
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
+    SHA1_Final(sha_dgst, &sha_ctx);
     adjust_with_size(seq_size, seq_offset, buf, offset);
+
+error:
+    return ret;
 }
 
 int gen_cert(const char *cn, const char *o, const char *ou,
-                    const uint8_t *key, int key_size, uint8_t *buf)
+                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *cert_size)
 {
+    int ret = X509_OK;
     int offset = 0;
     int seq_offset;
+    uint8_t sha_dgst[SHA1_SIZE];
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, &offset);
-    uint8_t sig[128];
-    memset(sig, 0, sizeof(sig));
 
-    gen_tbs_cert(cn, o, ou, key, key_size, buf, &offset);
+    if ((ret = gen_tbs_cert(cn, o, ou, rsa_ctx, buf, &offset, sha_dgst)))
+        goto error;
+
     gen_signature_alg(buf, &offset);
-    gen_signature(sig, sizeof(sig), buf, &offset);
+    gen_signature(rsa_ctx, sha_dgst, buf, &offset);
 
     adjust_with_size(seq_size, seq_offset, buf, &offset);
-    print_blob("GA", buf, offset);
-    return offset;     /* the size of the certificate */
+    *cert_size = offset;
+error:
+    return ret;
 }
 
 int main(int argc, char *argv[])
 {
-    uint8_t key[16];
+    int ret = X509_OK;
+    uint8_t *key_buf = NULL;
+    RSA_CTX *rsa_ctx = NULL;
     uint8_t buf[2048];
-    int offset = 0;
-    memset(key, 0, sizeof(key));
-    memset(buf, 0, sizeof(buf));
+    int cert_size;
+    FILE *f;
 
-    //gen_tbs_cert("abc", "def", "ghi", key, sizeof(key), buf, &offset);
-    offset = gen_cert("abc", "def", "ghi", "blah", 5, buf);
-    FILE *f = fopen("blah.dat", "w");
-    fwrite(buf, offset, 1, f);
+    int len = get_file("../ssl/test/axTLS.key_512", &key_buf);
+    if ((ret = asn1_get_private_key(key_buf, len, &rsa_ctx)))
+        goto error;
+
+    if ((ret = gen_cert("abc", "def", "ghi", rsa_ctx, buf, &cert_size)))
+        goto error;
+
+    f = fopen("blah.dat", "w");
+    fwrite(buf, cert_size, 1, f);
     fclose(f);
+error:
+    free(key_buf);
+    RSA_free(rsa_ctx);
+
+    if (ret)
+        printf("Some cert generation issue\n");
 
-    return 0;
+    return ret;
 }
 
 #endif
diff --git a/ssl/x509.c b/ssl/x509.c
index 2ea0b5d05d..81617066ef 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -45,7 +45,7 @@
 /**
  * Retrieve the signature from a certificate.
  */
-const uint8_t *x509_get_signature(const uint8_t *asn1_sig, int *len)
+static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
 {
     int offset = 0;
     const uint8_t *ptr = NULL;
@@ -224,6 +224,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
 
     bi_export(ctx, decrypted_bi, block, sig_len);
+    print_blob("SIGNATURE", block, sig_len);
     ctx->mod_offset = BIGINT_M_OFFSET;
 
     i = 10; /* start at the first possible non-padded byte */
@@ -233,8 +234,11 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     /* get only the bit we want */
     if (size > 0)
     {
+        FILE *f = fopen("blah.dat", "w");
+        fwrite(&block[i], sig_len-i, 1, f);
+        fclose(f);
         int len;
-        const uint8_t *sig_ptr = x509_get_signature(&block[i], &len);
+        const uint8_t *sig_ptr = get_signature(&block[i], &len);
 
         if (sig_ptr)
         {

From bffc3b21973b452dbcf80c51835faa3343fc907c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 29 Nov 2007 13:02:54 +0000
Subject: [PATCH 120/301] certificate generation

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@143 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/csharp/axTLS.cs            |   2 -
 bindings/generate_SWIG_interface.pl |   2 +
 bindings/generate_interface.pl      |   2 +
 bindings/java/SSLCTX.java           |   2 -
 crypto/crypto_misc.c                |   2 +-
 crypto/rsa.c                        |   6 +-
 docsrc/axTLS.dox                    |   4 +-
 httpd/axhttp.h                      |   2 +-
 httpd/axhttpd.c                     |  14 ---
 ssl/Config.in                       |  69 +++++++++++--
 ssl/Makefile                        |  14 +--
 ssl/asn1.c                          |  16 ++-
 ssl/crypto_misc.h                   |   9 +-
 ssl/gen_cert.c                      | 147 +++++++++++-----------------
 ssl/loader.c                        |  86 +++++++++++++++-
 ssl/ssl.h                           |  29 +++++-
 ssl/test/Makefile                   |   7 +-
 ssl/test/ssltest.c                  | 106 ++++++++++----------
 ssl/tls1.c                          |  57 +++++------
 ssl/tls1.h                          |   7 +-
 ssl/x509.c                          |  85 +++++++++-------
 www/index.html                      |   2 +-
 22 files changed, 389 insertions(+), 281 deletions(-)

diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
index f056df70a4..cf64a256e7 100644
--- a/bindings/csharp/axTLS.cs
+++ b/bindings/csharp/axTLS.cs
@@ -240,8 +240,6 @@ public class SSLCTX
          * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
          * authentication i.e. each handshake will include a "certificate 
          * request" message from the server.
-         * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The 
-         * user will load the key/certificate explicitly.
          * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
          * sequences during the handshake.
          * - SSL_DISPLAY_STATES (full mode build only): Display the state 
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
index cb157abc0c..4b2517988f 100755
--- a/bindings/generate_SWIG_interface.pl
+++ b/bindings/generate_SWIG_interface.pl
@@ -70,6 +70,8 @@ sub parseFile
 {
     foreach $line (@_)
     {
+        next if $line =~ /ssl_x509_create/; # ignore for now
+
         # test for a #define
         if (!$skip && $line =~ m/^#define/)
         {
diff --git a/bindings/generate_interface.pl b/bindings/generate_interface.pl
index dad5ae5cb1..c24bff9f40 100755
--- a/bindings/generate_interface.pl
+++ b/bindings/generate_interface.pl
@@ -133,6 +133,8 @@ sub parseFile
 
     foreach $line (@file)
     {
+        next if $line =~ /sl_x509_create/;  # ignore for now
+
         # test for a #define
         if (!$skip && $line =~ m/^#define/)
         {
diff --git a/bindings/java/SSLCTX.java b/bindings/java/SSLCTX.java
index 311bedb795..1cd3e032f0 100644
--- a/bindings/java/SSLCTX.java
+++ b/bindings/java/SSLCTX.java
@@ -68,8 +68,6 @@ public class SSLCTX
      * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
      * i.e. each handshake will include a "certificate request" message from 
      * the server.
-     * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user 
-     * will load the key/certificate explicitly.
      * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
      * during the handshake.
      * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index bc802c703e..9bddee2100 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -52,7 +52,7 @@ static uint64_t rng_num;
 #endif
 
 static int rng_ref_count;
-const char * const unsupported_str = "Error: feature not supported\n";
+const char * const unsupported_str = "Error: Feature not supported\n";
 
 #ifndef CONFIG_SSL_SKELETON_MODE
 /** 
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 7fb17b330d..c0dcb0355b 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -80,6 +80,10 @@ void RSA_pub_key_new(RSA_CTX **ctx,
 {
     RSA_CTX *rsa_ctx;
     BI_CTX *bi_ctx = bi_initialize();
+
+    if (*ctx)   /* if we load multiple certs, dump the old one */
+        RSA_free(*ctx);
+
     *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
     rsa_ctx = *ctx;
     rsa_ctx->bi_ctx = bi_ctx;
@@ -211,7 +215,7 @@ void RSA_print(const RSA_CTX *rsa_ctx)
 }
 #endif
 
-#ifdef CONFIG_SSL_CERT_VERIFICATION
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
 /**
  * Performs c = m^e mod n
  */
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
index 6780237683..d9959b21dd 100644
--- a/docsrc/axTLS.dox
+++ b/docsrc/axTLS.dox
@@ -459,7 +459,7 @@ WARN_LOGFILE           =
 # directories like "/usr/src/myproject". Separate the files or directories 
 # with spaces.
 
-INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../ssl/bigint.c ../ssl/bigint.h 
+INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../crypto/bigint.c ../crypto/bigint.h 
 
 # If the value of the INPUT tag contains directories, you can use the 
 # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
@@ -1005,7 +1005,7 @@ INCLUDE_FILE_PATTERNS  =
 # undefined via #undef or recursively expanded use the := operator 
 # instead of the = operator.
 
-PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_MAX_CLNT_SESSIONS=1 CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
+PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_GENERATE_X509_CERT CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
 
 # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
 # this tag can be used to specify a list of macro names that should be expanded. 
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index de3a1985e8..62a36fd035 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -42,7 +42,7 @@
 #define BLOCKSIZE                           4096
 
 #define INITIAL_CONNECTION_SLOTS            10
-#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0 
 
 #define STATE_WANT_TO_READ_HEAD             1
 #define STATE_WANT_TO_SEND_HEAD             2
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index bd3b48dd48..de408022e2 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -36,20 +36,6 @@
 #include <sys/stat.h>
 #include "axhttp.h"
 
-#if AXDEBUG
-#define AXDEBUGSTART \
-	{ \
-		FILE *dout; \
-		dout = fopen("/var/log/axdebug", "a"); \
-	
-#define AXDEBUGEND \
-		fclose(dout); \
-	}
-#else /* AXDEBUG */
-#define AXDEBUGSTART
-#define AXDEBUGEND
-#endif /* AXDEBUG */
-
 struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
diff --git a/ssl/Config.in b/ssl/Config.in
index ec5fca84d5..05d88688c4 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -116,8 +116,12 @@ config CONFIG_SSL_USE_DEFAULT_KEY
         that is built in. This is one way to save on a couple of kB's if an
         external private key/certificate is used.
 
+        The private key is in ssl/private_key.h and the certificate is in
+        ssl/cert.h.
+
         The advantage of a built-in private key/certificate is that no file
-        system is required for access. 
+        system is required for access. Both the certificate and the private
+        key will be automatically loaded on a ssl_ctx_new().
         
         However this private key/certificate can never be changed (without a
         code update).
@@ -125,6 +129,62 @@ config CONFIG_SSL_USE_DEFAULT_KEY
         This mode is enabled by default. Disable this mode if the 
         built-in key/certificate is not used.
 
+config CONFIG_SSL_PRIVATE_KEY_LOCATION
+    string "Private key file location"
+    depends on !CONFIG_SSL_USE_DEFAULT_KEY && !CONFIG_SSL_SKELETON_MODE
+    help
+        The file location of the private key which will be automatically
+        loaded on a ssl_ctx_new().
+
+config CONFIG_SSL_PRIVATE_KEY_PASSWORD
+    string "Private key password"
+    depends on !CONFIG_SSL_USE_DEFAULT_KEY && CONFIG_SSL_HAS_PEM
+    help
+        The password required to decrypt a PEM-encoded password file.
+
+config CONFIG_SSL_X509_CERT_LOCATION
+    string "X.509 certificate file location"
+    depends on !CONFIG_SSL_GENERATE_X509_CERT && !CONFIG_SSL_SKELETON_MODE
+    help
+        The file location of the X.509 certificate which will be automatically
+        loaded on a ssl_ctx_new().
+
+config CONFIG_SSL_GENERATE_X509_CERT
+    bool "Generate X.509 Certificate"
+    default n
+    help
+        An X.509 certificate can be automatically generated on a
+        ssl_ctx_new(). A private key still needs to be provided (the private
+        key in ss/private_key.h will be used unless 
+        CONFIG_SSL_PRIVATE_KEY_LOCATION is set.
+
+        The certificate is generated on the fly, and so a minor start-up time
+        penalty is to be expected.
+
+config CONFIG_SSL_X509_COMMON_NAME
+    string "X.509 Common Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The common name for the X.509 certificate. This should in theory be
+        the URL for server.
+
+        If this is blank, then the hostname is used.
+
+config CONFIG_SSL_X509_ORGANIZATION_NAME
+    string "X.509 Organization Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The organization name for the generated X.509 certificate. 
+
+        If this is blank, then $USERNAME will be used.
+
+config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    string "X.509 Organization Unit Name"
+    depends on CONFIG_SSL_GENERATE_X509_CERT
+    help
+        The organization unit name for the generated X.509 certificate. This
+        field is optional.
+
 config CONFIG_SSL_ENABLE_V23_HANDSHAKE
     bool "Enable v23 Handshake"
     default y
@@ -251,13 +311,6 @@ config CONFIG_OPENSSL_COMPATIBLE
         Note: not all the API is implemented, so parts may still break. And
         it's definitely not 100% compatible.
 
-config CONFIG_GEN_CERTIFICATES
-    bool "Enable the generation of certificates"
-    default n
-    depends on CONFIG_SSL_CERT_VERIFICATION
-    help 
-        A primitive self-signed certificate generator.
-
 config CONFIG_PERFORMANCE_TESTING
     bool "Build the bigint performance test tool"
     default n
diff --git a/ssl/Makefile b/ssl/Makefile
index eac1e8a701..62a62047dc 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -48,10 +48,8 @@ BASETARGET=libaxtls.so
 CRYPTO_PATH=$(AXTLS_HOME)/crypto/
 ifdef CONFIG_PLATFORM_CYGWIN
 TARGET2=$(AXTLS_HOME)/$(STAGE)/libaxtls.dll.a
-TARGET3=$(AXTLS_HOME)/$(STAGE)/gen_cert.exe
 else
 TARGET2=$(AXTLS_HOME)/$(STAGE)/$(LIBMINOR)
-TARGET3=$(AXTLS_HOME)/$(STAGE)/gen_cert
 endif
 
 # shared library major/minor numbers
@@ -64,7 +62,7 @@ STATIC_LIB=$(AXTLS_HOME)/$(STAGE)/axtls.static.lib
 CRYPTO_PATH=$(AXTLS_HOME)\\crypto\\
 endif
 
-libs: $(TARGET1) $(TARGET2) $(TARGET3)
+libs: $(TARGET1) $(TARGET2)
 
 CRYPTO_OBJ=\
 	$(CRYPTO_PATH)aes.o \
@@ -79,14 +77,15 @@ CRYPTO_OBJ=\
 
 OBJ=\
 	asn1.o \
-	x509.o \
-	os_port.o \
+	gen_cert.o \
 	loader.o \
 	openssl.o \
+	os_port.o \
 	p12.o \
 	tls1.o \
 	tls1_svr.o \
-	tls1_clnt.o
+	tls1_clnt.o \
+	x509.o
 
 include $(AXTLS_HOME)/config/makefile.post
 
@@ -106,9 +105,6 @@ else
     -Wl,--enable-auto-import $(CRYPTO_OBJ) $(OBJ)
 endif
 
-$(TARGET3): gen_cert.o
-	$(LD) $(LDFLAGS) -o $@ $< -L$(AXTLS_HOME)/$(STAGE) -laxtls 
-
 else  # Win32
 CRYPTO_OBJ:=$(CRYPTO_OBJ:.o=.obj)
 
diff --git a/ssl/asn1.c b/ssl/asn1.c
index d843b7988e..0fa9820e67 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -112,16 +112,13 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
     if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
         goto end_int_array;
 
-    *object = (uint8_t *)malloc(len);
-    /* TODO */
-#if 0
-    if (*object == 0x00)    /* ignore the negative byte */
+    if (buf[*offset] == 0x00)    /* ignore the negative byte */
     {
         len--;
-        (*object)++;
+        (*offset)++;
     }
-#endif
 
+    *object = (uint8_t *)malloc(len);
     memcpy(*object, &buf[*offset], len);
     *offset += len;
 
@@ -421,10 +418,13 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
 {
     int i = 0;
 
+    if (ca_cert_ctx == NULL)
+        return;
+
     while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
     {
         x509_free(ca_cert_ctx->cert[i]);
-        ca_cert_ctx->cert[i++] = NULL;
+        ca_cert_ctx->cert[i] = NULL;
     }
 
     free(ca_cert_ctx);
@@ -441,9 +441,7 @@ int asn1_compare_dn(char * const dn1[], char * const dn2[])
     for (i = 0; i < X509_NUM_DN_TYPES; i++)
     {
         if (asn1_compare_dn_comp(dn1[i], dn2[i]))
-        {
             return 1;
-        }
     }
 
     return 0;       /* all good */
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 7f0e4e11d6..3ceb9d1fc8 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -68,13 +68,8 @@ struct _x509_ctx
 {
     char *ca_cert_dn[X509_NUM_DN_TYPES];
     char *cert_dn[X509_NUM_DN_TYPES];
-#if defined(_WIN32_WCE)
-    long not_before;
-    long not_after;
-#else
     time_t not_before;
     time_t not_after;
-#endif
     uint8_t *signature;
     uint16_t sig_len;
     uint8_t sig_type;
@@ -98,8 +93,8 @@ void x509_free(X509_CTX *x509_ctx);
 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
 #endif
 #ifdef CONFIG_SSL_FULL_MODE
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
-void x509_display_error(int error);
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
+const char * x509_display_error(int error);
 #endif
 
 /**************************************************************************
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index 9cc7d9fec9..f58463ca05 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -30,13 +30,13 @@
 
 #include "config.h"
 
-#ifdef CONFIG_GEN_CERTIFICATES
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
 #include <string.h>
 #include <stdlib.h>
-#include "crypto_misc.h"
+#include "ssl.h"
 
 /**
- * This file is not completed.
+ * Generate a basic X.509 certificate
  */
 
 /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
@@ -176,33 +176,35 @@ static int gen_dn(const char *name, uint8_t dn_type,
     return ret;
 }
 
-static int gen_issuer(const char *cn, const char *o, const char *ou,
-                    uint8_t *buf, int *offset)
+static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
 {
     int ret = X509_OK;
     int seq_offset;
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
+    char hostname[128];
 
-    /* we need the common name at a minimum */
-    if (cn == NULL)
+    /* we need the common name, so if not configured, use the hostname */
+    if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
     {
-        ret = X509_NOT_OK;
-        goto error;
+        gethostname(hostname, sizeof(hostname));
+        dn[X509_COMMON_NAME] = hostname;
     }
 
-    if ((ret = gen_dn(cn, 3, buf, offset)))
-            goto error;
+    if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
+        goto error;
 
-    if (o != NULL)
-    {
-        if ((ret = gen_dn(o, 10, buf, offset)))
-            goto error;
-    }
+    if (dn[X509_ORGANIZATION] == NULL || strlen(dn[X509_ORGANIZATION]) == 0)
+        dn[X509_ORGANIZATION] = getenv("USERNAME");
+
+    if (dn[X509_ORGANIZATION] != NULL && 
+            ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset))))
+        goto error;
 
-    if (ou != NULL)
+    if (dn[X509_ORGANIZATIONAL_TYPE] != NULL &&
+                                strlen(dn[X509_ORGANIZATIONAL_TYPE]) != 0)
     {
-        if ((ret = gen_dn(o, 11, buf, offset)))
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_TYPE], 11, buf, offset)))
             goto error;
     }
 
@@ -212,32 +214,20 @@ static int gen_issuer(const char *cn, const char *o, const char *ou,
     return ret;
 }
 
-static void gen_utc_time(uint8_t *buf, int *offset)
+static const uint8_t time_seq[] = 
 {
-    time_t curr_time = time(NULL);
-    struct tm *now_tm = gmtime(&curr_time);
+    ASN1_SEQUENCE, 30, 
+    ASN1_UTC_TIME, 13, 
+    '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
+    ASN1_UTC_TIME, 13,  /* make it good for 40 or so years */
+    '4', '9', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+};
 
-    buf[(*offset)++] = ASN1_SEQUENCE;
-    set_gen_length(30, buf, offset);
-
-    now_tm->tm_year -= 100;
-    now_tm->tm_mon++;
-    buf[(*offset)++] = ASN1_UTC_TIME;
-    buf[(*offset)++] = 13;
-    buf[(*offset)++] = now_tm->tm_year/10 + '0';
-    buf[(*offset)++] = now_tm->tm_year%10 + '0';
-    buf[(*offset)++] = now_tm->tm_mon/10 + '0';
-    buf[(*offset)++] = now_tm->tm_mon%10 + '0';
-    buf[(*offset)++] = now_tm->tm_mday/10 + '0';
-    buf[(*offset)++] = now_tm->tm_mday%10 + '0';
-    memset(&buf[*offset], '0', 6);
-    *offset += 6;
-    buf[(*offset)++] = 'Z';
-    now_tm->tm_year += 30; /* add 30 years */
-    memcpy(&buf[*offset], &buf[*offset-15], 15);
-    buf[*offset + 2] = now_tm->tm_year/10 + '0';
-    buf[*offset + 3] = now_tm->tm_year%10 + '0';
-    *offset += 15;
+static void gen_utc_time(uint8_t *buf, int *offset)
+{
+    /* fixed time */
+    memcpy(&buf[*offset], time_seq, sizeof(time_seq));
+    *offset += sizeof(time_seq);
 }
 
 static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
@@ -249,6 +239,7 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
     buf[(*offset)++] = ASN1_INTEGER;
     bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
+
     if (*block & 0x80)  /* make integer positive */
     {
         set_gen_length(pub_key_size+1, buf, offset);
@@ -259,6 +250,8 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 
     memcpy(&buf[*offset], block, pub_key_size);
     *offset += pub_key_size;
+    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
+    *offset += sizeof(pub_key_seq);
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
 
@@ -287,8 +280,6 @@ static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
     buf[(*offset)++] = ASN1_NULL;
     buf[(*offset)++] = 0;
     gen_pub_key1(rsa_ctx, buf, offset);
-    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
-    *offset += sizeof(pub_key_seq);
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
 
@@ -313,86 +304,64 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
     *offset += sig_size;
 }
 
-static int gen_tbs_cert(const char *cn, const char *o, const char *ou,
+static int gen_tbs_cert(const char * dn[],
                     const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
                     uint8_t *sha_dgst)
 {
     int ret = X509_OK;
     SHA1_CTX sha_ctx;
     int seq_offset;
+    int begin_tbs = *offset;
     int seq_size = pre_adjust_with_size(
                         ASN1_SEQUENCE, &seq_offset, buf, offset);
-    int begin_tbs = *offset;
 
     gen_serial_number(buf, offset);
     gen_signature_alg(buf, offset);
-    if ((ret = gen_issuer(cn, o, ou, buf, offset)))
+
+    /* CA certicate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
         goto error;
 
     gen_utc_time(buf, offset);
-    if ((ret = gen_issuer(cn, o, ou, buf, offset)))
+
+    /* certificate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
         goto error;
 
     gen_pub_key(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
 
     SHA1_Init(&sha_ctx);
     SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
     SHA1_Final(sha_dgst, &sha_ctx);
-    adjust_with_size(seq_size, seq_offset, buf, offset);
 
 error:
     return ret;
 }
 
-int gen_cert(const char *cn, const char *o, const char *ou,
-                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *cert_size)
+/**
+ * Create a new certificate.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, const char * dn[], uint32_t options, uint8_t **cert_data)
 {
-    int ret = X509_OK;
-    int offset = 0;
-    int seq_offset;
+    int ret = X509_OK, offset = 0, seq_offset;
+    /* allocate enough space to load a new certificate */
+    uint8_t *buf = (uint8_t *)alloca(ssl_ctx->rsa_ctx->num_octets*2 + 512);
     uint8_t sha_dgst[SHA1_SIZE];
-    int seq_size = pre_adjust_with_size(
-                            ASN1_SEQUENCE, &seq_offset, buf, &offset);
+    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
+                                    &seq_offset, buf, &offset);
 
-    if ((ret = gen_tbs_cert(cn, o, ou, rsa_ctx, buf, &offset, sha_dgst)))
+    if ((ret = gen_tbs_cert(dn, ssl_ctx->rsa_ctx, buf, &offset, sha_dgst)) < 0)
         goto error;
 
     gen_signature_alg(buf, &offset);
-    gen_signature(rsa_ctx, sha_dgst, buf, &offset);
-
+    gen_signature(ssl_ctx->rsa_ctx, sha_dgst, buf, &offset);
     adjust_with_size(seq_size, seq_offset, buf, &offset);
-    *cert_size = offset;
-error:
-    return ret;
-}
-
-int main(int argc, char *argv[])
-{
-    int ret = X509_OK;
-    uint8_t *key_buf = NULL;
-    RSA_CTX *rsa_ctx = NULL;
-    uint8_t buf[2048];
-    int cert_size;
-    FILE *f;
-
-    int len = get_file("../ssl/test/axTLS.key_512", &key_buf);
-    if ((ret = asn1_get_private_key(key_buf, len, &rsa_ctx)))
-        goto error;
+    *cert_data = (uint8_t *)malloc(offset); /* create the exact memory for it */
+    memcpy(*cert_data, buf, offset);
 
-    if ((ret = gen_cert("abc", "def", "ghi", rsa_ctx, buf, &cert_size)))
-        goto error;
-
-    f = fopen("blah.dat", "w");
-    fwrite(buf, cert_size, 1, f);
-    fclose(f);
 error:
-    free(key_buf);
-    RSA_free(rsa_ctx);
-
-    if (ret)
-        printf("Some cert generation issue\n");
-
-    return ret;
+    return ret < 0 ? ret : offset;
 }
 
 #endif
diff --git a/ssl/loader.c b/ssl/loader.c
index 909b5b7474..4909d06288 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -69,7 +69,6 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     }
 
     ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-
     ssl_obj->len = get_file(filename, &ssl_obj->buf);
 
     if (ssl_obj->len <= 0)
@@ -107,8 +106,8 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type,
         const uint8_t *data, int len, const char *password)
 {
     int ret;
-
     SSLObjLoader *ssl_obj;
+
     ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
     ssl_obj->buf = (uint8_t *)malloc(len);
     memcpy(ssl_obj->buf, data, len);
@@ -219,10 +218,10 @@ static int pem_decrypt(const char *where, const char *end,
     AES_CTX aes_ctx;
     uint8_t key[32];        /* AES256 size */
 
-    if (password == NULL)
+    if (password == NULL || strlen(password) == 0)
     {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: need a password for this PEM file\n");
+        printf("Error: Need a password for this PEM file\n"); TTY_FLUSH();
 #endif
         goto error;
     }
@@ -239,7 +238,7 @@ static int pem_decrypt(const char *where, const char *end,
     else 
     {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Unsupported password cipher\n");
+        printf("Error: Unsupported password cipher\n"); TTY_FLUSH();
 #endif
         goto error;
     }
@@ -387,3 +386,80 @@ static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type,
                                 start, ssl_obj->len, password);
 }
 #endif /* CONFIG_SSL_HAS_PEM */
+
+/**
+ * Load the key/certificates in memory depending on compile-time and user
+ * options. 
+ */
+int load_key_certs(SSL_CTX *ssl_ctx)
+{
+    int ret = SSL_OK;
+    uint32_t options = ssl_ctx->options;
+
+    /* do the private key first */
+    if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, 
+                                CONFIG_SSL_PRIVATE_KEY_LOCATION,
+                                CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        static const    /* saves a few more bytes */
+#include "private_key.h"
+
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
+                default_private_key_len, NULL); 
+#endif
+    }
+
+    /* now load the certificate */
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    uint8_t *cert_data;
+    int cert_size;
+    static const char *dn[] = 
+    {
+        CONFIG_SSL_X509_COMMON_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    };
+
+    if ((cert_size = ssl_x509_create(ssl_ctx, dn, &cert_data)) < 0)
+    {
+        ret = cert_size;
+        goto error;
+    }
+
+    ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
+    free(cert_data);
+#else
+    if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                                CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        static const    /* saves a few bytes and RAM */
+#include "cert.h"
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                    default_certificate, default_certificate_len, NULL);
+#endif
+    }
+#endif
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Certificate or key not loaded\n"); TTY_FLUSH();
+    }
+#endif
+
+    return ret;
+
+}
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5adeecc0d7..103c28b877 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -182,8 +182,6 @@ extern "C" {
  * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
  * i.e. each handshake will include a "certificate request" message from the
  * server. Only available if verification has been enabled.
- * - SSL_NO_DEFAULT_KEY: Don't use the default key/certificate. The user will
- * load the key/certificate explicitly.
  * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
  * during the handshake.
  * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
@@ -436,9 +434,34 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *fi
  */
 EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
 
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+/**
+ * @brief Create an X.509 certificate. 
+ * 
+ * This certificate is a self-signed v1 cert with a fixed start/stop validity 
+ * times. It is also signed with the private key in ssl_ctx->rsa_ctx.
+ *
+ * @param ssl_ctx [in] The client/server context.
+ * @param dn [in] An array of distinguished name strings. The array is defined
+ * by:
+ * - SSL_X509_CERT_COMMON_NAME (0)
+ *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 
+ *        hostname will be used.
+ * - SSL_X509_CERT_ORGANIZATION (1)
+ *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 
+ *        will be used.
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
+ *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
+ * @param options [in] Not used yet.
+ * @param cert_data [out] The certificate as a sequence of bytes.
+ * @return < 0 if an error, or the size of the certificate in bytes.
+ * @note cert_data must be freed when there is no more need for it.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, const char * dn[], uint32_t options, uint8_t **cert_data);
+#endif
+
 /**
  * @brief Return the axTLS library version as a string.
- * @note New API function for v1.1
  */
 EXP_FUNC const char * STDCALL ssl_version(void);
 
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 7c3b885c1b..42465600f0 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -64,21 +64,22 @@ AXTLS_SSL_PATH="$(AXTLS_INCLUDE)ssl\\"
 
 CRYPTO_OBJ=\
 	$(CRYPTO_PATH)aes.obj \
+	$(CRYPTO_PATH)bigint.obj \
+	$(CRYPTO_PATH)crypto_misc.obj \
 	$(CRYPTO_PATH)hmac.obj \
+	$(CRYPTO_PATH)md2.obj \
 	$(CRYPTO_PATH)md5.obj \
 	$(CRYPTO_PATH)rc4.obj \
+	$(CRYPTO_PATH)rsa.obj \
 	$(CRYPTO_PATH)sha1.obj
 
 OBJ=\
 	$(AXTLS_SSL_PATH)asn1.obj \
 	$(AXTLS_SSL_PATH)x509.obj \
-	$(AXTLS_SSL_PATH)bigint.obj \
-	$(AXTLS_SSL_PATH)crypto_misc.obj \
 	$(AXTLS_SSL_PATH)os_port.obj \
 	$(AXTLS_SSL_PATH)loader.obj \
 	$(AXTLS_SSL_PATH)openssl.obj \
 	$(AXTLS_SSL_PATH)p12.obj \
-	$(AXTLS_SSL_PATH)rsa.obj \
 	$(AXTLS_SSL_PATH)tls1.obj \
 	$(AXTLS_SSL_PATH)tls1_svr.obj \
 	$(AXTLS_SSL_PATH)tls1_clnt.obj
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 9eaf543595..db71fe1304 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -58,6 +58,7 @@
 
 static int g_port = 19001;
 
+#if 0
 /**************************************************************************
  * AES tests 
  * 
@@ -102,7 +103,7 @@ static int AES_test(BI_CTX *bi_ctx)
                 enc_data, sizeof(enc_data));
         if (memcmp(enc_data, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: AES ENCRYPT #1 failed\n");
+            printf("Error: AES ENCRYPT #1 failed\n");
             goto end;
         }
 
@@ -112,7 +113,7 @@ static int AES_test(BI_CTX *bi_ctx)
 
         if (memcmp(dec_data, in_str, sizeof(dec_data)))
         {
-            fprintf(stderr, "Error: AES DECRYPT #1 failed\n");
+            printf("Error: AES DECRYPT #1 failed\n");
             goto end;
         }
     }
@@ -151,7 +152,7 @@ static int AES_test(BI_CTX *bi_ctx)
 
         if (memcmp(enc_data, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: ENCRYPT #2 failed\n");
+            printf("Error: ENCRYPT #2 failed\n");
             goto end;
         }
 
@@ -160,7 +161,7 @@ static int AES_test(BI_CTX *bi_ctx)
         AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
         if (memcmp(dec_data, in_data, sizeof(dec_data)))
         {
-            fprintf(stderr, "Error: DECRYPT #2 failed\n");
+            printf("Error: DECRYPT #2 failed\n");
             goto end;
         }
     }
@@ -232,7 +233,7 @@ static int RC4_test(BI_CTX *bi_ctx)
 
         if (memcmp(data[i], output[i], data_len[i]))
         {
-            fprintf(stderr, "Error: RC4 CRYPT #%d failed\n", i);
+            printf("Error: RC4 CRYPT #%d failed\n", i);
             goto end;
         }
     }
@@ -268,7 +269,7 @@ static int SHA1_test(BI_CTX *bi_ctx)
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: SHA1 #1 failed\n");
+            printf("Error: SHA1 #1 failed\n");
             goto end;
         }
     }
@@ -286,7 +287,7 @@ static int SHA1_test(BI_CTX *bi_ctx)
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: SHA1 #2 failed\n");
+            printf("Error: SHA1 #2 failed\n");
             goto end;
         }
     }
@@ -322,7 +323,7 @@ static int MD5_test(BI_CTX *bi_ctx)
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: MD5 #1 failed\n");
+            printf("Error: MD5 #1 failed\n");
             goto end;
         }
     }
@@ -340,7 +341,7 @@ static int MD5_test(BI_CTX *bi_ctx)
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
-            fprintf(stderr, "Error: MD5 #2 failed\n");
+            printf("Error: MD5 #2 failed\n");
             goto end;
         }
     }
@@ -481,7 +482,7 @@ static int RSA_test(void)
         "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
         "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
     uint8_t enc_data[128], dec_data[128];
-    RSA_CTX *rsa_ctx;
+    RSA_CTX *rsa_ctx = NULL;
     BI_CTX *bi_ctx;
     bigint *plaintext_bi;
     bigint *enc_data_bi, *dec_data_bi;
@@ -512,7 +513,7 @@ static int RSA_test(void)
 
     if (memcmp(dec_data, plaintext, strlen(plaintext)))
     {
-        fprintf(stderr, "Error: DECRYPT #1 failed\n");
+        printf("Error: DECRYPT #1 failed\n");
         goto end;
     }
 
@@ -520,7 +521,7 @@ static int RSA_test(void)
     size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
     if (memcmp("abc", dec_data2, 3))
     {
-        fprintf(stderr, "Error: ENCRYPT/DECRYPT #2 failed\n");
+        printf("Error: ENCRYPT/DECRYPT #2 failed\n");
         goto end;
     }
 
@@ -642,8 +643,11 @@ static int cert_tests(void)
     printf("All Certificate tests passed\n");
 
 bad_cert:
+    if (res)
+        printf("Error: A certificate test failed\n");
     return res;
 }
+#endif
 
 /**
  * init a server socket.
@@ -751,7 +755,6 @@ static void do_client(client_t *clnt)
 }
 
 static int SSL_server_test(
-        SVR_CTX *svr_test_ctx,
         const char *testname, 
         const char *openssl_option, 
         const char *device_cert, 
@@ -778,11 +781,6 @@ static int SSL_server_test(
     if ((server_fd = server_socket_init(&g_port)) < 0)
         goto error;
 
-    if (private_key)
-    {
-        axolotls_option |= SSL_NO_DEFAULT_KEY;
-    }
-
     if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
     {
         ret = SSL_ERROR_INVALID_KEY;
@@ -883,6 +881,7 @@ static int SSL_server_test(
 
 error:
     ssl_ctx_free(ssl_ctx);
+printf("RES %d\n", ret); TTY_FLUSH();
     return ret;
 }
 
@@ -893,21 +892,21 @@ int SSL_server_tests(void)
     SVR_CTX svr_test_ctx;
     memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
 
-    printf("### starting server tests\n");
+    printf("### starting server tests\n"); TTY_FLUSH();
 
     /* Go through the algorithms */
 
     /* 
      * TLS1 client hello 
      */
-    if ((ret = SSL_server_test(NULL, "TLSv1", "-cipher RC4-SHA -tls1", 
+    if ((ret = SSL_server_test("TLSv1", "-cipher RC4-SHA -tls1", 
                     NULL, NULL, NULL, NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
     /*
      * AES128-SHA
      */
-    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+    if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", 
                     DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
                     DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -915,7 +914,7 @@ int SSL_server_tests(void)
     /*
      * AES256-SHA
      */
-    if ((ret = SSL_server_test(NULL, "AES256-SHA", "-cipher AES128-SHA", 
+    if ((ret = SSL_server_test("AES256-SHA", "-cipher AES128-SHA", 
                     DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
                     DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -923,7 +922,7 @@ int SSL_server_tests(void)
     /*
      * RC4-SHA
      */
-    if ((ret = SSL_server_test(NULL, "RC4-SHA", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("RC4-SHA", "-cipher RC4-SHA", 
                 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
                 DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -931,7 +930,7 @@ int SSL_server_tests(void)
     /*
      * RC4-MD5
      */
-    if ((ret = SSL_server_test(NULL, "RC4-MD5", "-cipher RC4-MD5", 
+    if ((ret = SSL_server_test("RC4-MD5", "-cipher RC4-MD5", 
                 DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
                 DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -940,7 +939,7 @@ int SSL_server_tests(void)
      * Session Reuse
      * all the session id's should match for session resumption.
      */
-    if ((ret = SSL_server_test(NULL, "Session Reuse", 
+    if ((ret = SSL_server_test("Session Reuse", 
                     "-cipher RC4-SHA -reconnect", 
                     DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
                     DEFAULT_SVR_OPTION)))
@@ -949,7 +948,7 @@ int SSL_server_tests(void)
     /* 
      * 512 bit RSA key 
      */
-    if ((ret = SSL_server_test(NULL, "512 bit key", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("512 bit key", "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_512.cer", NULL, 
                     "../ssl/test/axTLS.key_512",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
@@ -958,7 +957,7 @@ int SSL_server_tests(void)
     /* 
      * 1024 bit RSA key (check certificate chaining)
      */
-    if ((ret = SSL_server_test(NULL, "1024 bit key", 
+    if ((ret = SSL_server_test("1024 bit key", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_device.cer", 
                     "../ssl/test/axTLS.x509_512.cer", 
@@ -969,7 +968,7 @@ int SSL_server_tests(void)
     /* 
      * 2048 bit RSA key 
      */
-    if ((ret = SSL_server_test(NULL, "2048 bit key", 
+    if ((ret = SSL_server_test("2048 bit key", 
                     "-cipher RC4-SHA",
                     "../ssl/test/axTLS.x509_2048.cer", NULL, 
                     "../ssl/test/axTLS.key_2048",
@@ -979,7 +978,7 @@ int SSL_server_tests(void)
     /* 
      * 4096 bit RSA key 
      */
-    if ((ret = SSL_server_test(NULL, "4096 bit key", 
+    if ((ret = SSL_server_test("4096 bit key", 
                     "-cipher RC4-SHA",
                     "../ssl/test/axTLS.x509_4096.cer", NULL, 
                     "../ssl/test/axTLS.key_4096",
@@ -989,7 +988,7 @@ int SSL_server_tests(void)
     /* 
      * Client Verification
      */
-    if ((ret = SSL_server_test(NULL, "Client Verification", 
+    if ((ret = SSL_server_test("Client Verification", 
                     "-cipher RC4-SHA -tls1 "
                     "-cert ../ssl/test/axTLS.x509_2048.pem "
                     "-key ../ssl/test/axTLS.key_2048.pem ",
@@ -1001,7 +1000,7 @@ int SSL_server_tests(void)
     /* this test should fail */
     if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
     {
-        if ((ret = SSL_server_test(NULL, "Bad Before Cert", 
+        if ((ret = SSL_server_test("Bad Before Cert", 
                     "-cipher RC4-SHA -tls1 "
                     "-cert ../ssl/test/axTLS.x509_bad_before.pem "
                     "-key ../ssl/test/axTLS.key_512.pem ",
@@ -1017,7 +1016,7 @@ int SSL_server_tests(void)
     }
 
     /* this test should fail */
-    if ((ret = SSL_server_test(NULL, "Bad After Cert", 
+    if ((ret = SSL_server_test("Bad After Cert", 
                     "-cipher RC4-SHA -tls1 "
                     "-cert ../ssl/test/axTLS.x509_bad_after.pem "
                     "-key ../ssl/test/axTLS.key_512.pem ",
@@ -1033,7 +1032,7 @@ int SSL_server_tests(void)
     /* 
      * Key in PEM format
      */
-    if ((ret = SSL_server_test(NULL, "Key in PEM format",
+    if ((ret = SSL_server_test("Key in PEM format",
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_512.cer", NULL, 
                     "../ssl/test/axTLS.key_512.pem", NULL,
@@ -1043,7 +1042,7 @@ int SSL_server_tests(void)
     /* 
      * Cert in PEM format
      */
-    if ((ret = SSL_server_test(NULL, "Cert in PEM format", 
+    if ((ret = SSL_server_test("Cert in PEM format", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_512.pem", NULL, 
                     "../ssl/test/axTLS.key_512.pem", NULL,
@@ -1053,7 +1052,7 @@ int SSL_server_tests(void)
     /* 
      * Cert chain in PEM format
      */
-    if ((ret = SSL_server_test(NULL, "Cert chain in PEM format", 
+    if ((ret = SSL_server_test("Cert chain in PEM format", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_device.pem", 
                     NULL, "../ssl/test/axTLS.device_key.pem",
@@ -1063,7 +1062,7 @@ int SSL_server_tests(void)
     /* 
      * AES128 Encrypted key 
      */
-    if ((ret = SSL_server_test(NULL, "AES128 encrypted key", 
+    if ((ret = SSL_server_test("AES128 encrypted key", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_aes128.pem", NULL, 
                     "../ssl/test/axTLS.key_aes128.pem",
@@ -1073,7 +1072,7 @@ int SSL_server_tests(void)
     /* 
      * AES256 Encrypted key 
      */
-    if ((ret = SSL_server_test(NULL, "AES256 encrypted key", 
+    if ((ret = SSL_server_test("AES256 encrypted key", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_aes256.pem", NULL, 
                     "../ssl/test/axTLS.key_aes256.pem",
@@ -1083,7 +1082,7 @@ int SSL_server_tests(void)
     /* 
      * AES128 Encrypted invalid key 
      */
-    if ((ret = SSL_server_test(NULL, "AES128 encrypted invalid key", 
+    if ((ret = SSL_server_test("AES128 encrypted invalid key", 
                     "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_aes128.pem", NULL, 
                     "../ssl/test/axTLS.key_aes128.pem",
@@ -1096,7 +1095,7 @@ int SSL_server_tests(void)
     /*
      * PKCS#8 key (encrypted)
      */
-    if ((ret = SSL_server_test(NULL, "pkcs#8 encrypted", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("pkcs#8 encrypted", "-cipher RC4-SHA", 
                 DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -1104,7 +1103,7 @@ int SSL_server_tests(void)
     /*
      * PKCS#8 key (unencrypted)
      */
-    if ((ret = SSL_server_test(NULL, "pkcs#8 unencrypted", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA", 
                 DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
                 NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -1112,12 +1111,12 @@ int SSL_server_tests(void)
     /*
      * PKCS#12 key/certificate
      */
-    if ((ret = SSL_server_test(NULL, "pkcs#12 with CA", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher RC4-SHA", 
                 NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
-    if ((ret = SSL_server_test(NULL, "pkcs#12 no CA", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher RC4-SHA", 
                 DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
@@ -1126,7 +1125,11 @@ int SSL_server_tests(void)
 
 cleanup:
     if (ret)
-        fprintf(stderr, "Error: A server test failed\n");
+    {
+        printf("Error: A server test failed\n"); TTY_FLUSH();
+        exit(1);
+    }
+
     return ret;
 }
 
@@ -1200,11 +1203,6 @@ static int SSL_client_test(
 
     if (*ssl_ctx == NULL)
     {
-        if (private_key)
-        {
-            client_options |= SSL_NO_DEFAULT_KEY;
-        }
-
         if ((*ssl_ctx = ssl_ctx_new(
                             client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
         {
@@ -1453,7 +1451,7 @@ int SSL_client_tests(void)
 
 cleanup:
     if (ret)
-        fprintf(stderr, "Error: A client test failed\n");
+        printf("Error: A client test failed\n");
 
     return ret;
 }
@@ -1462,6 +1460,7 @@ int SSL_client_tests(void)
  * SSL Basic Testing (test a big packet handshake)
  *
  **************************************************************************/
+#if 0
 static uint8_t basic_buf[256*1024];
 
 static void do_basic(void)
@@ -1572,6 +1571,7 @@ static int SSL_basic_test(void)
     ssl_ctx_free(ssl_svr_ctx);
     return ret;
 }
+#endif
 
 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
 /**************************************************************************
@@ -1792,7 +1792,7 @@ static int header_issue(void)
 int main(int argc, char *argv[])
 {
     int ret = 1;
-    BI_CTX *bi_ctx;
+    //BI_CTX *bi_ctx;
     int fd;
 
 #ifdef WIN32
@@ -1807,6 +1807,7 @@ int main(int argc, char *argv[])
     dup2(fd, 2);
 #endif
 
+#if 0
     bi_ctx = bi_initialize();
 
     if (AES_test(bi_ctx))
@@ -1881,6 +1882,7 @@ int main(int argc, char *argv[])
         goto cleanup;
 
     system("sh ../ssl/test/killopenssl.sh");
+#endif
 
     if (SSL_server_tests())
         goto cleanup;
@@ -1898,9 +1900,7 @@ int main(int argc, char *argv[])
 cleanup:
 
     if (ret)
-    {
-        fprintf(stderr, "Error: Some tests failed!\n");
-    }
+        printf("Error: Some tests failed!\n");
 
     close(fd);
     return ret;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6dc67bd133..cd01cbdff4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -38,14 +38,6 @@
 #include <stdarg.h>
 #include "ssl.h"
 
-/* Don't import the default key/certificate if not used */
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-static const    /* saves a few bytes and RAM */
-#include "cert.h"
-static const    /* saves a few more bytes */
-#include "private_key.h"
-#endif
-         
 /* The session expiry time */
 #define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
 
@@ -173,22 +165,19 @@ EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 {
     SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
     ssl_ctx->options = options;
+
+    if (load_key_certs(ssl_ctx) < 0)
+    {
+        free(ssl_ctx);  /* can't load our key/certificate pair, so die */
+        return NULL;
+    }
+
 #ifndef CONFIG_SSL_SKELETON_MODE
     ssl_ctx->num_sessions = num_sessions;
 #endif
 
     SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
 
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-    if (~options & SSL_NO_DEFAULT_KEY)
-    {
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key, 
-                default_private_key_len, NULL);
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
-                    default_certificate, default_certificate_len, NULL);
-    }
-#endif
-
 #ifndef CONFIG_SSL_SKELETON_MODE
     if (num_sessions)
     {
@@ -197,10 +186,6 @@ EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
     }
 #endif
 
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
-#endif
-
     return ssl_ctx;
 }
 
@@ -397,7 +382,12 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     int i = 0;
     int offset;
     X509_CTX *cert = NULL;
-    CA_CERT_CTX *ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+    CA_CERT_CTX *ca_cert_ctx;
+
+    if (ssl_ctx->ca_cert_ctx == NULL)
+        ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+
+    ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 
     while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
         i++;
@@ -418,11 +408,14 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     cert = ca_cert_ctx->cert[i];
     SSL_CTX_LOCK(ssl_ctx->mutex);
 
-    if ((ret = x509_verify(ca_cert_ctx, cert)))
+    if ((ret = x509_verify(ca_cert_ctx, cert)) != X509_VFY_ERROR_SELF_SIGNED)
     {
         SSL_CTX_UNLOCK(ssl_ctx->mutex);
         x509_free(cert);        /* get rid of it */
         ca_cert_ctx->cert[i] = NULL;
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: %s\n", x509_display_error(ret));
+#endif
         goto error;
     }
 
@@ -1484,6 +1477,7 @@ int send_certificate(SSL *ssl)
 
     while (i < ssl->ssl_ctx->chain_length)
     {
+        X509_CTX *cert_ctx;
         SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
         buf[offset++] = 0;        
         buf[offset++] = cert->size >> 8;        /* cert 1 length */
@@ -1491,6 +1485,10 @@ int send_certificate(SSL *ssl)
         memcpy(&buf[offset], cert->buf, cert->size);
         offset += cert->size;
         i++;
+        // TODO: get rid of these
+        x509_new(cert->buf, &cert->size, &cert_ctx);
+        x509_print(cert_ctx, NULL);
+        x509_free(cert_ctx);
     }
 
     chain_length = offset - 7;
@@ -1765,7 +1763,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
         ret = ssl_verify_cert(ssl);
     }
 
-    DISPLAY_CERT(ssl, "process_certificate", *x509_ctx);
+    DISPLAY_CERT(ssl, *x509_ctx);
     ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
     ssl->dc->bm_proc_index += offset;
 error:
@@ -1846,19 +1844,19 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
 /**
  * Debugging routine to display X509 certificates.
  */
-void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx)
+void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx)
 {
     if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
         return;
 
-    x509_print(ssl->ssl_ctx->ca_cert_ctx, x509_ctx);
+    x509_print(x509_ctx, ssl->ssl_ctx->ca_cert_ctx);
     TTY_FLUSH();
 }
 
 /**
  * Debugging routine to display RSA objects
  */
-void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx)
+void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
 {
     if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
         return;
@@ -1897,8 +1895,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     /* X509 error? */
     if (error_code < SSL_X509_OFFSET)
     {
-        x509_display_error(error_code - SSL_X509_OFFSET);
-        printf("\n");
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
         return;
     }
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 4280cb2ac4..af4dc115b6 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -172,7 +172,7 @@ struct _SSL
     uint16_t bm_read_index;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
-    struct _SSL_CTX *ssl_ctx;            /* back reference to a clnt/svr ctx */
+    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t session_index;
     SSL_SESS *session;
@@ -243,6 +243,7 @@ int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
 void ssl_obj_free(SSLObjLoader *ssl_obj);
 int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int load_key_certs(SSL_CTX *ssl_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
 void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
@@ -255,8 +256,8 @@ int do_client_connect(SSL *ssl);
 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
 void DISPLAY_BYTES(SSL *ssl, const char *format, 
         const uint8_t *data, int size, ...);
-void DISPLAY_CERT(SSL *ssl, const char *label, const X509_CTX *x509_ctx);
-void DISPLAY_RSA(SSL *ssl, const char *label, const RSA_CTX *rsa_ctx);
+void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
 void DISPLAY_ALERT(SSL *ssl, int alert);
 #else
 #define DISPLAY_STATE(A,B,C,D)
diff --git a/ssl/x509.c b/ssl/x509.c
index 81617066ef..a51ed1bb53 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -118,7 +118,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (either SHA1 or MD5) */
+    /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
     if (x509_ctx->sig_type == SIG_TYPE_MD5)
     {
         MD5_CTX md5_ctx;
@@ -224,7 +224,6 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
 
     bi_export(ctx, decrypted_bi, block, sig_len);
-    print_blob("SIGNATURE", block, sig_len);
     ctx->mod_offset = BIGINT_M_OFFSET;
 
     i = 10; /* start at the first possible non-padded byte */
@@ -234,9 +233,6 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     /* get only the bit we want */
     if (size > 0)
     {
-        FILE *f = fopen("blah.dat", "w");
-        fwrite(&block[i], sig_len-i, 1, f);
-        fclose(f);
         int len;
         const uint8_t *sig_ptr = get_signature(&block[i], &len);
 
@@ -271,6 +267,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     bigint *mod, *expn;
     struct timeval tv;
     int match_ca_cert = 0;
+    uint8_t is_self_signed = 0;
 
     if (cert == NULL || ca_cert_ctx == NULL)
     {
@@ -279,7 +276,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     }
 
     /* last cert in the chain - look for a trusted cert */
-    if (cert->next == NULL)
+    if (cert->next == NULL && ca_cert_ctx)
     {
         while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
         {
@@ -287,17 +284,15 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
                                         ca_cert_ctx->cert[i]->cert_dn) == 0)
             {
                 match_ca_cert = 1;
+                next_cert = ca_cert_ctx->cert[i];
                 break;
             }
 
             i++;
         }
 
-        if (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            next_cert = ca_cert_ctx->cert[i];
-        }
-        else    /* trusted cert not found */
+        /* trusted cert not found */
+        if (i >= CONFIG_X509_MAX_CA_CERTS)
         {
             ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
             goto end_verify;
@@ -325,31 +320,37 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     }
 
     /* check the chain integrity */
-    if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn))
+    if (next_cert && !match_ca_cert &&
+               asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) == 0)
     {
         ret = X509_VFY_ERROR_INVALID_CHAIN;
         goto end_verify;
     }
 
+    ctx = cert->rsa_ctx->bi_ctx;
+
     /* check for self-signing */
-    if (!match_ca_cert && asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
     {
-        ret = X509_VFY_ERROR_SELF_SIGNED;
-        goto end_verify;
+        is_self_signed = 1;
+        mod = cert->rsa_ctx->m;
+        expn = cert->rsa_ctx->e;
+    }
+    else
+    {
+        mod = next_cert->rsa_ctx->m;
+        expn = next_cert->rsa_ctx->e;
     }
 
     /* check the signature */
-    ctx = cert->rsa_ctx->bi_ctx;
-    mod = next_cert->rsa_ctx->m;
-    expn = next_cert->rsa_ctx->e;
     cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
             bi_clone(ctx, mod), bi_clone(ctx, expn));
 
-    if (cert_sig)
+    if (cert_sig && cert->digest)
     {
-        ret = cert->digest ?    /* check the signature */
-            bi_compare(cert_sig, cert->digest) :
-            X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        if (bi_compare(cert_sig, cert->digest))
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
+
         bi_free(ctx, cert_sig);
 
         if (ret)
@@ -361,6 +362,12 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         goto end_verify;
     }
 
+    if (is_self_signed)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
     /* go down the certificate chain using recursion. */
     if (ret == 0 && cert->next)
     {
@@ -376,7 +383,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
 /**
  * Used for diagnostics.
  */
-void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
 {
     if (cert == NULL)
         return;
@@ -436,14 +443,12 @@ void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
             break;
     }
 
-    printf("Verify:\t\t\t");
-
     if (ca_cert_ctx)
     {
-        x509_display_error(x509_verify(ca_cert_ctx, cert));
+        printf("Verify:\t\t\t%s\n",
+                x509_display_error(x509_verify(ca_cert_ctx, cert)));
     }
 
-    printf("\n");
 #if 0
     print_blob("Signature", cert->signature, cert->sig_len);
     bi_print("Modulus", cert->rsa_ctx->m);
@@ -452,48 +457,52 @@ void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
 
     if (ca_cert_ctx)
     {
-        x509_print(ca_cert_ctx, cert->next);
+        x509_print(cert->next, ca_cert_ctx);
     }
 }
 
-void x509_display_error(int error)
+const char * x509_display_error(int error)
 {
     switch (error)
     {
         case X509_NOT_OK:
-            printf("X509 not ok");
+            return "X509 not ok";
             break;
 
         case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            printf("No trusted cert is available");
+            return "No trusted cert is available";
             break;
 
         case X509_VFY_ERROR_BAD_SIGNATURE:
-            printf("Bad signature");
+            return "Bad signature";
             break;
 
         case X509_VFY_ERROR_NOT_YET_VALID:
-            printf("Cert is not yet valid");
+            return "Cert is not yet valid";
             break;
 
         case X509_VFY_ERROR_EXPIRED:
-            printf("Cert has expired");
+            return "Cert has expired";
             break;
 
         case X509_VFY_ERROR_SELF_SIGNED:
-            printf("Cert is self-signed");
+            return "Cert is self-signed";
             break;
 
         case X509_VFY_ERROR_INVALID_CHAIN:
-            printf("Chain is invalid (check order of certs)");
+            return "Chain is invalid (check order of certs)";
             break;
 
         case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            printf("Unsupported digest");
+            return "Unsupported digest";
             break;
 
         case X509_INVALID_PRIV_KEY:
-            printf("Invalid private key");
+            return "Invalid private key";
+            break;
+
+        default:
+            return "Unknown";
             break;
     }
 }
diff --git a/www/index.html b/www/index.html
index 75fe4731b0..707b1af734 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,7 +7086,7 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200711060908" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8 (yet to be released)@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200711271156" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Certificates can now be automatically generated (the keys still need to be provided).\n* Certificate/keys can be loaded automatically given a file location.\n* ~SSL_NO_DEFAULT_KEY has been removed (it is now largely redundant).\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200711050226" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2007, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 785380660e616d25b7ebb52fd4490f95c85aa2b6 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Dec 2007 08:01:12 +0000
Subject: [PATCH 121/301] finishing touches to cert generation

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@144 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile           |   1 +
 config/axhttpd.aip |  18 ++--
 config/linuxconfig |   9 ++
 config/win32config | 237 +++++++++++++++++++++++----------------------
 crypto/crypto.h    |   2 +-
 httpd/axhttp.h     |   1 -
 ssl/Config.in      |  20 ++--
 ssl/asn1.c         |   2 +-
 ssl/cert.h         |  86 ++++++++--------
 ssl/gen_cert.c     |  10 +-
 ssl/loader.c       |  21 ++--
 ssl/os_port.h      |   2 +-
 ssl/private_key.h  | 108 ++++++++++-----------
 ssl/ssl.h          |   6 +-
 ssl/test/Makefile  |   5 +-
 ssl/test/ssltest.c |  50 +++++++---
 ssl/tls1.c         |   7 +-
 ssl/tls1.h         |   5 +-
 ssl/tls1_clnt.c    |   4 +-
 ssl/tls1_svr.c     |   4 +-
 ssl/x509.c         |  50 +++++-----
 www/index.html     |   4 +-
 22 files changed, 347 insertions(+), 305 deletions(-)

diff --git a/Makefile b/Makefile
index f6948de35f..02c33d2482 100644
--- a/Makefile
+++ b/Makefile
@@ -82,6 +82,7 @@ docs:
 
 # build the Win32 demo release version
 win32_demo:
+	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
 	$(MAKE) win32releaseconf
 
 install: $(PREFIX) all
diff --git a/config/axhttpd.aip b/config/axhttpd.aip
index 5d1a2254f8..412fe3b4d1 100755
--- a/config/axhttpd.aip
+++ b/config/axhttpd.aip
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="5.2.2" modules="freeware" RootPath="." Language="en">
+<DOCUMENT type="Advanced Installer" CreateVersion="3.9" version="6.0.1" modules="freeware" RootPath="." Language="en">
   <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
     <ROW Property="ALLUSERS" Value="2"/>
     <ROW Property="ARPCOMMENTS" Value="This installer database contains the logic and data required to install &lt;product name&gt;." ValueLocId="*"/>
@@ -8,10 +8,10 @@
     <ROW Property="BannerBitmap" Value="default_banner.bmp" Type="1"/>
     <ROW Property="DialogBitmap" Value="default_dialog.bmp" Type="1"/>
     <ROW Property="Manufacturer" Value="axTLS" ValueLocId="*"/>
-    <ROW Property="ProductCode" Value="1033:{E8FE72D8-1458-4F35-9759-EEBE44D96732} "/>
+    <ROW Property="ProductCode" Value="1033:{F49FFA19-C243-4627-BE13-7DEDA4E700D0} "/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="Axhttpd" ValueLocId="*"/>
-    <ROW Property="ProductVersion" Value="1.1.7"/>
+    <ROW Property="ProductVersion" Value="1.1.8"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
     <ROW Property="UpgradeCode" Value="{93E5623E-740C-449C-9770-EDABD392868D}"/>
   </COMPONENT>
@@ -51,8 +51,8 @@
     <ROW File="axtls.dll" Component_="axtls.dll" FileName="axtls.dll" Attributes="0" SourcePath="..\_stage\axtls.dll" SelfReg="false" Sequence="3"/>
     <ROW File="axtls.lib" Component_="axtls.jar" FileName="axtls.lib" Attributes="0" SourcePath="..\_stage\axtls.lib" SelfReg="false" Sequence="4"/>
     <ROW File="axtls.static.lib" Component_="axtls.jar" FileName="axtlss~1.lib|axtls.static.lib" Attributes="0" SourcePath="..\_stage\axtls.static.lib" SelfReg="false" Sequence="5"/>
-    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\ssl\bigint.h" SelfReg="false" Sequence="12"/>
-    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\ssl\bigint_impl.h" SelfReg="false" Sequence="9"/>
+    <ROW File="bigint.h" Component_="bigint.h" FileName="bigint.h" Attributes="0" SourcePath="..\crypto\bigint.h" SelfReg="false" Sequence="12"/>
+    <ROW File="bigint_impl.h" Component_="bigint.h" FileName="bigint~1.h|bigint_impl.h" Attributes="0" SourcePath="..\crypto\bigint_impl.h" SelfReg="false" Sequence="9"/>
     <ROW File="crypto.h" Component_="bigint.h" FileName="crypto.h" Attributes="0" SourcePath="..\crypto\crypto.h" SelfReg="false" Sequence="10"/>
     <ROW File="crypto_misc.h" Component_="bigint.h" FileName="crypto~1.h|crypto_misc.h" Attributes="0" SourcePath="..\ssl\crypto_misc.h" SelfReg="false" Sequence="21"/>
     <ROW File="favicon.ico" Component_="favicon.ico" FileName="favicon.ico" Attributes="0" SourcePath="..\www\favicon.ico" SelfReg="false" Sequence="6"/>
@@ -69,7 +69,7 @@
     <ROW File="tls1.h" Component_="bigint.h" FileName="tls1.h" Attributes="0" SourcePath="..\ssl\tls1.h" SelfReg="false" Sequence="11"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
-    <ROW BuildName="DefaultBuild" BuildOrder="1" BuildType="0" InstallationType="4"/>
+    <ROW BuildKey="DefaultBuild" BuildName="DefaultBuild" BuildOrder="1" BuildType="0" InstallationType="4"/>
     <ATTRIBUTE name="CurrentBuild" value="DefaultBuild"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
@@ -105,15 +105,15 @@
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
     <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
-    <ROW Action="AI_PREPARE_UPGRADE" Type="1" Source="aicustact.dll" Target="PrepareUpgrade"/>
-    <ROW Action="AI_RESTORE_LOCATION" Type="1" Source="aicustact.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="65" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="65" Source="aicustact.dll" Target="RestoreLocation"/>
     <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
     <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]" MultiBuildTarget="DefaultBuild:[ProgramFilesFolder][ProductName]"/>
     <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
     <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
-    <ROW Name="controlPanelIcon.exe" SourcePath="..\www\favicon.ico" Index="0"/>
+    <ROW Name="controlPanelIcon.exe" SourcePath="..\..\axhttpd\www\favicon.ico" Index="0"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
     <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
diff --git a/config/linuxconfig b/config/linuxconfig
index 949ac051b6..9068c5b0b6 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -12,6 +12,7 @@ CONFIG_PLATFORM_LINUX=y
 #
 PREFIX="/usr/local"
 # CONFIG_DEBUG is not set
+CONFIG_STRIP_UNWANTED_SECTIONS=y
 # CONFIG_VISUAL_STUDIO_7_0 is not set
 # CONFIG_VISUAL_STUDIO_8_0 is not set
 CONFIG_VISUAL_STUDIO_7_0_BASE=""
@@ -31,6 +32,13 @@ CONFIG_SSL_FULL_MODE=y
 CONFIG_SSL_PROT_MEDIUM=y
 # CONFIG_SSL_PROT_HIGH is not set
 CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_PRIVATE_KEY_LOCATION=""
+CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
+CONFIG_SSL_X509_CERT_LOCATION=""
+CONFIG_SSL_GENERATE_X509_CERT=y
+CONFIG_SSL_X509_COMMON_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
 CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
 CONFIG_SSL_HAS_PEM=y
 CONFIG_SSL_USE_PKCS12=y
@@ -62,6 +70,7 @@ CONFIG_HTTP_HAS_CGI=y
 CONFIG_HTTP_CGI_EXTENSIONS=".lua,.lp"
 CONFIG_HTTP_ENABLE_LUA=y
 CONFIG_HTTP_LUA_PREFIX="/usr/local"
+CONFIG_HTTP_LUA_CGI_LAUNCHER="/bin/cgi"
 # CONFIG_HTTP_BUILD_LUA is not set
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
diff --git a/config/win32config b/config/win32config
index 8640ea0f7e..cfff8094ac 100644
--- a/config/win32config
+++ b/config/win32config
@@ -1,117 +1,120 @@
-#
-# Automatically generated make config: don't edit
-#
-HAVE_DOT_CONFIG=y
-# CONFIG_PLATFORM_LINUX is not set
-# CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
-CONFIG_PLATFORM_WIN32=y
-
-#
-# General Configuration
-#
-PREFIX=""
-# CONFIG_DEBUG is not set
-# CONFIG_STRIP_UNWANTED_SECTIONS is not set
-
-#
-# Microsoft Compiler Options
-#
-# CONFIG_VISUAL_STUDIO_7_0 is not set
-CONFIG_VISUAL_STUDIO_8_0=y
-CONFIG_VISUAL_STUDIO_7_0_BASE=""
-CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
-CONFIG_EXTRA_CFLAGS_OPTIONS=""
-CONFIG_EXTRA_LDFLAGS_OPTIONS=""
-
-#
-# SSL Library
-#
-# CONFIG_SSL_SERVER_ONLY is not set
-# CONFIG_SSL_CERT_VERIFICATION is not set
-# CONFIG_SSL_ENABLE_CLIENT is not set
-CONFIG_SSL_FULL_MODE=y
-# CONFIG_SSL_SKELETON_MODE is not set
-# CONFIG_SSL_PROT_LOW is not set
-CONFIG_SSL_PROT_MEDIUM=y
-# CONFIG_SSL_PROT_HIGH is not set
-CONFIG_SSL_USE_DEFAULT_KEY=y
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
-CONFIG_SSL_HAS_PEM=y
-CONFIG_SSL_USE_PKCS12=y
-CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
-# CONFIG_SSL_CTX_MUTEXING is not set
-# CONFIG_USE_DEV_URANDOM is not set
-CONFIG_WIN32_USE_CRYPTO_LIB=y
-# CONFIG_OPENSSL_COMPATIBLE is not set
-# CONFIG_PERFORMANCE_TESTING is not set
-# CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
-
-#
-# Axhttpd Configuration
-#
-# CONFIG_HTTP_STATIC_BUILD is not set
-CONFIG_HTTP_PORT=80
-CONFIG_HTTP_HTTPS_PORT=443
-CONFIG_HTTP_SESSION_CACHE_SIZE=5
-CONFIG_HTTP_WEBROOT="www"
-CONFIG_HTTP_TIMEOUT=300
-
-#
-# CGI
-#
-# CONFIG_HTTP_HAS_CGI is not set
-CONFIG_HTTP_CGI_EXTENSIONS=""
-# CONFIG_HTTP_ENABLE_LUA is not set
-CONFIG_HTTP_LUA_PREFIX=""
-CONFIG_HTTP_LUA_CGI_LAUNCHER=""
-# CONFIG_HTTP_BUILD_LUA is not set
-CONFIG_HTTP_DIRECTORIES=y
-CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_CHANGE_UID is not set
-# CONFIG_HTTP_HAS_IPV6 is not set
-CONFIG_HTTP_VERBOSE=y
-# CONFIG_HTTP_IS_DAEMON is not set
-
-#
-# Language Bindings
-#
-# CONFIG_BINDINGS is not set
-# CONFIG_CSHARP_BINDINGS is not set
-# CONFIG_VBNET_BINDINGS is not set
-CONFIG_DOT_NET_FRAMEWORK_BASE=""
-# CONFIG_JAVA_BINDINGS is not set
-CONFIG_JAVA_HOME=""
-# CONFIG_PERL_BINDINGS is not set
-CONFIG_PERL_CORE=""
-CONFIG_PERL_LIB=""
-# CONFIG_LUA_BINDINGS is not set
-CONFIG_LUA_CORE=""
-
-#
-# Samples
-#
-CONFIG_SAMPLES=y
-CONFIG_C_SAMPLES=y
-# CONFIG_CSHARP_SAMPLES is not set
-# CONFIG_VBNET_SAMPLES is not set
-# CONFIG_JAVA_SAMPLES is not set
-# CONFIG_PERL_SAMPLES is not set
-# CONFIG_LUA_SAMPLES is not set
-
-#
-# BigInt Options
-#
-# CONFIG_BIGINT_CLASSICAL is not set
-# CONFIG_BIGINT_MONTGOMERY is not set
-CONFIG_BIGINT_BARRETT=y
-CONFIG_BIGINT_CRT=y
-# CONFIG_BIGINT_KARATSUBA is not set
-MUL_KARATSUBA_THRESH=0
-SQU_KARATSUBA_THRESH=0
-CONFIG_BIGINT_SLIDING_WINDOW=y
-CONFIG_BIGINT_SQUARE=y
-# CONFIG_BIGINT_CHECK_ON is not set
+#
+# Automatically generated make config: don't edit
+#
+HAVE_DOT_CONFIG=y
+# CONFIG_PLATFORM_LINUX is not set
+# CONFIG_PLATFORM_CYGWIN is not set
+# CONFIG_PLATFORM_SOLARIS is not set
+CONFIG_PLATFORM_WIN32=y
+
+#
+# General Configuration
+#
+PREFIX=""
+# CONFIG_DEBUG is not set
+# CONFIG_STRIP_UNWANTED_SECTIONS is not set
+
+#
+# Microsoft Compiler Options
+#
+# CONFIG_VISUAL_STUDIO_7_0 is not set
+CONFIG_VISUAL_STUDIO_8_0=y
+CONFIG_VISUAL_STUDIO_7_0_BASE=""
+CONFIG_VISUAL_STUDIO_8_0_BASE="c:\\Program Files\\Microsoft Visual Studio 8"
+CONFIG_EXTRA_CFLAGS_OPTIONS=""
+CONFIG_EXTRA_LDFLAGS_OPTIONS=""
+
+#
+# SSL Library
+#
+# CONFIG_SSL_SERVER_ONLY is not set
+# CONFIG_SSL_CERT_VERIFICATION is not set
+# CONFIG_SSL_ENABLE_CLIENT is not set
+CONFIG_SSL_FULL_MODE=y
+# CONFIG_SSL_SKELETON_MODE is not set
+# CONFIG_SSL_PROT_LOW is not set
+CONFIG_SSL_PROT_MEDIUM=y
+# CONFIG_SSL_PROT_HIGH is not set
+CONFIG_SSL_USE_DEFAULT_KEY=y
+CONFIG_SSL_PRIVATE_KEY_LOCATION=""
+CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
+CONFIG_SSL_X509_CERT_LOCATION=""
+CONFIG_SSL_GENERATE_X509_CERT=y
+CONFIG_SSL_X509_COMMON_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_NAME=""
+CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
+CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+CONFIG_SSL_HAS_PEM=y
+CONFIG_SSL_USE_PKCS12=y
+CONFIG_SSL_EXPIRY_TIME=24
+CONFIG_X509_MAX_CA_CERTS=4
+CONFIG_SSL_MAX_CERTS=2
+# CONFIG_SSL_CTX_MUTEXING is not set
+# CONFIG_USE_DEV_URANDOM is not set
+CONFIG_WIN32_USE_CRYPTO_LIB=y
+# CONFIG_OPENSSL_COMPATIBLE is not set
+# CONFIG_PERFORMANCE_TESTING is not set
+# CONFIG_SSL_TEST is not set
+CONFIG_AXHTTPD=y
+
+#
+# Axhttpd Configuration
+#
+# CONFIG_HTTP_STATIC_BUILD is not set
+CONFIG_HTTP_PORT=80
+CONFIG_HTTP_HTTPS_PORT=443
+CONFIG_HTTP_SESSION_CACHE_SIZE=5
+CONFIG_HTTP_WEBROOT="www"
+CONFIG_HTTP_TIMEOUT=300
+# CONFIG_HTTP_HAS_CGI is not set
+CONFIG_HTTP_CGI_EXTENSIONS=""
+# CONFIG_HTTP_ENABLE_LUA is not set
+CONFIG_HTTP_LUA_PREFIX=""
+CONFIG_HTTP_LUA_CGI_LAUNCHER=""
+# CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_DIRECTORIES=y
+CONFIG_HTTP_HAS_AUTHORIZATION=y
+# CONFIG_HTTP_CHANGE_UID is not set
+# CONFIG_HTTP_HAS_IPV6 is not set
+CONFIG_HTTP_VERBOSE=y
+# CONFIG_HTTP_IS_DAEMON is not set
+
+#
+# Language Bindings
+#
+# CONFIG_BINDINGS is not set
+# CONFIG_CSHARP_BINDINGS is not set
+# CONFIG_VBNET_BINDINGS is not set
+CONFIG_DOT_NET_FRAMEWORK_BASE=""
+# CONFIG_JAVA_BINDINGS is not set
+CONFIG_JAVA_HOME=""
+# CONFIG_PERL_BINDINGS is not set
+CONFIG_PERL_CORE=""
+CONFIG_PERL_LIB=""
+# CONFIG_LUA_BINDINGS is not set
+CONFIG_LUA_CORE=""
+
+#
+# Samples
+#
+CONFIG_SAMPLES=y
+CONFIG_C_SAMPLES=y
+# CONFIG_CSHARP_SAMPLES is not set
+# CONFIG_VBNET_SAMPLES is not set
+# CONFIG_JAVA_SAMPLES is not set
+# CONFIG_PERL_SAMPLES is not set
+# CONFIG_LUA_SAMPLES is not set
+
+#
+# BigInt Options
+#
+# CONFIG_BIGINT_CLASSICAL is not set
+# CONFIG_BIGINT_MONTGOMERY is not set
+CONFIG_BIGINT_BARRETT=y
+CONFIG_BIGINT_CRT=y
+# CONFIG_BIGINT_KARATSUBA is not set
+MUL_KARATSUBA_THRESH=0
+SQU_KARATSUBA_THRESH=0
+CONFIG_BIGINT_SLIDING_WINDOW=y
+CONFIG_BIGINT_SQUARE=y
+# CONFIG_BIGINT_CHECK_ON is not set
diff --git a/crypto/crypto.h b/crypto/crypto.h
index a4e6086580..5c95f21596 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -198,7 +198,7 @@ void RSA_free(RSA_CTX *ctx);
 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
         int is_decryption);
 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
         bigint *modulus, bigint *pub_exp);
 bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 62a36fd035..cc277f1a6d 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -28,7 +28,6 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "os_port.h"
 #include "ssl.h"
 
 #define BACKLOG 15
diff --git a/ssl/Config.in b/ssl/Config.in
index 05d88688c4..25cee495e4 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -144,7 +144,7 @@ config CONFIG_SSL_PRIVATE_KEY_PASSWORD
 
 config CONFIG_SSL_X509_CERT_LOCATION
     string "X.509 certificate file location"
-    depends on !CONFIG_SSL_GENERATE_X509_CERT && !CONFIG_SSL_SKELETON_MODE
+    depends on !CONFIG_SSL_GENERATE_X509_CERT && !CONFIG_SSL_USE_DEFAULT_KEY && !CONFIG_SSL_SKELETON_MODE
     help
         The file location of the X.509 certificate which will be automatically
         loaded on a ssl_ctx_new().
@@ -156,10 +156,13 @@ config CONFIG_SSL_GENERATE_X509_CERT
         An X.509 certificate can be automatically generated on a
         ssl_ctx_new(). A private key still needs to be provided (the private
         key in ss/private_key.h will be used unless 
-        CONFIG_SSL_PRIVATE_KEY_LOCATION is set.
+        CONFIG_SSL_PRIVATE_KEY_LOCATION is set).
 
         The certificate is generated on the fly, and so a minor start-up time
-        penalty is to be expected.
+        penalty is to be expected. This feature adds around 5kB to the
+        library.
+
+        This feature is disabled by default.
 
 config CONFIG_SSL_X509_COMMON_NAME
     string "X.509 Common Name"
@@ -168,7 +171,7 @@ config CONFIG_SSL_X509_COMMON_NAME
         The common name for the X.509 certificate. This should in theory be
         the URL for server.
 
-        If this is blank, then the hostname is used.
+        If this is blank, then this will be value from gethostname().
 
 config CONFIG_SSL_X509_ORGANIZATION_NAME
     string "X.509 Organization Name"
@@ -176,14 +179,15 @@ config CONFIG_SSL_X509_ORGANIZATION_NAME
     help
         The organization name for the generated X.509 certificate. 
 
-        If this is blank, then $USERNAME will be used.
+        If this is blank, then $USERDOMAIN will be used.
 
 config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
     string "X.509 Organization Unit Name"
     depends on CONFIG_SSL_GENERATE_X509_CERT
     help
-        The organization unit name for the generated X.509 certificate. This
-        field is optional.
+        The organization unit name for the generated X.509 certificate. 
+
+        This field is optional.
 
 config CONFIG_SSL_ENABLE_V23_HANDSHAKE
     bool "Enable v23 Handshake"
@@ -322,7 +326,7 @@ config CONFIG_PERFORMANCE_TESTING
 config CONFIG_SSL_TEST
     bool "Build the SSL testing tool"
     default n
-    depends on CONFIG_SSL_FULL_MODE
+    depends on CONFIG_SSL_FULL_MODE && !CONFIG_SSL_GENERATE_X509_CERT 
     help
         Used for sanity checking the SSL handshaking.
 
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 0fa9820e67..1639040d0c 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -112,7 +112,7 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
     if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
         goto end_int_array;
 
-    if (buf[*offset] == 0x00)    /* ignore the negative byte */
+    if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
     {
         len--;
         (*offset)++;
diff --git a/ssl/cert.h b/ssl/cert.h
index 972a9e4b5e..7a85d2d843 100644
--- a/ssl/cert.h
+++ b/ssl/cert.h
@@ -1,43 +1,43 @@
-unsigned char default_certificate[] = {
-  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
-  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
-  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
-  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
-  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
-  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
-  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
-  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
-  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
-  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
-  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
-  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
-  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
-  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
-  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
-  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
-  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
-  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
-  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
-  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
-  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
-  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
-  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
-  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
-  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
-  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
-  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
-  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
-  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
-  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
-  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
-  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
-  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
-  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
-};
-unsigned int default_certificate_len = 475;
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
+  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
+  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
+  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
+  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
+  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
+  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
+  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
+  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
+  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
+  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
+  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
+  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
+  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
+  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
+  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
+  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
+  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
+  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
+  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
+  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
+  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
+  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
+  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
+  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
+};
+unsigned int default_certificate_len = 475;
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index f58463ca05..faad29b0fa 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -195,14 +195,14 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
         goto error;
 
     if (dn[X509_ORGANIZATION] == NULL || strlen(dn[X509_ORGANIZATION]) == 0)
-        dn[X509_ORGANIZATION] = getenv("USERNAME");
+        dn[X509_ORGANIZATION] = getenv("USERDOMAIN");
 
     if (dn[X509_ORGANIZATION] != NULL && 
             ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset))))
         goto error;
 
     if (dn[X509_ORGANIZATIONAL_TYPE] != NULL &&
-                                strlen(dn[X509_ORGANIZATIONAL_TYPE]) != 0)
+                                strlen(dn[X509_ORGANIZATIONAL_TYPE]) > 0)
     {
         if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_TYPE], 11, buf, offset)))
             goto error;
@@ -219,8 +219,8 @@ static const uint8_t time_seq[] =
     ASN1_SEQUENCE, 30, 
     ASN1_UTC_TIME, 13, 
     '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
-    ASN1_UTC_TIME, 13,  /* make it good for 40 or so years */
-    '4', '9', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+    ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
+    '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
 };
 
 static void gen_utc_time(uint8_t *buf, int *offset)
@@ -342,7 +342,7 @@ static int gen_tbs_cert(const char * dn[],
 /**
  * Create a new certificate.
  */
-EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, const char * dn[], uint32_t options, uint8_t **cert_data)
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data)
 {
     int ret = X509_OK, offset = 0, seq_offset;
     /* allocate enough space to load a new certificate */
diff --git a/ssl/loader.c b/ssl/loader.c
index 4909d06288..a6e4d94fb0 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -395,6 +395,16 @@ int load_key_certs(SSL_CTX *ssl_ctx)
 {
     int ret = SSL_OK;
     uint32_t options = ssl_ctx->options;
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    uint8_t *cert_data = NULL;
+    int cert_size;
+    static const char *dn[] = 
+    {
+        CONFIG_SSL_X509_COMMON_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    };
+#endif
 
     /* do the private key first */
     if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
@@ -417,16 +427,7 @@ int load_key_certs(SSL_CTX *ssl_ctx)
 
     /* now load the certificate */
 #ifdef CONFIG_SSL_GENERATE_X509_CERT 
-    uint8_t *cert_data;
-    int cert_size;
-    static const char *dn[] = 
-    {
-        CONFIG_SSL_X509_COMMON_NAME,
-        CONFIG_SSL_X509_ORGANIZATION_NAME,
-        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
-    };
-
-    if ((cert_size = ssl_x509_create(ssl_ctx, dn, &cert_data)) < 0)
+    if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
     {
         ret = cert_size;
         goto error;
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 8b47e36641..139850468d 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -99,7 +99,7 @@ extern "C" {
 #define strdup(A)               _strdup(A)
 #define chroot(A)               _chdir(A)
 #define chdir(A)                _chdir(A)
-#define alloca(A)                _alloca(A)
+#define alloca(A)               _alloca(A)
 #ifndef lseek
 #define lseek(A,B,C)            _lseek(A,B,C)
 #endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
index 1ce34d6744..96a5253312 100644
--- a/ssl/private_key.h
+++ b/ssl/private_key.h
@@ -1,54 +1,54 @@
-unsigned char default_private_key[] = {
-  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
-  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
-  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
-  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
-  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
-  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
-  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
-  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
-  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
-  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
-  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
-  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
-  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
-  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
-  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
-  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
-  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
-  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
-  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
-  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
-  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
-  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
-  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
-  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
-  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
-  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
-  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
-  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
-  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
-  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
-  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
-  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
-  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
-  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
-  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
-  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
-  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
-  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
-  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
-  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
-  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
-  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
-  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
-  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
-  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
-  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
-  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
-  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
-  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
-  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
-  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
-};
-unsigned int default_private_key_len = 609;
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
+  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
+  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
+  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
+  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
+  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
+  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
+  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
+  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
+  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
+  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
+  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
+  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
+  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
+  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
+  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
+  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
+  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
+  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
+  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
+  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
+  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
+  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
+  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
+  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
+  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
+  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
+  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
+  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
+  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
+  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
+  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
+  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
+  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
+  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
+  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
+  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
+  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
+  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
+  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
+  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
+  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
+  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
+  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
+  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
+  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
+  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
+  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
+  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
+  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 103c28b877..539d0a3058 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -439,9 +439,10 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const u
  * @brief Create an X.509 certificate. 
  * 
  * This certificate is a self-signed v1 cert with a fixed start/stop validity 
- * times. It is also signed with the private key in ssl_ctx->rsa_ctx.
+ * times. It is signed with an internal private key in ssl_ctx.
  *
  * @param ssl_ctx [in] The client/server context.
+ * @param options [in] Not used yet.
  * @param dn [in] An array of distinguished name strings. The array is defined
  * by:
  * - SSL_X509_CERT_COMMON_NAME (0)
@@ -452,12 +453,11 @@ EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const u
  *        will be used.
  * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
  *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
- * @param options [in] Not used yet.
  * @param cert_data [out] The certificate as a sequence of bytes.
  * @return < 0 if an error, or the size of the certificate in bytes.
  * @note cert_data must be freed when there is no more need for it.
  */
-EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, const char * dn[], uint32_t options, uint8_t **cert_data);
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
 #endif
 
 /**
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 42465600f0..56c711f197 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -75,11 +75,12 @@ CRYPTO_OBJ=\
 
 OBJ=\
 	$(AXTLS_SSL_PATH)asn1.obj \
-	$(AXTLS_SSL_PATH)x509.obj \
-	$(AXTLS_SSL_PATH)os_port.obj \
+	$(AXTLS_SSL_PATH)gen_cert.obj \
 	$(AXTLS_SSL_PATH)loader.obj \
 	$(AXTLS_SSL_PATH)openssl.obj \
+	$(AXTLS_SSL_PATH)os_port.obj \
 	$(AXTLS_SSL_PATH)p12.obj \
+	$(AXTLS_SSL_PATH)x509.obj \
 	$(AXTLS_SSL_PATH)tls1.obj \
 	$(AXTLS_SSL_PATH)tls1_svr.obj \
 	$(AXTLS_SSL_PATH)tls1_clnt.obj
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index db71fe1304..a97a5b578c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -58,7 +58,6 @@
 
 static int g_port = 19001;
 
-#if 0
 /**************************************************************************
  * AES tests 
  * 
@@ -647,7 +646,6 @@ static int cert_tests(void)
         printf("Error: A certificate test failed\n");
     return res;
 }
-#endif
 
 /**
  * init a server socket.
@@ -781,6 +779,11 @@ static int SSL_server_test(
     if ((server_fd = server_socket_init(&g_port)) < 0)
         goto error;
 
+    if (private_key)
+    {
+        axolotls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
     if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
     {
         ret = SSL_ERROR_INVALID_KEY;
@@ -881,7 +884,6 @@ static int SSL_server_test(
 
 error:
     ssl_ctx_free(ssl_ctx);
-printf("RES %d\n", ret); TTY_FLUSH();
     return ret;
 }
 
@@ -1126,9 +1128,14 @@ int SSL_server_tests(void)
 cleanup:
     if (ret)
     {
-        printf("Error: A server test failed\n"); TTY_FLUSH();
+        printf("Error: A server test failed\n");
+        ssl_display_error(ret);
         exit(1);
     }
+    else
+    {
+        printf("All server tests passed\n"); TTY_FLUSH();
+    }
 
     return ret;
 }
@@ -1203,6 +1210,11 @@ static int SSL_client_test(
 
     if (*ssl_ctx == NULL)
     {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
         if ((*ssl_ctx = ssl_ctx_new(
                             client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
         {
@@ -1402,7 +1414,7 @@ int SSL_client_tests(void)
                     &ssl_ctx,
                     "-cert ../ssl/test/axTLS.x509_device.pem "
                     "-key ../ssl/test/axTLS.device_key.pem "
-                    "-CAfile ../ssl/test/axTLS.x509_512.pem", NULL,
+                    "-CAfile ../ssl/test/axTLS.x509_512.pem ", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
@@ -1414,7 +1426,8 @@ int SSL_client_tests(void)
                     "-CAfile ../ssl/test/axTLS.ca_x509.pem "
                     "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
                     "../ssl/test/axTLS.key_1024", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")))
+                    "../ssl/test/axTLS.x509_1024.cer")) 
+                        != SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
         goto cleanup;
 
     /* Should get an "ERROR" from openssl (as the handshake fails as soon as
@@ -1451,7 +1464,15 @@ int SSL_client_tests(void)
 
 cleanup:
     if (ret)
+    {
+        ssl_display_error(ret);
         printf("Error: A client test failed\n");
+        exit(1);
+    }
+    else
+    {
+        printf("All client tests passed\n"); TTY_FLUSH();
+    }
 
     return ret;
 }
@@ -1460,7 +1481,6 @@ int SSL_client_tests(void)
  * SSL Basic Testing (test a big packet handshake)
  *
  **************************************************************************/
-#if 0
 static uint8_t basic_buf[256*1024];
 
 static void do_basic(void)
@@ -1483,6 +1503,7 @@ static void do_basic(void)
     /* check the return status */
     if (ssl_handshake_status(ssl_clnt) < 0)
     {
+        printf("YA YA\n");
         ssl_display_error(ssl_handshake_status(ssl_clnt));
         goto error;
     }
@@ -1571,7 +1592,6 @@ static int SSL_basic_test(void)
     ssl_ctx_free(ssl_svr_ctx);
     return ret;
 }
-#endif
 
 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
 /**************************************************************************
@@ -1725,7 +1745,7 @@ int multi_thread_test(void)
     SOCKET_CLOSE(server_fd);
     return res;
 }
-#endif
+#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ 
 
 /**************************************************************************
  * Header issue
@@ -1792,7 +1812,7 @@ static int header_issue(void)
 int main(int argc, char *argv[])
 {
     int ret = 1;
-    //BI_CTX *bi_ctx;
+    BI_CTX *bi_ctx;
     int fd;
 
 #ifdef WIN32
@@ -1807,7 +1827,12 @@ int main(int argc, char *argv[])
     dup2(fd, 2);
 #endif
 
-#if 0
+    /* can't do testing in this mode */
+#if defined CONFIG_SSL_GENERATE_X509_CERT
+    printf("Error: Must compile with default key/certificates\n");
+    exit(1);
+#endif
+
     bi_ctx = bi_initialize();
 
     if (AES_test(bi_ctx))
@@ -1882,7 +1907,6 @@ int main(int argc, char *argv[])
         goto cleanup;
 
     system("sh ../ssl/test/killopenssl.sh");
-#endif
 
     if (SSL_server_tests())
         goto cleanup;
@@ -1891,7 +1915,7 @@ int main(int argc, char *argv[])
 
     if (header_issue())
     {
-        printf("Header tests failed\n");
+        printf("Header tests failed\n"); TTY_FLUSH();
         goto cleanup;
     }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index cd01cbdff4..d84df3fb45 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -414,7 +414,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
         x509_free(cert);        /* get rid of it */
         ca_cert_ctx->cert[i] = NULL;
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: %s\n", x509_display_error(ret));
+        printf("Error: %s\n", x509_display_error(ret)); TTY_FLUSH();
 #endif
         goto error;
     }
@@ -1477,7 +1477,6 @@ int send_certificate(SSL *ssl)
 
     while (i < ssl->ssl_ctx->chain_length)
     {
-        X509_CTX *cert_ctx;
         SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
         buf[offset++] = 0;        
         buf[offset++] = cert->size >> 8;        /* cert 1 length */
@@ -1485,10 +1484,6 @@ int send_certificate(SSL *ssl)
         memcpy(&buf[offset], cert->buf, cert->size);
         offset += cert->size;
         i++;
-        // TODO: get rid of these
-        x509_new(cert->buf, &cert->size, &cert_ctx);
-        x509_print(cert_ctx, NULL);
-        x509_free(cert_ctx);
     }
 
     chain_length = offset - 7;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index af4dc115b6..05258ed0de 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -42,6 +42,7 @@ extern "C" {
 
 #include "version.h"
 #include "crypto.h"
+#include "os_port.h"
 #include "crypto_misc.h"
 
 #define SSL_RANDOM_SIZE             32
@@ -261,8 +262,8 @@ void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
 void DISPLAY_ALERT(SSL *ssl, int alert);
 #else
 #define DISPLAY_STATE(A,B,C,D)
-#define DISPLAY_CERT(A,B,C)
-#define DISPLAY_RSA(A,B,C)
+#define DISPLAY_CERT(A,B)
+#define DISPLAY_RSA(A,B)
 #define DISPLAY_ALERT(A, B)
 #ifdef WIN32
 void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b1a58ca133..91314333c0 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -305,7 +305,7 @@ static int send_client_key_xchg(SSL *ssl)
     premaster_secret[0] = 0x03; /* encode the version number */
     premaster_secret[1] = 0x01;
     get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
-    DISPLAY_RSA(ssl, "send_client_key_xchg", ssl->x509_ctx->rsa_ctx);
+    DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
 
     /* rsa_ctx->bi_ctx is not thread-safe */
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
@@ -351,7 +351,7 @@ static int send_cert_verify(SSL *ssl)
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
     int n = 0, ret;
 
-    DISPLAY_RSA(ssl, "send_cert_verify", rsa_ctx);
+    DISPLAY_RSA(ssl, rsa_ctx);
 
     buf[0] = HS_CERT_VERIFY;
     buf[1] = 0;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 26813692d7..3a79c31c94 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -378,7 +378,7 @@ static int process_client_key_xchg(SSL *ssl)
     int offset = 4;
     int ret = SSL_OK;
     
-    DISPLAY_RSA(ssl, "process_client_key_xchg", rsa_ctx);
+    DISPLAY_RSA(ssl, rsa_ctx);
 
     /* is there an extra size field? */
     if ((secret_length - 2) == rsa_ctx->num_octets)
@@ -444,7 +444,7 @@ static int process_cert_verify(SSL *ssl)
 
     PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
 
-    DISPLAY_RSA(ssl, "process_cert_verify", x509_ctx->rsa_ctx);
+    DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
 
     /* rsa_ctx->bi_ctx is not thread-safe */
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
diff --git a/ssl/x509.c b/ssl/x509.c
index a51ed1bb53..758f3f0e11 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -264,7 +264,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     bigint *cert_sig;
     X509_CTX *next_cert = NULL;
     BI_CTX *ctx;
-    bigint *mod, *expn;
+    bigint *mod = NULL, *expn = NULL;
     struct timeval tv;
     int match_ca_cert = 0;
     uint8_t is_self_signed = 0;
@@ -319,14 +319,6 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         goto end_verify;
     }
 
-    /* check the chain integrity */
-    if (next_cert && !match_ca_cert &&
-               asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) == 0)
-    {
-        ret = X509_VFY_ERROR_INVALID_CHAIN;
-        goto end_verify;
-    }
-
     ctx = cert->rsa_ctx->bi_ctx;
 
     /* check for self-signing */
@@ -336,30 +328,42 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         mod = cert->rsa_ctx->m;
         expn = cert->rsa_ctx->e;
     }
-    else
+    else if (next_cert != NULL)
     {
         mod = next_cert->rsa_ctx->m;
         expn = next_cert->rsa_ctx->e;
+
+        /* check the chain integrity */
+        if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
+        {
+            ret = X509_VFY_ERROR_INVALID_CHAIN;
+            goto end_verify;
+        }
     }
 
     /* check the signature */
-    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
-            bi_clone(ctx, mod), bi_clone(ctx, expn));
-
-    if (cert_sig && cert->digest)
+    if (mod != NULL)
     {
-        if (bi_compare(cert_sig, cert->digest))
-            ret = X509_VFY_ERROR_BAD_SIGNATURE;
+        cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
+                bi_clone(ctx, mod), bi_clone(ctx, expn));
 
-        bi_free(ctx, cert_sig);
+        if (cert_sig && cert->digest)
+        {
+            if (bi_compare(cert_sig, cert->digest))
+            {
+                ret = X509_VFY_ERROR_BAD_SIGNATURE;
+            }
+
+            bi_free(ctx, cert_sig);
 
-        if (ret)
+            if (ret)
+                goto end_verify;
+        }
+        else
+        {
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
             goto end_verify;
-    }
-    else
-    {
-        ret = X509_VFY_ERROR_BAD_SIGNATURE;
-        goto end_verify;
+        }
     }
 
     if (is_self_signed)
diff --git a/www/index.html b/www/index.html
index 707b1af734..9628314f00 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,12 +7086,12 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200711271156" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Certificates can now be automatically generated (the keys still need to be provided).\n* Certificate/keys can be loaded automatically given a file location.\n* ~SSL_NO_DEFAULT_KEY has been removed (it is now largely redundant).\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call ssl_get_session_id_size() and a change to ssl_client_new() to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* vfork() is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="200712020715" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programmatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200711050226" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2007, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="200709100637" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly some stuff.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="200712020712" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From 31efa0083113a053f509207e42f74615560c9293 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Dec 2007 22:15:46 +0000
Subject: [PATCH 122/301] changes for 1.1.8

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@145 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in   |  3 ---
 config/linuxconfig |  1 -
 config/win32config |  1 -
 crypto/rsa.c       |  3 ++-
 httpd/Config.in    | 10 +-------
 httpd/axhttp.h     |  2 +-
 httpd/axhttpd.c    |  4 ----
 httpd/proc.c       |  2 +-
 ssl/Config.in      |  7 +++---
 ssl/asn1.c         |  6 ++---
 ssl/crypto_misc.h  |  2 +-
 ssl/gen_cert.c     | 19 +++++++++------
 ssl/os_port.c      | 16 +++++++++++++
 ssl/os_port.h      |  4 +---
 ssl/test/ssltest.c | 18 +++++++-------
 ssl/tls1.c         |  9 +++++--
 ssl/x509.c         | 58 ++++++++++++++++++++--------------------------
 17 files changed, 82 insertions(+), 83 deletions(-)

diff --git a/config/Config.in b/config/Config.in
index 4721ac4463..dc40756465 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -19,9 +19,6 @@ config CONFIG_PLATFORM_LINUX
 config CONFIG_PLATFORM_CYGWIN
     bool "Cygwin"
 
-config CONFIG_PLATFORM_SOLARIS
-    bool "Solaris"
-
 config CONFIG_PLATFORM_WIN32
     bool "Win32"
 
diff --git a/config/linuxconfig b/config/linuxconfig
index 9068c5b0b6..614fdd80e4 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -74,7 +74,6 @@ CONFIG_HTTP_LUA_CGI_LAUNCHER="/bin/cgi"
 # CONFIG_HTTP_BUILD_LUA is not set
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_CHANGE_UID is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
 # CONFIG_HTTP_VERBOSE is not set
 # CONFIG_HTTP_IS_DAEMON is not set
diff --git a/config/win32config b/config/win32config
index cfff8094ac..6c8d607126 100644
--- a/config/win32config
+++ b/config/win32config
@@ -74,7 +74,6 @@ CONFIG_HTTP_LUA_CGI_LAUNCHER=""
 # CONFIG_HTTP_BUILD_LUA is not set
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
-# CONFIG_HTTP_CHANGE_UID is not set
 # CONFIG_HTTP_HAS_IPV6 is not set
 CONFIG_HTTP_VERBOSE=y
 # CONFIG_HTTP_IS_DAEMON is not set
diff --git a/crypto/rsa.c b/crypto/rsa.c
index c0dcb0355b..31627bb319 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -79,11 +79,12 @@ void RSA_pub_key_new(RSA_CTX **ctx,
         const uint8_t *pub_exp, int pub_len)
 {
     RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx = bi_initialize();
+    BI_CTX *bi_ctx;
 
     if (*ctx)   /* if we load multiple certs, dump the old one */
         RSA_free(*ctx);
 
+    bi_ctx = bi_initialize();
     *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
     rsa_ctx = *ctx;
     rsa_ctx->bi_ctx = bi_ctx;
diff --git a/httpd/Config.in b/httpd/Config.in
index ad66e2a167..c43eaa7776 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -59,6 +59,7 @@ depends on !CONFIG_PLATFORM_WIN32
 config CONFIG_HTTP_HAS_CGI
     bool "Enable CGI"
     default y
+    depends on !CONFIG_PLATFORM_WIN32
     help
         Enable the CGI capability. Not available on Win32 platforms.
 
@@ -119,15 +120,6 @@ config CONFIG_HTTP_HAS_AUTHORIZATION
     help
         Pages/directories can have passwords associated with them.
 
-config CONFIG_HTTP_CHANGE_UID
-    bool "Change UID"
-    default n
-    depends on !CONFIG_PLATFORM_WIN32
-    help
-        Call setgid()/setuid() to disable access to protected files.
-        
-        This feature is normally disabled.
-
 config CONFIG_HTTP_HAS_IPV6
     bool "Enable IPv6"
     default n
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index cc277f1a6d..73c299fb14 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -41,7 +41,7 @@
 #define BLOCKSIZE                           4096
 
 #define INITIAL_CONNECTION_SLOTS            10
-#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     0 
+#define CONFIG_HTTP_DEFAULT_SSL_OPTIONS     SSL_DISPLAY_CERTS
 
 #define STATE_WANT_TO_READ_HEAD             1
 #define STATE_WANT_TO_SEND_HEAD             2
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index de408022e2..23b7f6d539 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -187,10 +187,6 @@ int main(int argc, char *argv[])
     ax_chdir();
 
 #ifndef WIN32 
-#ifdef CONFIG_HTTP_CHANGE_UID
-    setgid(32767);
-    setuid(32767);
-#endif
 #ifdef CONFIG_HTTP_IS_DAEMON
     if (fork() > 0)  /* parent will die */
         exit(0);
diff --git a/httpd/proc.c b/httpd/proc.c
index f27dfabec1..30a2ee21c6 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -321,7 +321,7 @@ void procreadhead(struct connstruct *cn)
         /* If we have a blank line, advance to next stage */
         if (*next == '\r' || *next == '\n') 
         {
-#ifndef WIN32
+#if defined(CONFIG_HTTP_HAS_CGI)
             if (cn->reqtype == TYPE_POST && cn->content_length > 0)
             {
                 if (init_read_post_data(buf,next,cn,rv) == 0)
diff --git a/ssl/Config.in b/ssl/Config.in
index 25cee495e4..825d97d943 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -168,10 +168,11 @@ config CONFIG_SSL_X509_COMMON_NAME
     string "X.509 Common Name"
     depends on CONFIG_SSL_GENERATE_X509_CERT
     help
-        The common name for the X.509 certificate. This should in theory be
-        the URL for server.
+        The common name for the X.509 certificate. This should be the fully 
+        qualified domain name (FQDN), e.g. www.foo.com.
 
-        If this is blank, then this will be value from gethostname().
+        If this is blank, then this will be value from gethostname() and
+        getdomainname().
 
 config CONFIG_SSL_X509_ORGANIZATION_NAME
     string "X.509 Organization Name"
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 1639040d0c..7d4d36e173 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -132,10 +132,10 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
 {
     int offset = 7;
-    uint8_t *modulus, *priv_exp, *pub_exp;
+    uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
     int mod_len, priv_len, pub_len;
 #ifdef CONFIG_BIGINT_CRT
-    uint8_t *p, *q, *dP, *dQ, *qInv;
+    uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
     int p_len, q_len, dP_len, dQ_len, qInv_len;
 #endif
 
@@ -348,7 +348,7 @@ int asn1_name(const uint8_t *cert, int *offset, char *dn[])
 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK, mod_len, pub_len;
-    uint8_t *modulus, *pub_exp;
+    uint8_t *modulus = NULL, *pub_exp = NULL;
 
     if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
             asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 3ceb9d1fc8..dc1f6e1455 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -62,7 +62,7 @@ extern "C" {
 #define X509_NUM_DN_TYPES                   3
 #define X509_COMMON_NAME                    0
 #define X509_ORGANIZATION                   1
-#define X509_ORGANIZATIONAL_TYPE            2
+#define X509_ORGANIZATIONAL_UNIT            2
 
 struct _x509_ctx
 {
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index faad29b0fa..856dc3ac02 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -182,13 +182,18 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
     int seq_offset;
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
-    char hostname[128];
+    char fqdn[128]; 
 
-    /* we need the common name, so if not configured, use the hostname */
+    /* we need the common name, so if not configured, work out the fully
+     * qualified domain name */
     if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
     {
-        gethostname(hostname, sizeof(hostname));
-        dn[X509_COMMON_NAME] = hostname;
+        int fqdn_len;
+        gethostname(fqdn, sizeof(fqdn));
+        fqdn_len = strlen(fqdn);
+        fqdn[fqdn_len++] = '.';
+        getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+        dn[X509_COMMON_NAME] = fqdn;
     }
 
     if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
@@ -201,10 +206,10 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
             ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset))))
         goto error;
 
-    if (dn[X509_ORGANIZATIONAL_TYPE] != NULL &&
-                                strlen(dn[X509_ORGANIZATIONAL_TYPE]) > 0)
+    if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
+                                strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
     {
-        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_TYPE], 11, buf, offset)))
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 11, buf, offset)))
             goto error;
     }
 
diff --git a/ssl/os_port.c b/ssl/os_port.c
index cddbea32a2..6a71000b47 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -72,6 +72,22 @@ EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
     return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
 }
 
+
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
+{
+    HKEY hKey;
+    unsigned long datatype;
+    unsigned long bufferlength = buf_size;
+
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+            TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
+                        0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        return -1;
+
+    RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
+    RegCloseKey(hKey);
+    return 0; 
+}
 #endif
 
 #undef malloc
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 139850468d..262c4dd705 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -114,10 +114,7 @@ extern "C" {
  * automatically build some library dependencies.
  */
 #pragma comment(lib, "WS2_32.lib")
-
-#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
 #pragma comment(lib, "AdvAPI32.lib")
-#endif
 
 typedef UINT8 uint8_t;
 typedef INT8 int8_t;
@@ -131,6 +128,7 @@ typedef int socklen_t;
 
 EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
 EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 
 #else   /* Not Win32 */
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index a97a5b578c..c4be8966d0 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1248,6 +1248,13 @@ static int SSL_client_test(
                 goto client_test_exit;
             }
         }
+
+	if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+				"../ssl/test/axTLS.ca_x509.cer", NULL))
+        {
+            printf("could not add cert auth\n"); TTY_FLUSH();
+            goto client_test_exit;
+        }
     }
     
     if (sess_resume && !sess_resume->start_server) 
@@ -1257,16 +1264,7 @@ static int SSL_client_test(
 
     if ((client_fd = client_socket_init(g_port)) < 0)
     {
-        printf("could not start socket on %d\n", g_port);
-        TTY_FLUSH();
-        goto client_test_exit;
-    }
-
-    if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-    {
-        printf("could not add cert auth\n");
-        TTY_FLUSH();
+        printf("could not start socket on %d\n", g_port); TTY_FLUSH();
         goto client_test_exit;
     }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index d84df3fb45..c98cd7a5f9 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -353,6 +353,11 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     if ((ret = x509_new(buf, &offset, &cert)))
         goto error;
 
+#if defined (CONFIG_SSL_FULL_MODE)
+    if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+        x509_print(cert, NULL);
+#endif
+
     ssl_cert = &ssl_ctx->certs[i];
     ssl_cert->size = len;
     ssl_cert->buf = (uint8_t *)malloc(len);
@@ -448,7 +453,7 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
             return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
 
         case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_TYPE];
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
 
         case SSL_X509_CA_CERT_COMMON_NAME:
             return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
@@ -457,7 +462,7 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
             return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
 
         case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_TYPE];
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
 
         default:
             return NULL;
diff --git a/ssl/x509.c b/ssl/x509.c
index 758f3f0e11..9b41b944e8 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -387,50 +387,42 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
 /**
  * Used for diagnostics.
  */
+static const char *not_part_of_cert = "<Not Part Of Certificate>";
 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
 {
     if (cert == NULL)
         return;
 
-    printf("----------------   CERT DEBUG   ----------------\n");
-    printf("* CA Cert Distinguished Name\n");
-    if (cert->ca_cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->ca_cert_dn[X509_COMMON_NAME]);
-    }
+    printf("=== CERTIFICATE ISSUED TO ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
+                    cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
 
-    if (cert->ca_cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->ca_cert_dn[X509_ORGANIZATION]);
-    }
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
+        cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
 
-    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->ca_cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
+    printf("Organizational Unit (OU):\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
+        cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
 
-    printf("* Cert Distinguished Name\n");
-    if (cert->cert_dn[X509_COMMON_NAME])
-    {
-        printf("Common Name (CN):\t%s\n", cert->cert_dn[X509_COMMON_NAME]);
-    }
+    printf("=== CERTIFICATE ISSUED BY ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
+                    cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
 
-    if (cert->cert_dn[X509_ORGANIZATION])
-    {
-        printf("Organization (O):\t%s\n", cert->cert_dn[X509_ORGANIZATION]);
-    }
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
+        cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
 
-    if (cert->cert_dn[X509_ORGANIZATIONAL_TYPE])
-    {
-        printf("Organizational Unit (OU): %s\n", 
-                cert->cert_dn[X509_ORGANIZATIONAL_TYPE]);
-    }
+    printf("Organizational Unit (OU):\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
+        cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
 
-    printf("Not Before:\t\t%s", ctime(&cert->not_before));
-    printf("Not After:\t\t%s", ctime(&cert->not_after));
-    printf("RSA bitsize:\t\t%d\n", cert->rsa_ctx->num_octets*8);
-    printf("Sig Type:\t\t");
+    printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t\t");
     switch (cert->sig_type)
     {
         case SIG_TYPE_MD5:

From 3cd0ded46d4141f4d92ff4ca2a906a4bc5ad4d4d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 3 Dec 2007 07:27:13 +0000
Subject: [PATCH 123/301] changes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@146 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index 9628314f00..a43bd65983 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7096,7 +7096,7 @@
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="200706060303" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[/test_dir/test_variables.lp|http://127.0.0.1/test_dir/test_variables.lp]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="200712022356" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html]|http://127.0.0.1/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From bf4238d4e7b6ae146b782487f7f0cd00db7786e1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 4 Dec 2007 21:31:48 +0000
Subject: [PATCH 124/301] final touches to 1.1.8

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@147 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/c/axssl.c       |   2 +-
 samples/csharp/axssl.cs |   2 +-
 samples/java/axssl.java |   2 +-
 samples/lua/axssl.lua   |   2 +-
 samples/perl/axssl.pl   |   2 +-
 samples/vbnet/axssl.vb  |   3 +-
 ssl/Config.in           |   2 +-
 ssl/gen_cert.c          | 110 ++++++++++++++++++----------------------
 ssl/x509.c              |  12 +----
 9 files changed, 60 insertions(+), 77 deletions(-)

diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 28ea71baf1..6892ee452b 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -668,7 +668,7 @@ static void do_client(int argc, char *argv[])
                 SSL_X509_CERT_COMMON_NAME);
         if (common_name)
         {
-            printf("Common Name:\t\t%s\n", common_name);
+            printf("Common Name:\t\t\t%s\n", common_name);
         }
 
         display_session_id(ssl);
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
index 2224f89ea2..dae2b8a41f 100644
--- a/samples/csharp/axssl.cs
+++ b/samples/csharp/axssl.cs
@@ -571,7 +571,7 @@ private void do_client(int build_mode, string[] args)
 
             if (common_name != null)
             {
-                Console.WriteLine("Common Name:\t\t" + common_name);
+                Console.WriteLine("Common Name:\t\t\t" + common_name);
             }
 
             display_session_id(ssl);
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
index cc6bb711a2..2057f29662 100644
--- a/samples/java/axssl.java
+++ b/samples/java/axssl.java
@@ -562,7 +562,7 @@ else if (private_key_file.endsWith(".p12"))
 
             if (common_name != null)
             {
-                System.out.println("Common Name:\t\t" + common_name);
+                System.out.println("Common Name:\t\t\t" + common_name);
             }
 
             display_session_id(ssl);
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
index 3f37551f26..6ea26b69dd 100755
--- a/samples/lua/axssl.lua
+++ b/samples/lua/axssl.lua
@@ -482,7 +482,7 @@ function do_client(build_mode)
                             axtlsl.SSL_X509_CERT_COMMON_NAME)
 
         if common_name ~= nil then 
-            print("Common Name:\t\t"..common_name)
+            print("Common Name:\t\t\t"..common_name)
         end
 
         display_session_id(ssl)
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
index a8b4e26d97..e49d52270d 100755
--- a/samples/perl/axssl.pl
+++ b/samples/perl/axssl.pl
@@ -470,7 +470,7 @@ sub do_client
         my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
                     $axtlsp::SSL_X509_CERT_COMMON_NAME);
 
-        printf("Common Name:\t\t%s\n", $common_name) if defined $common_name;
+        printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
         display_session_id($ssl);
         display_cipher($ssl);
     }
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
index a33cc9466a..1b423c8659 100644
--- a/samples/vbnet/axssl.vb
+++ b/samples/vbnet/axssl.vb
@@ -485,7 +485,8 @@ Public Class axssl
 
             If common_name <> Nothing
                 Console.WriteLine("Common Name:" & _
-                        ControlChars.Tab & ControlChars.Tab & common_name)
+                        ControlChars.Tab & ControlChars.Tab & _
+                        ControlChars.Tab & common_name)
             End If
 
             display_session_id(ssl)
diff --git a/ssl/Config.in b/ssl/Config.in
index 825d97d943..d047d420ec 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -180,7 +180,7 @@ config CONFIG_SSL_X509_ORGANIZATION_NAME
     help
         The organization name for the generated X.509 certificate. 
 
-        If this is blank, then $USERDOMAIN will be used.
+        This field is optional.
 
 config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
     string "X.509 Organization Unit Name"
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index 856dc3ac02..a6dac7a4cb 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -39,36 +39,6 @@
  * Generate a basic X.509 certificate
  */
 
-/* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
-static const uint8_t sig_oid[] = 
-{
-    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05
-};
-
-/*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
-static const uint8_t rsa_enc_oid[] =
-{
-    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
-};
-
-/* INTEGER 65537 */
-static const uint8_t pub_key_seq[] = 
-{
-    0x02, 0x03, 0x01, 0x00, 0x01
-};
-
-/* 0x00 + SEQUENCE {
-     SEQUENCE {
-       OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
-       NULL
-       }
-     OCTET STRING */
-static const uint8_t asn1_sig[] = 
-{
-    0x30,  0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02,
-    0x1a, 0x05, 0x00, 0x04, 0x14 
-};
-
 static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
 {
     if (len < 0x80) /* short form */
@@ -129,21 +99,23 @@ static void adjust_with_size(int seq_size, int seq_start,
 
 static void gen_serial_number(uint8_t *buf, int *offset)
 {
-    buf[(*offset)++] = ASN1_INTEGER;
-    buf[(*offset)++] = 1;
-    buf[(*offset)++] = 0x7F;
+    static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F };
+    memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
+    *offset += sizeof(ser_oid);
 }
 
 static void gen_signature_alg(uint8_t *buf, int *offset)
 {
-    buf[(*offset)++] = ASN1_SEQUENCE;
-    set_gen_length(13, buf, offset);
-    buf[(*offset)++] = ASN1_OID;
-    set_gen_length(sizeof(sig_oid), buf, offset);
+    /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
+    static const uint8_t sig_oid[] = 
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, 
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+        ASN1_NULL, 0x00
+    };
+
     memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
     *offset += sizeof(sig_oid);
-    buf[(*offset)++] = ASN1_NULL;
-    buf[(*offset)++] = 0;
 }
 
 static int gen_dn(const char *name, uint8_t dn_type, 
@@ -193,18 +165,22 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
         fqdn_len = strlen(fqdn);
         fqdn[fqdn_len++] = '.';
         getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+        fqdn_len = strlen(fqdn);
+
+        if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
+            fqdn[fqdn_len-1] = 0;
+
         dn[X509_COMMON_NAME] = fqdn;
     }
 
     if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
         goto error;
 
-    if (dn[X509_ORGANIZATION] == NULL || strlen(dn[X509_ORGANIZATION]) == 0)
-        dn[X509_ORGANIZATION] = getenv("USERDOMAIN");
-
-    if (dn[X509_ORGANIZATION] != NULL && 
-            ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset))))
-        goto error;
+    if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 10, buf, offset)))
+            goto error;
+    }
 
     if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
                                 strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
@@ -219,17 +195,17 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
     return ret;
 }
 
-static const uint8_t time_seq[] = 
-{
-    ASN1_SEQUENCE, 30, 
-    ASN1_UTC_TIME, 13, 
-    '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
-    ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
-    '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
-};
-
 static void gen_utc_time(uint8_t *buf, int *offset)
 {
+    static const uint8_t time_seq[] = 
+    {
+        ASN1_SEQUENCE, 30, 
+        ASN1_UTC_TIME, 13, 
+        '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
+        ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
+        '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+    };
+
     /* fixed time */
     memcpy(&buf[*offset], time_seq, sizeof(time_seq));
     *offset += sizeof(time_seq);
@@ -237,6 +213,11 @@ static void gen_utc_time(uint8_t *buf, int *offset)
 
 static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
+    static const uint8_t pub_key_seq[] = 
+    {
+        ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
+    };
+
     int seq_offset;
     int pub_key_size = rsa_ctx->num_octets;
     uint8_t *block = (uint8_t *)alloca(pub_key_size);
@@ -272,18 +253,20 @@ static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 
 static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
+    /*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
+    static const uint8_t rsa_enc_oid[] =
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+        ASN1_NULL, 0x00
+    };
+
     int seq_offset;
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
 
-    buf[(*offset)++] = ASN1_SEQUENCE;
-    set_gen_length(13, buf, offset);
-    buf[(*offset)++] = ASN1_OID;
-    set_gen_length(sizeof(rsa_enc_oid), buf, offset);
     memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
     *offset += sizeof(rsa_enc_oid);
-    buf[(*offset)++] = ASN1_NULL;
-    buf[(*offset)++] = 0;
     gen_pub_key1(rsa_ctx, buf, offset);
     adjust_with_size(seq_size, seq_offset, buf, offset);
 }
@@ -291,6 +274,13 @@ static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
                         uint8_t *buf, int *offset)
 {
+    static const uint8_t asn1_sig[] = 
+    {
+        ASN1_SEQUENCE,  0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, 
+        0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */
+        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
+    };
+
     uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
     uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
     int sig_size;
diff --git a/ssl/x509.c b/ssl/x509.c
index 9b41b944e8..ef42e68151 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -455,6 +455,8 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     {
         x509_print(cert->next, ca_cert_ctx);
     }
+
+    TTY_FLUSH();
 }
 
 const char * x509_display_error(int error)
@@ -463,43 +465,33 @@ const char * x509_display_error(int error)
     {
         case X509_NOT_OK:
             return "X509 not ok";
-            break;
 
         case X509_VFY_ERROR_NO_TRUSTED_CERT:
             return "No trusted cert is available";
-            break;
 
         case X509_VFY_ERROR_BAD_SIGNATURE:
             return "Bad signature";
-            break;
 
         case X509_VFY_ERROR_NOT_YET_VALID:
             return "Cert is not yet valid";
-            break;
 
         case X509_VFY_ERROR_EXPIRED:
             return "Cert has expired";
-            break;
 
         case X509_VFY_ERROR_SELF_SIGNED:
             return "Cert is self-signed";
-            break;
 
         case X509_VFY_ERROR_INVALID_CHAIN:
             return "Chain is invalid (check order of certs)";
-            break;
 
         case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
             return "Unsupported digest";
-            break;
 
         case X509_INVALID_PRIV_KEY:
             return "Invalid private key";
-            break;
 
         default:
             return "Unknown";
-            break;
     }
 }
 #endif      /* CONFIG_SSL_FULL_MODE */

From d02abde904ab168c5b422cd9b4cbbb45a29a234b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 5 Mar 2008 08:47:05 +0000
Subject: [PATCH 125/301] fixed a bigint issue

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@149 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c      | 10 +++++++---
 crypto/bigint_impl.h |  4 ++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index 303c20a1c1..53a5839293 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -517,7 +517,7 @@ static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
         r = (r<<COMP_BIT_SIZE) + biR->comps[i];
         biR->comps[i] = (comp)(r / denom);
         r %= denom;
-    } while (--i != 0);
+    } while (--i >= 0);
 
     return trim(biR);
 }
@@ -947,6 +947,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
         for (j = i+1; j < t; j++)
         {
             long_comp xx = (long_comp)x[i]*x[j];
+            long_comp xx2 = 2*xx;
             long_comp blob = (long_comp)w[i+j]+carry;
 
             if (u)                  /* previous overflow */
@@ -954,13 +955,16 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
                 blob += COMP_RADIX;
             }
 
+
             u = 0;
-            if (xx & COMP_BIG_MSB)  /* check for overflow */
+            tmp = xx2 + blob;
+
+            /* check for overflow */
+            if ((COMP_MAX-xx) < xx  || (COMP_MAX-xx2) < blob)
             {
                 u = 1;
             }
 
-            tmp = 2*xx + blob;
             w[i+j] = (comp)tmp;
             carry = (comp)(tmp >> COMP_BIT_SIZE);
         }
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
index c23572733e..e2d456532d 100644
--- a/crypto/bigint_impl.h
+++ b/crypto/bigint_impl.h
@@ -44,10 +44,10 @@
 /* Architecture specific functions for big ints */
 #ifdef WIN32
 #define COMP_RADIX          4294967296i64         
-#define COMP_BIG_MSB        0x8000000000000000i64 
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFi64
 #else
 #define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
-#define COMP_BIG_MSB        0x8000000000000000ULL /**< (Max dbl comp + 1)/ 2 */
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
 #endif
 #define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
 #define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */

From bc1e70c101bcda48150b534cfb29c94af7929774 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 13 May 2008 11:32:33 +0000
Subject: [PATCH 126/301] v1.1.9-2 changes

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@150 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint_impl.h |  2 +-
 crypto/crypto_misc.c |  2 +-
 httpd/Config.in      | 14 +++++++++++
 httpd/axhttpd.c      | 23 ++++++++++++++++++
 ssl/asn1.c           | 58 ++++++++++++++++++++++++++++++++++----------
 ssl/crypto_misc.h    |  1 +
 ssl/gen_cert.c       |  2 +-
 ssl/loader.c         |  3 +--
 ssl/test/ms_iis.cer  | 13 ++++++++++
 ssl/test/ssltest.c   | 10 ++++++++
 ssl/x509.c           |  2 +-
 www/index.html       |  9 ++++---
 12 files changed, 116 insertions(+), 23 deletions(-)
 create mode 100755 ssl/test/ms_iis.cer

diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
index e2d456532d..1483154a41 100644
--- a/crypto/bigint_impl.h
+++ b/crypto/bigint_impl.h
@@ -44,7 +44,7 @@
 /* Architecture specific functions for big ints */
 #ifdef WIN32
 #define COMP_RADIX          4294967296i64         
-#define COMP_MAX            0xFFFFFFFFFFFFFFFFi64
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
 #else
 #define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
 #define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 9bddee2100..59b72ec08d 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -127,7 +127,7 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
         for (i = 0; i < size/(int)sizeof(uint64_t); i++)
             rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
 
-        srand((long)seed_buf);  /* use the stack ptr as another rnd seed */
+        srand((long)&seed_buf);  /* use the stack ptr as another rnd seed */
 #endif
     }
 
diff --git a/httpd/Config.in b/httpd/Config.in
index c43eaa7776..513d57ae30 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -129,6 +129,20 @@ config CONFIG_HTTP_HAS_IPV6
     
         Does not work under Win32
 
+config CONFIG_HTTP_ENABLE_DIFFERENT_USER
+    bool "Enable different user"
+    default n
+    depends on !CONFIG_PLATFORM_WIN32
+    help
+        Allow the web server to be run as a different user
+    
+config CONFIG_HTTP_USER
+    string "As User"
+    default "nobody"
+    depends on CONFIG_HTTP_ENABLE_DIFFERENT_USER
+    help
+        The user name that will be used to run axhttpd.
+
 config CONFIG_HTTP_VERBOSE
     bool "Verbose Mode"
     default y if CONFIG_SSL_FULL_MODE
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 23b7f6d539..35d36f64c1 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -34,6 +34,7 @@
 #include <signal.h>
 #include <stdlib.h>
 #include <sys/stat.h>
+#include <pwd.h>
 #include "axhttp.h"
 
 struct serverstruct *servers;
@@ -186,6 +187,28 @@ int main(int argc, char *argv[])
 
     ax_chdir();
 
+#ifdef CONFIG_HTTP_ENABLE_DIFFERENT_USER
+    {
+        struct passwd *pd = getpwnam(CONFIG_HTTP_USER);
+
+        if (pd != NULL)
+        {
+            int res = setuid(pd->pw_uid);
+            res |= setgid(pd->pw_gid);
+
+#if defined(CONFIG_HTTP_VERBOSE)
+            if (res == 0)
+            {
+                printf("change to '%s' successful\n", CONFIG_HTTP_USER); 
+                TTY_FLUSH();
+            }
+#endif
+        }
+
+    }
+#endif
+
+
 #ifndef WIN32 
 #ifdef CONFIG_HTTP_IS_DAEMON
     if (fork() > 0)  /* parent will die */
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 7d4d36e173..4f2e6db240 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -40,7 +40,8 @@
 #include "crypto.h"
 #include "crypto_misc.h"
 
-#define SIG_OID_PREFIX_SIZE     8
+#define SIG_OID_PREFIX_SIZE 8
+#define SIG_IIS6_OID_SIZE   5
 
 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
 static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
@@ -48,6 +49,11 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
 };
 
+static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] =
+{
+    0x2b, 0x0e, 0x03, 0x02, 0x1d
+};
+
 /* CN, O, OU */
 static const uint8_t g_dn_types[] = { 3, 10, 11 };
 
@@ -277,16 +283,34 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
     int len = X509_NOT_OK;
 
     /* some certs have this awful crud in them for some reason */
-    if (buf[*offset] != ASN1_PRINTABLE_STR && 
-            buf[*offset] != ASN1_TELETEX_STR && buf[*offset] != ASN1_IA5_STR)
+    if (buf[*offset] != ASN1_PRINTABLE_STR &&  
+            buf[*offset] != ASN1_TELETEX_STR &&  
+            buf[*offset] != ASN1_IA5_STR &&  
+            buf[*offset] != ASN1_UNICODE_STR)
         goto end_pnt_str;
 
-    (*offset)++;
-    len = get_asn1_length(buf, offset);
-    *str = (char *)malloc(len+1);                   /* allow for null */
-    memcpy(*str, &buf[*offset], len);
-    (*str)[len] = 0;                                /* null terminate */
-    *offset += len;
+        (*offset)++;
+        len = get_asn1_length(buf, offset);
+
+        if (buf[*offset - 1] == ASN1_UNICODE_STR)
+        {
+            int i;
+            *str = (char *)malloc(len/2+1);     /* allow for null */
+
+            for (i = 0; i < len; i += 2)
+                (*str)[i/2] = buf[*offset + i + 1];
+
+            (*str)[len/2] = 0;                  /* null terminate */
+        }
+        else
+        {
+            *str = (char *)malloc(len+1);       /* allow for null */
+            memcpy(*str, &buf[*offset], len);
+            (*str)[len] = 0;                    /* null terminate */
+        }
+
+        *offset += len;
+
 end_pnt_str:
     return len;
 }
@@ -424,7 +448,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
     while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
     {
         x509_free(ca_cert_ctx->cert[i]);
-        ca_cert_ctx->cert[i] = NULL;
+        ca_cert_ctx->cert[i++] = NULL;
     }
 
     free(ca_cert_ctx);
@@ -463,10 +487,18 @@ int asn1_signature_type(const uint8_t *cert,
 
     len = get_asn1_length(cert, offset);
 
-    if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
-        goto end_check_sig;     /* unrecognised cert type */
+    if (len == 5 && memcmp(sig_iis6_oid, &cert[*offset], 
+                                    SIG_IIS6_OID_SIZE) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA1;
+    }
+    else
+    {
+        if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
+            goto end_check_sig;     /* unrecognised cert type */
 
-    x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+        x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+    }
 
     *offset += len;
     asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index dc1f6e1455..97cb0f2d23 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -109,6 +109,7 @@ const char * x509_display_error(int error);
 #define ASN1_TELETEX_STR        0x14
 #define ASN1_IA5_STR            0x16
 #define ASN1_UTC_TIME           0x17
+#define ASN1_UNICODE_STR        0x1e
 #define ASN1_SEQUENCE           0x30
 #define ASN1_SET                0x31
 #define ASN1_IMPLICIT_TAG       0x80
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index a6dac7a4cb..94b74903ca 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -178,7 +178,7 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
 
     if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
     {
-        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 10, buf, offset)))
+        if ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))
             goto error;
     }
 
diff --git a/ssl/loader.c b/ssl/loader.c
index a6e4d94fb0..4232f7eec0 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -69,8 +69,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     }
 
     ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-    ssl_obj->len = get_file(filename, &ssl_obj->buf);
-
+    ssl_obj->len = get_file(filename, &ssl_obj->buf); 
     if (ssl_obj->len <= 0)
     {
         ret = SSL_ERROR_INVALID_KEY;
diff --git a/ssl/test/ms_iis.cer b/ssl/test/ms_iis.cer
new file mode 100755
index 0000000000..250b926d68
--- /dev/null
+++ b/ssl/test/ms_iis.cer
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5jCCAVOgAwIBAgIQWPe7KyA+U7lLUohulwW2HDAJBgUrDgMCHQUAMCExHzAd
+BgNVBAMTFmF4dGxzLmNlcm9jY2x1Yi5jb20uYXUwHhcNMDgwMzE3MTAyMTA2WhcN
+MDkwMzE3MTAyMTA2WjAhMR8wHQYDVQQDExZheHRscy5jZXJvY2NsdWIuY29tLmF1
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9JqHlQjrQMt3JW8yxcGhFagDa
+D4QiIY8+KItTt13fIBt5g1AG4VXniaylSqKKYNPwVzqSWl7WhxMmoFU73veF8o4M
+G0Zc5qbVB6ukrSV4WaTgHrIO6pWkyiaQ4L/eYfCo/2pByhl0IUKkf/TMN346/rFg
+JgrElx01l6QHNQrzVQIDAQABoycwJTATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNV
+HQ8EBwMFALAAAAAwCQYFKw4DAh0FAAOBgQAbH94H1fryngROJ//Oa0D3vvTO8CJ3
+8VW+3gQEwrPBOWmN6RV8OM0dE6pf8wD3s7PTCcM5+/HI1Qk53nUGrNiOmKM1s0JB
+bvsO9RT+UF8mtdbo/n30M0MHMWPCC76baW3R+ANBp/V/z4l1ytpUTt+MHvz0VlUs
+J4uJA3s3uh23Tg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index c4be8966d0..f441f40384 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -638,6 +638,16 @@ static int cert_tests(void)
 
     x509_free(x509_ctx);
     free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, 
+              SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
+    {
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
     res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 
diff --git a/ssl/x509.c b/ssl/x509.c
index ef42e68151..bd25da61ca 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -292,7 +292,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         }
 
         /* trusted cert not found */
-        if (i >= CONFIG_X509_MAX_CA_CERTS)
+        if (match_ca_cert == 0)
         {
             ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
             goto end_verify;
diff --git a/www/index.html b/www/index.html
index a43bd65983..1b9c8790f0 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7086,17 +7086,18 @@
 	<div id="contentStash"></div>
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="200712020715" created="200702240022" tags="">!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programmatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="YourName" modified="200804011304" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="YourName" modified="200711050226" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2007, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
+<div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="200712020712" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="200804011313" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="200712022356" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\n//chroot()// is optionally now used for added security. However this has the impact of removing the regular filesystem, so any CGI applications no longer have the usual access (to things like /bin, /lib etc). Any executables and libraries need to be copied into webroot.\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html]|http://127.0.0.1/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="200804011308" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html]|http://127.0.0.1/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From 0abda1ca6477307c1b22a8aa71d1364506e2b10e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 5 Nov 2008 12:01:50 +0000
Subject: [PATCH 127/301] changed x509 verification code

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@151 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/proc.c       |   7 ++-
 ssl/test/ssltest.c |  66 ++++++++++++++++++----
 ssl/tls1.c         |  19 +------
 ssl/tls1_svr.c     |   6 ++
 ssl/x509.c         | 136 ++++++++++++++++++++++-----------------------
 www/index.html     |   2 +-
 6 files changed, 137 insertions(+), 99 deletions(-)

diff --git a/httpd/proc.c b/httpd/proc.c
index 30a2ee21c6..3c897c98b0 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2008, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -137,6 +137,11 @@ static int procheadelem(struct connstruct *cn, char *buf)
     {
         cn->if_modified_since = tdate_parse(value);
     }
+    else if (strcmp(buf, "Expect:") == 0)
+    {
+        send_error(cn, 417); /* expectation failed */
+        return 0;
+    }
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
     else if (strcmp(buf, "Authorization:") == 0 &&
                                     strncmp(value, "Basic ", 6) == 0)
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index f441f40384..d525e1a686 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -770,7 +770,7 @@ static int SSL_server_test(
         const char *private_key,
         const char *ca_cert,
         const char *password,
-        int axolotls_option)
+        int axtls_option)
 {
     int server_fd, ret = 0;
     SSL_CTX *ssl_ctx = NULL;
@@ -791,10 +791,10 @@ static int SSL_server_test(
 
     if (private_key)
     {
-        axolotls_option |= SSL_NO_DEFAULT_KEY;
+        axtls_option |= SSL_NO_DEFAULT_KEY;
     }
 
-    if ((ssl_ctx = ssl_ctx_new(axolotls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
     {
         ret = SSL_ERROR_INVALID_KEY;
         goto error;
@@ -1012,7 +1012,7 @@ int SSL_server_tests(void)
     /* this test should fail */
     if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
     {
-        if ((ret = SSL_server_test("Bad Before Cert", 
+        if ((ret = SSL_server_test("Error: Bad Before Cert", 
                     "-cipher RC4-SHA -tls1 "
                     "-cert ../ssl/test/axTLS.x509_bad_before.pem "
                     "-key ../ssl/test/axTLS.key_512.pem ",
@@ -1028,7 +1028,7 @@ int SSL_server_tests(void)
     }
 
     /* this test should fail */
-    if ((ret = SSL_server_test("Bad After Cert", 
+    if ((ret = SSL_server_test("Error: Bad After Cert", 
                     "-cipher RC4-SHA -tls1 "
                     "-cert ../ssl/test/axTLS.x509_bad_after.pem "
                     "-key ../ssl/test/axTLS.key_512.pem ",
@@ -1041,6 +1041,53 @@ int SSL_server_tests(void)
     printf("SSL server test \"%s\" passed\n", "Bad After Cert");
     TTY_FLUSH();
 
+    /*
+     * No trusted cert
+     */
+    if ((ret = SSL_server_test("Error: No trusted certificate", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_512.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "No trusted certificate");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the server)
+     */
+    if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_512.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
+                    NULL, NULL, NULL, 
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", 
+                            "Self-signed certificate (from server)");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the client)
+     */
+    if ((ret = SSL_server_test("Self-signed certificate (from client)", 
+                    "-cipher RC4-SHA -tls1 "
+                    "-cert ../ssl/test/axTLS.x509_512.pem "
+                    "-key ../ssl/test/axTLS.key_512.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer",
+                    NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
     /* 
      * Key in PEM format
      */
@@ -1434,13 +1481,12 @@ int SSL_client_tests(void)
                     "-CAfile ../ssl/test/axTLS.ca_x509.pem "
                     "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
                     "../ssl/test/axTLS.key_1024", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")) 
-                        != SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
+                    "../ssl/test/axTLS.x509_1024.cer")))
         goto cleanup;
 
     /* Should get an "ERROR" from openssl (as the handshake fails as soon as
      * the certificate verification fails) */
-    if ((ret = SSL_client_test("Expired cert (verify now) should fail!",
+    if ((ret = SSL_client_test("Error: Expired cert (verify now)",
                     &ssl_ctx,
                     "-cert ../ssl/test/axTLS.x509_bad_after.pem "
                     "-key ../ssl/test/axTLS.key_512.pem", NULL,
@@ -1452,10 +1498,9 @@ int SSL_client_tests(void)
     }
 
     printf("SSL client test \"Expired cert (verify now)\" passed\n");
-    ret = 0;
 
     /* There is no "ERROR" from openssl */
-    if ((ret = SSL_client_test("Expired cert (verify later) should fail!", 
+    if ((ret = SSL_client_test("Error: Expired cert (verify later)", 
                     &ssl_ctx,
                     "-cert ../ssl/test/axTLS.x509_bad_after.pem "
                     "-key ../ssl/test/axTLS.key_512.pem", NULL,
@@ -1467,7 +1512,6 @@ int SSL_client_tests(void)
     }
 
     printf("SSL client test \"Expired cert (verify later)\" passed\n");
-
     ret = 0;
 
 cleanup:
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c98cd7a5f9..24710b9236 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -386,7 +386,6 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     int ret = SSL_ERROR_NO_CERT_DEFINED;
     int i = 0;
     int offset;
-    X509_CTX *cert = NULL;
     CA_CERT_CTX *ca_cert_ctx;
 
     if (ssl_ctx->ca_cert_ctx == NULL)
@@ -409,22 +408,6 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
         goto error;
 
-    /* make sure the cert is valid */
-    cert = ca_cert_ctx->cert[i];
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-
-    if ((ret = x509_verify(ca_cert_ctx, cert)) != X509_VFY_ERROR_SELF_SIGNED)
-    {
-        SSL_CTX_UNLOCK(ssl_ctx->mutex);
-        x509_free(cert);        /* get rid of it */
-        ca_cert_ctx->cert[i] = NULL;
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: %s\n", x509_display_error(ret)); TTY_FLUSH();
-#endif
-        goto error;
-    }
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
     len -= offset;
     ret = SSL_OK;           /* ok so far */
 
@@ -1751,6 +1734,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
             goto error;
         }
 
+        DISPLAY_CERT(ssl, *chain);
         chain = &((*chain)->next);
         offset += cert_size;
     }
@@ -1763,7 +1747,6 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
         ret = ssl_verify_cert(ssl);
     }
 
-    DISPLAY_CERT(ssl, *x509_ctx);
     ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
     ssl->dc->bm_proc_index += offset;
 error:
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 3a79c31c94..6f5dedddf3 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -378,6 +378,12 @@ static int process_client_key_xchg(SSL *ssl)
     int offset = 4;
     int ret = SSL_OK;
     
+    if (rsa_ctx == NULL)
+    {
+        ret = SSL_ERROR_NO_CERT_DEFINED;
+        goto error;
+    }
+
     DISPLAY_RSA(ssl, rsa_ctx);
 
     /* is there an extra size field? */
diff --git a/ssl/x509.c b/ssl/x509.c
index bd25da61ca..db8fda6c4c 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -251,11 +251,11 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
  * Do some basic checks on the certificate chain.
  *
  * Certificate verification consists of a number of checks:
- * - A root certificate exists in the certificate store.
  * - The date of the certificate is after the start date.
  * - The date of the certificate is before the finish date.
- * - The certificate chain is valid.
+ * - A root certificate exists in the certificate store.
  * - That the certificate(s) are not self-signed.
+ * - The certificate chain is valid.
  * - The signature of the certificate is valid.
  */
 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
@@ -263,44 +263,26 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     int ret = X509_OK, i = 0;
     bigint *cert_sig;
     X509_CTX *next_cert = NULL;
-    BI_CTX *ctx;
+    BI_CTX *ctx = NULL;
     bigint *mod = NULL, *expn = NULL;
-    struct timeval tv;
     int match_ca_cert = 0;
+    struct timeval tv;
     uint8_t is_self_signed = 0;
 
-    if (cert == NULL || ca_cert_ctx == NULL)
+    if (cert == NULL)
     {
         ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
         goto end_verify;
     }
 
-    /* last cert in the chain - look for a trusted cert */
-    if (cert->next == NULL && ca_cert_ctx)
-    {
-        while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-        {
-            if (asn1_compare_dn(cert->ca_cert_dn,
-                                        ca_cert_ctx->cert[i]->cert_dn) == 0)
-            {
-                match_ca_cert = 1;
-                next_cert = ca_cert_ctx->cert[i];
-                break;
-            }
-
-            i++;
-        }
-
-        /* trusted cert not found */
-        if (match_ca_cert == 0)
-        {
-            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-            goto end_verify;
-        }
-    }
-    else
+    /* a self-signed certificate that is not in the CA store - use this 
+       to check the signature */
+    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
     {
-        next_cert = cert->next;
+        is_self_signed = 1;
+        ctx = cert->rsa_ctx->bi_ctx;
+        mod = cert->rsa_ctx->m;
+        expn = cert->rsa_ctx->e;
     }
 
     gettimeofday(&tv, NULL);
@@ -319,61 +301,76 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         goto end_verify;
     }
 
-    ctx = cert->rsa_ctx->bi_ctx;
+    next_cert = cert->next;
 
-    /* check for self-signing */
-    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    /* last cert in the chain - look for a trusted cert */
+    if (next_cert == NULL)
     {
-        is_self_signed = 1;
-        mod = cert->rsa_ctx->m;
-        expn = cert->rsa_ctx->e;
+       if (ca_cert_ctx != NULL) 
+       {
+            /* go thu the CA store */
+           while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            {
+                if (asn1_compare_dn(cert->ca_cert_dn,
+                                            ca_cert_ctx->cert[i]->cert_dn) == 0)
+                {
+                    /* use this CA certificate for signature verification */
+                    match_ca_cert = 1;
+                    ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
+                    mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
+                    expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
+                    break;
+                }
+
+                i++;
+            }
+        }
+
+       /* couldn't find a trusted cert (& let self-signed errors be returned) */
+        if (!match_ca_cert && !is_self_signed)
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
+    {
+        /* check the chain */
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
     }
-    else if (next_cert != NULL)
+    else /* use the next certificate in the chain for signature verify */
     {
+        ctx = next_cert->rsa_ctx->bi_ctx;
         mod = next_cert->rsa_ctx->m;
         expn = next_cert->rsa_ctx->e;
+    }
 
-        /* check the chain integrity */
-        if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
-        {
-            ret = X509_VFY_ERROR_INVALID_CHAIN;
-            goto end_verify;
-        }
+    /* cert is self signed */
+    if (!match_ca_cert && is_self_signed)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
     }
 
     /* check the signature */
-    if (mod != NULL)
-    {
-        cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
-                bi_clone(ctx, mod), bi_clone(ctx, expn));
+    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
+                        bi_clone(ctx, mod), bi_clone(ctx, expn));
 
-        if (cert_sig && cert->digest)
-        {
-            if (bi_compare(cert_sig, cert->digest))
-            {
-                ret = X509_VFY_ERROR_BAD_SIGNATURE;
-            }
+    if (cert_sig && cert->digest)
+    {
+        if (bi_compare(cert_sig, cert->digest) != 0)
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
 
-            bi_free(ctx, cert_sig);
 
-            if (ret)
-                goto end_verify;
-        }
-        else
-        {
-            ret = X509_VFY_ERROR_BAD_SIGNATURE;
-            goto end_verify;
-        }
+        bi_free(ctx, cert_sig);
     }
 
-    if (is_self_signed)
-    {
-        ret = X509_VFY_ERROR_SELF_SIGNED;
+    if (ret)
         goto end_verify;
-    }
 
     /* go down the certificate chain using recursion. */
-    if (ret == 0 && cert->next)
+    if (next_cert != NULL)
     {
         ret = x509_verify(ca_cert_ctx, next_cert);
     }
@@ -441,7 +438,7 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
 
     if (ca_cert_ctx)
     {
-        printf("Verify:\t\t\t%s\n",
+        printf("Verify:\t\t\t\t%s\n",
                 x509_display_error(x509_verify(ca_cert_ctx, cert)));
     }
 
@@ -463,6 +460,9 @@ const char * x509_display_error(int error)
 {
     switch (error)
     {
+        case X509_OK:
+            return "Certificate verify successful";
+
         case X509_NOT_OK:
             return "X509 not ok";
 
diff --git a/www/index.html b/www/index.html
index 1b9c8790f0..aef66de8fa 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200804011304" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200811051153" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 85e157927a327ac041d4d63b01fc97b944c6ffba Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 3 Dec 2008 09:36:59 +0000
Subject: [PATCH 128/301] double check on a bad signature

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@152 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c     | 2 +-
 ssl/x509.c     | 4 ++++
 www/index.html | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 24710b9236..9f6508c74c 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1734,7 +1734,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
             goto error;
         }
 
-        DISPLAY_CERT(ssl, *chain);
+        /* DISPLAY_CERT(ssl, *chain); */
         chain = &((*chain)->next);
         offset += cert_size;
     }
diff --git a/ssl/x509.c b/ssl/x509.c
index db8fda6c4c..37db7f4e81 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -365,6 +365,10 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
 
         bi_free(ctx, cert_sig);
     }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+    }
 
     if (ret)
         goto end_verify;
diff --git a/www/index.html b/www/index.html
index aef66de8fa..b267ec40b3 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200811051153" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200811051200" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 86f2e470e09c88590c4c56a72bb2f914a1e623f3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 29 Jan 2009 10:38:57 +0000
Subject: [PATCH 129/301] fixed issue with certificate verification on firefox.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@153 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf | 1 +
 httpd/Makefile       | 2 +-
 samples/c/Makefile   | 2 +-
 ssl/tls1_svr.c       | 8 +++-----
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/config/makefile.conf b/config/makefile.conf
index cc06e97f53..9f9db13301 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -81,6 +81,7 @@ else    # Not Win32
 
 CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
 LD=$(CC)
+STRIP=strip
 
 # Solaris
 ifdef CONFIG_PLATFORM_SOLARIS
diff --git a/httpd/Makefile b/httpd/Makefile
index b37c9819b6..b8c18d2445 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -97,7 +97,7 @@ ifndef CONFIG_PLATFORM_WIN32
 $(TARGET): $(OBJ) $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
 ifdef CONFIG_STRIP_UNWANTED_SECTIONS
-	strip --remove-section=.comment $(TARGET)
+	$(STRIP) --remove-section=.comment $(TARGET)
 endif
 
 $(TARGET2): htpasswd.o $(AXTLS_HOME)/$(STAGE)/libaxtls.a
diff --git a/samples/c/Makefile b/samples/c/Makefile
index f0a9d0ec03..17cf9e7c12 100644
--- a/samples/c/Makefile
+++ b/samples/c/Makefile
@@ -61,7 +61,7 @@ ifndef CONFIG_PLATFORM_WIN32
 $(TARGET): $(OBJ) $(LIBS)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ $(OBJ) -L$(LIBS) -laxtls 
 ifdef CONFIG_STRIP_UNWANTED_SECTIONS
-	strip --remove-section=.comment $(TARGET)
+	$(STRIP) --remove-section=.comment $(TARGET)
 endif   # use strip
 else    # Win32
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 6f5dedddf3..45b9bec6a6 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -370,7 +370,7 @@ static int send_server_hello_done(SSL *ssl)
  */
 static int process_client_key_xchg(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_data;
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     int premaster_size, secret_length = (buf[2] << 8) + buf[3];
     uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
@@ -384,8 +384,6 @@ static int process_client_key_xchg(SSL *ssl)
         goto error;
     }
 
-    DISPLAY_RSA(ssl, rsa_ctx);
-
     /* is there an extra size field? */
     if ((secret_length - 2) == rsa_ctx->num_octets)
         offset += 2;
@@ -419,6 +417,7 @@ static int process_client_key_xchg(SSL *ssl)
     ssl->next_state = HS_FINISHED; 
 #endif
 error:
+    ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
     return ret;
 }
 
@@ -440,7 +439,7 @@ static int send_certificate_request(SSL *ssl)
  */
 static int process_cert_verify(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_data;
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
     uint8_t dgst[MD5_SIZE+SHA1_SIZE];
@@ -449,7 +448,6 @@ static int process_cert_verify(SSL *ssl)
     int n;
 
     PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
-
     DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
 
     /* rsa_ctx->bi_ctx is not thread-safe */

From 1b9a2cad7bea790789b8384a65668efc5972d5df Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Jan 2009 12:35:07 +0000
Subject: [PATCH 130/301] Extended the openssl compatibility layer a bit.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@154 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/openssl.c  | 111 ++++++++++++++++++++++++++++++++++++++++++++++---
 ssl/tls1.c     |  16 +++----
 ssl/tls1.h     |  12 +++---
 www/index.html |   2 +-
 4 files changed, 120 insertions(+), 21 deletions(-)

diff --git a/ssl/openssl.c b/ssl/openssl.c
index 712e133820..b6b955008b 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -46,6 +46,8 @@
 
 #define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
 
+static char *key_password = NULL;
+
 void *SSLv23_server_method(void) { return NULL; }
 void *SSLv3_server_method(void) { return NULL; }
 void *TLSv1_server_method(void) { return NULL; }
@@ -155,7 +157,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
 
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
 {
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, NULL) == SSL_OK);
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
 }
 
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
@@ -164,13 +166,109 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
                         SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
 }
 
-#if 0
-const uint8_t *SSL_get_session(const SSL *ssl)
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                            unsigned int sid_ctx_len)
 {
-    /* TODO: return SSL_SESSION type */
-    return ssl_get_session_id(ssl);
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
+{
+    return (ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_shutdown(SSL *ssl)
+{
+    return 1;
+}
+
+/*** get/set session ***/
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+{
+    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
+}
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session)
+{
+    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
+    return 1;
+}
+
+void SSL_SESSION_free(SSL_SESSION *session) { }
+/*** end get/set session ***/
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return 0;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                                 int (*verify_callback)(int, void *)) { }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                           const char *CApath)
+{
+    return 1;
 }
-#endif
+
+void *SSL_load_client_CA_file(const char *file)
+{
+    return (void *)file;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
+{ 
+
+    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
+}
+
+void SSLv23_method(void) { }
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
+{ 
+    key_password = (char *)u;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num)
+{
+    memcpy(buf, ssl->bm_data, num);
+    return num;
+}
+
+void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl_handshake_status(ssl);
+}
+
+int SSL_state(SSL *ssl)
+{
+    return 0x03; // ok state
+}
+
+/** end of could do better list */
+
+void *SSL_get_peer_certificate(const SSL *ssl)
+{
+    return &ssl->ssl_ctx->certs[0];
+}
+
+int SSL_clear(SSL *ssl)
+{
+    return 1;
+}
+
 
 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
@@ -192,6 +290,7 @@ void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
 int SSL_library_init(void ) { return 1; }
 void SSL_load_error_strings(void ) {}
 void ERR_print_errors_fp(FILE *fp) {}
+
 #ifndef CONFIG_SSL_SKELETON_MODE
 long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
                             return CONFIG_SSL_EXPIRY_TIME*3600; }
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 9f6508c74c..658c2c15d4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -60,7 +60,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol);
 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
 { SSL_RC4_128_SHA };
 #else
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index);
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
 
 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
 #ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
@@ -181,8 +181,8 @@ EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 #ifndef CONFIG_SSL_SKELETON_MODE
     if (num_sessions)
     {
-        ssl_ctx->ssl_sessions = (SSL_SESS **)
-                        calloc(1, num_sessions*sizeof(SSL_SESS *));
+        ssl_ctx->ssl_sessions = (SSL_SESSION **)
+                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
     }
 #endif
 
@@ -1518,12 +1518,12 @@ void disposable_free(SSL *ssl)
  * Find if an existing session has the same session id. If so, use the
  * master secret from this session for session resumption.
  */
-SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[], 
+SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
         SSL *ssl, const uint8_t *session_id)
 {
     time_t tm = time(NULL);
     time_t oldest_sess_time = tm;
-    SSL_SESS *oldest_sess = NULL;
+    SSL_SESSION *oldest_sess = NULL;
     int i;
 
     /* no sessions? Then bail */
@@ -1566,7 +1566,7 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
         if (ssl_sessions[i] == NULL)
         {
             /* perfect, this will do */
-            ssl_sessions[i] = (SSL_SESS *)calloc(1, sizeof(SSL_SESS));
+            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
             ssl_sessions[i]->conn_time = tm;
             ssl->session_index = i;
             SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
@@ -1592,7 +1592,7 @@ SSL_SESS *ssl_session_update(int max_sessions, SSL_SESS *ssl_sessions[],
 /**
  * Free an existing session.
  */
-static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
 {
     if (ssl_sessions[sess_index])
     {
@@ -1604,7 +1604,7 @@ static void session_free(SSL_SESS *ssl_sessions[], int sess_index)
 /**
  * This ssl object doesn't want this session anymore.
  */
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl)
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
 {
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 05258ed0de..b64b4fda62 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -132,7 +132,7 @@ typedef struct
     time_t conn_time;
     uint8_t session_id[SSL_SESSION_ID_SIZE];
     uint8_t master_secret[SSL_SECRET_SIZE];
-} SSL_SESS;
+} SSL_SESSION;
 
 typedef struct
 {
@@ -176,7 +176,7 @@ struct _SSL
     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t session_index;
-    SSL_SESS *session;
+    SSL_SESSION *session;
 #endif
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     X509_CTX *x509_ctx;
@@ -205,7 +205,7 @@ struct _SSL_CTX
     SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
 #ifndef CONFIG_SSL_SKELETON_MODE
     uint16_t num_sessions;
-    SSL_SESS **ssl_sessions;
+    SSL_SESSION **ssl_sessions;
 #endif
 #ifdef CONFIG_SSL_CTX_MUTEXING
     SSL_CTX_MUTEX_TYPE mutex;
@@ -277,10 +277,10 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros
 int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
 #endif
 
-SSL_SESS *ssl_session_update(int max_sessions, 
-        SSL_SESS *ssl_sessions[], SSL *ssl,
+SSL_SESSION *ssl_session_update(int max_sessions, 
+        SSL_SESSION *ssl_sessions[], SSL *ssl,
         const uint8_t *session_id);
-void kill_ssl_session(SSL_SESS **ssl_sessions, SSL *ssl);
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
 
 #ifdef __cplusplus
 }
diff --git a/www/index.html b/www/index.html
index b267ec40b3..9725ed54a0 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200811051200" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200901291038" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n\n!!__axhttpd__\n* strip now works a little better.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 38e6b1e2fc9cc8f57695b736dc0b0acbdffea0fb Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Jan 2009 13:01:48 +0000
Subject: [PATCH 131/301] git-svn-id:
 svn://svn.code.sf.net/p/axtls/code/trunk@155
 9a5d90b5-6617-0410-8a86-bb477d3ed2e3

---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index 9725ed54a0..25cd2e69b1 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200901291038" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n\n!!__axhttpd__\n* strip now works a little better.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200901301233" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 68a71ccc40a337b4782f19d858631164af29690b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 27 Feb 2009 11:19:34 +0000
Subject: [PATCH 132/301] cgi file uploads now work above 1kB in size

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@157 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/axhttp.h |  5 ++++-
 httpd/proc.c   | 54 +++++++++++++++++++++++++-------------------------
 2 files changed, 31 insertions(+), 28 deletions(-)

diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 73c299fb14..c87b9c442b 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -36,8 +36,10 @@
 #define HAVE_IPV6
 #endif
 
-#define MAXPOSTDATASIZE                     30000
+#define MAXPOSTDATASIZE                     30000 /* adjust for file upload
+                                                     size*/
 #define MAXREQUESTLENGTH                    256
+#define MAXREADLENGTH                       8800  /* FF3=4096, IE7=8760 */
 #define BLOCKSIZE                           4096
 
 #define INITIAL_CONNECTION_SLOTS            10
@@ -87,6 +89,7 @@ struct connstruct
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     uint8_t is_cgi;
+    char cgicontenttype[MAXREQUESTLENGTH];
 #ifdef CONFIG_HTTP_ENABLE_LUA
     uint8_t is_lua;
 #endif
diff --git a/httpd/proc.c b/httpd/proc.c
index 3c897c98b0..78fc7ae285 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -159,6 +159,10 @@ static int procheadelem(struct connstruct *cn, char *buf)
     {
         sscanf(value, "%d", &cn->content_length);
     }
+    else if (strcmp(buf, "Content-Type:") == 0)
+    {
+        my_strncpy(cn->cgicontenttype, value, MAXREQUESTLENGTH);
+    }
     else if (strcmp(buf, "Cookie:") == 0)
     {
         my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
@@ -301,10 +305,10 @@ static void urlencode(const uint8_t *s, char *t)
 
 void procreadhead(struct connstruct *cn) 
 {
-    char buf[MAXREQUESTLENGTH*4], *tp, *next;
+    char buf[MAXREADLENGTH], *tp, *next;
     int rv;
 
-    memset(buf, 0, MAXREQUESTLENGTH*4);
+    memset(buf, 0, sizeof(buf));
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
@@ -329,7 +333,7 @@ void procreadhead(struct connstruct *cn)
 #if defined(CONFIG_HTTP_HAS_CGI)
             if (cn->reqtype == TYPE_POST && cn->content_length > 0)
             {
-                if (init_read_post_data(buf,next,cn,rv) == 0)
+                if (init_read_post_data(buf, next, cn, rv) == 0)
                     return;
             }
 #endif
@@ -390,7 +394,6 @@ void procsendhead(struct connstruct *cn)
     file_exists = stat(cn->actualfile, &stbuf);
 
 #if defined(CONFIG_HTTP_HAS_CGI)
-
     if (file_exists != -1 && cn->is_cgi)
     {
         if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
@@ -669,13 +672,15 @@ static void proccgi(struct connstruct *cn)
             type = "GET";
             break;
 
+#if defined(CONFIG_HTTP_HAS_CGI)
         case TYPE_POST:
             type = "POST";
             sprintf(cgienv[cgi_index++], 
                         "CONTENT_LENGTH=%d", cn->content_length);
-            strcpy(cgienv[cgi_index++],     /* hard-code? */
-                        "CONTENT_TYPE=application/x-www-form-urlencoded");
+            snprintf(cgienv[cgi_index++], MAXREQUESTLENGTH,
+                        "CONTENT_TYPE=%s", cn->cgicontenttype);
             break;
+#endif
     }
 
     sprintf(cgienv[cgi_index++], "REQUEST_METHOD=%s", type);
@@ -746,7 +751,9 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
 {
     char *cgi_delim;
 
+#if defined(CONFIG_HTTP_HAS_CGI)
     cn->is_cgi = 0;
+#endif
 #ifdef CONFIG_HTTP_ENABLE_LUA
     cn->is_lua = 0;
 #endif
@@ -763,6 +770,7 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
         my_strncpy(cn->uri_query, cgi_delim+1, MAXREQUESTLENGTH);
     }
 
+#if defined(CONFIG_HTTP_HAS_CGI)
     if ((cgi_delim = cgi_filetype_match(cn, path_info)) != NULL)
     {
         cn->is_cgi = 1;     /* definitely a CGI script */
@@ -774,6 +782,7 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
             *cgi_delim = '\0';
         }
     }
+#endif
 
     /* the bit at the start must be the script name */
     my_strncpy(cn->filereq, path_info, MAXREQUESTLENGTH);
@@ -787,7 +796,7 @@ static int init_read_post_data(char *buf, char *data,
    char *post_data;
 
     /* Too much Post data to send. MAXPOSTDATASIZE should be 
-       configured (now it can be chaged in the header file) */
+       configured (now it can be changed in the header file) */
    if (cn->content_length > MAXPOSTDATASIZE) 
    {
        send_error(cn, 418);
@@ -800,17 +809,9 @@ static int init_read_post_data(char *buf, char *data,
    
    if (cn->post_data == NULL)
    {
-       cn->post_data = (char *) calloc(1, (cn->content_length + 1)); 
        /* Allocate buffer for the POST data that will be used by proccgi 
           to send POST data to the CGI script */
-
-       if (cn->post_data == NULL)
-       {
-           printf("axhttpd: could not allocate memory for POST data\n"); 
-           TTY_FLUSH();
-           send_error(cn, 599);
-           return 0;
-       }
+       cn->post_data = (char *)ax_calloc(1, (cn->content_length + 1)); 
    }
 
    cn->post_state = 0;
@@ -819,10 +820,8 @@ static int init_read_post_data(char *buf, char *data,
 
    while (next < &buf[rv])
    { 
-       /*copy POST data to buffer*/
-       *post_data = *next;
-       post_data++;
-       next++;
+       /* copy POST data to buffer */
+       *post_data++ = *next++;
        cn->post_read++;
        if (cn->post_read == cn->content_length)
        { 
@@ -839,11 +838,11 @@ static int init_read_post_data(char *buf, char *data,
 
 void read_post_data(struct connstruct *cn)
 {
-    char buf[MAXREQUESTLENGTH*4], *next;
+    char buf[MAXREADLENGTH], *next;
     char *post_data;
     int rv;
 
-    bzero(buf,MAXREQUESTLENGTH*4);
+    memset(buf, 0, sizeof(buf));
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
@@ -854,15 +853,13 @@ void read_post_data(struct connstruct *cn)
 
     buf[rv] = '\0';
     next = buf;
-
     post_data = &cn->post_data[cn->post_read];
 
     while (next < &buf[rv])
     {
-        *post_data = *next;
-        post_data++;
-        next++;
+        *post_data++ = *next++;
         cn->post_read++;
+
         if (cn->post_read == cn->content_length)
         {  
             /* No more POST data to be copied */
@@ -1174,7 +1171,7 @@ static void send_error(struct connstruct *cn, int err)
             break;
 
         case 418:
-            title = "POST data size is to large";
+            title = "POST data size is too large";
             text = title;
             break;
 
@@ -1191,6 +1188,9 @@ static void send_error(struct connstruct *cn, int err)
             "<html>\n<head>\n<title>%d %s</title></head>\n"
             "<body><h1>%d %s</h1>\n</body></html>\n", 
             err, title, err, title, err, text);
+#ifdef CONFIG_HTTP_VERBOSE
+    printf("axhttpd: http error: %s [%d]\n", title, err); TTY_FLUSH();
+#endif
     special_write(cn, buf, strlen(buf));
     removeconnection(cn);
 }

From 95e8c7998fa8629d50df6e2a7d0e6d32fe0a6974 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 27 Mar 2009 11:25:10 +0000
Subject: [PATCH 133/301] date comment changes + post stuff

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@158 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/axhttpd.c     |  2 +-
 httpd/htpasswd.c    |  2 +-
 httpd/proc.c        | 21 ++++++++++-----------
 httpd/tdate_parse.c |  2 +-
 4 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 35d36f64c1..fb7ad3d84c 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) Cameron Rich
  * 
  * All rights reserved.
  * 
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index 1a7a2311f8..d1fbe32bfe 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) Cameron Rich
  * 
  * All rights reserved.
  * 
diff --git a/httpd/proc.c b/httpd/proc.c
index 78fc7ae285..c90fa97909 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2008, Cameron Rich
+ * Copyright (c) Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -571,8 +571,8 @@ static void proccgi(struct connstruct *cn)
     }
 
 #ifdef CONFIG_HTTP_VERBOSE
-        printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
-        TTY_FLUSH();
+    printf("[CGI]: %s:/%s\n", cn->is_ssl ? "https" : "http", cn->filereq);
+    TTY_FLUSH();
 #endif
 
     /* win32 cgi is a bit too painful */
@@ -1181,17 +1181,16 @@ static void send_error(struct connstruct *cn, int err)
             break;
     }
 
-    snprintf(buf, MAXREQUESTLENGTH, "HTTP/1.1 %d %s\n"
-            "Content-Type: text/html\n"
-            "Cache-Control: no-cache,no-store\n"
-            "Connection: close\n\n"
-            "<html>\n<head>\n<title>%d %s</title></head>\n"
-            "<body><h1>%d %s</h1>\n</body></html>\n", 
-            err, title, err, title, err, text);
+    snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\n"
+            "Content-Type: text/html\n\n"
+            "<html><body>\n<title>%s</title>\n"
+            "<h1>Error %d - %s</h1>\n</body></html>\n", 
+            title, err, text);
+    special_write(cn, buf, strlen(buf));
+
 #ifdef CONFIG_HTTP_VERBOSE
     printf("axhttpd: http error: %s [%d]\n", title, err); TTY_FLUSH();
 #endif
-    special_write(cn, buf, strlen(buf));
     removeconnection(cn);
 }
 
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
index 813bdc578b..9124323846 100644
--- a/httpd/tdate_parse.c
+++ b/httpd/tdate_parse.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) Cameron Rich
  * 
  * All rights reserved.
  * 

From 2cedd593849a344c403e59fb25f5ef88e2845731 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 23 Sep 2009 12:38:23 +0000
Subject: [PATCH 134/301] Added SAN ("Subject Alternative Name" support

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@159 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c        | 54 +++++++++++++++++++++++++++++++++++++++++++-
 ssl/crypto_misc.h | 10 ++++++++-
 ssl/ssl.h         | 17 ++++++++++++++
 ssl/tls1.c        | 34 ++++++++++++++++++++++++----
 ssl/x509.c        | 57 ++++++++++++++++++++++++++++++++++++++++++++++-
 www/index.html    |  2 +-
 6 files changed, 166 insertions(+), 8 deletions(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index 4f2e6db240..ee474f4c1e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -42,6 +42,7 @@
 
 #define SIG_OID_PREFIX_SIZE 8
 #define SIG_IIS6_OID_SIZE   5
+#define SIG_SUBJECT_ALT_NAME_SIZE 3
 
 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
 static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
@@ -54,6 +55,11 @@ static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] =
     0x2b, 0x0e, 0x03, 0x02, 0x1d
 };
 
+static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
+{
+    0x55, 0x1d, 0x11
+};
+
 /* CN, O, OU */
 static const uint8_t g_dn_types[] = { 3, 10, 11 };
 
@@ -284,6 +290,7 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
 
     /* some certs have this awful crud in them for some reason */
     if (buf[*offset] != ASN1_PRINTABLE_STR &&  
+            buf[*offset] != ASN1_PRINTABLE_STR2 &&  
             buf[*offset] != ASN1_TELETEX_STR &&  
             buf[*offset] != ASN1_IA5_STR &&  
             buf[*offset] != ASN1_UNICODE_STR)
@@ -471,7 +478,52 @@ int asn1_compare_dn(char * const dn1[], char * const dn2[])
     return 0;       /* all good */
 }
 
-#endif
+int asn1_find_oid(const uint8_t* cert, int* offset, 
+                    const uint8_t* oid, int oid_length)
+{
+    int seqlen;
+    if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
+    {
+        int end = *offset + seqlen;
+
+        while (*offset < end)
+        {
+            int type = cert[(*offset)++];
+            int length = get_asn1_length(cert, offset);
+            int noffset = *offset + length;
+
+            if (type == ASN1_SEQUENCE)
+            {
+                type = cert[(*offset)++];
+                length = get_asn1_length(cert, offset);
+
+                if (type == ASN1_OID && length == oid_length && 
+                              memcmp(cert + *offset, oid, oid_length) == 0)
+                {
+                    *offset += oid_length;
+                    return 1;
+                }
+            }
+
+            *offset = noffset;
+        }
+    }
+
+    return 0;
+}
+
+int asn1_find_subjectaltname(const uint8_t* cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
+                                SIG_SUBJECT_ALT_NAME_SIZE))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /**
  * Read the signature type of the certificate. We only support RSA-MD5 and
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 97cb0f2d23..1fd514eeb1 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -68,6 +68,7 @@ struct _x509_ctx
 {
     char *ca_cert_dn[X509_NUM_DN_TYPES];
     char *cert_dn[X509_NUM_DN_TYPES];
+    char **subject_alt_dnsnames;
     time_t not_before;
     time_t not_after;
     uint8_t *signature;
@@ -104,16 +105,22 @@ const char * x509_display_error(int error);
 #define ASN1_BIT_STRING         0x03
 #define ASN1_OCTET_STRING       0x04
 #define ASN1_NULL               0x05
+#define ASN1_PRINTABLE_STR2     0x0C
 #define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR2     0x0C
 #define ASN1_PRINTABLE_STR      0x13
 #define ASN1_TELETEX_STR        0x14
 #define ASN1_IA5_STR            0x16
 #define ASN1_UTC_TIME           0x17
 #define ASN1_UNICODE_STR        0x1e
 #define ASN1_SEQUENCE           0x30
+#define ASN1_CONTEXT_DNSNAME	0x82
 #define ASN1_SET                0x31
+#define ASN1_V3_DATA			0xa3
 #define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_CONTEXT_DNSNAME	0x82
 #define ASN1_EXPLICIT_TAG       0xa0
+#define ASN1_V3_DATA			0xa3
 
 #define SIG_TYPE_MD2            0x02
 #define SIG_TYPE_MD5            0x04
@@ -130,8 +137,9 @@ int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_find_subjectaltname(const uint8_t* cert, int offset);
 int asn1_compare_dn(char * const dn1[], char * const dn2[]);
-#endif
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
 int asn1_signature_type(const uint8_t *cert, 
                                 int *offset, X509_CTX *x509_ctx);
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 539d0a3058..9fc8d0e0f9 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -384,6 +384,23 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
  */
 EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
 
+
+/**
+ * @brief Retrieve a Subject Alternative DNSName
+ *
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param index [in] The index of the DNS name to retrieve.
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
+
 /**
  * @brief Force the client to perform its handshake again.
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 658c2c15d4..9a469d7fe4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -419,6 +419,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     return ret;
 }
 
+
 /*
  * Retrieve an X.509 distinguished name component
  */
@@ -452,7 +453,27 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
     }
 }
 
-#endif
+/*
+ * Retrieve a "Subject Alternative Name" from a v3 certificate
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
+        int dnsindex)
+{
+    int i;
+
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
+        return NULL;
+
+    for (i = 0; i < dnsindex; ++i)
+    {
+        if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
+            return NULL;
+    }
+
+    return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /*
  * Find an ssl object based on the client's file descriptor.
@@ -879,7 +900,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
 
                 return (void *)aes_ctx;
             }
-            break;
 
         case SSL_RC4_128_MD5:
 #endif
@@ -889,7 +909,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
                 RC4_setup(rc4_ctx, key, 16);
                 return (void *)rc4_ctx;
             }
-            break;
     }
 
     return NULL;    /* its all gone wrong */
@@ -1505,7 +1524,7 @@ void disposable_free(SSL *ssl)
 {
     if (ssl->dc)
     {
-	    free(ssl->dc->key_block);
+        free(ssl->dc->key_block);
         memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
         free(ssl->dc);
         ssl->dc = NULL;
@@ -2045,12 +2064,19 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
     return -1;
 }
 
+
 EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
 {
     printf(unsupported_str);
     return NULL;
 }
 
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+
 #endif  /* CONFIG_SSL_CERT_VERIFICATION */
 
 #endif /* CONFIG_BINDINGS */
diff --git a/ssl/x509.c b/ssl/x509.c
index 37db7f4e81..d2e8ccbb4a 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -147,7 +147,53 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
     }
 
-    offset = end_tbs;   /* skip the v3 data */
+    if (cert[offset] == ASN1_V3_DATA)
+    {
+        int suboffset;
+
+        ++offset;
+        get_asn1_length(cert, &offset);
+
+        if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
+        {
+            if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
+            {
+                int altlen;
+
+                if ((altlen = asn1_next_obj(cert, 
+                                            &suboffset, ASN1_SEQUENCE)) > 0)
+                {
+                    int endalt = suboffset + altlen;
+                    int totalnames = 0;
+
+                    while (suboffset < endalt)
+                    {
+                        int type = cert[suboffset++];
+                        int dnslen = get_asn1_length(cert, &suboffset);
+
+                        if (type == ASN1_CONTEXT_DNSNAME)
+                        {
+                            x509_ctx->subject_alt_dnsnames = (char**)
+                                    realloc(x509_ctx->subject_alt_dnsnames, 
+                                       (totalnames + 2) * sizeof(char*));
+                            x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                    (char*)malloc(dnslen + 1);
+                            x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                            memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                    cert + suboffset, dnslen);
+                            x509_ctx->subject_alt_dnsnames[
+                                    totalnames][dnslen] = 0;
+                            ++totalnames;
+                        }
+
+                        suboffset += dnslen;
+                    }
+                }
+            }
+        }
+    }
+
+    offset = end_tbs;   /* skip the rest of v3 data */
     if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
             asn1_signature(cert, &offset, x509_ctx))
         goto end_cert;
@@ -188,6 +234,7 @@ void x509_free(X509_CTX *x509_ctx)
         free(x509_ctx->cert_dn[i]);
     }
 
+
     free(x509_ctx->signature);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION 
@@ -195,6 +242,14 @@ void x509_free(X509_CTX *x509_ctx)
     {
         bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
     }
+
+    if (x509_ctx->subject_alt_dnsnames)
+    {
+        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
+            free(x509_ctx->subject_alt_dnsnames[i]);
+
+        free(x509_ctx->subject_alt_dnsnames);
+    }
 #endif
 
     RSA_free(x509_ctx->rsa_ctx);
diff --git a/www/index.html b/www/index.html
index 25cd2e69b1..6170143e33 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200901301233" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200903271145" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 629b523044dbfda5a558b324be0199e0bd4498f0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 24 Sep 2009 12:27:08 +0000
Subject: [PATCH 135/301] added the qualityssl.com.der certificate in the test
 harness

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@160 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/qualityssl.com.der | Bin 0 -> 1385 bytes
 ssl/test/ssltest.c          |  18 ++++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 ssl/test/qualityssl.com.der

diff --git a/ssl/test/qualityssl.com.der b/ssl/test/qualityssl.com.der
new file mode 100644
index 0000000000000000000000000000000000000000..c73b246440aed171f9e8baa9f1963c6981945fb3
GIT binary patch
literal 1385
zcmXqLVofz@V)0$T%*4pVB*2;)`+UuO=IctEE2C}NI+_i5**LY@JlekVGBUEVG8i;Y
zH{>?pWMd9xVH0Kw4Tf<zfSeFRaRX7147)I2aAHo0f=^<0s)BQ7Nu{Bjfec83OIS1{
zBUK?Z*fl65C^R@k!7sI>JijR0P|-jhB+o4@kx^1oV5P5LUS6(OTAW%`QdC-8qL-YX
zYbb9Z3sS-?EEXE#rwcN|EwiY&MAsv+D5X5HDAhntoY%k-2#pNDAWEFq&;-OaGB&j|
zwTv=oya#hE(B&@PhP(#cAOi)3S&Yn#ObxjVI6zzuVMbj;5d$F*n_ZYYEHNi1HLo}+
zF*Vyz%0L1n$|)@9mztB4nVnjen3|WKTB2ZRWGHMP2$JIx=5op`am`E5%u6kX333Z_
z1(qh}0K*|T*azkhZeg*2qWrSVl++Z3q)G)OT`~qzAfvd2g%P?G!ZUMHl7T)olr#_r
z$uf%wXz3L~Of4?X0fmr3<9y`EVq|4tZtMj{SSM3sBg5`nnJKJ07Hqy6pyHLVUvwd3
z@~>YS$_!^sg3J_F?3&asrlD&(tI7XYeTYKsT^^MMlKQI7tC^qLoj7vl|N4rgqv4&7
z!E9wY3_1?GSxhJVyl~7*o=NEU=T)maZ!phzb2CM^&rssSS)ZE2I~F8IsfOBj$6r?{
zF*#=%c9tcs<j&`8CT2zk#>GvH&kULvAAuuVR+&Y@K&(MzVNtxAw8jkQsj=+lS6ipe
z^}cl26&%&Fd@N!tBCo_AG)l+3O3gaJFj@ale%`%lX>SbpfI%S3&&c?ng@u`kb%6m7
zh%XG{GZ`>IG^?_R8HliPXtM!REju$KoW*3|22!lRVsBt;V9mw@RKUWx$&itWk(tFn
z+dvbhkcm-D7L*o?fr+s=HMz7X6%@w#DfxPNsU`Z(0l@~<AamqdN(_n&EEbq8FljS_
zrrqQsaC`vOCMSY4>0?i@dO&psKz$30+6*vsf^EU0uMp-=Mn;xYgJhsjpk6g#YSV|C
z2F^Js?r=;=2?1rP;MAhB)FNj`pd(5QRN$H!+h7?mKe@O7>SKs6475T16=YE{P-?<R
zdrf?3X%V&5U~Xb$WH4S>$1?wo@z>i|9+~!DQVdb$zhdFPbbjeVz2aw9=Am=6Z-;U6
z|F>9q<<mixXP=Z0^{(8u{??va){}=fZk>}bL2pT$;l&p_UnL$%W88hLxTb-d_1NV7
z5vx7lh|YY~@$^u!tXR95RjB_Ln|2=Syaf4&D?T>;^EGyAxV=4)>HYDKrcYa=n;bdT
zD1_gVIX$B?$mr*qC0U=IFPUawmVUQ6EAPkWtjR+Ab~fHD=a}%eSF`D(HiO5};&o+v
z&!=k&N1dwdc6(Y{w23{{=0l>Iu~pl_{j<MY@89EOHhJ61<!2gi3h8|ldB@W)V7&3F
cOR(|RZ5rmktdmY(GpsCae}0kOSTZ~h0QNt=H~;_u

literal 0
HcmV?d00001

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index d525e1a686..62169d45a4 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -648,6 +648,24 @@ static int cert_tests(void)
     }
 
     ssl_ctx_free(ssl_ctx);
+
+    if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #9\n");
+        res = -1;
+        goto bad_cert;
+    }
+
+    if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
+    {
+        printf("Cert #9 (2)\n");
+        res = -1;
+        goto bad_cert;
+    }
+    x509_free(x509_ctx);
+    free(buf);
+
     res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 

From 6f4efb3e57043217bf44795f526336d322f5757b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 25 Sep 2009 11:52:55 +0000
Subject: [PATCH 136/301] Added axtlswrap

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@161 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile              |   4 +
 axtlswrap/Makefile    |  68 ++++++++
 axtlswrap/axtlswrap.c | 378 ++++++++++++++++++++++++++++++++++++++++++
 config/Config.in      |   8 +
 httpd/Makefile        |   3 +
 ssl/ssl.h             |   7 +-
 ssl/test/Makefile     |   4 +-
 ssl/x509.c            |   3 +-
 8 files changed, 467 insertions(+), 8 deletions(-)
 create mode 100755 axtlswrap/Makefile
 create mode 100755 axtlswrap/axtlswrap.c

diff --git a/Makefile b/Makefile
index 02c33d2482..2b3d3c8dd9 100644
--- a/Makefile
+++ b/Makefile
@@ -50,6 +50,9 @@ target:
 ifdef CONFIG_AXHTTPD
 	$(MAKE) -C httpd
 endif
+ifdef CONFIG_AXTLSWRAP
+	$(MAKE) -C axtlswrap
+endif
 ifdef CONFIG_BINDINGS
 	$(MAKE) -C bindings
 endif
@@ -121,6 +124,7 @@ clean::
 	@cd crypto; $(MAKE) clean
 	@cd ssl; $(MAKE) clean
 	@cd httpd; $(MAKE) clean
+	@cd axtlswrap; $(MAKE) clean
 	@cd samples; $(MAKE) clean
 	@cd docsrc; $(MAKE) clean
 	@cd bindings; $(MAKE) clean
diff --git a/axtlswrap/Makefile b/axtlswrap/Makefile
new file mode 100755
index 0000000000..b14825a4e4
--- /dev/null
+++ b/axtlswrap/Makefile
@@ -0,0 +1,68 @@
+#
+# Copyright (c) 2009, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+all : sslwrap
+
+AXTLS_HOME=..
+
+include $(AXTLS_HOME)/config/.config
+include $(AXTLS_HOME)/config/makefile.conf
+
+ifdef CONFIG_PLATFORM_CYGWIN
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlswrap.exe
+else # linux
+TARGET=$(AXTLS_HOME)/$(STAGE)/axtlswrap
+endif
+
+ifdef CONFIG_HTTP_STATIC_BUILD
+LIBS=$(AXTLS_HOME)/$(STAGE)/libaxtls.a
+else
+LIBS=-L$(AXTLS_HOME)/$(STAGE) -laxtls
+endif
+
+ifndef CONFIG_AXTLSWRAP
+sslwrap:
+else
+sslwrap : $(TARGET)
+
+OBJ= axtlswrap.o
+include $(AXTLS_HOME)/config/makefile.post
+
+$(TARGET): $(OBJ) $(AXTLS_HOME)/$(STAGE)/libaxtls.a
+	$(LD) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
+ifdef CONFIG_STRIP_UNWANTED_SECTIONS
+	$(STRIP) --remove-section=.comment $(TARGET)
+endif
+
+endif   # CONFIG_AXTLSWRAP
+
+clean::
+	-@rm -f $(TARGET)*
+
diff --git a/axtlswrap/axtlswrap.c b/axtlswrap/axtlswrap.c
new file mode 100755
index 0000000000..5aa6675ab5
--- /dev/null
+++ b/axtlswrap/axtlswrap.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright (c) 2009, Steve Bennett
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * sslwrap re-implemented with axTLS - a way to wrap an existing webserver
+ * with axTLS.
+ */
+ 
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <signal.h>
+#include <sys/poll.h>
+#include "ssl.h"
+
+/* If nothing is received or sent in this many seconds, give up */
+static int opt_timeout = 60;
+
+static int opt_verbose = 0;
+
+int main(int argc, char *argv[])
+{
+	int log_opts = LOG_PERROR;
+	int fd[2]; /* output from child */
+	int df[2]; /* input to child */
+	int pid;
+	unsigned char *readbuf;
+	int readlen;
+
+	SSL_CTX *ssl_ctx;
+	SSL *ssl;
+
+	/* This relies on stdin and stdout being one and the same */
+	int sslfd = fileno(stdin);
+
+	while (argc > 2 && argv[1][0] == '-') 
+    {
+		if (argc > 3 && strcmp(argv[1], "-t") == 0) 
+        {
+			opt_timeout = atoi(argv[2]);
+			argv += 2;
+			argc -= 2;
+			continue;
+		}
+
+		if (strcmp(argv[1], "-q") == 0) 
+        {
+			log_opts = 0;
+			argv++;
+			argc--;
+			continue;
+		}
+
+		if (strcmp(argv[1], "-v") == 0) 
+        {
+			opt_verbose++;
+			argv++;
+			argc--;
+			continue;
+		}
+	}
+
+	if (argc < 2) 
+    {
+		fprintf(stderr, "Usage: axtlswrap [-v] [-q] "
+                "[-t timeout] command ...\n");
+		return 1;
+	}
+
+	if (access(argv[1], X_OK) != 0) 
+    {
+		fprintf(stderr, "Not an executabled: %s\n", argv[1]);
+		return 1;
+	}
+
+	openlog("axtlswrap", LOG_PID | log_opts, LOG_DAEMON);
+
+	/* Create an SSL context with the required options */
+	ssl_ctx = ssl_ctx_new(opt_verbose > 1 ? 
+                    SSL_DISPLAY_STATES | SSL_DISPLAY_CERTS : 0, 1);
+
+	if (ssl_ctx == NULL) 
+    {
+		syslog(LOG_ERR, "Failed to create SSL ctx");
+		return 1;
+	}
+
+	/* And create an ssl session attached to sslfd */
+	ssl = ssl_server_new(ssl_ctx, sslfd);
+	if (ssl == NULL) 
+    {
+		syslog(LOG_ERR, "Failed to create SSL connection");
+		return 1;
+	}
+
+	/* Get past the handshaking */
+	while ((readlen = ssl_read(ssl, &readbuf)) == SSL_OK) 
+    {
+		/* Still handshaking */
+	}
+
+	if (readlen < 0) 
+    {
+		syslog(LOG_ERR, "SSL handshake failed: %d", readlen);
+		return 1;
+	}
+
+	if (opt_verbose) 
+    {
+		syslog(LOG_INFO, "SSL handshake OK");
+	}
+
+	/* Looks OK, we have data, so fork the child and start */
+	if (pipe(fd) < 0 || pipe(df) < 0) 
+    {
+		syslog(LOG_ERR, "pipe failed: %m");
+		return 1;
+	}
+
+	/* Give some indication to the child that we are running SSL
+	 * It would be possible to provide other details
+	 * too. Perhaps as in: http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
+	 */
+	setenv("SSL_PROTOCOL", "TLSv1", 1);
+
+#ifndef NOMMU
+	if (opt_verbose) 
+    {
+		pid = fork();
+	}
+	else
+#endif
+	pid = vfork();
+	if (pid < 0) 
+    {
+		syslog(LOG_ERR, "vfork failed: %m");
+		return 1;
+	}
+
+	if (pid > 0) 
+    {
+		/* This is the parent */
+		unsigned char writebuf[4096];
+		int writelen = 0;
+		struct pollfd pfd[3];
+		int timeout_count = 0;
+
+		int cwfd = df[1];	/* write to child */
+		int crfd = fd[0];	/* read from child */
+
+		int child_alive = 1;
+
+		/* Don't die on SIGPIPE */
+		signal(SIGPIPE, SIG_IGN);
+
+		close(df[0]);
+		close(fd[1]);
+
+		pfd[0].fd = sslfd;
+		pfd[1].fd = cwfd;
+		pfd[2].fd = crfd;
+
+		/* While the child is alive or there is something to return...  */
+		while (child_alive || writelen > 0) 
+        {
+			/* Work out what to read and what to write */
+			int ret;
+
+			pfd[0].events = 0;
+			pfd[0].revents = 0;
+
+			/* Only want to read ssl data if there is nothing else to do */
+			if (readlen == 0) 
+            {
+				/* can read ssl data */
+				pfd[0].events |= POLLIN;
+			}
+
+			if (writelen > 0) 
+            {
+				/* can write ssl data - will block to do this */
+				pfd[0].events |= POLLOUT;
+			}
+
+			pfd[1].events = 0;
+			pfd[1].revents = 0;
+
+			if (child_alive && readlen > 0) 
+            {
+				pfd[1].events |= POLLOUT;
+			}
+
+			pfd[2].events = 0;
+			pfd[2].revents = 0;
+
+			if (child_alive && writelen == 0) 
+            {
+				pfd[2].events |= POLLIN;
+			}
+
+			/* Timeout after 1 second so we can increment timeout_count */
+			ret = poll(pfd, 3, 1000);
+
+			if (ret < 0) 
+            {
+				if (errno != EAGAIN) 
+                {
+					/* Kill off the child */
+					kill(pid, SIGTERM);
+					break;
+				}
+
+				continue;
+			}
+
+			if (ret == 0) 
+            {
+				if (++timeout_count >= opt_timeout) 
+                {
+					/* Kill off the child */
+					kill(pid, SIGTERM);
+					break;
+				}
+
+				continue;
+			}
+
+			timeout_count = 0;
+
+			if (pfd[2].revents & POLLNVAL) 
+            {
+				/* REVISIT: This can probably be removed */
+				syslog(LOG_ERR, "Child closed output pipe");
+				child_alive = 0;
+			}
+			else if (pfd[2].revents & POLLIN) 
+            {
+				/* Can read from (3) */
+				writelen = read(crfd, writebuf, sizeof(writebuf));
+				if (writelen <= 0) 
+                {
+					if (writelen < 0) 
+                    {
+						syslog(LOG_WARNING, "Failed to read from child: len=%d",
+                                writelen);
+					}
+					break;
+				}
+			}
+			else if ((pfd[2].revents & POLLHUP) && kill(pid, 0) == 0) 
+            {
+				if (opt_verbose) 
+                {
+					syslog(LOG_INFO, "Child died and pipe gave POLLHUP");
+				}
+
+				child_alive = 0;
+			}
+
+			if (writelen > 0) 
+            {
+				const unsigned char *pt = writebuf;
+				while (writelen > 0) 
+                {
+					ret = ssl_write(ssl, pt, writelen);
+					if (ret <= 0) 
+                    {
+						syslog(LOG_WARNING, "Failed to write ssl: ret=%d", ret);
+						/* Kill off the child now */
+						kill(pid, SIGTERM);
+						writelen = -1;
+						break;
+					}
+					else 
+                    {
+						pt += ret;
+						writelen -= ret;
+					}
+				}
+				if (writelen < 0) 
+                {
+					break;
+				}
+			}
+			else if (pfd[0].revents & POLLIN) 
+            {
+				readlen = ssl_read(ssl, &readbuf);
+				if (readlen <= 0 && opt_verbose) 
+                {
+					syslog(LOG_INFO, "ssl_read() returned %d", readlen);
+				}
+
+				if (readlen < 0) 
+                {
+					/* Kill off the child */
+					kill(pid, SIGTERM);
+					break;
+				}
+			}
+
+			if (pfd[1].revents & POLLNVAL) 
+            {
+				/* REVISIT: This can probably be removed */
+				syslog(LOG_ERR, "Child closed input pipe");
+				readlen = -1;
+				child_alive = 0;
+			}
+			else if (pfd[1].revents & POLLOUT) 
+            {
+				const unsigned char *pt = readbuf;
+				while (readlen > 0) 
+                {
+					int len = write(cwfd, pt, readlen);
+					if (len <= 0) 
+                    {
+						syslog(LOG_WARNING, "Failed to write to child: len=%d", 
+                                len);
+						break;
+					}
+
+					readlen -= len;
+					pt += len;
+				}
+			}
+
+		}
+
+		ssl_free(ssl);
+#if 0
+		fprintf(stderr, "[%d] SSL done: timeout_count=%d, readlen=%d, writelen=%d, child_alive=%d\n",
+			getpid(), timeout_count, readlen, writelen, child_alive);
+#endif
+		return 0;
+	}
+
+	/* Child */
+	close(df[1]);
+	close(fd[0]);
+
+	dup2(df[0],0);
+	dup2(fd[1],1);
+
+	close(df[0]);
+	close(fd[1]);
+
+	execv(argv[1], argv + 1);
+	_exit(1);
+}
diff --git a/config/Config.in b/config/Config.in
index dc40756465..bebbb03307 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -107,6 +107,14 @@ config CONFIG_AXHTTPD
     help
         Build the AXHTTPD web server
 
+config CONFIG_AXTLSWRAP
+    depends on !CONFIG_PLATFORM_WIN32
+    bool "Enable axtlswrap"
+    default n
+    help
+        axtlswrap is similar to sslwrap - http://www.rickk.com/sslwrap. 
+        It enables SSL for processes that don't have native SSL support.
+
 source httpd/Config.in
 source bindings/Config.in
 source samples/Config.in
diff --git a/httpd/Makefile b/httpd/Makefile
index b8c18d2445..fbf2fae0e0 100644
--- a/httpd/Makefile
+++ b/httpd/Makefile
@@ -102,6 +102,9 @@ endif
 
 $(TARGET2): htpasswd.o $(AXTLS_HOME)/$(STAGE)/libaxtls.a
 	$(LD) $(LDFLAGS) -o $@ htpasswd.o $(LIBS)
+ifdef CONFIG_STRIP_UNWANTED_SECTIONS
+	$(STRIP) --remove-section=.comment $(TARGET2)
+endif
 
 else    # Win32
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9fc8d0e0f9..d6ed68daee 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -369,8 +369,6 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
  * This will usually be used by a client to check that the server's common 
  * name matches the URL.
  *
- * A full handshake needs to occur for this call to work properly.
- *
  * @param ssl [in] An SSL object reference.
  * @param component [in] one of:
  * - SSL_X509_CERT_COMMON_NAME
@@ -384,18 +382,17 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
  */
 EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
 
-
 /**
  * @brief Retrieve a Subject Alternative DNSName
  *
  * When a handshake is complete and a certificate has been exchanged, then the
  * details of the remote certificate can be retrieved.
  *
- * This will usually be used by a client to check that the server's common 
+ * This will usually be used by a client to check that the server's DNS  
  * name matches the URL.
  *
  * @param ssl [in] An SSL object reference.
- * @param index [in] The index of the DNS name to retrieve.
+ * @param dnsindex [in] The index of the DNS name to retrieve.
  * @return The appropriate string (or null if not defined)
  * @note Verification build mode must be enabled.
  */
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 56c711f197..181f9aca42 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -51,10 +51,10 @@ ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest
 LIBS=$(AXTLS_HOME)/$(STAGE)
 
 $(AXTLS_HOME)/$(STAGE)/perf_bigint: perf_bigint.o $(LIBS)/libaxtls.a
-	$(CC) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
+	$(LD) $(LDFLAGS) -o $@ $^ -L $(LIBS) -laxtls
 
 $(AXTLS_HOME)/$(STAGE)/ssltest: ssltest.o $(LIBS)/libaxtls.a
-	$(CC) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
+	$(LD) $(LDFLAGS) -o $@ $^ -lpthread -L $(LIBS) -laxtls
 else
 performance: $(AXTLS_HOME)/$(STAGE)/perf_bigint.exe
 ssltesting: $(AXTLS_HOME)/$(STAGE)/ssltest.exe
diff --git a/ssl/x509.c b/ssl/x509.c
index d2e8ccbb4a..89e2681a5b 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -381,7 +381,8 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
             }
         }
 
-       /* couldn't find a trusted cert (& let self-signed errors be returned) */
+        /* couldn't find a trusted cert (& let self-signed errors 
+           be returned) */
         if (!match_ca_cert && !is_self_signed)
         {
             ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       

From 02de05fe6c8f6f3e02f6ce20c0c78b0fcef54d23 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 30 Sep 2009 11:26:49 +0000
Subject: [PATCH 137/301] added -p and -s options

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@162 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/axhttpd.c | 68 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 55 insertions(+), 13 deletions(-)

diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index fb7ad3d84c..9d42aed8ee 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -43,7 +43,7 @@ struct connstruct *freeconns;
 const char * const server_version = "axhttpd/"AXTLS_VERSION;
 
 static void addtoservers(int sd);
-static int openlistener(int port);
+static int openlistener(char *address, int port);
 static void handlenewconnection(int listenfd, int is_ssl);
 static void addconnection(int sd, char *ip, int is_ssl);
 static void ax_chdir(void);
@@ -117,8 +117,13 @@ int main(int argc, char *argv[])
     struct connstruct *tp, *to;
     struct serverstruct *sp;
     int rnum, wnum, active;
-    int i;
+    int i = 1;
     time_t currtime;
+    char *httpAddress = NULL;
+    int httpPort = CONFIG_HTTP_PORT;
+    char *httpsAddress = NULL;
+    int httpsPort = CONFIG_HTTP_HTTPS_PORT;
+    char *portStr;
 
 #ifdef WIN32
     WORD wVersionRequested = MAKEWORD(2, 2);
@@ -140,6 +145,44 @@ int main(int argc, char *argv[])
 #endif
     tdate_init();
 
+    /* get some command-line parameters */
+    while (argv[i] != NULL)
+    {
+        if (strcmp(argv[i], "-p") == 0 && argv[i+1] != NULL)
+        {
+            if ((portStr = strchr(argv[i+1], ':')) != NULL)
+            {
+                httpAddress = argv[i+1];
+                *portStr = 0;
+                httpPort = atoi(portStr + 1);
+            }
+            else
+                httpPort = atoi(argv[i+1]);
+
+            i += 2;
+            continue;
+        }
+
+        if (strcmp(argv[i], "-s") == 0 && argv[i+1] != NULL)
+        {
+            if ((portStr = strchr(argv[i+1], ':')) != NULL)
+            {
+                httpsAddress = argv[i+1];
+                *portStr = 0;
+                httpsPort = atoi(portStr + 1);
+            }
+            else
+                httpsPort = atoi(argv[i+1]);
+
+            i += 2;
+            continue;
+        }
+
+        printf("%s: [-p [address:]httpport] [-s [address:]httpsport]\n", 
+                                                        argv[0]);
+        exit(0);
+    }
+
     for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
     {
         tp = freeconns;
@@ -147,22 +190,20 @@ int main(int argc, char *argv[])
         freeconns->next = tp;
     }
 
-    if ((active = openlistener(CONFIG_HTTP_PORT)) == -1) 
+    if ((active = openlistener(httpAddress, httpPort)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d\n",
-                CONFIG_HTTP_PORT);
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n", httpPort);
 #endif
         exit(1);
     }
 
     addtoservers(active);
 
-    if ((active = openlistener(CONFIG_HTTP_HTTPS_PORT)) == -1) 
+    if ((active = openlistener(httpsAddress, httpsPort)) == -1) 
     {
 #ifdef CONFIG_HTTP_VERBOSE
-        fprintf(stderr, "ERR: Couldn't bind to port %d\n", 
-                CONFIG_HTTP_HTTPS_PORT);
+        fprintf(stderr, "ERR: Couldn't bind to port %d\n", httpsPort);
 #endif
         exit(1);
     }
@@ -181,7 +222,7 @@ int main(int argc, char *argv[])
     printf("addcgiext %s\n", CONFIG_HTTP_CGI_EXTENSIONS); 
 #endif
     printf("%s: listening on ports %d (http) and %d (https)\n", 
-            server_version, CONFIG_HTTP_PORT, CONFIG_HTTP_HTTPS_PORT);
+            server_version, httpPort, httpsPort);
     TTY_FLUSH();
 #endif
 
@@ -418,7 +459,7 @@ static void handlenewconnection(int listenfd, int is_ssl)
 }
 #endif
 
-static int openlistener(int port) 
+static int openlistener(char *address, int port) 
 {
     int sd;
 #ifdef WIN32
@@ -435,17 +476,18 @@ static int openlistener(int port)
     memset(&my_addr, 0, sizeof(my_addr));
     my_addr.sin_family = AF_INET;
     my_addr.sin_port = htons((short)port);
-    my_addr.sin_addr.s_addr = INADDR_ANY;
+    my_addr.sin_addr.s_addr = address == NULL ? 
+                        INADDR_ANY : inet_addr(address);
 #else
     struct sockaddr_in6 my_addr;
 
     if ((sd = socket(AF_INET6, SOCK_STREAM, 0)) == -1) 
         return -1;
 
-    memset(&my_addr, 0, sizeof(my_addr));
     my_addr.sin6_family = AF_INET6;
     my_addr.sin6_port = htons(port);
-    my_addr.sin6_addr.s_addr = INADDR_ANY;
+    my_addr.sin6_addr.s_addr = address == NULL ? 
+                        INADDR_ANY : iinet_addr(address);
 #endif
 
     setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));

From 53142c0da5a13d94adf4e2eeb09c644c0a16cf34 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 15 Nov 2009 21:41:57 +0000
Subject: [PATCH 138/301] added shutdown to a CGI socket close.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@163 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/linuxconfig |   12 +-
 docsrc/axTLS.dox   | 2609 +++++++++++++++++++++++---------------------
 httpd/axhttpd.c    |    1 +
 www/index.html     |    2 +-
 4 files changed, 1381 insertions(+), 1243 deletions(-)

diff --git a/config/linuxconfig b/config/linuxconfig
index 614fdd80e4..1a9f04f5d9 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -4,7 +4,6 @@
 HAVE_DOT_CONFIG=y
 CONFIG_PLATFORM_LINUX=y
 # CONFIG_PLATFORM_CYGWIN is not set
-# CONFIG_PLATFORM_SOLARIS is not set
 # CONFIG_PLATFORM_WIN32 is not set
 
 #
@@ -35,7 +34,7 @@ CONFIG_SSL_USE_DEFAULT_KEY=y
 CONFIG_SSL_PRIVATE_KEY_LOCATION=""
 CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
 CONFIG_SSL_X509_CERT_LOCATION=""
-CONFIG_SSL_GENERATE_X509_CERT=y
+# CONFIG_SSL_GENERATE_X509_CERT is not set
 CONFIG_SSL_X509_COMMON_NAME=""
 CONFIG_SSL_X509_ORGANIZATION_NAME=""
 CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
@@ -48,10 +47,11 @@ CONFIG_SSL_MAX_CERTS=2
 # CONFIG_SSL_CTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
-CONFIG_OPENSSL_COMPATIBLE=y
+# CONFIG_OPENSSL_COMPATIBLE is not set
 # CONFIG_PERFORMANCE_TESTING is not set
 # CONFIG_SSL_TEST is not set
 CONFIG_AXHTTPD=y
+# CONFIG_AXTLSWRAP is not set
 
 #
 # Axhttpd Configuration
@@ -75,13 +75,15 @@ CONFIG_HTTP_LUA_CGI_LAUNCHER="/bin/cgi"
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
 # CONFIG_HTTP_HAS_IPV6 is not set
-# CONFIG_HTTP_VERBOSE is not set
+# CONFIG_HTTP_ENABLE_DIFFERENT_USER is not set
+CONFIG_HTTP_USER=""
+CONFIG_HTTP_VERBOSE=y
 # CONFIG_HTTP_IS_DAEMON is not set
 
 #
 # Language Bindings
 #
-CONFIG_BINDINGS=y
+# CONFIG_BINDINGS is not set
 # CONFIG_CSHARP_BINDINGS is not set
 # CONFIG_VBNET_BINDINGS is not set
 CONFIG_DOT_NET_FRAMEWORK_BASE=""
diff --git a/docsrc/axTLS.dox b/docsrc/axTLS.dox
index d9959b21dd..bca7d811dc 100644
--- a/docsrc/axTLS.dox
+++ b/docsrc/axTLS.dox
@@ -1,1237 +1,1372 @@
-# Doxyfile 1.4.5
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-#       TAG = value [value, ...]
-# For lists items can also be appended using:
-#       TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
-# by quotes) that should identify the project.
-
-PROJECT_NAME           = axTLS
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
-# This could be handy for archiving the generated documentation or 
-# if some version control system is used.
-
-PROJECT_NUMBER         = 
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
-# base path where the generated documentation will be put. 
-# If a relative path is entered, it will be relative to the location 
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY       = 
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
-# 4096 sub-directories (in 2 levels) under the output directory of each output 
-# format and will distribute the generated files over these directories. 
-# Enabling this option can be useful when feeding doxygen a huge amount of 
-# source files, where putting all generated files in the same directory would 
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS         = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
-# documentation generated by doxygen is written. Doxygen will use this 
-# information to generate all constant output in the proper language. 
-# The default language is English, other supported languages are: 
-# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, 
-# Dutch, Finnish, French, German, Greek, Hungarian, Italian, Japanese, 
-# Japanese-en (Japanese with English messages), Korean, Korean-en, Norwegian, 
-# Polish, Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, 
-# Swedish, and Ukrainian.
-
-OUTPUT_LANGUAGE        = English
-
-# This tag can be used to specify the encoding used in the generated output. 
-# The encoding is not always determined by the language that is chosen, 
-# but also whether or not the output is meant for Windows or non-Windows users. 
-# In case there is a difference, setting the USE_WINDOWS_ENCODING tag to YES 
-# forces the Windows encoding (this is the default for the Windows binary), 
-# whereas setting the tag to NO uses a Unix-style encoding (the default for 
-# all platforms other than Windows).
-
-USE_WINDOWS_ENCODING   = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
-# include brief member descriptions after the members that are listed in 
-# the file and class documentation (similar to JavaDoc). 
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC      = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
-# the brief description of a member or function before the detailed description. 
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF           = YES
-
-# This tag implements a quasi-intelligent brief description abbreviator 
-# that is used to form the text in various listings. Each string 
-# in this list, if found as the leading text of the brief description, will be 
-# stripped from the text and the result after processing the whole list, is 
-# used as the annotated text. Otherwise, the brief description is used as-is. 
-# If left blank, the following values are used ("$name" is automatically 
-# replaced with the name of the entity): "The $name class" "The $name widget" 
-# "The $name file" "is" "provides" "specifies" "contains" 
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF       = 
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
-# Doxygen will generate a detailed section even if there is only a brief 
-# description.
-
-ALWAYS_DETAILED_SEC    = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
-# inherited members of a class in the documentation of that class as if those 
-# members were ordinary class members. Constructors, destructors and assignment 
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB  = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
-# path before files name in the file list and in the header files. If set 
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES        = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
-# can be used to strip a user-defined part of the path. Stripping is 
-# only done if one of the specified strings matches the left-hand part of 
-# the path. The tag can be used to show relative paths in the file list. 
-# If left blank the directory from which doxygen is run is used as the 
-# path to strip.
-
-STRIP_FROM_PATH        = 
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
-# the path mentioned in the documentation of a class, which tells 
-# the reader which header file to include in order to use a class. 
-# If left blank only the name of the header file containing the class 
-# definition is used. Otherwise one should specify the include paths that 
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH    = 
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
-# (but less readable) file names. This can be useful is your file systems 
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES            = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
-# will interpret the first line (until the first dot) of a JavaDoc-style 
-# comment as the brief description. If set to NO, the JavaDoc 
-# comments will behave just like the Qt-style comments (thus requiring an 
-# explicit @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF      = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
-# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
-# comments) as a brief description. This used to be the default behaviour. 
-# The new default is to treat a multi-line C++ comment block as a detailed 
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member 
-# documentation.
-
-DETAILS_AT_TOP         = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
-# member inherits the documentation from any documented member that it 
-# re-implements.
-
-INHERIT_DOCS           = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
-# a new page for each member. If set to NO, the documentation of a member will 
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES  = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE               = 4
-
-# This tag can be used to specify a number of aliases that acts 
-# as commands in the documentation. An alias has the form "name=value". 
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
-# put the command \sideeffect (or @sideeffect) in the documentation, which 
-# will result in a user-defined paragraph with heading "Side Effects:". 
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES                = 
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
-# sources only. Doxygen will then generate output that is more tailored for C. 
-# For instance, some of the names that are used will be different. The list 
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C  = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
-# sources only. Doxygen will then generate output that is more tailored for Java. 
-# For instance, namespaces will be presented as packages, qualified scopes 
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA   = NO
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
-# include (a tag file for) the STL sources as input, then you should 
-# set this tag to YES in order to let doxygen match functions declarations and 
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
-# func(std::string) {}). This also make the inheritance and collaboration 
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT    = NO
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
-# tag is set to YES, then doxygen will reuse the documentation of the first 
-# member in the group (if any) for the other members of the group. By default 
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC   = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
-# the same type (for instance a group of public functions) to be put as a 
-# subgroup of that type (e.g. under the Public Functions section). Set it to 
-# NO to prevent subgrouping. Alternatively, this can be done per class using 
-# the \nosubgrouping command.
-
-SUBGROUPING            = YES
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
-# documentation are documented, even if no documentation was available. 
-# Private class members and static file members will be hidden unless 
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL            = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
-# will be included in the documentation.
-
-EXTRACT_PRIVATE        = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file 
-# will be included in the documentation.
-
-EXTRACT_STATIC         = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
-# defined locally in source files will be included in the documentation. 
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES  = YES
-
-# This flag is only useful for Objective-C code. When set to YES local 
-# methods, which are defined in the implementation section but not in 
-# the interface are included in the documentation. 
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS  = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
-# undocumented members of documented classes, files or namespaces. 
-# If set to NO (the default) these members will be included in the 
-# various overviews, but no documentation section is generated. 
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS     = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
-# undocumented classes that are normally visible in the class hierarchy. 
-# If set to NO (the default) these classes will be included in the various 
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES     = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
-# friend (class|struct|union) declarations. 
-# If set to NO (the default) these declarations will be included in the 
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS  = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
-# documentation blocks found inside the body of a function. 
-# If set to NO (the default) these blocks will be appended to the 
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS      = NO
-
-# The INTERNAL_DOCS tag determines if documentation 
-# that is typed after a \internal command is included. If the tag is set 
-# to NO (the default) then the documentation will be excluded. 
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS          = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
-# file names in lower-case letters. If set to YES upper-case letters are also 
-# allowed. This is useful if you have classes or files whose names only differ 
-# in case and if your file system supports case sensitive file names. Windows 
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES       = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
-# will show members with their full class and namespace scopes in the 
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES       = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
-# will put a list of the files that are included by a file in the documentation 
-# of that file.
-
-SHOW_INCLUDE_FILES     = NO
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
-# is inserted in the documentation for inline members.
-
-INLINE_INFO            = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
-# will sort the (detailed) documentation of file and class members 
-# alphabetically by member name. If set to NO the members will appear in 
-# declaration order.
-
-SORT_MEMBER_DOCS       = NO
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
-# brief documentation of file, namespace and class members alphabetically 
-# by member name. If set to NO (the default) the members will appear in 
-# declaration order.
-
-SORT_BRIEF_DOCS        = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
-# sorted by fully-qualified names, including namespaces. If set to 
-# NO (the default), the class list will be sorted only by class name, 
-# not including the namespace part. 
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the 
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME     = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or 
-# disable (NO) the todo list. This list is created by putting \todo 
-# commands in the documentation.
-
-GENERATE_TODOLIST      = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or 
-# disable (NO) the test list. This list is created by putting \test 
-# commands in the documentation.
-
-GENERATE_TESTLIST      = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or 
-# disable (NO) the bug list. This list is created by putting \bug 
-# commands in the documentation.
-
-GENERATE_BUGLIST       = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
-# disable (NO) the deprecated list. This list is created by putting 
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional 
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS       = 
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
-# the initial value of a variable or define consists of for it to appear in 
-# the documentation. If the initializer consists of more lines than specified 
-# here it will be hidden. Use a value of 0 to hide initializers completely. 
-# The appearance of the initializer of individual variables and defines in the 
-# documentation can be controlled using \showinitializer or \hideinitializer 
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES  = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
-# at the bottom of the documentation of classes and structs. If set to YES the 
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES        = NO
-
-# If the sources in your project are distributed over multiple directories 
-# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
-# in the documentation. The default is YES.
-
-SHOW_DIRECTORIES       = NO
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
-# doxygen should invoke to get the current version for each file (typically from the 
-# version control system). Doxygen will invoke the program by executing (via 
-# popen()) the command <command> <input-file>, where <command> is the value of 
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
-# provided by doxygen. Whatever the program writes to standard output 
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated 
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET                  = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are 
-# generated by doxygen. Possible values are YES and NO. If left blank 
-# NO is used.
-
-WARNINGS               = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED   = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
-# potential errors in the documentation, such as not documenting some 
-# parameters in a documented function, or documenting parameters that 
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR      = YES
-
-# This WARN_NO_PARAMDOC option can be abled to get warnings for 
-# functions that are documented, but have no documentation for their parameters 
-# or return value. If set to NO (the default) doxygen will only warn about 
-# wrong or incomplete parameter documentation, but not about the absence of 
-# documentation.
-
-WARN_NO_PARAMDOC       = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that 
-# doxygen can produce. The string should contain the $file, $line, and $text 
-# tags, which will be replaced by the file and line number from which the 
-# warning originated and the warning text. Optionally the format may contain 
-# $version, which will be replaced by the version of the file (if it could 
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT            = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning 
-# and error messages should be written. If left blank the output is written 
-# to stderr.
-
-WARN_LOGFILE           = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain 
-# documented source files. You may enter file names like "myfile.cpp" or 
-# directories like "/usr/src/myproject". Separate the files or directories 
-# with spaces.
-
-INPUT                  = ../bindings/csharp/axTLS.cs ../bindings/java/SSL.java ../bindings/java/SSLUtil.java ../bindings/java/SSLCTX.java ../bindings/java/SSLServer.java ../bindings/java/SSLClient.java ../bindings/java/SSLReadHolder.java ../ssl/ssl.h ../crypto/bigint.c ../crypto/bigint.h 
-
-# If the value of the INPUT tag contains directories, you can use the 
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank the following patterns are tested: 
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
-# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
-
-FILE_PATTERNS          = 
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
-# should be searched for input files as well. Possible values are YES and NO. 
-# If left blank NO is used.
-
-RECURSIVE              = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should 
-# excluded from the INPUT source files. This way you can easily exclude a 
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE                = 
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
-# directories that are symbolic links (a Unix filesystem feature) are excluded 
-# from the input.
-
-EXCLUDE_SYMLINKS       = NO
-
-# If the value of the INPUT tag contains directories, you can use the 
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
-# certain files from those directories. Note that the wildcards are matched 
-# against the file with absolute path, so to exclude all test directories 
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS       = 
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or 
-# directories that contain example code fragments that are included (see 
-# the \include command).
-
-EXAMPLE_PATH           = 
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
-# and *.h) to filter out the source-files in the directories. If left 
-# blank all files are included.
-
-EXAMPLE_PATTERNS       = 
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
-# searched for input files to be used with the \include or \dontinclude 
-# commands irrespective of the value of the RECURSIVE tag. 
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE      = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or 
-# directories that contain image that are included in the documentation (see 
-# the \image command).
-
-IMAGE_PATH             = images
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should 
-# invoke to filter for each input file. Doxygen will invoke the filter program 
-# by executing (via popen()) the command <filter> <input-file>, where <filter> 
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
-# input file. Doxygen will then use the output that the filter program writes 
-# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
-# ignored.
-
-INPUT_FILTER           = 
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
-# basis.  Doxygen will compare the file name with each pattern and apply the 
-# filter if there is a match.  The filters are a list of the form: 
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
-# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
-# is applied to all files.
-
-FILTER_PATTERNS        = 
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
-# INPUT_FILTER) will be used to filter the input files when producing source 
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES    = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
-# be generated. Documented entities will be cross-referenced with these sources. 
-# Note: To get rid of all source code in the generated output, make sure also 
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER         = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body 
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES         = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
-# doxygen to hide any special comment blocks from generated source code 
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS    = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
-# then for each documented function all documented 
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default) 
-# then for each documented function all documented entities 
-# called/used by that function will be listed.
-
-REFERENCES_RELATION    = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code 
-# will point to the HTML generated by the htags(1) tool instead of doxygen 
-# built-in source browser. The htags tool is part of GNU's global source 
-# tagging system (see http://www.gnu.org/software/global/global.html). You 
-# will need version 4.8.6 or higher.
-
-USE_HTAGS              = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
-# will generate a verbatim copy of the header file for each class for 
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS       = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
-# of all compounds will be generated. Enable this if the project 
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX     = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX    = 5
-
-# In case all classes in a project start with a common prefix, all 
-# classes will be put under the same header in the alphabetical index. 
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX          = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
-# generate HTML output.
-
-GENERATE_HTML          = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT            = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION    = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard header.
-
-HTML_HEADER            = 
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
-# each generated HTML page. If it is left blank doxygen will generate a 
-# standard footer.
-
-HTML_FOOTER            = doco_footer.html 
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
-# style sheet that is used by each HTML page. It can be used to 
-# fine-tune the look of the HTML output. If the tag is left blank doxygen 
-# will generate a default style sheet. Note that doxygen will try to copy 
-# the style sheet file to the HTML output directory, so don't put your own 
-# stylesheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET        = 
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
-# files or namespaces will be aligned in HTML using tables. If set to 
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS     = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
-# will be generated that can be used as input for tools like the 
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP      = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
-# be used to specify the file name of the resulting .chm file. You 
-# can add a path in front of the file if the result should not be 
-# written to the html output directory.
-
-CHM_FILE               = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
-# be used to specify the location (absolute path including file name) of 
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION           = 
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
-# controls if a separate .chi index file is generated (YES) or that 
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI           = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
-# controls whether a binary table of contents is generated (YES) or a 
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC             = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members 
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND             = YES
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
-# top of each HTML page. The value NO (the default) enables the index and 
-# the value YES disables it.
-
-DISABLE_INDEX          = YES
-
-# This tag can be used to set the number of enum values (range [1..20]) 
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE   = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that 
-# is generated for HTML Help). For this to work a browser that supports 
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW      = YES
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
-# used to set the initial width (in pixels) of the frame in which the tree 
-# is shown.
-
-TREEVIEW_WIDTH         = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
-# generate Latex output.
-
-GENERATE_LATEX         = NO
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT           = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME         = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
-# generate index for LaTeX. If left blank `makeindex' will be used as the 
-# default command name.
-
-MAKEINDEX_CMD_NAME     = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
-# LaTeX documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_LATEX          = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used 
-# by the printer. Possible values are: a4, a4wide, letter, legal and 
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE             = a4wide
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES         = 
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
-# the generated latex document. The header should contain everything until 
-# the first chapter. If it is left blank doxygen will generate a 
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER           = 
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
-# contain links (just like the HTML output) instead of page references 
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS         = NO
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
-# plain latex in the generated Makefile. Set this option to YES to get a 
-# higher quality PDF documentation.
-
-USE_PDFLATEX           = NO
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
-# command to the generated LaTeX files. This will instruct LaTeX to keep 
-# running if errors occur, instead of asking the user for help. 
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE        = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
-# include the index chapters (such as File Index, Compound Index, etc.) 
-# in the output.
-
-LATEX_HIDE_INDICES     = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
-# The RTF output is optimized for Word 97 and may not look very pretty with 
-# other RTF readers or editors.
-
-GENERATE_RTF           = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT             = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
-# RTF documents. This may be useful for small projects and may help to 
-# save some trees in general.
-
-COMPACT_RTF            = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
-# will contain hyperlink fields. The RTF file will 
-# contain links (just like the HTML output) instead of page references. 
-# This makes the output suitable for online browsing using WORD or other 
-# programs which support those fields. 
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS         = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's 
-# config file, i.e. a series of assignments. You only have to provide 
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE    = 
-
-# Set optional variables used in the generation of an rtf document. 
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE    = 
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
-# generate man pages
-
-GENERATE_MAN           = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT             = man
-
-# The MAN_EXTENSION tag determines the extension that is added to 
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION          = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
-# then it will generate one additional man file for each entity 
-# documented in the real man page(s). These additional files 
-# only source the real man page, but without them the man command 
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS              = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will 
-# generate an XML file that captures the structure of 
-# the code including all documentation.
-
-GENERATE_XML           = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT             = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_SCHEMA             = 
-
-# The XML_DTD tag can be used to specify an XML DTD, 
-# which can be used by a validating XML parser to check the 
-# syntax of the XML files.
-
-XML_DTD                = 
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
-# dump the program listings (including syntax highlighting 
-# and cross-referencing information) to the XML output. Note that 
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING     = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
-# generate an AutoGen Definitions (see autogen.sf.net) file 
-# that captures the structure of the code including all 
-# documentation. Note that this feature is still experimental 
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF   = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
-# generate a Perl module file that captures the structure of 
-# the code including all documentation. Note that this 
-# feature is still experimental and incomplete at the 
-# moment.
-
-GENERATE_PERLMOD       = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX          = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
-# nicely formatted so it can be parsed by a human reader.  This is useful 
-# if you want to understand what is going on.  On the other hand, if this 
-# tag is set to NO the size of the Perl module output will be much smaller 
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY         = YES
-
-# The names of the make variables in the generated doxyrules.make file 
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
-# This is useful so different doxyrules.make files included by the same 
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX = 
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor   
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
-# evaluate all C-preprocessor directives found in the sources and include 
-# files.
-
-ENABLE_PREPROCESSING   = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
-# names in the source code. If set to NO (the default) only conditional 
-# compilation will be performed. Macro expansion can be done in a controlled 
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION        = YES
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
-# then the macro expansion is limited to the macros specified with the 
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF     = YES
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES        = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that 
-# contain include files that are not input files but should be processed by 
-# the preprocessor.
-
-INCLUDE_PATH           = 
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
-# patterns (like *.h and *.hpp) to filter out the header-files in the 
-# directories. If left blank, the patterns specified with FILE_PATTERNS will 
-# be used.
-
-INCLUDE_FILE_PATTERNS  = 
-
-# The PREDEFINED tag can be used to specify one or more macro names that 
-# are defined before the preprocessor is started (similar to the -D option of 
-# gcc). The argument of the tag is a list of macros of the form: name 
-# or name=definition (no spaces). If the definition and the = are 
-# omitted =1 is assumed. To prevent a macro definition from being 
-# undefined via #undef or recursively expanded use the := operator 
-# instead of the = operator.
-
-PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION CONFIG_SSL_ENABLE_CLIENT CONFIG_SSL_GENERATE_X509_CERT CONFIG_BIGINT_MONTGOMERY CONFIG_BIGINT_BARRETT CONFIG_BIGINT_CRT EXP_FUNC="" STDCALL=""
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
-# this tag can be used to specify a list of macro names that should be expanded. 
-# The macro definition that is found in the sources will be used. 
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED      = 
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
-# doxygen's preprocessor will remove all function-like macros that are alone 
-# on a line, have an all uppercase name, and do not end with a semicolon. Such 
-# function macros are typically used for boiler-plate code, and will confuse 
-# the parser if not removed.
-
-SKIP_FUNCTION_MACROS   = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references   
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. 
-# Optionally an initial location of the external documentation 
-# can be added for each tagfile. The format of a tag file without 
-# this location is as follows: 
-#   TAGFILES = file1 file2 ... 
-# Adding location for the tag files is done as follows: 
-#   TAGFILES = file1=loc1 "file2 = loc2" ... 
-# where "loc1" and "loc2" can be relative or absolute paths or 
-# URLs. If a location is present for each tag, the installdox tool 
-# does not have to be run to correct the links.
-# Note that each tag file must have a unique name
-# (where the name does NOT include the path)
-# If a tag file is not located in the directory in which doxygen 
-# is run, you must also specify the path to the tagfile here.
-
-TAGFILES               = 
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE       = 
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
-# in the class index. If set to NO only the inherited external classes 
-# will be listed.
-
-ALLEXTERNALS           = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
-# in the modules index. If set to NO, only the current project's groups will 
-# be listed.
-
-EXTERNAL_GROUPS        = NO
-
-# The PERL_PATH should be the absolute path and name of the perl script 
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH              = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool   
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
-# or super classes. Setting the tag to NO turns the diagrams off. Note that 
-# this option is superseded by the HAVE_DOT option below. This is only a 
-# fallback. It is recommended to install and use dot, since it yields more 
-# powerful graphs.
-
-CLASS_DIAGRAMS         = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide 
-# inheritance and usage relations if the target is undocumented 
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS   = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
-# available from the path. This tool is part of Graphviz, a graph visualization 
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT               = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect inheritance relations. Setting this tag to YES will force the 
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH            = NO
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for each documented class showing the direct and 
-# indirect implementation dependencies (inheritance, containment, and 
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH    = NO
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS           = NO
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
-# collaboration diagrams in a style similar to the OMG's Unified Modeling 
-# Language.
-
-UML_LOOK               = NO
-
-# If set to YES, the inheritance and collaboration graphs will show the 
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS     = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
-# tags are set to YES then doxygen will generate a graph for each documented 
-# file showing the direct and indirect include dependencies of the file with 
-# other documented files.
-
-INCLUDE_GRAPH          = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
-# documented header file showing the documented files that directly or 
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH      = NO
-
-# If the CALL_GRAPH and HAVE_DOT tags are set to YES then doxygen will 
-# generate a call dependency graph for every global function or class method. 
-# Note that enabling this option will significantly increase the time of a run. 
-# So in most cases it will be better to enable call graphs for selected 
-# functions only using the \callgraph command.
-
-CALL_GRAPH             = NO
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY    = NO
-
-# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
-# then doxygen will show the dependencies a directory has on other directories 
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH        = NO
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT       = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be 
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH               = 
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that 
-# contain dot files that are included in the documentation (see the 
-# \dotfile command).
-
-DOTFILE_DIRS           = 
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_WIDTH    = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height 
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than 
-# this value, doxygen will try to truncate the graph, so that it fits within 
-# the specified constraint. Beware that most browsers cannot cope with very 
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT   = 1024
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
-# graphs generated by dot. A depth value of 3 means that only nodes reachable 
-# from the root by following a path via at most 3 edges will be shown. Nodes 
-# that lay further from the root node will be omitted. Note that setting this 
-# option to 1 or 2 may greatly reduce the computation time needed for large 
-# code bases. Also note that a graph may be further truncated if the graph's 
-# image dimensions are not sufficient to fit the graph (see MAX_DOT_GRAPH_WIDTH 
-# and MAX_DOT_GRAPH_HEIGHT). If 0 is used for the depth value (the default), 
-# the graph is not depth-constrained.
-
-MAX_DOT_GRAPH_DEPTH    = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
-# background. This is disabled by default, which results in a white background. 
-# Warning: Depending on the platform used, enabling this option may lead to 
-# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
-# read).
-
-DOT_TRANSPARENT        = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
-# files in one run (i.e. multiple -o and -T options on the command line). This 
-# makes dot run faster, but since only newer versions of dot (>1.8.10) 
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS      = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
-# generate a legend page explaining the meaning of the various boxes and 
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND        = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
-# remove the intermediate dot files that are used to generate 
-# the various graphs.
-
-DOT_CLEANUP            = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to the search engine   
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be 
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE           = NO
+# Doxyfile 1.5.5
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file 
+# that follow. The default is UTF-8 which is also the encoding used for all 
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the 
+# iconv built into libc) for the transcoding. See 
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = axTLS
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = 
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of 
+# source files, where putting all generated files in the same directory would 
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, 
+# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, 
+# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), 
+# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, 
+# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, 
+# and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is 
+# used as the annotated text. Otherwise, the brief description is used as-is. 
+# If left blank, the following values are used ("$name" is automatically 
+# replaced with the name of the entity): "The $name class" "The $name widget" 
+# "The $name file" "is" "provides" "specifies" "contains" 
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = 
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
+# inherited members of a class in the documentation of that class as if those 
+# members were ordinary class members. Constructors, destructors and assignment 
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip.
+
+STRIP_FROM_PATH        = 
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = 
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful is your file systems 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like regular Qt-style comments 
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF      = NO
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will 
+# interpret the first line (until the first dot) of a Qt-style 
+# comment as the brief description. If set to NO, the comments 
+# will behave just like regular Qt-style comments (thus requiring 
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member 
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
+# a new page for each member. If set to NO, the documentation of a member will 
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
+# sources only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
+# sources only. Doxygen will then generate output that is more tailored for 
+# Java. For instance, namespaces will be presented as packages, qualified 
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran 
+# sources only. Doxygen will then generate output that is more tailored for 
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN   = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL 
+# sources. Doxygen will then generate output that is tailored for 
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL   = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want 
+# to include (a tag file for) the STL sources as input, then you should 
+# set this tag to YES in order to let doxygen match functions declarations and 
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
+# func(std::string) {}). This also make the inheritance and collaboration 
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT        = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. 
+# Doxygen will parse them like normal C++ but will assume all classes use public 
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT            = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum 
+# is documented as struct, union, or enum with the name of the typedef. So 
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct 
+# with name TypeT. When disabled the typedef will appear as a member of a file, 
+# namespace, or class. And the struct will be named TypeS. This can typically 
+# be useful for C code in case the coding convention dictates that all compound 
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT   = NO
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be 
+# extracted and appear in the documentation as a namespace called 
+# 'anonymous_namespace{file}', where file will be replaced with the base 
+# name of the file that contains the anonymous namespace. By default 
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = NO
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the 
+# hierarchy of group names into alphabetical order. If set to NO (the default) 
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES       = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or define consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and defines in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = NO
+
+# If the sources in your project are distributed over multiple directories 
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES       = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
+# doxygen should invoke to get the current version for each file (typically from 
+# the version control system). Doxygen will invoke the program by executing (via 
+# popen()) the command <command> <input-file>, where <command> is the value of 
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
+# provided by doxygen. Whatever the program writes to standard output 
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for 
+# functions that are documented, but have no documentation for their parameters 
+# or return value. If set to NO (the default) doxygen will only warn about 
+# wrong or incomplete parameter documentation, but not about the absence of 
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text. Optionally the format may contain 
+# $version, which will be replaced by the version of the file (if it could 
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = ../bindings/csharp/axTLS.cs \
+                         ../bindings/java/SSL.java \
+                         ../bindings/java/SSLUtil.java \
+                         ../bindings/java/SSLCTX.java \
+                         ../bindings/java/SSLServer.java \
+                         ../bindings/java/SSLClient.java \
+                         ../bindings/java/SSLReadHolder.java \
+                         ../ssl/ssl.h \
+                         ../crypto/bigint.c \
+                         ../crypto/bigint.h
+
+# This tag can be used to specify the character encoding of the source files 
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is 
+# also the default input encoding. Doxygen uses libiconv (or the iconv built 
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for 
+# the list of possible encodings.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS          = 
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
+# directories that are symbolic links (a Unix filesystem feature) are excluded 
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories. Note that the wildcards are matched 
+# against the file with absolute path, so to exclude all test directories 
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = 
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names 
+# (namespaces, classes, functions, etc.) that should be excluded from the 
+# output. The symbol name can be a fully qualified name, a word, or if the 
+# wildcard * is used, a substring. Examples: ANamespace, AClass, 
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS        = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = 
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = images
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
+# is applied to all files.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER         = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default) 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code.  Otherwise they will link to the documentstion.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code 
+# will point to the HTML generated by the htags(1) tool instead of doxygen 
+# built-in source browser. The htags tool is part of GNU's global source 
+# tagging system (see http://www.gnu.org/software/global/global.html). You 
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header.
+
+HTML_HEADER            = 
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = doco_footer.html
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If the tag is left blank doxygen 
+# will generate a default style sheet. Note that doxygen will try to copy 
+# the style sheet file to the HTML output directory, so don't put your own 
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        = 
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files 
+# will be generated that can be used as input for Apple's Xcode 3 
+# integrated development environment, introduced with OSX 10.5 (Leopard). 
+# To create a documentation set, doxygen will generate a Makefile in the 
+# HTML output directory. Running make will produce the docset in that 
+# directory and running "make install" will install the docset in 
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find 
+# it at startup.
+
+GENERATE_DOCSET        = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the 
+# feed. A documentation feed provides an umbrella under which multiple 
+# documentation sets from a single provider (such as a company or product suite) 
+# can be grouped.
+
+DOCSET_FEEDNAME        = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that 
+# should uniquely identify the documentation set bundle. This should be a 
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen 
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID       = org.doxygen.Project
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML 
+# documentation will contain sections that can be hidden and shown after the 
+# page has loaded. For this to work a browser that supports 
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox 
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = YES
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
+# top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it.
+
+DISABLE_INDEX          = YES
+
+# This tag can be used to set the number of enum values (range [1..20]) 
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = YES
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, a4wide, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = YES
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = YES
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = 
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = CONFIG_SSL_CERT_VERIFICATION \
+                         CONFIG_SSL_ENABLE_CLIENT \
+                         CONFIG_SSL_GENERATE_X509_CERT \
+                         CONFIG_BIGINT_MONTGOMERY \
+                         CONFIG_BIGINT_BARRETT \
+                         CONFIG_BIGINT_CRT \
+                         "EXP_FUNC=" \
+                         "STDCALL="
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all function-like macros that are alone 
+# on a line, have an all uppercase name, and do not end with a semicolon. Such 
+# function macros are typically used for boiler-plate code, and will confuse 
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. 
+# Optionally an initial location of the external documentation 
+# can be added for each tagfile. The format of a tag file without 
+# this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths or 
+# URLs. If a location is present for each tag, the installdox tool 
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen 
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = NO
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
+# or super classes. Setting the tag to NO turns the diagrams off. Note that 
+# this option is superseded by the HAVE_DOT option below. This is only a 
+# fallback. It is recommended to install and use dot, since it yields more 
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# You can define message sequence charts within doxygen comments using the \msc 
+# command. Doxygen will then run the mscgen tool (see 
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the 
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where 
+# the mscgen tool resides. If left empty the tool is assumed to be found in the 
+# default search path.
+
+MSCGEN_PATH            = 
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = NO
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = NO
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = NO
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = NO
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then 
+# doxygen will generate a call dependency graph for every global function 
+# or class method. Note that enabling this option will significantly increase 
+# the time of a run. So in most cases it will be better to enable call graphs 
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then 
+# doxygen will generate a caller dependency graph for every global function 
+# or class method. Note that enabling this option will significantly increase 
+# the time of a run. So in most cases it will be better to enable caller 
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH           = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = NO
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
+# then doxygen will show the dependencies a directory has on other directories 
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = NO
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of 
+# nodes that will be shown in the graph. If the number of nodes in a graph 
+# becomes larger than this value, doxygen will truncate the graph, which is 
+# visualized by representing a node as a red box. Note that doxygen if the 
+# number of direct children of the root node in a graph is already larger than 
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note 
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES    = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes 
+# that lay further from the root node will be omitted. Note that setting this 
+# option to 1 or 2 may greatly reduce the computation time needed for large 
+# code bases. Also note that the size of a graph can be further restricted by 
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
+# background. This is enabled by default, which results in a transparent 
+# background. Warning: Depending on the platform used, enabling this option 
+# may lead to badly anti-aliased labels on the edges of a graph (i.e. they 
+# become hard to read).
+
+DOT_TRANSPARENT        = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
+# files in one run (i.e. multiple -o and -T options on the command line). This 
+# makes dot run faster, but since only newer versions of dot (>1.8.10) 
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be 
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 9d42aed8ee..148d99a5f1 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -612,6 +612,7 @@ void removeconnection(struct connstruct *cn)
             cn->ssl = NULL;
         }
 
+        shutdown(cn->networkdesc, SHUT_WR);
         SOCKET_CLOSE(cn->networkdesc);
     }
 
diff --git a/www/index.html b/www/index.html
index 6170143e33..c123310fa4 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200903271145" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200911152140" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 1e8e8182426d59e5912b50720ed869a8acce2087 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 4 Dec 2009 10:59:07 +0000
Subject: [PATCH 139/301] index.html update

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@164 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index c123310fa4..78825ed78c 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200911152140" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="200912041052" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 13dee95d971d6684c38510e0a5d2a85c7541c3a2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 12 Dec 2009 04:11:56 +0000
Subject: [PATCH 140/301] Fix for ssl client renotiation SSL error

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@166 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h       |  1 +
 ssl/tls1.c      | 17 +++++++++++++++--
 ssl/tls1_clnt.c |  1 +
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index d6ed68daee..9e9d801c06 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -100,6 +100,7 @@ extern "C" {
 #define SSL_ERROR_INVALID_KEY                   -269
 #define SSL_ERROR_FINISHED_INVALID              -271
 #define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NO_CLIENT_RENOG               -273
 #define SSL_ERROR_NOT_SUPPORTED                 -274
 #define SSL_X509_OFFSET                         -512
 #define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 9a469d7fe4..5ce8c24539 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1230,8 +1230,16 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     switch (ssl->record_type)
     {
         case PT_HANDSHAKE_PROTOCOL:
-            ssl->dc->bm_proc_index = 0;
-            ret = do_handshake(ssl, buf, read_len);
+            if (ssl->dc != NULL)
+            {
+                ssl->dc->bm_proc_index = 0;
+                ret = do_handshake(ssl, buf, read_len);
+            }
+            else /* no client renogiation allowed */
+            {
+                ret = SSL_ERROR_NO_CLIENT_RENOG;              
+                goto error;
+            }
             break;
 
         case PT_CHANGE_CIPHER_SPEC:
@@ -1402,6 +1410,7 @@ int send_alert(SSL *ssl, int error_code)
 
         case SSL_ERROR_INVALID_HANDSHAKE:
         case SSL_ERROR_INVALID_PROT_MSG:
+        case SSL_ERROR_NO_CLIENT_RENOG:
             alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
             break;
 
@@ -1958,6 +1967,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
             printf("no certificate defined");
             break;
 
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            printf("client renegotiation not supported");
+            break;
+            
         case SSL_ERROR_NOT_SUPPORTED:
             printf("Option not supported");
             break;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 91314333c0..beb0e278b2 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -123,6 +123,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
             disposable_free(ssl);   /* free up some memory */
+            /* note: client renogiation is not allowed after this */
             break;
 
         case HS_HELLO_REQUEST:

From c484a1ee7285e2fca61a0830541d7f243ddc3d3d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 May 2010 04:38:16 +0000
Subject: [PATCH 141/301] added an entropy pool to the RNG

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@167 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 73 ++++++++++++++++++++++++++------------------
 www/index.html       |  2 +-
 2 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 59b72ec08d..fb257dd541 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -48,7 +48,12 @@ static HCRYPTPROV gCryptProv;
 #endif
 
 #if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
-static uint64_t rng_num;
+/* change to 32bit processor registers as appropriate */
+#define ENTROPY_POOL_SIZE 32
+#define ENTROPY_COUNTER1 (uint32_t)((tv.tv_sec<<16) + tv.tv_usec)
+#define ENTROPY_COUNTER2 (uint32_t)rand()
+static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
+static MD5_CTX rng_digest_ctx;
 #endif
 
 static int rng_ref_count;
@@ -119,15 +124,26 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
             }
         }
 #else   
-        /* help seed with the user's private key - this is a number that 
-           should be hard to find, due to the fact that it relies on knowing 
-           the private key */
-        int i;  
-
-        for (i = 0; i < size/(int)sizeof(uint64_t); i++)
-            rng_num ^= *((uint64_t *)&seed_buf[i*sizeof(uint64_t)]);
+        int i;
+        uint32_t seed_addr_val = (uint32_t)&seed_buf;
+        uint32_t *ep = (uint32_t *)entropy_pool;
+printf("blah %08x\n", seed_addr_val);
+
+        /* help start the entropy with the user's private key - this is 
+           a number that should be hard to find, due to the fact that it 
+           relies on knowing the private key */
+        memcpy(entropy_pool, seed_buf, ENTROPY_POOL_SIZE);
+print_blob("entropy 1", entropy_pool, ENTROPY_POOL_SIZE);
+        /* mix it up a little with a stack address */
+        for (i = 0; i < ENTROPY_POOL_SIZE/4; i++)
+{
+printf("YA: %08x\n", ep[i]);
+            ep[i] ^= seed_addr_val;
+}
+print_blob("entropy 2", entropy_pool, ENTROPY_POOL_SIZE);
 
-        srand((long)&seed_buf);  /* use the stack ptr as another rnd seed */
+        MD5_Init(&rng_digest_ctx);
+        srand((long)entropy_pool); 
 #endif
     }
 
@@ -165,31 +181,30 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
        and a couple of random seeds to generate a random sequence */
     RC4_CTX rng_ctx;
     struct timeval tv;
-    uint64_t big_num1, big_num2;
+    uint8_t digest[MD5_SIZE];
+    int i;
 
-    gettimeofday(&tv, NULL);    /* yes I know we shouldn't do this */
+    /* A proper implementation would use counters etc for entropy */
+    gettimeofday(&tv, NULL);    
+    uint64_t *ep = (uint64_t *)entropy_pool;
+    ep[0] ^= (uint64_t)ENTROPY_COUNTER1;
+    ep[1] ^= (uint64_t)ENTROPY_COUNTER2; 
 
-    /* all numbers by themselves are pretty simple, but combined should 
-     * be a challenge */
-    big_num1 = (uint64_t)tv.tv_sec*(tv.tv_usec+1); 
-    big_num2 = (uint64_t)rand()*big_num1;
-    big_num1 ^= rng_num;
+    /* use a digested version of the entropy pool as a key */
+    MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
+    MD5_Final(digest, &rng_digest_ctx);
 
-    memcpy(rand_data, &big_num1, sizeof(uint64_t));
-    if (num_rand_bytes > sizeof(uint64_t))
-        memcpy(&rand_data[8], &big_num2, sizeof(uint64_t));
+    /* come up with the random sequence */
+    RC4_setup(&rng_ctx, digest, MD5_SIZE); /* use as a key */
+    memcpy(rand_data, entropy_pool, ENTROPY_POOL_SIZE);
+    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
 
-    if (num_rand_bytes > 16)
-    {
-        /* clear rest of data */
-        memset(&rand_data[16], 0, num_rand_bytes-16); 
-    }
+    /* move things along */
+    for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
+        entropy_pool[i] = entropy_pool[i-MD5_SIZE];
 
-    RC4_setup(&rng_ctx, rand_data, 16); /* use as a key */
-    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
-    
-    /* use last 8 bytes for next time */
-    memcpy(&rng_num, &rand_data[num_rand_bytes-8], sizeof(uint64_t));    
+    /* insert the digest at the start of the entropy pool */
+    memcpy(entropy_pool, digest, MD5_SIZE);
 #endif
 }
 
diff --git a/www/index.html b/www/index.html
index 78825ed78c..4f6d4ccc74 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="200912041052" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201005010429" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From fe927a6d0e7d7f75e0b845231f0c0ee518b8c0d0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 May 2010 04:56:01 +0000
Subject: [PATCH 142/301] account for output buffer being smaller than entropy
 pool

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@168 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index fb257dd541..5efa2cb551 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -196,7 +196,8 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
 
     /* come up with the random sequence */
     RC4_setup(&rng_ctx, digest, MD5_SIZE); /* use as a key */
-    memcpy(rand_data, entropy_pool, ENTROPY_POOL_SIZE);
+    memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
+				num_rand_bytes : ENTROPY_POOL_SIZE);
     RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
 
     /* move things along */

From e674d076d41820ce3620be72b69066a948f16f23 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 1 May 2010 05:28:44 +0000
Subject: [PATCH 143/301] removed debugging

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@169 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 5efa2cb551..40df4e0241 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -53,7 +53,6 @@ static HCRYPTPROV gCryptProv;
 #define ENTROPY_COUNTER1 (uint32_t)((tv.tv_sec<<16) + tv.tv_usec)
 #define ENTROPY_COUNTER2 (uint32_t)rand()
 static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
-static MD5_CTX rng_digest_ctx;
 #endif
 
 static int rng_ref_count;
@@ -127,22 +126,16 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
         int i;
         uint32_t seed_addr_val = (uint32_t)&seed_buf;
         uint32_t *ep = (uint32_t *)entropy_pool;
-printf("blah %08x\n", seed_addr_val);
 
         /* help start the entropy with the user's private key - this is 
            a number that should be hard to find, due to the fact that it 
            relies on knowing the private key */
         memcpy(entropy_pool, seed_buf, ENTROPY_POOL_SIZE);
-print_blob("entropy 1", entropy_pool, ENTROPY_POOL_SIZE);
+
         /* mix it up a little with a stack address */
         for (i = 0; i < ENTROPY_POOL_SIZE/4; i++)
-{
-printf("YA: %08x\n", ep[i]);
             ep[i] ^= seed_addr_val;
-}
-print_blob("entropy 2", entropy_pool, ENTROPY_POOL_SIZE);
 
-        MD5_Init(&rng_digest_ctx);
         srand((long)entropy_pool); 
 #endif
     }
@@ -181,6 +174,7 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
        and a couple of random seeds to generate a random sequence */
     RC4_CTX rng_ctx;
     struct timeval tv;
+    MD5_CTX rng_digest_ctx;
     uint8_t digest[MD5_SIZE];
     int i;
 
@@ -191,6 +185,7 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     ep[1] ^= (uint64_t)ENTROPY_COUNTER2; 
 
     /* use a digested version of the entropy pool as a key */
+    MD5_Init(&rng_digest_ctx);
     MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
     MD5_Final(digest, &rng_digest_ctx);
 

From 8b2e5bba8279010bcec7cc5126cbf46e470d8c60 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 May 2010 10:39:58 +0000
Subject: [PATCH 144/301] fixes to axhttpd from Joe Pruett

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@170 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c |  2 +-
 httpd/axhttpd.c      |  6 ++++--
 httpd/proc.c         | 31 +++++++++++++++++++------------
 3 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 40df4e0241..a44c5c22af 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -131,12 +131,12 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
            a number that should be hard to find, due to the fact that it 
            relies on knowing the private key */
         memcpy(entropy_pool, seed_buf, ENTROPY_POOL_SIZE);
+        srand((long)entropy_pool); 
 
         /* mix it up a little with a stack address */
         for (i = 0; i < ENTROPY_POOL_SIZE/4; i++)
             ep[i] ^= seed_addr_val;
 
-        srand((long)entropy_pool); 
 #endif
     }
 
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 148d99a5f1..bb54e487ca 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -55,7 +55,8 @@ static void addcgiext(const char *tp);
 #if !defined(WIN32)
 static void reaper(int sigtype) 
 {
-    wait3(NULL, WNOHANG, NULL);
+    while (wait3(NULL, WNOHANG, NULL) > 0)
+        continue;
 }
 #endif
 #endif
@@ -446,7 +447,8 @@ static void handlenewconnection(int listenfd, int is_ssl)
     else 
         *ipbuf = '\0';
 
-    addconnection(connfd, ipbuf, is_ssl);
+    if (connfd != -1) /* check for error condition */
+        addconnection(connfd, ipbuf, is_ssl);
 }
 
 #else
diff --git a/httpd/proc.c b/httpd/proc.c
index c90fa97909..3874c8fc26 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -119,7 +119,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
 #endif
         cn->if_modified_since = -1;
     } 
-    else if (strcmp(buf, "Host:") == 0) 
+    else if (strcasecmp(buf, "Host:") == 0) 
     {
         if (sanitizehost(value) == 0) 
         {
@@ -129,21 +129,24 @@ static int procheadelem(struct connstruct *cn, char *buf)
 
         my_strncpy(cn->server_name, value, MAXREQUESTLENGTH);
     } 
-    else if (strcmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
+    else if (strcasecmp(buf, "Connection:") == 0 && strcmp(value, "close") == 0) 
     {
         cn->close_when_done = 1;
     } 
-    else if (strcmp(buf, "If-Modified-Since:") == 0) 
+    else if (strcasecmp(buf, "If-Modified-Since:") == 0) 
     {
         cn->if_modified_since = tdate_parse(value);
     }
-    else if (strcmp(buf, "Expect:") == 0)
+    else if (strcasecmp(buf, "Expect:") == 0)
     {
-        send_error(cn, 417); /* expectation failed */
-        return 0;
+		/* supposed to be safe to ignore 100-continue */
+		if (strcasecmp(value, "100-continue") != 0) {
+			send_error(cn, 417); /* expectation failed */
+			return 0;
+		}
     }
 #ifdef CONFIG_HTTP_HAS_AUTHORIZATION
-    else if (strcmp(buf, "Authorization:") == 0 &&
+    else if (strcasecmp(buf, "Authorization:") == 0 &&
                                     strncmp(value, "Basic ", 6) == 0)
     {
         int size;
@@ -155,15 +158,15 @@ static int procheadelem(struct connstruct *cn, char *buf)
     }
 #endif
 #if defined(CONFIG_HTTP_HAS_CGI)
-    else if (strcmp(buf, "Content-Length:") == 0)
+    else if (strcasecmp(buf, "Content-Length:") == 0)
     {
         sscanf(value, "%d", &cn->content_length);
     }
-    else if (strcmp(buf, "Content-Type:") == 0)
+    else if (strcasecmp(buf, "Content-Type:") == 0)
     {
         my_strncpy(cn->cgicontenttype, value, MAXREQUESTLENGTH);
     }
-    else if (strcmp(buf, "Cookie:") == 0)
+    else if (strcasecmp(buf, "Cookie:") == 0)
     {
         my_strncpy(cn->cookie, value, MAXREQUESTLENGTH);
     }
@@ -628,11 +631,15 @@ static void proccgi(struct connstruct *cn)
     /* Our stdout/stderr goes to the socket */
     dup2(tpipe[1], 1);
     dup2(tpipe[1], 2);
+    close(tpipe[0]);
+    close(tpipe[1]);
 
     /* If it was a POST request, send the socket data to our stdin */
-    if (cn->reqtype == TYPE_POST) 
+    if (cn->reqtype == TYPE_POST)  {
         dup2(spipe[0], 0);  
-    else    /* Otherwise we can shutdown the read side of the sock */
+        close(spipe[0]);
+        close(spipe[1]);
+    } else    /* Otherwise we can shutdown the read side of the sock */
         shutdown(cn->networkdesc, 0);
 
     myargs[0] = cn->actualfile;

From 596f569e1ec1f18d9b9dd092f59f08297a99b0a0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 May 2010 11:49:30 +0000
Subject: [PATCH 145/301] fixed warning

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@171 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/proc.c   | 2 +-
 www/index.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/httpd/proc.c b/httpd/proc.c
index 3874c8fc26..b9140cdc3b 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1022,7 +1022,7 @@ static int sanitizehost(char *buf)
         }
 
         /* Enforce some basic URL rules... */
-        if ((isalnum(*buf) == 0 && *buf != '-' && *buf != '.') ||
+        if ((isalnum((int)(*buf)) == 0 && *buf != '-' && *buf != '.') ||
                 (*buf == '.' && *(buf+1) == '.') ||
                 (*buf == '.' && *(buf+1) == '-') ||
                 (*buf == '-' && *(buf+1) == '.'))
diff --git a/www/index.html b/www/index.html
index 4f6d4ccc74..ba4a7d8028 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201005010429" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201005071046" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From e686f3b6c6289aca2d5e060f0b55d9309c5c7ebc Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 May 2010 07:37:49 +0000
Subject: [PATCH 146/301] added alert for renegotiation failure

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@172 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h          |  1 +
 ssl/test/ssltest.c | 18 ++++++++++--------
 ssl/tls1.c         |  9 ++++++++-
 ssl/x509.c         |  1 -
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9e9d801c06..bde6b68656 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -115,6 +115,7 @@ extern "C" {
 #define SSL_ALERT_DECODE_ERROR                  50
 #define SSL_ALERT_DECRYPT_ERROR                 51
 #define SSL_ALERT_INVALID_VERSION               70
+#define SSL_ALERT_NO_RENEGOTIATION              100
 
 /* The ciphers that are supported */
 #define SSL_AES128_SHA                          0x2f
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 62169d45a4..bdc3f8d36a 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -53,8 +53,8 @@
 #define DEFAULT_KEY             "../ssl/test/axTLS.key_512"     
 //#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
 #define DEFAULT_SVR_OPTION      0
-#define DEFAULT_CLNT_OPTION     0
 //#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_CLNT_OPTION     0
 
 static int g_port = 19001;
 
@@ -1281,7 +1281,7 @@ static int SSL_client_test(
 #endif
     }
     
-    usleep(200000);           /* allow server to start */
+    usleep(500000);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1449,12 +1449,14 @@ int SSL_client_tests(void)
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
-    sess_resume.do_reneg = 1;
-    if ((ret = SSL_client_test("Client renegotiation", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-    sess_resume.do_reneg = 0;
+// no client renegotiation
+// TODO: this was causing a lock-up on x509_free()
+//    sess_resume.do_reneg = 1;
+//    if ((ret = SSL_client_test("Client renegotiation", 
+//                    &ssl_ctx, NULL, &sess_resume, 
+//                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+//        goto cleanup;
+//    sess_resume.do_reneg = 0;
 
     sess_resume.stop_server = 1;
     if ((ret = SSL_client_test("Client session resumption #2", 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 5ce8c24539..a93df824d3 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1410,7 +1410,6 @@ int send_alert(SSL *ssl, int error_code)
 
         case SSL_ERROR_INVALID_HANDSHAKE:
         case SSL_ERROR_INVALID_PROT_MSG:
-        case SSL_ERROR_NO_CLIENT_RENOG:
             alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
             break;
 
@@ -1433,6 +1432,10 @@ int send_alert(SSL *ssl, int error_code)
             alert_num = SSL_ALERT_BAD_CERTIFICATE;
             break;
 
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            alert_num = SSL_ALERT_NO_RENEGOTIATION;
+            break;
+
         default:
             /* a catch-all for any badly verified certificates */
             alert_num = (error_code <= SSL_X509_OFFSET) ?  
@@ -2032,6 +2035,10 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
             printf("decrypt error");
             break;
 
+        case SSL_ALERT_NO_RENEGOTIATION:
+            printf("no renegotiation");
+            break;
+
         default:
             printf("alert - (unknown %d)", alert);
             break;
diff --git a/ssl/x509.c b/ssl/x509.c
index 89e2681a5b..595585b551 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -234,7 +234,6 @@ void x509_free(X509_CTX *x509_ctx)
         free(x509_ctx->cert_dn[i]);
     }
 
-
     free(x509_ctx->signature);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION 

From 92b07bc18d2af04ab6c259d7550c9281ce53f388 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 9 May 2010 09:18:03 +0000
Subject: [PATCH 147/301] changed test for ssl_renegotiation failure

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@173 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 20 ++++++++++++--------
 ssl/x509.c         |  1 -
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index bdc3f8d36a..2ea473fbac 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1352,7 +1352,7 @@ static int SSL_client_test(
     /* renegotiate client */
     if (sess_resume && sess_resume->do_reneg) 
     {
-        if (ssl_renegotiate(ssl) < 0)
+        if ((ret = ssl_renegotiate(ssl)) < 0)
             goto client_test_exit;
     }
 
@@ -1451,12 +1451,16 @@ int SSL_client_tests(void)
 
 // no client renegotiation
 // TODO: this was causing a lock-up on x509_free()
-//    sess_resume.do_reneg = 1;
-//    if ((ret = SSL_client_test("Client renegotiation", 
-//                    &ssl_ctx, NULL, &sess_resume, 
-//                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-//        goto cleanup;
-//    sess_resume.do_reneg = 0;
+    sess_resume.do_reneg = 1;
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
+           -SSL_ALERT_NO_RENEGOTIATION)
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+    sess_resume.do_reneg = 0;
 
     sess_resume.stop_server = 1;
     if ((ret = SSL_client_test("Client session resumption #2", 
@@ -1527,7 +1531,7 @@ int SSL_client_tests(void)
                     DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
                     NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
     {
-        printf("*** Error: %d\n", ret);
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
         goto cleanup;
     }
 
diff --git a/ssl/x509.c b/ssl/x509.c
index 595585b551..dcdea04f1f 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -252,7 +252,6 @@ void x509_free(X509_CTX *x509_ctx)
 #endif
 
     RSA_free(x509_ctx->rsa_ctx);
-
     next = x509_ctx->next;
     free(x509_ctx);
     x509_free(next);        /* clear the chain */

From c1c56567189a2e35c5d55a35055c43e304ec9647 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 2 Jun 2010 12:39:51 +0000
Subject: [PATCH 148/301] fixed memory leak in test harness

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@174 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 2ea473fbac..29ec4ccd16 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1550,6 +1550,7 @@ int SSL_client_tests(void)
         printf("All client tests passed\n"); TTY_FLUSH();
     }
 
+    ssl_ctx_free(ssl_ctx);
     return ret;
 }
 

From 09e79822d543fd9ceece018fdf1eaba58789055e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 6 Aug 2010 09:58:26 +0000
Subject: [PATCH 149/301] some fixes to bigint library

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@175 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c      |  4 ++--
 crypto/crypto_misc.c | 10 +++++-----
 ssl/test/ssltest.c   | 23 +++++++++++------------
 ssl/tls1.c           | 20 ++++++++++++++++----
 www/index.html       |  4 ++--
 5 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index 53a5839293..1d95bd549d 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -1128,7 +1128,7 @@ static int find_max_exp_index(bigint *biexp)
         }
 
         shift >>= 1;
-    } while (--i != 0);
+    } while (i-- != 0);
 
     return -1;      /* error - must have been a leading 0 */
 }
@@ -1151,7 +1151,7 @@ static int exp_bit_is_one(bigint *biexp, int offset)
         shift <<= 1;
     }
 
-    return test & shift;
+    return (test & shift) != 0;
 }
 
 #ifdef CONFIG_BIGINT_CHECK_ON
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index a44c5c22af..402efe7395 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -48,10 +48,10 @@ static HCRYPTPROV gCryptProv;
 #endif
 
 #if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
-/* change to 32bit processor registers as appropriate */
+/* change to processor registers as appropriate */
 #define ENTROPY_POOL_SIZE 32
-#define ENTROPY_COUNTER1 (uint32_t)((tv.tv_sec<<16) + tv.tv_usec)
-#define ENTROPY_COUNTER2 (uint32_t)rand()
+#define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)
+#define ENTROPY_COUNTER2 rand()
 static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
 #endif
 
@@ -181,8 +181,8 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     /* A proper implementation would use counters etc for entropy */
     gettimeofday(&tv, NULL);    
     uint64_t *ep = (uint64_t *)entropy_pool;
-    ep[0] ^= (uint64_t)ENTROPY_COUNTER1;
-    ep[1] ^= (uint64_t)ENTROPY_COUNTER2; 
+    ep[0] ^= ENTROPY_COUNTER1;
+    ep[1] ^= ENTROPY_COUNTER2; 
 
     /* use a digested version of the entropy pool as a key */
     MD5_Init(&rng_digest_ctx);
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 29ec4ccd16..32297abd1c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1449,18 +1449,17 @@ int SSL_client_tests(void)
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
-// no client renegotiation
-// TODO: this was causing a lock-up on x509_free()
-    sess_resume.do_reneg = 1;
-    if ((ret = SSL_client_test("Client renegotiation", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
-           -SSL_ALERT_NO_RENEGOTIATION)
-    {
-        printf("*** Error: %d\n", ret); TTY_FLUSH();
-        goto cleanup;
-    }
-    sess_resume.do_reneg = 0;
+    // no client renegotiation
+    //sess_resume.do_reneg = 1;
+    //if ((ret = SSL_client_test("Client renegotiation", 
+    //                &ssl_ctx, NULL, &sess_resume, 
+    //                DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
+    //       -SSL_ALERT_NO_RENEGOTIATION)
+    //{
+    //    printf("*** Error: %d\n", ret); TTY_FLUSH();
+    //    goto cleanup;
+    //}
+    //sess_resume.do_reneg = 0;
 
     sess_resume.stop_server = 1;
     if ((ret = SSL_client_test("Client session resumption #2", 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index a93df824d3..d9f147a09c 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -47,7 +47,7 @@ static const char * server_finished = "server finished";
 static const char * client_finished = "client finished";
 
 static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
-static void set_key_block(SSL *ssl, int is_write);
+static int set_key_block(SSL *ssl, int is_write);
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
 static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
@@ -1059,7 +1059,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
  * Work out the cipher keys we are going to use for this session based on the
  * master secret.
  */
-static void set_key_block(SSL *ssl, int is_write)
+static int set_key_block(SSL *ssl, int is_write)
 {
     const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
     uint8_t *q;
@@ -1067,6 +1067,9 @@ static void set_key_block(SSL *ssl, int is_write)
     uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
 
+    if (ciph_info == NULL)
+        return -1;
+
     /* only do once in a handshake */
     if (ssl->dc->key_block == NULL)
     {
@@ -1138,6 +1141,7 @@ static void set_key_block(SSL *ssl, int is_write)
     }
 
     ssl->cipher_info = ciph_info;
+    return 0;
 }
 
 /**
@@ -1251,7 +1255,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
             /* all encrypted from now on */
             SET_SSL_FLAG(SSL_RX_ENCRYPTED);
-            set_key_block(ssl, 0);
+            if (set_key_block(ssl, 0) < 0)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+            
             memset(ssl->read_sequence, 0, 8);
             break;
 
@@ -1341,7 +1350,10 @@ int send_change_cipher_spec(SSL *ssl)
     int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
             g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
     SET_SSL_FLAG(SSL_TX_ENCRYPTED);
-    set_key_block(ssl, 1);
+
+    if (ret >= 0 && set_key_block(ssl, 1) < 0)
+        ret = SSL_ERROR_INVALID_HANDSHAKE;
+
     memset(ssl->write_sequence, 0, 8);
     return ret;
 }
diff --git a/www/index.html b/www/index.html
index ba4a7d8028..21d2b676df 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201005071046" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201008060911" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.6@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
@@ -7097,7 +7097,7 @@
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="200804011308" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://127.0.0.1/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://127.0.0.1/test_dir/no_http]] and [[/test_dir/no_ssl|https://127.0.0.1/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://127.0.0.1/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html]|http://127.0.0.1/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://127.0.0.1/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="201006252315" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://97.74.112.97:8443/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://97.74.112.97:8080/test_dir/no_http]] and [[/test_dir/no_ssl|https://97.74.112.97:8443/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://97.74.112.97:8080/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://97.74.112.97:8080/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://97.74.112.97:8080/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From c69b6901fb26ecfeedc7ec56c0dd6fbf0ac9157c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 7 Aug 2010 07:34:41 +0000
Subject: [PATCH 150/301] removed redundant x509_free() in do_client_connect()

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@176 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 26 +++++++++++++-------------
 ssl/tls1.c         |  2 +-
 ssl/tls1_clnt.c    |  3 +--
 3 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 32297abd1c..328bbdca3d 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1352,8 +1352,12 @@ static int SSL_client_test(
     /* renegotiate client */
     if (sess_resume && sess_resume->do_reneg) 
     {
-        if ((ret = ssl_renegotiate(ssl)) < 0)
-            goto client_test_exit;
+        if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION) 
+            ret = 0;
+        else
+            ret = -SSL_ALERT_NO_RENEGOTIATION;
+
+        goto client_test_exit;
     }
 
     if (sess_resume)
@@ -1450,16 +1454,13 @@ int SSL_client_tests(void)
         goto cleanup;
 
     // no client renegotiation
-    //sess_resume.do_reneg = 1;
-    //if ((ret = SSL_client_test("Client renegotiation", 
-    //                &ssl_ctx, NULL, &sess_resume, 
-    //                DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) !=
-    //       -SSL_ALERT_NO_RENEGOTIATION)
-    //{
-    //    printf("*** Error: %d\n", ret); TTY_FLUSH();
-    //    goto cleanup;
-    //}
-    //sess_resume.do_reneg = 0;
+    sess_resume.do_reneg = 1;
+    // test relies on openssl killing the call
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
 
     sess_resume.stop_server = 1;
     if ((ret = SSL_client_test("Client session resumption #2", 
@@ -1579,7 +1580,6 @@ static void do_basic(void)
     /* check the return status */
     if (ssl_handshake_status(ssl_clnt) < 0)
     {
-        printf("YA YA\n");
         ssl_display_error(ssl_handshake_status(ssl_clnt));
         goto error;
     }
diff --git a/ssl/tls1.c b/ssl/tls1.c
index d9f147a09c..94f413b533 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1239,7 +1239,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                 ssl->dc->bm_proc_index = 0;
                 ret = do_handshake(ssl, buf, read_len);
             }
-            else /* no client renogiation allowed */
+            else /* no client renegotiation allowed */
             {
                 ret = SSL_ERROR_NO_CLIENT_RENOG;              
                 goto error;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index beb0e278b2..3289afa756 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -123,7 +123,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
         case HS_FINISHED:
             ret = process_finished(ssl, hs_len);
             disposable_free(ssl);   /* free up some memory */
-            /* note: client renogiation is not allowed after this */
+            /* note: client renegotiation is not allowed after this */
             break;
 
         case HS_HELLO_REQUEST:
@@ -146,7 +146,6 @@ int do_client_connect(SSL *ssl)
     ssl->bm_read_index = 0;
     ssl->next_state = HS_SERVER_HELLO;
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
-    x509_free(ssl->x509_ctx);
 
     /* sit in a loop until it all looks good */
     while (ssl->hs_status != SSL_OK)

From 7e570e3943ea721c1e54045a47a851915fd18dfc Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 27 Dec 2010 09:40:51 +0000
Subject: [PATCH 151/301] Fixed 3132700 (close_notify), 3078672
 (regular_square), 3072881 (process_server_hello). Using Montgomery until
 q_dash issue solved.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@180 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c                    |  61 ++++++++---------
 crypto/bigint_impl.h               |  23 ++++++-
 crypto/rsa.c                       |   2 +-
 samples/c/axssl.c                  |   5 ++
 ssl/BigIntConfig.in                |   2 +-
 ssl/Makefile                       |   4 +-
 ssl/asn1.c                         |   1 +
 ssl/cert.h                         |  56 ++++++++--------
 ssl/private_key.h                  | 102 ++++++++++++++---------------
 ssl/ssl.h                          |   5 ++
 ssl/test/axTLS.ca_key.pem          |  26 ++++----
 ssl/test/axTLS.ca_x509.cer         | Bin 483 -> 483 bytes
 ssl/test/axTLS.ca_x509.pem         |  20 +++---
 ssl/test/axTLS.device_key          | Bin 609 -> 608 bytes
 ssl/test/axTLS.device_key.pem      |  26 ++++----
 ssl/test/axTLS.encrypted.p8        | Bin 385 -> 383 bytes
 ssl/test/axTLS.encrypted_pem.p8    |  17 +++--
 ssl/test/axTLS.key_1024            | Bin 609 -> 609 bytes
 ssl/test/axTLS.key_1024.pem        |  26 ++++----
 ssl/test/axTLS.key_1042            | Bin 0 -> 619 bytes
 ssl/test/axTLS.key_1042.pem        |  15 +++++
 ssl/test/axTLS.key_2048            | Bin 1191 -> 1192 bytes
 ssl/test/axTLS.key_2048.pem        |  50 +++++++-------
 ssl/test/axTLS.key_4096            | Bin 2349 -> 2348 bytes
 ssl/test/axTLS.key_4096.pem        |  98 +++++++++++++--------------
 ssl/test/axTLS.key_512             | Bin 321 -> 319 bytes
 ssl/test/axTLS.key_512.pem         |  14 ++--
 ssl/test/axTLS.key_aes128.pem      |  16 ++---
 ssl/test/axTLS.key_aes256.pem      |  16 ++---
 ssl/test/axTLS.noname.p12          | Bin 1483 -> 1483 bytes
 ssl/test/axTLS.unencrypted.p8      | Bin 347 -> 345 bytes
 ssl/test/axTLS.unencrypted_pem.p8  |  16 ++---
 ssl/test/axTLS.withCA.p12          | Bin 2089 -> 2089 bytes
 ssl/test/axTLS.withoutCA.p12       | Bin 1573 -> 1573 bytes
 ssl/test/axTLS.x509_1024.cer       | Bin 475 -> 475 bytes
 ssl/test/axTLS.x509_1024.pem       |  18 ++---
 ssl/test/axTLS.x509_1042.cer       | Bin 0 -> 477 bytes
 ssl/test/axTLS.x509_1042.pem       |  12 ++++
 ssl/test/axTLS.x509_2048.cer       | Bin 607 -> 607 bytes
 ssl/test/axTLS.x509_2048.pem       |  24 +++----
 ssl/test/axTLS.x509_4096.cer       | Bin 863 -> 863 bytes
 ssl/test/axTLS.x509_4096.pem       |  34 +++++-----
 ssl/test/axTLS.x509_512.cer        | Bin 406 -> 406 bytes
 ssl/test/axTLS.x509_512.pem        |  18 ++---
 ssl/test/axTLS.x509_aes128.pem     |  18 ++---
 ssl/test/axTLS.x509_aes256.pem     |  18 ++---
 ssl/test/axTLS.x509_bad_after.pem  |  18 ++---
 ssl/test/axTLS.x509_bad_before.pem |  14 ++--
 ssl/test/axTLS.x509_device.cer     | Bin 401 -> 401 bytes
 ssl/test/axTLS.x509_device.pem     |  38 +++++------
 ssl/test/killopenssl.sh            |   1 +
 ssl/test/make_certs.sh             |  25 ++++---
 ssl/test/ssltest.c                 |  67 ++++++++++++++++---
 ssl/tls1.c                         |  18 +++--
 ssl/tls1.h                         |   1 +
 ssl/tls1_clnt.c                    |   6 ++
 www/index.html                     |   2 +-
 57 files changed, 532 insertions(+), 401 deletions(-)
 create mode 100644 ssl/test/axTLS.key_1042
 create mode 100644 ssl/test/axTLS.key_1042.pem
 create mode 100644 ssl/test/axTLS.x509_1042.cer
 create mode 100644 ssl/test/axTLS.x509_1042.pem

diff --git a/crypto/bigint.c b/crypto/bigint.c
index 1d95bd549d..28b3c0ca0d 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -442,18 +442,18 @@ bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
         else
         {
             q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
-        }
 
-        if (v->size > 1 && V2)
-        {
-            /* we are implementing the following:
-            if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
-                    q_dash*V1)*COMP_RADIX) + U(2))) ... */
-            comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
-                                        (long_comp)q_dash*V1);
-            if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+            if (v->size > 1 && V2)
             {
-                q_dash--;
+                /* we are implementing the following:
+                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                        q_dash*V1)*COMP_RADIX) + U(2))) ... */
+                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                            (long_comp)q_dash*V1);
+                if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+                {
+                    q_dash--;
+                }
             }
         }
 
@@ -926,55 +926,52 @@ bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 /*
  * Perform the actual square operion. It takes into account overflow.
  */
-static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+bigint *regular_square(BI_CTX *ctx, bigint *bi)
 {
     int t = bi->size;
     int i = 0, j;
     bigint *biR = alloc(ctx, t*2);
     comp *w = biR->comps;
     comp *x = bi->comps;
-    comp carry;
-
+    long_comp carry;
     memset(w, 0, biR->size*COMP_BYTE_SIZE);
 
     do
     {
         long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
-        comp u = 0;
+        uint8_t c = 0, q = 0;
         w[2*i] = (comp)tmp;
         carry = (comp)(tmp >> COMP_BIT_SIZE);
 
         for (j = i+1; j < t; j++)
         {
+            c = q = 0;
             long_comp xx = (long_comp)x[i]*x[j];
-            long_comp xx2 = 2*xx;
-            long_comp blob = (long_comp)w[i+j]+carry;
+            if (COMP_MAX-xx < xx)
+                c = 1;
 
-            if (u)                  /* previous overflow */
-            {
-                blob += COMP_RADIX;
-            }
+            tmp = (xx<<1);
 
+            if (COMP_MAX-tmp < w[i+j])
+                c = 1;
 
-            u = 0;
-            tmp = xx2 + blob;
+            tmp += w[i+j];
 
-            /* check for overflow */
-            if ((COMP_MAX-xx) < xx  || (COMP_MAX-xx2) < blob)
-            {
-                u = 1;
-            }
+            if (COMP_MAX-tmp < carry)
+                c = q = 1;
 
+            tmp += carry;
             w[i+j] = (comp)tmp;
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
+            carry = tmp >> COMP_BIT_SIZE;
+
+            if (c)
+                carry += COMP_RADIX;
         }
 
         w[i+t] += carry;
 
-        if (u)
-        {
-            w[i+t+1] = 1;   /* add carry */
-        }
+        if (c && !q)
+            w[i+t+1] = 1; /* add carry */
     } while (++i < t);
 
     bi_free(ctx, bi);
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
index 1483154a41..0b76aee2d4 100644
--- a/crypto/bigint_impl.h
+++ b/crypto/bigint_impl.h
@@ -41,7 +41,28 @@
 #define BIGINT_NUM_MODS     1    
 #endif
 
+//#define REGISTER_8          1
+
 /* Architecture specific functions for big ints */
+#if defined(REGISTER_8)
+#define COMP_RADIX          256U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */
+typedef uint8_t comp;	        /**< A single precision component. */
+typedef uint16_t long_comp;     /**< A double precision component. */
+typedef int16_t slong_comp;     /**< A signed double precision component. */
+#elif defined(REGISTER_16)
+#define COMP_RADIX          65536U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */
+typedef uint16_t comp;	        /**< A single precision component. */
+typedef uint32_t long_comp;     /**< A double precision component. */
+typedef int32_t slong_comp;     /**< A signed double precision component. */
+#else /* regular 32 bit */
 #ifdef WIN32
 #define COMP_RADIX          4294967296i64         
 #define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
@@ -52,10 +73,10 @@
 #define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
 #define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
 #define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
-
 typedef uint32_t comp;	        /**< A single precision component. */
 typedef uint64_t long_comp;     /**< A double precision component. */
 typedef int64_t slong_comp;     /**< A signed double precision component. */
+#endif
 
 /**
  * @struct  _bigint
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 31627bb319..0be429856d 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -88,7 +88,7 @@ void RSA_pub_key_new(RSA_CTX **ctx,
     *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
     rsa_ctx = *ctx;
     rsa_ctx->bi_ctx = bi_ctx;
-    rsa_ctx->num_octets = (mod_len & 0xFFF0);
+    rsa_ctx->num_octets = mod_len;
     rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
     bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
     rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 6892ee452b..d9d9a60711 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -385,6 +385,11 @@ static void do_server(int argc, char *argv[])
                         printf("%s", read_buf);
                         TTY_FLUSH();
                     }
+                    else if (res == SSL_CLOSE_NOTIFY)
+                    {
+                        printf("shutting down SSL\n");
+                        TTY_FLUSH();
+                    }
                     else if (res < SSL_OK && !quiet)
                     {
                         ssl_display_error(res);
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
index 04c7438c07..cace9c5687 100644
--- a/ssl/BigIntConfig.in
+++ b/ssl/BigIntConfig.in
@@ -8,7 +8,7 @@ menu "BigInt Options"
 
 choice
     prompt "Reduction Algorithm"
-    default CONFIG_BIGINT_BARRETT 
+    default CONFIG_BIGINT_MONTGOMERY
 
 config CONFIG_BIGINT_CLASSICAL
     bool "Classical"
diff --git a/ssl/Makefile b/ssl/Makefile
index 62a62047dc..aafe7bc9b6 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -91,10 +91,10 @@ include $(AXTLS_HOME)/config/makefile.post
 
 ifndef CONFIG_PLATFORM_WIN32     # Linux/Unix/Cygwin
 
-$(TARGET1) : $(OBJ)
+$(TARGET1) : $(CRYPTO_OBJ) $(OBJ)
 	$(AR) -r $@ $(CRYPTO_OBJ) $(OBJ)
 
-$(TARGET2) : $(OBJ)
+$(TARGET2) : $(CRYPTO_OBJ) $(OBJ)
 ifndef CONFIG_PLATFORM_CYGWIN
 	$(LD) $(LDFLAGS) $(LDSHARED) -Wl,-soname,$(LIBMAJOR) -o $(AXTLS_HOME)/$(STAGE)/$(LIBMINOR) $(CRYPTO_OBJ) $(OBJ)
 	cd $(AXTLS_HOME)/$(STAGE); ln -sf $(LIBMINOR) $(LIBMAJOR); ln -sf $(LIBMAJOR) $(BASETARGET); cd -
diff --git a/ssl/asn1.c b/ssl/asn1.c
index ee474f4c1e..ca2701ef3a 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -210,6 +210,7 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 
     if (buf[(*offset)++] != ASN1_UTC_TIME)
         goto end_utc_time;
+
     len = get_asn1_length(buf, offset);
     t_offset = *offset;
 
diff --git a/ssl/cert.h b/ssl/cert.h
index 7a85d2d843..30c7b65882 100644
--- a/ssl/cert.h
+++ b/ssl/cert.h
@@ -1,43 +1,43 @@
 unsigned char default_certificate[] = {
-  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xf1,
-  0xc3, 0x87, 0xc0, 0xd4, 0xf4, 0x57, 0xc3, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xab,
+  0x08, 0x18, 0xa7, 0x03, 0x07, 0x27, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a,
   0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
   0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
   0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
   0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
   0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
-  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x36,
-  0x30, 0x37, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a, 0x17, 0x0d, 0x33,
-  0x33, 0x31, 0x30, 0x32, 0x33, 0x31, 0x31, 0x34, 0x34, 0x33, 0x32, 0x5a,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32,
+  0x32, 0x36, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32,
+  0x34, 0x30, 0x39, 0x30, 0x33, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a,
   0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
   0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
   0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
   0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
   0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
   0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xd8, 0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5,
-  0xfd, 0x0b, 0xa8, 0xa8, 0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c,
-  0xb5, 0xd9, 0xbc, 0xc6, 0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8,
-  0x29, 0x48, 0x0e, 0x7b, 0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f,
-  0x38, 0xe5, 0xb5, 0xb7, 0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3,
-  0x40, 0x1e, 0xf9, 0x91, 0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e,
-  0xdc, 0xf6, 0xaa, 0x1c, 0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73,
-  0xd9, 0x09, 0x05, 0x4c, 0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7,
-  0x14, 0x91, 0x44, 0xfc, 0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba,
-  0x8c, 0xc3, 0x74, 0x39, 0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4,
-  0x40, 0x95, 0x8c, 0xc0, 0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02,
+  0x81, 0x81, 0x00, 0xcd, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76,
+  0xd4, 0x13, 0x30, 0x0e, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f,
+  0x51, 0x09, 0x9d, 0x29, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90,
+  0x80, 0xa1, 0x71, 0xdf, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14,
+  0x90, 0x0a, 0xf9, 0xb7, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d,
+  0x57, 0x41, 0x86, 0x60, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46,
+  0x1b, 0xf6, 0xa2, 0x84, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa,
+  0x91, 0xf8, 0x61, 0x04, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a,
+  0xcc, 0x31, 0x01, 0x14, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82,
+  0xd6, 0xc6, 0xc4, 0xbe, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32,
+  0x7a, 0x86, 0x0e, 0x91, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02,
   0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x0b,
-  0x47, 0x24, 0x52, 0x7d, 0xb6, 0x63, 0x78, 0xbc, 0x80, 0xdd, 0x87, 0x6c,
-  0x90, 0x4c, 0x33, 0xc3, 0x5c, 0xa7, 0x97, 0x09, 0x1c, 0x09, 0x4f, 0x9b,
-  0x6e, 0xb3, 0x5a, 0x3e, 0x46, 0x92, 0x1a, 0xc7, 0x87, 0x15, 0x59, 0xe1,
-  0x88, 0x5c, 0xce, 0x6a, 0xe2, 0x96, 0xaa, 0x32, 0xec, 0xc2, 0xed, 0x78,
-  0x8b, 0xe0, 0x90, 0x66, 0x93, 0x14, 0xc3, 0x98, 0xab, 0x33, 0x35, 0xd3,
-  0x7d, 0x5d, 0x51, 0x0a, 0x9c, 0xb9, 0x10, 0x58, 0x47, 0x7a, 0x98, 0x95,
-  0x64, 0xff, 0x4c, 0x5d, 0x82, 0x19, 0xf9, 0xea, 0x0f, 0x5e, 0x9a, 0xcb,
-  0x32, 0x27, 0x64, 0xca, 0x6f, 0x58, 0x8a, 0xd0, 0xc0, 0x36, 0xf4, 0xb9,
-  0x63, 0x34, 0xa5, 0xda, 0x36, 0x50, 0x36, 0x49, 0xd2, 0xb7, 0x3a, 0x21,
-  0x33, 0x5b, 0x3e, 0xd6, 0x5f, 0x0c, 0x99, 0x83, 0xb7, 0xb2, 0xf7, 0x8b,
-  0x44, 0xc4, 0x5e, 0x73, 0x41, 0xa9, 0x02
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x40,
+  0xb4, 0x94, 0x9a, 0xa8, 0x89, 0x72, 0x1d, 0x07, 0xe5, 0xb3, 0x6b, 0x88,
+  0x21, 0xc2, 0x38, 0x36, 0x9e, 0x7a, 0x8c, 0x49, 0x48, 0x68, 0x0c, 0x06,
+  0xe8, 0xdb, 0x1f, 0x4e, 0x05, 0xe6, 0x31, 0xe3, 0xfd, 0xe6, 0x0d, 0x6b,
+  0xd8, 0x13, 0x17, 0xe0, 0x2d, 0x0d, 0xb8, 0x7e, 0xcb, 0x20, 0x6c, 0xa8,
+  0x73, 0xa7, 0xfd, 0xe3, 0xa7, 0xfa, 0xf3, 0x02, 0x60, 0x78, 0x1f, 0x13,
+  0x40, 0x45, 0xee, 0x75, 0xf5, 0x10, 0xfd, 0x8f, 0x68, 0x74, 0xd4, 0xac,
+  0xae, 0x04, 0x09, 0x55, 0x2c, 0xdb, 0xd8, 0x07, 0x07, 0x65, 0x69, 0x27,
+  0x6e, 0xbf, 0x5e, 0x61, 0x40, 0x56, 0x8b, 0xd7, 0x33, 0x3b, 0xff, 0x6e,
+  0x53, 0x7e, 0x9d, 0x3f, 0xc0, 0x40, 0x3a, 0xab, 0xa0, 0x50, 0x4e, 0x80,
+  0x47, 0x46, 0x0d, 0x1e, 0xdb, 0x4c, 0xf1, 0x1b, 0x5d, 0x3c, 0x2a, 0x54,
+  0xa7, 0x4d, 0xfa, 0x7b, 0x72, 0x66, 0xc5
 };
 unsigned int default_certificate_len = 475;
diff --git a/ssl/private_key.h b/ssl/private_key.h
index 96a5253312..ce7985c5a7 100644
--- a/ssl/private_key.h
+++ b/ssl/private_key.h
@@ -1,54 +1,54 @@
 unsigned char default_private_key[] = {
-  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xd8,
-  0xe0, 0xbf, 0x15, 0xde, 0xea, 0xaf, 0xe8, 0xd5, 0xfd, 0x0b, 0xa8, 0xa8,
-  0xb3, 0xd7, 0x46, 0x5d, 0xa7, 0x26, 0x6c, 0x0c, 0xb5, 0xd9, 0xbc, 0xc6,
-  0xf8, 0xc0, 0x78, 0xd0, 0xf6, 0x56, 0x65, 0xf8, 0x29, 0x48, 0x0e, 0x7b,
-  0x0b, 0xa6, 0x25, 0x7e, 0xe8, 0x7b, 0x79, 0x6f, 0x38, 0xe5, 0xb5, 0xb7,
-  0xf4, 0xe0, 0x9c, 0x91, 0x60, 0xf4, 0x06, 0xf3, 0x40, 0x1e, 0xf9, 0x91,
-  0x19, 0xa9, 0x2f, 0x47, 0x43, 0xb5, 0x9b, 0x1e, 0xdc, 0xf6, 0xaa, 0x1c,
-  0x49, 0x79, 0x21, 0x28, 0xcb, 0xaa, 0x49, 0x73, 0xd9, 0x09, 0x05, 0x4c,
-  0x02, 0xf2, 0x4c, 0x4d, 0x6c, 0x1c, 0x80, 0xa7, 0x14, 0x91, 0x44, 0xfc,
-  0x12, 0xb3, 0xe1, 0xe7, 0xe3, 0x4f, 0x44, 0xba, 0x8c, 0xc3, 0x74, 0x39,
-  0xe8, 0x4c, 0xd0, 0xd4, 0x4c, 0x24, 0x61, 0xb4, 0x40, 0x95, 0x8c, 0xc0,
-  0x0a, 0xb7, 0x02, 0x39, 0x31, 0x85, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01,
-  0x02, 0x81, 0x81, 0x00, 0x94, 0x07, 0x72, 0xe5, 0xbe, 0xad, 0x79, 0x3b,
-  0xf7, 0x33, 0x2c, 0x8e, 0x05, 0xf8, 0x1a, 0x6b, 0xd0, 0xe8, 0x91, 0xf5,
-  0x16, 0x07, 0xd9, 0x82, 0x5c, 0x5c, 0xd5, 0x22, 0xa1, 0x9e, 0x42, 0x02,
-  0x7f, 0x8b, 0xcd, 0xbe, 0xf4, 0x85, 0x52, 0xf6, 0x2c, 0xd5, 0x09, 0xd2,
-  0x2c, 0xf4, 0x2c, 0xf6, 0x07, 0x85, 0x80, 0xf9, 0xdc, 0xd0, 0xcc, 0x3f,
-  0x22, 0x31, 0x15, 0xf3, 0x49, 0xf2, 0xb5, 0xe2, 0x69, 0x99, 0x04, 0x04,
-  0x49, 0x21, 0xdb, 0x9f, 0xa1, 0x54, 0x5a, 0xfa, 0xe4, 0xd9, 0xf9, 0x07,
-  0x05, 0xff, 0x9a, 0x65, 0xa4, 0xeb, 0xf2, 0x47, 0xce, 0x56, 0xc7, 0x72,
-  0x49, 0x48, 0x5c, 0xe8, 0x14, 0xd7, 0x8f, 0x25, 0xcc, 0x49, 0x29, 0x06,
-  0x6a, 0x54, 0x7b, 0x17, 0xdc, 0x9e, 0xd4, 0x53, 0xf0, 0xf5, 0x9e, 0x85,
-  0x25, 0xa1, 0xeb, 0x3d, 0xe9, 0x2f, 0xb9, 0x9c, 0xf6, 0xe1, 0x80, 0x81,
-  0x02, 0x41, 0x00, 0xee, 0x02, 0x78, 0xc7, 0x78, 0x85, 0x04, 0x97, 0xcc,
-  0x36, 0xbd, 0xd6, 0x11, 0xe2, 0xc7, 0x39, 0xd9, 0x34, 0x51, 0x72, 0x6f,
-  0x8a, 0x0f, 0xcd, 0x88, 0x32, 0x33, 0x9b, 0xc7, 0xa7, 0x03, 0x77, 0xd9,
-  0x82, 0x35, 0xb6, 0xdd, 0x1f, 0xc2, 0xc1, 0x13, 0x40, 0x83, 0x55, 0xeb,
-  0x60, 0xeb, 0x81, 0x8e, 0x0c, 0x16, 0x62, 0xb4, 0xb4, 0x3c, 0xeb, 0x08,
-  0x80, 0x9c, 0x79, 0xd3, 0x38, 0xca, 0xf1, 0x02, 0x41, 0x00, 0xe9, 0x45,
-  0x5f, 0x2e, 0x16, 0xcc, 0x93, 0x50, 0x40, 0xb6, 0x79, 0xbc, 0x38, 0xe0,
-  0x56, 0x68, 0x50, 0xd3, 0x2f, 0x73, 0x8c, 0x8c, 0x2a, 0x0e, 0x81, 0x4a,
-  0x8a, 0xbb, 0xcc, 0xf0, 0x64, 0x34, 0x46, 0x9f, 0x07, 0x7d, 0x22, 0xb6,
-  0xf9, 0x46, 0xac, 0x57, 0x23, 0x8c, 0x1e, 0xeb, 0xd3, 0x05, 0x4d, 0xa8,
-  0x83, 0x6a, 0x67, 0xf6, 0xa6, 0xb1, 0xab, 0x8e, 0xc1, 0xef, 0xef, 0x7d,
-  0xf0, 0xc3, 0x02, 0x40, 0x2f, 0xc6, 0x59, 0x3e, 0x18, 0xe8, 0x02, 0x73,
-  0x01, 0xef, 0xdf, 0x0d, 0x30, 0x4b, 0xe8, 0x17, 0xa9, 0x8c, 0xc1, 0xe8,
-  0x89, 0x91, 0x19, 0xf8, 0xf4, 0xa4, 0xb7, 0x0d, 0x46, 0xf7, 0x34, 0x50,
-  0x03, 0x5e, 0x0a, 0xb0, 0x29, 0x14, 0xae, 0x00, 0x19, 0x80, 0x32, 0x9c,
-  0xb5, 0x81, 0x9f, 0xe4, 0x42, 0x82, 0x14, 0xa0, 0x3d, 0x8b, 0x8c, 0x4a,
-  0xd5, 0x4b, 0x13, 0x9d, 0xb4, 0x93, 0x4a, 0xd1, 0x02, 0x40, 0x64, 0x8c,
-  0x83, 0x77, 0x61, 0x5a, 0x73, 0x11, 0x3f, 0xa3, 0xa8, 0x1b, 0x8a, 0xc4,
-  0xa0, 0x5a, 0x3c, 0xa4, 0x9b, 0x2a, 0x8a, 0x65, 0x8c, 0x67, 0x4e, 0x31,
-  0xac, 0x55, 0x41, 0x04, 0x49, 0x9d, 0x02, 0xe7, 0xdf, 0x99, 0x7f, 0xd2,
-  0x30, 0xe6, 0xd6, 0xb8, 0x84, 0xd9, 0x0c, 0x27, 0x08, 0x81, 0x9b, 0xb4,
-  0xcc, 0x58, 0x9c, 0x51, 0x84, 0x0e, 0xc7, 0x6d, 0x34, 0x89, 0x50, 0xc9,
-  0x0f, 0x73, 0x02, 0x41, 0x00, 0xda, 0xde, 0x5e, 0x1a, 0xac, 0x1d, 0x1d,
-  0xd7, 0xb9, 0x65, 0x26, 0x00, 0xf5, 0xd4, 0xe4, 0x28, 0x84, 0x86, 0x2f,
-  0x00, 0x9c, 0x41, 0x00, 0x52, 0xe1, 0x47, 0x91, 0xc0, 0x52, 0x05, 0x4e,
-  0x0f, 0x2f, 0x0d, 0xca, 0x9b, 0x3d, 0x89, 0x41, 0xbf, 0xee, 0x9f, 0xa1,
-  0xe6, 0x9d, 0xa4, 0xeb, 0x45, 0x7f, 0xe3, 0xcb, 0xa4, 0x6b, 0x0a, 0xe2,
-  0x7e, 0xb0, 0x87, 0x5c, 0x40, 0xb1, 0x51, 0x11, 0x1d
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcd,
+  0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76, 0xd4, 0x13, 0x30, 0x0e,
+  0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f, 0x51, 0x09, 0x9d, 0x29,
+  0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90, 0x80, 0xa1, 0x71, 0xdf,
+  0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14, 0x90, 0x0a, 0xf9, 0xb7,
+  0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d, 0x57, 0x41, 0x86, 0x60,
+  0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46, 0x1b, 0xf6, 0xa2, 0x84,
+  0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa, 0x91, 0xf8, 0x61, 0x04,
+  0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a, 0xcc, 0x31, 0x01, 0x14,
+  0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82, 0xd6, 0xc6, 0xc4, 0xbe,
+  0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32, 0x7a, 0x86, 0x0e, 0x91,
+  0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0x95, 0xaa, 0x6e, 0x11, 0xf5, 0x6a, 0x8b, 0xa2,
+  0xc6, 0x48, 0xc6, 0x7c, 0x37, 0x6b, 0x1f, 0x55, 0x10, 0x76, 0x26, 0x24,
+  0xc3, 0xf2, 0x5c, 0x5a, 0xdd, 0x2e, 0xf3, 0xa4, 0x1e, 0xbc, 0x7b, 0x1c,
+  0x80, 0x10, 0x85, 0xbc, 0xd8, 0x45, 0x3c, 0xb8, 0xb2, 0x06, 0x53, 0xb5,
+  0xd5, 0x7a, 0xe7, 0x0e, 0x92, 0xe6, 0x42, 0xc2, 0xe2, 0x2a, 0xd5, 0xd1,
+  0x03, 0x9f, 0x6f, 0x53, 0x74, 0x68, 0x72, 0x8e, 0xbf, 0x03, 0xbb, 0xab,
+  0xbd, 0xa1, 0xf9, 0x81, 0x7d, 0x12, 0xd4, 0x9d, 0xb6, 0xae, 0x4c, 0xad,
+  0xca, 0xa8, 0xc9, 0x80, 0x8d, 0x0d, 0xd5, 0xd0, 0xa1, 0xbf, 0xec, 0x60,
+  0x48, 0x49, 0xed, 0x97, 0x0f, 0x5e, 0xed, 0xfc, 0x39, 0x15, 0x96, 0x9e,
+  0x5d, 0xe2, 0xb4, 0x5d, 0x2e, 0x04, 0xdc, 0x08, 0xa2, 0x65, 0x29, 0x2d,
+  0x37, 0xfb, 0x62, 0x90, 0x1b, 0x7b, 0xe5, 0x3a, 0x58, 0x05, 0x55, 0xc1,
+  0x02, 0x41, 0x00, 0xfc, 0x69, 0x28, 0xc9, 0xa8, 0xc4, 0x5c, 0xe3, 0xd0,
+  0x5e, 0xaa, 0xda, 0xde, 0x87, 0x74, 0xdb, 0xcb, 0x40, 0x78, 0x8e, 0x1d,
+  0x12, 0x96, 0x16, 0x61, 0x3f, 0xb3, 0x3e, 0xa3, 0x0d, 0xdc, 0x49, 0xa5,
+  0x25, 0x87, 0xc5, 0x97, 0x85, 0x9d, 0xbb, 0xb4, 0xf0, 0x44, 0xfd, 0x6c,
+  0xe8, 0xd2, 0x8c, 0xec, 0x33, 0x81, 0x46, 0x1e, 0x10, 0x12, 0x33, 0x16,
+  0x95, 0x00, 0x4f, 0x75, 0xb4, 0xe5, 0x79, 0x02, 0x41, 0x00, 0xd0, 0xeb,
+  0x65, 0x07, 0x10, 0x3b, 0xd9, 0x03, 0xeb, 0xdc, 0x6f, 0x4b, 0x8f, 0xc3,
+  0x87, 0xce, 0x76, 0xd6, 0xc5, 0x14, 0x21, 0x4e, 0xe7, 0x4f, 0x1b, 0xe8,
+  0x05, 0xf8, 0x84, 0x1a, 0xe0, 0xc5, 0xd6, 0xe3, 0x08, 0xb3, 0x54, 0x57,
+  0x02, 0x1f, 0xd4, 0xd9, 0xfb, 0xff, 0x40, 0xb1, 0x56, 0x1c, 0x60, 0xf7,
+  0xac, 0x91, 0xf3, 0xd3, 0xc6, 0x7f, 0x84, 0xfd, 0x84, 0x9d, 0xea, 0x26,
+  0xee, 0xc9, 0x02, 0x41, 0x00, 0xa6, 0xcf, 0x1c, 0x6c, 0x81, 0x03, 0x1c,
+  0x5c, 0x56, 0x05, 0x6a, 0x26, 0x70, 0xef, 0xd6, 0x13, 0xb7, 0x74, 0x28,
+  0xf7, 0xca, 0x50, 0xd1, 0x2d, 0x83, 0x21, 0x64, 0xe4, 0xdd, 0x3f, 0x38,
+  0xb8, 0xd6, 0xd2, 0x41, 0xb3, 0x1c, 0x9a, 0xea, 0x0d, 0xf5, 0xda, 0xdf,
+  0xcd, 0x17, 0x9f, 0x9a, 0x1e, 0x15, 0xaf, 0x48, 0x1c, 0xbd, 0x9b, 0x63,
+  0x5b, 0xad, 0xed, 0xd4, 0xa1, 0xae, 0xa9, 0x59, 0x09, 0x02, 0x40, 0x4e,
+  0x08, 0xce, 0xa8, 0x8f, 0xc0, 0xba, 0xf3, 0x83, 0x02, 0xc8, 0x33, 0x62,
+  0x14, 0x77, 0xc2, 0x7f, 0x93, 0x02, 0xf3, 0xdc, 0xe9, 0x1a, 0xee, 0xea,
+  0x8e, 0x84, 0xc4, 0x69, 0x9b, 0x9c, 0x7f, 0x69, 0x1f, 0x4e, 0x1d, 0xa5,
+  0x90, 0x06, 0x44, 0x1b, 0x7d, 0xfc, 0x69, 0x40, 0x21, 0xbc, 0xf7, 0x46,
+  0xa4, 0xdc, 0x39, 0x7b, 0xe8, 0x8b, 0x49, 0x10, 0x44, 0x9d, 0x67, 0x5a,
+  0x91, 0x86, 0x39, 0x02, 0x40, 0x41, 0x2c, 0x4e, 0xfe, 0xd9, 0x90, 0x89,
+  0x00, 0x5c, 0x94, 0x0a, 0x4a, 0x7e, 0x1b, 0x1a, 0x80, 0x06, 0x01, 0x37,
+  0xda, 0x50, 0x61, 0x9d, 0x9c, 0xfe, 0x25, 0x7f, 0xd8, 0xd4, 0xc4, 0x9e,
+  0x81, 0xf2, 0x0c, 0x1e, 0x38, 0x21, 0x1e, 0x90, 0x3f, 0xd4, 0xba, 0x6c,
+  0x53, 0xcb, 0xf0, 0x77, 0x79, 0x9b, 0xf1, 0xfa, 0x3f, 0x81, 0xdc, 0xf3,
+  0x21, 0x02, 0x6d, 0xb7, 0x95, 0xc3, 0x2e, 0xce, 0xd5
 };
 unsigned int default_private_key_len = 609;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index bde6b68656..6b3654d558 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -88,6 +88,7 @@ extern "C" {
 #define SSL_OK                                  0
 #define SSL_NOT_OK                              -1
 #define SSL_ERROR_DEAD                          -2
+#define SSL_CLOSE_NOTIFY                        -3
 #define SSL_ERROR_CONN_LOST                     -256
 #define SSL_ERROR_SOCK_SETUP_FAILURE            -258
 #define SSL_ERROR_INVALID_HANDSHAKE             -260
@@ -105,6 +106,10 @@ extern "C" {
 #define SSL_X509_OFFSET                         -512
 #define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
 
+/* alert types that are recognized */
+#define SSL_ALERT_TYPE_WARNING                  1
+#define SLL_ALERT_TYPE_FATAL                    2
+
 /* these are all the alerts that are recognized */
 #define SSL_ALERT_CLOSE_NOTIFY                  0
 #define SSL_ALERT_UNEXPECTED_MESSAGE            10
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
index 7c8ac8af28..bd4f3241e5 100644
--- a/ssl/test/axTLS.ca_key.pem
+++ b/ssl/test/axTLS.ca_key.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-AoGAd4Ia5SxYiBU9A0BYyT8yPUm8sYELIaAL4YYk+F6Xwhh/Whnb8MyzquzaGFP4
-Ee30jYYNHlvX5VheDDtvy8OTN5FgKNNdzvW15iA4Hxje04ZI7W87G7OIxm7aYRid
-sG4XqZBtsOdj33IRd9hgozywGJ2qRqS6nn2KxRv1w07RniECQQDZAlKxijdn+vQ7
-8/8mXzC+FwQtzeTUCuLrBJcos9I/591ABoxYkWcYLxpFqgCEVwb1qfPBJkL07JPt
-Fu6CTnBFAkEAxXmUBs47x5QM99qyBO5UwW0Ksrm/WD4guaaxzQShMt/HzgJl613z
-/x4FtxiQJHAr6r2K0t5xTJx89LVKuouYYwJAImue6DAvJ5wDfzrtXo28snn+HLHK
-uONdKL/apgcXszE4w74GJsoxWwGlniUf3d3b6b1iP2GtPyIDOJjpjduZLQJAE4jS
-VtYB3d1MZxxQLeKxqayyuTlcr0r+C79sqT5C//hZGIzuLhlOMLd0k0cvwxsBjSgQ
-2ok8pfp49fAVI1z5xwJAVmJgLc/mSti5A2q3c8HW8qvMJEDPWbpb7p8pg4ePtpa8
-EE3TO4O4J2H+k40C397km4yZXdkNQsiT1zVljJZpiw==
+MIICXQIBAAKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
+EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
+JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
+AoGARYOF+ZZenAJJhSENUiPTm4hTXX98hNgZYw7DWU4u8S/6JT5Xr3AM6YFduBoV
+0VDR63GlrzEI5p6JDPeNbn3MBl14ZNZVOOkzenxsCsymCHKhickxR8VlRoN26Xpb
+OcMxsnEOJ8zh0F97Re8bsE7OQhk4Z7KtArby2jY1bpSqkRECQQDQ0D9lIq0oINaS
+Uezmj/eSlmRjUwF+Vx8t16Yu8mD8CJZUVBEhDn/Xo2GWlkFgbWUoAPanr8zAwKJX
+6gImgMVPAkEAw+AxIgMqxs0GmsiesQMPe3Rf5kRId7ApFdhCq15J4URGOTdnyIUj
+LBzJpGSiQFb/Fkt5dGrsDzawFd7hlBCa3QJAcWJCqiX0JDAAkx8NJfzSj7Q9+njd
+/L5N3dSVFjTiWLhI+K1VR7/ZxzueB+i6wyNjpB8xz8fzxE5VWKtmU4XknQJBAKW+
+K/UK1wR3cnJA9j70RwKA27D98JAOaQWKBAf79en+mqlJn7EGL1fhWCKZ4M0ukBSu
+cqw22V6aOO+YtCpUzqUCQQCapy9lw3tDuCAljW8H3p9ce/+wuK1FTnF0TCalgHQp
+kn4btRLmj0josAj4lRrzi2uaYfwq39h9OIuy7ES7YKcv
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
index 9c9936b8e98d0b7475e522377e64ee5cb7d9858c..05d1ad10e1bd0f155922ab5c073dc63421fbbbe6 100644
GIT binary patch
delta 341
zcmV-b0jmDv1LFe|FoFT!FoFR{0to>7=qD=NDmSW;6G<B}FflSRHZn3ZGcz|@7Y#Br
zFgY+YGBPtWGdGcURDYkvew7?ZSvJE6sPpl+o#E9=Utd_%?aOMw6nJ)(k&kiua3D<(
zuQ89Z6>t>EtE=2G5b&%8D-u+QW?u@wubHY8?6YY86Kh}2Ox}e5OK=B3N97D8@N8jt
zod4_QACf{a?!sKPEDV{B+O3(@IMcPrZrC^gx#Z~56_K>d+kZ0x0|5X5FbxI?Duzgg
z_YDC71qA>Dfq?)T2~$RpF*+Pnvs-bFEp7UXa!sfLf6i7hw5R_m7=m+^QjWEr`esUp
zA-5Maqh*3M^819hNAA9wMjW3)Rc%;1c-<|qIZOvm7|2$G_mKGPp);5{GU15!o}xHP
nYt>EtrOAv{*BUt|tW_5@KbF2Rv4QR2q?~OsgvJw*G$qZ&H4&89

delta 341
zcmV-b0jmDv1LFe|FoFT!FoFR{0to<}ZgV)MI;C2X6G<B|HZV3YH!(3ZG&3?<7Y#Er
zF)%VSF)=hWGcu8PRDY*s**4Mk7Kg*SkTmVk3yE7QbYP0x?QK*v(+^yZa07yQ^o3(K
zX*t4&Cimg$&A2<P<Ulw1hddZ_EC}JAZAUmeH|iC&<U3mqNeANqjQu+@zrSXmOls9$
zsd%mJ_V~6Bihm&($B~3~j&Ff_N$931;bTb$9r{L0cD4?6Vt=m!0|5X5FbxI?Duzgg
z_YDC71qA>Dfq?)W3xL`*peHaQC%L9rFu+`!L(F~VuAbis-81tk-U!?PR>rx=X`^>v
z7F66sjS9#_Ti&fqR};+Q$KUpJ`w`LA$ggbk@)MB#opCapepcK}N6A!&jPSjW<X$x%
n`TZK<oH1_%ni{~g>IYk=Qp=vJ9j$jvG#da=72kmR)cHplrHGX$

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
index 86f659710c..ce03a20512 100644
--- a/ssl/test/axTLS.ca_x509.pem
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -1,13 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
 Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
-3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
-flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
-+UcZ
+A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
+EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
+JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
+GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
+95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
+Jc3F
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.device_key b/ssl/test/axTLS.device_key
index 4e981d143e1383828b8a76e18c57e0b0f59b202f..72a173429661c54bafaf35ebdba5a9a96cae5820 100644
GIT binary patch
literal 608
zcmV-m0-yabf&yFu0RRGlfdI$Yu-g3!&RpWhvZBIkBv`Y)DwSzu_af7@f>p-pfh5{E
z(L4t750a~*;kA%J54%}t&sUBDBGw^eb61K0v04zSb5EL5^m8<rt~_oG4&XI(fxE)D
zQsu$%0@O(tf`bFPW^flq>7c1yEU#M1o~&Hv9_`lwbHJ61=&H?7gQEfi0RRC4fq-Xb
zsnZm^Bb*V&i<$)p6s<&x?^BUYsYO1{mE|?x8E@?E8tr)&gOWP-GTf7YVdQAle)?%b
zm#w{K%!Uo5U>-Bb>d79OrtrefCHVs&m3a$8WRvR~jH<I`38IZ+%_ZC2Resr0=or5X
z^26P{41b~188~iz$Yw*%&b@XmH3<Si0QHP6W6GA~_=#L!hK60ElCv!9e{>s`6U9!&
z(;$2m=b}w&o<rA-IW0$r^?Sf^uY_kN0E0t+q~*b`M3=)2&jLXJ&{}-^{KF$nC5Tgm
zx!s{dKtEI}pwr~C2~n>Dumzsw#8DI5GDLxr*+0jCL7$M>P?H}x=B54Y8-Vj_Y$;Xk
z0zf>>H`GU-GZli>S7o%ZOvVolNk%4?iUVCRQuQLP_OXJ~PFdfKXply*)@~;C5OEj;
zemPV}3q0l$owlec2&)1>Ss=`0b1eF`?!Qrz?t6=uoGm*L{W*t}O@2Po;sTY0j-+f&
z5k%7U0kBczV6G&kf!$rU)|=gOniXJ+e)n_50zm-VmU|#fVsk?VE#v#|&6;9_gVbJ$
uytH*a@JRQ%ppu`vA77wv5~Q()oO_8u>ciBD00{qvxuLOHOl(&(@wR&t<tRu1

literal 609
zcmV-n0-pUaf&yIv0RRGlfdJGZ4h<43zjh$NmAe*gFd;CkIEWYaUz#Bpms2~d;TZ=+
zk`Pe_4BeOCv@NwmC65?N)gXrn?#|TyB9lU`OINiLyb68LKj!YuC$?l`)u2L1ZuNgc
z=Sux+ln*4$Nfhl{gttWP`YNkiPpo0p0h3)_$nwg2s|lRS$t9_kyc+@o0RRC4fq?*^
zL=H=j!{3Frp6Ni0WB0Agp#h-CLCM~qOnu)|K)UjF%r<fVRLj|liDwP<SptGae;VJ_
zMhe!}k{!Dh@96KmOI`q<?WRqvvfO61H={0;KF%Ej{gR}3kHpi(rVmH`Y?3%o`Hd9A
zgG6g{q(Yvh0YNF%rC0uB-yx7-xur1zK>+-Ic-(fn!L=2LAE_OnV2@ezYPqfv?7EVw
ztnGa>p_(hpRr+n(N$Ooc;-Ug;rmFgzfA1^_2-*k;^0%11vl#+G0M`^95MJ-`(OR-i
zBA|9yFh78sA*+l|0wMujX*I%@o4%O>ok-BGDtQP3_l0oh2@5c16ixpA!QhEf#zLZF
zQvyK%tS>_pbrT+q^2G&mI(6scS|AxC&V>TLsLms2K>j$f{xgTlW2bz`iWbV^SZp~M
zSQa|OOK(li0kpVqV}#k^0zZ3z5inI#a)-o>oxVh6us#Gh)Z2ij5G5&LpFzr;@!ous
zU+nPW;~#)v8B_>M%wA;<W+FnTDWWP&usbLS7Xm>5u?2*padHnE!MbMQTY+(0Wgg|0
v3cKQF;e2bA5N6M*E~R!7Tl|5&J97n<934}R7|5Rx8jwm@UwAr_9k^bwbVnG3

diff --git a/ssl/test/axTLS.device_key.pem b/ssl/test/axTLS.device_key.pem
index 2bcf5e37b3..3c28265475 100644
--- a/ssl/test/axTLS.device_key.pem
+++ b/ssl/test/axTLS.device_key.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDUIg4NEiu/diDAlbsWbTAhMKw4iBf2X5ohGJdTO6vhGQdEkhBR
-Bgzdl9+0LbVDJY8YStUghwnuztT+IpNCrUtXtRK8Cn3QP+buzSe2ZGPVoEJIbvV/
-QudK/WuUDyTNSRTtW4S3RO36KqtbT6xh1QGTXV3I8sp7qwmcysklqZW8GwIDAQAB
-AoGBAKBEDkuPw9+Ftp7pQIxj963LoQGgyEHJ3p9Mfd9TQLrydsw2cf9Uy9mKiWcN
-9VkCgkZ/Gt/VRgrW1pIduxXv6O+8S14An+2mTayy3Ga1N6MulD7OHQP9kqR4j8TT
-xaYPR/1skjhQ+Y0Uw4NEa3OkQp6lAUEp1aVX/mTfIZBguaUxAkEA/H543Ha6wbUV
-iB+pHaBgj1nzarmuEey6kqqs7X0zoZory1X6bdpJ6l0/4qICa6aq+pt/7ywJCNoI
-CPK3mL2zGQJBANcUHRBe7/HRWrJNIqB2WDA/gJshq4xOAiIBXWk1wpabvpkCnUjQ
-rip5CAL3hXDnCQswZxRN/v7B4IlSxkKiY1MCQQCsL0MUdRMejfLFBXI6defjWiAZ
-I86FAr6oziNnQP44sf4zh8pjp3zIihbK4lhsORhYFjrES29NzgG0uHBjhNnhAj97
-gBEwVVNyh8SMnb5EZbA+BDjU24CmECUpYZ9Bypzx3nyTX+zw4uMfgGAZVAhLzF5l
-DmYiQqcpoipMsDsoCBcCQQCxBYSicXIPG8G6ZuFbgXFcZR7llgq74mbhfGuVEGbP
-qS6ldhJb/IG9O3MFlRwdU44YyJ8QGpBKWF94OpIduF6w
+MIICXAIBAAKBgQDH2LDa/QrOXOLHsqLCayRYs74qlWlk9yLTtIJVxumBJNo40TwG
+8g+Sq6LhtZBAD7tZaM9XjgIi1iFjc1eKALFaEKpzT5pS9HM0mK48bgwO4DV0gbvC
+t1LlwfEC1EkXgoMDumZwF0bpoKldLK9ayp6sXOYe7dcBc8CVjOiqzVCDowIDAQAB
+AoGAZ2ap0xS8I5wRxouaBQgUrUSK71ORTalFPs6V5TXfGW/s7RrteRaDkjr2MtyT
+f2HkaNV++mlCl629ZsyGDaRgHjPI6skemqbwws4l+QMglXkLQ2ST6xuMqrNlCaKN
+Ys0l291VftlS6Bi/C/LD3bwMf6HTGThufchmQ87OvXYtNQkCQQD1jC5jypbk+Ilc
+X4aGXaOSsyzrf3QblhPFTsXTIHwV56JNap5D1405LUeH9XvAca+EZyYAg0N/pOXB
+rkSXww3PAkEA0Fp8+/zDI00liFOEud2hQ0A/VCqg0+SyCVGvA7AFnuXEURPbMkSB
+ktk/x4BBn5DZUJMfOOal/ewbgPNqbClV7QJAPMw31EeeMxWC1VdltLFMxg8NSUYm
+looDXTBS9SKu9rGC005Z34xokEaw1m4m9RBxGAR+OVRHCzzmEp22qCkIqwJAWSDM
+ZHMs+rXuv1GS7nuLl5wtOxD9OYeUTX4+0uIClYWOpGxNEUTS9QGwUeRgriSlgd1d
+ttab3XKaFWCLfvdzxQJBANuWeyBMYnNDBi3j++/NmmKEg9Reiby0dT3wSPe6oJKf
+ux9foG8SpLGGnHuJQerD1IkACP+GuaGxWUxsVzPxtns=
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
index 8b0a7eb4117de421cfb917de7f03055fdfe2c28f..446a857dcb3631484bfe05348e438d5032340eef 100644
GIT binary patch
literal 383
zcmV-_0f7E6f&qIl90m$1hDe6@4FL=R0Wb~(2(`xmEt!n?jsgM*00e>oSw<jwJn=@O
zgApi`@m{EQAONauywK~+aY7nEgMclB6jn91S#qK(cVDf8NBks4HM;}>g|2ApUKXo}
zvs<xD!dj8sht?t?yXO&U$uRvM9;iy;%_phMOWwW}Ps^HoW*H1<q#aL8&8@ErBc$5U
zl<Ze8*!6nbhFTrJyfPz(9>i(r<-qWv1&~+-?YEL`nF;)bGOWx<EpuQ_M=OrXB^+xx
zXWjLXjl7eM>B}wuSJav@GEg)}7Yjl+S_#gX$M&)Zhh~UPVHaQx!o3rNp1H_lgKN@v
z!1}jkcy{w2d3f#&!=8zT;bkYTYfnk|7fE=x83jHeJT>mn+p7+N9MTpNTptIgp3@++
z#M`|+u70D3Rv<I(CHtJ4!cg!?Ah(^r4?=9&g!)7c@Q|FK9xpKL^6|X0IQKi6^83ud
d01X)TDiNswrW2d=V4fvx{@t7i+gx)QX<GW~u(<#L

literal 385
zcmV-{0e=24f&qOn90m$1hDe6@4FL=R0Wb~(2zv&jLbrq;i2?!$00e>oTecB0S5Ch{
zHl7H=qA4HIOB;)ah$8h!;8it(u3j>D`liQs0*+k*%XW@PAMoO|ZVtaORrZR~IdUoh
zNf*1NZ0jCJOsIuor2Ouh<c)ot>Y5SBS)gmT$Plt&Ub|ujkSvY}HF3T6ZV$+;=Cj1_
zqiV0Xy#~l}wq>xTcs~vcY@+sZ^yo(jDeDIm8}2%S8s3H&bnWkZz@9kPK8*&28D$i9
z3|2M?_7i99)`(fX3rvXr@m91pnk>4N^QQR5XPP=(qj)V!5qKV+KU4NR01UFqcL=0O
z<WqeKmP8KC*)QM=McME}H<QCTa_BX@namc)CF_|xU$3*#>)<VdUvKAmO0=-igR~fl
z-mO`%dym`o6F9p4n$=wvn!II#&PnKR3lXVbV;jds=xH2us6!2fitgX)P5>N0{uLA$
f>0oNt1g(0Zzb?&!uhc`Lu&kDME*dK^i&ZfFoN%%v

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
index 19ca3c5eae..b059096a36 100644
--- a/ssl/test/axTLS.encrypted_pem.p8
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -1,11 +1,10 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBfTAcBgoqhkiG9w0BDAEBMA4ECN+YmhCv0ILdAgIIAASCAVu0QEfMkp0xUsNq
-0Ek4Nsa/uxcs8N/2P7Ae7qCakkvsdRvvPPH0y+wuj5NgrG6WpPeeEx9fI2oNNTfC
-pwncH0Xm99ofVrgMX6XC45LDZtzXNSZd4TdBP6xvlYXbuGegp5GPJ8emzscHCFhC
-JfPHemRAcB7DhiWukPosuSUr5R8OluEMJrQLHuQtlDAvMjLEI98lSchPxF8LKCk3
-SS2uCcmc+4WiR0nHG9BOaGi38+PytHAnbfo1mfVSQzLfgLicMAVGysfQ9QOgpQOO
-ygYfM/s7Duwbl0rshyXVJP+7BpYJnPtHvO4BTiizU7ZEr4WBiEnnANDrupSdsxeH
-+cxZo70YJVdoPdgMd2ke6EIkUhp7HughFg+okldlEtJA4muKeEzwAxZu0TqxOtZ8
-UYRS4Ygk+rN7Y0qTKSYwSkrFBwUDkpctYjRUOeAZ/mYMKWmMn1ejAb5Is7bjEIxl
-tw==
+MIIBezAcBgoqhkiG9w0BDAEBMA4ECEHizqvZwHfYAgIIAASCAVkWuzUFR3hk3vXG
+BoX1ULCIr+Om40+UkD0T/Vxl8zo6Vuvl13vAYqo2eDSNd75yKpYle0gSHn+aVeWZ
+gKYrmpSqXF14CDeBXAd2GRwun9EIAwgkv9AMMPGzCXVTVFM/pLyuLexj283qvZf5
+/7Fe/cizYx/DxtiRw9QUsNWYckt3RAM6i87PTBw8uI7NqEMEkstHT51l5TR85JjL
+F8ZYSuqv9LH/jkWhoedgID35r+ffjeYV06clebuRJAIcS78LG8833D1SyINlnj4y
+Ts2NYf2R4CtR0rDJeDCcucDBnzPPIBv4JqsbUGDTMrlFIGJvmL4RuNP3TNIAk9tZ
+FHw2QEBrcv6XNQa8DJwk/162CdDxQG5uWc/Ye4hF5OXzAd6gxKz8u6C3wCq0q3+b
+PDc9wulGEejbL/lecZ7qT76CqYLupNmCBFAa8idGjAhU3LDwv4ooGF1aWFiGgG4=
 -----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
index 5b6ba1d037b002b0d62c9903a3582daac05f77e2..92429c236606819f460535cddd3c1c1a2386ea7e 100644
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdI|@iAcUSxs`U*6EF_Hvh8OIz!pDI37sh~vTZ*;Y%h?2
zp>f~7IK|7Unm`ng3i-DO3*p-53BL_jL55(V!6%Vh3YbP4_M(LNWyj7fmKUm#_+bQ4
zaO<=~x7?b{F##0R&CJ3#ZE1qm#>BqzG^NR=8B;QPh7OT}51~R-ssRE60RRC4fq?*(
zs%{bWYKx-ANXC3OYadk*b|xgl@?2WoF7u=wyn7sg5QV(hMLf8&22-`wdgl(3=0d{a
zD%H^gpKnuiXmXCf1G}req4|M*64afxu1u}UsL6nh4b{-0zwBU0N$r;pUhVuj6_%b|
z;<Q~Z1l$OsWhpH;`(ltAd*wP<1y#WUK>++|D9NbAT;tGQs@mR%blb~7c#a(smKI?@
zvp%B@+)1S+hsBqLox8N~MEz{&(v0jgfkqw>5;GQ+08e$a<#_@@0MP4Y2M{~i1MA#x
zOOL~c&UV(t6d_LMPaEh3_=FnZ#n$5pvs70CAJp0V|3I-;9ANjXk@M5We}w&no$4m;
z$pS$Drq3K~fdd>|Rt0J%aPQU=w{$4?%23fQgCS((-9I?E*3v<<9GdD4_1fRf7oVCQ
z6|YDfy_;iOt?ksIuBllG0zgg(&Zv*Ty7Pkq$TMOTcfx;@0`uJI8t&?jgv4o^oPTK_
zP93F?21FZu{AoZTy!S?=+&O#bi%Aefoo8B+hB*R2K`c)G*^r3<T$Bn*ej6Hq1_3wP
vP+^^%{w06d)Wn{F@(dn0As&!F)Vgd_%kX!3oALTTf!y;U0&TaI!!FL%vMwc|

literal 609
zcmV-n0-pUaf&yIv0RRGlfdJUxzZKr<ujtkN3#h2G*G65ZCTt9~*}TU1z<AL1R%Q4p
zNDg}orX_ypdwFj-<+Zo;;GB_Q^ak@l9{G_OsV_%EwVNK?_Np97c_Apvs!4O%2?b07
z@=Q%^9Dt`3kwp9wv*G9CPei(m!*n_5OwiO!Bw@5bm5jg&w*omag_8mU0RRC4fq?*&
z2Xf`Ut$925Gc1k;_!?`_=#ljn2ibyLT-73>o<ahDi_O0Dg;Mq`)d|up^epxVg@F0o
z(9Ay~F%|Pk^0ne=nFIt$A={s!R9gDv+4%<r|C(i_>+(m=R>yKlNL=U?*N-L4Nht<u
zRC^cPp43zD^`3<#q3b>AFS(rd;edexK>+Roc*l5!1eeS<z19)p$2r+FQF3pJ56y@&
zGn>b!19#biHMZR!!od?jgH`Kb>w%687GkutJnIO6oO#nY%JBk00O>_vE*8v_P(ZeM
zyg1-iXi(EHbBv5C4uMLFyUg%pG)A8XeImB`MyyvOj2`RL1x=`fYG?MQv8#^3@9%x^
z!va7r##ufX=mK*A@81nDOXwG=jKS!Mks0{(q_+)5_cTxgUJ9@&6s`anfHIu5fuH0;
zf)t=Vi;POuOB0>6lS<J7KxB-AcVSv{5kI4-8;ZoBT0EqiDvD){XHGG!RY3$vodW0I
znSatS=GM4`*$gKLft$3<Se#LW4##aYiBQQ8a{@sC+TLCotQ{TKxn(8*_0;4jgoZBw
voIwCm;YX3cQUy*AFAd6@J&8fT?w_INouunUf8)!fYYO6iu!megu~88nIFuu9

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
index 4f5ad4ece6..31d3d6d96b 100644
--- a/ssl/test/axTLS.key_1024.pem
+++ b/ssl/test/axTLS.key_1024.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDY4L8V3uqv6NX9C6ios9dGXacmbAy12bzG+MB40PZWZfgpSA57
-C6Ylfuh7eW845bW39OCckWD0BvNAHvmRGakvR0O1mx7c9qocSXkhKMuqSXPZCQVM
-AvJMTWwcgKcUkUT8ErPh5+NPRLqMw3Q56EzQ1EwkYbRAlYzACrcCOTGFkwIDAQAB
-AoGBAJQHcuW+rXk79zMsjgX4GmvQ6JH1FgfZglxc1SKhnkICf4vNvvSFUvYs1QnS
-LPQs9geFgPnc0Mw/IjEV80nyteJpmQQESSHbn6FUWvrk2fkHBf+aZaTr8kfOVsdy
-SUhc6BTXjyXMSSkGalR7F9ye1FPw9Z6FJaHrPekvuZz24YCBAkEA7gJ4x3iFBJfM
-Nr3WEeLHOdk0UXJvig/NiDIzm8enA3fZgjW23R/CwRNAg1XrYOuBjgwWYrS0POsI
-gJx50zjK8QJBAOlFXy4WzJNQQLZ5vDjgVmhQ0y9zjIwqDoFKirvM8GQ0Rp8HfSK2
-+UasVyOMHuvTBU2og2pn9qaxq47B7+998MMCQC/GWT4Y6AJzAe/fDTBL6BepjMHo
-iZEZ+PSktw1G9zRQA14KsCkUrgAZgDKctYGf5EKCFKA9i4xK1UsTnbSTStECQGSM
-g3dhWnMRP6OoG4rEoFo8pJsqimWMZ04xrFVBBEmdAuffmX/SMObWuITZDCcIgZu0
-zFicUYQOx200iVDJD3MCQQDa3l4arB0d17llJgD11OQohIYvAJxBAFLhR5HAUgVO
-Dy8Nyps9iUG/7p+h5p2k60V/48ukawrifrCHXECxUREd
+MIICXQIBAAKBgQDN/YlIvja5lXbUEzAOv7LtZwrAFj9RCZ0pL7JtPz5sL5CAoXHf
+vjjFy6maQBSQCvm3Bwvh2ucJvw1XQYZgocEnkVsKmEYb9qKE+GXHzi2WF6qR+GEE
+UHDrtEO33JrMMQEU1M3MwjdtaYLWxsS+8jSlyaYZUzJ6hg6Rgg+hQlSqAQIDAQAB
+AoGBAJWqbhH1aouixkjGfDdrH1UQdiYkw/JcWt0u86QevHscgBCFvNhFPLiyBlO1
+1XrnDpLmQsLiKtXRA59vU3Roco6/A7urvaH5gX0S1J22rkytyqjJgI0N1dChv+xg
+SEntlw9e7fw5FZaeXeK0XS4E3AiiZSktN/tikBt75TpYBVXBAkEA/GkoyajEXOPQ
+Xqra3od028tAeI4dEpYWYT+zPqMN3EmlJYfFl4Wdu7TwRP1s6NKM7DOBRh4QEjMW
+lQBPdbTleQJBANDrZQcQO9kD69xvS4/Dh8521sUUIU7nTxvoBfiEGuDF1uMIs1RX
+Ah/U2fv/QLFWHGD3rJHz08Z/hP2Eneom7skCQQCmzxxsgQMcXFYFaiZw79YTt3Qo
+98pQ0S2DIWTk3T84uNbSQbMcmuoN9drfzRefmh4Vr0gcvZtjW63t1KGuqVkJAkBO
+CM6oj8C684MCyDNiFHfCf5MC89zpGu7qjoTEaZucf2kfTh2lkAZEG338aUAhvPdG
+pNw5e+iLSRBEnWdakYY5AkBBLE7+2ZCJAFyUCkp+GxqABgE32lBhnZz+JX/Y1MSe
+gfIMHjghHpA/1LpsU8vwd3mb8fo/gdzzIQJtt5XDLs7V
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1042 b/ssl/test/axTLS.key_1042
new file mode 100644
index 0000000000000000000000000000000000000000..2cf1af36906138661d34c0d7146bd15c0c3482c7
GIT binary patch
literal 619
zcmV-x0+jtQf&ym(0RRGlg9A~8?K0-h4jZzqXjl)o=$KxaK*wXf1eid91kKa*HpXh{
zt?)BhI&{EwhGQ%lwE2wJ-k)+^guSfr1URlLIvkMqL?@s)s{KaYtLtMgSX7LDS2|yY
z$N8~wvT_xTZiDzz(s@(fR~kXk6-Yw;sz_67OgUI=r9Vc|gU96GfX(^g0s{d60Rn-8
z0jWt_!xYNtLo$OOZk~tQIF)-bbKqH<I6-QarWs1~H3tUoUIoU`z3eZk)N&elfJx&s
z|17xXpfWguRDslg{S`f-rN1ZP**MM%B^r;{U{9GS?vCYM*GPE98HBfdLR*q>5QhO;
z8qBI0RM83|U-=XI+xdFHUJ40B(<ic=>Z7#+LIL#}|29=c>WC12&1r>)F`kV&6u0I8
zb>ybJBs6_$^aUkav=3ux7hJ5O5vroQ!O@+4A`#Z~ci3l%0XPTz=c+>jLIJV=4<uk`
z1?igaPkLmrX39aDP9Xve;z#Ff3zn(YR=?I#X-&*8!-wUC4-7};%NFh;+=#gi!Vyz0
zTTU=cJEIE%LIKW=xD6mvq;)F1(ZSf}{f~T)qjpJB9f1wQ*Q>ZCl+brIt;Q0bd|4=E
zh37lQ64&|$`u_T>xj@1Ber<_56JlQiLIBxfv-kO(!4+vZ^Q({ISY>$x%$v3bG!^DD
zb$^Q_#Gxd<bmq1nI;O~Nq{8<EfPBQ=i*KZv;+lZ^*jq}^^pj5lK`=25-O>ZIfj+0i
zZ9xe&&HxrlgMp<(vyQfEK4p<Ij87{5H|*t$5Q}8f6e@7S1itvXs}u{DA2L}Bb@+z0
F4ZDb^Cf)!5

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1042.pem b/ssl/test/axTLS.key_1042.pem
new file mode 100644
index 0000000000..87cb42fdb7
--- /dev/null
+++ b/ssl/test/axTLS.key_1042.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICZwIBAAKBgwNRhe0y5s4OG7KtaFgPt+iYXplAx2O9BJhAgQTN0/Q2xmrprfAz
+WTp0wHWGYywZtPmM196fcl2EvazwBDiuKjockPdEJ6A4qv1G3avrYy9YVIx+Vzpf
+hsf5sXGychWNboP4UtJ5U95XGkHQFUhC/apIU2tMOVhspT9G0YPH5N+AzfnhAgMB
+AAECgYMBqUlbwxTK6UMygx9unofaOJV7MXPgWZs4QWqVphlK9DUHBu9eBcbQvewv
+qdRyGniASeMz/yy45qAyOIJUgdR//RU9oaW/J+HZOM4LJRqP12BPmSjujuVd10h4
+xRmEt3xCW5JwEIcBWhrMqhlU0QoiX/kT+tv5esBeCglE0yeynOqjtQJCAfUa/zZV
+ReqIEH7NaYWHMZ6NOhS35gB15Ka8JDR9avQFJVq0D2NpF1ysohGqorvB0Z19IhHW
+9HfYZ4kBOAf856pDAkIBsf8PJGBnBema7096ZLFmykGaTiECDOJH52wLlqnWVr/W
+UmlNzC/Dh+WFDwxH5csW7iLciLkNwhFTLltOMEw7owsCQgHOjbgNIFOkdSq80cHY
+5v2PfI+jdklSHYENw9eruCWU0Hc1rcYSnnxZKGWF5zvGEtf6Bvr++qu5QMH5fm2J
+OhNiXwJCANlis/f5ncEVaTjzq4/iWGV5BMybtgY0FeYydX+LJMShJL505rYfOqbI
+baTC9wSAfMTdi2+kmeKagPrYW0rP9JNPAkEwMQ3d0gOzgT6nxG1BCTXOABZKg4Gl
+Q7OOtmo+ZZEyjE8q/jfs5YsQi2TTFCpwwgS++LqrFAuXHzJZC3X4hrUNuw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
index 0af642de231ac7143db034bbf595842a2c7c9f85..4b2e18813f49ec6555538d2cc426b6739957d9b2 100644
GIT binary patch
literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaG|pt@KgoIIVm0W_dV`91|Ip>N=vaC{HV-MVa$Q{tL6
zL?N0-7uT#hjhlbegc_)qd30=sxBSuSziDRPcnsC+37-jpSvm3q=&7Y4G};j%<sxD~
z>~f>`rI>+YHBU3><<%IgBHL2e-ASS<g@(Qkc0;5*Ocm5p@`t-Ozte{TguI(|H*v7|
z=GIieu?0#23a}FxQn57NE|HG`%GSe1Y@JEM{+?P<i>Zm_7>!echHJ-^o@f1$iY;SY
ztM*PJi>)h?d*!9U=F%%`y#B;uL&16#k~Y0tc1xjS9Jm=iDC4@!Tj_LVzu+u>WO|c)
zXPBf_f}$_JUJo)=7K<$c0|5X50)hbn0F-b7@t;+-p{YNjS&>q9It?Y)?UrWUSrDj-
zK4<SXBm7?uI)y@_0P+nTa;Oxk3$=}%K=M!wo>^n4<PW#W(IPKmKogVF@ylX$KhO=_
z?gP=LN+o_2luZjYEvLnuF)5~LpbaQhCEnhw@=#}y1>RCIcMPv5)je&kC8g#beC;+E
z6=-eYf3QSK)&qp2<$NE_zv`dY_f%+&m$QdJ6DXH<?l@QF{XRV!DfUw}>WX;rxQQ?Y
zL&+~b_4ga;Uh|~u8zvI=3*Ar&m%6;lLUNuh<@WN{{Cx`BXIX(B!EB#aM@+aU_!F2*
zx}ySOhbBRceZc3N6K45(f;IPr#R7qW0M3r;XD_EYQ${kZG;N+Ku_UN)Zy?pAVN0m&
zYA`H$SG+nCp0}x}o@2CzbPRz&Vr(c}=L2s@oUCH?fxk*;6}=qtllXPUl=t;vC5mIF
ziVzRy#it=X#{7r|9##KAv51P>5KbR$UJ=p1kT9H%mG^%+S;nEJW|w|VqdgR<ivodx
z0L?|ge5UWpX2Z{_r;Rt}KACWR5<RrH4Y>Wk;|IF;uVzx=Us)7S@@q9;D7mLNsCe1$
zu243FUmQyg-sUPxkvx{mIbz`f_x1kTYZk=>y%P2!qwD^xhF^xi+Z5WBY4q`-rz`<=
zMiwMNLdAU=)pC$m@8N^|D^(%LBuN7WCjx<hCi-I&OS8kKiZ!3NSp*`R@$K^=l~J2+
zT*s)bH6Q<3<^&U!ywt!W`);CqovV6D*j*Wd;%o|tz9Rx}6nN&){8`Nq%`Wt1LJ>sX
zzp129qfJc^NJNH`*)Emv{flUeCfEfOqnTWr2E)wZS-SyI9bO%!YE3Z6Wk?A?hm$dv
z0)c@5$$25edj<F&jVcmRiKWN#!5>Rv&-KHFP=KBZ^4M#tSU?!OK<-l6n5Z?;{{}_z
z^-I#1z*_<7Xcx0=%X81)sT@c$_WkL!x><dHhDEWo@*8VBfUx2mu|3SF_WI+KuewR|
zj+u|ePL3ZBu1;_}_sRUlkq*8-xx4~+y1<|r0)c=>!LiJK3NA=+{5VD=Ni&_`HBA%D
z=};1)H_4@&&##(e#3}oYGFnPyxM8rWON)o7-k~eo#&(TY-JQu%8rzNZ9%>*c_?52{
zx`I6c4rDa{T-+SDvj8!c+k0qa)nJcgxH5X?874{CydYOXO$IkaO98_A%XeNWTH)MN
Geiue|he5Fb

literal 1191
zcmV;Y1X%kpf&`-i0RRGm0RaHQpugMt&u|7rv!C9LJ=rhBH$C@fYh{Ath`JqsrwVq?
zA;rGwdz;vW#=#sA1YEwE5j|QuiSkR15=5=(@4UbWOLeF_S#o-F8XALLbhnX29W0$0
z`^6U}4UEEJE#HKhq!Uh&FZ9AsCOsK;yP?!b@<$f99GRjI+k0MRvI+F2GfIq-0(2*<
zI@+{M1%IXd(F9**b0+8=WCc3!R90Z=+`AS3+BF!K@+u=)cS!#laK$+W*UPbkBh$%E
z9O&R=BhkV~W3pb9<VuK(GMUN@H5A*RR6xg^y^H~c@T)cVq-y`~U}DSScugVtmfbA2
z%+ls>0gAIAV!eeFdnK&`0|5X50)hbn0KrYIAk0gtB;cu1_*7~DLp$s41j1L{dy$8u
z>Q{6SrHuFJ5=4!AZ6f&-rB0VNk}EF%GnIau0>!zBGX8BCm(}Gomw{5otF4q+j_!<A
zA=h{AZk~4g`j6L?T^{Yz**r_c%{<Uom4VGA)ElHC2iWJK351mkRrSyH2>p^p<y5Eb
zOBjO$UMpQTviHZfS$yQJ6M%Cfuhel4SaiLNcOaOyoHLWio(XzMG7twCcX0Y8M|39W
z+&6JA+(WFM&PHD|dMS(Io@O6sR>1sm3^l)5OV-`8fG^47KzM3=dOYqWQN}Mx08R?P
zYG(QI^V0Ya2D(mOH<Fm=JM%WORRV#50QFY9`olPt_GFIfpq;w+5p8)jmLY&XujUa(
zNK6FB1Jl9zg3g{m#gz9CDvkuEY}qmL$s~q<;8&D)3AI>Z6n3J@*&>6Q$zUudW;ASZ
zQzH5(Vi)P&Q`Izs^HP*fY*{R7YiqEtv!@<vIoO~!5U81Q>=|O8tlwC^M*Cwj0|J48
z0LvBOMMw2v^dO~mza7xFv4n50Qe?_on9muo``SJVw9twDxz;$tm3C(+A5JQ?3KbZA
zjJgHmx*IBX4Ilw`JwQ-@w86>Eta4z4TXD9^xK10mFm*b9*FGd6pGoDEYM0?EA=1$?
zAh{7-VIk);QUektIB7B1=h0D7V+h(3j{<>!Ay@B-IXxJRi!d!JY9)Q_y>BYaL$g&;
zytn>PR~(ZYzYOl@OGA*<38Cgn$53>6_^#wDST1{Xw-R%AJ5f%kWK&JFV-I!P2AUax
z?0^i4+Xou6@<J21TN1ArL(%FosgLr?w6Q0^2j_=UV^ON-YO<(4)L3Q_Ev>fpn6>Md
z0)c=X@A}4A#y*Q%XsE;Fq)6I8SgLZZ^7^m458-?+{^(mFM#e>F<Mc@jEJw)Qpabk&
zk-(@&AL%0<FcdiX7v4DpOBt9>-0j)c{*7c|js3Dusa$NJOJF%*s<_@CX`P5&9Zxl{
zJ26krm{pSK35pUk>#y4J{_H2XK9P;o*ErV#fq*qDV<*E0RC9D5w-*D^YaVVcH?W@L
z7s;4%??z;ZXmnf~khf-nE#R3RkTMy<Ys(iy6@Wfd0%%ES+FRK!(pr8S74;YA5qiqe
z9XPww4_waym1wD)8+izPSjO)UCz32VC$bSAw6U1h<^ul<(2Tl{`W7ruei79MT3KX_
FDTxquHyr=~

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
index beddb721bf..aa2f5e446d 100644
--- a/ssl/test/axTLS.key_2048.pem
+++ b/ssl/test/axTLS.key_2048.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwqC/2/rPcAZEs5/ejT3ZL8Q3Pfdna2WC44i6HYCnCnbOIcW+
-6Xub2IXGwRwQBFy+mRE9WjqJ8kuOEkSt6e+8wAhLdag7WXJ6cxoag110t5FEHSyd
-GfvFFyUNjMJhLd+EmaQTTpEv9MJPJj0Zdruh1EjyRxa4HJmiD9t7XmWyCfSmM0qM
-kgJ0J6s62rRMBX+l/NEEX2VzJugdZAU671RWYOncuxX/2jUYlvIqI1l3SP8acMU5
-BtfLsYMj08lNHOjgZCPRwkdjsl6U5EqIizKZygw1FNugVEDHnL2MAYXwqzX3pGr/
-72Biy+J4TSH6lt0stszS5m8BirMgYr2FFHslrQIDAQABAoIBAQDBTa0gzEupJOCp
-UvhUagBDO+vuBMJX3XuRh6PqV3QQpYz36BJEjXttIvkTpU6XNpIrLv8zlX6bAsW5
-iTL+bRiX1eU0l4FSxqutlFiO7oxVIdd37m6edvv6j9eUXR7t09k8S8TNPNBXlYHN
-JdQbpCIH2OehCYSVC1X1z/UI/ZJF5VSn7UsYgwReK102svfHtll85K0TgHMir9Rx
-Dlh0vYx3IJi2nDOTyJ4JekkyEAcYd3D6JUd0JujcN3Ev3EOsns5GXzN6KYvinmYf
-Z1bA/HEMNb9ZS9bdsoAvyeJAeGp8ejzuJVHGL0kATgrAamb58fPS+A8Guk5eN5KY
-5zvzNrJVAoGBAPVWvPrDOJX2ZI7poJ269xFteTWWIYA+r+YRRkhMBMcD08H5gs6e
-QMWU9w8qjgSmbNkx8skkhn/gV5R3CbVYYRR2osrZIoOayWAsJmY0bHFTIvooYhfp
-3lPVNIPzUpRObFksamtrsK+zpx5qOdigNhComXLsGWKfrN9Yvkb7YzIDAoGBAMsV
-4UVH9WH0IKV1vx3QtrGEb69SZMpbmM8ZsPvaPgq00In9udY4w5V2ZygfTiq0ChUY
-fYy6BeO6Gyp2DSABdz1AUH+0wcnNrHJghFtxtsq4Thu4MHU6ftc+JCGfSeWUapfh
-KiHS0TEguRFcYSHnM1IDEiU4aTHY59FRUWMI2hKPAoGAIVfviTk9GIyLMC0qaiV9
-7L1vKsxDs1VRvLf+UFcckxu/DO7nS0OQ1Amh5krHUHR5+K7kK1gue3S3EnN3O1FO
-qGRTTbRjD3XbBpoZgeyADIrbBxqz8kITuFsSrxhD0eoyqY/yyrSxJ8AH54dSY1Gq
-52qyqD7UWGYRLa229pi165cCgYAd7/rGWMY+i1toqMPkpEjaQFiqcq3y+q+7D+F8
-Lv7oWyFGxkVn4/RJCyxHyN2gA+xckcCoRx/pIx0wFDj5F945BEsZmE7c7dnW/o1k
-YY39sk+pXGygS2A5YKq43h9pnYhdHU81rzsxT86YVZLoCYoSM+uv2vH+7Ce4PpGN
-1Nc41wKBgDUrYyfDB1RzdB63FwPRax5uLjewnuMXyZhy70ZkiGh0XBuQt2aCLeCZ
-HpAyGcJryxdDFYA+UwJoSWjaW9ku0lp+GxX1F+cResrRHTi70w9czwGVaKmcG3kI
-fFjG7w8nkiw5J7IRH7SxmNbmAv8L0Iy6jvoWLFB+EdUGWllkjCmJ
+MIIEpAIBAAKCAQEApaC6WCGcPJ25ATSgSfk+BSqhb+CccHwPzd26bJBT4po1RCGa
+RxfXrDqNm3/UhBqol3l0bIa3/NHqv2lm3ngM1esJnwmBWTnyBOippSE02hEh5SJi
+P+xyo/elmIFiNU8z6OXVGKsi21LX3UmiKoWGvg52Q6Q8TBXUUvKHuze/04cChLyb
+dTdxsPjm1lTAsQVKAQqwExhSsTTeLpGPAcrWw0ZsnUnC/p5aUYupieUYjVOChmvH
+lJ5n/ZGKLWNcq/ZOIoutK5J75aXB5tIra7z+xGJDwXoVkja9W3ZLoWMcuBk+KOO6
+zFvpdGW/4Cx+ZHqTfGeYpFWCoi++Xg8yVRaLLQIDAQABAoIBAQCUcALxn1W1oak/
+olmRUnY6DSXX7ZZm3VkQqIo+Z+82I/xfDjqFQqIA8g0dcqgUqQu1jZ1A8lAMnllj
+qOQPt8nRIi9iQBOT0vHLYnU/0A3c7gPRpkolfhSUTQs1LafFnTEppmmgDShVJd7e
+rPJQZ5EF3lIxdwyvJ9U9ba0lpeYefO02GBVobeF/sERK1gOEo+V8H82/6p/X91Ro
+jZezh0ATKJd27jhX5f0+PRop9lM16op48biJMAVDyS8+9fcb6V7zpOsbJhL2C91Q
+CZe6vMpCcp4t5fby1vx9CttnWYEewWyfVkdMuCf4E5hLuqMCYocmQYx9wOebE2b5
+eoI194XFAoGBAM6O6mcvpzlTRjKsNG2eKbEkqHBvINWkYUuo7GowLHlXvDoTnrep
+qJ5jtIZ0DIFAYmwoXOcDb0icrGL1gb9KZxW9HPKT+HXGlPf1YSWKY6aKEA/nxach
+Pcb8iAYeVf9BsYiK2xBOH21eEdG/kDCcjpX3fzlZxqGmZpd+TaM9FKmLAoGBAM1F
+wXym78pmw8+qp4035j6ZcH0SPbS3Dbj9v+MHuvevZlLhX1kUT/JrNV8ouac4qHjZ
+765QNoRfHEsO3uYqS5E8lss5YuEB9/X+2msWxQS9EvYio+v+rIZfhr/bFNqVafTx
+oacsAXVGFiRBQsV9GtVykFfv4YP8K1UhyCRJAwUnAoGAJvpjE0uzw6aKNZ+3WQQi
+m/Ht8yGVUZtuXMeorTUf/1nmBBOVvNTAI/tuonydq3pJ2F0ZguJsCoi+IwJvFHjm
+0PxZzRDNLvRlQhFE3r+ppFCjTU0QSESGktkulfD9i2iLJtgFFKOZXJsGw8zhWbsB
+UR1eHaVqTTDIZUgJQIeTMZcCgYEAyXkhw3sF+B6NKhJRiaXH8sEfS2LP9cOFUICe
+CfLYa6pYQBi8QO5S2ZioNdH/BkXx9UvSl8BbAeloF7Nsy3PP36kcSDL2/em0ull9
+f4ZFsbTyG2s8gLDiHLE9zKj2+uOTr7pJ846Zj8VOjh8Prk5wO/fJ/MWRDr4+ubwC
+eLrAoBkCgYBHwbHMfgouSHD8OEYkSTOd4DVNE8zpUBKiN8mlm8+vmmPEKfuNMlpK
+ZbhhsKpLi4eo3qEr28Z2jVfdnclRGtuN9B5qICj4la8TuoI9AQ5kNP9c3By3swAx
+ltt7aGTVYI9kuDJ65hkmSdi8IFdCTQY3REsBwvrLd14pWuHcU34XRg==
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
index c205382ab7aff86732f3dfe2ed465797770e4de7..48646d4c33e41bb2ef42a5fbfaaa84c2175c9ab1 100644
GIT binary patch
literal 2348
zcmV+{3Dfp4f(a-B0RRGm0s#P{m;#2#{=ooiNZ8$J;n_e_L9(+ffd$j^?o{WYs@d0P
zRQ~L<)4EGMiZ!PA<<0)<%Y#N4KsrvgJFV=RAnAS24!vKTV3`Nda?MJW3?R2U);CsK
zd}|#W$3kvHu2~%Z&y@-O*f89iJ2IMz2VG}cj3b-vHQi(@c=7hG_3=N}nt1u0EGbB?
zZdZSb8Mz_`=D{Y>TDHf{l6Nty%m{M|z$?N~GZfa&6?#vD#hY5(3Q9a4T0*tGe(Ft6
zO;-?^5C%F<@^3Rfw--TTl+taOmOr~GdK)(nn7CLdWf(~;M^tEIe?>)9rZ-b(z&fld
zu889x)h3mjT0%dJ!;@?nu1Q}VBR?b1nZz0*#bG94#Z3bgL~?FWE@IY(@jN{;`7(o{
zk)wd0e$5u#>W%b=p)(AbeCif8b+o2QveZ8Q_d3*qspKaLd#lf7_DBBS*~i#_?zj*_
zY#4krTfaewD+KTqj$y=qSBjI+r7Z%y<v&U3p{XTU^v6|Z+xz8eyE&*FcTFn7_!6Ml
zRZyWan{3{4NiEvx9F|%kq`LVZyirP7HNAJqX?T5Ny>rIBMOoytmj7kDr9c(l(O2)H
z(fIxJS>u6Y1yFn6T~RR!FQc42Rn7XA9nD&<DH3N;wK=5A-QfesEfL7~(ZC^AlZq!%
zwv=p`1bPWIQ3(M80|5X50)henNNs6Y@h#An_2{RP$7tm}R9^Pg+Os&gQ2WSzP?rj!
z5-*TBjhF<NfU^_x+o&pDU09jI^fdZgl+>{}+Bgme)E^6agbGAfFjP}bT-BtyT7xpS
zxsvhyPAV4QD0s~sNH*~v9>nTJ5jfF1m^P4v%#zf_80||MDIovH9!TcNL!#P3aPoIZ
zrD;~Rv6q+LSH0Ws>Z(Q93Cwwx^&folDdkYQQ?+^7Y#taZk_2zIcS_p$=-WR-r6k5^
z`Q9AZ&09&<kkdw{B69x;#IkI|cGb39kB)Bi9;BC`_$guPD}P-8W@MLdjeV7C2)Pr0
z+t{z<7Ro2B{=B3u?2SG9-519INa8h(in5yfegzG%RZf2<jz;C2sl4b+z()4^@)+mg
zumH$OC9Nb=d=+jhj)DpGjSgwgc`zyrI8r>?%KTR0B5w;@o)9zIzM2QlSD_}WCD-!l
z=*&)@iyn%}yS&`Pwxu?aBZ(YaFjVnGXPKfW_DrQF5?pMdqkHNWX5I6Wa{4!78X2NY
z^fFYS(5%VL+Desc<e*4Wuarw2kE)iJd9i>ke}>5rf%Lsv&*$)X*m>Xo*fzrh`@sK{
zemvF))83vU&aL&bKmY35mspKe{Zr~lRP&i}(_1>x{uu4m91s8-#1ZVjIV0-+@V>Cp
z=oV(3oX&I}#5@ks0)hbn0NJo+7ZDZk6%w7HK)pDrqnnD06;`H2brD5^6aV%{S2R;b
z<y&&7ap%-TfkzpMuK9OnoQ;PuFv0ZLbR()NapmGfr?R~|X}Qt>O0q;pP8kx(Fxi9z
zv^x<^nL(3>%JYV8GzTn1mGqo~57!}DNopBdOJZal(F8NW&GS_2j?u$hC9$sE)*UC|
zA(ehgwlp8S<w~y0Y(Pg>detsc#gGHoeeyI62?enpCT;GDyn{fg!yf2{tK6r8L8-{j
zWmujn)3R`}w^3W~oc9wnI&2gHljAvYx5(wc_y3pY_!v?j2cFQbtFD7qJcK>82lu++
z2de2Nx*CS`bCQ$dodSXZ0RX^aac1&D2nLUw8}i_%3EE0IGhL<Zk9EhD1Ikbuh3r_n
zg!0AYQk&%*X^Iul6h_+X7TAfRqZ9QM+Wr|TbTf9&#82G;=Hk<>Yo;R|OTMFZ(f_&3
z)ft!ypL4v4lJZ)sp$V*V0^U+|g-3jybt01u;0}_;i%@h4I<hjOVRTSh1bl1bhW7X?
zZ~(_wahe6h0cUejf<-l9*G0*zlgE?~X<||qVq98&hse`*zj#I+>m)VfvRVj}+PVQd
z$%(#`JCzh771fa_2a++OL8ToUE)gBT+4vmT>p>VRShbNOdsO4khw^!!{2Kbjv34O8
zVDIg^UzX1Uv-cNx5VZn=0RaG^TDSp5|IEq3*QX1%b;f_^t)z4Jn;izN`>1p*n4Z3i
zp<;ey?=s!vDVlM7g7{<tvo{jCaLCL|C$T*|rbqeCoQ<gix^WJs)_StzIqKwpe?~KS
zHv7q+vaX`{QDi95qXksBFkaFN(&{kPllnPIbZSyiCdXF;S6#x(Ct1d=!m*8;3v-a(
zVU6VX%K4MtMBE+J;)N5!{a#^2oTh7=*v;Z(;h{bn!t)0w8rCT8+`>3Vv#|!aa!mnX
z*x&1n=?C+SV=c!dei68K2K@qr)4OY<)Dv%4aJ+vNE5e*fVy$mik94^DjEy2B9~@7A
zmppG1hUeC>4Du?hE(4tcf&l;o({o(SzVb|$)uyf04BMt^E<GopJ?iUSa#Ml>xMrK9
zE-?$113*7O<PnjvGGh<Z_6fkO(=(h9jnQC+X%;yoMbnPmP-^B)!4K{}`#~ow8jXes
zw<fV!s|t+pvC_%elx&&3g|4K%6vs0k;Uh~Hy+&P^IQz}4+kR<r^S?qDvFc*vq4b2s
zeDQWuiP8hN8Bd?IxZ1b5yB3#Sle|SqWr>qH)9vfKDQRYuM`}(k6dDckd>_F&ZQByZ
zZ6t*p4!v{Z>1O)Sg<Ok5OM9{uq|bW>a0~~zQHQlYQTPkB^jYVtKTUnRr&GVFg2W8o
zkC0CEd$eLG7elaf8bk2{f&l;@Cv3%63(Sp{p0(|C36aQ)h~D9#vOmntkZ~slnhPqP
z6^mvyz&YRPtNZy^tO*^&V>3Llc6E}l^rWx0uE(NM@%POqx>og2Vz+-3TX)f|WK3V<
z!nA_Z_{F1d%Ct3r+XfP;ggZxUsXu(1vjtVTPYM7{dm@IOaK!EjU2_*}4*?d{?bs1-
z-QR<+bsFyn0!&rwoJU2XzvSHG@Fz;@DX2p|sGURX?(2q`7gHk)MU)+TrVd!Yy-=>{
z*`PoHfRz&pcdaO8O!1<8c1fQ(aSAj|)#}u<uz8`8VeL_=MTT|4*Vq<F&_;bP=8exW
SXGvD!oP2b!!l^o+5|jfJ4~#hg

literal 2349
zcmV+|3DWj3f(a=C0RRGm0s#R0C$yPeD$39>4Ep0;5M@#wpmeJ?wh-{#-F%}3)vYB3
ztJJUoqYbWSsq{2`FhC1&(<a<tgeSWWIw25pr1RUCV&A2S4ez6)T=|?mmuADrvY&pF
zomJ1}w+D;tT#z8mUzcUMuk^h+_r*lQN?s#%9QEsbW)ZIp`UhtqP#aQ!kEnM5rgiw+
zVXhXV##-lf26+ze(d0CgK;T>maox?BB8At*_qHegN_Cm(UerlhGFqSp+Cz&}#6X`{
z2H3(|N2wGExlD97fXsOeCn^W`4Pn++s+M#D>;O(~wfl~y;qgj?b^u`WqW``cC|ig?
z96y!M7XS2>*B=ru_+Qy_9la*KLK^5a-5uR~wh=@#U7Tn=6AH}gihl`NTe>q(s6__@
z%!kaMhJ)^ct&_f>W0CD_-U+Y4I0SM3pkv<ZUM50cmf`*AW}TkzA-Px;K=#PVY$>J2
zC5#@2b&4ibCx^XoK}a?;7P^WLB95^r%-L{Z^TI${%`T)LB<vl>-5txgX;UR9*9tfG
zp0JoMr}gZ3&ElIoiQP({zW|?|<qCYxgEPW+m{-!lKyNF{i?GZ&5?H4HS_o_rv^_g}
z1|s4$-6>Q29=N}D%WseeY63jXE#yASA&jVGam|+W!jT0{up!{AH7z;XMwF|1&oLlT
zI<O0vxi@-$!>f-10|5X50)heo0Ic&e?J7A6sOJ1oEf|dfVdPFl7nV#Utbk!IcE+x|
zwzL2mzN#?8R)=NF$soY8eCHCB3H|LyF9zTm1EmhU@HP^xA!jo7)<0XT9bP4MXZ}Tg
z9vpLn130B*c(tPYd~`tvpU+SK#<q6ah=JDbVAYrknEh8M^Y1I8UO9}IVCyR#x|!&b
z>>$+(${mFip2Fs^tL+p5xrw4e0R9cryNig*Qm99AT2>K`J_ZtV`sYF+WVfz|JC5a<
z32|_d#wA0pmA>Jqt>Mq+?{md{55I*UK^tnI4QyYb3M%J`W?RySWV>v6a0W~ptFc#8
z2+k-`_?PuZljI(Z0ycu)f%7=#+3so6_4~q}&izudsVk7dFnzrcH(x^A=H{OU7it9{
zgYY)1WTAuDc>i}P!P>*jVZ-o?Z5mw5N5SWmc^m+(>O|VI_8zn(F&6&QuB}9w1$fl;
zoTz0hq;ReN$w<NtWWC!14hB^a8Xi9!BaVwUp?j%epJ~(jIRU<1{B!Qc1f+CVAfm8X
zzW7_DFc$Jt_)RoWa%U5x(ZBv-RtVCp4Ca9IE)qxU-_?f`G1C=o_xTPu?ec}uqbMeG
zwDwt>nV{J0^Im88if^GkC^Y=)-Cng#lZ*eux-L-x(rbUK01LbXkwx0H)&siZdBsGY
zPMq(uI&?)?UC^J;$pV4_0RaDqB(do1D>>Gq+(e`t>wW2jmbau)pXl!~H>zdxJy}70
zFQJ@~IHF5WD^efq<~`Y<fk&Y1BxqN_N@I^$i0n?-tb7Fb-?WQT_bb5M?{l@sb3v~5
zor|n7Y%h;Yg;T)WVfpdNj5+jQ^`+Cw6yG;WJ`5xSo8oXW1pP*do9sLY98Q=2*WS%6
z(eO|=Wc@Y6wKCe59xhIQ(j+u4zQBSk60*m!T{n|YMBStyr50qjdmS6L5*HGb1n_@^
z)IFU0YSN9^Q1r6#E2Q&)vXf7?b7S2Y9=dUrsV%6B_3nD>-ZapdE=Lvf^%`bxIV>8_
zpi17`dW!e<P0=9v--`l*0RaH~o%(S5)|8yA%@ZSn+}<+{P^X!XdlTllVU|Uu0T@tN
z@fKl-Ilj&F4kT$Ch4S8iUd!V;PV7GYdR!%(VXU?VI;vW)70*A4ocnPvw>m{S$qPsQ
zzinB>N&dd23n`lgx*LKC_VcD7mz0m(-cw6)yAq_15GEpUr!x{xm4s%+;_{m6IW3%P
zUSyYXejLf2KjE=<FLDIt@%w%ER$XQ@Tig%q&MX$6w1}w3x)8O19*~1WDbY1eQr#I5
z=|wC;T?1)bZJu%-6IZ$uv0M3f0VJOG*wd#j@&zmbI*~?~v<4w3$y7mKk16}fU|5fm
z!y0(4l>QU6-!scDoFt6`f&l<M92oL<Dyz4=P8q69xgpd|*+`ZMbpX;E3E?ju42rs9
zzy^61(O?4T5xL=g0}+_-2gHLF$OCxvt7hKfbRgoYgoM*?_`8M}-?4tgGtvwZ2kzHl
zc~<%bCm5kq8ql-T=3`3x_~20|(H|8SPB^KZHe(u6E{?<-VvV=xdzMdYm*Dj#!l$Hv
z+TA83c<SuuL$iFs>+0&(85wU;4{*%q6qPV8GmC(8`8*ZrUuiq8z;<uqrK>aBT#Uur
zDKGrMBOFWEVn`AV4MGdUv>t%IN_x}+7WbM=`KGAls{0t4O86`nN}ZmdaAZh%0M=q=
z(+Zh=EN$fYA?`prE2p~xf&l<!N?Pv@tG%xb!nN1gQvz*i`&$@+rIHszVbjH3A`wHj
zMg;j<i~Q@$cXBog=`6PPPiAFUE$JX&w!K&XT2jn0P?DMj_A<eNtn5uV8oBJGW0ZJn
zP-J3A2zzp=?#<!w>+H9=lOdxG5_)MY;GlVN!q)iERlQWT;`HHkO%rFj6$8Eo2%|Sb
z{rF3nAU+<!M5+{I6($_L6>bOCGW7&gx08o=COjKnG9OXBv*(*XA_7DIoHpF9f_YHl
z6Rf__Wk*KocnrQNJq$tmKXqr5#tV-L-)jzV4sP&t6|KgmadNx7o=1RY_L`XR=my%F
zxJ*{_68OcU5|vB!271W?f&l>lq7j)r+-H%^f<*}JSZVtPV&|7V_uzNj4B0wPZU%(I
z!-#xJMnItAM}A*#OO?#rh~@QE<UVabM)xiI?Ll>Q+PsjlRKVqeTyM#dxk0l02_r9_
zBsL~(g-PWYbR%PVYD*$Dua&VxhCu}x`T7lBNtJ2|fQF1p@+xlc!^9lFEq)(oD{-AG
zM<Ua4@j|awSC=6fyN?oZ>v3>^$8)&&Cqm9W>bB2ITLy^6lMzc_-U;tIQITU0U)4vV
zu^PNP`(&Igf`#YYx+c>R;XC3`YZg5g(tGs#J^3oGTnXfccDQZ1E2^{1-{SxQU()Tj
Tbx&XXcZMQG44N=;lHrQ{Y;S%h

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
index 9929467f45..362e77724a 100644
--- a/ssl/test/axTLS.key_4096.pem
+++ b/ssl/test/axTLS.key_4096.pem
@@ -1,51 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEA/Ce0mV0qytAwDPrjXRBlUh2gdKs2thDw3N18owXVrSUFq9Sw
-AaMNrmep9DR9MEALcdMm3GCEJ7sOOiEQcqTz25di36WJDe+jo1z5nD2XZsPIsp9+
-k51Vz+W3B4vsXJAgzV+XZbmv9L0598VEwkpeI3Uc9et8ZhGvDPoHZyBQG1KAj6h3
-AKZ1+NthrhajxlrndQZ5Du/R5DSUQOBcCHHdzZgihdfF97Yn/kp1mele1ElZMlqg
-BtpDi1TEQJ9XBtjCW0epFAm5THQ3gMx5DCcqB/cNYdZWqpZ0AuwATm61+46m4fFK
-g3YAYPOi/74aKFuIQBw/lc8W//SV1x8SL/hf2XIdvSa9QhroNN0d3Xu2EUQzXZxo
-PRMKzOqKfwlZW7ozT6hFBwPMh8yfhoPugq2TvqBjke1s3gmvwTgEcf+gY97qXiZC
-X5bh/ehmnZ7vIblYFUD2yMlsKaXGJYweh3WKJlQnh71wQUg2Mxa6ig8ijrEozNlw
-YfPCQFrNLqQfJOwdx90dy7hpUyUn1wo39p6wmC6n9ex4zeKbO4ndSp+/AJ+d5Qp8
-zoMzwneYV9LBQG8ry4uwzDkSWKb/WghsEbQ9O3sGIuI13SlT/B64v3bLb5AHagI8
-zS3kPsshjKhkcc2W9MKRBU2wIeCsNS052kaUq3rPMSBROrALmLk3en/Dq48CAwEA
-AQKCAgEArPMy7So5Cqjm/FAtGI0BYeRORReWTCSsgGEudsauu7a0ABq+qjDDVodl
-y8kgwLJ85xKUCf3tRy8G4BoDpQ688DYSrCFnMvbWP1urHV4ldWf+RX4eHHODAzil
-ZHi1ovt8dEEHn89P/8a2dtqIgdbuYNWYCpj9Vyjz7yujXjmMmGDrKx26meiS7CDV
-C8odhRSewuawq+0UArmJokIA/g3Tu4uIylKoR3JaVhGOPgYSc/rnQiFkt66HO47l
-mQlxcJHGJUOulb7hqK3hz+bvc8V9D7+FH0EbaqANbF+hCirniWZb0odku2x5cAZM
-G6uxV1MIzihR+Jf1R5PkHowCNoLegfM45tnuadP1+8Kezv1SsqkrkMEwfb0QN19C
-2+bmnwYXagUgg/A2q2Shg9h4/3cpwdrDzGHD8IttGlzLR8HnlHkcAK3qRNqy9h60
-JDEW/tOurUSZBXjU9ZyoZSukcK3+yUjCDWS92wMOBlUQGh4/HCOOizahe6lhn2nT
-+jkBvl38c+7GBKR0VyCisFi++FukMBbyU/hNNFByZxOj0b/+YVYI0qwM5oDzLhJH
-69/VhxMx0xVt9/kOOO3yhdGjKCZztPZZm5mg2OzzXmf4im+hPSg0/OrdXrVNk4v/
-w7ouUQHSa3+rAAu8BJFF2rTWA7rjecVEnk6c77I6dEVYXdCfz8kCggEBAP+IJLHo
-7Cs51qPcRKQc633phJa3pFGf6O8xN6pl8z1ZQX0voZyROKJLTytSH+zmPdmggUeg
-7CRoV8BKY49YiOxO2Kx8BPfftItS9yvA3O9ztcdzQa72nYusMWwvj0yFU8DbYfnx
-yYw59F/1pdPKFN83Sj4MJAOb4nAxBP1GiZvsPAgcTpf/197NLNHwUDdk/TXDtTLa
-lx4uTn/SJDQuvsCCLBKyx7FdN5NPRN2kIKUWZLd7HRu2EhcSlATwf4TUPZz7atKN
-2FD0svErpPOAspNPtnNj3RgeunGVqS2oi/XueuveNNCYLkcV8/UaZm85LBrPoEre
-23qK9/ZN0SD534sCggEBAPyd+nD71pScrM0TI4Lc3jMNUKeZj3sT5rlhlkWlARhQ
-WPEWYYg5vs3zDiRpG4Xy3n9ey+M6Tuw+/XpcJZxhrLYFOqparxXPP4qc+3EvtzpF
-OskLR/2/bVnESf6+pQspmwW6G4IJ9vOmIJeUj9zeU0txuxKkjhAmInCnMxJOlYRm
-xeLymuo5LZxrXmSXcX4cyZ0/4bF2L3IE5vH7ffdWXWYzW9wP7M4sFp+0iKjHuhC1
-gB6Qg0Mp0TVNUt0ZEelFLEJdA2lbbZ5yHhNXuhOxW/l3ASSe9tjTpy7yBSwBOpFG
-l7QGISfJVEFfjyn7yWBYj5LDGnitlP4TtN8zyy6cJI0CggEAPRwY8ncqq7e8Thmq
-TLkh1E3ZSJYIdQDSGwnhLx4MirpiwAZ5FtFgAugRueF9AxGY7wfEgxXIA3j0q2be
-4nQg4qqEhNNv+LuGGN+xfsQz0gwRB+7XYXlW+gUnGKFTGtCz0+ZjSvv44FEn0R8V
-Fk44qZ02YxpSLo7EG2KNt+h7lk9rl+D1JsKnpH/a3SYkeOrs50OzfMLr6urWGRlv
-UQ9wzOcUlTAuM4uAc/k8FelfaTuuwHZv4qWrM9tcjMXbKS/8wCMcS9hiSBINDUIL
-w7QegL5KetQCFveaTPmmqOWq+xiaSvgsF0qdnqBwZEh5ANZiZtMKmX0sbeT4Ie5A
-OiunuwKCAQBlSlrvDqu9rwzCtdfZUwJtaftbGIGlkhdDYdPFXSIRQ7ZGBPlai/zr
-y3dyNgrpLLb2T2ZlWC3pIGC2vVf/WlLMMVCSmgX2MsGBrOxNOBq57KRjlHhrUGRi
-SAh7cqnuzeHw6+y3uZMhow0Semks4KB5ccLW+NBVvVS14vThdE0TZ7oVA74GCKM3
-Qv34S5kgPh7BRKoUZBUmHL0VbgfWMvUEU7eTh3cmPBteMh9RvbPnmz8iAkP/nDbc
-roJ5UOITrL7QZUdG6XgMvik9DEH6P3Vnk8YLjwnfaw5wDm7wdBWtxqZxcru8nkeA
-ZvaamPDoBtqauExW8xL4xaISlUv1BnrJAoIBAQCiEZk93GeRzYJFCO1YafsGYueX
-Pffgd9wM2TpObgaEw8OIfEpGQKDiR35fb0uVzNyI5fVU5D5tP0b3LfvtQXV12ryQ
-sVTA5YJcb8mRuUGy/AkjL54kNiZthUnlGHQjY3lqSyI1r5WxRIZBBRn5+g1eSZVq
-CYCGjEryKm7vw8Qcvy1+H2crcZ0rRyLTcfFCr1ZXlyEZu48ScOtxcIDHc7j4J0LO
-Peq2z0tbBojGkxFLX94J7zpRkWMPX9VHorEavDv7ZJwtgoXn3Lom0xHhO+JQaxY9
-FtJ79Ps9+SquXAnkhna4bbkrqrPM3+MAAV/S7bd1T1/8d4YiRQyaMHGS4Yr8
+MIIJKAIBAAKCAgEAo5gChsj+wQBrSNjdaeHZQFNBsrMsgQXT8+5U56Gq2ddnVP7s
+s9O6SzyKNab45c3+68uDRhlAOk62O63smiDpfc8OvV+cYJkH0HLNSpUMILc61jdW
+WnxrHRvHQm5Drlkc/s+VCf7YMNybOzKaigddZ1qMI5vtNd1kK3jx9q718T/Wmnj5
+nSwpSK5uV3+KGbkiBubBJtFatsfNkncxq8wIcwrAK8JQMxTWzhV6T4PFm1rcCko8
+HlpCtb1+6k1PTVcQmRAGOk7ybzM+txdBYpTSbZiWP7spehs3D5i4WChlGEksR1Ro
+Y39FRVSmN1NnwDqsKq6I4yDVJpWbWkI/jMOTbBiuSV8dIz8j0JnEGiLFYSZhxU0D
+FERyblAuYtaG8Tw9Mvkyg6GRo4Cffs0W3OqN9IehMwyZfOoWNXW0pkmy1D7+9zrU
+gqnkJwp7q89l9kf+3tnH2H/uuBBCbBh8NFu/QYgrBPAUjmHEf1eKk9ClLQK85T9J
+6aGpJVj0x1Vm2/vlars5qBx3TSrC+BKg2FVQoTKbbN5ySS3a6RyWWiGkuvkfvFFK
+WTW9d8lpeH1ivXPGvUVZ5LOW/2W7pUAV3tFX76LR+P30WeOBYwVQe99dUTEJL6Oc
+PVXN+pYdzVquKRJnULU5pMvd4QPILRHI99HAIVaTiidRtpRsmAR6CTVRCQECAwEA
+AQKCAgBIbWlY8S3QlvXop5LHaOU9VF721dqzOLhQ+8h9UJcKoRIvkDmNmASXgLMT
+89uoKl5dWJnC9DT6W5TUsTjaOA4H1B8LeoQKRFYwVFNNXNWkulqDMra5kvH9TioW
+4Ch4zR1INvEeHsTqRRE40TuYNpCEzJLUxRjtSxopIP/HHkjmyUOi2kJw8ndIpWlW
+tbGXl95Xvdvv6qpF2AnMeZb1H3zyKeVQulO1edlsHhgrkgRvtndK2vjo2z9DpSTG
+aPneHNjNW0nWkNNGpiJy/wnEsmzDdtW2W4+ObvQepJeg+Clh6it/XQBmZJdvjX2V
+awi5E4Db2K/kFsonrf68pC3sjT373RfHAEjiNY2Kspr7fgUNsFVOfyaORuWcqbzo
+TMBG9vryGOfhsADISSWtJFN8FW4rjoIJ9Y0Oac95MCoMOFI82sr8VuEibwtbnhAz
+2r6aB85XoSarJdfy6ejMTp6LHorJu7zcw7alNpEjiRxbMFTxRGeZoif2TKUmElxs
+oaN76hZm3fOScvo3YhoZokz0MlSg0KzJzdpKlWvkoEhSr5RLHY+qlpd5sYAtf4bJ
+EIH0vVrP5/B42Hnf/9g2wwP7wP+UfjzWCNPeniLOrfWyP//q2pdYjVX9U+pIVPOZ
+cdNbOtH+GO3VHBAAG8QR7L85I+r+8L6w0ugWZp2cznQexDwO0QKCAQEA2bBmFxEV
+8BUSnaFAvTipo5uKixVWpkV1EUWCE//2R1c0U0blW3KocefURIFHGYmu+XdmnI2H
+MTDB9Nh0I6oqceXiRKeyvTppudIASrJER04ZEskw2YQEtDsRTZlBk4fK84ZtNAcs
+RJX0nIIP1yFaSWoZWktiZB3RBDPBzfNU647Rw1wlsa7d1h0n4SGVfkq2NB+85Uqu
+y2xAR1d61S5SxZAD2H3yNAwJBbEeJm3uiryDQKnDHuiGq9yngkGpyM5lWJ4q07Jw
+sbdRW++c9xM0OmwUAZPjOXG3yOW/9/+X5/gYUh8HntCuq66DVjyEPbQH97rhB6rp
+JroahvRzkpPinQKCAQEAwGJxZvJCCAaPnBvy4KcJ2ko5M12l7I91x5UDylAahexY
+u4TyxeRSm+UcaYoV0BRG2usW2ImioxP1FNr+GSp0M3bOxE/dAebi061rpiMdS76j
+ddH/uczVGZgKn3O8iZLyWquhCaxyAt5SdIVHfJ11IpMN4A6SxotQdAk6sjKjYXRQ
+WgR8a+OG9vgrcADHV3GaBcQBZ3NRgkU1YddFyauTx5QPaWJSFmJcWn6HyNN2v3hG
+HeskNeOyWgiT2roBO8mJvpM7lRQiFdWRKAeSMaJBpR0aLhEdwNn4HNjrQRgrWLWR
+I3tU48+H8nmf/Br6xbF2IRRg7+26X5bPA7P3F3gQtQKCAQEAoVq4AUb/zMnB16cL
+tnXGf+etpHP3mx0GrfuodCyYnr6LoWJ+ZO8y3eMpmnF8gvhkArM3ErlwyMxMJ7E9
+PKZH+c6cjakDunEOptZ6suM56uR/f0YzeDb7yZ+yrqL3UWQo0aMFVLgwXtIL0uow
+1ZP6OUp0alJQJsdXA1ddwssnWcatwrGNmwtzkN5hjeT3yvmT3kTcHdTihRPC/V5h
+RJyma5vYzeJk4aE+GsLzByca1iju3MI4R7OxBrhyTQFg2N/rjOkH84xjLcckfhG4
+dgb9AoTTu2uj1BNvV3C8fxUrwpxJYq1vV490uPqMjSIkHxxPf5c8bxOG59awDPIq
+rC4DnQKCAQAE03Nczb7yTJfVpq3VDNumai49J6A96utdclOCA7hmm6MuMQuWA0A/
+QOQRkbEyYw/T9gnArNMznBCN0WCGaRY5JEXTjt1QauZNwQ/uPvtBJysajYYItyax
+WasKjPCx0snZlGyZvYWupL0UxzMf4SNLFr1GXZc4+82s235pcfO/Qhex6mLkofSE
+xXzxdlOJ0gO3GU+ftLjat7m7Fpddk7xFSWWJkznT7eu7KWlmlEdqTi4UGg3yfB/B
+Om3bEsdtJIUcDr1z4+lm+tCFXItCS3uyFKTPewZwDAe5UYe1PlH4C7X0WeerP019
+u6dTv6mCxAzej5BO9Hu0YigXQ7BzGkPxAoIBAB8nbMVXC8yNlp617XQJkciLiN7h
+oLI/zM2QcScGmgsqnhWLZjXAOd/pq/v5V6wJHcRjMzyxdnWSsPSkr7aux6JS8ffN
+J7pW9VBit38UW3fRrWRMX+PCtILT+MWjb8q0NYDbBhKphDtHbKk/fJuzBVW5TwoA
+TXsihp5wxO4JXXMXaw8BFtXt2BFv3d+Dr3Ua7wcCTFXrnEdFor/k3OPwJ0rqKahD
+PaidQ+zu64aZF1MjDEWUHXumDli/vVCu6dmgQAGAlRMKd60oZUzxonx2SZ85cQo0
+TdXq1LOweaGRYe1RqUWGdcLX2BZI0EZ9L+aNzzFnSVbhnHx0sMKpOp8SlAM=
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_512 b/ssl/test/axTLS.key_512
index 7ae50f23bdc90e48f165aff330220508a99699f5..3fc8a7872d1833a499188a99d980c4a73679acff 100644
GIT binary patch
literal 319
zcmV-F0l@w+f&n`M0RRF)0LaQ+PP?|aIqFW!gl=!;cx+KRRTPd{I+q%^`tsdqZ6z+M
z-dVxk@sQ$w)Z?*x$#qjAkjc@UZ`v8Z(6{b%7XkwT009C(Bst!D#sWcFv72SQj_^T7
zXvBW;y0f$ejvbTq0=-X(kFxf;<a>{u7oOE<Bq32t2pzD?>|QFS6l&D}EzGq60wDnI
zFPX;3E+?;+$;W#Q(q+p&nle)|SS{22GE+S_!{JE+ApqCT#;#n=(;-3RdDv>7>(4%b
zN37Z%B2Gz9)?Bpd3SR;sIWvz>u;qNbYmXc34t}@Up13nx&75VeB7%Z}5;A3(0wDmf
z{LoD2r<LQ(nuw!FuIEAwOh9}tReo_E2JjOP`=6NtApq%%QJdHx$Gg9Oe7>Y{4?_|0
Rj8E9Tl@FUXC?H~j_`9{Hm*W5c

literal 321
zcmV-H0lxk)f&o1O0RRF)0MR=zU#S5?J%(*^zCdnK!AXBtb)hXb<-t7<AR5slZTfW5
zJ|nPj{Ge*y>_Lcx{!|rfVZ|0=xRXKgPd)!Gy#fOP009C)0Fimb?T$65*W6;Z_#YNk
zQ@#a*O7BqLt*OZgemVyg$o&?(z~q?GMVVlAY-DAL#~wAJ%@hSVITaeX4+WM10RkZa
z=<C<0-`J3<JRzh6F>2Ex*d>@xxG0k=x#?fIqh)t}0wDn9_HXM@#5)1QLVZv(dI{VJ
z<#zME>JR1d(>*U^;<!NqApqUavgw?9b&=SA#N9<+P{2Du+98<Z^7}$5uflGNb5#N%
z0K;8s)v|{ZPCF5Jp0h0B#d0-gs!3GYZqw9HExe&OK>{HF#AygqJ2JGkYa5*N@$(u=
Tmj7@iAR3)zxTTMr$9H6O@syE#

diff --git a/ssl/test/axTLS.key_512.pem b/ssl/test/axTLS.key_512.pem
index 1e2fb41f87..fed6d246da 100644
--- a/ssl/test/axTLS.key_512.pem
+++ b/ssl/test/axTLS.key_512.pem
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPQIBAAJBANE7MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOw
-cPygat7sQYiE/lQVa2HFFmK4k0HxTz3/Lr0CAwEAAQJBAJF5xO2ONajX3GK2+B8W
-VVO+BYNK71DfranJCX46BxXI/Ra7wOSY0UWZYHVsZGWJxx41os0UBTg5FRq4DwWW
-AQECIQDo69eo39iQqjwhpAQxatMh2CWYT7gokyu56V+5o2V3fQIhAOX2b+tQxDsB
-w0J9UDN6CdwI5XbzveoP5fHTPS9j4rhBAiEA3c+y6Zx6dZHYf8TdRV5QwDtB2iGY
-4/L7Qimvwm6Lc1UCIQDDXWrVsocTTjsReJ6zLOHFcjVnqklU2W7T1E8tvKE3QQIh
-AMRpCFM7MrS2axuc8/HzGkqW/3AlIBqdZbilj5zHd2R0
+MIIBOwIBAAJBAMjKXU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB
+3vGQ4n/U47F7yXVTIpDJ0Zxv2hm/0LfudBcCAwEAAQJAJDnee8YCQVqxm2W8jvBB
+RmjEfvG6s7QFjh2T9AK9T4mPsva55HuPnRee1WgkIVFLCB2wy+xeKqYUatT/Lcy1
+AQIhAO4vmcbILievlsnHew3SZcs+mjJTMlgt0/0yUz03w+FJAiEA187GrlzN0yFB
+5HnYap/rzz6AR6zaHSJOSU/WXLTpCl8CIDkzj0+w5Xy8a48b7A5+t9meuDNbzZxl
+rSKCgoESMmWZAiEAsPzQTOenlePMmoijSK7nQgxMQHwuVX5xHgbwEw/7n5kCIQDp
+i1Gb2CDHu79/fL6kcQ9DEfGMT9i9lQ+bNiggYoL4uw==
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
index 8961bd9a59..79a46ae2d6 100644
--- a/ssl/test/axTLS.key_aes128.pem
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -1,12 +1,12 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,B3A0D2BCEF4DE916D0BBA30A6885251B
+DEK-Info: AES-128-CBC,ECA1836F07770828A77072CB8E75B461
 
-v8y74AGReaPLmDt6O8wir6hX1Ze8K4fVNkrLqfDMdW5E7jBXKO8riCMNmSjQ9fyh
-eTicej93+8krcIvSXKW18TdO+EWezQevgnLrAZQWaNPH2j4B+K5gm701uiiKFKVa
-1zngAOByePYlN6z4JLbiCyJRhxSo5zCaUYkKC2eGh8mlE64QmokPSCAj0wcCDzGh
-hdhBg1vm0GmaQwIDVn+8zMfahscXVMtBmyQf5YP4PQW2nqOt7aZHjBNdg9qnBpGw
-b6YuY7eZ4FgQvYcsNCi34NroJb9pkTrrF2F9Meb6+3So7jtMFG/YaJdCuXtf01g/
-Qm+XA5pJUtIUr/hLQjhkaOVUtXv/k0o/MR4k5CbAmboLt6YHf5V8+01vk0bvv5dI
-70pVdXMmx26xDZOGmjYzd93PWc+75jak3GN2fbWryQs=
+IEKSJV5xp91M43nqeO3tWV42uXhRuQq1QYlwHNTJoJ+P/+Pw2g6DODFU2xcWoM89
+/QHcZIjC+Er4GM/IcRWI307XWexpxd3SSsvDd1D08HU6DyPts7Yb9zy0bwzDfS1g
+wDhifACXUEYnpiTCAbO8Pni+4TMV4tQ25Iugis8IfUiBtqfsEAo/tOHbTIRTWUNN
+yh7LS+7TKU0GuvEUP6uoxn0i1tDXtP9vaqgkO+DNFgi8A/Pm98qdTvLtp8mNHlJx
+kX+U3+9yxm+HlwtjhU2DgHxBXq8eAtBW3rZj/pM7bFubSNeqbsD086hlxvom7ISa
+Rpm7QhoPcrbFYy3rjs2JyQBoRvIAPXX2tYCuKh+Iylq5KztPspGIXXd3Sxv4g1tB
+bQRVfmSwLNKo8rEP5vWa/DCVZl1GJoJTIR7vmQvGGkc=
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
index 7671a302fb..940db84f44 100644
--- a/ssl/test/axTLS.key_aes256.pem
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -1,12 +1,12 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,F076229CDC2BCB3B8722E3865855B45C
+DEK-Info: AES-256-CBC,22B407B6BE071AC8FEADA8834A3C0FBB
 
-WFV9QWzr4tNmD+1OeQ7BceQg5LVQHp20Jo1Ax29lq8JTPzeObhtaU2MUHlcPKHUS
-vK4FyQxJ25CyMubbnaZqCCz9pNbseFuJ1tob9UqRmXkZ8HV3snRjJRbcctD+V9x+
-Ymi1GreXoDQtMp0FtMiFjPvIYciBQnaRv2ChMAnGXNbZXCxWWA9E5S3a+yWzo+gd
-wEcowL+SUac1PEDGHokhKn7nctvI9cC4hE6JmKM1sD68/U3rRPXMGqmC7umqyT5P
-gjWBb1uu0iRjFC9eQUsaKPxey5Be710GFlyf/Ff/tep7RhkryIWEPvIzYCBf6rhk
-3pysFgTjfiUuBYUNumjXr/q5hgdtb75788XUDxKwAoUx+m8gi0nJg35CN2nmQ054
-VJxcZlNv0wqnJ+GTTZeN6fiAhTpVtHsqHQomRSfaBiw=
+a9LRlNUJ0oatOOxS4eMMNd3mJLre6llYU8JXnJVFyuNzmh99sgdAFao2xDOoszYj
+ZcBUDD5OcZxDIVRNnbsCC7iDXsOdIrBseDmC/qiRouNZ8i2a6Dh7IMTrpToPxNQ6
+rfDC1pEf2yUtbK8fefzIKzkXz84igCGrqLCIz1aqW+xjOOoTfXXIZj/LoYueLzag
+i8/nasxFQqDFEFskH38dEOMTwiKs1xZh6cUA0sQo8l4IYiwjAsAqPMiNiOdBA6sD
+9322LCQwPqqU7ZelTXl8NCWvxX5S5yxV7KYmEV7VeSiPj4/ZlI8t13TTw+2Lu5j0
+35Rh18I5iUPsDUV8VaU3df81wQHnWamKFGUAY2imS8X7z1uUiUiycuJipZNSoAHx
+3QvISza1zXCqbzs8lI8JQqja+Onope0CeeCBKBo9fuUirI8NsG6EPrnp5IxACPXl
 -----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
index 9d27999fa053e524fa4ca893c2d13ce9ed49bb7c..a81c31348c5af16aa5c1d637e828267ce2458a9b 100644
GIT binary patch
delta 1327
zcmV+~1<?A-3(E_TU4M#_``qGjc!~l72mpYB0yCa`LY}na&`O$Wq}bHi;S%XcA7gT)
zDywlqm!NxN>3KQ@IG6CQn}Edc>K{XEvhivIL1TQ!Rl}jJPYn87ud(l*H&hD{$)nK=
zJw`1mD|#+`N-4d}z2%?df@aUrYVA5Qjbdz=N-+~5ggru>lYdT!P|nRRJR8`me9`<@
z%9n<QQVx?ZP_Zs*E4pXIu=5_OVKxKsRLw#7PF8~#uYAs0elT8-NqY>x$q$p|xoIeu
z5h*H-f9&#23Fj`+yz+M{iA%1yHd;W~@f|P^XWaLx=s5mW$MKK!f|a@pDzAvmb2{df
z8s_T)St6%cIe)|2l541>IeOe2WxkACs4f1_78ZoAGr<myNixC&kCk(Yp}ADE#($|H
zHzb%xv(XV#=#bl#J!BRObCvLEX}qp8w(6fo1X#AZIa~%J<O&R{7>38l&H4(fo}I?j
zk$xIvV;Y0#5FG@;`A^i&NHGjO^AYPkHsGtu_>86bKz|#gADJg2FiTG7BIcx!Cx5VJ
zhe*|Wgyi-k1O!iQKg_knq(r0Sfyh*19Rc1xM3h`i1{ebbhkw(b<*yUhM-X8YF0WZ3
z`+MnV=e>Y-dB!iTS0Jw?{o32gb<^wOkxrJgJIaGn6q$$#Gq=#1n^X}#wtxs9tk!Lt
zQ-RLoc1OUz>cli9Ep9=o*hG~;;*h_w!ez%davPz8{=ilkZwxyE!C3_cHKvgI1|I=_
z-87Rjb3i;K(2Kt>5jN}59+!4zWv`qFG?SnLMt_37UQj9ha*F~22ml0v0(;*!g%}=j
zUDm>}I3f?}j%ayDL<MHG&-A!|#^iK;$BUFR{eBPnL0e8C%N0tZg)CYx%pPKNU=)jt
zCG?n!2XPNO7ylbTZj2eNC?07`dt>}05OKrl2RFpi-|?#iZO>q1iOe+S8s1}_OvsRP
zvVSa**{E%V6!q=>$YI;NAt-7-)Dnc>6R@j2`~!^2tRmIevxE538en}iH{j&0&?!t2
zQ&IM|^}TX6<9-I*B{@;ttCHKRq)3BSb0oMNAo4#w@fPsPOZ5ecQRJ|D`3;D^A!;zo
zLXdY!9FCXhf5SYkDDt9v#!fQl=66PEEq^iyO0LY(mm**94^tL7rW&NzED+@ZL4m8B
z?QdEA3>A%2<cX<c?lE(W&ji5trzu9=EDE4(b)!c|opzX>xBmEPQTW>$Dz_gR({j&Q
zGi=%Cc85-}avWO1Q-p&W^<*<Jx9tlaKAxP?x?g4D+kZ=)3buO{{_U$3zrKhCPJg8l
z{Rll;48k5>ZzQ|<UU`~>jsKYiVu@pC)7@m^hyS>#NP6edr%ZITl~g0M4t<4!0L;*r
z-El+hQ1NqauB75a?k6Ope9XAps-=$m$n!)?dw))<1o{muE97Q#^QLwrUfWAmS?~lj
zqDCeGSCAG~O14sfI_<BvFbxw=JAZ$ku5*@3ydPU7w<3d{@=)?_F^`vS+<lbkYfr6@
z%EjeOq?#<smZ%2V+X-i6P+s1%iIL$FAOE=U^yTX`y`cU$r{po@cbDJArUjXeoikbx
zG5v4>>>)p8sU!@7to?kh;$0@TSXtP5Y7-E~Vo%Z@h%Ly6L4y{-FzE2Q-4M)NHTk%Q
zz8+of-@mDt>M4_P1rta4WDB>6m0@eK7;$X~AJ+O_p+0~xF)$%82?hl#4g&%j1povT
lKUA~Jy=Qn3gqYvQpB2qe7zr5#1PFy9$+0Bsq^be}2mt;ieue-5

delta 1327
zcmV+~1<?A-3(E_TU4KK{?&ma-o+|<Z2mpYB0y9O(<MCN6SyZBqL4Oe!dm!f4#BK3W
z^Yj*vbTa(HRpi~9NdzdL@Cszv)O=~H_kWYQycAY2iZ4k!g{|9aEmN{-h(ssq-zqa)
zXK_*!AG7-upC~*JVSJgo5Yt?^Mh<`m0ru9}z$atmO)lZ_sDFzLq^2PEn?|WUky|H9
z(}zQDp!DjG3^?1xgdC;YUJ6m$AXd|B&rB@M%cIiYslZqP1qsFiQ>q<@K8-llhZX<0
zkiP-CZedr!O}^OGn;BmG?`TDOv=3KX$)0mXUZ})Xg1Y7#c6H%D@k}QyRdSRF1ko?=
zw#Lsj`DwZ18Gm}*N<Ts+v&Pu<+Si|s0D`G_L2vRmUukN{Tdn?)F#%S*K4C&wMK41&
zH=lL#Y7uLM9)~l#sCpYXvn+U}=2A4hR>M~RgJVg{PBcosWt)vumqQc7T`4Du*rF(^
zlB*Kl_o(A0yMvfV{A@)vK904H@MDSy&}OG%^+OWvW`96)Ed2jkZqa3P-Ad2E=zGxJ
z|JJ1!a5(^aa^?|OQ%YnGU;ar;r&DQ5ngKg!B@B{UhnwV9TGzg!bVR`opj^7v3&)5;
zG1YnlvTq~fpdG^sZ4A6T3{bZSCNE>h*<D1VPn^FQ)bc^D2uw{cX3V>7maR-moN57Q
zqiy~v<ws2Q2UWU9=0F$%;|PhM<}%UALr{NrW;Ou02YCR2WE=yAhr!<X_39Z>SoL)u
z<iGoSn?UqSXtm{cnjh_X#~w;eaQx;m$&;W0Mt=(OV_StYW<3G|2ml0v0(<F>hG~Ol
z#wKc>#g+Iqr_;+qzEWUN$q*Usx8ds`kH(5)cJQ0gM)BDi@5p`Mv3)0S1zC39{V7yv
zI4rA6;YZT@L(;EN3Lc|*@_u?^1baS!Eg~`hglR6w3@X4e%obHwtZ2Fr<RhB~-Bd*I
znSTSDAtNbdGjvzIm;<AwUc)zT3|j=TP7hq?s%ofR&V`U^9Kn}&fI*VF^Zk5qo7Sji
zfKhLF^7vwucQ(>z6&_lh$30TKf>;la_In~m%k_-&Hajyub^k`0Oy8X_a^0fqSF}g~
z<81YW&jC(FL8mB@`06D(_<@;6RqF*kfPXv<l8t-Zz1Jt7i@cxKC!@J=02hLW=sd_n
zt+}zX#$|(5GuJ(%=l@bW6qs%5oxhB8z6o4+iI3p4$UcT|DGZLM%b(&<5(X1(sU`}9
z$X{G3Pg=H*Q{Ttz^0q~MKyb1*xezBrsWUV&RsFwi<SI;2%`td>&ilSWTl{M}8Gjq~
zwr}<IkpLBK_s4pqvvx3@Trx+wAskp;(>%in!Mhz%b{<RprY4w*LwwXfTTcdDbHIo^
z%UzfcN~N%BD>%(zWmiX!7X-G<%c)&ctH;w)`m%Z=hc00%uX$hsAkf~9!&4`fEr0r~
z(pTDre=sEtfIM)LjsqXQj8gUO|9_Tnmd(44NKwJBHl{N0Sg}C}klKlw?Tt5mkmdN5
zD}>|BDPR--WtjIR(u~B~KeY9CBqwunbfXF;I|}w7FyU`#7N$7N3;LGze(0K@?h~*P
zs1V^f`(`oWIaWs{G7UNHO)B9>Mgp}gm~+d{BZDFAzdk`<`3Yt;iJ?V3-VpoEw5gaa
zf2Om@GYd($am$l&1rtXxwu|ApG;ID@f`chs320&mjjA{>F)$%82?hl#4g&%j1povT
lL75EQR*O1__}Y%Km|+mWIzn~41PCh;SJ5PVg<t{#2mrT<bhH2f

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
index d04694b1fdfe85f10841cadc6681a121a4c3c7eb..8198f78c48b35df3a5b656bcbf206e2f2654c791 100644
GIT binary patch
literal 345
zcmV-f0jB;if&o<m0RS)!1_>&LNQU<f0RaI800e>oKQMv;I|2a!0zm-C%3V&owzxU!
zPRoRDZ{>JwQ94x=j#)aF8n^oL-DqtkE~?&H!QSzZ;(yfRv3tpNQzDSb(VTDE8NblC
z?sOLd0|5X50zf1=-h0LZL0Yk!WxS5?K}KlAe(}1qv;~eGlk@_;Pl=DR_POMHkDV8u
z)o3IkQA-FNu*>XTDy9@_)c-BawE+Sl0PZiD#>g%wua?QjdkxZM%RZViQ!-dB)BQ42
zJvYPQNdh4N*UrYST+P!VLF9SZYM<-RK7dE8+8rWJNl(^XwCM_80w6gvk591We7tLq
z8|)5#x7nV!Gh5A^WvwEDf`Jk;WtjpY0I>YfOy{SS<II|fqe!mjLJUkmd@fafaUKTn
r6A$~JnF1jI>5EaD*dWKdzkhtbq;U^J5%G*q*u9kxn>HvQVuJX)!WW#1

literal 347
zcmV-h0i^ygf&o_o0RS)!1_>&LNQU<f0RaI800e>oK`?>=Jpus$0zm-LJ1}3V0YW{7
zZF0UqZc)KWe^+&(EjH!BJr5un(Iaj8bkaT}uyFjKYToQYh=l%B6>DL|7Gk)QLGe#L
z|1P}(0|5X50zm+gdBp9GHK^CzVz&4n7FAQe1%pcOP~WYo$q9Zs2NlTu7Q4XYn9)U<
zV0CO{Wr@cgHKNTF1vohs8n_PymH`0*Apq#>*Qnpvkg7Z(qy#Z)(;?U;m`}JUlPkID
zU%8`YcYOjO0Oj^?>rliy0mDLlP&0Z7+z91%^S$a1<?+)!FJt1kK>{HF-OsY=oO*SU
z*nh;`MP5+AJ3-nZnB(&MLMgApZi{nO0wDmyU24^`hZ9aa5qO@nEaAm+HD{_xRM~FR
t)K4wEp*KMSAppc_2va*Uw6<#-ob&PX8cLS`a3vrbon^SCkDSMMWONLcmL~uJ

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
index e07375a848..6bedafaf43 100644
--- a/ssl/test/axTLS.unencrypted_pem.p8
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -1,10 +1,10 @@
 -----BEGIN PRIVATE KEY-----
-MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEA0TswX6kBQj2GbXK+
-QG5RwUl/V3WhLTblwT0PIBrRI236dNI+I7Bw/KBq3uxBiIT+VBVrYcUWYriTQfFP
-Pf8uvQIDAQABAkEAkXnE7Y41qNfcYrb4HxZVU74Fg0rvUN+tqckJfjoHFcj9FrvA
-5JjRRZlgdWxkZYnHHjWizRQFODkVGrgPBZYBAQIhAOjr16jf2JCqPCGkBDFq0yHY
-JZhPuCiTK7npX7mjZXd9AiEA5fZv61DEOwHDQn1QM3oJ3AjldvO96g/l8dM9L2Pi
-uEECIQDdz7LpnHp1kdh/xN1FXlDAO0HaIZjj8vtCKa/CbotzVQIhAMNdatWyhxNO
-OxF4nrMs4cVyNWeqSVTZbtPUTy28oTdBAiEAxGkIUzsytLZrG5zz8fMaSpb/cCUg
-Gp1luKWPnMd3ZHQ=
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyMpdTru2uDnqTsuE
+bm/leGxROlUUjlk6lxq3+vLdaG0lLqreWcHe8ZDif9TjsXvJdVMikMnRnG/aGb/Q
+t+50FwIDAQABAkAkOd57xgJBWrGbZbyO8EFGaMR+8bqztAWOHZP0Ar1PiY+y9rnk
+e4+dF57VaCQhUUsIHbDL7F4qphRq1P8tzLUBAiEA7i+ZxsguJ6+Wycd7DdJlyz6a
+MlMyWC3T/TJTPTfD4UkCIQDXzsauXM3TIUHkedhqn+vPPoBHrNodIk5JT9ZctOkK
+XwIgOTOPT7DlfLxrjxvsDn632Z64M1vNnGWtIoKCgRIyZZkCIQCw/NBM56eV48ya
+iKNIrudCDExAfC5VfnEeBvATD/ufmQIhAOmLUZvYIMe7v398vqRxD0MR8YxP2L2V
+D5s2KCBigvi7
 -----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
index ae029dee0fd45e90460d0eacd15f9be1882756ea..fb236c1271b37abe72a3d7e5c3de55aff64a706e 100644
GIT binary patch
delta 1901
zcmV-z2a@=y5UCK5U4O`L3jY~zNfH7A2mpYB1Zw73<2doRO_X^F)YU@fV0&9=vf_Ch
ztzm0R>pFg&`l=BK2nd->NB$~BoUue8PAVYQgn4Vp;yifNrk|9>8&a|=eY2{~<2QDn
z3#{_+&Jnf(s~Zj#+KI4(w>MEbJ1MzC^d9tPMC#>{y6nVp)_?m+-}YdgnTQrP?0qmV
z+L1zHnsbNI$`s@7m3B+dDT!np&ihEsESn?@wi7ulN9c1kPW50deiXykD?Bgm)D6+|
zX{~iU@Q-6|6ZCU`X>@^+P{isAjWPG5(eCdEA`I)#V4idk5KPal46&S~szkx`fctPw
z#s4CL>c*;{iGP&vTmlmEa3BCwNi5Z5k0)sVwef}GF0z`Q+R9HDkaz(=-fAIO-kL?x
zC*Oq0g;DS*HgDm|LFqi!n9@$**KW{0cC^ZVFtf>3?MrEJGWB2U^k@!9*3E#v_r5W3
zi#eP0o(Z@**_9mgXK6t=XCchGh3~jy<m7uT+Ovi_Jb#K#FE=oM_EXf7>DC7e0{jtV
z#Pi>D3rB&^=%A_{CeX}tJIuR2*Navu61-}La&<q`UkO0tbZ~)UX%B$1NB)zloi+(L
z<)fm|&Vpad0}rr#!SZ(?TEDm`^6!X~52>}tKxSX8d27uxiU?8cqEd<Ju<mS2Rv6i+
z_3HkeK7W<(t|Aa)ul#=c=>l|zla<!eB}3?9_?+8vu_6$)!GQGQ2kEAZen?C#S)uAu
zQ6T#@oXsd^f1Op*8RC?Pub{e7)20_K3NHapKG-HNQmA4EcHBSVyMuw=OsODM$ud|g
zZuQnb=6w1lyV9SfvG<C5prEDWwt~A-lAO$|8GlJD%dyIwiNzPOzifI5eGA4RAKU39
z<P`YD=ItV>#+tef&~?qQh1ek8V$;85#Qm2lWeqLRYH-0d=$#&OI>qt2hrlY2g6^2d
zY_<f=YByuqq+Xn)!AC0U;XNANrvv&@ZC{Ql33if9Z>fN@`*&U()*y{nvOU!&D>5<l
z1%Gk2vf9J-Tx)^$k;Us7wnI_hnIz34emXI?K<x(ygs}y>WT0eSITST0o*8ixfw?|0
zsc-ob8M^C3R+1Ep2M+IV?=yuQJKw*fL;$tkb*AAOZ@R6afyUL<B!iHwh}oWi9Y7;m
zx%wV1n9aKKLRYP68X@w1s{qeF``gwkn16s~P$cXq2G&<qb(h7@a6mtPQsll@!0mPN
zTB!F)Pz8Uw_eFib9eip+%+HF<rIqeOJ-1*Uhb@%{2r?xY`j{(j7(dPK1PphT3RiQ)
z(V-TFR(s6e|3h(*4r!hyXhM9TfF^yF)C$P8NbYDyyPo()T=Y>?+146}fJ)L3HGfuv
z7?6Xf(!-MvXbXJv_8j)I)`xp#)Ox|Z7LhKrGypN;{Zo=AF=&@h-Fd1ZwvfV3L6$X}
zpYSULJQ<&u=TcFMwaG_x7%NlM3t&RK!i2y#C@oJuct04j)KL%1=J+o?a}h8>r?jH~
zSU_9nmZZ{LWE?QkH^gC~(8Wy9Py;G<{FB!NMt@L(Ru{~<K->ZX2ml0v0(&1HX3WX&
z$NXkS(OU>3v8zfjrWFLsg}DX)<u%en_Wqxlr<um0a^-E0o7{&=6PO(gw#akSIYC=8
zztu{_aX>HJ>UxctUvaAUC{>?YirBM{!t2;SZ=4iX>GWnc?~9rbt?Rh#Tr=dwyIq@W
zEq^AnzyLrkljAF<F^r(Cyz9Z&56I6x4f0~e)oI1?qUuj(`!!1B6CmwETyyN4RJ;Rv
z&0ZMrVE+=N%Z7C~J4V1<HHbMFqFMtLhD-bn_sfaDcT|BrJ@Zz(1jcpG?3JCpr(T#i
z7^bo$U^2vlFRJ%Sf@LW7PvV63PsGX+Wq;u-N822|Gj8M)z?xGsEguHx45RqMO31bC
zd&^iHAz{%r4En8bNp>uaT$&58=EcF_NiwG=nBvE?^(o4*rnE5tW277iP;CFx_BR1d
zv}rN3NnVH$*WDrb*e_XHrq6dHF!2)YqoNN;<w7KF`q|D@mDTjLkb{!hTml!nuYaDA
zMnj(1sbxGA>;_VfM`0}cgnKu)dh`ktb-gfBH-dsoE(Qm8&<}Xp!C<t^KaThBn4qiY
z3_v?+X#iOc>^i7JCx2{at7U4?``==mPbj^ob4Qc5RMzqbi0a5hl>x|af1p>cS&T%(
z;?6G~oRczfa;LVX^QP}@h|S$A7k>(i;SmF~?u`fqFQ5%Dp$|5l6~mr__;+C-QHw=B
zZ^Tl)8(to<?aLQxUH#cB!f+|FrJB;!xc2e<xygtUP(C4X<cW3B`dx8+uA8>wWkxfA
zFd!$VT=kJ2&7|q`0?;IY?0mSE$CztJ#&22Bppfb&QEVGXMqD)#H7?79YBwd4?Q4V8
zI!X1Pixzx4d;2j=Fe3&DDuzgg_YDCF6)_eB6!~New~3WuYq1z{Z3rLM`d*<vfRoP$
nI3fk!tbCz`^ewvGV&AX#6=$wiETaSncv(;N@ViIy0s;sCX$Z0!

delta 1901
zcmV-z2a@=y5UCK5U4I8HDf*RtxS9e22mpYB1Zr*2l>L_#ct_xo(Flj7J6%}9g~1cC
z(b{wOWey{+fuMV(xKGAV=!pZ+-@^y-k9t$xMmfRJ;${RY=mgxUf_j7SshF?u0b@)4
zu>4Fa-mPQlf0iQbQ-N)3L~;jeByi~vJP9h&xjNqpjLDj^+kb$|QDM~6kO^x`J=n^}
zv)ZYRqaZ~&^cp|GB|La$)Y3b?OYp@QA57%LVsJB8|E$S79IJ=LoT_Z~XN>X-iW>}`
zJznpT1TrSdOiaa3{mVv9*nn_?K0DkEh}Es(kz~<>LmmIm{)w3LkF=zBg$1Do*>+#x
zRb(7R4wma)jelK@^!he)EXN(!hcVP)1b&<E4{cyq3f~5$*iVp#qrTgcb~@=LP*tuy
zCzD|H@a1Lco8t>Ii75;EeNPV_E(nh8atkVC-r^erCWUdoyr>Rj-I%$HAg(!Iyh5hl
zOJ$>{x)lR^1-2=ChvGjlO15Gs(z^z{!?a`@$$S_!xqlc<a}aHA0{aOm*Adc4o$<DC
z%xhH-WflQy!=<g(f{?^`KZ|;`O(hSRjJAep<&1sWR;smCIf@F|NpHiZpL3}a(N6A!
zx^fP0RQ(;EVp|MG^2PCo7zfy?jGH0-XA^y@d@UE&8$_HoK@efyS9Xw{_xkcR-gsI*
zI$dm2F@K4xma6U)OfOL`ubyadU}oLtc6z7g<YmuG0(^$YSiZQ4Ewe~AgiPtqbjVyh
zwT=11frW5}wCbfq{(>>GV3i*%_IF0*^m~&$))J@(B^&NmJW}->h<mrJ&X<X?f?JK5
ze8@QA=}}>zshEZm!O6<i`?``E0DyNqO5Jy5oqs`vl6Fd!weK~rpg`V8Mjc1v9=Z#L
z&ilm?b;1MurhjBa^h~m=0rDmY-fb2qrv{><nyy54yOd%-1+kIPPeEsUU2(2~ri>8f
z#rd*xi_}{ybmvuDlk?}p#w;!P_FLZMON1TVs#7{*fjpK<GcC-|$*fWKwL|1CQ+ap+
zaDQa{N!L9faF^gm7I}?JtX}{FJwZp)@f3QiVEbB~O<rSr2NxF&U*hy>X1Wkgrnqdu
z8&l?Bt^)mszFOX|q5&%J3gDz<w=El@H2ykpukX252`=F(kH;kGO@yx>JZPC&@*U|D
zI1QWTIjrjd|EQv3i(s#O!tUX+u{WLEkAKd<$ppO**M6ZTwn2Nz+~vNPa2H!^ygZlL
z9fb$pQ23rKet7Jhk}@qzfU;XqcfYM%J?;pO((&k@G74iQFJ!j#1eDQZUsf=py3NK&
zul#eRN1!$lmfPO$xw6Pr>wOsR^gJ|BiKQiOTA&Sp;lm^NH(LZVd9-DNUW!2z3V-8V
zxiDroRo^cH&4<^?sy@;7?>!4PDCr4ejUdKCZus{r&P+8%x_Lo2?J&KbfJp{*pc95v
zPsECFgB<s3efbml40N@h)!8DxNx!U190Fb7qvh*BR=&pikZ7loI_ak)<oqeuqx7A-
zdvq&*sq*opr;6A(p*sK-pWP{Ta|5YLZ<E&qMt_L5K;vnh{jLH62ml0v0()oLQZ>9)
zm?-nu)IQW=LPG_r^^ee)l<MC;n!3-|xr-ev+?_34N{>rdaFW!sv8i7d9D>-&k)XdU
z4p4lZQT^f>6e|hy*~O)}*12x_WjMgE_R}xH%S_8*+yHWrC00CN+4%QWzx+4!^6Si`
z=YL3wyY^0&fh>8WGcqm{^L@(}chAo@OiEHiXNF(xw2qI-ts%swx#p<{Fxt_?ky|zK
z;qAyb<#7r*7vp)(3DI>r9U;7+b#ZQ{9{>Aa?qgnXak=7FT2)$@u&E({JgS%Ww%}ph
zsyyujWa{;l53K&_>JSMOqc*1nU7#JhWPef5u^Z|{E=ynmOn<fQfSX*)=;`MJkqoG>
z7?;XJk^_I(fAA<!d|`y_a%Z5k8!ygT)h?xc=r83nO_q9nZ^);#|AyA3A2be<HkOwm
z)cZqzb9hOY7l@$4`}xHN-&ThyrS9}M?5VTM4r}Jq9OsQ$i;YZR=<u}#Q`xEc7k}xO
zkXm3b_wbT0LAA-XFmEhk58~n^neZ2MwDQJSAn19sKt-f80FUDG&39WrRe9+V=e1Jl
zsHZ1`H`U52yFRs;cV|UD3j`tECQ3c0{dGud1p=EteulKx1W)LDpJp|<$p<r#mwEg9
zjt-Vo{-KPfcW5ETswFIPY*%Va_kaGZ@{Z?vgUh)^u+{(J*~5_4Ep^Pv8DE165>F@+
zk_Bau7${AOC3fjQfXO>N-p!&162L@Uk1F+*c*h-c2$zUSdyWL}(`<C^Q};3i2Srnd
zL?!jdg(;x-1Tc*OQi*~8qG#zad;7EM#if&{UEjX%j7{+X>K9nD)_AIFAUBGWq)-XW
z4ViHtaP;Ybka;moFe3&DDuzgg_YDCF6)_eB6fw4o;kh(y{#b&8DO?F?Vh4??IFru@
nI3hBvLgVrQOL~*GhrmgY>TCbUpmqcZYikasmiDeQ0s;sCTK}~n

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
index c4eb54c444ca361efa2c3b4e4d5082607b2bb693..a297afe7a79d1576765ca846247bbc9045268950 100644
GIT binary patch
delta 1385
zcmV-v1(y1y45bW^U4O@@#T9Ga6Y>HA2mpYB0$|k@Srn|v*0P^bMq8vzL9kPx5Qfc_
za6Xw;<h03br4}|q350xr>gl#wkxGX|$*FOW#<|YceSytlfmI4PWZXM(&bE0w{bC$v
zkO<5c+wIkX#poHdW`(Td5(E9Rh^Of>ds@bu4VFWe<523c5`RMGV?r`0vSG+YsgZ@g
z1hUQ#Am(llo~?LM!KJpd*o797bMJXelFs4KrNVNNMn|)O5KAE%t7F^JgPUb(6JzOJ
z>X9wt?=MIPi|S>*yGuGhMI4d1;-J*<kR6U9yztD^$I0WVHgiZM17CZ4tUB;0_tYk@
zZAt4N70^teUw;uBYY9Ei0F?8c+oOAf5>_E@dK&A>EB&F1#UmLVzAcA3^9=iYZ;La1
zE39UNgrCwF)(K6)hi$jiyWW9p2bFkVXQ^`HdOii*iDERED0jxAU)p`{Ki_y-UTgBO
z4`0RCW6s1f^;9@`YbgDRKQJZ1p$R_yX8lvBV7z5->3>T1#-`3WP5#^gJvHm6FR#9#
z_`UY3Sj@S*HaI<Te0aXiY(H?Y9diSjMmb^$S;Z#<fHuVC##+<Zrs{k{_M6J~#@`Dl
zbYV!-vHe#E-Dx(H^({1!Zc3Fn|J`(p(#Q%%A1P6y^jXm;+GD=To#emlhiTNC|M97%
zV2l3|R)4RQ&&s;Yi(sOV%7ySXcW3T8l*wJEOJ|7M51UhO>|vYEv&(ceICDG?f)m^}
z%fCnX#+%sgBC-Z`S^KTDJ<7qk=@xVACR++q>x2c56o#QBx}I2XJ5&!K!mo{kfY<wK
z5j^7-CX1+^poztLsgk-!VGl5Z10e<pDuzgg_mkKHJAY$xLu+iA;!6So2ml0v0(&CG
zhfk;Te8S%G88Ide(ncvZpzix;+CTNCgzO7vSYFjHW>sOEF@W7eBuaMxRiPz>)7w>L
zX#E6Aj*eSzL{%IN4iAY3@o$sqj4K#=D4f>#Kf4Z$Q&V{h<_@b)j4WG%iL*hc*K!V0
z^YoCf^nYbQpnJR9_5=R;nCUYh`_tva7T8-6D#o+Z0kC}u>-|AqD>x6sDS!PXVA?{C
zR2EJ);$dtXUG|MvImPwQf)T`JRU7D+JrO&oog`a8alV2>o1Fh*N2ak-r8zc7NOAKc
zJ)ueW4gc9-0+C7zgz8KxIDq5a`hAq~fa6#;rGKdjyShP#vo^^b9o7+3JGnz*UFzyI
zgu2GKAoYw5*5*IU5LSqam_ddD144^fV)fVoO!ZbYCGKf6tWc)t1&i~m{j7&kUQlRB
zppc(qM)TDP#^9$(ZX~^d=sOkQ(`#_;r&&7q6<Rj$YS1n8mM;TZFcYc|WvKP(U`Cnb
z%ztTbyS#3AxnQN(qmU)V0Ji~!XFI{?S7qufMlSX7;Y)5heDe{;6fayAqUbst<4{Pj
zW3p2^j3QyrI!DcT1FtX&c<+5Bj36k8U8ytj%dmaIs0*^47L{&=jplt?Fl$qT^mupx
zIkN{@<6)w_`Zf)#(Ouk$C$rQHANW+<jDH71`ju|DU-lNS^4zQs|IG<R<=<H{b&Oa{
zit#80&&{W+p$zfk&}iCwtSmD~Rfp{BrQ+Vtkt5T<x31`wdPTH9Kp<#BAB37y0K}LD
zuwyw;NG{T$jkoRry=`KS+P6UUa$czg@PmEwFRP>uW}S!GaJJ5!4Yd8Xjj~V495>N;
zx6o{IE#tN<{9(L77!)y5Fe3&DDuzgg_YDCF6)_eB6!~New~3WuYq1z{Z3rLM`d*<v
rfRn`qJ|dee0s{5WfR665?%}552VB(>+Q9?}9X)Eds_P8G0s;sCB~7YQ

delta 1385
zcmV-v1(y1y45bW^U4N>6#&mVUU%dhX2mpYB0$^mfQ38%E)oJ5rX4WaRWGt%enHLKW
z-RNvtgw%;!0f^^tq~Xxn9qTS<;gqiUXVZ+RRzTxWce<UT49K#b4#?h#L<9NS0PHx|
z`teQMaDd1OEZ_Si0E!Z{Z=n&f6kXz1VG__aWIs*l-jWOHZ-1IFv?D`JV0T4nL$*wX
zCkf^-s7Am&DA(9$X-sdit(G3I2%5C&Y7h4@j10dz;(G^%l0WQIBE;7LROnLt0R$e|
z2HMcE?`k&cpSQg^j>a}8Toq}KBZ{3)!(VmYE!#<zP|$3CVZAZM@|F2=O!bgd@n_|3
z>2#_vsA#qRpMNu*9L<G!WP~vLYL*Jr-m6z>VBr*q)LJn42TONazwR;3{LNn$B4T&{
zp>z0lg>uVb3Ast;bHo6=;B8FL=`ji!So!+0KI7|ufJ)Q2CZ`!)h!TgC*jZoS)Nzyq
z^<*4jT||Bjg#(kr?~p;%3XQfhlhime2)M;cnypjPD}N1n!GqR(H4g9Q?n;|(l0DUv
zLF+Zp((P7r!cjPp2Xf9`+~$B<MsJT#sBe)tFN+cuu?G`(0o|*M`BKjo!oS7s%o7O?
z5KKUW6nBfcnr1KL6z=?(FWk=E2*tjI6V{EwJcqY$09<ArIt`d)m5`%}bC$P*FNYe4
ziQ9`w_J0l$<CYsBQI%(QsMeT5o9yn78Pu9JDMBYBZvAaw0C4F{H{GtmSW8t%02w!Q
zv@D)a?0kD&N1T?OQUx#JQ)$Glalpm(Q*?hOAxd*OY!t88#`6B%ob1}A!~U%pDwRA}
za2|JnSSZT4Q>h8REoo~iX`wKJ10e<pDuzgg_mkKHJAW@MNC+oRY!d<k2ml0v0(;ZQ
zSjZvvft}6QenYK3l<6*L0g<<iqqg|Xd^VQcN=5xmN|Ms;E{*K~zy^Okx6&P>%bfl@
zj4fjDg$q|@95_UlfUaZ0iHtISa8b!#Nw6RymUW=|kP8rj*a|J2mOwWc<H4>$u*0)S
z8u9!c34fdcIU4f|H!sxJQR}}MnJkI}SXDYkIN8G+2o|t#nmCBfG@K4KNT8uQV(Z3s
z*$&DzJ_u32=s)R8dF{&C)?D~J)IS1S%oYzE_z;}zh-G<gugW5(&bW%ElDP;%^xZvU
zf+qzg_C70@Ve=qILUXxVGy-KqyS|WXw^}J@;(w+&&u{i=<4?Cl?JU`ISW8fJY@Zqi
zO@oCo5<Q!Z7NTAR$6DxJ3bY)$6ZUSVdW)Q6FvVylKv1t5`VuQ<UmUCC1C5$fy|nuT
zkD#<$<sAT5hnJ6~`xA-$Jn%eJ&I*CrZ7S-e+lV`Aeu|R}G&oOt|H0%>NAEW|nh0j<
zZGR|w0|MO5+I!0B_g~HiwP0$e)@e*VHxVTa*(rh3?q#HK7|o9wQTOLcIL4gF6u&Ee
zWaLR1F)K7sC5<cmM#SAUUEuU?%-jh%I0((6J6O!oA^H!3zdtNle2&$|uioQs&PDBc
zJpIiAO*@8Eyhi)Q>aCBLol8_^@>vzqe1EAHpS#F4X5i9|Z#$g$hA-omRpO+W3{Y;&
zGxHn#EUXQZtz!O=E)bsdr_^lDmJpfs*ar>+)BShXY*=b)OFj1xOjc)+ZXJQ^y}RK8
z^!Z|29~XB-%va;wa)O^9Y{J@iz*hm)P5D2(5=G4GBL8&*yT5{WC^Vm|+cvu@e>Wz=
z11xoD$_#>hW8e>Z(M>T@Fe3&DDuzgg_YDCF6)_eB6fw4o;kh(y{#b&8DO?F?Vh4??
rIFrQ%J|bjvzdp4~^@oJ|#aiQ&EM$KU=hXxVZ}elQACIG40s;sC?c<gS

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
index fc92d056429c92b14fdc609505a5528a38ddd3da..602300514e2dd478d78939bce292bbe0afd4e57f 100644
GIT binary patch
delta 341
zcmV-b0jmDn1KR@=FoFTsFoFR<0to=C2pFdW2PgfJ6G<B}FflSRHZn3ZGc!3_7Y#Br
zFgY+YGBPtWGdYoWOn=S&iAcUSxs`U*6EF_Hvh8OIz!pDI37sh~vTZ*;Y%h?2p>f~7
zIK|7Unm`ng3i-DO3*p-53BL_jL55(V!6%Vh3YbP4_M(LNWyj7fmKUm#_+bQ4aO<=~
zx7?b{F##0R&CJ3#ZE1qm#>BqzG^NR=8B;QPh7OT}51~R-s(%3j0|5X5FbxI?Duzgg
z_YDC71qA>Dfq?)(w3M2tiE<qW<+E#uA;LH|o_dT)NN5ZO=-VGo1?Dm1{pJm8*b^7v
zEe*JS%OGs1bEo~|r~2~(V0a%BKt=9#^$`7!Xmr%9t^^5HEZf)z2W4p|Zogh(Kvs*_
nGduroQ+}O4z#2e0tDsO$fJa6R9@|Xu8(lmqRHse)dva#Q>`IJL

delta 341
zcmV-b0jmDn1KR@=FoFTsFoFR<0to=|!-v4s^jE`?6G<B|HZV3YH!(3ZG&3?<7Y#Er
zF)%VSF)=hWGcu8POn=zmzZKr<ujtkN3#h2G*G65ZCTt9~*}TU1z<AL1R%Q4pNDg}o
zrX_ypdwFj-<+Zo;;GB_Q^ak@l9{G_OsV_%EwVNK?_Np97c_Apvs!4O%2?b07@=Q%^
z9Dt`3kwp9wv*G9CPei(m!*n_5OwiO!Bw@5bm5jg&w*omag@2O*0|5X5FbxI?Duzgg
z_YDC71qA>Dfq?)EM<h~xwqtm_fZc~|kW4efT&I@_90^aGZnIiGMv@xGhZR}jh+NKU
z;+Cp1?85DMi{OxElN7_4t1~szeO*xsoVgHKM|zl*WdBTEf*JYh4_=zfGACrpZ&-@Z
nz&7-`V>G4OHX2YiNz%7EAv0S()?W;ngSWExi$ug;b3v&B+=7+M

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
index 81f3eaf1c4..ca0a8bfdef 100644
--- a/ssl/test/axTLS.x509_1024.pem
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIB1zCCAUACCQDxw4fA1PRXwzANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIIB1zCCAUACCQCrCBinAwcn/TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzMzlaFw0yNDA5MDMyMjMzMzlaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA2OC/Fd7qr+jV/QuoqLPXRl2nJmwMtdm8xvjAeND2VmX4KUgOewumJX7oe3lv
-OOW1t/TgnJFg9AbzQB75kRmpL0dDtZse3PaqHEl5ISjLqklz2QkFTALyTE1sHICn
-FJFE/BKz4efjT0S6jMN0OehM0NRMJGG0QJWMwAq3AjkxhZMCAwEAATANBgkqhkiG
-9w0BAQUFAAOBgQALRyRSfbZjeLyA3YdskEwzw1ynlwkcCU+bbrNaPkaSGseHFVnh
-iFzOauKWqjLswu14i+CQZpMUw5irMzXTfV1RCpy5EFhHepiVZP9MXYIZ+eoPXprL
-Midkym9YitDANvS5YzSl2jZQNknStzohM1s+1l8MmYO3sveLRMRec0GpAg==
+gYEAzf2JSL42uZV21BMwDr+y7WcKwBY/UQmdKS+ybT8+bC+QgKFx3744xcupmkAU
+kAr5twcL4drnCb8NV0GGYKHBJ5FbCphGG/aihPhlx84tlheqkfhhBFBw67RDt9ya
+zDEBFNTNzMI3bWmC1sbEvvI0pcmmGVMyeoYOkYIPoUJUqgECAwEAATANBgkqhkiG
+9w0BAQUFAAOBgQBAtJSaqIlyHQfls2uIIcI4Np56jElIaAwG6NsfTgXmMeP95g1r
+2BMX4C0NuH7LIGyoc6f946f68wJgeB8TQEXudfUQ/Y9odNSsrgQJVSzb2AcHZWkn
+br9eYUBWi9czO/9uU36dP8BAOqugUE6AR0YNHttM8RtdPCpUp036e3JmxQ==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1042.cer b/ssl/test/axTLS.x509_1042.cer
new file mode 100644
index 0000000000000000000000000000000000000000..c1e1a6863d8f599f8078004eee1faa876984a844
GIT binary patch
literal 477
zcmXqLV!Ub4#OTDt$*`J3VmULr`ac6+HcqWJkGAi;jEt<T3<f5KMg|6K%%Ln?!kUQ{
zAwIzh0Y&*)smUb@F8L|xl?u+OMJ1VOnaPPIsS1vzB^mienI)A5a^k#(28KpPW=2NF
z#wG?);=D#C29^fKP_BWFp_qXP#8h4sQw@a-1VG}<!kmUi=6VJ|XlT&55ZP6XtPISJ
z{R{?;-As+m%z>?Mjh>z3lisv8BZ7bXiy3h<9gZjOWtrj7$a41b7qeqoFV}uBj<hN{
zP}-KPBe~^g&-Huri(*^$uKB=Xu};fMX2N$D^#vBI{<_^={W@7cBBZA-+$z59_|J`n
zn~Fqx^O}DIU8)Se7cS*^LDa+P?<$YrY#+;roTc_|7n_eix!-X1=R+oDMg~S?2LgkQ
zxv`O<Q6u)!tcPnSw}{CXe&G9{uwkyBR>0zwOs~r)mtJzc!#9`fSk<KRfWLmrn&lSU
zU9fe9Oz)A;t=0b>zDXaS891pgpvJ{joy&Kd%)azfQP+cflf%Q4UI=b(ki8<swMHRg
mUj7B)ZC)WC*~IS7{>R?Rn9shf+&9|tn_bDB5)=C^y3+y3O0vcP

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1042.pem b/ssl/test/axTLS.x509_1042.pem
new file mode 100644
index 0000000000..ff80079a36
--- /dev/null
+++ b/ssl/test/axTLS.x509_1042.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2TCCAUICCQCrCBinAwcn/jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsC
+gYMDUYXtMubODhuyrWhYD7fomF6ZQMdjvQSYQIEEzdP0NsZq6a3wM1k6dMB1hmMs
+GbT5jNfen3JdhL2s8AQ4rio6HJD3RCegOKr9Rt2r62MvWFSMflc6X4bH+bFxsnIV
+jW6D+FLSeVPeVxpB0BVIQv2qSFNrTDlYbKU/RtGDx+TfgM354QIDAQABMA0GCSqG
+SIb3DQEBBQUAA4GBAIEoXdKa4a2ThBYfcfAO8CCwnU4qUKOpAut3k3XSRdwOnQrG
+epJ3UP1OpoMeoN2gtagcjcTzhXv/QPYbx5lRko5QfERFJwpNthy+Z8pa11JNY1dX
+YugRs4Ad1BoKrCBYnm/QE7ZKVPEGFt2b/geFAW8HpndNWzn2PnTcdDQ/tC2X
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
index c0badf7288617f5d618a62e1ad4a1343697a98ca..d92c8f4cf8cab97ab0efc225138b25ef3314bee7 100644
GIT binary patch
delta 470
zcmV;{0V)391m6S`FoFVGFoFTZ0to=C2pFdW2PglL6G<B}FflSRHZn3ZGc+(-7Y#Br
zFgY+YGBPtWG%%5OP=BSMx>zBcJe|1#G@wcOJ_RbFZ{VD8d=Jgtx@?eB;+i!?A(}@Q
z*Q`2?n}5`V8mO0fbZmyV{L$*aX=dJd4Atuip9z6kIr0SPsih$_+7Th;B4R)6a-;X9
zn1Nz7Pc!J{)flTH+fvuvNunx+hQ1DVL!>-R71UDlhr2hw(|?BoguI(|H*v7|=GIie
zu?0#23a}FxQn57NE|HG`%GSe1Y@JEM{+?P<i>Zm_7>!echHJ-^o@f1$iY;SYtM*PJ
zi>)h?d*!9U=F%%`y#B;uL&16#k~Y0tc1xjS9Jm=iDC4@!Tj_LVzu+u>WO|c)XPBf_
zf}$_JUJo)=7JrK^0s{d60Wb{)2`Yw2hW8Bt0R#mA1A&167`qR?XFk5`$56g!eKH~5
zVVqU5sKX~jRT3qASM<d$!KNj7tsHgqy;#{LDnp`WiCClAyYcTwqN}v)bNF*MYMw<E
z^W1}yz}PyPyK8Sw=JhGt!%4T=PNZyyR}k=22-|I-R~zug<OX~KRIU#+;H=Atd1%UK
Ms9};S*;IqRt~c-2wEzGB

delta 470
zcmV;{0V)391m6S`FoFVGFoFTZ0to=|!-v4s^jE}@6G<B|HZV3YH!(3ZG&3?<7Y#Er
zF)%VSF)=hWGcu8PP=CUpzuWrHa0W!PpWcl<*)PO5J@;p8WrE{~x*dS03U<yR#lGo#
zo7jcM!5k0-T)vqRJz6@6@=J~qM6K!Xyub)cb*MX8a(Z(b8iQSQw~<60ES(wq#TO+F
zjKX0p--MZ@6HbvY^ukXjJsEbpq0~t7M;5ponW7KddtPO-34ipaGfIq-0(2*<I@+{M
z1%IXd(F9**b0+8=WCc3!R90Z=+`AS3+BF!K@+u=)cS!#laK$+W*UPbkBh$%E9O&R=
zBhkV~W3pb9<VuK(GMUN@H5A*RR6xg^y^H~c@T)cVq-y`~U}DSScugVtmfbA2%+ls>
z0gAIAV!eeFdw(UZ0s{d60Wb{)2`Yw2hW8Bt0R#mA1A&16JTF#r^sbEj^a5dO-<>$y
zJf=3SFm*cgmC;Nx<f4y36t((-y>}i8(rB0aR&OI#=zqWUXjRU!ZQZ3j7*Qz6y)z?A
z15`Yyf&Q=Yzzt^3#>i&I=Y)b2Q{HAco$(eJ9AH;T;v2?`?wV;&H_pYMq4qVK4+se)
M3^D$%j_+%P=U7A5J^%m!

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
index 1ed0141afb..18c0b45345 100644
--- a/ssl/test/axTLS.x509_2048.pem
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICWzCCAcQCCQDxw4fA1PRXxDANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIICWzCCAcQCCQCrCBinAwcn/zANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzNDBaFw0yNDA5MDMyMjMzNDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMKgv9v6z3AGRLOf3o092S/ENz33Z2tlguOIuh2Apwp2ziHFvul7m9iF
-xsEcEARcvpkRPVo6ifJLjhJErenvvMAIS3WoO1lyenMaGoNddLeRRB0snRn7xRcl
-DYzCYS3fhJmkE06RL/TCTyY9GXa7odRI8kcWuByZog/be15lsgn0pjNKjJICdCer
-Otq0TAV/pfzRBF9lcyboHWQFOu9UVmDp3LsV/9o1GJbyKiNZd0j/GnDFOQbXy7GD
-I9PJTRzo4GQj0cJHY7JelORKiIsymcoMNRTboFRAx5y9jAGF8Ks196Rq/+9gYsvi
-eE0h+pbdLLbM0uZvAYqzIGK9hRR7Ja0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQA8
-L1Zz9K6M/PQCYWrfnTjbPKY2rTB1OvSV0Uwy5KKPQRS1+oK9dx4K0miX+1ZvI1bo
-f7/1aFXOsW3dpTwYUSjJvTMjSwNUPKiB/q/xwA1mzsbIZsbnhIITU95mOJ3xFhgc
-YFdJ4saL7pppTzfOxZ+h9jWbDwgJJAwx/q+O72uE5w==
+AQoCggEBAKWgulghnDyduQE0oEn5PgUqoW/gnHB8D83dumyQU+KaNUQhmkcX16w6
+jZt/1IQaqJd5dGyGt/zR6r9pZt54DNXrCZ8JgVk58gToqaUhNNoRIeUiYj/scqP3
+pZiBYjVPM+jl1RirIttS191JoiqFhr4OdkOkPEwV1FLyh7s3v9OHAoS8m3U3cbD4
+5tZUwLEFSgEKsBMYUrE03i6RjwHK1sNGbJ1Jwv6eWlGLqYnlGI1TgoZrx5SeZ/2R
+ii1jXKv2TiKLrSuSe+WlwebSK2u8/sRiQ8F6FZI2vVt2S6FjHLgZPijjusxb6XRl
+v+AsfmR6k3xnmKRVgqIvvl4PMlUWiy0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAY
+uw++Zz6+68dQvmd9MiHeYZxVsajDJ0RVEiV9V/TFLsGmJXmtHHX0vVjZJSpDomWJ
+WKPZu/HvR6KrtOtz+HM2ap5FFfPcg5LA2Dqau2tvTub1KdvDSbfaTqRsh1cQ8FQI
+222gV/DG5AZ8AlSuDzTgrMuIeWjKZ6hhkirZVIO+rg==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
index 40bbe94fdd8d5fc57dd7463e4e9530b9d661e7c6..03d110d57d7b7c789a2e50fc77fd0f0fd277ca01 100644
GIT binary patch
delta 728
zcmV;}0w?|72Hyq~FoFYHFoFWa0to=C2pFdW2PgoM6G<B}FflSRHZn3ZGc++;7Y#Br
zFgY+YGBPtWG%=BPP=BMC0*1)`!2oMW*xhO2*+5f4va>9K1=I8HROg|p+1F=O{_L~U
zx=TEYHKzFG&Hn4lgGL!ZI!?Abt?Zg0>3z=*y<ePQnFr8v%}SLFAh$Z!H&$AFYaJWM
zLT*E@Sseb)l?ndXFx;CvGMb79U1wU1Bb)6t-DE3x@%FCu@qa(ont1u0EGbB?ZdZSb
z8Mz_`=D{Y>TDHf{l6Nty%m{M|z$?N~GZfa&6?#vD#hY5(3Q9a4T0*tGe(Ft6O;-?^
z5C%F<@^3Rfw--TTl+taOmOr~GdK)(nn7CLdWf(~;M^tEIe?>)9rZ-b(z&fldu889x
z)h3mjT0%dJ!+(=(7_LcQ9V0&@(3!*<BE?}QVZ}`Y6hv}vP%dKDhVeW-GWjxtp^>A2
zpMK32-0F?=hoLhJnSAONHFdP6NwU;F{`Wf6f~n*u3VW;1W%ft@-r2|4f9|*tLTng(
zG+Vzxh${r}6pmrUe^-i=(4{Q`yyZVh>7l75SoFtLW`EoJ<!ZY*s2q1qD#G{@px9MV
zp)#9n-f~GT+UXpYS|Oym`5(MdN?A3%cgbmZePX?H#=S*Z<g=FlWxJ(772eTT@1oK8
z{q$Mmfnx<wd*5AAF$piDoIO>|`j#EdTCOP)XHc~{q|4pm1IR5A$oJ8}Ay$)$CsDSP
zY?uUk34b+F2>}8F0RRCo4F(A+hDe6@4FLfJ1potqfdGmT1%$9B3t|4jV;YYUPPl2x
zz<>fvW!Z^^_T&FBHAcw_@jr<>_3uVcojrO2$Ln+B$ywD;Q+WH?xn&+QhqfqS284nc
z$BNpsc_aJaS2?;7vjHR)RdOE%9J5EM9R^%WU>$o|JO_!0>azEL)?=6{7=Uj`i?;lu
Kdp0#aUf@nTXG*vL

delta 728
zcmV;}0w?|72Hyq~FoFYHFoFWa0to=|!-v4s^jF1^6G<B|HZV3YH!(3ZG&3?<7Y#Er
zF)%VSF)=hWGcu8PP=EX<w3%Hh%Fr+j`r};?Wl|lWbgMSD5b)gHe4_=`ttADk)UW}g
z4X$UY^fY}iKnroxCfs0zC%X<hArNw;^V^qV-=&ES@1vt!`J6qMX2Zy`pMH~_RnO(O
z2aD`nkRZ)pmu0!H^u0Ov#YDnNUL$oJ_3M0Q5w8sT2WKEq8-G%OkEnM5rgiw+VXhXV
z##-lf26+ze(d0CgK;T>maox?BB8At*_qHegN_Cm(UerlhGFqSp+Cz&}#6X`{2H3(|
zN2wGExlD97fXsOeCn^W`4Pn++s+M#D>;O(~wfl~y;qgj?b^u`WqW``cC|ig?96y!M
z7XS2>*B=ru_<vv7avi-Uy+Ru3G~FHDd$tioGhLi$JrfGd>WY5}SzEd@PpCx)1I&la
zpN50(f~}LjpktBkY~Bg4!8inQ|Da>u>Ru*7UzXwh=w_Xs?;*KZ6+rgL$!sa5#wCm%
zhjof3R40eMa6w2mGZwmv4<e4SD9qV#Ve`U3TFow`AAcn59mm}r%eZM%B`4PkH};;e
zm@cRF?0C)Mn>&f!N}s;~pPl6je9nV2!grWg(!oG)E6a<p%sCQRrvF+9Y!S3QJ9`Eq
z;x*kVQ~Vydzjn)SkOyi4Jk2fSKFcADsAO@?mh{4r1x>Ia;H)(*Iod{)t9s8dAW=H7
z3z)e#dVhbztB(Q$0RRCo4F(A+hDe6@4FLfJ1potqfdF!_tvz{}$o2Hr<4lKT^;SqG
zQh)O;>7shNF706dhrCO4>3DhKqZAs5h%J5J&8E~cxQ9`EF~_QC$P>BXiKMeT17|Qd
zds_4QMn7zXRu^f9T@R7ePZ#hM@R_lkR)7x2IvxA0R&Bc7HvVyP^Yv_!mRWDN&`41i
K)A5aXgiUw+yjTVR

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
index b7aed1caba..a9517fe375 100644
--- a/ssl/test/axTLS.x509_4096.pem
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDWzCCAsQCCQDxw4fA1PRXxTANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIIDWzCCAsQCCQCrCBinAwcoADANBgkqhkiG9w0BAQQFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzNDFaFw0yNDA5MDMyMjMzNDFaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCTEyNy4wLjAuMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAPwntJldKsrQMAz6410QZVIdoHSrNrYQ8NzdfKMF1a0lBavUsAGjDa5n
-qfQ0fTBAC3HTJtxghCe7DjohEHKk89uXYt+liQ3vo6Nc+Zw9l2bDyLKffpOdVc/l
-tweL7FyQIM1fl2W5r/S9OffFRMJKXiN1HPXrfGYRrwz6B2cgUBtSgI+odwCmdfjb
-Ya4Wo8Za53UGeQ7v0eQ0lEDgXAhx3c2YIoXXxfe2J/5KdZnpXtRJWTJaoAbaQ4tU
-xECfVwbYwltHqRQJuUx0N4DMeQwnKgf3DWHWVqqWdALsAE5utfuOpuHxSoN2AGDz
-ov++GihbiEAcP5XPFv/0ldcfEi/4X9lyHb0mvUIa6DTdHd17thFEM12caD0TCszq
-in8JWVu6M0+oRQcDzIfMn4aD7oKtk76gY5HtbN4Jr8E4BHH/oGPe6l4mQl+W4f3o
-Zp2e7yG5WBVA9sjJbCmlxiWMHod1iiZUJ4e9cEFINjMWuooPIo6xKMzZcGHzwkBa
-zS6kHyTsHcfdHcu4aVMlJ9cKN/aesJgup/XseM3imzuJ3UqfvwCfneUKfM6DM8J3
-mFfSwUBvK8uLsMw5Elim/1oIbBG0PTt7BiLiNd0pU/weuL92y2+QB2oCPM0t5D7L
-IYyoZHHNlvTCkQVNsCHgrDUtOdpGlKt6zzEgUTqwC5i5N3p/w6uPAgMBAAEwDQYJ
-KoZIhvcNAQEEBQADgYEAcrCtPXmZyPX01uNMh2X1VkgmUn/zLemierou7WD/h7xL
-dOl4eeKjFBqIiC19382m1DK4h1F8MceqaMgTueCJpLM7A2cwN3ta8/pGP2yEVhdp
-h10PkdRPF/AU8JmxnFaADsc6+6xWbbrdNv5xcvP1bJKWWW+30EhRF9PxjXiETXc=
+AgoCggIBAKOYAobI/sEAa0jY3Wnh2UBTQbKzLIEF0/PuVOehqtnXZ1T+7LPTuks8
+ijWm+OXN/uvLg0YZQDpOtjut7Jog6X3PDr1fnGCZB9ByzUqVDCC3OtY3Vlp8ax0b
+x0JuQ65ZHP7PlQn+2DDcmzsymooHXWdajCOb7TXdZCt48fau9fE/1pp4+Z0sKUiu
+bld/ihm5IgbmwSbRWrbHzZJ3MavMCHMKwCvCUDMU1s4Vek+DxZta3ApKPB5aQrW9
+fupNT01XEJkQBjpO8m8zPrcXQWKU0m2Ylj+7KXobNw+YuFgoZRhJLEdUaGN/RUVU
+pjdTZ8A6rCquiOMg1SaVm1pCP4zDk2wYrklfHSM/I9CZxBoixWEmYcVNAxREcm5Q
+LmLWhvE8PTL5MoOhkaOAn37NFtzqjfSHoTMMmXzqFjV1tKZJstQ+/vc61IKp5CcK
+e6vPZfZH/t7Zx9h/7rgQQmwYfDRbv0GIKwTwFI5hxH9XipPQpS0CvOU/SemhqSVY
+9MdVZtv75Wq7Oagcd00qwvgSoNhVUKEym2zeckkt2ukcllohpLr5H7xRSlk1vXfJ
+aXh9Yr1zxr1FWeSzlv9lu6VAFd7RV++i0fj99FnjgWMFUHvfXVExCS+jnD1VzfqW
+Hc1arikSZ1C1OaTL3eEDyC0RyPfRwCFWk4onUbaUbJgEegk1UQkBAgMBAAEwDQYJ
+KoZIhvcNAQEEBQADgYEAihEFhLAmC2H+wWMajxFOuGnKwIACS2XZiYX24/8wNUbJ
+CvE/iTv170ZPnT16Asfrc+PJWdVPU3j72bllHjKHtihgBoSCGceK2rN5I/vgVzm6
+EbMBJBZVch8FHLNHqR0GXEtge1k8B4mI6rL3f9ZjmCkYgG9Ii7b8o3s2NT1e4E4=
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_512.cer b/ssl/test/axTLS.x509_512.cer
index 48c6e13aa0af5678668c7d4a3245a3304030f01e..ab8537901dcb554c3e8913db640427ff6f96b5c0 100644
GIT binary patch
delta 255
zcmV<b0094%1C|34FoFS+FoFC62>`1I7^edVC;X8TNgFXRF)}hXGBPtWGdNlo4Kg$^
zIWRLaGBYzXIFWWpK*-8nPP?|aIqFW!gl=!;cx+KRRTPd{I+q%^`tsdqZ6z+M-dVxk
z@sQ$w)Z?*x$#qjAkjc@UZ`v8Z(6{b%7m@xLe;bx|S`^y`v>6C1+Uh2tbsc^!%V|{b
z0>!-N!FDAFT{!L0Kmvv;%yz$e5Vmf#_?+PV(xvXGYp^n4OR7uKI{h<uh(X>4LA$kt
zX?|rM7UpH}O0!wA=0d|EHa!9p&aSlcr;{icMS==F6)@eB!<J`{D3h7ou)C0;K{m3O
F0fQ(Tb2|V4

delta 255
zcmV<b0094%1C|34FoFS+FoFC62>|iKhrrbISHh7JNgFUWFg7qZF)=hWGcsBi4Kp(_
zFfubSF*GzYGLd#jK+!ueU#S5?J%(*^zCdnK!AXBtb)hXb<-t7<AR5slZTfW5J|nPj
z{Ge*y>_Lcx{!|rfVZ|0=xRXKgPd)!Gy^;PHe+orDi@;j-#pg+HimSdbeiH?M(w-AE
z)znMWx6-o`7W7)LwQ;<&^_G?+^z?NkWSKB;!Ri!v%ISqhJRX<PPk`4J32p;i1**?=
z5Er@`w37NO<;kTDAiyt;#m|vMV@onpyL7m!79Z8AlHQM%^7nHzCniCNwS4gZoYTl1
F0qo^xbCLi6

diff --git a/ssl/test/axTLS.x509_512.pem b/ssl/test/axTLS.x509_512.pem
index 8191e489f3..5f5f223c67 100644
--- a/ssl/test/axTLS.x509_512.pem
+++ b/ssl/test/axTLS.x509_512.pem
@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAKRT6LwFr1xedJ
-b4qrvjB+EwV/0p4TNNXUS9S30rMSFvRar7VxvLP1lpYj9PR1JGSZMG/B6hR4yumF
-Rjwel9FPgNcWCW4DXAWqz3UQF7oZtJL6K+XJpQ0gwC+Nxc+RRGNLMlK7dLiqFh/V
-qZLej5Xy93M0JyZBiLV88P+c08gd7A==
+MIIBkjCB/AIJAKsIGKcDByf8MA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
+NjIyMzMzOFoXDTI0MDkwMzIyMzMzOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
+XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
+IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAblnZaFNsGtBkI
+K9rqJqB1HX4ty2lU8ALFvOfBdiUHXTjt0UAChirMdr96ELZutPic4P3Spe6oa7Ay
+YEuqS9I6/TN3iEHeBkG7tYRpfmUeFuZl8EqzWbLmQsMhNj0CE86utPOnkygYRYIK
+PRUw3ZLDlmePKJOZ3LC7kKBBNrKYgw==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
index 9a75fe960e..05a8b54e97 100644
--- a/ssl/test/axTLS.x509_aes128.pem
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfHMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDo
-g6K2iXFftW+Qk+rrzkMGWrtfY6YSxPstPRrI7akluUEoyWGITXbK6L3QfERrf2eu
-CnWyciQiHVRoHC0EgZUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBT6YhR8x/bBteK
-lr8E0l4mATOnYlsmge+z/SFYs4bDBofqlwQCVJXNSBA4ZsEjgP9qIWTu/85QrVGq
-LrkewSM6Oeh95LGnE+uhJVtIX++O+Hsex3H1UL067dCG99XmDhqbEU9AI6YSZu2p
-cjoSowFELtOoG667+id9QObfV3EQoQ==
+MIIBkjCB/AIJAKsIGKcDBygCMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
+NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALll
+NkpkyLOhA5d2ys+edm5yNrkFg/vq++Uu6BXJEqvto7UabK624NzvI9APboEMbHVJ
+gceP8Gc05uj6rnldy+sCAwEAATANBgkqhkiG9w0BAQUFAAOBgQApsgHtuktgEuwC
+kWRG4e4wIRcWl6E1SN6tW0vtGU+KGXtAxXHikIfK/0krnfQMKfHGV4Rhj689X1j5
+CoYYBZduyc/hJuCMhwwEqELrSQ60Rv33tZniYZ/iYDQEoE//q4cvwG/sK830w9wx
+/5Dm3eR7kLXGtzHeVUnUWKGv4FILNw==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
index 4f3074e011..cc9623bc03 100644
--- a/ssl/test/axTLS.x509_aes256.pem
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfIMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTMzMTAyMzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANAW
-9PdXa5u4gWi5VB5p/eQmOtteRq9/54JkiEs8cVNrTQgZsjjU1LGedE3JwBqZ1EIW
-HGPjcGg5dVxFjkn7RekCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBmJMt0Crdd/BPn
-EdmzsVXou0zTizTC8wyUPMVpg/KzzP7fhZux/ZIrH9/RVcJd9y+B2/mXc3C+K99+
-TXQoYKsLGArfDPzmpy1wPrdEcB1A9gkWDl1Uq6xRyvrVm3gX8NTITRuGKL9njgWx
-2SrApIBtOOUOinYtfH3745cVVl5HOA==
+MIIBkjCB/AIJAKsIGKcDBygDMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
+NjIyMzM0M1oXDTI0MDkwMzIyMzM0M1owLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKwr
+ugc8AhMAcq/BiZYLgyKL9mAWBHDJxuUGS/NHE2WDdMOVE1Tf1Ame4onsYVTorN0Y
+/3Emj8/WBcBpqmRxHtUCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBr2uCTrm9d9x4B
+MIak3R+RxRUb3920uhASV8PMZ0vYXW2qPnHKAol8ZK2p5ywTzPPRjlTQpF65y9aM
+K3wFRR7hjBfbf9qzr5jwh3p658OoXSQ9hR0KxvgeDWvnLZRJAAebl/4FE1XV0HZ8
+qhFk5fMnD5nabFdq4FK6pWQjUZjMmw==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
index 79eb9ccd68..378dcbb8b7 100644
--- a/ssl/test/axTLS.x509_bad_after.pem
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfKMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
-VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDYw
-NzExNDQzMloXDTA1MDYwNzExNDQzMlowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCmPSs9EceViMZD
-ZTXDZpQWJFcXaeInrXWgYWyVgnHBY/eSuqNCxkV/ehv/Wc5pWBGnrX+4cSvQ+TpQ
-FdZegeOjvgipjtJb/0TJCcvgcdHTntEM0h7VXjfbsJXAHwJPFzWIKxV4jeFXnaaw
-W+YHrj9GQ8PnFmapPuh4h/y6LyHAcg==
+MIIBkjCB/AIJAKsIGKcDBygFMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMTIy
+NjIyMzM0NFoXDTA5MTIyNjIyMzM0NFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
+XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
+IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCdnukuKxxoJB14
+jBVwv4fZLffn3b/GT2LrjLCtk9/mQv9ECbHxOZ9ZOGtFCkkMIP6lnzrng/U/fTT4
+hMdxCCEljxUA7zdCvvLjNgYYW4B4BiEwOokG33fIGM/6dpVrybxJ4Z225AvKAkU9
+p8h6yItFqR4/SMYqZLzsr75PlCKyIw==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
index fe72b541b2..6f56ce5a8e 100644
--- a/ssl/test/axTLS.x509_bad_before.pem
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -1,11 +1,11 @@
 -----BEGIN CERTIFICATE-----
-MIIBkjCB/AIJAPHDh8DU9FfJMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
+MIIBkjCB/AIJAKsIGKcDBygEMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAoTKWF4
 VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTI0MTIz
 MTE0MDAwMFoXDTI1MTIzMTE0MDAwMFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVj
-dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANE7
-MF+pAUI9hm1yvkBuUcFJf1d1oS025cE9DyAa0SNt+nTSPiOwcPygat7sQYiE/lQV
-a2HFFmK4k0HxTz3/Lr0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQApbldYefE8A0ez
-SYvAuCtYxx/2KHwBRD/cR0q7widl9WGjVC/dsnbFo109vHEr3FP1HVYSI0aweiaK
-XZmpUyJ9DprbbWQqaLuDnqIH8X7kfiMuO7/LGQc812iDJI2Akxp9cIlPBFBD8GVx
-+0EphzSodDDlLD8bPqLaWTE+8Ydtjw==
+dDESMBAGA1UEAxMJMTI3LjAuMC4xMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMjK
+XU67trg56k7LhG5v5XhsUTpVFI5ZOpcat/ry3WhtJS6q3lnB3vGQ4n/U47F7yXVT
+IpDJ0Zxv2hm/0LfudBcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMgBB+4M4ud6Zf
+kZgxFB+upuKhRkXD+6Am2N+XGvJzsB8CsZ4jMxPczgZwrMTPKxm/bCbX7ftLwtps
+77eyjihTCE3WzFZMEwT+mY28Cn0B7FkovrLvKEXQROfyDwkt7HWBGJEuSO6JAdAa
+0mesxjwqjiLmmBoY5BLtfc1CGa8muw==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.cer b/ssl/test/axTLS.x509_device.cer
index c966743c9ca724ecb81928d0f6ad7e62b29eab92..0974b240952d3fea8634d634cc031f3b15a43932 100644
GIT binary patch
delta 274
zcmV+t0qy>g1Caw0FoFS%FoFR$0to=C2pFdW2PgrN6G0j=FflSRHZn3ZGc+<<7Y#Br
zFgY+YGBPtWG?8vhf5+Ic+WiX7T;j*FqQYw=ShKz=m1$)6BGa^jRmSOoB-%L9JO=U)
zlB=TOwU9s$yIE+@SB?TA)*)kaSBe0!S`eypPnuHnb2ON)JZ=mQ;5BrCyTZ3p<-zd+
z)JYeDg9Ex|a2H1Dps8IfuUg8UtX$?E?biWwz?F>Xs?AV?Sfc_10RRCo4F(A+hDe6@
z4FLfK1pos<0K9l-*{D_!H028vtjMy<|BVVEVQA}FeeR?ZQfLBR0n|qZLW=yOF*k5q
Yi#WHCV&E6$id&}}ntg`z!%!UoPq&<JqW}N^

delta 274
zcmV+t0qy>g1Caw0FoFS%FoFR$0to=|!-v4s^jF4_6G0j<HZV3YH!(3ZG&3?<7Y#Er
zF)%VSF)=hWGm&mgf7Bul4H7HAb|Ao&yB2LQAuy~sh!^%>njsjMQ#-5S83#m?5K#sU
z-Iw3AEww`>j~GhTAcqO=&eZ-QlR~XaSG5wn3VqN&=I+fWwq#?~ph8G)^?yR=O8sk;
z4<yY=6zyAtw?yswDyv&htYOswlU-fN^2&Rw37pEwC8?FXSQ`QZ0RRCo4F(A+hDe6@
z4FLfK1pos<01&rP&aNV2DR8-US&O_Y%A^`~Q{b;jk=4gQR^b(!H||@=PP2zYc=n)W
Y({0c(BvN-Ek8xf}zManKEPA0{SLyt3=>Px#

diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
index e9cbaaf314..048dbd9220 100644
--- a/ssl/test/axTLS.x509_device.pem
+++ b/ssl/test/axTLS.x509_device.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIBjTCCATcCCQDxw4fA1PRXxjANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
-eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMDYwNjA3MTE0NDMy
-WhcNMzMxMDIzMTE0NDMyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
-ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CIODRIr
-v3YgwJW7Fm0wITCsOIgX9l+aIRiXUzur4RkHRJIQUQYM3ZfftC21QyWPGErVIIcJ
-7s7U/iKTQq1LV7USvAp90D/m7s0ntmRj1aBCSG71f0LnSv1rlA8kzUkU7VuEt0Tt
-+iqrW0+sYdUBk11dyPLKe6sJnMrJJamVvBsCAwEAATANBgkqhkiG9w0BAQUFAANB
-ABC3Uc6uImIpcLl1WYu8K8qkGnVT4K9JkdXHQFbhFZs37lvITrOHQ3j2oGXTbdAx
-JFJ3II9xXkm+nc7oLHqhXlc=
+MIIBjTCCATcCCQCrCBinAwcoATANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwkxMjcuMC4wLjEwHhcNMTAxMjI2MjIzMzQy
+WhcNMjQwOTAzMjIzMzQyWjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx9iw2v0K
+zlzix7KiwmskWLO+KpVpZPci07SCVcbpgSTaONE8BvIPkqui4bWQQA+7WWjPV44C
+ItYhY3NXigCxWhCqc0+aUvRzNJiuPG4MDuA1dIG7wrdS5cHxAtRJF4KDA7pmcBdG
+6aCpXSyvWsqerFzmHu3XAXPAlYzoqs1Qg6MCAwEAATANBgkqhkiG9w0BAQUFAANB
+ALx4Z9moVhA05QsUrMiyy/+NCiFhaOtZfe6kElJoAl4B1EcGQor8ozE3cFuLOLeQ
+YuAX5YpbpxuafYbzw1AdAU8=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIB3zCCAUgCCQCdbnM4pjqlWjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wNjA2
-MDcxMTQ0MzJaFw0zMzEwMjMxMTQ0MzJaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+MIIB3zCCAUgCCQD76Ccq3Co3qjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMDEy
+MjYyMjMzMzdaFw0yNDA5MDMyMjMzMzdaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
 Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQCnZdk20fYWh8O6kDTt0AuJWyp0YIrb7W1UNNMPXI5wA4J59IVj
-Nmk5wocm9+Hqzbg7rORAN/mHPBhzLAjhnm1HODs36hW15DtbDkkH4wCM/Tsyv79m
-n0xq1V6peK3t9vi2D4p/IRjHkYR2jm+BeknopijhY0kHHfpGTHa2DnVirwIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBAB0LgNo0oCcwIie5plgwwFybQ8x95q6e3wndM/Mp
-3gjcAFbGuchpo3dfFlTcRI0KyERb3q1MVxPM4sff9nT7EdHVyK9s8/ITkP2dcTKc
-flbcTEfJVIeM8L2P5F41Hvn9GuGcMW8EmsC06gdbp1LLnqsdrXdMNBsAUBXfgPrU
-+UcZ
+A4GNADCBiQKBgQCfxX6VHEhZNsMIqPPxt53h1UpfX1jU7ctqwBR4dpWRj3H6cCBN
+EK8xj7IVcBTJq6vcMRDwrAUrElSIZl8Kv6+ZqhTss2j+E2tfzkzehP9LcAdAR+UM
+JPBsYXic/+vmH5JCMO7CXLUsDJmO2q2Z1TjTtchu2DgAueTo0hWRtMvbMwIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBABoJU0aQMTocVLNbcY4tbfqLck2oAn/OVjG0p/8p
+GIJzlVKOtZ76ZkqHIbcXNKNlgjXy+4S3R+6+mkYcn0JVbVg7eN0tsDlMB04YyFaD
+95D47KEzmDky4Yj2nqI4SmvVTf2lyYxV1zknrFUXND+WvjGxge3gpJxtMoTGE5E0
+Jc3F
 -----END CERTIFICATE-----
diff --git a/ssl/test/killopenssl.sh b/ssl/test/killopenssl.sh
index 17950fbaef..f5adf2db51 100755
--- a/ssl/test/killopenssl.sh
+++ b/ssl/test/killopenssl.sh
@@ -1,2 +1,3 @@
 #!/bin/sh
 ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9
+sleep 1
diff --git a/ssl/test/make_certs.sh b/ssl/test/make_certs.sh
index dfc39d4f53..08f3993498 100755
--- a/ssl/test/make_certs.sh
+++ b/ssl/test/make_certs.sh
@@ -69,15 +69,18 @@ EOF
 openssl genrsa -out axTLS.ca_key.pem 1024
 openssl genrsa -out axTLS.key_512.pem 512
 openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_1042.pem 1042
 openssl genrsa -out axTLS.key_2048.pem 2048
 openssl genrsa -out axTLS.key_4096.pem 4096
 openssl genrsa -out axTLS.device_key.pem 1024
 openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
 openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
 
+
 # convert private keys into DER format
 openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
 openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_1042.pem -out axTLS.key_1042 -outform DER
 openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
 openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
 openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
@@ -89,6 +92,8 @@ openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
             -config ./certs.conf 
 openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
             -config ./certs.conf 
+openssl req -out axTLS.x509_1042.req -key axTLS.key_1042.pem -new \
+            -config ./certs.conf 
 openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
             -config ./certs.conf 
 openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
@@ -102,29 +107,32 @@ openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
 
 # generate the actual certs.
 openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
-            -sha1 -days 10000 -signkey axTLS.ca_key.pem
+            -sha1 -days 5000 -signkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
-            -sha1 -CAcreateserial -days 10000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
-            -sha1 -CAcreateserial -days 10000 \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
-            -md5 -CAcreateserial -days 10000 \
+            -md5 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-            -md5 -CAcreateserial -days 10000 \
+            -md5 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
-            -sha1 -CAcreateserial -days 10000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
 openssl x509 -req -in axTLS.x509_aes128.req \
             -out axTLS.x509_aes128.pem \
-            -sha1 -CAcreateserial -days 10000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_aes256.req \
             -out axTLS.x509_aes256.pem \
-            -sha1 -CAcreateserial -days 10000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 
 # note: must be root to do this
@@ -149,6 +157,7 @@ rm *.conf
 openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
 openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
 openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_1042.pem -outform DER -out axTLS.x509_1042.cer
 openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
 openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
 openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 328bbdca3d..86997d7859 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -66,6 +66,7 @@ static int g_port = 19001;
 #define TEST1_SIZE  16
 #define TEST2_SIZE  32
 
+#if 0
 static int AES_test(BI_CTX *bi_ctx)
 {
     AES_CTX aes_key;
@@ -419,6 +420,7 @@ static int HMAC_test(BI_CTX *bi_ctx)
 end:
     return res;
 }
+#endif
 
 /**************************************************************************
  * BIGINT tests 
@@ -427,10 +429,12 @@ static int HMAC_test(BI_CTX *bi_ctx)
 static int BIGINT_test(BI_CTX *ctx)
 {
     int res = 1;
+
+#ifndef REGISTER_8 
+#ifndef REGISTER_16
     bigint *bi_data, *bi_exp, *bi_res;
     const char *expnt, *plaintext, *mod;
     uint8_t compare[MAX_KEY_BYTE_SIZE];
-
     /**
      * 512 bit key
      */
@@ -461,6 +465,47 @@ static int BIGINT_test(BI_CTX *ctx)
     bi_export(ctx, bi_res, compare, 64);
     if (memcmp(plaintext, compare, 64) != 0)
         goto end;
+#endif
+#endif
+
+    /*
+     * Multiply with psssible carry issue (8 bit)
+     */
+    {
+        int i;
+        bigint *bi_x = bi_str_import(
+                ctx,
+               "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
+        uint8_t exp_sqr_result[bi_x->size*2];
+        uint8_t exp_mlt_result[bi_x->size*2];
+        bigint *arg2 = bi_clone(ctx, bi_x);
+        bigint *arg3 = bi_clone(ctx, bi_x);
+        bigint *sqr_result = bi_square(ctx, bi_x);
+        bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
+        //bi_print("SQR_RESULT", sqr_result);
+        //bi_print("MLT_RESULT", mlt_result);
+
+        if (bi_compare(sqr_result, mlt_result) != 0)
+        {
+            bi_export(ctx, sqr_result, exp_sqr_result, sizeof(exp_sqr_result));
+            bi_export(ctx, mlt_result, exp_mlt_result, sizeof(exp_mlt_result));
+            bi_free(ctx, sqr_result);
+            bi_free(ctx, mlt_result);
+
+            for (i = 0; i < sizeof(exp_sqr_result); i++)
+            {
+                if (exp_sqr_result[i] != exp_mlt_result[i])
+                {
+                    printf("Error: SQUARE failed %d %02x %02x\n", i, 
+                                exp_sqr_result[i], exp_mlt_result[i]);
+                    goto end;
+                }
+            }
+        }
+
+        bi_free(ctx, sqr_result);
+        bi_free(ctx, mlt_result);
+    }
 
     printf("All BIGINT tests passed\n");
     res = 0;
@@ -755,9 +800,7 @@ typedef struct
 static void do_client(client_t *clnt)
 {
     char openssl_buf[2048];
-
-    /* make sure the main thread goes first */
-    sleep(0);
+    usleep(500000);           /* allow server to start */
 
     /* show the session ids in the reconnect test */
     if (strcmp(clnt->testname, "Session Reuse") == 0)
@@ -882,7 +925,11 @@ static int SSL_server_test(
         while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
         SOCKET_CLOSE(client_fd);
         
-        if (size < SSL_OK) /* got some alert or something nasty */
+        if (size == SSL_CLOSE_NOTIFY)
+        {
+            ret = SSL_OK;
+        }
+        else if (size < SSL_OK) /* got some alert or something nasty */
         {
             ret = size;
 
@@ -1392,7 +1439,7 @@ static int SSL_client_test(
 client_test_exit:
     ssl_free(ssl);
     SOCKET_CLOSE(client_fd);
-    usleep(200000);           /* allow openssl to say something */
+    usleep(500000);           /* allow openssl to say something */
 
     if (sess_resume)
     {
@@ -1566,7 +1613,7 @@ static void do_basic(void)
     SSL *ssl_clnt;
     SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
                             DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-    usleep(200000);           /* allow server to start */
+    usleep(500000);           /* allow server to start */
 
     if ((client_fd = client_socket_init(g_port)) < 0)
         goto error;
@@ -1692,7 +1739,7 @@ void do_multi_clnt(multi_t *multi_data)
     if ((client_fd = client_socket_init(multi_data->port)) < 0)
         goto client_test_exit;
 
-    sleep(1);
+    usleep(500000);
     ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
 
     if ((res = ssl_handshake_status(ssl)))
@@ -1869,7 +1916,7 @@ static int header_issue(void)
 
     size = fread(buf, 1, sizeof(buf), f);
     SOCKET_WRITE(client_fd, buf, size);
-    usleep(200000);
+    usleep(500000);
 
     ret = 0;
 error:
@@ -1911,6 +1958,7 @@ int main(int argc, char *argv[])
 
     bi_ctx = bi_initialize();
 
+#if 0
     if (AES_test(bi_ctx))
     {
         printf("AES tests failed\n");
@@ -1945,6 +1993,7 @@ int main(int argc, char *argv[])
         goto cleanup;
     }
     TTY_FLUSH();
+#endif
 
     if (BIGINT_test(bi_ctx))
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 94f413b533..809d45cb01 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -245,8 +245,10 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     if (ssl == NULL)        /* just ignore null pointers */
         return;
 
-    /* spec says we must notify when we are dying */
-    send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+    /* only notify if we weren't notified first */
+    if (!IS_SET_SSL_FLAG(SSL_RECEIVED_CLOSE_NOTIFY))
+      /* spec says we must notify when we are dying */
+      send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
 
     ssl_ctx = ssl->ssl_ctx;
 
@@ -284,7 +286,7 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
     int ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
-    if (ret < SSL_OK)
+    if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
     {
         if (ret != SSL_ERROR_CONN_LOST)
         {
@@ -1276,7 +1278,15 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
         case PT_ALERT_PROTOCOL:
             /* return the alert # with alert bit set */
-            ret = -buf[1]; 
+            if(buf[0] == SSL_ALERT_TYPE_WARNING &&
+               buf[1] == SSL_ALERT_CLOSE_NOTIFY)
+            {
+              ret = SSL_CLOSE_NOTIFY;
+              SET_SSL_FLAG(SSL_RECEIVED_CLOSE_NOTIFY);
+            }
+            else 
+                ret = -buf[1]; 
+
             DISPLAY_ALERT(ssl, buf[1]);
             break;
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index b64b4fda62..cead605de2 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -62,6 +62,7 @@ extern "C" {
 #define SSL_SESSION_RESUME          0x0008
 #define SSL_IS_CLIENT               0x0010
 #define SSL_HAS_CERT_REQ            0x0020
+#define SSL_RECEIVED_CLOSE_NOTIFY   0x0040
 
 /* some macros to muck around with flag bits */
 #define SET_SSL_FLAG(A)             (ssl->flag |= A)
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 3289afa756..0e9c10af42 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -250,6 +250,12 @@ static int process_server_hello(SSL *ssl)
     offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
     sess_id_size = buf[offset++];
 
+    if (sess_id_size > SSL_SESSION_ID_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_SESSION;
+        goto error;
+    }
+
     if (num_sessions)
     {
         ssl->session = ssl_session_update(num_sessions,
diff --git a/www/index.html b/www/index.html
index 21d2b676df..e7e080e445 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201008060911" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.6@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201008070728" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 0d2e75b9c7ea3a83e866cba83ac379b955ac97ff Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 29 Dec 2010 11:49:30 +0000
Subject: [PATCH 152/301] fixed regular_square. Some scan-build tweaks. Made
 os_port.h "private".

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@181 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in        | 12 ++++++------
 crypto/aes.c            |  2 +-
 crypto/bigint.c         | 15 +++++++--------
 samples/c/axssl.c       |  2 --
 ssl/BigIntConfig.in     |  2 +-
 ssl/gen_cert.c          |  1 +
 ssl/loader.c            |  4 ++--
 ssl/openssl.c           |  1 +
 ssl/p12.c               | 15 ++++++---------
 ssl/test/killopenssl.sh |  1 -
 ssl/test/ssltest.c      | 35 +++++++++--------------------------
 ssl/tls1.c              | 11 ++++++++---
 ssl/tls1.h              |  1 -
 ssl/tls1_clnt.c         |  4 ++--
 ssl/tls1_svr.c          |  5 +++--
 www/index.html          |  2 +-
 16 files changed, 48 insertions(+), 65 deletions(-)

diff --git a/config/Config.in b/config/Config.in
index bebbb03307..bc11f69d24 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -101,12 +101,6 @@ config CONFIG_EXTRA_LDFLAGS_OPTIONS
 endmenu
 
 source ssl/Config.in
-config CONFIG_AXHTTPD
-    bool "Enable HTTP/HTTPS Web Server"
-    default y
-    help
-        Build the AXHTTPD web server
-
 config CONFIG_AXTLSWRAP
     depends on !CONFIG_PLATFORM_WIN32
     bool "Enable axtlswrap"
@@ -115,6 +109,12 @@ config CONFIG_AXTLSWRAP
         axtlswrap is similar to sslwrap - http://www.rickk.com/sslwrap. 
         It enables SSL for processes that don't have native SSL support.
 
+config CONFIG_AXHTTPD
+    bool "Enable HTTP/HTTPS Web Server"
+    default y
+    help
+        Build the AXHTTPD web server
+
 source httpd/Config.in
 source bindings/Config.in
 source samples/Config.in
diff --git a/crypto/aes.c b/crypto/aes.c
index 038a45bd85..9082a4069f 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -168,7 +168,7 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
    x^8+x^4+x^3+x+1 */
 static unsigned char AES_xtime(uint32_t x)
 {
-	return x = (x&0x80) ? (x<<1)^0x1b : x<<1;
+	return (x&0x80) ? (x<<1)^0x1b : x<<1;
 }
 
 /**
diff --git a/crypto/bigint.c b/crypto/bigint.c
index 28b3c0ca0d..6a07a98d33 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -926,7 +926,7 @@ bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 /*
  * Perform the actual square operion. It takes into account overflow.
  */
-bigint *regular_square(BI_CTX *ctx, bigint *bi)
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
 {
     int t = bi->size;
     int i = 0, j;
@@ -939,13 +939,13 @@ bigint *regular_square(BI_CTX *ctx, bigint *bi)
     do
     {
         long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
-        uint8_t c = 0, q = 0;
+        uint8_t c = 0;
         w[2*i] = (comp)tmp;
         carry = (comp)(tmp >> COMP_BIT_SIZE);
 
         for (j = i+1; j < t; j++)
         {
-            c = q = 0;
+            c = 0;
             long_comp xx = (long_comp)x[i]*x[j];
             if (COMP_MAX-xx < xx)
                 c = 1;
@@ -958,7 +958,7 @@ bigint *regular_square(BI_CTX *ctx, bigint *bi)
             tmp += w[i+j];
 
             if (COMP_MAX-tmp < carry)
-                c = q = 1;
+                c = 1;
 
             tmp += carry;
             w[i+j] = (comp)tmp;
@@ -968,10 +968,9 @@ bigint *regular_square(BI_CTX *ctx, bigint *bi)
                 carry += COMP_RADIX;
         }
 
-        w[i+t] += carry;
-
-        if (c && !q)
-            w[i+t+1] = 1; /* add carry */
+        tmp = carry + w[i+t];
+        w[i+t] = (comp)tmp;
+        w[i+t+1] = tmp >> COMP_BIT_SIZE;
     } while (++i < t);
 
     bi_free(ctx, bi);
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index d9d9a60711..20da957ec9 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -310,7 +310,6 @@ static void do_server(int argc, char *argv[])
         if ((client_fd = accept(server_fd, 
                 (struct sockaddr *)&client_addr, &client_len)) < 0)
         {
-            res = 1;
             break;
         }
 
@@ -683,7 +682,6 @@ static void do_client(int argc, char *argv[])
     for (;;)
     {
         uint8_t buf[1024];
-        res = SSL_OK;
 
         /* allow parallel reading of server and standard input */
         FD_SET(client_fd, &read_set);
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
index cace9c5687..944d2971b7 100644
--- a/ssl/BigIntConfig.in
+++ b/ssl/BigIntConfig.in
@@ -8,7 +8,7 @@ menu "BigInt Options"
 
 choice
     prompt "Reduction Algorithm"
-    default CONFIG_BIGINT_MONTGOMERY
+    default CONFIG_BIGINT_CLASSICAL
 
 config CONFIG_BIGINT_CLASSICAL
     bool "Classical"
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index 94b74903ca..c2fe381eb9 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -33,6 +33,7 @@
 #ifdef CONFIG_SSL_GENERATE_X509_CERT
 #include <string.h>
 #include <stdlib.h>
+#include "os_port.h"
 #include "ssl.h"
 
 /**
diff --git a/ssl/loader.c b/ssl/loader.c
index 4232f7eec0..ab3c266519 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -41,7 +41,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
-
+#include "os_port.h"
 #include "ssl.h"
 
 static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
@@ -77,7 +77,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     }
 
     /* is the file a PEM file? */
-    if (strncmp((char *)ssl_obj->buf, begin, strlen(begin)) == 0)
+    if (strstr((char *)ssl_obj->buf, begin) != NULL)
     {
 #ifdef CONFIG_SSL_HAS_PEM
         ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
diff --git a/ssl/openssl.c b/ssl/openssl.c
index b6b955008b..6b5c4d8ee9 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -42,6 +42,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
+#include "os_port.h"
 #include "ssl.h"
 
 #define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
diff --git a/ssl/p12.c b/ssl/p12.c
index 6ed92e431d..2bafaf7eaf 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
-
+#include "os_port.h"
 #include "ssl.h"
 
 /* all commented out if not used */
@@ -233,15 +233,14 @@ static int p8_decrypt(const char *uni_pass, int uni_pass_len,
 int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 {
     uint8_t *buf = ssl_obj->buf;
-    int all_ok = 0, len, iterations, auth_safes_start, 
+    int len, iterations, auth_safes_start, 
               auth_safes_end, auth_safes_len, key_offset, offset = 0;
     int all_certs = 0;
     uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
     uint8_t key[SHA1_SIZE];
     uint8_t mac[SHA1_SIZE];
     const uint8_t *salt;
-    int uni_pass_len, ret;
-    int error_code = SSL_ERROR_NOT_SUPPORTED;
+    int uni_pass_len, ret = SSL_OK;
     char *uni_pass = make_uni_pass(password, &uni_pass_len);
     static const uint8_t pkcs_data[] = /* pkc7 data */
         { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
@@ -260,7 +259,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
     {
-        error_code = SSL_ERROR_INVALID_VERSION;
+        ret = SSL_ERROR_INVALID_VERSION;
         goto error;
     }
 
@@ -414,17 +413,15 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
 
     if (memcmp(mac, orig_mac, SHA1_SIZE))
     {
-        error_code = SSL_ERROR_INVALID_HMAC;                  
+        ret = SSL_ERROR_INVALID_HMAC;                  
         goto error;
     }
 
-    all_ok = 1;
-
 error:
     free(version);
     free(uni_pass);
     free(auth_safes);
-    return all_ok ? SSL_OK : error_code;
+    return ret;
 }
 
 /*
diff --git a/ssl/test/killopenssl.sh b/ssl/test/killopenssl.sh
index f5adf2db51..17950fbaef 100755
--- a/ssl/test/killopenssl.sh
+++ b/ssl/test/killopenssl.sh
@@ -1,3 +1,2 @@
 #!/bin/sh
 ps -ef|grep openssl | /usr/bin/awk '{print $2}' |xargs kill -9
-sleep 1
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 86997d7859..68fc2b6736 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -66,7 +66,6 @@ static int g_port = 19001;
 #define TEST1_SIZE  16
 #define TEST2_SIZE  32
 
-#if 0
 static int AES_test(BI_CTX *bi_ctx)
 {
     AES_CTX aes_key;
@@ -420,7 +419,6 @@ static int HMAC_test(BI_CTX *bi_ctx)
 end:
     return res;
 }
-#endif
 
 /**************************************************************************
  * BIGINT tests 
@@ -472,35 +470,20 @@ static int BIGINT_test(BI_CTX *ctx)
      * Multiply with psssible carry issue (8 bit)
      */
     {
-        int i;
-        bigint *bi_x = bi_str_import(
-                ctx,
-               "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
-        uint8_t exp_sqr_result[bi_x->size*2];
-        uint8_t exp_mlt_result[bi_x->size*2];
+        bigint *bi_x = bi_str_import(ctx, 
+                "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
         bigint *arg2 = bi_clone(ctx, bi_x);
         bigint *arg3 = bi_clone(ctx, bi_x);
         bigint *sqr_result = bi_square(ctx, bi_x);
         bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
-        //bi_print("SQR_RESULT", sqr_result);
-        //bi_print("MLT_RESULT", mlt_result);
 
         if (bi_compare(sqr_result, mlt_result) != 0)
         {
-            bi_export(ctx, sqr_result, exp_sqr_result, sizeof(exp_sqr_result));
-            bi_export(ctx, mlt_result, exp_mlt_result, sizeof(exp_mlt_result));
+            bi_print("SQR_RESULT", sqr_result);
+            bi_print("MLT_RESULT", mlt_result);
             bi_free(ctx, sqr_result);
             bi_free(ctx, mlt_result);
-
-            for (i = 0; i < sizeof(exp_sqr_result); i++)
-            {
-                if (exp_sqr_result[i] != exp_mlt_result[i])
-                {
-                    printf("Error: SQUARE failed %d %02x %02x\n", i, 
-                                exp_sqr_result[i], exp_mlt_result[i]);
-                    goto end;
-                }
-            }
+            goto end;
         }
 
         bi_free(ctx, sqr_result);
@@ -1203,6 +1186,7 @@ int SSL_server_tests(void)
                     NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
+//#if 0
     /* 
      * AES128 Encrypted invalid key 
      */
@@ -1215,6 +1199,7 @@ int SSL_server_tests(void)
 
     printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
     TTY_FLUSH();
+//#endif
 
     /*
      * PKCS#8 key (encrypted)
@@ -1328,7 +1313,7 @@ static int SSL_client_test(
 #endif
     }
     
-    usleep(500000);           /* allow server to start */
+    sleep(5);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1590,6 +1575,7 @@ int SSL_client_tests(void)
     {
         ssl_display_error(ret);
         printf("Error: A client test failed\n");
+        system("sh ../ssl/test/killopenssl.sh");
         exit(1);
     }
     else
@@ -1685,7 +1671,6 @@ static int SSL_basic_test(void)
 
         if (size < SSL_OK) /* got some alert or something nasty */
         {
-            printf("Server ");
             ssl_display_error(size);
             ret = size;
             break;
@@ -1958,7 +1943,6 @@ int main(int argc, char *argv[])
 
     bi_ctx = bi_initialize();
 
-#if 0
     if (AES_test(bi_ctx))
     {
         printf("AES tests failed\n");
@@ -1993,7 +1977,6 @@ int main(int argc, char *argv[])
         goto cleanup;
     }
     TTY_FLUSH();
-#endif
 
     if (BIGINT_test(bi_ctx))
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 809d45cb01..9d1be37829 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -36,6 +36,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <stdarg.h>
+#include "os_port.h"
 #include "ssl.h"
 
 /* The session expiry time */
@@ -1635,9 +1636,13 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
     }
 
     /* ok, we've used up all of our sessions. So blow the oldest session away */
-    oldest_sess->conn_time = tm;
-    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    if (oldest_sess != NULL)
+    {
+        oldest_sess->conn_time = tm;
+        memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+        memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    }
+
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }
diff --git a/ssl/tls1.h b/ssl/tls1.h
index cead605de2..a1e1bd9825 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -42,7 +42,6 @@ extern "C" {
 
 #include "version.h"
 #include "crypto.h"
-#include "os_port.h"
 #include "crypto_misc.h"
 
 #define SSL_RANDOM_SIZE             32
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 0e9c10af42..3fb7f627d5 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -32,7 +32,7 @@
 #include <string.h>
 #include <time.h>
 #include <stdio.h>
-
+#include "os_port.h"
 #include "ssl.h"
 
 #ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
@@ -79,7 +79,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
  */
 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 {
-    int ret = SSL_OK;
+    int ret;
 
     /* To get here the state must be valid */
     switch (handshake_type)
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 45b9bec6a6..742ffd5934 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -31,7 +31,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
-
+#include "os_port.h"
 #include "ssl.h"
 
 static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
@@ -416,8 +416,9 @@ static int process_client_key_xchg(SSL *ssl)
 #else
     ssl->next_state = HS_FINISHED; 
 #endif
-error:
+
     ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
+error:
     return ret;
 }
 
diff --git a/www/index.html b/www/index.html
index e7e080e445..6411f28ba8 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201008070728" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201012272209" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.8@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square issue fixed (thanks to Hardy Griech - 3078672)\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start.\n* \n* 8/16/32 bit native int sizes can be selected in bigint_impl.h\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 8c18da4f1e1b366b686470ee16dee39c6481149a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Jan 2011 08:30:53 +0000
Subject: [PATCH 153/301] merged partial_multiply with regular_multiply
 function.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@182 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c        | 118 ++++++++++-------------------------------
 crypto/bigint_impl.h   |   6 +--
 ssl/BigIntConfig.in    |  41 +++++++++-----
 ssl/test/perf_bigint.c |  18 ++++---
 ssl/test/ssltest.c     |   4 +-
 www/index.html         |   2 +-
 6 files changed, 72 insertions(+), 117 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index 6a07a98d33..d8bd868d31 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -801,11 +801,16 @@ void bi_free_mod(BI_CTX *ctx, int mod_offset)
 
 /** 
  * Perform a standard multiplication between two bigints.
+ *
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over Classical/Montgomery reduction methods. 
  */
-static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
 {
-    int i, j, i_plus_j;
-    int n = bia->size; 
+    int i = 0, j;
+    int n = bia->size;
     int t = bib->size;
     bigint *biR = alloc(ctx, n + t);
     comp *sr = biR->comps;
@@ -817,23 +822,33 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 
     /* clear things to start with */
     memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
-    i = 0;
 
     do 
     {
         comp carry = 0;
         comp b = *sb++;
-        i_plus_j = i;
+        int r_index = i;
         j = 0;
 
+        if (outer_partial)
+        {
+            r_index = outer_partial-1;
+            j = outer_partial-i-1;
+        }
+
         do
         {
-            long_comp tmp = sr[i_plus_j] + (long_comp)sa[j]*b + carry;
-            sr[i_plus_j++] = (comp)tmp;              /* downsize */
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
+            if (inner_partial && r_index >= inner_partial) 
+            {
+                break;
+            }
+
+            long_comp tmp = sr[r_index] + ((long_comp)sa[j])*b + carry;
+            sr[r_index++] = (comp)tmp;              /* downsize */
+            carry = tmp >> COMP_BIT_SIZE;
         } while (++j < n);
 
-        sr[i_plus_j] = carry;
+        sr[r_index] = carry;
     } while (++i < t);
 
     bi_free(ctx, bia);
@@ -913,12 +928,12 @@ bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
 #ifdef CONFIG_BIGINT_KARATSUBA
     if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
     {
-        return regular_multiply(ctx, bia, bib);
+        return regular_multiply(ctx, bia, bib, 0, 0);
     }
 
     return karatsuba(ctx, bia, bib, 0);
 #else
-    return regular_multiply(ctx, bia, bib);
+    return regular_multiply(ctx, bia, bib, 0, 0);
 #endif
 }
 
@@ -941,7 +956,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
         long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
         uint8_t c = 0;
         w[2*i] = (comp)tmp;
-        carry = (comp)(tmp >> COMP_BIT_SIZE);
+        carry = tmp >> COMP_BIT_SIZE;
 
         for (j = i+1; j < t; j++)
         {
@@ -1242,81 +1257,6 @@ static bigint *comp_mod(bigint *bi, int mod)
     return bi;
 }
 
-/*
- * Barrett reduction has no need for some parts of the product, so ignore bits
- * of the multiply. This routine gives Barrett its big performance
- * improvements over Classical/Montgomery reduction methods. 
- */
-static bigint *partial_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
-        int inner_partial, int outer_partial)
-{
-    int i = 0, j, n = bia->size, t = bib->size;
-    bigint *biR;
-    comp carry;
-    comp *sr, *sa, *sb;
-
-    check(bia);
-    check(bib);
-
-    biR = alloc(ctx, n + t);
-    sa = bia->comps;
-    sb = bib->comps;
-    sr = biR->comps;
-
-    if (inner_partial)
-    {
-        memset(sr, 0, inner_partial*COMP_BYTE_SIZE); 
-    }
-    else    /* outer partial */
-    {
-        if (n < outer_partial || t < outer_partial) /* should we bother? */
-        {
-            bi_free(ctx, bia);
-            bi_free(ctx, bib);
-            biR->comps[0] = 0;      /* return 0 */
-            biR->size = 1;
-            return biR;
-        }
-
-        memset(&sr[outer_partial], 0, (n+t-outer_partial)*COMP_BYTE_SIZE);
-    }
-
-    do 
-    {
-        comp *a = sa;
-        comp b = *sb++;
-        long_comp tmp;
-        int i_plus_j = i;
-        carry = 0;
-        j = n;
-
-        if (outer_partial && i_plus_j < outer_partial)
-        {
-            i_plus_j = outer_partial;
-            a = &sa[outer_partial-i];
-            j = n-(outer_partial-i);
-        }
-
-        do
-        {
-            if (inner_partial && i_plus_j >= inner_partial) 
-            {
-                break;
-            }
-
-            tmp = sr[i_plus_j] + ((long_comp)*a++)*b + carry;
-            sr[i_plus_j++] = (comp)tmp;              /* downsize */
-            carry = (comp)(tmp >> COMP_BIT_SIZE);
-        } while (--j != 0);
-
-        sr[i_plus_j] = carry;
-    } while (++i < t);
-
-    bi_free(ctx, bia);
-    bi_free(ctx, bib);
-    return trim(biR);
-}
-
 /**
  * @brief Perform a single Barrett reduction.
  * @param ctx [in]  The bigint session context.
@@ -1342,12 +1282,12 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
     q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
 
     /* do outer partial multiply */
-    q2 = partial_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
     q3 = comp_right_shift(q2, k+1);
     r1 = comp_mod(bi, k+1);
 
     /* do inner partial multiply */
-    r2 = comp_mod(partial_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r2 = comp_mod(regular_multiply(ctx, q3, bim, k+1, 0), k+1);
     r = bi_subtract(ctx, r1, r2, NULL);
 
     /* if (r >= m) r = r - m; */
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
index 0b76aee2d4..fef6e0378b 100644
--- a/crypto/bigint_impl.h
+++ b/crypto/bigint_impl.h
@@ -41,10 +41,8 @@
 #define BIGINT_NUM_MODS     1    
 #endif
 
-//#define REGISTER_8          1
-
 /* Architecture specific functions for big ints */
-#if defined(REGISTER_8)
+#if defined(CONFIG_INTEGER_8BIT)
 #define COMP_RADIX          256U       /**< Max component + 1 */
 #define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
 #define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
@@ -53,7 +51,7 @@
 typedef uint8_t comp;	        /**< A single precision component. */
 typedef uint16_t long_comp;     /**< A double precision component. */
 typedef int16_t slong_comp;     /**< A signed double precision component. */
-#elif defined(REGISTER_16)
+#elif defined(CONFIG_INTEGER_16BIT)
 #define COMP_RADIX          65536U       /**< Max component + 1 */
 #define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
 #define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
index 944d2971b7..b951fbd959 100644
--- a/ssl/BigIntConfig.in
+++ b/ssl/BigIntConfig.in
@@ -8,7 +8,7 @@ menu "BigInt Options"
 
 choice
     prompt "Reduction Algorithm"
-    default CONFIG_BIGINT_CLASSICAL
+    default CONFIG_BIGINT_BARRETT
 
 config CONFIG_BIGINT_CLASSICAL
     bool "Classical"
@@ -21,9 +21,8 @@ config CONFIG_BIGINT_MONTGOMERY
     bool "Montgomery"
     help
         Montgomery uses simple addition and multiplication to achieve its
-        performance. In this implementation it is slower than classical, 
-        and it has the limitation that 0 <= x, y < m, and so is not used 
-        when CRT is active.
+        performance.  It has the limitation that 0 <= x, y < m, and so is not 
+        used when CRT is active.
 
         This option will not be normally selected.
 
@@ -31,9 +30,7 @@ config CONFIG_BIGINT_BARRETT
     bool "Barrett"
     help
         Barrett performs expensive precomputation before reduction and partial
-        multiplies for computational speed. It can't be used with some of the
-        calculations when CRT is used, and so defaults to classical when this
-        occurs.
+        multiplies for computational speed.
 
         It is about 40% faster than Classical/Montgomery with the expense of
         about 2kB, and so this option is normally selected.
@@ -108,12 +105,9 @@ config CONFIG_BIGINT_SQUARE
     bool "Square Algorithm"
     default y
     help
-        Allow squaring to be used instead of a multiplication.
- 
-        Squaring is theoretically 50% faster than a standard multiply 
-        (but is actually about 25% faster). 
-
-        It gives a 20% speed improvement and so should be selected.
+        Allow squaring to be used instead of a multiplication. It uses
+        1/2 of the standard multiplies to obtain its performance.  
+        It gives a 20% speed improvement overall and so should be selected.
 
 config CONFIG_BIGINT_CHECK_ON
     bool "BigInt Integrity Checking"
@@ -126,7 +120,26 @@ config CONFIG_BIGINT_CHECK_ON
         This option is only selected when developing and should normally be
         turned off.
 
-endmenu
+choice
+    prompt "Integer Size"
+    default CONFIG_INTEGER_32BIT
+
+config CONFIG_INTEGER_32BIT
+    bool "32"
+    help
+        The native integer size is 32 bits or higher.
+        
+
+config CONFIG_INTEGER_16BIT
+    bool "16"
+    help
+        The native integer size is 16 bits.
 
+config CONFIG_INTEGER_8BIT
+    bool "8"
+    help
+        The native integer size is 8 bits.
 
+endchoice
+endmenu
 
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index a4ffab6a3a..f092b9e23c 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -45,10 +45,11 @@
 int main(int argc, char *argv[])
 {
 #ifdef CONFIG_SSL_CERT_VERIFICATION
-    RSA_CTX *rsa_ctx;
+    RSA_CTX *rsa_ctx = NULL;
     BI_CTX *ctx;
     bigint *bi_data, *bi_res;
-    int diff, res = 1;
+    float diff;
+    int res = 1;
     struct timeval tv_old, tv_new;
     const char *plaintext;
     uint8_t compare[MAX_KEY_BYTE_SIZE];
@@ -84,7 +85,7 @@ int main(int argc, char *argv[])
 
     diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
                 (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("512 bit decrypt time: %dms\n", diff/max_biggie);
+    printf("512 bit decrypt time: %.2fms\n", diff/max_biggie);
     TTY_FLUSH();
     bi_export(ctx, bi_res, compare, 64);
     RSA_free(rsa_ctx);
@@ -100,6 +101,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
     len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    rsa_ctx = NULL;
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -121,7 +123,7 @@ int main(int argc, char *argv[])
 
     diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
                 (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("1024 bit decrypt time: %dms\n", diff/max_biggie);
+    printf("1024 bit decrypt time: %.2fms\n", diff/max_biggie);
     TTY_FLUSH();
     bi_export(ctx, bi_res, compare, 128);
     RSA_free(rsa_ctx);
@@ -139,6 +141,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
     len = get_file("../ssl/test/axTLS.key_2048", &buf);
+    rsa_ctx = NULL;
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -159,7 +162,7 @@ int main(int argc, char *argv[])
 
     diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
                 (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("2048 bit decrypt time: %dms\n", diff/max_biggie);
+    printf("2048 bit decrypt time: %.2fms\n", diff/max_biggie);
     TTY_FLUSH();
     bi_export(ctx, bi_res, compare, 256);
     RSA_free(rsa_ctx);
@@ -181,6 +184,7 @@ int main(int argc, char *argv[])
         "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
 
     len = get_file("../ssl/test/axTLS.key_4096", &buf);
+    rsa_ctx = NULL;
     asn1_get_private_key(buf, len, &rsa_ctx);
     ctx = rsa_ctx->bi_ctx;
     bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
@@ -189,7 +193,7 @@ int main(int argc, char *argv[])
     gettimeofday(&tv_new, NULL);
     diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
                 (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("4096 bit encrypt time: %dms\n", diff);
+    printf("4096 bit encrypt time: %.2fms\n", diff);
     TTY_FLUSH();
     bi_data = bi_res;   /* reuse again */
 
@@ -208,7 +212,7 @@ int main(int argc, char *argv[])
 
     diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
                 (tv_new.tv_usec-tv_old.tv_usec)/1000;
-    printf("4096 bit decrypt time: %dms\n", diff/max_biggie);
+    printf("4096 bit decrypt time: %.2fms\n", diff/max_biggie);
     TTY_FLUSH();
     bi_export(ctx, bi_res, compare, 512);
     RSA_free(rsa_ctx);
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 68fc2b6736..7b86a1bd15 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -428,8 +428,8 @@ static int BIGINT_test(BI_CTX *ctx)
 {
     int res = 1;
 
-#ifndef REGISTER_8 
-#ifndef REGISTER_16
+#ifndef CONFIG_INTEGER_8BIT 
+#ifndef CONFIG_INTEGER_16BIT 
     bigint *bi_data, *bi_exp, *bi_res;
     const char *expnt, *plaintext, *mod;
     uint8_t compare[MAX_KEY_BYTE_SIZE];
diff --git a/www/index.html b/www/index.html
index 6411f28ba8..7fabb8bc9d 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201012272209" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.8@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square issue fixed (thanks to Hardy Griech - 3078672)\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start.\n* \n* 8/16/32 bit native int sizes can be selected in bigint_impl.h\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201101020819" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.9@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square issue fixed (thanks to Hardy Griech - 3078672)\n* partial_multiply() removed and merged with regular_multiply().\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start.\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 28c35cf0f335f1537331f8781a70712287edf885 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Jan 2011 10:16:43 +0000
Subject: [PATCH 154/301] Updated of comments.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@183 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/BigIntConfig.in | 4 ++--
 www/index.html      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/BigIntConfig.in b/ssl/BigIntConfig.in
index b951fbd959..116ce17ea2 100644
--- a/ssl/BigIntConfig.in
+++ b/ssl/BigIntConfig.in
@@ -59,8 +59,8 @@ config CONFIG_BIGINT_KARATSUBA
         Uses 3 multiplications (plus a number of additions/subtractions) 
         instead of 4. Multiplications are O(N^2) but addition/subtraction 
         is O(N) hence for large numbers is beneficial. For this project, the 
-        effect was only useful for 4096 bit keys. As these aren't likely to 
-        be used, the feature is disabled by default. 
+        effect was only useful for 4096 bit keys (for 32 bit processors). For
+        8 bit processors this option might be a possibility.
         
         It costs about 2kB to enable it.
 
diff --git a/www/index.html b/www/index.html
index 7fabb8bc9d..d5e29cd326 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201101020819" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.9@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square issue fixed (thanks to Hardy Griech - 3078672)\n* partial_multiply() removed and merged with regular_multiply().\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start.\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201101020912" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.9@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From bc9a451b5111758585f62933fe0d079fdc9a2fb1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Jan 2011 22:38:59 +0000
Subject: [PATCH 155/301] fixed some valgrind detected issues.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@185 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index d8bd868d31..634c1980d0 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -826,11 +826,10 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
     do 
     {
         comp carry = 0;
-        comp b = *sb++;
         int r_index = i;
         j = 0;
 
-        if (outer_partial)
+        if (outer_partial && outer_partial-i > 0 && outer_partial < n)
         {
             r_index = outer_partial-1;
             j = outer_partial-i-1;
@@ -843,7 +842,7 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
                 break;
             }
 
-            long_comp tmp = sr[r_index] + ((long_comp)sa[j])*b + carry;
+            long_comp tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
             sr[r_index++] = (comp)tmp;              /* downsize */
             carry = tmp >> COMP_BIT_SIZE;
         } while (++j < n);
@@ -945,7 +944,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
 {
     int t = bi->size;
     int i = 0, j;
-    bigint *biR = alloc(ctx, t*2);
+    bigint *biR = alloc(ctx, t*2+1);
     comp *w = biR->comps;
     comp *x = bi->comps;
     long_comp carry;

From b8d6697ef8833d54f8b5e61daafe1d5eb1cc38b2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 2 Jan 2011 23:03:18 +0000
Subject: [PATCH 156/301] Comment changes.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@186 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 2 --
 www/index.html     | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 7b86a1bd15..a10737e90c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1186,7 +1186,6 @@ int SSL_server_tests(void)
                     NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
-//#if 0
     /* 
      * AES128 Encrypted invalid key 
      */
@@ -1199,7 +1198,6 @@ int SSL_server_tests(void)
 
     printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
     TTY_FLUSH();
-//#endif
 
     /*
      * PKCS#8 key (encrypted)
diff --git a/www/index.html b/www/index.html
index d5e29cd326..aef580ae62 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201101020912" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.9@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201101022253" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From f5dbc8875e1ee162c52ad4aad6f5c6f7145a4932 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 3 Jan 2011 23:08:49 +0000
Subject: [PATCH 157/301] Removed os_port.h dependency. Fixed CA number issue
 (default now 120).

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@188 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile               |    1 +
 crypto/aes.c           |    1 +
 crypto/bigint.c        |    4 +-
 crypto/crypto.h        |    9 +-
 crypto/crypto_misc.c   |    1 +
 crypto/hmac.c          |    1 +
 crypto/md2.c           |    2 +-
 crypto/md5.c           |    1 +
 crypto/rc4.c           |    1 +
 crypto/rsa.c           |    1 +
 crypto/sha1.c          |    1 +
 httpd/axhttp.h         |    1 +
 httpd/htpasswd.c       |    1 +
 samples/c/axssl.c      |    1 +
 ssl/Config.in          |    9 +-
 ssl/os_port.h          |    2 +-
 ssl/ssl.h              |    1 -
 ssl/test/ca-bundle.crt | 7989 ++++++++++++++++++++++++++++++++++++++++
 ssl/test/ssltest.c     |   53 +-
 ssl/tls1.c             |    3 +-
 20 files changed, 8062 insertions(+), 21 deletions(-)
 create mode 100644 ssl/test/ca-bundle.crt

diff --git a/Makefile b/Makefile
index 2b3d3c8dd9..036a29ebe3 100644
--- a/Makefile
+++ b/Makefile
@@ -108,6 +108,7 @@ endif
 	install -m 644 ssl/*.h $(PREFIX)/include/axTLS
 	-rm $(PREFIX)/include/axTLS/cert.h
 	-rm $(PREFIX)/include/axTLS/private_key.h
+	-rm $(PREFIX)/include/axTLS/os_port.h
 	install -m 644 config/config.h $(PREFIX)/include/axTLS
 
 installclean:
diff --git a/crypto/aes.c b/crypto/aes.c
index 9082a4069f..9b07e27ea1 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -35,6 +35,7 @@
  */
 
 #include <string.h>
+#include "os_port.h"
 #include "crypto.h"
 
 /* all commented out in skeleton mode */
diff --git a/crypto/bigint.c b/crypto/bigint.c
index 634c1980d0..d131e8ab54 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -65,6 +65,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <time.h>
+#include "os_port.h"
 #include "bigint.h"
 
 #define V1      v->comps[v->size-1]                 /**< v1 for division */
@@ -953,13 +954,12 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
     do
     {
         long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
-        uint8_t c = 0;
         w[2*i] = (comp)tmp;
         carry = tmp >> COMP_BIT_SIZE;
 
         for (j = i+1; j < t; j++)
         {
-            c = 0;
+            uint8_t c = 0;
             long_comp xx = (long_comp)x[i]*x[j];
             if (COMP_MAX-xx < xx)
                 c = 1;
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 5c95f21596..c6f186cf97 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -40,10 +40,17 @@ extern "C" {
 #endif
 
 #include "config.h"
-#include "os_port.h"
 #include "bigint_impl.h"
 #include "bigint.h"
 
+#ifndef STDCALL
+#define STDCALL
+#endif
+#ifndef EXP_FUNC
+#define EXP_FUNC
+#endif
+
+
 /* enable features based on a 'super-set' capbaility. */
 #if defined(CONFIG_SSL_FULL_MODE) 
 #define CONFIG_SSL_ENABLE_CLIENT
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 402efe7395..8bca842c19 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -36,6 +36,7 @@
 #include <string.h>
 #include <stdarg.h>
 #include <stdio.h>
+#include "os_port.h"
 #include "crypto_misc.h"
 #ifdef CONFIG_WIN32_USE_CRYPTO_LIB
 #include "wincrypt.h"
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 9199ff2207..7670a9e583 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -33,6 +33,7 @@
  */
 
 #include <string.h>
+#include "os_port.h"
 #include "crypto.h"
 
 /**
diff --git a/crypto/md2.c b/crypto/md2.c
index bfcbd24bbe..dee909a7a5 100644
--- a/crypto/md2.c
+++ b/crypto/md2.c
@@ -38,7 +38,7 @@
 
 #include <string.h>
 #include <stdio.h>
-
+#include "os_port.h"
 #include "crypto.h"
 
 /**
diff --git a/crypto/md5.c b/crypto/md5.c
index b4f86cab58..7f50713006 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -33,6 +33,7 @@
  */
 
 #include <string.h>
+#include "os_port.h"
 #include "crypto.h"
 
 /* Constants for MD5Transform routine.
diff --git a/crypto/rc4.c b/crypto/rc4.c
index 57136b82bd..ec8b24711b 100644
--- a/crypto/rc4.c
+++ b/crypto/rc4.c
@@ -34,6 +34,7 @@
  */
 
 #include <string.h>
+#include "os_port.h"
 #include "crypto.h"
 
 /**
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 0be429856d..143e66add5 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -37,6 +37,7 @@
 #include <string.h>
 #include <time.h>
 #include <stdlib.h>
+#include "os_port.h"
 #include "crypto.h"
 
 void RSA_priv_key_new(RSA_CTX **ctx, 
diff --git a/crypto/sha1.c b/crypto/sha1.c
index be19100797..1082733e7e 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -34,6 +34,7 @@
  */
 
 #include <string.h>
+#include "os_port.h"
 #include "crypto.h"
 
 /*
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index c87b9c442b..961edeecf6 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -28,6 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "os_port.h"
 #include "ssl.h"
 
 #define BACKLOG 15
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index d1fbe32bfe..8fe571ab7b 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include "os_port.h"
 #include "ssl.h"
 
 int tfd;
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 20da957ec9..5a0782731d 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -46,6 +46,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include "os_port.h"
 #include "ssl.h"
 
 /* define standard input */
diff --git a/ssl/Config.in b/ssl/Config.in
index d047d420ec..557499c0dc 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -252,7 +252,7 @@ config CONFIG_SSL_EXPIRY_TIME
 
 config CONFIG_X509_MAX_CA_CERTS
     int "Maximum number of certificate authorites"
-    default 4
+    default 120 if CONFIG_SSL_CERT_VERIFICATION
     depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
         Determines the number of CA's allowed. 
@@ -260,11 +260,11 @@ config CONFIG_X509_MAX_CA_CERTS
         Increase this figure if more trusted sites are allowed. Each
         certificate adds about 300 bytes (when added).
 
-        The default is to allow four certification authorities.
+        The default is to allow the Debian cert bundle to be parsed.
 
 config CONFIG_SSL_MAX_CERTS
     int "Maximum number of chained certificates"
-    default 2
+    default 3
     help
         Determines the number of certificates used in a certificate
         chain. The chain length must be at least 1.
@@ -272,8 +272,7 @@ config CONFIG_SSL_MAX_CERTS
         Increase this figure if more certificates are to be added to the 
         chain. Each certificate adds about 300 bytes (when added).
 
-        The default is to allow one certificate + 1 certificate in the chain
-        (which may be the certificate authority certificate).
+        The default is to allow one certificate + 2 certificates in the chain.
 
 config CONFIG_SSL_CTX_MUTEXING
     bool "Enable SSL_CTX mutexing"
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 262c4dd705..0efd6ae708 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -152,7 +152,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 
 #define SOCKET_READ(A,B,C)      read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     write(A,B,C)
-#define SOCKET_CLOSE(A)         close(A)
+#define SOCKET_CLOSE(A)         if (A >= 0) close(A)
 #define SOCKET_BLOCK(A)         int fd = fcntl(A, F_GETFL, NULL); \
                                 fcntl(A, F_SETFL, fd & ~O_NONBLOCK)
 #define TTY_FLUSH()
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6b3654d558..009944046d 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -68,7 +68,6 @@ extern "C" {
 #endif
 
 #include <time.h>
-//#include "crypto.h"
 
 /* need to predefine before ssl_lib.h gets to it */
 #define SSL_SESSION_ID_SIZE                     32
diff --git a/ssl/test/ca-bundle.crt b/ssl/test/ca-bundle.crt
new file mode 100644
index 0000000000..1e5553b213
--- /dev/null
+++ b/ssl/test/ca-bundle.crt
@@ -0,0 +1,7989 @@
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities.  It was generated from the Mozilla root CA list.
+#
+# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+#
+# Generated from certdata.txt RCS revision 1.39
+#
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+MD5 Fingerprint=74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 419 (0x1a3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Validity
+            Not Before: Feb 23 23:01:00 1996 GMT
+            Not After : Feb 23 23:59:00 2006 GMT
+        Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f:
+                    46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a:
+                    e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7:
+                    3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca:
+                    9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c:
+                    d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a:
+                    09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96:
+                    df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d:
+                    06:80:63:39:c4:a2:5e:38:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23:
+        63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29:
+        e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63:
+        c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4:
+        21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c:
+        6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5:
+        34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5:
+        25:d8
+MD5 Fingerprint=C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 421 (0x1a5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Validity
+            Not Before: Aug 13 00:29:00 1998 GMT
+            Not After : Aug 13 23:59:00 2018 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
+                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
+                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
+                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
+                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
+                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
+                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
+                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
+                    c7:79:b4:1f:05:2f:3b:62:99
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
+        a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
+        81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
+        7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
+        4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
+        a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
+        85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
+        7a:7f
+MD5 Fingerprint=CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35:
+                    a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49:
+                    9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17:
+                    22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c:
+                    4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4:
+                    08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88:
+                    11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9:
+                    56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44:
+                    fb:1b:5b:18:d1:bf:23:93:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b:
+        53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9:
+        d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27:
+        a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f:
+        cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d:
+        4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50:
+        df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df:
+        22:b1
+MD5 Fingerprint=E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
+IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
+DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
+EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
+ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
+QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
+dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
+wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
+G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
+AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
+9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13:
+                    45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed:
+                    fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7:
+                    73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3:
+                    f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e:
+                    7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d:
+                    4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25:
+                    08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b:
+                    f2:98:dd:36:42:b2:da:88:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5:
+        36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f:
+        85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3:
+        14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30:
+        25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb:
+        56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19:
+        e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b:
+        31:89
+MD5 Fingerprint=3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
+dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
+bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
+BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
+IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
+bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
+Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
+Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
+ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
+KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51:
+                    b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85:
+                    25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e:
+                    19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e:
+                    44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3:
+                    87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14:
+                    a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e:
+                    9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98:
+                    91:fd:79:db:e5:5a:c4:1c:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0:
+        6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96:
+        8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d:
+        98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5:
+        0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23:
+        26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15:
+        ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77:
+        a2:81
+MD5 Fingerprint=1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
+YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
+Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
+AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
+MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
+cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
+d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
+DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
+rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
+uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
+/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
+gQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
+                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
+                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
+                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
+                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
+                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
+                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
+                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
+                    3a:c2:b5:66:22:12:d6:87:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
+        a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
+        3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
+        4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
+        8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
+        e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
+        b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
+        70:47
+MD5 Fingerprint=C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
+                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
+                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
+                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
+                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
+                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
+                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
+                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
+                    8d:f4:42:4d:e7:40:9d:1c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
+        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
+        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
+        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
+        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
+        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
+        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
+        14:42
+MD5 Fingerprint=06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903804111 (0x35def4cf)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Validity
+            Not Before: Aug 22 16:41:51 1998 GMT
+            Not After : Aug 22 16:41:51 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
+                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
+                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
+                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
+                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
+                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
+                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
+                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
+                    3a:88:e7:bf:14:fd:e0:c7:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 22 16:41:51 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+
+            X509v3 Subject Key Identifier: 
+                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
+        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
+        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
+        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
+        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
+        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
+        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
+        77:38
+MD5 Fingerprint=67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d0:1e:40:90:00:00:46:52:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=DC, L=Washington, O=ABA.ECOM, INC., CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
+        Validity
+            Not Before: Jul 12 17:33:53 1999 GMT
+            Not After : Jul  9 17:33:53 2009 GMT
+        Subject: C=US, ST=DC, L=Washington, O=ABA.ECOM, INC., CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b1:d3:11:e0:79:55:43:07:08:4c:cb:05:42:00:
+                    e2:0d:83:46:3d:e4:93:ba:b6:06:d3:0d:59:bd:3e:
+                    c1:ce:43:67:01:8a:21:a8:ef:bc:cc:d0:a2:cc:b0:
+                    55:96:53:84:66:05:00:da:44:49:80:d8:54:0a:a5:
+                    25:86:94:ed:63:56:ff:70:6c:a3:a1:19:d2:78:be:
+                    68:2a:44:5e:2f:cf:cc:18:5e:47:bc:3a:b1:46:3d:
+                    1e:f0:b9:2c:34:5f:8c:7c:4c:08:29:9d:40:55:eb:
+                    3c:7d:83:de:b5:f0:f7:8a:83:0e:a1:4c:b4:3a:a5:
+                    b3:5f:5a:22:97:ec:19:9b:c1:05:68:fd:e6:b7:a9:
+                    91:94:2c:e4:78:48:24:1a:25:19:3a:eb:95:9c:39:
+                    0a:8a:cf:42:b2:f0:1c:d5:5f:fb:6b:ed:68:56:7b:
+                    39:2c:72:38:b0:ee:93:a9:d3:7b:77:3c:eb:71:03:
+                    a9:38:4a:16:6c:89:2a:ca:da:33:13:79:c2:55:8c:
+                    ed:9c:bb:f2:cb:5b:10:f8:2e:61:35:c6:29:4c:2a:
+                    d0:2a:63:d1:65:59:b4:f8:cd:f9:f4:00:84:b6:57:
+                    42:85:9d:32:a8:f9:2a:54:fb:ff:78:41:bc:bd:71:
+                    28:f4:bb:90:bc:ff:96:34:04:e3:45:9e:a1:46:28:
+                    40:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:8
+    Signature Algorithm: sha1WithRSAEncryption
+        04:6f:25:86:e4:e6:96:27:b4:d9:42:c0:d0:c9:00:b1:7f:54:
+        3e:87:b2:6d:24:a9:2f:0a:7e:fd:a4:44:b0:f8:54:07:bd:1b:
+        9d:9d:ca:7b:50:24:7b:11:5b:49:a3:a6:bf:12:74:d5:89:b7:
+        b7:2f:98:64:25:14:b7:61:e9:7f:60:80:6b:d3:64:e8:ab:bd:
+        1a:d6:51:fa:c0:b4:5d:77:1a:7f:64:08:5e:79:c6:05:4c:f1:
+        7a:dd:4d:7d:ce:e6:48:7b:54:d2:61:92:81:d6:1b:d6:00:f0:
+        0e:9e:28:77:a0:4d:88:c7:22:76:19:c3:c7:9e:1b:a6:77:78:
+        f8:5f:9b:56:d1:f0:f2:17:ac:8e:9d:59:e6:1f:fe:57:b6:d9:
+        5e:e1:5d:9f:45:ec:61:68:19:41:e1:b2:20:26:fe:5a:30:76:
+        24:ff:40:72:3c:79:9f:7c:22:48:ab:46:cd:db:b3:86:2c:8f:
+        bf:05:41:d3:c1:e3:14:e3:41:17:26:d0:7c:a7:71:4c:19:e8:
+        4a:0f:72:58:31:7d:ec:60:7a:a3:22:28:bd:19:24:60:3f:3b:
+        87:73:c0:6b:e4:cb:ae:b7:ab:25:43:b2:55:2d:7b:ab:06:0e:
+        75:5d:34:e5:5d:73:6d:9e:b2:75:40:a5:59:c9:4f:31:71:88:
+        d9:88:7f:54
+MD5 Fingerprint=41:B8:07:F7:A8:D1:09:EE:B4:9A:8E:70:4D:FC:1B:78
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIRANAeQJAAAEZSAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3Rv
+bjEXMBUGA1UEChMOQUJBLkVDT00sIElOQy4xGTAXBgNVBAMTEEFCQS5FQ09NIFJv
+b3QgQ0ExJDAiBgkqhkiG9w0BCQEWFWFkbWluQGRpZ3NpZ3RydXN0LmNvbTAeFw05
+OTA3MTIxNzMzNTNaFw0wOTA3MDkxNzMzNTNaMIGJMQswCQYDVQQGEwJVUzELMAkG
+A1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xFzAVBgNVBAoTDkFCQS5FQ09N
+LCBJTkMuMRkwFwYDVQQDExBBQkEuRUNPTSBSb290IENBMSQwIgYJKoZIhvcNAQkB
+FhVhZG1pbkBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCx0xHgeVVDBwhMywVCAOINg0Y95JO6tgbTDVm9PsHOQ2cBiiGo77zM
+0KLMsFWWU4RmBQDaREmA2FQKpSWGlO1jVv9wbKOhGdJ4vmgqRF4vz8wYXke8OrFG
+PR7wuSw0X4x8TAgpnUBV6zx9g9618PeKgw6hTLQ6pbNfWiKX7BmbwQVo/ea3qZGU
+LOR4SCQaJRk665WcOQqKz0Ky8BzVX/tr7WhWezkscjiw7pOp03t3POtxA6k4ShZs
+iSrK2jMTecJVjO2cu/LLWxD4LmE1xilMKtAqY9FlWbT4zfn0AIS2V0KFnTKo+SpU
++/94Qby9cSj0u5C8/5Y0BONFnqFGKECBAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYB
+Af8CAQgwDQYJKoZIhvcNAQEFBQADggEBAARvJYbk5pYntNlCwNDJALF/VD6Hsm0k
+qS8Kfv2kRLD4VAe9G52dyntQJHsRW0mjpr8SdNWJt7cvmGQlFLdh6X9ggGvTZOir
+vRrWUfrAtF13Gn9kCF55xgVM8XrdTX3O5kh7VNJhkoHWG9YA8A6eKHegTYjHInYZ
+w8eeG6Z3ePhfm1bR8PIXrI6dWeYf/le22V7hXZ9F7GFoGUHhsiAm/lowdiT/QHI8
+eZ98IkirRs3bs4Ysj78FQdPB4xTjQRcm0HyncUwZ6EoPclgxfexgeqMiKL0ZJGA/
+O4dzwGvky663qyVDslUte6sGDnVdNOVdc22esnVApVnJTzFxiNmIf1Q=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913315222 (0x36701596)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Validity
+            Not Before: Dec 10 18:10:23 1998 GMT
+            Not After : Dec 10 18:40:23 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de:
+                    83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c:
+                    a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5:
+                    62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb:
+                    43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8:
+                    bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00:
+                    cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3:
+                    be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d:
+                    13:74:76:36:b5:7a:b4:2d:71
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+
+            X509v3 Subject Key Identifier: 
+                6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f:
+        e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42:
+        c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b:
+        31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c:
+        a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97:
+        8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c:
+        e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3:
+        8a:65
+MD5 Fingerprint=25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913232846 (0x366ed3ce)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Validity
+            Not Before: Dec  9 19:17:26 1998 GMT
+            Not After : Dec  9 19:47:26 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16:
+                    bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03:
+                    b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8:
+                    63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce:
+                    1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f:
+                    ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef:
+                    de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6:
+                    17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da:
+                    0c:9d:e7:91:5b:80:cd:94:9d
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 19:17:26 1998 GMT, Not After: Dec  9 19:17:26 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+
+            X509v3 Subject Key Identifier: 
+                1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38:
+        72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5:
+        d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e:
+        a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec:
+        b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83:
+        73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0:
+        78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3:
+        a2:03
+MD5 Fingerprint=93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
+        Validity
+            Not Before: Dec  1 18:18:55 1998 GMT
+            Not After : Nov 28 18:18:55 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53:
+                    c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f:
+                    5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4:
+                    ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15:
+                    c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69:
+                    93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05:
+                    92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21:
+                    e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80:
+                    be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1:
+                    4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db:
+                    2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92:
+                    23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d:
+                    94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84:
+                    80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1:
+                    a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67:
+                    ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45:
+                    d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8:
+                    dd:79
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09:
+        14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33:
+        64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5:
+        69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73:
+        7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17:
+        ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32:
+        64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f:
+        63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b:
+        a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6:
+        93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa:
+        81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17:
+        24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d:
+        52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a:
+        4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62:
+        85:68:d0:f4
+MD5 Fingerprint=6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
+ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
+WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
+xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
+zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
+5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
+OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
+ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
+lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
+Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
+gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
+Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
+        Validity
+            Not Before: Nov 30 22:46:16 1998 GMT
+            Not After : Nov 27 22:46:16 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4:
+                    e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5:
+                    a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a:
+                    50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb:
+                    26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92:
+                    dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39:
+                    fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd:
+                    82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd:
+                    91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd:
+                    33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0:
+                    26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae:
+                    85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1:
+                    62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32:
+                    17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf:
+                    cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af:
+                    6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48:
+                    da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb:
+                    09:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28:
+        a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90:
+        d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07:
+        eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1:
+        cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45:
+        e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be:
+        e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83:
+        7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79:
+        28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40:
+        d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a:
+        d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f:
+        56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec:
+        b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba:
+        c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad:
+        7f:c2:78:b6
+MD5 Fingerprint=CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
+MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
+p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
+BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
+5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
+3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
+QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
+2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
+I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
+553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
+10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
+uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:
+                    b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:
+                    88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:
+                    b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:
+                    39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:
+                    ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:
+                    45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:
+                    63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:
+                    2a:2f:31:aa:ee:a3:67:da:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d:
+        7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc:
+        f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a:
+        e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23:
+        a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8:
+        e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1:
+        35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1:
+        71:94
+MD5 Fingerprint=97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
+H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
+4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
+EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
+FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
+lA==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4:
+                    21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9:
+                    fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79:
+                    2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52:
+                    5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2:
+                    8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15:
+                    80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b:
+                    6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24:
+                    47:04:9e:75:bf:c8:a6:00:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0:
+        33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52:
+        ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62:
+        8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0:
+        a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44:
+        74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19:
+        41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77:
+        ca:d8
+MD5 Fingerprint=B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
+YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
+FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
+J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
+r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+                    71:64:4c:65:2e:81:68:45:a7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84:
+        8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f:
+        6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57:
+        81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c:
+        9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45:
+        4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:
+        62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:
+        0d:64
+MD5 Fingerprint=10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76:
+                    31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52:
+                    36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e:
+                    8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35:
+                    eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5:
+                    e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d:
+                    8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b:
+                    51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea:
+                    09:40:be:73:92:3d:6b:e7:75
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        a9:4f:c3:0d:c7:67:be:2c:cb:d9:a8:cd:2d:75:e7:7e:15:9e:
+        3b:72:eb:7e:eb:5c:2d:09:87:d6:6b:6d:60:7c:e5:ae:c5:90:
+        23:0c:5c:4a:d0:af:b1:5d:f3:c7:b6:0a:db:e0:15:93:0d:dd:
+        03:bc:c7:76:8a:b5:dd:4f:c3:9b:13:75:b8:01:c0:e6:c9:5b:
+        6b:a5:b8:89:dc:ac:a4:dd:72:ed:4e:a1:f7:4f:bc:06:d3:ea:
+        c8:64:74:7b:c2:95:41:9c:65:73:58:f1:90:9a:3c:6a:b1:98:
+        c9:c4:87:bc:cf:45:6d:45:e2:6e:22:3f:fe:bc:0f:31:5c:e8:
+        f2:d9
+MD5 Fingerprint=DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J
+h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
+uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68
+DzFc6PLZ
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c:
+                    0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be:
+                    5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99:
+                    1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08:
+                    2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4:
+                    42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f:
+                    99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9:
+                    86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff:
+                    0d:6c:f5:2d:0e:6d:ce:7f:77
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8:
+        68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4:
+        ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0:
+        d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30:
+        17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a:
+        54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4:
+        12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44:
+        b4:ae
+MD5 Fingerprint=2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
+                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
+                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
+                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
+                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
+                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
+                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
+                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
+                    61:f8:9b:1d:1c:89:4f:5c:67
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
+        70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
+        64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
+        3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
+        ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
+        92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
+        57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
+        91:fd
+MD5 Fingerprint=A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f:
+                    c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a:
+                    62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91:
+                    24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97:
+                    76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a:
+                    50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f:
+                    e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03:
+                    1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98:
+                    3a:86:d3:86:38:f3:00:29:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd:
+        14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45:
+        ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24:
+        f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83:
+        fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9:
+        7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa:
+        3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91:
+        b6:29
+MD5 Fingerprint=26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b7:94:05
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep  1 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2014 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
+                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
+                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
+                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
+                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
+                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
+                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
+                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
+                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
+                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
+                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
+                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
+                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
+                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
+                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
+                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
+                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
+                    90:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
+        6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
+        7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
+        89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
+        6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
+        af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
+        88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
+        77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
+        2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
+        3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
+        87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
+        a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
+        ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
+        dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
+        8a:78:a3:e3
+MD5 Fingerprint=AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
+YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
+5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
+gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
+rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
+ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
+Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Validity
+            Not Before: Jun 25 22:23:48 1999 GMT
+            Not After : Jun 25 22:23:48 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e:
+                    a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3:
+                    4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03:
+                    12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a:
+                    26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8:
+                    58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0:
+                    3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e:
+                    e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76:
+                    72:a0:1d:9d:1d:c0:dd:3f:71
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f:
+        71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2:
+        07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23:
+        cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9:
+        fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee:
+        e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5:
+        ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d:
+        72:c8
+MD5 Fingerprint=65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:19:54 1999 GMT
+            Not After : Jun 26 00:19:54 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
+                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
+                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
+                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
+                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
+                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
+                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
+                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
+                    b3:43:bb:ef:7b:6e:2e:69:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
+        a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
+        bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
+        81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
+        6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
+        3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
+        0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
+        43:dd
+MD5 Fingerprint=A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:22:33 1999 GMT
+            Not After : Jun 26 00:22:33 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
+                    75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
+                    44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
+                    ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
+                    97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
+                    5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
+                    9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
+                    5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
+                    43:62:61:f3:d3:e2:d0:55:3f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d:
+        f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42:
+        d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f:
+        45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f:
+        89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67:
+        c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d:
+        82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c:
+        15:ee
+MD5 Fingerprint=A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d:
+                    dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d:
+                    ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8:
+                    de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e:
+                    f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6:
+                    6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10:
+                    78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3:
+                    55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca:
+                    14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff:
+                    c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e:
+                    54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27:
+                    a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb:
+                    30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29:
+                    bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12:
+                    5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81:
+                    15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7:
+                    a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76:
+                    d1:3d
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a:
+        aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9:
+        fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c:
+        b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7:
+        b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0:
+        97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f:
+        04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54:
+        73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8:
+        1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec:
+        a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38:
+        dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f:
+        b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50:
+        ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef:
+        86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f:
+        a4:ef:3f:ee
+MD5 Fingerprint=B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd:
+                    a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd:
+                    3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1:
+                    a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10:
+                    ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02:
+                    37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7:
+                    3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56:
+                    69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3:
+                    48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32:
+                    dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7:
+                    20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2:
+                    ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8:
+                    16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5:
+                    1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb:
+                    1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2:
+                    ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11:
+                    60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8:
+                    3e:89
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7:
+        de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5:
+        fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4:
+        e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33:
+        3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55:
+        a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4:
+        1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63:
+        63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf:
+        7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64:
+        48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46:
+        23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45:
+        aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43:
+        e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33:
+        5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf:
+        4b:4b:df:2a
+MD5 Fingerprint=F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
+                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
+                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
+                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
+                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
+                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
+                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
+                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
+                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
+                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
+                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
+                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
+                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
+                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
+                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
+                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
+                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
+                    57:97
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
+        db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
+        37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
+        5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
+        23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
+        d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
+        ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
+        62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
+        7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
+        17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
+        cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
+        c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
+        0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
+        81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
+        f1:7d:dd:11
+MD5 Fingerprint=CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
+                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
+                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
+                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
+                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
+                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
+                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
+                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
+                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
+                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
+                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
+                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
+                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
+                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
+                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
+                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
+                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
+                    ef:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
+        0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
+        3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
+        05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
+        00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
+        32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
+        00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
+        e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
+        5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
+        d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
+        46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
+        a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
+        21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
+        a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
+        35:60:91:ce
+MD5 Fingerprint=DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 927650371 (0x374ad243)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Validity
+            Not Before: May 25 16:09:40 1999 GMT
+            Not After : May 25 16:39:40 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
+                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
+                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
+                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
+                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
+                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
+                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
+                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
+                    b1:16:19:61:b9:54:b6:e6:43
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/net1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+
+            X509v3 Subject Key Identifier: 
+                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
+        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
+        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
+        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
+        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
+        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
+        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
+        f9:b2
+MD5 Fingerprint=DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 939758062 (0x380391ee)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Validity
+            Not Before: Oct 12 19:24:30 1999 GMT
+            Not After : Oct 12 19:54:30 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19:
+                    ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f:
+                    75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad:
+                    82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6:
+                    13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7:
+                    30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74:
+                    2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c:
+                    56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df:
+                    8c:e6:02:a4:e6:4f:5e:f7:8b
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/Client1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+
+            X509v3 Subject Key Identifier: 
+                C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: md5WithRSAEncryption
+        3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f:
+        78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14:
+        81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b:
+        96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92:
+        e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38:
+        ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5:
+        4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2:
+        5c:ec
+MD5 Fingerprint=0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
+-----BEGIN CERTIFICATE-----
+MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
+ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
+Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
+MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
+bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
+RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
+6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
+5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
+AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
+ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
+cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
+by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
+Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
+KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
+HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
+BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
+FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
+BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
+pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
+wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
+EkP/TOYGJqibGapEPHayXOw=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 946059622 (0x3863b966)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Validity
+            Not Before: Dec 24 17:50:51 1999 GMT
+            Not After : Dec 24 18:20:51 2019 GMT
+        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
+                    2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
+                    78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
+                    98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
+                    e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
+                    02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
+                    b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
+                    ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
+                    e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
+                    a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
+                    76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
+                    cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
+                    fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
+                    60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
+                    5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
+                    93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
+                    4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
+                    07:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Authority Key Identifier: 
+                keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+
+            X509v3 Subject Key Identifier: 
+                55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c:
+        4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61:
+        7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73:
+        ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5:
+        da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4:
+        03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4:
+        15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68:
+        c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c:
+        7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33:
+        db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18:
+        b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2:
+        de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c:
+        e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e:
+        c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1:
+        d2:69:7c:c5
+MD5 Fingerprint=BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
+MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
+vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
+CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
+WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
+oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
+h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
+f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
+B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
+vUxFnmG6v4SBkgPR0ml8xQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 33554617 (0x20000b9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
+        Validity
+            Not Before: May 12 18:46:00 2000 GMT
+            Not After : May 12 23:59:00 2025 GMT
+        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
+                    d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
+                    64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
+                    62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
+                    52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
+                    73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
+                    50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
+                    a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
+                    70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
+                    d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
+                    5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
+                    98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
+                    ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
+                    39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
+                    c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
+                    ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
+                    78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
+                    1a:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:3
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
+        bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
+        76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
+        12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
+        ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
+        74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
+        05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
+        31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
+        9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
+        1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
+        73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
+        7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
+        9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
+        fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
+        ea:63:39:a9
+MD5 Fingerprint=AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
+        Validity
+            Not Before: Jun 21 04:00:00 1999 GMT
+            Not After : Jun 21 04:00:00 2020 GMT
+        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ba:e7:17:90:02:65:b1:34:55:3c:49:c2:51:d5:
+                    df:a7:d1:37:8f:d1:e7:81:73:41:52:60:9b:9d:a1:
+                    17:26:78:ad:c7:b1:e8:26:94:32:b5:de:33:8d:3a:
+                    2f:db:f2:9a:7a:5a:73:98:a3:5c:e9:fb:8a:73:1b:
+                    5c:e7:c3:bf:80:6c:cd:a9:f4:d6:2b:c0:f7:f9:99:
+                    aa:63:a2:b1:47:02:0f:d4:e4:51:3a:12:3c:6c:8a:
+                    5a:54:84:70:db:c1:c5:90:cf:72:45:cb:a8:59:c0:
+                    cd:33:9d:3f:a3:96:eb:85:33:21:1c:3e:1e:3e:60:
+                    6e:76:9c:67:85:c5:c8:c3:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
+
+            X509v3 Subject Key Identifier: 
+                BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
+    Signature Algorithm: md5WithRSAEncryption
+        30:e2:01:51:aa:c7:ea:5f:da:b9:d0:65:0f:30:d6:3e:da:0d:
+        14:49:6e:91:93:27:14:31:ef:c4:f7:2d:45:f8:ec:c7:bf:a2:
+        41:0d:23:b4:92:f9:19:00:67:bd:01:af:cd:e0:71:fc:5a:cf:
+        64:c4:e0:96:98:d0:a3:40:e2:01:8a:ef:27:07:f1:65:01:8a:
+        44:2d:06:65:75:52:c0:86:10:20:21:5f:6c:6b:0f:6c:ae:09:
+        1c:af:f2:a2:18:34:c4:75:a4:73:1c:f1:8d:dc:ef:ad:f9:b3:
+        76:b4:92:bf:dc:95:10:1e:be:cb:c8:3b:5a:84:60:19:56:94:
+        a9:55
+MD5 Fingerprint=8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
+ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
+MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
+dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
+c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
+UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
+58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
+o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
+aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
+A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
+Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
+8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
+        Validity
+            Not Before: Jun 21 04:00:00 1999 GMT
+            Not After : Jun 21 04:00:00 2020 GMT
+        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:2f:19:bc:17:b7:77:de:93:a9:5f:5a:0d:17:
+                    4f:34:1a:0c:98:f4:22:d9:59:d4:c4:68:46:f0:b4:
+                    35:c5:85:03:20:c6:af:45:a5:21:51:45:41:eb:16:
+                    58:36:32:6f:e2:50:62:64:f9:fd:51:9c:aa:24:d9:
+                    f4:9d:83:2a:87:0a:21:d3:12:38:34:6c:8d:00:6e:
+                    5a:a0:d9:42:ee:1a:21:95:f9:52:4c:55:5a:c5:0f:
+                    38:4f:46:fa:6d:f8:2e:35:d6:1d:7c:eb:e2:f0:b0:
+                    75:80:c8:a9:13:ac:be:88:ef:3a:6e:ab:5f:2a:38:
+                    62:02:b0:12:7b:fe:8f:a6:03
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
+
+            X509v3 Subject Key Identifier: 
+                4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
+    Signature Algorithm: md5WithRSAEncryption
+        75:5b:a8:9b:03:11:e6:e9:56:4c:cd:f9:a9:4c:c0:0d:9a:f3:
+        cc:65:69:e6:25:76:cc:59:b7:d6:54:c3:1d:cd:99:ac:19:dd:
+        b4:85:d5:e0:3d:fc:62:20:a7:84:4b:58:65:f1:e2:f9:95:21:
+        3f:f5:d4:7e:58:1e:47:87:54:3e:58:a1:b5:b5:f8:2a:ef:71:
+        e7:bc:c3:f6:b1:49:46:e2:d7:a0:6b:e5:56:7a:9a:27:98:7c:
+        46:62:14:e7:c9:fc:6e:03:12:79:80:38:1d:48:82:8d:fc:17:
+        fe:2a:96:2b:b5:62:a6:a6:3d:bd:7f:92:59:cd:5a:2a:82:b2:
+        37:79
+MD5 Fingerprint=64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
+-----BEGIN CERTIFICATE-----
+MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
+ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw
+MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j
+LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo
+RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu
+WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw
+Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD
+AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK
+eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM
+zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
+WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
+/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 930140085 (0x3770cfb5)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
+        Validity
+            Not Before: Jun 23 12:14:45 1999 GMT
+            Not After : Jun 23 12:14:45 2019 GMT
+        Subject: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e4:39:39:93:1e:52:06:1b:28:36:f8:b2:a3:29:
+                    c5:ed:8e:b2:11:bd:fe:eb:e7:b4:74:c2:8f:ff:05:
+                    e7:d9:9d:06:bf:12:c8:3f:0e:f2:d6:d1:24:b2:11:
+                    de:d1:73:09:8a:d4:b1:2c:98:09:0d:1e:50:46:b2:
+                    83:a6:45:8d:62:68:bb:85:1b:20:70:32:aa:40:cd:
+                    a6:96:5f:c4:71:37:3f:04:f3:b7:41:24:39:07:1a:
+                    1e:2e:61:58:a0:12:0b:e5:a5:df:c5:ab:ea:37:71:
+                    cc:1c:c8:37:3a:b9:97:52:a7:ac:c5:6a:24:94:4e:
+                    9c:7b:cf:c0:6a:d6:df:21:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Jun 23 12:14:45 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76
+
+            X509v3 Subject Key Identifier: 
+                50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        0c:86:82:ad:e8:4e:1a:f5:8e:89:27:e2:35:58:3d:29:b4:07:
+        8f:36:50:95:bf:6e:c1:9e:eb:c4:90:b2:85:a8:bb:b7:42:e0:
+        0f:07:39:df:fb:9e:90:b2:d1:c1:3e:53:9f:03:44:b0:7e:4b:
+        f4:6f:e4:7c:1f:e7:e2:b1:e4:b8:9a:ef:c3:bd:ce:de:0b:32:
+        34:d9:de:28:ed:33:6b:c4:d4:d7:3d:12:58:ab:7d:09:2d:cb:
+        70:f5:13:8a:94:a1:27:a4:d6:70:c5:6d:94:b5:c9:7d:9d:a0:
+        d2:c6:08:49:d9:66:9b:a6:d3:f4:0b:dc:c5:26:57:e1:91:30:
+        ea:cd
+MD5 Fingerprint=AA:BF:BF:64:97:DA:98:1D:6F:C6:08:3A:95:70:33:CA
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj
+dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0
+NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD
+VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G
+vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/
+BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl
+IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw
+NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq
+y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
+0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1
+E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 798 (0x31e)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=GP Root 2
+        Validity
+            Not Before: Aug 16 22:51:00 2000 GMT
+            Not After : Aug 15 23:59:00 2020 GMT
+        Subject: C=US, O=VISA, OU=Visa International Service Association, CN=GP Root 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a9:01:70:b5:aa:c4:40:f0:ab:6a:26:61:79:19:
+                    00:fc:bf:9b:37:59:0c:af:6f:64:1b:f8:da:95:94:
+                    24:69:33:11:70:ca:e3:56:74:a2:17:57:64:5c:20:
+                    06:e1:d6:ef:71:b7:3b:f7:ab:c1:69:d0:49:a4:b1:
+                    04:d7:f4:57:62:89:5c:b0:75:2d:17:24:69:e3:42:
+                    60:e4:ee:74:d6:ab:80:56:d8:88:28:e1:fb:6d:22:
+                    fd:23:7c:46:73:4f:7e:54:73:1e:a8:2c:55:58:75:
+                    b7:4c:f3:5a:45:a5:02:1a:fa:da:9d:c3:45:c3:22:
+                    5e:f3:8b:f1:60:29:d2:c7:5f:b4:0c:3a:51:83:ef:
+                    30:f8:d4:e7:c7:f2:fa:99:a3:22:50:be:f9:05:37:
+                    a3:ad:ed:9a:c3:e6:ec:88:1b:b6:19:27:1b:38:8b:
+                    80:4d:ec:b9:c7:c5:89:cb:fc:1a:32:ed:23:f0:b5:
+                    01:58:f9:f6:8f:e0:85:a9:4c:09:72:39:12:db:b3:
+                    f5:cf:4e:62:64:da:c6:19:15:3a:63:1d:e9:17:55:
+                    a1:4c:22:3c:34:32:46:f8:65:57:ba:2b:ef:36:8c:
+                    6a:fa:d9:d9:44:f4:aa:dd:84:d7:0d:1c:b2:54:ac:
+                    32:85:b4:64:0d:de:41:bb:b1:34:c6:01:86:32:64:
+                    d5:9f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                9E:7D:4B:34:BF:71:AD:C2:05:F6:03:75:80:CE:A9:4F:1A:C4:24:4C
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        21:a5:76:14:55:f9:ad:27:70:8f:3c:f4:d5:6c:c8:cc:0a:ab:
+        a3:98:0b:8a:06:23:c5:c9:61:db:99:07:69:35:26:31:fe:c7:
+        2e:84:c2:99:61:d4:0d:e9:7d:2e:13:2b:7c:8e:85:b6:85:c7:
+        4b:cf:35:b6:2c:47:3d:ce:29:2f:d8:6f:9f:89:1c:64:93:bf:
+        08:bd:76:d0:90:8a:94:b3:7f:28:5b:6e:ac:4d:33:2c:ed:65:
+        dc:16:cc:e2:cd:ae:a4:3d:62:92:06:95:26:bf:df:b9:e4:20:
+        a6:73:6a:c1:be:f7:94:44:d6:4d:6f:2a:0b:6b:18:4d:74:10:
+        36:68:6a:5a:c1:6a:a7:dd:36:29:8c:b8:30:8b:4f:21:3f:00:
+        2e:54:30:07:3a:ba:8a:e4:c3:9e:ca:d8:b5:d8:7b:ce:75:45:
+        66:07:f4:6d:2d:d8:7a:ca:e9:89:8a:f2:23:d8:2f:cb:6e:00:
+        36:4f:fb:f0:2f:01:cc:0f:c0:22:65:f4:ab:e2:4e:61:2d:03:
+        82:7d:91:16:b5:30:d5:14:de:5e:c7:90:fc:a1:fc:ab:10:af:
+        5c:6b:70:a7:07:ef:29:86:e8:b2:25:c7:20:ff:26:dd:77:ef:
+        79:44:14:c4:bd:dd:3b:c5:03:9b:77:23:ec:a0:ec:bb:5a:39:
+        b5:cc:ad:06
+MD5 Fingerprint=35:48:95:36:4A:54:5A:72:96:8E:E0:64:CC:EF:2C:8C
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmigAwIBAgICAx4wDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMx
+DTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJuYXRpb25hbCBTZXJ2
+aWNlIEFzc29jaWF0aW9uMRIwEAYDVQQDEwlHUCBSb290IDIwHhcNMDAwODE2MjI1
+MTAwWhcNMjAwODE1MjM1OTAwWjBhMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklT
+QTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRp
+b24xEjAQBgNVBAMTCUdQIFJvb3QgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKkBcLWqxEDwq2omYXkZAPy/mzdZDK9vZBv42pWUJGkzEXDK41Z0ohdX
+ZFwgBuHW73G3O/erwWnQSaSxBNf0V2KJXLB1LRckaeNCYOTudNargFbYiCjh+20i
+/SN8RnNPflRzHqgsVVh1t0zzWkWlAhr62p3DRcMiXvOL8WAp0sdftAw6UYPvMPjU
+58fy+pmjIlC++QU3o63tmsPm7IgbthknGziLgE3sucfFicv8GjLtI/C1AVj59o/g
+halMCXI5Etuz9c9OYmTaxhkVOmMd6RdVoUwiPDQyRvhlV7or7zaMavrZ2UT0qt2E
+1w0cslSsMoW0ZA3eQbuxNMYBhjJk1Z8CAwEAAaNCMEAwHQYDVR0OBBYEFJ59SzS/
+ca3CBfYDdYDOqU8axCRMMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQAhpXYUVfmtJ3CPPPTVbMjMCqujmAuKBiPFyWHb
+mQdpNSYx/scuhMKZYdQN6X0uEyt8joW2hcdLzzW2LEc9zikv2G+fiRxkk78IvXbQ
+kIqUs38oW26sTTMs7WXcFsziza6kPWKSBpUmv9+55CCmc2rBvveURNZNbyoLaxhN
+dBA2aGpawWqn3TYpjLgwi08hPwAuVDAHOrqK5MOeyti12HvOdUVmB/RtLdh6yumJ
+ivIj2C/LbgA2T/vwLwHMD8AiZfSr4k5hLQOCfZEWtTDVFN5ex5D8ofyrEK9ca3Cn
+B+8phuiyJccg/ybdd+95RBTEvd07xQObdyPsoOy7Wjm1zK0G
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 961510791 (0x394f7d87)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=WW, O=beTRUSTed, CN=beTRUSTed Root CAs, CN=beTRUSTed Root CA
+        Validity
+            Not Before: Jun 20 14:21:04 2000 GMT
+            Not After : Jun 20 13:21:04 2010 GMT
+        Subject: C=WW, O=beTRUSTed, CN=beTRUSTed Root CAs, CN=beTRUSTed Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d4:b4:73:7a:13:0a:38:55:01:be:89:56:e1:94:
+                    9e:d4:be:5a:eb:4a:34:75:1b:61:29:c4:e1:ad:08:
+                    60:21:78:48:ff:b4:d0:fa:5e:41:8d:61:44:87:e8:
+                    ed:c9:58:fa:fc:93:9a:df:4f:ea:3e:35:7d:f8:33:
+                    7a:e6:f1:d7:cd:6f:49:4b:3d:4f:2d:6e:0e:83:3a:
+                    18:78:77:a3:cf:e7:f4:4d:73:d8:9a:3b:1a:1d:be:
+                    95:53:cf:20:97:c2:cf:3e:24:52:6c:0c:8e:65:59:
+                    c5:71:ff:62:09:8f:aa:c5:8f:cc:60:a0:73:4a:d7:
+                    38:3f:15:72:bf:a2:97:b7:70:e8:af:e2:7e:16:06:
+                    4c:f5:aa:64:26:72:07:25:ad:35:fc:18:b1:26:d7:
+                    d8:ff:19:0e:83:1b:8c:dc:78:45:67:34:3d:f4:af:
+                    1c:8d:e4:6d:6b:ed:20:b3:67:9a:b4:61:cb:17:6f:
+                    89:35:ff:e7:4e:c0:32:12:e7:ee:ec:df:ff:97:30:
+                    74:ed:8d:47:8e:eb:b4:c3:44:e6:a7:4c:7f:56:43:
+                    e8:b8:bc:b6:be:fa:83:97:e6:bb:fb:c4:b6:93:be:
+                    19:18:3e:8c:81:b9:73:88:16:f4:96:43:9c:67:73:
+                    17:90:d8:09:6e:63:ac:4a:b6:23:c4:01:a1:ad:a4:
+                    e4:c5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6334.1.0.0
+                  User Notice:
+                    Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, and certification practice statement, which can be found at beTRUSTed's web site, https://www.beTRUSTed.com/vault/terms
+                  CPS: https://www.beTRUSTed.com/vault/terms
+
+            X509v3 CRL Distribution Points: 
+                DirName:/O=beTRUSTed/C=WW
+
+            X509v3 Subject Key Identifier: 
+                2A:B9:9B:69:2E:3B:9B:D8:CD:DE:2A:31:04:34:6B:CA:07:18:AB:67
+            X509v3 Authority Key Identifier: 
+                keyid:2A:B9:9B:69:2E:3B:9B:D8:CD:DE:2A:31:04:34:6B:CA:07:18:AB:67
+
+            X509v3 Key Usage: critical
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        79:61:db:a3:5e:6e:16:b1:ea:76:51:f9:cb:15:9b:cb:69:be:
+        e6:81:6b:9f:28:1f:65:3e:dd:11:85:92:d4:e8:41:bf:7e:33:
+        bd:23:e7:f1:20:bf:a4:b4:a6:19:01:c6:8c:8d:35:7c:65:a4:
+        4f:09:a4:d6:d8:23:15:05:13:a7:43:79:af:db:a3:0e:9b:7b:
+        78:1a:f3:04:86:5a:c6:f6:8c:20:47:38:49:50:06:9d:72:67:
+        3a:f0:98:03:ad:96:67:44:fc:3f:10:0d:86:4d:e4:00:3b:29:
+        7b:ce:3b:3b:99:86:61:25:40:84:dc:13:62:b7:fa:ca:59:d6:
+        03:1e:d6:53:01:cd:6d:4c:68:55:40:e1:ee:6b:c7:2a:00:00:
+        48:82:b3:0a:01:c3:60:2a:0c:f7:82:35:ee:48:86:96:e4:74:
+        d4:3d:ea:01:71:ba:04:75:40:a7:a9:7f:39:39:9a:55:97:29:
+        65:ae:19:55:25:05:72:47:d3:e8:18:dc:b8:e9:af:43:73:01:
+        12:74:a3:e1:5c:5f:15:5d:24:f3:f9:e4:f4:b6:67:67:12:e7:
+        64:22:8a:f6:a5:41:a6:1c:b6:60:63:45:8a:10:b4:ba:46:10:
+        ae:41:57:65:6c:3f:23:10:3f:21:10:59:b7:e4:40:dd:26:0c:
+        23:f6:aa:ae
+MD5 Fingerprint=85:CA:76:5A:1B:D1:68:22:DC:A2:23:12:CA:C6:80:34
+-----BEGIN CERTIFICATE-----
+MIIFLDCCBBSgAwIBAgIEOU99hzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJX
+VzESMBAGA1UEChMJYmVUUlVTVGVkMRswGQYDVQQDExJiZVRSVVNUZWQgUm9vdCBD
+QXMxGjAYBgNVBAMTEWJlVFJVU1RlZCBSb290IENBMB4XDTAwMDYyMDE0MjEwNFoX
+DTEwMDYyMDEzMjEwNFowWjELMAkGA1UEBhMCV1cxEjAQBgNVBAoTCWJlVFJVU1Rl
+ZDEbMBkGA1UEAxMSYmVUUlVTVGVkIFJvb3QgQ0FzMRowGAYDVQQDExFiZVRSVVNU
+ZWQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS0c3oT
+CjhVAb6JVuGUntS+WutKNHUbYSnE4a0IYCF4SP+00PpeQY1hRIfo7clY+vyTmt9P
+6j41ffgzeubx181vSUs9Ty1uDoM6GHh3o8/n9E1z2Jo7Gh2+lVPPIJfCzz4kUmwM
+jmVZxXH/YgmPqsWPzGCgc0rXOD8Vcr+il7dw6K/ifhYGTPWqZCZyByWtNfwYsSbX
+2P8ZDoMbjNx4RWc0PfSvHI3kbWvtILNnmrRhyxdviTX/507AMhLn7uzf/5cwdO2N
+R47rtMNE5qdMf1ZD6Li8tr76g5fmu/vEtpO+GRg+jIG5c4gW9JZDnGdzF5DYCW5j
+rEq2I8QBoa2k5MUCAwEAAaOCAfgwggH0MA8GA1UdEwEB/wQFMAMBAf8wggFZBgNV
+HSAEggFQMIIBTDCCAUgGCisGAQQBsT4BAAAwggE4MIIBAQYIKwYBBQUHAgIwgfQa
+gfFSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1
+bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0
+ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGFuZCBjZXJ0aWZpY2F0aW9uIHBy
+YWN0aWNlIHN0YXRlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IGJlVFJVU1Rl
+ZCdzIHdlYiBzaXRlLCBodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0L3Rl
+cm1zMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0
+L3Rlcm1zMDQGA1UdHwQtMCswKaAnoCWkIzAhMRIwEAYDVQQKEwliZVRSVVNUZWQx
+CzAJBgNVBAYTAldXMB0GA1UdDgQWBBQquZtpLjub2M3eKjEENGvKBxirZzAfBgNV
+HSMEGDAWgBQquZtpLjub2M3eKjEENGvKBxirZzAOBgNVHQ8BAf8EBAMCAf4wDQYJ
+KoZIhvcNAQEFBQADggEBAHlh26Nebhax6nZR+csVm8tpvuaBa58oH2U+3RGFktTo
+Qb9+M70j5/Egv6S0phkBxoyNNXxlpE8JpNbYIxUFE6dDea/bow6be3ga8wSGWsb2
+jCBHOElQBp1yZzrwmAOtlmdE/D8QDYZN5AA7KXvOOzuZhmElQITcE2K3+spZ1gMe
+1lMBzW1MaFVA4e5rxyoAAEiCswoBw2AqDPeCNe5IhpbkdNQ96gFxugR1QKepfzk5
+mlWXKWWuGVUlBXJH0+gY3Ljpr0NzARJ0o+FcXxVdJPP55PS2Z2cS52QiivalQaYc
+tmBjRYoQtLpGEK5BV2VsPyMQPyEQWbfkQN0mDCP2qq4=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
+        Validity
+            Not Before: May 30 10:38:31 2000 GMT
+            Not After : May 30 10:38:31 2020 GMT
+        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:96:96:d4:21:49:60:e2:6b:e8:41:07:0c:de:c4:
+                    e0:dc:13:23:cd:c1:35:c7:fb:d6:4e:11:0a:67:5e:
+                    f5:06:5b:6b:a5:08:3b:5b:29:16:3a:e7:87:b2:34:
+                    06:c5:bc:05:a5:03:7c:82:cb:29:10:ae:e1:88:81:
+                    bd:d6:9e:d3:fe:2d:56:c1:15:ce:e3:26:9d:15:2e:
+                    10:fb:06:8f:30:04:de:a7:b4:63:b4:ff:b1:9c:ae:
+                    3c:af:77:b6:56:c5:b5:ab:a2:e9:69:3a:3d:0e:33:
+                    79:32:3f:70:82:92:99:61:6d:8d:30:08:8f:71:3f:
+                    a6:48:57:19:f8:25:dc:4b:66:5c:a5:74:8f:98:ae:
+                    c8:f9:c0:06:22:e7:ac:73:df:a5:2e:fb:52:dc:b1:
+                    15:65:20:fa:35:66:69:de:df:2c:f1:6e:bc:30:db:
+                    2c:24:12:db:eb:35:35:68:90:cb:00:b0:97:21:3d:
+                    74:21:23:65:34:2b:bb:78:59:a3:d6:e1:76:39:9a:
+                    a4:49:8e:8c:74:af:6e:a4:9a:a3:d9:9b:d2:38:5c:
+                    9b:a2:18:cc:75:23:84:be:eb:e2:4d:33:71:8e:1a:
+                    f0:c2:f8:c7:1d:a2:ad:03:97:2c:f8:cf:25:c6:f6:
+                    b8:24:31:b1:63:5d:92:7f:63:f0:25:c9:53:2e:1f:
+                    bf:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
+                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
+                serial:01
+
+    Signature Algorithm: sha1WithRSAEncryption
+        2c:6d:64:1b:1f:cd:0d:dd:b9:01:fa:96:63:34:32:48:47:99:
+        ae:97:ed:fd:72:16:a6:73:47:5a:f4:eb:dd:e9:f5:d6:fb:45:
+        cc:29:89:44:5d:bf:46:39:3d:e8:ee:bc:4d:54:86:1e:1d:6c:
+        e3:17:27:43:e1:89:56:2b:a9:6f:72:4e:49:33:e3:72:7c:2a:
+        23:9a:bc:3e:ff:28:2a:ed:a3:ff:1c:23:ba:43:57:09:67:4d:
+        4b:62:06:2d:f8:ff:6c:9d:60:1e:d8:1c:4b:7d:b5:31:2f:d9:
+        d0:7c:5d:f8:de:6b:83:18:78:37:57:2f:e8:33:07:67:df:1e:
+        c7:6b:2a:95:76:ae:8f:57:a3:f0:f4:52:b4:a9:53:08:cf:e0:
+        4f:d3:7a:53:8b:fd:bb:1c:56:36:f2:fe:b2:b6:e5:76:bb:d5:
+        22:65:a7:3f:fe:d1:66:ad:0b:bc:6b:99:86:ef:3f:7d:f3:18:
+        32:ca:7b:c6:e3:ab:64:46:95:f8:26:69:d9:55:83:7b:2c:96:
+        07:ff:59:2c:44:a3:c6:e5:e9:a9:dc:a1:63:80:5a:21:5e:21:
+        cf:53:54:f0:ba:6f:89:db:a8:aa:95:cf:8b:e3:71:cc:1e:1b:
+        20:44:08:c0:7a:b6:40:fd:c4:e4:35:e1:1d:16:1c:d0:bc:2b:
+        8e:d6:71:d9
+MD5 Fingerprint=1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
+MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
+VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
+CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
+tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
+dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
+PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
+BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
+ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
+7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
+43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
+eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
+pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
+WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
+        Validity
+            Not Before: May 30 10:48:38 2000 GMT
+            Not After : May 30 10:48:38 2020 GMT
+        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
+                    1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
+                    a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
+                    cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
+                    2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
+                    56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
+                    5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
+                    87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
+                    71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
+                    69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
+                    ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
+                    6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
+                    37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
+                    45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
+                    c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
+                    a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
+                    b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
+                    5a:27
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
+                DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
+                serial:01
+
+    Signature Algorithm: sha1WithRSAEncryption
+        b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
+        84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
+        6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
+        bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
+        de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
+        14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
+        93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
+        63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
+        a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
+        45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
+        91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
+        8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
+        60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
+        0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
+        8f:4e:86:04
+MD5 Fingerprint=1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
+        Validity
+            Not Before: May 30 10:41:50 2000 GMT
+            Not After : May 30 10:41:50 2020 GMT
+        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:e9:1a:30:8f:83:88:14:c1:20:d8:3c:9b:8f:1b:
+                    7e:03:74:bb:da:69:d3:46:a5:f8:8e:c2:0c:11:90:
+                    51:a5:2f:66:54:40:55:ea:db:1f:4a:56:ee:9f:23:
+                    6e:f4:39:cb:a1:b9:6f:f2:7e:f9:5d:87:26:61:9e:
+                    1c:f8:e2:ec:a6:81:f8:21:c5:24:cc:11:0c:3f:db:
+                    26:72:7a:c7:01:97:07:17:f9:d7:18:2c:30:7d:0e:
+                    7a:1e:62:1e:c6:4b:c0:fd:7d:62:77:d3:44:1e:27:
+                    f6:3f:4b:44:b3:b7:38:d9:39:1f:60:d5:51:92:73:
+                    03:b4:00:69:e3:f3:14:4e:ee:d1:dc:09:cf:77:34:
+                    46:50:b0:f8:11:f2:fe:38:79:f7:07:39:fe:51:92:
+                    97:0b:5b:08:5f:34:86:01:ad:88:97:eb:66:cd:5e:
+                    d1:ff:dc:7d:f2:84:da:ba:77:ad:dc:80:08:c7:a7:
+                    87:d6:55:9f:97:6a:e8:c8:11:64:ba:e7:19:29:3f:
+                    11:b3:78:90:84:20:52:5b:11:ef:78:d0:83:f6:d5:
+                    48:90:d0:30:1c:cf:80:f9:60:fe:79:e4:88:f2:dd:
+                    00:eb:94:45:eb:65:94:69:40:ba:c0:d5:b4:b8:ba:
+                    7d:04:11:a8:eb:31:05:96:94:4e:58:21:8e:9f:d0:
+                    60:fd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA
+                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
+                serial:01
+
+    Signature Algorithm: sha1WithRSAEncryption
+        03:f7:15:4a:f8:24:da:23:56:16:93:76:dd:36:28:b9:ae:1b:
+        b8:c3:f1:64:ba:20:18:78:95:29:27:57:05:bc:7c:2a:f4:b9:
+        51:55:da:87:02:de:0f:16:17:31:f8:aa:79:2e:09:13:bb:af:
+        b2:20:19:12:e5:93:f9:4b:f9:83:e8:44:d5:b2:41:25:bf:88:
+        75:6f:ff:10:fc:4a:54:d0:5f:f0:fa:ef:36:73:7d:1b:36:45:
+        c6:21:6d:b4:15:b8:4e:cf:9c:5c:a5:3d:5a:00:8e:06:e3:3c:
+        6b:32:7b:f2:9f:f0:b6:fd:df:f0:28:18:48:f0:c6:bc:d0:bf:
+        34:80:96:c2:4a:b1:6d:8e:c7:90:45:de:2f:67:ac:45:04:a3:
+        7a:dc:55:92:c9:47:66:d8:1a:8c:c7:ed:9c:4e:9a:e0:12:bb:
+        b5:6a:4c:84:e1:e1:22:0d:87:00:64:fe:8c:7d:62:39:65:a6:
+        ef:42:b6:80:25:12:61:01:a8:24:13:70:00:11:26:5f:fa:35:
+        50:c5:48:cc:06:47:e8:27:d8:70:8d:5f:64:e6:a1:44:26:5e:
+        22:ec:92:cd:ff:42:9a:44:21:6d:5c:c5:e3:22:1d:5f:47:12:
+        e7:ce:5f:5d:fa:d8:aa:b1:33:2d:d9:76:f2:4e:3a:33:0c:2b:
+        b3:2d:90:06
+MD5 Fingerprint=C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
+MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
+ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
+BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
+6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
+GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
+dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
+1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
+62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
+BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
+MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
+IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
+iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
+GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
+4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
+XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
+        Validity
+            Not Before: May 30 10:44:50 2000 GMT
+            Not After : May 30 10:44:50 2020 GMT
+        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:e4:1e:9a:fe:dc:09:5a:87:a4:9f:47:be:11:5f:
+                    af:84:34:db:62:3c:79:78:b7:e9:30:b5:ec:0c:1c:
+                    2a:c4:16:ff:e0:ec:71:eb:8a:f5:11:6e:ed:4f:0d:
+                    91:d2:12:18:2d:49:15:01:c2:a4:22:13:c7:11:64:
+                    ff:22:12:9a:b9:8e:5c:2f:08:cf:71:6a:b3:67:01:
+                    59:f1:5d:46:f3:b0:78:a5:f6:0e:42:7a:e3:7f:1b:
+                    cc:d0:f0:b7:28:fd:2a:ea:9e:b3:b0:b9:04:aa:fd:
+                    f6:c7:b4:b1:b8:2a:a0:fb:58:f1:19:a0:6f:70:25:
+                    7e:3e:69:4a:7f:0f:22:d8:ef:ad:08:11:9a:29:99:
+                    e1:aa:44:45:9a:12:5e:3e:9d:6d:52:fc:e7:a0:3d:
+                    68:2f:f0:4b:70:7c:13:38:ad:bc:15:25:f1:d6:ce:
+                    ab:a2:c0:31:d6:2f:9f:e0:ff:14:59:fc:84:93:d9:
+                    87:7c:4c:54:13:eb:9f:d1:2d:11:f8:18:3a:3a:de:
+                    25:d9:f7:d3:40:ed:a4:06:12:c4:3b:e1:91:c1:56:
+                    35:f0:14:dc:65:36:09:6e:ab:a4:07:c7:35:d1:c2:
+                    03:33:36:5b:75:26:6d:42:f1:12:6b:43:6f:4b:71:
+                    94:fa:34:1d:ed:13:6e:ca:80:7f:98:2f:6c:b9:65:
+                    d8:e9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7
+                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
+                serial:01
+
+    Signature Algorithm: sha1WithRSAEncryption
+        19:ab:75:ea:f8:8b:65:61:95:13:ba:69:04:ef:86:ca:13:a0:
+        c7:aa:4f:64:1b:3f:18:f6:a8:2d:2c:55:8f:05:b7:30:ea:42:
+        6a:1d:c0:25:51:2d:a7:bf:0c:b3:ed:ef:08:7f:6c:3c:46:1a:
+        ea:18:43:df:76:cc:f9:66:86:9c:2c:68:f5:e9:17:f8:31:b3:
+        18:c4:d6:48:7d:23:4c:68:c1:7e:bb:01:14:6f:c5:d9:6e:de:
+        bb:04:42:6a:f8:f6:5c:7d:e5:da:fa:87:eb:0d:35:52:67:d0:
+        9e:97:76:05:93:3f:95:c7:01:e6:69:55:38:7f:10:61:99:c9:
+        e3:5f:a6:ca:3e:82:63:48:aa:e2:08:48:3e:aa:f2:b2:85:62:
+        a6:b4:a7:d9:bd:37:9c:68:b5:2d:56:7d:b0:b7:3f:a0:b1:07:
+        d6:e9:4f:dc:de:45:71:30:32:7f:1b:2e:09:f9:bf:52:a1:ee:
+        c2:80:3e:06:5c:2e:55:40:c1:1b:f5:70:45:b0:dc:5d:fa:f6:
+        72:5a:77:d2:63:cd:cf:58:89:00:42:63:3f:79:39:d0:44:b0:
+        82:6e:41:19:e8:dd:e0:c1:88:5a:d1:1e:71:93:1f:24:30:74:
+        e5:1e:a8:de:3c:27:37:7f:83:ae:9e:77:cf:f0:30:b1:ff:4b:
+        99:e8:c6:a1
+MD5 Fingerprint=27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
+MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
+EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
+xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
+87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
+2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
+WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
+0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
+A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
+ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
+aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
+hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
+hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
+dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
+P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
+iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
+xqE=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2b:68:d4:a3:46:9e:c5:3b:28:09:ab:38:5d:7f:27:20
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Validity
+            Not Before: Aug  4 00:00:00 2000 GMT
+            Not After : Aug  3 23:59:59 2004 GMT
+        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 1 Public Primary OCSP Responder
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b9:ed:5e:7a:3a:77:5f:ce:5f:3a:52:fc:cd:64:
+                    f7:71:b5:6f:6a:96:c6:59:92:55:94:5d:2f:5b:2e:
+                    c1:11:ea:26:8a:cb:a7:81:3c:f6:5a:44:de:7a:13:
+                    2f:fd:5a:51:d9:7b:37:26:4a:c0:27:3f:04:03:6a:
+                    56:c1:83:2c:e1:6f:5b:a9:54:50:24:4a:c6:2e:7a:
+                    4c:a1:5b:37:54:24:21:31:1f:a1:78:18:76:a7:b1:
+                    70:da:22:d0:6a:fe:07:62:40:c6:f7:f6:9b:7d:0c:
+                    06:b8:4b:c7:28:e4:66:23:84:51:ef:46:b7:93:d8:
+                    81:33:cb:e5:36:ac:c6:e8:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DirName:/CN=OCSP 1-1
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.verisign.com/pca1.crl
+
+            X509v3 Extended Key Usage: 
+                OCSP Signing
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.verisign.com/ocsp/status
+
+            X509v3 Certificate Policies: 
+                Policy: 2.16.840.1.113733.1.7.1.1
+                  CPS: https://www.verisign.com/RPA
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        70:90:dd:b8:e4:be:53:17:7c:7f:02:e9:d5:f7:8b:99:93:31:
+        60:8d:7e:e6:60:6b:24:ef:60:ac:d2:ce:91:de:80:6d:09:a4:
+        d3:b8:38:e5:44:ca:72:5e:0d:2d:c1:77:9c:bd:2c:03:78:29:
+        8d:a4:a5:77:87:f5:f1:2b:26:ad:cc:07:6c:3a:54:5a:28:e0:
+        09:f3:4d:0a:04:ca:d4:58:69:0b:a7:b3:f5:dd:01:a5:e7:dc:
+        f0:1f:ba:c1:5d:90:8d:b3:ea:4f:c1:11:59:97:6a:b2:2b:13:
+        b1:da:ad:97:a1:b3:b1:a0:20:5b:ca:32:ab:8d:cf:13:f0:1f:
+        29:c3
+MD5 Fingerprint=7E:6F:3A:53:1B:7C:BE:B0:30:DB:43:1E:1E:94:89:B2
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAwegAwIBAgIQK2jUo0aexTsoCas4XX8nIDANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMDAwODA0MDAwMDAwWhcNMDQwODAzMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
+aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
+BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
+UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
+UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC57V56Ondfzl86
+UvzNZPdxtW9qlsZZklWUXS9bLsER6iaKy6eBPPZaRN56Ey/9WlHZezcmSsAnPwQD
+albBgyzhb1upVFAkSsYuekyhWzdUJCExH6F4GHansXDaItBq/gdiQMb39pt9DAa4
+S8co5GYjhFHvRreT2IEzy+U2rMboBQIDAQABo4IBEDCCAQwwIAYDVR0RBBkwF6QV
+MBMxETAPBgNVBAMTCE9DU1AgMS0xMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9j
+cmwudmVyaXNpZ24uY29tL3BjYTEuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEIG
+CCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2ln
+bi5jb20vb2NzcC9zdGF0dXMwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBATAqMCgG
+CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vUlBBMAkGA1UdEwQC
+MAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAHCQ3bjkvlMXfH8C6dX3
+i5mTMWCNfuZgayTvYKzSzpHegG0JpNO4OOVEynJeDS3Bd5y9LAN4KY2kpXeH9fEr
+Jq3MB2w6VFoo4AnzTQoEytRYaQuns/XdAaXn3PAfusFdkI2z6k/BEVmXarIrE7Ha
+rZehs7GgIFvKMquNzxPwHynD
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            09:46:17:e6:1d:d8:d4:1c:a0:0c:a0:62:e8:79:8a:a7
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Validity
+            Not Before: Aug  1 00:00:00 2000 GMT
+            Not After : Jul 31 23:59:59 2004 GMT
+        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 2 Public Primary OCSP Responder
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d0:ca:63:31:61:7f:44:34:7c:05:7d:0b:3d:6a:
+                    90:cb:79:4b:77:0a:3f:4b:c7:23:e5:c0:62:2d:7e:
+                    9c:7e:3e:88:87:91:d0:ac:e8:4d:49:87:a2:96:90:
+                    8a:dd:04:a5:02:3f:8c:9b:e9:89:fe:62:a0:e2:5a:
+                    bd:c8:dd:b4:78:e6:a5:42:93:08:67:01:c0:20:4d:
+                    d7:5c:f4:5d:da:b3:e3:37:a6:52:1a:2c:4c:65:4d:
+                    8a:87:d9:a8:a3:f1:49:54:bb:3c:5c:80:51:68:c6:
+                    fb:49:ff:0b:55:ab:15:dd:fb:9a:c1:b9:1d:74:0d:
+                    b2:8c:44:5d:89:fc:9f:f9:83
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DirName:/CN=OCSP 1-2
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.verisign.com/pca2.crl
+
+            X509v3 Extended Key Usage: 
+                OCSP Signing
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.verisign.com/ocsp/status
+
+            X509v3 Certificate Policies: 
+                Policy: 2.16.840.1.113733.1.7.1.1
+                  CPS: https://www.verisign.com/RPA
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        1f:7d:09:6e:24:46:75:04:9c:f3:26:9b:e3:39:6e:17:ef:bc:
+        bd:a2:1b:d2:02:84:86:ab:d0:40:97:2c:c4:43:88:37:19:6b:
+        22:a8:03:71:50:9d:20:dc:36:60:20:9a:73:2d:73:55:6c:58:
+        9b:2c:c2:b4:34:2c:7a:33:42:ca:91:d9:e9:43:af:cf:1e:e0:
+        f5:c4:7a:ab:3f:72:63:1e:a9:37:e1:5b:3b:88:b3:13:86:82:
+        90:57:cb:57:ff:f4:56:be:22:dd:e3:97:a8:e1:bc:22:43:c2:
+        dd:4d:db:f6:81:9e:92:14:9e:39:0f:13:54:de:82:d8:c0:5e:
+        34:8d
+MD5 Fingerprint=F3:45:BD:10:96:0D:85:4B:EF:9F:11:62:34:A7:5E:B5
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAwegAwIBAgIQCUYX5h3Y1BygDKBi6HmKpzANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMDAwODAxMDAwMDAwWhcNMDQwNzMxMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
+aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
+BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
+UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
+UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQymMxYX9ENHwF
+fQs9apDLeUt3Cj9LxyPlwGItfpx+PoiHkdCs6E1Jh6KWkIrdBKUCP4yb6Yn+YqDi
+Wr3I3bR45qVCkwhnAcAgTddc9F3as+M3plIaLExlTYqH2aij8UlUuzxcgFFoxvtJ
+/wtVqxXd+5rBuR10DbKMRF2J/J/5gwIDAQABo4IBEDCCAQwwIAYDVR0RBBkwF6QV
+MBMxETAPBgNVBAMTCE9DU1AgMS0yMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9j
+cmwudmVyaXNpZ24uY29tL3BjYTIuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEIG
+CCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2ln
+bi5jb20vb2NzcC9zdGF0dXMwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBATAqMCgG
+CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vUlBBMAkGA1UdEwQC
+MAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAB99CW4kRnUEnPMmm+M5
+bhfvvL2iG9IChIar0ECXLMRDiDcZayKoA3FQnSDcNmAgmnMtc1VsWJsswrQ0LHoz
+QsqR2elDr88e4PXEeqs/cmMeqTfhWzuIsxOGgpBXy1f/9Fa+It3jl6jhvCJDwt1N
+2/aBnpIUnjkPE1TegtjAXjSN
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            2e:96:9e:bf:b6:62:6c:ec:7b:e9:73:cc:e3:6c:c1:84
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Validity
+            Not Before: Aug  4 00:00:00 2000 GMT
+            Not After : Aug  3 23:59:59 2004 GMT
+        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 3 Public Primary OCSP Responder
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:f1:e4:08:0e:83:bb:75:e3:48:e5:b8:db:a6:f0:
+                    b9:ab:e9:3c:62:c7:5e:35:5b:d0:02:54:11:d8:c9:
+                    d1:56:b9:76:4b:b9:ab:7a:e6:cd:ba:f6:0c:04:d6:
+                    7e:d6:b0:0a:65:ac:4e:39:e3:f1:f7:2d:a3:25:39:
+                    ef:b0:8b:cf:be:db:0c:5d:6e:70:f4:07:cd:70:f7:
+                    3a:c0:3e:35:16:ed:78:8c:43:cf:c2:26:2e:47:d6:
+                    86:7d:9c:f1:be:d6:67:0c:22:25:a4:ca:65:e6:1f:
+                    7a:78:28:2f:3f:05:db:04:21:bf:e1:45:66:fe:3c:
+                    b7:82:ed:5a:b8:16:15:b9:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DirName:/CN=OCSP 1-3
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.verisign.com/pca3.1.1.crl
+
+            X509v3 Extended Key Usage: 
+                OCSP Signing
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.verisign.com/ocsp/status
+
+            X509v3 Certificate Policies: 
+                Policy: 2.16.840.1.113733.1.7.1.1
+                  CPS: https://www.verisign.com/RPA
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        02:f6:53:63:c0:a9:1e:f2:d0:8b:33:30:8f:48:9b:4c:b0:56:
+        b4:83:71:4a:be:dc:50:d8:f5:b6:e0:0b:db:bd:78:4f:e9:cf:
+        09:34:da:29:49:9d:01:73:5a:91:91:82:54:2c:13:0a:d3:77:
+        23:cf:37:fc:63:de:a7:e3:f6:b7:b5:69:45:28:49:c3:91:dc:
+        aa:47:1c:a9:88:99:2c:05:2a:8d:8d:8a:fa:62:e2:5a:b7:00:
+        20:5d:39:c4:28:c2:cb:fc:9e:a8:89:ae:5b:3d:8e:12:ea:32:
+        b2:fc:eb:14:d7:09:15:1a:c0:cd:1b:d5:b5:15:4e:41:d5:96:
+        e3:4e
+MD5 Fingerprint=7D:51:92:C9:76:83:98:16:DE:8C:B3:86:C4:7D:66:FB
+-----BEGIN CERTIFICATE-----
+MIIDojCCAwugAwIBAgIQLpaev7ZibOx76XPM42zBhDANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMDAwODA0MDAwMDAwWhcNMDQwODAzMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
+aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
+BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
+UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
+UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDx5AgOg7t140jl
+uNum8Lmr6Txix141W9ACVBHYydFWuXZLuat65s269gwE1n7WsAplrE454/H3LaMl
+Oe+wi8++2wxdbnD0B81w9zrAPjUW7XiMQ8/CJi5H1oZ9nPG+1mcMIiWkymXmH3p4
+KC8/BdsEIb/hRWb+PLeC7Vq4FhW5VQIDAQABo4IBFDCCARAwIAYDVR0RBBkwF6QV
+MBMxETAPBgNVBAMTCE9DU1AgMS0zMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9j
+cmwudmVyaXNpZ24uY29tL3BjYTMuMS4xLmNybDATBgNVHSUEDDAKBggrBgEFBQcD
+CTBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAGmJhYkaHR0cDovL29jc3AudmVy
+aXNpZ24uY29tL29jc3Avc3RhdHVzMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw
+KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL1JQQTAJBgNV
+HRMEAjAAMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAC9lNjwKke8tCL
+MzCPSJtMsFa0g3FKvtxQ2PW24AvbvXhP6c8JNNopSZ0Bc1qRkYJULBMK03cjzzf8
+Y96n4/a3tWlFKEnDkdyqRxypiJksBSqNjYr6YuJatwAgXTnEKMLL/J6oia5bPY4S
+6jKy/OsU1wkVGsDNG9W1FU5B1ZbjTg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            ff:45:d5:27:5d:24:fb:b3:c2:39:24:53:57:e1:4f:de
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Aug  4 00:00:00 2000 GMT
+            Not After : Aug  3 23:59:59 2004 GMT
+        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Secure Server OCSP Responder
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:51:99:64:85:0e:ee:b3:0a:68:f0:bf:63:76:
+                    1d:53:f5:fc:a1:78:8c:33:ee:9f:f4:be:39:da:9b:
+                    0f:4d:47:a9:8f:20:e8:4b:44:bd:ce:cd:7b:90:d1:
+                    30:e8:90:c4:25:7b:89:28:de:bd:f6:93:1d:ff:b9:
+                    ff:92:b5:a9:8d:e4:ae:cc:e2:c3:07:83:6a:a3:72:
+                    10:01:27:62:22:a6:35:26:39:2d:9e:cf:60:0c:fc:
+                    47:a4:d7:d0:42:78:a7:1d:6c:d0:cb:4f:15:a7:29:
+                    0a:b4:95:45:c4:b1:e7:5a:09:d7:39:95:d8:1d:35:
+                    9e:c2:bd:b3:5d:c1:0c:4b:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Alternative Name: 
+                DirName:/CN=OCSP 1-4
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.verisign.com/RSASecureServer-p.crl
+
+            X509v3 Extended Key Usage: 
+                OCSP Signing
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.verisign.com/ocsp/status
+
+            X509v3 Certificate Policies: 
+                Policy: 2.16.840.1.113733.1.7.1.1
+                  CPS: https://www.verisign.com/RPA
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        00:b3:10:53:66:9c:49:93:2e:31:a0:02:42:d2:58:57:7e:66:
+        a1:fe:1b:8a:61:18:50:40:2c:1e:2b:41:a5:d6:db:ff:ac:08:
+        1c:5a:05:6d:02:5c:2a:b6:96:4f:47:db:be:4e:db:ce:cc:ba:
+        86:b8:18:ce:b1:12:91:5f:63:f7:f3:48:3e:cc:f1:4d:13:e4:
+        6d:09:94:78:00:92:cb:a3:20:9d:06:0b:6a:a0:43:07:ce:d1:
+        19:6c:8f:18:75:9a:9f:17:33:fd:a9:26:b8:e3:e2:de:c2:a8:
+        c4:5a:8a:7f:98:d6:07:06:6b:cc:56:9e:86:70:ce:d4:ef
+MD5 Fingerprint=2C:62:C3:D8:80:01:16:09:EA:59:EA:78:AB:10:43:F6
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwygAwIBAgIRAP9F1SddJPuzwjkkU1fhT94wDQYJKoZIhvcNAQEFBQAw
+XzELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMu
+MS4wLAYDVQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MB4XDTAwMDgwNDAwMDAwMFoXDTA0MDgwMzIzNTk1OVowgZ4xFzAVBgNVBAoTDlZl
+cmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTsw
+OQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L1JQQSAoYykwMDElMCMGA1UEAxMcU2VjdXJlIFNlcnZlciBPQ1NQIFJlc3BvbmRl
+cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuFGZZIUO7rMKaPC/Y3YdU/X8
+oXiMM+6f9L452psPTUepjyDoS0S9zs17kNEw6JDEJXuJKN699pMd/7n/krWpjeSu
+zOLDB4Nqo3IQASdiIqY1Jjktns9gDPxHpNfQQninHWzQy08VpykKtJVFxLHnWgnX
+OZXYHTWewr2zXcEMSx8CAwEAAaOCAR0wggEZMCAGA1UdEQQZMBekFTATMREwDwYD
+VQQDEwhPQ1NQIDEtNDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLnZlcmlz
+aWduLmNvbS9SU0FTZWN1cmVTZXJ2ZXItcC5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
+AwkwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzABpiYWJGh0dHA6Ly9vY3NwLnZl
+cmlzaWduLmNvbS9vY3NwL3N0YXR1czBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBwEB
+MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9SUEEwCQYD
+VR0TBAIwADALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADfgAAsxBTZpxJky4x
+oAJC0lhXfmah/huKYRhQQCweK0Gl1tv/rAgcWgVtAlwqtpZPR9u+TtvOzLqGuBjO
+sRKRX2P380g+zPFNE+RtCZR4AJLLoyCdBgtqoEMHztEZbI8YdZqfFzP9qSa44+Le
+wqjEWop/mNYHBmvMVp6GcM7U7w==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            53:61:b2:60:ae:db:71:8e:a7:94:b3:13:33:f4:07:09
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: Sep 26 00:00:00 2000 GMT
+            Not After : Sep 25 23:59:59 2010 GMT
+        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)00, CN=VeriSign Time Stamping Authority CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d2:19:9d:67:c2:00:21:59:62:ce:b4:09:22:44:
+                    69:8a:f8:25:5a:db:ed:0d:b7:36:7e:4e:e0:bb:94:
+                    3e:90:25:87:c2:61:47:29:d9:bd:54:b8:63:cc:2c:
+                    7d:69:b4:33:36:f4:37:07:9a:c1:dd:40:54:fc:e0:
+                    78:9d:a0:93:b9:09:3d:23:51:7f:44:c2:14:74:db:
+                    0a:be:cb:c9:30:34:40:98:3e:d0:d7:25:10:81:94:
+                    bd:07:4f:9c:d6:54:27:df:2e:a8:bf:cb:90:8c:8d:
+                    75:4b:bc:e2:e8:44:87:cd:e6:41:0a:25:6e:e8:f4:
+                    24:02:c5:52:0f:6e:ec:98:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:0
+            X509v3 Certificate Policies: 
+                Policy: 2.16.840.1.113733.1.7.23.1.3
+                  CPS: https://www.verisign.com/rpa
+
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.verisign.com/pca3.crl
+
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.verisign.com/ocsp/status
+
+    Signature Algorithm: sha1WithRSAEncryption
+        82:70:68:95:df:b6:0d:c2:01:70:19:4a:d2:54:56:1e:ac:f2:
+        45:4c:87:b8:f5:35:eb:78:4b:05:a9:c8:9d:3b:19:21:2e:70:
+        34:4a:a2:f5:89:e0:15:75:45:e7:28:37:00:34:27:29:e8:37:
+        4b:f2:ef:44:97:6b:17:51:1a:c3:56:9d:3c:1a:8a:f6:4a:46:
+        46:37:8c:fa:cb:f5:64:5a:38:68:2e:1c:c3:ef:70:ce:b8:46:
+        06:16:bf:f7:7e:e7:b5:a8:3e:45:ac:a9:25:75:22:7b:6f:3f:
+        b0:9c:94:e7:c7:73:ab:ac:1f:ee:25:9b:c0:16:ed:b7:ca:5b:
+        f0:14
+MD5 Fingerprint=89:49:54:8C:C8:68:9A:83:29:EC:DC:06:73:21:AB:97
+-----BEGIN CERTIFICATE-----
+MIIDzTCCAzagAwIBAgIQU2GyYK7bcY6nlLMTM/QHCTANBgkqhkiG9w0BAQUFADCB
+wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
+EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmswHhcNMDAwOTI2MDAwMDAwWhcNMTAwOTI1MjM1OTU5WjCBpTEXMBUGA1UEChMO
+VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
+OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
+b20vcnBhIChjKTAwMSwwKgYDVQQDEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIEF1
+dGhvcml0eSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hmdZ8IAIVli
+zrQJIkRpivglWtvtDbc2fk7gu5Q+kCWHwmFHKdm9VLhjzCx9abQzNvQ3B5rB3UBU
+/OB4naCTuQk9I1F/RMIUdNsKvsvJMDRAmD7Q1yUQgZS9B0+c1lQn3y6ov8uQjI11
+S7zi6ESHzeZBCiVu6PQkAsVSD27smHUCAwEAAaOB3zCB3DAPBgNVHRMECDAGAQH/
+AgEAMEUGA1UdIAQ+MDwwOgYMYIZIAYb4RQEHFwEDMCowKAYIKwYBBQUHAgEWHGh0
+dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
+cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwCwYDVR0PBAQDAgEGMEIGCCsG
+AQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2lnbi5j
+b20vb2NzcC9zdGF0dXMwDQYJKoZIhvcNAQEFBQADgYEAgnBold+2DcIBcBlK0lRW
+HqzyRUyHuPU163hLBanInTsZIS5wNEqi9YngFXVF5yg3ADQnKeg3S/LvRJdrF1Ea
+w1adPBqK9kpGRjeM+sv1ZFo4aC4cw+9wzrhGBha/937ntag+RaypJXUie28/sJyU
+58dzq6wf7iWbwBbtt8pb8BQ=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
+        Validity
+            Not Before: Jan  1 00:00:00 1997 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d6:2b:58:78:61:45:86:53:ea:34:7b:51:9c:ed:
+                    b0:e6:2e:18:0e:fe:e0:5f:a8:27:d3:b4:c9:e0:7c:
+                    59:4e:16:0e:73:54:60:c1:7f:f6:9f:2e:e9:3a:85:
+                    24:15:3c:db:47:04:63:c3:9e:c4:94:1a:5a:df:4c:
+                    7a:f3:d9:43:1d:3c:10:7a:79:25:db:90:fe:f0:51:
+                    e7:30:d6:41:00:fd:9f:28:df:79:be:94:bb:9d:b6:
+                    14:e3:23:85:d7:a9:41:e0:4c:a4:79:b0:2b:1a:8b:
+                    f2:f8:3b:8a:3e:45:ac:71:92:00:b4:90:41:98:fb:
+                    5f:ed:fa:b7:2e:8a:f8:88:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        67:db:e2:c2:e6:87:3d:40:83:86:37:35:7d:1f:ce:9a:c3:0c:
+        66:20:a8:ba:aa:04:89:86:c2:f5:10:08:0d:bf:cb:a2:05:8a:
+        d0:4d:36:3e:f4:d7:ef:69:c6:5e:e4:b0:94:6f:4a:b9:e7:de:
+        5b:88:b6:7b:db:e3:27:e5:76:c3:f0:35:c1:cb:b5:27:9b:33:
+        79:dc:90:a6:00:9e:77:fa:fc:cd:27:94:42:16:9c:d3:1c:68:
+        ec:bf:5c:dd:e5:a9:7b:10:0a:32:74:54:13:31:8b:85:03:84:
+        91:b7:58:01:30:14:38:af:28:ca:fc:b1:50:19:19:09:ac:89:
+        49:d3
+MD5 Fingerprint=7F:66:7A:71:D3:EB:69:78:20:9A:51:14:9D:83:DA:20
+-----BEGIN CERTIFICATE-----
+MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
+BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAd
+BgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcwMTAxMDAwMDAwWhcN
+MjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
+Q2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsG
+A1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1l
+c3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYrWHhhRYZT
+6jR7UZztsOYuGA7+4F+oJ9O0yeB8WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQa
+Wt9MevPZQx08EHp5JduQ/vBR5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL
+8vg7ij5FrHGSALSQQZj7X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC
+9RAIDb/LogWK0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQ
+pgCed/r8zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZ
+CayJSdM=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 949686588 (0x389b113c)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=Entrust.net, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Validity
+            Not Before: Feb  4 17:20:00 2000 GMT
+            Not After : Feb  4 17:50:00 2020 GMT
+        Subject: O=Entrust.net, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c7:c1:5f:4e:71:f1:ce:f0:60:86:0f:d2:58:7f:
+                    d3:33:97:2d:17:a2:75:30:b5:96:64:26:2f:68:c3:
+                    44:ab:a8:75:e6:00:67:34:57:9e:65:c7:22:9b:73:
+                    e6:d3:dd:08:0e:37:55:aa:25:46:81:6c:bd:fe:a8:
+                    f6:75:57:57:8c:90:6c:4a:c3:3e:8b:4b:43:0a:c9:
+                    11:56:9a:9a:27:22:99:cf:55:9e:61:d9:02:e2:7c:
+                    b6:7c:38:07:dc:e3:7f:4f:9a:b9:03:41:80:b6:75:
+                    67:13:0b:9f:e8:57:36:c8:5d:00:36:de:66:14:da:
+                    6e:76:1f:4f:37:8c:82:13:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Feb  4 17:20:00 2000 GMT, Not After: Feb  4 17:50:00 2020 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:CB:6C:C0:6B:E3:BB:3E:CB:FC:22:9C:FE:FB:8B:92:9C:B0:F2:6E:22
+
+            X509v3 Subject Key Identifier: 
+                CB:6C:C0:6B:E3:BB:3E:CB:FC:22:9C:FE:FB:8B:92:9C:B0:F2:6E:22
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: md5WithRSAEncryption
+        62:db:81:91:ce:c8:9a:77:42:2f:ec:bd:27:a3:53:0f:50:1b:
+        ea:4e:92:f0:a9:af:a9:a0:ba:48:61:cb:ef:c9:06:ef:1f:d5:
+        f4:ee:df:56:2d:e6:ca:6a:19:73:aa:53:be:92:b3:50:02:b6:
+        85:26:72:63:d8:75:50:62:75:14:b7:b3:50:1a:3f:ca:11:00:
+        0b:85:45:69:6d:b6:a5:ae:51:e1:4a:dc:82:3f:6c:8c:34:b2:
+        77:6b:d9:02:f6:7f:0e:ea:65:04:f1:cd:54:ca:ba:c9:cc:e0:
+        84:f7:c8:3e:11:97:d3:60:09:18:bc:05:ff:6c:89:33:f0:ec:
+        15:0f
+MD5 Fingerprint=9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UEChML
+RW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xfQ1BTIGlu
+Y29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
+RW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDQxNzIwMDBa
+Fw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDE/MD0GA1UE
+CxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO
+8GCGD9JYf9Mzly0XonUwtZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaB
+bL3+qPZ1V1eMkGxKwz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2
+dWcTC5/oVzbIXQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4
+QgEBBAQDAgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoT
+C0VudHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy
+ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEw
+KwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIwNDE3NTAwMFowCwYD
+VR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc/vuLkpyw8m4iMB0GA1Ud
+DgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
+fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBi24GRzsia
+d0Iv7L0no1MPUBvqTpLwqa+poLpIYcvvyQbvH9X07t9WLebKahlzqlO+krNQAraF
+JnJj2HVQYnUUt7NQGj/KEQALhUVpbbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1U
+yrrJzOCE98g+EZfTYAkYvAX/bIkz8OwVDw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 949941988 (0x389ef6e4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: O=Entrust.net, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Validity
+            Not Before: Feb  7 16:16:40 2000 GMT
+            Not After : Feb  7 16:46:40 2020 GMT
+        Subject: O=Entrust.net, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:93:74:b4:b6:e4:c5:4b:d6:a1:68:7f:62:d5:ec:
+                    f7:51:57:b3:72:4a:98:f5:d0:89:c9:ad:63:cd:4d:
+                    35:51:6a:84:d4:ad:c9:68:79:6f:b8:eb:11:db:87:
+                    ae:5c:24:51:13:f1:54:25:84:af:29:2b:9f:e3:80:
+                    e2:d9:cb:dd:c6:45:49:34:88:90:5e:01:97:ef:ea:
+                    53:a6:dd:fc:c1:de:4b:2a:25:e4:e9:35:fa:55:05:
+                    06:e5:89:7a:ea:a4:11:57:3b:fc:7c:3d:36:cd:67:
+                    35:6d:a4:a9:25:59:bd:66:f5:f9:27:e4:95:67:d6:
+                    3f:92:80:5e:f2:34:7d:2b:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Feb  7 16:16:40 2000 GMT, Not After: Feb  7 16:46:40 2020 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:84:8B:74:FD:C5:8D:C0:FF:27:6D:20:37:45:7C:FE:2D:CE:BA:D3:7D
+
+            X509v3 Subject Key Identifier: 
+                84:8B:74:FD:C5:8D:C0:FF:27:6D:20:37:45:7C:FE:2D:CE:BA:D3:7D
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: md5WithRSAEncryption
+        4e:6f:35:80:3b:d1:8a:f5:0e:a7:20:cb:2d:65:55:d0:92:f4:
+        e7:84:b5:06:26:83:12:84:0b:ac:3b:b2:44:ee:bd:cf:40:db:
+        20:0e:ba:6e:14:ea:30:e0:3b:62:7c:7f:8b:6b:7c:4a:a7:d5:
+        35:3c:be:a8:5c:ea:4b:bb:93:8e:80:66:ab:0f:29:fd:4d:2d:
+        bf:1a:9b:0a:90:c5:ab:da:d1:b3:86:d4:2f:24:52:5c:7a:6d:
+        c6:f2:fe:e5:4d:1a:30:8c:90:f2:ba:d7:4a:3e:43:7e:d4:c8:
+        50:1a:87:f8:4f:81:c7:76:0b:84:3a:72:9d:ce:65:66:97:ae:
+        26:5e
+MD5 Fingerprint=9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NBX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVu
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDcxNjE2NDBaFw0yMDAy
+MDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7Ny
+Spj10InJrWPNTTVRaoTUrcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0
+iJBeAZfv6lOm3fzB3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn
+5JVn1j+SgF7yNH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHd
+BgNVHR8EgdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0
+MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
+ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5l
+dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAy
+MDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQDAgEGMB8GA1UdIwQY
+MBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQWBBSEi3T9xY3A/ydtIDdF
+fP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4w
+AwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWAO9GK9Q6nIMstZVXQkvTnhLUGJoMS
+hAusO7JE7r3PQNsgDrpuFOow4DtifH+La3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/
+GpsKkMWr2tGzhtQvJFJcem3G8v7lTRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKd
+zmVml64mXg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1
+        Validity
+            Not Before: May 29 06:00:00 2002 GMT
+            Not After : Nov 20 15:03:00 2037 GMT
+        Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:99:de:8f:c3:25:a3:69:34:e8:05:f7:74:b9:bf:
+                    5a:97:19:b9:2f:94:d2:93:e5:2d:89:ca:84:7c:3f:
+                    10:43:1b:8c:8b:7c:84:58:f8:24:7c:48:cf:2a:fd:
+                    c0:15:d9:18:7e:84:1a:17:d3:db:9e:d7:ca:e4:d9:
+                    d7:aa:58:51:87:f0:f0:8b:48:4e:e2:c2:c4:59:69:
+                    30:62:b6:30:a2:8c:0b:11:99:61:35:6d:7e:ef:c5:
+                    b1:19:06:20:12:8e:42:e1:df:0f:96:10:52:a8:cf:
+                    9c:5f:95:14:d8:af:3b:75:0b:31:20:1f:44:2f:a2:
+                    62:41:b3:bb:18:21:db:ca:71:3c:8c:ec:b6:b9:0d:
+                    9f:ef:51:ef:4d:7b:12:f2:0b:0c:e1:ac:40:8f:77:
+                    7f:b0:ca:78:71:0c:5d:16:71:70:a2:d7:c2:3a:85:
+                    cd:0e:9a:c4:e0:00:b0:d5:25:ea:dc:2b:e4:94:2d:
+                    38:9c:89:41:57:64:28:65:19:1c:b6:44:b4:c8:31:
+                    6b:8e:01:7b:76:59:25:7f:15:1c:84:08:7c:73:65:
+                    20:0a:a1:04:2e:1a:32:a8:9a:20:b1:9c:2c:21:59:
+                    e7:fb:cf:ee:70:2d:08:ca:63:3e:2c:9b:93:19:6a:
+                    a4:c2:97:ff:b7:86:57:88:85:6c:9e:15:16:2b:4d:
+                    2c:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12
+            X509v3 Authority Key Identifier: 
+                keyid:A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        8a:20:18:a5:be:b3:2f:b4:a6:84:00:40:30:29:fa:b4:14:73:
+        4c:79:45:a7:f6:70:e0:e8:7e:64:1e:0a:95:7c:6a:61:c2:ef:
+        4e:1f:be:ff:c9:99:1f:07:61:4a:e1:5d:4c:cd:ad:ee:d0:52:
+        32:d9:59:32:bc:da:79:72:d6:7b:09:e8:02:81:35:d3:0a:df:
+        11:1d:c9:79:a0:80:4d:fe:5a:d7:56:d6:ed:0f:2a:af:a7:18:
+        75:33:0c:ea:c1:61:05:4f:6a:9a:89:f2:8d:b9:9f:2e:ef:b0:
+        5f:5a:00:eb:be:ad:a0:f8:44:05:67:bc:cb:04:ef:9e:64:c5:
+        e9:c8:3f:05:bf:c6:2f:07:1c:c3:36:71:86:ca:38:66:4a:cd:
+        d6:b8:4b:c6:6c:a7:97:3b:fa:13:2d:6e:23:61:87:a1:63:42:
+        ac:c2:cb:97:9f:61:68:cf:2d:4c:04:9d:d7:25:4f:0a:0e:4d:
+        90:8b:18:56:a8:93:48:57:dc:6f:ae:bd:9e:67:57:77:89:50:
+        b3:be:11:9b:45:67:83:86:19:87:d3:98:bd:08:1a:16:1f:58:
+        82:0b:e1:96:69:05:4b:8e:ec:83:51:31:07:d5:d4:9f:ff:59:
+        7b:a8:6e:85:cf:d3:4b:a9:49:b0:5f:b0:39:28:68:0e:73:dd:
+        25:9a:de:12
+MD5 Fingerprint=E7:7A:DC:B1:1F:6E:06:1F:74:6C:59:16:27:C3:4B:C0
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
+MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
+0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
+TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
+RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
+zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
+BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
+PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
+BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
+9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
+Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
+Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
+n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
+H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2
+        Validity
+            Not Before: May 29 06:00:00 2002 GMT
+            Not After : Sep 28 23:43:00 2037 GMT
+        Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (4096 bit)
+                Modulus (4096 bit):
+                    00:b4:37:5a:08:16:99:14:e8:55:b1:1b:24:6b:fc:
+                    c7:8b:e6:87:a9:89:ee:8b:99:cd:4f:40:86:a4:b6:
+                    4d:c9:d9:b1:dc:3c:4d:0d:85:4c:15:6c:46:8b:52:
+                    78:9f:f8:23:fd:67:f5:24:3a:68:5d:d0:f7:64:61:
+                    41:54:a3:8b:a5:08:d2:29:5b:9b:60:4f:26:83:d1:
+                    63:12:56:49:76:a4:16:c2:a5:9d:45:ac:8b:84:95:
+                    a8:16:b1:ec:9f:ea:24:1a:ef:b9:57:5c:9a:24:21:
+                    2c:4d:0e:71:1f:a6:ac:5d:45:74:03:98:c4:54:8c:
+                    16:4a:41:77:86:95:75:0c:47:01:66:60:fc:15:f1:
+                    0f:ea:f5:14:78:c7:0e:d7:6e:81:1c:5e:bf:5e:e7:
+                    3a:2a:d8:97:17:30:7c:00:ad:08:9d:33:af:b8:99:
+                    61:80:8b:a8:95:7e:14:dc:12:6c:a4:d0:d8:ef:40:
+                    49:02:36:f9:6e:a9:d6:1d:96:56:04:b2:b3:2d:16:
+                    56:86:8f:d9:20:57:80:cd:67:10:6d:b0:4c:f0:da:
+                    46:b6:ea:25:2e:46:af:8d:b0:85:38:34:8b:14:26:
+                    82:2b:ac:ae:99:0b:8e:14:d7:52:bd:9e:69:c3:86:
+                    02:0b:ea:76:75:31:09:ce:33:19:21:85:43:e6:89:
+                    2d:9f:25:37:67:f1:23:6a:d2:00:6d:97:f9:9f:e7:
+                    29:ca:dd:1f:d7:06:ea:b8:c9:b9:09:21:9f:c8:3f:
+                    06:c5:d2:e9:12:46:00:4e:7b:08:eb:42:3d:2b:48:
+                    6e:9d:67:dd:4b:02:e4:44:f3:93:19:a5:27:ce:69:
+                    7a:be:67:d3:fc:50:a4:2c:ab:c3:6b:b9:e3:80:4c:
+                    cf:05:61:4b:2b:dc:1b:b9:a6:d2:d0:aa:f5:2b:73:
+                    fb:ce:90:35:9f:0c:52:1c:bf:5c:21:61:11:5b:15:
+                    4b:a9:24:51:fc:a4:5c:f7:17:9d:b0:d2:fa:07:e9:
+                    8f:56:e4:1a:8c:68:8a:04:d3:7c:5a:e3:9e:a2:a1:
+                    ca:71:5b:a2:d4:a0:e7:29:85:5d:03:68:2a:4f:d2:
+                    06:d7:3d:f9:c3:03:2f:3f:65:f9:67:1e:47:40:d3:
+                    63:0f:e3:d5:8e:f9:85:ab:97:4c:b3:d7:26:eb:96:
+                    0a:94:de:85:36:9c:c8:7f:81:09:02:49:2a:0e:f5:
+                    64:32:0c:82:d1:ba:6a:82:1b:b3:4b:74:11:f3:8c:
+                    77:d6:9f:bf:dc:37:a4:a7:55:04:2f:d4:31:e8:d3:
+                    46:b9:03:7c:da:12:4e:59:64:b7:51:31:31:50:a0:
+                    ca:1c:27:d9:10:2e:ad:d6:bd:10:66:2b:c3:b0:22:
+                    4a:12:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28
+            X509v3 Authority Key Identifier: 
+                keyid:4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        3b:f3:ae:ca:e8:2e:87:85:fb:65:59:e7:ad:11:14:a5:57:bc:
+        58:9f:24:12:57:bb:fb:3f:34:da:ee:ad:7a:2a:34:72:70:31:
+        6b:c7:19:98:80:c9:82:de:37:77:5e:54:8b:8e:f2:ea:67:4f:
+        c9:74:84:91:56:09:d5:e5:7a:9a:81:b6:81:c2:ad:36:e4:f1:
+        54:11:53:f3:34:45:01:26:c8:e5:1a:bc:34:44:21:de:ad:25:
+        fc:76:16:77:21:90:80:98:57:9d:4e:ea:ec:2f:aa:3c:14:7b:
+        57:c1:7e:18:14:67:ee:24:c6:bd:ba:15:b0:d2:18:bd:b7:55:
+        81:ac:53:c0:e8:dd:69:12:13:42:b7:02:b5:05:41:ca:79:50:
+        6e:82:0e:71:72:93:46:e8:9d:0d:5d:bd:ae:ce:29:ad:63:d5:
+        55:16:80:30:27:ff:76:ba:f7:b8:d6:4a:e3:d9:b5:f9:52:d0:
+        4e:40:a9:c7:e5:c2:32:c7:aa:76:24:e1:6b:05:50:eb:c5:bf:
+        0a:54:e5:b9:42:3c:24:fb:b7:07:9c:30:9f:79:5a:e6:e0:40:
+        52:15:f4:fc:aa:f4:56:f9:44:97:87:ed:0e:65:72:5e:be:26:
+        fb:4d:a4:2d:08:07:de:d8:5c:a0:dc:81:33:99:18:25:11:77:
+        a7:eb:fd:58:09:2c:99:6b:1b:8a:f3:52:3f:1a:4d:48:60:f1:
+        a0:f6:33:02:53:8b:ed:25:09:b8:0d:2d:ed:97:73:ec:d7:96:
+        1f:8e:60:0e:da:10:9b:2f:18:24:f6:a6:4d:0a:f9:3b:cb:75:
+        c2:cc:2f:ce:24:69:c9:0a:22:8e:59:a7:f7:82:0c:d7:d7:6b:
+        35:9c:43:00:6a:c4:95:67:ba:9c:45:cb:b8:0e:37:f7:dc:4e:
+        01:4f:be:0a:b6:03:d3:ad:8a:45:f7:da:27:4d:29:b1:48:df:
+        e4:11:e4:96:46:bd:6c:02:3e:d6:51:c8:95:17:01:15:a9:f2:
+        aa:aa:f2:bf:2f:65:1b:6f:d0:b9:1a:93:f5:8e:35:c4:80:87:
+        3e:94:2f:66:e4:e9:a8:ff:41:9c:70:2a:4f:2a:39:18:95:1e:
+        7e:fb:61:01:3c:51:08:2e:28:18:a4:16:0f:31:fd:3a:6c:23:
+        93:20:76:e1:fd:07:85:d1:5b:3f:d2:1c:73:32:dd:fa:b9:f8:
+        8c:cf:02:87:7a:9a:96:e4:ed:4f:89:8d:53:43:ab:0e:13:c0:
+        01:15:b4:79:38:db:fc:6e:3d:9e:51:b6:b8:13:8b:67:cf:f9:
+        7c:d9:22:1d:f6:5d:c5:1c:01:2f:98:e8:7a:24:18:bc:84:d7:
+        fa:dc:72:5b:f7:c1:3a:68
+MD5 Fingerprint=01:5A:99:C3:D6:4F:A9:4B:3C:3B:B1:A3:AB:27:4C:BF
+-----BEGIN CERTIFICATE-----
+MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
+NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
+7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
+m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
+xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
+YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
+JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
+I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
+kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
+EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
+Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
+gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
+rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
+1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
+h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
+yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
+7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
+RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
+ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
+M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
+my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
+AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
+9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
+hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
+fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1018510662 (0x3cb53d46)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA-Baltimore Implementation
+        Validity
+            Not Before: Apr 11 07:38:51 2002 GMT
+            Not After : Apr 11 07:38:51 2022 GMT
+        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA-Baltimore Implementation
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bc:7e:c4:39:9c:8c:e3:d6:1c:86:ff:ca:62:ad:
+                    e0:7f:30:45:7a:8e:1a:b3:b8:c7:f9:d1:36:ff:22:
+                    f3:4e:6a:5f:84:10:fb:66:81:c3:94:79:31:d2:91:
+                    e1:77:8e:18:2a:c3:14:de:51:f5:4f:a3:2b:bc:18:
+                    16:e2:b5:dd:79:de:22:f8:82:7e:cb:81:1f:fd:27:
+                    2c:8f:fa:97:64:22:8e:f8:ff:61:a3:9c:1b:1e:92:
+                    8f:c0:a8:09:df:09:11:ec:b7:7d:31:9a:1a:ea:83:
+                    21:06:3c:9f:ba:5c:ff:94:ea:6a:b8:c3:6b:55:34:
+                    4f:3d:32:1f:dd:81:14:e0:c4:3c:cd:9d:30:f8:30:
+                    a9:97:d3:ee:cc:a3:d0:1f:5f:1c:13:81:d4:18:ab:
+                    94:d1:63:c3:9e:7f:35:92:9e:5f:44:ea:ec:f4:22:
+                    5c:b7:e8:3d:7d:a4:f9:89:a9:91:b2:2a:d9:eb:33:
+                    87:ee:a5:fd:e3:da:cc:88:e6:89:26:6e:c7:2b:82:
+                    d0:5e:9d:59:db:14:ec:91:83:05:c3:5e:0e:c6:2a:
+                    d0:04:dd:71:3d:20:4e:58:27:fc:53:fb:78:78:19:
+                    14:b2:fc:90:52:89:38:62:60:07:b4:a0:ec:ac:6b:
+                    50:d6:fd:b9:28:6b:ef:52:2d:3a:b2:ff:f1:01:40:
+                    ac:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6334.0.0.1.9.40.51377
+                  User Notice:
+                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, http://www.betrusted.com/products_services/index.html
+                  CPS: http://www.betrusted.com/products_services/index.html
+
+            X509v3 Subject Key Identifier: 
+                45:3D:C3:A9:D1:DC:3F:24:56:98:1C:73:18:88:6A:FF:83:47:ED:B6
+            X509v3 Authority Key Identifier: 
+                keyid:45:3D:C3:A9:D1:DC:3F:24:56:98:1C:73:18:88:6A:FF:83:47:ED:B6
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        49:92:bc:a3:ee:ac:bd:fa:0d:c9:8b:79:86:1c:23:76:b0:80:
+        59:77:fc:da:7f:b4:4b:df:c3:64:4b:6a:4e:0e:ad:f2:7d:59:
+        77:05:ad:0a:89:73:b0:fa:bc:cb:dc:8d:00:88:8f:a6:a0:b2:
+        ea:ac:52:27:bf:a1:48:7c:97:10:7b:ba:ed:13:1d:9a:07:6e:
+        cb:31:62:12:e8:63:03:aa:7d:6d:e3:f8:1b:76:21:78:1b:9f:
+        4b:43:8c:d3:49:86:f6:1b:5c:f6:2e:60:15:d3:e9:e3:7b:75:
+        3f:d0:02:83:d0:18:82:41:cd:65:37:ea:8e:32:7e:bd:6b:99:
+        5d:30:11:c8:db:48:54:1c:3b:e1:a7:13:d3:6a:48:93:f7:3d:
+        8c:7f:05:e8:ce:f3:88:2a:63:04:b8:ea:7e:58:7c:01:7b:5b:
+        e1:c5:7d:ef:21:e0:8d:0e:5d:51:7d:b1:67:fd:a3:bd:38:36:
+        c6:f2:38:86:87:1a:96:68:60:46:fb:28:14:47:55:e1:a7:80:
+        0c:6b:e2:ea:df:4d:7c:90:48:a0:36:bd:09:17:89:7f:c3:f2:
+        d3:9c:9c:e3:dd:c4:1b:dd:f5:b7:71:b3:53:05:89:06:d0:cb:
+        4a:80:c1:c8:53:90:b5:3c:31:88:17:50:9f:c9:c4:0e:8b:d8:
+        a8:02:63:0d
+MD5 Fingerprint=81:35:B9:FB:FB:12:CA:18:69:36:EB:AE:69:78:A1:F1
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIEPLU9RjANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EtQmFsdGltb3JlIEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA3Mzg1MVoXDTIyMDQxMTA3Mzg1MVowZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBLUJhbHRpbW9yZSBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALx+xDmcjOPWHIb/ymKt4H8wRXqOGrO4x/nRNv8i
+805qX4QQ+2aBw5R5MdKR4XeOGCrDFN5R9U+jK7wYFuK13XneIviCfsuBH/0nLI/6
+l2Qijvj/YaOcGx6Sj8CoCd8JEey3fTGaGuqDIQY8n7pc/5TqarjDa1U0Tz0yH92B
+FODEPM2dMPgwqZfT7syj0B9fHBOB1BirlNFjw55/NZKeX0Tq7PQiXLfoPX2k+Ymp
+kbIq2eszh+6l/ePazIjmiSZuxyuC0F6dWdsU7JGDBcNeDsYq0ATdcT0gTlgn/FP7
+eHgZFLL8kFKJOGJgB7Sg7KxrUNb9uShr71ItOrL/8QFArDcCAwEAAaOCAh4wggIa
+MA8GA1UdEwEB/wQFMAMBAf8wggG1BgNVHSAEggGsMIIBqDCCAaQGDysGAQQBsT4A
+AAEJKIORMTCCAY8wggFIBggrBgEFBQcCAjCCAToaggE2UmVsaWFuY2Ugb24gb3Ig
+dXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY3JlYXRlcyBhbiBhY2tub3dsZWRnbWVu
+dCBhbmQgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk
+IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgdGhlIENlcnRpZmljYXRpb24g
+UHJhY3RpY2UgU3RhdGVtZW50IGFuZCB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1l
+bnQsIHdoaWNoIGNhbiBiZSBmb3VuZCBhdCB0aGUgYmVUUlVTVGVkIHdlYiBzaXRl
+LCBodHRwOi8vd3d3LmJldHJ1c3RlZC5jb20vcHJvZHVjdHNfc2VydmljZXMvaW5k
+ZXguaHRtbDBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5iZXRydXN0ZWQuY29tL3By
+b2R1Y3RzX3NlcnZpY2VzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFEU9w6nR3D8kVpgc
+cxiIav+DR+22MB8GA1UdIwQYMBaAFEU9w6nR3D8kVpgccxiIav+DR+22MA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEASZK8o+6svfoNyYt5hhwjdrCA
+WXf82n+0S9/DZEtqTg6t8n1ZdwWtColzsPq8y9yNAIiPpqCy6qxSJ7+hSHyXEHu6
+7RMdmgduyzFiEuhjA6p9beP4G3YheBufS0OM00mG9htc9i5gFdPp43t1P9ACg9AY
+gkHNZTfqjjJ+vWuZXTARyNtIVBw74acT02pIk/c9jH8F6M7ziCpjBLjqflh8AXtb
+4cV97yHgjQ5dUX2xZ/2jvTg2xvI4hocalmhgRvsoFEdV4aeADGvi6t9NfJBIoDa9
+CReJf8Py05yc493EG931t3GzUwWJBtDLSoDByFOQtTwxiBdQn8nEDovYqAJjDQ==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1018515264 (0x3cb54f40)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - Entrust Implementation
+        Validity
+            Not Before: Apr 11 08:24:27 2002 GMT
+            Not After : Apr 11 08:54:27 2022 GMT
+        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - Entrust Implementation
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ba:f4:44:03:aa:12:6a:b5:43:ec:55:92:b6:30:
+                    7d:35:57:0c:db:f3:0d:27:6e:4c:f7:50:a8:9b:4e:
+                    2b:6f:db:f5:ad:1c:4b:5d:b3:a9:c1:fe:7b:44:eb:
+                    5b:a3:05:0d:1f:c5:34:2b:30:00:29:f1:78:40:b2:
+                    a4:ff:3a:f4:01:88:17:7e:e6:d4:26:d3:ba:4c:ea:
+                    32:fb:43:77:97:87:23:c5:db:43:a3:f5:2a:a3:51:
+                    5e:e1:3b:d2:65:69:7e:55:15:9b:7a:e7:69:f7:44:
+                    e0:57:b5:15:e8:66:60:0f:0d:03:fb:82:8e:a3:e8:
+                    11:7b:6c:be:c7:63:0e:17:93:df:cf:4b:ae:6e:73:
+                    75:e0:f3:aa:b9:a4:c0:09:1b:85:ea:71:29:88:41:
+                    32:f9:f0:2a:0e:6c:09:f2:74:6b:66:6c:52:13:1f:
+                    18:bc:d4:3e:f7:d8:6e:20:9e:ca:fe:fc:21:94:ee:
+                    13:28:4b:d7:5c:5e:0c:66:ee:e9:bb:0f:c1:34:b1:
+                    7f:08:76:f3:3d:26:70:c9:8b:25:1d:62:24:0c:ea:
+                    1c:75:4e:c0:12:e4:ba:13:1d:30:29:2d:56:33:05:
+                    bb:97:59:7e:c6:49:4f:89:d7:2f:24:a8:b6:88:40:
+                    b5:64:92:53:56:24:e4:a2:a0:85:b3:5e:90:b4:12:
+                    33:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6334.0.0.2.9.40.51377
+                  User Notice:
+                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, https://www.betrusted.com/products_services/index.html
+                  CPS: https://www.betrusted.com/products_services/index.html
+
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust Implementation/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Apr 11 08:24:27 2002 GMT, Not After: Apr 11 08:54:27 2022 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:7D:70:E5:AE:38:8B:06:3F:AA:1C:1A:8F:F9:CF:24:30:AA:84:84:16
+
+            X509v3 Subject Key Identifier: 
+                7D:70:E5:AE:38:8B:06:3F:AA:1C:1A:8F:F9:CF:24:30:AA:84:84:16
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V6.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        2a:b8:17:ce:1f:10:94:eb:b8:9a:b7:b9:5f:ec:da:f7:92:24:
+        ac:dc:92:3b:c7:20:8d:f2:99:e5:5d:38:a1:c2:34:ed:c5:13:
+        59:5c:05:b5:2b:4f:61:9b:91:fb:41:fc:fc:d5:3c:4d:98:76:
+        06:f5:81:7d:eb:dd:90:e6:d1:56:54:da:e3:2d:0c:9f:11:32:
+        94:22:01:7a:f6:6c:2c:74:67:04:cc:a5:8f:8e:2c:b3:43:b5:
+        94:a2:d0:7d:e9:62:7f:06:be:27:01:83:9e:3a:fd:8a:ee:98:
+        43:4a:6b:d7:b5:97:3b:3a:bf:4f:6d:b4:63:fa:33:00:34:2e:
+        2d:6d:96:c9:7b:ca:99:63:ba:be:f4:f6:30:a0:2d:98:96:e9:
+        56:44:05:a9:44:a3:61:10:eb:82:a1:67:5d:bc:5d:27:75:aa:
+        8a:28:36:2a:38:92:d9:dd:a4:5e:00:a5:cc:cc:7c:29:2a:de:
+        28:90:ab:b7:e1:b6:ff:7d:25:0b:40:d8:aa:34:a3:2d:de:07:
+        eb:5f:ce:0a:dd:ca:7e:3a:7d:26:c1:62:68:3a:e6:2f:37:f3:
+        81:86:21:c4:a9:64:aa:ef:45:36:d1:1a:66:7c:f8:e9:37:d6:
+        d6:61:be:a2:ad:48:e7:df:e6:74:fe:d3:6d:7d:d2:25:dc:ac:
+        62:57:a9:f7
+MD5 Fingerprint=7D:86:90:8F:5B:F1:F2:40:C0:F7:3D:62:B5:A4:A9:3B
+-----BEGIN CERTIFICATE-----
+MIIGUTCCBTmgAwIBAgIEPLVPQDANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBFbnRydXN0IEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA4MjQyN1oXDTIyMDQxMTA4NTQyN1owZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBIC0gRW50cnVzdCBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALr0RAOqEmq1Q+xVkrYwfTVXDNvzDSduTPdQqJtO
+K2/b9a0cS12zqcH+e0TrW6MFDR/FNCswACnxeECypP869AGIF37m1CbTukzqMvtD
+d5eHI8XbQ6P1KqNRXuE70mVpflUVm3rnafdE4Fe1FehmYA8NA/uCjqPoEXtsvsdj
+DheT389Lrm5zdeDzqrmkwAkbhepxKYhBMvnwKg5sCfJ0a2ZsUhMfGLzUPvfYbiCe
+yv78IZTuEyhL11xeDGbu6bsPwTSxfwh28z0mcMmLJR1iJAzqHHVOwBLkuhMdMCkt
+VjMFu5dZfsZJT4nXLySotohAtWSSU1Yk5KKghbNekLQSM80CAwEAAaOCAwUwggMB
+MIIBtwYDVR0gBIIBrjCCAaowggGmBg8rBgEEAbE+AAACCSiDkTEwggGRMIIBSQYI
+KwYBBQUHAgIwggE7GoIBN1JlbGlhbmNlIG9uIG9yIHVzZSBvZiB0aGlzIENlcnRp
+ZmljYXRlIGNyZWF0ZXMgYW4gYWNrbm93bGVkZ21lbnQgYW5kIGFjY2VwdGFuY2Ug
+b2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0
+aW9ucyBvZiB1c2UsIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dCBhbmQgdGhlIFJlbHlpbmcgUGFydHkgQWdyZWVtZW50LCB3aGljaCBjYW4gYmUg
+Zm91bmQgYXQgdGhlIGJlVFJVU1RlZCB3ZWIgc2l0ZSwgaHR0cHM6Ly93d3cuYmV0
+cnVzdGVkLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMEIGCCsGAQUF
+BwIBFjZodHRwczovL3d3dy5iZXRydXN0ZWQuY29tL3Byb2R1Y3RzX3NlcnZpY2Vz
+L2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgAHMIGJBgNVHR8EgYEwfzB9oHug
+eaR3MHUxEjAQBgNVBAoTCWJlVFJVU1RlZDEbMBkGA1UECxMSYmVUUlVTVGVkIFJv
+b3QgQ0FzMTMwMQYDVQQDEypiZVRSVVNUZWQgUm9vdCBDQSAtIEVudHJ1c3QgSW1w
+bGVtZW50YXRpb24xDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMjA0MTEw
+ODI0MjdagQ8yMDIyMDQxMTA4NTQyN1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA
+FH1w5a44iwY/qhwaj/nPJDCqhIQWMB0GA1UdDgQWBBR9cOWuOIsGP6ocGo/5zyQw
+qoSEFjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE
+kDANBgkqhkiG9w0BAQUFAAOCAQEAKrgXzh8QlOu4mre5X+za95IkrNySO8cgjfKZ
+5V04ocI07cUTWVwFtStPYZuR+0H8/NU8TZh2BvWBfevdkObRVlTa4y0MnxEylCIB
+evZsLHRnBMylj44ss0O1lKLQfelifwa+JwGDnjr9iu6YQ0pr17WXOzq/T220Y/oz
+ADQuLW2WyXvKmWO6vvT2MKAtmJbpVkQFqUSjYRDrgqFnXbxdJ3Wqiig2KjiS2d2k
+XgClzMx8KSreKJCrt+G2/30lC0DYqjSjLd4H61/OCt3Kfjp9JsFiaDrmLzfzgYYh
+xKlkqu9FNtEaZnz46TfW1mG+oq1I59/mdP7TbX3SJdysYlep9w==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3b:59:c7:7b:cd:5b:57:9e:bd:37:52:ac:76:b4:aa:1a
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - RSA Implementation
+        Validity
+            Not Before: Apr 11 11:18:13 2002 GMT
+            Not After : Apr 12 11:07:25 2022 GMT
+        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - RSA Implementation
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:e4:ba:34:30:09:8e:57:d0:b9:06:2c:6f:6e:24:
+                    80:22:bf:5d:43:a6:fa:4f:ac:82:e7:1c:68:70:85:
+                    1b:a3:6e:b5:aa:78:d9:6e:07:4b:3f:e9:df:f5:ea:
+                    e8:54:a1:61:8a:0e:2f:69:75:18:b7:0c:e5:14:8d:
+                    71:6e:98:b8:55:fc:0c:95:d0:9b:6e:e1:2d:88:d4:
+                    3a:40:6b:92:f1:99:96:64:de:db:ff:78:f4:ee:96:
+                    1d:47:89:7c:d4:be:b9:88:77:23:3a:09:e6:04:9e:
+                    6d:aa:5e:d2:c8:bd:9a:4e:19:df:89:ea:5b:0e:7e:
+                    c3:e4:b4:f0:e0:69:3b:88:0f:41:90:f8:d4:71:43:
+                    24:c1:8f:26:4b:3b:56:e9:ff:8c:6c:37:e9:45:ad:
+                    85:8c:53:c3:60:86:90:4a:96:c9:b3:54:b0:bb:17:
+                    f0:1c:45:d9:d4:1b:19:64:56:0a:19:f7:cc:e1:ff:
+                    86:af:7e:58:5e:ac:7a:90:1f:c9:28:39:45:7b:a2:
+                    b6:c7:9c:1f:da:85:d4:21:86:59:30:93:be:53:33:
+                    37:f6:ef:41:cf:33:c7:ab:72:6b:25:f5:f3:53:1b:
+                    0c:4c:2e:f1:75:4b:ef:a0:87:f7:fe:8a:15:d0:6c:
+                    d5:cb:f9:68:53:b9:70:15:13:c2:f5:2e:fb:43:35:
+                    75:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.6334.0.0.3.9.40.51377
+                  CPS: http://www.betrusted.com/products_services/index.html
+                  User Notice:
+                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, http://www.betrusted.com/products_services/index.html
+
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:A9:EC:14:7E:F9:D9:43:CC:53:2B:14:AD:CF:F7:F0:59:89:41:CD:19
+
+            X509v3 Subject Key Identifier: 
+                A9:EC:14:7E:F9:D9:43:CC:53:2B:14:AD:CF:F7:F0:59:89:41:CD:19
+    Signature Algorithm: sha1WithRSAEncryption
+        db:97:b0:75:ea:0c:c4:c1:98:ca:56:05:c0:a8:ad:26:48:af:
+        2d:20:e8:81:c7:b6:df:43:c1:2c:1d:75:4b:d4:42:8d:e7:7a:
+        a8:74:dc:66:42:59:87:b3:f5:69:6d:d9:a9:9e:b3:7d:1c:31:
+        c1:f5:54:e2:59:24:49:e5:ee:bd:39:a6:6b:8a:98:44:fb:9b:
+        d7:2a:83:97:34:2d:c7:7d:35:4c:2d:34:b8:3e:0d:c4:ec:88:
+        27:af:9e:92:fd:50:61:82:a8:60:07:14:53:cc:65:13:c1:f6:
+        47:44:69:d2:31:c8:a6:dd:2e:b3:0b:de:4a:8d:5b:3d:ab:0d:
+        c2:35:52:a2:56:37:cc:32:8b:28:85:42:9c:91:40:7a:70:2b:
+        38:36:d5:e1:73:1a:1f:e5:fa:7e:5f:dc:d6:9c:3b:30:ea:db:
+        c0:5b:27:5c:d3:73:07:c1:c2:f3:4c:9b:6f:9f:1b:ca:1e:aa:
+        a8:38:33:09:58:b2:ae:fc:07:e8:36:dc:55:ba:2f:4f:40:fe:
+        7a:bd:06:a6:81:c1:93:22:7c:86:11:0a:06:77:48:ae:35:b7:
+        2f:32:9a:61:5e:8b:be:29:9f:29:24:88:56:39:2c:a8:d2:ab:
+        96:03:5a:d4:48:9f:b9:40:84:0b:98:68:fb:01:43:d6:1b:e2:
+        09:b1:97:1c
+MD5 Fingerprint=86:42:05:09:BC:A7:9D:EC:1D:F3:2E:0E:BA:D8:1D:D0
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIQO1nHe81bV569N1KsdrSqGjANBgkqhkiG9w0BAQUFADBi
+MRIwEAYDVQQKEwliZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENB
+czEvMC0GA1UEAxMmYmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRp
+b24wHhcNMDIwNDExMTExODEzWhcNMjIwNDEyMTEwNzI1WjBiMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEvMC0GA1UEAxMm
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRpb24wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkujQwCY5X0LkGLG9uJIAiv11DpvpPrILn
+HGhwhRujbrWqeNluB0s/6d/16uhUoWGKDi9pdRi3DOUUjXFumLhV/AyV0Jtu4S2I
+1DpAa5LxmZZk3tv/ePTulh1HiXzUvrmIdyM6CeYEnm2qXtLIvZpOGd+J6lsOfsPk
+tPDgaTuID0GQ+NRxQyTBjyZLO1bp/4xsN+lFrYWMU8NghpBKlsmzVLC7F/AcRdnU
+GxlkVgoZ98zh/4avflherHqQH8koOUV7orbHnB/ahdQhhlkwk75TMzf270HPM8er
+cmsl9fNTGwxMLvF1S++gh/f+ihXQbNXL+WhTuXAVE8L1LvtDNXUtAgMBAAGjggIY
+MIICFDAMBgNVHRMEBTADAQH/MIIBtQYDVR0gBIIBrDCCAagwggGkBg8rBgEEAbE+
+AAADCSiDkTEwggGPMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3LmJldHJ1c3RlZC5j
+b20vcHJvZHVjdHNfc2VydmljZXMvaW5kZXguaHRtbDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZSZWxpYW5jZSBvbiBvciB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjcmVh
+dGVzIGFuIGFja25vd2xlZGdtZW50IGFuZCBhY2NlcHRhbmNlIG9mIHRoZSB0aGVu
+IGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNl
+LCB0aGUgQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgYW5kIHRoZSBS
+ZWx5aW5nIFBhcnR5IEFncmVlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IHRo
+ZSBiZVRSVVNUZWQgd2ViIHNpdGUsIGh0dHA6Ly93d3cuYmV0cnVzdGVkLmNvbS9w
+cm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMAsGA1UdDwQEAwIBBjAfBgNVHSME
+GDAWgBSp7BR++dlDzFMrFK3P9/BZiUHNGTAdBgNVHQ4EFgQUqewUfvnZQ8xTKxSt
+z/fwWYlBzRkwDQYJKoZIhvcNAQEFBQADggEBANuXsHXqDMTBmMpWBcCorSZIry0g
+6IHHtt9DwSwddUvUQo3neqh03GZCWYez9Wlt2ames30cMcH1VOJZJEnl7r05pmuK
+mET7m9cqg5c0Lcd9NUwtNLg+DcTsiCevnpL9UGGCqGAHFFPMZRPB9kdEadIxyKbd
+LrML3kqNWz2rDcI1UqJWN8wyiyiFQpyRQHpwKzg21eFzGh/l+n5f3NacOzDq28Bb
+J1zTcwfBwvNMm2+fG8oeqqg4MwlYsq78B+g23FW6L09A/nq9BqaBwZMifIYRCgZ3
+SK41ty8ymmFei74pnykkiFY5LKjSq5YDWtRIn7lAhAuYaPsBQ9Yb4gmxlxw=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=RSA Security Inc, OU=RSA Security 2048 V3
+        Validity
+            Not Before: Feb 22 20:39:23 2001 GMT
+            Not After : Feb 22 20:39:23 2026 GMT
+        Subject: O=RSA Security Inc, OU=RSA Security 2048 V3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b7:8f:55:71:d2:80:dd:7b:69:79:a7:f0:18:50:
+                    32:3c:62:67:f6:0a:95:07:dd:e6:1b:f3:9e:d9:d2:
+                    41:54:6b:ad:9f:7c:be:19:cd:fb:46:ab:41:68:1e:
+                    18:ea:55:c8:2f:91:78:89:28:fb:27:29:60:ff:df:
+                    8f:8c:3b:c9:49:9b:b5:a4:94:ce:01:ea:3e:b5:63:
+                    7b:7f:26:fd:19:dd:c0:21:bd:84:d1:2d:4f:46:c3:
+                    4e:dc:d8:37:39:3b:28:af:cb:9d:1a:ea:2b:af:21:
+                    a5:c1:23:22:b8:b8:1b:5a:13:87:57:83:d1:f0:20:
+                    e7:e8:4f:23:42:b0:00:a5:7d:89:e9:e9:61:73:94:
+                    98:71:26:bc:2d:6a:e0:f7:4d:f0:f1:b6:2a:38:31:
+                    81:0d:29:e1:00:c1:51:0f:4c:52:f8:04:5a:aa:7d:
+                    72:d3:b8:87:2a:bb:63:10:03:2a:b3:a1:4f:0d:5a:
+                    5e:46:b7:3d:0e:f5:74:ec:99:9f:f9:3d:24:81:88:
+                    a6:dd:60:54:e8:95:36:3d:c6:09:93:9a:a3:12:80:
+                    00:55:99:19:47:bd:d0:a5:7c:c3:ba:fb:1f:f7:f5:
+                    0f:f8:ac:b9:b5:f4:37:98:13:18:de:85:5b:b7:0c:
+                    82:3b:87:6f:95:39:58:30:da:6e:01:68:17:22:cc:
+                    c0:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C
+
+            X509v3 Subject Key Identifier: 
+                07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:3e:86:76:6e:b8:35:3c:4e:36:1c:1e:79:98:bf:fd:d5:12:
+        11:79:52:0e:ee:31:89:bc:dd:7f:f9:d1:c6:15:21:e8:8a:01:
+        54:0d:3a:fb:54:b9:d6:63:d4:b1:aa:96:4d:a2:42:4d:d4:53:
+        1f:8b:10:de:7f:65:be:60:13:27:71:88:a4:73:e3:84:63:d1:
+        a4:55:e1:50:93:e6:1b:0e:79:d0:67:bc:46:c8:bf:3f:17:0d:
+        95:e6:c6:90:69:de:e7:b4:2f:de:95:7d:d0:12:3f:3d:3e:7f:
+        4d:3f:14:68:f5:11:50:d5:c1:f4:90:a5:08:1d:31:60:ff:60:
+        8c:23:54:0a:af:fe:a1:6e:c5:d1:7a:2a:68:78:cf:1e:82:0a:
+        20:b4:1f:ad:e5:85:b2:6a:68:75:4e:ad:25:37:94:85:be:bd:
+        a1:d4:ea:b7:0c:4b:3c:9d:e8:12:00:f0:5f:ac:0d:e1:ac:70:
+        63:73:f7:7f:79:9f:32:25:42:74:05:80:28:bf:bd:c1:24:96:
+        58:15:b1:17:21:e9:89:4b:db:07:88:67:f4:15:ad:70:3e:2f:
+        4d:85:3b:c2:b7:db:fe:98:68:23:89:e1:74:0f:de:f4:c5:84:
+        63:29:1b:cc:cb:07:c9:00:a4:a9:d7:c2:22:4f:67:d7:77:ec:
+        20:05:61:de
+MD5 Fingerprint=77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            0a:01:01:01:00:00:02:7c:00:00:00:0b:00:00:00:02
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=RSA Security Inc, OU=RSA Security 1024 V3
+        Validity
+            Not Before: Feb 22 21:01:49 2001 GMT
+            Not After : Feb 22 20:01:49 2026 GMT
+        Subject: O=RSA Security Inc, OU=RSA Security 1024 V3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d5:dd:fe:66:09:cf:24:3c:3e:ae:81:4e:4e:8a:
+                    c4:69:80:5b:59:3b:df:b9:4d:4c:ca:b5:2d:c3:27:
+                    2d:3c:af:00:42:6d:bc:28:a6:96:cf:7f:d7:58:ac:
+                    83:0a:a3:55:b5:7b:17:90:15:84:4c:8a:ee:26:99:
+                    dc:58:ef:c7:38:a6:aa:af:d0:8e:42:c8:62:d7:ab:
+                    ac:a9:fb:4a:7d:bf:ea:fe:12:4d:dd:ff:26:2d:6f:
+                    36:54:68:c8:d2:84:56:ee:92:53:61:09:b3:3f:39:
+                    9b:a8:c9:9b:bd:ce:9f:7e:d4:19:6a:16:29:18:be:
+                    d7:3a:69:dc:25:5b:33:1a:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
+
+            X509v3 Subject Key Identifier: 
+                C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
+    Signature Algorithm: sha1WithRSAEncryption
+        3f:2d:6a:e3:26:43:95:7d:89:97:65:fb:75:e4:72:1d:46:57:
+        c4:61:6b:69:9f:12:9b:2c:d5:5a:e8:c0:a2:f0:43:95:e3:1f:
+        e9:76:cd:dc:eb:bc:93:a0:65:0a:c7:4d:4f:5f:a7:af:a2:46:
+        14:b9:0c:f3:cc:bd:6a:6e:b7:9d:de:25:42:d0:54:ff:9e:68:
+        73:63:dc:24:eb:22:bf:a8:72:f2:5e:00:e1:0d:4e:3a:43:6e:
+        99:4e:3f:89:78:03:98:ca:f3:55:cc:9d:ae:8e:c1:aa:45:98:
+        fa:8f:1a:a0:8d:88:23:f1:15:41:0d:a5:46:3e:91:3f:8b:eb:
+        f7:71
+MD5 Fingerprint=3A:E5:50:B0:39:BE:C7:46:36:33:A1:FE:82:3E:8D:94
+-----BEGIN CERTIFICATE-----
+MIICXDCCAcWgAwIBAgIQCgEBAQAAAnwAAAALAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMTAyNCBWMzAeFw0wMTAyMjIyMTAxNDlaFw0yNjAyMjIyMDAxNDlaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAx
+MDI0IFYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV3f5mCc8kPD6ugU5O
+isRpgFtZO9+5TUzKtS3DJy08rwBCbbwoppbPf9dYrIMKo1W1exeQFYRMiu4mmdxY
+78c4pqqv0I5CyGLXq6yp+0p9v+r+Ek3d/yYtbzZUaMjShFbuklNhCbM/OZuoyZu9
+zp9+1BlqFikYvtc6adwlWzMaUQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBTEwBykB5T9zU0B1FTapQxf3q4FWjAd
+BgNVHQ4EFgQUxMAcpAeU/c1NAdRU2qUMX96uBVowDQYJKoZIhvcNAQEFBQADgYEA
+Py1q4yZDlX2Jl2X7deRyHUZXxGFraZ8SmyzVWujAovBDleMf6XbN3Ou8k6BlCsdN
+T1+nr6JGFLkM88y9am63nd4lQtBU/55oc2PcJOsiv6hy8l4A4Q1OOkNumU4/iXgD
+mMrzVcydro7BqkWY+o8aoI2II/EVQQ2lRj6RP4vr93E=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 144470 (0x23456)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
+        Validity
+            Not Before: May 21 04:00:00 2002 GMT
+            Not After : May 21 04:00:00 2022 GMT
+        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:
+                    3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:
+                    43:b6:03:e9:4d:21:07:08:88:da:58:2f:66:39:29:
+                    bd:05:78:8b:9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:
+                    60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6:ed:83:f3:
+                    ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:
+                    2e:4f:ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:
+                    80:7a:57:ad:f2:ee:5f:6b:d2:00:8d:b9:14:f8:14:
+                    15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9:55:2b:cd:
+                    d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:
+                    d4:d5:7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:
+                    5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb:8e:a4:39:
+                    19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1:1d:05:
+                    9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:
+                    fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:
+                    eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:
+                    36:84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:
+                    e4:f9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
+            X509v3 Authority Key Identifier: 
+                keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
+
+    Signature Algorithm: sha1WithRSAEncryption
+        35:e3:29:6a:e5:2f:5d:54:8e:29:50:94:9f:99:1a:14:e4:8f:
+        78:2a:62:94:a2:27:67:9e:d0:cf:1a:5e:47:e9:c1:b2:a4:cf:
+        dd:41:1a:05:4e:9b:4b:ee:4a:6f:55:52:b3:24:a1:37:0a:eb:
+        64:76:2a:2e:2c:f3:fd:3b:75:90:bf:fa:71:d8:c7:3d:37:d2:
+        b5:05:95:62:b9:a6:de:89:3d:36:7b:38:77:48:97:ac:a6:20:
+        8f:2e:a6:c9:0c:c2:b2:99:45:00:c7:ce:11:51:22:22:e0:a5:
+        ea:b6:15:48:09:64:ea:5e:4f:74:f7:05:3e:c7:8a:52:0c:db:
+        15:b4:bd:6d:9b:e5:c6:b1:54:68:a9:e3:69:90:b6:9a:a5:0f:
+        b8:b9:3f:20:7d:ae:4a:b5:b8:9c:e4:1d:b6:ab:e6:94:a5:c1:
+        c7:83:ad:db:f5:27:87:0e:04:6c:d5:ff:dd:a0:5d:ed:87:52:
+        b7:2b:15:02:ae:39:a6:6a:74:e9:da:c4:e7:bc:4d:34:1e:a9:
+        5c:4d:33:5f:92:09:2f:88:66:5d:77:97:c7:1d:76:13:a9:d5:
+        e5:f1:16:09:11:35:d5:ac:db:24:71:70:2c:98:56:0b:d9:17:
+        b4:d1:e3:51:2b:5e:75:e8:d5:d0:dc:4f:34:ed:c2:05:66:80:
+        a1:cb:e6:33
+MD5 Fingerprint=F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
+        Validity
+            Not Before: Jul  9 18:48:39 1999 GMT
+            Not After : Jul  9 18:57:49 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b3:fb:91:a1:e4:36:55:85:ac:06:34:5b:a0:9a:
+                    58:b2:f8:b5:0f:05:77:83:ae:32:b1:76:92:68:ec:
+                    23:4a:c9:76:3f:e3:9c:b6:37:79:03:b9:ab:69:8d:
+                    07:25:b6:19:67:e4:b0:1b:18:73:61:4a:e8:7e:cd:
+                    d3:2f:64:e3:a6:7c:0c:fa:17:80:a3:0d:47:89:4f:
+                    51:71:2f:ee:fc:3f:f9:b8:16:80:87:89:93:25:20:
+                    9a:43:82:69:24:76:28:59:35:a1:1d:c0:7f:83:06:
+                    64:16:20:2c:d3:49:a4:85:b4:c0:61:7f:51:08:f8:
+                    68:15:91:80:cb:a5:d5:ee:3b:3a:f4:84:04:5e:60:
+                    59:a7:8c:34:72:ee:b8:78:c5:d1:3b:12:4a:6f:7e:
+                    65:27:b9:a4:55:c5:b9:6f:43:a4:c5:1d:2c:99:c0:
+                    52:a4:78:4c:15:b3:40:98:08:6b:43:c6:01:b0:7a:
+                    7b:f5:6b:1c:22:3f:cb:ef:ff:a8:d0:3a:4b:76:15:
+                    9e:d2:d1:c6:2e:e3:db:57:1b:32:a2:b8:6f:e8:86:
+                    a6:3f:70:ab:e5:70:92:ab:44:1e:40:50:fb:9c:a3:
+                    62:e4:6c:6e:a0:c8:de:e2:80:42:fa:e9:2f:e8:ce:
+                    32:04:8f:7c:8d:b7:1c:a3:35:3c:15:dd:9e:c3:ae:
+                    97:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                FA:86:C9:DB:E0:BA:E9:78:F5:4B:A8:D6:15:DF:F0:D3:E1:6A:14:3C
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+        a4:f3:25:cc:d1:d4:91:83:22:d0:cc:32:ab:9b:96:4e:34:91:
+        54:20:25:34:61:5f:2a:02:15:e1:8b:aa:ff:7d:64:51:cf:0a:
+        ff:bc:7d:d8:21:6a:78:cb:2f:51:6f:f8:42:1d:33:bd:eb:b5:
+        7b:94:c3:c3:a9:a0:2d:df:d1:29:1f:1d:fe:8f:3f:bb:a8:45:
+        2a:7f:d1:6e:55:24:e2:bb:02:fb:31:3f:be:e8:bc:ec:40:2b:
+        f8:01:d4:56:38:e4:ca:44:82:b5:61:20:21:67:65:f6:f0:0b:
+        e7:34:f8:a5:c2:9c:a3:5c:40:1f:85:93:95:06:de:4f:d4:27:
+        a9:b6:a5:fc:16:cd:73:31:3f:b8:65:27:cf:d4:53:1a:f0:ac:
+        6e:9f:4f:05:0c:03:81:a7:84:29:c4:5a:bd:64:57:72:ad:3b:
+        cf:37:18:a6:98:c6:ad:06:b4:dc:08:a3:04:d5:29:a4:96:9a:
+        12:67:4a:8c:60:45:9d:f1:23:9a:b0:00:9c:68:b5:98:50:d3:
+        ef:8e:2e:92:65:b1:48:3e:21:be:15:30:2a:0d:b5:0c:a3:6b:
+        3f:ae:7f:57:f5:1f:96:7c:df:6f:dd:82:30:2c:65:1b:40:4a:
+        cd:68:b9:72:ec:71:76:ec:54:8e:1f:85:0c:01:6a:fa:a6:38:
+        ac:1f:c4:84
+MD5 Fingerprint=BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
+ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
+TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
+NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
+IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
+VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
+Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
+N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
+iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
+YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
+axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
+yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
+AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
+ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
+VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
+BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
+IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
+QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
+ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
+YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
+QErNaLly7HF27FSOH4UMAWr6pjisH8SE
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
+        Validity
+            Not Before: May 28 06:00:00 2002 GMT
+            Not After : Nov 19 20:43:00 2037 GMT
+        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a8:2f:e8:a4:69:06:03:47:c3:e9:2a:98:ff:19:
+                    a2:70:9a:c6:50:b2:7e:a5:df:68:4d:1b:7c:0f:b6:
+                    97:68:7d:2d:a6:8b:97:e9:64:86:c9:a3:ef:a0:86:
+                    bf:60:65:9c:4b:54:88:c2:48:c5:4a:39:bf:14:e3:
+                    59:55:e5:19:b4:74:c8:b4:05:39:5c:16:a5:e2:95:
+                    05:e0:12:ae:59:8b:a2:33:68:58:1c:a6:d4:15:b7:
+                    d8:9f:d7:dc:71:ab:7e:9a:bf:9b:8e:33:0f:22:fd:
+                    1f:2e:e7:07:36:ef:62:39:c5:dd:cb:ba:25:14:23:
+                    de:0c:c6:3d:3c:ce:82:08:e6:66:3e:da:51:3b:16:
+                    3a:a3:05:7f:a0:dc:87:d5:9c:fc:72:a9:a0:7d:78:
+                    e4:b7:31:55:1e:65:bb:d4:61:b0:21:60:ed:10:32:
+                    72:c5:92:25:1e:f8:90:4a:18:78:47:df:7e:30:37:
+                    3e:50:1b:db:1c:d3:6b:9a:86:53:07:b0:ef:ac:06:
+                    78:f8:84:99:fe:21:8d:4c:80:b6:0c:82:f6:66:70:
+                    79:1a:d3:4f:a3:cf:f1:cf:46:b0:4b:0f:3e:dd:88:
+                    62:b8:8c:a9:09:28:3b:7a:c7:97:e1:1e:e5:f4:9f:
+                    c0:c0:ae:24:a0:c8:a1:d9:0f:d6:7b:26:82:69:32:
+                    3d:a7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE
+            X509v3 Authority Key Identifier: 
+                keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c:
+        05:a2:cd:c2:62:26:61:cd:10:16:d7:cc:b4:65:34:d0:11:8a:
+        ad:a8:a9:05:66:ef:74:f3:6d:5f:9d:99:af:f6:8b:fb:eb:52:
+        b2:05:98:a2:6f:2a:c5:54:bd:25:bd:5f:ae:c8:86:ea:46:2c:
+        c1:b3:bd:c1:e9:49:70:18:16:97:08:13:8c:20:e0:1b:2e:3a:
+        47:cb:1e:e4:00:30:95:5b:f4:45:a3:c0:1a:b0:01:4e:ab:bd:
+        c0:23:6e:63:3f:80:4a:c5:07:ed:dc:e2:6f:c7:c1:62:f1:e3:
+        72:d6:04:c8:74:67:0b:fa:88:ab:a1:01:c8:6f:f0:14:af:d2:
+        99:cd:51:93:7e:ed:2e:38:c7:bd:ce:46:50:3d:72:e3:79:25:
+        9d:9b:88:2b:10:20:dd:a5:b8:32:9f:8d:e0:29:df:21:74:86:
+        82:db:2f:82:30:c6:c7:35:86:b3:f9:96:5f:46:db:0c:45:fd:
+        f3:50:c3:6f:c6:c3:48:ad:46:a6:e1:27:47:0a:1d:0e:9b:b6:
+        c2:77:7f:63:f2:e0:7d:1a:be:fc:e0:df:d7:c7:a7:6c:b0:f9:
+        ae:ba:3c:fd:74:b4:11:e8:58:0d:80:bc:d3:a8:80:3a:99:ed:
+        75:cc:46:7b
+MD5 Fingerprint=14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
+-----BEGIN CERTIFICATE-----
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
+        Validity
+            Not Before: May 28 06:00:00 2002 GMT
+            Not After : Sep 29 14:08:00 2037 GMT
+        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (4096 bit)
+                Modulus (4096 bit):
+                    00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0:
+                    5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa:
+                    b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7:
+                    7c:71:bc:75:63:a0:5d:e3:07:0c:48:ec:25:c4:03:
+                    20:f4:ff:0e:3b:12:ff:9b:8d:e1:c6:d5:1b:b4:6d:
+                    22:e3:b1:db:7f:21:64:af:86:bc:57:22:2a:d6:47:
+                    81:57:44:82:56:53:bd:86:14:01:0b:fc:7f:74:a4:
+                    5a:ae:f1:ba:11:b5:9b:58:5a:80:b4:37:78:09:33:
+                    7c:32:47:03:5c:c4:a5:83:48:f4:57:56:6e:81:36:
+                    27:18:4f:ec:9b:28:c2:d4:b4:d7:7c:0c:3e:0c:2b:
+                    df:ca:04:d7:c6:8e:ea:58:4e:a8:a4:a5:18:1c:6c:
+                    45:98:a3:41:d1:2d:d2:c7:6d:8d:19:f1:ad:79:b7:
+                    81:3f:bd:06:82:27:2d:10:58:05:b5:78:05:b9:2f:
+                    db:0c:6b:90:90:7e:14:59:38:bb:94:24:13:e5:d1:
+                    9d:14:df:d3:82:4d:46:f0:80:39:52:32:0f:e3:84:
+                    b2:7a:43:f2:5e:de:5f:3f:1d:dd:e3:b2:1b:a0:a1:
+                    2a:23:03:6e:2e:01:15:87:5c:a6:75:75:c7:97:61:
+                    be:de:86:dc:d4:48:db:bd:2a:bf:4a:55:da:e8:7d:
+                    50:fb:b4:80:17:b8:94:bf:01:3d:ea:da:ba:7c:e0:
+                    58:67:17:b9:58:e0:88:86:46:67:6c:9d:10:47:58:
+                    32:d0:35:7c:79:2a:90:a2:5a:10:11:23:35:ad:2f:
+                    cc:e4:4a:5b:a7:c8:27:f2:83:de:5e:bb:5e:77:e7:
+                    e8:a5:6e:63:c2:0d:5d:61:d0:8c:d2:6c:5a:21:0e:
+                    ca:28:a3:ce:2a:e9:95:c7:48:cf:96:6f:1d:92:25:
+                    c8:c6:c6:c1:c1:0c:05:ac:26:c4:d2:75:d2:e1:2a:
+                    67:c0:3d:5b:a5:9a:eb:cf:7b:1a:a8:9d:14:45:e5:
+                    0f:a0:9a:65:de:2f:28:bd:ce:6f:94:66:83:48:29:
+                    d8:ea:65:8c:af:93:d9:64:9f:55:57:26:bf:6f:cb:
+                    37:31:99:a3:60:bb:1c:ad:89:34:32:62:b8:43:21:
+                    06:72:0c:a1:5c:6d:46:c5:fa:29:cf:30:de:89:dc:
+                    71:5b:dd:b6:37:3e:df:50:f5:b8:07:25:26:e5:bc:
+                    b5:fe:3c:02:b3:b7:f8:be:43:c1:87:11:94:9e:23:
+                    6c:17:8a:b8:8a:27:0c:54:47:f0:a9:b3:c0:80:8c:
+                    a0:27:eb:1d:19:e3:07:8e:77:70:ca:2b:f4:7d:76:
+                    e0:78:67
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E
+            X509v3 Authority Key Identifier: 
+                keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E
+
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        67:6b:06:b9:5f:45:3b:2a:4b:33:b3:e6:1b:6b:59:4e:22:cc:
+        b9:b7:a4:25:c9:a7:c4:f0:54:96:0b:64:f3:b1:58:4f:5e:51:
+        fc:b2:97:7b:27:65:c2:e5:ca:e7:0d:0c:25:7b:62:e3:fa:9f:
+        b4:87:b7:45:46:af:83:a5:97:48:8c:a5:bd:f1:16:2b:9b:76:
+        2c:7a:35:60:6c:11:80:97:cc:a9:92:52:e6:2b:e6:69:ed:a9:
+        f8:36:2d:2c:77:bf:61:48:d1:63:0b:b9:5b:52:ed:18:b0:43:
+        42:22:a6:b1:77:ae:de:69:c5:cd:c7:1c:a1:b1:a5:1c:10:fb:
+        18:be:1a:70:dd:c1:92:4b:be:29:5a:9d:3f:35:be:e5:7d:51:
+        f8:55:e0:25:75:23:87:1e:5c:dc:ba:9d:b0:ac:b3:69:db:17:
+        83:c9:f7:de:0c:bc:08:dc:91:9e:a8:d0:d7:15:37:73:a5:35:
+        b8:fc:7e:c5:44:40:06:c3:eb:f8:22:80:5c:47:ce:02:e3:11:
+        9f:44:ff:fd:9a:32:cc:7d:64:51:0e:eb:57:26:76:3a:e3:1e:
+        22:3c:c2:a6:36:dd:19:ef:a7:fc:12:f3:26:c0:59:31:85:4c:
+        9c:d8:cf:df:a4:cc:cc:29:93:ff:94:6d:76:5c:13:08:97:f2:
+        ed:a5:0b:4d:dd:e8:c9:68:0e:66:d3:00:0e:33:12:5b:bc:95:
+        e5:32:90:a8:b3:c6:6c:83:ad:77:ee:8b:7e:7e:b1:a9:ab:d3:
+        e1:f1:b6:c0:b1:ea:88:c0:e7:d3:90:e9:28:92:94:7b:68:7b:
+        97:2a:0a:67:2d:85:02:38:10:e4:03:61:d4:da:25:36:c7:08:
+        58:2d:a1:a7:51:af:30:0a:49:f5:a6:69:87:07:2d:44:46:76:
+        8e:2a:e5:9a:3b:d7:18:a2:fc:9c:38:10:cc:c6:3b:d2:b5:17:
+        3a:6f:fd:ae:25:bd:f5:72:59:64:b1:74:2a:38:5f:18:4c:df:
+        cf:71:04:5a:36:d4:bf:2f:99:9c:e8:d9:ba:b1:95:e6:02:4b:
+        21:a1:5b:d5:c1:4f:8f:ae:69:6d:53:db:01:93:b5:5c:1e:18:
+        dd:64:5a:ca:18:28:3e:63:04:11:fd:1c:8d:00:0f:b8:37:df:
+        67:8a:9d:66:a9:02:6a:91:ff:13:ca:2f:5d:83:bc:87:93:6c:
+        dc:24:51:16:04:25:66:fa:b3:d9:c2:ba:29:be:9a:48:38:82:
+        99:f4:bf:3b:4a:31:19:f9:bf:8e:21:33:14:ca:4f:54:5f:fb:
+        ce:fb:8f:71:7f:fd:5e:19:a0:0f:4b:91:b8:c4:54:bc:06:b0:
+        45:8f:26:91:a2:8e:fe:a9
+MD5 Fingerprint=D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
+-----BEGIN CERTIFICATE-----
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
+        Validity
+            Not Before: Jun 26 02:18:36 2002 GMT
+            Not After : Jun 24 00:16:12 2022 GMT
+        Subject: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:af:57:de:56:1e:6e:a1:da:60:b1:94:27:cb:17:
+                    db:07:3f:80:85:4f:c8:9c:b6:d0:f4:6f:4f:cf:99:
+                    d8:e1:db:c2:48:5c:3a:ac:39:33:c7:1f:6a:8b:26:
+                    3d:2b:35:f5:48:b1:91:c1:02:4e:04:96:91:7b:b0:
+                    33:f0:b1:14:4e:11:6f:b5:40:af:1b:45:a5:4a:ef:
+                    7e:b6:ac:f2:a0:1f:58:3f:12:46:60:3c:8d:a1:e0:
+                    7d:cf:57:3e:33:1e:fb:47:f1:aa:15:97:07:55:66:
+                    a5:b5:2d:2e:d8:80:59:b2:a7:0d:b7:46:ec:21:63:
+                    ff:35:ab:a5:02:cf:2a:f4:4c:fe:7b:f5:94:5d:84:
+                    4d:a8:f2:60:8f:db:0e:25:3c:9f:73:71:cf:94:df:
+                    4a:ea:db:df:72:38:8c:f3:96:bd:f1:17:bc:d2:ba:
+                    3b:45:5a:c6:a7:f6:c6:17:8b:01:9d:fc:19:a8:2a:
+                    83:16:b8:3a:48:fe:4e:3e:a0:ab:06:19:e9:53:f3:
+                    80:13:07:ed:2d:bf:3f:0a:3c:55:20:39:2c:2c:00:
+                    69:74:95:4a:bc:20:b2:a9:79:e5:18:89:91:a8:dc:
+                    1c:4d:ef:bb:7e:37:0b:5d:fe:39:a5:88:52:8c:00:
+                    6c:ec:18:7c:41:bd:f6:8b:75:77:ba:60:9d:84:e7:
+                    fe:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                15:38:83:0F:3F:2C:3F:70:33:1E:CD:46:FE:07:8C:20:E0:D7:C3:B7
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:f1:41:7d:7c:5c:08:b9:2b:e0:d5:92:47:fa:67:5c:a5:13:
+        c3:03:21:9b:2b:4c:89:46:cf:59:4d:c9:fe:a5:40:b6:63:cd:
+        dd:71:28:95:67:11:cc:24:ac:d3:44:6c:71:ae:01:20:6b:03:
+        a2:8f:18:b7:29:3a:7d:e5:16:60:53:78:3c:c0:af:15:83:f7:
+        8f:52:33:24:bd:64:93:97:ee:8b:f7:db:18:a8:6d:71:b3:f7:
+        2c:17:d0:74:25:69:f7:fe:6b:3c:94:be:4d:4b:41:8c:4e:e2:
+        73:d0:e3:90:22:73:43:cd:f3:ef:ea:73:ce:45:8a:b0:a6:49:
+        ff:4c:7d:9d:71:88:c4:76:1d:90:5b:1d:ee:fd:cc:f7:ee:fd:
+        60:a5:b1:7a:16:71:d1:16:d0:7c:12:3c:6c:69:97:db:ae:5f:
+        39:9a:70:2f:05:3c:19:46:04:99:20:36:d0:60:6e:61:06:bb:
+        16:42:8c:70:f7:30:fb:e0:db:66:a3:00:01:bd:e6:2c:da:91:
+        5f:a0:46:8b:4d:6a:9c:3d:3d:dd:05:46:fe:76:bf:a0:0a:3c:
+        e4:00:e6:27:b7:ff:84:2d:de:ba:22:27:96:10:71:eb:22:ed:
+        df:df:33:9c:cf:e3:ad:ae:8e:d4:8e:e6:4f:51:af:16:92:e0:
+        5c:f6:07:0f
+MD5 Fingerprint=FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1002 (0x3ea)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
+                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
+                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
+                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
+                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
+                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
+                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
+                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
+                    9c:fb:fc:57:9b:57:5c:4f:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        84:52:fb:28:df:ff:1f:75:01:bc:01:be:04:56:97:6a:74:42:
+        24:31:83:f9:46:b1:06:8a:89:cf:96:2c:33:bf:8c:b5:5f:7a:
+        72:a1:85:06:ce:86:f8:05:8e:e8:f9:25:ca:da:83:8c:06:ac:
+        eb:36:6d:85:91:34:04:36:f4:42:f0:f8:79:2e:0a:48:5c:ab:
+        cc:51:4f:78:76:a0:d9:ac:19:bd:2a:d1:69:04:28:91:ca:36:
+        10:27:80:57:5b:d2:5c:f5:c2:5b:ab:64:81:63:74:51:f4:97:
+        bf:cd:12:28:f7:4d:66:7f:a7:f0:1c:01:26:78:b2:66:47:70:
+        51:64
+MD5 Fingerprint=B8:16:33:4C:4C:4C:F2:D8:D3:4D:06:B4:A6:5B:40:03
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
+AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
+TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
+/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
+jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
+Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1003 (0x3eb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
+                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
+                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
+                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
+                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
+                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
+                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
+                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
+                    ea:64:cf:d2:8e:7a:50:77:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        16:3d:c6:cd:c1:bb:85:71:85:46:9f:3e:20:8f:51:28:99:ec:
+        2d:45:21:63:23:5b:04:bb:4c:90:b8:88:92:04:4d:bd:7d:01:
+        a3:3f:f6:ec:ce:f1:de:fe:7d:e5:e1:3e:bb:c6:ab:5e:0b:dd:
+        3d:96:c4:cb:a9:d4:f9:26:e6:06:4e:9e:0c:a5:7a:ba:6e:c3:
+        7c:82:19:d1:c7:b1:b1:c3:db:0d:8e:9b:40:7c:37:0b:f1:5d:
+        e8:fd:1f:90:88:a5:0e:4e:37:64:21:a8:4e:8d:b4:9f:f1:de:
+        48:ad:d5:56:18:52:29:8b:47:34:12:09:d4:bb:92:35:ef:0f:
+        db:34
+MD5 Fingerprint=5F:94:4A:73:22:B8:F7:D1:31:EC:59:39:F7:8E:FE:6E
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF
+Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw
+Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW
+w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE
+Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD
+2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 65568 (0x10020)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
+        Validity
+            Not Before: Jun 11 10:46:39 2002 GMT
+            Not After : Jun 11 10:46:39 2027 GMT
+        Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ce:b1:c1:2e:d3:4f:7c:cd:25:ce:18:3e:4f:c4:
+                    8c:6f:80:6a:73:c8:5b:51:f8:9b:d2:dc:bb:00:5c:
+                    b1:a0:fc:75:03:ee:81:f0:88:ee:23:52:e9:e6:15:
+                    33:8d:ac:2d:09:c5:76:f9:2b:39:80:89:e4:97:4b:
+                    90:a5:a8:78:f8:73:43:7b:a4:61:b0:d8:58:cc:e1:
+                    6c:66:7e:9c:f3:09:5e:55:63:84:d5:a8:ef:f3:b1:
+                    2e:30:68:b3:c4:3c:d8:ac:6e:8d:99:5a:90:4e:34:
+                    dc:36:9a:8f:81:88:50:b7:6d:96:42:09:f3:d7:95:
+                    83:0d:41:4b:b0:6a:6b:f8:fc:0f:7e:62:9f:67:c4:
+                    ed:26:5f:10:26:0f:08:4f:f0:a4:57:28:ce:8f:b8:
+                    ed:45:f6:6e:ee:25:5d:aa:6e:39:be:e4:93:2f:d9:
+                    47:a0:72:eb:fa:a6:5b:af:ca:53:3f:e2:0e:c6:96:
+                    56:11:6e:f7:e9:66:a9:26:d8:7f:95:53:ed:0a:85:
+                    88:ba:4f:29:a5:42:8c:5e:b6:fc:85:20:00:aa:68:
+                    0b:a1:1a:85:01:9c:c4:46:63:82:88:b6:22:b1:ee:
+                    fe:aa:46:59:7e:cf:35:2c:d5:b6:da:5d:f7:48:33:
+                    14:54:b6:eb:d9:6f:ce:cd:88:d6:ab:1b:da:96:3b:
+                    1d:59
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        b8:8d:ce:ef:e7:14:ba:cf:ee:b0:44:92:6c:b4:39:3e:a2:84:
+        6e:ad:b8:21:77:d2:d4:77:82:87:e6:20:41:81:ee:e2:f8:11:
+        b7:63:d1:17:37:be:19:76:24:1c:04:1a:4c:eb:3d:aa:67:6f:
+        2d:d4:cd:fe:65:31:70:c5:1b:a6:02:0a:ba:60:7b:6d:58:c2:
+        9a:49:fe:63:32:0b:6b:e3:3a:c0:ac:ab:3b:b0:e8:d3:09:51:
+        8c:10:83:c6:34:e0:c5:2b:e0:1a:b6:60:14:27:6c:32:77:8c:
+        bc:b2:72:98:cf:cd:cc:3f:b9:c8:24:42:14:d6:57:fc:e6:26:
+        43:a9:1d:e5:80:90:ce:03:54:28:3e:f7:3f:d3:f8:4d:ed:6a:
+        0a:3a:93:13:9b:3b:14:23:13:63:9c:3f:d1:87:27:79:e5:4c:
+        51:e3:01:ad:85:5d:1a:3b:b1:d5:73:10:a4:d3:f2:bc:6e:64:
+        f5:5a:56:90:a8:c7:0e:4c:74:0f:2e:71:3b:f7:c8:47:f4:69:
+        6f:15:f2:11:5e:83:1e:9c:7c:52:ae:fd:02:da:12:a8:59:67:
+        18:db:bc:70:dd:9b:b1:69:ed:80:ce:89:40:48:6a:0e:35:ca:
+        29:66:15:21:94:2c:e8:60:2a:9b:85:4a:40:f3:6b:8a:24:ec:
+        06:16:2c:73
+MD5 Fingerprint=2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
+        Validity
+            Not Before: Jan  1 00:00:00 2004 GMT
+            Not After : Dec 31 23:59:59 2028 GMT
+        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:be:40:9d:f4:6e:e1:ea:76:87:1c:4d:45:44:8e:
+                    be:46:c8:83:06:9d:c1:2a:fe:18:1f:8e:e4:02:fa:
+                    f3:ab:5d:50:8a:16:31:0b:9a:06:d0:c5:70:22:cd:
+                    49:2d:54:63:cc:b6:6e:68:46:0b:53:ea:cb:4c:24:
+                    c0:bc:72:4e:ea:f1:15:ae:f4:54:9a:12:0a:c3:7a:
+                    b2:33:60:e2:da:89:55:f3:22:58:f3:de:dc:cf:ef:
+                    83:86:a2:8c:94:4f:9f:68:f2:98:90:46:84:27:c7:
+                    76:bf:e3:cc:35:2c:8b:5e:07:64:65:82:c0:48:b0:
+                    a8:91:f9:61:9f:76:20:50:a8:91:c7:66:b5:eb:78:
+                    62:03:56:f0:8a:1a:13:ea:31:a3:1e:a0:99:fd:38:
+                    f6:f6:27:32:58:6f:07:f5:6b:b8:fb:14:2b:af:b7:
+                    aa:cc:d6:63:5f:73:8c:da:05:99:a8:38:a8:cb:17:
+                    78:36:51:ac:e9:9e:f4:78:3a:8d:cf:0f:d9:42:e2:
+                    98:0c:ab:2f:9f:0e:01:de:ef:9f:99:49:f1:2d:df:
+                    ac:74:4d:1b:98:b5:47:c5:e5:29:d1:f9:90:18:c7:
+                    62:9c:be:83:c7:26:7b:3e:8a:25:c7:c0:dd:9d:e6:
+                    35:68:10:20:9d:8f:d8:de:d2:c3:84:9c:0d:5e:e8:
+                    2f:c9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.comodoca.com/AAACertificateServices.crl
+                URI:http://crl.comodo.net/AAACertificateServices.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+        08:56:fc:02:f0:9b:e8:ff:a4:fa:d6:7b:c6:44:80:ce:4f:c4:
+        c5:f6:00:58:cc:a6:b6:bc:14:49:68:04:76:e8:e6:ee:5d:ec:
+        02:0f:60:d6:8d:50:18:4f:26:4e:01:e3:e6:b0:a5:ee:bf:bc:
+        74:54:41:bf:fd:fc:12:b8:c7:4f:5a:f4:89:60:05:7f:60:b7:
+        05:4a:f3:f6:f1:c2:bf:c4:b9:74:86:b6:2d:7d:6b:cc:d2:f3:
+        46:dd:2f:c6:e0:6a:c3:c3:34:03:2c:7d:96:dd:5a:c2:0e:a7:
+        0a:99:c1:05:8b:ab:0c:2f:f3:5c:3a:cf:6c:37:55:09:87:de:
+        53:40:6c:58:ef:fc:b6:ab:65:6e:04:f6:1b:dc:3c:e0:5a:15:
+        c6:9e:d9:f1:59:48:30:21:65:03:6c:ec:e9:21:73:ec:9b:03:
+        a1:e0:37:ad:a0:15:18:8f:fa:ba:02:ce:a7:2c:a9:10:13:2c:
+        d4:e5:08:26:ab:22:97:60:f8:90:5e:74:d4:a2:9a:53:bd:f2:
+        a9:68:e0:a2:6e:c2:d7:6c:b1:a3:0f:9e:bf:eb:68:e7:56:f2:
+        ae:f2:e3:2b:38:3a:09:81:b5:6b:85:d7:be:2d:ed:3f:1a:b7:
+        b2:63:e2:f5:62:2c:82:d4:6a:00:41:50:f1:39:83:9f:95:e9:
+        36:96:98:6e
+MD5 Fingerprint=49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
+        Validity
+            Not Before: Jan  1 00:00:00 2004 GMT
+            Not After : Dec 31 23:59:59 2028 GMT
+        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:71:33:82:8a:d0:70:eb:73:87:82:40:d5:1d:
+                    e4:cb:c9:0e:42:90:f9:de:34:b9:a1:ba:11:f4:25:
+                    85:f3:cc:72:6d:f2:7b:97:6b:b3:07:f1:77:24:91:
+                    5f:25:8f:f6:74:3d:e4:80:c2:f8:3c:0d:f3:bf:40:
+                    ea:f7:c8:52:d1:72:6f:ef:c8:ab:41:b8:6e:2e:17:
+                    2a:95:69:0c:cd:d2:1e:94:7b:2d:94:1d:aa:75:d7:
+                    b3:98:cb:ac:bc:64:53:40:bc:8f:ac:ac:36:cb:5c:
+                    ad:bb:dd:e0:94:17:ec:d1:5c:d0:bf:ef:a5:95:c9:
+                    90:c5:b0:ac:fb:1b:43:df:7a:08:5d:b7:b8:f2:40:
+                    1b:2b:27:9e:50:ce:5e:65:82:88:8c:5e:d3:4e:0c:
+                    7a:ea:08:91:b6:36:aa:2b:42:fb:ea:c2:a3:39:e5:
+                    db:26:38:ad:8b:0a:ee:19:63:c7:1c:24:df:03:78:
+                    da:e6:ea:c1:47:1a:0b:0b:46:09:dd:02:fc:de:cb:
+                    87:5f:d7:30:63:68:a1:ae:dc:32:a1:ba:be:fe:44:
+                    ab:68:b6:a5:17:15:fd:bd:d5:a7:a7:9a:e4:44:33:
+                    e9:88:8e:fc:ed:51:eb:93:71:4e:ad:01:e7:44:8e:
+                    ab:2d:cb:a8:fe:01:49:48:f0:c0:dd:c7:68:d8:92:
+                    fe:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                3C:D8:93:88:C2:C0:82:09:CC:01:99:06:93:20:E9:9E:70:09:63:4F
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.comodoca.com/SecureCertificateServices.crl
+                URI:http://crl.comodo.net/SecureCertificateServices.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+        87:01:6d:23:1d:7e:5b:17:7d:c1:61:32:cf:8f:e7:f3:8a:94:
+        59:66:e0:9e:28:a8:5e:d3:b7:f4:34:e6:aa:39:b2:97:16:c5:
+        82:6f:32:a4:e9:8c:e7:af:fd:ef:c2:e8:b9:4b:aa:a3:f4:e6:
+        da:8d:65:21:fb:ba:80:eb:26:28:85:1a:fe:39:8c:de:5b:04:
+        04:b4:54:f9:a3:67:9e:41:fa:09:52:cc:05:48:a8:c9:3f:21:
+        04:1e:ce:48:6b:fc:85:e8:c2:7b:af:7f:b7:cc:f8:5f:3a:fd:
+        35:c6:0d:ef:97:dc:4c:ab:11:e1:6b:cb:31:d1:6c:fb:48:80:
+        ab:dc:9c:37:b8:21:14:4b:0d:71:3d:ec:83:33:6e:d1:6e:32:
+        16:ec:98:c7:16:8b:59:a6:34:ab:05:57:2d:93:f7:aa:13:cb:
+        d2:13:e2:b7:2e:3b:cd:6b:50:17:09:68:3e:b5:26:57:ee:b6:
+        e0:b6:dd:b9:29:80:79:7d:8f:a3:f0:a4:28:a4:15:c4:85:f4:
+        27:d4:6b:bf:e5:5c:e4:65:02:76:54:b4:e3:37:66:24:d3:19:
+        61:c8:52:10:e5:8b:37:9a:b9:a9:f9:1d:bf:ea:99:92:61:96:
+        ff:01:cd:a1:5f:0d:bc:71:bc:0e:ac:0b:1d:47:45:1d:c1:ec:
+        7c:ec:fd:29
+MD5 Fingerprint=D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
+ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
+fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
+BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
+cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
+HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
+CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
+3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
+6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
+HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
+Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
+DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
+5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
+Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
+gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
+aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
+izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
+        Validity
+            Not Before: Jan  1 00:00:00 2004 GMT
+            Not After : Dec 31 23:59:59 2028 GMT
+        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:df:71:6f:36:58:53:5a:f2:36:54:57:80:c4:74:
+                    08:20:ed:18:7f:2a:1d:e6:35:9a:1e:25:ac:9c:e5:
+                    96:7e:72:52:a0:15:42:db:59:dd:64:7a:1a:d0:b8:
+                    7b:dd:39:15:bc:55:48:c4:ed:3a:00:ea:31:11:ba:
+                    f2:71:74:1a:67:b8:cf:33:cc:a8:31:af:a3:e3:d7:
+                    7f:bf:33:2d:4c:6a:3c:ec:8b:c3:92:d2:53:77:24:
+                    74:9c:07:6e:70:fc:bd:0b:5b:76:ba:5f:f2:ff:d7:
+                    37:4b:4a:60:78:f7:f0:fa:ca:70:b4:ea:59:aa:a3:
+                    ce:48:2f:a9:c3:b2:0b:7e:17:72:16:0c:a6:07:0c:
+                    1b:38:cf:c9:62:b7:3f:a0:93:a5:87:41:f2:b7:70:
+                    40:77:d8:be:14:7c:e3:a8:c0:7a:8e:e9:63:6a:d1:
+                    0f:9a:c6:d2:f4:8b:3a:14:04:56:d4:ed:b8:cc:6e:
+                    f5:fb:e2:2c:58:bd:7f:4f:6b:2b:f7:60:24:58:24:
+                    ce:26:ef:34:91:3a:d5:e3:81:d0:b2:f0:04:02:d7:
+                    5b:b7:3e:92:ac:6b:12:8a:f9:e4:05:b0:3b:91:49:
+                    5c:b2:eb:53:ea:f8:9f:47:86:ee:bf:95:c0:c0:06:
+                    9f:d2:5b:5e:11:1b:f4:c7:04:35:29:d2:55:5c:e4:
+                    ed:eb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                C5:7B:58:BD:ED:DA:25:69:D2:F7:59:16:A8:B3:32:C0:7B:27:5B:F4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.comodoca.com/TrustedCertificateServices.crl
+                URI:http://crl.comodo.net/TrustedCertificateServices.crl
+
+    Signature Algorithm: sha1WithRSAEncryption
+        c8:93:81:3b:89:b4:af:b8:84:12:4c:8d:d2:f0:db:70:ba:57:
+        86:15:34:10:b9:2f:7f:1e:b0:a8:89:60:a1:8a:c2:77:0c:50:
+        4a:9b:00:8b:d8:8b:f4:41:e2:d0:83:8a:4a:1c:14:06:b0:a3:
+        68:05:70:31:30:a7:53:9b:0e:e9:4a:a0:58:69:67:0e:ae:9d:
+        f6:a5:2c:41:bf:3c:06:6b:e4:59:cc:6d:10:f1:96:6f:1f:df:
+        f4:04:02:a4:9f:45:3e:c8:d8:fa:36:46:44:50:3f:82:97:91:
+        1f:28:db:18:11:8c:2a:e4:65:83:57:12:12:8c:17:3f:94:36:
+        fe:5d:b0:c0:04:77:13:b8:f4:15:d5:3f:38:cc:94:3a:55:d0:
+        ac:98:f5:ba:00:5f:e0:86:19:81:78:2f:28:c0:7e:d3:cc:42:
+        0a:f5:ae:50:a0:d1:3e:c6:a1:71:ec:3f:a0:20:8c:66:3a:89:
+        b4:8e:d4:d8:b1:4d:25:47:ee:2f:88:c8:b5:e1:05:45:c0:be:
+        14:71:de:7a:fd:8e:7b:7d:4d:08:96:a5:12:73:f0:2d:ca:37:
+        27:74:12:27:4c:cb:b6:97:e9:d9:ae:08:6d:5a:39:40:dd:05:
+        47:75:6a:5a:21:b3:a3:18:cf:4e:f7:2e:57:b7:98:70:5e:c8:
+        c4:78:b0:62
+MD5 Fingerprint=91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
+aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
+MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
+VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
+fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
+TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
+fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
+1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
+kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
+dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
+Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
+HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
+pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
+jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
+dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Chained CAs Certification Authority, CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 00:53:58 2001 GMT
+            Not After : Dec 27 00:53:58 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Chained CAs Certification Authority, CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dc:56:92:49:b2:94:20:bc:98:4f:50:eb:68:a4:
+                    a7:49:0b:bf:d2:31:e8:c7:4f:c2:86:0b:fa:68:fd:
+                    43:5a:8a:f3:60:92:35:99:38:bb:4d:03:52:21:5b:
+                    f0:37:99:35:e1:41:20:81:85:81:05:71:81:9d:b4:
+                    95:19:a9:5f:76:34:2e:63:37:35:57:8e:b4:1f:42:
+                    3f:15:5c:e1:7a:c1:5f:13:18:32:31:c9:ad:be:a3:
+                    c7:83:66:1e:b9:9c:04:13:cb:69:c1:06:de:30:06:
+                    bb:33:a3:b5:1f:f0:8f:6f:ce:ff:96:e8:54:be:66:
+                    80:ae:6b:db:41:84:36:a2:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A1:AD:31:B1:F9:3E:E1:17:A6:C8:AB:34:FC:52:87:09:1E:62:52:41
+            X509v3 Authority Key Identifier: 
+                keyid:A1:AD:31:B1:F9:3E:E1:17:A6:C8:AB:34:FC:52:87:09:1E:62:52:41
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA Chained CAs Certification Authority/CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                Chained CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002CAC.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationCAC.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalCAC.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyCAC.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002CAC.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002CAC.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        44:72:30:9d:56:58:a2:41:1b:28:b7:95:e1:a6:1a:95:5f:a7:
+        78:40:2b:ef:db:96:4a:fc:4c:71:63:d9:73:95:bd:02:e2:a2:
+        06:c7:be:97:2a:93:80:34:86:03:fa:dc:d8:3d:1e:07:cd:1e:
+        73:43:24:60:f5:1d:61:dc:dc:96:a0:bc:fb:1d:e3:e7:12:00:
+        27:33:02:c0:c0:2b:53:3d:d8:6b:03:81:a3:db:d6:93:95:20:
+        ef:d3:96:7e:26:90:89:9c:26:9b:cd:6f:66:ab:ed:03:22:44:
+        38:cc:59:bd:9f:db:f6:07:a2:01:7f:26:c4:63:f5:25:42:5e:
+        62:bd
+MD5 Fingerprint=8D:72:51:DB:A0:3A:CF:20:77:DF:F2:65:06:5E:DF:EF
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEzMDEGA1UECxMq
+SVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTMwMQYD
+VQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+HjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczAeFw0wMTEyMjkwMDUzNTha
+Fw0yNTEyMjcwMDUzNThaMIIBHDELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
+bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQg
+cHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMu
+ZXMgQy5JLkYuICBCLTYwOTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBD
+QXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFp
+bmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYP
+aXBzQG1haWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJ
+spQgvJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
+hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQTy2nB
+Bt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8wHQYDVR0O
+BBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCCAUGAFKGtMbH5
+PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQGEwJFUzESMBAGA1UE
+CBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJ
+bnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0Bt
+YWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxMzAxBgNVBAsTKklQUyBDQSBD
+aGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAxMqSVBT
+IENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
+BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
+CCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYB
+BAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
+EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBC
+BglghkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
+aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlw
+cy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5pcHMuZXMv
+aXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3
+dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/MDkGCWCGSAGG+EIB
+BwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3JlbmV3YWxDQUMuaHRtbD8w
+NwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5
+Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYoaHR0cDovL3d3dy5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCgLoYsaHR0cDovL3d3d2JhY2suaXBzLmVz
+L2lwczIwMDIvaXBzMjAwMkNBQy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1W
+WKJBGyi3leGmGpVfp3hAK+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfN
+HnNDJGD1HWHc3JagvPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvN
+b2ar7QMiRDjMWb2f2/YHogF/JsRj9SVCXmK9
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE1 Certification Authority, CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 00:59:38 2001 GMT
+            Not After : Dec 27 00:59:38 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE1 Certification Authority, CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e0:51:27:a7:0b:dd:af:d1:b9:43:5b:82:37:45:
+                    56:72:ef:9a:b6:c2:12:ef:2c:12:cc:76:f9:06:59:
+                    af:5d:21:d4:d2:5a:b8:a0:d4:f3:6a:fd:ca:69:8d:
+                    66:48:f7:74:e6:ee:36:bd:e8:96:91:75:a6:71:28:
+                    ca:e7:22:12:32:69:b0:3e:1e:6b:f4:50:52:62:62:
+                    fd:63:3b:7d:7e:ec:ee:38:ea:62:f4:6c:a8:71:8d:
+                    e1:e9:8b:c9:3f:c6:b5:cd:94:42:6f:dd:82:45:3c:
+                    e8:df:09:e8:ef:0a:55:a9:56:47:61:4c:49:64:73:
+                    10:28:3f:ca:bf:09:ff:c6:2f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:B3:19:79:F3:C1:A5:1C:AC:DC:BA:1F:66:A2:B2:9B:69:D0:78:08
+            X509v3 Authority Key Identifier: 
+                keyid:EB:B3:19:79:F3:C1:A5:1C:AC:DC:BA:1F:66:A2:B2:9B:69:D0:78:08
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASE1 Certification Authority/CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                CLASE1 CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002CLASE1.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationCLASE1.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalCLASE1.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyCLASE1.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002CLASE1.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002CLASE1.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        2b:d0:eb:fd:da:c8:ca:59:6a:da:d3:cc:32:2e:c9:54:1b:8a:
+        62:7e:15:2d:e9:d9:31:d3:2e:f4:27:23:ff:5b:ab:c5:4a:b6:
+        72:40:ae:53:74:f4:bc:05:b4:c6:d9:c8:c9:77:fb:b7:f9:34:
+        7f:78:00:f8:d6:a4:e4:52:3f:2c:4a:63:57:81:75:5a:8e:e8:
+        8c:fb:02:c0:94:c6:29:ba:b3:dc:1c:e8:b2:af:d2:2e:62:5b:
+        1a:a9:8e:0e:cc:c5:57:45:51:14:e9:4e:1c:88:a5:91:f4:a3:
+        f7:8e:51:c8:a9:be:86:33:3e:e6:2f:48:6e:af:54:90:4e:ad:
+        b1:25
+MD5 Fingerprint=84:90:1D:95:30:49:56:FC:41:81:F0:45:D7:76:C4:6B
+-----BEGIN CERTIFICATE-----
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAwNTkzOFoXDTI1MTIyNzAw
+NTkzOFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywS
+zHb5BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
+YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJZHMQ
+KD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzcuh9morKb
+adB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKbadB4CKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTEuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UxLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuK
+Yn4VLenZMdMu9Ccj/1urxUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpj
+V4F1Wo7ojPsCwJTGKbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+
+hjM+5i9Ibq9UkE6tsSU=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE3 Certification Authority, CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 01:01:44 2001 GMT
+            Not After : Dec 27 01:01:44 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE3 Certification Authority, CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ab:17:fe:0e:b0:c6:68:1b:53:f0:52:be:9f:fa:
+                    da:fa:8b:13:04:bb:01:8f:32:d9:1f:8f:4d:ce:36:
+                    98:da:e4:00:44:8c:28:d8:13:44:2a:a4:6b:4e:17:
+                    24:42:9c:d3:88:a4:41:82:d6:23:fb:8b:c9:86:e5:
+                    b9:a9:82:05:dc:f1:de:1f:e0:0c:99:55:98:f2:38:
+                    ec:6c:9d:20:03:c0:ef:aa:a3:c6:64:04:51:2d:78:
+                    0d:a3:d2:a8:3a:d6:24:4c:e9:96:7a:18:ac:13:23:
+                    22:1b:7c:e8:31:11:b3:5f:09:aa:30:70:71:46:25:
+                    6b:49:71:80:2b:95:01:b2:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B8:93:FF:2E:CB:DC:2C:8E:A2:E7:7A:FE:36:51:21:A3:98:5B:0C:34
+            X509v3 Authority Key Identifier: 
+                keyid:B8:93:FF:2E:CB:DC:2C:8E:A2:E7:7A:FE:36:51:21:A3:98:5B:0C:34
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASE3 Certification Authority/CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                CLASE3 CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002CLASE3.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationCLASE3.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalCLASE3.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyCLASE3.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002CLASE3.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002CLASE3.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        17:65:5c:99:95:43:03:27:af:26:e5:eb:d0:b3:17:23:f7:43:
+        aa:c7:f0:7d:ec:0f:c6:a9:ae:ae:96:0f:76:29:1c:e2:06:2d:
+        7e:26:c5:3c:fa:a1:c1:81:ce:53:b0:42:d1:97:57:1a:17:7e:
+        a4:51:61:c6:ee:e9:5e:ef:05:ba:eb:bd:0f:a7:92:6f:d8:a3:
+        06:68:29:8e:79:f5:ff:bf:f9:a7:af:e4:b1:ce:c2:d1:80:42:
+        27:05:04:34:f8:c3:7f:16:78:23:0c:07:24:f2:46:47:ad:3b:
+        54:d0:af:d5:31:b2:af:7d:c8:ea:e9:d4:56:d9:0e:13:b2:c5:
+        45:50
+MD5 Fingerprint=42:76:97:68:CF:A6:B4:38:24:AA:A1:1B:F2:67:DE:CA
+-----BEGIN CERTIFICATE-----
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMDE0NFoXDTI1MTIyNzAx
+MDE0NFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZ
+H49NzjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
+8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBxRiVr
+SXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLnev42USGj
+mFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGjmFsMNKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTMuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UzLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dD
+qsfwfewPxqmurpYPdikc4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9
+D6eSb9ijBmgpjnn1/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGy
+r33I6unUVtkOE7LFRVA=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA1 Certification Authority, CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 01:05:32 2001 GMT
+            Not After : Dec 27 01:05:32 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA1 Certification Authority, CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bb:30:d7:dc:d0:54:bd:35:4e:9f:c5:4c:82:ea:
+                    d1:50:3c:47:98:fc:9b:69:9d:77:cd:6e:e0:3f:ee:
+                    eb:32:5f:5f:9f:d2:d0:79:e5:95:73:44:21:32:e0:
+                    0a:db:9d:d7:ce:8d:ab:52:8b:2b:78:e0:9b:5b:7d:
+                    f4:fd:6d:09:e5:ae:e1:6c:1d:07:23:a0:17:d1:f9:
+                    7d:a8:46:46:91:22:a8:b2:69:c6:ad:f7:f5:f5:94:
+                    a1:30:94:bd:00:cc:44:7f:ee:c4:9e:c9:c1:e6:8f:
+                    0a:36:c1:fd:24:3d:01:a0:f5:7b:e2:7c:78:66:43:
+                    8b:4f:59:f2:9b:d9:fa:49:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                67:26:96:E7:A1:BF:D8:B5:03:9D:FE:3B:DC:FE:F2:8A:E6:15:DD:30
+            X509v3 Authority Key Identifier: 
+                keyid:67:26:96:E7:A1:BF:D8:B5:03:9D:FE:3B:DC:FE:F2:8A:E6:15:DD:30
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASEA1 Certification Authority/CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                CLASEA1 CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002CLASEA1.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationCLASEA1.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalCLASEA1.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyCLASEA1.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002CLASEA1.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002CLASEA1.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        7e:ba:8a:ac:80:00:84:15:0a:d5:98:51:0c:64:c5:9c:02:58:
+        83:66:ca:ad:1e:07:cd:7e:6a:da:80:07:df:03:34:4a:1c:93:
+        c4:4b:58:20:35:36:71:ed:a2:0a:35:12:a5:a6:65:a7:85:69:
+        0a:0e:e3:61:ee:ea:be:28:93:33:d5:ec:e8:be:c4:db:5f:7f:
+        a8:f9:63:31:c8:6b:96:e2:29:c2:5b:a0:e7:97:36:9d:77:5e:
+        31:6b:fe:d3:a7:db:2a:db:db:96:8b:1f:66:de:b6:03:c0:2b:
+        b3:78:d6:55:07:e5:8f:39:50:de:07:23:72:e6:bd:20:14:4b:
+        b4:86
+MD5 Fingerprint=0C:F8:9E:17:FC:D4:03:BD:E6:8D:9B:3C:05:87:FE:84
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNTMyWhcNMjUxMjI3
+MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8
+m2mdd81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
+ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1e+J8
+eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/2LUDnf47
+3P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf473P7yiuYV3TCh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMS5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTEuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyA
+AIQVCtWYUQxkxZwCWINmyq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeF
+aQoO42Hu6r4okzPV7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aL
+H2betgPAK7N41lUH5Y85UN4HI3LmvSAUS7SG
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA3 Certification Authority, CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 01:07:50 2001 GMT
+            Not After : Dec 27 01:07:50 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA3 Certification Authority, CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ee:80:00:f6:1a:64:2e:ad:6a:c8:83:b1:8b:a7:
+                    ee:8f:d9:b6:db:cd:1b:bb:86:06:22:76:33:0c:12:
+                    6d:48:56:61:d2:dc:82:25:62:2f:9f:d2:69:30:65:
+                    03:42:23:58:bc:47:dc:6b:d6:75:5d:17:3c:e1:ff:
+                    f2:58:67:79:a0:c1:81:b1:d4:56:a2:f2:8d:11:99:
+                    fd:f6:7d:f1:c7:c4:5e:02:2a:9a:e2:4a:b5:13:8a:
+                    00:fd:8c:77:86:e6:d7:94:f5:20:75:2e:0e:4c:bf:
+                    74:c4:3f:81:3e:83:b4:a3:38:36:29:e7:e8:2a:f5:
+                    8c:88:41:aa:80:a6:e3:6c:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                1E:9F:57:50:47:B6:61:93:39:D3:2C:FC:DA:5D:3D:05:75:B7:99:02
+            X509v3 Authority Key Identifier: 
+                keyid:1E:9F:57:50:47:B6:61:93:39:D3:2C:FC:DA:5D:3D:05:75:B7:99:02
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASEA3 Certification Authority/CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                CLASEA3 CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002CLASEA3.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationCLASEA3.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalCLASEA3.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyCLASEA3.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002CLASEA3.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002CLASEA3.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        4a:3d:20:47:1a:da:89:f4:7a:2b:31:79:ec:01:c0:cc:01:f5:
+        d6:c1:fc:c8:c3:f3:50:02:51:90:58:2a:9f:e7:35:09:5b:30:
+        0a:81:00:25:47:af:d4:0f:0e:9e:60:26:a8:95:a7:83:08:df:
+        2d:ac:e9:0e:f7:9c:c8:9f:cb:93:45:f1:ba:6a:c6:67:51:4a:
+        69:4f:6b:fe:7d:0b:2f:52:29:c2:50:ad:24:44:ed:23:b3:48:
+        cb:44:40:c1:03:95:0c:0a:78:06:12:01:f5:91:31:2d:49:8d:
+        bb:3f:45:4e:2c:e0:e8:cd:b5:c9:14:15:0c:e3:07:83:9b:26:
+        75:ef
+MD5 Fingerprint=06:F9:EB:EC:CC:56:9D:88:BA:90:F5:BA:B0:1A:E0:02
+-----BEGIN CERTIFICATE-----
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNzUwWhcNMjUxMjI3
+MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvN
+G7uGBiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
+VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4Ninn
+6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2YZM50yz8
+2l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz82l09BXW3mQKh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMy5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTMuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca
+2on0eisxeewBwMwB9dbB/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI
+3y2s6Q73nMify5NF8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYS
+AfWRMS1Jjbs/RU4s4OjNtckUFQzjB4ObJnXv
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ES, ST=BARCELONA, L=BARCELONA, O=IPS Seguridad CA, OU=Certificaciones, CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Jan  1 23:21:07 1998 GMT
+            Not After : Dec 29 23:21:07 2009 GMT
+        Subject: C=ES, ST=BARCELONA, L=BARCELONA, O=IPS Seguridad CA, OU=Certificaciones, CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:4f:52:74:9f:39:ea:8e:dc:25:c4:bc:98:5d:
+                    98:64:24:09:3c:21:b3:cc:19:b5:8e:94:8e:87:d1:
+                    f8:37:3e:a1:c8:2d:58:a4:80:35:5b:a1:75:6c:1d:
+                    45:0c:1f:61:63:6a:5e:6f:9b:0a:4c:c1:c8:b8:61:
+                    23:35:81:ff:fe:ac:78:70:2d:68:e1:3a:07:98:95:
+                    02:54:dd:cd:23:b7:80:53:d7:c8:37:45:72:06:24:
+                    12:ba:13:61:21:8a:6e:75:28:e0:c5:0f:34:fd:36:
+                    d8:45:7f:e1:b8:36:ef:b3:e1:c6:20:8e:e8:b4:38:
+                    bc:e1:3e:f6:11:de:8c:9d:01
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        2c:f3:c3:79:58:24:de:c6:3b:d1:e0:42:69:b8:ee:64:b3:3d:
+        62:01:b9:b3:84:df:23:7d:dd:98:cf:10:a9:fe:00:d8:22:96:
+        05:13:07:54:57:c5:a7:de:cb:d9:b8:88:42:f6:99:db:14:77:
+        1f:b6:fe:25:3d:e1:a2:3e:03:a9:81:d2:2d:6c:47:f5:96:46:
+        8c:22:ab:c8:cc:0d:0e:97:5e:8b:41:b4:3b:c4:0a:06:40:1d:
+        dd:46:f4:01:dd:ba:82:2e:3c:3d:78:70:9e:7c:18:d0:ab:f8:
+        b8:77:07:46:71:f1:ca:0b:63:5c:6a:f9:72:94:d5:01:4f:a0:
+        db:42
+MD5 Fingerprint=7B:B5:08:99:9A:8C:18:BF:85:27:7D:0E:AE:DA:B2:AB
+-----BEGIN CERTIFICATE-----
+MIICtzCCAiACAQAwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVTMRIwEAYD
+VQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UEChMQSVBT
+IFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcwFQYDVQQD
+Ew5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVz
+MB4XDTk4MDEwMTIzMjEwN1oXDTA5MTIyOTIzMjEwN1owgaMxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UE
+ChMQSVBTIFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcw
+FQYDVQQDEw5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
+aXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsT1J0nznqjtwlxLyY
+XZhkJAk8IbPMGbWOlI6H0fg3PqHILVikgDVboXVsHUUMH2Fjal5vmwpMwci4YSM1
+gf/+rHhwLWjhOgeYlQJU3c0jt4BT18g3RXIGJBK6E2Ehim51KODFDzT9NthFf+G4
+Nu+z4cYgjui0OLzhPvYR3oydAQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACzzw3lY
+JN7GO9HgQmm47mSzPWIBubOE3yN93ZjPEKn+ANgilgUTB1RXxafey9m4iEL2mdsU
+dx+2/iU94aI+A6mB0i1sR/WWRowiq8jMDQ6XXotBtDvECgZAHd1G9AHduoIuPD14
+cJ58GNCr+Lh3B0Zx8coLY1xq+XKU1QFPoNtC
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Timestamping Certification Authority, CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
+        Validity
+            Not Before: Dec 29 01:10:18 2001 GMT
+            Not After : Dec 27 01:10:18 2025 GMT
+        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Timestamping Certification Authority, CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bc:b8:ee:56:a5:9a:8c:e6:36:c9:c2:62:a0:66:
+                    81:8d:1a:d5:7a:d2:73:9f:0e:84:64:ba:95:b4:90:
+                    a7:78:af:ca:fe:54:61:5b:ce:b2:20:57:01:ae:44:
+                    92:43:10:38:11:f7:68:fc:17:40:a5:68:27:32:3b:
+                    c4:a7:e6:42:71:c5:99:ef:76:ff:2b:95:24:f5:49:
+                    92:18:68:ca:00:b5:a4:5a:2f:6e:cb:d6:1b:2c:0d:
+                    54:67:6b:7a:29:a1:58:ab:a2:5a:00:d6:5b:bb:18:
+                    c2:df:f6:1e:13:56:76:9b:a5:68:e2:98:ce:c6:03:
+                    8a:34:db:4c:83:41:a6:a9:a3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                8B:D0:10:50:09:81:F2:9D:09:D5:0E:60:78:03:22:A2:3F:C8:CA:66
+            X509v3 Authority Key Identifier: 
+                keyid:8B:D0:10:50:09:81:F2:9D:09:D5:0E:60:78:03:22:A2:3F:C8:CA:66
+                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA Timestamping Certification Authority/CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:ips@mail.ips.es
+            X509v3 Issuer Alternative Name: 
+                email:ips@mail.ips.es
+            Netscape Comment: 
+                Timestamping CA Certificate issued by http://www.ips.es/
+            Netscape Base Url: 
+                http://www.ips.es/ips2002/
+            Netscape CA Revocation Url: 
+                http://www.ips.es/ips2002/ips2002Timestamping.crl
+            Netscape Revocation Url: 
+                http://www.ips.es/ips2002/revocationTimestamping.html?
+            Netscape Renewal Url: 
+                http://www.ips.es/ips2002/renewalTimestamping.html?
+            Netscape CA Policy Url: 
+                http://www.ips.es/ips2002/policyTimestamping.html
+            X509v3 CRL Distribution Points: 
+                URI:http://www.ips.es/ips2002/ips2002Timestamping.crl
+                URI:http://wwwback.ips.es/ips2002/ips2002Timestamping.crl
+
+            Authority Information Access: 
+                OCSP - URI:http://ocsp.ips.es/
+
+    Signature Algorithm: sha1WithRSAEncryption
+        65:ba:c1:cc:00:1a:95:91:ca:e9:6c:3a:bf:3a:1e:14:08:7c:
+        fb:83:ee:6b:62:51:d3:33:91:b5:60:79:7e:04:d8:5d:79:37:
+        e8:c3:5b:b0:c4:67:2d:68:5a:b2:5f:0e:0a:fa:cd:3f:3a:45:
+        a1:ea:36:cf:26:1e:a7:11:28:c5:94:8f:84:4c:53:08:c5:93:
+        b3:fc:e2:7f:f5:8d:f3:b1:a9:85:5f:88:de:91:96:ee:17:5b:
+        ae:a5:ea:70:65:78:2c:21:64:01:95:ce:ce:4c:3e:50:f4:b6:
+        59:cb:63:8d:b6:bd:18:d4:87:4a:5f:dc:ef:e9:56:f0:0a:0c:
+        e8:75
+MD5 Fingerprint=2E:03:FD:C5:F5:D7:2B:94:64:C1:BE:89:31:F1:16:9B
+-----BEGIN CERTIFICATE-----
+MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjE0MDIGA1UECxMr
+SVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE0MDIG
+A1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMTAx
+OFoXDTI1MTIyNzAxMTAxOFowggEeMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFy
+Y2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5l
+dCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlw
+cy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3Rh
+bXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBU
+aW1lc3RhbXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0B
+CQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vLjuVqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
+Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6KaFY
+q6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAwggR8MB0G
+A1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSCAUcwggFDgBSL
+0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkGA1UEBhMCRVMxEjAQ
+BgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJ
+UFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJp
+cHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMTQwMgYDVQQLEytJUFMg
+Q0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTQwMgYDVQQD
+EytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4w
+HAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
+BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
+FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYD
+VR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlw
+cy5lczBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
+IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwWGmh0
+dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFodHRwOi8v
+d3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMEUGCWCG
+SAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25U
+aW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUWM2h0dHA6Ly93d3cuaXBz
+LmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGluZy5odG1sPzBABglghkgBhvhC
+AQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lUaW1lc3RhbXBp
+bmcuaHRtbDB/BgNVHR8EeDB2MDegNaAzhjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMy
+MDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFj
+ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEF
+BQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
+hvcNAQEFBQADgYEAZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk3
+6MNbsMRnLWhasl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I
+3pGW7hdbrqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 985026699 (0x3ab6508b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
+        Validity
+            Not Before: Mar 19 18:33:33 2001 GMT
+            Not After : Mar 17 18:33:33 2021 GMT
+        Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:61:b5:95:53:ba:57:fc:fa:f2:67:0b:3a:1a:
+                    df:11:80:64:95:b4:d1:bc:cd:7a:cf:f6:29:96:2e:
+                    24:54:40:24:38:f7:1a:85:dc:58:4c:cb:a4:27:42:
+                    97:d0:9f:83:8a:c3:e4:06:03:5b:00:a5:51:1e:70:
+                    04:74:e2:c1:d4:3a:ab:d7:ad:3b:07:18:05:8e:fd:
+                    83:ac:ea:66:d9:18:1b:68:8a:f5:57:1a:98:ba:f5:
+                    ed:76:3d:7c:d9:de:94:6a:3b:4b:17:c1:d5:8f:bd:
+                    65:38:3a:95:d0:3d:55:36:4e:df:79:57:31:2a:1e:
+                    d8:59:65:49:58:20:98:7e:ab:5f:7e:9f:e9:d6:4d:
+                    ec:83:74:a9:c7:6c:d8:ee:29:4a:85:2a:06:14:f9:
+                    54:e6:d3:da:65:07:8b:63:37:12:d7:d0:ec:c3:7b:
+                    20:41:44:a3:ed:cb:a0:17:e1:71:65:ce:1d:66:31:
+                    f7:76:01:19:c8:7d:03:58:b6:95:49:1d:a6:12:26:
+                    e8:c6:0c:76:e0:e3:66:cb:ea:5d:a6:26:ee:e5:cc:
+                    5f:bd:67:a7:01:27:0e:a2:ca:54:c5:b1:7a:95:1d:
+                    71:1e:4a:29:8a:03:dc:6a:45:c1:a4:19:5e:6f:36:
+                    cd:c3:a2:b0:b7:fe:5c:38:e2:52:bc:f8:44:43:e6:
+                    90:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Authority Information Access: 
+                OCSP - URI:https://ocsp.quovadisoffshore.com
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.8024.0.1
+                  User Notice:
+                    Explicit Text: Reliance on the QuoVadis Root Certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certification practices, and the QuoVadis Certificate Policy.
+                  CPS: http://www.quovadis.bm
+
+            X509v3 Subject Key Identifier: 
+                8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF
+            X509v3 Authority Key Identifier: 
+                keyid:8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF
+                DirName:/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
+                serial:3A:B6:50:8B
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        8a:d4:14:b5:fe:f4:9a:92:a7:19:d4:a4:7e:72:18:8f:d9:68:
+        7c:52:24:dd:67:6f:39:7a:c4:aa:5e:3d:e2:58:b0:4d:70:98:
+        84:61:e8:1b:e3:69:18:0e:ce:fb:47:50:a0:4e:ff:f0:24:1f:
+        bd:b2:ce:f5:27:fc:ec:2f:53:aa:73:7b:03:3d:74:6e:e6:16:
+        9e:eb:a5:2e:c4:bf:56:27:50:2b:62:ba:be:4b:1c:3c:55:5c:
+        41:1d:24:be:82:20:47:5d:d5:44:7e:7a:16:68:df:7d:4d:51:
+        70:78:57:1d:33:1e:fd:02:99:9c:0c:cd:0a:05:4f:c7:bb:8e:
+        a4:75:fa:4a:6d:b1:80:8e:09:56:b9:9c:1a:60:fe:5d:c1:d7:
+        7a:dc:11:78:d0:d6:5d:c1:b7:d5:ad:32:99:03:3a:8a:cc:54:
+        25:39:31:81:7b:13:22:51:ba:46:6c:a1:bb:9e:fa:04:6c:49:
+        26:74:8f:d2:73:eb:cc:30:a2:e6:ea:59:22:87:f8:97:f5:0e:
+        fd:ea:cc:92:a4:16:c4:52:18:ea:21:ce:b1:f1:e6:84:81:e5:
+        ba:a9:86:28:f2:43:5a:5d:12:9d:ac:1e:d9:a8:e5:0a:6a:a7:
+        7f:a0:87:29:cf:f2:89:4d:d4:ec:c5:e2:e6:7a:d0:36:23:8a:
+        4a:74:36:f9
+MD5 Fingerprint=27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
+        Validity
+            Not Before: Sep 30 04:20:49 2003 GMT
+            Not After : Sep 30 04:20:49 2023 GMT
+        Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b3:b3:fe:7f:d3:6d:b1:ef:16:7c:57:a5:0c:6d:
+                    76:8a:2f:4b:bf:64:fb:4c:ee:8a:f0:f3:29:7c:f5:
+                    ff:ee:2a:e0:e9:e9:ba:5b:64:22:9a:9a:6f:2c:3a:
+                    26:69:51:05:99:26:dc:d5:1c:6a:71:c6:9a:7d:1e:
+                    9d:dd:7c:6c:c6:8c:67:67:4a:3e:f8:71:b0:19:27:
+                    a9:09:0c:a6:95:bf:4b:8c:0c:fa:55:98:3b:d8:e8:
+                    22:a1:4b:71:38:79:ac:97:92:69:b3:89:7e:ea:21:
+                    68:06:98:14:96:87:d2:61:36:bc:6d:27:56:9e:57:
+                    ee:c0:c0:56:fd:32:cf:a4:d9:8e:c2:23:d7:8d:a8:
+                    f3:d8:25:ac:97:e4:70:38:f4:b6:3a:b4:9d:3b:97:
+                    26:43:a3:a1:bc:49:59:72:4c:23:30:87:01:58:f6:
+                    4e:be:1c:68:56:66:af:cd:41:5d:c8:b3:4d:2a:55:
+                    46:ab:1f:da:1e:e2:40:3d:db:cd:7d:b9:92:80:9c:
+                    37:dd:0c:96:64:9d:dc:22:f7:64:8b:df:61:de:15:
+                    94:52:15:a0:7d:52:c9:4b:a8:21:c9:c6:b1:ed:cb:
+                    c3:95:60:d1:0f:f0:ab:70:f8:df:cb:4d:7e:ec:d6:
+                    fa:ab:d9:bd:7f:54:f2:a5:e9:79:fa:d9:d6:76:24:
+                    28:73
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        68:40:a9:a8:bb:e4:4f:5d:79:b3:05:b5:17:b3:60:13:eb:c6:
+        92:5d:e0:d1:d3:6a:fe:fb:be:9b:6d:bf:c7:05:6d:59:20:c4:
+        1c:f0:b7:da:84:58:02:63:fa:48:16:ef:4f:a5:0b:f7:4a:98:
+        f2:3f:9e:1b:ad:47:6b:63:ce:08:47:eb:52:3f:78:9c:af:4d:
+        ae:f8:d5:4f:cf:9a:98:2a:10:41:39:52:c4:dd:d9:9b:0e:ef:
+        93:01:ae:b2:2e:ca:68:42:24:42:6c:b0:b3:3a:3e:cd:e9:da:
+        48:c4:15:cb:e9:f9:07:0f:92:50:49:8a:dd:31:97:5f:c9:e9:
+        37:aa:3b:59:65:97:94:32:c9:b3:9f:3e:3a:62:58:c5:49:ad:
+        62:0e:71:a5:32:aa:2f:c6:89:76:43:40:13:13:67:3d:a2:54:
+        25:10:cb:f1:3a:f2:d9:fa:db:49:56:bb:a6:fe:a7:41:35:c3:
+        e0:88:61:c9:88:c7:df:36:10:22:98:59:ea:b0:4a:fb:56:16:
+        73:6e:ac:4d:f7:22:a1:4f:ad:1d:7a:2d:45:27:e5:30:c1:5e:
+        f2:da:13:cb:25:42:51:95:47:03:8c:6c:21:cc:74:42:ed:53:
+        ff:33:8b:8f:0f:57:01:16:2f:cf:a6:ee:c9:70:22:14:bd:fd:
+        be:6c:0b:03
+MD5 Fingerprint=F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 36 (0x24)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, O=Sonera, CN=Sonera Class1 CA
+        Validity
+            Not Before: Apr  6 10:49:13 2001 GMT
+            Not After : Apr  6 10:49:13 2021 GMT
+        Subject: C=FI, O=Sonera, CN=Sonera Class1 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b5:89:1f:2b:4f:67:0a:79:ff:c5:1e:f8:7f:3c:
+                    ed:d1:7e:da:b0:cd:6d:2f:36:ac:34:c6:db:d9:64:
+                    17:08:63:30:33:22:8a:4c:ee:8e:bb:0f:0d:42:55:
+                    c9:9d:2e:a5:ef:f7:a7:8c:c3:ab:b9:97:cb:8e:ef:
+                    3f:15:67:a8:82:72:63:53:0f:41:8c:7d:10:95:24:
+                    a1:5a:a5:06:fa:92:57:9d:fa:a5:01:f2:75:e9:1f:
+                    bc:56:26:52:4e:78:19:65:58:55:03:58:c0:14:ae:
+                    8c:7c:55:5f:70:5b:77:23:06:36:97:f3:24:b5:9a:
+                    46:95:e4:df:0d:0b:05:45:e5:d1:f2:1d:82:bb:c6:
+                    13:e0:fe:aa:7a:fd:69:30:94:f3:d2:45:85:fc:f2:
+                    32:5b:32:de:e8:6c:5d:1f:cb:a4:22:74:b0:80:8e:
+                    5d:94:f7:06:00:4b:a9:d4:5e:2e:35:50:09:f3:80:
+                    97:f4:0c:17:ae:39:d8:5f:cd:33:c1:1c:ca:89:c2:
+                    22:f7:45:12:ed:5e:12:93:9d:63:ab:82:2e:b9:eb:
+                    42:41:44:cb:4a:1a:00:82:0d:9e:f9:8b:57:3e:4c:
+                    c7:17:ed:2c:8b:72:33:5f:72:7a:38:56:d5:e6:d9:
+                    ae:05:1a:1d:75:45:b1:cb:a5:25:1c:12:57:36:fd:
+                    22:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                47:E2:0C:8B:F6:53:88:52
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        8b:1a:b2:c9:5d:61:b4:e1:b9:2b:b9:53:d1:b2:85:9d:77:8e:
+        16:ee:11:3d:db:c2:63:d9:5b:97:65:fb:12:67:d8:2a:5c:b6:
+        ab:e5:5e:c3:b7:16:2f:c8:e8:ab:1d:8a:fd:ab:1a:7c:d5:5f:
+        63:cf:dc:b0:dd:77:b9:a8:e6:d2:22:38:87:07:14:d9:ff:be:
+        56:b5:fd:07:0e:3c:55:ca:16:cc:a7:a6:77:37:fb:db:5c:1f:
+        4e:59:06:87:a3:03:43:f5:16:ab:b7:84:bd:4e:ef:9f:31:37:
+        f0:46:f1:40:b6:d1:0c:a5:64:f8:63:5e:21:db:55:4e:4f:31:
+        76:9c:10:61:8e:b6:53:3a:a3:11:be:af:6d:7c:1e:bd:ae:2d:
+        e2:0c:69:c7:85:53:68:a2:61:ba:c5:3e:b4:79:54:78:9e:0a:
+        c7:02:be:62:d1:11:82:4b:65:2f:91:5a:c2:a8:87:b1:56:68:
+        94:79:f9:25:f7:c1:d5:ae:1a:b8:bb:3d:8f:a9:8a:38:15:f7:
+        73:d0:5a:60:d1:80:b0:f0:dc:d5:50:cd:4e:ee:92:48:69:ed:
+        b2:23:1e:30:cc:c8:94:c8:b6:f5:3b:86:7f:3f:a6:2e:9f:f6:
+        3e:2c:b5:92:96:3e:df:2c:93:8a:ff:81:8c:0f:0f:59:21:19:
+        57:bd:55:9a
+MD5 Fingerprint=33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx
+MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG
+29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk
+oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk
+3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL
+qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN
+nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX
+ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H
+DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO
+TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
+kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w
+zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 29 (0x1d)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA
+        Validity
+            Not Before: Apr  6 07:29:40 2001 GMT
+            Not After : Apr  6 07:29:40 2021 GMT
+        Subject: C=FI, O=Sonera, CN=Sonera Class2 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:90:17:4a:35:9d:ca:f0:0d:96:c7:44:fa:16:37:
+                    fc:48:bd:bd:7f:80:2d:35:3b:e1:6f:a8:67:a9:bf:
+                    03:1c:4d:8c:6f:32:47:d5:41:68:a4:13:04:c1:35:
+                    0c:9a:84:43:fc:5c:1d:ff:89:b3:e8:17:18:cd:91:
+                    5f:fb:89:e3:ea:bf:4e:5d:7c:1b:26:d3:75:79:ed:
+                    e6:84:e3:57:e5:ad:29:c4:f4:3a:28:e7:a5:7b:84:
+                    36:69:b3:fd:5e:76:bd:a3:2d:99:d3:90:4e:23:28:
+                    7d:18:63:f1:54:3b:26:9d:76:5b:97:42:b2:ff:ae:
+                    f0:4e:ec:dd:39:95:4e:83:06:7f:e7:49:40:c8:c5:
+                    01:b2:54:5a:66:1d:3d:fc:f9:e9:3c:0a:9e:81:b8:
+                    70:f0:01:8b:e4:23:54:7c:c8:ae:f8:90:1e:00:96:
+                    72:d4:54:cf:61:23:bc:ea:fb:9d:02:95:d1:b6:b9:
+                    71:3a:69:08:3f:0f:b4:e1:42:c7:88:f5:3f:98:a8:
+                    a7:ba:1c:e0:71:71:ef:58:57:81:50:7a:5c:6b:74:
+                    46:0e:83:03:98:c3:8e:a8:6e:f2:76:32:6e:27:83:
+                    c2:73:f3:dc:18:e8:b4:93:ea:75:44:6b:04:60:20:
+                    71:57:87:9d:f3:be:a0:90:23:3d:8a:24:e1:da:21:
+                    db:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                4A:A0:AA:58:84:D3:5E:3C
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        5a:ce:87:f9:16:72:15:57:4b:1d:d9:9b:e7:a2:26:30:ec:93:
+        67:df:d6:2d:d2:34:af:f7:38:a5:ce:ab:16:b9:ab:2f:7c:35:
+        cb:ac:d0:0f:b4:4c:2b:fc:80:ef:6b:8c:91:5f:36:76:f7:db:
+        b3:1b:19:ea:f4:b2:11:fd:61:71:44:bf:28:b3:3a:1d:bf:b3:
+        43:e8:9f:bf:dc:31:08:71:b0:9d:8d:d6:34:47:32:90:c6:65:
+        24:f7:a0:4a:7c:04:73:8f:39:6f:17:8c:72:b5:bd:4b:c8:7a:
+        f8:7b:83:c3:28:4e:9c:09:ea:67:3f:b2:67:04:1b:c3:14:da:
+        f8:e7:49:24:91:d0:1d:6a:fa:61:39:ef:6b:e7:21:75:06:07:
+        d8:12:b4:21:20:70:42:71:81:da:3c:9a:36:be:a6:5b:0d:6a:
+        6c:9a:1f:91:7b:f9:f9:ef:42:ba:4e:4e:9e:cc:0c:8d:94:dc:
+        d9:45:9c:5e:ec:42:50:63:ae:f4:5d:c4:b1:12:dc:ca:3b:a8:
+        2e:9d:14:5a:05:75:b7:ec:d7:63:e2:ba:35:b6:04:08:91:e8:
+        da:9d:9c:f6:66:b5:18:ac:0a:a6:54:26:34:33:d2:1b:c1:d4:
+        7f:1a:3a:8e:0b:aa:32:6e:db:fc:4f:25:9f:d9:32:c7:96:5a:
+        70:ac:df:4c
+MD5 Fingerprint=A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10000010 (0x98968a)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
+        Validity
+            Not Before: Dec 17 09:23:49 2002 GMT
+            Not After : Dec 16 09:15:38 2015 GMT
+        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:98:d2:b5:51:11:7a:81:a6:14:98:71:6d:be:cc:
+                    e7:13:1b:d6:27:0e:7a:b3:6a:18:1c:b6:61:5a:d5:
+                    61:09:bf:de:90:13:c7:67:ee:dd:f3:da:c5:0c:12:
+                    9e:35:55:3e:2c:27:88:40:6b:f7:dc:dd:22:61:f5:
+                    c2:c7:0e:f5:f6:d5:76:53:4d:8f:8c:bc:18:76:37:
+                    85:9d:e8:ca:49:c7:d2:4f:98:13:09:a2:3e:22:88:
+                    9c:7f:d6:f2:10:65:b4:ee:5f:18:d5:17:e3:f8:c5:
+                    fd:e2:9d:a2:ef:53:0e:85:77:a2:0f:e1:30:47:ee:
+                    00:e7:33:7d:44:67:1a:0b:51:e8:8b:a0:9e:50:98:
+                    68:34:52:1f:2e:6d:01:f2:60:45:f2:31:eb:a9:31:
+                    68:29:bb:7a:41:9e:c6:19:7f:94:b4:51:39:03:7f:
+                    b2:de:a7:32:9b:b4:47:8e:6f:b4:4a:ae:e5:af:b1:
+                    dc:b0:1b:61:bc:99:72:de:e4:89:b7:7a:26:5d:da:
+                    33:49:5b:52:9c:0e:f5:8a:ad:c3:b8:3d:e8:06:6a:
+                    c2:d5:2a:0b:6c:7b:84:bd:56:05:cb:86:65:92:ec:
+                    44:2b:b0:8e:b9:dc:70:0b:46:da:ad:bc:63:88:39:
+                    fa:db:6a:fe:23:fa:bc:e4:48:f4:67:2b:6a:11:10:
+                    21:49
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Certificate Policies: 
+                Policy: X509v3 Any Policy
+                  CPS: http://www.pkioverheid.nl/policies/root-policy
+
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                A8:7D:EB:BC:63:A4:74:13:74:00:EC:96:E0:D3:34:C1:2C:BF:6C:F8
+    Signature Algorithm: sha1WithRSAEncryption
+        05:84:87:55:74:36:61:c1:bb:d1:d4:c6:15:a8:13:b4:9f:a4:
+        fe:bb:ee:15:b4:2f:06:0c:29:f2:a8:92:a4:61:0d:fc:ab:5c:
+        08:5b:51:13:2b:4d:c2:2a:61:c8:f8:09:58:fc:2d:02:b2:39:
+        7d:99:66:81:bf:6e:5c:95:45:20:6c:e6:79:a7:d1:d8:1c:29:
+        fc:c2:20:27:51:c8:f1:7c:5d:34:67:69:85:11:30:c6:00:d2:
+        d7:f3:d3:7c:b6:f0:31:57:28:12:82:73:e9:33:2f:a6:55:b4:
+        0b:91:94:47:9c:fa:bb:7a:42:32:e8:ae:7e:2d:c8:bc:ac:14:
+        bf:d9:0f:d9:5b:fc:c1:f9:7a:95:e1:7d:7e:96:fc:71:b0:c2:
+        4c:c8:df:45:34:c9:ce:0d:f2:9c:64:08:d0:3b:c3:29:c5:b2:
+        ed:90:04:c1:b1:29:91:c5:30:6f:c1:a9:72:33:cc:fe:5d:16:
+        17:2c:11:69:e7:7e:fe:c5:83:08:df:bc:dc:22:3a:2e:20:69:
+        23:39:56:60:67:90:8b:2e:76:39:fb:11:88:97:f6:7c:bd:4b:
+        b8:20:16:67:05:8d:e2:3b:c1:72:3f:94:95:37:c7:5d:b9:9e:
+        d8:93:a1:17:8f:ff:0c:66:15:c1:24:7c:32:7c:03:1d:3b:a1:
+        58:45:32:93
+MD5 Fingerprint=60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
+TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
+MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
+ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
+ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
+9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
+hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
+tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
+BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
+SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
+OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
+cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
+7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
+/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
+eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
+u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
+7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
+iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 986490188 (0x3acca54c)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA
+        Validity
+            Not Before: Apr  5 16:33:17 2001 GMT
+            Not After : Apr  5 17:03:17 2021 GMT
+        Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c4:b8:40:bc:91:d5:63:1f:d7:99:a0:8b:0c:40:
+                    1e:74:b7:48:9d:46:8c:02:b2:e0:24:5f:f0:19:13:
+                    a7:37:83:6b:5d:c7:8e:f9:84:30:ce:1a:3b:fa:fb:
+                    ce:8b:6d:23:c6:c3:6e:66:9f:89:a5:df:e0:42:50:
+                    67:fa:1f:6c:1e:f4:d0:05:d6:bf:ca:d6:4e:e4:68:
+                    60:6c:46:aa:1c:5d:63:e1:07:86:0e:65:00:a7:2e:
+                    a6:71:c6:bc:b9:81:a8:3a:7d:1a:d2:f9:d1:ac:4b:
+                    cb:ce:75:af:dc:7b:fa:81:73:d4:fc:ba:bd:41:88:
+                    d4:74:b3:f9:5e:38:3a:3c:43:a8:d2:95:4e:77:6d:
+                    13:0c:9d:8f:78:01:b7:5a:20:1f:03:37:35:e2:2c:
+                    db:4b:2b:2c:78:b9:49:db:c4:d0:c7:9c:9c:e4:8a:
+                    20:09:21:16:56:66:ff:05:ec:5b:e3:f0:cf:ab:24:
+                    24:5e:c3:7f:70:7a:12:c4:d2:b5:10:a0:b6:21:e1:
+                    8d:78:69:55:44:69:f5:ca:96:1c:34:85:17:25:77:
+                    e2:f6:2f:27:98:78:fd:79:06:3a:a2:d6:5a:43:c1:
+                    ff:ec:04:3b:ee:13:ef:d3:58:5a:ff:92:eb:ec:ae:
+                    da:f2:37:03:47:41:b6:97:c9:2d:0a:41:22:bb:bb:
+                    e6:a7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=DK/O=TDC Internet/OU=TDC Internet Root CA/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Apr  5 16:33:17 2001 GMT, Not After: Apr  5 17:03:17 2021 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50
+
+            X509v3 Subject Key Identifier: 
+                6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        4e:43:cc:d1:dd:1d:10:1b:06:7f:b7:a4:fa:d3:d9:4d:fb:23:
+        9f:23:54:5b:e6:8b:2f:04:28:8b:b5:27:6d:89:a1:ec:98:69:
+        dc:e7:8d:26:83:05:79:74:ec:b4:b9:a3:97:c1:35:00:fd:15:
+        da:39:81:3a:95:31:90:de:97:e9:86:a8:99:77:0c:e5:5a:a0:
+        84:ff:12:16:ac:6e:b8:8d:c3:7b:92:c2:ac:2e:d0:7d:28:ec:
+        b6:f3:60:38:69:6f:3e:d8:04:55:3e:9e:cc:55:d2:ba:fe:bb:
+        47:04:d7:0a:d9:16:0a:34:29:f5:58:13:d5:4f:cf:8f:56:4b:
+        b3:1e:ee:d3:98:79:da:08:1e:0c:6f:b8:f8:16:27:ef:c2:6f:
+        3d:f6:a3:4b:3e:0e:e4:6d:6c:db:3b:41:12:9b:bd:0d:47:23:
+        7f:3c:4a:d0:af:c0:af:f6:ef:1b:b5:15:c4:eb:83:c4:09:5f:
+        74:8b:d9:11:fb:c2:56:b1:3c:f8:70:ca:34:8d:43:40:13:8c:
+        fd:99:03:54:79:c6:2e:ea:86:a1:f6:3a:d4:09:bc:f4:bc:66:
+        cc:3d:58:d0:57:49:0a:ee:25:e2:41:ee:13:f9:9b:38:34:d1:
+        00:f5:7e:e7:94:1d:fc:69:03:62:b8:99:05:05:3d:6b:78:12:
+        bd:b0:6f:65
+MD5 Fingerprint=91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
+SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
+Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
+BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
+cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
+vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
+Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
+0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
+4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
+eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
+R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
+A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
+dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
+Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
+WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
+HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
+KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
+Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
+wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
+9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
+jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
+aQNiuJkFBT1reBK9sG9l
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1044954564 (0x3e48bdc4)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DK, O=TDC, CN=TDC OCES CA
+        Validity
+            Not Before: Feb 11 08:39:30 2003 GMT
+            Not After : Feb 11 09:09:30 2037 GMT
+        Subject: C=DK, O=TDC, CN=TDC OCES CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ac:62:f6:61:20:b2:cf:c0:c6:85:d7:e3:79:e6:
+                    cc:ed:f2:39:92:a4:97:2e:64:a3:84:5b:87:9c:4c:
+                    fd:a4:f3:c4:5f:21:bd:56:10:eb:db:2e:61:ec:93:
+                    69:e3:a3:cc:bd:99:c3:05:fc:06:b8:ca:36:1c:fe:
+                    90:8e:49:4c:c4:56:9a:2f:56:bc:cf:7b:0c:f1:6f:
+                    47:a6:0d:43:4d:e2:e9:1d:39:34:cd:8d:2c:d9:12:
+                    98:f9:e3:e1:c1:4a:7c:86:38:c4:a9:c4:61:88:d2:
+                    5e:af:1a:26:4d:d5:e4:a0:22:47:84:d9:64:b7:19:
+                    96:fc:ec:19:e4:b2:97:26:4e:4a:4c:cb:8f:24:8b:
+                    54:18:1c:48:61:7b:d5:88:68:da:5d:b5:ea:cd:1a:
+                    30:c1:80:83:76:50:aa:4f:d1:d4:dd:38:f0:ef:16:
+                    f4:e1:0c:50:06:bf:ea:fb:7a:49:a1:28:2b:1c:f6:
+                    fc:15:32:a3:74:6a:8f:a9:c3:62:29:71:31:e5:3b:
+                    a4:60:17:5e:74:e6:da:13:ed:e9:1f:1f:1b:d1:b2:
+                    68:73:c6:10:34:75:46:10:10:e3:90:00:76:40:cb:
+                    8b:b7:43:09:21:ff:ab:4e:93:c6:58:e9:a5:82:db:
+                    77:c4:3a:99:b1:72:95:49:04:f0:b7:2b:fa:7b:59:
+                    8e:dd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Certificate Policies: 
+                Policy: 1.2.208.169.1.1.1
+                  CPS: http://www.certifikat.dk/repository
+                  User Notice:
+                    Organization: TDC
+                    Number: 1
+                    Explicit Text: Certifikater fra denne CA udstedes under OID 1.2.208.169.1.1.1. Certificates from this CA are issued under OID 1.2.208.169.1.1.1.
+
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=DK/O=TDC/CN=TDC OCES CA/CN=CRL1
+                URI:http://crl.oces.certifikat.dk/oces.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Feb 11 08:39:30 2003 GMT, Not After: Feb 11 09:09:30 2037 GMT
+            X509v3 Authority Key Identifier: 
+                keyid:60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12
+
+            X509v3 Subject Key Identifier: 
+                60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12
+            1.2.840.113533.7.65.0: 
+                0...V6.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        0a:ba:26:26:46:d3:73:a8:09:f3:6b:0b:30:99:fd:8a:e1:57:
+        7a:11:d3:b8:94:d7:09:10:6e:a3:b1:38:03:d1:b6:f2:43:41:
+        29:62:a7:72:d8:fb:7c:05:e6:31:70:27:54:18:4e:8a:7c:4e:
+        e5:d1:ca:8c:78:88:cf:1b:d3:90:8b:e6:23:f8:0b:0e:33:43:
+        7d:9c:e2:0a:19:8f:c9:01:3e:74:5d:74:c9:8b:1c:03:e5:18:
+        c8:01:4c:3f:cb:97:05:5d:98:71:a6:98:6f:b6:7c:bd:37:7f:
+        be:e1:93:25:6d:6f:f0:0a:ad:17:18:e1:03:bc:07:29:c8:ad:
+        26:e8:f8:61:f0:fd:21:09:7e:9a:8e:a9:68:7d:48:62:72:bd:
+        00:ea:01:99:b8:06:82:51:81:4e:f1:f5:b4:91:54:b9:23:7a:
+        00:9a:9f:5d:8d:e0:3c:64:b9:1a:12:92:2a:c7:82:44:72:39:
+        dc:e2:3c:c6:d8:55:f5:15:4e:c8:05:0e:db:c6:d0:62:a6:ec:
+        15:b4:b5:02:82:db:ac:8c:a2:81:f0:9b:99:31:f5:20:20:a8:
+        88:61:0a:07:9f:94:fc:d0:d7:1b:cc:2e:17:f3:04:27:76:67:
+        eb:54:83:fd:a4:90:7e:06:3d:04:a3:43:2d:da:fc:0b:62:ea:
+        2f:5f:62:53
+MD5 Fingerprint=93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
+-----BEGIN CERTIFICATE-----
+MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
+SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
+ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
+REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
+2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
+2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
+GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
+dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
+TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
+AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
+c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
+ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
+MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
+T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
+HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
+VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
+bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
+MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
+J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
+SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
+JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
+inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
+caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
+mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
+YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
+BKNDLdr8C2LqL19iUw==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
+        Validity
+            Not Before: Jun 24 18:57:21 1999 GMT
+            Not After : Jun 24 19:06:30 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:df:ee:58:10:a2:2b:6e:55:c4:8e:bf:2e:46:09:
+                    e7:e0:08:0f:2e:2b:7a:13:94:1b:bd:f6:b6:80:8e:
+                    65:05:93:00:1e:bc:af:e2:0f:8e:19:0d:12:47:ec:
+                    ac:ad:a3:fa:2e:70:f8:de:6e:fb:56:42:15:9e:2e:
+                    5c:ef:23:de:21:b9:05:76:27:19:0f:4f:d6:c3:9c:
+                    b4:be:94:19:63:f2:a6:11:0a:eb:53:48:9c:be:f2:
+                    29:3b:16:e8:1a:a0:4c:a6:c9:f4:18:59:68:c0:70:
+                    f2:53:00:c0:5e:50:82:a5:56:6f:36:f9:4a:e0:44:
+                    86:a0:4d:4e:d6:47:6e:49:4a:cb:67:d7:a6:c4:05:
+                    b9:8e:1e:f4:fc:ff:cd:e7:36:e0:9c:05:6c:b2:33:
+                    22:15:d0:b4:e0:cc:17:c0:b2:c0:f4:fe:32:3f:29:
+                    2a:95:7b:d8:f2:a7:4e:0f:54:7c:a1:0d:80:b3:09:
+                    03:c1:ff:5c:dd:5e:9a:3e:bc:ae:bc:47:8a:6a:ae:
+                    71:ca:1f:b1:2a:b8:5f:42:05:0b:ec:46:30:d1:72:
+                    0b:ca:e9:56:6d:f5:ef:df:78:be:61:ba:b2:a5:ae:
+                    04:4c:bc:a8:ac:69:15:97:bd:ef:eb:b4:8c:bf:35:
+                    f8:d4:c3:d1:28:0e:5c:3a:9f:70:18:33:20:77:c4:
+                    a2:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                53:32:D1:B3:CF:7F:FA:E0:F1:A0:5D:85:4E:92:D2:9E:45:1D:B4:4F
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.usertrust.com/UTN-DATACorpSGC.crl
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
+    Signature Algorithm: sha1WithRSAEncryption
+        27:35:97:00:8a:8b:28:bd:c6:33:30:1e:29:fc:e2:f7:d5:98:
+        d4:40:bb:60:ca:bf:ab:17:2c:09:36:7f:50:fa:41:dc:ae:96:
+        3a:0a:23:3e:89:59:c9:a3:07:ed:1b:37:ad:fc:7c:be:51:49:
+        5a:de:3a:0a:54:08:16:45:c2:99:b1:87:cd:8c:68:e0:69:03:
+        e9:c4:4e:98:b2:3b:8c:16:b3:0e:a0:0c:98:50:9b:93:a9:70:
+        09:c8:2c:a3:8f:df:02:e4:e0:71:3a:f1:b4:23:72:a0:aa:01:
+        df:df:98:3e:14:50:a0:31:26:bd:28:e9:5a:30:26:75:f9:7b:
+        60:1c:8d:f3:cd:50:26:6d:04:27:9a:df:d5:0d:45:47:29:6b:
+        2c:e6:76:d9:a9:29:7d:32:dd:c9:36:3c:bd:ae:35:f1:11:9e:
+        1d:bb:90:3f:12:47:4e:8e:d7:7e:0f:62:73:1d:52:26:38:1c:
+        18:49:fd:30:74:9a:c4:e5:22:2f:d8:c0:8d:ed:91:7a:4c:00:
+        8f:72:7f:5d:da:dd:1b:8b:45:6b:e7:dd:69:97:a8:c5:56:4c:
+        0f:0c:f6:9f:7a:91:37:f6:97:82:e0:dd:71:69:ff:76:3f:60:
+        4d:3c:cf:f7:99:f9:c6:57:f4:c9:55:39:78:ba:2c:79:c9:a6:
+        88:2b:f4:08
+MD5 Fingerprint=B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
+-----BEGIN CERTIFICATE-----
+MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
+kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
+IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
+VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
+E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
+D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
+4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
+lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
+bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
+o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
+MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
+LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
+BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
+Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
+j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
+KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
+2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
+mfnGV/TJVTl4uix5yaaIK/QI
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
+        Validity
+            Not Before: Jul  9 17:28:50 1999 GMT
+            Not After : Jul  9 17:36:58 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b2:39:85:a4:f2:7d:ab:41:3b:62:46:37:ae:cd:
+                    c1:60:75:bc:39:65:f9:4a:1a:47:a2:b9:cc:48:cc:
+                    6a:98:d5:4d:35:19:b9:a4:42:e5:ce:49:e2:8a:2f:
+                    1e:7c:d2:31:07:c7:4e:b4:83:64:9d:2e:29:d5:a2:
+                    64:c4:85:bd:85:51:35:79:a4:4e:68:90:7b:1c:7a:
+                    a4:92:a8:17:f2:98:15:f2:93:cc:c9:a4:32:95:bb:
+                    0c:4f:30:bd:98:a0:0b:8b:e5:6e:1b:a2:46:fa:78:
+                    bc:a2:6f:ab:59:5e:a5:2f:cf:ca:da:6d:aa:2f:eb:
+                    ac:a1:b3:6a:aa:b7:2e:67:35:8b:79:e1:1e:69:88:
+                    e2:e6:46:cd:a0:a5:ea:be:0b:ce:76:3a:7a:0e:9b:
+                    ea:fc:da:27:5b:3d:73:1f:22:e6:48:61:c6:4c:f3:
+                    69:b1:a8:2e:1b:b6:d4:31:20:2c:bc:82:8a:8e:a4:
+                    0e:a5:d7:89:43:fc:16:5a:af:1d:71:d7:11:59:da:
+                    ba:87:0d:af:fa:f3:e1:c2:f0:a4:c5:67:8c:d6:d6:
+                    54:3a:de:0a:a4:ba:03:77:b3:65:c8:fd:1e:d3:74:
+                    62:aa:18:ca:68:93:1e:a1:85:7e:f5:47:65:cb:f8:
+                    4d:57:28:74:d2:34:ff:30:b6:ee:f6:62:30:14:8c:
+                    2c:eb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                89:82:67:7D:C4:9D:26:70:00:4B:B4:50:48:7C:DE:3D:AE:04:6E:7D
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication, E-mail Protection
+    Signature Algorithm: sha1WithRSAEncryption
+        b1:6d:61:5d:a6:1a:7f:7c:ab:4a:e4:30:fc:53:6f:25:24:c6:
+        ca:ed:e2:31:5c:2b:0e:ee:ee:61:55:6f:04:3e:cf:39:de:c5:
+        1b:49:94:e4:eb:20:4c:b4:e6:9e:50:2e:72:d9:8d:f5:aa:a3:
+        b3:4a:da:56:1c:60:97:80:dc:82:a2:ad:4a:bd:8a:2b:ff:0b:
+        09:b4:c6:d7:20:04:45:e4:cd:80:01:ba:ba:2b:6e:ce:aa:d7:
+        92:fe:e4:af:eb:f4:26:1d:16:2a:7f:6c:30:95:37:2f:33:12:
+        ac:7f:dd:c7:d1:11:8c:51:98:b2:d0:a3:91:d0:ad:f6:9f:9e:
+        83:93:1e:1d:42:b8:46:af:6b:66:f0:9b:7f:ea:e3:03:02:e5:
+        02:51:c1:aa:d5:35:9d:72:40:03:89:ba:31:1d:c5:10:68:52:
+        9e:df:a2:85:c5:5c:08:a6:78:e6:53:4f:b1:e8:b7:d3:14:9e:
+        93:a6:c3:64:e3:ac:7e:71:cd:bc:9f:e9:03:1b:cc:fb:e9:ac:
+        31:c1:af:7c:15:74:02:99:c3:b2:47:a6:c2:32:61:d7:c7:6f:
+        48:24:51:27:a1:d5:87:55:f2:7b:8f:98:3d:16:9e:ee:75:b6:
+        f8:d0:8e:f2:f3:c6:ae:28:5b:a7:f0:f3:36:17:fc:c3:05:d3:
+        ca:03:4a:54
+MD5 Fingerprint=D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+-----BEGIN CERTIFICATE-----
+MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB
+rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt
+Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa
+Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV
+BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
+dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE
+AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B
+YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9
+hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l
+L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm
+SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM
+1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
+6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw
+Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50
+aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
+AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u
+7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0
+xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ
+rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim
+eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk
+USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+        Validity
+            Not Before: Jul  9 18:10:42 1999 GMT
+            Not After : Jul  9 18:19:22 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b1:f7:c3:38:3f:b4:a8:7f:cf:39:82:51:67:d0:
+                    6d:9f:d2:ff:58:f3:e7:9f:2b:ec:0d:89:54:99:b9:
+                    38:99:16:f7:e0:21:79:48:c2:bb:61:74:12:96:1d:
+                    3c:6a:72:d5:3c:10:67:3a:39:ed:2b:13:cd:66:eb:
+                    95:09:33:a4:6c:97:b1:e8:c6:ec:c1:75:79:9c:46:
+                    5e:8d:ab:d0:6a:fd:b9:2a:55:17:10:54:b3:19:f0:
+                    9a:f6:f1:b1:5d:b6:a7:6d:fb:e0:71:17:6b:a2:88:
+                    fb:00:df:fe:1a:31:77:0c:9a:01:7a:b1:32:e3:2b:
+                    01:07:38:6e:c3:a5:5e:23:bc:45:9b:7b:50:c1:c9:
+                    30:8f:db:e5:2b:7a:d3:5b:fb:33:40:1e:a0:d5:98:
+                    17:bc:8b:87:c3:89:d3:5d:a0:8e:b2:aa:aa:f6:8e:
+                    69:88:06:c5:fa:89:21:f3:08:9d:69:2e:09:33:9b:
+                    29:0d:46:0f:8c:cc:49:34:b0:69:51:bd:f9:06:cd:
+                    68:ad:66:4c:bc:3e:ac:61:bd:0a:88:0e:c8:df:3d:
+                    ee:7c:04:4c:9d:0a:5e:6b:91:d6:ee:c7:ed:28:8d:
+                    ab:4d:87:89:73:d0:6e:a4:d0:1e:16:8b:14:e1:76:
+                    44:03:7f:63:ac:e4:cd:49:9c:c5:92:f4:ab:32:a1:
+                    48:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
+    Signature Algorithm: sha1WithRSAEncryption
+        47:19:0f:de:74:c6:99:97:af:fc:ad:28:5e:75:8e:eb:2d:67:
+        ee:4e:7b:2b:d7:0c:ff:f6:de:cb:55:a2:0a:e1:4c:54:65:93:
+        60:6b:9f:12:9c:ad:5e:83:2c:eb:5a:ae:c0:e4:2d:f4:00:63:
+        1d:b8:c0:6c:f2:cf:49:bb:4d:93:6f:06:a6:0a:22:b2:49:62:
+        08:4e:ff:c8:c8:14:b2:88:16:5d:e7:01:e4:12:95:e5:45:34:
+        b3:8b:69:bd:cf:b4:85:8f:75:51:9e:7d:3a:38:3a:14:48:12:
+        c6:fb:a7:3b:1a:8d:0d:82:40:07:e8:04:08:90:a1:89:cb:19:
+        50:df:ca:1c:01:bc:1d:04:19:7b:10:76:97:3b:ee:90:90:ca:
+        c4:0e:1f:16:6e:75:ef:33:f8:d3:6f:5b:1e:96:e3:e0:74:77:
+        74:7b:8a:a2:6e:2d:dd:76:d6:39:30:82:f0:ab:9c:52:f2:2a:
+        c7:af:49:5e:7e:c7:68:e5:82:81:c8:6a:27:f9:27:88:2a:d5:
+        58:50:95:1f:f0:3b:1c:57:bb:7d:14:39:62:2b:9a:c9:94:92:
+        2a:a3:22:0c:ff:89:26:7d:5f:23:2b:47:d7:15:1d:a9:6a:9e:
+        51:0d:2a:51:9e:81:f9:d4:3b:5e:70:12:7f:10:32:9c:1e:bb:
+        9d:f8:66:a8
+MD5 Fingerprint=4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
+        Validity
+            Not Before: Jul  9 18:31:20 1999 GMT
+            Not After : Jul  9 18:40:36 2019 GMT
+        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ce:aa:81:3f:a3:a3:61:78:aa:31:00:55:95:11:
+                    9e:27:0f:1f:1c:df:3a:9b:82:68:30:c0:4a:61:1d:
+                    f1:2f:0e:fa:be:79:f7:a5:23:ef:55:51:96:84:cd:
+                    db:e3:b9:6e:3e:31:d8:0a:20:67:c7:f4:d9:bf:94:
+                    eb:47:04:3e:02:ce:2a:a2:5d:87:04:09:f6:30:9d:
+                    18:8a:97:b2:aa:1c:fc:41:d2:a1:36:cb:fb:3d:91:
+                    ba:e7:d9:70:35:fa:e4:e7:90:c3:9b:a3:9b:d3:3c:
+                    f5:12:99:77:b1:b7:09:e0:68:e6:1c:b8:f3:94:63:
+                    88:6a:6a:fe:0b:76:c9:be:f4:22:e4:67:b9:ab:1a:
+                    5e:77:c1:85:07:dd:0d:6c:bf:ee:06:c7:77:6a:41:
+                    9e:a7:0f:d7:fb:ee:94:17:b7:fc:85:be:a4:ab:c4:
+                    1c:31:dd:d7:b6:d1:e4:f0:ef:df:16:8f:b2:52:93:
+                    d7:a1:d4:89:a1:07:2e:bf:e1:01:12:42:1e:1a:e1:
+                    d8:95:34:db:64:79:28:ff:ba:2e:11:c2:e5:e8:5b:
+                    92:48:fb:47:0b:c2:6c:da:ad:32:83:41:f3:a5:e5:
+                    41:70:fd:65:90:6d:fa:fa:51:c4:f9:bd:96:2b:19:
+                    04:2c:d3:6d:a7:dc:f0:7f:6f:83:65:e2:6a:ab:87:
+                    86:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl
+
+            X509v3 Extended Key Usage: 
+                Code Signing, Time Stamping, Microsoft Encrypted File System
+    Signature Algorithm: sha1WithRSAEncryption
+        08:1f:52:b1:37:44:78:db:fd:ce:b9:da:95:96:98:aa:55:64:
+        80:b5:5a:40:dd:21:a5:c5:c1:f3:5f:2c:4c:c8:47:5a:69:ea:
+        e8:f0:35:35:f4:d0:25:f3:c8:a6:a4:87:4a:bd:1b:b1:73:08:
+        bd:d4:c3:ca:b6:35:bb:59:86:77:31:cd:a7:80:14:ae:13:ef:
+        fc:b1:48:f9:6b:25:25:2d:51:b6:2c:6d:45:c1:98:c8:8a:56:
+        5d:3e:ee:43:4e:3e:6b:27:8e:d0:3a:4b:85:0b:5f:d3:ed:6a:
+        a7:75:cb:d1:5a:87:2f:39:75:13:5a:72:b0:02:81:9f:be:f0:
+        0f:84:54:20:62:6c:69:d4:e1:4d:c6:0d:99:43:01:0d:12:96:
+        8c:78:9d:bf:50:a2:b1:44:aa:6a:cf:17:7a:cf:6f:0f:d4:f8:
+        24:55:5f:f0:34:16:49:66:3e:50:46:c9:63:71:38:31:62:b8:
+        62:b9:f3:53:ad:6c:b5:2b:a2:12:aa:19:4f:09:da:5e:e7:93:
+        c6:8e:14:08:fe:f0:30:80:18:a0:86:85:4d:c8:7d:d7:8b:03:
+        fe:6e:d5:f7:9d:16:ac:92:2c:a0:23:e5:9c:91:52:1f:94:df:
+        17:94:73:c3:b3:c1:c1:71:05:20:00:78:bd:13:52:1d:a8:3e:
+        cd:00:1f:c8
+MD5 Fingerprint=A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+-----BEGIN CERTIFICATE-----
+MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB
+lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt
+T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAc
+BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
+dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9iamVjdDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicP
+HxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLO
+KqJdhwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo
+5hy485RjiGpq/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+
+pKvEHDHd17bR5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehb
+kkj7RwvCbNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUC
+AwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDov
+L2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDApBgNV
+HSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZIhvcN
+AQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujw
+NTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXB
+mMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU
+4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK5
+81OtbLUrohKqGU8J2l7nk8aOFAj+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyR
+Uh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8g=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
+        Validity
+            Not Before: Sep 30 16:13:43 2003 GMT
+            Not After : Sep 30 16:13:44 2037 GMT
+        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b7:36:55:e5:a5:5d:18:30:e0:da:89:54:91:fc:
+                    c8:c7:52:f8:2f:50:d9:ef:b1:75:73:65:47:7d:1b:
+                    5b:ba:75:c5:fc:a1:88:24:fa:2f:ed:ca:08:4a:39:
+                    54:c4:51:7a:b5:da:60:ea:38:3c:81:b2:cb:f1:bb:
+                    d9:91:23:3f:48:01:70:75:a9:05:2a:ad:1f:71:f3:
+                    c9:54:3d:1d:06:6a:40:3e:b3:0c:85:ee:5c:1b:79:
+                    c2:62:c4:b8:36:8e:35:5d:01:0c:23:04:47:35:aa:
+                    9b:60:4e:a0:66:3d:cb:26:0a:9c:40:a1:f4:5d:98:
+                    bf:71:ab:a5:00:68:2a:ed:83:7a:0f:a2:14:b5:d4:
+                    22:b3:80:b0:3c:0c:5a:51:69:2d:58:18:8f:ed:99:
+                    9e:f1:ae:e2:95:e6:f6:47:a8:d6:0c:0f:b0:58:58:
+                    db:c3:66:37:9e:9b:91:54:33:37:d2:94:1c:6a:48:
+                    c9:c9:f2:a5:da:a5:0c:23:f7:23:0e:9c:32:55:5e:
+                    71:9c:84:05:51:9a:2d:fd:e6:4e:2a:34:5a:de:ca:
+                    40:37:67:0c:54:21:55:77:da:0a:0c:cc:97:ae:80:
+                    dc:94:36:4a:f4:3e:ce:36:13:1e:53:e4:ac:4e:3a:
+                    05:ec:db:ae:72:9c:38:8b:d0:39:3b:89:0a:3e:77:
+                    fe:75
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:12
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.chambersign.org/chambersroot.crl
+
+            X509v3 Subject Key Identifier: 
+                E3:94:F5:B1:4D:E9:DB:A1:29:5B:57:8B:4D:76:06:76:E1:D1:A2:8A
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:chambersroot@chambersign.org
+            X509v3 Issuer Alternative Name: 
+                email:chambersroot@chambersign.org
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.17326.10.3.1
+                  CPS: http://cps.chambersign.org/cps/chambersroot.html
+
+    Signature Algorithm: sha1WithRSAEncryption
+        0c:41:97:c2:1a:86:c0:22:7c:9f:fb:90:f3:1a:d1:03:b1:ef:
+        13:f9:21:5f:04:9c:da:c9:a5:8d:27:6c:96:87:91:be:41:90:
+        01:72:93:e7:1e:7d:5f:f6:89:c6:5d:a7:40:09:3d:ac:49:45:
+        45:dc:2e:8d:30:68:b2:09:ba:fb:c3:2f:cc:ba:0b:df:3f:77:
+        7b:46:7d:3a:12:24:8e:96:8f:3c:05:0a:6f:d2:94:28:1d:6d:
+        0c:c0:2e:88:22:d5:d8:cf:1d:13:c7:f0:48:d7:d7:05:a7:cf:
+        c7:47:9e:3b:3c:34:c8:80:4f:d4:14:bb:fc:0d:50:f7:fa:b3:
+        ec:42:5f:a9:dd:6d:c8:f4:75:cf:7b:c1:72:26:b1:01:1c:5c:
+        2c:fd:7a:4e:b4:01:c5:05:57:b9:e7:3c:aa:05:d9:88:e9:07:
+        46:41:ce:ef:41:81:ae:58:df:83:a2:ae:ca:d7:77:1f:e7:00:
+        3c:9d:6f:8e:e4:32:09:1d:4d:78:34:78:34:3c:94:9b:26:ed:
+        4f:71:c6:19:7a:bd:20:22:48:5a:fe:4b:7d:03:b7:e7:58:be:
+        c6:32:4e:74:1e:68:dd:a8:68:5b:b3:3e:ee:62:7d:d9:80:e8:
+        0a:75:7a:b7:ee:b4:65:9a:21:90:e0:aa:d0:98:bc:38:b5:73:
+        3c:8b:f8:dc
+MD5 Fingerprint=B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg
+b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB
+ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw
+IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb
+unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d
+BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq
+7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3
+0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX
+roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG
+A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j
+aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
+26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA
+BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud
+EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN
+BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
+aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB
+AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd
+p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi
+1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc
+XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
+eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
+tGWaIZDgqtCYvDi1czyL+Nw=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
+        Validity
+            Not Before: Sep 30 16:14:18 2003 GMT
+            Not After : Sep 30 16:14:18 2037 GMT
+        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:a2:70:a2:d0:9f:42:ae:5b:17:c7:d8:7d:cf:14:
+                    83:fc:4f:c9:a1:b7:13:af:8a:d7:9e:3e:04:0a:92:
+                    8b:60:56:fa:b4:32:2f:88:4d:a1:60:08:f4:b7:09:
+                    4e:a0:49:2f:49:d6:d3:df:9d:97:5a:9f:94:04:70:
+                    ec:3f:59:d9:b7:cc:66:8b:98:52:28:09:02:df:c5:
+                    2f:84:8d:7a:97:77:bf:ec:40:9d:25:72:ab:b5:3f:
+                    32:98:fb:b7:b7:fc:72:84:e5:35:87:f9:55:fa:a3:
+                    1f:0e:6f:2e:28:dd:69:a0:d9:42:10:c6:f8:b5:44:
+                    c2:d0:43:7f:db:bc:e4:a2:3c:6a:55:78:0a:77:a9:
+                    d8:ea:19:32:b7:2f:fe:5c:3f:1b:ee:b1:98:ec:ca:
+                    ad:7a:69:45:e3:96:0f:55:f6:e6:ed:75:ea:65:e8:
+                    32:56:93:46:89:a8:25:8a:65:06:ee:6b:bf:79:07:
+                    d0:f1:b7:af:ed:2c:4d:92:bb:c0:a8:5f:a7:67:7d:
+                    04:f2:15:08:70:ac:92:d6:7d:04:d2:33:fb:4c:b6:
+                    0b:0b:fb:1a:c9:c4:8d:03:a9:7e:5c:f2:50:ab:12:
+                    a5:a1:cf:48:50:a5:ef:d2:c8:1a:13:fa:b0:7f:b1:
+                    82:1c:77:6a:0f:5f:dc:0b:95:8f:ef:43:7e:e6:45:
+                    09:25
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:12
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.chambersign.org/chambersignroot.crl
+
+            X509v3 Subject Key Identifier: 
+                43:9C:36:9F:B0:9E:30:4D:C6:CE:5F:AD:10:AB:E5:03:A5:FA:A9:14
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Subject Alternative Name: 
+                email:chambersignroot@chambersign.org
+            X509v3 Issuer Alternative Name: 
+                email:chambersignroot@chambersign.org
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.17326.10.1.1
+                  CPS: http://cps.chambersign.org/cps/chambersignroot.html
+
+    Signature Algorithm: sha1WithRSAEncryption
+        3c:3b:70:91:f9:04:54:27:91:e1:ed:ed:fe:68:7f:61:5d:e5:
+        41:65:4f:32:f1:18:05:94:6a:1c:de:1f:70:db:3e:7b:32:02:
+        34:b5:0c:6c:a1:8a:7c:a5:f4:8f:ff:d4:d8:ad:17:d5:2d:04:
+        d1:3f:58:80:e2:81:59:88:be:c0:e3:46:93:24:fe:90:bd:26:
+        a2:30:2d:e8:97:26:57:35:89:74:96:18:f6:15:e2:af:24:19:
+        56:02:02:b2:ba:0f:14:ea:c6:8a:66:c1:86:45:55:8b:be:92:
+        be:9c:a4:04:c7:49:3c:9e:e8:29:7a:89:d7:fe:af:ff:68:f5:
+        a5:17:90:bd:ac:99:cc:a5:86:57:09:67:46:db:d6:16:c2:46:
+        f1:e4:a9:50:f5:8f:d1:92:15:d3:5f:3e:c6:00:49:3a:6e:58:
+        b2:d1:d1:27:0d:25:c8:32:f8:20:11:cd:7d:32:33:48:94:54:
+        4c:dd:dc:79:c4:30:9f:eb:8e:b8:55:b5:d7:88:5c:c5:6a:24:
+        3d:b2:d3:05:03:51:c6:07:ef:cc:14:72:74:3d:6e:72:ce:18:
+        28:8c:4a:a0:77:e5:09:2b:45:44:47:ac:b7:67:7f:01:8a:05:
+        5a:93:be:a1:c1:ff:f8:e7:0e:67:a4:47:49:76:5d:75:90:1a:
+        f5:26:8f:f0
+MD5 Fingerprint=C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 123 (0x7b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
+        Validity
+            Not Before: Mar 30 01:47:11 2003 GMT
+            Not After : Dec 15 01:47:11 2022 GMT
+        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c7:52:25:b2:d8:3d:d4:84:55:09:a7:1b:bd:6c:
+                    b9:14:f4:8a:02:db:76:fc:6a:2a:78:ab:e5:77:f0:
+                    6e:e0:8c:23:67:db:a5:64:99:b9:dd:01:3e:6f:ef:
+                    2d:9a:3c:22:f0:5d:c9:57:a0:55:41:7f:f2:43:5e:
+                    58:82:53:31:65:ce:1e:f2:26:ba:00:54:1e:af:b0:
+                    bc:1c:e4:52:8c:a0:32:af:b7:37:b1:53:67:68:74:
+                    67:50:f6:2d:2e:64:de:ae:26:79:df:df:99:86:ab:
+                    ab:7f:85:ec:a0:fb:80:cc:f4:b8:0c:1e:93:45:63:
+                    b9:dc:b8:5b:9b:ed:5b:39:d4:5f:62:b0:a7:8e:7c:
+                    66:38:2c:aa:b1:08:63:17:67:7d:cc:bd:b3:f1:c3:
+                    3f:cf:50:39:ed:d1:19:83:15:db:87:12:27:96:b7:
+                    da:ea:e5:9d:bc:ba:ea:39:4f:8b:ef:74:9a:e7:c5:
+                    d0:d2:ea:86:51:1c:e4:fe:64:08:28:04:79:05:eb:
+                    ca:c5:71:0e:0b:ef:ab:ea:ec:12:11:a1:18:05:32:
+                    69:d1:0c:2c:1a:3d:25:99:3f:b5:7c:ca:6d:b0:ae:
+                    99:99:fa:08:60:e7:19:c2:f2:bd:51:d3:cc:d3:02:
+                    ac:c1:11:0c:80:ce:ab:dc:94:9d:6b:a3:39:53:3a:
+                    d6:85
+                Exponent: 50557 (0xc57d)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            Netscape Comment: 
+                FIGYELEM! Ezen tanusitvany a NetLock Kft. Minositett Szolgaltatasi Szabalyzataban leirt eljarasok alapjan keszult. A minositett elektronikus alairas joghatas ervenyesulesenek, valamint elfogadasanak feltetele a Minositett Szolgaltatasi Szabalyzatban, az Altalanos Szerzodesi Feltetelekben eloirt ellenorzesi eljaras megtetele. A dokumentumok megtalalhatok a https://www.netlock.hu/docs/ cimen vagy kerhetok az info@netlock.net e-mail cimen. WARNING! The issuance and the use of this certificate are subject to the NetLock Qualified CPS available at https://www.netlock.hu/docs/ or by e-mail at info@netlock.net
+            X509v3 Subject Key Identifier: 
+                09:6A:62:16:92:B0:5A:BB:55:0E:CB:75:32:3A:32:E5:B2:21:C9:28
+    Signature Algorithm: sha1WithRSAEncryption
+        91:6a:50:9c:db:78:81:9b:3f:8b:42:e3:3b:fc:a6:c3:ee:43:
+        e0:cf:f3:e2:80:35:49:45:76:02:e2:e3:2f:05:c5:f1:2a:e7:
+        c0:41:33:c6:b6:9b:d0:33:39:cd:c0:db:a1:ad:6c:37:02:4c:
+        58:41:3b:f2:97:92:c6:48:a8:cd:e5:8a:39:89:61:f9:52:97:
+        e9:bd:f6:f9:94:74:e8:71:0e:bc:77:86:c3:06:cc:5a:7c:4a:
+        7e:34:50:30:2e:fb:7f:32:9a:8d:3d:f3:20:5b:f8:6a:ca:86:
+        f3:31:4c:2c:59:80:02:7d:fe:38:c9:30:75:1c:b7:55:e3:bc:
+        9f:ba:a8:6d:84:28:05:75:b3:8b:0d:c0:91:54:21:e7:a6:0b:
+        b4:99:f5:51:41:dc:cd:a3:47:22:d9:c7:01:81:c4:dc:47:4f:
+        26:ea:1f:ed:db:cd:0d:98:f4:a3:9c:b4:73:32:4a:96:99:fe:
+        bc:7f:c8:25:58:f8:58:f3:76:66:89:54:a4:a6:3e:c4:50:5c:
+        ba:89:18:82:75:48:21:d2:4f:13:e8:60:7e:07:76:db:10:b5:
+        51:e6:aa:b9:68:aa:cd:f6:9d:90:75:12:ea:38:1a:ca:44:e8:
+        b7:99:a7:2a:68:95:66:95:ab:ad:ef:89:cb:60:a9:06:12:c6:
+        94:47:e9:28
+MD5 Fingerprint=D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
+-----BEGIN CERTIFICATE-----
+MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD
+EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz
+aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w
+MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l
+dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh
+bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq
+eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe
+r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5
+3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd
+vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
+mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC
+wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg
+hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0
+TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh
+biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg
+ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg
+dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6
+b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl
+c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0
+ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3
+dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu
+ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh
+bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo
+ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3
+Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
+ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA
+A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ
+MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+
+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR
+VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY
+83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3
+macqaJVmlaut74nLYKkGEsaUR+ko
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 259 (0x103)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
+        Validity
+            Not Before: Feb 24 23:14:47 1999 GMT
+            Not After : Feb 19 23:14:47 2019 GMT
+        Subject: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bc:74:8c:0f:bb:4c:f4:37:1e:a9:05:82:d8:e6:
+                    e1:6c:70:ea:78:b5:6e:d1:38:44:0d:a8:83:ce:5d:
+                    d2:d6:d5:81:c5:d4:4b:e7:5b:94:70:26:db:3b:9d:
+                    6a:4c:62:f7:71:f3:64:d6:61:3b:3d:eb:73:a3:37:
+                    d9:cf:ea:8c:92:3b:cd:f7:07:dc:66:74:97:f4:45:
+                    22:dd:f4:5c:e0:bf:6d:f3:be:65:33:e4:15:3a:bf:
+                    db:98:90:55:38:c4:ed:a6:55:63:0b:b0:78:04:f4:
+                    e3:6e:c1:3f:8e:fc:51:78:1f:92:9e:83:c2:fe:d9:
+                    b0:a9:c9:bc:5a:00:ff:a9:a8:98:74:fb:f6:2c:3e:
+                    15:39:0d:b6:04:55:a8:0e:98:20:42:b3:b1:25:ad:
+                    7e:9a:6f:5d:53:b1:ab:0c:fc:eb:e0:f3:7a:b3:a8:
+                    b3:ff:46:f6:63:a2:d8:3a:98:7b:b6:ac:85:ff:b0:
+                    25:4f:74:63:e7:13:07:a5:0a:8f:05:f7:c0:64:6f:
+                    7e:a7:27:80:96:de:d4:2e:86:60:c7:6b:2b:5e:73:
+                    7b:17:e7:91:3f:64:0c:d8:4b:22:34:2b:9b:32:f2:
+                    48:1f:9f:a1:0a:84:7a:e2:c2:ad:97:3d:8e:d5:c1:
+                    f9:56:a3:50:e9:c6:b4:fa:98:a2:ee:95:e6:2a:03:
+                    8c:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:4
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            Netscape Comment: 
+                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
+    Signature Algorithm: md5WithRSAEncryption
+        48:24:46:f7:ba:56:6f:fa:c8:28:03:40:4e:e5:31:39:6b:26:
+        6b:53:7f:db:df:df:f3:71:3d:26:c0:14:0e:c6:67:7b:23:a8:
+        0c:73:dd:01:bb:c6:ca:6e:37:39:55:d5:c7:8c:56:20:0e:28:
+        0a:0e:d2:2a:a4:b0:49:52:c6:38:07:fe:be:0a:09:8c:d1:98:
+        cf:ca:da:14:31:a1:4f:d2:39:fc:0f:11:2c:43:c3:dd:ab:93:
+        c7:55:3e:47:7c:18:1a:00:dc:f3:7b:d8:f2:7f:52:6c:20:f4:
+        0b:5f:69:52:f4:ee:f8:b2:29:60:eb:e3:49:31:21:0d:d6:b5:
+        10:41:e2:41:09:6c:e2:1a:9a:56:4b:77:02:f6:a0:9b:9a:27:
+        87:e8:55:29:71:c2:90:9f:45:78:1a:e1:15:64:3d:d0:0e:d8:
+        a0:76:9f:ae:c5:d0:2e:ea:d6:0f:56:ec:64:7f:5a:9b:14:58:
+        01:27:7e:13:50:c7:6b:2a:e6:68:3c:bf:5c:a0:0a:1b:e1:0e:
+        7a:e9:e2:80:c3:e9:e9:f6:fd:6c:11:9e:d0:e5:28:27:2b:54:
+        32:42:14:82:75:e6:4a:f0:2b:66:75:63:8c:a2:fb:04:3e:83:
+        0e:9b:36:f0:18:e4:26:20:c3:8c:f0:28:07:ad:3c:17:66:88:
+        b5:fd:b6:88
+MD5 Fingerprint=86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
+MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
+TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
+dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
+KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
+N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
+dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
+MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
+b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
+zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
+3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
+WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
+Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
+NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
+ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
+QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
+YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
+aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
+IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
+ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
+ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
+amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
+IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
+Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
+ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
+YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
+dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
+b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
+CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
+xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
+0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
+QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
+f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
+8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 105 (0x69)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
+        Validity
+            Not Before: Feb 25 14:10:22 1999 GMT
+            Not After : Feb 20 14:10:22 2019 GMT
+        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b1:ea:04:ec:20:a0:23:c2:8f:38:60:cf:c7:46:
+                    b3:d5:1b:fe:fb:b9:99:9e:04:dc:1c:7f:8c:4a:81:
+                    98:ee:a4:d4:ca:8a:17:b9:22:7f:83:0a:75:4c:9b:
+                    c0:69:d8:64:39:a3:ed:92:a3:fd:5b:5c:74:1a:c0:
+                    47:ca:3a:69:76:9a:ba:e2:44:17:fc:4c:a3:d5:fe:
+                    b8:97:88:af:88:03:89:1f:a4:f2:04:3e:c8:07:0b:
+                    e6:f9:b3:2f:7a:62:14:09:46:14:ca:64:f5:8b:80:
+                    b5:62:a8:d8:6b:d6:71:93:2d:b3:bf:09:54:58:ed:
+                    06:eb:a8:7b:dc:43:b1:a1:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            Netscape Comment: 
+                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
+    Signature Algorithm: md5WithRSAEncryption
+        04:db:ae:8c:17:af:f8:0e:90:31:4e:cd:3e:09:c0:6d:3a:b0:
+        f8:33:4c:47:4c:e3:75:88:10:97:ac:b0:38:15:91:c6:29:96:
+        cc:21:c0:6d:3c:a5:74:cf:d8:82:a5:39:c3:65:e3:42:70:bb:
+        22:90:e3:7d:db:35:76:e1:a0:b5:da:9f:70:6e:93:1a:30:39:
+        1d:30:db:2e:e3:7c:b2:91:b2:d1:37:29:fa:b9:d6:17:5c:47:
+        4f:e3:1d:38:eb:9f:d5:7b:95:a8:28:9e:15:4a:d1:d1:d0:2b:
+        00:97:a0:e2:92:36:2b:63:ac:58:01:6b:33:29:50:86:83:f1:
+        01:48
+MD5 Fingerprint=39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD
+EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05
+OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l
+dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK
+gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX
+iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc
+Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E
+BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G
+SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu
+b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh
+bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv
+Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln
+aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0
+IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh
+c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph
+biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo
+ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP
+UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj
+YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo
+dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA
+bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06
+sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa
+n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS
+NitjrFgBazMpUIaD8QFI
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 104 (0x68)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
+        Validity
+            Not Before: Feb 25 14:08:11 1999 GMT
+            Not After : Feb 20 14:08:11 2019 GMT
+        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:eb:ec:b0:6c:61:8a:23:25:af:60:20:e3:d9:9f:
+                    fc:93:0b:db:5d:8d:b0:a1:b3:40:3a:82:ce:fd:75:
+                    e0:78:32:03:86:5a:86:95:91:ed:53:fa:9d:40:fc:
+                    e6:e8:dd:d9:5b:7a:03:bd:5d:f3:3b:0c:c3:51:79:
+                    9b:ad:55:a0:e9:d0:03:10:af:0a:ba:14:42:d9:52:
+                    26:11:22:c7:d2:20:cc:82:a4:9a:a9:fe:b8:81:76:
+                    9d:6a:b7:d2:36:75:3e:b1:86:09:f6:6e:6d:7e:4e:
+                    b7:7a:ec:ae:71:84:f6:04:33:08:25:32:eb:74:ac:
+                    16:44:c6:e4:40:93:1d:7f:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:4
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            Netscape Comment: 
+                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
+    Signature Algorithm: md5WithRSAEncryption
+        10:ad:7f:d7:0c:32:80:0a:d8:86:f1:79:98:b5:ad:d4:cd:b3:
+        36:c4:96:48:c1:5c:cd:9a:d9:05:2e:9f:be:50:eb:f4:26:14:
+        10:2d:d4:66:17:f8:9e:c1:27:fd:f1:ed:e4:7b:4b:a0:6c:b5:
+        ab:9a:57:70:a6:ed:a0:a4:ed:2e:f5:fd:fc:bd:fe:4d:37:08:
+        0c:bc:e3:96:83:22:f5:49:1b:7f:4b:2b:b4:54:c1:80:7c:99:
+        4e:1d:d0:8c:ee:d0:ac:e5:92:fa:75:56:fe:64:a0:13:8f:b8:
+        b8:16:9d:61:05:67:80:c8:d0:d8:a5:07:02:34:98:04:8d:33:
+        04:d4
+MD5 Fingerprint=4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
+-----BEGIN CERTIFICATE-----
+MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD
+EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X
+DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw
+DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u
+c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr
+TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA
+OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC
+2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW
+RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P
+AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW
+ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0
+YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz
+b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO
+ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB
+IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs
+b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs
+ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s
+YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg
+a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g
+SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0
+aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg
+YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg
+Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY
+ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g
+pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4
+Fp1hBWeAyNDYpQcCNJgEjTME1A==
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
+        Validity
+            Not Before: Nov  1 17:14:04 2004 GMT
+            Not After : Jan  1 05:37:19 2035 GMT
+        Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:98:24:1e:bd:15:b4:ba:df:c7:8c:a5:27:b6:38:
+                    0b:69:f3:b6:4e:a8:2c:2e:21:1d:5c:44:df:21:5d:
+                    7e:23:74:fe:5e:7e:b4:4a:b7:a6:ad:1f:ae:e0:06:
+                    16:e2:9b:5b:d9:67:74:6b:5d:80:8f:29:9d:86:1b:
+                    d9:9c:0d:98:6d:76:10:28:58:e4:65:b0:7f:4a:98:
+                    79:9f:e0:c3:31:7e:80:2b:b5:8c:c0:40:3b:11:86:
+                    d0:cb:a2:86:36:60:a4:d5:30:82:6d:d9:6e:d0:0f:
+                    12:04:33:97:5f:4f:61:5a:f0:e4:f9:91:ab:e7:1d:
+                    3b:bc:e8:cf:f4:6b:2d:34:7c:e2:48:61:1c:8e:f3:
+                    61:44:cc:6f:a0:4a:a9:94:b0:4d:da:e7:a9:34:7a:
+                    72:38:a8:41:cc:3c:94:11:7d:eb:c8:a6:8c:b7:86:
+                    cb:ca:33:3b:d9:3d:37:8b:fb:7a:3e:86:2c:e7:73:
+                    d7:0a:57:ac:64:9b:19:eb:f4:0f:04:08:8a:ac:03:
+                    17:19:64:f4:5a:25:22:8d:34:2c:b2:f6:68:1d:12:
+                    6d:d3:8a:1e:14:da:c4:8f:a6:e2:23:85:d5:7a:0d:
+                    bd:6a:e0:e9:ec:ec:17:bb:42:1b:67:aa:25:ed:45:
+                    83:21:fc:c1:c9:7c:d5:62:3e:fa:f2:c5:2d:d3:fd:
+                    d4:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            1.3.6.1.4.1.311.20.2: 
+                ...C.A
+            X509v3 Key Usage: 
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B
+            X509v3 CRL Distribution Points: 
+                URI:http://crl.xrampsecurity.com/XGCA.crl
+
+            1.3.6.1.4.1.311.21.1: 
+                ...
+    Signature Algorithm: sha1WithRSAEncryption
+        91:15:39:03:01:1b:67:fb:4a:1c:f9:0a:60:5b:a1:da:4d:97:
+        62:f9:24:53:27:d7:82:64:4e:90:2e:c3:49:1b:2b:9a:dc:fc:
+        a8:78:67:35:f1:1d:f0:11:bd:b7:48:e3:10:f6:0d:df:3f:d2:
+        c9:b6:aa:55:a4:48:ba:02:db:de:59:2e:15:5b:3b:9d:16:7d:
+        47:d7:37:ea:5f:4d:76:12:36:bb:1f:d7:a1:81:04:46:20:a3:
+        2c:6d:a9:9e:01:7e:3f:29:ce:00:93:df:fd:c9:92:73:89:89:
+        64:9e:e7:2b:e4:1c:91:2c:d2:b9:ce:7d:ce:6f:31:99:d3:e6:
+        be:d2:1e:90:f0:09:14:79:5c:23:ab:4d:d2:da:21:1f:4d:99:
+        79:9d:e1:cf:27:9f:10:9b:1c:88:0d:b0:8a:64:41:31:b8:0e:
+        6c:90:24:a4:9b:5c:71:8f:ba:bb:7e:1c:1b:db:6a:80:0f:21:
+        bc:e9:db:a6:b7:40:f4:b2:8b:a9:b1:e4:ef:9a:1a:d0:3d:69:
+        99:ee:a8:28:a3:e1:3c:b3:f0:b2:11:9c:cf:7c:40:e6:dd:e7:
+        43:7d:a2:d8:3a:b5:a9:8d:f2:34:99:c4:d4:10:e1:06:fd:09:
+        84:10:3b:ee:c4:4c:f4:ec:27:7c:42:c2:74:7c:82:8a:09:c9:
+        b4:03:25:bc
+MD5 Fingerprint=A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Validity
+            Not Before: Jun 29 17:06:20 2004 GMT
+            Not After : Jun 29 17:06:20 2034 GMT
+        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
+                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
+                    5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
+                    da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
+                    c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
+                    6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
+                    27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
+                    1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
+                    fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
+                    12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
+                    5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
+                    72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
+                    ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
+                    fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
+                    77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
+                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
+                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
+                    1b:af
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+            X509v3 Authority Key Identifier: 
+                keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
+        14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
+        96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
+        31:f6:7a:c4:54:d7:f6:e5:31:58:03:a2:cc:ce:62:db:94:45:
+        73:b5:bf:45:c9:24:b5:d5:82:02:ad:23:79:69:8d:b8:b6:4d:
+        ce:cf:4c:ca:33:23:e8:1c:88:aa:9d:8b:41:6e:16:c9:20:e5:
+        89:9e:cd:3b:da:70:f7:7e:99:26:20:14:54:25:ab:6e:73:85:
+        e6:9b:21:9d:0a:6c:82:0e:a8:f8:c2:0c:fa:10:1e:6c:96:ef:
+        87:0d:c4:0f:61:8b:ad:ee:83:2b:95:f8:8e:92:84:72:39:eb:
+        20:ea:83:ed:83:cd:97:6e:08:bc:eb:4e:26:b6:73:2b:e4:d3:
+        f6:4c:fe:26:71:e2:61:11:74:4a:ff:57:1a:87:0f:75:48:2e:
+        cf:51:69:17:a0:02:12:61:95:d5:d1:40:b2:10:4c:ee:c4:ac:
+        10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
+        2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
+        7f:db:bd:9f
+MD5 Fingerprint=91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
+        Validity
+            Not Before: Jun 29 17:39:16 2004 GMT
+            Not After : Jun 29 17:39:16 2034 GMT
+        Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:
+                    ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:
+                    c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:
+                    9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:
+                    f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:
+                    a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:
+                    4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:
+                    af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:
+                    d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:
+                    b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:
+                    9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:
+                    b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:
+                    b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:
+                    b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:
+                    5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:
+                    23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:
+                    0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:
+                    01:ab
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+            X509v3 Authority Key Identifier: 
+                keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
+                DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da:9b:01:
+        87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e:cc:c7:5e:6a:
+        d8:83:87:a1:97:ef:49:35:3e:77:06:41:58:62:bf:8e:58:b8:
+        0a:67:3f:ec:b3:dd:21:66:1f:c9:54:fa:72:cc:3d:4c:40:d8:
+        81:af:77:9e:83:7a:bb:a2:c7:f5:34:17:8e:d9:11:40:f4:fc:
+        2c:2a:4d:15:7f:a7:62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:
+        17:b8:f4:bd:8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:
+        2d:7a:a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0:
+        f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be:f5:71:
+        90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58:00:23:ea:e3:
+        12:43:29:5b:47:08:dd:8c:41:6a:65:06:a8:e5:21:aa:41:b4:
+        95:21:95:b9:7d:d1:34:ab:13:d6:ad:bc:dc:e2:3d:39:cd:bd:
+        3e:75:70:a1:18:59:03:c9:22:b4:8f:9c:d5:5e:2a:d7:a5:b6:
+        d4:0a:6d:f8:b7:40:11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:
+        2f:1f:17:94
+MD5 Fingerprint=32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=IL, ST=Israel, L=Eilat, O=StartCom Ltd., OU=CA Authority Dep., CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
+        Validity
+            Not Before: Mar 17 17:37:48 2005 GMT
+            Not After : Mar 10 17:37:48 2035 GMT
+        Subject: C=IL, ST=Israel, L=Eilat, O=StartCom Ltd., OU=CA Authority Dep., CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ed:84:60:00:23:9e:c8:4a:51:29:27:de:3a:a1:
+                    39:b5:69:ab:09:b2:2f:34:fd:61:dc:3d:d3:b0:cf:
+                    b1:d7:c2:c4:c2:b1:e4:96:56:c4:be:aa:14:0e:e7:
+                    cc:3a:50:c8:3a:62:9d:c3:a3:ac:59:7b:8e:ee:55:
+                    1a:1c:47:be:a3:97:39:b3:b5:ef:23:2c:08:e8:d8:
+                    af:73:2f:b9:c9:83:e8:ed:00:0f:c8:75:a5:2f:34:
+                    4c:18:e8:76:88:23:49:8a:db:b6:ed:68:da:c3:b5:
+                    62:29:4c:a5:4b:b7:98:b4:09:14:10:a0:f8:fe:62:
+                    76:22:15:0b:a4:d6:08:2f:35
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                1C:89:C3:96:CC:BD:FE:32:D5:0D:8C:81:31:B6:98:9D:8D:28:64:8D
+            X509v3 Authority Key Identifier: 
+                keyid:1C:89:C3:96:CC:BD:FE:32:D5:0D:8C:81:31:B6:98:9D:8D:28:64:8D
+                DirName:/C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
+                serial:00
+
+            X509v3 Subject Alternative Name: 
+                email:admin@startcom.org
+            X509v3 Issuer Alternative Name: 
+                email:admin@startcom.org
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            Netscape Comment: 
+                Free SSL Certification Authority
+            Netscape CA Revocation Url: 
+                http://cert.startcom.org/ca-crl.crl
+            Netscape Base Url: 
+                http://cert.startcom.org/
+            Netscape CA Policy Url: 
+                http://cert.startcom.org/index.php?app=111
+    Signature Algorithm: md5WithRSAEncryption
+        6c:71:25:e1:9e:34:91:21:ef:db:6c:bd:01:08:56:8f:88:d8:
+        41:3a:53:f5:72:df:27:57:4b:76:84:f7:68:a4:fe:eb:3f:09:
+        7e:28:b8:57:ea:1f:c1:aa:e2:ff:96:9f:49:99:e6:b2:95:73:
+        96:c6:48:c7:5e:8d:07:72:56:f8:83:8f:9f:77:af:29:d3:45:
+        0e:a4:ee:b0:36:74:2d:f0:cd:98:23:7b:37:4b:da:fe:51:98:
+        c4:1e:34:3c:88:fd:99:3b:50:a7:c1:8b:33:c7:c2:52:16:12:
+        95:53:65:22:ef:ba:8b:ce:62:db:70:23:b1:80:df:1a:20:38:
+        e7:7e
+MD5 Fingerprint=08:7C:58:1F:52:2B:44:B4:3B:79:CD:01:F8:C5:C3:C9
+-----BEGIN CERTIFICATE-----
+MIIFFjCCBH+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCSUwx
+DzANBgNVBAgTBklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0
+Q29tIEx0ZC4xGjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBG
+cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
+YWRtaW5Ac3RhcnRjb20ub3JnMB4XDTA1MDMxNzE3Mzc0OFoXDTM1MDMxMDE3Mzc0
+OFowgbAxCzAJBgNVBAYTAklMMQ8wDQYDVQQIEwZJc3JhZWwxDjAMBgNVBAcTBUVp
+bGF0MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMRowGAYDVQQLExFDQSBBdXRob3Jp
+dHkgRGVwLjEpMCcGA1UEAxMgRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkxITAfBgkqhkiG9w0BCQEWEmFkbWluQHN0YXJ0Y29tLm9yZzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA7YRgACOeyEpRKSfeOqE5tWmrCbIvNP1h3D3TsM+x
+18LEwrHkllbEvqoUDufMOlDIOmKdw6OsWXuO7lUaHEe+o5c5s7XvIywI6Nivcy+5
+yYPo7QAPyHWlLzRMGOh2iCNJitu27Wjaw7ViKUylS7eYtAkUEKD4/mJ2IhULpNYI
+LzUCAwEAAaOCAjwwggI4MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMB0G
+A1UdDgQWBBQcicOWzL3+MtUNjIExtpidjShkjTCB3QYDVR0jBIHVMIHSgBQcicOW
+zL3+MtUNjIExtpidjShkjaGBtqSBszCBsDELMAkGA1UEBhMCSUwxDzANBgNVBAgT
+BklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x
+GjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBGcmVlIFNTTCBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSYWRtaW5Ac3Rh
+cnRjb20ub3JnggEAMB0GA1UdEQQWMBSBEmFkbWluQHN0YXJ0Y29tLm9yZzAdBgNV
+HRIEFjAUgRJhZG1pbkBzdGFydGNvbS5vcmcwEQYJYIZIAYb4QgEBBAQDAgAHMC8G
+CWCGSAGG+EIBDQQiFiBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAy
+BglghkgBhvhCAQQEJRYjaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL2NhLWNybC5j
+cmwwKAYJYIZIAYb4QgECBBsWGWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy8wOQYJ
+YIZIAYb4QgEIBCwWKmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbmRleC5waHA/
+YXBwPTExMTANBgkqhkiG9w0BAQQFAAOBgQBscSXhnjSRIe/bbL0BCFaPiNhBOlP1
+ct8nV0t2hPdopP7rPwl+KLhX6h/BquL/lp9JmeaylXOWxkjHXo0Hclb4g4+fd68p
+00UOpO6wNnQt8M2YI3s3S9r+UZjEHjQ8iP2ZO1CnwYszx8JSFhKVU2Ui77qLzmLb
+cCOxgN8aIDjnfg==
+-----END CERTIFICATE-----
+
+
+#
+#  RHNS CA certificate.  Appended to the ca-bundle at package build-time.
+#
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat, Inc., OU=Red Hat Network Services, CN=RHNS Certificate Authority/Email=rhns@redhat.com
+        Validity
+            Not Before: Aug 23 22:45:55 2000 GMT
+            Not After : Aug 28 22:45:55 2003 GMT
+        Subject: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat, Inc., OU=Red Hat Network Services, CN=RHNS Certificate Authority/Email=rhns@redhat.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c0:68:2b:12:30:e2:21:2d:22:c6:72:71:5b:bf:
+                    17:a0:93:10:e9:9b:e3:c9:8d:3b:2d:ac:c4:bb:95:
+                    3b:e0:ca:55:32:dc:95:c2:10:b3:04:b2:51:fb:e8:
+                    85:61:16:34:a5:b4:1d:67:5c:a7:77:f4:f0:92:da:
+                    b4:8b:af:95:93:62:f3:66:29:ae:c0:88:b7:64:84:
+                    0e:48:90:60:f8:60:3e:00:7f:54:dd:17:a6:ac:18:
+                    e0:42:de:7c:be:90:81:f7:f4:05:85:0a:08:cc:d5:
+                    f2:9f:fc:24:8b:77:a5:3d:e9:48:a9:ef:0f:3b:63:
+                    a3:fe:a6:83:4c:e8:dc:0b:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                54:15:CD:9F:2C:F7:EC:0D:1F:D2:A8:BE:4C:07:AC:88:3E:FB:9B:0A
+            X509v3 Authority Key Identifier: 
+                keyid:54:15:CD:9F:2C:F7:EC:0D:1F:D2:A8:BE:4C:07:AC:88:3E:FB:9B:0A
+                DirName:/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red Hat Network Services/CN=RHNS Certificate Authority/Email=rhns@redhat.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        93:01:88:88:67:67:91:8c:9e:d0:12:14:90:71:12:87:55:0a:
+        f2:52:1b:ad:f2:d3:07:1d:af:70:99:bb:b0:cd:80:23:c9:ed:
+        2b:73:e9:63:b1:d0:b3:8c:60:c5:42:64:a6:c1:95:56:90:c5:
+        35:06:03:58:f5:8e:2b:d9:f9:a9:a0:10:a9:99:f7:15:42:92:
+        a5:50:d7:11:07:f1:02:d5:e0:70:e4:55:6e:2a:ce:25:f8:5d:
+        cd:0b:2f:10:61:f8:f6:20:42:cc:c3:89:f8:8a:4f:82:24:12:
+        cf:39:7f:21:a8:2c:8d:52:97:52:c5:f7:5f:42:a5:87:09:66:
+        b0:cc
+-----BEGIN CERTIFICATE-----
+MIIEMDCCA5mgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBxzELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlh
+bmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQg
+SGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wHhcNMDAw
+ODIzMjI0NTU1WhcNMDMwODI4MjI0NTU1WjCBxzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlhbmdsZSBQ
+YXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQgSGF0IE5l
+dHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMBoKxIw4iEtIsZycVu/F6CTEOmb48mNOy2sxLuVO+DK
+VTLclcIQswSyUfvohWEWNKW0HWdcp3f08JLatIuvlZNi82YprsCIt2SEDkiQYPhg
+PgB/VN0XpqwY4ELefL6Qgff0BYUKCMzV8p/8JIt3pT3pSKnvDztjo/6mg0zo3At3
+AgMBAAGjggEoMIIBJDAdBgNVHQ4EFgQUVBXNnyz37A0f0qi+TAesiD77mwowgfQG
+A1UdIwSB7DCB6YAUVBXNnyz37A0f0qi+TAesiD77mwqhgc2kgcowgccxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEfMB0GA1UEBxMWUmVzZWFy
+Y2ggVHJpYW5nbGUgUGFyazEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEhMB8GA1UE
+CxMYUmVkIEhhdCBOZXR3b3JrIFNlcnZpY2VzMSMwIQYDVQQDExpSSE5TIENlcnRp
+ZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPcmhuc0ByZWRoYXQuY29t
+ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAkwGIiGdnkYye0BIU
+kHESh1UK8lIbrfLTBx2vcJm7sM2AI8ntK3PpY7HQs4xgxUJkpsGVVpDFNQYDWPWO
+K9n5qaAQqZn3FUKSpVDXEQfxAtXgcORVbirOJfhdzQsvEGH49iBCzMOJ+IpPgiQS
+zzl/IagsjVKXUsX3X0KlhwlmsMw=
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
+        Validity
+            Not Before: Sep  5 20:45:16 2002 GMT
+            Not After : Sep  9 20:45:16 2007 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b3:16:b7:c5:f5:b9:69:51:1f:cd:b4:3d:70:cf:
+                    60:57:85:a4:2a:a7:5d:28:22:0e:ec:19:e2:92:f7:
+                    48:97:a6:a6:1f:51:95:83:11:8f:9a:98:a2:90:e0:
+                    cb:4a:24:19:94:a8:8a:4b:88:b4:06:6c:ce:77:d7:
+                    15:3b:3c:cd:66:83:cf:23:1d:0d:bc:0a:0c:cb:1f:
+                    cb:40:fb:f3:d9:fe:2a:b4:85:2c:7b:c9:a1:fe:f3:
+                    8f:68:1d:f2:12:b1:a4:16:19:ce:0f:b8:9a:9c:d9:
+                    bc:5f:49:62:b2:95:93:ce:5d:2e:dd:79:3c:f1:5b:
+                    a6:b7:a2:b5:39:0d:8e:12:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
+            X509v3 Authority Key Identifier: 
+                keyid:7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
+                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        28:4d:42:e5:34:22:dd:c6:86:63:04:75:52:67:17:45:72:f2:
+        3b:21:2b:45:59:72:73:f7:59:36:9d:57:43:c6:dc:94:0f:0e:
+        ff:13:5c:4f:50:37:85:b2:e4:c2:1f:35:9f:74:f4:e7:53:fb:
+        a1:06:b8:39:ce:e4:0a:86:7b:5f:28:5d:c7:11:9e:12:a5:d6:
+        b9:6c:e9:18:09:d5:f0:42:e7:54:b5:91:9e:23:ad:12:7a:aa:
+        72:7c:39:3c:83:f8:75:a4:7b:03:92:ff:2a:d4:c5:76:19:12:
+        fa:b4:3b:b0:89:2c:95:8c:01:90:0d:d8:ba:06:05:61:00:ac:
+        95:da
+-----BEGIN CERTIFICATE-----
+MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
+VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
+BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
+EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMjA5MDUyMDQ1MTZaFw0wNzA5MDkyMDQ1
+MTZaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
+BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
+D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCzFrfF9blpUR/NtD1wz2BXhaQqp10oIg7sGeKS
+90iXpqYfUZWDEY+amKKQ4MtKJBmUqIpLiLQGbM531xU7PM1mg88jHQ28CgzLH8tA
++/PZ/iq0hSx7yaH+849oHfISsaQWGc4PuJqc2bxfSWKylZPOXS7deTzxW6a3orU5
+DY4SMQIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFH8bZKEuAsWofbjRsYsGnaOpUGOS
+MIHeBgNVHSMEgdYwgdOAFH8bZKEuAsWofbjRsYsGnaOpUGOSoYG3pIG0MIGxMQsw
+CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
+bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
+TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
+CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEEBQADgYEAKE1C5TQi3caGYwR1UmcXRXLyOyErRVlyc/dZNp1X
+Q8bclA8O/xNcT1A3hbLkwh81n3T051P7oQa4Oc7kCoZ7XyhdxxGeEqXWuWzpGAnV
+8ELnVLWRniOtEnqqcnw5PIP4daR7A5L/KtTFdhkS+rQ7sIkslYwBkA3YugYFYQCs
+ldo=
+-----END CERTIFICATE-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
+        Validity
+            Not Before: Aug 29 02:10:55 2003 GMT
+            Not After : Aug 26 02:10:55 2013 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:61:63:eb:3d:8b:2b:45:48:e6:c2:fb:7c:d2:
+                    21:21:b8:ec:90:93:41:30:7c:2c:8d:79:d5:14:e9:
+                    0e:7e:3f:ef:d6:0a:9b:0a:a6:02:52:01:2d:26:96:
+                    a4:ed:bd:a9:9e:aa:08:03:c1:61:0a:41:80:ea:ae:
+                    74:cc:61:26:d0:05:91:55:3e:66:14:a2:20:b3:d6:
+                    9d:71:0c:ab:77:cc:f4:f0:11:b5:25:33:8a:4e:22:
+                    9a:10:36:67:fa:11:6d:48:76:3a:1f:d2:e3:44:7b:
+                    89:66:be:b4:85:fb:2f:a6:aa:13:fa:9a:6d:c9:bb:
+                    18:c4:04:af:4f:15:69:89:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+            69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
+            X509v3 Authority Key Identifier: 
+            keyid:69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
+            DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
+            serial:00
+
+            X509v3 Basic Constraints: 
+            CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        23:c9:ca:07:9f:5e:96:39:83:e0:4e:da:dd:47:84:30:ca:d4:
+        d5:38:86:f9:de:88:83:ca:2c:47:26:36:ab:f4:14:1e:28:29:
+        de:7d:10:4a:5e:91:3e:5a:99:07:0c:a9:2e:e3:fb:78:44:49:
+        c5:32:d6:e8:7a:97:ff:29:d0:33:ae:26:ba:76:06:7e:79:97:
+        17:0c:4f:2d:2a:8b:8a:ac:41:59:ae:e9:c4:55:2d:b9:88:df:
+        9b:7b:41:f8:32:2e:ee:c9:c0:59:e2:30:57:5e:37:47:29:c0:
+        2d:78:33:d3:ce:a3:2b:dc:84:da:bf:3b:2e:4b:b6:b3:b6:4e:
+        9e:80
+-----BEGIN CERTIFICATE-----
+MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
+VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
+BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
+EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMzA4MjkwMjEwNTVaFw0xMzA4MjYwMjEw
+NTVaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
+BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
+D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
+cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQC/YWPrPYsrRUjmwvt80iEhuOyQk0EwfCyNedUU
+6Q5+P+/WCpsKpgJSAS0mlqTtvameqggDwWEKQYDqrnTMYSbQBZFVPmYUoiCz1p1x
+DKt3zPTwEbUlM4pOIpoQNmf6EW1Idjof0uNEe4lmvrSF+y+mqhP6mm3JuxjEBK9P
+FWmJmwIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFGlEJwXcLu2l9IHE13hF50Rd+IdH
+MIHeBgNVHSMEgdYwgdOAFGlEJwXcLu2l9IHE13hF50Rd+IdHoYG3pIG0MIGxMQsw
+CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
+bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
+TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
+CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEEBQADgYEAI8nKB59eljmD4E7a3UeEMMrU1TiG+d6Ig8osRyY2
+q/QUHigp3n0QSl6RPlqZBwypLuP7eERJxTLW6HqX/ynQM64munYGfnmXFwxPLSqL
+iqxBWa7pxFUtuYjfm3tB+DIu7snAWeIwV143RynALXgz086jK9yE2r87Lku2s7ZO
+noA=
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index a10737e90c..5bb7b29c57 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -47,6 +47,7 @@
 #include <pthread.h>
 #endif
 
+#include "os_port.h"
 #include "ssl.h"
 
 #define DEFAULT_CERT            "../ssl/test/axTLS.x509_512.cer"
@@ -694,6 +695,16 @@ static int cert_tests(void)
     x509_free(x509_ctx);
     free(buf);
 
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        printf("Cert #10\n");
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
     res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 
@@ -1008,7 +1019,8 @@ int SSL_server_tests(void)
     /* 
      * 512 bit RSA key 
      */
-    if ((ret = SSL_server_test("512 bit key", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("512 bit key", 
+                    "-cipher RC4-SHA", 
                     "../ssl/test/axTLS.x509_512.cer", NULL, 
                     "../ssl/test/axTLS.key_512",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
@@ -1018,13 +1030,21 @@ int SSL_server_tests(void)
      * 1024 bit RSA key (check certificate chaining)
      */
     if ((ret = SSL_server_test("1024 bit key", 
-                    "-cipher RC4-SHA", 
-                    "../ssl/test/axTLS.x509_device.cer", 
-                    "../ssl/test/axTLS.x509_512.cer", 
-                    "../ssl/test/axTLS.device_key",
+                    "-cipher RC4-SHA",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
                     NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
+    /* 
+     * 1042 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test("1042 bit key", 
+                    "-cipher RC4-SHA",
+                    "../ssl/test/axTLS.x509_1042.cer", NULL, 
+                    "../ssl/test/axTLS.key_1042",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
     /* 
      * 2048 bit RSA key 
      */
@@ -1311,7 +1331,7 @@ static int SSL_client_test(
 #endif
     }
     
-    sleep(5);           /* allow server to start */
+    usleep(500000);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1354,8 +1374,8 @@ static int SSL_client_test(
             }
         }
 
-	if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
-				"../ssl/test/axTLS.ca_x509.cer", NULL))
+        if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                "../ssl/test/axTLS.ca_x509.cer", NULL))
         {
             printf("could not add cert auth\n"); TTY_FLUSH();
             goto client_test_exit;
@@ -1566,6 +1586,23 @@ int SSL_client_tests(void)
     }
 
     printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    /* invalid cert type */
+    if ((ret = SSL_client_test("Error: Invalid certificate type", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.x509_1024.cer", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")) 
+                            != SSL_ERROR_INVALID_KEY)
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Invalid certificate type\" passed\n");
     ret = 0;
 
 cleanup:
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 9d1be37829..2d5ab76d6b 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -399,7 +399,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
         i++;
 
-    if (i > CONFIG_X509_MAX_CA_CERTS)
+    if (i >= CONFIG_X509_MAX_CA_CERTS)
     {
 #ifdef CONFIG_SSL_FULL_MODE
         printf("Error: maximum number of CA certs added - change of "
@@ -422,7 +422,6 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     return ret;
 }
 
-
 /*
  * Retrieve an X.509 distinguished name component
  */

From 9e082c868e4a905b9fd6e391fa5dc01a51f856b4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 4 Jan 2011 01:34:46 +0000
Subject: [PATCH 158/301] Ignore CA cert errors (caused by invalid signature
 types in cert bundles)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@189 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/bigint.c    |  8 ++++----
 ssl/asn1.c         |  4 ++--
 ssl/test/ssltest.c | 21 +++++++++++----------
 ssl/tls1.c         |  6 ++----
 ssl/x509.c         |  5 ++++-
 5 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index d131e8ab54..93195c623b 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -961,17 +961,17 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
         {
             uint8_t c = 0;
             long_comp xx = (long_comp)x[i]*x[j];
-            if (COMP_MAX-xx < xx)
+            if ((COMP_MAX-xx) < xx)
                 c = 1;
 
             tmp = (xx<<1);
 
-            if (COMP_MAX-tmp < w[i+j])
+            if ((COMP_MAX-tmp) < w[i+j])
                 c = 1;
 
             tmp += w[i+j];
 
-            if (COMP_MAX-tmp < carry)
+            if ((COMP_MAX-tmp) < carry)
                 c = 1;
 
             tmp += carry;
@@ -982,7 +982,7 @@ static bigint *regular_square(BI_CTX *ctx, bigint *bi)
                 carry += COMP_RADIX;
         }
 
-        tmp = carry + w[i+t];
+        tmp = w[i+t] + carry;
         w[i+t] = (comp)tmp;
         w[i+t+1] = tmp >> COMP_BIT_SIZE;
     } while (++i < t);
diff --git a/ssl/asn1.c b/ssl/asn1.c
index ca2701ef3a..d99b0a8b54 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -50,7 +50,7 @@ static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] =
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
 };
 
-static const uint8_t sig_iis6_oid[SIG_IIS6_OID_SIZE] =
+static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
 {
     0x2b, 0x0e, 0x03, 0x02, 0x1d
 };
@@ -540,7 +540,7 @@ int asn1_signature_type(const uint8_t *cert,
 
     len = get_asn1_length(cert, offset);
 
-    if (len == 5 && memcmp(sig_iis6_oid, &cert[*offset], 
+    if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
                                     SIG_IIS6_OID_SIZE) == 0)
     {
         x509_ctx->sig_type = SIG_TYPE_SHA1;
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 5bb7b29c57..9712402c70 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -572,6 +572,17 @@ static int cert_tests(void)
     SSL_CTX *ssl_ctx;
     uint8_t *buf;
 
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        printf("Cert #10\n");
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    exit(0);
+
     /* check a bunch of 3rd party certificates */
     ssl_ctx = ssl_ctx_new(0, 0);
     len = get_file("../ssl/test/microsoft.x509_ca", &buf);
@@ -695,16 +706,6 @@ static int cert_tests(void)
     x509_free(x509_ctx);
     free(buf);
 
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
-            "../ssl/test/ca-bundle.crt", NULL))
-    {
-        printf("Cert #10\n");
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-
     res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 2d5ab76d6b..84632020a8 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -386,9 +386,9 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
  */
 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
-    int ret = SSL_ERROR_NO_CERT_DEFINED;
     int i = 0;
     int offset;
+    int ret = SSL_OK; /* ignore errors for now */
     CA_CERT_CTX *ca_cert_ctx;
 
     if (ssl_ctx->ca_cert_ctx == NULL)
@@ -408,9 +408,7 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
         goto error;
     }
 
-    if ((ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i])))
-        goto error;
-
+    ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i]);
     len -= offset;
     ret = SSL_OK;           /* ok so far */
 
diff --git a/ssl/x509.c b/ssl/x509.c
index dcdea04f1f..c297ed67fc 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -113,7 +113,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
             asn1_validity(cert, &offset, x509_ctx) ||
             asn1_name(cert, &offset, x509_ctx->cert_dn) ||
             asn1_public_key(cert, &offset, x509_ctx))
+    {
         goto end_cert;
+    }
 
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
@@ -210,7 +212,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 #ifdef CONFIG_SSL_FULL_MODE
     if (ret)
     {
-        printf("Error: Invalid X509 ASN.1 file\n");
+        printf("Error: Invalid X509 ASN.1 file (%s)\n",
+                        x509_display_error(ret));
     }
 #endif
 

From 26e256c758752b371a1f7467ff7da385c8f6181c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 4 Jan 2011 04:20:21 +0000
Subject: [PATCH 159/301] Added some certificate loading tweaks.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@190 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in          |     2 +-
 ssl/loader.c           |   131 +-
 ssl/test/ca-bundle.crt | 10832 ++++++++++++---------------------------
 ssl/test/ssltest.c     |    41 +-
 ssl/tls1.c             |    29 +-
 ssl/x509.c             |     6 +-
 6 files changed, 3323 insertions(+), 7718 deletions(-)

diff --git a/ssl/Config.in b/ssl/Config.in
index 557499c0dc..cd84c9566f 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -252,7 +252,7 @@ config CONFIG_SSL_EXPIRY_TIME
 
 config CONFIG_X509_MAX_CA_CERTS
     int "Maximum number of certificate authorites"
-    default 120 if CONFIG_SSL_CERT_VERIFICATION
+    default 150 if CONFIG_SSL_CERT_VERIFICATION
     depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
         Determines the number of CA's allowed. 
diff --git a/ssl/loader.c b/ssl/loader.c
index ab3c266519..96679a5667 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -290,78 +290,91 @@ static int pem_decrypt(const char *where, const char *end,
 static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
                     int remain, const char *password)
 {
-    int ret = SSL_OK;
+    int ret = SSL_ERROR_BAD_CERTIFICATE;
     SSLObjLoader *ssl_obj = NULL;
-    int i, pem_size, obj_type;
-    char *start = NULL, *end = NULL;
 
-    for (i = 0; i < NUM_PEM_TYPES; i++)
+    while (remain > 0)
     {
-        if ((start = strstr(where, begins[i])) &&
-                (end = strstr(where, ends[i])))
-        {
-            remain -= (int)(end-start);
-            start += strlen(begins[i]);
-            pem_size = (int)(end-start);
-
-            ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+        int i, pem_size, obj_type;
+        char *start = NULL, *end = NULL;
 
-            /* 4/3 bigger than what we need but so what */
-            ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
-
-            if (i == IS_RSA_PRIVATE_KEY && 
-                        strstr(start, "Proc-Type:") && 
-                        strstr(start, "4,ENCRYPTED"))
+        for (i = 0; i < NUM_PEM_TYPES; i++)
+        {
+            if ((start = strstr(where, begins[i])) &&
+                    (end = strstr(where, ends[i])))
             {
-                /* check for encrypted PEM file */
-                if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                remain -= (int)(end-start);
+                start += strlen(begins[i]);
+                pem_size = (int)(end-start);
+
+                ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+                /* 4/3 bigger than what we need but so what */
+                ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+
+                if (i == IS_RSA_PRIVATE_KEY && 
+                            strstr(start, "Proc-Type:") && 
+                            strstr(start, "4,ENCRYPTED"))
+                {
+                    /* check for encrypted PEM file */
+                    if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+                else if (base64_decode(start, pem_size, 
+                            ssl_obj->buf, &ssl_obj->len) != 0)
+                {
+                    ret = SSL_ERROR_BAD_CERTIFICATE;
                     goto error;
-            }
-            else if (base64_decode(start, pem_size, 
-                        ssl_obj->buf, &ssl_obj->len) != 0)
-                goto error;
-
-            switch (i)
-            {
-                case IS_RSA_PRIVATE_KEY:
-                    obj_type = SSL_OBJ_RSA_KEY;
-                    break;
-
-                case IS_ENCRYPTED_PRIVATE_KEY:
-                    obj_type = SSL_OBJ_PKCS8;
-                    break;
-
-                case IS_CERTIFICATE:
-                    obj_type = is_cacert ?
-                                    SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
-                    break;
-
-                default:
+                }
+
+                switch (i)
+                {
+                    case IS_RSA_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_RSA_KEY;
+                        break;
+
+                    case IS_ENCRYPTED_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_PKCS8;
+                        break;
+
+                    case IS_CERTIFICATE:
+                        obj_type = is_cacert ?
+                                        SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                        break;
+
+                    default:
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                }
+
+                /* In a format we can now understand - so process it */
+                if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
                     goto error;
-            }
 
-            /* In a format we can now understand - so process it */
-            if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
-                goto error;
+                end += strlen(ends[i]);
+                remain -= strlen(ends[i]);
+                while (remain > 0 && (*end == '\r' || *end == '\n'))
+                {
+                    end++;
+                    remain--;
+                }
 
-            end += strlen(ends[i]);
-            remain -= strlen(ends[i]);
-            while (remain > 0 && (*end == '\r' || *end == '\n'))
-            {
-                end++;
-                remain--;
+                break;
             }
-
-            break;
         }
-    }
 
-    if (i == NUM_PEM_TYPES)
-        goto error;
+        ssl_obj_free(ssl_obj);
+        ssl_obj = NULL;
 
-    /* more PEM stuff to process? */
-    if (remain)
-        ret = new_pem_obj(ssl_ctx, is_cacert, end, remain, password);
+        if (i == NUM_PEM_TYPES)
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+    }
 
 error:
     ssl_obj_free(ssl_obj);
diff --git a/ssl/test/ca-bundle.crt b/ssl/test/ca-bundle.crt
index 1e5553b213..0c002393a3 100644
--- a/ssl/test/ca-bundle.crt
+++ b/ssl/test/ca-bundle.crt
@@ -1,577 +1,56 @@
-# This is a bundle of X.509 certificates of public Certificate
-# Authorities.  It was generated from the Mozilla root CA list.
-#
-# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-#
-# Generated from certdata.txt RCS revision 1.39
-#
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
-MD5 Fingerprint=74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
 -----BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 419 (0x1a3)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
-        Validity
-            Not Before: Feb 23 23:01:00 1996 GMT
-            Not After : Feb 23 23:59:00 2006 GMT
-        Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f:
-                    46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a:
-                    e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7:
-                    3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca:
-                    9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c:
-                    d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a:
-                    09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96:
-                    df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d:
-                    06:80:63:39:c4:a2:5e:38:03
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23:
-        63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29:
-        e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63:
-        c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4:
-        21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c:
-        6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5:
-        34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5:
-        25:d8
-MD5 Fingerprint=C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
------BEGIN CERTIFICATE-----
-MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
-b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
-UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
-cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
-RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
-ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
-1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
-dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
-IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
-bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 421 (0x1a5)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
-        Validity
-            Not Before: Aug 13 00:29:00 1998 GMT
-            Not After : Aug 13 23:59:00 2018 GMT
-        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
-                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
-                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
-                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
-                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
-                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
-                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
-                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
-                    c7:79:b4:1f:05:2f:3b:62:99
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
-        a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
-        81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
-        7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
-        4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
-        a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
-        85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
-        7a:7f
-MD5 Fingerprint=CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
------BEGIN CERTIFICATE-----
-MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
-VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
-bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
-b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
-UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
-cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
-b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
-iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
-r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
-04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
-GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
-3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
-lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35:
-                    a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49:
-                    9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17:
-                    22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c:
-                    4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4:
-                    08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88:
-                    11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9:
-                    56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44:
-                    fb:1b:5b:18:d1:bf:23:93:21
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b:
-        53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9:
-        d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27:
-        a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f:
-        cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d:
-        4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50:
-        df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df:
-        22:b1
-MD5 Fingerprint=E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
------BEGIN CERTIFICATE-----
-MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
-IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
-DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
-EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
-ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
-QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
-dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
-wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
-G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
-AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
-c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
-9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13:
-                    45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed:
-                    fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7:
-                    73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3:
-                    f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e:
-                    7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d:
-                    4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25:
-                    08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b:
-                    f2:98:dd:36:42:b2:da:88:75
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5:
-        36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f:
-        85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3:
-        14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30:
-        25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb:
-        56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19:
-        e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b:
-        31:89
-MD5 Fingerprint=3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
-dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
-bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
-QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
-BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
-IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
-bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
-Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
-Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
-Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
-ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
-b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
-KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
-        Validity
-            Not Before: Jan  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51:
-                    b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85:
-                    25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e:
-                    19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e:
-                    44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3:
-                    87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14:
-                    a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e:
-                    9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98:
-                    91:fd:79:db:e5:5a:c4:1c:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0:
-        6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96:
-        8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d:
-        98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5:
-        0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23:
-        26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15:
-        ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77:
-        a2:81
-MD5 Fingerprint=1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
------BEGIN CERTIFICATE-----
-MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
-VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
-ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
-YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
-Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
-AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
-MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
-cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
-d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
-DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
-rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
-uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
-MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
-/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
-gQ==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
-        Validity
-            Not Before: Aug  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
-                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
-                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
-                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
-                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
-                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
-                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
-                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
-                    3a:c2:b5:66:22:12:d6:87:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
-        a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
-        3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
-        4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
-        8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
-        e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
-        b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
-        70:47
-MD5 Fingerprint=C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
-MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
-MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
-DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
-dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
-cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
-DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
-yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
-L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
-EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
-7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
-qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
-        Validity
-            Not Before: Aug  1 00:00:00 1996 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
-                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
-                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
-                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
-                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
-                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
-                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
-                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
-                    8d:f4:42:4d:e7:40:9d:1c:37
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
-        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
-        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
-        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
-        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
-        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
-        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
-        14:42
-MD5 Fingerprint=06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
-MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
-MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
-A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
-cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
-VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
-ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
-uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
-pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 903804111 (0x35def4cf)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Validity
-            Not Before: Aug 22 16:41:51 1998 GMT
-            Not After : Aug 22 16:41:51 2018 GMT
-        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
-                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
-                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
-                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
-                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
-                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
-                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
-                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
-                    3a:88:e7:bf:14:fd:e0:c7:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not After: Aug 22 16:41:51 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-
-            X509v3 Subject Key Identifier: 
-                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V3.0c....
-    Signature Algorithm: sha1WithRSAEncryption
-        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
-        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
-        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
-        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
-        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
-        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
-        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
-        77:38
-MD5 Fingerprint=67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
-MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
-dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
-BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
-cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
-AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
-MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
-ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
-IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
-MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
-A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
-7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
-1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx
+EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h
+bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy
+YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp
+Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy
+MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG
+A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt
+YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD
+VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA
+isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj
+Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50
+QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt
+bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR
+yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID
+AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0
+cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f
+BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj
+cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1
+U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl
+YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos
+SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/
+t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u
+mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb
+K+9A46sd33oqK8n8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIESzCCAzOgAwIBAgIJAJigUTEEXRQpMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xDjAMBgNVBAcTBUZ1bGRhMRAwDgYDVQQK
+EwdEZWJjb25mMRMwEQYDVQQDEwpEZWJjb25mIENBMR8wHQYJKoZIhvcNAQkBFhBq
+b2VyZ0BkZWJpYW4ub3JnMB4XDTA1MTEwNTE3NTUxNFoXDTE1MTEwMzE3NTUxNFow
+djELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEOMAwGA1UEBxMFRnVsZGEx
+EDAOBgNVBAoTB0RlYmNvbmYxEzARBgNVBAMTCkRlYmNvbmYgQ0ExHzAdBgkqhkiG
+9w0BCQEWEGpvZXJnQGRlYmlhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCvbOo0SrIwI5IMlsshH8WF3dHB9r9JlSKhMPaybawa1EyvZspMQ3wa
+F5qxNf3Sj+NElEmjseEqvCZiIIzqwerHu0Qw62cDYCdCd2+Wb5m0bPYB5CGHiyU1
+eNP0je42O0YeXG2BvUujN8AviocVo39X2YwNQ0ryy4OaqYgm2pRlbtT2ESbF+SfV
+Y2iqQj/f8ymF+lHo/pz8tbAqxWcqaSiHFAVQJrdqtFhtoodoNiE3q76zJoUkZTXB
+k60Yc3MJSnatZCpnsSBr/D7zpntl0THrUjjtdRWCjQVhqfhM1yZJV+ApbLdheFh0
+ZWlSxdnp25p0q0XYw/7G92ELyFDfBUUNAgMBAAGjgdswgdgwHQYDVR0OBBYEFMuV
+dFNb4mCWUFbcP5LOtxFLrEVTMIGoBgNVHSMEgaAwgZ2AFMuVdFNb4mCWUFbcP5LO
+txFLrEVToXqkeDB2MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMQ4wDAYD
+VQQHEwVGdWxkYTEQMA4GA1UEChMHRGViY29uZjETMBEGA1UEAxMKRGViY29uZiBD
+QTEfMB0GCSqGSIb3DQEJARYQam9lcmdAZGViaWFuLm9yZ4IJAJigUTEEXRQpMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGZXxHg4mnkvilRIM1EQfGdY
+S5b/WcyF2MYSTeTvK4aIB6VHwpZoZCnDGj2m2D3CkHT0upAD9o0zM1tdsfncLzV+
+mDT/jNmBtYo4QXx5vEPwvEIcgrWjwk7SyaEUhZjtolTkHB7ACl0oD0r71St4iEPR
+qTUCEXk2E47bg1Fz58wNt/yo2+4iqiRjg1XCH4evkQuhpW+dTZnDyFNqwSYZapOE
+TBA+9zBb6xD1KM2DdY7r4GiyYItN0BKLfuWbh9LXGbl1C+f4P11g+m2MPiavIeCe
+1iazG5pcS3KoTLACsYlEX24TINtg4kcuS81XdllcnsV3Kdts0nIqPj6uhTTZD0k=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d0:1e:40:90:00:00:46:52:00:00:00:01:00:00:00:04
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=DC, L=Washington, O=ABA.ECOM, INC., CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
-        Validity
-            Not Before: Jul 12 17:33:53 1999 GMT
-            Not After : Jul  9 17:33:53 2009 GMT
-        Subject: C=US, ST=DC, L=Washington, O=ABA.ECOM, INC., CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b1:d3:11:e0:79:55:43:07:08:4c:cb:05:42:00:
-                    e2:0d:83:46:3d:e4:93:ba:b6:06:d3:0d:59:bd:3e:
-                    c1:ce:43:67:01:8a:21:a8:ef:bc:cc:d0:a2:cc:b0:
-                    55:96:53:84:66:05:00:da:44:49:80:d8:54:0a:a5:
-                    25:86:94:ed:63:56:ff:70:6c:a3:a1:19:d2:78:be:
-                    68:2a:44:5e:2f:cf:cc:18:5e:47:bc:3a:b1:46:3d:
-                    1e:f0:b9:2c:34:5f:8c:7c:4c:08:29:9d:40:55:eb:
-                    3c:7d:83:de:b5:f0:f7:8a:83:0e:a1:4c:b4:3a:a5:
-                    b3:5f:5a:22:97:ec:19:9b:c1:05:68:fd:e6:b7:a9:
-                    91:94:2c:e4:78:48:24:1a:25:19:3a:eb:95:9c:39:
-                    0a:8a:cf:42:b2:f0:1c:d5:5f:fb:6b:ed:68:56:7b:
-                    39:2c:72:38:b0:ee:93:a9:d3:7b:77:3c:eb:71:03:
-                    a9:38:4a:16:6c:89:2a:ca:da:33:13:79:c2:55:8c:
-                    ed:9c:bb:f2:cb:5b:10:f8:2e:61:35:c6:29:4c:2a:
-                    d0:2a:63:d1:65:59:b4:f8:cd:f9:f4:00:84:b6:57:
-                    42:85:9d:32:a8:f9:2a:54:fb:ff:78:41:bc:bd:71:
-                    28:f4:bb:90:bc:ff:96:34:04:e3:45:9e:a1:46:28:
-                    40:81
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:8
-    Signature Algorithm: sha1WithRSAEncryption
-        04:6f:25:86:e4:e6:96:27:b4:d9:42:c0:d0:c9:00:b1:7f:54:
-        3e:87:b2:6d:24:a9:2f:0a:7e:fd:a4:44:b0:f8:54:07:bd:1b:
-        9d:9d:ca:7b:50:24:7b:11:5b:49:a3:a6:bf:12:74:d5:89:b7:
-        b7:2f:98:64:25:14:b7:61:e9:7f:60:80:6b:d3:64:e8:ab:bd:
-        1a:d6:51:fa:c0:b4:5d:77:1a:7f:64:08:5e:79:c6:05:4c:f1:
-        7a:dd:4d:7d:ce:e6:48:7b:54:d2:61:92:81:d6:1b:d6:00:f0:
-        0e:9e:28:77:a0:4d:88:c7:22:76:19:c3:c7:9e:1b:a6:77:78:
-        f8:5f:9b:56:d1:f0:f2:17:ac:8e:9d:59:e6:1f:fe:57:b6:d9:
-        5e:e1:5d:9f:45:ec:61:68:19:41:e1:b2:20:26:fe:5a:30:76:
-        24:ff:40:72:3c:79:9f:7c:22:48:ab:46:cd:db:b3:86:2c:8f:
-        bf:05:41:d3:c1:e3:14:e3:41:17:26:d0:7c:a7:71:4c:19:e8:
-        4a:0f:72:58:31:7d:ec:60:7a:a3:22:28:bd:19:24:60:3f:3b:
-        87:73:c0:6b:e4:cb:ae:b7:ab:25:43:b2:55:2d:7b:ab:06:0e:
-        75:5d:34:e5:5d:73:6d:9e:b2:75:40:a5:59:c9:4f:31:71:88:
-        d9:88:7f:54
-MD5 Fingerprint=41:B8:07:F7:A8:D1:09:EE:B4:9A:8E:70:4D:FC:1B:78
 -----BEGIN CERTIFICATE-----
 MIIDtTCCAp2gAwIBAgIRANAeQJAAAEZSAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
 gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3Rv
@@ -594,1470 +73,597 @@ w8eeG6Z3ePhfm1bR8PIXrI6dWeYf/le22V7hXZ9F7GFoGUHhsiAm/lowdiT/QHI8
 eZ98IkirRs3bs4Ysj78FQdPB4xTjQRcm0HyncUwZ6EoPclgxfexgeqMiKL0ZJGA/
 O4dzwGvky663qyVDslUte6sGDnVdNOVdc22esnVApVnJTzFxiNmIf1Q=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913315222 (0x36701596)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
-        Validity
-            Not Before: Dec 10 18:10:23 1998 GMT
-            Not After : Dec 10 18:40:23 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de:
-                    83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c:
-                    a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5:
-                    62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb:
-                    43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8:
-                    bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00:
-                    cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3:
-                    be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d:
-                    13:74:76:36:b5:7a:b4:2d:71
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
-
-            X509v3 Subject Key Identifier: 
-                6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f:
-        e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42:
-        c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b:
-        31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c:
-        a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97:
-        8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c:
-        e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3:
-        8a:65
-MD5 Fingerprint=25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
------BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
-EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
-BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
-ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
-bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
-j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
-Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
-SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
-JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
-RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
-MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
-fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
-+DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
-SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
-QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
-gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 913232846 (0x366ed3ce)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
-        Validity
-            Not Before: Dec  9 19:17:26 1998 GMT
-            Not After : Dec  9 19:47:26 2018 GMT
-        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16:
-                    bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03:
-                    b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8:
-                    63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce:
-                    1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f:
-                    ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef:
-                    de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6:
-                    17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da:
-                    0c:9d:e7:91:5b:80:cd:94:9d
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Dec  9 19:17:26 1998 GMT, Not After: Dec  9 19:17:26 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
-
-            X509v3 Subject Key Identifier: 
-                1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38:
-        72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5:
-        d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e:
-        a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec:
-        b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83:
-        73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0:
-        78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3:
-        a2:03
-MD5 Fingerprint=93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
 -----BEGIN CERTIFICATE-----
-MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
-UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
-EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
-BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
-ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
-k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
-LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
-TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
-SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
-JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
-RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
-MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
-TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
-WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
-SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
-xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
-B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
-        Validity
-            Not Before: Dec  1 18:18:55 1998 GMT
-            Not After : Nov 28 18:18:55 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53:
-                    c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f:
-                    5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4:
-                    ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15:
-                    c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69:
-                    93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05:
-                    92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21:
-                    e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80:
-                    be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1:
-                    4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db:
-                    2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92:
-                    23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d:
-                    94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84:
-                    80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1:
-                    a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67:
-                    ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45:
-                    d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8:
-                    dd:79
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09:
-        14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33:
-        64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5:
-        69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73:
-        7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17:
-        ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32:
-        64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f:
-        63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b:
-        a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6:
-        93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa:
-        81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17:
-        24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d:
-        52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a:
-        4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62:
-        85:68:d0:f4
-MD5 Fingerprint=6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5
 -----BEGIN CERTIFICATE-----
-MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
-CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
-CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
-ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
-IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
-ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
-WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
-xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
-zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
-5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
-OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
-ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
-lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
-Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
-gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
-Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
-        Validity
-            Not Before: Nov 30 22:46:16 1998 GMT
-            Not After : Nov 27 22:46:16 2008 GMT
-        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4:
-                    e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5:
-                    a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a:
-                    50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb:
-                    26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92:
-                    dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39:
-                    fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd:
-                    82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd:
-                    91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd:
-                    33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0:
-                    26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae:
-                    85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1:
-                    62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32:
-                    17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf:
-                    cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af:
-                    6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48:
-                    da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb:
-                    09:db
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28:
-        a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90:
-        d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07:
-        eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1:
-        cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45:
-        e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be:
-        e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83:
-        7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79:
-        28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40:
-        d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a:
-        d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f:
-        56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec:
-        b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba:
-        c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad:
-        7f:c2:78:b6
-MD5 Fingerprint=CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA
------BEGIN CERTIFICATE-----
-MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
-CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
-dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
-CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
-CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
-MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
-U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
-IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
-ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
-p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
-BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
-5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
-3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
-QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
-2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
-I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
-553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
-10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
-uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
+MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
+VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
+CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
+tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
+dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
+PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
+BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
+ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
+7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
+43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
+eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
+pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
+WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:
-                    b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:
-                    88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:
-                    b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:
-                    39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:
-                    ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:
-                    45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:
-                    63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:
-                    2a:2f:31:aa:ee:a3:67:da:db
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d:
-        7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc:
-        f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a:
-        e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23:
-        a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8:
-        e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1:
-        35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1:
-        71:94
-MD5 Fingerprint=97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
 -----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
-H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
-4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
-EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
-FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
-lA==
+MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
+MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
+ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
+BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
+6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
+GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
+dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
+1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
+62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
+BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
+MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
+IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
+iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
+GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
+4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
+XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4:
-                    21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9:
-                    fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79:
-                    2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52:
-                    5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2:
-                    8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15:
-                    80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b:
-                    6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24:
-                    47:04:9e:75:bf:c8:a6:00:1f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0:
-        33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52:
-        ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62:
-        8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0:
-        a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44:
-        74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19:
-        41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77:
-        ca:d8
-MD5 Fingerprint=B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
 -----BEGIN CERTIFICATE-----
-MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
-YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
-FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
-J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
-r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
+MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
+MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
+EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
+xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
+87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
+2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
+WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
+0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
+A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
+ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
+aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
+hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
+hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
+dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
+P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
+iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
+xqE=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-        Validity
-            Not Before: Jan 29 00:00:00 1996 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
-                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
-                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
-                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
-                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
-                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
-                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
-                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
-                    71:64:4c:65:2e:81:68:45:a7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84:
-        8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f:
-        6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57:
-        81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c:
-        9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45:
-        4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:
-        62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:
-        0d:64
-MD5 Fingerprint=10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
 -----BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
+hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
+1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
+OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
+2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
+O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
+AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
+Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
+LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
+oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
+MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
+sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76:
-                    31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52:
-                    36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e:
-                    8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35:
-                    eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5:
-                    e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d:
-                    8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b:
-                    51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea:
-                    09:40:be:73:92:3d:6b:e7:75
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        a9:4f:c3:0d:c7:67:be:2c:cb:d9:a8:cd:2d:75:e7:7e:15:9e:
-        3b:72:eb:7e:eb:5c:2d:09:87:d6:6b:6d:60:7c:e5:ae:c5:90:
-        23:0c:5c:4a:d0:af:b1:5d:f3:c7:b6:0a:db:e0:15:93:0d:dd:
-        03:bc:c7:76:8a:b5:dd:4f:c3:9b:13:75:b8:01:c0:e6:c9:5b:
-        6b:a5:b8:89:dc:ac:a4:dd:72:ed:4e:a1:f7:4f:bc:06:d3:ea:
-        c8:64:74:7b:c2:95:41:9c:65:73:58:f1:90:9a:3c:6a:b1:98:
-        c9:c4:87:bc:cf:45:6d:45:e2:6e:22:3f:fe:bc:0f:31:5c:e8:
-        f2:d9
-MD5 Fingerprint=DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
 -----BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
-VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
-Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J
-h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
-uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68
-DzFc6PLZ
+MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
+bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
+MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
+ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
+206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
+KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
+JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
+BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
+Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
+PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
+Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
+Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
+o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
+FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
+xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
+LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
+obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
+CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
+IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
+DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
+AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
+Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
+AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
+Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
+RY8mkaKO/qk=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c:
-                    0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be:
-                    5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99:
-                    1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08:
-                    2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4:
-                    42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f:
-                    99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9:
-                    86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff:
-                    0d:6c:f5:2d:0e:6d:ce:7f:77
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8:
-        68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4:
-        ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0:
-        d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30:
-        17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a:
-        54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4:
-        12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44:
-        b4:ae
-MD5 Fingerprint=2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
 -----BEGIN CERTIFICATE-----
-MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
-YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
-MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
-aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
-Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
-IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
-KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
-eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
-HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
-DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
-nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
-rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
-jBJ7xUS0rg==
+MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
+MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
+0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
+TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
+RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
+zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
+BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
+AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
+PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
+BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
+9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
+Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
+Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
+n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
+H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
-                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
-                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
-                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
-                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
-                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
-                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
-                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
-                    61:f8:9b:1d:1c:89:4f:5c:67
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
-        70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
-        64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
-        3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
-        ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
-        92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
-        57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
-        91:fd
-MD5 Fingerprint=A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
 -----BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
-pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
-13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
-U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
-F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
-oJ2daZH9
+MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
+HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
+IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
+NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
+SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
+IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
+7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
+m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
+xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
+YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
+JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
+I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
+kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
+EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
+Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
+gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
+rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
+1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
+h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
+yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
+7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
+RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
+ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
+M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
+my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
+AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
+9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
+hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
+fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f:
-                    c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a:
-                    62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91:
-                    24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97:
-                    76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a:
-                    50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f:
-                    e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03:
-                    1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98:
-                    3a:86:d3:86:38:f3:00:29:1f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd:
-        14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45:
-        ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24:
-        f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83:
-        fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9:
-        7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa:
-        3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91:
-        b6:29
-MD5 Fingerprint=26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60
 -----BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
-HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
-qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
-cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
-cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
-T8qAkbYp
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            02:00:00:00:00:00:d6:78:b7:94:05
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Validity
-            Not Before: Sep  1 12:00:00 1998 GMT
-            Not After : Jan 28 12:00:00 2014 GMT
-        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
-                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
-                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
-                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
-                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
-                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
-                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
-                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
-                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
-                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
-                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
-                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
-                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
-                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
-                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
-                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
-                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
-                    90:cf
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
-        6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
-        7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
-        89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
-        6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
-        af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
-        88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
-        77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
-        2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
-        3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
-        87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
-        a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
-        ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
-        dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
-        8a:78:a3:e3
-MD5 Fingerprint=AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80
------BEGIN CERTIFICATE-----
-MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
-A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
-b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
-MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
-YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
-aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
-jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
-xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
-1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
-snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
-U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
-9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
-YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
-5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
-gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
-rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
-ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
-Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Validity
-            Not Before: Jun 25 22:23:48 1999 GMT
-            Not After : Jun 25 22:23:48 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e:
-                    a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3:
-                    4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03:
-                    12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a:
-                    26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8:
-                    58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0:
-                    3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e:
-                    e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76:
-                    72:a0:1d:9d:1d:c0:dd:3f:71
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f:
-        71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2:
-        07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23:
-        cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9:
-        fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee:
-        e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5:
-        ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d:
-        72:c8
-MD5 Fingerprint=65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
 -----BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
-NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
-LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
-TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
-TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
-LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
-I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
-nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+MIIFajCCBFKgAwIBAgIEPLU9RjANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EtQmFsdGltb3JlIEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA3Mzg1MVoXDTIyMDQxMTA3Mzg1MVowZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBLUJhbHRpbW9yZSBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALx+xDmcjOPWHIb/ymKt4H8wRXqOGrO4x/nRNv8i
+805qX4QQ+2aBw5R5MdKR4XeOGCrDFN5R9U+jK7wYFuK13XneIviCfsuBH/0nLI/6
+l2Qijvj/YaOcGx6Sj8CoCd8JEey3fTGaGuqDIQY8n7pc/5TqarjDa1U0Tz0yH92B
+FODEPM2dMPgwqZfT7syj0B9fHBOB1BirlNFjw55/NZKeX0Tq7PQiXLfoPX2k+Ymp
+kbIq2eszh+6l/ePazIjmiSZuxyuC0F6dWdsU7JGDBcNeDsYq0ATdcT0gTlgn/FP7
+eHgZFLL8kFKJOGJgB7Sg7KxrUNb9uShr71ItOrL/8QFArDcCAwEAAaOCAh4wggIa
+MA8GA1UdEwEB/wQFMAMBAf8wggG1BgNVHSAEggGsMIIBqDCCAaQGDysGAQQBsT4A
+AAEJKIORMTCCAY8wggFIBggrBgEFBQcCAjCCAToaggE2UmVsaWFuY2Ugb24gb3Ig
+dXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY3JlYXRlcyBhbiBhY2tub3dsZWRnbWVu
+dCBhbmQgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk
+IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgdGhlIENlcnRpZmljYXRpb24g
+UHJhY3RpY2UgU3RhdGVtZW50IGFuZCB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1l
+bnQsIHdoaWNoIGNhbiBiZSBmb3VuZCBhdCB0aGUgYmVUUlVTVGVkIHdlYiBzaXRl
+LCBodHRwOi8vd3d3LmJldHJ1c3RlZC5jb20vcHJvZHVjdHNfc2VydmljZXMvaW5k
+ZXguaHRtbDBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5iZXRydXN0ZWQuY29tL3By
+b2R1Y3RzX3NlcnZpY2VzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFEU9w6nR3D8kVpgc
+cxiIav+DR+22MB8GA1UdIwQYMBaAFEU9w6nR3D8kVpgccxiIav+DR+22MA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEASZK8o+6svfoNyYt5hhwjdrCA
+WXf82n+0S9/DZEtqTg6t8n1ZdwWtColzsPq8y9yNAIiPpqCy6qxSJ7+hSHyXEHu6
+7RMdmgduyzFiEuhjA6p9beP4G3YheBufS0OM00mG9htc9i5gFdPp43t1P9ACg9AY
+gkHNZTfqjjJ+vWuZXTARyNtIVBw74acT02pIk/c9jH8F6M7ziCpjBLjqflh8AXtb
+4cV97yHgjQ5dUX2xZ/2jvTg2xvI4hocalmhgRvsoFEdV4aeADGvi6t9NfJBIoDa9
+CReJf8Py05yc493EG931t3GzUwWJBtDLSoDByFOQtTwxiBdQn8nEDovYqAJjDQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Validity
-            Not Before: Jun 26 00:19:54 1999 GMT
-            Not After : Jun 26 00:19:54 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
-                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
-                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
-                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
-                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
-                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
-                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
-                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
-                    b3:43:bb:ef:7b:6e:2e:69:f7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
-        a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
-        bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
-        81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
-        6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
-        3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
-        0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
-        43:dd
-MD5 Fingerprint=A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
 -----BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
-NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
-dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
-WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
-v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
-UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
-IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
-W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+MIIFLDCCBBSgAwIBAgIEOU99hzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJX
+VzESMBAGA1UEChMJYmVUUlVTVGVkMRswGQYDVQQDExJiZVRSVVNUZWQgUm9vdCBD
+QXMxGjAYBgNVBAMTEWJlVFJVU1RlZCBSb290IENBMB4XDTAwMDYyMDE0MjEwNFoX
+DTEwMDYyMDEzMjEwNFowWjELMAkGA1UEBhMCV1cxEjAQBgNVBAoTCWJlVFJVU1Rl
+ZDEbMBkGA1UEAxMSYmVUUlVTVGVkIFJvb3QgQ0FzMRowGAYDVQQDExFiZVRSVVNU
+ZWQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS0c3oT
+CjhVAb6JVuGUntS+WutKNHUbYSnE4a0IYCF4SP+00PpeQY1hRIfo7clY+vyTmt9P
+6j41ffgzeubx181vSUs9Ty1uDoM6GHh3o8/n9E1z2Jo7Gh2+lVPPIJfCzz4kUmwM
+jmVZxXH/YgmPqsWPzGCgc0rXOD8Vcr+il7dw6K/ifhYGTPWqZCZyByWtNfwYsSbX
+2P8ZDoMbjNx4RWc0PfSvHI3kbWvtILNnmrRhyxdviTX/507AMhLn7uzf/5cwdO2N
+R47rtMNE5qdMf1ZD6Li8tr76g5fmu/vEtpO+GRg+jIG5c4gW9JZDnGdzF5DYCW5j
+rEq2I8QBoa2k5MUCAwEAAaOCAfgwggH0MA8GA1UdEwEB/wQFMAMBAf8wggFZBgNV
+HSAEggFQMIIBTDCCAUgGCisGAQQBsT4BAAAwggE4MIIBAQYIKwYBBQUHAgIwgfQa
+gfFSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1
+bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0
+ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGFuZCBjZXJ0aWZpY2F0aW9uIHBy
+YWN0aWNlIHN0YXRlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IGJlVFJVU1Rl
+ZCdzIHdlYiBzaXRlLCBodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0L3Rl
+cm1zMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0
+L3Rlcm1zMDQGA1UdHwQtMCswKaAnoCWkIzAhMRIwEAYDVQQKEwliZVRSVVNUZWQx
+CzAJBgNVBAYTAldXMB0GA1UdDgQWBBQquZtpLjub2M3eKjEENGvKBxirZzAfBgNV
+HSMEGDAWgBQquZtpLjub2M3eKjEENGvKBxirZzAOBgNVHQ8BAf8EBAMCAf4wDQYJ
+KoZIhvcNAQEFBQADggEBAHlh26Nebhax6nZR+csVm8tpvuaBa58oH2U+3RGFktTo
+Qb9+M70j5/Egv6S0phkBxoyNNXxlpE8JpNbYIxUFE6dDea/bow6be3ga8wSGWsb2
+jCBHOElQBp1yZzrwmAOtlmdE/D8QDYZN5AA7KXvOOzuZhmElQITcE2K3+spZ1gMe
+1lMBzW1MaFVA4e5rxyoAAEiCswoBw2AqDPeCNe5IhpbkdNQ96gFxugR1QKepfzk5
+mlWXKWWuGVUlBXJH0+gY3Ljpr0NzARJ0o+FcXxVdJPP55PS2Z2cS52QiivalQaYc
+tmBjRYoQtLpGEK5BV2VsPyMQPyEQWbfkQN0mDCP2qq4=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Validity
-            Not Before: Jun 26 00:22:33 1999 GMT
-            Not After : Jun 26 00:22:33 2019 GMT
-        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
-                    75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
-                    44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
-                    ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
-                    97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
-                    5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
-                    9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
-                    5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
-                    43:62:61:f3:d3:e2:d0:55:3f
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d:
-        f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42:
-        d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f:
-        45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f:
-        89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67:
-        c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d:
-        82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c:
-        15:ee
-MD5 Fingerprint=A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
 -----BEGIN CERTIFICATE-----
-MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
-IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
-BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
-aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
-9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
-NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
-azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
-YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
-Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
-cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
-cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
-2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
-JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
-Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
-n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
-PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+MIIGUTCCBTmgAwIBAgIEPLVPQDANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBFbnRydXN0IEltcGxlbWVudGF0aW9uMB4XDTAy
+MDQxMTA4MjQyN1oXDTIyMDQxMTA4NTQyN1owZjESMBAGA1UEChMJYmVUUlVTVGVk
+MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
+ZCBSb290IENBIC0gRW50cnVzdCBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALr0RAOqEmq1Q+xVkrYwfTVXDNvzDSduTPdQqJtO
+K2/b9a0cS12zqcH+e0TrW6MFDR/FNCswACnxeECypP869AGIF37m1CbTukzqMvtD
+d5eHI8XbQ6P1KqNRXuE70mVpflUVm3rnafdE4Fe1FehmYA8NA/uCjqPoEXtsvsdj
+DheT389Lrm5zdeDzqrmkwAkbhepxKYhBMvnwKg5sCfJ0a2ZsUhMfGLzUPvfYbiCe
+yv78IZTuEyhL11xeDGbu6bsPwTSxfwh28z0mcMmLJR1iJAzqHHVOwBLkuhMdMCkt
+VjMFu5dZfsZJT4nXLySotohAtWSSU1Yk5KKghbNekLQSM80CAwEAAaOCAwUwggMB
+MIIBtwYDVR0gBIIBrjCCAaowggGmBg8rBgEEAbE+AAACCSiDkTEwggGRMIIBSQYI
+KwYBBQUHAgIwggE7GoIBN1JlbGlhbmNlIG9uIG9yIHVzZSBvZiB0aGlzIENlcnRp
+ZmljYXRlIGNyZWF0ZXMgYW4gYWNrbm93bGVkZ21lbnQgYW5kIGFjY2VwdGFuY2Ug
+b2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0
+aW9ucyBvZiB1c2UsIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dCBhbmQgdGhlIFJlbHlpbmcgUGFydHkgQWdyZWVtZW50LCB3aGljaCBjYW4gYmUg
+Zm91bmQgYXQgdGhlIGJlVFJVU1RlZCB3ZWIgc2l0ZSwgaHR0cHM6Ly93d3cuYmV0
+cnVzdGVkLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMEIGCCsGAQUF
+BwIBFjZodHRwczovL3d3dy5iZXRydXN0ZWQuY29tL3Byb2R1Y3RzX3NlcnZpY2Vz
+L2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgAHMIGJBgNVHR8EgYEwfzB9oHug
+eaR3MHUxEjAQBgNVBAoTCWJlVFJVU1RlZDEbMBkGA1UECxMSYmVUUlVTVGVkIFJv
+b3QgQ0FzMTMwMQYDVQQDEypiZVRSVVNUZWQgUm9vdCBDQSAtIEVudHJ1c3QgSW1w
+bGVtZW50YXRpb24xDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMjA0MTEw
+ODI0MjdagQ8yMDIyMDQxMTA4NTQyN1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA
+FH1w5a44iwY/qhwaj/nPJDCqhIQWMB0GA1UdDgQWBBR9cOWuOIsGP6ocGo/5zyQw
+qoSEFjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE
+kDANBgkqhkiG9w0BAQUFAAOCAQEAKrgXzh8QlOu4mre5X+za95IkrNySO8cgjfKZ
+5V04ocI07cUTWVwFtStPYZuR+0H8/NU8TZh2BvWBfevdkObRVlTa4y0MnxEylCIB
+evZsLHRnBMylj44ss0O1lKLQfelifwa+JwGDnjr9iu6YQ0pr17WXOzq/T220Y/oz
+ADQuLW2WyXvKmWO6vvT2MKAtmJbpVkQFqUSjYRDrgqFnXbxdJ3Wqiig2KjiS2d2k
+XgClzMx8KSreKJCrt+G2/30lC0DYqjSjLd4H61/OCt3Kfjp9JsFiaDrmLzfzgYYh
+xKlkqu9FNtEaZnz46TfW1mG+oq1I59/mdP7TbX3SJdysYlep9w==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d:
-                    dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d:
-                    ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8:
-                    de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e:
-                    f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6:
-                    6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10:
-                    78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3:
-                    55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca:
-                    14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff:
-                    c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e:
-                    54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27:
-                    a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb:
-                    30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29:
-                    bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12:
-                    5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81:
-                    15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7:
-                    a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76:
-                    d1:3d
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a:
-        aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9:
-        fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c:
-        b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7:
-        b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0:
-        97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f:
-        04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54:
-        73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8:
-        1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec:
-        a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38:
-        dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f:
-        b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50:
-        ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef:
-        86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f:
-        a4:ef:3f:ee
-MD5 Fingerprint=B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
 -----BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
-nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
-8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
-ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
-PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
-6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
-n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
-qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
-wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
-ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
-pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
-E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+MIIFaDCCBFCgAwIBAgIQO1nHe81bV569N1KsdrSqGjANBgkqhkiG9w0BAQUFADBi
+MRIwEAYDVQQKEwliZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENB
+czEvMC0GA1UEAxMmYmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRp
+b24wHhcNMDIwNDExMTExODEzWhcNMjIwNDEyMTEwNzI1WjBiMRIwEAYDVQQKEwli
+ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEvMC0GA1UEAxMm
+YmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRpb24wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkujQwCY5X0LkGLG9uJIAiv11DpvpPrILn
+HGhwhRujbrWqeNluB0s/6d/16uhUoWGKDi9pdRi3DOUUjXFumLhV/AyV0Jtu4S2I
+1DpAa5LxmZZk3tv/ePTulh1HiXzUvrmIdyM6CeYEnm2qXtLIvZpOGd+J6lsOfsPk
+tPDgaTuID0GQ+NRxQyTBjyZLO1bp/4xsN+lFrYWMU8NghpBKlsmzVLC7F/AcRdnU
+GxlkVgoZ98zh/4avflherHqQH8koOUV7orbHnB/ahdQhhlkwk75TMzf270HPM8er
+cmsl9fNTGwxMLvF1S++gh/f+ihXQbNXL+WhTuXAVE8L1LvtDNXUtAgMBAAGjggIY
+MIICFDAMBgNVHRMEBTADAQH/MIIBtQYDVR0gBIIBrDCCAagwggGkBg8rBgEEAbE+
+AAADCSiDkTEwggGPMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3LmJldHJ1c3RlZC5j
+b20vcHJvZHVjdHNfc2VydmljZXMvaW5kZXguaHRtbDCCAUgGCCsGAQUFBwICMIIB
+OhqCATZSZWxpYW5jZSBvbiBvciB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjcmVh
+dGVzIGFuIGFja25vd2xlZGdtZW50IGFuZCBhY2NlcHRhbmNlIG9mIHRoZSB0aGVu
+IGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNl
+LCB0aGUgQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgYW5kIHRoZSBS
+ZWx5aW5nIFBhcnR5IEFncmVlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IHRo
+ZSBiZVRSVVNUZWQgd2ViIHNpdGUsIGh0dHA6Ly93d3cuYmV0cnVzdGVkLmNvbS9w
+cm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMAsGA1UdDwQEAwIBBjAfBgNVHSME
+GDAWgBSp7BR++dlDzFMrFK3P9/BZiUHNGTAdBgNVHQ4EFgQUqewUfvnZQ8xTKxSt
+z/fwWYlBzRkwDQYJKoZIhvcNAQEFBQADggEBANuXsHXqDMTBmMpWBcCorSZIry0g
+6IHHtt9DwSwddUvUQo3neqh03GZCWYez9Wlt2ames30cMcH1VOJZJEnl7r05pmuK
+mET7m9cqg5c0Lcd9NUwtNLg+DcTsiCevnpL9UGGCqGAHFFPMZRPB9kdEadIxyKbd
+LrML3kqNWz2rDcI1UqJWN8wyiyiFQpyRQHpwKzg21eFzGh/l+n5f3NacOzDq28Bb
+J1zTcwfBwvNMm2+fG8oeqqg4MwlYsq78B+g23FW6L09A/nq9BqaBwZMifIYRCgZ3
+SK41ty8ymmFei74pnykkiFY5LKjSq5YDWtRIn7lAhAuYaPsBQ9Yb4gmxlxw=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd:
-                    a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd:
-                    3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1:
-                    a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10:
-                    ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02:
-                    37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7:
-                    3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56:
-                    69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3:
-                    48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32:
-                    dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7:
-                    20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2:
-                    ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8:
-                    16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5:
-                    1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb:
-                    1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2:
-                    ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11:
-                    60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8:
-                    3e:89
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7:
-        de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5:
-        fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4:
-        e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33:
-        3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55:
-        a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4:
-        1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63:
-        63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf:
-        7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64:
-        48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46:
-        23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45:
-        aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43:
-        e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33:
-        5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf:
-        4b:4b:df:2a
-MD5 Fingerprint=F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
 -----BEGIN CERTIFICATE-----
-MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
-aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
-IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
-Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
-BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
-Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
-Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
-IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
-J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
-JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
-wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
-koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
-qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
-Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
-xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
-7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
-sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
-sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
-cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
-                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
-                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
-                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
-                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
-                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
-                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
-                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
-                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
-                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
-                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
-                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
-                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
-                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
-                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
-                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
-                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
-                    57:97
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
-        db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
-        37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
-        5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
-        23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
-        d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
-        ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
-        62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
-        7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
-        17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
-        cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
-        c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
-        0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
-        81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
-        f1:7d:dd:11
-MD5 Fingerprint=CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
 -----BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
-N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
-KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
-kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
-CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
-Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
-imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
-2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
-DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
-/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
-F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
-TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
-        Validity
-            Not Before: Oct  1 00:00:00 1999 GMT
-            Not After : Jul 16 23:59:59 2036 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
-                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
-                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
-                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
-                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
-                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
-                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
-                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
-                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
-                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
-                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
-                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
-                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
-                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
-                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
-                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
-                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
-                    ef:03
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-        8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
-        0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
-        3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
-        05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
-        00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
-        32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
-        00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
-        e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
-        5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
-        d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
-        46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
-        a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
-        21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
-        a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
-        35:60:91:ce
-MD5 Fingerprint=DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
 -----BEGIN CERTIFICATE-----
-MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
-CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
-cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
-aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
-bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
-IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
-GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
-+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
-U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
-NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
-ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
-ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
-CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
-g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
-fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
-2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
-bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
+ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
+fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
+BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
+cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
+HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
+CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
+3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
+6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
+HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
+Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
+DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
+5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
+Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
+gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
+aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
+izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 927650371 (0x374ad243)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Validity
-            Not Before: May 25 16:09:40 1999 GMT
-            Not After : May 25 16:39:40 2019 GMT
-        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
-                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
-                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
-                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
-                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
-                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
-                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
-                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
-                    b1:16:19:61:b9:54:b6:e6:43
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
-                URI:http://www.entrust.net/CRL/net1.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-
-            X509v3 Subject Key Identifier: 
-                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
-        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
-        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
-        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
-        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
-        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
-        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
-        f9:b2
-MD5 Fingerprint=DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
 -----BEGIN CERTIFICATE-----
-MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
-ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
-KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
-ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
-MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
-b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
-bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
-U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
-A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
-I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
-wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
-AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
-oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
-BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
-dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
-MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
-dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
-MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
-E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
-MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
-hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
-95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
-2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
+aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
+MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
+VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
+fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
+TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
+fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
+1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
+kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
+dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
+Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
+HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
+pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
+jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
+dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 939758062 (0x380391ee)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Validity
-            Not Before: Oct 12 19:24:30 1999 GMT
-            Not After : Oct 12 19:54:30 2019 GMT
-        Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19:
-                    ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f:
-                    75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad:
-                    82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6:
-                    13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7:
-                    30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74:
-                    2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c:
-                    56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df:
-                    8c:e6:02:a4:e6:4f:5e:f7:8b
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
-                URI:http://www.entrust.net/CRL/Client1.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
-
-            X509v3 Subject Key Identifier: 
-                C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: md5WithRSAEncryption
-        3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f:
-        78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14:
-        81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b:
-        96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92:
-        e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38:
-        ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5:
-        4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2:
-        5c:ec
-MD5 Fingerprint=0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
 -----BEGIN CERTIFICATE-----
-MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
-ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
-Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
-BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
-Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
-MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
-bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
-MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
-RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
-CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
-6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
-5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
-AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
-ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
-cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
-by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
-IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
-Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
-KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
-HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
-BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
-FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
-BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
-pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
-wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
-EkP/TOYGJqibGapEPHayXOw=
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
+ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
+WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
+xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
+zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
+5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
+OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
+ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
+lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
+Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
+gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
+Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
+MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
+p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
+BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
+5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
+3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
+QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
+2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
+I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
+553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
+10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
+uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NBX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVu
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDcxNjE2NDBaFw0yMDAy
+MDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7Ny
+Spj10InJrWPNTTVRaoTUrcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0
+iJBeAZfv6lOm3fzB3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn
+5JVn1j+SgF7yNH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHd
+BgNVHR8EgdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0
+MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
+ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5l
+dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAy
+MDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQDAgEGMB8GA1UdIwQY
+MBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQWBBSEi3T9xY3A/ydtIDdF
+fP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4w
+AwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWAO9GK9Q6nIMstZVXQkvTnhLUGJoMS
+hAusO7JE7r3PQNsgDrpuFOow4DtifH+La3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/
+GpsKkMWr2tGzhtQvJFJcem3G8v7lTRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKd
+zmVml64mXg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UEChML
+RW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xfQ1BTIGlu
+Y29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
+RW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJl
+IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDQxNzIwMDBa
+Fw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDE/MD0GA1UE
+CxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO
+8GCGD9JYf9Mzly0XonUwtZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaB
+bL3+qPZ1V1eMkGxKwz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2
+dWcTC5/oVzbIXQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4
+QgEBBAQDAgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoT
+C0VudHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
+IEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy
+ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEw
+KwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIwNDE3NTAwMFowCwYD
+VR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc/vuLkpyw8m4iMB0GA1Ud
+DgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
+fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBi24GRzsia
+d0Iv7L0no1MPUBvqTpLwqa+poLpIYcvvyQbvH9X07t9WLebKahlzqlO+krNQAraF
+JnJj2HVQYnUUt7NQGj/KEQALhUVpbbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1U
+yrrJzOCE98g+EZfTYAkYvAX/bIkz8OwVDw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 946059622 (0x3863b966)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
-        Validity
-            Not Before: Dec 24 17:50:51 1999 GMT
-            Not After : Dec 24 18:20:51 2019 GMT
-        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
-                    2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
-                    78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
-                    98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
-                    e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
-                    02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
-                    b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
-                    ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
-                    e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
-                    a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
-                    76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
-                    cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
-                    fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
-                    60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
-                    5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
-                    93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
-                    4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
-                    07:e1
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Authority Key Identifier: 
-                keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
-
-            X509v3 Subject Key Identifier: 
-                55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
-            1.2.840.113533.7.65.0: 
-                0...V5.0:4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c:
-        4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61:
-        7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73:
-        ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5:
-        da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4:
-        03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4:
-        15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68:
-        c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c:
-        7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33:
-        db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18:
-        b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2:
-        de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c:
-        e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e:
-        c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1:
-        d2:69:7c:c5
-MD5 Fingerprint=BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
 -----BEGIN CERTIFICATE-----
 MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
 RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
@@ -2084,194 +690,82 @@ f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
 B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
 vUxFnmG6v4SBkgPR0ml8xQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 33554617 (0x20000b9)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
-        Validity
-            Not Before: May 12 18:46:00 2000 GMT
-            Not After : May 12 23:59:00 2025 GMT
-        Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
-                    d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
-                    64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
-                    62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
-                    52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
-                    73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
-                    50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
-                    a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
-                    70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
-                    d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
-                    5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
-                    98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
-                    ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
-                    39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
-                    c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
-                    ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
-                    78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
-                    1a:39
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:3
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
-        bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
-        76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
-        12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
-        ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
-        74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
-        05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
-        31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
-        9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
-        1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
-        73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
-        7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
-        9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
-        fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
-        ea:63:39:a9
-MD5 Fingerprint=AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
 -----BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
+ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
+Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
+MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
+bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
+RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
+6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
+5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
+AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
+ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
+cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
+by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
+Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
+KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
+HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
+BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
+FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
+BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
+pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
+wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
+EkP/TOYGJqibGapEPHayXOw=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
-        Validity
-            Not Before: Jun 21 04:00:00 1999 GMT
-            Not After : Jun 21 04:00:00 2020 GMT
-        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ba:e7:17:90:02:65:b1:34:55:3c:49:c2:51:d5:
-                    df:a7:d1:37:8f:d1:e7:81:73:41:52:60:9b:9d:a1:
-                    17:26:78:ad:c7:b1:e8:26:94:32:b5:de:33:8d:3a:
-                    2f:db:f2:9a:7a:5a:73:98:a3:5c:e9:fb:8a:73:1b:
-                    5c:e7:c3:bf:80:6c:cd:a9:f4:d6:2b:c0:f7:f9:99:
-                    aa:63:a2:b1:47:02:0f:d4:e4:51:3a:12:3c:6c:8a:
-                    5a:54:84:70:db:c1:c5:90:cf:72:45:cb:a8:59:c0:
-                    cd:33:9d:3f:a3:96:eb:85:33:21:1c:3e:1e:3e:60:
-                    6e:76:9c:67:85:c5:c8:c3:61
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
-
-            X509v3 Subject Key Identifier: 
-                BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C
-    Signature Algorithm: md5WithRSAEncryption
-        30:e2:01:51:aa:c7:ea:5f:da:b9:d0:65:0f:30:d6:3e:da:0d:
-        14:49:6e:91:93:27:14:31:ef:c4:f7:2d:45:f8:ec:c7:bf:a2:
-        41:0d:23:b4:92:f9:19:00:67:bd:01:af:cd:e0:71:fc:5a:cf:
-        64:c4:e0:96:98:d0:a3:40:e2:01:8a:ef:27:07:f1:65:01:8a:
-        44:2d:06:65:75:52:c0:86:10:20:21:5f:6c:6b:0f:6c:ae:09:
-        1c:af:f2:a2:18:34:c4:75:a4:73:1c:f1:8d:dc:ef:ad:f9:b3:
-        76:b4:92:bf:dc:95:10:1e:be:cb:c8:3b:5a:84:60:19:56:94:
-        a9:55
-MD5 Fingerprint=8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
------BEGIN CERTIFICATE-----
-MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT
-ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw
-MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj
-dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
-c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC
-UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc
-58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/
-o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH
-MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr
-aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA
-A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA
-Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv
-8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
-        Validity
-            Not Before: Jun 21 04:00:00 1999 GMT
-            Not After : Jun 21 04:00:00 2020 GMT
-        Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ce:2f:19:bc:17:b7:77:de:93:a9:5f:5a:0d:17:
-                    4f:34:1a:0c:98:f4:22:d9:59:d4:c4:68:46:f0:b4:
-                    35:c5:85:03:20:c6:af:45:a5:21:51:45:41:eb:16:
-                    58:36:32:6f:e2:50:62:64:f9:fd:51:9c:aa:24:d9:
-                    f4:9d:83:2a:87:0a:21:d3:12:38:34:6c:8d:00:6e:
-                    5a:a0:d9:42:ee:1a:21:95:f9:52:4c:55:5a:c5:0f:
-                    38:4f:46:fa:6d:f8:2e:35:d6:1d:7c:eb:e2:f0:b0:
-                    75:80:c8:a9:13:ac:be:88:ef:3a:6e:ab:5f:2a:38:
-                    62:02:b0:12:7b:fe:8f:a6:03
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
-
-            X509v3 Subject Key Identifier: 
-                4A:78:32:52:11:DB:59:16:36:5E:DF:C1:14:36:40:6A:47:7C:4C:A1
-    Signature Algorithm: md5WithRSAEncryption
-        75:5b:a8:9b:03:11:e6:e9:56:4c:cd:f9:a9:4c:c0:0d:9a:f3:
-        cc:65:69:e6:25:76:cc:59:b7:d6:54:c3:1d:cd:99:ac:19:dd:
-        b4:85:d5:e0:3d:fc:62:20:a7:84:4b:58:65:f1:e2:f9:95:21:
-        3f:f5:d4:7e:58:1e:47:87:54:3e:58:a1:b5:b5:f8:2a:ef:71:
-        e7:bc:c3:f6:b1:49:46:e2:d7:a0:6b:e5:56:7a:9a:27:98:7c:
-        46:62:14:e7:c9:fc:6e:03:12:79:80:38:1d:48:82:8d:fc:17:
-        fe:2a:96:2b:b5:62:a6:a6:3d:bd:7f:92:59:cd:5a:2a:82:b2:
-        37:79
-MD5 Fingerprint=64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
 -----BEGIN CERTIFICATE-----
 MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc
 MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT
@@ -2288,59 +782,6 @@ zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+
 WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN
 /Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 930140085 (0x3770cfb5)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
-        Validity
-            Not Before: Jun 23 12:14:45 1999 GMT
-            Not After : Jun 23 12:14:45 2019 GMT
-        Subject: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e4:39:39:93:1e:52:06:1b:28:36:f8:b2:a3:29:
-                    c5:ed:8e:b2:11:bd:fe:eb:e7:b4:74:c2:8f:ff:05:
-                    e7:d9:9d:06:bf:12:c8:3f:0e:f2:d6:d1:24:b2:11:
-                    de:d1:73:09:8a:d4:b1:2c:98:09:0d:1e:50:46:b2:
-                    83:a6:45:8d:62:68:bb:85:1b:20:70:32:aa:40:cd:
-                    a6:96:5f:c4:71:37:3f:04:f3:b7:41:24:39:07:1a:
-                    1e:2e:61:58:a0:12:0b:e5:a5:df:c5:ab:ea:37:71:
-                    cc:1c:c8:37:3a:b9:97:52:a7:ac:c5:6a:24:94:4e:
-                    9c:7b:cf:c0:6a:d6:df:21:bd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not After: Jun 23 12:14:45 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76
-
-            X509v3 Subject Key Identifier: 
-                50:9E:0B:EA:AF:5E:B9:20:48:A6:50:6A:CB:FD:D8:20:7A:A7:82:76
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V3.0c....
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:86:82:ad:e8:4e:1a:f5:8e:89:27:e2:35:58:3d:29:b4:07:
-        8f:36:50:95:bf:6e:c1:9e:eb:c4:90:b2:85:a8:bb:b7:42:e0:
-        0f:07:39:df:fb:9e:90:b2:d1:c1:3e:53:9f:03:44:b0:7e:4b:
-        f4:6f:e4:7c:1f:e7:e2:b1:e4:b8:9a:ef:c3:bd:ce:de:0b:32:
-        34:d9:de:28:ed:33:6b:c4:d4:d7:3d:12:58:ab:7d:09:2d:cb:
-        70:f5:13:8a:94:a1:27:a4:d6:70:c5:6d:94:b5:c9:7d:9d:a0:
-        d2:c6:08:49:d9:66:9b:a6:d3:f4:0b:dc:c5:26:57:e1:91:30:
-        ea:cd
-MD5 Fingerprint=AA:BF:BF:64:97:DA:98:1D:6F:C6:08:3A:95:70:33:CA
 -----BEGIN CERTIFICATE-----
 MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
 UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj
@@ -2360,4590 +801,1390 @@ A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy
 0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1
 E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 798 (0x31e)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=GP Root 2
-        Validity
-            Not Before: Aug 16 22:51:00 2000 GMT
-            Not After : Aug 15 23:59:00 2020 GMT
-        Subject: C=US, O=VISA, OU=Visa International Service Association, CN=GP Root 2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:a9:01:70:b5:aa:c4:40:f0:ab:6a:26:61:79:19:
-                    00:fc:bf:9b:37:59:0c:af:6f:64:1b:f8:da:95:94:
-                    24:69:33:11:70:ca:e3:56:74:a2:17:57:64:5c:20:
-                    06:e1:d6:ef:71:b7:3b:f7:ab:c1:69:d0:49:a4:b1:
-                    04:d7:f4:57:62:89:5c:b0:75:2d:17:24:69:e3:42:
-                    60:e4:ee:74:d6:ab:80:56:d8:88:28:e1:fb:6d:22:
-                    fd:23:7c:46:73:4f:7e:54:73:1e:a8:2c:55:58:75:
-                    b7:4c:f3:5a:45:a5:02:1a:fa:da:9d:c3:45:c3:22:
-                    5e:f3:8b:f1:60:29:d2:c7:5f:b4:0c:3a:51:83:ef:
-                    30:f8:d4:e7:c7:f2:fa:99:a3:22:50:be:f9:05:37:
-                    a3:ad:ed:9a:c3:e6:ec:88:1b:b6:19:27:1b:38:8b:
-                    80:4d:ec:b9:c7:c5:89:cb:fc:1a:32:ed:23:f0:b5:
-                    01:58:f9:f6:8f:e0:85:a9:4c:09:72:39:12:db:b3:
-                    f5:cf:4e:62:64:da:c6:19:15:3a:63:1d:e9:17:55:
-                    a1:4c:22:3c:34:32:46:f8:65:57:ba:2b:ef:36:8c:
-                    6a:fa:d9:d9:44:f4:aa:dd:84:d7:0d:1c:b2:54:ac:
-                    32:85:b4:64:0d:de:41:bb:b1:34:c6:01:86:32:64:
-                    d5:9f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                9E:7D:4B:34:BF:71:AD:C2:05:F6:03:75:80:CE:A9:4F:1A:C4:24:4C
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        21:a5:76:14:55:f9:ad:27:70:8f:3c:f4:d5:6c:c8:cc:0a:ab:
-        a3:98:0b:8a:06:23:c5:c9:61:db:99:07:69:35:26:31:fe:c7:
-        2e:84:c2:99:61:d4:0d:e9:7d:2e:13:2b:7c:8e:85:b6:85:c7:
-        4b:cf:35:b6:2c:47:3d:ce:29:2f:d8:6f:9f:89:1c:64:93:bf:
-        08:bd:76:d0:90:8a:94:b3:7f:28:5b:6e:ac:4d:33:2c:ed:65:
-        dc:16:cc:e2:cd:ae:a4:3d:62:92:06:95:26:bf:df:b9:e4:20:
-        a6:73:6a:c1:be:f7:94:44:d6:4d:6f:2a:0b:6b:18:4d:74:10:
-        36:68:6a:5a:c1:6a:a7:dd:36:29:8c:b8:30:8b:4f:21:3f:00:
-        2e:54:30:07:3a:ba:8a:e4:c3:9e:ca:d8:b5:d8:7b:ce:75:45:
-        66:07:f4:6d:2d:d8:7a:ca:e9:89:8a:f2:23:d8:2f:cb:6e:00:
-        36:4f:fb:f0:2f:01:cc:0f:c0:22:65:f4:ab:e2:4e:61:2d:03:
-        82:7d:91:16:b5:30:d5:14:de:5e:c7:90:fc:a1:fc:ab:10:af:
-        5c:6b:70:a7:07:ef:29:86:e8:b2:25:c7:20:ff:26:dd:77:ef:
-        79:44:14:c4:bd:dd:3b:c5:03:9b:77:23:ec:a0:ec:bb:5a:39:
-        b5:cc:ad:06
-MD5 Fingerprint=35:48:95:36:4A:54:5A:72:96:8E:E0:64:CC:EF:2C:8C
 -----BEGIN CERTIFICATE-----
-MIIDgDCCAmigAwIBAgICAx4wDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMx
-DTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJuYXRpb25hbCBTZXJ2
-aWNlIEFzc29jaWF0aW9uMRIwEAYDVQQDEwlHUCBSb290IDIwHhcNMDAwODE2MjI1
-MTAwWhcNMjAwODE1MjM1OTAwWjBhMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklT
-QTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRp
-b24xEjAQBgNVBAMTCUdQIFJvb3QgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKkBcLWqxEDwq2omYXkZAPy/mzdZDK9vZBv42pWUJGkzEXDK41Z0ohdX
-ZFwgBuHW73G3O/erwWnQSaSxBNf0V2KJXLB1LRckaeNCYOTudNargFbYiCjh+20i
-/SN8RnNPflRzHqgsVVh1t0zzWkWlAhr62p3DRcMiXvOL8WAp0sdftAw6UYPvMPjU
-58fy+pmjIlC++QU3o63tmsPm7IgbthknGziLgE3sucfFicv8GjLtI/C1AVj59o/g
-halMCXI5Etuz9c9OYmTaxhkVOmMd6RdVoUwiPDQyRvhlV7or7zaMavrZ2UT0qt2E
-1w0cslSsMoW0ZA3eQbuxNMYBhjJk1Z8CAwEAAaNCMEAwHQYDVR0OBBYEFJ59SzS/
-ca3CBfYDdYDOqU8axCRMMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4IBAQAhpXYUVfmtJ3CPPPTVbMjMCqujmAuKBiPFyWHb
-mQdpNSYx/scuhMKZYdQN6X0uEyt8joW2hcdLzzW2LEc9zikv2G+fiRxkk78IvXbQ
-kIqUs38oW26sTTMs7WXcFsziza6kPWKSBpUmv9+55CCmc2rBvveURNZNbyoLaxhN
-dBA2aGpawWqn3TYpjLgwi08hPwAuVDAHOrqK5MOeyti12HvOdUVmB/RtLdh6yumJ
-ivIj2C/LbgA2T/vwLwHMD8AiZfSr4k5hLQOCfZEWtTDVFN5ex5D8ofyrEK9ca3Cn
-B+8phuiyJccg/ybdd+95RBTEvd07xQObdyPsoOy7Wjm1zK0G
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 961510791 (0x394f7d87)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=WW, O=beTRUSTed, CN=beTRUSTed Root CAs, CN=beTRUSTed Root CA
-        Validity
-            Not Before: Jun 20 14:21:04 2000 GMT
-            Not After : Jun 20 13:21:04 2010 GMT
-        Subject: C=WW, O=beTRUSTed, CN=beTRUSTed Root CAs, CN=beTRUSTed Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:d4:b4:73:7a:13:0a:38:55:01:be:89:56:e1:94:
-                    9e:d4:be:5a:eb:4a:34:75:1b:61:29:c4:e1:ad:08:
-                    60:21:78:48:ff:b4:d0:fa:5e:41:8d:61:44:87:e8:
-                    ed:c9:58:fa:fc:93:9a:df:4f:ea:3e:35:7d:f8:33:
-                    7a:e6:f1:d7:cd:6f:49:4b:3d:4f:2d:6e:0e:83:3a:
-                    18:78:77:a3:cf:e7:f4:4d:73:d8:9a:3b:1a:1d:be:
-                    95:53:cf:20:97:c2:cf:3e:24:52:6c:0c:8e:65:59:
-                    c5:71:ff:62:09:8f:aa:c5:8f:cc:60:a0:73:4a:d7:
-                    38:3f:15:72:bf:a2:97:b7:70:e8:af:e2:7e:16:06:
-                    4c:f5:aa:64:26:72:07:25:ad:35:fc:18:b1:26:d7:
-                    d8:ff:19:0e:83:1b:8c:dc:78:45:67:34:3d:f4:af:
-                    1c:8d:e4:6d:6b:ed:20:b3:67:9a:b4:61:cb:17:6f:
-                    89:35:ff:e7:4e:c0:32:12:e7:ee:ec:df:ff:97:30:
-                    74:ed:8d:47:8e:eb:b4:c3:44:e6:a7:4c:7f:56:43:
-                    e8:b8:bc:b6:be:fa:83:97:e6:bb:fb:c4:b6:93:be:
-                    19:18:3e:8c:81:b9:73:88:16:f4:96:43:9c:67:73:
-                    17:90:d8:09:6e:63:ac:4a:b6:23:c4:01:a1:ad:a4:
-                    e4:c5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6334.1.0.0
-                  User Notice:
-                    Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, and certification practice statement, which can be found at beTRUSTed's web site, https://www.beTRUSTed.com/vault/terms
-                  CPS: https://www.beTRUSTed.com/vault/terms
-
-            X509v3 CRL Distribution Points: 
-                DirName:/O=beTRUSTed/C=WW
-
-            X509v3 Subject Key Identifier: 
-                2A:B9:9B:69:2E:3B:9B:D8:CD:DE:2A:31:04:34:6B:CA:07:18:AB:67
-            X509v3 Authority Key Identifier: 
-                keyid:2A:B9:9B:69:2E:3B:9B:D8:CD:DE:2A:31:04:34:6B:CA:07:18:AB:67
-
-            X509v3 Key Usage: critical
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        79:61:db:a3:5e:6e:16:b1:ea:76:51:f9:cb:15:9b:cb:69:be:
-        e6:81:6b:9f:28:1f:65:3e:dd:11:85:92:d4:e8:41:bf:7e:33:
-        bd:23:e7:f1:20:bf:a4:b4:a6:19:01:c6:8c:8d:35:7c:65:a4:
-        4f:09:a4:d6:d8:23:15:05:13:a7:43:79:af:db:a3:0e:9b:7b:
-        78:1a:f3:04:86:5a:c6:f6:8c:20:47:38:49:50:06:9d:72:67:
-        3a:f0:98:03:ad:96:67:44:fc:3f:10:0d:86:4d:e4:00:3b:29:
-        7b:ce:3b:3b:99:86:61:25:40:84:dc:13:62:b7:fa:ca:59:d6:
-        03:1e:d6:53:01:cd:6d:4c:68:55:40:e1:ee:6b:c7:2a:00:00:
-        48:82:b3:0a:01:c3:60:2a:0c:f7:82:35:ee:48:86:96:e4:74:
-        d4:3d:ea:01:71:ba:04:75:40:a7:a9:7f:39:39:9a:55:97:29:
-        65:ae:19:55:25:05:72:47:d3:e8:18:dc:b8:e9:af:43:73:01:
-        12:74:a3:e1:5c:5f:15:5d:24:f3:f9:e4:f4:b6:67:67:12:e7:
-        64:22:8a:f6:a5:41:a6:1c:b6:60:63:45:8a:10:b4:ba:46:10:
-        ae:41:57:65:6c:3f:23:10:3f:21:10:59:b7:e4:40:dd:26:0c:
-        23:f6:aa:ae
-MD5 Fingerprint=85:CA:76:5A:1B:D1:68:22:DC:A2:23:12:CA:C6:80:34
 -----BEGIN CERTIFICATE-----
-MIIFLDCCBBSgAwIBAgIEOU99hzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJX
-VzESMBAGA1UEChMJYmVUUlVTVGVkMRswGQYDVQQDExJiZVRSVVNUZWQgUm9vdCBD
-QXMxGjAYBgNVBAMTEWJlVFJVU1RlZCBSb290IENBMB4XDTAwMDYyMDE0MjEwNFoX
-DTEwMDYyMDEzMjEwNFowWjELMAkGA1UEBhMCV1cxEjAQBgNVBAoTCWJlVFJVU1Rl
-ZDEbMBkGA1UEAxMSYmVUUlVTVGVkIFJvb3QgQ0FzMRowGAYDVQQDExFiZVRSVVNU
-ZWQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS0c3oT
-CjhVAb6JVuGUntS+WutKNHUbYSnE4a0IYCF4SP+00PpeQY1hRIfo7clY+vyTmt9P
-6j41ffgzeubx181vSUs9Ty1uDoM6GHh3o8/n9E1z2Jo7Gh2+lVPPIJfCzz4kUmwM
-jmVZxXH/YgmPqsWPzGCgc0rXOD8Vcr+il7dw6K/ifhYGTPWqZCZyByWtNfwYsSbX
-2P8ZDoMbjNx4RWc0PfSvHI3kbWvtILNnmrRhyxdviTX/507AMhLn7uzf/5cwdO2N
-R47rtMNE5qdMf1ZD6Li8tr76g5fmu/vEtpO+GRg+jIG5c4gW9JZDnGdzF5DYCW5j
-rEq2I8QBoa2k5MUCAwEAAaOCAfgwggH0MA8GA1UdEwEB/wQFMAMBAf8wggFZBgNV
-HSAEggFQMIIBTDCCAUgGCisGAQQBsT4BAAAwggE4MIIBAQYIKwYBBQUHAgIwgfQa
-gfFSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1
-bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0
-ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGFuZCBjZXJ0aWZpY2F0aW9uIHBy
-YWN0aWNlIHN0YXRlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IGJlVFJVU1Rl
-ZCdzIHdlYiBzaXRlLCBodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0L3Rl
-cm1zMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0
-L3Rlcm1zMDQGA1UdHwQtMCswKaAnoCWkIzAhMRIwEAYDVQQKEwliZVRSVVNUZWQx
-CzAJBgNVBAYTAldXMB0GA1UdDgQWBBQquZtpLjub2M3eKjEENGvKBxirZzAfBgNV
-HSMEGDAWgBQquZtpLjub2M3eKjEENGvKBxirZzAOBgNVHQ8BAf8EBAMCAf4wDQYJ
-KoZIhvcNAQEFBQADggEBAHlh26Nebhax6nZR+csVm8tpvuaBa58oH2U+3RGFktTo
-Qb9+M70j5/Egv6S0phkBxoyNNXxlpE8JpNbYIxUFE6dDea/bow6be3ga8wSGWsb2
-jCBHOElQBp1yZzrwmAOtlmdE/D8QDYZN5AA7KXvOOzuZhmElQITcE2K3+spZ1gMe
-1lMBzW1MaFVA4e5rxyoAAEiCswoBw2AqDPeCNe5IhpbkdNQ96gFxugR1QKepfzk5
-mlWXKWWuGVUlBXJH0+gY3Ljpr0NzARJ0o+FcXxVdJPP55PS2Z2cS52QiivalQaYc
-tmBjRYoQtLpGEK5BV2VsPyMQPyEQWbfkQN0mDCP2qq4=
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
-        Validity
-            Not Before: May 30 10:38:31 2000 GMT
-            Not After : May 30 10:38:31 2020 GMT
-        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:96:96:d4:21:49:60:e2:6b:e8:41:07:0c:de:c4:
-                    e0:dc:13:23:cd:c1:35:c7:fb:d6:4e:11:0a:67:5e:
-                    f5:06:5b:6b:a5:08:3b:5b:29:16:3a:e7:87:b2:34:
-                    06:c5:bc:05:a5:03:7c:82:cb:29:10:ae:e1:88:81:
-                    bd:d6:9e:d3:fe:2d:56:c1:15:ce:e3:26:9d:15:2e:
-                    10:fb:06:8f:30:04:de:a7:b4:63:b4:ff:b1:9c:ae:
-                    3c:af:77:b6:56:c5:b5:ab:a2:e9:69:3a:3d:0e:33:
-                    79:32:3f:70:82:92:99:61:6d:8d:30:08:8f:71:3f:
-                    a6:48:57:19:f8:25:dc:4b:66:5c:a5:74:8f:98:ae:
-                    c8:f9:c0:06:22:e7:ac:73:df:a5:2e:fb:52:dc:b1:
-                    15:65:20:fa:35:66:69:de:df:2c:f1:6e:bc:30:db:
-                    2c:24:12:db:eb:35:35:68:90:cb:00:b0:97:21:3d:
-                    74:21:23:65:34:2b:bb:78:59:a3:d6:e1:76:39:9a:
-                    a4:49:8e:8c:74:af:6e:a4:9a:a3:d9:9b:d2:38:5c:
-                    9b:a2:18:cc:75:23:84:be:eb:e2:4d:33:71:8e:1a:
-                    f0:c2:f8:c7:1d:a2:ad:03:97:2c:f8:cf:25:c6:f6:
-                    b8:24:31:b1:63:5d:92:7f:63:f0:25:c9:53:2e:1f:
-                    bf:4d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
-                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
-                serial:01
-
-    Signature Algorithm: sha1WithRSAEncryption
-        2c:6d:64:1b:1f:cd:0d:dd:b9:01:fa:96:63:34:32:48:47:99:
-        ae:97:ed:fd:72:16:a6:73:47:5a:f4:eb:dd:e9:f5:d6:fb:45:
-        cc:29:89:44:5d:bf:46:39:3d:e8:ee:bc:4d:54:86:1e:1d:6c:
-        e3:17:27:43:e1:89:56:2b:a9:6f:72:4e:49:33:e3:72:7c:2a:
-        23:9a:bc:3e:ff:28:2a:ed:a3:ff:1c:23:ba:43:57:09:67:4d:
-        4b:62:06:2d:f8:ff:6c:9d:60:1e:d8:1c:4b:7d:b5:31:2f:d9:
-        d0:7c:5d:f8:de:6b:83:18:78:37:57:2f:e8:33:07:67:df:1e:
-        c7:6b:2a:95:76:ae:8f:57:a3:f0:f4:52:b4:a9:53:08:cf:e0:
-        4f:d3:7a:53:8b:fd:bb:1c:56:36:f2:fe:b2:b6:e5:76:bb:d5:
-        22:65:a7:3f:fe:d1:66:ad:0b:bc:6b:99:86:ef:3f:7d:f3:18:
-        32:ca:7b:c6:e3:ab:64:46:95:f8:26:69:d9:55:83:7b:2c:96:
-        07:ff:59:2c:44:a3:c6:e5:e9:a9:dc:a1:63:80:5a:21:5e:21:
-        cf:53:54:f0:ba:6f:89:db:a8:aa:95:cf:8b:e3:71:cc:1e:1b:
-        20:44:08:c0:7a:b6:40:fd:c4:e4:35:e1:1d:16:1c:d0:bc:2b:
-        8e:d6:71:d9
-MD5 Fingerprint=1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
 -----BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
-b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
-MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
-QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
-VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
-CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
-tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
-dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
-PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
-+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
-BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
-ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
-IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
-7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
-43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
-eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
-pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
-WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
-        Validity
-            Not Before: May 30 10:48:38 2000 GMT
-            Not After : May 30 10:48:38 2020 GMT
-        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
-                    1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
-                    a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
-                    cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
-                    2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
-                    56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
-                    5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
-                    87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
-                    71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
-                    69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
-                    ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
-                    6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
-                    37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
-                    45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
-                    c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
-                    a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
-                    b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
-                    5a:27
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
-                DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-                serial:01
-
-    Signature Algorithm: sha1WithRSAEncryption
-        b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
-        84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
-        6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
-        bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
-        de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
-        14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
-        93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
-        63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
-        a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
-        45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
-        91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
-        8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
-        60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
-        0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
-        8f:4e:86:04
-MD5 Fingerprint=1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
 -----BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
-IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
-MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
-FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
-bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
-H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
-uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
-mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
-a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
-E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
-WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
-VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
-Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
-IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
-AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
-YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
-6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
-Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
-c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
-mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
-        Validity
-            Not Before: May 30 10:41:50 2000 GMT
-            Not After : May 30 10:41:50 2020 GMT
-        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:e9:1a:30:8f:83:88:14:c1:20:d8:3c:9b:8f:1b:
-                    7e:03:74:bb:da:69:d3:46:a5:f8:8e:c2:0c:11:90:
-                    51:a5:2f:66:54:40:55:ea:db:1f:4a:56:ee:9f:23:
-                    6e:f4:39:cb:a1:b9:6f:f2:7e:f9:5d:87:26:61:9e:
-                    1c:f8:e2:ec:a6:81:f8:21:c5:24:cc:11:0c:3f:db:
-                    26:72:7a:c7:01:97:07:17:f9:d7:18:2c:30:7d:0e:
-                    7a:1e:62:1e:c6:4b:c0:fd:7d:62:77:d3:44:1e:27:
-                    f6:3f:4b:44:b3:b7:38:d9:39:1f:60:d5:51:92:73:
-                    03:b4:00:69:e3:f3:14:4e:ee:d1:dc:09:cf:77:34:
-                    46:50:b0:f8:11:f2:fe:38:79:f7:07:39:fe:51:92:
-                    97:0b:5b:08:5f:34:86:01:ad:88:97:eb:66:cd:5e:
-                    d1:ff:dc:7d:f2:84:da:ba:77:ad:dc:80:08:c7:a7:
-                    87:d6:55:9f:97:6a:e8:c8:11:64:ba:e7:19:29:3f:
-                    11:b3:78:90:84:20:52:5b:11:ef:78:d0:83:f6:d5:
-                    48:90:d0:30:1c:cf:80:f9:60:fe:79:e4:88:f2:dd:
-                    00:eb:94:45:eb:65:94:69:40:ba:c0:d5:b4:b8:ba:
-                    7d:04:11:a8:eb:31:05:96:94:4e:58:21:8e:9f:d0:
-                    60:fd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:81:3E:37:D8:92:B0:1F:77:9F:5C:B4:AB:73:AA:E7:F6:34:60:2F:FA
-                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
-                serial:01
-
-    Signature Algorithm: sha1WithRSAEncryption
-        03:f7:15:4a:f8:24:da:23:56:16:93:76:dd:36:28:b9:ae:1b:
-        b8:c3:f1:64:ba:20:18:78:95:29:27:57:05:bc:7c:2a:f4:b9:
-        51:55:da:87:02:de:0f:16:17:31:f8:aa:79:2e:09:13:bb:af:
-        b2:20:19:12:e5:93:f9:4b:f9:83:e8:44:d5:b2:41:25:bf:88:
-        75:6f:ff:10:fc:4a:54:d0:5f:f0:fa:ef:36:73:7d:1b:36:45:
-        c6:21:6d:b4:15:b8:4e:cf:9c:5c:a5:3d:5a:00:8e:06:e3:3c:
-        6b:32:7b:f2:9f:f0:b6:fd:df:f0:28:18:48:f0:c6:bc:d0:bf:
-        34:80:96:c2:4a:b1:6d:8e:c7:90:45:de:2f:67:ac:45:04:a3:
-        7a:dc:55:92:c9:47:66:d8:1a:8c:c7:ed:9c:4e:9a:e0:12:bb:
-        b5:6a:4c:84:e1:e1:22:0d:87:00:64:fe:8c:7d:62:39:65:a6:
-        ef:42:b6:80:25:12:61:01:a8:24:13:70:00:11:26:5f:fa:35:
-        50:c5:48:cc:06:47:e8:27:d8:70:8d:5f:64:e6:a1:44:26:5e:
-        22:ec:92:cd:ff:42:9a:44:21:6d:5c:c5:e3:22:1d:5f:47:12:
-        e7:ce:5f:5d:fa:d8:aa:b1:33:2d:d9:76:f2:4e:3a:33:0c:2b:
-        b3:2d:90:06
-MD5 Fingerprint=C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
 -----BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
-b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
-MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
-ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
-BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
-6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
-GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
-dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
-1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
-62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
-BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
-MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
-cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
-b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
-IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
-iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
-GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
-4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
-XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEzMDEGA1UECxMq
+SVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTMwMQYD
+VQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
+HjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczAeFw0wMTEyMjkwMDUzNTha
+Fw0yNTEyMjcwMDUzNThaMIIBHDELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
+bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQg
+cHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMu
+ZXMgQy5JLkYuICBCLTYwOTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBD
+QXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFp
+bmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYP
+aXBzQG1haWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJ
+spQgvJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
+hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQTy2nB
+Bt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8wHQYDVR0O
+BBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCCAUGAFKGtMbH5
+PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQGEwJFUzESMBAGA1UE
+CBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJ
+bnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0Bt
+YWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxMzAxBgNVBAsTKklQUyBDQSBD
+aGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAxMqSVBT
+IENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
+BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
+CCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYB
+BAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
+EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBC
+BglghkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
+aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlw
+cy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5pcHMuZXMv
+aXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3
+dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/MDkGCWCGSAGG+EIB
+BwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3JlbmV3YWxDQUMuaHRtbD8w
+NwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5
+Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYoaHR0cDovL3d3dy5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCgLoYsaHR0cDovL3d3d2JhY2suaXBzLmVz
+L2lwczIwMDIvaXBzMjAwMkNBQy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1W
+WKJBGyi3leGmGpVfp3hAK+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfN
+HnNDJGD1HWHc3JagvPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvN
+b2ar7QMiRDjMWb2f2/YHogF/JsRj9SVCXmK9
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
-        Validity
-            Not Before: May 30 10:44:50 2000 GMT
-            Not After : May 30 10:44:50 2020 GMT
-        Subject: C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:e4:1e:9a:fe:dc:09:5a:87:a4:9f:47:be:11:5f:
-                    af:84:34:db:62:3c:79:78:b7:e9:30:b5:ec:0c:1c:
-                    2a:c4:16:ff:e0:ec:71:eb:8a:f5:11:6e:ed:4f:0d:
-                    91:d2:12:18:2d:49:15:01:c2:a4:22:13:c7:11:64:
-                    ff:22:12:9a:b9:8e:5c:2f:08:cf:71:6a:b3:67:01:
-                    59:f1:5d:46:f3:b0:78:a5:f6:0e:42:7a:e3:7f:1b:
-                    cc:d0:f0:b7:28:fd:2a:ea:9e:b3:b0:b9:04:aa:fd:
-                    f6:c7:b4:b1:b8:2a:a0:fb:58:f1:19:a0:6f:70:25:
-                    7e:3e:69:4a:7f:0f:22:d8:ef:ad:08:11:9a:29:99:
-                    e1:aa:44:45:9a:12:5e:3e:9d:6d:52:fc:e7:a0:3d:
-                    68:2f:f0:4b:70:7c:13:38:ad:bc:15:25:f1:d6:ce:
-                    ab:a2:c0:31:d6:2f:9f:e0:ff:14:59:fc:84:93:d9:
-                    87:7c:4c:54:13:eb:9f:d1:2d:11:f8:18:3a:3a:de:
-                    25:d9:f7:d3:40:ed:a4:06:12:c4:3b:e1:91:c1:56:
-                    35:f0:14:dc:65:36:09:6e:ab:a4:07:c7:35:d1:c2:
-                    03:33:36:5b:75:26:6d:42:f1:12:6b:43:6f:4b:71:
-                    94:fa:34:1d:ed:13:6e:ca:80:7f:98:2f:6c:b9:65:
-                    d8:e9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:39:95:8B:62:8B:5C:C9:D4:80:BA:58:0F:97:3F:15:08:43:CC:98:A7
-                DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
-                serial:01
-
-    Signature Algorithm: sha1WithRSAEncryption
-        19:ab:75:ea:f8:8b:65:61:95:13:ba:69:04:ef:86:ca:13:a0:
-        c7:aa:4f:64:1b:3f:18:f6:a8:2d:2c:55:8f:05:b7:30:ea:42:
-        6a:1d:c0:25:51:2d:a7:bf:0c:b3:ed:ef:08:7f:6c:3c:46:1a:
-        ea:18:43:df:76:cc:f9:66:86:9c:2c:68:f5:e9:17:f8:31:b3:
-        18:c4:d6:48:7d:23:4c:68:c1:7e:bb:01:14:6f:c5:d9:6e:de:
-        bb:04:42:6a:f8:f6:5c:7d:e5:da:fa:87:eb:0d:35:52:67:d0:
-        9e:97:76:05:93:3f:95:c7:01:e6:69:55:38:7f:10:61:99:c9:
-        e3:5f:a6:ca:3e:82:63:48:aa:e2:08:48:3e:aa:f2:b2:85:62:
-        a6:b4:a7:d9:bd:37:9c:68:b5:2d:56:7d:b0:b7:3f:a0:b1:07:
-        d6:e9:4f:dc:de:45:71:30:32:7f:1b:2e:09:f9:bf:52:a1:ee:
-        c2:80:3e:06:5c:2e:55:40:c1:1b:f5:70:45:b0:dc:5d:fa:f6:
-        72:5a:77:d2:63:cd:cf:58:89:00:42:63:3f:79:39:d0:44:b0:
-        82:6e:41:19:e8:dd:e0:c1:88:5a:d1:1e:71:93:1f:24:30:74:
-        e5:1e:a8:de:3c:27:37:7f:83:ae:9e:77:cf:f0:30:b1:ff:4b:
-        99:e8:c6:a1
-MD5 Fingerprint=27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
 -----BEGIN CERTIFICATE-----
-MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
-b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
-MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
-EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
-BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
-xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
-87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
-2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
-WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
-0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
-A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
-pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
-ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
-aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
-hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
-hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
-dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
-P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
-iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
-xqE=
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            2b:68:d4:a3:46:9e:c5:3b:28:09:ab:38:5d:7f:27:20
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
-        Validity
-            Not Before: Aug  4 00:00:00 2000 GMT
-            Not After : Aug  3 23:59:59 2004 GMT
-        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 1 Public Primary OCSP Responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b9:ed:5e:7a:3a:77:5f:ce:5f:3a:52:fc:cd:64:
-                    f7:71:b5:6f:6a:96:c6:59:92:55:94:5d:2f:5b:2e:
-                    c1:11:ea:26:8a:cb:a7:81:3c:f6:5a:44:de:7a:13:
-                    2f:fd:5a:51:d9:7b:37:26:4a:c0:27:3f:04:03:6a:
-                    56:c1:83:2c:e1:6f:5b:a9:54:50:24:4a:c6:2e:7a:
-                    4c:a1:5b:37:54:24:21:31:1f:a1:78:18:76:a7:b1:
-                    70:da:22:d0:6a:fe:07:62:40:c6:f7:f6:9b:7d:0c:
-                    06:b8:4b:c7:28:e4:66:23:84:51:ef:46:b7:93:d8:
-                    81:33:cb:e5:36:ac:c6:e8:05
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Alternative Name: 
-                DirName:/CN=OCSP 1-1
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.verisign.com/pca1.crl
-
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.verisign.com/ocsp/status
-
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.1.1
-                  CPS: https://www.verisign.com/RPA
-
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-        70:90:dd:b8:e4:be:53:17:7c:7f:02:e9:d5:f7:8b:99:93:31:
-        60:8d:7e:e6:60:6b:24:ef:60:ac:d2:ce:91:de:80:6d:09:a4:
-        d3:b8:38:e5:44:ca:72:5e:0d:2d:c1:77:9c:bd:2c:03:78:29:
-        8d:a4:a5:77:87:f5:f1:2b:26:ad:cc:07:6c:3a:54:5a:28:e0:
-        09:f3:4d:0a:04:ca:d4:58:69:0b:a7:b3:f5:dd:01:a5:e7:dc:
-        f0:1f:ba:c1:5d:90:8d:b3:ea:4f:c1:11:59:97:6a:b2:2b:13:
-        b1:da:ad:97:a1:b3:b1:a0:20:5b:ca:32:ab:8d:cf:13:f0:1f:
-        29:c3
-MD5 Fingerprint=7E:6F:3A:53:1B:7C:BE:B0:30:DB:43:1E:1E:94:89:B2
------BEGIN CERTIFICATE-----
-MIIDnjCCAwegAwIBAgIQK2jUo0aexTsoCas4XX8nIDANBgkqhkiG9w0BAQUFADBf
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
-LkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDAwODA0MDAwMDAwWhcNMDQwODAzMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
-aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
-BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
-UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
-UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC57V56Ondfzl86
-UvzNZPdxtW9qlsZZklWUXS9bLsER6iaKy6eBPPZaRN56Ey/9WlHZezcmSsAnPwQD
-albBgyzhb1upVFAkSsYuekyhWzdUJCExH6F4GHansXDaItBq/gdiQMb39pt9DAa4
-S8co5GYjhFHvRreT2IEzy+U2rMboBQIDAQABo4IBEDCCAQwwIAYDVR0RBBkwF6QV
-MBMxETAPBgNVBAMTCE9DU1AgMS0xMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9j
-cmwudmVyaXNpZ24uY29tL3BjYTEuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEIG
-CCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2ln
-bi5jb20vb2NzcC9zdGF0dXMwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBATAqMCgG
-CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vUlBBMAkGA1UdEwQC
-MAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAHCQ3bjkvlMXfH8C6dX3
-i5mTMWCNfuZgayTvYKzSzpHegG0JpNO4OOVEynJeDS3Bd5y9LAN4KY2kpXeH9fEr
-Jq3MB2w6VFoo4AnzTQoEytRYaQuns/XdAaXn3PAfusFdkI2z6k/BEVmXarIrE7Ha
-rZehs7GgIFvKMquNzxPwHynD
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            09:46:17:e6:1d:d8:d4:1c:a0:0c:a0:62:e8:79:8a:a7
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
-        Validity
-            Not Before: Aug  1 00:00:00 2000 GMT
-            Not After : Jul 31 23:59:59 2004 GMT
-        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 2 Public Primary OCSP Responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d0:ca:63:31:61:7f:44:34:7c:05:7d:0b:3d:6a:
-                    90:cb:79:4b:77:0a:3f:4b:c7:23:e5:c0:62:2d:7e:
-                    9c:7e:3e:88:87:91:d0:ac:e8:4d:49:87:a2:96:90:
-                    8a:dd:04:a5:02:3f:8c:9b:e9:89:fe:62:a0:e2:5a:
-                    bd:c8:dd:b4:78:e6:a5:42:93:08:67:01:c0:20:4d:
-                    d7:5c:f4:5d:da:b3:e3:37:a6:52:1a:2c:4c:65:4d:
-                    8a:87:d9:a8:a3:f1:49:54:bb:3c:5c:80:51:68:c6:
-                    fb:49:ff:0b:55:ab:15:dd:fb:9a:c1:b9:1d:74:0d:
-                    b2:8c:44:5d:89:fc:9f:f9:83
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Alternative Name: 
-                DirName:/CN=OCSP 1-2
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.verisign.com/pca2.crl
-
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.verisign.com/ocsp/status
-
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.1.1
-                  CPS: https://www.verisign.com/RPA
-
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-        1f:7d:09:6e:24:46:75:04:9c:f3:26:9b:e3:39:6e:17:ef:bc:
-        bd:a2:1b:d2:02:84:86:ab:d0:40:97:2c:c4:43:88:37:19:6b:
-        22:a8:03:71:50:9d:20:dc:36:60:20:9a:73:2d:73:55:6c:58:
-        9b:2c:c2:b4:34:2c:7a:33:42:ca:91:d9:e9:43:af:cf:1e:e0:
-        f5:c4:7a:ab:3f:72:63:1e:a9:37:e1:5b:3b:88:b3:13:86:82:
-        90:57:cb:57:ff:f4:56:be:22:dd:e3:97:a8:e1:bc:22:43:c2:
-        dd:4d:db:f6:81:9e:92:14:9e:39:0f:13:54:de:82:d8:c0:5e:
-        34:8d
-MD5 Fingerprint=F3:45:BD:10:96:0D:85:4B:EF:9F:11:62:34:A7:5E:B5
------BEGIN CERTIFICATE-----
-MIIDnjCCAwegAwIBAgIQCUYX5h3Y1BygDKBi6HmKpzANBgkqhkiG9w0BAQUFADBf
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
-LkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDAwODAxMDAwMDAwWhcNMDQwNzMxMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
-aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
-BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
-UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
-UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQymMxYX9ENHwF
-fQs9apDLeUt3Cj9LxyPlwGItfpx+PoiHkdCs6E1Jh6KWkIrdBKUCP4yb6Yn+YqDi
-Wr3I3bR45qVCkwhnAcAgTddc9F3as+M3plIaLExlTYqH2aij8UlUuzxcgFFoxvtJ
-/wtVqxXd+5rBuR10DbKMRF2J/J/5gwIDAQABo4IBEDCCAQwwIAYDVR0RBBkwF6QV
-MBMxETAPBgNVBAMTCE9DU1AgMS0yMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9j
-cmwudmVyaXNpZ24uY29tL3BjYTIuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEIG
-CCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2ln
-bi5jb20vb2NzcC9zdGF0dXMwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBATAqMCgG
-CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vUlBBMAkGA1UdEwQC
-MAAwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAB99CW4kRnUEnPMmm+M5
-bhfvvL2iG9IChIar0ECXLMRDiDcZayKoA3FQnSDcNmAgmnMtc1VsWJsswrQ0LHoz
-QsqR2elDr88e4PXEeqs/cmMeqTfhWzuIsxOGgpBXy1f/9Fa+It3jl6jhvCJDwt1N
-2/aBnpIUnjkPE1TegtjAXjSN
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            2e:96:9e:bf:b6:62:6c:ec:7b:e9:73:cc:e3:6c:c1:84
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
-        Validity
-            Not Before: Aug  4 00:00:00 2000 GMT
-            Not After : Aug  3 23:59:59 2004 GMT
-        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Class 3 Public Primary OCSP Responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:f1:e4:08:0e:83:bb:75:e3:48:e5:b8:db:a6:f0:
-                    b9:ab:e9:3c:62:c7:5e:35:5b:d0:02:54:11:d8:c9:
-                    d1:56:b9:76:4b:b9:ab:7a:e6:cd:ba:f6:0c:04:d6:
-                    7e:d6:b0:0a:65:ac:4e:39:e3:f1:f7:2d:a3:25:39:
-                    ef:b0:8b:cf:be:db:0c:5d:6e:70:f4:07:cd:70:f7:
-                    3a:c0:3e:35:16:ed:78:8c:43:cf:c2:26:2e:47:d6:
-                    86:7d:9c:f1:be:d6:67:0c:22:25:a4:ca:65:e6:1f:
-                    7a:78:28:2f:3f:05:db:04:21:bf:e1:45:66:fe:3c:
-                    b7:82:ed:5a:b8:16:15:b9:55
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Alternative Name: 
-                DirName:/CN=OCSP 1-3
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.verisign.com/pca3.1.1.crl
-
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.verisign.com/ocsp/status
-
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.1.1
-                  CPS: https://www.verisign.com/RPA
-
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-        02:f6:53:63:c0:a9:1e:f2:d0:8b:33:30:8f:48:9b:4c:b0:56:
-        b4:83:71:4a:be:dc:50:d8:f5:b6:e0:0b:db:bd:78:4f:e9:cf:
-        09:34:da:29:49:9d:01:73:5a:91:91:82:54:2c:13:0a:d3:77:
-        23:cf:37:fc:63:de:a7:e3:f6:b7:b5:69:45:28:49:c3:91:dc:
-        aa:47:1c:a9:88:99:2c:05:2a:8d:8d:8a:fa:62:e2:5a:b7:00:
-        20:5d:39:c4:28:c2:cb:fc:9e:a8:89:ae:5b:3d:8e:12:ea:32:
-        b2:fc:eb:14:d7:09:15:1a:c0:cd:1b:d5:b5:15:4e:41:d5:96:
-        e3:4e
-MD5 Fingerprint=7D:51:92:C9:76:83:98:16:DE:8C:B3:86:C4:7D:66:FB
------BEGIN CERTIFICATE-----
-MIIDojCCAwugAwIBAgIQLpaev7ZibOx76XPM42zBhDANBgkqhkiG9w0BAQUFADBf
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
-LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDAwODA0MDAwMDAwWhcNMDQwODAzMjM1OTU5WjCBpzEXMBUGA1UEChMOVmVy
-aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5
-BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v
-UlBBIChjKTAwMS4wLAYDVQQDEyVDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IE9DU1Ag
-UmVzcG9uZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDx5AgOg7t140jl
-uNum8Lmr6Txix141W9ACVBHYydFWuXZLuat65s269gwE1n7WsAplrE454/H3LaMl
-Oe+wi8++2wxdbnD0B81w9zrAPjUW7XiMQ8/CJi5H1oZ9nPG+1mcMIiWkymXmH3p4
-KC8/BdsEIb/hRWb+PLeC7Vq4FhW5VQIDAQABo4IBFDCCARAwIAYDVR0RBBkwF6QV
-MBMxETAPBgNVBAMTCE9DU1AgMS0zMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9j
-cmwudmVyaXNpZ24uY29tL3BjYTMuMS4xLmNybDATBgNVHSUEDDAKBggrBgEFBQcD
-CTBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAGmJhYkaHR0cDovL29jc3AudmVy
-aXNpZ24uY29tL29jc3Avc3RhdHVzMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw
-KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL1JQQTAJBgNV
-HRMEAjAAMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAC9lNjwKke8tCL
-MzCPSJtMsFa0g3FKvtxQ2PW24AvbvXhP6c8JNNopSZ0Bc1qRkYJULBMK03cjzzf8
-Y96n4/a3tWlFKEnDkdyqRxypiJksBSqNjYr6YuJatwAgXTnEKMLL/J6oia5bPY4S
-6jKy/OsU1wkVGsDNG9W1FU5B1ZbjTg==
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAwNTkzOFoXDTI1MTIyNzAw
+NTkzOFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywS
+zHb5BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
+YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJZHMQ
+KD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzcuh9morKb
+adB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKbadB4CKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTEuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UxLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuK
+Yn4VLenZMdMu9Ccj/1urxUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpj
+V4F1Wo7ojPsCwJTGKbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+
+hjM+5i9Ibq9UkE6tsSU=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ff:45:d5:27:5d:24:fb:b3:c2:39:24:53:57:e1:4f:de
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Aug  4 00:00:00 2000 GMT
-            Not After : Aug  3 23:59:59 2004 GMT
-        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/RPA (c)00, CN=Secure Server OCSP Responder
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b8:51:99:64:85:0e:ee:b3:0a:68:f0:bf:63:76:
-                    1d:53:f5:fc:a1:78:8c:33:ee:9f:f4:be:39:da:9b:
-                    0f:4d:47:a9:8f:20:e8:4b:44:bd:ce:cd:7b:90:d1:
-                    30:e8:90:c4:25:7b:89:28:de:bd:f6:93:1d:ff:b9:
-                    ff:92:b5:a9:8d:e4:ae:cc:e2:c3:07:83:6a:a3:72:
-                    10:01:27:62:22:a6:35:26:39:2d:9e:cf:60:0c:fc:
-                    47:a4:d7:d0:42:78:a7:1d:6c:d0:cb:4f:15:a7:29:
-                    0a:b4:95:45:c4:b1:e7:5a:09:d7:39:95:d8:1d:35:
-                    9e:c2:bd:b3:5d:c1:0c:4b:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Alternative Name: 
-                DirName:/CN=OCSP 1-4
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.verisign.com/RSASecureServer-p.crl
-
-            X509v3 Extended Key Usage: 
-                OCSP Signing
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.verisign.com/ocsp/status
-
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.1.1
-                  CPS: https://www.verisign.com/RPA
-
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha1WithRSAEncryption
-        00:b3:10:53:66:9c:49:93:2e:31:a0:02:42:d2:58:57:7e:66:
-        a1:fe:1b:8a:61:18:50:40:2c:1e:2b:41:a5:d6:db:ff:ac:08:
-        1c:5a:05:6d:02:5c:2a:b6:96:4f:47:db:be:4e:db:ce:cc:ba:
-        86:b8:18:ce:b1:12:91:5f:63:f7:f3:48:3e:cc:f1:4d:13:e4:
-        6d:09:94:78:00:92:cb:a3:20:9d:06:0b:6a:a0:43:07:ce:d1:
-        19:6c:8f:18:75:9a:9f:17:33:fd:a9:26:b8:e3:e2:de:c2:a8:
-        c4:5a:8a:7f:98:d6:07:06:6b:cc:56:9e:86:70:ce:d4:ef
-MD5 Fingerprint=2C:62:C3:D8:80:01:16:09:EA:59:EA:78:AB:10:43:F6
------BEGIN CERTIFICATE-----
-MIIDnzCCAwygAwIBAgIRAP9F1SddJPuzwjkkU1fhT94wDQYJKoZIhvcNAQEFBQAw
-XzELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMu
-MS4wLAYDVQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MB4XDTAwMDgwNDAwMDAwMFoXDTA0MDgwMzIzNTk1OVowgZ4xFzAVBgNVBAoTDlZl
-cmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTsw
-OQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-L1JQQSAoYykwMDElMCMGA1UEAxMcU2VjdXJlIFNlcnZlciBPQ1NQIFJlc3BvbmRl
-cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuFGZZIUO7rMKaPC/Y3YdU/X8
-oXiMM+6f9L452psPTUepjyDoS0S9zs17kNEw6JDEJXuJKN699pMd/7n/krWpjeSu
-zOLDB4Nqo3IQASdiIqY1Jjktns9gDPxHpNfQQninHWzQy08VpykKtJVFxLHnWgnX
-OZXYHTWewr2zXcEMSx8CAwEAAaOCAR0wggEZMCAGA1UdEQQZMBekFTATMREwDwYD
-VQQDEwhPQ1NQIDEtNDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vY3JsLnZlcmlz
-aWduLmNvbS9SU0FTZWN1cmVTZXJ2ZXItcC5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH
-AwkwQgYIKwYBBQUHAQEENjA0MDIGCCsGAQUFBzABpiYWJGh0dHA6Ly9vY3NwLnZl
-cmlzaWduLmNvbS9vY3NwL3N0YXR1czBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBwEB
-MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9SUEEwCQYD
-VR0TBAIwADALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADfgAAsxBTZpxJky4x
-oAJC0lhXfmah/huKYRhQQCweK0Gl1tv/rAgcWgVtAlwqtpZPR9u+TtvOzLqGuBjO
-sRKRX2P380g+zPFNE+RtCZR4AJLLoyCdBgtqoEMHztEZbI8YdZqfFzP9qSa44+Le
-wqjEWop/mNYHBmvMVp6GcM7U7w==
+-----BEGIN CERTIFICATE-----
+MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
+SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
+DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMDE0NFoXDTI1MTIyNzAx
+MDE0NFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
+VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
+IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
+IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZ
+H49NzjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
+8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBxRiVr
+SXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLnev42USGj
+mFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGjmFsMNKGCARqk
+ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
+BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
+ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
+LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
+VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
+FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
+AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
+D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRp
+ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
+BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
+dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMD8GCWCG
+SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
+TEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
+czIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
+L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTMuaHRtbDBzBgNVHR8EbDBq
+MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMu
+Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
+Q0xBU0UzLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
+Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dD
+qsfwfewPxqmurpYPdikc4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9
+D6eSb9ijBmgpjnn1/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGy
+r33I6unUVtkOE7LFRVA=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            53:61:b2:60:ae:db:71:8e:a7:94:b3:13:33:f4:07:09
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: Sep 26 00:00:00 2000 GMT
-            Not After : Sep 25 23:59:59 2010 GMT
-        Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)00, CN=VeriSign Time Stamping Authority CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d2:19:9d:67:c2:00:21:59:62:ce:b4:09:22:44:
-                    69:8a:f8:25:5a:db:ed:0d:b7:36:7e:4e:e0:bb:94:
-                    3e:90:25:87:c2:61:47:29:d9:bd:54:b8:63:cc:2c:
-                    7d:69:b4:33:36:f4:37:07:9a:c1:dd:40:54:fc:e0:
-                    78:9d:a0:93:b9:09:3d:23:51:7f:44:c2:14:74:db:
-                    0a:be:cb:c9:30:34:40:98:3e:d0:d7:25:10:81:94:
-                    bd:07:4f:9c:d6:54:27:df:2e:a8:bf:cb:90:8c:8d:
-                    75:4b:bc:e2:e8:44:87:cd:e6:41:0a:25:6e:e8:f4:
-                    24:02:c5:52:0f:6e:ec:98:75
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE, pathlen:0
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.23.1.3
-                  CPS: https://www.verisign.com/rpa
-
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.verisign.com/pca3.crl
-
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.verisign.com/ocsp/status
-
-    Signature Algorithm: sha1WithRSAEncryption
-        82:70:68:95:df:b6:0d:c2:01:70:19:4a:d2:54:56:1e:ac:f2:
-        45:4c:87:b8:f5:35:eb:78:4b:05:a9:c8:9d:3b:19:21:2e:70:
-        34:4a:a2:f5:89:e0:15:75:45:e7:28:37:00:34:27:29:e8:37:
-        4b:f2:ef:44:97:6b:17:51:1a:c3:56:9d:3c:1a:8a:f6:4a:46:
-        46:37:8c:fa:cb:f5:64:5a:38:68:2e:1c:c3:ef:70:ce:b8:46:
-        06:16:bf:f7:7e:e7:b5:a8:3e:45:ac:a9:25:75:22:7b:6f:3f:
-        b0:9c:94:e7:c7:73:ab:ac:1f:ee:25:9b:c0:16:ed:b7:ca:5b:
-        f0:14
-MD5 Fingerprint=89:49:54:8C:C8:68:9A:83:29:EC:DC:06:73:21:AB:97
 -----BEGIN CERTIFICATE-----
-MIIDzTCCAzagAwIBAgIQU2GyYK7bcY6nlLMTM/QHCTANBgkqhkiG9w0BAQUFADCB
-wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
-EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
-cmswHhcNMDAwOTI2MDAwMDAwWhcNMTAwOTI1MjM1OTU5WjCBpTEXMBUGA1UEChMO
-VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
-OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
-b20vcnBhIChjKTAwMSwwKgYDVQQDEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIEF1
-dGhvcml0eSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hmdZ8IAIVli
-zrQJIkRpivglWtvtDbc2fk7gu5Q+kCWHwmFHKdm9VLhjzCx9abQzNvQ3B5rB3UBU
-/OB4naCTuQk9I1F/RMIUdNsKvsvJMDRAmD7Q1yUQgZS9B0+c1lQn3y6ov8uQjI11
-S7zi6ESHzeZBCiVu6PQkAsVSD27smHUCAwEAAaOB3zCB3DAPBgNVHRMECDAGAQH/
-AgEAMEUGA1UdIAQ+MDwwOgYMYIZIAYb4RQEHFwEDMCowKAYIKwYBBQUHAgEWHGh0
-dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
-cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwCwYDVR0PBAQDAgEGMEIGCCsG
-AQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2lnbi5j
-b20vb2NzcC9zdGF0dXMwDQYJKoZIhvcNAQEFBQADgYEAgnBold+2DcIBcBlK0lRW
-HqzyRUyHuPU163hLBanInTsZIS5wNEqi9YngFXVF5yg3ADQnKeg3S/LvRJdrF1Ea
-w1adPBqK9kpGRjeM+sv1ZFo4aC4cw+9wzrhGBha/937ntag+RaypJXUie28/sJyU
-58dzq6wf7iWbwBbtt8pb8BQ=
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNTMyWhcNMjUxMjI3
+MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8
+m2mdd81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
+ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1e+J8
+eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/2LUDnf47
+3P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf473P7yiuYV3TCh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMS5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTEuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyA
+AIQVCtWYUQxkxZwCWINmyq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeF
+aQoO42Hu6r4okzPV7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aL
+H2betgPAK7N41lUH5Y85UN4HI3LmvSAUS7SG
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
-        Validity
-            Not Before: Jan  1 00:00:00 1997 GMT
-            Not After : Dec 31 23:59:59 2020 GMT
-        Subject: C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d6:2b:58:78:61:45:86:53:ea:34:7b:51:9c:ed:
-                    b0:e6:2e:18:0e:fe:e0:5f:a8:27:d3:b4:c9:e0:7c:
-                    59:4e:16:0e:73:54:60:c1:7f:f6:9f:2e:e9:3a:85:
-                    24:15:3c:db:47:04:63:c3:9e:c4:94:1a:5a:df:4c:
-                    7a:f3:d9:43:1d:3c:10:7a:79:25:db:90:fe:f0:51:
-                    e7:30:d6:41:00:fd:9f:28:df:79:be:94:bb:9d:b6:
-                    14:e3:23:85:d7:a9:41:e0:4c:a4:79:b0:2b:1a:8b:
-                    f2:f8:3b:8a:3e:45:ac:71:92:00:b4:90:41:98:fb:
-                    5f:ed:fa:b7:2e:8a:f8:88:37
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        67:db:e2:c2:e6:87:3d:40:83:86:37:35:7d:1f:ce:9a:c3:0c:
-        66:20:a8:ba:aa:04:89:86:c2:f5:10:08:0d:bf:cb:a2:05:8a:
-        d0:4d:36:3e:f4:d7:ef:69:c6:5e:e4:b0:94:6f:4a:b9:e7:de:
-        5b:88:b6:7b:db:e3:27:e5:76:c3:f0:35:c1:cb:b5:27:9b:33:
-        79:dc:90:a6:00:9e:77:fa:fc:cd:27:94:42:16:9c:d3:1c:68:
-        ec:bf:5c:dd:e5:a9:7b:10:0a:32:74:54:13:31:8b:85:03:84:
-        91:b7:58:01:30:14:38:af:28:ca:fc:b1:50:19:19:09:ac:89:
-        49:d3
-MD5 Fingerprint=7F:66:7A:71:D3:EB:69:78:20:9A:51:14:9D:83:DA:20
 -----BEGIN CERTIFICATE-----
-MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
-BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAd
-BgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcwMTAxMDAwMDAwWhcN
-MjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
-Q2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsG
-A1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1l
-c3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYrWHhhRYZT
-6jR7UZztsOYuGA7+4F+oJ9O0yeB8WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQa
-Wt9MevPZQx08EHp5JduQ/vBR5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL
-8vg7ij5FrHGSALSQQZj7X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC
-9RAIDb/LogWK0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQ
-pgCed/r8zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZ
-CayJSdM=
+MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
+SVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
+JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
+hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNzUwWhcNMjUxMjI3
+MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvN
+G7uGBiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
+VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4Ninn
+6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2YZM50yz8
+2l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz82l09BXW3mQKh
+ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
+BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
+bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
+LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
+AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
+BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
+BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
+hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
+EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBD
+QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
+SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
+AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
+cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
+b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
+aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRtbD8wOwYJYIZIAYb4QgEI
+BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMy5odG1s
+MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
+MjAwMkNMQVNFQTMuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
+MjAwMi9pcHMyMDAyQ0xBU0VBMy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
+BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca
+2on0eisxeewBwMwB9dbB/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI
+3y2s6Q73nMify5NF8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYS
+AfWRMS1Jjbs/RU4s4OjNtckUFQzjB4ObJnXv
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 949686588 (0x389b113c)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=Entrust.net, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Validity
-            Not Before: Feb  4 17:20:00 2000 GMT
-            Not After : Feb  4 17:50:00 2020 GMT
-        Subject: O=Entrust.net, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c7:c1:5f:4e:71:f1:ce:f0:60:86:0f:d2:58:7f:
-                    d3:33:97:2d:17:a2:75:30:b5:96:64:26:2f:68:c3:
-                    44:ab:a8:75:e6:00:67:34:57:9e:65:c7:22:9b:73:
-                    e6:d3:dd:08:0e:37:55:aa:25:46:81:6c:bd:fe:a8:
-                    f6:75:57:57:8c:90:6c:4a:c3:3e:8b:4b:43:0a:c9:
-                    11:56:9a:9a:27:22:99:cf:55:9e:61:d9:02:e2:7c:
-                    b6:7c:38:07:dc:e3:7f:4f:9a:b9:03:41:80:b6:75:
-                    67:13:0b:9f:e8:57:36:c8:5d:00:36:de:66:14:da:
-                    6e:76:1f:4f:37:8c:82:13:89
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Feb  4 17:20:00 2000 GMT, Not After: Feb  4 17:50:00 2020 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:CB:6C:C0:6B:E3:BB:3E:CB:FC:22:9C:FE:FB:8B:92:9C:B0:F2:6E:22
-
-            X509v3 Subject Key Identifier: 
-                CB:6C:C0:6B:E3:BB:3E:CB:FC:22:9C:FE:FB:8B:92:9C:B0:F2:6E:22
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V5.0:4.0....
-    Signature Algorithm: md5WithRSAEncryption
-        62:db:81:91:ce:c8:9a:77:42:2f:ec:bd:27:a3:53:0f:50:1b:
-        ea:4e:92:f0:a9:af:a9:a0:ba:48:61:cb:ef:c9:06:ef:1f:d5:
-        f4:ee:df:56:2d:e6:ca:6a:19:73:aa:53:be:92:b3:50:02:b6:
-        85:26:72:63:d8:75:50:62:75:14:b7:b3:50:1a:3f:ca:11:00:
-        0b:85:45:69:6d:b6:a5:ae:51:e1:4a:dc:82:3f:6c:8c:34:b2:
-        77:6b:d9:02:f6:7f:0e:ea:65:04:f1:cd:54:ca:ba:c9:cc:e0:
-        84:f7:c8:3e:11:97:d3:60:09:18:bc:05:ff:6c:89:33:f0:ec:
-        15:0f
-MD5 Fingerprint=9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
 -----BEGIN CERTIFICATE-----
-MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UEChML
-RW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xfQ1BTIGlu
-Y29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg
-RW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDQxNzIwMDBa
-Fw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDE/MD0GA1UE
-CxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
-dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVk
-MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO
-8GCGD9JYf9Mzly0XonUwtZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaB
-bL3+qPZ1V1eMkGxKwz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2
-dWcTC5/oVzbIXQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4
-QgEBBAQDAgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoT
-C0VudHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
-IEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy
-ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEw
-KwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIwNDE3NTAwMFowCwYD
-VR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc/vuLkpyw8m4iMB0GA1Ud
-DgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2
-fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBi24GRzsia
-d0Iv7L0no1MPUBvqTpLwqa+poLpIYcvvyQbvH9X07t9WLebKahlzqlO+krNQAraF
-JnJj2HVQYnUUt7NQGj/KEQALhUVpbbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1U
-yrrJzOCE98g+EZfTYAkYvAX/bIkz8OwVDw==
+MIICtzCCAiACAQAwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVTMRIwEAYD
+VQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UEChMQSVBT
+IFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcwFQYDVQQD
+Ew5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVz
+MB4XDTk4MDEwMTIzMjEwN1oXDTA5MTIyOTIzMjEwN1owgaMxCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UE
+ChMQSVBTIFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcw
+FQYDVQQDEw5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
+aXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsT1J0nznqjtwlxLyY
+XZhkJAk8IbPMGbWOlI6H0fg3PqHILVikgDVboXVsHUUMH2Fjal5vmwpMwci4YSM1
+gf/+rHhwLWjhOgeYlQJU3c0jt4BT18g3RXIGJBK6E2Ehim51KODFDzT9NthFf+G4
+Nu+z4cYgjui0OLzhPvYR3oydAQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACzzw3lY
+JN7GO9HgQmm47mSzPWIBubOE3yN93ZjPEKn+ANgilgUTB1RXxafey9m4iEL2mdsU
+dx+2/iU94aI+A6mB0i1sR/WWRowiq8jMDQ6XXotBtDvECgZAHd1G9AHduoIuPD14
+cJ58GNCr+Lh3B0Zx8coLY1xq+XKU1QFPoNtC
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 949941988 (0x389ef6e4)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: O=Entrust.net, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Validity
-            Not Before: Feb  7 16:16:40 2000 GMT
-            Not After : Feb  7 16:46:40 2020 GMT
-        Subject: O=Entrust.net, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), OU=(c) 2000 Entrust.net Limited, CN=Entrust.net Client Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:93:74:b4:b6:e4:c5:4b:d6:a1:68:7f:62:d5:ec:
-                    f7:51:57:b3:72:4a:98:f5:d0:89:c9:ad:63:cd:4d:
-                    35:51:6a:84:d4:ad:c9:68:79:6f:b8:eb:11:db:87:
-                    ae:5c:24:51:13:f1:54:25:84:af:29:2b:9f:e3:80:
-                    e2:d9:cb:dd:c6:45:49:34:88:90:5e:01:97:ef:ea:
-                    53:a6:dd:fc:c1:de:4b:2a:25:e4:e9:35:fa:55:05:
-                    06:e5:89:7a:ea:a4:11:57:3b:fc:7c:3d:36:cd:67:
-                    35:6d:a4:a9:25:59:bd:66:f5:f9:27:e4:95:67:d6:
-                    3f:92:80:5e:f2:34:7d:2b:85
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Feb  7 16:16:40 2000 GMT, Not After: Feb  7 16:46:40 2020 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:84:8B:74:FD:C5:8D:C0:FF:27:6D:20:37:45:7C:FE:2D:CE:BA:D3:7D
-
-            X509v3 Subject Key Identifier: 
-                84:8B:74:FD:C5:8D:C0:FF:27:6D:20:37:45:7C:FE:2D:CE:BA:D3:7D
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V5.0:4.0....
-    Signature Algorithm: md5WithRSAEncryption
-        4e:6f:35:80:3b:d1:8a:f5:0e:a7:20:cb:2d:65:55:d0:92:f4:
-        e7:84:b5:06:26:83:12:84:0b:ac:3b:b2:44:ee:bd:cf:40:db:
-        20:0e:ba:6e:14:ea:30:e0:3b:62:7c:7f:8b:6b:7c:4a:a7:d5:
-        35:3c:be:a8:5c:ea:4b:bb:93:8e:80:66:ab:0f:29:fd:4d:2d:
-        bf:1a:9b:0a:90:c5:ab:da:d1:b3:86:d4:2f:24:52:5c:7a:6d:
-        c6:f2:fe:e5:4d:1a:30:8c:90:f2:ba:d7:4a:3e:43:7e:d4:c8:
-        50:1a:87:f8:4f:81:c7:76:0b:84:3a:72:9d:ce:65:66:97:ae:
-        26:5e
-MD5 Fingerprint=9A:77:19:18:ED:96:CF:DF:1B:B7:0E:F5:8D:B9:88:2E
 -----BEGIN CERTIFICATE-----
-MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UEChML
-RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NBX0NQUyBp
-bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw
-IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVu
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDcxNjE2NDBaFw0yMDAy
-MDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
-LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
-YWIuKTElMCMGA1UECxMcKGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
-A1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7Ny
-Spj10InJrWPNTTVRaoTUrcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0
-iJBeAZfv6lOm3fzB3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn
-5JVn1j+SgF7yNH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHd
-BgNVHR8EgdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0
-MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy
-ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5l
-dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAy
-MDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQDAgEGMB8GA1UdIwQY
-MBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQWBBSEi3T9xY3A/ydtIDdF
-fP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4w
-AwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWAO9GK9Q6nIMstZVXQkvTnhLUGJoMS
-hAusO7JE7r3PQNsgDrpuFOow4DtifH+La3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/
-GpsKkMWr2tGzhtQvJFJcem3G8v7lTRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKd
-zmVml64mXg==
+MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYTAkVT
+MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
+ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
+ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjE0MDIGA1UECxMr
+SVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE0MDIG
+A1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMTAx
+OFoXDTI1MTIyNzAxMTAxOFowggEeMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFy
+Y2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5l
+dCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlw
+cy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3Rh
+bXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBU
+aW1lc3RhbXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0B
+CQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+vLjuVqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
+Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6KaFY
+q6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAwggR8MB0G
+A1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSCAUcwggFDgBSL
+0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkGA1UEBhMCRVMxEjAQ
+BgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJ
+UFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJp
+cHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMTQwMgYDVQQLEytJUFMg
+Q0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTQwMgYDVQQD
+EytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4w
+HAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
+BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
+FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYD
+VR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlw
+cy5lczBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
+IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwWGmh0
+dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFodHRwOi8v
+d3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMEUGCWCG
+SAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25U
+aW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUWM2h0dHA6Ly93d3cuaXBz
+LmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGluZy5odG1sPzBABglghkgBhvhC
+AQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lUaW1lc3RhbXBp
+bmcuaHRtbDB/BgNVHR8EeDB2MDegNaAzhjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMy
+MDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFj
+ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEF
+BQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
+hvcNAQEFBQADgYEAZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk3
+6MNbsMRnLWhasl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I
+3pGW7hdbrqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICXDCCAcWgAwIBAgIQCgEBAQAAAnwAAAALAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMTAyNCBWMzAeFw0wMTAyMjIyMTAxNDlaFw0yNjAyMjIyMDAxNDlaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAx
+MDI0IFYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV3f5mCc8kPD6ugU5O
+isRpgFtZO9+5TUzKtS3DJy08rwBCbbwoppbPf9dYrIMKo1W1exeQFYRMiu4mmdxY
+78c4pqqv0I5CyGLXq6yp+0p9v+r+Ek3d/yYtbzZUaMjShFbuklNhCbM/OZuoyZu9
+zp9+1BlqFikYvtc6adwlWzMaUQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBTEwBykB5T9zU0B1FTapQxf3q4FWjAd
+BgNVHQ4EFgQUxMAcpAeU/c1NAdRU2qUMX96uBVowDQYJKoZIhvcNAQEFBQADgYEA
+Py1q4yZDlX2Jl2X7deRyHUZXxGFraZ8SmyzVWujAovBDleMf6XbN3Ou8k6BlCsdN
+T1+nr6JGFLkM88y9am63nd4lQtBU/55oc2PcJOsiv6hy8l4A4Q1OOkNumU4/iXgD
+mMrzVcydro7BqkWY+o8aoI2II/EVQQ2lRj6RP4vr93E=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1
-        Validity
-            Not Before: May 29 06:00:00 2002 GMT
-            Not After : Nov 20 15:03:00 2037 GMT
-        Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:99:de:8f:c3:25:a3:69:34:e8:05:f7:74:b9:bf:
-                    5a:97:19:b9:2f:94:d2:93:e5:2d:89:ca:84:7c:3f:
-                    10:43:1b:8c:8b:7c:84:58:f8:24:7c:48:cf:2a:fd:
-                    c0:15:d9:18:7e:84:1a:17:d3:db:9e:d7:ca:e4:d9:
-                    d7:aa:58:51:87:f0:f0:8b:48:4e:e2:c2:c4:59:69:
-                    30:62:b6:30:a2:8c:0b:11:99:61:35:6d:7e:ef:c5:
-                    b1:19:06:20:12:8e:42:e1:df:0f:96:10:52:a8:cf:
-                    9c:5f:95:14:d8:af:3b:75:0b:31:20:1f:44:2f:a2:
-                    62:41:b3:bb:18:21:db:ca:71:3c:8c:ec:b6:b9:0d:
-                    9f:ef:51:ef:4d:7b:12:f2:0b:0c:e1:ac:40:8f:77:
-                    7f:b0:ca:78:71:0c:5d:16:71:70:a2:d7:c2:3a:85:
-                    cd:0e:9a:c4:e0:00:b0:d5:25:ea:dc:2b:e4:94:2d:
-                    38:9c:89:41:57:64:28:65:19:1c:b6:44:b4:c8:31:
-                    6b:8e:01:7b:76:59:25:7f:15:1c:84:08:7c:73:65:
-                    20:0a:a1:04:2e:1a:32:a8:9a:20:b1:9c:2c:21:59:
-                    e7:fb:cf:ee:70:2d:08:ca:63:3e:2c:9b:93:19:6a:
-                    a4:c2:97:ff:b7:86:57:88:85:6c:9e:15:16:2b:4d:
-                    2c:b3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12
-            X509v3 Authority Key Identifier: 
-                keyid:A1:36:30:16:CB:86:90:00:45:80:53:B1:8F:C8:D8:3D:7C:BE:5F:12
-
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        8a:20:18:a5:be:b3:2f:b4:a6:84:00:40:30:29:fa:b4:14:73:
-        4c:79:45:a7:f6:70:e0:e8:7e:64:1e:0a:95:7c:6a:61:c2:ef:
-        4e:1f:be:ff:c9:99:1f:07:61:4a:e1:5d:4c:cd:ad:ee:d0:52:
-        32:d9:59:32:bc:da:79:72:d6:7b:09:e8:02:81:35:d3:0a:df:
-        11:1d:c9:79:a0:80:4d:fe:5a:d7:56:d6:ed:0f:2a:af:a7:18:
-        75:33:0c:ea:c1:61:05:4f:6a:9a:89:f2:8d:b9:9f:2e:ef:b0:
-        5f:5a:00:eb:be:ad:a0:f8:44:05:67:bc:cb:04:ef:9e:64:c5:
-        e9:c8:3f:05:bf:c6:2f:07:1c:c3:36:71:86:ca:38:66:4a:cd:
-        d6:b8:4b:c6:6c:a7:97:3b:fa:13:2d:6e:23:61:87:a1:63:42:
-        ac:c2:cb:97:9f:61:68:cf:2d:4c:04:9d:d7:25:4f:0a:0e:4d:
-        90:8b:18:56:a8:93:48:57:dc:6f:ae:bd:9e:67:57:77:89:50:
-        b3:be:11:9b:45:67:83:86:19:87:d3:98:bd:08:1a:16:1f:58:
-        82:0b:e1:96:69:05:4b:8e:ec:83:51:31:07:d5:d4:9f:ff:59:
-        7b:a8:6e:85:cf:d3:4b:a9:49:b0:5f:b0:39:28:68:0e:73:dd:
-        25:9a:de:12
-MD5 Fingerprint=E7:7A:DC:B1:1F:6E:06:1F:74:6C:59:16:27:C3:4B:C0
 -----BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
-MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
-0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
-TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
-RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
-zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
-BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
-AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
-PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
-9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
-Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
-Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
-n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
-H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2
-        Validity
-            Not Before: May 29 06:00:00 2002 GMT
-            Not After : Sep 28 23:43:00 2037 GMT
-        Subject: C=US, O=AOL Time Warner Inc., OU=America Online Inc., CN=AOL Time Warner Root Certification Authority 2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (4096 bit)
-                Modulus (4096 bit):
-                    00:b4:37:5a:08:16:99:14:e8:55:b1:1b:24:6b:fc:
-                    c7:8b:e6:87:a9:89:ee:8b:99:cd:4f:40:86:a4:b6:
-                    4d:c9:d9:b1:dc:3c:4d:0d:85:4c:15:6c:46:8b:52:
-                    78:9f:f8:23:fd:67:f5:24:3a:68:5d:d0:f7:64:61:
-                    41:54:a3:8b:a5:08:d2:29:5b:9b:60:4f:26:83:d1:
-                    63:12:56:49:76:a4:16:c2:a5:9d:45:ac:8b:84:95:
-                    a8:16:b1:ec:9f:ea:24:1a:ef:b9:57:5c:9a:24:21:
-                    2c:4d:0e:71:1f:a6:ac:5d:45:74:03:98:c4:54:8c:
-                    16:4a:41:77:86:95:75:0c:47:01:66:60:fc:15:f1:
-                    0f:ea:f5:14:78:c7:0e:d7:6e:81:1c:5e:bf:5e:e7:
-                    3a:2a:d8:97:17:30:7c:00:ad:08:9d:33:af:b8:99:
-                    61:80:8b:a8:95:7e:14:dc:12:6c:a4:d0:d8:ef:40:
-                    49:02:36:f9:6e:a9:d6:1d:96:56:04:b2:b3:2d:16:
-                    56:86:8f:d9:20:57:80:cd:67:10:6d:b0:4c:f0:da:
-                    46:b6:ea:25:2e:46:af:8d:b0:85:38:34:8b:14:26:
-                    82:2b:ac:ae:99:0b:8e:14:d7:52:bd:9e:69:c3:86:
-                    02:0b:ea:76:75:31:09:ce:33:19:21:85:43:e6:89:
-                    2d:9f:25:37:67:f1:23:6a:d2:00:6d:97:f9:9f:e7:
-                    29:ca:dd:1f:d7:06:ea:b8:c9:b9:09:21:9f:c8:3f:
-                    06:c5:d2:e9:12:46:00:4e:7b:08:eb:42:3d:2b:48:
-                    6e:9d:67:dd:4b:02:e4:44:f3:93:19:a5:27:ce:69:
-                    7a:be:67:d3:fc:50:a4:2c:ab:c3:6b:b9:e3:80:4c:
-                    cf:05:61:4b:2b:dc:1b:b9:a6:d2:d0:aa:f5:2b:73:
-                    fb:ce:90:35:9f:0c:52:1c:bf:5c:21:61:11:5b:15:
-                    4b:a9:24:51:fc:a4:5c:f7:17:9d:b0:d2:fa:07:e9:
-                    8f:56:e4:1a:8c:68:8a:04:d3:7c:5a:e3:9e:a2:a1:
-                    ca:71:5b:a2:d4:a0:e7:29:85:5d:03:68:2a:4f:d2:
-                    06:d7:3d:f9:c3:03:2f:3f:65:f9:67:1e:47:40:d3:
-                    63:0f:e3:d5:8e:f9:85:ab:97:4c:b3:d7:26:eb:96:
-                    0a:94:de:85:36:9c:c8:7f:81:09:02:49:2a:0e:f5:
-                    64:32:0c:82:d1:ba:6a:82:1b:b3:4b:74:11:f3:8c:
-                    77:d6:9f:bf:dc:37:a4:a7:55:04:2f:d4:31:e8:d3:
-                    46:b9:03:7c:da:12:4e:59:64:b7:51:31:31:50:a0:
-                    ca:1c:27:d9:10:2e:ad:d6:bd:10:66:2b:c3:b0:22:
-                    4a:12:5b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28
-            X509v3 Authority Key Identifier: 
-                keyid:4F:69:6D:03:7E:9D:9F:07:18:43:BC:B7:10:4E:D5:BF:A9:C4:20:28
-
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        3b:f3:ae:ca:e8:2e:87:85:fb:65:59:e7:ad:11:14:a5:57:bc:
-        58:9f:24:12:57:bb:fb:3f:34:da:ee:ad:7a:2a:34:72:70:31:
-        6b:c7:19:98:80:c9:82:de:37:77:5e:54:8b:8e:f2:ea:67:4f:
-        c9:74:84:91:56:09:d5:e5:7a:9a:81:b6:81:c2:ad:36:e4:f1:
-        54:11:53:f3:34:45:01:26:c8:e5:1a:bc:34:44:21:de:ad:25:
-        fc:76:16:77:21:90:80:98:57:9d:4e:ea:ec:2f:aa:3c:14:7b:
-        57:c1:7e:18:14:67:ee:24:c6:bd:ba:15:b0:d2:18:bd:b7:55:
-        81:ac:53:c0:e8:dd:69:12:13:42:b7:02:b5:05:41:ca:79:50:
-        6e:82:0e:71:72:93:46:e8:9d:0d:5d:bd:ae:ce:29:ad:63:d5:
-        55:16:80:30:27:ff:76:ba:f7:b8:d6:4a:e3:d9:b5:f9:52:d0:
-        4e:40:a9:c7:e5:c2:32:c7:aa:76:24:e1:6b:05:50:eb:c5:bf:
-        0a:54:e5:b9:42:3c:24:fb:b7:07:9c:30:9f:79:5a:e6:e0:40:
-        52:15:f4:fc:aa:f4:56:f9:44:97:87:ed:0e:65:72:5e:be:26:
-        fb:4d:a4:2d:08:07:de:d8:5c:a0:dc:81:33:99:18:25:11:77:
-        a7:eb:fd:58:09:2c:99:6b:1b:8a:f3:52:3f:1a:4d:48:60:f1:
-        a0:f6:33:02:53:8b:ed:25:09:b8:0d:2d:ed:97:73:ec:d7:96:
-        1f:8e:60:0e:da:10:9b:2f:18:24:f6:a6:4d:0a:f9:3b:cb:75:
-        c2:cc:2f:ce:24:69:c9:0a:22:8e:59:a7:f7:82:0c:d7:d7:6b:
-        35:9c:43:00:6a:c4:95:67:ba:9c:45:cb:b8:0e:37:f7:dc:4e:
-        01:4f:be:0a:b6:03:d3:ad:8a:45:f7:da:27:4d:29:b1:48:df:
-        e4:11:e4:96:46:bd:6c:02:3e:d6:51:c8:95:17:01:15:a9:f2:
-        aa:aa:f2:bf:2f:65:1b:6f:d0:b9:1a:93:f5:8e:35:c4:80:87:
-        3e:94:2f:66:e4:e9:a8:ff:41:9c:70:2a:4f:2a:39:18:95:1e:
-        7e:fb:61:01:3c:51:08:2e:28:18:a4:16:0f:31:fd:3a:6c:23:
-        93:20:76:e1:fd:07:85:d1:5b:3f:d2:1c:73:32:dd:fa:b9:f8:
-        8c:cf:02:87:7a:9a:96:e4:ed:4f:89:8d:53:43:ab:0e:13:c0:
-        01:15:b4:79:38:db:fc:6e:3d:9e:51:b6:b8:13:8b:67:cf:f9:
-        7c:d9:22:1d:f6:5d:c5:1c:01:2f:98:e8:7a:24:18:bc:84:d7:
-        fa:dc:72:5b:f7:c1:3a:68
-MD5 Fingerprint=01:5A:99:C3:D6:4F:A9:4B:3C:3B:B1:A3:AB:27:4C:BF
 -----BEGIN CERTIFICATE-----
-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
-NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
-7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
-m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
-xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
-YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
-JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
-I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
-kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
-Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
-gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
-rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
-1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
-h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
-yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
-7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
-RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
-ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
-M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
-my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
-AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
-9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
-fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1018510662 (0x3cb53d46)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA-Baltimore Implementation
-        Validity
-            Not Before: Apr 11 07:38:51 2002 GMT
-            Not After : Apr 11 07:38:51 2022 GMT
-        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA-Baltimore Implementation
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bc:7e:c4:39:9c:8c:e3:d6:1c:86:ff:ca:62:ad:
-                    e0:7f:30:45:7a:8e:1a:b3:b8:c7:f9:d1:36:ff:22:
-                    f3:4e:6a:5f:84:10:fb:66:81:c3:94:79:31:d2:91:
-                    e1:77:8e:18:2a:c3:14:de:51:f5:4f:a3:2b:bc:18:
-                    16:e2:b5:dd:79:de:22:f8:82:7e:cb:81:1f:fd:27:
-                    2c:8f:fa:97:64:22:8e:f8:ff:61:a3:9c:1b:1e:92:
-                    8f:c0:a8:09:df:09:11:ec:b7:7d:31:9a:1a:ea:83:
-                    21:06:3c:9f:ba:5c:ff:94:ea:6a:b8:c3:6b:55:34:
-                    4f:3d:32:1f:dd:81:14:e0:c4:3c:cd:9d:30:f8:30:
-                    a9:97:d3:ee:cc:a3:d0:1f:5f:1c:13:81:d4:18:ab:
-                    94:d1:63:c3:9e:7f:35:92:9e:5f:44:ea:ec:f4:22:
-                    5c:b7:e8:3d:7d:a4:f9:89:a9:91:b2:2a:d9:eb:33:
-                    87:ee:a5:fd:e3:da:cc:88:e6:89:26:6e:c7:2b:82:
-                    d0:5e:9d:59:db:14:ec:91:83:05:c3:5e:0e:c6:2a:
-                    d0:04:dd:71:3d:20:4e:58:27:fc:53:fb:78:78:19:
-                    14:b2:fc:90:52:89:38:62:60:07:b4:a0:ec:ac:6b:
-                    50:d6:fd:b9:28:6b:ef:52:2d:3a:b2:ff:f1:01:40:
-                    ac:37
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6334.0.0.1.9.40.51377
-                  User Notice:
-                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, http://www.betrusted.com/products_services/index.html
-                  CPS: http://www.betrusted.com/products_services/index.html
-
-            X509v3 Subject Key Identifier: 
-                45:3D:C3:A9:D1:DC:3F:24:56:98:1C:73:18:88:6A:FF:83:47:ED:B6
-            X509v3 Authority Key Identifier: 
-                keyid:45:3D:C3:A9:D1:DC:3F:24:56:98:1C:73:18:88:6A:FF:83:47:ED:B6
-
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        49:92:bc:a3:ee:ac:bd:fa:0d:c9:8b:79:86:1c:23:76:b0:80:
-        59:77:fc:da:7f:b4:4b:df:c3:64:4b:6a:4e:0e:ad:f2:7d:59:
-        77:05:ad:0a:89:73:b0:fa:bc:cb:dc:8d:00:88:8f:a6:a0:b2:
-        ea:ac:52:27:bf:a1:48:7c:97:10:7b:ba:ed:13:1d:9a:07:6e:
-        cb:31:62:12:e8:63:03:aa:7d:6d:e3:f8:1b:76:21:78:1b:9f:
-        4b:43:8c:d3:49:86:f6:1b:5c:f6:2e:60:15:d3:e9:e3:7b:75:
-        3f:d0:02:83:d0:18:82:41:cd:65:37:ea:8e:32:7e:bd:6b:99:
-        5d:30:11:c8:db:48:54:1c:3b:e1:a7:13:d3:6a:48:93:f7:3d:
-        8c:7f:05:e8:ce:f3:88:2a:63:04:b8:ea:7e:58:7c:01:7b:5b:
-        e1:c5:7d:ef:21:e0:8d:0e:5d:51:7d:b1:67:fd:a3:bd:38:36:
-        c6:f2:38:86:87:1a:96:68:60:46:fb:28:14:47:55:e1:a7:80:
-        0c:6b:e2:ea:df:4d:7c:90:48:a0:36:bd:09:17:89:7f:c3:f2:
-        d3:9c:9c:e3:dd:c4:1b:dd:f5:b7:71:b3:53:05:89:06:d0:cb:
-        4a:80:c1:c8:53:90:b5:3c:31:88:17:50:9f:c9:c4:0e:8b:d8:
-        a8:02:63:0d
-MD5 Fingerprint=81:35:B9:FB:FB:12:CA:18:69:36:EB:AE:69:78:A1:F1
 -----BEGIN CERTIFICATE-----
-MIIFajCCBFKgAwIBAgIEPLU9RjANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
-ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
-YmVUUlVTVGVkIFJvb3QgQ0EtQmFsdGltb3JlIEltcGxlbWVudGF0aW9uMB4XDTAy
-MDQxMTA3Mzg1MVoXDTIyMDQxMTA3Mzg1MVowZjESMBAGA1UEChMJYmVUUlVTVGVk
-MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
-ZCBSb290IENBLUJhbHRpbW9yZSBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALx+xDmcjOPWHIb/ymKt4H8wRXqOGrO4x/nRNv8i
-805qX4QQ+2aBw5R5MdKR4XeOGCrDFN5R9U+jK7wYFuK13XneIviCfsuBH/0nLI/6
-l2Qijvj/YaOcGx6Sj8CoCd8JEey3fTGaGuqDIQY8n7pc/5TqarjDa1U0Tz0yH92B
-FODEPM2dMPgwqZfT7syj0B9fHBOB1BirlNFjw55/NZKeX0Tq7PQiXLfoPX2k+Ymp
-kbIq2eszh+6l/ePazIjmiSZuxyuC0F6dWdsU7JGDBcNeDsYq0ATdcT0gTlgn/FP7
-eHgZFLL8kFKJOGJgB7Sg7KxrUNb9uShr71ItOrL/8QFArDcCAwEAAaOCAh4wggIa
-MA8GA1UdEwEB/wQFMAMBAf8wggG1BgNVHSAEggGsMIIBqDCCAaQGDysGAQQBsT4A
-AAEJKIORMTCCAY8wggFIBggrBgEFBQcCAjCCAToaggE2UmVsaWFuY2Ugb24gb3Ig
-dXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY3JlYXRlcyBhbiBhY2tub3dsZWRnbWVu
-dCBhbmQgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk
-IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgdGhlIENlcnRpZmljYXRpb24g
-UHJhY3RpY2UgU3RhdGVtZW50IGFuZCB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1l
-bnQsIHdoaWNoIGNhbiBiZSBmb3VuZCBhdCB0aGUgYmVUUlVTVGVkIHdlYiBzaXRl
-LCBodHRwOi8vd3d3LmJldHJ1c3RlZC5jb20vcHJvZHVjdHNfc2VydmljZXMvaW5k
-ZXguaHRtbDBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5iZXRydXN0ZWQuY29tL3By
-b2R1Y3RzX3NlcnZpY2VzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFEU9w6nR3D8kVpgc
-cxiIav+DR+22MB8GA1UdIwQYMBaAFEU9w6nR3D8kVpgccxiIav+DR+22MA4GA1Ud
-DwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEASZK8o+6svfoNyYt5hhwjdrCA
-WXf82n+0S9/DZEtqTg6t8n1ZdwWtColzsPq8y9yNAIiPpqCy6qxSJ7+hSHyXEHu6
-7RMdmgduyzFiEuhjA6p9beP4G3YheBufS0OM00mG9htc9i5gFdPp43t1P9ACg9AY
-gkHNZTfqjjJ+vWuZXTARyNtIVBw74acT02pIk/c9jH8F6M7ziCpjBLjqflh8AXtb
-4cV97yHgjQ5dUX2xZ/2jvTg2xvI4hocalmhgRvsoFEdV4aeADGvi6t9NfJBIoDa9
-CReJf8Py05yc493EG931t3GzUwWJBtDLSoDByFOQtTwxiBdQn8nEDovYqAJjDQ==
+MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx
+MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG
+29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk
+oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk
+3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL
+qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN
+nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX
+ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H
+DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO
+TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
+kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w
+zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1018515264 (0x3cb54f40)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - Entrust Implementation
-        Validity
-            Not Before: Apr 11 08:24:27 2002 GMT
-            Not After : Apr 11 08:54:27 2022 GMT
-        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - Entrust Implementation
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ba:f4:44:03:aa:12:6a:b5:43:ec:55:92:b6:30:
-                    7d:35:57:0c:db:f3:0d:27:6e:4c:f7:50:a8:9b:4e:
-                    2b:6f:db:f5:ad:1c:4b:5d:b3:a9:c1:fe:7b:44:eb:
-                    5b:a3:05:0d:1f:c5:34:2b:30:00:29:f1:78:40:b2:
-                    a4:ff:3a:f4:01:88:17:7e:e6:d4:26:d3:ba:4c:ea:
-                    32:fb:43:77:97:87:23:c5:db:43:a3:f5:2a:a3:51:
-                    5e:e1:3b:d2:65:69:7e:55:15:9b:7a:e7:69:f7:44:
-                    e0:57:b5:15:e8:66:60:0f:0d:03:fb:82:8e:a3:e8:
-                    11:7b:6c:be:c7:63:0e:17:93:df:cf:4b:ae:6e:73:
-                    75:e0:f3:aa:b9:a4:c0:09:1b:85:ea:71:29:88:41:
-                    32:f9:f0:2a:0e:6c:09:f2:74:6b:66:6c:52:13:1f:
-                    18:bc:d4:3e:f7:d8:6e:20:9e:ca:fe:fc:21:94:ee:
-                    13:28:4b:d7:5c:5e:0c:66:ee:e9:bb:0f:c1:34:b1:
-                    7f:08:76:f3:3d:26:70:c9:8b:25:1d:62:24:0c:ea:
-                    1c:75:4e:c0:12:e4:ba:13:1d:30:29:2d:56:33:05:
-                    bb:97:59:7e:c6:49:4f:89:d7:2f:24:a8:b6:88:40:
-                    b5:64:92:53:56:24:e4:a2:a0:85:b3:5e:90:b4:12:
-                    33:cd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6334.0.0.2.9.40.51377
-                  User Notice:
-                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, https://www.betrusted.com/products_services/index.html
-                  CPS: https://www.betrusted.com/products_services/index.html
-
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust Implementation/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Apr 11 08:24:27 2002 GMT, Not After: Apr 11 08:54:27 2022 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:7D:70:E5:AE:38:8B:06:3F:AA:1C:1A:8F:F9:CF:24:30:AA:84:84:16
-
-            X509v3 Subject Key Identifier: 
-                7D:70:E5:AE:38:8B:06:3F:AA:1C:1A:8F:F9:CF:24:30:AA:84:84:16
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V6.0:4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        2a:b8:17:ce:1f:10:94:eb:b8:9a:b7:b9:5f:ec:da:f7:92:24:
-        ac:dc:92:3b:c7:20:8d:f2:99:e5:5d:38:a1:c2:34:ed:c5:13:
-        59:5c:05:b5:2b:4f:61:9b:91:fb:41:fc:fc:d5:3c:4d:98:76:
-        06:f5:81:7d:eb:dd:90:e6:d1:56:54:da:e3:2d:0c:9f:11:32:
-        94:22:01:7a:f6:6c:2c:74:67:04:cc:a5:8f:8e:2c:b3:43:b5:
-        94:a2:d0:7d:e9:62:7f:06:be:27:01:83:9e:3a:fd:8a:ee:98:
-        43:4a:6b:d7:b5:97:3b:3a:bf:4f:6d:b4:63:fa:33:00:34:2e:
-        2d:6d:96:c9:7b:ca:99:63:ba:be:f4:f6:30:a0:2d:98:96:e9:
-        56:44:05:a9:44:a3:61:10:eb:82:a1:67:5d:bc:5d:27:75:aa:
-        8a:28:36:2a:38:92:d9:dd:a4:5e:00:a5:cc:cc:7c:29:2a:de:
-        28:90:ab:b7:e1:b6:ff:7d:25:0b:40:d8:aa:34:a3:2d:de:07:
-        eb:5f:ce:0a:dd:ca:7e:3a:7d:26:c1:62:68:3a:e6:2f:37:f3:
-        81:86:21:c4:a9:64:aa:ef:45:36:d1:1a:66:7c:f8:e9:37:d6:
-        d6:61:be:a2:ad:48:e7:df:e6:74:fe:d3:6d:7d:d2:25:dc:ac:
-        62:57:a9:f7
-MD5 Fingerprint=7D:86:90:8F:5B:F1:F2:40:C0:F7:3D:62:B5:A4:A9:3B
 -----BEGIN CERTIFICATE-----
-MIIGUTCCBTmgAwIBAgIEPLVPQDANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli
-ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq
-YmVUUlVTVGVkIFJvb3QgQ0EgLSBFbnRydXN0IEltcGxlbWVudGF0aW9uMB4XDTAy
-MDQxMTA4MjQyN1oXDTIyMDQxMTA4NTQyN1owZjESMBAGA1UEChMJYmVUUlVTVGVk
-MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl
-ZCBSb290IENBIC0gRW50cnVzdCBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBALr0RAOqEmq1Q+xVkrYwfTVXDNvzDSduTPdQqJtO
-K2/b9a0cS12zqcH+e0TrW6MFDR/FNCswACnxeECypP869AGIF37m1CbTukzqMvtD
-d5eHI8XbQ6P1KqNRXuE70mVpflUVm3rnafdE4Fe1FehmYA8NA/uCjqPoEXtsvsdj
-DheT389Lrm5zdeDzqrmkwAkbhepxKYhBMvnwKg5sCfJ0a2ZsUhMfGLzUPvfYbiCe
-yv78IZTuEyhL11xeDGbu6bsPwTSxfwh28z0mcMmLJR1iJAzqHHVOwBLkuhMdMCkt
-VjMFu5dZfsZJT4nXLySotohAtWSSU1Yk5KKghbNekLQSM80CAwEAAaOCAwUwggMB
-MIIBtwYDVR0gBIIBrjCCAaowggGmBg8rBgEEAbE+AAACCSiDkTEwggGRMIIBSQYI
-KwYBBQUHAgIwggE7GoIBN1JlbGlhbmNlIG9uIG9yIHVzZSBvZiB0aGlzIENlcnRp
-ZmljYXRlIGNyZWF0ZXMgYW4gYWNrbm93bGVkZ21lbnQgYW5kIGFjY2VwdGFuY2Ug
-b2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0
-aW9ucyBvZiB1c2UsIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
-dCBhbmQgdGhlIFJlbHlpbmcgUGFydHkgQWdyZWVtZW50LCB3aGljaCBjYW4gYmUg
-Zm91bmQgYXQgdGhlIGJlVFJVU1RlZCB3ZWIgc2l0ZSwgaHR0cHM6Ly93d3cuYmV0
-cnVzdGVkLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMEIGCCsGAQUF
-BwIBFjZodHRwczovL3d3dy5iZXRydXN0ZWQuY29tL3Byb2R1Y3RzX3NlcnZpY2Vz
-L2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgAHMIGJBgNVHR8EgYEwfzB9oHug
-eaR3MHUxEjAQBgNVBAoTCWJlVFJVU1RlZDEbMBkGA1UECxMSYmVUUlVTVGVkIFJv
-b3QgQ0FzMTMwMQYDVQQDEypiZVRSVVNUZWQgUm9vdCBDQSAtIEVudHJ1c3QgSW1w
-bGVtZW50YXRpb24xDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMjA0MTEw
-ODI0MjdagQ8yMDIyMDQxMTA4NTQyN1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA
-FH1w5a44iwY/qhwaj/nPJDCqhIQWMB0GA1UdDgQWBBR9cOWuOIsGP6ocGo/5zyQw
-qoSEFjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE
-kDANBgkqhkiG9w0BAQUFAAOCAQEAKrgXzh8QlOu4mre5X+za95IkrNySO8cgjfKZ
-5V04ocI07cUTWVwFtStPYZuR+0H8/NU8TZh2BvWBfevdkObRVlTa4y0MnxEylCIB
-evZsLHRnBMylj44ss0O1lKLQfelifwa+JwGDnjr9iu6YQ0pr17WXOzq/T220Y/oz
-ADQuLW2WyXvKmWO6vvT2MKAtmJbpVkQFqUSjYRDrgqFnXbxdJ3Wqiig2KjiS2d2k
-XgClzMx8KSreKJCrt+G2/30lC0DYqjSjLd4H61/OCt3Kfjp9JsFiaDrmLzfzgYYh
-xKlkqu9FNtEaZnz46TfW1mG+oq1I59/mdP7TbX3SJdysYlep9w==
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            3b:59:c7:7b:cd:5b:57:9e:bd:37:52:ac:76:b4:aa:1a
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - RSA Implementation
-        Validity
-            Not Before: Apr 11 11:18:13 2002 GMT
-            Not After : Apr 12 11:07:25 2022 GMT
-        Subject: O=beTRUSTed, OU=beTRUSTed Root CAs, CN=beTRUSTed Root CA - RSA Implementation
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:e4:ba:34:30:09:8e:57:d0:b9:06:2c:6f:6e:24:
-                    80:22:bf:5d:43:a6:fa:4f:ac:82:e7:1c:68:70:85:
-                    1b:a3:6e:b5:aa:78:d9:6e:07:4b:3f:e9:df:f5:ea:
-                    e8:54:a1:61:8a:0e:2f:69:75:18:b7:0c:e5:14:8d:
-                    71:6e:98:b8:55:fc:0c:95:d0:9b:6e:e1:2d:88:d4:
-                    3a:40:6b:92:f1:99:96:64:de:db:ff:78:f4:ee:96:
-                    1d:47:89:7c:d4:be:b9:88:77:23:3a:09:e6:04:9e:
-                    6d:aa:5e:d2:c8:bd:9a:4e:19:df:89:ea:5b:0e:7e:
-                    c3:e4:b4:f0:e0:69:3b:88:0f:41:90:f8:d4:71:43:
-                    24:c1:8f:26:4b:3b:56:e9:ff:8c:6c:37:e9:45:ad:
-                    85:8c:53:c3:60:86:90:4a:96:c9:b3:54:b0:bb:17:
-                    f0:1c:45:d9:d4:1b:19:64:56:0a:19:f7:cc:e1:ff:
-                    86:af:7e:58:5e:ac:7a:90:1f:c9:28:39:45:7b:a2:
-                    b6:c7:9c:1f:da:85:d4:21:86:59:30:93:be:53:33:
-                    37:f6:ef:41:cf:33:c7:ab:72:6b:25:f5:f3:53:1b:
-                    0c:4c:2e:f1:75:4b:ef:a0:87:f7:fe:8a:15:d0:6c:
-                    d5:cb:f9:68:53:b9:70:15:13:c2:f5:2e:fb:43:35:
-                    75:2d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.6334.0.0.3.9.40.51377
-                  CPS: http://www.betrusted.com/products_services/index.html
-                  User Notice:
-                    Explicit Text: Reliance on or use of this Certificate creates an acknowledgment and acceptance of the then applicable standard terms and conditions of use, the Certification Practice Statement and the Relying Party Agreement, which can be found at the beTRUSTed web site, http://www.betrusted.com/products_services/index.html
-
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:A9:EC:14:7E:F9:D9:43:CC:53:2B:14:AD:CF:F7:F0:59:89:41:CD:19
-
-            X509v3 Subject Key Identifier: 
-                A9:EC:14:7E:F9:D9:43:CC:53:2B:14:AD:CF:F7:F0:59:89:41:CD:19
-    Signature Algorithm: sha1WithRSAEncryption
-        db:97:b0:75:ea:0c:c4:c1:98:ca:56:05:c0:a8:ad:26:48:af:
-        2d:20:e8:81:c7:b6:df:43:c1:2c:1d:75:4b:d4:42:8d:e7:7a:
-        a8:74:dc:66:42:59:87:b3:f5:69:6d:d9:a9:9e:b3:7d:1c:31:
-        c1:f5:54:e2:59:24:49:e5:ee:bd:39:a6:6b:8a:98:44:fb:9b:
-        d7:2a:83:97:34:2d:c7:7d:35:4c:2d:34:b8:3e:0d:c4:ec:88:
-        27:af:9e:92:fd:50:61:82:a8:60:07:14:53:cc:65:13:c1:f6:
-        47:44:69:d2:31:c8:a6:dd:2e:b3:0b:de:4a:8d:5b:3d:ab:0d:
-        c2:35:52:a2:56:37:cc:32:8b:28:85:42:9c:91:40:7a:70:2b:
-        38:36:d5:e1:73:1a:1f:e5:fa:7e:5f:dc:d6:9c:3b:30:ea:db:
-        c0:5b:27:5c:d3:73:07:c1:c2:f3:4c:9b:6f:9f:1b:ca:1e:aa:
-        a8:38:33:09:58:b2:ae:fc:07:e8:36:dc:55:ba:2f:4f:40:fe:
-        7a:bd:06:a6:81:c1:93:22:7c:86:11:0a:06:77:48:ae:35:b7:
-        2f:32:9a:61:5e:8b:be:29:9f:29:24:88:56:39:2c:a8:d2:ab:
-        96:03:5a:d4:48:9f:b9:40:84:0b:98:68:fb:01:43:d6:1b:e2:
-        09:b1:97:1c
-MD5 Fingerprint=86:42:05:09:BC:A7:9D:EC:1D:F3:2E:0E:BA:D8:1D:D0
 -----BEGIN CERTIFICATE-----
-MIIFaDCCBFCgAwIBAgIQO1nHe81bV569N1KsdrSqGjANBgkqhkiG9w0BAQUFADBi
-MRIwEAYDVQQKEwliZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENB
-czEvMC0GA1UEAxMmYmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRp
-b24wHhcNMDIwNDExMTExODEzWhcNMjIwNDEyMTEwNzI1WjBiMRIwEAYDVQQKEwli
-ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEvMC0GA1UEAxMm
-YmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRpb24wggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkujQwCY5X0LkGLG9uJIAiv11DpvpPrILn
-HGhwhRujbrWqeNluB0s/6d/16uhUoWGKDi9pdRi3DOUUjXFumLhV/AyV0Jtu4S2I
-1DpAa5LxmZZk3tv/ePTulh1HiXzUvrmIdyM6CeYEnm2qXtLIvZpOGd+J6lsOfsPk
-tPDgaTuID0GQ+NRxQyTBjyZLO1bp/4xsN+lFrYWMU8NghpBKlsmzVLC7F/AcRdnU
-GxlkVgoZ98zh/4avflherHqQH8koOUV7orbHnB/ahdQhhlkwk75TMzf270HPM8er
-cmsl9fNTGwxMLvF1S++gh/f+ihXQbNXL+WhTuXAVE8L1LvtDNXUtAgMBAAGjggIY
-MIICFDAMBgNVHRMEBTADAQH/MIIBtQYDVR0gBIIBrDCCAagwggGkBg8rBgEEAbE+
-AAADCSiDkTEwggGPMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3LmJldHJ1c3RlZC5j
-b20vcHJvZHVjdHNfc2VydmljZXMvaW5kZXguaHRtbDCCAUgGCCsGAQUFBwICMIIB
-OhqCATZSZWxpYW5jZSBvbiBvciB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjcmVh
-dGVzIGFuIGFja25vd2xlZGdtZW50IGFuZCBhY2NlcHRhbmNlIG9mIHRoZSB0aGVu
-IGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNl
-LCB0aGUgQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgYW5kIHRoZSBS
-ZWx5aW5nIFBhcnR5IEFncmVlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IHRo
-ZSBiZVRSVVNUZWQgd2ViIHNpdGUsIGh0dHA6Ly93d3cuYmV0cnVzdGVkLmNvbS9w
-cm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMAsGA1UdDwQEAwIBBjAfBgNVHSME
-GDAWgBSp7BR++dlDzFMrFK3P9/BZiUHNGTAdBgNVHQ4EFgQUqewUfvnZQ8xTKxSt
-z/fwWYlBzRkwDQYJKoZIhvcNAQEFBQADggEBANuXsHXqDMTBmMpWBcCorSZIry0g
-6IHHtt9DwSwddUvUQo3neqh03GZCWYez9Wlt2ames30cMcH1VOJZJEnl7r05pmuK
-mET7m9cqg5c0Lcd9NUwtNLg+DcTsiCevnpL9UGGCqGAHFFPMZRPB9kdEadIxyKbd
-LrML3kqNWz2rDcI1UqJWN8wyiyiFQpyRQHpwKzg21eFzGh/l+n5f3NacOzDq28Bb
-J1zTcwfBwvNMm2+fG8oeqqg4MwlYsq78B+g23FW6L09A/nq9BqaBwZMifIYRCgZ3
-SK41ty8ymmFei74pnykkiFY5LKjSq5YDWtRIn7lAhAuYaPsBQ9Yb4gmxlxw=
+MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
+TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
+MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
+ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
+ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
+9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
+hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
+tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
+BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
+SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
+OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
+cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
+7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
+/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
+eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
+u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
+7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
+iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=RSA Security Inc, OU=RSA Security 2048 V3
-        Validity
-            Not Before: Feb 22 20:39:23 2001 GMT
-            Not After : Feb 22 20:39:23 2026 GMT
-        Subject: O=RSA Security Inc, OU=RSA Security 2048 V3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b7:8f:55:71:d2:80:dd:7b:69:79:a7:f0:18:50:
-                    32:3c:62:67:f6:0a:95:07:dd:e6:1b:f3:9e:d9:d2:
-                    41:54:6b:ad:9f:7c:be:19:cd:fb:46:ab:41:68:1e:
-                    18:ea:55:c8:2f:91:78:89:28:fb:27:29:60:ff:df:
-                    8f:8c:3b:c9:49:9b:b5:a4:94:ce:01:ea:3e:b5:63:
-                    7b:7f:26:fd:19:dd:c0:21:bd:84:d1:2d:4f:46:c3:
-                    4e:dc:d8:37:39:3b:28:af:cb:9d:1a:ea:2b:af:21:
-                    a5:c1:23:22:b8:b8:1b:5a:13:87:57:83:d1:f0:20:
-                    e7:e8:4f:23:42:b0:00:a5:7d:89:e9:e9:61:73:94:
-                    98:71:26:bc:2d:6a:e0:f7:4d:f0:f1:b6:2a:38:31:
-                    81:0d:29:e1:00:c1:51:0f:4c:52:f8:04:5a:aa:7d:
-                    72:d3:b8:87:2a:bb:63:10:03:2a:b3:a1:4f:0d:5a:
-                    5e:46:b7:3d:0e:f5:74:ec:99:9f:f9:3d:24:81:88:
-                    a6:dd:60:54:e8:95:36:3d:c6:09:93:9a:a3:12:80:
-                    00:55:99:19:47:bd:d0:a5:7c:c3:ba:fb:1f:f7:f5:
-                    0f:f8:ac:b9:b5:f4:37:98:13:18:de:85:5b:b7:0c:
-                    82:3b:87:6f:95:39:58:30:da:6e:01:68:17:22:cc:
-                    c0:0b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C
-
-            X509v3 Subject Key Identifier: 
-                07:C3:51:30:A4:AA:E9:45:AE:35:24:FA:FF:24:2C:33:D0:B1:9D:8C
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:3e:86:76:6e:b8:35:3c:4e:36:1c:1e:79:98:bf:fd:d5:12:
-        11:79:52:0e:ee:31:89:bc:dd:7f:f9:d1:c6:15:21:e8:8a:01:
-        54:0d:3a:fb:54:b9:d6:63:d4:b1:aa:96:4d:a2:42:4d:d4:53:
-        1f:8b:10:de:7f:65:be:60:13:27:71:88:a4:73:e3:84:63:d1:
-        a4:55:e1:50:93:e6:1b:0e:79:d0:67:bc:46:c8:bf:3f:17:0d:
-        95:e6:c6:90:69:de:e7:b4:2f:de:95:7d:d0:12:3f:3d:3e:7f:
-        4d:3f:14:68:f5:11:50:d5:c1:f4:90:a5:08:1d:31:60:ff:60:
-        8c:23:54:0a:af:fe:a1:6e:c5:d1:7a:2a:68:78:cf:1e:82:0a:
-        20:b4:1f:ad:e5:85:b2:6a:68:75:4e:ad:25:37:94:85:be:bd:
-        a1:d4:ea:b7:0c:4b:3c:9d:e8:12:00:f0:5f:ac:0d:e1:ac:70:
-        63:73:f7:7f:79:9f:32:25:42:74:05:80:28:bf:bd:c1:24:96:
-        58:15:b1:17:21:e9:89:4b:db:07:88:67:f4:15:ad:70:3e:2f:
-        4d:85:3b:c2:b7:db:fe:98:68:23:89:e1:74:0f:de:f4:c5:84:
-        63:29:1b:cc:cb:07:c9:00:a4:a9:d7:c2:22:4f:67:d7:77:ec:
-        20:05:61:de
-MD5 Fingerprint=77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
 -----BEGIN CERTIFICATE-----
-MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
-MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
-dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
-BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
-MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
-eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
-/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
-wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
-AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
-PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
-AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
-MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
-HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
-Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
-f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
-rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
-6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
-7CAFYd4=
+MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
+AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
+TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
+/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
+jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
+Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            0a:01:01:01:00:00:02:7c:00:00:00:0b:00:00:00:02
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: O=RSA Security Inc, OU=RSA Security 1024 V3
-        Validity
-            Not Before: Feb 22 21:01:49 2001 GMT
-            Not After : Feb 22 20:01:49 2026 GMT
-        Subject: O=RSA Security Inc, OU=RSA Security 1024 V3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d5:dd:fe:66:09:cf:24:3c:3e:ae:81:4e:4e:8a:
-                    c4:69:80:5b:59:3b:df:b9:4d:4c:ca:b5:2d:c3:27:
-                    2d:3c:af:00:42:6d:bc:28:a6:96:cf:7f:d7:58:ac:
-                    83:0a:a3:55:b5:7b:17:90:15:84:4c:8a:ee:26:99:
-                    dc:58:ef:c7:38:a6:aa:af:d0:8e:42:c8:62:d7:ab:
-                    ac:a9:fb:4a:7d:bf:ea:fe:12:4d:dd:ff:26:2d:6f:
-                    36:54:68:c8:d2:84:56:ee:92:53:61:09:b3:3f:39:
-                    9b:a8:c9:9b:bd:ce:9f:7e:d4:19:6a:16:29:18:be:
-                    d7:3a:69:dc:25:5b:33:1a:51
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
-
-            X509v3 Subject Key Identifier: 
-                C4:C0:1C:A4:07:94:FD:CD:4D:01:D4:54:DA:A5:0C:5F:DE:AE:05:5A
-    Signature Algorithm: sha1WithRSAEncryption
-        3f:2d:6a:e3:26:43:95:7d:89:97:65:fb:75:e4:72:1d:46:57:
-        c4:61:6b:69:9f:12:9b:2c:d5:5a:e8:c0:a2:f0:43:95:e3:1f:
-        e9:76:cd:dc:eb:bc:93:a0:65:0a:c7:4d:4f:5f:a7:af:a2:46:
-        14:b9:0c:f3:cc:bd:6a:6e:b7:9d:de:25:42:d0:54:ff:9e:68:
-        73:63:dc:24:eb:22:bf:a8:72:f2:5e:00:e1:0d:4e:3a:43:6e:
-        99:4e:3f:89:78:03:98:ca:f3:55:cc:9d:ae:8e:c1:aa:45:98:
-        fa:8f:1a:a0:8d:88:23:f1:15:41:0d:a5:46:3e:91:3f:8b:eb:
-        f7:71
-MD5 Fingerprint=3A:E5:50:B0:39:BE:C7:46:36:33:A1:FE:82:3E:8D:94
 -----BEGIN CERTIFICATE-----
-MIICXDCCAcWgAwIBAgIQCgEBAQAAAnwAAAALAAAAAjANBgkqhkiG9w0BAQUFADA6
-MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
-dHkgMTAyNCBWMzAeFw0wMTAyMjIyMTAxNDlaFw0yNjAyMjIyMDAxNDlaMDoxGTAX
-BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAx
-MDI0IFYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV3f5mCc8kPD6ugU5O
-isRpgFtZO9+5TUzKtS3DJy08rwBCbbwoppbPf9dYrIMKo1W1exeQFYRMiu4mmdxY
-78c4pqqv0I5CyGLXq6yp+0p9v+r+Ek3d/yYtbzZUaMjShFbuklNhCbM/OZuoyZu9
-zp9+1BlqFikYvtc6adwlWzMaUQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBTEwBykB5T9zU0B1FTapQxf3q4FWjAd
-BgNVHQ4EFgQUxMAcpAeU/c1NAdRU2qUMX96uBVowDQYJKoZIhvcNAQEFBQADgYEA
-Py1q4yZDlX2Jl2X7deRyHUZXxGFraZ8SmyzVWujAovBDleMf6XbN3Ou8k6BlCsdN
-T1+nr6JGFLkM88y9am63nd4lQtBU/55oc2PcJOsiv6hy8l4A4Q1OOkNumU4/iXgD
-mMrzVcydro7BqkWY+o8aoI2II/EVQQ2lRj6RP4vr93E=
+MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF
+Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw
+Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW
+w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE
+Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD
+2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 144470 (0x23456)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
-        Validity
-            Not Before: May 21 04:00:00 2002 GMT
-            Not After : May 21 04:00:00 2022 GMT
-        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:
-                    3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:
-                    43:b6:03:e9:4d:21:07:08:88:da:58:2f:66:39:29:
-                    bd:05:78:8b:9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:
-                    60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6:ed:83:f3:
-                    ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:
-                    2e:4f:ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:
-                    80:7a:57:ad:f2:ee:5f:6b:d2:00:8d:b9:14:f8:14:
-                    15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9:55:2b:cd:
-                    d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:
-                    d4:d5:7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:
-                    5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb:8e:a4:39:
-                    19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1:1d:05:
-                    9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:
-                    fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:
-                    eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:
-                    36:84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:
-                    e4:f9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
-            X509v3 Authority Key Identifier: 
-                keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
-
-    Signature Algorithm: sha1WithRSAEncryption
-        35:e3:29:6a:e5:2f:5d:54:8e:29:50:94:9f:99:1a:14:e4:8f:
-        78:2a:62:94:a2:27:67:9e:d0:cf:1a:5e:47:e9:c1:b2:a4:cf:
-        dd:41:1a:05:4e:9b:4b:ee:4a:6f:55:52:b3:24:a1:37:0a:eb:
-        64:76:2a:2e:2c:f3:fd:3b:75:90:bf:fa:71:d8:c7:3d:37:d2:
-        b5:05:95:62:b9:a6:de:89:3d:36:7b:38:77:48:97:ac:a6:20:
-        8f:2e:a6:c9:0c:c2:b2:99:45:00:c7:ce:11:51:22:22:e0:a5:
-        ea:b6:15:48:09:64:ea:5e:4f:74:f7:05:3e:c7:8a:52:0c:db:
-        15:b4:bd:6d:9b:e5:c6:b1:54:68:a9:e3:69:90:b6:9a:a5:0f:
-        b8:b9:3f:20:7d:ae:4a:b5:b8:9c:e4:1d:b6:ab:e6:94:a5:c1:
-        c7:83:ad:db:f5:27:87:0e:04:6c:d5:ff:dd:a0:5d:ed:87:52:
-        b7:2b:15:02:ae:39:a6:6a:74:e9:da:c4:e7:bc:4d:34:1e:a9:
-        5c:4d:33:5f:92:09:2f:88:66:5d:77:97:c7:1d:76:13:a9:d5:
-        e5:f1:16:09:11:35:d5:ac:db:24:71:70:2c:98:56:0b:d9:17:
-        b4:d1:e3:51:2b:5e:75:e8:d5:d0:dc:4f:34:ed:c2:05:66:80:
-        a1:cb:e6:33
-MD5 Fingerprint=F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
 -----BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
+SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
+Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
+BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
+cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
+vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
+Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
+0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
+4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
+eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
+R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
+A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
+dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
+Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
+WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
+HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
+KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
+Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
+wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
+2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
+9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
+jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
+aQNiuJkFBT1reBK9sG9l
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
-        Validity
-            Not Before: Jul  9 18:48:39 1999 GMT
-            Not After : Jul  9 18:57:49 2019 GMT
-        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b3:fb:91:a1:e4:36:55:85:ac:06:34:5b:a0:9a:
-                    58:b2:f8:b5:0f:05:77:83:ae:32:b1:76:92:68:ec:
-                    23:4a:c9:76:3f:e3:9c:b6:37:79:03:b9:ab:69:8d:
-                    07:25:b6:19:67:e4:b0:1b:18:73:61:4a:e8:7e:cd:
-                    d3:2f:64:e3:a6:7c:0c:fa:17:80:a3:0d:47:89:4f:
-                    51:71:2f:ee:fc:3f:f9:b8:16:80:87:89:93:25:20:
-                    9a:43:82:69:24:76:28:59:35:a1:1d:c0:7f:83:06:
-                    64:16:20:2c:d3:49:a4:85:b4:c0:61:7f:51:08:f8:
-                    68:15:91:80:cb:a5:d5:ee:3b:3a:f4:84:04:5e:60:
-                    59:a7:8c:34:72:ee:b8:78:c5:d1:3b:12:4a:6f:7e:
-                    65:27:b9:a4:55:c5:b9:6f:43:a4:c5:1d:2c:99:c0:
-                    52:a4:78:4c:15:b3:40:98:08:6b:43:c6:01:b0:7a:
-                    7b:f5:6b:1c:22:3f:cb:ef:ff:a8:d0:3a:4b:76:15:
-                    9e:d2:d1:c6:2e:e3:db:57:1b:32:a2:b8:6f:e8:86:
-                    a6:3f:70:ab:e5:70:92:ab:44:1e:40:50:fb:9c:a3:
-                    62:e4:6c:6e:a0:c8:de:e2:80:42:fa:e9:2f:e8:ce:
-                    32:04:8f:7c:8d:b7:1c:a3:35:3c:15:dd:9e:c3:ae:
-                    97:a5
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                FA:86:C9:DB:E0:BA:E9:78:F5:4B:A8:D6:15:DF:F0:D3:E1:6A:14:3C
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl
-
-    Signature Algorithm: sha1WithRSAEncryption
-        a4:f3:25:cc:d1:d4:91:83:22:d0:cc:32:ab:9b:96:4e:34:91:
-        54:20:25:34:61:5f:2a:02:15:e1:8b:aa:ff:7d:64:51:cf:0a:
-        ff:bc:7d:d8:21:6a:78:cb:2f:51:6f:f8:42:1d:33:bd:eb:b5:
-        7b:94:c3:c3:a9:a0:2d:df:d1:29:1f:1d:fe:8f:3f:bb:a8:45:
-        2a:7f:d1:6e:55:24:e2:bb:02:fb:31:3f:be:e8:bc:ec:40:2b:
-        f8:01:d4:56:38:e4:ca:44:82:b5:61:20:21:67:65:f6:f0:0b:
-        e7:34:f8:a5:c2:9c:a3:5c:40:1f:85:93:95:06:de:4f:d4:27:
-        a9:b6:a5:fc:16:cd:73:31:3f:b8:65:27:cf:d4:53:1a:f0:ac:
-        6e:9f:4f:05:0c:03:81:a7:84:29:c4:5a:bd:64:57:72:ad:3b:
-        cf:37:18:a6:98:c6:ad:06:b4:dc:08:a3:04:d5:29:a4:96:9a:
-        12:67:4a:8c:60:45:9d:f1:23:9a:b0:00:9c:68:b5:98:50:d3:
-        ef:8e:2e:92:65:b1:48:3e:21:be:15:30:2a:0d:b5:0c:a3:6b:
-        3f:ae:7f:57:f5:1f:96:7c:df:6f:dd:82:30:2c:65:1b:40:4a:
-        cd:68:b9:72:ec:71:76:ec:54:8e:1f:85:0c:01:6a:fa:a6:38:
-        ac:1f:c4:84
-MD5 Fingerprint=BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
 -----BEGIN CERTIFICATE-----
-MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
-ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
-TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
-NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
-IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
-VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
-Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
-N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
-iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
-YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
-axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
-yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
-AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
-ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
-VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
-BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
-IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
-QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
-ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
-YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
-QErNaLly7HF27FSOH4UMAWr6pjisH8SE
+MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
+SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
+ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
+REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
+2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
+2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
+GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
+dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
+TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
+AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
+c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
+ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
+MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
+T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
+HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
+VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
+bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
+MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
+J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
+SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
+JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
+inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
+caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
+mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
+YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
+BKNDLdr8C2LqL19iUw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
-        Validity
-            Not Before: May 28 06:00:00 2002 GMT
-            Not After : Nov 19 20:43:00 2037 GMT
-        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:a8:2f:e8:a4:69:06:03:47:c3:e9:2a:98:ff:19:
-                    a2:70:9a:c6:50:b2:7e:a5:df:68:4d:1b:7c:0f:b6:
-                    97:68:7d:2d:a6:8b:97:e9:64:86:c9:a3:ef:a0:86:
-                    bf:60:65:9c:4b:54:88:c2:48:c5:4a:39:bf:14:e3:
-                    59:55:e5:19:b4:74:c8:b4:05:39:5c:16:a5:e2:95:
-                    05:e0:12:ae:59:8b:a2:33:68:58:1c:a6:d4:15:b7:
-                    d8:9f:d7:dc:71:ab:7e:9a:bf:9b:8e:33:0f:22:fd:
-                    1f:2e:e7:07:36:ef:62:39:c5:dd:cb:ba:25:14:23:
-                    de:0c:c6:3d:3c:ce:82:08:e6:66:3e:da:51:3b:16:
-                    3a:a3:05:7f:a0:dc:87:d5:9c:fc:72:a9:a0:7d:78:
-                    e4:b7:31:55:1e:65:bb:d4:61:b0:21:60:ed:10:32:
-                    72:c5:92:25:1e:f8:90:4a:18:78:47:df:7e:30:37:
-                    3e:50:1b:db:1c:d3:6b:9a:86:53:07:b0:ef:ac:06:
-                    78:f8:84:99:fe:21:8d:4c:80:b6:0c:82:f6:66:70:
-                    79:1a:d3:4f:a3:cf:f1:cf:46:b0:4b:0f:3e:dd:88:
-                    62:b8:8c:a9:09:28:3b:7a:c7:97:e1:1e:e5:f4:9f:
-                    c0:c0:ae:24:a0:c8:a1:d9:0f:d6:7b:26:82:69:32:
-                    3d:a7
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE
-            X509v3 Authority Key Identifier: 
-                keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE
-
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c:
-        05:a2:cd:c2:62:26:61:cd:10:16:d7:cc:b4:65:34:d0:11:8a:
-        ad:a8:a9:05:66:ef:74:f3:6d:5f:9d:99:af:f6:8b:fb:eb:52:
-        b2:05:98:a2:6f:2a:c5:54:bd:25:bd:5f:ae:c8:86:ea:46:2c:
-        c1:b3:bd:c1:e9:49:70:18:16:97:08:13:8c:20:e0:1b:2e:3a:
-        47:cb:1e:e4:00:30:95:5b:f4:45:a3:c0:1a:b0:01:4e:ab:bd:
-        c0:23:6e:63:3f:80:4a:c5:07:ed:dc:e2:6f:c7:c1:62:f1:e3:
-        72:d6:04:c8:74:67:0b:fa:88:ab:a1:01:c8:6f:f0:14:af:d2:
-        99:cd:51:93:7e:ed:2e:38:c7:bd:ce:46:50:3d:72:e3:79:25:
-        9d:9b:88:2b:10:20:dd:a5:b8:32:9f:8d:e0:29:df:21:74:86:
-        82:db:2f:82:30:c6:c7:35:86:b3:f9:96:5f:46:db:0c:45:fd:
-        f3:50:c3:6f:c6:c3:48:ad:46:a6:e1:27:47:0a:1d:0e:9b:b6:
-        c2:77:7f:63:f2:e0:7d:1a:be:fc:e0:df:d7:c7:a7:6c:b0:f9:
-        ae:ba:3c:fd:74:b4:11:e8:58:0d:80:bc:d3:a8:80:3a:99:ed:
-        75:cc:46:7b
-MD5 Fingerprint=14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
 -----BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
-hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
-1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
-OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
-2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
-O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
-AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
-BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
-LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
-oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
-MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
-sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
+IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
+DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
+EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
+ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
+QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
+dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
+wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
+G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
+AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
+9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
-        Validity
-            Not Before: May 28 06:00:00 2002 GMT
-            Not After : Sep 29 14:08:00 2037 GMT
-        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (4096 bit)
-                Modulus (4096 bit):
-                    00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0:
-                    5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa:
-                    b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7:
-                    7c:71:bc:75:63:a0:5d:e3:07:0c:48:ec:25:c4:03:
-                    20:f4:ff:0e:3b:12:ff:9b:8d:e1:c6:d5:1b:b4:6d:
-                    22:e3:b1:db:7f:21:64:af:86:bc:57:22:2a:d6:47:
-                    81:57:44:82:56:53:bd:86:14:01:0b:fc:7f:74:a4:
-                    5a:ae:f1:ba:11:b5:9b:58:5a:80:b4:37:78:09:33:
-                    7c:32:47:03:5c:c4:a5:83:48:f4:57:56:6e:81:36:
-                    27:18:4f:ec:9b:28:c2:d4:b4:d7:7c:0c:3e:0c:2b:
-                    df:ca:04:d7:c6:8e:ea:58:4e:a8:a4:a5:18:1c:6c:
-                    45:98:a3:41:d1:2d:d2:c7:6d:8d:19:f1:ad:79:b7:
-                    81:3f:bd:06:82:27:2d:10:58:05:b5:78:05:b9:2f:
-                    db:0c:6b:90:90:7e:14:59:38:bb:94:24:13:e5:d1:
-                    9d:14:df:d3:82:4d:46:f0:80:39:52:32:0f:e3:84:
-                    b2:7a:43:f2:5e:de:5f:3f:1d:dd:e3:b2:1b:a0:a1:
-                    2a:23:03:6e:2e:01:15:87:5c:a6:75:75:c7:97:61:
-                    be:de:86:dc:d4:48:db:bd:2a:bf:4a:55:da:e8:7d:
-                    50:fb:b4:80:17:b8:94:bf:01:3d:ea:da:ba:7c:e0:
-                    58:67:17:b9:58:e0:88:86:46:67:6c:9d:10:47:58:
-                    32:d0:35:7c:79:2a:90:a2:5a:10:11:23:35:ad:2f:
-                    cc:e4:4a:5b:a7:c8:27:f2:83:de:5e:bb:5e:77:e7:
-                    e8:a5:6e:63:c2:0d:5d:61:d0:8c:d2:6c:5a:21:0e:
-                    ca:28:a3:ce:2a:e9:95:c7:48:cf:96:6f:1d:92:25:
-                    c8:c6:c6:c1:c1:0c:05:ac:26:c4:d2:75:d2:e1:2a:
-                    67:c0:3d:5b:a5:9a:eb:cf:7b:1a:a8:9d:14:45:e5:
-                    0f:a0:9a:65:de:2f:28:bd:ce:6f:94:66:83:48:29:
-                    d8:ea:65:8c:af:93:d9:64:9f:55:57:26:bf:6f:cb:
-                    37:31:99:a3:60:bb:1c:ad:89:34:32:62:b8:43:21:
-                    06:72:0c:a1:5c:6d:46:c5:fa:29:cf:30:de:89:dc:
-                    71:5b:dd:b6:37:3e:df:50:f5:b8:07:25:26:e5:bc:
-                    b5:fe:3c:02:b3:b7:f8:be:43:c1:87:11:94:9e:23:
-                    6c:17:8a:b8:8a:27:0c:54:47:f0:a9:b3:c0:80:8c:
-                    a0:27:eb:1d:19:e3:07:8e:77:70:ca:2b:f4:7d:76:
-                    e0:78:67
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E
-            X509v3 Authority Key Identifier: 
-                keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E
-
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        67:6b:06:b9:5f:45:3b:2a:4b:33:b3:e6:1b:6b:59:4e:22:cc:
-        b9:b7:a4:25:c9:a7:c4:f0:54:96:0b:64:f3:b1:58:4f:5e:51:
-        fc:b2:97:7b:27:65:c2:e5:ca:e7:0d:0c:25:7b:62:e3:fa:9f:
-        b4:87:b7:45:46:af:83:a5:97:48:8c:a5:bd:f1:16:2b:9b:76:
-        2c:7a:35:60:6c:11:80:97:cc:a9:92:52:e6:2b:e6:69:ed:a9:
-        f8:36:2d:2c:77:bf:61:48:d1:63:0b:b9:5b:52:ed:18:b0:43:
-        42:22:a6:b1:77:ae:de:69:c5:cd:c7:1c:a1:b1:a5:1c:10:fb:
-        18:be:1a:70:dd:c1:92:4b:be:29:5a:9d:3f:35:be:e5:7d:51:
-        f8:55:e0:25:75:23:87:1e:5c:dc:ba:9d:b0:ac:b3:69:db:17:
-        83:c9:f7:de:0c:bc:08:dc:91:9e:a8:d0:d7:15:37:73:a5:35:
-        b8:fc:7e:c5:44:40:06:c3:eb:f8:22:80:5c:47:ce:02:e3:11:
-        9f:44:ff:fd:9a:32:cc:7d:64:51:0e:eb:57:26:76:3a:e3:1e:
-        22:3c:c2:a6:36:dd:19:ef:a7:fc:12:f3:26:c0:59:31:85:4c:
-        9c:d8:cf:df:a4:cc:cc:29:93:ff:94:6d:76:5c:13:08:97:f2:
-        ed:a5:0b:4d:dd:e8:c9:68:0e:66:d3:00:0e:33:12:5b:bc:95:
-        e5:32:90:a8:b3:c6:6c:83:ad:77:ee:8b:7e:7e:b1:a9:ab:d3:
-        e1:f1:b6:c0:b1:ea:88:c0:e7:d3:90:e9:28:92:94:7b:68:7b:
-        97:2a:0a:67:2d:85:02:38:10:e4:03:61:d4:da:25:36:c7:08:
-        58:2d:a1:a7:51:af:30:0a:49:f5:a6:69:87:07:2d:44:46:76:
-        8e:2a:e5:9a:3b:d7:18:a2:fc:9c:38:10:cc:c6:3b:d2:b5:17:
-        3a:6f:fd:ae:25:bd:f5:72:59:64:b1:74:2a:38:5f:18:4c:df:
-        cf:71:04:5a:36:d4:bf:2f:99:9c:e8:d9:ba:b1:95:e6:02:4b:
-        21:a1:5b:d5:c1:4f:8f:ae:69:6d:53:db:01:93:b5:5c:1e:18:
-        dd:64:5a:ca:18:28:3e:63:04:11:fd:1c:8d:00:0f:b8:37:df:
-        67:8a:9d:66:a9:02:6a:91:ff:13:ca:2f:5d:83:bc:87:93:6c:
-        dc:24:51:16:04:25:66:fa:b3:d9:c2:ba:29:be:9a:48:38:82:
-        99:f4:bf:3b:4a:31:19:f9:bf:8e:21:33:14:ca:4f:54:5f:fb:
-        ce:fb:8f:71:7f:fd:5e:19:a0:0f:4b:91:b8:c4:54:bc:06:b0:
-        45:8f:26:91:a2:8e:fe:a9
-MD5 Fingerprint=D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
 -----BEGIN CERTIFICATE-----
-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
-206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
-KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
-JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
-BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
-Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
-PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
-Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
-+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
-YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
-FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
-xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
-LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
-CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
-IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
-DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
-AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
-Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
-AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
-Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
-RY8mkaKO/qk=
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
+YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
+Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
+AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
+MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
+cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
+d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
+DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
+rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
+uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
+/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
+gQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
-        Validity
-            Not Before: Jun 26 02:18:36 2002 GMT
-            Not After : Jun 24 00:16:12 2022 GMT
-        Subject: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:af:57:de:56:1e:6e:a1:da:60:b1:94:27:cb:17:
-                    db:07:3f:80:85:4f:c8:9c:b6:d0:f4:6f:4f:cf:99:
-                    d8:e1:db:c2:48:5c:3a:ac:39:33:c7:1f:6a:8b:26:
-                    3d:2b:35:f5:48:b1:91:c1:02:4e:04:96:91:7b:b0:
-                    33:f0:b1:14:4e:11:6f:b5:40:af:1b:45:a5:4a:ef:
-                    7e:b6:ac:f2:a0:1f:58:3f:12:46:60:3c:8d:a1:e0:
-                    7d:cf:57:3e:33:1e:fb:47:f1:aa:15:97:07:55:66:
-                    a5:b5:2d:2e:d8:80:59:b2:a7:0d:b7:46:ec:21:63:
-                    ff:35:ab:a5:02:cf:2a:f4:4c:fe:7b:f5:94:5d:84:
-                    4d:a8:f2:60:8f:db:0e:25:3c:9f:73:71:cf:94:df:
-                    4a:ea:db:df:72:38:8c:f3:96:bd:f1:17:bc:d2:ba:
-                    3b:45:5a:c6:a7:f6:c6:17:8b:01:9d:fc:19:a8:2a:
-                    83:16:b8:3a:48:fe:4e:3e:a0:ab:06:19:e9:53:f3:
-                    80:13:07:ed:2d:bf:3f:0a:3c:55:20:39:2c:2c:00:
-                    69:74:95:4a:bc:20:b2:a9:79:e5:18:89:91:a8:dc:
-                    1c:4d:ef:bb:7e:37:0b:5d:fe:39:a5:88:52:8c:00:
-                    6c:ec:18:7c:41:bd:f6:8b:75:77:ba:60:9d:84:e7:
-                    fe:2d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                15:38:83:0F:3F:2C:3F:70:33:1E:CD:46:FE:07:8C:20:E0:D7:C3:B7
-    Signature Algorithm: sha1WithRSAEncryption
-        5f:f1:41:7d:7c:5c:08:b9:2b:e0:d5:92:47:fa:67:5c:a5:13:
-        c3:03:21:9b:2b:4c:89:46:cf:59:4d:c9:fe:a5:40:b6:63:cd:
-        dd:71:28:95:67:11:cc:24:ac:d3:44:6c:71:ae:01:20:6b:03:
-        a2:8f:18:b7:29:3a:7d:e5:16:60:53:78:3c:c0:af:15:83:f7:
-        8f:52:33:24:bd:64:93:97:ee:8b:f7:db:18:a8:6d:71:b3:f7:
-        2c:17:d0:74:25:69:f7:fe:6b:3c:94:be:4d:4b:41:8c:4e:e2:
-        73:d0:e3:90:22:73:43:cd:f3:ef:ea:73:ce:45:8a:b0:a6:49:
-        ff:4c:7d:9d:71:88:c4:76:1d:90:5b:1d:ee:fd:cc:f7:ee:fd:
-        60:a5:b1:7a:16:71:d1:16:d0:7c:12:3c:6c:69:97:db:ae:5f:
-        39:9a:70:2f:05:3c:19:46:04:99:20:36:d0:60:6e:61:06:bb:
-        16:42:8c:70:f7:30:fb:e0:db:66:a3:00:01:bd:e6:2c:da:91:
-        5f:a0:46:8b:4d:6a:9c:3d:3d:dd:05:46:fe:76:bf:a0:0a:3c:
-        e4:00:e6:27:b7:ff:84:2d:de:ba:22:27:96:10:71:eb:22:ed:
-        df:df:33:9c:cf:e3:ad:ae:8e:d4:8e:e6:4f:51:af:16:92:e0:
-        5c:f6:07:0f
-MD5 Fingerprint=FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
 -----BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
-MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
-cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
-bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
-CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
-dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
-cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
-2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
-lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
-ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
-299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
-vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
-dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
-AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
-zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
-LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
-7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
-++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
-398znM/jra6O1I7mT1GvFpLgXPYHDw==
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
+dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
+bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
+BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
+IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
+bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
+Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
+Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
+ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
+KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1002 (0x3ea)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 11:59:59 1998 GMT
-            Not After : Jan  1 11:59:59 2011 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
-                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
-                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
-                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
-                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
-                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
-                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
-                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
-                    9c:fb:fc:57:9b:57:5c:4f:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        84:52:fb:28:df:ff:1f:75:01:bc:01:be:04:56:97:6a:74:42:
-        24:31:83:f9:46:b1:06:8a:89:cf:96:2c:33:bf:8c:b5:5f:7a:
-        72:a1:85:06:ce:86:f8:05:8e:e8:f9:25:ca:da:83:8c:06:ac:
-        eb:36:6d:85:91:34:04:36:f4:42:f0:f8:79:2e:0a:48:5c:ab:
-        cc:51:4f:78:76:a0:d9:ac:19:bd:2a:d1:69:04:28:91:ca:36:
-        10:27:80:57:5b:d2:5c:f5:c2:5b:ab:64:81:63:74:51:f4:97:
-        bf:cd:12:28:f7:4d:66:7f:a7:f0:1c:01:26:78:b2:66:47:70:
-        51:64
-MD5 Fingerprint=B8:16:33:4C:4C:4C:F2:D8:D3:4D:06:B4:A6:5B:40:03
 -----BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
-MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
-QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
-MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
-AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
-Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
-ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
-IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
-c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
-dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
-AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
-TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
-/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
-LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
-jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
-Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1003 (0x3eb)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 11:59:59 1998 GMT
-            Not After : Jan  1 11:59:59 2011 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
-                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
-                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
-                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
-                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
-                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
-                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
-                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
-                    ea:64:cf:d2:8e:7a:50:77:77
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Digital Signature, Certificate Sign, CRL Sign
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        16:3d:c6:cd:c1:bb:85:71:85:46:9f:3e:20:8f:51:28:99:ec:
-        2d:45:21:63:23:5b:04:bb:4c:90:b8:88:92:04:4d:bd:7d:01:
-        a3:3f:f6:ec:ce:f1:de:fe:7d:e5:e1:3e:bb:c6:ab:5e:0b:dd:
-        3d:96:c4:cb:a9:d4:f9:26:e6:06:4e:9e:0c:a5:7a:ba:6e:c3:
-        7c:82:19:d1:c7:b1:b1:c3:db:0d:8e:9b:40:7c:37:0b:f1:5d:
-        e8:fd:1f:90:88:a5:0e:4e:37:64:21:a8:4e:8d:b4:9f:f1:de:
-        48:ad:d5:56:18:52:29:8b:47:34:12:09:d4:bb:92:35:ef:0f:
-        db:34
-MD5 Fingerprint=5F:94:4A:73:22:B8:F7:D1:31:EC:59:39:F7:8E:FE:6E
 -----BEGIN CERTIFICATE-----
-MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
-MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
-QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
-MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN
-AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
-Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
-ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
-IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
-c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
-dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF
-Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw
-Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW
-w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
-LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
-CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE
-Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD
-2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 65568 (0x10020)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
-        Validity
-            Not Before: Jun 11 10:46:39 2002 GMT
-            Not After : Jun 11 10:46:39 2027 GMT
-        Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ce:b1:c1:2e:d3:4f:7c:cd:25:ce:18:3e:4f:c4:
-                    8c:6f:80:6a:73:c8:5b:51:f8:9b:d2:dc:bb:00:5c:
-                    b1:a0:fc:75:03:ee:81:f0:88:ee:23:52:e9:e6:15:
-                    33:8d:ac:2d:09:c5:76:f9:2b:39:80:89:e4:97:4b:
-                    90:a5:a8:78:f8:73:43:7b:a4:61:b0:d8:58:cc:e1:
-                    6c:66:7e:9c:f3:09:5e:55:63:84:d5:a8:ef:f3:b1:
-                    2e:30:68:b3:c4:3c:d8:ac:6e:8d:99:5a:90:4e:34:
-                    dc:36:9a:8f:81:88:50:b7:6d:96:42:09:f3:d7:95:
-                    83:0d:41:4b:b0:6a:6b:f8:fc:0f:7e:62:9f:67:c4:
-                    ed:26:5f:10:26:0f:08:4f:f0:a4:57:28:ce:8f:b8:
-                    ed:45:f6:6e:ee:25:5d:aa:6e:39:be:e4:93:2f:d9:
-                    47:a0:72:eb:fa:a6:5b:af:ca:53:3f:e2:0e:c6:96:
-                    56:11:6e:f7:e9:66:a9:26:d8:7f:95:53:ed:0a:85:
-                    88:ba:4f:29:a5:42:8c:5e:b6:fc:85:20:00:aa:68:
-                    0b:a1:1a:85:01:9c:c4:46:63:82:88:b6:22:b1:ee:
-                    fe:aa:46:59:7e:cf:35:2c:d5:b6:da:5d:f7:48:33:
-                    14:54:b6:eb:d9:6f:ce:cd:88:d6:ab:1b:da:96:3b:
-                    1d:59
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        b8:8d:ce:ef:e7:14:ba:cf:ee:b0:44:92:6c:b4:39:3e:a2:84:
-        6e:ad:b8:21:77:d2:d4:77:82:87:e6:20:41:81:ee:e2:f8:11:
-        b7:63:d1:17:37:be:19:76:24:1c:04:1a:4c:eb:3d:aa:67:6f:
-        2d:d4:cd:fe:65:31:70:c5:1b:a6:02:0a:ba:60:7b:6d:58:c2:
-        9a:49:fe:63:32:0b:6b:e3:3a:c0:ac:ab:3b:b0:e8:d3:09:51:
-        8c:10:83:c6:34:e0:c5:2b:e0:1a:b6:60:14:27:6c:32:77:8c:
-        bc:b2:72:98:cf:cd:cc:3f:b9:c8:24:42:14:d6:57:fc:e6:26:
-        43:a9:1d:e5:80:90:ce:03:54:28:3e:f7:3f:d3:f8:4d:ed:6a:
-        0a:3a:93:13:9b:3b:14:23:13:63:9c:3f:d1:87:27:79:e5:4c:
-        51:e3:01:ad:85:5d:1a:3b:b1:d5:73:10:a4:d3:f2:bc:6e:64:
-        f5:5a:56:90:a8:c7:0e:4c:74:0f:2e:71:3b:f7:c8:47:f4:69:
-        6f:15:f2:11:5e:83:1e:9c:7c:52:ae:fd:02:da:12:a8:59:67:
-        18:db:bc:70:dd:9b:b1:69:ed:80:ce:89:40:48:6a:0e:35:ca:
-        29:66:15:21:94:2c:e8:60:2a:9b:85:4a:40:f3:6b:8a:24:ec:
-        06:16:2c:73
-MD5 Fingerprint=2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
 -----BEGIN CERTIFICATE-----
-MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
-MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
-QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
-MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
-jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
-ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
-ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
-Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
-AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
-HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
-uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
-TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
-xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
-CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
-O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
-6GAqm4VKQPNriiTsBhYscw==
+MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN
+BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAd
+BgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcwMTAxMDAwMDAwWhcN
+MjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
+Q2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsG
+A1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1l
+c3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYrWHhhRYZT
+6jR7UZztsOYuGA7+4F+oJ9O0yeB8WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQa
+Wt9MevPZQx08EHp5JduQ/vBR5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL
+8vg7ij5FrHGSALSQQZj7X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC
+9RAIDb/LogWK0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQ
+pgCed/r8zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZ
+CayJSdM=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
-        Validity
-            Not Before: Jan  1 00:00:00 2004 GMT
-            Not After : Dec 31 23:59:59 2028 GMT
-        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:be:40:9d:f4:6e:e1:ea:76:87:1c:4d:45:44:8e:
-                    be:46:c8:83:06:9d:c1:2a:fe:18:1f:8e:e4:02:fa:
-                    f3:ab:5d:50:8a:16:31:0b:9a:06:d0:c5:70:22:cd:
-                    49:2d:54:63:cc:b6:6e:68:46:0b:53:ea:cb:4c:24:
-                    c0:bc:72:4e:ea:f1:15:ae:f4:54:9a:12:0a:c3:7a:
-                    b2:33:60:e2:da:89:55:f3:22:58:f3:de:dc:cf:ef:
-                    83:86:a2:8c:94:4f:9f:68:f2:98:90:46:84:27:c7:
-                    76:bf:e3:cc:35:2c:8b:5e:07:64:65:82:c0:48:b0:
-                    a8:91:f9:61:9f:76:20:50:a8:91:c7:66:b5:eb:78:
-                    62:03:56:f0:8a:1a:13:ea:31:a3:1e:a0:99:fd:38:
-                    f6:f6:27:32:58:6f:07:f5:6b:b8:fb:14:2b:af:b7:
-                    aa:cc:d6:63:5f:73:8c:da:05:99:a8:38:a8:cb:17:
-                    78:36:51:ac:e9:9e:f4:78:3a:8d:cf:0f:d9:42:e2:
-                    98:0c:ab:2f:9f:0e:01:de:ef:9f:99:49:f1:2d:df:
-                    ac:74:4d:1b:98:b5:47:c5:e5:29:d1:f9:90:18:c7:
-                    62:9c:be:83:c7:26:7b:3e:8a:25:c7:c0:dd:9d:e6:
-                    35:68:10:20:9d:8f:d8:de:d2:c3:84:9c:0d:5e:e8:
-                    2f:c9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.comodoca.com/AAACertificateServices.crl
-                URI:http://crl.comodo.net/AAACertificateServices.crl
-
-    Signature Algorithm: sha1WithRSAEncryption
-        08:56:fc:02:f0:9b:e8:ff:a4:fa:d6:7b:c6:44:80:ce:4f:c4:
-        c5:f6:00:58:cc:a6:b6:bc:14:49:68:04:76:e8:e6:ee:5d:ec:
-        02:0f:60:d6:8d:50:18:4f:26:4e:01:e3:e6:b0:a5:ee:bf:bc:
-        74:54:41:bf:fd:fc:12:b8:c7:4f:5a:f4:89:60:05:7f:60:b7:
-        05:4a:f3:f6:f1:c2:bf:c4:b9:74:86:b6:2d:7d:6b:cc:d2:f3:
-        46:dd:2f:c6:e0:6a:c3:c3:34:03:2c:7d:96:dd:5a:c2:0e:a7:
-        0a:99:c1:05:8b:ab:0c:2f:f3:5c:3a:cf:6c:37:55:09:87:de:
-        53:40:6c:58:ef:fc:b6:ab:65:6e:04:f6:1b:dc:3c:e0:5a:15:
-        c6:9e:d9:f1:59:48:30:21:65:03:6c:ec:e9:21:73:ec:9b:03:
-        a1:e0:37:ad:a0:15:18:8f:fa:ba:02:ce:a7:2c:a9:10:13:2c:
-        d4:e5:08:26:ab:22:97:60:f8:90:5e:74:d4:a2:9a:53:bd:f2:
-        a9:68:e0:a2:6e:c2:d7:6c:b1:a3:0f:9e:bf:eb:68:e7:56:f2:
-        ae:f2:e3:2b:38:3a:09:81:b5:6b:85:d7:be:2d:ed:3f:1a:b7:
-        b2:63:e2:f5:62:2c:82:d4:6a:00:41:50:f1:39:83:9f:95:e9:
-        36:96:98:6e
-MD5 Fingerprint=49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
 -----BEGIN CERTIFICATE-----
-MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
-MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
-GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
-YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
-MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
-BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
-GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
-BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
-3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
-YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
-rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
-ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
-oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
-MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
-QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
-b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
-AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
-GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
-Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
-G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
-l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
-smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
+kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
+IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
+EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
+VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
+dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
+E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
+D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
+4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
+lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
+bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
+o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
+MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
+LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
+BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
+AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
+Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
+j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
+KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
+2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
+mfnGV/TJVTl4uix5yaaIK/QI
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
-        Validity
-            Not Before: Jan  1 00:00:00 2004 GMT
-            Not After : Dec 31 23:59:59 2028 GMT
-        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c0:71:33:82:8a:d0:70:eb:73:87:82:40:d5:1d:
-                    e4:cb:c9:0e:42:90:f9:de:34:b9:a1:ba:11:f4:25:
-                    85:f3:cc:72:6d:f2:7b:97:6b:b3:07:f1:77:24:91:
-                    5f:25:8f:f6:74:3d:e4:80:c2:f8:3c:0d:f3:bf:40:
-                    ea:f7:c8:52:d1:72:6f:ef:c8:ab:41:b8:6e:2e:17:
-                    2a:95:69:0c:cd:d2:1e:94:7b:2d:94:1d:aa:75:d7:
-                    b3:98:cb:ac:bc:64:53:40:bc:8f:ac:ac:36:cb:5c:
-                    ad:bb:dd:e0:94:17:ec:d1:5c:d0:bf:ef:a5:95:c9:
-                    90:c5:b0:ac:fb:1b:43:df:7a:08:5d:b7:b8:f2:40:
-                    1b:2b:27:9e:50:ce:5e:65:82:88:8c:5e:d3:4e:0c:
-                    7a:ea:08:91:b6:36:aa:2b:42:fb:ea:c2:a3:39:e5:
-                    db:26:38:ad:8b:0a:ee:19:63:c7:1c:24:df:03:78:
-                    da:e6:ea:c1:47:1a:0b:0b:46:09:dd:02:fc:de:cb:
-                    87:5f:d7:30:63:68:a1:ae:dc:32:a1:ba:be:fe:44:
-                    ab:68:b6:a5:17:15:fd:bd:d5:a7:a7:9a:e4:44:33:
-                    e9:88:8e:fc:ed:51:eb:93:71:4e:ad:01:e7:44:8e:
-                    ab:2d:cb:a8:fe:01:49:48:f0:c0:dd:c7:68:d8:92:
-                    fe:3d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                3C:D8:93:88:C2:C0:82:09:CC:01:99:06:93:20:E9:9E:70:09:63:4F
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.comodoca.com/SecureCertificateServices.crl
-                URI:http://crl.comodo.net/SecureCertificateServices.crl
-
-    Signature Algorithm: sha1WithRSAEncryption
-        87:01:6d:23:1d:7e:5b:17:7d:c1:61:32:cf:8f:e7:f3:8a:94:
-        59:66:e0:9e:28:a8:5e:d3:b7:f4:34:e6:aa:39:b2:97:16:c5:
-        82:6f:32:a4:e9:8c:e7:af:fd:ef:c2:e8:b9:4b:aa:a3:f4:e6:
-        da:8d:65:21:fb:ba:80:eb:26:28:85:1a:fe:39:8c:de:5b:04:
-        04:b4:54:f9:a3:67:9e:41:fa:09:52:cc:05:48:a8:c9:3f:21:
-        04:1e:ce:48:6b:fc:85:e8:c2:7b:af:7f:b7:cc:f8:5f:3a:fd:
-        35:c6:0d:ef:97:dc:4c:ab:11:e1:6b:cb:31:d1:6c:fb:48:80:
-        ab:dc:9c:37:b8:21:14:4b:0d:71:3d:ec:83:33:6e:d1:6e:32:
-        16:ec:98:c7:16:8b:59:a6:34:ab:05:57:2d:93:f7:aa:13:cb:
-        d2:13:e2:b7:2e:3b:cd:6b:50:17:09:68:3e:b5:26:57:ee:b6:
-        e0:b6:dd:b9:29:80:79:7d:8f:a3:f0:a4:28:a4:15:c4:85:f4:
-        27:d4:6b:bf:e5:5c:e4:65:02:76:54:b4:e3:37:66:24:d3:19:
-        61:c8:52:10:e5:8b:37:9a:b9:a9:f9:1d:bf:ea:99:92:61:96:
-        ff:01:cd:a1:5f:0d:bc:71:bc:0e:ac:0b:1d:47:45:1d:c1:ec:
-        7c:ec:fd:29
-MD5 Fingerprint=D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
 -----BEGIN CERTIFICATE-----
-MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
-MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
-GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
-ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
-fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
-A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
-BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
-cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
-HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
-CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
-3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
-6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
-HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
-Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
-Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
-DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
-5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
-Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
-gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
-aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
-izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
+MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB
+rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt
+Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa
+Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV
+BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
+dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE
+AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B
+YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9
+hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l
+L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm
+SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM
+1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
+6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw
+Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50
+aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
+AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u
+7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0
+xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ
+rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim
+eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk
+USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
-        Validity
-            Not Before: Jan  1 00:00:00 2004 GMT
-            Not After : Dec 31 23:59:59 2028 GMT
-        Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:df:71:6f:36:58:53:5a:f2:36:54:57:80:c4:74:
-                    08:20:ed:18:7f:2a:1d:e6:35:9a:1e:25:ac:9c:e5:
-                    96:7e:72:52:a0:15:42:db:59:dd:64:7a:1a:d0:b8:
-                    7b:dd:39:15:bc:55:48:c4:ed:3a:00:ea:31:11:ba:
-                    f2:71:74:1a:67:b8:cf:33:cc:a8:31:af:a3:e3:d7:
-                    7f:bf:33:2d:4c:6a:3c:ec:8b:c3:92:d2:53:77:24:
-                    74:9c:07:6e:70:fc:bd:0b:5b:76:ba:5f:f2:ff:d7:
-                    37:4b:4a:60:78:f7:f0:fa:ca:70:b4:ea:59:aa:a3:
-                    ce:48:2f:a9:c3:b2:0b:7e:17:72:16:0c:a6:07:0c:
-                    1b:38:cf:c9:62:b7:3f:a0:93:a5:87:41:f2:b7:70:
-                    40:77:d8:be:14:7c:e3:a8:c0:7a:8e:e9:63:6a:d1:
-                    0f:9a:c6:d2:f4:8b:3a:14:04:56:d4:ed:b8:cc:6e:
-                    f5:fb:e2:2c:58:bd:7f:4f:6b:2b:f7:60:24:58:24:
-                    ce:26:ef:34:91:3a:d5:e3:81:d0:b2:f0:04:02:d7:
-                    5b:b7:3e:92:ac:6b:12:8a:f9:e4:05:b0:3b:91:49:
-                    5c:b2:eb:53:ea:f8:9f:47:86:ee:bf:95:c0:c0:06:
-                    9f:d2:5b:5e:11:1b:f4:c7:04:35:29:d2:55:5c:e4:
-                    ed:eb
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                C5:7B:58:BD:ED:DA:25:69:D2:F7:59:16:A8:B3:32:C0:7B:27:5B:F4
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.comodoca.com/TrustedCertificateServices.crl
-                URI:http://crl.comodo.net/TrustedCertificateServices.crl
-
-    Signature Algorithm: sha1WithRSAEncryption
-        c8:93:81:3b:89:b4:af:b8:84:12:4c:8d:d2:f0:db:70:ba:57:
-        86:15:34:10:b9:2f:7f:1e:b0:a8:89:60:a1:8a:c2:77:0c:50:
-        4a:9b:00:8b:d8:8b:f4:41:e2:d0:83:8a:4a:1c:14:06:b0:a3:
-        68:05:70:31:30:a7:53:9b:0e:e9:4a:a0:58:69:67:0e:ae:9d:
-        f6:a5:2c:41:bf:3c:06:6b:e4:59:cc:6d:10:f1:96:6f:1f:df:
-        f4:04:02:a4:9f:45:3e:c8:d8:fa:36:46:44:50:3f:82:97:91:
-        1f:28:db:18:11:8c:2a:e4:65:83:57:12:12:8c:17:3f:94:36:
-        fe:5d:b0:c0:04:77:13:b8:f4:15:d5:3f:38:cc:94:3a:55:d0:
-        ac:98:f5:ba:00:5f:e0:86:19:81:78:2f:28:c0:7e:d3:cc:42:
-        0a:f5:ae:50:a0:d1:3e:c6:a1:71:ec:3f:a0:20:8c:66:3a:89:
-        b4:8e:d4:d8:b1:4d:25:47:ee:2f:88:c8:b5:e1:05:45:c0:be:
-        14:71:de:7a:fd:8e:7b:7d:4d:08:96:a5:12:73:f0:2d:ca:37:
-        27:74:12:27:4c:cb:b6:97:e9:d9:ae:08:6d:5a:39:40:dd:05:
-        47:75:6a:5a:21:b3:a3:18:cf:4e:f7:2e:57:b7:98:70:5e:c8:
-        c4:78:b0:62
-MD5 Fingerprint=91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
 -----BEGIN CERTIFICATE-----
-MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
-MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
-GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
-aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
-MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
-VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
-fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
-TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
-fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
-1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
-kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
-A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
-VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
-ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
-dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
-Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
-HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
-pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
-jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
-xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
-dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Chained CAs Certification Authority, CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 00:53:58 2001 GMT
-            Not After : Dec 27 00:53:58 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Chained CAs Certification Authority, CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:dc:56:92:49:b2:94:20:bc:98:4f:50:eb:68:a4:
-                    a7:49:0b:bf:d2:31:e8:c7:4f:c2:86:0b:fa:68:fd:
-                    43:5a:8a:f3:60:92:35:99:38:bb:4d:03:52:21:5b:
-                    f0:37:99:35:e1:41:20:81:85:81:05:71:81:9d:b4:
-                    95:19:a9:5f:76:34:2e:63:37:35:57:8e:b4:1f:42:
-                    3f:15:5c:e1:7a:c1:5f:13:18:32:31:c9:ad:be:a3:
-                    c7:83:66:1e:b9:9c:04:13:cb:69:c1:06:de:30:06:
-                    bb:33:a3:b5:1f:f0:8f:6f:ce:ff:96:e8:54:be:66:
-                    80:ae:6b:db:41:84:36:a2:3d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A1:AD:31:B1:F9:3E:E1:17:A6:C8:AB:34:FC:52:87:09:1E:62:52:41
-            X509v3 Authority Key Identifier: 
-                keyid:A1:AD:31:B1:F9:3E:E1:17:A6:C8:AB:34:FC:52:87:09:1E:62:52:41
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA Chained CAs Certification Authority/CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                Chained CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002CAC.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationCAC.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalCAC.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyCAC.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002CAC.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002CAC.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        44:72:30:9d:56:58:a2:41:1b:28:b7:95:e1:a6:1a:95:5f:a7:
-        78:40:2b:ef:db:96:4a:fc:4c:71:63:d9:73:95:bd:02:e2:a2:
-        06:c7:be:97:2a:93:80:34:86:03:fa:dc:d8:3d:1e:07:cd:1e:
-        73:43:24:60:f5:1d:61:dc:dc:96:a0:bc:fb:1d:e3:e7:12:00:
-        27:33:02:c0:c0:2b:53:3d:d8:6b:03:81:a3:db:d6:93:95:20:
-        ef:d3:96:7e:26:90:89:9c:26:9b:cd:6f:66:ab:ed:03:22:44:
-        38:cc:59:bd:9f:db:f6:07:a2:01:7f:26:c4:63:f5:25:42:5e:
-        62:bd
-MD5 Fingerprint=8D:72:51:DB:A0:3A:CF:20:77:DF:F2:65:06:5E:DF:EF
 -----BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEzMDEGA1UECxMq
-SVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTMwMQYD
-VQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
-HjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczAeFw0wMTEyMjkwMDUzNTha
-Fw0yNTEyMjcwMDUzNThaMIIBHDELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl
-bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQg
-cHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMu
-ZXMgQy5JLkYuICBCLTYwOTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBD
-QXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFp
-bmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYP
-aXBzQG1haWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJ
-spQgvJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB
-hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQTy2nB
-Bt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8wHQYDVR0O
-BBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCCAUGAFKGtMbH5
-PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQGEwJFUzESMBAGA1UE
-CBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJ
-bnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0Bt
-YWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxMzAxBgNVBAsTKklQUyBDQSBD
-aGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAxMqSVBT
-IENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
-hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E
-BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
-CCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYB
-BAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw
-EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBC
-BglghkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg
-aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlw
-cy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5pcHMuZXMv
-aXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3
-dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/MDkGCWCGSAGG+EIB
-BwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3JlbmV3YWxDQUMuaHRtbD8w
-NwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5
-Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYoaHR0cDovL3d3dy5pcHMuZXMvaXBz
-MjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCgLoYsaHR0cDovL3d3d2JhY2suaXBzLmVz
-L2lwczIwMDIvaXBzMjAwMkNBQy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
-BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1W
-WKJBGyi3leGmGpVfp3hAK+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfN
-HnNDJGD1HWHc3JagvPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvN
-b2ar7QMiRDjMWb2f2/YHogF/JsRj9SVCXmK9
+MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
+ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
+TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
+NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
+IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
+VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
+Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
+N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
+iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
+YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
+axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
+yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
+AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
+ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
+VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
+BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
+IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
+QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
+ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
+YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
+QErNaLly7HF27FSOH4UMAWr6pjisH8SE
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE1 Certification Authority, CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 00:59:38 2001 GMT
-            Not After : Dec 27 00:59:38 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE1 Certification Authority, CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e0:51:27:a7:0b:dd:af:d1:b9:43:5b:82:37:45:
-                    56:72:ef:9a:b6:c2:12:ef:2c:12:cc:76:f9:06:59:
-                    af:5d:21:d4:d2:5a:b8:a0:d4:f3:6a:fd:ca:69:8d:
-                    66:48:f7:74:e6:ee:36:bd:e8:96:91:75:a6:71:28:
-                    ca:e7:22:12:32:69:b0:3e:1e:6b:f4:50:52:62:62:
-                    fd:63:3b:7d:7e:ec:ee:38:ea:62:f4:6c:a8:71:8d:
-                    e1:e9:8b:c9:3f:c6:b5:cd:94:42:6f:dd:82:45:3c:
-                    e8:df:09:e8:ef:0a:55:a9:56:47:61:4c:49:64:73:
-                    10:28:3f:ca:bf:09:ff:c6:2f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                EB:B3:19:79:F3:C1:A5:1C:AC:DC:BA:1F:66:A2:B2:9B:69:D0:78:08
-            X509v3 Authority Key Identifier: 
-                keyid:EB:B3:19:79:F3:C1:A5:1C:AC:DC:BA:1F:66:A2:B2:9B:69:D0:78:08
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASE1 Certification Authority/CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                CLASE1 CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002CLASE1.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationCLASE1.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalCLASE1.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyCLASE1.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002CLASE1.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002CLASE1.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        2b:d0:eb:fd:da:c8:ca:59:6a:da:d3:cc:32:2e:c9:54:1b:8a:
-        62:7e:15:2d:e9:d9:31:d3:2e:f4:27:23:ff:5b:ab:c5:4a:b6:
-        72:40:ae:53:74:f4:bc:05:b4:c6:d9:c8:c9:77:fb:b7:f9:34:
-        7f:78:00:f8:d6:a4:e4:52:3f:2c:4a:63:57:81:75:5a:8e:e8:
-        8c:fb:02:c0:94:c6:29:ba:b3:dc:1c:e8:b2:af:d2:2e:62:5b:
-        1a:a9:8e:0e:cc:c5:57:45:51:14:e9:4e:1c:88:a5:91:f4:a3:
-        f7:8e:51:c8:a9:be:86:33:3e:e6:2f:48:6e:af:54:90:4e:ad:
-        b1:25
-MD5 Fingerprint=84:90:1D:95:30:49:56:FC:41:81:F0:45:D7:76:C4:6B
 -----BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
-SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
-SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
-DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAwNTkzOFoXDTI1MTIyNzAw
-NTkzOFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
-VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
-IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
-IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywS
-zHb5BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS
-YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJZHMQ
-KD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzcuh9morKb
-adB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKbadB4CKGCARqk
-ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
-BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
-ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
-LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
-VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
-BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
-FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
-AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRp
-ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
-dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMD8GCWCG
-SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
-TEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
-L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTEuaHRtbDBzBgNVHR8EbDBq
-MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEu
-Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
-Q0xBU0UxLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
-Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuK
-Yn4VLenZMdMu9Ccj/1urxUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpj
-V4F1Wo7ojPsCwJTGKbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+
-hjM+5i9Ibq9UkE6tsSU=
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE3 Certification Authority, CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 01:01:44 2001 GMT
-            Not After : Dec 27 01:01:44 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASE3 Certification Authority, CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ab:17:fe:0e:b0:c6:68:1b:53:f0:52:be:9f:fa:
-                    da:fa:8b:13:04:bb:01:8f:32:d9:1f:8f:4d:ce:36:
-                    98:da:e4:00:44:8c:28:d8:13:44:2a:a4:6b:4e:17:
-                    24:42:9c:d3:88:a4:41:82:d6:23:fb:8b:c9:86:e5:
-                    b9:a9:82:05:dc:f1:de:1f:e0:0c:99:55:98:f2:38:
-                    ec:6c:9d:20:03:c0:ef:aa:a3:c6:64:04:51:2d:78:
-                    0d:a3:d2:a8:3a:d6:24:4c:e9:96:7a:18:ac:13:23:
-                    22:1b:7c:e8:31:11:b3:5f:09:aa:30:70:71:46:25:
-                    6b:49:71:80:2b:95:01:b2:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                B8:93:FF:2E:CB:DC:2C:8E:A2:E7:7A:FE:36:51:21:A3:98:5B:0C:34
-            X509v3 Authority Key Identifier: 
-                keyid:B8:93:FF:2E:CB:DC:2C:8E:A2:E7:7A:FE:36:51:21:A3:98:5B:0C:34
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASE3 Certification Authority/CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                CLASE3 CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002CLASE3.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationCLASE3.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalCLASE3.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyCLASE3.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002CLASE3.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002CLASE3.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        17:65:5c:99:95:43:03:27:af:26:e5:eb:d0:b3:17:23:f7:43:
-        aa:c7:f0:7d:ec:0f:c6:a9:ae:ae:96:0f:76:29:1c:e2:06:2d:
-        7e:26:c5:3c:fa:a1:c1:81:ce:53:b0:42:d1:97:57:1a:17:7e:
-        a4:51:61:c6:ee:e9:5e:ef:05:ba:eb:bd:0f:a7:92:6f:d8:a3:
-        06:68:29:8e:79:f5:ff:bf:f9:a7:af:e4:b1:ce:c2:d1:80:42:
-        27:05:04:34:f8:c3:7f:16:78:23:0c:07:24:f2:46:47:ad:3b:
-        54:d0:af:d5:31:b2:af:7d:c8:ea:e9:d4:56:d9:0e:13:b2:c5:
-        45:50
-MD5 Fingerprint=42:76:97:68:CF:A6:B4:38:24:AA:A1:1B:F2:67:DE:CA
 -----BEGIN CERTIFICATE-----
-MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl
-SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl
-SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3
-DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMDE0NFoXDTI1MTIyNzAx
-MDE0NFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD
-VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n
-IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g
-IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN
-BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZ
-H49NzjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY
-8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBxRiVr
-SXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLnev42USGj
-mFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGjmFsMNKGCARqk
-ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE
-BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT
-ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC
-LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD
-VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr
-BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB
-FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC
-AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB
-D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRp
-ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC
-BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito
-dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMD8GCWCG
-SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D
-TEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw
-czIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov
-L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTMuaHRtbDBzBgNVHR8EbDBq
-MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMu
-Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy
-Q0xBU0UzLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v
-Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dD
-qsfwfewPxqmurpYPdikc4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9
-D6eSb9ijBmgpjnn1/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGy
-r33I6unUVtkOE7LFRVA=
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
+H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
+4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
+EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
+FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
+lA==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA1 Certification Authority, CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 01:05:32 2001 GMT
-            Not After : Dec 27 01:05:32 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA1 Certification Authority, CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bb:30:d7:dc:d0:54:bd:35:4e:9f:c5:4c:82:ea:
-                    d1:50:3c:47:98:fc:9b:69:9d:77:cd:6e:e0:3f:ee:
-                    eb:32:5f:5f:9f:d2:d0:79:e5:95:73:44:21:32:e0:
-                    0a:db:9d:d7:ce:8d:ab:52:8b:2b:78:e0:9b:5b:7d:
-                    f4:fd:6d:09:e5:ae:e1:6c:1d:07:23:a0:17:d1:f9:
-                    7d:a8:46:46:91:22:a8:b2:69:c6:ad:f7:f5:f5:94:
-                    a1:30:94:bd:00:cc:44:7f:ee:c4:9e:c9:c1:e6:8f:
-                    0a:36:c1:fd:24:3d:01:a0:f5:7b:e2:7c:78:66:43:
-                    8b:4f:59:f2:9b:d9:fa:49:b3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                67:26:96:E7:A1:BF:D8:B5:03:9D:FE:3B:DC:FE:F2:8A:E6:15:DD:30
-            X509v3 Authority Key Identifier: 
-                keyid:67:26:96:E7:A1:BF:D8:B5:03:9D:FE:3B:DC:FE:F2:8A:E6:15:DD:30
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASEA1 Certification Authority/CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                CLASEA1 CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002CLASEA1.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationCLASEA1.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalCLASEA1.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyCLASEA1.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002CLASEA1.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002CLASEA1.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        7e:ba:8a:ac:80:00:84:15:0a:d5:98:51:0c:64:c5:9c:02:58:
-        83:66:ca:ad:1e:07:cd:7e:6a:da:80:07:df:03:34:4a:1c:93:
-        c4:4b:58:20:35:36:71:ed:a2:0a:35:12:a5:a6:65:a7:85:69:
-        0a:0e:e3:61:ee:ea:be:28:93:33:d5:ec:e8:be:c4:db:5f:7f:
-        a8:f9:63:31:c8:6b:96:e2:29:c2:5b:a0:e7:97:36:9d:77:5e:
-        31:6b:fe:d3:a7:db:2a:db:db:96:8b:1f:66:de:b6:03:c0:2b:
-        b3:78:d6:55:07:e5:8f:39:50:de:07:23:72:e6:bd:20:14:4b:
-        b4:86
-MD5 Fingerprint=0C:F8:9E:17:FC:D4:03:BD:E6:8D:9B:3C:05:87:FE:84
 -----BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
-SVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
-hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNTMyWhcNMjUxMjI3
-MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
-BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
-bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
-LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8
-m2mdd81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd
-ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1e+J8
-eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/2LUDnf47
-3P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf473P7yiuYV3TCh
-ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
-BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
-bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
-LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
-AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
-BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
-BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
-hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
-EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBD
-QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
-AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j
-cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
-b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
-aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRtbD8wOwYJYIZIAYb4QgEI
-BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMS5odG1s
-MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
-MjAwMkNMQVNFQTEuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
-MjAwMi9pcHMyMDAyQ0xBU0VBMS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
-BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyA
-AIQVCtWYUQxkxZwCWINmyq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeF
-aQoO42Hu6r4okzPV7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aL
-H2betgPAK7N41lUH5Y85UN4HI3LmvSAUS7SG
+MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J
+h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul
+uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68
+DzFc6PLZ
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA3 Certification Authority, CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 01:07:50 2001 GMT
-            Not After : Dec 27 01:07:50 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA CLASEA3 Certification Authority, CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ee:80:00:f6:1a:64:2e:ad:6a:c8:83:b1:8b:a7:
-                    ee:8f:d9:b6:db:cd:1b:bb:86:06:22:76:33:0c:12:
-                    6d:48:56:61:d2:dc:82:25:62:2f:9f:d2:69:30:65:
-                    03:42:23:58:bc:47:dc:6b:d6:75:5d:17:3c:e1:ff:
-                    f2:58:67:79:a0:c1:81:b1:d4:56:a2:f2:8d:11:99:
-                    fd:f6:7d:f1:c7:c4:5e:02:2a:9a:e2:4a:b5:13:8a:
-                    00:fd:8c:77:86:e6:d7:94:f5:20:75:2e:0e:4c:bf:
-                    74:c4:3f:81:3e:83:b4:a3:38:36:29:e7:e8:2a:f5:
-                    8c:88:41:aa:80:a6:e3:6c:ef
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                1E:9F:57:50:47:B6:61:93:39:D3:2C:FC:DA:5D:3D:05:75:B7:99:02
-            X509v3 Authority Key Identifier: 
-                keyid:1E:9F:57:50:47:B6:61:93:39:D3:2C:FC:DA:5D:3D:05:75:B7:99:02
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA CLASEA3 Certification Authority/CN=IPS CA CLASEA3 Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                CLASEA3 CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002CLASEA3.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationCLASEA3.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalCLASEA3.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyCLASEA3.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002CLASEA3.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002CLASEA3.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        4a:3d:20:47:1a:da:89:f4:7a:2b:31:79:ec:01:c0:cc:01:f5:
-        d6:c1:fc:c8:c3:f3:50:02:51:90:58:2a:9f:e7:35:09:5b:30:
-        0a:81:00:25:47:af:d4:0f:0e:9e:60:26:a8:95:a7:83:08:df:
-        2d:ac:e9:0e:f7:9c:c8:9f:cb:93:45:f1:ba:6a:c6:67:51:4a:
-        69:4f:6b:fe:7d:0b:2f:52:29:c2:50:ad:24:44:ed:23:b3:48:
-        cb:44:40:c1:03:95:0c:0a:78:06:12:01:f5:91:31:2d:49:8d:
-        bb:3f:45:4e:2c:e0:e8:cd:b5:c9:14:15:0c:e3:07:83:9b:26:
-        75:ef
-MD5 Fingerprint=06:F9:EB:EC:CC:56:9D:88:BA:90:F5:BA:B0:1A:E0:02
 -----BEGIN CERTIFICATE-----
-MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm
-SVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT
-JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI
-hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNzUwWhcNMjUxMjI3
-MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
-BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
-bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
-LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvN
-G7uGBiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU
-VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4Ninn
-6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2YZM50yz8
-2l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz82l09BXW3mQKh
-ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ
-BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp
-bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G
-LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC
-AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF
-BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB
-BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg
-hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud
-EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBD
-QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG
-SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC
-AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j
-cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2
-b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu
-aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRtbD8wOwYJYIZIAYb4QgEI
-BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMy5odG1s
-MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz
-MjAwMkNMQVNFQTMuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz
-MjAwMi9pcHMyMDAyQ0xBU0VBMy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
-BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca
-2on0eisxeewBwMwB9dbB/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI
-3y2s6Q73nMify5NF8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYS
-AfWRMS1Jjbs/RU4s4OjNtckUFQzjB4ObJnXv
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=ES, ST=BARCELONA, L=BARCELONA, O=IPS Seguridad CA, OU=Certificaciones, CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Jan  1 23:21:07 1998 GMT
-            Not After : Dec 29 23:21:07 2009 GMT
-        Subject: C=ES, ST=BARCELONA, L=BARCELONA, O=IPS Seguridad CA, OU=Certificaciones, CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ac:4f:52:74:9f:39:ea:8e:dc:25:c4:bc:98:5d:
-                    98:64:24:09:3c:21:b3:cc:19:b5:8e:94:8e:87:d1:
-                    f8:37:3e:a1:c8:2d:58:a4:80:35:5b:a1:75:6c:1d:
-                    45:0c:1f:61:63:6a:5e:6f:9b:0a:4c:c1:c8:b8:61:
-                    23:35:81:ff:fe:ac:78:70:2d:68:e1:3a:07:98:95:
-                    02:54:dd:cd:23:b7:80:53:d7:c8:37:45:72:06:24:
-                    12:ba:13:61:21:8a:6e:75:28:e0:c5:0f:34:fd:36:
-                    d8:45:7f:e1:b8:36:ef:b3:e1:c6:20:8e:e8:b4:38:
-                    bc:e1:3e:f6:11:de:8c:9d:01
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        2c:f3:c3:79:58:24:de:c6:3b:d1:e0:42:69:b8:ee:64:b3:3d:
-        62:01:b9:b3:84:df:23:7d:dd:98:cf:10:a9:fe:00:d8:22:96:
-        05:13:07:54:57:c5:a7:de:cb:d9:b8:88:42:f6:99:db:14:77:
-        1f:b6:fe:25:3d:e1:a2:3e:03:a9:81:d2:2d:6c:47:f5:96:46:
-        8c:22:ab:c8:cc:0d:0e:97:5e:8b:41:b4:3b:c4:0a:06:40:1d:
-        dd:46:f4:01:dd:ba:82:2e:3c:3d:78:70:9e:7c:18:d0:ab:f8:
-        b8:77:07:46:71:f1:ca:0b:63:5c:6a:f9:72:94:d5:01:4f:a0:
-        db:42
-MD5 Fingerprint=7B:B5:08:99:9A:8C:18:BF:85:27:7D:0E:AE:DA:B2:AB
 -----BEGIN CERTIFICATE-----
-MIICtzCCAiACAQAwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVTMRIwEAYD
-VQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UEChMQSVBT
-IFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcwFQYDVQQD
-Ew5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVz
-MB4XDTk4MDEwMTIzMjEwN1oXDTA5MTIyOTIzMjEwN1owgaMxCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UE
-ChMQSVBTIFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcw
-FQYDVQQDEw5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu
-aXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsT1J0nznqjtwlxLyY
-XZhkJAk8IbPMGbWOlI6H0fg3PqHILVikgDVboXVsHUUMH2Fjal5vmwpMwci4YSM1
-gf/+rHhwLWjhOgeYlQJU3c0jt4BT18g3RXIGJBK6E2Ehim51KODFDzT9NthFf+G4
-Nu+z4cYgjui0OLzhPvYR3oydAQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACzzw3lY
-JN7GO9HgQmm47mSzPWIBubOE3yN93ZjPEKn+ANgilgUTB1RXxafey9m4iEL2mdsU
-dx+2/iU94aI+A6mB0i1sR/WWRowiq8jMDQ6XXotBtDvECgZAHd1G9AHduoIuPD14
-cJ58GNCr+Lh3B0Zx8coLY1xq+XKU1QFPoNtC
+MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
+YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
+FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
+J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
+r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Timestamping Certification Authority, CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
-        Validity
-            Not Before: Dec 29 01:10:18 2001 GMT
-            Not After : Dec 27 01:10:18 2025 GMT
-        Subject: C=ES, ST=Barcelona, L=Barcelona, O=IPS Internet publishing Services s.l., O=ips@mail.ips.es C.I.F.  B-60929452, OU=IPS CA Timestamping Certification Authority, CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bc:b8:ee:56:a5:9a:8c:e6:36:c9:c2:62:a0:66:
-                    81:8d:1a:d5:7a:d2:73:9f:0e:84:64:ba:95:b4:90:
-                    a7:78:af:ca:fe:54:61:5b:ce:b2:20:57:01:ae:44:
-                    92:43:10:38:11:f7:68:fc:17:40:a5:68:27:32:3b:
-                    c4:a7:e6:42:71:c5:99:ef:76:ff:2b:95:24:f5:49:
-                    92:18:68:ca:00:b5:a4:5a:2f:6e:cb:d6:1b:2c:0d:
-                    54:67:6b:7a:29:a1:58:ab:a2:5a:00:d6:5b:bb:18:
-                    c2:df:f6:1e:13:56:76:9b:a5:68:e2:98:ce:c6:03:
-                    8a:34:db:4c:83:41:a6:a9:a3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                8B:D0:10:50:09:81:F2:9D:09:D5:0E:60:78:03:22:A2:3F:C8:CA:66
-            X509v3 Authority Key Identifier: 
-                keyid:8B:D0:10:50:09:81:F2:9D:09:D5:0E:60:78:03:22:A2:3F:C8:CA:66
-                DirName:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F.  B-60929452/OU=IPS CA Timestamping Certification Authority/CN=IPS CA Timestamping Certification Authority/emailAddress=ips@mail.ips.es
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Certificate Sign, CRL Sign, Encipher Only, Decipher Only
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Encrypted File System
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:ips@mail.ips.es
-            X509v3 Issuer Alternative Name: 
-                email:ips@mail.ips.es
-            Netscape Comment: 
-                Timestamping CA Certificate issued by http://www.ips.es/
-            Netscape Base Url: 
-                http://www.ips.es/ips2002/
-            Netscape CA Revocation Url: 
-                http://www.ips.es/ips2002/ips2002Timestamping.crl
-            Netscape Revocation Url: 
-                http://www.ips.es/ips2002/revocationTimestamping.html?
-            Netscape Renewal Url: 
-                http://www.ips.es/ips2002/renewalTimestamping.html?
-            Netscape CA Policy Url: 
-                http://www.ips.es/ips2002/policyTimestamping.html
-            X509v3 CRL Distribution Points: 
-                URI:http://www.ips.es/ips2002/ips2002Timestamping.crl
-                URI:http://wwwback.ips.es/ips2002/ips2002Timestamping.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://ocsp.ips.es/
-
-    Signature Algorithm: sha1WithRSAEncryption
-        65:ba:c1:cc:00:1a:95:91:ca:e9:6c:3a:bf:3a:1e:14:08:7c:
-        fb:83:ee:6b:62:51:d3:33:91:b5:60:79:7e:04:d8:5d:79:37:
-        e8:c3:5b:b0:c4:67:2d:68:5a:b2:5f:0e:0a:fa:cd:3f:3a:45:
-        a1:ea:36:cf:26:1e:a7:11:28:c5:94:8f:84:4c:53:08:c5:93:
-        b3:fc:e2:7f:f5:8d:f3:b1:a9:85:5f:88:de:91:96:ee:17:5b:
-        ae:a5:ea:70:65:78:2c:21:64:01:95:ce:ce:4c:3e:50:f4:b6:
-        59:cb:63:8d:b6:bd:18:d4:87:4a:5f:dc:ef:e9:56:f0:0a:0c:
-        e8:75
-MD5 Fingerprint=2E:03:FD:C5:F5:D7:2B:94:64:C1:BE:89:31:F1:16:9B
 -----BEGIN CERTIFICATE-----
-MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYTAkVT
-MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE
-ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE
-ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjE0MDIGA1UECxMr
-SVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE0MDIG
-A1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMTAx
-OFoXDTI1MTIyNzAxMTAxOFowggEeMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFy
-Y2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5l
-dCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlw
-cy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3Rh
-bXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBU
-aW1lc3RhbXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0B
-CQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-vLjuVqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4
-Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6KaFY
-q6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAwggR8MB0G
-A1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSCAUcwggFDgBSL
-0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkGA1UEBhMCRVMxEjAQ
-BgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJ
-UFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJp
-cHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMTQwMgYDVQQLEytJUFMg
-Q0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTQwMgYDVQQD
-EytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4w
-HAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM
-BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB
-BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB
-FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYD
-VR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlw
-cy5lczBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl
-IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwWGmh0
-dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFodHRwOi8v
-d3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMEUGCWCG
-SAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25U
-aW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUWM2h0dHA6Ly93d3cuaXBz
-LmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGluZy5odG1sPzBABglghkgBhvhC
-AQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lUaW1lc3RhbXBp
-bmcuaHRtbDB/BgNVHR8EeDB2MDegNaAzhjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMy
-MDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFj
-ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEF
-BQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI
-hvcNAQEFBQADgYEAZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk3
-6MNbsMRnLWhasl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I
-3pGW7hdbrqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU=
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 985026699 (0x3ab6508b)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
-        Validity
-            Not Before: Mar 19 18:33:33 2001 GMT
-            Not After : Mar 17 18:33:33 2021 GMT
-        Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bf:61:b5:95:53:ba:57:fc:fa:f2:67:0b:3a:1a:
-                    df:11:80:64:95:b4:d1:bc:cd:7a:cf:f6:29:96:2e:
-                    24:54:40:24:38:f7:1a:85:dc:58:4c:cb:a4:27:42:
-                    97:d0:9f:83:8a:c3:e4:06:03:5b:00:a5:51:1e:70:
-                    04:74:e2:c1:d4:3a:ab:d7:ad:3b:07:18:05:8e:fd:
-                    83:ac:ea:66:d9:18:1b:68:8a:f5:57:1a:98:ba:f5:
-                    ed:76:3d:7c:d9:de:94:6a:3b:4b:17:c1:d5:8f:bd:
-                    65:38:3a:95:d0:3d:55:36:4e:df:79:57:31:2a:1e:
-                    d8:59:65:49:58:20:98:7e:ab:5f:7e:9f:e9:d6:4d:
-                    ec:83:74:a9:c7:6c:d8:ee:29:4a:85:2a:06:14:f9:
-                    54:e6:d3:da:65:07:8b:63:37:12:d7:d0:ec:c3:7b:
-                    20:41:44:a3:ed:cb:a0:17:e1:71:65:ce:1d:66:31:
-                    f7:76:01:19:c8:7d:03:58:b6:95:49:1d:a6:12:26:
-                    e8:c6:0c:76:e0:e3:66:cb:ea:5d:a6:26:ee:e5:cc:
-                    5f:bd:67:a7:01:27:0e:a2:ca:54:c5:b1:7a:95:1d:
-                    71:1e:4a:29:8a:03:dc:6a:45:c1:a4:19:5e:6f:36:
-                    cd:c3:a2:b0:b7:fe:5c:38:e2:52:bc:f8:44:43:e6:
-                    90:bb
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Authority Information Access: 
-                OCSP - URI:https://ocsp.quovadisoffshore.com
-
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.8024.0.1
-                  User Notice:
-                    Explicit Text: Reliance on the QuoVadis Root Certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certification practices, and the QuoVadis Certificate Policy.
-                  CPS: http://www.quovadis.bm
-
-            X509v3 Subject Key Identifier: 
-                8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF
-            X509v3 Authority Key Identifier: 
-                keyid:8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF
-                DirName:/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
-                serial:3A:B6:50:8B
-
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        8a:d4:14:b5:fe:f4:9a:92:a7:19:d4:a4:7e:72:18:8f:d9:68:
-        7c:52:24:dd:67:6f:39:7a:c4:aa:5e:3d:e2:58:b0:4d:70:98:
-        84:61:e8:1b:e3:69:18:0e:ce:fb:47:50:a0:4e:ff:f0:24:1f:
-        bd:b2:ce:f5:27:fc:ec:2f:53:aa:73:7b:03:3d:74:6e:e6:16:
-        9e:eb:a5:2e:c4:bf:56:27:50:2b:62:ba:be:4b:1c:3c:55:5c:
-        41:1d:24:be:82:20:47:5d:d5:44:7e:7a:16:68:df:7d:4d:51:
-        70:78:57:1d:33:1e:fd:02:99:9c:0c:cd:0a:05:4f:c7:bb:8e:
-        a4:75:fa:4a:6d:b1:80:8e:09:56:b9:9c:1a:60:fe:5d:c1:d7:
-        7a:dc:11:78:d0:d6:5d:c1:b7:d5:ad:32:99:03:3a:8a:cc:54:
-        25:39:31:81:7b:13:22:51:ba:46:6c:a1:bb:9e:fa:04:6c:49:
-        26:74:8f:d2:73:eb:cc:30:a2:e6:ea:59:22:87:f8:97:f5:0e:
-        fd:ea:cc:92:a4:16:c4:52:18:ea:21:ce:b1:f1:e6:84:81:e5:
-        ba:a9:86:28:f2:43:5a:5d:12:9d:ac:1e:d9:a8:e5:0a:6a:a7:
-        7f:a0:87:29:cf:f2:89:4d:d4:ec:c5:e2:e6:7a:d0:36:23:8a:
-        4a:74:36:f9
-MD5 Fingerprint=27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
 -----BEGIN CERTIFICATE-----
-MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
-TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
-MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
-IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
-dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
-li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
-rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
-WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
-F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
-xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
-Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
-dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
-ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
-IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
-c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
-ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
-Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
-KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
-KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
-y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
-dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
-VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
-fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
-7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
-cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
-mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
-SnQ2+Q==
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
-        Validity
-            Not Before: Sep 30 04:20:49 2003 GMT
-            Not After : Sep 30 04:20:49 2023 GMT
-        Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b3:b3:fe:7f:d3:6d:b1:ef:16:7c:57:a5:0c:6d:
-                    76:8a:2f:4b:bf:64:fb:4c:ee:8a:f0:f3:29:7c:f5:
-                    ff:ee:2a:e0:e9:e9:ba:5b:64:22:9a:9a:6f:2c:3a:
-                    26:69:51:05:99:26:dc:d5:1c:6a:71:c6:9a:7d:1e:
-                    9d:dd:7c:6c:c6:8c:67:67:4a:3e:f8:71:b0:19:27:
-                    a9:09:0c:a6:95:bf:4b:8c:0c:fa:55:98:3b:d8:e8:
-                    22:a1:4b:71:38:79:ac:97:92:69:b3:89:7e:ea:21:
-                    68:06:98:14:96:87:d2:61:36:bc:6d:27:56:9e:57:
-                    ee:c0:c0:56:fd:32:cf:a4:d9:8e:c2:23:d7:8d:a8:
-                    f3:d8:25:ac:97:e4:70:38:f4:b6:3a:b4:9d:3b:97:
-                    26:43:a3:a1:bc:49:59:72:4c:23:30:87:01:58:f6:
-                    4e:be:1c:68:56:66:af:cd:41:5d:c8:b3:4d:2a:55:
-                    46:ab:1f:da:1e:e2:40:3d:db:cd:7d:b9:92:80:9c:
-                    37:dd:0c:96:64:9d:dc:22:f7:64:8b:df:61:de:15:
-                    94:52:15:a0:7d:52:c9:4b:a8:21:c9:c6:b1:ed:cb:
-                    c3:95:60:d1:0f:f0:ab:70:f8:df:cb:4d:7e:ec:d6:
-                    fa:ab:d9:bd:7f:54:f2:a5:e9:79:fa:d9:d6:76:24:
-                    28:73
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        68:40:a9:a8:bb:e4:4f:5d:79:b3:05:b5:17:b3:60:13:eb:c6:
-        92:5d:e0:d1:d3:6a:fe:fb:be:9b:6d:bf:c7:05:6d:59:20:c4:
-        1c:f0:b7:da:84:58:02:63:fa:48:16:ef:4f:a5:0b:f7:4a:98:
-        f2:3f:9e:1b:ad:47:6b:63:ce:08:47:eb:52:3f:78:9c:af:4d:
-        ae:f8:d5:4f:cf:9a:98:2a:10:41:39:52:c4:dd:d9:9b:0e:ef:
-        93:01:ae:b2:2e:ca:68:42:24:42:6c:b0:b3:3a:3e:cd:e9:da:
-        48:c4:15:cb:e9:f9:07:0f:92:50:49:8a:dd:31:97:5f:c9:e9:
-        37:aa:3b:59:65:97:94:32:c9:b3:9f:3e:3a:62:58:c5:49:ad:
-        62:0e:71:a5:32:aa:2f:c6:89:76:43:40:13:13:67:3d:a2:54:
-        25:10:cb:f1:3a:f2:d9:fa:db:49:56:bb:a6:fe:a7:41:35:c3:
-        e0:88:61:c9:88:c7:df:36:10:22:98:59:ea:b0:4a:fb:56:16:
-        73:6e:ac:4d:f7:22:a1:4f:ad:1d:7a:2d:45:27:e5:30:c1:5e:
-        f2:da:13:cb:25:42:51:95:47:03:8c:6c:21:cc:74:42:ed:53:
-        ff:33:8b:8f:0f:57:01:16:2f:cf:a6:ee:c9:70:22:14:bd:fd:
-        be:6c:0b:03
-MD5 Fingerprint=F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
 -----BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
-MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
-dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
-WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
-VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
-9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
-DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
-Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
-QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
-xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
-A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
-kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
-Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
-Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
-JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
-RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 36 (0x24)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=FI, O=Sonera, CN=Sonera Class1 CA
-        Validity
-            Not Before: Apr  6 10:49:13 2001 GMT
-            Not After : Apr  6 10:49:13 2021 GMT
-        Subject: C=FI, O=Sonera, CN=Sonera Class1 CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b5:89:1f:2b:4f:67:0a:79:ff:c5:1e:f8:7f:3c:
-                    ed:d1:7e:da:b0:cd:6d:2f:36:ac:34:c6:db:d9:64:
-                    17:08:63:30:33:22:8a:4c:ee:8e:bb:0f:0d:42:55:
-                    c9:9d:2e:a5:ef:f7:a7:8c:c3:ab:b9:97:cb:8e:ef:
-                    3f:15:67:a8:82:72:63:53:0f:41:8c:7d:10:95:24:
-                    a1:5a:a5:06:fa:92:57:9d:fa:a5:01:f2:75:e9:1f:
-                    bc:56:26:52:4e:78:19:65:58:55:03:58:c0:14:ae:
-                    8c:7c:55:5f:70:5b:77:23:06:36:97:f3:24:b5:9a:
-                    46:95:e4:df:0d:0b:05:45:e5:d1:f2:1d:82:bb:c6:
-                    13:e0:fe:aa:7a:fd:69:30:94:f3:d2:45:85:fc:f2:
-                    32:5b:32:de:e8:6c:5d:1f:cb:a4:22:74:b0:80:8e:
-                    5d:94:f7:06:00:4b:a9:d4:5e:2e:35:50:09:f3:80:
-                    97:f4:0c:17:ae:39:d8:5f:cd:33:c1:1c:ca:89:c2:
-                    22:f7:45:12:ed:5e:12:93:9d:63:ab:82:2e:b9:eb:
-                    42:41:44:cb:4a:1a:00:82:0d:9e:f9:8b:57:3e:4c:
-                    c7:17:ed:2c:8b:72:33:5f:72:7a:38:56:d5:e6:d9:
-                    ae:05:1a:1d:75:45:b1:cb:a5:25:1c:12:57:36:fd:
-                    22:37
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                47:E2:0C:8B:F6:53:88:52
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        8b:1a:b2:c9:5d:61:b4:e1:b9:2b:b9:53:d1:b2:85:9d:77:8e:
-        16:ee:11:3d:db:c2:63:d9:5b:97:65:fb:12:67:d8:2a:5c:b6:
-        ab:e5:5e:c3:b7:16:2f:c8:e8:ab:1d:8a:fd:ab:1a:7c:d5:5f:
-        63:cf:dc:b0:dd:77:b9:a8:e6:d2:22:38:87:07:14:d9:ff:be:
-        56:b5:fd:07:0e:3c:55:ca:16:cc:a7:a6:77:37:fb:db:5c:1f:
-        4e:59:06:87:a3:03:43:f5:16:ab:b7:84:bd:4e:ef:9f:31:37:
-        f0:46:f1:40:b6:d1:0c:a5:64:f8:63:5e:21:db:55:4e:4f:31:
-        76:9c:10:61:8e:b6:53:3a:a3:11:be:af:6d:7c:1e:bd:ae:2d:
-        e2:0c:69:c7:85:53:68:a2:61:ba:c5:3e:b4:79:54:78:9e:0a:
-        c7:02:be:62:d1:11:82:4b:65:2f:91:5a:c2:a8:87:b1:56:68:
-        94:79:f9:25:f7:c1:d5:ae:1a:b8:bb:3d:8f:a9:8a:38:15:f7:
-        73:d0:5a:60:d1:80:b0:f0:dc:d5:50:cd:4e:ee:92:48:69:ed:
-        b2:23:1e:30:cc:c8:94:c8:b6:f5:3b:86:7f:3f:a6:2e:9f:f6:
-        3e:2c:b5:92:96:3e:df:2c:93:8a:ff:81:8c:0f:0f:59:21:19:
-        57:bd:55:9a
-MD5 Fingerprint=33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
 -----BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
-MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx
-MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV
-BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG
-29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk
-oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk
-3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL
-qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN
-nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw
-DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX
-ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H
-DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO
-TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv
-kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w
-zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 29 (0x1d)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA
-        Validity
-            Not Before: Apr  6 07:29:40 2001 GMT
-            Not After : Apr  6 07:29:40 2021 GMT
-        Subject: C=FI, O=Sonera, CN=Sonera Class2 CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:90:17:4a:35:9d:ca:f0:0d:96:c7:44:fa:16:37:
-                    fc:48:bd:bd:7f:80:2d:35:3b:e1:6f:a8:67:a9:bf:
-                    03:1c:4d:8c:6f:32:47:d5:41:68:a4:13:04:c1:35:
-                    0c:9a:84:43:fc:5c:1d:ff:89:b3:e8:17:18:cd:91:
-                    5f:fb:89:e3:ea:bf:4e:5d:7c:1b:26:d3:75:79:ed:
-                    e6:84:e3:57:e5:ad:29:c4:f4:3a:28:e7:a5:7b:84:
-                    36:69:b3:fd:5e:76:bd:a3:2d:99:d3:90:4e:23:28:
-                    7d:18:63:f1:54:3b:26:9d:76:5b:97:42:b2:ff:ae:
-                    f0:4e:ec:dd:39:95:4e:83:06:7f:e7:49:40:c8:c5:
-                    01:b2:54:5a:66:1d:3d:fc:f9:e9:3c:0a:9e:81:b8:
-                    70:f0:01:8b:e4:23:54:7c:c8:ae:f8:90:1e:00:96:
-                    72:d4:54:cf:61:23:bc:ea:fb:9d:02:95:d1:b6:b9:
-                    71:3a:69:08:3f:0f:b4:e1:42:c7:88:f5:3f:98:a8:
-                    a7:ba:1c:e0:71:71:ef:58:57:81:50:7a:5c:6b:74:
-                    46:0e:83:03:98:c3:8e:a8:6e:f2:76:32:6e:27:83:
-                    c2:73:f3:dc:18:e8:b4:93:ea:75:44:6b:04:60:20:
-                    71:57:87:9d:f3:be:a0:90:23:3d:8a:24:e1:da:21:
-                    db:c3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                4A:A0:AA:58:84:D3:5E:3C
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-    Signature Algorithm: sha1WithRSAEncryption
-        5a:ce:87:f9:16:72:15:57:4b:1d:d9:9b:e7:a2:26:30:ec:93:
-        67:df:d6:2d:d2:34:af:f7:38:a5:ce:ab:16:b9:ab:2f:7c:35:
-        cb:ac:d0:0f:b4:4c:2b:fc:80:ef:6b:8c:91:5f:36:76:f7:db:
-        b3:1b:19:ea:f4:b2:11:fd:61:71:44:bf:28:b3:3a:1d:bf:b3:
-        43:e8:9f:bf:dc:31:08:71:b0:9d:8d:d6:34:47:32:90:c6:65:
-        24:f7:a0:4a:7c:04:73:8f:39:6f:17:8c:72:b5:bd:4b:c8:7a:
-        f8:7b:83:c3:28:4e:9c:09:ea:67:3f:b2:67:04:1b:c3:14:da:
-        f8:e7:49:24:91:d0:1d:6a:fa:61:39:ef:6b:e7:21:75:06:07:
-        d8:12:b4:21:20:70:42:71:81:da:3c:9a:36:be:a6:5b:0d:6a:
-        6c:9a:1f:91:7b:f9:f9:ef:42:ba:4e:4e:9e:cc:0c:8d:94:dc:
-        d9:45:9c:5e:ec:42:50:63:ae:f4:5d:c4:b1:12:dc:ca:3b:a8:
-        2e:9d:14:5a:05:75:b7:ec:d7:63:e2:ba:35:b6:04:08:91:e8:
-        da:9d:9c:f6:66:b5:18:ac:0a:a6:54:26:34:33:d2:1b:c1:d4:
-        7f:1a:3a:8e:0b:aa:32:6e:db:fc:4f:25:9f:d9:32:c7:96:5a:
-        70:ac:df:4c
-MD5 Fingerprint=A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
 -----BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
-MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
-MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
-BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
-Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
-5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
-3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
-vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
-8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
-DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
-MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
-zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
-3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
-FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
-Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
-ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 10000010 (0x98968a)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
-        Validity
-            Not Before: Dec 17 09:23:49 2002 GMT
-            Not After : Dec 16 09:15:38 2015 GMT
-        Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:98:d2:b5:51:11:7a:81:a6:14:98:71:6d:be:cc:
-                    e7:13:1b:d6:27:0e:7a:b3:6a:18:1c:b6:61:5a:d5:
-                    61:09:bf:de:90:13:c7:67:ee:dd:f3:da:c5:0c:12:
-                    9e:35:55:3e:2c:27:88:40:6b:f7:dc:dd:22:61:f5:
-                    c2:c7:0e:f5:f6:d5:76:53:4d:8f:8c:bc:18:76:37:
-                    85:9d:e8:ca:49:c7:d2:4f:98:13:09:a2:3e:22:88:
-                    9c:7f:d6:f2:10:65:b4:ee:5f:18:d5:17:e3:f8:c5:
-                    fd:e2:9d:a2:ef:53:0e:85:77:a2:0f:e1:30:47:ee:
-                    00:e7:33:7d:44:67:1a:0b:51:e8:8b:a0:9e:50:98:
-                    68:34:52:1f:2e:6d:01:f2:60:45:f2:31:eb:a9:31:
-                    68:29:bb:7a:41:9e:c6:19:7f:94:b4:51:39:03:7f:
-                    b2:de:a7:32:9b:b4:47:8e:6f:b4:4a:ae:e5:af:b1:
-                    dc:b0:1b:61:bc:99:72:de:e4:89:b7:7a:26:5d:da:
-                    33:49:5b:52:9c:0e:f5:8a:ad:c3:b8:3d:e8:06:6a:
-                    c2:d5:2a:0b:6c:7b:84:bd:56:05:cb:86:65:92:ec:
-                    44:2b:b0:8e:b9:dc:70:0b:46:da:ad:bc:63:88:39:
-                    fa:db:6a:fe:23:fa:bc:e4:48:f4:67:2b:6a:11:10:
-                    21:49
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Certificate Policies: 
-                Policy: X509v3 Any Policy
-                  CPS: http://www.pkioverheid.nl/policies/root-policy
-
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                A8:7D:EB:BC:63:A4:74:13:74:00:EC:96:E0:D3:34:C1:2C:BF:6C:F8
-    Signature Algorithm: sha1WithRSAEncryption
-        05:84:87:55:74:36:61:c1:bb:d1:d4:c6:15:a8:13:b4:9f:a4:
-        fe:bb:ee:15:b4:2f:06:0c:29:f2:a8:92:a4:61:0d:fc:ab:5c:
-        08:5b:51:13:2b:4d:c2:2a:61:c8:f8:09:58:fc:2d:02:b2:39:
-        7d:99:66:81:bf:6e:5c:95:45:20:6c:e6:79:a7:d1:d8:1c:29:
-        fc:c2:20:27:51:c8:f1:7c:5d:34:67:69:85:11:30:c6:00:d2:
-        d7:f3:d3:7c:b6:f0:31:57:28:12:82:73:e9:33:2f:a6:55:b4:
-        0b:91:94:47:9c:fa:bb:7a:42:32:e8:ae:7e:2d:c8:bc:ac:14:
-        bf:d9:0f:d9:5b:fc:c1:f9:7a:95:e1:7d:7e:96:fc:71:b0:c2:
-        4c:c8:df:45:34:c9:ce:0d:f2:9c:64:08:d0:3b:c3:29:c5:b2:
-        ed:90:04:c1:b1:29:91:c5:30:6f:c1:a9:72:33:cc:fe:5d:16:
-        17:2c:11:69:e7:7e:fe:c5:83:08:df:bc:dc:22:3a:2e:20:69:
-        23:39:56:60:67:90:8b:2e:76:39:fb:11:88:97:f6:7c:bd:4b:
-        b8:20:16:67:05:8d:e2:3b:c1:72:3f:94:95:37:c7:5d:b9:9e:
-        d8:93:a1:17:8f:ff:0c:66:15:c1:24:7c:32:7c:03:1d:3b:a1:
-        58:45:32:93
-MD5 Fingerprint=60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
 -----BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO
-TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh
-dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy
-MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk
-ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn
-ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71
-9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO
-hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U
-tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o
-BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh
-SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww
-OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv
-cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA
-7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k
-/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm
-eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6
-u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy
-7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
-iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 986490188 (0x3acca54c)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA
-        Validity
-            Not Before: Apr  5 16:33:17 2001 GMT
-            Not After : Apr  5 17:03:17 2021 GMT
-        Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c4:b8:40:bc:91:d5:63:1f:d7:99:a0:8b:0c:40:
-                    1e:74:b7:48:9d:46:8c:02:b2:e0:24:5f:f0:19:13:
-                    a7:37:83:6b:5d:c7:8e:f9:84:30:ce:1a:3b:fa:fb:
-                    ce:8b:6d:23:c6:c3:6e:66:9f:89:a5:df:e0:42:50:
-                    67:fa:1f:6c:1e:f4:d0:05:d6:bf:ca:d6:4e:e4:68:
-                    60:6c:46:aa:1c:5d:63:e1:07:86:0e:65:00:a7:2e:
-                    a6:71:c6:bc:b9:81:a8:3a:7d:1a:d2:f9:d1:ac:4b:
-                    cb:ce:75:af:dc:7b:fa:81:73:d4:fc:ba:bd:41:88:
-                    d4:74:b3:f9:5e:38:3a:3c:43:a8:d2:95:4e:77:6d:
-                    13:0c:9d:8f:78:01:b7:5a:20:1f:03:37:35:e2:2c:
-                    db:4b:2b:2c:78:b9:49:db:c4:d0:c7:9c:9c:e4:8a:
-                    20:09:21:16:56:66:ff:05:ec:5b:e3:f0:cf:ab:24:
-                    24:5e:c3:7f:70:7a:12:c4:d2:b5:10:a0:b6:21:e1:
-                    8d:78:69:55:44:69:f5:ca:96:1c:34:85:17:25:77:
-                    e2:f6:2f:27:98:78:fd:79:06:3a:a2:d6:5a:43:c1:
-                    ff:ec:04:3b:ee:13:ef:d3:58:5a:ff:92:eb:ec:ae:
-                    da:f2:37:03:47:41:b6:97:c9:2d:0a:41:22:bb:bb:
-                    e6:a7
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=DK/O=TDC Internet/OU=TDC Internet Root CA/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Apr  5 16:33:17 2001 GMT, Not After: Apr  5 17:03:17 2021 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50
-
-            X509v3 Subject Key Identifier: 
-                6C:64:01:C7:FD:85:6D:AC:C8:DA:9E:50:08:85:08:B5:3C:56:A8:50
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V5.0:4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        4e:43:cc:d1:dd:1d:10:1b:06:7f:b7:a4:fa:d3:d9:4d:fb:23:
-        9f:23:54:5b:e6:8b:2f:04:28:8b:b5:27:6d:89:a1:ec:98:69:
-        dc:e7:8d:26:83:05:79:74:ec:b4:b9:a3:97:c1:35:00:fd:15:
-        da:39:81:3a:95:31:90:de:97:e9:86:a8:99:77:0c:e5:5a:a0:
-        84:ff:12:16:ac:6e:b8:8d:c3:7b:92:c2:ac:2e:d0:7d:28:ec:
-        b6:f3:60:38:69:6f:3e:d8:04:55:3e:9e:cc:55:d2:ba:fe:bb:
-        47:04:d7:0a:d9:16:0a:34:29:f5:58:13:d5:4f:cf:8f:56:4b:
-        b3:1e:ee:d3:98:79:da:08:1e:0c:6f:b8:f8:16:27:ef:c2:6f:
-        3d:f6:a3:4b:3e:0e:e4:6d:6c:db:3b:41:12:9b:bd:0d:47:23:
-        7f:3c:4a:d0:af:c0:af:f6:ef:1b:b5:15:c4:eb:83:c4:09:5f:
-        74:8b:d9:11:fb:c2:56:b1:3c:f8:70:ca:34:8d:43:40:13:8c:
-        fd:99:03:54:79:c6:2e:ea:86:a1:f6:3a:d4:09:bc:f4:bc:66:
-        cc:3d:58:d0:57:49:0a:ee:25:e2:41:ee:13:f9:9b:38:34:d1:
-        00:f5:7e:e7:94:1d:fc:69:03:62:b8:99:05:05:3d:6b:78:12:
-        bd:b0:6f:65
-MD5 Fingerprint=91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
 -----BEGIN CERTIFICATE-----
-MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE
-SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg
-Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV
-BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl
-cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA
-vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu
-Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a
-0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1
-4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN
-eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD
-R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG
-A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu
-dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME
-Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3
-WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw
-HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ
-KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO
-Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX
-wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+
-2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89
-9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0
-jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38
-aQNiuJkFBT1reBK9sG9l
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1044954564 (0x3e48bdc4)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=DK, O=TDC, CN=TDC OCES CA
-        Validity
-            Not Before: Feb 11 08:39:30 2003 GMT
-            Not After : Feb 11 09:09:30 2037 GMT
-        Subject: C=DK, O=TDC, CN=TDC OCES CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ac:62:f6:61:20:b2:cf:c0:c6:85:d7:e3:79:e6:
-                    cc:ed:f2:39:92:a4:97:2e:64:a3:84:5b:87:9c:4c:
-                    fd:a4:f3:c4:5f:21:bd:56:10:eb:db:2e:61:ec:93:
-                    69:e3:a3:cc:bd:99:c3:05:fc:06:b8:ca:36:1c:fe:
-                    90:8e:49:4c:c4:56:9a:2f:56:bc:cf:7b:0c:f1:6f:
-                    47:a6:0d:43:4d:e2:e9:1d:39:34:cd:8d:2c:d9:12:
-                    98:f9:e3:e1:c1:4a:7c:86:38:c4:a9:c4:61:88:d2:
-                    5e:af:1a:26:4d:d5:e4:a0:22:47:84:d9:64:b7:19:
-                    96:fc:ec:19:e4:b2:97:26:4e:4a:4c:cb:8f:24:8b:
-                    54:18:1c:48:61:7b:d5:88:68:da:5d:b5:ea:cd:1a:
-                    30:c1:80:83:76:50:aa:4f:d1:d4:dd:38:f0:ef:16:
-                    f4:e1:0c:50:06:bf:ea:fb:7a:49:a1:28:2b:1c:f6:
-                    fc:15:32:a3:74:6a:8f:a9:c3:62:29:71:31:e5:3b:
-                    a4:60:17:5e:74:e6:da:13:ed:e9:1f:1f:1b:d1:b2:
-                    68:73:c6:10:34:75:46:10:10:e3:90:00:76:40:cb:
-                    8b:b7:43:09:21:ff:ab:4e:93:c6:58:e9:a5:82:db:
-                    77:c4:3a:99:b1:72:95:49:04:f0:b7:2b:fa:7b:59:
-                    8e:dd
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Certificate Policies: 
-                Policy: 1.2.208.169.1.1.1
-                  CPS: http://www.certifikat.dk/repository
-                  User Notice:
-                    Organization: TDC
-                    Number: 1
-                    Explicit Text: Certifikater fra denne CA udstedes under OID 1.2.208.169.1.1.1. Certificates from this CA are issued under OID 1.2.208.169.1.1.1.
-
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-                DirName:/C=DK/O=TDC/CN=TDC OCES CA/CN=CRL1
-                URI:http://crl.oces.certifikat.dk/oces.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: Feb 11 08:39:30 2003 GMT, Not After: Feb 11 09:09:30 2037 GMT
-            X509v3 Authority Key Identifier: 
-                keyid:60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12
-
-            X509v3 Subject Key Identifier: 
-                60:B5:85:EC:56:64:7E:12:19:27:67:1D:50:15:4B:73:AE:3B:F9:12
-            1.2.840.113533.7.65.0: 
-                0...V6.0:4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-        0a:ba:26:26:46:d3:73:a8:09:f3:6b:0b:30:99:fd:8a:e1:57:
-        7a:11:d3:b8:94:d7:09:10:6e:a3:b1:38:03:d1:b6:f2:43:41:
-        29:62:a7:72:d8:fb:7c:05:e6:31:70:27:54:18:4e:8a:7c:4e:
-        e5:d1:ca:8c:78:88:cf:1b:d3:90:8b:e6:23:f8:0b:0e:33:43:
-        7d:9c:e2:0a:19:8f:c9:01:3e:74:5d:74:c9:8b:1c:03:e5:18:
-        c8:01:4c:3f:cb:97:05:5d:98:71:a6:98:6f:b6:7c:bd:37:7f:
-        be:e1:93:25:6d:6f:f0:0a:ad:17:18:e1:03:bc:07:29:c8:ad:
-        26:e8:f8:61:f0:fd:21:09:7e:9a:8e:a9:68:7d:48:62:72:bd:
-        00:ea:01:99:b8:06:82:51:81:4e:f1:f5:b4:91:54:b9:23:7a:
-        00:9a:9f:5d:8d:e0:3c:64:b9:1a:12:92:2a:c7:82:44:72:39:
-        dc:e2:3c:c6:d8:55:f5:15:4e:c8:05:0e:db:c6:d0:62:a6:ec:
-        15:b4:b5:02:82:db:ac:8c:a2:81:f0:9b:99:31:f5:20:20:a8:
-        88:61:0a:07:9f:94:fc:d0:d7:1b:cc:2e:17:f3:04:27:76:67:
-        eb:54:83:fd:a4:90:7e:06:3d:04:a3:43:2d:da:fc:0b:62:ea:
-        2f:5f:62:53
-MD5 Fingerprint=93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
 -----BEGIN CERTIFICATE-----
-MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE
-SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw
-ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU
-REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr
-2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s
-2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU
-GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj
-dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r
-TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/
-BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB
-AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
-c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl
-ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu
-MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg
-T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud
-HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD
-VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny
-bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy
-MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ
-J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG
-SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom
-JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO
-inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y
-caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB
-mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ
-YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9
-BKNDLdr8C2LqL19iUw==
+MIIDzTCCAzagAwIBAgIQU2GyYK7bcY6nlLMTM/QHCTANBgkqhkiG9w0BAQUFADCB
+wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL
+EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmswHhcNMDAwOTI2MDAwMDAwWhcNMTAwOTI1MjM1OTU5WjCBpTEXMBUGA1UEChMO
+VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
+OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
+b20vcnBhIChjKTAwMSwwKgYDVQQDEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIEF1
+dGhvcml0eSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hmdZ8IAIVli
+zrQJIkRpivglWtvtDbc2fk7gu5Q+kCWHwmFHKdm9VLhjzCx9abQzNvQ3B5rB3UBU
+/OB4naCTuQk9I1F/RMIUdNsKvsvJMDRAmD7Q1yUQgZS9B0+c1lQn3y6ov8uQjI11
+S7zi6ESHzeZBCiVu6PQkAsVSD27smHUCAwEAAaOB3zCB3DAPBgNVHRMECDAGAQH/
+AgEAMEUGA1UdIAQ+MDwwOgYMYIZIAYb4RQEHFwEDMCowKAYIKwYBBQUHAgEWHGh0
+dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
+cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwCwYDVR0PBAQDAgEGMEIGCCsG
+AQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2lnbi5j
+b20vb2NzcC9zdGF0dXMwDQYJKoZIhvcNAQEFBQADgYEAgnBold+2DcIBcBlK0lRW
+HqzyRUyHuPU163hLBanInTsZIS5wNEqi9YngFXVF5yg3ADQnKeg3S/LvRJdrF1Ea
+w1adPBqK9kpGRjeM+sv1ZFo4aC4cw+9wzrhGBha/937ntag+RaypJXUie28/sJyU
+58dzq6wf7iWbwBbtt8pb8BQ=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
-        Validity
-            Not Before: Jun 24 18:57:21 1999 GMT
-            Not After : Jun 24 19:06:30 2019 GMT
-        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:df:ee:58:10:a2:2b:6e:55:c4:8e:bf:2e:46:09:
-                    e7:e0:08:0f:2e:2b:7a:13:94:1b:bd:f6:b6:80:8e:
-                    65:05:93:00:1e:bc:af:e2:0f:8e:19:0d:12:47:ec:
-                    ac:ad:a3:fa:2e:70:f8:de:6e:fb:56:42:15:9e:2e:
-                    5c:ef:23:de:21:b9:05:76:27:19:0f:4f:d6:c3:9c:
-                    b4:be:94:19:63:f2:a6:11:0a:eb:53:48:9c:be:f2:
-                    29:3b:16:e8:1a:a0:4c:a6:c9:f4:18:59:68:c0:70:
-                    f2:53:00:c0:5e:50:82:a5:56:6f:36:f9:4a:e0:44:
-                    86:a0:4d:4e:d6:47:6e:49:4a:cb:67:d7:a6:c4:05:
-                    b9:8e:1e:f4:fc:ff:cd:e7:36:e0:9c:05:6c:b2:33:
-                    22:15:d0:b4:e0:cc:17:c0:b2:c0:f4:fe:32:3f:29:
-                    2a:95:7b:d8:f2:a7:4e:0f:54:7c:a1:0d:80:b3:09:
-                    03:c1:ff:5c:dd:5e:9a:3e:bc:ae:bc:47:8a:6a:ae:
-                    71:ca:1f:b1:2a:b8:5f:42:05:0b:ec:46:30:d1:72:
-                    0b:ca:e9:56:6d:f5:ef:df:78:be:61:ba:b2:a5:ae:
-                    04:4c:bc:a8:ac:69:15:97:bd:ef:eb:b4:8c:bf:35:
-                    f8:d4:c3:d1:28:0e:5c:3a:9f:70:18:33:20:77:c4:
-                    a2:af
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                53:32:D1:B3:CF:7F:FA:E0:F1:A0:5D:85:4E:92:D2:9E:45:1D:B4:4F
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.usertrust.com/UTN-DATACorpSGC.crl
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto
-    Signature Algorithm: sha1WithRSAEncryption
-        27:35:97:00:8a:8b:28:bd:c6:33:30:1e:29:fc:e2:f7:d5:98:
-        d4:40:bb:60:ca:bf:ab:17:2c:09:36:7f:50:fa:41:dc:ae:96:
-        3a:0a:23:3e:89:59:c9:a3:07:ed:1b:37:ad:fc:7c:be:51:49:
-        5a:de:3a:0a:54:08:16:45:c2:99:b1:87:cd:8c:68:e0:69:03:
-        e9:c4:4e:98:b2:3b:8c:16:b3:0e:a0:0c:98:50:9b:93:a9:70:
-        09:c8:2c:a3:8f:df:02:e4:e0:71:3a:f1:b4:23:72:a0:aa:01:
-        df:df:98:3e:14:50:a0:31:26:bd:28:e9:5a:30:26:75:f9:7b:
-        60:1c:8d:f3:cd:50:26:6d:04:27:9a:df:d5:0d:45:47:29:6b:
-        2c:e6:76:d9:a9:29:7d:32:dd:c9:36:3c:bd:ae:35:f1:11:9e:
-        1d:bb:90:3f:12:47:4e:8e:d7:7e:0f:62:73:1d:52:26:38:1c:
-        18:49:fd:30:74:9a:c4:e5:22:2f:d8:c0:8d:ed:91:7a:4c:00:
-        8f:72:7f:5d:da:dd:1b:8b:45:6b:e7:dd:69:97:a8:c5:56:4c:
-        0f:0c:f6:9f:7a:91:37:f6:97:82:e0:dd:71:69:ff:76:3f:60:
-        4d:3c:cf:f7:99:f9:c6:57:f4:c9:55:39:78:ba:2c:79:c9:a6:
-        88:2b:f4:08
-MD5 Fingerprint=B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
 -----BEGIN CERTIFICATE-----
-MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB
-kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw
-IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD
-VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu
-dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6
-E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ
-D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK
-4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq
-lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW
-bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB
-o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT
-MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js
-LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr
-BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB
-AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft
-Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj
-j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH
-KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv
-2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3
-mfnGV/TJVTl4uix5yaaIK/QI
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
-        Validity
-            Not Before: Jul  9 17:28:50 1999 GMT
-            Not After : Jul  9 17:36:58 2019 GMT
-        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b2:39:85:a4:f2:7d:ab:41:3b:62:46:37:ae:cd:
-                    c1:60:75:bc:39:65:f9:4a:1a:47:a2:b9:cc:48:cc:
-                    6a:98:d5:4d:35:19:b9:a4:42:e5:ce:49:e2:8a:2f:
-                    1e:7c:d2:31:07:c7:4e:b4:83:64:9d:2e:29:d5:a2:
-                    64:c4:85:bd:85:51:35:79:a4:4e:68:90:7b:1c:7a:
-                    a4:92:a8:17:f2:98:15:f2:93:cc:c9:a4:32:95:bb:
-                    0c:4f:30:bd:98:a0:0b:8b:e5:6e:1b:a2:46:fa:78:
-                    bc:a2:6f:ab:59:5e:a5:2f:cf:ca:da:6d:aa:2f:eb:
-                    ac:a1:b3:6a:aa:b7:2e:67:35:8b:79:e1:1e:69:88:
-                    e2:e6:46:cd:a0:a5:ea:be:0b:ce:76:3a:7a:0e:9b:
-                    ea:fc:da:27:5b:3d:73:1f:22:e6:48:61:c6:4c:f3:
-                    69:b1:a8:2e:1b:b6:d4:31:20:2c:bc:82:8a:8e:a4:
-                    0e:a5:d7:89:43:fc:16:5a:af:1d:71:d7:11:59:da:
-                    ba:87:0d:af:fa:f3:e1:c2:f0:a4:c5:67:8c:d6:d6:
-                    54:3a:de:0a:a4:ba:03:77:b3:65:c8:fd:1e:d3:74:
-                    62:aa:18:ca:68:93:1e:a1:85:7e:f5:47:65:cb:f8:
-                    4d:57:28:74:d2:34:ff:30:b6:ee:f6:62:30:14:8c:
-                    2c:eb
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                89:82:67:7D:C4:9D:26:70:00:4B:B4:50:48:7C:DE:3D:AE:04:6E:7D
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl
-
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication, E-mail Protection
-    Signature Algorithm: sha1WithRSAEncryption
-        b1:6d:61:5d:a6:1a:7f:7c:ab:4a:e4:30:fc:53:6f:25:24:c6:
-        ca:ed:e2:31:5c:2b:0e:ee:ee:61:55:6f:04:3e:cf:39:de:c5:
-        1b:49:94:e4:eb:20:4c:b4:e6:9e:50:2e:72:d9:8d:f5:aa:a3:
-        b3:4a:da:56:1c:60:97:80:dc:82:a2:ad:4a:bd:8a:2b:ff:0b:
-        09:b4:c6:d7:20:04:45:e4:cd:80:01:ba:ba:2b:6e:ce:aa:d7:
-        92:fe:e4:af:eb:f4:26:1d:16:2a:7f:6c:30:95:37:2f:33:12:
-        ac:7f:dd:c7:d1:11:8c:51:98:b2:d0:a3:91:d0:ad:f6:9f:9e:
-        83:93:1e:1d:42:b8:46:af:6b:66:f0:9b:7f:ea:e3:03:02:e5:
-        02:51:c1:aa:d5:35:9d:72:40:03:89:ba:31:1d:c5:10:68:52:
-        9e:df:a2:85:c5:5c:08:a6:78:e6:53:4f:b1:e8:b7:d3:14:9e:
-        93:a6:c3:64:e3:ac:7e:71:cd:bc:9f:e9:03:1b:cc:fb:e9:ac:
-        31:c1:af:7c:15:74:02:99:c3:b2:47:a6:c2:32:61:d7:c7:6f:
-        48:24:51:27:a1:d5:87:55:f2:7b:8f:98:3d:16:9e:ee:75:b6:
-        f8:d0:8e:f2:f3:c6:ae:28:5b:a7:f0:f3:36:17:fc:c3:05:d3:
-        ca:03:4a:54
-MD5 Fingerprint=D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
 -----BEGIN CERTIFICATE-----
-MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB
-rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt
-Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa
-Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV
-BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
-dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE
-AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B
-YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9
-hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l
-L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm
-SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM
-1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws
-6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw
-Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50
-aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
-AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u
-7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0
-xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ
-rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim
-eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk
-USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ=
+MIIDgDCCAmigAwIBAgICAx4wDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMx
+DTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJuYXRpb25hbCBTZXJ2
+aWNlIEFzc29jaWF0aW9uMRIwEAYDVQQDEwlHUCBSb290IDIwHhcNMDAwODE2MjI1
+MTAwWhcNMjAwODE1MjM1OTAwWjBhMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklT
+QTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRp
+b24xEjAQBgNVBAMTCUdQIFJvb3QgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKkBcLWqxEDwq2omYXkZAPy/mzdZDK9vZBv42pWUJGkzEXDK41Z0ohdX
+ZFwgBuHW73G3O/erwWnQSaSxBNf0V2KJXLB1LRckaeNCYOTudNargFbYiCjh+20i
+/SN8RnNPflRzHqgsVVh1t0zzWkWlAhr62p3DRcMiXvOL8WAp0sdftAw6UYPvMPjU
+58fy+pmjIlC++QU3o63tmsPm7IgbthknGziLgE3sucfFicv8GjLtI/C1AVj59o/g
+halMCXI5Etuz9c9OYmTaxhkVOmMd6RdVoUwiPDQyRvhlV7or7zaMavrZ2UT0qt2E
+1w0cslSsMoW0ZA3eQbuxNMYBhjJk1Z8CAwEAAaNCMEAwHQYDVR0OBBYEFJ59SzS/
+ca3CBfYDdYDOqU8axCRMMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQAhpXYUVfmtJ3CPPPTVbMjMCqujmAuKBiPFyWHb
+mQdpNSYx/scuhMKZYdQN6X0uEyt8joW2hcdLzzW2LEc9zikv2G+fiRxkk78IvXbQ
+kIqUs38oW26sTTMs7WXcFsziza6kPWKSBpUmv9+55CCmc2rBvveURNZNbyoLaxhN
+dBA2aGpawWqn3TYpjLgwi08hPwAuVDAHOrqK5MOeyti12HvOdUVmB/RtLdh6yumJ
+ivIj2C/LbgA2T/vwLwHMD8AiZfSr4k5hLQOCfZEWtTDVFN5ex5D8ofyrEK9ca3Cn
+B+8phuiyJccg/ybdd+95RBTEvd07xQObdyPsoOy7Wjm1zK0G
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-        Validity
-            Not Before: Jul  9 18:10:42 1999 GMT
-            Not After : Jul  9 18:19:22 2019 GMT
-        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b1:f7:c3:38:3f:b4:a8:7f:cf:39:82:51:67:d0:
-                    6d:9f:d2:ff:58:f3:e7:9f:2b:ec:0d:89:54:99:b9:
-                    38:99:16:f7:e0:21:79:48:c2:bb:61:74:12:96:1d:
-                    3c:6a:72:d5:3c:10:67:3a:39:ed:2b:13:cd:66:eb:
-                    95:09:33:a4:6c:97:b1:e8:c6:ec:c1:75:79:9c:46:
-                    5e:8d:ab:d0:6a:fd:b9:2a:55:17:10:54:b3:19:f0:
-                    9a:f6:f1:b1:5d:b6:a7:6d:fb:e0:71:17:6b:a2:88:
-                    fb:00:df:fe:1a:31:77:0c:9a:01:7a:b1:32:e3:2b:
-                    01:07:38:6e:c3:a5:5e:23:bc:45:9b:7b:50:c1:c9:
-                    30:8f:db:e5:2b:7a:d3:5b:fb:33:40:1e:a0:d5:98:
-                    17:bc:8b:87:c3:89:d3:5d:a0:8e:b2:aa:aa:f6:8e:
-                    69:88:06:c5:fa:89:21:f3:08:9d:69:2e:09:33:9b:
-                    29:0d:46:0f:8c:cc:49:34:b0:69:51:bd:f9:06:cd:
-                    68:ad:66:4c:bc:3e:ac:61:bd:0a:88:0e:c8:df:3d:
-                    ee:7c:04:4c:9d:0a:5e:6b:91:d6:ee:c7:ed:28:8d:
-                    ab:4d:87:89:73:d0:6e:a4:d0:1e:16:8b:14:e1:76:
-                    44:03:7f:63:ac:e4:cd:49:9c:c5:92:f4:ab:32:a1:
-                    48:5b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
-
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication, IPSec End System, IPSec Tunnel, IPSec User
-    Signature Algorithm: sha1WithRSAEncryption
-        47:19:0f:de:74:c6:99:97:af:fc:ad:28:5e:75:8e:eb:2d:67:
-        ee:4e:7b:2b:d7:0c:ff:f6:de:cb:55:a2:0a:e1:4c:54:65:93:
-        60:6b:9f:12:9c:ad:5e:83:2c:eb:5a:ae:c0:e4:2d:f4:00:63:
-        1d:b8:c0:6c:f2:cf:49:bb:4d:93:6f:06:a6:0a:22:b2:49:62:
-        08:4e:ff:c8:c8:14:b2:88:16:5d:e7:01:e4:12:95:e5:45:34:
-        b3:8b:69:bd:cf:b4:85:8f:75:51:9e:7d:3a:38:3a:14:48:12:
-        c6:fb:a7:3b:1a:8d:0d:82:40:07:e8:04:08:90:a1:89:cb:19:
-        50:df:ca:1c:01:bc:1d:04:19:7b:10:76:97:3b:ee:90:90:ca:
-        c4:0e:1f:16:6e:75:ef:33:f8:d3:6f:5b:1e:96:e3:e0:74:77:
-        74:7b:8a:a2:6e:2d:dd:76:d6:39:30:82:f0:ab:9c:52:f2:2a:
-        c7:af:49:5e:7e:c7:68:e5:82:81:c8:6a:27:f9:27:88:2a:d5:
-        58:50:95:1f:f0:3b:1c:57:bb:7d:14:39:62:2b:9a:c9:94:92:
-        2a:a3:22:0c:ff:89:26:7d:5f:23:2b:47:d7:15:1d:a9:6a:9e:
-        51:0d:2a:51:9e:81:f9:d4:3b:5e:70:12:7f:10:32:9c:1e:bb:
-        9d:f8:66:a8
-MD5 Fingerprint=4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
 -----BEGIN CERTIFICATE-----
-MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
-lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
-SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
-A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
-MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
-d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
-cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
-0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
-M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
-MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
-oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
-DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
-oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
-dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
-bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
-BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
-//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
-CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
-CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
-3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
-KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
-        Validity
-            Not Before: Jul  9 18:31:20 1999 GMT
-            Not After : Jul  9 18:40:36 2019 GMT
-        Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:ce:aa:81:3f:a3:a3:61:78:aa:31:00:55:95:11:
-                    9e:27:0f:1f:1c:df:3a:9b:82:68:30:c0:4a:61:1d:
-                    f1:2f:0e:fa:be:79:f7:a5:23:ef:55:51:96:84:cd:
-                    db:e3:b9:6e:3e:31:d8:0a:20:67:c7:f4:d9:bf:94:
-                    eb:47:04:3e:02:ce:2a:a2:5d:87:04:09:f6:30:9d:
-                    18:8a:97:b2:aa:1c:fc:41:d2:a1:36:cb:fb:3d:91:
-                    ba:e7:d9:70:35:fa:e4:e7:90:c3:9b:a3:9b:d3:3c:
-                    f5:12:99:77:b1:b7:09:e0:68:e6:1c:b8:f3:94:63:
-                    88:6a:6a:fe:0b:76:c9:be:f4:22:e4:67:b9:ab:1a:
-                    5e:77:c1:85:07:dd:0d:6c:bf:ee:06:c7:77:6a:41:
-                    9e:a7:0f:d7:fb:ee:94:17:b7:fc:85:be:a4:ab:c4:
-                    1c:31:dd:d7:b6:d1:e4:f0:ef:df:16:8f:b2:52:93:
-                    d7:a1:d4:89:a1:07:2e:bf:e1:01:12:42:1e:1a:e1:
-                    d8:95:34:db:64:79:28:ff:ba:2e:11:c2:e5:e8:5b:
-                    92:48:fb:47:0b:c2:6c:da:ad:32:83:41:f3:a5:e5:
-                    41:70:fd:65:90:6d:fa:fa:51:c4:f9:bd:96:2b:19:
-                    04:2c:d3:6d:a7:dc:f0:7f:6f:83:65:e2:6a:ab:87:
-                    86:75
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl
-
-            X509v3 Extended Key Usage: 
-                Code Signing, Time Stamping, Microsoft Encrypted File System
-    Signature Algorithm: sha1WithRSAEncryption
-        08:1f:52:b1:37:44:78:db:fd:ce:b9:da:95:96:98:aa:55:64:
-        80:b5:5a:40:dd:21:a5:c5:c1:f3:5f:2c:4c:c8:47:5a:69:ea:
-        e8:f0:35:35:f4:d0:25:f3:c8:a6:a4:87:4a:bd:1b:b1:73:08:
-        bd:d4:c3:ca:b6:35:bb:59:86:77:31:cd:a7:80:14:ae:13:ef:
-        fc:b1:48:f9:6b:25:25:2d:51:b6:2c:6d:45:c1:98:c8:8a:56:
-        5d:3e:ee:43:4e:3e:6b:27:8e:d0:3a:4b:85:0b:5f:d3:ed:6a:
-        a7:75:cb:d1:5a:87:2f:39:75:13:5a:72:b0:02:81:9f:be:f0:
-        0f:84:54:20:62:6c:69:d4:e1:4d:c6:0d:99:43:01:0d:12:96:
-        8c:78:9d:bf:50:a2:b1:44:aa:6a:cf:17:7a:cf:6f:0f:d4:f8:
-        24:55:5f:f0:34:16:49:66:3e:50:46:c9:63:71:38:31:62:b8:
-        62:b9:f3:53:ad:6c:b5:2b:a2:12:aa:19:4f:09:da:5e:e7:93:
-        c6:8e:14:08:fe:f0:30:80:18:a0:86:85:4d:c8:7d:d7:8b:03:
-        fe:6e:d5:f7:9d:16:ac:92:2c:a0:23:e5:9c:91:52:1f:94:df:
-        17:94:73:c3:b3:c1:c1:71:05:20:00:78:bd:13:52:1d:a8:3e:
-        cd:00:1f:c8
-MD5 Fingerprint=A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
------BEGIN CERTIFICATE-----
-MIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCB
-lTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3Qt
-T2JqZWN0MB4XDTk5MDcwOTE4MzEyMFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAc
-BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
-dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9iamVjdDCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZURnicP
-HxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLO
-KqJdhwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo
-5hy485RjiGpq/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+
-pKvEHDHd17bR5PDv3xaPslKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehb
-kkj7RwvCbNqtMoNB86XlQXD9ZZBt+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUC
-AwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDov
-L2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDApBgNV
-HSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZIhvcN
-AQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujw
-NTX00CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXB
-mMiKVl0+7kNOPmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU
-4U3GDZlDAQ0Slox4nb9QorFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK5
-81OtbLUrohKqGU8J2l7nk8aOFAj+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyR
-Uh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8g=
+MIIETzCCAzegAwIBAgIEO63vKTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIzMTQxODE3WhcNMTEw
+OTIzMTMxODE3WjB1MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWdu
+ZXQgLSBDQSBLbGFzYSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4SRW9Q58g5DY1Hw7h
+gCRKBEdPdGn0MFHsfw7rlu/oQm7IChI/uWd9q5wwo77YojtTDjRnpgZsjqBeynX8T90vFILqsY2K
+5CF1OESalwvVr3sZiQX79lisuFKat92u6hBFikFIVxfHHB67Af+g7u0dEHdDW7lwy81MwFYxBTRy
+9wIDAQABo4IBbTCCAWkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwggEEBgNVHSAE
+gfwwgfkwgfYGDSsGAQQBvj8CAQoBAQAwgeQwgZoGCCsGAQUFBwICMIGNGoGKQ2VydHlmaWthdCB3
+eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtOiAiUG9saXR5a2EgQ2VydHlmaWthY2ppIGRs
+YSBSb290Q0EiLiBDZXJ0eWZpa2F0IHd5c3Rhd2lvbnkgcHJ6ZXogUm9vdENBIHcgaGllcmFyY2hp
+aSBDQyBTaWduZXQuMEUGCCsGAQUFBwIBFjlodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0b3Jp
+dW0vZG9rdW1lbnR5L3BjX3Jvb3RjYS50eHQwHwYDVR0jBBgwFoAUwJvFIw0C4aZOSGsfAOnjmhQb
+sa8wHQYDVR0OBBYEFMODHtVZd1T7TftXR/nEI1zR54njMA0GCSqGSIb3DQEBBQUAA4IBAQBRIHQB
+FIGh8Jpxt87AgSLwIEEk4+oGy769u3NtoaR0R3WNMdmt7fXTi0tyTQ9V4AIszxVjhnUPaKnF1KYy
+f8Tl+YTzk9ZfFkZ3kCdSaILZAOIrmqWNLPmjUQ5/JiMGho0e1YmWUcMci84+pIisTsytFzVP32/W
++sz2H4FQAvOIMmxB7EJX9AdbnXn9EXZ+4nCqi0ft5z96ZqOJJiCB3vSaoYg+wdkcvb6souMJzuc2
+uptXtR1Xf3ihlHaGW+hmnpcwFA6AoNrom6Vgzk6U1ienx0Cw28BhRSKqzKkyXkuK8gRflZUx84uf
+tXncwKJrMiE3lvgOOBITRzcahirLer4c
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE9zCCA9+gAwIBAgIEPL/xoTANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MSAwHgYDVQQDExdDQyBTaWduZXQgLSBQQ0EgS2xhc2EgMjAeFw0wMjA0MTkxMDI5NTNa
+Fw0xNzA0MTgxMjUzMDdaMHUxCzAJBgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4g
+eiBvLm8uMSQwIgYDVQQLExtDZW50cnVtIENlcnR5ZmlrYWNqaSBTaWduZXQxHzAdBgNVBAMTFkND
+IFNpZ25ldCAtIENBIEtsYXNhIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqgLJu
+QqY4yavbSgHg8CyfKTx4BokNSDOVz4eD9vptUr11Kqd06ED1hlH7Sg0goBFAfntNU/QTKwSBaNui
+me7C4sSEdgsKrPoAhGb4Mq8y7Ty7RqZz7mkzNMqzL2L2U4yQ2QjvpH8MH0IBqOWEcpSkpwnrCDIm
+RoTfd+YlZWKi2JceQixUUYIQ45Ox8+x8hHbvvZdgqtcvo8PW27qoHkp/7hMuJ44kDAGrmxffBXl/
+OBRZp0uO1CSLcMcVJzyr2phKhy406MYdWrtNPEluGs0GFDzd0nrIctiWAO4cmct4S72S9Q6e//0G
+O9f3/Ca5Kb2I1xYLj/xE+HgjHX9aD2MhAgMBAAGjggGMMIIBiDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjCB4wYDVR0gBIHbMIHYMIHVBg0rBgEEAb4/AhQKAQEAMIHDMHUGCCsGAQUF
+BwICMGkaZ0NlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBQQ0EyIC0gQ2VydHlmaWthdHkgVXJ6ZWRvdyBLbGFzeSAyIi4wSgYI
+KwYBBQUHAgEWPmh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9kb2t1bWVudHkva2xh
+c2EyL3BjX3BjYTIudHh0MD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cuc2lnbmV0LnBsL3Jl
+cG96eXRvcml1bS9jcmwvcGNhMi5jcmwwHwYDVR0jBBgwFoAUwGxGyl2CfpYHRonE82AVXO08kMIw
+HQYDVR0OBBYEFLtFBlILy4HNKVSzvHxBTM0HDowlMA0GCSqGSIb3DQEBBQUAA4IBAQBWTsCbqXrX
+hBBev5v5cIuc6gJM8ww7oR0uMQRZoFSqvQUPWBYM2/TLI/f8UM9hSShUVj3zEsSj/vFHagUVmzuV
+Xo5u0WK8iaqATSyEVBhADHrPG6wYcLKJlagge/ILA0m+SieyP2sjYD9MUB9KZIEyBKv0429UuDTw
+6P7pslxMWJBSNyQxaLIs0SRKsqZZWkc7ZYAj2apSkBMX2Is1oHA+PwkF6jQMwCao/+CndXPUzfCF
+6caa9WwW31W26MlXCvSmJgfiTPwGvm4PkPmOnmWZ3CczzhHl4q7ztHFzshJH3sZWDnrWwBFjzz5e
+Pr3WHV1wA7EY6oT4zBx+2gT9XBTB
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAzugAwIBAgIEPq+qjzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJQTDE3MDUGA1UE
+ChMuQ1ppQyBDZW50cmFzdCBTQSB3IGltaWVuaXUgTWluaXN0cmEgR29zcG9kYXJraTEZMBcGA1UE
+AxMQQ1ppQyBDZW50cmFzdCBTQTAeFw0wMzA0MzAxMDUwNTVaFw0wODA0MjgxMDUwNTVaMGgxCzAJ
+BgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4geiBvLm8uMR8wHQYDVQQDExZDQyBT
+aWduZXQgLSBDQSBLbGFzYSAzMRcwFQYDVQQFEw5OdW1lciB3cGlzdTogNDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALVdeOM62cPH2NERFxbS5FIp/HSv3fgesdVsTUFxZbGtE+/E0RMl
+KZQJHH9emx7vRYubsi4EOLCjYsCOTFvgGRIpZzx7R7T5c0Di5XFkRU4gjBl7aHJoKb5SLzGlWdoX
+GsekVtl6keEACrizV2EafqjI8cnBWY7OxQ1ooLQp5AeFjXg+5PT0lO6TUZAubqjFbhVbxSWjqvdj
+93RGfyYE76MnNn4c2xWySD07n7uno06TC0IJe6+3WSX1h+76VsIFouWBXOoM7cxxiLjoqdBVu24+
+P8e81SukE7qEvOwDPmk9ZJFtt1nBNg8a1kaixcljrA/43XwOPz6qnJ+cIj/xywECAwEAAaOCAQow
+ggEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDMGA1UdIAEB/wQpMCcwJQYEVR0g
+ADAdMBsGCCsGAQUFBwIBFg93d3cuY2VudHJhc3QucGwwgY4GA1UdIwSBhjCBg4AU2a7r85Cp1iJN
+W0Ca1LR6VG3996ShZaRjMGExCzAJBgNVBAYTAlBMMTcwNQYDVQQKEy5DWmlDIENlbnRyYXN0IFNB
+IHcgaW1pZW5pdSBNaW5pc3RyYSBHb3Nwb2RhcmtpMRkwFwYDVQQDExBDWmlDIENlbnRyYXN0IFNB
+ggQ9/0sQMB0GA1UdDgQWBBR7Y8wZkHq0zrY7nn1tFSdQ0PlJuTANBgkqhkiG9w0BAQUFAAOCAQEA
+ldt/svO5c1MU08FKgrOXCGEbEPbQxhpM0xcd6Iv3dCo6qugEgjEs9Qm5CwUNKMnFsvR27cJWUvZb
+MVcvwlwCwclOdwF6u/QRS8bC2HYErhYo9bp9yuxxzuow2A94c5fPqfVrjXy+vDouchAm6+A5Wjzv
+J8wxVFDCs+9iGACmyUWr/JGXCYiQIbQkwlkRKHHlan9ymKf1NvIej/3EpeT8fKr6ywxGuhAfqofW
+pg3WJY/RCB4lTzD8vZGNwfMFGkWhJkypad3i9w3lGmDVpsHaWtCgGfd0H7tUtWPkP+t7EjIRCD9J
+HYnTR+wbbewc5vOI+UobR15ynGfFIaSIiMTVtQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEejCCA2KgAwIBAgIEP4vk6TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQ
+TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2Vu
+dHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBD
+QSBLbGFzYSAyMB4XDTAzMTAxNDExNTgyMloXDTE3MDQxODEyNTMwN1owdzELMAkG
+A1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6IG8uby4xJDAiBgNV
+BAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEhMB8GA1UEAxMYQ0MgU2ln
+bmV0IC0gT0NTUCBLbGFzYSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo
+VCsaBStblXQYVNthe3dvaCrfvKpPXngh4almm988iIlEv9CVTaAdCfaJNihvA+Vs
+Qw8++ix1VqteMQE474/MV/YaXigP0Zr0QB+g+/7PWVlv+5U9Gzp9+Xx4DJay8AoI
+iB7Iy5Qf9iZiHm5BiPRIuUXT4ZRbZRYPh0/76vgRsQIDAQABo4IBkjCCAY4wDgYD
+VR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEEGA1UdHwQ6MDgwNqA0
+oDKGMGh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9jcmwva2xhc2Ey
+LmNybDCB2AYDVR0gBIHQMIHNMIHKBg4rBgEEAb4/AoFICgwBADCBtzBsBggrBgEF
+BQcCAjBgGl5DZXJ0eWZpa2F0IHd5ZGFueSB6Z29kbmllIHogZG9rdW1lbnRlbSAi
+UG9saXR5a2EgQ2VydHlmaWthY2ppIC0gQ2VydHlmaWthdHkgcmVzcG9uZGVyb3cg
+T0NTUCIuMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0
+b3JpdW0vZG9rdW1lbnR5L3BjX29jc3BfMV8wLnBkZjAfBgNVHSMEGDAWgBS7RQZS
+C8uBzSlUs7x8QUzNBw6MJTAdBgNVHQ4EFgQUKEVrOY7cEHvsVgvoyZdytlbtgwEw
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAQrRg5MV6dxr0HU2IsLInxhvt
+iUVmSFkIUsBCjzLoewOXA16d2oDyHhI/eE+VgAsp+2ANjZu4xRteHIHoYMsN218M
+eD2MLRsYS0U9xxAFK9gDj/KscPbrrdoqLvtPSMhUb4adJS9HLhvUe6BicvBf3A71
+iCNe431axGNDWKnpuj2KUpj4CFHYsWCXky847YtTXDjri9NIwJJauazsrSjK+oXp
+ngRS506mdQ7vWrtApkh8zhhWp7duCkjcCo1O8JxqYr2qEW1fXmgOISe010v2mmuv
+hHxPyVwoAU4KkOw0nbXZn53yak0is5+XmAjh0wWue44AssHrjC9nUh3mkLt6eQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEezCCA2OgAwIBAgIEP4vnLzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJQ
+TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEfMB0GA1UEAxMWQ0Mg
+U2lnbmV0IC0gQ0EgS2xhc2EgMzEXMBUGA1UEBRMOTnVtZXIgd3Bpc3U6IDQwHhcN
+MDMxMDE0MTIwODAwWhcNMDgwNDI4MTA1MDU1WjB3MQswCQYDVQQGEwJQTDEfMB0G
+A1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBD
+ZXJ0eWZpa2FjamkgU2lnbmV0MSEwHwYDVQQDExhDQyBTaWduZXQgLSBPQ1NQIEts
+YXNhIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM/9GwvARNuCVN+PqZmO
+4FqH8vTqhenUyqRkmAVT4YhLu0a9AXeLAYVDu+NTkYzsAUMAfu55rIKHNLlm6WbF
+KvLiKKz4p4pbUr+ToPcwl/TDotidloUdBAxDg0SL+PmQqACZDe3seJho2IYf2vDL
+/G4TLMbKmNB0mlWFuN0f4fJNAgMBAAGjggGgMIIBnDAOBgNVHQ8BAf8EBAMCB4Aw
+EwYDVR0lBAwwCgYIKwYBBQUHAwkwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3
+dy5zaWduZXQucGwva3dhbGlmaWtvd2FuZS9yZXBvenl0b3JpdW0vY3JsL2tsYXNh
+My5jcmwwgdgGA1UdIASB0DCBzTCBygYOKwYBBAG+PwKCLAoCAQAwgbcwbAYIKwYB
+BQUHAgIwYBpeQ2VydHlmaWthdCB3eWRhbnkgemdvZG5pZSB6IGRva3VtZW50ZW0g
+IlBvbGl0eWthIENlcnR5ZmlrYWNqaSAtIENlcnR5ZmlrYXR5IHJlc3BvbmRlcm93
+IE9DU1AiLjBHBggrBgEFBQcCARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5
+dG9yaXVtL2Rva3VtZW50eS9wY19vY3NwXzFfMC5wZGYwHwYDVR0jBBgwFoAUe2PM
+GZB6tM62O559bRUnUND5SbkwHQYDVR0OBBYEFG4jnCMvBALRQXtmDn9TyXQ/EKP+
+MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBACXrKG5Def5lpRwmZom3UEDq
+bl7y4U3qomG4B+ok2FVZGgPZti+ZgvrenPj7PtbYCUBPsCSTNrznKinoT3gD9lQQ
+xkEHwdc6VD1GlFp+qI64u0+wS9Epatrdf7aBnizrOIB4LJd4E2TWQ6trspetjMIU
+upyWls1BmYUxB91R7QkTiAUSNZ87s3auhZuG4f0V0JLVCcg2rn7AN1rfMkgxCbHk
+GxiQbYWFljl6aatxR3odnnzVUe1I8uoY2JXpmmUcOG4dNGuQYziyKG3mtXCQWvug
+5qi9Mf3KUh1oSTKx6HfLjjNl1+wMB5Mdb8LF0XyZLdJM9yIZh7SBRsYm9QiXevY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGjCCBAKgAwIBAgIEPL7eEDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwNDE4MTQ1NDA4WhcNMjYw
+OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu
+ZXQgLSBQQ0EgS2xhc2EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7BrBlbN5ma
+M5eg0BOTqoZ+9NBDvU8Lm5rTdrMswFTCathzpVVLK/JD4K3+4oCZ9SRAspEXE4gvwb08ASY6w5s+
+HpRkeJw8YzMFR5kDZD5adgnCAy4vDfIXYZgppXPaTQ8wnfUZ7BZ7Zfa7QBemUIcJIzJBB0UqgtxW
+Ceol9IekpBRVmuuSA6QG0Jkm+pGDJ05yj2eQG8jTcBENM7sVA8rGRMyFA4skSZ+D0OG6FS2xC1i9
+JyN0ag1yII/LPx8HK5J4W9MaPRNjAEeaa2qI9EpchwrOxnyVbQfSedCG1VRJfAsE/9tT9CMUPZ3x
+W20QjQcSZJqVcmGW9gVsXKQOVLsCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQEBMIHkMIGaBggrBgEFBQcC
+AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6
+IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z
+aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw
+OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy
+bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUwGxGyl2CfpYHRonE
+82AVXO08kMIwDQYJKoZIhvcNAQEFBQADggEBABp1TAUsa+BeVWg4cjowc8yTJ5XN3GvN96GObMkx
+UGY7U9kVrLI71xBgoNVyzXTiMNDBvjh7vdPWjpl5SDiRpnnKiOFXA43HvNWzUaOkTu1mxjJsZsan
+ot1Xt6j0ZDC+03FjLHdYMyM9kSWp6afb4980EPYZCcSzgM5TOGfJmNii5Tq468VFKrX+52Aou1G2
+2Ohu+EEOlOrG7ylKv1hHUJJCjwN0ZVEIn1nDbrU9FeGCz8J9ihVUvnENEBbBkU37PWqWuHitKQDV
+tcwTwJJdR8cmKq3NmkwAm9fPacidQLpaw0WkuGrS+fEDhu1Nhy9xELP6NA9GRTCNxm/dXlcwnmY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGjCCBAKgAwIBAgIEPV0tNDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwODE2MTY0OTU2WhcNMjYw
+OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu
+ZXQgLSBQQ0EgS2xhc2EgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALN3LanJtdue
+Ne6geWUTFENa+lEuzqELcoqhYB+a/tJcPEkc6TX/bYPzalRRjqs+quMP6KZTU0DixOrV+K7iWaqA
+iQ913HX5IBLmKDCrTVW/ZvSDpiBKbxlHfSNuJxAuVT6HdbzK7yAW38ssX+yS2tZYHZ5FhZcfqzPE
+OpO94mAKcBUhk6T/ki0evXX/ZvvktwmF3hKattzwtM4JMLurAEl8SInyEYULw5JdlfcBez2Tg6Db
+w34hA1A+ckTwhxzecrB8TUe2BnQKOs9vr2cCACpFFcOmPkM0Drtjctr1QHm1tYSqRFRf9VcV5tfC
+3P8QqoK4ONjtLPHc9x5NE1uK/FMCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQECMIHkMIGaBggrBgEFBQcC
+AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0
+eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6
+IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z
+aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw
+OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy
+bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUXvthcPHlH5BgGhlM
+ErJNXWlhlgAwDQYJKoZIhvcNAQEFBQADggEBACIce95Mvn710KCAISA0CuHD4aznTU6pLoCDShW4
+7OR+GTpJUm1coTcUqlBHV9mra4VFrBcBuOkHZoBLq/jmE0QJWnpSEULDcH9J3mF0nqO9SM+mWyJG
+dsJF/XU/7smummgjMNQXwzQTtWORF+6v5KUbWX85anO2wR+M6YTBWC55zWpWi4RG3vkHFs5Ze2oF
+JTlpuxw9ZgxTnWlwI9QR2MvEhYIUMKMOWxw1nt0kKj+5TCNQQGh/VJJ1dsiroGh/io1DOcePEhKz
+1Ag52y6Wf0nJJB9yk0sFakqZH18F7eQecQImgZyyeRtsG95leNugB3BXWCW+KxwiBrtQTXv4dTE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEzzCCA7egAwIBAgIEO6ocGTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIwMTY0MjE5WhcNMjYw
+OTIxMTU0MjE5WjBxMQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v
+LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MRswGQYDVQQDExJDQyBTaWdu
+ZXQgLSBSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrr2vydnNpELfGW3Ks
+ARiDhJvwDtUe4AbWev+OfMc3+vA29nX8ZmIwno3gmItjo5DbUCCRiCMq5c9epcGu+kg4a3BJChVX
+REl8gVh0ST15rr3RKrSc4VgsvQzl0ZUraeQLl8JoRT5PLsUj3qwF78jUCQVckiiLVcnGfZtFCm+D
+CJXliQBDMB9XFAUEiO/DtEBs0B7wJGx7lgJeJpQUcGiaOPjcJDYOk7rNAYmmD2gWeSlepufO8luU
+YG/YDxTC4mqhRqfa4MnVO5dqy+ICj2UvUpHbZDB0KfGRibgBYeQP1kuqgIzJN4UqknVAJb0aMBSP
+l+9k2fAUdchx1njlbdcbAgMBAAGjggFtMIIBaTAPBgNVHRMBAf8EBTADAQH/MIIBBAYDVR0gBIH8
+MIH5MIH2Bg0rBgEEAb4/AgEKAQEAMIHkMIGaBggrBgEFBQcCAjCBjRqBikNlcnR5ZmlrYXQgd3lz
+dGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0eWthIENlcnR5ZmlrYWNqaSBkbGEg
+Um9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6IFJvb3RDQSB3IGhpZXJhcmNoaWkg
+Q0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVt
+L2Rva3VtZW50eS9wY19yb290Y2EudHh0MB0GA1UdDgQWBBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAf
+BgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcN
+AQEFBQADggEBAGnY5QmYqnnO9OqFOWZxxb25UHRnaRF6IV9aaGit5BZufZj2Tq3v8L3SgE34GOoI
+cdRMMG5JEpEU4mN/Ef3oY6Eo+7HfqaPHI4KFmbDSPiK5s+wmf+bQSm0Yq5/h4ZOdcAESlLQeLSt1
+CQk2JoKQJ6pyAf6xJBgWEIlm4RXE4J3324PUiOp83kW6MDvaa1xY976WyInr4rwoLgxVl11LZeKW
+ha0RJJxJgw/NyWpKG7LWCm1fglF8JH51vZNndGYq1iKtfnrIOvLZq6bzaCiZm1EurD8HE6P7pmAB
+KK6o3C2OXlNfNIgwkDN/cDqk5TYsTkrpfriJPdxXBH8hQOkW89g=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID/TCCA2agAwIBAgIEP4/gkTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQTDEfMB0GA1UE
+ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg
+U2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBDQSBLbGFzYSAxMB4XDTAzMTAxNzEyMjkwMloX
+DTExMDkyMzExMTgxN1owdjELMAkGA1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6
+IG8uby4xJDAiBgNVBAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEgMB4GA1UEAxMXQ0Mg
+U2lnbmV0IC0gVFNBIEtsYXNhIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJYrISEtSsd
+uHajROh5/n7NGrkpYTT9NEaPe9+ucuQ37KxIbfJwXJjgUc1dw4wCkcQ12FJarD1X6mSQ4cfN/60v
+LfKI5ZD4nhJTMKlAj1pX9ScQ/MuyvKStCbn5WTkjPhjRAM0tdwXSnzuTEunfw0Oup559y3Iqxg1c
+ExflB6cfAgMBAAGjggGXMIIBkzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNpZ25ldC5w
+bC9yZXBvenl0b3JpdW0vY3JsL2tsYXNhMS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQM
+MAoGCCsGAQUFBwMIMIHaBgNVHSAEgdIwgc8wgcwGDSsGAQQBvj8CZAoRAgEwgbowbwYIKwYBBQUH
+AgIwYxphQ2VydHlmaWthdCB3eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtICJQb2xpdHlr
+YSBDZXJ0eWZpa2FjamkgQ0MgU2lnbmV0IC0gWm5ha293YW5pZSBjemFzZW0iLjBHBggrBgEFBQcC
+ARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY190c2ExXzJf
+MS5wZGYwHwYDVR0jBBgwFoAUw4Me1Vl3VPtN+1dH+cQjXNHnieMwHQYDVR0OBBYEFJdDwEqtcavO
+Yd9u9tej53vWXwNBMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAnpiQkqLCJQYXUrqMHUEz
++z3rOqS0XzSFnVVLhkVssvXc8S3FkJIiQTUrkScjI4CToCzujj3EyfNxH6yiLlMbskF8I31JxIeB
+vueqV+s+o76CZm3ycu9hb0I4lswuxoT+q5ZzPR8Irrb51rZXlolR+7KtwMg4sFDJZ8RNgOf7tbA=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
-        Validity
-            Not Before: Sep 30 16:13:43 2003 GMT
-            Not After : Sep 30 16:13:44 2037 GMT
-        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b7:36:55:e5:a5:5d:18:30:e0:da:89:54:91:fc:
-                    c8:c7:52:f8:2f:50:d9:ef:b1:75:73:65:47:7d:1b:
-                    5b:ba:75:c5:fc:a1:88:24:fa:2f:ed:ca:08:4a:39:
-                    54:c4:51:7a:b5:da:60:ea:38:3c:81:b2:cb:f1:bb:
-                    d9:91:23:3f:48:01:70:75:a9:05:2a:ad:1f:71:f3:
-                    c9:54:3d:1d:06:6a:40:3e:b3:0c:85:ee:5c:1b:79:
-                    c2:62:c4:b8:36:8e:35:5d:01:0c:23:04:47:35:aa:
-                    9b:60:4e:a0:66:3d:cb:26:0a:9c:40:a1:f4:5d:98:
-                    bf:71:ab:a5:00:68:2a:ed:83:7a:0f:a2:14:b5:d4:
-                    22:b3:80:b0:3c:0c:5a:51:69:2d:58:18:8f:ed:99:
-                    9e:f1:ae:e2:95:e6:f6:47:a8:d6:0c:0f:b0:58:58:
-                    db:c3:66:37:9e:9b:91:54:33:37:d2:94:1c:6a:48:
-                    c9:c9:f2:a5:da:a5:0c:23:f7:23:0e:9c:32:55:5e:
-                    71:9c:84:05:51:9a:2d:fd:e6:4e:2a:34:5a:de:ca:
-                    40:37:67:0c:54:21:55:77:da:0a:0c:cc:97:ae:80:
-                    dc:94:36:4a:f4:3e:ce:36:13:1e:53:e4:ac:4e:3a:
-                    05:ec:db:ae:72:9c:38:8b:d0:39:3b:89:0a:3e:77:
-                    fe:75
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:12
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.chambersign.org/chambersroot.crl
-
-            X509v3 Subject Key Identifier: 
-                E3:94:F5:B1:4D:E9:DB:A1:29:5B:57:8B:4D:76:06:76:E1:D1:A2:8A
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:chambersroot@chambersign.org
-            X509v3 Issuer Alternative Name: 
-                email:chambersroot@chambersign.org
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.17326.10.3.1
-                  CPS: http://cps.chambersign.org/cps/chambersroot.html
-
-    Signature Algorithm: sha1WithRSAEncryption
-        0c:41:97:c2:1a:86:c0:22:7c:9f:fb:90:f3:1a:d1:03:b1:ef:
-        13:f9:21:5f:04:9c:da:c9:a5:8d:27:6c:96:87:91:be:41:90:
-        01:72:93:e7:1e:7d:5f:f6:89:c6:5d:a7:40:09:3d:ac:49:45:
-        45:dc:2e:8d:30:68:b2:09:ba:fb:c3:2f:cc:ba:0b:df:3f:77:
-        7b:46:7d:3a:12:24:8e:96:8f:3c:05:0a:6f:d2:94:28:1d:6d:
-        0c:c0:2e:88:22:d5:d8:cf:1d:13:c7:f0:48:d7:d7:05:a7:cf:
-        c7:47:9e:3b:3c:34:c8:80:4f:d4:14:bb:fc:0d:50:f7:fa:b3:
-        ec:42:5f:a9:dd:6d:c8:f4:75:cf:7b:c1:72:26:b1:01:1c:5c:
-        2c:fd:7a:4e:b4:01:c5:05:57:b9:e7:3c:aa:05:d9:88:e9:07:
-        46:41:ce:ef:41:81:ae:58:df:83:a2:ae:ca:d7:77:1f:e7:00:
-        3c:9d:6f:8e:e4:32:09:1d:4d:78:34:78:34:3c:94:9b:26:ed:
-        4f:71:c6:19:7a:bd:20:22:48:5a:fe:4b:7d:03:b7:e7:58:be:
-        c6:32:4e:74:1e:68:dd:a8:68:5b:b3:3e:ee:62:7d:d9:80:e8:
-        0a:75:7a:b7:ee:b4:65:9a:21:90:e0:aa:d0:98:bc:38:b5:73:
-        3c:8b:f8:dc
-MD5 Fingerprint=B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
 -----BEGIN CERTIFICATE-----
 MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
 MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
@@ -6972,349 +2213,395 @@ XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
 eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
 tGWaIZDgqtCYvDi1czyL+Nw=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
-        Validity
-            Not Before: Sep 30 16:14:18 2003 GMT
-            Not After : Sep 30 16:14:18 2037 GMT
-        Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:a2:70:a2:d0:9f:42:ae:5b:17:c7:d8:7d:cf:14:
-                    83:fc:4f:c9:a1:b7:13:af:8a:d7:9e:3e:04:0a:92:
-                    8b:60:56:fa:b4:32:2f:88:4d:a1:60:08:f4:b7:09:
-                    4e:a0:49:2f:49:d6:d3:df:9d:97:5a:9f:94:04:70:
-                    ec:3f:59:d9:b7:cc:66:8b:98:52:28:09:02:df:c5:
-                    2f:84:8d:7a:97:77:bf:ec:40:9d:25:72:ab:b5:3f:
-                    32:98:fb:b7:b7:fc:72:84:e5:35:87:f9:55:fa:a3:
-                    1f:0e:6f:2e:28:dd:69:a0:d9:42:10:c6:f8:b5:44:
-                    c2:d0:43:7f:db:bc:e4:a2:3c:6a:55:78:0a:77:a9:
-                    d8:ea:19:32:b7:2f:fe:5c:3f:1b:ee:b1:98:ec:ca:
-                    ad:7a:69:45:e3:96:0f:55:f6:e6:ed:75:ea:65:e8:
-                    32:56:93:46:89:a8:25:8a:65:06:ee:6b:bf:79:07:
-                    d0:f1:b7:af:ed:2c:4d:92:bb:c0:a8:5f:a7:67:7d:
-                    04:f2:15:08:70:ac:92:d6:7d:04:d2:33:fb:4c:b6:
-                    0b:0b:fb:1a:c9:c4:8d:03:a9:7e:5c:f2:50:ab:12:
-                    a5:a1:cf:48:50:a5:ef:d2:c8:1a:13:fa:b0:7f:b1:
-                    82:1c:77:6a:0f:5f:dc:0b:95:8f:ef:43:7e:e6:45:
-                    09:25
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:12
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.chambersign.org/chambersignroot.crl
-
-            X509v3 Subject Key Identifier: 
-                43:9C:36:9F:B0:9E:30:4D:C6:CE:5F:AD:10:AB:E5:03:A5:FA:A9:14
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 Subject Alternative Name: 
-                email:chambersignroot@chambersign.org
-            X509v3 Issuer Alternative Name: 
-                email:chambersignroot@chambersign.org
-            X509v3 Certificate Policies: 
-                Policy: 1.3.6.1.4.1.17326.10.1.1
-                  CPS: http://cps.chambersign.org/cps/chambersignroot.html
-
-    Signature Algorithm: sha1WithRSAEncryption
-        3c:3b:70:91:f9:04:54:27:91:e1:ed:ed:fe:68:7f:61:5d:e5:
-        41:65:4f:32:f1:18:05:94:6a:1c:de:1f:70:db:3e:7b:32:02:
-        34:b5:0c:6c:a1:8a:7c:a5:f4:8f:ff:d4:d8:ad:17:d5:2d:04:
-        d1:3f:58:80:e2:81:59:88:be:c0:e3:46:93:24:fe:90:bd:26:
-        a2:30:2d:e8:97:26:57:35:89:74:96:18:f6:15:e2:af:24:19:
-        56:02:02:b2:ba:0f:14:ea:c6:8a:66:c1:86:45:55:8b:be:92:
-        be:9c:a4:04:c7:49:3c:9e:e8:29:7a:89:d7:fe:af:ff:68:f5:
-        a5:17:90:bd:ac:99:cc:a5:86:57:09:67:46:db:d6:16:c2:46:
-        f1:e4:a9:50:f5:8f:d1:92:15:d3:5f:3e:c6:00:49:3a:6e:58:
-        b2:d1:d1:27:0d:25:c8:32:f8:20:11:cd:7d:32:33:48:94:54:
-        4c:dd:dc:79:c4:30:9f:eb:8e:b8:55:b5:d7:88:5c:c5:6a:24:
-        3d:b2:d3:05:03:51:c6:07:ef:cc:14:72:74:3d:6e:72:ce:18:
-        28:8c:4a:a0:77:e5:09:2b:45:44:47:ac:b7:67:7f:01:8a:05:
-        5a:93:be:a1:c1:ff:f8:e7:0e:67:a4:47:49:76:5d:75:90:1a:
-        f5:26:8f:f0
-MD5 Fingerprint=C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
 -----BEGIN CERTIFICATE-----
 MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
-MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
-ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
-YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
-MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
-NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
-A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
-A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
-Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
-QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
-eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
-B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
-z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
-AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
-ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
-TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
-MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
-VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
-VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
-bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
-AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
-bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
-ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
-VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
-ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
-AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
------END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 123 (0x7b)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
-        Validity
-            Not Before: Mar 30 01:47:11 2003 GMT
-            Not After : Dec 15 01:47:11 2022 GMT
-        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c7:52:25:b2:d8:3d:d4:84:55:09:a7:1b:bd:6c:
-                    b9:14:f4:8a:02:db:76:fc:6a:2a:78:ab:e5:77:f0:
-                    6e:e0:8c:23:67:db:a5:64:99:b9:dd:01:3e:6f:ef:
-                    2d:9a:3c:22:f0:5d:c9:57:a0:55:41:7f:f2:43:5e:
-                    58:82:53:31:65:ce:1e:f2:26:ba:00:54:1e:af:b0:
-                    bc:1c:e4:52:8c:a0:32:af:b7:37:b1:53:67:68:74:
-                    67:50:f6:2d:2e:64:de:ae:26:79:df:df:99:86:ab:
-                    ab:7f:85:ec:a0:fb:80:cc:f4:b8:0c:1e:93:45:63:
-                    b9:dc:b8:5b:9b:ed:5b:39:d4:5f:62:b0:a7:8e:7c:
-                    66:38:2c:aa:b1:08:63:17:67:7d:cc:bd:b3:f1:c3:
-                    3f:cf:50:39:ed:d1:19:83:15:db:87:12:27:96:b7:
-                    da:ea:e5:9d:bc:ba:ea:39:4f:8b:ef:74:9a:e7:c5:
-                    d0:d2:ea:86:51:1c:e4:fe:64:08:28:04:79:05:eb:
-                    ca:c5:71:0e:0b:ef:ab:ea:ec:12:11:a1:18:05:32:
-                    69:d1:0c:2c:1a:3d:25:99:3f:b5:7c:ca:6d:b0:ae:
-                    99:99:fa:08:60:e7:19:c2:f2:bd:51:d3:cc:d3:02:
-                    ac:c1:11:0c:80:ce:ab:dc:94:9d:6b:a3:39:53:3a:
-                    d6:85
-                Exponent: 50557 (0xc57d)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:4
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            Netscape Comment: 
-                FIGYELEM! Ezen tanusitvany a NetLock Kft. Minositett Szolgaltatasi Szabalyzataban leirt eljarasok alapjan keszult. A minositett elektronikus alairas joghatas ervenyesulesenek, valamint elfogadasanak feltetele a Minositett Szolgaltatasi Szabalyzatban, az Altalanos Szerzodesi Feltetelekben eloirt ellenorzesi eljaras megtetele. A dokumentumok megtalalhatok a https://www.netlock.hu/docs/ cimen vagy kerhetok az info@netlock.net e-mail cimen. WARNING! The issuance and the use of this certificate are subject to the NetLock Qualified CPS available at https://www.netlock.hu/docs/ or by e-mail at info@netlock.net
-            X509v3 Subject Key Identifier: 
-                09:6A:62:16:92:B0:5A:BB:55:0E:CB:75:32:3A:32:E5:B2:21:C9:28
-    Signature Algorithm: sha1WithRSAEncryption
-        91:6a:50:9c:db:78:81:9b:3f:8b:42:e3:3b:fc:a6:c3:ee:43:
-        e0:cf:f3:e2:80:35:49:45:76:02:e2:e3:2f:05:c5:f1:2a:e7:
-        c0:41:33:c6:b6:9b:d0:33:39:cd:c0:db:a1:ad:6c:37:02:4c:
-        58:41:3b:f2:97:92:c6:48:a8:cd:e5:8a:39:89:61:f9:52:97:
-        e9:bd:f6:f9:94:74:e8:71:0e:bc:77:86:c3:06:cc:5a:7c:4a:
-        7e:34:50:30:2e:fb:7f:32:9a:8d:3d:f3:20:5b:f8:6a:ca:86:
-        f3:31:4c:2c:59:80:02:7d:fe:38:c9:30:75:1c:b7:55:e3:bc:
-        9f:ba:a8:6d:84:28:05:75:b3:8b:0d:c0:91:54:21:e7:a6:0b:
-        b4:99:f5:51:41:dc:cd:a3:47:22:d9:c7:01:81:c4:dc:47:4f:
-        26:ea:1f:ed:db:cd:0d:98:f4:a3:9c:b4:73:32:4a:96:99:fe:
-        bc:7f:c8:25:58:f8:58:f3:76:66:89:54:a4:a6:3e:c4:50:5c:
-        ba:89:18:82:75:48:21:d2:4f:13:e8:60:7e:07:76:db:10:b5:
-        51:e6:aa:b9:68:aa:cd:f6:9d:90:75:12:ea:38:1a:ca:44:e8:
-        b7:99:a7:2a:68:95:66:95:ab:ad:ef:89:cb:60:a9:06:12:c6:
-        94:47:e9:28
-MD5 Fingerprint=D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
------BEGIN CERTIFICATE-----
-MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx
-ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
-b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD
-EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz
-aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w
-MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G
-A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
-Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l
-dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh
-bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq
-eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe
-r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5
-3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd
-vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
-mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC
-wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg
-hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0
-TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh
-biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg
-ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg
-dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6
-b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl
-c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0
-ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3
-dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu
-ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh
-bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo
-ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3
-Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
-ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA
-A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ
-MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+
-NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR
-VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY
-83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3
-macqaJVmlaut74nLYKkGEsaUR+ko
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 259 (0x103)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
-        Validity
-            Not Before: Feb 24 23:14:47 1999 GMT
-            Not After : Feb 19 23:14:47 2019 GMT
-        Subject: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bc:74:8c:0f:bb:4c:f4:37:1e:a9:05:82:d8:e6:
-                    e1:6c:70:ea:78:b5:6e:d1:38:44:0d:a8:83:ce:5d:
-                    d2:d6:d5:81:c5:d4:4b:e7:5b:94:70:26:db:3b:9d:
-                    6a:4c:62:f7:71:f3:64:d6:61:3b:3d:eb:73:a3:37:
-                    d9:cf:ea:8c:92:3b:cd:f7:07:dc:66:74:97:f4:45:
-                    22:dd:f4:5c:e0:bf:6d:f3:be:65:33:e4:15:3a:bf:
-                    db:98:90:55:38:c4:ed:a6:55:63:0b:b0:78:04:f4:
-                    e3:6e:c1:3f:8e:fc:51:78:1f:92:9e:83:c2:fe:d9:
-                    b0:a9:c9:bc:5a:00:ff:a9:a8:98:74:fb:f6:2c:3e:
-                    15:39:0d:b6:04:55:a8:0e:98:20:42:b3:b1:25:ad:
-                    7e:9a:6f:5d:53:b1:ab:0c:fc:eb:e0:f3:7a:b3:a8:
-                    b3:ff:46:f6:63:a2:d8:3a:98:7b:b6:ac:85:ff:b0:
-                    25:4f:74:63:e7:13:07:a5:0a:8f:05:f7:c0:64:6f:
-                    7e:a7:27:80:96:de:d4:2e:86:60:c7:6b:2b:5e:73:
-                    7b:17:e7:91:3f:64:0c:d8:4b:22:34:2b:9b:32:f2:
-                    48:1f:9f:a1:0a:84:7a:e2:c2:ad:97:3d:8e:d5:c1:
-                    f9:56:a3:50:e9:c6:b4:fa:98:a2:ee:95:e6:2a:03:
-                    8c:df
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:4
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            Netscape Comment: 
-                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
-    Signature Algorithm: md5WithRSAEncryption
-        48:24:46:f7:ba:56:6f:fa:c8:28:03:40:4e:e5:31:39:6b:26:
-        6b:53:7f:db:df:df:f3:71:3d:26:c0:14:0e:c6:67:7b:23:a8:
-        0c:73:dd:01:bb:c6:ca:6e:37:39:55:d5:c7:8c:56:20:0e:28:
-        0a:0e:d2:2a:a4:b0:49:52:c6:38:07:fe:be:0a:09:8c:d1:98:
-        cf:ca:da:14:31:a1:4f:d2:39:fc:0f:11:2c:43:c3:dd:ab:93:
-        c7:55:3e:47:7c:18:1a:00:dc:f3:7b:d8:f2:7f:52:6c:20:f4:
-        0b:5f:69:52:f4:ee:f8:b2:29:60:eb:e3:49:31:21:0d:d6:b5:
-        10:41:e2:41:09:6c:e2:1a:9a:56:4b:77:02:f6:a0:9b:9a:27:
-        87:e8:55:29:71:c2:90:9f:45:78:1a:e1:15:64:3d:d0:0e:d8:
-        a0:76:9f:ae:c5:d0:2e:ea:d6:0f:56:ec:64:7f:5a:9b:14:58:
-        01:27:7e:13:50:c7:6b:2a:e6:68:3c:bf:5c:a0:0a:1b:e1:0e:
-        7a:e9:e2:80:c3:e9:e9:f6:fd:6c:11:9e:d0:e5:28:27:2b:54:
-        32:42:14:82:75:e6:4a:f0:2b:66:75:63:8c:a2:fb:04:3e:83:
-        0e:9b:36:f0:18:e4:26:20:c3:8c:f0:28:07:ad:3c:17:66:88:
-        b5:fd:b6:88
-MD5 Fingerprint=86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
 -----BEGIN CERTIFICATE-----
-MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
-MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
-TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
-dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
-KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
-N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
-dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
-MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
-b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
-zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
-3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
-WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
-Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
-NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
-ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
-QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
-YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
-aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
-IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
-ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
-ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
-amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
-IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
-Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
-ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
-YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
-dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
-b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
-CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
-xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
-0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
-QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
-f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
-8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
+MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
+PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
+cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
+IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
+ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
+VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
+kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
+EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
+H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
+HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
+QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
+Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
+AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
+yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
+FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
+ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
+kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
+l7+ijrRU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
+ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
+MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
+VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
+FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
+ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
+gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
+fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
+ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
+ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
+c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
+dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
+aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
+hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
+QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
+h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
+nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
+rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
+9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx
+IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u
+Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY
+rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z
+hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay
+BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL
+iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb
+AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv
+bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0
+MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n
+VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq
+u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m
+hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl
+ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp
+QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5
+quGnM/b9Sh/22WA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 105 (0x69)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
-        Validity
-            Not Before: Feb 25 14:10:22 1999 GMT
-            Not After : Feb 20 14:10:22 2019 GMT
-        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b1:ea:04:ec:20:a0:23:c2:8f:38:60:cf:c7:46:
-                    b3:d5:1b:fe:fb:b9:99:9e:04:dc:1c:7f:8c:4a:81:
-                    98:ee:a4:d4:ca:8a:17:b9:22:7f:83:0a:75:4c:9b:
-                    c0:69:d8:64:39:a3:ed:92:a3:fd:5b:5c:74:1a:c0:
-                    47:ca:3a:69:76:9a:ba:e2:44:17:fc:4c:a3:d5:fe:
-                    b8:97:88:af:88:03:89:1f:a4:f2:04:3e:c8:07:0b:
-                    e6:f9:b3:2f:7a:62:14:09:46:14:ca:64:f5:8b:80:
-                    b5:62:a8:d8:6b:d6:71:93:2d:b3:bf:09:54:58:ed:
-                    06:eb:a8:7b:dc:43:b1:a1:69
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:4
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            Netscape Comment: 
-                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
-    Signature Algorithm: md5WithRSAEncryption
-        04:db:ae:8c:17:af:f8:0e:90:31:4e:cd:3e:09:c0:6d:3a:b0:
-        f8:33:4c:47:4c:e3:75:88:10:97:ac:b0:38:15:91:c6:29:96:
-        cc:21:c0:6d:3c:a5:74:cf:d8:82:a5:39:c3:65:e3:42:70:bb:
-        22:90:e3:7d:db:35:76:e1:a0:b5:da:9f:70:6e:93:1a:30:39:
-        1d:30:db:2e:e3:7c:b2:91:b2:d1:37:29:fa:b9:d6:17:5c:47:
-        4f:e3:1d:38:eb:9f:d5:7b:95:a8:28:9e:15:4a:d1:d1:d0:2b:
-        00:97:a0:e2:92:36:2b:63:ac:58:01:6b:33:29:50:86:83:f1:
-        01:48
-MD5 Fingerprint=39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
 -----BEGIN CERTIFICATE-----
 MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx
 ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
@@ -7346,51 +2633,6 @@ sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa
 n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS
 NitjrFgBazMpUIaD8QFI
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 104 (0x68)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
-        Validity
-            Not Before: Feb 25 14:08:11 1999 GMT
-            Not After : Feb 20 14:08:11 2019 GMT
-        Subject: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:eb:ec:b0:6c:61:8a:23:25:af:60:20:e3:d9:9f:
-                    fc:93:0b:db:5d:8d:b0:a1:b3:40:3a:82:ce:fd:75:
-                    e0:78:32:03:86:5a:86:95:91:ed:53:fa:9d:40:fc:
-                    e6:e8:dd:d9:5b:7a:03:bd:5d:f3:3b:0c:c3:51:79:
-                    9b:ad:55:a0:e9:d0:03:10:af:0a:ba:14:42:d9:52:
-                    26:11:22:c7:d2:20:cc:82:a4:9a:a9:fe:b8:81:76:
-                    9d:6a:b7:d2:36:75:3e:b1:86:09:f6:6e:6d:7e:4e:
-                    b7:7a:ec:ae:71:84:f6:04:33:08:25:32:eb:74:ac:
-                    16:44:c6:e4:40:93:1d:7f:ad
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:4
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            Netscape Comment: 
-                FIGYELEM! Ezen tanusitvany a NetLock Kft. Altalanos Szolgaltatasi Felteteleiben leirt eljarasok alapjan keszult. A hitelesites folyamatat a NetLock Kft. termekfelelosseg-biztositasa vedi. A digitalis alairas elfogadasanak feltetele az eloirt ellenorzesi eljaras megtetele. Az eljaras leirasa megtalalhato a NetLock Kft. Internet honlapjan a https://www.netlock.net/docs cimen vagy kerheto az ellenorzes@netlock.net e-mail cimen. IMPORTANT! The issuance and the use of this certificate is subject to the NetLock CPS available at https://www.netlock.net/docs or by e-mail at cps@netlock.net.
-    Signature Algorithm: md5WithRSAEncryption
-        10:ad:7f:d7:0c:32:80:0a:d8:86:f1:79:98:b5:ad:d4:cd:b3:
-        36:c4:96:48:c1:5c:cd:9a:d9:05:2e:9f:be:50:eb:f4:26:14:
-        10:2d:d4:66:17:f8:9e:c1:27:fd:f1:ed:e4:7b:4b:a0:6c:b5:
-        ab:9a:57:70:a6:ed:a0:a4:ed:2e:f5:fd:fc:bd:fe:4d:37:08:
-        0c:bc:e3:96:83:22:f5:49:1b:7f:4b:2b:b4:54:c1:80:7c:99:
-        4e:1d:d0:8c:ee:d0:ac:e5:92:fa:75:56:fe:64:a0:13:8f:b8:
-        b8:16:9d:61:05:67:80:c8:d0:d8:a5:07:02:34:98:04:8d:33:
-        04:d4
-MD5 Fingerprint=4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
 -----BEGIN CERTIFICATE-----
 MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx
 ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
@@ -7422,246 +2664,197 @@ ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g
 pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4
 Fp1hBWeAyNDYpQcCNJgEjTME1A==
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
-        Validity
-            Not Before: Nov  1 17:14:04 2004 GMT
-            Not After : Jan  1 05:37:19 2035 GMT
-        Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:98:24:1e:bd:15:b4:ba:df:c7:8c:a5:27:b6:38:
-                    0b:69:f3:b6:4e:a8:2c:2e:21:1d:5c:44:df:21:5d:
-                    7e:23:74:fe:5e:7e:b4:4a:b7:a6:ad:1f:ae:e0:06:
-                    16:e2:9b:5b:d9:67:74:6b:5d:80:8f:29:9d:86:1b:
-                    d9:9c:0d:98:6d:76:10:28:58:e4:65:b0:7f:4a:98:
-                    79:9f:e0:c3:31:7e:80:2b:b5:8c:c0:40:3b:11:86:
-                    d0:cb:a2:86:36:60:a4:d5:30:82:6d:d9:6e:d0:0f:
-                    12:04:33:97:5f:4f:61:5a:f0:e4:f9:91:ab:e7:1d:
-                    3b:bc:e8:cf:f4:6b:2d:34:7c:e2:48:61:1c:8e:f3:
-                    61:44:cc:6f:a0:4a:a9:94:b0:4d:da:e7:a9:34:7a:
-                    72:38:a8:41:cc:3c:94:11:7d:eb:c8:a6:8c:b7:86:
-                    cb:ca:33:3b:d9:3d:37:8b:fb:7a:3e:86:2c:e7:73:
-                    d7:0a:57:ac:64:9b:19:eb:f4:0f:04:08:8a:ac:03:
-                    17:19:64:f4:5a:25:22:8d:34:2c:b2:f6:68:1d:12:
-                    6d:d3:8a:1e:14:da:c4:8f:a6:e2:23:85:d5:7a:0d:
-                    bd:6a:e0:e9:ec:ec:17:bb:42:1b:67:aa:25:ed:45:
-                    83:21:fc:c1:c9:7c:d5:62:3e:fa:f2:c5:2d:d3:fd:
-                    d4:65
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            1.3.6.1.4.1.311.20.2: 
-                ...C.A
-            X509v3 Key Usage: 
-                Digital Signature, Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.xrampsecurity.com/XGCA.crl
-
-            1.3.6.1.4.1.311.21.1: 
-                ...
-    Signature Algorithm: sha1WithRSAEncryption
-        91:15:39:03:01:1b:67:fb:4a:1c:f9:0a:60:5b:a1:da:4d:97:
-        62:f9:24:53:27:d7:82:64:4e:90:2e:c3:49:1b:2b:9a:dc:fc:
-        a8:78:67:35:f1:1d:f0:11:bd:b7:48:e3:10:f6:0d:df:3f:d2:
-        c9:b6:aa:55:a4:48:ba:02:db:de:59:2e:15:5b:3b:9d:16:7d:
-        47:d7:37:ea:5f:4d:76:12:36:bb:1f:d7:a1:81:04:46:20:a3:
-        2c:6d:a9:9e:01:7e:3f:29:ce:00:93:df:fd:c9:92:73:89:89:
-        64:9e:e7:2b:e4:1c:91:2c:d2:b9:ce:7d:ce:6f:31:99:d3:e6:
-        be:d2:1e:90:f0:09:14:79:5c:23:ab:4d:d2:da:21:1f:4d:99:
-        79:9d:e1:cf:27:9f:10:9b:1c:88:0d:b0:8a:64:41:31:b8:0e:
-        6c:90:24:a4:9b:5c:71:8f:ba:bb:7e:1c:1b:db:6a:80:0f:21:
-        bc:e9:db:a6:b7:40:f4:b2:8b:a9:b1:e4:ef:9a:1a:d0:3d:69:
-        99:ee:a8:28:a3:e1:3c:b3:f0:b2:11:9c:cf:7c:40:e6:dd:e7:
-        43:7d:a2:d8:3a:b5:a9:8d:f2:34:99:c4:d4:10:e1:06:fd:09:
-        84:10:3b:ee:c4:4c:f4:ec:27:7c:42:c2:74:7c:82:8a:09:c9:
-        b4:03:25:bc
-MD5 Fingerprint=A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
 -----BEGIN CERTIFICATE-----
-MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
-gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
-MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
-UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
-NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
-dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
-dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
-38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
-KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
-DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
-qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
-JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
-PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
-jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
-eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
-ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
-vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
-qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
-IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
-i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
-O+7ETPTsJ3xCwnR8gooJybQDJbw=
+MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
+MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
+TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
+dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
+KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
+N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
+dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
+MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
+b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
+zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
+3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
+WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
+Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
+NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
+ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
+QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
+YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
+aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
+IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
+ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
+ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
+amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
+IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
+Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
+ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
+YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
+dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
+b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
+CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
+xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
+0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
+QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
+f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
+8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
-        Validity
-            Not Before: Jun 29 17:06:20 2004 GMT
-            Not After : Jun 29 17:06:20 2034 GMT
-        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
-                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
-                    5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
-                    da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
-                    c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
-                    6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
-                    27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
-                    1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
-                    fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
-                    12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
-                    5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
-                    72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
-                    ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
-                    fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
-                    77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
-                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
-                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
-                    1b:af
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
-            X509v3 Authority Key Identifier: 
-                keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
-                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
-        14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
-        96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
-        31:f6:7a:c4:54:d7:f6:e5:31:58:03:a2:cc:ce:62:db:94:45:
-        73:b5:bf:45:c9:24:b5:d5:82:02:ad:23:79:69:8d:b8:b6:4d:
-        ce:cf:4c:ca:33:23:e8:1c:88:aa:9d:8b:41:6e:16:c9:20:e5:
-        89:9e:cd:3b:da:70:f7:7e:99:26:20:14:54:25:ab:6e:73:85:
-        e6:9b:21:9d:0a:6c:82:0e:a8:f8:c2:0c:fa:10:1e:6c:96:ef:
-        87:0d:c4:0f:61:8b:ad:ee:83:2b:95:f8:8e:92:84:72:39:eb:
-        20:ea:83:ed:83:cd:97:6e:08:bc:eb:4e:26:b6:73:2b:e4:d3:
-        f6:4c:fe:26:71:e2:61:11:74:4a:ff:57:1a:87:0f:75:48:2e:
-        cf:51:69:17:a0:02:12:61:95:d5:d1:40:b2:10:4c:ee:c4:ac:
-        10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
-        2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
-        7f:db:bd:9f
-MD5 Fingerprint=91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
 -----BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
-MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
-YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
-MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
-ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
-MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
-ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
-PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
-wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
-EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
-avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
-YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
-sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
-/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
-IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
-OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
-TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
-HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
-dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
-ReYNnyicsbkqWletNw+vHX/bvZ8=
+MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx
+ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0
+b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD
+EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz
+aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w
+MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G
+A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh
+Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l
+dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh
+bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq
+eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe
+r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5
+3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd
+vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l
+mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC
+wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg
+hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0
+TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh
+biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg
+ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg
+dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6
+b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl
+c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0
+ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3
+dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu
+ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh
+bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo
+ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3
+Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u
+ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA
+A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ
+MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+
+NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR
+VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY
+83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3
+macqaJVmlaut74nLYKkGEsaUR+ko
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
-        Validity
-            Not Before: Jun 29 17:39:16 2004 GMT
-            Not After : Jun 29 17:39:16 2034 GMT
-        Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:
-                    ce:4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:
-                    c3:a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:
-                    9e:e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:
-                    f0:c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:
-                    a7:4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:
-                    4a:99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:
-                    af:b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:
-                    d4:f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:
-                    b8:b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:
-                    9b:19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:
-                    b2:5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:
-                    b3:e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:
-                    b3:bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:
-                    5e:4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:
-                    23:5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:
-                    0d:1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:
-                    01:ab
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
-            X509v3 Authority Key Identifier: 
-                keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
-                DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        05:9d:3f:88:9d:d1:c9:1a:55:a1:ac:69:f3:f3:59:da:9b:01:
-        87:1a:4f:57:a9:a1:79:09:2a:db:f7:2f:b2:1e:cc:c7:5e:6a:
-        d8:83:87:a1:97:ef:49:35:3e:77:06:41:58:62:bf:8e:58:b8:
-        0a:67:3f:ec:b3:dd:21:66:1f:c9:54:fa:72:cc:3d:4c:40:d8:
-        81:af:77:9e:83:7a:bb:a2:c7:f5:34:17:8e:d9:11:40:f4:fc:
-        2c:2a:4d:15:7f:a7:62:5d:2e:25:d3:00:0b:20:1a:1d:68:f9:
-        17:b8:f4:bd:8b:ed:28:59:dd:4d:16:8b:17:83:c8:b2:65:c7:
-        2d:7a:a5:aa:bc:53:86:6d:dd:57:a4:ca:f8:20:41:0b:68:f0:
-        f4:fb:74:be:56:5d:7a:79:f5:f9:1d:85:e3:2d:95:be:f5:71:
-        90:43:cc:8d:1f:9a:00:0a:87:29:e9:55:22:58:00:23:ea:e3:
-        12:43:29:5b:47:08:dd:8c:41:6a:65:06:a8:e5:21:aa:41:b4:
-        95:21:95:b9:7d:d1:34:ab:13:d6:ad:bc:dc:e2:3d:39:cd:bd:
-        3e:75:70:a1:18:59:03:c9:22:b4:8f:9c:d5:5e:2a:d7:a5:b6:
-        d4:0a:6d:f8:b7:40:11:46:9a:1f:79:0e:62:bf:0f:97:ec:e0:
-        2f:1f:17:94
-MD5 Fingerprint=32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
 -----BEGIN CERTIFICATE-----
 MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
 MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
@@ -7686,68 +2879,50 @@ xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
 VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
 WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
 -----END CERTIFICATE-----
-
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=IL, ST=Israel, L=Eilat, O=StartCom Ltd., OU=CA Authority Dep., CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
-        Validity
-            Not Before: Mar 17 17:37:48 2005 GMT
-            Not After : Mar 10 17:37:48 2035 GMT
-        Subject: C=IL, ST=Israel, L=Eilat, O=StartCom Ltd., OU=CA Authority Dep., CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:ed:84:60:00:23:9e:c8:4a:51:29:27:de:3a:a1:
-                    39:b5:69:ab:09:b2:2f:34:fd:61:dc:3d:d3:b0:cf:
-                    b1:d7:c2:c4:c2:b1:e4:96:56:c4:be:aa:14:0e:e7:
-                    cc:3a:50:c8:3a:62:9d:c3:a3:ac:59:7b:8e:ee:55:
-                    1a:1c:47:be:a3:97:39:b3:b5:ef:23:2c:08:e8:d8:
-                    af:73:2f:b9:c9:83:e8:ed:00:0f:c8:75:a5:2f:34:
-                    4c:18:e8:76:88:23:49:8a:db:b6:ed:68:da:c3:b5:
-                    62:29:4c:a5:4b:b7:98:b4:09:14:10:a0:f8:fe:62:
-                    76:22:15:0b:a4:d6:08:2f:35
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: 
-                Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                1C:89:C3:96:CC:BD:FE:32:D5:0D:8C:81:31:B6:98:9D:8D:28:64:8D
-            X509v3 Authority Key Identifier: 
-                keyid:1C:89:C3:96:CC:BD:FE:32:D5:0D:8C:81:31:B6:98:9D:8D:28:64:8D
-                DirName:/C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
-                serial:00
-
-            X509v3 Subject Alternative Name: 
-                email:admin@startcom.org
-            X509v3 Issuer Alternative Name: 
-                email:admin@startcom.org
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            Netscape Comment: 
-                Free SSL Certification Authority
-            Netscape CA Revocation Url: 
-                http://cert.startcom.org/ca-crl.crl
-            Netscape Base Url: 
-                http://cert.startcom.org/
-            Netscape CA Policy Url: 
-                http://cert.startcom.org/index.php?app=111
-    Signature Algorithm: md5WithRSAEncryption
-        6c:71:25:e1:9e:34:91:21:ef:db:6c:bd:01:08:56:8f:88:d8:
-        41:3a:53:f5:72:df:27:57:4b:76:84:f7:68:a4:fe:eb:3f:09:
-        7e:28:b8:57:ea:1f:c1:aa:e2:ff:96:9f:49:99:e6:b2:95:73:
-        96:c6:48:c7:5e:8d:07:72:56:f8:83:8f:9f:77:af:29:d3:45:
-        0e:a4:ee:b0:36:74:2d:f0:cd:98:23:7b:37:4b:da:fe:51:98:
-        c4:1e:34:3c:88:fd:99:3b:50:a7:c1:8b:33:c7:c2:52:16:12:
-        95:53:65:22:ef:ba:8b:ce:62:db:70:23:b1:80:df:1a:20:38:
-        e7:7e
-MD5 Fingerprint=08:7C:58:1F:52:2B:44:B4:3B:79:CD:01:F8:C5:C3:C9
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIFFjCCBH+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCSUwx
 DzANBgNVBAgTBklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0
@@ -7778,212 +2953,633 @@ ct8nV0t2hPdopP7rPwl+KLhX6h/BquL/lp9JmeaylXOWxkjHXo0Hclb4g4+fd68p
 00UOpO6wNnQt8M2YI3s3S9r+UZjEHjQ8iP2ZO1CnwYszx8JSFhKVU2Ui77qLzmLb
 cCOxgN8aIDjnfg==
 -----END CERTIFICATE-----
-
-
-#
-#  RHNS CA certificate.  Appended to the ca-bundle at package build-time.
-#
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat, Inc., OU=Red Hat Network Services, CN=RHNS Certificate Authority/Email=rhns@redhat.com
-        Validity
-            Not Before: Aug 23 22:45:55 2000 GMT
-            Not After : Aug 28 22:45:55 2003 GMT
-        Subject: C=US, ST=North Carolina, L=Research Triangle Park, O=Red Hat, Inc., OU=Red Hat Network Services, CN=RHNS Certificate Authority/Email=rhns@redhat.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c0:68:2b:12:30:e2:21:2d:22:c6:72:71:5b:bf:
-                    17:a0:93:10:e9:9b:e3:c9:8d:3b:2d:ac:c4:bb:95:
-                    3b:e0:ca:55:32:dc:95:c2:10:b3:04:b2:51:fb:e8:
-                    85:61:16:34:a5:b4:1d:67:5c:a7:77:f4:f0:92:da:
-                    b4:8b:af:95:93:62:f3:66:29:ae:c0:88:b7:64:84:
-                    0e:48:90:60:f8:60:3e:00:7f:54:dd:17:a6:ac:18:
-                    e0:42:de:7c:be:90:81:f7:f4:05:85:0a:08:cc:d5:
-                    f2:9f:fc:24:8b:77:a5:3d:e9:48:a9:ef:0f:3b:63:
-                    a3:fe:a6:83:4c:e8:dc:0b:77
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                54:15:CD:9F:2C:F7:EC:0D:1F:D2:A8:BE:4C:07:AC:88:3E:FB:9B:0A
-            X509v3 Authority Key Identifier: 
-                keyid:54:15:CD:9F:2C:F7:EC:0D:1F:D2:A8:BE:4C:07:AC:88:3E:FB:9B:0A
-                DirName:/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat, Inc./OU=Red Hat Network Services/CN=RHNS Certificate Authority/Email=rhns@redhat.com
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        93:01:88:88:67:67:91:8c:9e:d0:12:14:90:71:12:87:55:0a:
-        f2:52:1b:ad:f2:d3:07:1d:af:70:99:bb:b0:cd:80:23:c9:ed:
-        2b:73:e9:63:b1:d0:b3:8c:60:c5:42:64:a6:c1:95:56:90:c5:
-        35:06:03:58:f5:8e:2b:d9:f9:a9:a0:10:a9:99:f7:15:42:92:
-        a5:50:d7:11:07:f1:02:d5:e0:70:e4:55:6e:2a:ce:25:f8:5d:
-        cd:0b:2f:10:61:f8:f6:20:42:cc:c3:89:f8:8a:4f:82:24:12:
-        cf:39:7f:21:a8:2c:8d:52:97:52:c5:f7:5f:42:a5:87:09:66:
-        b0:cc
------BEGIN CERTIFICATE-----
-MIIEMDCCA5mgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBxzELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlh
-bmdsZSBQYXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQg
-SGF0IE5ldHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUg
-QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wHhcNMDAw
-ODIzMjI0NTU1WhcNMDMwODI4MjI0NTU1WjCBxzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAgTDk5vcnRoIENhcm9saW5hMR8wHQYDVQQHExZSZXNlYXJjaCBUcmlhbmdsZSBQ
-YXJrMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMSEwHwYDVQQLExhSZWQgSGF0IE5l
-dHdvcmsgU2VydmljZXMxIzAhBgNVBAMTGlJITlMgQ2VydGlmaWNhdGUgQXV0aG9y
-aXR5MR4wHAYJKoZIhvcNAQkBFg9yaG5zQHJlZGhhdC5jb20wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAMBoKxIw4iEtIsZycVu/F6CTEOmb48mNOy2sxLuVO+DK
-VTLclcIQswSyUfvohWEWNKW0HWdcp3f08JLatIuvlZNi82YprsCIt2SEDkiQYPhg
-PgB/VN0XpqwY4ELefL6Qgff0BYUKCMzV8p/8JIt3pT3pSKnvDztjo/6mg0zo3At3
-AgMBAAGjggEoMIIBJDAdBgNVHQ4EFgQUVBXNnyz37A0f0qi+TAesiD77mwowgfQG
-A1UdIwSB7DCB6YAUVBXNnyz37A0f0qi+TAesiD77mwqhgc2kgcowgccxCzAJBgNV
-BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEfMB0GA1UEBxMWUmVzZWFy
-Y2ggVHJpYW5nbGUgUGFyazEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjEhMB8GA1UE
-CxMYUmVkIEhhdCBOZXR3b3JrIFNlcnZpY2VzMSMwIQYDVQQDExpSSE5TIENlcnRp
-ZmljYXRlIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYPcmhuc0ByZWRoYXQuY29t
-ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAkwGIiGdnkYye0BIU
-kHESh1UK8lIbrfLTBx2vcJm7sM2AI8ntK3PpY7HQs4xgxUJkpsGVVpDFNQYDWPWO
-K9n5qaAQqZn3FUKSpVDXEQfxAtXgcORVbirOJfhdzQsvEGH49iBCzMOJ+IpPgiQS
-zzl/IagsjVKXUsX3X0KlhwlmsMw=
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9
+m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih
+FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/
+TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F
+EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco
+kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu
+HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF
+vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo
+19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
+L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW
+bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX
+JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
+BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc
+K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf
+ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik
+Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB
+sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e
+3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR
+ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip
+mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH
+b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf
+rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms
+hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
+zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6
+MBr1mmz0DlP5OlvRHA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu
+IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw
+WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD
+ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y
+IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn
+IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+
+6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob
+jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw
+izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl
++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY
+zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP
+pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF
+KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW
+ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB
+AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0
+ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW
+IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA
+A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0
+uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+
+FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7
+jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/
+u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D
+YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1
+puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa
+icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG
+DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x
+kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z
+Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/
+MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow
+PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR
+IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q
+gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy
+yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts
+F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2
+jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx
+ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC
+VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK
+YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH
+EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
+Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud
+DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE
+MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK
+UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf
+qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK
+ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE
+JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7
+hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1
+EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm
+nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX
+udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz
+ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe
+LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl
+pYYsfPQS
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg
+MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
+dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz
+MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy
+dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD
+VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg
+xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu
+xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7
+XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k
+heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J
+YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C
+urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1
+JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51
+b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV
+9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7
+kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh
+fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy
+B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA
+aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS
+RGQDJereW26fyfJOrN3H
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS
+S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg
+SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3
+WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv
+bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU
+UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw
+bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe
+LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef
+J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh
+R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ
+Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX
+JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p
+zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S
+Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq
+ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4
+Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz
+gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH
+uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS
+y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
+MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
+KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
+A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
+5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
+SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
+JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
+ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
+AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
+AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
+CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
+b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
+7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
+0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
+nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
+x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
+33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
 -----END CERTIFICATE-----
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
-        Validity
-            Not Before: Sep  5 20:45:16 2002 GMT
-            Not After : Sep  9 20:45:16 2007 GMT
-        Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b3:16:b7:c5:f5:b9:69:51:1f:cd:b4:3d:70:cf:
-                    60:57:85:a4:2a:a7:5d:28:22:0e:ec:19:e2:92:f7:
-                    48:97:a6:a6:1f:51:95:83:11:8f:9a:98:a2:90:e0:
-                    cb:4a:24:19:94:a8:8a:4b:88:b4:06:6c:ce:77:d7:
-                    15:3b:3c:cd:66:83:cf:23:1d:0d:bc:0a:0c:cb:1f:
-                    cb:40:fb:f3:d9:fe:2a:b4:85:2c:7b:c9:a1:fe:f3:
-                    8f:68:1d:f2:12:b1:a4:16:19:ce:0f:b8:9a:9c:d9:
-                    bc:5f:49:62:b2:95:93:ce:5d:2e:dd:79:3c:f1:5b:
-                    a6:b7:a2:b5:39:0d:8e:12:31
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
-            X509v3 Authority Key Identifier: 
-                keyid:7F:1B:64:A1:2E:02:C5:A8:7D:B8:D1:B1:8B:06:9D:A3:A9:50:63:92
-                DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/Email=rhn-noc@redhat.com
-                serial:00
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        28:4d:42:e5:34:22:dd:c6:86:63:04:75:52:67:17:45:72:f2:
-        3b:21:2b:45:59:72:73:f7:59:36:9d:57:43:c6:dc:94:0f:0e:
-        ff:13:5c:4f:50:37:85:b2:e4:c2:1f:35:9f:74:f4:e7:53:fb:
-        a1:06:b8:39:ce:e4:0a:86:7b:5f:28:5d:c7:11:9e:12:a5:d6:
-        b9:6c:e9:18:09:d5:f0:42:e7:54:b5:91:9e:23:ad:12:7a:aa:
-        72:7c:39:3c:83:f8:75:a4:7b:03:92:ff:2a:d4:c5:76:19:12:
-        fa:b4:3b:b0:89:2c:95:8c:01:90:0d:d8:ba:06:05:61:00:ac:
-        95:da
------BEGIN CERTIFICATE-----
-MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
-BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
-EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMjA5MDUyMDQ1MTZaFw0wNzA5MDkyMDQ1
-MTZaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
-BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
-D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
-cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQCzFrfF9blpUR/NtD1wz2BXhaQqp10oIg7sGeKS
-90iXpqYfUZWDEY+amKKQ4MtKJBmUqIpLiLQGbM531xU7PM1mg88jHQ28CgzLH8tA
-+/PZ/iq0hSx7yaH+849oHfISsaQWGc4PuJqc2bxfSWKylZPOXS7deTzxW6a3orU5
-DY4SMQIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFH8bZKEuAsWofbjRsYsGnaOpUGOS
-MIHeBgNVHSMEgdYwgdOAFH8bZKEuAsWofbjRsYsGnaOpUGOSoYG3pIG0MIGxMQsw
-CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
-bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
-TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
-CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEEBQADgYEAKE1C5TQi3caGYwR1UmcXRXLyOyErRVlyc/dZNp1X
-Q8bclA8O/xNcT1A3hbLkwh81n3T051P7oQa4Oc7kCoZ7XyhdxxGeEqXWuWzpGAnV
-8ELnVLWRniOtEnqqcnw5PIP4daR7A5L/KtTFdhkS+rQ7sIkslYwBkA3YugYFYQCs
-ldo=
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
 -----END CERTIFICATE-----
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 0 (0x0)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
-        Validity
-            Not Before: Aug 29 02:10:55 2003 GMT
-            Not After : Aug 26 02:10:55 2013 GMT
-        Subject: C=US, ST=North Carolina, L=Raleigh, O=Red Hat, Inc., OU=Red Hat Network, CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bf:61:63:eb:3d:8b:2b:45:48:e6:c2:fb:7c:d2:
-                    21:21:b8:ec:90:93:41:30:7c:2c:8d:79:d5:14:e9:
-                    0e:7e:3f:ef:d6:0a:9b:0a:a6:02:52:01:2d:26:96:
-                    a4:ed:bd:a9:9e:aa:08:03:c1:61:0a:41:80:ea:ae:
-                    74:cc:61:26:d0:05:91:55:3e:66:14:a2:20:b3:d6:
-                    9d:71:0c:ab:77:cc:f4:f0:11:b5:25:33:8a:4e:22:
-                    9a:10:36:67:fa:11:6d:48:76:3a:1f:d2:e3:44:7b:
-                    89:66:be:b4:85:fb:2f:a6:aa:13:fa:9a:6d:c9:bb:
-                    18:c4:04:af:4f:15:69:89:9b
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-            69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
-            X509v3 Authority Key Identifier: 
-            keyid:69:44:27:05:DC:2E:ED:A5:F4:81:C4:D7:78:45:E7:44:5D:F8:87:47
-            DirName:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate Authority/emailAddress=rhn-noc@redhat.com
-            serial:00
-
-            X509v3 Basic Constraints: 
-            CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        23:c9:ca:07:9f:5e:96:39:83:e0:4e:da:dd:47:84:30:ca:d4:
-        d5:38:86:f9:de:88:83:ca:2c:47:26:36:ab:f4:14:1e:28:29:
-        de:7d:10:4a:5e:91:3e:5a:99:07:0c:a9:2e:e3:fb:78:44:49:
-        c5:32:d6:e8:7a:97:ff:29:d0:33:ae:26:ba:76:06:7e:79:97:
-        17:0c:4f:2d:2a:8b:8a:ac:41:59:ae:e9:c4:55:2d:b9:88:df:
-        9b:7b:41:f8:32:2e:ee:c9:c0:59:e2:30:57:5e:37:47:29:c0:
-        2d:78:33:d3:ce:a3:2b:dc:84:da:bf:3b:2e:4b:b6:b3:b6:4e:
-        9e:80
------BEGIN CERTIFICATE-----
-MIID7jCCA1egAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMRgwFgYDVQQLEw9SZWQgSGF0IE5ldHdvcmsxIjAg
-BgNVBAMTGVJITiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
-EnJobi1ub2NAcmVkaGF0LmNvbTAeFw0wMzA4MjkwMjEwNTVaFw0xMzA4MjYwMjEw
-NTVaMIGxMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAO
-BgNVBAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsT
-D1JlZCBIYXQgTmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhv
-cml0eTEhMB8GCSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC/YWPrPYsrRUjmwvt80iEhuOyQk0EwfCyNedUU
-6Q5+P+/WCpsKpgJSAS0mlqTtvameqggDwWEKQYDqrnTMYSbQBZFVPmYUoiCz1p1x
-DKt3zPTwEbUlM4pOIpoQNmf6EW1Idjof0uNEe4lmvrSF+y+mqhP6mm3JuxjEBK9P
-FWmJmwIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFGlEJwXcLu2l9IHE13hF50Rd+IdH
-MIHeBgNVHSMEgdYwgdOAFGlEJwXcLu2l9IHE13hF50Rd+IdHoYG3pIG0MIGxMQsw
-CQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1Jh
-bGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xGDAWBgNVBAsTD1JlZCBIYXQg
-TmV0d29yazEiMCAGA1UEAxMZUkhOIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8G
-CSqGSIb3DQEJARYScmhuLW5vY0ByZWRoYXQuY29tggEAMAwGA1UdEwQFMAMBAf8w
-DQYJKoZIhvcNAQEEBQADgYEAI8nKB59eljmD4E7a3UeEMMrU1TiG+d6Ig8osRyY2
-q/QUHigp3n0QSl6RPlqZBwypLuP7eERJxTLW6HqX/ynQM64munYGfnmXFwxPLSqL
-iqxBWa7pxFUtuYjfm3tB+DIu7snAWeIwV143RynALXgz086jK9yE2r87Lku2s7ZO
-noA=
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UE
+ChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9z
+dG1hc3RlcjEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkq
+hkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDMwMTE1MTYyOTE3
+WhcNMDcwMTE0MTYyOTE3WjCBvjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlh
+bmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4g
+dGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEgMB4GA1UE
+AxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkqhkiG9w0BCQEWFmhvc3Rt
+YXN0ZXJAc3BpLWluYy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPB6
+rdoiLR3RodtM22LMcfwfqb5OrJNl7fwmvskgF7yP6sdD2bOfDIXhg9852jhY8/kL
+VOFe1ELAL2OyN4RAxk0rliZQVgeTgqvgkOVIBbNwgnjN6mqtuWzFiPL+NXQExq40
+I3whM+4lEiwSHaV+MYxWanMdhc+kImT50LKfkxcdAgMBAAGjggEfMIIBGzAdBgNV
+HQ4EFgQUB63oQR1/vda/G4F6P4xLiN4E0vowgesGA1UdIwSB4zCB4IAUB63oQR1/
+vda/G4F6P4xLiN4E0vqhgcSkgcEwgb4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJ
+bmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxKDAmBgNVBAoTH1NvZnR3YXJl
+IGluIHRoZSBQdWJsaWMgSW50ZXJlc3QxEzARBgNVBAsTCmhvc3RtYXN0ZXIxIDAe
+BgNVBAMTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
+AQEEBQADgYEAm/Abn8c2y1nO3fgpAIslxvi9iNBZDhQtJ0VQZY6wgSfANyDOR4DW
+iexO/AlorB49KnkFS7TjCAoLOZhcg5FaNiKnlstMI5krQmau1Qnb/vGSNsE/UGms
+1ts+QYPUs0KmGEAFUri2XzLy+aQo9Kw74VBvqnxvaaMeY5yMcKNOieY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIIDjCCBfagAwIBAgIJAOiOtsn4KhQoMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlz
+MSgwJgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYD
+VQQLEwpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx
+JTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDgwNTEz
+MDgwNzU2WhcNMTgwNTExMDgwNzU2WjCBvDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdh
+cmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEe
+MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo
+b3N0bWFzdGVyQHNwaS1pbmMub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA3DbmR0LCxFF1KYdAw9iOIQbSGE7r7yC9kDyFEBOMKVuUY/b0LfEGQpG5
+GcRCaQi/izZF6igFM0lIoCdDkzWKQdh4s/Dvs24t3dHLfer0dSbTPpA67tfnLAS1
+fOH1fMVO73e9XKKTM5LOfYFIz2u1IiwIg/3T1c87Lf21SZBb9q1NE8re06adU1Fx
+Y0b4ShZcmO4tbZoWoXaQ4mBDmdaJ1mwuepiyCwMs43pPx93jzONKao15Uvr0wa8u
+jyoIyxspgpJyQ7zOiKmqp4pRQ1WFmjcDeJPI8L20QcgHQprLNZd6ioFl3h1UCAHx
+ZFy3FxpRvB7DWYd2GBaY7r/2Z4GLBjXFS21ZGcfSxki+bhQog0oQnBv1b7ypjvVp
+/rLBVcznFMn5WxRTUQfqzj3kTygfPGEJ1zPSbqdu1McTCW9rXRTunYkbpWry9vjQ
+co7qch8vNGopCsUK7BxAhRL3pqXTT63AhYxMfHMgzFMY8bJYTAH1v+pk1Vw5xc5s
+zFNaVrpBDyXfa1C2x4qgvQLCxTtVpbJkIoRRKFauMe5e+wsWTUYFkYBE7axt8Feo
++uthSKDLG7Mfjs3FIXcDhB78rKNDCGOM7fkn77SwXWfWT+3Qiz5dW8mRvZYChD3F
+TbxCP3T9PF2sXEg2XocxLxhsxGjuoYvJWdAY4wCAs1QnLpnwFVMCAwEAAaOCAg8w
+ggILMB0GA1UdDgQWBBQ0cdE41xU2g0dr1zdkQjuOjVKdqzCB8QYDVR0jBIHpMIHm
+gBQ0cdE41xU2g0dr1zdkQjuOjVKdq6GBwqSBvzCBvDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMf
+U29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1h
+c3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcN
+AQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggkA6I62yfgqFCgwDwYDVR0TAQH/
+BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAcwCQYDVR0SBAIwADAuBglghkgBhvhC
+AQ0EIRYfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDAwBglghkgBhvhC
+AQQEIxYhaHR0cHM6Ly9jYS5zcGktaW5jLm9yZy9jYS1jcmwucGVtMDIGCWCGSAGG
++EIBAwQlFiNodHRwczovL2NhLnNwaS1pbmMub3JnL2NlcnQtY3JsLnBlbTAhBgNV
+HREEGjAYgRZob3N0bWFzdGVyQHNwaS1pbmMub3JnMA4GA1UdDwEB/wQEAwIBBjAN
+BgkqhkiG9w0BAQUFAAOCAgEAtM294LnqsgMrfjLp3nI/yUuCXp3ir1UJogxU6M8Y
+PCggHam7AwIvUjki+RfPrWeQswN/2BXja367m1YBrzXU2rnHZxeb1NUON7MgQS4M
+AcRb+WU+wmHo0vBqlXDDxm/VNaSsWXLhid+hoJ0kvSl56WEq2dMeyUakCHhBknIP
+qxR17QnwovBc78MKYiC3wihmrkwvLo9FYyaW8O4x5otVm6o6+YI5HYg84gd1GuEP
+sTC8cTLSOv76oYnzQyzWcsR5pxVIBcDYLXIC48s9Fmq6ybgREOJJhcyWR2AFJS7v
+dVkz9UcZFu/abF8HyKZQth3LZjQl/GaD68W2MEH4RkRiqMEMVObqTFoo5q7Gt/5/
+O5aoLu7HaD7dAD0prypjq1/uSSotxdz70cbT0ZdWUoa2lOvUYFG3/B6bzAKb1B+P
++UqPti4oOxfMxaYF49LTtcYDyeFIQpvLP+QX4P4NAZUJurgNceQJcHdC2E3hQqlg
+g9cXiUPS1N2nGLar1CQlh7XU4vwuImm9rWgs/3K1mKoGnOcqarihk3bOsPN/nOHg
+T7jYhkalMwIsJWE3KpLIrIF0aGOHM3a9BX9e1dUCbb2v/ypaqknsmHlHU5H2DjRa
+yaXG67Ljxay2oHA1u8hRadDytaIybrw/oDc5fHE2pgXfDBLkFqfF1stjo5VwP+YE
+o2A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvjCCA3ygAwIBAgIFJQaThoEwCwYHKoZIzjgEAwUAMIGFMQswCQYDVQQGEwJG
+UjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczEQMA4GA1UEChMHUE0v
+U0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcN
+AQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAeFw0wMjEyMTMxNDM5MTVaFw0yMDEw
+MTcxNDM5MTRaMIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYD
+VQQHEwVQYXJpczEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAM
+BgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5m
+cjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCFkMImdk9zDzJfTO4XPdAAmLbAdWws
+ZiEMZh19RyTo3CyhFqO77OIXrwY6vc1pcc3MgWJ0dgQpAgrDMtmFFxpUu4gmjVsx
+8GpxQC+4VOgLY8Cvmcd/UDzYg07EIRto8BwCpPJ/JfUxwzV2V3N713aAX+cEoKZ/
+s+kgxC6nZCA7oQIVALME/JYjkdW2uKIGngsEPbXAjdhDAoGADh/uqWJx94UBm31c
+9d8ZTBfRGRnmSSRVFDgPWgA69JD4BR5da8tKz+1HjfMhDXljbMH86ixpD5Ka1Z0V
+pRYUPbyAoB37tsmXMJY7kjyD19d5VdaZboUjVvhH6UJy5lpNNNGSvFl4fqkxyvw+
+pq1QV0N5RcvK120hlXdfHUX+YKYDgYQAAoGAQGr7IuKJcYIvJRMjxwl43KxXY2xC
+aoCiM/bv117MfI94aNf1UusGhp7CbYAY9CXuL60P0oPMAajbaTE5Z34AuITeHq3Y
+CNMHwxalip8BHqSSGmGiQsXeK7T+r1rPXsccZ1c5ikGDZ4xn5gUaCyy2rCmb+fOJ
+6VAfCbAbAjmNKwejdzB1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgFGMBUG
+A1UdIAQOMAwwCgYIKoF6AXkBAQEwHQYDVR0OBBYEFPkeNRcUf8idzpKblYbLNxs0
+MQhSMB8GA1UdIwQYMBaAFPkeNRcUf8idzpKblYbLNxs0MQhSMAsGByqGSM44BAMF
+AAMvADAsAhRVh+CJA5eVyEYU5AO9Tm7GxX0rmQIUBCqsU5u1WxoZ5lEXicDX5/Ob
+sRQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ
+TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG
+9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw
+MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM
+BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO
+MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2
+LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI
+s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2
+xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4
+u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b
+F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx
+Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd
+PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV
+HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
+NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF
+AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ
+L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY
+YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg
+Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a
+NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R
+0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
+ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
+gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
+MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
+IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
+dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
+czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
+dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
+AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
+b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
+ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
+nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
+18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
+gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
+Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
+sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
+SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
+CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
+GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
+zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
+omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
+aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
+gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
+aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
+tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
+nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
+77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
+Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
+ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
+zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
+rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
+YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
+oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
+FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
+0m6lG5kngOcLqagA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp
+Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww
+HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES
+MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg
+MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B
+8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY
+tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl
+HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj
+zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU
+JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM
+ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv
+a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p
+K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi
+puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT
+yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO
+owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC
+jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy
+fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo
+Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo
+M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM
+Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed
+2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH
+/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl
+nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE
+O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU
+9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9
+j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs
+cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0
+MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl
+bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD
+DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r
+WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU
+Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs
+HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj
+z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf
+SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl
+AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG
+KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j
+BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX
+ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB
+ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd
+/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB
+A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn
+k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9
+iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv
+2G0xffX8oRAHh84vWdw+WNs=
 -----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 9712402c70..a2887b8eee 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -572,17 +572,6 @@ static int cert_tests(void)
     SSL_CTX *ssl_ctx;
     uint8_t *buf;
 
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
-            "../ssl/test/ca-bundle.crt", NULL))
-    {
-        printf("Cert #10\n");
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    exit(0);
-
     /* check a bunch of 3rd party certificates */
     ssl_ctx = ssl_ctx_new(0, 0);
     len = get_file("../ssl/test/microsoft.x509_ca", &buf);
@@ -706,7 +695,17 @@ static int cert_tests(void)
     x509_free(x509_ctx);
     free(buf);
 
-    res = 0;        /* all ok */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        printf("Cert #10\n");
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 
 bad_cert:
@@ -795,7 +794,7 @@ typedef struct
 static void do_client(client_t *clnt)
 {
     char openssl_buf[2048];
-    usleep(500000);           /* allow server to start */
+    usleep(200000);           /* allow server to start */
 
     /* show the session ids in the reconnect test */
     if (strcmp(clnt->testname, "Session Reuse") == 0)
@@ -1332,7 +1331,7 @@ static int SSL_client_test(
 #endif
     }
     
-    usleep(500000);           /* allow server to start */
+    usleep(200000);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1443,7 +1442,7 @@ static int SSL_client_test(
 client_test_exit:
     ssl_free(ssl);
     SOCKET_CLOSE(client_fd);
-    usleep(500000);           /* allow openssl to say something */
+    usleep(200000);           /* allow openssl to say something */
 
     if (sess_resume)
     {
@@ -1451,9 +1450,6 @@ static int SSL_client_test(
         {
             ssl_ctx_free(*ssl_ctx);
             *ssl_ctx = NULL;
-#ifndef WIN32
-            pthread_cancel(sess_resume->server_thread);
-#endif
         }
         else if (sess_resume->start_server)
         {
@@ -1466,9 +1462,6 @@ static int SSL_client_test(
     {
         ssl_ctx_free(*ssl_ctx);
         *ssl_ctx = NULL;
-#ifndef WIN32
-        pthread_cancel(thread);
-#endif
     }
 
     if (ret == 0)
@@ -1635,7 +1628,7 @@ static void do_basic(void)
     SSL *ssl_clnt;
     SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
                             DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-    usleep(500000);           /* allow server to start */
+    usleep(200000);           /* allow server to start */
 
     if ((client_fd = client_socket_init(g_port)) < 0)
         goto error;
@@ -1760,7 +1753,7 @@ void do_multi_clnt(multi_t *multi_data)
     if ((client_fd = client_socket_init(multi_data->port)) < 0)
         goto client_test_exit;
 
-    usleep(500000);
+    usleep(200000);
     ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
 
     if ((res = ssl_handshake_status(ssl)))
@@ -1937,7 +1930,7 @@ static int header_issue(void)
 
     size = fread(buf, 1, sizeof(buf), f);
     SOCKET_WRITE(client_fd, buf, size);
-    usleep(500000);
+    usleep(200000);
 
     ret = 0;
 error:
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 84632020a8..dd4130f5a4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -386,9 +386,8 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
  */
 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
-    int i = 0;
-    int offset;
     int ret = SSL_OK; /* ignore errors for now */
+    int i = 0;
     CA_CERT_CTX *ca_cert_ctx;
 
     if (ssl_ctx->ca_cert_ctx == NULL)
@@ -399,24 +398,26 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
         i++;
 
-    if (i >= CONFIG_X509_MAX_CA_CERTS)
+    while (len > 0)
     {
+        int offset;
+        if (i >= CONFIG_X509_MAX_CA_CERTS)
+        {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: maximum number of CA certs added - change of "
-                "compile-time configuration required\n");
+            printf("Error: maximum number of CA certs added - change of "
+                    "compile-time configuration required\n");
 #endif
-        goto error;
-    }
+            break;
+        }
 
-    ret = x509_new(buf, &offset, &ca_cert_ctx->cert[i]);
-    len -= offset;
-    ret = SSL_OK;           /* ok so far */
 
-    /* recurse? */
-    if (len > 0)
-        ret = add_cert_auth(ssl_ctx, &buf[offset], len);
+        /* ignore the return code */
+        if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+            i++;
+
+        len -= offset;
+    }
 
-error:
     return ret;
 }
 
diff --git a/ssl/x509.c b/ssl/x509.c
index c297ed67fc..185fd7591d 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -209,13 +209,15 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     ret = X509_OK;
 end_cert:
 
-#ifdef CONFIG_SSL_FULL_MODE
     if (ret)
     {
+#ifdef CONFIG_SSL_FULL_MODE
         printf("Error: Invalid X509 ASN.1 file (%s)\n",
                         x509_display_error(ret));
-    }
 #endif
+        x509_free(x509_ctx);
+        *ctx = NULL;
+    }
 
     return ret;
 }

From ab9ddd16f59d5401a3c5c490585b5931c1af7e95 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 Jan 2011 13:09:50 +0000
Subject: [PATCH 160/301] Added support to v1.0 http (which apache's ab tool
 uses)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@191 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/axhttp.h |  1 +
 httpd/proc.c   | 19 +++++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index 961edeecf6..a741455b70 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -85,6 +85,7 @@ struct connstruct
     int numbytes;
     char databuf[BLOCKSIZE];
     uint8_t is_ssl;
+    uint8_t is_v1_0;
     uint8_t close_when_done;
     time_t if_modified_since;
 
diff --git a/httpd/proc.c b/httpd/proc.c
index b9140cdc3b..b8ba55df63 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -103,7 +103,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
         if ((delim = strchr(value, ' ')) == NULL)       /* expect HTTP type */
             return 0;
 
-        *delim = 0;
+        *delim++ = 0;
         urldecode(value);
 
         if (sanitizefile(value) == 0) 
@@ -118,6 +118,8 @@ static int procheadelem(struct connstruct *cn, char *buf)
         my_strncpy(cn->filereq, value, MAXREQUESTLENGTH);
 #endif
         cn->if_modified_since = -1;
+        if (strcmp(delim, "HTTP/1.0") == 0) /* v1.0 HTTP? */
+            cn->is_v1_0 = 1;
     } 
     else if (strcasecmp(buf, "Host:") == 0) 
     {
@@ -315,7 +317,7 @@ void procreadhead(struct connstruct *cn)
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
-        if (rv < 0) /* really dead? */
+        if (rv < 0 || !cn->is_ssl) /* really dead? */
             removeconnection(cn);
         return;
     }
@@ -512,9 +514,14 @@ void procreadfile(struct connstruct *cn)
         if (cn->close_when_done)        /* close immediately */
             removeconnection(cn);
         else 
-        {                               /* keep socket open - HTTP 1.1 */
-            cn->state = STATE_WANT_TO_READ_HEAD;
-            cn->numbytes = 0;
+        {
+            if (cn->is_v1_0)    /* die now */
+                removeconnection(cn);
+            else                /* keep socket open - HTTP 1.1 */
+            {
+                cn->state = STATE_WANT_TO_READ_HEAD;
+                cn->numbytes = 0;
+            }
         }
 
         return;
@@ -853,7 +860,7 @@ void read_post_data(struct connstruct *cn)
     rv = special_read(cn, buf, sizeof(buf)-1);
     if (rv <= 0) 
     {
-        if (rv < 0) /* really dead? */
+        if (rv < 0 || !cn->is_ssl) /* really dead? */
             removeconnection(cn);
         return;
     }

From 9e1cb29c54ad9559454ad9b4beee4ce9de73c99b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 8 Jan 2011 03:44:47 +0000
Subject: [PATCH 161/301] Added comments to hmac and rc4 code and extra
 diagnotics to cert # out of bounds.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@192 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/hmac.c  |  4 ++++
 crypto/rc4.c   |  2 +-
 ssl/tls1.c     | 10 ++++++----
 www/index.html |  2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index 7670a9e583..24a04d77ae 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -30,6 +30,8 @@
 
 /**
  * HMAC implementation - This code was originally taken from RFC2104
+ * See http://www.ietf.org/rfc/rfc2104.txt and
+ * http://www.faqs.org/rfcs/rfc2202.html
  */
 
 #include <string.h>
@@ -38,6 +40,7 @@
 
 /**
  * Perform HMAC-MD5
+ * NOTE: does not handle keys larger than the block size.
  */
 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest)
@@ -70,6 +73,7 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
 
 /**
  * Perform HMAC-SHA1
+ * NOTE: does not handle keys larger than the block size.
  */
 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest)
diff --git a/crypto/rc4.c b/crypto/rc4.c
index ec8b24711b..12a121151d 100644
--- a/crypto/rc4.c
+++ b/crypto/rc4.c
@@ -67,12 +67,12 @@ void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
 /**
  * Perform the encrypt/decrypt operation (can use it for either since
  * this is a stream cipher).
+ * NOTE: *msg and *out must be the same pointer (performance tweak)
  */
 void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
 { 
     int i;
     uint8_t *m, x, y, a, b;
-    out = (uint8_t *)msg; 
 
     x = ctx->x;
     y = ctx->y;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index dd4130f5a4..6d86d8e77e 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -347,8 +347,9 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
     {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: maximum number of certs added - change of "
-                "compile-time configuration required\n");
+        printf("Error: maximum number of certs added (%d) - change of "
+                "compile-time configuration required\n",
+                CONFIG_SSL_MAX_CERTS);
 #endif
         goto error;
     }
@@ -404,8 +405,9 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
         if (i >= CONFIG_X509_MAX_CA_CERTS)
         {
 #ifdef CONFIG_SSL_FULL_MODE
-            printf("Error: maximum number of CA certs added - change of "
-                    "compile-time configuration required\n");
+            printf("Error: maximum number of CA certs added (%d) - change of "
+                    "compile-time configuration required\n", 
+                    CONFIG_X509_MAX_CA_CERTS);
 #endif
             break;
         }
diff --git a/www/index.html b/www/index.html
index aef580ae62..9a98eb3216 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201101022253" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201101071321" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 7ddde6ec6bde3708298cc0a1ec4e7a09f9923dbd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 9 Jan 2011 22:19:05 +0000
Subject: [PATCH 162/301] Some fixes after scan-build.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@193 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 9 ++-------
 ssl/tls1_clnt.c    | 7 +++++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index a2887b8eee..f26a881ef7 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -515,7 +515,6 @@ static int RSA_test(void)
     bigint *plaintext_bi;
     bigint *enc_data_bi, *dec_data_bi;
     uint8_t enc_data2[128], dec_data2[128];
-    int size;
     int len; 
     uint8_t *buf;
 
@@ -546,7 +545,7 @@ static int RSA_test(void)
     }
 
     RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
-    size = RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
+    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
     if (memcmp("abc", dec_data2, 3))
     {
         printf("Error: ENCRYPT/DECRYPT #2 failed\n");
@@ -921,17 +920,14 @@ static int SSL_server_test(
         
         if (size == SSL_CLOSE_NOTIFY)
         {
-            ret = SSL_OK;
+            /* do nothing */ 
         }
         else if (size < SSL_OK) /* got some alert or something nasty */
         {
             ret = size;
 
             if (ret == SSL_ERROR_CONN_LOST)
-            {
-                ret = SSL_OK;
                 continue;
-            }
 
             break;  /* we've got a problem */
         }
@@ -1092,7 +1088,6 @@ int SSL_server_tests(void)
 
         printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
         TTY_FLUSH();
-        ret = 0;    /* is ok */
     }
 
     /* this test should fail */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 3fb7f627d5..cb1be7724f 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -51,7 +51,6 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         uint8_t *session_id, uint8_t sess_id_size)
 {
     SSL *ssl;
-    int ret;
 
     SOCKET_BLOCK(client_fd);    /* ensure blocking mode */
     ssl = ssl_new(ssl_ctx, client_fd);
@@ -70,7 +69,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
     }
 
     SET_SSL_FLAG(SSL_IS_CLIENT);
-    ret = do_client_connect(ssl);
+    do_client_connect(ssl);
     return ssl;
 }
 
@@ -130,6 +129,10 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
             disposable_new(ssl);
             ret = do_client_connect(ssl);
             break;
+
+        default:
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            break;
     }
 
     return ret;

From f2dabd56b755425e42cab2cd6599772e2253bbbb Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 14 Jan 2011 13:57:34 +0000
Subject: [PATCH 163/301] Allow non-blocked ssl_client_new() operation.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@194 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h       |  1 +
 ssl/tls1_clnt.c | 29 ++++++++++++++++-------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 009944046d..6778837f9e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -82,6 +82,7 @@ extern "C" {
 #define SSL_DISPLAY_BYTES                       0x00100000
 #define SSL_DISPLAY_CERTS                       0x00200000
 #define SSL_DISPLAY_RSA                         0x00400000
+#define SSL_CLIENT_NON_BLOCKING                 0x00800000
 
 /* errors that can be generated */
 #define SSL_OK                                  0
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index cb1be7724f..510126ab15 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -151,23 +151,26 @@ int do_client_connect(SSL *ssl)
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 
     /* sit in a loop until it all looks good */
-    while (ssl->hs_status != SSL_OK)
+    if (!IS_SET_SSL_FLAG(SSL_CLIENT_NON_BLOCKING))
     {
-        ret = basic_read(ssl, NULL);
-        
-        if (ret < SSL_OK)
-        { 
-            if (ret != SSL_ERROR_CONN_LOST)
-            {
-                /* let the server know we are dying and why */
-                if (send_alert(ssl, ret))
+        while (ssl->hs_status != SSL_OK)
+        {
+            ret = basic_read(ssl, NULL);
+            
+            if (ret < SSL_OK)
+            { 
+                if (ret != SSL_ERROR_CONN_LOST)
                 {
-                    /* something nasty happened, so get rid of it */
-                    kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+                    /* let the server know we are dying and why */
+                    if (send_alert(ssl, ret))
+                    {
+                        /* something nasty happened, so get rid of it */
+                        kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+                    }
                 }
-            }
 
-            break;
+                break;
+            }
         }
     }
 

From e68581f0c21285ae3a720d10eba015c66678749c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 14 Jan 2011 14:10:36 +0000
Subject: [PATCH 164/301] Small code factoring improvement to
 do_client_connect()

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@195 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_clnt.c | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 510126ab15..f846ffdc94 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -155,22 +155,10 @@ int do_client_connect(SSL *ssl)
     {
         while (ssl->hs_status != SSL_OK)
         {
-            ret = basic_read(ssl, NULL);
+            ret = ssl_read(ssl, NULL);
             
             if (ret < SSL_OK)
-            { 
-                if (ret != SSL_ERROR_CONN_LOST)
-                {
-                    /* let the server know we are dying and why */
-                    if (send_alert(ssl, ret))
-                    {
-                        /* something nasty happened, so get rid of it */
-                        kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
-                    }
-                }
-
                 break;
-            }
         }
     }
 

From 529d87ba097764db4a30fda2d99be06dc38fc6cc Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 14 Jan 2011 23:25:33 +0000
Subject: [PATCH 165/301] Added Visual Studio 2010 support and fixed some VS
 compilation issues. Removed code to force blocking mode.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@196 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/Config.in     | 10 +++++++++-
 config/makefile.conf |  9 +++++++--
 crypto/bigint.c      |  3 ++-
 crypto/crypto_misc.c |  3 ++-
 ssl/os_port.h        |  5 +----
 ssl/ssl.h            |  8 +++++---
 ssl/tls1.c           |  9 +++++++++
 ssl/tls1_clnt.c      |  5 +----
 8 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/config/Config.in b/config/Config.in
index bc11f69d24..c42bcefb76 100644
--- a/config/Config.in
+++ b/config/Config.in
@@ -58,7 +58,7 @@ depends on CONFIG_PLATFORM_WIN32
 choice 
     prompt "Compiler"
     depends on CONFIG_PLATFORM_WIN32
-    default CONFIG_VISUAL_STUDIO_7_0
+    default CONFIG_VISUAL_STUDIO_10_0
 
 config CONFIG_VISUAL_STUDIO_7_0
     bool "Visual Studio 7.0 (2003)"
@@ -70,6 +70,10 @@ config CONFIG_VISUAL_STUDIO_8_0
     help 
         Use Microsoft's Visual Studio 2005 platform.
 
+config CONFIG_VISUAL_STUDIO_10_0
+    bool "Visual Studio 10.0 (2010)"
+    help 
+        Use Microsoft's Visual Studio 2010 platform.
 endchoice
 
 config CONFIG_VISUAL_STUDIO_7_0_BASE
@@ -82,6 +86,10 @@ config CONFIG_VISUAL_STUDIO_8_0_BASE
     depends on CONFIG_VISUAL_STUDIO_8_0
     default "c:\\Program Files\\Microsoft Visual Studio 8"
 
+config CONFIG_VISUAL_STUDIO_10_0_BASE
+    string "Base"
+    depends on CONFIG_VISUAL_STUDIO_10_0
+    default "c:\\Program Files\\Microsoft Visual Studio 10.0"
 endmenu
 
 config CONFIG_EXTRA_CFLAGS_OPTIONS
diff --git a/config/makefile.conf b/config/makefile.conf
index 9f9db13301..9b2373ccf4 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -48,16 +48,21 @@ CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_
 export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
 export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
-else 
+endif
 ifdef CONFIG_VISUAL_STUDIO_8_0
 CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
 export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
 export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
 PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_10_0
+CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH)
 stuff:
 	@echo $(INCLUDE)
 endif
-endif
 
 CC=cl.exe
 LD=link.exe
diff --git a/crypto/bigint.c b/crypto/bigint.c
index 93195c623b..80a991b220 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -826,6 +826,7 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
 
     do 
     {
+        long_comp tmp;
         comp carry = 0;
         int r_index = i;
         j = 0;
@@ -843,7 +844,7 @@ static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib,
                 break;
             }
 
-            long_comp tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
+            tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
             sr[r_index++] = (comp)tmp;              /* downsize */
             carry = tmp >> COMP_BIT_SIZE;
         } while (++j < n);
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 8bca842c19..8e7cbf9c5d 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -177,11 +177,12 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     struct timeval tv;
     MD5_CTX rng_digest_ctx;
     uint8_t digest[MD5_SIZE];
+    uint64_t *ep;
     int i;
 
     /* A proper implementation would use counters etc for entropy */
     gettimeofday(&tv, NULL);    
-    uint64_t *ep = (uint64_t *)entropy_pool;
+    ep = (uint64_t *)entropy_pool;
     ep[0] ^= ENTROPY_COUNTER1;
     ep[1] ^= ENTROPY_COUNTER2; 
 
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 0efd6ae708..af71651a8e 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -82,8 +82,6 @@ extern "C" {
 #define SOCKET_READ(A,B,C)      recv(A,B,C,0)
 #define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
 #define SOCKET_CLOSE(A)         closesocket(A)
-#define SOCKET_BLOCK(A)         u_long argp = 0; \
-                                ioctlsocket(A, FIONBIO, &argp)
 #define srandom(A)              srand(A)
 #define random()                rand()
 #define getpid()                _getpid()
@@ -143,6 +141,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #include <netdb.h>
 #include <dirent.h>
 #include <fcntl.h>
+#include <errno.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/socket.h>
@@ -153,8 +152,6 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #define SOCKET_READ(A,B,C)      read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     write(A,B,C)
 #define SOCKET_CLOSE(A)         if (A >= 0) close(A)
-#define SOCKET_BLOCK(A)         int fd = fcntl(A, F_GETFL, NULL); \
-                                fcntl(A, F_SETFL, fd & ~O_NONBLOCK)
 #define TTY_FLUSH()
 
 #endif  /* Not Win32 */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6778837f9e..c379e02e76 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -197,7 +197,8 @@ extern "C" {
  * are passed during a handshake.
  * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
  * are passed during a handshake.
- *
+ * - SSL_CLIENT_NON_BLOCKING (client only): Use non-blocking version of 
+ * ssl_client_new.
  * @param num_sessions [in] The number of sessions to be used for session
  * caching. If this value is 0, then there is no session caching. This option
  * is not used in skeleton mode.
@@ -231,8 +232,9 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * It is up to the application to establish the initial logical connection 
  * (whether it is  a socket, serial connection etc).
  *
- * This is a blocking call - it will finish when the handshake is complete (or
- * has failed).
+ * This is a normall a blocking call - it will finish when the handshake is 
+ * complete (or has failed). To use in non-blocking mode, set 
+ * SSL_CLIENT_NON_BLOCKING in ssl_ctx_new.
  * @param ssl_ctx [in] The client context.
  * @param client_fd [in] The client's file descriptor.
  * @param session_id [in] A 32 byte session id for session resumption. This 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6d86d8e77e..3060faebd2 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -287,6 +287,7 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
     int ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
+
     if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
     {
         if (ret != SSL_ERROR_CONN_LOST)
@@ -1159,6 +1160,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
+    if (ret < 0) 
+#ifdef WIN32
+        if (GetLastError() == WSAEWOULDBLOCK)
+#else
+        if (errno == EAGAIN || errno == EWOULDBLOCK)
+#endif
+            return 0;
+
     /* connection has gone, so die */
     if (read_len <= 0)
     {
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index f846ffdc94..676d01c55a 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -50,10 +50,7 @@ static int send_cert_verify(SSL *ssl);
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         uint8_t *session_id, uint8_t sess_id_size)
 {
-    SSL *ssl;
-
-    SOCKET_BLOCK(client_fd);    /* ensure blocking mode */
-    ssl = ssl_new(ssl_ctx, client_fd);
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
 
     if (session_id && ssl_ctx->num_sessions)
     {

From faba18dfc1f4d4116bc682ebb7b644244302815f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 16 Jan 2011 21:44:03 +0000
Subject: [PATCH 166/301] Check made in ssl_write for EAGAIN return from
 write().

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@197 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h  | 14 ++++++++------
 ssl/tls1.c | 25 +++++++++++++++----------
 2 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index c379e02e76..71b09a134f 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -197,8 +197,8 @@ extern "C" {
  * are passed during a handshake.
  * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
  * are passed during a handshake.
- * - SSL_CLIENT_NON_BLOCKING (client only): Use non-blocking version of 
- * ssl_client_new.
+ * - SSL_CLIENT_NON_BLOCKING (client only): To use a non-blocking version of 
+ * ssl_client_new().
  * @param num_sessions [in] The number of sessions to be used for session
  * caching. If this value is 0, then there is no session caching. This option
  * is not used in skeleton mode.
@@ -232,9 +232,9 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * It is up to the application to establish the initial logical connection 
  * (whether it is  a socket, serial connection etc).
  *
- * This is a normall a blocking call - it will finish when the handshake is 
+ * This is a normally a blocking call - it will finish when the handshake is 
  * complete (or has failed). To use in non-blocking mode, set 
- * SSL_CLIENT_NON_BLOCKING in ssl_ctx_new.
+ * SSL_CLIENT_NON_BLOCKING in ssl_ctx_new().
  * @param ssl_ctx [in] The client context.
  * @param client_fd [in] The client's file descriptor.
  * @param session_id [in] A 32 byte session id for session resumption. This 
@@ -257,7 +257,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl);
 
 /**
  * @brief Read the SSL data stream.
- * The socket must be in blocking mode.
+ * If the socket is non-blocking and data is blocked then SSO_OK will be
+ * returned.
  * @param ssl [in] An SSL object reference.
  * @param in_data [out] If the read was successful, a pointer to the read
  * buffer will be here. Do NOT ever free this memory as this buffer is used in
@@ -274,7 +275,8 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
 
 /**
  * @brief Write to the SSL data stream. 
- * The socket must be in blocking mode.
+ * if the socket is non-blocking and data is blocked then a check is made
+ * to ensure that all data is sent (i.e. blocked mode is forced).
  * @param ssl [in] An SSL obect reference.
  * @param out_data [in] The data to be written
  * @param out_len [in] The number of bytes to be written.
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 3060faebd2..4bc2f1a6bb 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -939,14 +939,21 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 
     while (sent < pkt_size)
     {
-        if ((ret = SOCKET_WRITE(ssl->client_fd, 
-                        &ssl->bm_all_data[sent], pkt_size)) < 0)
+        ret = SOCKET_WRITE(ssl->client_fd, 
+                        &ssl->bm_all_data[sent], pkt_size);
+
+        if (ret >= 0)
+            sent += ret;
+        else
         {
-            ret = SSL_ERROR_CONN_LOST;
-            break;
-        }
 
-        sent += ret;
+#ifdef WIN32
+            if (GetLastError() != WSAEWOULDBLOCK)
+#else
+            if (errno != EAGAIN && errno != EWOULDBLOCK)
+#endif
+                return SSL_ERROR_CONN_LOST;
+        }
 
         /* keep going until the write buffer has some space */
         if (sent != pkt_size)
@@ -955,11 +962,9 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
             FD_ZERO(&wfds);
             FD_SET(ssl->client_fd, &wfds);
 
+            /* block and wait for it */
             if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
-            {
-                ret = SSL_ERROR_CONN_LOST;
-                break;
-            }
+                return SSL_ERROR_CONN_LOST;
         }
     }
 

From 2c092baa283d5a8c5e86725b48fa9021e8352657 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 16 Jan 2011 21:59:50 +0000
Subject: [PATCH 167/301] Name change to SSL_CONNECT_IN_PARTS as last name was
 ambiguous.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@198 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h       | 6 +++---
 ssl/tls1_clnt.c | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 71b09a134f..198efc6899 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -82,7 +82,7 @@ extern "C" {
 #define SSL_DISPLAY_BYTES                       0x00100000
 #define SSL_DISPLAY_CERTS                       0x00200000
 #define SSL_DISPLAY_RSA                         0x00400000
-#define SSL_CLIENT_NON_BLOCKING                 0x00800000
+#define SSL_CONNECT_IN_PARTS                    0x00800000
 
 /* errors that can be generated */
 #define SSL_OK                                  0
@@ -197,7 +197,7 @@ extern "C" {
  * are passed during a handshake.
  * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
  * are passed during a handshake.
- * - SSL_CLIENT_NON_BLOCKING (client only): To use a non-blocking version of 
+ * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 
  * ssl_client_new().
  * @param num_sessions [in] The number of sessions to be used for session
  * caching. If this value is 0, then there is no session caching. This option
@@ -234,7 +234,7 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  *
  * This is a normally a blocking call - it will finish when the handshake is 
  * complete (or has failed). To use in non-blocking mode, set 
- * SSL_CLIENT_NON_BLOCKING in ssl_ctx_new().
+ * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
  * @param ssl_ctx [in] The client context.
  * @param client_fd [in] The client's file descriptor.
  * @param session_id [in] A 32 byte session id for session resumption. This 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 676d01c55a..3937015e78 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -148,7 +148,7 @@ int do_client_connect(SSL *ssl)
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 
     /* sit in a loop until it all looks good */
-    if (!IS_SET_SSL_FLAG(SSL_CLIENT_NON_BLOCKING))
+    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
     {
         while (ssl->hs_status != SSL_OK)
         {

From 18c3faf4a875fb4919ae5deee8c415736ecce6eb Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Jan 2011 22:41:03 +0000
Subject: [PATCH 168/301] added test case for non-blocking sockets.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@199 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 132 +++++++++++++++++++++++++++++++++++++++++++++
 ssl/tls1.c         |   4 +-
 2 files changed, 135 insertions(+), 1 deletion(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index f26a881ef7..50516e6dda 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1725,6 +1725,133 @@ static int SSL_basic_test(void)
     return ret;
 }
 
+/**************************************************************************
+ * SSL unblocked case
+ *
+ **************************************************************************/
+static void do_unblocked(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, 
+                            SSL_DEFAULT_CLNT_SESS |
+                            SSL_CONNECT_IN_PARTS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    {
+#ifdef WIN32
+        u_long argp = 1;
+        ioctlsocket(client_fd, FIONBIO, &argp);
+#else
+        int flags = fcntl(client_fd, F_GETFL, NULL);
+        fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
+#endif
+    }
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+
+    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
+    {
+        if (ssl_read(ssl_clnt, NULL) < 0)
+        {
+            ssl_display_error(ssl_handshake_status(ssl_clnt));
+            goto error;
+        }
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_unblocked_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_unblocked, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked, 
+                        NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL unblocked test passed\n" :
+                            "SSL unblocked test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
 #if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
 /**************************************************************************
  * Multi-Threading Tests
@@ -2035,6 +2162,11 @@ int main(int argc, char *argv[])
 
     system("sh ../ssl/test/killopenssl.sh");
 
+    if (SSL_unblocked_test())
+        goto cleanup;
+
+    system("sh ../ssl/test/killopenssl.sh");
+
     if (SSL_client_tests())
         goto cleanup;
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4bc2f1a6bb..6bcb2bb214 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1165,13 +1165,15 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
-    if (ret < 0) 
+    if (read_len < 0) 
+    {
 #ifdef WIN32
         if (GetLastError() == WSAEWOULDBLOCK)
 #else
         if (errno == EAGAIN || errno == EWOULDBLOCK)
 #endif
             return 0;
+    }
 
     /* connection has gone, so die */
     if (read_len <= 0)

From e254859fb018737dfe3bb8961b824d21364712e9 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 20 Jan 2011 08:51:42 +0000
Subject: [PATCH 169/301] Default is always 150 regardless of ssl
 configuration.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@200 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/Config.in b/ssl/Config.in
index cd84c9566f..ce2fdbc9b7 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -252,7 +252,7 @@ config CONFIG_SSL_EXPIRY_TIME
 
 config CONFIG_X509_MAX_CA_CERTS
     int "Maximum number of certificate authorites"
-    default 150 if CONFIG_SSL_CERT_VERIFICATION
+    default 150
     depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
         Determines the number of CA's allowed. 

From 9c91e355da22e680c27dfc7380320c3b00b549d9 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 24 Jan 2011 22:49:20 +0000
Subject: [PATCH 170/301] Now load PEM cert bundles correctly for verification.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@201 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c   | 10 +++++-----
 ssl/loader.c | 12 ++++--------
 ssl/tls1.c   | 19 ++++++-------------
 ssl/x509.c   |  2 +-
 4 files changed, 16 insertions(+), 27 deletions(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index d99b0a8b54..b30d89114e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -433,13 +433,13 @@ int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
  */
 static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
 {
-    int ret = 1;
+    int ret;
 
-    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
-
-    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
+    if (dn1 == NULL && dn2 == NULL)
+        ret = 0;
+    else
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
 
-err_no_match:
     return ret;
 }
 
diff --git a/ssl/loader.c b/ssl/loader.c
index 96679a5667..7bb3c671a9 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -303,7 +303,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
             if ((start = strstr(where, begins[i])) &&
                     (end = strstr(where, ends[i])))
             {
-                remain -= (int)(end-start);
+                remain -= (int)(end-where);
                 start += strlen(begins[i]);
                 pem_size = (int)(end-start);
 
@@ -362,20 +362,16 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
                     remain--;
                 }
 
+                where = end;
                 break;
             }
         }
 
         ssl_obj_free(ssl_obj);
         ssl_obj = NULL;
-
-        if (i == NUM_PEM_TYPES)
-        {
-            ret = SSL_ERROR_BAD_CERTIFICATE;
-            goto error;
-        }
+        if (start == NULL)
+           break;
     }
-
 error:
     ssl_obj_free(ssl_obj);
     return ret;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6bcb2bb214..dc8f4ddb14 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -416,7 +416,13 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 
         /* ignore the return code */
         if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+        {
+#if defined (CONFIG_SSL_FULL_MODE)
+            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+                x509_print(ca_cert_ctx->cert[i], NULL);
+#endif
             i++;
+        }
 
         len -= offset;
     }
@@ -1808,7 +1814,6 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
             goto error;
         }
 
-        /* DISPLAY_CERT(ssl, *chain); */
         chain = &((*chain)->next);
         offset += cert_size;
     }
@@ -1898,18 +1903,6 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
     TTY_FLUSH();
 }
 
-/**
- * Debugging routine to display X509 certificates.
- */
-void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
-        return;
-
-    x509_print(x509_ctx, ssl->ssl_ctx->ca_cert_ctx);
-    TTY_FLUSH();
-}
-
 /**
  * Debugging routine to display RSA objects
  */
diff --git a/ssl/x509.c b/ssl/x509.c
index 185fd7591d..bea9173d2d 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -367,7 +367,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
        if (ca_cert_ctx != NULL) 
        {
             /* go thu the CA store */
-           while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
             {
                 if (asn1_compare_dn(cert->ca_cert_dn,
                                             ca_cert_ctx->cert[i]->cert_dn) == 0)

From 7f3d1265ef386020fea6105407af9d93951c0792 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 8 Feb 2011 11:38:05 +0000
Subject: [PATCH 171/301] fixed issue with bad certs on cygwin

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@202 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/loader.c       | 2 +-
 ssl/test/ssltest.c | 4 ++--
 ssl/tls1.c         | 2 +-
 ssl/x509.c         | 6 ++----
 www/index.html     | 2 +-
 5 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/ssl/loader.c b/ssl/loader.c
index 7bb3c671a9..6009cba360 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -136,7 +136,7 @@ static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
         case SSL_OBJ_X509_CACERT:
-            ret = add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
             break;
 #endif
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 50516e6dda..9e86004d21 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -703,13 +703,13 @@ static int cert_tests(void)
     }
 
     ssl_ctx_free(ssl_ctx);
-
-res = 0;        /* all ok */
+    res = 0;        /* all ok */
     printf("All Certificate tests passed\n");
 
 bad_cert:
     if (res)
         printf("Error: A certificate test failed\n");
+
     return res;
 }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index dc8f4ddb14..c332ff81f4 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -421,9 +421,9 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
             if (ssl_ctx->options & SSL_DISPLAY_CERTS)
                 x509_print(ca_cert_ctx->cert[i], NULL);
 #endif
-            i++;
         }
 
+        i++;
         len -= offset;
     }
 
diff --git a/ssl/x509.c b/ssl/x509.c
index bea9173d2d..cb007fbbc7 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -200,15 +200,13 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
             asn1_signature(cert, &offset, x509_ctx))
         goto end_cert;
 #endif
-
+    ret = X509_OK;
+end_cert:
     if (len)
     {
         *len = cert_size;
     }
 
-    ret = X509_OK;
-end_cert:
-
     if (ret)
     {
 #ifdef CONFIG_SSL_FULL_MODE
diff --git a/www/index.html b/www/index.html
index 9a98eb3216..4bfe7c7697 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201101071321" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201101252145" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 222f2d98f16f58f02f33902a2cc0b8d73e9aa905 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 11 Feb 2011 12:43:01 +0000
Subject: [PATCH 172/301] Fixed SOCKET_WRITE() when blocked.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@203 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/axhttpd.c | 5 +++++
 ssl/tls1.c      | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index bb54e487ca..d4b1f4926b 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -34,7 +34,10 @@
 #include <signal.h>
 #include <stdlib.h>
 #include <sys/stat.h>
+
+#if !defined(WIN32)
 #include <pwd.h>
+#endif
 #include "axhttp.h"
 
 struct serverstruct *servers;
@@ -614,7 +617,9 @@ void removeconnection(struct connstruct *cn)
             cn->ssl = NULL;
         }
 
+#ifndef WIN32
         shutdown(cn->networkdesc, SHUT_WR);
+#endif
         SOCKET_CLOSE(cn->networkdesc);
     }
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c332ff81f4..d8bcf239e1 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -946,7 +946,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
     while (sent < pkt_size)
     {
         ret = SOCKET_WRITE(ssl->client_fd, 
-                        &ssl->bm_all_data[sent], pkt_size);
+                        &ssl->bm_all_data[sent], pkt_size-sent);
 
         if (ret >= 0)
             sent += ret;

From 2ae9a3ec830f691490b361df47345940bd228ff4 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 26 Apr 2011 20:33:55 +0000
Subject: [PATCH 173/301] Started to implement TLS1.1 (but disabled for now)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@204 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in   |  2 +-
 ssl/tls1.c      | 40 +++++++++++++++++++++++++++++-----------
 ssl/tls1.h      |  7 +++++++
 ssl/tls1_clnt.c | 19 ++++++++++++++-----
 ssl/tls1_svr.c  | 29 +++++++++++++++++------------
 www/index.html  |  2 +-
 6 files changed, 69 insertions(+), 30 deletions(-)

diff --git a/ssl/Config.in b/ssl/Config.in
index ce2fdbc9b7..b8cd8e4be7 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -192,7 +192,7 @@ config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
 
 config CONFIG_SSL_ENABLE_V23_HANDSHAKE
     bool "Enable v23 Handshake"
-    default y
+    default n
     help
         Some browsers use the v23 handshake client hello message 
         (an SSL2 format message which all SSL servers can understand). 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index d8bcf239e1..ded4c0284f 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -287,7 +287,6 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
     int ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
-
     if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
     {
         if (ret != SSL_ERROR_CONN_LOST)
@@ -695,19 +694,38 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
    
     if (ssl->cipher_info->padding_size)
     {
-        hmac_offset = read_len-buf[read_len-1]-ssl->cipher_info->digest_size-1;
+        int last_blk_size = buf[read_len-1], i;
+        hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
+
+        /* guard against a timing attack - make sure we do the digest */
+        if (hmac_offset < 0 || last_blk_size > ssl->cipher_info->padding_size)
+        {
+            hmac_offset = 0;
+        }
+        else
+        {
+            /* already looked at last byte */
+            for (i = 1; i < last_blk_size; i++)
+            {
+                if (buf[read_len-i] != last_blk_size)
+                {
+                    hmac_offset = 0;
+                    break;
+                }
+            }
+        }
     }
     else
     {
         hmac_offset = read_len - ssl->cipher_info->digest_size;
-    }
 
-    /* sanity check the offset */
-    if (hmac_offset < 0)
-    {
-        return SSL_ERROR_INVALID_HMAC;
+        if (hmac_offset < 0)
+        {
+            hmac_offset = 0;
+        }
     }
 
+    /* sanity check the offset */
     ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
     ssl->hmac_header[4] = hmac_offset & 0xff;
     add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
@@ -935,8 +953,8 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
     int ret = SSL_OK;
 
     rec_buf[0] = protocol;
-    rec_buf[1] = 0x03;      /* version = 3.1 (TLS) */
-    rec_buf[2] = 0x01;
+    rec_buf[1] = 0x03;      /* version = 3.1 or higher */
+    rec_buf[2] = ssl->version & 0x0f;
     rec_buf[3] = ssl->bm_index >> 8;
     rec_buf[4] = ssl->bm_index & 0xff;
 
@@ -1011,8 +1029,8 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         uint8_t hmac_header[SSL_RECORD_SIZE];
 
         hmac_header[0] = protocol;
-        hmac_header[1] = 0x03;
-        hmac_header[2] = 0x01;
+        hmac_header[1] = 0x03; /* version = 3.1 or higher */
+        hmac_header[2] = ssl->version & 0x0f;
         hmac_header[3] = length >> 8; 
         hmac_header[4] = length & 0xff;
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index a1e1bd9825..079613530b 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -44,6 +44,11 @@ extern "C" {
 #include "crypto.h"
 #include "crypto_misc.h"
 
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+//#define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
+#define SSL_PROTOCOL_MINOR_VERSION  0x01   /* TLS v1.0 */
+//#define SSL_PROTOCOL_VERSION        0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION        0x31   /* TLS v1.1 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
 #define SSL_FINISHED_HASH_SIZE      12
@@ -160,6 +165,8 @@ struct _SSL
     uint8_t record_type;
     uint8_t cipher;
     uint8_t sess_id_size;
+    uint8_t version;
+    uint8_t client_version;
     int16_t next_state;
     int16_t hs_status;
     DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 3937015e78..33aa1ad609 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -51,6 +51,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         uint8_t *session_id, uint8_t sess_id_size)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->version = SSL_PROTOCOL_VERSION;
 
     if (session_id && ssl_ctx->num_sessions)
     {
@@ -178,7 +179,7 @@ static int send_client_hello(SSL *ssl)
     buf[2] = 0;
     /* byte 3 is calculated later */
     buf[4] = 0x03;
-    buf[5] = 0x01;
+    buf[5] = ssl->version & 0x0f;
 
     /* client random value - spec says that 1st 4 bytes are big endian time */
     *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
@@ -227,14 +228,22 @@ static int process_server_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
     int pkt_size = ssl->bm_index;
-    int version = (buf[4] << 4) + buf[5];
     int num_sessions = ssl->ssl_ctx->num_sessions;
     uint8_t sess_id_size;
     int offset, ret = SSL_OK;
 
     /* check that we are talking to a TLSv1 server */
-    if (version != 0x31)
-        return SSL_ERROR_INVALID_VERSION;
+    uint8_t version = (buf[4] << 4) + buf[5];
+    if (version > SSL_PROTOCOL_VERSION)
+        version = SSL_PROTOCOL_VERSION;
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    ssl->version = version;
 
     /* get the server random value */
     memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
@@ -300,7 +309,7 @@ static int send_client_key_xchg(SSL *ssl)
     buf[1] = 0;
 
     premaster_secret[0] = 0x03; /* encode the version number */
-    premaster_secret[1] = 0x01;
+    premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
     get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
     DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 742ffd5934..53a37b924a 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -120,17 +120,20 @@ static int process_client_hello(SSL *ssl)
     uint8_t *record_buf = ssl->hmac_header;
     int pkt_size = ssl->bm_index;
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
-    int version = (record_buf[1] << 4) + record_buf[2];
     int ret = SSL_OK;
     
     /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31) 
+    uint8_t version = (record_buf[1] << 4) + record_buf[2];
+    if (version > SSL_PROTOCOL_VERSION)
+        version = SSL_PROTOCOL_VERSION;
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) 
     {
         ret = SSL_ERROR_INVALID_VERSION;
         ssl_display_error(ret);
         goto error;
     }
 
+    ssl->version = ssl->client_version = version;
     memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
 
     /* process the session id */
@@ -151,10 +154,11 @@ static int process_client_hello(SSL *ssl)
 
     PARANOIA_CHECK(pkt_size, offset);
 
-    /* work out what cipher suite we are going to use */
-    for (j = 0; j < NUM_PROTOCOLS; j++)
+    /* work out what cipher suite we are going to use - client defines 
+       the preference */
+    for (i = 0; i < cs_len; i += 2)
     {
-        for (i = 0; i < cs_len; i += 2)
+        for (j = 0; j < NUM_PROTOCOLS; j++)
         {
             if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
             {
@@ -180,7 +184,6 @@ int process_sslv23_client_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
     int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
-    int version = (buf[3] << 4) + buf[4];
     int ret = SSL_OK;
 
     /* we have already read 3 extra bytes so far */
@@ -193,8 +196,9 @@ int process_sslv23_client_hello(SSL *ssl)
 
     DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
     
-    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
-    if (version < 0x31)
+    /* should be v3.1 (TLSv1) or better  */
+    ssl->version = (buf[3] << 4) + buf[4];
+    if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
     {
         return SSL_ERROR_INVALID_VERSION;
     }
@@ -308,7 +312,7 @@ static int send_server_hello(SSL *ssl)
     buf[2] = 0;
     /* byte 3 is calculated later */
     buf[4] = 0x03;
-    buf[5] = 0x01;
+    buf[5] = ssl->version & 0x0f;
 
     /* server random value */
     get_random(SSL_RANDOM_SIZE, &buf[6]);
@@ -396,11 +400,12 @@ static int process_client_key_xchg(SSL *ssl)
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (premaster_size != SSL_SECRET_SIZE || 
-            premaster_secret[0] != 0x03 ||  /* check version is 3.1 (TLS) */
-            premaster_secret[1] != 0x01)
+            premaster_secret[0] != 0x03 ||  /* must be the same as client
+                                               offered version */
+                premaster_secret[1] != (ssl->client_version & 0x0f))
     {
         /* guard against a Bleichenbacher attack */
-        memset(premaster_secret, 0, SSL_SECRET_SIZE);
+        get_random(SSL_SECRET_SIZE, premaster_secret);
         /* and continue - will die eventually when checking the mac */
     }
 
diff --git a/www/index.html b/www/index.html
index 4bfe7c7697..0cd96b7511 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201101252145" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to ehuman - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201103021304" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* Support for TLS 1.1\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 8558c49351784e14ace856a1b993b68ff38e2a29 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 28 Apr 2011 13:00:20 +0000
Subject: [PATCH 174/301] Fixed variable length macs used by gnutls.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@205 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/ssltest.c | 4 ++--
 ssl/tls1.c         | 2 +-
 ssl/tls1_svr.c     | 3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 9e86004d21..9ecd2275b1 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -798,13 +798,13 @@ static void do_client(client_t *clnt)
     /* show the session ids in the reconnect test */
     if (strcmp(clnt->testname, "Session Reuse") == 0)
     {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
             "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
             g_port, clnt->openssl_option);
     }
     else
     {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
 #ifdef WIN32
             "-connect localhost:%d -quiet %s",
 #else
diff --git a/ssl/tls1.c b/ssl/tls1.c
index ded4c0284f..21a01733b9 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -698,7 +698,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
         hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
 
         /* guard against a timing attack - make sure we do the digest */
-        if (hmac_offset < 0 || last_blk_size > ssl->cipher_info->padding_size)
+        if (hmac_offset < 0)
         {
             hmac_offset = 0;
         }
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 53a37b924a..de6f4898a3 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -124,9 +124,10 @@ static int process_client_hello(SSL *ssl)
     
     /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
     uint8_t version = (record_buf[1] << 4) + record_buf[2];
+
     if (version > SSL_PROTOCOL_VERSION)
         version = SSL_PROTOCOL_VERSION;
-    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION) 
+    else if (version < SSL_PROTOCOL_MIN_VERSION) 
     {
         ret = SSL_ERROR_INVALID_VERSION;
         ssl_display_error(ret);

From 1a19505e760462a3923418fad3d6612a6f52fe7c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 28 Apr 2011 23:49:17 +0000
Subject: [PATCH 175/301] Fix for version (take 2)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@206 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_svr.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index de6f4898a3..13305332c2 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -122,19 +122,18 @@ static int process_client_hello(SSL *ssl)
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
     int ret = SSL_OK;
     
-    /* should be v3.1 (TLSv1) or better - we'll send in v3.1 mode anyway */
     uint8_t version = (record_buf[1] << 4) + record_buf[2];
+    ssl->version = ssl->client_version = version;
 
     if (version > SSL_PROTOCOL_VERSION)
-        version = SSL_PROTOCOL_VERSION;
-    else if (version < SSL_PROTOCOL_MIN_VERSION) 
+        ssl->version = SSL_PROTOCOL_VERSION; /* use client's version */
+    else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
     {
         ret = SSL_ERROR_INVALID_VERSION;
         ssl_display_error(ret);
         goto error;
     }
 
-    ssl->version = ssl->client_version = version;
     memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
 
     /* process the session id */

From 70a8f79fa62af36e377bb63c5d7ab7326df0ea1b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 6 May 2011 12:35:32 +0000
Subject: [PATCH 176/301] TLSv1.1 feature added.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@207 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/killgnutls.sh |  2 +
 ssl/test/ssltest.c     | 47 ++++++++++++++++++++--
 ssl/tls1.c             | 90 ++++++++++++++++++++++++++++--------------
 ssl/tls1.h             |  9 ++---
 ssl/tls1_clnt.c        | 10 +++--
 ssl/tls1_svr.c         | 16 +++-----
 6 files changed, 123 insertions(+), 51 deletions(-)
 create mode 100755 ssl/test/killgnutls.sh

diff --git a/ssl/test/killgnutls.sh b/ssl/test/killgnutls.sh
new file mode 100755
index 0000000000..f910f4b073
--- /dev/null
+++ b/ssl/test/killgnutls.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+ps -ef|grep gnutls-serv | /usr/bin/awk '{print $2}' |xargs kill -9
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 9ecd2275b1..4dd1fca475 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -802,7 +802,7 @@ static void do_client(client_t *clnt)
             "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
             g_port, clnt->openssl_option);
     }
-    else
+    else if (strstr(clnt->testname, "GNUTLS") == NULL)
     {
         sprintf(openssl_buf, "echo \"hello client\" | openssl s_client -tls1 "
 #ifdef WIN32
@@ -812,6 +812,16 @@ static void do_client(client_t *clnt)
 #endif
         g_port, clnt->openssl_option);
     }
+    else /* gnutls */
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
+#ifdef WIN32
+            "-p %d %s 127.0.0.1",
+#else
+            "-p %d %s 127.0.0.1 > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
 
     system(openssl_buf);
 }
@@ -1243,6 +1253,15 @@ int SSL_server_tests(void)
                 NULL, "abcd", DEFAULT_SVR_OPTION)))
         goto cleanup;
 
+    /* 
+     * GNUTLS
+     */
+    if ((ret = SSL_server_test("GNUTLS client", 
+                    "",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
     ret = 0;
 
 cleanup:
@@ -1279,6 +1298,7 @@ typedef struct
 {
     const char *testname;
     const char *openssl_option;
+    int do_gnutls;
 } server_t;
 
 static void do_server(server_t *svr)
@@ -1287,8 +1307,17 @@ static void do_server(server_t *svr)
 #ifndef WIN32
     pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
 #endif
-    sprintf(openssl_buf, "openssl s_server -tls1 " 
-            "-accept %d -quiet %s ", g_port, svr->openssl_option);
+    if (svr->do_gnutls)
+    {
+        sprintf(openssl_buf, "gnutls-serv " 
+                "-p %d --quiet %s ", g_port, svr->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "openssl s_server -tls1 " 
+                "-accept %d -quiet %s ", g_port, svr->openssl_option);
+    }
+
     system(openssl_buf);
 }
 
@@ -1311,6 +1340,8 @@ static int SSL_client_test(
     pthread_t thread;
 #endif
 
+    server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
+
     if (sess_resume == NULL || sess_resume->start_server)
     {
         g_port++;
@@ -1592,6 +1623,14 @@ int SSL_client_tests(void)
     }
 
     printf("SSL client test \"Invalid certificate type\" passed\n");
+
+    if ((ret = SSL_client_test("GNUTLS client", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -q", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
     ret = 0;
 
 cleanup:
@@ -1600,6 +1639,7 @@ int SSL_client_tests(void)
         ssl_display_error(ret);
         printf("Error: A client test failed\n");
         system("sh ../ssl/test/killopenssl.sh");
+        system("sh ../ssl/test/killgnutls.sh");
         exit(1);
     }
     else
@@ -2171,6 +2211,7 @@ int main(int argc, char *argv[])
         goto cleanup;
 
     system("sh ../ssl/test/killopenssl.sh");
+    system("sh ../ssl/test/killgnutls.sh");
 
     if (SSL_server_tests())
         goto cleanup;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 21a01733b9..5a828e91a6 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -715,7 +715,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
             }
         }
     }
-    else
+    else /* stream cipher */
     {
         hmac_offset = read_len - ssl->cipher_info->digest_size;
 
@@ -1009,9 +1009,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
  */
 int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 {
-    int msg_length = length;
-    int ret, pad_bytes = 0;
-    ssl->bm_index = msg_length;
+    int ret, msg_length = 0;
 
     /* if our state is bad, don't bother */
     if (ssl->hs_status == SSL_ERROR_DEAD)
@@ -1022,17 +1020,19 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         memcpy(ssl->bm_data, in, length);
     }
 
+    msg_length += length;
     if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
     {
         int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
                             SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
-        uint8_t hmac_header[SSL_RECORD_SIZE];
-
-        hmac_header[0] = protocol;
-        hmac_header[1] = 0x03; /* version = 3.1 or higher */
-        hmac_header[2] = ssl->version & 0x0f;
-        hmac_header[3] = length >> 8; 
-        hmac_header[4] = length & 0xff;
+        uint8_t hmac_header[SSL_RECORD_SIZE] = 
+        {
+            protocol, 
+            0x03, /* version = 3.1 or higher */
+            ssl->version & 0x0f,
+            msg_length >> 8,
+            msg_length & 0xff 
+        };
 
         if (protocol == PT_HANDSHAKE_PROTOCOL)
         {
@@ -1040,21 +1040,20 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 
             if (ssl->bm_data[0] != HS_HELLO_REQUEST)
             {
-                add_packet(ssl, ssl->bm_data, ssl->bm_index);
+                add_packet(ssl, ssl->bm_data, msg_length);
             }
         }
 
         /* add the packet digest */
+        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length, 
+                                                &ssl->bm_data[msg_length]);
         msg_length += ssl->cipher_info->digest_size;
-        ssl->bm_index = msg_length;
-        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, length, 
-                                                &ssl->bm_data[length]);
 
         /* add padding? */
         if (ssl->cipher_info->padding_size)
         {
             int last_blk_size = msg_length%ssl->cipher_info->padding_size;
-            pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
 
             /* ensure we always have at least 1 padding byte */
             if (pad_bytes == 0)
@@ -1062,12 +1061,24 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 
             memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
             msg_length += pad_bytes;
-            ssl->bm_index = msg_length;
         }
 
         DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
         increment_write_sequence(ssl);
 
+        /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+                        ssl->cipher_info->iv_size)
+                        
+        {
+            uint8_t iv_size = ssl->cipher_info->iv_size;
+            uint8_t *t_buf = alloca(msg_length + iv_size);
+            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
+            get_random(iv_size, t_buf);
+            msg_length += iv_size;
+            memcpy(ssl->bm_data, t_buf, msg_length);
+        }
+
         /* now encrypt the packet */
         ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
                                             ssl->bm_data, msg_length);
@@ -1078,10 +1089,11 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
 
         if (ssl->bm_data[0] != HS_HELLO_REQUEST)
         {
-            add_packet(ssl, ssl->bm_data, ssl->bm_index);
+            add_packet(ssl, ssl->bm_data, length);
         }
     }
 
+    ssl->bm_index = msg_length;
     if ((ret = send_raw_packet(ssl, protocol)) <= 0)
         return ret;
 
@@ -1223,10 +1235,27 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
     {
         /* check for sslv2 "client hello" */
-        if (buf[0] & 0x80 && buf[2] == 1 && buf[3] == 0x03)
+        if (buf[0] & 0x80 && buf[2] == 1)
         {
 #ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+            uint8_t version = (buf[3] << 4) + buf[4];
             DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
+
+            /* should be v3.1 (TLSv1) or better  */
+            ssl->version = ssl->client_version = version;
+
+            if (version > SSL_PROTOCOL_VERSION_MAX)
+            {
+                /* use client's version */
+                ssl->version = SSL_PROTOCOL_VERSION_MAX;
+            }
+            else if (version < SSL_PROTOCOL_MIN_VERSION)  
+            {
+                ret = SSL_ERROR_INVALID_VERSION;
+                ssl_display_error(ret);
+                return ret;
+            }
+
             add_packet(ssl, &buf[2], 3);
             ret = process_sslv23_client_hello(ssl); 
 #else
@@ -1259,6 +1288,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+                        ssl->cipher_info->iv_size)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
+
         read_len = verify_digest(ssl, 
                 is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
 
@@ -1310,7 +1347,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         case PT_APP_PROTOCOL_DATA:
             if (in_data)
             {
-                *in_data = ssl->bm_data;   /* point to the work buffer */
+                *in_data = buf;   /* point to the work buffer */
                 (*in_data)[read_len] = 0;  /* null terminate just in case */
             }
 
@@ -1414,12 +1451,8 @@ int send_change_cipher_spec(SSL *ssl)
  */
 int send_finished(SSL *ssl)
 {
-    uint8_t *buf = ssl->bm_data;
-
-    buf[0] = HS_FINISHED;
-    buf[1] = 0;
-    buf[2] = 0;
-    buf[3] = SSL_FINISHED_HASH_SIZE;
+    uint8_t buf[SSL_FINISHED_HASH_SIZE+4] = {
+        HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
 
     /* now add the finished digest mac (12 bytes) */
     finished_digest(ssl, 
@@ -1436,7 +1469,7 @@ int send_finished(SSL *ssl)
 #endif
 
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
-                                NULL, SSL_FINISHED_HASH_SIZE+4);
+                                buf, SSL_FINISHED_HASH_SIZE+4);
 }
 
 /**
@@ -1516,9 +1549,8 @@ int send_alert(SSL *ssl, int error_code)
 /**
  * Process a client finished message.
  */
-int process_finished(SSL *ssl, int hs_len)
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
 {
-    uint8_t *buf = ssl->bm_data;
     int ret = SSL_OK;
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 079613530b..b533096ee3 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -45,10 +45,9 @@ extern "C" {
 #include "crypto_misc.h"
 
 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
-//#define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
-#define SSL_PROTOCOL_MINOR_VERSION  0x01   /* TLS v1.0 */
-//#define SSL_PROTOCOL_VERSION        0x32   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION        0x31   /* TLS v1.1 */
+#define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
 #define SSL_FINISHED_HASH_SIZE      12
@@ -236,7 +235,7 @@ int send_packet(SSL *ssl, uint8_t protocol,
         const uint8_t *in, int length);
 int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
 int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int process_finished(SSL *ssl, int hs_len);
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
 int process_sslv23_client_hello(SSL *ssl);
 int send_alert(SSL *ssl, int error_code);
 int send_finished(SSL *ssl);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 33aa1ad609..616c789762 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -51,7 +51,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         uint8_t *session_id, uint8_t sess_id_size)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
-    ssl->version = SSL_PROTOCOL_VERSION;
+    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
 
     if (session_id && ssl_ctx->num_sessions)
     {
@@ -118,7 +118,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
             break;
 
         case HS_FINISHED:
-            ret = process_finished(ssl, hs_len);
+            ret = process_finished(ssl, buf, hs_len);
             disposable_free(ssl);   /* free up some memory */
             /* note: client renegotiation is not allowed after this */
             break;
@@ -234,8 +234,10 @@ static int process_server_hello(SSL *ssl)
 
     /* check that we are talking to a TLSv1 server */
     uint8_t version = (buf[4] << 4) + buf[5];
-    if (version > SSL_PROTOCOL_VERSION)
-        version = SSL_PROTOCOL_VERSION;
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        version = SSL_PROTOCOL_VERSION_MAX;
+    }
     else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
     {
         ret = SSL_ERROR_INVALID_VERSION;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 13305332c2..f374928f1b 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -103,7 +103,7 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
             break;
 
         case HS_FINISHED:
-            ret = process_finished(ssl, hs_len);
+            ret = process_finished(ssl, buf, hs_len);
             disposable_free(ssl);   /* free up some memory */
             break;
     }
@@ -125,8 +125,11 @@ static int process_client_hello(SSL *ssl)
     uint8_t version = (record_buf[1] << 4) + record_buf[2];
     ssl->version = ssl->client_version = version;
 
-    if (version > SSL_PROTOCOL_VERSION)
-        ssl->version = SSL_PROTOCOL_VERSION; /* use client's version */
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        /* use client's version instead */
+        ssl->version = SSL_PROTOCOL_VERSION_MAX; 
+    }
     else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
     {
         ret = SSL_ERROR_INVALID_VERSION;
@@ -196,13 +199,6 @@ int process_sslv23_client_hello(SSL *ssl)
 
     DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
     
-    /* should be v3.1 (TLSv1) or better  */
-    ssl->version = (buf[3] << 4) + buf[4];
-    if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
-    {
-        return SSL_ERROR_INVALID_VERSION;
-    }
-
     add_packet(ssl, buf, read_len);
 
     /* connection has gone, so die */

From 42cd25fa9da212fd74273499358af3b3947b722a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 7 May 2011 00:10:20 +0000
Subject: [PATCH 177/301] Fixed closure alerts.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@208 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 12 ++++++++----
 ssl/tls1.h |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 5a828e91a6..4bc71a21cc 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -247,8 +247,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
         return;
 
     /* only notify if we weren't notified first */
-    if (!IS_SET_SSL_FLAG(SSL_RECEIVED_CLOSE_NOTIFY))
-      /* spec says we must notify when we are dying */
+    /* spec says we must notify when we are dying */
+    if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
       send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
 
     ssl_ctx = ssl->ssl_ctx;
@@ -1021,6 +1021,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
     }
 
     msg_length += length;
+
     if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
     {
         int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
@@ -1360,12 +1361,15 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                buf[1] == SSL_ALERT_CLOSE_NOTIFY)
             {
               ret = SSL_CLOSE_NOTIFY;
-              SET_SSL_FLAG(SSL_RECEIVED_CLOSE_NOTIFY);
+              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
             }
             else 
+            {
                 ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+            }
 
-            DISPLAY_ALERT(ssl, buf[1]);
             break;
 
         default:
diff --git a/ssl/tls1.h b/ssl/tls1.h
index b533096ee3..55552afe75 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -65,7 +65,7 @@ extern "C" {
 #define SSL_SESSION_RESUME          0x0008
 #define SSL_IS_CLIENT               0x0010
 #define SSL_HAS_CERT_REQ            0x0020
-#define SSL_RECEIVED_CLOSE_NOTIFY   0x0040
+#define SSL_SENT_CLOSE_NOTIFY       0x0040
 
 /* some macros to muck around with flag bits */
 #define SET_SSL_FLAG(A)             (ssl->flag |= A)

From 6dd1ae9595056f0ff4150def1d6fead34578629d Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 7 May 2011 00:13:17 +0000
Subject: [PATCH 178/301] Updated changes.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@209 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 www/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index 0cd96b7511..3007e0c50e 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201103021304" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* Support for TLS 1.1\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201105070005" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 66c588d3ab2ec41736903be62ed5ab6971092d2f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 18 Jun 2011 11:06:18 +0000
Subject: [PATCH 179/301] ensure that a compare with a non-null and null x509
 field returns non-zero

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@210 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index b30d89114e..171d3798e9 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -438,7 +438,7 @@ static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
     if (dn1 == NULL && dn2 == NULL)
         ret = 0;
     else
-        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
 
     return ret;
 }

From 96b65cdb96e09af83c2e4fe5057f5d57e707d873 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 24 Jun 2011 12:16:42 +0000
Subject: [PATCH 180/301] fixed timeout issue in axhttd, -fPIC enabled, pkcs8
 enabled for server

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@211 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf   | 2 +-
 httpd/axhttpd.c        | 7 ++++++-
 ssl/Config.in          | 2 +-
 ssl/loader.c           | 8 ++++++--
 ssl/test/perf_bigint.c | 2 ++
 www/index.html         | 4 ++--
 6 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/config/makefile.conf b/config/makefile.conf
index 9b2373ccf4..59db122d27 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -100,7 +100,7 @@ LDSHARED = -shared
 
 # Linux
 ifndef CONFIG_PLATFORM_CYGWIN
-# CFLAGS += -fPIC 
+CFLAGS += -fPIC 
 
 # Cygwin
 else
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index d4b1f4926b..12039bc65e 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -266,6 +266,7 @@ int main(int argc, char *argv[])
     /* main loop */
     while (1)
     {
+        struct timeval tv = { 10, 0 };
         FD_ZERO(&rfds);
         FD_ZERO(&wfds);
         rnum = wnum = -1;
@@ -336,7 +337,11 @@ int main(int argc, char *argv[])
         active = select(wnum > rnum ? wnum+1 : rnum+1,
                 rnum != -1 ? &rfds : NULL, 
                 wnum != -1 ? &wfds : NULL,
-                NULL, NULL);
+                NULL, usedconns ? &tv : NULL);
+
+        /* timeout? */
+        if (active == 0)
+            continue;
 
         /* New connection? */
         sp = servers;
diff --git a/ssl/Config.in b/ssl/Config.in
index b8cd8e4be7..8044418617 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -225,7 +225,7 @@ config CONFIG_SSL_USE_PKCS12
     bool "Use PKCS8/PKCS12"
     default n if !CONFIG_SSL_FULL_MODE
     default y if CONFIG_SSL_FULL_MODE
-    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
+#    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
         PKCS#12 certificates combine private keys and certificates together in
         one file.
diff --git a/ssl/loader.c b/ssl/loader.c
index 6009cba360..90231f3ed9 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -175,16 +175,18 @@ void ssl_obj_free(SSLObjLoader *ssl_obj)
  */
 #ifdef CONFIG_SSL_HAS_PEM
 
-#define NUM_PEM_TYPES               3
+#define NUM_PEM_TYPES               4
 #define IV_SIZE                     16
 #define IS_RSA_PRIVATE_KEY          0
 #define IS_ENCRYPTED_PRIVATE_KEY    1
-#define IS_CERTIFICATE              2
+#define IS_PRIVATE_KEY              2
+#define IS_CERTIFICATE              3
 
 static const char * const begins[NUM_PEM_TYPES] =
 {
     "-----BEGIN RSA PRIVATE KEY-----",
     "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN PRIVATE KEY-----",
     "-----BEGIN CERTIFICATE-----",
 };
 
@@ -192,6 +194,7 @@ static const char * const ends[NUM_PEM_TYPES] =
 {
     "-----END RSA PRIVATE KEY-----",
     "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----",
     "-----END CERTIFICATE-----",
 };
 
@@ -337,6 +340,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
                         break;
 
                     case IS_ENCRYPTED_PRIVATE_KEY:
+                    case IS_PRIVATE_KEY:
                         obj_type = SSL_OBJ_PKCS8;
                         break;
 
diff --git a/ssl/test/perf_bigint.c b/ssl/test/perf_bigint.c
index f092b9e23c..6336d1b4ca 100644
--- a/ssl/test/perf_bigint.c
+++ b/ssl/test/perf_bigint.c
@@ -35,6 +35,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "os_port.h"
 #include "ssl.h"
 
 /**************************************************************************
diff --git a/www/index.html b/www/index.html
index 3007e0c50e..aad53fa44c 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201105070005" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201106241108" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Enable ~PKCS8/12 option for server.\n* Issue where comparing a null and an empty string could return a false positive for cert check.\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
@@ -7097,7 +7097,7 @@
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="201006252315" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://97.74.112.97:8443/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://97.74.112.97:8080/test_dir/no_http]] and [[/test_dir/no_ssl|https://97.74.112.97:8443/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://97.74.112.97:8080/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://97.74.112.97:8080/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://97.74.112.97:8080/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="YourName" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From f22e36ab564a08444a30b09f2bd243e048eebd93 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 24 Jun 2011 13:11:51 +0000
Subject: [PATCH 181/301] Added test for PKCS8 unencrypted PEM format.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@212 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in      |  1 -
 ssl/test/ssltest.c | 12 ++++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ssl/Config.in b/ssl/Config.in
index 8044418617..e66ab7ca35 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -225,7 +225,6 @@ config CONFIG_SSL_USE_PKCS12
     bool "Use PKCS8/PKCS12"
     default n if !CONFIG_SSL_FULL_MODE
     default y if CONFIG_SSL_FULL_MODE
-#    depends on !CONFIG_SSL_SERVER_ONLY && !CONFIG_SSL_SKELETON_MODE
     help
         PKCS#12 certificates combine private keys and certificates together in
         one file.
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 4dd1fca475..65c25c5b7f 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1233,13 +1233,21 @@ int SSL_server_tests(void)
         goto cleanup;
 
     /*
-     * PKCS#8 key (unencrypted)
+     * PKCS#8 key (unencrypted DER format)
      */
-    if ((ret = SSL_server_test("pkcs#8 unencrypted", "-cipher RC4-SHA", 
+    if ((ret = SSL_server_test("pkcs#8 DER unencrypted", "-cipher RC4-SHA", 
                 DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
                 NULL, NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
+    /*
+     * PKCS#8 key (unencrypted PEM format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", "-cipher RC4-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
     /*
      * PKCS#12 key/certificate
      */

From 15ab963e13f6fea8f6dbe597daec36ac76a4dfd9 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 24 Jun 2011 21:29:50 +0000
Subject: [PATCH 182/301] fixed some mconf dependency issues

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@213 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/Config.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/Config.in b/ssl/Config.in
index e66ab7ca35..6f363dc13c 100644
--- a/ssl/Config.in
+++ b/ssl/Config.in
@@ -225,6 +225,7 @@ config CONFIG_SSL_USE_PKCS12
     bool "Use PKCS8/PKCS12"
     default n if !CONFIG_SSL_FULL_MODE
     default y if CONFIG_SSL_FULL_MODE
+    depends on !CONFIG_SSL_SKELETON_MODE
     help
         PKCS#12 certificates combine private keys and certificates together in
         one file.
@@ -317,6 +318,7 @@ config CONFIG_OPENSSL_COMPATIBLE
 config CONFIG_PERFORMANCE_TESTING
     bool "Build the bigint performance test tool"
     default n
+    depends on CONFIG_SSL_CERT_VERIFICATION
     help
         Used for performance testing of bigint.
 

From 9c517f6351cbb9dd98a565a51086861b1036f5e3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 15 Jul 2011 23:36:46 +0000
Subject: [PATCH 183/301] * Use RFC1123 format for date/time. * UTC/localtime
 issue with If-Modified-Since header. * Expires header added.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@214 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/proc.c        | 41 ++++++++++++++++++++++++++++++-----------
 httpd/tdate_parse.c |  8 ++------
 2 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/httpd/proc.c b/httpd/proc.c
index b8ba55df63..0419147a67 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -41,6 +41,7 @@
 #define HTTP_VERSION        "HTTP/1.1"
 
 static const char * index_file = "index.html";
+static const char * rfc1123_format = "%a, %d %b %Y %H:%M:%S GMT";
 
 static int special_read(struct connstruct *cn, void *buf, size_t count);
 static int special_write(struct connstruct *cn, 
@@ -373,8 +374,11 @@ void procsendhead(struct connstruct *cn)
 {
     char buf[MAXREQUESTLENGTH];
     struct stat stbuf;
-    time_t now = cn->timeout - CONFIG_HTTP_TIMEOUT;
+    time_t t_time;
+    struct tm *ptm;
     char date[32];
+    char last_modified[32];
+    char expires[32];
     int file_exists;
 
     /* are we trying to access a file over the HTTP connection instead of a
@@ -439,17 +443,26 @@ void procsendhead(struct connstruct *cn)
         return;
     }
 
-    strcpy(date, ctime(&now));
+
+    time(&t_time);
+    ptm = gmtime(&t_time);
+    strftime(date, sizeof(date), rfc1123_format, ptm);
 
     /* has the file been read before? */
-    if (cn->if_modified_since != -1 && (cn->if_modified_since == 0 || 
-                                       cn->if_modified_since >= stbuf.st_mtime))
+    if (cn->if_modified_since != -1)  
+                                       
     {
-        snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
-                "%s\nDate: %s\n", server_version, date);
-        special_write(cn, buf, strlen(buf));
-        cn->state = STATE_WANT_TO_READ_HEAD;
-        return;
+        ptm = gmtime(&stbuf.st_mtime);
+        t_time = mktime(ptm);
+
+        if (cn->if_modified_since >= t_time)
+        {
+            snprintf(buf, sizeof(buf), HTTP_VERSION" 304 Not Modified\nServer: "
+                "%s\nDate: %s\n\n", server_version, date);
+            special_write(cn, buf, strlen(buf));
+            cn->state = STATE_WANT_TO_READ_HEAD;
+            return;
+        }
     }
 
     if (cn->reqtype == TYPE_HEAD) 
@@ -471,11 +484,17 @@ void procsendhead(struct connstruct *cn)
             return;
         }
 
+        ptm = gmtime(&stbuf.st_mtime);
+        strftime(last_modified, sizeof(last_modified), rfc1123_format, ptm);
+        t_time += CONFIG_HTTP_TIMEOUT;
+        ptm = gmtime(&t_time);
+        strftime(expires, sizeof(expires), rfc1123_format, ptm);
+
         snprintf(buf, sizeof(buf), HTTP_VERSION" 200 OK\nServer: %s\n"
             "Content-Type: %s\nContent-Length: %ld\n"
-            "Date: %sLast-Modified: %s\n", server_version,
+            "Date: %s\nLast-Modified: %s\nExpires: %s\n\n", server_version,
             getmimetype(cn->actualfile), (long) stbuf.st_size,
-            date, ctime(&stbuf.st_mtime)); /* ctime() has a \n on the end */
+            date, last_modified, expires); 
 
         special_write(cn, buf, strlen(buf));
 
diff --git a/httpd/tdate_parse.c b/httpd/tdate_parse.c
index 9124323846..7165bdebdc 100644
--- a/httpd/tdate_parse.c
+++ b/httpd/tdate_parse.c
@@ -89,13 +89,9 @@ time_t tdate_parse(const char* str)
     memset(&tm, 0, sizeof(struct tm));
 
     /* wdy, DD mth YY HH:MM:SS GMT */
-    if ((sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
+    if (sscanf(str, "%3[a-zA-Z], %d %3[a-zA-Z] %d %d:%d:%d GMT",
                 str_wday, &tm_mday, str_mon, &tm_year, &tm_hour, &tm_min,
-                    &tm_sec) == 7) ||
-    /* wdy mth DD HH:MM:SS YY */
-        (sscanf(str, "%3[a-zA-Z] %3[a-zA-Z] %d %d:%d:%d %d",
-                str_wday, str_mon, &tm_mday, &tm_hour, &tm_min, &tm_sec,
-                    &tm_year) == 7))
+                    &tm_sec) == 7)
     {
         int8_t tm_wday = day_mon_map_search(str_wday, wday_tab, 
                         sizeof(wday_tab)/sizeof(struct day_mon_map));

From 2e0da63a796e73e588d507bfecee4d026a818eb7 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 29 Jul 2011 08:54:48 +0000
Subject: [PATCH 184/301] Fixed bi_export, change to makefile

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@215 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf | 2 +-
 crypto/bigint.c      | 3 ++-
 www/index.html       | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/makefile.conf b/config/makefile.conf
index 59db122d27..482f209ced 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -86,7 +86,7 @@ else    # Not Win32
 
 CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
 LD=$(CC)
-STRIP=strip
+STRIP=$(CROSS)strip
 
 # Solaris
 ifdef CONFIG_PLATFORM_SOLARIS
diff --git a/crypto/bigint.c b/crypto/bigint.c
index 80a991b220..e9ca04cb99 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -723,10 +723,11 @@ void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
 
             if (k < 0)
             {
-                break;
+                goto buf_done;
             }
         }
     }
+buf_done:
 
     bi_free(ctx, x);
 }
diff --git a/www/index.html b/www/index.html
index aad53fa44c..78728d4841 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,12 +7087,12 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201106241108" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Enable ~PKCS8/12 option for server.\n* Issue where comparing a null and an empty string could return a false positive for cert check.\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201107152330" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="200804011313" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="201106261041" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From cbd60876eb51ebe7d89f73e9b688ddfd118b50ef Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 29 Jul 2011 10:15:33 +0000
Subject: [PATCH 185/301] added -w command line option for axhttd fixed
 compilation error for axtlswrap

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@216 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 axtlswrap/axtlswrap.c |  1 +
 httpd/axhttpd.c       | 19 ++++++++++++++-----
 www/index.html        |  2 +-
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/axtlswrap/axtlswrap.c b/axtlswrap/axtlswrap.c
index 5aa6675ab5..43b448eb79 100755
--- a/axtlswrap/axtlswrap.c
+++ b/axtlswrap/axtlswrap.c
@@ -41,6 +41,7 @@
 #include <string.h>
 #include <signal.h>
 #include <sys/poll.h>
+#include "os_port.h"
 #include "ssl.h"
 
 /* If nothing is received or sent in this many seconds, give up */
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 12039bc65e..9a94ab0e16 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -44,6 +44,7 @@ struct serverstruct *servers;
 struct connstruct *usedconns;
 struct connstruct *freeconns;
 const char * const server_version = "axhttpd/"AXTLS_VERSION;
+static const char *webroot = CONFIG_HTTP_WEBROOT;
 
 static void addtoservers(int sd);
 static int openlistener(char *address, int port);
@@ -182,9 +183,18 @@ int main(int argc, char *argv[])
             continue;
         }
 
-        printf("%s: [-p [address:]httpport] [-s [address:]httpsport]\n", 
-                                                        argv[0]);
-        exit(0);
+        if (strcmp(argv[i], "-w") == 0 && argv[i+1] != NULL)
+        {
+            webroot = argv[i+1];
+            i += 2;
+            continue;
+        }
+
+        printf("%s:\n"
+               "    [-p [address:]httpport]\n"
+               "    [-s [address:]httpsport]\n"
+               "    [-w webroot]\n", argv[0]);
+        exit(1);
     }
 
     for (i = 0; i < INITIAL_CONNECTION_SLOTS; i++) 
@@ -644,10 +654,9 @@ void removeconnection(struct connstruct *cn)
 /*
  * Change directories one way or the other.
  */
+
 static void ax_chdir(void)
 {
-    static char *webroot = CONFIG_HTTP_WEBROOT;
-
     if (chdir(webroot))
     {
 #ifdef CONFIG_HTTP_VERBOSE
diff --git a/www/index.html b/www/index.html
index 78728d4841..2ffb079387 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201107152330" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201107290920" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From 92667aee8a34fd09eaeb3a98d6e2ea98a99c742b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 24 Aug 2011 09:56:49 +0000
Subject: [PATCH 186/301] Removed Lua dependencies and made sure PHP can be
 run.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@217 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in | 25 +++++++++++--------------
 httpd/axhttp.h  |  3 ---
 httpd/proc.c    | 41 +++++------------------------------------
 3 files changed, 16 insertions(+), 53 deletions(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index 513d57ae30..1eff5a6950 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -65,7 +65,7 @@ config CONFIG_HTTP_HAS_CGI
 
 config CONFIG_HTTP_CGI_EXTENSIONS
     string "CGI File Extension(s)"
-    default ".lua,.lp"
+    default ".lua,.lp,.php"
     depends on CONFIG_HTTP_HAS_CGI
     help
         Tell axhhtpd what file extension(s) are used for CGI.
@@ -83,29 +83,26 @@ config CONFIG_HTTP_ENABLE_LUA
 
 config CONFIG_HTTP_LUA_PREFIX
     string "Lua's Installation Prefix"
-    default "/usr/local"
+    default "/usr"
     depends on CONFIG_HTTP_ENABLE_LUA
 
     help
-        The location of Lua's installation prefix. This is also necessary for
-        Lua's cgi launcher application.
-
-config CONFIG_HTTP_LUA_CGI_LAUNCHER
-    string "CGI launcher location"
-    default "/bin/cgi.exe" if CONFIG_PLATFORM_CYGWIN
-    default "/bin/cgi" if !CONFIG_PLATFORM_CYGWIN
-    depends on CONFIG_HTTP_ENABLE_LUA
-    help
-        The location of LUA's CGI launcher application (after
-        the CONFIG_HTTP_LUA_PREFIX)
+        The location of Lua's installation prefix.
 
 config CONFIG_HTTP_BUILD_LUA
     bool "Build Lua"
     default n
     depends on CONFIG_HTTP_ENABLE_LUA
     help
-        Build Lua and install in /usr/local/bin
+        Build Lua and install in /usr/bin by default.
 
+config CONFIG_HTTP_CGI_LAUNCHER
+    string "CGI launcher location"
+    default "/usr/bin/cgi.exe"
+    depends on CONFIG_HTTP_HAS_CGI
+    help
+        The location of the CGI launcher application (could be /usr/bin/php5).
+        The default is to use Lua's CGI launcher.
 endmenu
 
 config CONFIG_HTTP_DIRECTORIES
diff --git a/httpd/axhttp.h b/httpd/axhttp.h
index a741455b70..3b4b5a5bf3 100644
--- a/httpd/axhttp.h
+++ b/httpd/axhttp.h
@@ -92,9 +92,6 @@ struct connstruct
 #if defined(CONFIG_HTTP_HAS_CGI)
     uint8_t is_cgi;
     char cgicontenttype[MAXREQUESTLENGTH];
-#ifdef CONFIG_HTTP_ENABLE_LUA
-    uint8_t is_lua;
-#endif
     int content_length;
     char remote_addr[MAXREQUESTLENGTH];
     char uri_request[MAXREQUESTLENGTH];
diff --git a/httpd/proc.c b/httpd/proc.c
index 0419147a67..ae238797cc 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -405,14 +405,7 @@ void procsendhead(struct connstruct *cn)
 #if defined(CONFIG_HTTP_HAS_CGI)
     if (file_exists != -1 && cn->is_cgi)
     {
-        if ((stbuf.st_mode & S_IEXEC) == 0 || isdir(cn->actualfile))
-        {
-            /* A non-executable file, or directory? */
-            send_error(cn, 403);
-        }
-        else
-            proccgi(cn);
-
+        proccgi(cn);
         return;
     }
 #endif
@@ -578,7 +571,7 @@ void procsendfile(struct connstruct *cn)
 static void proccgi(struct connstruct *cn) 
 {
     int tpipe[2], spipe[2];
-    char *myargs[2];
+    char *myargs[3];
     char cgienv[CGI_ARG_SIZE][MAXREQUESTLENGTH];
     char * cgiptr[CGI_ARG_SIZE+4];
     const char *type = "HEAD";
@@ -668,8 +661,9 @@ static void proccgi(struct connstruct *cn)
     } else    /* Otherwise we can shutdown the read side of the sock */
         shutdown(cn->networkdesc, 0);
 
-    myargs[0] = cn->actualfile;
-    myargs[1] = NULL;
+    myargs[0] = CONFIG_HTTP_CGI_LAUNCHER;
+    myargs[1] = cn->actualfile;
+    myargs[2] = NULL;
 
     /* 
      * set the cgi args. A url is defined by:
@@ -721,11 +715,6 @@ static void proccgi(struct connstruct *cn)
     if (cn->is_ssl)
         strcpy(cgienv[cgi_index++], "HTTPS=on");
 
-#ifdef CONFIG_PLATFORM_CYGWIN
-    /* TODO: find out why Lua needs this */
-    strcpy(cgienv[cgi_index++], "PATH=/usr/bin");
-#endif
-
     if (cgi_index >= CGI_ARG_SIZE)
     {
         printf("Content-type: text/plain\n\nToo many CGI args (%d, %d)\n",
@@ -761,14 +750,7 @@ static char * cgi_filetype_match(struct connstruct *cn, const char *fn)
             t += strlen(tp->ext);
 
             if (*t == '/' || *t == '\0')
-            {
-#ifdef CONFIG_HTTP_ENABLE_LUA
-                if (strcmp(tp->ext, ".lua") == 0 || strcmp(tp->ext, ".lp") == 0)
-                    cn->is_lua = 1;
-#endif
-
                 return t;
-            }
             else
                 return NULL;
 
@@ -786,9 +768,6 @@ static void decode_path_info(struct connstruct *cn, char *path_info)
 
 #if defined(CONFIG_HTTP_HAS_CGI)
     cn->is_cgi = 0;
-#endif
-#ifdef CONFIG_HTTP_ENABLE_LUA
-    cn->is_lua = 0;
 #endif
     *cn->uri_request = '\0';
     *cn->uri_path_info = '\0';
@@ -1005,16 +984,6 @@ static void buildactualfile(struct connstruct *cn)
             *cp = 0;
     }
 #endif
-
-#if defined(CONFIG_HTTP_ENABLE_LUA)
-    /* 
-     * Use the lua launcher if this file has a lua extension. Put this at the
-     * end as we need the directory name.
-     */
-    if (cn->is_lua)
-        sprintf(cn->actualfile, "%s%s", CONFIG_HTTP_LUA_PREFIX, 
-                CONFIG_HTTP_LUA_CGI_LAUNCHER);
-#endif
 }
 
 static int sanitizefile(const char *buf) 

From c0eb269cf755a7813cbfaef4df126e6cc322ea5a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 9 Sep 2011 10:48:17 +0000
Subject: [PATCH 187/301] Config change to remove exe suffix.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@218 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/Config.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httpd/Config.in b/httpd/Config.in
index 1eff5a6950..486ae804df 100644
--- a/httpd/Config.in
+++ b/httpd/Config.in
@@ -98,7 +98,7 @@ config CONFIG_HTTP_BUILD_LUA
 
 config CONFIG_HTTP_CGI_LAUNCHER
     string "CGI launcher location"
-    default "/usr/bin/cgi.exe"
+    default "/usr/bin/cgi"
     depends on CONFIG_HTTP_HAS_CGI
     help
         The location of the CGI launcher application (could be /usr/bin/php5).

From cd28f3caaee1ae2172f9a9afff18049d8822a6dd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Sep 2011 09:41:05 +0000
Subject: [PATCH 188/301] Fixed issue with non-blocking client mode. Added php
 mime type.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@219 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 httpd/proc.c    | 2 ++
 ssl/tls1_clnt.c | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/httpd/proc.c b/httpd/proc.c
index ae238797cc..07c92c2b3f 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -1203,6 +1203,8 @@ static const char *getmimetype(const char *name)
         return "text/html";
     else if (strstr(name, ".css"))
         return "text/css"; 
+    else if (strstr(name, ".php"))
+        return "application/x-http-php"; 
     else
         return "application/octet-stream";
 }
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 616c789762..196b40ed3c 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -158,9 +158,10 @@ int do_client_connect(SSL *ssl)
             if (ret < SSL_OK)
                 break;
         }
+
+        ssl->hs_status = ret;            /* connected? */    
     }
 
-    ssl->hs_status = ret;            /* connected? */
     return ret;
 }
 

From 1378f8a78fe1138cc9230f89d27d0d171cb35bc5 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Sep 2011 09:54:21 +0000
Subject: [PATCH 189/301] Updated index.html and the default linux config.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@220 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/linuxconfig | 19 ++++++++++++-------
 www/index.html     |  2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/config/linuxconfig b/config/linuxconfig
index 1a9f04f5d9..d78eaa7619 100644
--- a/config/linuxconfig
+++ b/config/linuxconfig
@@ -14,8 +14,10 @@ PREFIX="/usr/local"
 CONFIG_STRIP_UNWANTED_SECTIONS=y
 # CONFIG_VISUAL_STUDIO_7_0 is not set
 # CONFIG_VISUAL_STUDIO_8_0 is not set
+# CONFIG_VISUAL_STUDIO_10_0 is not set
 CONFIG_VISUAL_STUDIO_7_0_BASE=""
 CONFIG_VISUAL_STUDIO_8_0_BASE=""
+CONFIG_VISUAL_STUDIO_10_0_BASE=""
 CONFIG_EXTRA_CFLAGS_OPTIONS=""
 CONFIG_EXTRA_LDFLAGS_OPTIONS=""
 
@@ -38,20 +40,20 @@ CONFIG_SSL_X509_CERT_LOCATION=""
 CONFIG_SSL_X509_COMMON_NAME=""
 CONFIG_SSL_X509_ORGANIZATION_NAME=""
 CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
-CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
+# CONFIG_SSL_ENABLE_V23_HANDSHAKE is not set
 CONFIG_SSL_HAS_PEM=y
 CONFIG_SSL_USE_PKCS12=y
 CONFIG_SSL_EXPIRY_TIME=24
-CONFIG_X509_MAX_CA_CERTS=4
-CONFIG_SSL_MAX_CERTS=2
+CONFIG_X509_MAX_CA_CERTS=150
+CONFIG_SSL_MAX_CERTS=3
 # CONFIG_SSL_CTX_MUTEXING is not set
 CONFIG_USE_DEV_URANDOM=y
 # CONFIG_WIN32_USE_CRYPTO_LIB is not set
 # CONFIG_OPENSSL_COMPATIBLE is not set
 # CONFIG_PERFORMANCE_TESTING is not set
 # CONFIG_SSL_TEST is not set
-CONFIG_AXHTTPD=y
 # CONFIG_AXTLSWRAP is not set
+CONFIG_AXHTTPD=y
 
 #
 # Axhttpd Configuration
@@ -67,11 +69,11 @@ CONFIG_HTTP_TIMEOUT=300
 # CGI
 #
 CONFIG_HTTP_HAS_CGI=y
-CONFIG_HTTP_CGI_EXTENSIONS=".lua,.lp"
+CONFIG_HTTP_CGI_EXTENSIONS=".lua,.lp,.php"
 CONFIG_HTTP_ENABLE_LUA=y
-CONFIG_HTTP_LUA_PREFIX="/usr/local"
-CONFIG_HTTP_LUA_CGI_LAUNCHER="/bin/cgi"
+CONFIG_HTTP_LUA_PREFIX="/usr"
 # CONFIG_HTTP_BUILD_LUA is not set
+CONFIG_HTTP_CGI_LAUNCHER="/usr/bin/cgi"
 CONFIG_HTTP_DIRECTORIES=y
 CONFIG_HTTP_HAS_AUTHORIZATION=y
 # CONFIG_HTTP_HAS_IPV6 is not set
@@ -119,3 +121,6 @@ SQU_KARATSUBA_THRESH=0
 CONFIG_BIGINT_SLIDING_WINDOW=y
 CONFIG_BIGINT_SQUARE=y
 # CONFIG_BIGINT_CHECK_ON is not set
+CONFIG_INTEGER_32BIT=y
+# CONFIG_INTEGER_16BIT is not set
+# CONFIG_INTEGER_8BIT is not set
diff --git a/www/index.html b/www/index.html
index 2ffb079387..88be682713 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201107290920" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201109300947" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n* Added PHP mime type\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From ffa4da45ee50d29d4c1311f77f2b0298a502ea4a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 10 Feb 2012 10:31:02 +0000
Subject: [PATCH 190/301] Fix in asn1_get_printable string Buffer overflow
 vulnerability in proc.c Possible double memory release on invalid
 certificates.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@221 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c |  6 ++++--
 httpd/proc.c         |  8 +++++---
 ssl/asn1.c           | 17 ++++++++++-------
 ssl/loader.c         | 13 +++++++++----
 www/index.html       |  2 +-
 5 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 8e7cbf9c5d..92e24c951a 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -348,13 +348,15 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
 
             y = t = 0;
         }
+
+        if (z >= *outlen) /* check that we don't go past the output buffer */
+            goto error;
     }
 
     if (y != 0)
         goto error;
 
-    if (outlen)
-        *outlen = z;
+    *outlen = z;
     ret = 0;
 
 error:
diff --git a/httpd/proc.c b/httpd/proc.c
index 07c92c2b3f..32a72c7e5e 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -152,7 +152,7 @@ static int procheadelem(struct connstruct *cn, char *buf)
     else if (strcasecmp(buf, "Authorization:") == 0 &&
                                     strncmp(value, "Basic ", 6) == 0)
     {
-        int size;
+        int size = sizeof(cn->authorization);
         if (base64_decode(&value[6], strlen(&value[6]), 
                                         (uint8_t *)cn->authorization, &size))
             cn->authorization[0] = 0;   /* error */
@@ -1051,7 +1051,8 @@ static int check_digest(char *salt, const char *msg_passwd)
 {
     uint8_t b256_salt[MAXREQUESTLENGTH];
     uint8_t real_passwd[MD5_SIZE];
-    int salt_size;
+    int salt_size = sizeof(b256_salt);
+    int password_size = sizeof(real_passwd);
     char *b64_passwd;
     uint8_t md5_result[MD5_SIZE];
     MD5_CTX ctx;
@@ -1064,7 +1065,8 @@ static int check_digest(char *salt, const char *msg_passwd)
     if (base64_decode(salt, strlen(salt), b256_salt, &salt_size))
         return -1;
 
-    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd, NULL))
+    if (base64_decode(b64_passwd, strlen(b64_passwd), real_passwd,
+                &password_size))
         return -1;
 
     /* very simple MD5 crypt algorithm, but then the salt we use is large */
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 171d3798e9..92ed7d11f8 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -288,19 +288,20 @@ static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
 static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
 {
     int len = X509_NOT_OK;
+    int asn1_type = buf[*offset];
 
     /* some certs have this awful crud in them for some reason */
-    if (buf[*offset] != ASN1_PRINTABLE_STR &&  
-            buf[*offset] != ASN1_PRINTABLE_STR2 &&  
-            buf[*offset] != ASN1_TELETEX_STR &&  
-            buf[*offset] != ASN1_IA5_STR &&  
-            buf[*offset] != ASN1_UNICODE_STR)
+    if (buf[asn1_type] != ASN1_PRINTABLE_STR &&  
+            buf[asn1_type] != ASN1_PRINTABLE_STR2 &&  
+            buf[asn1_type] != ASN1_TELETEX_STR &&  
+            buf[asn1_type] != ASN1_IA5_STR &&  
+            buf[asn1_type] != ASN1_UNICODE_STR)
         goto end_pnt_str;
 
         (*offset)++;
         len = get_asn1_length(buf, offset);
 
-        if (buf[*offset - 1] == ASN1_UNICODE_STR)
+        if (buf[asn1_type - 1] == ASN1_UNICODE_STR)
         {
             int i;
             *str = (char *)malloc(len/2+1);     /* allow for null */
@@ -330,7 +331,7 @@ int asn1_name(const uint8_t *cert, int *offset, char *dn[])
 {
     int ret = X509_NOT_OK;
     int dn_type;
-    char *tmp = NULL;
+    char *tmp;
 
     if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
         goto end_name;
@@ -343,6 +344,8 @@ int asn1_name(const uint8_t *cert, int *offset, char *dn[])
                (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
             goto end_name;
 
+        tmp = NULL;
+
         if (asn1_get_printable_str(cert, offset, &tmp) < 0)
         {
             free(tmp);
diff --git a/ssl/loader.c b/ssl/loader.c
index 90231f3ed9..18f3347f8a 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -259,6 +259,7 @@ static int pem_decrypt(const char *where, const char *end,
 
     /* turn base64 into binary */
     pem_size = (int)(end-start);
+    ssl_obj->len = sizeof(ssl_obj->buf);
     if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
         goto error;
 
@@ -326,11 +327,15 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
                         goto error;
                     }
                 }
-                else if (base64_decode(start, pem_size, 
-                            ssl_obj->buf, &ssl_obj->len) != 0)
+                else 
                 {
-                    ret = SSL_ERROR_BAD_CERTIFICATE;
-                    goto error;
+                    ssl_obj->len = pem_size;
+                    if (base64_decode(start, pem_size, 
+                                ssl_obj->buf, &ssl_obj->len) != 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
                 }
 
                 switch (i)
diff --git a/www/index.html b/www/index.html
index 88be682713..7055794fe6 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201109300947" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n* Added PHP mime type\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201111040904" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From af155d91d9605de98989770e7ef03b7033ce9f7c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 11 Feb 2012 11:30:45 +0000
Subject: [PATCH 191/301] Some fixes after going through the test harness

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@222 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c |  7 ++++++-
 ssl/asn1.c           | 44 ++++++++++++++++++++++----------------------
 ssl/loader.c         |  2 +-
 3 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 92e24c951a..0902fab05b 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -349,14 +349,19 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
             y = t = 0;
         }
 
-        if (z >= *outlen) /* check that we don't go past the output buffer */
+        /* check that we don't go past the output buffer */
+        if (outlen && z >= *outlen) 
+        {
+            printf("Stuff %d, %d\n", z, *outlen);
             goto error;
+        }
     }
 
     if (y != 0)
         goto error;
 
     *outlen = z;
+
     ret = 0;
 
 error:
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 92ed7d11f8..f3e17a37ba 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -291,34 +291,34 @@ static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
     int asn1_type = buf[*offset];
 
     /* some certs have this awful crud in them for some reason */
-    if (buf[asn1_type] != ASN1_PRINTABLE_STR &&  
-            buf[asn1_type] != ASN1_PRINTABLE_STR2 &&  
-            buf[asn1_type] != ASN1_TELETEX_STR &&  
-            buf[asn1_type] != ASN1_IA5_STR &&  
-            buf[asn1_type] != ASN1_UNICODE_STR)
+    if (asn1_type != ASN1_PRINTABLE_STR &&  
+            asn1_type != ASN1_PRINTABLE_STR2 &&  
+            asn1_type != ASN1_TELETEX_STR &&  
+            asn1_type != ASN1_IA5_STR &&  
+            asn1_type != ASN1_UNICODE_STR)
         goto end_pnt_str;
 
-        (*offset)++;
-        len = get_asn1_length(buf, offset);
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
 
-        if (buf[asn1_type - 1] == ASN1_UNICODE_STR)
-        {
-            int i;
-            *str = (char *)malloc(len/2+1);     /* allow for null */
+    if (asn1_type == ASN1_UNICODE_STR)
+    {
+        int i;
+        *str = (char *)malloc(len/2+1);     /* allow for null */
 
-            for (i = 0; i < len; i += 2)
-                (*str)[i/2] = buf[*offset + i + 1];
+        for (i = 0; i < len; i += 2)
+            (*str)[i/2] = buf[*offset + i + 1];
 
-            (*str)[len/2] = 0;                  /* null terminate */
-        }
-        else
-        {
-            *str = (char *)malloc(len+1);       /* allow for null */
-            memcpy(*str, &buf[*offset], len);
-            (*str)[len] = 0;                    /* null terminate */
-        }
+        (*str)[len/2] = 0;                  /* null terminate */
+    }
+    else
+    {
+        *str = (char *)malloc(len+1);       /* allow for null */
+        memcpy(*str, &buf[*offset], len);
+        (*str)[len] = 0;                    /* null terminate */
+    }
 
-        *offset += len;
+    *offset += len;
 
 end_pnt_str:
     return len;
diff --git a/ssl/loader.c b/ssl/loader.c
index 18f3347f8a..333fb18e9c 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -259,7 +259,6 @@ static int pem_decrypt(const char *where, const char *end,
 
     /* turn base64 into binary */
     pem_size = (int)(end-start);
-    ssl_obj->len = sizeof(ssl_obj->buf);
     if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
         goto error;
 
@@ -315,6 +314,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
 
                 /* 4/3 bigger than what we need but so what */
                 ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+                ssl_obj->len = pem_size;
 
                 if (i == IS_RSA_PRIVATE_KEY && 
                             strstr(start, "Proc-Type:") && 

From 5fcb19810a0543738196933ea18d2e1b5116343e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 11 Feb 2012 11:32:48 +0000
Subject: [PATCH 192/301] removed diagnostic statement

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@223 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 0902fab05b..9d7710d26a 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -350,11 +350,8 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
         }
 
         /* check that we don't go past the output buffer */
-        if (outlen && z >= *outlen) 
-        {
-            printf("Stuff %d, %d\n", z, *outlen);
+        if (z >= *outlen) 
             goto error;
-        }
     }
 
     if (y != 0)

From c0074b3044c9628509288b780d36add7541156db Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 25 Feb 2012 08:07:12 +0000
Subject: [PATCH 193/301] Fixed issue with session id's in the future

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4bc71a21cc..25405c825c 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1667,8 +1667,10 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
         {
             if (ssl_sessions[i])
             {
-                /* kill off any expired sessions */
-                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
                 {
                     session_free(ssl_sessions, i);
                     continue;
@@ -1712,13 +1714,9 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
     }
 
     /* ok, we've used up all of our sessions. So blow the oldest session away */
-    if (oldest_sess != NULL)
-    {
-        oldest_sess->conn_time = tm;
-        memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-        memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
-    }
-
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }

From fec170a640ffcf2cc77e0c5f87428c67604fb49f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 1 Jun 2012 11:23:00 +0000
Subject: [PATCH 194/301] fixed issue with buffer limit 1 less than it should
 have been

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@225 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 3 +--
 www/index.html       | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 9d7710d26a..9a9a4f957c 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -350,7 +350,7 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
         }
 
         /* check that we don't go past the output buffer */
-        if (z >= *outlen) 
+        if (z > *outlen) 
             goto error;
     }
 
@@ -358,7 +358,6 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
         goto error;
 
     *outlen = z;
-
     ret = 0;
 
 error:
diff --git a/www/index.html b/www/index.html
index 7055794fe6..91ac4ff4e0 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,12 +7087,12 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201111040904" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201205252317" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="201106261041" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="Read Me" modifier="YourName" modified="201205252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>

From 8ac626444412980da2268abb30d4240534c6ef22 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 8 Jun 2012 10:42:11 +0000
Subject: [PATCH 195/301] looks like some stuff didn't get checked in

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@226 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h      |  3 +-
 crypto/crypto_misc.c | 70 ++++++++++++++++++++------------------------
 crypto/os_int.h      | 67 ++++++++++++++++++++++++++++++++++++++++++
 httpd/axhttpd.c      |  9 ++++--
 httpd/htpasswd.c     |  2 +-
 ssl/asn1.c           |  4 +--
 ssl/os_port.h        | 15 +---------
 ssl/tls1.c           |  1 +
 ssl/tls1.h           |  1 +
 9 files changed, 113 insertions(+), 59 deletions(-)
 create mode 100644 crypto/os_int.h

diff --git a/crypto/crypto.h b/crypto/crypto.h
index c6f186cf97..8a314a3321 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -217,7 +217,8 @@ void RSA_print(const RSA_CTX *ctx);
 /**************************************************************************
  * RNG declarations 
  **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_initialize(void);
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
 EXP_FUNC void STDCALL RNG_terminate(void);
 EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
 void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 9a9a4f957c..1dea121d99 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -56,7 +56,6 @@ static HCRYPTPROV gCryptProv;
 static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
 #endif
 
-static int rng_ref_count;
 const char * const unsupported_str = "Error: Feature not supported\n";
 
 #ifndef CONFIG_SSL_SKELETON_MODE
@@ -102,46 +101,44 @@ int get_file(const char *filename, uint8_t **buf)
  * - On Linux use /dev/urandom
  * - If none of these work then use a custom RNG.
  */
-EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
+EXP_FUNC void STDCALL RNG_initialize()
 {
-    if (rng_ref_count == 0)
-    {
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-        rng_fd = ax_open("/dev/urandom", O_RDONLY);
+    rng_fd = ax_open("/dev/urandom", O_RDONLY);
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-        if (!CryptAcquireContext(&gCryptProv, 
-                          NULL, NULL, PROV_RSA_FULL, 0))
+    if (!CryptAcquireContext(&gCryptProv, 
+                      NULL, NULL, PROV_RSA_FULL, 0))
+    {
+        if (GetLastError() == NTE_BAD_KEYSET &&
+                !CryptAcquireContext(&gCryptProv, 
+                       NULL, 
+                       NULL, 
+                       PROV_RSA_FULL, 
+                       CRYPT_NEWKEYSET))
         {
-            if (GetLastError() == NTE_BAD_KEYSET &&
-                    !CryptAcquireContext(&gCryptProv, 
-                           NULL, 
-                           NULL, 
-                           PROV_RSA_FULL, 
-                           CRYPT_NEWKEYSET))
-            {
-                printf("CryptoLib: %x\n", unsupported_str, GetLastError());
-                exit(1);
-            }
+            printf("CryptoLib: %x\n", unsupported_str, GetLastError());
+            exit(1);
         }
-#else   
-        int i;
-        uint32_t seed_addr_val = (uint32_t)&seed_buf;
-        uint32_t *ep = (uint32_t *)entropy_pool;
-
-        /* help start the entropy with the user's private key - this is 
-           a number that should be hard to find, due to the fact that it 
-           relies on knowing the private key */
-        memcpy(entropy_pool, seed_buf, ENTROPY_POOL_SIZE);
-        srand((long)entropy_pool); 
+    }
+#else
+    /* start of with a stack to copy across */
+    int i;
+    memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
+    srand(&i); 
+#endif
+}
 
-        /* mix it up a little with a stack address */
-        for (i = 0; i < ENTROPY_POOL_SIZE/4; i++)
-            ep[i] ^= seed_addr_val;
+/**
+ * If no /dev/urandom, then initialise the RNG with something interesting.
+ */
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
+{
+#if defined(WIN32) || defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    int i;
 
+    for (i = 0; i < ENTROPY_POOL_SIZE && i < size; i++)
+        entropy_pool[i] ^= seed_buf[i];
 #endif
-    }
-
-    rng_ref_count++;
 }
 
 /**
@@ -149,14 +146,11 @@ EXP_FUNC void STDCALL RNG_initialize(const uint8_t *seed_buf, int size)
  */
 EXP_FUNC void STDCALL RNG_terminate(void)
 {
-    if (--rng_ref_count == 0)
-    {
 #ifndef WIN32
-        close(rng_fd);
+    close(rng_fd);
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-        CryptReleaseContext(gCryptProv, 0);
+    CryptReleaseContext(gCryptProv, 0);
 #endif
-    }
 }
 
 /**
diff --git a/crypto/os_int.h b/crypto/os_int.h
new file mode 100644
index 0000000000..8788567238
--- /dev/null
+++ b/crypto/os_int.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2012, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_int.h
+ *
+ * Ensure a consistent bit size 
+ */
+
+#ifndef HEADER_OS_INT_H
+#define HEADER_OS_INT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(WIN32)
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
+#else   /* Not Win32 */
+
+#ifdef CONFIG_PLATFORM_SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#endif /* Not Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index 9a94ab0e16..ce57dbb9d2 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -453,7 +453,7 @@ static void addtoservers(int sd)
 static void handlenewconnection(int listenfd, int is_ssl) 
 {
     struct sockaddr_in6 their_addr;
-    int tp = sizeof(their_addr);
+    socklen_t tp = sizeof(their_addr);
     char ipbuf[100];
     int connfd = accept(listenfd, (struct sockaddr *)&their_addr, &tp);
 
@@ -506,8 +506,11 @@ static int openlistener(char *address, int port)
 
     my_addr.sin6_family = AF_INET6;
     my_addr.sin6_port = htons(port);
-    my_addr.sin6_addr.s_addr = address == NULL ? 
-                        INADDR_ANY : iinet_addr(address);
+
+    if (address == NULL)
+        my_addr.sin6_addr = in6addr_any;
+    else 
+        inet_pton(AF_INET6, address, &my_addr.sin6_addr);
 #endif
 
     setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &tp, sizeof(tp));
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index 8fe571ab7b..7c99abf1e4 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -120,7 +120,7 @@ int main(int argc, char *argv[])
         exit(1);
     }
 
-    RNG_initialize((uint8_t *)pw, sizeof(pw));
+    RNG_initialize();
     get_random(MD5_SIZE, md5_salt);
     RNG_terminate();
     base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
diff --git a/ssl/asn1.c b/ssl/asn1.c
index f3e17a37ba..b082275b2e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -160,8 +160,8 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
         return X509_INVALID_PRIV_KEY;
     }
 
-    /* initialise the RNG */
-    RNG_initialize(buf, len);
+    /* Use the private key to mix up the RNG if possible. */
+    RNG_custom_init(buf, len);
 
     mod_len = asn1_get_int(buf, &offset, &modulus);
     pub_len = asn1_get_int(buf, &offset, &pub_exp);
diff --git a/ssl/os_port.h b/ssl/os_port.h
index af71651a8e..1742868d5b 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -41,6 +41,7 @@
 extern "C" {
 #endif
 
+#include "os_int.h"
 #include <stdio.h>
 
 #if defined(WIN32)
@@ -114,14 +115,6 @@ extern "C" {
 #pragma comment(lib, "WS2_32.lib")
 #pragma comment(lib, "AdvAPI32.lib")
 
-typedef UINT8 uint8_t;
-typedef INT8 int8_t;
-typedef UINT16 uint16_t;
-typedef INT16 int16_t;
-typedef UINT32 uint32_t;
-typedef INT32 int32_t;
-typedef UINT64 uint64_t;
-typedef INT64 int64_t;
 typedef int socklen_t;
 
 EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
@@ -130,12 +123,6 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 
 #else   /* Not Win32 */
 
-#ifdef CONFIG_PLATFORM_SOLARIS
-#include <inttypes.h>
-#else
-#include <stdint.h>
-#endif /* Not Solaris */
-
 #include <unistd.h>
 #include <pwd.h>
 #include <netdb.h>
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 25405c825c..407798d590 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -166,6 +166,7 @@ EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
 {
     SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
     ssl_ctx->options = options;
+    RNG_initialize();
 
     if (load_key_certs(ssl_ctx) < 0)
     {
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 55552afe75..5a5d654e61 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -42,6 +42,7 @@ extern "C" {
 
 #include "version.h"
 #include "crypto.h"
+#include "os_int.h"
 #include "crypto_misc.h"
 
 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */

From 24384a37a4c773340e8a9351f22c2c3c4730b3f9 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 1 Jul 2012 10:57:25 +0000
Subject: [PATCH 196/301] Changed order of when os_int.h is imported

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@227 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.h     | 3 ++-
 www/index.html | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/tls1.h b/ssl/tls1.h
index 5a5d654e61..414a173438 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -41,8 +41,9 @@ extern "C" {
 #endif
 
 #include "version.h"
-#include "crypto.h"
+#include "config.h"
 #include "os_int.h"
+#include "crypto.h"
 #include "crypto_misc.h"
 
 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
diff --git a/www/index.html b/www/index.html
index 91ac4ff4e0..2c5f2bbfdf 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
 	<div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201205252317" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Changelog" modifier="YourName" modified="201207011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
 <div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>

From df4606a991aa8a1bd4fc8b4e9a7d872b3c6a85b1 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 1 Jul 2012 11:10:14 +0000
Subject: [PATCH 197/301] added cast to srand

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@228 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 1dea121d99..62eb6fe700 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -124,7 +124,7 @@ EXP_FUNC void STDCALL RNG_initialize()
     /* start of with a stack to copy across */
     int i;
     memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
-    srand(&i); 
+    srand((unsigned int)&i); 
 #endif
 }
 

From f74c9cafcae3cc42c620a6839387a4cb91504d0e Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 6 Jan 2013 12:38:42 +0000
Subject: [PATCH 198/301] Client version number comes from client hello and not
 the record layer. This was causing issues in Chrome

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@229 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c     | 5 ++---
 ssl/tls1_svr.c | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 407798d590..428c9ea56b 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -660,7 +660,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
             ssl->cipher_info->digest_size, hmac_buf);
 
 #if 0
-    print_blob("record", ssl->hmac_tx, SSL_RECORD_SIZE);
+    print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
     if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
     {
@@ -1071,7 +1071,6 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         /* add the explicit IV for TLS1.1 */
         if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
                         ssl->cipher_info->iv_size)
-                        
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = alloca(msg_length + iv_size);
@@ -1131,7 +1130,7 @@ static int set_key_block(SSL *ssl, int is_write)
             ssl->dc->master_secret, ssl->dc->key_block, 
             ciph_info->key_block_size);
 #if 0
-        print_blob("keyblock", ssl->key_block, ciph_info->key_block_size);
+        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
 #endif
     }
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index f374928f1b..51c9d76e8d 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -122,7 +122,7 @@ static int process_client_hello(SSL *ssl)
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
     int ret = SSL_OK;
     
-    uint8_t version = (record_buf[1] << 4) + record_buf[2];
+    uint8_t version = (buf[4] << 4) + buf[5];
     ssl->version = ssl->client_version = version;
 
     if (version > SSL_PROTOCOL_VERSION_MAX)

From 5c51893035a136faafb5b8b07daa82f581a4613f Mon Sep 17 00:00:00 2001
From: ehuman <ehuman@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 5 Aug 2013 15:47:52 +0000
Subject: [PATCH 199/301] Moved setting encryption flags to after handshake
 completion

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@230 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 428c9ea56b..6122ae9e98 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1334,14 +1334,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                 goto error;
             }
 
-            /* all encrypted from now on */
-            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
             if (set_key_block(ssl, 0) < 0)
             {
                 ret = SSL_ERROR_INVALID_HANDSHAKE;
                 goto error;
             }
             
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
             memset(ssl->read_sequence, 0, 8);
             break;
 
@@ -1441,11 +1441,12 @@ int send_change_cipher_spec(SSL *ssl)
 {
     int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
             g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
-    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
 
     if (ret >= 0 && set_key_block(ssl, 1) < 0)
         ret = SSL_ERROR_INVALID_HANDSHAKE;
-
+    
+    if (ssl->cipher_info)
+        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
     memset(ssl->write_sequence, 0, 8);
     return ret;
 }

From 97f9f969a38aea756001a90a982b92f3f62540d0 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 22 Sep 2013 10:34:51 +0000
Subject: [PATCH 200/301] added printf changes from Fabian Frank to stop
 warnings/erros

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@231 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/loader.c   |  6 +++---
 ssl/tls1.c     | 11 +++++++----
 ssl/tls1_svr.c |  1 -
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/ssl/loader.c b/ssl/loader.c
index 333fb18e9c..511eb53138 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -82,7 +82,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
 #ifdef CONFIG_SSL_HAS_PEM
         ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
 #else
-        printf(unsupported_str);
+        printf("%s", unsupported_str);
         ret = SSL_ERROR_NOT_SUPPORTED;
 #endif
     }
@@ -93,7 +93,7 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     ssl_obj_free(ssl_obj);
     return ret;
 #else
-    printf(unsupported_str);
+    printf("%s", unsupported_str);
     return SSL_ERROR_NOT_SUPPORTED;
 #endif /* CONFIG_SSL_SKELETON_MODE */
 }
@@ -150,7 +150,7 @@ static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
             break;
 #endif
         default:
-            printf(unsupported_str);
+            printf("%s", unsupported_str);
             ret = SSL_ERROR_NOT_SUPPORTED;
             break;
     }
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6122ae9e98..e95d5eb188 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1447,6 +1447,9 @@ int send_change_cipher_spec(SSL *ssl)
     
     if (ssl->cipher_info)
         SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+    if (ssl->cipher_info)
+        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+
     memset(ssl->write_sequence, 0, 8);
     return ret;
 }
@@ -2161,7 +2164,7 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         uint8_t *session_id, uint8_t sess_id_size)
 {
-    printf(unsupported_str);
+    printf("%s", unsupported_str);
     return NULL;
 }
 #endif
@@ -2169,20 +2172,20 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
 #if !defined(CONFIG_SSL_CERT_VERIFICATION)
 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 {
-    printf(unsupported_str);
+    printf("%s", unsupported_str);
     return -1;
 }
 
 
 EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
 {
-    printf(unsupported_str);
+    printf("%s", unsupported_str);
     return NULL;
 }
 
 EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
 {
-    printf(unsupported_str);
+    printf("%s", unsupported_str);
     return NULL;
 }
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 51c9d76e8d..1a99ac1fa7 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -117,7 +117,6 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 static int process_client_hello(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
-    uint8_t *record_buf = ssl->hmac_header;
     int pkt_size = ssl->bm_index;
     int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
     int ret = SSL_OK;

From e6f9ae68c1ebd92612d86753622e39a6c6eeb114 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 14 Nov 2013 18:34:36 +0000
Subject: [PATCH 201/301] added generalized time for certificates

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@232 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c        | 66 +++++++++++++++++++++++++++++++++++------------
 ssl/crypto_misc.h |  1 +
 2 files changed, 51 insertions(+), 16 deletions(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index b082275b2e..4e468755d4 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -205,30 +205,64 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
  */
 static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 {
-    int ret = X509_NOT_OK, len, t_offset;
+    int ret = X509_NOT_OK, len, t_offset, abs_year;
     struct tm tm;
 
-    if (buf[(*offset)++] != ASN1_UTC_TIME)
-        goto end_utc_time;
+    /* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */
+    if (buf[*offset] == ASN1_UTC_TIME)
+    {
+        (*offset)++;
 
-    len = get_asn1_length(buf, offset);
-    t_offset = *offset;
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
 
-    memset(&tm, 0, sizeof(struct tm));
-    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+        memset(&tm, 0, sizeof(struct tm));
+        tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
 
-    if (tm.tm_year <= 50)    /* 1951-2050 thing */
-    {
-        tm.tm_year += 100;
+        if (tm.tm_year <= 50)    /* 1951-2050 thing */
+        {
+            tm.tm_year += 100;
+        }
+
+        tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+        tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+        *t = mktime(&tm);
+        *offset += len;
+        ret = X509_OK;
     }
+    else if (buf[*offset] == ASN1_GENERALIZED_TIME)
+    {
+        (*offset)++;
 
-    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
-    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
-    *t = mktime(&tm);
-    *offset += len;
-    ret = X509_OK;
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
+
+        memset(&tm, 0, sizeof(struct tm));
+        abs_year = ((buf[t_offset] - '0')*1000 +
+                (buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 +
+                (buf[t_offset+3] - '0'));
+
+        if (abs_year <= 1901)
+        {
+          tm.tm_year = 1;
+          tm.tm_mon = 0;
+          tm.tm_mday = 1;
+        }
+        else
+        {
+          tm.tm_year = abs_year - 1900;
+          tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
+          tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+          tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+          tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+          tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
+          *t = mktime(&tm);
+        }
+
+        *offset += len;
+        ret = X509_OK;
+    }
 
-end_utc_time:
     return ret;
 }
 
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 1fd514eeb1..9bbc8e5ca7 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -112,6 +112,7 @@ const char * x509_display_error(int error);
 #define ASN1_TELETEX_STR        0x14
 #define ASN1_IA5_STR            0x16
 #define ASN1_UTC_TIME           0x17
+#define ASN1_GENERALIZED_TIME   0x18
 #define ASN1_UNICODE_STR        0x1e
 #define ASN1_SEQUENCE           0x30
 #define ASN1_CONTEXT_DNSNAME	0x82

From ce488f91800e0d53ef833ddd29b2086bf2febae2 Mon Sep 17 00:00:00 2001
From: olereinhardt <olereinhardt@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 24 Sep 2014 10:19:21 +0000
Subject: [PATCH 202/301] Fix handling of return values of SOCKET_READ in
 process_sslv23_client_hello()

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@233 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_svr.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 1a99ac1fa7..1717ceff3b 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -198,14 +198,14 @@ int process_sslv23_client_hello(SSL *ssl)
 
     DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
     
-    add_packet(ssl, buf, read_len);
-
     /* connection has gone, so die */
-    if (bytes_needed < 0)
+    if (read_len < 0)
     {
         return SSL_ERROR_CONN_LOST;
     }
 
+    add_packet(ssl, buf, read_len);
+
     /* now work out what cipher suite we are going to use */
     for (j = 0; j < NUM_PROTOCOLS; j++)
     {

From 29e7d3554dbe28266f3a2a64efdd406d6262a59e Mon Sep 17 00:00:00 2001
From: olereinhardt <olereinhardt@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 24 Sep 2014 10:21:23 +0000
Subject: [PATCH 203/301] Fixed array access out of bounds bug in add_cert()

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@234 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index e95d5eb188..800decbaab 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -342,7 +342,7 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     X509_CTX *cert = NULL;
     int offset;
 
-    while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS) 
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf) 
         i++;
 
     if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */

From 08b27ee1cbfaf36bdf2454a7e70d1f5ad873f6d3 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 31 Oct 2014 11:01:56 +0000
Subject: [PATCH 204/301] Modified the test script

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@235 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 Makefile           |  2 +-
 ssl/test/ssltest.c | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 036a29ebe3..e3d9e8bc3b 100644
--- a/Makefile
+++ b/Makefile
@@ -78,7 +78,7 @@ release:
 	-@rm www/index.20*
 	-@rm -fr $(STAGE)
 	@echo "#define AXTLS_VERSION    \"$(VERSION)\"" > ssl/version.h
-	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axTLS; cd -;
+	cd ../; tar cvfz $(RELEASE).tar.gz --wildcards-match-slash --exclude .svn axtls-code; cd -;
 
 docs:
 	$(MAKE) -C docsrc doco
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 65c25c5b7f..d1c855fc1c 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -2226,11 +2226,11 @@ int main(int argc, char *argv[])
 
     system("sh ../ssl/test/killopenssl.sh");
 
-    if (header_issue())
-    {
-        printf("Header tests failed\n"); TTY_FLUSH();
-        goto cleanup;
-    }
+    //if (header_issue())
+    //{
+    //    printf("Header tests failed\n"); TTY_FLUSH();
+    //    goto cleanup;
+    //}
 
     ret = 0;        /* all ok */
     printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();

From 9ef84f9234b84de16a5f5d18f43c126fdb35da9a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 7 Nov 2014 00:38:49 +0000
Subject: [PATCH 205/301] * RSA_decrypt now checks the integrity of the first
 11 bytes. * The size of the output buffer in RSA_decrypt is now checked and
 cleared. * get_random now returns an error code * Various system calls now
 check the return code to remove gcc warnings.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@237 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h      |    6 +-
 crypto/crypto_misc.c |   15 +-
 crypto/rsa.c         |   45 +-
 httpd/proc.c         |   15 +-
 ssl/test/ssltest.c   |   44 +-
 ssl/tls1_svr.c       |   13 +-
 www/index.html       | 9746 +++++++++++++++++++++---------------------
 7 files changed, 4964 insertions(+), 4920 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 8a314a3321..128a56bab8 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -203,7 +203,7 @@ void RSA_pub_key_new(RSA_CTX **rsa_ctx,
         const uint8_t *pub_exp, int pub_len);
 void RSA_free(RSA_CTX *ctx);
 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int is_decryption);
+        int out_len, int is_decryption);
 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
 #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
@@ -220,8 +220,8 @@ void RSA_print(const RSA_CTX *ctx);
 EXP_FUNC void STDCALL RNG_initialize(void);
 EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
 EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
 
 #ifdef __cplusplus
 }
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 62eb6fe700..ccc64a28e5 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -156,11 +156,12 @@ EXP_FUNC void STDCALL RNG_terminate(void)
 /**
  * Set a series of bytes with a random number. Individual bytes can be 0
  */
-EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
 {   
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-    /* use the Linux default */
-    read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
+    /* use the Linux default - read from /dev/urandom */
+    if (read(rng_fd, rand_data, num_rand_bytes) < 0) 
+        return -1;
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
     /* use Microsoft Crypto Libraries */
     CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
@@ -198,21 +199,25 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     /* insert the digest at the start of the entropy pool */
     memcpy(entropy_pool, digest, MD5_SIZE);
 #endif
+    return 0;
 }
 
 /**
  * Set a series of bytes with a random number. Individual bytes are not zero.
  */
-void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
 {
     int i;
-    get_random(num_rand_bytes, rand_data);
+    if (get_random(num_rand_bytes, rand_data))
+        return -1;
 
     for (i = 0; i < num_rand_bytes; i++)
     {
         while (rand_data[i] == 0)  /* can't be 0 */
             rand_data[i] = (uint8_t)(rand());
     }
+
+    return 0;
 }
 
 /**
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 143e66add5..8f06cf8963 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -134,21 +134,26 @@ void RSA_free(RSA_CTX *rsa_ctx)
 /**
  * @brief Use PKCS1.5 for decryption/verification.
  * @param ctx [in] The context
- * @param in_data [in] The data to encrypt (must be < modulus size-11)
- * @param out_data [out] The encrypted data.
+ * @param in_data [in] The data to decrypt (must be < modulus size-11)
+ * @param out_data [out] The decrypted data.
+ * @param out_len [int] The size of the decrypted buffer in bytes
  * @param is_decryption [in] Decryption or verify operation.
  * @return  The number of bytes that were originally encrypted. -1 on error.
  * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
  */
 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
-                            uint8_t *out_data, int is_decryption)
+                            uint8_t *out_data, int out_len, int is_decryption)
 {
     const int byte_size = ctx->num_octets;
-    int i, size;
+    int i = 0, size;
     bigint *decrypted_bi, *dat_bi;
     uint8_t *block = (uint8_t *)alloca(byte_size);
+    int pad_count = 0;
 
-    memset(out_data, 0, byte_size); /* initialise */
+    if (out_len < byte_size)        /* check output has enough size */
+        return -1;
+
+    memset(out_data, 0, out_len);   /* initialise */
 
     /* decrypt */
     dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
@@ -162,28 +167,37 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     /* convert to a normal block */
     bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
 
-    i = 10; /* start at the first possible non-padded byte */
+    if (block[i++] != 0)             /* leading 0? */
+        return -1;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
     {
-        while (block[i++] == 0xff && i < byte_size);
+        if (block[i++] != 0x01)     /* BT correct? */
+            return -1;
 
-        if (block[i-2] != 0xff)
-            i = byte_size;     /*ensure size is 0 */   
+        while (block[i++] == 0xff && i < byte_size)
+            pad_count++;
     }
     else                    /* PKCS1.5 encryption padding is random */
 #endif
     {
-        while (block[i++] && i < byte_size);
+        if (block[i++] != 0x02)     /* BT correct? */
+            return -1;
+
+        while (block[i++] && i < byte_size)
+            pad_count++;
     }
+
+    /* check separator byte - and padding must be 8 or more bytes */
+    if (i == byte_size || pad_count < 8) 
+        return -1;
+
     size = byte_size - i;
 
     /* get only the bit we want */
-    if (size > 0)
-        memcpy(out_data, &block[i], size);
-    
-    return size ? size : -1;
+    memcpy(out_data, &block[i], size);
+    return size;
 }
 
 /**
@@ -249,7 +263,8 @@ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
     else /* randomize the encryption padding with non-zero bytes */   
     {
         out_data[1] = 2;
-        get_random_NZ(num_pads_needed, &out_data[2]);
+        if (get_random_NZ(num_pads_needed, &out_data[2]) < 0)
+            return -1;
     }
 
     out_data[2+num_pads_needed] = 0;
diff --git a/httpd/proc.c b/httpd/proc.c
index 32a72c7e5e..07583d3f3c 100644
--- a/httpd/proc.c
+++ b/httpd/proc.c
@@ -188,7 +188,12 @@ static void procdirlisting(struct connstruct *cn)
     {
         snprintf(buf, sizeof(buf), HTTP_VERSION
                 " 200 OK\nContent-Type: text/html\n\n");
-        write(cn->networkdesc, buf, strlen(buf));
+        if (write(cn->networkdesc, buf, strlen(buf)) < 0)
+        {
+            printf("procdirlisting: could not write");
+            TTY_FLUSH();
+        }
+
         removeconnection(cn);
         return;
     }
@@ -625,7 +630,13 @@ static void proccgi(struct connstruct *cn)
         /* Send POST query data to CGI script */
         if ((cn->reqtype == TYPE_POST) && (cn->content_length > 0)) 
         {
-            write(spipe[1], cn->post_data, cn->content_length);
+            if (write(spipe[1], cn->post_data, cn->content_length) == -1)
+            {
+                printf("[CGI]: could write to pipe");
+                TTY_FLUSH();
+                return;
+            }
+
             close(spipe[0]);	 
             close(spipe[1]);
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index d1c855fc1c..cd7e4732f3 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -57,6 +57,9 @@
 //#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
 #define DEFAULT_CLNT_OPTION     0
 
+/* hack to remove gcc warning */
+#define SYSTEM(A)           if (system(A) < 0) printf("system call error\n");
+
 static int g_port = 19001;
 
 /**************************************************************************
@@ -545,7 +548,7 @@ static int RSA_test(void)
     }
 
     RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
-    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
+    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
     if (memcmp("abc", dec_data2, 3))
     {
         printf("Error: ENCRYPT/DECRYPT #2 failed\n");
@@ -823,7 +826,7 @@ static void do_client(client_t *clnt)
         g_port, clnt->openssl_option);
     }
 
-    system(openssl_buf);
+    SYSTEM(openssl_buf);
 }
 
 static int SSL_server_test(
@@ -1326,7 +1329,7 @@ static void do_server(server_t *svr)
                 "-accept %d -quiet %s ", g_port, svr->openssl_option);
     }
 
-    system(openssl_buf);
+    SYSTEM(openssl_buf);
 }
 
 static int SSL_client_test(
@@ -1646,8 +1649,8 @@ int SSL_client_tests(void)
     {
         ssl_display_error(ret);
         printf("Error: A client test failed\n");
-        system("sh ../ssl/test/killopenssl.sh");
-        system("sh ../ssl/test/killgnutls.sh");
+        SYSTEM("sh ../ssl/test/killopenssl.sh");
+        SYSTEM("sh ../ssl/test/killgnutls.sh");
         exit(1);
     }
     else
@@ -2065,7 +2068,7 @@ static void do_header_issue(void)
     pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
 #endif
     sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
-    system(axtls_buf);
+    SYSTEM(axtls_buf);
 }
 
 static int header_issue(void)
@@ -2099,7 +2102,12 @@ static int header_issue(void)
     }
 
     size = fread(buf, 1, sizeof(buf), f);
-    SOCKET_WRITE(client_fd, buf, size);
+    if (SOCKET_WRITE(client_fd, buf, size) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+
     usleep(200000);
 
     ret = 0;
@@ -2108,7 +2116,7 @@ static int header_issue(void)
     SOCKET_CLOSE(client_fd);
     SOCKET_CLOSE(server_fd);
     TTY_FLUSH();
-    system("killall axssl");
+    SYSTEM("killall axssl");
     return ret;
 }
 
@@ -2208,29 +2216,29 @@ int main(int argc, char *argv[])
     if (SSL_basic_test())
         goto cleanup;
 
-    system("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
 
     if (SSL_unblocked_test())
         goto cleanup;
 
-    system("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
 
     if (SSL_client_tests())
         goto cleanup;
 
-    system("sh ../ssl/test/killopenssl.sh");
-    system("sh ../ssl/test/killgnutls.sh");
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killgnutls.sh");
 
     if (SSL_server_tests())
         goto cleanup;
 
-    system("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
 
-    //if (header_issue())
-    //{
-    //    printf("Header tests failed\n"); TTY_FLUSH();
-    //    goto cleanup;
-    //}
+    if (header_issue())
+    {
+        printf("Header tests failed\n"); TTY_FLUSH();
+        goto cleanup;
+    }
 
     ret = 0;        /* all ok */
     printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 1717ceff3b..b4b0f648da 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -310,7 +310,9 @@ static int send_server_hello(SSL *ssl)
     buf[5] = ssl->version & 0x0f;
 
     /* server random value */
-    get_random(SSL_RANDOM_SIZE, &buf[6]);
+    if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0)
+        return SSL_NOT_OK;
+
     memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
@@ -391,7 +393,8 @@ static int process_client_key_xchg(SSL *ssl)
 
     /* rsa_ctx->bi_ctx is not thread-safe */
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret,
+            sizeof(premaster_secret), 1);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (premaster_size != SSL_SECRET_SIZE || 
@@ -400,7 +403,9 @@ static int process_client_key_xchg(SSL *ssl)
                 premaster_secret[1] != (ssl->client_version & 0x0f))
     {
         /* guard against a Bleichenbacher attack */
-        get_random(SSL_SECRET_SIZE, premaster_secret);
+        if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0)
+            return SSL_NOT_OK;
+
         /* and continue - will die eventually when checking the mac */
     }
 
@@ -453,7 +458,7 @@ static int process_cert_verify(SSL *ssl)
 
     /* rsa_ctx->bi_ctx is not thread-safe */
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (n != SHA1_SIZE + MD5_SIZE)
diff --git a/www/index.html b/www/index.html
index 2c5f2bbfdf..e4f28c62de 100755
--- a/www/index.html
+++ b/www/index.html
@@ -51,163 +51,163 @@
 
 // Miscellaneous options
 var config = {
-	numRssItems: 20, // Number of items in the RSS feed
-	animFast: 0.12, // Speed for animations (lower == slower)
-	animSlow: 0.01, // Speed for EasterEgg animations
-	cascadeFast: 20, // Speed for cascade animations (higher == slower)
-	cascadeSlow: 60, // Speed for EasterEgg cascade animations
-	cascadeDepth: 5, // Depth of cascade animation
-	displayStartupTime: false // Whether to display startup time
-	};
+    numRssItems: 20, // Number of items in the RSS feed
+    animFast: 0.12, // Speed for animations (lower == slower)
+    animSlow: 0.01, // Speed for EasterEgg animations
+    cascadeFast: 20, // Speed for cascade animations (higher == slower)
+    cascadeSlow: 60, // Speed for EasterEgg cascade animations
+    cascadeDepth: 5, // Depth of cascade animation
+    displayStartupTime: false // Whether to display startup time
+    };
 
 // Messages
 config.messages = {
-	messageClose: {},
-	dates: {}
+    messageClose: {},
+    dates: {}
 };
 
 // Options that can be set in the options panel and/or cookies
 config.options = {
-	chkRegExpSearch: false,
-	chkCaseSensitiveSearch: false,
-	chkAnimate: true,
-	chkSaveBackups: true,
-	chkAutoSave: false,
-	chkGenerateAnRssFeed: false,
-	chkSaveEmptyTemplate: false,
-	chkOpenInNewWindow: true,
-	chkToggleLinks: false,
-	chkHttpReadOnly: true,
-	chkForceMinorUpdate: false,
-	chkConfirmDelete: true,
-	chkInsertTabs: false,
-	txtBackupFolder: "",
-	txtMainTab: "tabTimeline",
-	txtMoreTab: "moreTabAll",
-	txtMaxEditRows: "30"
-	};
-	
+    chkRegExpSearch: false,
+    chkCaseSensitiveSearch: false,
+    chkAnimate: true,
+    chkSaveBackups: true,
+    chkAutoSave: false,
+    chkGenerateAnRssFeed: false,
+    chkSaveEmptyTemplate: false,
+    chkOpenInNewWindow: true,
+    chkToggleLinks: false,
+    chkHttpReadOnly: true,
+    chkForceMinorUpdate: false,
+    chkConfirmDelete: true,
+    chkInsertTabs: false,
+    txtBackupFolder: "",
+    txtMainTab: "tabTimeline",
+    txtMoreTab: "moreTabAll",
+    txtMaxEditRows: "30"
+    };
+
 // List of notification functions to be called when certain tiddlers are changed or deleted
 config.notifyTiddlers = [
-	{name: "StyleSheetLayout", notify: refreshStyles},
-	{name: "StyleSheetColors", notify: refreshStyles},
-	{name: "StyleSheet", notify: refreshStyles},
-	{name: "StyleSheetPrint", notify: refreshStyles},
-	{name: "PageTemplate", notify: refreshPageTemplate},
-	{name: "SiteTitle", notify: refreshPageTitle},
-	{name: "SiteSubtitle", notify: refreshPageTitle},
-	{name: "ColorPalette", notify: refreshColorPalette},
-	{name: null, notify: refreshDisplay}
-	];
+    {name: "StyleSheetLayout", notify: refreshStyles},
+    {name: "StyleSheetColors", notify: refreshStyles},
+    {name: "StyleSheet", notify: refreshStyles},
+    {name: "StyleSheetPrint", notify: refreshStyles},
+    {name: "PageTemplate", notify: refreshPageTemplate},
+    {name: "SiteTitle", notify: refreshPageTitle},
+    {name: "SiteSubtitle", notify: refreshPageTitle},
+    {name: "ColorPalette", notify: refreshColorPalette},
+    {name: null, notify: refreshDisplay}
+    ];
 
 // Default tiddler templates
 var DEFAULT_VIEW_TEMPLATE = 1;
 var DEFAULT_EDIT_TEMPLATE = 2;
 config.tiddlerTemplates = {
-	1: "ViewTemplate",
-	2: "EditTemplate"
-	};
+    1: "ViewTemplate",
+    2: "EditTemplate"
+    };
 
 // More messages (rather a legacy layout that shouldn't really be like this)
 config.views = {
-	wikified: {
-		tag: {}
-		},
-	editor: {
-		tagChooser: {}
-		}
-	};
+    wikified: {
+        tag: {}
+        },
+    editor: {
+        tagChooser: {}
+        }
+    };
 
 // Macros; each has a 'handler' member that is inserted later
 config.macros = {
-	today: {},
-	version: {},
-	search: {sizeTextbox: 15},
-	tiddler: {},
-	tag: {},
-	tags: {},
-	tagging: {},
-	timeline: {},
-	allTags: {},
-	list: {
-		all: {},
-		missing: {},
-		orphans: {},
-		shadowed: {}
-		},
-	closeAll: {},
-	permaview: {},
-	saveChanges: {},
-	slider: {},
-	option: {},
-	newTiddler: {},
-	newJournal: {},
-	sparkline: {},
-	tabs: {},
-	gradient: {},
-	message: {},
-	view: {},
-	edit: {},
-	tagChooser: {},
-	toolbar: {},
-	br: {},
-	plugins: {},
-	refreshDisplay: {},
-	importTiddlers: {}
-	};
+    today: {},
+    version: {},
+    search: {sizeTextbox: 15},
+    tiddler: {},
+    tag: {},
+    tags: {},
+    tagging: {},
+    timeline: {},
+    allTags: {},
+    list: {
+        all: {},
+        missing: {},
+        orphans: {},
+        shadowed: {}
+        },
+    closeAll: {},
+    permaview: {},
+    saveChanges: {},
+    slider: {},
+    option: {},
+    newTiddler: {},
+    newJournal: {},
+    sparkline: {},
+    tabs: {},
+    gradient: {},
+    message: {},
+    view: {},
+    edit: {},
+    tagChooser: {},
+    toolbar: {},
+    br: {},
+    plugins: {},
+    refreshDisplay: {},
+    importTiddlers: {}
+    };
 
 // Commands supported by the toolbar macro
 config.commands = {
-	closeTiddler: {},
-	closeOthers: {},
-	editTiddler: {},
-	saveTiddler: {hideReadOnly: true},
-	cancelTiddler: {},
-	deleteTiddler: {hideReadOnly: true},
-	permalink: {},
-	references: {},
-	jump: {}
-	};
+    closeTiddler: {},
+    closeOthers: {},
+    editTiddler: {},
+    saveTiddler: {hideReadOnly: true},
+    cancelTiddler: {},
+    deleteTiddler: {hideReadOnly: true},
+    permalink: {},
+    references: {},
+    jump: {}
+    };
 
 // Browser detection... In a very few places, there's nothing else for it but to
 // know what browser we're using.
 config.userAgent = navigator.userAgent.toLowerCase();
 config.browser = {
-	isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
-	ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
-	isSafari: config.userAgent.indexOf("applewebkit") != -1,
-	isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
-	firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
-	isOpera: config.userAgent.indexOf("opera") != -1,
-	isLinux: config.userAgent.indexOf("linux") != -1,
-	isUnix: config.userAgent.indexOf("x11") != -1,
-	isMac: config.userAgent.indexOf("mac") != -1,
-	isWindows: config.userAgent.indexOf("win") != -1
-	};
+    isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+    ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+    isSafari: config.userAgent.indexOf("applewebkit") != -1,
+    isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+    firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+    isOpera: config.userAgent.indexOf("opera") != -1,
+    isLinux: config.userAgent.indexOf("linux") != -1,
+    isUnix: config.userAgent.indexOf("x11") != -1,
+    isMac: config.userAgent.indexOf("mac") != -1,
+    isWindows: config.userAgent.indexOf("win") != -1
+    };
 
 // Basic regular expressions
 config.textPrimitives = {
-	upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
-	lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
-	anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
-	anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
-	};
+    upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+    lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+    anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+    anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+    };
 if(config.browser.isBadSafari)
-	config.textPrimitives = {
-		upperLetter: "[A-Z\u00c0-\u00de]",
-		lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
-		anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
-		anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
-		}
+    config.textPrimitives = {
+        upperLetter: "[A-Z\u00c0-\u00de]",
+        lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+        anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+        anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+        }
 config.textPrimitives.sliceSeparator = "::";
 config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
 config.textPrimitives.unWikiLink = "~";
 config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
-												config.textPrimitives.lowerLetter + "+" +
-												config.textPrimitives.upperLetter +
-												config.textPrimitives.anyLetter + "*)|(?:" +
-												config.textPrimitives.upperLetter + "{2,}" +
-												config.textPrimitives.lowerLetter + "+))";
+                                                config.textPrimitives.lowerLetter + "+" +
+                                                config.textPrimitives.upperLetter +
+                                                config.textPrimitives.anyLetter + "*)|(?:" +
+                                                config.textPrimitives.upperLetter + "{2,}" +
+                                                config.textPrimitives.lowerLetter + "+))";
 
 config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
 config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
@@ -215,45 +215,45 @@
 config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
 config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
 config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
-	config.textPrimitives.brackettedLink + ")|(?:" + 
-	config.textPrimitives.urlPattern + ")","mg");
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
 config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
-	config.textPrimitives.titledBrackettedLink + ")|(?:" +
-	config.textPrimitives.brackettedLink + ")|(?:" +
-	config.textPrimitives.urlPattern + ")","mg");
+    config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
 
 // ---------------------------------------------------------------------------------
 // Shadow tiddlers
 // ---------------------------------------------------------------------------------
 
 config.shadowTiddlers = {
-	ColorPalette: "Background: #fff\n" + 
-				  "Foreground: #000\n" +
-				  "PrimaryPale: #8cf\n" +
-				  "PrimaryLight: #18f\n" +
-				  "PrimaryMid: #04b\n" +
-				  "PrimaryDark: #014\n" +
-				  "SecondaryPale: #ffc\n" +
-				  "SecondaryLight: #fe8\n" +
-				  "SecondaryMid: #db4\n" +
-				  "SecondaryDark: #841\n" +
-				  "TertiaryPale: #eee\n" +
-				  "TertiaryLight: #ccc\n" +
-				  "TertiaryMid: #999\n" +
-				  "TertiaryDark: #666\n" +
-				  "Error: #f88\n",
-	StyleSheet: "",
-	StyleSheetColors: "/*{{{*/\nbody {\n	background: [[ColorPalette::Background]];\n	color: [[ColorPalette::Foreground]];\n}\n\na{\n	color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n	background: [[ColorPalette::PrimaryMid]];\n	color: [[ColorPalette::Background]];\n}\n\na img{\n	border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	color: [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n	color: [[ColorPalette::PrimaryDark]];\n	border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::SecondaryLight]];\n	border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n	font-weight: normal;\n	color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n	color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n	font-weight: normal;\n	color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border-left: 1px solid [[ColorPalette::TertiaryLight]];\n	border-top: 1px solid [[ColorPalette::TertiaryLight]];\n	border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::TertiaryPale]];\n	border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n	 border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n	background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n	border: none;\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n	color: [[ColorPalette::PrimaryMid]];\n	background: [[ColorPalette::Background]];\n}\n\n.wizard {\n	background: [[ColorPalette::SecondaryLight]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n	color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n	background: [[ColorPalette::Background]];\n	border-top: 1px solid [[ColorPalette::SecondaryMid]];\n	border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n	border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n	color: [[ColorPalette::PrimaryLight]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n	color: [[ColorPalette::Background]];\n	background: [[ColorPalette::PrimaryMid]];\n	border-top: 1px solid [[ColorPalette::PrimaryLight]];\n	border-right: 1px solid [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n	border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n	border: 1px solid [[ColorPalette::SecondaryDark]];\n	background: [[ColorPalette::SecondaryMid]];\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n	padding: 0.2em 0.2em 0.2em 0.2em;\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::Background]];\n}\n\n.popup {\n	background: [[ColorPalette::PrimaryLight]];\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n	color: [[ColorPalette::PrimaryDark]];\n	background: [[ColorPalette::PrimaryDark]];\n	border-bottom: 1px;\n}\n\n.listBreak div{\n	border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n	color: [[ColorPalette::TertiaryPale]];\n	border: none;\n}\n\n.popup li a:hover {\n	background: [[ColorPalette::PrimaryDark]];\n	color: [[ColorPalette::Background]];\n	border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n	color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n	border: 1px solid [[ColorPalette::TertiaryPale]];\n	background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n	background-color: [[ColorPalette::TertiaryLight]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n	color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n		border: none;\n}\n\n.footer {\n	color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n	background: [[ColorPalette::PrimaryPale]];\n	border: 0;\n}\n\n.sparktick {\n	background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::Error]];\n}\n\n.warning {\n	color: [[ColorPalette::Foreground]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n	background: [[ColorPalette::TertiaryPale]];\n	color: [[ColorPalette::TertiaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n	background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n	border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n	border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n	border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n	background: [[ColorPalette::SecondaryMid]];\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n	border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n	border: 1px solid [[ColorPalette::SecondaryLight]];\n	background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n	color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n	border: 0;\n	border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n	color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n	background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n	border: 1px solid [[ColorPalette::PrimaryMid]];\n	width: 100%;\n}\n\n.editorFooter {\n	color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
-	StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n	font-size: .75em;\n	font-family: arial,helvetica;\n	margin: 0;\n	padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n	font-weight: bold;\n	text-decoration: none;\n	padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n	height: 1px;\n}\n\na{\n	text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n	width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n	border: 0;\n}\n\n.externalLink {\n	text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n	font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n	font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n	font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n		position: relative;\n}\n\n.header a:hover {\n	background: transparent;\n}\n\n.headerShadow {\n	position: relative;\n	padding: 4.5em 0em 1em 1em;\n	left: -1px;\n	top: -1px;\n}\n\n.headerForeground {\n	position: absolute;\n	padding: 4.5em 0em 1em 1em;\n	left: 0px;\n	top: 0px;\n}\n\n.siteTitle {\n	font-size: 3em;\n}\n\n.siteSubtitle {\n	font-size: 1.2em;\n}\n\n#mainMenu {\n	position: absolute;\n	left: 0;\n	width: 10em;\n	text-align: right;\n	line-height: 1.6em;\n	padding: 1.5em 0.5em 0.5em 0.5em;\n	font-size: 1.1em;\n}\n\n#sidebar {\n	position: absolute;\n	right: 3px;\n	width: 16em;\n	font-size: .9em;\n}\n\n#sidebarOptions {\n	padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n	margin: 0em 0.2em;\n	padding: 0.2em 0.3em;\n	display: block;\n}\n\n#sidebarOptions input {\n	margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n	margin-left: 1em;\n	padding: 0.5em;\n	font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n	font-weight: bold;\n	display: inline;\n	padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n	margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n	width: 15em;\n	overflow: hidden;\n}\n\n.wizard {\n	padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n	font-size: 2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n	font-size: 1.2em;\n	font-weight: bold;\n	background: none;\n	padding: 0em 0em 0em 0em;\n	margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n	padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n	margin: 0.5em 0em 0em 0em;\n	font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n	text-decoration: underline;\n}\n\n.popup {\n	font-size: .9em;\n	padding: 0.2em;\n	list-style: none;\n	margin: 0;\n}\n\n.popup hr {\n	display: block;\n	height: 1px;\n	width: auto;\n	padding: 0;\n	margin: 0.2em 0em;\n}\n\n.listBreak {\n	font-size: 1px;\n	line-height: 1px;\n}\n\n.listBreak div {\n	margin: 2px 0;\n}\n\n.popup li.disabled {\n	padding: 0.2em;\n}\n\n.popup li a{\n	display: block;\n	padding: 0.2em;\n}\n\n.tabset {\n	padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n	margin: 0em 0em 0em 0.25em;\n	padding: 2px;\n}\n\n.tabContents {\n	padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n	margin: 0;\n	padding: 0;\n}\n\n.txtMainTab .tabContents li {\n	list-style: none;\n}\n\n.tabContents li.listLink {\n	 margin-left: .75em;\n}\n\n#displayArea {\n	margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n	text-align: right;\n	font-size: .9em;\n	visibility: hidden;\n}\n\n.selected .toolbar {\n	visibility: visible;\n}\n\n.tiddler {\n	padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n	font-style: italic;\n}\n\n.title {\n	font-size: 1.6em;\n	font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n	font-size: 1.1em;\n}\n\n.tiddler .button {\n	padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n	font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n	width: 99%;\n	padding: 0 0 1em 0;\n}\n\n.viewer {\n	line-height: 1.4em;\n	padding-top: 0.5em;\n}\n\n.viewer .button {\n	margin: 0em 0.25em;\n	padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n	line-height: 1.5em;\n	padding-left: 0.8em;\n	margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n	margin-left: 0.5em;\n	padding-left: 1.5em;\n}\n\n.viewer table {\n	border-collapse: collapse;\n	margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n	padding: 3px;\n}\n\n.viewer table.listView {\n	font-size: 0.85em;\n	margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n	padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n	padding: 0.5em;\n	margin-left: 0.5em;\n	font-size: 1.2em;\n	line-height: 1.4em;\n	overflow: auto;\n}\n\n.viewer code {\n	font-size: 1.2em;\n	line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n	display: block;\n	width: 100%;\n	font: inherit;\n}\n\n.editorFooter {\n	padding: 0.25em 0em;\n	font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n	line-height: 1em;\n}\n\n.sparktick {\n	outline: 0;\n}\n\n.zoomer {\n	font-size: 1.1em;\n	position: absolute;\n	padding: 1em;\n}\n\n.cascade {\n	font-size: 1.1em;\n	position: absolute;\n	overflow: hidden;\n}\n/*}}}*/",
-	StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
-	PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
-	ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
-	EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
-	MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
-	MarkupPostHead: "",
-	MarkupPreBody: "",
-	MarkupPostBody: ""
-	};
+    ColorPalette: "Background: #fff\n" +
+                  "Foreground: #000\n" +
+                  "PrimaryPale: #8cf\n" +
+                  "PrimaryLight: #18f\n" +
+                  "PrimaryMid: #04b\n" +
+                  "PrimaryDark: #014\n" +
+                  "SecondaryPale: #ffc\n" +
+                  "SecondaryLight: #fe8\n" +
+                  "SecondaryMid: #db4\n" +
+                  "SecondaryDark: #841\n" +
+                  "TertiaryPale: #eee\n" +
+                  "TertiaryLight: #ccc\n" +
+                  "TertiaryMid: #999\n" +
+                  "TertiaryDark: #666\n" +
+                  "Error: #f88\n",
+    StyleSheet: "",
+    StyleSheetColors: "/*{{{*/\nbody {\n    background: [[ColorPalette::Background]];\n color: [[ColorPalette::Foreground]];\n}\n\na{\n color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n   background: [[ColorPalette::PrimaryMid]];\n color: [[ColorPalette::Background]];\n}\n\na img{\n border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n color: [[ColorPalette::SecondaryDark]];\n   background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n    color: [[ColorPalette::PrimaryDark]];\n border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::SecondaryLight]];\n border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n    background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n   color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n  font-weight: normal;\n  color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n    color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n  font-weight: normal;\n  color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border-left: 1px solid [[ColorPalette::TertiaryLight]];\n   border-top: 1px solid [[ColorPalette::TertiaryLight]];\n    border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n   color: [[ColorPalette::Background]];\n  background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n   color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n    border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n  background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n   color: [[ColorPalette::PrimaryMid]];\n  background: [[ColorPalette::Background]];\n}\n\n.wizard {\n background: [[ColorPalette::SecondaryLight]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n    color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n  background: [[ColorPalette::Background]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n  border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n    color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n  color: [[ColorPalette::PrimaryLight]];\n    background: [[ColorPalette::PrimaryDark]];\n    border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n    background: [[ColorPalette::SecondaryMid]];\n   color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n    padding: 0.2em 0.2em 0.2em 0.2em;\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::Background]];\n}\n\n.popup {\n  background: [[ColorPalette::PrimaryLight]];\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px;\n}\n\n.listBreak div{\n border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n    color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n color: [[ColorPalette::TertiaryPale]];\n    border: none;\n}\n\n.popup li a:hover {\n   background: [[ColorPalette::PrimaryDark]];\n    color: [[ColorPalette::Background]];\n  border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n   color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n    border: 1px solid [[ColorPalette::TertiaryPale]];\n background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n   background-color: [[ColorPalette::TertiaryLight]];\n    border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n  color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n       border: none;\n}\n\n.footer {\n color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n  background: [[ColorPalette::PrimaryPale]];\n    border: 0;\n}\n\n.sparktick {\n background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n   color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::Error]];\n}\n\n.warning {\n color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n background: [[ColorPalette::TertiaryPale]];\n   color: [[ColorPalette::TertiaryMid]];\n border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n  background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n    border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n  border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n  border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n    background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n border: 1px solid [[ColorPalette::SecondaryLight]];\n   background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n    border: 0;\n    border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n    background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n   width: 100%;\n}\n\n.editorFooter {\n    color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+    StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n   font-size: .75em;\n font-family: arial,helvetica;\n margin: 0;\n    padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n    font-weight: bold;\n    text-decoration: none;\n    padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n  height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n  border: 0;\n}\n\n.externalLink {\n  text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n  font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n   font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n        position: relative;\n}\n\n.header a:hover {\n   background: transparent;\n}\n\n.headerShadow {\n    position: relative;\n   padding: 4.5em 0em 1em 1em;\n   left: -1px;\n   top: -1px;\n}\n\n.headerForeground {\n  position: absolute;\n   padding: 4.5em 0em 1em 1em;\n   left: 0px;\n    top: 0px;\n}\n\n.siteTitle {\n  font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n#mainMenu {\n   position: absolute;\n   left: 0;\n  width: 10em;\n  text-align: right;\n    line-height: 1.6em;\n   padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n#sidebar {\n    position: absolute;\n   right: 3px;\n   width: 16em;\n  font-size: .9em;\n}\n\n#sidebarOptions {\n  padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n    padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n   font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n  font-weight: bold;\n    display: inline;\n  padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n    margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n width: 15em;\n  overflow: hidden;\n}\n\n.wizard {\n padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n    font-size: 2em;\n   font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n   font-size: 1.2em;\n font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n  padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n margin: 0.5em 0em 0em 0em;\n    font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n    text-decoration: underline;\n}\n\n.popup {\n    font-size: .9em;\n  padding: 0.2em;\n   list-style: none;\n margin: 0;\n}\n\n.popup hr {\n  display: block;\n   height: 1px;\n  width: auto;\n  padding: 0;\n   margin: 0.2em 0em;\n}\n\n.listBreak {\n font-size: 1px;\n   line-height: 1px;\n}\n\n.listBreak div {\n  margin: 2px 0;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n    display: block;\n   padding: 0.2em;\n}\n\n.tabset {\n   padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n  margin: 0em 0em 0em 0.25em;\n   padding: 2px;\n}\n\n.tabContents {\n    padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n  margin: 0;\n    padding: 0;\n}\n\n.txtMainTab .tabContents li {\n   list-style: none;\n}\n\n.tabContents li.listLink {\n     margin-left: .75em;\n}\n\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n    font-size: .9em;\n  visibility: hidden;\n}\n\n.selected .toolbar {\n    visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n    font-style: italic;\n}\n\n.title {\n    font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n  font-size: 1.1em;\n}\n\n.tiddler .button {\n    padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n  font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n  width: 99%;\n   padding: 0 0 1em 0;\n}\n\n.viewer {\n   line-height: 1.4em;\n   padding-top: 0.5em;\n}\n\n.viewer .button {\n   margin: 0em 0.25em;\n   padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n   line-height: 1.5em;\n   padding-left: 0.8em;\n  margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n   padding-left: 1.5em;\n}\n\n.viewer table {\n    border-collapse: collapse;\n    margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n    padding: 3px;\n}\n\n.viewer table.listView {\n  font-size: 0.85em;\n    margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n  padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n   margin-left: 0.5em;\n   font-size: 1.2em;\n line-height: 1.4em;\n   overflow: auto;\n}\n\n.viewer code {\n  font-size: 1.2em;\n line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n    display: block;\n   width: 100%;\n  font: inherit;\n}\n\n.editorFooter {\n  padding: 0.25em 0em;\n  font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n  outline: 0;\n}\n\n.zoomer {\n   font-size: 1.1em;\n position: absolute;\n   padding: 1em;\n}\n\n.cascade {\n    font-size: 1.1em;\n position: absolute;\n   overflow: hidden;\n}\n/*}}}*/",
+    StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+    PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+    ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+    EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+    MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+    MarkupPostHead: "",
+    MarkupPreBody: "",
+    MarkupPostBody: ""
+    };
 
 // ---------------------------------------------------------------------------------
 // Translateable strings
@@ -262,50 +262,50 @@
 // Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
 
 merge(config.options,{
-	txtUserName: "YourName"});
+    txtUserName: "YourName"});
 
 merge(config.messages,{
-	customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
-	pluginError: "Error: %0",
-	pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
-	pluginForced: "Executed because forced via 'systemConfigForce' tag",
-	pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
-	nothingSelected: "Nothing is selected. You must select one or more items first",
-	savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
-	subtitleUnknown: "(unknown)",
-	undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
-	shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
-	tiddlerLinkTooltip: "%0 - %1, %2",
-	externalLinkTooltip: "External link to %0",
-	noTags: "There are no tagged tiddlers",
-	notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
-	cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
-	invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
-	backupSaved: "Backup saved",
-	backupFailed: "Failed to save backup file",
-	rssSaved: "RSS feed saved",
-	rssFailed: "Failed to save RSS feed file",
-	emptySaved: "Empty template saved",
-	emptyFailed: "Failed to save empty template file",
-	mainSaved: "Main TiddlyWiki file saved",
-	mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
-	macroError: "Error in macro <<%0>>",
-	macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
-	missingMacro: "No such macro",
-	overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
-	unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
-	confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
-	saveInstructions: "SaveChanges",
-	unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
-	tiddlerSaveError: "Error when saving tiddler '%0'",
-	tiddlerLoadError: "Error when loading tiddler '%0'",
-	wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
-	invalidFieldName: "Invalid field name %0",
-	fieldCannotBeChanged: "Field '%0' cannot be changed"});
+    customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+    pluginError: "Error: %0",
+    pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+    pluginForced: "Executed because forced via 'systemConfigForce' tag",
+    pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+    nothingSelected: "Nothing is selected. You must select one or more items first",
+    savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+    subtitleUnknown: "(unknown)",
+    undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+    shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+    tiddlerLinkTooltip: "%0 - %1, %2",
+    externalLinkTooltip: "External link to %0",
+    noTags: "There are no tagged tiddlers",
+    notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+    cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+    invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+    backupSaved: "Backup saved",
+    backupFailed: "Failed to save backup file",
+    rssSaved: "RSS feed saved",
+    rssFailed: "Failed to save RSS feed file",
+    emptySaved: "Empty template saved",
+    emptyFailed: "Failed to save empty template file",
+    mainSaved: "Main TiddlyWiki file saved",
+    mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+    macroError: "Error in macro <<%0>>",
+    macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+    missingMacro: "No such macro",
+    overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+    unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+    confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+    saveInstructions: "SaveChanges",
+    unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+    tiddlerSaveError: "Error when saving tiddler '%0'",
+    tiddlerLoadError: "Error when loading tiddler '%0'",
+    wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+    invalidFieldName: "Invalid field name %0",
+    fieldCannotBeChanged: "Field '%0' cannot be changed"});
 
 merge(config.messages.messageClose,{
-	text: "close",
-	tooltip: "close this message area"});
+    text: "close",
+    tooltip: "close this message area"});
 
 config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
 config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
@@ -313,48 +313,48 @@
 config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
 
 merge(config.views.wikified.tag,{
-	labelNoTags: "no tags",
-	labelTags: "tags: ",
-	openTag: "Open tag '%0'",
-	tooltip: "Show tiddlers tagged with '%0'",
-	openAllText: "Open all",
-	openAllTooltip: "Open all of these tiddlers",
-	popupNone: "No other tiddlers tagged with '%0'"});
+    labelNoTags: "no tags",
+    labelTags: "tags: ",
+    openTag: "Open tag '%0'",
+    tooltip: "Show tiddlers tagged with '%0'",
+    openAllText: "Open all",
+    openAllTooltip: "Open all of these tiddlers",
+    popupNone: "No other tiddlers tagged with '%0'"});
 
 merge(config.views.wikified,{
-	defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
-	defaultModifier: "(missing)",
-	shadowModifier: "(built-in shadow tiddler)",
-	createdPrompt: "created"});
+    defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+    defaultModifier: "(missing)",
+    shadowModifier: "(built-in shadow tiddler)",
+    createdPrompt: "created"});
 
 merge(config.views.editor,{
-	tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
-	defaultText: "Type the text for '%0'"});
+    tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+    defaultText: "Type the text for '%0'"});
 
 merge(config.views.editor.tagChooser,{
-	text: "tags",
-	tooltip: "Choose existing tags to add to this tiddler",
-	popupNone: "There are no tags defined",
-	tagTooltip: "Add the tag '%0'"});
+    text: "tags",
+    tooltip: "Choose existing tags to add to this tiddler",
+    popupNone: "There are no tags defined",
+    tagTooltip: "Add the tag '%0'"});
 
 merge(config.macros.search,{
-	label: "search",
-	prompt: "Search this TiddlyWiki",
-	accessKey: "F",
-	successMsg: "%0 tiddlers found matching %1",
-	failureMsg: "No tiddlers found matching %0"});
+    label: "search",
+    prompt: "Search this TiddlyWiki",
+    accessKey: "F",
+    successMsg: "%0 tiddlers found matching %1",
+    failureMsg: "No tiddlers found matching %0"});
 
 merge(config.macros.tagging,{
-	label: "tagging: ",
-	labelNotTag: "not tagging",
-	tooltip: "List of tiddlers tagged with '%0'"});
+    label: "tagging: ",
+    labelNotTag: "not tagging",
+    tooltip: "List of tiddlers tagged with '%0'"});
 
 merge(config.macros.timeline,{
-	dateFormat: "DD MMM YYYY"});
+    dateFormat: "DD MMM YYYY"});
 
 merge(config.macros.allTags,{
-	tooltip: "Show tiddlers tagged with '%0'",
-	noTags: "There are no tagged tiddlers"});
+    tooltip: "Show tiddlers tagged with '%0'",
+    noTags: "There are no tagged tiddlers"});
 
 config.macros.list.all.prompt = "All tiddlers in alphabetical order";
 config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
@@ -362,155 +362,155 @@
 config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
 
 merge(config.macros.closeAll,{
-	label: "close all",
-	prompt: "Close all displayed tiddlers (except any that are being edited)"});
+    label: "close all",
+    prompt: "Close all displayed tiddlers (except any that are being edited)"});
 
 merge(config.macros.permaview,{
-	label: "permaview",
-	prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+    label: "permaview",
+    prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
 
 merge(config.macros.saveChanges,{
-	label: "save changes",
-	prompt: "Save all tiddlers to create a new TiddlyWiki",
-	accessKey: "S"});
+    label: "save changes",
+    prompt: "Save all tiddlers to create a new TiddlyWiki",
+    accessKey: "S"});
 
 merge(config.macros.newTiddler,{
-	label: "new tiddler",
-	prompt: "Create a new tiddler",
-	title: "New Tiddler",
-	accessKey: "N"});
+    label: "new tiddler",
+    prompt: "Create a new tiddler",
+    title: "New Tiddler",
+    accessKey: "N"});
 
 merge(config.macros.newJournal,{
-	label: "new journal",
-	prompt: "Create a new tiddler from the current date and time",
-	accessKey: "J"});
+    label: "new journal",
+    prompt: "Create a new tiddler from the current date and time",
+    accessKey: "J"});
 
 merge(config.macros.plugins,{
-	skippedText: "(This plugin has not been executed because it was added since startup)",
-	noPluginText: "There are no plugins installed",
-	confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
-	listViewTemplate : {
-		columns: [
-			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-			{name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
-			{name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
-			{name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
-			{name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
-			{name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
-			{name: 'Log', field: 'log', title: "Log", type: 'StringList'}
-			],
-		rowClasses: [
-			{className: 'error', field: 'error'},
-			{className: 'warning', field: 'warning'}
-			],
-		actions: [
-			{caption: "More actions...", name: ''},
-			{caption: "Remove systemConfig tag", name: 'remove'},
-			{caption: "Delete these tiddlers forever", name: 'delete'}
-			]}
-	});
+    skippedText: "(This plugin has not been executed because it was added since startup)",
+    noPluginText: "There are no plugins installed",
+    confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+    listViewTemplate : {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+            {name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+            {name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+            {name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+            {name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+            {name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+            ],
+        rowClasses: [
+            {className: 'error', field: 'error'},
+            {className: 'warning', field: 'warning'}
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Remove systemConfig tag", name: 'remove'},
+            {caption: "Delete these tiddlers forever", name: 'delete'}
+            ]}
+    });
 
 merge(config.macros.refreshDisplay,{
-	label: "refresh",
-	prompt: "Redraw the entire TiddlyWiki display"
-	});
+    label: "refresh",
+    prompt: "Redraw the entire TiddlyWiki display"
+    });
 
 merge(config.macros.importTiddlers,{
-	readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
-	defaultPath: "http://www.tiddlywiki.com/index.html",
-	fetchLabel: "fetch",
-	fetchPrompt: "Fetch the tiddlywiki file",
-	fetchError: "There were problems fetching the tiddlywiki file",
-	confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
-	wizardTitle: "Import tiddlers from another TiddlyWiki file",
-	step1: "Step 1: Locate the TiddlyWiki file",
-	step1prompt: "Enter the URL or pathname here: ",
-	step1promptFile: "...or browse for a file: ",
-	step1promptFeeds: "...or select a pre-defined feed: ",
-	step1feedPrompt: "Choose...",
-	step2: "Step 2: Loading TiddlyWiki file",
-	step2Text: "Please wait while the file is loaded from: %0",
-	step3: "Step 3: Choose the tiddlers to import",
-	step4: "%0 tiddler(s) imported",
-	step5: "Done",
-	listViewTemplate: {
-		columns: [
-			{name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-			{name: 'Title', field: 'title', title: "Title", type: 'String'},
-			{name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
-			{name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
-			],
-		rowClasses: [
-			],
-		actions: [
-			{caption: "More actions...", name: ''},
-			{caption: "Import these tiddlers", name: 'import'}
-			]}
-	});
+    readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+    defaultPath: "http://www.tiddlywiki.com/index.html",
+    fetchLabel: "fetch",
+    fetchPrompt: "Fetch the tiddlywiki file",
+    fetchError: "There were problems fetching the tiddlywiki file",
+    confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+    wizardTitle: "Import tiddlers from another TiddlyWiki file",
+    step1: "Step 1: Locate the TiddlyWiki file",
+    step1prompt: "Enter the URL or pathname here: ",
+    step1promptFile: "...or browse for a file: ",
+    step1promptFeeds: "...or select a pre-defined feed: ",
+    step1feedPrompt: "Choose...",
+    step2: "Step 2: Loading TiddlyWiki file",
+    step2Text: "Please wait while the file is loaded from: %0",
+    step3: "Step 3: Choose the tiddlers to import",
+    step4: "%0 tiddler(s) imported",
+    step5: "Done",
+    listViewTemplate: {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', title: "Title", type: 'String'},
+            {name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+            {name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+            ],
+        rowClasses: [
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Import these tiddlers", name: 'import'}
+            ]}
+    });
 
 merge(config.commands.closeTiddler,{
-	text: "close",
-	tooltip: "Close this tiddler"});
+    text: "close",
+    tooltip: "Close this tiddler"});
 
 merge(config.commands.closeOthers,{
-	text: "close others",
-	tooltip: "Close all other tiddlers"});
+    text: "close others",
+    tooltip: "Close all other tiddlers"});
 
 merge(config.commands.editTiddler,{
-	text: "edit",
-	tooltip: "Edit this tiddler",
-	readOnlyText: "view",
-	readOnlyTooltip: "View the source of this tiddler"});
+    text: "edit",
+    tooltip: "Edit this tiddler",
+    readOnlyText: "view",
+    readOnlyTooltip: "View the source of this tiddler"});
 
 merge(config.commands.saveTiddler,{
-	text: "done",
-	tooltip: "Save changes to this tiddler"});
+    text: "done",
+    tooltip: "Save changes to this tiddler"});
 
 merge(config.commands.cancelTiddler,{
-	text: "cancel",
-	tooltip: "Undo changes to this tiddler",
-	warning: "Are you sure you want to abandon your changes to '%0'?",
-	readOnlyText: "done",
-	readOnlyTooltip: "View this tiddler normally"});
+    text: "cancel",
+    tooltip: "Undo changes to this tiddler",
+    warning: "Are you sure you want to abandon your changes to '%0'?",
+    readOnlyText: "done",
+    readOnlyTooltip: "View this tiddler normally"});
 
 merge(config.commands.deleteTiddler,{
-	text: "delete",
-	tooltip: "Delete this tiddler",
-	warning: "Are you sure you want to delete '%0'?"});
+    text: "delete",
+    tooltip: "Delete this tiddler",
+    warning: "Are you sure you want to delete '%0'?"});
 
 merge(config.commands.permalink,{
-	text: "permalink",
-	tooltip: "Permalink for this tiddler"});
+    text: "permalink",
+    tooltip: "Permalink for this tiddler"});
 
 merge(config.commands.references,{
-	text: "references",
-	tooltip: "Show tiddlers that link to this one",
-	popupNone: "No references"});
+    text: "references",
+    tooltip: "Show tiddlers that link to this one",
+    popupNone: "No references"});
 
 merge(config.commands.jump,{
-	text: "jump",
-	tooltip: "Jump to another open tiddler"});
+    text: "jump",
+    tooltip: "Jump to another open tiddler"});
 
 merge(config.shadowTiddlers,{
-	DefaultTiddlers: "GettingStarted",
-	MainMenu: "GettingStarted",
-	SiteTitle: "My TiddlyWiki",
-	SiteSubtitle: "a reusable non-linear personal web notebook",
-	SiteUrl: "http://www.tiddlywiki.com/",
-	GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
-	SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
-	OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
-	AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
-	SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
-	TabTimeline: "<<timeline>>",
-	TabAll: "<<list all>>",
-	TabTags: "<<allTags>>",
-	TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
-	TabMoreMissing: "<<list missing>>",
-	TabMoreOrphans: "<<list orphans>>",
-	TabMoreShadowed: "<<list shadowed>>",
-	PluginManager: "<<plugins>>",
-	ImportTiddlers: "<<importTiddlers>>"});
+    DefaultTiddlers: "GettingStarted",
+    MainMenu: "GettingStarted",
+    SiteTitle: "My TiddlyWiki",
+    SiteSubtitle: "a reusable non-linear personal web notebook",
+    SiteUrl: "http://www.tiddlywiki.com/",
+    GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+    SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+    OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+    AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+    SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+    TabTimeline: "<<timeline>>",
+    TabAll: "<<list all>>",
+    TabTags: "<<allTags>>",
+    TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+    TabMoreMissing: "<<list missing>>",
+    TabMoreOrphans: "<<list orphans>>",
+    TabMoreShadowed: "<<list shadowed>>",
+    PluginManager: "<<plugins>>",
+    ImportTiddlers: "<<importTiddlers>>"});
 
 // ---------------------------------------------------------------------------------
 // Main
@@ -536,143 +536,143 @@
 // Starting up
 function main()
 {
-	var now, then = new Date();
-	startingUp = true;
-	window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
-	params = getParameters();
-	if(params)
-		params = params.parseParams("open",null,false);
-	store = new TiddlyWiki();
-	invokeParamifier(params,"oninit");
-	story = new Story("tiddlerDisplay","tiddler");
-	addEvent(document,"click",Popup.onDocumentClick);
-	saveTest();
-	loadOptionsCookie();
-	for(var s=0; s<config.notifyTiddlers.length; s++)
-		store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
-	store.loadFromDiv("storeArea","store",true);
-	invokeParamifier(params,"onload");
-	var pluginProblem = loadPlugins();
-	formatter = new Formatter(config.formatters);
-	readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
-	invokeParamifier(params,"onconfig");
-	store.notifyAll();
-	restart();
-	if(pluginProblem)
-		{
-		story.displayTiddler(null,"PluginManager");
-		displayMessage(config.messages.customConfigError);
-		}
-	now = new Date();
-	if(config.displayStartupTime)
-		displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
-	startingUp = false;
+    var now, then = new Date();
+    startingUp = true;
+    window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+    params = getParameters();
+    if(params)
+        params = params.parseParams("open",null,false);
+    store = new TiddlyWiki();
+    invokeParamifier(params,"oninit");
+    story = new Story("tiddlerDisplay","tiddler");
+    addEvent(document,"click",Popup.onDocumentClick);
+    saveTest();
+    loadOptionsCookie();
+    for(var s=0; s<config.notifyTiddlers.length; s++)
+        store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+    store.loadFromDiv("storeArea","store",true);
+    invokeParamifier(params,"onload");
+    var pluginProblem = loadPlugins();
+    formatter = new Formatter(config.formatters);
+    readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+    invokeParamifier(params,"onconfig");
+    store.notifyAll();
+    restart();
+    if(pluginProblem)
+        {
+        story.displayTiddler(null,"PluginManager");
+        displayMessage(config.messages.customConfigError);
+        }
+    now = new Date();
+    if(config.displayStartupTime)
+        displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+    startingUp = false;
 }
 
 // Restarting
 function restart()
 {
-	invokeParamifier(params,"onstart");
-	if(story.isEmpty())
-		{
-		var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
-		invokeParamifier(defaultParams,"onstart");
-		}
-	window.scrollTo(0,0);
+    invokeParamifier(params,"onstart");
+    if(story.isEmpty())
+        {
+        var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+        invokeParamifier(defaultParams,"onstart");
+        }
+    window.scrollTo(0,0);
 }
 
 function saveTest()
 {
-	var saveTest = document.getElementById("saveTest");
-	if(saveTest.hasChildNodes())
-		alert(config.messages.savedSnapshotError);
-	saveTest.appendChild(document.createTextNode("savetest"));
+    var saveTest = document.getElementById("saveTest");
+    if(saveTest.hasChildNodes())
+        alert(config.messages.savedSnapshotError);
+    saveTest.appendChild(document.createTextNode("savetest"));
 }
 
 function loadPlugins()
 {
-	if(safeMode)
-		return false;
-	var configTiddlers = store.getTaggedTiddlers("systemConfig");
-	installedPlugins = [];
-	var hadProblem = false;
-	for(var t=0; t<configTiddlers.length; t++)
-		{
-		tiddler = configTiddlers[t];
-		pluginInfo = getPluginInfo(tiddler);
-		if(isPluginExecutable(pluginInfo))
-			{
-			pluginInfo.executed = true;
-			pluginInfo.error = false;
-			try
-				{
-				if(tiddler.text && tiddler.text != "")
-					window.eval(tiddler.text);
-				}
-			catch(e)
-				{
-				pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
-				pluginInfo.error = true;
-				hadProblem = true;
-				}
-			}
-		else
-			pluginInfo.warning = true;
-		installedPlugins.push(pluginInfo);
-		}
-	return hadProblem;
+    if(safeMode)
+        return false;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    installedPlugins = [];
+    var hadProblem = false;
+    for(var t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        pluginInfo = getPluginInfo(tiddler);
+        if(isPluginExecutable(pluginInfo))
+            {
+            pluginInfo.executed = true;
+            pluginInfo.error = false;
+            try
+                {
+                if(tiddler.text && tiddler.text != "")
+                    window.eval(tiddler.text);
+                }
+            catch(e)
+                {
+                pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+                pluginInfo.error = true;
+                hadProblem = true;
+                }
+            }
+        else
+            pluginInfo.warning = true;
+        installedPlugins.push(pluginInfo);
+        }
+    return hadProblem;
 }
 
 function getPluginInfo(tiddler)
 {
-	var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
-	p.tiddler = tiddler;
-	p.title = tiddler.title;
-	p.log = [];
-	return p;
+    var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+    p.tiddler = tiddler;
+    p.title = tiddler.title;
+    p.log = [];
+    return p;
 }
 
 // Check that a particular plugin is valid for execution
 function isPluginExecutable(plugin)
 {
-	if(plugin.tiddler.isTagged("systemConfigDisable"))
-		return verifyTail(plugin,false,config.messages.pluginDisabled);
-	if(plugin.tiddler.isTagged("systemConfigForce"))
-		return verifyTail(plugin,true,config.messages.pluginForced);
-	if(plugin["CoreVersion"])
-		{
-		var coreVersion = plugin["CoreVersion"].split(".");
-		var w = parseInt(coreVersion[0]) - version.major;
-		if(w == 0 && coreVersion[1])
-			w = parseInt(coreVersion[1]) - version.minor;
-		if(w == 0 && coreVersion[2])
-		 	w = parseInt(coreVersion[2]) - version.revision;
-		if(w > 0)
-			return verifyTail(plugin,false,config.messages.pluginVersionError);
-		}
-	return true;
+    if(plugin.tiddler.isTagged("systemConfigDisable"))
+        return verifyTail(plugin,false,config.messages.pluginDisabled);
+    if(plugin.tiddler.isTagged("systemConfigForce"))
+        return verifyTail(plugin,true,config.messages.pluginForced);
+    if(plugin["CoreVersion"])
+        {
+        var coreVersion = plugin["CoreVersion"].split(".");
+        var w = parseInt(coreVersion[0]) - version.major;
+        if(w == 0 && coreVersion[1])
+            w = parseInt(coreVersion[1]) - version.minor;
+        if(w == 0 && coreVersion[2])
+            w = parseInt(coreVersion[2]) - version.revision;
+        if(w > 0)
+            return verifyTail(plugin,false,config.messages.pluginVersionError);
+        }
+    return true;
 }
 
 function verifyTail(plugin,result,message)
 {
-	plugin.log.push(message);
-	return result;
+    plugin.log.push(message);
+    return result;
 }
 
 function invokeMacro(place,macro,params,wikifier,tiddler)
 {
-	try
-		{
-		var m = config.macros[macro];
-		if(m && m.handler)
-			m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
-		else
-			createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
-		}
-	catch(ex)
-		{
-		createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
-		}
+    try
+        {
+        var m = config.macros[macro];
+        if(m && m.handler)
+            m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+        else
+            createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+        }
+    catch(ex)
+        {
+        createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+        }
 }
 
 // ---------------------------------------------------------------------------------
@@ -681,89 +681,89 @@
 
 function getParameters()
 {
-	var p = null;
-	if(window.location.hash)
-		{
-		p = decodeURI(window.location.hash.substr(1));
-		if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
-			p = convertUTF8ToUnicode(p);
-		}
-	return p;
+    var p = null;
+    if(window.location.hash)
+        {
+        p = decodeURI(window.location.hash.substr(1));
+        if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+            p = convertUTF8ToUnicode(p);
+        }
+    return p;
 }
 
 function invokeParamifier(params,handler)
 {
-	if(!params || params.length == undefined || params.length <= 1)
-		return;
-	for(var t=1; t<params.length; t++)
-		{
-		var p = config.paramifiers[params[t].name];
-		if(p && p[handler] instanceof Function)
-			p[handler](params[t].value);
-		}
+    if(!params || params.length == undefined || params.length <= 1)
+        return;
+    for(var t=1; t<params.length; t++)
+        {
+        var p = config.paramifiers[params[t].name];
+        if(p && p[handler] instanceof Function)
+            p[handler](params[t].value);
+        }
 }
 
 config.paramifiers = {};
 
 config.paramifiers.start = {
-	oninit: function(v) {
-		safeMode = v.toLowerCase() == "safe";
-		}
+    oninit: function(v) {
+        safeMode = v.toLowerCase() == "safe";
+        }
 };
 
 config.paramifiers.open = {
-	onstart: function(v) {
-		story.displayTiddler("bottom",v,null,false,false);
-		}
+    onstart: function(v) {
+        story.displayTiddler("bottom",v,null,false,false);
+        }
 };
 
 config.paramifiers.story = {
-	onstart: function(v) {
-		var list = store.getTiddlerText(v,"").parseParams("open",null,false);
-		invokeParamifier(list,"onstart");
-		}
+    onstart: function(v) {
+        var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+        invokeParamifier(list,"onstart");
+        }
 };
 
 config.paramifiers.search = {
-	onstart: function(v) {
-		story.search(v,false,false);
-		}
+    onstart: function(v) {
+        story.search(v,false,false);
+        }
 };
 
 config.paramifiers.searchRegExp = {
-	onstart: function(v) {
-		story.prototype.search(v,false,true);
-		}
+    onstart: function(v) {
+        story.prototype.search(v,false,true);
+        }
 };
 
 config.paramifiers.tag = {
-	onstart: function(v) {
-		var tagged = store.getTaggedTiddlers(v,"title");
-		for(var t=0; t<tagged.length; t++)
-			story.displayTiddler("bottom",tagged[t].title,null,false,false);
-		}
+    onstart: function(v) {
+        var tagged = store.getTaggedTiddlers(v,"title");
+        for(var t=0; t<tagged.length; t++)
+            story.displayTiddler("bottom",tagged[t].title,null,false,false);
+        }
 };
 
 config.paramifiers.newTiddler = {
-	onstart: function(v) {
-		if(!readOnly)
-			{
-			story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
-			story.focusTiddler(v,"text");
-			}
-		}
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(v,"text");
+            }
+        }
 };
 
 config.paramifiers.newJournal = {
-	onstart: function(v) {
-		if(!readOnly)
-			{
-			var now = new Date();
-			var title = now.formatString(v.trim());
-			story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-			story.focusTiddler(title,"text");
-			}
-		}
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            var now = new Date();
+            var title = now.formatString(v.trim());
+            story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(title,"text");
+            }
+        }
 };
 
 // ---------------------------------------------------------------------------------
@@ -772,100 +772,100 @@
 
 function Formatter(formatters)
 {
-	this.formatters = [];
-	var pattern = [];
-	for(var n=0; n<formatters.length; n++)
-		{
-		pattern.push("(" + formatters[n].match + ")");
-		this.formatters.push(formatters[n]);
-		}
-	this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+    this.formatters = [];
+    var pattern = [];
+    for(var n=0; n<formatters.length; n++)
+        {
+        pattern.push("(" + formatters[n].match + ")");
+        this.formatters.push(formatters[n]);
+        }
+    this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
 }
 
 config.formatterHelpers = {
 
-	createElementAndWikify: function(w)
-	{
-		w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
-	},
-	
-	inlineCssHelper: function(w)
-	{
-		var styles = [];
-		config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			var s,v;
-			if(lookaheadMatch[1])
-				{
-				s = lookaheadMatch[1].unDash();
-				v = lookaheadMatch[2];
-				}
-			else
-				{
-				s = lookaheadMatch[3].unDash();
-				v = lookaheadMatch[4];
-				}
-			if (s=="bgcolor")
-				s = "backgroundColor";
-			styles.push({style: s, value: v});
-			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-			config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-			}
-		return styles;
-	},
-
-	applyCssHelper: function(e,styles)
-	{
-		for(var t=0; t< styles.length; t++)
-			{
-			try
-				{
-				e.style[styles[t].style] = styles[t].value;
-				}
-			catch (ex)
-				{
-				}
-			}
-	},
-
-	enclosedTextHelper: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			var text = lookaheadMatch[1];
-			if(config.browser.isIE)
-				text = text.replace(/\n/g,"\r");
-			createTiddlyElement(w.output,this.element,null,null,text);
-			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-			}
-	},
-
-	isExternalLink: function(link)
-	{
-		if(store.tiddlerExists(link) || store.isShadowTiddler(link))
-			{
-			//# Definitely not an external link
-			return false;
-			}
-		var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
-		if(urlRegExp.exec(link))
-			{
-			// Definitely an external link
-			return true;
-			}
-		if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
-			{
-			//# Link contains . / or \ so is probably an external link
-			return true;
-			}
-		//# Otherwise assume it is not an external link
-		return false;
-	}
+    createElementAndWikify: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+    },
+
+    inlineCssHelper: function(w)
+    {
+        var styles = [];
+        config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var s,v;
+            if(lookaheadMatch[1])
+                {
+                s = lookaheadMatch[1].unDash();
+                v = lookaheadMatch[2];
+                }
+            else
+                {
+                s = lookaheadMatch[3].unDash();
+                v = lookaheadMatch[4];
+                }
+            if (s=="bgcolor")
+                s = "backgroundColor";
+            styles.push({style: s, value: v});
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+            }
+        return styles;
+    },
+
+    applyCssHelper: function(e,styles)
+    {
+        for(var t=0; t< styles.length; t++)
+            {
+            try
+                {
+                e.style[styles[t].style] = styles[t].value;
+                }
+            catch (ex)
+                {
+                }
+            }
+    },
+
+    enclosedTextHelper: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var text = lookaheadMatch[1];
+            if(config.browser.isIE)
+                text = text.replace(/\n/g,"\r");
+            createTiddlyElement(w.output,this.element,null,null,text);
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            }
+    },
+
+    isExternalLink: function(link)
+    {
+        if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+            {
+            //# Definitely not an external link
+            return false;
+            }
+        var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+        if(urlRegExp.exec(link))
+            {
+            // Definitely an external link
+            return true;
+            }
+        if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+            {
+            //# Link contains . / or \ so is probably an external link
+            return true;
+            }
+        //# Otherwise assume it is not an external link
+        return false;
+    }
 
 };
 
@@ -875,611 +875,611 @@
 
 config.formatters = [
 {
-	name: "table",
-	match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
-	lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
-	rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
-	cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
-	cellTermRegExp: /((?:\x20*)\|)/mg,
-	rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
-
-	handler: function(w)
-	{
-		var table = createTiddlyElement(w.output,"table");
-		var prevColumns = [];
-		var currRowType = null;
-		var rowContainer;
-		var rowCount = 0;
-		w.nextMatch = w.matchStart;
-		this.lookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			var nextRowType = lookaheadMatch[2];
-			if(nextRowType == "k")
-				{
-				table.className = lookaheadMatch[1];
-				w.nextMatch += lookaheadMatch[0].length+1;
-				}
-			else
-				{
-				if(nextRowType != currRowType)
-					{
-					rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
-					currRowType = nextRowType;
-					}
-				if(currRowType == "c")
-					{
-					// Caption
-					w.nextMatch++;
-					if(rowContainer != table.firstChild)
-						table.insertBefore(rowContainer,table.firstChild);
-					rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
-					w.subWikifyTerm(rowContainer,this.rowTermRegExp);
-					}
-				else
-					{
-					this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
-					rowCount++;
-					}
-				}
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-			}
-	},
-	rowHandler: function(w,e,prevColumns)
-	{
-		var col = 0;
-		var colSpanCount = 1;
-		var prevCell = null;
-		this.cellRegExp.lastIndex = w.nextMatch;
-		var cellMatch = this.cellRegExp.exec(w.source);
-		while(cellMatch && cellMatch.index == w.nextMatch)
-			{
-			if(cellMatch[1] == "~")
-				{
-				// Rowspan
-				var last = prevColumns[col];
-				if(last)
-					{
-					last.rowSpanCount++;
-					last.element.setAttribute("rowspan",last.rowSpanCount);
-					last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
-					last.element.valign = "center";
-					}
-				w.nextMatch = this.cellRegExp.lastIndex-1;
-				}
-			else if(cellMatch[1] == ">")
-				{
-				// Colspan
-				colSpanCount++;
-				w.nextMatch = this.cellRegExp.lastIndex-1;
-				}
-			else if(cellMatch[2])
-				{
-				// End of row
-				if(prevCell && colSpanCount > 1)
-					{
-					prevCell.setAttribute("colspan",colSpanCount);
-					prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
-					}
-				w.nextMatch = this.cellRegExp.lastIndex;
-				break;
-				}
-			else
-				{
-				// Cell
-				w.nextMatch++;
-				var styles = config.formatterHelpers.inlineCssHelper(w);
-				var spaceLeft = false;
-				var chr = w.source.substr(w.nextMatch,1);
-				while(chr == " ")
-					{
-					spaceLeft = true;
-					w.nextMatch++;
-					chr = w.source.substr(w.nextMatch,1);
-					}
-				var cell;
-				if(chr == "!")
-					{
-					cell = createTiddlyElement(e,"th");
-					w.nextMatch++;
-					}
-				else
-					cell = createTiddlyElement(e,"td");
-				prevCell = cell;
-				prevColumns[col] = {rowSpanCount:1, element:cell};
-				if(colSpanCount > 1)
-					{
-					cell.setAttribute("colspan",colSpanCount);
-					cell.setAttribute("colSpan",colSpanCount); // Needed for IE
-					colSpanCount = 1;
-					}
-				config.formatterHelpers.applyCssHelper(cell,styles);
-				w.subWikifyTerm(cell,this.cellTermRegExp);
-				if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
-					cell.align = spaceLeft ? "center" : "left";
-				else if(spaceLeft)
-					cell.align = "right";
-				w.nextMatch--;
-				}
-			col++;
-			this.cellRegExp.lastIndex = w.nextMatch;
-			cellMatch = this.cellRegExp.exec(w.source);
-			}
-	}
+    name: "table",
+    match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+    lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+    rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+    cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+    cellTermRegExp: /((?:\x20*)\|)/mg,
+    rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+    handler: function(w)
+    {
+        var table = createTiddlyElement(w.output,"table");
+        var prevColumns = [];
+        var currRowType = null;
+        var rowContainer;
+        var rowCount = 0;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var nextRowType = lookaheadMatch[2];
+            if(nextRowType == "k")
+                {
+                table.className = lookaheadMatch[1];
+                w.nextMatch += lookaheadMatch[0].length+1;
+                }
+            else
+                {
+                if(nextRowType != currRowType)
+                    {
+                    rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+                    currRowType = nextRowType;
+                    }
+                if(currRowType == "c")
+                    {
+                    // Caption
+                    w.nextMatch++;
+                    if(rowContainer != table.firstChild)
+                        table.insertBefore(rowContainer,table.firstChild);
+                    rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+                    w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+                    }
+                else
+                    {
+                    this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+                    rowCount++;
+                    }
+                }
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            }
+    },
+    rowHandler: function(w,e,prevColumns)
+    {
+        var col = 0;
+        var colSpanCount = 1;
+        var prevCell = null;
+        this.cellRegExp.lastIndex = w.nextMatch;
+        var cellMatch = this.cellRegExp.exec(w.source);
+        while(cellMatch && cellMatch.index == w.nextMatch)
+            {
+            if(cellMatch[1] == "~")
+                {
+                // Rowspan
+                var last = prevColumns[col];
+                if(last)
+                    {
+                    last.rowSpanCount++;
+                    last.element.setAttribute("rowspan",last.rowSpanCount);
+                    last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+                    last.element.valign = "center";
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[1] == ">")
+                {
+                // Colspan
+                colSpanCount++;
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[2])
+                {
+                // End of row
+                if(prevCell && colSpanCount > 1)
+                    {
+                    prevCell.setAttribute("colspan",colSpanCount);
+                    prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex;
+                break;
+                }
+            else
+                {
+                // Cell
+                w.nextMatch++;
+                var styles = config.formatterHelpers.inlineCssHelper(w);
+                var spaceLeft = false;
+                var chr = w.source.substr(w.nextMatch,1);
+                while(chr == " ")
+                    {
+                    spaceLeft = true;
+                    w.nextMatch++;
+                    chr = w.source.substr(w.nextMatch,1);
+                    }
+                var cell;
+                if(chr == "!")
+                    {
+                    cell = createTiddlyElement(e,"th");
+                    w.nextMatch++;
+                    }
+                else
+                    cell = createTiddlyElement(e,"td");
+                prevCell = cell;
+                prevColumns[col] = {rowSpanCount:1, element:cell};
+                if(colSpanCount > 1)
+                    {
+                    cell.setAttribute("colspan",colSpanCount);
+                    cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    colSpanCount = 1;
+                    }
+                config.formatterHelpers.applyCssHelper(cell,styles);
+                w.subWikifyTerm(cell,this.cellTermRegExp);
+                if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+                    cell.align = spaceLeft ? "center" : "left";
+                else if(spaceLeft)
+                    cell.align = "right";
+                w.nextMatch--;
+                }
+            col++;
+            this.cellRegExp.lastIndex = w.nextMatch;
+            cellMatch = this.cellRegExp.exec(w.source);
+            }
+    }
 },
 
 {
-	name: "heading",
-	match: "^!{1,5}",
-	termRegExp: /(\n)/mg,
-	handler: function(w)
-	{
-		w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
-	}
+    name: "heading",
+    match: "^!{1,5}",
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+    }
 },
 
 {
-	name: "list",
-	match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
-	lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
-	termRegExp: /(\n)/mg,
-	handler: function(w)
-	{
-		var placeStack = [w.output];
-		var currLevel = 0, currType = null;
-		var listLevel, listType, itemType;
-		w.nextMatch = w.matchStart;
-		this.lookaheadRegExp.lastIndex = w.nextMatch;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-			{
-			if(lookaheadMatch[1])
-				{
-				listType = "ul";
-				itemType = "li";
-				}
-			else if(lookaheadMatch[2])
-				{
-				listType = "ol";
-				itemType = "li";
-				}
-			else if(lookaheadMatch[3])
-				{
-				listType = "dl";
-				itemType = "dt";
-				}
-			else if(lookaheadMatch[4])
-				{
-				listType = "dl";
-				itemType = "dd";
-				}
-			listLevel = lookaheadMatch[0].length;
-			w.nextMatch += lookaheadMatch[0].length;
-			if(listLevel > currLevel)
-				{
-				for(var t=currLevel; t<listLevel; t++)
-					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-				}
-			else if(listLevel < currLevel)
-				{
-				for(var t=currLevel; t>listLevel; t--)
-					placeStack.pop();
-				}
-			else if(listLevel == currLevel && listType != currType)
-				{
-				placeStack.pop();
-				placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-				}
-			currLevel = listLevel;
-			currType = listType;
-			var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
-			w.subWikifyTerm(e,this.termRegExp);
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		}
-	}
+    name: "list",
+    match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+    lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0, currType = null;
+        var listLevel, listType, itemType;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            if(lookaheadMatch[1])
+                {
+                listType = "ul";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[2])
+                {
+                listType = "ol";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[3])
+                {
+                listType = "dl";
+                itemType = "dt";
+                }
+            else if(lookaheadMatch[4])
+                {
+                listType = "dl";
+                itemType = "dd";
+                }
+            listLevel = lookaheadMatch[0].length;
+            w.nextMatch += lookaheadMatch[0].length;
+            if(listLevel > currLevel)
+                {
+                for(var t=currLevel; t<listLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            else if(listLevel < currLevel)
+                {
+                for(var t=currLevel; t>listLevel; t--)
+                    placeStack.pop();
+                }
+            else if(listLevel == currLevel && listType != currType)
+                {
+                placeStack.pop();
+                placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            currLevel = listLevel;
+            currType = listType;
+            var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+            w.subWikifyTerm(e,this.termRegExp);
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        }
+    }
 },
 
 {
-	name: "quoteByBlock",
-	match: "^<<<\\n",
-	termRegExp: /(^<<<(\n|$))/mg,
-	element: "blockquote",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "quoteByBlock",
+    match: "^<<<\\n",
+    termRegExp: /(^<<<(\n|$))/mg,
+    element: "blockquote",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "quoteByLine",
-	match: "^>+",
-	lookaheadRegExp: /^>+/mg,
-	termRegExp: /(\n)/mg,
-	element: "blockquote",
-	handler: function(w)
-	{
-		var placeStack = [w.output];
-		var currLevel = 0;
-		var newLevel = w.matchLength;
-		var t;
-		do {
-			if(newLevel > currLevel)
-				{
-				for(t=currLevel; t<newLevel; t++)
-					placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
-				}
-			else if(newLevel < currLevel)
-				{
-				for(t=currLevel; t>newLevel; t--)
-					placeStack.pop();
-				}
-			currLevel = newLevel;
-			w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
-			createTiddlyElement(placeStack[placeStack.length-1],"br");
-			this.lookaheadRegExp.lastIndex = w.nextMatch;
-			var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-			var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
-			if(matched)
-				{
-				newLevel = lookaheadMatch[0].length;
-				w.nextMatch += lookaheadMatch[0].length;
-				}
-		} while(matched);
-	}
+    name: "quoteByLine",
+    match: "^>+",
+    lookaheadRegExp: /^>+/mg,
+    termRegExp: /(\n)/mg,
+    element: "blockquote",
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0;
+        var newLevel = w.matchLength;
+        var t;
+        do {
+            if(newLevel > currLevel)
+                {
+                for(t=currLevel; t<newLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+                }
+            else if(newLevel < currLevel)
+                {
+                for(t=currLevel; t>newLevel; t--)
+                    placeStack.pop();
+                }
+            currLevel = newLevel;
+            w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+            createTiddlyElement(placeStack[placeStack.length-1],"br");
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+            if(matched)
+                {
+                newLevel = lookaheadMatch[0].length;
+                w.nextMatch += lookaheadMatch[0].length;
+                }
+        } while(matched);
+    }
 },
 
 {
-	name: "rule",
-	match: "^----+$\\n?",
-	handler: function(w)
-	{
-		createTiddlyElement(w.output,"hr");
-	}
+    name: "rule",
+    match: "^----+$\\n?",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"hr");
+    }
 },
 
 {
-	name: "monospacedByLine",
-	match: "^\\{\\{\\{\\n",
-	lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
+    name: "monospacedByLine",
+    match: "^\\{\\{\\{\\n",
+    lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
 },
 
 {
-	name: "monospacedByLineForCSS",
-	match: "^/\\*[\\{]{3}\\*/\\n",
-	lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
+    name: "monospacedByLineForCSS",
+    match: "^/\\*[\\{]{3}\\*/\\n",
+    lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
 },
 
 {
-	name: "monospacedByLineForPlugin",
-	match: "^//\\{\\{\\{\\n",
-	lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
+    name: "monospacedByLineForPlugin",
+    match: "^//\\{\\{\\{\\n",
+    lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
 },
 
 {
-	name: "monospacedByLineForTemplate",
-	match: "^<!--[\\{]{3}-->\\n",
-	lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg, 
-	element: "pre",
-	handler: config.formatterHelpers.enclosedTextHelper
+    name: "monospacedByLineForTemplate",
+    match: "^<!--[\\{]{3}-->\\n",
+    lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
 },
 
 {
-	name: "wikifyCommentForPlugin", 
-	match: "^/\\*\\*\\*\\n",
-	termRegExp: /(^\*\*\*\/\n)/mg,
-	handler: function(w)
-	{
-		w.subWikifyTerm(w.output,this.termRegExp);
-	}
+    name: "wikifyCommentForPlugin",
+    match: "^/\\*\\*\\*\\n",
+    termRegExp: /(^\*\*\*\/\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
 },
 
 {
-	name: "wikifyCommentForTemplate", 
-	match: "^<!---\\n",
-	termRegExp: /(^--->\n)/mg,
-	handler: function(w) 
-	{
-		w.subWikifyTerm(w.output,this.termRegExp);
-	}
+    name: "wikifyCommentForTemplate",
+    match: "^<!---\\n",
+    termRegExp: /(^--->\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
 },
 
 {
-	name: "macro",
-	match: "<<",
-	lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
-			{
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
-			}
-	}
+    name: "macro",
+    match: "<<",
+    lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+            {
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+            }
+    }
 },
 
 {
-	name: "prettyLink",
-	match: "\\[\\[",
-	lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			var e;
-			var text = lookaheadMatch[1];
-			if(lookaheadMatch[3])
-				{
-				// Pretty bracketted link
-				var link = lookaheadMatch[3];
-				e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
-						? createExternalLink(w.output,link)
-						: createTiddlyLink(w.output,link,false,null,w.isStatic);
-				}
-			else
-				{
-				// Simple bracketted link
-				e = createTiddlyLink(w.output,text,false,null,w.isStatic);
-				}
-			createTiddlyText(e,text);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
+    name: "prettyLink",
+    match: "\\[\\[",
+    lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var e;
+            var text = lookaheadMatch[1];
+            if(lookaheadMatch[3])
+                {
+                // Pretty bracketted link
+                var link = lookaheadMatch[3];
+                e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+                        ? createExternalLink(w.output,link)
+                        : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                }
+            else
+                {
+                // Simple bracketted link
+                e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+                }
+            createTiddlyText(e,text);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
 },
 
 {
-	name: "unWikiLink",
-	match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
-	handler: function(w)
-	{
-		w.outputText(w.output,w.matchStart+1,w.nextMatch);
-	}
+    name: "unWikiLink",
+    match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        w.outputText(w.output,w.matchStart+1,w.nextMatch);
+    }
 },
 
 {
-	name: "wikiLink",
-	match: config.textPrimitives.wikiLink,
-	handler: function(w)
-	{
-		if(w.matchStart > 0)
-			{
-			var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
-			preRegExp.lastIndex = w.matchStart-1;
-			var preMatch = preRegExp.exec(w.source);
-			if(preMatch.index == w.matchStart-1)
-				{
-				w.outputText(w.output,w.matchStart,w.nextMatch);
-				return;
-				}
-			}
-		if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
-			{
-			var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
-			w.outputText(link,w.matchStart,w.nextMatch);
-			}
-		else
-			{
-			w.outputText(w.output,w.matchStart,w.nextMatch);
-			}
-	}
+    name: "wikiLink",
+    match: config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        if(w.matchStart > 0)
+            {
+            var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+            preRegExp.lastIndex = w.matchStart-1;
+            var preMatch = preRegExp.exec(w.source);
+            if(preMatch.index == w.matchStart-1)
+                {
+                w.outputText(w.output,w.matchStart,w.nextMatch);
+                return;
+                }
+            }
+        if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+            {
+            var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+            w.outputText(link,w.matchStart,w.nextMatch);
+            }
+        else
+            {
+            w.outputText(w.output,w.matchStart,w.nextMatch);
+            }
+    }
 },
 
 {
-	name: "urlLink",
-	match: config.textPrimitives.urlPattern,
-	handler: function(w)
-	{
-		w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
-	}
+    name: "urlLink",
+    match: config.textPrimitives.urlPattern,
+    handler: function(w)
+    {
+        w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+    }
 },
 
 {
-	name: "image",
-	match: "\\[[<>]?[Ii][Mm][Gg]\\[",
-	lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
-			{
-			var e = w.output;
-			if(lookaheadMatch[5])
-				{
-				var link = lookaheadMatch[5];
-				e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
-				addClass(e,"imageLink");
-				}
-			var img = createTiddlyElement(e,"img");
-			if(lookaheadMatch[1])
-				img.align = "left";
-			else if(lookaheadMatch[2])
-				img.align = "right";
-			if(lookaheadMatch[3])
-				img.title = lookaheadMatch[3];
-			img.src = lookaheadMatch[4];
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
+    name: "image",
+    match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+    lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+            {
+            var e = w.output;
+            if(lookaheadMatch[5])
+                {
+                var link = lookaheadMatch[5];
+                e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                addClass(e,"imageLink");
+                }
+            var img = createTiddlyElement(e,"img");
+            if(lookaheadMatch[1])
+                img.align = "left";
+            else if(lookaheadMatch[2])
+                img.align = "right";
+            if(lookaheadMatch[3])
+                img.title = lookaheadMatch[3];
+            img.src = lookaheadMatch[4];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
 },
 
 {
-	name: "html",
-	match: "<[Hh][Tt][Mm][Ll]>",
-	lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
+    name: "html",
+    match: "<[Hh][Tt][Mm][Ll]>",
+    lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
 },
 
 {
-	name: "commentByBlock",
-	match: "/%",
-	lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-	}
+    name: "commentByBlock",
+    match: "/%",
+    lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+    }
 },
 
 {
-	name: "boldByChar",
-	match: "''",
-	termRegExp: /('')/mg,
-	element: "strong",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "boldByChar",
+    match: "''",
+    termRegExp: /('')/mg,
+    element: "strong",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "italicByChar",
-	match: "//",
-	termRegExp: /(\/\/)/mg,
-	element: "em",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "italicByChar",
+    match: "//",
+    termRegExp: /(\/\/)/mg,
+    element: "em",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "underlineByChar",
-	match: "__",
-	termRegExp: /(__)/mg,
-	element: "u",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "underlineByChar",
+    match: "__",
+    termRegExp: /(__)/mg,
+    element: "u",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "strikeByChar",
-	match: "--(?!\\s|$)",
-	termRegExp: /((?!\s)--|(?=\n\n))/mg,
-	element: "strike",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "strikeByChar",
+    match: "--(?!\\s|$)",
+    termRegExp: /((?!\s)--|(?=\n\n))/mg,
+    element: "strike",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "superscriptByChar",
-	match: "\\^\\^",
-	termRegExp: /(\^\^)/mg,
-	element: "sup",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "superscriptByChar",
+    match: "\\^\\^",
+    termRegExp: /(\^\^)/mg,
+    element: "sup",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "subscriptByChar",
-	match: "~~",
-	termRegExp: /(~~)/mg,
-	element: "sub",
-	handler: config.formatterHelpers.createElementAndWikify
+    name: "subscriptByChar",
+    match: "~~",
+    termRegExp: /(~~)/mg,
+    element: "sub",
+    handler: config.formatterHelpers.createElementAndWikify
 },
 
 {
-	name: "monospacedByChar",
-	match: "\\{\\{\\{",
-	lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
+    name: "monospacedByChar",
+    match: "\\{\\{\\{",
+    lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
 },
 
 {
-	name: "styleByChar",
-	match: "@@",
-	termRegExp: /(@@)/mg,
-	handler:  function(w)
-	{
-		var e = createTiddlyElement(w.output,"span");
-		var styles = config.formatterHelpers.inlineCssHelper(w);
-		if(styles.length == 0)
-			e.className = "marked";
-		else
-			config.formatterHelpers.applyCssHelper(e,styles);
-		w.subWikifyTerm(e,this.termRegExp);
-	}
+    name: "styleByChar",
+    match: "@@",
+    termRegExp: /(@@)/mg,
+    handler:  function(w)
+    {
+        var e = createTiddlyElement(w.output,"span");
+        var styles = config.formatterHelpers.inlineCssHelper(w);
+        if(styles.length == 0)
+            e.className = "marked";
+        else
+            config.formatterHelpers.applyCssHelper(e,styles);
+        w.subWikifyTerm(e,this.termRegExp);
+    }
 },
 
 {
-	name: "lineBreak",
-	match: "\\n|<br ?/?>",
-	handler: function(w)
-	{
-		createTiddlyElement(w.output,"br");
-	}
+    name: "lineBreak",
+    match: "\\n|<br ?/?>",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"br");
+    }
 },
 
 {
-	name: "rawText",
-	match: "\\\"{3}|<nowiki>",
-	lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-		if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-			{
-			createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			}
-	}
+    name: "rawText",
+    match: "\\\"{3}|<nowiki>",
+    lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
 },
 
 {
-	name: "mdash",
-	match: "--",
-	handler: function(w)
-		{
-		createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
-		}
+    name: "mdash",
+    match: "--",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+        }
 },
 
 {
-	name: "htmlEntitiesEncoding",
-	match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
-	handler: function(w)
-		{
-		createTiddlyElement(w.output,"span").innerHTML = w.matchText;
-		}
+    name: "htmlEntitiesEncoding",
+    match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+        }
 },
 
 {
-	name: "customClasses",
-	match: "\\{\\{",
-	termRegExp: /(\}\}\})/mg,
-	lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
-	handler: function(w)
-	{
-		this.lookaheadRegExp.lastIndex = w.matchStart;
-		var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-		if(lookaheadMatch)
-			{
-			var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
-			w.nextMatch = this.lookaheadRegExp.lastIndex;
-			w.subWikifyTerm(e,this.termRegExp);
-			}
-	}
+    name: "customClasses",
+    match: "\\{\\{",
+    termRegExp: /(\}\}\})/mg,
+    lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch)
+            {
+            var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            w.subWikifyTerm(e,this.termRegExp);
+            }
+    }
 }
 
 ];
@@ -1490,66 +1490,66 @@
 
 function getParser(tiddler)
 {
-	var f = formatter;
-	if(tiddler!=null)
-		{
-		for(var i in config.parsers)
-			{
-			if(tiddler.isTagged(config.parsers[i].formatTag))
-				{
-				f = config.parsers[i];
-				break;
-				}
-			}
-		}
-	return f;
+    var f = formatter;
+    if(tiddler!=null)
+        {
+        for(var i in config.parsers)
+            {
+            if(tiddler.isTagged(config.parsers[i].formatTag))
+                {
+                f = config.parsers[i];
+                break;
+                }
+            }
+        }
+    return f;
 }
 
 function wikify(source,output,highlightRegExp,tiddler)
 {
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-		wikifier.subWikifyUnterm(output);
-		}
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.subWikifyUnterm(output);
+        }
 }
 
 function wikifyStatic(source,highlightRegExp,tiddler)
 {
-	var e = createTiddlyElement(document.body,"div");
-	e.style.display = "none";
-	var html = "";
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-		wikifier.isStatic = true;
-		wikifier.subWikifyUnterm(e);
-		html = e.innerHTML;
-		e.parentNode.removeChild(e);
-		}
-	return html;
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    var html = "";
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.isStatic = true;
+        wikifier.subWikifyUnterm(e);
+        html = e.innerHTML;
+        e.parentNode.removeChild(e);
+        }
+    return html;
 }
 
 // Wikify a named tiddler to plain text
 function wikifyPlain(title)
 {
-	if(store.tiddlerExists(title) || store.isShadowTiddler(title))
-		{
-		var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
-		return wikifier.wikifyPlain();
-		}
-	else
-		return "";
+    if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+        {
+        var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+        return wikifier.wikifyPlain();
+        }
+    else
+        return "";
 }
 
 // Highlight plain text into an element
 function highlightify(source,output,highlightRegExp)
 {
-	if(source && source != "")
-		{
-		var wikifier = new Wikifier(source,formatter,highlightRegExp);
-		wikifier.outputText(output,0,source.length);
-		}
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,formatter,highlightRegExp);
+        wikifier.outputText(output,0,source.length);
+        }
 }
 
 // Construct a wikifier object
@@ -1559,166 +1559,166 @@
 // tiddler - reference to the tiddler that's taken to be the container for this wikification
 function Wikifier(source,formatter,highlightRegExp,tiddler)
 {
-	this.source = source;
-	this.output = null;
-	this.formatter = formatter;
-	this.nextMatch = 0;
-	this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
-	this.highlightRegExp = highlightRegExp;
-	this.highlightMatch = null;
-	this.isStatic = false;
-	if(highlightRegExp)
-		{
-		highlightRegExp.lastIndex = 0;
-		this.highlightMatch = highlightRegExp.exec(source);
-		}
-	this.tiddler = tiddler;
+    this.source = source;
+    this.output = null;
+    this.formatter = formatter;
+    this.nextMatch = 0;
+    this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+    this.highlightRegExp = highlightRegExp;
+    this.highlightMatch = null;
+    this.isStatic = false;
+    if(highlightRegExp)
+        {
+        highlightRegExp.lastIndex = 0;
+        this.highlightMatch = highlightRegExp.exec(source);
+        }
+    this.tiddler = tiddler;
 }
 
 Wikifier.prototype.wikifyPlain = function()
 {
-	var e = createTiddlyElement(document.body,"div");
-	e.style.display = "none";
-	this.subWikify(e);
-	var text = getPlainText(e);
-	e.parentNode.removeChild(e);
-	return text;
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    this.subWikify(e);
+    var text = getPlainText(e);
+    e.parentNode.removeChild(e);
+    return text;
 }
 
 Wikifier.prototype.subWikify = function(output,terminator)
 {
-	// Handle the terminated and unterminated cases separately
-	if (terminator)
-		this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
-	else
-		this.subWikifyUnterm(output);
+    // Handle the terminated and unterminated cases separately
+    if (terminator)
+        this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+    else
+        this.subWikifyUnterm(output);
 }
 
 Wikifier.prototype.subWikifyUnterm = function(output)
 {
-	// subWikify() can be indirectly recursive, so we need to save the old output pointer
-	var oldOutput = this.output;
-	this.output = output;
-	// Get the first match
-	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-	var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-	while(formatterMatch)
-		{
-		// Output any text before the match
-		if(formatterMatch.index > this.nextMatch)
-			this.outputText(this.output,this.nextMatch,formatterMatch.index);
-		// Set the match parameters for the handler
-		this.matchStart = formatterMatch.index;
-		this.matchLength = formatterMatch[0].length;
-		this.matchText = formatterMatch[0];
-		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-		// Figure out which formatter matched and call its handler
-		for(var t=1; t<formatterMatch.length; t++)
-			{
-			if(formatterMatch[t])
-				{
-				this.formatter.formatters[t-1].handler(this);
-				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-				break;
-				}
-			}
-		// Get the next match
-		formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-		}
-	// Output any text after the last match
-	if(this.nextMatch < this.source.length)
-		{
-		this.outputText(this.output,this.nextMatch,this.source.length);
-		this.nextMatch = this.source.length;
-		}
-	// Restore the output pointer
-	this.output = oldOutput;
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first match
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+    while(formatterMatch)
+        {
+        // Output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters for the handler
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
 }
 
 Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
 {
-	// subWikify() can be indirectly recursive, so we need to save the old output pointer
-	var oldOutput = this.output;
-	this.output = output;
-	// Get the first matches for the formatter and terminator RegExps
-	terminatorRegExp.lastIndex = this.nextMatch;
-	var terminatorMatch = terminatorRegExp.exec(this.source);
-	this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-	var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-	while(terminatorMatch || formatterMatch)
-		{
-		// Check for a terminator match  before the next formatter match
-		if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
-			{
-			// Output any text before the match
-			if(terminatorMatch.index > this.nextMatch)
-				this.outputText(this.output,this.nextMatch,terminatorMatch.index);
-			// Set the match parameters
-			this.matchText = terminatorMatch[1];
-			this.matchLength = terminatorMatch[1].length;
-			this.matchStart = terminatorMatch.index;
-			this.nextMatch = this.matchStart + this.matchLength;
-			// Restore the output pointer
-			this.output = oldOutput;
-			return;
-			}
-		// It must be a formatter match; output any text before the match
-		if(formatterMatch.index > this.nextMatch)
-			this.outputText(this.output,this.nextMatch,formatterMatch.index);
-		// Set the match parameters
-		this.matchStart = formatterMatch.index;
-		this.matchLength = formatterMatch[0].length;
-		this.matchText = formatterMatch[0];
-		this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-		// Figure out which formatter matched and call its handler
-		for(var t=1; t<formatterMatch.length; t++)
-			{
-			if(formatterMatch[t])
-				{
-				this.formatter.formatters[t-1].handler(this);
-				this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-				break;
-				}
-			}
-		// Get the next match
-		terminatorRegExp.lastIndex = this.nextMatch;
-		terminatorMatch = terminatorRegExp.exec(this.source);
-		formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-		}
-	// Output any text after the last match
-	if(this.nextMatch < this.source.length)
-		{
-		this.outputText(this.output,this.nextMatch,this.source.length);
-		this.nextMatch = this.source.length;
-		}
-	// Restore the output pointer
-	this.output = oldOutput;
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first matches for the formatter and terminator RegExps
+    terminatorRegExp.lastIndex = this.nextMatch;
+    var terminatorMatch = terminatorRegExp.exec(this.source);
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+    while(terminatorMatch || formatterMatch)
+        {
+        // Check for a terminator match  before the next formatter match
+        if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+            {
+            // Output any text before the match
+            if(terminatorMatch.index > this.nextMatch)
+                this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+            // Set the match parameters
+            this.matchText = terminatorMatch[1];
+            this.matchLength = terminatorMatch[1].length;
+            this.matchStart = terminatorMatch.index;
+            this.nextMatch = this.matchStart + this.matchLength;
+            // Restore the output pointer
+            this.output = oldOutput;
+            return;
+            }
+        // It must be a formatter match; output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        terminatorRegExp.lastIndex = this.nextMatch;
+        terminatorMatch = terminatorRegExp.exec(this.source);
+        formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
 }
 
 Wikifier.prototype.outputText = function(place,startPos,endPos)
 {
-	// Check for highlights
-	while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
-		{
-		// Deal with any plain text before the highlight
-		if(this.highlightMatch.index > startPos)
-			{
-			createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
-			startPos = this.highlightMatch.index;
-			}
-		// Deal with the highlight
-		var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
-		var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
-		startPos = highlightEnd;
-		// Nudge along to the next highlight if we're done with this one
-		if(startPos >= this.highlightRegExp.lastIndex)
-			this.highlightMatch = this.highlightRegExp.exec(this.source);
-		}
-	// Do the unhighlighted text left over
-	if(startPos < endPos)
-		{
-		createTiddlyText(place,this.source.substring(startPos,endPos));
-		}
+    // Check for highlights
+    while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+        {
+        // Deal with any plain text before the highlight
+        if(this.highlightMatch.index > startPos)
+            {
+            createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+            startPos = this.highlightMatch.index;
+            }
+        // Deal with the highlight
+        var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+        var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+        startPos = highlightEnd;
+        // Nudge along to the next highlight if we're done with this one
+        if(startPos >= this.highlightRegExp.lastIndex)
+            this.highlightMatch = this.highlightRegExp.exec(this.source);
+        }
+    // Do the unhighlighted text left over
+    if(startPos < endPos)
+        {
+        createTiddlyText(place,this.source.substring(startPos,endPos));
+        }
 }
 
 // ---------------------------------------------------------------------------------
@@ -1727,117 +1727,117 @@
 
 config.macros.today.handler = function(place,macroName,params)
 {
-	var now = new Date();
-	var text;
-	if(params[0])
-		text = now.formatString(params[0].trim());
-	else
-		text = now.toLocaleString();
-	createTiddlyElement(place,"span",null,null,text);
+    var now = new Date();
+    var text;
+    if(params[0])
+        text = now.formatString(params[0].trim());
+    else
+        text = now.toLocaleString();
+    createTiddlyElement(place,"span",null,null,text);
 }
 
 config.macros.version.handler = function(place)
 {
-	createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+    createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
 }
 
 config.macros.list.handler = function(place,macroName,params)
 {
-	var type = params[0] ? params[0] : "all";
-	var theList = document.createElement("ul");
-	place.appendChild(theList);
-	if(this[type].prompt)
-		createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
-	var results;
-	if(this[type].handler)
-		results = this[type].handler(params);
-	for(var t = 0; t < results.length; t++)
-		{
-		var theListItem = document.createElement("li")
-		theList.appendChild(theListItem);
-		if(typeof results[t] == "string")
-			createTiddlyLink(theListItem,results[t],true);
-		else
-			createTiddlyLink(theListItem,results[t].title,true);
-		}
+    var type = params[0] ? params[0] : "all";
+    var theList = document.createElement("ul");
+    place.appendChild(theList);
+    if(this[type].prompt)
+        createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+    var results;
+    if(this[type].handler)
+        results = this[type].handler(params);
+    for(var t = 0; t < results.length; t++)
+        {
+        var theListItem = document.createElement("li")
+        theList.appendChild(theListItem);
+        if(typeof results[t] == "string")
+            createTiddlyLink(theListItem,results[t],true);
+        else
+            createTiddlyLink(theListItem,results[t].title,true);
+        }
 }
 
 config.macros.list.all.handler = function(params)
 {
-	return store.reverseLookup("tags","excludeLists",false,"title");
+    return store.reverseLookup("tags","excludeLists",false,"title");
 }
 
 config.macros.list.missing.handler = function(params)
 {
-	return store.getMissingLinks();
+    return store.getMissingLinks();
 }
 
 config.macros.list.orphans.handler = function(params)
 {
-	return store.getOrphans();
+    return store.getOrphans();
 }
 
 config.macros.list.shadowed.handler = function(params)
 {
-	return store.getShadowed();
+    return store.getShadowed();
 }
 
 config.macros.allTags.handler = function(place,macroName,params)
 {
-	var tags = store.getTags();
-	var theDateList = createTiddlyElement(place,"ul");
-	if(tags.length == 0)
-		createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
-	for(var t=0; t<tags.length; t++)
-		{
-		var theListItem =createTiddlyElement(theDateList,"li");
-		var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
-		theTag.setAttribute("tag",tags[t][0]);
-		}
+    var tags = store.getTags();
+    var theDateList = createTiddlyElement(place,"ul");
+    if(tags.length == 0)
+        createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theListItem =createTiddlyElement(theDateList,"li");
+        var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+        theTag.setAttribute("tag",tags[t][0]);
+        }
 }
 
 config.macros.timeline.handler = function(place,macroName,params)
 {
-	var field = params[0] ? params[0] : "modified";
-	var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
-	var lastDay = "";
-	var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
-	for(var t=tiddlers.length-1; t>=last; t--)
-		{
-		var tiddler = tiddlers[t];
-		var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
-		if(theDay != lastDay)
-			{
-			var theDateList = document.createElement("ul");
-			place.appendChild(theDateList);
-			createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
-			lastDay = theDay;
-			}
-		var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
-		theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
-		}
+    var field = params[0] ? params[0] : "modified";
+    var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+    var lastDay = "";
+    var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+    for(var t=tiddlers.length-1; t>=last; t--)
+        {
+        var tiddler = tiddlers[t];
+        var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+        if(theDay != lastDay)
+            {
+            var theDateList = document.createElement("ul");
+            place.appendChild(theDateList);
+            createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+            lastDay = theDay;
+            }
+        var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+        theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+        }
 }
 
 config.macros.search.handler = function(place,macroName,params)
 {
-	var searchTimeout = null;
-	var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
-	var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
-	if(params[0])
-		txt.value = params[0];
-	txt.onkeyup = this.onKeyPress;
-	txt.onfocus = this.onFocus;
-	txt.setAttribute("size",this.sizeTextbox);
-	txt.setAttribute("accessKey",this.accessKey);
-	txt.setAttribute("autocomplete","off");
-	txt.setAttribute("lastSearchText","");
-	if(config.browser.isSafari)
-		{
-		txt.setAttribute("type","search");
-		txt.setAttribute("results","5");
-		}
-	else
-		txt.setAttribute("type","text");
+    var searchTimeout = null;
+    var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+    if(params[0])
+        txt.value = params[0];
+    txt.onkeyup = this.onKeyPress;
+    txt.onfocus = this.onFocus;
+    txt.setAttribute("size",this.sizeTextbox);
+    txt.setAttribute("accessKey",this.accessKey);
+    txt.setAttribute("autocomplete","off");
+    txt.setAttribute("lastSearchText","");
+    if(config.browser.isSafari)
+        {
+        txt.setAttribute("type","search");
+        txt.setAttribute("results","5");
+        }
+    else
+        txt.setAttribute("type","text");
 }
 
 // Global because there's only ever one outstanding incremental search timer
@@ -1845,601 +1845,601 @@
 
 config.macros.search.doSearch = function(txt)
 {
-	if(txt.value.length > 0)
-		{
-		story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
-		txt.setAttribute("lastSearchText",txt.value);
-		}
+    if(txt.value.length > 0)
+        {
+        story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+        txt.setAttribute("lastSearchText",txt.value);
+        }
 }
 
 config.macros.search.onClick = function(e)
 {
-	config.macros.search.doSearch(this.nextSibling);
-	return false;
+    config.macros.search.doSearch(this.nextSibling);
+    return false;
 }
 
 config.macros.search.onKeyPress = function(e)
 {
-	if(!e) var e = window.event;
-	switch(e.keyCode)
-		{
-		case 13: // Ctrl-Enter
-		case 10: // Ctrl-Enter on IE PC
-			config.macros.search.doSearch(this);
-			break;
-		case 27: // Escape
-			this.value = "";
-			clearMessage();
-			break;
-		}
-	if(this.value.length > 2)
-		{
-		if(this.value != this.getAttribute("lastSearchText"))
-			{
-			if(config.macros.search.timeout)
-				clearTimeout(config.macros.search.timeout);
-			var txt = this;
-			config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
-			}
-		}
-	else
-		{
-		if(config.macros.search.timeout)
-			clearTimeout(config.macros.search.timeout);
-		}
+    if(!e) var e = window.event;
+    switch(e.keyCode)
+        {
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+            config.macros.search.doSearch(this);
+            break;
+        case 27: // Escape
+            this.value = "";
+            clearMessage();
+            break;
+        }
+    if(this.value.length > 2)
+        {
+        if(this.value != this.getAttribute("lastSearchText"))
+            {
+            if(config.macros.search.timeout)
+                clearTimeout(config.macros.search.timeout);
+            var txt = this;
+            config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+            }
+        }
+    else
+        {
+        if(config.macros.search.timeout)
+            clearTimeout(config.macros.search.timeout);
+        }
 }
 
 config.macros.search.onFocus = function(e)
 {
-	this.select();
+    this.select();
 }
 
 config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	params = paramString.parseParams("name",null,true,false,true);
-	var names = params[0]["name"];
-	var tiddlerName = names[0];
-	var className = names[1] ? names[1] : null;
-	var args = params[0]["with"];
-	var wrapper = createTiddlyElement(place,"span",null,className);
-	if(!args)
-		{
-		wrapper.setAttribute("refresh","content");
-		wrapper.setAttribute("tiddler",tiddlerName);
-		}
-	var text = store.getTiddlerText(tiddlerName);
-	if(text)
-		{
-		var stack = config.macros.tiddler.tiddlerStack;
-		if(stack.indexOf(tiddlerName) !== -1)
-			return;
-		stack.push(tiddlerName);
-		try
-			{
-			var n = args ? Math.min(args.length,9) : 0;
-			for(var i=0; i<n; i++) 
-				{
-				var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
-				text = text.replace(placeholderRE,args[i]);
-				}
-			config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
-			}
-		finally
-			{
-			stack.pop();
-			}
-		}
-}
-
-config.macros.tiddler.renderText = function(place,text,tiddlerName,params) 
-{
-	wikify(text,place,null,store.getTiddler(tiddlerName));
+    params = paramString.parseParams("name",null,true,false,true);
+    var names = params[0]["name"];
+    var tiddlerName = names[0];
+    var className = names[1] ? names[1] : null;
+    var args = params[0]["with"];
+    var wrapper = createTiddlyElement(place,"span",null,className);
+    if(!args)
+        {
+        wrapper.setAttribute("refresh","content");
+        wrapper.setAttribute("tiddler",tiddlerName);
+        }
+    var text = store.getTiddlerText(tiddlerName);
+    if(text)
+        {
+        var stack = config.macros.tiddler.tiddlerStack;
+        if(stack.indexOf(tiddlerName) !== -1)
+            return;
+        stack.push(tiddlerName);
+        try
+            {
+            var n = args ? Math.min(args.length,9) : 0;
+            for(var i=0; i<n; i++)
+                {
+                var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+                text = text.replace(placeholderRE,args[i]);
+                }
+            config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+            }
+        finally
+            {
+            stack.pop();
+            }
+        }
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params)
+{
+    wikify(text,place,null,store.getTiddler(tiddlerName));
 }
 
 config.macros.tiddler.tiddlerStack = [];
 
 config.macros.tag.handler = function(place,macroName,params)
 {
-	createTagButton(place,params[0]);
+    createTagButton(place,params[0]);
 }
 
 config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	params = paramString.parseParams("anon",null,true,false,false);
-	var theList = createTiddlyElement(place,"ul");
-	var title = getParam(params,"anon","");
-	if(title && store.tiddlerExists(title))
-		tiddler = store.getTiddler(title);
-	var sep = getParam(params,"sep"," ");
-	var lingo = config.views.wikified.tag;
-	var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
-	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
-	for(var t=0; t<tiddler.tags.length; t++)
-		{
-		createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
-		if(t<tiddler.tags.length-1)
-			createTiddlyText(theList,sep);
-		}
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title && store.tiddlerExists(title))
+        tiddler = store.getTiddler(title);
+    var sep = getParam(params,"sep"," ");
+    var lingo = config.views.wikified.tag;
+    var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+    for(var t=0; t<tiddler.tags.length; t++)
+        {
+        createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+        if(t<tiddler.tags.length-1)
+            createTiddlyText(theList,sep);
+        }
 }
 
 config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	params = paramString.parseParams("anon",null,true,false,false);
-	var theList = createTiddlyElement(place,"ul");
-	var title = getParam(params,"anon","");
-	if(title == "" && tiddler instanceof Tiddler)
-		title = tiddler.title;
-	var sep = getParam(params,"sep"," ");
-	theList.setAttribute("title",this.tooltip.format([title]));
-	var tagged = store.getTaggedTiddlers(title);
-	var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
-	createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
-	for(var t=0; t<tagged.length; t++)
-		{
-		createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
-		if(t<tagged.length-1)
-			createTiddlyText(theList,sep);
-		}
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title == "" && tiddler instanceof Tiddler)
+        title = tiddler.title;
+    var sep = getParam(params,"sep"," ");
+    theList.setAttribute("title",this.tooltip.format([title]));
+    var tagged = store.getTaggedTiddlers(title);
+    var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+    for(var t=0; t<tagged.length; t++)
+        {
+        createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+        if(t<tagged.length-1)
+            createTiddlyText(theList,sep);
+        }
 }
 
 config.macros.closeAll.handler = function(place)
 {
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
 }
 
 config.macros.closeAll.onClick = function(e)
 {
-	story.closeAllTiddlers();
-	return false;
+    story.closeAllTiddlers();
+    return false;
 }
 
 config.macros.permaview.handler = function(place)
 {
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
 }
 
 config.macros.permaview.onClick = function(e)
 {
-	story.permaView();
-	return false;
+    story.permaView();
+    return false;
 }
 
 config.macros.saveChanges.handler = function(place)
 {
-	if(!readOnly)
-		createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+    if(!readOnly)
+        createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
 }
 
 config.macros.saveChanges.onClick = function(e)
 {
-	saveChanges();
-	return false;
+    saveChanges();
+    return false;
 }
 
 config.macros.slider.onClickSlider = function(e)
 {
-	if(!e) var e = window.event;
-	var n = this.nextSibling;
-	var cookie = n.getAttribute("cookie");
-	var isOpen = n.style.display != "none";
-	if(anim && config.options.chkAnimate)
-		anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
-	else
-		n.style.display = isOpen ? "none" : "block";
-	config.options[cookie] = !isOpen;
-	saveOptionCookie(cookie);
-	return false;
+    if(!e) var e = window.event;
+    var n = this.nextSibling;
+    var cookie = n.getAttribute("cookie");
+    var isOpen = n.style.display != "none";
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+    else
+        n.style.display = isOpen ? "none" : "block";
+    config.options[cookie] = !isOpen;
+    saveOptionCookie(cookie);
+    return false;
 }
 
 config.macros.slider.createSlider = function(place,cookie,title,tooltip)
 {
-	var cookie = cookie ? cookie : "";
-	var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
-	var panel = createTiddlyElement(null,"div",null,"sliderPanel");
-	panel.setAttribute("cookie",cookie);
-	panel.style.display = config.options[cookie] ? "block" : "none";
-	place.appendChild(panel);
-	return panel;
+    var cookie = cookie ? cookie : "";
+    var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+    var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+    panel.setAttribute("cookie",cookie);
+    panel.style.display = config.options[cookie] ? "block" : "none";
+    place.appendChild(panel);
+    return panel;
 }
 
 config.macros.slider.handler = function(place,macroName,params)
 {
-	var panel = this.createSlider(place,params[0],params[2],params[3]);
-	var text = store.getTiddlerText(params[1]);
-	panel.setAttribute("refresh", "content");
-	panel.setAttribute("tiddler", params[1]);
-	if(text)
-		wikify(text,panel,null,store.getTiddler(params[1]));
+    var panel = this.createSlider(place,params[0],params[2],params[3]);
+    var text = store.getTiddlerText(params[1]);
+    panel.setAttribute("refresh", "content");
+    panel.setAttribute("tiddler", params[1]);
+    if(text)
+        wikify(text,panel,null,store.getTiddler(params[1]));
 }
 
 config.macros.option.onChangeOption = function(e)
 {
-	var opt = this.getAttribute("option");
-	var elementType,valueField;
-	if(opt)
-		{
-		switch(opt.substr(0,3))
-			{
-			case "txt":
-				elementType = "input";
-				valueField = "value";
-				break;
-			case "chk":
-				elementType = "input";
-				valueField = "checked";
-				break;
-			}
-		config.options[opt] = this[valueField];
-		saveOptionCookie(opt);
-		var nodes = document.getElementsByTagName(elementType);
-		for(var t=0; t<nodes.length; t++)
-			{
-			var optNode = nodes[t].getAttribute("option");
-			if(opt == optNode)
-				nodes[t][valueField] = this[valueField];
-			}
-		}
-	return(true);
+    var opt = this.getAttribute("option");
+    var elementType,valueField;
+    if(opt)
+        {
+        switch(opt.substr(0,3))
+            {
+            case "txt":
+                elementType = "input";
+                valueField = "value";
+                break;
+            case "chk":
+                elementType = "input";
+                valueField = "checked";
+                break;
+            }
+        config.options[opt] = this[valueField];
+        saveOptionCookie(opt);
+        var nodes = document.getElementsByTagName(elementType);
+        for(var t=0; t<nodes.length; t++)
+            {
+            var optNode = nodes[t].getAttribute("option");
+            if(opt == optNode)
+                nodes[t][valueField] = this[valueField];
+            }
+        }
+    return(true);
 }
 
 config.macros.option.handler = function(place,macroName,params)
 {
-	var opt = params[0];
-	if(config.options[opt] == undefined)
-		return;
-	var c;
-	switch(opt.substr(0,3))
-		{
-		case "txt":
-			c = document.createElement("input");
-			c.onkeyup = this.onChangeOption;
-			c.setAttribute("option",opt);
-			c.className = "txtOptionInput";
-			place.appendChild(c);
-			c.value = config.options[opt];
-			break;
-		case "chk":
-			c = document.createElement("input");
-			c.setAttribute("type","checkbox");
-			c.onclick = this.onChangeOption;
-			c.setAttribute("option",opt);
-			c.className = "chkOptionInput";
-			place.appendChild(c);
-			c.checked = config.options[opt];
-			break;
-		}
+    var opt = params[0];
+    if(config.options[opt] == undefined)
+        return;
+    var c;
+    switch(opt.substr(0,3))
+        {
+        case "txt":
+            c = document.createElement("input");
+            c.onkeyup = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "txtOptionInput";
+            place.appendChild(c);
+            c.value = config.options[opt];
+            break;
+        case "chk":
+            c = document.createElement("input");
+            c.setAttribute("type","checkbox");
+            c.onclick = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "chkOptionInput";
+            place.appendChild(c);
+            c.checked = config.options[opt];
+            break;
+        }
 }
 
 
 
 config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
 {
-	var tags = [];
-	for(var t=1; t<params.length; t++)
-		if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
-			tags.push(params[t].value);
-	label = getParam(params,"label",label);
-	prompt = getParam(params,"prompt",prompt);
-	accessKey = getParam(params,"accessKey",accessKey);
-	newFocus = getParam(params,"focus",newFocus);
-	var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
-	btn.setAttribute("newTitle",title);
-	btn.setAttribute("isJournal",isJournal);
-	btn.setAttribute("params",tags.join("|"));
-	btn.setAttribute("newFocus",newFocus);
-	btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
-	var text = getParam(params,"text");
-	if(text !== undefined) 
-		btn.setAttribute("newText",text);
-	return btn;
+    var tags = [];
+    for(var t=1; t<params.length; t++)
+        if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+            tags.push(params[t].value);
+    label = getParam(params,"label",label);
+    prompt = getParam(params,"prompt",prompt);
+    accessKey = getParam(params,"accessKey",accessKey);
+    newFocus = getParam(params,"focus",newFocus);
+    var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+    btn.setAttribute("newTitle",title);
+    btn.setAttribute("isJournal",isJournal);
+    btn.setAttribute("params",tags.join("|"));
+    btn.setAttribute("newFocus",newFocus);
+    btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+    var text = getParam(params,"text");
+    if(text !== undefined)
+        btn.setAttribute("newText",text);
+    return btn;
 }
 
 config.macros.newTiddler.onClickNewTiddler = function()
 {
-	var title = this.getAttribute("newTitle");
-	if(this.getAttribute("isJournal"))
-		{
-		var now = new Date();
-		title = now.formatString(title.trim());
-		}
-	var params = this.getAttribute("params").split("|");
-	var focus = this.getAttribute("newFocus");
-	var template = this.getAttribute("newTemplate");
-	story.displayTiddler(null,title,template);
-	var text = this.getAttribute("newText");
-	if(typeof text == "string")
-		story.getTiddlerField(title,"text").value = text.format([title]);
-	for(var t=0;t<params.length;t++)
-		story.setTiddlerTag(title,params[t],+1);
-	story.focusTiddler(title,focus);
-	return false;
+    var title = this.getAttribute("newTitle");
+    if(this.getAttribute("isJournal"))
+        {
+        var now = new Date();
+        title = now.formatString(title.trim());
+        }
+    var params = this.getAttribute("params").split("|");
+    var focus = this.getAttribute("newFocus");
+    var template = this.getAttribute("newTemplate");
+    story.displayTiddler(null,title,template);
+    var text = this.getAttribute("newText");
+    if(typeof text == "string")
+        story.getTiddlerField(title,"text").value = text.format([title]);
+    for(var t=0;t<params.length;t++)
+        story.setTiddlerTag(title,params[t],+1);
+    story.focusTiddler(title,focus);
+    return false;
 }
 
 config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	if(!readOnly)
-		{
-		params = paramString.parseParams("anon",null,true,false,false);
-		var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
-		title = getParam(params,"title",title);
-		this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
-		}
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+        title = getParam(params,"title",title);
+        this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+        }
 }
 
 config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	if(!readOnly)
-		{
-		params = paramString.parseParams("anon",null,true,false,false);
-		var title = params[1] && params[1].name == "anon" ? params[1].value : "";
-		title = getParam(params,"title",title);
-		config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
-		}
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+        title = getParam(params,"title",title);
+        config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+        }
 }
 
 config.macros.sparkline.handler = function(place,macroName,params)
 {
-	var data = [];
-	var min = 0;
-	var max = 0;
-	for(var t=0; t<params.length; t++)
-		{
-		var v = parseInt(params[t]);
-		if(v < min)
-			min = v;
-		if(v > max)
-			max = v;
-		data.push(v);
-		}
-	if(data.length < 1)
-		return;
-	var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
-	box.title = data.join(",");
-	var w = box.offsetWidth;
-	var h = box.offsetHeight;
-	box.style.paddingRight = (data.length * 2 - w) + "px";
-	box.style.position = "relative";
-	for(var d=0; d<data.length; d++)
-		{
-		var tick = document.createElement("img");
-		tick.border = 0;
-		tick.className = "sparktick";
-		tick.style.position = "absolute";
-		tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
-		tick.style.left = d*2 + "px";
-		tick.style.width = "2px";
-		var v = Math.floor(((data[d] - min)/(max-min)) * h);
-		tick.style.top = (h-v) + "px";
-		tick.style.height = v + "px";
-		box.appendChild(tick);
-		}
+    var data = [];
+    var min = 0;
+    var max = 0;
+    for(var t=0; t<params.length; t++)
+        {
+        var v = parseInt(params[t]);
+        if(v < min)
+            min = v;
+        if(v > max)
+            max = v;
+        data.push(v);
+        }
+    if(data.length < 1)
+        return;
+    var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+    box.title = data.join(",");
+    var w = box.offsetWidth;
+    var h = box.offsetHeight;
+    box.style.paddingRight = (data.length * 2 - w) + "px";
+    box.style.position = "relative";
+    for(var d=0; d<data.length; d++)
+        {
+        var tick = document.createElement("img");
+        tick.border = 0;
+        tick.className = "sparktick";
+        tick.style.position = "absolute";
+        tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+        tick.style.left = d*2 + "px";
+        tick.style.width = "2px";
+        var v = Math.floor(((data[d] - min)/(max-min)) * h);
+        tick.style.top = (h-v) + "px";
+        tick.style.height = v + "px";
+        box.appendChild(tick);
+        }
 }
 
 config.macros.tabs.handler = function(place,macroName,params)
 {
-	var cookie = params[0];
-	var numTabs = (params.length-1)/3;
-	var wrapper = createTiddlyElement(null,"div",null,cookie);
-	var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
-	tabset.setAttribute("cookie",cookie);
-	var validTab = false;
-	for(var t=0; t<numTabs; t++)
-		{
-		var label = params[t*3+1];
-		var prompt = params[t*3+2];
-		var content = params[t*3+3];
-		var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
-		tab.setAttribute("tab",label);
-		tab.setAttribute("content",content);
-		tab.title = prompt;
-		if(config.options[cookie] == label)
-			validTab = true;
-		}
-	if(!validTab)
-		config.options[cookie] = params[1];
-	place.appendChild(wrapper);
-	this.switchTab(tabset,config.options[cookie]);
+    var cookie = params[0];
+    var numTabs = (params.length-1)/3;
+    var wrapper = createTiddlyElement(null,"div",null,cookie);
+    var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+    tabset.setAttribute("cookie",cookie);
+    var validTab = false;
+    for(var t=0; t<numTabs; t++)
+        {
+        var label = params[t*3+1];
+        var prompt = params[t*3+2];
+        var content = params[t*3+3];
+        var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+        tab.setAttribute("tab",label);
+        tab.setAttribute("content",content);
+        tab.title = prompt;
+        if(config.options[cookie] == label)
+            validTab = true;
+        }
+    if(!validTab)
+        config.options[cookie] = params[1];
+    place.appendChild(wrapper);
+    this.switchTab(tabset,config.options[cookie]);
 }
 
 config.macros.tabs.onClickTab = function(e)
 {
-	config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
-	return false;
+    config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+    return false;
 }
 
 config.macros.tabs.switchTab = function(tabset,tab)
 {
-	var cookie = tabset.getAttribute("cookie");
-	var theTab = null
-	var nodes = tabset.childNodes;
-	for(var t=0; t<nodes.length; t++)
-		if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
-			{
-			theTab = nodes[t];
-			theTab.className = "tab tabSelected";
-			}
-		else
-			nodes[t].className = "tab tabUnselected"
-	if(theTab)
-		{
-		if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
-			tabset.parentNode.removeChild(tabset.nextSibling);
-		var tabContent = createTiddlyElement(null,"div",null,"tabContents");
-		tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
-		var contentTitle = theTab.getAttribute("content");
-		wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
-		if(cookie)
-			{
-			config.options[cookie] = tab;
-			saveOptionCookie(cookie);
-			}
-		}
+    var cookie = tabset.getAttribute("cookie");
+    var theTab = null
+    var nodes = tabset.childNodes;
+    for(var t=0; t<nodes.length; t++)
+        if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+            {
+            theTab = nodes[t];
+            theTab.className = "tab tabSelected";
+            }
+        else
+            nodes[t].className = "tab tabUnselected"
+    if(theTab)
+        {
+        if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+            tabset.parentNode.removeChild(tabset.nextSibling);
+        var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+        tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+        var contentTitle = theTab.getAttribute("content");
+        wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+        if(cookie)
+            {
+            config.options[cookie] = tab;
+            saveOptionCookie(cookie);
+            }
+        }
 }
 
 // <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
 config.macros.gradient.handler = function(place,macroName,params,wikifier)
 {
-	var terminator = ">>";
-	var panel;
-	if(wikifier)
-		panel = createTiddlyElement(place,"div",null,"gradient");
-	else
-		panel = place;
-	panel.style.position = "relative";
-	panel.style.overflow = "hidden";
-	panel.style.zIndex = "0";
-	var t;
-	if(wikifier)
-		{
-		var styles = config.formatterHelpers.inlineCssHelper(wikifier);
-		config.formatterHelpers.applyCssHelper(panel,styles);
-		}
-	var colours = [];
-	for(t=1; t<params.length; t++)
-		{
-		var c = new RGB(params[t]);
-		if(c)
-			colours.push(c);
-		}
-	drawGradient(panel,params[0] != "vert",colours);
-	if(wikifier)
-		wikifier.subWikify(panel,terminator);
-	if(document.all)
-		{
-		panel.style.height = "100%";
-		panel.style.width = "100%";
-		}
+    var terminator = ">>";
+    var panel;
+    if(wikifier)
+        panel = createTiddlyElement(place,"div",null,"gradient");
+    else
+        panel = place;
+    panel.style.position = "relative";
+    panel.style.overflow = "hidden";
+    panel.style.zIndex = "0";
+    var t;
+    if(wikifier)
+        {
+        var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+        config.formatterHelpers.applyCssHelper(panel,styles);
+        }
+    var colours = [];
+    for(t=1; t<params.length; t++)
+        {
+        var c = new RGB(params[t]);
+        if(c)
+            colours.push(c);
+        }
+    drawGradient(panel,params[0] != "vert",colours);
+    if(wikifier)
+        wikifier.subWikify(panel,terminator);
+    if(document.all)
+        {
+        panel.style.height = "100%";
+        panel.style.width = "100%";
+        }
 }
 
 config.macros.message.handler = function(place,macroName,params)
 {
-	if(params[0])
-		{
-		var m = config;
-		var p = params[0].split(".");
-		for(var t=0; t<p.length; t++)
-			{
-			if(p[t] in m)
-				m = m[p[t]];
-			else
-				break;
-			}
-		createTiddlyText(place,m.toString().format(params.splice(1)));
-		}
+    if(params[0])
+        {
+        var m = config;
+        var p = params[0].split(".");
+        for(var t=0; t<p.length; t++)
+            {
+            if(p[t] in m)
+                m = m[p[t]];
+            else
+                break;
+            }
+        createTiddlyText(place,m.toString().format(params.splice(1)));
+        }
 }
 
 config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	if((tiddler instanceof Tiddler) && params[0])
-		{
-		var value = store.getValue(tiddler,params[0]);
-		if(value != undefined)
-			switch(params[1])
-				{
-				case undefined:
-					highlightify(value,place,highlightHack);
-					break;
-				case "link":
-					createTiddlyLink(place,value,true);
-					break;
-				case "wikified":
-					wikify(value,place,highlightHack,tiddler);
-					break;
-				case "date":
-					value = Date.convertFromYYYYMMDDHHMM(value);
-					if(params[2])
-						createTiddlyText(place,value.formatString(params[2]));
-					else
-						createTiddlyText(place,value);
-					break;
-				}
-		}
+    if((tiddler instanceof Tiddler) && params[0])
+        {
+        var value = store.getValue(tiddler,params[0]);
+        if(value != undefined)
+            switch(params[1])
+                {
+                case undefined:
+                    highlightify(value,place,highlightHack);
+                    break;
+                case "link":
+                    createTiddlyLink(place,value,true);
+                    break;
+                case "wikified":
+                    wikify(value,place,highlightHack,tiddler);
+                    break;
+                case "date":
+                    value = Date.convertFromYYYYMMDDHHMM(value);
+                    if(params[2])
+                        createTiddlyText(place,value.formatString(params[2]));
+                    else
+                        createTiddlyText(place,value);
+                    break;
+                }
+        }
 }
 
 config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	var field = params[0];
-	if((tiddler instanceof Tiddler) && field)
-		{
-		story.setDirty(tiddler.title,true);
-		if(field != "text")
-			{
-				var e = createTiddlyElement(null,"input");
-				if(tiddler.isReadOnly())
-					e.setAttribute("readOnly","readOnly");
-				e.setAttribute("edit",field);
-				e.setAttribute("type","text");
-				var v = store.getValue(tiddler,field);
-				if(!v) 
-					v = "";
-				e.value = v;
-				e.setAttribute("size","40");
-				e.setAttribute("autocomplete","off");
-				place.appendChild(e);
-			}
-		else
-			{
-				var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
-				var wrapper2 = createTiddlyElement(wrapper1,"div");
-				var e = createTiddlyElement(wrapper2,"textarea");
-				if(tiddler.isReadOnly())
-					e.setAttribute("readOnly","readOnly");
-				var v = store.getValue(tiddler,field);
-				if(!v) 
-					v = "";
-				e.value = v;
-				var rows = 10;
-				var lines = v.match(/\n/mg);
-				var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
-				if(lines != null && lines.length > rows)
-					rows = lines.length + 5;
-				rows = Math.min(rows,maxLines);
-				e.setAttribute("rows",rows);
-				e.setAttribute("edit",field);
-				place.appendChild(wrapper1);
-			}
-		}
+    var field = params[0];
+    if((tiddler instanceof Tiddler) && field)
+        {
+        story.setDirty(tiddler.title,true);
+        if(field != "text")
+            {
+                var e = createTiddlyElement(null,"input");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                e.setAttribute("edit",field);
+                e.setAttribute("type","text");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                e.setAttribute("size","40");
+                e.setAttribute("autocomplete","off");
+                place.appendChild(e);
+            }
+        else
+            {
+                var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+                var wrapper2 = createTiddlyElement(wrapper1,"div");
+                var e = createTiddlyElement(wrapper2,"textarea");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                var rows = 10;
+                var lines = v.match(/\n/mg);
+                var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+                if(lines != null && lines.length > rows)
+                    rows = lines.length + 5;
+                rows = Math.min(rows,maxLines);
+                e.setAttribute("rows",rows);
+                e.setAttribute("edit",field);
+                place.appendChild(wrapper1);
+            }
+        }
 }
 
 config.macros.tagChooser.onClick = function(e)
 {
-	if(!e) var e = window.event;
-	var lingo = config.views.editor.tagChooser;
-	var popup = Popup.create(this);
-	var tags = store.getTags();
-	if(tags.length == 0)
-		createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
-	for(var t=0; t<tags.length; t++)
-		{
-		var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
-		theTag.setAttribute("tag",tags[t][0]);
-		theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
-		}
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if(e.stopPropagation) e.stopPropagation();
-	return(false);
+    if(!e) var e = window.event;
+    var lingo = config.views.editor.tagChooser;
+    var popup = Popup.create(this);
+    var tags = store.getTags();
+    if(tags.length == 0)
+        createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+        theTag.setAttribute("tag",tags[t][0]);
+        theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if(e.stopPropagation) e.stopPropagation();
+    return(false);
 }
 
 config.macros.tagChooser.onTagClick = function(e)
 {
-	if(!e) var e = window.event;
-	var tag = this.getAttribute("tag");
-	var title = this.getAttribute("tiddler");
-	if(!readOnly)
-		story.setTiddlerTag(title,tag,0);
-	return(false);
+    if(!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(!readOnly)
+        story.setTiddlerTag(title,tag,0);
+    return(false);
 }
 
 config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	if(tiddler instanceof Tiddler)
-		{
-		var title = tiddler.title;
-		var lingo = config.views.editor.tagChooser;
-		var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
-		btn.setAttribute("tiddler", title);
-		}
+    if(tiddler instanceof Tiddler)
+        {
+        var title = tiddler.title;
+        var lingo = config.views.editor.tagChooser;
+        var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+        btn.setAttribute("tiddler", title);
+        }
 }
 
 // Create a toolbar command button
@@ -2449,337 +2449,337 @@
 // theClass - the class to give the button
 config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
 {
-	if(typeof commandName != "string")
-		{
-		var c = null;
-		for(var t in config.commands)
-			if(config.commands[t] == commandName)
-				c = t;
-		commandName = c;
-		}
-	if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
-		{
-		var title = tiddler.title;
-		var command = config.commands[commandName];
-		var ro = tiddler.isReadOnly();
-		var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
-		var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
-		var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
-		if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
-
-			{
-			var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
-			btn.setAttribute("commandName", commandName);
-			btn.setAttribute("tiddler", title);
-			if(theClass)
-				addClass(btn,theClass);
-			place.appendChild(btn);
-			}
-		}
+    if(typeof commandName != "string")
+        {
+        var c = null;
+        for(var t in config.commands)
+            if(config.commands[t] == commandName)
+                c = t;
+        commandName = c;
+        }
+    if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+        {
+        var title = tiddler.title;
+        var command = config.commands[commandName];
+        var ro = tiddler.isReadOnly();
+        var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+        var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+        var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+        if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+            {
+            var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+            btn.setAttribute("commandName", commandName);
+            btn.setAttribute("tiddler", title);
+            if(theClass)
+                addClass(btn,theClass);
+            place.appendChild(btn);
+            }
+        }
 }
 
 config.macros.toolbar.onClickCommand = function(e)
 {
-	if(!e) var e = window.event;
-	var command = config.commands[this.getAttribute("commandName")];
-	return command.handler(e,this,this.getAttribute("tiddler"));
+    if(!e) var e = window.event;
+    var command = config.commands[this.getAttribute("commandName")];
+    return command.handler(e,this,this.getAttribute("tiddler"));
 }
 
 // Invoke the first command encountered from a given place that is tagged with a specified class
 config.macros.toolbar.invokeCommand = function(place,theClass,event)
 {
-	var children = place.getElementsByTagName("a")
-	for(var t=0; t<children.length; t++)
-		{
-		var c = children[t];
-		if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
-			{
-			if(c.onclick instanceof Function)
-				c.onclick.call(c,event);
-			break;
-			}
-		}
+    var children = place.getElementsByTagName("a")
+    for(var t=0; t<children.length; t++)
+        {
+        var c = children[t];
+        if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+            {
+            if(c.onclick instanceof Function)
+                c.onclick.call(c,event);
+            break;
+            }
+        }
 }
 
 config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	for(var t=0; t<params.length; t++)
-		{
-		var c = params[t];
-		var theClass = "";
-		switch(c.substr(0,1))
-			{
-			case "+":
-				theClass = "defaultCommand";
-				c = c.substr(1);
-				break;
-			case "-":
-				theClass = "cancelCommand";
-				c = c.substr(1);
-				break;
-			}
-		if(c in config.commands)
-			this.createCommand(place,c,tiddler,theClass);
-		}
+    for(var t=0; t<params.length; t++)
+        {
+        var c = params[t];
+        var theClass = "";
+        switch(c.substr(0,1))
+            {
+            case "+":
+                theClass = "defaultCommand";
+                c = c.substr(1);
+                break;
+            case "-":
+                theClass = "cancelCommand";
+                c = c.substr(1);
+                break;
+            }
+        if(c in config.commands)
+            this.createCommand(place,c,tiddler,theClass);
+        }
 }
 
 config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	var e = createTiddlyElement(place,"div");
-	e.setAttribute("refresh","macro");
-	e.setAttribute("macroName","plugins");
-	e.setAttribute("params",paramString);
-	this.refresh(e,paramString);
+    var e = createTiddlyElement(place,"div");
+    e.setAttribute("refresh","macro");
+    e.setAttribute("macroName","plugins");
+    e.setAttribute("params",paramString);
+    this.refresh(e,paramString);
 }
 
 config.macros.plugins.refresh = function(place,params)
 {
-	var selectedRows = [];
-	ListView.forEachSelector(place,function(e,rowName) {
-			if(e.checked)
-				selectedRows.push(e.getAttribute("rowName"));
-		});
-	removeChildren(place);
-	params = params.parseParams("anon");
-	var plugins = installedPlugins.slice(0);
-	var t,tiddler,p;
-	var configTiddlers = store.getTaggedTiddlers("systemConfig");
-	for(t=0; t<configTiddlers.length; t++)
-		{
-		tiddler = configTiddlers[t];
-		if(plugins.findByField("title",tiddler.title) == null)
-			{
-			p = getPluginInfo(tiddler);
-			p.executed = false;
-			p.log.splice(0,0,this.skippedText);
-			plugins.push(p);
-			}
-		}
-	for(t=0; t<plugins.length; t++)
-		{
-		var p = plugins[t];
-		p.forced = p.tiddler.isTagged("systemConfigForce");
-		p.disabled = p.tiddler.isTagged("systemConfigDisable");
-		p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
-		}
-	if(plugins.length == 0)
-		createTiddlyElement(place,"em",null,null,this.noPluginText);
-	else
-		ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+    var selectedRows = [];
+    ListView.forEachSelector(place,function(e,rowName) {
+            if(e.checked)
+                selectedRows.push(e.getAttribute("rowName"));
+        });
+    removeChildren(place);
+    params = params.parseParams("anon");
+    var plugins = installedPlugins.slice(0);
+    var t,tiddler,p;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    for(t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        if(plugins.findByField("title",tiddler.title) == null)
+            {
+            p = getPluginInfo(tiddler);
+            p.executed = false;
+            p.log.splice(0,0,this.skippedText);
+            plugins.push(p);
+            }
+        }
+    for(t=0; t<plugins.length; t++)
+        {
+        var p = plugins[t];
+        p.forced = p.tiddler.isTagged("systemConfigForce");
+        p.disabled = p.tiddler.isTagged("systemConfigDisable");
+        p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+        }
+    if(plugins.length == 0)
+        createTiddlyElement(place,"em",null,null,this.noPluginText);
+    else
+        ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
 }
 
 config.macros.plugins.onSelectCommand = function(command,rowNames)
 {
-	var t;
-	switch(command)
-		{
-		case "remove":
-			for(t=0; t<rowNames.length; t++)
-				store.setTiddlerTag(rowNames[t],false,"systemConfig");
-			break;
-		case "delete":
-			if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
-				{
-				for(t=0; t<rowNames.length; t++)
-					{
-					store.removeTiddler(rowNames[t]);
-					story.closeTiddler(rowNames[t],true,false);
-					}
-				}
-			break;
-		}
-	if(config.options.chkAutoSave)
-		saveChanges(true);
+    var t;
+    switch(command)
+        {
+        case "remove":
+            for(t=0; t<rowNames.length; t++)
+                store.setTiddlerTag(rowNames[t],false,"systemConfig");
+            break;
+        case "delete":
+            if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+                {
+                for(t=0; t<rowNames.length; t++)
+                    {
+                    store.removeTiddler(rowNames[t]);
+                    story.closeTiddler(rowNames[t],true,false);
+                    }
+                }
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
 }
 
 config.macros.refreshDisplay.handler = function(place)
 {
-	createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
 }
 
 config.macros.refreshDisplay.onClick = function(e)
 {
-	refreshAll();
-	return false;
+    refreshAll();
+    return false;
 }
 
 config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
 {
-	if(readOnly)
-		{
-		createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
-		return;
-		}
-	var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
-	createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
-	createTiddlyElement(importer,"h2",null,"step1",this.step1);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	createTiddlyText(step,this.step1prompt);
-	var input = createTiddlyElement(null,"input",null,"txtOptionInput");
-	input.type = "text";
-	input.size = 50;
-	step.appendChild(input);
-	importer.inputBox = input;
-	createTiddlyElement(step,"br");
-	createTiddlyText(step,this.step1promptFile);
-	var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
-	fileInput.type = "file";
-	fileInput.size = 50;
-	fileInput.onchange = this.onBrowseChange;
-	fileInput.onkeyup = this.onBrowseChange;
-	step.appendChild(fileInput);
-	createTiddlyElement(step,"br");
-	createTiddlyText(step,this.step1promptFeeds);
-	var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
-	createTiddlyDropDown(step,this.onFeedChange,feeds);
-	createTiddlyElement(step,"br");
-	createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+    if(readOnly)
+        {
+        createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+        return;
+        }
+    var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+    createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+    createTiddlyElement(importer,"h2",null,"step1",this.step1);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    createTiddlyText(step,this.step1prompt);
+    var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+    input.type = "text";
+    input.size = 50;
+    step.appendChild(input);
+    importer.inputBox = input;
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFile);
+    var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+    fileInput.type = "file";
+    fileInput.size = 50;
+    fileInput.onchange = this.onBrowseChange;
+    fileInput.onkeyup = this.onBrowseChange;
+    step.appendChild(fileInput);
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFeeds);
+    var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+    createTiddlyDropDown(step,this.onFeedChange,feeds);
+    createTiddlyElement(step,"br");
+    createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
         place.appendChild(importer);
 }
 
 config.macros.importTiddlers.getFeeds = function(feeds)
 {
-	var tagged = store.getTaggedTiddlers("contentPublisher","title");
-	for(var t=0; t<tagged.length; t++)
-		feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
-	return feeds;
+    var tagged = store.getTaggedTiddlers("contentPublisher","title");
+    for(var t=0; t<tagged.length; t++)
+        feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+    return feeds;
 }
 
 config.macros.importTiddlers.onFeedChange = function(e)
 {
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	importer.inputBox.value = this.value;
-	this.selectedIndex = 0;
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = this.value;
+    this.selectedIndex = 0;
 }
 
 config.macros.importTiddlers.onBrowseChange = function(e)
 {
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	importer.inputBox.value = "file://" + this.value;
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = "file://" + this.value;
 }
 
 config.macros.importTiddlers.onFetch = function(e)
 {
-	var importer = findRelated(this,"importTiddler","className","parentNode");
-	var url = importer.inputBox.value;
-	var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
-	while(cutoff)
-		{
-		var temp = cutoff.nextSibling;
-		cutoff.parentNode.removeChild(cutoff);
-		cutoff = temp;
-		}
-	createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
-	loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    var url = importer.inputBox.value;
+    var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+    while(cutoff)
+        {
+        var temp = cutoff.nextSibling;
+        cutoff.parentNode.removeChild(cutoff);
+        cutoff = temp;
+        }
+    createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+    loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
 }
 
 config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
 {
-	if(!status)
-		{
-		displayMessage(this.fetchError);
-		return;
-		}
-	var importer = params;
-	// Check that the tiddler we're in hasn't been closed - doesn't work on IE
-//	var p = importer;
-//	while(p.parentNode)
-//		p = p.parentNode;
-//	if(!(p instanceof HTMLDocument))
-//		return;
-	// Crack out the content - (should be refactored)
-	var posOpeningDiv = responseText.indexOf(startSaveArea);
-	var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
-	var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
-	if((posOpeningDiv == -1) || (posClosingDiv == -1))
-		{
-		alert(config.messages.invalidFileError.format([url]));
-		return;
-		}
-	var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
-	// Create the iframe
-	var iframe = document.createElement("iframe");
-	iframe.style.display = "none";
-	importer.insertBefore(iframe,importer.firstChild);
-	var doc = iframe.document;
-	if(iframe.contentDocument)
-		doc = iframe.contentDocument; // For NS6
-	else if(iframe.contentWindow)
-		doc = iframe.contentWindow.document; // For IE5.5 and IE6
-	// Put the content in the iframe
-	doc.open();
-	doc.writeln(content);
-	doc.close();
-	// Load the content into a TiddlyWiki() object
-	var storeArea = doc.getElementById("storeArea");
-	var importStore = new TiddlyWiki();
-	importStore.loadFromDiv(storeArea,"store");
-	// Get rid of the iframe
-	iframe.parentNode.removeChild(iframe);
-	// Extract data for the listview
-	var tiddlers = [];
-	importStore.forEachTiddler(function(title,tiddler)
-		{
-		var t = {};
-		t.title = title;
-		t.modified = tiddler.modified;
-		t.modifier = tiddler.modifier;
-		t.text = tiddler.text.substr(0,50);
-		t.tags = tiddler.tags;
-		tiddlers.push(t);
-		});
-	// Display the listview
-	createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
-	// Save the importer
-	importer.store = importStore;
+    if(!status)
+        {
+        displayMessage(this.fetchError);
+        return;
+        }
+    var importer = params;
+    // Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//  var p = importer;
+//  while(p.parentNode)
+//      p = p.parentNode;
+//  if(!(p instanceof HTMLDocument))
+//      return;
+    // Crack out the content - (should be refactored)
+    var posOpeningDiv = responseText.indexOf(startSaveArea);
+    var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([url]));
+        return;
+        }
+    var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+    // Create the iframe
+    var iframe = document.createElement("iframe");
+    iframe.style.display = "none";
+    importer.insertBefore(iframe,importer.firstChild);
+    var doc = iframe.document;
+    if(iframe.contentDocument)
+        doc = iframe.contentDocument; // For NS6
+    else if(iframe.contentWindow)
+        doc = iframe.contentWindow.document; // For IE5.5 and IE6
+    // Put the content in the iframe
+    doc.open();
+    doc.writeln(content);
+    doc.close();
+    // Load the content into a TiddlyWiki() object
+    var storeArea = doc.getElementById("storeArea");
+    var importStore = new TiddlyWiki();
+    importStore.loadFromDiv(storeArea,"store");
+    // Get rid of the iframe
+    iframe.parentNode.removeChild(iframe);
+    // Extract data for the listview
+    var tiddlers = [];
+    importStore.forEachTiddler(function(title,tiddler)
+        {
+        var t = {};
+        t.title = title;
+        t.modified = tiddler.modified;
+        t.modifier = tiddler.modifier;
+        t.text = tiddler.text.substr(0,50);
+        t.tags = tiddler.tags;
+        tiddlers.push(t);
+        });
+    // Display the listview
+    createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+    // Save the importer
+    importer.store = importStore;
 }
 
 config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
 {
-	var importer = findRelated(listView,"importTiddler","className","parentNode");
-	switch(command)
-		{
-		case "import":
-			config.macros.importTiddlers.doImport(importer,rowNames);
-			break;
-		}
-	if(config.options.chkAutoSave)
-		saveChanges(true);
+    var importer = findRelated(listView,"importTiddler","className","parentNode");
+    switch(command)
+        {
+        case "import":
+            config.macros.importTiddlers.doImport(importer,rowNames);
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
 }
 
 config.macros.importTiddlers.doImport = function(importer,rowNames)
 {
-	var theStore = importer.store;
-	var overwrite = new Array();
-	var t;
-	for(t=0; t<rowNames.length; t++)
-		{
-		if(store.tiddlerExists(rowNames[t]))
-			overwrite.push(rowNames[t]);
-	}
-	if(overwrite.length > 0)
-		if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
-			return;
-	for(t=0; t<rowNames.length; t++)
-		{
-		var inbound = theStore.fetchTiddler(rowNames[t]);
-		store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
-		store.fetchTiddler(inbound.title).created = inbound.created;
-		store.notify(rowNames[t],false);
-		}
-	store.notifyAll();
-	store.setDirty(true);
-	createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
-	var step = createTiddlyElement(importer,"div",null,"wizardStep");
-	for(t=0; t<rowNames.length; t++)
-		{
-		createTiddlyLink(step,rowNames[t],true);
-		createTiddlyElement(step,"br");
-		}
-	createTiddlyElement(importer,"h2",null,"step5",this.step5);
+    var theStore = importer.store;
+    var overwrite = new Array();
+    var t;
+    for(t=0; t<rowNames.length; t++)
+        {
+        if(store.tiddlerExists(rowNames[t]))
+            overwrite.push(rowNames[t]);
+    }
+    if(overwrite.length > 0)
+        if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+            return;
+    for(t=0; t<rowNames.length; t++)
+        {
+        var inbound = theStore.fetchTiddler(rowNames[t]);
+        store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+        store.fetchTiddler(inbound.title).created = inbound.created;
+        store.notify(rowNames[t],false);
+        }
+    store.notifyAll();
+    store.setDirty(true);
+    createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    for(t=0; t<rowNames.length; t++)
+        {
+        createTiddlyLink(step,rowNames[t],true);
+        createTiddlyElement(step,"br");
+        }
+    createTiddlyElement(importer,"h2",null,"step5",this.step5);
 }
 // ---------------------------------------------------------------------------------
 // Menu and toolbar commands
@@ -2787,100 +2787,100 @@
 
 config.commands.closeTiddler.handler = function(event,src,title)
 {
-	story.closeTiddler(title,true,event.shiftKey || event.altKey);
-	return false;
+    story.closeTiddler(title,true,event.shiftKey || event.altKey);
+    return false;
 }
 
 config.commands.closeOthers.handler = function(event,src,title)
 {
-	story.closeAllTiddlers(title);
-	return false;
+    story.closeAllTiddlers(title);
+    return false;
 }
 
 config.commands.editTiddler.handler = function(event,src,title)
 {
-	clearMessage();
-	story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-	story.focusTiddler(title,"text");
-	return false;
+    clearMessage();
+    story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+    story.focusTiddler(title,"text");
+    return false;
 }
 
 config.commands.saveTiddler.handler = function(event,src,title)
 {
-	var newTitle = story.saveTiddler(title,event.shiftKey);
-	if(newTitle)
-	   story.displayTiddler(null,newTitle);
-	return false;
+    var newTitle = story.saveTiddler(title,event.shiftKey);
+    if(newTitle)
+       story.displayTiddler(null,newTitle);
+    return false;
 }
 
 config.commands.cancelTiddler.handler = function(event,src,title)
 {
-	if(story.hasChanges(title) && !readOnly)
-		if(!confirm(this.warning.format([title])))
-			return false;
-	story.setDirty(title,false);
-	story.displayTiddler(null,title);
-	return false;
+    if(story.hasChanges(title) && !readOnly)
+        if(!confirm(this.warning.format([title])))
+            return false;
+    story.setDirty(title,false);
+    story.displayTiddler(null,title);
+    return false;
 }
 
 config.commands.deleteTiddler.handler = function(event,src,title)
 {
-	var deleteIt = true;
-	if (config.options.chkConfirmDelete)
-		deleteIt = confirm(this.warning.format([title]));
-	if (deleteIt)
-		{
-		store.removeTiddler(title);
-		story.closeTiddler(title,true,event.shiftKey || event.altKey);
-		if(config.options.chkAutoSave)
-			saveChanges();
-		}
-	return false;
+    var deleteIt = true;
+    if (config.options.chkConfirmDelete)
+        deleteIt = confirm(this.warning.format([title]));
+    if (deleteIt)
+        {
+        store.removeTiddler(title);
+        story.closeTiddler(title,true,event.shiftKey || event.altKey);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        }
+    return false;
 }
 
 config.commands.permalink.handler = function(event,src,title)
 {
-	var t = encodeURIComponent(String.encodeTiddlyLink(title));
-	if(window.location.hash != t)
-		window.location.hash = t;
-	return false;
+    var t = encodeURIComponent(String.encodeTiddlyLink(title));
+    if(window.location.hash != t)
+        window.location.hash = t;
+    return false;
 }
 
 config.commands.references.handler = function(event,src,title)
 {
-	var popup = Popup.create(src);
-	if(popup)
-		{
-		var references = store.getReferringTiddlers(title);
-		var c = false;
-		for(var r=0; r<references.length; r++)
-			if(references[r].title != title && !references[r].isTagged("excludeLists"))
-				{
-				createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
-				c = true;
-				}
-		if(!c)
-			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
-		}
-	Popup.show(popup,false);
-	event.cancelBubble = true;
-	if (event.stopPropagation) event.stopPropagation();
-	return false;
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        var references = store.getReferringTiddlers(title);
+        var c = false;
+        for(var r=0; r<references.length; r++)
+            if(references[r].title != title && !references[r].isTagged("excludeLists"))
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+                c = true;
+                }
+        if(!c)
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
 }
 
 config.commands.jump.handler = function(event,src,title)
 {
-	var popup = Popup.create(src);
-	if(popup)
-		{
-		story.forEachTiddler(function(title,element) {
-			createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
-			});
-		}
-	Popup.show(popup,false);
-	event.cancelBubble = true;
-	if (event.stopPropagation) event.stopPropagation();
-	return false;
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        story.forEachTiddler(function(title,element) {
+            createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+            });
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
 }
 
 // ---------------------------------------------------------------------------------
@@ -2889,153 +2889,153 @@
 
 function Tiddler()
 {
-	this.title = null;
-	this.text = null;
-	this.modifier = null;
-	this.modified = new Date();
-	this.created = new Date();
-	this.links = [];
-	this.linksUpdated = false;
-	this.tags = [];
-	return this;
+    this.title = null;
+    this.text = null;
+    this.modifier = null;
+    this.modified = new Date();
+    this.created = new Date();
+    this.links = [];
+    this.linksUpdated = false;
+    this.tags = [];
+    return this;
 }
 
 Tiddler.prototype.getLinks = function()
 {
-	if(this.linksUpdated==false)
-		this.changed();
-	return this.links;
+    if(this.linksUpdated==false)
+        this.changed();
+    return this.links;
 }
 
 // Format the text for storage in an RSS item
 Tiddler.prototype.saveToRss = function(url)
 {
-	var s = [];
-	s.push("<item>");
-	s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
-	s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
-	for(var t=0; t<this.tags.length; t++)
-		s.push("<category>" + this.tags[t] + "</category>");
-	s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
-	s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
-	s.push("</item>");
-	return(s.join("\n"));
+    var s = [];
+    s.push("<item>");
+    s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+    s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+    for(var t=0; t<this.tags.length; t++)
+        s.push("<category>" + this.tags[t] + "</category>");
+    s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+    s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+    s.push("</item>");
+    return(s.join("\n"));
 }
 
 // Change the text and other attributes of a tiddler
 Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
 {
-	this.assign(title,text,modifier,modified,tags,created,fields);
-	this.changed();
-	return this;
+    this.assign(title,text,modifier,modified,tags,created,fields);
+    this.changed();
+    return this;
 }
 
 // Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
 Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
 {
-	if(title != undefined)
-		this.title = title;
-	if(text != undefined)
-		this.text = text;
-	if(modifier != undefined)
-		this.modifier = modifier;
-	if(modified != undefined)
-		this.modified = modified;
-	if(created != undefined)
-		this.created = created;
-	if(fields != undefined)
-		this.fields = fields;
-	if(tags != undefined)
-		this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
-	else if(this.tags == undefined)
-		this.tags = [];
-	return this;
+    if(title != undefined)
+        this.title = title;
+    if(text != undefined)
+        this.text = text;
+    if(modifier != undefined)
+        this.modifier = modifier;
+    if(modified != undefined)
+        this.modified = modified;
+    if(created != undefined)
+        this.created = created;
+    if(fields != undefined)
+        this.fields = fields;
+    if(tags != undefined)
+        this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+    else if(this.tags == undefined)
+        this.tags = [];
+    return this;
 }
 
 // Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
 Tiddler.prototype.getTags = function()
 {
-	return String.encodeTiddlyLinkList(this.tags);
+    return String.encodeTiddlyLinkList(this.tags);
 }
 
 // Test if a tiddler carries a tag
 Tiddler.prototype.isTagged = function(tag)
 {
-	return this.tags.indexOf(tag) != -1;
+    return this.tags.indexOf(tag) != -1;
 }
 
 // Static method to convert "\n" to newlines, "\s" to "\"
 Tiddler.unescapeLineBreaks = function(text)
 {
-	return text ? text.unescapeLineBreaks() : "";
+    return text ? text.unescapeLineBreaks() : "";
 }
 
 // Convert newlines to "\n", "\" to "\s"
 Tiddler.prototype.escapeLineBreaks = function()
 {
-	return this.text.escapeLineBreaks();
+    return this.text.escapeLineBreaks();
 }
 
 // Updates the secondary information (like links[] array) after a change to a tiddler
 Tiddler.prototype.changed = function()
 {
-	this.links = [];
-	var t = this.autoLinkWikiWords() ? 0 : 1;
-	var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
-	tiddlerLinkRegExp.lastIndex = 0;
-	var formatMatch = tiddlerLinkRegExp.exec(this.text);
-	while(formatMatch)
-		{
-		if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
-			{
-			if(formatMatch.index > 0)
-				{
-				var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
-				preRegExp.lastIndex = formatMatch.index-1;
-				var preMatch = preRegExp.exec(this.text);
-				if(preMatch.index != formatMatch.index-1)
-					this.links.pushUnique(formatMatch[1]);
-				}
-			else
-				this.links.pushUnique(formatMatch[1]);
-			}
-		else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
-			this.links.pushUnique(formatMatch[3-t]);
-		else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
-			this.links.pushUnique(formatMatch[4-t]);
-		// Do not add link if match urlPattern (formatMatch[5-t])
-		formatMatch = tiddlerLinkRegExp.exec(this.text);
-		}
-	this.linksUpdated = true;
-	return;
+    this.links = [];
+    var t = this.autoLinkWikiWords() ? 0 : 1;
+    var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+    tiddlerLinkRegExp.lastIndex = 0;
+    var formatMatch = tiddlerLinkRegExp.exec(this.text);
+    while(formatMatch)
+        {
+        if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+            {
+            if(formatMatch.index > 0)
+                {
+                var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+                preRegExp.lastIndex = formatMatch.index-1;
+                var preMatch = preRegExp.exec(this.text);
+                if(preMatch.index != formatMatch.index-1)
+                    this.links.pushUnique(formatMatch[1]);
+                }
+            else
+                this.links.pushUnique(formatMatch[1]);
+            }
+        else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+            this.links.pushUnique(formatMatch[3-t]);
+        else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+            this.links.pushUnique(formatMatch[4-t]);
+        // Do not add link if match urlPattern (formatMatch[5-t])
+        formatMatch = tiddlerLinkRegExp.exec(this.text);
+        }
+    this.linksUpdated = true;
+    return;
 }
 
 Tiddler.prototype.getSubtitle = function()
 {
-	var theModifier = this.modifier;
-	if(!theModifier)
-		theModifier = config.messages.subtitleUnknown;
-	var theModified = this.modified;
-	if(theModified)
-		theModified = theModified.toLocaleString();
-	else
-		theModified = config.messages.subtitleUnknown;
-	return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+    var theModifier = this.modifier;
+    if(!theModifier)
+        theModifier = config.messages.subtitleUnknown;
+    var theModified = this.modified;
+    if(theModified)
+        theModified = theModified.toLocaleString();
+    else
+        theModified = config.messages.subtitleUnknown;
+    return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
 }
 
 Tiddler.prototype.isReadOnly = function()
 {
-	return readOnly;
+    return readOnly;
 }
 
 Tiddler.prototype.autoLinkWikiWords = function()
 {
-	return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+    return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
 }
 
 Tiddler.prototype.generateFingerprint = function()
 {
-	return "0x" + Crypto.hexSha1Str(this.text);
+    return "0x" + Crypto.hexSha1Str(this.text);
 }
 
 // ---------------------------------------------------------------------------------
@@ -3044,164 +3044,164 @@
 
 function TiddlyWiki()
 {
-	var tiddlers = {}; // Hashmap by name of tiddlers
-	this.tiddlersUpdated = false;
-	this.namedNotifications = []; // Array of {name:,notify:} of notification functions
-	this.notificationLevel = 0;
-	this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
-	this.clear = function() {
-		tiddlers = {};
-		this.setDirty(false);
-		};
-	this.fetchTiddler = function(title) {
-		return tiddlers[title];
-		};
-	this.deleteTiddler = function(title) {
-		delete this.slices[title];
-		delete tiddlers[title];
-		};
-	this.addTiddler = function(tiddler) {
-		delete this.slices[tiddler.title];
-		tiddlers[tiddler.title] = tiddler;
-		};
-	this.forEachTiddler = function(callback) {
-		for(var t in tiddlers)
-			{
-			var tiddler = tiddlers[t];
-			if(tiddler instanceof Tiddler)
-				callback.call(this,t,tiddler);
-			}
-		};
+    var tiddlers = {}; // Hashmap by name of tiddlers
+    this.tiddlersUpdated = false;
+    this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+    this.notificationLevel = 0;
+    this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+    this.clear = function() {
+        tiddlers = {};
+        this.setDirty(false);
+        };
+    this.fetchTiddler = function(title) {
+        return tiddlers[title];
+        };
+    this.deleteTiddler = function(title) {
+        delete this.slices[title];
+        delete tiddlers[title];
+        };
+    this.addTiddler = function(tiddler) {
+        delete this.slices[tiddler.title];
+        tiddlers[tiddler.title] = tiddler;
+        };
+    this.forEachTiddler = function(callback) {
+        for(var t in tiddlers)
+            {
+            var tiddler = tiddlers[t];
+            if(tiddler instanceof Tiddler)
+                callback.call(this,t,tiddler);
+            }
+        };
 }
 
 // Set the dirty flag
 TiddlyWiki.prototype.setDirty = function(dirty)
 {
-	this.dirty = dirty;
+    this.dirty = dirty;
 }
 
 TiddlyWiki.prototype.isDirty = function()
 {
-	return this.dirty;
+    return this.dirty;
 }
 
 TiddlyWiki.prototype.suspendNotifications = function()
 {
-	this.notificationLevel--;
+    this.notificationLevel--;
 }
 
 TiddlyWiki.prototype.resumeNotifications = function()
 {
-	this.notificationLevel++;
+    this.notificationLevel++;
 }
 
 // Invoke the notification handlers for a particular tiddler
 TiddlyWiki.prototype.notify = function(title,doBlanket)
 {
-	if(!this.notificationLevel)
-		for(var t=0; t<this.namedNotifications.length; t++)
-			{
-			var n = this.namedNotifications[t];
-			if((n.name == null && doBlanket) || (n.name == title))
-				n.notify(title);
-			}
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if((n.name == null && doBlanket) || (n.name == title))
+                n.notify(title);
+            }
 }
 
 // Invoke the notification handlers for all tiddlers
 TiddlyWiki.prototype.notifyAll = function()
 {
-	if(!this.notificationLevel)
-		for(var t=0; t<this.namedNotifications.length; t++)
-			{
-			var n = this.namedNotifications[t];
-			if(n.name)
-				n.notify(n.name);
-			}
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if(n.name)
+                n.notify(n.name);
+            }
 }
 
 // Add a notification handler to a tiddler
 TiddlyWiki.prototype.addNotification = function(title,fn)
 {
-	for (var i=0; i<this.namedNotifications.length; i++)
-		if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
-			return this;
-	this.namedNotifications.push({name: title, notify: fn});
-	return this;
+    for (var i=0; i<this.namedNotifications.length; i++)
+        if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+            return this;
+    this.namedNotifications.push({name: title, notify: fn});
+    return this;
 }
 
 TiddlyWiki.prototype.removeTiddler = function(title)
 {
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		{
-		this.deleteTiddler(title);
-		this.notify(title,true);
-		this.setDirty(true);
-		}
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        this.deleteTiddler(title);
+        this.notify(title,true);
+        this.setDirty(true);
+        }
 }
 
 TiddlyWiki.prototype.tiddlerExists = function(title)
 {
-	var t = this.fetchTiddler(title);
-	return (t != undefined);
+    var t = this.fetchTiddler(title);
+    return (t != undefined);
 }
 
 TiddlyWiki.prototype.isShadowTiddler = function(title)
 {
-	return typeof config.shadowTiddlers[title] == "string";
+    return typeof config.shadowTiddlers[title] == "string";
 }
 
 TiddlyWiki.prototype.getTiddler = function(title)
 {
-	var t = this.fetchTiddler(title);
-	if(t != undefined)
-		return t;
-	else
-		return null;
+    var t = this.fetchTiddler(title);
+    if(t != undefined)
+        return t;
+    else
+        return null;
 }
 
 TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
 {
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		return tiddler.text;
-	if(!title)
-		return defaultText;
-	var pos = title.indexOf(config.textPrimitives.sliceSeparator);
-	if(pos != -1)
-		{
-		var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
-		if(slice)
-			return slice;
-		}
-	if(this.isShadowTiddler(title))
-		return config.shadowTiddlers[title];
-	if(defaultText != undefined)
-		return defaultText;
-	return null;
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        return tiddler.text;
+    if(!title)
+        return defaultText;
+    var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+    if(pos != -1)
+        {
+        var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+        if(slice)
+            return slice;
+        }
+    if(this.isShadowTiddler(title))
+        return config.shadowTiddlers[title];
+    if(defaultText != undefined)
+        return defaultText;
+    return null;
 }
 
 TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
 
 // @internal
-TiddlyWiki.prototype.calcAllSlices = function(title) 
-{
-	var slices = {};
-	var text = this.getTiddlerText(title,"");
-	this.slicesRE.lastIndex = 0;
-	do 
-		{
-			var m = this.slicesRE.exec(text);
-			if (m) 
-				{
-					if (m[1])
-						slices[m[1]] = m[2];
-					else
-						slices[m[3]] = m[4];
-				}
-		}
-	while(m);
-	return slices;
+TiddlyWiki.prototype.calcAllSlices = function(title)
+{
+    var slices = {};
+    var text = this.getTiddlerText(title,"");
+    this.slicesRE.lastIndex = 0;
+    do
+        {
+            var m = this.slicesRE.exec(text);
+            if (m)
+                {
+                    if (m[1])
+                        slices[m[1]] = m[2];
+                    else
+                        slices[m[3]] = m[4];
+                }
+        }
+    while(m);
+    return slices;
 }
 
 // Returns the slice of text of the given name
@@ -3223,464 +3223,464 @@
 //# @return [may be undefined] the (trimmed) text of the specified slice.
 TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
 {
-	var slices = this.slices[title];
-	if (!slices) {
-		slices = this.calcAllSlices(title);
-		this.slices[title] = slices;
-	}
-	return slices[sliceName];
+    var slices = this.slices[title];
+    if (!slices) {
+        slices = this.calcAllSlices(title);
+        this.slices[title] = slices;
+    }
+    return slices[sliceName];
 }
 
 // Build an hashmap of the specified named slices of a tiddler
 TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
 {
-	var r = {};
-	for(var t=0; t<sliceNames.length; t++)
-		{
-		var slice = this.getTiddlerSlice(title,sliceNames[t]);
-		if(slice)
-			r[sliceNames[t]] = slice;
-		}
-	return r;
+    var r = {};
+    for(var t=0; t<sliceNames.length; t++)
+        {
+        var slice = this.getTiddlerSlice(title,sliceNames[t]);
+        if(slice)
+            r[sliceNames[t]] = slice;
+        }
+    return r;
 }
 
 TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
 {
-	var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
-	var text = this.getTiddlerText(title,null);
-	if(text == null)
-		return defaultText;
-	var textOut = [];
-	var lastPos = 0;
-	do {
-		var match = bracketRegExp.exec(text);
-		if(match)
-			{
-			textOut.push(text.substr(lastPos,match.index-lastPos));
-			if(match[1])
-				{
-				if(depth <= 0)
-					textOut.push(match[1]);
-				else
-					textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
-				}
-			lastPos = match.index + match[0].length;
-			}
-		else
-			textOut.push(text.substr(lastPos));
-	} while(match);
-	return(textOut.join(""));
+    var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+    var text = this.getTiddlerText(title,null);
+    if(text == null)
+        return defaultText;
+    var textOut = [];
+    var lastPos = 0;
+    do {
+        var match = bracketRegExp.exec(text);
+        if(match)
+            {
+            textOut.push(text.substr(lastPos,match.index-lastPos));
+            if(match[1])
+                {
+                if(depth <= 0)
+                    textOut.push(match[1]);
+                else
+                    textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+                }
+            lastPos = match.index + match[0].length;
+            }
+        else
+            textOut.push(text.substr(lastPos));
+    } while(match);
+    return(textOut.join(""));
 }
 
 TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
 {
-	var tiddler = this.fetchTiddler(title);
-	if(tiddler)
-		{
-		var t = tiddler.tags.indexOf(tag);
-		if(t != -1)
-			tiddler.tags.splice(t,1);
-		if(status)
-			tiddler.tags.push(tag);
-		tiddler.changed();
-		this.notify(title,true);
-		this.setDirty(true);
-		}
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        var t = tiddler.tags.indexOf(tag);
+        if(t != -1)
+            tiddler.tags.splice(t,1);
+        if(status)
+            tiddler.tags.push(tag);
+        tiddler.changed();
+        this.notify(title,true);
+        this.setDirty(true);
+        }
 }
 
 TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
 {
-	var tiddler = this.fetchTiddler(title);
-	var created;
-	if(tiddler)
-		{
-		created = tiddler.created; // Preserve created date
-		this.deleteTiddler(title);
-		}
-	else
-		{
-		tiddler = new Tiddler();
-		created = modified;
-		}
-	tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
-	this.addTiddler(tiddler);
-	if(title != newTitle)
-		this.notify(title,true);
-	this.notify(newTitle,true);
-	this.setDirty(true);
-	return tiddler;
+    var tiddler = this.fetchTiddler(title);
+    var created;
+    if(tiddler)
+        {
+        created = tiddler.created; // Preserve created date
+        this.deleteTiddler(title);
+        }
+    else
+        {
+        tiddler = new Tiddler();
+        created = modified;
+        }
+    tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+    this.addTiddler(tiddler);
+    if(title != newTitle)
+        this.notify(title,true);
+    this.notify(newTitle,true);
+    this.setDirty(true);
+    return tiddler;
 }
 
 TiddlyWiki.prototype.createTiddler = function(title)
 {
-	var tiddler = this.fetchTiddler(title);
-	if(!tiddler)
-		{
-		tiddler = new Tiddler();
-		tiddler.title = title;
-		this.addTiddler(tiddler);
-		this.setDirty(true);
-		}
-	return tiddler;
+    var tiddler = this.fetchTiddler(title);
+    if(!tiddler)
+        {
+        tiddler = new Tiddler();
+        tiddler.title = title;
+        this.addTiddler(tiddler);
+        this.setDirty(true);
+        }
+    return tiddler;
 }
 
 // Load contents of a tiddlywiki from an HTML DIV
 TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
 {
-	this.idPrefix = idPrefix;
-	var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
-	var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
-	this.setDirty(false);
-	if(!noUpdate)
-		{
-		for(var i = 0;i<tiddlers.length; i++)
-			tiddlers[i].changed();
-		}
+    this.idPrefix = idPrefix;
+    var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+    var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+    this.setDirty(false);
+    if(!noUpdate)
+        {
+        for(var i = 0;i<tiddlers.length; i++)
+            tiddlers[i].changed();
+        }
 }
 
 TiddlyWiki.prototype.updateTiddlers = function()
 {
-	this.tiddlersUpdated = true;
-	this.forEachTiddler(function(title,tiddler) {
-		tiddler.changed();
-		});
+    this.tiddlersUpdated = true;
+    this.forEachTiddler(function(title,tiddler) {
+        tiddler.changed();
+        });
 }
 
 // Return all tiddlers formatted as an HTML string
 TiddlyWiki.prototype.allTiddlersAsHtml = function()
 {
-	return store.getSaver().externalize(store);
+    return store.getSaver().externalize(store);
 }
 
 // Return an array of tiddlers matching a search regular expression
 TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
 {
-	var candidates = this.reverseLookup("tags",excludeTag,false);
-	var results = [];
-	for(var t=0; t<candidates.length; t++)
-		{
-		if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
-			results.push(candidates[t]);
-		}
-	if(!sortField)
-		sortField = "title";
-	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-	return results;
+    var candidates = this.reverseLookup("tags",excludeTag,false);
+    var results = [];
+    for(var t=0; t<candidates.length; t++)
+        {
+        if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+            results.push(candidates[t]);
+        }
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
 }
 
 // Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
 TiddlyWiki.prototype.getTags = function()
 {
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		for(var g=0; g<tiddler.tags.length; g++)
-			{
-			var tag = tiddler.tags[g];
-			var f = false;
-			for(var c=0; c<results.length; c++)
-				if(results[c][0] == tag)
-					{
-					f = true;
-					results[c][1]++;
-					}
-			if(!f)
-				results.push([tag,1]);
-			}
-		});
-	results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
-	return results;
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        for(var g=0; g<tiddler.tags.length; g++)
+            {
+            var tag = tiddler.tags[g];
+            var f = false;
+            for(var c=0; c<results.length; c++)
+                if(results[c][0] == tag)
+                    {
+                    f = true;
+                    results[c][1]++;
+                    }
+            if(!f)
+                results.push([tag,1]);
+            }
+        });
+    results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+    return results;
 }
 
 // Return an array of the tiddlers that are tagged with a given tag
 TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
 {
-	return this.reverseLookup("tags",tag,true,sortField);
+    return this.reverseLookup("tags",tag,true,sortField);
 }
 
 // Return an array of the tiddlers that link to a given tiddler
 TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
 {
-	if(!this.tiddlersUpdated)
-		this.updateTiddlers();
-	return this.reverseLookup("links",title,true,sortField);
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    return this.reverseLookup("links",title,true,sortField);
 }
 
 // Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
 // lookupMatch == true to match tiddlers, false to exclude tiddlers
 TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
 {
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		var f = !lookupMatch;
-		for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
-			if(tiddler[lookupField][lookup] == lookupValue)
-				f = lookupMatch;
-		if(f)
-			results.push(tiddler);
-		});
-	if(!sortField)
-		sortField = "title";
-	results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-	return results;
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        var f = !lookupMatch;
+        for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+            if(tiddler[lookupField][lookup] == lookupValue)
+                f = lookupMatch;
+        if(f)
+            results.push(tiddler);
+        });
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
 }
 
 // Return the tiddlers as a sorted array
 TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
 {
-	var results = [];
-	this.forEachTiddler(function(title,tiddler) {
-		if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
-			results.push(tiddler);
-		});
-	if(field)
-		results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
-	return results;
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+            results.push(tiddler);
+        });
+    if(field)
+        results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+    return results;
 }
 
 // Return array of names of tiddlers that are referred to but not defined
 TiddlyWiki.prototype.getMissingLinks = function(sortField)
 {
-	if(!this.tiddlersUpdated)
-		this.updateTiddlers();
-	var results = [];
-	this.forEachTiddler(function (title,tiddler) {
-		for(var n=0; n<tiddler.links.length;n++)
-			{
-			var link = tiddler.links[n];
-			if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
-				results.pushUnique(link);
-			}
-		});
-	results.sort();
-	return results;
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        for(var n=0; n<tiddler.links.length;n++)
+            {
+            var link = tiddler.links[n];
+            if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+                results.pushUnique(link);
+            }
+        });
+    results.sort();
+    return results;
 }
 
 // Return an array of names of tiddlers that are defined but not referred to
 TiddlyWiki.prototype.getOrphans = function()
 {
-	var results = [];
-	this.forEachTiddler(function (title,tiddler) {
-		if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
-			results.push(title);
-		});
-	results.sort();
-	return results;
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+            results.push(title);
+        });
+    results.sort();
+    return results;
 }
 
 // Return an array of names of all the shadow tiddlers
 TiddlyWiki.prototype.getShadowed = function()
 {
-	var results = [];
-	for(var t in config.shadowTiddlers)
-		if(typeof config.shadowTiddlers[t] == "string")
-			results.push(t);
-	results.sort();
-	return results;
+    var results = [];
+    for(var t in config.shadowTiddlers)
+        if(typeof config.shadowTiddlers[t] == "string")
+            results.push(t);
+    results.sort();
+    return results;
 }
 
 // Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
-TiddlyWiki.prototype.resolveTiddler = function(tiddler) 
+TiddlyWiki.prototype.resolveTiddler = function(tiddler)
 {
-	var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
-	return t instanceof Tiddler ? t : null;
+    var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+    return t instanceof Tiddler ? t : null;
 }
 
-TiddlyWiki.prototype.getLoader = function() 
+TiddlyWiki.prototype.getLoader = function()
 {
-	if (!this.loader) 
-		this.loader = new TW21Loader();
-	return this.loader;
+    if (!this.loader)
+        this.loader = new TW21Loader();
+    return this.loader;
 }
- 
-TiddlyWiki.prototype.getSaver = function() 
+
+TiddlyWiki.prototype.getSaver = function()
 {
-	if (!this.saver) 
-		this.saver = new TW21Saver();
-	return this.saver;
+    if (!this.saver)
+        this.saver = new TW21Saver();
+    return this.saver;
 }
 
 // Returns true if path is a valid field name (path),
 // i.e. a sequence of identifiers, separated by '.'
 TiddlyWiki.isValidFieldName = function (name) {
-	var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
-	return match && (match[0] == name);
+    var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+    return match && (match[0] == name);
 }
 
 // Throws an exception when name is not a valid field name.
 TiddlyWiki.checkFieldName = function(name) {
-	if (!TiddlyWiki.isValidFieldName(name))
-		throw config.messages.invalidFieldName.format([name]);
+    if (!TiddlyWiki.isValidFieldName(name))
+        throw config.messages.invalidFieldName.format([name]);
 }
 
 function StringFieldAccess(n, readOnly) {
-	this.set = readOnly 
-		? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
-		: function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
-	this.get = function(t) {return t[n];};
+    this.set = readOnly
+        ? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+        : function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+    this.get = function(t) {return t[n];};
 }
 
 function DateFieldAccess(n) {
-	this.set = function(t,v) {
-			var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v); 
-			if (d != t[n]) {
-				t[n] = d; return true;
-			}
-		};
-	this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+    this.set = function(t,v) {
+            var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v);
+            if (d != t[n]) {
+                t[n] = d; return true;
+            }
+        };
+    this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
 }
 
 function LinksFieldAccess(n) {
-	this.set = function(t,v) {
-			var s = (typeof v == "string") ? v.readBracketedList() : v; 
-			if (s.toString() != t[n].toString()) {
-				t[n] = s; return true;
-			}
-		};
-	this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+    this.set = function(t,v) {
+            var s = (typeof v == "string") ? v.readBracketedList() : v;
+            if (s.toString() != t[n].toString()) {
+                t[n] = s; return true;
+            }
+        };
+    this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
 }
 
 TiddlyWiki.standardFieldAccess = {
-	// The set functions return true when setting the data has changed the value.
-	
-	"title":    new StringFieldAccess("title", true),
-	// Handle the "tiddler" field name as the title
-	"tiddler":  new StringFieldAccess("title", true),
-	
-	"text":     new StringFieldAccess("text"),
-	"modifier": new StringFieldAccess("modifier"),
-	"modified": new DateFieldAccess("modified"),
-	"created":  new DateFieldAccess("created"),
-	"tags":     new LinksFieldAccess("tags")
+    // The set functions return true when setting the data has changed the value.
+
+    "title":    new StringFieldAccess("title", true),
+    // Handle the "tiddler" field name as the title
+    "tiddler":  new StringFieldAccess("title", true),
+
+    "text":     new StringFieldAccess("text"),
+    "modifier": new StringFieldAccess("modifier"),
+    "modified": new DateFieldAccess("modified"),
+    "created":  new DateFieldAccess("created"),
+    "tags":     new LinksFieldAccess("tags")
 };
 
 TiddlyWiki.isStandardField = function(name) {
-	return TiddlyWiki.standardFieldAccess[name] != undefined;
+    return TiddlyWiki.standardFieldAccess[name] != undefined;
 }
 
-// Sets the value of the given field of the tiddler to the value. 
-// Setting an ExtendedField's value to null or undefined removes the field. 
+// Sets the value of the given field of the tiddler to the value.
+// Setting an ExtendedField's value to null or undefined removes the field.
 // Setting a namespace to undefined removes all fields of that namespace.
 // The fieldName is case-insensitive.
 // All values will be converted to a string value.
 TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
-	TiddlyWiki.checkFieldName(fieldName);
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return;
-		
-	fieldName = fieldName.toLowerCase();
-
-	var isRemove = (value === undefined) || (value === null);
-
-	if (!t.fields) 
-		t.fields = {};
-		
-	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-	if (accessor) {
-		if (isRemove)
-			// don't remove StandardFields
-			return;
-		var h = TiddlyWiki.standardFieldAccess[fieldName];
-		if (!h.set(t, value))
-			return;
-
-	} else {
-		var oldValue = t.fields[fieldName];
-		
-		if (isRemove) {
-			if (oldValue !== undefined) {
-				// deletes a single field
-				delete t.fields[fieldName];
-			} else {
-				// no concrete value is defined for the fieldName
-				// so we guess this is a namespace path.
-				
-				// delete all fields in a namespace
-				var re = new RegExp('^'+fieldName+'\\.');
-				var dirty = false;
-				for (var n in t.fields) {
-					if (n.match(re)) {
-						delete t.fields[n];
-						dirty = true;
-					}
-				}
-				if (!dirty)
-					return
-			}
-				
-		} else {
-			// the "normal" set case. value is defined (not null/undefined)
-			// For convenience provide a nicer conversion Date->String
- 			value = value instanceof Date 
-				? value.convertToYYYYMMDDHHMMSSMMM() 
-				: String(value);
-			if (oldValue == value) 
-				return;
-			t.fields[fieldName] = value;
-		}
-	}
-	
-	// When we are here the tiddler/store really was changed.
-	this.notify(t.title,true);
-	if (!fieldName.match(/^temp\./))
-		this.setDirty(true);
-}
-
-// Returns the value of the given field of the tiddler. 
+    TiddlyWiki.checkFieldName(fieldName);
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return;
+
+    fieldName = fieldName.toLowerCase();
+
+    var isRemove = (value === undefined) || (value === null);
+
+    if (!t.fields)
+        t.fields = {};
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        if (isRemove)
+            // don't remove StandardFields
+            return;
+        var h = TiddlyWiki.standardFieldAccess[fieldName];
+        if (!h.set(t, value))
+            return;
+
+    } else {
+        var oldValue = t.fields[fieldName];
+
+        if (isRemove) {
+            if (oldValue !== undefined) {
+                // deletes a single field
+                delete t.fields[fieldName];
+            } else {
+                // no concrete value is defined for the fieldName
+                // so we guess this is a namespace path.
+
+                // delete all fields in a namespace
+                var re = new RegExp('^'+fieldName+'\\.');
+                var dirty = false;
+                for (var n in t.fields) {
+                    if (n.match(re)) {
+                        delete t.fields[n];
+                        dirty = true;
+                    }
+                }
+                if (!dirty)
+                    return
+            }
+
+        } else {
+            // the "normal" set case. value is defined (not null/undefined)
+            // For convenience provide a nicer conversion Date->String
+            value = value instanceof Date
+                ? value.convertToYYYYMMDDHHMMSSMMM()
+                : String(value);
+            if (oldValue == value)
+                return;
+            t.fields[fieldName] = value;
+        }
+    }
+
+    // When we are here the tiddler/store really was changed.
+    this.notify(t.title,true);
+    if (!fieldName.match(/^temp\./))
+        this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler.
 // The fieldName is case-insensitive.
 // Will only return String values (or undefined).
 TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return undefined;
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    fieldName = fieldName.toLowerCase();
 
-	fieldName = fieldName.toLowerCase();
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        return accessor.get(t);
+    }
 
-	var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-	if (accessor) {
-		return accessor.get(t);
-	}
-	
-	return t.fields ? t.fields[fieldName] : undefined;
+    return t.fields ? t.fields[fieldName] : undefined;
 }
 
 // Calls the callback function for every field in the tiddler.
 //
-// When callback function returns a non-false value the iteration stops 
-// and that value is returned. 
+// When callback function returns a non-false value the iteration stops
+// and that value is returned.
 //
 // The order of the fields is not defined.
-// 
-// @param callback a function(tiddler, fieldName, value). 
-// 
+//
+// @param callback a function(tiddler, fieldName, value).
+//
 TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
-	var t = this.resolveTiddler(tiddler);
-	if (!t)
-		return undefined;
-	
-	if (t.fields) {
-		for (var n in t.fields) {
-			var result = callback(t, n, t.fields[n]);
-			if (result)
-				return result;
-		}
-	}
-	
-	if (onlyExtendedFields)
-		return undefined;
-
-	for (var n in TiddlyWiki.standardFieldAccess) {
-		if (n == "tiddler")
-			// even though the "title" field can also be referenced through the name "tiddler"
-			// we only visit this field once.
-			continue;
-			
-		var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
-		if (result)
-			return result;
-	}
-
-	return undefined;
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    if (t.fields) {
+        for (var n in t.fields) {
+            var result = callback(t, n, t.fields[n]);
+            if (result)
+                return result;
+        }
+    }
+
+    if (onlyExtendedFields)
+        return undefined;
+
+    for (var n in TiddlyWiki.standardFieldAccess) {
+        if (n == "tiddler")
+            // even though the "title" field can also be referenced through the name "tiddler"
+            // we only visit this field once.
+            continue;
+
+        var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+        if (result)
+            return result;
+    }
+
+    return undefined;
 };
 // ---------------------------------------------------------------------------------
 // Story functions
@@ -3691,36 +3691,36 @@
 // idPrefix - string prefix prepended to title to make ids for tiddlers in this story
 function Story(container,idPrefix)
 {
-	this.container = container;
-	this.idPrefix = idPrefix;
-	this.highlightRegExp = null;
+    this.container = container;
+    this.idPrefix = idPrefix;
+    this.highlightRegExp = null;
 }
 
 // Iterate through all the tiddlers in a story
 // fn - callback function to be called for each tiddler. Arguments are:
-//		tiddler - reference to Tiddler object
-//		element - reference to tiddler display element
+//      tiddler - reference to Tiddler object
+//      element - reference to tiddler display element
 Story.prototype.forEachTiddler = function(fn)
 {
-	var place = document.getElementById(this.container);
-	if(!place)
-		return;
-	var e = place.firstChild;
-	while(e)
-		{
-		var n = e.nextSibling;
-		var title = e.getAttribute("tiddler");
-		fn.call(this,title,e);
-		e = n;
-		}
+    var place = document.getElementById(this.container);
+    if(!place)
+        return;
+    var e = place.firstChild;
+    while(e)
+        {
+        var n = e.nextSibling;
+        var title = e.getAttribute("tiddler");
+        fn.call(this,title,e);
+        e = n;
+        }
 }
 
 // Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
 // titles - array of string titles
 Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
 {
-	for(var t = titles.length-1;t>=0;t--)
-		this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+    for(var t = titles.length-1;t>=0;t--)
+        this.displayTiddler(srcElement,titles[t],template,animate,slowly);
 }
 
 // Display a given tiddler with a given template. If the tiddler is already displayed but with a different
@@ -3729,28 +3729,28 @@
 //              special positions "top", "bottom"
 // title - title of tiddler to display
 // template - the name of the tiddler containing the template -or-
-//			  one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
-//			  null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+//            one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//            null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
 // animate - whether to perform animations
 // slowly - whether to perform animations in slomo
 Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
 {
-	var place = document.getElementById(this.container);
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem)
-		this.refreshTiddler(title,template);
-	else
-		{
-		var before = this.positionTiddler(srcElement);
-		tiddlerElem = this.createTiddler(place,before,title,template);
-		}
-	if(srcElement && typeof srcElement !== "string")
-		{
-		if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
-			anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
-		else
-			window.scrollTo(0,ensureVisible(tiddlerElem));
-		}
+    var place = document.getElementById(this.container);
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        this.refreshTiddler(title,template);
+    else
+        {
+        var before = this.positionTiddler(srcElement);
+        tiddlerElem = this.createTiddler(place,before,title,template);
+        }
+    if(srcElement && typeof srcElement !== "string")
+        {
+        if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+            anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+        else
+            window.scrollTo(0,ensureVisible(tiddlerElem));
+        }
 }
 
 // Figure out the appropriate position for a newly opened tiddler
@@ -3759,31 +3759,31 @@
 // returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
 Story.prototype.positionTiddler = function(srcElement)
 {
-	var place = document.getElementById(this.container);
-	var before;
-	if(typeof srcElement == "string")
-		{
-		switch(srcElement)
-			{
-			case "top":
-				before = place.firstChild;
-				break;
-			case "bottom":
-				before = null;
-				break;
-			}
-		}
-	else
-		{
-		var after = this.findContainingTiddler(srcElement);
-		if(after == null)
-			before = place.firstChild;
-		else if(after.nextSibling)
-			before = after.nextSibling;
-		else
-			before = null;
-		}
-	return before;
+    var place = document.getElementById(this.container);
+    var before;
+    if(typeof srcElement == "string")
+        {
+        switch(srcElement)
+            {
+            case "top":
+                before = place.firstChild;
+                break;
+            case "bottom":
+                before = null;
+                break;
+            }
+        }
+    else
+        {
+        var after = this.findContainingTiddler(srcElement);
+        if(after == null)
+            before = place.firstChild;
+        else if(after.nextSibling)
+            before = after.nextSibling;
+        else
+            before = null;
+        }
+    return before;
 }
 
 // Create a tiddler frame at the appropriate place in a story column
@@ -3793,27 +3793,27 @@
 // template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
 Story.prototype.createTiddler = function(place,before,title,template)
 {
-	var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
-	tiddlerElem.setAttribute("refresh","tiddler");
-	place.insertBefore(tiddlerElem,before);
-	this.refreshTiddler(title,template);
-	return tiddlerElem;
+    var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+    tiddlerElem.setAttribute("refresh","tiddler");
+    place.insertBefore(tiddlerElem,before);
+    this.refreshTiddler(title,template);
+    return tiddlerElem;
 }
 
 // Overridable for choosing the name of the template to apply for a tiddler
 Story.prototype.chooseTemplateForTiddler = function(title,template)
 {
-	if(!template)
-		template = DEFAULT_VIEW_TEMPLATE;
-	if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
-		template = config.tiddlerTemplates[template];
-	return template;
+    if(!template)
+        template = DEFAULT_VIEW_TEMPLATE;
+    if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+        template = config.tiddlerTemplates[template];
+    return template;
 }
 
 // Overridable for extracting the text of a template from a tiddler
 Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
 {
-	return store.getRecursiveTiddlerText(template,null,10);
+    return store.getRecursiveTiddlerText(template,null,10);
 }
 
 // Apply a template to an existing tiddler if it is not already displayed using that template
@@ -3822,198 +3822,198 @@
 // force - if true, forces the refresh even if the template hasn't changedd
 Story.prototype.refreshTiddler = function(title,template,force)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem)
-		{
-		if(tiddlerElem.getAttribute("dirty") == "true" && !force)
-			return tiddlerElem;
-		template = this.chooseTemplateForTiddler(title,template);
-		var currTemplate = tiddlerElem.getAttribute("template");
-		if((template != currTemplate) || force)
-			{
-			var tiddler = store.getTiddler(title);
-			if(!tiddler)
-				{
-				tiddler = new Tiddler();
-				if(store.isShadowTiddler(title))
-					tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
-				else
-					{
-					var text = template=="EditTemplate"
-								? config.views.editor.defaultText.format([title])
-								: config.views.wikified.defaultText.format([title]);
-					tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
-					}
-				}
-			tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
-			tiddlerElem.setAttribute("tiddler",title);
-			tiddlerElem.setAttribute("template",template);
-			var me = this;
-			tiddlerElem.onmouseover = this.onTiddlerMouseOver;
-			tiddlerElem.onmouseout = this.onTiddlerMouseOut;
-			tiddlerElem.ondblclick = this.onTiddlerDblClick;
-			tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
-			var html = this.getTemplateForTiddler(title,template,tiddler);
-			tiddlerElem.innerHTML = html;
-			applyHtmlMacros(tiddlerElem,tiddler);
-			if(store.getTaggedTiddlers(title).length > 0)
-				addClass(tiddlerElem,"isTag");
-			else
-				removeClass(tiddlerElem,"isTag");
-			if(!store.tiddlerExists(title))
-				{
-				if(store.isShadowTiddler(title))
-					addClass(tiddlerElem,"shadow");
-				else
-					addClass(tiddlerElem,"missing");
-				}
-			else
-				{
-				removeClass(tiddlerElem,"shadow");
-				removeClass(tiddlerElem,"missing");
-				}
-			}
-		}
-	return tiddlerElem;
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        {
+        if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+            return tiddlerElem;
+        template = this.chooseTemplateForTiddler(title,template);
+        var currTemplate = tiddlerElem.getAttribute("template");
+        if((template != currTemplate) || force)
+            {
+            var tiddler = store.getTiddler(title);
+            if(!tiddler)
+                {
+                tiddler = new Tiddler();
+                if(store.isShadowTiddler(title))
+                    tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+                else
+                    {
+                    var text = template=="EditTemplate"
+                                ? config.views.editor.defaultText.format([title])
+                                : config.views.wikified.defaultText.format([title]);
+                    tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+                    }
+                }
+            tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+            tiddlerElem.setAttribute("tiddler",title);
+            tiddlerElem.setAttribute("template",template);
+            var me = this;
+            tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+            tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+            tiddlerElem.ondblclick = this.onTiddlerDblClick;
+            tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+            var html = this.getTemplateForTiddler(title,template,tiddler);
+            tiddlerElem.innerHTML = html;
+            applyHtmlMacros(tiddlerElem,tiddler);
+            if(store.getTaggedTiddlers(title).length > 0)
+                addClass(tiddlerElem,"isTag");
+            else
+                removeClass(tiddlerElem,"isTag");
+            if(!store.tiddlerExists(title))
+                {
+                if(store.isShadowTiddler(title))
+                    addClass(tiddlerElem,"shadow");
+                else
+                    addClass(tiddlerElem,"missing");
+                }
+            else
+                {
+                removeClass(tiddlerElem,"shadow");
+                removeClass(tiddlerElem,"missing");
+                }
+            }
+        }
+    return tiddlerElem;
 }
 
 // Refresh all tiddlers in the Story
-Story.prototype.refreshAllTiddlers = function() 
+Story.prototype.refreshAllTiddlers = function()
 {
-	var place = document.getElementById(this.container);
-	var e = place.firstChild;
-	if(!e)
-		return;
-	this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
-	while((e = e.nextSibling) != null) 
-		this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+    var place = document.getElementById(this.container);
+    var e = place.firstChild;
+    if(!e)
+        return;
+    this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+    while((e = e.nextSibling) != null)
+        this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
 }
 
 // Default tiddler onmouseover/out event handlers
 Story.prototype.onTiddlerMouseOver = function(e)
 {
-	if(window.addClass instanceof Function)
-		addClass(this,"selected");
+    if(window.addClass instanceof Function)
+        addClass(this,"selected");
 }
 
 Story.prototype.onTiddlerMouseOut = function(e)
 {
-	if(window.removeClass instanceof Function)
-		removeClass(this,"selected");
+    if(window.removeClass instanceof Function)
+        removeClass(this,"selected");
 }
 
 // Default tiddler ondblclick event handler
 Story.prototype.onTiddlerDblClick = function(e)
 {
-	if(!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
-		{
-		if(document.selection && document.selection.empty)
-			document.selection.empty();
-		config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-		e.cancelBubble = true;
-		if (e.stopPropagation) e.stopPropagation();
-		return true;
-		}
-	else
-		return false;
+    if(!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+        {
+        if(document.selection && document.selection.empty)
+            document.selection.empty();
+        config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+        e.cancelBubble = true;
+        if (e.stopPropagation) e.stopPropagation();
+        return true;
+        }
+    else
+        return false;
 }
 
 Story.prototype.onTiddlerKeyPress = function(e)
 {
-	if(!e) var e = window.event;
-	clearMessage();
-	var consume = false; 
-	var title = this.getAttribute("tiddler");
-	var target = resolveTarget(e);
-	switch(e.keyCode)
-		{
-		case 9: // Tab
-			if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
-				{
-				replaceSelection(target,String.fromCharCode(9));
-				consume = true; 
-				}
-			if(config.isOpera)
-				{
-				target.onblur = function()
-					{
-					this.focus();
-					this.onblur = null;
-					}
-				}
-			break;
-		case 13: // Ctrl-Enter
-		case 10: // Ctrl-Enter on IE PC
-		case 77: // Ctrl-Enter is "M" on some platforms
-			if(e.ctrlKey)
-				{
-				blurElement(this);
-				config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-				consume = true;
-				}
-			break; 
-		case 27: // Escape
-			blurElement(this);
-			config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
-			consume = true;
-			break;
-		}
-	e.cancelBubble = consume;
-	if(consume)
-		{
-		if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
-		e.returnValue = true; // Cancel The Event in IE
-		if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
-		}
-	return(!consume);
+    if(!e) var e = window.event;
+    clearMessage();
+    var consume = false;
+    var title = this.getAttribute("tiddler");
+    var target = resolveTarget(e);
+    switch(e.keyCode)
+        {
+        case 9: // Tab
+            if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+                {
+                replaceSelection(target,String.fromCharCode(9));
+                consume = true;
+                }
+            if(config.isOpera)
+                {
+                target.onblur = function()
+                    {
+                    this.focus();
+                    this.onblur = null;
+                    }
+                }
+            break;
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+        case 77: // Ctrl-Enter is "M" on some platforms
+            if(e.ctrlKey)
+                {
+                blurElement(this);
+                config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+                consume = true;
+                }
+            break;
+        case 27: // Escape
+            blurElement(this);
+            config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+            consume = true;
+            break;
+        }
+    e.cancelBubble = consume;
+    if(consume)
+        {
+        if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+        e.returnValue = true; // Cancel The Event in IE
+        if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+        }
+    return(!consume);
 };
 
 // Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
 // or null if it found no edit field at all
 Story.prototype.getTiddlerField = function(title,field)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	var e = null;
-	if(tiddlerElem != null)
-		{
-		var children = tiddlerElem.getElementsByTagName("*");
-		for (var t=0; t<children.length; t++)
-			{
-			var c = children[t];
-			if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
-				{
-				if(!e)
-					e = c;
-				if(c.getAttribute("edit") == field)
-					e = c;
-				}
-			}
-		}
-	return e;
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    var e = null;
+    if(tiddlerElem != null)
+        {
+        var children = tiddlerElem.getElementsByTagName("*");
+        for (var t=0; t<children.length; t++)
+            {
+            var c = children[t];
+            if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+                {
+                if(!e)
+                    e = c;
+                if(c.getAttribute("edit") == field)
+                    e = c;
+                }
+            }
+        }
+    return e;
 }
 
 // Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
 Story.prototype.focusTiddler = function(title,field)
 {
-	var e = this.getTiddlerField(title,field);
-	if(e)
-		{
-		e.focus();
-		e.select();
-		}
+    var e = this.getTiddlerField(title,field);
+    if(e)
+        {
+        e.focus();
+        e.select();
+        }
 }
 
 // Ensures that a specified tiddler does not have the focus
 Story.prototype.blurTiddler = function(title)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
-		{
-		tiddlerElem.focus();
-		tiddlerElem.blur();
-		}
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+        {
+        tiddlerElem.focus();
+        tiddlerElem.blur();
+        }
 }
 
 // Adds a specified value to the edit controls (if any) of a particular
@@ -4024,17 +4024,17 @@
 //  field - name of field (eg "tags")
 Story.prototype.setTiddlerField = function(title,tag,mode,field)
 {
-	var c = story.getTiddlerField(title,field);
+    var c = story.getTiddlerField(title,field);
 
-	var tags = c.value.readBracketedList();
-	tags.setItem(tag,mode);
-	c.value = String.encodeTiddlyLinkList(tags);
+    var tags = c.value.readBracketedList();
+    tags.setItem(tag,mode);
+    c.value = String.encodeTiddlyLinkList(tags);
 }
 
 // The same as setTiddlerField but preset to the "tags" field
 Story.prototype.setTiddlerTag = function(title,tag,mode)
 {
-	Story.prototype.setTiddlerField(title,tag,mode,"tags");
+    Story.prototype.setTiddlerField(title,tag,mode,"tags");
 }
 
 // Close a specified tiddler
@@ -4043,16 +4043,16 @@
 // slowly - whether to perform animations in slomo
 Story.prototype.closeTiddler = function(title,animate,slowly)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		{
-		clearMessage();
-		this.scrubTiddler(tiddlerElem);
-		if(anim && config.options.chkAnimate && animate)
-			anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
-		else
-			tiddlerElem.parentNode.removeChild(tiddlerElem);
-		}
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        clearMessage();
+        this.scrubTiddler(tiddlerElem);
+        if(anim && config.options.chkAnimate && animate)
+            anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+        else
+            tiddlerElem.parentNode.removeChild(tiddlerElem);
+        }
 }
 
 // Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
@@ -4060,7 +4060,7 @@
 // tiddler - reference to the tiddler element
 Story.prototype.scrubTiddler = function(tiddlerElem)
 {
-	tiddlerElem.id = null;
+    tiddlerElem.id = null;
 }
 
 // Set the 'dirty' flag of a tiddler
@@ -4068,47 +4068,47 @@
 // dirty - new boolean status of flag
 Story.prototype.setDirty = function(title,dirty)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
 }
 
 // Is a particular tiddler dirty (with unsaved changes)?
 Story.prototype.isDirty = function(title)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		return tiddlerElem.getAttribute("dirty") == "true";
-	return null;
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        return tiddlerElem.getAttribute("dirty") == "true";
+    return null;
 }
 
 // Determine whether any open tiddler are dirty
 Story.prototype.areAnyDirty = function()
 {
-	var r = false;
-	this.forEachTiddler(function(title,element) {
-		if(this.isDirty(title))
-			r = true;
-		});
-	return r;
+    var r = false;
+    this.forEachTiddler(function(title,element) {
+        if(this.isDirty(title))
+            r = true;
+        });
+    return r;
 }
 
 // Close all tiddlers in the story
 Story.prototype.closeAllTiddlers = function(exclude)
 {
-	clearMessage();
-	this.forEachTiddler(function(title,element) {
-		if((title != exclude) && element.getAttribute("dirty") != "true")
-			this.closeTiddler(title);
-		});
-	window.scrollTo(0,0);
+    clearMessage();
+    this.forEachTiddler(function(title,element) {
+        if((title != exclude) && element.getAttribute("dirty") != "true")
+            this.closeTiddler(title);
+        });
+    window.scrollTo(0,0);
 }
 
 // Check if there are any tiddlers in the story
 Story.prototype.isEmpty = function()
 {
-	var place = document.getElementById(this.container);
-	return(place && place.firstChild == null);
+    var place = document.getElementById(this.container);
+    return(place && place.firstChild == null);
 }
 
 // Perform a search and display the result
@@ -4117,19 +4117,19 @@
 // useRegExp - true to interpret text as a RegExp
 Story.prototype.search = function(text,useCaseSensitive,useRegExp)
 {
-	this.closeAllTiddlers();
-	highlightHack = new RegExp(useRegExp ?	 text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
-	var matches = store.search(highlightHack,"title","excludeSearch");
-	var titles = [];
-	for(var t=matches.length-1; t>=0; t--)
-		titles.push(matches[t].title);
-	this.displayTiddlers(null,titles);
-	highlightHack = null;
-	var q = useRegExp ? "/" : "'";
-	if(matches.length > 0)
-		displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
-	else
-		displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+    this.closeAllTiddlers();
+    highlightHack = new RegExp(useRegExp ?   text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+    var matches = store.search(highlightHack,"title","excludeSearch");
+    var titles = [];
+    for(var t=matches.length-1; t>=0; t--)
+        titles.push(matches[t].title);
+    this.displayTiddlers(null,titles);
+    highlightHack = null;
+    var q = useRegExp ? "/" : "'";
+    if(matches.length > 0)
+        displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+    else
+        displayMessage(config.macros.search.failureMsg.format([q + text + q]));
 }
 
 // Determine if the specified element is within a tiddler in this story
@@ -4137,9 +4137,9 @@
 // returns: reference to a tiddler element or null if none
 Story.prototype.findContainingTiddler = function(e)
 {
-	while(e && !hasClass(e,"tiddler"))
-		e = e.parentNode;
-	return(e);
+    while(e && !hasClass(e,"tiddler"))
+        e = e.parentNode;
+    return(e);
 }
 
 // Gather any saveable fields from a tiddler element
@@ -4147,37 +4147,37 @@
 // fields - object to contain gathered field values
 Story.prototype.gatherSaveFields = function(e,fields)
 {
-	if(e && e.getAttribute)
-		{
-		var f = e.getAttribute("edit");
-		if(f)
-			fields[f] = e.value.replace(/\r/mg,"");;
-		if(e.hasChildNodes())
-			{
-			var c = e.childNodes;
-			for(var t=0; t<c.length; t++)
-				this.gatherSaveFields(c[t],fields)
-			}
-		}
+    if(e && e.getAttribute)
+        {
+        var f = e.getAttribute("edit");
+        if(f)
+            fields[f] = e.value.replace(/\r/mg,"");;
+        if(e.hasChildNodes())
+            {
+            var c = e.childNodes;
+            for(var t=0; t<c.length; t++)
+                this.gatherSaveFields(c[t],fields)
+            }
+        }
 }
 
 // Determine whether a tiddler has any edit fields, and if so if their values have been changed
 // title - name of tiddler
 Story.prototype.hasChanges = function(title)
 {
-	var e = document.getElementById(this.idPrefix + title);
-	if(e != null)
-		{
-		var fields = {};
-		this.gatherSaveFields(e,fields);
-		var tiddler = store.fetchTiddler(title);
-		if (!tiddler)
-			return false;
-		for(var n in fields)
-			if (store.getValue(title,n) != fields[n])
-				return true;
-		}
-	return false;
+    var e = document.getElementById(this.idPrefix + title);
+    if(e != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(e,fields);
+        var tiddler = store.fetchTiddler(title);
+        if (!tiddler)
+            return false;
+        for(var n in fields)
+            if (store.getValue(title,n) != fields[n])
+                return true;
+        }
+    return false;
 }
 
 // Save any open edit fields of a tiddler and updates the display as necessary
@@ -4186,48 +4186,48 @@
 // returns: title of saved tiddler, or null if not saved
 Story.prototype.saveTiddler = function(title,minorUpdate)
 {
-	var tiddlerElem = document.getElementById(this.idPrefix + title);
-	if(tiddlerElem != null)
-		{
-		var fields = {};
-		this.gatherSaveFields(tiddlerElem,fields);
-		var newTitle = fields.title ? fields.title : title;
-		if(store.tiddlerExists(newTitle) && newTitle != title)
-			{
-			if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
-				this.closeTiddler(newTitle,false,false);
-			else
-				return null;
-			}
-		tiddlerElem.id = this.idPrefix + newTitle;
-		tiddlerElem.setAttribute("tiddler",newTitle);
-		tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
-		tiddlerElem.setAttribute("dirty","false");
-		if(config.options.chkForceMinorUpdate)
-			minorUpdate = !minorUpdate;
-		var newDate = new Date();
-		store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
-		for (var n in fields) 
-			if (!TiddlyWiki.isStandardField(n))
-				store.setValue(newTitle,n,fields[n]);
-		if(config.options.chkAutoSave)
-			saveChanges();
-		return newTitle;
-		}
-	return null;
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(tiddlerElem,fields);
+        var newTitle = fields.title ? fields.title : title;
+        if(store.tiddlerExists(newTitle) && newTitle != title)
+            {
+            if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+                this.closeTiddler(newTitle,false,false);
+            else
+                return null;
+            }
+        tiddlerElem.id = this.idPrefix + newTitle;
+        tiddlerElem.setAttribute("tiddler",newTitle);
+        tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+        tiddlerElem.setAttribute("dirty","false");
+        if(config.options.chkForceMinorUpdate)
+            minorUpdate = !minorUpdate;
+        var newDate = new Date();
+        store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+        for (var n in fields)
+            if (!TiddlyWiki.isStandardField(n))
+                store.setValue(newTitle,n,fields[n]);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        return newTitle;
+        }
+    return null;
 }
 
 Story.prototype.permaView = function()
 {
-	var links = [];
-	this.forEachTiddler(function(title,element) {
-		links.push(String.encodeTiddlyLink(title));
-		});
-	var t = encodeURIComponent(links.join(" "));
-	if(t == "")
-		t = "#";
-	if(window.location.hash != t)
-		window.location.hash = t;
+    var links = [];
+    this.forEachTiddler(function(title,element) {
+        links.push(String.encodeTiddlyLink(title));
+        });
+    var t = encodeURIComponent(links.join(" "));
+    if(t == "")
+        t = "#";
+    if(window.location.hash != t)
+        window.location.hash = t;
 }
 
 // ---------------------------------------------------------------------------------
@@ -4236,45 +4236,45 @@
 
 function getMessageDiv()
 {
-	var msgArea = document.getElementById("messageArea");
-	if(!msgArea)
-		return null;
-	if(!msgArea.hasChildNodes())
-		createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
-			config.messages.messageClose.text,
-			config.messages.messageClose.tooltip,
-			clearMessage);
-	msgArea.style.display = "block";
-	return createTiddlyElement(msgArea,"div");
+    var msgArea = document.getElementById("messageArea");
+    if(!msgArea)
+        return null;
+    if(!msgArea.hasChildNodes())
+        createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+            config.messages.messageClose.text,
+            config.messages.messageClose.tooltip,
+            clearMessage);
+    msgArea.style.display = "block";
+    return createTiddlyElement(msgArea,"div");
 }
 
 function displayMessage(text,linkText)
 {
-	var e = getMessageDiv();
-	if(!e)
-		{
-		alert(text);
-		return;
-		}
-	if(linkText)
-		{
-		var link = createTiddlyElement(e,"a",null,null,text);
-		link.href = linkText;
-		link.target = "_blank";
-		}
-	else
-		e.appendChild(document.createTextNode(text));
+    var e = getMessageDiv();
+    if(!e)
+        {
+        alert(text);
+        return;
+        }
+    if(linkText)
+        {
+        var link = createTiddlyElement(e,"a",null,null,text);
+        link.href = linkText;
+        link.target = "_blank";
+        }
+    else
+        e.appendChild(document.createTextNode(text));
 }
 
 function clearMessage()
 {
-	var msgArea = document.getElementById("messageArea");
-	if(msgArea)
-		{
-		removeChildren(msgArea);
-		msgArea.style.display = "none";
-		}
-	return false;
+    var msgArea = document.getElementById("messageArea");
+    if(msgArea)
+        {
+        removeChildren(msgArea);
+        msgArea.style.display = "none";
+        }
+    return false;
 }
 
 // ---------------------------------------------------------------------------------
@@ -4282,157 +4282,157 @@
 // ---------------------------------------------------------------------------------
 
 config.refreshers = {
-	link: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddlyLink");
-		refreshTiddlyLink(e,title);
-		return true;
-		},
-	
-	tiddler: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddler");
-		var template = e.getAttribute("template");
-		if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
-			story.refreshTiddler(title,template,true);
-		else
-			refreshElements(e,changeList);
-		return true;
-		},
-
-	content: function(e,changeList)
-		{
-		var title = e.getAttribute("tiddler");
-		var force = e.getAttribute("force");
-		if(force != null || changeList == null || changeList.indexOf(title) != -1)
-			{
-			removeChildren(e);
-			wikify(store.getTiddlerText(title,title),e);
-			return true;
-			}
-		else
-			return false;
-		},
-
-	macro: function(e,changeList)
-		{
-		var macro = e.getAttribute("macroName");
-		var params = e.getAttribute("params");
-		if(macro)
-			macro = config.macros[macro];
-		if(macro && macro.refresh)
-			macro.refresh(e,params);
-		return true;
-		}
+    link: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddlyLink");
+        refreshTiddlyLink(e,title);
+        return true;
+        },
+
+    tiddler: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var template = e.getAttribute("template");
+        if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+            story.refreshTiddler(title,template,true);
+        else
+            refreshElements(e,changeList);
+        return true;
+        },
+
+    content: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var force = e.getAttribute("force");
+        if(force != null || changeList == null || changeList.indexOf(title) != -1)
+            {
+            removeChildren(e);
+            wikify(store.getTiddlerText(title,title),e);
+            return true;
+            }
+        else
+            return false;
+        },
+
+    macro: function(e,changeList)
+        {
+        var macro = e.getAttribute("macroName");
+        var params = e.getAttribute("params");
+        if(macro)
+            macro = config.macros[macro];
+        if(macro && macro.refresh)
+            macro.refresh(e,params);
+        return true;
+        }
 };
 
 function refreshElements(root,changeList)
 {
-	var nodes = root.childNodes;
-	for(var c=0; c<nodes.length; c++)
-		{
-		var e = nodes[c],type;
-		if(e.getAttribute)
-			type = e.getAttribute("refresh");
-		else
-			type = null;
-		var refresher = config.refreshers[type];
-		var refreshed = false;
-		if(refresher != undefined)
-			refreshed = refresher(e,changeList);
-		if(e.hasChildNodes() && !refreshed)
-			refreshElements(e,changeList);
-		}
+    var nodes = root.childNodes;
+    for(var c=0; c<nodes.length; c++)
+        {
+        var e = nodes[c],type;
+        if(e.getAttribute)
+            type = e.getAttribute("refresh");
+        else
+            type = null;
+        var refresher = config.refreshers[type];
+        var refreshed = false;
+        if(refresher != undefined)
+            refreshed = refresher(e,changeList);
+        if(e.hasChildNodes() && !refreshed)
+            refreshElements(e,changeList);
+        }
 }
 
 function applyHtmlMacros(root,tiddler)
 {
-	var e = root.firstChild;
-	while(e)
-		{
-		var nextChild = e.nextSibling;
-		if(e.getAttribute)
-			{
-			var macro = e.getAttribute("macro");
-			if(macro)
-				{
-				var params = "";
-				var p = macro.indexOf(" ");
-				if(p != -1)
-					{
-					params = macro.substr(p+1);
-					macro = macro.substr(0,p);
-					}
-				invokeMacro(e,macro,params,null,tiddler);
-				}
-			}
-		if(e.hasChildNodes())
-			applyHtmlMacros(e,tiddler);
-		e = nextChild;
-		}
+    var e = root.firstChild;
+    while(e)
+        {
+        var nextChild = e.nextSibling;
+        if(e.getAttribute)
+            {
+            var macro = e.getAttribute("macro");
+            if(macro)
+                {
+                var params = "";
+                var p = macro.indexOf(" ");
+                if(p != -1)
+                    {
+                    params = macro.substr(p+1);
+                    macro = macro.substr(0,p);
+                    }
+                invokeMacro(e,macro,params,null,tiddler);
+                }
+            }
+        if(e.hasChildNodes())
+            applyHtmlMacros(e,tiddler);
+        e = nextChild;
+        }
 }
 
 function refreshPageTemplate(title)
 {
-	var stash = createTiddlyElement(document.body,"div");
-	stash.style.display = "none";
-	var display = document.getElementById("tiddlerDisplay");
-	var nodes,t;
-	if(display)
-		{
-		nodes = display.childNodes;
-		for(t=nodes.length-1; t>=0; t--)
-			stash.appendChild(nodes[t]);
-		}
-	var wrapper = document.getElementById("contentWrapper");
-	if(!title)
-		title = "PageTemplate";
-	var html = store.getRecursiveTiddlerText(title,null,10);
-	wrapper.innerHTML = html;
-	applyHtmlMacros(wrapper);
-	refreshElements(wrapper);
-	display = document.getElementById("tiddlerDisplay");
-	removeChildren(display);
-	if(!display)
-		display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
-	nodes = stash.childNodes;
-	for(t=nodes.length-1; t>=0; t--)
-		display.appendChild(nodes[t]);
-	stash.parentNode.removeChild(stash);
+    var stash = createTiddlyElement(document.body,"div");
+    stash.style.display = "none";
+    var display = document.getElementById("tiddlerDisplay");
+    var nodes,t;
+    if(display)
+        {
+        nodes = display.childNodes;
+        for(t=nodes.length-1; t>=0; t--)
+            stash.appendChild(nodes[t]);
+        }
+    var wrapper = document.getElementById("contentWrapper");
+    if(!title)
+        title = "PageTemplate";
+    var html = store.getRecursiveTiddlerText(title,null,10);
+    wrapper.innerHTML = html;
+    applyHtmlMacros(wrapper);
+    refreshElements(wrapper);
+    display = document.getElementById("tiddlerDisplay");
+    removeChildren(display);
+    if(!display)
+        display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+    nodes = stash.childNodes;
+    for(t=nodes.length-1; t>=0; t--)
+        display.appendChild(nodes[t]);
+    stash.parentNode.removeChild(stash);
 }
 
 function refreshDisplay(hint)
 {
-	var e = document.getElementById("contentWrapper");
-	if(typeof hint == "string")
-		hint = [hint];
-	refreshElements(e,hint);
+    var e = document.getElementById("contentWrapper");
+    if(typeof hint == "string")
+        hint = [hint];
+    refreshElements(e,hint);
 }
 
 function refreshPageTitle()
 {
-	document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+    document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
 }
 
 function refreshStyles(title)
 {
-	setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+    setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
 }
 
 function refreshColorPalette(title)
 {
-	if(!startingUp)
-		refreshAll();
+    if(!startingUp)
+        refreshAll();
 }
 
 function refreshAll()
 {
-	refreshPageTemplate();
-	refreshDisplay();
-	refreshStyles("StyleSheetLayout");
-	refreshStyles("StyleSheetColors");
-	refreshStyles("StyleSheet");
-	refreshStyles("StyleSheetPrint");
+    refreshPageTemplate();
+    refreshDisplay();
+    refreshStyles("StyleSheetLayout");
+    refreshStyles("StyleSheetColors");
+    refreshStyles("StyleSheet");
+    refreshStyles("StyleSheetPrint");
 }
 
 // ---------------------------------------------------------------------------------
@@ -4441,45 +4441,45 @@
 
 function loadOptionsCookie()
 {
-	if(safeMode)
-		return;
-	var cookies = document.cookie.split(";");
-	for(var c=0; c<cookies.length; c++)
-		{
-		var p = cookies[c].indexOf("=");
-		if(p != -1)
-			{
-			var name = cookies[c].substr(0,p).trim();
-			var value = cookies[c].substr(p+1).trim();
-			switch(name.substr(0,3))
-				{
-				case "txt":
-					config.options[name] = unescape(value);
-					break;
-				case "chk":
-					config.options[name] = value == "true";
-					break;
-				}
-			}
-		}
+    if(safeMode)
+        return;
+    var cookies = document.cookie.split(";");
+    for(var c=0; c<cookies.length; c++)
+        {
+        var p = cookies[c].indexOf("=");
+        if(p != -1)
+            {
+            var name = cookies[c].substr(0,p).trim();
+            var value = cookies[c].substr(p+1).trim();
+            switch(name.substr(0,3))
+                {
+                case "txt":
+                    config.options[name] = unescape(value);
+                    break;
+                case "chk":
+                    config.options[name] = value == "true";
+                    break;
+                }
+            }
+        }
 }
 
 function saveOptionCookie(name)
 {
-	if(safeMode)
-		return;
-	var c = name + "=";
-	switch(name.substr(0,3))
-		{
-		case "txt":
-			c += escape(config.options[name].toString());
-			break;
-		case "chk":
-			c += config.options[name] ? "true" : "false";
-			break;
-		}
-	c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
-	document.cookie = c;
+    if(safeMode)
+        return;
+    var c = name + "=";
+    switch(name.substr(0,3))
+        {
+        case "txt":
+            c += escape(config.options[name].toString());
+            break;
+        case "chk":
+            c += config.options[name] ? "true" : "false";
+            break;
+        }
+    c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+    document.cookie = c;
 }
 
 // ---------------------------------------------------------------------------------
@@ -4494,471 +4494,471 @@
 // If there are unsaved changes, force the user to confirm before exitting
 function confirmExit()
 {
-	hadConfirmExit = true;
-	if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
-		return config.messages.confirmExit;
+    hadConfirmExit = true;
+    if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+        return config.messages.confirmExit;
 }
 
 // Give the user a chance to save changes before exitting
 function checkUnsavedChanges()
 {
-	if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
-		{
-		if(confirm(config.messages.unsavedChangesWarning))
-			saveChanges();
-		}
+    if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+        {
+        if(confirm(config.messages.unsavedChangesWarning))
+            saveChanges();
+        }
 }
 
 function updateMarkupBlock(s,blockName,tiddlerName)
 {
-	return s.replaceChunk(
-			"<!--%0-START-->".format([blockName]),
-			"<!--%0-END-->".format([blockName]),
-			"\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+    return s.replaceChunk(
+            "<!--%0-START-->".format([blockName]),
+            "<!--%0-END-->".format([blockName]),
+            "\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
 }
 
 // Save this tiddlywiki with the pending changes
 function saveChanges(onlyIfDirty)
 {
-	if(onlyIfDirty && !store.isDirty())
-		return;
-	clearMessage();
-	// Get the URL of the document
-	var originalPath = document.location.toString();
-	// Check we were loaded from a file URL
-	if(originalPath.substr(0,5) != "file:")
-		{
-		alert(config.messages.notFileUrlError);
-		if(store.tiddlerExists(config.messages.saveInstructions))
-			story.displayTiddler(null,config.messages.saveInstructions);
-		return;
-		}
-	var localPath = getLocalPath(originalPath);
-	// Load the original file
-	var original = loadFile(localPath);
-	if(original == null)
-		{
-		alert(config.messages.cantSaveError);
-		if(store.tiddlerExists(config.messages.saveInstructions))
-			story.displayTiddler(null,config.messages.saveInstructions);
-		return;
-		}
-	// Locate the storeArea div's
-	var posOpeningDiv = original.indexOf(startSaveArea);
-	var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
-	var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
-	if((posOpeningDiv == -1) || (posClosingDiv == -1))
-		{
-		alert(config.messages.invalidFileError.format([localPath]));
-		return;
-		}
-	// Save the backup
-	if(config.options.chkSaveBackups)
-		{
-		var backupPath = getBackupPath(localPath);
-		var backup = saveFile(backupPath,original);
-		if(backup)
-			displayMessage(config.messages.backupSaved,"file://" + backupPath);
-		else
-			alert(config.messages.backupFailed);
-		}
-	// Save Rss
-	if(config.options.chkGenerateAnRssFeed)
-		{
-		var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
-		var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
-		if(rssSave)
-			displayMessage(config.messages.rssSaved,"file://" + rssPath);
-		else
-			alert(config.messages.rssFailed);
-		}
-	// Save empty template
-	if(config.options.chkSaveEmptyTemplate)
-		{
-		var emptyPath,p;
-		if((p = localPath.lastIndexOf("/")) != -1)
-			emptyPath = localPath.substr(0,p) + "/empty.html";
-		else if((p = localPath.lastIndexOf("\\")) != -1)
-			emptyPath = localPath.substr(0,p) + "\\empty.html";
-		else
-			emptyPath = localPath + ".empty.html";
-		var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
-		var emptySave = saveFile(emptyPath,empty);
-		if(emptySave)
-			displayMessage(config.messages.emptySaved,"file://" + emptyPath);
-		else
-			alert(config.messages.emptyFailed);
-		}
-	var save;
-	try 
-		{
-		// Save new file
-		var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
-					convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
-					original.substr(posClosingDiv);
-		var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
-		revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
-		revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
-		revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
-		revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
-		revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
-		save = saveFile(localPath,revised);
-		}
-	catch (e) 
-		{
-		showException(e);
-		}
-	if(save)
-		{
-		displayMessage(config.messages.mainSaved,"file://" + localPath);
-		store.setDirty(false);
-		}
-	else
-		alert(config.messages.mainFailed);
+    if(onlyIfDirty && !store.isDirty())
+        return;
+    clearMessage();
+    // Get the URL of the document
+    var originalPath = document.location.toString();
+    // Check we were loaded from a file URL
+    if(originalPath.substr(0,5) != "file:")
+        {
+        alert(config.messages.notFileUrlError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    var localPath = getLocalPath(originalPath);
+    // Load the original file
+    var original = loadFile(localPath);
+    if(original == null)
+        {
+        alert(config.messages.cantSaveError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    // Locate the storeArea div's
+    var posOpeningDiv = original.indexOf(startSaveArea);
+    var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([localPath]));
+        return;
+        }
+    // Save the backup
+    if(config.options.chkSaveBackups)
+        {
+        var backupPath = getBackupPath(localPath);
+        var backup = saveFile(backupPath,original);
+        if(backup)
+            displayMessage(config.messages.backupSaved,"file://" + backupPath);
+        else
+            alert(config.messages.backupFailed);
+        }
+    // Save Rss
+    if(config.options.chkGenerateAnRssFeed)
+        {
+        var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+        var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+        if(rssSave)
+            displayMessage(config.messages.rssSaved,"file://" + rssPath);
+        else
+            alert(config.messages.rssFailed);
+        }
+    // Save empty template
+    if(config.options.chkSaveEmptyTemplate)
+        {
+        var emptyPath,p;
+        if((p = localPath.lastIndexOf("/")) != -1)
+            emptyPath = localPath.substr(0,p) + "/empty.html";
+        else if((p = localPath.lastIndexOf("\\")) != -1)
+            emptyPath = localPath.substr(0,p) + "\\empty.html";
+        else
+            emptyPath = localPath + ".empty.html";
+        var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+        var emptySave = saveFile(emptyPath,empty);
+        if(emptySave)
+            displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+        else
+            alert(config.messages.emptyFailed);
+        }
+    var save;
+    try
+        {
+        // Save new file
+        var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+                    convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+                    original.substr(posClosingDiv);
+        var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+        revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+        revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+        revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+        revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+        revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+        save = saveFile(localPath,revised);
+        }
+    catch (e)
+        {
+        showException(e);
+        }
+    if(save)
+        {
+        displayMessage(config.messages.mainSaved,"file://" + localPath);
+        store.setDirty(false);
+        }
+    else
+        alert(config.messages.mainFailed);
 }
 
 function getLocalPath(originalPath)
 {
-	// Remove any location or query part of the URL
-	var argPos = originalPath.indexOf("?");
-	if(argPos != -1)
-		originalPath = originalPath.substr(0,argPos);
-	var hashPos = originalPath.indexOf("#");
-	if(hashPos != -1)
-		originalPath = originalPath.substr(0,hashPos);
-	// Convert file://localhost/ to file:///
-	if(originalPath.indexOf("file://localhost/") == 0)
-		originalPath = "file://" + originalPath.substr(16);
-	// Convert to a native file format assuming
-	// "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
-	// "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
-	// "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
-	// "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
-	var localPath;
-	if(originalPath.charAt(9) == ":") // pc local file
-		localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
-	else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
-		localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
-	else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
-		localPath = unescape(originalPath.substr(7));
-	else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
-		localPath = unescape(originalPath.substr(5));
-	else // pc network file
-		localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
-	return localPath;
+    // Remove any location or query part of the URL
+    var argPos = originalPath.indexOf("?");
+    if(argPos != -1)
+        originalPath = originalPath.substr(0,argPos);
+    var hashPos = originalPath.indexOf("#");
+    if(hashPos != -1)
+        originalPath = originalPath.substr(0,hashPos);
+    // Convert file://localhost/ to file:///
+    if(originalPath.indexOf("file://localhost/") == 0)
+        originalPath = "file://" + originalPath.substr(16);
+    // Convert to a native file format assuming
+    // "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+    // "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+    // "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+    // "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+    var localPath;
+    if(originalPath.charAt(9) == ":") // pc local file
+        localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(7));
+    else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(5));
+    else // pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+    return localPath;
 }
 
 function getBackupPath(localPath)
 {
-	var backSlash = true;
-	var dirPathPos = localPath.lastIndexOf("\\");
-	if(dirPathPos == -1)
-		{
-		dirPathPos = localPath.lastIndexOf("/");
-		backSlash = false;
-		}
-	var backupFolder = config.options.txtBackupFolder;
-	if(!backupFolder || backupFolder == "")
-		backupFolder = ".";
-	var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
-	backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
-	return backupPath;
+    var backSlash = true;
+    var dirPathPos = localPath.lastIndexOf("\\");
+    if(dirPathPos == -1)
+        {
+        dirPathPos = localPath.lastIndexOf("/");
+        backSlash = false;
+        }
+    var backupFolder = config.options.txtBackupFolder;
+    if(!backupFolder || backupFolder == "")
+        backupFolder = ".";
+    var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+    backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+    return backupPath;
 }
 
 function generateRss()
 {
-	var s = [];
-	var d = new Date();
-	var u = store.getTiddlerText("SiteUrl");
-	// Assemble the header
-	s.push("<" + "?xml version=\"1.0\"?" + ">");
-	s.push("<rss version=\"2.0\">");
-	s.push("<channel>");
-	s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
-	if(u)
-		s.push("<link>" + u.htmlEncode() + "</link>");
-	s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
-	s.push("<language>en-us</language>");
-	s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
-	s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
-	s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
-	s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
-	s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
-	// The body
-	var tiddlers = store.getTiddlers("modified","excludeLists");
-	var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
-	for (var t=tiddlers.length-1; t>=n; t--)
-		s.push(tiddlers[t].saveToRss(u));
-	// And footer
-	s.push("</channel>");
-	s.push("</rss>");
-	// Save it all
-	return s.join("\n");
+    var s = [];
+    var d = new Date();
+    var u = store.getTiddlerText("SiteUrl");
+    // Assemble the header
+    s.push("<" + "?xml version=\"1.0\"?" + ">");
+    s.push("<rss version=\"2.0\">");
+    s.push("<channel>");
+    s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+    if(u)
+        s.push("<link>" + u.htmlEncode() + "</link>");
+    s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+    s.push("<language>en-us</language>");
+    s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+    s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+    s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+    s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+    s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+    // The body
+    var tiddlers = store.getTiddlers("modified","excludeLists");
+    var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+    for (var t=tiddlers.length-1; t>=n; t--)
+        s.push(tiddlers[t].saveToRss(u));
+    // And footer
+    s.push("</channel>");
+    s.push("</rss>");
+    // Save it all
+    return s.join("\n");
 }
 
 
 // UTF-8 encoding rules:
-// 0x0000 - 0x007F:	0xxxxxxx
-// 0x0080 - 0x07FF:	110xxxxx 10xxxxxx
-// 0x0800 - 0xFFFF:	1110xxxx 10xxxxxx 10xxxxxx
+// 0x0000 - 0x007F: 0xxxxxxx
+// 0x0080 - 0x07FF: 110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF: 1110xxxx 10xxxxxx 10xxxxxx
 
 function convertUTF8ToUnicode(u)
 {
-	if(window.netscape == undefined)
-		return manualConvertUTF8ToUnicode(u);
-	else
-		return mozConvertUTF8ToUnicode(u);
+    if(window.netscape == undefined)
+        return manualConvertUTF8ToUnicode(u);
+    else
+        return mozConvertUTF8ToUnicode(u);
 }
 
 function manualConvertUTF8ToUnicode(utf)
 {
-	var uni = utf;
-	var src = 0;
-	var dst = 0;
-	var b1, b2, b3;
-	var c;
-	while(src < utf.length)
-		{
-		b1 = utf.charCodeAt(src++);
-		if(b1 < 0x80)
-			dst++;
-		else if(b1 < 0xE0)
-			{
-			b2 = utf.charCodeAt(src++);
-			c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
-			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-			}
-		else
-			{
-			b2 = utf.charCodeAt(src++);
-			b3 = utf.charCodeAt(src++);
-			c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
-			uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-			}
-	}
-	return(uni);
+    var uni = utf;
+    var src = 0;
+    var dst = 0;
+    var b1, b2, b3;
+    var c;
+    while(src < utf.length)
+        {
+        b1 = utf.charCodeAt(src++);
+        if(b1 < 0x80)
+            dst++;
+        else if(b1 < 0xE0)
+            {
+            b2 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+        else
+            {
+            b2 = utf.charCodeAt(src++);
+            b3 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+    }
+    return(uni);
 }
 
 function mozConvertUTF8ToUnicode(u)
 {
-	try
-		{
-		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-		converter.charset = "UTF-8";
-		}
-	catch(e)
-		{
-		return manualConvertUTF8ToUnicode(u);
-		} // fallback
-	var s = converter.ConvertToUnicode(u);
-	var fin = converter.Finish();
-	return (fin.length > 0) ? s+fin : s;
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUTF8ToUnicode(u);
+        } // fallback
+    var s = converter.ConvertToUnicode(u);
+    var fin = converter.Finish();
+    return (fin.length > 0) ? s+fin : s;
 }
 
 function convertUnicodeToUTF8(s)
 {
-	if(window.netscape == undefined)
-		return manualConvertUnicodeToUTF8(s);
-	else
-		return mozConvertUnicodeToUTF8(s);
+    if(window.netscape == undefined)
+        return manualConvertUnicodeToUTF8(s);
+    else
+        return mozConvertUnicodeToUTF8(s);
 }
 
 function manualConvertUnicodeToUTF8(s)
 {
-	var re = /[^\u0000-\u007F]/g ;
-	return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+    var re = /[^\u0000-\u007F]/g ;
+    return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
 }
 
 function mozConvertUnicodeToUTF8(s)
 {
-	try
-		{
-		netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-		var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-		converter.charset = "UTF-8";
-		}
-	catch(e)
-		{
-		return manualConvertUnicodeToUTF8(s);
-		} // fallback
-	var u = converter.ConvertFromUnicode(s);
-	var fin = converter.Finish();
-	if(fin.length > 0)
-		return u + fin;
-	else
-		return u;
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUnicodeToUTF8(s);
+        } // fallback
+    var u = converter.ConvertFromUnicode(s);
+    var fin = converter.Finish();
+    if(fin.length > 0)
+        return u + fin;
+    else
+        return u;
 }
 
 function saveFile(fileUrl, content)
 {
-	var r = null;
-	if((r == null) || (r == false))
-		r = mozillaSaveFile(fileUrl, content);
-	if((r == null) || (r == false))
-		r = ieSaveFile(fileUrl, content);
-	if((r == null) || (r == false))
-		r = javaSaveFile(fileUrl, content);
-	return(r);
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = ieSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = javaSaveFile(fileUrl, content);
+    return(r);
 }
 
 function loadFile(fileUrl)
 {
-	var r = null;
-	if((r == null) || (r == false))
-		r = mozillaLoadFile(fileUrl);
-	if((r == null) || (r == false))
-		r = ieLoadFile(fileUrl);
-	if((r == null) || (r == false))
-		r = javaLoadFile(fileUrl);
-	return(r);
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = ieLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = javaLoadFile(fileUrl);
+    return(r);
 }
 
 // Returns null if it can't do it, false if there's an error, true if it saved OK
 function ieSaveFile(filePath, content)
 {
-	try
-		{
-		var fso = new ActiveXObject("Scripting.FileSystemObject");
-		}
-	catch(e)
-		{
-		//alert("Exception while attempting to save\n\n" + e.toString());
-		return(null);
-		}
-	var file = fso.OpenTextFile(filePath,2,-1,0);
-	file.Write(content);
-	file.Close();
-	return(true);
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to save\n\n" + e.toString());
+        return(null);
+        }
+    var file = fso.OpenTextFile(filePath,2,-1,0);
+    file.Write(content);
+    file.Close();
+    return(true);
 }
 
 // Returns null if it can't do it, false if there's an error, or a string of the content if successful
 function ieLoadFile(filePath)
 {
-	try
-		{
-		var fso = new ActiveXObject("Scripting.FileSystemObject");
-		var file = fso.OpenTextFile(filePath,1);
-		var content = file.ReadAll();
-		file.Close();
-		}
-	catch(e)
-		{
-		//alert("Exception while attempting to load\n\n" + e.toString());
-		return(null);
-		}
-	return(content);
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        var file = fso.OpenTextFile(filePath,1);
+        var content = file.ReadAll();
+        file.Close();
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to load\n\n" + e.toString());
+        return(null);
+        }
+    return(content);
 }
 
 // Returns null if it can't do it, false if there's an error, true if it saved OK
 function mozillaSaveFile(filePath, content)
 {
-	if(window.Components)
-		try
-			{
-			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-			file.initWithPath(filePath);
-			if (!file.exists())
-				file.create(0, 0664);
-			var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
-			out.init(file, 0x20 | 0x02, 00004,null);
-			out.write(content, content.length);
-			out.flush();
-			out.close();
-			return(true);
-			}
-		catch(e)
-			{
-			//alert("Exception while attempting to save\n\n" + e);
-			return(false);
-			}
-	return(null);
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                file.create(0, 0664);
+            var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+            out.init(file, 0x20 | 0x02, 00004,null);
+            out.write(content, content.length);
+            out.flush();
+            out.close();
+            return(true);
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to save\n\n" + e);
+            return(false);
+            }
+    return(null);
 }
 
 // Returns null if it can't do it, false if there's an error, or a string of the content if successful
 function mozillaLoadFile(filePath)
 {
-	if(window.Components)
-		try
-			{
-			netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-			var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-			file.initWithPath(filePath);
-			if (!file.exists())
-				return(null);
-			var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
-			inputStream.init(file, 0x01, 00004, null);
-			var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
-			sInputStream.init(inputStream);
-			return(sInputStream.read(sInputStream.available()));
-			}
-		catch(e)
-			{
-			//alert("Exception while attempting to load\n\n" + e);
-			return(false);
-			}
-	return(null);
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                return(null);
+            var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+            inputStream.init(file, 0x01, 00004, null);
+            var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+            sInputStream.init(inputStream);
+            return(sInputStream.read(sInputStream.available()));
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to load\n\n" + e);
+            return(false);
+            }
+    return(null);
 }
 
 function javaUrlToFilename(url)
 {
-	var f = "//localhost";
-	if(url.indexOf(f) == 0)
-		return url.substring(f.length);
-	var i = url.indexOf(":");
-	if(i > 0)
-		return url.substring(i-1);
-	return url;
+    var f = "//localhost";
+    if(url.indexOf(f) == 0)
+        return url.substring(f.length);
+    var i = url.indexOf(":");
+    if(i > 0)
+        return url.substring(i-1);
+    return url;
 }
 
 function javaSaveFile(filePath, content)
 {
-	try
-		{
-		if(document.applets["TiddlySaver"])
-			return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
-		}
-	catch(e)
-		{
-		}
-	try
-		{
-		var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
-		s.print(content);
-		s.close();
-		}
-	catch(e)
-		{
-		return null;
-		}
-	return true;
+    try
+        {
+        if(document.applets["TiddlySaver"])
+            return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+        }
+    catch(e)
+        {
+        }
+    try
+        {
+        var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+        s.print(content);
+        s.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return true;
 }
 
 function javaLoadFile(filePath)
 {
-	try
-		{
-	if(document.applets["TiddlySaver"])
-		return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
-		}
-	catch(e)
-		{
-		}
-	var content = [];
-	try
-		{
-		var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
-		var line;
-		while ((line = r.readLine()) != null)
-			content.push(new String(line));
-		r.close();
-		}
-	catch(e)
-		{
-		return null;
-		}
-	return content.join("\n");
+    try
+        {
+    if(document.applets["TiddlySaver"])
+        return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+        }
+    catch(e)
+        {
+        }
+    var content = [];
+    try
+        {
+        var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+        var line;
+        while ((line = r.readLine()) != null)
+            content.push(new String(line));
+        r.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return content.join("\n");
 }
 
 
@@ -4979,53 +4979,53 @@
 //     xhr - the underlying XMLHttpRequest object
 function loadRemoteFile(url,callback,params)
 {
-	// Get an xhr object
-	var x;
-	try
-		{
-		x = new XMLHttpRequest(); // Modern
-		}
-	catch(e)
-		{
-		try
-			{
-			x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
-			}
-		catch (e)
-			{
-			return null;
-			}
-		}
-	// Install callback
-	x.onreadystatechange = function()
-		{
-		if (x.readyState == 4)
-			{
-			if ((x.status == 0 || x.status == 200) && callback)
-				{
-				callback(true,params,x.responseText,url,x);
-			}
-			else
-				callback(false,params,null,url,x);
-			}
-		}
-	// Send request
-	if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
-		window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
-	try
-		{
-		url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
-		x.open("GET",url,true);
-		if (x.overrideMimeType)
-			x.overrideMimeType("text/html");
-		x.send(null);
-		}
-	catch (e)
-		{
-		alert("Error in send " + e);
-		return null;
-		}
-	return x;
+    // Get an xhr object
+    var x;
+    try
+        {
+        x = new XMLHttpRequest(); // Modern
+        }
+    catch(e)
+        {
+        try
+            {
+            x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+            }
+        catch (e)
+            {
+            return null;
+            }
+        }
+    // Install callback
+    x.onreadystatechange = function()
+        {
+        if (x.readyState == 4)
+            {
+            if ((x.status == 0 || x.status == 200) && callback)
+                {
+                callback(true,params,x.responseText,url,x);
+            }
+            else
+                callback(false,params,null,url,x);
+            }
+        }
+    // Send request
+    if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+        window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+    try
+        {
+        url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+        x.open("GET",url,true);
+        if (x.overrideMimeType)
+            x.overrideMimeType("text/html");
+        x.send(null);
+        }
+    catch (e)
+        {
+        alert("Error in send " + e);
+        return null;
+        }
+    return x;
 }
 // ---------------------------------------------------------------------------------
 // TiddlyWiki-specific utility functions
@@ -5033,230 +5033,230 @@
 
 function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
 {
-	var theButton = document.createElement("a");
-	if(theAction)
-		{
-		theButton.onclick = theAction;
-		theButton.setAttribute("href","javascript:;");
-		}
-	if(theTooltip)
-		theButton.setAttribute("title",theTooltip);
-	if(theText)
-		theButton.appendChild(document.createTextNode(theText));
-	if(theClass)
-		theButton.className = theClass;
-	else
-		theButton.className = "button";
-	if(theId)
-		theButton.id = theId;
-	if(theParent)
-		theParent.appendChild(theButton);
-	if(theAccessKey)
-		theButton.setAttribute("accessKey",theAccessKey);
-	return(theButton);
+    var theButton = document.createElement("a");
+    if(theAction)
+        {
+        theButton.onclick = theAction;
+        theButton.setAttribute("href","javascript:;");
+        }
+    if(theTooltip)
+        theButton.setAttribute("title",theTooltip);
+    if(theText)
+        theButton.appendChild(document.createTextNode(theText));
+    if(theClass)
+        theButton.className = theClass;
+    else
+        theButton.className = "button";
+    if(theId)
+        theButton.id = theId;
+    if(theParent)
+        theParent.appendChild(theButton);
+    if(theAccessKey)
+        theButton.setAttribute("accessKey",theAccessKey);
+    return(theButton);
 }
 
 function createTiddlyLink(place,title,includeText,theClass,isStatic)
 {
-	var text = includeText ? title : null;
-	var i = getTiddlyLinkInfo(title,theClass)
-	var btn;
-	if(isStatic)
-		btn = createExternalLink(place,"#" + title);
-	else
-		btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
-	btn.setAttribute("refresh","link");
-	btn.setAttribute("tiddlyLink",title);
-	return(btn);
+    var text = includeText ? title : null;
+    var i = getTiddlyLinkInfo(title,theClass)
+    var btn;
+    if(isStatic)
+        btn = createExternalLink(place,"#" + title);
+    else
+        btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+    btn.setAttribute("refresh","link");
+    btn.setAttribute("tiddlyLink",title);
+    return(btn);
 }
 
 function refreshTiddlyLink(e,title)
 {
-	var i = getTiddlyLinkInfo(title,e.className);
-	e.className = i.classes;
-	e.title = i.subTitle;
+    var i = getTiddlyLinkInfo(title,e.className);
+    e.className = i.classes;
+    e.title = i.subTitle;
 }
 
 function getTiddlyLinkInfo(title,currClasses)
 {
-	var classes = currClasses ? currClasses.split(" ") : [];
-	classes.pushUnique("tiddlyLink");
-	var tiddler = store.fetchTiddler(title);
-	var subTitle;
-	if(tiddler)
-		{
-		subTitle = tiddler.getSubtitle();
-		classes.pushUnique("tiddlyLinkExisting");
-		classes.remove("tiddlyLinkNonExisting");
-		classes.remove("shadow");
-		}
-	else
-		{
-		classes.remove("tiddlyLinkExisting");
-		classes.pushUnique("tiddlyLinkNonExisting");
-		if(store.isShadowTiddler(title))
-			{
-			subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
-			classes.pushUnique("shadow");
-			}
-		else
-			{
-			subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
-			classes.remove("shadow");
-			}
-		}
-	return {classes: classes.join(" "), subTitle: subTitle};
+    var classes = currClasses ? currClasses.split(" ") : [];
+    classes.pushUnique("tiddlyLink");
+    var tiddler = store.fetchTiddler(title);
+    var subTitle;
+    if(tiddler)
+        {
+        subTitle = tiddler.getSubtitle();
+        classes.pushUnique("tiddlyLinkExisting");
+        classes.remove("tiddlyLinkNonExisting");
+        classes.remove("shadow");
+        }
+    else
+        {
+        classes.remove("tiddlyLinkExisting");
+        classes.pushUnique("tiddlyLinkNonExisting");
+        if(store.isShadowTiddler(title))
+            {
+            subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+            classes.pushUnique("shadow");
+            }
+        else
+            {
+            subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+            classes.remove("shadow");
+            }
+        }
+    return {classes: classes.join(" "), subTitle: subTitle};
 }
 
 function createExternalLink(place,url)
 {
-	var theLink = document.createElement("a");
-	theLink.className = "externalLink";
-	theLink.href = url;
-	theLink.title = config.messages.externalLinkTooltip.format([url]);
-	if(config.options.chkOpenInNewWindow)
-		theLink.target = "_blank";
-	place.appendChild(theLink);
-	return(theLink);
+    var theLink = document.createElement("a");
+    theLink.className = "externalLink";
+    theLink.href = url;
+    theLink.title = config.messages.externalLinkTooltip.format([url]);
+    if(config.options.chkOpenInNewWindow)
+        theLink.target = "_blank";
+    place.appendChild(theLink);
+    return(theLink);
 }
 
 // Event handler for clicking on a tiddly link
 function onClickTiddlerLink(e)
 {
-	if (!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	var theLink = theTarget;
-	var title = null;
-	do {
-		title = theLink.getAttribute("tiddlyLink");
-		theLink = theLink.parentNode;
-	} while(title == null && theLink != null);
-	if(title)
-		{
-		var toggling = e.metaKey || e.ctrlKey;
-		if(config.options.chkToggleLinks)
-			toggling = !toggling;
-		var opening;
-		if(toggling && document.getElementById("tiddler" + title))
-			story.closeTiddler(title,true,e.shiftKey || e.altKey);
-		else
-			story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
-		}
-	clearMessage();
-	return(false);
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var theLink = theTarget;
+    var title = null;
+    do {
+        title = theLink.getAttribute("tiddlyLink");
+        theLink = theLink.parentNode;
+    } while(title == null && theLink != null);
+    if(title)
+        {
+        var toggling = e.metaKey || e.ctrlKey;
+        if(config.options.chkToggleLinks)
+            toggling = !toggling;
+        var opening;
+        if(toggling && document.getElementById("tiddler" + title))
+            story.closeTiddler(title,true,e.shiftKey || e.altKey);
+        else
+            story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+        }
+    clearMessage();
+    return(false);
 }
 
 // Create a button for a tag with a popup listing all the tiddlers that it tags
 function createTagButton(place,tag,excludeTiddler)
 {
-	var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
-	theTag.setAttribute("tag",tag);
-	if(excludeTiddler)
-		theTag.setAttribute("tiddler",excludeTiddler);
-	return(theTag);
+    var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+    theTag.setAttribute("tag",tag);
+    if(excludeTiddler)
+        theTag.setAttribute("tiddler",excludeTiddler);
+    return(theTag);
 }
 
 // Event handler for clicking on a tiddler tag
 function onClickTag(e)
 {
-	if (!e) var e = window.event;
-	var theTarget = resolveTarget(e);
-	var popup = Popup.create(this);
-	var tag = this.getAttribute("tag");
-	var title = this.getAttribute("tiddler");
-	if(popup && tag)
-		{
-		var tagged = store.getTaggedTiddlers(tag);
-		var titles = [];
-		var li,r;
-		for(r=0;r<tagged.length;r++)
-			if(tagged[r].title != title)
-				titles.push(tagged[r].title);
-		var lingo = config.views.wikified.tag;
-		if(titles.length > 0)
-			{
-			var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
-			openAll.setAttribute("tag",tag);
-			createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-			for(r=0; r<titles.length; r++)
-				{
-				createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
-				}
-			}
-		else
-			createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
-		createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-		var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
-		createTiddlyText(h,lingo.openTag.format([tag]));
-		}
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if (e.stopPropagation) e.stopPropagation();
-	return(false);
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var popup = Popup.create(this);
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(popup && tag)
+        {
+        var tagged = store.getTaggedTiddlers(tag);
+        var titles = [];
+        var li,r;
+        for(r=0;r<tagged.length;r++)
+            if(tagged[r].title != title)
+                titles.push(tagged[r].title);
+        var lingo = config.views.wikified.tag;
+        if(titles.length > 0)
+            {
+            var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+            openAll.setAttribute("tag",tag);
+            createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+            for(r=0; r<titles.length; r++)
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+                }
+            }
+        else
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+        createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+        var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+        createTiddlyText(h,lingo.openTag.format([tag]));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return(false);
 }
 
 // Event handler for 'open all' on a tiddler popup
 function onClickTagOpenAll(e)
 {
-	if (!e) var e = window.event;
-	var tag = this.getAttribute("tag");
-	var tagged = store.getTaggedTiddlers(tag);
-	var titles = [];
-	for(var t=0; t<tagged.length; t++)
-		titles.push(tagged[t].title);
-	story.displayTiddlers(this,titles);
-	return(false);
+    if (!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var tagged = store.getTaggedTiddlers(tag);
+    var titles = [];
+    for(var t=0; t<tagged.length; t++)
+        titles.push(tagged[t].title);
+    story.displayTiddlers(this,titles);
+    return(false);
 }
 
 function onClickError(e)
 {
-	if (!e) var e = window.event;
-	var popup = Popup.create(this);
-	var lines = this.getAttribute("errorText").split("\n");
-	for(var t=0; t<lines.length; t++)
-		createTiddlyElement(popup,"li",null,null,lines[t]);
-	Popup.show(popup,false);
-	e.cancelBubble = true;
-	if (e.stopPropagation) e.stopPropagation();
-	return false;
+    if (!e) var e = window.event;
+    var popup = Popup.create(this);
+    var lines = this.getAttribute("errorText").split("\n");
+    for(var t=0; t<lines.length; t++)
+        createTiddlyElement(popup,"li",null,null,lines[t]);
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return false;
 }
 
 function createTiddlyDropDown(place,onchange,options)
 {
-	var sel = createTiddlyElement(place,"select");
-	sel.onchange = onchange;
-	for(var t=0; t<options.length; t++)
-		{
-		var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
-		e.value = options[t].name;
-		}
+    var sel = createTiddlyElement(place,"select");
+    sel.onchange = onchange;
+    for(var t=0; t<options.length; t++)
+        {
+        var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+        e.value = options[t].name;
+        }
 }
 
 function createTiddlyError(place,title,text)
 {
-	var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
-	if (text) btn.setAttribute("errorText",text);
+    var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+    if (text) btn.setAttribute("errorText",text);
 }
 
 function merge(dst,src,preserveExisting)
 {
-	for (p in src)
-		if (!preserveExisting || dst[p] === undefined)
-			dst[p] = src[p];
-	return dst;
+    for (p in src)
+        if (!preserveExisting || dst[p] === undefined)
+            dst[p] = src[p];
+    return dst;
 }
 
 // Returns a string containing the description of an exception, optionally prepended by a message
 function exceptionText(e, message)
 {
-	var s = e.description ? e.description : e.toString();
-	return message ? "%0:\n%1".format([message, s]) : s;
+    var s = e.description ? e.description : e.toString();
+    return message ? "%0:\n%1".format([message, s]) : s;
 }
 
 // Displays an alert of an exception description with optional message
 function showException(e, message)
 {
-	alert(exceptionText(e, message));
+    alert(exceptionText(e, message));
 }
 
 // ---------------------------------------------------------------------------------
@@ -5265,47 +5265,47 @@
 
 function Animator()
 {
-	this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
-	this.timerID = 0; // ID of the timer used for animating
-	this.animations = []; // List of animations in progress
-	return this;
+    this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+    this.timerID = 0; // ID of the timer used for animating
+    this.animations = []; // List of animations in progress
+    return this;
 }
 
 // Start animation engine
 Animator.prototype.startAnimating = function() // Variable number of arguments
 {
-	for(var t=0; t<arguments.length; t++)
-		this.animations.push(arguments[t]);
-	if(this.running == 0)
-		{
-		var me = this;
-		this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
-		}
-	this.running += arguments.length;
+    for(var t=0; t<arguments.length; t++)
+        this.animations.push(arguments[t]);
+    if(this.running == 0)
+        {
+        var me = this;
+        this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+        }
+    this.running += arguments.length;
 }
 
 // Perform an animation engine tick, calling each of the known animation modules
 Animator.prototype.doAnimate = function(me)
 {
-	var a = 0;
-	while(a < me.animations.length)
-		{
-		var animation = me.animations[a];
-		if(animation.tick())
-			a++;
-		else
-			{
-			me.animations.splice(a,1);
-			if(--me.running == 0)
-				window.clearInterval(me.timerID);
-			}
-		}
+    var a = 0;
+    while(a < me.animations.length)
+        {
+        var animation = me.animations[a];
+        if(animation.tick())
+            a++;
+        else
+            {
+            me.animations.splice(a,1);
+            if(--me.running == 0)
+                window.clearInterval(me.timerID);
+            }
+        }
 }
 
 // Map a 0..1 value to 0..1, but slow down at the start and end
 Animator.slowInSlowOut = function(progress)
 {
-	return(1-((Math.cos(progress * Math.PI)+1)/2));
+    return(1-((Math.cos(progress * Math.PI)+1)/2));
 }
 
 // ---------------------------------------------------------------------------------
@@ -5314,64 +5314,64 @@
 
 function Cascade(text,startElement,targetElement,slowly)
 {
-	var winWidth = findWindowWidth();
-	var winHeight = findWindowHeight();
-	this.elements = [];
-	this.startElement = startElement;
-	this.startLeft = findPosX(this.startElement);
-	this.startTop = findPosY(this.startElement);
-	this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
-	this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
-	this.targetElement = targetElement;
-	targetElement.style.position = "relative";
-	targetElement.style.zIndex = 2;
-	this.targetLeft = findPosX(this.targetElement);
-	this.targetTop = findPosY(this.targetElement);
-	this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
-	this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
-	this.progress = -1;
-	this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
-	this.text = text;
-	this.tick();
-	return this;
+    var winWidth = findWindowWidth();
+    var winHeight = findWindowHeight();
+    this.elements = [];
+    this.startElement = startElement;
+    this.startLeft = findPosX(this.startElement);
+    this.startTop = findPosY(this.startElement);
+    this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+    this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+    this.targetElement = targetElement;
+    targetElement.style.position = "relative";
+    targetElement.style.zIndex = 2;
+    this.targetLeft = findPosX(this.targetElement);
+    this.targetTop = findPosY(this.targetElement);
+    this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+    this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+    this.progress = -1;
+    this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+    this.text = text;
+    this.tick();
+    return this;
 }
 
 Cascade.prototype.tick = function()
 {
-	this.progress++;
-	if(this.progress >= this.steps)
-		{
-		while(this.elements.length > 0)
-			this.removeTail();
-		this.targetElement.style.position = "static";
-		this.targetElement.style.zIndex = "";
-		return false;
-		}
-	else
-		{
-		if(this.elements.length > 0 && this.progress > config.cascadeDepth)
-			this.removeTail();
-		if(this.progress < (this.steps - config.cascadeDepth))
-			{
-			var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
-			var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
-			e.style.zIndex = 1;
-			e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
-			e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
-			e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
-			e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
-			e.style.display = "block";
-			this.elements.push(e);
-			}
-		return true;
-		}
+    this.progress++;
+    if(this.progress >= this.steps)
+        {
+        while(this.elements.length > 0)
+            this.removeTail();
+        this.targetElement.style.position = "static";
+        this.targetElement.style.zIndex = "";
+        return false;
+        }
+    else
+        {
+        if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+            this.removeTail();
+        if(this.progress < (this.steps - config.cascadeDepth))
+            {
+            var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+            var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+            e.style.zIndex = 1;
+            e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+            e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+            e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+            e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+            e.style.display = "block";
+            this.elements.push(e);
+            }
+        return true;
+        }
 }
 
 Cascade.prototype.removeTail = function()
 {
-	var e = this.elements[0];
-	e.parentNode.removeChild(e);
-	this.elements.shift();
+    var e = this.elements[0];
+    e.parentNode.removeChild(e);
+    this.elements.shift();
 }
 
 // ---------------------------------------------------------------------------------
@@ -5380,28 +5380,28 @@
 
 function Scroller(targetElement,slowly)
 {
-	this.targetElement = targetElement;
-	this.startScroll = findScrollY();
-	this.targetScroll = ensureVisible(targetElement);
-	this.progress = 0;
-	this.step = slowly ? config.animSlow : config.animFast;
-	return this;
+    this.targetElement = targetElement;
+    this.startScroll = findScrollY();
+    this.targetScroll = ensureVisible(targetElement);
+    this.progress = 0;
+    this.step = slowly ? config.animSlow : config.animFast;
+    return this;
 }
 
 Scroller.prototype.tick = function()
 {
-	this.progress += this.step;
-	if(this.progress > 1)
-		{
-		window.scrollTo(0,this.targetScroll);
-		return false;
-		}
-	else
-		{
-		var f = Animator.slowInSlowOut(this.progress);
-		window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
-		return true;
-		}
+    this.progress += this.step;
+    if(this.progress > 1)
+        {
+        window.scrollTo(0,this.targetScroll);
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+        return true;
+        }
 }
 
 // ---------------------------------------------------------------------------------
@@ -5411,70 +5411,70 @@
 // deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
 function Slider(element,opening,slowly,deleteMode)
 {
-	this.element = element;
-	element.style.display = "block";
-	this.deleteMode = deleteMode;
-	this.element.style.height = "auto";
-	this.realHeight = element.offsetHeight;
-	this.opening = opening;
-	this.step = slowly ? config.animSlow : config.animFast;
-	if(opening)
-		{
-		this.progress = 0;
-		element.style.height = "0px";
-		element.style.display = "block";
-		}
-	else
-		{
-		this.progress = 1;
-		this.step = -this.step;
-		}
-	element.style.overflow = "hidden";
-	return this;
+    this.element = element;
+    element.style.display = "block";
+    this.deleteMode = deleteMode;
+    this.element.style.height = "auto";
+    this.realHeight = element.offsetHeight;
+    this.opening = opening;
+    this.step = slowly ? config.animSlow : config.animFast;
+    if(opening)
+        {
+        this.progress = 0;
+        element.style.height = "0px";
+        element.style.display = "block";
+        }
+    else
+        {
+        this.progress = 1;
+        this.step = -this.step;
+        }
+    element.style.overflow = "hidden";
+    return this;
 }
 
 Slider.prototype.stop = function()
 {
-	if(this.opening)
-		{
-		this.element.style.height = "auto";
-		this.element.style.opacity = 1;
-		this.element.style.filter = "alpha(opacity:100)";
-		}
-	else
-		{
-		switch(this.deleteMode)
-			{
-			case "none":
-				this.element.style.display = "none";
-				break;
-			case "all":
-				this.element.parentNode.removeChild(this.element);
-				break;
-			case "children":
-				removeChildren(this.element);
-				break;
-			}
-		}
+    if(this.opening)
+        {
+        this.element.style.height = "auto";
+        this.element.style.opacity = 1;
+        this.element.style.filter = "alpha(opacity:100)";
+        }
+    else
+        {
+        switch(this.deleteMode)
+            {
+            case "none":
+                this.element.style.display = "none";
+                break;
+            case "all":
+                this.element.parentNode.removeChild(this.element);
+                break;
+            case "children":
+                removeChildren(this.element);
+                break;
+            }
+        }
 }
 
 Slider.prototype.tick = function()
 {
-	this.progress += this.step;
-	if(this.progress < 0 || this.progress > 1)
-		{
-		this.stop();
-		return false;
-		}
-	else
-		{
-		var f = Animator.slowInSlowOut(this.progress);
-		var h = this.realHeight * f;
-		this.element.style.height = h + "px";
-		this.element.style.opacity = f;
-		this.element.style.filter = "alpha(opacity:" + f * 100 +")";
-		return true;
-		}
+    this.progress += this.step;
+    if(this.progress < 0 || this.progress > 1)
+        {
+        this.stop();
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        var h = this.realHeight * f;
+        this.element.style.height = h + "px";
+        this.element.style.opacity = f;
+        this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+        return true;
+        }
 }
 
 // ---------------------------------------------------------------------------------
@@ -5482,67 +5482,67 @@
 // ---------------------------------------------------------------------------------
 
 var Popup = {
-	stack: [] // Array of objects with members root: and popup:
-	};
+    stack: [] // Array of objects with members root: and popup:
+    };
 
 Popup.create = function(root)
 {
-	Popup.remove();
-	var popup = createTiddlyElement(document.body,"ol","popup","popup");
-	Popup.stack.push({root: root, popup: popup});
-	return popup;
+    Popup.remove();
+    var popup = createTiddlyElement(document.body,"ol","popup","popup");
+    Popup.stack.push({root: root, popup: popup});
+    return popup;
 }
 
 Popup.onDocumentClick = function(e)
 {
-	if (!e) var e = window.event;
-	var target = resolveTarget(e);
-	if(e.eventPhase == undefined)
-		Popup.remove();
-	else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
-		Popup.remove();
-	return true;
+    if (!e) var e = window.event;
+    var target = resolveTarget(e);
+    if(e.eventPhase == undefined)
+        Popup.remove();
+    else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+        Popup.remove();
+    return true;
 }
 
 Popup.show = function(unused,slowly)
 {
-	var curr = Popup.stack[Popup.stack.length-1];
-	var rootLeft = findPosX(curr.root);
-	var rootTop = findPosY(curr.root);
-	var rootHeight = curr.root.offsetHeight;
-	var popupLeft = rootLeft;
-	var popupTop = rootTop + rootHeight;
-	var popupWidth = curr.popup.offsetWidth;
-	var winWidth = findWindowWidth();
-	if(popupLeft + popupWidth > winWidth)
-		popupLeft = winWidth - popupWidth;
-	curr.popup.style.left = popupLeft + "px";
-	curr.popup.style.top = popupTop + "px";
-	curr.popup.style.display = "block";
-	addClass(curr.root,"highlight");
-	if(anim && config.options.chkAnimate)
-		anim.startAnimating(new Scroller(curr.popup,slowly));
-	else
-		window.scrollTo(0,ensureVisible(curr.popup));
+    var curr = Popup.stack[Popup.stack.length-1];
+    var rootLeft = findPosX(curr.root);
+    var rootTop = findPosY(curr.root);
+    var rootHeight = curr.root.offsetHeight;
+    var popupLeft = rootLeft;
+    var popupTop = rootTop + rootHeight;
+    var popupWidth = curr.popup.offsetWidth;
+    var winWidth = findWindowWidth();
+    if(popupLeft + popupWidth > winWidth)
+        popupLeft = winWidth - popupWidth;
+    curr.popup.style.left = popupLeft + "px";
+    curr.popup.style.top = popupTop + "px";
+    curr.popup.style.display = "block";
+    addClass(curr.root,"highlight");
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Scroller(curr.popup,slowly));
+    else
+        window.scrollTo(0,ensureVisible(curr.popup));
 }
 
 Popup.remove = function()
 {
-	if(Popup.stack.length > 0)
-		{
-		Popup.removeFrom(0);
-		}
+    if(Popup.stack.length > 0)
+        {
+        Popup.removeFrom(0);
+        }
 }
 
 Popup.removeFrom = function(from)
 {
-	for(var t=Popup.stack.length-1; t>=from; t--)
-		{
-		var p = Popup.stack[t];
-		removeClass(p.root,"highlight");
-		p.popup.parentNode.removeChild(p.popup);
-		}
-	Popup.stack = Popup.stack.slice(0,from);
+    for(var t=Popup.stack.length-1; t>=from; t--)
+        {
+        var p = Popup.stack[t];
+        removeClass(p.root,"highlight");
+        p.popup.parentNode.removeChild(p.popup);
+        }
+    Popup.stack = Popup.stack.slice(0,from);
 }
 
 // ---------------------------------------------------------------------------------
@@ -5559,77 +5559,77 @@
 //   className - optional classname for the <table> element
 ListView.create = function(place,listObject,listTemplate,callback,className)
 {
-	var table = createTiddlyElement(place,"table",null,className ? className : "listView");
-	var thead = createTiddlyElement(table,"thead");
-	var r = createTiddlyElement(thead,"tr");
-	for(var t=0; t<listTemplate.columns.length; t++)
-		{
-		var columnTemplate = listTemplate.columns[t];
-		var c = createTiddlyElement(r,"th");
-		var colType = ListView.columnTypes[columnTemplate.type];
-		if(colType && colType.createHeader)
-			colType.createHeader(c,columnTemplate,t);
-		}
-	var tbody = createTiddlyElement(table,"tbody");
-	for(var rc=0; rc<listObject.length; rc++)
-		{
-		rowObject = listObject[rc];
-		r = createTiddlyElement(tbody,"tr");
-		for(var c=0; c<listTemplate.rowClasses.length; c++)
-			{
-			if(rowObject[listTemplate.rowClasses[c].field])
-				addClass(r,listTemplate.rowClasses[c].className);
-			}
-		rowObject.rowElement = rowObject;
-		rowObject.colElements = {};
-		for(var cc=0; cc<listTemplate.columns.length; cc++)
-			{
-			var c = createTiddlyElement(r,"td");
-			var columnTemplate = listTemplate.columns[cc];
-			var field = columnTemplate.field;
-			var colType = ListView.columnTypes[columnTemplate.type];
-			if(colType && colType.createItem)
-				colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
-			rowObject.colElements[field] = c;
-			}
-		}
-	if(callback && listTemplate.actions)
-		createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
-	if(callback && listTemplate.buttons)
-		{
-		for(t=0; t<listTemplate.buttons.length; t++)
-			{
-			var a = listTemplate.buttons[t];
-			if(a && a.name != "")
-				createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
-			}
-		}
-	return table;
+    var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+    var thead = createTiddlyElement(table,"thead");
+    var r = createTiddlyElement(thead,"tr");
+    for(var t=0; t<listTemplate.columns.length; t++)
+        {
+        var columnTemplate = listTemplate.columns[t];
+        var c = createTiddlyElement(r,"th");
+        var colType = ListView.columnTypes[columnTemplate.type];
+        if(colType && colType.createHeader)
+            colType.createHeader(c,columnTemplate,t);
+        }
+    var tbody = createTiddlyElement(table,"tbody");
+    for(var rc=0; rc<listObject.length; rc++)
+        {
+        rowObject = listObject[rc];
+        r = createTiddlyElement(tbody,"tr");
+        for(var c=0; c<listTemplate.rowClasses.length; c++)
+            {
+            if(rowObject[listTemplate.rowClasses[c].field])
+                addClass(r,listTemplate.rowClasses[c].className);
+            }
+        rowObject.rowElement = rowObject;
+        rowObject.colElements = {};
+        for(var cc=0; cc<listTemplate.columns.length; cc++)
+            {
+            var c = createTiddlyElement(r,"td");
+            var columnTemplate = listTemplate.columns[cc];
+            var field = columnTemplate.field;
+            var colType = ListView.columnTypes[columnTemplate.type];
+            if(colType && colType.createItem)
+                colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+            rowObject.colElements[field] = c;
+            }
+        }
+    if(callback && listTemplate.actions)
+        createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+    if(callback && listTemplate.buttons)
+        {
+        for(t=0; t<listTemplate.buttons.length; t++)
+            {
+            var a = listTemplate.buttons[t];
+            if(a && a.name != "")
+                createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+            }
+        }
+    return table;
 }
 
 ListView.getCommandHandler = function(callback,name,allowEmptySelection)
 {
-	return function(e)
-		{
-		var view = findRelated(this,"TABLE",null,"previousSibling");
-		var tiddlers = [];
-		ListView.forEachSelector(view,function(e,rowName) {
-					if(e.checked)
-						tiddlers.push(rowName);
-					});
-		if(tiddlers.length == 0 && !allowEmptySelection)
-			alert(config.messages.nothingSelected);
-		else
-			{
-			if(this.nodeName.toLowerCase() == "select")
-				{
-				callback(view,this.value,tiddlers);
-				this.selectedIndex = 0;
-				}
-			else
-				callback(view,name,tiddlers);
-			}
-		};
+    return function(e)
+        {
+        var view = findRelated(this,"TABLE",null,"previousSibling");
+        var tiddlers = [];
+        ListView.forEachSelector(view,function(e,rowName) {
+                    if(e.checked)
+                        tiddlers.push(rowName);
+                    });
+        if(tiddlers.length == 0 && !allowEmptySelection)
+            alert(config.messages.nothingSelected);
+        else
+            {
+            if(this.nodeName.toLowerCase() == "select")
+                {
+                callback(view,this.value,tiddlers);
+                this.selectedIndex = 0;
+                }
+            else
+                callback(view,name,tiddlers);
+            }
+        };
 }
 
 // Invoke a callback for each selector checkbox in the listview
@@ -5641,134 +5641,134 @@
 //   result: true if at least one selector was checked
 ListView.forEachSelector = function(view,callback)
 {
-	var checkboxes = view.getElementsByTagName("input");
-	var hadOne = false;
-	for(var t=0; t<checkboxes.length; t++)
-		{
-		var cb = checkboxes[t];
-		if(cb.getAttribute("type") == "checkbox")
-			{
-			var rn = cb.getAttribute("rowName");
-			if(rn)
-				{
-				callback(cb,rn);
-				hadOne = true;
-				}
-			}
-		}
-	return hadOne;
+    var checkboxes = view.getElementsByTagName("input");
+    var hadOne = false;
+    for(var t=0; t<checkboxes.length; t++)
+        {
+        var cb = checkboxes[t];
+        if(cb.getAttribute("type") == "checkbox")
+            {
+            var rn = cb.getAttribute("rowName");
+            if(rn)
+                {
+                callback(cb,rn);
+                hadOne = true;
+                }
+            }
+        }
+    return hadOne;
 }
 
 ListView.columnTypes = {};
 
 ListView.columnTypes.String = {
-	createHeader: function(place,columnTemplate,col)
-		{
-			createTiddlyText(place,columnTemplate.title);
-		},
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				createTiddlyText(place,v);
-		}
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyText(place,columnTemplate.title);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v);
+        }
 };
 
 ListView.columnTypes.Date = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+        }
 };
 
 ListView.columnTypes.StringList = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				{
-				for(var t=0; t<v.length; t++)
-					{
-					createTiddlyText(place,v[t]);
-					createTiddlyElement(place,"br");
-					}
-				}
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                for(var t=0; t<v.length; t++)
+                    {
+                    createTiddlyText(place,v[t]);
+                    createTiddlyElement(place,"br");
+                    }
+                }
+        }
 };
 
 ListView.columnTypes.Selector = {
-	createHeader: function(place,columnTemplate,col)
-		{
-			createTiddlyCheckbox(place,null,false,this.onHeaderChange);
-		},
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var e = createTiddlyCheckbox(place,null,listObject[field],null);
-			e.setAttribute("rowName",listObject[columnTemplate.rowName]);
-		},
-	onHeaderChange: function(e)
-		{
-			var state = this.checked;
-			var view = findRelated(this,"TABLE");
-			if(!view)
-				return;
-			ListView.forEachSelector(view,function(e,rowName) {
-								e.checked = state;
-							});
-		}
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],null);
+            e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+        },
+    onHeaderChange: function(e)
+        {
+            var state = this.checked;
+            var view = findRelated(this,"TABLE");
+            if(!view)
+                return;
+            ListView.forEachSelector(view,function(e,rowName) {
+                                e.checked = state;
+                            });
+        }
 };
 
 ListView.columnTypes.Tags = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var tags = listObject[field];
-			createTiddlyText(place,String.encodeTiddlyLinkList(tags));
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var tags = listObject[field];
+            createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+        }
 };
 
 ListView.columnTypes.Boolean = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			if(listObject[field] == true)
-				createTiddlyText(place,columnTemplate.trueText);
-			if(listObject[field] == false)
-				createTiddlyText(place,columnTemplate.falseText);
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            if(listObject[field] == true)
+                createTiddlyText(place,columnTemplate.trueText);
+            if(listObject[field] == false)
+                createTiddlyText(place,columnTemplate.falseText);
+        }
 };
 
 ListView.columnTypes.TagCheckbox = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
-			e.setAttribute("tiddler",listObject.title);
-			e.setAttribute("tag",columnTemplate.tag);
-		},
-	onChange : function(e)
-		{
-			var tag = this.getAttribute("tag");
-			var tiddler = this.getAttribute("tiddler");
-			store.setTiddlerTag(tiddler,this.checked,tag);
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+            e.setAttribute("tiddler",listObject.title);
+            e.setAttribute("tag",columnTemplate.tag);
+        },
+    onChange : function(e)
+        {
+            var tag = this.getAttribute("tag");
+            var tiddler = this.getAttribute("tiddler");
+            store.setTiddlerTag(tiddler,this.checked,tag);
+        }
 };
 
 ListView.columnTypes.TiddlerLink = {
-	createHeader: ListView.columnTypes.String.createHeader,
-	createItem: function(place,listObject,field,columnTemplate,col,row)
-		{
-			var v = listObject[field];
-			if(v != undefined)
-				{
-				var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
-				createTiddlyText(link,listObject[field]);
-				}
-		}
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+                createTiddlyText(link,listObject[field]);
+                }
+        }
 };
 // ---------------------------------------------------------------------------------
 // Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
@@ -5777,39 +5777,39 @@
 // Clamp a number to a range
 Number.prototype.clamp = function(min,max)
 {
-	var c = this;
-	if(c < min)
-		c = min;
-	if(c > max)
-		c = max;
-	return c;
+    var c = this;
+    if(c < min)
+        c = min;
+    if(c > max)
+        c = max;
+    return c;
 }
 
 // Add indexOf function if browser does not support it
 if(!Array.indexOf) {
 Array.prototype.indexOf = function(item,from)
 {
-	if(!from)
-		from = 0;
-	for(var i=from; i<this.length; i++)
-		if(this[i] === item)
-			return i;
-	return -1;
+    if(!from)
+        from = 0;
+    for(var i=from; i<this.length; i++)
+        if(this[i] === item)
+            return i;
+    return -1;
 }}
 
 // Find an entry in a given field of the members of an array
 Array.prototype.findByField = function(field,value)
 {
-	for(var t=0; t<this.length; t++)
-		if(this[t][field] == value)
-			return t;
-	return null;
+    for(var t=0; t<this.length; t++)
+        if(this[t][field] == value)
+            return t;
+    return null;
 }
 
 // Return whether an entry exists in an array
 Array.prototype.contains = function(item)
 {
-	return this.indexOf(item) != -1;
+    return this.indexOf(item) != -1;
 };
 
 // Adds, removes or toggles a particular value within an array
@@ -5817,136 +5817,136 @@
 //  mode - +1 to add value, -1 to remove value, 0 to toggle it
 Array.prototype.setItem = function(value,mode)
 {
-	var p = this.indexOf(value);
-	if(mode == 0)
-		mode = (p == -1) ? +1 : -1;
-	if(mode == +1)
-		{
-		if(p == -1)
-			this.push(value);
-		}
-	else if(mode == -1)
-		{
-		if(p != -1)
-			this.splice(p,1);
-		}
+    var p = this.indexOf(value);
+    if(mode == 0)
+        mode = (p == -1) ? +1 : -1;
+    if(mode == +1)
+        {
+        if(p == -1)
+            this.push(value);
+        }
+    else if(mode == -1)
+        {
+        if(p != -1)
+            this.splice(p,1);
+        }
 }
 
 // Return whether one of a list of values exists in an array
 Array.prototype.containsAny = function(items)
 {
-	for(var i=0; i<items.length; i++)
-		if (this.indexOf(items[i]) != -1)
-			return true;
-	return false;
+    for(var i=0; i<items.length; i++)
+        if (this.indexOf(items[i]) != -1)
+            return true;
+    return false;
 };
 
 // Return whether all of a list of values exists in an array
 Array.prototype.containsAll = function(items)
 {
-	for (var i = 0; i<items.length; i++)
-		if (this.indexOf(items[i]) == -1)
-			return false;
-	return true;
+    for (var i = 0; i<items.length; i++)
+        if (this.indexOf(items[i]) == -1)
+            return false;
+    return true;
 };
 
 // Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
 Array.prototype.pushUnique = function(item,unique)
 {
-	if(unique != undefined && unique == false)
-		this.push(item);
-	else
-		{
-		if(this.indexOf(item) == -1)
-			this.push(item);
-		}
+    if(unique != undefined && unique == false)
+        this.push(item);
+    else
+        {
+        if(this.indexOf(item) == -1)
+            this.push(item);
+        }
 }
 
 Array.prototype.remove = function(item)
 {
-	var p = this.indexOf(item);
-	if(p != -1)
-		this.splice(p,1);
+    var p = this.indexOf(item);
+    if(p != -1)
+        this.splice(p,1);
 }
 
 // Get characters from the right end of a string
 String.prototype.right = function(n)
 {
-	if(n < this.length)
-		return this.slice(this.length-n);
-	else
-		return this;
+    if(n < this.length)
+        return this.slice(this.length-n);
+    else
+        return this;
 }
 
 // Trim whitespace from both ends of a string
 String.prototype.trim = function()
 {
-	return this.replace(/^\s*|\s*$/g,"");
+    return this.replace(/^\s*|\s*$/g,"");
 }
 
 // Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
 String.prototype.unDash = function()
 {
-	var s = this.split("-");
-	if(s.length > 1)
-		for(var t=1; t<s.length; t++)
-			s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
-	return s.join("");
+    var s = this.split("-");
+    if(s.length > 1)
+        for(var t=1; t<s.length; t++)
+            s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+    return s.join("");
 }
 
 // Substitute substrings from an array into a format string that includes '%1'-type specifiers
 String.prototype.format = function(substrings)
 {
-	var subRegExp = /(?:%(\d+))/mg;
-	var currPos = 0;
-	var r = [];
-	do {
-		var match = subRegExp.exec(this);
-		if(match && match[1])
-			{
-			if(match.index > currPos)
-				r.push(this.substring(currPos,match.index));
-			r.push(substrings[parseInt(match[1])]);
-			currPos = subRegExp.lastIndex;
-			}
-	} while(match);
-	if(currPos < this.length)
-		r.push(this.substring(currPos,this.length));
-	return r.join("");
+    var subRegExp = /(?:%(\d+))/mg;
+    var currPos = 0;
+    var r = [];
+    do {
+        var match = subRegExp.exec(this);
+        if(match && match[1])
+            {
+            if(match.index > currPos)
+                r.push(this.substring(currPos,match.index));
+            r.push(substrings[parseInt(match[1])]);
+            currPos = subRegExp.lastIndex;
+            }
+    } while(match);
+    if(currPos < this.length)
+        r.push(this.substring(currPos,this.length));
+    return r.join("");
 }
 
 // Escape any special RegExp characters with that character preceded by a backslash
 String.prototype.escapeRegExp = function()
 {
-	var s = "\\^$*+?()=!|,{}[].";
-	var c = this;
-	for(var t=0; t<s.length; t++)
-		c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
-	return c;
+    var s = "\\^$*+?()=!|,{}[].";
+    var c = this;
+    for(var t=0; t<s.length; t++)
+        c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+    return c;
 }
 
 // Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
 String.prototype.escapeLineBreaks = function()
 {
-	return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+    return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
 }
 
 // Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
 String.prototype.unescapeLineBreaks = function()
 {
-	return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+    return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
 }
 
 // Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
 String.prototype.htmlEncode = function()
 {
-	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+    return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
 }
 
 // Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
 String.prototype.htmlDecode = function()
 {
-	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+    return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
 }
 
 // Parse a space-separated string of name:value parameters where:
@@ -5963,80 +5963,80 @@
 //   result[1..n] = one object for each parameter, with 'name' and 'value' members
 String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
 {
-	var parseToken = function(match,p)
-		{
-		var n;
-		if(match[p]) // Double quoted
-			n = match[p];
-		else if(match[p+1]) // Single quoted
-			n = match[p+1];
-		else if(match[p+2]) // Double-square-bracket quoted
-			n = match[p+2];
-		else if(match[p+3]) // Double-brace quoted
-			try
-				{
-				n = match[p+3];
-				if(allowEval)
-					n = window.eval(n);
-				}
-			catch(e)
-				{
-				throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
-				}
-		else if(match[p+4]) // Unquoted
-			n = match[p+4];
-		else if(match[p+5]) // empty quote
-			n = "";
-		return n;
-		};
-	var r = [{}];
-	var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
-	var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
-	var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
-	var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
-	var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
-	var emptyQuote = "((?:\"\")|(?:''))";
-	var skipSpace = "(?:\\s*)";
-	var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
-	var re = noNames
-		? new RegExp(token,"mg")
-		: new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
-	var params = [];
-	do {
-		var match = re.exec(this);
-		if(match)
-			{
-			var n = parseToken(match,1);
-			if(noNames)
-				r.push({name: "", value: n});
-			else
-				{
-				var v = parseToken(match,8);
-				if(v == null && defaultName)
-					{
-					v = n;
-					n = defaultName;
-					}
-				else if(v == null && defaultValue)
-					v = defaultValue;
-				r.push({name: n, value: v});
-				if(cascadeDefaults)
-					{
-					defaultName = n;
-					defaultValue = v;
-					}
-				}
-			}
-	} while(match);
-	// Summarise parameters into first element
-	for(var t=1; t<r.length; t++)
-		{
-		if(r[0][r[t].name])
-			r[0][r[t].name].push(r[t].value);
-		else
-			r[0][r[t].name] = [r[t].value];
-		}
-	return r;
+    var parseToken = function(match,p)
+        {
+        var n;
+        if(match[p]) // Double quoted
+            n = match[p];
+        else if(match[p+1]) // Single quoted
+            n = match[p+1];
+        else if(match[p+2]) // Double-square-bracket quoted
+            n = match[p+2];
+        else if(match[p+3]) // Double-brace quoted
+            try
+                {
+                n = match[p+3];
+                if(allowEval)
+                    n = window.eval(n);
+                }
+            catch(e)
+                {
+                throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+                }
+        else if(match[p+4]) // Unquoted
+            n = match[p+4];
+        else if(match[p+5]) // empty quote
+            n = "";
+        return n;
+        };
+    var r = [{}];
+    var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+    var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+    var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+    var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+    var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+    var emptyQuote = "((?:\"\")|(?:''))";
+    var skipSpace = "(?:\\s*)";
+    var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+    var re = noNames
+        ? new RegExp(token,"mg")
+        : new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+    var params = [];
+    do {
+        var match = re.exec(this);
+        if(match)
+            {
+            var n = parseToken(match,1);
+            if(noNames)
+                r.push({name: "", value: n});
+            else
+                {
+                var v = parseToken(match,8);
+                if(v == null && defaultName)
+                    {
+                    v = n;
+                    n = defaultName;
+                    }
+                else if(v == null && defaultValue)
+                    v = defaultValue;
+                r.push({name: n, value: v});
+                if(cascadeDefaults)
+                    {
+                    defaultName = n;
+                    defaultValue = v;
+                    }
+                }
+            }
+    } while(match);
+    // Summarise parameters into first element
+    for(var t=1; t<r.length; t++)
+        {
+        if(r[0][r[t].name])
+            r[0][r[t].name].push(r[t].value);
+        else
+            r[0][r[t].name] = [r[t].value];
+        }
+    return r;
 }
 
 // Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
@@ -6044,89 +6044,89 @@
 // an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
 String.prototype.readMacroParams = function()
 {
-	var p = this.parseParams("list",null,true,true);
-	var n = [];
-	for(var t=1; t<p.length; t++)
-		n.push(p[t].value);
-	return n;
+    var p = this.parseParams("list",null,true,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.push(p[t].value);
+    return n;
 }
 
 // Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
 String.prototype.readBracketedList = function(unique)
 {
-	var p = this.parseParams("list",null,false,true);
-	var n = [];
-	for(var t=1; t<p.length; t++)
-		n.pushUnique(p[t].value,unique);
-	return n;
+    var p = this.parseParams("list",null,false,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.pushUnique(p[t].value,unique);
+    return n;
 }
 
 // Returns array with start and end index of chunk between given start and end marker, or undefined.
-String.prototype.getChunkRange = function(start,end) 
+String.prototype.getChunkRange = function(start,end)
 {
-	var s = this.indexOf(start);
-	if(s != -1)
-		{
-		s += start.length;
-		var e = this.indexOf(end,s);
-		if(e != -1)
-			return [s, e];
-		}
+    var s = this.indexOf(start);
+    if(s != -1)
+        {
+        s += start.length;
+        var e = this.indexOf(end,s);
+        if(e != -1)
+            return [s, e];
+        }
 }
 
 // Replace a chunk of a string given start and end markers
 String.prototype.replaceChunk = function(start,end,sub)
 {
-	var r = this.getChunkRange(start,end);
-	return r 
-		? this.substring(0,r[0]) + sub + this.substring(r[1])
-		: this;
+    var r = this.getChunkRange(start,end);
+    return r
+        ? this.substring(0,r[0]) + sub + this.substring(r[1])
+        : this;
 }
 
 // Returns a chunk of a string between start and end markers, or undefined
 String.prototype.getChunk = function(start,end)
 {
-	var r = this.getChunkRange(start,end);
-	if (r)
-		return this.substring(r[0],r[1]);
+    var r = this.getChunkRange(start,end);
+    if (r)
+        return this.substring(r[0],r[1]);
 }
 
 
 // Static method to bracket a string with double square brackets if it contains a space
 String.encodeTiddlyLink = function(title)
 {
-	if(title.indexOf(" ") == -1)
-		return(title);
-	else
-		return("[[" + title + "]]");
+    if(title.indexOf(" ") == -1)
+        return(title);
+    else
+        return("[[" + title + "]]");
 }
 
 // Static method to encodeTiddlyLink for every item in an array and join them with spaces
 String.encodeTiddlyLinkList = function(list)
 {
-	if(list)
-		{
-		var results = [];
-		for(var t=0; t<list.length; t++)
-			results.push(String.encodeTiddlyLink(list[t]));
-		return results.join(" ");
-		}
-	else
-		return "";
+    if(list)
+        {
+        var results = [];
+        for(var t=0; t<list.length; t++)
+            results.push(String.encodeTiddlyLink(list[t]));
+        return results.join(" ");
+        }
+    else
+        return "";
 }
 
 // Static method to left-pad a string with 0s to a certain width
 String.zeroPad = function(n,d)
 {
-	var s = n.toString();
-	if(s.length < d)
-		s = "000000000000000000000000000".substr(0,d-s.length) + s;
-	return(s);
+    var s = n.toString();
+    if(s.length < d)
+        s = "000000000000000000000000000".substr(0,d-s.length) + s;
+    return(s);
 }
 
-String.prototype.startsWith = function(prefix) 
+String.prototype.startsWith = function(prefix)
 {
-	return !prefix || this.substring(0,prefix.length) == prefix;
+    return !prefix || this.substring(0,prefix.length) == prefix;
 }
 
 // Returns the first value of the given named parameter.
@@ -6136,10 +6136,10 @@
 //# @return [may be null/undefined]
 //#
 function getParam(params, name, defaultValue) {
-	if (!params)
-		return defaultValue;
-	var p = params[0][name];
-	return p ? p[0] : defaultValue;
+    if (!params)
+        return defaultValue;
+    var p = params[0][name];
+    return p ? p[0] : defaultValue;
 }
 
 // Returns the first value of the given boolean named parameter.
@@ -6148,107 +6148,107 @@
 //#         as returned by parseParams or null/undefined
 //#
 function getFlag(params, name, defaultValue) {
-	return !!getParam(params, name, defaultValue);
-} 
-	
+    return !!getParam(params, name, defaultValue);
+}
+
 // Substitute date components into a string
 Date.prototype.formatString = function(template)
 {
-	var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
-	t = t.replace(/hh12/g,this.getHours12());
-	t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
-	t = t.replace(/hh/g,this.getHours());
-	t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
-	t = t.replace(/mm/g,this.getMinutes());
-	t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
-	t = t.replace(/ss/g,this.getSeconds());
-	t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
-	t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
-	t = t.replace(/wYYYY/g,this.getYearForWeekNo());
-	t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
-	t = t.replace(/YYYY/g,this.getFullYear());
-	t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
-	t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
-	t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
-	t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
-	t = t.replace(/MM/g,this.getMonth()+1);
-	t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
-	t = t.replace(/WW/g,this.getWeek());
-	t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
-	t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
-	t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
-	t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
-	t = t.replace(/DD/g,this.getDate());
-	return t;
+    var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+    t = t.replace(/hh12/g,this.getHours12());
+    t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+    t = t.replace(/hh/g,this.getHours());
+    t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+    t = t.replace(/mm/g,this.getMinutes());
+    t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+    t = t.replace(/ss/g,this.getSeconds());
+    t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+    t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+    t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+    t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+    t = t.replace(/YYYY/g,this.getFullYear());
+    t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+    t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+    t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+    t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+    t = t.replace(/MM/g,this.getMonth()+1);
+    t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+    t = t.replace(/WW/g,this.getWeek());
+    t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+    t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+    t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+    t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+    t = t.replace(/DD/g,this.getDate());
+    return t;
 }
 
 Date.prototype.getWeek = function()
 {
-	var dt = new Date(this.getTime());
-	var d = dt.getDay();
-	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
-	var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000); 
-	return Math.floor(n/7)+1;
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+    var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000);
+    return Math.floor(n/7)+1;
 }
 
 Date.prototype.getYearForWeekNo = function()
 {
-	var dt = new Date(this.getTime());
-	var d = dt.getDay();
-	if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-	dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
-	return dt.getFullYear();
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+    return dt.getFullYear();
 }
 
 Date.prototype.getHours12 = function()
 {
-	var h = this.getHours();
-	return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+    var h = this.getHours();
+    return h > 12 ? h-12 : ( h > 0 ? h : 12 );
 }
 
 Date.prototype.getAmPm = function()
 {
-	return this.getHours() >= 12 ? "pm" : "am";
+    return this.getHours() >= 12 ? "pm" : "am";
 }
 
 Date.prototype.daySuffix = function()
 {
-	var num = this.getDate();
-	if (num >= 11 && num <= 13) return "th";
-	else if (num.toString().substr(-1)=="1") return "st";
-	else if (num.toString().substr(-1)=="2") return "nd";
-	else if (num.toString().substr(-1)=="3") return "rd";
-	return "th";
+    var num = this.getDate();
+    if (num >= 11 && num <= 13) return "th";
+    else if (num.toString().substr(-1)=="1") return "st";
+    else if (num.toString().substr(-1)=="2") return "nd";
+    else if (num.toString().substr(-1)=="3") return "rd";
+    return "th";
 }
 
 // Convert a date to local YYYYMMDDHHMM string format
 Date.prototype.convertToLocalYYYYMMDDHHMM = function()
 {
-	return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+    return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
 }
 
 // Convert a date to UTC YYYYMMDDHHMM string format
 Date.prototype.convertToYYYYMMDDHHMM = function()
 {
-	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
 }
 
 // Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
 Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
 {
-	return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
 }
 
 // Static method to create a date from a UTC YYYYMMDDHHMM format string
 Date.convertFromYYYYMMDDHHMM = function(d)
 {
-	var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
-							parseInt(d.substr(4,2),10)-1,
-							parseInt(d.substr(6,2),10),
-							parseInt(d.substr(8,2),10),
-							parseInt(d.substr(10,2),10),0,0));
-	return(theDate);
+    var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+                            parseInt(d.substr(4,2),10)-1,
+                            parseInt(d.substr(6,2),10),
+                            parseInt(d.substr(8,2),10),
+                            parseInt(d.substr(10,2),10),0,0));
+    return(theDate);
 }
 
 // ---------------------------------------------------------------------------------
@@ -6261,141 +6261,141 @@
 // Convert a string to an array of big-endian 32-bit words
 Crypto.strToBe32s = function(str)
 {
-	var be = Array();
-	var len = Math.floor(str.length/4);
-	var i, j;
-	for(i=0, j=0; i<len; i++, j+=4)
-		{
-		be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
-		}
-	while (j<str.length)
-		{
-		be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
-		j++;
-		}
-	return be;
+    var be = Array();
+    var len = Math.floor(str.length/4);
+    var i, j;
+    for(i=0, j=0; i<len; i++, j+=4)
+        {
+        be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+        }
+    while (j<str.length)
+        {
+        be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+        j++;
+        }
+    return be;
 }
 
 // Convert an array of big-endian 32-bit words to a string
 Crypto.be32sToStr = function(be)
 {
-	var str = "";
-	for(var i=0;i<be.length*32;i+=8)
-		str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
-	return str;
+    var str = "";
+    for(var i=0;i<be.length*32;i+=8)
+        str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+    return str;
 }
 
 // Convert an array of big-endian 32-bit words to a hex string
 Crypto.be32sToHex = function(be)
 {
-	var hex = "0123456789ABCDEF";
-	var str = "";
-	for(var i=0;i<be.length*4;i++)
-		str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
-	return str;
+    var hex = "0123456789ABCDEF";
+    var str = "";
+    for(var i=0;i<be.length*4;i++)
+        str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+    return str;
 }
 
 // Return, in hex, the SHA-1 hash of a string
 Crypto.hexSha1Str = function(str)
 {
-	return Crypto.be32sToHex(Crypto.sha1Str(str));
+    return Crypto.be32sToHex(Crypto.sha1Str(str));
 }
 
 // Return the SHA-1 hash of a string
 Crypto.sha1Str = function(str)
 {
-	return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+    return Crypto.sha1(Crypto.strToBe32s(str),str.length);
 }
 
 // Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
 Crypto.sha1 = function(x,blen)
 {
-	// Add 32-bit integers, wrapping at 32 bits
-	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-	add32 = function(a,b)
-	{
-		var lsw = (a&0xFFFF)+(b&0xFFFF);
-		var msw = (a>>16)+(b>>16)+(lsw>>16);
-		return (msw<<16)|(lsw&0xFFFF);
-	};
-	// Add five 32-bit integers, wrapping at 32 bits
-	//# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-	add32x5 = function(a,b,c,d,e)
-	{
-		var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
-		var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
-		return (msw<<16)|(lsw&0xFFFF);
-	};
-	// Bitwise rotate left a 32-bit integer by 1 bit
-	rol32 = function(n)
-	{
-		return (n>>>31)|(n<<1);
-	};
-
-	var len = blen*8;
-	// Append padding so length in bits is 448 mod 512
-	x[len>>5] |= 0x80 << (24-len%32);
-	// Append length
-	x[((len+64>>9)<<4)+15] = len;
-	var w = Array(80);
-
-	var k1 = 0x5A827999;
-	var k2 = 0x6ED9EBA1;
-	var k3 = 0x8F1BBCDC;
-	var k4 = 0xCA62C1D6;
-
-	var h0 = 0x67452301;
-	var h1 = 0xEFCDAB89;
-	var h2 = 0x98BADCFE;
-	var h3 = 0x10325476;
-	var h4 = 0xC3D2E1F0;
-
-	for(var i=0;i<x.length;i+=16)
-		{
-		var j,t;
-		var a = h0;
-		var b = h1;
-		var c = h2;
-		var d = h3;
-		var e = h4;
-		for(j = 0;j<16;j++)
-			{
-			w[j] = x[i+j];
-			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=16;j<20;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=20;j<40;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=40;j<60;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-		for(j=60;j<80;j++)
-			{
-			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
-			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-			}
-
-		h0 = add32(h0,a);
-		h1 = add32(h1,b);
-		h2 = add32(h2,c);
-		h3 = add32(h3,d);
-		h4 = add32(h4,e);
-		}
-	return Array(h0,h1,h2,h3,h4);
+    // Add 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32 = function(a,b)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Add five 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32x5 = function(a,b,c,d,e)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Bitwise rotate left a 32-bit integer by 1 bit
+    rol32 = function(n)
+    {
+        return (n>>>31)|(n<<1);
+    };
+
+    var len = blen*8;
+    // Append padding so length in bits is 448 mod 512
+    x[len>>5] |= 0x80 << (24-len%32);
+    // Append length
+    x[((len+64>>9)<<4)+15] = len;
+    var w = Array(80);
+
+    var k1 = 0x5A827999;
+    var k2 = 0x6ED9EBA1;
+    var k3 = 0x8F1BBCDC;
+    var k4 = 0xCA62C1D6;
+
+    var h0 = 0x67452301;
+    var h1 = 0xEFCDAB89;
+    var h2 = 0x98BADCFE;
+    var h3 = 0x10325476;
+    var h4 = 0xC3D2E1F0;
+
+    for(var i=0;i<x.length;i+=16)
+        {
+        var j,t;
+        var a = h0;
+        var b = h1;
+        var c = h2;
+        var d = h3;
+        var e = h4;
+        for(j = 0;j<16;j++)
+            {
+            w[j] = x[i+j];
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=16;j<20;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=20;j<40;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=40;j<60;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=60;j<80;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+
+        h0 = add32(h0,a);
+        h1 = add32(h1,b);
+        h2 = add32(h2,c);
+        h3 = add32(h3,d);
+        h4 = add32(h4,e);
+        }
+    return Array(h0,h1,h2,h3,h4);
 }
 
 // ---------------------------------------------------------------------------------
@@ -6405,45 +6405,45 @@
 // Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
 function RGB(r,g,b)
 {
-	this.r = 0;
-	this.g = 0;
-	this.b = 0;
-	if(typeof r == "string")
-		{
-		if(r.substr(0,1) == "#")
-			{
-			if(r.length == 7)
-				{
-				this.r = parseInt(r.substr(1,2),16)/255;
-				this.g = parseInt(r.substr(3,2),16)/255;
-				this.b = parseInt(r.substr(5,2),16)/255;
-				}
-			else
-				{
-				this.r = parseInt(r.substr(1,1),16)/15;
-				this.g = parseInt(r.substr(2,1),16)/15;
-				this.b = parseInt(r.substr(3,1),16)/15;
-				}
-			}
-		else
-			{
-			var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
-			var c = r.match(rgbPattern);
-			if (c)
-				{
-				this.r = parseInt(c[1],10)/255;
-				this.g = parseInt(c[2],10)/255;
-				this.b = parseInt(c[3],10)/255;
-				}
-			}
-		}
-	else
-		{
-		this.r = r;
-		this.g = g;
-		this.b = b;
-		}
-	return this;
+    this.r = 0;
+    this.g = 0;
+    this.b = 0;
+    if(typeof r == "string")
+        {
+        if(r.substr(0,1) == "#")
+            {
+            if(r.length == 7)
+                {
+                this.r = parseInt(r.substr(1,2),16)/255;
+                this.g = parseInt(r.substr(3,2),16)/255;
+                this.b = parseInt(r.substr(5,2),16)/255;
+                }
+            else
+                {
+                this.r = parseInt(r.substr(1,1),16)/15;
+                this.g = parseInt(r.substr(2,1),16)/15;
+                this.b = parseInt(r.substr(3,1),16)/15;
+                }
+            }
+        else
+            {
+            var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+            var c = r.match(rgbPattern);
+            if (c)
+                {
+                this.r = parseInt(c[1],10)/255;
+                this.g = parseInt(c[2],10)/255;
+                this.b = parseInt(c[3],10)/255;
+                }
+            }
+        }
+    else
+        {
+        this.r = r;
+        this.g = g;
+        this.b = b;
+        }
+    return this;
 }
 
 // Mixes this colour with another in a specified proportion
@@ -6452,18 +6452,18 @@
 // Returns an RGB object
 RGB.prototype.mix = function(c,f)
 {
-	return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+    return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
 }
 
 // Return an rgb colour as a #rrggbb format hex string
 RGB.prototype.toString = function()
 {
-	var r = this.r.clamp(0,1);
-	var g = this.g.clamp(0,1);
-	var b = this.b.clamp(0,1);
-	return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
-				 ("0" + Math.floor(g * 255).toString(16)).right(2) +
-				 ("0" + Math.floor(b * 255).toString(16)).right(2));
+    var r = this.r.clamp(0,1);
+    var g = this.g.clamp(0,1);
+    var b = this.b.clamp(0,1);
+    return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(b * 255).toString(16)).right(2));
 }
 
 // ---------------------------------------------------------------------------------
@@ -6472,325 +6472,325 @@
 
 function drawGradient(place,horiz,colours)
 {
-	for(var t=0; t<= 100; t+=2)
-		{
-		var bar = document.createElement("div");
-		place.appendChild(bar);
-		bar.style.position = "absolute";
-		bar.style.left = horiz ? t + "%" : 0;
-		bar.style.top = horiz ? 0 : t + "%";
-		bar.style.width = horiz ? (101-t) + "%" : "100%";
-		bar.style.height = horiz ? "100%" : (101-t) + "%";
-		bar.style.zIndex = -1;
-		var f = t/100;
-		var p = f*(colours.length-1);
-		bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
-		}
+    for(var t=0; t<= 100; t+=2)
+        {
+        var bar = document.createElement("div");
+        place.appendChild(bar);
+        bar.style.position = "absolute";
+        bar.style.left = horiz ? t + "%" : 0;
+        bar.style.top = horiz ? 0 : t + "%";
+        bar.style.width = horiz ? (101-t) + "%" : "100%";
+        bar.style.height = horiz ? "100%" : (101-t) + "%";
+        bar.style.zIndex = -1;
+        var f = t/100;
+        var p = f*(colours.length-1);
+        bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+        }
 }
 
 function createTiddlyText(theParent,theText)
 {
-	return theParent.appendChild(document.createTextNode(theText));
+    return theParent.appendChild(document.createTextNode(theText));
 }
 
 function createTiddlyCheckbox(theParent,caption,checked,onChange)
 {
-	var cb = document.createElement("input");
-	cb.setAttribute("type","checkbox");
-	cb.onclick = onChange;
-	theParent.appendChild(cb);
-	cb.checked = checked;
-	cb.className = "chkOptionInput";
-	if(caption)
-		wikify(caption,theParent);
-	return cb;
+    var cb = document.createElement("input");
+    cb.setAttribute("type","checkbox");
+    cb.onclick = onChange;
+    theParent.appendChild(cb);
+    cb.checked = checked;
+    cb.className = "chkOptionInput";
+    if(caption)
+        wikify(caption,theParent);
+    return cb;
 }
 
 function createTiddlyElement(theParent,theElement,theID,theClass,theText)
 {
-	var e = document.createElement(theElement);
-	if(theClass != null)
-		e.className = theClass;
-	if(theID != null)
-		e.setAttribute("id",theID);
-	if(theText != null)
-		e.appendChild(document.createTextNode(theText));
-	if(theParent != null)
-		theParent.appendChild(e);
-	return(e);
+    var e = document.createElement(theElement);
+    if(theClass != null)
+        e.className = theClass;
+    if(theID != null)
+        e.setAttribute("id",theID);
+    if(theText != null)
+        e.appendChild(document.createTextNode(theText));
+    if(theParent != null)
+        theParent.appendChild(e);
+    return(e);
 }
 
 // Add an event handler
 // Thanks to John Resig, via QuirksMode
 function addEvent(obj,type,fn)
 {
-	if(obj.attachEvent)
-		{
-		obj['e'+type+fn] = fn;
-		obj[type+fn] = function(){obj['e'+type+fn](window.event);}
-		obj.attachEvent('on'+type,obj[type+fn]);
-		}
-	else
-		obj.addEventListener(type,fn,false);
+    if(obj.attachEvent)
+        {
+        obj['e'+type+fn] = fn;
+        obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+        obj.attachEvent('on'+type,obj[type+fn]);
+        }
+    else
+        obj.addEventListener(type,fn,false);
 }
 
 // Remove  an event handler
 // Thanks to John Resig, via QuirksMode
 function removeEvent(obj,type,fn)
 {
-	if(obj.detachEvent)
-		{
-		obj.detachEvent('on'+type,obj[type+fn]);
-		obj[type+fn] = null;
-		}
-	else
-		obj.removeEventListener(type,fn,false);
+    if(obj.detachEvent)
+        {
+        obj.detachEvent('on'+type,obj[type+fn]);
+        obj[type+fn] = null;
+        }
+    else
+        obj.removeEventListener(type,fn,false);
 }
 
 function addClass(e,theClass)
 {
-	var currClass = e.className.split(" ");
-	if(currClass.indexOf(theClass) == -1)
-		e.className += " " + theClass;
+    var currClass = e.className.split(" ");
+    if(currClass.indexOf(theClass) == -1)
+        e.className += " " + theClass;
 }
 
 function removeClass(e,theClass)
 {
-	var currClass = e.className.split(" ");
-	var i = currClass.indexOf(theClass);
-	while(i != -1)
-		{
-		currClass.splice(i,1);
-		i = currClass.indexOf(theClass);
-		}
-	e.className = currClass.join(" ");
+    var currClass = e.className.split(" ");
+    var i = currClass.indexOf(theClass);
+    while(i != -1)
+        {
+        currClass.splice(i,1);
+        i = currClass.indexOf(theClass);
+        }
+    e.className = currClass.join(" ");
 }
 
 function hasClass(e,theClass)
 {
-	if(e.className)
-		{
-		if(e.className.split(" ").indexOf(theClass) != -1)
-			return true;
-		}
-	return false;
+    if(e.className)
+        {
+        if(e.className.split(" ").indexOf(theClass) != -1)
+            return true;
+        }
+    return false;
 }
 
 // Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
 function findRelated(e,value,name,relative)
 {
-	name = name ? name : "tagName";
-	relative = relative ? relative : "parentNode";
-	if(name == "className")
-		{
-		while(e && !hasClass(e,value))
-			{
-			e = e[relative];
-			}
-		}
-	else
-		{
-		while(e && e[name] != value)
-			{
-			e = e[relative];
-			}
-		}
-	return e;
+    name = name ? name : "tagName";
+    relative = relative ? relative : "parentNode";
+    if(name == "className")
+        {
+        while(e && !hasClass(e,value))
+            {
+            e = e[relative];
+            }
+        }
+    else
+        {
+        while(e && e[name] != value)
+            {
+            e = e[relative];
+            }
+        }
+    return e;
 }
 
 // Resolve the target object of an event
 function resolveTarget(e)
 {
-	var obj;
-	if (e.target)
-		obj = e.target;
-	else if (e.srcElement)
-		obj = e.srcElement;
-	if (obj.nodeType == 3) // defeat Safari bug
-		obj = obj.parentNode;
-	return(obj);
+    var obj;
+    if (e.target)
+        obj = e.target;
+    else if (e.srcElement)
+        obj = e.srcElement;
+    if (obj.nodeType == 3) // defeat Safari bug
+        obj = obj.parentNode;
+    return(obj);
 }
 
 // Return the content of an element as plain text with no formatting
 function getPlainText(e)
 {
-	var text = "";
-	if(e.innerText)
-		text = e.innerText;
-	else if(e.textContent)
-		text = e.textContent;
-	return text;
+    var text = "";
+    if(e.innerText)
+        text = e.innerText;
+    else if(e.textContent)
+        text = e.textContent;
+    return text;
 }
 
 // Get the scroll position for window.scrollTo necessary to scroll a given element into view
 function ensureVisible(e)
 {
-	var posTop = findPosY(e);
-	var posBot = posTop + e.offsetHeight;
-	var winTop = findScrollY();
-	var winHeight = findWindowHeight();
-	var winBot = winTop + winHeight;
-	if(posTop < winTop)
-		return(posTop);
-	else if(posBot > winBot)
-		{
-		if(e.offsetHeight < winHeight)
-			return(posTop - (winHeight - e.offsetHeight));
-		else
-			return(posTop);
-		}
-	else
-		return(winTop);
+    var posTop = findPosY(e);
+    var posBot = posTop + e.offsetHeight;
+    var winTop = findScrollY();
+    var winHeight = findWindowHeight();
+    var winBot = winTop + winHeight;
+    if(posTop < winTop)
+        return(posTop);
+    else if(posBot > winBot)
+        {
+        if(e.offsetHeight < winHeight)
+            return(posTop - (winHeight - e.offsetHeight));
+        else
+            return(posTop);
+        }
+    else
+        return(winTop);
 }
 
 // Get the current width of the display window
 function findWindowWidth()
 {
-	return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+    return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
 }
 
 // Get the current height of the display window
 function findWindowHeight()
 {
-	return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+    return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
 }
 
 // Get the current horizontal page scroll position
 function findScrollX()
 {
-	return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+    return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
 }
 
 // Get the current vertical page scroll position
 function findScrollY()
 {
-	return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+    return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
 }
 
 function findPosX(obj)
 {
-	var curleft = 0;
-	while (obj.offsetParent)
-		{
-		curleft += obj.offsetLeft;
-		obj = obj.offsetParent;
-		}
-	return curleft;
+    var curleft = 0;
+    while (obj.offsetParent)
+        {
+        curleft += obj.offsetLeft;
+        obj = obj.offsetParent;
+        }
+    return curleft;
 }
 
 function findPosY(obj)
 {
-	var curtop = 0;
-	while (obj.offsetParent)
-		{
-		curtop += obj.offsetTop;
-		obj = obj.offsetParent;
-		}
-	return curtop;
+    var curtop = 0;
+    while (obj.offsetParent)
+        {
+        curtop += obj.offsetTop;
+        obj = obj.offsetParent;
+        }
+    return curtop;
 }
 
 // Blur a particular element
 function blurElement(e)
 {
-	if(e != null && e.focus && e.blur)
-		{
-		e.focus();
-		e.blur();
-		}
+    if(e != null && e.focus && e.blur)
+        {
+        e.focus();
+        e.blur();
+        }
 }
 
 // Create a non-breaking space
 function insertSpacer(place)
 {
-	var e = document.createTextNode(String.fromCharCode(160));
-	if(place)
-		place.appendChild(e);
-	return e;
+    var e = document.createTextNode(String.fromCharCode(160));
+    if(place)
+        place.appendChild(e);
+    return e;
 }
 
 // Remove all children of a node
 function removeChildren(e)
 {
-	while(e.hasChildNodes())
-		e.removeChild(e.firstChild);
+    while(e.hasChildNodes())
+        e.removeChild(e.firstChild);
 }
 
 // Add a stylesheet, replacing any previous custom stylesheet
 function setStylesheet(s,id)
 {
-	if(!id)
-		id = "customStyleSheet";
-	var n = document.getElementById(id);
-	if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
-		{
-		if(n)
-			n.parentNode.removeChild(n);
-		// This failed without the &nbsp;
-		document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
-		}
-	else
-		{
-		if(n)
-			n.replaceChild(document.createTextNode(s),n.firstChild);
-		else
-			{
-			var n = document.createElement("style");
-			n.type = "text/css";
-			n.id = id;
-			n.appendChild(document.createTextNode(s));
-			document.getElementsByTagName("head")[0].appendChild(n);
-			}
-		}
+    if(!id)
+        id = "customStyleSheet";
+    var n = document.getElementById(id);
+    if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+        {
+        if(n)
+            n.parentNode.removeChild(n);
+        // This failed without the &nbsp;
+        document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+        }
+    else
+        {
+        if(n)
+            n.replaceChild(document.createTextNode(s),n.firstChild);
+        else
+            {
+            var n = document.createElement("style");
+            n.type = "text/css";
+            n.id = id;
+            n.appendChild(document.createTextNode(s));
+            document.getElementsByTagName("head")[0].appendChild(n);
+            }
+        }
 }
 
 // Replace the current selection of a textarea or text input and scroll it into view
 
 function replaceSelection(e,text)
 {
-	if (e.setSelectionRange)
-		{
-		var oldpos = e.selectionStart + 1;
-		e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
-		e.setSelectionRange( oldpos, oldpos);
-		var linecount = e.value.split('\n').length;
-		var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
-		e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
-		}
-	else if (document.selection)
-		{
-		var range = document.selection.createRange();
-		if (range.parentElement() == e)
-			{
-			var isCollapsed = range.text == "";
-			range.text = text;
-			 if (!isCollapsed)
-				{
-				range.moveStart('character', -text.length);
-				range.select();
-				}
-			}
-		}
+    if (e.setSelectionRange)
+        {
+        var oldpos = e.selectionStart + 1;
+        e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+        e.setSelectionRange( oldpos, oldpos);
+        var linecount = e.value.split('\n').length;
+        var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+        e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+        }
+    else if (document.selection)
+        {
+        var range = document.selection.createRange();
+        if (range.parentElement() == e)
+            {
+            var isCollapsed = range.text == "";
+            range.text = text;
+             if (!isCollapsed)
+                {
+                range.moveStart('character', -text.length);
+                range.select();
+                }
+            }
+        }
 }
 
 // Returns the text of the given (text) node, possibly merging subsequent text nodes
 function getNodeText(e)
 {
-	var t = ""; 
-	while (e && e.nodeName == "#text")
-		{
-		t += e.nodeValue;
-		e = e.nextSibling;
-		}
-	return t;
+    var t = "";
+    while (e && e.nodeName == "#text")
+        {
+        t += e.nodeValue;
+        e = e.nextSibling;
+        }
+    return t;
 }
 //# -------------------------
 //# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
 //# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
 //# Subclasses must implement:
-//# 			function getTitle(store, e)
+//#             function getTitle(store, e)
 //#
 //# store must implement:
-//# 			function createTiddler(title).
+//#             function createTiddler(title).
 //#
 
 function LoaderBase()
@@ -6799,53 +6799,53 @@
 
 LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
 {
-	var title = this.getTitle(store, e);
-	if (title)
-		{
-		var tiddler = store.createTiddler(title);
-		this.internalizeTiddler(store, tiddler, title, e);
-		tiddlers.push(tiddler);
-		}
+    var title = this.getTitle(store, e);
+    if (title)
+        {
+        var tiddler = store.createTiddler(title);
+        this.internalizeTiddler(store, tiddler, title, e);
+        tiddlers.push(tiddler);
+        }
 }
 
 LoaderBase.prototype.loadTiddlers = function(store,nodes)
 {
-	var tiddlers = [];
-	for (var t = 0; t < nodes.length; t++)
-		{
-		try
-			{
-			this.loadTiddler(store, nodes[t], tiddlers);
-			}
-		catch(e)
-			{
-			showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
-			}
-		}
-	return tiddlers;
-}
-	
+    var tiddlers = [];
+    for (var t = 0; t < nodes.length; t++)
+        {
+        try
+            {
+            this.loadTiddler(store, nodes[t], tiddlers);
+            }
+        catch(e)
+            {
+            showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+            }
+        }
+    return tiddlers;
+}
+
 //# -------------------------
-//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string, 
-//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines 
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string,
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines
 //# Subclasses must implement:
-//# 			function externalizeTiddler(store, tiddler)
+//#             function externalizeTiddler(store, tiddler)
 //#
 //# store must implement:
-//# 			function getTiddlers(sortByFieldName)
+//#             function getTiddlers(sortByFieldName)
 //#
 
 function SaverBase()
 {
 }
 
-SaverBase.prototype.externalize = function(store) 
+SaverBase.prototype.externalize = function(store)
 {
-	var results = [];
-	var tiddlers = store.getTiddlers("title");
-	for (var t = 0; t < tiddlers.length; t++)
-		results.push(this.externalizeTiddler(store, tiddlers[t]));
-	return results.join("\n");
+    var results = [];
+    var tiddlers = store.getTiddlers("title");
+    for (var t = 0; t < tiddlers.length; t++)
+        results.push(this.externalizeTiddler(store, tiddlers[t]));
+    return results.join("\n");
 }
 //--------------------------------
 // TW21Loader (inherits from LoaderBase)
@@ -6855,34 +6855,34 @@
 TW21Loader.prototype = new LoaderBase();
 
 TW21Loader.prototype.getTitle = function(store, e) {
-	var title = null;
-	if(e.getAttribute)
-		title = e.getAttribute("tiddler");
-	if(!title && e.id) {	
-		var lenPrefix = store.idPrefix.length;
-		if (e.id.substr(0,lenPrefix) == store.idPrefix)
-			title = e.id.substr(lenPrefix);
-	}
-	return title;
+    var title = null;
+    if(e.getAttribute)
+        title = e.getAttribute("tiddler");
+    if(!title && e.id) {
+        var lenPrefix = store.idPrefix.length;
+        if (e.id.substr(0,lenPrefix) == store.idPrefix)
+            title = e.id.substr(lenPrefix);
+    }
+    return title;
 }
 
 TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
-	var text = getNodeText(data.firstChild).unescapeLineBreaks();
-	var modifier = data.getAttribute("modifier");
-	var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
-	var c = data.getAttribute("created");
-	var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
-	var tags = data.getAttribute("tags");
-	var fields = {};
-	var attrs = data.attributes;
-	for(var i = attrs.length-1; i >= 0; i--) {
-		var name = attrs[i].name;
-		if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
-			fields[name] = attrs[i].value.unescapeLineBreaks();
-		}
-	}
-	tiddler.assign(title,text,modifier,modified,tags,created, fields);
-	return tiddler;
+    var text = getNodeText(data.firstChild).unescapeLineBreaks();
+    var modifier = data.getAttribute("modifier");
+    var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+    var c = data.getAttribute("created");
+    var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+    var tags = data.getAttribute("tags");
+    var fields = {};
+    var attrs = data.attributes;
+    for(var i = attrs.length-1; i >= 0; i--) {
+        var name = attrs[i].name;
+        if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+            fields[name] = attrs[i].value.unescapeLineBreaks();
+        }
+    }
+    tiddler.assign(title,text,modifier,modified,tags,created, fields);
+    return tiddler;
 };
 
 //--------------------------------
@@ -6892,28 +6892,28 @@
 
 TW21Saver.prototype = new SaverBase();
 
-TW21Saver.prototype.externalizeTiddler = function(store, tiddler) 
-{
-	try {
-		var extendedFieldAttributes = "";
-		store.forEachField(tiddler, 
-			function(tiddler, fieldName, value) {
-				// don't store stuff from the temp namespace
-				if (!fieldName.match(/^temp\./))
-					extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
-			}, true);
-		return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
-				tiddler.title.htmlEncode(),
-				tiddler.modifier.htmlEncode(),
-				tiddler.modified.convertToYYYYMMDDHHMM(),
-				tiddler.created.convertToYYYYMMDDHHMM(),
-				tiddler.getTags().htmlEncode(),
-				tiddler.escapeLineBreaks().htmlEncode(),
-				extendedFieldAttributes
-			]);
-	} catch (e) {
-		throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
-	}
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler)
+{
+    try {
+        var extendedFieldAttributes = "";
+        store.forEachField(tiddler,
+            function(tiddler, fieldName, value) {
+                // don't store stuff from the temp namespace
+                if (!fieldName.match(/^temp\./))
+                    extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+            }, true);
+        return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+                tiddler.title.htmlEncode(),
+                tiddler.modifier.htmlEncode(),
+                tiddler.modified.convertToYYYYMMDDHHMM(),
+                tiddler.created.convertToYYYYMMDDHHMM(),
+                tiddler.getTags().htmlEncode(),
+                tiddler.escapeLineBreaks().htmlEncode(),
+                extendedFieldAttributes
+            ]);
+    } catch (e) {
+        throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+    }
 }
 
 // ---------------------------------------------------------------------------------
@@ -6923,75 +6923,75 @@
 // @Deprecated: Use createElementAndWikify and this.termRegExp instead
 config.formatterHelpers.charFormatHelper = function(w)
 {
-	w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+    w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
 }
 
 // @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
 config.formatterHelpers.monospacedByLineHelper = function(w)
 {
-	var lookaheadRegExp = new RegExp(this.lookahead,"mg");
-	lookaheadRegExp.lastIndex = w.matchStart;
-	var lookaheadMatch = lookaheadRegExp.exec(w.source);
-	if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-		{
-		var text = lookaheadMatch[1];
-		if(config.browser.isIE)
-			text = text.replace(/\n/g,"\r");
-		createTiddlyElement(w.output,"pre",null,null,text);
-		w.nextMatch = lookaheadRegExp.lastIndex;
-		}
+    var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+    lookaheadRegExp.lastIndex = w.matchStart;
+    var lookaheadMatch = lookaheadRegExp.exec(w.source);
+    if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+        {
+        var text = lookaheadMatch[1];
+        if(config.browser.isIE)
+            text = text.replace(/\n/g,"\r");
+        createTiddlyElement(w.output,"pre",null,null,text);
+        w.nextMatch = lookaheadRegExp.lastIndex;
+        }
 }
 
 // @Deprecated: Use <br> or <br /> instead of <<br>>
 config.macros.br.handler = function(place)
 {
-	createTiddlyElement(place,"br");
+    createTiddlyElement(place,"br");
 }
 
 // Find an entry in an array. Returns the array index or null
 // @Deprecated: Use indexOf instead
 Array.prototype.find = function(item)
 {
-	var i = this.indexOf(item);
-	return i == -1 ? null : i;
+    var i = this.indexOf(item);
+    return i == -1 ? null : i;
 }
 
 // Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
 // @Deprecated: Use store.getLoader().internalizeTiddler instead
 Tiddler.prototype.loadFromDiv = function(divRef,title)
 {
-	return store.getLoader().internalizeTiddler(store,this,title,divRef);
+    return store.getLoader().internalizeTiddler(store,this,title,divRef);
 }
 
 // Format the text for storage in an HTML DIV
 // @Deprecated Use store.getSaver().externalizeTiddler instead.
 Tiddler.prototype.saveToDiv = function()
 {
-	return store.getSaver().externalizeTiddler(store,this);
+    return store.getSaver().externalizeTiddler(store,this);
 }
 
 // @Deprecated: Use store.allTiddlersAsHtml() instead
 function allTiddlersAsHtml()
 {
-	return store.allTiddlersAsHtml();
+    return store.allTiddlersAsHtml();
 }
 
 // @Deprecated: Use refreshPageTemplate instead
 function applyPageTemplate(title)
 {
-	refreshPageTemplate(title);
+    refreshPageTemplate(title);
 }
 
 // @Deprecated: Use story.displayTiddlers instead
 function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
 {
-	story.displayTiddlers(srcElement,titles,template,animate,slowly);
+    story.displayTiddlers(srcElement,titles,template,animate,slowly);
 }
 
 // @Deprecated: Use story.displayTiddler instead
 function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
 {
-	story.displayTiddler(srcElement,title,template,animate,slowly);
+    story.displayTiddler(srcElement,title,template,animate,slowly);
 }
 
 // @Deprecated: Use functions on right hand side directly instead
@@ -7018,46 +7018,46 @@
 <style type="text/css">
 
 #saveTest {
-	display: none;
+    display: none;
 }
 
 .zoomer {
-	display: none;
+    display: none;
 }
 
 #messageArea {
-	display: none;
+    display: none;
 }
 
 #copyright {
-	display: none;
+    display: none;
 }
 
 .popup {
-	position: absolute;
+    position: absolute;
 }
 
 #storeArea {
-	display: none;
-	margin: 4em 10em 3em;
+    display: none;
+    margin: 4em 10em 3em;
 }
 
 #storeArea div {
  padding: 0.5em;
  margin: 1em 0em 0em 0em;
- border-color: #f0f0f0 #606060 #404040 #d0d0d0; 
- border-style: solid; 
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0;
+ border-style: solid;
  border-width: 2px;
  overflow: auto;
 }
 
 #javascriptWarning {
-	width: 100%;
-	text-align: center;
-	font-weight: bold;
-	background-color: #dd1100;
-	color: #fff;
-	padding:1em 0em; 
+    width: 100%;
+    text-align: center;
+    font-weight: bold;
+    background-color: #dd1100;
+    color: #fff;
+    padding:1em 0em;
 }
 
 </style>
@@ -7069,38 +7069,38 @@
 <!--PRE-BODY-START-->
 
 <!--PRE-BODY-END-->
-	<script type="text/javascript">
+    <script type="text/javascript">
 //<![CDATA[
 if (useJavaSaver)
-	document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+    document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
 //]]>
-	</script>
-	<div id="copyright">
-	Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
-	</div>
-	<noscript>
-		<div id="javascriptWarning">This page requires JavaScript to function properly</div>
-	</noscript>
-	<div id="saveTest"></div>
-	<div id="contentWrapper"></div>
-	<div id="contentStash"></div>
-	<div id="storeArea">
+    </script>
+    <div id="copyright">
+    Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+    </div>
+    <noscript>
+        <div id="javascriptWarning">This page requires JavaScript to function properly</div>
+    </noscript>
+    <div id="saveTest"></div>
+    <div id="contentWrapper"></div>
+    <div id="contentStash"></div>
+    <div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Cam" modifier="YourName" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="YourName" modified="201207011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="Cam" modifier="CameronRich" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="CameronRich" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
 <div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="YourName" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
-<div tiddler="MainMenu" modifier="CameronRich" modified="200702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
-<div tiddler="PageTemplate" modifier="YourName" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="YourName" modified="201205252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="License" modifier="CameronRich" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
+<div tiddler="MainMenu" modifier="CameronRich" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="CameronRich" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="CameronRich" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
 <div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
 <div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
 <div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="YourName" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="axhttpd" modifier="CameronRich" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 
 <!--POST-BODY-END-->
-	</body>
+    </body>
 </html>

From 82a7638efa7a0115f6dbe204ea79f90ec2e83150 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Nov 2014 03:51:22 +0000
Subject: [PATCH 206/301] * Added SHA256 * Return code checked for get_random()
 * MD2 code removed.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@238 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/Makefile                  |   4 +-
 crypto/crypto.h                  |  25 ++-
 crypto/md2.c                     | 162 -----------------
 crypto/sha256.c                  | 294 +++++++++++++++++++++++++++++++
 httpd/htpasswd.c                 |   7 +-
 ssl/Makefile                     |   4 +-
 ssl/asn1.c                       |  32 ++--
 ssl/crypto_misc.h                |   1 +
 ssl/test/camster_duckdns_org.crt |  31 ++++
 ssl/test/ssltest.c               | 224 ++++++++++++++---------
 ssl/test/verisign.x509_ca        | Bin 668 -> 0 bytes
 ssl/test/verisign.x509_my_cert   | Bin 1095 -> 0 bytes
 ssl/tls1.c                       |   4 +-
 ssl/tls1_clnt.c                  |   8 +-
 ssl/x509.c                       |  23 +--
 15 files changed, 531 insertions(+), 288 deletions(-)
 delete mode 100644 crypto/md2.c
 create mode 100644 crypto/sha256.c
 create mode 100644 ssl/test/camster_duckdns_org.crt
 delete mode 100644 ssl/test/verisign.x509_ca
 delete mode 100644 ssl/test/verisign.x509_my_cert

diff --git a/crypto/Makefile b/crypto/Makefile
index 3ea8bdde0c..360843d3c9 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -38,11 +38,11 @@ OBJ=\
 	bigint.o \
 	crypto_misc.o \
 	hmac.o \
-	md2.o \
 	md5.o \
 	rc4.o \
 	rsa.o \
-	sha1.o
+	sha1.o \
+	sha256.o	
 
 include ../config/makefile.post
 
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 128a56bab8..df11e923ae 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -124,22 +124,21 @@ void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
 void SHA1_Final(uint8_t *digest, SHA1_CTX *);
 
 /**************************************************************************
- * MD2 declarations 
+ * SHA256 declarations 
  **************************************************************************/
 
-#define MD2_SIZE 16
+#define SHA256_SIZE   32
 
 typedef struct
 {
-    unsigned char cksum[16];    /* checksum of the data block */
-    unsigned char state[48];    /* intermediate digest state */
-    unsigned char buffer[16];   /* data block being processed */
-    int left;                   /* amount of data in buffer */
-} MD2_CTX;
+    uint32_t total[2];
+    uint32_t state[8];
+    uint8_t buffer[64];
+} SHA256_CTX;
 
-EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
-EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
-EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
+void SHA256_Init(SHA256_CTX *c);
+void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
+void SHA256_Final(uint8_t digest[32], SHA256_CTX *);
 
 /**************************************************************************
  * MD5 declarations 
@@ -154,9 +153,9 @@ typedef struct
   uint8_t buffer[64];       /* input buffer */
 } MD5_CTX;
 
-EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
-EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
-EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
+void MD5_Init(MD5_CTX *);
+void MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+void MD5_Final(uint8_t *digest, MD5_CTX *);
 
 /**************************************************************************
  * HMAC declarations 
diff --git a/crypto/md2.c b/crypto/md2.c
deleted file mode 100644
index dee909a7a5..0000000000
--- a/crypto/md2.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- *  RFC 1115/1319 compliant MD2 implementation
- *  The MD2 algorithm was designed by Ron Rivest in 1989.
- *
- *  http://www.ietf.org/rfc/rfc1115.txt
- *  http://www.ietf.org/rfc/rfc1319.txt
- */
-
-#include <string.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "crypto.h"
-
-/**
- * This code is only here to enable the verification of Verisign root
- * certificates. So only enable it for verification mode.
- */
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-
-static const uint8_t PI_SUBST[256] =
-{
-    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
-    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
-    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
-    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
-    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
-    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
-    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
-    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
-    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
-    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
-    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
-    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
-    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
-    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
-    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
-    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
-    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
-    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
-    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
-    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
-};
-
-/*
- * MD2 context setup
- */
-EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx)
-{
-    memset(ctx, 0, sizeof *ctx);
-}
-
-static void md2_process(MD2_CTX *ctx)
-{
-    int i, j;
-    uint8_t t = 0;
-
-    for (i = 0; i < 16; i++)
-    {
-        ctx->state[i + 16] = ctx->buffer[i];
-        ctx->state[i + 32] = ctx->buffer[i] ^ ctx->state[i];
-    }
-
-    for (i = 0; i < 18; i++)
-    {
-        for (j = 0; j < 48; j++)
-            t = (ctx->state[j] ^= PI_SUBST[t]);
-
-        t = (t + i) & 0xFF;
-    }
-
-    t = ctx->cksum[15];
-
-    for (i = 0; i < 16; i++)
-        t = (ctx->cksum[i] ^= PI_SUBST[ctx->buffer[i] ^ t]);
-}
-
-/*
- * MD2 process buffer
- */
-EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen)
-{
-    int fill;
-
-    while (ilen > 0)
-    {
-        if (ctx->left + ilen > 16)
-            fill = 16 - ctx->left;
-        else
-            fill = ilen;
-
-        memcpy(ctx->buffer + ctx->left, input, fill);
-
-        ctx->left += fill;
-        input += fill;
-        ilen  -= fill;
-
-        if (ctx->left == 16)
-        {
-            ctx->left = 0;
-            md2_process(ctx);
-        }
-    }
-}
-
-/*
- * MD2 final digest
- */
-EXP_FUNC void STDCALL MD2_Final(uint8_t *output, MD2_CTX *ctx)
-{
-    int i;
-    uint8_t x;
-
-    x = (uint8_t)(16 - ctx->left);
-
-    for (i = ctx->left; i < 16; i++)
-        ctx->buffer[i] = x;
-
-    md2_process(ctx);
-
-    memcpy(ctx->buffer, ctx->cksum, 16);
-    md2_process(ctx);
-
-    memcpy(output, ctx->state, 16);
-}
-
-#endif
diff --git a/crypto/sha256.c b/crypto/sha256.c
new file mode 100644
index 0000000000..0c1d04ae4c
--- /dev/null
+++ b/crypto/sha256.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ *  FIPS-180-2 compliant SHA-256 implementation
+ *
+ *  Copyright (C) 2001-2003  Christophe Devine
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+#define GET_UINT32(n,b,i)                       \
+{                                               \
+    (n) = ((uint32_t) (b)[(i)    ] << 24)       \
+        | ((uint32_t) (b)[(i) + 1] << 16)       \
+        | ((uint32_t) (b)[(i) + 2] <<  8)       \
+        | ((uint32_t) (b)[(i) + 3]      );      \
+}
+
+#define PUT_UINT32(n,b,i)                       \
+{                                               \
+    (b)[(i)    ] = (uint8_t) ((n) >> 24);       \
+    (b)[(i) + 1] = (uint8_t) ((n) >> 16);       \
+    (b)[(i) + 2] = (uint8_t) ((n) >>  8);       \
+    (b)[(i) + 3] = (uint8_t) ((n)      );       \
+}
+
+static const uint8_t sha256_padding[64] =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/**
+ * Initialize the SHA256 context 
+ */
+void SHA256_Init(SHA256_CTX *ctx)
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x6A09E667;
+    ctx->state[1] = 0xBB67AE85;
+    ctx->state[2] = 0x3C6EF372;
+    ctx->state[3] = 0xA54FF53A;
+    ctx->state[4] = 0x510E527F;
+    ctx->state[5] = 0x9B05688C;
+    ctx->state[6] = 0x1F83D9AB;
+    ctx->state[7] = 0x5BE0CD19;
+}
+
+void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
+{
+    uint32_t temp1, temp2, W[64];
+    uint32_t A, B, C, D, E, F, G, H;
+
+    GET_UINT32(W[0],  digest,  0);
+    GET_UINT32(W[1],  digest,  4);
+    GET_UINT32(W[2],  digest,  8);
+    GET_UINT32(W[3],  digest, 12);
+    GET_UINT32(W[4],  digest, 16);
+    GET_UINT32(W[5],  digest, 20);
+    GET_UINT32(W[6],  digest, 24);
+    GET_UINT32(W[7],  digest, 28);
+    GET_UINT32(W[8],  digest, 32);
+    GET_UINT32(W[9],  digest, 36);
+    GET_UINT32(W[10], digest, 40);
+    GET_UINT32(W[11], digest, 44);
+    GET_UINT32(W[12], digest, 48);
+    GET_UINT32(W[13], digest, 52);
+    GET_UINT32(W[14], digest, 56);
+    GET_UINT32(W[15], digest, 60);
+
+#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+
+#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
+#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
+
+#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define R(t)                                    \
+(                                              \
+    W[t] = S1(W[t -  2]) + W[t -  7] +          \
+           S0(W[t - 15]) + W[t - 16]            \
+)
+
+#define P(a,b,c,d,e,f,g,h,x,K)                  \
+{                                               \
+    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
+    temp2 = S2(a) + F0(a,b,c);                  \
+    d += temp1; h = temp1 + temp2;              \
+}
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+    F = ctx->state[5];
+    G = ctx->state[6];
+    H = ctx->state[7];
+
+    P(A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
+    P(H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
+    P(G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
+    P(F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
+    P(E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
+    P(D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
+    P(C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
+    P(B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
+    P(A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
+    P(H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
+    P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
+    P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
+    P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
+    P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
+    P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
+    P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
+    P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
+    P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
+    P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
+    P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
+    P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
+    P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
+    P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
+    P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
+    P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
+    P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
+    P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
+    P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
+    P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
+    P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
+    P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
+    P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
+    P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
+    P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
+    P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
+    P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
+    P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
+    P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
+    P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
+    P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
+    P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
+    P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
+    P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
+    P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
+    P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
+    P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
+    P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
+    P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
+    P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
+    P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
+    P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
+    P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
+    P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
+    P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
+    P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
+    P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
+    P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
+    P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
+    P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
+    P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
+    P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
+    P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
+    P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
+    P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+    ctx->state[5] += F;
+    ctx->state[6] += G;
+    ctx->state[7] += H;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA256_Update(SHA256_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t left = ctx->total[0] & 0x3F;
+    uint32_t fill = 64 - left;
+
+    ctx->total[0] += len;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if (ctx->total[0] < len)
+        ctx->total[1]++;
+
+    if (left && len >= fill)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *)msg, fill);
+        SHA256_Process(ctx->buffer, ctx);
+        len -= fill;
+        msg  += fill;
+        left = 0;
+    }
+
+    while (len >= 64)
+    {
+        SHA256_Process(msg, ctx);
+        len -= 64;
+        msg  += 64;
+    }
+
+    if (len)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *) msg, len);
+    }
+}
+
+/**
+ * Return the 256-bit message digest into the user's array
+ */
+void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    uint8_t msglen[8];
+
+    high = (ctx->total[0] >> 29)
+         | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
+
+    PUT_UINT32(high, msglen, 0);
+    PUT_UINT32(low,  msglen, 4);
+
+    last = ctx->total[0] & 0x3F;
+    padn = (last < 56) ? (56 - last) : (120 - last);
+
+    SHA256_Update(ctx, sha256_padding, padn);
+    SHA256_Update(ctx, msglen, 8);
+
+    PUT_UINT32(ctx->state[0], digest,  0);
+    PUT_UINT32(ctx->state[1], digest,  4);
+    PUT_UINT32(ctx->state[2], digest,  8);
+    PUT_UINT32(ctx->state[3], digest, 12);
+    PUT_UINT32(ctx->state[4], digest, 16);
+    PUT_UINT32(ctx->state[5], digest, 20);
+    PUT_UINT32(ctx->state[6], digest, 24);
+    PUT_UINT32(ctx->state[7], digest, 28);
+}
diff --git a/httpd/htpasswd.c b/httpd/htpasswd.c
index 7c99abf1e4..91feea119d 100644
--- a/httpd/htpasswd.c
+++ b/httpd/htpasswd.c
@@ -121,7 +121,12 @@ int main(int argc, char *argv[])
     }
 
     RNG_initialize();
-    get_random(MD5_SIZE, md5_salt);
+    if (get_random(MD5_SIZE, md5_salt) < 0)
+    {
+        fprintf(stderr, "Can't get random data\n" );
+        exit(1);
+    }
+
     RNG_terminate();
     base64_encode(md5_salt, MD5_SIZE, b64_salt, sizeof(b64_salt));
 
diff --git a/ssl/Makefile b/ssl/Makefile
index aafe7bc9b6..b8dd55a921 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -69,11 +69,11 @@ CRYPTO_OBJ=\
 	$(CRYPTO_PATH)bigint.o \
 	$(CRYPTO_PATH)crypto_misc.o \
 	$(CRYPTO_PATH)hmac.o \
-	$(CRYPTO_PATH)md2.o \
 	$(CRYPTO_PATH)md5.o \
 	$(CRYPTO_PATH)rc4.o \
 	$(CRYPTO_PATH)rsa.o \
-	$(CRYPTO_PATH)sha1.o
+	$(CRYPTO_PATH)sha1.o \
+	$(CRYPTO_PATH)sha256.o
 
 OBJ=\
 	asn1.o \
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 4e468755d4..3d6e23055e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -40,22 +40,23 @@
 #include "crypto.h"
 #include "crypto_misc.h"
 
-#define SIG_OID_PREFIX_SIZE 8
-#define SIG_IIS6_OID_SIZE   5
-#define SIG_SUBJECT_ALT_NAME_SIZE 3
-
 /* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
-static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
+static const uint8_t sig_oid_prefix[] = 
 {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
 };
 
-static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
+static const uint8_t sig_sha1WithRSAEncrypt[] =
 {
     0x2b, 0x0e, 0x03, 0x02, 0x1d
 };
 
-static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
+static const uint8_t sig_sha256WithRSAEncrypt[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+};
+
+static const uint8_t sig_subject_alt_name[] =
 {
     0x55, 0x1d, 0x11
 };
@@ -553,7 +554,7 @@ int asn1_find_oid(const uint8_t* cert, int* offset,
 int asn1_find_subjectaltname(const uint8_t* cert, int offset)
 {
     if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
-                                SIG_SUBJECT_ALT_NAME_SIZE))
+                                sizeof(sig_subject_alt_name)))
     {
         return offset;
     }
@@ -577,17 +578,24 @@ int asn1_signature_type(const uint8_t *cert,
 
     len = get_asn1_length(cert, offset);
 
-    if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
-                                    SIG_IIS6_OID_SIZE) == 0)
+    if (len == sizeof(sig_sha1WithRSAEncrypt) && 
+            memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
+                                    sizeof(sig_sha1WithRSAEncrypt)) == 0)
     {
         x509_ctx->sig_type = SIG_TYPE_SHA1;
     }
+    else if (len == sizeof(sig_sha256WithRSAEncrypt) && 
+            memcmp(sig_sha256WithRSAEncrypt, &cert[*offset], 
+                                    sizeof(sig_sha256WithRSAEncrypt)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA256;
+    }
     else
     {
-        if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
+        if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
             goto end_check_sig;     /* unrecognised cert type */
 
-        x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+        x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
     }
 
     *offset += len;
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 9bbc8e5ca7..bc681117b2 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -126,6 +126,7 @@ const char * x509_display_error(int error);
 #define SIG_TYPE_MD2            0x02
 #define SIG_TYPE_MD5            0x04
 #define SIG_TYPE_SHA1           0x05
+#define SIG_TYPE_SHA256         0x0b
 
 int get_asn1_length(const uint8_t *buf, int *offset);
 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
diff --git a/ssl/test/camster_duckdns_org.crt b/ssl/test/camster_duckdns_org.crt
new file mode 100644
index 0000000000..453bafa375
--- /dev/null
+++ b/ssl/test/camster_duckdns_org.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFXTCCBEWgAwIBAgIQRKGXkBbin0Hge3vNu4Z04TANBgkqhkiG9w0BAQsFADCB
+kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
+BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
+QTAeFw0xNDExMTIwMDAwMDBaFw0xNzExMTEyMzU5NTlaMFcxITAfBgNVBAsTGERv
+bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxHDAa
+BgNVBAMTE2NhbXN0ZXIuZHVja2Rucy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCvKi9/3GOq1pqgnIQR2hTxr1kv17pUzpQeAVOZVCd/q6KbMrsw
+ayPj41hJd+EVtu6DV8Zd/Rxv4P6i2HTRWev9aE2+vFfTmhIZG0HUZqs3Fbq6yONn
+ox8d7Dsu/vwIkyaIE9mMAYYr81bX86v8cmvCHatCO/lluwUqjnXUjYpMOpTopHjC
+hNzUe63ZtUDVmXfTBHneO5GLZqhQSSX7rd33cJzkojGCoPSFP5TUhN5WGyRi+xa2
+bD+Q5xXlC4f/WVXiZxGiGPrWIpQBO5Y5o33S6Vo2ck9Bvg2g1atsR02m+yARtmH3
++IDlvg7DeyLL3AXgUwDNHnRb0t9LVDXcYOJnAgMBAAGjggHpMIIB5TAfBgNVHSME
+GDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUGNRX8FYKZUYa1F4+
+L7nyHOn3ArcwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcw
+KzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYG
+Z4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29t
+L0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUG
+CCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5j
+b20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAk
+BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMDcGA1UdEQQwMC6C
+E2NhbXN0ZXIuZHVja2Rucy5vcmeCF3d3dy5jYW1zdGVyLmR1Y2tkbnMub3JnMA0G
+CSqGSIb3DQEBCwUAA4IBAQBpfJIXHPyoxbXlS1Jy5V4oDpDR+vKRIXXUPDp6GlmK
+6w8W7M536W7JamLrT8wbA04hKgtjQkXD8pXZPFHBNJ92Lza5fKB/KiIlObz386lK
+Z9AVc10TwWlkZlFYhYVhQ+kpTtcUUdj5QI2org81s9XQoSViVOM8cxIuYk/er20g
+jY3Nvdbjg4dtakH1nsITGMYLN+wJglSAq1QGSQ76fLyYhMfF25nNjPYP96SFf1Dd
+XinknP2tED6ukzIgfkimlyn2/XIbnz4Xry8ouq4x/cPd8MOcffWt1QWlGIel5B8i
+I1vtVHceHSsHjnnNPSkXIn0/lpc5vzVZ+bw9yLt+Lvc6
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index cd7e4732f3..b36f0f9966 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -302,6 +302,60 @@ static int SHA1_test(BI_CTX *bi_ctx)
     return res;
 }
 
+/**************************************************************************
+ * SHA256 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
+ **************************************************************************/
+static int SHA256_test(BI_CTX *bi_ctx)
+{
+    SHA256_CTX ctx;
+    uint8_t ct[SHA256_SIZE];
+    uint8_t digest[SHA256_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 # failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA256 tests passed\n");
+
+end:
+    return res;
+}
+
 /**************************************************************************
  * MD5 tests 
  *
@@ -521,6 +575,8 @@ static int RSA_test(void)
     int len; 
     uint8_t *buf;
 
+    RNG_initialize();
+
     /* extract the private key elements */
     len = get_file("../ssl/test/axTLS.key_1024", &buf);
     if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
@@ -547,11 +603,16 @@ static int RSA_test(void)
         goto end;
     }
 
-    RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
+    if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
+    {
+        printf("Error: ENCRYPT #2 failed\n");
+        goto end;
+    }
+
     RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
     if (memcmp("abc", dec_data2, 3))
     {
-        printf("Error: ENCRYPT/DECRYPT #2 failed\n");
+        printf("Error: DECRYPT #2 failed\n");
         goto end;
     }
 
@@ -560,6 +621,7 @@ static int RSA_test(void)
     printf("All RSA tests passed\n");
 
 end:
+    RNG_terminate();
     return res;
 }
 
@@ -648,8 +710,8 @@ static int cert_tests(void)
     free(buf);
 
     ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/verisign.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) <0)
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
     {
         printf("Cert #7\n");
         ssl_display_error(res);
@@ -657,23 +719,12 @@ static int cert_tests(void)
     }
 
     ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    if (get_file("../ssl/test/verisign.x509_my_cert", &buf) < 0 ||
-                                    x509_new(buf, &len, &x509_ctx))
-    {
-        printf("Cert #8\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    x509_free(x509_ctx);
-    free(buf);
 
     ssl_ctx = ssl_ctx_new(0, 0);
     if ((res = ssl_obj_load(ssl_ctx, 
               SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
     {
+        printf("Cert #9\n");
         ssl_display_error(res);
         goto bad_cert;
     }
@@ -683,14 +734,14 @@ static int cert_tests(void)
     if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
                                     x509_new(buf, &len, &x509_ctx))
     {
-        printf("Cert #9\n");
+        printf("Cert #10\n");
         res = -1;
         goto bad_cert;
     }
 
     if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
     {
-        printf("Cert #9 (2)\n");
+        printf("Cert #11\n");
         res = -1;
         goto bad_cert;
     }
@@ -701,7 +752,7 @@ static int cert_tests(void)
     if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
             "../ssl/test/ca-bundle.crt", NULL))
     {
-        printf("Cert #10\n");
+        printf("Cert #12\n");
         goto bad_cert;
     }
 
@@ -2061,64 +2112,64 @@ int multi_thread_test(void)
  * Header issue
  *
  **************************************************************************/
-static void do_header_issue(void)
-{
-    char axtls_buf[2048];
-#ifndef WIN32
-    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-#endif
-    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
-    SYSTEM(axtls_buf);
-}
-
-static int header_issue(void)
-{
-    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
-    int server_fd = -1, client_fd = -1, ret = 1;
-    uint8_t buf[2048];
-    int size = 0;
-    struct sockaddr_in client_addr;
-    socklen_t clnt_len = sizeof(client_addr);
-#ifndef WIN32
-    pthread_t thread;
-#endif
-
-    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_header_issue, NULL);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
-                NULL, 0, NULL);
-#endif
-    if ((client_fd = accept(server_fd, 
-                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-    {
-        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-        goto error;
-    }
-
-    size = fread(buf, 1, sizeof(buf), f);
-    if (SOCKET_WRITE(client_fd, buf, size) < 0)
-    {
-        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-        goto error;
-    }
-
-    usleep(200000);
-
-    ret = 0;
-error:
-    fclose(f);
-    SOCKET_CLOSE(client_fd);
-    SOCKET_CLOSE(server_fd);
-    TTY_FLUSH();
-    SYSTEM("killall axssl");
-    return ret;
-}
+//static void do_header_issue(void)
+//{
+//    char axtls_buf[2048];
+//#ifndef WIN32
+//    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+//#endif
+//    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
+//    SYSTEM(axtls_buf);
+//}
+//
+//static int header_issue(void)
+//{
+//    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
+//    int server_fd = -1, client_fd = -1, ret = 1;
+//    uint8_t buf[2048];
+//    int size = 0;
+//    struct sockaddr_in client_addr;
+//    socklen_t clnt_len = sizeof(client_addr);
+//#ifndef WIN32
+//    pthread_t thread;
+//#endif
+//
+//    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
+//        goto error;
+//
+//#ifndef WIN32
+//    pthread_create(&thread, NULL, 
+//                (void *(*)(void *))do_header_issue, NULL);
+//    pthread_detach(thread);
+//#else
+//    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
+//                NULL, 0, NULL);
+//#endif
+//    if ((client_fd = accept(server_fd, 
+//                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    size = fread(buf, 1, sizeof(buf), f);
+//    if (SOCKET_WRITE(client_fd, buf, size) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    usleep(200000);
+//
+//    ret = 0;
+//error:
+//    fclose(f);
+//    SOCKET_CLOSE(client_fd);
+//    SOCKET_CLOSE(server_fd);
+//    TTY_FLUSH();
+//    SYSTEM("killall axssl");
+//    return ret;
+//}
 
 /**************************************************************************
  * main()
@@ -2178,6 +2229,13 @@ int main(int argc, char *argv[])
     }
     TTY_FLUSH();
 
+    if (SHA256_test(bi_ctx))
+    {
+        printf("SHA256 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
     if (HMAC_test(bi_ctx))
     {
         printf("HMAC tests failed\n");
@@ -2234,11 +2292,11 @@ int main(int argc, char *argv[])
 
     SYSTEM("sh ../ssl/test/killopenssl.sh");
 
-    if (header_issue())
-    {
-        printf("Header tests failed\n"); TTY_FLUSH();
-        goto cleanup;
-    }
+//    if (header_issue())
+//    {
+//        printf("Header tests failed\n"); TTY_FLUSH();
+//        goto cleanup;
+//    }
 
     ret = 0;        /* all ok */
     printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
diff --git a/ssl/test/verisign.x509_ca b/ssl/test/verisign.x509_ca
deleted file mode 100644
index d2ea1289d6f43b837eb685446af97d942a8d98e6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 668
zcmXqLVwz#l#Kg!Xps-^4y4y`m_YRsZ@Kf8{UTnb2#;Mij(e|B}k&%g&!Jx6nklTQh
zjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG%(NuNpK6RyX6-tgrpXiC<K%i
z733GE7AyGY<y7h^DEQ?oBo-H!7A58-rxxoO8W|XXbTA8R!i-V~DauUDQ3y^=E-gw0
zQblE{P@{tK^Gg(*9S!8fc@0brj0`Ldz#vMT*9gS5Fful^G_{NxY|d?*j~t$itPISJ
zy}&T-WNK_=n6LQ#sP&|<nex+F<}a8eu(B;OAjhBaM8*Mzu!XBQJ%2l2*m~(8pF%<L
ze5Fs73XhG>`CKd5-@#z5p&(TMr~SNx>{S1)iXw~p883_fotvm7>@WOHLUXNt;H*b_
z|IQe^xO{Hv`^QNljGg@tW>o80?|dhoUHjsH8z1xKWBTV_tO(!D#LURRi0nLIbTb3p
zWwp-Y-R7SHR;@y@?^|{x`0o6ab&@xk`Ta5fEloQwoG`H15dW%Sy}DTBd%Xlc@q%Y{
zucp0BS^d~*a<WyyjF~y}`}t=7nbx)GkJQtNbvM@D_`K2g<0bZ^Y3`429?vv;=phz3
lXGM?UMztI5<<-fYw^|!5);_qj<Mwqi%VXK?eIF|x0RUHq@TmX*

diff --git a/ssl/test/verisign.x509_my_cert b/ssl/test/verisign.x509_my_cert
deleted file mode 100644
index 426c9ff7f1c0af7c2376af6a0868cc1429f06347..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1095
zcmXqLVsSQTVqUX=nTe5!Nx=PkIJd$6<5O-ul|KDSsAZ7>FB_*;n@8JsUPeY%RtAH{
z9z$*ePB!LH7B*p~&|pJx15pr%OPDV#wJ0+<Gd)j7!80#e&(Od?4<x}YtnQXyq!5x?
zT%r(AT2zo<oLa2lpO;gqr=Z}MuaH<=Tw0Wvmz-LxXJ}+#0MfxMtO+wpA*3iXF-IXd
zHMz7X6-X78r9zDg%Fi!RaCS716X!KBGcYtXGXR4q2-n!a$k^1<)H2GTaVL^<9YYOy
z47fmca0oL8=A;-38t{X7>>?aaMVZA(iFv7pk_O@+AubVt#ESf!{1BgDg@B^`tkmQZ
zLs0`^kQBEFkD-B)i9%9li9&X2rJ<F91w_~|B(*5FSRp@6p|m(vA+bcEyu4fw=;F*`
zV5sON=jZAt7ZmH407D`<Q9&bF)4<eF+CUPdmsvyzq!w&rNlr0PtzKS{LF0Vnz-MG-
zU~cRMMnET1V<W@1JCC30y{dWUu};3Q`PhSA<E~sKX&vdF`2q$tDKSA?_-?rH$=+LH
zWO}h}nSDWShjil}##eL0E00fE_ByBRVs@l!!@t=VM3{t+d^(o=Z%c#L{7Jw5lsx<4
zsKj{J|CsrT$;)?(FBO*;O5Lj1KI4T$eZkHNzxIprO-OyX<AnXYGe4P_85tNCH!+qP
zG%*%}(}S!q3zGqZ0XNV;vivM8%uK8c4BSB+c@_r)I|G{qRtqfJ%rZ(!3as??gTsO#
zk*b?ql!F>ZKq+vngJKw%B24vwDh#|p1}Oj&s-uBD8&^V`2V>h0S4MVG149FSHV$nz
zVA5n~ViZ#b8D9)EA5X{|$b!sLWf3zFf$3ysgtM3oOkiwAMivbNH3JnG-+-}A0_yzy
z<l+JpR~zKQR59|fBpSpoj9n0I5NQx@5Gux*nVXoNs-K>jW}s*wZ@|vRs?EpDB*h}q
z|Map{+nV0K?8E09vaWbY=u}JU8K^@10Q5pmetJHN9r|U(U@?$MsF{)(m>{%MIgMNe
zF3gcp;g*^HXwj|JH%sakW^XY%?K}Ip+slNyvt8M1?Uz`5cz$g&-`l2-@0b62`(fXd
z*3a*ARU9g<^p4fEd<fXn`n;x_tFOZPj(O`D$;k#WznmrR{_tfDP+B={)!l=hYVMuv
dFWzaEBw8?qo-|YCxP90BWP6ZnFyD^d69G?mT9W_(

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 800decbaab..f89702fb7f 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1075,7 +1075,9 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = alloca(msg_length + iv_size);
             memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
-            get_random(iv_size, t_buf);
+            if (get_random(iv_size, t_buf) < 0)
+                return SSL_NOT_OK;
+
             msg_length += iv_size;
             memcpy(ssl->bm_data, t_buf, msg_length);
         }
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 196b40ed3c..b557c3b9ff 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -187,7 +187,9 @@ static int send_client_hello(SSL *ssl)
     *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
     *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
     *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
-    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
+    if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
+        return SSL_NOT_OK;
+
     memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
     offset = 6 + SSL_RANDOM_SIZE;
 
@@ -313,7 +315,9 @@ static int send_client_key_xchg(SSL *ssl)
 
     premaster_secret[0] = 0x03; /* encode the version number */
     premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
-    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
+    if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
+        return SSL_NOT_OK;
+
     DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
 
     /* rsa_ctx->bi_ctx is not thread-safe */
diff --git a/ssl/x509.c b/ssl/x509.c
index cb007fbbc7..815f83ac03 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -120,7 +120,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
+    /* use the appropriate signature algorithm (SHA1/MD5/SHA256) */
     if (x509_ctx->sig_type == SIG_TYPE_MD5)
     {
         MD5_CTX md5_ctx;
@@ -139,14 +139,14 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         SHA1_Final(sha_dgst, &sha_ctx);
         x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
     }
-    else if (x509_ctx->sig_type == SIG_TYPE_MD2)
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA256)
     {
-        MD2_CTX md2_ctx;
-        uint8_t md2_dgst[MD2_SIZE];
-        MD2_Init(&md2_ctx);
-        MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD2_Final(md2_dgst, &md2_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
+        SHA256_CTX sha256_ctx;
+        uint8_t sha256_dgst[SHA256_SIZE];
+        SHA256_Init(&sha256_ctx);
+        SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA256_Final(sha256_dgst, &sha256_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
     }
 
     if (cert[offset] == ASN1_V3_DATA)
@@ -483,14 +483,17 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     printf("Sig Type:\t\t\t");
     switch (cert->sig_type)
     {
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
         case SIG_TYPE_MD5:
             printf("MD5\n");
             break;
         case SIG_TYPE_SHA1:
             printf("SHA1\n");
             break;
-        case SIG_TYPE_MD2:
-            printf("MD2\n");
+        case SIG_TYPE_SHA256:
+            printf("SHA256\n");
             break;
         default:
             printf("Unrecognized: %d\n", cert->sig_type);

From 58790919c1ea3c620420d1307e89b398a2c61911 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Nov 2014 10:13:31 +0000
Subject: [PATCH 207/301] * Added check to get_asn1_length() to limit the
 number of octets and to not allow overflow. * Changed a few copyright dates
 to add a bit of new polish :-)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@239 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h   |  2 +-
 crypto/rsa.c      |  4 ++--
 ssl/asn1.c        | 12 ++++++++----
 ssl/crypto_misc.h |  2 +-
 ssl/x509.c        |  2 +-
 5 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index df11e923ae..3ec2e7af61 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 8f06cf8963..efe939ddff 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -189,7 +189,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
             pad_count++;
     }
 
-    /* check separator byte - and padding must be 8 or more bytes */
+    /* check separator byte 0x00 - and padding must be 8 or more bytes */
     if (i == byte_size || pad_count < 8) 
         return -1;
 
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 3d6e23055e..3d4c0bebae 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -40,7 +40,7 @@
 #include "crypto.h"
 #include "crypto_misc.h"
 
-/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
+/* Must be an RSA algorithm with either SHA1/SHA256/MD5 for verifying to work */
 static const uint8_t sig_oid_prefix[] = 
 {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
@@ -64,9 +64,10 @@ static const uint8_t sig_subject_alt_name[] =
 /* CN, O, OU */
 static const uint8_t g_dn_types[] = { 3, 10, 11 };
 
-int get_asn1_length(const uint8_t *buf, int *offset)
+uint32_t get_asn1_length(const uint8_t *buf, int *offset)
 {
-    int len, i;
+    int i;
+    uint32_t len;
 
     if (!(buf[*offset] & 0x80)) /* short form */
     {
@@ -75,6 +76,9 @@ int get_asn1_length(const uint8_t *buf, int *offset)
     else  /* long form */
     {
         int length_bytes = buf[(*offset)++]&0x7f;
+        if (length_bytes > 4)   /* limit number of bytes */
+            return 0;
+
         len = 0;
         for (i = 0; i < length_bytes; i++)
         {
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index bc681117b2..be7607941f 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -128,7 +128,7 @@ const char * x509_display_error(int error);
 #define SIG_TYPE_SHA1           0x05
 #define SIG_TYPE_SHA256         0x0b
 
-int get_asn1_length(const uint8_t *buf, int *offset);
+uint32_t get_asn1_length(const uint8_t *buf, int *offset);
 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
diff --git a/ssl/x509.c b/ssl/x509.c
index 815f83ac03..63af7653f6 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 

From b3fc32689d11f1e7ce8c911dcf44cce4f7e3bf63 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 19 Nov 2014 10:28:29 +0000
Subject: [PATCH 208/301] * Added diagnostic in case digest could not be
 identified.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@240 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index 3d4c0bebae..f2d0c02324 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -597,7 +597,18 @@ int asn1_signature_type(const uint8_t *cert,
     else
     {
         if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            int i;
+            printf("invalid digest: ");
+
+            for (i = 0; i < len; i++)
+                printf("%02x ", cert[*offset + i]);
+
+            printf("\n");
+#endif
             goto end_check_sig;     /* unrecognised cert type */
+        }
 
         x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
     }

From b9d43265b5a81dd4871d5b58fcf3f9b3d8bd1a2f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 22 Nov 2014 02:05:21 +0000
Subject: [PATCH 209/301] * axhttpd can load a certificate and private key from
 the command line * axssl now prints all output regardless of null bytes. It
 no longer writes a null byte.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@242 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h   |  6 +++---
 httpd/axhttpd.c   | 48 ++++++++++++++++++++++++++++++++++++++++++++---
 samples/c/axssl.c | 16 +++++++++++++---
 www/index.html    | 26 ++++++++++++-------------
 4 files changed, 74 insertions(+), 22 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 3ec2e7af61..a4520ef52e 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -153,9 +153,9 @@ typedef struct
   uint8_t buffer[64];       /* input buffer */
 } MD5_CTX;
 
-void MD5_Init(MD5_CTX *);
-void MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
-void MD5_Final(uint8_t *digest, MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
 
 /**************************************************************************
  * HMAC declarations 
diff --git a/httpd/axhttpd.c b/httpd/axhttpd.c
index ce57dbb9d2..6718dd31bc 100644
--- a/httpd/axhttpd.c
+++ b/httpd/axhttpd.c
@@ -128,7 +128,10 @@ int main(int argc, char *argv[])
     int httpPort = CONFIG_HTTP_PORT;
     char *httpsAddress = NULL;
     int httpsPort = CONFIG_HTTP_HTTPS_PORT;
+    uint32_t options = CONFIG_HTTP_DEFAULT_SSL_OPTIONS;
     char *portStr;
+    char *private_key = NULL;
+    char *cert = NULL;
 
 #ifdef WIN32
     WORD wVersionRequested = MAKEWORD(2, 2);
@@ -190,9 +193,24 @@ int main(int argc, char *argv[])
             continue;
         }
 
+        if (strcmp(argv[i], "-cert") == 0 && argv[i+1] != NULL)
+        {
+            cert = argv[i+1];
+            i += 2;
+            continue;
+        }
+
+        if (strcmp(argv[i], "-key") == 0 && argv[i+1] != NULL)
+        {
+            private_key = argv[i+1];
+            i += 2;
+            continue;
+        }
         printf("%s:\n"
                "    [-p [address:]httpport]\n"
                "    [-s [address:]httpsport]\n"
+               "    [-key private_key]\n"
+               "    [-cert cert]\n"
                "    [-w webroot]\n", argv[0]);
         exit(1);
     }
@@ -223,10 +241,35 @@ int main(int argc, char *argv[])
     }
 
     addtoservers(active);
-    servers->ssl_ctx = ssl_ctx_new(CONFIG_HTTP_DEFAULT_SSL_OPTIONS, 
-                                CONFIG_HTTP_SESSION_CACHE_SIZE);
+
+    if (cert != NULL && private_key != NULL)
+        options |=  SSL_NO_DEFAULT_KEY;
+
+    servers->ssl_ctx = ssl_ctx_new(options, CONFIG_HTTP_SESSION_CACHE_SIZE);
     servers->is_ssl = 1;
 
+    if (cert != NULL && private_key != NULL)
+    {
+        printf("YEAH\n");
+        if (ssl_obj_load(servers->ssl_ctx, SSL_OBJ_RSA_KEY, private_key,
+                    NULL))
+        {
+#ifdef CONFIG_HTTP_VERBOSE
+            fprintf(stderr, "ERR: Couldn't load private key %s\n", private_key);
+#endif
+            exit(1);
+        }
+
+        if (ssl_obj_load(servers->ssl_ctx, SSL_OBJ_X509_CERT, cert,
+                    NULL))
+        {
+#ifdef CONFIG_HTTP_VERBOSE
+            fprintf(stderr, "ERR: Couldn't load cert %s\n", cert);
+#endif
+            exit(1);
+        }
+    }
+
 #if defined(CONFIG_HTTP_HAS_CGI)
     addcgiext(CONFIG_HTTP_CGI_EXTENSIONS);
 #endif
@@ -263,7 +306,6 @@ int main(int argc, char *argv[])
     }
 #endif
 
-
 #ifndef WIN32 
 #ifdef CONFIG_HTTP_IS_DAEMON
     if (fork() > 0)  /* parent will die */
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index 5a0782731d..6255278b8d 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -382,7 +382,12 @@ static void do_server(int argc, char *argv[])
 
                     if (res > SSL_OK)    /* display our interesting output */
                     {
-                        printf("%s", read_buf);
+                        int written = 0;
+                        while (written < res)
+                        {
+                            written += write(STDOUT_FILENO, read_buf+written,
+                                                res-written);
+                        }
                         TTY_FLUSH();
                     }
                     else if (res == SSL_CLOSE_NOTIFY)
@@ -711,7 +716,7 @@ static void do_client(int argc, char *argv[])
                     }
                     else
                     {
-                        res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        res = ssl_write(ssl, buf, strlen((char *)buf));
                     }
                 }
             }
@@ -724,7 +729,12 @@ static void do_client(int argc, char *argv[])
 
                 if (res > 0)    /* display our interesting output */
                 {
-                    printf("%s", read_buf);
+                    int written = 0;
+                    while (written < res)
+                    {
+                        written += write(STDOUT_FILENO, read_buf+written,
+                                            res-written);
+                    }
                     TTY_FLUSH();
                 }
             }
diff --git a/www/index.html b/www/index.html
index e4f28c62de..5fcf42c7b9 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7085,19 +7085,19 @@
     <div id="contentWrapper"></div>
     <div id="contentStash"></div>
     <div id="storeArea">
-<div tiddler="(built-in shadow tiddler)" modifier="CameronRich" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Cam" modifier="CameronRich" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="CameronRich" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
-<div tiddler="DefaultTiddlers" modifier="CameronRich" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="CameronRich" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
-<div tiddler="MainMenu" modifier="CameronRich" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
-<div tiddler="PageTemplate" modifier="CameronRich" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="CameronRich" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
-<div tiddler="SiteSubtitle" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
-<div tiddler="SiteTitle" modifier="CameronRich" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
-<div tiddler="SiteUrl" modifier="CameronRich" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
-<div tiddler="StyleSheet" modifier="CameronRich" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="CameronRich" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+<div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
+<div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
+<div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
+<div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="axTLS" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="axTLS" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="axTLS" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="axTLS" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
 </div>
 <!--POST-BODY-START-->
 

From 67111693e6a49d5762c615c2839cdf02001aca95 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 26 Nov 2014 19:50:20 +0000
Subject: [PATCH 210/301] * fixed issue where SSL mutex was not being picked
 up.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@243 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h | 1 -
 ssl/loader.c    | 2 +-
 ssl/os_port.h   | 3 ++-
 ssl/tls1.h      | 3 +--
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index a4520ef52e..43e6cec79a 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -39,7 +39,6 @@
 extern "C" {
 #endif
 
-#include "config.h"
 #include "bigint_impl.h"
 #include "bigint.h"
 
diff --git a/ssl/loader.c b/ssl/loader.c
index 511eb53138..cbf5361df7 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 1742868d5b..8e89fc5c37 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -42,6 +42,7 @@ extern "C" {
 #endif
 
 #include "os_int.h"
+#include "config.h"
 #include <stdio.h>
 
 #if defined(WIN32)
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 414a173438..9036579707 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -41,7 +41,6 @@ extern "C" {
 #endif
 
 #include "version.h"
-#include "config.h"
 #include "os_int.h"
 #include "crypto.h"
 #include "crypto_misc.h"

From 0d334d81c28237fabb6b0672cfbfaef914a226df Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 9 Mar 2015 01:42:59 +0000
Subject: [PATCH 211/301] * PT_APP_PROTOCOL_DATA has a test for
 hs_status=SSL_OK to prevent possible exchanges before the handshake is
 complete. * Changed license on sha256.c to full BSD.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@244 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/sha256.c | 22 +---------------------
 ssl/gen_cert.c  | 12 +++++++++---
 ssl/tls1.c      |  7 ++++---
 3 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/crypto/sha256.c b/crypto/sha256.c
index 0c1d04ae4c..7d6af4d86e 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Cameron Rich
+ * Copyright (C) 2001-2003  Christophe Devine
  * 
  * All rights reserved.
  * 
@@ -28,26 +28,6 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/*
- *  FIPS-180-2 compliant SHA-256 implementation
- *
- *  Copyright (C) 2001-2003  Christophe Devine
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
 #include <string.h>
 #include "os_port.h"
 #include "crypto.h"
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index c2fe381eb9..17ad38e8f1 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2014, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -142,7 +142,7 @@ static int gen_dn(const char *name, uint8_t dn_type,
     buf[(*offset)++] = dn_type;
     buf[(*offset)++] = ASN1_PRINTABLE_STR;
     buf[(*offset)++] = name_size;
-    strcpy(&buf[*offset], name);
+    strcpy((char *)&buf[*offset], name);
     *offset += name_size;
 
 error:
@@ -165,7 +165,13 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
         gethostname(fqdn, sizeof(fqdn));
         fqdn_len = strlen(fqdn);
         fqdn[fqdn_len++] = '.';
-        getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+
+        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
+        {
+            ret = X509_NOT_OK;
+            goto error;
+        }
+
         fqdn_len = strlen(fqdn);
 
         if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
diff --git a/ssl/tls1.c b/ssl/tls1.c
index f89702fb7f..b2a7d57b9e 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1348,13 +1348,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
             break;
 
         case PT_APP_PROTOCOL_DATA:
-            if (in_data)
+            if (in_data && ssl->hs_status == SSL_OK)
             {
                 *in_data = buf;   /* point to the work buffer */
                 (*in_data)[read_len] = 0;  /* null terminate just in case */
+                ret = read_len;
             }
-
-            ret = read_len;
+            else
+                ret = SSL_ERROR_INVALID_PROT_MSG;
             break;
 
         case PT_ALERT_PROTOCOL:

From b0bd12beda30ad1e1cc411236514f8b927ecfe49 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 10 Mar 2015 03:08:16 +0000
Subject: [PATCH 212/301] * Added SHA384 and SHA512 digests.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/Makefile            |   4 +-
 crypto/crypto.h            |  41 ++++++-
 crypto/os_int.h            |   1 +
 crypto/sha256.c            |   4 +-
 crypto/sha384.c            |  76 +++++++++++++
 crypto/sha512.c            | 220 +++++++++++++++++++++++++++++++++++++
 ssl/Makefile               |   4 +-
 ssl/asn1.c                 |  43 +++++++-
 ssl/crypto_misc.h          |   5 +-
 ssl/test/Makefile          |   5 +-
 ssl/test/comodo.sha384.cer |  32 ++++++
 ssl/test/ssltest.c         | 135 ++++++++++++++++++++++-
 ssl/tls1.c                 |   4 +-
 ssl/x509.c                 |  90 ++++++++++-----
 14 files changed, 619 insertions(+), 45 deletions(-)
 create mode 100644 crypto/sha384.c
 create mode 100644 crypto/sha512.c
 create mode 100644 ssl/test/comodo.sha384.cer

diff --git a/crypto/Makefile b/crypto/Makefile
index 360843d3c9..126ae78a48 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -42,7 +42,9 @@ OBJ=\
 	rc4.o \
 	rsa.o \
 	sha1.o \
-	sha256.o	
+	sha256.o \
+	sha384.o \
+	sha512.o	
 
 include ../config/makefile.post
 
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 43e6cec79a..17ce8ad725 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -137,7 +137,44 @@ typedef struct
 
 void SHA256_Init(SHA256_CTX *c);
 void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
-void SHA256_Final(uint8_t digest[32], SHA256_CTX *);
+void SHA256_Final(uint8_t *digest, SHA256_CTX *);
+
+/**************************************************************************
+ * SHA512 declarations 
+ **************************************************************************/
+
+#define SHA512_SIZE   64
+
+typedef struct
+{
+    union
+    {
+        uint64_t h[8];
+        uint8_t digest[64];
+    };
+    union
+    {
+        uint64_t w[80];
+        uint8_t buffer[128];
+    };
+    size_t size;
+    uint64_t totalSize;
+} SHA512_CTX;
+
+void SHA512_Init(SHA512_CTX *c);
+void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len);
+void SHA512_Final(uint8_t *digest, SHA512_CTX *);
+
+/**************************************************************************
+ * SHA384 declarations 
+ **************************************************************************/
+
+#define SHA384_SIZE   48
+
+typedef SHA512_CTX SHA384_CTX;
+void SHA384_Init(SHA384_CTX *c);
+void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len);
+void SHA384_Final(uint8_t *digest, SHA384_CTX *);
 
 /**************************************************************************
  * MD5 declarations 
diff --git a/crypto/os_int.h b/crypto/os_int.h
index 8788567238..69e06c50e4 100644
--- a/crypto/os_int.h
+++ b/crypto/os_int.h
@@ -56,6 +56,7 @@ typedef INT64 int64_t;
 #include <inttypes.h>
 #else
 #include <stdint.h>
+#include <endian.h>
 #endif /* Not Solaris */
 
 #endif /* Not Win32 */
diff --git a/crypto/sha256.c b/crypto/sha256.c
index 7d6af4d86e..50f5f8cef8 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2001-2003  Christophe Devine
+ * Copyright (c) 2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -74,7 +74,7 @@ void SHA256_Init(SHA256_CTX *ctx)
     ctx->state[7] = 0x5BE0CD19;
 }
 
-void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
+static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
 {
     uint32_t temp1, temp2, W[64];
     uint32_t A, B, C, D, E, F, G, H;
diff --git a/crypto/sha384.c b/crypto/sha384.c
new file mode 100644
index 0000000000..58ed6965c1
--- /dev/null
+++ b/crypto/sha384.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "os_port.h"
+#include "crypto.h"
+ 
+/**
+* Initialize the SHA384 context 
+*/
+ void SHA384_Init(SHA384_CTX *ctx)
+ {
+    //Set initial hash value
+    ctx->h[0] = 0xCBBB9D5DC1059ED8;
+    ctx->h[1] = 0x629A292A367CD507;
+    ctx->h[2] = 0x9159015A3070DD17;
+    ctx->h[3] = 0x152FECD8F70E5939;
+    ctx->h[4] = 0x67332667FFC00B31;
+    ctx->h[5] = 0x8EB44A8768581511;
+    ctx->h[6] = 0xDB0C2E0D64F98FA7;
+    ctx->h[7] = 0x47B5481DBEFA4FA4;
+ 
+    // Number of bytes in the buffer
+    ctx->size = 0;
+    // Total length of the message
+    ctx->totalSize = 0;
+ }
+ 
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Update(ctx, msg, len);
+}
+ 
+/**
+* Return the 384-bit message digest into the user's array
+*/
+void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Final(NULL, ctx);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+        memcpy(digest, ctx->digest, SHA384_SIZE);
+}
+ 
diff --git a/crypto/sha512.c b/crypto/sha512.c
new file mode 100644
index 0000000000..36abb096b9
--- /dev/null
+++ b/crypto/sha512.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+ 
+#define SHR64(a, n) ((a) >> (n))
+#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n))))
+#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39))
+#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41))
+#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7))
+#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
+#define MIN(x, y) ((x) < (y) ? x : y)
+ 
+static const uint8_t padding[128] =
+{
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+ 
+static const uint64_t k[80] =
+{
+    0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC,
+    0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118,
+    0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2,
+    0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694,
+    0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65,
+    0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5,
+    0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4,
+    0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70,
+    0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF,
+    0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B,
+    0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30,
+    0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8,
+    0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8,
+    0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3,
+    0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC,
+    0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B,
+    0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178,
+    0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B,
+    0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C,
+    0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817
+};
+ 
+/**
+* Initialize the SHA512 context
+*/
+void SHA512_Init(SHA512_CTX *ctx)
+{
+    ctx->h[0] = 0x6A09E667F3BCC908;
+    ctx->h[1] = 0xBB67AE8584CAA73B;
+    ctx->h[2] = 0x3C6EF372FE94F82B;
+    ctx->h[3] = 0xA54FF53A5F1D36F1;
+    ctx->h[4] = 0x510E527FADE682D1;
+    ctx->h[5] = 0x9B05688C2B3E6C1F;
+    ctx->h[6] = 0x1F83D9ABFB41BD6B;
+    ctx->h[7] = 0x5BE0CD19137E2179;
+    ctx->size = 0;
+    ctx->totalSize = 0;
+}
+ 
+static void SHA512_Process(SHA512_CTX *ctx)
+{
+    int t;
+    uint64_t temp1;
+    uint64_t temp2;
+ 
+    // Initialize the 8 working registers
+    uint64_t a = ctx->h[0];
+    uint64_t b = ctx->h[1];
+    uint64_t c = ctx->h[2];
+    uint64_t d = ctx->h[3];
+    uint64_t e = ctx->h[4];
+    uint64_t f = ctx->h[5];
+    uint64_t g = ctx->h[6];
+    uint64_t h = ctx->h[7];
+ 
+    // Process message in 16-word blocks
+    uint64_t *w = ctx->w;
+ 
+    // Convert from big-endian byte order to host byte order
+    for (t = 0; t < 16; t++)
+       w[t] = be64toh(w[t]);
+ 
+    // Prepare the message schedule
+    for (t = 16; t < 80; t++)
+       w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
+ 
+    // SHA-512 hash computation
+    for (t = 0; t < 80; t++)
+    {
+       // Calculate T1 and T2
+       temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
+       temp2 = SIGMA1(a) + MAJ(a, b, c);
+ 
+       // Update the working registers
+       h = g;
+       g = f;
+       f = e;
+       e = d + temp1;
+       d = c;
+       c = b;
+       b = a;
+       a = temp1 + temp2;
+    }
+ 
+    // Update the hash value
+    ctx->h[0] += a;
+    ctx->h[1] += b;
+    ctx->h[2] += c;
+    ctx->h[3] += d;
+    ctx->h[4] += e;
+    ctx->h[5] += f;
+    ctx->h[6] += g;
+    ctx->h[7] += h;
+ }
+
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
+{
+    // Process the incoming data
+    while (len > 0)
+    {
+        // The buffer can hold at most 128 bytes
+        size_t n = MIN(len, 128 - ctx->size);
+ 
+        // Copy the data to the buffer
+        memcpy(ctx->buffer + ctx->size, msg, n);
+ 
+        // Update the SHA-512 ctx
+        ctx->size += n;
+        ctx->totalSize += n;
+        // Advance the data pointer
+        msg = (uint8_t *) msg + n;
+        // Remaining bytes to process
+        len -= n;
+ 
+        // Process message in 16-word blocks
+        if (ctx->size == 128)
+        {
+            // Transform the 16-word block
+            SHA512_Process(ctx);
+            // Empty the buffer
+            ctx->size = 0;
+        }
+    }
+}
+ 
+/**
+* Return the 512-bit message digest into the user's array
+*/
+void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
+{
+    int i;
+    size_t paddingSize;
+    uint64_t totalSize;
+ 
+    // Length of the original message (before padding)
+    totalSize = ctx->totalSize * 8;
+ 
+    // Pad the message so that its length is congruent to 112 modulo 128
+    paddingSize = (ctx->size < 112) ? (112 - ctx->size) : 
+                                        (128 + 112 - ctx->size);
+    // Append padding
+    SHA512_Update(ctx, padding, paddingSize);
+ 
+    // Append the length of the original message
+    ctx->w[14] = 0;
+    ctx->w[15] = be64toh(totalSize);
+ 
+    // Calculate the message digest
+    SHA512_Process(ctx);
+ 
+    // Convert from host byte order to big-endian byte order
+    for (i = 0; i < 8; i++)
+       ctx->h[i] = be64toh(ctx->h[i]);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+       memcpy(digest, ctx->digest, SHA512_SIZE);
+ }
+ 
diff --git a/ssl/Makefile b/ssl/Makefile
index b8dd55a921..a9e872c142 100644
--- a/ssl/Makefile
+++ b/ssl/Makefile
@@ -73,7 +73,9 @@ CRYPTO_OBJ=\
 	$(CRYPTO_PATH)rc4.o \
 	$(CRYPTO_PATH)rsa.o \
 	$(CRYPTO_PATH)sha1.o \
-	$(CRYPTO_PATH)sha256.o
+	$(CRYPTO_PATH)sha256.o \
+	$(CRYPTO_PATH)sha384.o \
+	$(CRYPTO_PATH)sha512.o
 
 OBJ=\
 	asn1.o \
diff --git a/ssl/asn1.c b/ssl/asn1.c
index f2d0c02324..0a139bb51b 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -40,22 +40,41 @@
 #include "crypto.h"
 #include "crypto_misc.h"
 
-/* Must be an RSA algorithm with either SHA1/SHA256/MD5 for verifying to work */
+/* 1.2.840.113549.1.1 OID prefix - handle the following */
+/* md5WithRSAEncryption(4) */
+/* sha1WithRSAEncryption(5) */
+/* sha256WithRSAEncryption (11) */
+/* sha384WithRSAEncryption (12) */
+/* sha512WithRSAEncryption (13) */
 static const uint8_t sig_oid_prefix[] = 
 {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
 };
 
+/* 1.3.14.3.2.29 SHA1 with RSA signature */
 static const uint8_t sig_sha1WithRSAEncrypt[] =
 {
     0x2b, 0x0e, 0x03, 0x02, 0x1d
 };
 
-static const uint8_t sig_sha256WithRSAEncrypt[] =
+/* 2.16.840.1.101.3.4.2.1 SHA-256 */
+static const uint8_t sig_sha256[] =
 {
     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
 };
 
+/* 2.16.840.1.101.3.4.2.2 SHA-384 */
+static const uint8_t sig_sha384[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+};
+
+/* 2.16.840.1.101.3.4.2.3 SHA-512 */
+static const uint8_t sig_sha512[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+};
+
 static const uint8_t sig_subject_alt_name[] =
 {
     0x55, 0x1d, 0x11
@@ -588,12 +607,24 @@ int asn1_signature_type(const uint8_t *cert,
     {
         x509_ctx->sig_type = SIG_TYPE_SHA1;
     }
-    else if (len == sizeof(sig_sha256WithRSAEncrypt) && 
-            memcmp(sig_sha256WithRSAEncrypt, &cert[*offset], 
-                                    sizeof(sig_sha256WithRSAEncrypt)) == 0)
+    else if (len == sizeof(sig_sha256) && 
+            memcmp(sig_sha256, &cert[*offset], 
+                                    sizeof(sig_sha256)) == 0)
     {
         x509_ctx->sig_type = SIG_TYPE_SHA256;
     }
+    else if (len == sizeof(sig_sha384) && 
+            memcmp(sig_sha384, &cert[*offset], 
+                                    sizeof(sig_sha384)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA384;
+    }
+    else if (len == sizeof(sig_sha512) && 
+            memcmp(sig_sha512, &cert[*offset], 
+                                    sizeof(sig_sha512)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA512;
+    }
     else
     {
         if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index be7607941f..7aba4a4096 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -55,6 +55,7 @@ extern "C" {
 #define X509_VFY_ERROR_INVALID_CHAIN        -7
 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
 #define X509_INVALID_PRIV_KEY               -9
+#define X509_MAX_CERTS                      -10
 
 /*
  * The Distinguished Name
@@ -127,6 +128,8 @@ const char * x509_display_error(int error);
 #define SIG_TYPE_MD5            0x04
 #define SIG_TYPE_SHA1           0x05
 #define SIG_TYPE_SHA256         0x0b
+#define SIG_TYPE_SHA384         0x0c
+#define SIG_TYPE_SHA512         0x0d
 
 uint32_t get_asn1_length(const uint8_t *buf, int *offset);
 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
diff --git a/ssl/test/Makefile b/ssl/test/Makefile
index 181f9aca42..b1d75384a5 100644
--- a/ssl/test/Makefile
+++ b/ssl/test/Makefile
@@ -71,7 +71,10 @@ CRYPTO_OBJ=\
 	$(CRYPTO_PATH)md5.obj \
 	$(CRYPTO_PATH)rc4.obj \
 	$(CRYPTO_PATH)rsa.obj \
-	$(CRYPTO_PATH)sha1.obj
+	$(CRYPTO_PATH)sha1.obj \
+	$(CRYPTO_PATH)sha256.obj \
+	$(CRYPTO_PATH)sha384.obj \
+	$(CRYPTO_PATH)sha512.obj
 
 OBJ=\
 	$(AXTLS_SSL_PATH)asn1.obj \
diff --git a/ssl/test/comodo.sha384.cer b/ssl/test/comodo.sha384.cer
new file mode 100644
index 0000000000..b52ea610d9
--- /dev/null
+++ b/ssl/test/comodo.sha384.cer
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
+ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
+eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
+VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
+AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
+2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
+ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
+4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
+m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
+vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
+8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
+IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
+KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
+GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
+s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
+JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
+AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
+MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
+bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
+Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
+zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
+Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
+Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
+B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
+PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
+pu/xO28QOG8=
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index b36f0f9966..707213c78f 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -326,7 +326,7 @@ static int SHA256_test(BI_CTX *bi_ctx)
 
         if (memcmp(digest, ct, sizeof(ct)))
         {
-            printf("Error: SHA256 # failed\n");
+            printf("Error: SHA256 #1 failed\n");
             goto end;
         }
     }
@@ -356,6 +356,112 @@ static int SHA256_test(BI_CTX *bi_ctx)
     return res;
 }
 
+/**************************************************************************
+ * SHA384 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
+ **************************************************************************/
+static int SHA384_test(BI_CTX *bi_ctx)
+{
+    SHA384_CTX ctx;
+    uint8_t ct[SHA384_SIZE];
+    uint8_t digest[SHA384_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA384 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * SHA512 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
+ **************************************************************************/
+static int SHA512_test(BI_CTX *bi_ctx)
+{
+    SHA512_CTX ctx;
+    uint8_t ct[SHA512_SIZE];
+    uint8_t digest[SHA512_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA512 tests passed\n");
+
+end:
+    return res;
+}
 /**************************************************************************
  * MD5 tests 
  *
@@ -720,6 +826,17 @@ static int cert_tests(void)
 
     ssl_ctx_free(ssl_ctx);
 
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #8\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
     ssl_ctx = ssl_ctx_new(0, 0);
     if ((res = ssl_obj_load(ssl_ctx, 
               SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
@@ -748,11 +865,11 @@ static int cert_tests(void)
     x509_free(x509_ctx);
     free(buf);
 
+    // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
     ssl_ctx = ssl_ctx_new(0, 0);
     if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
             "../ssl/test/ca-bundle.crt", NULL))
     {
-        printf("Cert #12\n");
         goto bad_cert;
     }
 
@@ -2236,6 +2353,20 @@ int main(int argc, char *argv[])
     }
     TTY_FLUSH();
 
+    if (SHA384_test(bi_ctx))
+    {
+        printf("SHA384 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA512_test(bi_ctx))
+    {
+        printf("SHA512 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
     if (HMAC_test(bi_ctx))
     {
         printf("HMAC tests failed\n");
diff --git a/ssl/tls1.c b/ssl/tls1.c
index b2a7d57b9e..d38904b1a2 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -388,7 +388,7 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
  */
 int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 {
-    int ret = SSL_OK; /* ignore errors for now */
+    int ret = X509_OK; /* ignore errors for now */
     int i = 0;
     CA_CERT_CTX *ca_cert_ctx;
 
@@ -410,10 +410,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
                     "compile-time configuration required\n", 
                     CONFIG_X509_MAX_CA_CERTS);
 #endif
+            ret = X509_MAX_CERTS;
             break;
         }
 
-
         /* ignore the return code */
         if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
         {
diff --git a/ssl/x509.c b/ssl/x509.c
index 63af7653f6..3526e60ab4 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -120,33 +120,63 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    /* use the appropriate signature algorithm (SHA1/MD5/SHA256) */
-    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    /* use the appropriate signature algorithm */
+    switch (x509_ctx->sig_type)
     {
-        MD5_CTX md5_ctx;
-        uint8_t md5_dgst[MD5_SIZE];
-        MD5_Init(&md5_ctx);
-        MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        MD5_Final(md5_dgst, &md5_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
-    {
-        SHA1_CTX sha_ctx;
-        uint8_t sha_dgst[SHA1_SIZE];
-        SHA1_Init(&sha_ctx);
-        SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA1_Final(sha_dgst, &sha_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
-    }
-    else if (x509_ctx->sig_type == SIG_TYPE_SHA256)
-    {
-        SHA256_CTX sha256_ctx;
-        uint8_t sha256_dgst[SHA256_SIZE];
-        SHA256_Init(&sha256_ctx);
-        SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-        SHA256_Final(sha256_dgst, &sha256_ctx);
-        x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        case SIG_TYPE_MD5:
+        {
+            MD5_CTX md5_ctx;
+            uint8_t md5_dgst[MD5_SIZE];
+            MD5_Init(&md5_ctx);
+            MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            MD5_Final(md5_dgst, &md5_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA1:
+        {
+            SHA1_CTX sha_ctx;
+            uint8_t sha_dgst[SHA1_SIZE];
+            SHA1_Init(&sha_ctx);
+            SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA1_Final(sha_dgst, &sha_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA256:
+        {
+            SHA256_CTX sha256_ctx;
+            uint8_t sha256_dgst[SHA256_SIZE];
+            SHA256_Init(&sha256_ctx);
+            SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA256_Final(sha256_dgst, &sha256_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA384:
+        {
+            SHA384_CTX sha384_ctx;
+            uint8_t sha384_dgst[SHA384_SIZE];
+            SHA384_Init(&sha384_ctx);
+            SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA384_Final(sha384_dgst, &sha384_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA512:
+        {
+            SHA512_CTX sha512_ctx;
+            uint8_t sha512_dgst[SHA512_SIZE];
+            SHA512_Init(&sha512_ctx);
+            SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA512_Final(sha512_dgst, &sha512_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
+        }
+            break;
     }
 
     if (cert[offset] == ASN1_V3_DATA)
@@ -495,6 +525,12 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
         case SIG_TYPE_SHA256:
             printf("SHA256\n");
             break;
+        case SIG_TYPE_SHA384:
+            printf("SHA384\n");
+            break;
+        case SIG_TYPE_SHA512:
+            printf("SHA512\n");
+            break;
         default:
             printf("Unrecognized: %d\n", cert->sig_type);
             break;

From a88fd947b26f04d6801090651ffaa86db2ae95f2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 10 Mar 2015 04:41:32 +0000
Subject: [PATCH 213/301] * Updated the release notes.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@246 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 2 +-
 www/index.html       | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index ccc64a28e5..b6231b8f98 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
diff --git a/www/index.html b/www/index.html
index 5fcf42c7b9..f301522431 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,9 +7087,7 @@
     <div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div>
-<div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div>
-<div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
 <div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>

From acf35f0ea745abf454a043d16ad8c4e24cc83d37 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 30 Apr 2015 06:06:09 +0000
Subject: [PATCH 214/301] * Added named unions in SHA256 code for compilers
 that don't support it. * Some other porting suggestions from Chris Ghormley.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@248 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 config/makefile.conf |  4 ++-
 crypto/crypto.h      |  4 +--
 crypto/sha384.c      | 19 +++++++-------
 crypto/sha512.c      | 62 ++++++++++++++++++++++----------------------
 ssl/os_port.h        |  7 ++++-
 ssl/tls1.h           |  1 +
 www/index.html       |  2 +-
 7 files changed, 54 insertions(+), 45 deletions(-)

diff --git a/config/makefile.conf b/config/makefile.conf
index 482f209ced..427e94535e 100644
--- a/config/makefile.conf
+++ b/config/makefile.conf
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, Cameron Rich
+# Copyright (c) 2007-2015, Cameron Rich
 #
 # All rights reserved.
 #
@@ -100,6 +100,7 @@ LDSHARED = -shared
 
 # Linux
 ifndef CONFIG_PLATFORM_CYGWIN
+ifndef CONFIG_PLATFORM_NOMMU
 CFLAGS += -fPIC 
 
 # Cygwin
@@ -108,6 +109,7 @@ CFLAGS += -DCONFIG_PLATFORM_CYGWIN
 LDFLAGS += -enable-auto-import
 endif
 endif
+endif
 
 ifdef CONFIG_DEBUG
 CFLAGS += -g
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 17ce8ad725..fcf32c703a 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -151,12 +151,12 @@ typedef struct
     {
         uint64_t h[8];
         uint8_t digest[64];
-    };
+    } h_dig;
     union
     {
         uint64_t w[80];
         uint8_t buffer[128];
-    };
+    } w_buf;
     size_t size;
     uint64_t totalSize;
 } SHA512_CTX;
diff --git a/crypto/sha384.c b/crypto/sha384.c
index 58ed6965c1..1d9d7e0d90 100644
--- a/crypto/sha384.c
+++ b/crypto/sha384.c
@@ -28,6 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include <string.h>
 #include "os_port.h"
 #include "crypto.h"
  
@@ -37,14 +38,14 @@
  void SHA384_Init(SHA384_CTX *ctx)
  {
     //Set initial hash value
-    ctx->h[0] = 0xCBBB9D5DC1059ED8;
-    ctx->h[1] = 0x629A292A367CD507;
-    ctx->h[2] = 0x9159015A3070DD17;
-    ctx->h[3] = 0x152FECD8F70E5939;
-    ctx->h[4] = 0x67332667FFC00B31;
-    ctx->h[5] = 0x8EB44A8768581511;
-    ctx->h[6] = 0xDB0C2E0D64F98FA7;
-    ctx->h[7] = 0x47B5481DBEFA4FA4;
+    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8;
+    ctx->h_dig.h[1] = 0x629A292A367CD507;
+    ctx->h_dig.h[2] = 0x9159015A3070DD17;
+    ctx->h_dig.h[3] = 0x152FECD8F70E5939;
+    ctx->h_dig.h[4] = 0x67332667FFC00B31;
+    ctx->h_dig.h[5] = 0x8EB44A8768581511;
+    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7;
+    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4;
  
     // Number of bytes in the buffer
     ctx->size = 0;
@@ -71,6 +72,6 @@ void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
  
     // Copy the resulting digest
     if (digest != NULL)
-        memcpy(digest, ctx->digest, SHA384_SIZE);
+        memcpy(digest, ctx->h_dig.digest, SHA384_SIZE);
 }
  
diff --git a/crypto/sha512.c b/crypto/sha512.c
index 36abb096b9..ede5664202 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -83,14 +83,14 @@ static const uint64_t k[80] =
 */
 void SHA512_Init(SHA512_CTX *ctx)
 {
-    ctx->h[0] = 0x6A09E667F3BCC908;
-    ctx->h[1] = 0xBB67AE8584CAA73B;
-    ctx->h[2] = 0x3C6EF372FE94F82B;
-    ctx->h[3] = 0xA54FF53A5F1D36F1;
-    ctx->h[4] = 0x510E527FADE682D1;
-    ctx->h[5] = 0x9B05688C2B3E6C1F;
-    ctx->h[6] = 0x1F83D9ABFB41BD6B;
-    ctx->h[7] = 0x5BE0CD19137E2179;
+    ctx->h_dig.h[0] = 0x6A09E667F3BCC908;
+    ctx->h_dig.h[1] = 0xBB67AE8584CAA73B;
+    ctx->h_dig.h[2] = 0x3C6EF372FE94F82B;
+    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1;
+    ctx->h_dig.h[4] = 0x510E527FADE682D1;
+    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1F;
+    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6B;
+    ctx->h_dig.h[7] = 0x5BE0CD19137E2179;
     ctx->size = 0;
     ctx->totalSize = 0;
 }
@@ -102,22 +102,22 @@ static void SHA512_Process(SHA512_CTX *ctx)
     uint64_t temp2;
  
     // Initialize the 8 working registers
-    uint64_t a = ctx->h[0];
-    uint64_t b = ctx->h[1];
-    uint64_t c = ctx->h[2];
-    uint64_t d = ctx->h[3];
-    uint64_t e = ctx->h[4];
-    uint64_t f = ctx->h[5];
-    uint64_t g = ctx->h[6];
-    uint64_t h = ctx->h[7];
+    uint64_t a = ctx->h_dig.h[0];
+    uint64_t b = ctx->h_dig.h[1];
+    uint64_t c = ctx->h_dig.h[2];
+    uint64_t d = ctx->h_dig.h[3];
+    uint64_t e = ctx->h_dig.h[4];
+    uint64_t f = ctx->h_dig.h[5];
+    uint64_t g = ctx->h_dig.h[6];
+    uint64_t h = ctx->h_dig.h[7];
  
     // Process message in 16-word blocks
-    uint64_t *w = ctx->w;
+    uint64_t *w = ctx->w_buf.w;
  
     // Convert from big-endian byte order to host byte order
     for (t = 0; t < 16; t++)
        w[t] = be64toh(w[t]);
- 
+
     // Prepare the message schedule
     for (t = 16; t < 80; t++)
        w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
@@ -141,14 +141,14 @@ static void SHA512_Process(SHA512_CTX *ctx)
     }
  
     // Update the hash value
-    ctx->h[0] += a;
-    ctx->h[1] += b;
-    ctx->h[2] += c;
-    ctx->h[3] += d;
-    ctx->h[4] += e;
-    ctx->h[5] += f;
-    ctx->h[6] += g;
-    ctx->h[7] += h;
+    ctx->h_dig.h[0] += a;
+    ctx->h_dig.h[1] += b;
+    ctx->h_dig.h[2] += c;
+    ctx->h_dig.h[3] += d;
+    ctx->h_dig.h[4] += e;
+    ctx->h_dig.h[5] += f;
+    ctx->h_dig.h[6] += g;
+    ctx->h_dig.h[7] += h;
  }
 
 /**
@@ -163,7 +163,7 @@ void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
         size_t n = MIN(len, 128 - ctx->size);
  
         // Copy the data to the buffer
-        memcpy(ctx->buffer + ctx->size, msg, n);
+        memcpy(ctx->w_buf.buffer + ctx->size, msg, n);
  
         // Update the SHA-512 ctx
         ctx->size += n;
@@ -203,18 +203,18 @@ void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
     SHA512_Update(ctx, padding, paddingSize);
  
     // Append the length of the original message
-    ctx->w[14] = 0;
-    ctx->w[15] = be64toh(totalSize);
+    ctx->w_buf.w[14] = 0;
+    ctx->w_buf.w[15] = be64toh(totalSize);
  
     // Calculate the message digest
     SHA512_Process(ctx);
  
     // Convert from host byte order to big-endian byte order
     for (i = 0; i < 8; i++)
-       ctx->h[i] = be64toh(ctx->h[i]);
+       ctx->h_dig.h[i] = be64toh(ctx->h_dig.h[i]);
  
     // Copy the resulting digest
     if (digest != NULL)
-       memcpy(digest, ctx->digest, SHA512_SIZE);
+       memcpy(digest, ctx->h_dig.digest, SHA512_SIZE);
  }
  
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 8e89fc5c37..66c3ceef27 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2015, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -136,12 +136,17 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #include <sys/wait.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <asm/byteorder.h>
 
 #define SOCKET_READ(A,B,C)      read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     write(A,B,C)
 #define SOCKET_CLOSE(A)         if (A >= 0) close(A)
 #define TTY_FLUSH()
 
+#ifndef be64toh
+#define be64toh(x) __be64_to_cpu(x)
+#endif
+
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 9036579707..00ae682a57 100755
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -41,6 +41,7 @@ extern "C" {
 #endif
 
 #include "version.h"
+#include "config.h"
 #include "os_int.h"
 #include "crypto.h"
 #include "crypto_misc.h"
diff --git a/www/index.html b/www/index.html
index f301522431..89b8a1cb78 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
     <div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div>
 <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
 <div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>

From a5f7ede49300a98a039e2e394a99ad19786bde09 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 28 Jul 2015 02:44:52 +0000
Subject: [PATCH 215/301] * Fixed client certificate issue where there is no
 client certificate and a certificate verify msg was still being sent.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@250 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1_clnt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b557c3b9ff..e414b291e9 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -364,6 +364,9 @@ static int send_cert_verify(SSL *ssl)
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
     int n = 0, ret;
 
+    if (rsa_ctx == NULL)
+        return SSL_OK;
+
     DISPLAY_RSA(ssl, rsa_ctx);
 
     buf[0] = HS_CERT_VERIFY;

From 4e0ccaf9b2d38b7f4697d8ce26f4186da24f48aa Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Sun, 30 Aug 2015 13:34:00 +0300
Subject: [PATCH 216/301] Import axTLS 1.4.9

---
 LICENSE              |   24 +
 VERSION              |    1 +
 crypto/aes.c         |  457 +++++++++
 crypto/aes.o         |  Bin 0 -> 35312 bytes
 crypto/bigint.c      | 1512 +++++++++++++++++++++++++++++
 crypto/bigint.h      |   99 ++
 crypto/bigint.o      |  Bin 0 -> 94704 bytes
 crypto/bigint_impl.h |  131 +++
 crypto/crypto.h      |  230 +++++
 crypto/crypto_misc.c |  367 +++++++
 crypto/hmac.c        |  105 ++
 crypto/hmac.o        |  Bin 0 -> 10444 bytes
 crypto/md2.c         |  162 ++++
 crypto/md2.o         |  Bin 0 -> 9808 bytes
 crypto/md5.c         |  294 ++++++
 crypto/md5.o         |  Bin 0 -> 19348 bytes
 crypto/os_int.h      |   67 ++
 crypto/rc4.c         |   92 ++
 crypto/rc4.o         |  Bin 0 -> 6232 bytes
 crypto/rsa.c         |  269 ++++++
 crypto/rsa.o         |  Bin 0 -> 25612 bytes
 crypto/sha1.c        |  249 +++++
 crypto/sha1.o        |  Bin 0 -> 13688 bytes
 ssl/asn1.c           |  566 +++++++++++
 ssl/asn1.o           |  Bin 0 -> 48176 bytes
 ssl/cert.h           |   43 +
 ssl/config.h         |  127 +++
 ssl/crypto_misc.h    |  172 ++++
 ssl/gen_cert.c       |  364 +++++++
 ssl/gen_cert.o       |  Bin 0 -> 828 bytes
 ssl/loader.c         |  483 ++++++++++
 ssl/loader.o         |  Bin 0 -> 38320 bytes
 ssl/openssl.c        |  323 +++++++
 ssl/openssl.o        |  Bin 0 -> 827 bytes
 ssl/os_int.h         |    8 +
 ssl/os_port.c        |  158 +++
 ssl/os_port.h        |  199 ++++
 ssl/os_port.o        |  Bin 0 -> 13424 bytes
 ssl/p12.c            |  483 ++++++++++
 ssl/p12.o            |  Bin 0 -> 1812 bytes
 ssl/private_key.h    |   54 ++
 ssl/ssl.h            |  499 ++++++++++
 ssl/tls1.c           | 2191 ++++++++++++++++++++++++++++++++++++++++++
 ssl/tls1.h           |  297 ++++++
 ssl/tls1_clnt.c      |  395 ++++++++
 ssl/tls1_svr.c       |  478 +++++++++
 ssl/version.h        |    1 +
 ssl/x509.c           |  559 +++++++++++
 48 files changed, 11459 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 VERSION
 create mode 100644 crypto/aes.c
 create mode 100644 crypto/aes.o
 create mode 100644 crypto/bigint.c
 create mode 100644 crypto/bigint.h
 create mode 100644 crypto/bigint.o
 create mode 100644 crypto/bigint_impl.h
 create mode 100644 crypto/crypto.h
 create mode 100644 crypto/crypto_misc.c
 create mode 100644 crypto/hmac.c
 create mode 100644 crypto/hmac.o
 create mode 100644 crypto/md2.c
 create mode 100644 crypto/md2.o
 create mode 100644 crypto/md5.c
 create mode 100644 crypto/md5.o
 create mode 100644 crypto/os_int.h
 create mode 100644 crypto/rc4.c
 create mode 100644 crypto/rc4.o
 create mode 100644 crypto/rsa.c
 create mode 100644 crypto/rsa.o
 create mode 100644 crypto/sha1.c
 create mode 100644 crypto/sha1.o
 create mode 100644 ssl/asn1.c
 create mode 100644 ssl/asn1.o
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/config.h
 create mode 100644 ssl/crypto_misc.h
 create mode 100644 ssl/gen_cert.c
 create mode 100644 ssl/gen_cert.o
 create mode 100644 ssl/loader.c
 create mode 100644 ssl/loader.o
 create mode 100644 ssl/openssl.c
 create mode 100644 ssl/openssl.o
 create mode 100644 ssl/os_int.h
 create mode 100644 ssl/os_port.c
 create mode 100644 ssl/os_port.h
 create mode 100644 ssl/os_port.o
 create mode 100644 ssl/p12.c
 create mode 100644 ssl/p12.o
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/ssl.h
 create mode 100644 ssl/tls1.c
 create mode 100644 ssl/tls1.h
 create mode 100644 ssl/tls1_clnt.c
 create mode 100644 ssl/tls1_svr.c
 create mode 100644 ssl/version.h
 create mode 100644 ssl/x509.c

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000000..eed70a9a67
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2008, Cameron Rich All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer. Redistributions in binary
+form must reproduce the above copyright notice, this list of conditions and
+the following disclaimer in the documentation and/or other materials
+provided with the distribution. Neither the name of the axTLS Project nor
+the names of its contributors may be used to endorse or promote products
+derived from this software without specific prior written permission. 
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000000..4ea2b1f403
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+1.4.9
diff --git a/crypto/aes.c b/crypto/aes.c
new file mode 100644
index 0000000000..9b07e27ea1
--- /dev/null
+++ b/crypto/aes.c
@@ -0,0 +1,457 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * AES implementation - this is a small code version. There are much faster
+ * versions around but they are much larger in size (i.e. they use large 
+ * submix tables).
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* all commented out in skeleton mode */
+#ifndef CONFIG_SSL_SKELETON_MODE
+
+#define rot1(x) (((x) << 24) | ((x) >> 8))
+#define rot2(x) (((x) << 16) | ((x) >> 16))
+#define rot3(x) (((x) <<  8) | ((x) >> 24))
+
+/* 
+ * This cute trick does 4 'mul by two' at once.  Stolen from
+ * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
+ * a standard graphics trick
+ * The key to this is that we need to xor with 0x1b if the top bit is set.
+ * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
+ * c 0000 0001   0000 0000 we then subtract (c) from (b)
+ * d 0111 1111   0000 0000 and now we and with our mask
+ * e 0001 1011   0000 0000
+ */
+#define mt  0x80808080
+#define ml  0x7f7f7f7f
+#define mh  0xfefefefe
+#define mm  0x1b1b1b1b
+#define mul2(x,t)	((t)=((x)&mt), \
+			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
+
+#define inv_mix_col(x,f2,f4,f8,f9) (\
+			(f2)=mul2(x,f2), \
+			(f4)=mul2(f2,f4), \
+			(f8)=mul2(f4,f8), \
+			(f9)=(x)^(f8), \
+			(f8)=((f2)^(f4)^(f8)), \
+			(f2)^=(f9), \
+			(f4)^=(f9), \
+			(f8)^=rot3(f2), \
+			(f8)^=rot2(f4), \
+			(f8)^rot1(f9))
+
+/*
+ * AES S-box
+ */
+static const uint8_t aes_sbox[256] =
+{
+	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
+	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
+	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
+	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
+	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
+	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
+	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
+	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
+	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
+	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
+	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
+	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
+	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
+	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
+	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
+	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
+	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
+	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
+	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
+	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
+	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
+	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
+	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
+	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
+	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
+	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
+	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
+	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
+	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
+	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
+	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
+	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
+};
+
+/*
+ * AES is-box
+ */
+static const uint8_t aes_isbox[256] = 
+{
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const unsigned char Rcon[30]=
+{
+	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
+	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
+	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
+	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
+};
+
+/* ----- static functions ----- */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
+
+/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
+   x^8+x^4+x^3+x+1 */
+static unsigned char AES_xtime(uint32_t x)
+{
+	return (x&0x80) ? (x<<1)^0x1b : x<<1;
+}
+
+/**
+ * Set up AES with the key/iv and cipher size.
+ */
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode)
+{
+    int i, ii;
+    uint32_t *W, tmp, tmp2;
+    const unsigned char *ip;
+    int words;
+
+    switch (mode)
+    {
+        case AES_MODE_128:
+            i = 10;
+            words = 4;
+            break;
+
+        case AES_MODE_256:
+            i = 14;
+            words = 8;
+            break;
+
+        default:        /* fail silently */
+            return;
+    }
+
+    ctx->rounds = i;
+    ctx->key_size = words;
+    W = ctx->ks;
+    for (i = 0; i < words; i+=2)
+    {
+        W[i+0]=	((uint32_t)key[ 0]<<24)|
+            ((uint32_t)key[ 1]<<16)|
+            ((uint32_t)key[ 2]<< 8)|
+            ((uint32_t)key[ 3]    );
+        W[i+1]=	((uint32_t)key[ 4]<<24)|
+            ((uint32_t)key[ 5]<<16)|
+            ((uint32_t)key[ 6]<< 8)|
+            ((uint32_t)key[ 7]    );
+        key += 8;
+    }
+
+    ip = Rcon;
+    ii = 4 * (ctx->rounds+1);
+    for (i = words; i<ii; i++)
+    {
+        tmp = W[i-1];
+
+        if ((i % words) == 0)
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
+            tmp=tmp2^(((unsigned int)*ip)<<24);
+            ip++;
+        }
+
+        if ((words == 8) && ((i % words) == 4))
+        {
+            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
+            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
+            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
+            tmp=tmp2;
+        }
+
+        W[i]=W[i-words]^tmp;
+    }
+
+    /* copy the iv across */
+    memcpy(ctx->iv, iv, 16);
+}
+
+/**
+ * Change a key for decryption.
+ */
+void AES_convert_key(AES_CTX *ctx)
+{
+    int i;
+    uint32_t *k,w,t1,t2,t3,t4;
+
+    k = ctx->ks;
+    k += 4;
+
+    for (i= ctx->rounds*4; i > 4; i--)
+    {
+        w= *k;
+        w = inv_mix_col(w,t1,t2,t3,t4);
+        *k++ =w;
+    }
+}
+
+/**
+ * Encrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], tout[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        tout[i] = ntohl(iv[i]);
+
+    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+            tin[i] = ntohl(msg_32[i])^tout[i];
+
+        AES_encrypt(ctx, tin);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = tin[i]; 
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(tout[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Decrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        xor[i] = ntohl(iv[i]);
+
+    for (length -= 16; length >= 0; length -= 16)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+        {
+            tin[i] = ntohl(msg_32[i]);
+            data[i] = tin[i];
+        }
+
+        AES_decrypt(ctx, data);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = data[i]^xor[i];
+            xor[i] = tin[i];
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(xor[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Encrypt a single block (16 bytes) of data
+ */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+{
+    /* To make this code smaller, generate the sbox entries on the fly.
+     * This will have a really heavy effect upon performance.
+     */
+    uint32_t tmp[4];
+    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds; 
+    const uint32_t *k = ctx->ks;
+
+    /* Pre-round key addition */
+    for (row = 0; row < 4; row++)
+        data[row] ^= *(k++);
+
+    /* Encrypt one block. */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 0; row < 4; row++)
+        {
+            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
+            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
+            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
+            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd < (rounds - 1))
+            {
+                tmp1 = a0 ^ a1 ^ a2 ^ a3;
+                old_a0 = a0;
+                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
+                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
+                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
+                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
+            }
+
+            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
+        }
+
+        /* KeyAddition - note that it is vital that this loop is separate from
+           the MixColumn operation, which must be atomic...*/ 
+        for (row = 0; row < 4; row++)
+            data[row] = tmp[row] ^ *(k++);
+    }
+}
+
+/**
+ * Decrypt a single block (16 bytes) of data
+ */
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+{ 
+    uint32_t tmp[4];
+    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
+    uint32_t a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds;
+    const uint32_t *k = ctx->ks + ((rounds+1)*4);
+
+    /* pre-round key addition */
+    for (row=4; row > 0;row--)
+        data[row-1] ^= *(--k);
+
+    /* Decrypt one block */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 4; row > 0; row--)
+        {
+            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
+            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
+            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
+            a3 = aes_isbox[(data[row%4])&0xFF];
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd<(rounds-1))
+            {
+                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
+                   are quite large compared to encryption; this 
+                   operation slows decryption down noticeably. */
+                xt0 = AES_xtime(a0^a1);
+                xt1 = AES_xtime(a1^a2);
+                xt2 = AES_xtime(a2^a3);
+                xt3 = AES_xtime(a3^a0);
+                xt4 = AES_xtime(xt0^xt1);
+                xt5 = AES_xtime(xt1^xt2);
+                xt6 = AES_xtime(xt4^xt5);
+
+                xt0 ^= a1^a2^a3^xt4^xt6;
+                xt1 ^= a0^a2^a3^xt5^xt6;
+                xt2 ^= a0^a1^a3^xt4^xt6;
+                xt3 ^= a0^a1^a2^xt5^xt6;
+                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
+            }
+            else
+                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
+        }
+
+        for (row = 4; row > 0; row--)
+            data[row-1] = tmp[row-1] ^ *(--k);
+    }
+}
+
+#endif
diff --git a/crypto/aes.o b/crypto/aes.o
new file mode 100644
index 0000000000000000000000000000000000000000..2d10e6d61b32126958a595851154435673e62722
GIT binary patch
literal 35312
zcmchg30PId|Nqaq_ktp*;EIBJ?-junF1VW}AS$>N;gXrD7Xifu2(G&cTG?WYnq`&+
zm2K9yEL&_xEiGHVX0~tEw|%vJv;4o`b7n3dO#A)*-{=4Q&+`oPnwighW}h>2&zwW`
z$Z?}=+qTSQThpxumt{50L5SP3`YD0#Ru?N#kyi-S;7Y*t7cS{<bRKVekM}r%yVb7x
z9_dlvJ@>(zFMq!4xBK$4`nWHfl-xFUO@U?gemZ7EUfkF2n60B+R?PWBpE)Zo=A*CO
zbJE97&Yo;#Ot!~I#JD%OtU{N)+U2fvxoS4sR!Q8<Qg2O(w`Or%MTxi6v%%#lbVaOo
zHK}w(o*=wUufA*jYjZyB`cVE$b%zhk%(ARAEbH*Qac}za>~~}Sj5z#~H~Yn-xt?Jy
z`o!d&f!e6ItlTp)1EI`o7iL}@8gg%DVBvMOmtHw!_*WlhH?!v08=|b$O|6=oxD2=D
zkF?h1c&&@$YI3|aeeD4L`t5`gZ%&}pj*PWRt{7I5J;Y~O)KwG892B~415(fQE<`ql
z^uP3iY^AGbH>z?$r>*qFS^hYv^5%Hw_!3^2+o!t=3iF!h#*KY<^xdvCuN<3_?!W1y
zL0LV!C3>6;H~sF}58inBvt7U5*J@X0^CM`7!d6!H?ly-@;%=L~V!dUpvaEA0Yl<hj
zWL>vd@4&2pzy3)7xEg<KMc>#!MqpjnSnuswb@03;u3}p({OkOIbvMV>J)E_DTm6yy
z<0>ADt=Sg4eOn-ZY9Mfbpzf|fpnt&1&CGvr6+FF@0<pQ7fxfE(Ljtjxnfa4e<#!GA
z@QlqV8MPL<*-%%vF0S4m>{#gQh>Z74_6Iv>1miP&owI`-{JXq~p54LZgTZdDV9JNV
zr0;`WUyL|d$KH#kSiQ^pR`>2M$FX5o;H|+u++*J@dE%3p@Avs#k=I!M7mj$7vJ(6S
zKB$jh?dw?Yj~hFwXY%T2+k9tP1;IprFkyADQ-&|zzbn?%*9KpFOw5MoVmBZcyJG9R
z*7*H8z3g3q{rz&?1-ml$_xC0Rkk|_)kH3YC$G8gHS%ty&g}%hqyE1zY>N#qPJJ&PT
zpE)v+=PtSb3%{@Z24AOWe~h~T6l~`Yw#^8($-cKH@$rFeU85FQF)^d^EUQnmgqwR6
zoZ_#mXp^7c#_MepySOfPQeCXS4q7XlWEVta`CXYq<}9n8I-_S=VWfL?6KjL7O=W~t
z;IjO_wsXr1BdwGkP2P>{6S1a?Wz~EV$lnxLml_z|BKpWTarNH>4j&GUvMn%R=D|SC
z!+`_u1x80VKk`^y{bPac+e3R%nHF5Yn$>}twSm!5F-JDX)o%{0TNhe`KsZ1Zm4W<{
zK*iF)=*Z|JC2{p7ftfRvW{kj@p?rV9n;fWl*JkHG$LpQM0XZaCvCz9Ta%|t^F|NH&
zAFK4Wi*fZlvuFC8h$(JWY59`_XSv7vOYZ*+W%B#lC2aQZj?G|wwebhr4ZPDes;d?G
z;IVAfe$pUU0or0@psRPV?&bT_o#uGo@9Pko?yVokNeX?W(AQzLFTQYZ>;_*#VX(ud
zc-NZqkBw?+Wgvc6(|59WdH45o;(y}zb<XV95Z~oXK^NWaOFro9_MtE7dtcY<;+h|c
ziHZF7m=)vh<6g7j82WI%>cjp*pI`Ukq>P|9!<UpD^yxmFdNA0>6-@gu*!%lnFVTlH
z(1%4nGT&l88v5{~;XYjG^P>0mOg^})_Xn2c4|YAsQQ}3%&8~|zW%cf^vryK;p!eXe
z*!`FsoPdm7`K+%I`}_Cs=xRb%5BmJ*w*Fm13xiz}O6p7E<}N7Q>zO&go3ZEU6j!d>
zzxyaUaDgvAuT{#`Uli^=QW)%9=<721wr(*oYbvZ$PS4D2(<?1ucx+DH5!GD-fi~Hm
z45!D&_N^OpT0ul#zbie%9k|(J9rPt;`#MdX-ZOQ`sT(3VrD0+l-N&^z$67ZvaOBmv
zeGx4ZADa1Y;J|^<!C*4`nnQIr2aa4Cx35`D;u8lh4%F0yA`xW4#$2;6x&=CG;scqg
z^Q!)-`fgxz;K<UreNoM!adDucB2*bn7-d@y9P}k0m=o9+*&IC=Q5*N&n&p9gO`0EB
z9Ea3YOhkhVF=vhr?DNDP$ze!NAUoJCGgEc>oHzh<1~Auc=G5oy7O4AIVBNK-x`evh
z0_!#f>b3^fZKQwTlt7>)P_xapHph9PJ``AYop)wVpklKZHx0}rnR(v4$h{FL-)1{7
z*lTTztLuyVM%+PPM{ieekLG?~$LM2d7)+SSEnTB-JjRJ~*U;yEXtO!4DQq*2BTs>^
zL-x~0Q?C9LQ_?|S=Y*1jFCOvxx)cTz4+cA@+~(Tb)7pDE#}fKQ;jaAs{q}d;k4dY$
zE7yZ;X3x?yo*7lI`hC7(_V^g5J00}-&>IiF7<(}2JLv2BdOO$NY0j9+JlU8^YCNXW
zFl2W7QV;t2eCX@_y{}ipm@4pfiHVG!ba2<vf?y|=-446&t$E&u0>=y=Rd~#Hd78$0
zGiwqC%zxvq@z<qIe|*;7P5tK{+Hv0R-#&wzSwYm?R|5lX9rRS@EjO<E;q^aO{Acj$
z>(h>1)bENBIZwa$`STN(Z_K!Dch_OxjJrBI`}aMkHBG&#r2Csm_b)p8=DY=KU+z}<
z>(51N=3LwE(AH@$oKyVJhWQn_`G0=>$XnCfjym)9%Wt?~-5YmVmp%SUvtK@%60vi~
z$jAe|J72kfcuUu=d!KOItuLK7WPM!L>9gPYV$=8ke(A^qpHy9QcgX+gzxrSJ;co*!
zOI-MV+34>&p4+L%GnbS<T-ah;{F4bsC!acY@4=<s>)x*aYsrgKf9&$^9epouvM>F<
zR<UQL)O<B#<{8y@c6e}1^FALhtG(*EE#KB1K4ttpJ%8H%?3a%XJ%7UHVEbO4m5(ld
zE%}4eHnS%AV$PejV)63t=aoMbuxI!B>-D=9?O*-edB2}E`pCZy-F)wst(El;|9MsN
zfZ@Nq(C^ldzdQGh^tPUTUH8Oa6LDRWRy7}fnR5TasPlVwOemXLS8&Q}J9_*l?Scs}
zTVH#R-goxg=bs!rX55s2ANY3LA0x*1y>R4juIl`uwRfCxOXiguZW#2_;}5;%i#_(k
z!53p%e>G!MPWz{CUpcJkoDNkpSDpTjzvsG(M}4!i&3n_M-#(l%q*-2M(zM;L++Dc-
z>W`Lw`s~03m%n=2o%1LE_(k!udzwDFq+4p@Z4d1I?A=h8u}`eMwBpnUOLE;mw+Qw>
z^N}^XI^Foeuh+(vzInyQ>pNfc`Ad_!zkk_Hmo$Islk7QJoBOofKJl@3F_;^U;c{E{
z3Jd);32t*OMECVzoolto^iZzGzRY#G`wGvM7;kj*S^}B1uuVLV%d+;scp~B1qR#g8
zg3V|(wu)%vp7mJPeCT%M>i;IUA{t?cioZ6Nx0byW3H5+tUj3Rnw#$wj1#;O<??b4|
z74eL+nv8+v_C%DHg)En+Nd!HcMhv24(<aah&xl8q)uaMp9uI_CQOIuk8LWtSB;)GY
z8xj#OQEb2v;v1AWBNxb`SwGtDQE$R-@*e)UbJx(X$-g1v&Lg{;&a1NAV<_Q?DqUo`
z$9@j{$hMkc&{^c@BK%owHCqnrH{)(;MI=$jxGnIB@wiX#09W%t_+vG{5r1tfVjaT^
zcpFzy`vH`yV~*+^<91suIKkW7SP*+Uu;miCn7kG1r{DcVHnP1X14WLT6@tM1L|$?8
zikHGU2u`+P913CYpbIN6tJT+xwu8A_3uo(6%YHBmaJO<87mL;UOv`>~1fn&EZ0pd1
z3OJdE0Gw_50vu-%LrW3(a2{kgGVm_^v3F)cgw@)%1b<FJ>$S5d+L`U_3GVgzk?rh)
z$o1nQyMBb8)ZWA7+Ivn#{CHMsdk@oT?>U_wtb`6f;g9{N>9Y2g_YmTg`cIbnL!`ix
z9AlbpcyyeH3b&d0RJs<^MV%#dh0=}lLgmab&NyVIW2mojUZ9-)jPoN59xH*xwF_-~
zH3Ab=y%#F(G|~xRnw?c;&9>RXT~e9#IV$xo(FoMsIT&a_WXO@|97JXeA|o0r%TWTY
z!$lpXHcQ%tJ=mVBxHC#T&%PYFLd9JSE8eNptB5SR_hSmj+Gd>FTUKB=_*4;MZPsFE
zx))T<rWCtNF5Tq|Lv&MiC5-<A7Bf~Q`2gG<QR}Ug>lj>JL#1Vw-C7mgy}qtG30u_$
z_qyt??20D1rn=imq!Nd0O~ize{1j!|D_vvYPO-X=NAL^|`yMb>Yb22LI>1iQ2^?9O
z)SHnKwfpeOZnq-}_w=_Nr*Vs;al6sjlRaoJOm`~mYHvg1_WA|xE=>Sm0`3L$W@sNb
zs?fdu@XFMdfPcd~H35)?sVp@Gu#|u$p0$NA4DcU9E}&-=U;<zYVFq9aVIJTs!eT&&
zW{~69KZZmznVVI10dq4Ee!CFpgu1AOp%>T{CUg<&CXI0~LTG!2uC}i*p<ggGz|gG-
zZO72_ZKd^=7&t7e+YnSrJm3{XNp6MY?e41jpMx9KKMuj?Qc3zX2;&I;5djUOIFqB;
zz5d8bt8EcP^$>ThfC$F;;gu>h2d&m^6@uB$L*bAKWx$PuE(s@;sS`Q}0SyUFaT2Pj
zw%Ts}dqOqUDxoQe(%!@ABVjlG*c)xT5N+j*(T!q^ZdCJvGe)mbJ*V@M5C-EWHAcZ0
zjbX-c3^T@Km@zAaxxe56VdnV0)=?RRMuSjj5c)K#@$GOIHNH2ic5ue`b&5H@uXo0`
z_j|OdJ<v9HVtdQy=qAoc9;ilgLUS{c2da@gl5RDU2da_09ByYM4^+zUgPS9HuyP%R
z%NfZ-^uWT%T~c0Y*~VQ{-9?RT$DO36J`;9ir5feNi7^?4Uc=TOf?**?c>r#-ejI|G
zQC<O|8WhDD<=Hy%1A3H?(C+$`-GYe1j(gd08u619HI^EUJy)Ystbl7Bd&GFVJ(Tyl
z9)5`}09OKv0KFO7=XSW<>+4sh?f_f~@6@LN_p}5&57-+Ecpb17MM?b+U|K7{w}24g
z55Q%FCg^lq39SHQS_3)(-XnAeRJH;11w^(53<r!Qj0LPCoC$aWpr(XqD7}MOzuzv#
ze4z$!SB_*g=zAbk4eK5D`6hHlI5ZoftRwpY`z8~5EF8)K){&tP+E1C#ot#0G=JOD$
zrjv*4cTMOiRHi~Vnb3#rKTPP;3{{iOeMa+6XR>M40U?+J)}de&%0wH;IbZ<XXtSFU
z>`XTKXfMtsK?F3+0eZ4IfXQYjM30+n>cwR9DuUVF?mRA`S|_1*!wGqGLi-yfq}C>!
zzO1&t{yiZ*tL3AR8D7qqXZ()X5pFMrWPB3-WZa9S?Ip1&0DQs9w;5M4-QcGde4VU}
zz8u0^1}G^6S@CUweb0gKJh-O7(T~tiQ4uBDd#1y;zZ^iUuM}&5n7LD+HO}tVqII;p
zMM8@>yH#W?+R>F{MMs|sFZ6JY7$}~W@I@}$S?(4?qECs=Ll=!~ZM$1UN6=}**`#?m
zY!F17!r9ajr87!6QI*YXJFhikMf<G0)@cxk@z~MPMpyIh(3Oa(r9~>zpl?ctyw+Zo
zPRod}Vk~h}?cp7a1dEUve@%7=D#lD<(s!X)t>Dx-r?YjxMxkxs6rpV|S#6_g(xIl^
zrK@er6~8_k-LX9@fhCVmMy7E${(It^oWwh7^$~fknOcG_MMO#mrwoZYa|pMrPC9GK
z(YYZe))zWkD#RO34QiaC>ePG<+L)TZK_8u68#KC5h@=LcbasnIL0d(##*!Nn$ZI`R
zRbmPUVRzJq<<v%xXnRt7%J%Gp+9`lzO7vL~^yn2~rK_^`rU<6Uesm*xssi|=F$&W%
zQ3BEf3kOr_RF|Q1iRz}3zE0NI3Ho(#veqv`wL$-6<ZwXaoO1-=f*LHx3uskgthlW8
z<7jg$<g(5kM-g**0k$=P)>efD_#3`DgKTRetsXE?lutX|@usEq=L`M$@D5*nK(;lB
zmfCJxKiHFMP3S;C7L3aZ)Y3j52AQFCA&lFqT3JiD)bXd~WO6z!ZkTLq8c1CXr57@p
zqrEI9a19J{K#ReVsEo+2o^T%Sg#QCdWa7iH4mkKLtd2_m#8YAAIS5a69l>8pplWFS
z3DeqIhFx9LV;u)2Ewy}0EMJx73#VZ+9?7R_mQ~B#{|<x3P&O6V)?`{v3C;yMS6^68
zL8lup?(Z&F87iQ~jhqM7S`bcd6@1q#fyuN!rjWJBu2sO<*qSVLtyJNao>~HBP%K)1
zDgThCmSC%R6HUA;;q?l=tx2>f?y^EARPArCQ^5taZi9)m7FtWKj<sYb<^)>r=%6Yq
zrI!2+47vcV-(dz@m5inS4D6P;gqWVR*y@-PvLX@S{B=U;6%I=Y*T$VtbFb1`K<hD>
zNUKWah3w>|fEIroVKys~7xFJKC?GB7#rscrNns>Y{wE>*G>mOcrF8%%(urJ4c9NV*
z>ou4jND{@*ZPTVpS8r1LZa$TR%&;>BfzZAT2~hk^nB@N{%5q1ZvaHpiC(ZhCNv9m2
zHWaCL;co|%PO9bajS+5(g|cKPR8Q5c?sL(Bj&IYjn&Z0xY9!p&$Mu77oPSQ*v@)Ca
z*8eK$<MVX#EH&<$4K0mQoV0hd%|$1W{mXP#bWT<rOVH_`+NPmr@@I|KYA6@b8m@3M
zt$iLfb>^BrOv%nFcmk~|CpeS#3K-j(LQBWWl(CXktckRAtel2elSQl?8OzDaBwA-F
z1=DC<4CA&|RMZj}HIg@w%*5Jyow#uuRn0KN#=`KH@+f2|M>gU7G2;*ns*cv{FdhrP
z!PJr%5e1{w2gV5?<v0PfVxZ6oAoYhq3|fQ20i-MyFp(Cs?Zl`DvBnTX=7$2fYvr0?
zvI#Fml5fLs{=nU(mi!(}zO^2chQH}KiR!LXZTXeG%<9`QBWXPXrZ)~qS!SD%8OMcS
zm{7A!v0kOPNTo<-itSFEVmRI;$nXc2NXv;w{s6|d&M~Sfa+4BSqEwUlt4l}RJWcM7
z%XclqKY|f;Mm0~sMB?XV=A66-25L@L$XbSf4P#qpn%uCNTPd#sYGfHX`%@#?Rt*(i
z4!w;2!5+iT)DUwj6~t58Dxl?qaa)z=)e?SGj%C%g1V`P}hBj{KlfOYN`>j#k11Y<$
z_1mj^1DqaqmWikQO$kh%a6@O-*pCqYc(o9Iy!v=yF5)QtCQK7>WToY=rQ-vbDD8m-
z5}jWunM!*4YfUz7>n!G$1wv{&s|jsknxZ+N3sLFn48sPZ_J(p4usAxOJ7qq1hV#iD
zUk(##tyFD6UIG(^eznBus&p<FB4qX@Awp+8jQ8YSYmuXjQf%+OC+^=T?U{`R4ZGKK
zFsAd955gp#Sg9Uzlz3IdA~P%h9LqE)2N-|Jj<lAmiXvYN6NOsW6-DRuLWJy8R9J*g
z4xoRisKri2QHr@6c=BQPzpE?`>1{BPxcPCkksp9z#&ylm`LGZnGkqaqvV)ADY}6k&
zv+<X}*I_VLX}Pf*$H<|@2X1oKrR0Z7assWV@e2onGie`yK`dH2R;FnX#`;3Vnn+8>
z%Avha#X5(Uj+G;0Ia!%R3wvVdpGGSSM&0}fOwioy+911BW86m7BanL%h7(B(gi}u5
z{P-K+wJ^B((YgpKabr5NvX-;~1_88~mJ?u7a$F`I>Y)s)j1rw;FwN6qwq#8v<0l~g
zFxb>uKSkZ4YUz3zrVU0WR<`s`!B7l2os1#;{V>(4cAHzm70wN7rM|~uCG_`rjPn*u
z_CLm}4)>IGLg(>$pq^i0&a$dqCJ$E%dGy(nW-jG_mxQUw;YfxR5{VJZp+G(a(+Wca
z<-{<?;L}w@e-^X1RUN)tUfwuc&Q76GEK@NfP9E#TSw?oa1Z|{@HDjaU&-`zcowza^
zCt&JjDiU()#hKg4EJ-V8<AYsELzkgHe`)5X=)^@yX(UfsHZKZsvMzSg3O-r$HcG%0
zVlfh7#&J`<ySkzCvl81Puc%z*FPfM^%pSLdC#kOEqfnepGWEYI%?bPW-?C*2v=M2s
z=FDBr_}`=RU>0P?pM`IRyhUPr#olfFk7EAdPwVCeKu&~Q$CG!fT88tfqlrW21A?Zg
zDyMGg8U*uCS{OdgkqJ))$Bm&zx#YuxNK91BJz3}SWc^0vvK#c9IAootlg1Hw3XkjK
zro3>Tj-lq*Nz8VDtn+ljrewYu-b>}l*+P(Yo=zG^<SCr*<EFrHo?OTS#~^=IVR~ep
zr*Iw1>DJ`Qukz%?A?rMyG>*tqIN!(XH9hQV)Dv%UE~{TH?}+<g+?X9|34D-?-<W8z
z&nW+%;d@uVaKUy!fVWiMLaAh-62`iG31Afr)&aczF)n3{jz(+rwTO5*3}k8XwyD<W
z=FX}d$7dVD%sn%JjM92Y;bdCuziQ!4U{)Z~kfU>$F`dfJYLQCA3OgDN#A(CqcF1h7
zf&a}E!qzm|=Lq2q-1L4jd#Ly1iZKaNgXzb}Lbz>@>u)EWtQ#%F`8<y&GR&fwJP{@e
z(=G0fOpDGlg$S8_R*2B4Gk&t}_<xb{lc{Kwan6Cf!<+ey%xs|U!n4A0GnFn6rF8S1
zO!CCHMN~$kEbw{e`7maBCtm>*g~iEvPTkSDUWkxu8;j6+2TU`>T0bRHr9d}t5<(N5
z%(WCV{b&=yZh$fO6EamqVW*>aHgw)4M95SpM2xok5cIGTb?!psXJELO(0f2SpA{lx
z-spsg(Z*vl*cIc#5?^0j^qPx5RLw@vT$lwg6)^nyi$6y3w;yxyhbW#bIo|&m{CSFn
z+u)Tj=AxemhC9tSgg^HNkD=gC!f>a-b-&CH*Xrv|;Lk~bi}Mscfthr8IKXAS52tPa
z(V{v2syBsfxMx)^tq7G{X_KmoE348<XIGZbn^PW|SH38%qOyE$@vKl)T5(mypo{?n
z(t?#m3row&(+U@s&M!(^5S&$BwIpqEdF8ycEGHy2SW%HSqP#3rT!v_4f{TJ_a}a59
zu(H@FnN_~PU|OiWe128h5=d7C`^;aG9vIN4cz(&>Jxa@F&0knljK|`|RjKOKa#g4Z
z=Ok0-u+f|XfKeJe(uEIZ(jB(#wxU{EwmUM)gTEfdE23QBC_KF7U-C*7YDeKDsoRCa
z8hAMBae)w~NQG!W$SA6&w4#+^YLIIPZSZTLl~Iv8uIK+l8q30IGz-%rRpRDRQ7Ca!
zRqiEGO%<~~Rzx*ZH9>Yo#o(`-wSszL4XLs@wc}Q0f<Gl~_1CFgRd=XwN1maL<I>-y
zLeEowZPo}hIDZ-HXs*_p>7(+18n+|SsPKq%M`#TVu^gQyKaAz1E48_mPA6SQUZ!G7
z<m90tR|`}Pv{&_38r1}v6I3nPQE}kNs8;yf1cyOPib}KYGw6Z3r=TVjsXQpMqj2m<
z(F&zIM%95wwakjBXy|ilafK?YVYY_Tvm1JlE2@RoRIT#l)-lo`Ylp+!3{&Y<M<pU;
zzp6`AWm`C^b%IRx(Upwj-fOFZyLC5k8k*gvaYZ@R#lNOO8+;r|<KNI#oDOrIXkw>9
zouWFioI)&9MTt~7aoB0Z2vu4CTB&O5Ra=$8iRX0EyPVd4&5ml1oNZI%&i%R_)h?WW
zNA6BX?hQwSTWKweiicFZnlh@RV!<WMg{ry-tE2oHZT1CSpC(upO!=Lssx4Aw-&U#?
zC~mF({*6_f_Tjd2+R^EwPV7CFYP1n*u>Qa7BuT19Oh@&EJBc0DMi=iq)jeNvx{Ivj
zzq3cpt<~zU31zc88IIJU&K%RwP5wSZIB|_XHJG|!EXUvJGRstxIkS%JR#M*SN=}#g
z-RX@NxuO!F={Lu9u}gJ~Ume#aF4X~kaa@<WqB=tI=kruTYh9{C{p5sQ=D2=zTvs@f
zf1k^oV5dw@zNC-S5oM^EXE_H|t7ILWPPrWoZZ+=|u{XNCYP?pfUN)U0LiMJ5tD|~{
zyDDyi%Cn(^szkJ(>Aover){D;EpL;hircHdrOb+okr3`BfA6TzSW#UN@zRxQ<b12j
zh4~U|4&1(H;C%j!s*p9myll2t{aIL6RXV$@xX8;FAF@VHm{C<6qLhV$<mvpAA%rQT
z#b;q<VU0d*l6Qo+U+SRL3~!$W)Hf?Qe|{CXth`UCcuA;F6;?2%<z;>5mxhWfgAAJO
z?Q=S;(-8y9h+(q^5BBycfp}@z{L-@GJ|zpwRE#RFHfEGo6_zh?GGOvoRIFAU7M4Px
z^Z_$M7LJY2=$m0xmM<(Ts!~OmRXA%#ahW5=BF!o<TU1=>6su8rPh0~dCQh+%VwFk@
z5LKxhe|pZy8R;2=tfF8jXjRQAuMBw`sajCHU{=LaC2NwdDqU6_T3S)8mq=;O@`)K*
z5-MF#9M)@vcs`c?DwT}>11zlSP?m54s<O*M<#Xoiq*)oNDUpP#iM|=AiTTB4vqN(%
zCB2{=D>hYlREDXuSqm#GXH=FIS>^MKX5f_YoKSh$d=-BXqO-zPeV<@4TAUVK62fY+
z80V8lj~Fq;+kIALc~upckbO=Y?M+Y32&4vjI9)-#=i|jPkSoF|YI!*$udJlpnlxeL
zjI8Vlr;nR7apa6~c@sw#WR06JEYK_~J8xJzx+t$A$5OUhQEIoRy8{WZxW=T-aICD=
zse7F6v-~hTO2v!*<aikRXTi+UycPCYnt48m7v;&6qx`8*&XZ1L9<t)q6nWr5A)Jv_
zdEiMQp3k9-?Q;CcJUzsV@_gh!6ily7{K<vwhvAln$5Y8Sfq5p0%%_N_Xy&1RCe6I@
z@#yK=pQrha|4gtcBOl@MqCA;L%&7AkFw`o4KD}by(SHZn=;6a5BhN=@yr_qq2AlGH
zDA`XlpE>fP40$wc%J4ZPFZz>Dg-w5M$#~J9j2)E9(^FuR2R>rOu1d+9Z5`{7&wxxF
z^5pC=EyHb^Da$l4WtbL!=1JDf-<WtYU2+gMWx8OSX43V7c_NwqL%=TBl;=AG?X~{|
zA<rK>I%)rN!MrF>HvZhy^P)f5=;t1r7yZdbp1WmU^e6K)8S|5X3NiWQUOb@v`8!pA
z&HQzW7vqvmKjAM{yy#ChZNcp<FIr?)5zE{fY|`S7TweGw4`%C2d2^ZZ$UZ~%G60d4
ze`?jz1)*S}m0A_5bnH2XDvRd_Q}x}zN>wi2D6CX9v8EPQRl&F1aj4Lu;=+ZqXOvV1
zF=IONj!!9PlvIa<g@u*Hiy8&bFQ3)O9jpwN%`T>LX26Md0x#Z!j8<gXO2vkG0k+dt
zs<Tf{b&^#|mV{Uktq~4v*eh5I|EtRjDb}@ab~UbwL`-yfb+LaNrpKVMXg5S;zhQia
z@tvAf?Kb+Zh1;|nFsy@fqSTj(ldF8UhWa?{jXsWZ>eo|&^@41C9R|x90>hyHNp3h~
zsE_@O7xj6K18$Qi9;Bt5xxT`Efn_n5ksA#U!wl<(LnUnxk>y~1OgW~5rM?SrIJ^eN
zTqcb71F0`}0=~n5T_yGL)@1a}1)DfP%YzAm2R+PX!p?(-VTQen$$lm$e0`a)C2-4h
z2c3fxB9LRcyr-FTF9(}AKx-Io7+!+DOxVS6OMN)kX(hpr`daER_LrMrOdOzf4)oO%
z^ku@fz%BLVLf^Frq`o*EMtu*!m^eVI6FSfuHiW)R*u8K|eTPv2IVdRgwbo(OR}aHD
zobPzug2{dKarMmb=V7GW7ntPyjG!-u(Hw%&)1eB9L5Ccq$oWGVUZ21iraK36q8Q<@
z4-h8Hk+jAchb%|D4r4iffRXyfL0`QYEF$b19S4@W0?<b}>f^nGX;B~RTtv5GMp)KS
z_?gS3MO##tbvW0u4#Si4bvqd9i-kcKZ=|n&3|}yAxQxCAABUvB$NKJ=40kuuNd5XI
ztcBcGWVkJu9~&-~%}b>)baRd6g)wfTx!mE{j*q)h3o$*8*oMokv`aTfR>S31BSX4b
z%MF)X^-Sqz?iwy`-{j?1HQeCiR;vi<W)Eq&+-Tu04NlcA-L;!*&sHcA=VNoR-MB_H
zFC{Y^w*|G<+=E7^`)nf&oASZq+_T~4x{B}9Q(phLt2R90jX=W|Y{m?1D5^^Psx5`t
zB8oka++vwshuH@?8y9D<VZzLgMCHoX1B`vraH8N$!4$RGfpM|V*t#mcf|JO+apGb<
z8kyc??az6|W+J#)w?>9@g7L?c6ZX#$oJ-bv#tHv?;XjeA^-mEp(}e#_;m=~ULEG`Y
zgk;T_lGW>jZFG0MivD2M)9+e_`xG~f@sAVSUhoB)*%vO-+y;E9W~RRa=~EB09fK~x
z{BUhQO*0RwE!51%D15=2GB?8BuK7{e|JKY$DjA4R8J=!js+sHm$2D`0@U-SukQs!j
zf_cb99v&kjF4we)kq-0m%0SIL=)>3HC^HpyndZf?*J|Df`&P~Oz}~I-dD!vL%eZ`C
zy;3uuO~0s_YvWiL%5eRhu9^D?-mB=(y5ej==Gy8a%~`N{uVYydO>wmDx4dUj{!iF6
zWVR!x5yPizo&>u<^Hzw=Bts|rJ~^5Vhl}s0Fs=>rmuBuyhrmsFFJ#C@p7&DvC&8Z_
zt^4z2`om<xoUJ(sd%9+}-8wSjc1K*Y(Ya0gbDWWlPR>cxc@xYhnh(L|qc{4qZ#2<d
z5B)qjO#hj%OEq&p%fp%U=N^{l9m(9c^6?#+d)1#cABFv!X6~KaLN8^whvm^(GW%wl
zW~MuejB;^qAV=%*TcBk)7N%<%&KYD=c0P`zPWJIdnz_e6pA4OYAWt?rH)t95{~NW;
zP{@#t&cC#O4*bc+KU$BGT=<hsJ$Ix((&Qewi{@^y@d}^vXMY|;Mt(SNk&Vt-+Mjb6
z+2~wKf9T}?nqMj)bAQc46J+iad02(q6n2DW?p0f8_QLM1nR{xUC!jp{(K9u3@62cA
z^yhwglV<Lb`LLP(+!vp!$7T-fEX`_Pui2d6pghO)a_!G^BwNTRJLhJyX^T6w4Ck5q
zwagUAkWKyYlqq#`ZrHDxzdyWAhR$h_CmWrgXc^8M-)otfkRcnLa9XXg07KKNdo-DI
zGL6lJ87>ZQj%i-(j(o#}mk-8pcg^VLs-IC0`x1@OlS$Tb*`FAf>xW!2<k=r+jJ&#+
zX?fNc<@s9{_eq9>nw!DDf($(&*fd7Z60+8_f-+#PJ5~w4MDt7VM-yAN-k-&gWAO(U
zsyNJ?Z;d~<R7OA7%GA$`^<#6xgNyZJ<kJKX5IjsU*HT8F?<yE(*$vMWJX<j9!N_nO
zZJ1>@e39S{f^QJKP4Gj4dEYmBnxp*;w-(${@JPWk1Q(NaU6q1Oy{)7_D;^i`ABL|N
zTu0XJg3qjlWgZs%jNpTUKM?#0S?f6>{CWQ}>GHQ!Bh#F$^QPWB*ZH3$WO&aq<(dIz
zx!BJ`^w)7$3BFSB4TA3${FvbVg1PTEI^QSjvivHT_a5V)D46#)<Igp?;mv~U$k4@$
z_dAw_V~}eslkR@OZwY>%tn>4Q@c&hCbBs45!+WAhD*$F%{6@}TAv0FUOd{j0eqPgs
zOqt-7LVh)vI{B5HwL<0wA#<1Dd&yeA`i)q(9p?^H_7{cB`@;V-!QTn~U9fsPK<kXb
zJZ^Nh72H{Hir|3Y!DN()*D$iq^LQb1rjR*X$jlQm3xy2txvVR$cP<e!R|%O-T891N
z79n$&khxdO3_-bf(qH$7{X*uD;GYDy!9;Az6%S^9RzZ)C{#s98Au~+ybiq9DX5_aB
z&cuDt`177^c$VO~WL>vqVCI4Ce*yh<+ieuQRq&l;ozDk^|8Bvb3Yi}Sx58S%q}vY6
zba4X0>Oz05lY0Rpa|&6vdybHqD7Z+-&jC|s5IWBlGUp4K^@6V^YyG#9b=mI`yhF%5
zBm7?y{JP-7f<G7hz2H9tdvI?z={6VKPH-2&-36x$9wK;z;BjQ#*7;;z-kCyXu8=7M
zvkrTpPpuR(7Ymuov<%mqTZGJQLS~zmIR`S23Yn*c%(GgC>(e)c%!fke6D`Aa>(4@l
zKSh~xdBDsw*R!$o*X<ZDWD>Q^I`qeG^w<4uppeNDTqt;z;0wV_i=U*qg8o`hosiik
z_<6x!2>GAM=m+Y;y3FW_A#49+;h!P=hYJ6hf-416FZ0O@Lp#h62{V^*My9=BZdr|g
zFTq^n8Go+v4D(rq;XJ|P1)H@lywnTDMt-J{DH1$SaJgWv{Y>2Dg4YVZQt&l`uM>Q?
z;O&BU3VvMh9>Mzr9}s*<@Y{ml7yOCfF9iQ4n7>_^GIA|yn7=_8ju)ILn4fYqGW=Mf
z;Zp<;7d%QZKh<gE&k)StN{oMz;5mZJ1y>2)DEL~zwP4fFw+jC|1aBAofM9+K!{mpb
z7&QEE!Tjui@#jYy40CO4_-n!63Fg|^$TSh$LNM3KMkYaU7s32crIE=He2U=Vf=3A+
zBY1+~GX<9jo-6oV!3zanDEJb={H@94bEDuo!CM92CHP*!T+bUlPYLGnapTW*zF~fx
z({NkCT+bVSui)N-1A+$%K1J|o!D9s%2%aqX0>S*=rpd#Vg8AF5@vjwpi{Nd7?-Bg2
z;12|IzhHF637#PMOu_dHen@a1tb2@}bip49{!H+<f`1UquZ9{ue!*N582>(k`w1Q-
zI9KpE!94R}^qeVphTvI(=L+U;(IzgxUTS!?;7bHwF8FG}n+4Yi-YWP3!8-*%C3uhE
z{eoW-{JP+`1%E2|OTotkyRptNWsDZwQZQdHG%{TU_Y|Bec#z<sf=37*E%*$<lLSu_
zJX0|D7bZVue}P+?dMC~JFBLN93+CJ1M&=5^8wB$=Mk7-vnBR9b{yPNol@sItlwf}N
z)%d?6_<h0u5uAl}nUNnU_zc051oJbpM*cj(mk7RGFuyiy<m&|AEqJ@&1A-3;=ErJ{
zo=*k;Aov%-?e!X)ZImFG-?}w=QU&)HJXr8Z!FhuDsa&IHn&2YAa|D+Qt`fXVF!v@#
z=S70o3f?IATEVq~ZxOsh@WX=nIZcz+9>FgNJ|OsY!EX!Z2ZD_ro`Es^i(r0!)A*Zx
z4cnzD_6x?J-xoIANig>{#=nPPevi}m4-uRvc)Z}Lf~N~E7F;U0Qt%?d7YM#s@J7Mc
z3g+iLO+IfCe7E53g83<BBma!xmj%Bn_#?re3I0*=uY&n~dZVA;)ij(gxW8b2yxGVs
z6TC+7rGoDkyj}3)g6jqI^Up^AH-di`{FmV7*asW=IKiC+`veCB_Y*u-@N~ia=(N#)
zyWkyy9~Qh<@P5Is34TlP=Yqc$%x@u^bh`*n7Ti;Cy5RnT`3+^GCr@y`;E95#37#o<
zw%~b!`Aue{zgqAb!Iui&Aov==HweB-Fu(C^^gk&0al!S1_X&Pp@FBr(2>wX$XM*`P
zX_Kyn-;)eC6&xd&pJp~PUco7XdkO9@c(CA1!8w9Y6I>veUxGI2&JkQ8I3#$v;A+AA
zbhOcPmEfBM-zxYi!FvS%BKQx%Bk)6v(LY)+zf^7f?-%@};N61X68xUvSo}t1^t2It
zj^LnRei+-x?-%@<;I{;SFZgG{emq<>dXfe6d)vnUO2Ib@zFF`Sf_Di%BKSwa{EWBJ
zKT|Nj>TUd&2<At=jsH5qTLs@C_yNH?1-~Kq9l@Uo{z~xgg8vfS8HZp@e*A*@>2c$K
zn&7E|rwd*wc(vdw1aA<0zu<=i^GoL@-46wSBlvs4t=crmw-f9aoGf^h;4y;vVRe)4
zBEhQ#uMvEk;BA5*68xy(w*<c@nBQ?X={6JGN^m>DT?BU(+*5F>;DLfq5zNoVn{-bX
ze5T;D1s4gPBe+~}mEh%qs|E8b^(Nhog0B}`EBFq<cMIl6?v0*Zf}a)qg5XyKzb^Pa
z!5<3#Qt-Eee-`|^V4i0*`N22Q!`wn}E5ZB@zmZQ7+*j~G!Td76k*^Vanc#JT9}@hi
zV1C2j=yBtRc*89Pw-)RdoGds)@BqOh1?LGa7hENn|24qm;c>yw3VuQG_kw>G%>OT7
z^b8j~R`BV9rwc9=Tqd|u@G8L<3cgzKX2Ev|zFY9qf}a(9NbnniKNb9?;9ms)A(;O!
z!PG-L!G6KXg8K^|EO?~gJi++6$g;6-;f338__-LSv~ao%GkL&IhGE9f0Aa=wJIvH$
z<fR@IE9{>rxVzxqf&+s43C<LpBRE&^IKfi{PZK;-aFO5&!6Cs*1oP~WDPxV`3k0td
zyixGAg0~31L-5^#w+nti@K<2-9P<}2pDXa<GaxdSaq1khdfotz!gC6;AKX%N61c7A
zbZ~;^zF?o`f#4L)d|sEX8Lv%Pd^SX#Szw-PBC}0+R+c;(e3s@h;8~i-gBNJd2QSt<
z0lZ4{Wbj(eXMwNQJOj*UK-3=u^ULRCw&4!Vv%ybjo(tZmc>(xk&1~nlHCKT@*1QP(
zt>&fR-!xZ)`Fw|ItpfAx6Zw2F`vUnQa0kt7e?HTp|5e~_ny&}<(#-Q^>6&i`57c}o
zc$nq~!6P(33eMB~1epI6jr!}sJaa|f4L)1*GvJ`+ec;)ep93$@{5-fy^NZl6nh$`h
zH6H}?84&fq3SO)E4e)x+d~Uf(^Lt>P-J<*l;9E3*3cgeG*I+&aqRbKSgPMN;^LY^c
ze**8){44kc&Ftf^XtvNkJoiO;p1XfvGyD6;n)xq0`G349!@mEW<~Z;#n)$BUpPG42
z-;L)il;_z!yzQ@;&rA6ZF#S7&`Rs|zv67%U3GCCH3{KJ91KdY5|5I6C&1vAln)`!?
zYv$M*sW}tO=TJ;52YiO+vEVZ`^I7XTnoGd5H1n(-&ulX;xm@#d@KVh@V|c!1o-yP{
zb}4@)c$4P!;F~n_TkN-M=Gnl1Y35ltzQfG893PKpjt4)bIRX5PW`1-1dCflX%bJtH
zuWRlP<})wq<oNhf^GNV_nt4Y47tLpZ|J2O$-c3ACT>jrOJ|m+Zo_UMcya(J_GoLpm
zX?`2rQ}ZX_bj|EL{PsEZ9D_Mkvj=JBXyzHiF`D@fMZRYCk;$4ngQsa`e<{?Q1fHXr
zeTV1wm{w14NHhD<GR=IRS)-YKYK`Ur;L9`*0`q)3^$Y=Dt9dB+M$M;!`5)CNlLg+U
zIS0I5GoOp{xgll7fcee{c|3Tx=6o>Egwdbx4e$&xc?$TD=BePfHS^r%hnm?>c~+3}
ze4phT&8xsaX}$n_RP#k(o*Se*-+5`Kc`G<pGtXwW)6B0a^P9tzuLmb--UIHb`3*47
z6H?|q@Bqzxk720h2&A8_neQ?1Y$4^@r+BuI%rkyGPe#rH^K2oReS~KV$$Y0_xn{o8
zuu3z}a$cml2z<F_esYax4jGr9UfZmB0k~E(KgD*ZX1)WlLo?3`KBAd@;VI2mgZaOg
zsgv#hg64YgLCtK>H#ENteoyl|U_K*eT%Py*LNnX*h~|&MKWqL1d{pyq;7BY$8TSux
ztY)6;Yp0p-Pw+h>%COz|OqtAc{(OIdoDUwLnf0BinRPr`GtY01*SrGE=g5p(4L(cr
zYA~N8)Bi$nvF3}x^E9so^Subl@STgrnr{X3EE@gq0P~C`c^jC|l*w!d{+Bs&J($mw
z$@{_lH+19|!8d6>0OtRpqyH=5e`$UVyhHPw;72sS1LpH(%D)fhyBXvUz<jrg%(i-2
z^QT}wU#36X?On}Zga4!X2k_^bc@~xb;g0gZfPd2b8<_v_j{a<0yNSccz)du}5Z*#F
z-$`k!IU1a(neUPD88r3qya1m;lZS)THD`nQ44VFYzihZ>o)sLWnQby&GuvdM=8fR9
zHE#kJYQ6_ts+s2i%Qdsk_$^eX#X94AE9669zL!E~{qeaonP1YpTr=zPD$R$%n>Dju
zYc+oYzEv~p_%6*~f$!7I`hHmR_uwZq^Q(<}H2(#DPO}F#pG`AAtb3j{BsYWowr1A%
z2b%fr&ZnAr=J#vOtfyZ!7r}O6vqwEV0~w>4=X`k<m;Tp)y_#88zS~28K5yrLb|mwi
zo&lO!)}fkrg0nS02F}&|B)CBH)8J{ES*AkGe5Z$Jcd7q#aJgpYeUaw&u=xy~GW-nW
zD$UFzFB`xAn#*tu{UOgQ9>#Ez;DF$vf^!8=6g*S#e8EcuUm%$K2a_)MiH7eG%>AJ8
zuNVA+V6M@P%twN`<~IIE1@l`L#-D3q!(PGaKke%J86^C<HZ}73f~N`Q**_x_5?mwr
zGQm9iXXLjE<{3ZZ|G4011s@W8SnyYZe-+I2tI-)NI8ktS!TkjD{Y(>goZu;fiv(8)
z=6k*-F4wGvd8W=V&(s-K@4~>%Yp3vkTJQnE?+E@(@Q;EmtZ$5dzH4kaUNG0D#-Hm>
t!(2xi=Knf2JW(*$dB$J8UxT!HEfM})+Zma4g13<Mc)dd~-!(P<{|6GZl&Amz

literal 0
HcmV?d00001

diff --git a/crypto/bigint.c b/crypto/bigint.c
new file mode 100644
index 0000000000..e9ca04cb99
--- /dev/null
+++ b/crypto/bigint.c
@@ -0,0 +1,1512 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @defgroup bigint_api Big Integer API
+ * @brief The bigint implementation as used by the axTLS project.
+ *
+ * The bigint library is for RSA encryption/decryption as well as signing.
+ * This code tries to minimise use of malloc/free by maintaining a small 
+ * cache. A bigint context may maintain state by being made "permanent". 
+ * It be be later released with a bi_depermanent() and bi_free() call.
+ *
+ * It supports the following reduction techniques:
+ * - Classical
+ * - Barrett
+ * - Montgomery
+ *
+ * It also implements the following:
+ * - Karatsuba multiplication
+ * - Squaring
+ * - Sliding window exponentiation
+ * - Chinese Remainder Theorem (implemented in rsa.c).
+ *
+ * All the algorithms used are pretty standard, and designed for different
+ * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
+ * may need to be tested for negativity.
+ *
+ * This library steals some ideas from Jef Poskanzer
+ * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
+ * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
+ * detail from "The Handbook of Applied Cryptography"
+ * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
+ * @{
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "os_port.h"
+#include "bigint.h"
+
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
+static bigint *alloc(BI_CTX *ctx, int size);
+static bigint *trim(bigint *bi);
+static void more_comps(bigint *bi, int n);
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+static bigint *comp_right_shift(bigint *biR, int num_shifts);
+static bigint *comp_left_shift(bigint *biR, int num_shifts);
+#endif
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+static void check(const bigint *bi);
+#else
+#define check(A)                /**< disappears in normal production mode */
+#endif
+
+
+/**
+ * @brief Start a new bigint context.
+ * @return A bigint context.
+ */
+BI_CTX *bi_initialize(void)
+{
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
+   
+    /* the radix */
+    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix->comps[0] = 0;
+    ctx->bi_radix->comps[1] = 1;
+    bi_permanent(ctx->bi_radix);
+    return ctx;
+}
+
+/**
+ * @brief Close the bigint context and free any resources.
+ *
+ * Free up any used memory - a check is done if all objects were not 
+ * properly freed.
+ * @param ctx [in]   The bigint session context.
+ */
+void bi_terminate(BI_CTX *ctx)
+{
+    bi_depermanent(ctx->bi_radix); 
+    bi_free(ctx, ctx->bi_radix);
+
+    if (ctx->active_count != 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_terminate: there were %d un-freed bigints\n",
+                       ctx->active_count);
+#endif
+        abort();
+    }
+
+    bi_clear_cache(ctx);
+    free(ctx);
+}
+
+/**
+ *@brief Clear the memory cache.
+ */
+void bi_clear_cache(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    if (ctx->free_list == NULL)
+        return;
+    
+    for (p = ctx->free_list; p != NULL; p = pn)
+    {
+        pn = p->next;
+        free(p->comps);
+        free(p);
+    }
+
+    ctx->free_count = 0;
+    ctx->free_list = NULL;
+}
+
+/**
+ * @brief Increment the number of references to this object. 
+ * It does not do a full copy.
+ * @param bi [in]   The bigint to copy.
+ * @return A reference to the same bigint.
+ */
+bigint *bi_copy(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+        bi->refs++;
+    return bi;
+}
+
+/**
+ * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
+ *
+ * For this object to be freed, bi_depermanent() must be called.
+ * @param bi [in]   The bigint to be made permanent.
+ */
+void bi_permanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != 1)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_permanent: refs was not 1\n");
+#endif
+        abort();
+    }
+
+    bi->refs = PERMANENT;
+}
+
+/**
+ * @brief Take a permanent object and make it eligible for freedom.
+ * @param bi [in]   The bigint to be made back to temporary.
+ */
+void bi_depermanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_depermanent: bigint was not permanent\n");
+#endif
+        abort();
+    }
+
+    bi->refs = 1;
+}
+
+/**
+ * @brief Free a bigint object so it can be used again. 
+ *
+ * The memory itself it not actually freed, just tagged as being available 
+ * @param ctx [in]   The bigint session context.
+ * @param bi [in]    The bigint to be freed.
+ */
+void bi_free(BI_CTX *ctx, bigint *bi)
+{
+    check(bi);
+    if (bi->refs == PERMANENT)
+    {
+        return;
+    }
+
+    if (--bi->refs > 0)
+    {
+        return;
+    }
+
+    bi->next = ctx->free_list;
+    ctx->free_list = bi;
+    ctx->free_count++;
+
+    if (--ctx->active_count < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_free: active_count went negative "
+                "- double-freed bigint?\n");
+#endif
+        abort();
+    }
+}
+
+/**
+ * @brief Convert an (unsigned) integer into a bigint.
+ * @param ctx [in]   The bigint session context.
+ * @param i [in]     The (unsigned) integer to be converted.
+ * 
+ */
+bigint *int_to_bi(BI_CTX *ctx, comp i)
+{
+    bigint *biR = alloc(ctx, 1);
+    biR->comps[0] = i;
+    return biR;
+}
+
+/**
+ * @brief Do a full copy of the bigint object.
+ * @param ctx [in]   The bigint session context.
+ * @param bi  [in]   The bigint object to be copied.
+ */
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
+{
+    bigint *biR = alloc(ctx, bi->size);
+    check(bi);
+    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
+    return biR;
+}
+
+/**
+ * @brief Perform an addition operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the addition.
+ */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int n;
+    comp carry = 0;
+    comp *pa, *pb;
+
+    check(bia);
+    check(bib);
+
+    n = max(bia->size, bib->size);
+    more_comps(bia, n+1);
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do
+    {
+        comp  sl, rl, cy1;
+        sl = *pa + *pb++;
+        rl = sl + carry;
+        cy1 = sl < *pa;
+        carry = cy1 | (rl < sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    *pa = carry;                  /* do overflow */
+    bi_free(ctx, bib);
+    return trim(bia);
+}
+
+/**
+ * @brief Perform a subtraction operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @param is_negative [out] If defined, indicates that the result was negative.
+ * is_negative may be null.
+ * @return The result of the subtraction. The result is always positive.
+ */
+bigint *bi_subtract(BI_CTX *ctx, 
+        bigint *bia, bigint *bib, int *is_negative)
+{
+    int n = bia->size;
+    comp *pa, *pb, carry = 0;
+
+    check(bia);
+    check(bib);
+
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do 
+    {
+        comp sl, rl, cy1;
+        sl = *pa - *pb++;
+        rl = sl - carry;
+        cy1 = sl > *pa;
+        carry = cy1 | (rl > sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    if (is_negative)    /* indicate a negative result */
+    {
+        *is_negative = carry;
+    }
+
+    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
+    return trim(bia);
+}
+
+/**
+ * Perform a multiply between a bigint an an (unsigned) integer
+ */
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
+{
+    int j = 0, n = bia->size;
+    bigint *biR = alloc(ctx, n + 1);
+    comp carry = 0;
+    comp *r = biR->comps;
+    comp *a = bia->comps;
+
+    check(bia);
+
+    /* clear things to start with */
+    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
+
+    do
+    {
+        long_comp tmp = *r + (long_comp)a[j]*b + carry;
+        *r++ = (comp)tmp;              /* downsize */
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+    } while (++j < n);
+
+    *r = carry;
+    bi_free(ctx, bia);
+    return trim(biR);
+}
+
+/**
+ * @brief Does both division and modulo calculations. 
+ *
+ * Used extensively when doing classical reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param u [in]    A bigint which is the numerator.
+ * @param v [in]    Either the denominator or the modulus depending on the mode.
+ * @param is_mod [n] Determines if this is a normal division (0) or a reduction
+ * (1).
+ * @return  The result of the division/reduction.
+ */
+bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
+{
+    int n = v->size, m = u->size-n;
+    int j = 0, orig_u_size = u->size;
+    uint8_t mod_offset = ctx->mod_offset;
+    comp d;
+    bigint *quotient, *tmp_u;
+    comp q_dash;
+
+    check(u);
+    check(v);
+
+    /* if doing reduction and we are < mod, then return mod */
+    if (is_mod && bi_compare(v, u) > 0)
+    {
+        bi_free(ctx, v);
+        return u;
+    }
+
+    quotient = alloc(ctx, m+1);
+    tmp_u = alloc(ctx, n+1);
+    v = trim(v);        /* make sure we have no leading 0's */
+    d = (comp)((long_comp)COMP_RADIX/(V1+1));
+
+    /* clear things to start with */
+    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
+
+    /* normalise */
+    if (d > 1)
+    {
+        u = bi_int_multiply(ctx, u, d);
+
+        if (is_mod)
+        {
+            v = ctx->bi_normalised_mod[mod_offset];
+        }
+        else
+        {
+            v = bi_int_multiply(ctx, v, d);
+        }
+    }
+
+    if (orig_u_size == u->size)  /* new digit position u0 */
+    {
+        more_comps(u, orig_u_size + 1);
+    }
+
+    do
+    {
+        /* get a temporary short version of u */
+        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
+
+        /* calculate q' */
+        if (U(0) == V1)
+        {
+            q_dash = COMP_RADIX-1;
+        }
+        else
+        {
+            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
+
+            if (v->size > 1 && V2)
+            {
+                /* we are implementing the following:
+                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                        q_dash*V1)*COMP_RADIX) + U(2))) ... */
+                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                            (long_comp)q_dash*V1);
+                if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+                {
+                    q_dash--;
+                }
+            }
+        }
+
+        /* multiply and subtract */
+        if (q_dash)
+        {
+            int is_negative;
+            tmp_u = bi_subtract(ctx, tmp_u, 
+                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
+            more_comps(tmp_u, n+1);
+
+            Q(j) = q_dash; 
+
+            /* add back */
+            if (is_negative)
+            {
+                Q(j)--;
+                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+
+                /* lop off the carry */
+                tmp_u->size--;
+                v->size--;
+            }
+        }
+        else
+        {
+            Q(j) = 0; 
+        }
+
+        /* copy back to u */
+        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
+    } while (++j <= m);
+
+    bi_free(ctx, tmp_u);
+    bi_free(ctx, v);
+
+    if (is_mod)     /* get the remainder */
+    {
+        bi_free(ctx, quotient);
+        return bi_int_divide(ctx, trim(u), d);
+    }
+    else            /* get the quotient */
+    {
+        bi_free(ctx, u);
+        return trim(quotient);
+    }
+}
+
+/*
+ * Perform an integer divide on a bigint.
+ */
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
+{
+    int i = biR->size - 1;
+    long_comp r = 0;
+
+    check(biR);
+
+    do
+    {
+        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
+        biR->comps[i] = (comp)(r / denom);
+        r %= denom;
+    } while (--i >= 0);
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+/**
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
+ * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * find N0' from N0 and b */
+static comp modular_inverse(bigint *bim)
+{
+    int i;
+    comp t = 1;
+    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    long_comp two_2_i = 4;      /* 2^i */
+    comp N = bim->comps[0];
+
+    for (i = 2; i <= COMP_BIT_SIZE; i++)
+    {
+        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
+        {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (comp)(COMP_RADIX-t);
+}
+#endif
+
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * Take each component and shift down (in terms of components) 
+ */
+static bigint *comp_right_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-num_shifts;
+    comp *x = biR->comps;
+    comp *y = &biR->comps[num_shifts];
+
+    check(biR);
+
+    if (i <= 0)     /* have we completely right shifted? */
+    {
+        biR->comps[0] = 0;  /* return 0 */
+        biR->size = 1;
+        return biR;
+    }
+
+    do
+    {
+        *x++ = *y++;
+    } while (--i > 0);
+
+    biR->size -= num_shifts;
+    return biR;
+}
+
+/**
+ * Take each component and shift it up (in terms of components) 
+ */
+static bigint *comp_left_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-1;
+    comp *x, *y;
+
+    check(biR);
+
+    if (num_shifts <= 0)
+    {
+        return biR;
+    }
+
+    more_comps(biR, biR->size + num_shifts);
+
+    x = &biR->comps[i+num_shifts];
+    y = &biR->comps[i];
+
+    do
+    {
+        *x-- = *y--;
+    } while (i--);
+
+    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
+    return biR;
+}
+#endif
+
+/**
+ * @brief Allow a binary sequence to be imported as a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] The data to be converted.
+ * @param size [in] The number of bytes of data.
+ * @return A bigint representing this data.
+ */
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
+{
+    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
+    int i, j = 0, offset = 0;
+
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        biR->comps[offset] += data[i] << (j*8);
+
+        if (++j == COMP_BYTE_SIZE)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * @brief The testharness uses this code to import text hex-streams and 
+ * convert them into bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] A string consisting of hex characters. The characters must
+ * be in upper case.
+ * @return A bigint representing this data.
+ */
+bigint *bi_str_import(BI_CTX *ctx, const char *data)
+{
+    int size = strlen(data);
+    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
+    int i, j = 0, offset = 0;
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
+        biR->comps[offset] += num << (j*4);
+
+        if (++j == COMP_NUM_NIBBLES)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return biR;
+}
+
+void bi_print(const char *label, bigint *x)
+{
+    int i, j;
+
+    if (x == NULL)
+    {
+        printf("%s: (null)\n", label);
+        return;
+    }
+
+    printf("%s: (size %d)\n", label, x->size);
+    for (i = x->size-1; i >= 0; i--)
+    {
+        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
+        {
+            comp mask = 0x0f << (j*4);
+            comp num = (x->comps[i] & mask) >> (j*4);
+            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
+        }
+    }  
+
+    printf("\n");
+}
+#endif
+
+/**
+ * @brief Take a bigint and convert it into a byte sequence. 
+ *
+ * This is useful after a decrypt operation.
+ * @param ctx [in]  The bigint session context.
+ * @param x [in]  The bigint to be converted.
+ * @param data [out] The converted data as a byte stream.
+ * @param size [in] The maximum size of the byte stream. Unused bytes will be
+ * zeroed.
+ */
+void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
+{
+    int i, j, k = size-1;
+
+    check(x);
+    memset(data, 0, size);  /* ensure all leading 0's are cleared */
+
+    for (i = 0; i < x->size; i++)
+    {
+        for (j = 0; j < COMP_BYTE_SIZE; j++)
+        {
+            comp mask = 0xff << (j*8);
+            int num = (x->comps[i] & mask) >> (j*8);
+            data[k--] = num;
+
+            if (k < 0)
+            {
+                goto buf_done;
+            }
+        }
+    }
+buf_done:
+
+    bi_free(ctx, x);
+}
+
+/**
+ * @brief Pre-calculate some of the expensive steps in reduction. 
+ *
+ * This function should only be called once (normally when a session starts).
+ * When the session is over, bi_free_mod() should be called. bi_mod_power()
+ * relies on this function being called.
+ * @param ctx [in]  The bigint session context.
+ * @param bim [in]  The bigint modulus that will be used.
+ * @param mod_offset [in] There are three moduluii that can be stored - the
+ * standard modulus, and its two primes p and q. This offset refers to which
+ * modulus we are referring to.
+ * @see bi_free_mod(), bi_mod_power().
+ */
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
+{
+    int k = bim->size;
+    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    bigint *R, *R2;
+#endif
+
+    ctx->bi_mod[mod_offset] = bim;
+    bi_permanent(ctx->bi_mod[mod_offset]);
+    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
+    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    /* set montgomery variables */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
+    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
+    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
+
+    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
+
+    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+
+#elif defined (CONFIG_BIGINT_BARRETT)
+    ctx->bi_mu[mod_offset] = 
+        bi_divide(ctx, comp_left_shift(
+            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+    bi_permanent(ctx->bi_mu[mod_offset]);
+#endif
+}
+
+/**
+ * @brief Used when cleaning various bigints at the end of a session.
+ * @param ctx [in]  The bigint session context.
+ * @param mod_offset [in] The offset to use.
+ * @see bi_set_mod().
+ */
+void bi_free_mod(BI_CTX *ctx, int mod_offset)
+{
+    bi_depermanent(ctx->bi_mod[mod_offset]);
+    bi_free(ctx, ctx->bi_mod[mod_offset]);
+#if defined (CONFIG_BIGINT_MONTGOMERY)
+    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_free(ctx, ctx->bi_mu[mod_offset]);
+#endif
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
+}
+
+/** 
+ * Perform a standard multiplication between two bigints.
+ *
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over Classical/Montgomery reduction methods. 
+ */
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
+{
+    int i = 0, j;
+    int n = bia->size;
+    int t = bib->size;
+    bigint *biR = alloc(ctx, n + t);
+    comp *sr = biR->comps;
+    comp *sa = bia->comps;
+    comp *sb = bib->comps;
+
+    check(bia);
+    check(bib);
+
+    /* clear things to start with */
+    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
+
+    do 
+    {
+        long_comp tmp;
+        comp carry = 0;
+        int r_index = i;
+        j = 0;
+
+        if (outer_partial && outer_partial-i > 0 && outer_partial < n)
+        {
+            r_index = outer_partial-1;
+            j = outer_partial-i-1;
+        }
+
+        do
+        {
+            if (inner_partial && r_index >= inner_partial) 
+            {
+                break;
+            }
+
+            tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
+            sr[r_index++] = (comp)tmp;              /* downsize */
+            carry = tmp >> COMP_BIT_SIZE;
+        } while (++j < n);
+
+        sr[r_index] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+/*
+ * Karatsuba improves on regular multiplication due to only 3 multiplications 
+ * being done instead of 4. The additional additions/subtractions are O(N) 
+ * rather than O(N^2) and so for big numbers it saves on a few operations 
+ */
+static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
+{
+    bigint *x0, *x1;
+    bigint *p0, *p1, *p2;
+    int m;
+
+    if (is_square)
+    {
+        m = (bia->size + 1)/2;
+    }
+    else
+    {
+        m = (max(bia->size, bib->size) + 1)/2;
+    }
+
+    x0 = bi_clone(ctx, bia);
+    x0->size = m;
+    x1 = bi_clone(ctx, bia);
+    comp_right_shift(x1, m);
+    bi_free(ctx, bia);
+
+    /* work out the 3 partial products */
+    if (is_square)
+    {
+        p0 = bi_square(ctx, bi_copy(x0));
+        p2 = bi_square(ctx, bi_copy(x1));
+        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
+    }
+    else /* normal multiply */
+    {
+        bigint *y0, *y1;
+        y0 = bi_clone(ctx, bib);
+        y0->size = m;
+        y1 = bi_clone(ctx, bib);
+        comp_right_shift(y1, m);
+        bi_free(ctx, bib);
+
+        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
+        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
+        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
+    }
+
+    p1 = bi_subtract(ctx, 
+            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
+
+    comp_left_shift(p1, m);
+    comp_left_shift(p2, 2*m);
+    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
+}
+#endif
+
+/**
+ * @brief Perform a multiplication operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    check(bia);
+    check(bib);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    {
+        return regular_multiply(ctx, bia, bib, 0, 0);
+    }
+
+    return karatsuba(ctx, bia, bib, 0);
+#else
+    return regular_multiply(ctx, bia, bib, 0, 0);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_SQUARE
+/*
+ * Perform the actual square operion. It takes into account overflow.
+ */
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+{
+    int t = bi->size;
+    int i = 0, j;
+    bigint *biR = alloc(ctx, t*2+1);
+    comp *w = biR->comps;
+    comp *x = bi->comps;
+    long_comp carry;
+    memset(w, 0, biR->size*COMP_BYTE_SIZE);
+
+    do
+    {
+        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
+        w[2*i] = (comp)tmp;
+        carry = tmp >> COMP_BIT_SIZE;
+
+        for (j = i+1; j < t; j++)
+        {
+            uint8_t c = 0;
+            long_comp xx = (long_comp)x[i]*x[j];
+            if ((COMP_MAX-xx) < xx)
+                c = 1;
+
+            tmp = (xx<<1);
+
+            if ((COMP_MAX-tmp) < w[i+j])
+                c = 1;
+
+            tmp += w[i+j];
+
+            if ((COMP_MAX-tmp) < carry)
+                c = 1;
+
+            tmp += carry;
+            w[i+j] = (comp)tmp;
+            carry = tmp >> COMP_BIT_SIZE;
+
+            if (c)
+                carry += COMP_RADIX;
+        }
+
+        tmp = w[i+t] + carry;
+        w[i+t] = (comp)tmp;
+        w[i+t+1] = tmp >> COMP_BIT_SIZE;
+    } while (++i < t);
+
+    bi_free(ctx, bi);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a square operation on a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_square(BI_CTX *ctx, bigint *bia)
+{
+    check(bia);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (bia->size < SQU_KARATSUBA_THRESH) 
+    {
+        return regular_square(ctx, bia);
+    }
+
+    return karatsuba(ctx, bia, NULL, 1);
+#else
+    return regular_square(ctx, bia);
+#endif
+}
+#endif
+
+/**
+ * @brief Compare two bigints.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return -1 if smaller, 1 if larger and 0 if equal.
+ */
+int bi_compare(bigint *bia, bigint *bib)
+{
+    int r, i;
+
+    check(bia);
+    check(bib);
+
+    if (bia->size > bib->size)
+        r = 1;
+    else if (bia->size < bib->size)
+        r = -1;
+    else
+    {
+        comp *a = bia->comps; 
+        comp *b = bib->comps; 
+
+        /* Same number of components.  Compare starting from the high end
+         * and working down. */
+        r = 0;
+        i = bia->size - 1;
+
+        do 
+        {
+            if (a[i] > b[i])
+            { 
+                r = 1;
+                break; 
+            }
+            else if (a[i] < b[i])
+            { 
+                r = -1;
+                break; 
+            }
+        } while (--i >= 0);
+    }
+
+    return r;
+}
+
+/*
+ * Allocate and zero more components.  Does not consume bi. 
+ */
+static void more_comps(bigint *bi, int n)
+{
+    if (n > bi->max_comps)
+    {
+        bi->max_comps = max(bi->max_comps * 2, n);
+        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
+    }
+
+    if (n > bi->size)
+    {
+        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
+    }
+
+    bi->size = n;
+}
+
+/*
+ * Make a new empty bigint. It may just use an old one if one is available.
+ * Otherwise get one off the heap.
+ */
+static bigint *alloc(BI_CTX *ctx, int size)
+{
+    bigint *biR;
+
+    /* Can we recycle an old bigint? */
+    if (ctx->free_list != NULL)
+    {
+        biR = ctx->free_list;
+        ctx->free_list = biR->next;
+        ctx->free_count--;
+
+        if (biR->refs != 0)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("alloc: refs was not 0\n");
+#endif
+            abort();    /* create a stack trace from a core dump */
+        }
+
+        more_comps(biR, size);
+    }
+    else
+    {
+        /* No free bigints available - create a new one. */
+        biR = (bigint *)malloc(sizeof(bigint));
+        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
+        biR->max_comps = size;  /* give some space to spare */
+    }
+
+    biR->size = size;
+    biR->refs = 1;
+    biR->next = NULL;
+    ctx->active_count++;
+    return biR;
+}
+
+/*
+ * Work out the highest '1' bit in an exponent. Used when doing sliding-window
+ * exponentiation.
+ */
+static int find_max_exp_index(bigint *biexp)
+{
+    int i = COMP_BIT_SIZE-1;
+    comp shift = COMP_RADIX/2;
+    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
+
+    check(biexp);
+
+    do
+    {
+        if (test & shift)
+        {
+            return i+(biexp->size-1)*COMP_BIT_SIZE;
+        }
+
+        shift >>= 1;
+    } while (i-- != 0);
+
+    return -1;      /* error - must have been a leading 0 */
+}
+
+/*
+ * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
+ * exponentiation.
+ */
+static int exp_bit_is_one(bigint *biexp, int offset)
+{
+    comp test = biexp->comps[offset / COMP_BIT_SIZE];
+    int num_shifts = offset % COMP_BIT_SIZE;
+    comp shift = 1;
+    int i;
+
+    check(biexp);
+
+    for (i = 0; i < num_shifts; i++)
+    {
+        shift <<= 1;
+    }
+
+    return (test & shift) != 0;
+}
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+/*
+ * Perform a sanity check on bi.
+ */
+static void check(const bigint *bi)
+{
+    if (bi->refs <= 0)
+    {
+        printf("check: zero or negative refs in bigint\n");
+        abort();
+    }
+
+    if (bi->next != NULL)
+    {
+        printf("check: attempt to use a bigint from "
+                "the free list\n");
+        abort();
+    }
+}
+#endif
+
+/*
+ * Delete any leading 0's (and allow for 0).
+ */
+static bigint *trim(bigint *bi)
+{
+    check(bi);
+
+    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
+    {
+        bi->size--;
+    }
+
+    return bi;
+}
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * @brief Perform a single montgomery reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bixy [in]  A bigint.
+ * @return The result of the montgomery reduction.
+ */
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
+{
+    int i = 0, n;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    comp mod_inv = ctx->N0_dash[mod_offset];
+
+    check(bixy);
+
+    if (ctx->use_classical)     /* just use classical instead */
+    {
+        return bi_mod(ctx, bixy);
+    }
+
+    n = bim->size;
+
+    do
+    {
+        bixy = bi_add(ctx, bixy, comp_left_shift(
+                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
+    } while (++i < n);
+
+    comp_right_shift(bixy, n);
+
+    if (bi_compare(bixy, bim) >= 0)
+    {
+        bixy = bi_subtract(ctx, bixy, bim, NULL);
+    }
+
+    return bixy;
+}
+
+#elif defined(CONFIG_BIGINT_BARRETT)
+/*
+ * Stomp on the most significant components to give the illusion of a "mod base
+ * radix" operation 
+ */
+static bigint *comp_mod(bigint *bi, int mod)
+{
+    check(bi);
+
+    if (bi->size > mod)
+    {
+        bi->size = mod;
+    }
+
+    return bi;
+}
+
+/**
+ * @brief Perform a single Barrett reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bi [in]  A bigint.
+ * @return The result of the Barrett reduction.
+ */
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
+{
+    bigint *q1, *q2, *q3, *r1, *r2, *r;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    int k = bim->size;
+
+    check(bi);
+    check(bim);
+
+    /* use Classical method instead  - Barrett cannot help here */
+    if (bi->size > k*2)
+    {
+        return bi_mod(ctx, bi);
+    }
+
+    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
+
+    /* do outer partial multiply */
+    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q3 = comp_right_shift(q2, k+1);
+    r1 = comp_mod(bi, k+1);
+
+    /* do inner partial multiply */
+    r2 = comp_mod(regular_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r = bi_subtract(ctx, r1, r2, NULL);
+
+    /* if (r >= m) r = r - m; */
+    if (bi_compare(r, bim) >= 0)
+    {
+        r = bi_subtract(ctx, r, bim, NULL);
+    }
+
+    return r;
+}
+#endif /* CONFIG_BIGINT_BARRETT */
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+/*
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ */
+static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
+{
+    int k = 1, i;
+    bigint *g2;
+
+    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
+    {
+        k <<= 1;
+    }
+
+    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, g1);
+    bi_permanent(ctx->g[0]);
+    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
+
+    for (i = 1; i < k; i++)
+    {
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
+        bi_permanent(ctx->g[i]);
+    }
+
+    bi_free(ctx, g2);
+    ctx->window = k;
+}
+#endif
+
+/**
+ * @brief Perform a modular exponentiation.
+ *
+ * This function requires bi_set_mod() to have been called previously. This is 
+ * one of the optimisations used for performance.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint on which to perform the mod power operation.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
+{
+    int i = find_max_exp_index(biexp), j, window_size = 1;
+    bigint *biR = int_to_bi(ctx, 1);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    uint8_t mod_offset = ctx->mod_offset;
+    if (!ctx->use_classical)
+    {
+        /* preconvert */
+        bi = bi_mont(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
+        bi_free(ctx, biR);
+        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
+    }
+#endif
+
+    check(bi);
+    check(biexp);
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+    for (j = i; j > 32; j /= 5) /* work out an optimum size */
+        window_size++;
+
+    /* work out the slide constants */
+    precompute_slide_window(ctx, window_size, bi);
+#else   /* just one constant */
+    ctx->g = (bigint **)malloc(sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, bi);
+    ctx->window = 1;
+    bi_permanent(ctx->g[0]);
+#endif
+
+    /* if sliding-window is off, then only one bit will be done at a time and
+     * will reduce to standard left-to-right exponentiation */
+    do
+    {
+        if (exp_bit_is_one(biexp, i))
+        {
+            int l = i-window_size+1;
+            int part_exp = 0;
+
+            if (l < 0)  /* LSB of exponent will always be 1 */
+                l = 0;
+            else
+            {
+                while (exp_bit_is_one(biexp, l) == 0)
+                    l++;    /* go back up */
+            }
+
+            /* build up the section of the exponent */
+            for (j = i; j >= l; j--)
+            {
+                biR = bi_residue(ctx, bi_square(ctx, biR));
+                if (exp_bit_is_one(biexp, j))
+                    part_exp++;
+
+                if (j != l)
+                    part_exp <<= 1;
+            }
+
+            part_exp = (part_exp-1)/2;  /* adjust for array */
+            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
+            i = l-1;
+        }
+        else    /* square it */
+        {
+            biR = bi_residue(ctx, bi_square(ctx, biR));
+            i--;
+        }
+    } while (i >= 0);
+     
+    /* cleanup */
+    for (i = 0; i < ctx->window; i++)
+    {
+        bi_depermanent(ctx->g[i]);
+        bi_free(ctx, ctx->g[i]);
+    }
+
+    free(ctx->g);
+    bi_free(ctx, bi);
+    bi_free(ctx, biexp);
+#if defined CONFIG_BIGINT_MONTGOMERY
+    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
+#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
+    return biR;
+#endif
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * @brief Perform a modular exponentiation using a temporary modulus.
+ *
+ * We need this function to check the signatures of certificates. The modulus
+ * of this function is temporary as it's just used for authentication.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param bim [in]  The temporary modulus.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
+{
+    bigint *biR, *tmp_biR;
+
+    /* Set up a temporary bigint context and transfer what we need between
+     * them. We need to do this since we want to keep the original modulus
+     * which is already in this context. This operation is only called when
+     * doing peer verification, and so is not expensive :-) */
+    BI_CTX *tmp_ctx = bi_initialize();
+    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
+    tmp_biR = bi_mod_power(tmp_ctx, 
+                bi_clone(tmp_ctx, bi), 
+                bi_clone(tmp_ctx, biexp));
+    biR = bi_clone(ctx, tmp_biR);
+    bi_free(tmp_ctx, tmp_biR);
+    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
+    bi_terminate(tmp_ctx);
+
+    bi_free(ctx, bi);
+    bi_free(ctx, bim);
+    bi_free(ctx, biexp);
+    return biR;
+}
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ *
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param dP [in] CRT's dP bigint
+ * @param dQ [in] CRT's dQ bigint
+ * @param p [in] CRT's p bigint
+ * @param q [in] CRT's q bigint
+ * @param qInv [in] CRT's qInv bigint
+ * @return The result of the CRT operation
+ */
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q, bigint *qInv)
+{
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, q, h));
+}
+#endif
+/** @} */
diff --git a/crypto/bigint.h b/crypto/bigint.h
new file mode 100644
index 0000000000..2966a3edb3
--- /dev/null
+++ b/crypto/bigint.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_HEADER
+#define BIGINT_HEADER
+
+#include "crypto.h"
+
+BI_CTX *bi_initialize(void);
+void bi_terminate(BI_CTX *ctx);
+void bi_permanent(bigint *bi);
+void bi_depermanent(bigint *bi);
+void bi_clear_cache(BI_CTX *ctx);
+void bi_free(BI_CTX *ctx, bigint *bi);
+bigint *bi_copy(bigint *bi);
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
+void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
+bigint *int_to_bi(BI_CTX *ctx, comp i);
+
+/* the functions that actually do something interesting */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
+        bigint *bib, int *is_negative);
+bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
+int bi_compare(bigint *bia, bigint *bib);
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
+void bi_free_mod(BI_CTX *ctx, int mod_offset);
+
+#ifdef CONFIG_SSL_FULL_MODE
+void bi_print(const char *label, bigint *bi);
+bigint *bi_str_import(BI_CTX *ctx, const char *data);
+#endif
+
+/**
+ * @def bi_mod
+ * Find the residue of B. bi_set_mod() must be called before hand.
+ */
+#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
+
+/**
+ * bi_residue() is technically the same as bi_mod(), but it uses the
+ * appropriate reduction technique (which is bi_mod() when doing classical
+ * reduction).
+ */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#elif defined(CONFIG_BIGINT_BARRETT)
+#define bi_residue(A, B)         bi_barrett(A, B)
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
+#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
+#define bi_residue(A, B)         bi_mod(A, B)
+#endif
+
+#ifdef CONFIG_BIGINT_SQUARE
+bigint *bi_square(BI_CTX *ctx, bigint *bi);
+#else
+#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q,
+        bigint *qInv);
+#endif
+
+#endif
diff --git a/crypto/bigint.o b/crypto/bigint.o
new file mode 100644
index 0000000000000000000000000000000000000000..f693e65a52a047cf7f70423bfec166164ec7f502
GIT binary patch
literal 94704
zcmdSCd3;pW`9FT|otZ4mkPyHC0y+uX1hY&QARv*1&9EsX0fPp{2_z(vjVvt6rUi=?
zt%z$ICAhCutgTqB4YVLwP;sla(jvAhRxD_>&?@=8-_N;c<_7KO^ZkAQ`u*<fb?&pA
z=RD^*&w0*rx0!WQW==It)6j=$EHt8&VQhE^IWEJ<6M=wnzA;FP+MI5r5M5ne6Dq#T
zj&L5E+qJG06k&vE)3-So%<pv2-#GC96EqzS$#*v9e<(zonN9Jt?fSlAPI*WEdh)-o
zJbAr$o!Fmp&`Q14^<GkZcJNLAnETE@k(xB-J}WrHZ=@#qgW0L+uAB<jk=!KM(P<cI
z<5SzMKit<lf4qNI=aI=t!PE|)OJ&7nzfocBOL;e`_pV+&PZ-c0pZ!svgcNB4iYlqi
zZ=A)5%Z|v?mi+X96`$?-rYoo23L8fG_^XD@PVER-^KLaC8j|eIHFA@J!R)Ih&7Ry*
z>^{)<qalCKsj%X*Gkp6}w4T@B+j4r@Ve3@R{_V%E-F>Td+!e6$GfrI6G0lwMapXYf
zl&`xMBo><=4eA*v@VUlXzTT+|tf?NO#_c^&>zOfm#@u=7U8#euBS$-rF0kTuWc1v(
z{oO5}TzhI+?_EK(%rJr>7=2>)6;qmjd;TnIe@d|B=QTN(|F)?urL%K#{?LGR<;5Md
z4|LM0Zwxi2{G;okL5V)g*JohriQJ@@Z~fQx(BbP7m;HKfFR=Rthi>iWxBV&mdcT)+
z%#6=I4C9}8KmUtjUm)F^J8f`IePZ%a<17yrBxLxE&yzeKb{#pAJvG)CWGPo4w2ovZ
zAwyBfOB;W*!WB5~>oYbzF5BliT49a#4NOft{)w64dpF5;pv1(!-mLw-q~lim`+@Oq
zq}!dB;ZwRc&pOz1>gg`yy)*Bf7ne=jKQWc}4fcDqA2<G`E0CUT7-M?7P!Vc%_LD7_
znrc{Km*+4fhxa}^T+r0G?6mZ#Z8InNddFw)4%=<?4LNA-`K&8H$LCH<pXT!Qoz}<0
zBHvRF<7(qOUHR$IIpRBU35WD{)`K=+P~;CeYz2IX$2WDkk>1>~=^ynOlK*Ysc=6zY
zxzl{!)cu3Uew%juo$qvva*gd6+b@AsXu~X!p5X(?Nl!@r@a+DSoX&K=@->x2ecL%U
zJ7=qPY}ddK$C?ER@hA6x@ZO=*JEo<ihCNf>?<&rIHz$8+T2a9L#ZcFtm%B209=Rk*
zk56Ch@ty}`4<`l^e6Fj%IF?kLvcNU)fN#Kv3FbYnK+jvlF{;A5!XvY093FSKukXKd
zOt>{6VE$zC8uyIPN2LEYKPfP0TAzHjAW*dDcU^HO_kHm0p-*<5+R=MgVb2r2cXdqL
zF?RdJ+bkIQM);iRZ;s6_=xK%f%}?1KPM)@`cFxgo-!H;_Qo{)w4|UaSFW!-MD1Ue$
zW?x>-q2lc|ql@!u!xO`CQ(o+<*|FaY#N-d(_(E6BA)hNS`p7Ihj*C+`l4|A@=KLTS
zZ1q-;-I7*RyQ^kS`_%lR;PB3edM6iWU;I$gsa?UpbWX)OajNLuIaARxAikb8VPD*p
zuXWU1d*$(tjD!=1JCFO`OFEeNtrbY|xfZxaq<bn;;>X-EE|4(rz>nVW^&e4S`r>NL
zKw@#sb>T$ipG_xgl166C=o+`_m3h9tf5@>Wb{KF{_K!BeMZ<oP9}X-F)^*$vQ&Tjs
zy0)msoKanC))b9+$clNVEAT;1N)I~kgZv!?hc-UlWu^4nos#@U$~i|<`hJnpr}wTa
zWsXtt;_~&0&))MA0z58zze`7god+j#knVZ0>#&uRZl$Ih8z1SK*lq<1^2cLt*71Y+
zD>5r{d>%PgblkN+oR6UsNQhtd-kj6fhuxkBy8=D)Gd4cJneU79EX@8!SJH{XY^(ue
z9x%VPPMpZjNEkR_PdlRO#03A8_O8H1#RUtjHHp5syF8dXS6o$l)h6G-CHbb$>pS<(
z(WbA*4W5q2{T=IDXUv^3dEO7d^>+EQI&SD)&{HBjBVkWRSKP9F;dkeJQgjLvs^4z+
z>!+7}>q;~8hXfMickJK(-j?0ltireaC1LYuIBw%lU}sK-<@pKhDDdss+Ep`QQ$cx>
zFaD93m2ut!O;>l`a%ZRSygSEOM>`DPz!l@HXF80#W1fD=|MV@bGpc87nm6;?&7QkG
z89n#h)m2~xO!PxWqUWxzxE<Z5dHDF4d12Xc_tMF;%kJlNFgqtj-2GtJ#9J-Q3pwzy
z9$el_-Wh6U^xU|$tNVQDvvM+A{u2N6)wjkP!OD);+mbfL82t*3Roky#xhiJhT<_%S
zDVQ65o@)0WWB$=4^XGd>hph~k%yLJ=#zA|1J#OXfj!oU25X`whn46N(bILv14xcO1
z+untDY;^goM+*EC{W%?DFR!bNF^=4p)Y05AaI$yqb$j<O$+fQA`+7~RF`&@cwEaid
z-w<29!96e)F<k9=9rLEdik{7T?|OZWOZCCAYfmpLuns(zq8IX*(S|YcP7Cy^6cuSJ
zQw|x%t#?|!Q{KCe97}p9-s`(h<-}ZoSnruXra1M}-14FME@M!kQM27UH(1?k{!qhL
zc;%H_-r3{MUp!`5TEM+zLR{tE;FVXlV$@dd9Rs9tB1#vhmb-I2#_+9)1Lw|nU!Q2?
z>>aaYf|av3xGLp_q`OUR!=|LW%$PXizv>C3=34`E$6C7&e6xD@h(T7&dtKhUM}A%%
zZ(aXp*PsKwZF}E3I}|u(_J<F;juqt(InMRK9y8y1HZDUH`dqW@sR4T<Z|I@k1wQwE
z9bJ2S7=iIda-s2)?c-86S>CzpZ|G&j6s}*t<+_WF8>{cAGQBIR_x=fG22LLFK>U%s
zq|4X%Vy1r4m61@uwc)Ixfq0D1-k<VblK;0IhcVV&5Xm3^dWN6#NF9l~jGn~XiMI>x
zT!8F3;~2)3v;h+b2GzzY8TOv4E}w_>&gxn3*?9k1L5%i4JvO{EoOUh7q}S)Q!hLp!
zd%qD*dOrJTxYy~EQ^H+4!+~p``Kh(~+Y=Wi4a|Ke?Ah4TRi1-!f>O(Tt_%+%bl-&~
zdfDDNCy=r~$^Syf^X5*Bp<?d>SB6{l;La4^ImO=T6G!BkKF`h+tT*1B+2g7PzVLju
zFJZ(5@jH`dyzqR{^}`KAVLMY!70vkl&LqsyUe4i_;drIUAM%`-lvFsyUwBjSL`hQG
zcAxhi*Gk{)CxbOxe)v<jum6g11A+xXe@5`S4)f039%JtIU~(RVH7{=c`qr!4e7!Fl
zWBRP=6ALqfO$EV^b5@PG*IJU>a@7c5pB0dDeL6YK=S!Hr=;QvFYRsMHi~}>eULI&o
zeZOm`>FX2ljvT%u$I9t2cAB4lnC3k;kd3+Vh38Xt7CoN?=@*_ipGk3zc-*@FrLNSJ
zxco3XZ`sC6u^{x>oznY_l%%66y-uC%y=!*Q6W!{ZzG&))UEF7Jp4gufunxNNGq8o)
zQ`{BsVI7!K+%@qY3;SnZ?~8}zjv1Qfom^8;KK{tiq><Gl=jO)*Jl@G;auP=5_Nv_b
zP05~b-g)56RLk)7zTPxee=!w1Q|zasD@N~Kx1?>EzpH$U6&|=deC`|J0Y}6A54*ky
z_bc%f9(U&t!D=7qIe*!-@a}u8jfGvs;Xp!uX5q}vY1{Wq=qlgUJ{NJtz<j8;FR<mv
zMU2;so_ilO0^0}X1h#nQbmfQB<^;Cn{MO6~dp)ze(u$5``aKi6j$1{Bk$S6@f6??*
zTxJwo*hi)q#=yxwkLuv^IcbL`-fo>b6d2{00e_h_Jg}ws5UQ-lvKZL4`M&&R#ajx$
z?D%BcUdsq<nV8bEAYsZ<sL#2_8q@AYy%<DOvbsQ)@9_DK%uSlVED$a(@aJ}x7kP6#
zb2|%jI|8F7ro^gh14S_8i(9Q*@1=p`x@vOrFFMkdH2u-wV;%n<o^NgH@xwk#zj*DN
ze}7$`I4f@cwHY3tr!t&$_Xm%jye`~J>A35IUt4Re%9Nx>PCk^Df8Q(L6!&=1&FFpp
z<ntdWk?T@=?fjtl+NU>N2VLvSIw3qU%V<tX95c#u*;e<6XHD-l$^GKdU#tH`k2i-C
z_XN5EnR5(d<;lx>ds26ssSQ?O%dFUfgjFY}RCLX<@{0mndd*=6<nKr;^7y;*=b#0t
zTdn-u&eYE7sVh&y&#SC_^Ti?F6|1m0$j{t3M5(+?Ht?C$Fe?EH(uz`hL!UP_wbV*I
z&jMU%6&Kay?R6XFqV#qvf0QT{m8tM;IKN<aYNt09+~Q^67TEhu#KD1=Q$2A1_1n7;
z2Ptmo*O8LHE4fchKElJtTCu<mMtl?(y@9a6WtR8w#sOXBMW+t!8`XKRqsCW|Fe?%B
zSPa~)oCv3-ftwLCE3u@*zKHQ2KF-Pio#WpGiZ=G|;vNyzNr(pKZ0v{OH*j~#xo@Nl
zIGWP`i<Ex7cQxsKNqH_;!Q-wkwlWs?Zyz^dc5X+F>!2N(KF@nw4!Z|Vjo;CExI@)H
z%Q{w&kuWU@wihSyI&IISuC#kV<)>qV4|v=<acPqGp8;#)y;gqaG;^b`>!I_rbMCb=
z62?vN#B>##fs4Flm#_1$=<ru{Y>M&Dy&)E(w)y36sy!zV^_S{haRIgaJW!cdkJDM3
z88i`Vd2}WJ!YVv$`MWv-6AoghH8I5qxblY_z0KO_?#efbd)!@Em`+@jG~)i`oSual
zJzsC>C>~SbE9u~VsldAaJfpxTYmB#{Af`5HV_a8pV@*<l1^4&dIH7Cc=NRczV!OV@
z1wHnqo~|=cH{xd&t~ra%g2V+0z8I7)V15=Z06pKHN!=#-Aq$HTI#Dfb`Q|~3_4)3&
z&nU+JN*Y+eYjRh&&6>2Yv+_0z(LXKe@_98$#d+@?8awB(#mkGrDINPiIJPVP<mnwp
zaXJ3=nH0kq^v%cCh1fRs!3>ho(>wX;$w{5RTknbMN;3mFzP>ecrdhoHDEzB`%9m%#
zlhP9do}6LU#xKrf_+HLRn7YjH9`L6WRr_|vRAa_0Roy-Cq7hHIkGrP+r^}Z-w#aAI
zW?wnlFBknE-}<j3Ly~gB_FgW3&T%X4p!g4$4hI8lWIpJ8uIdGrYJ5%h0_&mS<-X+o
z;cu<uF@b|eUQK!>H7%t)C6G9A&o?XG`B|%$Z9H~n<+3me#jebnm6*|U;O7H>xTK$T
zU8DHT)>NL7<_R2pWp{x4ikj>t_dc^PydbdvT?M*4d;Z}-Qh^U`OFkM`Q*>oT=fJ<c
zbBS@i+ZgycG7>x|&m`w`c^A%4!H#V8*R?6WgpboF`x5ifA!4p-he;(<K0o8@>vQ?@
zwvOvE`W6~l+mDRz^d1O)vGwC8UiDsDnB|$C>Q6~IlA5#^eTJo`{9wL0a#*o#XaV{H
zD$~q;DKUU>%2{=I54<zztH5EO@1fq;z#*R{eVQ7;Xl78-f1iGs&v_znctrY<smZv<
z0#EMw^bGs7d=Bn=SOHJ|uqp4HsYznz?s@x+Z=&kCvpU3gPQaR<J-^6SYj=y-w!n(n
z(Pab<>T<%&PZAJ!GGKPQAVv#h+|5tob<DAAaX-g>dRg#G4*h}z|87E`8?9!?6eJ2L
zPpY@jHNILls>YmU6~qW1h&!X_G;)hgh`2L+m0<%E#y!JEgm6uiNE~Y%Ksn4R;G9rn
zV#vgF8#1s<*>rkY{EmaX2{yAZ;5v-4|E*_Q((#z)u(9X2X95|R>57xa^u{$pDk@c%
zZVN15D#T|clAh1mtvu;lYgR&mN6%{cS%Jhozd2K!m4cfseO&`5Ps{RoI6aG%#k+Kq
zRlUN@M^kk}6P2E`XR$>!Rg0F6^Iu)n+~{v?_BT{53AffRuktrnRk!$S8~l~EOKKZ%
zBiEJ-x3*T*H?{g(8~tr9RsOJ@@2_rdtoOIpQ~{}~^4Hb2pokH!t7}{|PN`ZEZt*uX
zw)%tMSJsA_s+#M=4OI=TXJx}RlE1jhA)##WYZZ|kTb5Oh^M@DF?$DyfwuV;!3TTeD
zCBwhCv8}SMDua@XZIf{)7<RP6j@pKBD-^)`<|>rLY1m?aTSGVLmL8~VSj#wnprNg<
zF0F^cTWYVSFi69PeB2lAavA1o1NZcX(m4CL0?^GhF`<{+0@!T1;{k4Rtv4fg+IcTM
z3&|;m?1-Mt$h-KgeCUY-i(*DP5|6i#!bnO_(Cr3(lk3MGk=$(E>~{A8XT7QI<GpjS
zF9vMbmk0p8$x;lO13-A(2D$ZsPW$ZoZ*tx278|r|Uo^7d`(-J46J4R}FN5re@0S&w
zT5dJu^1ds_ZV@^C#Nuhl<vQf(==J7iOY8aT_v?xHQMaK#j4W~JK{5J;Ub@L8AnL<9
z$QFISY&X9=4Y`hpT%kJ_I65Q&fF`n=BL1H3#<B~aD}P_<?g=4O+~1bH*$r9UCSINn
zM8;WtLtDG~a3|!(epgPp2)&|X=%0|gCnD#Un1!9x2Nx)p(^xHk8*(;9<bxuQh>Nz%
z?L+R(ZY@6u4PPFS?<Fw`{j>x6Bj!YWaU0}sbjY(W;0r3H-)@GhBEImWCwWz&<6jFg
zNa3<b8w03jLqw-)quswSCE7+mWOzIQc|JVSK32|Ur$u#s2AOdV8Ar@OrwTF3>wXKM
znynFAXS*50DiD;dIu>8_8pe{d^x8oPlNm+pO)WbV4fdc8WoMJSw?ikd0t`5T<A_H(
z2K%o8wXfJF*6dCK0?qVYB-nv#yFWv@!=QCJ<t_T6yWIyc)!YszD7iwh1^SeB&IFEl
zU);wq?)on}CGs5c{taY*ewM7RodJIc6DeZ?XY(yI$~+1qo@a01c&e|0)-*7zx40g;
z+_BdZSh0Q4NiH+S6c9HXu60?Sd2pNC?cp-$iu1Uj*%cT2N7Q5ej-_Htaki$Rh`ZNX
z(dM}lB`oes-Rb0b?t&3k*koNXZuis|0Ap`tCl%j9^iEbVja(yc3QoUAis#8i)0U%f
zk2v?FFTwEQhJxXq!Ws?l8oG9RJ5aY_ZGu_u8E=5FR#5Y$H9&oCYXbP5bCOXEs@6eO
z&kKO}_oO!gcz+BPo=l=fLTIVs$)aYr_gfgG@Hp=^5!~mEp}5HON(ikqJi+BC+1E&P
z4+f0$;zawzbW}7MwGH*;b%Eu*iX}%YySbEj#;BSuC!S9{&KrQ;p0UJz-hb2Vam0Ih
zpQZ&D67TEHrTlo}{k<*JSwMV{_i@T!MBH!m8VnF;dM=&-0q=2iqNkXs;e8kud8QFx
zpEM2~=9xj84KwL(5|@y`Eweb@?Ya~~(vb6wUV~u3Ev9GwP1GkYyPT-u{SnTdD_E=B
z%fg-oTfvF*(g4pwHhdGDLsfD2<HTg^OmsgAqIb`GU|pQ2_B9aR{%pflL=EpG8nje2
zL&FrXdY*y08qcHHVW6*?49{aCnGk9=JdcZDLTH8Id4g!1_aR#F<V>7>-g(sfGvWye
zp~`B*^VDOgqnGy{$~;Z^{$Ach@jS<d5Awc4{_~Y+wBLIUegDE1oQHa!qfNj51@M6P
zIrh~{uK`a_2(?ujo?X-#1P;q~)3SWvFzvV0Ki>N)%kF&}@`c_C;xGRV_@snT9m>AK
zvXi|RvUd(rex|oSIG$HqfY0`_cF&=~XhoU#GRnMt2K;jGQ1buqCGZOG7V3PLWfvQL
z2q@lHPHa@)xsdHkKD;>uS?Babfq>gH*<w!eGsy5vwL~EKINLVE8jq^n$^T)FBI1&N
z%~}-UOWsHmXGxh}$$k=-Sm!~YZ*n4yoGm%Q<ZEf=9P4_3yyTatx>R!Vlh?9e=2~M>
zW_&W&dQZ8<p;(ywI*IurHaYnZRDHSR6eka3nJcUbC^IwpE2>^7VzZOSGR{NNoU-H-
z%(>3`2E6iq3}4Siiy>QV_M1TyuD31)HPh^uL+S==HuSx3^?QLjZnjL=f5hsyoaKIO
zvAaIA;I}J4yUe&DD3a)A7>c9WFo&asv>m+}S^Zfm(OrXcpN;V4FMv42$<qD8X;4%$
ztfDd~{Q?*=Gcsso1X+rv2khy_<E5XH%(npsJcfq&Jm;9B(URmJGozp2M)DT+O@EUX
zx|6rC^#e@ybR4Q-yA$2iIba`pAi<MuuAqX4-~msL;70OT_CT%>G09u#usm}NwE2uU
zf*+!QZQ;4Edlp%nAdy^21yvU3e<S%7mZ_GGawnf;PcIRvxa2*k*;8Y24jr2OPuf;1
zom-sz1QlFmg;9QXGPk9krPf5$RGyqnu{!HZ@M@C(K-Kj^G$nH<;%N|KWwHmto<{2~
z2&_+TV@{Lx2#8I|3t48F)YFmtK69F-%mc~esk%joCz832ds>BfHu+-upiPJuleydQ
zEEnQ;$p@LULbM$);@J1BQXDcs(X3VISViyDbU)+V6Q0%9`=FB_rCZhsZY1wv<JViC
zA!DTx$GL^5=ooCo(W#7cn;v+=6P95(h$Gyy(qe}U`jDQz)?!_%)=XqdiT=i54nPSv
zbUyisZjQpi91}V;=LvfX&T$NnIv`ToGOP{2V{*y0?t~{|M@~T<)*NVvokQEKdyy5p
zhFxcEr-JF%;cQ)iX2i|7324uI;j><GrT+r%y_p8iC2Dvd0zYmZ=WVz5Y3Pf)jChRq
zNy?Nng5$ge<j?;W@;=!8Gr&amT{v5RV&MuhdQ6V1yc;`H?`c-Kn5f~M3Zvqxh`YVl
zKq#)7c$}BFIO3LU1Mc(ArhEhO{@y(Dn}`ohSc2zhPXP;h&toOcv?R}43qQxT5YP8M
z4L`@V5+9GPEAUk-P)8wbbD>-utD*wig^6x5tPEChbpp^t_b+fh?<JHpZ+Dx20dan1
zEpejA{u@Als`4+P%(o^Ln0eTTp1-JdB^jMypiGI*OnD!T0iV7}g{m%@0aBX{)3ELb
z&+yMi_2vXI#k?w_X@Z-YQrH#9WQ$ToYmo>VL*`NK4)a<R7)ld&&=O-v5gcIt*1Suz
zf2-I#DE+SaE3(DVcd1<pzAF;LTF{^7{nDJbbzvb5|HCx!17+YD<cUiZeSUr8V&>64
zW7t-l%+sPH6Yf_votBzl;c2>HxHRHFQs;>E2wU?4v{2m%Fx#(2sQ_DZfodf(0u7|7
zKOHG82dAHB8pg<3Kn?=Az%1qVHhnMJQvn`!;D*_L28uG?1S{s>Ja2R2nTsKU3kl;e
zgtC||r(iu;pF-oCU|(RCaCX6w)`F9ZT7%qCQ{bOkAOMDuwgD#*$bN^N^{AM>8O)23
z%=U3UyG<&i9L$m2I<u`gtle4-D*NY%Vl&&KWAvRAv;9d`7Qv))u7zaoR@Ra&Gu>mL
z^Wd&rp}2iYMG)p$9F}>j40DuV$G{(X8mDNLYd~dRPWP`D-|Cw&X8TxN@8_1O92&z-
zOzt9vkCGe(derkMZeAzjeI98s=?9{zmh{aynHwa(9VkuQD7i0#8cC6eDXuR~EGy|8
zLi$dR*?tN}jGh8k4^%vQ4v?8Z#w-BxFp$jWpn*O3OD*>&E%!N)e4Ra(1%jOrX16^K
zVd+<fiIKJ!Z0R;5$XyQu_K--F!lY6NvR{IKMph5>{$EvLv(Om%na!duNahU1wfAE1
z%p3LXC$oJ{f?-@J1MNnJzX^YiZ!*lA=+O)z5Y|F*SCkfn)#sy@k@+@aS8t?q#Oga$
zX8U@m9sLSe3sGw1VhBh4C{dKo`9t5ZGTT3*_;Rp*2=Po_A<$`WYVOa$4Yq?z@9YOx
zywfV)xesjd&d8g;Q%k|G*xE`qOyBe}+owbIcxiDJGxk#VZWIloStF2#acad)Mh#}R
z5!{aq_IRPnFmvqoroD>{w!ui}#HMeVne9(QaP&=J{evy}22x-c_h{}w42d8IEL*Zw
zlw$neCN1%Tty=O=6g$gboG0}SH?uv^3$;7|Rwnd~ehSFtKr&}T1FJhnXX9y#%D$WR
z&bRCJB3nGzDfNaT^`-;sUhlX!z%rNX+jnOB&rnvy%W`_}3Fu9`8Zz`k@LC`=v{qFh
zad``P)3dOr(v^NAmEHk18yoy75RRgIqGd)t03M^vcD8ZR?>Ofylr>D>AvD|nhPxyI
z>Bxn$n7s>IFeit#Bp*)%DoJrZ&jgism0?~f%i4TWh-^izBqj5GSn9YR^r+tG1hZ1g
zzRG+ogo{khSEop!mc>F<!8G3WG8V&})Yf_oo_bT(%i!y127_lEau`)>*&x@JvKS+H
z1X=X-9mtZo)wN|N*u1XdTJfBeD08nha)!#fK~G>R430+|>ESn(N|w?(M;0NE%ZV^%
z!>o%cz%egyaV+bbrDppheYD#yaIp(lLQ=U+N#3t$I8M>8g3hglVP?9EtJ`VP({Qrs
z;aJEyZ)QqvDJi&FQ9DS%%~_JieQRE;VFrbY=hQDw&lU?ulWu{Rb6oUtSV*`zSIC=%
zgi(1yJ`Zw&AJ+W4xAyu)E_z*c+XNT8`~c}}RB9GVjbDSt;s~d(SI&VS*eh$4!^+|Q
zpCF69l8!99SBk-Y&}L7Hve{YBg3ZoaD2mG5YjkHB!Bq$mcGK0W4%e1q)lIBqy`6W5
z&a=A^c_TL>FVcmG6C<757=82FZ2vpTj81@sbI@_42LNdXQkV+FEE)M20~7L$m~2LY
ztXM@CGLStI*!uRi*<Oo#d}{D`Wbm{@k8Ef>vYGrfNYy#9Qt%k);C@^GG?dlqgKvRJ
zpM}7T>=M%c3htE{!A8+PaWeag5`EL$Y=7n)U3*`ty*I2@F{mUjQZ%|-(VS@+N69jH
z?*OIxxt|Qr1I%qgsPvZ+`L&QJtH^X1H=z(#j6kJ%Ep>)DOiC4kpVu5AOGz$Tm94Ya
zg2vq%^Z{E}fU>G}*jok9vALxYF2^RXq`5fPgUi5LXTnJs^hWR^JLiWwhwhW{yaqW8
zl<jto1S99ok=G%|4h8BkiWY!jUMP;#PZP{`qn~!<h2qHVs9!m9yht8UG@PO6Q=oHs
z1qYgCc`uxfy+|B8g%lk*K^)m6B+4rCVUYIl5(mBjdIEQe>+vW|96Me3e`7H^R*|Pj
zienW$1e3iH{3Ti=6Clbe$F2kSC7b(1giFWn0hf;53oaeII^sSPgPTtJqvR-;#(_td
z{zLIx%M1*xp0*(Uj*4)BR7#%~<776-UUm>9mXmCMH{#O<ixcEj7@Yfe40cE|ZwYC+
z+-Z>A?7g7XSZNYXZ<EG^sO}h?A%zK1QF++BjFL^NqL+gX=A&wk+h?I1?Mqx6v(~lN
z70d{jMslB=;gO*>9dev-URH9rniyH;Xct_CcKsQd{dp}}^aJGK*$-!b{dmZ1e-)3%
z)VSX)joS_bRO2?w4Y-3eP#Sl$H10HL)wmyvrhbX4akoe=w?%B6qLzYEjZ^gVpeHoJ
zsvn@zyoR=VT%Ss@cadQPpM-rIvJB%+<g#D5i|quDu6Rj!a7Dt}*tM~?D{|=y4x5p0
zK+JJXH8F={<33A2*)rSj7=UIyKnL6>&H6iP4B(36K54{-*lVzd9uRA|GhrhXbuXw1
zn_%A@s2KH2cKZ&CtI0DIlSVuv^t+(b-ay9PXaiPeVBF_4q8K`nb1$s*xcK#z5xm6C
zy<T#`mJhN<)`0yR6oRCQn^6-3Y{wo;KY26TZ#q|Z*B<Gv6<GJ#jy=+j`$4JB+hbAk
zHPX^~d!%Lm0nK*4EYt`rm29V?rjlB!smno4`WYAbKU#MnU@|YqX#_041ZtHRUYAza
zvzU0{kSM(!w2?L$(j3jf*+AGa%TeqCvkYSmzA%Hj-|j&+$7XaCb81U;GhQdcSi|h&
z(vK0%_Q7~!t75f}>{NE5u3QLFio^G>pwl=)W%Ieu*8P!GEpd`|P-nhnXS$%$HYV*o
zJ9Fd_JJZfEig;fOpQmu-=m(Z&`>!I_+#}X_uokPSR!L?n8q=ks7l00W&{#TV4GKqA
z$Dq&VZjEpm)C0ifp7sKB9z8afr!v`|=qZoR@^is8pAqBCl0n!g%NF<<u}N-tsJv8c
zw4N0=@n+616o%fnG1++iQnaM5FwEy<SH)}coq|o4-S6|VrJAC4wJ+JkBE$ThiyfA_
zl7T2(*fsS6cFd=uQ9rdc+wUE$yYN#n@P>%flw>F9i|N@>X#6A8@U`nlC^PyG;91yG
zjQ%~4Od!R~9di`a<)FrV24oA7uYnvO!uLenSVqVAfLur<8ORkt#`=Lwcpc>jL-m*p
zPz_)gpP<HZppH{|GLZgQGtg@bVGL)X0*E72W4BC>$sRg{%eiX{HrBya$YYdWq4M2Z
zUR=lhoqNkpJU$F=L4PyISE$^`<_{%D-hsTx1`nG^bo+FOGDIXiD2%E58eX@WvPS7A
z+h+Tu^K`(Oa_6QJ#v%X_aEiVeG_O)zQtnrz(DRD=8>k7rp!HlR;l)dWo11JG7K=P6
zNEB)aC?j|Xw#Zn9qzc(Ju<|{d8wp}#>Iu$`*U2_RKT<c_7p3YBzfLwJlb|!ursbMQ
zE!WgjpmM+9?({m@etZs^n~@Dd4d9}IB|}kDNg;eUN?r@7QD1R-SM)uk*>&diCPVXS
zO5=Xt4`oBLhq?PXxor|_V>q*;J(?a)`nS|}gUJ5?bmq-iw{swK;rV#*Hi`Z5JIORM
z_aWy;$QkCx`zNxOdR>fiZMkLLblwJ`045>BJY=pzX}J%w8#>e8Kn7iFh}d~pS`q$+
z`6u%sE%r9Wh9N`5g2z#SSKPai&pA`BAl+M@Wtg2t9{157N#0y*8716XI_yvs83UTQ
zb8^E}$<=`hDP!a~<nlUz(+oAARob}tQ%r!5LkJrY!#rtjf|k+$0q+x7Il2#8`Yn-I
zAW3L%F~!E54{AK9F?{7~36Qisc5_DZ%_%$h#ZI(6tqi+EiMC1`c^H+bAj51ItOu8K
z$S!c{0JT46&PwEPlpVHnoUXYZc^tprs=OGEOBuel>u$I62d13m7IE4=$fcQli;znK
zYkLbkj`)eH1h!tmBVe&_s)SYM!Xy!~(5~kjTVzvr5vQp=(TnV%cDpi+wcsf5c=7a%
zD(2qu1p9j<+(_=eZrq=MOE-KZ+_QQxc%PkXVN}vMXU$LBd484W-tvGma(;naIw4PT
z)y}#X`j2(ZwzWxTsHToQ$Jw{ggoWxd15q<mHY(=hD54%VC`O9hh@B~02(C|;C=3hA
zrE(`Y759V{X3TiVf}YPT{VI;xZVuIR%xAJGx*t)7i4b$eXHwg1pmR|<=~96IfaX@`
zbD>6H!QkBR582O*12vtK)(vPt5zEB7ZW@B9UJqV5GDo)pSqdayON`k}ad5`m0b~b}
z4j}1RKhkc8776G3fUsX%q00`Uk*|QKcCBUZb&;C|=<qsZ@Dg`>R5;iM9>ePe;n`is
zJ#yOBwsi11AiN{+u3Ze7!MDNVLh&!*$sWR4_K$X1qv%)MMtms?iGEqhY`=84_UxDP
zRA(XD1kY;0AA!tUhD+qHq}(rs%+cgqLgs4nW00xM5#iM4h#(g!rNM)tt>*2oWe+$6
zG_E$#lmC($rjSO@osuQ(8c@^u%x5wDBD=*n&oRWp=#$|66q%zx0`fB;X?2iLGcDye
zXnC(^z%X0>H7$RX@|(4Mu&<3}K`^q|1qa*QshTU7mBD<l>Fp}8xnsj!7rj?ogU*<Y
zY<AE($#&+<LJps|Y_)UNt}}v{gU9{f6SgwFYYtZ0!kt<es;{$!KNFtXFv{>Qqh&OM
zTW>XPw?mdIMG|^9vagh#x#Lp$5eRXnO&6h3rA02vM*h++ugmHhBG=)DzrTrSS|Yt<
z{umlk<iX4m=|qn2TFII$k6W&i$1Rhe=U`hZxN+W6uD*kC?+InqhIWvLJNpzqKSc(I
z@%c*-OoKe!m8T*m&J!k;+t?BW*!hxeOs(~xSdkF=6+5#%>jE9!MWWn5&q;JE!HFQ%
z10_Y*gXRuul2mj*DQrL#6^li8R3mm8HeCu@T_#VKN^b{!F-OyD@LeIDGs*J=uBS#{
z30{mJizS(3>OhSLHD)=G8;D#7WEYUMQz$4AY+THHfEEH{J@riX^a?-^@BMuWIk_9y
zBLxbXJBD`xF9Q|q3wbVqr%@@QLGB02rSm7aXkvzw30v7|RVcHQbzJUgO~d;4EO=Ru
z@YIe|F|)?}2H1nBV9b6X?-O|w$mN*-F6P!}Csgnum6_qWnr6NN-UG-?+lvfoPH+{l
z9$DDEBOej!!7Xe&nF?+In`7k(VVCkYxgEc0HzAADV~}^tdC9Y16=i#Z_kza-;c%3f
zb_6_LJO)3pGym<#{0cnL=7A@;ob^Ln^-$>n3uxR(#WVA8vkxp9Hbq$73>ylzsLB9B
z!z!byM&^M>!)(=94*H<N8w{8=5?z4%V>J?32jQMkM;Yd|LLUJgOoJ$&ss2h;supf;
zF^u38WU;QdZF^+6tARcfS*-F{)QsR<Taz1=MrJ3aX$!LGrt?*n9`f+&$h&M!+W24q
zUSt1V3|W~L)pLwIo4qi~rj5PqN>_ci(npa+^Kbi3rNO7|N*|Fd`wAXBxx9ZD2zzT!
zG&6V_JR0>rcn+g1c%JMpqih(JHW6$-RSHf6A{~E$xWo}^BWK%L@RZuni4{iCUtI9)
z!!oq>Yq)0n>*;zvd06HXFV<X{Pn6&oMPe~i^dit|eo^#~L903AQBnLf=uz8ZP?4fv
zC4EC2=%+;eXQ0#8z(77N4Q>R&u>6y1go+Tkhjuf#+;9C;a>~@*m(?h8yImv!b~6;z
z3c;NF>>PYFC-F+&li+bW9_`@mwB@GTJPyFU;L)249dZZ3+lpP+3gOu|fT;8hWbonT
zjSk`WYy}T0VaLLC#LoGRog>><nZ=ITIXXUz?%)D)Q2eOheKy-4&eR=rP(0WJV?#Pf
z363VYc(!4_D&;DLoTJGfki^rx*Cg{PQp+^;Cs4WExY)TdScUWIu{<3T;o(AJIa1_g
zk~NyD1SNB2FI;*V7IeJlc__o4E4lWkr6Pmzt1c6Hy92E?%s+b$YO!}I7S>|Hd|>RV
zkCD%gjXXsNPPcPn;fcuoI7fat@_7lEV&^Llv!_;q%T2>n$+2%nsZB#v=voMI1_`U;
zt}Wbps5`kgA&YZSn`9~89k%!_!t1uj=s=db7Inm>G4md*C7v7?-%_2$=ehCs#e>65
zbYCKU;RoEKT!Czoe5kJYrC|5{Ju@%e=Hi=Qli_GG`OLX5-@r6xj{>X5gjrcEyq(24
zIVg>D{tk&AC4417^cl12DRn=kc#~J8l<2G^<iz}(x_Nabx=V~pMqu1hdW}}mS1>Ut
z(ftE(OJ}8Etb0?~1l~ecR+W7UGR7@eD$kQEFX&2hNa9{8->jSa0xI<xe?!nq7Ef?@
zk~u7)kJptjFd@n89n%Z9Q><jel`zhGp_g->YpCJ%UW9zZaN8(!d2A66MPmAyUN7ZM
z5V1WSh2u<fS|4)bQ;cbSvJjp<`Z#30QQ3Ut`4UkTUfk<rx)P!a6Cf0)tf5dMg;;AZ
z5%cJJlN`Fx553PZM&Ld}pL5I+1C$AUJurb!aH*ZeJTxrXE{29sdp`#WE&Yc}nE?@t
zq|CW?8-y5WH(rQA(c*}4*3CN3%S4r|aKr$=_~?9(YLa-*AI+WCN9Cs=UkcFR)I5jq
zkW6#J0M$8K8D7`c{=w}fXTDZ9+}0p&8xgIJ{ax7q&WU1VAZn9^7)ZO}I@3rpd4GB&
zP(%sQ3w{Ky)ql%G+#E~K1go10ylI%-$3j-77xKMh*!C>)Ff(W!<Yh-qnATlG4)tgE
z5&gMQC(xk0s2fO*0%^O5<Y=iH$e29Z03=`8fE&5w;KIr2nQmrZ7<C{Ej*ohaWP!8X
zS>|5!-G<zuyg9*Z&h5vx7K%OaNl`=(!r&}D6P<b8Y@5`>ZYDpTpB!y7c9#4wVyd&C
zR%)AY@nG~%3Ct+>&X?dUrcJo}7}dhQnocp+sl{eEbt+?QjWeSqCkz;m(KRa~>Sde8
zOCVjMm}KNZicYvRD%X$@m7JYvM1z_7=0xR2*hNcVqEU)v$|#FuiUXDAxe=yUYv!be
z1DgxOG)f4{1g#*r0?BRQG21pEkpp`q$d(e!6LbNAmMx9QZU*;G5hx*eRnQ88Hx(CW
zIo`sVb21Dd;Nv{gSU|uR48avCoGADi5^5(%k=%s@6r`om+P{XtND-(2CPxBD`3A{o
zb#EgwRPxzUIrzYEzOYINDpW4PR;2EZpzLKLP)eW$qV-pUE7#)20<E8{%~Ga<fMt?t
z^QFUQ3<F5L^jw=56!9U8G$C0=_BO)RNN7F5TAQu4*Me4}K@n{h(Gr3-B$v^=ZW|G$
zq9m#!7^#gfT|S8fmlM1r=mLUw6_=nV_fy6K0>0ze-7VDcsK}NQ@MC)X&L_cZic3I+
zs<Vh4Rv82z3A&I#tByMKVQ`g26-R)6D6%C4iDFR&0gE{T<~ii<6~Ra+L|F^9=U8Z%
zDoDWBOJOv@9Hj0IqyS&cG>r-Z?s?!0t!d<US!G~_M5=^fxu6vU*C?(o%U3lwDHg%w
zf>sdl#meqh@byi;l?f|!ar_33u}@ef1b<e!1RpA{7UYYR|4=M~KG?fK4FO+%>|PIF
zuH-wDj(R9GLRcjPRe~-cxC*Izamw;T9nKa2iv+D8(6Z6)<%^YkP151bC@a!Rz9rcv
zQY8eB2wFk#BvSX<`5NPEB2Yqb3HEcAv89ZVuj*OGvdGA%=uQzWC9p+jIz(q`_eHgq
zIkXl#M2nrGUqPK^1h?^n%_&F@Px3RYPE{#^s&tt^+rC1r>0RXiQAA4!Z2M+ADxK{V
z)s>p4u&-2lSvtUlf<_umrIdun1xW5fmWe}xt0ohURBVDwB$u()y^Y8;#V4Q{F%XX#
z;@+lBiZPZ6t<5?dsVt;fY~&izQbNEFuTW_@;oX8SD|d=65YbWsTeR3A8gV+c@=aaS
zC?l{%XF5b9T^TiCt~S7BY<XmzmUS7+9$Du!fl{V1&msJ*Q~23#!mmJ>Jx_QX396r7
zN8}_DMg+kkv{U#*s*s?afEEbfVan4H?bLV#iP{POiiA!ipi;86)r&z_OLi%Nt@jD1
z)lWq9HbFu)vCPrL7oEZ{Muay&n4kM%wk4oujxKGmb9CK?e7+rx#u3;?>~!kg8PR)Z
zM7T@~LvNu&Z=r4+Md=I2m?GIjObKoy#I*sk%P$4s8^}O)VM-oG5;qf3UJMa@Uw2X4
zU{O&)Fb&CNtX{W`$c>7xRr6)iM}<{F@ElV2nTY}qia;sBGlEtSP}VY9v?haZlkSu3
z5`vRR-BnRww+NIHd@5)KftHO<vA+lRkO-6zd?x4u0?Im;O}<6y!j&^v1lJ2%LBJ0e
zyBk2+E-7A0@FS63NT6k-22i%A2$T_Q5_AE9mMx1!ZWg$FQNuJs1eXYU89@z_%UEG<
zBeGiYwZm8g#W@BDOC-BIDjDhjLgY{aZ6u(CY0M?K3dv=(xwjEf`sZr>x|C(C@o664
z16N|)2g|`~l}4$WiY%i|H1k7x;JE)26=mrpW0g@jV`%DfIbRUhb#BBJd>3^)5=<pH
z7q=uZyae)<O5l;%pQ3Vq(<mkA$6Izrh=7vpxoB@t_7_N)DGB<B>;eKU8|{s#>|Dxf
zfw>VI9|QMIQC2~45(&e@+(slxG)LBOzH53A$uidY2q}W8f#6Fdm$BTvjff$|B0h~4
zi@Kh*DpkR4gzq7l#(b($rRUpTHr|P_F4HUutGcBCtF-WbD&aQ@k8~16sW8d7TDoV2
zoHLxAM3;;ai%SUbtFUJc6bi_j@<u5^IT9u=f=VRSHN;rbF{82A2w{~GR0z6|Ko=|9
z7A+Rp(-uHrg2<K-TrTK>s9<EvIukkkq5x6A+>Ht)*o@>dTFq@llvR<v1Jz%O#Bs)A
zSJ^lrKQ_itB4A01L^VW4(*LAERTjDI<Eypzh|&^*J%TPEI3G9Hx=%-xeL@6E36dcI
zXA)@H=m2;M0>2R15`uF@HsV3*e_7=c^q1TP1k~i1E#E@!2@#x2z%PC=eVE&bDA7ox
zsq+IQ`h@UvBsiYnG!neMZX1y}siBO3S}0D~OR;qTpRG-0N8Cn5{0$MuqQ|#)`4I@L
zC%911Qi4Jx<w;^wC8LC3mY}5sBjUA;wt)Jwl>mX#cbQXP={D+9N-lFMiFU)~5LhBg
z=EtLk{zw?Zx{4&5Wf@~4lMV0Bb|HC;39F5v+lW$(q<d&Y>PE1CiiEj^;9exmEwi`r
z`{xG~pWtD|pSJDSK=vyBp8!5oD8WZaQk2LsBp<#3N6jt9xvPy~+sOG02^A6i0}0a8
zwh=jn)LmLPjBg;1k+zl)JSgZw0=}NxJ*p|2D*~ki+Xby4(6Ui?Qg)IElo8x7=mG*Q
z8=cmpvU4f>u*il8v}|;Sp9}7lNDM|ozQc^z)y>&#vzV=UEW)o|FdJwVORh$WG2*(G
zqwk2bsL(5;okzK=k&=|$YF|u?ks5REa=2ToqKW*72Ek15k)R6*{*Kh$ft3A?2$T|N
zfvDF$1DEgJK^Z{`?u6kU0Kssi?#d|pFOe-J7%Z|C1X{McUjC31JVn4)_pntb(6Wx+
z0C$uKln^|OJM7r{&L(_R@MW_JU$FVw4}29kSBjMqj1lw-0$W3|LqoAcL$TH{{r^t(
zf3@ri=;dd(rf~&<ZO&weIg=gcOxEVG*ajqq5+Ogn#5VoKbq#1a3k#vO;3_S8Rk8!3
zzeGZf1TX25L^>6p;1$i+RW1QzspOXs*p|-JbzqA%(_v}k3X;WEO0l^FG#0i+FJ_u-
zrei(-0<7U^LyR$ZtGjHgn>fFdiZSrxzo4%I-Yj&<R`<fKZsO~a;;`e35e}&zAjKNj
ztQH1|TabECByW)LXzjB|TCHv<TTT<`+kwcRhJ*zo+PLh<_@bCwRKSwbt#0D6nx4Pa
zO}v~uT(oa>gQ1l~7`jrvVEr-@1{cA3*g9hn5DY=;KDa3Rdyy?A7$mY41X?yaxITtJ
z5^~s>WWfG5PDp9gr%gC!i((vVNyp?BRkX&Zvz=S~X#Q$P{%TaA4!)c{T~$cHZ=4Ya
z&#ohqCd9I5*Exmx85r&X5F8bB0l{AdEg^UjPY~gwcogP)pFo|(i$$=EV4I)|2_6)*
zgy2ajzA#!mvaO-1_*)rhoJ&9pd3~)dMWh$%nl3?psfd;l*sXfR*{bOMkq{)pN|?YF
z-su#MjtdG8z$>`yIKtnHxfM}!BNq#l><bCU2-1b&;pn}Kmm#+w30+QbT+k4~7f5K~
zWWqCwO+c@btsDCz@HR_!2?4WF!2^+AyA#ZxsC<HNVH5H@))DCv14{_Tqb0&8GC`VE
zLhzjC>o$szu6!Lz{!}U14$vv+6$E<)y^Qa>^A`zB<FdKXR4a-jS2D~c8!ML9$T#0F
z>CU1FtQ|E+gHbb`t{|^d%9arPPS7#}yLd;$E4#t`m*g)X;HPXZV~x3u2!$PSOVL-6
zddN;p+4(x?BS<mEJejrr3jCiATDOKTCSM}zN(lZeXa&JBr0x?4WeY^0lwgCP3kkGr
zbONF5JP{}(xI)kc1X?z_I*$YQ1`!Bpvlf9|BCHaErGiFwL=^t3up$M>x=~mq1V;sp
z^x3T-`Qrv&%;UFNg+mL6XAjy&#(t5D?4cfs$gRUoh18s(%|@!o@oT_jqt#evq-GDw
z8JgW{;EX#8sd<C8G4FRseZMb%8*^AoGM5lt9H?D>n{KhLIt~?guNOPs)l!KvHgehi
z8MM0aIuZsZL8qV#2=*g&?>fpRh(Ia9gMwBNXxV7jm4bVj2$T@a7qnE{$rpXYDp#}k
zMl*jk0frFpg=O3t(YdVTVU<g;Q_#pP^o`vJJVfi1*7QL>0=-igH)6r?Nud$~=3{*!
zco~VeYY5p4=k1y#&=p7+xCE>fH`v!j+)bO6DUl!{%i$R2(uq;WuwiGFA?pStG@U@@
zMw-sIcRyCS1b^fUoyG!!zX)1FP~Jzl1YxA^{YDLc6Ah&VAqZeTDI=sXS{xY^6g@1W
zWd#2cbRL0SYO<qLWO9!0jh|XT!YXhrzz-Dq6M*}WP**YGbBayylCXo@2wzcb0>0rW
zcWsFrQGDHne9v;cG`OM|;8H<LN&v1@=vc_tsxkz1NOFsdNW0=|T}dcGU3_dyWz>Q`
zCg2;uSosOgAi?(8G-RCkDZ2S$i!VW9<PgqALiZ7{*<|bHgU!}IW3vgLMFN|E$|=nX
zl#7=Mv^%CyoBRiK!T<Y?VX1GCEW89p$cCen*!GJQN>GF(t|CHzKt$|<O^$_KEA#N~
z+WDd{UW7}iPn9cSxxcCAY16+##lu8!VN`How1UXkIlEhw528+IejimM0hM7Su;TxV
zL6MAN{Y66w0hO^Is7?3Dr)bA#sx1WnQ}--HF~$rdif|<o!ic~QqnQ@Gd3G2@iv^|F
z5-C<fa21lg6hNd&@$Un85{b1CzAfy91bnAk<|ZPn67kF$M<a0?M|gJaS{*`>+LRMR
z(V3-;GmFv{BH(ZHVqdCNp_uOC-~4aIwcxo>!O`H@3X#RhgH{r92Eoj)Cla!CX});8
z8VNNMd@1Mx0>1IuebS4{mQwa#A{!#mve7v?DqBX`uS9ksftHQ#GorF{DXRsdH)37{
zw^KBf5bO~&vfe%g^5-g-;5k7{bpx*hxj|SZ1SbWJE^{Dz_Lb%nJRoQV0e`Q!d-G{m
zvIvwCJS6A>0xcVDK4nuxpo~BZMB5w{m`j06L^edAWuwiH%Fd%K-`z!L6KL6ak^YRz
zUPjp`kvIkkDGYqJ_6$W;{uXDx&NjwDemoLFgMdHK;<&9vQ|GE&g2x1ntgx#=u2s1N
z>jf?S0l-GZCD^RE{Nj46;u730Xqh&HFEsz3dYvvg%aB3PgI79m;3=nl&=LC3?*Z^_
zh2cm6BtGod$FG3zMcRkNAEYivT7aYvK1t&z*L+M@$7d$?!DlmvklsZ4%EA9LZc+2*
zx4v(#<>%q9X*rU<(c1^N*?3=AAG|%r8(f7*6OniWi{E|gI}loqzZO@D#2YhB|3g0S
zip>0;d|vnaaJ8rJ3243iVwacLyi#&wZ>SG`iu5*;UQ9m({wdNINc_Brzd9a^#AQt{
zMqCi|@qIGqB7YFlc}QG1xKezM^aYYWxFT@JpqBv6-wFP&kT`wv^Pqi5zehTV#9y-D
z#C{k_9}KVFNPUqQX8n=QMLHiT8%ZB7ynblOdr7AGAG~sm|8>S&Ru~Y5xu|(nQ){D<
zHMgazxh1Q1Nps`Un#R_pjmxu|nj5dGTGZN-Rn^jzpEG)NR=9a_TWv#QR%Kgl-QukJ
z@S?_+m02qqo0n!4shrGkQ&ZNY#)ek>kw#0_^zia<Rt*ZR2sc-0C5syCHJa7h*jU$+
zwGz@T;f%VK*}>5nRdv-_b+wgQOBOBqZbn{aer8TqZNs9vw#8NdU$Xc+O|WguYFX9t
z{|7sb7W@Vj{@8?n+LDPMvoMU7*2Rmfsxxai`{3_bmIA{IL7~=FO;s%l$Dg7=SlAG*
zZ3K!*hN!TCD}ABb`ldQ$LTO`5sHw4;g)jv{5*@8eHP<#QQTTX9S8GOX!$m51Ju?5f
z9*;9!W_+w+y4J<x-%?ygyc=gza7)f+d}1V5@m=v=aIE+koZaz#B-g@O<-Tvk_mFIl
zoT=2r^DNWlk^)vdMJ?ed6|wkvwx|)RdL@IhhUK<mVAXKLjB&+?hOVpQeGwIFMV%>D
zs}^{KvsO5&1=rXzRO+@{#un@Lu^nbS%td9U%R>plOqLUDT?8}jMzC3`5x;WB_Z0$z
z-nG`@IAxAHD+8qxIGTniXDM^8aX4LRQ1W7mZRRz$fffu@W?9J5m@0LRbfj1G>sr_s
zJJv~;xT(UmTCxqh_vmi7qkv0r<yEbM<|<#g?B+$g(-Yqdxu)n>P0|gfS2a!zF;Z4(
zc1wfTIO@`Uq3WVlkFSi!go>!4(MnVqEhaK9pi;MAcM$&P!R|g{FhS&2Gr|}}5RY-i
zO4FrtA;Sve?MA3!5RE|9AXDPg5|iU4^z?wCWm<*-p=?!Qp`u;8gte%;9$F`zq}r>a
zl!{aV)lk(7y0FtArHCA*;SWYPi=3j$B91L(kz3lWJC%|>#1u6;HJ=qYab<)@d=P7!
zP8k(OYBcLkC0{i_wN>RRufWO3RU`iTb<(xkjjB!Rti}~PLis}#)6P^5r=s^vyWM1|
zFjKWTZC7>~cK=aQjVPy+)#RWj4I1GL^;Kf1bdyX3JsAapxmdqoqD?RpA1o=J9+|d3
zBsa=aquUwsPOH@{q0T#9GW)v3@v50>sH=%XHBdENb%;wEs~V^pt|V2%mAuN;O=ch{
zzUnlmDNbCCeH9LB1@Ok7gR-^K5&fcLnT_ROLpR01nGC>dr1Q0Y_O8Nv#190nEK!r7
zr<<gTiFC+x?_ApaeePoyTQVK1L8~H6xpLbz@%@nf--C{oIUO1&rfYcyrgIioqsEe%
zqlcW8>CSjkxSF+8BbECsd)%EHu}7J^Mn>q>_N->Q5+j%=5_h80jy70)R%FTKV)Ni;
z!K4#yUUX&FQKmYBj_Zk?GZzC6uhlZ!sl`r(oeHDXGKni(w?%a@wggg#FJkHU+YCS2
zwrFe}{cQ6z_FbFR#K1n%lOs0)sug!wGD;NTjM;Uvc&KjEYY}5d#qt_yj8bRGK=<16
zbVpNs0?sk^W`>cjMwnVHl?GLpbeOAuw{W4MYW%54*NaFJ_<EB-8CCBZsn=tN1s$p;
zN)<qniG!m`t!b_pG+jB+1zEbnY0)ZaSx>utT%q|CO1n;tCA}%5KTK(>TUwx6*~7-E
zxw}VcwI0dDRj#sEOR}>xt_+qLK^bhp7;GBR<E}`1Yy-h#u8!PDYr%__MOR3)7<8Il
z0x=ua7lWQ+o7YMkmP-%zlKIIaeol~FwX!&u0zGST=i;&l09&H`dyRNg4P&*F(!)b}
zgr#((DGmpcB{g0xXX$q_{c4G}WZ|j_W{mWYUd*E!_2yX3Y|+80N`0dXuqy5FXs0+g
z^J=uJ6<-D2g#R*Vrb*LBi^HbNY@l#8yo$vQDumQ**-to2MSiU`Nl(pmo*G^%<dwV{
zKx-w~m3!Q{4?yP)j>tQ^#W^SI4HMhwiXVWpx&To-994^&qhxRBQbSYWYLlwGq&jo0
ztOz~q7V)A+Ew`pz;HV&1`#$Bpt3+~uz4PGo;Pkm3=xTAIZEDc>6Q5im7fMde88X}d
zw=i@rw`vh}hMV%RvfM4f)I)l0xgF;8yjqWzNG;0GabigykvXicqSVepyPMshX2m!W
zS|#ULX||e+RA<DBA~nk>$(2&Qsz6L<oO8Z{H@FMn!lT@wwu9f@behr(EpxtDqPm%9
z=UnX)N#z2|z80m^-O@4YtmdP+GOuMzsJY??K_(`C7|vEa_3OYwS#2$*US1$@oUN6z
z%5ptptJ#3dqzb8};@r=a`}9Q+oBEil-;w~+^{^evYFB)+;I#VpYs7VGK&$3ItAbAL
zvXokn3|4iiX-Z4fAXWubfT&LHCF+`_=Tz7xNqcl3vkj_BH8hpKbnr3)^h!y4_0_+^
z)ht8})e-@E9;Cli?O&PFWYtX7a22=86zxc=(=&j=)uKm-Xm_zPb={$jQ_~;EX)g&$
zJ)&vQE2>!cR#LTI-zlVa!D>bDiHBO{tZ+5K>CFwx>fx=7qlO372wo>)=Tv>nCEF*}
zE2^2!OIIbTrxa?^QyFpP9DRwz$=oGwbjeEP>@5{0751(qx>Fb`4k?!?(b2#aX_)Zk
zV#U5RQ<gZ#lj<zDG$})N&yT7G{6TdcC_2MA=Oc%#$JfdLP)z}kZGm*uU8))tP->!3
zm2FZp%PBRCK(S<$q5{<$@5D(sKej^Z1I22W2`^C!Y1fgjJD<h3D>HNtLO;g1<@$>_
zP*52<f;oiH<&3)-_OwE+$`>kh)K#aJXSC{ZtA>Eu-m#SOmYSYUEf;m0;>CJUtO69v
zoK{oz596gZQA*X!8op5yx>9=TdL^v}=Neg~W9$nj>dX`WsHsa$@E-OPCpkN$*T|)t
z@@AXV+*52bCE!$>R5-2@y|I$3y2&e{sm8h5GOAM2VyQzf0K7v5d&I|UsYfu00Kug1
z1Y08xI=NgzM-6McucJL5^>(S<R`#=YOEg!7rsmU+>%<=_Qa(0h?p5=qYG{mfL@$Ya
zy|S^G+FYsCPZicm*#{~VT)gB5e)a}TF9s?s*x%g)h4Ou5OJK-qrn=%_n}o*WJ;dE_
zw+Z-flv1ip;hOVI4=Jp+LTdD=@N*8|m)q>!3k_3Fcus8{^u)%Ncb{-sk@Mc6+Q3Qh
zVZOmb5B%X(sIj`brK;7yzmkO74E&cj|J^&pf5HkiHiW8H*0zSi%}ZLC)3U4$4=#*l
z(;Ai=p%sf-8|y1WEv@+1Z)W1IHg07bq2|1N1J5*?LUmQut)Z5h+Ui!xZfFfHu3cV>
z=M<rq+9eI)x=>|Xwb9l<qG~bzBfZsVs9M=-0134=hAL|f{HbL%{~Fu~Ro8`K0sl+g
z2vs#VH#8cpRrqUk`7?DRH1pC)GeRX(Ce1A=oi=Yus0=n#g<*buWpiCsgKc3b)UpB<
z;%`1-Yj`oTalgH>4F*>?;Wj*B1GFz{Y+PDfWmMNTEDqI&SEBt*A>dUjjnG8(7w(}@
zYkg?N;_xbIWee<WsA^`FEp2tJ1|A2s=H^fx#cCSy-<_y$QC(HIIkYGYgN1BtTBTrp
z6CD~-f46QZXGux?o4P@lwl!CUnp&ZszNt275}hmEQQJ`4S{tqt4>gAy7Q^wj8KI?k
zM$xduFQ;xU4uxCr2k-S&;(YjI>a>|t(3gwR^pN0-!p+UA(Df=PLRIxu%}c5p7OfJ6
zQnwMVWJgQ08XKyNrnc4=gZ+e7gIO;@6#a8~t%?3<sam8Qvx@!;g_eiw+R%JF9O4Om
zA`yU&YiVw6T(PJn8eND`iAhwz`24<SNL5+km92PuR+Vjpnntx4i>n$M>kaiZFDvpW
zr?y4(*ne|hSBo%0D6>A)s$-=d|8lPbXAvIQDWmJfXvAx%x{VeizG$T`gmHku5`+&B
zGzJ5w5@QGT(Mb{|A@nwTi~)^DNbpyEBl=f$Xb5K1zzvO+EfPif5=8Rsr?w#^PG<Zr
zrZxmrV+-S^WpOPYFV(gh%i0=SYw`SvJ<wX!jPS9CB}aHu<BBT$vMM8<VYMV&Umuo1
z2+R>E9D+@F?u0lCRfeH|1^T3M1+0a~#Z!pB`fwd=N8=goq0ro!h%<Un9H?DUU0YX$
z;ku-)4q;Ep+NQcy24h#1uCJ=+l!Lg(z-YjK-LlI$k)X}^-vBjhAS6|<NpPtysBKw{
z4yzBhECucGjq0QtJvlVv*J16lbU8<{u{hisrg!ut#CWW4Y@k(`E~HV6Ue0?fnrktq
zg;a+|Y%?ZK3r#93r;dikX857Dr3#Y-3doG993*;LYA`@#Mw0<Zzbe(LCt!LDT+E3N
zJ=xaWjD8EjsbM%RBxXu1R7x0(&Vx^6J{8kw^(sszR9K0jTGa|SO4-P$)_%8V>rh)m
z8w?dAIl$1Li<Y+{zR|GoN*Vceqw~UQLeSPMLfe-#Vj^g1<s8b|;6r=ZON^j%>Xxe6
z88#W1NvoQp@y+mNp_aDF)@F<~!ya#o8r$Fu7UP3c6?@(1rv@1Sh&-$UvL^9Q2ttcn
z8bdXh;@~0iMRV<vnzI&{NSIxG$z1;=zdRcEXVkL?7<Dbc8yYh(Mq4v54Yk%bHe}SH
zo14STTH?>R6yVYve+C9g!J@Ha{TbB|uWhKSZK%rNcxMT$L3%ZS54nD!jf<<IlU<}O
zDj=6swW2?(7?v1WRWu!b3boW>84TH@i(YDlT6_8A(gYU96T^g6)P*anFl8*^R4I|B
zoQPauEknq(VB&z1*2blwx-e(7`bx*lggTWu)eW+eH^O_NHpCy6R(thT`SJuCs}Q3%
z(h^25#_J+1S(wWjs+NRXYnLNXs~hCmH{+N~G^TlU7%Y$UL#Tn)+u;}D0%cDqssu!v
z!;5QI8nWzg_rd?DP)j}LD%7=TWmtL}Ra7B>MTNaWfPonRT}97^8uX;p#u|-_CrujX
z4=ieKY-!;O6&aUY?9a~331$Y<R8-(|M#J!{w>^w<dD$W~t)aTnm|Hp}R5Y>l(wTG1
zri5lrE1ObMG_$lI*rRCTw1RBBV8eqyo1~$Q3hfRk{$Kz;peO8yl!}yxg!fGZp9P3_
zZUpBqPVtCCS-!$X6)d{}3GWn%%#DCND6<)G7!qZ6An|<`>feKemk|Wt2Z(om1b-8d
z2g|+%I1Y(r`7=^H;*f}s0HhxN1{Dv=vz__CDbF8e(mLf|Cn$r&UtrR0<ZnUoU|If#
z(nR1a%O5=AL3!eQiGg+TCyRJcp7;g8$>P7tvk2u2f#bCak>~Fe;Uf{j`J+ZWSeCy|
zq+bea0v@r`A;TXgVjqyjpCaPHvikoX$>MJe@gSc+Fr?-C)3G+6cnNTd^7nsuP@cc(
zGZHxY{Lez|6aJzP52*|I6yTKMOKRr;rXuw~1MwrMf)53rZsYuE7alB2{A%DV%U}J_
zvGgHu?JNH3hmINk4;5wOkoZd=j76ynZ<+92FX97$Ykv+0o@w*TfKRdUyMgnd4f_A(
zsF%O-!GnDMe8*Ve<nu>3c#zNEvC#38ju+<GN354G*ztWW;`4!Po38|(ZS%JP=RrOE
z-3G0nFX8E!{{VO#WT@vDaJ>8|IDh!SZ{z&s0Up#td<t;d83wNX#&7?%9)9~zeN6n|
zAF2fB*Ze%h9^f3q)WZ+pvj8d2PuI0?`OQ2J%KL$z51jH7fa`h-f&0N@*(-tTxLxXy
z;md=gY#Dy@&4Ylr_9wsj=0QN5?-)`izXR7X#*e{y5D?e%&oKv|cmVk<%TLkSWa9dz
zMT!z<8!aS$O3#CB<VV=Luld=t@NptO8jyPUu{96sA)X9KJ^Zej2lWu20Gxb&;LL-3
zey*(NE`D^Z`TTB}^Cso_f+XXFb^RK+_A|em<$O;*Uy>YS<0c%g{gVuwIw;d0xRxIZ
zT*oT^3x+09<|5!QOYmyolWhD^;5^ty;*_V}XKb8h`Ry|gwu@hiYQOPsnEQiI8NRT|
zgL;T_SWyqZ6y-raaq=n8mpgfoPn_eL^8A972kYWjlk<U-uYZ1o^2FN!sfQmJ@*tl$
zN%Hx%A>Y*`-V4fqX5%jbr!4vW%#R0Y;+p`;=O=tRmiUDq56TcP0Hn;V4nFbmHlH8c
z={}7`;920aEbm?TZJ9I%Bo4NbAH!_`PC0&crpq34$nXoTIkrpzUTWn*oy4yJq&@t+
zNca1GEd%}h^oMg4_48X1#wz9cWdslEA<izQ%*DWU9P%Yu`jGs~9rDB}Pd$7Iw%Eq`
zxxpM8=a&UqhA+wL^~FzxI9M-n>ZYDl;3y(^u0w{nwvFEr6xlNCfU_+1@S}qBZ2mUj
zT*An|54fIl_)U`31O5@<JSan4$Jkg*$hz(Ps$vB4SqHyZ;lch|4E!$O<n!%y9^@1M
zIdJmz%iYv(WVWoTZw*%hVzVo-Mq|xYb>U2VLvLgX#l60fDHl|kl`SpcHj-fB?94n{
zXmM3#8!qUZ!}V3&IJMjmW~$t9Wo2{K@^0C@23ED$BG}(9sbU?pL-D?c#j6Re6=oQj
zxFo3OWqYQ2V>VM&D@s<jvOTs&5P18ziB9-GI{c8L`?-Yi;C4oDT}fkCAjd!lPDbYr
z{Bslh&MgDWQ;yR>rcG;ob;#6RgRF?YGzU)pBhTWSHO#Zr$57JxXb<(1$73MZ1INKU
z9-Q{s_5Yh3ha$`5An_OkeHUvbpjj`;QX2xuu^3}%Gv`tJ(0;iDw8ojW{uR&|J8TE-
z(e0=L?x@B%fid!S7MS*-^R5K#)VJYn!zdiC^kG$s=vxL{mjP<*nTf5tqoB^)aF*QN
zbFgF%V+nO=xpg2N#f{(n2U8>FUABWWHuKoOw;|~=K#dJ648u>vK6KuXK|A%ejx~*;
z;87oES*`C8;JOS@;{oUka6H?G&buG9Q{P?CcM1&Z;}oX#y#QR70csprg=J*`F?Hy?
zUxIY%yX7L&cppJYeVk#mzL$ZsOc063o43NxGRG*Ic}#EEP|H31Q#JJ|DJ4U>KOu3M
z)5m_uacS2FWq2G%(l}}SJFmnOaUMGF6X4Ev)YX{MPizOb3A!Esc9a2X#6#ao?mO&5
z>-!3{Q{PJHqa5{}Yv(Zz=yN^RfEw362wE!vtx-ZpcN!IstIHHF9RrbA7gk8w0y*_P
z@f7;OQBdoHXt%@3cN-_WoSCj}7SdkF0EVCovmVD3k1LR@@5sl>)~^D29IDJu1>B5u
zu}yQidJ8FR)9g#mpIRT~c$vH2&YuOyA6D(K=>>qiY?}s|@7C`KG|0Ik)`Ae4JrO-z
zGE$v1M_Tl7Nv}C+MtbycNo$=njB*?<*^EaSF4<r>X+~W1a3NwEqNMaQhGXPlzpsx_
zDh@WDMc;T9eLHC01}FgR4Uar<R{o=)d8yBSVg3$4eOXWXCD8hEp7a6G`k+1UAnD6`
z=Kl?}zMLn`amma0B0$m{SNdRi`8vpEknRB&>PuqE_XVvlg-H)~xR~<%p>AFh-vgZa
z7l7ua?IxQZ1Dcnp%Wb-d`Jm}1%3lgvAJjMREV>f3A7K>>Ncp8_<+q$guK~@=whhol
z`5%JTmtUlLJ4au3k={mm3@Y+T^S7~i`Le_=|14;I(7u<>qW6L3C5Q(;X8AWjbG!a)
z$dcxdXLD<Q*rq=@tNcmO+<xDV7@+(a(0cnw+6TVgHj>7jNc-Cz$0HVbUO2S2r8zt_
zXteSn!FO&ZpY_-#@?3!Tqa$}V^&R#I!|@EkezYOaYt)0X=tC3U*L6Gzlm}Vl*^dLG
zw~@hgJlu;uHv!*yw;80?5q;*PpWx8k#kIMP=c%j;x5KOS?Of3I-R8(`da&#p(ZH}l
z)f7;9V&Hfp2?6yWAaZ-z`Ght4v_NiI^VtOoL>xx#>R~c4c7l2g+J=WSv^f-NLkVKY
zwjbEANc16K<k<(aTa+M**bi7B8zFM2gSXRVoi*(ZEN57a4|U*^9XQtqEmP;fS32-V
z9QYFs{AuF3IN68EMG=P^$s8o8%$w$5h4&?&izg1wwwg~-%?~*E=?;F7`1v^D$V1XN
z*DN!ITy;sU@tL5t{@KLsddr9p!wJWgNLpqwaa*Rz!G}vD{ME$MaKf=3Ny~2_Zri}Q
zPPctC@sT*;xCKe`ZzFE=?;@Uo6OMKyEz?2V-snHz;6F>;wqd6Of06hooN#m^nWKr}
z$7GPS&V3I20CC%f*B$s@iI2w#$0ta->}SMnJ5La|W&TOr)^o}s^NmBsz&vIafPteI
zal0(n6RltV<e^B(1jx7hn*T4M@gVUOC9@cyZ?cN_HXHW=ZnJSeApcE->n(M!v~m6)
z1OHrrWrsrMO`HEu!10i!JpVnQnmA+%A;aJCCq5bYeKuYU{A(L82hQK%r%VO#Oiazh
zYk<$T@jBrDPhEE&c2n850o*)2WC#(JnL-F<N~R1&h$10VhQdpTGKY+rg`y;)GG!<s
zAtVV&$WSU7q9{X%`p)xlUOneO-#(7@uHSogt$VG#_O|zW_PX!u9x3;OkETKnwqYso
zljaHdK4hF_Tg#@q(au8TSD_K-&yzJ3U&Qw1WpHQ9VI588vu@@Z`5M*-%&e2i99F>0
zfp%&B9NS7BhxHV>4c463kU1<Tw;Bsw4{P+<Ni=_!yGdqox0}r`%B<M+CXMs67stFr
zJ`8^#AArv)pFhjpmnkW~n)x#t$H2l`dlf&5ZByVUwP?Sn%=n`;^1EQ&%yK3u&KhSN
zC(axmCu>Quom6;l)Ri;B56kJ`N?C5?^XIfZH1hKzep${1SHvG2Y?I@@Ysp8m;TUB8
zY{oI)+%_NbZ^M6MK7Yz8Ewil60GWk#SjvVuEFN=2=1)+p%E35)PAioCMw{i(W_vUK
zQ({gztobt=^Z5~7g2plMK_}?*{63gD4Y005^PI>Dc>z4yVqs1%ta-h}9GrqgC+PFP
zo8mZ>WORZ)Z@CS(9ga2sZE)LMa%?+Daqf<eZD%r$ZTau+eR&(!OUxVOEm&`oKfwBu
z%x$mByj958jBV1K+9lfWBJ-9Y=V)P^w+-jZy!FRxM8-Lv$r>8Zr5M_#<GE~5oadO1
z=fVkCxGf(Clv7$x(C1;|tSe}fuN@ung4mAR@)jcJH{pIOAcs!K58!c+;#K5`bBYvh
zTMbKFndhX7%v+9QEk04^XW^?f_EjJGbUepdiZ?=>j_0^e@urB=3HmPP#3($5sd!G`
z(gl%##~+IGc&^Bt>*QY=`)z|b9sA|AH{%@;r(?f&GLAg9Q%2@QCKb#L%uQ&t(*yZ*
zwEu+Sy%DFQ{l1Ljw=O;g(M4}~IF0@CmgyK8Z4SVHq7&}Ckuy>8A^5*^v^j(Ed^d95
zP!9i%(DB-R#W>pMdE@LI@f=Sme-!fR_;;Eb|8SYZTe6vH9M3r9&<Xk;ze72Nux4Em
z=JR%LMOx3Rs^Z+XzszIcY!7h^bInU=>}w+O={TMp$~lJhH!^SM9x!LY-;`{Vw{vsK
zyoJkYBN*qc-BL8#pNjVBcrG=SQxEILat5rQm3v~{UFL1)=V?91f##Q#!{@s|=JVZZ
z{#xdH?0Xu=Geb@&3E+`{Yx6ii*~~>{-bOAfGrzLAsmxo-Ps(kuW(^m%$=l8^(mH-l
zKF>Ihd4<elTWj7Vb6<z#AF=*f=51%zf?+$nHGNs;E$Dw_wx2p}(tb10+HZN8=c*Qs
zb21D0bi4=ZD~GqK8_R5SL>Oz{s%D$KeZ7E2J9CgjC)@+z@riP{uN}&nhd3SkVi|b0
z!&}+sWtL!1jsMShCak&8y!Fk3>2x)$S&W_gU5Pg7`1e~^@zsda5pTsfw&ktncFI|Y
z96CYQ>MVcG9Nw~?DDxKgG?}--SIE5Gy}`VL#_?=Gn{>jx03Jt_a|-L^x_(QGbt;+H
zcnLC(?IyVm;?-roPadMt{$@GOAq$4{n0bqvmBGV9WnL?ew)kswQ63pyBf7{9Z?X7x
zi+^qLeHK4r@f5li<#A%TN#ZfkIc5GXS;yk6R?Xw&d!rYP=d}&_bUd%|itj+2j?a);
zjAPrkux9CMnz!8d(`aWm^6ALGq8#3S|3_vO=L}f5EpNYPl6hPHW{ck;^R|2mnYY<F
z&nUO$E&6*bUQy=l`r0yUBt0tgTKzG3JC3D|%v<`bNX<4!WBszsE(YUiy<Srk=fB6r
zGH><olzGngnSYdd{eMj6ZTzb;Z}nfdcpChF9s|1uG?v+BVnt!Z=?;qXHvThoWd!l)
zX7N6>j(M2ke61&&SrM4~8i#FH(|GNU$q7~1BA%DxC*^o=?A5mXd*q1B-@=c{>`HLO
z;>k1J*cZDJWRTf@DH{7dBggkbGv%;bK`-T;Lk=CsHe5LyupVcAl}4KvkWa_^aFue{
zg<-YKZP%Ll|9MW>RbiLRbN-$D6V|`Ve7=|HQb@pqMU}ZNAG!256uUwcklD^%av7}e
zqwh{kPd1pwF<-|2rQ<w|W*lv@i^OzVuj!lSdCFlI3D)<DoaKs-Lz}E)%yxJThiL5U
znjGiztm4V=KA{uz8^twk%dQ#8`L`b0VVjv~9Zxokvl21e=WiQywBLpCg4hs`=akQL
z*w^BN=@K_`SXnrZd78W(>o;X)t&`dHBe760_M091rQ^N2hdEVmw7H+wF|dwpw12C)
zpv>+e<!NnOoz}5Eq@2BIwwcV&*rzPsMdmsGpWFxQ!7}qlTh0V|8rE;nrEVNE3+Kka
z@%NO&zpqzV&PBz!FLqPm^J2FY)@!5rZ@;k2oHFKnW&YjGTBpos8xPSqpZvXuPN;t4
zcvujYIqb&5GMqHKvGk&m&)=))_*-l!<2r9+Xr2ElG;j9f@j6{Ck;&%LXp?`le<t&o
z_sgvP#wB~j8~MM`+V)Rc?f*ri9d@fp!QTY*Ud^Q62P)t=v&ih~!jhZJXIGjcGIQ>f
z^I^^39hk!|Gc{-(e?3~q@ThXQZC9CHZ^qL)=4rI@-=WpcVvF;)4DO5Ff7Z(UO@lRo
z<C@`HTF>jCa@bXe#b&uJU-wHg&*8u3RQzouC%#vaL&xitjd8tR`DvZcyJ#IJr(2HW
zuR^08{vJuk-(s~H*ReG)zepFt!QjEtp0Tg7^aD5IlP&(H`8~SEjhs~$|BTkYw$uD$
zACFyhu^ZlJIY-RL&8!*7^Tu;^r(6c>^0f9_$IQB!@fqHl*0vqxZdmuB^>3M#G~+!m
zhOTzw*jP0);<M?yZ^Ze(H{){`9~FteAJO>FiA!>rk6c)iW50al#S-`0^P71J7*B~c
z4~52`WQo6tu+1tkmuRyZtu|}H%;!0&XKo}vg>`cp?J$Q+w9|%GI~`!QGY;!6<{t6{
ztkGp8F=rCiLuj-)9BVGo<|tZivMsi`7i(@4o+0nY`Yrho*6+zbW4(+<`zx{L678?1
z)&4r>!2Gwo(Y#GYSCeGB<Oc8o8f_lNnoG2KlvbO^V7AGBo2Sg@<mrh2CC`NUdn?=I
z@2gy*P5$;8ZSuR8ZSwt>!_41a8NUTfK{+?ff2(Y>9M)W-O+L?PvkG&N+Y}4$O^55s
z%@F53YQ~?y(ws({EwSbjZMLED-}&gk9C!d0{(czlArD5puRIhULZi*$SaXRsN74B2
ze2ilb%)S7V%roQ_h|i(X&OEHSL^}&<wX=vhF#8OAU|ubsK>Snr6ugZ_n>(=P5^e6L
z@!$E_%N&^f4!$!VmGdBeLcR_DUFOWg7ihG98EY=l{xw?dC&QZUvmXPCM22~9oc<r;
zTyyCO=cUnRKCHP!n}ujBe6Y_J^LcGn(p*knfp}$k4P2K-o1A-^OSIXD#=-~RLu`}R
zJbbT&+sI82?<BW@d(&vMAJ$x=O}=lU%^}Re!af-z%;V%Y5uYNz1<#_<<{YfKM4R(y
zEPO1)nr*UQ$71tJc`f2=<xk+vG}_#THJ4~}2aSb~-B`0t_66Z@x#7d|Ux;%k3gcJc
zUuDirdVxm!m$Bv&?O&s@BtGyOa9j2*;cvX*jPi8EIa4;{GvV9i1#lr6?H9wEOSE5t
zR{N!y1GBG6d2<!{4#aE91>uL}5^z%*?Kj7oOSIpTR{L$31GDeT(`LS>8J~`LFL@?B
zghreEEtyNSIf_=B<Cp{IONY+{Gk-&7yddJ7fSc_s!kSC8!}oo(vywT;XTO<`%^T$6
zh<`4Zgm=oE@a_PO_77vtCE7nq>o|`w2WCH<Q|5E>QpB&(XeSx|U2utZQqgKB9n5yv
ze<zcf6KOMk7V$jtA8-MgQ^A#>(SB*HxkUTrXtiH~IWYSJ-EXcX7e~A)jdq%2%_Z7t
zNvj?H+h#lLNA$G0tNbbAz2uGXi}L625E|_d$C^vDKZ;iS<Cp^%%81w9JVP#u_<Xq{
zyog4d%dqAWZLXx%=4$4^iG7#Mo8?lO@msK59^Nb0h7ZY)!pCUri}$y=#J<kZ+SfVe
z!0Z=w(R@uli+DzSF0dWm2jCLzWT(|mF6O}OKgF4!!-Ztl{4Os42v?xdW)-ZtM4Q!U
zwONZfF#BNf{z15r+zD~kRcE{>+<``$ow4Q;ZFZ&AW)J4T?8nu|JV5>zaePcAOO9jY
z120*!<T(<V*aI@mP&hZO_Iaz7?emczOLAU3<52`l<d-$`&zp!>H`g^cG`BK$Fn2Nc
zHV-wwZ05CV?03F-nR%y~*Rqj+!hFH}uQ?;H8Fb!qn{PMYW#;u><ny{V{DhhP2P4it
zf?@U>48Lz?Ka+@mX5M8!Waf2I<exVu!|NIGOlDr!Mx1?C!o1HLPP``3d1z&E-rJ3w
zKIWn3_st)fKQr$$qhR8HZDuwXHJ3F%V1C%#%-r5Q#r&rEBlBnGUFJh(-VcrEe%@RN
zpE(h~$NYe~zWE7rM>9XqqaA*RhhH(jW?o=U{2bQnwb9}`&HRjwHWNQrmCw)5h^N5k
zNjS5apN$dc=V7>_xsJKD`I0#WKBQvX%;vo2JIyuCoQgfRZDr;J>=Ebi*zg<X_sy%#
zoOe9(_n3b$pD|xCr@=K=Y@0a0y3S`li<dN4GS@LTHMcc)H}^MhGVd~{!L?c(Pd0Nm
zb3gMi^LX=2bK+FWdR|K{zSjJ?`5W^O=F?{0PmJTd#az%_%3Rr8$K1r+#oWitdyBEJ
zSIi%pKR0t|ZRBUiwOTlF=3bqLM=hQ>t*qiNS$w8>t$CmMUo-F1#lG&P@%hL{B{;s9
z8#0dHX!&SmZfE(=ng^SC&yMZzH>Y<j{+{9;5dXyDyiXVXd-q!Wd-GY#xoGi!X`Pb{
zxDbiw!ajaHhH=<e;smaGF2yXTGOcZETbvWGa@)PwwhiOj_G!!SVevucSIw`}I=AdY
z82kFz;-A3WR|R~RZnK<kXzlla#ecT=NsFJi_+^Wy#Qm>mCmpTld$Yy!n~Tso=Bnlz
zFpqO8j<d1lw=lOicc#@&SD4%KTH^)FdC5G|^2b{KG>gAO<1>+uMHc_ayvO{D`3kM)
zo;b;>jx8mwg?Vh*vGD$2oU6j-vgQi3wykb{+}r|Yn@zE>A7`}L-Eu~lc|Vc){2gV6
z<<GX9x0EvlIZG^Oh2?Nw)i^)fExy-$g4TKX!{QfV9s_@`%YeUU;+Qkji1AU(T;1Hz
z+yrJj{JpLn<9ZJ#PHw7pIJ+rx_<Kn|%Na;3XFRRfdaA|WFt0LmQc|{=3)f297}tKk
zHt)0igUWA&{1cXQ&V14G)8KENIG&8Ojx(qEPFm--l*P-!JU0GzQkQWZTLa5^-29BW
zKdtjH)Z$~zye}EYvy|2`tg-ldn8(21QT8&fV>o8!+)@$eA9CTF%$z$a;st5#>u!tl
z9%tn69%VRjB24`4$OrFD#xV~uPd9VUsmR%DK2FDb*y5Z|kk7FZt}zpEPc8PF$6VaZ
ze#_BLWs6s{_`?=|!raN+$DBB!D2{`VDHi9w%s8G8%p1&GXq_M4H;iLToTO51a-zqG
zU$kxirsF+{Ho_&%walC$GIIKxr<)g>KY)2|`MWOX3XJFSh51{{KSS#^;!K9IufJio
z!{2hV;_v=wC!e{rnfLf&+lS0;%+Ju;7w_vu{tGbo#ou@*Fs^g>rkP{sBmRkb6RkGC
zviM>1Y4bT6&yA0i*e=@4W-eeZM(g#eYHn)oZXRWxYhFQP;bXnUH^F@F{Qa5Z{^NK~
znlGEL(^&XOhx^8npVM5}T+UpP*0!}QUXRu}X=(9i&Hc?oX`Pel=EdgE&4<kA%xP~)
zI-YE_+RO>_obWgE5{&EpP{#7BSiHK$>s!2~`5ALR^FUhXWR%5Up>;f~%-hVzXl;Ae
z;^*PS*A&N}K3CH5-$W}vx5aO__?;H7Xs%;^%-n)jn@?N(8CtLDAd3&D^}J@7KQ-^7
z)#g5nAB6e5cwgWb%Q;8uHTuV#5kDqI{8sZFw2rM9t$mfXoSNpkw2t{v^E0%*b9-2P
zsKrNGd^)Xty<zdWFrOFiQ><oO&t<FmOFGVp#SdBhxWzA+Q{0-=W)^b}T5aZ~^&In?
z3&T9N7C5%MEx#hI<E&?HNUNRZ=Dy~swD$YD#ovUvFWygC#kksEWBFSwzMa;-zA>LL
zpEIYz7@)|{WWJr&@!V<gk}!{l_ho7_uH$K9Zg1{P>v#s4r<&K&+E@O(Np50pO{<-D
zaN>Idf0y@TT*olVJjwE>(Ry#sx11&B6_&Hk;#<r+&HK$q&8N)gY3-K-u;MsV(~93@
z@mtKd(|W#D%`MIS%wx@O(mJ2-S$ql1^TvBsn;F-6+iU*Ge9nB4)-k8OJ!#t<<~+2H
zxs16Mt>bBE@g^{jhxfL+Fs|e2YaU@9L#v%>7Ju9Pf%#MOW?I|sviM$$|6uXo%zs+W
zb&IFKn5}3t6RqRVX7SrBUVzs5DFXAkkH_EEr7XXS<y2D+$3NDyoK}|8)^d6>u48!K
za)z5nDgSo-%{s&KXIst!^JnH0=G6I;p37b4yJ@{os?s{1I_5^^$1K0K#XFh1(mHQ_
z%%jbd%?r(&%-@^;G3U*n)P8AmO>;-{X!C6I3iB7{6Xui!lJ=F~T;AN++=15ncBpxg
zd4=VF1oM5xd%IsTuJeDy{1dG<f3x`C=JW-Vw#`PTNS64>3A6ptXupW%lropI{0f#|
z-Etl>H!(M-wXe43KIZY}x#o4|E#~jcm(3{(C7p*%wDy}7=5ypd>!OV79Nuew(A?DA
z-aOJgj@CJ!Zt(@?Rp#}yj%O3h<LQ9k81`7sA@fno|K0p2%x#Bb+Z2V9o(soi#`DTT
zYhSmTOPlMMJDP`>r<xa=H=2JlXDgDl-;(A=w9Zvqb6@i?^F;Hz=A-7*w4UQxnCFCj
z2~rnDT(2+t+lF(~I)*|PzsFq7{GjDGvUnSF7h1>Ajn?PnK+Ac_;$tm7)jZogmsXn}
zm{-wie~absG=F0`hb{gitv0Wka}-O8=cd(uIrIIr&S!0NLvwRl?YE@WPFKt6X*vDP
zlg*3GADXwDzc-&S|7}inXVUTHG8Z@3Ha9f4H}^5W0P{U|Gk#kd%ec<TL|X5w*DXGW
z);U>g-e>;RocgY${Cwsz=DOym%rBa!ncp=pH*Yl`F<&rWH|HvzbZn(*J>SX}e*jMW
zOv7vc7~?uW9n8JWFVJddxW%WMXIjoYi@$5}l@|Y));Zr~K5V{d&RilXzo7X(^TXz+
z%>B&c%<q^tn7^j=d=FdvD9rQ5{zaD<*Lh1_GRfJ^1<hs5514Dw+E+u1w>Eb(_csrx
zbq+_-`nNp8a%Nl3`{t!EpGyn;{`aZnZ?>GB=9A`hcPH()fVqyjo%wn5B=bUA&wZtN
zr}?z`4|A$gN!uov^O?(-A2zo&k1)Sx-eBHp=7ku~8y~5#gcHn}&G>omza0GO|DW;p
z`Ol@z_n9l3YnW@Bo10sj+nYO?yPKag4>gZ4k26m+PdC4Ae$TwbyvqEsd4qYgd7t^9
z`IPxL^Ck0DbNb{-=Q)!(yE&Kn4s(ogKy!&x8^mi}(Q>MpYnfSJFY;TMW1Irp>}K)a
z=6>c`<~e4LHHh|OtO46xVR7EKj-1cUUz%B?DRTCkzc>G6K5ag0zGS{?&VYX_(f&>5
z9A@^li=2FBjw6V8adRp2z2-{h`eydii*`89B>begotgEiBBz_Vr@6nG<4hv|W%C&G
zB=a=$0yFyrMmx*RADTZgZ!~kfKy1tL0^vjEAI!g-|1@LnyZ^S0{{MVmWwdw}^DSnM
zKZ*U8G_xj5#4DJqnAt}$avGXjo7<VYn7f&KoBNqZn#Y<an^{LDj$yX>E%OR9`$k6o
zR`YiA*XD1{?86`1vJZdwteO2MBYxHVkC`=RA_sFF{^#hQ&)1GMXCj9+XTt1<8D{;N
zaP-ONwzVu?*WAL~+8q7xxosDV_b~T1zib|3o@t(KPV8fk_bVUEEdG&st$CAqtNDQW
zu$fb$#CbSjK5IU2PMJC>Kdt#Db2js>=G)D8o9{8R?`Ry){pJVF(SM%j<Oz#M|9Qrr
zws;qFKXdexXZ|pYk2Fs(Pcgr3USM8gUT$7vUT@xM-eW#!X8oTyC%>3anJ=5KnNy}o
z+BU8ECNpaXMf<m!Z#Ne<voCJs-($Yle80K6xq-Q{`Dt?(b3gL{^Dy&B^91u0^V?>Q
z-HPL1VqR`uV_t9GX=dNxXy-fg5%Vu*)<24T_8AUeH>XOQ6i;W)YR+LUV!q2<#$4W9
z)m+2e#N5pMl)1gRtGS1{ubKUm<2epDk214HW#mjT&oa+3e_&o^X1%6pXQO$WnYEiD
z=dk&x`Gonj`GWbfIeogMHd*T_+RtvzWzKIdY-SCp*tU|ny7@tK19M|@Tl3Rq)@h3N
zdzfD^4>YsycjQktvmbcGXPf7n-!*@1{>020Q_;?DGi!=Q{IL0F^9l1M^Hp=o^hxcc
zHM2fdw4cqK$9#vmi1{va8FP7aRdWq<V>4@B#WA!rv({C_pEEyi9%yDi_Q)S)9%r6q
zo?~8Me&5WRTG8f4^EUGi^Ec-G=2Pb1%oog;&HtKHW=J}QY-ZNuietOYoZrkbmXTA!
zT-98|T+iIV+|=CM{EWG~xsUk;^AI!ZVa2h%YJSbkx?qtr-@M4Y%>1#L(|E<UJIuSy
z2h4}fKbudOFPX2JS&uCCmD-%qoW-2me4Ckd$)cUo=4$3z<|gK5=GJD8eTX)nF?Tl)
zGQVVg%RJw_$h^$F+RVNVvELo$-RAw~L*}2%$IX|`*UTw1ChaS&ImT1)nl_uo+3z8a
zjbkgqrOai`51Q+l8=0G$TbbLMIsPK{)!RJ4Jj6WGJk~tbJj1-e{Jwdu`BU@f<}b~A
z%=^s0m`|BGb|aqGH8aO?L_DoIvzcQ$BB!9asJXWJAv4Ex#I}!_JDHy~KWBd4JkUJU
z9Ai58{+VF$H_UU*@0u5zSDINbE{=JVnf2)+{;iqy;v#<3e9U~>eAfJrnYFv4o%H5R
z=ImyUD~bI4W{xq5csVo2m_)pqxt6)UxsjPQ!(-bg&F#&d%+H%&G{0ni**xCN`ggIf
z7@xw|cfQ3JnU|SAGOsm%W&YZHz<k*JvzcRC;&`r@ubWvrJ#x~SZ!zaF7cdtwmo%3#
zS2Nc#vmSfwm*Zu^&CM;%F-C^x^M4j+UB1}1zxgHe%jOB@DdyMA98(i*zGHsR9OG+v
zJfB#6i}?%l0rO$=Y4ch0CG%A?YYfD(r8Z|a-)v^hz{tPdT-eNUI+0V^{D8T(nRNvt
zzp?o-GiwY+PJ1)Q@<hD5d5D?)S|Vqxd4ic^d?IJAdAa#R^G5R)^8xc=^UvlJ=5yu?
z=D*GVn$zK4ZX9Pu^Uda4%p6Y?`320y&85uM%@3OEn;V&*Ft;-IHTO5aWPaKFig}Xx
zZSw;267zEN$L3GWyUgF151PL>v%X@Sw^Qc7&HtLypbtmnXE0|q=P(yFbIeq1%lRI{
z_nB*(A2PQvw>Eb(_cRYQvz}w@Ynpkcd9`_+`7`t9=AGs}=40lQ=CkJW=G5pT5XY9@
zoW-2ooX32JnKc`uo$_YZY>ap{a~<=;=2qsm=FaA>=3eH$=F#R?%u~%X%yZ21%!|y+
z%p5xw&ug>!OEc?3Mh@#kh7X#5GP71><os^_)0_hRGa@IA`6hEV^R4FF&3BvcF;_BI
zHP<$C{8}6X`-_BGqcZ%oxr@1{nPc1{f1r7&d6IdWnRP5<+qcZ`nU|P9GOso7Fz+_+
zHy<(|GoLh{HJ>-9LVuPx&UEI?=9|rV%y*cJnv0t&n;$UOHa}#3()^T}WAx%UpED0K
zzhoY7o@{=@%<+BE<}&k2^G5R)^S9>j%)gocFkdlq3}Eax6*}C6IUX>a%gnibBVNp0
z!d$^z#mupRv26o$J99^KH*-&OKl1?dc=KfQO!I8>Jo7^H8uNPdR`YiA9`io)FXmHb
zj$4fLaKW5XWBqu&&GC$pli7T;xuChIxs<uAxu&^}`4RJ@<|oZhnR}RfoBNvwn_o7M
zF;6m2GtV;5F)uZ*Ft0JMH*Yb2Vcu=tYd&QD!Th`VPxBS?b#rQrTa4F^V>ZJary0J@
zT*zF^T*h49T-*GRxv`n!I%8k0&F##+%ze#+&BM%N%;U|o&2O2PnOB;(n7=UZHt#hb
zGXG#cVLomC(|pOC2IDB>oMbR(HRmuFG2dk_V=iy5YOZ0fXKrAA+}y(4*8H@&yZJfu
zFf+%f#&aBRo@}0Jo^76IUT9uwUSZy3=J?jw@3-df%qPuf%-7Ay(a|&7$!g~K)`)X_
zYdD{|sJXbgin*G(j`?A8Q!~fC#=bh4pEdV44>pfAPcXl2USM8gUT*%_{E2y&nPX<-
zI1ie?H~(TjW&YdzuQ?6Iw?>;8%vsGj%tg(`&6Uhm%@3OEnVXwinx8fQ&-}dkMe}I$
zE9N)MbIl)^SDCk(x0{cfe>JDV_}Msb>C7d}rOj2%HOvp28=5($INFaf#k^+dV)1U~
z-e!(Fj%~-7$D29sIC5s1=a}c2KQyl~Z!~i}a<sYEe87CdeA@h{`I4FAk)zG@<}Bvy
z=7Q#;=F;YJ<_FF7%#F-V%}<)2GIugRYwm9zY<}51#{9aOW2NJ{$M|Tz2bNp>WAi8G
zUFL7h977##9ykAH{==LMV~Qg`m6`JdMm)1Qr}<WMesf`S33F+44RdXC19M~Z6XsUt
zZswlme&zw@VdjzM3Fawgj_;21u)w^;yxjb;`4jUN^B3mbW{wAseH}I*HJ>n_HeWDb
zHmAKKsZGvF676%GcsQq-W5y$%-(1XG!d%vTpE<^l^Zi`Q;!VuW%ukuyo1ZavH}^5W
zU><57VV-85X@1K*-@M4Y%)HvX&djmuao#>R?=pX5K4|{leBAu2`A_pDbDDff`^{j^
zYR+NKYtCmbW-ei_Vy<ScYp!o@Vs2(`ZEk0N*8D&7^X3=Lqs_0FXP9T1-!?BWFEKAS
zZ!~W)?=bH+?>8SZ|7!l-e93&(oFRYG>v)qnhdH-7pSh5^xVe=1UUMaLb@PMfX67f&
z?aZu85byc!=I6{Wng^Ljm|4>x+L>gYW}a_;*ZhHbm3f_cgL#{IhxxGisQIM%jQPCz
zFLSa2NzWyfIl-LSe2Y1cxq!Kdxs<uAxsti6xwiQsa|?58^V8-o<{swW=Kkiv=9kT5
z%#+O1%=63(%}dR!H4*QVHRknZ)}4r)ugyoz$INHU=gfbZS(_r-OemP-%;u;~kqnPp
zEuP<8*nFS4vbl!2wz+}1vAMmulexS3Ir9tVf#wP3DdyMAZ<v>vSDM$FKQ-?(?=iDJ
zMx5It<}>DV=D*B;n==$jYUd_%4s&jEK64>6>ukjFR5DjLv;Icp)HgRWw=;J%cQf}i
z4>PlNN3=iQJlQ<cJlnj~yu!T3%=#YD{uc8WX4dzJoFB}`&A*zX)(7AJmn@#9a8f%N
z%-PI2%|*<2nah~Vn`@ctnj4y%nA@2<n!A~Mn){gtn1`81n#Y?bn`fG5n-`gvnLjeG
zHE%L+H6Jh^He)DB;yj~#UC`a*zwz?8W%u9f%l{Uybt*Hu&;J)km&X6hb|T-~$!BrA
z1^&w^W-ehaZ7yf7X0BzfYp!o@Zf<FAWA0$?VeW12XC7c4WgcgqXr5}GVV-4PXkKJq
zW?pGtZC+>IVBT!rZQg4>U_NX<YCdK@XTD&*Y`$hrmOSaTPG!zw&TjVc=6Nk%%v{1;
z+FZ{3|BXGbYdQ7Jjm%BW&CM;%ZOk3aoy}d%J<Pq$L(Id?qs-&X6U|f2GtB?rxcGUN
zv(UWAyxP3ZyurNLyxY9je87CzeAIl*eA0Zze9nBq%(-deb0(EJojId9i<x!dW7}Nj
zyk?FikNP1TKb{Q>A3J3X>q@p)#!!c32W50iO?Fg9SFL2n<?Qeo8J8x>IIf&+7J)h6
z9DOJJk6aE;mGVZs5}ZM90CS8v^Bck(V@^K`b6!KbC0tN$3*Ra8bFP%!4dxtk%<lzP
zmixff<w0;Ac{toa=I2}!c?$f5JRN>Yo(VrA&w_i(n_!MT=YF@rgJgat4VRC=W8@#;
ziSo}d$DwoE<M1r`Bs^C>19QGP=A4C>$bZ0`V~+9j@EZ9Nyg|MWbF4aZlHt9!Lrw$l
zlM`T$NoUSY@UL<f_=21bzAEQ}Sqz2wdEm5iAvlv<0lwLsTds^a$ER~!&VO21=A2Q*
z<yvqVxh{O4+yLfSb#B`bt|>nX*OMQE8_Jw->M@z0b5F`o!ENRCa3{GV+)ZZPj=pkt
zc&OY19xFcwbDlUJPak-?JOJhxcE$(6Z_E5#d`}(&b38k9_?h>iJQH3gzYcReJ9FNG
zx5@Ki&SAv(0(h_dE__gaA3iEChL6ij;WIMlDg9Gk31603N8}%wpOL9j-`LkyID@<o
z&LZ>kFQ@!7oL4>$7m)e+S4=(&bNoAx{|~sF%+JC~GV6<Q{y65azDRBP8eCug2YyuM
z=UQ_)CH$0}7Uo!Zw!_cJXJytP=_%)d`^x#@p>jcZtXvqLCKrV{KPcP03(LE5X?U4j
z0scs?1b-q|gFlmNz+cF<;9YW4_*?l&_>lY*{G;3!J|TC2f0Mhy=j9&o6`6B(a86Jj
z^Dr!_aiL6)!jd45g|o`z;alV>@NM!exS%{2=2&>PGapMSc>&C^@QlBUrHZ@^t|700
z>&l!D?Gbq$+*IBKw~#l(ZRD+RNBIl5tNa!GoV*L>*m)kq*H{M0-@+s01Mpb+7(7Wn
z4RhX8ZhIEXZ21qE<LDW`faP8J8oX3y4V6`L0=!nv1aFkH!k^2z;IHKT@HaBQ>o}&K
z`zj1`?k&0~%rW&ezXMOpCE!2ga`0a=zXLhGp85B~De)ywbH2FrGQS%$%Qaz+uV>DK
za2}c8nfc{<a8a3cTsWT>^BcisWqyBhZZF39{aH=!3fGo<!S&@n@S}2HxViiy+*%$A
zcaTTI&&d2P<rsYKi{GWs%df)&<$3Thc^N!fUIlXuKDS*BPm}pw`ntRheoI~tFOc~i
zyI9@^uaLijKbCjHpUQjSE%ILYOPSxpU&{yJ{qjNhh<pV8S>|{3Dfu_}y!;1zUA_pX
zO?TsYCC6uZRyie{M=k_&3_hQG5xA6G46Z2O1wSCOmJG+>GoRnj56fj?j=^WVJlss?
z_jW6}3fw`i4nHF|f;k?a+ctxrmsxLSfZPgxNp1s=lH0)?r_XIWz*FUp@N05+c#hly
zen;*HFOvJi%jH4vYIz8}UVaJQEDwjb%cEe9-{&!~p3Oda9L(|ijE{$Zk|)9^<;n2x
z@>KYO%<Bk_<>$7q!O1W-oSqM-k=MW(<*hKs@-v6m2)D`G;X?8^FvssR=MY?4J_g?_
z^BSRw{2R>i`^;x8oVqf<{~wVv!cApf3$R8%^K-)-%TMQlJIc4gUFCW($M`enVYr{%
z03IYahKI{d;W6^#@I;y4`LD{YV2<}^oBVE{E586Ql!w5a7nwOD;8pT0c&*IZHXQrU
zocS>4!lM_!U&-&m9Q)7sBKSL*^>2QVc`fjZyc*^_dd&Y6<~+*uCYbXm(_7)|@|Q5{
z05HB6PA?yWGs_p?9P)KIkIe6R)&$_T$?@4=R89$(l+(jyWq$uxlvx+&0XYZ!pv>>~
zhh=`ZH<qiy&E#5eTe&vOc>s9~{GMlh0J=UrSmt;BXqod^PLUslXUk8(3uJ!(e;~Jm
zKa%<V&$0h(zbE{e{5<@HJP_U`zXX3PbKaRlGQa14l;46`2Y_v|Ue0gwd+>RAF?>Z{
z26OI0=C6QR6M+5@PLNqgCx`q6e22{M|2yTc;j%KX1@4#k!F6O_7c`cCgrAg8!B5M)
zF5tX}Jcf&KPx&(3SH21ll&`^@50Uw-yE8`41W%On!mrA_7MLX$gy+hI;e|5m@hp+=
zhF8k0&9g>kZJrHs1$e7m8D<Ru9?$*o9{C~ofZPz~+>6ZNe4)qWcJQw<>-3zHhr*X+
zUJJ0E0Jj|hr^tB2tj&{79s{$U0CUE{+2yJ5tun6>^2xK|BJzB=gv{%Od*r2X1$hHp
zRsIaFCG#4Ab31asdtlZapm|;JxcoibQa%p1lh44N<=^36@;R9EKeC-m@F@8TJYG(X
z?;O?{U`{&tH8}%3M`n$mcjPSaBAIjIESGs5v05$zub0cho8>C-cDWk7TYdy){Q(}s
z<M3g*IsB8{20kgXuFvmscld(LYl^G#b8xauH`?qCr;&NBkx}jkXOjoPx#S`6?K0<v
zEhLYCOUYy5iZZW9YRYfH4dexIGx<Zft<0K0tXIJ2`x)Fv-U<(v55c45qwo~@6#SZe
z7M>&j3v&)iw#nK*oP(0i3NM#$hFO<@@m%nFxfr}zW{scia#?t{%z8ij<on>m^8N5n
za&`EmTnqkPZUkSDo4{9P)&xq19~yZ)ypBjC^Ex7<+z!qrcZON7fcd<p;2axtces$;
z7rsj#0GF1B!j)uRU$Axox19vnmU&IV+69cyh98v|!Oi8>aBF!D+(F&|KO=90d&s<Y
zU>yUtxfdQF^V(sUd=%z9o6I=_PmnLd(_~&Rye?mXS<`^|f5Qu8))QJRr@;3T=ig*b
zYWQP0BmAkH8{Q(bhR~NXuNPR~fZLXW_seDABXW6|^$nPFAACx#2A`E#bBJ?yGN%sw
zxBL*CJoAlseK@WB2%JggwZ_eI6F9fbx<q%#Pr`-e)^KsT4a~X++;4mMKKW_*ez_A|
zQ)W%0dU7wAH4wNhYZpBxvqsUA^4oA*ne~b~$-HLiCcg{!lHZ44ke9-PWnR~ekhjBQ
z<s<MU`8YgXJ_XN~&%kfXzr*j!=isICpD^bk<#V|Pua*CSH_EJO^tqf1{z}dRe<K%x
zzmv<uKgg_C^ov{rX8i>2t2X?HTo3+Bt`A?Ao5Lxy+{o_;r<Xg!te?PkSjQ-b+!f9v
z_ki=uqv4|RB)Fu^YZlIJ%68s`E6ThcVJ!v5KZGBYS;y#Mc?-;13e5Q&ZYF;Lx01hv
zSxbRAoFlr6{5AYP`8&9e`~%GSQknlF%=uDjUcZc#Pr$Fp7vL!}>mkjQuflK2*Wvkc
z8hr1)FK2{5kh8)c$vI)pwaWeGf;Y>oleAqf4)2yr!uw=iv#=%ux2+EUB-eyb%B-LC
zyIdD$O$O%ky5_1}ALjh6j5mhU$W39^WMDk;dPi=7crN)VnDe?ahu1!L$sOU+GHWm0
zEBAvr-z)P6!ZqZV;kq)fi5`*1z)j`pa0~fOxQ)!~nvU`YxU0Mgeoo#3_mf$BX^^}Z
z9xm^P$H=_KnJ6EJUzPuaXUYG-bLCX{{#+>Y`i1oz_#AV?E9LU=8kzH8Z;)Srx61wD
zuVr3$9FRHRHS0OBP0pWnOr8b*D)U<7oXmPimt<adT$6cykpguI*v<wxz04X&nPtws
z#o7+c*#qa5d3{kp=JiD}`3iiu{5M=qz7AKCc}>B2a@l51xQ=`)+(72FLlc>`j#vwV
z`6b~tav8XzTm|kb^LpVq`7yYk+yx#akAR2EtVJ|Nehr=|&xK!=`5it>ejnzXygVL$
zpD&bIqiBiD8bvE*ez&iY*TI~(m)mZDx5}H~9r8|?^(C0I8$KZa2!AghgIRZiImcnn
z?Mw6f{G9w3d`Z3rUz7iZQ`~$bpEZrr$?4&n<ScLwIS0%d6l|aKYUP(p!9`_$pL4!o
z=J5NxtXv7MDD%7h0r>&=LAf@}dKBEYF5Fmd1UHkL!mLxloX6qzGQab?$nD|($xp+5
z<gPI1Ddx6);i2-2@JM+$JYF6Nvt|YJN5ikl{QhUn3dT9d_&f4Mm^CXHpA0XTr@^b`
z8Sr{}F3kEB%%2Bumsvk)x4aN${R-wRh7ZfjVAii-d^vnlUJ0{)1>@`Bi}I&1=S^mO
zJDeOH1n6(!wDNwKwJaDv2xpf${}*dnFn$H*Jj?VoxQNUeOC@ApFR-o!b5g?<<g_sB
zS}>jgt|i|Dv#tf>S>Z-<cKC7mHn^o+1a2qa4|kS17kYP@*9E=hCh&`L3wVgkdBk3p
zyTaq-=itdQuM1|#tg-ZlJPw{GPlj3hg2z7%UM9Z<e<;5VuakK#z`3EBzYyLgzX$J>
z7sGqy)iCQ|FrRaE{Uq;#Ps!iHtb@Uv{qRNkJNTM>2<E)f%sB$5mw$${$gJCRi~K8m
zo6LFL3(6PaJLSu8DVg=0%FEZ`Dl)GlYRV~K*2Lg3q=FmEY2oH_dbqWm6@FUI33rum
zg?q_);TL4qf*LFrfJexM;jwZtc#_O(lj(8^m^CzbY~|p2GOtbEldHn3WY&@TROWTc
z7cy%{?UEmbSx<v)J_a9>dCl^p%z5lj$em!;*<k)N@Oil#%sLy4zX1O$v+h)C)O=uk
zFq|N>?o?Kpb*FBT-+*tE=fDMJUbEaKFNVv=t6|pPVEepIc|iUYt}XLAh4nX>vkh)4
ze+fS+e+9RdS*NPA%sN%w<!|BM@_v}}db7=gFz5BAkH914Gw>_&MR<z*56l`J%ukK)
zx;JHB*UXnWAKClzt?(*2AG}uPb<IYZb*eaTINPiUe<fFezmcoL-^q`_Kgf^4tlhzF
zS-<ME+zI|e?gIZM^ZMnwJPc+X4{rM!oL=U22kUq+z8uai^IC&-JQ)87E-9~v?~_@}
zit~~)XFL3`{1wc49gOo@qq%$(X1xx^d417QJ_C1?e}{X?f5I=wS76re;I_Qh7$IkX
z$I2OD*6v^qYhO*5Z-Hmax#72EUW2?V-v+ae2e;+*$cJ(vc%57c-Xzz6IZrzC>%lwa
zMlfr4Fx~+^DD#@)sQfH^TxPwiGxCct>v(Y6f$(K{F#M1F5}Yd6jT~NIWRRD_S!7-#
z<doOIdF6F*0eLITnjYNOSMc5P9=M$R9b8F13Rja)!L0ScZ8>jReK|e8ADYMsFz0P&
zP8PVW%(_;cWnLHjPtFNHFXw^>%Di4+tq-<y2RvFX08f;8z3{4B2A(BXg6GN)zzbzw
zBP@~Y!>i;+;I(oKc%$4F-X^mS)=s$_%z7X^wtg_@j;DEza8w=uAD4&0XXH^Z>wz%;
z75K6|0p|SjjI(Z53e=#W=fHd<$G_)zgz=~1e|<i&>3=R{E^V%2u4`^;Ze#9h?q?ou
zo@i#j$>@W+(7e*T!MwwKz<kVn&V0?B4*kPoU)jz1%q7h1vl#j8gBWgPW<SD+cQ*Gn
z4>6B3&oIw3FEg(*Z!_;TA2qXIT^!G4b1J+qBF=uo;k@Qz=5pq0=KAL5X7)LYHrdZC
zJiyGpWf7lho?~8QUTtQ7uh@3C`LOw<nf<XMKN<SIgfp7i*DB(L%%#m$%yrF8&27x=
z&lGL;Gqc}s#MwV7%>KP$_UR3;G;c8PFtcw^<R3GiGhZ{OL%)s4&u-3VE@7@<u4QH)
zooJ_}xwE;qnf+!WpZ#FMGtBeM%gpTi8u{$Y5@sLQ@KH1SvPPW!SHtYH8fM>=F#D#4
z*&j8`KB(bpX7)9WIQyD}JD7Wz2bf2hr<&)O*>@z`WFL|6X7g_IVe?5d`+~%_$#5?}
zoY9=iT*zG7%)XkjE&FYR*(WpH#>~DK5odqP@Nn})^DOg1^Gfpu^A7U?^D*-|Gy5^b
zF|Z#)IJ-HYxrCYh4<f&oxskc0xwE;qd5D?)2BOUw=6U92=5^+6=Dp^lX5R0Q_Ai@L
z;T~|rd7nO<*Idk8&dmGqkze1;d+-rwU%oK!wTIbfFU)>=VfM`n&oQ$PUc}k&F3i4m
z;oWBTsf#%K(S_M}E}RVaKEoN!yw4qR_KOR%FI<@Y-@<jx?B^D7-jfdV-gEf>0D{J8
A^8f$<

literal 0
HcmV?d00001

diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
new file mode 100644
index 0000000000..fef6e0378b
--- /dev/null
+++ b/crypto/bigint_impl.h
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_IMPL_HEADER
+#define BIGINT_IMPL_HEADER
+
+/* Maintain a number of precomputed variables when doing reduction */
+#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
+#ifdef CONFIG_BIGINT_CRT
+#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
+#define BIGINT_Q_OFFSET     2    /**< q module offset. */
+#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
+#else
+#define BIGINT_NUM_MODS     1    
+#endif
+
+/* Architecture specific functions for big ints */
+#if defined(CONFIG_INTEGER_8BIT)
+#define COMP_RADIX          256U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */
+typedef uint8_t comp;	        /**< A single precision component. */
+typedef uint16_t long_comp;     /**< A double precision component. */
+typedef int16_t slong_comp;     /**< A signed double precision component. */
+#elif defined(CONFIG_INTEGER_16BIT)
+#define COMP_RADIX          65536U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */
+typedef uint16_t comp;	        /**< A single precision component. */
+typedef uint32_t long_comp;     /**< A double precision component. */
+typedef int32_t slong_comp;     /**< A signed double precision component. */
+#else /* regular 32 bit */
+#ifdef WIN32
+#define COMP_RADIX          4294967296i64         
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
+#else
+#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
+#endif
+#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
+typedef uint32_t comp;	        /**< A single precision component. */
+typedef uint64_t long_comp;     /**< A double precision component. */
+typedef int64_t slong_comp;     /**< A signed double precision component. */
+#endif
+
+/**
+ * @struct  _bigint
+ * @brief A big integer basic object
+ */
+struct _bigint
+{
+    struct _bigint* next;       /**< The next bigint in the cache. */
+    short size;                 /**< The number of components in this bigint. */
+    short max_comps;            /**< The heapsize allocated for this bigint */
+    int refs;                   /**< An internal reference count. */
+    comp* comps;                /**< A ptr to the actual component data */
+};
+
+typedef struct _bigint bigint;  /**< An alias for _bigint */
+
+/**
+ * Maintains the state of the cache, and a number of variables used in 
+ * reduction.
+ */
+typedef struct /**< A big integer "session" context. */
+{
+    bigint *active_list;                    /**< Bigints currently used. */
+    bigint *free_list;                      /**< Bigints not used. */
+    bigint *bi_radix;                       /**< The radix used. */
+    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
+    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
+    comp N0_dash[BIGINT_NUM_MODS];
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
+#endif
+    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
+    bigint **g;                 /**< Used by sliding-window. */
+    int window;                 /**< The size of the sliding window */
+    int active_count;           /**< Number of active bigints. */
+    int free_count;             /**< Number of free bigints. */
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    uint8_t use_classical;      /**< Use classical reduction. */
+#endif
+    uint8_t mod_offset;         /**< The mod offset we are using */
+} BI_CTX;
+
+#ifndef WIN32
+#define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
+#endif
+
+#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
+
+#endif
diff --git a/crypto/crypto.h b/crypto/crypto.h
new file mode 100644
index 0000000000..8a314a3321
--- /dev/null
+++ b/crypto/crypto.h
@@ -0,0 +1,230 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "config.h"
+#include "bigint_impl.h"
+#include "bigint.h"
+
+#ifndef STDCALL
+#define STDCALL
+#endif
+#ifndef EXP_FUNC
+#define EXP_FUNC
+#endif
+
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[AES_IV_SIZE];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    uint8_t x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
+    uint32_t Length_Low;            /* Message length in bits */
+    uint32_t Length_High;           /* Message length in bits */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks */
+} SHA1_CTX;
+
+void SHA1_Init(SHA1_CTX *);
+void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1_Final(uint8_t *digest, SHA1_CTX *);
+
+/**************************************************************************
+ * MD2 declarations 
+ **************************************************************************/
+
+#define MD2_SIZE 16
+
+typedef struct
+{
+    unsigned char cksum[16];    /* checksum of the data block */
+    unsigned char state[48];    /* intermediate digest state */
+    unsigned char buffer[16];   /* data block being processed */
+    int left;                   /* amount of data in buffer */
+} MD2_CTX;
+
+EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
+EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
+EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(void);
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
new file mode 100644
index 0000000000..62eb6fe700
--- /dev/null
+++ b/crypto/crypto_misc.c
@@ -0,0 +1,367 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some misc. routines to help things out
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#include "wincrypt.h"
+#endif
+
+#ifndef WIN32
+static int rng_fd = -1;
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+static HCRYPTPROV gCryptProv;
+#endif
+
+#if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+/* change to processor registers as appropriate */
+#define ENTROPY_POOL_SIZE 32
+#define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)
+#define ENTROPY_COUNTER2 rand()
+static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
+#endif
+
+const char * const unsupported_str = "Error: Feature not supported\n";
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+/** 
+ * Retrieve a file and put it into memory
+ * @return The size of the file, or -1 on failure.
+ */
+int get_file(const char *filename, uint8_t **buf)
+{
+    int total_bytes = 0;
+    int bytes_read = 0; 
+    int filesize;
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE         
+        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
+#endif
+        return -1;
+    }
+
+    /* Win CE doesn't support stat() */
+    fseek(stream, 0, SEEK_END);
+    filesize = ftell(stream);
+    *buf = (uint8_t *)malloc(filesize);
+    fseek(stream, 0, SEEK_SET);
+
+    do
+    {
+        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
+        total_bytes += bytes_read;
+    } while (total_bytes < filesize && bytes_read > 0);
+    
+    fclose(stream);
+    return filesize;
+}
+#endif
+
+/**
+ * Initialise the Random Number Generator engine.
+ * - On Win32 use the platform SDK's crypto engine.
+ * - On Linux use /dev/urandom
+ * - If none of these work then use a custom RNG.
+ */
+EXP_FUNC void STDCALL RNG_initialize()
+{
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    rng_fd = ax_open("/dev/urandom", O_RDONLY);
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    if (!CryptAcquireContext(&gCryptProv, 
+                      NULL, NULL, PROV_RSA_FULL, 0))
+    {
+        if (GetLastError() == NTE_BAD_KEYSET &&
+                !CryptAcquireContext(&gCryptProv, 
+                       NULL, 
+                       NULL, 
+                       PROV_RSA_FULL, 
+                       CRYPT_NEWKEYSET))
+        {
+            printf("CryptoLib: %x\n", unsupported_str, GetLastError());
+            exit(1);
+        }
+    }
+#else
+    /* start of with a stack to copy across */
+    int i;
+    memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
+    srand((unsigned int)&i); 
+#endif
+}
+
+/**
+ * If no /dev/urandom, then initialise the RNG with something interesting.
+ */
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
+{
+#if defined(WIN32) || defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    int i;
+
+    for (i = 0; i < ENTROPY_POOL_SIZE && i < size; i++)
+        entropy_pool[i] ^= seed_buf[i];
+#endif
+}
+
+/**
+ * Terminate the RNG engine.
+ */
+EXP_FUNC void STDCALL RNG_terminate(void)
+{
+#ifndef WIN32
+    close(rng_fd);
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    CryptReleaseContext(gCryptProv, 0);
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes can be 0
+ */
+EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
+{   
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    /* use the Linux default */
+    read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    /* use Microsoft Crypto Libraries */
+    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#else   /* nothing else to use, so use a custom RNG */
+    /* The method we use when we've got nothing better. Use RC4, time 
+       and a couple of random seeds to generate a random sequence */
+    RC4_CTX rng_ctx;
+    struct timeval tv;
+    MD5_CTX rng_digest_ctx;
+    uint8_t digest[MD5_SIZE];
+    uint64_t *ep;
+    int i;
+
+    /* A proper implementation would use counters etc for entropy */
+    gettimeofday(&tv, NULL);    
+    ep = (uint64_t *)entropy_pool;
+    ep[0] ^= ENTROPY_COUNTER1;
+    ep[1] ^= ENTROPY_COUNTER2; 
+
+    /* use a digested version of the entropy pool as a key */
+    MD5_Init(&rng_digest_ctx);
+    MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
+    MD5_Final(digest, &rng_digest_ctx);
+
+    /* come up with the random sequence */
+    RC4_setup(&rng_ctx, digest, MD5_SIZE); /* use as a key */
+    memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
+				num_rand_bytes : ENTROPY_POOL_SIZE);
+    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+
+    /* move things along */
+    for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
+        entropy_pool[i] = entropy_pool[i-MD5_SIZE];
+
+    /* insert the digest at the start of the entropy pool */
+    memcpy(entropy_pool, digest, MD5_SIZE);
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes are not zero.
+ */
+void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+{
+    int i;
+    get_random(num_rand_bytes, rand_data);
+
+    for (i = 0; i < num_rand_bytes; i++)
+    {
+        while (rand_data[i] == 0)  /* can't be 0 */
+            rand_data[i] = (uint8_t)(rand());
+    }
+}
+
+/**
+ * Some useful diagnostic routines
+ */
+#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
+int hex_finish;
+int hex_index;
+
+static void print_hex_init(int finish)
+{
+    hex_finish = finish;
+    hex_index = 0;
+}
+
+static void print_hex(uint8_t hex)
+{
+    static int column;
+
+    if (hex_index == 0)
+    {
+        column = 0;
+    }
+
+    printf("%02x ", hex);
+    if (++column == 8)
+    {
+        printf(": ");
+    }
+    else if (column >= 16)
+    {
+        printf("\n");
+        column = 0;
+    }
+
+    if (++hex_index >= hex_finish && column > 0)
+    {
+        printf("\n");
+    }
+}
+
+/**
+ * Spit out a blob of data for diagnostics. The data is is a nice column format
+ * for easy reading.
+ *
+ * @param format   [in]    The string (with possible embedded format characters)
+ * @param size     [in]    The number of numbers to print
+ * @param data     [in]    The start of data to use
+ * @param ...      [in]    Any additional arguments
+ */
+EXP_FUNC void STDCALL print_blob(const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    int i;
+    char tmp[80];
+    va_list(ap);
+
+    va_start(ap, size);
+    sprintf(tmp, "%s\n", format);
+    vprintf(tmp, ap);
+    print_hex_init(size);
+    for (i = 0; i < size; i++)
+    {
+        print_hex(data[i]);
+    }
+
+    va_end(ap);
+    TTY_FLUSH();
+}
+#elif defined(WIN32)
+/* VC6.0 doesn't handle variadic macros */
+EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
+        int size, ...) {}
+#endif
+
+#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+/* base64 to binary lookup table */
+static const uint8_t map[128] =
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+EXP_FUNC int STDCALL base64_decode(const char *in, int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++)
+    {
+        if ((c = map[in[x]&0x7F]) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0)
+                goto error;
+        }
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4)
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1)
+                out[z++] = (uint8_t)((t>>8)&255);
+
+            if (g > 2)
+                out[z++] = (uint8_t)(t&255);
+
+            y = t = 0;
+        }
+
+        /* check that we don't go past the output buffer */
+        if (z > *outlen) 
+            goto error;
+    }
+
+    if (y != 0)
+        goto error;
+
+    *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+        printf("Error: Invalid base64\n"); TTY_FLUSH();
+#endif
+    TTY_FLUSH();
+    return ret;
+
+}
+#endif
+
diff --git a/crypto/hmac.c b/crypto/hmac.c
new file mode 100644
index 0000000000..24a04d77ae
--- /dev/null
+++ b/crypto/hmac.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * HMAC implementation - This code was originally taken from RFC2104
+ * See http://www.ietf.org/rfc/rfc2104.txt and
+ * http://www.faqs.org/rfcs/rfc2202.html
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/**
+ * Perform HMAC-MD5
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    MD5_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5_Init(&context);
+    MD5_Update(&context, k_ipad, 64);
+    MD5_Update(&context, msg, length);
+    MD5_Final(digest, &context);
+    MD5_Init(&context);
+    MD5_Update(&context, k_opad, 64);
+    MD5_Update(&context, digest, MD5_SIZE);
+    MD5_Final(digest, &context);
+}
+
+/**
+ * Perform HMAC-SHA1
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA1_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_ipad, 64);
+    SHA1_Update(&context, msg, length);
+    SHA1_Final(digest, &context);
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_opad, 64);
+    SHA1_Update(&context, digest, SHA1_SIZE);
+    SHA1_Final(digest, &context);
+}
diff --git a/crypto/hmac.o b/crypto/hmac.o
new file mode 100644
index 0000000000000000000000000000000000000000..69cf2c4ffaf1b84ac3c043ffcfffe464d200d0bf
GIT binary patch
literal 10444
zcmdU#e{@_&b;sxJTm4+?hb_yNV~4C9lh}>5E6K)HoCr&@9a~tjY)f(taU!jxwX~76
zE3_+HPW%fW0u6;CL4K29l@OpgO%r~Ez-c)r&LP2&H25Tt6KH!#C=EXfZ4#jPw1o8g
zop)z-WqeBbqknYHc{886bKjkrJNM0-{c(J2$2Fek8J9eBgPE%tQ&WW&-<b7QVYOLd
zmO0h`v+`qqRXM%z@gF8yei2$Zd)MoUO^u1BH^K}2j&SA56QRWBClYPXC0hHQivDu}
zhWfZMjkBh0wq@n%eL)pBHCJ3)24$(A-p6`S*)x0BMLkeG`DDx0L;Ig<D=>{AGrpz1
zZ(V)cR@2yKmiH`Q`N7*?siRY@?Yru{jSa9L)Z1#C>b&OipwjF;zBU@5)35UyPw(pp
zJ7M#J6^<7)i^)*!W=!#k+P3FvTYp&F@_Oy2dlr_xYRtTO&;Akf?hATbIXipay!-UL
zXF2b_w?6OLKYHGM^X9!peDDY7y#SH)CX#QwBW8hT>Q!X@CpcV)tb95YMjV>I42L5q
zK3Wi7gyMwv;m}7YcK4hEztwx1VK)qY<lZC5y+t8o>M&}if0r`k6&6Aq@`{@v4TTDx
zKtm{0G=`cVE=Z+wCKN8(L1A&hJ+>&ikwv)R*S08{K@ko^={g$lioc9{!TZ?uCu<=o
zc%HanBk=?^c5g>s*yq3ZWt2sXX+KLeMb{wnb2G>n7g69(l52{l$p=4xd_~dcsDJ1+
z@Y_r=n~5cZ$ik-hW)uuUTi;{~E<@d)x)*ujKL3s@(Ne_4@b4m;B6`@ryB%Cv^bB(U
z9vZ6&>{4v)_(A>MuI`zF-%<G!SV~hG#~ofBGP^9^y#rXS$XIp=LL$?GC>-q7wF2po
z$Vl?AwC-T*D=_25*m{UnE{qpT<KFvGExVP~dUo#5yn3|k63Dy;4%46c^W$Z=vf3C_
z&m1dH8E+j8eH&Lr1F~!Z{Dj^sz3xzPOQqN4)mM6Zc&n*sk@k09p#97-Q?U!})40D^
z+K<9YSLir$F>t*ooVbtzEqnwDUxJ0(tpe_P^{A=155lJ*d`x%C5m~#`cu+LH7ijo1
zy9(L!v7l#aJPM6hVB=R-ql<=dcjyRa{Wa;c1P;tw{FYd}!V1L|{>+(Ud5srDV@IIj
zwXnw{c?%0)LOXkeSoLNWg;ThpigC9n%)FG_u(#7arry0=fgm1sG9H$pIf#dyT&S(6
z2Jv892ia=lp_8rCtlD_!WIX&mszE&LW{}Ut!=4}jrX?P_g6dft58X8M6R20LLB`R<
zuqT`!57UT;CTZV!f%dal&FyGsJY=MOUOdo1k0?xENP!k^fx>TL;Q^~4@o+nYRoJP%
zp}X~Grsv|}Q=;+HK;r`O@DMa&un~sw`72cMsPwtaHc6k{<Jjj_R+x{6vvcwAtY};p
zXn0%Bi-#Ab$N9aP#WnEu2$v4`RTHXPnGGT{i~kNcQT9;2(UNUk6#gQlOO{@akoNC;
zk{ZkqR($rCu0-a4k`ZXd)r=);+AQ4-E&mk#TFod4Zd>|Kyy2!YOtP98>@a4QewxZR
z(^pok?9?pf9Y+Ei_7>wU^xj@x74gfLmoM}d6;>|A?!C%HBJYF<x`M^<dj+J}-<KG_
zd}HLQNIOndg;ic8!itAVQCYsF35vy@*Iq?=Nv&zGibGNw^ENFDZoYgOJ8P-Avuznw
zA_c}T4vdB{fCZ>ZAFP(GpR2<6<)|v<id#>5m_&o^tMWr9Jrk;#X@lNE*8s<G>>O~_
zWf%)qDHzG+%i62fFT2_fp}N4fEV&HMTdD^dG}p`*L5T?-GM?GP;y*0jz{0+}%`d$@
zr%=f!MvZ5>SWqEkX1Mw0(?uZ9bhCKfVlNA4s(YTPdaKaG;^!8xXW?{vE}*-Yx<9qL
z`&l^My?I@3^rN^!rv4PmW4MaVq?s`*E}c5X+6g5&e2TRXE6G&e(m6;A5od4=iyvFO
zfd#j@@I1#*x6&$fv7mx>44W6(=57{0v)IeRnVNG9byr)39u_~ccs&cJJLi}=-M!R(
z+3N0R;dJL5!yS)%HXXzAATH;a@l&i#Dam_JvG#r?8P7Xr1xAP`A1Q2eX6(<UDKv)6
zOQ?F@f0vgb=i>}N8gF3Y@OUm`;yu~qL^hrpn#ha{XL2K%gYof+%#F!`TsEG}jyE-K
z*bq-l3{IxfnRx$XYIHC@mKexnr{ae)6C?4~pe2?VACGU&q;ttMZhKeaU?M(@n+_!=
zlFrCLX3Swcm&uG~<5SSiChA6~8tOOHB}WhZz95wz7@ZtU8Z(SOV*?y^HaCc~Wo($U
z4rTzh6E3iR@ME4|SQ0Uwe-mEi<YLQ3$W2L!l@uWNN(yaWVe?Al;gTB5A(#t=L;mp+
zM;<MS%+dcYJ6gj23hf9yI|8qSeRw5U0^}T@lLwLoR#J+**pB1>^&Co;Fy1<n>7m?k
z@AlNtFqSQmOPYbqBt936CC9SKoEhm&jVA_8*Y?(i-p$?n>>Bru4Zg!nrn9M`baF5{
zfEY4jr6Y65T)X8Rz1O7DiBU6}Ne@Nydi=1F9nMVT=8F)rxpj@b>?y;Zu1#jMiJ@d~
z+h}HBq_;gin4AiF?-?KD=(g?biEfUrk2S>_qjh8KVjwX(ngypbb-CnJt}ctGB9%$k
zjiz$Ri3FR5qII1pI&lXgvw7gkE2DJ>pq@&Prqao}1CwccM>d#Ub~w=xbQw&86Ozs^
z@E9iJiK!f(lVro3OE}ebJZ2MP$-xu`-Mc-J9S+>_`#zxqnlS$XKA2PRQR=2-?(le0
z>C@gkzZmOuEYZODVR0&T`X>(@NKP19Y}f#kcGcR`DL6NIxOX&}HiN05WHuL=wpKAW
zE~{S4;DL?H(~P?iA9hu(C9`ew=8e(S0~48SmODh<&TY|#SYv&xeoe3{W&yUYXs~^m
zeRlW2G9Jj7p02IEt!-VM9X;J!dpp{@x9(}}=xVMnZEb6BZYaeKNPRXBO1oc3J-j-A
z;6)X@us#IQN?d%UF%?6H`@7TOp6ztpZj0j#4wKo#W4S~>%G^Xy4m+AijwWIfI3{Lm
zc2Q!8y@ZMNXR{(5O!iL>^&Xf=j3wtuQk-clXifC@Pb3e{YerDdt0yKBX{^XR8Dr9!
zz_?5doAMa8Y!eIi;#km!9o$roqm|oH!AoJBQ+#VF3N?C}M@S}qPu53}<la`xQFqLy
zX?%?q#f`zyC1~TS$8c$Tx1sJl56s(GqnPqXU}zs+477(suGOPGj)(RrV>)SH9sx6F
z8`DNyT-iUQw*@-x9-w(Y>`f6QxjAk^-7%YrFE-{GlpG(wyI>o~w-=YT_gmO&b<R|6
zJj82z-+{gT5YS$Uw9#HaE^V(FjaMpx!^!jX4&v#-7lHZY^cV`d-};qUUpR^VvOhPE
zTfpufp!pmcqXbE=?F8!D-t^mzSp^yG@hI%<-3@m40L>ZLJ92^XF+Q}tFTvj5K#%q+
zrH$i!02l4?EX%Z|0(_o5wm*VP>*W>(I|T1xVjHio;<DdCp=7!PdQAb^oH|TT<8sXU
zv(U3U2rEdg?J2OHM;~?~j+^tSmNwR3#O3Y*nipWNk08mlJ&(G!Hwt@wkkKAK7Ulhn
z+l`BPpxJ=$yj~_qa`sp%cbO>|c?3c}*R;XD=x@fNwznG3`7mTIIeV_|N-YnY*WPq;
zmi|18tQY8J)YSuH_4Ue7pQD;fzQG4dm3-^zIe~8@QP(-Mx#SyuF*uiaRMg2g_?W1Y
zZx*W>$HNt!OFmY_#RT6(i=aWDy2RdVTm>cTmz-C}^5zrU*X3)0elzOla5?+i&THR&
zUY#H5T(Yy5cR34tc$34O93XhWvF~<u(wRHO*_-ChL{`xrEaXgNIXEe?Pfy&-m~u@2
z@Y6mMp99Ann<wsN;fZVMFUS1s<Sjvl6vgHASCK`Z{&T#REc*3i8P9sfO=KC*)rwol
zvRGTlh<~Q-xEyzo`5+?g!sYb4$)dkc@qV)CUjbfB2OyCnGPaFi%IPz*lfO&k^dC7Q
zWBxOd(-hgsPg0HteH7&f$xxt=$r17Mog!zI91$OWTI8HQ*~uRkIoE+45#K&0@+eBO
zv;TFGuR=+7cFu~NYejbQ?~8mbO0u(mDIQCXzaBEO^GTz~xt?SvZxcD!mh61eDRQne
z*~xFB9KPZy@wn);K!+TW82G5jw?Iyg$ok$Za>fPO$v-Rd4#>%oivUOui+q=`v(N8*
zIY-70+1WWGa>fza$)6KBV~XtTqiU+Kt%gxn3UhsVd9vMdN}jv~xRzDIwTjmWb4RA%
zsl(m(PlaiZzF=RRJ1=LSb9VMQPu_bDWshR+OO*c(<)ARX=@=2_Z!YZHlUD#-V?5dJ
zxu-g2$U5edxPEc0nl~>G=OQM?oYRjh-k_L!tkc<{c#q<DEACS~q<CEMA;m`&^LccA
zeN6EKia)RTYl^?A_`8Zj@SU?+t+-Y(e;#x??@^poJVKV($bem(@S82K7#$+npRHtF
zKCa}SQq1^weSKcZzpUhsEBTX3{vE~tqWHg*{+nbO=Ori|Z&KW+_<f4+Q2Z6e-&g!=
z#ickDIs0oBcPO4Di%)J=^5bClEZj!9`0#F}f4`D{LGfcs=d_YPrQ~Oo{JTp2BgMZ|
zT#8M?jiG{!c{0TncPbuNJfrwCiq9zinc@QM6VCocimz6@UvZ8sKAchfsN!c7|5))G
ziWg%OadzU0IZqeQ7-pW?rIX{MMV|Spb8>Fwj@K%7`y@p9eUf|?E~mdkai`+Fir=F+
zp*X3S`-!u8v*MGAKcJXD(K`JZ#rG@ztm3~_`~}5dRm{D}+5EQR=N12>;vXpfh2qx~
z^8<sk>EpR}%->TTU#xhQVt$S9bmEHFDdrEcPKUqzJKm+ZTQScBPG?xL-Vd`%&a;Hm
zKc;wE@okDfq4<>I&nSLSG0z6hKKD$=-%$LtVxA40&I^ivqWI^Ef2H`GV*Yo;*(p_A
zqj-g4`|f6jREf(y`#d)|JB$G*{|%UbTVZ+w7n#o@V}Q)>6iS5oELI3#4CXtII+uZ$
z3ts`|`;PJk@a4iSV7~h(=h=j@K^_J-3*QLdCOit>Et~;gCp-b>yOQ@#f*B9wDez%o
zK9@X0QhpMAi|{SrzYykg$v@Um=RWYA!ViM)6MhtYzc8P<zZU)$_+jA}!2AiEc3uMW
zCulOyU8jZVOU4Q1{8jEBgv(JrFHB#4Pxx&pe;|A*%6}DJgYw^mn^3+cydC9lg!@o(
zZP`~pI3mpFsakjl%=a~Q_*bJf!eiid!sFm(VLoS@h54Md3m*k{3e(3u!ncF36Xtm&
zA^Z?{NSHnw6Mh1m6@C_cNccrClgC4-B**q#3Oy!$u3m+@i*3Fa9P_h><L!#O75@+Y
Cx_y@b

literal 0
HcmV?d00001

diff --git a/crypto/md2.c b/crypto/md2.c
new file mode 100644
index 0000000000..dee909a7a5
--- /dev/null
+++ b/crypto/md2.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ *  RFC 1115/1319 compliant MD2 implementation
+ *  The MD2 algorithm was designed by Ron Rivest in 1989.
+ *
+ *  http://www.ietf.org/rfc/rfc1115.txt
+ *  http://www.ietf.org/rfc/rfc1319.txt
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/**
+ * This code is only here to enable the verification of Verisign root
+ * certificates. So only enable it for verification mode.
+ */
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+
+static const uint8_t PI_SUBST[256] =
+{
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
+    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
+    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
+    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
+    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
+    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
+    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
+    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
+    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
+    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
+    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
+    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
+    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
+    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
+    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
+    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
+    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
+    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
+    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
+    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
+};
+
+/*
+ * MD2 context setup
+ */
+EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+}
+
+static void md2_process(MD2_CTX *ctx)
+{
+    int i, j;
+    uint8_t t = 0;
+
+    for (i = 0; i < 16; i++)
+    {
+        ctx->state[i + 16] = ctx->buffer[i];
+        ctx->state[i + 32] = ctx->buffer[i] ^ ctx->state[i];
+    }
+
+    for (i = 0; i < 18; i++)
+    {
+        for (j = 0; j < 48; j++)
+            t = (ctx->state[j] ^= PI_SUBST[t]);
+
+        t = (t + i) & 0xFF;
+    }
+
+    t = ctx->cksum[15];
+
+    for (i = 0; i < 16; i++)
+        t = (ctx->cksum[i] ^= PI_SUBST[ctx->buffer[i] ^ t]);
+}
+
+/*
+ * MD2 process buffer
+ */
+EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen)
+{
+    int fill;
+
+    while (ilen > 0)
+    {
+        if (ctx->left + ilen > 16)
+            fill = 16 - ctx->left;
+        else
+            fill = ilen;
+
+        memcpy(ctx->buffer + ctx->left, input, fill);
+
+        ctx->left += fill;
+        input += fill;
+        ilen  -= fill;
+
+        if (ctx->left == 16)
+        {
+            ctx->left = 0;
+            md2_process(ctx);
+        }
+    }
+}
+
+/*
+ * MD2 final digest
+ */
+EXP_FUNC void STDCALL MD2_Final(uint8_t *output, MD2_CTX *ctx)
+{
+    int i;
+    uint8_t x;
+
+    x = (uint8_t)(16 - ctx->left);
+
+    for (i = ctx->left; i < 16; i++)
+        ctx->buffer[i] = x;
+
+    md2_process(ctx);
+
+    memcpy(ctx->buffer, ctx->cksum, 16);
+    md2_process(ctx);
+
+    memcpy(output, ctx->state, 16);
+}
+
+#endif
diff --git a/crypto/md2.o b/crypto/md2.o
new file mode 100644
index 0000000000000000000000000000000000000000..46d054d9e05ed333f27f95b69b909ea413b7557c
GIT binary patch
literal 9808
zcma)?3wV^(na9sJ-%K(?Ciid&K^-WUfX++;hyjV_%1sc-MG#S#B$F^OnF%u!2!e)E
z%f%IiqOH1gv87VGti4#)OP8)htrZK_t*&C#m9DyrmnvdathMR?|9$7ooIKiR_dL(}
z&hNbEJ@0wX`Oa;=q`z_D9K$e#3Wm5|WO73I3Q=MTG2K!q7w3u5N_9wD?eIFA%$hc{
zpsC)ss<oo2zM`z5Y+C2xx4oW4o^?Vz_;|r=_n0Y9Wec%jZks9UoT99CRYOHxy(pWu
z{myspX(+q9rY7~nQg?NZ*EQ#pK_TiK`ChZlQPboQP+TyVRi<5qDs`f4T<6c<%snGS
z(ZCt6xuU@lGU4@6A>5Tk0|h838aQ<<^zxF=Dn0Aou07#=&GChKu%x!mUoyru?#Y^G
zQq}q1yea;g#-khVbJo0f^n`Pf*ETTDU-Hc0l;e+gmvkQScpc-qOZ>U6vx5iEcb>?b
z^TD8d-P56yOHS9GLpwgJoilY`D>*jyggM51xv*y1(bpWFO7Gc<iqzci2mRh}zCT#)
zt-H5i-0>RQyx-gS$3cJY)Z+zXoXX>;$DS;-yk4+kYGX}VL+9a-x1B-%CkN_}egEWU
zqk2Zm_ue~`RowPN*GETxoxJs~y%)ZGWZ~9l&i}`yv%h%Z)QGOS_^4Y(zE$+^S3ddT
z@Bit)=HL7I$G81k@ckQpw0h&7;SXkCe#helJ9EaZ9J{6ex_g%Io;vB`%Z~r=W1oJ<
z94xK)`Mmr7^*>&^{##T2<?4TaYVjjgzx(zNZhUC{U)KKjzLfLB#_#rA)3I*5Z`-xM
z4gZh-en;7=2@m}Er;mOzW=<$Fz2>I;*0~41_S%x4%z9$QXV3oPSMN-`s5v+G&GMT)
z&%b`+PqklP)U@W+OP-Dn9QyP4KWuV)fBCZoeLL>_hd0_!cfb9c|NQHv;=Gw>KX^E=
zbJ=rm9^8;P_ipbM!zvrDI(+*dFBtvG-MgmkFZ@P{7c*=S!4$@3f!D*l3hM!5WTp@4
zNJJ;*smLpEVv30^7~Jtl8FnLfA=>3W=P>ZCj$P*Mt}VuGP9e&XXE=wr98uYEfp2v<
zJxF$$PAI}^DcT_6Y4qS}u+j<U5t`5_gTu($40IUo3z>7cmNDnZz8X2x>59Zs!r{z*
zmt}6(B`kAiyO=m#F)PUqAaOdO)L@x&Z$REP1`l(}MUZ4|!sFYB*&TQc3U`a+=HG%m
z6Yy|sBMQ1L9NS;Vv%r%@-a&bdCzrgl7SF3h7OhdmGL&!UKT!FgaGeKs+`^`YEkyIi
zGLYcl8~f%UpVOY|gOJGJjR<2oE&G^RBQtxLNeSaxdi^}2$aS)fyd9`!G^^KV?AwLB
zZLygary%C<fZ{6-^ucIxxLXR0W}~9OXfi)CnqZ&^g+@xfUt^yMMcY7%2ChIXoN4K>
zgo9WZ!NW+^LU;&NbU91cGy4Lv#m4~Wpn4V=wzwG{oPzAnh-lVvBhp-_2O1^pOx}3t
z8N1cQG4?%%lEOAiNTeCtpWXClGDIArZ`GpiDrPWvduiw<WQs>ag$>1#VPj~#xEwM%
zbh{;MF={XZDBuumK8kX`taBh!Cx4c#gAPdjf{gEMZTKE&7*k(F9T(S(DA|U`hzK5Q
z5!v2I!pK@aIK{+>MpU6}I4anM7FmV4&N4_x38T=MkXM{z=9T3Y8bw(JSd@<OA}8lE
zh%j{}x-qr$Aw}aOgqb%h=hB?{#hBBEF~8UVWRDf|i-Rb37aKV_ET$CGR_RuuY*@gs
zvy)2MRL!XG)Rj^#$0ba+ZPJ0}z0-$ebJ;E%%L^Enmwu&z{GD43^rI3=1-EQ9gk#j6
zx>0zkuq$1q-6Gi4vc;+rT_~9d|1nUS3Ji>}Tbxunzj%7-Y|Gb?E=zILL=G^+HHe02
zV!|b6icLNHk*0$a<Pa76nVyemh!(EjMhmZDG7r%d8~gVYmfCVAG|8Gw`I-&U%p{Iz
zie&$Og0-qeGsp_GJOj}XtxRSknxeOVKj8{n&ZGsAmYLfAw}R4vR#?n5fC!gqpx(xe
zmn|7D6Zy2$W@}^|V*^&;ez6@9BgN!)M5n-hkRB@T2M28hChuE#9g|NH|DJ9$b&puO
zE15iPVKbAnwiHh*WbC)F&H$nzRy>R3w1wB>X@y7ev`br<JckHHs|XM78u?gN=m(P;
z3$J6swPw3X;;CYY>-1{8I^Y#Dxy-^9OjNbz{h4a%){3A|YU#FQO4DPSDQ(V_rl-Of
zw2eIhfiuqz^h$+SQRuLa5ySXAFIV6~$x^n~p4ixvii==tGMq>TBVCF3+ST#Y+W7il
zPa?i1+@4AX!^xhisWWB-Ly3;wNGu*~>y1P^g59C^c(O0JA)Z(pthGx5p`M;#eLR*5
z$53rSXniQS8kIJL5@BVeJ>IP_n2N`v$zUI}lOcb!ud-r>KOF7+vLF&`kM?$ih3M{>
z8fd52w$p*t<YcM?=QY?G0GIVNPYT220c)5%3$RHz9i}5qh6gtmOV*#JjO<1n#zq#Z
zXESkohQZ2B>AEIMWnH%<BVF3>fy^{%)!am>>9U@iWIKj=gU1DF9*x5z<%ez|@9$W(
zw9T-`iJF$TX1~S;{W34G+UH(OFDS8V+4|O4z%P1d`?cB9u|@$lsc-8zEIX<d_QPrU
zt*oIB7z4xXp_F3<lUZi5rIY0;u=Lr=W~(iy<>zK=By9V(Jj;?>V=Mi%N6ul{F+3Ov
z$T?mHdt{AzUz#kh;U{KuG8IaNMO$xYXE-6E;m(v;)G&2rYflHo#QK(HqJ3?$w_Eha
zl98@hxWm_usVO3{p5Bz`j6|a%8jp4P(xtotCRfK3siC6oaCb7C5_7L?_0{{P2dV;7
zeg1CNY!5}FNpLLgPlfwZ{v=jTBp&leBdKsA#G)>re=(B9sDUY4-9B@s&)*64NGuwO
zh5enqF{?)MtCnIo80t%5t%NHx{?kKy9R%%lVRhiky}*)9Rjsr~WKJX&ii%|9hHz?Q
zPuT9VRfERRxAvZmTx2V;^xMP9q#OYj#(Ps7sYo;&v#VLna|rd}<WSF#MN;Cb`74`S
z>zc8B&8@GW<tuMb#FI&`cmI`heU*W!6@iM$_V`&p8hrL<B$iow0ZeqpMQd~8%G$c-
z#S2?o8doly-_qDryRf;sVpwh6{OU^nLO>|76D#G0rh>EFCi^_Lcg0B%jYGT;k-C^T
zf`{HjM9OhpwYCt-x$U|TDd$<oOE#G&FoPTRdCHAMbRhDGW1yUePbDJd1Be$OvhFEF
z+9sbyWMH10k4QO>KL*<2>9YutcDUs;P@l|S2-H`5Jmo4_eGeozcBevZB9Kfa>~yuF
zL^v7>$Z078R*o}P1h7~_BG87{9!SLPj8)nZZtLw@*_jA+ho!zPiSR82Y!0=xCBo~6
z6i4IjL-L_SDApCGaXMgE<IGnk;GYQKc<9FAAp-WP5U|^@YV@V(wXBW|=4g-V^Zz6D
zL5HK5C3UAGRnvzeb#RtxO!*eP<Jm|lXMO5<5$(HD#@;;0)awAI?M>F0@*}WU1w*vQ
ztG%*Ee`udFhI^RNg38W<jIaCu(zAXyL66giVIK`BBS6*Pg+s++A1d4dnF>m8E(D5M
z_NP%;KCs7r&>z(g-mSD|L<Jl@PdTfVaarm1e4`<N9_?{;D|>6ey1hksfwMJ%LjLem
z3=})F(P!0pt&GcdNV{0ucR|2*xvW&XyR<q$F#%5b2r{U)b|A0Ydt|KrU4!<xtd+g*
zfmI!#XoS5}U*X?AS%*3dufkr792b7-Q}!MJ(_RH4!vr|5&l#36J|a`4_gJ32bwF$d
zr8j^ahAbWa0KKYoF5~<2kg<*mrRXHzzY401w{3k~Dkj+LhT}3qmT?`OLR58tVl3>H
zXaa?=piH+n8}_J2dzgypap4$g(@k7lAjI2{si5pJ)rMc(KO9>(guF^~Utn9PYJH{A
z?Nwp@&VyV9Wl!Z*s>_|?!$BoyY7X&`c^)>IU}Bd_zY7>LkfSdQJc1lws-M=jbj%@d
zg!Z|jGQk}3rH<vC`I%r^Ggr@ZR5QU8`1z~_-eUD&4%u00AA_p})0zPpfr&TBap&5^
z@QNbT!0Sy1_MJ!dZp1D`mS2KY1(siicn)znBFp8Eh4e*4zt*I$De^j}T^8jfh!Xp<
z1arcW!^=5g$gXhC8*~<d^H?!`QOr*OCENrM$`MO2;rNq$v1In?Ey?_$x){Sqo#9An
zn#?xYH!}4(_sA_s*GcAHx|NK!s87z3ejcD4`lpfd=Pr2w=@Vq=vmfLf*%z*F>YPIQ
znq(waUfJP~Q8KS0BPCO392qt_9%N;c-wCPDFkR|!oXARtA1{?n>J`H=wFb#tlZ*x(
zM&Oz^q)pD9V#z)-bjBlPRQly)sl#!kKIdDd##NFxA*~_9P6JX#WoI5)+F3{)Fz4kG
zjh9K@i*z*^cA`ibm7N~4w3DI^_#D!W8gG&OInwQtxzuix>;dyWW60(0C1c-a;EGku
zsi3%&EZgO^R*l<O%H=jtuIUFg=4U2lr&?p{Ym;o3*J!1~d8v4n#$6g);~?v9(Bzvn
z=7%F?=a9w^Ys@*Ubk1nZu~Tw>^iX|wfmPr6UDwEgBElq%IX{)WR^vrv>2ot#j^|P^
zZE{{kHT`v(&TV8__YO^d7npT9mmZ*8`tzWse?*fHX!74^^5-=9?=|`BWa;Ne8s|f%
z{25M`I;BYI59j1~%B9Z%vh=N5;{_To)p!LNk)cQ9-5UQu<EO~7t>2Ne?YjJgrR1M!
z%u@9pof^|cCC8SOW}n8~AC%5T8dqq1iN=>|T&M9IjTdX&tTE3e)fVr_iaRx4qcQh(
zrPHhNO&V|2c#p<+YP?V5do})%#=J|awhn9jh{i`Xeo|we7pm?{8o#db8ydf(@%tKo
ztnp_WbH7ve`8idwSK|VWc^)a9GL3l#DLMamr}$!xXKKtpO(`9o%Zjhoc)7+Qjl&vm
z(0G%^_{&Aw<~EJ_CpOg<{|cm7?GG3l>$jYe^N(bTf1>e28vjCL?i)(~R~o;d@kx!j
zZz%mYG(M~GCmMgDG1tAS>(<z-@d%AaYdl$FzsA!wuG08&jq5dDr127sS83d#@mh`f
zcRuC6^#?%Y8MbQjof_}b*gBW-1)8A%QSE`e!zi2YY4T6OMbiEk8fRlXDQ8ikWbSjE
z+mv&AoFJLkfS_a^<ufD~gR3R;XLh}0?teVXXlEjr=NFlKA?GuBI(V&Qp8q_{DCeD&
zbDLZXzEN^L_#2WN!JN<3;k{|E<VE1SCAWYNNL~u&*++fe9Uhj<`vT`J<q`0&C3BBF
zAvpzpUNX<$mnHKq$2rWp{ouDGZw0?Ac?bAI$vl5QmHb^W=QHab0P}Cu<bz;*%(j^O
zD9=#J4}p1xl79>?ll)WgSji88CrN%3%(+ed$H3Dh4}fP%J_hF8rp|G2qvU77S4id_
z%(+dS7s1y`eg)hn`4l)Jnfo#4HuX<~dnNO%-z1s$rmsu>D|owP2gZZ*oOQV$@0FYd
zzFRWyrTZo4g71@@4?ZNBzaf4mnZI`)mdv}@FD3JD>rY7bgHK4F1%65LTrmIrfc`81
zGZ;MZWl-!zUai4V8gmUOInRB?vo+@2RdUW(#j7-qYRvhkbZ*v|b4$s2E-SuY<HH&s
Z)tK*I>7Ug2O^wfJ{1=Vg7#DSq`Ww2{Ajkj!

literal 0
HcmV?d00001

diff --git a/crypto/md5.c b/crypto/md5.c
new file mode 100644
index 0000000000..7f50713006
--- /dev/null
+++ b/crypto/md5.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * This file implements the MD5 algorithm as defined in RFC1321
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+/* ----- static functions ----- */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
+
+static const uint8_t PADDING[64] = 
+{
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.  */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.  */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/**
+ * MD5 initialization - begins an MD5 operation, writing a new ctx.
+ */
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
+{
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Load magic initialization constants.
+     */
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xefcdab89;
+    ctx->state[2] = 0x98badcfe;
+    ctx->state[3] = 0x10325476;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t x;
+    int i, partLen;
+
+    /* Compute number of bytes mod 64 */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
+
+    /* Update number of bits */
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
+        ctx->count[1]++;
+    ctx->count[1] += ((uint32_t)len >> 29);
+
+    partLen = 64 - x;
+
+    /* Transform as many times as possible.  */
+    if (len >= partLen) 
+    {
+        memcpy(&ctx->buffer[x], msg, partLen);
+        MD5Transform(ctx->state, ctx->buffer);
+
+        for (i = partLen; i + 63 < len; i += 64)
+            MD5Transform(ctx->state, &msg[i]);
+
+        x = 0;
+    }
+    else
+        i = 0;
+
+    /* Buffer remaining input */
+    memcpy(&ctx->buffer[x], &msg[i], len-i);
+}
+
+/**
+ * Return the 128-bit message digest into the user's array
+ */
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
+{
+    uint8_t bits[8];
+    uint32_t x, padLen;
+
+    /* Save number of bits */
+    Encode(bits, ctx->count, 8);
+
+    /* Pad out to 56 mod 64.
+     */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+    padLen = (x < 56) ? (56 - x) : (120 - x);
+    MD5_Update(ctx, PADDING, padLen);
+
+    /* Append length (before padding) */
+    MD5_Update(ctx, bits, 8);
+
+    /* Store state in digest */
+    Encode(digest, ctx->state, MD5_SIZE);
+}
+
+/**
+ * MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+{
+    uint32_t a = state[0], b = state[1], c = state[2], 
+             d = state[3], x[MD5_SIZE];
+
+    Decode(x, block, 64);
+
+    /* Round 1 */
+    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+    /* Round 2 */
+    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+    /* Round 3 */
+    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+    /* Round 4 */
+    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+}
+
+/**
+ * Encodes input (uint32_t) into output (uint8_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4) 
+    {
+        output[j] = (uint8_t)(input[i] & 0xff);
+        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+    }
+}
+
+/**
+ *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4)
+        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+}
diff --git a/crypto/md5.o b/crypto/md5.o
new file mode 100644
index 0000000000000000000000000000000000000000..3bb00b7a4309c39bc8e25351f7642c3b8f4a74bb
GIT binary patch
literal 19348
zcmd^`d3YB^n#Zeuza%6iz%LLv6!Dh;f~+Jz5D{1zLkN%nYJdb{ILr+RxyWH41V|Jm
zMo{rY2N!VI5w8(cgpJ1pP>k8Yc#TH!z9ur>>!^b$`~6nG6^dcZ&hza4vClL0Jl*f7
z-g@h;qpQ2CtGm}snK{*Q9A$!|7O9glrCuG36t7Zaw83z7wmMTS-(L9o+&#~C94Ye;
z`Qq@?`yT04`<D?1*G=m)HL%0Eed<r`o9YT4`9AT6UGq<zc;@v5*T+QOy!6&(n|``+
z@`~R^hd!R1J#^4_@sGtf&&pVI?gP(1@##We+-q~95<T^wY-?}%@s&S)a_If&*ScMF
zU|o+te*1Y;#+2YsKfM2k-+X!e4NvLf#+f5FB#b|HqW-&O>teF*DUKNT@lT0IpV@x@
zAKsafIpfLi%AWfDGY41ydib$n+m2ov`0~}@vm1iOzxe7KAK!K4lOJmDJtuGOL(eA0
zocHaWCq_)ZZ}4poj^BFg@dH=P&%329;-*#KetF`hg=??9eD#jf_dYrQ=cvifZ?;8-
zUUv2BIp1IS&4j0)eEIbe8(+EZ&(7c}i?4t1(3d~I)wJoV)X_fEca*cYs(De-OT07E
zvJ=!2Z|0Io*$GZ|A16D(lkN4+xF9>hJ0oV=g>U!xN~zxawtkZpmDKwO&!(6iqxWa^
zdpWD`2U%w<bROLozu)U*dp%csRk_z&*A}VrBQuNqb@~3fYNssUUl2SaZN>$AZf~#s
zuO-ebrQ$0B8FRN*`{E0H$I>#Z{WVp-<oL4c`svjTkw`Af31p<-obQWY=X)RxP73pU
ziSe2F^)>l>qwAH*oD*ogAwJDl_Jr^5hMj5tjC6H*d`en<VOskrB&Qq*l(qRXcl#PQ
z?0m{Uy`iZ=O^>f@sLyEVnDmlTbq4}(zLVMJOWEr~a?PryYPamh>b<j&T!!Q$DQ&*G
zJxnevZpt@hcVr<slez2KST>R~7B;1sviB}SGRl7Qh+8_68#h>G*LPj^#;(iW)^*vt
zx-NTP*JZ!dW!dfTzpvYU^m8=2?k(TWr~Mg=n$kMHMlRF%l*iC5FK7A6j`&{Aiu@qj
zm-$Cu<BcCgM>ap_d+{Crn+<T$9%+ul(a$s6eKo6_5BXc4*S+eS5#QWa-`JK?>wEK^
zoqK(S#XI--o1SRjwM;4BwD_G**0(-cmlLR2m09GgJL1bM_Gip1tm<&GketAQ(^TC&
zC(!)5udpO#zAt5=zwx?^CGE3jp@K8rfwS|PK*qwlb-tai`RX?KTc2xO(6J3;1qJJY
zgQH%?8aE&Gp;k?MTW>()TE0fvdf;TDd2j99?aOR2V@3}px9rAhv_9o|x8^ctT6j23
z*>yVi9$(!-GiEy8M{;M`j|Iw}V{Sd9IA&T#G5MFv=1}UQY#z=o%8u^3>}6e-&7t&n
z%El3U3P-GE77hu@#u2M|vaqP``M}OLoa*iMt$F*9Palk?{MJKd^8=Y_fyVV6yD}PP
zAz=#pxv(K)(awW`y0$<~RqMQ#_m?3dp2w##t)@1!C6Lk<Xxh^r*}8HU%Fx$~jOwPR
z>z>2u9w=PeF{$+ljt5hCNs2DK@w(O}4a->g6pjQG-coi$AhRKmv7j-nMUMepMqygx
zdK8W_YL>UZ)VdCZqYQoYG3=gWt(x|9IISz)c3{jkR<|Bb*&8T(GEi95l;1K6wQ|d-
z$!~fJEzd;D=eK9I?w+OFfi5Y0GGk%cL3T;wwH+H<)8Ptbpn*+kt%oyj2&6OwYHAy+
zTlUrKcA$)mYShYY;F9*QTd&K~WuR6y4TZ&MAZztRM|A5_)+(M2Y|L*xT(&om`6L?H
zl-BNamQk37aoBoj=WajJYTBA=J9Mv1=joGCjS=2@7$;rIlYz#zruFUb)8SOMzor4h
z8~OJ7+0wSAqK;Wio8%T&rt>}FuS0olO$*xhu{=4c{<geP%=ZiBZR?`E$S%sO@1ne~
zyC^TKi}GITqP$6`mWSSKJyg?{xe^DiW7jW~x4x;NJ^B~Q!^r8_$dP0E^MXLrGl8-G
zjQMpJ1SX_SpXzqzvFeP(yYF~l#|qE>=zcFp_x&LHjBlc&l6&73bN}ex`!aic72zE}
zdwjwurN(=>>&;yZccXiJ)qCHIpVoiw8J_UQ#<zoBOpF|n8@B6(ZGT-hKC<94|KQZo
zvBA@x@Qgm-ym;x*=@-n5@V7OOUo;~2`G>nlcw_eWKjfWyhEn4qFO5LNQL0&~gv0$u
z_M8}$9R1wt6ESU<yngSfq{!xx%`y9%TgUj%owPM3@|y$kBQ8I0RI)R&=e4yblAMXX
zrkxY~%^%{Y{&*s3)c&^k>21TKCq^ViP8idCX|wAzbXUu^_Kh9&KP>CLFTm*r<{R(5
zkoCr_L*9tBqYwD}FZ+Gb{;*}wRh}3(GhyrUzy+x>TQ3SEHeWP4IAQBJ0Gc~8BAC00
zPQ+S5kBJcjgPvP<B6L|xR{N~p`~2E(9en?9LIg6OK=3N3Rz*09aT7)WhD+pp$j#l9
z3c`F;^~?-Hjnqv+LA@Z>I~zPVQf>0Kz-}Po%){^z;=3W;yn!GO_{N~15Qq)lpdJu)
z&U(*H!9zd{n?sdKgLLivK|$d49+<MUI!E0A1$EdvIoLbrq1W5BLaDEjnZe_P+yu49
z2_4LsCpe2SPq$>myg|VQC6&q()a@sxg$7S!T4=ZK6hXl&wCFY#A}9z(7io8)S0f%A
z&9o70S@5rkvyy-zE3w;#ty?a3m#ENm?;VFhVcoIwZX&9%e&oB}!QL0fX{-0{jo9~B
zA=g1rtuuSw_!lPbsNi)d$NOu#@4f&#=N!km1gh|**dd}B!-YHrs)(Yz5;EQPC{Rwc
zONEA1&mboC44MJsUaYzAJLc|*s8T%U&gNa<NbSF;LuQE7W%ShLMI+u@m(x>wcT)SH
zB%kI4r1e2*Zfq{I_6%Y%QU8gZv)ha$XLAV#!Wrx$XEz(+%<g-(j<6LQK>f0mvxjy4
z9V6Kixdy5IawIYaF8bvvXD`iOL!|$5MCjPNaqF4^e}$F@Xc#u9>C8dM8h=)A><3}|
zoD~AN1TfH;oIL`XOlZy?1E>Tb=;N~*9`*6*r3O8QG^fxEa%b~4q@9yfiGmA>&TO=o
z$8S(GcFqbj`kl>XI7$54a0LyYhJSx?#bVg7#h)^&`*g)5WQ@WY)(<{cvSsm%poeRj
zG6#`p-C;Vq1JRfZG3pE9U?hqd?4){Xv7h7Jm>QyDCLw7L{3q!oDAPj*JF`8jkt<J<
z7U(3c8`3DA;3asKs^y712!$%=9&=hcn-ft|-*WhL?&0Wo1vPNnbr0Kh0@0xhn7W0A
zo{gDo$5yuEUqVpz?M%|q*@(vMMu90%edbo(8HbvCYJIHZG9<r><on<?46cw83@gHH
zG*QL8Es4W*Vyc^WnMoe<iMU2voOtb4C#`}9eafaHn?9=D)X)c6t4s2raf|51v-8|E
zXqN)kK|hQzOj9lhM|lIZ!<7^14DHz`+}rc4o{>)P5Fbu-&kz+J{wt_34h2yaT))D@
z;lHo)_M8y@ui?pkP!GpR?&AQuMXTgKaYzpB<AjGZncA=(ownnU);-qIS%ZfS@ay#O
zU^hLOzHq<rh9akq^cZ7Bda`7i^g0)%;EX@%hgFX6e`mq~78iNaod?b6ebS+)KhElt
zE}0r7PQr%`IK{~s;sgaUS6?fNT>ZoeQxWZNMPWSPY-dy-dP@(#0_{CBSdHp45O5ZO
z_5;Jw-Mukx&K@J0L9xyy1KbY%n~Izx)t8F+ttdQ2qhvV@bR2X2)ec;b(g$O3BQExy
z{u>ier6DE(quR=XlylvZhYd*XGiJcWx&wy=>;4^nE(Zt$YN{N?fvzvDLF&Jp*;|-k
zf@?6xHkfmofky@Yu8z6%1yrR`494bFRkd3P!?8K~J_>Me#z|T=hk}<cR_0_`W1(%(
z23Jyecs{6k6hYX|Qx&RG4XaUSu7Er<dYKA|S)*bi8s^_Vd|+}^)H#FwL;4Mku2eBw
zXujIbT?cW@#p4jQygaIT^$<U3TyPAc5~nmOdKJW1E`9@%k8=xJUesDO&OHnfi))Lc
z=8uNBMdQ5NAd=A-_?-c9zl&&q4s6uN*c_Egaiy+HI;R3hTzng1p{`5%5{NfkJOYuX
z>oRv9#7i!|0x{jK%jFQeG|t}*fg#Td41idnF?|)p+Zxl}g}7T+D{TwJeb{`eO8skR
zr(K0k)3wEJ9JYhl9CZanysl+h0>o1;J_9jM*D`GaM3ak8L5$V4oHq{QQ5PSFh}E^6
z7l7F0;@uF(HKzRxk?Gbl7vfos^IIV5b%p0%1Hqx<D19SGjno8e_hEBX1_dWXNTnEz
zZSy}oPX5vHRH25gP-p(5)*PD~x339_slniUAZc8`fr*{{9J7TryvMEZ7Kj15^X8rf
zvB|}IAo}Ufn?C^JR*mVmL-f);mL3VQ#>HzOK6LS8h-td><|act=;9*~dAjq`7el!H
zn2tWvf&JL!2}y&4I{PdN_l#Y(bxr43F&^xzgRP_YCD^**nBYtwxP_4-Y+<4p9JGZ|
z+-6VOfOX)s<#S#7Y>Hb#d6*Yb+=cDb>lkfAw80#TJF$7x##Blgd(^U2+wHg7Z7Rjh
zNOsgh3gb4lvwdD@&(sF9O?FOZGPP;}MJ_hB4ilY$TR593#TKU4XvN_8EsU<vD%S?8
zRfyh*%~708>(Cd`A+BmTM74_)%<EOP@tsxT9B8LbpH1<Z#)TAo?l`qqX#0RRm_u<?
z;{pm}d-CG@G_-%v26HH0!PZ^X`a;5f91`~P(9Yu9Bn_7{Q+dqK(7_BCgA&X$5ThCB
zWsiCn<TyX}?18<5k&ospC#QTxS!Jn;ORLB$uZSyHTwc0#NonQM(yQXi%1aCLaw;q0
z@+!*4jUGETE~`AZs-UDaF1xCrC^xP+E2p$#d0cgA`O>&aZc1!cSy|lV(vr%&5@eg6
zbyZf}5@f2*D$g@ca!QL0##NS<7FEP8hjm5P$fD(=0%J$!73H6<C@9G(s>;n%syO$;
zSWNnrs;JDxvs>&EHrj0fm@QJlx*NPVdK|Aej4kv8dAy#m5TVs!o=%-1Ck)TM+Rh0J
z?Ie?9C7$0L@Afre-5?w~lD&52{X&KH)GGM!uAwI+{}MCv8tuZ}-)%BP>ul%zpYHqV
z!h*F=Gz;A^0Q*(Ca^5iNSLwZ%jYg#-uwSD!x*MSBb(*I4KZ(X0#+IJiKO6>YIDF7E
z+?!+P_FmVir}u5w_Fbo*?(K9<*B-h~{r~IDt4Han$K~`<`p>KJV1dbuPj{5M`&D|x
z2I>7O-G_Fn%O9?mlOI=2Z;)K*+{?$weK&m>4A%RV+FdA~$sO-<omc5xp;8P_lAzPB
zh3?hSqwU=iyJ>s(avH8LM%7X}ZdAB-V>rsy85c-R`Z5*bRbf%e3Gs&M8aQ}LcDy0_
z#0?G$1FzI&1nU~C)casvl3ORY(dHy}?*MS7m=%S1LvWhA_W&<0o$h^sB*{nxh2g2x
zaV|}~@XDzLC0RwdFJ)EcsqCu!{Je6NQ(A@f#q6TeoTaL&q@rMPNnWl$2RB4jP*PS^
zsftQV7W+FBxE5Klq_n*9R8?YLPAP7E(=JQ%Pxg<A9Tz*=KeCuPbFzwxD!?VBBP;Wk
zSB|W}t-7GJWMol6WnOs}lNS3&UJh|Na^QYBF=zaE|Hyop7nBqgl;n-fuPV_wDirIV
zR+h`E15?YhN-FY8%ZvZsoFFeQYk4JZ+IgeYloDODQyQR~bb7lmYp5J|Wu@Gz<J{YL
zML|to<%+UARhCs=ITOp3Co{7zit~zd%2ufCg31c%7ivqZD%o|p1&i}4qz9?iy~<`x
zPEA*KPqX9;Mx*GmtX!6nGAS`J`Lb!c$;l-Jm6)+lo;<-nJg2<0qJs00k(W*LkBS`~
zhz*?QcDG*8_PdiMm9FP1S0<O_m#VZmQ?8tpFz51_X{l4LoSB?DW%i_*b0!A5PfAFh
zIEoMA2m|$;#Fc_tA2eJGy)eKD3m@TQWMdL_jE}&^5DF!iOwBwm30#Lc9c}nXz(5<a
zvEh8&=*h-!L?~8Lkifjdz^oU9;;eVN=*y`<pdix~?Ku_p3v;T@z;ey1pa*d?@04V1
zquU!>v7)##D_g}@RF=DPiJ|hmqO4dMxhhu2IH*-D24$9t&910`w$zR2)ZD!6s>N64
zmuD5{iM^{S;E{=SIV(H6JnyPgl5sAc63@a|$4ELw$CJajK>buKrmV%7(5hH>rW)&(
zp{udHlC_rXh+xWGrW^c^?ffuf_w(>GjKOAx4C7`p&%<Sy`Y{+6Lm;VVex^lWi<P+X
z#}!p`IFQuo<2;M0Plvzr;e`J1l-uc#^`U?27$$XhrP(u$fzO*f-2ao^C9q*04ikn%
z_>0%%?o1nJB5HgyWi9L;cTM!(*iA#sFca3I11gb`?O=VF#(r6Z&GyGt)SIk~ChZEz
z1EIqYaVPtQO*j4u!6pw4pT|2XE+d#=(zwQKm}&1tVlBWN94l=(*s6{if{t&;(+k_d
zH)Ez;z7MheO~Lx3A376ES_2fezvB~6ju*Z@Gyb-LO&<ElgTF;`*<jqHZ3f%^{J&Bv
z6CKO?p-G+o9+o@-NQMLFxGPp}%=Jf~d$Ca(yEW17<>hbf_CaA)M{R@MIAa7!9}KTx
zGtBrKu(K~eChaiN>~_>mcgF|Y(O1$qUf#oI@&MKQ^k*py9zmMzZ$13cj{eY<o&CZ-
zGUo<ReHw#}Ai?;fw1$ydFdT~`Q1X(FSJv7e-x^|QoZ{~@oX|<onPB{xxRJI#NPT_6
z=qbIYcw`(4S609~$<AXj0(uWD@Mc5bmiSJXakiTw9-Gr?O%46oN0M>-2r=H>HI%(q
zpSdShUVSFmagOAZ!K+829mlH-D{zKq2d|2<qbQ#}d@^|Th_K`R_0qbz#r8&y^O4M3
zE8lA~e$h#DtnMm>)1>p($aGo2keSmdbFI@RCf1}(rb5)X(@cJ~;7IrR$ar<Z5M^-%
z<E#Y2E!fB$tGk4m{Y7Dp`7ec;g>Qjr&mI~n%<()^nB$QzhH2vmHwq5{-!D8I+#<|=
z`jc<~9D+g4ytvG%p~5_`FBZNS%!PQ`#DlL9P6TfeP69t8JQMu3a0>Xia4MK9xb%|_
zo*=vce1&i(c)4&c_)g&^;3tHOz<(4j1Ai-A3GRbVrT^vN(ZaRhS;BQ-zQ3T&S}+%k
z$qnGm!t23&gFyYwV7}xa-v<7Z@Fp-%N$NKP`I>>e70fpw<n7=Y!aKlR&Zqt%FyBRx
zcY^N_ejLp8Y3lcax#mxP3jDrsGx#UrXTbw-|DsI`_(I_}@GRjM!NtO_g0B~D2mib9
zTi|`d?}6VI{s{b6;STT_IJa2VXW&u7Ux6<b{uW#y`~&z};p5=L!aVI?5#~#&c41zp
z-xkIvFM91a3gd=L!(1^YXF_tdm381bhr_P*!y$(Xqq=%Io%Ts!u6>g^&E~o_nN#aH
zGW_s-C5Ov7`zx_IA9)jnInB<t^aaA4imxTZ56^Y7@$;zIz>PW}%(}ls=FJV^O^ZJi
z8#e{x7&jFRHGSP8M}fIHyxAc1$L63d3<I(C5%!Z|GX#>Gu^&zr8@7%1l%p&jCmaXK
zxgl-FK+Yt?X9^@Y<1>{kKGSIf=Jj|18TOfw+>CuLS?rg9Y0v9*vBj0be}aCc@TcIb
zg}(%^C&T~Eklc*_+sNX76K%kJ6uQUa?ZR82=lqB^zX5aHIGBerL|}8|cE-7aVcwAp
z4<JifXM^d7AsU;*8!^IgY{s5_YM3uT4Pz?U$ulhG+ZAKOd9dM3ix*p5W^uK}wHB|l
z_yLQbuz0`4ya$<bk6GLeW8LWcSUk((bh7lx0<h_y#g>i!T7{jBP;Ke)o?khl|2K;t
zvUsm$&)2V}to>k?bv}F^vTWY8_#?9T|Jvf8Ee?kdW7FT_STZ(-(U2@F2|Ss4@j27t
zS!8SsX^_T#k!7>k;x%L$d)Jb&F<cMHyga{lP%k#WBV%KD6p}VPr=F)?>cela41a9#
zHx{3;nBVvr|2@g#rw<u+46zm`TfETXWn`&mwWVJPW<7asUT4|dOqQ~?SiIe`X|nXc
zxAZSq`om<Y=jRsxOh%au-GffroM&+wS?Zic7W<`^p7~jS2B<rkmk*<-3&YVC^FC$t
z=UW`GIKkqn7SFXf!{Tg<^DQ>lRjBm)WK(X9WwYAi4Hj>-*j!7Y(sLc-=XaLPqZa>%
z#ZO!Oti>%Be{b=R7V|q7Qx?AqG~C1DNQ*fqFg9GbG0ZOv3=gw7*5c6?kGFWD#fcUt
zS$w(0b1crVc#*|<78h7tW--@IOr804rQvlJ-)QkI7T;wtzpOBMw_Ci!;zumzhm^*?
z$zon(js7`{U$FQ^i(j>vpY@o$?^^tc#YZjXHQCtz#p2@@;{mtRrklmQZkxQlE$(aa
z7>oJYj<LVQVqVXUe!9h%S!}N77_#aLOP^_RuEk3&F17e7i)$>dx0v?=Q=jz~-)!-n
z7XRAfdoBL0#SdG&%i_Hj^CKox?g5K=e=&OAUktx#@%t9@zGG}Yv-m5EZ^8B1*xX_9
zJr-}Xc!$LgS^SvAdn|s&;{6u$-eJl;WbvyOw_E(K#UEOH)Z#BJ{)@$bwU{>#Q*MyO
z;TH1~Cu748qz%Vd%=?$okF=QIQ5*eai}}5r(O+h9rp37y^P_8Hzue+Fi`QDb(c;@J
z-fr;@i}}&D@xRaF7K_^~e#PR~E&kNv&n^De;vX#L^SddRKTjCuXWoYUTa0g4JN1Jt
z9$_&*hBSHOEl#wUAB!8Cc@{6SINRb<iz_U?+T!ahzTM)xEaq3~rrd`te$3)M7C&S0
zev4nR_;rilvG@avKehOCi}_KysgD;AV1~O}+|%MSEatk0vF8`;hT|+AYw-k&`Q@*%
zpKCEtIkN2OBjeh{5QWXye+D*s&RckoVc-W`hQo#F?+js1BhL|L5&S)d_C3HC2=n=p
z^9|~`cFXw&c_?_gFz1XZ!lS`+h578hP?+z3a)gt>oMX@rpD#;=F9TNz&jPO$<}-c0
z@H{Z*8_di3<_6(R@U6o6;Jby3z*~h&!M_#eGdiE$=;smeqr!*5e2%03b1>%^WUl`_
zEBr5zt-|aB&M|1iHoYd?0Qr{ieUKjrAB5}>{uuHLVgBs&t?*#*F=2kY%XtO;b1uMj
zQSvlw5yHH;Q^zd_8=noyTpt}ITnsrxxC(NFFz@F9;p-sB3f~CHwO0D!$F2#&yl*E7
zKLE+O2W@yyP8Hq<nIZfFq^Tdjmd+RbdyqxK9gyY1#~_yr^Z9SJa5vne)(UgIwo!Nx
znDY(R;au<?!u+~<v+zVP>rI;}U_Pso=YjdGO6IREj|=C5n}qqbd9yH|5f2Jq18x)M
zXTL8C-wkdTz8CzCFh8;WNcca%M}_x+Ip1I%_}%z-!o0U17k&@y!A2W?@*XPuJtUun
zsmG6bDoU8&9-k@P7wi}2y_$VQdw%DAzVL<M(ZUnK>^s`<<Mm$&^B0&z;RWF7!u<R`
zMR*B#t}xfL*{AeV49*s=0xuEf_t7Q7_25cju7B4EUk9!ez7fo4bNb}R>Fb5JfH_a2
z{yy*~;a%W=6MhWLXLj1`20tLY7raxr8O-&3+O&e766SrLb2I9>?%pE&5}42R)V~4d
z+>Fexyx$Z)3g+>n{u}To!u+ECGhr|8IXtek!H+uX2Vwp#@Uw6~Fy~{m;ktfz;elYE
z@DMPMH*I*&A1E9Eb8bdG-vjV3DDs8iSmBA_F~Z5<3Bs3w<AvvfrwV6+X9{y(Fk6`K
z6VinjgBJ;NzQFk#%jK^R93SMB;4)#pf4EAx4qPkT0KQt7zi~7Oa~{DlK|kBTw+ZvJ
zdX5k39|ms~=6j6a3O@>dNVp07sPMC3jtS;H2!2MG?>(Ls{!cK+2W>d-cu|-?aJ(k`
z5%?|P&%hrD{|N37<^t~*!l7W!3F)&R_?YlOutFZ{hk!$bF97quU+Tw!dke>dIX|TS
za_}Hw{NblKKB!*+=KPSn6wL8KE(4DhUJkxkcpW%Fcs)2t_%<-d2lM_0oGQEnoFTju
z%&|h7--Gjop9L2Qw}H!rkARm8zXx6|+yP!I{5`l)_&E4x;UKIr^1T(y>I2>^+#h_e
zupi7hCvD=uzY`t<eq8usFvkRK_^(j2a0-}Xg8FoDn=pUccv-jz+%8-R=KPcP{6U6e
zg4_T;Dtt5eD`Ece^PTYh;N!v%f<0&_^F9pbSRp?G=3JD#3mhf<H26&6--G?a`@qA5
z4}eDsbN!a%iGIlAh53H$5@Eg{n<C8jV>5*LevI$+n3rq3^MwBlUMS4}LUM$^1{Vl_
z2QC#p4z3dZ8N5=Mp8(Vg^FI%cMV7^PXd8sXz_$wXo!VW(k>D-D{C9)z7MZs{_(5U5
zf7>M-1KuOd_i;}P^QYP8g(rbu66U+Vc47Wh@~$x7&3!D)cZGizZUlcV%ynjtW7g;2
z!9NM}4-hZfPyNGSd`7F8f06VO=6gK8_oNN~iakqs4>(%534FdVe;T<+_#k+aFyH-g
zeA5qqpG^~f8+?WECtwDL4<8Z?M<8yVJNjEZ#A2=?8=H$QPO_Nudt;MnG3V|^zue-r
h7IPkNY&KiG!{Wy+Znn71;&zKaviK{DkCUZ8{u}6TH-!KI

literal 0
HcmV?d00001

diff --git a/crypto/os_int.h b/crypto/os_int.h
new file mode 100644
index 0000000000..8788567238
--- /dev/null
+++ b/crypto/os_int.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2012, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_int.h
+ *
+ * Ensure a consistent bit size 
+ */
+
+#ifndef HEADER_OS_INT_H
+#define HEADER_OS_INT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(WIN32)
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
+#else   /* Not Win32 */
+
+#ifdef CONFIG_PLATFORM_SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#endif /* Not Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/rc4.c b/crypto/rc4.c
new file mode 100644
index 0000000000..12a121151d
--- /dev/null
+++ b/crypto/rc4.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * An implementation of the RC4/ARC4 algorithm.
+ * Originally written by Christophe Devine.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/**
+ * Get ready for an encrypt/decrypt operation
+ */
+void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
+{
+    int i, j = 0, k = 0, a;
+    uint8_t *m;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for (i = 0; i < 256; i++)
+        m[i] = i;
+
+    for (i = 0; i < 256; i++)
+    {
+        a = m[i];
+        j = (uint8_t)(j + a + key[k]);
+        m[i] = m[j]; 
+        m[j] = a;
+
+        if (++k >= length) 
+            k = 0;
+    }
+}
+
+/**
+ * Perform the encrypt/decrypt operation (can use it for either since
+ * this is a stream cipher).
+ * NOTE: *msg and *out must be the same pointer (performance tweak)
+ */
+void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{ 
+    int i;
+    uint8_t *m, x, y, a, b;
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for (i = 0; i < length; i++)
+    {
+        a = m[++x];
+        y += a;
+        m[x] = b = m[y];
+        m[y] = a;
+        out[i] ^= m[(uint8_t)(a + b)];
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+}
diff --git a/crypto/rc4.o b/crypto/rc4.o
new file mode 100644
index 0000000000000000000000000000000000000000..104525ceec999c31adb503b09319f55875470aae
GIT binary patch
literal 6232
zcma)=YiwM_6~|}pKD_Jo+XNDvs_XD*9_+4dg^&aS#CC|CL<IRklThlc*K2!|^{%yh
z9qfpbD53>Q;R9`&Dxw%g2viDEMMYcGRstz%(^jnztyDlNAQePu`9LW}w5dq{|G6{k
zV?b(;G<SaI%$YOqxp(*2jy*SNt(6n4zO0rsr8Xx}5>jfTaagNXsuijsGSsVvdi92f
z);y}#?_aY+b*!0u|DO$!RQ#D&^ey@12~QoUR_fHD>7$be5Bi4|&eW-n(KEg3#7?;G
zyh1lbe*DlYjqf35+Y9f#()p|IcUoWa)VQZNR32Z^cgxx1FFug$xcB&R|Lafm)T^x~
z$f;-IYU|&g*`?li)bANoPhRs-SoMTd*OsoHe$~<c%WwU*<4-TX=qE-GFng(2o$G$N
z^DnLAy}Ip%7SmP(+PeS=DSfAE(2BZ~K|s<fdyp59!Wg$|Y6(Y?J>Y#qKM4H;Oima&
zp87^S&0Kw#I^@|PQ=X3Ypup3yMp!&AlAz|*rJ#kvkwVE=Ubyb3EQ>`r3tp`59J6p_
z9X-Q!ZyT+ygPD$fj4b>*9-;MD;TiF?H}(`DI<LI!0zgF<Ea~VBh=rc2W6{r$ViR~=
zz<3yZ{B9`m&ja-akmAVo!voOkbN)PxL`vdtegW#u^c-%u-c;BQyB=vQD4ilEks1$K
zWtPfetDJ_?l(h=_8M|=lV$+P$>HUneUp0r>vF7jy)E4%$Im~D43KkEz70?eSOrHkW
zCp}a@Q=LL7d-NQf>&tUKR7QLiYMbfez;@tyBzAHa6;3Ie-ff!xVk5@5n{8EKZ^Q_V
z@;xf(uTg$aW!x(7LqX%M`iiFZM5w8wsa3Z{TQ0#&Uak^}>tVvWSd3wvE>@wYt%++B
zgY8(UcAbb&(NLm|DijM!c&h5O9&D#Q)~N>DGqA+d`i50O<u9yaD>tq@)w_x=^^sat
z4=pEzx>Dgh)|&L7Hf~(z+$2<#HaDZ!>|4u~Xcja6nT=vLMNl+pgu7X*A!gh)A+>PV
zqA9?m9?9%>)wRf+TNl2a$ZkN2s)|}rs~5@rNOjPX6}4uO3WGTZU`<%rLp<i(t6JUK
zh0N?&bt|YQ(laO?b!FU3lSo<(GvgTztAFU>TF;jpMx?{YG6yPJjWT--DWvA~BEf|-
zCD4_+9f@(+apvDds#89i99g|c<s?$v8ZOg|R2iw}12(b`&md66<kQf#+Q;lLQb^4o
zTO_bD?06cv4NqH5Gp`_F;^vSAp0$bNfjx%gsiP*p$9N9oY2+xLLGgmggW3#lWHp|i
zp>SZple6LEyk`09P_;ha)QG2f&A_U2m4#WqtTLn3e5INxOjXK<r_27~@{!DJrF<x#
z^Q)PBb#`;lrcIe_Wn!*SDrd&$3dM=cOg2}p&S&l@R}N>k2PNt3>};m5T=MfJRNIw3
zlFdw`(jD1K-UZ2(XB=kya=BQ|%)`5yO%><6yEdir#mP?_3Z-0eZX%EA%WX{OFo7!Q
zbb6Xx^(SzNgUtj)%rmq>hr)4;E~MiT^Tc~5<i$Ny@WNhTHFPYFl4wZLEgFi%>ucUR
z-T)4n`d?v9)C!_3MVvSGdSj0n&u~0m^K|~KduKdq+m6!P_5!VaqCXy^7~5U7-g>nf
zrnk0+i*hvHg81=xGoHpXbc}5Uy+t%Eb}(I;VEX1t)xuOMKatE~ZB(&bno8D8d>dA$
z%N2jQY3I$O$-d;q^yYL=GBv|0xoojm1((VxKR@rMs@N!naw%0T`1wkfMN`StUSxYw
z11q#Gw`EH*H3|1ZsaPoGQ<HNgQ=|G>J1?Kf&imLJ`EIqWYo@cG?lCr{zj+KjFC5ML
z3$yuPP{xk~GUFWT+c?%Yvd@l=W?Ia|7^>#|x!ItinFKjS`O=h+lfJXBZ)<XGu2Qa6
zxpPxD?@V^5d%DtH>w>8<-!Ms@F{FKFSC0*rCd+Dcc*ofG-r>D_Mn`sx?HL@|F|>Wp
z@V2h{?Y)EBx_MVy39k(xxVnQY{34jvAax>LX1O0Z*45Z~!BS$V%gggpBpw0YHrFGu
zE-#B#%kEZ)L09SO!i=9CNA6dGeA-bZU(BYtv?@K3^|LBHUahLMu}<X2=cdLcE7_U+
zGE0GDO$Vjf@$pLj$g<*MIk!yDR<fn3{PLjO8ZHESqSCl7W^kFPbZ|?ggEmYz=KVBo
zDBhd@uO#8fwTapa{El|>L6f^X`MPvW`{gZ4U5ET)B-UqH1JadN=cg&<ogk|{=}Wl^
ziSzxx{5HYI)d8w^k@^W%T%Wq3J7&>A^zUxu>>u|9%h<mGBpI&@%16TBu+P>(X5>x8
zdjo}xSBK={jeuPpI<Ccl#Ltyl+0-Ze)*(QvxtCdMDaJUMv7MZ4Q>qIw*)ETTYxfSY
zY<DXbFbSIzSH`!ijQ7C`tQ~BO$N6ya?gzU%Ky?7|E(n9euh}~Ep{zupb0}myd}!9<
zodUB?7ZPPZ7JG*a0-eZo#^%oN5xk*zKAkwf@58`(ck(>^Hai8m3;lD!EdB_7^8_o-
z?<dgZyu5*LNcwRc`0A{UgLj16qd+x_Mfe55ii^iwET{SilhFbrKTVsF*cP@BKCG6<
zi^0gV<;2Bvy33_Ktp0w%*_rdLCndD3$1Im4rOp$vB%x(9%X0Q|NkV4lNu4`qNkV4j
zrOuHqNyyx^Qpcti62gqTwH<`L4ddaw??Eb9-G1lr1r@xOmR?ng?}Ljl`Fuy*V7VVT
z6YZVI`PEB)4EagRlgKIUm=4Ymdrda+z}imJO0r#CepR+xPLknsIdUfFzm{x$uA&c^
zW8od;c(dib$Z^z^wiCda)d@TxoCC)=wl!Www(&m)cKzWvwS9M*KG--JQFoKzZGv|T
z9umA?@Ik@mKC|&l!agUMALy?C=3H9;bHe^RvK`AyU^kYxX~&&G`4^Il(}b<=>>YyF
z3O-1-ZB3GG{6k<j|Mv?2Q-U8R+q#bn`ws>GM)1pm-xADU<*uI`gBut3nPWENn0JKZ
zq+sqVXLoxECUdVk`!&MnTERO7?-smI@RtP73ibuxDfqbHdj#Jv__W|h1V1kLNx{zv
z=00)bIxCoa#@SyL{F>mm1ivHrykK6OE>09{<hWjNyWmR%^N$+mpAvkv;4Ol061+<=
z|L1XWZWqiye4PD=;JXB$5PYBD2Lyjx@M*#P56Q)UTJW=ipA-DN;Io4H_mhkBN5QWP
z{<C171?T^v;Ex4+IHS(T+=qNXcqhB_%X``RyesS<g4^sF|Bqk~@oDEZ9<$6VrOh(0
z%GH*6{w}l3x6^vde1G#Bk#Rb~n=JEOUT3)r+-v!2@PK8WOa2$gx?92gFOkf5)B(%A
zVBS}>_k(#~k$HBDmig}B-k^OHJa3ujn0tfv+rW2Qz8(Ca<sA4smM6hyEc2{CWtn&O
zk1X@f=DIT`&;7409|Qlv@(J*3mcI&q)AC91UoAfde$Vm~V6Ho3J`Mi2<sX14Zhg(W
c4?Yz6&gEP?AI`Po>jV!79ua&{a8dAo0Urm0#Q*>R

literal 0
HcmV?d00001

diff --git a/crypto/rsa.c b/crypto/rsa.c
new file mode 100644
index 0000000000..143e66add5
--- /dev/null
+++ b/crypto/rsa.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Implements the RSA public encryption algorithm. Uses the bigint library to
+ * perform its calculations.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "crypto.h"
+
+void RSA_priv_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#if CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+    )
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
+    rsa_ctx = *ctx;
+    bi_ctx = rsa_ctx->bi_ctx;
+    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
+    bi_permanent(rsa_ctx->d);
+
+#ifdef CONFIG_BIGINT_CRT
+    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
+    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
+    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
+    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
+    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
+    bi_permanent(rsa_ctx->dP);
+    bi_permanent(rsa_ctx->dQ);
+    bi_permanent(rsa_ctx->qInv);
+    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
+    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
+#endif
+}
+
+void RSA_pub_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len)
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+
+    if (*ctx)   /* if we load multiple certs, dump the old one */
+        RSA_free(*ctx);
+
+    bi_ctx = bi_initialize();
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
+    rsa_ctx = *ctx;
+    rsa_ctx->bi_ctx = bi_ctx;
+    rsa_ctx->num_octets = mod_len;
+    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
+    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
+    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
+    bi_permanent(rsa_ctx->e);
+}
+
+/**
+ * Free up any RSA context resources.
+ */
+void RSA_free(RSA_CTX *rsa_ctx)
+{
+    BI_CTX *bi_ctx;
+    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
+        return;
+
+    bi_ctx = rsa_ctx->bi_ctx;
+
+    bi_depermanent(rsa_ctx->e);
+    bi_free(bi_ctx, rsa_ctx->e);
+    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
+
+    if (rsa_ctx->d)
+    {
+        bi_depermanent(rsa_ctx->d);
+        bi_free(bi_ctx, rsa_ctx->d);
+#ifdef CONFIG_BIGINT_CRT
+        bi_depermanent(rsa_ctx->dP);
+        bi_depermanent(rsa_ctx->dQ);
+        bi_depermanent(rsa_ctx->qInv);
+        bi_free(bi_ctx, rsa_ctx->dP);
+        bi_free(bi_ctx, rsa_ctx->dQ);
+        bi_free(bi_ctx, rsa_ctx->qInv);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
+#endif
+    }
+
+    bi_terminate(bi_ctx);
+    free(rsa_ctx);
+}
+
+/**
+ * @brief Use PKCS1.5 for decryption/verification.
+ * @param ctx [in] The context
+ * @param in_data [in] The data to encrypt (must be < modulus size-11)
+ * @param out_data [out] The encrypted data.
+ * @param is_decryption [in] Decryption or verify operation.
+ * @return  The number of bytes that were originally encrypted. -1 on error.
+ * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
+                            uint8_t *out_data, int is_decryption)
+{
+    const int byte_size = ctx->num_octets;
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    uint8_t *block = (uint8_t *)alloca(byte_size);
+
+    memset(out_data, 0, byte_size); /* initialise */
+
+    /* decrypt */
+    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    decrypted_bi = is_decryption ?  /* decrypt or verify? */
+            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+#else   /* always a decryption */
+    decrypted_bi = RSA_private(ctx, dat_bi);
+#endif
+
+    /* convert to a normal block */
+    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
+
+    i = 10; /* start at the first possible non-padded byte */
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
+    {
+        while (block[i++] == 0xff && i < byte_size);
+
+        if (block[i-2] != 0xff)
+            i = byte_size;     /*ensure size is 0 */   
+    }
+    else                    /* PKCS1.5 encryption padding is random */
+#endif
+    {
+        while (block[i++] && i < byte_size);
+    }
+    size = byte_size - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+        memcpy(out_data, &block[i], size);
+    
+    return size ? size : -1;
+}
+
+/**
+ * Performs m = c^d mod n
+ */
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
+{
+#ifdef CONFIG_BIGINT_CRT
+    return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
+#else
+    BI_CTX *ctx = c->bi_ctx;
+    ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(ctx, bi_msg, c->d);
+#endif
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Used for diagnostics.
+ */
+void RSA_print(const RSA_CTX *rsa_ctx) 
+{
+    if (rsa_ctx == NULL)
+        return;
+
+    printf("-----------------   RSA DEBUG   ----------------\n");
+    printf("Size:\t%d\n", rsa_ctx->num_octets);
+    bi_print("Modulus", rsa_ctx->m);
+    bi_print("Public Key", rsa_ctx->e);
+    bi_print("Private Key", rsa_ctx->d);
+}
+#endif
+
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+/**
+ * Performs c = m^e mod n
+ */
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
+{
+    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
+}
+
+/**
+ * Use PKCS1.5 for encryption/signing.
+ * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing)
+{
+    int byte_size = ctx->num_octets;
+    int num_pads_needed = byte_size-in_len-3;
+    bigint *dat_bi, *encrypt_bi;
+
+    /* note: in_len+11 must be > byte_size */
+    out_data[0] = 0;     /* ensure encryption block is < modulus */
+
+    if (is_signing)
+    {
+        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
+        memset(&out_data[2], 0xff, num_pads_needed);
+    }
+    else /* randomize the encryption padding with non-zero bytes */   
+    {
+        out_data[1] = 2;
+        get_random_NZ(num_pads_needed, &out_data[2]);
+    }
+
+    out_data[2+num_pads_needed] = 0;
+    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
+
+    /* now encrypt it */
+    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
+    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
+                              RSA_public(ctx, dat_bi);
+    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx->bi_ctx);
+    return byte_size;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/crypto/rsa.o b/crypto/rsa.o
new file mode 100644
index 0000000000000000000000000000000000000000..320410453e6cc58e9a49c78d923a2f93303eb47c
GIT binary patch
literal 25612
zcmd6vd3aPszW3{Ncam;8gsg0Wc0zzevV%@UkbodT2}>3hMPrr@M3PQO0t5yH83(s0
zi;UxpQQ>hMWYiIq@#@v9$hg3`jLcOBN1egtD(;Bm9UT|$_gkl``xo%u_kExDpIgs!
zx<2)-U;V01Rh^|ypYFBOW}fFbj<Uf~m#A1usdahC@hUY=8|0|rYN$2+Umvs0W!TEG
zRb%`A38_yWJ&+kFel6t%&%i(V4{gawMKA4Ds&rU>f0uH4OSZA=Am-!^+!AN<^P>5S
zOlFIT*BFaM)}pi}N^30T^d_bm``*M6F4?^NL^tg(-k*6WCH2YV{zp~nlP`U6<tLsT
z&ug0lyAN#tdf8dd!j$IBvX?^xvs9ci4Sd0q_mf1k2f0b5&Uc=Q{s*?aw%&T2=*b<B
z=(DNPl=4i=xu=;rckkbRX!DUPzgm|1WRb2H{qur{J@jS*>e-(-vHzjo^2xTXxp{86
z(z)ezRx4drer4{2Xlir$_S~7#)b8>pb7MVou>7suXz%2%$@%a465bNiO-=BXn0;~&
zDRsH$nvT>b50}qhuz1Oja<+6&zt-{8B^XQWPssM;k@c@_{(9M)p6{Ieq=kj-&lv+s
z+IX~JkYDiR48VvVo)vP_-KXW;HZdWZTu|71*F;Z#fAqyfPtI)>i5DlicK5U--nk)7
zmESheQ#rM)e0a`nuI^eLzQnkr*_3U^v*Oh$W2dJkkI&26_x%))%G!2(^wxeGpf<ff
z;;ju|A7689LqAMxZP!ym^^2lU_x}3Sl$-(MCsdd^^OMd)B?C|WE<b7b0RIU?hdG0>
z^VE4m`$CUZX4*MY+7m@UNuHTHnoSpgOU<})4!Sc?(O-opXG@?sF|Kk-S<cpSGa~+C
zF-MQAKd@c*Zd_n@*_^*84w!Sr-eVQ$)f>E7&we+s$yeb?OwForO12#zlfSTdRm!!Q
zj_&vFlxs2<6tB(?)=%_T#2q`&v@55#B59&I6w&XAy5G^yiP=*soG}v@7B@R5`dH$?
zOUJs>P(@t*^r)MO{i9=8-aFBAY-(9fZ}~8{Zj4cHMSnYzIlZpx-<_Y-_h?Wm|HKdq
zg(|Biho(-OQZpTVVm5|QRW+{;j}MG&<ak!JH7;*i-l^s+uWxB?2wf0frPQ2`<`s2a
zVVy{X&2a>;a@HuE2SP~Oumj-3Ia?(q`{EJxc-A>LAf00j?nb;4n`=|#^MG&k`RMWn
z?>eW)voTI(Bf${DF78BZ{n56^qupw!!)S!?JnTjw_9fsWDdZb~XdN{7x}nrj@Q2LT
z?TXgP=H1}k80Yf=`Va8=b+I0gvVPw{g%#0q$vzCL-XEKv2Y;uDd^%*kylgSdME+Zd
zPpFsm^kAx)n%6nE^@j}$D4(+tpUy!P{3{!akniRw5BJLRauGhgzJzvE<MYM&;+i8}
z%In0hrtJ9lpv7KK-19n0_#KSA{<s$A`4e(=$+$0E2Z=QCC0tGu$DfMI;(a~HN?3~z
z&%Yq;J$*Xy6k42FLkv)z%NBTs<HL782iwm}M6$0c9#LRE<r<<2?82vS-YhBso(g^Q
z$?<_+)a+Yu7T6#7mb?&CNF}2Fe`CJy0epH2P?c{Hg?>|g^>@P{z+v(=5>;Rmv%_Rx
zAcH=d$o{}UWcn8W7MvK^O`8aLa9|@X+sWC%#mcwraZpj<L#iEY$+*C0^wLQ#4J;>j
zktYP!kymX7m!WOEY$dWPI_SR)ss}0s4@cFvdN{COPTYM{Q7qW1;_hdj3WinOE|M?U
zsN!~${K0k=_aG@TxJ<?EAteVJ=cu^f5z~W>b5-0!#KD0%a2EG3<Y9p`uvc-9ux+70
zg!;d-s%*64DdYnoJ^Dvr(y2%|hgr&54II#b6e0QgXa-7g{}Rr}N6Kn=cADsb!|L?z
zKst3hZJUS;X{^y%!Wucp(+A^YLr|%VEWpnJuOMfjQ|Y-JT0XS<pdHa#l~bhBORfDB
zV;={{#y<UglbK#=;X-TPXw1jO%rhcJD;HX~(H049Jv26>O>0$7vC7~)r?lQkB`RYp
zq~AljIaYE|FSM7Tv4LyA@jl&8gJ9y!vga|U_c6@N!3|yA5Q&pund)P&&)$dRQYL?d
zE^uaZ&~9e(33`~r+<i=btCP(A1Y4T!@=A93V0dx6yoz0ZCX(s<Ve(TX(q9Dp2U?f$
z7r;@#Jop>vRC)Y4XfSv4Q)Ki@#OYRNRAW$(?Omqg%?@RJ3xix3Y;p~pBAekyO)U9<
zo8jHO0A;GYo2zZn^ki5}g#|i=Esgi>hiL*2la%qua>m$mx6@mWv$ESiW7t2{$aecD
zk3GQirQ1Jw?1Ak}>i)^s{lld0pM2)N!{i2lQ@~sw`XO}(G^c>MXCpbdT{%U}yNG%8
z<`gmS$IM%%oMPtP%DiNNQ_Q?anTI3KDPiX8%;bUOlrZxfojF%IW0`ph_BAyNvNKlK
z$Rv+WXPmB+$qQKLI9(@_?r4^>k8WjBA3$euG=Ga^MiGqf1LWe;G0>Uk{lb|y(5XRG
zGtj9<RLySx!l|+YQwDnu%mv!M+Pj&9NsIZkz)_c84hs%U2K$+&E3B#C9YdcULmr^@
z#^M%hk?dL|MlE=ip^tyH7K2@j^r*!Z#^McY5ppetMJ;-a#rM`C$F<0|7U?&`f=y1p
z-NLU8WIO=i3@yPNLXSAbW;X}%{L2iAB}P<3BIrtIFHd>)mcZ%VsHY!fp8KAJL8?Cg
zX{%3=9CQTcHQJT#YNdu8gyL-E5FQ2b&cW%;4%k_|k&cou8B*DS&PI;>cqaEVxrv4s
zF`3JGv58(bAepv>$t|ZNcL$O~o0W4D^PXnjE|%2EZ<zcEcVjDeV<>Jp(nd#<vzWY$
z#y?{<>ybPq%;x=!t}1W|8m5NVprX0h(wK4E8i=QI)@_6FsbRq5fb@F6HP~sDkqX)Y
z+5|&(<Q34epgjz2m)5GGVV3FB15Y0+qZs*|7f(g=RmKEpJk$>vKb&DaU%mpnV_K`x
zeyVvc%~)n~60sYY@v)pik0a+xl)=bqwNh7!GYn5I3Ea<=XW1ctw0CDt@9*Kny;A*=
zV{;HYm~jj+1ou^!=?W@&p+U&_4sr?PE3K^W5i@vaQx5qSE0<~O3?tuf<#Nh{LPkb+
z#d)hKsngi&_I}Xm{U-|O&i;<Q&hF<CK4>Zmve(T~jTRPgFhAs8*_%bDmseExg!v(N
z=X{iOr`m^{YCN7(XFzv8<OS*(CiTqwh*M%9Mj&-3b3dZfDM-3A?-M51F!@U~!ugcR
zUoxp@*Jqq;evDFD19Nq90+J!_)|Zg<Wb!$G!16%v&TM4r9c%@p$D>{DY`PA%m!Kp6
z4nvG!;uQ)fv3|#o4;?mk81~xZKdui}k4oPTOOA5}&wrdugRt9n(5v(v#2(~uN{!Ju
z`XZe1BDBj<!6dE04z7+^S8OR=)t}@l9WCTcT%&XBeB%jo7;<icLzOujrQ=8QHYSVR
zp)z@WjL+qrLKe^1MtuhuKb|)WuF9TNnXghE$=e03s?1B^EuoTE=&T>nVgygf@!52g
zU52#(PReX;)<}T<P}!5{CZE;w?B-U$QO|N~X<+tQJXywCWU_es6hEqlS-SPv9`4S?
zWDbq6r=)F8_)ytzvWaIhpJ#*<ipWz9PY%P>$lss}?ge{R@1<@_7VnEy=03JHk3%dR
zagMqT9?83Y7EVRyyM;CB!tuVrP)Cja95z9f08iY19=KT>=sf#ld;}h($ir5P!&K%X
zq~j-Y{%OT@1Y6l}2&>}65$$BZt4vPuxWk+RZtK}Zl~cyv%h4^z0g>X2OiBxSlTJxW
zaZ=-x2jNb8pz<b-51t*IfkVTat%AXGkdJ$k0YEr33XYC=Dzr)%r5Its<V^|&S=K=^
z&_C*^6b1XGIkCJT^89Wk%u95f8EGujKNFq`p(GVJlZLqM7(HZ0T1a~w5Em_lyL}|0
z?M#v8+>^4wKc6y$9#dmx9_(G(xM(RR)306cs1&Cdh8aL~N3m|l!0VuU25+8%g}@-2
zfs<FP0W6J^oNQ#DdWWJSvxhW2C1yG!ZGvvuFfKBN4@ZqGxFEPt@8hX)syK}$PAf1u
z(On4%+c@r9X3Xj6A+FP`I6V|23Y2Wwgdvz&(%80Pq${$E#~BZ!Mxj}wW5$sr=DOZ<
zVlpd)Aww!QM^!S~rg0IY9oT$0Nmkwg&><P0JhMCMVpmY=ZoqCWRWjnb0ME)9@rh{P
z;<SBM+g35+g4Cmy>6pggIgoXTnO4(uAhJ;@BkQ(0+NzjsP0a1)YPvUW-3uZ7#7yT2
z(*?qGfm^>)Zvc*9L%%Q@s#{QNb6*0y?B+7!lRQW97}p_$WTBQS8I`!Xj1FMy+bJ>I
zD%x6us_5>;463C;Z2w~hHPWEw2RzJ^2J?QvU_K4FnnQ0hnxwIck!{)hKE<9zjz?`)
zjA_9EwSf&Y`96`4Yla&{zF*|~e;_|m<m0q`Qu$<&&snO2@SiU7(|;g;u*m08t%E2(
zOym#yf&7rj5B)%Xw#d)^f&3hipJVemVfJAYGmB%wrzzqH<a*+DEmbn&h0;;;8GVMW
z?_{Ix``Vz2ku``-Hm)ihTy-$(86DJkF{8g=>+6iRDcYclku~V+%r&THbO;-#2V)w`
z<2~l9M*51);eVjAU!V|9F53{@@1pG~-p$X&=27GCScbUUFk`n=6-zyY%~4gh6muwh
zRM8!DctB@gVzbXdvP?^rjP#AIs%iu_xhkV}jZv4yNS@{9GCJGMWz!b9Dx*4Awe_SU
zInd2z^hb@+bIJc)mbvZ@M$gDxe0;2ZR5HrO-2x^Mqg-r#hmgyHvD%=L(K#Bc8C`(w
zWZQGKK@}rw5F2hT6Zj|#bB9qDj&oGZh!2YUI-~6xZCl0YT8#@BJ%Ww4Rd<l~>WnHz
zFKArA$olJBcb7J(X5{*-k^ZW+zeimgMy|ga=`VIpW&1AGwl$2h^}bxp$krX3nzVH*
zoF^-srz>=8nI~(Bop-BHa+G#`2_w2j=h=C|PF#Tv5+k>YYFkBrB^NNFu1eNLcPCib
z8v3gavGR$Y%<o4jK9@#qj2_fj#bwL)uF5D*w=g=}{Ya+umHy`f%w-{QM&sEO(-Z-^
z3G4_P4q=(<QQz{s<b0FVAD<2w9+cD2v8uhRO%>L3hC4b7n-_PqEnU*qwX|(TVS7j0
zW#NXd&cbkKduhp;XBO6VG%jzBv=!DbZ*FNUY^`f(>+CLE+19bNaI%|IP}kmGcy3#y
zD;z<w^XpdB6)r)cm319q>!hKr)nZ{+TU$$KVK=Nh>+)N=i;K?854SWGwlvolE^cTz
zIb&QwX+cS0bEKhVd1Ls0Q;Sd91>45X&K9LQI_nDXa9*j-uExf2Q^67r6&PRbfH9c$
z&5Oac&8_V%5MbzziOX)L%P54-aSOF|*0#5G&;!Pq-r8Kfv#X;yve@Mb9I3AS=Eynj
zM2ORK#QUCdyebgDrzhaSr#FCa`V2b(KiCQM(@Ic(#%U#9Gj(g@TE^_%Qu5QM{Yd+Y
zKq5T&0txtBqia{XMxSnvV_L%YxTSpB-nH~;`z!RP)8~^uZM{jF+1h!5WPGXs_rh!J
zV|%*xBoE#IOF6p6wE>@I_K(|=|99oT>npa_qigw61=w777~CD>w{VX43Z3n8ylz&x
z85j<R+jO5+*64=f>oe$X2YJj6)3Y})029jNbK=ntFmW+nclM+}8Z6w7w4K4a%XHld
zffQ@5*ra&05<?9K9<+`nli4mh^mcPNnZsHzuV_n8?!>Z#nyPKQsFC}Sp?$c6?^@U)
z;>2|HKDa|+KRJwk-8R>QZL>Q>?j&WG`%mgArKe%MZj+r#Y~O0Fcy!;nxo(TCXZrNB
zAELeFP6~e7>EQ0CJ8{_KE6tQ=S+Aaewujxav|Ouu!0t7bT0AC*)#C0EJfly&-Vxkq
zP2MQ!u|UgkCdW7bwdYnZP*Y~;s1slG*LJD;=GxY_MupRDyK0<U+Y*kbmbS>^kp5U6
z>1<vc2{(rL?Q&grZ9`p4OIriWw1+!d>moRPt4O$8duhk%1V%Kd6D}wkCk;5qE10dQ
z4R^Pz>9cA==Z5sDI+Wka>gc@_9BIq%g46s?TvVFdBKa-NUEz*8W-Sio&qg%6B$SUc
z*~Esk&I;u>!Mr)r(i{orH!Y9o5}m9i($(ZPgDpUdn>xZ_g<aKeG_;0W8`@W?TKA->
zaJA|xJ`=ss%AG`4bSm~%IHFImnsvLEhF8@_!YkFX8IcvbtKhde(%jWt*Mi<u&5_#1
zx~@7^k3Lwc`gGpO-HD=+HgsZ3b7#0wk3qY3sVm|zaDY_j5}dn3eO$FI?{ceQ6C1;B
z6X6Z}hBN)jaEDsi9BFJ@scLKWX&tR<U*6TJ8t1tF$@JZ|sy)n(>8NXL?soT4zvrQv
zJFQ#vKD#WstF63}a5vdLc7j?Q?t%kU*IGO4LVD|jzzGH9ccJWc^yqSo0Ufn9HNk+H
zt(}Wi{i?2Tt=`R!a8oC*f4U6n=ZwMCDb|O2?w}ZE4x8Y1iy2wWj@IS~UP_@~T_GD#
zhpDi_*6ofd+l0a#?Xe{oZS9o3*uK2J){ZSk5Yqy#c&$~D<*l`C4P9aM8B4c>>pE~0
zG%V3|HHKq{fu3Gw!mzw{>%J?aS?8P4!g#|%w-lrAR?=SA*onCnZVWdn%ud@&%XMo@
z(O9;T$Bl7}wz*gTLie`e2ky(lg>~IsxN!;>>%tr}(<!>vWqK6V^mET0AIfRyXzT3c
zeOCUg>7n9+lA?m5T=(F_8yQN4+?znPK;MJa&WJR%shX;3wUeh*&7N6PJ*{@;jOuBX
zlV?^<Eb2FT%8ZG{c<j&ccQ?{8?pLD0XO`VPP<XGwm`@V2u=QfYBTdaa5Ht8;e>dU~
zHrnsUHXj@9`PhkpHX-m%Fm3pNgn>Gj;v>M+xejNb&XsT-m^xQ?41R3n(TFK=S<7d4
zS=csHK%fnoF?FsA8JH&HHd^bqgPBEr8-RV8h3#H29$IStJ(x|R%~N2$yFweT+8NkR
zE;FZsDTQz+$Vbz($ptgeCJ%fXm^NH5GEnD=sTE9}t2_qQMeagOKXwg3T@`e$YVE44
zN8Hun#!D=9gj?zg%=uUq=oC-Ysz9Ij3hFyMp|&x>!o>ySj8S8_e)(b?n{}<>K1wqu
zQh}RWS6|-|UePC;7aO-0V}eu7;xOxAJ6w%te(M5tssbGAt-LT5xOdwHZXLQrcNZIP
ziX(xQOFQ@Y|1yMN$C1KUZ90s@r=8&x>_X}k!PHC7a7U0j%hQfCp}?fAzZ_)Rkw8||
zU#?*4e1B#W3eg`2)cRw4=-&*os^K&gfq4w$v2mpTPj-`F!!jk<7#6_arJCFi*2{b@
zQLS(0JPf-zLa_ZZ3wf4l_bV(ncvNsd*dDtdVX!E!{0Vp=1mDZpVDm18ApK39jE4v4
zSo-4$$ok_$Qd<V7cBU&enTLZ3Ht#B=Ei>yw9E$7oA>kU@ytPQmdY4qd4((&TY^JSu
zE7+C+s>^VAh6pCuJihBE{T;yzPubAuk8k@~e|Ljz8KAlj{@xH{Z1e6kWoW~YcoEJX
z=tKI$tzgvO9x%%kVPj|-iL;Mr2=ll-VPb2y1{0EJ4I8Z8eh8>08g7RjrfM|Mj)89~
zS!ViG*okhA=DmVE(Hu3W-aT%(ANmbH#5|7P$0q&#75;V!!Q$Jnll~ULAMNOm&!KHU
zvybet0aQ1R!Igqwg7wGPV@1UNV%S08Qx<-`Lx0KG0@$R#ug2o(pLK#ffk?%I)P3sn
z<FOq2lOCBC69I<a=vm4w<?S;v%$GgRw7F!PO1!#fV>Np9%$8}+%vkX1nI+R{u>^>V
z6dAk<2cZaFl_65J=LpAw7b9fn)(*(2uwdWXK*r$^4NQ-YrrdErw?_l>%c3bae;U#}
z##UmZf4=N$1MM4Z0x{FAC!|@<2IjA~3B*kEI1iy4b|R+#ZHVoi3Dfr?Z3FEe#Kt?6
z4-qq;$Ds|(f5s*dGyTE|=|7*4e)oj*M@aL|q5?7fe|bXwKTk;OXMsjzef`ijd)LA8
z8A$VP<1OSdor$y!wCC4dHZX0Tc=3)_-yY)*Ti#NeyZJtM_0VFs`?}DH_wTR}OR_$T
zRy;W4;sF+7l@hy!x3}!krGOR8(t>LTN_Nd<*1EB~b+b5uf39`hwU}9H8dtb2(Q7fY
zK82+w_om)mebLe`JWpC($pr|mpXfrz9QK^ImN}0s?-H!f_u@3cFU1*no^s6L$g_fD
z4n>|@tqsS^+R)VMJa1a&dCzi)Y<y-5&JmnPHgy#V9!EBZKd&DSZ<P@yU~|mZ=w;-g
z_&}J7&EZKLp&XmTh9JzuX7xGb;Z)t<VOf0v(pFzYHhwM@+$ea7;1<E{WaGa}aJS$!
zWYe~Fg0CWn@PTj*HYZD?UKKebT;4?8v~4Syor-V^HfN+p_iX{AZ=*iS)gLCa;}IUi
z=HU9suos(iIteQeY?k*6ex7XnzeG0ed6{hdA0nH!y+O{$2f|@&*5+NZu{lCEK0hX#
zHXkMPrWj!s&P)8Rj`xQ*8s@6$X2a_c-)i^(;=O`DAoq8VkG~tf8$S8cAN6~|c%r9y
z7dXT49`HkC*zt=Ku0qMZh<QC{Sq5^@96KCN>M+;W{a`u(f!7}De#1dC&kL!;XAffD
zSJNiZu=P2?=*fu5*5_2CvkJ1cpK0{Lh{;y3Hago#wmQFbWxXN9Wb1#4(X$bgt=?hu
z9K>X+uQ7TaVzS-G4Ms0QOt$)sMjwZm95l!H%|<UpOb(jkeIIr7)qccJliBeIOtby$
z8*<Q`6J9oY8DetKoF9%Doqa|QntAx2MlVN94zi;VJh)ELKl_qw?RmYUJ_kBEXpZ-M
z>g;?3zV%KU_BYv<onrI_(8;#!ETb=iPPX>^aUuO&3Y~0qzV%DJ5jxrG-9}#moow|D
zMsI;mw)!Tcw?ik}_S|ChF6d;dZ!>x~bh6d&H9E(iZ2RzGqpyQbw))#fzY01z7y=+9
zVw|~O*BB0FX;}?3dJmH1;0RYAWAsf(lI?ztrH+kHaQIR{y16Oj`<C>-753yHCpp3*
zqu*jUXwFMZjou5LZ0+%$srJvOKi3=P6Q7$5^J&pthIzi)X_)6RzV^Vj@hQ*4WVB}+
z{F8&`T*^G!(C7PxLpUdWOosi#uqOv|00{pu`eTNJ=G^Y(c?|Y@p_7B=JU_tbPeCVJ
zeW=m*Lnm9EuP4yY^U%q*fB1bl+sUU$R~eg^U_-WJ#9unFERRL9-ADckg8CuoWIJ~J
zD%_6Oeq-|nY{<cU0K(fwKWy0g{LJX@LML0FJTbGbBhbmV{d{qs`p1yTc6_=1rG6AT
zIcTm&ES?tcp68Pdrz7U(KxY_?%|V|q48xXYI8!i(jXIjB#*tCB6frmJX9C%jEd$g3
zZp70B&oq1w;wr=UA-<FhpN)vQS)WVD#%Bv{z#$xed^Tda+c1CPz1HwZ@HJ%k>_N=U
z`sA@^eQu=<d~!YW3&GnA|2uT<1O42Kn49&pi)`Aqhc;lYdma(I*YFq6pEdj?_$9;N
zfVtjb+2i2DWYqO8Vs5ssBV<$8$Fu=+4fMI-uMGc<cJM_%{3VzEH5Zt{kF@oZNE_I4
zEtDd7u;D`J>}&eTM$FB&htK@1pFG;Y57$t|f=dn0hR&A*X)_mmzTt&nHp}trrs?|$
zC(&g-%dpH_5X-z|+Io2zqfdrRYz}XH5Jq9M_G1N~EBJiDa|JIDTr0RqaI4@h!9Nzf
zUho#dw+ZIFvh93O@Z*C2Aox|mZwvlZFxS4;Cx6*$d6Z!Ns;TK`KF_f>92d*;1lJ4h
z7JQXpUW;v6{<Pcj(}F`7E34-TE){%%;CX`E1aA=BL&nCi39+3IyvMe6@w(>lVHUz~
zguX}UkC3r3@XdeAuL|b<xz+jm9LsnsAj$&-4;Gv$_zb}_1Yaz;UGPr?|6DMCf@k-U
zzcsP#c^J%o;QZ3BmYIG3ldyk-Z1lH;{*lm+3jLo##}DVD_2S)vs2^UBY<mU^eYns^
z3q6mFb~2nH_#DCW1$PVHEcijeFOtpNep%>;!0Z#A&px4U_WhW!|5oUH4q^QS$;KYP
zM~LeDb(_^s6MC-D3xr-O^oc^BF7#@_3x!RC(Axzs7dC5!euLmG!lqZ~zY%=Duz5u2
z{I#9!hy6l-LFj)LI-l!X`}c(Yk<h;s`aj8L4xEmQf#sQkYXq+p{0qU43Vu`Yal!mP
z#`;eYJXG*l!86EaE>#JAKA3Zf_Y9X&H*=#+*sl`$6=buIn}iL2zh?E@!Su=dhX<(}
zpAQTBeL{a$=m&-Vs?ZM${Xc~Mnb5x#%<Hh--yqq}d7%##`e{PX6?%ctONBmB=#^yC
zC-cDEcdmWH!agFnQ`lcFc(dT$f}a-rn&2-4_s9O(HWZP~Sf45M@nE)%_gd40&1^C@
zhH5hM8Ny`DX@;djUnBJOLcdAqzYzLwguYAY|0eYPLVq62cJf~Cb?Vp{-WB`-*|hT;
zvf1CbelZ<ycWFPomphfZ@iT&K?DK_QBJ>GDpDgqXgg!^;7Ye;r=*>cp2)$eAmka%B
zq4x;=W})9fHv4`jn0>_;jUN;?j|qNK*gq%uOTpg@9*lcW>pxF$ncx|M8w6i2_-eB0
z=UW8-R`64TUlIJC;LimI;m`U!UGOx)^8{Zj_-?_E2!2)Ye+nLoHK?sCBzUag8G>sC
zUm<v_V9sNX7XvQQQN}JtncwPJn}LG)D9!45f{O%C5`3=U^99cmTqAg);H84w1g{Xh
zTJU<o8wB4h_?LpW3%*P6y@I(WwfnnI@H2v65PVSZYl7bt{E1+@-h`y=dXxMuHd`;(
zo0hrWv~1Uvv>zsPuG_86Xu<p)lhyf5((+`%(**Mu%GPFq;99{Ag83ZM+D8Ph6U;S^
zwYgsKM#0+!-zE57!Mg<S6a0+e7X<S^9BjSs2<9)ctp2IsV}gA+R;-O*@BqQgw>Cos
z^IvzYK2mV5VE$mq+VBV8mZuBmI?n1B39c2qSTLVeTKgXhUMu)&!F+~k?YY*oe23s2
zg6|RhsNg3AKP&h-!LJMco8b2ae<b)D!N&zB;Cf@*85Deq;L`;2uMMpI7{O-?o+Nm>
zV7^Ib%U&e7R`6oMO9lT}@LIuF3%*|Pt%C0m%=M{l!vlh!6#TT{=LNqc_|Jl07yOCf
z&jo)an18-w+ragy<y65#1aqxwZTL$r%Q=GiZz)#iTGjG2!7~K&?^LW!t>7lXmkI6=
zyh88>!Pg1qTG;yknPC1=i`DND{D9zx1nd8D!F**nAoPQRUlIJK;I{-H5&W@W{pT>o
z|8b%7KQC=Nxz@I<|2@Xo;|KFmeWYNnwXJ=T;BkV_7CcF?{yQ4uzf$O2cUzwq3vLv=
zL~xtnPQm<t8|!C-V6M%rzFF`#!M_rGk6^CTZCS3(E$<V|KajEdD}uQ;xB6kh?+fNS
z-P-WaUo7*vuVugBM8SMcY;6V!=6}anJzwxR!KH%F7d%Tap95Gw3k6>)xKS|wYR1~H
z7JQ}Pp9<~~%=c7n*<T92UGQCkcM9Gmc#q&`1ph(sLBX#G=ATm8HXIiGq2Nyie<}ED
z!F&PD`r&^}TIQeaSmrYj%b9{l3eFQ;Bv}7Tk2#Lc6MBW<xq>eeTr0RqFrTZ~_UOO;
zG5*&H{c6G23)cS&WbEy86`s@X5;i*p?-IO6FrTs5HasWzPlEZp#oBxz_!GhUkBLls
z67l@O+NTK~B=}UpS%UeD#g@$%%zrwvdYNGU$&uBo1Yaol62Yy4mkGvHQV#ZqAsL%p
z=ca?L{{Z$cs)PBrTnxOoB=a!>pZ}A&ZX0Dd3C!;TsMB|e;lW^jFF-vD%-`9Q^TGTc
zoLmCtkNU}_VE&UGc?y`{9gw+(<9FrcN^rg53&BeaH-h;eSG0+My9{@OR~udrUT3%m
z%<mv*&+iZU9R#@-yv6X{;9Cse59Ti_XtNvqE5rPrkl#m8-v{1h_-XJ%hWCRXGyD>m
z-%Zf|4e)-$e+9p2_%Qfo!*7H6YYf`I3qEZ4J@9*mkAXin%r)FG!~L+H_{wlH_<O^A
ze(u9P6@88Y_cP3QNs<j0fd?AqcTK|#j{|2J=GrdD@Dy-?;d1ae!(7jeH_Y{1nc)k;
z=NaaAQ+!s%_B4Sj4KD#NFx(El#Bdk5(eMiJWrnW+^E(&%Sr6uq>B(IG@y`dyH-h<}
zo8+6p*BHJXe52uCgSQ%f0L*)1+CL87ZkW%FcNl&Ve4pW$!2C%)?fJbk-%%j{4g7@R
zx52z;rhWwcoZ+M3gNFJ2GVhsb!@tCM(=fkZe#fvEc^?=~0Q21g+VeQ(b1^dCllaDP
z7C0XFY}AXfr5HW~JjgJQQQkk(hR<?G7_I{68s@)M6&hXu=J!6dZ^Tw+csY2w;coC;
z!#w`@eGu($!d7RP@0_$4-UjY8yc4|2@V(%*hWS3rPYpi+-e~wKFz=t~{{XgI4fEOW
zcEj(2d0$N%uK(^c`~jHXLs375?GeL#ckc<qe0Puc*tFrhd(Ro>dosMorq1WLe>PkU
z<~=rb{`1B=hWY*B2Znikd}eqm_)Eh)CV0Qivi#1S&!oxxHwoTvllgsPf5Vr8(+t;x
zhZqin`P~-nmw<WiO>O~?G28|&HrxUJkzxMH2EXT`{VMRehOYz9Fx&&4ZFm!yzx|;-
zkD-eU-vX{P%;RaXVIEJdhVKXS-kW84+^jPEIGEpyQGXHqQ^Q<eUT^qiFz>@@^B3^X
z4gU>%n_<4cbEn}W;GKqftni+kW&Z*Go#C&+PZ;JJ^nhW$pZV{G`KNyT?u=#mH+~Eb
zo_pG08IM<^*H&H^?R7R=aFO5%g3AS03%*ovi(p>!tpBS7ZxYPwoVDR~&hj3?dj&r)
z_>kat1s@g6>yY)y=ZBWl1@k&&b-sUMxm55}!E*%jy+muz>x5-q8!Yn~pyeLHw+Q}~
G;Qs<qd~GEF

literal 0
HcmV?d00001

diff --git a/crypto/sha1.c b/crypto/sha1.c
new file mode 100644
index 0000000000..1082733e7e
--- /dev/null
+++ b/crypto/sha1.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
+ * This code was originally taken from RFC3174
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/*
+ *  Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* ----- static functions ----- */
+static void SHA1PadMessage(SHA1_CTX *ctx);
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
+
+/**
+ * Initialize the SHA1 context 
+ */
+void SHA1_Init(SHA1_CTX *ctx)
+{
+    ctx->Length_Low             = 0;
+    ctx->Length_High            = 0;
+    ctx->Message_Block_Index    = 0;
+    ctx->Intermediate_Hash[0]   = 0x67452301;
+    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
+    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
+    ctx->Intermediate_Hash[3]   = 0x10325476;
+    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+{
+    while (len--)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
+        ctx->Length_Low += 8;
+
+        if (ctx->Length_Low == 0)
+            ctx->Length_High++;
+
+        if (ctx->Message_Block_Index == 64)
+            SHA1ProcessMessageBlock(ctx);
+
+        msg++;
+    }
+}
+
+/**
+ * Return the 160-bit message digest into the user's array
+ */
+void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
+{
+    int i;
+
+    SHA1PadMessage(ctx);
+    memset(ctx->Message_Block, 0, 64);
+    ctx->Length_Low = 0;    /* and clear length */
+    ctx->Length_High = 0;
+
+    for  (i = 0; i < SHA1_SIZE; i++)
+    {
+        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
+    }
+}
+
+/**
+ * Process the next 512 bits of the message stored in the array.
+ */
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
+{
+    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
+                            0x5A827999,
+                            0x6ED9EBA1,
+                            0x8F1BBCDC,
+                            0xCA62C1D6
+                            };
+    int        t;                 /* Loop counter                */
+    uint32_t      temp;              /* Temporary word value        */
+    uint32_t      W[80];             /* Word sequence               */
+    uint32_t      A, B, C, D, E;     /* Word buffers                */
+
+    /*
+     *  Initialize the first 16 words in the array W
+     */
+    for  (t = 0; t < 16; t++)
+    {
+        W[t] = ctx->Message_Block[t * 4] << 24;
+        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
+        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
+        W[t] |= ctx->Message_Block[t * 4 + 3];
+    }
+
+    for (t = 16; t < 80; t++)
+    {
+       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->Intermediate_Hash[0];
+    B = ctx->Intermediate_Hash[1];
+    C = ctx->Intermediate_Hash[2];
+    D = ctx->Intermediate_Hash[3];
+    E = ctx->Intermediate_Hash[4];
+
+    for (t = 0; t < 20; t++)
+    {
+        temp =  SHA1CircularShift(5,A) +
+                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+
+        B = A;
+        A = temp;
+    }
+
+    for (t = 20; t < 40; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 40; t < 60; t++)
+    {
+        temp = SHA1CircularShift(5,A) +
+               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 60; t < 80; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    ctx->Intermediate_Hash[0] += A;
+    ctx->Intermediate_Hash[1] += B;
+    ctx->Intermediate_Hash[2] += C;
+    ctx->Intermediate_Hash[3] += D;
+    ctx->Intermediate_Hash[4] += E;
+    ctx->Message_Block_Index = 0;
+}
+
+/*
+ * According to the standard, the message must be padded to an even
+ * 512 bits.  The first padding bit must be a '1'.  The last 64
+ * bits represent the length of the original message.  All bits in
+ * between should be 0.  This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly.  It will also call the ProcessMessageBlock function
+ * provided appropriately.  When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * @param ctx [in, out] The SHA1 context
+ */
+static void SHA1PadMessage(SHA1_CTX *ctx)
+{
+    /*
+     *  Check to see if the current message block is too small to hold
+     *  the initial padding bits and length.  If so, we will pad the
+     *  block, process it, and then continue padding into a second
+     *  block.
+     */
+    if (ctx->Message_Block_Index > 55)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 64)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+
+        SHA1ProcessMessageBlock(ctx);
+
+        while (ctx->Message_Block_Index < 56)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+    else
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 56)
+        {
+
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+
+    /*
+     *  Store the message length as the last 8 octets
+     */
+    ctx->Message_Block[56] = ctx->Length_High >> 24;
+    ctx->Message_Block[57] = ctx->Length_High >> 16;
+    ctx->Message_Block[58] = ctx->Length_High >> 8;
+    ctx->Message_Block[59] = ctx->Length_High;
+    ctx->Message_Block[60] = ctx->Length_Low >> 24;
+    ctx->Message_Block[61] = ctx->Length_Low >> 16;
+    ctx->Message_Block[62] = ctx->Length_Low >> 8;
+    ctx->Message_Block[63] = ctx->Length_Low;
+    SHA1ProcessMessageBlock(ctx);
+}
diff --git a/crypto/sha1.o b/crypto/sha1.o
new file mode 100644
index 0000000000000000000000000000000000000000..ba9443f4f713ad41c46b1ac272d819d8640fcad7
GIT binary patch
literal 13688
zcmbW733yf2wa53l_hup?WRgJ;Zz2lXW&~}ZP?HemC?NwR5QR%}Ln0xGxfhAb5U2y7
zRHW9av<<BmAJy8yXBFED<!P&>Pvuz!pLVdVR;w0KTl<RT{r~%{eY0ro_xip4edny-
zUT5vK*B;J3`<#0>&8nI0d7g2}Gnbp8oH1KR;Y!e$Db`?;8E?j#yRP1{bk84-b-(=m
zvA4W%aOKn9IkQ%6`^L}y__vq$-+5I-S=RAiA2~$xU3+?WW*;~aY5GxQ*^$W7S0l|c
z0v~z14pwAUhPMRA*9Fh+3+As3h6lEKrZKy=Dcsu_9%#>A(HL$HEvQ~F`HtI;ZrL-X
z?BJAvTL$V5y;XJS`TnH2p^jkPp~Fo{6>~~fRF~9Nmt-xhsHomNZ}Ni4H-7$Td7!Ca
zZcbUGw!Eq?Qn$6NDzd07((r@ehS0B#Da)^`%CFrLsXy{e?V1snrLI3&5NVv0oVB2$
z;-1aDyGv^C%If`W)|>kVwuLX)w|)D9_WfH;RYmU|n_nE6@q?rdq054oq|Qit^2Dj{
z3=S6LHy$+Rs|RcMKVEUH1TF?THun!Jd8Op(_LthPX<x8!X*<eR#5aHM%nZNWj^r<;
z%zppWB`H4|Jia0MIb+s@ss;z=S3dpB??Wpd4Z}t6-pwnTvj!f^dTHOA`)Zekmo8mU
zJ*^RL27bT!$9Wku(srbLDS1QEnoNXHHh8>hPsJW%rj^b=)%!z6P&;e$ipNT}2KQC(
zuilRCyStjve{b`jbBFuIE(^V#jtI~XwOjHRO{+$KY;T<Q*p~eIviyea?@VjQfMo>V
zDEm?VvLpFRU(Ihmk>4~g(46yVL1$H2UFO}{!;hPc;MBUQE0HTTW@><^9G(hzD&whY
z`0<>B$DhhSmi>m8R{BclXMvL6gzta9YFuV{%h(Cw@cRWVnRS_FeobBV_?sqAZApLS
zaD92#*vVyG$?Zo%g&Ehsd}{1Fi{Cz(TKbdxquIarat>ypT4R0wELfJCc`O@l1JnCH
zRTh{%(TqI@E~ibedT;=Kt7eX${$56C;&<~3Gm?&;Dj1hJJ(iI){kn<Yjm}Oo=7Q;C
z3t)l*?MF_){K*ea88f%5yrts4wI%&)D|UWRv9+>f#Rnx#m3=i!3p2i2vv^m{k}Wk&
zRW;2kYnIj3w3O9ccKwl4HKBsT<1>P|O%5275t`RBuWS9E$5qW9VQZ+fHO$#{;>lD$
zIzKkVi0H1Hld~fuiGd`{rf)$gH@t#SD$4RJmXsWrJlGMet<8J3F?;?DlT@*y_SU+Y
zW^DDu+kWBqiS3aL++U}Vg2r2KGCVVZH=LyZLS&(2WHOHjLNvT3bhEc3@HyPZhFPZP
zVZ$<EW{^Haz78@(qs**OD#Xo!9l_6q20Z7xCSXh!eTxmUunDC>><A8cCLj6`GB|s;
z<Lr&b>2J&<wXhIUz)L;~9|145n7KgG9n1w%mLnGoC3SYkO(2vqj>^=eRx46IO%Y0Z
z+KQB=5TOu^=2~~DY;IB=uU+s-Xp+7~yl5J+j~0t)m%Ji)<*y-A&d1eYjA&A3;1rDC
zigR8H6~VRS(J9xGuet%}aVb~Qe%-s^@g|j*iD_*(g-j|9xp><A#U|-I<b(aYaki#x
zg}oFs!#07vD{#dyUT^n9IH$M9`=KN<Wh^jW*M4M%$Boxl3C-C!GMD1y#aQ*lI7Tcn
zUi@(w1#jKCVR)tSY|I;RWq6fje#y*C$!w;-YRPbvhtHDC-5kHH5aZ9r4Dv&M24F*8
zXmTC}dl$Ny;_W_xe69`oLWb<snH)|hui8x>Z}%+t^jlR;lTr+N`kL4(*zn3_%yvb)
zk*!3*Ymv<>ho1d(hF2F@Zv$EYO*VUW<Q~>?*z15|l&$x$?W&yjSZkA;j^6GhI2wJ3
z#!bX;uo`RMMEe(!9o}iYrIjca!~`8v3y1YMn7o!ZKxek#RDf$^2LO!cD5S)cN7gas
z{SJzBxIM#b2&7h=;njO3)^<EQl%bEi1*g?G&ax-gd=}>n>dW@d&CE>?W{%Cw_HvT5
z@O%wSFzM-^fePUX;`R%TfEIIjqzPtDOaFBGyj;xUTrWMH84sD1;fX8dFiiEldAZc5
z<(qlA#n22Z^8BI`$FQo3(RWmhp+S0*38wlk1E@Y@N+OGn8p`lmCbCjHvm?}1+}v3V
zk#S|8hbpm17kL+t`PeFRRh1~1w{44ujwnT$Gq!K>Oknh_RZx!{3OH<=IBKXEMi?0t
z%b2rJzRqhL)s)_Bjn7OnrMZl9tn<#sj`L%hIA&h%lrhuCU>uTctadQ&<$#zv3f`3g
zbE`i{_9Dtc229CU?t-KZSuUAFfKxa;(?pSv;+|PdG27x2ip>@qDF!VzxZ<4ZylFjC
zPvLv-v+^mcZlFlAg_<Z-1vOT?gyKevjTC=Z0aq`(2%829-{}&H=W%$Zf#R6OB@}*D
z4HR7C(JYEHEH+U1wKh>KvDzgREf$+7{8*My?6TTMiaRYXp}5!AqB5Hp;UErd{wVwi
z>xY`%%vgBad1eX41d9z6ek_ZJdf;-_y4M;kqu^)`H|tDUUf$W~geQzTH$O3OZZOe8
z_BzKA5m3Bfv7W;3m_`bJkn1UOYz55}e#g{P_~YG7(QFMCQ}`XzOySRh#T2($gUc!W
zj#*6cpsz&@HZej!tYs8Oa3DeoKdfa#VKp+WOk2F3!Vjx)D6D#h)o2ZxDg3bNhr()R
zSUau3VhTU3W{Pk7TGU|Ehsb7N;lm9>QE9P-Vm^+LdC#j$bn=jGJ#D%8^UXqe8fH}u
z6toDM_@=KAX5dJMuZGfb32!yfU5*1aQ!EJ*FQeeD;`EwnyV%;+Q#4xJ77AxupYZz!
z7@WYt`?^FdaA&wM`H1*eUHMA|OX49S$!&R<b-wtV;p2qWvPzf6B{7U&A?ta6%^Z%i
zhwer*jn~?Db#J`K6gS4AeX-)sRee3HJ9^@)d#)<(?d!QB+8U1)M`OL^Wfxsk9O-LY
z+u7YyymD=4S6lI#NNZ25zj$3w-|FH@|4LD$x3_p^Pj@`pjbig7S4E0DP-tDGFY27M
z_N;MO9PjDriWT?6Iu<GH>Mt$1s4&{q{*Q{z?$)lgZBb)l9g)(aR)!smw_z_=)PYtR
zzXf16$s|F80e{nYL6bHHx<Dup%ud5j){>W?K!P?UXk&tg?7Xz(L|I4IrlpB)SXz$I
z#<cOMGl?F8fwTb5o76dE^&73m`VRUWwE7KcNwD|q*~Sp`^|o&DlgzSgLoyl$b02LT
z(lQs_rbKj}D+3=c;!r|&4O<pWwh^qiJajEJEmztVOdBn9t+nx6xWRHT;VU&^waEpC
z_6$Yj=>H#4N}{L#&xkMzY?<HBc61XX!qKrYB+k_MHoo4C9rbREIGWd_W&B-P-_m)b
z{f8T6AaP@%f{-fUS3ES#{$Ts(l(ZCBnzVFlPj;^T;8?wvmSy#R!>9?^Qhp-?w%)ZI
zj^J=Rpvh??z<)K?=z70_#zq94Upy5C&Mh^5YuyZHsJ>fYZ|6L0hCx5ZhH7U^aJ}{B
z&+iSkYCj}5gZ+Nw*|+Jp_P&ii+xrpm_#HKL{+)kAcxhO+q)+{d{jg5in?d4Ak#T2N
z1#OpX;HcUA<D-rAU~yyGI2#U{h=yP_tciB7igzrZ+qtU4)X%LfUEbK+7Kuk?X(^U<
z$6lG)&}7zj$2wPaN87@!Sl)~juIX84x_Y`-g%el#wi%DE>BYL$(-%KokA*Zoxommd
zToR4NBCDdytGaqxS1+H}-4^XPYocpn(YTp&X=8Y1cuG-uQCYZf4Slypy1HWE?w-PU
zv_D=L!}{FW(_Prr8ISfwcxhF*a3RD(l)xG}qjl=kaA7;lJG;9&yQ78eYrAcUnBUCV
zo!ybHk6Zhr#gYCv7UyW`P-EGgd05-~)<oMn(L2lMMq(X)lmD^ZY+pH=7wfzx8o#<X
zs_f|Jv{u_#YWsRx(G_yR_J;Hu?b-FUkv6$%=)LqJxVJ+xue&pD+B#Q7V{yM4mas#k
zhsn&DIdfWgQfpsNEXF5K;iYrJrA1{WMJ4C^eQdv8gz@m;bEL^Wl`tOdJ*KgK*7C}#
z`h_)(4YQWl%xjocS6Nd(qhwfR)w~&{!(faw$ro1I=aA$>a=|^pDNAq^;Hbf|LztT`
zCcK*2eb{tJ+HkMML_K*9B=y{4F;P$cG$i%>-oZ=MbC>1x+_EyIP8#|;6F{C@DJJU4
zd0^_fS(*SzpCw@WBlCqCn+eO@Obr+2CXI=HxJjA`rs@`)SOv@P1mm5_mi-!-*Qvi3
zaEa)-b77*MoCR5cBOtpO>dAN!v-&aMGlYx4EKVEle)zqHW!+ARdQ%j;dQCjC5;ETB
z%MM3<(XL35+)Ad%=6IKxBCG`wQ?xP`6Kz{`<=R!t+xsGGqNiy(Ia`YStC5u}`=VE!
zb{Tj0Y57QBq#Kj=G~LIjc;h;+2-Or}548q6EK}rfor?TwZM^+)Hb6WggFRd?Tm3Jl
zFzh&5$zneRa*{BG+kK8zO#Sh*Fk>J&yIG!g%oj=C`D;PmjRr8`?|jA7pM*coM*71*
zCj2oT`lpWR5eI(OUL*4J97o$-{%3a8u%SPfXm^{-K)Uu`teBVIKiinF#K&)YuDy%F
z+FuPWoa=&6*A__`2%GZqAz;V$rr~h@R)V#^D^b}trEs|R@9h2ujla|dudZ<}D7DF(
zfIAGfte4~E>b+i-0h+nE&BFvquHFIUwZ93t<>1o#!}q3yKfZIiGC<SuPyDg(wZFOW
zHy1j_$CbdvcRyJB+e&|2mL$1rdy&`vcEVpd`jGx|<XQ&gBRE*51P9Z7xcFP=1bHHl
zLn58s&3XO`1GP=g?l5wk7cPAhcI7Su>0JLpF)zOcJI-5|oE@JIx*b26JaoTtC3OAr
z2e2zcAMe25Jxby5H7P?Irsv_0cI=liIGn$1u$sPR*GSBL=v;FCD7o^wR1QbIP~tYW
zD?a^k{5ZF@zx!ao@pZ}hb9pDVK4jiK<@A)n(>yY-CW5`5oaj^kGn|fq_Ijk4XOu%J
zXs|_8DQNGMAw|$|rVpi{ZK=+4rVXW_ea7m%ZXN6A^K2*u4LV(=pndiYDS{ZWFtX3X
z%>>9Cc(?$P>t~(hFM{M#nIGMFy%KqsI4<tZ+HSKxW+OJV&9WrBW6S;)Qg*DY-;;26
zfb*nlULd3Xdm(=*dd>-c>!SX3@HjH;Isf^Ii~32BD@D)ylwY=}?}U6s^o;*iVN7@P
zx-h=@nzw{Guiq68gKvfp8xQ25@U@VC6z1;Xl<;}rPvCI&6(~=p&tBmg$ftyPukza>
zZMb9OXGAi0Y5a~zz7vw)rpVkyO%&!%iwE`GX<aA`mu8wUcV_%fMVmGp5n=9%`h~gE
z+91rb+l0BJ;tw+{OPiky)8?0C^gqXtoG#;dQfyc@PxZq&!rXyfD(t>F<>G<Q@#WZ%
zIW9ar*$8lKJosZ`KjsSOD?VSCMYwj-&vZy0&QAqd%2tEvhxY;36xwrKcsTo7ve-A!
z2F&}US@8<tze3+dh98bI59cRN7C-&80rURap!hoBh0xz5ya>$pc(TZ6kn!wd;#%vN
zD}ZCJ$F45Bp27zc`^uvOq)9lOJ%9Lg%=_N)48;o+bB%B|><7my6t7Zj`$1w}r}XO;
z->7((V&4DG|F;$YKr!zlXY+H#0gQ*!pQZR5vh>MBu$xQMsh6d^PO<%YLE?`n{k4km
zmytx-FDU-1V*6QL{69;*_<VsZ@w^0fbMif9^A~0Fk=Sq^=AfL5IbSi?1gGbk;QVtw
zxq3Sl_b8hf*v-$4%4REB;=e=jJ&GS7<6!zWSssN4l+6>$=9uC)6=z_5aB<R?8zZg}
zj_KO*2*ucHC-mni{)A%Ac~|yg#WNMpSA41BM#XL&fXb{;`ZmR@756CS4{a`nEsD1(
z-l6ylitkc9sQ4bm-%$LZ;)fOQSA0<M6N(QjepWG`%P#)kD1KA%JBmM0{1?UCfI2@R
z#p#MiC?2W!OvU+%&sF?M#U+YArI>%|a4}RV=Fe45e~IEniklSkneFWPZxP3<6n87`
zQ@mO6^@?v+yi+m1+&KSVRLnKU>A$Y{0mb|+&DlJn`1^|a4+dxRW5xfe_=w_Tin-Tv
zWw}l{KB+i}``zhN6lW^t`sQrLC_YQ^1jUmS7b~8unEN8<^D~P1tDw`*Q(UXKLGd!h
z%N4gPzC!Vpiq|S$uXsT5jf!tl%>9^)^UI3)Rm|!CP4TxBKcx6E#g8j~Qt{J@pHs|z
zpsVX;#lKSgx?=vc>Fl{Lbo?j9A1TI<8ws0K#e6Qfvbl;!DITx5Kr#RQ<H}yBc)H>W
z#d8!dP|Uv#IX@A_9g4dY^M6Ioev{%G6mM7jdBt}q=KqMCp9d8`ta!iTgNmO}{G#Ij
zR{W~s*A&04_+7>P?~;orMezv5xr+IJCTD-1;zGrxipv#GS8Vsg@(P}X=ZM>H@O{Dg
z2PPOr6U=S2v*A|QG5t8!e%^-O`Tr2i^@xdkOY#_ShA`ht_-vw{dyuej0r&#pbHP)D
zxd;D@F!v^Ng-gNQf6~vVz<j2VE5Pl-+=F)sbAQd}2yJ5Ee&My?jl$e_UnhJuc)Kw7
z;C!aAEcYX~3vUMR7XB=l&lK9+0KQN7Ch#|fcY+@h{ydm}8>Id1-~+<D!A}Z*8T_2^
zAoyir?)P64-U~i1`~diWgt>nS!8iRs0_O9Ad=NZZ_z-x!@KazuBWT0D%mu<nz*B^u
z2lH7#o7cf}g-?Mm73MoS*MHiif|m;Ok1lP(S>SHrNnpNT)4mYAMR+op-xH{x3cg*K
zdyqllYVbbc*<h~Ww66g_EW8l>ec?th*KOMHedSqUe)o7unEMN^&$Quph1Y~R7v2))
zTsR@T3;dz*o#4L-bFabw+|tjN!NY_H!CAsz1CJEG7d%dQFPLjG%kBeD66W57zs69{
z_oOMp+^0+v=KSLNOq++nvxT{TsS*AUaGfycT9fckz?Ta@4Q>-Y3|=k#4ERc6eiK-y
zc!Tg!=szpWceQQ8-0$2X{3`eh!moqBDEt<9kMO(Ty}}=Y9}woA=)1zhz>f;^8_wgx
zBfwnG*$>$`ekz;~eomO*hq%tu=6oEl2$z6=BRm=WhHyFfkHXv^eIU$lO(%u<y@G2#
zeb(c^e*-M@KS^1_yeCEqw}8h9^Zwxa&$4kGlZ3AV7YXxTnIg<@Ytw`Wz!k#RgJ%nK
zf5hKQ=yNBII^ny)O~Tw0T`s&A+$PNZ(G|k?gL{P^1Yafm9q@YLe+O?7egwQ#n0u(t
z3I7m$oA3ef-NJ{!gTlN=zb^a~_<rHT;O_`O1AavK2>5Yf?zx^2J_`P+@bAFS3BLh;
zQJ8zKUkJYq{;lu{@SDOX!N-O9J@8M$IpCARqrfRien0aYUbZm5-Qgdxw*PtmjTK%5
zX7ccD&?U!w=DO$UXvGs0mnfdDc&_3G#VZtdDdu-JSJ!ol`K)q!K9d~Zr}!bo2Nd)9
z;p~qp{;lHUicc!$GsBh5Q_OvW(|=NNxne#KoK3A_?hTy2LvdX3fa04K->LY20V9y8
An*aa+

literal 0
HcmV?d00001

diff --git a/ssl/asn1.c b/ssl/asn1.c
new file mode 100644
index 0000000000..b082275b2e
--- /dev/null
+++ b/ssl/asn1.c
@@ -0,0 +1,566 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some primitive asn methods for extraction ASN.1 data.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+#define SIG_OID_PREFIX_SIZE 8
+#define SIG_IIS6_OID_SIZE   5
+#define SIG_SUBJECT_ALT_NAME_SIZE 3
+
+/* Must be an RSA algorithm with either SHA1 or MD5 for verifying to work */
+static const uint8_t sig_oid_prefix[SIG_OID_PREFIX_SIZE] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
+};
+
+static const uint8_t sig_sha1WithRSAEncrypt[SIG_IIS6_OID_SIZE] =
+{
+    0x2b, 0x0e, 0x03, 0x02, 0x1d
+};
+
+static const uint8_t sig_subject_alt_name[SIG_SUBJECT_ALT_NAME_SIZE] =
+{
+    0x55, 0x1d, 0x11
+};
+
+/* CN, O, OU */
+static const uint8_t g_dn_types[] = { 3, 10, 11 };
+
+int get_asn1_length(const uint8_t *buf, int *offset)
+{
+    int len, i;
+
+    if (!(buf[*offset] & 0x80)) /* short form */
+    {
+        len = buf[(*offset)++];
+    }
+    else  /* long form */
+    {
+        int length_bytes = buf[(*offset)++]&0x7f;
+        len = 0;
+        for (i = 0; i < length_bytes; i++)
+        {
+            len <<= 8;
+            len += buf[(*offset)++];
+        }
+    }
+
+    return len;
+}
+
+/**
+ * Skip the ASN1.1 object type and its length. Get ready to read the object's
+ * data.
+ */
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    return get_asn1_length(buf, offset);
+}
+
+/**
+ * Skip over an ASN.1 object type completely. Get ready to read the next
+ * object.
+ */
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    int len;
+
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *offset += len;
+    return 0;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ * Note: This function allocates memory which must be freed by the user.
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
+{
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
+        goto end_int_array;
+
+    if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
+    {
+        len--;
+        (*offset)++;
+    }
+
+    *object = (uint8_t *)malloc(len);
+    memcpy(*object, &buf[*offset], len);
+    *offset += len;
+
+end_int_array:
+    return len;
+}
+
+/**
+ * Get all the RSA private key specifics from an ASN.1 encoded file 
+ */
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
+{
+    int offset = 7;
+    uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
+    int mod_len, priv_len, pub_len;
+#ifdef CONFIG_BIGINT_CRT
+    uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
+    int p_len, q_len, dP_len, dQ_len, qInv_len;
+#endif
+
+    /* not in der format */
+    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: This is not a valid ASN.1 file\n");
+#endif
+        return X509_INVALID_PRIV_KEY;
+    }
+
+    /* Use the private key to mix up the RNG if possible. */
+    RNG_custom_init(buf, len);
+
+    mod_len = asn1_get_int(buf, &offset, &modulus);
+    pub_len = asn1_get_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_int(buf, &offset, &priv_exp);
+
+    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+#ifdef CONFIG_BIGINT_CRT
+    p_len = asn1_get_int(buf, &offset, &p);
+    q_len = asn1_get_int(buf, &offset, &q);
+    dP_len = asn1_get_int(buf, &offset, &dP);
+    dQ_len = asn1_get_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_int(buf, &offset, &qInv);
+
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
+            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
+
+    free(p);
+    free(q);
+    free(dP);
+    free(dQ);
+    free(qInv);
+#else
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
+#endif
+
+    free(modulus);
+    free(priv_exp);
+    free(pub_exp);
+    return X509_OK;
+}
+
+/**
+ * Get the time of a certificate. Ignore hours/minutes/seconds.
+ */
+static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
+{
+    int ret = X509_NOT_OK, len, t_offset;
+    struct tm tm;
+
+    if (buf[(*offset)++] != ASN1_UTC_TIME)
+        goto end_utc_time;
+
+    len = get_asn1_length(buf, offset);
+    t_offset = *offset;
+
+    memset(&tm, 0, sizeof(struct tm));
+    tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+
+    if (tm.tm_year <= 50)    /* 1951-2050 thing */
+    {
+        tm.tm_year += 100;
+    }
+
+    tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+    tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+    *t = mktime(&tm);
+    *offset += len;
+    ret = X509_OK;
+
+end_utc_time:
+    return ret;
+}
+
+/**
+ * Get the version type of a certificate (which we don't actually care about)
+ */
+int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    (*offset) += 2;        /* get past explicit tag */
+    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
+        goto end_version;
+
+    ret = X509_OK;
+end_version:
+    return ret;
+}
+
+/**
+ * Retrieve the notbefore and notafter certificate times.
+ */
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+}
+
+/**
+ * Get the components of a distinguished name 
+ */
+static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
+{
+    int dn_type = 0;
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto end_oid;
+
+    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
+       components we are interested in. */
+    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
+        dn_type = buf[(*offset)++];
+    else
+    {
+        *offset += len;     /* skip over it */
+    }
+
+end_oid:
+    return dn_type;
+}
+
+/**
+ * Obtain an ASN.1 printable string type.
+ */
+static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
+{
+    int len = X509_NOT_OK;
+    int asn1_type = buf[*offset];
+
+    /* some certs have this awful crud in them for some reason */
+    if (asn1_type != ASN1_PRINTABLE_STR &&  
+            asn1_type != ASN1_PRINTABLE_STR2 &&  
+            asn1_type != ASN1_TELETEX_STR &&  
+            asn1_type != ASN1_IA5_STR &&  
+            asn1_type != ASN1_UNICODE_STR)
+        goto end_pnt_str;
+
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+
+    if (asn1_type == ASN1_UNICODE_STR)
+    {
+        int i;
+        *str = (char *)malloc(len/2+1);     /* allow for null */
+
+        for (i = 0; i < len; i += 2)
+            (*str)[i/2] = buf[*offset + i + 1];
+
+        (*str)[len/2] = 0;                  /* null terminate */
+    }
+    else
+    {
+        *str = (char *)malloc(len+1);       /* allow for null */
+        memcpy(*str, &buf[*offset], len);
+        (*str)[len] = 0;                    /* null terminate */
+    }
+
+    *offset += len;
+
+end_pnt_str:
+    return len;
+}
+
+/**
+ * Get the subject name (or the issuer) of a certificate.
+ */
+int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+{
+    int ret = X509_NOT_OK;
+    int dn_type;
+    char *tmp;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_name;
+
+    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
+    {
+        int i, found = 0;
+
+        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
+            goto end_name;
+
+        tmp = NULL;
+
+        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
+        {
+            free(tmp);
+            goto end_name;
+        }
+
+        /* find the distinguished named type */
+        for (i = 0; i < X509_NUM_DN_TYPES; i++)
+        {
+            if (dn_type == g_dn_types[i])
+            {
+                if (dn[i] == NULL)
+                {
+                    dn[i] = tmp;
+                    found = 1;
+                    break;
+                }
+            }
+        }
+
+        if (found == 0) /* not found so get rid of it */
+        {
+            free(tmp);
+        }
+    }
+
+    ret = X509_OK;
+end_name:
+    return ret;
+}
+
+/**
+ * Read the modulus and public exponent of a certificate.
+ */
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, mod_len, pub_len;
+    uint8_t *modulus = NULL, *pub_exp = NULL;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
+            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
+        goto end_pub_key;
+
+    (*offset)++;        /* ignore the padding bit field */
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_pub_key;
+
+    mod_len = asn1_get_int(cert, offset, &modulus);
+    pub_len = asn1_get_int(cert, offset, &pub_exp);
+
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
+
+    free(modulus);
+    free(pub_exp);
+    ret = X509_OK;
+
+end_pub_key:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Read the signature of the certificate.
+ */
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    if (cert[(*offset)++] != ASN1_BIT_STRING)
+        goto end_sig;
+
+    x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
+    (*offset)++;            /* ignore bit string padding bits */
+    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
+    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
+    *offset += x509_ctx->sig_len;
+    ret = X509_OK;
+
+end_sig:
+    return ret;
+}
+
+/*
+ * Compare 2 distinguished name components for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
+{
+    int ret;
+
+    if (dn1 == NULL && dn2 == NULL)
+        ret = 0;
+    else
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
+
+    return ret;
+}
+
+/**
+ * Clean up all of the CA certificates.
+ */
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
+{
+    int i = 0;
+
+    if (ca_cert_ctx == NULL)
+        return;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+    {
+        x509_free(ca_cert_ctx->cert[i]);
+        ca_cert_ctx->cert[i++] = NULL;
+    }
+
+    free(ca_cert_ctx);
+}
+
+/*
+ * Compare 2 distinguished names for equality 
+ * @return 0 if a match
+ */
+int asn1_compare_dn(char * const dn1[], char * const dn2[])
+{
+    int i;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
+            return 1;
+    }
+
+    return 0;       /* all good */
+}
+
+int asn1_find_oid(const uint8_t* cert, int* offset, 
+                    const uint8_t* oid, int oid_length)
+{
+    int seqlen;
+    if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
+    {
+        int end = *offset + seqlen;
+
+        while (*offset < end)
+        {
+            int type = cert[(*offset)++];
+            int length = get_asn1_length(cert, offset);
+            int noffset = *offset + length;
+
+            if (type == ASN1_SEQUENCE)
+            {
+                type = cert[(*offset)++];
+                length = get_asn1_length(cert, offset);
+
+                if (type == ASN1_OID && length == oid_length && 
+                              memcmp(cert + *offset, oid, oid_length) == 0)
+                {
+                    *offset += oid_length;
+                    return 1;
+                }
+            }
+
+            *offset = noffset;
+        }
+    }
+
+    return 0;
+}
+
+int asn1_find_subjectaltname(const uint8_t* cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
+                                SIG_SUBJECT_ALT_NAME_SIZE))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Read the signature type of the certificate. We only support RSA-MD5 and
+ * RSA-SHA1 signature types.
+ */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, len;
+
+    if (cert[(*offset)++] != ASN1_OID)
+        goto end_check_sig;
+
+    len = get_asn1_length(cert, offset);
+
+    if (len == 5 && memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
+                                    SIG_IIS6_OID_SIZE) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA1;
+    }
+    else
+    {
+        if (memcmp(sig_oid_prefix, &cert[*offset], SIG_OID_PREFIX_SIZE))
+            goto end_check_sig;     /* unrecognised cert type */
+
+        x509_ctx->sig_type = cert[*offset + SIG_OID_PREFIX_SIZE];
+    }
+
+    *offset += len;
+    asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
+    ret = X509_OK;
+
+end_check_sig:
+    return ret;
+}
+
diff --git a/ssl/asn1.o b/ssl/asn1.o
new file mode 100644
index 0000000000000000000000000000000000000000..7f8f449c11af05a9cbd3901e0328945bdcecc67b
GIT binary patch
literal 48176
zcmdVDd3Y5?_W$2~@6B?_C9EP4mYWbl0%T*6fGkPa5fqZ3pg;^+AW9NQf`Wo^8$`ts
z1aXVQ;)dIdyN=5U3@UDb%cwYRfV-%;jG!a>eZQ+u-Ft$5<}-i%p5OER_LEM%>h!5o
zYgczyRrhTgJ9(Vzx{lpkXO0u~InJ^Y9PvBOAfu4(gq`kI_5XJ_fEYt6)(QSeMJX}P
zg(>d(i=Ct~6aDbCK9rQ2;jfQz7A~x4zO3Jv^BP0GiT=4U?u9AslE(B+OPYS}y02Ov
zax&vuA8NntzU^i0U-swuUoC65zpSmVtizAreCbQ-l@S^?GR5z7Yj`&><eH@;LYav%
zj*}NU>Kit)(C?)9-NGGvLNO`Z_vDY+7#_2FraQCU%;cH5GYe);n^`t<(aej6r;JbW
z74E2*IIYm{o9ho0`TZ&W7=#+|EW=D4vl@YO25t-wTwS<hccwcucVYobeJf+hX#LZ7
zKZZiSaVY$6eaRiRC%1n!x!wNcwnx5czild#?#%GF-*zaNd-~kDvCjDQp`vHpqH+f*
zT!FG#_HBG_`)zHh=0NNDWM(gzJFKWE#u<NY$E1NnLnA`aoe&E7`=(}uOqlQDb2I%r
zlcV82*gNfAgnPd1vw|OUgNwfO4NFP!IY$G_ey&Ox2^+056Gya$m6v_%_xo;7X_MZ%
z@5lju=cVGLl!TX3YMjiF<fiqMP)3_!BRyYw>lacoTE{QS481jNXW6F(N08DmQhLqC
zjjP*j-CmaFE9>*J@71#2`^!?lE$bEXh0ZAoIVoiwQp(z=l(kDKYn$;+#=eYKGPcbv
z>sVOUdAP67ajlabwpWzgvicQ8k%$YoO&+jqY9@0U-X8`QZX2_;e;D4QK69XO+XQ&-
z^(AD5v%>4^orLUgcKD4#ScxrgZtr@ya9h67+g#R-HeU5?4EHP+dA>YYEGkRF@vCUG
zaND5F(8Xn4;lJ5Nl5<U27x<s@C1i#(!$rwS7bkbUCb`Sz<ZkN+{Fu-?JUzVr;Ufv@
z;q>tO0Y?&^-}-!b>+YCSR~`O1$+zO2U+;7`C%3)4?9O&8U)l1_<%{mjUAb+`z5&S{
zijv#aC$~>Y?mQ*2rp=wxZn)_3HGkc-H+iqLp_JsdQsCc+yHDI##NFn(Dajoyw71aC
zgUpaGxeqF4dve;V$-Va{r+%B<>&AAi4@ujb;_o+oW+0S`yoLOsj`6wSL2GluXL>ED
z{k9LDFJrsgJMFWA;G!RM-}Tzh@R<A$!>6?mgxZfwaM%(vTbs7He)}(^!d=~-dG^<%
zzEfX4ic_w2;jZvA&-@zd5FT|&rayks&a$_rMVk!T_MXo!`Vw*cxF~r4^PBdr!O5Aj
z-RDen(JH$6#uYJw#LPA$c<R1U*g5uOoDfcW;_yJ<QD~{-JNQ;ibdpjs5=TG@D(f$9
zm!233^&N#1ysBa*k9;sPd?=eu=DE$m^h9&y*)~qqfb0p0NrNVp4oyTaGi&;3*CqEW
z88&KWV!huP5mPn3!-=UGiKmzL9ko5ifvs`qJM$8U!JIJ=3JuutWlm1xBfV0Jc6=Y|
z5Q?38!X@y}>(IVi`H*$K6=R%k2k4G;VtYo?H?bX3F`?bNzHa;btQ)cCl$f{2<QF6-
zrB0N}y4e?snb7Xz?!ieDL%x(T&bZdd>FJ~T4jkZjrzR)&%@|PV^qc->@6Tcn|C*HP
zRd8P7l-9#Wd5rM>w^N{mY-VO8zR}%9=MxHM2ED_}zI`^usT!Uz!_A91wLE5AJW8^v
zIW*s$(CMTTPAv(nK*t<<a7gp;8SaGMR}TJp5JKm<H~39S5ATG$p*L&q6@N#s_}3m(
zW&g(9kDvYFR~y^2|N2!Od)GJa?=Ah$?)o+U{+*lNTJz~eM;5i;mcxF0>+}0edwXSA
zQSh73w*7ejyT1J~PRN(hF2kKzfELjsU^4OBM)$$VUZ;RYmmcan0!^c8;A@B<z2u%u
z9$H`cb6$v-gua>R0zbLtk$$S-Ui{OD&`AZE><Yj1jR;L~y)a7(^4iUCYkX4@Q=aSZ
zm0`M6Rl4i>Guy;}vvc2DuY9`g$o=iN<+tpw_qO}Y4d$vV(Yt}F0eO+@P(n&L{C(2E
zl-V7J+I}`v*uCShkr_98#s_roi2mI-Y|v1zf5$apXYyO^K6UN+xyL(aKD+40MH%js
z?L%!|_I=sr)s5>{#7bxSS!nx9fj2jVQj$dwi*`IAl=N$6;M9kXuK4lTD)6o~Hr?;~
zL!lR@<ON=sGb84u4xRqtH22DkS@n^ZxR>Uh^itJ5@5j0h`T;Z?UyH;=&g<tl1@GUx
z=Ep@Z<Gg+q=XLVTcBsehfsik@n|E%9%(;Dg`-3wQ`}WRo``mUQsW(o&SvaFZ-^Mto
zlf1;f#cyuNL+vFFo16*#Zv)QETpnmQBX`I(J@b+$w5zJ?d?fKFsihgYFI|(@?kDIY
zZ9XU6otfCD_m*+{f0JG0_k#k*8R~`xk8p#FXwr>e6z;XwyQ1;hyXW~$rcJI1-p_J=
z*SoJ6f%}SyZrWV7$BvG4fHOj0`c6MuRn+D5qsfjlqRo^<DXRK(cYk5u*jUFg^3bK8
z{8Zo1DQ)8O+?3IM^Uza%e&91S*TRi4NCt|t<;j85Zft#hUH!0d$^7buF#c-m8pCDb
zbIKM}SA+|SPtM8>S5+^lgx>V-?VNszejo4f`mUI;;&5x%<^9&L*!+&W%t33@_h0!q
zmX4iUKK4hj2hdKO#Hq$v<qNcd?<)Tv0~fki$2i^K;dTUjZ|ni2*GX&}@WHtdIZK7h
zEeswE*R$mvhb@$XQH#Vm1A284y|A%!l|R5FuJZjcaCHof+Vt&&?mgIzmBfv%aaZ{+
zbOQ-cXA-ZDvFU3>9(vL4G3m3muE+7Y$Ha^DG2TdCt?tjz4IzVGUUEzt{}?d3Oy4Ts
zRsKjC<B`K>B6jnQF6<^6yBE4lVnlZjbmv8MBW2Vok_Lb+&%8LtDURso1gPXiZA?00
z__?iu-UPU|+~X-j0$F`FKd(dQ_J~f4{IE2y@~e7Y1_NwMp1rUsY1Xr~)r{kpM~-{8
zBIPLg{jd|lLkIuekpTB=6lQm}7;L?Rp6go&tG?HB;PVIKc%=^nVgfPMwT+J7jqQ(W
z^t<sJ5!&yIS%C`i`{ME_jE{K=mi+N?ye9esF{^nj5ch-Uv_XK_z#nMTjh_m|*uXXL
z#8KjFX29CBfboqrPHLcMSC|N%1gnAMp^!SkAqXBwAqRrIPYU!R#|N7zNhODZuaSF`
z+XffFVjzv&G05wEpbxooFoinl<Zi)o$}`Ae$M**Wi0L~X9^Vk8IOc@u#24@{W*Upa
zw+Gs>lX8%-RzE?vZEW$?Oyn6j7CW8j1bqk?d#Wk1;7^pFMve_G<o_9rC_Z>6dFHjy
z51|Og!Ho@^i2uIh8F&^231edC<|2yViTD>=L3D!4c({@r2tLZBRFUI@y(ynJ1RM(9
zL~FI=&cV5qFC?di<~gy8#)EQ#|HS{;dZuJha5Jqmkn@7yuyz{B!-Hs(PV7?FKt9q&
zo2?lY4J0nYF(0H9__or(dABpg>2deI3{j}YiTewWIiX4??mki=RN=(kPl^vMbmAT)
zg+hy*xQ9q>Llsk<xQB@yLlx7UxJQVcgMDEl?oo2LAaD8O{>rq4O$&{CoKdAB6;t5)
zl9BYdCuRU!HR4}h{OCGlJ=lm)@neZjklj`MIC3c1MEUq8aOdF12pT`(I;eCDK1!ZQ
z4hI)ef6^bIlNx0A6@OB1NYaDfQa+g_(>Hhn<x{T2|Ng-q<dd1&9Mc}+Pgw)WAg483
zC!>m#8wIfeT8It22L0H;d-(6$26225vCRx${Pf2VB)El<okm0j?1aPJ7`hh0u7k&S
z8H3H(42%uDkN<Hr-1Z;%=gwkzxt)-yc5@e3!M_*B+ix<5C~f~|{PVOBn93b?QxbMf
zzze_~O~A0rkjI&jVPmjkLt{M^nXyg_Dr+4##RNJY55<n#%W&r>8PjODOQ&kb9biO`
z)Ad(`a0?j$w|wkw^Jj=D$;4F1h`4n#krgtTZgF=L!x#oi#@-$FjAt%9J<y$*{;%g4
zMmL#C7h^{q{ssTsT@>VF=e5*r{u9#YMYW4jJq=;9iE0<4`U2jhMg*eT@vzsuz7pO&
zv@w%jlMv&*2Hu`LAH1XY!JC49%Y9`tbp31YYwGoHh}=&Oz?)i&e=N?cV79kg>|2Ka
zMZOChC+&3{x$HPfi+nt>P^<Xg=R>5;Uew*@FAyyKdx&<!WI9VQh=|i$!QyB@8Xrz+
z9;W@@xy7&rrwE0;4MKN5Qy+#3?*QE98Mw}QB`}{Qup9=w5}3~tc$8k#E=;fk@Oqg(
zi&nZLK-%zVY+gnrvV%yayM$`?Ho|T0iH^jJYzZUF!R|%2gptjn_hFcGmr!vfyk2DI
z(aJ;c_R40OFMk9&87z}h05^BpPsm1JmVnO`$g4PLis(B)+Qlk~%WYXZshc6*jKWSt
zWGwJyP-VqEYAT?FepCR@`K~+g&t1)A*!vu}`FLFBz09m;W_lv>B-0>_UIo0#H<(~l
z{1d$WOv}24R@fr?ZQ;?iwC`VYPgB3=SYYDa($ud4Wo^B;HuYS`qw5&<b(rdjJ9hEn
zmfPw1m&j3$mZU6n-1VN_jZG<wBA(`^6!fk3(Dm?5i}=<x^<xif53X+Nc{z&0y^b*s
zh0UJLjKX+Nqc@I;H{Qkce#fxJyO!QA5%2x*rY0h_|3s;tj~fz{bPU2`OHG3Kdx)?0
z#4PaCG|1Q{?>Dj%mJHi5%1f#!b+Bl>W;Jd-R-;ff{$(|`9IJ7bXdI8rM{gIgY&=$D
ziD(S98qLRQTp=1~SdHtC)woeKmRpT=$7<Xq8XK&}>SHxJqpVt?Q`==UPW3f0z33}=
zR<FsA?d@CC)`vFjTNDq+>7NYsv!UKU!$Piwp%w}(OtMgHfu|sYquuj5)^$J9=YGXD
zVDH)8=9|!*lX)p}zhb-JjSBWo;;(oTAEGxAa`!7<o!X%)y<YPWtqg#-S2DvM=6zxs
z|FJtmp4<Vy>95YG;x7zmp9tLMGCWRrvH!x@PlrJ-_Fot~p06eLUl{uX@Mf~3*nm9@
zJFerV!hq>1a!gP0Jyc9jaU6PqGzOBc)9cJws7~rXAm&wR48oe??-uR0p^(NXc-$Nd
zw>ai>Xv18@dl%8WVZghH#;c2Hyt#-TKaL4(WfZ-OXo7d)yq5;LxK7qVMB`2}Li^a`
zHs7D<IN7E;CK;0j$Vay6X(k!7HSp(D;F3JaT%K=$H`iRoCL2RL;2&UOo?`s&tlY*L
z^dBd?yfOI(M+c5zx|X<ip`J`(`jOKKludOP;h9Vo=Gi#mOku79q-8+Q7N%*iXuP-w
znvZ|ANOUf)+tW>)k3oCzT3Yn{Kf`|l%X9!Nbfx?>_dUd9E^&i!BAA*hC-5@33XnGW
zcOyH2&E*svs`9MNZ;db)K=v>L*8|=I^spL3u7D&C?K^KhVCZHlBJeP#g*q!~rL}9)
zQ4BSc4r7YxpsBR^zncz}TsIt`v5mAb+dTs%kUkdvCfXSac$AO{_yBMs)rL%iFNj18
znGLv%Nva0SKt&8c3>XQWPmrS__3%7_!)ZYr;w25eL&9?Bl-|pol-#slXg{f6L4}p!
zB3?GoNQI=1kTA!YBSpUDu9G?uGF}EVjI4xbLF$K)(Zc9sEu?)fM_SlLA2c6w(;2-X
z;FaV?_#R^^6niE4Hd1a%@@E1|vMVY(ZRhV>&ANd>n@q#85A<&HLv8I@&}7bnJXr9~
zf+lkoRM2m_r6!jr`D*yR)8Haw=~eg#n`^A+|Al^YRrUPcP|O3iAfS7(%PXsI&6ok^
z3T?gl13%!=>)gMgLougG8^9i>^-}kG4AZF7WEfi^^LYj!Z3Oh}Y2w`pvd=N?{}dcz
zZ|tsc--8L$?v^nyZ~9hSE4R=}<^OD@7Kb{}%9U;^ipf}c#9DdLT6vFFF8W<7sgodP
zH$4Wy?d8Ybwz6qlh2y+vSIF@-V_NiqsW-^+OXc_?(*z@#O}z)lmm#B@l>MTZHB)1I
z^>_L|goCCPJt^R19bk{R!Bm_br*WIdx3f)PgJ}ZaAVXdg*kGDKceGot32ZP;U?Tip
z6WC-dT?zld1<0j)uiF>>Ug{5sj}<crhNJnxZF>J!ILy<me-{AH6K6yjleELNLqTry
zdM4*owuv1sc?Y9Im-noR>}&Y?pMlVuknOYu0A`UF^+gV%jScKV$PPdAgnifqa9@Ru
zjuo}J6s$sw-~pC9nGXF?qv&K!V^ZES9y{XXHlL390bB+U{4JL}5bX(mnDG3i@H2UD
zn{ZdcH?kQq-iDOHaoqRZ^uGc&uo>P9cmUAD9v$)wBzqv~{|NLSV3TDY&O|(M?DMmD
zDR4hBrtJV1&RH}{@5=R&sjveu;8oa1ro!5wHRRM)S2*s+=J<*5X9t+MkBz0}@E^a4
zCH$%Jo3rkpNB}PLj{BLL2>a@+dm8HItos0v7K3YyJ?p%_khl9i;vp^v<W|-q-Y<;Z
z5HfdSI&2QUiP`wt2>U@e_(k3x9WwsW^yf1%-xz-x{He(j$vH?#v~%Qb?l3vB`q(3B
zML6=3X$!b5Er~@i|C$+aiei>IO->5Z=48E%e{P(QcSd#$&~5J6(H3W%kGDpRNP$<J
zp60dir(Ff>m8h29xYQ2BsqEc~Gi^L4<v}s)KIWsdv2Vu^-R2mybFaEO8~a-$_Ph9a
z?{$!V)5Ui2v5W1DXuR_)$yj2m%QX*3o__`W11B)1fxb?-bf!KpWpXPr5<TD8zwDDT
zdCna1Zhwo-tuUS?5H(bO6qV0B6*rF-c(V)*^ySEUN5o<8H3zq_@3iJ9$#KY^8BB@8
zTplYnCk+xWbR08pv`(~I0jJ+T*jWsoY_yn)xPDfv%xd|Ze(|(5tlnrbA#u}yqxv)B
z`4<C?KOcqR1hV+F-was+|KSYUjQ{zI@h`Y(2>!FHDd-Jw3TGj1ie9IPP+({g55@-G
zhII6ps}OU@;Xou?3ZJwJ*mF2zZ^41McllURz?M?L!_L?rVKVM1_Cp1HWQ`vB|Aw5g
zdytY=MeOKJik-1%BHFm;*#-WOF*;)(L}KG-u~R8vvvTq;fFPk8)6Db4WXa3dIA$iH
z6OVYMVT#0*m*ci`dna~C@FylEwsYIZwmlx#@J^0Daah8M2@`P=`cs{RgpoLoYG?yQ
z&5HyLE0z*!#icoP;ybwh_=E(8b>R)Rju^^Az*ab#7(JTM!Hs%CP>uKEq$(zWCU&5S
z#AF!GhNKO&W31t}S?;JVUK;y!nb;w0V#C<AHGx4pcp`b|kcEg5HYTdvQIunt?Bhh)
zcsdR8%oxw{@R*QP>)c8_j?*OpRo1m-Dp-8^ov$nG!gOP}!6wFsBE?z`n;c(fJo!l+
zC_5hQk$_rgkIP$6iB9BUNp}L%-NJmbvIhex${x)3l7uF3?l<-Fi(Qz{HO1Nc3XJ*q
zI<F~&R+>G4fwU|fZxKOyjFW59meC!DirneP&q$bQin%Y3bVH5wQ;CJS{xIh-9^B@s
zFflBRtVl_jDrgZ?cC_$W7CBOID1Lf#C1>ItAaT-*I0xDqVMYffAeD@5uu_7F6POxC
zi5!^J3>hSO%Oju@Xa$EBhUs+U+D3zTr0{BomPhD(w8+Is9SORzXxZSzjD#{3Iovdm
zf*5ng6ne*4!GpSZM@FaNJRK7aQ=7=6-m$S!aUW41r$y95Xl~y1zKBjf_JD)2&J6&w
z;bP$3Ks!ZYU^;f6le2;DaO|#AM2F8&6w}Se4l(|lEsXy*6jk%FQx%Tc!uZd8#5(6X
z@xON6K&F0zv)EbZ#y54P&<3<hIBvFl{GW*(@zMF(;2b(XU~id|d`Ko?cb#H7pBbD*
z$LbbG5|s~WjZr9}v(MmcItM%{or9i~j<rzI!ooW^;&+0-ZXhr)^KFfo12n_1s=Vsq
zJ<k)-F*hnsDadR*+K3&Qpz|7bpR)}Az3m7bGg{&l(dmfYD+E#}?1+d?_sD_YhAh@0
zi#J3=7VD7FvWmu8qC=LbkR>`~w2Z<?#fe^`=uC(tiZsbPKxca7fK4q!W*CKHI#UhK
zqGNTV>5IlvqGKu95RIio#}Z8+2j&Zn=}2qlNPLYaqO;ZD96HZoZ`t6eYaVKxVmfB_
z#+gmW>P8bu-HWihP6?gu221H!-Dt9|gY<7kVHO=KsP=O<y#FyOD*U%u*a_Wzo_#tc
zxNmTsS#)M%_p(begXzvJI*qu4Xju+4(i%t5X6bamPKDwPq^{lpIyPjqRH7kEY)GH8
zCO;ak#D=5THjWI~8eq&8(V2q;am}!7V<5u985S8GFH5I06V*m~x>e*f?{Fh3qT`u~
zoQO3LE%uJm@s7^6Vb6!?Qtv38%MDJqM_0kS&O1uy27@!~QO?_M@{ZEE(;#~{v)u#l
zpS`1WIKk~YoG&*Ui;#mW$Q&I`Xtu12s6w$;h!!~&mKzHtbgYGF>!X5Mp}>xfa1HjL
zQ}5(tp{MQ{=>R$4d@pt+h0ZqyXVdu!d&^W&*F1(g#dN;Lj%G&3>P8bt-N%eV37w}5
z&Y|<1C#AzlE7Un1YayD0yCMCLQBdK(O*)5>+wq~+DWc=Yy_xHj(&5lr%WP6N#^@Fs
z$LP*+m2Nbf)J-?KC3LvJ%I9EYLzKZ&ZKYH79z1!ND++-#Mo14GK9Lx?RptO{0))I2
z(Z%gAb?FQ?IFk-XG^s(CtB|3=iRd{7XVN(nJ2h(Ha$MVWX6}Mx9_XBzdx4Ca8aC!O
z%*}twG8O*YqGYtoBm%mt4Cij3+iZBi2D+SgW+Iq2Cd%gwj3kI-;~ZeM+2E)unJ%;B
zb8=0%V>4pI`JMP^{*8yRP}_KHzO6diW3;g5SXI?CMHNe<iltG-NZ-SObSC_NwHQ_W
zFD!0?Rc4>=7VJ0!>9E02OxKHaRy1|9qN$r@^J^pZIVVI~2idBUt*$j1>wMduV+_`^
z_1iGke{8t_wFGPgI47-bpfwBB7QaOn&B;Re9y^*n9k1EXw$0wCM6J!HHMT9+nN8<o
z>_&y~nUNRK`N7HwY$dR+WB<}bSYl(rodB&JFp4EK@STS?j6Hi<Io)u`JAES;8QYrB
z7IRHKFiPXG2CRk@qL-w|buxO?l$>`oQe5oZQq0L*L}!P=*>qmU-m=@HE@v@u{in0t
z;4C^;H`?t{H`6GT(BW(+F6~q44)?@#UKBB1+R(irEpVLMQ~`n02`nSJR93})HN5LR
z5glr%^O0ljw|htF+->kwTY72m{>Q9P;XjrO=O(<wMf)Tx!^vkOii#q)7o3k^$QJ#K
z6{?_7Q6wlw`ww78DbN{!r#@tv&JgS^D~`H*jczfWETcP%j@6A;9CiO?bW7-@8{OG-
zI1_-zOee>a(y<nzmt|T=#Sv3+1O{fsStI5E%`mL0Ma~#Z_e69q$IeS7-77tgTq><9
z%~F^12Y#oiX#=4gJ9>nLa2h?NvkbdYvGu_jft$_oB09Sb&Y{DB`IaRZ)h(v(%SLxL
z9jhBHL95HO*|<18@URI~tVQ=3(R4cA(MU(a*@MT-(TIpKeddYi)WtKGv*?_My=8i-
z`>xR~rqf__=g_gb(ezUHUq-it&QI8Js?MMrFyTt*EWu7OUD`m+MDBE>7N#o;B~c60
zm4y;zp~M!(Cy4AnCXx#OZRQh^ymr{pwCHdup6$qPJ>Z{&Jr<J)9Fwr}WXSqrM=;Jw
zO!m+o?G5ixBZ~CQoN(auJ_69W0ej0@pu$R{P)z4K>`Vw<Dud6o<~g~*g+8!FryEA-
zaT%h+mB%g3Quj8aTTG{`(Va!d>P9P<x=$J15<1(lGYNEedSW`g5SC)Pv;mHsYP7%!
z19R3AI77j<O_$0@vdzWI(0$XGEuz!P9F1Iwx<L((I@oZ9l#K@L#x-nZ*!f_)5PLm#
zzJ_2oE?wbc1#jyg!2U3H`{-cC!$pzvAiOW<eP~DQoRZ<Ro89ac@hn_Od5>uCBJ6SA
z_;9^JG4}Z?9PdH6;((WPUPkR^?=yLyzEjEDpd;jkvIF+xuy@BE#-5JdUKBayZ8uKX
z@oZ&VKZyMhc6&Z?lFn{y)MePqu~#bjb_~(_oQL>O>Ha&hHU7ISJ?w5n!vZIJdP8M>
zLw5DN`nt2{*EOD9cTV=g`nt0!%NrZAD;pN(4LIS1?6Ufb#nrWS*>e|HFQ~|_DJ!pQ
zSdx8iUH#eF1>TXYvV{w?N7vOhR@Nfeq_T6$vgaevxn=d0)<}6>jm7N7y1E4o*-N0^
zP?ou1Np8*wnUxEwvKLg(&7N0Y{@VkCvhuP9WLMXgFIZer`F~T2f0G4CV|K&RhW{7R
z>6F(mUD#NMhSN}+n^n$6(a=~?QCXEWpXX%b(uI``K%7yH)isqMv~?)py#|lxR?h>M
zR@W?C00A1gXHRo!O?5*#1TbCKP`a?Lo<Y5MP~Tu<vc9@@p2x%4$Qm=NYdP4AEynZ>
z{_T$I_p{^h`!Jj2`UAnB;a2$H6pV#MU%&^cPpByvBjiSCc`#tL{XuH_f8@$w8jHvO
zWrn$)h!V<|DfS2P29n<m#^HaHgrZK9(Q%EW$t21jY!A7Q(IUzG@0zepVu5ykkC6$;
zy=-|po_+rJ8T&3XDzSSpx+Y6!n^?LSo$oIQ9tS1Yl$DoIQvxu-OnN3RFxl{%0C7Q<
zq2EZB8;K{k`Ybcgg3Tlo<VC#9L?0t|5+ScNc9M+5F)>yePBKZXGVG<wC&fYgNm6jg
zHtNxh#Z?6ui&U{VY%UnDtp?_$$;568f|7tKpjfGZ<0E0c+FoK}^lW-n>s3Q5k+Z6N
zCdPnCtt|oO%MJ3s*Y@0CTQ8kR0mB3&C+#A7ZqQ@sA&h7<SKYi^bupoa7=7l@mAdh2
zi2q|n;vLohSqf>vPWbPg4_=))CM90Yd36(Oa&n$2@mP~WPx8K3`J23Q^XdpPnuUzb
z8$PzbTfAlqpVx+2Q5%g0&o!wd51WD^9Q10m$+Rb*v9!}M1+mtP@=F~hWQ-CrS{I)!
zaYpsEmzY0ZVDjM$wt>vc*$>{4%e-XX<5_*(v!^ZK2n#O8bQo?h8SD>s#Q#Pk?`9I<
z>DWZ`{PHRzAm=rc;x!5zf!7SZ#zJe}sdItJc9Y3(T#M>t!|`;wndW(c`S0~GHAb_e
zswA%vFHi+~fl0sDpLh-Md#}!K@G(xFF#b=LoAUOVU|uPG>y=X2#P+!DrkEYCwmhwu
z91|qg6z_YUmCasn10S<0KF8P**{wE}EH9DW;-&EY<*K<rh6ZI)Xd06tFZ#Ean?`1`
zAoU8X-bu{X_mAZ!LS3JCd5y|;0qm!};J#o7us(^r(v346f$rM8TzIF+a?=Vtwl<@^
zyVovl*TWRqj>hYQsi`Ge|6G%gL{og7Ovk|`5Nri3&{&f(uW)^ay-wLHICHA<tn#17
zFosMxLnb|jyw(_J!pE_TLGQv6i7|1XVdUP`C&kq81*Ws~E4i2YfJxcmWv2aH?xoP{
z6d+@AA!A#Ik8S66&-czURm&^A6874Jmm`nu^@;(#&cyrgGp7D09j_gEt=Dw%$ghMq
z<ejU2>HJw6i%eoVnB>-&|D7eDUN_9zvsYYZNnbd;nzz?`9`(BOR;C<VwjH)kuY`2l
z@w%ZHlLoJa+MWXWW{TD2jOp=iUHqob{3aH!CTv^tO3OPFkRF_wxM!bRU0U9_#Hp#P
zD6OliYQSq&HD~jl%vm(C_MB3#8f&a6U0PAL)Ce4`&MW1eSy_EOMD*2`LAj!~l=pPb
z;@XDld9{@lVZNbSTe+msDJm`~UATB|>DiS_OKU67b?Pgt8l18vr8Q*>7Sxr~cnyt@
zE+`#6wy30Zbjb{-s%|mX0P@a}As1AaGq8jE{DlZf>AcFu(#4JCr6!#-2ImYl!SE!}
zIB-B|qp?|6>#0^%BZ&=*=kmFuY(b-!*l8wTHAsbL6iXc`nb$Z!YM-(tg9qf8Jf4Fm
znQE9^P**!IZ2q;#s28?$?$X9eNg?gx8Ko4<|LZGj>dvVwEiWrAudHuua9BWPjf?9m
zy|~QV>eY=)orNY*3l|%e^D2=KR87rdM{0$EO<K4vv(Dtlco(8F_!1zGGrFq!O0mr1
zFNLNTPc&MPS6QsRNHJ0><y4A-@~ZWBp5ZF9%a%0aA*(XiDJyTRM$Q&gH=xXI>nX?c
z8S_}m0$hmNu3qA>{wtR(G%cwThf%PoGd4S<yc{n*u<G)V<I+-dlU`kmibpxHejzP7
zd3<U4;)ce$8Z^D?M#qFU`Ha>F+nZG3!uo2j;hu}SuRB+YS!xhZrrGjLQtCZqAhGA6
z0Z%o>A4!-TtEiq=iQKU!>MERhC}2}`4JO68Cm?aPQa>!r^7)nJXO|-Lj?}ivBLdgf
z)uX*vH&j*_J1icaS<Hi1d=2yQ{9;ZTlO^V+z5y+UMO3+nx`==Ag2mFjV8ClbUPVSu
z3TC~mvC^C`HI+3iTBb|RKd&UrDZo6N6PBlv2`+{A+s4fkm}jNYGN%(;AkW+CT4(&p
z)5D{~<}o^)S;N5PIIkPPwRM?|Xn>gwIPq}mWG<*~tgJ8Np?TrVQ{bF3Ae@Ouz7gd^
zhlVq&pk7_Opt`m)vubgz34!Ww(W97#h34#K8J~J6Evte_Y29a6FO0TzW(q}7+gLVt
zL8Uo6s6Mx{st#wJDfDu5F^yi(=&5RY1Lo{p_DHphYf9_N8!OokYf9(WEjG=XeVf<B
zO^vna2B3!AdR9%^Sp^H1GI(`E1)34-Lbnc_uKJX#sBK{7G?>nqb-u{75;@JhB(o}c
z2#u<~tODm&;Y3qArqS~pV|L8>*D${<_q6K9`KZ6KwdV2JOBoA??aOq`JXLJZ?2I2h
zdRREUyuPjh=UUx@%#+85bF&8IWaVUdHEceS5yqo4p0b@8W{{<HVr^BOGrf3hX+dG}
zDU+v{j4ho!v1Dvf!Q|o*Ijsr`CyvO)f>v%TJ;%5VZ?{0YN1fpCiJUGs4m6S5W2c;I
z9k8chKM^}^P-i%H4w_M(kDXgQl=I=v#qPtt8T%;gDcJX6=f<#Ptj#s@AK-FhST0RU
z!p^Y#j+BjyYnnKKNIP5##f|!5a33)B$Afu@_9p=FE`-tN0wZqJ=c=7TF!gT)bEJ|s
z9|2=6w_z^N;YNL~XE_N>eJ*0*M*HLfxD3k$DI5$Wb5#mA>X4HVo^r0i;6|I|USO(n
zwFWoJxlSSsrktal)+Sd<aHCD~2)NYYItgwJ%M}F!!IWpCQh12^9045-HwF7*Ru(qO
z$phe0eg_!IG;+=#(+1^tfrkk119M|oGTQ-lIE~4TaxzyaQqHMOZj_TV;L<MVO1V)^
z#*L7Xb8?m&<z!oT=YbiH@?}c@O0Z2cR}kR!2BX&u=0<%omNpwXR|oJA)5cevtWA#O
zavGcdr@*!iaHN<U?T|6xYIHav%#CugjrTJpCsWS2?C3G|$u_^7^W?_5BliX~4IC||
zDTd_~DmR8D-vpOBoD${6u$+QB4NQ3-j3V1I;S3z(q8(1Yaicz`)4GGHKi$fOyTYY@
z9pu&yr`Bxwa9)iY(?hoQIc3L<_BkcSGNgUZpV@l63(UHpea?2#26-!(8~tRP_h*!x
zY|D)kP}~?7IT_5jIC^fwayE(^ZIZFh*XVFGos%7mm!s<3=#be}(hjGPxX~focsUWq
zjqxr6+cM<rj+Jx%#HNQ+Fg87$f-ySyN9MV}G<*TJ<$Mr4ROEK1M1nzzem31W=Da5J
zbfkSF&uUm&gA1;cg?l>Boo}hWazR;^+yFRP#>aaDC##~YvCPSu+t2`M9X$-3n>EOK
zMY*DK?&5i+RrP$*@Pd1iYF>P@JT99%x4!b67KizKq1DUk%W82u*FyF?BHo2qt4NNM
zg-dD;<{z9aZ&W_Zi`HagNh9+m7U97R$3m}+{;U6CXtD6+Tr%GxU8zD!e`hX6mU(zG
zCb_Ohz#d?R=P{ljS>m_$o`m04B+%&5W#wyoA7X(<f3!Z@W2bHH4Fc0XW!(1h>Zdjy
z<2DRC8_NHt$BQt-u+!)EA?&4jX#O)^9zR)Jo($YVNLxn_&3~KrGvKpn;DIpoF0_H*
zw|b{4re52#Fy)1V%rCP<J+qDouC})k!cXlTi8?l4!oV@x&$U=ehXm3dJ85fgDOlTE
z*$YeEY$2&*s}uvB*?k=6R^Iu@W^G&szs(a5ZMg)W=Rl;4mmQmpw;6210Pz+S%7!4D
zJ$4=Z+TN_qSW5vJ?eXGa?cE2qVSr9D?By$g#k(a8b+}y!dwWnHw8!jNdw&PpFhHja
zSMq0BaI)EBe}iAAZ|ZHhIYYu|kL|(Q+YM%z9PHfsj7Mi`PXhRPjQiW-TD{yUUMC2#
z*{t3H_|RuZwqoezMSRh;{|hpPvD=l<<9T2=d+ZPdIv*1r@!A{n!J8GE4<7>9Fto82
z_TFI+E1Nxb6n<^51oo&$dr5MP?U@%r)!dvqEC=C>MRv1DSDiM_vYCz(M!=qscgD`R
zQ0(Sh(e|2WVa2O8g5wI|i*8yTaK8C9dW7lI7U@?RhN2(6Bg-@&JF<y%9;+W`K2?B2
z=7<aJY%tSIOZ1O}%krQd`t^pzP}&O{Eju~CIisU0esepa{XFxco8Od__Nx;aVt<RC
zjDFR@nB%&%c$~Km(ampaMElu-qMIKrz^)m|hqyf~R7MY*)GdIY4>`T%_<3-{h<32}
zSHk5(N}c$xg=;sqgALXLm;T$a^C5-bA!K|{9CLi@G5$Tr`1c*-{}_JzfI@rU!OsVi
zxp3*{LIXZ*@cV=GvrY2`_8B?O2OhgIef{9)P3k-_^@qXFn^2q%#?SXS>_+_(_<0jK
z0ZjdhV~%sl2ygtDZysNI%<&81w>M}!egpixF}qy!&67B$#UleZ|9KdW<3+#oI8U(}
zWjl5#N5*kY9LJ0W{${j<0|L=OSsAy8q)rbjnSr@uN92ApmJl6<v_q%HSY)u%OBC<t
z45?vWV@iz|o8yu3uHTHNM#ln;VstRa4lNpSWY|gu#iGJvhK5_l<_$HW&e(Tw4LY|*
z>@MyzxGlkMd6{A!bLF&TKjiXG9UFTZmz^{=wlg=3f7o~}bCV64v)fJaxEtlYJPs>P
zRh+K4zv3LlgB0^RW^E29OWN`kk0DDsc@9|p$%?0v89BBR>{e%nVq6{~_Rl1X%?ffq
z{KGaMyA8{J$<3q`OR})L?8vcQh~4s~ir)iwL?3VfZd;sVWWF=TPtcKhUUQvC#|~Z{
zwk2cdYd5DVejI+vzku66;4v4i*9&tg)~$-)6XxJS7winn7aax&^R<XGgwKS_rC-$H
z!}qzu92i(B{3p0KDCXN3R{up|4j%AxE|hb?;A3HakA_RbDd!+ZHrgqf3w^m9mdw?!
zd{L9khv@~ve1Kjm%w?=k3G-ohyYO>x4-4~QbPjgfA<q})gKrZV<;?TrX_0fy-s>Xg
zx$>#V1CaA!llnYwcskK0uY_S?w#^fS)8SSK?}K|bxikJ@YsSv7o8j&v!zMR!f;|VN
zJ#YZ8HCe*uh@1m;LzTQy<Q$M|QgSX2WL%VACd>i6HHw?bNCT?HAt%WBb(hGIZHJs7
z=YkLRXp@6^{9*yavTq<KgaO!&6FK_{aze5ZJH06H<}u${vph=iL^Adg?9+rfD9GK)
z=aIz@UrV!mnd0jd-=UZvnzeSGQT(#vw-ocUr_|qvonP6sVcYW@MBZ67<b)J2Ur8co
z^2iCjJb5pXhv6k#c|Vb-LQb~wfg)#HB3t>1B4^)8w(>C|XFp1|@+l%`pGvlJesPBB
z&x4$7<(E*-n{sSiLdyJd0QDKNv_mc@rJMt<uL|cw|4k*|r{tZ{xTxO)Zjvzjt2DCM
z%n&*IiW7wk;Eoig{zS6q^E+O&N%;(6_Is5|hs#r`!+~4wWDeH;L70QJYZX5s%)#0h
z74H##1MX|W9I$*#nEmTNh4(`K1zFO`H)|L#`#L{%micg$71^F^Z77FMH@JBHKf*)E
z&}Z3_t^R0{kAa+Q&rL4Br5z3i&lQ~s&>`FU<uU3kgWD*~!CLw$=fLnEl>Cp1uTy-7
zFb9Ai7iORT4B565k#j(u-#}(wcugkT^z2jm-ze@Y*98vZ4kL?AE(vBjIp{l{ENykN
zlAo%0E?L6z+gCPhgW?O6&P7Uo1zGwTzByx=@5wMPyr&>1@Fd0dXOZ*%f^75nh{$I^
zPPX!clp`-3c>azo=?w7t1^ct0Pqy{mLF8vbPPX+vo^sYHTn<n(Yz1`433A_Zrs(i`
zS|vL3p+mOmIY)FD?lxf#Lf;|GL1_9J7YCmItoS}M;^jRNIYI7=_^O80e_WV@+}{dw
zu-O+69m#tP8TNUN=Bo;p`Cfw6=`C^&LJv{$kxD*R@nka6#(Ok!g50N-D4j}S4tQTd
z&Vn+w$3@OT=x522&fOyCeZfD;uzw-+$=3cprSqNWTnZhs)%j6$IQZQT_ZhZ5L(S=c
zF(#Zk=K4zJ^_05{=EkJBC@XGkrgpL|OomP>T<%ssoh<sieo#LjZm!}y;n8q8{z;v2
zaCzR+CfhuBYm;r=+MGch=pTVQTXBW(QMha$w8OgKZtXOZ5tiE$?6ecceaCXemkRSk
zg;xsm^V;jkuz5XP?$%~AS!`|u(<a9WZc}`Z@EMRlC_Edyl?<CZ;BvP%cap{COVj~#
zEa4T!dxdvFzF+ut@If+c9)io=+Wej@Hd%JG$?*i1m*oJ$lb1q{pMNlR_zc0_+Ts18
zwbPk8(C0V=Cx0!c3f}}d#~CQU8JtH(+J?jBZf)k1p~H>ODb(j!#ze(ah55C?(}djs
z`XDlF&WFq0+FU>un+vG}=6J|r#mj^fAiqSoHFz}{HrK)BZf#yq7Mr|}rA>~ZY*M^M
z_%+D?BK!~VlVsT33YWXJxq~b=S;w@=ahR7CvtB7b5%Leou=6Qg?$*vhve-F99Wcjh
z{-yY5;j1C%y)^A`yokHC!{<S3hy5b$a9pR0;;`_WkoOVZ3m!y<%{;i=txfao2l%<=
zQwKZ8g2pPIEX-%75;E+}fXm(5nMKCV?M%3|!!e{v#S4TtK;9s{35+Um+}0+jH+CUI
zkQ@(og^yFr$0Qq9cQE7PmW<tHAZ%&aZP<Z|M=PGBc$(rFic1w&DXvj$`YuW5`AWW0
zvFVpY=g&(1xZ-COzp9wy1~xCBEB-;T8H*SD{M8z(&#^_zX^L|d4_9m!govGDCFkpB
z)(*!LEuX8H=c$$R9JI`H&GHk9xoE`7UsL?P;x81l&aFPblwz6f-*RuoCo8^F@xzL@
zDSln?`-;C%d|0s`{hf`sjbc9cS$QADe2%m7QHoDee465N#q7sz*n1T3R{W7--Z)tO
z1jXGI4^uox@mY$S6kkq8{<&QRw&&eu$`d`gSr{Yj=Wj~R=P9eh=P7IFbujI4EM+g{
z683=7|6IxWJY~Zk0W)kq!nVe<gSF4`ENh3)R92p$n7=z?<>M7kCQBMlRq|>juOmx2
z@EOW7pOq}%srX(n)5&Z5laxzY@ma|-pTR7@Mi%=A$&wz9n_2l!VA>4h{NSsUHf%?-
z==V_aUP{hqC#!G1Hz4ULpj_gesr1X0d>)wb@;+)A<r0?9O*Y;um3+05->BqwD(172
z4a=|i+B7_+cpJGb3J}{HWQq5E#UCpDe=BZ->z}omMwar)QSw1x=8M<)iIj`|8H#6<
zCG0#U=lG<RpRf1|#r&SS)!Cx>0kXvPsFH6}@@JKNkCG?g+G%ZeRh&u|n;A+zP|5R@
zyim!<EBQ1fKUK-kRB}Ey*|I%{jB@A3dk8CEt@r`O9BZ{YKPc{u=O8N|rg)a(3lwiu
zyj$^Gin$iV+WcJccZz>j9D_k#tDmU22U*%cx{`A}3fm9w+lMHf0<zS_I3=H|<kOYB
zRLN@<Hz=K@WI0bSP~5C^ZddZVz)TyjArC8^r^%AG9ZJ4S$zN0Qca{8OvZUd2vYeZo
zezrF8B2I)8$)ev|@mR%k$x^mWimz0Bi{g6}KS~z+{KP%;%jXoX)37#QAxnPWQ1X3B
zen>HIMy-AfS<==+$$KezU$UfOpyDB9DW551NyDj%&rtgHO8-)&b2(YkuujQuCQH1V
zz|1?x-0oL8k1PJW;+<p(dqD9gVA|p9{)d%5mlN3Z$B-o~UZ0BSw^ur0rIVpJlPqO2
zROuHgK1uOZvcy%RcoA9bT%`1`P`p<0^-6z}lHaBHL9)d4nBphFEECRQJ+Jh4DV<Lh
z`%ur;PAA2E6^~IoOL3**2F2%+CBK)Dv2$Cc_*%s`k|i$>kfr@RrR3Yd%om@*Us5`6
zlCg7pN69}?@`Fl#SjpqsM8k&267TU!-c8B-D0zP+KT+`{#nZ@=uhSLJAxrr*l948E
z%N1X&^lw(Y32fRt%He*c|G476E8a<#H1MPJmOla0PA%*lR{9*sv+2QWZxK!;i=Ezz
z$11K={0GIG72mD+VX~C@Rwds7X4*J5vRmoAO_s8HU&%jL@~@TrCnax%XKov|4O!yt
zM3#IdDITnNq~Zx=344l?7lWB*j=juLI@M%J^SO$bktN<gD8892_Fq%{p3>P5W?USf
zIYPPEk4HGmofP*ZOI*Fc49l_eY^9T@c!bg~Q2LXU&M8W#ij1AxA|+o8W?UTqxlrj`
zNtQIPR`Q#a{BFhfDV-;je5;c0Axj=#C!_AUeXjJsQ+!0}x52o$4ch_CG{@s!uNUQ#
z&UCWa%p@Z`w>+gYLdhp6`4lCeq2#m4lIC+2uTlIkS>oEN<U7DjC+}f*E1kE=lIHi7
z{BtG$nk@0U9l^La;&vQa;tG>RCl$=NI98UebcT^7u2D)pNy$%9^3#?4EXC(3Zc_Ry
z$dZOD72l?KJ6Y1dQ^`M6^3RpL69(yQ9#hB?cDRyHQ1ZD-UaRCwlzgS)TNFR0_#MUj
z75__d0tOgt+7>8Yu6VQJ2Nl1pn03ke;)dIR2;;Uf!szlNoUFLF;{J+r6z3@(u6VTK
z@rqATT&#Gm;wr_pit80$tayduYZR|ne23z@6+f-`?}}egyi4&v6x(?dh|F(l+H(F{
z>HMJhC&gT2Y4u|iAFr5Wp;jkFF~>!%JX0~pNUhw=k4U|9ywu7^E9Tg#mCsbn`6Mf^
zQhb(Te$LD4oTHfQd92*dgCN@ue@N8I*DJnRv7P&%{(VaRkYbL<T02iG-mREpvsUMA
z#qTNRe23NHe23-l6dzWM&l5y+>{qXuPCKtb?yPiD6!W(qt^G{J{25&<AFX)2VvY%0
zog&4Yzp!#Uf59}&Q}VMF^9N9^{zZycDqf{{y<+~}qYb-B@okFvi>g-V3B}tLKdYGQ
zm#qFPiVrCMMDbUOzg7IRVh7L9)@GdI1jXGICoAS}w%V|R6m!jzm2(W-@;Jql6wgw8
zrs8>u&sJQo_#DM66|YjfRxw{JwdwhjV*X6Bl|Q7I>z}OrX~ln6%=J-L=MBa0D&|@#
ztMi@W!-{`V?8Ak}>f`et5pJ!RKQn7}dMWO!I7{(h#r%~)8+Nqf@rqAYT%?%4XKTZ9
z{gvf9#SMy=E51naO2w-b|4A|D9jyI372m6vYr?F~UlngvyhE{_kKnn_^<6gX`-(X?
zVddW{{z36k#jcFi(`LNlkYfHGueI4zahl@3iiaxZ_sebAF^VTBK20&#`dWRi4YORO
zc(LN8iZ4`rsbc<|ueHN<VwSm9*fM`M-ZIzuS$<eC=SQr3tK!{?IX_}`-d6mcV*b9Y
z)%jlWzZL(g*nEl-eIGY|j?#whrZ}va>(Z>w35rK49<7)^Kx_5qDCU|pE3a0(P;sN;
z6^gk&&4yj0_*%uyiZ?2LKrz>(Sv#C_vCKIa%R3dnq?l_dtj?Q?-&4F_@%M_4DE?Kk
zAJ4Sb=5dPoD~eVgR?KzdR^Cr>wqpL=t<@Q;c(UTDiceF_&nDZj{Fz+Kixe+W%yoEH
z=Mu%2Ddv2T)!}+L%eN}#Jdu@iO`YY36z@>HQ}HW`|DpID#UCi<FZf#fTzhBvsA3n-
zs8-Hrc*`Nh9TXq0xToS?iup}pYbQ(bV8uff7bxZ$KO2_o`YcaXe464j6!U!mtIw}Q
zTjm^=Wxl{}d6i<$XIc4mif>Z9S@G?PA5;9K;vI^2D&C`*^JO;PcNBl1nC~oD9j;BZ
z{Ig=dGHB)TibIO|En}<0`8dmA#i@!1Db7<|pm?m}lNA>!E>}EHajoKd#Y+|Q_tR}U
z`D4$PS1Z0w@lA?1E52PZf3?}#`K#isigze}Q8DKtZCL*3v*rDYKU4gr;_nq7QOsYR
zwssN}cTmh<Wwbh+ue6+^xUb?Y#e)^&hu|V%^A(R#T&(ys#hk~q@s=w-TXCIY{=Bu-
zzeMpBU>EaG+^$ygwTf?4IvbSy7R8(cwRRp=@+TB;SNyEvmleOF_yffsD*i(8*NT5o
z{F7qNliIwuR@_N(SH;PSIhSg~_E(&vc&OqLiup73HtYn&rzkE~JWKJJisvalTXCb}
zC5rhA<u+c<?OMJ@F@IRy%5PS@N%0oNoC~)4cK(-b=4mB=PVtM1`NQHi?0bqoQT&Bs
z{{Fbt=Nz%+IK>Hy`7`BKhjYi4dn?XR%pWDUI>Qx@Ry<zu$%=~<^T*7so%xFE6gMb7
zPw@qc`6KAo4(FXM-=uhh;yV=It@r`Ok0}0|;_ZrGRs4qH_Z4%_+NS3V#a}D_MX^uj
zaM?EOoHe<%lJiI0txe8fTkfN{pJM(_yVV(~c&y@yiurTyR=-qnmEyA$^QYXc{)LM9
z%kEabPBDMz-OBG!%pY^N^2ZhPx81FLw_^U(yOr-(%wJ5m@_#A*SusEGVRhmZCn)AG
zty`UB#p#OsD;}tLh+_UiyR|b#af#v?ic1xjD?Uqct>VRsmn!Bj!P|JRR(!qUX2rKE
z-lF(^#SbgyPr+OJI~DI%{F>r_Dt=!ve?;Ee`A+e_75}O@9upW=pL6$?J1FKnzLob-
zoT8Y&9dC7pC?2V}Q1L{?Qxx+z=dGP`#b+t5RlHd7QpNnWdTZxu#r&~)E5AiCf4knw
zA5r|2;%$og%l20Pb;Vp8VC8mg0Q;P;l>A%8KPo<|m_KxH?Q~GwRdEl+TuWf}GZdew
zc$DICiYF;9Qhci7*^0{)S1Ybjyj<}`idQOLrFfm<>lJTMe2ZePf3W%ei{hsh|6TD5
zigzjgK=Fr)zfjDz5H_wK6mwmKm4{?40qeT0;^P%_U4+%|r#M^jXvO0dpRBk@ahc*u
z#f^%WC~i`GiQ;P&-=KJ-;#(Epqxe3>TNUq6{G#IBir-NDw&H_|4=FyZ_}_|sm~Xdb
z8>_gp;%<uV`VH1sA0_8n4r^zi;$ezMDjuhp>pE=M(-qHAJWui2iW?N4t9XUtD-^F$
ze63;(two-F&^#ma{+POtqzxEh3|&VU!v+z?ZB&G5$L34h2`hQ3;&jFR73U}(r1*cD
z2cMvHCM%w*xJ2;`#eARErg^^N1&S9cZdANP@iN6L6|YjfTJbu?8x`NGc#GnD6hEf;
zNyS?g?@+u)@#~7;Qv8nM4-|i>_*2CP6(3Uky<$hr?FJObD>m;f${2fFCGV)Xv*K=w
z(-rquoTGS<;%$h>u5Wn>++N~+Rq<QGxNSAxcAyTHdN?17JPhVMDdlP4Bf{xmALipI
z&jg2r2Y~r42+B_YcNQKF?kPMH+*>#w%x^wWe*!pHcoKMs@O1D9VSco9wD4T;MBxhX
zDZ=x>(}ionX9%-hmkHN{Ie*G{`F?GUa1*#ecqN$cno{RRaFg%`Fn?2-a<<<qh3^2b
z5xxt|xm4=h3+DT!<om$42tNqEQ}_|^UxeAl`P~WXKLdV3cqe$9@C)GQgkJ)`EW8W+
znlRh`Ug0;u?+f!h;CoWE&-365;eFt5g%5y_2p<7+?v?uFK)_?JJ!vKUE4Zz29NHj%
zQjPljc1t&5w(%6<PT+K5zQ4nHSnBry4-)1NzVrPo%K4sdzVJZsIN>2+eg}g(T$93i
zSn^0PzllN42lL%7@)$7ZXUP-5e9wzK3A|94@AaG`%y<5l373H{7On<!ewJbRF5n-9
z7lPLbb3MzA!j0gK!hB!wcH#5E_XuAKepL7}Fy9@c{VTwnpCzvazaV@qnD3EMejS+K
z<{<O?Htz^;2JaWX9sH^A7VuZXTo=Q4${3d4$@ximC)mOKAmw}?F;;jVnDe%j9{}@R
zGxEpa&ca`VdkFsoP8B{1<{U2d9qc*6G2jz~6T!oUd95lGP6Bg2mtixopDfJZZ!Zz%
zkG{_l=6kvo!u)p5S;AcBvQW4Ne2y@G%YB(J*R5PE+zh@-_#W^&;ho?ch4+Cs3bW6<
zU6|`Z?h(!aKOoG0?lIw^;J*nMfOiOU4af_^#bACjgn8$BkT-<+U95M6`QFWb#h(gu
z4air*=Yu&HOgqcLe20#F5tuI_ldk~B3Ui%ENcd`S2jT0%U4=J*IWNqxo4|d9*|%j0
z-whrt`~aBm+)<zX9OsD1kAWu&KLwsDybXMYFu%J~CHx|If$*E)df~UhON2iJHwm+!
z<J>Xh;(IYy3H#CB*9!AzA^DCTb-0#flW-gG7U7OyzOP3e_H%q+kK6<NgfRQL?ZO#g
z&K*;S@1*P!E&%i0d&<Xx-w|eic0ic#o_sFMpPW1-%%7h8LHG>tQQ=ZB=Z<M}J{Z5{
zW0>Fm;X8nouLpBZnS2*GN%%o<vM|?-^bux1lqtLuJWzNSc&IS@o>9X4z?@&E{g1#W
z3A4YMCVU9Y`DN;G{RrPHB=fxze%Fl5-@UFDW*<{0+zq@~I1|kG4XMxX3tc44^&p&U
zru-!ERl-H!wZi;X5a*z&!#-n!@R?w)U#EON_-<kLANLE_fcdT>b=a3YCCvWg@4`*s
z=Y>~+cMGopzaji5@Vmn7KRy+{3;dNZ*NJ>D%x?|-TX-9o^U+MhPB7=A$$XEN-;E*j
zTTC5=-v#p>Ny_={rextS!F_~(1al6WI(!#~bI@eIUpriw>qJHivp<+9%rzsNccy+4
znDfr$?%>(N>?bOO)4-gArcOGzUYPIZ@;87f=Nc1!bAik?CYKA30IwC!2j3_>8N5;W
z6fozV8J6$z-YYyC{Gc$`o;)r*AG}qV@2&7#Hw=3Y_+{bqz^@5k1l}urDfoTitHB=$
z-vItX_#W^#!t65+3qJ`yD*QJvf6R~Z^8FP2FqvVlD`_LlpXfeLnD7233GV|Z3$xGY
zBYY5?Df~5fpfLN7p~75;GD?_z3FoPq2ChjtN!W*WH%*w|WI9c_6?nFAJ22<38J6E?
zsut$Dl{(=b;KjmR!*afGI`|^tzTnG*`OeE#!t7Vp3XcchAUp-ULHHE#ZNk&RcMEe3
z%l*P<f}ap(fAfs+LNMp7nf`k4Ug1XY`@;N2)JMWx=kkRx-<SDD_&V@mVfHIWh1sw8
zG4DzH{EifUw$CuX5!FVR--tR+cq=$b_!)4r@N;0kdrLcf|0P@apJ2{kQ_g;6xbR2d
z(ZZjACkY<}PZK@_o*~TjFLQ+XeX2^~U%;Hdru`VS*+s(ad(IVR-?Lnp-;&~7HuaAO
zUoM;k=3F-A{I1ot!t9f767CJ&B%BVuLzw;3y}|>)4+^ud`m69TFyHN^eXf^zUYP4;
zUK5@G-YZ-LeqWgHd4D843(UD}+9?BnBg~&xJ}g`bJ}S)q%#XQI>MsLxUYpE5tc~!+
z;NyfZ1t$rw1an@S`uzS@AK|OOnZj3t2MVtNb6%VJ>%gOgo56ginDSe|CkfvMo+iw`
z@HFASfM*MHZBDr``^9Quew(XKcsqEp@blpFg<k}(5azeRt`dF~yjJ)C_y%FF&DkLQ
zGx#=Perxn@;aKqf!d$1rcbu6ouG4u+nCo=53G@4<++4haWH-wp$`O`ZXY7_!73V1C
zn1$7uptwZwnTi)EUZVI?#j6!JE8e2`A;nu2^Euz9=Pkt_Dn6w6XT|Y&?y_O|9B!G<
z-j+G0WSQ@JSmrac<*ABiDW0#G&$?FsLdB~TU$6L9#e5dEVV_jYXHhGEUGWEs4=O&Q
zIDk60VfFW;x+!_O;z5e@6;D=dzWW3}w+ba+sCb!Tz7t{7uukzt#eBB3I*%#dp?Htt
zcNBlB_<O~Cf5F=17@cK4qgqZ?%y$;7e7NEXic1vpeFUq&K=BgAmnvSZxLNTQ#eBcO
z+T5!6CB<(k<};qvKctw?cvc>d=L*YwezP1_++T5?;xUS+DxRg7&sx@Iqv8t{uTp%y
z;#(Epr}#<5eD1RLUswEr;)9BhC=TGB-iB?fn9osGp00S1;(W!E74zB2hUFNGWj+g8
i=ChFHm5MojV&#11vCMH2%N!fA?@n?&#4^V~EdL)ENaHa8

literal 0
HcmV?d00001

diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..30c7b65882
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,43 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xab,
+  0x08, 0x18, 0xa7, 0x03, 0x07, 0x27, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32,
+  0x32, 0x36, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32,
+  0x34, 0x30, 0x39, 0x30, 0x33, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xcd, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76,
+  0xd4, 0x13, 0x30, 0x0e, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f,
+  0x51, 0x09, 0x9d, 0x29, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90,
+  0x80, 0xa1, 0x71, 0xdf, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14,
+  0x90, 0x0a, 0xf9, 0xb7, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d,
+  0x57, 0x41, 0x86, 0x60, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46,
+  0x1b, 0xf6, 0xa2, 0x84, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa,
+  0x91, 0xf8, 0x61, 0x04, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a,
+  0xcc, 0x31, 0x01, 0x14, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82,
+  0xd6, 0xc6, 0xc4, 0xbe, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32,
+  0x7a, 0x86, 0x0e, 0x91, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x40,
+  0xb4, 0x94, 0x9a, 0xa8, 0x89, 0x72, 0x1d, 0x07, 0xe5, 0xb3, 0x6b, 0x88,
+  0x21, 0xc2, 0x38, 0x36, 0x9e, 0x7a, 0x8c, 0x49, 0x48, 0x68, 0x0c, 0x06,
+  0xe8, 0xdb, 0x1f, 0x4e, 0x05, 0xe6, 0x31, 0xe3, 0xfd, 0xe6, 0x0d, 0x6b,
+  0xd8, 0x13, 0x17, 0xe0, 0x2d, 0x0d, 0xb8, 0x7e, 0xcb, 0x20, 0x6c, 0xa8,
+  0x73, 0xa7, 0xfd, 0xe3, 0xa7, 0xfa, 0xf3, 0x02, 0x60, 0x78, 0x1f, 0x13,
+  0x40, 0x45, 0xee, 0x75, 0xf5, 0x10, 0xfd, 0x8f, 0x68, 0x74, 0xd4, 0xac,
+  0xae, 0x04, 0x09, 0x55, 0x2c, 0xdb, 0xd8, 0x07, 0x07, 0x65, 0x69, 0x27,
+  0x6e, 0xbf, 0x5e, 0x61, 0x40, 0x56, 0x8b, 0xd7, 0x33, 0x3b, 0xff, 0x6e,
+  0x53, 0x7e, 0x9d, 0x3f, 0xc0, 0x40, 0x3a, 0xab, 0xa0, 0x50, 0x4e, 0x80,
+  0x47, 0x46, 0x0d, 0x1e, 0xdb, 0x4c, 0xf1, 0x1b, 0x5d, 0x3c, 0x2a, 0x54,
+  0xa7, 0x4d, 0xfa, 0x7b, 0x72, 0x66, 0xc5
+};
+unsigned int default_certificate_len = 475;
diff --git a/ssl/config.h b/ssl/config.h
new file mode 100644
index 0000000000..3404b5be5c
--- /dev/null
+++ b/ssl/config.h
@@ -0,0 +1,127 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#undef CONFIG_PLATFORM_LINUX
+#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#define PREFIX "/usr/local"
+#define CONFIG_DEBUG 1
+#undef CONFIG_STRIP_UNWANTED_SECTIONS
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#undef CONFIG_VISUAL_STUDIO_10_0
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#undef CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
+#undef CONFIG_SSL_PROT_LOW
+#define CONFIG_SSL_PROT_MEDIUM 1
+#undef CONFIG_SSL_PROT_HIGH
+#define CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
+#define CONFIG_SSL_X509_CERT_LOCATION ""
+#undef CONFIG_SSL_GENERATE_X509_CERT
+#define CONFIG_SSL_X509_COMMON_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
+#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+#define CONFIG_SSL_HAS_PEM 1
+#undef CONFIG_SSL_USE_PKCS12
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 150
+#define CONFIG_SSL_MAX_CERTS 3
+#undef CONFIG_SSL_CTX_MUTEXING
+//#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_OPENSSL_COMPATIBLE
+#undef CONFIG_PERFORMANCE_TESTING
+#define CONFIG_SSL_TEST 1
+#undef CONFIG_AXTLSWRAP
+#define CONFIG_AXHTTPD 1
+
+/*
+ * Axhttpd Configuration
+ */
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_PORT 80
+#define CONFIG_HTTP_HTTPS_PORT 443
+#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
+#define CONFIG_HTTP_WEBROOT "../www"
+#define CONFIG_HTTP_TIMEOUT 300
+
+/*
+ * CGI
+ */
+#undef CONFIG_HTTP_HAS_CGI 
+#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
+#define CONFIG_HTTP_ENABLE_LUA 1
+#define CONFIG_HTTP_LUA_PREFIX "/usr"
+#undef CONFIG_HTTP_BUILD_LUA
+#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
+#define CONFIG_HTTP_DIRECTORIES 1
+#define CONFIG_HTTP_HAS_AUTHORIZATION 1
+#undef CONFIG_HTTP_HAS_IPV6
+#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
+#define CONFIG_HTTP_USER ""
+#define CONFIG_HTTP_VERBOSE 0
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#undef CONFIG_BINDINGS
+#undef CONFIG_CSHARP_BINDINGS
+#undef CONFIG_VBNET_BINDINGS
+#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
+#undef CONFIG_JAVA_BINDINGS
+#define CONFIG_JAVA_HOME ""
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+#undef CONFIG_LUA_BINDINGS
+#define CONFIG_LUA_CORE ""
+
+/*
+ * Samples
+ */
+#define CONFIG_SAMPLES 1
+#define CONFIG_C_SAMPLES 1
+#undef CONFIG_CSHARP_SAMPLES
+#undef CONFIG_VBNET_SAMPLES
+#undef CONFIG_JAVA_SAMPLES
+#undef CONFIG_PERL_SAMPLES
+#undef CONFIG_LUA_SAMPLES
+
+/*
+ * BigInt Options
+ */
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH 
+#define SQU_KARATSUBA_THRESH 
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
+#define CONFIG_BIGINT_CHECK_ON 1
+#define CONFIG_INTEGER_32BIT 1
+#undef CONFIG_INTEGER_16BIT
+#undef CONFIG_INTEGER_8BIT
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
new file mode 100644
index 0000000000..1fd514eeb1
--- /dev/null
+++ b/ssl/crypto_misc.h
@@ -0,0 +1,172 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/**
+ * @file crypto_misc.h
+ */
+
+#ifndef HEADER_CRYPTO_MISC_H
+#define HEADER_CRYPTO_MISC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "crypto.h"
+#include "bigint.h"
+
+/**************************************************************************
+ * X509 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   3
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_UNIT            2
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+    char **subject_alt_dnsnames;
+    time_t not_before;
+    time_t not_after;
+    uint8_t *signature;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
+const char * x509_display_error(int error);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_UNICODE_STR        0x1e
+#define ASN1_SEQUENCE           0x30
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_SET                0x31
+#define ASN1_V3_DATA			0xa3
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_EXPLICIT_TAG       0xa0
+#define ASN1_V3_DATA			0xa3
+
+#define SIG_TYPE_MD2            0x02
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+
+int get_asn1_length(const uint8_t *buf, int *offset);
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
+int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_find_subjectaltname(const uint8_t* cert, int offset);
+int asn1_compare_dn(char * const dn1[], char * const dn2[]);
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx);
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+#define SALT_SIZE               8
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
new file mode 100644
index 0000000000..c2fe381eb9
--- /dev/null
+++ b/ssl/gen_cert.c
@@ -0,0 +1,364 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+#include <string.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/**
+ * Generate a basic X.509 certificate
+ */
+
+static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
+{
+    if (len < 0x80) /* short form */
+    {
+        buf[(*offset)++] = len;
+        return 1;
+    }
+    else /* long form */
+    {
+        int i, length_bytes = 0;
+
+        if (len & 0x00FF0000)
+            length_bytes = 3;
+        else if (len & 0x0000FF00)
+            length_bytes = 2;
+        else if (len & 0x000000FF)
+            length_bytes = 1;
+            
+        buf[(*offset)++] = 0x80 + length_bytes;
+
+        for (i = length_bytes-1; i >= 0; i--)
+        {
+            buf[*offset+i] = len & 0xFF;
+            len >>= 8;
+        }
+
+        *offset += length_bytes;
+        return length_bytes+1;
+    }
+}
+
+static int pre_adjust_with_size(uint8_t type,
+        int *seq_offset, uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = type;
+    *seq_offset = *offset;
+    *offset += 4;   /* fill in later */
+    return *offset;
+}
+
+static void adjust_with_size(int seq_size, int seq_start, 
+                uint8_t *buf, int *offset)
+{
+    uint8_t seq_byte_size; 
+    int orig_seq_size = seq_size;
+    int orig_seq_start = seq_start;
+
+    seq_size = *offset-seq_size;
+    seq_byte_size = set_gen_length(seq_size, buf, &seq_start);
+
+    if (seq_byte_size != 4)
+    {
+        memmove(&buf[orig_seq_start+seq_byte_size], 
+                &buf[orig_seq_size], seq_size);
+        *offset -= 4-seq_byte_size;
+    }
+}
+
+static void gen_serial_number(uint8_t *buf, int *offset)
+{
+    static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F };
+    memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
+    *offset += sizeof(ser_oid);
+}
+
+static void gen_signature_alg(uint8_t *buf, int *offset)
+{
+    /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
+    static const uint8_t sig_oid[] = 
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, 
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+        ASN1_NULL, 0x00
+    };
+
+    memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
+    *offset += sizeof(sig_oid);
+}
+
+static int gen_dn(const char *name, uint8_t dn_type, 
+                        uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int name_size = strlen(name);
+
+    if (name_size > 0x70)    /* just too big */
+    {
+        ret = X509_NOT_OK;
+        goto error;
+    }
+
+    buf[(*offset)++] = ASN1_SET;
+    set_gen_length(9+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(7+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    buf[(*offset)++] = 3;
+    buf[(*offset)++] = 0x55;
+    buf[(*offset)++] = 0x04;
+    buf[(*offset)++] = dn_type;
+    buf[(*offset)++] = ASN1_PRINTABLE_STR;
+    buf[(*offset)++] = name_size;
+    strcpy(&buf[*offset], name);
+    *offset += name_size;
+
+error:
+    return ret;
+}
+
+static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    char fqdn[128]; 
+
+    /* we need the common name, so if not configured, work out the fully
+     * qualified domain name */
+    if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
+    {
+        int fqdn_len;
+        gethostname(fqdn, sizeof(fqdn));
+        fqdn_len = strlen(fqdn);
+        fqdn[fqdn_len++] = '.';
+        getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len);
+        fqdn_len = strlen(fqdn);
+
+        if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
+            fqdn[fqdn_len-1] = 0;
+
+        dn[X509_COMMON_NAME] = fqdn;
+    }
+
+    if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
+        goto error;
+
+    if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))
+            goto error;
+    }
+
+    if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
+                                strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 11, buf, offset)))
+            goto error;
+    }
+
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+error:
+    return ret;
+}
+
+static void gen_utc_time(uint8_t *buf, int *offset)
+{
+    static const uint8_t time_seq[] = 
+    {
+        ASN1_SEQUENCE, 30, 
+        ASN1_UTC_TIME, 13, 
+        '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
+        ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
+        '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+    };
+
+    /* fixed time */
+    memcpy(&buf[*offset], time_seq, sizeof(time_seq));
+    *offset += sizeof(time_seq);
+}
+
+static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    static const uint8_t pub_key_seq[] = 
+    {
+        ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
+    };
+
+    int seq_offset;
+    int pub_key_size = rsa_ctx->num_octets;
+    uint8_t *block = (uint8_t *)alloca(pub_key_size);
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    buf[(*offset)++] = ASN1_INTEGER;
+    bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
+
+    if (*block & 0x80)  /* make integer positive */
+    {
+        set_gen_length(pub_key_size+1, buf, offset);
+        buf[(*offset)++] = 0;
+    }
+    else
+        set_gen_length(pub_key_size, buf, offset);
+
+    memcpy(&buf[*offset], block, pub_key_size);
+    *offset += pub_key_size;
+    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
+    *offset += sizeof(pub_key_seq);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_BIT_STRING, &seq_offset, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    gen_pub_key2(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    /*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
+    static const uint8_t rsa_enc_oid[] =
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+        ASN1_NULL, 0x00
+    };
+
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
+    *offset += sizeof(rsa_enc_oid);
+    gen_pub_key1(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
+                        uint8_t *buf, int *offset)
+{
+    static const uint8_t asn1_sig[] = 
+    {
+        ASN1_SEQUENCE,  0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, 
+        0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */
+        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
+    };
+
+    uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
+    int sig_size;
+
+    /* add the digest as an embedded asn.1 sequence */
+    memcpy(block, asn1_sig, sizeof(asn1_sig));
+    memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
+
+    sig_size = RSA_encrypt(rsa_ctx, block, 
+                            sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
+
+    buf[(*offset)++] = ASN1_BIT_STRING;
+    set_gen_length(sig_size+1, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    memcpy(&buf[*offset], enc_block, sig_size);
+    *offset += sig_size;
+}
+
+static int gen_tbs_cert(const char * dn[],
+                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
+                    uint8_t *sha_dgst)
+{
+    int ret = X509_OK;
+    SHA1_CTX sha_ctx;
+    int seq_offset;
+    int begin_tbs = *offset;
+    int seq_size = pre_adjust_with_size(
+                        ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    gen_serial_number(buf, offset);
+    gen_signature_alg(buf, offset);
+
+    /* CA certicate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_utc_time(buf, offset);
+
+    /* certificate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_pub_key(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
+    SHA1_Final(sha_dgst, &sha_ctx);
+
+error:
+    return ret;
+}
+
+/**
+ * Create a new certificate.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data)
+{
+    int ret = X509_OK, offset = 0, seq_offset;
+    /* allocate enough space to load a new certificate */
+    uint8_t *buf = (uint8_t *)alloca(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t sha_dgst[SHA1_SIZE];
+    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
+                                    &seq_offset, buf, &offset);
+
+    if ((ret = gen_tbs_cert(dn, ssl_ctx->rsa_ctx, buf, &offset, sha_dgst)) < 0)
+        goto error;
+
+    gen_signature_alg(buf, &offset);
+    gen_signature(ssl_ctx->rsa_ctx, sha_dgst, buf, &offset);
+    adjust_with_size(seq_size, seq_offset, buf, &offset);
+    *cert_data = (uint8_t *)malloc(offset); /* create the exact memory for it */
+    memcpy(*cert_data, buf, offset);
+
+error:
+    return ret < 0 ? ret : offset;
+}
+
+#endif
+
diff --git a/ssl/gen_cert.o b/ssl/gen_cert.o
new file mode 100644
index 0000000000000000000000000000000000000000..d31834c7a965f77cc907f6522e6a8bbeb4d37f31
GIT binary patch
literal 828
zcma)4O-sW-5S^I%RXyn0OY~v|UDDEn2tBkVmO@alt?0#&##jq&0?i8b<UbI9f<Moz
zzd+xl856;R4<0jb_U-IuvM-K%ZWsm$47#IS5q<E2NmNe_722W=qE5SgW>tb&oFqDq
zCnpyjtEy_YvX88~I#o5=hT8(U(~S<J#P_<<LrjC7<275oOLx$BJh$6-u9|MIVV9e&
zZlhX;StZX??GF+4Y!M$N)8Sl`y7#qDYM3NQ!{O7&n~bASa#%?P@pKwSu+Gzi)tC?d
zH}>G<Td!q17T=w3m)Y!RK8z;CGT$LqF)<!tie<iItV(Y-F7uscKATOzUq0^B200de
z2hajuW4hqF6cMjMK10AB#x5w|!1@)u<s^gnIIc($@g3p~k$>(cSORylyx7l%;8!D%
yexfB7>m~a9k~&B8*92J?Z^F8GB5S@)4wF`Mfz14Q1&gxDlNyDQ7lbpd0{R9ra6;1n

literal 0
HcmV?d00001

diff --git a/ssl/loader.c b/ssl/loader.c
new file mode 100644
index 0000000000..333fb18e9c
--- /dev/null
+++ b/ssl/loader.c
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Load certificates/keys into memory. These can be in many different formats.
+ * PEM support and other formats can be processed here.
+ *
+ * The PEM private keys may be optionally encrypted with AES128 or AES256. 
+ * The encrypted PEM keys were generated with something like:
+ *
+ * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_HAS_PEM
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password);
+#endif
+
+/*
+ * Load a file into memory that is in binary DER (or ascii PEM) format.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
+                            const char *filename, const char *password)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    static const char * const begin = "-----BEGIN";
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+
+    if (filename == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->len = get_file(filename, &ssl_obj->buf); 
+    if (ssl_obj->len <= 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    /* is the file a PEM file? */
+    if (strstr((char *)ssl_obj->buf, begin) != NULL)
+    {
+#ifdef CONFIG_SSL_HAS_PEM
+        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
+#else
+        printf(unsupported_str);
+        ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    else
+        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+#else
+    printf(unsupported_str);
+    return SSL_ERROR_NOT_SUPPORTED;
+#endif /* CONFIG_SSL_SKELETON_MODE */
+}
+
+/*
+ * Transfer binary data into the object loader.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
+        const uint8_t *data, int len, const char *password)
+{
+    int ret;
+    SSLObjLoader *ssl_obj;
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_obj->buf, data, len);
+    ssl_obj->len = len;
+    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Actually work out what we are doing 
+ */
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password)
+{
+    int ret = SSL_OK;
+
+    switch (obj_type)
+    {
+        case SSL_OBJ_RSA_KEY:
+            ret = add_private_key(ssl_ctx, ssl_obj);
+            break;
+
+        case SSL_OBJ_X509_CERT:
+            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_OBJ_X509_CACERT:
+            add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+#endif
+
+#ifdef CONFIG_SSL_USE_PKCS12
+        case SSL_OBJ_PKCS8:
+            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
+            break;
+
+        case SSL_OBJ_PKCS12:
+            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
+            break;
+#endif
+        default:
+            printf(unsupported_str);
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Clean up our mess.
+ */
+void ssl_obj_free(SSLObjLoader *ssl_obj)
+{
+    if (ssl_obj)
+    {
+        free(ssl_obj->buf);
+        free(ssl_obj);
+    }
+}
+
+/*
+ * Support for PEM encoded keys/certificates.
+ */
+#ifdef CONFIG_SSL_HAS_PEM
+
+#define NUM_PEM_TYPES               4
+#define IV_SIZE                     16
+#define IS_RSA_PRIVATE_KEY          0
+#define IS_ENCRYPTED_PRIVATE_KEY    1
+#define IS_PRIVATE_KEY              2
+#define IS_CERTIFICATE              3
+
+static const char * const begins[NUM_PEM_TYPES] =
+{
+    "-----BEGIN RSA PRIVATE KEY-----",
+    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN PRIVATE KEY-----",
+    "-----BEGIN CERTIFICATE-----",
+};
+
+static const char * const ends[NUM_PEM_TYPES] =
+{
+    "-----END RSA PRIVATE KEY-----",
+    "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----",
+    "-----END CERTIFICATE-----",
+};
+
+static const char * const aes_str[2] =
+{
+    "DEK-Info: AES-128-CBC,",
+    "DEK-Info: AES-256-CBC," 
+};
+
+/**
+ * Take a base64 blob of data and decrypt it (using AES) into its 
+ * proper ASN.1 form.
+ */
+static int pem_decrypt(const char *where, const char *end,
+                        const char *password, SSLObjLoader *ssl_obj)
+{
+    int ret = -1;
+    int is_aes_256 = 0;
+    char *start = NULL;
+    uint8_t iv[IV_SIZE];
+    int i, pem_size;
+    MD5_CTX md5_ctx;
+    AES_CTX aes_ctx;
+    uint8_t key[32];        /* AES256 size */
+
+    if (password == NULL || strlen(password) == 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Need a password for this PEM file\n"); TTY_FLUSH();
+#endif
+        goto error;
+    }
+
+    if ((start = strstr((const char *)where, aes_str[0])))         /* AES128? */
+    {
+        start += strlen(aes_str[0]);
+    }
+    else if ((start = strstr((const char *)where, aes_str[1])))    /* AES256? */
+    {
+        is_aes_256 = 1;
+        start += strlen(aes_str[1]);
+    }
+    else 
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Unsupported password cipher\n"); TTY_FLUSH();
+#endif
+        goto error;
+    }
+
+    /* convert from hex to binary - assumes uppercase hex */
+    for (i = 0; i < IV_SIZE; i++)
+    {
+        char c = *start++ - '0';
+        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
+        c = *start++ - '0';
+        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
+    }
+
+    while (*start == '\r' || *start == '\n')
+        start++;
+
+    /* turn base64 into binary */
+    pem_size = (int)(end-start);
+    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
+        goto error;
+
+    /* work out the key */
+    MD5_Init(&md5_ctx);
+    MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5_Update(&md5_ctx, iv, SALT_SIZE);
+    MD5_Final(key, &md5_ctx);
+
+    if (is_aes_256)
+    {
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, key, MD5_SIZE);
+        MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5_Update(&md5_ctx, iv, SALT_SIZE);
+        MD5_Final(&key[MD5_SIZE], &md5_ctx);
+    }
+
+    /* decrypt using the key/iv */
+    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
+    AES_convert_key(&aes_ctx);
+    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
+    ret = 0;
+
+error:
+    return ret; 
+}
+
+/**
+ * Take a base64 blob of data and turn it into its proper ASN.1 form.
+ */
+static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
+                    int remain, const char *password)
+{
+    int ret = SSL_ERROR_BAD_CERTIFICATE;
+    SSLObjLoader *ssl_obj = NULL;
+
+    while (remain > 0)
+    {
+        int i, pem_size, obj_type;
+        char *start = NULL, *end = NULL;
+
+        for (i = 0; i < NUM_PEM_TYPES; i++)
+        {
+            if ((start = strstr(where, begins[i])) &&
+                    (end = strstr(where, ends[i])))
+            {
+                remain -= (int)(end-where);
+                start += strlen(begins[i]);
+                pem_size = (int)(end-start);
+
+                ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+                /* 4/3 bigger than what we need but so what */
+                ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+                ssl_obj->len = pem_size;
+
+                if (i == IS_RSA_PRIVATE_KEY && 
+                            strstr(start, "Proc-Type:") && 
+                            strstr(start, "4,ENCRYPTED"))
+                {
+                    /* check for encrypted PEM file */
+                    if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+                else 
+                {
+                    ssl_obj->len = pem_size;
+                    if (base64_decode(start, pem_size, 
+                                ssl_obj->buf, &ssl_obj->len) != 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+
+                switch (i)
+                {
+                    case IS_RSA_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_RSA_KEY;
+                        break;
+
+                    case IS_ENCRYPTED_PRIVATE_KEY:
+                    case IS_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_PKCS8;
+                        break;
+
+                    case IS_CERTIFICATE:
+                        obj_type = is_cacert ?
+                                        SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                        break;
+
+                    default:
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                }
+
+                /* In a format we can now understand - so process it */
+                if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
+                    goto error;
+
+                end += strlen(ends[i]);
+                remain -= strlen(ends[i]);
+                while (remain > 0 && (*end == '\r' || *end == '\n'))
+                {
+                    end++;
+                    remain--;
+                }
+
+                where = end;
+                break;
+            }
+        }
+
+        ssl_obj_free(ssl_obj);
+        ssl_obj = NULL;
+        if (start == NULL)
+           break;
+    }
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Load a file into memory that is in ASCII PEM format.
+ */
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password)
+{
+    char *start;
+
+    /* add a null terminator */
+    ssl_obj->len++;
+    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
+    ssl_obj->buf[ssl_obj->len-1] = 0;
+    start = (char *)ssl_obj->buf;
+    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
+                                start, ssl_obj->len, password);
+}
+#endif /* CONFIG_SSL_HAS_PEM */
+
+/**
+ * Load the key/certificates in memory depending on compile-time and user
+ * options. 
+ */
+int load_key_certs(SSL_CTX *ssl_ctx)
+{
+    int ret = SSL_OK;
+    uint32_t options = ssl_ctx->options;
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    uint8_t *cert_data = NULL;
+    int cert_size;
+    static const char *dn[] = 
+    {
+        CONFIG_SSL_X509_COMMON_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    };
+#endif
+
+    /* do the private key first */
+    if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, 
+                                CONFIG_SSL_PRIVATE_KEY_LOCATION,
+                                CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        static const    /* saves a few more bytes */
+#include "private_key.h"
+
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
+                default_private_key_len, NULL); 
+#endif
+    }
+
+    /* now load the certificate */
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
+    {
+        ret = cert_size;
+        goto error;
+    }
+
+    ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
+    free(cert_data);
+#else
+    if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                                CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        static const    /* saves a few bytes and RAM */
+#include "cert.h"
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                    default_certificate, default_certificate_len, NULL);
+#endif
+    }
+#endif
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Certificate or key not loaded\n"); TTY_FLUSH();
+    }
+#endif
+
+    return ret;
+
+}
diff --git a/ssl/loader.o b/ssl/loader.o
new file mode 100644
index 0000000000000000000000000000000000000000..17758504edd98f44158f57f73a8403e39913fddd
GIT binary patch
literal 38320
zcmdVDd3Y36+W%eE-RX3b00BZkKu98lz>qy?K#%|-B<v;uQGw7|AdzgO8wiN3iZX)=
zjteRpKol2bTu>Qh6xqaekU<9(W*BskaaY_%1>W!X)H$6S^!Ggfyw`jE-pW;VKIcC7
zxzB#8>Qq%{@rW_`wryKxv#n`Xi_fz1Mj^y)S=mY<*-EgwE9!@19`-59_y6r-36h)O
zv8-I|tH5jjUrXL&9npoqZR7gY?RM@8JajPd;PJqwZvqdv0-N9TeC|5!J{qwqI}w_h
z2^Onrr#UYCCcoCQGAt{ljU!%lTjH*`=r${&m_I3BMtS!Y5fJ~{25NNJ#+t#dQA2Or
z6(7B}$ZeJFJy5jw)#=kiJ14f=`B1wF4WXGiuJsL}#yqRcZD;Ow7417PVM3^E->X+_
zcTJxVS}?IF&+3|Y$=$n(T=CJdnR`z~yV83ukB<)x_P<e9wD<c7J(sUL9^En8+cj&L
z+q%x1xaa%$Im;X3Lz8x$8MfzCZm;E&GS3vWPH~T(nm%NwQ<zDOtrItV8<V)i@$T#w
z@4#3W#9a~xM>}44GB?&hEhcNpu=PGI+&CtaN?o!Xf82`^(w2%drb|{gPnSeTAw^sJ
zP2*h>rR~g(h?%%Mh6!l%5TOPKW{es-wM`29Hk!z|1+6Dvm|_q1IMQg>3bet(Z(IqR
z(crrh9y*xt;PHe_-y}S6PrKG%wSW05e@4<p7bRsy%;=Enbz3HyYSA1|L9AnCU!-NV
z_@Z6=FkaZO$u1{6aqAbpjP@_bwEoJnVDr@kf5w}xRo^5g>h5Do>&w`mpw*!F#I8Vl
zSD?eeK)d6CnE!s=XXt>ym6yNii3`O?FOP2TSniXMlVD<3CA{hC6L+G$Yu~ljVK2Jd
zffU_Dal^V*C3GD$ATFh~6Rj#?*w$}z;`(?8CPpPjyEBJbRdI#ws_m+T{oX43p*WYf
z*4l@D2qVY-(eC|=esrZo4{qzk4OrG#*EL5|qT}{-INZ8$>0oWMU}@Y_?WeZA&Xp2z
z+B1K)que*GPew~_n`ReeoOb1o+&S12-M+A$qcXW&pSD-_80%`9{mUYxmz+_!)Cnk9
z+B7?ES*(%?Nm+;FjDpJtM^0_KckkJz+3)Uhd9x8Kr`_mMlWNoKRZo>|{q|_v>UQ3A
zG==q0_sHns4_y|UbXi1n7TVFO3PfKtY~Pva_PLpVOddM6ZDSxZ;$LU`w43yeFI;O)
zv#aceH+Ek0S^O6}|6})k<wSRvx1W_6ZB1@BZ1*WdEm}SyH}uAys&<*XzfVv4BZgO8
zrZ3r!j*Uv}`bJ!luPEAz_Ga$=KD}c3^z_iA;F+SmrzT`CpY-ABK6ZYb)%A;{ajq2)
zojvV|c3~!1HKfWu5jQxxbv}C!+UIE7!gl$Vb+m0tYXo~cqHc!f1PT&vco!MXZwIBK
zt)~hTu56dz#wy!-s=8f1(rc4{+gU56Eh1E9O#1%Jicilf&x-$?{Z$>sC4RZ@nX}0W
z&~+trNN%?)q5Z*xcE=N9e*C)q%M+Zwdf-1x|2vy=UUd8D<^CrN?N>J(4ET>mIPLMK
z%XFv$yHE6B&w;VJ!wqgbHu}A8$5P|>zJB&7`VNxtJ(<#a|AxbBPA>g%cKespY2FzN
z@3q_SI_gTWEPqD)8!<<Y47IH2tfGy9+Gw-{BEp~2I=VyAh7W3$os4ML{)EHr%s3g*
z*jV2<Fn(NRWkq}-z9A3{&Z}>%h@Vm47$2&t4#rOyF*bfibxkFbv+_oaPAROLQ9m$#
z=!oK!jLe*r;lqaGM0Tz`v;W0fu5C}O3(je1sBa7*iEskt)eTjZjmR6fVIxKsj>9>r
zvA#T|WPU^CK%6i8jTkq)=*kHtBk~-b5##dWi;9QFPbey!G_+(y{OA!^s<_CPav2_u
z@@uWI&i@pD_=uvC!u-PFuz!wimA~IkUFkXD|3m7sod1WsIW~TkgY;$g-?8Vq{MKW>
z&YRtly-%mN_WJv-C|L1BYuk>9u+p<LGSkz&?unjO9r^^CO2!n&qav@VEDy!!)mO}%
zA3waZF;qRHx;zl7j2}8DR8`+t9h#rsy;JLq^o-2Ri!(E`va$wT)v0x6cKU$yEbUG2
zml2m9>sW1lj@69z=`obMJNPp)FG)?uUq<@UW|=EH!g4RY*-Br!(zSG{_2%i71utIw
z=R4*e>X6>%rKdih*=lFpkjwq|^+|iGcF1KlX{(oPnElTebN0Ue$UV8St6Tl|xyY!0
zz5lWQrPfyrT`_&b%e~iJ-D+)q*Y7u8|6}DVZ>8MX>CrVm20RlQKHWC_xg+<ykzvOk
zdh?B4m(*4-dw1WS7r)7V@YRPdD9&84qRpCRZ8r=ndDM2fZOfL~L#4TquiS07-}CUw
z#tS3={q(Gx5_aWWeE)(~g#}g7-jg5n7#DFO<HOS@TF*M%q0_OH*4r1o9$)itaP#R8
zH~)0XHNB}vhujfg%=s?n^sQB)LtD0b{1f|qa5yruvbuNOOVa|mlm77ctV_?<6)(DP
z$j;n>kFB3DZpp~}*4;lC^L5v$gZh?i9{ba^jWhOI>C0SGaf<uDrjD4AJ07iT_uVyr
z*toA?-@;2~^_UnlH>v0DZ>C&zH1*V`?mMpSwj}0;9fwB@+WwTc_?dSWeB9=?6T@~L
z@B7Z%?&kX9P*vkCFS%cM>@OSsyY#yDhwgiJ>zK!1d-&BQH@AN0z=oGTn_f`(`CV<N
zeg4aUj(6Ta_4u}_sh%Ugjg@^;F8R4^b=PbEJ#ccw#Ft$|tzW8>UwwGbln)O~d-VN(
z+!*@c_1vagE^L2iTwuu4mp#z>Na2IMZrpp<4fnmU?W?@gH75_Q`YdZ{e)pL6S#ft*
z<L7Mq_k5T*@M&da%%$(SKRr@E`qteyzBTvVy|D@7J|5roWW<lxcR9BA-4A_Fmt5iM
zap=9D&*nZksoV4)wyZhzw|$GRKYjgupCo<pDoi}|*KRdS-QA{4inu1J;mdbBJQqs-
z;k5~Grz}sX_~_`6obB%(9Qt&(dp>FX-TVK1vs3du-8=rNpxa;WEx-El&kt?b`pA`j
zSME69TMys5^Z8TDUHh}jV(0Bz{72WRBme30#V5C1zo+`%b&IQejJxo`)!w|W*ZoqR
zo3P`D{7pv&Tzm2lg)w>e&Ae*OiUF?Nq5a04d2jVfYs&4dMlI^vWr^3m<oyYO`_`T5
zwfOL%J@+sDCc1l0Lig1}4n1E}{Q6h(=HL7EPeYa-IhEk5eeRCksc*f5xp5QrJ=jlT
z=S5pQ_FU{$*ssSP4f$DYZp&V1;i|DG{ATmG5XTE&oAnW%ws2RuZg$_|xiw;mZFSR1
z)F}dcc-CzbL$8J4aQI{hdWmq{a=^?I+oZDu;mfc)@h5oN=x`??oU`HQ=E13KDqWRM
zx`%d{6%SA3OKj#Woc9Xnv=`2kljhBCk6-Cp(>lQp5Jx+J^4Sj}1Ccb0?LkE5=6Vi7
z*CAg2xIK{%&~Zfuai!|Ey`{?Wy@R-JSHu#;@OUDs>q3^>7vY6vw=c2}V!J&NYY~R%
z5zvhA0NMb&o*QV*_Kic5Ue9gtL{j2<4t{rC6>%ld({}_hmbKG=46zric`m+$_!8>a
zb2)S8^7>$W)NY{f1|%L6QJjcC{}T{IOe9+Vn<0;wL>nIeFOWoBLH7DTq0Z!D9DV*L
zD8Dip$7tm0J%)SU!qN3LBTu2ARbE8d9w_(+B6|@PM9W``Ohr_ZJ^t@eF%dJ!K7V)0
zXTAoG_P>HMMAVTx`->@WAoq-#X+_L_AC&Iz%0wEOlWhMHS_zVK{8{7>d655d93$p$
z#4#6nOQmHdMFXwtA$37Yf$J<IEf@f7^9)k^*7oKnBM1IZkchWnJ5(+IAEDzdB)g(!
z1ugF=YIxdK&$YaxbATV&Ry6CBtgO$oqBp`{VEk<@R}Srs`4s8Ic)a7Q5Yny-%v$a4
z!~qlgD@>!P81h!ry|cH&^^btEH%PSn>lhqjBC-Dcl+Ph|_V;Ednaiwo^LwG`owpyy
z?oNJ)DnA}4KZlKfh^21EyiGw!T21!e8G}ah$1;tzM9cp@)3`ex9OJ(g0`EOE*4eR3
zv9jxS{OQJza`a`ydq1SzWbfloAS9~R^8Sf+ZADdD-X}<&s0z#bB*_=mV0oV=MMurH
zyxT}IQ56#`?=!^MsEW%i@3X|t{-w;vbL4LR66W>KZ0mS`Z_1x%Qa#bC#}Mwil-2UW
zr4adoIOIeQFGBtMHzQW$2%_abh%83tlcW7lQ9iN^+}ZCZ7u*GvZvL-fCbEzm@4uD$
zqpG0O(_e|65;>Z+p6vgD@-Z91ef=9KA6o~Ve*RA6am;PH8efs)Ly%`%(TkzVq{97>
z0<VV_yq;%~Td(J399_>MYGe_y{bX0<#Cs9N|0WZ=f{1KC28X*cbO)j>fXB6r(I#_r
zyXcR+`xP9$o;Pvq@G%ata}hUI5epN`Iz;&A;7I1dHHsB*&uRF*9ybcnArS{B0(Av3
zzSSz$7rYA^{$<FiZw^g3BgQwEZ2Qxp<(sEW`^Ta}eNAMy|365_r-rD<e}KGz@(BMF
z7x>z57|VYg65qld;AsC(<m<>WmTMzQ>088{`3@0%OI`s-mCc!9`If1CMb%W+S-$1W
zvd41u#>D4au@O40N_;n+Wq#RfeZObpTK-<-KTz!P{~kx*s<y~!PiNQ=RUP+m{5_06
z&2l|L<(m)U*vjX-bu>bpJgiZ9P?M?eHl2qTS+GC$g--iHw(pKz0RIAJ{w`+4^3S8K
zwH&0A{fnr3H&wR#Z=udTG`Ppf+`Y`vet!dX)-lsRcKjI<-+koHcE@gva6h|e4rZo}
za1SC_6(P!UUCpvKPlBY)6dWGT^KGa_?f7>x`3H7G+w!N9H_?K}zn}UKlD+;qT7HNY
zeNKCCCj0$7v-%z;xAH$jeuNz5e~)$^B}e<er2MhRactw?$kyFL#$YeEe2+5+vHs6p
z5N~C5b@uON)IS9w@8-XZ-Qx*%T#R<|ljNTM-8A#mBIqP{oJIN5tfl0<j(=sqHs-ls
zUdMmZ>NE7D=5^$$&iCxCh?1VyaSDs`96i~29gA7c?QL-4&&lifBR$VE&Y--G4UF?b
zEJAYgI{u5MU*x#U%j>B6&C9Izg1nBeu?=>0fm&5w$L&<xP0zx-jt6ONPhWUe=XDG)
zJA3I_o7Zs*)%Fd9XMG;V8{5h2nU4%ba!jeVWA@^B&N@3BVMm!rcZhO)uQRXy5v->-
zcO%^L2UwoBSlu2q7y16mxya`qK%KWILOt4l6rsMqT@8-$e@0`6$g%#h)OjZW?(EN`
zoxij6>3*&{`wq{BJR8a1ft0--jsTT6mO}Nb4vwD%QT|BBKg#$$R;S|PF_!OD=HKgi
z64~;47#htnL+dIUPs^-lS1$8?oT+vG0vWRxuv6HtA?O0Olf6LUhluM0T@VFT``QCk
z;HtTO?J69*G**Tz`#Q#j;du!3dN@yXeUTCWrsN3Xm8iYW-x^&l6<+&qjLYr9%DM{e
zod$0=W%&?8*VC)gJj67Q!`odY_AZU~ME&*Xz#RRZ-l_DSWHAnNuD>1Lcw9W#@8uw2
z*P1cit1bI|Dl#KIngEV>9J~pfA?y!0L%7!*T9m*gEBi<RLfmVPEr_30Ip4C6vIDx;
zY+0N*gv#CRFW_7RGuC&lkeL@5<v8shg148Ilmg7eBG;$z_O^>65RNT53y0AVTNic4
zAstKUB5GTB5p^~~7&QrA6_wq?N}h*<irVK!&>;Gt(7oKUf4%{p*~qSyl!wC<#H~_s
zizD3qAb=6qA_US718*>a)HZ=!znqJ}yH(&s*L5B%DIT)*kZo16B36!-)Ca=nAl&5$
zT?=6ubD;GGWJev#kio2@K2`^vRzW3pPH(#y?GX-V!+ngX7eq5J#f+rFwk)=iY7oZs
zQ&pHYxJVluuY@Ibu8Or~aoFMtC@_QNPArwdJ9MN)PAW2kkLaNLwY~E*xC7zL;PXz@
za0YiEg9i|H8ezv(*hJKFZ@Wa54h7L!I<~+{It;yw;w<Y2rH6t**!Kj4*$}FXLty=G
z8M?W-gR|G|!(i!m8$|2SwEgY__|S{`Jq!o|Ql18Qf8wz@^+g<yLD(k|y1Z$-pOG1-
zCq{W1l~hDtA}gC$0@97Liq0#UzWorrMCa+0%{$4Y3n2<Z^fWB8s!!P^R`NgyZ-y{=
z4B&BqmC+4kZ<>r_FL>>Bymxel?<Njk-t#2aAapmh`-U{2>}($^6T4;KWOD@BMTnWD
zrl6bDbd;s$ASW<OO$aM(n#@vj#Y%e>B4w+w{|B3c-^#q3dFka?`z36xmt$=>CnhH_
zE0yW>Qn9l5T+mKZksQlO%5r}-=Oin6wo1K^O8sIr5iGGU>5r);#R*pPie{B*%_?)L
zDw+OjzH=C7m|W&`0E@i@w2Z!W>)NB{RQU&R3jQ-{uA8!^^nRxI8s>E%3qBb0k~3*4
z?=pA?tiXBN9!xXNgn1e5??FfpmH#2EypE`afvN~oPQv1)Y_7i|dEUd?#ZidcZvaG%
zQ0tchxQ&ni*hc6GI0P6(_0$pYeGA`Uwj3`73TWgu`xLHO`u!2INMxwrjR0O*^t%@D
z2%#QuhENXZhq-(ZBc?XPHwM1c#{k;_mpupg19Ev0FBAR+tEoF7xeUcfeGRaP@Gf94
z;W*$h;R`?w=HH|XP+Oe%u8mP$*tM8rPR$D$I^+%=a-9iD=1G9FNKy&l5c=%1jtVER
zB0IxMs@C$i9l2-Cw#8l@#LIN1_mvYA;buc2%(G_4Vy~5SyAE!Pf?z~NxYwQ&{1AfQ
zMgB8Y@I;l{68D-sTGtkKK!ua_B%|Vi9g_pC^DT6EzMZXfN}NKw*W@AtE>tDUc7qBk
za$SdF&W4OL&RR!ir&~!cYta_1hOw3OmX_^ok@Y<W8FSOyMrMDV6RYoP9SH?sS{VOF
z(Mi5Qr6Sv|g?3n;^bq8%?2FL<5EicNry%!rvaBJF+_Pr8s%+JUZy=1dJ;e!&a4&JH
zQx)qzB+Xh_sRB!MM9j_wtWH+P5KfM)UaK!}&{zkmqLBhRE?X|=IA&_Qii60kd)e#m
z>tF_H6$j~d^s{b<5#Q1Kh~Dea0(LcT17mRVyO1|ab~UYJ!0U|JYTBO)uQO0*F?12U
z&Ooi<K-~;)QcnzC*2|?xRn`k{B9c)r<CWZLNzMp^AuCt15>*X_kg*z8X&Fz@#d;hp
zvYaY7WlysDPJp7W0yQz`jz#U-_p0g5Eachinq%=KOU+RCsyTHp@;FS*llLi2Yd9~N
z?fdQBD9_gjbgr7-v$+7*XFd)X8CD^zB>V;7x1Rt;xR0Qod+;>ozc?M@m}vBrl~CTG
z8gCLZgf8Z86>#A!>u9qsvP}0$r*2zBOyKJst?YfuDA4LrfJSKbI~q-*QD);jqaUCb
z!YH+AG{YFRqDMf){HYs+=`JghrB_lWprlyyihPDrHs=Qbb*1e_MlgHXfBp=T2=@f!
zA@X%#!WHaKFT2oZBiy_SS5g(X6J#o`Z4G!EnY3R`gd{Q&hrH?3yo<B?h&9M(TZ@CD
z7zy&KFqSFHi%E`%URHiQI&oAo&x#zOO3P8re*`unA7uP{!Xfm<^8PNCGF-`1FmgRK
zz4tvyEgm4|rE-2XFe;%Jj=c19td9H<k-hixdP(WFtYlat*P_(kW?n8iNhn(*-=@Km
z3(>b@)j_SAI7=re9@64<_{iI6_R4IdWsUp}mE)aUVg%<ew&ZhF#rG4l&uf=h4pEVp
ze7=z3`<cPKigAKD*sOv?q~x<zFXna4uVTg`Jo;(I<b{kXbuVk=`^aSLB92hC_G9HY
zK&{OKbD_p*E|#^V4pu%N`?lH05Kd^$QW1l#e4hLw@1yBNhOk9rNvH(2Nxlo2ZnJ?g
zIlLWng{yG>r0A-!F-5$YMZD>dj<W1_cCR)aqTFq|wrOX#_r^fzinH8p21Z>PRoDTu
zUr#G4>N135g42k88_^b07@<S0$Rvx7uY>Jw6BWg{HoTZsjG-K8x9VWGghe6D=On_g
zXxlFAz&NcFU?~lfHp*6nvDH@Sqn2Vk!dAOvq|*&kSbL-pj?tl`-TMNXjEzv4>nL&q
z3vntTKqnMe=LEOAsVD){?0rFDhj>+r3-AmwTpeAqg>qM^%-YNCeAh6QWVe<$F4X9S
z@aiP!?cQR9-X8Gk1n7+yp|}&ogcS~jH?fuDjo?k$MN#&|PAp>2RC~w;Ms1MFLN6#=
zNh_DxXyFW1wY`6j#YtD^HNy~+i~x%Pm~*3`(cVileT_P9I8qUKPMP{eSQ#Cd!4w5B
zlA5h0X_WAuRawGGtR*|WFF40YrmnJxmio=obrr!Ll&wpvJpFY|D9^>F;Ffhs6w00>
z(<nSQs{>l<3|F!`Viara(hE_nBGlUCs4G?L4q_Ez)ChS5tKza&C=z1~VXb9!P_>pD
zPE+OooRSS~DF!QPSWDi!p*Ih2DHlWYS~57~f<YHx+74Tes%yi#aT+ndMcg7BDTR(+
zL0F_R<_HTNAtPoZ5teFH630HbMC`UzL}#?ZX>=~f?y+!p*GwvR0_aqQ14z73!|RiD
zcu(rYfG5251KCzFodF6<>2P5JQaTo**;XkXW1+a2a<e%WN?I&Tp@retZL5UN4`>_P
znnK4|DESQw6I(1yZLu(s7JgC|rqVGMCZ1z~cj0c!f3}(M8FrVI-b|MZJSu>|xTr}O
z3~yYmqAp$5m&?j%HuXk1D~?h53aZ%hlxli2-AUMCbqbtW4l>e82kC6a?zVz<GvRT^
z<7y_ng&oy=7|#0&ucX5>1f(Ff8EecA&Ap7>XN9aaR=10?o9WvvB>kJ|dtFGf!!<?2
z9FSgXu@$tsHIrkoi^T3g#7D8))}*K5>`*w7&I#;pYi?xN8f#N67g$AfxD4TRFVgR@
zqf+RkhXY6hoB%pQ!vUl`CxFhRZ~)R&8`J8f6pHDXw2GTaJ)HnLCavOTQl=9?$D~!<
zOd9P3&@pMX^l7H$l&eIRt3;)hq+*uPF=>^kw6dK5Iwq|WkyeRJtEKldEiTQlZRxT&
z9P4nnCPOjZ@z_09)E8%(NzAh7##Clr*mX^PQTCfzl?rT}U$v1@=%=lUgt#g+!-+$u
zN#PVa*I_?*YFPrwdZkcAXA`b`T-KUgx?8csDjf?ab&8d%cy_MIz!F5eUs))oqb(G)
zSSS`23WS9MX@PGcU>c(HtimaDXoUGKX>KuBLUS%;!U_1bk%=^-vyn%4Gj`jWNJkeW
zPh=xcTHw7i8}oL!&6?@b4C;ao*KepomuB1+)*_5Ow>29cy|HE<#!hXzTd>0johKC*
z)1gh+*uI#c$_8~)Why`z-ySy3)g$H-&64*lTqj#=@=W3;Tv;#*jybJjG+?2?D3H&$
zz=jv$xhDL-$N_KRaLSOP|0z?9!q+EU)@<bt0=KdjT8&mWJS$IZrhkN%&C{~>DBK|I
znAz!Erm%=kE_S!oXg3qe966mP>`Z}~epR!~VK1bBOw-}56`F*OADWOF1Hi?Qa2*V2
zOaTu<!pa6pqb#-`wdc+3<2&1>*;JSiov;1B)hi~FZ_hNdhRd;|>9#HY9`FlxWSI^N
zs^lvHPEL#HFfU5ZT=4m_@(`GLc1M{PTBnSzQ;Vf^SbB<EYN6EFwymkgGBs$Jt5>-C
zpyO0|dNbX(95Ee}bW8n}nq07qQA%@KOZ87{NqCw}ttEc=OwXKGVaNHA&MVkeiQfdU
z%9MxZR$x~iV?=pOHa>ysDeU4j%baz`&SKI{RKZ1boUT)n1stKIC3Hq9ETzLYoX}8o
zSSlp7V=;j@tC;HOumMqPrld+mmX$TjzNP|9Ho1z*fdboRyx7(i?V&bEnVUk#85;}b
z*qB0VEV$^oTw!a69k%FPrEnUZ0QPfF71ZsZ6pHCgQCLdH=!$bQq!%fL5;{gfoKV9G
z6R9v-=}x6%bXzVQnXqGQk~B6c+>05FPkT`cI+GPnr9)$onyO2JH`x)<nWQj0jJe|0
z=!DW)uW%}z2eF@98TF9x^#;@>otv<`)J43L6c^pN?B%hreiqIrSIo5Z13N73hA5a9
zv7v4B#stmQ6Oe_yKXzVkn~j&h^RUmyexnh><-E@GnCUzwh>r@6WB(faDeRn#e@m}5
z`c@F}**Q7l&$nY^4a8*~L2TRpxlL;v`I!uA!m@+G8Y^vLu(C0jRz0(^epXd|Xjc8)
zv<Byu>|k1DupuY&;)~M)jTLjM>*~|W=2X{Iq}2w>>w`^cc=vu*+E6DXHPFzIHoU$r
zR9P1ari}{B4Wv~e(!4-pr7==oUu!TeR9{~cOlyL6FpyHyl#zaMN@dNAw3_O&w3+4Q
zzYfSw%}LEntF9}rnNv~ue^ZWsRRo>KwBY>U{~z*cl{e0B2w^#_ran+n*_evw<>*YI
zii*k^sa5RdA$;Kw1hS8XD)8DU7=5g)dM3EEy0)PP0(5@Ij^xtX>R>qpFc_){W;oQ)
zSUnf7_Lt(V0Y^}d_x&9Th8nBuW`bd!N!5oD-NNDeU@1S%aP$YUGlo*C>n?K!OayX^
znfH)w<G!?`WxHGXeMsEpvAqzuEI4j|1mq!qTO8X^1c?Vn7nbR4cby;a6}w{@3vx;p
zD~T5`<k{|W6|0Ae73puILTSPFd&8PG^^u~BDMl-FgB+pT3tf#MCs^eT1`z2S&1;z^
z^X~RB4()ZLW2^iwR=J4qcR|V?e|wb+*h6S%b!6#X{up&cY$r7w9nDTk5{sk9-yzJl
zDz~jl_WWX1sMl1rx!+&pkAqr-sysI{j)<(D2&LTUZw2nAD#`XoDLE7M`u#XsTF$C+
zschRy?o!FEUaZVnczufzSo2<%H=JXZAyQ@LMVC@?s@uuzTBjaPsv1UPInCju#I)~p
zM4vdta6I=cRy7#uXZfA_asr&XaI0Edq>AKHnu~N@GgsFtNrX<wY4?^y9XoCv%6_$2
zRg+6q!D3Z49>soD?{3u|5lTn3vb#yeb*u8WQb)h4AGhjzBUQx>RL8}tF`No@`}?Z2
zm=h<rx&B1(>y|DCJN;HCcfC}+xhfZzD%<Z}rwmrBf-h8+?@`(CDb)tmC_7y$H!dYw
zq(nt3+G?k7cvV28pIytN3c65Lm1Ak4vS%qBM`Ah~8{Em5t#n)}uG2)0#L;vT-t1DX
z7N>H5jfxPbj@PJcJM3hot13<m>kajbQy$KArS)akl;RVyQqFZ&ure4dt*$5yRxhZu
z%$HtPS#@c7sL7g#&%G)wOoD+qHK9_@QTm%CYi4DrRDEJrTVGLHKVwD^?|0EQ%~jXe
z1u=Cs@=>PtTMd=9P7<>V>*iX;1w%7RhnGyY@S5lhd{Kr^(@MvV&l^#S@6fC{b;0VH
zb@=X#FXz`)HifLYI5ER$I3r^AR8f&QXHu)G5(TQPQ**G@SUDr8qL&6km}(K(kq4Se
zYXdbk_2pKeqM}rqDyxOJzPz-$uA;KZ8k^T&WwCA!a&Agh$uIA$LY&_lYbz_NIfWMl
zf>lVgB4{-<R?fA`s{++^r6~H$P!;k}jt}!ndGfGoEBdQC9X_;_AB-v6$aHBLvNB7h
zmS0^LsIi=n?2w5W^`#*TR|^e6YjXee0V)EnK0;ZUkdILblonLatg=e+Lf`nZYsRQk
zmudyJaBXF6edBzmk<07npe}1sbjRLUlqWE=vUHeA8#Xg8hE3BqW;9k-;zU?CGhQ9e
zX%C~L`VJ4Qc-1q4RuwLYta<oQtr8VBdkz|+(kid1#-&hcW1z00zSf$-5~APKRR^ok
z3gs4CIuM$JPF7bruaunxS!YJlXj`3#8|H-2o6tLvLljh19{XqQ9E%-N9ZD<eER}0C
zVIw+$ZbF^-4D|BqnNBM-R@S0@e(RE?GA+=A6LeZ-hUv5z7O4Nay3$Z}ZKV|`4^_{t
zEUl>yhO9tkP_-o*yHQme2TNXI@r3ckLx+tSp_+=Lqb`7mrA=%-YE%S50o}e9TQUbl
zDlJv#Z}b^eQ1-gQy6TWs76?{eoL!1uTaQaU<^akiC0CZ_kC|9pV9l%#m6pv9RR+<=
zP~LETo3SeTH9KQVkyPJqX<Xz2{T9a=);#q4`gv+puwqLC`0UWCp6d)-j!+I*)dFx$
zI$};x>7cWi??y518ZCA?XSAu&S2|-(UAa~2TsEmzRRb8cj4`eUaZnA|IZl5n<(S3{
zfopSUs6K->hQ(4<nP6wMqPIH@9Ios}^mz<QofPYJVgur!Au;S#&q3Z$d1@-CsGeDg
zc4fD!uTX8HMnoOHu+`OE9#D}~JJvUZ)Eq}EOrf-{z7caubr9N&&)&vLXP0z3Ot31D
zp`r%yC1*&@Y_)+PW)ZYpIbVrTEyBiV3?d=)6;^cdh~nbH@#9o?<1j-GXVe5{$|*vH
zv7&WfH&Z3%JdBNsdNrQdc;#i~>`c7ORrRjsq~93dp+;IeXM#Y7<b;S1c~uvvM&A#p
z3JgzQP9NbsWQ`m*F@AWwx>1QwsbvCe{~)-oJ|%?NJOw3Y^`+EcqG${-Xl8uMcsS!T
z<5O_OJGgwnfcTUdP_M45sjjO`VV`j-oD+m8gf1{=k?;(q#v>;`Rk~21y2h%*Kncu1
zN~R0xsfhBjN_;Y1iBlE3Mfe<qZ=}u1LbZfyMP~-p=N2XAZ0B@mo+0YXLzQZtQfDre
z5A;pdN1Y}Q=aG$ER*BmN3w^e{VZNnWmS<l*r;ouPG`$V;T5wJozY9j64`G@Ma!Lt?
zGix~=*QtL!LpfP(KsU#IgcE`;+8C&)ZnB0IswU)Fz)bfR+LQAcPrYnGGt67gC@Qx>
zyk9YV_`vw&^2YjLkT<R=<3`43q-Nq<;yzA$tM3xyar433>dES+7F}mXy*06TMCs6B
z#pB0JEE!Qcrm$p0(a<r)gVS3L9acCv1Mfg_`^a&W%lKyVBs-J?hj%t~8ScZ*RRz2#
zqU7V?;^s`r`NWd)MC>!LGamK1@_;vMlz$;yV~0<`qP3h)z`9~*+)dc=a9i;XxO`+v
z`El&HJ5$WZR$K|8oX@|W*UT4!(=_vAGm{n{8XB8?I>XI}GLqYYDe7qCnxo(*VvmQM
zK`aZOz~G8b`P0D0KA+U^?I!9C!GSLIhXPEU@Bt4urpt#eW+jL3+xj6-#Lh=9+^Dkz
zd_9;Ve#>dn;ws}KkWqgtD<2!vBAYsS4a^|Qxvpu-av03TBE~%mHa7nOzDmn;P|2pA
zxj1O*pR1AFXp?N(3vZ)`%geP%b}i<4rO+o+&UF6>HtBNh8E>{I`9?6~(LSGU7=870
zL(9nwryVYRa-*MY%Jl-+*yn1LX|Gp>KH1oLTj+DaGY<A>Up=zX_Q_qq%pad7aZ~*V
zJQYkiR}Z;S&c(r@V9L$v9MdzK8DAeDqh!8a7l1N37isYoJf)KwoL?IXlv$}bKR9lc
zp~lLZK&qb3tyJaXOmC&C`7gCB7=*N*9!Ac<%OZ}FBh#LW%Cb2#OJ_9llF12nB)kxY
zB^4SdE8{h`4CaNr^an7%<6M4@>^DR_u^6j7;iY0qti_e8mFg^Ir8>!~vNVNQIBgLg
z+$1!Z>ib{acxbQ>c(rCW+>bQVK^3cweb_Js*(H{Gz}W-L_zdG5m8$*5US|ZFc12Lw
zMjyeHAHr({ThQ>dhancW$NbPfW!(N^3_D&GMjVKp{pNqu8v-5L%f!xYC+w}KKyNGu
zy~WyPzvMO@#;1!4Fvxk`F!h#{LJuy>!Td0c^)em1NXFU;;kS^P&Dgja0>cbD27CN)
zk@h&wjlD*&w6_g|w+!#=n9YRMLLlvJ3*g&`_KrQ~%h+24HgRYpt{3uWDpQ255lp>S
zXvje{q&H(@75p+?UkLL=tdlP1f0OP8u!%zx`B;vRC+N+Dt%G0M`|2jV_y8H}h36$>
z?-{U(1GHwq-fDv0OxP3fOM9^^aqdPS?RC&$EY^PPCJxa09`+)zQg1dBwi^OzZ_Mwp
z!Vf*#>!`zM?+|vzNypCZ=RtVYiycL84CDS!?Hav{M>un>R#Q6EJBeLn$C?a1UW1s8
zI^2H3ZkYbn&=bjq!@fh9EQjwlr~k4XoYze~N5Yu2w-)x+{YHP`HHWkp3wzX~J)VP&
zJ+`5UZe<rb@8&?PHj@@zGbR~OGalywM2rWU{KbI%*rmNKMR-hUj37)Pd@Y-ld#ta|
zwuI20v`Bx142J*Q$;pkD;h5#d>n9g9c+MmvJIdb^?gUf<^K7F<eg`*K_}TvEoX2of
zi`sZTq+f3CU-?byjuyVcm+Ht3uP9nJx4JTuezr=>=2jy^`q{HvHn$}vAc(OR+Y+e!
zys~WB+|~sx9*|qLV2j9&9#YogRdqD;Jpb(T{7vWiSDfd+^*sNb=lM6B=YQ-x|8wX0
zUpdeJ_w)Q8pXdMKJin|W_JKB{%INP1Kd*s%f!m{o63+|o4gV5^FT>98?DN7eJI_Dz
zJbw}Vd=SiQGsd5BUU<WK{(115Yc}e)Jdu(&zs`+)&+1@fpl7;sI~jBqA<e>!SODso
zh2MPotrZ&v46xL?Q_IQ{u7-F)bng07cv%WTT-gxIDMV-Gl6TN%DON2xh*h2Qmmq$%
zPITT{Y|A2zUafJKqx4dhS%p+<e(GQ(YF)Br(J8!4E!KLBs$3vNuwE3_H|6IoZKCn8
z*?KzSoNAaegkg?;!xdz9Dr`%z8~OEQJx$ysc$LsuE%=DgIVPBW*XD$b4X1s}<^?1+
z&Hy$ier$9M$CI^wPqNleCSQmHwtm>{?h2hR{CE<<mW|zx#{nD9eRez!*al&@6BJsx
zWF0q;9FGIG0_?W7Glm?G1GWj+?RXrpm0&k^CX*8>#j6_F?TZvz)5**@wkqs)l0vJ7
z+}q&>G7E$)gx&6=(BhnBbK=Lg5WC^q$tjfL{RZqdFRrnz!*1$rJvj{rY@4tf`NM*@
zkaZcKAZwf31aBAmI|T0}>-yhA)^_#_`5R<y^8h&m2W*G1+nEa0wOXt`UG#@27V{Nf
zEan;s<sP`Bwfs7`mutBXZn=<GX?ZkUzM*04oP;gI?O~hDH3+^{N*<4$?{pd-BzPzp
zd8mNBotl?`@mN&p^NkIzB~a&j$oVBE`6loj&8xsGHLnIgMusik=kvuWGT-`mUo&5d
zDuthN-h1=IWuwE_sSNW?5;E_rn*~26_-Vo0H8a2aG&BEvRg8AX|JJ+{I(*@VWjTyI
z^X(e)5tc>sF)*8-aeKl|)Xa8cx2ArK<|sXW*%c^{g-edoW0`LNP~I6XIjS2D*z&N`
zKHD6(fl7x#WTP{Ma_F%AXOUqiUb9J;*8-F?pJbEn{gfl_Cb-XP-T`;F=9O?+e(D^D
zdrUL0UBB0S0`6JCe0Q8_B|}Dz(qn`lV$crP(Yk1ze$XLD>G|g(El-D>9Hqw;e@%ln
zvmqx(#RIVMoK1O-W+T5s%LhSDj!K|5&gGON4_xEp`J8ccAt#$WG-)~Oo@{I`(eeVw
z$tG{NYWWz*$wvPHEuR26*~s~$L`=5?a<a)Af1``?$&izy5&_r_YB}4P9CeWrTgS9~
zI=tj4HZC?iP*!E+dSbL@u1mJn%rVVZ<(U@y3^_{A$$T@M@*2p=QF?yP*763($x&=v
zZ24Lq(j2AdZLUMHo<rFAMmTLYL5Ccr=kq!(UkEwb$nT~cJJ;{lYn|JnLyppODc@+O
z&9#t|qxAg0opS8_ouC&qbG>gL8T#v>Pc~!c4Xwj9#J_8u_0S<l>2t@=T8DGq8O>ZP
z>;OM)Zh}79*yO94%mddqf2VaGh7Q^2@EuO0ldE;MK!<Gl6<_0|{U;zNo3iuWQ_8nN
zPB!u&<w%!nxC^z;cIc2zx+}B}*C=n%Iy<04HacsC&I6jEVm+*x>%aVsE#_e-<YY6(
z`8z4h1J{eWlc~>N?;&$;e@8Rdi@(;)`#!!mOC7HB{z8WRJ+MzUb;5T}snZ#5N6lP^
zP1c+Px4&kdJ90Hs=W@+lkG@K9h30GE&eY6vL>;*=GJuU=&of<~Bj#vkAK<TE7@d2x
zoMm}Y$oUIPj7$C3h5UUo%D5l)$)*mEQx1LB8-GI2*yk_&QU49-lTEwxy;8~#Ku(Uz
z0ARaB%MWRe($^dLl*2yr$(L7+{dro>_eEEb)0G+P4#BKXb3L3VxIpk2!MuMr`Xz!V
z3!WmFDRyY>T=T?ej)lwJhMZex>^AbwtsC|ZniB+b8lv0_H;0V4gWz&Ec5=x&ZXTHW
ztdl~)6EsIcKA8+VQ{ZwpcBYfHoeD7R@V>NKaD(QnA#WnX&O*4{jh!WAZRdJ0?JU8*
zQt)cc%OPJ+hMi4txf?s2Ym6PvDXLs(!zTrA*BlA?%bKIW>|3;X04{f9lYPk8JWL&=
z&wJgYf<Mwc6Y|eB&jPaz?6x>yi^guVF|oD7ZW!G+%v|{}Y4Os5X>nuw^7}__JYAW%
zS%L=&9xAv%@OZ&f1y=~>b(FE+DEL~zHwj)V_yNIN1^-#_9>ISV{J!85g1-@bMsO>;
zC7*GE(*zF_JWlXcf_eQDF0Wwz7?Y9nH@6J07raIAcESG=%xgXq_rHSq%BztV3Z5dk
zOmMZ}g@SJqe7j&?GZ_24PB8qQ;LimAC|Er&)qRy;K$y6z1oK>J<eLQZw`Gldm*BSq
z^M1$ZoDlqt;4^|-d0O=21Sbkk6+BRIzTj&G-zxYi!G95aO7QP6o=u*4ela{;@OZ&j
z3+B9F^n-#I3;u&(o`;P71A_Mp{y^}@f=>yK#{^{T3=up=@N~g7f|~?iFL<@!b%Gxj
z{EXng3I2!RPX+%V*d5uD=eB~o3g&MunR4-Wdkqf}JX-J-g6jk?5UhS#O85EOg#3QN
zj|zTH@E*Z$3;u`TPX+%dIKtPG|Mr4=2<8t+nKBL#oG-Xo@N~g<3f?GqtKjDa?-P7b
z@IM59BKUj3_}>BHd^QPQF8Ggv?-%@t;BA8cF8E($%v0R{4L0Y;uY}G|<QPW>?@))i
z4OzEuXCc2($a@Ppey|}N_fnxVLdZu6d5MtM2@VRK>x6unkgpN^C&AB>b$MSPw|C05
zN9epGbWV^l{<(c7<lmEZ+_Pj|5B%{aV?Tkc<MtME{-Tr7=?`X|-w6Bpl<RsPBXsza
zPsUEQkS`E&{#zbn^B%!}61-dRKLno<+yxg^#!i~x34$vGFBaS^_yxfq3jR?rKE4X4
z)gH`x;5Bms<+>jF3eFN-Ab2cUx9R0z+TohyG@(-?c#hx&WF2=A*u=e2=&TYt&4T$Z
zfQkDT!LN{Ye|S^K-v-k@ujh{lofBkT-cN=8w}K<^2+`P#6PzeGRq#N;`GSiDR|swp
zyio8>f^QeRMeugPuM7UW;130#795Fdc~gf`VAc=sQ{pJsbr?_9_0vnp(}X-*$S)J}
z;X*!E$cu!0rjXYN`CK8tR>+r<kw<R77kmp@&k6UDb)Fv*{3pTN1^<Pt<L(pkzmj!Y
ze-k<%3Z2gce<%2i;7H`f<R_Y})9NVX-39k1>va1G{Q*K}nBdWZO9W39Tt?P57Ye>p
zaI@g&1RoUqAz9C>UkkYlH-SbTL)K|!3BE#bqu>>S?-u;H;Fkp-7yPZ@Xw<7ox2ND-
z!IzVD{-+B0?*(rp>;At*$e#dnjPP0V3qofv8Fj(!H6cGF<nIajheH01;2(qz?~jem
z7{MLMI&VFMyeC=L`5?g)1Xl>YS@8X2ZSxT!e;my6a(!UC(AiDa<$XuUj|us|h5R$J
z&fC|5zXQ`gpUIpN`mK-`^L(}~S?BEnvQD=<S=-DZ<J`t=l#q`D(>|Z`6jP3!TPa!V
zR|t6>S=$eiwf&og{t=<icfE|AZ-o4ekaxy{h)FkDaF*Z!g2xD+DtMmY4T84|epB#C
z!Dj^bjBCkHf58(4hXmguc&p$&g5MGRrC@x67cP4r!IueUd$5hT;r2AlxGV}YrqVFO
ze3<zt&cy90I9YI-;4Hy|1rHTmAb5=6X@biHR|~Ec91^V733VA43;A-vzZZOq;Prwx
z34ToQp9DWE_<6xE3*IaE4Z#Nl9~XQ=@aKZR7W|{&Uj)0cMr7KE@6#FPJ3xlp3+AuI
z8#(`{j^PZ!{RIyeJXG)~!CWgdcKF=Ta6oXi;99|R1kV?|RPYUgxwdBPuNBO7HY498
z_%XqM63pj`M*n%iFALr)_$|SFwrJw=9XiAR6nsMPCxX8g{GDLl8yGu2!7+mQEW+sU
z9>8#t;B3J;g8B3QM!!h#G{IayG&=kheZzAEb1l)xc`a-BM!|m&yiPFJ7>)jB!H)@k
zM)02n?-aa8@LPfp3g)_{N$aTKj|G1!_#46B3+6A)8#~d0`5e>8I|)t@+)Hpj!Tfm|
z6PG`^WcV_{BLo);E*5-+;Aw)(1cwAS30^FCx!{`x^T%~f-nf2ic%9&f1V1YHNx{zu
zeo63d!LJGC+OJ9LnBb2De<t`V!9NK8S+E-?KVvgea67?#PHJ>|3g$CYBj<Bd!+bt!
zc(~w^g8A<SjLuZSe3okDRe~1?UL=^$PmTT>!D|Jt6a0YS&4T$G`o<2|t_|-IykGDE
z!G{EYAo!nxKNkF{VE$OYN$ad&FRmSpyp`bgg5w0^$7RF%34;3wP7%!C05|rB3N8>l
zMsTs<D+C7wR|>8X+#s0$e!!&5XT*kY7Q9CA-Gc8Eyh-rGf}aq)P4FJUT>m%e9uRy;
z@Dahs1oIhziTkNwJ})rx9|ZH^rIGW0GaBZ9S1^2m-~_?F1oso1F8C6`{D*7CCVs6x
z%msoc2rdykRd7Hs|Gk5;Ialx^!OH~mzd#uMI|Vljen2q)S%lHwE_kQlJ%af^C5--I
z!N&xDB$)qo!s!1fnE!CX$fE>z5Zp;HpOqN>-wEb(6C=Mw@JPXYhGKNC7R-N3Y2-5m
zUn6+7;5mX930@|6rQn+d-y!&J!H)=jT<|u*+XcTQc(>r!1ivNt9l`GjJ|_4h!F;}B
z>f}qo{4XFz?!vPY!|eoj6wGHmMkifxj^IIp`R_!G{sh5S37#f+rr=qE8wJl5yjbvZ
z!M_)Li{QHi-z#{N;D-hCzo3}>?-0C4@P5I675q2B9|-=Z;1h!R+{&c&wczgrpB8M3
zXG}i9(SrF8$BfO+f_n(QNbv6jrwQi2d@**02`&^oR&a^n$%0D-mkXXHxLz>-!;DFH
znc$UzZx(!~;Clo=Ab7LjCj|4ko=J=U(8lnqg8Bb#jQoh;j|86-{H5Sig83ZK*f}FO
z0?)sUoX-ah#|VxU+*NQ7!O4RA3C<FHiD3L9dpNCOf=3G;FZc?<R}1F9{V{oN5Ij%t
zwSxJa(de%be6wIae>6Jx2)<wNgMuFs%zqDK;_eW<TktD_-x7RKF#oTNv2#-Jmx50T
z{z>o|!F;A^?8FN0D!7MWKHoI@=J_U;W2`|!o-25yVE&sr6PM3D4F?4C|J50JjbQ#S
z93x*Qc%|T*1>Y`stziBW9b@M)!A}W(RxtmejnRKq@BzVx1b-m-pMv?nZ;YMq1pgwK
zFTEL^7{RfE`Cn^{PG7;e<gsi#d*j9>X0x`8rQ)zY!%SS<f`l1Uc$i@_%$)^y6C5wN
zr{HwK*@ANf4-#A;c#Pl)f=dKX7Cc4pbioyZ8wCHK)=L)(oh5>=7yKWrhnV{O7R+yB
zxc#IV%irqT7Rvb^BG*aC{3M~hX4X?@&0Ht$uDL(Br)GW+(pPgnnCm38QwY9T^X1?{
znz?2?OmhHSpt%Y>PV+o)iRSs>t2EyTp00T%c!uU%!8Mw11JBcZ2Y9LG4d7LpH-Yce
zycxVf^V48{zr+0VeMY|fP2K_Csd+b;-}O+w56pEB@^SDX%_qQo|BdpKV6KOd`CSR$
zg(Js;xgJ7}2lKr+at`=M&HV3^d`FIQuF-lt4o?U3eL2c&z%iQnJ|o|qqx=qVH_iMf
zk$jJia()}awGlG^0VLn4BOeCy-EuP5LAg#s=DUqtCn0|UF4WAm&+(f1O~ypc{1)SC
z&0OycXy*4CGd1)7FV<=v3g)ll(*79i^ELCkt;L%8e!>l!OTqk}iuwWUTvs8NW4}vt
z4fuY|A@C;6T>E@f^BV9In)yuz-(RO4u6^#%%paNGrFlD;@7Ys_-(T<_2$TPc{T<Ek
zfRAYA`sIh3`Afn7(R>{IrRI;o-)TMp{zdbbU^nj5X`jC?j9+F{d<q<+`8zPzSg7+~
z?D&5^id&<<Bx>ebX0qnq;8e|Azs%M=3OrCV$6T)F$zZ-qPx~ByTyG&y1s7=!fG2C_
zw;IzlSA+R{l=`#4*J!Q<bG?P~dhlG$v%w2B^Se5(!%$}#_$JN##_kr)w}Wrjd@uMO
z&0E3iHFLZ^q?zApY|(rG{FG*Xx3OLGVepHZ{{iNj4D;{__%+S{1#?Y?au?d_UCmKo
zuE|i&v3OiFzvnoqnd9jT&HS<bZ#DCqgP%2*fo+@=X{QG4)6DNP+GyrjiPg;SHM(f#
zSmF8%<8plT*355zQZ#cMWNGI5;sDK$fcfqy<MMl=e9asae2<iJj)@}8FM}s*=9nne
z%<pb0HJ=2}(#-!%I9sy^Wu2$FE%-Xk9l*;qcLcB0+zEWEX7=$rH1ivgdo?G4H)v)b
z->f+u{J7>!@Y9;PzW8U&Twi=iGvD*wt9dl|4b2n42Q{-_b8UxpG7HT2UCFgzuI-Td
zZRIDL8^K>`4uQYd%;)>RXy&tc3u_3B%lCr0**rn(%`mTX%sHLcIfi=*=Jkw`^SZ?_
zuUicB`o!>b!8L-L1Ya+BwcvGv9~Qh#@J_*R2tF+MBf(z@{zb44=N^-1o;wZm+-bO<
zV4g>fJWuch!BYfR2@VNfB6yWxKF2in`Rvm06M}iJHS+y}4+%adnCDuf|D#}@YmJ=G
z77ce3oGh5n6OB%;V4h!%oaa=-6@nWC^SPnXQQsiI&+T?0UoUuzV4g2c+&zL12tFeC
zq+njJnz$C`T*JIZHO%W$!@L$X%<E6Xyyi5_>rBHu&l#RBnAecz-IXT6*9%@P`2PX*
CP`p_H

literal 0
HcmV?d00001

diff --git a/ssl/openssl.c b/ssl/openssl.c
new file mode 100644
index 0000000000..6b5c4d8ee9
--- /dev/null
+++ b/ssl/openssl.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Enable a subset of openssl compatible functions. We don't aim to be 100%
+ * compatible - just to be able to do basic ports etc.
+ *
+ * Only really tested on mini_httpd, so I'm not too sure how extensive this
+ * port is.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+
+static char *key_password = NULL;
+
+void *SSLv23_server_method(void) { return NULL; }
+void *SSLv3_server_method(void) { return NULL; }
+void *TLSv1_server_method(void) { return NULL; }
+void *SSLv23_client_method(void) { return NULL; }
+void *SSLv3_client_method(void) { return NULL; }
+void *TLSv1_client_method(void) { return NULL; }
+
+typedef void * (*ssl_func_type_t)(void);
+typedef void * (*bio_func_type_t)(void);
+
+typedef struct
+{
+    ssl_func_type_t ssl_func_type;
+} OPENSSL_CTX;
+
+SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
+{
+    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
+    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
+    OPENSSL_CTX_ATTR->ssl_func_type = meth;
+    return ssl_ctx;
+}
+
+void SSL_CTX_free(SSL_CTX * ssl_ctx)
+{
+    free(ssl_ctx->bonus_attr);
+    ssl_ctx_free(ssl_ctx);
+}
+
+SSL * SSL_new(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    ssl_func_type_t ssl_func_type;
+
+    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
+    ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (ssl_func_type == SSLv23_client_method ||
+        ssl_func_type == SSLv3_client_method ||
+        ssl_func_type == TLSv1_client_method)
+    {
+        SET_SSL_FLAG(SSL_IS_CLIENT);
+    }
+    else
+#endif
+    {
+        ssl->next_state = HS_CLIENT_HELLO;
+    }
+
+    return ssl;
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+    s->client_fd = fd;
+    return 1;   /* always succeeds */
+}
+
+int SSL_accept(SSL *ssl)
+{
+    while (ssl_read(ssl, NULL) == SSL_OK)
+    {
+        if (ssl->next_state == HS_CLIENT_HELLO)
+            return 1;   /* we're done */
+    }
+
+    return -1;
+}
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int SSL_connect(SSL *ssl)
+{
+    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
+}
+#endif
+
+void SSL_free(SSL *ssl)
+{
+    ssl_free(ssl);
+}
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+    uint8_t *read_buf;
+    int ret;
+
+    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
+
+    if (ret > SSL_OK)
+    {
+        memcpy(buf, read_buf, ret > num ? num : ret);
+    }
+
+    return ret;
+}
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+    return ssl_write(ssl, buf, num);
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
+{
+    return (ssl_obj_memory_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                            unsigned int sid_ctx_len)
+{
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
+{
+    return (ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_shutdown(SSL *ssl)
+{
+    return 1;
+}
+
+/*** get/set session ***/
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+{
+    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
+}
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session)
+{
+    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
+    return 1;
+}
+
+void SSL_SESSION_free(SSL_SESSION *session) { }
+/*** end get/set session ***/
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return 0;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                                 int (*verify_callback)(int, void *)) { }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                           const char *CApath)
+{
+    return 1;
+}
+
+void *SSL_load_client_CA_file(const char *file)
+{
+    return (void *)file;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
+{ 
+
+    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
+}
+
+void SSLv23_method(void) { }
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
+{ 
+    key_password = (char *)u;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num)
+{
+    memcpy(buf, ssl->bm_data, num);
+    return num;
+}
+
+void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl_handshake_status(ssl);
+}
+
+int SSL_state(SSL *ssl)
+{
+    return 0x03; // ok state
+}
+
+/** end of could do better list */
+
+void *SSL_get_peer_certificate(const SSL *ssl)
+{
+    return &ssl->ssl_ctx->certs[0];
+}
+
+int SSL_clear(SSL *ssl)
+{
+    return 1;
+}
+
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_set_cipher_list(SSL *s, const char *str)
+{
+    return 1;
+}
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+    ssl_display_error(ret);
+    return 0;   /* TODO: return proper return code */
+}
+
+void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
+int SSL_library_init(void ) { return 1; }
+void SSL_load_error_strings(void ) {}
+void ERR_print_errors_fp(FILE *fp) {}
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
+                            return CONFIG_SSL_EXPIRY_TIME*3600; }
+long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
+                            return SSL_CTX_get_timeout(ssl_ctx); }
+#endif
+void BIO_printf(FILE *f, const char *format, ...)
+{
+    va_list(ap);
+    va_start(ap, format);
+    vfprintf(f, format, ap);
+    va_end(ap);
+}
+
+void* BIO_s_null(void) { return NULL; }
+FILE *BIO_new(bio_func_type_t func)
+{
+    if (func == BIO_s_null)
+        return fopen("/dev/null", "r");
+    else
+        return NULL;
+}
+
+FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
+int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
+
+
+
+#endif
diff --git a/ssl/openssl.o b/ssl/openssl.o
new file mode 100644
index 0000000000000000000000000000000000000000..43ec25c066ecd050aa44d403ebc94b187c45af2d
GIT binary patch
literal 827
zcma)4O-sW-5S^I%)q2pgm*~X`x}>FtBJ|LfSPDVGwxSn9TB8=)M4A=q$$udJ1b?1a
ze}TS9GbVxsA3SE>?AzJRWM3Tj)G!PZ7<5CKBKqJ3lc<&$%2c8aqE5SgVwFd;D2{a$
zO^(kxRz+29Wgl8KRaaHog4+VQ)0Gaw*!Q~OT||SP<275ob9c~pJh$6-E}CwyVHcaN
zZlh9!S;fy&?GF+4Y!M$M)4^Pmy7jeBY8b~zgW=P?HyMY4<gk(&Mbl{z!a7e5R%1T+
z-`ItdZ@rf8SbTT3U1qbF`Y@UV%X|k|#l(1o36}YeuqwUTxXf2ieKwnbzkJ-M4RXx;
z_Mrv5#&p4TDI#8ie1?EMj2%$Ef%PkR%}EOJaa@ri;yc6}BLCb?umEnSdA^?wQ9@lH
x{X|R5*9-LdC3TMGuL-iw--LDkMAm$p3?{8+0-5>q3KnIPClx*7ImZ(<qHphZLXQ9d

literal 0
HcmV?d00001

diff --git a/ssl/os_int.h b/ssl/os_int.h
new file mode 100644
index 0000000000..a6207f1d42
--- /dev/null
+++ b/ssl/os_int.h
@@ -0,0 +1,8 @@
+#ifndef OS_INT_H
+#define OS_INT_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+#endif //OS_INT_H
\ No newline at end of file
diff --git a/ssl/os_port.c b/ssl/os_port.c
new file mode 100644
index 0000000000..6a71000b47
--- /dev/null
+++ b/ssl/os_port.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.c
+ *
+ * OS specific functions.
+ */
+#include <time.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdarg.h>
+#include "os_port.h"
+
+#ifdef WIN32
+/**
+ * gettimeofday() not in Win32 
+ */
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
+{       
+#if defined(_WIN32_WCE)
+    t->tv_sec = time(NULL);
+    t->tv_usec = 0;                         /* 1sec precision only */ 
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    t->tv_sec = (long)timebuffer.time;
+    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
+#endif
+}
+
+/**
+ * strcasecmp() not in Win32
+ */
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
+{
+    while (tolower(*s1) == tolower(*s2++))
+    {
+        if (*s1++ == '\0')
+        {
+            return 0;
+        }
+    }
+
+    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
+}
+
+
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
+{
+    HKEY hKey;
+    unsigned long datatype;
+    unsigned long bufferlength = buf_size;
+
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+            TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
+                        0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        return -1;
+
+    RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
+    RegCloseKey(hKey);
+    return 0; 
+}
+#endif
+
+#undef malloc
+#undef realloc
+#undef calloc
+
+static const char * out_of_mem_str = "out of memory";
+static const char * file_open_str = "Could not open file \"%s\"";
+
+/* 
+ * Some functions that call display some error trace and then call abort().
+ * This just makes life much easier on embedded systems, since we're 
+ * suffering major trauma...
+ */
+EXP_FUNC void * STDCALL ax_malloc(size_t s)
+{
+    void *x;
+
+    if ((x = malloc(s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
+{
+    void *x;
+
+    if ((x = realloc(y, s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
+{
+    void *x;
+
+    if ((x = calloc(n, s)) == NULL)
+        exit_now(out_of_mem_str);
+
+    return x;
+}
+
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
+{
+    int x;
+
+    if ((x = open(pathname, flags)) < 0)
+        exit_now(file_open_str, pathname);
+
+    return x;
+}
+
+/**
+ * This is a call which will deliberately exit an application, but will
+ * display some information before dying.
+ */
+void exit_now(const char *format, ...)
+{
+    va_list argp;
+
+    va_start(argp, format);
+    vfprintf(stderr, format, argp);
+    va_end(argp);
+    abort();
+}
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
new file mode 100644
index 0000000000..d63a48ddcc
--- /dev/null
+++ b/ssl/os_port.h
@@ -0,0 +1,199 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.h
+ *
+ * Some stuff to minimise the differences between windows and linux/unix
+ */
+
+#ifndef HEADER_OS_PORT_H
+#define HEADER_OS_PORT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "os_int.h"
+#include <stdio.h>
+
+
+
+
+#ifdef WIN32
+#define STDCALL                 __stdcall
+#define EXP_FUNC                __declspec(dllexport)
+#else
+#define STDCALL
+#define EXP_FUNC
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WIN32
+#define WIN32
+#endif
+
+#if defined(ESP8266)
+
+
+
+
+#elif defined(WIN32)
+
+/* Windows CE stuff */
+#if defined(_WIN32_WCE)
+#include <basetsd.h>
+#define abort()                 exit(1)
+#else
+#include <io.h>
+#include <process.h>
+#include <sys/timeb.h>
+#include <fcntl.h>
+#endif      /* _WIN32_WCE */
+
+#include <winsock.h>
+#include <direct.h>
+#undef getpid
+#undef open
+#undef close
+#undef sleep
+#undef gettimeofday
+#undef dup2
+#undef unlink
+
+#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
+#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
+#define SOCKET_CLOSE(A)         closesocket(A)
+#define srandom(A)              srand(A)
+#define random()                rand()
+#define getpid()                _getpid()
+#define snprintf                _snprintf
+#define open(A,B)               _open(A,B)
+#define dup2(A,B)               _dup2(A,B)
+#define unlink(A)               _unlink(A)
+#define close(A)                _close(A)
+#define read(A,B,C)             _read(A,B,C)
+#define write(A,B,C)            _write(A,B,C)
+#define sleep(A)                Sleep(A*1000)
+#define usleep(A)               Sleep(A/1000)
+#define strdup(A)               _strdup(A)
+#define chroot(A)               _chdir(A)
+#define chdir(A)                _chdir(A)
+#define alloca(A)               _alloca(A)
+#ifndef lseek
+#define lseek(A,B,C)            _lseek(A,B,C)
+#endif
+
+/* This fix gets around a problem where a win32 application on a cygwin xterm
+   doesn't display regular output (until a certain buffer limit) - but it works
+   fine under a normal DOS window. This is a hack to get around the issue - 
+   see http://www.khngai.com/emacs/tty.php  */
+#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
+
+/*
+ * automatically build some library dependencies.
+ */
+#pragma comment(lib, "WS2_32.lib")
+#pragma comment(lib, "AdvAPI32.lib")
+
+typedef int socklen_t;
+
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
+
+#else   /* Not Win32 */
+
+#include <unistd.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#define SOCKET_READ(A,B,C)      read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     write(A,B,C)
+#define SOCKET_CLOSE(A)         if (A >= 0) close(A)
+#define TTY_FLUSH()
+
+#endif  /* Not Win32 */
+
+/* some functions to mutate the way these work */
+#define malloc(A)       ax_malloc(A)
+#ifndef realloc
+#define realloc(A,B)    ax_realloc(A,B)
+#endif
+#define calloc(A,B)     ax_calloc(A,B)
+
+EXP_FUNC void * STDCALL ax_malloc(size_t s);
+EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
+EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+
+#ifdef CONFIG_PLATFORM_LINUX
+void exit_now(const char *format, ...) __attribute((noreturn));
+#else
+void exit_now(const char *format, ...);
+#endif
+
+/* Mutexing definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else 
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/os_port.o b/ssl/os_port.o
new file mode 100644
index 0000000000000000000000000000000000000000..6c20927b3dc431d559f8956458439137b6d48b39
GIT binary patch
literal 13424
zcmd6tdvsjIeaGkC-D|D5vMfvTS~fObzpw(<O14#FjEybZ0ttjMmK{tC+^kl+(xQEc
z-IXN=QyT|}laOE<C~4v(<b<|{*bQwSkcK8WkOcB1r-ZbG^g#LuO*pN|qqHR_>GwN#
zM*CCJ)AY3eWX_p8pZU#ie!qGA?(FPJhkFMua~wz6<ft1}t)|q;MQDjA)vXoU)nc{K
zs{W5<lWA=}^Tfs1tWoL@&NQ8j^rx=7Id|K^dybw-G+e&fZQpoR?1uV6UHxl+H1}vq
zl~XP}KcVO!Po<jAoOM%?u=e$BOO^7Jimhor(=_|+|EKMlrLda#Vj?vBd|AQr<_2y1
z>7}7{rAiakL@ApnWD2G7L5yX4X(B(ID3%}{&lD5cTt1Unwz9H}<7`0w6;ebwhg5^3
zxMVhM1VpiZs&Q*{If^6jYTGxVe(rR8lU9@M`+iG%^|!PiNBc@)A5&C!xksEkeT)f=
zr}H|V&UF~zFk6v69Tv)UX8j}3bz*m+)pfm-x~MzqA|9e%u2@xWv~CM(Zp`~GHDh%X
zD55u0udau<8yIP-urcbr7c-9r@Eci8iT6Epji#JF@T_R$vPV$XeS^mP?jQ~j`zcki
z)p$ICT+c^@erLh*IkCw0S0L~=(`YX}D!-R}#XZ2NiatyKSAK;Rm*%d%0oV|Yo`I4#
z&&PmZDvg%eEqJtft1}S!_p>!gRE@!y@;Yfb>bFy@Ip+TYjUhMqKcAL2H3n14>l#C2
ztC|ySMj2x;--4`%4o4f|Xoc7PGl=|e!mhWz2T$c!Xyqbu)PD;ay$$4;|1oTfcQLua
zUytc{8_7-nFJQ;Jgxu=?C;M(9xA}iToz3J${w3^tDLJ8<at_Qn-sRos=>ID!ULR2*
z7Qp@FBXb|7r7JmR<;?vsm3FccbyVz^knMnyp2!l_v;~fiJKlAShj7W>LR5Y|ZS3y>
zM*Y`m;)Y|8$9xXJyO9$=hQ*<&*!%HdHa6!(Ka5KA?8jj`=H;G3#oxnTHxZTJf`>QO
zL(8zhpqTwVsE&FM{R~B8Fs{6ZwPs^bR^G?8Vq-9=yi>%Oe?M)VUI%XQCt%V0Gjd~N
zFqBo^Cq4p6lYbW^-Xqj+^M9ZEk8<LR{0pf6*=w<)3IFHh&)o@L;a|ns{?)_ac7HF|
z`}0rXxw<i!7*gID+Ux>jWMAaSHh?j-Cux6^{~CRL`K!?1>UXg3S6;w#dt;DC-><Uo
z4*xXA@D1t@_)n9+ISSt8?_l3=H^ciL{|6k;cYX@VKL78r65e<DT3qkHLiyjY@33lN
zLG@Ps;G|lwfVWo4v6^jYn%9L#d(_+EvL!x(ns=G272<#5pmL?VW)>DdK1jo1B^LK<
zm4<kfeXi1dn&LS25kPKB3~u7jvt^fV>54b9a*cZn+;qn;=a2_=%ZB)QY}xB3(PvZq
zOEkUD<*T?g-o?swT5U)C!|3U~MYr_DM`&Qb+l@X0@%>c0QLF8WKfzH4dOCaJAE4S%
z_q95#(|m@ncZbW6?Q`aTjGgXucc2(><}ar4ce=f>_o6%hPTF{{`)?4w<jx;v?QZuP
zw7u$L-F88YGqQ+b&xtY&^+I!EVxe`lCtT>;(A36WbD}rk+444s89qXtBD*hlQHNa_
zRy7^;egp!2GBRlN8{~%dAK5xa`V6Nz*ZC?Ywjc_5gE!B)5PKNchunP4Dt-&6-{#Ow
zH2x&JEO5BfF}UHp=R|39K?3cK-Wn%Q0~c|l)@oMqdstbgE3@K{v(oMGldnO=SR6tJ
zGs1<>dTIAoY(e}Ls%6|hw5#}sSjp;*ipC$~a7MINEPfe0d!sJT&=v7>*^<+n+ZTV8
z1HH+8Gy3m}uVH1(y$GK6#b0M7@4kYT(fDy1DCo*~{0WG>qOMHETi8-^--FQ{iJzkB
zarZ;09E(50;oPkKJP>~wuD!DE^I-fW4ODdHRQy@CRCVQ3@x5%B(3QvI!>k<8m8aq#
z;czCkwXdrf_nt2Gf-DH@^s4K1Vg0nN&sPi2dWYO^qaI&QGlw;+_&FT=5%*;@OsN>p
z7NWMXSjD)gjB`^z_pF!Fui+xT;og+X4Oz5~CT?@-EA+ZNW_q-##e4yExMA}tpA+R<
zxVV?%9&~`<N-f@qXN=*I0%(7(iY|ac^tnDhTQTZc?UQJneHvN~b?PM8e-v$XipP-h
z+ow6|AB9exqKBA@@`5yLC=dPUS<EoDj(*Pj2&B$^cqqn}bE2tUsU?#bopT>wG^WJT
zcY~b!>B_xl>oVS6>+nf83#!YV!N^aY-D(AUuja?!%FnQKj)SpRGUr4ds^?cA=Dhe>
zvua8?W7N3{d08JG>(F_hwzykcY~Kap=b^sb+3jK4Oe?Rz!>O>Jz0Nr&UZm}VMm&Zl
zI;zkSKYr+Ff*npHFJmP2!O_#xLm!0s&|e;HzwVC<<J`*b_Il`?7&r$miV)Mq*U&_N
zy7DS2^mmvYW@8za9RUo%-v;yvm#XIP7}|c_-(O>6oOf`;jw7!`c22y6zDwSY6>#3c
z9k~#8m#pH3XuWGurO$V=(-bOi`XFE~@&$9)=iQV)3=;{p?4!U#7|oYvjK)2L&#6;r
z3I{WYx?b`oh>$KkgeZ4XKSrN6?f*WGaftQRgM0zjM))Dv@ku;lpQX3+;i6SP^ij=-
zLx6u0Me^NHs^8Ml07?A~TqSNsD;H9AT#q@`AEl5h)=Drf7hodwS5v^zYhl>ZS({=4
zgPQBCY;5r(jpsJbb(&{2%}2PdP`-aDM7XaSgs*5^MH)Bym-zj-1bL?7u`+AE<NIuJ
zP^p_O)MAd)-$H5qQq|wmiE*6MB6R(l?gq3q%z<CTK#LP;tQl;CQY`dKr8!ih*Cwsz
zS-*3IEv!lNJhci(K+8O5)q-#ctsaJe8^&}uj{}RFZkPzI&lgo#X**x{Sui~!-Djbh
zgRY!wCa)`tYTa>C(KmgZmvpu)2-j}a0xt5_w)?l~mL=ZwV!2rOL>qQ%X?IPA`m%Q(
zb+AWk^fE4g*HK5gZTD<L!wNJgHX!7sgZ`EoF3yJwvwU>13f4un-CD;h;KNNbPUQ<~
z*7{pE>2Y3I8xsQ9RIp@Q7Hq;Ichov?vBNIOq^eDtTAej5>R_f!=OH_4H;Z)|2U+l3
zj4B+FJZN>|sdzaubXi=BJX4_$5*~|C;2B5-Af7t$;7cPz#G-;cvwKZpP$~>g4`3Kw
za-jvDd9)zx^PoE%idfu@Jkx$nVNfd6>>ojwJCI@Y7z$bt_Ia>95Q<nlqVakbpGKbP
zs-`>mfKaHp;)(XB$gs~7j248eMX2JiLc+0Q5>;&CwbfNec%C_L;N`?mHxAm6ok}II
zI`>vG<w|F6q+A*sEmg-#2Rg^grJFM8YNaz%8Q-vW{rb*Sd3YjMEOib|<nqIvg;cs!
znd+P@mB%`J!j@!ee7tjesaVYv(d~-VfmG)xI!&g^8EYh6Dp>5SmP+|b=M=OnsgC^A
zny&R7nSAy)1-W86KQWx?tQ@TTE{!vv8|oZMr+;(2-N_BfwVh_vze^+jjit6@RHaHV
zUMg3UX$C~TlpaftGMa+w!SPHb<VtmTIFkh<kjfeC@U%Ep9tp*p7#Y=$T=7yy9XjMn
zXh1vyv05SHQ%J{Y<UYrVMC$R=SH!7z@jPsplEYeZYdzvL64iXD9>0h{pPG(lw|*9Q
zr;(FGc|^-2|0lUJy~0t|Yme|-k1Lep1jCh5Fq$e3=QFC1%43;SP|3Y5qxcA_Dk!6^
zdxHvs1F4{#8Bsx|kSUL3is^$2l6<ZLo#9k9rBYL9Hx?$-<!Y%g6jZ9IYDNW<>58sb
zj38esjwJMBqFBj|6f?sK{(^>Y`dRH8rqZFM%v7!#6ibsTC=9{GWZIhKa4OX?+LoSz
zY9Xj((%5e6frgEbG+tbVpCTr*>hhg?6WbFys1qFpYSUo_Tr71|GgH+LSgGbp#g2Tg
znklE)G?M7J8pYLX6CK$5&FPCTPIP3Uo-5{a#Y{(bqNsaRR4|mPVAdSVXbHb?1VJUM
zf>JTivq5B4RJK$uq%h-jsWg_OZe=7tkqL*bmm-@_K`qEtg7j1hTY|VN!f<}fE|A@<
z^nofT6qK^rN(L4SLtJaDxLqkMTs~8@wQN!Q53)sA=enpM%XfoY4JVm0hPy2{qQ@|j
zDipBFPy!(mGO1xcD--!DehK9K)Xe?EW{eJLJNUsElRHp_=WtRp75Rg)3W~YXP(@Wn
z@scKHw6i(jFUuGb#)B9_7<7f>P2~eU-&6&wUC4x$a8MW$2EagMUp0wIa9W%mXNd(}
zt1jyw=ta<!v8#Fp!NClIf{V&yLFtY`FjAaIGs42~E+QVX%0y&P)^7v$wot<2g=6Ce
z4(G5%Irzg)z%4$2I%_9Tkj3#5S{t}}`<21&-tBvL5B9&gH`t@bQ`OO8s*tHIW*Df&
z48ndiz?KwCW|j1|Fs=>`rw-DoUJAX8K@d(2`_Gq-6AvmgMB%#}a5fAR5fnHw5o$&3
zZhE3z#xck>OL2>WbUu?R;upK1keZqtM$G7A5?hhUKppWr!50^6#qgyROPwo>Pn0vk
zIQK3)jzxe*IE!#%oInBLj3B{c1^BCi-sjX10s)Q?UWg4nN^F0%G#2DjJY}*)eR8V<
z+3_+K0x_Q&<{0)4;Pq9(NT!N&C__)Rd88p3;omHRiQ+^hGpvs@>_2D1VNB|E)bCzU
zw69cteRnF1E5v@l_gb0Pv8dNOG!+`iRfah>y<W9=Oy^5D0qk-3-`qnoovEoRE()17
zdhvqd@RY)f$#ou*$K3eunSmC<4L30vR8u3kgl^xyG0~nbmns!rJ34k=o>-Gy+m-Bk
zQ+TrJKgA@%3z6EVuOvZ#F<Vl52YZ8_ZG%@2?A_BF4D|2m-Q6=VxVh_`o^Ab`*Wi00
z)9SF$B`;MrMcYH-z1RiwHrz@^-i2I;ybPJQUZxmyc%!vCys=sx-dvfe!&|A<IR>^m
zynQlJhu6uK$n<6JfibX3Rt^@bsUegI7+sE9DrfSkq&dV@QrCFCtEB$WN)A;jkd|0s
z=QYW0qcofun!x6l`C^9MLP?Gbm<%~JG*r$Un9+<tm{CvR^K&Fa9~?*6jUN}*1bnI_
zE|3Mhbt)NNW|E-~-D9fC!JF==-~v0&8UOE60&3hme3jCv8&A8j6xeIE{=1vj2p_jE
zSL${k<?K(r2IQovTYGOs-EIVM+TNQ4QyyCZzc565xN1$?<9KMFGNyT~h-9k_Hg5E9
z)7t_a_F0R})P@SjViV`V_CZrx`3?vlu@#imW7>&qne}c&UlqEX2gk!Uu1f})c5UL{
zb>4;V@HW}Dw?ZK8ojf07#667m_}*E2H-l{-p!)sU_`8|DVX{_hyInBl|1n3YKNKA;
z@_U~2`$VTw<FH4+Fg@+}Ua;*0RCnWds06_z+s2nt+UvrCuYip9FobD)C&9K4P<;aS
zw%bh<Z65<mdwXDS6dh@gKZUW4>-;HX+Ur7Q`bn!&pYuZIlWojjFs0Qyy)ZnKAlAw1
zJ&hU<8k@cay$!a4l6p)pAX{d=4g=%<+hp6m1A&~!<Lkn4a~^Ti#(De@+4cddIZ)tQ
z*<{;(0D-jkH0)82_S#Gv?QxC7vZ_a+a27I~tUZ<@j8xZBrCx%NU$mQ%>8lADAvwcd
z({iP5hRh~w&(>`z<x%z8udJM9WQIl7#m4D&d#Z%JA~SY|`f|ltH=k6YI_g}BT8ik%
zmUTvEEk*RI$$Cqz0>am&U#lb7M2e_+qDFo0a4ki!L*fX~>xy5!bmDo|j2?-ws-IkU
zc~-HG*L3<vc<NuQHNywnw<7bymGQv#D^c3ScAj%pWZTZa_}j$xVdUe;IM#IkJW89`
zF1|y{Tix`xvgxZ>cz46i+uWf{A-)sZ%TVpRow-ok>$<*r8|My#5s5qMm@wh$TV}jk
zULlzA>zHj~v^ZvqI2Xq(KHnS1{N|S+b8(Q`k)6dFb!4{kU_`nCnar_d4b#O@!yL<l
zhB+2~MpB<+A^T=L-A2xFk$p3^ZAQ*9l6^DIKFZzjQgs#Cgy)T9*ylXRzM0D~<<RFI
z=Ez3>ZDi;tP?CK!-y>k^A47Qu+30_e41KN#**9zQQOcoz3gts&qYqRqcy&2n&VkG+
zGdt#$)@zQwOk6Mig9+18WXtqN<~i0yMqjQIv$eB<Z2E4Z4wz++V6GeGybJ6i!_FR*
z%+}66vaxeLb-<LR1dkftk8+$0J5`j-*3J~!*f~TUFxzhve9Z79%Hw3%xfdm~wex<m
zv2%htVCsHU@JYk(LkSbgiQ$2y-w{5L_&MMhW_Vd<h*<mFPTFT$itLy}s-0~5^4zh!
zUhrnYJZr4ZZo$_HW_(&5#-!x~f^QLgr{E6={$s&U3Vv4bi-P}I@XrME=V3dBM!_wD
zmk3@jc$?szf)5EkCiq^#4+uUb_%Xpx3Fe>D?Koc){EFb83wE)eR=-j3Lcyy9_X^%E
z_(s7u2|ghB0m1w?0qd9lr(pSOg8yAG|EbUFEE3!<xLfd6!2^Q#2|gzHUcsjXKPLDo
z!TgsvJDwK>zan@64mPW^N^rN}9>F^W?-x8OctY?|!FLNjA^0J|pAr0|;AaJYU+|9v
zzb=^n0AuIXEI1)JDR`6MLBT&3{JP*M4k>GYuHf?oZxGxoc(>p{@STF+C-?!urv?9|
z;I9aNPVmcu|3&Z{f@AoSVCOPV@G`-jf;S277yM?yX~E-y9~JzR;5P)<;q15L84_F&
zJSF&c!N&!k5d4tfPYM2l;4hK!J~KT7wx1)<37x+q*M~a)Aml$Go4$2uw>+0@K6lO)
z@+Dx}-vm=@DMx17B6tVc*t||~mW)_rDv*u+NuhHKnD+U(|6a<GnLa4^q~OzJ<Lep0
z&y$U>?~{$M9}1lxgXxQRgI`jP%;e)MjO8}Li^;~<#ey#*8(&wEjjwBk&VDd`@&1q%
zI^$&HcS6Vy3;A7w?;)Ep+y|yj-UmNGx$*mPq4Q<Ie@iywd|BwfCioYEW4MD@n;n9?
z1@{Y13%*q_*OcRA!cjNPP?=_a3$!}?#%6h;;MIb=1Yach62ZKmTRYbXW^7sc^@7I)
zmjv@(Wc7Jhw|tji?yHsGFPM8{<);Pzx!}hHKQ8!dg1;sBdBHCTepT>U!LJK`LoolB
z%8qTWVE#U5<%<OKf26FuQ!wviR=!bikKkUx{O2mGzhCf>;H+T&|CQC}z0UI61;0Zu
zJ|dKZbD60L*}gBWVB7aSh({~uzjrsA_|*U14aQYNJ!s^7Wga$+<5E3hnDP4=!}w~Z
z9yiRG{i5MT;HM3*0Dsf)`QYaa^ZV!vhP%Np8Ri-LPlmUF@z1<^oL7K<Vt5yrcR7xq
zas5lfyyNp;M|l=}j^RAG$uQ5oxM9XM?|#%j3SMUT7?}4!${FKH!|w<4PDnXpe52t9
z!Iv671!i)%I3`(cK;5o?n_#Yym3Il|T3C6X;5~xhDwy-M`cr~$7tHxsofCrp3+|Vw
AOaK4?

literal 0
HcmV?d00001

diff --git a/ssl/p12.c b/ssl/p12.c
new file mode 100644
index 0000000000..2bafaf7eaf
--- /dev/null
+++ b/ssl/p12.c
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Process PKCS#8/PKCS#12 keys.
+ *
+ * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
+ * key generated with:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
+ * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
+ *
+ * or with a certificate chain:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
+ * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
+ *
+ * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
+ * private/public keys/certs have to use RSA encryption. Both the integrity
+ * and privacy passwords are the same.
+ *
+ * The PKCS#8 files were generated with something like:
+ *
+ * PEM format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
+ * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+ *
+ * DER format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
+ * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* all commented out if not used */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+#define BLOCK_SIZE          64
+#define PKCS12_KEY_ID       1
+#define PKCS12_IV_ID        2
+#define PKCS12_MAC_ID       3
+
+static char *make_uni_pass(const char *password, int *uni_pass_len);
+static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id);
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations);
+
+/*
+ * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
+ */
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, offset = 0;
+    int iterations;
+    int ret = SSL_NOT_OK;
+    uint8_t *version = NULL;
+    const uint8_t *salt;
+    uint8_t *priv_key;
+    int uni_pass_len;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p8 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    /* unencrypted key? */
+    if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
+    {
+        ret = p8_add_key(ssl_ctx, buf);
+        goto error;
+    }
+
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
+        goto error;
+
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    priv_key = &buf[offset];
+
+    p8_decrypt(uni_pass, uni_pass_len, salt, 
+                        iterations, priv_key, len, PKCS12_KEY_ID);
+    ret = p8_add_key(ssl_ctx, priv_key);
+
+error:
+    free(version);
+    free(uni_pass);
+    return ret;
+}
+
+/*
+ * Take the unencrypted pkcs8 and turn it into a private key 
+ */
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
+{
+    uint8_t *buf = priv_key;
+    int len, offset = 0;
+    int ret = SSL_NOT_OK;
+
+    /* Skip the preamble and go straight to the private key.
+       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
+
+error:
+    return ret;
+}
+
+/*
+ * Create the unicode password 
+ */
+static char *make_uni_pass(const char *password, int *uni_pass_len)
+{
+    int pass_len = 0, i;
+    char *uni_pass;
+
+    if (password == NULL)
+    {
+        password = "";
+    }
+
+    uni_pass = (char *)malloc((strlen(password)+1)*2);
+
+    /* modify the password into a unicode version */
+    for (i = 0; i < (int)strlen(password); i++)
+    {
+        uni_pass[pass_len++] = 0;
+        uni_pass[pass_len++] = password[i];
+    }
+
+    uni_pass[pass_len++] = 0;       /* null terminate */
+    uni_pass[pass_len++] = 0;
+    *uni_pass_len = pass_len;
+    return uni_pass;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *uni_pass, int uni_pass_len,
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    int i;
+
+    for (i = 0; i < BLOCK_SIZE; i++)
+    {
+        p[i] = salt[i % SALT_SIZE];
+        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
+        d[i] = id;
+    }
+
+    /* get the key - no IV since we are using RC4 */
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, d, sizeof(d));
+    SHA1_Update(&sha_ctx, p, sizeof(p));
+    SHA1_Final(Ai, &sha_ctx);
+
+    for (i = 1; i < iter; i++)
+    {
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1_Final(Ai, &sha_ctx);
+    }
+
+    /* do the decryption */
+    if (id == PKCS12_KEY_ID)
+    {
+        RC4_setup(&rc4_ctx, Ai, 16);
+        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    }
+    else  /* MAC */
+        memcpy(priv_key, Ai, SHA1_SIZE);
+
+    return 0;
+}
+
+/*
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
+ * and keys.
+ */
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, iterations, auth_safes_start, 
+              auth_safes_end, auth_safes_len, key_offset, offset = 0;
+    int all_certs = 0;
+    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
+    uint8_t key[SHA1_SIZE];
+    uint8_t mac[SHA1_SIZE];
+    const uint8_t *salt;
+    int uni_pass_len, ret = SSL_OK;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+    static const uint8_t pkcs_data[] = /* pkc7 data */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
+    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
+    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p12 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        goto error;
+    }
+
+    /* remove all the boring pcks7 bits */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
+                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+                len != sizeof(pkcs_data) || 
+                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
+        goto error;
+
+    /* work out the MAC start/end points (done on AuthSafes) */
+    auth_safes_start = offset;
+    auth_safes_end = offset;
+    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
+        goto error;
+
+    auth_safes_len = auth_safes_end - auth_safes_start;
+    auth_safes = malloc(auth_safes_len);
+
+    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs_encrypted) || 
+            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the certificate */
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
+        goto error;
+
+    /* decrypt the certificate */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the certificate */
+    key_offset = 0;
+    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
+
+    /* keep going until all certs are loaded */
+    while (key_offset < all_certs)
+    {
+        int cert_offset = key_offset;
+
+        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
+            goto error;
+
+        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
+            goto error;
+
+        key_offset = cert_offset;
+    }
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs8_key_bag)) || 
+            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the private key */
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    /* decrypt the private key */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the private key */
+    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
+        goto error;
+
+    /* miss out on friendly name, local key id etc */
+    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
+        goto error;
+
+    /* work out the MAC */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != SHA1_SIZE)
+        goto error;
+
+    orig_mac = &buf[offset];
+    offset += len;
+
+    /* get the salt */
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
+        goto error;
+
+    salt = &buf[offset];
+
+    /* work out what the mac should be */
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
+                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
+        goto error;
+
+    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
+
+    if (memcmp(mac, orig_mac, SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_HMAC;                  
+        goto error;
+    }
+
+error:
+    free(version);
+    free(uni_pass);
+    free(auth_safes);
+    return ret;
+}
+
+/*
+ * Retrieve the salt/iteration details from a PBE block.
+ */
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations)
+{
+    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
+            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
+
+    int i, len;
+    uint8_t *iter = NULL;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+
+    /* Get the PBE type */
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto error;
+
+    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
+       which is the only algorithm we support */
+    if (len != sizeof(pbeSH1RC4) || 
+                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
+#endif
+        goto error;
+    }
+
+    *offset += len;
+
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
+            len != 8)
+        goto error;
+
+    *salt = &buf[*offset];
+    *offset += len;
+
+    if ((len = asn1_get_int(buf, offset, &iter)) < 0)
+        goto error;
+
+    *iterations = 0;
+    for (i = 0; i < len; i++)
+    {
+        (*iterations) <<= 8;
+        (*iterations) += iter[i];
+    }
+
+    free(iter);
+    error_code = SSL_OK;       /* got here - we are ok */
+
+error:
+    return error_code;
+}
+
+#endif
diff --git a/ssl/p12.o b/ssl/p12.o
new file mode 100644
index 0000000000000000000000000000000000000000..8b874f138a88cbbfd6df82735082b23f1b2297d1
GIT binary patch
literal 1812
zcma)7K~EDw6rSz2wos`MR4~M3H7c06+m>Jg#2SHAL<y+Sgp<v--L@OHyJTk};01qx
zzr&wl`~hA)d+`r&@!~<hH#<Y82cs{%dEa~An>TM}I?H)|`?+BlOo_qXv7v{knd*{A
zSYVTEf`!0Y;b#pO*7%0ukq9uB$>s@VGWnlmj4L;VDSQ^e++7$moAbkjWeT}5ER`wb
zUlNzieHA7@k(%#hjKT#BGp3CDrRkzsnk!AtAbgJ%i%;RAmV^alU8fn8F1r&D!!2lr
zO=C2SU!@6*V#8P)f5##Bd!g5{s3q>d_mZ<C4?x7)eK%&jAH|8F%MI?uyzKYl=&&Cp
zhtWydE4!yjz{_5h1yR_u#4u8GbEjc#SWC{bvuN1^;@fTzaNsbq6Yn&!xz|qoD6|7V
z@nV;#o@MXC>|zE_I<@x7ie-0^?uUUNdUp3X6f^j+d(o*_T<n7f<)iAN(@vWj=||hs
zNPO5nRbZPN8>`krJB~O{qA0L;Hm$0&SaB*3)4i~(I8Tet6nc<&A$OZwVK-upy?S$P
zeQ$TWv0ra)Z|&FLu5IttD&uSGTea#qk{y0FNZb}|5~sGW5FH0|I&R`Jr^PvQVlQx=
zj@LTwHGL{BvD<3J-pL5<#%|d2FeS~Vb5a=9nbVF20}mT>PDQVdD2HzTQ|6FIJG~<F
z)Aul(OdQD_C}DawB!A1B2S>lzf8|w?qiO?+dNBbhilgV3zR8q$fkwXo;)#ejadcxf
zsG0-FK0zN4kfONP@D(PC-sUU;DT;dqUthO?*H7!vy7VDX>o$Sa96<I1dYgb0#T~*Y
zTv2g2Gm4ZPxhE2<yjeVa`nD*c9MW^B_#jDQ6?w}NlToFofYn`4JVxF}0#Z~SSx}eq
zA(x)>HAHCNwBJeS7*wzK4ELe;q3R)RMD%!;UHsNb^RnACYL0Y5>**_!uip&$XhIWn
zq$A>~>!Fy8p6gIdRvbD&Cha)=%!tZ{EKlcP$WnB!3g6H$eUlA(01ykRa^^McX!x;)
fpJ<r=b*Q;-G<=|8@!OOAbhY?E!_>NgyCnGo8Dq)d

literal 0
HcmV?d00001

diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..ce7985c5a7
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,54 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcd,
+  0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76, 0xd4, 0x13, 0x30, 0x0e,
+  0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f, 0x51, 0x09, 0x9d, 0x29,
+  0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90, 0x80, 0xa1, 0x71, 0xdf,
+  0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14, 0x90, 0x0a, 0xf9, 0xb7,
+  0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d, 0x57, 0x41, 0x86, 0x60,
+  0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46, 0x1b, 0xf6, 0xa2, 0x84,
+  0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa, 0x91, 0xf8, 0x61, 0x04,
+  0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a, 0xcc, 0x31, 0x01, 0x14,
+  0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82, 0xd6, 0xc6, 0xc4, 0xbe,
+  0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32, 0x7a, 0x86, 0x0e, 0x91,
+  0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x81, 0x00, 0x95, 0xaa, 0x6e, 0x11, 0xf5, 0x6a, 0x8b, 0xa2,
+  0xc6, 0x48, 0xc6, 0x7c, 0x37, 0x6b, 0x1f, 0x55, 0x10, 0x76, 0x26, 0x24,
+  0xc3, 0xf2, 0x5c, 0x5a, 0xdd, 0x2e, 0xf3, 0xa4, 0x1e, 0xbc, 0x7b, 0x1c,
+  0x80, 0x10, 0x85, 0xbc, 0xd8, 0x45, 0x3c, 0xb8, 0xb2, 0x06, 0x53, 0xb5,
+  0xd5, 0x7a, 0xe7, 0x0e, 0x92, 0xe6, 0x42, 0xc2, 0xe2, 0x2a, 0xd5, 0xd1,
+  0x03, 0x9f, 0x6f, 0x53, 0x74, 0x68, 0x72, 0x8e, 0xbf, 0x03, 0xbb, 0xab,
+  0xbd, 0xa1, 0xf9, 0x81, 0x7d, 0x12, 0xd4, 0x9d, 0xb6, 0xae, 0x4c, 0xad,
+  0xca, 0xa8, 0xc9, 0x80, 0x8d, 0x0d, 0xd5, 0xd0, 0xa1, 0xbf, 0xec, 0x60,
+  0x48, 0x49, 0xed, 0x97, 0x0f, 0x5e, 0xed, 0xfc, 0x39, 0x15, 0x96, 0x9e,
+  0x5d, 0xe2, 0xb4, 0x5d, 0x2e, 0x04, 0xdc, 0x08, 0xa2, 0x65, 0x29, 0x2d,
+  0x37, 0xfb, 0x62, 0x90, 0x1b, 0x7b, 0xe5, 0x3a, 0x58, 0x05, 0x55, 0xc1,
+  0x02, 0x41, 0x00, 0xfc, 0x69, 0x28, 0xc9, 0xa8, 0xc4, 0x5c, 0xe3, 0xd0,
+  0x5e, 0xaa, 0xda, 0xde, 0x87, 0x74, 0xdb, 0xcb, 0x40, 0x78, 0x8e, 0x1d,
+  0x12, 0x96, 0x16, 0x61, 0x3f, 0xb3, 0x3e, 0xa3, 0x0d, 0xdc, 0x49, 0xa5,
+  0x25, 0x87, 0xc5, 0x97, 0x85, 0x9d, 0xbb, 0xb4, 0xf0, 0x44, 0xfd, 0x6c,
+  0xe8, 0xd2, 0x8c, 0xec, 0x33, 0x81, 0x46, 0x1e, 0x10, 0x12, 0x33, 0x16,
+  0x95, 0x00, 0x4f, 0x75, 0xb4, 0xe5, 0x79, 0x02, 0x41, 0x00, 0xd0, 0xeb,
+  0x65, 0x07, 0x10, 0x3b, 0xd9, 0x03, 0xeb, 0xdc, 0x6f, 0x4b, 0x8f, 0xc3,
+  0x87, 0xce, 0x76, 0xd6, 0xc5, 0x14, 0x21, 0x4e, 0xe7, 0x4f, 0x1b, 0xe8,
+  0x05, 0xf8, 0x84, 0x1a, 0xe0, 0xc5, 0xd6, 0xe3, 0x08, 0xb3, 0x54, 0x57,
+  0x02, 0x1f, 0xd4, 0xd9, 0xfb, 0xff, 0x40, 0xb1, 0x56, 0x1c, 0x60, 0xf7,
+  0xac, 0x91, 0xf3, 0xd3, 0xc6, 0x7f, 0x84, 0xfd, 0x84, 0x9d, 0xea, 0x26,
+  0xee, 0xc9, 0x02, 0x41, 0x00, 0xa6, 0xcf, 0x1c, 0x6c, 0x81, 0x03, 0x1c,
+  0x5c, 0x56, 0x05, 0x6a, 0x26, 0x70, 0xef, 0xd6, 0x13, 0xb7, 0x74, 0x28,
+  0xf7, 0xca, 0x50, 0xd1, 0x2d, 0x83, 0x21, 0x64, 0xe4, 0xdd, 0x3f, 0x38,
+  0xb8, 0xd6, 0xd2, 0x41, 0xb3, 0x1c, 0x9a, 0xea, 0x0d, 0xf5, 0xda, 0xdf,
+  0xcd, 0x17, 0x9f, 0x9a, 0x1e, 0x15, 0xaf, 0x48, 0x1c, 0xbd, 0x9b, 0x63,
+  0x5b, 0xad, 0xed, 0xd4, 0xa1, 0xae, 0xa9, 0x59, 0x09, 0x02, 0x40, 0x4e,
+  0x08, 0xce, 0xa8, 0x8f, 0xc0, 0xba, 0xf3, 0x83, 0x02, 0xc8, 0x33, 0x62,
+  0x14, 0x77, 0xc2, 0x7f, 0x93, 0x02, 0xf3, 0xdc, 0xe9, 0x1a, 0xee, 0xea,
+  0x8e, 0x84, 0xc4, 0x69, 0x9b, 0x9c, 0x7f, 0x69, 0x1f, 0x4e, 0x1d, 0xa5,
+  0x90, 0x06, 0x44, 0x1b, 0x7d, 0xfc, 0x69, 0x40, 0x21, 0xbc, 0xf7, 0x46,
+  0xa4, 0xdc, 0x39, 0x7b, 0xe8, 0x8b, 0x49, 0x10, 0x44, 0x9d, 0x67, 0x5a,
+  0x91, 0x86, 0x39, 0x02, 0x40, 0x41, 0x2c, 0x4e, 0xfe, 0xd9, 0x90, 0x89,
+  0x00, 0x5c, 0x94, 0x0a, 0x4a, 0x7e, 0x1b, 0x1a, 0x80, 0x06, 0x01, 0x37,
+  0xda, 0x50, 0x61, 0x9d, 0x9c, 0xfe, 0x25, 0x7f, 0xd8, 0xd4, 0xc4, 0x9e,
+  0x81, 0xf2, 0x0c, 0x1e, 0x38, 0x21, 0x1e, 0x90, 0x3f, 0xd4, 0xba, 0x6c,
+  0x53, 0xcb, 0xf0, 0x77, 0x79, 0x9b, 0xf1, 0xfa, 0x3f, 0x81, 0xdc, 0xf3,
+  0x21, 0x02, 0x6d, 0xb7, 0x95, 0xc3, 0x2e, 0xce, 0xd5
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/ssl.h b/ssl/ssl.h
new file mode 100644
index 0000000000..198efc6899
--- /dev/null
+++ b/ssl/ssl.h
@@ -0,0 +1,499 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @mainpage axTLS API
+ *
+ * @image html axolotl.jpg
+ *
+ * The axTLS library has features such as:
+ * - The TLSv1 SSL client/server protocol
+ * - No requirement to use any openssl libraries.
+ * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
+ * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
+ * - Certificate chaining and peer authentication.
+ * - Session resumption, session renegotiation.
+ * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
+ * - Highly configurable compile time options.
+ * - Portable across many platforms (written in ANSI C), and has language
+ * bindings in C, C#, VB.NET, Java, Perl and Lua.
+ * - Partial openssl API compatibility (via a wrapper).
+ * - A very small footprint (around 50-60kB for the library in 'server-only' 
+ *   mode).
+ * - No dependencies on sockets - can use serial connections for example.
+ * - A very simple API - ~ 20 functions/methods.
+ *
+ * A list of these functions/methods are described below.
+ *
+ *  @ref c_api 
+ *
+ *  @ref bigint_api 
+ *
+ *  @ref csharp_api 
+ *
+ *  @ref java_api 
+ */
+#ifndef HEADER_SSL_H
+#define HEADER_SSL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <time.h>
+
+/* need to predefine before ssl_lib.h gets to it */
+#define SSL_SESSION_ID_SIZE                     32
+
+#include "tls1.h"
+
+/* The optional parameters that can be given to the client/server SSL engine */
+#define SSL_CLIENT_AUTHENTICATION               0x00010000
+#define SSL_SERVER_VERIFY_LATER                 0x00020000
+#define SSL_NO_DEFAULT_KEY                      0x00040000
+#define SSL_DISPLAY_STATES                      0x00080000
+#define SSL_DISPLAY_BYTES                       0x00100000
+#define SSL_DISPLAY_CERTS                       0x00200000
+#define SSL_DISPLAY_RSA                         0x00400000
+#define SSL_CONNECT_IN_PARTS                    0x00800000
+
+/* errors that can be generated */
+#define SSL_OK                                  0
+#define SSL_NOT_OK                              -1
+#define SSL_ERROR_DEAD                          -2
+#define SSL_CLOSE_NOTIFY                        -3
+#define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
+#define SSL_ERROR_INVALID_HANDSHAKE             -260
+#define SSL_ERROR_INVALID_PROT_MSG              -261
+#define SSL_ERROR_INVALID_HMAC                  -262
+#define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_INVALID_SESSION               -265
+#define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_BAD_CERTIFICATE               -268
+#define SSL_ERROR_INVALID_KEY                   -269
+#define SSL_ERROR_FINISHED_INVALID              -271
+#define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NO_CLIENT_RENOG               -273
+#define SSL_ERROR_NOT_SUPPORTED                 -274
+#define SSL_X509_OFFSET                         -512
+#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
+
+/* alert types that are recognized */
+#define SSL_ALERT_TYPE_WARNING                  1
+#define SLL_ALERT_TYPE_FATAL                    2
+
+/* these are all the alerts that are recognized */
+#define SSL_ALERT_CLOSE_NOTIFY                  0
+#define SSL_ALERT_UNEXPECTED_MESSAGE            10
+#define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_HANDSHAKE_FAILURE             40
+#define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_DECODE_ERROR                  50
+#define SSL_ALERT_DECRYPT_ERROR                 51
+#define SSL_ALERT_INVALID_VERSION               70
+#define SSL_ALERT_NO_RENEGOTIATION              100
+
+/* The ciphers that are supported */
+#define SSL_AES128_SHA                          0x2f
+#define SSL_AES256_SHA                          0x35
+#define SSL_RC4_128_SHA                         0x05
+#define SSL_RC4_128_MD5                         0x04
+
+/* build mode ids' */
+#define SSL_BUILD_SKELETON_MODE                 0x01
+#define SSL_BUILD_SERVER_ONLY                   0x02
+#define SSL_BUILD_ENABLE_VERIFICATION           0x03
+#define SSL_BUILD_ENABLE_CLIENT                 0x04
+#define SSL_BUILD_FULL_MODE                     0x05
+
+/* offsets to retrieve configuration information */
+#define SSL_BUILD_MODE                          0
+#define SSL_MAX_CERT_CFG_OFFSET                 1
+#define SSL_MAX_CA_CERT_CFG_OFFSET              2
+#define SSL_HAS_PEM                             3
+
+/* default session sizes */
+#define SSL_DEFAULT_SVR_SESS                    5
+#define SSL_DEFAULT_CLNT_SESS                   1
+
+/* X.509/X.520 distinguished name types */
+#define SSL_X509_CERT_COMMON_NAME               0
+#define SSL_X509_CERT_ORGANIZATION              1
+#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
+#define SSL_X509_CA_CERT_COMMON_NAME            3
+#define SSL_X509_CA_CERT_ORGANIZATION           4
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5
+
+/* SSL object loader types */
+#define SSL_OBJ_X509_CERT                       1
+#define SSL_OBJ_X509_CACERT                     2
+#define SSL_OBJ_RSA_KEY                         3
+#define SSL_OBJ_PKCS8                           4
+#define SSL_OBJ_PKCS12                          5
+
+/**
+ * @defgroup c_api Standard C API
+ * @brief The standard interface in C.
+ * @{
+ */
+
+/**
+ * @brief Establish a new client/server context.
+ *
+ * This function is called before any client/server SSL connections are made. 
+ *
+ * Each new connection will use the this context's private key and 
+ * certificate chain. If a different certificate chain is required, then a 
+ * different context needs to be be used.
+ *
+ * There are two threading models supported - a single thread with one
+ * SSL_CTX can support any number of SSL connections - and multiple threads can 
+ * support one SSL_CTX object each (the default). But if a single SSL_CTX 
+ * object uses many SSL objects in individual threads, then the 
+ * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
+ *
+ * @param options [in]  Any particular options. At present the options
+ * supported are:
+ * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
+ * authentication fails. The certificate can be authenticated later with a
+ * call to ssl_verify_cert().
+ * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+ * i.e. each handshake will include a "certificate request" message from the
+ * server. Only available if verification has been enabled.
+ * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+ * during the handshake.
+ * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+ * during the handshake.
+ * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+ * are passed during a handshake.
+ * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
+ * are passed during a handshake.
+ * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 
+ * ssl_client_new().
+ * @param num_sessions [in] The number of sessions to be used for session
+ * caching. If this value is 0, then there is no session caching. This option
+ * is not used in skeleton mode.
+ * @return A client/server context.
+ */
+EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+
+/**
+ * @brief Remove a client/server context.
+ *
+ * Frees any used resources used by this context. Each connection will be 
+ * sent a "Close Notify" alert (if possible).
+ * @param ssl_ctx [in] The client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
+
+/**
+ * @brief (server only) Establish a new SSL connection to an SSL client.
+ *
+ * It is up to the application to establish the logical connection (whether it
+ * is  a socket, serial connection etc).
+ * @param ssl_ctx [in] The server context.
+ * @param client_fd [in] The client's file descriptor. 
+ * @return An SSL object reference.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief (client only) Establish a new SSL connection to an SSL server.
+ *
+ * It is up to the application to establish the initial logical connection 
+ * (whether it is  a socket, serial connection etc).
+ *
+ * This is a normally a blocking call - it will finish when the handshake is 
+ * complete (or has failed). To use in non-blocking mode, set 
+ * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
+ * @param ssl_ctx [in] The client context.
+ * @param client_fd [in] The client's file descriptor.
+ * @param session_id [in] A 32 byte session id for session resumption. This 
+ * can be null if no session resumption is being used or required. This option
+ * is not used in skeleton mode.
+ * @param sess_id_size The size of the session id (max 32)
+ * @return An SSL object reference. Use ssl_handshake_status() to check 
+ * if a handshake succeeded.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
+
+/**
+ * @brief Free any used resources on this connection. 
+ 
+ * A "Close Notify" message is sent on this connection (if possible). It is up 
+ * to the application to close the socket or file descriptor.
+ * @param ssl [in] The ssl object reference.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl);
+
+/**
+ * @brief Read the SSL data stream.
+ * If the socket is non-blocking and data is blocked then SSO_OK will be
+ * returned.
+ * @param ssl [in] An SSL object reference.
+ * @param in_data [out] If the read was successful, a pointer to the read
+ * buffer will be here. Do NOT ever free this memory as this buffer is used in
+ * sucessive calls. If the call was unsuccessful, this value will be null.
+ * @return The number of decrypted bytes:
+ * - if > 0, then the handshaking is complete and we are returning the number 
+ *   of decrypted bytes. 
+ * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+ * - < 0 if an error.
+ * @see ssl.h for the error code list.
+ * @note Use in_data before doing any successive ssl calls.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
+
+/**
+ * @brief Write to the SSL data stream. 
+ * if the socket is non-blocking and data is blocked then a check is made
+ * to ensure that all data is sent (i.e. blocked mode is forced).
+ * @param ssl [in] An SSL obect reference.
+ * @param out_data [in] The data to be written
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
+
+/**
+ * @brief Find an ssl object based on a file descriptor.
+ *
+ * Goes through the list of SSL objects maintained in a client/server context
+ * to look for a file descriptor match.
+ * @param ssl_ctx [in] The client/server context.
+ * @param client_fd [in]  The file descriptor.
+ * @return A reference to the SSL object. Returns null if the object could not 
+ * be found.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief Get the session id for a handshake. 
+ * 
+ * This will be a 32 byte sequence and is available after the first
+ * handshaking messages are sent.
+ * @param ssl [in] An SSL object reference.
+ * @return The session id as a 32 byte sequence.
+ * @note A SSLv23 handshake may have only 16 valid bytes.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
+
+/**
+ * @brief Get the session id size for a handshake. 
+ * 
+ * This will normally be 32 but could be 0 (no session id) or something else.
+ * @param ssl [in] An SSL object reference.
+ * @return The size of the session id.
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
+
+/**
+ * @brief Return the cipher id (in the SSL form).
+ * @param ssl [in] An SSL object reference.
+ * @return The cipher id. This will be one of the following:
+ * - SSL_AES128_SHA (0x2f)
+ * - SSL_AES256_SHA (0x35)
+ * - SSL_RC4_128_SHA (0x05)
+ * - SSL_RC4_128_MD5 (0x04)
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
+
+/**
+ * @brief Return the status of the handshake.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the handshake is complete and ok. 
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
+
+/**
+ * @brief Retrieve various parameters about the axTLS engine.
+ * @param offset [in] The configuration offset. It will be one of the following:
+ * - SSL_BUILD_MODE The build mode. This will be one of the following:
+ *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
+ *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
+ *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
+ *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
+ *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
+ * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
+ * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
+ * - SSL_HAS_PEM                        1 if supported
+ * @return The value of the requested parameter.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset);
+
+/**
+ * @brief Display why the handshake failed.
+ *
+ * This call is only useful in a 'full mode' build. The output is to stdout.
+ * @param error_code [in] An error code.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code);
+
+/**
+ * @brief Authenticate a received certificate.
+ * 
+ * This call is usually made by a client after a handshake is complete and the
+ * context is in SSL_SERVER_VERIFY_LATER mode.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
+
+/**
+ * @brief Retrieve an X.509 distinguished name component.
+ * 
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param component [in] one of:
+ * - SSL_X509_CERT_COMMON_NAME
+ * - SSL_X509_CERT_ORGANIZATION
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_COMMON_NAME
+ * - SSL_X509_CA_CERT_ORGANIZATION
+ * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
+
+/**
+ * @brief Retrieve a Subject Alternative DNSName
+ *
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's DNS  
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param dnsindex [in] The index of the DNS name to retrieve.
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
+
+/**
+ * @brief Force the client to perform its handshake again.
+ *
+ * For a client this involves sending another "client hello" message.
+ * For the server is means sending a "hello request" message.
+ *
+ * This is a blocking call on the client (until the handshake completes).
+ *
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if renegotiation instantiation was ok
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
+
+/**
+ * @brief Process a file that is in binary DER or ASCII PEM format.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the file. Can be one of:
+ * - SSL_OBJ_X509_CERT (no password required)
+ * - SSL_OBJ_X509_CACERT (no password required)
+ * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+ * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
+ * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
+ *
+ * PEM files are automatically detected (if supported). The object type is
+ * also detected, and so is not relevant for these types of files.
+ * @param filename [in] The location of a file in DER/PEM format.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @note Not available in skeleton build mode.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+
+/**
+ * @brief Process binary data.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the memory data.
+ * @param data [in] The binary data to be loaded.
+ * @param len [in] The amount of data to be loaded.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @see ssl_obj_load for more details on obj_type.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+/**
+ * @brief Create an X.509 certificate. 
+ * 
+ * This certificate is a self-signed v1 cert with a fixed start/stop validity 
+ * times. It is signed with an internal private key in ssl_ctx.
+ *
+ * @param ssl_ctx [in] The client/server context.
+ * @param options [in] Not used yet.
+ * @param dn [in] An array of distinguished name strings. The array is defined
+ * by:
+ * - SSL_X509_CERT_COMMON_NAME (0)
+ *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 
+ *        hostname will be used.
+ * - SSL_X509_CERT_ORGANIZATION (1)
+ *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 
+ *        will be used.
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
+ *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
+ * @param cert_data [out] The certificate as a sequence of bytes.
+ * @return < 0 if an error, or the size of the certificate in bytes.
+ * @note cert_data must be freed when there is no more need for it.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
+#endif
+
+/**
+ * @brief Return the axTLS library version as a string.
+ */
+EXP_FUNC const char * STDCALL ssl_version(void);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/tls1.c b/ssl/tls1.c
new file mode 100644
index 0000000000..428c9ea56b
--- /dev/null
+++ b/ssl/tls1.c
@@ -0,0 +1,2191 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Common ssl/tlsv1 code to both the client and server implementations.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* The session expiry time */
+#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
+
+static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
+static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
+static const char * server_finished = "server finished";
+static const char * client_finished = "client finished";
+
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
+static int set_key_block(SSL *ssl, int is_write);
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
+static int send_raw_packet(SSL *ssl, uint8_t protocol);
+
+/**
+ * The server will pick the cipher based on the order that the order that the
+ * ciphers are listed. This order is defined at compile time.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+{ SSL_RC4_128_SHA };
+#else
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
+
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
+#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
+{ SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };    
+#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
+{ SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
+#endif
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/**
+ * The cipher map containing all the essentials for each cipher.
+ */
+#ifdef CONFIG_SSL_SKELETON_MODE
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#else
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* AES128-SHA */
+        SSL_AES128_SHA,                 /* AES128-SHA */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+16+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },
+    {   /* AES256-SHA */
+        SSL_AES256_SHA,                 /* AES256-SHA */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        2*(SHA1_SIZE+32+16),            /* key block size */
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* RC4-SHA */
+        SSL_RC4_128_SHA,                /* RC4-SHA */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(SHA1_SIZE+16),               /* key block size */
+        0,                              /* no padding */
+        SHA1_SIZE,                      /* digest size */
+        hmac_sha1,                      /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+    /*
+     * This protocol is from SSLv2 days and is unlikely to be used - but was
+     * useful for testing different possible digest algorithms.
+     */
+    {   /* RC4-MD5 */
+        SSL_RC4_128_MD5,                /* RC4-MD5 */
+        16,                             /* key size */
+        0,                              /* iv size */ 
+        2*(MD5_SIZE+16),                /* key block size */
+        0,                              /* no padding */
+        MD5_SIZE,                       /* digest size */
+        hmac_md5,                       /* hmac algorithm */
+        (crypt_func)RC4_crypt,          /* encrypt */
+        (crypt_func)RC4_crypt           /* decrypt */
+    },
+};
+#endif
+
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen);
+static const cipher_info_t *get_cipher_info(uint8_t cipher);
+static void increment_read_sequence(SSL *ssl);
+static void increment_write_sequence(SSL *ssl);
+static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
+
+/* win32 VC6.0 doesn't have variadic macros */
+#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...) {}
+#endif
+
+/**
+ * Establish a new client/server context.
+ */
+EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+{
+    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
+    ssl_ctx->options = options;
+    RNG_initialize();
+
+    if (load_key_certs(ssl_ctx) < 0)
+    {
+        free(ssl_ctx);  /* can't load our key/certificate pair, so die */
+        return NULL;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl_ctx->num_sessions = num_sessions;
+#endif
+
+    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (num_sessions)
+    {
+        ssl_ctx->ssl_sessions = (SSL_SESSION **)
+                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
+    }
+#endif
+
+    return ssl_ctx;
+}
+
+/*
+ * Remove a client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    int i;
+
+    if (ssl_ctx == NULL)
+        return;
+
+    ssl = ssl_ctx->head;
+
+    /* clear out all the ssl entries */
+    while (ssl)
+    {
+        SSL *next = ssl->next;
+        ssl_free(ssl);
+        ssl = next;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* clear out all the sessions */
+    for (i = 0; i < ssl_ctx->num_sessions; i++)
+        session_free(ssl_ctx->ssl_sessions, i);
+
+    free(ssl_ctx->ssl_sessions);
+#endif
+
+    i = 0;
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
+    {
+        free(ssl_ctx->certs[i].buf);
+        ssl_ctx->certs[i++].buf = NULL;
+    }
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    remove_ca_certs(ssl_ctx->ca_cert_ctx);
+#endif
+    ssl_ctx->chain_length = 0;
+    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
+    RSA_free(ssl_ctx->rsa_ctx);
+    RNG_terminate();
+    free(ssl_ctx);
+}
+
+/*
+ * Free any used resources used by this connection.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl)
+{
+    SSL_CTX *ssl_ctx;
+
+    if (ssl == NULL)        /* just ignore null pointers */
+        return;
+
+    /* only notify if we weren't notified first */
+    /* spec says we must notify when we are dying */
+    if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+      send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+
+    ssl_ctx = ssl->ssl_ctx;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    /* adjust the server SSL list */
+    if (ssl->prev)
+        ssl->prev->next = ssl->next;
+    else
+        ssl_ctx->head = ssl->next;
+
+    if (ssl->next)
+        ssl->next->prev = ssl->prev;
+    else
+        ssl_ctx->tail = ssl->prev;
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+
+    /* may already be free - but be sure */
+    free(ssl->encrypt_ctx);
+    free(ssl->decrypt_ctx);
+    disposable_free(ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    x509_free(ssl->x509_ctx);
+#endif
+
+    free(ssl);
+}
+
+/*
+ * Read the SSL connection and send any alerts for various errors.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = basic_read(ssl, in_data);
+
+    /* check for return code so we can send an alert */
+    if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
+    {
+        if (ret != SSL_ERROR_CONN_LOST)
+        {
+            send_alert(ssl, ret);
+#ifndef CONFIG_SSL_SKELETON_MODE
+            /* something nasty happened, so get rid of this session */
+            kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+#endif
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Write application data to the client
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
+{
+    int n = out_len, nw, i, tot = 0;
+
+    /* maximum size of a TLS packet is around 16kB, so fragment */
+    do 
+    {
+        nw = n;
+
+        if (nw > RT_MAX_PLAIN_LENGTH)    /* fragment if necessary */
+            nw = RT_MAX_PLAIN_LENGTH;
+
+        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
+                                            &out_data[tot], nw)) <= 0)
+        {
+            out_len = i;    /* an error */
+            break;
+        }
+
+        tot += i;
+        n -= i;
+    } while (n > 0);
+
+    return out_len;
+}
+
+/**
+ * Add a certificate to the certificate chain.
+ */
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
+    SSL_CERT *ssl_cert;
+    X509_CTX *cert = NULL;
+    int offset;
+
+    while (ssl_ctx->certs[i].buf && i < CONFIG_SSL_MAX_CERTS) 
+        i++;
+
+    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of certs added (%d) - change of "
+                "compile-time configuration required\n",
+                CONFIG_SSL_MAX_CERTS);
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &cert)))
+        goto error;
+
+#if defined (CONFIG_SSL_FULL_MODE)
+    if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+        x509_print(cert, NULL);
+#endif
+
+    ssl_cert = &ssl_ctx->certs[i];
+    ssl_cert->size = len;
+    ssl_cert->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_cert->buf, buf, len);
+    ssl_ctx->chain_length++;
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    x509_free(cert);        /* don't need anymore */
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Add a certificate authority.
+ */
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_OK; /* ignore errors for now */
+    int i = 0;
+    CA_CERT_CTX *ca_cert_ctx;
+
+    if (ssl_ctx->ca_cert_ctx == NULL)
+        ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+
+    ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
+        i++;
+
+    while (len > 0)
+    {
+        int offset;
+        if (i >= CONFIG_X509_MAX_CA_CERTS)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: maximum number of CA certs added (%d) - change of "
+                    "compile-time configuration required\n", 
+                    CONFIG_X509_MAX_CA_CERTS);
+#endif
+            break;
+        }
+
+
+        /* ignore the return code */
+        if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+        {
+#if defined (CONFIG_SSL_FULL_MODE)
+            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+                x509_print(ca_cert_ctx->cert[i], NULL);
+#endif
+        }
+
+        i++;
+        len -= offset;
+    }
+
+    return ret;
+}
+
+/*
+ * Retrieve an X.509 distinguished name component
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    if (ssl->x509_ctx == NULL)
+        return NULL;
+
+    switch (component)
+    {
+        case SSL_X509_CERT_COMMON_NAME:
+            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CERT_ORGANIZATION:
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        case SSL_X509_CA_CERT_COMMON_NAME:
+            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CA_CERT_ORGANIZATION:
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        default:
+            return NULL;
+    }
+}
+
+/*
+ * Retrieve a "Subject Alternative Name" from a v3 certificate
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
+        int dnsindex)
+{
+    int i;
+
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
+        return NULL;
+
+    for (i = 0; i < dnsindex; ++i)
+    {
+        if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
+            return NULL;
+    }
+
+    return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/*
+ * Find an ssl object based on the client's file descriptor.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+    ssl = ssl_ctx->head;
+
+    /* search through all the ssl entries */
+    while (ssl)
+    {
+        if (ssl->client_fd == client_fd)
+        {
+            SSL_CTX_UNLOCK(ssl_ctx->mutex);
+            return ssl;
+        }
+
+        ssl = ssl->next;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return NULL;
+}
+
+/*
+ * Force the client to perform its handshake again.
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    disposable_new(ssl);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+    {
+        ret = do_client_connect(ssl);
+    }
+    else
+#endif
+    {
+        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                g_hello_request, sizeof(g_hello_request));
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Get what we need for key info.
+ * @param cipher    [in]    The cipher information we are after
+ * @param key_size  [out]   The key size for the cipher
+ * @param iv_size   [out]   The iv size for the cipher
+ * @return  The amount of key information we need.
+ */
+static const cipher_info_t *get_cipher_info(uint8_t cipher)
+{
+    int i;
+
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        if (cipher_info[i].cipher == cipher)
+        {
+            return &cipher_info[i];
+        }
+    }
+
+    return NULL;  /* error */
+}
+
+/*
+ * Get a new ssl context for a new connection.
+ */
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
+    ssl->ssl_ctx = ssl_ctx;
+    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
+    ssl->client_fd = client_fd;
+    ssl->flag = SSL_NEED_RECORD;
+    ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+#ifdef CONFIG_ENABLE_VERIFICATION
+    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+#endif
+    disposable_new(ssl);
+
+    /* a bit hacky but saves a few bytes of memory */
+    ssl->flag |= ssl_ctx->options;
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    if (ssl_ctx->head == NULL)
+    {
+        ssl_ctx->head = ssl;
+        ssl_ctx->tail = ssl;
+    }
+    else
+    {
+        ssl->prev = ssl_ctx->tail;
+        ssl_ctx->tail->next = ssl;
+        ssl_ctx->tail = ssl;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return ssl;
+}
+
+/*
+ * Add a private key to a context.
+ */
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
+{
+    int ret = SSL_OK;
+
+    /* get the private key details */
+    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+error:
+    return ret;
+}
+
+/** 
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */     
+static void increment_read_sequence(SSL *ssl)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) 
+    {       
+        if (++ssl->read_sequence[i])
+            break;
+    }
+}
+            
+/**
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */      
+static void increment_write_sequence(SSL *ssl)
+{        
+    int i;                  
+         
+    for (i = 7; i >= 0; i--)
+    {                       
+        if (++ssl->write_sequence[i])
+            break;
+    }                       
+}
+
+/**
+ * Work out the HMAC digest in a packet.
+ */
+static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
+{
+    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+    uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
+
+    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+                    ssl->write_sequence : ssl->read_sequence, 8);
+    memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
+    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+
+    ssl->cipher_info->hmac(t_buf, hmac_len, 
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
+            ssl->cipher_info->digest_size, hmac_buf);
+
+#if 0
+    print_blob("record", hmac_header, SSL_RECORD_SIZE);
+    print_blob("buf", buf, buf_len);
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
+    {
+        print_blob("write seq", ssl->write_sequence, 8);
+    }
+    else
+    {
+        print_blob("read seq", ssl->read_sequence, 8);
+    }
+
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
+    {
+        print_blob("server mac", 
+                ssl->server_mac, ssl->cipher_info->digest_size);
+    }
+    else
+    {
+        print_blob("client mac", 
+                ssl->client_mac, ssl->cipher_info->digest_size);
+    }
+    print_blob("hmac", hmac_buf, SHA1_SIZE);
+#endif
+}
+
+/**
+ * Verify that the digest of a packet is correct.
+ */
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
+{   
+    uint8_t hmac_buf[SHA1_SIZE];
+    int hmac_offset;
+   
+    if (ssl->cipher_info->padding_size)
+    {
+        int last_blk_size = buf[read_len-1], i;
+        hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
+
+        /* guard against a timing attack - make sure we do the digest */
+        if (hmac_offset < 0)
+        {
+            hmac_offset = 0;
+        }
+        else
+        {
+            /* already looked at last byte */
+            for (i = 1; i < last_blk_size; i++)
+            {
+                if (buf[read_len-i] != last_blk_size)
+                {
+                    hmac_offset = 0;
+                    break;
+                }
+            }
+        }
+    }
+    else /* stream cipher */
+    {
+        hmac_offset = read_len - ssl->cipher_info->digest_size;
+
+        if (hmac_offset < 0)
+        {
+            hmac_offset = 0;
+        }
+    }
+
+    /* sanity check the offset */
+    ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
+    ssl->hmac_header[4] = hmac_offset & 0xff;
+    add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
+
+    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    return hmac_offset;
+}
+
+/**
+ * Add a packet to the end of our sent and received packets, so that we may use
+ * it to calculate the hash at the end.
+ */
+void add_packet(SSL *ssl, const uint8_t *pkt, int len)
+{
+    MD5_Update(&ssl->dc->md5_ctx, pkt, len);
+    SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
+}
+
+/**
+ * Work out the MD5 PRF.
+ */
+static void p_hash_md5(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_md5(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[MD5_SIZE], seed, seed_len);
+    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > MD5_SIZE)
+    {
+        uint8_t a2[MD5_SIZE];
+        out += MD5_SIZE;
+        olen -= MD5_SIZE;
+
+        /* A(N) */
+        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, MD5_SIZE);
+
+        /* work out the actual hash */
+        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA1 PRF.
+ */
+static void p_hash_sha1(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_sha1(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA1_SIZE], seed, seed_len);
+    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA1_SIZE)
+    {
+        uint8_t a2[SHA1_SIZE];
+        out += SHA1_SIZE;
+        olen -= SHA1_SIZE;
+
+        /* A(N) */
+        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA1_SIZE);
+
+        /* work out the actual hash */
+        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the PRF.
+ */
+static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+        uint8_t *out, int olen)
+{
+    int len, i;
+    const uint8_t *S1, *S2;
+    uint8_t xbuf[256]; /* needs to be > the amount of key data */
+    uint8_t ybuf[256]; /* needs to be > the amount of key data */
+
+    len = sec_len/2;
+    S1 = sec;
+    S2 = &sec[len];
+    len += (sec_len & 1); /* add for odd, make longer */
+
+    p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+    p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+
+    for (i = 0; i < olen; i++)
+        out[i] = xbuf[i] ^ ybuf[i];
+}
+
+/**
+ * Generate a master secret based on the client/server random data and the
+ * premaster secret.
+ */
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
+{
+    uint8_t buf[128];   /* needs to be > 13+32+32 in size */
+    strcpy((char *)buf, "master secret");
+    memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
+    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
+            SSL_SECRET_SIZE);
+}
+
+/**
+ * Generate a 'random' blob of data used for the generation of keys.
+ */
+static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
+        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
+{
+    uint8_t buf[128];
+    strcpy((char *)buf, "key expansion");
+    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
+    prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
+}
+
+/** 
+ * Calculate the digest used in the finished message. This function also
+ * doubles up as a certificate verify function.
+ */
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+{
+    uint8_t mac_buf[128]; 
+    uint8_t *q = mac_buf;
+    MD5_CTX md5_ctx = ssl->dc->md5_ctx;
+    SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
+
+    if (label)
+    {
+        strcpy((char *)q, label);
+        q += strlen(label);
+    }
+
+    MD5_Final(q, &md5_ctx);
+    q += MD5_SIZE;
+    
+    SHA1_Final(q, &sha1_ctx);
+    q += SHA1_SIZE;
+
+    if (label)
+    {
+        prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
+            digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
+    }
+
+#if 0
+    printf("label: %s\n", label);
+    print_blob("master secret", ssl->dc->master_secret, 48);
+    print_blob("mac_buf", mac_buf, q-mac_buf);
+    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
+#endif
+}   
+    
+/**
+ * Retrieve (and initialise) the context of a cipher.
+ */
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
+{
+    switch (ssl->cipher)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        case SSL_AES128_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_AES256_SHA:
+            {
+                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_RC4_128_MD5:
+#endif
+        case SSL_RC4_128_SHA:
+            {
+                RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
+                RC4_setup(rc4_ctx, key, 16);
+                return (void *)rc4_ctx;
+            }
+    }
+
+    return NULL;    /* its all gone wrong */
+}
+
+/**
+ * Send a packet over the socket.
+ */
+static int send_raw_packet(SSL *ssl, uint8_t protocol)
+{
+    uint8_t *rec_buf = ssl->bm_all_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
+    int sent = 0;
+    int ret = SSL_OK;
+
+    rec_buf[0] = protocol;
+    rec_buf[1] = 0x03;      /* version = 3.1 or higher */
+    rec_buf[2] = ssl->version & 0x0f;
+    rec_buf[3] = ssl->bm_index >> 8;
+    rec_buf[4] = ssl->bm_index & 0xff;
+
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
+                             pkt_size, pkt_size);
+
+    while (sent < pkt_size)
+    {
+        ret = SOCKET_WRITE(ssl->client_fd, 
+                        &ssl->bm_all_data[sent], pkt_size-sent);
+
+        if (ret >= 0)
+            sent += ret;
+        else
+        {
+
+#ifdef WIN32
+            if (GetLastError() != WSAEWOULDBLOCK)
+#else
+            if (errno != EAGAIN && errno != EWOULDBLOCK)
+#endif
+                return SSL_ERROR_CONN_LOST;
+        }
+
+        /* keep going until the write buffer has some space */
+        if (sent != pkt_size)
+        {
+            fd_set wfds;
+            FD_ZERO(&wfds);
+            FD_SET(ssl->client_fd, &wfds);
+
+            /* block and wait for it */
+            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
+                return SSL_ERROR_CONN_LOST;
+        }
+    }
+
+    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
+    ssl->bm_index = 0;
+
+    if (protocol != PT_APP_PROTOCOL_DATA)  
+    {
+        /* always return SSL_OK during handshake */   
+        ret = SSL_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Send an encrypted packet with padding bytes if necessary.
+ */
+int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
+{
+    int ret, msg_length = 0;
+
+    /* if our state is bad, don't bother */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (in) /* has the buffer already been initialised? */
+    {
+        memcpy(ssl->bm_data, in, length);
+    }
+
+    msg_length += length;
+
+    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
+    {
+        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
+        uint8_t hmac_header[SSL_RECORD_SIZE] = 
+        {
+            protocol, 
+            0x03, /* version = 3.1 or higher */
+            ssl->version & 0x0f,
+            msg_length >> 8,
+            msg_length & 0xff 
+        };
+
+        if (protocol == PT_HANDSHAKE_PROTOCOL)
+        {
+            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+            {
+                add_packet(ssl, ssl->bm_data, msg_length);
+            }
+        }
+
+        /* add the packet digest */
+        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length, 
+                                                &ssl->bm_data[msg_length]);
+        msg_length += ssl->cipher_info->digest_size;
+
+        /* add padding? */
+        if (ssl->cipher_info->padding_size)
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+
+            /* ensure we always have at least 1 padding byte */
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+
+            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
+            msg_length += pad_bytes;
+        }
+
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
+        increment_write_sequence(ssl);
+
+        /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+                        ssl->cipher_info->iv_size)
+        {
+            uint8_t iv_size = ssl->cipher_info->iv_size;
+            uint8_t *t_buf = alloca(msg_length + iv_size);
+            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
+            get_random(iv_size, t_buf);
+            msg_length += iv_size;
+            memcpy(ssl->bm_data, t_buf, msg_length);
+        }
+
+        /* now encrypt the packet */
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
+                                            ssl->bm_data, msg_length);
+    }
+    else if (protocol == PT_HANDSHAKE_PROTOCOL)
+    {
+        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+        {
+            add_packet(ssl, ssl->bm_data, length);
+        }
+    }
+
+    ssl->bm_index = msg_length;
+    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
+        return ret;
+
+    return length;  /* just return what we wanted to send */
+}
+
+/**
+ * Work out the cipher keys we are going to use for this session based on the
+ * master secret.
+ */
+static int set_key_block(SSL *ssl, int is_write)
+{
+    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
+    uint8_t *q;
+    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
+    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    if (ciph_info == NULL)
+        return -1;
+
+    /* only do once in a handshake */
+    if (ssl->dc->key_block == NULL)
+    {
+        ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
+
+#if 0
+        print_blob("client", ssl->dc->client_random, 32);
+        print_blob("server", ssl->dc->server_random, 32);
+        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
+#endif
+        generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
+            ssl->dc->master_secret, ssl->dc->key_block, 
+            ciph_info->key_block_size);
+#if 0
+        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
+#endif
+    }
+
+    q = ssl->dc->key_block;
+
+    if ((is_client && is_write) || (!is_client && !is_write))
+    {
+        memcpy(ssl->client_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+
+    if ((!is_client && is_write) || (is_client && !is_write))
+    {
+        memcpy(ssl->server_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+    memcpy(client_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+    memcpy(server_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+
+#ifndef CONFIG_SSL_SKELETON_MODE 
+    if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
+    {
+        memcpy(client_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+        memcpy(server_iv, q, ciph_info->iv_size);
+        q += ciph_info->iv_size;
+    }
+#endif
+
+    free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+
+    /* now initialise the ciphers */
+    if (is_client)
+    {
+        finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
+    }
+    else
+    {
+        finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
+    }
+
+    ssl->cipher_info = ciph_info;
+    return 0;
+}
+
+/**
+ * Read the SSL connection.
+ */
+int basic_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf = ssl->bm_data;
+
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
+                            ssl->need_bytes-ssl->got_bytes);
+
+    if (read_len < 0) 
+    {
+#ifdef WIN32
+        if (GetLastError() == WSAEWOULDBLOCK)
+#else
+        if (errno == EAGAIN || errno == EWOULDBLOCK)
+#endif
+            return 0;
+    }
+
+    /* connection has gone, so die */
+    if (read_len <= 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
+        goto error;
+    }
+
+    DISPLAY_BYTES(ssl, "received %d bytes", 
+            &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
+
+    ssl->got_bytes += read_len;
+    ssl->bm_read_index += read_len;
+
+    /* haven't quite got what we want, so try again later */
+    if (ssl->got_bytes < ssl->need_bytes)
+        return SSL_OK;
+
+    read_len = ssl->got_bytes;
+    ssl->got_bytes = 0;
+
+    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
+    {
+        /* check for sslv2 "client hello" */
+        if (buf[0] & 0x80 && buf[2] == 1)
+        {
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+            uint8_t version = (buf[3] << 4) + buf[4];
+            DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
+
+            /* should be v3.1 (TLSv1) or better  */
+            ssl->version = ssl->client_version = version;
+
+            if (version > SSL_PROTOCOL_VERSION_MAX)
+            {
+                /* use client's version */
+                ssl->version = SSL_PROTOCOL_VERSION_MAX;
+            }
+            else if (version < SSL_PROTOCOL_MIN_VERSION)  
+            {
+                ret = SSL_ERROR_INVALID_VERSION;
+                ssl_display_error(ret);
+                return ret;
+            }
+
+            add_packet(ssl, &buf[2], 3);
+            ret = process_sslv23_client_hello(ssl); 
+#else
+            printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
+            ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+            goto error; /* not an error - just get out of here */
+        }
+
+        ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            ret = SSL_ERROR_INVALID_PROT_MSG;              
+            goto error;
+        }
+
+        CLR_SSL_FLAG(SSL_NEED_RECORD);
+        memcpy(ssl->hmac_header, buf, 3);       /* store for hmac */
+        ssl->record_type = buf[0];
+        goto error;                         /* no error, we're done */
+    }
+
+    /* for next time - just do it now in case of an error */
+    SET_SSL_FLAG(SSL_NEED_RECORD);
+    ssl->need_bytes = SSL_RECORD_SIZE;
+
+    /* decrypt if we need to */
+    if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    {
+        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+                        ssl->cipher_info->iv_size)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
+
+        read_len = verify_digest(ssl, 
+                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
+
+        /* does the hmac work? */
+        if (read_len < 0)
+        {
+            ret = read_len;
+            goto error;
+        }
+
+        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
+        increment_read_sequence(ssl);
+    }
+
+    /* The main part of the SSL packet */
+    switch (ssl->record_type)
+    {
+        case PT_HANDSHAKE_PROTOCOL:
+            if (ssl->dc != NULL)
+            {
+                ssl->dc->bm_proc_index = 0;
+                ret = do_handshake(ssl, buf, read_len);
+            }
+            else /* no client renegotiation allowed */
+            {
+                ret = SSL_ERROR_NO_CLIENT_RENOG;              
+                goto error;
+            }
+            break;
+
+        case PT_CHANGE_CIPHER_SPEC:
+            if (ssl->next_state != HS_FINISHED)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+            if (set_key_block(ssl, 0) < 0)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+            
+            memset(ssl->read_sequence, 0, 8);
+            break;
+
+        case PT_APP_PROTOCOL_DATA:
+            if (in_data)
+            {
+                *in_data = buf;   /* point to the work buffer */
+                (*in_data)[read_len] = 0;  /* null terminate just in case */
+            }
+
+            ret = read_len;
+            break;
+
+        case PT_ALERT_PROTOCOL:
+            /* return the alert # with alert bit set */
+            if(buf[0] == SSL_ALERT_TYPE_WARNING &&
+               buf[1] == SSL_ALERT_CLOSE_NOTIFY)
+            {
+              ret = SSL_CLOSE_NOTIFY;
+              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
+            }
+            else 
+            {
+                ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+            }
+
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
+    }
+
+error:
+    ssl->bm_read_index = 0;          /* reset to go again */
+
+    if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
+        *in_data = NULL;
+
+    return ret;
+}
+
+/**
+ * Do some basic checking of data and then perform the appropriate handshaking.
+ */
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
+{
+    int hs_len = (buf[2]<<8) + buf[3];
+    uint8_t handshake_type = buf[0];
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    /* some integrity checking on the handshake */
+    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
+
+    if (handshake_type != ssl->next_state)
+    {
+        /* handle a special case on the client */
+        if (!is_client || handshake_type != HS_CERT_REQ ||
+                        ssl->next_state != HS_SERVER_HELLO_DONE)
+        {
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            goto error;
+        }
+    }
+
+    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
+    ssl->bm_index = hs_len;     /* store the size and check later */
+    DISPLAY_STATE(ssl, 0, handshake_type, 0);
+
+    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
+        add_packet(ssl, buf, hs_len); 
+
+#if defined(CONFIG_SSL_ENABLE_CLIENT)
+    ret = is_client ? 
+        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
+        do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#else
+    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#endif
+
+    /* just use recursion to get the rest */
+    if (hs_len < read_len && ret == SSL_OK)
+        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
+
+error:
+    return ret;
+}
+
+/**
+ * Sends the change cipher spec message. We have just read a finished message
+ * from the client.
+ */
+int send_change_cipher_spec(SSL *ssl)
+{
+    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
+            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
+    SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+
+    if (ret >= 0 && set_key_block(ssl, 1) < 0)
+        ret = SSL_ERROR_INVALID_HANDSHAKE;
+
+    memset(ssl->write_sequence, 0, 8);
+    return ret;
+}
+
+/**
+ * Send a "finished" message
+ */
+int send_finished(SSL *ssl)
+{
+    uint8_t buf[SSL_FINISHED_HASH_SIZE+4] = {
+        HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
+
+    /* now add the finished digest mac (12 bytes) */
+    finished_digest(ssl, 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
+                    client_finished : server_finished, &buf[4]);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* store in the session cache */
+    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session->master_secret,
+                ssl->dc->master_secret, SSL_SECRET_SIZE);
+    }
+#endif
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
+                                buf, SSL_FINISHED_HASH_SIZE+4);
+}
+
+/**
+ * Send an alert message.
+ * Return 1 if the alert was an "error".
+ */
+int send_alert(SSL *ssl, int error_code)
+{
+    int alert_num = 0;
+    int is_warning = 0;
+    uint8_t buf[2];
+
+    /* Don't bother we're already dead */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        ssl_display_error(error_code);
+#endif
+
+    switch (error_code)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            is_warning = 1;
+            alert_num = SSL_ALERT_CLOSE_NOTIFY;
+            break;
+
+        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
+            is_warning = 1;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
+            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+        case SSL_ERROR_FINISHED_INVALID:
+            alert_num = SSL_ALERT_BAD_RECORD_MAC;
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            alert_num = SSL_ALERT_INVALID_VERSION;
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+        case SSL_ERROR_NO_CIPHER:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            alert_num = SSL_ALERT_NO_RENEGOTIATION;
+            break;
+
+        default:
+            /* a catch-all for any badly verified certificates */
+            alert_num = (error_code <= SSL_X509_OFFSET) ?  
+                SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
+            break;
+    }
+
+    buf[0] = is_warning ? 1 : 2;
+    buf[1] = alert_num;
+    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
+    DISPLAY_ALERT(ssl, alert_num);
+    return is_warning ? 0 : 1;
+}
+
+/**
+ * Process a client finished message.
+ */
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
+
+    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
+
+    /* check that we all work before we continue */
+    if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+        return SSL_ERROR_FINISHED_INVALID;
+
+    if ((!is_client && !resume) || (is_client && resume))
+    {
+        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            ret = send_finished(ssl);
+    }
+
+    /* if we ever renegotiate */
+    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
+    ssl->hs_status = ret;  /* set the final handshake status */
+
+error:
+    return ret;
+}
+
+/**
+ * Send a certificate.
+ */
+int send_certificate(SSL *ssl)
+{
+    int i = 0;
+    uint8_t *buf = ssl->bm_data;
+    int offset = 7;
+    int chain_length;
+
+    buf[0] = HS_CERTIFICATE;
+    buf[1] = 0;
+    buf[4] = 0;
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+        buf[offset++] = 0;        
+        buf[offset++] = cert->size >> 8;        /* cert 1 length */
+        buf[offset++] = cert->size & 0xff;
+        memcpy(&buf[offset], cert->buf, cert->size);
+        offset += cert->size;
+        i++;
+    }
+
+    chain_length = offset - 7;
+    buf[5] = chain_length >> 8;        /* cert chain length */
+    buf[6] = chain_length & 0xff;
+    chain_length += 3;
+    buf[2] = chain_length >> 8;        /* handshake length */
+    buf[3] = chain_length & 0xff;
+    ssl->bm_index = offset;
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/**
+ * Create a blob of memory that we'll get rid of once the handshake is
+ * complete.
+ */
+void disposable_new(SSL *ssl)
+{
+    if (ssl->dc == NULL)
+    {
+        ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
+        MD5_Init(&ssl->dc->md5_ctx);
+        SHA1_Init(&ssl->dc->sha1_ctx);
+    }
+}
+
+/**
+ * Remove the temporary blob of memory.
+ */
+void disposable_free(SSL *ssl)
+{
+    if (ssl->dc)
+    {
+        free(ssl->dc->key_block);
+        memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
+        free(ssl->dc);
+        ssl->dc = NULL;
+    }
+
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
+/**
+ * Find if an existing session has the same session id. If so, use the
+ * master secret from this session for session resumption.
+ */
+SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
+        SSL *ssl, const uint8_t *session_id)
+{
+    time_t tm = time(NULL);
+    time_t oldest_sess_time = tm;
+    SSL_SESSION *oldest_sess = NULL;
+    int i;
+
+    /* no sessions? Then bail */
+    if (max_sessions == 0)
+        return NULL;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    if (session_id)
+    {
+        for (i = 0; i < max_sessions; i++)
+        {
+            if (ssl_sessions[i])
+            {
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
+                {
+                    session_free(ssl_sessions, i);
+                    continue;
+                }
+
+                /* if the session id matches, it must still be less than 
+                   the expiry time */
+                if (memcmp(ssl_sessions[i]->session_id, session_id,
+                                                SSL_SESSION_ID_SIZE) == 0)
+                {
+                    ssl->session_index = i;
+                    memcpy(ssl->dc->master_secret, 
+                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
+                    SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+                    return ssl_sessions[i];  /* a session was found */
+                }
+            }
+        }
+    }
+
+    /* If we've got here, no matching session was found - so create one */
+    for (i = 0; i < max_sessions; i++)
+    {
+        if (ssl_sessions[i] == NULL)
+        {
+            /* perfect, this will do */
+            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
+            ssl_sessions[i]->conn_time = tm;
+            ssl->session_index = i;
+            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+            return ssl_sessions[i]; /* return the session object */
+        }
+        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
+        {
+            /* find the oldest session */
+            oldest_sess_time = ssl_sessions[i]->conn_time;
+            oldest_sess = ssl_sessions[i];
+            ssl->session_index = i;
+        }
+    }
+
+    /* ok, we've used up all of our sessions. So blow the oldest session away */
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+    return oldest_sess;
+}
+
+/**
+ * Free an existing session.
+ */
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
+{
+    if (ssl_sessions[sess_index])
+    {
+        free(ssl_sessions[sess_index]);
+        ssl_sessions[sess_index] = NULL;
+    }
+}
+
+/**
+ * This ssl object doesn't want this session anymore.
+ */
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
+{
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->ssl_ctx->num_sessions)
+    {
+        session_free(ssl_sessions, ssl->session_index);
+        ssl->session = NULL;
+    }
+
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+}
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/*
+ * Get the session id for a handshake. This will be a 32 byte sequence.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
+{
+    return ssl->session_id;
+}
+
+/*
+ * Get the session id size for a handshake. 
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
+{
+    return ssl->sess_id_size;
+}
+
+/*
+ * Return the cipher id (in the SSL form).
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
+{
+    return ssl->cipher;
+}
+
+/*
+ * Return the status of the handshake.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
+{
+    return ssl->hs_status;
+}
+
+/*
+ * Retrieve various parameters about the SSL engine.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset)
+{
+    switch (offset)
+    {
+        /* return the appropriate build mode */
+        case SSL_BUILD_MODE:
+#if defined(CONFIG_SSL_FULL_MODE)
+            return SSL_BUILD_FULL_MODE;
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+            return SSL_BUILD_ENABLE_CLIENT;
+#elif defined(CONFIG_ENABLE_VERIFICATION)
+            return SSL_BUILD_ENABLE_VERIFICATION;
+#elif defined(CONFIG_SSL_SERVER_ONLY )
+            return SSL_BUILD_SERVER_ONLY;
+#else 
+            return SSL_BUILD_SKELETON_MODE;
+#endif
+
+        case SSL_MAX_CERT_CFG_OFFSET:
+            return CONFIG_SSL_MAX_CERTS;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_MAX_CA_CERT_CFG_OFFSET:
+            return CONFIG_X509_MAX_CA_CERTS;
+#endif
+#ifdef CONFIG_SSL_HAS_PEM
+        case SSL_HAS_PEM:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Authenticate a received certificate.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    int ret;
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (ret)        /* modify into an SSL error type */
+    {
+        ret = SSL_X509_ERROR(ret);
+    }
+
+    return ret;
+}
+
+/**
+ * Process a certificate message.
+ */
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
+{
+    int ret = SSL_OK;
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int cert_size, offset = 5;
+    int total_cert_size = (buf[offset]<<8) + buf[offset+1];
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    X509_CTX **chain = x509_ctx;
+    offset += 2;
+
+    PARANOIA_CHECK(total_cert_size, offset);
+
+    while (offset < total_cert_size)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        
+        if (x509_new(&buf[offset], NULL, chain))
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+
+        chain = &((*chain)->next);
+        offset += cert_size;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* if we are client we can do the verify now or later */
+    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
+    {
+        ret = ssl_verify_cert(ssl);
+    }
+
+    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+    ssl->dc->bm_proc_index += offset;
+error:
+    return ret;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Debugging routine to display SSL handshaking stuff.
+ */
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Debugging routine to display SSL states.
+ */
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
+{
+    const char *str;
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
+    printf(is_send ? "sending " : "receiving ");
+
+    switch (state)
+    {
+        case HS_HELLO_REQUEST:
+            str = "Hello Request (0)";
+            break;
+
+        case HS_CLIENT_HELLO:
+            str = "Client Hello (1)";
+            break;
+
+        case HS_SERVER_HELLO:
+            str = "Server Hello (2)";
+            break;
+
+        case HS_CERTIFICATE:
+            str = "Certificate (11)";
+            break;
+
+        case HS_SERVER_KEY_XCHG:
+            str = "Certificate Request (12)";
+            break;
+
+        case HS_CERT_REQ:
+            str = "Certificate Request (13)";
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            str = "Server Hello Done (14)";
+            break;
+
+        case HS_CERT_VERIFY:
+            str = "Certificate Verify (15)";
+            break;
+
+        case HS_CLIENT_KEY_XCHG:
+            str = "Client Key Exchange (16)";
+            break;
+
+        case HS_FINISHED:
+            str = "Finished (16)";
+            break;
+
+        default:
+            str = "Error (Unknown)";
+            
+            break;
+    }
+
+    printf("%s\n", str);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display RSA objects
+ */
+void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
+        return;
+
+    RSA_print(rsa_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking bytes.
+ */
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    va_list(ap);
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
+        return;
+
+    va_start(ap, size);
+    print_blob(format, data, size, va_arg(ap, char *));
+    va_end(ap);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking errors.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code)
+{
+    if (error_code == SSL_OK)
+        return;
+
+    printf("Error: ");
+
+    /* X509 error? */
+    if (error_code < SSL_X509_OFFSET)
+    {
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
+        return;
+    }
+
+    /* SSL alert error code */
+    if (error_code > SSL_ERROR_CONN_LOST)
+    {
+        printf("SSL error %d\n", -error_code);
+        return;
+    }
+
+    switch (error_code)
+    {
+        case SSL_ERROR_DEAD:
+            printf("connection dead");
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+            printf("invalid handshake");
+            break;
+
+        case SSL_ERROR_INVALID_PROT_MSG:
+            printf("invalid protocol message");
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            printf("invalid mac");
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            printf("invalid session");
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            printf("no cipher");
+            break;
+
+        case SSL_ERROR_CONN_LOST:
+            printf("connection lost");
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ERROR_INVALID_KEY:
+            printf("invalid key");
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+            printf("finished invalid");
+            break;
+
+        case SSL_ERROR_NO_CERT_DEFINED:
+            printf("no certificate defined");
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            printf("client renegotiation not supported");
+            break;
+            
+        case SSL_ERROR_NOT_SUPPORTED:
+            printf("Option not supported");
+            break;
+
+        default:
+            printf("undefined as yet - %d", error_code);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display alerts.
+ */
+void DISPLAY_ALERT(SSL *ssl, int alert)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf("Alert: ");
+
+    switch (alert)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            printf("close notify");
+            break;
+
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNEXPECTED_MESSAGE:
+            printf("unexpected message");
+            break;
+
+        case SSL_ALERT_BAD_RECORD_MAC:
+            printf("bad record mac");
+            break;
+
+        case SSL_ALERT_HANDSHAKE_FAILURE:
+            printf("handshake failure");
+            break;
+
+        case SSL_ALERT_ILLEGAL_PARAMETER:
+            printf("illegal parameter");
+            break;
+
+        case SSL_ALERT_DECODE_ERROR:
+            printf("decode error");
+            break;
+
+        case SSL_ALERT_DECRYPT_ERROR:
+            printf("decrypt error");
+            break;
+
+        case SSL_ALERT_NO_RENEGOTIATION:
+            printf("no renegotiation");
+            break;
+
+        default:
+            printf("alert - (unknown %d)", alert);
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+#endif /* CONFIG_SSL_FULL_MODE */
+
+/**
+ * Return the version of this library.
+ */
+EXP_FUNC const char  * STDCALL ssl_version()
+{
+    static const char * axtls_version = AXTLS_VERSION;
+    return axtls_version;
+}
+
+/**
+ * Enable the various language bindings to work regardless of the
+ * configuration - they just return an error statement and a bad return code.
+ */
+#if !defined(CONFIG_SSL_FULL_MODE)
+EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
+#endif
+
+#ifdef CONFIG_BINDINGS
+#if !defined(CONFIG_SSL_ENABLE_CLIENT)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+#endif
+
+#if !defined(CONFIG_SSL_CERT_VERIFICATION)
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    printf(unsupported_str);
+    return -1;
+}
+
+
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
+{
+    printf(unsupported_str);
+    return NULL;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
+
+#endif /* CONFIG_BINDINGS */
+
diff --git a/ssl/tls1.h b/ssl/tls1.h
new file mode 100644
index 0000000000..414a173438
--- /dev/null
+++ b/ssl/tls1.h
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file tls1.h
+ *
+ * @brief The definitions for the TLS library.
+ */
+#ifndef HEADER_SSL_LIB_H
+#define HEADER_SSL_LIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "version.h"
+#include "config.h"
+#include "os_int.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
+#define SSL_RANDOM_SIZE             32
+#define SSL_SECRET_SIZE             48
+#define SSL_FINISHED_HASH_SIZE      12
+#define SSL_RECORD_SIZE             5
+#define SSL_SERVER_READ             0
+#define SSL_SERVER_WRITE            1
+#define SSL_CLIENT_READ             2
+#define SSL_CLIENT_WRITE            3
+#define SSL_HS_HDR_SIZE             4
+
+/* the flags we use while establishing a connection */
+#define SSL_NEED_RECORD             0x0001
+#define SSL_TX_ENCRYPTED            0x0002 
+#define SSL_RX_ENCRYPTED            0x0004
+#define SSL_SESSION_RESUME          0x0008
+#define SSL_IS_CLIENT               0x0010
+#define SSL_HAS_CERT_REQ            0x0020
+#define SSL_SENT_CLOSE_NOTIFY       0x0040
+
+/* some macros to muck around with flag bits */
+#define SET_SSL_FLAG(A)             (ssl->flag |= A)
+#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
+#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
+
+#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_EXTRA                    1024
+#define BM_RECORD_OFFSET            5
+
+#ifdef CONFIG_SSL_SKELETON_MODE
+#define NUM_PROTOCOLS               1
+#else
+#define NUM_PROTOCOLS               4
+#endif
+
+#define PARANOIA_CHECK(A, B)        if (A < B) { \
+    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
+
+/* protocol types */
+enum
+{
+    PT_CHANGE_CIPHER_SPEC = 20,
+    PT_ALERT_PROTOCOL,
+    PT_HANDSHAKE_PROTOCOL,
+    PT_APP_PROTOCOL_DATA
+};
+
+/* handshaking types */
+enum
+{
+    HS_HELLO_REQUEST,
+    HS_CLIENT_HELLO,
+    HS_SERVER_HELLO,
+    HS_CERTIFICATE = 11,
+    HS_SERVER_KEY_XCHG,
+    HS_CERT_REQ,
+    HS_SERVER_HELLO_DONE,
+    HS_CERT_VERIFY,
+    HS_CLIENT_KEY_XCHG,
+    HS_FINISHED = 20
+};
+
+typedef struct 
+{
+    uint8_t cipher;
+    uint8_t key_size;
+    uint8_t iv_size;
+    uint8_t key_block_size;
+    uint8_t padding_size;
+    uint8_t digest_size;
+    hmac_func hmac;
+    crypt_func encrypt;
+    crypt_func decrypt;
+} cipher_info_t;
+
+struct _SSLObjLoader 
+{
+    uint8_t *buf;
+    int len;
+};
+
+typedef struct _SSLObjLoader SSLObjLoader;
+
+typedef struct 
+{
+    time_t conn_time;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+} SSL_SESSION;
+
+typedef struct
+{
+    uint8_t *buf;
+    int size;
+} SSL_CERT;
+
+typedef struct
+{
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+    uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
+    uint8_t *key_block;
+    uint8_t master_secret[SSL_SECRET_SIZE];
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint16_t bm_proc_index;
+} DISPOSABLE_CTX;
+
+struct _SSL
+{
+    uint32_t flag;
+    uint16_t need_bytes;
+    uint16_t got_bytes;
+    uint8_t record_type;
+    uint8_t cipher;
+    uint8_t sess_id_size;
+    uint8_t version;
+    uint8_t client_version;
+    int16_t next_state;
+    int16_t hs_status;
+    DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
+    int client_fd;
+    const cipher_info_t *cipher_info;
+    void *encrypt_ctx;
+    void *decrypt_ctx;
+    uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
+    uint8_t *bm_data;
+    uint16_t bm_index;
+    uint16_t bm_read_index;
+    struct _SSL *next;                  /* doubly linked list */
+    struct _SSL *prev;
+    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t session_index;
+    SSL_SESSION *session;
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    X509_CTX *x509_ctx;
+#endif
+
+    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
+    uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
+    uint8_t read_sequence[8];       /* 64 bit sequence number */
+    uint8_t write_sequence[8];      /* 64 bit sequence number */
+    uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
+};
+
+typedef struct _SSL SSL;
+
+struct _SSL_CTX
+{
+    uint32_t options;
+    uint8_t chain_length;
+    RSA_CTX *rsa_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    CA_CERT_CTX *ca_cert_ctx;
+#endif
+    SSL *head;
+    SSL *tail;
+    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t num_sessions;
+    SSL_SESSION **ssl_sessions;
+#endif
+#ifdef CONFIG_SSL_CTX_MUTEXING
+    SSL_CTX_MUTEX_TYPE mutex;
+#endif
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+    void *bonus_attr;
+#endif
+};
+
+typedef struct _SSL_CTX SSL_CTX;
+
+/* backwards compatibility */
+typedef struct _SSL_CTX SSLCTX;
+
+extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
+
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
+void disposable_new(SSL *ssl);
+void disposable_free(SSL *ssl);
+int send_packet(SSL *ssl, uint8_t protocol, 
+        const uint8_t *in, int length);
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
+int process_sslv23_client_hello(SSL *ssl);
+int send_alert(SSL *ssl, int error_code);
+int send_finished(SSL *ssl);
+int send_certificate(SSL *ssl);
+int basic_read(SSL *ssl, uint8_t **in_data);
+int send_change_cipher_spec(SSL *ssl);
+void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
+void add_packet(SSL *ssl, const uint8_t *pkt, int len);
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
+void ssl_obj_free(SSLObjLoader *ssl_obj);
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int load_key_certs(SSL_CTX *ssl_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
+#endif
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int do_client_connect(SSL *ssl);
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...);
+void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
+void DISPLAY_ALERT(SSL *ssl, int alert);
+#else
+#define DISPLAY_STATE(A,B,C,D)
+#define DISPLAY_CERT(A,B)
+#define DISPLAY_RSA(A,B)
+#define DISPLAY_ALERT(A, B)
+#ifdef WIN32
+void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
+        const uint8_t *data, int size, ...);
+#else
+#define DISPLAY_BYTES(A,B,C,D,...)
+#endif
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
+#endif
+
+SSL_SESSION *ssl_session_update(int max_sessions, 
+        SSL_SESSION *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id);
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
new file mode 100644
index 0000000000..196b40ed3c
--- /dev/null
+++ b/ssl/tls1_clnt.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
+
+static int send_client_hello(SSL *ssl);
+static int process_server_hello(SSL *ssl);
+static int process_server_hello_done(SSL *ssl);
+static int send_client_key_xchg(SSL *ssl);
+static int process_cert_req(SSL *ssl);
+static int send_cert_verify(SSL *ssl);
+
+/*
+ * Establish a new SSL connection to an SSL server.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
+{
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
+
+    if (session_id && ssl_ctx->num_sessions)
+    {
+        if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
+        {
+            ssl_free(ssl);
+            return NULL;
+        }
+
+        memcpy(ssl->session_id, session_id, sess_id_size);
+        ssl->sess_id_size = sess_id_size;
+        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
+    }
+
+    SET_SSL_FLAG(SSL_IS_CLIENT);
+    do_client_connect(ssl);
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret;
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_SERVER_HELLO:
+            ret = process_server_hello(ssl);
+            break;
+
+        case HS_CERTIFICATE:
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
+            {
+                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
+                {
+                    if ((ret = send_certificate(ssl)) == SSL_OK &&
+                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
+                    {
+                        send_cert_verify(ssl);
+                    }
+                }
+                else
+                {
+                    ret = send_client_key_xchg(ssl);
+                }
+
+                if (ret == SSL_OK && 
+                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
+                {
+                    ret = send_finished(ssl);
+                }
+            }
+            break;
+
+        case HS_CERT_REQ:
+            ret = process_cert_req(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);   /* free up some memory */
+            /* note: client renegotiation is not allowed after this */
+            break;
+
+        case HS_HELLO_REQUEST:
+            disposable_new(ssl);
+            ret = do_client_connect(ssl);
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Do the handshaking from the beginning.
+ */
+int do_client_connect(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    send_client_hello(ssl);                 /* send the client hello */
+    ssl->bm_read_index = 0;
+    ssl->next_state = HS_SERVER_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* sit in a loop until it all looks good */
+    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
+    {
+        while (ssl->hs_status != SSL_OK)
+        {
+            ret = ssl_read(ssl, NULL);
+            
+            if (ret < SSL_OK)
+                break;
+        }
+
+        ssl->hs_status = ret;            /* connected? */    
+    }
+
+    return ret;
+}
+
+/*
+ * Send the initial client hello.
+ */
+static int send_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    time_t tm = time(NULL);
+    uint8_t *tm_ptr = &buf[6]; /* time will go here */
+    int i, offset;
+
+    buf[0] = HS_CLIENT_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* client random value - spec says that 1st 4 bytes are big endian time */
+    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
+    get_random(SSL_RANDOM_SIZE-4, &buf[10]);
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* give session resumption a go */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially by user */
+    {
+        buf[offset++] = ssl->sess_id_size;
+        memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
+        offset += ssl->sess_id_size;
+        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
+    }
+    else
+    {
+        /* no session id - because no session resumption just yet */
+        buf[offset++] = 0;
+    }
+
+    buf[offset++] = 0;              /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
+
+    /* put all our supported protocols in our request */
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        buf[offset++] = 0;          /* cipher we are using */
+        buf[offset++] = ssl_prot_prefs[i];
+    }
+
+    buf[offset++] = 1;              /* no compression */
+    buf[offset++] = 0;
+    buf[3] = offset - 4;            /* handshake size */
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Process the server hello.
+ */
+static int process_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t sess_id_size;
+    int offset, ret = SSL_OK;
+
+    /* check that we are talking to a TLSv1 server */
+    uint8_t version = (buf[4] << 4) + buf[5];
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        version = SSL_PROTOCOL_VERSION_MAX;
+    }
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    ssl->version = version;
+
+    /* get the server random value */
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    sess_id_size = buf[offset++];
+
+    if (sess_id_size > SSL_SESSION_ID_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_SESSION;
+        goto error;
+    }
+
+    if (num_sessions)
+    {
+        ssl->session = ssl_session_update(num_sessions,
+                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
+        memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
+
+        /* pad the rest with 0's */
+        if (sess_id_size < SSL_SESSION_ID_SIZE)
+        {
+            memset(&ssl->session->session_id[sess_id_size], 0,
+                SSL_SESSION_ID_SIZE-sess_id_size);
+        }
+    }
+
+    memcpy(ssl->session_id, &buf[offset], sess_id_size);
+    ssl->sess_id_size = sess_id_size;
+    offset += sess_id_size;
+
+    /* get the real cipher we are using */
+    ssl->cipher = buf[++offset];
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
+                                        HS_FINISHED : HS_CERTIFICATE;
+
+    offset++;   // skip the compr
+    PARANOIA_CHECK(pkt_size, offset);
+    ssl->dc->bm_proc_index = offset+1; 
+
+error:
+    return ret;
+}
+
+/**
+ * Process the server hello done message.
+ */
+static int process_server_hello_done(SSL *ssl)
+{
+    ssl->next_state = HS_FINISHED;
+    return SSL_OK;
+}
+
+/*
+ * Send a client key exchange message.
+ */
+static int send_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t premaster_secret[SSL_SECRET_SIZE];
+    int enc_secret_size = -1;
+
+    buf[0] = HS_CLIENT_KEY_XCHG;
+    buf[1] = 0;
+
+    premaster_secret[0] = 0x03; /* encode the version number */
+    premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
+    get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]);
+    DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
+            SSL_SECRET_SIZE, &buf[6], 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    buf[2] = (enc_secret_size + 2) >> 8;
+    buf[3] = (enc_secret_size + 2) & 0xff;
+    buf[4] = enc_secret_size >> 8;
+    buf[5] = enc_secret_size & 0xff;
+
+    generate_master_secret(ssl, premaster_secret);
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
+}
+
+/*
+ * Process the certificate request.
+ */
+static int process_cert_req(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int ret = SSL_OK;
+    int offset = (buf[2] << 4) + buf[3];
+    int pkt_size = ssl->bm_index;
+
+    /* don't do any processing - we will send back an RSA certificate anyway */
+    ssl->next_state = HS_SERVER_HELLO_DONE;
+    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
+    ssl->dc->bm_proc_index += offset;
+    PARANOIA_CHECK(pkt_size, offset);
+error:
+    return ret;
+}
+
+/*
+ * Send a certificate verify message.
+ */
+static int send_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int n = 0, ret;
+
+    DISPLAY_RSA(ssl, rsa_ctx);
+
+    buf[0] = HS_CERT_VERIFY;
+    buf[1] = 0;
+
+    finished_digest(ssl, NULL, dgst);   /* calculate the digest */
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    if (rsa_ctx)
+    {
+        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+        n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+        if (n == 0)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+    
+    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
+    buf[5] = n & 0xff;
+    n += 2;
+    buf[2] = n >> 8;
+    buf[3] = n & 0xff;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
+
+error:
+    return ret;
+}
+
+#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
new file mode 100644
index 0000000000..51c9d76e8d
--- /dev/null
+++ b/ssl/tls1_svr.c
@@ -0,0 +1,478 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+
+static int process_client_hello(SSL *ssl);
+static int send_server_hello_sequence(SSL *ssl);
+static int send_server_hello(SSL *ssl);
+static int send_server_hello_done(SSL *ssl);
+static int process_client_key_xchg(SSL *ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int send_certificate_request(SSL *ssl);
+static int process_cert_verify(SSL *ssl);
+#endif
+
+/*
+ * Establish a new SSL connection to an SSL client.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->next_state = HS_CLIENT_HELLO;
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ssl_ctx->chain_length == 0)
+        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
+#endif
+
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_CLIENT_HELLO:
+            if ((ret = process_client_hello(ssl)) == SSL_OK)
+                ret = send_server_hello_sequence(ssl);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case HS_CERTIFICATE:/* the client sends its cert */
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+
+            if (ret == SSL_OK)    /* verify the cert */
+            { 
+                int cert_res;
+                cert_res = x509_verify(
+                        ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
+            }
+            break;
+
+        case HS_CERT_VERIFY:    
+            ret = process_cert_verify(ssl);
+            add_packet(ssl, buf, hs_len);   /* needs to be done after */
+            break;
+#endif
+        case HS_CLIENT_KEY_XCHG:
+            ret = process_client_key_xchg(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);   /* free up some memory */
+            break;
+    }
+
+    return ret;
+}
+
+/* 
+ * Process a client hello message.
+ */
+static int process_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t *record_buf = ssl->hmac_header;
+    int pkt_size = ssl->bm_index;
+    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int ret = SSL_OK;
+    
+    uint8_t version = (buf[4] << 4) + buf[5];
+    ssl->version = ssl->client_version = version;
+
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        /* use client's version instead */
+        ssl->version = SSL_PROTOCOL_VERSION_MAX; 
+    }
+    else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+
+    /* process the session id */
+    id_len = buf[offset++];
+    if (id_len > SSL_SESSION_ID_SIZE)
+    {
+        return SSL_ERROR_INVALID_SESSION;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    offset += id_len;
+    cs_len = (buf[offset]<<8) + buf[offset+1];
+    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    /* work out what cipher suite we are going to use - client defines 
+       the preference */
+    for (i = 0; i < cs_len; i += 2)
+    {
+        for (j = 0; j < NUM_PROTOCOLS; j++)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto do_state;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+
+do_state:
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+/*
+ * Some browsers use a hybrid SSLv2 "client hello" 
+ */
+int process_sslv23_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
+    int ret = SSL_OK;
+
+    /* we have already read 3 extra bytes so far */
+    int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
+    int cs_len = buf[1];
+    int id_len = buf[3];
+    int ch_len = buf[5];
+    int i, j, offset = 8;   /* start at first cipher */
+    int random_offset = 0;
+
+    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
+    
+    add_packet(ssl, buf, read_len);
+
+    /* connection has gone, so die */
+    if (bytes_needed < 0)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+    /* now work out what cipher suite we are going to use */
+    for (j = 0; j < NUM_PROTOCOLS; j++)
+    {
+        for (i = 0; i < cs_len; i += 3)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto server_hello;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    ret = SSL_ERROR_NO_CIPHER;
+    goto error;
+
+server_hello:
+    /* get the session id */
+    offset += cs_len - 2;   /* we've gone 2 bytes past the end */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    /* get the client random data */
+    offset += id_len;
+
+    /* random can be anywhere between 16 and 32 bytes long - so it is padded
+     * with 0's to the left */
+    if (ch_len == 0x10)
+    {
+        random_offset += 0x10;
+    }
+
+    memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
+    ret = send_server_hello_sequence(ssl);
+
+error:
+    return ret;
+}
+#endif
+
+/*
+ * Send the entire server hello sequence
+ */
+static int send_server_hello_sequence(SSL *ssl)
+{
+    int ret;
+
+    if ((ret = send_server_hello(ssl)) == SSL_OK)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* resume handshake? */
+        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+        {
+            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            {
+                ret = send_finished(ssl);
+                ssl->next_state = HS_FINISHED;
+            }
+        }
+        else 
+#endif
+        if ((ret = send_certificate(ssl)) == SSL_OK)
+        {
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+            /* ask the client for its certificate */
+            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
+            {
+                if ((ret = send_certificate_request(ssl)) == SSL_OK)
+                {
+                    ret = send_server_hello_done(ssl);
+                    ssl->next_state = HS_CERTIFICATE;
+                }
+            }
+            else
+#endif
+            {
+                ret = send_server_hello_done(ssl);
+                ssl->next_state = HS_CLIENT_KEY_XCHG;
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Send a server hello message.
+ */
+static int send_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int offset = 0;
+
+    buf[0] = HS_SERVER_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* server random value */
+    get_random(SSL_RANDOM_SIZE, &buf[6]);
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+    {
+        /* retrieve id from session cache */
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+        offset += SSL_SESSION_ID_SIZE;
+    }
+    else    /* generate our own session id */
+#endif
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
+        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+
+        /* store id in session cache */
+        if (ssl->ssl_ctx->num_sessions)
+        {
+            memcpy(ssl->session->session_id, 
+                    ssl->session_id, SSL_SESSION_ID_SIZE);
+        }
+
+        offset += SSL_SESSION_ID_SIZE;
+#else
+        buf[offset++] = 0;  /* don't bother with session id in skelton mode */
+#endif
+    }
+
+    buf[offset++] = 0;      /* cipher we are using */
+    buf[offset++] = ssl->cipher;
+    buf[offset++] = 0;      /* no compression */
+    buf[3] = offset - 4;    /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Send the server hello done message.
+ */
+static int send_server_hello_done(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                            g_hello_done, sizeof(g_hello_done));
+}
+
+/*
+ * Pull apart a client key exchange message. Decrypt the pre-master key (using
+ * our RSA private key) and then work out the master key. Initialise the
+ * ciphers.
+ */
+static int process_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
+    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int offset = 4;
+    int ret = SSL_OK;
+    
+    if (rsa_ctx == NULL)
+    {
+        ret = SSL_ERROR_NO_CERT_DEFINED;
+        goto error;
+    }
+
+    /* is there an extra size field? */
+    if ((secret_length - 2) == rsa_ctx->num_octets)
+        offset += 2;
+
+    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret, 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (premaster_size != SSL_SECRET_SIZE || 
+            premaster_secret[0] != 0x03 ||  /* must be the same as client
+                                               offered version */
+                premaster_secret[1] != (ssl->client_version & 0x0f))
+    {
+        /* guard against a Bleichenbacher attack */
+        get_random(SSL_SECRET_SIZE, premaster_secret);
+        /* and continue - will die eventually when checking the mac */
+    }
+
+#if 0
+    print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
+#endif
+
+    generate_master_secret(ssl, premaster_secret);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
+                                            HS_CERT_VERIFY : HS_FINISHED;
+#else
+    ssl->next_state = HS_FINISHED; 
+#endif
+
+    ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
+/*
+ * Send the certificate request message.
+ */
+static int send_certificate_request(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request, sizeof(g_cert_request));
+}
+
+/*
+ * Ensure the client has the private key by first decrypting the packet and
+ * then checking the packet digests.
+ */
+static int process_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
+    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    X509_CTX *x509_ctx = ssl->x509_ctx;
+    int ret = SSL_OK;
+    int n;
+
+    PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
+    DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (n != SHA1_SIZE + MD5_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto end_cert_vfy;
+    }
+
+    finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+    if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+    }
+
+end_cert_vfy:
+    ssl->next_state = HS_FINISHED;
+error:
+    return ret;
+}
+
+#endif
diff --git a/ssl/version.h b/ssl/version.h
new file mode 100644
index 0000000000..e8158cc0d9
--- /dev/null
+++ b/ssl/version.h
@@ -0,0 +1 @@
+#define AXTLS_VERSION    "1.4.9"
diff --git a/ssl/x509.c b/ssl/x509.c
new file mode 100644
index 0000000000..cb007fbbc7
--- /dev/null
+++ b/ssl/x509.c
@@ -0,0 +1,559 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file x509.c
+ * 
+ * Certificate processing.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Retrieve the signature from a certificate.
+ */
+static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    X509_CTX *x509_ctx;
+    BI_CTX *bi_ctx;
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
+    {
+        if (asn1_version(cert, &offset, x509_ctx))
+            goto end_cert;
+    }
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
+            asn1_public_key(cert, &offset, x509_ctx))
+    {
+        goto end_cert;
+    }
+
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
+    if (x509_ctx->sig_type == SIG_TYPE_MD5)
+    {
+        MD5_CTX md5_ctx;
+        uint8_t md5_dgst[MD5_SIZE];
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD5_Final(md5_dgst, &md5_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+    }
+    else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
+    {
+        SHA1_CTX sha_ctx;
+        uint8_t sha_dgst[SHA1_SIZE];
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        SHA1_Final(sha_dgst, &sha_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+    }
+    else if (x509_ctx->sig_type == SIG_TYPE_MD2)
+    {
+        MD2_CTX md2_ctx;
+        uint8_t md2_dgst[MD2_SIZE];
+        MD2_Init(&md2_ctx);
+        MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+        MD2_Final(md2_dgst, &md2_ctx);
+        x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
+    }
+
+    if (cert[offset] == ASN1_V3_DATA)
+    {
+        int suboffset;
+
+        ++offset;
+        get_asn1_length(cert, &offset);
+
+        if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
+        {
+            if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
+            {
+                int altlen;
+
+                if ((altlen = asn1_next_obj(cert, 
+                                            &suboffset, ASN1_SEQUENCE)) > 0)
+                {
+                    int endalt = suboffset + altlen;
+                    int totalnames = 0;
+
+                    while (suboffset < endalt)
+                    {
+                        int type = cert[suboffset++];
+                        int dnslen = get_asn1_length(cert, &suboffset);
+
+                        if (type == ASN1_CONTEXT_DNSNAME)
+                        {
+                            x509_ctx->subject_alt_dnsnames = (char**)
+                                    realloc(x509_ctx->subject_alt_dnsnames, 
+                                       (totalnames + 2) * sizeof(char*));
+                            x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                    (char*)malloc(dnslen + 1);
+                            x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                            memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                    cert + suboffset, dnslen);
+                            x509_ctx->subject_alt_dnsnames[
+                                    totalnames][dnslen] = 0;
+                            ++totalnames;
+                        }
+
+                        suboffset += dnslen;
+                    }
+                }
+            }
+        }
+    }
+
+    offset = end_tbs;   /* skip the rest of v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+    ret = X509_OK;
+end_cert:
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    if (ret)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid X509 ASN.1 file (%s)\n",
+                        x509_display_error(ret));
+#endif
+        x509_free(x509_ctx);
+        *ctx = NULL;
+    }
+
+    return ret;
+}
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+
+    if (x509_ctx->subject_alt_dnsnames)
+    {
+        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
+            free(x509_ctx->subject_alt_dnsnames[i]);
+
+        free(x509_ctx->subject_alt_dnsnames);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Take a signature and decrypt it.
+ */
+static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+    uint8_t *block = (uint8_t *)alloca(sig_len);
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx);
+    return bir;
+}
+
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - A root certificate exists in the certificate store.
+ * - That the certificate(s) are not self-signed.
+ * - The certificate chain is valid.
+ * - The signature of the certificate is valid.
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx = NULL;
+    bigint *mod = NULL, *expn = NULL;
+    int match_ca_cert = 0;
+    struct timeval tv;
+    uint8_t is_self_signed = 0;
+
+    if (cert == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* a self-signed certificate that is not in the CA store - use this 
+       to check the signature */
+    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        is_self_signed = 1;
+        ctx = cert->rsa_ctx->bi_ctx;
+        mod = cert->rsa_ctx->m;
+        expn = cert->rsa_ctx->e;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    next_cert = cert->next;
+
+    /* last cert in the chain - look for a trusted cert */
+    if (next_cert == NULL)
+    {
+       if (ca_cert_ctx != NULL) 
+       {
+            /* go thu the CA store */
+            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            {
+                if (asn1_compare_dn(cert->ca_cert_dn,
+                                            ca_cert_ctx->cert[i]->cert_dn) == 0)
+                {
+                    /* use this CA certificate for signature verification */
+                    match_ca_cert = 1;
+                    ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
+                    mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
+                    expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
+                    break;
+                }
+
+                i++;
+            }
+        }
+
+        /* couldn't find a trusted cert (& let self-signed errors 
+           be returned) */
+        if (!match_ca_cert && !is_self_signed)
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
+    {
+        /* check the chain */
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+    else /* use the next certificate in the chain for signature verify */
+    {
+        ctx = next_cert->rsa_ctx->bi_ctx;
+        mod = next_cert->rsa_ctx->m;
+        expn = next_cert->rsa_ctx->e;
+    }
+
+    /* cert is self signed */
+    if (!match_ca_cert && is_self_signed)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
+                        bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig && cert->digest)
+    {
+        if (bi_compare(cert_sig, cert->digest) != 0)
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
+
+
+        bi_free(ctx, cert_sig);
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+    }
+
+    if (ret)
+        goto end_verify;
+
+    /* go down the certificate chain using recursion. */
+    if (next_cert != NULL)
+    {
+        ret = x509_verify(ca_cert_ctx, next_cert);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+static const char *not_part_of_cert = "<Not Part Of Certificate>";
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("=== CERTIFICATE ISSUED TO ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
+                    cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
+        cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    printf("Organizational Unit (OU):\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
+        cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
+
+    printf("=== CERTIFICATE ISSUED BY ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
+                    cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
+        cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    printf("Organizational Unit (OU):\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
+        cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
+
+    printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_MD2:
+            printf("MD2\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    if (ca_cert_ctx)
+    {
+        printf("Verify:\t\t\t\t%s\n",
+                x509_display_error(x509_verify(ca_cert_ctx, cert)));
+    }
+
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(cert->next, ca_cert_ctx);
+    }
+
+    TTY_FLUSH();
+}
+
+const char * x509_display_error(int error)
+{
+    switch (error)
+    {
+        case X509_OK:
+            return "Certificate verify successful";
+
+        case X509_NOT_OK:
+            return "X509 not ok";
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            return "No trusted cert is available";
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            return "Bad signature";
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            return "Cert is not yet valid";
+
+        case X509_VFY_ERROR_EXPIRED:
+            return "Cert has expired";
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            return "Cert is self-signed";
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            return "Chain is invalid (check order of certs)";
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            return "Unsupported digest";
+
+        case X509_INVALID_PRIV_KEY:
+            return "Invalid private key";
+
+        default:
+            return "Unknown";
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+

From 3661c54000182992d486cc8645c4979bd4744eeb Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Sun, 30 Aug 2015 13:39:31 +0300
Subject: [PATCH 217/301] Add makefile

---
 .gitignore              |   5 +++
 Makefile                |  69 ++++++++++++++++++++++++++++++++++++++++
 Makefile.local.template |   3 ++
 crypto/aes.o            | Bin 35312 -> 0 bytes
 crypto/bigint.o         | Bin 94704 -> 0 bytes
 crypto/hmac.o           | Bin 10444 -> 0 bytes
 crypto/md2.o            | Bin 9808 -> 0 bytes
 crypto/md5.o            | Bin 19348 -> 0 bytes
 crypto/rc4.o            | Bin 6232 -> 0 bytes
 crypto/rsa.o            | Bin 25612 -> 0 bytes
 crypto/sha1.o           | Bin 13688 -> 0 bytes
 ssl/asn1.o              | Bin 48176 -> 0 bytes
 ssl/gen_cert.o          | Bin 828 -> 0 bytes
 ssl/loader.o            | Bin 38320 -> 0 bytes
 ssl/os_port.o           | Bin 13424 -> 0 bytes
 ssl/p12.o               | Bin 1812 -> 0 bytes
 16 files changed, 77 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Makefile
 create mode 100644 Makefile.local.template
 delete mode 100644 crypto/aes.o
 delete mode 100644 crypto/bigint.o
 delete mode 100644 crypto/hmac.o
 delete mode 100644 crypto/md2.o
 delete mode 100644 crypto/md5.o
 delete mode 100644 crypto/rc4.o
 delete mode 100644 crypto/rsa.o
 delete mode 100644 crypto/sha1.o
 delete mode 100644 ssl/asn1.o
 delete mode 100644 ssl/gen_cert.o
 delete mode 100644 ssl/loader.o
 delete mode 100644 ssl/os_port.o
 delete mode 100644 ssl/p12.o

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..03ba8b58a6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*.o
+bin/
+Makefile.local
+.DS_Store
+
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..3af715f094
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,69 @@
+include Makefile.local
+
+TOOLCHAIN_PREFIX := xtensa-lx106-elf-
+CC := $(TOOLCHAIN_PREFIX)gcc
+AR := $(TOOLCHAIN_PREFIX)ar
+LD := $(TOOLCHAIN_PREFIX)gcc
+OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
+
+
+XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
+
+
+OBJ_FILES := \
+	crypto/aes.o \
+	crypto/bigint.o \
+	crypto/hmac.o \
+	crypto/md2.o \
+	crypto/md5.o \
+	crypto/rc4.o \
+	crypto/rsa.o \
+	crypto/sha1.o \
+	ssl/asn1.o \
+	ssl/gen_cert.o \
+	ssl/loader.o \
+	ssl/os_port.o \
+	ssl/p12.o \
+	ssl/tls1.o \
+	ssl/tls1_clnt.o \
+	ssl/tls1_svr.o \
+	ssl/x509.o \
+	crypto/crypto_misc.o \
+
+
+CPPFLAGS += -I$(XTENSA_LIBS)/include \
+		-I$(SDK_BASE)/include \
+		-Icrypto \
+		-Issl
+
+LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
+		-L$(XTENSA_LIBS)/arch/lib \
+		-L$(SDK_BASE)/lib
+
+CFLAGS+=-std=c99 -DESP8266
+
+CFLAGS += -Os -g -O2 -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+BIN_DIR := bin
+AXTLS_AR := $(BIN_DIR)/libaxtls.a
+
+all: $(AXTLS_AR)
+
+$(AXTLS_AR): | $(BIN_DIR)
+
+$(AXTLS_AR): $(OBJ_FILES)
+	for file in $(OBJ_FILES); do \
+		$(OBJCOPY) \
+		--rename-section .text=.irom0.text \
+		--rename-section .literal=.irom0.literal \
+		$$file; \
+	done
+	$(AR) cru $@ $^
+
+$(BIN_DIR):
+	mkdir -p $(BIN_DIR)
+
+clean:
+	rm -rf $(OBJ_FILES) $(LWIP_AR)
+
+
+.PHONY: all clean
diff --git a/Makefile.local.template b/Makefile.local.template
new file mode 100644
index 0000000000..937027f990
--- /dev/null
+++ b/Makefile.local.template
@@ -0,0 +1,3 @@
+# Set this to SDK path and save as Makefile.local
+SDK_BASE := $(HOME)/esp8266/sdk
+
diff --git a/crypto/aes.o b/crypto/aes.o
deleted file mode 100644
index 2d10e6d61b32126958a595851154435673e62722..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 35312
zcmchg30PId|Nqaq_ktp*;EIBJ?-junF1VW}AS$>N;gXrD7Xifu2(G&cTG?WYnq`&+
zm2K9yEL&_xEiGHVX0~tEw|%vJv;4o`b7n3dO#A)*-{=4Q&+`oPnwighW}h>2&zwW`
z$Z?}=+qTSQThpxumt{50L5SP3`YD0#Ru?N#kyi-S;7Y*t7cS{<bRKVekM}r%yVb7x
z9_dlvJ@>(zFMq!4xBK$4`nWHfl-xFUO@U?gemZ7EUfkF2n60B+R?PWBpE)Zo=A*CO
zbJE97&Yo;#Ot!~I#JD%OtU{N)+U2fvxoS4sR!Q8<Qg2O(w`Or%MTxi6v%%#lbVaOo
zHK}w(o*=wUufA*jYjZyB`cVE$b%zhk%(ARAEbH*Qac}za>~~}Sj5z#~H~Yn-xt?Jy
z`o!d&f!e6ItlTp)1EI`o7iL}@8gg%DVBvMOmtHw!_*WlhH?!v08=|b$O|6=oxD2=D
zkF?h1c&&@$YI3|aeeD4L`t5`gZ%&}pj*PWRt{7I5J;Y~O)KwG892B~415(fQE<`ql
z^uP3iY^AGbH>z?$r>*qFS^hYv^5%Hw_!3^2+o!t=3iF!h#*KY<^xdvCuN<3_?!W1y
zL0LV!C3>6;H~sF}58inBvt7U5*J@X0^CM`7!d6!H?ly-@;%=L~V!dUpvaEA0Yl<hj
zWL>vd@4&2pzy3)7xEg<KMc>#!MqpjnSnuswb@03;u3}p({OkOIbvMV>J)E_DTm6yy
z<0>ADt=Sg4eOn-ZY9Mfbpzf|fpnt&1&CGvr6+FF@0<pQ7fxfE(Ljtjxnfa4e<#!GA
z@QlqV8MPL<*-%%vF0S4m>{#gQh>Z74_6Iv>1miP&owI`-{JXq~p54LZgTZdDV9JNV
zr0;`WUyL|d$KH#kSiQ^pR`>2M$FX5o;H|+u++*J@dE%3p@Avs#k=I!M7mj$7vJ(6S
zKB$jh?dw?Yj~hFwXY%T2+k9tP1;IprFkyADQ-&|zzbn?%*9KpFOw5MoVmBZcyJG9R
z*7*H8z3g3q{rz&?1-ml$_xC0Rkk|_)kH3YC$G8gHS%ty&g}%hqyE1zY>N#qPJJ&PT
zpE)v+=PtSb3%{@Z24AOWe~h~T6l~`Yw#^8($-cKH@$rFeU85FQF)^d^EUQnmgqwR6
zoZ_#mXp^7c#_MepySOfPQeCXS4q7XlWEVta`CXYq<}9n8I-_S=VWfL?6KjL7O=W~t
z;IjO_wsXr1BdwGkP2P>{6S1a?Wz~EV$lnxLml_z|BKpWTarNH>4j&GUvMn%R=D|SC
z!+`_u1x80VKk`^y{bPac+e3R%nHF5Yn$>}twSm!5F-JDX)o%{0TNhe`KsZ1Zm4W<{
zK*iF)=*Z|JC2{p7ftfRvW{kj@p?rV9n;fWl*JkHG$LpQM0XZaCvCz9Ta%|t^F|NH&
zAFK4Wi*fZlvuFC8h$(JWY59`_XSv7vOYZ*+W%B#lC2aQZj?G|wwebhr4ZPDes;d?G
z;IVAfe$pUU0or0@psRPV?&bT_o#uGo@9Pko?yVokNeX?W(AQzLFTQYZ>;_*#VX(ud
zc-NZqkBw?+Wgvc6(|59WdH45o;(y}zb<XV95Z~oXK^NWaOFro9_MtE7dtcY<;+h|c
ziHZF7m=)vh<6g7j82WI%>cjp*pI`Ukq>P|9!<UpD^yxmFdNA0>6-@gu*!%lnFVTlH
z(1%4nGT&l88v5{~;XYjG^P>0mOg^})_Xn2c4|YAsQQ}3%&8~|zW%cf^vryK;p!eXe
z*!`FsoPdm7`K+%I`}_Cs=xRb%5BmJ*w*Fm13xiz}O6p7E<}N7Q>zO&go3ZEU6j!d>
zzxyaUaDgvAuT{#`Uli^=QW)%9=<721wr(*oYbvZ$PS4D2(<?1ucx+DH5!GD-fi~Hm
z45!D&_N^OpT0ul#zbie%9k|(J9rPt;`#MdX-ZOQ`sT(3VrD0+l-N&^z$67ZvaOBmv
zeGx4ZADa1Y;J|^<!C*4`nnQIr2aa4Cx35`D;u8lh4%F0yA`xW4#$2;6x&=CG;scqg
z^Q!)-`fgxz;K<UreNoM!adDucB2*bn7-d@y9P}k0m=o9+*&IC=Q5*N&n&p9gO`0EB
z9Ea3YOhkhVF=vhr?DNDP$ze!NAUoJCGgEc>oHzh<1~Auc=G5oy7O4AIVBNK-x`evh
z0_!#f>b3^fZKQwTlt7>)P_xapHph9PJ``AYop)wVpklKZHx0}rnR(v4$h{FL-)1{7
z*lTTztLuyVM%+PPM{ieekLG?~$LM2d7)+SSEnTB-JjRJ~*U;yEXtO!4DQq*2BTs>^
zL-x~0Q?C9LQ_?|S=Y*1jFCOvxx)cTz4+cA@+~(Tb)7pDE#}fKQ;jaAs{q}d;k4dY$
zE7yZ;X3x?yo*7lI`hC7(_V^g5J00}-&>IiF7<(}2JLv2BdOO$NY0j9+JlU8^YCNXW
zFl2W7QV;t2eCX@_y{}ipm@4pfiHVG!ba2<vf?y|=-446&t$E&u0>=y=Rd~#Hd78$0
zGiwqC%zxvq@z<qIe|*;7P5tK{+Hv0R-#&wzSwYm?R|5lX9rRS@EjO<E;q^aO{Acj$
z>(h>1)bENBIZwa$`STN(Z_K!Dch_OxjJrBI`}aMkHBG&#r2Csm_b)p8=DY=KU+z}<
z>(51N=3LwE(AH@$oKyVJhWQn_`G0=>$XnCfjym)9%Wt?~-5YmVmp%SUvtK@%60vi~
z$jAe|J72kfcuUu=d!KOItuLK7WPM!L>9gPYV$=8ke(A^qpHy9QcgX+gzxrSJ;co*!
zOI-MV+34>&p4+L%GnbS<T-ah;{F4bsC!acY@4=<s>)x*aYsrgKf9&$^9epouvM>F<
zR<UQL)O<B#<{8y@c6e}1^FALhtG(*EE#KB1K4ttpJ%8H%?3a%XJ%7UHVEbO4m5(ld
zE%}4eHnS%AV$PejV)63t=aoMbuxI!B>-D=9?O*-edB2}E`pCZy-F)wst(El;|9MsN
zfZ@Nq(C^ldzdQGh^tPUTUH8Oa6LDRWRy7}fnR5TasPlVwOemXLS8&Q}J9_*l?Scs}
zTVH#R-goxg=bs!rX55s2ANY3LA0x*1y>R4juIl`uwRfCxOXiguZW#2_;}5;%i#_(k
z!53p%e>G!MPWz{CUpcJkoDNkpSDpTjzvsG(M}4!i&3n_M-#(l%q*-2M(zM;L++Dc-
z>W`Lw`s~03m%n=2o%1LE_(k!udzwDFq+4p@Z4d1I?A=h8u}`eMwBpnUOLE;mw+Qw>
z^N}^XI^Foeuh+(vzInyQ>pNfc`Ad_!zkk_Hmo$Islk7QJoBOofKJl@3F_;^U;c{E{
z3Jd);32t*OMECVzoolto^iZzGzRY#G`wGvM7;kj*S^}B1uuVLV%d+;scp~B1qR#g8
zg3V|(wu)%vp7mJPeCT%M>i;IUA{t?cioZ6Nx0byW3H5+tUj3Rnw#$wj1#;O<??b4|
z74eL+nv8+v_C%DHg)En+Nd!HcMhv24(<aah&xl8q)uaMp9uI_CQOIuk8LWtSB;)GY
z8xj#OQEb2v;v1AWBNxb`SwGtDQE$R-@*e)UbJx(X$-g1v&Lg{;&a1NAV<_Q?DqUo`
z$9@j{$hMkc&{^c@BK%owHCqnrH{)(;MI=$jxGnIB@wiX#09W%t_+vG{5r1tfVjaT^
zcpFzy`vH`yV~*+^<91suIKkW7SP*+Uu;miCn7kG1r{DcVHnP1X14WLT6@tM1L|$?8
zikHGU2u`+P913CYpbIN6tJT+xwu8A_3uo(6%YHBmaJO<87mL;UOv`>~1fn&EZ0pd1
z3OJdE0Gw_50vu-%LrW3(a2{kgGVm_^v3F)cgw@)%1b<FJ>$S5d+L`U_3GVgzk?rh)
z$o1nQyMBb8)ZWA7+Ivn#{CHMsdk@oT?>U_wtb`6f;g9{N>9Y2g_YmTg`cIbnL!`ix
z9AlbpcyyeH3b&d0RJs<^MV%#dh0=}lLgmab&NyVIW2mojUZ9-)jPoN59xH*xwF_-~
zH3Ab=y%#F(G|~xRnw?c;&9>RXT~e9#IV$xo(FoMsIT&a_WXO@|97JXeA|o0r%TWTY
z!$lpXHcQ%tJ=mVBxHC#T&%PYFLd9JSE8eNptB5SR_hSmj+Gd>FTUKB=_*4;MZPsFE
zx))T<rWCtNF5Tq|Lv&MiC5-<A7Bf~Q`2gG<QR}Ug>lj>JL#1Vw-C7mgy}qtG30u_$
z_qyt??20D1rn=imq!Nd0O~ize{1j!|D_vvYPO-X=NAL^|`yMb>Yb22LI>1iQ2^?9O
z)SHnKwfpeOZnq-}_w=_Nr*Vs;al6sjlRaoJOm`~mYHvg1_WA|xE=>Sm0`3L$W@sNb
zs?fdu@XFMdfPcd~H35)?sVp@Gu#|u$p0$NA4DcU9E}&-=U;<zYVFq9aVIJTs!eT&&
zW{~69KZZmznVVI10dq4Ee!CFpgu1AOp%>T{CUg<&CXI0~LTG!2uC}i*p<ggGz|gG-
zZO72_ZKd^=7&t7e+YnSrJm3{XNp6MY?e41jpMx9KKMuj?Qc3zX2;&I;5djUOIFqB;
zz5d8bt8EcP^$>ThfC$F;;gu>h2d&m^6@uB$L*bAKWx$PuE(s@;sS`Q}0SyUFaT2Pj
zw%Ts}dqOqUDxoQe(%!@ABVjlG*c)xT5N+j*(T!q^ZdCJvGe)mbJ*V@M5C-EWHAcZ0
zjbX-c3^T@Km@zAaxxe56VdnV0)=?RRMuSjj5c)K#@$GOIHNH2ic5ue`b&5H@uXo0`
z_j|OdJ<v9HVtdQy=qAoc9;ilgLUS{c2da@gl5RDU2da_09ByYM4^+zUgPS9HuyP%R
z%NfZ-^uWT%T~c0Y*~VQ{-9?RT$DO36J`;9ir5feNi7^?4Uc=TOf?**?c>r#-ejI|G
zQC<O|8WhDD<=Hy%1A3H?(C+$`-GYe1j(gd08u619HI^EUJy)Ystbl7Bd&GFVJ(Tyl
z9)5`}09OKv0KFO7=XSW<>+4sh?f_f~@6@LN_p}5&57-+Ecpb17MM?b+U|K7{w}24g
z55Q%FCg^lq39SHQS_3)(-XnAeRJH;11w^(53<r!Qj0LPCoC$aWpr(XqD7}MOzuzv#
ze4z$!SB_*g=zAbk4eK5D`6hHlI5ZoftRwpY`z8~5EF8)K){&tP+E1C#ot#0G=JOD$
zrjv*4cTMOiRHi~Vnb3#rKTPP;3{{iOeMa+6XR>M40U?+J)}de&%0wH;IbZ<XXtSFU
z>`XTKXfMtsK?F3+0eZ4IfXQYjM30+n>cwR9DuUVF?mRA`S|_1*!wGqGLi-yfq}C>!
zzO1&t{yiZ*tL3AR8D7qqXZ()X5pFMrWPB3-WZa9S?Ip1&0DQs9w;5M4-QcGde4VU}
zz8u0^1}G^6S@CUweb0gKJh-O7(T~tiQ4uBDd#1y;zZ^iUuM}&5n7LD+HO}tVqII;p
zMM8@>yH#W?+R>F{MMs|sFZ6JY7$}~W@I@}$S?(4?qECs=Ll=!~ZM$1UN6=}**`#?m
zY!F17!r9ajr87!6QI*YXJFhikMf<G0)@cxk@z~MPMpyIh(3Oa(r9~>zpl?ctyw+Zo
zPRod}Vk~h}?cp7a1dEUve@%7=D#lD<(s!X)t>Dx-r?YjxMxkxs6rpV|S#6_g(xIl^
zrK@er6~8_k-LX9@fhCVmMy7E${(It^oWwh7^$~fknOcG_MMO#mrwoZYa|pMrPC9GK
z(YYZe))zWkD#RO34QiaC>ePG<+L)TZK_8u68#KC5h@=LcbasnIL0d(##*!Nn$ZI`R
zRbmPUVRzJq<<v%xXnRt7%J%Gp+9`lzO7vL~^yn2~rK_^`rU<6Uesm*xssi|=F$&W%
zQ3BEf3kOr_RF|Q1iRz}3zE0NI3Ho(#veqv`wL$-6<ZwXaoO1-=f*LHx3uskgthlW8
z<7jg$<g(5kM-g**0k$=P)>efD_#3`DgKTRetsXE?lutX|@usEq=L`M$@D5*nK(;lB
zmfCJxKiHFMP3S;C7L3aZ)Y3j52AQFCA&lFqT3JiD)bXd~WO6z!ZkTLq8c1CXr57@p
zqrEI9a19J{K#ReVsEo+2o^T%Sg#QCdWa7iH4mkKLtd2_m#8YAAIS5a69l>8pplWFS
z3DeqIhFx9LV;u)2Ewy}0EMJx73#VZ+9?7R_mQ~B#{|<x3P&O6V)?`{v3C;yMS6^68
zL8lup?(Z&F87iQ~jhqM7S`bcd6@1q#fyuN!rjWJBu2sO<*qSVLtyJNao>~HBP%K)1
zDgThCmSC%R6HUA;;q?l=tx2>f?y^EARPArCQ^5taZi9)m7FtWKj<sYb<^)>r=%6Yq
zrI!2+47vcV-(dz@m5inS4D6P;gqWVR*y@-PvLX@S{B=U;6%I=Y*T$VtbFb1`K<hD>
zNUKWah3w>|fEIroVKys~7xFJKC?GB7#rscrNns>Y{wE>*G>mOcrF8%%(urJ4c9NV*
z>ou4jND{@*ZPTVpS8r1LZa$TR%&;>BfzZAT2~hk^nB@N{%5q1ZvaHpiC(ZhCNv9m2
zHWaCL;co|%PO9bajS+5(g|cKPR8Q5c?sL(Bj&IYjn&Z0xY9!p&$Mu77oPSQ*v@)Ca
z*8eK$<MVX#EH&<$4K0mQoV0hd%|$1W{mXP#bWT<rOVH_`+NPmr@@I|KYA6@b8m@3M
zt$iLfb>^BrOv%nFcmk~|CpeS#3K-j(LQBWWl(CXktckRAtel2elSQl?8OzDaBwA-F
z1=DC<4CA&|RMZj}HIg@w%*5Jyow#uuRn0KN#=`KH@+f2|M>gU7G2;*ns*cv{FdhrP
z!PJr%5e1{w2gV5?<v0PfVxZ6oAoYhq3|fQ20i-MyFp(Cs?Zl`DvBnTX=7$2fYvr0?
zvI#Fml5fLs{=nU(mi!(}zO^2chQH}KiR!LXZTXeG%<9`QBWXPXrZ)~qS!SD%8OMcS
zm{7A!v0kOPNTo<-itSFEVmRI;$nXc2NXv;w{s6|d&M~Sfa+4BSqEwUlt4l}RJWcM7
z%XclqKY|f;Mm0~sMB?XV=A66-25L@L$XbSf4P#qpn%uCNTPd#sYGfHX`%@#?Rt*(i
z4!w;2!5+iT)DUwj6~t58Dxl?qaa)z=)e?SGj%C%g1V`P}hBj{KlfOYN`>j#k11Y<$
z_1mj^1DqaqmWikQO$kh%a6@O-*pCqYc(o9Iy!v=yF5)QtCQK7>WToY=rQ-vbDD8m-
z5}jWunM!*4YfUz7>n!G$1wv{&s|jsknxZ+N3sLFn48sPZ_J(p4usAxOJ7qq1hV#iD
zUk(##tyFD6UIG(^eznBus&p<FB4qX@Awp+8jQ8YSYmuXjQf%+OC+^=T?U{`R4ZGKK
zFsAd955gp#Sg9Uzlz3IdA~P%h9LqE)2N-|Jj<lAmiXvYN6NOsW6-DRuLWJy8R9J*g
z4xoRisKri2QHr@6c=BQPzpE?`>1{BPxcPCkksp9z#&ylm`LGZnGkqaqvV)ADY}6k&
zv+<X}*I_VLX}Pf*$H<|@2X1oKrR0Z7assWV@e2onGie`yK`dH2R;FnX#`;3Vnn+8>
z%Avha#X5(Uj+G;0Ia!%R3wvVdpGGSSM&0}fOwioy+911BW86m7BanL%h7(B(gi}u5
z{P-K+wJ^B((YgpKabr5NvX-;~1_88~mJ?u7a$F`I>Y)s)j1rw;FwN6qwq#8v<0l~g
zFxb>uKSkZ4YUz3zrVU0WR<`s`!B7l2os1#;{V>(4cAHzm70wN7rM|~uCG_`rjPn*u
z_CLm}4)>IGLg(>$pq^i0&a$dqCJ$E%dGy(nW-jG_mxQUw;YfxR5{VJZp+G(a(+Wca
z<-{<?;L}w@e-^X1RUN)tUfwuc&Q76GEK@NfP9E#TSw?oa1Z|{@HDjaU&-`zcowza^
zCt&JjDiU()#hKg4EJ-V8<AYsELzkgHe`)5X=)^@yX(UfsHZKZsvMzSg3O-r$HcG%0
zVlfh7#&J`<ySkzCvl81Puc%z*FPfM^%pSLdC#kOEqfnepGWEYI%?bPW-?C*2v=M2s
z=FDBr_}`=RU>0P?pM`IRyhUPr#olfFk7EAdPwVCeKu&~Q$CG!fT88tfqlrW21A?Zg
zDyMGg8U*uCS{OdgkqJ))$Bm&zx#YuxNK91BJz3}SWc^0vvK#c9IAootlg1Hw3XkjK
zro3>Tj-lq*Nz8VDtn+ljrewYu-b>}l*+P(Yo=zG^<SCr*<EFrHo?OTS#~^=IVR~ep
zr*Iw1>DJ`Qukz%?A?rMyG>*tqIN!(XH9hQV)Dv%UE~{TH?}+<g+?X9|34D-?-<W8z
z&nW+%;d@uVaKUy!fVWiMLaAh-62`iG31Afr)&aczF)n3{jz(+rwTO5*3}k8XwyD<W
z=FX}d$7dVD%sn%JjM92Y;bdCuziQ!4U{)Z~kfU>$F`dfJYLQCA3OgDN#A(CqcF1h7
zf&a}E!qzm|=Lq2q-1L4jd#Ly1iZKaNgXzb}Lbz>@>u)EWtQ#%F`8<y&GR&fwJP{@e
z(=G0fOpDGlg$S8_R*2B4Gk&t}_<xb{lc{Kwan6Cf!<+ey%xs|U!n4A0GnFn6rF8S1
zO!CCHMN~$kEbw{e`7maBCtm>*g~iEvPTkSDUWkxu8;j6+2TU`>T0bRHr9d}t5<(N5
z%(WCV{b&=yZh$fO6EamqVW*>aHgw)4M95SpM2xok5cIGTb?!psXJELO(0f2SpA{lx
z-spsg(Z*vl*cIc#5?^0j^qPx5RLw@vT$lwg6)^nyi$6y3w;yxyhbW#bIo|&m{CSFn
z+u)Tj=AxemhC9tSgg^HNkD=gC!f>a-b-&CH*Xrv|;Lk~bi}Mscfthr8IKXAS52tPa
z(V{v2syBsfxMx)^tq7G{X_KmoE348<XIGZbn^PW|SH38%qOyE$@vKl)T5(mypo{?n
z(t?#m3row&(+U@s&M!(^5S&$BwIpqEdF8ycEGHy2SW%HSqP#3rT!v_4f{TJ_a}a59
zu(H@FnN_~PU|OiWe128h5=d7C`^;aG9vIN4cz(&>Jxa@F&0knljK|`|RjKOKa#g4Z
z=Ok0-u+f|XfKeJe(uEIZ(jB(#wxU{EwmUM)gTEfdE23QBC_KF7U-C*7YDeKDsoRCa
z8hAMBae)w~NQG!W$SA6&w4#+^YLIIPZSZTLl~Iv8uIK+l8q30IGz-%rRpRDRQ7Ca!
zRqiEGO%<~~Rzx*ZH9>Yo#o(`-wSszL4XLs@wc}Q0f<Gl~_1CFgRd=XwN1maL<I>-y
zLeEowZPo}hIDZ-HXs*_p>7(+18n+|SsPKq%M`#TVu^gQyKaAz1E48_mPA6SQUZ!G7
z<m90tR|`}Pv{&_38r1}v6I3nPQE}kNs8;yf1cyOPib}KYGw6Z3r=TVjsXQpMqj2m<
z(F&zIM%95wwakjBXy|ilafK?YVYY_Tvm1JlE2@RoRIT#l)-lo`Ylp+!3{&Y<M<pU;
zzp6`AWm`C^b%IRx(Upwj-fOFZyLC5k8k*gvaYZ@R#lNOO8+;r|<KNI#oDOrIXkw>9
zouWFioI)&9MTt~7aoB0Z2vu4CTB&O5Ra=$8iRX0EyPVd4&5ml1oNZI%&i%R_)h?WW
zNA6BX?hQwSTWKweiicFZnlh@RV!<WMg{ry-tE2oHZT1CSpC(upO!=Lssx4Aw-&U#?
zC~mF({*6_f_Tjd2+R^EwPV7CFYP1n*u>Qa7BuT19Oh@&EJBc0DMi=iq)jeNvx{Ivj
zzq3cpt<~zU31zc88IIJU&K%RwP5wSZIB|_XHJG|!EXUvJGRstxIkS%JR#M*SN=}#g
z-RX@NxuO!F={Lu9u}gJ~Ume#aF4X~kaa@<WqB=tI=kruTYh9{C{p5sQ=D2=zTvs@f
zf1k^oV5dw@zNC-S5oM^EXE_H|t7ILWPPrWoZZ+=|u{XNCYP?pfUN)U0LiMJ5tD|~{
zyDDyi%Cn(^szkJ(>Aover){D;EpL;hircHdrOb+okr3`BfA6TzSW#UN@zRxQ<b12j
zh4~U|4&1(H;C%j!s*p9myll2t{aIL6RXV$@xX8;FAF@VHm{C<6qLhV$<mvpAA%rQT
z#b;q<VU0d*l6Qo+U+SRL3~!$W)Hf?Qe|{CXth`UCcuA;F6;?2%<z;>5mxhWfgAAJO
z?Q=S;(-8y9h+(q^5BBycfp}@z{L-@GJ|zpwRE#RFHfEGo6_zh?GGOvoRIFAU7M4Px
z^Z_$M7LJY2=$m0xmM<(Ts!~OmRXA%#ahW5=BF!o<TU1=>6su8rPh0~dCQh+%VwFk@
z5LKxhe|pZy8R;2=tfF8jXjRQAuMBw`sajCHU{=LaC2NwdDqU6_T3S)8mq=;O@`)K*
z5-MF#9M)@vcs`c?DwT}>11zlSP?m54s<O*M<#Xoiq*)oNDUpP#iM|=AiTTB4vqN(%
zCB2{=D>hYlREDXuSqm#GXH=FIS>^MKX5f_YoKSh$d=-BXqO-zPeV<@4TAUVK62fY+
z80V8lj~Fq;+kIALc~upckbO=Y?M+Y32&4vjI9)-#=i|jPkSoF|YI!*$udJlpnlxeL
zjI8Vlr;nR7apa6~c@sw#WR06JEYK_~J8xJzx+t$A$5OUhQEIoRy8{WZxW=T-aICD=
zse7F6v-~hTO2v!*<aikRXTi+UycPCYnt48m7v;&6qx`8*&XZ1L9<t)q6nWr5A)Jv_
zdEiMQp3k9-?Q;CcJUzsV@_gh!6ily7{K<vwhvAln$5Y8Sfq5p0%%_N_Xy&1RCe6I@
z@#yK=pQrha|4gtcBOl@MqCA;L%&7AkFw`o4KD}by(SHZn=;6a5BhN=@yr_qq2AlGH
zDA`XlpE>fP40$wc%J4ZPFZz>Dg-w5M$#~J9j2)E9(^FuR2R>rOu1d+9Z5`{7&wxxF
z^5pC=EyHb^Da$l4WtbL!=1JDf-<WtYU2+gMWx8OSX43V7c_NwqL%=TBl;=AG?X~{|
zA<rK>I%)rN!MrF>HvZhy^P)f5=;t1r7yZdbp1WmU^e6K)8S|5X3NiWQUOb@v`8!pA
z&HQzW7vqvmKjAM{yy#ChZNcp<FIr?)5zE{fY|`S7TweGw4`%C2d2^ZZ$UZ~%G60d4
ze`?jz1)*S}m0A_5bnH2XDvRd_Q}x}zN>wi2D6CX9v8EPQRl&F1aj4Lu;=+ZqXOvV1
zF=IONj!!9PlvIa<g@u*Hiy8&bFQ3)O9jpwN%`T>LX26Md0x#Z!j8<gXO2vkG0k+dt
zs<Tf{b&^#|mV{Uktq~4v*eh5I|EtRjDb}@ab~UbwL`-yfb+LaNrpKVMXg5S;zhQia
z@tvAf?Kb+Zh1;|nFsy@fqSTj(ldF8UhWa?{jXsWZ>eo|&^@41C9R|x90>hyHNp3h~
zsE_@O7xj6K18$Qi9;Bt5xxT`Efn_n5ksA#U!wl<(LnUnxk>y~1OgW~5rM?SrIJ^eN
zTqcb71F0`}0=~n5T_yGL)@1a}1)DfP%YzAm2R+PX!p?(-VTQen$$lm$e0`a)C2-4h
z2c3fxB9LRcyr-FTF9(}AKx-Io7+!+DOxVS6OMN)kX(hpr`daER_LrMrOdOzf4)oO%
z^ku@fz%BLVLf^Frq`o*EMtu*!m^eVI6FSfuHiW)R*u8K|eTPv2IVdRgwbo(OR}aHD
zobPzug2{dKarMmb=V7GW7ntPyjG!-u(Hw%&)1eB9L5Ccq$oWGVUZ21iraK36q8Q<@
z4-h8Hk+jAchb%|D4r4iffRXyfL0`QYEF$b19S4@W0?<b}>f^nGX;B~RTtv5GMp)KS
z_?gS3MO##tbvW0u4#Si4bvqd9i-kcKZ=|n&3|}yAxQxCAABUvB$NKJ=40kuuNd5XI
ztcBcGWVkJu9~&-~%}b>)baRd6g)wfTx!mE{j*q)h3o$*8*oMokv`aTfR>S31BSX4b
z%MF)X^-Sqz?iwy`-{j?1HQeCiR;vi<W)Eq&+-Tu04NlcA-L;!*&sHcA=VNoR-MB_H
zFC{Y^w*|G<+=E7^`)nf&oASZq+_T~4x{B}9Q(phLt2R90jX=W|Y{m?1D5^^Psx5`t
zB8oka++vwshuH@?8y9D<VZzLgMCHoX1B`vraH8N$!4$RGfpM|V*t#mcf|JO+apGb<
z8kyc??az6|W+J#)w?>9@g7L?c6ZX#$oJ-bv#tHv?;XjeA^-mEp(}e#_;m=~ULEG`Y
zgk;T_lGW>jZFG0MivD2M)9+e_`xG~f@sAVSUhoB)*%vO-+y;E9W~RRa=~EB09fK~x
z{BUhQO*0RwE!51%D15=2GB?8BuK7{e|JKY$DjA4R8J=!js+sHm$2D`0@U-SukQs!j
zf_cb99v&kjF4we)kq-0m%0SIL=)>3HC^HpyndZf?*J|Df`&P~Oz}~I-dD!vL%eZ`C
zy;3uuO~0s_YvWiL%5eRhu9^D?-mB=(y5ej==Gy8a%~`N{uVYydO>wmDx4dUj{!iF6
zWVR!x5yPizo&>u<^Hzw=Bts|rJ~^5Vhl}s0Fs=>rmuBuyhrmsFFJ#C@p7&DvC&8Z_
zt^4z2`om<xoUJ(sd%9+}-8wSjc1K*Y(Ya0gbDWWlPR>cxc@xYhnh(L|qc{4qZ#2<d
z5B)qjO#hj%OEq&p%fp%U=N^{l9m(9c^6?#+d)1#cABFv!X6~KaLN8^whvm^(GW%wl
zW~MuejB;^qAV=%*TcBk)7N%<%&KYD=c0P`zPWJIdnz_e6pA4OYAWt?rH)t95{~NW;
zP{@#t&cC#O4*bc+KU$BGT=<hsJ$Ix((&Qewi{@^y@d}^vXMY|;Mt(SNk&Vt-+Mjb6
z+2~wKf9T}?nqMj)bAQc46J+iad02(q6n2DW?p0f8_QLM1nR{xUC!jp{(K9u3@62cA
z^yhwglV<Lb`LLP(+!vp!$7T-fEX`_Pui2d6pghO)a_!G^BwNTRJLhJyX^T6w4Ck5q
zwagUAkWKyYlqq#`ZrHDxzdyWAhR$h_CmWrgXc^8M-)otfkRcnLa9XXg07KKNdo-DI
zGL6lJ87>ZQj%i-(j(o#}mk-8pcg^VLs-IC0`x1@OlS$Tb*`FAf>xW!2<k=r+jJ&#+
zX?fNc<@s9{_eq9>nw!DDf($(&*fd7Z60+8_f-+#PJ5~w4MDt7VM-yAN-k-&gWAO(U
zsyNJ?Z;d~<R7OA7%GA$`^<#6xgNyZJ<kJKX5IjsU*HT8F?<yE(*$vMWJX<j9!N_nO
zZJ1>@e39S{f^QJKP4Gj4dEYmBnxp*;w-(${@JPWk1Q(NaU6q1Oy{)7_D;^i`ABL|N
zTu0XJg3qjlWgZs%jNpTUKM?#0S?f6>{CWQ}>GHQ!Bh#F$^QPWB*ZH3$WO&aq<(dIz
zx!BJ`^w)7$3BFSB4TA3${FvbVg1PTEI^QSjvivHT_a5V)D46#)<Igp?;mv~U$k4@$
z_dAw_V~}eslkR@OZwY>%tn>4Q@c&hCbBs45!+WAhD*$F%{6@}TAv0FUOd{j0eqPgs
zOqt-7LVh)vI{B5HwL<0wA#<1Dd&yeA`i)q(9p?^H_7{cB`@;V-!QTn~U9fsPK<kXb
zJZ^Nh72H{Hir|3Y!DN()*D$iq^LQb1rjR*X$jlQm3xy2txvVR$cP<e!R|%O-T891N
z79n$&khxdO3_-bf(qH$7{X*uD;GYDy!9;Az6%S^9RzZ)C{#s98Au~+ybiq9DX5_aB
z&cuDt`177^c$VO~WL>vqVCI4Ce*yh<+ieuQRq&l;ozDk^|8Bvb3Yi}Sx58S%q}vY6
zba4X0>Oz05lY0Rpa|&6vdybHqD7Z+-&jC|s5IWBlGUp4K^@6V^YyG#9b=mI`yhF%5
zBm7?y{JP-7f<G7hz2H9tdvI?z={6VKPH-2&-36x$9wK;z;BjQ#*7;;z-kCyXu8=7M
zvkrTpPpuR(7Ymuov<%mqTZGJQLS~zmIR`S23Yn*c%(GgC>(e)c%!fke6D`Aa>(4@l
zKSh~xdBDsw*R!$o*X<ZDWD>Q^I`qeG^w<4uppeNDTqt;z;0wV_i=U*qg8o`hosiik
z_<6x!2>GAM=m+Y;y3FW_A#49+;h!P=hYJ6hf-416FZ0O@Lp#h62{V^*My9=BZdr|g
zFTq^n8Go+v4D(rq;XJ|P1)H@lywnTDMt-J{DH1$SaJgWv{Y>2Dg4YVZQt&l`uM>Q?
z;O&BU3VvMh9>Mzr9}s*<@Y{ml7yOCfF9iQ4n7>_^GIA|yn7=_8ju)ILn4fYqGW=Mf
z;Zp<;7d%QZKh<gE&k)StN{oMz;5mZJ1y>2)DEL~zwP4fFw+jC|1aBAofM9+K!{mpb
z7&QEE!Tjui@#jYy40CO4_-n!63Fg|^$TSh$LNM3KMkYaU7s32crIE=He2U=Vf=3A+
zBY1+~GX<9jo-6oV!3zanDEJb={H@94bEDuo!CM92CHP*!T+bUlPYLGnapTW*zF~fx
z({NkCT+bVSui)N-1A+$%K1J|o!D9s%2%aqX0>S*=rpd#Vg8AF5@vjwpi{Nd7?-Bg2
z;12|IzhHF637#PMOu_dHen@a1tb2@}bip49{!H+<f`1UquZ9{ue!*N582>(k`w1Q-
zI9KpE!94R}^qeVphTvI(=L+U;(IzgxUTS!?;7bHwF8FG}n+4Yi-YWP3!8-*%C3uhE
z{eoW-{JP+`1%E2|OTotkyRptNWsDZwQZQdHG%{TU_Y|Bec#z<sf=37*E%*$<lLSu_
zJX0|D7bZVue}P+?dMC~JFBLN93+CJ1M&=5^8wB$=Mk7-vnBR9b{yPNol@sItlwf}N
z)%d?6_<h0u5uAl}nUNnU_zc051oJbpM*cj(mk7RGFuyiy<m&|AEqJ@&1A-3;=ErJ{
zo=*k;Aov%-?e!X)ZImFG-?}w=QU&)HJXr8Z!FhuDsa&IHn&2YAa|D+Qt`fXVF!v@#
z=S70o3f?IATEVq~ZxOsh@WX=nIZcz+9>FgNJ|OsY!EX!Z2ZD_ro`Es^i(r0!)A*Zx
z4cnzD_6x?J-xoIANig>{#=nPPevi}m4-uRvc)Z}Lf~N~E7F;U0Qt%?d7YM#s@J7Mc
z3g+iLO+IfCe7E53g83<BBma!xmj%Bn_#?re3I0*=uY&n~dZVA;)ij(gxW8b2yxGVs
z6TC+7rGoDkyj}3)g6jqI^Up^AH-di`{FmV7*asW=IKiC+`veCB_Y*u-@N~ia=(N#)
zyWkyy9~Qh<@P5Is34TlP=Yqc$%x@u^bh`*n7Ti;Cy5RnT`3+^GCr@y`;E95#37#o<
zw%~b!`Aue{zgqAb!Iui&Aov==HweB-Fu(C^^gk&0al!S1_X&Pp@FBr(2>wX$XM*`P
zX_Kyn-;)eC6&xd&pJp~PUco7XdkO9@c(CA1!8w9Y6I>veUxGI2&JkQ8I3#$v;A+AA
zbhOcPmEfBM-zxYi!FvS%BKQx%Bk)6v(LY)+zf^7f?-%@};N61X68xUvSo}t1^t2It
zj^LnRei+-x?-%@<;I{;SFZgG{emq<>dXfe6d)vnUO2Ib@zFF`Sf_Di%BKSwa{EWBJ
zKT|Nj>TUd&2<At=jsH5qTLs@C_yNH?1-~Kq9l@Uo{z~xgg8vfS8HZp@e*A*@>2c$K
zn&7E|rwd*wc(vdw1aA<0zu<=i^GoL@-46wSBlvs4t=crmw-f9aoGf^h;4y;vVRe)4
zBEhQ#uMvEk;BA5*68xy(w*<c@nBQ?X={6JGN^m>DT?BU(+*5F>;DLfq5zNoVn{-bX
ze5T;D1s4gPBe+~}mEh%qs|E8b^(Nhog0B}`EBFq<cMIl6?v0*Zf}a)qg5XyKzb^Pa
z!5<3#Qt-Eee-`|^V4i0*`N22Q!`wn}E5ZB@zmZQ7+*j~G!Td76k*^Vanc#JT9}@hi
zV1C2j=yBtRc*89Pw-)RdoGds)@BqOh1?LGa7hENn|24qm;c>yw3VuQG_kw>G%>OT7
z^b8j~R`BV9rwc9=Tqd|u@G8L<3cgzKX2Ev|zFY9qf}a(9NbnniKNb9?;9ms)A(;O!
z!PG-L!G6KXg8K^|EO?~gJi++6$g;6-;f338__-LSv~ao%GkL&IhGE9f0Aa=wJIvH$
z<fR@IE9{>rxVzxqf&+s43C<LpBRE&^IKfi{PZK;-aFO5&!6Cs*1oP~WDPxV`3k0td
zyixGAg0~31L-5^#w+nti@K<2-9P<}2pDXa<GaxdSaq1khdfotz!gC6;AKX%N61c7A
zbZ~;^zF?o`f#4L)d|sEX8Lv%Pd^SX#Szw-PBC}0+R+c;(e3s@h;8~i-gBNJd2QSt<
z0lZ4{Wbj(eXMwNQJOj*UK-3=u^ULRCw&4!Vv%ybjo(tZmc>(xk&1~nlHCKT@*1QP(
zt>&fR-!xZ)`Fw|ItpfAx6Zw2F`vUnQa0kt7e?HTp|5e~_ny&}<(#-Q^>6&i`57c}o
zc$nq~!6P(33eMB~1epI6jr!}sJaa|f4L)1*GvJ`+ec;)ep93$@{5-fy^NZl6nh$`h
zH6H}?84&fq3SO)E4e)x+d~Uf(^Lt>P-J<*l;9E3*3cgeG*I+&aqRbKSgPMN;^LY^c
ze**8){44kc&Ftf^XtvNkJoiO;p1XfvGyD6;n)xq0`G349!@mEW<~Z;#n)$BUpPG42
z-;L)il;_z!yzQ@;&rA6ZF#S7&`Rs|zv67%U3GCCH3{KJ91KdY5|5I6C&1vAln)`!?
zYv$M*sW}tO=TJ;52YiO+vEVZ`^I7XTnoGd5H1n(-&ulX;xm@#d@KVh@V|c!1o-yP{
zb}4@)c$4P!;F~n_TkN-M=Gnl1Y35ltzQfG893PKpjt4)bIRX5PW`1-1dCflX%bJtH
zuWRlP<})wq<oNhf^GNV_nt4Y47tLpZ|J2O$-c3ACT>jrOJ|m+Zo_UMcya(J_GoLpm
zX?`2rQ}ZX_bj|EL{PsEZ9D_Mkvj=JBXyzHiF`D@fMZRYCk;$4ngQsa`e<{?Q1fHXr
zeTV1wm{w14NHhD<GR=IRS)-YKYK`Ur;L9`*0`q)3^$Y=Dt9dB+M$M;!`5)CNlLg+U
zIS0I5GoOp{xgll7fcee{c|3Tx=6o>Egwdbx4e$&xc?$TD=BePfHS^r%hnm?>c~+3}
ze4phT&8xsaX}$n_RP#k(o*Se*-+5`Kc`G<pGtXwW)6B0a^P9tzuLmb--UIHb`3*47
z6H?|q@Bqzxk720h2&A8_neQ?1Y$4^@r+BuI%rkyGPe#rH^K2oReS~KV$$Y0_xn{o8
zuu3z}a$cml2z<F_esYax4jGr9UfZmB0k~E(KgD*ZX1)WlLo?3`KBAd@;VI2mgZaOg
zsgv#hg64YgLCtK>H#ENteoyl|U_K*eT%Py*LNnX*h~|&MKWqL1d{pyq;7BY$8TSux
ztY)6;Yp0p-Pw+h>%COz|OqtAc{(OIdoDUwLnf0BinRPr`GtY01*SrGE=g5p(4L(cr
zYA~N8)Bi$nvF3}x^E9so^Subl@STgrnr{X3EE@gq0P~C`c^jC|l*w!d{+Bs&J($mw
z$@{_lH+19|!8d6>0OtRpqyH=5e`$UVyhHPw;72sS1LpH(%D)fhyBXvUz<jrg%(i-2
z^QT}wU#36X?On}Zga4!X2k_^bc@~xb;g0gZfPd2b8<_v_j{a<0yNSccz)du}5Z*#F
z-$`k!IU1a(neUPD88r3qya1m;lZS)THD`nQ44VFYzihZ>o)sLWnQby&GuvdM=8fR9
zHE#kJYQ6_ts+s2i%Qdsk_$^eX#X94AE9669zL!E~{qeaonP1YpTr=zPD$R$%n>Dju
zYc+oYzEv~p_%6*~f$!7I`hHmR_uwZq^Q(<}H2(#DPO}F#pG`AAtb3j{BsYWowr1A%
z2b%fr&ZnAr=J#vOtfyZ!7r}O6vqwEV0~w>4=X`k<m;Tp)y_#88zS~28K5yrLb|mwi
zo&lO!)}fkrg0nS02F}&|B)CBH)8J{ES*AkGe5Z$Jcd7q#aJgpYeUaw&u=xy~GW-nW
zD$UFzFB`xAn#*tu{UOgQ9>#Ez;DF$vf^!8=6g*S#e8EcuUm%$K2a_)MiH7eG%>AJ8
zuNVA+V6M@P%twN`<~IIE1@l`L#-D3q!(PGaKke%J86^C<HZ}73f~N`Q**_x_5?mwr
zGQm9iXXLjE<{3ZZ|G4011s@W8SnyYZe-+I2tI-)NI8ktS!TkjD{Y(>goZu;fiv(8)
z=6k*-F4wGvd8W=V&(s-K@4~>%Yp3vkTJQnE?+E@(@Q;EmtZ$5dzH4kaUNG0D#-Hm>
t!(2xi=Knf2JW(*$dB$J8UxT!HEfM})+Zma4g13<Mc)dd~-!(P<{|6GZl&Amz

diff --git a/crypto/bigint.o b/crypto/bigint.o
deleted file mode 100644
index f693e65a52a047cf7f70423bfec166164ec7f502..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 94704
zcmdSCd3;pW`9FT|otZ4mkPyHC0y+uX1hY&QARv*1&9EsX0fPp{2_z(vjVvt6rUi=?
zt%z$ICAhCutgTqB4YVLwP;sla(jvAhRxD_>&?@=8-_N;c<_7KO^ZkAQ`u*<fb?&pA
z=RD^*&w0*rx0!WQW==It)6j=$EHt8&VQhE^IWEJ<6M=wnzA;FP+MI5r5M5ne6Dq#T
zj&L5E+qJG06k&vE)3-So%<pv2-#GC96EqzS$#*v9e<(zonN9Jt?fSlAPI*WEdh)-o
zJbAr$o!Fmp&`Q14^<GkZcJNLAnETE@k(xB-J}WrHZ=@#qgW0L+uAB<jk=!KM(P<cI
z<5SzMKit<lf4qNI=aI=t!PE|)OJ&7nzfocBOL;e`_pV+&PZ-c0pZ!svgcNB4iYlqi
zZ=A)5%Z|v?mi+X96`$?-rYoo23L8fG_^XD@PVER-^KLaC8j|eIHFA@J!R)Ih&7Ry*
z>^{)<qalCKsj%X*Gkp6}w4T@B+j4r@Ve3@R{_V%E-F>Td+!e6$GfrI6G0lwMapXYf
zl&`xMBo><=4eA*v@VUlXzTT+|tf?NO#_c^&>zOfm#@u=7U8#euBS$-rF0kTuWc1v(
z{oO5}TzhI+?_EK(%rJr>7=2>)6;qmjd;TnIe@d|B=QTN(|F)?urL%K#{?LGR<;5Md
z4|LM0Zwxi2{G;okL5V)g*JohriQJ@@Z~fQx(BbP7m;HKfFR=Rthi>iWxBV&mdcT)+
z%#6=I4C9}8KmUtjUm)F^J8f`IePZ%a<17yrBxLxE&yzeKb{#pAJvG)CWGPo4w2ovZ
zAwyBfOB;W*!WB5~>oYbzF5BliT49a#4NOft{)w64dpF5;pv1(!-mLw-q~lim`+@Oq
zq}!dB;ZwRc&pOz1>gg`yy)*Bf7ne=jKQWc}4fcDqA2<G`E0CUT7-M?7P!Vc%_LD7_
znrc{Km*+4fhxa}^T+r0G?6mZ#Z8InNddFw)4%=<?4LNA-`K&8H$LCH<pXT!Qoz}<0
zBHvRF<7(qOUHR$IIpRBU35WD{)`K=+P~;CeYz2IX$2WDkk>1>~=^ynOlK*Ysc=6zY
zxzl{!)cu3Uew%juo$qvva*gd6+b@AsXu~X!p5X(?Nl!@r@a+DSoX&K=@->x2ecL%U
zJ7=qPY}ddK$C?ER@hA6x@ZO=*JEo<ihCNf>?<&rIHz$8+T2a9L#ZcFtm%B209=Rk*
zk56Ch@ty}`4<`l^e6Fj%IF?kLvcNU)fN#Kv3FbYnK+jvlF{;A5!XvY093FSKukXKd
zOt>{6VE$zC8uyIPN2LEYKPfP0TAzHjAW*dDcU^HO_kHm0p-*<5+R=MgVb2r2cXdqL
zF?RdJ+bkIQM);iRZ;s6_=xK%f%}?1KPM)@`cFxgo-!H;_Qo{)w4|UaSFW!-MD1Ue$
zW?x>-q2lc|ql@!u!xO`CQ(o+<*|FaY#N-d(_(E6BA)hNS`p7Ihj*C+`l4|A@=KLTS
zZ1q-;-I7*RyQ^kS`_%lR;PB3edM6iWU;I$gsa?UpbWX)OajNLuIaARxAikb8VPD*p
zuXWU1d*$(tjD!=1JCFO`OFEeNtrbY|xfZxaq<bn;;>X-EE|4(rz>nVW^&e4S`r>NL
zKw@#sb>T$ipG_xgl166C=o+`_m3h9tf5@>Wb{KF{_K!BeMZ<oP9}X-F)^*$vQ&Tjs
zy0)msoKanC))b9+$clNVEAT;1N)I~kgZv!?hc-UlWu^4nos#@U$~i|<`hJnpr}wTa
zWsXtt;_~&0&))MA0z58zze`7god+j#knVZ0>#&uRZl$Ih8z1SK*lq<1^2cLt*71Y+
zD>5r{d>%PgblkN+oR6UsNQhtd-kj6fhuxkBy8=D)Gd4cJneU79EX@8!SJH{XY^(ue
z9x%VPPMpZjNEkR_PdlRO#03A8_O8H1#RUtjHHp5syF8dXS6o$l)h6G-CHbb$>pS<(
z(WbA*4W5q2{T=IDXUv^3dEO7d^>+EQI&SD)&{HBjBVkWRSKP9F;dkeJQgjLvs^4z+
z>!+7}>q;~8hXfMickJK(-j?0ltireaC1LYuIBw%lU}sK-<@pKhDDdss+Ep`QQ$cx>
zFaD93m2ut!O;>l`a%ZRSygSEOM>`DPz!l@HXF80#W1fD=|MV@bGpc87nm6;?&7QkG
z89n#h)m2~xO!PxWqUWxzxE<Z5dHDF4d12Xc_tMF;%kJlNFgqtj-2GtJ#9J-Q3pwzy
z9$el_-Wh6U^xU|$tNVQDvvM+A{u2N6)wjkP!OD);+mbfL82t*3Roky#xhiJhT<_%S
zDVQ65o@)0WWB$=4^XGd>hph~k%yLJ=#zA|1J#OXfj!oU25X`whn46N(bILv14xcO1
z+untDY;^goM+*EC{W%?DFR!bNF^=4p)Y05AaI$yqb$j<O$+fQA`+7~RF`&@cwEaid
z-w<29!96e)F<k9=9rLEdik{7T?|OZWOZCCAYfmpLuns(zq8IX*(S|YcP7Cy^6cuSJ
zQw|x%t#?|!Q{KCe97}p9-s`(h<-}ZoSnruXra1M}-14FME@M!kQM27UH(1?k{!qhL
zc;%H_-r3{MUp!`5TEM+zLR{tE;FVXlV$@dd9Rs9tB1#vhmb-I2#_+9)1Lw|nU!Q2?
z>>aaYf|av3xGLp_q`OUR!=|LW%$PXizv>C3=34`E$6C7&e6xD@h(T7&dtKhUM}A%%
zZ(aXp*PsKwZF}E3I}|u(_J<F;juqt(InMRK9y8y1HZDUH`dqW@sR4T<Z|I@k1wQwE
z9bJ2S7=iIda-s2)?c-86S>CzpZ|G&j6s}*t<+_WF8>{cAGQBIR_x=fG22LLFK>U%s
zq|4X%Vy1r4m61@uwc)Ixfq0D1-k<VblK;0IhcVV&5Xm3^dWN6#NF9l~jGn~XiMI>x
zT!8F3;~2)3v;h+b2GzzY8TOv4E}w_>&gxn3*?9k1L5%i4JvO{EoOUh7q}S)Q!hLp!
zd%qD*dOrJTxYy~EQ^H+4!+~p``Kh(~+Y=Wi4a|Ke?Ah4TRi1-!f>O(Tt_%+%bl-&~
zdfDDNCy=r~$^Syf^X5*Bp<?d>SB6{l;La4^ImO=T6G!BkKF`h+tT*1B+2g7PzVLju
zFJZ(5@jH`dyzqR{^}`KAVLMY!70vkl&LqsyUe4i_;drIUAM%`-lvFsyUwBjSL`hQG
zcAxhi*Gk{)CxbOxe)v<jum6g11A+xXe@5`S4)f039%JtIU~(RVH7{=c`qr!4e7!Fl
zWBRP=6ALqfO$EV^b5@PG*IJU>a@7c5pB0dDeL6YK=S!Hr=;QvFYRsMHi~}>eULI&o
zeZOm`>FX2ljvT%u$I9t2cAB4lnC3k;kd3+Vh38Xt7CoN?=@*_ipGk3zc-*@FrLNSJ
zxco3XZ`sC6u^{x>oznY_l%%66y-uC%y=!*Q6W!{ZzG&))UEF7Jp4gufunxNNGq8o)
zQ`{BsVI7!K+%@qY3;SnZ?~8}zjv1Qfom^8;KK{tiq><Gl=jO)*Jl@G;auP=5_Nv_b
zP05~b-g)56RLk)7zTPxee=!w1Q|zasD@N~Kx1?>EzpH$U6&|=deC`|J0Y}6A54*ky
z_bc%f9(U&t!D=7qIe*!-@a}u8jfGvs;Xp!uX5q}vY1{Wq=qlgUJ{NJtz<j8;FR<mv
zMU2;so_ilO0^0}X1h#nQbmfQB<^;Cn{MO6~dp)ze(u$5``aKi6j$1{Bk$S6@f6??*
zTxJwo*hi)q#=yxwkLuv^IcbL`-fo>b6d2{00e_h_Jg}ws5UQ-lvKZL4`M&&R#ajx$
z?D%BcUdsq<nV8bEAYsZ<sL#2_8q@AYy%<DOvbsQ)@9_DK%uSlVED$a(@aJ}x7kP6#
zb2|%jI|8F7ro^gh14S_8i(9Q*@1=p`x@vOrFFMkdH2u-wV;%n<o^NgH@xwk#zj*DN
ze}7$`I4f@cwHY3tr!t&$_Xm%jye`~J>A35IUt4Re%9Nx>PCk^Df8Q(L6!&=1&FFpp
z<ntdWk?T@=?fjtl+NU>N2VLvSIw3qU%V<tX95c#u*;e<6XHD-l$^GKdU#tH`k2i-C
z_XN5EnR5(d<;lx>ds26ssSQ?O%dFUfgjFY}RCLX<@{0mndd*=6<nKr;^7y;*=b#0t
zTdn-u&eYE7sVh&y&#SC_^Ti?F6|1m0$j{t3M5(+?Ht?C$Fe?EH(uz`hL!UP_wbV*I
z&jMU%6&Kay?R6XFqV#qvf0QT{m8tM;IKN<aYNt09+~Q^67TEhu#KD1=Q$2A1_1n7;
z2Ptmo*O8LHE4fchKElJtTCu<mMtl?(y@9a6WtR8w#sOXBMW+t!8`XKRqsCW|Fe?%B
zSPa~)oCv3-ftwLCE3u@*zKHQ2KF-Pio#WpGiZ=G|;vNyzNr(pKZ0v{OH*j~#xo@Nl
zIGWP`i<Ex7cQxsKNqH_;!Q-wkwlWs?Zyz^dc5X+F>!2N(KF@nw4!Z|Vjo;CExI@)H
z%Q{w&kuWU@wihSyI&IISuC#kV<)>qV4|v=<acPqGp8;#)y;gqaG;^b`>!I_rbMCb=
z62?vN#B>##fs4Flm#_1$=<ru{Y>M&Dy&)E(w)y36sy!zV^_S{haRIgaJW!cdkJDM3
z88i`Vd2}WJ!YVv$`MWv-6AoghH8I5qxblY_z0KO_?#efbd)!@Em`+@jG~)i`oSual
zJzsC>C>~SbE9u~VsldAaJfpxTYmB#{Af`5HV_a8pV@*<l1^4&dIH7Cc=NRczV!OV@
z1wHnqo~|=cH{xd&t~ra%g2V+0z8I7)V15=Z06pKHN!=#-Aq$HTI#Dfb`Q|~3_4)3&
z&nU+JN*Y+eYjRh&&6>2Yv+_0z(LXKe@_98$#d+@?8awB(#mkGrDINPiIJPVP<mnwp
zaXJ3=nH0kq^v%cCh1fRs!3>ho(>wX;$w{5RTknbMN;3mFzP>ecrdhoHDEzB`%9m%#
zlhP9do}6LU#xKrf_+HLRn7YjH9`L6WRr_|vRAa_0Roy-Cq7hHIkGrP+r^}Z-w#aAI
zW?wnlFBknE-}<j3Ly~gB_FgW3&T%X4p!g4$4hI8lWIpJ8uIdGrYJ5%h0_&mS<-X+o
z;cu<uF@b|eUQK!>H7%t)C6G9A&o?XG`B|%$Z9H~n<+3me#jebnm6*|U;O7H>xTK$T
zU8DHT)>NL7<_R2pWp{x4ikj>t_dc^PydbdvT?M*4d;Z}-Qh^U`OFkM`Q*>oT=fJ<c
zbBS@i+ZgycG7>x|&m`w`c^A%4!H#V8*R?6WgpboF`x5ifA!4p-he;(<K0o8@>vQ?@
zwvOvE`W6~l+mDRz^d1O)vGwC8UiDsDnB|$C>Q6~IlA5#^eTJo`{9wL0a#*o#XaV{H
zD$~q;DKUU>%2{=I54<zztH5EO@1fq;z#*R{eVQ7;Xl78-f1iGs&v_znctrY<smZv<
z0#EMw^bGs7d=Bn=SOHJ|uqp4HsYznz?s@x+Z=&kCvpU3gPQaR<J-^6SYj=y-w!n(n
z(Pab<>T<%&PZAJ!GGKPQAVv#h+|5tob<DAAaX-g>dRg#G4*h}z|87E`8?9!?6eJ2L
zPpY@jHNILls>YmU6~qW1h&!X_G;)hgh`2L+m0<%E#y!JEgm6uiNE~Y%Ksn4R;G9rn
zV#vgF8#1s<*>rkY{EmaX2{yAZ;5v-4|E*_Q((#z)u(9X2X95|R>57xa^u{$pDk@c%
zZVN15D#T|clAh1mtvu;lYgR&mN6%{cS%Jhozd2K!m4cfseO&`5Ps{RoI6aG%#k+Kq
zRlUN@M^kk}6P2E`XR$>!Rg0F6^Iu)n+~{v?_BT{53AffRuktrnRk!$S8~l~EOKKZ%
zBiEJ-x3*T*H?{g(8~tr9RsOJ@@2_rdtoOIpQ~{}~^4Hb2pokH!t7}{|PN`ZEZt*uX
zw)%tMSJsA_s+#M=4OI=TXJx}RlE1jhA)##WYZZ|kTb5Oh^M@DF?$DyfwuV;!3TTeD
zCBwhCv8}SMDua@XZIf{)7<RP6j@pKBD-^)`<|>rLY1m?aTSGVLmL8~VSj#wnprNg<
zF0F^cTWYVSFi69PeB2lAavA1o1NZcX(m4CL0?^GhF`<{+0@!T1;{k4Rtv4fg+IcTM
z3&|;m?1-Mt$h-KgeCUY-i(*DP5|6i#!bnO_(Cr3(lk3MGk=$(E>~{A8XT7QI<GpjS
zF9vMbmk0p8$x;lO13-A(2D$ZsPW$ZoZ*tx278|r|Uo^7d`(-J46J4R}FN5re@0S&w
zT5dJu^1ds_ZV@^C#Nuhl<vQf(==J7iOY8aT_v?xHQMaK#j4W~JK{5J;Ub@L8AnL<9
z$QFISY&X9=4Y`hpT%kJ_I65Q&fF`n=BL1H3#<B~aD}P_<?g=4O+~1bH*$r9UCSINn
zM8;WtLtDG~a3|!(epgPp2)&|X=%0|gCnD#Un1!9x2Nx)p(^xHk8*(;9<bxuQh>Nz%
z?L+R(ZY@6u4PPFS?<Fw`{j>x6Bj!YWaU0}sbjY(W;0r3H-)@GhBEImWCwWz&<6jFg
zNa3<b8w03jLqw-)quswSCE7+mWOzIQc|JVSK32|Ur$u#s2AOdV8Ar@OrwTF3>wXKM
znynFAXS*50DiD;dIu>8_8pe{d^x8oPlNm+pO)WbV4fdc8WoMJSw?ikd0t`5T<A_H(
z2K%o8wXfJF*6dCK0?qVYB-nv#yFWv@!=QCJ<t_T6yWIyc)!YszD7iwh1^SeB&IFEl
zU);wq?)on}CGs5c{taY*ewM7RodJIc6DeZ?XY(yI$~+1qo@a01c&e|0)-*7zx40g;
z+_BdZSh0Q4NiH+S6c9HXu60?Sd2pNC?cp-$iu1Uj*%cT2N7Q5ej-_Htaki$Rh`ZNX
z(dM}lB`oes-Rb0b?t&3k*koNXZuis|0Ap`tCl%j9^iEbVja(yc3QoUAis#8i)0U%f
zk2v?FFTwEQhJxXq!Ws?l8oG9RJ5aY_ZGu_u8E=5FR#5Y$H9&oCYXbP5bCOXEs@6eO
z&kKO}_oO!gcz+BPo=l=fLTIVs$)aYr_gfgG@Hp=^5!~mEp}5HON(ikqJi+BC+1E&P
z4+f0$;zawzbW}7MwGH*;b%Eu*iX}%YySbEj#;BSuC!S9{&KrQ;p0UJz-hb2Vam0Ih
zpQZ&D67TEHrTlo}{k<*JSwMV{_i@T!MBH!m8VnF;dM=&-0q=2iqNkXs;e8kud8QFx
zpEM2~=9xj84KwL(5|@y`Eweb@?Ya~~(vb6wUV~u3Ev9GwP1GkYyPT-u{SnTdD_E=B
z%fg-oTfvF*(g4pwHhdGDLsfD2<HTg^OmsgAqIb`GU|pQ2_B9aR{%pflL=EpG8nje2
zL&FrXdY*y08qcHHVW6*?49{aCnGk9=JdcZDLTH8Id4g!1_aR#F<V>7>-g(sfGvWye
zp~`B*^VDOgqnGy{$~;Z^{$Ach@jS<d5Awc4{_~Y+wBLIUegDE1oQHa!qfNj51@M6P
zIrh~{uK`a_2(?ujo?X-#1P;q~)3SWvFzvV0Ki>N)%kF&}@`c_C;xGRV_@snT9m>AK
zvXi|RvUd(rex|oSIG$HqfY0`_cF&=~XhoU#GRnMt2K;jGQ1buqCGZOG7V3PLWfvQL
z2q@lHPHa@)xsdHkKD;>uS?Babfq>gH*<w!eGsy5vwL~EKINLVE8jq^n$^T)FBI1&N
z%~}-UOWsHmXGxh}$$k=-Sm!~YZ*n4yoGm%Q<ZEf=9P4_3yyTatx>R!Vlh?9e=2~M>
zW_&W&dQZ8<p;(ywI*IurHaYnZRDHSR6eka3nJcUbC^IwpE2>^7VzZOSGR{NNoU-H-
z%(>3`2E6iq3}4Siiy>QV_M1TyuD31)HPh^uL+S==HuSx3^?QLjZnjL=f5hsyoaKIO
zvAaIA;I}J4yUe&DD3a)A7>c9WFo&asv>m+}S^Zfm(OrXcpN;V4FMv42$<qD8X;4%$
ztfDd~{Q?*=Gcsso1X+rv2khy_<E5XH%(npsJcfq&Jm;9B(URmJGozp2M)DT+O@EUX
zx|6rC^#e@ybR4Q-yA$2iIba`pAi<MuuAqX4-~msL;70OT_CT%>G09u#usm}NwE2uU
zf*+!QZQ;4Edlp%nAdy^21yvU3e<S%7mZ_GGawnf;PcIRvxa2*k*;8Y24jr2OPuf;1
zom-sz1QlFmg;9QXGPk9krPf5$RGyqnu{!HZ@M@C(K-Kj^G$nH<;%N|KWwHmto<{2~
z2&_+TV@{Lx2#8I|3t48F)YFmtK69F-%mc~esk%joCz832ds>BfHu+-upiPJuleydQ
zEEnQ;$p@LULbM$);@J1BQXDcs(X3VISViyDbU)+V6Q0%9`=FB_rCZhsZY1wv<JViC
zA!DTx$GL^5=ooCo(W#7cn;v+=6P95(h$Gyy(qe}U`jDQz)?!_%)=XqdiT=i54nPSv
zbUyisZjQpi91}V;=LvfX&T$NnIv`ToGOP{2V{*y0?t~{|M@~T<)*NVvokQEKdyy5p
zhFxcEr-JF%;cQ)iX2i|7324uI;j><GrT+r%y_p8iC2Dvd0zYmZ=WVz5Y3Pf)jChRq
zNy?Nng5$ge<j?;W@;=!8Gr&amT{v5RV&MuhdQ6V1yc;`H?`c-Kn5f~M3Zvqxh`YVl
zKq#)7c$}BFIO3LU1Mc(ArhEhO{@y(Dn}`ohSc2zhPXP;h&toOcv?R}43qQxT5YP8M
z4L`@V5+9GPEAUk-P)8wbbD>-utD*wig^6x5tPEChbpp^t_b+fh?<JHpZ+Dx20dan1
zEpejA{u@Als`4+P%(o^Ln0eTTp1-JdB^jMypiGI*OnD!T0iV7}g{m%@0aBX{)3ELb
z&+yMi_2vXI#k?w_X@Z-YQrH#9WQ$ToYmo>VL*`NK4)a<R7)ld&&=O-v5gcIt*1Suz
zf2-I#DE+SaE3(DVcd1<pzAF;LTF{^7{nDJbbzvb5|HCx!17+YD<cUiZeSUr8V&>64
zW7t-l%+sPH6Yf_votBzl;c2>HxHRHFQs;>E2wU?4v{2m%Fx#(2sQ_DZfodf(0u7|7
zKOHG82dAHB8pg<3Kn?=Az%1qVHhnMJQvn`!;D*_L28uG?1S{s>Ja2R2nTsKU3kl;e
zgtC||r(iu;pF-oCU|(RCaCX6w)`F9ZT7%qCQ{bOkAOMDuwgD#*$bN^N^{AM>8O)23
z%=U3UyG<&i9L$m2I<u`gtle4-D*NY%Vl&&KWAvRAv;9d`7Qv))u7zaoR@Ra&Gu>mL
z^Wd&rp}2iYMG)p$9F}>j40DuV$G{(X8mDNLYd~dRPWP`D-|Cw&X8TxN@8_1O92&z-
zOzt9vkCGe(derkMZeAzjeI98s=?9{zmh{aynHwa(9VkuQD7i0#8cC6eDXuR~EGy|8
zLi$dR*?tN}jGh8k4^%vQ4v?8Z#w-BxFp$jWpn*O3OD*>&E%!N)e4Ra(1%jOrX16^K
zVd+<fiIKJ!Z0R;5$XyQu_K--F!lY6NvR{IKMph5>{$EvLv(Om%na!duNahU1wfAE1
z%p3LXC$oJ{f?-@J1MNnJzX^YiZ!*lA=+O)z5Y|F*SCkfn)#sy@k@+@aS8t?q#Oga$
zX8U@m9sLSe3sGw1VhBh4C{dKo`9t5ZGTT3*_;Rp*2=Po_A<$`WYVOa$4Yq?z@9YOx
zywfV)xesjd&d8g;Q%k|G*xE`qOyBe}+owbIcxiDJGxk#VZWIloStF2#acad)Mh#}R
z5!{aq_IRPnFmvqoroD>{w!ui}#HMeVne9(QaP&=J{evy}22x-c_h{}w42d8IEL*Zw
zlw$neCN1%Tty=O=6g$gboG0}SH?uv^3$;7|Rwnd~ehSFtKr&}T1FJhnXX9y#%D$WR
z&bRCJB3nGzDfNaT^`-;sUhlX!z%rNX+jnOB&rnvy%W`_}3Fu9`8Zz`k@LC`=v{qFh
zad``P)3dOr(v^NAmEHk18yoy75RRgIqGd)t03M^vcD8ZR?>Ofylr>D>AvD|nhPxyI
z>Bxn$n7s>IFeit#Bp*)%DoJrZ&jgism0?~f%i4TWh-^izBqj5GSn9YR^r+tG1hZ1g
zzRG+ogo{khSEop!mc>F<!8G3WG8V&})Yf_oo_bT(%i!y127_lEau`)>*&x@JvKS+H
z1X=X-9mtZo)wN|N*u1XdTJfBeD08nha)!#fK~G>R430+|>ESn(N|w?(M;0NE%ZV^%
z!>o%cz%egyaV+bbrDppheYD#yaIp(lLQ=U+N#3t$I8M>8g3hglVP?9EtJ`VP({Qrs
z;aJEyZ)QqvDJi&FQ9DS%%~_JieQRE;VFrbY=hQDw&lU?ulWu{Rb6oUtSV*`zSIC=%
zgi(1yJ`Zw&AJ+W4xAyu)E_z*c+XNT8`~c}}RB9GVjbDSt;s~d(SI&VS*eh$4!^+|Q
zpCF69l8!99SBk-Y&}L7Hve{YBg3ZoaD2mG5YjkHB!Bq$mcGK0W4%e1q)lIBqy`6W5
z&a=A^c_TL>FVcmG6C<757=82FZ2vpTj81@sbI@_42LNdXQkV+FEE)M20~7L$m~2LY
ztXM@CGLStI*!uRi*<Oo#d}{D`Wbm{@k8Ef>vYGrfNYy#9Qt%k);C@^GG?dlqgKvRJ
zpM}7T>=M%c3htE{!A8+PaWeag5`EL$Y=7n)U3*`ty*I2@F{mUjQZ%|-(VS@+N69jH
z?*OIxxt|Qr1I%qgsPvZ+`L&QJtH^X1H=z(#j6kJ%Ep>)DOiC4kpVu5AOGz$Tm94Ya
zg2vq%^Z{E}fU>G}*jok9vALxYF2^RXq`5fPgUi5LXTnJs^hWR^JLiWwhwhW{yaqW8
zl<jto1S99ok=G%|4h8BkiWY!jUMP;#PZP{`qn~!<h2qHVs9!m9yht8UG@PO6Q=oHs
z1qYgCc`uxfy+|B8g%lk*K^)m6B+4rCVUYIl5(mBjdIEQe>+vW|96Me3e`7H^R*|Pj
zienW$1e3iH{3Ti=6Clbe$F2kSC7b(1giFWn0hf;53oaeII^sSPgPTtJqvR-;#(_td
z{zLIx%M1*xp0*(Uj*4)BR7#%~<776-UUm>9mXmCMH{#O<ixcEj7@Yfe40cE|ZwYC+
z+-Z>A?7g7XSZNYXZ<EG^sO}h?A%zK1QF++BjFL^NqL+gX=A&wk+h?I1?Mqx6v(~lN
z70d{jMslB=;gO*>9dev-URH9rniyH;Xct_CcKsQd{dp}}^aJGK*$-!b{dmZ1e-)3%
z)VSX)joS_bRO2?w4Y-3eP#Sl$H10HL)wmyvrhbX4akoe=w?%B6qLzYEjZ^gVpeHoJ
zsvn@zyoR=VT%Ss@cadQPpM-rIvJB%+<g#D5i|quDu6Rj!a7Dt}*tM~?D{|=y4x5p0
zK+JJXH8F={<33A2*)rSj7=UIyKnL6>&H6iP4B(36K54{-*lVzd9uRA|GhrhXbuXw1
zn_%A@s2KH2cKZ&CtI0DIlSVuv^t+(b-ay9PXaiPeVBF_4q8K`nb1$s*xcK#z5xm6C
zy<T#`mJhN<)`0yR6oRCQn^6-3Y{wo;KY26TZ#q|Z*B<Gv6<GJ#jy=+j`$4JB+hbAk
zHPX^~d!%Lm0nK*4EYt`rm29V?rjlB!smno4`WYAbKU#MnU@|YqX#_041ZtHRUYAza
zvzU0{kSM(!w2?L$(j3jf*+AGa%TeqCvkYSmzA%Hj-|j&+$7XaCb81U;GhQdcSi|h&
z(vK0%_Q7~!t75f}>{NE5u3QLFio^G>pwl=)W%Ieu*8P!GEpd`|P-nhnXS$%$HYV*o
zJ9Fd_JJZfEig;fOpQmu-=m(Z&`>!I_+#}X_uokPSR!L?n8q=ks7l00W&{#TV4GKqA
z$Dq&VZjEpm)C0ifp7sKB9z8afr!v`|=qZoR@^is8pAqBCl0n!g%NF<<u}N-tsJv8c
zw4N0=@n+616o%fnG1++iQnaM5FwEy<SH)}coq|o4-S6|VrJAC4wJ+JkBE$ThiyfA_
zl7T2(*fsS6cFd=uQ9rdc+wUE$yYN#n@P>%flw>F9i|N@>X#6A8@U`nlC^PyG;91yG
zjQ%~4Od!R~9di`a<)FrV24oA7uYnvO!uLenSVqVAfLur<8ORkt#`=Lwcpc>jL-m*p
zPz_)gpP<HZppH{|GLZgQGtg@bVGL)X0*E72W4BC>$sRg{%eiX{HrBya$YYdWq4M2Z
zUR=lhoqNkpJU$F=L4PyISE$^`<_{%D-hsTx1`nG^bo+FOGDIXiD2%E58eX@WvPS7A
z+h+Tu^K`(Oa_6QJ#v%X_aEiVeG_O)zQtnrz(DRD=8>k7rp!HlR;l)dWo11JG7K=P6
zNEB)aC?j|Xw#Zn9qzc(Ju<|{d8wp}#>Iu$`*U2_RKT<c_7p3YBzfLwJlb|!ursbMQ
zE!WgjpmM+9?({m@etZs^n~@Dd4d9}IB|}kDNg;eUN?r@7QD1R-SM)uk*>&diCPVXS
zO5=Xt4`oBLhq?PXxor|_V>q*;J(?a)`nS|}gUJ5?bmq-iw{swK;rV#*Hi`Z5JIORM
z_aWy;$QkCx`zNxOdR>fiZMkLLblwJ`045>BJY=pzX}J%w8#>e8Kn7iFh}d~pS`q$+
z`6u%sE%r9Wh9N`5g2z#SSKPai&pA`BAl+M@Wtg2t9{157N#0y*8716XI_yvs83UTQ
zb8^E}$<=`hDP!a~<nlUz(+oAARob}tQ%r!5LkJrY!#rtjf|k+$0q+x7Il2#8`Yn-I
zAW3L%F~!E54{AK9F?{7~36Qisc5_DZ%_%$h#ZI(6tqi+EiMC1`c^H+bAj51ItOu8K
z$S!c{0JT46&PwEPlpVHnoUXYZc^tprs=OGEOBuel>u$I62d13m7IE4=$fcQli;znK
zYkLbkj`)eH1h!tmBVe&_s)SYM!Xy!~(5~kjTVzvr5vQp=(TnV%cDpi+wcsf5c=7a%
zD(2qu1p9j<+(_=eZrq=MOE-KZ+_QQxc%PkXVN}vMXU$LBd484W-tvGma(;naIw4PT
z)y}#X`j2(ZwzWxTsHToQ$Jw{ggoWxd15q<mHY(=hD54%VC`O9hh@B~02(C|;C=3hA
zrE(`Y759V{X3TiVf}YPT{VI;xZVuIR%xAJGx*t)7i4b$eXHwg1pmR|<=~96IfaX@`
zbD>6H!QkBR582O*12vtK)(vPt5zEB7ZW@B9UJqV5GDo)pSqdayON`k}ad5`m0b~b}
z4j}1RKhkc8776G3fUsX%q00`Uk*|QKcCBUZb&;C|=<qsZ@Dg`>R5;iM9>ePe;n`is
zJ#yOBwsi11AiN{+u3Ze7!MDNVLh&!*$sWR4_K$X1qv%)MMtms?iGEqhY`=84_UxDP
zRA(XD1kY;0AA!tUhD+qHq}(rs%+cgqLgs4nW00xM5#iM4h#(g!rNM)tt>*2oWe+$6
zG_E$#lmC($rjSO@osuQ(8c@^u%x5wDBD=*n&oRWp=#$|66q%zx0`fB;X?2iLGcDye
zXnC(^z%X0>H7$RX@|(4Mu&<3}K`^q|1qa*QshTU7mBD<l>Fp}8xnsj!7rj?ogU*<Y
zY<AE($#&+<LJps|Y_)UNt}}v{gU9{f6SgwFYYtZ0!kt<es;{$!KNFtXFv{>Qqh&OM
zTW>XPw?mdIMG|^9vagh#x#Lp$5eRXnO&6h3rA02vM*h++ugmHhBG=)DzrTrSS|Yt<
z{umlk<iX4m=|qn2TFII$k6W&i$1Rhe=U`hZxN+W6uD*kC?+InqhIWvLJNpzqKSc(I
z@%c*-OoKe!m8T*m&J!k;+t?BW*!hxeOs(~xSdkF=6+5#%>jE9!MWWn5&q;JE!HFQ%
z10_Y*gXRuul2mj*DQrL#6^li8R3mm8HeCu@T_#VKN^b{!F-OyD@LeIDGs*J=uBS#{
z30{mJizS(3>OhSLHD)=G8;D#7WEYUMQz$4AY+THHfEEH{J@riX^a?-^@BMuWIk_9y
zBLxbXJBD`xF9Q|q3wbVqr%@@QLGB02rSm7aXkvzw30v7|RVcHQbzJUgO~d;4EO=Ru
z@YIe|F|)?}2H1nBV9b6X?-O|w$mN*-F6P!}Csgnum6_qWnr6NN-UG-?+lvfoPH+{l
z9$DDEBOej!!7Xe&nF?+In`7k(VVCkYxgEc0HzAADV~}^tdC9Y16=i#Z_kza-;c%3f
zb_6_LJO)3pGym<#{0cnL=7A@;ob^Ln^-$>n3uxR(#WVA8vkxp9Hbq$73>ylzsLB9B
z!z!byM&^M>!)(=94*H<N8w{8=5?z4%V>J?32jQMkM;Yd|LLUJgOoJ$&ss2h;supf;
zF^u38WU;QdZF^+6tARcfS*-F{)QsR<Taz1=MrJ3aX$!LGrt?*n9`f+&$h&M!+W24q
zUSt1V3|W~L)pLwIo4qi~rj5PqN>_ci(npa+^Kbi3rNO7|N*|Fd`wAXBxx9ZD2zzT!
zG&6V_JR0>rcn+g1c%JMpqih(JHW6$-RSHf6A{~E$xWo}^BWK%L@RZuni4{iCUtI9)
z!!oq>Yq)0n>*;zvd06HXFV<X{Pn6&oMPe~i^dit|eo^#~L903AQBnLf=uz8ZP?4fv
zC4EC2=%+;eXQ0#8z(77N4Q>R&u>6y1go+Tkhjuf#+;9C;a>~@*m(?h8yImv!b~6;z
z3c;NF>>PYFC-F+&li+bW9_`@mwB@GTJPyFU;L)249dZZ3+lpP+3gOu|fT;8hWbonT
zjSk`WYy}T0VaLLC#LoGRog>><nZ=ITIXXUz?%)D)Q2eOheKy-4&eR=rP(0WJV?#Pf
z363VYc(!4_D&;DLoTJGfki^rx*Cg{PQp+^;Cs4WExY)TdScUWIu{<3T;o(AJIa1_g
zk~NyD1SNB2FI;*V7IeJlc__o4E4lWkr6Pmzt1c6Hy92E?%s+b$YO!}I7S>|Hd|>RV
zkCD%gjXXsNPPcPn;fcuoI7fat@_7lEV&^Llv!_;q%T2>n$+2%nsZB#v=voMI1_`U;
zt}Wbps5`kgA&YZSn`9~89k%!_!t1uj=s=db7Inm>G4md*C7v7?-%_2$=ehCs#e>65
zbYCKU;RoEKT!Czoe5kJYrC|5{Ju@%e=Hi=Qli_GG`OLX5-@r6xj{>X5gjrcEyq(24
zIVg>D{tk&AC4417^cl12DRn=kc#~J8l<2G^<iz}(x_Nabx=V~pMqu1hdW}}mS1>Ut
z(ftE(OJ}8Etb0?~1l~ecR+W7UGR7@eD$kQEFX&2hNa9{8->jSa0xI<xe?!nq7Ef?@
zk~u7)kJptjFd@n89n%Z9Q><jel`zhGp_g->YpCJ%UW9zZaN8(!d2A66MPmAyUN7ZM
z5V1WSh2u<fS|4)bQ;cbSvJjp<`Z#30QQ3Ut`4UkTUfk<rx)P!a6Cf0)tf5dMg;;AZ
z5%cJJlN`Fx553PZM&Ld}pL5I+1C$AUJurb!aH*ZeJTxrXE{29sdp`#WE&Yc}nE?@t
zq|CW?8-y5WH(rQA(c*}4*3CN3%S4r|aKr$=_~?9(YLa-*AI+WCN9Cs=UkcFR)I5jq
zkW6#J0M$8K8D7`c{=w}fXTDZ9+}0p&8xgIJ{ax7q&WU1VAZn9^7)ZO}I@3rpd4GB&
zP(%sQ3w{Ky)ql%G+#E~K1go10ylI%-$3j-77xKMh*!C>)Ff(W!<Yh-qnATlG4)tgE
z5&gMQC(xk0s2fO*0%^O5<Y=iH$e29Z03=`8fE&5w;KIr2nQmrZ7<C{Ej*ohaWP!8X
zS>|5!-G<zuyg9*Z&h5vx7K%OaNl`=(!r&}D6P<b8Y@5`>ZYDpTpB!y7c9#4wVyd&C
zR%)AY@nG~%3Ct+>&X?dUrcJo}7}dhQnocp+sl{eEbt+?QjWeSqCkz;m(KRa~>Sde8
zOCVjMm}KNZicYvRD%X$@m7JYvM1z_7=0xR2*hNcVqEU)v$|#FuiUXDAxe=yUYv!be
z1DgxOG)f4{1g#*r0?BRQG21pEkpp`q$d(e!6LbNAmMx9QZU*;G5hx*eRnQ88Hx(CW
zIo`sVb21Dd;Nv{gSU|uR48avCoGADi5^5(%k=%s@6r`om+P{XtND-(2CPxBD`3A{o
zb#EgwRPxzUIrzYEzOYINDpW4PR;2EZpzLKLP)eW$qV-pUE7#)20<E8{%~Ga<fMt?t
z^QFUQ3<F5L^jw=56!9U8G$C0=_BO)RNN7F5TAQu4*Me4}K@n{h(Gr3-B$v^=ZW|G$
zq9m#!7^#gfT|S8fmlM1r=mLUw6_=nV_fy6K0>0ze-7VDcsK}NQ@MC)X&L_cZic3I+
zs<Vh4Rv82z3A&I#tByMKVQ`g26-R)6D6%C4iDFR&0gE{T<~ii<6~Ra+L|F^9=U8Z%
zDoDWBOJOv@9Hj0IqyS&cG>r-Z?s?!0t!d<US!G~_M5=^fxu6vU*C?(o%U3lwDHg%w
zf>sdl#meqh@byi;l?f|!ar_33u}@ef1b<e!1RpA{7UYYR|4=M~KG?fK4FO+%>|PIF
zuH-wDj(R9GLRcjPRe~-cxC*Izamw;T9nKa2iv+D8(6Z6)<%^YkP151bC@a!Rz9rcv
zQY8eB2wFk#BvSX<`5NPEB2Yqb3HEcAv89ZVuj*OGvdGA%=uQzWC9p+jIz(q`_eHgq
zIkXl#M2nrGUqPK^1h?^n%_&F@Px3RYPE{#^s&tt^+rC1r>0RXiQAA4!Z2M+ADxK{V
z)s>p4u&-2lSvtUlf<_umrIdun1xW5fmWe}xt0ohURBVDwB$u()y^Y8;#V4Q{F%XX#
z;@+lBiZPZ6t<5?dsVt;fY~&izQbNEFuTW_@;oX8SD|d=65YbWsTeR3A8gV+c@=aaS
zC?l{%XF5b9T^TiCt~S7BY<XmzmUS7+9$Du!fl{V1&msJ*Q~23#!mmJ>Jx_QX396r7
zN8}_DMg+kkv{U#*s*s?afEEbfVan4H?bLV#iP{POiiA!ipi;86)r&z_OLi%Nt@jD1
z)lWq9HbFu)vCPrL7oEZ{Muay&n4kM%wk4oujxKGmb9CK?e7+rx#u3;?>~!kg8PR)Z
zM7T@~LvNu&Z=r4+Md=I2m?GIjObKoy#I*sk%P$4s8^}O)VM-oG5;qf3UJMa@Uw2X4
zU{O&)Fb&CNtX{W`$c>7xRr6)iM}<{F@ElV2nTY}qia;sBGlEtSP}VY9v?haZlkSu3
z5`vRR-BnRww+NIHd@5)KftHO<vA+lRkO-6zd?x4u0?Im;O}<6y!j&^v1lJ2%LBJ0e
zyBk2+E-7A0@FS63NT6k-22i%A2$T_Q5_AE9mMx1!ZWg$FQNuJs1eXYU89@z_%UEG<
zBeGiYwZm8g#W@BDOC-BIDjDhjLgY{aZ6u(CY0M?K3dv=(xwjEf`sZr>x|C(C@o664
z16N|)2g|`~l}4$WiY%i|H1k7x;JE)26=mrpW0g@jV`%DfIbRUhb#BBJd>3^)5=<pH
z7q=uZyae)<O5l;%pQ3Vq(<mkA$6Izrh=7vpxoB@t_7_N)DGB<B>;eKU8|{s#>|Dxf
zfw>VI9|QMIQC2~45(&e@+(slxG)LBOzH53A$uidY2q}W8f#6Fdm$BTvjff$|B0h~4
zi@Kh*DpkR4gzq7l#(b($rRUpTHr|P_F4HUutGcBCtF-WbD&aQ@k8~16sW8d7TDoV2
zoHLxAM3;;ai%SUbtFUJc6bi_j@<u5^IT9u=f=VRSHN;rbF{82A2w{~GR0z6|Ko=|9
z7A+Rp(-uHrg2<K-TrTK>s9<EvIukkkq5x6A+>Ht)*o@>dTFq@llvR<v1Jz%O#Bs)A
zSJ^lrKQ_itB4A01L^VW4(*LAERTjDI<Eypzh|&^*J%TPEI3G9Hx=%-xeL@6E36dcI
zXA)@H=m2;M0>2R15`uF@HsV3*e_7=c^q1TP1k~i1E#E@!2@#x2z%PC=eVE&bDA7ox
zsq+IQ`h@UvBsiYnG!neMZX1y}siBO3S}0D~OR;qTpRG-0N8Cn5{0$MuqQ|#)`4I@L
zC%911Qi4Jx<w;^wC8LC3mY}5sBjUA;wt)Jwl>mX#cbQXP={D+9N-lFMiFU)~5LhBg
z=EtLk{zw?Zx{4&5Wf@~4lMV0Bb|HC;39F5v+lW$(q<d&Y>PE1CiiEj^;9exmEwi`r
z`{xG~pWtD|pSJDSK=vyBp8!5oD8WZaQk2LsBp<#3N6jt9xvPy~+sOG02^A6i0}0a8
zwh=jn)LmLPjBg;1k+zl)JSgZw0=}NxJ*p|2D*~ki+Xby4(6Ui?Qg)IElo8x7=mG*Q
z8=cmpvU4f>u*il8v}|;Sp9}7lNDM|ozQc^z)y>&#vzV=UEW)o|FdJwVORh$WG2*(G
zqwk2bsL(5;okzK=k&=|$YF|u?ks5REa=2ToqKW*72Ek15k)R6*{*Kh$ft3A?2$T|N
zfvDF$1DEgJK^Z{`?u6kU0Kssi?#d|pFOe-J7%Z|C1X{McUjC31JVn4)_pntb(6Wx+
z0C$uKln^|OJM7r{&L(_R@MW_JU$FVw4}29kSBjMqj1lw-0$W3|LqoAcL$TH{{r^t(
zf3@ri=;dd(rf~&<ZO&weIg=gcOxEVG*ajqq5+Ogn#5VoKbq#1a3k#vO;3_S8Rk8!3
zzeGZf1TX25L^>6p;1$i+RW1QzspOXs*p|-JbzqA%(_v}k3X;WEO0l^FG#0i+FJ_u-
zrei(-0<7U^LyR$ZtGjHgn>fFdiZSrxzo4%I-Yj&<R`<fKZsO~a;;`e35e}&zAjKNj
ztQH1|TabECByW)LXzjB|TCHv<TTT<`+kwcRhJ*zo+PLh<_@bCwRKSwbt#0D6nx4Pa
zO}v~uT(oa>gQ1l~7`jrvVEr-@1{cA3*g9hn5DY=;KDa3Rdyy?A7$mY41X?yaxITtJ
z5^~s>WWfG5PDp9gr%gC!i((vVNyp?BRkX&Zvz=S~X#Q$P{%TaA4!)c{T~$cHZ=4Ya
z&#ohqCd9I5*Exmx85r&X5F8bB0l{AdEg^UjPY~gwcogP)pFo|(i$$=EV4I)|2_6)*
zgy2ajzA#!mvaO-1_*)rhoJ&9pd3~)dMWh$%nl3?psfd;l*sXfR*{bOMkq{)pN|?YF
z-su#MjtdG8z$>`yIKtnHxfM}!BNq#l><bCU2-1b&;pn}Kmm#+w30+QbT+k4~7f5K~
zWWqCwO+c@btsDCz@HR_!2?4WF!2^+AyA#ZxsC<HNVH5H@))DCv14{_Tqb0&8GC`VE
zLhzjC>o$szu6!Lz{!}U14$vv+6$E<)y^Qa>^A`zB<FdKXR4a-jS2D~c8!ML9$T#0F
z>CU1FtQ|E+gHbb`t{|^d%9arPPS7#}yLd;$E4#t`m*g)X;HPXZV~x3u2!$PSOVL-6
zddN;p+4(x?BS<mEJejrr3jCiATDOKTCSM}zN(lZeXa&JBr0x?4WeY^0lwgCP3kkGr
zbONF5JP{}(xI)kc1X?z_I*$YQ1`!Bpvlf9|BCHaErGiFwL=^t3up$M>x=~mq1V;sp
z^x3T-`Qrv&%;UFNg+mL6XAjy&#(t5D?4cfs$gRUoh18s(%|@!o@oT_jqt#evq-GDw
z8JgW{;EX#8sd<C8G4FRseZMb%8*^AoGM5lt9H?D>n{KhLIt~?guNOPs)l!KvHgehi
z8MM0aIuZsZL8qV#2=*g&?>fpRh(Ia9gMwBNXxV7jm4bVj2$T@a7qnE{$rpXYDp#}k
zMl*jk0frFpg=O3t(YdVTVU<g;Q_#pP^o`vJJVfi1*7QL>0=-igH)6r?Nud$~=3{*!
zco~VeYY5p4=k1y#&=p7+xCE>fH`v!j+)bO6DUl!{%i$R2(uq;WuwiGFA?pStG@U@@
zMw-sIcRyCS1b^fUoyG!!zX)1FP~Jzl1YxA^{YDLc6Ah&VAqZeTDI=sXS{xY^6g@1W
zWd#2cbRL0SYO<qLWO9!0jh|XT!YXhrzz-Dq6M*}WP**YGbBayylCXo@2wzcb0>0rW
zcWsFrQGDHne9v;cG`OM|;8H<LN&v1@=vc_tsxkz1NOFsdNW0=|T}dcGU3_dyWz>Q`
zCg2;uSosOgAi?(8G-RCkDZ2S$i!VW9<PgqALiZ7{*<|bHgU!}IW3vgLMFN|E$|=nX
zl#7=Mv^%CyoBRiK!T<Y?VX1GCEW89p$cCen*!GJQN>GF(t|CHzKt$|<O^$_KEA#N~
z+WDd{UW7}iPn9cSxxcCAY16+##lu8!VN`How1UXkIlEhw528+IejimM0hM7Su;TxV
zL6MAN{Y66w0hO^Is7?3Dr)bA#sx1WnQ}--HF~$rdif|<o!ic~QqnQ@Gd3G2@iv^|F
z5-C<fa21lg6hNd&@$Un85{b1CzAfy91bnAk<|ZPn67kF$M<a0?M|gJaS{*`>+LRMR
z(V3-;GmFv{BH(ZHVqdCNp_uOC-~4aIwcxo>!O`H@3X#RhgH{r92Eoj)Cla!CX});8
z8VNNMd@1Mx0>1IuebS4{mQwa#A{!#mve7v?DqBX`uS9ksftHQ#GorF{DXRsdH)37{
zw^KBf5bO~&vfe%g^5-g-;5k7{bpx*hxj|SZ1SbWJE^{Dz_Lb%nJRoQV0e`Q!d-G{m
zvIvwCJS6A>0xcVDK4nuxpo~BZMB5w{m`j06L^edAWuwiH%Fd%K-`z!L6KL6ak^YRz
zUPjp`kvIkkDGYqJ_6$W;{uXDx&NjwDemoLFgMdHK;<&9vQ|GE&g2x1ntgx#=u2s1N
z>jf?S0l-GZCD^RE{Nj46;u730Xqh&HFEsz3dYvvg%aB3PgI79m;3=nl&=LC3?*Z^_
zh2cm6BtGod$FG3zMcRkNAEYivT7aYvK1t&z*L+M@$7d$?!DlmvklsZ4%EA9LZc+2*
zx4v(#<>%q9X*rU<(c1^N*?3=AAG|%r8(f7*6OniWi{E|gI}loqzZO@D#2YhB|3g0S
zip>0;d|vnaaJ8rJ3243iVwacLyi#&wZ>SG`iu5*;UQ9m({wdNINc_Brzd9a^#AQt{
zMqCi|@qIGqB7YFlc}QG1xKezM^aYYWxFT@JpqBv6-wFP&kT`wv^Pqi5zehTV#9y-D
z#C{k_9}KVFNPUqQX8n=QMLHiT8%ZB7ynblOdr7AGAG~sm|8>S&Ru~Y5xu|(nQ){D<
zHMgazxh1Q1Nps`Un#R_pjmxu|nj5dGTGZN-Rn^jzpEG)NR=9a_TWv#QR%Kgl-QukJ
z@S?_+m02qqo0n!4shrGkQ&ZNY#)ek>kw#0_^zia<Rt*ZR2sc-0C5syCHJa7h*jU$+
zwGz@T;f%VK*}>5nRdv-_b+wgQOBOBqZbn{aer8TqZNs9vw#8NdU$Xc+O|WguYFX9t
z{|7sb7W@Vj{@8?n+LDPMvoMU7*2Rmfsxxai`{3_bmIA{IL7~=FO;s%l$Dg7=SlAG*
zZ3K!*hN!TCD}ABb`ldQ$LTO`5sHw4;g)jv{5*@8eHP<#QQTTX9S8GOX!$m51Ju?5f
z9*;9!W_+w+y4J<x-%?ygyc=gza7)f+d}1V5@m=v=aIE+koZaz#B-g@O<-Tvk_mFIl
zoT=2r^DNWlk^)vdMJ?ed6|wkvwx|)RdL@IhhUK<mVAXKLjB&+?hOVpQeGwIFMV%>D
zs}^{KvsO5&1=rXzRO+@{#un@Lu^nbS%td9U%R>plOqLUDT?8}jMzC3`5x;WB_Z0$z
z-nG`@IAxAHD+8qxIGTniXDM^8aX4LRQ1W7mZRRz$fffu@W?9J5m@0LRbfj1G>sr_s
zJJv~;xT(UmTCxqh_vmi7qkv0r<yEbM<|<#g?B+$g(-Yqdxu)n>P0|gfS2a!zF;Z4(
zc1wfTIO@`Uq3WVlkFSi!go>!4(MnVqEhaK9pi;MAcM$&P!R|g{FhS&2Gr|}}5RY-i
zO4FrtA;Sve?MA3!5RE|9AXDPg5|iU4^z?wCWm<*-p=?!Qp`u;8gte%;9$F`zq}r>a
zl!{aV)lk(7y0FtArHCA*;SWYPi=3j$B91L(kz3lWJC%|>#1u6;HJ=qYab<)@d=P7!
zP8k(OYBcLkC0{i_wN>RRufWO3RU`iTb<(xkjjB!Rti}~PLis}#)6P^5r=s^vyWM1|
zFjKWTZC7>~cK=aQjVPy+)#RWj4I1GL^;Kf1bdyX3JsAapxmdqoqD?RpA1o=J9+|d3
zBsa=aquUwsPOH@{q0T#9GW)v3@v50>sH=%XHBdENb%;wEs~V^pt|V2%mAuN;O=ch{
zzUnlmDNbCCeH9LB1@Ok7gR-^K5&fcLnT_ROLpR01nGC>dr1Q0Y_O8Nv#190nEK!r7
zr<<gTiFC+x?_ApaeePoyTQVK1L8~H6xpLbz@%@nf--C{oIUO1&rfYcyrgIioqsEe%
zqlcW8>CSjkxSF+8BbECsd)%EHu}7J^Mn>q>_N->Q5+j%=5_h80jy70)R%FTKV)Ni;
z!K4#yUUX&FQKmYBj_Zk?GZzC6uhlZ!sl`r(oeHDXGKni(w?%a@wggg#FJkHU+YCS2
zwrFe}{cQ6z_FbFR#K1n%lOs0)sug!wGD;NTjM;Uvc&KjEYY}5d#qt_yj8bRGK=<16
zbVpNs0?sk^W`>cjMwnVHl?GLpbeOAuw{W4MYW%54*NaFJ_<EB-8CCBZsn=tN1s$p;
zN)<qniG!m`t!b_pG+jB+1zEbnY0)ZaSx>utT%q|CO1n;tCA}%5KTK(>TUwx6*~7-E
zxw}VcwI0dDRj#sEOR}>xt_+qLK^bhp7;GBR<E}`1Yy-h#u8!PDYr%__MOR3)7<8Il
z0x=ua7lWQ+o7YMkmP-%zlKIIaeol~FwX!&u0zGST=i;&l09&H`dyRNg4P&*F(!)b}
zgr#((DGmpcB{g0xXX$q_{c4G}WZ|j_W{mWYUd*E!_2yX3Y|+80N`0dXuqy5FXs0+g
z^J=uJ6<-D2g#R*Vrb*LBi^HbNY@l#8yo$vQDumQ**-to2MSiU`Nl(pmo*G^%<dwV{
zKx-w~m3!Q{4?yP)j>tQ^#W^SI4HMhwiXVWpx&To-994^&qhxRBQbSYWYLlwGq&jo0
ztOz~q7V)A+Ew`pz;HV&1`#$Bpt3+~uz4PGo;Pkm3=xTAIZEDc>6Q5im7fMde88X}d
zw=i@rw`vh}hMV%RvfM4f)I)l0xgF;8yjqWzNG;0GabigykvXicqSVepyPMshX2m!W
zS|#ULX||e+RA<DBA~nk>$(2&Qsz6L<oO8Z{H@FMn!lT@wwu9f@behr(EpxtDqPm%9
z=UnX)N#z2|z80m^-O@4YtmdP+GOuMzsJY??K_(`C7|vEa_3OYwS#2$*US1$@oUN6z
z%5ptptJ#3dqzb8};@r=a`}9Q+oBEil-;w~+^{^evYFB)+;I#VpYs7VGK&$3ItAbAL
zvXokn3|4iiX-Z4fAXWubfT&LHCF+`_=Tz7xNqcl3vkj_BH8hpKbnr3)^h!y4_0_+^
z)ht8})e-@E9;Cli?O&PFWYtX7a22=86zxc=(=&j=)uKm-Xm_zPb={$jQ_~;EX)g&$
zJ)&vQE2>!cR#LTI-zlVa!D>bDiHBO{tZ+5K>CFwx>fx=7qlO372wo>)=Tv>nCEF*}
zE2^2!OIIbTrxa?^QyFpP9DRwz$=oGwbjeEP>@5{0751(qx>Fb`4k?!?(b2#aX_)Zk
zV#U5RQ<gZ#lj<zDG$})N&yT7G{6TdcC_2MA=Oc%#$JfdLP)z}kZGm*uU8))tP->!3
zm2FZp%PBRCK(S<$q5{<$@5D(sKej^Z1I22W2`^C!Y1fgjJD<h3D>HNtLO;g1<@$>_
zP*52<f;oiH<&3)-_OwE+$`>kh)K#aJXSC{ZtA>Eu-m#SOmYSYUEf;m0;>CJUtO69v
zoK{oz596gZQA*X!8op5yx>9=TdL^v}=Neg~W9$nj>dX`WsHsa$@E-OPCpkN$*T|)t
z@@AXV+*52bCE!$>R5-2@y|I$3y2&e{sm8h5GOAM2VyQzf0K7v5d&I|UsYfu00Kug1
z1Y08xI=NgzM-6McucJL5^>(S<R`#=YOEg!7rsmU+>%<=_Qa(0h?p5=qYG{mfL@$Ya
zy|S^G+FYsCPZicm*#{~VT)gB5e)a}TF9s?s*x%g)h4Ou5OJK-qrn=%_n}o*WJ;dE_
zw+Z-flv1ip;hOVI4=Jp+LTdD=@N*8|m)q>!3k_3Fcus8{^u)%Ncb{-sk@Mc6+Q3Qh
zVZOmb5B%X(sIj`brK;7yzmkO74E&cj|J^&pf5HkiHiW8H*0zSi%}ZLC)3U4$4=#*l
z(;Ai=p%sf-8|y1WEv@+1Z)W1IHg07bq2|1N1J5*?LUmQut)Z5h+Ui!xZfFfHu3cV>
z=M<rq+9eI)x=>|Xwb9l<qG~bzBfZsVs9M=-0134=hAL|f{HbL%{~Fu~Ro8`K0sl+g
z2vs#VH#8cpRrqUk`7?DRH1pC)GeRX(Ce1A=oi=Yus0=n#g<*buWpiCsgKc3b)UpB<
z;%`1-Yj`oTalgH>4F*>?;Wj*B1GFz{Y+PDfWmMNTEDqI&SEBt*A>dUjjnG8(7w(}@
zYkg?N;_xbIWee<WsA^`FEp2tJ1|A2s=H^fx#cCSy-<_y$QC(HIIkYGYgN1BtTBTrp
z6CD~-f46QZXGux?o4P@lwl!CUnp&ZszNt275}hmEQQJ`4S{tqt4>gAy7Q^wj8KI?k
zM$xduFQ;xU4uxCr2k-S&;(YjI>a>|t(3gwR^pN0-!p+UA(Df=PLRIxu%}c5p7OfJ6
zQnwMVWJgQ08XKyNrnc4=gZ+e7gIO;@6#a8~t%?3<sam8Qvx@!;g_eiw+R%JF9O4Om
zA`yU&YiVw6T(PJn8eND`iAhwz`24<SNL5+km92PuR+Vjpnntx4i>n$M>kaiZFDvpW
zr?y4(*ne|hSBo%0D6>A)s$-=d|8lPbXAvIQDWmJfXvAx%x{VeizG$T`gmHku5`+&B
zGzJ5w5@QGT(Mb{|A@nwTi~)^DNbpyEBl=f$Xb5K1zzvO+EfPif5=8Rsr?w#^PG<Zr
zrZxmrV+-S^WpOPYFV(gh%i0=SYw`SvJ<wX!jPS9CB}aHu<BBT$vMM8<VYMV&Umuo1
z2+R>E9D+@F?u0lCRfeH|1^T3M1+0a~#Z!pB`fwd=N8=goq0ro!h%<Un9H?DUU0YX$
z;ku-)4q;Ep+NQcy24h#1uCJ=+l!Lg(z-YjK-LlI$k)X}^-vBjhAS6|<NpPtysBKw{
z4yzBhECucGjq0QtJvlVv*J16lbU8<{u{hisrg!ut#CWW4Y@k(`E~HV6Ue0?fnrktq
zg;a+|Y%?ZK3r#93r;dikX857Dr3#Y-3doG993*;LYA`@#Mw0<Zzbe(LCt!LDT+E3N
zJ=xaWjD8EjsbM%RBxXu1R7x0(&Vx^6J{8kw^(sszR9K0jTGa|SO4-P$)_%8V>rh)m
z8w?dAIl$1Li<Y+{zR|GoN*Vceqw~UQLeSPMLfe-#Vj^g1<s8b|;6r=ZON^j%>Xxe6
z88#W1NvoQp@y+mNp_aDF)@F<~!ya#o8r$Fu7UP3c6?@(1rv@1Sh&-$UvL^9Q2ttcn
z8bdXh;@~0iMRV<vnzI&{NSIxG$z1;=zdRcEXVkL?7<Dbc8yYh(Mq4v54Yk%bHe}SH
zo14STTH?>R6yVYve+C9g!J@Ha{TbB|uWhKSZK%rNcxMT$L3%ZS54nD!jf<<IlU<}O
zDj=6swW2?(7?v1WRWu!b3boW>84TH@i(YDlT6_8A(gYU96T^g6)P*anFl8*^R4I|B
zoQPauEknq(VB&z1*2blwx-e(7`bx*lggTWu)eW+eH^O_NHpCy6R(thT`SJuCs}Q3%
z(h^25#_J+1S(wWjs+NRXYnLNXs~hCmH{+N~G^TlU7%Y$UL#Tn)+u;}D0%cDqssu!v
z!;5QI8nWzg_rd?DP)j}LD%7=TWmtL}Ra7B>MTNaWfPonRT}97^8uX;p#u|-_CrujX
z4=ieKY-!;O6&aUY?9a~331$Y<R8-(|M#J!{w>^w<dD$W~t)aTnm|Hp}R5Y>l(wTG1
zri5lrE1ObMG_$lI*rRCTw1RBBV8eqyo1~$Q3hfRk{$Kz;peO8yl!}yxg!fGZp9P3_
zZUpBqPVtCCS-!$X6)d{}3GWn%%#DCND6<)G7!qZ6An|<`>feKemk|Wt2Z(om1b-8d
z2g|+%I1Y(r`7=^H;*f}s0HhxN1{Dv=vz__CDbF8e(mLf|Cn$r&UtrR0<ZnUoU|If#
z(nR1a%O5=AL3!eQiGg+TCyRJcp7;g8$>P7tvk2u2f#bCak>~Fe;Uf{j`J+ZWSeCy|
zq+bea0v@r`A;TXgVjqyjpCaPHvikoX$>MJe@gSc+Fr?-C)3G+6cnNTd^7nsuP@cc(
zGZHxY{Lez|6aJzP52*|I6yTKMOKRr;rXuw~1MwrMf)53rZsYuE7alB2{A%DV%U}J_
zvGgHu?JNH3hmINk4;5wOkoZd=j76ynZ<+92FX97$Ykv+0o@w*TfKRdUyMgnd4f_A(
zsF%O-!GnDMe8*Ve<nu>3c#zNEvC#38ju+<GN354G*ztWW;`4!Po38|(ZS%JP=RrOE
z-3G0nFX8E!{{VO#WT@vDaJ>8|IDh!SZ{z&s0Up#td<t;d83wNX#&7?%9)9~zeN6n|
zAF2fB*Ze%h9^f3q)WZ+pvj8d2PuI0?`OQ2J%KL$z51jH7fa`h-f&0N@*(-tTxLxXy
z;md=gY#Dy@&4Ylr_9wsj=0QN5?-)`izXR7X#*e{y5D?e%&oKv|cmVk<%TLkSWa9dz
zMT!z<8!aS$O3#CB<VV=Luld=t@NptO8jyPUu{96sA)X9KJ^Zej2lWu20Gxb&;LL-3
zey*(NE`D^Z`TTB}^Cso_f+XXFb^RK+_A|em<$O;*Uy>YS<0c%g{gVuwIw;d0xRxIZ
zT*oT^3x+09<|5!QOYmyolWhD^;5^ty;*_V}XKb8h`Ry|gwu@hiYQOPsnEQiI8NRT|
zgL;T_SWyqZ6y-raaq=n8mpgfoPn_eL^8A972kYWjlk<U-uYZ1o^2FN!sfQmJ@*tl$
zN%Hx%A>Y*`-V4fqX5%jbr!4vW%#R0Y;+p`;=O=tRmiUDq56TcP0Hn;V4nFbmHlH8c
z={}7`;920aEbm?TZJ9I%Bo4NbAH!_`PC0&crpq34$nXoTIkrpzUTWn*oy4yJq&@t+
zNca1GEd%}h^oMg4_48X1#wz9cWdslEA<izQ%*DWU9P%Yu`jGs~9rDB}Pd$7Iw%Eq`
zxxpM8=a&UqhA+wL^~FzxI9M-n>ZYDl;3y(^u0w{nwvFEr6xlNCfU_+1@S}qBZ2mUj
zT*An|54fIl_)U`31O5@<JSan4$Jkg*$hz(Ps$vB4SqHyZ;lch|4E!$O<n!%y9^@1M
zIdJmz%iYv(WVWoTZw*%hVzVo-Mq|xYb>U2VLvLgX#l60fDHl|kl`SpcHj-fB?94n{
zXmM3#8!qUZ!}V3&IJMjmW~$t9Wo2{K@^0C@23ED$BG}(9sbU?pL-D?c#j6Re6=oQj
zxFo3OWqYQ2V>VM&D@s<jvOTs&5P18ziB9-GI{c8L`?-Yi;C4oDT}fkCAjd!lPDbYr
z{Bslh&MgDWQ;yR>rcG;ob;#6RgRF?YGzU)pBhTWSHO#Zr$57JxXb<(1$73MZ1INKU
z9-Q{s_5Yh3ha$`5An_OkeHUvbpjj`;QX2xuu^3}%Gv`tJ(0;iDw8ojW{uR&|J8TE-
z(e0=L?x@B%fid!S7MS*-^R5K#)VJYn!zdiC^kG$s=vxL{mjP<*nTf5tqoB^)aF*QN
zbFgF%V+nO=xpg2N#f{(n2U8>FUABWWHuKoOw;|~=K#dJ648u>vK6KuXK|A%ejx~*;
z;87oES*`C8;JOS@;{oUka6H?G&buG9Q{P?CcM1&Z;}oX#y#QR70csprg=J*`F?Hy?
zUxIY%yX7L&cppJYeVk#mzL$ZsOc063o43NxGRG*Ic}#EEP|H31Q#JJ|DJ4U>KOu3M
z)5m_uacS2FWq2G%(l}}SJFmnOaUMGF6X4Ev)YX{MPizOb3A!Esc9a2X#6#ao?mO&5
z>-!3{Q{PJHqa5{}Yv(Zz=yN^RfEw362wE!vtx-ZpcN!IstIHHF9RrbA7gk8w0y*_P
z@f7;OQBdoHXt%@3cN-_WoSCj}7SdkF0EVCovmVD3k1LR@@5sl>)~^D29IDJu1>B5u
zu}yQidJ8FR)9g#mpIRT~c$vH2&YuOyA6D(K=>>qiY?}s|@7C`KG|0Ik)`Ae4JrO-z
zGE$v1M_Tl7Nv}C+MtbycNo$=njB*?<*^EaSF4<r>X+~W1a3NwEqNMaQhGXPlzpsx_
zDh@WDMc;T9eLHC01}FgR4Uar<R{o=)d8yBSVg3$4eOXWXCD8hEp7a6G`k+1UAnD6`
z=Kl?}zMLn`amma0B0$m{SNdRi`8vpEknRB&>PuqE_XVvlg-H)~xR~<%p>AFh-vgZa
z7l7ua?IxQZ1Dcnp%Wb-d`Jm}1%3lgvAJjMREV>f3A7K>>Ncp8_<+q$guK~@=whhol
z`5%JTmtUlLJ4au3k={mm3@Y+T^S7~i`Le_=|14;I(7u<>qW6L3C5Q(;X8AWjbG!a)
z$dcxdXLD<Q*rq=@tNcmO+<xDV7@+(a(0cnw+6TVgHj>7jNc-Cz$0HVbUO2S2r8zt_
zXteSn!FO&ZpY_-#@?3!Tqa$}V^&R#I!|@EkezYOaYt)0X=tC3U*L6Gzlm}Vl*^dLG
zw~@hgJlu;uHv!*yw;80?5q;*PpWx8k#kIMP=c%j;x5KOS?Of3I-R8(`da&#p(ZH}l
z)f7;9V&Hfp2?6yWAaZ-z`Ght4v_NiI^VtOoL>xx#>R~c4c7l2g+J=WSv^f-NLkVKY
zwjbEANc16K<k<(aTa+M**bi7B8zFM2gSXRVoi*(ZEN57a4|U*^9XQtqEmP;fS32-V
z9QYFs{AuF3IN68EMG=P^$s8o8%$w$5h4&?&izg1wwwg~-%?~*E=?;F7`1v^D$V1XN
z*DN!ITy;sU@tL5t{@KLsddr9p!wJWgNLpqwaa*Rz!G}vD{ME$MaKf=3Ny~2_Zri}Q
zPPctC@sT*;xCKe`ZzFE=?;@Uo6OMKyEz?2V-snHz;6F>;wqd6Of06hooN#m^nWKr}
z$7GPS&V3I20CC%f*B$s@iI2w#$0ta->}SMnJ5La|W&TOr)^o}s^NmBsz&vIafPteI
zal0(n6RltV<e^B(1jx7hn*T4M@gVUOC9@cyZ?cN_HXHW=ZnJSeApcE->n(M!v~m6)
z1OHrrWrsrMO`HEu!10i!JpVnQnmA+%A;aJCCq5bYeKuYU{A(L82hQK%r%VO#Oiazh
zYk<$T@jBrDPhEE&c2n850o*)2WC#(JnL-F<N~R1&h$10VhQdpTGKY+rg`y;)GG!<s
zAtVV&$WSU7q9{X%`p)xlUOneO-#(7@uHSogt$VG#_O|zW_PX!u9x3;OkETKnwqYso
zljaHdK4hF_Tg#@q(au8TSD_K-&yzJ3U&Qw1WpHQ9VI588vu@@Z`5M*-%&e2i99F>0
zfp%&B9NS7BhxHV>4c463kU1<Tw;Bsw4{P+<Ni=_!yGdqox0}r`%B<M+CXMs67stFr
zJ`8^#AArv)pFhjpmnkW~n)x#t$H2l`dlf&5ZByVUwP?Sn%=n`;^1EQ&%yK3u&KhSN
zC(axmCu>Quom6;l)Ri;B56kJ`N?C5?^XIfZH1hKzep${1SHvG2Y?I@@Ysp8m;TUB8
zY{oI)+%_NbZ^M6MK7Yz8Ewil60GWk#SjvVuEFN=2=1)+p%E35)PAioCMw{i(W_vUK
zQ({gztobt=^Z5~7g2plMK_}?*{63gD4Y005^PI>Dc>z4yVqs1%ta-h}9GrqgC+PFP
zo8mZ>WORZ)Z@CS(9ga2sZE)LMa%?+Daqf<eZD%r$ZTau+eR&(!OUxVOEm&`oKfwBu
z%x$mByj958jBV1K+9lfWBJ-9Y=V)P^w+-jZy!FRxM8-Lv$r>8Zr5M_#<GE~5oadO1
z=fVkCxGf(Clv7$x(C1;|tSe}fuN@ung4mAR@)jcJH{pIOAcs!K58!c+;#K5`bBYvh
zTMbKFndhX7%v+9QEk04^XW^?f_EjJGbUepdiZ?=>j_0^e@urB=3HmPP#3($5sd!G`
z(gl%##~+IGc&^Bt>*QY=`)z|b9sA|AH{%@;r(?f&GLAg9Q%2@QCKb#L%uQ&t(*yZ*
zwEu+Sy%DFQ{l1Ljw=O;g(M4}~IF0@CmgyK8Z4SVHq7&}Ckuy>8A^5*^v^j(Ed^d95
zP!9i%(DB-R#W>pMdE@LI@f=Sme-!fR_;;Eb|8SYZTe6vH9M3r9&<Xk;ze72Nux4Em
z=JR%LMOx3Rs^Z+XzszIcY!7h^bInU=>}w+O={TMp$~lJhH!^SM9x!LY-;`{Vw{vsK
zyoJkYBN*qc-BL8#pNjVBcrG=SQxEILat5rQm3v~{UFL1)=V?91f##Q#!{@s|=JVZZ
z{#xdH?0Xu=Geb@&3E+`{Yx6ii*~~>{-bOAfGrzLAsmxo-Ps(kuW(^m%$=l8^(mH-l
zKF>Ihd4<elTWj7Vb6<z#AF=*f=51%zf?+$nHGNs;E$Dw_wx2p}(tb10+HZN8=c*Qs
zb21D0bi4=ZD~GqK8_R5SL>Oz{s%D$KeZ7E2J9CgjC)@+z@riP{uN}&nhd3SkVi|b0
z!&}+sWtL!1jsMShCak&8y!Fk3>2x)$S&W_gU5Pg7`1e~^@zsda5pTsfw&ktncFI|Y
z96CYQ>MVcG9Nw~?DDxKgG?}--SIE5Gy}`VL#_?=Gn{>jx03Jt_a|-L^x_(QGbt;+H
zcnLC(?IyVm;?-roPadMt{$@GOAq$4{n0bqvmBGV9WnL?ew)kswQ63pyBf7{9Z?X7x
zi+^qLeHK4r@f5li<#A%TN#ZfkIc5GXS;yk6R?Xw&d!rYP=d}&_bUd%|itj+2j?a);
zjAPrkux9CMnz!8d(`aWm^6ALGq8#3S|3_vO=L}f5EpNYPl6hPHW{ck;^R|2mnYY<F
z&nUO$E&6*bUQy=l`r0yUBt0tgTKzG3JC3D|%v<`bNX<4!WBszsE(YUiy<Srk=fB6r
zGH><olzGngnSYdd{eMj6ZTzb;Z}nfdcpChF9s|1uG?v+BVnt!Z=?;qXHvThoWd!l)
zX7N6>j(M2ke61&&SrM4~8i#FH(|GNU$q7~1BA%DxC*^o=?A5mXd*q1B-@=c{>`HLO
z;>k1J*cZDJWRTf@DH{7dBggkbGv%;bK`-T;Lk=CsHe5LyupVcAl}4KvkWa_^aFue{
zg<-YKZP%Ll|9MW>RbiLRbN-$D6V|`Ve7=|HQb@pqMU}ZNAG!256uUwcklD^%av7}e
zqwh{kPd1pwF<-|2rQ<w|W*lv@i^OzVuj!lSdCFlI3D)<DoaKs-Lz}E)%yxJThiL5U
znjGiztm4V=KA{uz8^twk%dQ#8`L`b0VVjv~9Zxokvl21e=WiQywBLpCg4hs`=akQL
z*w^BN=@K_`SXnrZd78W(>o;X)t&`dHBe760_M091rQ^N2hdEVmw7H+wF|dwpw12C)
zpv>+e<!NnOoz}5Eq@2BIwwcV&*rzPsMdmsGpWFxQ!7}qlTh0V|8rE;nrEVNE3+Kka
z@%NO&zpqzV&PBz!FLqPm^J2FY)@!5rZ@;k2oHFKnW&YjGTBpos8xPSqpZvXuPN;t4
zcvujYIqb&5GMqHKvGk&m&)=))_*-l!<2r9+Xr2ElG;j9f@j6{Ck;&%LXp?`le<t&o
z_sgvP#wB~j8~MM`+V)Rc?f*ri9d@fp!QTY*Ud^Q62P)t=v&ih~!jhZJXIGjcGIQ>f
z^I^^39hk!|Gc{-(e?3~q@ThXQZC9CHZ^qL)=4rI@-=WpcVvF;)4DO5Ff7Z(UO@lRo
z<C@`HTF>jCa@bXe#b&uJU-wHg&*8u3RQzouC%#vaL&xitjd8tR`DvZcyJ#IJr(2HW
zuR^08{vJuk-(s~H*ReG)zepFt!QjEtp0Tg7^aD5IlP&(H`8~SEjhs~$|BTkYw$uD$
zACFyhu^ZlJIY-RL&8!*7^Tu;^r(6c>^0f9_$IQB!@fqHl*0vqxZdmuB^>3M#G~+!m
zhOTzw*jP0);<M?yZ^Ze(H{){`9~FteAJO>FiA!>rk6c)iW50al#S-`0^P71J7*B~c
z4~52`WQo6tu+1tkmuRyZtu|}H%;!0&XKo}vg>`cp?J$Q+w9|%GI~`!QGY;!6<{t6{
ztkGp8F=rCiLuj-)9BVGo<|tZivMsi`7i(@4o+0nY`Yrho*6+zbW4(+<`zx{L678?1
z)&4r>!2Gwo(Y#GYSCeGB<Oc8o8f_lNnoG2KlvbO^V7AGBo2Sg@<mrh2CC`NUdn?=I
z@2gy*P5$;8ZSuR8ZSwt>!_41a8NUTfK{+?ff2(Y>9M)W-O+L?PvkG&N+Y}4$O^55s
z%@F53YQ~?y(ws({EwSbjZMLED-}&gk9C!d0{(czlArD5puRIhULZi*$SaXRsN74B2
ze2ilb%)S7V%roQ_h|i(X&OEHSL^}&<wX=vhF#8OAU|ubsK>Snr6ugZ_n>(=P5^e6L
z@!$E_%N&^f4!$!VmGdBeLcR_DUFOWg7ihG98EY=l{xw?dC&QZUvmXPCM22~9oc<r;
zTyyCO=cUnRKCHP!n}ujBe6Y_J^LcGn(p*knfp}$k4P2K-o1A-^OSIXD#=-~RLu`}R
zJbbT&+sI82?<BW@d(&vMAJ$x=O}=lU%^}Re!af-z%;V%Y5uYNz1<#_<<{YfKM4R(y
zEPO1)nr*UQ$71tJc`f2=<xk+vG}_#THJ4~}2aSb~-B`0t_66Z@x#7d|Ux;%k3gcJc
zUuDirdVxm!m$Bv&?O&s@BtGyOa9j2*;cvX*jPi8EIa4;{GvV9i1#lr6?H9wEOSE5t
zR{N!y1GBG6d2<!{4#aE91>uL}5^z%*?Kj7oOSIpTR{L$31GDeT(`LS>8J~`LFL@?B
zghreEEtyNSIf_=B<Cp{IONY+{Gk-&7yddJ7fSc_s!kSC8!}oo(vywT;XTO<`%^T$6
zh<`4Zgm=oE@a_PO_77vtCE7nq>o|`w2WCH<Q|5E>QpB&(XeSx|U2utZQqgKB9n5yv
ze<zcf6KOMk7V$jtA8-MgQ^A#>(SB*HxkUTrXtiH~IWYSJ-EXcX7e~A)jdq%2%_Z7t
zNvj?H+h#lLNA$G0tNbbAz2uGXi}L625E|_d$C^vDKZ;iS<Cp^%%81w9JVP#u_<Xq{
zyog4d%dqAWZLXx%=4$4^iG7#Mo8?lO@msK59^Nb0h7ZY)!pCUri}$y=#J<kZ+SfVe
z!0Z=w(R@uli+DzSF0dWm2jCLzWT(|mF6O}OKgF4!!-Ztl{4Os42v?xdW)-ZtM4Q!U
zwONZfF#BNf{z15r+zD~kRcE{>+<``$ow4Q;ZFZ&AW)J4T?8nu|JV5>zaePcAOO9jY
z120*!<T(<V*aI@mP&hZO_Iaz7?emczOLAU3<52`l<d-$`&zp!>H`g^cG`BK$Fn2Nc
zHV-wwZ05CV?03F-nR%y~*Rqj+!hFH}uQ?;H8Fb!qn{PMYW#;u><ny{V{DhhP2P4it
zf?@U>48Lz?Ka+@mX5M8!Waf2I<exVu!|NIGOlDr!Mx1?C!o1HLPP``3d1z&E-rJ3w
zKIWn3_st)fKQr$$qhR8HZDuwXHJ3F%V1C%#%-r5Q#r&rEBlBnGUFJh(-VcrEe%@RN
zpE(h~$NYe~zWE7rM>9XqqaA*RhhH(jW?o=U{2bQnwb9}`&HRjwHWNQrmCw)5h^N5k
zNjS5apN$dc=V7>_xsJKD`I0#WKBQvX%;vo2JIyuCoQgfRZDr;J>=Ebi*zg<X_sy%#
zoOe9(_n3b$pD|xCr@=K=Y@0a0y3S`li<dN4GS@LTHMcc)H}^MhGVd~{!L?c(Pd0Nm
zb3gMi^LX=2bK+FWdR|K{zSjJ?`5W^O=F?{0PmJTd#az%_%3Rr8$K1r+#oWitdyBEJ
zSIi%pKR0t|ZRBUiwOTlF=3bqLM=hQ>t*qiNS$w8>t$CmMUo-F1#lG&P@%hL{B{;s9
z8#0dHX!&SmZfE(=ng^SC&yMZzH>Y<j{+{9;5dXyDyiXVXd-q!Wd-GY#xoGi!X`Pb{
zxDbiw!ajaHhH=<e;smaGF2yXTGOcZETbvWGa@)PwwhiOj_G!!SVevucSIw`}I=AdY
z82kFz;-A3WR|R~RZnK<kXzlla#ecT=NsFJi_+^Wy#Qm>mCmpTld$Yy!n~Tso=Bnlz
zFpqO8j<d1lw=lOicc#@&SD4%KTH^)FdC5G|^2b{KG>gAO<1>+uMHc_ayvO{D`3kM)
zo;b;>jx8mwg?Vh*vGD$2oU6j-vgQi3wykb{+}r|Yn@zE>A7`}L-Eu~lc|Vc){2gV6
z<<GX9x0EvlIZG^Oh2?Nw)i^)fExy-$g4TKX!{QfV9s_@`%YeUU;+Qkji1AU(T;1Hz
z+yrJj{JpLn<9ZJ#PHw7pIJ+rx_<Kn|%Na;3XFRRfdaA|WFt0LmQc|{=3)f297}tKk
zHt)0igUWA&{1cXQ&V14G)8KENIG&8Ojx(qEPFm--l*P-!JU0GzQkQWZTLa5^-29BW
zKdtjH)Z$~zye}EYvy|2`tg-ldn8(21QT8&fV>o8!+)@$eA9CTF%$z$a;st5#>u!tl
z9%tn69%VRjB24`4$OrFD#xV~uPd9VUsmR%DK2FDb*y5Z|kk7FZt}zpEPc8PF$6VaZ
ze#_BLWs6s{_`?=|!raN+$DBB!D2{`VDHi9w%s8G8%p1&GXq_M4H;iLToTO51a-zqG
zU$kxirsF+{Ho_&%walC$GIIKxr<)g>KY)2|`MWOX3XJFSh51{{KSS#^;!K9IufJio
z!{2hV;_v=wC!e{rnfLf&+lS0;%+Ju;7w_vu{tGbo#ou@*Fs^g>rkP{sBmRkb6RkGC
zviM>1Y4bT6&yA0i*e=@4W-eeZM(g#eYHn)oZXRWxYhFQP;bXnUH^F@F{Qa5Z{^NK~
znlGEL(^&XOhx^8npVM5}T+UpP*0!}QUXRu}X=(9i&Hc?oX`Pel=EdgE&4<kA%xP~)
zI-YE_+RO>_obWgE5{&EpP{#7BSiHK$>s!2~`5ALR^FUhXWR%5Up>;f~%-hVzXl;Ae
z;^*PS*A&N}K3CH5-$W}vx5aO__?;H7Xs%;^%-n)jn@?N(8CtLDAd3&D^}J@7KQ-^7
z)#g5nAB6e5cwgWb%Q;8uHTuV#5kDqI{8sZFw2rM9t$mfXoSNpkw2t{v^E0%*b9-2P
zsKrNGd^)Xty<zdWFrOFiQ><oO&t<FmOFGVp#SdBhxWzA+Q{0-=W)^b}T5aZ~^&In?
z3&T9N7C5%MEx#hI<E&?HNUNRZ=Dy~swD$YD#ovUvFWygC#kksEWBFSwzMa;-zA>LL
zpEIYz7@)|{WWJr&@!V<gk}!{l_ho7_uH$K9Zg1{P>v#s4r<&K&+E@O(Np50pO{<-D
zaN>Idf0y@TT*olVJjwE>(Ry#sx11&B6_&Hk;#<r+&HK$q&8N)gY3-K-u;MsV(~93@
z@mtKd(|W#D%`MIS%wx@O(mJ2-S$ql1^TvBsn;F-6+iU*Ge9nB4)-k8OJ!#t<<~+2H
zxs16Mt>bBE@g^{jhxfL+Fs|e2YaU@9L#v%>7Ju9Pf%#MOW?I|sviM$$|6uXo%zs+W
zb&IFKn5}3t6RqRVX7SrBUVzs5DFXAkkH_EEr7XXS<y2D+$3NDyoK}|8)^d6>u48!K
za)z5nDgSo-%{s&KXIst!^JnH0=G6I;p37b4yJ@{os?s{1I_5^^$1K0K#XFh1(mHQ_
z%%jbd%?r(&%-@^;G3U*n)P8AmO>;-{X!C6I3iB7{6Xui!lJ=F~T;AN++=15ncBpxg
zd4=VF1oM5xd%IsTuJeDy{1dG<f3x`C=JW-Vw#`PTNS64>3A6ptXupW%lropI{0f#|
z-Etl>H!(M-wXe43KIZY}x#o4|E#~jcm(3{(C7p*%wDy}7=5ypd>!OV79Nuew(A?DA
z-aOJgj@CJ!Zt(@?Rp#}yj%O3h<LQ9k81`7sA@fno|K0p2%x#Bb+Z2V9o(soi#`DTT
zYhSmTOPlMMJDP`>r<xa=H=2JlXDgDl-;(A=w9Zvqb6@i?^F;Hz=A-7*w4UQxnCFCj
z2~rnDT(2+t+lF(~I)*|PzsFq7{GjDGvUnSF7h1>Ajn?PnK+Ac_;$tm7)jZogmsXn}
zm{-wie~absG=F0`hb{gitv0Wka}-O8=cd(uIrIIr&S!0NLvwRl?YE@WPFKt6X*vDP
zlg*3GADXwDzc-&S|7}inXVUTHG8Z@3Ha9f4H}^5W0P{U|Gk#kd%ec<TL|X5w*DXGW
z);U>g-e>;RocgY${Cwsz=DOym%rBa!ncp=pH*Yl`F<&rWH|HvzbZn(*J>SX}e*jMW
zOv7vc7~?uW9n8JWFVJddxW%WMXIjoYi@$5}l@|Y));Zr~K5V{d&RilXzo7X(^TXz+
z%>B&c%<q^tn7^j=d=FdvD9rQ5{zaD<*Lh1_GRfJ^1<hs5514Dw+E+u1w>Eb(_csrx
zbq+_-`nNp8a%Nl3`{t!EpGyn;{`aZnZ?>GB=9A`hcPH()fVqyjo%wn5B=bUA&wZtN
zr}?z`4|A$gN!uov^O?(-A2zo&k1)Sx-eBHp=7ku~8y~5#gcHn}&G>omza0GO|DW;p
z`Ol@z_n9l3YnW@Bo10sj+nYO?yPKag4>gZ4k26m+PdC4Ae$TwbyvqEsd4qYgd7t^9
z`IPxL^Ck0DbNb{-=Q)!(yE&Kn4s(ogKy!&x8^mi}(Q>MpYnfSJFY;TMW1Irp>}K)a
z=6>c`<~e4LHHh|OtO46xVR7EKj-1cUUz%B?DRTCkzc>G6K5ag0zGS{?&VYX_(f&>5
z9A@^li=2FBjw6V8adRp2z2-{h`eydii*`89B>begotgEiBBz_Vr@6nG<4hv|W%C&G
zB=a=$0yFyrMmx*RADTZgZ!~kfKy1tL0^vjEAI!g-|1@LnyZ^S0{{MVmWwdw}^DSnM
zKZ*U8G_xj5#4DJqnAt}$avGXjo7<VYn7f&KoBNqZn#Y<an^{LDj$yX>E%OR9`$k6o
zR`YiA*XD1{?86`1vJZdwteO2MBYxHVkC`=RA_sFF{^#hQ&)1GMXCj9+XTt1<8D{;N
zaP-ONwzVu?*WAL~+8q7xxosDV_b~T1zib|3o@t(KPV8fk_bVUEEdG&st$CAqtNDQW
zu$fb$#CbSjK5IU2PMJC>Kdt#Db2js>=G)D8o9{8R?`Ry){pJVF(SM%j<Oz#M|9Qrr
zws;qFKXdexXZ|pYk2Fs(Pcgr3USM8gUT$7vUT@xM-eW#!X8oTyC%>3anJ=5KnNy}o
z+BU8ECNpaXMf<m!Z#Ne<voCJs-($Yle80K6xq-Q{`Dt?(b3gL{^Dy&B^91u0^V?>Q
z-HPL1VqR`uV_t9GX=dNxXy-fg5%Vu*)<24T_8AUeH>XOQ6i;W)YR+LUV!q2<#$4W9
z)m+2e#N5pMl)1gRtGS1{ubKUm<2epDk214HW#mjT&oa+3e_&o^X1%6pXQO$WnYEiD
z=dk&x`Gonj`GWbfIeogMHd*T_+RtvzWzKIdY-SCp*tU|ny7@tK19M|@Tl3Rq)@h3N
zdzfD^4>YsycjQktvmbcGXPf7n-!*@1{>020Q_;?DGi!=Q{IL0F^9l1M^Hp=o^hxcc
zHM2fdw4cqK$9#vmi1{va8FP7aRdWq<V>4@B#WA!rv({C_pEEyi9%yDi_Q)S)9%r6q
zo?~8Me&5WRTG8f4^EUGi^Ec-G=2Pb1%oog;&HtKHW=J}QY-ZNuietOYoZrkbmXTA!
zT-98|T+iIV+|=CM{EWG~xsUk;^AI!ZVa2h%YJSbkx?qtr-@M4Y%>1#L(|E<UJIuSy
z2h4}fKbudOFPX2JS&uCCmD-%qoW-2me4Ckd$)cUo=4$3z<|gK5=GJD8eTX)nF?Tl)
zGQVVg%RJw_$h^$F+RVNVvELo$-RAw~L*}2%$IX|`*UTw1ChaS&ImT1)nl_uo+3z8a
zjbkgqrOai`51Q+l8=0G$TbbLMIsPK{)!RJ4Jj6WGJk~tbJj1-e{Jwdu`BU@f<}b~A
z%=^s0m`|BGb|aqGH8aO?L_DoIvzcQ$BB!9asJXWJAv4Ex#I}!_JDHy~KWBd4JkUJU
z9Ai58{+VF$H_UU*@0u5zSDINbE{=JVnf2)+{;iqy;v#<3e9U~>eAfJrnYFv4o%H5R
z=ImyUD~bI4W{xq5csVo2m_)pqxt6)UxsjPQ!(-bg&F#&d%+H%&G{0ni**xCN`ggIf
z7@xw|cfQ3JnU|SAGOsm%W&YZHz<k*JvzcRC;&`r@ubWvrJ#x~SZ!zaF7cdtwmo%3#
zS2Nc#vmSfwm*Zu^&CM;%F-C^x^M4j+UB1}1zxgHe%jOB@DdyMA98(i*zGHsR9OG+v
zJfB#6i}?%l0rO$=Y4ch0CG%A?YYfD(r8Z|a-)v^hz{tPdT-eNUI+0V^{D8T(nRNvt
zzp?o-GiwY+PJ1)Q@<hD5d5D?)S|Vqxd4ic^d?IJAdAa#R^G5R)^8xc=^UvlJ=5yu?
z=D*GVn$zK4ZX9Pu^Uda4%p6Y?`320y&85uM%@3OEn;V&*Ft;-IHTO5aWPaKFig}Xx
zZSw;267zEN$L3GWyUgF151PL>v%X@Sw^Qc7&HtLypbtmnXE0|q=P(yFbIeq1%lRI{
z_nB*(A2PQvw>Eb(_cRYQvz}w@Ynpkcd9`_+`7`t9=AGs}=40lQ=CkJW=G5pT5XY9@
zoW-2ooX32JnKc`uo$_YZY>ap{a~<=;=2qsm=FaA>=3eH$=F#R?%u~%X%yZ21%!|y+
z%p5xw&ug>!OEc?3Mh@#kh7X#5GP71><os^_)0_hRGa@IA`6hEV^R4FF&3BvcF;_BI
zHP<$C{8}6X`-_BGqcZ%oxr@1{nPc1{f1r7&d6IdWnRP5<+qcZ`nU|P9GOso7Fz+_+
zHy<(|GoLh{HJ>-9LVuPx&UEI?=9|rV%y*cJnv0t&n;$UOHa}#3()^T}WAx%UpED0K
zzhoY7o@{=@%<+BE<}&k2^G5R)^S9>j%)gocFkdlq3}Eax6*}C6IUX>a%gnibBVNp0
z!d$^z#mupRv26o$J99^KH*-&OKl1?dc=KfQO!I8>Jo7^H8uNPdR`YiA9`io)FXmHb
zj$4fLaKW5XWBqu&&GC$pli7T;xuChIxs<uAxu&^}`4RJ@<|oZhnR}RfoBNvwn_o7M
zF;6m2GtV;5F)uZ*Ft0JMH*Yb2Vcu=tYd&QD!Th`VPxBS?b#rQrTa4F^V>ZJary0J@
zT*zF^T*h49T-*GRxv`n!I%8k0&F##+%ze#+&BM%N%;U|o&2O2PnOB;(n7=UZHt#hb
zGXG#cVLomC(|pOC2IDB>oMbR(HRmuFG2dk_V=iy5YOZ0fXKrAA+}y(4*8H@&yZJfu
zFf+%f#&aBRo@}0Jo^76IUT9uwUSZy3=J?jw@3-df%qPuf%-7Ay(a|&7$!g~K)`)X_
zYdD{|sJXbgin*G(j`?A8Q!~fC#=bh4pEdV44>pfAPcXl2USM8gUT*%_{E2y&nPX<-
zI1ie?H~(TjW&YdzuQ?6Iw?>;8%vsGj%tg(`&6Uhm%@3OEnVXwinx8fQ&-}dkMe}I$
zE9N)MbIl)^SDCk(x0{cfe>JDV_}Msb>C7d}rOj2%HOvp28=5($INFaf#k^+dV)1U~
z-e!(Fj%~-7$D29sIC5s1=a}c2KQyl~Z!~i}a<sYEe87CdeA@h{`I4FAk)zG@<}Bvy
z=7Q#;=F;YJ<_FF7%#F-V%}<)2GIugRYwm9zY<}51#{9aOW2NJ{$M|Tz2bNp>WAi8G
zUFL7h977##9ykAH{==LMV~Qg`m6`JdMm)1Qr}<WMesf`S33F+44RdXC19M~Z6XsUt
zZswlme&zw@VdjzM3Fawgj_;21u)w^;yxjb;`4jUN^B3mbW{wAseH}I*HJ>n_HeWDb
zHmAKKsZGvF676%GcsQq-W5y$%-(1XG!d%vTpE<^l^Zi`Q;!VuW%ukuyo1ZavH}^5W
zU><57VV-85X@1K*-@M4Y%)HvX&djmuao#>R?=pX5K4|{leBAu2`A_pDbDDff`^{j^
zYR+NKYtCmbW-ei_Vy<ScYp!o@Vs2(`ZEk0N*8D&7^X3=Lqs_0FXP9T1-!?BWFEKAS
zZ!~W)?=bH+?>8SZ|7!l-e93&(oFRYG>v)qnhdH-7pSh5^xVe=1UUMaLb@PMfX67f&
z?aZu85byc!=I6{Wng^Ljm|4>x+L>gYW}a_;*ZhHbm3f_cgL#{IhxxGisQIM%jQPCz
zFLSa2NzWyfIl-LSe2Y1cxq!Kdxs<uAxsti6xwiQsa|?58^V8-o<{swW=Kkiv=9kT5
z%#+O1%=63(%}dR!H4*QVHRknZ)}4r)ugyoz$INHU=gfbZS(_r-OemP-%;u;~kqnPp
zEuP<8*nFS4vbl!2wz+}1vAMmulexS3Ir9tVf#wP3DdyMAZ<v>vSDM$FKQ-?(?=iDJ
zMx5It<}>DV=D*B;n==$jYUd_%4s&jEK64>6>ukjFR5DjLv;Icp)HgRWw=;J%cQf}i
z4>PlNN3=iQJlQ<cJlnj~yu!T3%=#YD{uc8WX4dzJoFB}`&A*zX)(7AJmn@#9a8f%N
z%-PI2%|*<2nah~Vn`@ctnj4y%nA@2<n!A~Mn){gtn1`81n#Y?bn`fG5n-`gvnLjeG
zHE%L+H6Jh^He)DB;yj~#UC`a*zwz?8W%u9f%l{Uybt*Hu&;J)km&X6hb|T-~$!BrA
z1^&w^W-ehaZ7yf7X0BzfYp!o@Zf<FAWA0$?VeW12XC7c4WgcgqXr5}GVV-4PXkKJq
zW?pGtZC+>IVBT!rZQg4>U_NX<YCdK@XTD&*Y`$hrmOSaTPG!zw&TjVc=6Nk%%v{1;
z+FZ{3|BXGbYdQ7Jjm%BW&CM;%ZOk3aoy}d%J<Pq$L(Id?qs-&X6U|f2GtB?rxcGUN
zv(UWAyxP3ZyurNLyxY9je87CzeAIl*eA0Zze9nBq%(-deb0(EJojId9i<x!dW7}Nj
zyk?FikNP1TKb{Q>A3J3X>q@p)#!!c32W50iO?Fg9SFL2n<?Qeo8J8x>IIf&+7J)h6
z9DOJJk6aE;mGVZs5}ZM90CS8v^Bck(V@^K`b6!KbC0tN$3*Ra8bFP%!4dxtk%<lzP
zmixff<w0;Ac{toa=I2}!c?$f5JRN>Yo(VrA&w_i(n_!MT=YF@rgJgat4VRC=W8@#;
ziSo}d$DwoE<M1r`Bs^C>19QGP=A4C>$bZ0`V~+9j@EZ9Nyg|MWbF4aZlHt9!Lrw$l
zlM`T$NoUSY@UL<f_=21bzAEQ}Sqz2wdEm5iAvlv<0lwLsTds^a$ER~!&VO21=A2Q*
z<yvqVxh{O4+yLfSb#B`bt|>nX*OMQE8_Jw->M@z0b5F`o!ENRCa3{GV+)ZZPj=pkt
zc&OY19xFcwbDlUJPak-?JOJhxcE$(6Z_E5#d`}(&b38k9_?h>iJQH3gzYcReJ9FNG
zx5@Ki&SAv(0(h_dE__gaA3iEChL6ij;WIMlDg9Gk31603N8}%wpOL9j-`LkyID@<o
z&LZ>kFQ@!7oL4>$7m)e+S4=(&bNoAx{|~sF%+JC~GV6<Q{y65azDRBP8eCug2YyuM
z=UQ_)CH$0}7Uo!Zw!_cJXJytP=_%)d`^x#@p>jcZtXvqLCKrV{KPcP03(LE5X?U4j
z0scs?1b-q|gFlmNz+cF<;9YW4_*?l&_>lY*{G;3!J|TC2f0Mhy=j9&o6`6B(a86Jj
z^Dr!_aiL6)!jd45g|o`z;alV>@NM!exS%{2=2&>PGapMSc>&C^@QlBUrHZ@^t|700
z>&l!D?Gbq$+*IBKw~#l(ZRD+RNBIl5tNa!GoV*L>*m)kq*H{M0-@+s01Mpb+7(7Wn
z4RhX8ZhIEXZ21qE<LDW`faP8J8oX3y4V6`L0=!nv1aFkH!k^2z;IHKT@HaBQ>o}&K
z`zj1`?k&0~%rW&ezXMOpCE!2ga`0a=zXLhGp85B~De)ywbH2FrGQS%$%Qaz+uV>DK
za2}c8nfc{<a8a3cTsWT>^BcisWqyBhZZF39{aH=!3fGo<!S&@n@S}2HxViiy+*%$A
zcaTTI&&d2P<rsYKi{GWs%df)&<$3Thc^N!fUIlXuKDS*BPm}pw`ntRheoI~tFOc~i
zyI9@^uaLijKbCjHpUQjSE%ILYOPSxpU&{yJ{qjNhh<pV8S>|{3Dfu_}y!;1zUA_pX
zO?TsYCC6uZRyie{M=k_&3_hQG5xA6G46Z2O1wSCOmJG+>GoRnj56fj?j=^WVJlss?
z_jW6}3fw`i4nHF|f;k?a+ctxrmsxLSfZPgxNp1s=lH0)?r_XIWz*FUp@N05+c#hly
zen;*HFOvJi%jH4vYIz8}UVaJQEDwjb%cEe9-{&!~p3Oda9L(|ijE{$Zk|)9^<;n2x
z@>KYO%<Bk_<>$7q!O1W-oSqM-k=MW(<*hKs@-v6m2)D`G;X?8^FvssR=MY?4J_g?_
z^BSRw{2R>i`^;x8oVqf<{~wVv!cApf3$R8%^K-)-%TMQlJIc4gUFCW($M`enVYr{%
z03IYahKI{d;W6^#@I;y4`LD{YV2<}^oBVE{E586Ql!w5a7nwOD;8pT0c&*IZHXQrU
zocS>4!lM_!U&-&m9Q)7sBKSL*^>2QVc`fjZyc*^_dd&Y6<~+*uCYbXm(_7)|@|Q5{
z05HB6PA?yWGs_p?9P)KIkIe6R)&$_T$?@4=R89$(l+(jyWq$uxlvx+&0XYZ!pv>>~
zhh=`ZH<qiy&E#5eTe&vOc>s9~{GMlh0J=UrSmt;BXqod^PLUslXUk8(3uJ!(e;~Jm
zKa%<V&$0h(zbE{e{5<@HJP_U`zXX3PbKaRlGQa14l;46`2Y_v|Ue0gwd+>RAF?>Z{
z26OI0=C6QR6M+5@PLNqgCx`q6e22{M|2yTc;j%KX1@4#k!F6O_7c`cCgrAg8!B5M)
zF5tX}Jcf&KPx&(3SH21ll&`^@50Uw-yE8`41W%On!mrA_7MLX$gy+hI;e|5m@hp+=
zhF8k0&9g>kZJrHs1$e7m8D<Ru9?$*o9{C~ofZPz~+>6ZNe4)qWcJQw<>-3zHhr*X+
zUJJ0E0Jj|hr^tB2tj&{79s{$U0CUE{+2yJ5tun6>^2xK|BJzB=gv{%Od*r2X1$hHp
zRsIaFCG#4Ab31asdtlZapm|;JxcoibQa%p1lh44N<=^36@;R9EKeC-m@F@8TJYG(X
z?;O?{U`{&tH8}%3M`n$mcjPSaBAIjIESGs5v05$zub0cho8>C-cDWk7TYdy){Q(}s
z<M3g*IsB8{20kgXuFvmscld(LYl^G#b8xauH`?qCr;&NBkx}jkXOjoPx#S`6?K0<v
zEhLYCOUYy5iZZW9YRYfH4dexIGx<Zft<0K0tXIJ2`x)Fv-U<(v55c45qwo~@6#SZe
z7M>&j3v&)iw#nK*oP(0i3NM#$hFO<@@m%nFxfr}zW{scia#?t{%z8ij<on>m^8N5n
za&`EmTnqkPZUkSDo4{9P)&xq19~yZ)ypBjC^Ex7<+z!qrcZON7fcd<p;2axtces$;
z7rsj#0GF1B!j)uRU$Axox19vnmU&IV+69cyh98v|!Oi8>aBF!D+(F&|KO=90d&s<Y
zU>yUtxfdQF^V(sUd=%z9o6I=_PmnLd(_~&Rye?mXS<`^|f5Qu8))QJRr@;3T=ig*b
zYWQP0BmAkH8{Q(bhR~NXuNPR~fZLXW_seDABXW6|^$nPFAACx#2A`E#bBJ?yGN%sw
zxBL*CJoAlseK@WB2%JggwZ_eI6F9fbx<q%#Pr`-e)^KsT4a~X++;4mMKKW_*ez_A|
zQ)W%0dU7wAH4wNhYZpBxvqsUA^4oA*ne~b~$-HLiCcg{!lHZ44ke9-PWnR~ekhjBQ
z<s<MU`8YgXJ_XN~&%kfXzr*j!=isICpD^bk<#V|Pua*CSH_EJO^tqf1{z}dRe<K%x
zzmv<uKgg_C^ov{rX8i>2t2X?HTo3+Bt`A?Ao5Lxy+{o_;r<Xg!te?PkSjQ-b+!f9v
z_ki=uqv4|RB)Fu^YZlIJ%68s`E6ThcVJ!v5KZGBYS;y#Mc?-;13e5Q&ZYF;Lx01hv
zSxbRAoFlr6{5AYP`8&9e`~%GSQknlF%=uDjUcZc#Pr$Fp7vL!}>mkjQuflK2*Wvkc
z8hr1)FK2{5kh8)c$vI)pwaWeGf;Y>oleAqf4)2yr!uw=iv#=%ux2+EUB-eyb%B-LC
zyIdD$O$O%ky5_1}ALjh6j5mhU$W39^WMDk;dPi=7crN)VnDe?ahu1!L$sOU+GHWm0
zEBAvr-z)P6!ZqZV;kq)fi5`*1z)j`pa0~fOxQ)!~nvU`YxU0Mgeoo#3_mf$BX^^}Z
z9xm^P$H=_KnJ6EJUzPuaXUYG-bLCX{{#+>Y`i1oz_#AV?E9LU=8kzH8Z;)Srx61wD
zuVr3$9FRHRHS0OBP0pWnOr8b*D)U<7oXmPimt<adT$6cykpguI*v<wxz04X&nPtws
z#o7+c*#qa5d3{kp=JiD}`3iiu{5M=qz7AKCc}>B2a@l51xQ=`)+(72FLlc>`j#vwV
z`6b~tav8XzTm|kb^LpVq`7yYk+yx#akAR2EtVJ|Nehr=|&xK!=`5it>ejnzXygVL$
zpD&bIqiBiD8bvE*ez&iY*TI~(m)mZDx5}H~9r8|?^(C0I8$KZa2!AghgIRZiImcnn
z?Mw6f{G9w3d`Z3rUz7iZQ`~$bpEZrr$?4&n<ScLwIS0%d6l|aKYUP(p!9`_$pL4!o
z=J5NxtXv7MDD%7h0r>&=LAf@}dKBEYF5Fmd1UHkL!mLxloX6qzGQab?$nD|($xp+5
z<gPI1Ddx6);i2-2@JM+$JYF6Nvt|YJN5ikl{QhUn3dT9d_&f4Mm^CXHpA0XTr@^b`
z8Sr{}F3kEB%%2Bumsvk)x4aN${R-wRh7ZfjVAii-d^vnlUJ0{)1>@`Bi}I&1=S^mO
zJDeOH1n6(!wDNwKwJaDv2xpf${}*dnFn$H*Jj?VoxQNUeOC@ApFR-o!b5g?<<g_sB
zS}>jgt|i|Dv#tf>S>Z-<cKC7mHn^o+1a2qa4|kS17kYP@*9E=hCh&`L3wVgkdBk3p
zyTaq-=itdQuM1|#tg-ZlJPw{GPlj3hg2z7%UM9Z<e<;5VuakK#z`3EBzYyLgzX$J>
z7sGqy)iCQ|FrRaE{Uq;#Ps!iHtb@Uv{qRNkJNTM>2<E)f%sB$5mw$${$gJCRi~K8m
zo6LFL3(6PaJLSu8DVg=0%FEZ`Dl)GlYRV~K*2Lg3q=FmEY2oH_dbqWm6@FUI33rum
zg?q_);TL4qf*LFrfJexM;jwZtc#_O(lj(8^m^CzbY~|p2GOtbEldHn3WY&@TROWTc
z7cy%{?UEmbSx<v)J_a9>dCl^p%z5lj$em!;*<k)N@Oil#%sLy4zX1O$v+h)C)O=uk
zFq|N>?o?Kpb*FBT-+*tE=fDMJUbEaKFNVv=t6|pPVEepIc|iUYt}XLAh4nX>vkh)4
ze+fS+e+9RdS*NPA%sN%w<!|BM@_v}}db7=gFz5BAkH914Gw>_&MR<z*56l`J%ukK)
zx;JHB*UXnWAKClzt?(*2AG}uPb<IYZb*eaTINPiUe<fFezmcoL-^q`_Kgf^4tlhzF
zS-<ME+zI|e?gIZM^ZMnwJPc+X4{rM!oL=U22kUq+z8uai^IC&-JQ)87E-9~v?~_@}
zit~~)XFL3`{1wc49gOo@qq%$(X1xx^d417QJ_C1?e}{X?f5I=wS76re;I_Qh7$IkX
z$I2OD*6v^qYhO*5Z-Hmax#72EUW2?V-v+ae2e;+*$cJ(vc%57c-Xzz6IZrzC>%lwa
zMlfr4Fx~+^DD#@)sQfH^TxPwiGxCct>v(Y6f$(K{F#M1F5}Yd6jT~NIWRRD_S!7-#
z<doOIdF6F*0eLITnjYNOSMc5P9=M$R9b8F13Rja)!L0ScZ8>jReK|e8ADYMsFz0P&
zP8PVW%(_;cWnLHjPtFNHFXw^>%Di4+tq-<y2RvFX08f;8z3{4B2A(BXg6GN)zzbzw
zBP@~Y!>i;+;I(oKc%$4F-X^mS)=s$_%z7X^wtg_@j;DEza8w=uAD4&0XXH^Z>wz%;
z75K6|0p|SjjI(Z53e=#W=fHd<$G_)zgz=~1e|<i&>3=R{E^V%2u4`^;Ze#9h?q?ou
zo@i#j$>@W+(7e*T!MwwKz<kVn&V0?B4*kPoU)jz1%q7h1vl#j8gBWgPW<SD+cQ*Gn
z4>6B3&oIw3FEg(*Z!_;TA2qXIT^!G4b1J+qBF=uo;k@Qz=5pq0=KAL5X7)LYHrdZC
zJiyGpWf7lho?~8QUTtQ7uh@3C`LOw<nf<XMKN<SIgfp7i*DB(L%%#m$%yrF8&27x=
z&lGL;Gqc}s#MwV7%>KP$_UR3;G;c8PFtcw^<R3GiGhZ{OL%)s4&u-3VE@7@<u4QH)
zooJ_}xwE;qnf+!WpZ#FMGtBeM%gpTi8u{$Y5@sLQ@KH1SvPPW!SHtYH8fM>=F#D#4
z*&j8`KB(bpX7)9WIQyD}JD7Wz2bf2hr<&)O*>@z`WFL|6X7g_IVe?5d`+~%_$#5?}
zoY9=iT*zG7%)XkjE&FYR*(WpH#>~DK5odqP@Nn})^DOg1^Gfpu^A7U?^D*-|Gy5^b
zF|Z#)IJ-HYxrCYh4<f&oxskc0xwE;qd5D?)2BOUw=6U92=5^+6=Dp^lX5R0Q_Ai@L
z;T~|rd7nO<*Idk8&dmGqkze1;d+-rwU%oK!wTIbfFU)>=VfM`n&oQ$PUc}k&F3i4m
z;oWBTsf#%K(S_M}E}RVaKEoN!yw4qR_KOR%FI<@Y-@<jx?B^D7-jfdV-gEf>0D{J8
A^8f$<

diff --git a/crypto/hmac.o b/crypto/hmac.o
deleted file mode 100644
index 69cf2c4ffaf1b84ac3c043ffcfffe464d200d0bf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 10444
zcmdU#e{@_&b;sxJTm4+?hb_yNV~4C9lh}>5E6K)HoCr&@9a~tjY)f(taU!jxwX~76
zE3_+HPW%fW0u6;CL4K29l@OpgO%r~Ez-c)r&LP2&H25Tt6KH!#C=EXfZ4#jPw1o8g
zop)z-WqeBbqknYHc{886bKjkrJNM0-{c(J2$2Fek8J9eBgPE%tQ&WW&-<b7QVYOLd
zmO0h`v+`qqRXM%z@gF8yei2$Zd)MoUO^u1BH^K}2j&SA56QRWBClYPXC0hHQivDu}
zhWfZMjkBh0wq@n%eL)pBHCJ3)24$(A-p6`S*)x0BMLkeG`DDx0L;Ig<D=>{AGrpz1
zZ(V)cR@2yKmiH`Q`N7*?siRY@?Yru{jSa9L)Z1#C>b&OipwjF;zBU@5)35UyPw(pp
zJ7M#J6^<7)i^)*!W=!#k+P3FvTYp&F@_Oy2dlr_xYRtTO&;Akf?hATbIXipay!-UL
zXF2b_w?6OLKYHGM^X9!peDDY7y#SH)CX#QwBW8hT>Q!X@CpcV)tb95YMjV>I42L5q
zK3Wi7gyMwv;m}7YcK4hEztwx1VK)qY<lZC5y+t8o>M&}if0r`k6&6Aq@`{@v4TTDx
zKtm{0G=`cVE=Z+wCKN8(L1A&hJ+>&ikwv)R*S08{K@ko^={g$lioc9{!TZ?uCu<=o
zc%HanBk=?^c5g>s*yq3ZWt2sXX+KLeMb{wnb2G>n7g69(l52{l$p=4xd_~dcsDJ1+
z@Y_r=n~5cZ$ik-hW)uuUTi;{~E<@d)x)*ujKL3s@(Ne_4@b4m;B6`@ryB%Cv^bB(U
z9vZ6&>{4v)_(A>MuI`zF-%<G!SV~hG#~ofBGP^9^y#rXS$XIp=LL$?GC>-q7wF2po
z$Vl?AwC-T*D=_25*m{UnE{qpT<KFvGExVP~dUo#5yn3|k63Dy;4%46c^W$Z=vf3C_
z&m1dH8E+j8eH&Lr1F~!Z{Dj^sz3xzPOQqN4)mM6Zc&n*sk@k09p#97-Q?U!})40D^
z+K<9YSLir$F>t*ooVbtzEqnwDUxJ0(tpe_P^{A=155lJ*d`x%C5m~#`cu+LH7ijo1
zy9(L!v7l#aJPM6hVB=R-ql<=dcjyRa{Wa;c1P;tw{FYd}!V1L|{>+(Ud5srDV@IIj
zwXnw{c?%0)LOXkeSoLNWg;ThpigC9n%)FG_u(#7arry0=fgm1sG9H$pIf#dyT&S(6
z2Jv892ia=lp_8rCtlD_!WIX&mszE&LW{}Ut!=4}jrX?P_g6dft58X8M6R20LLB`R<
zuqT`!57UT;CTZV!f%dal&FyGsJY=MOUOdo1k0?xENP!k^fx>TL;Q^~4@o+nYRoJP%
zp}X~Grsv|}Q=;+HK;r`O@DMa&un~sw`72cMsPwtaHc6k{<Jjj_R+x{6vvcwAtY};p
zXn0%Bi-#Ab$N9aP#WnEu2$v4`RTHXPnGGT{i~kNcQT9;2(UNUk6#gQlOO{@akoNC;
zk{ZkqR($rCu0-a4k`ZXd)r=);+AQ4-E&mk#TFod4Zd>|Kyy2!YOtP98>@a4QewxZR
z(^pok?9?pf9Y+Ei_7>wU^xj@x74gfLmoM}d6;>|A?!C%HBJYF<x`M^<dj+J}-<KG_
zd}HLQNIOndg;ic8!itAVQCYsF35vy@*Iq?=Nv&zGibGNw^ENFDZoYgOJ8P-Avuznw
zA_c}T4vdB{fCZ>ZAFP(GpR2<6<)|v<id#>5m_&o^tMWr9Jrk;#X@lNE*8s<G>>O~_
zWf%)qDHzG+%i62fFT2_fp}N4fEV&HMTdD^dG}p`*L5T?-GM?GP;y*0jz{0+}%`d$@
zr%=f!MvZ5>SWqEkX1Mw0(?uZ9bhCKfVlNA4s(YTPdaKaG;^!8xXW?{vE}*-Yx<9qL
z`&l^My?I@3^rN^!rv4PmW4MaVq?s`*E}c5X+6g5&e2TRXE6G&e(m6;A5od4=iyvFO
zfd#j@@I1#*x6&$fv7mx>44W6(=57{0v)IeRnVNG9byr)39u_~ccs&cJJLi}=-M!R(
z+3N0R;dJL5!yS)%HXXzAATH;a@l&i#Dam_JvG#r?8P7Xr1xAP`A1Q2eX6(<UDKv)6
zOQ?F@f0vgb=i>}N8gF3Y@OUm`;yu~qL^hrpn#ha{XL2K%gYof+%#F!`TsEG}jyE-K
z*bq-l3{IxfnRx$XYIHC@mKexnr{ae)6C?4~pe2?VACGU&q;ttMZhKeaU?M(@n+_!=
zlFrCLX3Swcm&uG~<5SSiChA6~8tOOHB}WhZz95wz7@ZtU8Z(SOV*?y^HaCc~Wo($U
z4rTzh6E3iR@ME4|SQ0Uwe-mEi<YLQ3$W2L!l@uWNN(yaWVe?Al;gTB5A(#t=L;mp+
zM;<MS%+dcYJ6gj23hf9yI|8qSeRw5U0^}T@lLwLoR#J+**pB1>^&Co;Fy1<n>7m?k
z@AlNtFqSQmOPYbqBt936CC9SKoEhm&jVA_8*Y?(i-p$?n>>Bru4Zg!nrn9M`baF5{
zfEY4jr6Y65T)X8Rz1O7DiBU6}Ne@Nydi=1F9nMVT=8F)rxpj@b>?y;Zu1#jMiJ@d~
z+h}HBq_;gin4AiF?-?KD=(g?biEfUrk2S>_qjh8KVjwX(ngypbb-CnJt}ctGB9%$k
zjiz$Ri3FR5qII1pI&lXgvw7gkE2DJ>pq@&Prqao}1CwccM>d#Ub~w=xbQw&86Ozs^
z@E9iJiK!f(lVro3OE}ebJZ2MP$-xu`-Mc-J9S+>_`#zxqnlS$XKA2PRQR=2-?(le0
z>C@gkzZmOuEYZODVR0&T`X>(@NKP19Y}f#kcGcR`DL6NIxOX&}HiN05WHuL=wpKAW
zE~{S4;DL?H(~P?iA9hu(C9`ew=8e(S0~48SmODh<&TY|#SYv&xeoe3{W&yUYXs~^m
zeRlW2G9Jj7p02IEt!-VM9X;J!dpp{@x9(}}=xVMnZEb6BZYaeKNPRXBO1oc3J-j-A
z;6)X@us#IQN?d%UF%?6H`@7TOp6ztpZj0j#4wKo#W4S~>%G^Xy4m+AijwWIfI3{Lm
zc2Q!8y@ZMNXR{(5O!iL>^&Xf=j3wtuQk-clXifC@Pb3e{YerDdt0yKBX{^XR8Dr9!
zz_?5doAMa8Y!eIi;#km!9o$roqm|oH!AoJBQ+#VF3N?C}M@S}qPu53}<la`xQFqLy
zX?%?q#f`zyC1~TS$8c$Tx1sJl56s(GqnPqXU}zs+477(suGOPGj)(RrV>)SH9sx6F
z8`DNyT-iUQw*@-x9-w(Y>`f6QxjAk^-7%YrFE-{GlpG(wyI>o~w-=YT_gmO&b<R|6
zJj82z-+{gT5YS$Uw9#HaE^V(FjaMpx!^!jX4&v#-7lHZY^cV`d-};qUUpR^VvOhPE
zTfpufp!pmcqXbE=?F8!D-t^mzSp^yG@hI%<-3@m40L>ZLJ92^XF+Q}tFTvj5K#%q+
zrH$i!02l4?EX%Z|0(_o5wm*VP>*W>(I|T1xVjHio;<DdCp=7!PdQAb^oH|TT<8sXU
zv(U3U2rEdg?J2OHM;~?~j+^tSmNwR3#O3Y*nipWNk08mlJ&(G!Hwt@wkkKAK7Ulhn
z+l`BPpxJ=$yj~_qa`sp%cbO>|c?3c}*R;XD=x@fNwznG3`7mTIIeV_|N-YnY*WPq;
zmi|18tQY8J)YSuH_4Ue7pQD;fzQG4dm3-^zIe~8@QP(-Mx#SyuF*uiaRMg2g_?W1Y
zZx*W>$HNt!OFmY_#RT6(i=aWDy2RdVTm>cTmz-C}^5zrU*X3)0elzOla5?+i&THR&
zUY#H5T(Yy5cR34tc$34O93XhWvF~<u(wRHO*_-ChL{`xrEaXgNIXEe?Pfy&-m~u@2
z@Y6mMp99Ann<wsN;fZVMFUS1s<Sjvl6vgHASCK`Z{&T#REc*3i8P9sfO=KC*)rwol
zvRGTlh<~Q-xEyzo`5+?g!sYb4$)dkc@qV)CUjbfB2OyCnGPaFi%IPz*lfO&k^dC7Q
zWBxOd(-hgsPg0HteH7&f$xxt=$r17Mog!zI91$OWTI8HQ*~uRkIoE+45#K&0@+eBO
zv;TFGuR=+7cFu~NYejbQ?~8mbO0u(mDIQCXzaBEO^GTz~xt?SvZxcD!mh61eDRQne
z*~xFB9KPZy@wn);K!+TW82G5jw?Iyg$ok$Za>fPO$v-Rd4#>%oivUOui+q=`v(N8*
zIY-70+1WWGa>fza$)6KBV~XtTqiU+Kt%gxn3UhsVd9vMdN}jv~xRzDIwTjmWb4RA%
zsl(m(PlaiZzF=RRJ1=LSb9VMQPu_bDWshR+OO*c(<)ARX=@=2_Z!YZHlUD#-V?5dJ
zxu-g2$U5edxPEc0nl~>G=OQM?oYRjh-k_L!tkc<{c#q<DEACS~q<CEMA;m`&^LccA
zeN6EKia)RTYl^?A_`8Zj@SU?+t+-Y(e;#x??@^poJVKV($bem(@S82K7#$+npRHtF
zKCa}SQq1^weSKcZzpUhsEBTX3{vE~tqWHg*{+nbO=Ori|Z&KW+_<f4+Q2Z6e-&g!=
z#ickDIs0oBcPO4Di%)J=^5bClEZj!9`0#F}f4`D{LGfcs=d_YPrQ~Oo{JTp2BgMZ|
zT#8M?jiG{!c{0TncPbuNJfrwCiq9zinc@QM6VCocimz6@UvZ8sKAchfsN!c7|5))G
ziWg%OadzU0IZqeQ7-pW?rIX{MMV|Spb8>Fwj@K%7`y@p9eUf|?E~mdkai`+Fir=F+
zp*X3S`-!u8v*MGAKcJXD(K`JZ#rG@ztm3~_`~}5dRm{D}+5EQR=N12>;vXpfh2qx~
z^8<sk>EpR}%->TTU#xhQVt$S9bmEHFDdrEcPKUqzJKm+ZTQScBPG?xL-Vd`%&a;Hm
zKc;wE@okDfq4<>I&nSLSG0z6hKKD$=-%$LtVxA40&I^ivqWI^Ef2H`GV*Yo;*(p_A
zqj-g4`|f6jREf(y`#d)|JB$G*{|%UbTVZ+w7n#o@V}Q)>6iS5oELI3#4CXtII+uZ$
z3ts`|`;PJk@a4iSV7~h(=h=j@K^_J-3*QLdCOit>Et~;gCp-b>yOQ@#f*B9wDez%o
zK9@X0QhpMAi|{SrzYykg$v@Um=RWYA!ViM)6MhtYzc8P<zZU)$_+jA}!2AiEc3uMW
zCulOyU8jZVOU4Q1{8jEBgv(JrFHB#4Pxx&pe;|A*%6}DJgYw^mn^3+cydC9lg!@o(
zZP`~pI3mpFsakjl%=a~Q_*bJf!eiid!sFm(VLoS@h54Md3m*k{3e(3u!ncF36Xtm&
zA^Z?{NSHnw6Mh1m6@C_cNccrClgC4-B**q#3Oy!$u3m+@i*3Fa9P_h><L!#O75@+Y
Cx_y@b

diff --git a/crypto/md2.o b/crypto/md2.o
deleted file mode 100644
index 46d054d9e05ed333f27f95b69b909ea413b7557c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 9808
zcma)?3wV^(na9sJ-%K(?Ciid&K^-WUfX++;hyjV_%1sc-MG#S#B$F^OnF%u!2!e)E
z%f%IiqOH1gv87VGti4#)OP8)htrZK_t*&C#m9DyrmnvdathMR?|9$7ooIKiR_dL(}
z&hNbEJ@0wX`Oa;=q`z_D9K$e#3Wm5|WO73I3Q=MTG2K!q7w3u5N_9wD?eIFA%$hc{
zpsC)ss<oo2zM`z5Y+C2xx4oW4o^?Vz_;|r=_n0Y9Wec%jZks9UoT99CRYOHxy(pWu
z{myspX(+q9rY7~nQg?NZ*EQ#pK_TiK`ChZlQPboQP+TyVRi<5qDs`f4T<6c<%snGS
z(ZCt6xuU@lGU4@6A>5Tk0|h838aQ<<^zxF=Dn0Aou07#=&GChKu%x!mUoyru?#Y^G
zQq}q1yea;g#-khVbJo0f^n`Pf*ETTDU-Hc0l;e+gmvkQScpc-qOZ>U6vx5iEcb>?b
z^TD8d-P56yOHS9GLpwgJoilY`D>*jyggM51xv*y1(bpWFO7Gc<iqzci2mRh}zCT#)
zt-H5i-0>RQyx-gS$3cJY)Z+zXoXX>;$DS;-yk4+kYGX}VL+9a-x1B-%CkN_}egEWU
zqk2Zm_ue~`RowPN*GETxoxJs~y%)ZGWZ~9l&i}`yv%h%Z)QGOS_^4Y(zE$+^S3ddT
z@Bit)=HL7I$G81k@ckQpw0h&7;SXkCe#helJ9EaZ9J{6ex_g%Io;vB`%Z~r=W1oJ<
z94xK)`Mmr7^*>&^{##T2<?4TaYVjjgzx(zNZhUC{U)KKjzLfLB#_#rA)3I*5Z`-xM
z4gZh-en;7=2@m}Er;mOzW=<$Fz2>I;*0~41_S%x4%z9$QXV3oPSMN-`s5v+G&GMT)
z&%b`+PqklP)U@W+OP-Dn9QyP4KWuV)fBCZoeLL>_hd0_!cfb9c|NQHv;=Gw>KX^E=
zbJ=rm9^8;P_ipbM!zvrDI(+*dFBtvG-MgmkFZ@P{7c*=S!4$@3f!D*l3hM!5WTp@4
zNJJ;*smLpEVv30^7~Jtl8FnLfA=>3W=P>ZCj$P*Mt}VuGP9e&XXE=wr98uYEfp2v<
zJxF$$PAI}^DcT_6Y4qS}u+j<U5t`5_gTu($40IUo3z>7cmNDnZz8X2x>59Zs!r{z*
zmt}6(B`kAiyO=m#F)PUqAaOdO)L@x&Z$REP1`l(}MUZ4|!sFYB*&TQc3U`a+=HG%m
z6Yy|sBMQ1L9NS;Vv%r%@-a&bdCzrgl7SF3h7OhdmGL&!UKT!FgaGeKs+`^`YEkyIi
zGLYcl8~f%UpVOY|gOJGJjR<2oE&G^RBQtxLNeSaxdi^}2$aS)fyd9`!G^^KV?AwLB
zZLygary%C<fZ{6-^ucIxxLXR0W}~9OXfi)CnqZ&^g+@xfUt^yMMcY7%2ChIXoN4K>
zgo9WZ!NW+^LU;&NbU91cGy4Lv#m4~Wpn4V=wzwG{oPzAnh-lVvBhp-_2O1^pOx}3t
z8N1cQG4?%%lEOAiNTeCtpWXClGDIArZ`GpiDrPWvduiw<WQs>ag$>1#VPj~#xEwM%
zbh{;MF={XZDBuumK8kX`taBh!Cx4c#gAPdjf{gEMZTKE&7*k(F9T(S(DA|U`hzK5Q
z5!v2I!pK@aIK{+>MpU6}I4anM7FmV4&N4_x38T=MkXM{z=9T3Y8bw(JSd@<OA}8lE
zh%j{}x-qr$Aw}aOgqb%h=hB?{#hBBEF~8UVWRDf|i-Rb37aKV_ET$CGR_RuuY*@gs
zvy)2MRL!XG)Rj^#$0ba+ZPJ0}z0-$ebJ;E%%L^Enmwu&z{GD43^rI3=1-EQ9gk#j6
zx>0zkuq$1q-6Gi4vc;+rT_~9d|1nUS3Ji>}Tbxunzj%7-Y|Gb?E=zILL=G^+HHe02
zV!|b6icLNHk*0$a<Pa76nVyemh!(EjMhmZDG7r%d8~gVYmfCVAG|8Gw`I-&U%p{Iz
zie&$Og0-qeGsp_GJOj}XtxRSknxeOVKj8{n&ZGsAmYLfAw}R4vR#?n5fC!gqpx(xe
zmn|7D6Zy2$W@}^|V*^&;ez6@9BgN!)M5n-hkRB@T2M28hChuE#9g|NH|DJ9$b&puO
zE15iPVKbAnwiHh*WbC)F&H$nzRy>R3w1wB>X@y7ev`br<JckHHs|XM78u?gN=m(P;
z3$J6swPw3X;;CYY>-1{8I^Y#Dxy-^9OjNbz{h4a%){3A|YU#FQO4DPSDQ(V_rl-Of
zw2eIhfiuqz^h$+SQRuLa5ySXAFIV6~$x^n~p4ixvii==tGMq>TBVCF3+ST#Y+W7il
zPa?i1+@4AX!^xhisWWB-Ly3;wNGu*~>y1P^g59C^c(O0JA)Z(pthGx5p`M;#eLR*5
z$53rSXniQS8kIJL5@BVeJ>IP_n2N`v$zUI}lOcb!ud-r>KOF7+vLF&`kM?$ih3M{>
z8fd52w$p*t<YcM?=QY?G0GIVNPYT220c)5%3$RHz9i}5qh6gtmOV*#JjO<1n#zq#Z
zXESkohQZ2B>AEIMWnH%<BVF3>fy^{%)!am>>9U@iWIKj=gU1DF9*x5z<%ez|@9$W(
zw9T-`iJF$TX1~S;{W34G+UH(OFDS8V+4|O4z%P1d`?cB9u|@$lsc-8zEIX<d_QPrU
zt*oIB7z4xXp_F3<lUZi5rIY0;u=Lr=W~(iy<>zK=By9V(Jj;?>V=Mi%N6ul{F+3Ov
z$T?mHdt{AzUz#kh;U{KuG8IaNMO$xYXE-6E;m(v;)G&2rYflHo#QK(HqJ3?$w_Eha
zl98@hxWm_usVO3{p5Bz`j6|a%8jp4P(xtotCRfK3siC6oaCb7C5_7L?_0{{P2dV;7
zeg1CNY!5}FNpLLgPlfwZ{v=jTBp&leBdKsA#G)>re=(B9sDUY4-9B@s&)*64NGuwO
zh5enqF{?)MtCnIo80t%5t%NHx{?kKy9R%%lVRhiky}*)9Rjsr~WKJX&ii%|9hHz?Q
zPuT9VRfERRxAvZmTx2V;^xMP9q#OYj#(Ps7sYo;&v#VLna|rd}<WSF#MN;Cb`74`S
z>zc8B&8@GW<tuMb#FI&`cmI`heU*W!6@iM$_V`&p8hrL<B$iow0ZeqpMQd~8%G$c-
z#S2?o8doly-_qDryRf;sVpwh6{OU^nLO>|76D#G0rh>EFCi^_Lcg0B%jYGT;k-C^T
zf`{HjM9OhpwYCt-x$U|TDd$<oOE#G&FoPTRdCHAMbRhDGW1yUePbDJd1Be$OvhFEF
z+9sbyWMH10k4QO>KL*<2>9YutcDUs;P@l|S2-H`5Jmo4_eGeozcBevZB9Kfa>~yuF
zL^v7>$Z078R*o}P1h7~_BG87{9!SLPj8)nZZtLw@*_jA+ho!zPiSR82Y!0=xCBo~6
z6i4IjL-L_SDApCGaXMgE<IGnk;GYQKc<9FAAp-WP5U|^@YV@V(wXBW|=4g-V^Zz6D
zL5HK5C3UAGRnvzeb#RtxO!*eP<Jm|lXMO5<5$(HD#@;;0)awAI?M>F0@*}WU1w*vQ
ztG%*Ee`udFhI^RNg38W<jIaCu(zAXyL66giVIK`BBS6*Pg+s++A1d4dnF>m8E(D5M
z_NP%;KCs7r&>z(g-mSD|L<Jl@PdTfVaarm1e4`<N9_?{;D|>6ey1hksfwMJ%LjLem
z3=})F(P!0pt&GcdNV{0ucR|2*xvW&XyR<q$F#%5b2r{U)b|A0Ydt|KrU4!<xtd+g*
zfmI!#XoS5}U*X?AS%*3dufkr792b7-Q}!MJ(_RH4!vr|5&l#36J|a`4_gJ32bwF$d
zr8j^ahAbWa0KKYoF5~<2kg<*mrRXHzzY401w{3k~Dkj+LhT}3qmT?`OLR58tVl3>H
zXaa?=piH+n8}_J2dzgypap4$g(@k7lAjI2{si5pJ)rMc(KO9>(guF^~Utn9PYJH{A
z?Nwp@&VyV9Wl!Z*s>_|?!$BoyY7X&`c^)>IU}Bd_zY7>LkfSdQJc1lws-M=jbj%@d
zg!Z|jGQk}3rH<vC`I%r^Ggr@ZR5QU8`1z~_-eUD&4%u00AA_p})0zPpfr&TBap&5^
z@QNbT!0Sy1_MJ!dZp1D`mS2KY1(siicn)znBFp8Eh4e*4zt*I$De^j}T^8jfh!Xp<
z1arcW!^=5g$gXhC8*~<d^H?!`QOr*OCENrM$`MO2;rNq$v1In?Ey?_$x){Sqo#9An
zn#?xYH!}4(_sA_s*GcAHx|NK!s87z3ejcD4`lpfd=Pr2w=@Vq=vmfLf*%z*F>YPIQ
znq(waUfJP~Q8KS0BPCO392qt_9%N;c-wCPDFkR|!oXARtA1{?n>J`H=wFb#tlZ*x(
zM&Oz^q)pD9V#z)-bjBlPRQly)sl#!kKIdDd##NFxA*~_9P6JX#WoI5)+F3{)Fz4kG
zjh9K@i*z*^cA`ibm7N~4w3DI^_#D!W8gG&OInwQtxzuix>;dyWW60(0C1c-a;EGku
zsi3%&EZgO^R*l<O%H=jtuIUFg=4U2lr&?p{Ym;o3*J!1~d8v4n#$6g);~?v9(Bzvn
z=7%F?=a9w^Ys@*Ubk1nZu~Tw>^iX|wfmPr6UDwEgBElq%IX{)WR^vrv>2ot#j^|P^
zZE{{kHT`v(&TV8__YO^d7npT9mmZ*8`tzWse?*fHX!74^^5-=9?=|`BWa;Ne8s|f%
z{25M`I;BYI59j1~%B9Z%vh=N5;{_To)p!LNk)cQ9-5UQu<EO~7t>2Ne?YjJgrR1M!
z%u@9pof^|cCC8SOW}n8~AC%5T8dqq1iN=>|T&M9IjTdX&tTE3e)fVr_iaRx4qcQh(
zrPHhNO&V|2c#p<+YP?V5do})%#=J|awhn9jh{i`Xeo|we7pm?{8o#db8ydf(@%tKo
ztnp_WbH7ve`8idwSK|VWc^)a9GL3l#DLMamr}$!xXKKtpO(`9o%Zjhoc)7+Qjl&vm
z(0G%^_{&Aw<~EJ_CpOg<{|cm7?GG3l>$jYe^N(bTf1>e28vjCL?i)(~R~o;d@kx!j
zZz%mYG(M~GCmMgDG1tAS>(<z-@d%AaYdl$FzsA!wuG08&jq5dDr127sS83d#@mh`f
zcRuC6^#?%Y8MbQjof_}b*gBW-1)8A%QSE`e!zi2YY4T6OMbiEk8fRlXDQ8ikWbSjE
z+mv&AoFJLkfS_a^<ufD~gR3R;XLh}0?teVXXlEjr=NFlKA?GuBI(V&Qp8q_{DCeD&
zbDLZXzEN^L_#2WN!JN<3;k{|E<VE1SCAWYNNL~u&*++fe9Uhj<`vT`J<q`0&C3BBF
zAvpzpUNX<$mnHKq$2rWp{ouDGZw0?Ac?bAI$vl5QmHb^W=QHab0P}Cu<bz;*%(j^O
zD9=#J4}p1xl79>?ll)WgSji88CrN%3%(+ed$H3Dh4}fP%J_hF8rp|G2qvU77S4id_
z%(+dS7s1y`eg)hn`4l)Jnfo#4HuX<~dnNO%-z1s$rmsu>D|owP2gZZ*oOQV$@0FYd
zzFRWyrTZo4g71@@4?ZNBzaf4mnZI`)mdv}@FD3JD>rY7bgHK4F1%65LTrmIrfc`81
zGZ;MZWl-!zUai4V8gmUOInRB?vo+@2RdUW(#j7-qYRvhkbZ*v|b4$s2E-SuY<HH&s
Z)tK*I>7Ug2O^wfJ{1=Vg7#DSq`Ww2{Ajkj!

diff --git a/crypto/md5.o b/crypto/md5.o
deleted file mode 100644
index 3bb00b7a4309c39bc8e25351f7642c3b8f4a74bb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 19348
zcmd^`d3YB^n#Zeuza%6iz%LLv6!Dh;f~+Jz5D{1zLkN%nYJdb{ILr+RxyWH41V|Jm
zMo{rY2N!VI5w8(cgpJ1pP>k8Yc#TH!z9ur>>!^b$`~6nG6^dcZ&hza4vClL0Jl*f7
z-g@h;qpQ2CtGm}snK{*Q9A$!|7O9glrCuG36t7Zaw83z7wmMTS-(L9o+&#~C94Ye;
z`Qq@?`yT04`<D?1*G=m)HL%0Eed<r`o9YT4`9AT6UGq<zc;@v5*T+QOy!6&(n|``+
z@`~R^hd!R1J#^4_@sGtf&&pVI?gP(1@##We+-q~95<T^wY-?}%@s&S)a_If&*ScMF
zU|o+te*1Y;#+2YsKfM2k-+X!e4NvLf#+f5FB#b|HqW-&O>teF*DUKNT@lT0IpV@x@
zAKsafIpfLi%AWfDGY41ydib$n+m2ov`0~}@vm1iOzxe7KAK!K4lOJmDJtuGOL(eA0
zocHaWCq_)ZZ}4poj^BFg@dH=P&%329;-*#KetF`hg=??9eD#jf_dYrQ=cvifZ?;8-
zUUv2BIp1IS&4j0)eEIbe8(+EZ&(7c}i?4t1(3d~I)wJoV)X_fEca*cYs(De-OT07E
zvJ=!2Z|0Io*$GZ|A16D(lkN4+xF9>hJ0oV=g>U!xN~zxawtkZpmDKwO&!(6iqxWa^
zdpWD`2U%w<bROLozu)U*dp%csRk_z&*A}VrBQuNqb@~3fYNssUUl2SaZN>$AZf~#s
zuO-ebrQ$0B8FRN*`{E0H$I>#Z{WVp-<oL4c`svjTkw`Af31p<-obQWY=X)RxP73pU
ziSe2F^)>l>qwAH*oD*ogAwJDl_Jr^5hMj5tjC6H*d`en<VOskrB&Qq*l(qRXcl#PQ
z?0m{Uy`iZ=O^>f@sLyEVnDmlTbq4}(zLVMJOWEr~a?PryYPamh>b<j&T!!Q$DQ&*G
zJxnevZpt@hcVr<slez2KST>R~7B;1sviB}SGRl7Qh+8_68#h>G*LPj^#;(iW)^*vt
zx-NTP*JZ!dW!dfTzpvYU^m8=2?k(TWr~Mg=n$kMHMlRF%l*iC5FK7A6j`&{Aiu@qj
zm-$Cu<BcCgM>ap_d+{Crn+<T$9%+ul(a$s6eKo6_5BXc4*S+eS5#QWa-`JK?>wEK^
zoqK(S#XI--o1SRjwM;4BwD_G**0(-cmlLR2m09GgJL1bM_Gip1tm<&GketAQ(^TC&
zC(!)5udpO#zAt5=zwx?^CGE3jp@K8rfwS|PK*qwlb-tai`RX?KTc2xO(6J3;1qJJY
zgQH%?8aE&Gp;k?MTW>()TE0fvdf;TDd2j99?aOR2V@3}px9rAhv_9o|x8^ctT6j23
z*>yVi9$(!-GiEy8M{;M`j|Iw}V{Sd9IA&T#G5MFv=1}UQY#z=o%8u^3>}6e-&7t&n
z%El3U3P-GE77hu@#u2M|vaqP``M}OLoa*iMt$F*9Palk?{MJKd^8=Y_fyVV6yD}PP
zAz=#pxv(K)(awW`y0$<~RqMQ#_m?3dp2w##t)@1!C6Lk<Xxh^r*}8HU%Fx$~jOwPR
z>z>2u9w=PeF{$+ljt5hCNs2DK@w(O}4a->g6pjQG-coi$AhRKmv7j-nMUMepMqygx
zdK8W_YL>UZ)VdCZqYQoYG3=gWt(x|9IISz)c3{jkR<|Bb*&8T(GEi95l;1K6wQ|d-
z$!~fJEzd;D=eK9I?w+OFfi5Y0GGk%cL3T;wwH+H<)8Ptbpn*+kt%oyj2&6OwYHAy+
zTlUrKcA$)mYShYY;F9*QTd&K~WuR6y4TZ&MAZztRM|A5_)+(M2Y|L*xT(&om`6L?H
zl-BNamQk37aoBoj=WajJYTBA=J9Mv1=joGCjS=2@7$;rIlYz#zruFUb)8SOMzor4h
z8~OJ7+0wSAqK;Wio8%T&rt>}FuS0olO$*xhu{=4c{<geP%=ZiBZR?`E$S%sO@1ne~
zyC^TKi}GITqP$6`mWSSKJyg?{xe^DiW7jW~x4x;NJ^B~Q!^r8_$dP0E^MXLrGl8-G
zjQMpJ1SX_SpXzqzvFeP(yYF~l#|qE>=zcFp_x&LHjBlc&l6&73bN}ex`!aic72zE}
zdwjwurN(=>>&;yZccXiJ)qCHIpVoiw8J_UQ#<zoBOpF|n8@B6(ZGT-hKC<94|KQZo
zvBA@x@Qgm-ym;x*=@-n5@V7OOUo;~2`G>nlcw_eWKjfWyhEn4qFO5LNQL0&~gv0$u
z_M8}$9R1wt6ESU<yngSfq{!xx%`y9%TgUj%owPM3@|y$kBQ8I0RI)R&=e4yblAMXX
zrkxY~%^%{Y{&*s3)c&^k>21TKCq^ViP8idCX|wAzbXUu^_Kh9&KP>CLFTm*r<{R(5
zkoCr_L*9tBqYwD}FZ+Gb{;*}wRh}3(GhyrUzy+x>TQ3SEHeWP4IAQBJ0Gc~8BAC00
zPQ+S5kBJcjgPvP<B6L|xR{N~p`~2E(9en?9LIg6OK=3N3Rz*09aT7)WhD+pp$j#l9
z3c`F;^~?-Hjnqv+LA@Z>I~zPVQf>0Kz-}Po%){^z;=3W;yn!GO_{N~15Qq)lpdJu)
z&U(*H!9zd{n?sdKgLLivK|$d49+<MUI!E0A1$EdvIoLbrq1W5BLaDEjnZe_P+yu49
z2_4LsCpe2SPq$>myg|VQC6&q()a@sxg$7S!T4=ZK6hXl&wCFY#A}9z(7io8)S0f%A
z&9o70S@5rkvyy-zE3w;#ty?a3m#ENm?;VFhVcoIwZX&9%e&oB}!QL0fX{-0{jo9~B
zA=g1rtuuSw_!lPbsNi)d$NOu#@4f&#=N!km1gh|**dd}B!-YHrs)(Yz5;EQPC{Rwc
zONEA1&mboC44MJsUaYzAJLc|*s8T%U&gNa<NbSF;LuQE7W%ShLMI+u@m(x>wcT)SH
zB%kI4r1e2*Zfq{I_6%Y%QU8gZv)ha$XLAV#!Wrx$XEz(+%<g-(j<6LQK>f0mvxjy4
z9V6Kixdy5IawIYaF8bvvXD`iOL!|$5MCjPNaqF4^e}$F@Xc#u9>C8dM8h=)A><3}|
zoD~AN1TfH;oIL`XOlZy?1E>Tb=;N~*9`*6*r3O8QG^fxEa%b~4q@9yfiGmA>&TO=o
z$8S(GcFqbj`kl>XI7$54a0LyYhJSx?#bVg7#h)^&`*g)5WQ@WY)(<{cvSsm%poeRj
zG6#`p-C;Vq1JRfZG3pE9U?hqd?4){Xv7h7Jm>QyDCLw7L{3q!oDAPj*JF`8jkt<J<
z7U(3c8`3DA;3asKs^y712!$%=9&=hcn-ft|-*WhL?&0Wo1vPNnbr0Kh0@0xhn7W0A
zo{gDo$5yuEUqVpz?M%|q*@(vMMu90%edbo(8HbvCYJIHZG9<r><on<?46cw83@gHH
zG*QL8Es4W*Vyc^WnMoe<iMU2voOtb4C#`}9eafaHn?9=D)X)c6t4s2raf|51v-8|E
zXqN)kK|hQzOj9lhM|lIZ!<7^14DHz`+}rc4o{>)P5Fbu-&kz+J{wt_34h2yaT))D@
z;lHo)_M8y@ui?pkP!GpR?&AQuMXTgKaYzpB<AjGZncA=(ownnU);-qIS%ZfS@ay#O
zU^hLOzHq<rh9akq^cZ7Bda`7i^g0)%;EX@%hgFX6e`mq~78iNaod?b6ebS+)KhElt
zE}0r7PQr%`IK{~s;sgaUS6?fNT>ZoeQxWZNMPWSPY-dy-dP@(#0_{CBSdHp45O5ZO
z_5;Jw-Mukx&K@J0L9xyy1KbY%n~Izx)t8F+ttdQ2qhvV@bR2X2)ec;b(g$O3BQExy
z{u>ier6DE(quR=XlylvZhYd*XGiJcWx&wy=>;4^nE(Zt$YN{N?fvzvDLF&Jp*;|-k
zf@?6xHkfmofky@Yu8z6%1yrR`494bFRkd3P!?8K~J_>Me#z|T=hk}<cR_0_`W1(%(
z23Jyecs{6k6hYX|Qx&RG4XaUSu7Er<dYKA|S)*bi8s^_Vd|+}^)H#FwL;4Mku2eBw
zXujIbT?cW@#p4jQygaIT^$<U3TyPAc5~nmOdKJW1E`9@%k8=xJUesDO&OHnfi))Lc
z=8uNBMdQ5NAd=A-_?-c9zl&&q4s6uN*c_Egaiy+HI;R3hTzng1p{`5%5{NfkJOYuX
z>oRv9#7i!|0x{jK%jFQeG|t}*fg#Td41idnF?|)p+Zxl}g}7T+D{TwJeb{`eO8skR
zr(K0k)3wEJ9JYhl9CZanysl+h0>o1;J_9jM*D`GaM3ak8L5$V4oHq{QQ5PSFh}E^6
z7l7F0;@uF(HKzRxk?Gbl7vfos^IIV5b%p0%1Hqx<D19SGjno8e_hEBX1_dWXNTnEz
zZSy}oPX5vHRH25gP-p(5)*PD~x339_slniUAZc8`fr*{{9J7TryvMEZ7Kj15^X8rf
zvB|}IAo}Ufn?C^JR*mVmL-f);mL3VQ#>HzOK6LS8h-td><|act=;9*~dAjq`7el!H
zn2tWvf&JL!2}y&4I{PdN_l#Y(bxr43F&^xzgRP_YCD^**nBYtwxP_4-Y+<4p9JGZ|
z+-6VOfOX)s<#S#7Y>Hb#d6*Yb+=cDb>lkfAw80#TJF$7x##Blgd(^U2+wHg7Z7Rjh
zNOsgh3gb4lvwdD@&(sF9O?FOZGPP;}MJ_hB4ilY$TR593#TKU4XvN_8EsU<vD%S?8
zRfyh*%~708>(Cd`A+BmTM74_)%<EOP@tsxT9B8LbpH1<Z#)TAo?l`qqX#0RRm_u<?
z;{pm}d-CG@G_-%v26HH0!PZ^X`a;5f91`~P(9Yu9Bn_7{Q+dqK(7_BCgA&X$5ThCB
zWsiCn<TyX}?18<5k&ospC#QTxS!Jn;ORLB$uZSyHTwc0#NonQM(yQXi%1aCLaw;q0
z@+!*4jUGETE~`AZs-UDaF1xCrC^xP+E2p$#d0cgA`O>&aZc1!cSy|lV(vr%&5@eg6
zbyZf}5@f2*D$g@ca!QL0##NS<7FEP8hjm5P$fD(=0%J$!73H6<C@9G(s>;n%syO$;
zSWNnrs;JDxvs>&EHrj0fm@QJlx*NPVdK|Aej4kv8dAy#m5TVs!o=%-1Ck)TM+Rh0J
z?Ie?9C7$0L@Afre-5?w~lD&52{X&KH)GGM!uAwI+{}MCv8tuZ}-)%BP>ul%zpYHqV
z!h*F=Gz;A^0Q*(Ca^5iNSLwZ%jYg#-uwSD!x*MSBb(*I4KZ(X0#+IJiKO6>YIDF7E
z+?!+P_FmVir}u5w_Fbo*?(K9<*B-h~{r~IDt4Han$K~`<`p>KJV1dbuPj{5M`&D|x
z2I>7O-G_Fn%O9?mlOI=2Z;)K*+{?$weK&m>4A%RV+FdA~$sO-<omc5xp;8P_lAzPB
zh3?hSqwU=iyJ>s(avH8LM%7X}ZdAB-V>rsy85c-R`Z5*bRbf%e3Gs&M8aQ}LcDy0_
z#0?G$1FzI&1nU~C)casvl3ORY(dHy}?*MS7m=%S1LvWhA_W&<0o$h^sB*{nxh2g2x
zaV|}~@XDzLC0RwdFJ)EcsqCu!{Je6NQ(A@f#q6TeoTaL&q@rMPNnWl$2RB4jP*PS^
zsftQV7W+FBxE5Klq_n*9R8?YLPAP7E(=JQ%Pxg<A9Tz*=KeCuPbFzwxD!?VBBP;Wk
zSB|W}t-7GJWMol6WnOs}lNS3&UJh|Na^QYBF=zaE|Hyop7nBqgl;n-fuPV_wDirIV
zR+h`E15?YhN-FY8%ZvZsoFFeQYk4JZ+IgeYloDODQyQR~bb7lmYp5J|Wu@Gz<J{YL
zML|to<%+UARhCs=ITOp3Co{7zit~zd%2ufCg31c%7ivqZD%o|p1&i}4qz9?iy~<`x
zPEA*KPqX9;Mx*GmtX!6nGAS`J`Lb!c$;l-Jm6)+lo;<-nJg2<0qJs00k(W*LkBS`~
zhz*?QcDG*8_PdiMm9FP1S0<O_m#VZmQ?8tpFz51_X{l4LoSB?DW%i_*b0!A5PfAFh
zIEoMA2m|$;#Fc_tA2eJGy)eKD3m@TQWMdL_jE}&^5DF!iOwBwm30#Lc9c}nXz(5<a
zvEh8&=*h-!L?~8Lkifjdz^oU9;;eVN=*y`<pdix~?Ku_p3v;T@z;ey1pa*d?@04V1
zquU!>v7)##D_g}@RF=DPiJ|hmqO4dMxhhu2IH*-D24$9t&910`w$zR2)ZD!6s>N64
zmuD5{iM^{S;E{=SIV(H6JnyPgl5sAc63@a|$4ELw$CJajK>buKrmV%7(5hH>rW)&(
zp{udHlC_rXh+xWGrW^c^?ffuf_w(>GjKOAx4C7`p&%<Sy`Y{+6Lm;VVex^lWi<P+X
z#}!p`IFQuo<2;M0Plvzr;e`J1l-uc#^`U?27$$XhrP(u$fzO*f-2ao^C9q*04ikn%
z_>0%%?o1nJB5HgyWi9L;cTM!(*iA#sFca3I11gb`?O=VF#(r6Z&GyGt)SIk~ChZEz
z1EIqYaVPtQO*j4u!6pw4pT|2XE+d#=(zwQKm}&1tVlBWN94l=(*s6{if{t&;(+k_d
zH)Ez;z7MheO~Lx3A376ES_2fezvB~6ju*Z@Gyb-LO&<ElgTF;`*<jqHZ3f%^{J&Bv
z6CKO?p-G+o9+o@-NQMLFxGPp}%=Jf~d$Ca(yEW17<>hbf_CaA)M{R@MIAa7!9}KTx
zGtBrKu(K~eChaiN>~_>mcgF|Y(O1$qUf#oI@&MKQ^k*py9zmMzZ$13cj{eY<o&CZ-
zGUo<ReHw#}Ai?;fw1$ydFdT~`Q1X(FSJv7e-x^|QoZ{~@oX|<onPB{xxRJI#NPT_6
z=qbIYcw`(4S609~$<AXj0(uWD@Mc5bmiSJXakiTw9-Gr?O%46oN0M>-2r=H>HI%(q
zpSdShUVSFmagOAZ!K+829mlH-D{zKq2d|2<qbQ#}d@^|Th_K`R_0qbz#r8&y^O4M3
zE8lA~e$h#DtnMm>)1>p($aGo2keSmdbFI@RCf1}(rb5)X(@cJ~;7IrR$ar<Z5M^-%
z<E#Y2E!fB$tGk4m{Y7Dp`7ec;g>Qjr&mI~n%<()^nB$QzhH2vmHwq5{-!D8I+#<|=
z`jc<~9D+g4ytvG%p~5_`FBZNS%!PQ`#DlL9P6TfeP69t8JQMu3a0>Xia4MK9xb%|_
zo*=vce1&i(c)4&c_)g&^;3tHOz<(4j1Ai-A3GRbVrT^vN(ZaRhS;BQ-zQ3T&S}+%k
z$qnGm!t23&gFyYwV7}xa-v<7Z@Fp-%N$NKP`I>>e70fpw<n7=Y!aKlR&Zqt%FyBRx
zcY^N_ejLp8Y3lcax#mxP3jDrsGx#UrXTbw-|DsI`_(I_}@GRjM!NtO_g0B~D2mib9
zTi|`d?}6VI{s{b6;STT_IJa2VXW&u7Ux6<b{uW#y`~&z};p5=L!aVI?5#~#&c41zp
z-xkIvFM91a3gd=L!(1^YXF_tdm381bhr_P*!y$(Xqq=%Io%Ts!u6>g^&E~o_nN#aH
zGW_s-C5Ov7`zx_IA9)jnInB<t^aaA4imxTZ56^Y7@$;zIz>PW}%(}ls=FJV^O^ZJi
z8#e{x7&jFRHGSP8M}fIHyxAc1$L63d3<I(C5%!Z|GX#>Gu^&zr8@7%1l%p&jCmaXK
zxgl-FK+Yt?X9^@Y<1>{kKGSIf=Jj|18TOfw+>CuLS?rg9Y0v9*vBj0be}aCc@TcIb
zg}(%^C&T~Eklc*_+sNX76K%kJ6uQUa?ZR82=lqB^zX5aHIGBerL|}8|cE-7aVcwAp
z4<JifXM^d7AsU;*8!^IgY{s5_YM3uT4Pz?U$ulhG+ZAKOd9dM3ix*p5W^uK}wHB|l
z_yLQbuz0`4ya$<bk6GLeW8LWcSUk((bh7lx0<h_y#g>i!T7{jBP;Ke)o?khl|2K;t
zvUsm$&)2V}to>k?bv}F^vTWY8_#?9T|Jvf8Ee?kdW7FT_STZ(-(U2@F2|Ss4@j27t
zS!8SsX^_T#k!7>k;x%L$d)Jb&F<cMHyga{lP%k#WBV%KD6p}VPr=F)?>cela41a9#
zHx{3;nBVvr|2@g#rw<u+46zm`TfETXWn`&mwWVJPW<7asUT4|dOqQ~?SiIe`X|nXc
zxAZSq`om<Y=jRsxOh%au-GffroM&+wS?Zic7W<`^p7~jS2B<rkmk*<-3&YVC^FC$t
z=UW`GIKkqn7SFXf!{Tg<^DQ>lRjBm)WK(X9WwYAi4Hj>-*j!7Y(sLc-=XaLPqZa>%
z#ZO!Oti>%Be{b=R7V|q7Qx?AqG~C1DNQ*fqFg9GbG0ZOv3=gw7*5c6?kGFWD#fcUt
zS$w(0b1crVc#*|<78h7tW--@IOr804rQvlJ-)QkI7T;wtzpOBMw_Ci!;zumzhm^*?
z$zon(js7`{U$FQ^i(j>vpY@o$?^^tc#YZjXHQCtz#p2@@;{mtRrklmQZkxQlE$(aa
z7>oJYj<LVQVqVXUe!9h%S!}N77_#aLOP^_RuEk3&F17e7i)$>dx0v?=Q=jz~-)!-n
z7XRAfdoBL0#SdG&%i_Hj^CKox?g5K=e=&OAUktx#@%t9@zGG}Yv-m5EZ^8B1*xX_9
zJr-}Xc!$LgS^SvAdn|s&;{6u$-eJl;WbvyOw_E(K#UEOH)Z#BJ{)@$bwU{>#Q*MyO
z;TH1~Cu748qz%Vd%=?$okF=QIQ5*eai}}5r(O+h9rp37y^P_8Hzue+Fi`QDb(c;@J
z-fr;@i}}&D@xRaF7K_^~e#PR~E&kNv&n^De;vX#L^SddRKTjCuXWoYUTa0g4JN1Jt
z9$_&*hBSHOEl#wUAB!8Cc@{6SINRb<iz_U?+T!ahzTM)xEaq3~rrd`te$3)M7C&S0
zev4nR_;rilvG@avKehOCi}_KysgD;AV1~O}+|%MSEatk0vF8`;hT|+AYw-k&`Q@*%
zpKCEtIkN2OBjeh{5QWXye+D*s&RckoVc-W`hQo#F?+js1BhL|L5&S)d_C3HC2=n=p
z^9|~`cFXw&c_?_gFz1XZ!lS`+h578hP?+z3a)gt>oMX@rpD#;=F9TNz&jPO$<}-c0
z@H{Z*8_di3<_6(R@U6o6;Jby3z*~h&!M_#eGdiE$=;smeqr!*5e2%03b1>%^WUl`_
zEBr5zt-|aB&M|1iHoYd?0Qr{ieUKjrAB5}>{uuHLVgBs&t?*#*F=2kY%XtO;b1uMj
zQSvlw5yHH;Q^zd_8=noyTpt}ITnsrxxC(NFFz@F9;p-sB3f~CHwO0D!$F2#&yl*E7
zKLE+O2W@yyP8Hq<nIZfFq^Tdjmd+RbdyqxK9gyY1#~_yr^Z9SJa5vne)(UgIwo!Nx
znDY(R;au<?!u+~<v+zVP>rI;}U_Pso=YjdGO6IREj|=C5n}qqbd9yH|5f2Jq18x)M
zXTL8C-wkdTz8CzCFh8;WNcca%M}_x+Ip1I%_}%z-!o0U17k&@y!A2W?@*XPuJtUun
zsmG6bDoU8&9-k@P7wi}2y_$VQdw%DAzVL<M(ZUnK>^s`<<Mm$&^B0&z;RWF7!u<R`
zMR*B#t}xfL*{AeV49*s=0xuEf_t7Q7_25cju7B4EUk9!ez7fo4bNb}R>Fb5JfH_a2
z{yy*~;a%W=6MhWLXLj1`20tLY7raxr8O-&3+O&e766SrLb2I9>?%pE&5}42R)V~4d
z+>Fexyx$Z)3g+>n{u}To!u+ECGhr|8IXtek!H+uX2Vwp#@Uw6~Fy~{m;ktfz;elYE
z@DMPMH*I*&A1E9Eb8bdG-vjV3DDs8iSmBA_F~Z5<3Bs3w<AvvfrwV6+X9{y(Fk6`K
z6VinjgBJ;NzQFk#%jK^R93SMB;4)#pf4EAx4qPkT0KQt7zi~7Oa~{DlK|kBTw+ZvJ
zdX5k39|ms~=6j6a3O@>dNVp07sPMC3jtS;H2!2MG?>(Ls{!cK+2W>d-cu|-?aJ(k`
z5%?|P&%hrD{|N37<^t~*!l7W!3F)&R_?YlOutFZ{hk!$bF97quU+Tw!dke>dIX|TS
za_}Hw{NblKKB!*+=KPSn6wL8KE(4DhUJkxkcpW%Fcs)2t_%<-d2lM_0oGQEnoFTju
z%&|h7--Gjop9L2Qw}H!rkARm8zXx6|+yP!I{5`l)_&E4x;UKIr^1T(y>I2>^+#h_e
zupi7hCvD=uzY`t<eq8usFvkRK_^(j2a0-}Xg8FoDn=pUccv-jz+%8-R=KPcP{6U6e
zg4_T;Dtt5eD`Ece^PTYh;N!v%f<0&_^F9pbSRp?G=3JD#3mhf<H26&6--G?a`@qA5
z4}eDsbN!a%iGIlAh53H$5@Eg{n<C8jV>5*LevI$+n3rq3^MwBlUMS4}LUM$^1{Vl_
z2QC#p4z3dZ8N5=Mp8(Vg^FI%cMV7^PXd8sXz_$wXo!VW(k>D-D{C9)z7MZs{_(5U5
zf7>M-1KuOd_i;}P^QYP8g(rbu66U+Vc47Wh@~$x7&3!D)cZGizZUlcV%ynjtW7g;2
z!9NM}4-hZfPyNGSd`7F8f06VO=6gK8_oNN~iakqs4>(%534FdVe;T<+_#k+aFyH-g
zeA5qqpG^~f8+?WECtwDL4<8Z?M<8yVJNjEZ#A2=?8=H$QPO_Nudt;MnG3V|^zue-r
h7IPkNY&KiG!{Wy+Znn71;&zKaviK{DkCUZ8{u}6TH-!KI

diff --git a/crypto/rc4.o b/crypto/rc4.o
deleted file mode 100644
index 104525ceec999c31adb503b09319f55875470aae..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6232
zcma)=YiwM_6~|}pKD_Jo+XNDvs_XD*9_+4dg^&aS#CC|CL<IRklThlc*K2!|^{%yh
z9qfpbD53>Q;R9`&Dxw%g2viDEMMYcGRstz%(^jnztyDlNAQePu`9LW}w5dq{|G6{k
zV?b(;G<SaI%$YOqxp(*2jy*SNt(6n4zO0rsr8Xx}5>jfTaagNXsuijsGSsVvdi92f
z);y}#?_aY+b*!0u|DO$!RQ#D&^ey@12~QoUR_fHD>7$be5Bi4|&eW-n(KEg3#7?;G
zyh1lbe*DlYjqf35+Y9f#()p|IcUoWa)VQZNR32Z^cgxx1FFug$xcB&R|Lafm)T^x~
z$f;-IYU|&g*`?li)bANoPhRs-SoMTd*OsoHe$~<c%WwU*<4-TX=qE-GFng(2o$G$N
z^DnLAy}Ip%7SmP(+PeS=DSfAE(2BZ~K|s<fdyp59!Wg$|Y6(Y?J>Y#qKM4H;Oima&
zp87^S&0Kw#I^@|PQ=X3Ypup3yMp!&AlAz|*rJ#kvkwVE=Ubyb3EQ>`r3tp`59J6p_
z9X-Q!ZyT+ygPD$fj4b>*9-;MD;TiF?H}(`DI<LI!0zgF<Ea~VBh=rc2W6{r$ViR~=
zz<3yZ{B9`m&ja-akmAVo!voOkbN)PxL`vdtegW#u^c-%u-c;BQyB=vQD4ilEks1$K
zWtPfetDJ_?l(h=_8M|=lV$+P$>HUneUp0r>vF7jy)E4%$Im~D43KkEz70?eSOrHkW
zCp}a@Q=LL7d-NQf>&tUKR7QLiYMbfez;@tyBzAHa6;3Ie-ff!xVk5@5n{8EKZ^Q_V
z@;xf(uTg$aW!x(7LqX%M`iiFZM5w8wsa3Z{TQ0#&Uak^}>tVvWSd3wvE>@wYt%++B
zgY8(UcAbb&(NLm|DijM!c&h5O9&D#Q)~N>DGqA+d`i50O<u9yaD>tq@)w_x=^^sat
z4=pEzx>Dgh)|&L7Hf~(z+$2<#HaDZ!>|4u~Xcja6nT=vLMNl+pgu7X*A!gh)A+>PV
zqA9?m9?9%>)wRf+TNl2a$ZkN2s)|}rs~5@rNOjPX6}4uO3WGTZU`<%rLp<i(t6JUK
zh0N?&bt|YQ(laO?b!FU3lSo<(GvgTztAFU>TF;jpMx?{YG6yPJjWT--DWvA~BEf|-
zCD4_+9f@(+apvDds#89i99g|c<s?$v8ZOg|R2iw}12(b`&md66<kQf#+Q;lLQb^4o
zTO_bD?06cv4NqH5Gp`_F;^vSAp0$bNfjx%gsiP*p$9N9oY2+xLLGgmggW3#lWHp|i
zp>SZple6LEyk`09P_;ha)QG2f&A_U2m4#WqtTLn3e5INxOjXK<r_27~@{!DJrF<x#
z^Q)PBb#`;lrcIe_Wn!*SDrd&$3dM=cOg2}p&S&l@R}N>k2PNt3>};m5T=MfJRNIw3
zlFdw`(jD1K-UZ2(XB=kya=BQ|%)`5yO%><6yEdir#mP?_3Z-0eZX%EA%WX{OFo7!Q
zbb6Xx^(SzNgUtj)%rmq>hr)4;E~MiT^Tc~5<i$Ny@WNhTHFPYFl4wZLEgFi%>ucUR
z-T)4n`d?v9)C!_3MVvSGdSj0n&u~0m^K|~KduKdq+m6!P_5!VaqCXy^7~5U7-g>nf
zrnk0+i*hvHg81=xGoHpXbc}5Uy+t%Eb}(I;VEX1t)xuOMKatE~ZB(&bno8D8d>dA$
z%N2jQY3I$O$-d;q^yYL=GBv|0xoojm1((VxKR@rMs@N!naw%0T`1wkfMN`StUSxYw
z11q#Gw`EH*H3|1ZsaPoGQ<HNgQ=|G>J1?Kf&imLJ`EIqWYo@cG?lCr{zj+KjFC5ML
z3$yuPP{xk~GUFWT+c?%Yvd@l=W?Ia|7^>#|x!ItinFKjS`O=h+lfJXBZ)<XGu2Qa6
zxpPxD?@V^5d%DtH>w>8<-!Ms@F{FKFSC0*rCd+Dcc*ofG-r>D_Mn`sx?HL@|F|>Wp
z@V2h{?Y)EBx_MVy39k(xxVnQY{34jvAax>LX1O0Z*45Z~!BS$V%gggpBpw0YHrFGu
zE-#B#%kEZ)L09SO!i=9CNA6dGeA-bZU(BYtv?@K3^|LBHUahLMu}<X2=cdLcE7_U+
zGE0GDO$Vjf@$pLj$g<*MIk!yDR<fn3{PLjO8ZHESqSCl7W^kFPbZ|?ggEmYz=KVBo
zDBhd@uO#8fwTapa{El|>L6f^X`MPvW`{gZ4U5ET)B-UqH1JadN=cg&<ogk|{=}Wl^
ziSzxx{5HYI)d8w^k@^W%T%Wq3J7&>A^zUxu>>u|9%h<mGBpI&@%16TBu+P>(X5>x8
zdjo}xSBK={jeuPpI<Ccl#Ltyl+0-Ze)*(QvxtCdMDaJUMv7MZ4Q>qIw*)ETTYxfSY
zY<DXbFbSIzSH`!ijQ7C`tQ~BO$N6ya?gzU%Ky?7|E(n9euh}~Ep{zupb0}myd}!9<
zodUB?7ZPPZ7JG*a0-eZo#^%oN5xk*zKAkwf@58`(ck(>^Hai8m3;lD!EdB_7^8_o-
z?<dgZyu5*LNcwRc`0A{UgLj16qd+x_Mfe55ii^iwET{SilhFbrKTVsF*cP@BKCG6<
zi^0gV<;2Bvy33_Ktp0w%*_rdLCndD3$1Im4rOp$vB%x(9%X0Q|NkV4lNu4`qNkV4j
zrOuHqNyyx^Qpcti62gqTwH<`L4ddaw??Eb9-G1lr1r@xOmR?ng?}Ljl`Fuy*V7VVT
z6YZVI`PEB)4EagRlgKIUm=4Ymdrda+z}imJO0r#CepR+xPLknsIdUfFzm{x$uA&c^
zW8od;c(dib$Z^z^wiCda)d@TxoCC)=wl!Www(&m)cKzWvwS9M*KG--JQFoKzZGv|T
z9umA?@Ik@mKC|&l!agUMALy?C=3H9;bHe^RvK`AyU^kYxX~&&G`4^Il(}b<=>>YyF
z3O-1-ZB3GG{6k<j|Mv?2Q-U8R+q#bn`ws>GM)1pm-xADU<*uI`gBut3nPWENn0JKZ
zq+sqVXLoxECUdVk`!&MnTERO7?-smI@RtP73ibuxDfqbHdj#Jv__W|h1V1kLNx{zv
z=00)bIxCoa#@SyL{F>mm1ivHrykK6OE>09{<hWjNyWmR%^N$+mpAvkv;4Ol061+<=
z|L1XWZWqiye4PD=;JXB$5PYBD2Lyjx@M*#P56Q)UTJW=ipA-DN;Io4H_mhkBN5QWP
z{<C171?T^v;Ex4+IHS(T+=qNXcqhB_%X``RyesS<g4^sF|Bqk~@oDEZ9<$6VrOh(0
z%GH*6{w}l3x6^vde1G#Bk#Rb~n=JEOUT3)r+-v!2@PK8WOa2$gx?92gFOkf5)B(%A
zVBS}>_k(#~k$HBDmig}B-k^OHJa3ujn0tfv+rW2Qz8(Ca<sA4smM6hyEc2{CWtn&O
zk1X@f=DIT`&;7409|Qlv@(J*3mcI&q)AC91UoAfde$Vm~V6Ho3J`Mi2<sX14Zhg(W
c4?Yz6&gEP?AI`Po>jV!79ua&{a8dAo0Urm0#Q*>R

diff --git a/crypto/rsa.o b/crypto/rsa.o
deleted file mode 100644
index 320410453e6cc58e9a49c78d923a2f93303eb47c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 25612
zcmd6vd3aPszW3{Ncam;8gsg0Wc0zzevV%@UkbodT2}>3hMPrr@M3PQO0t5yH83(s0
zi;UxpQQ>hMWYiIq@#@v9$hg3`jLcOBN1egtD(;Bm9UT|$_gkl``xo%u_kExDpIgs!
zx<2)-U;V01Rh^|ypYFBOW}fFbj<Uf~m#A1usdahC@hUY=8|0|rYN$2+Umvs0W!TEG
zRb%`A38_yWJ&+kFel6t%&%i(V4{gawMKA4Ds&rU>f0uH4OSZA=Am-!^+!AN<^P>5S
zOlFIT*BFaM)}pi}N^30T^d_bm``*M6F4?^NL^tg(-k*6WCH2YV{zp~nlP`U6<tLsT
z&ug0lyAN#tdf8dd!j$IBvX?^xvs9ci4Sd0q_mf1k2f0b5&Uc=Q{s*?aw%&T2=*b<B
z=(DNPl=4i=xu=;rckkbRX!DUPzgm|1WRb2H{qur{J@jS*>e-(-vHzjo^2xTXxp{86
z(z)ezRx4drer4{2Xlir$_S~7#)b8>pb7MVou>7suXz%2%$@%a465bNiO-=BXn0;~&
zDRsH$nvT>b50}qhuz1Oja<+6&zt-{8B^XQWPssM;k@c@_{(9M)p6{Ieq=kj-&lv+s
z+IX~JkYDiR48VvVo)vP_-KXW;HZdWZTu|71*F;Z#fAqyfPtI)>i5DlicK5U--nk)7
zmESheQ#rM)e0a`nuI^eLzQnkr*_3U^v*Oh$W2dJkkI&26_x%))%G!2(^wxeGpf<ff
z;;ju|A7689LqAMxZP!ym^^2lU_x}3Sl$-(MCsdd^^OMd)B?C|WE<b7b0RIU?hdG0>
z^VE4m`$CUZX4*MY+7m@UNuHTHnoSpgOU<})4!Sc?(O-opXG@?sF|Kk-S<cpSGa~+C
zF-MQAKd@c*Zd_n@*_^*84w!Sr-eVQ$)f>E7&we+s$yeb?OwForO12#zlfSTdRm!!Q
zj_&vFlxs2<6tB(?)=%_T#2q`&v@55#B59&I6w&XAy5G^yiP=*soG}v@7B@R5`dH$?
zOUJs>P(@t*^r)MO{i9=8-aFBAY-(9fZ}~8{Zj4cHMSnYzIlZpx-<_Y-_h?Wm|HKdq
zg(|Biho(-OQZpTVVm5|QRW+{;j}MG&<ak!JH7;*i-l^s+uWxB?2wf0frPQ2`<`s2a
zVVy{X&2a>;a@HuE2SP~Oumj-3Ia?(q`{EJxc-A>LAf00j?nb;4n`=|#^MG&k`RMWn
z?>eW)voTI(Bf${DF78BZ{n56^qupw!!)S!?JnTjw_9fsWDdZb~XdN{7x}nrj@Q2LT
z?TXgP=H1}k80Yf=`Va8=b+I0gvVPw{g%#0q$vzCL-XEKv2Y;uDd^%*kylgSdME+Zd
zPpFsm^kAx)n%6nE^@j}$D4(+tpUy!P{3{!akniRw5BJLRauGhgzJzvE<MYM&;+i8}
z%In0hrtJ9lpv7KK-19n0_#KSA{<s$A`4e(=$+$0E2Z=QCC0tGu$DfMI;(a~HN?3~z
z&%Yq;J$*Xy6k42FLkv)z%NBTs<HL782iwm}M6$0c9#LRE<r<<2?82vS-YhBso(g^Q
z$?<_+)a+Yu7T6#7mb?&CNF}2Fe`CJy0epH2P?c{Hg?>|g^>@P{z+v(=5>;Rmv%_Rx
zAcH=d$o{}UWcn8W7MvK^O`8aLa9|@X+sWC%#mcwraZpj<L#iEY$+*C0^wLQ#4J;>j
zktYP!kymX7m!WOEY$dWPI_SR)ss}0s4@cFvdN{COPTYM{Q7qW1;_hdj3WinOE|M?U
zsN!~${K0k=_aG@TxJ<?EAteVJ=cu^f5z~W>b5-0!#KD0%a2EG3<Y9p`uvc-9ux+70
zg!;d-s%*64DdYnoJ^Dvr(y2%|hgr&54II#b6e0QgXa-7g{}Rr}N6Kn=cADsb!|L?z
zKst3hZJUS;X{^y%!Wucp(+A^YLr|%VEWpnJuOMfjQ|Y-JT0XS<pdHa#l~bhBORfDB
zV;={{#y<UglbK#=;X-TPXw1jO%rhcJD;HX~(H049Jv26>O>0$7vC7~)r?lQkB`RYp
zq~AljIaYE|FSM7Tv4LyA@jl&8gJ9y!vga|U_c6@N!3|yA5Q&pund)P&&)$dRQYL?d
zE^uaZ&~9e(33`~r+<i=btCP(A1Y4T!@=A93V0dx6yoz0ZCX(s<Ve(TX(q9Dp2U?f$
z7r;@#Jop>vRC)Y4XfSv4Q)Ki@#OYRNRAW$(?Omqg%?@RJ3xix3Y;p~pBAekyO)U9<
zo8jHO0A;GYo2zZn^ki5}g#|i=Esgi>hiL*2la%qua>m$mx6@mWv$ESiW7t2{$aecD
zk3GQirQ1Jw?1Ak}>i)^s{lld0pM2)N!{i2lQ@~sw`XO}(G^c>MXCpbdT{%U}yNG%8
z<`gmS$IM%%oMPtP%DiNNQ_Q?anTI3KDPiX8%;bUOlrZxfojF%IW0`ph_BAyNvNKlK
z$Rv+WXPmB+$qQKLI9(@_?r4^>k8WjBA3$euG=Ga^MiGqf1LWe;G0>Uk{lb|y(5XRG
zGtj9<RLySx!l|+YQwDnu%mv!M+Pj&9NsIZkz)_c84hs%U2K$+&E3B#C9YdcULmr^@
z#^M%hk?dL|MlE=ip^tyH7K2@j^r*!Z#^McY5ppetMJ;-a#rM`C$F<0|7U?&`f=y1p
z-NLU8WIO=i3@yPNLXSAbW;X}%{L2iAB}P<3BIrtIFHd>)mcZ%VsHY!fp8KAJL8?Cg
zX{%3=9CQTcHQJT#YNdu8gyL-E5FQ2b&cW%;4%k_|k&cou8B*DS&PI;>cqaEVxrv4s
zF`3JGv58(bAepv>$t|ZNcL$O~o0W4D^PXnjE|%2EZ<zcEcVjDeV<>Jp(nd#<vzWY$
z#y?{<>ybPq%;x=!t}1W|8m5NVprX0h(wK4E8i=QI)@_6FsbRq5fb@F6HP~sDkqX)Y
z+5|&(<Q34epgjz2m)5GGVV3FB15Y0+qZs*|7f(g=RmKEpJk$>vKb&DaU%mpnV_K`x
zeyVvc%~)n~60sYY@v)pik0a+xl)=bqwNh7!GYn5I3Ea<=XW1ctw0CDt@9*Kny;A*=
zV{;HYm~jj+1ou^!=?W@&p+U&_4sr?PE3K^W5i@vaQx5qSE0<~O3?tuf<#Nh{LPkb+
z#d)hKsngi&_I}Xm{U-|O&i;<Q&hF<CK4>Zmve(T~jTRPgFhAs8*_%bDmseExg!v(N
z=X{iOr`m^{YCN7(XFzv8<OS*(CiTqwh*M%9Mj&-3b3dZfDM-3A?-M51F!@U~!ugcR
zUoxp@*Jqq;evDFD19Nq90+J!_)|Zg<Wb!$G!16%v&TM4r9c%@p$D>{DY`PA%m!Kp6
z4nvG!;uQ)fv3|#o4;?mk81~xZKdui}k4oPTOOA5}&wrdugRt9n(5v(v#2(~uN{!Ju
z`XZe1BDBj<!6dE04z7+^S8OR=)t}@l9WCTcT%&XBeB%jo7;<icLzOujrQ=8QHYSVR
zp)z@WjL+qrLKe^1MtuhuKb|)WuF9TNnXghE$=e03s?1B^EuoTE=&T>nVgygf@!52g
zU52#(PReX;)<}T<P}!5{CZE;w?B-U$QO|N~X<+tQJXywCWU_es6hEqlS-SPv9`4S?
zWDbq6r=)F8_)ytzvWaIhpJ#*<ipWz9PY%P>$lss}?ge{R@1<@_7VnEy=03JHk3%dR
zagMqT9?83Y7EVRyyM;CB!tuVrP)Cja95z9f08iY19=KT>=sf#ld;}h($ir5P!&K%X
zq~j-Y{%OT@1Y6l}2&>}65$$BZt4vPuxWk+RZtK}Zl~cyv%h4^z0g>X2OiBxSlTJxW
zaZ=-x2jNb8pz<b-51t*IfkVTat%AXGkdJ$k0YEr33XYC=Dzr)%r5Its<V^|&S=K=^
z&_C*^6b1XGIkCJT^89Wk%u95f8EGujKNFq`p(GVJlZLqM7(HZ0T1a~w5Em_lyL}|0
z?M#v8+>^4wKc6y$9#dmx9_(G(xM(RR)306cs1&Cdh8aL~N3m|l!0VuU25+8%g}@-2
zfs<FP0W6J^oNQ#DdWWJSvxhW2C1yG!ZGvvuFfKBN4@ZqGxFEPt@8hX)syK}$PAf1u
z(On4%+c@r9X3Xj6A+FP`I6V|23Y2Wwgdvz&(%80Pq${$E#~BZ!Mxj}wW5$sr=DOZ<
zVlpd)Aww!QM^!S~rg0IY9oT$0Nmkwg&><P0JhMCMVpmY=ZoqCWRWjnb0ME)9@rh{P
z;<SBM+g35+g4Cmy>6pggIgoXTnO4(uAhJ;@BkQ(0+NzjsP0a1)YPvUW-3uZ7#7yT2
z(*?qGfm^>)Zvc*9L%%Q@s#{QNb6*0y?B+7!lRQW97}p_$WTBQS8I`!Xj1FMy+bJ>I
zD%x6us_5>;463C;Z2w~hHPWEw2RzJ^2J?QvU_K4FnnQ0hnxwIck!{)hKE<9zjz?`)
zjA_9EwSf&Y`96`4Yla&{zF*|~e;_|m<m0q`Qu$<&&snO2@SiU7(|;g;u*m08t%E2(
zOym#yf&7rj5B)%Xw#d)^f&3hipJVemVfJAYGmB%wrzzqH<a*+DEmbn&h0;;;8GVMW
z?_{Ix``Vz2ku``-Hm)ihTy-$(86DJkF{8g=>+6iRDcYclku~V+%r&THbO;-#2V)w`
z<2~l9M*51);eVjAU!V|9F53{@@1pG~-p$X&=27GCScbUUFk`n=6-zyY%~4gh6muwh
zRM8!DctB@gVzbXdvP?^rjP#AIs%iu_xhkV}jZv4yNS@{9GCJGMWz!b9Dx*4Awe_SU
zInd2z^hb@+bIJc)mbvZ@M$gDxe0;2ZR5HrO-2x^Mqg-r#hmgyHvD%=L(K#Bc8C`(w
zWZQGKK@}rw5F2hT6Zj|#bB9qDj&oGZh!2YUI-~6xZCl0YT8#@BJ%Ww4Rd<l~>WnHz
zFKArA$olJBcb7J(X5{*-k^ZW+zeimgMy|ga=`VIpW&1AGwl$2h^}bxp$krX3nzVH*
zoF^-srz>=8nI~(Bop-BHa+G#`2_w2j=h=C|PF#Tv5+k>YYFkBrB^NNFu1eNLcPCib
z8v3gavGR$Y%<o4jK9@#qj2_fj#bwL)uF5D*w=g=}{Ya+umHy`f%w-{QM&sEO(-Z-^
z3G4_P4q=(<QQz{s<b0FVAD<2w9+cD2v8uhRO%>L3hC4b7n-_PqEnU*qwX|(TVS7j0
zW#NXd&cbkKduhp;XBO6VG%jzBv=!DbZ*FNUY^`f(>+CLE+19bNaI%|IP}kmGcy3#y
zD;z<w^XpdB6)r)cm319q>!hKr)nZ{+TU$$KVK=Nh>+)N=i;K?854SWGwlvolE^cTz
zIb&QwX+cS0bEKhVd1Ls0Q;Sd91>45X&K9LQI_nDXa9*j-uExf2Q^67r6&PRbfH9c$
z&5Oac&8_V%5MbzziOX)L%P54-aSOF|*0#5G&;!Pq-r8Kfv#X;yve@Mb9I3AS=Eynj
zM2ORK#QUCdyebgDrzhaSr#FCa`V2b(KiCQM(@Ic(#%U#9Gj(g@TE^_%Qu5QM{Yd+Y
zKq5T&0txtBqia{XMxSnvV_L%YxTSpB-nH~;`z!RP)8~^uZM{jF+1h!5WPGXs_rh!J
zV|%*xBoE#IOF6p6wE>@I_K(|=|99oT>npa_qigw61=w777~CD>w{VX43Z3n8ylz&x
z85j<R+jO5+*64=f>oe$X2YJj6)3Y})029jNbK=ntFmW+nclM+}8Z6w7w4K4a%XHld
zffQ@5*ra&05<?9K9<+`nli4mh^mcPNnZsHzuV_n8?!>Z#nyPKQsFC}Sp?$c6?^@U)
z;>2|HKDa|+KRJwk-8R>QZL>Q>?j&WG`%mgArKe%MZj+r#Y~O0Fcy!;nxo(TCXZrNB
zAELeFP6~e7>EQ0CJ8{_KE6tQ=S+Aaewujxav|Ouu!0t7bT0AC*)#C0EJfly&-Vxkq
zP2MQ!u|UgkCdW7bwdYnZP*Y~;s1slG*LJD;=GxY_MupRDyK0<U+Y*kbmbS>^kp5U6
z>1<vc2{(rL?Q&grZ9`p4OIriWw1+!d>moRPt4O$8duhk%1V%Kd6D}wkCk;5qE10dQ
z4R^Pz>9cA==Z5sDI+Wka>gc@_9BIq%g46s?TvVFdBKa-NUEz*8W-Sio&qg%6B$SUc
z*~Esk&I;u>!Mr)r(i{orH!Y9o5}m9i($(ZPgDpUdn>xZ_g<aKeG_;0W8`@W?TKA->
zaJA|xJ`=ss%AG`4bSm~%IHFImnsvLEhF8@_!YkFX8IcvbtKhde(%jWt*Mi<u&5_#1
zx~@7^k3Lwc`gGpO-HD=+HgsZ3b7#0wk3qY3sVm|zaDY_j5}dn3eO$FI?{ceQ6C1;B
z6X6Z}hBN)jaEDsi9BFJ@scLKWX&tR<U*6TJ8t1tF$@JZ|sy)n(>8NXL?soT4zvrQv
zJFQ#vKD#WstF63}a5vdLc7j?Q?t%kU*IGO4LVD|jzzGH9ccJWc^yqSo0Ufn9HNk+H
zt(}Wi{i?2Tt=`R!a8oC*f4U6n=ZwMCDb|O2?w}ZE4x8Y1iy2wWj@IS~UP_@~T_GD#
zhpDi_*6ofd+l0a#?Xe{oZS9o3*uK2J){ZSk5Yqy#c&$~D<*l`C4P9aM8B4c>>pE~0
zG%V3|HHKq{fu3Gw!mzw{>%J?aS?8P4!g#|%w-lrAR?=SA*onCnZVWdn%ud@&%XMo@
z(O9;T$Bl7}wz*gTLie`e2ky(lg>~IsxN!;>>%tr}(<!>vWqK6V^mET0AIfRyXzT3c
zeOCUg>7n9+lA?m5T=(F_8yQN4+?znPK;MJa&WJR%shX;3wUeh*&7N6PJ*{@;jOuBX
zlV?^<Eb2FT%8ZG{c<j&ccQ?{8?pLD0XO`VPP<XGwm`@V2u=QfYBTdaa5Ht8;e>dU~
zHrnsUHXj@9`PhkpHX-m%Fm3pNgn>Gj;v>M+xejNb&XsT-m^xQ?41R3n(TFK=S<7d4
zS=csHK%fnoF?FsA8JH&HHd^bqgPBEr8-RV8h3#H29$IStJ(x|R%~N2$yFweT+8NkR
zE;FZsDTQz+$Vbz($ptgeCJ%fXm^NH5GEnD=sTE9}t2_qQMeagOKXwg3T@`e$YVE44
zN8Hun#!D=9gj?zg%=uUq=oC-Ysz9Ij3hFyMp|&x>!o>ySj8S8_e)(b?n{}<>K1wqu
zQh}RWS6|-|UePC;7aO-0V}eu7;xOxAJ6w%te(M5tssbGAt-LT5xOdwHZXLQrcNZIP
ziX(xQOFQ@Y|1yMN$C1KUZ90s@r=8&x>_X}k!PHC7a7U0j%hQfCp}?fAzZ_)Rkw8||
zU#?*4e1B#W3eg`2)cRw4=-&*os^K&gfq4w$v2mpTPj-`F!!jk<7#6_arJCFi*2{b@
zQLS(0JPf-zLa_ZZ3wf4l_bV(ncvNsd*dDtdVX!E!{0Vp=1mDZpVDm18ApK39jE4v4
zSo-4$$ok_$Qd<V7cBU&enTLZ3Ht#B=Ei>yw9E$7oA>kU@ytPQmdY4qd4((&TY^JSu
zE7+C+s>^VAh6pCuJihBE{T;yzPubAuk8k@~e|Ljz8KAlj{@xH{Z1e6kWoW~YcoEJX
z=tKI$tzgvO9x%%kVPj|-iL;Mr2=ll-VPb2y1{0EJ4I8Z8eh8>08g7RjrfM|Mj)89~
zS!ViG*okhA=DmVE(Hu3W-aT%(ANmbH#5|7P$0q&#75;V!!Q$Jnll~ULAMNOm&!KHU
zvybet0aQ1R!Igqwg7wGPV@1UNV%S08Qx<-`Lx0KG0@$R#ug2o(pLK#ffk?%I)P3sn
z<FOq2lOCBC69I<a=vm4w<?S;v%$GgRw7F!PO1!#fV>Np9%$8}+%vkX1nI+R{u>^>V
z6dAk<2cZaFl_65J=LpAw7b9fn)(*(2uwdWXK*r$^4NQ-YrrdErw?_l>%c3bae;U#}
z##UmZf4=N$1MM4Z0x{FAC!|@<2IjA~3B*kEI1iy4b|R+#ZHVoi3Dfr?Z3FEe#Kt?6
z4-qq;$Ds|(f5s*dGyTE|=|7*4e)oj*M@aL|q5?7fe|bXwKTk;OXMsjzef`ijd)LA8
z8A$VP<1OSdor$y!wCC4dHZX0Tc=3)_-yY)*Ti#NeyZJtM_0VFs`?}DH_wTR}OR_$T
zRy;W4;sF+7l@hy!x3}!krGOR8(t>LTN_Nd<*1EB~b+b5uf39`hwU}9H8dtb2(Q7fY
zK82+w_om)mebLe`JWpC($pr|mpXfrz9QK^ImN}0s?-H!f_u@3cFU1*no^s6L$g_fD
z4n>|@tqsS^+R)VMJa1a&dCzi)Y<y-5&JmnPHgy#V9!EBZKd&DSZ<P@yU~|mZ=w;-g
z_&}J7&EZKLp&XmTh9JzuX7xGb;Z)t<VOf0v(pFzYHhwM@+$ea7;1<E{WaGa}aJS$!
zWYe~Fg0CWn@PTj*HYZD?UKKebT;4?8v~4Syor-V^HfN+p_iX{AZ=*iS)gLCa;}IUi
z=HU9suos(iIteQeY?k*6ex7XnzeG0ed6{hdA0nH!y+O{$2f|@&*5+NZu{lCEK0hX#
zHXkMPrWj!s&P)8Rj`xQ*8s@6$X2a_c-)i^(;=O`DAoq8VkG~tf8$S8cAN6~|c%r9y
z7dXT49`HkC*zt=Ku0qMZh<QC{Sq5^@96KCN>M+;W{a`u(f!7}De#1dC&kL!;XAffD
zSJNiZu=P2?=*fu5*5_2CvkJ1cpK0{Lh{;y3Hago#wmQFbWxXN9Wb1#4(X$bgt=?hu
z9K>X+uQ7TaVzS-G4Ms0QOt$)sMjwZm95l!H%|<UpOb(jkeIIr7)qccJliBeIOtby$
z8*<Q`6J9oY8DetKoF9%Doqa|QntAx2MlVN94zi;VJh)ELKl_qw?RmYUJ_kBEXpZ-M
z>g;?3zV%KU_BYv<onrI_(8;#!ETb=iPPX>^aUuO&3Y~0qzV%DJ5jxrG-9}#moow|D
zMsI;mw)!Tcw?ik}_S|ChF6d;dZ!>x~bh6d&H9E(iZ2RzGqpyQbw))#fzY01z7y=+9
zVw|~O*BB0FX;}?3dJmH1;0RYAWAsf(lI?ztrH+kHaQIR{y16Oj`<C>-753yHCpp3*
zqu*jUXwFMZjou5LZ0+%$srJvOKi3=P6Q7$5^J&pthIzi)X_)6RzV^Vj@hQ*4WVB}+
z{F8&`T*^G!(C7PxLpUdWOosi#uqOv|00{pu`eTNJ=G^Y(c?|Y@p_7B=JU_tbPeCVJ
zeW=m*Lnm9EuP4yY^U%q*fB1bl+sUU$R~eg^U_-WJ#9unFERRL9-ADckg8CuoWIJ~J
zD%_6Oeq-|nY{<cU0K(fwKWy0g{LJX@LML0FJTbGbBhbmV{d{qs`p1yTc6_=1rG6AT
zIcTm&ES?tcp68Pdrz7U(KxY_?%|V|q48xXYI8!i(jXIjB#*tCB6frmJX9C%jEd$g3
zZp70B&oq1w;wr=UA-<FhpN)vQS)WVD#%Bv{z#$xed^Tda+c1CPz1HwZ@HJ%k>_N=U
z`sA@^eQu=<d~!YW3&GnA|2uT<1O42Kn49&pi)`Aqhc;lYdma(I*YFq6pEdj?_$9;N
zfVtjb+2i2DWYqO8Vs5ssBV<$8$Fu=+4fMI-uMGc<cJM_%{3VzEH5Zt{kF@oZNE_I4
zEtDd7u;D`J>}&eTM$FB&htK@1pFG;Y57$t|f=dn0hR&A*X)_mmzTt&nHp}trrs?|$
zC(&g-%dpH_5X-z|+Io2zqfdrRYz}XH5Jq9M_G1N~EBJiDa|JIDTr0RqaI4@h!9Nzf
zUho#dw+ZIFvh93O@Z*C2Aox|mZwvlZFxS4;Cx6*$d6Z!Ns;TK`KF_f>92d*;1lJ4h
z7JQXpUW;v6{<Pcj(}F`7E34-TE){%%;CX`E1aA=BL&nCi39+3IyvMe6@w(>lVHUz~
zguX}UkC3r3@XdeAuL|b<xz+jm9LsnsAj$&-4;Gv$_zb}_1Yaz;UGPr?|6DMCf@k-U
zzcsP#c^J%o;QZ3BmYIG3ldyk-Z1lH;{*lm+3jLo##}DVD_2S)vs2^UBY<mU^eYns^
z3q6mFb~2nH_#DCW1$PVHEcijeFOtpNep%>;!0Z#A&px4U_WhW!|5oUH4q^QS$;KYP
zM~LeDb(_^s6MC-D3xr-O^oc^BF7#@_3x!RC(Axzs7dC5!euLmG!lqZ~zY%=Duz5u2
z{I#9!hy6l-LFj)LI-l!X`}c(Yk<h;s`aj8L4xEmQf#sQkYXq+p{0qU43Vu`Yal!mP
z#`;eYJXG*l!86EaE>#JAKA3Zf_Y9X&H*=#+*sl`$6=buIn}iL2zh?E@!Su=dhX<(}
zpAQTBeL{a$=m&-Vs?ZM${Xc~Mnb5x#%<Hh--yqq}d7%##`e{PX6?%ctONBmB=#^yC
zC-cDEcdmWH!agFnQ`lcFc(dT$f}a-rn&2-4_s9O(HWZP~Sf45M@nE)%_gd40&1^C@
zhH5hM8Ny`DX@;djUnBJOLcdAqzYzLwguYAY|0eYPLVq62cJf~Cb?Vp{-WB`-*|hT;
zvf1CbelZ<ycWFPomphfZ@iT&K?DK_QBJ>GDpDgqXgg!^;7Ye;r=*>cp2)$eAmka%B
zq4x;=W})9fHv4`jn0>_;jUN;?j|qNK*gq%uOTpg@9*lcW>pxF$ncx|M8w6i2_-eB0
z=UW8-R`64TUlIJC;LimI;m`U!UGOx)^8{Zj_-?_E2!2)Ye+nLoHK?sCBzUag8G>sC
zUm<v_V9sNX7XvQQQN}JtncwPJn}LG)D9!45f{O%C5`3=U^99cmTqAg);H84w1g{Xh
zTJU<o8wB4h_?LpW3%*P6y@I(WwfnnI@H2v65PVSZYl7bt{E1+@-h`y=dXxMuHd`;(
zo0hrWv~1Uvv>zsPuG_86Xu<p)lhyf5((+`%(**Mu%GPFq;99{Ag83ZM+D8Ph6U;S^
zwYgsKM#0+!-zE57!Mg<S6a0+e7X<S^9BjSs2<9)ctp2IsV}gA+R;-O*@BqQgw>Cos
z^IvzYK2mV5VE$mq+VBV8mZuBmI?n1B39c2qSTLVeTKgXhUMu)&!F+~k?YY*oe23s2
zg6|RhsNg3AKP&h-!LJMco8b2ae<b)D!N&zB;Cf@*85Deq;L`;2uMMpI7{O-?o+Nm>
zV7^Ib%U&e7R`6oMO9lT}@LIuF3%*|Pt%C0m%=M{l!vlh!6#TT{=LNqc_|Jl07yOCf
z&jo)an18-w+ragy<y65#1aqxwZTL$r%Q=GiZz)#iTGjG2!7~K&?^LW!t>7lXmkI6=
zyh88>!Pg1qTG;yknPC1=i`DND{D9zx1nd8D!F**nAoPQRUlIJK;I{-H5&W@W{pT>o
z|8b%7KQC=Nxz@I<|2@Xo;|KFmeWYNnwXJ=T;BkV_7CcF?{yQ4uzf$O2cUzwq3vLv=
zL~xtnPQm<t8|!C-V6M%rzFF`#!M_rGk6^CTZCS3(E$<V|KajEdD}uQ;xB6kh?+fNS
z-P-WaUo7*vuVugBM8SMcY;6V!=6}anJzwxR!KH%F7d%Tap95Gw3k6>)xKS|wYR1~H
z7JQ}Pp9<~~%=c7n*<T92UGQCkcM9Gmc#q&`1ph(sLBX#G=ATm8HXIiGq2Nyie<}ED
z!F&PD`r&^}TIQeaSmrYj%b9{l3eFQ;Bv}7Tk2#Lc6MBW<xq>eeTr0RqFrTZ~_UOO;
zG5*&H{c6G23)cS&WbEy86`s@X5;i*p?-IO6FrTs5HasWzPlEZp#oBxz_!GhUkBLls
z67l@O+NTK~B=}UpS%UeD#g@$%%zrwvdYNGU$&uBo1Yaol62Yy4mkGvHQV#ZqAsL%p
z=ca?L{{Z$cs)PBrTnxOoB=a!>pZ}A&ZX0Dd3C!;TsMB|e;lW^jFF-vD%-`9Q^TGTc
zoLmCtkNU}_VE&UGc?y`{9gw+(<9FrcN^rg53&BeaH-h;eSG0+My9{@OR~udrUT3%m
z%<mv*&+iZU9R#@-yv6X{;9Cse59Ti_XtNvqE5rPrkl#m8-v{1h_-XJ%hWCRXGyD>m
z-%Zf|4e)-$e+9p2_%Qfo!*7H6YYf`I3qEZ4J@9*mkAXin%r)FG!~L+H_{wlH_<O^A
ze(u9P6@88Y_cP3QNs<j0fd?AqcTK|#j{|2J=GrdD@Dy-?;d1ae!(7jeH_Y{1nc)k;
z=NaaAQ+!s%_B4Sj4KD#NFx(El#Bdk5(eMiJWrnW+^E(&%Sr6uq>B(IG@y`dyH-h<}
zo8+6p*BHJXe52uCgSQ%f0L*)1+CL87ZkW%FcNl&Ve4pW$!2C%)?fJbk-%%j{4g7@R
zx52z;rhWwcoZ+M3gNFJ2GVhsb!@tCM(=fkZe#fvEc^?=~0Q21g+VeQ(b1^dCllaDP
z7C0XFY}AXfr5HW~JjgJQQQkk(hR<?G7_I{68s@)M6&hXu=J!6dZ^Tw+csY2w;coC;
z!#w`@eGu($!d7RP@0_$4-UjY8yc4|2@V(%*hWS3rPYpi+-e~wKFz=t~{{XgI4fEOW
zcEj(2d0$N%uK(^c`~jHXLs375?GeL#ckc<qe0Puc*tFrhd(Ro>dosMorq1WLe>PkU
z<~=rb{`1B=hWY*B2Znikd}eqm_)Eh)CV0Qivi#1S&!oxxHwoTvllgsPf5Vr8(+t;x
zhZqin`P~-nmw<WiO>O~?G28|&HrxUJkzxMH2EXT`{VMRehOYz9Fx&&4ZFm!yzx|;-
zkD-eU-vX{P%;RaXVIEJdhVKXS-kW84+^jPEIGEpyQGXHqQ^Q<eUT^qiFz>@@^B3^X
z4gU>%n_<4cbEn}W;GKqftni+kW&Z*Go#C&+PZ;JJ^nhW$pZV{G`KNyT?u=#mH+~Eb
zo_pG08IM<^*H&H^?R7R=aFO5%g3AS03%*ovi(p>!tpBS7ZxYPwoVDR~&hj3?dj&r)
z_>kat1s@g6>yY)y=ZBWl1@k&&b-sUMxm55}!E*%jy+muz>x5-q8!Yn~pyeLHw+Q}~
G;Qs<qd~GEF

diff --git a/crypto/sha1.o b/crypto/sha1.o
deleted file mode 100644
index ba9443f4f713ad41c46b1ac272d819d8640fcad7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13688
zcmbW733yf2wa53l_hup?WRgJ;Zz2lXW&~}ZP?HemC?NwR5QR%}Ln0xGxfhAb5U2y7
zRHW9av<<BmAJy8yXBFED<!P&>Pvuz!pLVdVR;w0KTl<RT{r~%{eY0ro_xip4edny-
zUT5vK*B;J3`<#0>&8nI0d7g2}Gnbp8oH1KR;Y!e$Db`?;8E?j#yRP1{bk84-b-(=m
zvA4W%aOKn9IkQ%6`^L}y__vq$-+5I-S=RAiA2~$xU3+?WW*;~aY5GxQ*^$W7S0l|c
z0v~z14pwAUhPMRA*9Fh+3+As3h6lEKrZKy=Dcsu_9%#>A(HL$HEvQ~F`HtI;ZrL-X
z?BJAvTL$V5y;XJS`TnH2p^jkPp~Fo{6>~~fRF~9Nmt-xhsHomNZ}Ni4H-7$Td7!Ca
zZcbUGw!Eq?Qn$6NDzd07((r@ehS0B#Da)^`%CFrLsXy{e?V1snrLI3&5NVv0oVB2$
z;-1aDyGv^C%If`W)|>kVwuLX)w|)D9_WfH;RYmU|n_nE6@q?rdq054oq|Qit^2Dj{
z3=S6LHy$+Rs|RcMKVEUH1TF?THun!Jd8Op(_LthPX<x8!X*<eR#5aHM%nZNWj^r<;
z%zppWB`H4|Jia0MIb+s@ss;z=S3dpB??Wpd4Z}t6-pwnTvj!f^dTHOA`)Zekmo8mU
zJ*^RL27bT!$9Wku(srbLDS1QEnoNXHHh8>hPsJW%rj^b=)%!z6P&;e$ipNT}2KQC(
zuilRCyStjve{b`jbBFuIE(^V#jtI~XwOjHRO{+$KY;T<Q*p~eIviyea?@VjQfMo>V
zDEm?VvLpFRU(Ihmk>4~g(46yVL1$H2UFO}{!;hPc;MBUQE0HTTW@><^9G(hzD&whY
z`0<>B$DhhSmi>m8R{BclXMvL6gzta9YFuV{%h(Cw@cRWVnRS_FeobBV_?sqAZApLS
zaD92#*vVyG$?Zo%g&Ehsd}{1Fi{Cz(TKbdxquIarat>ypT4R0wELfJCc`O@l1JnCH
zRTh{%(TqI@E~ibedT;=Kt7eX${$56C;&<~3Gm?&;Dj1hJJ(iI){kn<Yjm}Oo=7Q;C
z3t)l*?MF_){K*ea88f%5yrts4wI%&)D|UWRv9+>f#Rnx#m3=i!3p2i2vv^m{k}Wk&
zRW;2kYnIj3w3O9ccKwl4HKBsT<1>P|O%5275t`RBuWS9E$5qW9VQZ+fHO$#{;>lD$
zIzKkVi0H1Hld~fuiGd`{rf)$gH@t#SD$4RJmXsWrJlGMet<8J3F?;?DlT@*y_SU+Y
zW^DDu+kWBqiS3aL++U}Vg2r2KGCVVZH=LyZLS&(2WHOHjLNvT3bhEc3@HyPZhFPZP
zVZ$<EW{^Haz78@(qs**OD#Xo!9l_6q20Z7xCSXh!eTxmUunDC>><A8cCLj6`GB|s;
z<Lr&b>2J&<wXhIUz)L;~9|145n7KgG9n1w%mLnGoC3SYkO(2vqj>^=eRx46IO%Y0Z
z+KQB=5TOu^=2~~DY;IB=uU+s-Xp+7~yl5J+j~0t)m%Ji)<*y-A&d1eYjA&A3;1rDC
zigR8H6~VRS(J9xGuet%}aVb~Qe%-s^@g|j*iD_*(g-j|9xp><A#U|-I<b(aYaki#x
zg}oFs!#07vD{#dyUT^n9IH$M9`=KN<Wh^jW*M4M%$Boxl3C-C!GMD1y#aQ*lI7Tcn
zUi@(w1#jKCVR)tSY|I;RWq6fje#y*C$!w;-YRPbvhtHDC-5kHH5aZ9r4Dv&M24F*8
zXmTC}dl$Ny;_W_xe69`oLWb<snH)|hui8x>Z}%+t^jlR;lTr+N`kL4(*zn3_%yvb)
zk*!3*Ymv<>ho1d(hF2F@Zv$EYO*VUW<Q~>?*z15|l&$x$?W&yjSZkA;j^6GhI2wJ3
z#!bX;uo`RMMEe(!9o}iYrIjca!~`8v3y1YMn7o!ZKxek#RDf$^2LO!cD5S)cN7gas
z{SJzBxIM#b2&7h=;njO3)^<EQl%bEi1*g?G&ax-gd=}>n>dW@d&CE>?W{%Cw_HvT5
z@O%wSFzM-^fePUX;`R%TfEIIjqzPtDOaFBGyj;xUTrWMH84sD1;fX8dFiiEldAZc5
z<(qlA#n22Z^8BI`$FQo3(RWmhp+S0*38wlk1E@Y@N+OGn8p`lmCbCjHvm?}1+}v3V
zk#S|8hbpm17kL+t`PeFRRh1~1w{44ujwnT$Gq!K>Oknh_RZx!{3OH<=IBKXEMi?0t
z%b2rJzRqhL)s)_Bjn7OnrMZl9tn<#sj`L%hIA&h%lrhuCU>uTctadQ&<$#zv3f`3g
zbE`i{_9Dtc229CU?t-KZSuUAFfKxa;(?pSv;+|PdG27x2ip>@qDF!VzxZ<4ZylFjC
zPvLv-v+^mcZlFlAg_<Z-1vOT?gyKevjTC=Z0aq`(2%829-{}&H=W%$Zf#R6OB@}*D
z4HR7C(JYEHEH+U1wKh>KvDzgREf$+7{8*My?6TTMiaRYXp}5!AqB5Hp;UErd{wVwi
z>xY`%%vgBad1eX41d9z6ek_ZJdf;-_y4M;kqu^)`H|tDUUf$W~geQzTH$O3OZZOe8
z_BzKA5m3Bfv7W;3m_`bJkn1UOYz55}e#g{P_~YG7(QFMCQ}`XzOySRh#T2($gUc!W
zj#*6cpsz&@HZej!tYs8Oa3DeoKdfa#VKp+WOk2F3!Vjx)D6D#h)o2ZxDg3bNhr()R
zSUau3VhTU3W{Pk7TGU|Ehsb7N;lm9>QE9P-Vm^+LdC#j$bn=jGJ#D%8^UXqe8fH}u
z6toDM_@=KAX5dJMuZGfb32!yfU5*1aQ!EJ*FQeeD;`EwnyV%;+Q#4xJ77AxupYZz!
z7@WYt`?^FdaA&wM`H1*eUHMA|OX49S$!&R<b-wtV;p2qWvPzf6B{7U&A?ta6%^Z%i
zhwer*jn~?Db#J`K6gS4AeX-)sRee3HJ9^@)d#)<(?d!QB+8U1)M`OL^Wfxsk9O-LY
z+u7YyymD=4S6lI#NNZ25zj$3w-|FH@|4LD$x3_p^Pj@`pjbig7S4E0DP-tDGFY27M
z_N;MO9PjDriWT?6Iu<GH>Mt$1s4&{q{*Q{z?$)lgZBb)l9g)(aR)!smw_z_=)PYtR
zzXf16$s|F80e{nYL6bHHx<Dup%ud5j){>W?K!P?UXk&tg?7Xz(L|I4IrlpB)SXz$I
z#<cOMGl?F8fwTb5o76dE^&73m`VRUWwE7KcNwD|q*~Sp`^|o&DlgzSgLoyl$b02LT
z(lQs_rbKj}D+3=c;!r|&4O<pWwh^qiJajEJEmztVOdBn9t+nx6xWRHT;VU&^waEpC
z_6$Yj=>H#4N}{L#&xkMzY?<HBc61XX!qKrYB+k_MHoo4C9rbREIGWd_W&B-P-_m)b
z{f8T6AaP@%f{-fUS3ES#{$Ts(l(ZCBnzVFlPj;^T;8?wvmSy#R!>9?^Qhp-?w%)ZI
zj^J=Rpvh??z<)K?=z70_#zq94Upy5C&Mh^5YuyZHsJ>fYZ|6L0hCx5ZhH7U^aJ}{B
z&+iSkYCj}5gZ+Nw*|+Jp_P&ii+xrpm_#HKL{+)kAcxhO+q)+{d{jg5in?d4Ak#T2N
z1#OpX;HcUA<D-rAU~yyGI2#U{h=yP_tciB7igzrZ+qtU4)X%LfUEbK+7Kuk?X(^U<
z$6lG)&}7zj$2wPaN87@!Sl)~juIX84x_Y`-g%el#wi%DE>BYL$(-%KokA*Zoxommd
zToR4NBCDdytGaqxS1+H}-4^XPYocpn(YTp&X=8Y1cuG-uQCYZf4Slypy1HWE?w-PU
zv_D=L!}{FW(_Prr8ISfwcxhF*a3RD(l)xG}qjl=kaA7;lJG;9&yQ78eYrAcUnBUCV
zo!ybHk6Zhr#gYCv7UyW`P-EGgd05-~)<oMn(L2lMMq(X)lmD^ZY+pH=7wfzx8o#<X
zs_f|Jv{u_#YWsRx(G_yR_J;Hu?b-FUkv6$%=)LqJxVJ+xue&pD+B#Q7V{yM4mas#k
zhsn&DIdfWgQfpsNEXF5K;iYrJrA1{WMJ4C^eQdv8gz@m;bEL^Wl`tOdJ*KgK*7C}#
z`h_)(4YQWl%xjocS6Nd(qhwfR)w~&{!(faw$ro1I=aA$>a=|^pDNAq^;Hbf|LztT`
zCcK*2eb{tJ+HkMML_K*9B=y{4F;P$cG$i%>-oZ=MbC>1x+_EyIP8#|;6F{C@DJJU4
zd0^_fS(*SzpCw@WBlCqCn+eO@Obr+2CXI=HxJjA`rs@`)SOv@P1mm5_mi-!-*Qvi3
zaEa)-b77*MoCR5cBOtpO>dAN!v-&aMGlYx4EKVEle)zqHW!+ARdQ%j;dQCjC5;ETB
z%MM3<(XL35+)Ad%=6IKxBCG`wQ?xP`6Kz{`<=R!t+xsGGqNiy(Ia`YStC5u}`=VE!
zb{Tj0Y57QBq#Kj=G~LIjc;h;+2-Or}548q6EK}rfor?TwZM^+)Hb6WggFRd?Tm3Jl
zFzh&5$zneRa*{BG+kK8zO#Sh*Fk>J&yIG!g%oj=C`D;PmjRr8`?|jA7pM*coM*71*
zCj2oT`lpWR5eI(OUL*4J97o$-{%3a8u%SPfXm^{-K)Uu`teBVIKiinF#K&)YuDy%F
z+FuPWoa=&6*A__`2%GZqAz;V$rr~h@R)V#^D^b}trEs|R@9h2ujla|dudZ<}D7DF(
zfIAGfte4~E>b+i-0h+nE&BFvquHFIUwZ93t<>1o#!}q3yKfZIiGC<SuPyDg(wZFOW
zHy1j_$CbdvcRyJB+e&|2mL$1rdy&`vcEVpd`jGx|<XQ&gBRE*51P9Z7xcFP=1bHHl
zLn58s&3XO`1GP=g?l5wk7cPAhcI7Su>0JLpF)zOcJI-5|oE@JIx*b26JaoTtC3OAr
z2e2zcAMe25Jxby5H7P?Irsv_0cI=liIGn$1u$sPR*GSBL=v;FCD7o^wR1QbIP~tYW
zD?a^k{5ZF@zx!ao@pZ}hb9pDVK4jiK<@A)n(>yY-CW5`5oaj^kGn|fq_Ijk4XOu%J
zXs|_8DQNGMAw|$|rVpi{ZK=+4rVXW_ea7m%ZXN6A^K2*u4LV(=pndiYDS{ZWFtX3X
z%>>9Cc(?$P>t~(hFM{M#nIGMFy%KqsI4<tZ+HSKxW+OJV&9WrBW6S;)Qg*DY-;;26
zfb*nlULd3Xdm(=*dd>-c>!SX3@HjH;Isf^Ii~32BD@D)ylwY=}?}U6s^o;*iVN7@P
zx-h=@nzw{Guiq68gKvfp8xQ25@U@VC6z1;Xl<;}rPvCI&6(~=p&tBmg$ftyPukza>
zZMb9OXGAi0Y5a~zz7vw)rpVkyO%&!%iwE`GX<aA`mu8wUcV_%fMVmGp5n=9%`h~gE
z+91rb+l0BJ;tw+{OPiky)8?0C^gqXtoG#;dQfyc@PxZq&!rXyfD(t>F<>G<Q@#WZ%
zIW9ar*$8lKJosZ`KjsSOD?VSCMYwj-&vZy0&QAqd%2tEvhxY;36xwrKcsTo7ve-A!
z2F&}US@8<tze3+dh98bI59cRN7C-&80rURap!hoBh0xz5ya>$pc(TZ6kn!wd;#%vN
zD}ZCJ$F45Bp27zc`^uvOq)9lOJ%9Lg%=_N)48;o+bB%B|><7my6t7Zj`$1w}r}XO;
z->7((V&4DG|F;$YKr!zlXY+H#0gQ*!pQZR5vh>MBu$xQMsh6d^PO<%YLE?`n{k4km
zmytx-FDU-1V*6QL{69;*_<VsZ@w^0fbMif9^A~0Fk=Sq^=AfL5IbSi?1gGbk;QVtw
zxq3Sl_b8hf*v-$4%4REB;=e=jJ&GS7<6!zWSssN4l+6>$=9uC)6=z_5aB<R?8zZg}
zj_KO*2*ucHC-mni{)A%Ac~|yg#WNMpSA41BM#XL&fXb{;`ZmR@756CS4{a`nEsD1(
z-l6ylitkc9sQ4bm-%$LZ;)fOQSA0<M6N(QjepWG`%P#)kD1KA%JBmM0{1?UCfI2@R
z#p#MiC?2W!OvU+%&sF?M#U+YArI>%|a4}RV=Fe45e~IEniklSkneFWPZxP3<6n87`
zQ@mO6^@?v+yi+m1+&KSVRLnKU>A$Y{0mb|+&DlJn`1^|a4+dxRW5xfe_=w_Tin-Tv
zWw}l{KB+i}``zhN6lW^t`sQrLC_YQ^1jUmS7b~8unEN8<^D~P1tDw`*Q(UXKLGd!h
z%N4gPzC!Vpiq|S$uXsT5jf!tl%>9^)^UI3)Rm|!CP4TxBKcx6E#g8j~Qt{J@pHs|z
zpsVX;#lKSgx?=vc>Fl{Lbo?j9A1TI<8ws0K#e6Qfvbl;!DITx5Kr#RQ<H}yBc)H>W
z#d8!dP|Uv#IX@A_9g4dY^M6Ioev{%G6mM7jdBt}q=KqMCp9d8`ta!iTgNmO}{G#Ij
zR{W~s*A&04_+7>P?~;orMezv5xr+IJCTD-1;zGrxipv#GS8Vsg@(P}X=ZM>H@O{Dg
z2PPOr6U=S2v*A|QG5t8!e%^-O`Tr2i^@xdkOY#_ShA`ht_-vw{dyuej0r&#pbHP)D
zxd;D@F!v^Ng-gNQf6~vVz<j2VE5Pl-+=F)sbAQd}2yJ5Ee&My?jl$e_UnhJuc)Kw7
z;C!aAEcYX~3vUMR7XB=l&lK9+0KQN7Ch#|fcY+@h{ydm}8>Id1-~+<D!A}Z*8T_2^
zAoyir?)P64-U~i1`~diWgt>nS!8iRs0_O9Ad=NZZ_z-x!@KazuBWT0D%mu<nz*B^u
z2lH7#o7cf}g-?Mm73MoS*MHiif|m;Ok1lP(S>SHrNnpNT)4mYAMR+op-xH{x3cg*K
zdyqllYVbbc*<h~Ww66g_EW8l>ec?th*KOMHedSqUe)o7unEMN^&$Quph1Y~R7v2))
zTsR@T3;dz*o#4L-bFabw+|tjN!NY_H!CAsz1CJEG7d%dQFPLjG%kBeD66W57zs69{
z_oOMp+^0+v=KSLNOq++nvxT{TsS*AUaGfycT9fckz?Ta@4Q>-Y3|=k#4ERc6eiK-y
zc!Tg!=szpWceQQ8-0$2X{3`eh!moqBDEt<9kMO(Ty}}=Y9}woA=)1zhz>f;^8_wgx
zBfwnG*$>$`ekz;~eomO*hq%tu=6oEl2$z6=BRm=WhHyFfkHXv^eIU$lO(%u<y@G2#
zeb(c^e*-M@KS^1_yeCEqw}8h9^Zwxa&$4kGlZ3AV7YXxTnIg<@Ytw`Wz!k#RgJ%nK
zf5hKQ=yNBII^ny)O~Tw0T`s&A+$PNZ(G|k?gL{P^1Yafm9q@YLe+O?7egwQ#n0u(t
z3I7m$oA3ef-NJ{!gTlN=zb^a~_<rHT;O_`O1AavK2>5Yf?zx^2J_`P+@bAFS3BLh;
zQJ8zKUkJYq{;lu{@SDOX!N-O9J@8M$IpCARqrfRien0aYUbZm5-Qgdxw*PtmjTK%5
zX7ccD&?U!w=DO$UXvGs0mnfdDc&_3G#VZtdDdu-JSJ!ol`K)q!K9d~Zr}!bo2Nd)9
z;p~qp{;lHUicc!$GsBh5Q_OvW(|=NNxne#KoK3A_?hTy2LvdX3fa04K->LY20V9y8
An*aa+

diff --git a/ssl/asn1.o b/ssl/asn1.o
deleted file mode 100644
index 7f8f449c11af05a9cbd3901e0328945bdcecc67b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 48176
zcmdVDd3Y5?_W$2~@6B?_C9EP4mYWbl0%T*6fGkPa5fqZ3pg;^+AW9NQf`Wo^8$`ts
z1aXVQ;)dIdyN=5U3@UDb%cwYRfV-%;jG!a>eZQ+u-Ft$5<}-i%p5OER_LEM%>h!5o
zYgczyRrhTgJ9(Vzx{lpkXO0u~InJ^Y9PvBOAfu4(gq`kI_5XJ_fEYt6)(QSeMJX}P
zg(>d(i=Ct~6aDbCK9rQ2;jfQz7A~x4zO3Jv^BP0GiT=4U?u9AslE(B+OPYS}y02Ov
zax&vuA8NntzU^i0U-swuUoC65zpSmVtizAreCbQ-l@S^?GR5z7Yj`&><eH@;LYav%
zj*}NU>Kit)(C?)9-NGGvLNO`Z_vDY+7#_2FraQCU%;cH5GYe);n^`t<(aej6r;JbW
z74E2*IIYm{o9ho0`TZ&W7=#+|EW=D4vl@YO25t-wTwS<hccwcucVYobeJf+hX#LZ7
zKZZiSaVY$6eaRiRC%1n!x!wNcwnx5czild#?#%GF-*zaNd-~kDvCjDQp`vHpqH+f*
zT!FG#_HBG_`)zHh=0NNDWM(gzJFKWE#u<NY$E1NnLnA`aoe&E7`=(}uOqlQDb2I%r
zlcV82*gNfAgnPd1vw|OUgNwfO4NFP!IY$G_ey&Ox2^+056Gya$m6v_%_xo;7X_MZ%
z@5lju=cVGLl!TX3YMjiF<fiqMP)3_!BRyYw>lacoTE{QS481jNXW6F(N08DmQhLqC
zjjP*j-CmaFE9>*J@71#2`^!?lE$bEXh0ZAoIVoiwQp(z=l(kDKYn$;+#=eYKGPcbv
z>sVOUdAP67ajlabwpWzgvicQ8k%$YoO&+jqY9@0U-X8`QZX2_;e;D4QK69XO+XQ&-
z^(AD5v%>4^orLUgcKD4#ScxrgZtr@ya9h67+g#R-HeU5?4EHP+dA>YYEGkRF@vCUG
zaND5F(8Xn4;lJ5Nl5<U27x<s@C1i#(!$rwS7bkbUCb`Sz<ZkN+{Fu-?JUzVr;Ufv@
z;q>tO0Y?&^-}-!b>+YCSR~`O1$+zO2U+;7`C%3)4?9O&8U)l1_<%{mjUAb+`z5&S{
zijv#aC$~>Y?mQ*2rp=wxZn)_3HGkc-H+iqLp_JsdQsCc+yHDI##NFn(Dajoyw71aC
zgUpaGxeqF4dve;V$-Va{r+%B<>&AAi4@ujb;_o+oW+0S`yoLOsj`6wSL2GluXL>ED
z{k9LDFJrsgJMFWA;G!RM-}Tzh@R<A$!>6?mgxZfwaM%(vTbs7He)}(^!d=~-dG^<%
zzEfX4ic_w2;jZvA&-@zd5FT|&rayks&a$_rMVk!T_MXo!`Vw*cxF~r4^PBdr!O5Aj
z-RDen(JH$6#uYJw#LPA$c<R1U*g5uOoDfcW;_yJ<QD~{-JNQ;ibdpjs5=TG@D(f$9
zm!233^&N#1ysBa*k9;sPd?=eu=DE$m^h9&y*)~qqfb0p0NrNVp4oyTaGi&;3*CqEW
z88&KWV!huP5mPn3!-=UGiKmzL9ko5ifvs`qJM$8U!JIJ=3JuutWlm1xBfV0Jc6=Y|
z5Q?38!X@y}>(IVi`H*$K6=R%k2k4G;VtYo?H?bX3F`?bNzHa;btQ)cCl$f{2<QF6-
zrB0N}y4e?snb7Xz?!ieDL%x(T&bZdd>FJ~T4jkZjrzR)&%@|PV^qc->@6Tcn|C*HP
zRd8P7l-9#Wd5rM>w^N{mY-VO8zR}%9=MxHM2ED_}zI`^usT!Uz!_A91wLE5AJW8^v
zIW*s$(CMTTPAv(nK*t<<a7gp;8SaGMR}TJp5JKm<H~39S5ATG$p*L&q6@N#s_}3m(
zW&g(9kDvYFR~y^2|N2!Od)GJa?=Ah$?)o+U{+*lNTJz~eM;5i;mcxF0>+}0edwXSA
zQSh73w*7ejyT1J~PRN(hF2kKzfELjsU^4OBM)$$VUZ;RYmmcan0!^c8;A@B<z2u%u
z9$H`cb6$v-gua>R0zbLtk$$S-Ui{OD&`AZE><Yj1jR;L~y)a7(^4iUCYkX4@Q=aSZ
zm0`M6Rl4i>Guy;}vvc2DuY9`g$o=iN<+tpw_qO}Y4d$vV(Yt}F0eO+@P(n&L{C(2E
zl-V7J+I}`v*uCShkr_98#s_roi2mI-Y|v1zf5$apXYyO^K6UN+xyL(aKD+40MH%js
z?L%!|_I=sr)s5>{#7bxSS!nx9fj2jVQj$dwi*`IAl=N$6;M9kXuK4lTD)6o~Hr?;~
zL!lR@<ON=sGb84u4xRqtH22DkS@n^ZxR>Uh^itJ5@5j0h`T;Z?UyH;=&g<tl1@GUx
z=Ep@Z<Gg+q=XLVTcBsehfsik@n|E%9%(;Dg`-3wQ`}WRo``mUQsW(o&SvaFZ-^Mto
zlf1;f#cyuNL+vFFo16*#Zv)QETpnmQBX`I(J@b+$w5zJ?d?fKFsihgYFI|(@?kDIY
zZ9XU6otfCD_m*+{f0JG0_k#k*8R~`xk8p#FXwr>e6z;XwyQ1;hyXW~$rcJI1-p_J=
z*SoJ6f%}SyZrWV7$BvG4fHOj0`c6MuRn+D5qsfjlqRo^<DXRK(cYk5u*jUFg^3bK8
z{8Zo1DQ)8O+?3IM^Uza%e&91S*TRi4NCt|t<;j85Zft#hUH!0d$^7buF#c-m8pCDb
zbIKM}SA+|SPtM8>S5+^lgx>V-?VNszejo4f`mUI;;&5x%<^9&L*!+&W%t33@_h0!q
zmX4iUKK4hj2hdKO#Hq$v<qNcd?<)Tv0~fki$2i^K;dTUjZ|ni2*GX&}@WHtdIZK7h
zEeswE*R$mvhb@$XQH#Vm1A284y|A%!l|R5FuJZjcaCHof+Vt&&?mgIzmBfv%aaZ{+
zbOQ-cXA-ZDvFU3>9(vL4G3m3muE+7Y$Ha^DG2TdCt?tjz4IzVGUUEzt{}?d3Oy4Ts
zRsKjC<B`K>B6jnQF6<^6yBE4lVnlZjbmv8MBW2Vok_Lb+&%8LtDURso1gPXiZA?00
z__?iu-UPU|+~X-j0$F`FKd(dQ_J~f4{IE2y@~e7Y1_NwMp1rUsY1Xr~)r{kpM~-{8
zBIPLg{jd|lLkIuekpTB=6lQm}7;L?Rp6go&tG?HB;PVIKc%=^nVgfPMwT+J7jqQ(W
z^t<sJ5!&yIS%C`i`{ME_jE{K=mi+N?ye9esF{^nj5ch-Uv_XK_z#nMTjh_m|*uXXL
z#8KjFX29CBfboqrPHLcMSC|N%1gnAMp^!SkAqXBwAqRrIPYU!R#|N7zNhODZuaSF`
z+XffFVjzv&G05wEpbxooFoinl<Zi)o$}`Ae$M**Wi0L~X9^Vk8IOc@u#24@{W*Upa
zw+Gs>lX8%-RzE?vZEW$?Oyn6j7CW8j1bqk?d#Wk1;7^pFMve_G<o_9rC_Z>6dFHjy
z51|Og!Ho@^i2uIh8F&^231edC<|2yViTD>=L3D!4c({@r2tLZBRFUI@y(ynJ1RM(9
zL~FI=&cV5qFC?di<~gy8#)EQ#|HS{;dZuJha5Jqmkn@7yuyz{B!-Hs(PV7?FKt9q&
zo2?lY4J0nYF(0H9__or(dABpg>2deI3{j}YiTewWIiX4??mki=RN=(kPl^vMbmAT)
zg+hy*xQ9q>Llsk<xQB@yLlx7UxJQVcgMDEl?oo2LAaD8O{>rq4O$&{CoKdAB6;t5)
zl9BYdCuRU!HR4}h{OCGlJ=lm)@neZjklj`MIC3c1MEUq8aOdF12pT`(I;eCDK1!ZQ
z4hI)ef6^bIlNx0A6@OB1NYaDfQa+g_(>Hhn<x{T2|Ng-q<dd1&9Mc}+Pgw)WAg483
zC!>m#8wIfeT8It22L0H;d-(6$26225vCRx${Pf2VB)El<okm0j?1aPJ7`hh0u7k&S
z8H3H(42%uDkN<Hr-1Z;%=gwkzxt)-yc5@e3!M_*B+ix<5C~f~|{PVOBn93b?QxbMf
zzze_~O~A0rkjI&jVPmjkLt{M^nXyg_Dr+4##RNJY55<n#%W&r>8PjODOQ&kb9biO`
z)Ad(`a0?j$w|wkw^Jj=D$;4F1h`4n#krgtTZgF=L!x#oi#@-$FjAt%9J<y$*{;%g4
zMmL#C7h^{q{ssTsT@>VF=e5*r{u9#YMYW4jJq=;9iE0<4`U2jhMg*eT@vzsuz7pO&
zv@w%jlMv&*2Hu`LAH1XY!JC49%Y9`tbp31YYwGoHh}=&Oz?)i&e=N?cV79kg>|2Ka
zMZOChC+&3{x$HPfi+nt>P^<Xg=R>5;Uew*@FAyyKdx&<!WI9VQh=|i$!QyB@8Xrz+
z9;W@@xy7&rrwE0;4MKN5Qy+#3?*QE98Mw}QB`}{Qup9=w5}3~tc$8k#E=;fk@Oqg(
zi&nZLK-%zVY+gnrvV%yayM$`?Ho|T0iH^jJYzZUF!R|%2gptjn_hFcGmr!vfyk2DI
z(aJ;c_R40OFMk9&87z}h05^BpPsm1JmVnO`$g4PLis(B)+Qlk~%WYXZshc6*jKWSt
zWGwJyP-VqEYAT?FepCR@`K~+g&t1)A*!vu}`FLFBz09m;W_lv>B-0>_UIo0#H<(~l
z{1d$WOv}24R@fr?ZQ;?iwC`VYPgB3=SYYDa($ud4Wo^B;HuYS`qw5&<b(rdjJ9hEn
zmfPw1m&j3$mZU6n-1VN_jZG<wBA(`^6!fk3(Dm?5i}=<x^<xif53X+Nc{z&0y^b*s
zh0UJLjKX+Nqc@I;H{Qkce#fxJyO!QA5%2x*rY0h_|3s;tj~fz{bPU2`OHG3Kdx)?0
z#4PaCG|1Q{?>Dj%mJHi5%1f#!b+Bl>W;Jd-R-;ff{$(|`9IJ7bXdI8rM{gIgY&=$D
ziD(S98qLRQTp=1~SdHtC)woeKmRpT=$7<Xq8XK&}>SHxJqpVt?Q`==UPW3f0z33}=
zR<FsA?d@CC)`vFjTNDq+>7NYsv!UKU!$Piwp%w}(OtMgHfu|sYquuj5)^$J9=YGXD
zVDH)8=9|!*lX)p}zhb-JjSBWo;;(oTAEGxAa`!7<o!X%)y<YPWtqg#-S2DvM=6zxs
z|FJtmp4<Vy>95YG;x7zmp9tLMGCWRrvH!x@PlrJ-_Fot~p06eLUl{uX@Mf~3*nm9@
zJFerV!hq>1a!gP0Jyc9jaU6PqGzOBc)9cJws7~rXAm&wR48oe??-uR0p^(NXc-$Nd
zw>ai>Xv18@dl%8WVZghH#;c2Hyt#-TKaL4(WfZ-OXo7d)yq5;LxK7qVMB`2}Li^a`
zHs7D<IN7E;CK;0j$Vay6X(k!7HSp(D;F3JaT%K=$H`iRoCL2RL;2&UOo?`s&tlY*L
z^dBd?yfOI(M+c5zx|X<ip`J`(`jOKKludOP;h9Vo=Gi#mOku79q-8+Q7N%*iXuP-w
znvZ|ANOUf)+tW>)k3oCzT3Yn{Kf`|l%X9!Nbfx?>_dUd9E^&i!BAA*hC-5@33XnGW
zcOyH2&E*svs`9MNZ;db)K=v>L*8|=I^spL3u7D&C?K^KhVCZHlBJeP#g*q!~rL}9)
zQ4BSc4r7YxpsBR^zncz}TsIt`v5mAb+dTs%kUkdvCfXSac$AO{_yBMs)rL%iFNj18
znGLv%Nva0SKt&8c3>XQWPmrS__3%7_!)ZYr;w25eL&9?Bl-|pol-#slXg{f6L4}p!
zB3?GoNQI=1kTA!YBSpUDu9G?uGF}EVjI4xbLF$K)(Zc9sEu?)fM_SlLA2c6w(;2-X
z;FaV?_#R^^6niE4Hd1a%@@E1|vMVY(ZRhV>&ANd>n@q#85A<&HLv8I@&}7bnJXr9~
zf+lkoRM2m_r6!jr`D*yR)8Haw=~eg#n`^A+|Al^YRrUPcP|O3iAfS7(%PXsI&6ok^
z3T?gl13%!=>)gMgLougG8^9i>^-}kG4AZF7WEfi^^LYj!Z3Oh}Y2w`pvd=N?{}dcz
zZ|tsc--8L$?v^nyZ~9hSE4R=}<^OD@7Kb{}%9U;^ipf}c#9DdLT6vFFF8W<7sgodP
zH$4Wy?d8Ybwz6qlh2y+vSIF@-V_NiqsW-^+OXc_?(*z@#O}z)lmm#B@l>MTZHB)1I
z^>_L|goCCPJt^R19bk{R!Bm_br*WIdx3f)PgJ}ZaAVXdg*kGDKceGot32ZP;U?Tip
z6WC-dT?zld1<0j)uiF>>Ug{5sj}<crhNJnxZF>J!ILy<me-{AH6K6yjleELNLqTry
zdM4*owuv1sc?Y9Im-noR>}&Y?pMlVuknOYu0A`UF^+gV%jScKV$PPdAgnifqa9@Ru
zjuo}J6s$sw-~pC9nGXF?qv&K!V^ZES9y{XXHlL390bB+U{4JL}5bX(mnDG3i@H2UD
zn{ZdcH?kQq-iDOHaoqRZ^uGc&uo>P9cmUAD9v$)wBzqv~{|NLSV3TDY&O|(M?DMmD
zDR4hBrtJV1&RH}{@5=R&sjveu;8oa1ro!5wHRRM)S2*s+=J<*5X9t+MkBz0}@E^a4
zCH$%Jo3rkpNB}PLj{BLL2>a@+dm8HItos0v7K3YyJ?p%_khl9i;vp^v<W|-q-Y<;Z
z5HfdSI&2QUiP`wt2>U@e_(k3x9WwsW^yf1%-xz-x{He(j$vH?#v~%Qb?l3vB`q(3B
zML6=3X$!b5Er~@i|C$+aiei>IO->5Z=48E%e{P(QcSd#$&~5J6(H3W%kGDpRNP$<J
zp60dir(Ff>m8h29xYQ2BsqEc~Gi^L4<v}s)KIWsdv2Vu^-R2mybFaEO8~a-$_Ph9a
z?{$!V)5Ui2v5W1DXuR_)$yj2m%QX*3o__`W11B)1fxb?-bf!KpWpXPr5<TD8zwDDT
zdCna1Zhwo-tuUS?5H(bO6qV0B6*rF-c(V)*^ySEUN5o<8H3zq_@3iJ9$#KY^8BB@8
zTplYnCk+xWbR08pv`(~I0jJ+T*jWsoY_yn)xPDfv%xd|Ze(|(5tlnrbA#u}yqxv)B
z`4<C?KOcqR1hV+F-was+|KSYUjQ{zI@h`Y(2>!FHDd-Jw3TGj1ie9IPP+({g55@-G
zhII6ps}OU@;Xou?3ZJwJ*mF2zZ^41McllURz?M?L!_L?rVKVM1_Cp1HWQ`vB|Aw5g
zdytY=MeOKJik-1%BHFm;*#-WOF*;)(L}KG-u~R8vvvTq;fFPk8)6Db4WXa3dIA$iH
z6OVYMVT#0*m*ci`dna~C@FylEwsYIZwmlx#@J^0Daah8M2@`P=`cs{RgpoLoYG?yQ
z&5HyLE0z*!#icoP;ybwh_=E(8b>R)Rju^^Az*ab#7(JTM!Hs%CP>uKEq$(zWCU&5S
z#AF!GhNKO&W31t}S?;JVUK;y!nb;w0V#C<AHGx4pcp`b|kcEg5HYTdvQIunt?Bhh)
zcsdR8%oxw{@R*QP>)c8_j?*OpRo1m-Dp-8^ov$nG!gOP}!6wFsBE?z`n;c(fJo!l+
zC_5hQk$_rgkIP$6iB9BUNp}L%-NJmbvIhex${x)3l7uF3?l<-Fi(Qz{HO1Nc3XJ*q
zI<F~&R+>G4fwU|fZxKOyjFW59meC!DirneP&q$bQin%Y3bVH5wQ;CJS{xIh-9^B@s
zFflBRtVl_jDrgZ?cC_$W7CBOID1Lf#C1>ItAaT-*I0xDqVMYffAeD@5uu_7F6POxC
zi5!^J3>hSO%Oju@Xa$EBhUs+U+D3zTr0{BomPhD(w8+Is9SORzXxZSzjD#{3Iovdm
zf*5ng6ne*4!GpSZM@FaNJRK7aQ=7=6-m$S!aUW41r$y95Xl~y1zKBjf_JD)2&J6&w
z;bP$3Ks!ZYU^;f6le2;DaO|#AM2F8&6w}Se4l(|lEsXy*6jk%FQx%Tc!uZd8#5(6X
z@xON6K&F0zv)EbZ#y54P&<3<hIBvFl{GW*(@zMF(;2b(XU~id|d`Ko?cb#H7pBbD*
z$LbbG5|s~WjZr9}v(MmcItM%{or9i~j<rzI!ooW^;&+0-ZXhr)^KFfo12n_1s=Vsq
zJ<k)-F*hnsDadR*+K3&Qpz|7bpR)}Az3m7bGg{&l(dmfYD+E#}?1+d?_sD_YhAh@0
zi#J3=7VD7FvWmu8qC=LbkR>`~w2Z<?#fe^`=uC(tiZsbPKxca7fK4q!W*CKHI#UhK
zqGNTV>5IlvqGKu95RIio#}Z8+2j&Zn=}2qlNPLYaqO;ZD96HZoZ`t6eYaVKxVmfB_
z#+gmW>P8bu-HWihP6?gu221H!-Dt9|gY<7kVHO=KsP=O<y#FyOD*U%u*a_Wzo_#tc
zxNmTsS#)M%_p(begXzvJI*qu4Xju+4(i%t5X6bamPKDwPq^{lpIyPjqRH7kEY)GH8
zCO;ak#D=5THjWI~8eq&8(V2q;am}!7V<5u985S8GFH5I06V*m~x>e*f?{Fh3qT`u~
zoQO3LE%uJm@s7^6Vb6!?Qtv38%MDJqM_0kS&O1uy27@!~QO?_M@{ZEE(;#~{v)u#l
zpS`1WIKk~YoG&*Ui;#mW$Q&I`Xtu12s6w$;h!!~&mKzHtbgYGF>!X5Mp}>xfa1HjL
zQ}5(tp{MQ{=>R$4d@pt+h0ZqyXVdu!d&^W&*F1(g#dN;Lj%G&3>P8bt-N%eV37w}5
z&Y|<1C#AzlE7Un1YayD0yCMCLQBdK(O*)5>+wq~+DWc=Yy_xHj(&5lr%WP6N#^@Fs
z$LP*+m2Nbf)J-?KC3LvJ%I9EYLzKZ&ZKYH79z1!ND++-#Mo14GK9Lx?RptO{0))I2
z(Z%gAb?FQ?IFk-XG^s(CtB|3=iRd{7XVN(nJ2h(Ha$MVWX6}Mx9_XBzdx4Ca8aC!O
z%*}twG8O*YqGYtoBm%mt4Cij3+iZBi2D+SgW+Iq2Cd%gwj3kI-;~ZeM+2E)unJ%;B
zb8=0%V>4pI`JMP^{*8yRP}_KHzO6diW3;g5SXI?CMHNe<iltG-NZ-SObSC_NwHQ_W
zFD!0?Rc4>=7VJ0!>9E02OxKHaRy1|9qN$r@^J^pZIVVI~2idBUt*$j1>wMduV+_`^
z_1iGke{8t_wFGPgI47-bpfwBB7QaOn&B;Re9y^*n9k1EXw$0wCM6J!HHMT9+nN8<o
z>_&y~nUNRK`N7HwY$dR+WB<}bSYl(rodB&JFp4EK@STS?j6Hi<Io)u`JAES;8QYrB
z7IRHKFiPXG2CRk@qL-w|buxO?l$>`oQe5oZQq0L*L}!P=*>qmU-m=@HE@v@u{in0t
z;4C^;H`?t{H`6GT(BW(+F6~q44)?@#UKBB1+R(irEpVLMQ~`n02`nSJR93})HN5LR
z5glr%^O0ljw|htF+->kwTY72m{>Q9P;XjrO=O(<wMf)Tx!^vkOii#q)7o3k^$QJ#K
z6{?_7Q6wlw`ww78DbN{!r#@tv&JgS^D~`H*jczfWETcP%j@6A;9CiO?bW7-@8{OG-
zI1_-zOee>a(y<nzmt|T=#Sv3+1O{fsStI5E%`mL0Ma~#Z_e69q$IeS7-77tgTq><9
z%~F^12Y#oiX#=4gJ9>nLa2h?NvkbdYvGu_jft$_oB09Sb&Y{DB`IaRZ)h(v(%SLxL
z9jhBHL95HO*|<18@URI~tVQ=3(R4cA(MU(a*@MT-(TIpKeddYi)WtKGv*?_My=8i-
z`>xR~rqf__=g_gb(ezUHUq-it&QI8Js?MMrFyTt*EWu7OUD`m+MDBE>7N#o;B~c60
zm4y;zp~M!(Cy4AnCXx#OZRQh^ymr{pwCHdup6$qPJ>Z{&Jr<J)9Fwr}WXSqrM=;Jw
zO!m+o?G5ixBZ~CQoN(auJ_69W0ej0@pu$R{P)z4K>`Vw<Dud6o<~g~*g+8!FryEA-
zaT%h+mB%g3Quj8aTTG{`(Va!d>P9P<x=$J15<1(lGYNEedSW`g5SC)Pv;mHsYP7%!
z19R3AI77j<O_$0@vdzWI(0$XGEuz!P9F1Iwx<L((I@oZ9l#K@L#x-nZ*!f_)5PLm#
zzJ_2oE?wbc1#jyg!2U3H`{-cC!$pzvAiOW<eP~DQoRZ<Ro89ac@hn_Od5>uCBJ6SA
z_;9^JG4}Z?9PdH6;((WPUPkR^?=yLyzEjEDpd;jkvIF+xuy@BE#-5JdUKBayZ8uKX
z@oZ&VKZyMhc6&Z?lFn{y)MePqu~#bjb_~(_oQL>O>Ha&hHU7ISJ?w5n!vZIJdP8M>
zLw5DN`nt2{*EOD9cTV=g`nt0!%NrZAD;pN(4LIS1?6Ufb#nrWS*>e|HFQ~|_DJ!pQ
zSdx8iUH#eF1>TXYvV{w?N7vOhR@Nfeq_T6$vgaevxn=d0)<}6>jm7N7y1E4o*-N0^
zP?ou1Np8*wnUxEwvKLg(&7N0Y{@VkCvhuP9WLMXgFIZer`F~T2f0G4CV|K&RhW{7R
z>6F(mUD#NMhSN}+n^n$6(a=~?QCXEWpXX%b(uI``K%7yH)isqMv~?)py#|lxR?h>M
zR@W?C00A1gXHRo!O?5*#1TbCKP`a?Lo<Y5MP~Tu<vc9@@p2x%4$Qm=NYdP4AEynZ>
z{_T$I_p{^h`!Jj2`UAnB;a2$H6pV#MU%&^cPpByvBjiSCc`#tL{XuH_f8@$w8jHvO
zWrn$)h!V<|DfS2P29n<m#^HaHgrZK9(Q%EW$t21jY!A7Q(IUzG@0zepVu5ykkC6$;
zy=-|po_+rJ8T&3XDzSSpx+Y6!n^?LSo$oIQ9tS1Yl$DoIQvxu-OnN3RFxl{%0C7Q<
zq2EZB8;K{k`Ybcgg3Tlo<VC#9L?0t|5+ScNc9M+5F)>yePBKZXGVG<wC&fYgNm6jg
zHtNxh#Z?6ui&U{VY%UnDtp?_$$;568f|7tKpjfGZ<0E0c+FoK}^lW-n>s3Q5k+Z6N
zCdPnCtt|oO%MJ3s*Y@0CTQ8kR0mB3&C+#A7ZqQ@sA&h7<SKYi^bupoa7=7l@mAdh2
zi2q|n;vLohSqf>vPWbPg4_=))CM90Yd36(Oa&n$2@mP~WPx8K3`J23Q^XdpPnuUzb
z8$PzbTfAlqpVx+2Q5%g0&o!wd51WD^9Q10m$+Rb*v9!}M1+mtP@=F~hWQ-CrS{I)!
zaYpsEmzY0ZVDjM$wt>vc*$>{4%e-XX<5_*(v!^ZK2n#O8bQo?h8SD>s#Q#Pk?`9I<
z>DWZ`{PHRzAm=rc;x!5zf!7SZ#zJe}sdItJc9Y3(T#M>t!|`;wndW(c`S0~GHAb_e
zswA%vFHi+~fl0sDpLh-Md#}!K@G(xFF#b=LoAUOVU|uPG>y=X2#P+!DrkEYCwmhwu
z91|qg6z_YUmCasn10S<0KF8P**{wE}EH9DW;-&EY<*K<rh6ZI)Xd06tFZ#Ean?`1`
zAoU8X-bu{X_mAZ!LS3JCd5y|;0qm!};J#o7us(^r(v346f$rM8TzIF+a?=Vtwl<@^
zyVovl*TWRqj>hYQsi`Ge|6G%gL{og7Ovk|`5Nri3&{&f(uW)^ay-wLHICHA<tn#17
zFosMxLnb|jyw(_J!pE_TLGQv6i7|1XVdUP`C&kq81*Ws~E4i2YfJxcmWv2aH?xoP{
z6d+@AA!A#Ik8S66&-czURm&^A6874Jmm`nu^@;(#&cyrgGp7D09j_gEt=Dw%$ghMq
z<ejU2>HJw6i%eoVnB>-&|D7eDUN_9zvsYYZNnbd;nzz?`9`(BOR;C<VwjH)kuY`2l
z@w%ZHlLoJa+MWXWW{TD2jOp=iUHqob{3aH!CTv^tO3OPFkRF_wxM!bRU0U9_#Hp#P
zD6OliYQSq&HD~jl%vm(C_MB3#8f&a6U0PAL)Ce4`&MW1eSy_EOMD*2`LAj!~l=pPb
z;@XDld9{@lVZNbSTe+msDJm`~UATB|>DiS_OKU67b?Pgt8l18vr8Q*>7Sxr~cnyt@
zE+`#6wy30Zbjb{-s%|mX0P@a}As1AaGq8jE{DlZf>AcFu(#4JCr6!#-2ImYl!SE!}
zIB-B|qp?|6>#0^%BZ&=*=kmFuY(b-!*l8wTHAsbL6iXc`nb$Z!YM-(tg9qf8Jf4Fm
znQE9^P**!IZ2q;#s28?$?$X9eNg?gx8Ko4<|LZGj>dvVwEiWrAudHuua9BWPjf?9m
zy|~QV>eY=)orNY*3l|%e^D2=KR87rdM{0$EO<K4vv(Dtlco(8F_!1zGGrFq!O0mr1
zFNLNTPc&MPS6QsRNHJ0><y4A-@~ZWBp5ZF9%a%0aA*(XiDJyTRM$Q&gH=xXI>nX?c
z8S_}m0$hmNu3qA>{wtR(G%cwThf%PoGd4S<yc{n*u<G)V<I+-dlU`kmibpxHejzP7
zd3<U4;)ce$8Z^D?M#qFU`Ha>F+nZG3!uo2j;hu}SuRB+YS!xhZrrGjLQtCZqAhGA6
z0Z%o>A4!-TtEiq=iQKU!>MERhC}2}`4JO68Cm?aPQa>!r^7)nJXO|-Lj?}ivBLdgf
z)uX*vH&j*_J1icaS<Hi1d=2yQ{9;ZTlO^V+z5y+UMO3+nx`==Ag2mFjV8ClbUPVSu
z3TC~mvC^C`HI+3iTBb|RKd&UrDZo6N6PBlv2`+{A+s4fkm}jNYGN%(;AkW+CT4(&p
z)5D{~<}o^)S;N5PIIkPPwRM?|Xn>gwIPq}mWG<*~tgJ8Np?TrVQ{bF3Ae@Ouz7gd^
zhlVq&pk7_Opt`m)vubgz34!Ww(W97#h34#K8J~J6Evte_Y29a6FO0TzW(q}7+gLVt
zL8Uo6s6Mx{st#wJDfDu5F^yi(=&5RY1Lo{p_DHphYf9_N8!OokYf9(WEjG=XeVf<B
zO^vna2B3!AdR9%^Sp^H1GI(`E1)34-Lbnc_uKJX#sBK{7G?>nqb-u{75;@JhB(o}c
z2#u<~tODm&;Y3qArqS~pV|L8>*D${<_q6K9`KZ6KwdV2JOBoA??aOq`JXLJZ?2I2h
zdRREUyuPjh=UUx@%#+85bF&8IWaVUdHEceS5yqo4p0b@8W{{<HVr^BOGrf3hX+dG}
zDU+v{j4ho!v1Dvf!Q|o*Ijsr`CyvO)f>v%TJ;%5VZ?{0YN1fpCiJUGs4m6S5W2c;I
z9k8chKM^}^P-i%H4w_M(kDXgQl=I=v#qPtt8T%;gDcJX6=f<#Ptj#s@AK-FhST0RU
z!p^Y#j+BjyYnnKKNIP5##f|!5a33)B$Afu@_9p=FE`-tN0wZqJ=c=7TF!gT)bEJ|s
z9|2=6w_z^N;YNL~XE_N>eJ*0*M*HLfxD3k$DI5$Wb5#mA>X4HVo^r0i;6|I|USO(n
zwFWoJxlSSsrktal)+Sd<aHCD~2)NYYItgwJ%M}F!!IWpCQh12^9045-HwF7*Ru(qO
z$phe0eg_!IG;+=#(+1^tfrkk119M|oGTQ-lIE~4TaxzyaQqHMOZj_TV;L<MVO1V)^
z#*L7Xb8?m&<z!oT=YbiH@?}c@O0Z2cR}kR!2BX&u=0<%omNpwXR|oJA)5cevtWA#O
zavGcdr@*!iaHN<U?T|6xYIHav%#CugjrTJpCsWS2?C3G|$u_^7^W?_5BliX~4IC||
zDTd_~DmR8D-vpOBoD${6u$+QB4NQ3-j3V1I;S3z(q8(1Yaicz`)4GGHKi$fOyTYY@
z9pu&yr`Bxwa9)iY(?hoQIc3L<_BkcSGNgUZpV@l63(UHpea?2#26-!(8~tRP_h*!x
zY|D)kP}~?7IT_5jIC^fwayE(^ZIZFh*XVFGos%7mm!s<3=#be}(hjGPxX~focsUWq
zjqxr6+cM<rj+Jx%#HNQ+Fg87$f-ySyN9MV}G<*TJ<$Mr4ROEK1M1nzzem31W=Da5J
zbfkSF&uUm&gA1;cg?l>Boo}hWazR;^+yFRP#>aaDC##~YvCPSu+t2`M9X$-3n>EOK
zMY*DK?&5i+RrP$*@Pd1iYF>P@JT99%x4!b67KizKq1DUk%W82u*FyF?BHo2qt4NNM
zg-dD;<{z9aZ&W_Zi`HagNh9+m7U97R$3m}+{;U6CXtD6+Tr%GxU8zD!e`hX6mU(zG
zCb_Ohz#d?R=P{ljS>m_$o`m04B+%&5W#wyoA7X(<f3!Z@W2bHH4Fc0XW!(1h>Zdjy
z<2DRC8_NHt$BQt-u+!)EA?&4jX#O)^9zR)Jo($YVNLxn_&3~KrGvKpn;DIpoF0_H*
zw|b{4re52#Fy)1V%rCP<J+qDouC})k!cXlTi8?l4!oV@x&$U=ehXm3dJ85fgDOlTE
z*$YeEY$2&*s}uvB*?k=6R^Iu@W^G&szs(a5ZMg)W=Rl;4mmQmpw;6210Pz+S%7!4D
zJ$4=Z+TN_qSW5vJ?eXGa?cE2qVSr9D?By$g#k(a8b+}y!dwWnHw8!jNdw&PpFhHja
zSMq0BaI)EBe}iAAZ|ZHhIYYu|kL|(Q+YM%z9PHfsj7Mi`PXhRPjQiW-TD{yUUMC2#
z*{t3H_|RuZwqoezMSRh;{|hpPvD=l<<9T2=d+ZPdIv*1r@!A{n!J8GE4<7>9Fto82
z_TFI+E1Nxb6n<^51oo&$dr5MP?U@%r)!dvqEC=C>MRv1DSDiM_vYCz(M!=qscgD`R
zQ0(Sh(e|2WVa2O8g5wI|i*8yTaK8C9dW7lI7U@?RhN2(6Bg-@&JF<y%9;+W`K2?B2
z=7<aJY%tSIOZ1O}%krQd`t^pzP}&O{Eju~CIisU0esepa{XFxco8Od__Nx;aVt<RC
zjDFR@nB%&%c$~Km(ampaMElu-qMIKrz^)m|hqyf~R7MY*)GdIY4>`T%_<3-{h<32}
zSHk5(N}c$xg=;sqgALXLm;T$a^C5-bA!K|{9CLi@G5$Tr`1c*-{}_JzfI@rU!OsVi
zxp3*{LIXZ*@cV=GvrY2`_8B?O2OhgIef{9)P3k-_^@qXFn^2q%#?SXS>_+_(_<0jK
z0ZjdhV~%sl2ygtDZysNI%<&81w>M}!egpixF}qy!&67B$#UleZ|9KdW<3+#oI8U(}
zWjl5#N5*kY9LJ0W{${j<0|L=OSsAy8q)rbjnSr@uN92ApmJl6<v_q%HSY)u%OBC<t
z45?vWV@iz|o8yu3uHTHNM#ln;VstRa4lNpSWY|gu#iGJvhK5_l<_$HW&e(Tw4LY|*
z>@MyzxGlkMd6{A!bLF&TKjiXG9UFTZmz^{=wlg=3f7o~}bCV64v)fJaxEtlYJPs>P
zRh+K4zv3LlgB0^RW^E29OWN`kk0DDsc@9|p$%?0v89BBR>{e%nVq6{~_Rl1X%?ffq
z{KGaMyA8{J$<3q`OR})L?8vcQh~4s~ir)iwL?3VfZd;sVWWF=TPtcKhUUQvC#|~Z{
zwk2cdYd5DVejI+vzku66;4v4i*9&tg)~$-)6XxJS7winn7aax&^R<XGgwKS_rC-$H
z!}qzu92i(B{3p0KDCXN3R{up|4j%AxE|hb?;A3HakA_RbDd!+ZHrgqf3w^m9mdw?!
zd{L9khv@~ve1Kjm%w?=k3G-ohyYO>x4-4~QbPjgfA<q})gKrZV<;?TrX_0fy-s>Xg
zx$>#V1CaA!llnYwcskK0uY_S?w#^fS)8SSK?}K|bxikJ@YsSv7o8j&v!zMR!f;|VN
zJ#YZ8HCe*uh@1m;LzTQy<Q$M|QgSX2WL%VACd>i6HHw?bNCT?HAt%WBb(hGIZHJs7
z=YkLRXp@6^{9*yavTq<KgaO!&6FK_{aze5ZJH06H<}u${vph=iL^Adg?9+rfD9GK)
z=aIz@UrV!mnd0jd-=UZvnzeSGQT(#vw-ocUr_|qvonP6sVcYW@MBZ67<b)J2Ur8co
z^2iCjJb5pXhv6k#c|Vb-LQb~wfg)#HB3t>1B4^)8w(>C|XFp1|@+l%`pGvlJesPBB
z&x4$7<(E*-n{sSiLdyJd0QDKNv_mc@rJMt<uL|cw|4k*|r{tZ{xTxO)Zjvzjt2DCM
z%n&*IiW7wk;Eoig{zS6q^E+O&N%;(6_Is5|hs#r`!+~4wWDeH;L70QJYZX5s%)#0h
z74H##1MX|W9I$*#nEmTNh4(`K1zFO`H)|L#`#L{%micg$71^F^Z77FMH@JBHKf*)E
z&}Z3_t^R0{kAa+Q&rL4Br5z3i&lQ~s&>`FU<uU3kgWD*~!CLw$=fLnEl>Cp1uTy-7
zFb9Ai7iORT4B565k#j(u-#}(wcugkT^z2jm-ze@Y*98vZ4kL?AE(vBjIp{l{ENykN
zlAo%0E?L6z+gCPhgW?O6&P7Uo1zGwTzByx=@5wMPyr&>1@Fd0dXOZ*%f^75nh{$I^
zPPX!clp`-3c>azo=?w7t1^ct0Pqy{mLF8vbPPX+vo^sYHTn<n(Yz1`433A_Zrs(i`
zS|vL3p+mOmIY)FD?lxf#Lf;|GL1_9J7YCmItoS}M;^jRNIYI7=_^O80e_WV@+}{dw
zu-O+69m#tP8TNUN=Bo;p`Cfw6=`C^&LJv{$kxD*R@nka6#(Ok!g50N-D4j}S4tQTd
z&Vn+w$3@OT=x522&fOyCeZfD;uzw-+$=3cprSqNWTnZhs)%j6$IQZQT_ZhZ5L(S=c
zF(#Zk=K4zJ^_05{=EkJBC@XGkrgpL|OomP>T<%ssoh<sieo#LjZm!}y;n8q8{z;v2
zaCzR+CfhuBYm;r=+MGch=pTVQTXBW(QMha$w8OgKZtXOZ5tiE$?6ecceaCXemkRSk
zg;xsm^V;jkuz5XP?$%~AS!`|u(<a9WZc}`Z@EMRlC_Edyl?<CZ;BvP%cap{COVj~#
zEa4T!dxdvFzF+ut@If+c9)io=+Wej@Hd%JG$?*i1m*oJ$lb1q{pMNlR_zc0_+Ts18
zwbPk8(C0V=Cx0!c3f}}d#~CQU8JtH(+J?jBZf)k1p~H>ODb(j!#ze(ah55C?(}djs
z`XDlF&WFq0+FU>un+vG}=6J|r#mj^fAiqSoHFz}{HrK)BZf#yq7Mr|}rA>~ZY*M^M
z_%+D?BK!~VlVsT33YWXJxq~b=S;w@=ahR7CvtB7b5%Leou=6Qg?$*vhve-F99Wcjh
z{-yY5;j1C%y)^A`yokHC!{<S3hy5b$a9pR0;;`_WkoOVZ3m!y<%{;i=txfao2l%<=
zQwKZ8g2pPIEX-%75;E+}fXm(5nMKCV?M%3|!!e{v#S4TtK;9s{35+Um+}0+jH+CUI
zkQ@(og^yFr$0Qq9cQE7PmW<tHAZ%&aZP<Z|M=PGBc$(rFic1w&DXvj$`YuW5`AWW0
zvFVpY=g&(1xZ-COzp9wy1~xCBEB-;T8H*SD{M8z(&#^_zX^L|d4_9m!govGDCFkpB
z)(*!LEuX8H=c$$R9JI`H&GHk9xoE`7UsL?P;x81l&aFPblwz6f-*RuoCo8^F@xzL@
zDSln?`-;C%d|0s`{hf`sjbc9cS$QADe2%m7QHoDee465N#q7sz*n1T3R{W7--Z)tO
z1jXGI4^uox@mY$S6kkq8{<&QRw&&eu$`d`gSr{Yj=Wj~R=P9eh=P7IFbujI4EM+g{
z683=7|6IxWJY~Zk0W)kq!nVe<gSF4`ENh3)R92p$n7=z?<>M7kCQBMlRq|>juOmx2
z@EOW7pOq}%srX(n)5&Z5laxzY@ma|-pTR7@Mi%=A$&wz9n_2l!VA>4h{NSsUHf%?-
z==V_aUP{hqC#!G1Hz4ULpj_gesr1X0d>)wb@;+)A<r0?9O*Y;um3+05->BqwD(172
z4a=|i+B7_+cpJGb3J}{HWQq5E#UCpDe=BZ->z}omMwar)QSw1x=8M<)iIj`|8H#6<
zCG0#U=lG<RpRf1|#r&SS)!Cx>0kXvPsFH6}@@JKNkCG?g+G%ZeRh&u|n;A+zP|5R@
zyim!<EBQ1fKUK-kRB}Ey*|I%{jB@A3dk8CEt@r`O9BZ{YKPc{u=O8N|rg)a(3lwiu
zyj$^Gin$iV+WcJccZz>j9D_k#tDmU22U*%cx{`A}3fm9w+lMHf0<zS_I3=H|<kOYB
zRLN@<Hz=K@WI0bSP~5C^ZddZVz)TyjArC8^r^%AG9ZJ4S$zN0Qca{8OvZUd2vYeZo
zezrF8B2I)8$)ev|@mR%k$x^mWimz0Bi{g6}KS~z+{KP%;%jXoX)37#QAxnPWQ1X3B
zen>HIMy-AfS<==+$$KezU$UfOpyDB9DW551NyDj%&rtgHO8-)&b2(YkuujQuCQH1V
zz|1?x-0oL8k1PJW;+<p(dqD9gVA|p9{)d%5mlN3Z$B-o~UZ0BSw^ur0rIVpJlPqO2
zROuHgK1uOZvcy%RcoA9bT%`1`P`p<0^-6z}lHaBHL9)d4nBphFEECRQJ+Jh4DV<Lh
z`%ur;PAA2E6^~IoOL3**2F2%+CBK)Dv2$Cc_*%s`k|i$>kfr@RrR3Yd%om@*Us5`6
zlCg7pN69}?@`Fl#SjpqsM8k&267TU!-c8B-D0zP+KT+`{#nZ@=uhSLJAxrr*l948E
z%N1X&^lw(Y32fRt%He*c|G476E8a<#H1MPJmOla0PA%*lR{9*sv+2QWZxK!;i=Ezz
z$11K={0GIG72mD+VX~C@Rwds7X4*J5vRmoAO_s8HU&%jL@~@TrCnax%XKov|4O!yt
zM3#IdDITnNq~Zx=344l?7lWB*j=juLI@M%J^SO$bktN<gD8892_Fq%{p3>P5W?USf
zIYPPEk4HGmofP*ZOI*Fc49l_eY^9T@c!bg~Q2LXU&M8W#ij1AxA|+o8W?UTqxlrj`
zNtQIPR`Q#a{BFhfDV-;je5;c0Axj=#C!_AUeXjJsQ+!0}x52o$4ch_CG{@s!uNUQ#
z&UCWa%p@Z`w>+gYLdhp6`4lCeq2#m4lIC+2uTlIkS>oEN<U7DjC+}f*E1kE=lIHi7
z{BtG$nk@0U9l^La;&vQa;tG>RCl$=NI98UebcT^7u2D)pNy$%9^3#?4EXC(3Zc_Ry
z$dZOD72l?KJ6Y1dQ^`M6^3RpL69(yQ9#hB?cDRyHQ1ZD-UaRCwlzgS)TNFR0_#MUj
z75__d0tOgt+7>8Yu6VQJ2Nl1pn03ke;)dIR2;;Uf!szlNoUFLF;{J+r6z3@(u6VTK
z@rqATT&#Gm;wr_pit80$tayduYZR|ne23z@6+f-`?}}egyi4&v6x(?dh|F(l+H(F{
z>HMJhC&gT2Y4u|iAFr5Wp;jkFF~>!%JX0~pNUhw=k4U|9ywu7^E9Tg#mCsbn`6Mf^
zQhb(Te$LD4oTHfQd92*dgCN@ue@N8I*DJnRv7P&%{(VaRkYbL<T02iG-mREpvsUMA
z#qTNRe23NHe23-l6dzWM&l5y+>{qXuPCKtb?yPiD6!W(qt^G{J{25&<AFX)2VvY%0
zog&4Yzp!#Uf59}&Q}VMF^9N9^{zZycDqf{{y<+~}qYb-B@okFvi>g-V3B}tLKdYGQ
zm#qFPiVrCMMDbUOzg7IRVh7L9)@GdI1jXGICoAS}w%V|R6m!jzm2(W-@;Jql6wgw8
zrs8>u&sJQo_#DM66|YjfRxw{JwdwhjV*X6Bl|Q7I>z}OrX~ln6%=J-L=MBa0D&|@#
ztMi@W!-{`V?8Ak}>f`et5pJ!RKQn7}dMWO!I7{(h#r%~)8+Nqf@rqAYT%?%4XKTZ9
z{gvf9#SMy=E51naO2w-b|4A|D9jyI372m6vYr?F~UlngvyhE{_kKnn_^<6gX`-(X?
zVddW{{z36k#jcFi(`LNlkYfHGueI4zahl@3iiaxZ_sebAF^VTBK20&#`dWRi4YORO
zc(LN8iZ4`rsbc<|ueHN<VwSm9*fM`M-ZIzuS$<eC=SQr3tK!{?IX_}`-d6mcV*b9Y
z)%jlWzZL(g*nEl-eIGY|j?#whrZ}va>(Z>w35rK49<7)^Kx_5qDCU|pE3a0(P;sN;
z6^gk&&4yj0_*%uyiZ?2LKrz>(Sv#C_vCKIa%R3dnq?l_dtj?Q?-&4F_@%M_4DE?Kk
zAJ4Sb=5dPoD~eVgR?KzdR^Cr>wqpL=t<@Q;c(UTDiceF_&nDZj{Fz+Kixe+W%yoEH
z=Mu%2Ddv2T)!}+L%eN}#Jdu@iO`YY36z@>HQ}HW`|DpID#UCi<FZf#fTzhBvsA3n-
zs8-Hrc*`Nh9TXq0xToS?iup}pYbQ(bV8uff7bxZ$KO2_o`YcaXe464j6!U!mtIw}Q
zTjm^=Wxl{}d6i<$XIc4mif>Z9S@G?PA5;9K;vI^2D&C`*^JO;PcNBl1nC~oD9j;BZ
z{Ig=dGHB)TibIO|En}<0`8dmA#i@!1Db7<|pm?m}lNA>!E>}EHajoKd#Y+|Q_tR}U
z`D4$PS1Z0w@lA?1E52PZf3?}#`K#isigze}Q8DKtZCL*3v*rDYKU4gr;_nq7QOsYR
zwssN}cTmh<Wwbh+ue6+^xUb?Y#e)^&hu|V%^A(R#T&(ys#hk~q@s=w-TXCIY{=Bu-
zzeMpBU>EaG+^$ygwTf?4IvbSy7R8(cwRRp=@+TB;SNyEvmleOF_yffsD*i(8*NT5o
z{F7qNliIwuR@_N(SH;PSIhSg~_E(&vc&OqLiup73HtYn&rzkE~JWKJJisvalTXCb}
zC5rhA<u+c<?OMJ@F@IRy%5PS@N%0oNoC~)4cK(-b=4mB=PVtM1`NQHi?0bqoQT&Bs
z{{Fbt=Nz%+IK>Hy`7`BKhjYi4dn?XR%pWDUI>Qx@Ry<zu$%=~<^T*7so%xFE6gMb7
zPw@qc`6KAo4(FXM-=uhh;yV=It@r`Ok0}0|;_ZrGRs4qH_Z4%_+NS3V#a}D_MX^uj
zaM?EOoHe<%lJiI0txe8fTkfN{pJM(_yVV(~c&y@yiurTyR=-qnmEyA$^QYXc{)LM9
z%kEabPBDMz-OBG!%pY^N^2ZhPx81FLw_^U(yOr-(%wJ5m@_#A*SusEGVRhmZCn)AG
zty`UB#p#OsD;}tLh+_UiyR|b#af#v?ic1xjD?Uqct>VRsmn!Bj!P|JRR(!qUX2rKE
z-lF(^#SbgyPr+OJI~DI%{F>r_Dt=!ve?;Ee`A+e_75}O@9upW=pL6$?J1FKnzLob-
zoT8Y&9dC7pC?2V}Q1L{?Qxx+z=dGP`#b+t5RlHd7QpNnWdTZxu#r&~)E5AiCf4knw
zA5r|2;%$og%l20Pb;Vp8VC8mg0Q;P;l>A%8KPo<|m_KxH?Q~GwRdEl+TuWf}GZdew
zc$DICiYF;9Qhci7*^0{)S1Ybjyj<}`idQOLrFfm<>lJTMe2ZePf3W%ei{hsh|6TD5
zigzjgK=Fr)zfjDz5H_wK6mwmKm4{?40qeT0;^P%_U4+%|r#M^jXvO0dpRBk@ahc*u
z#f^%WC~i`GiQ;P&-=KJ-;#(Epqxe3>TNUq6{G#IBir-NDw&H_|4=FyZ_}_|sm~Xdb
z8>_gp;%<uV`VH1sA0_8n4r^zi;$ezMDjuhp>pE=M(-qHAJWui2iW?N4t9XUtD-^F$
ze63;(two-F&^#ma{+POtqzxEh3|&VU!v+z?ZB&G5$L34h2`hQ3;&jFR73U}(r1*cD
z2cMvHCM%w*xJ2;`#eARErg^^N1&S9cZdANP@iN6L6|YjfTJbu?8x`NGc#GnD6hEf;
zNyS?g?@+u)@#~7;Qv8nM4-|i>_*2CP6(3Uky<$hr?FJObD>m;f${2fFCGV)Xv*K=w
z(-rquoTGS<;%$h>u5Wn>++N~+Rq<QGxNSAxcAyTHdN?17JPhVMDdlP4Bf{xmALipI
z&jg2r2Y~r42+B_YcNQKF?kPMH+*>#w%x^wWe*!pHcoKMs@O1D9VSco9wD4T;MBxhX
zDZ=x>(}ionX9%-hmkHN{Ie*G{`F?GUa1*#ecqN$cno{RRaFg%`Fn?2-a<<<qh3^2b
z5xxt|xm4=h3+DT!<om$42tNqEQ}_|^UxeAl`P~WXKLdV3cqe$9@C)GQgkJ)`EW8W+
znlRh`Ug0;u?+f!h;CoWE&-365;eFt5g%5y_2p<7+?v?uFK)_?JJ!vKUE4Zz29NHj%
zQjPljc1t&5w(%6<PT+K5zQ4nHSnBry4-)1NzVrPo%K4sdzVJZsIN>2+eg}g(T$93i
zSn^0PzllN42lL%7@)$7ZXUP-5e9wzK3A|94@AaG`%y<5l373H{7On<!ewJbRF5n-9
z7lPLbb3MzA!j0gK!hB!wcH#5E_XuAKepL7}Fy9@c{VTwnpCzvazaV@qnD3EMejS+K
z<{<O?Htz^;2JaWX9sH^A7VuZXTo=Q4${3d4$@ximC)mOKAmw}?F;;jVnDe%j9{}@R
zGxEpa&ca`VdkFsoP8B{1<{U2d9qc*6G2jz~6T!oUd95lGP6Bg2mtixopDfJZZ!Zz%
zkG{_l=6kvo!u)p5S;AcBvQW4Ne2y@G%YB(J*R5PE+zh@-_#W^&;ho?ch4+Cs3bW6<
zU6|`Z?h(!aKOoG0?lIw^;J*nMfOiOU4af_^#bACjgn8$BkT-<+U95M6`QFWb#h(gu
z4air*=Yu&HOgqcLe20#F5tuI_ldk~B3Ui%ENcd`S2jT0%U4=J*IWNqxo4|d9*|%j0
z-whrt`~aBm+)<zX9OsD1kAWu&KLwsDybXMYFu%J~CHx|If$*E)df~UhON2iJHwm+!
z<J>Xh;(IYy3H#CB*9!AzA^DCTb-0#flW-gG7U7OyzOP3e_H%q+kK6<NgfRQL?ZO#g
z&K*;S@1*P!E&%i0d&<Xx-w|eic0ic#o_sFMpPW1-%%7h8LHG>tQQ=ZB=Z<M}J{Z5{
zW0>Fm;X8nouLpBZnS2*GN%%o<vM|?-^bux1lqtLuJWzNSc&IS@o>9X4z?@&E{g1#W
z3A4YMCVU9Y`DN;G{RrPHB=fxze%Fl5-@UFDW*<{0+zq@~I1|kG4XMxX3tc44^&p&U
zru-!ERl-H!wZi;X5a*z&!#-n!@R?w)U#EON_-<kLANLE_fcdT>b=a3YCCvWg@4`*s
z=Y>~+cMGopzaji5@Vmn7KRy+{3;dNZ*NJ>D%x?|-TX-9o^U+MhPB7=A$$XEN-;E*j
zTTC5=-v#p>Ny_={rextS!F_~(1al6WI(!#~bI@eIUpriw>qJHivp<+9%rzsNccy+4
znDfr$?%>(N>?bOO)4-gArcOGzUYPIZ@;87f=Nc1!bAik?CYKA30IwC!2j3_>8N5;W
z6fozV8J6$z-YYyC{Gc$`o;)r*AG}qV@2&7#Hw=3Y_+{bqz^@5k1l}urDfoTitHB=$
z-vItX_#W^#!t65+3qJ`yD*QJvf6R~Z^8FP2FqvVlD`_LlpXfeLnD7233GV|Z3$xGY
zBYY5?Df~5fpfLN7p~75;GD?_z3FoPq2ChjtN!W*WH%*w|WI9c_6?nFAJ22<38J6E?
zsut$Dl{(=b;KjmR!*afGI`|^tzTnG*`OeE#!t7Vp3XcchAUp-ULHHE#ZNk&RcMEe3
z%l*P<f}ap(fAfs+LNMp7nf`k4Ug1XY`@;N2)JMWx=kkRx-<SDD_&V@mVfHIWh1sw8
zG4DzH{EifUw$CuX5!FVR--tR+cq=$b_!)4r@N;0kdrLcf|0P@apJ2{kQ_g;6xbR2d
z(ZZjACkY<}PZK@_o*~TjFLQ+XeX2^~U%;Hdru`VS*+s(ad(IVR-?Lnp-;&~7HuaAO
zUoM;k=3F-A{I1ot!t9f767CJ&B%BVuLzw;3y}|>)4+^ud`m69TFyHN^eXf^zUYP4;
zUK5@G-YZ-LeqWgHd4D843(UD}+9?BnBg~&xJ}g`bJ}S)q%#XQI>MsLxUYpE5tc~!+
z;NyfZ1t$rw1an@S`uzS@AK|OOnZj3t2MVtNb6%VJ>%gOgo56ginDSe|CkfvMo+iw`
z@HFASfM*MHZBDr``^9Quew(XKcsqEp@blpFg<k}(5azeRt`dF~yjJ)C_y%FF&DkLQ
zGx#=Perxn@;aKqf!d$1rcbu6ouG4u+nCo=53G@4<++4haWH-wp$`O`ZXY7_!73V1C
zn1$7uptwZwnTi)EUZVI?#j6!JE8e2`A;nu2^Euz9=Pkt_Dn6w6XT|Y&?y_O|9B!G<
z-j+G0WSQ@JSmrac<*ABiDW0#G&$?FsLdB~TU$6L9#e5dEVV_jYXHhGEUGWEs4=O&Q
zIDk60VfFW;x+!_O;z5e@6;D=dzWW3}w+ba+sCb!Tz7t{7uukzt#eBB3I*%#dp?Htt
zcNBlB_<O~Cf5F=17@cK4qgqZ?%y$;7e7NEXic1vpeFUq&K=BgAmnvSZxLNTQ#eBcO
z+T5!6CB<(k<};qvKctw?cvc>d=L*YwezP1_++T5?;xUS+DxRg7&sx@Iqv8t{uTp%y
z;#(Epr}#<5eD1RLUswEr;)9BhC=TGB-iB?fn9osGp00S1;(W!E74zB2hUFNGWj+g8
i=ChFHm5MojV&#11vCMH2%N!fA?@n?&#4^V~EdL)ENaHa8

diff --git a/ssl/gen_cert.o b/ssl/gen_cert.o
deleted file mode 100644
index d31834c7a965f77cc907f6522e6a8bbeb4d37f31..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 828
zcma)4O-sW-5S^I%RXyn0OY~v|UDDEn2tBkVmO@alt?0#&##jq&0?i8b<UbI9f<Moz
zzd+xl856;R4<0jb_U-IuvM-K%ZWsm$47#IS5q<E2NmNe_722W=qE5SgW>tb&oFqDq
zCnpyjtEy_YvX88~I#o5=hT8(U(~S<J#P_<<LrjC7<275oOLx$BJh$6-u9|MIVV9e&
zZlhX;StZX??GF+4Y!M$N)8Sl`y7#qDYM3NQ!{O7&n~bASa#%?P@pKwSu+Gzi)tC?d
zH}>G<Td!q17T=w3m)Y!RK8z;CGT$LqF)<!tie<iItV(Y-F7uscKATOzUq0^B200de
z2hajuW4hqF6cMjMK10AB#x5w|!1@)u<s^gnIIc($@g3p~k$>(cSORylyx7l%;8!D%
yexfB7>m~a9k~&B8*92J?Z^F8GB5S@)4wF`Mfz14Q1&gxDlNyDQ7lbpd0{R9ra6;1n

diff --git a/ssl/loader.o b/ssl/loader.o
deleted file mode 100644
index 17758504edd98f44158f57f73a8403e39913fddd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 38320
zcmdVDd3Y36+W%eE-RX3b00BZkKu98lz>qy?K#%|-B<v;uQGw7|AdzgO8wiN3iZX)=
zjteRpKol2bTu>Qh6xqaekU<9(W*BskaaY_%1>W!X)H$6S^!Ggfyw`jE-pW;VKIcC7
zxzB#8>Qq%{@rW_`wryKxv#n`Xi_fz1Mj^y)S=mY<*-EgwE9!@19`-59_y6r-36h)O
zv8-I|tH5jjUrXL&9npoqZR7gY?RM@8JajPd;PJqwZvqdv0-N9TeC|5!J{qwqI}w_h
z2^Onrr#UYCCcoCQGAt{ljU!%lTjH*`=r${&m_I3BMtS!Y5fJ~{25NNJ#+t#dQA2Or
z6(7B}$ZeJFJy5jw)#=kiJ14f=`B1wF4WXGiuJsL}#yqRcZD;Ow7417PVM3^E->X+_
zcTJxVS}?IF&+3|Y$=$n(T=CJdnR`z~yV83ukB<)x_P<e9wD<c7J(sUL9^En8+cj&L
z+q%x1xaa%$Im;X3Lz8x$8MfzCZm;E&GS3vWPH~T(nm%NwQ<zDOtrItV8<V)i@$T#w
z@4#3W#9a~xM>}44GB?&hEhcNpu=PGI+&CtaN?o!Xf82`^(w2%drb|{gPnSeTAw^sJ
zP2*h>rR~g(h?%%Mh6!l%5TOPKW{es-wM`29Hk!z|1+6Dvm|_q1IMQg>3bet(Z(IqR
z(crrh9y*xt;PHe_-y}S6PrKG%wSW05e@4<p7bRsy%;=Enbz3HyYSA1|L9AnCU!-NV
z_@Z6=FkaZO$u1{6aqAbpjP@_bwEoJnVDr@kf5w}xRo^5g>h5Do>&w`mpw*!F#I8Vl
zSD?eeK)d6CnE!s=XXt>ym6yNii3`O?FOP2TSniXMlVD<3CA{hC6L+G$Yu~ljVK2Jd
zffU_Dal^V*C3GD$ATFh~6Rj#?*w$}z;`(?8CPpPjyEBJbRdI#ws_m+T{oX43p*WYf
z*4l@D2qVY-(eC|=esrZo4{qzk4OrG#*EL5|qT}{-INZ8$>0oWMU}@Y_?WeZA&Xp2z
z+B1K)que*GPew~_n`ReeoOb1o+&S12-M+A$qcXW&pSD-_80%`9{mUYxmz+_!)Cnk9
z+B7?ES*(%?Nm+;FjDpJtM^0_KckkJz+3)Uhd9x8Kr`_mMlWNoKRZo>|{q|_v>UQ3A
zG==q0_sHns4_y|UbXi1n7TVFO3PfKtY~Pva_PLpVOddM6ZDSxZ;$LU`w43yeFI;O)
zv#aceH+Ek0S^O6}|6})k<wSRvx1W_6ZB1@BZ1*WdEm}SyH}uAys&<*XzfVv4BZgO8
zrZ3r!j*Uv}`bJ!luPEAz_Ga$=KD}c3^z_iA;F+SmrzT`CpY-ABK6ZYb)%A;{ajq2)
zojvV|c3~!1HKfWu5jQxxbv}C!+UIE7!gl$Vb+m0tYXo~cqHc!f1PT&vco!MXZwIBK
zt)~hTu56dz#wy!-s=8f1(rc4{+gU56Eh1E9O#1%Jicilf&x-$?{Z$>sC4RZ@nX}0W
z&~+trNN%?)q5Z*xcE=N9e*C)q%M+Zwdf-1x|2vy=UUd8D<^CrN?N>J(4ET>mIPLMK
z%XFv$yHE6B&w;VJ!wqgbHu}A8$5P|>zJB&7`VNxtJ(<#a|AxbBPA>g%cKespY2FzN
z@3q_SI_gTWEPqD)8!<<Y47IH2tfGy9+Gw-{BEp~2I=VyAh7W3$os4ML{)EHr%s3g*
z*jV2<Fn(NRWkq}-z9A3{&Z}>%h@Vm47$2&t4#rOyF*bfibxkFbv+_oaPAROLQ9m$#
z=!oK!jLe*r;lqaGM0Tz`v;W0fu5C}O3(je1sBa7*iEskt)eTjZjmR6fVIxKsj>9>r
zvA#T|WPU^CK%6i8jTkq)=*kHtBk~-b5##dWi;9QFPbey!G_+(y{OA!^s<_CPav2_u
z@@uWI&i@pD_=uvC!u-PFuz!wimA~IkUFkXD|3m7sod1WsIW~TkgY;$g-?8Vq{MKW>
z&YRtly-%mN_WJv-C|L1BYuk>9u+p<LGSkz&?unjO9r^^CO2!n&qav@VEDy!!)mO}%
zA3waZF;qRHx;zl7j2}8DR8`+t9h#rsy;JLq^o-2Ri!(E`va$wT)v0x6cKU$yEbUG2
zml2m9>sW1lj@69z=`obMJNPp)FG)?uUq<@UW|=EH!g4RY*-Br!(zSG{_2%i71utIw
z=R4*e>X6>%rKdih*=lFpkjwq|^+|iGcF1KlX{(oPnElTebN0Ue$UV8St6Tl|xyY!0
zz5lWQrPfyrT`_&b%e~iJ-D+)q*Y7u8|6}DVZ>8MX>CrVm20RlQKHWC_xg+<ykzvOk
zdh?B4m(*4-dw1WS7r)7V@YRPdD9&84qRpCRZ8r=ndDM2fZOfL~L#4TquiS07-}CUw
z#tS3={q(Gx5_aWWeE)(~g#}g7-jg5n7#DFO<HOS@TF*M%q0_OH*4r1o9$)itaP#R8
zH~)0XHNB}vhujfg%=s?n^sQB)LtD0b{1f|qa5yruvbuNOOVa|mlm77ctV_?<6)(DP
z$j;n>kFB3DZpp~}*4;lC^L5v$gZh?i9{ba^jWhOI>C0SGaf<uDrjD4AJ07iT_uVyr
z*toA?-@;2~^_UnlH>v0DZ>C&zH1*V`?mMpSwj}0;9fwB@+WwTc_?dSWeB9=?6T@~L
z@B7Z%?&kX9P*vkCFS%cM>@OSsyY#yDhwgiJ>zK!1d-&BQH@AN0z=oGTn_f`(`CV<N
zeg4aUj(6Ta_4u}_sh%Ugjg@^;F8R4^b=PbEJ#ccw#Ft$|tzW8>UwwGbln)O~d-VN(
z+!*@c_1vagE^L2iTwuu4mp#z>Na2IMZrpp<4fnmU?W?@gH75_Q`YdZ{e)pL6S#ft*
z<L7Mq_k5T*@M&da%%$(SKRr@E`qteyzBTvVy|D@7J|5roWW<lxcR9BA-4A_Fmt5iM
zap=9D&*nZksoV4)wyZhzw|$GRKYjgupCo<pDoi}|*KRdS-QA{4inu1J;mdbBJQqs-
z;k5~Grz}sX_~_`6obB%(9Qt&(dp>FX-TVK1vs3du-8=rNpxa;WEx-El&kt?b`pA`j
zSME69TMys5^Z8TDUHh}jV(0Bz{72WRBme30#V5C1zo+`%b&IQejJxo`)!w|W*ZoqR
zo3P`D{7pv&Tzm2lg)w>e&Ae*OiUF?Nq5a04d2jVfYs&4dMlI^vWr^3m<oyYO`_`T5
zwfOL%J@+sDCc1l0Lig1}4n1E}{Q6h(=HL7EPeYa-IhEk5eeRCksc*f5xp5QrJ=jlT
z=S5pQ_FU{$*ssSP4f$DYZp&V1;i|DG{ATmG5XTE&oAnW%ws2RuZg$_|xiw;mZFSR1
z)F}dcc-CzbL$8J4aQI{hdWmq{a=^?I+oZDu;mfc)@h5oN=x`??oU`HQ=E13KDqWRM
zx`%d{6%SA3OKj#Woc9Xnv=`2kljhBCk6-Cp(>lQp5Jx+J^4Sj}1Ccb0?LkE5=6Vi7
z*CAg2xIK{%&~Zfuai!|Ey`{?Wy@R-JSHu#;@OUDs>q3^>7vY6vw=c2}V!J&NYY~R%
z5zvhA0NMb&o*QV*_Kic5Ue9gtL{j2<4t{rC6>%ld({}_hmbKG=46zric`m+$_!8>a
zb2)S8^7>$W)NY{f1|%L6QJjcC{}T{IOe9+Vn<0;wL>nIeFOWoBLH7DTq0Z!D9DV*L
zD8Dip$7tm0J%)SU!qN3LBTu2ARbE8d9w_(+B6|@PM9W``Ohr_ZJ^t@eF%dJ!K7V)0
zXTAoG_P>HMMAVTx`->@WAoq-#X+_L_AC&Iz%0wEOlWhMHS_zVK{8{7>d655d93$p$
z#4#6nOQmHdMFXwtA$37Yf$J<IEf@f7^9)k^*7oKnBM1IZkchWnJ5(+IAEDzdB)g(!
z1ugF=YIxdK&$YaxbATV&Ry6CBtgO$oqBp`{VEk<@R}Srs`4s8Ic)a7Q5Yny-%v$a4
z!~qlgD@>!P81h!ry|cH&^^btEH%PSn>lhqjBC-Dcl+Ph|_V;Ednaiwo^LwG`owpyy
z?oNJ)DnA}4KZlKfh^21EyiGw!T21!e8G}ah$1;tzM9cp@)3`ex9OJ(g0`EOE*4eR3
zv9jxS{OQJza`a`ydq1SzWbfloAS9~R^8Sf+ZADdD-X}<&s0z#bB*_=mV0oV=MMurH
zyxT}IQ56#`?=!^MsEW%i@3X|t{-w;vbL4LR66W>KZ0mS`Z_1x%Qa#bC#}Mwil-2UW
zr4adoIOIeQFGBtMHzQW$2%_abh%83tlcW7lQ9iN^+}ZCZ7u*GvZvL-fCbEzm@4uD$
zqpG0O(_e|65;>Z+p6vgD@-Z91ef=9KA6o~Ve*RA6am;PH8efs)Ly%`%(TkzVq{97>
z0<VV_yq;%~Td(J399_>MYGe_y{bX0<#Cs9N|0WZ=f{1KC28X*cbO)j>fXB6r(I#_r
zyXcR+`xP9$o;Pvq@G%ata}hUI5epN`Iz;&A;7I1dHHsB*&uRF*9ybcnArS{B0(Av3
zzSSz$7rYA^{$<FiZw^g3BgQwEZ2Qxp<(sEW`^Ta}eNAMy|365_r-rD<e}KGz@(BMF
z7x>z57|VYg65qld;AsC(<m<>WmTMzQ>088{`3@0%OI`s-mCc!9`If1CMb%W+S-$1W
zvd41u#>D4au@O40N_;n+Wq#RfeZObpTK-<-KTz!P{~kx*s<y~!PiNQ=RUP+m{5_06
z&2l|L<(m)U*vjX-bu>bpJgiZ9P?M?eHl2qTS+GC$g--iHw(pKz0RIAJ{w`+4^3S8K
zwH&0A{fnr3H&wR#Z=udTG`Ppf+`Y`vet!dX)-lsRcKjI<-+koHcE@gva6h|e4rZo}
za1SC_6(P!UUCpvKPlBY)6dWGT^KGa_?f7>x`3H7G+w!N9H_?K}zn}UKlD+;qT7HNY
zeNKCCCj0$7v-%z;xAH$jeuNz5e~)$^B}e<er2MhRactw?$kyFL#$YeEe2+5+vHs6p
z5N~C5b@uON)IS9w@8-XZ-Qx*%T#R<|ljNTM-8A#mBIqP{oJIN5tfl0<j(=sqHs-ls
zUdMmZ>NE7D=5^$$&iCxCh?1VyaSDs`96i~29gA7c?QL-4&&lifBR$VE&Y--G4UF?b
zEJAYgI{u5MU*x#U%j>B6&C9Izg1nBeu?=>0fm&5w$L&<xP0zx-jt6ONPhWUe=XDG)
zJA3I_o7Zs*)%Fd9XMG;V8{5h2nU4%ba!jeVWA@^B&N@3BVMm!rcZhO)uQRXy5v->-
zcO%^L2UwoBSlu2q7y16mxya`qK%KWILOt4l6rsMqT@8-$e@0`6$g%#h)OjZW?(EN`
zoxij6>3*&{`wq{BJR8a1ft0--jsTT6mO}Nb4vwD%QT|BBKg#$$R;S|PF_!OD=HKgi
z64~;47#htnL+dIUPs^-lS1$8?oT+vG0vWRxuv6HtA?O0Olf6LUhluM0T@VFT``QCk
z;HtTO?J69*G**Tz`#Q#j;du!3dN@yXeUTCWrsN3Xm8iYW-x^&l6<+&qjLYr9%DM{e
zod$0=W%&?8*VC)gJj67Q!`odY_AZU~ME&*Xz#RRZ-l_DSWHAnNuD>1Lcw9W#@8uw2
z*P1cit1bI|Dl#KIngEV>9J~pfA?y!0L%7!*T9m*gEBi<RLfmVPEr_30Ip4C6vIDx;
zY+0N*gv#CRFW_7RGuC&lkeL@5<v8shg148Ilmg7eBG;$z_O^>65RNT53y0AVTNic4
zAstKUB5GTB5p^~~7&QrA6_wq?N}h*<irVK!&>;Gt(7oKUf4%{p*~qSyl!wC<#H~_s
zizD3qAb=6qA_US718*>a)HZ=!znqJ}yH(&s*L5B%DIT)*kZo16B36!-)Ca=nAl&5$
zT?=6ubD;GGWJev#kio2@K2`^vRzW3pPH(#y?GX-V!+ngX7eq5J#f+rFwk)=iY7oZs
zQ&pHYxJVluuY@Ibu8Or~aoFMtC@_QNPArwdJ9MN)PAW2kkLaNLwY~E*xC7zL;PXz@
za0YiEg9i|H8ezv(*hJKFZ@Wa54h7L!I<~+{It;yw;w<Y2rH6t**!Kj4*$}FXLty=G
z8M?W-gR|G|!(i!m8$|2SwEgY__|S{`Jq!o|Ql18Qf8wz@^+g<yLD(k|y1Z$-pOG1-
zCq{W1l~hDtA}gC$0@97Liq0#UzWorrMCa+0%{$4Y3n2<Z^fWB8s!!P^R`NgyZ-y{=
z4B&BqmC+4kZ<>r_FL>>Bymxel?<Njk-t#2aAapmh`-U{2>}($^6T4;KWOD@BMTnWD
zrl6bDbd;s$ASW<OO$aM(n#@vj#Y%e>B4w+w{|B3c-^#q3dFka?`z36xmt$=>CnhH_
zE0yW>Qn9l5T+mKZksQlO%5r}-=Oin6wo1K^O8sIr5iGGU>5r);#R*pPie{B*%_?)L
zDw+OjzH=C7m|W&`0E@i@w2Z!W>)NB{RQU&R3jQ-{uA8!^^nRxI8s>E%3qBb0k~3*4
z?=pA?tiXBN9!xXNgn1e5??FfpmH#2EypE`afvN~oPQv1)Y_7i|dEUd?#ZidcZvaG%
zQ0tchxQ&ni*hc6GI0P6(_0$pYeGA`Uwj3`73TWgu`xLHO`u!2INMxwrjR0O*^t%@D
z2%#QuhENXZhq-(ZBc?XPHwM1c#{k;_mpupg19Ev0FBAR+tEoF7xeUcfeGRaP@Gf94
z;W*$h;R`?w=HH|XP+Oe%u8mP$*tM8rPR$D$I^+%=a-9iD=1G9FNKy&l5c=%1jtVER
zB0IxMs@C$i9l2-Cw#8l@#LIN1_mvYA;buc2%(G_4Vy~5SyAE!Pf?z~NxYwQ&{1AfQ
zMgB8Y@I;l{68D-sTGtkKK!ua_B%|Vi9g_pC^DT6EzMZXfN}NKw*W@AtE>tDUc7qBk
za$SdF&W4OL&RR!ir&~!cYta_1hOw3OmX_^ok@Y<W8FSOyMrMDV6RYoP9SH?sS{VOF
z(Mi5Qr6Sv|g?3n;^bq8%?2FL<5EicNry%!rvaBJF+_Pr8s%+JUZy=1dJ;e!&a4&JH
zQx)qzB+Xh_sRB!MM9j_wtWH+P5KfM)UaK!}&{zkmqLBhRE?X|=IA&_Qii60kd)e#m
z>tF_H6$j~d^s{b<5#Q1Kh~Dea0(LcT17mRVyO1|ab~UYJ!0U|JYTBO)uQO0*F?12U
z&Ooi<K-~;)QcnzC*2|?xRn`k{B9c)r<CWZLNzMp^AuCt15>*X_kg*z8X&Fz@#d;hp
zvYaY7WlysDPJp7W0yQz`jz#U-_p0g5Eachinq%=KOU+RCsyTHp@;FS*llLi2Yd9~N
z?fdQBD9_gjbgr7-v$+7*XFd)X8CD^zB>V;7x1Rt;xR0Qod+;>ozc?M@m}vBrl~CTG
z8gCLZgf8Z86>#A!>u9qsvP}0$r*2zBOyKJst?YfuDA4LrfJSKbI~q-*QD);jqaUCb
z!YH+AG{YFRqDMf){HYs+=`JghrB_lWprlyyihPDrHs=Qbb*1e_MlgHXfBp=T2=@f!
zA@X%#!WHaKFT2oZBiy_SS5g(X6J#o`Z4G!EnY3R`gd{Q&hrH?3yo<B?h&9M(TZ@CD
z7zy&KFqSFHi%E`%URHiQI&oAo&x#zOO3P8re*`unA7uP{!Xfm<^8PNCGF-`1FmgRK
zz4tvyEgm4|rE-2XFe;%Jj=c19td9H<k-hixdP(WFtYlat*P_(kW?n8iNhn(*-=@Km
z3(>b@)j_SAI7=re9@64<_{iI6_R4IdWsUp}mE)aUVg%<ew&ZhF#rG4l&uf=h4pEVp
ze7=z3`<cPKigAKD*sOv?q~x<zFXna4uVTg`Jo;(I<b{kXbuVk=`^aSLB92hC_G9HY
zK&{OKbD_p*E|#^V4pu%N`?lH05Kd^$QW1l#e4hLw@1yBNhOk9rNvH(2Nxlo2ZnJ?g
zIlLWng{yG>r0A-!F-5$YMZD>dj<W1_cCR)aqTFq|wrOX#_r^fzinH8p21Z>PRoDTu
zUr#G4>N135g42k88_^b07@<S0$Rvx7uY>Jw6BWg{HoTZsjG-K8x9VWGghe6D=On_g
zXxlFAz&NcFU?~lfHp*6nvDH@Sqn2Vk!dAOvq|*&kSbL-pj?tl`-TMNXjEzv4>nL&q
z3vntTKqnMe=LEOAsVD){?0rFDhj>+r3-AmwTpeAqg>qM^%-YNCeAh6QWVe<$F4X9S
z@aiP!?cQR9-X8Gk1n7+yp|}&ogcS~jH?fuDjo?k$MN#&|PAp>2RC~w;Ms1MFLN6#=
zNh_DxXyFW1wY`6j#YtD^HNy~+i~x%Pm~*3`(cVileT_P9I8qUKPMP{eSQ#Cd!4w5B
zlA5h0X_WAuRawGGtR*|WFF40YrmnJxmio=obrr!Ll&wpvJpFY|D9^>F;Ffhs6w00>
z(<nSQs{>l<3|F!`Viara(hE_nBGlUCs4G?L4q_Ez)ChS5tKza&C=z1~VXb9!P_>pD
zPE+OooRSS~DF!QPSWDi!p*Ih2DHlWYS~57~f<YHx+74Tes%yi#aT+ndMcg7BDTR(+
zL0F_R<_HTNAtPoZ5teFH630HbMC`UzL}#?ZX>=~f?y+!p*GwvR0_aqQ14z73!|RiD
zcu(rYfG5251KCzFodF6<>2P5JQaTo**;XkXW1+a2a<e%WN?I&Tp@retZL5UN4`>_P
znnK4|DESQw6I(1yZLu(s7JgC|rqVGMCZ1z~cj0c!f3}(M8FrVI-b|MZJSu>|xTr}O
z3~yYmqAp$5m&?j%HuXk1D~?h53aZ%hlxli2-AUMCbqbtW4l>e82kC6a?zVz<GvRT^
z<7y_ng&oy=7|#0&ucX5>1f(Ff8EecA&Ap7>XN9aaR=10?o9WvvB>kJ|dtFGf!!<?2
z9FSgXu@$tsHIrkoi^T3g#7D8))}*K5>`*w7&I#;pYi?xN8f#N67g$AfxD4TRFVgR@
zqf+RkhXY6hoB%pQ!vUl`CxFhRZ~)R&8`J8f6pHDXw2GTaJ)HnLCavOTQl=9?$D~!<
zOd9P3&@pMX^l7H$l&eIRt3;)hq+*uPF=>^kw6dK5Iwq|WkyeRJtEKldEiTQlZRxT&
z9P4nnCPOjZ@z_09)E8%(NzAh7##Clr*mX^PQTCfzl?rT}U$v1@=%=lUgt#g+!-+$u
zN#PVa*I_?*YFPrwdZkcAXA`b`T-KUgx?8csDjf?ab&8d%cy_MIz!F5eUs))oqb(G)
zSSS`23WS9MX@PGcU>c(HtimaDXoUGKX>KuBLUS%;!U_1bk%=^-vyn%4Gj`jWNJkeW
zPh=xcTHw7i8}oL!&6?@b4C;ao*KepomuB1+)*_5Ow>29cy|HE<#!hXzTd>0johKC*
z)1gh+*uI#c$_8~)Why`z-ySy3)g$H-&64*lTqj#=@=W3;Tv;#*jybJjG+?2?D3H&$
zz=jv$xhDL-$N_KRaLSOP|0z?9!q+EU)@<bt0=KdjT8&mWJS$IZrhkN%&C{~>DBK|I
znAz!Erm%=kE_S!oXg3qe966mP>`Z}~epR!~VK1bBOw-}56`F*OADWOF1Hi?Qa2*V2
zOaTu<!pa6pqb#-`wdc+3<2&1>*;JSiov;1B)hi~FZ_hNdhRd;|>9#HY9`FlxWSI^N
zs^lvHPEL#HFfU5ZT=4m_@(`GLc1M{PTBnSzQ;Vf^SbB<EYN6EFwymkgGBs$Jt5>-C
zpyO0|dNbX(95Ee}bW8n}nq07qQA%@KOZ87{NqCw}ttEc=OwXKGVaNHA&MVkeiQfdU
z%9MxZR$x~iV?=pOHa>ysDeU4j%baz`&SKI{RKZ1boUT)n1stKIC3Hq9ETzLYoX}8o
zSSlp7V=;j@tC;HOumMqPrld+mmX$TjzNP|9Ho1z*fdboRyx7(i?V&bEnVUk#85;}b
z*qB0VEV$^oTw!a69k%FPrEnUZ0QPfF71ZsZ6pHCgQCLdH=!$bQq!%fL5;{gfoKV9G
z6R9v-=}x6%bXzVQnXqGQk~B6c+>05FPkT`cI+GPnr9)$onyO2JH`x)<nWQj0jJe|0
z=!DW)uW%}z2eF@98TF9x^#;@>otv<`)J43L6c^pN?B%hreiqIrSIo5Z13N73hA5a9
zv7v4B#stmQ6Oe_yKXzVkn~j&h^RUmyexnh><-E@GnCUzwh>r@6WB(faDeRn#e@m}5
z`c@F}**Q7l&$nY^4a8*~L2TRpxlL;v`I!uA!m@+G8Y^vLu(C0jRz0(^epXd|Xjc8)
zv<Byu>|k1DupuY&;)~M)jTLjM>*~|W=2X{Iq}2w>>w`^cc=vu*+E6DXHPFzIHoU$r
zR9P1ari}{B4Wv~e(!4-pr7==oUu!TeR9{~cOlyL6FpyHyl#zaMN@dNAw3_O&w3+4Q
zzYfSw%}LEntF9}rnNv~ue^ZWsRRo>KwBY>U{~z*cl{e0B2w^#_ran+n*_evw<>*YI
zii*k^sa5RdA$;Kw1hS8XD)8DU7=5g)dM3EEy0)PP0(5@Ij^xtX>R>qpFc_){W;oQ)
zSUnf7_Lt(V0Y^}d_x&9Th8nBuW`bd!N!5oD-NNDeU@1S%aP$YUGlo*C>n?K!OayX^
znfH)w<G!?`WxHGXeMsEpvAqzuEI4j|1mq!qTO8X^1c?Vn7nbR4cby;a6}w{@3vx;p
zD~T5`<k{|W6|0Ae73puILTSPFd&8PG^^u~BDMl-FgB+pT3tf#MCs^eT1`z2S&1;z^
z^X~RB4()ZLW2^iwR=J4qcR|V?e|wb+*h6S%b!6#X{up&cY$r7w9nDTk5{sk9-yzJl
zDz~jl_WWX1sMl1rx!+&pkAqr-sysI{j)<(D2&LTUZw2nAD#`XoDLE7M`u#XsTF$C+
zschRy?o!FEUaZVnczufzSo2<%H=JXZAyQ@LMVC@?s@uuzTBjaPsv1UPInCju#I)~p
zM4vdta6I=cRy7#uXZfA_asr&XaI0Edq>AKHnu~N@GgsFtNrX<wY4?^y9XoCv%6_$2
zRg+6q!D3Z49>soD?{3u|5lTn3vb#yeb*u8WQb)h4AGhjzBUQx>RL8}tF`No@`}?Z2
zm=h<rx&B1(>y|DCJN;HCcfC}+xhfZzD%<Z}rwmrBf-h8+?@`(CDb)tmC_7y$H!dYw
zq(nt3+G?k7cvV28pIytN3c65Lm1Ak4vS%qBM`Ah~8{Em5t#n)}uG2)0#L;vT-t1DX
z7N>H5jfxPbj@PJcJM3hot13<m>kajbQy$KArS)akl;RVyQqFZ&ure4dt*$5yRxhZu
z%$HtPS#@c7sL7g#&%G)wOoD+qHK9_@QTm%CYi4DrRDEJrTVGLHKVwD^?|0EQ%~jXe
z1u=Cs@=>PtTMd=9P7<>V>*iX;1w%7RhnGyY@S5lhd{Kr^(@MvV&l^#S@6fC{b;0VH
zb@=X#FXz`)HifLYI5ER$I3r^AR8f&QXHu)G5(TQPQ**G@SUDr8qL&6km}(K(kq4Se
zYXdbk_2pKeqM}rqDyxOJzPz-$uA;KZ8k^T&WwCA!a&Agh$uIA$LY&_lYbz_NIfWMl
zf>lVgB4{-<R?fA`s{++^r6~H$P!;k}jt}!ndGfGoEBdQC9X_;_AB-v6$aHBLvNB7h
zmS0^LsIi=n?2w5W^`#*TR|^e6YjXee0V)EnK0;ZUkdILblonLatg=e+Lf`nZYsRQk
zmudyJaBXF6edBzmk<07npe}1sbjRLUlqWE=vUHeA8#Xg8hE3BqW;9k-;zU?CGhQ9e
zX%C~L`VJ4Qc-1q4RuwLYta<oQtr8VBdkz|+(kid1#-&hcW1z00zSf$-5~APKRR^ok
z3gs4CIuM$JPF7bruaunxS!YJlXj`3#8|H-2o6tLvLljh19{XqQ9E%-N9ZD<eER}0C
zVIw+$ZbF^-4D|BqnNBM-R@S0@e(RE?GA+=A6LeZ-hUv5z7O4Nay3$Z}ZKV|`4^_{t
zEUl>yhO9tkP_-o*yHQme2TNXI@r3ckLx+tSp_+=Lqb`7mrA=%-YE%S50o}e9TQUbl
zDlJv#Z}b^eQ1-gQy6TWs76?{eoL!1uTaQaU<^akiC0CZ_kC|9pV9l%#m6pv9RR+<=
zP~LETo3SeTH9KQVkyPJqX<Xz2{T9a=);#q4`gv+puwqLC`0UWCp6d)-j!+I*)dFx$
zI$};x>7cWi??y518ZCA?XSAu&S2|-(UAa~2TsEmzRRb8cj4`eUaZnA|IZl5n<(S3{
zfopSUs6K->hQ(4<nP6wMqPIH@9Ios}^mz<QofPYJVgur!Au;S#&q3Z$d1@-CsGeDg
zc4fD!uTX8HMnoOHu+`OE9#D}~JJvUZ)Eq}EOrf-{z7caubr9N&&)&vLXP0z3Ot31D
zp`r%yC1*&@Y_)+PW)ZYpIbVrTEyBiV3?d=)6;^cdh~nbH@#9o?<1j-GXVe5{$|*vH
zv7&WfH&Z3%JdBNsdNrQdc;#i~>`c7ORrRjsq~93dp+;IeXM#Y7<b;S1c~uvvM&A#p
z3JgzQP9NbsWQ`m*F@AWwx>1QwsbvCe{~)-oJ|%?NJOw3Y^`+EcqG${-Xl8uMcsS!T
z<5O_OJGgwnfcTUdP_M45sjjO`VV`j-oD+m8gf1{=k?;(q#v>;`Rk~21y2h%*Kncu1
zN~R0xsfhBjN_;Y1iBlE3Mfe<qZ=}u1LbZfyMP~-p=N2XAZ0B@mo+0YXLzQZtQfDre
z5A;pdN1Y}Q=aG$ER*BmN3w^e{VZNnWmS<l*r;ouPG`$V;T5wJozY9j64`G@Ma!Lt?
zGix~=*QtL!LpfP(KsU#IgcE`;+8C&)ZnB0IswU)Fz)bfR+LQAcPrYnGGt67gC@Qx>
zyk9YV_`vw&^2YjLkT<R=<3`43q-Nq<;yzA$tM3xyar433>dES+7F}mXy*06TMCs6B
z#pB0JEE!Qcrm$p0(a<r)gVS3L9acCv1Mfg_`^a&W%lKyVBs-J?hj%t~8ScZ*RRz2#
zqU7V?;^s`r`NWd)MC>!LGamK1@_;vMlz$;yV~0<`qP3h)z`9~*+)dc=a9i;XxO`+v
z`El&HJ5$WZR$K|8oX@|W*UT4!(=_vAGm{n{8XB8?I>XI}GLqYYDe7qCnxo(*VvmQM
zK`aZOz~G8b`P0D0KA+U^?I!9C!GSLIhXPEU@Bt4urpt#eW+jL3+xj6-#Lh=9+^Dkz
zd_9;Ve#>dn;ws}KkWqgtD<2!vBAYsS4a^|Qxvpu-av03TBE~%mHa7nOzDmn;P|2pA
zxj1O*pR1AFXp?N(3vZ)`%geP%b}i<4rO+o+&UF6>HtBNh8E>{I`9?6~(LSGU7=870
zL(9nwryVYRa-*MY%Jl-+*yn1LX|Gp>KH1oLTj+DaGY<A>Up=zX_Q_qq%pad7aZ~*V
zJQYkiR}Z;S&c(r@V9L$v9MdzK8DAeDqh!8a7l1N37isYoJf)KwoL?IXlv$}bKR9lc
zp~lLZK&qb3tyJaXOmC&C`7gCB7=*N*9!Ac<%OZ}FBh#LW%Cb2#OJ_9llF12nB)kxY
zB^4SdE8{h`4CaNr^an7%<6M4@>^DR_u^6j7;iY0qti_e8mFg^Ir8>!~vNVNQIBgLg
z+$1!Z>ib{acxbQ>c(rCW+>bQVK^3cweb_Js*(H{Gz}W-L_zdG5m8$*5US|ZFc12Lw
zMjyeHAHr({ThQ>dhancW$NbPfW!(N^3_D&GMjVKp{pNqu8v-5L%f!xYC+w}KKyNGu
zy~WyPzvMO@#;1!4Fvxk`F!h#{LJuy>!Td0c^)em1NXFU;;kS^P&Dgja0>cbD27CN)
zk@h&wjlD*&w6_g|w+!#=n9YRMLLlvJ3*g&`_KrQ~%h+24HgRYpt{3uWDpQ255lp>S
zXvje{q&H(@75p+?UkLL=tdlP1f0OP8u!%zx`B;vRC+N+Dt%G0M`|2jV_y8H}h36$>
z?-{U(1GHwq-fDv0OxP3fOM9^^aqdPS?RC&$EY^PPCJxa09`+)zQg1dBwi^OzZ_Mwp
z!Vf*#>!`zM?+|vzNypCZ=RtVYiycL84CDS!?Hav{M>un>R#Q6EJBeLn$C?a1UW1s8
zI^2H3ZkYbn&=bjq!@fh9EQjwlr~k4XoYze~N5Yu2w-)x+{YHP`HHWkp3wzX~J)VP&
zJ+`5UZe<rb@8&?PHj@@zGbR~OGalywM2rWU{KbI%*rmNKMR-hUj37)Pd@Y-ld#ta|
zwuI20v`Bx142J*Q$;pkD;h5#d>n9g9c+MmvJIdb^?gUf<^K7F<eg`*K_}TvEoX2of
zi`sZTq+f3CU-?byjuyVcm+Ht3uP9nJx4JTuezr=>=2jy^`q{HvHn$}vAc(OR+Y+e!
zys~WB+|~sx9*|qLV2j9&9#YogRdqD;Jpb(T{7vWiSDfd+^*sNb=lM6B=YQ-x|8wX0
zUpdeJ_w)Q8pXdMKJin|W_JKB{%INP1Kd*s%f!m{o63+|o4gV5^FT>98?DN7eJI_Dz
zJbw}Vd=SiQGsd5BUU<WK{(115Yc}e)Jdu(&zs`+)&+1@fpl7;sI~jBqA<e>!SODso
zh2MPotrZ&v46xL?Q_IQ{u7-F)bng07cv%WTT-gxIDMV-Gl6TN%DON2xh*h2Qmmq$%
zPITT{Y|A2zUafJKqx4dhS%p+<e(GQ(YF)Br(J8!4E!KLBs$3vNuwE3_H|6IoZKCn8
z*?KzSoNAaegkg?;!xdz9Dr`%z8~OEQJx$ysc$LsuE%=DgIVPBW*XD$b4X1s}<^?1+
z&Hy$ier$9M$CI^wPqNleCSQmHwtm>{?h2hR{CE<<mW|zx#{nD9eRez!*al&@6BJsx
zWF0q;9FGIG0_?W7Glm?G1GWj+?RXrpm0&k^CX*8>#j6_F?TZvz)5**@wkqs)l0vJ7
z+}q&>G7E$)gx&6=(BhnBbK=Lg5WC^q$tjfL{RZqdFRrnz!*1$rJvj{rY@4tf`NM*@
zkaZcKAZwf31aBAmI|T0}>-yhA)^_#_`5R<y^8h&m2W*G1+nEa0wOXt`UG#@27V{Nf
zEan;s<sP`Bwfs7`mutBXZn=<GX?ZkUzM*04oP;gI?O~hDH3+^{N*<4$?{pd-BzPzp
zd8mNBotl?`@mN&p^NkIzB~a&j$oVBE`6loj&8xsGHLnIgMusik=kvuWGT-`mUo&5d
zDuthN-h1=IWuwE_sSNW?5;E_rn*~26_-Vo0H8a2aG&BEvRg8AX|JJ+{I(*@VWjTyI
z^X(e)5tc>sF)*8-aeKl|)Xa8cx2ArK<|sXW*%c^{g-edoW0`LNP~I6XIjS2D*z&N`
zKHD6(fl7x#WTP{Ma_F%AXOUqiUb9J;*8-F?pJbEn{gfl_Cb-XP-T`;F=9O?+e(D^D
zdrUL0UBB0S0`6JCe0Q8_B|}Dz(qn`lV$crP(Yk1ze$XLD>G|g(El-D>9Hqw;e@%ln
zvmqx(#RIVMoK1O-W+T5s%LhSDj!K|5&gGON4_xEp`J8ccAt#$WG-)~Oo@{I`(eeVw
z$tG{NYWWz*$wvPHEuR26*~s~$L`=5?a<a)Af1``?$&izy5&_r_YB}4P9CeWrTgS9~
zI=tj4HZC?iP*!E+dSbL@u1mJn%rVVZ<(U@y3^_{A$$T@M@*2p=QF?yP*763($x&=v
zZ24Lq(j2AdZLUMHo<rFAMmTLYL5Ccr=kq!(UkEwb$nT~cJJ;{lYn|JnLyppODc@+O
z&9#t|qxAg0opS8_ouC&qbG>gL8T#v>Pc~!c4Xwj9#J_8u_0S<l>2t@=T8DGq8O>ZP
z>;OM)Zh}79*yO94%mddqf2VaGh7Q^2@EuO0ldE;MK!<Gl6<_0|{U;zNo3iuWQ_8nN
zPB!u&<w%!nxC^z;cIc2zx+}B}*C=n%Iy<04HacsC&I6jEVm+*x>%aVsE#_e-<YY6(
z`8z4h1J{eWlc~>N?;&$;e@8Rdi@(;)`#!!mOC7HB{z8WRJ+MzUb;5T}snZ#5N6lP^
zP1c+Px4&kdJ90Hs=W@+lkG@K9h30GE&eY6vL>;*=GJuU=&of<~Bj#vkAK<TE7@d2x
zoMm}Y$oUIPj7$C3h5UUo%D5l)$)*mEQx1LB8-GI2*yk_&QU49-lTEwxy;8~#Ku(Uz
z0ARaB%MWRe($^dLl*2yr$(L7+{dro>_eEEb)0G+P4#BKXb3L3VxIpk2!MuMr`Xz!V
z3!WmFDRyY>T=T?ej)lwJhMZex>^AbwtsC|ZniB+b8lv0_H;0V4gWz&Ec5=x&ZXTHW
ztdl~)6EsIcKA8+VQ{ZwpcBYfHoeD7R@V>NKaD(QnA#WnX&O*4{jh!WAZRdJ0?JU8*
zQt)cc%OPJ+hMi4txf?s2Ym6PvDXLs(!zTrA*BlA?%bKIW>|3;X04{f9lYPk8JWL&=
z&wJgYf<Mwc6Y|eB&jPaz?6x>yi^guVF|oD7ZW!G+%v|{}Y4Os5X>nuw^7}__JYAW%
zS%L=&9xAv%@OZ&f1y=~>b(FE+DEL~zHwj)V_yNIN1^-#_9>ISV{J!85g1-@bMsO>;
zC7*GE(*zF_JWlXcf_eQDF0Wwz7?Y9nH@6J07raIAcESG=%xgXq_rHSq%BztV3Z5dk
zOmMZ}g@SJqe7j&?GZ_24PB8qQ;LimAC|Er&)qRy;K$y6z1oK>J<eLQZw`Gldm*BSq
z^M1$ZoDlqt;4^|-d0O=21Sbkk6+BRIzTj&G-zxYi!G95aO7QP6o=u*4ela{;@OZ&j
z3+B9F^n-#I3;u&(o`;P71A_Mp{y^}@f=>yK#{^{T3=up=@N~g7f|~?iFL<@!b%Gxj
z{EXng3I2!RPX+%V*d5uD=eB~o3g&MunR4-Wdkqf}JX-J-g6jk?5UhS#O85EOg#3QN
zj|zTH@E*Z$3;u`TPX+%dIKtPG|Mr4=2<8t+nKBL#oG-Xo@N~g<3f?GqtKjDa?-P7b
z@IM59BKUj3_}>BHd^QPQF8Ggv?-%@t;BA8cF8E($%v0R{4L0Y;uY}G|<QPW>?@))i
z4OzEuXCc2($a@Ppey|}N_fnxVLdZu6d5MtM2@VRK>x6unkgpN^C&AB>b$MSPw|C05
zN9epGbWV^l{<(c7<lmEZ+_Pj|5B%{aV?Tkc<MtME{-Tr7=?`X|-w6Bpl<RsPBXsza
zPsUEQkS`E&{#zbn^B%!}61-dRKLno<+yxg^#!i~x34$vGFBaS^_yxfq3jR?rKE4X4
z)gH`x;5Bms<+>jF3eFN-Ab2cUx9R0z+TohyG@(-?c#hx&WF2=A*u=e2=&TYt&4T$Z
zfQkDT!LN{Ye|S^K-v-k@ujh{lofBkT-cN=8w}K<^2+`P#6PzeGRq#N;`GSiDR|swp
zyio8>f^QeRMeugPuM7UW;130#795Fdc~gf`VAc=sQ{pJsbr?_9_0vnp(}X-*$S)J}
z;X*!E$cu!0rjXYN`CK8tR>+r<kw<R77kmp@&k6UDb)Fv*{3pTN1^<Pt<L(pkzmj!Y
ze-k<%3Z2gce<%2i;7H`f<R_Y})9NVX-39k1>va1G{Q*K}nBdWZO9W39Tt?P57Ye>p
zaI@g&1RoUqAz9C>UkkYlH-SbTL)K|!3BE#bqu>>S?-u;H;Fkp-7yPZ@Xw<7ox2ND-
z!IzVD{-+B0?*(rp>;At*$e#dnjPP0V3qofv8Fj(!H6cGF<nIajheH01;2(qz?~jem
z7{MLMI&VFMyeC=L`5?g)1Xl>YS@8X2ZSxT!e;my6a(!UC(AiDa<$XuUj|us|h5R$J
z&fC|5zXQ`gpUIpN`mK-`^L(}~S?BEnvQD=<S=-DZ<J`t=l#q`D(>|Z`6jP3!TPa!V
zR|t6>S=$eiwf&og{t=<icfE|AZ-o4ekaxy{h)FkDaF*Z!g2xD+DtMmY4T84|epB#C
z!Dj^bjBCkHf58(4hXmguc&p$&g5MGRrC@x67cP4r!IueUd$5hT;r2AlxGV}YrqVFO
ze3<zt&cy90I9YI-;4Hy|1rHTmAb5=6X@biHR|~Ec91^V733VA43;A-vzZZOq;Prwx
z34ToQp9DWE_<6xE3*IaE4Z#Nl9~XQ=@aKZR7W|{&Uj)0cMr7KE@6#FPJ3xlp3+AuI
z8#(`{j^PZ!{RIyeJXG)~!CWgdcKF=Ta6oXi;99|R1kV?|RPYUgxwdBPuNBO7HY498
z_%XqM63pj`M*n%iFALr)_$|SFwrJw=9XiAR6nsMPCxX8g{GDLl8yGu2!7+mQEW+sU
z9>8#t;B3J;g8B3QM!!h#G{IayG&=kheZzAEb1l)xc`a-BM!|m&yiPFJ7>)jB!H)@k
zM)02n?-aa8@LPfp3g)_{N$aTKj|G1!_#46B3+6A)8#~d0`5e>8I|)t@+)Hpj!Tfm|
z6PG`^WcV_{BLo);E*5-+;Aw)(1cwAS30^FCx!{`x^T%~f-nf2ic%9&f1V1YHNx{zu
zeo63d!LJGC+OJ9LnBb2De<t`V!9NK8S+E-?KVvgea67?#PHJ>|3g$CYBj<Bd!+bt!
zc(~w^g8A<SjLuZSe3okDRe~1?UL=^$PmTT>!D|Jt6a0YS&4T$G`o<2|t_|-IykGDE
z!G{EYAo!nxKNkF{VE$OYN$ad&FRmSpyp`bgg5w0^$7RF%34;3wP7%!C05|rB3N8>l
zMsTs<D+C7wR|>8X+#s0$e!!&5XT*kY7Q9CA-Gc8Eyh-rGf}aq)P4FJUT>m%e9uRy;
z@Dahs1oIhziTkNwJ})rx9|ZH^rIGW0GaBZ9S1^2m-~_?F1oso1F8C6`{D*7CCVs6x
z%msoc2rdykRd7Hs|Gk5;Ialx^!OH~mzd#uMI|Vljen2q)S%lHwE_kQlJ%af^C5--I
z!N&xDB$)qo!s!1fnE!CX$fE>z5Zp;HpOqN>-wEb(6C=Mw@JPXYhGKNC7R-N3Y2-5m
zUn6+7;5mX930@|6rQn+d-y!&J!H)=jT<|u*+XcTQc(>r!1ivNt9l`GjJ|_4h!F;}B
z>f}qo{4XFz?!vPY!|eoj6wGHmMkifxj^IIp`R_!G{sh5S37#f+rr=qE8wJl5yjbvZ
z!M_)Li{QHi-z#{N;D-hCzo3}>?-0C4@P5I675q2B9|-=Z;1h!R+{&c&wczgrpB8M3
zXG}i9(SrF8$BfO+f_n(QNbv6jrwQi2d@**02`&^oR&a^n$%0D-mkXXHxLz>-!;DFH
znc$UzZx(!~;Clo=Ab7LjCj|4ko=J=U(8lnqg8Bb#jQoh;j|86-{H5Sig83ZK*f}FO
z0?)sUoX-ah#|VxU+*NQ7!O4RA3C<FHiD3L9dpNCOf=3G;FZc?<R}1F9{V{oN5Ij%t
zwSxJa(de%be6wIae>6Jx2)<wNgMuFs%zqDK;_eW<TktD_-x7RKF#oTNv2#-Jmx50T
z{z>o|!F;A^?8FN0D!7MWKHoI@=J_U;W2`|!o-25yVE&sr6PM3D4F?4C|J50JjbQ#S
z93x*Qc%|T*1>Y`stziBW9b@M)!A}W(RxtmejnRKq@BzVx1b-m-pMv?nZ;YMq1pgwK
zFTEL^7{RfE`Cn^{PG7;e<gsi#d*j9>X0x`8rQ)zY!%SS<f`l1Uc$i@_%$)^y6C5wN
zr{HwK*@ANf4-#A;c#Pl)f=dKX7Cc4pbioyZ8wCHK)=L)(oh5>=7yKWrhnV{O7R+yB
zxc#IV%irqT7Rvb^BG*aC{3M~hX4X?@&0Ht$uDL(Br)GW+(pPgnnCm38QwY9T^X1?{
znz?2?OmhHSpt%Y>PV+o)iRSs>t2EyTp00T%c!uU%!8Mw11JBcZ2Y9LG4d7LpH-Yce
zycxVf^V48{zr+0VeMY|fP2K_Csd+b;-}O+w56pEB@^SDX%_qQo|BdpKV6KOd`CSR$
zg(Js;xgJ7}2lKr+at`=M&HV3^d`FIQuF-lt4o?U3eL2c&z%iQnJ|o|qqx=qVH_iMf
zk$jJia()}awGlG^0VLn4BOeCy-EuP5LAg#s=DUqtCn0|UF4WAm&+(f1O~ypc{1)SC
z&0OycXy*4CGd1)7FV<=v3g)ll(*79i^ELCkt;L%8e!>l!OTqk}iuwWUTvs8NW4}vt
z4fuY|A@C;6T>E@f^BV9In)yuz-(RO4u6^#%%paNGrFlD;@7Ys_-(T<_2$TPc{T<Ek
zfRAYA`sIh3`Afn7(R>{IrRI;o-)TMp{zdbbU^nj5X`jC?j9+F{d<q<+`8zPzSg7+~
z?D&5^id&<<Bx>ebX0qnq;8e|Azs%M=3OrCV$6T)F$zZ-qPx~ByTyG&y1s7=!fG2C_
zw;IzlSA+R{l=`#4*J!Q<bG?P~dhlG$v%w2B^Se5(!%$}#_$JN##_kr)w}Wrjd@uMO
z&0E3iHFLZ^q?zApY|(rG{FG*Xx3OLGVepHZ{{iNj4D;{__%+S{1#?Y?au?d_UCmKo
zuE|i&v3OiFzvnoqnd9jT&HS<bZ#DCqgP%2*fo+@=X{QG4)6DNP+GyrjiPg;SHM(f#
zSmF8%<8plT*355zQZ#cMWNGI5;sDK$fcfqy<MMl=e9asae2<iJj)@}8FM}s*=9nne
z%<pb0HJ=2}(#-!%I9sy^Wu2$FE%-Xk9l*;qcLcB0+zEWEX7=$rH1ivgdo?G4H)v)b
z->f+u{J7>!@Y9;PzW8U&Twi=iGvD*wt9dl|4b2n42Q{-_b8UxpG7HT2UCFgzuI-Td
zZRIDL8^K>`4uQYd%;)>RXy&tc3u_3B%lCr0**rn(%`mTX%sHLcIfi=*=Jkw`^SZ?_
zuUicB`o!>b!8L-L1Ya+BwcvGv9~Qh#@J_*R2tF+MBf(z@{zb44=N^-1o;wZm+-bO<
zV4g>fJWuch!BYfR2@VNfB6yWxKF2in`Rvm06M}iJHS+y}4+%adnCDuf|D#}@YmJ=G
z77ce3oGh5n6OB%;V4h!%oaa=-6@nWC^SPnXQQsiI&+T?0UoUuzV4g2c+&zL12tFeC
zq+njJnz$C`T*JIZHO%W$!@L$X%<E6Xyyi5_>rBHu&l#RBnAecz-IXT6*9%@P`2PX*
CP`p_H

diff --git a/ssl/os_port.o b/ssl/os_port.o
deleted file mode 100644
index 6c20927b3dc431d559f8956458439137b6d48b39..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 13424
zcmd6tdvsjIeaGkC-D|D5vMfvTS~fObzpw(<O14#FjEybZ0ttjMmK{tC+^kl+(xQEc
z-IXN=QyT|}laOE<C~4v(<b<|{*bQwSkcK8WkOcB1r-ZbG^g#LuO*pN|qqHR_>GwN#
zM*CCJ)AY3eWX_p8pZU#ie!qGA?(FPJhkFMua~wz6<ft1}t)|q;MQDjA)vXoU)nc{K
zs{W5<lWA=}^Tfs1tWoL@&NQ8j^rx=7Id|K^dybw-G+e&fZQpoR?1uV6UHxl+H1}vq
zl~XP}KcVO!Po<jAoOM%?u=e$BOO^7Jimhor(=_|+|EKMlrLda#Vj?vBd|AQr<_2y1
z>7}7{rAiakL@ApnWD2G7L5yX4X(B(ID3%}{&lD5cTt1Unwz9H}<7`0w6;ebwhg5^3
zxMVhM1VpiZs&Q*{If^6jYTGxVe(rR8lU9@M`+iG%^|!PiNBc@)A5&C!xksEkeT)f=
zr}H|V&UF~zFk6v69Tv)UX8j}3bz*m+)pfm-x~MzqA|9e%u2@xWv~CM(Zp`~GHDh%X
zD55u0udau<8yIP-urcbr7c-9r@Eci8iT6Epji#JF@T_R$vPV$XeS^mP?jQ~j`zcki
z)p$ICT+c^@erLh*IkCw0S0L~=(`YX}D!-R}#XZ2NiatyKSAK;Rm*%d%0oV|Yo`I4#
z&&PmZDvg%eEqJtft1}S!_p>!gRE@!y@;Yfb>bFy@Ip+TYjUhMqKcAL2H3n14>l#C2
ztC|ySMj2x;--4`%4o4f|Xoc7PGl=|e!mhWz2T$c!Xyqbu)PD;ay$$4;|1oTfcQLua
zUytc{8_7-nFJQ;Jgxu=?C;M(9xA}iToz3J${w3^tDLJ8<at_Qn-sRos=>ID!ULR2*
z7Qp@FBXb|7r7JmR<;?vsm3FccbyVz^knMnyp2!l_v;~fiJKlAShj7W>LR5Y|ZS3y>
zM*Y`m;)Y|8$9xXJyO9$=hQ*<&*!%HdHa6!(Ka5KA?8jj`=H;G3#oxnTHxZTJf`>QO
zL(8zhpqTwVsE&FM{R~B8Fs{6ZwPs^bR^G?8Vq-9=yi>%Oe?M)VUI%XQCt%V0Gjd~N
zFqBo^Cq4p6lYbW^-Xqj+^M9ZEk8<LR{0pf6*=w<)3IFHh&)o@L;a|ns{?)_ac7HF|
z`}0rXxw<i!7*gID+Ux>jWMAaSHh?j-Cux6^{~CRL`K!?1>UXg3S6;w#dt;DC-><Uo
z4*xXA@D1t@_)n9+ISSt8?_l3=H^ciL{|6k;cYX@VKL78r65e<DT3qkHLiyjY@33lN
zLG@Ps;G|lwfVWo4v6^jYn%9L#d(_+EvL!x(ns=G272<#5pmL?VW)>DdK1jo1B^LK<
zm4<kfeXi1dn&LS25kPKB3~u7jvt^fV>54b9a*cZn+;qn;=a2_=%ZB)QY}xB3(PvZq
zOEkUD<*T?g-o?swT5U)C!|3U~MYr_DM`&Qb+l@X0@%>c0QLF8WKfzH4dOCaJAE4S%
z_q95#(|m@ncZbW6?Q`aTjGgXucc2(><}ar4ce=f>_o6%hPTF{{`)?4w<jx;v?QZuP
zw7u$L-F88YGqQ+b&xtY&^+I!EVxe`lCtT>;(A36WbD}rk+444s89qXtBD*hlQHNa_
zRy7^;egp!2GBRlN8{~%dAK5xa`V6Nz*ZC?Ywjc_5gE!B)5PKNchunP4Dt-&6-{#Ow
zH2x&JEO5BfF}UHp=R|39K?3cK-Wn%Q0~c|l)@oMqdstbgE3@K{v(oMGldnO=SR6tJ
zGs1<>dTIAoY(e}Ls%6|hw5#}sSjp;*ipC$~a7MINEPfe0d!sJT&=v7>*^<+n+ZTV8
z1HH+8Gy3m}uVH1(y$GK6#b0M7@4kYT(fDy1DCo*~{0WG>qOMHETi8-^--FQ{iJzkB
zarZ;09E(50;oPkKJP>~wuD!DE^I-fW4ODdHRQy@CRCVQ3@x5%B(3QvI!>k<8m8aq#
z;czCkwXdrf_nt2Gf-DH@^s4K1Vg0nN&sPi2dWYO^qaI&QGlw;+_&FT=5%*;@OsN>p
z7NWMXSjD)gjB`^z_pF!Fui+xT;og+X4Oz5~CT?@-EA+ZNW_q-##e4yExMA}tpA+R<
zxVV?%9&~`<N-f@qXN=*I0%(7(iY|ac^tnDhTQTZc?UQJneHvN~b?PM8e-v$XipP-h
z+ow6|AB9exqKBA@@`5yLC=dPUS<EoDj(*Pj2&B$^cqqn}bE2tUsU?#bopT>wG^WJT
zcY~b!>B_xl>oVS6>+nf83#!YV!N^aY-D(AUuja?!%FnQKj)SpRGUr4ds^?cA=Dhe>
zvua8?W7N3{d08JG>(F_hwzykcY~Kap=b^sb+3jK4Oe?Rz!>O>Jz0Nr&UZm}VMm&Zl
zI;zkSKYr+Ff*npHFJmP2!O_#xLm!0s&|e;HzwVC<<J`*b_Il`?7&r$miV)Mq*U&_N
zy7DS2^mmvYW@8za9RUo%-v;yvm#XIP7}|c_-(O>6oOf`;jw7!`c22y6zDwSY6>#3c
z9k~#8m#pH3XuWGurO$V=(-bOi`XFE~@&$9)=iQV)3=;{p?4!U#7|oYvjK)2L&#6;r
z3I{WYx?b`oh>$KkgeZ4XKSrN6?f*WGaftQRgM0zjM))Dv@ku;lpQX3+;i6SP^ij=-
zLx6u0Me^NHs^8Ml07?A~TqSNsD;H9AT#q@`AEl5h)=Drf7hodwS5v^zYhl>ZS({=4
zgPQBCY;5r(jpsJbb(&{2%}2PdP`-aDM7XaSgs*5^MH)Bym-zj-1bL?7u`+AE<NIuJ
zP^p_O)MAd)-$H5qQq|wmiE*6MB6R(l?gq3q%z<CTK#LP;tQl;CQY`dKr8!ih*Cwsz
zS-*3IEv!lNJhci(K+8O5)q-#ctsaJe8^&}uj{}RFZkPzI&lgo#X**x{Sui~!-Djbh
zgRY!wCa)`tYTa>C(KmgZmvpu)2-j}a0xt5_w)?l~mL=ZwV!2rOL>qQ%X?IPA`m%Q(
zb+AWk^fE4g*HK5gZTD<L!wNJgHX!7sgZ`EoF3yJwvwU>13f4un-CD;h;KNNbPUQ<~
z*7{pE>2Y3I8xsQ9RIp@Q7Hq;Ichov?vBNIOq^eDtTAej5>R_f!=OH_4H;Z)|2U+l3
zj4B+FJZN>|sdzaubXi=BJX4_$5*~|C;2B5-Af7t$;7cPz#G-;cvwKZpP$~>g4`3Kw
za-jvDd9)zx^PoE%idfu@Jkx$nVNfd6>>ojwJCI@Y7z$bt_Ia>95Q<nlqVakbpGKbP
zs-`>mfKaHp;)(XB$gs~7j248eMX2JiLc+0Q5>;&CwbfNec%C_L;N`?mHxAm6ok}II
zI`>vG<w|F6q+A*sEmg-#2Rg^grJFM8YNaz%8Q-vW{rb*Sd3YjMEOib|<nqIvg;cs!
znd+P@mB%`J!j@!ee7tjesaVYv(d~-VfmG)xI!&g^8EYh6Dp>5SmP+|b=M=OnsgC^A
zny&R7nSAy)1-W86KQWx?tQ@TTE{!vv8|oZMr+;(2-N_BfwVh_vze^+jjit6@RHaHV
zUMg3UX$C~TlpaftGMa+w!SPHb<VtmTIFkh<kjfeC@U%Ep9tp*p7#Y=$T=7yy9XjMn
zXh1vyv05SHQ%J{Y<UYrVMC$R=SH!7z@jPsplEYeZYdzvL64iXD9>0h{pPG(lw|*9Q
zr;(FGc|^-2|0lUJy~0t|Yme|-k1Lep1jCh5Fq$e3=QFC1%43;SP|3Y5qxcA_Dk!6^
zdxHvs1F4{#8Bsx|kSUL3is^$2l6<ZLo#9k9rBYL9Hx?$-<!Y%g6jZ9IYDNW<>58sb
zj38esjwJMBqFBj|6f?sK{(^>Y`dRH8rqZFM%v7!#6ibsTC=9{GWZIhKa4OX?+LoSz
zY9Xj((%5e6frgEbG+tbVpCTr*>hhg?6WbFys1qFpYSUo_Tr71|GgH+LSgGbp#g2Tg
znklE)G?M7J8pYLX6CK$5&FPCTPIP3Uo-5{a#Y{(bqNsaRR4|mPVAdSVXbHb?1VJUM
zf>JTivq5B4RJK$uq%h-jsWg_OZe=7tkqL*bmm-@_K`qEtg7j1hTY|VN!f<}fE|A@<
z^nofT6qK^rN(L4SLtJaDxLqkMTs~8@wQN!Q53)sA=enpM%XfoY4JVm0hPy2{qQ@|j
zDipBFPy!(mGO1xcD--!DehK9K)Xe?EW{eJLJNUsElRHp_=WtRp75Rg)3W~YXP(@Wn
z@scKHw6i(jFUuGb#)B9_7<7f>P2~eU-&6&wUC4x$a8MW$2EagMUp0wIa9W%mXNd(}
zt1jyw=ta<!v8#Fp!NClIf{V&yLFtY`FjAaIGs42~E+QVX%0y&P)^7v$wot<2g=6Ce
z4(G5%Irzg)z%4$2I%_9Tkj3#5S{t}}`<21&-tBvL5B9&gH`t@bQ`OO8s*tHIW*Df&
z48ndiz?KwCW|j1|Fs=>`rw-DoUJAX8K@d(2`_Gq-6AvmgMB%#}a5fAR5fnHw5o$&3
zZhE3z#xck>OL2>WbUu?R;upK1keZqtM$G7A5?hhUKppWr!50^6#qgyROPwo>Pn0vk
zIQK3)jzxe*IE!#%oInBLj3B{c1^BCi-sjX10s)Q?UWg4nN^F0%G#2DjJY}*)eR8V<
z+3_+K0x_Q&<{0)4;Pq9(NT!N&C__)Rd88p3;omHRiQ+^hGpvs@>_2D1VNB|E)bCzU
zw69cteRnF1E5v@l_gb0Pv8dNOG!+`iRfah>y<W9=Oy^5D0qk-3-`qnoovEoRE()17
zdhvqd@RY)f$#ou*$K3eunSmC<4L30vR8u3kgl^xyG0~nbmns!rJ34k=o>-Gy+m-Bk
zQ+TrJKgA@%3z6EVuOvZ#F<Vl52YZ8_ZG%@2?A_BF4D|2m-Q6=VxVh_`o^Ab`*Wi00
z)9SF$B`;MrMcYH-z1RiwHrz@^-i2I;ybPJQUZxmyc%!vCys=sx-dvfe!&|A<IR>^m
zynQlJhu6uK$n<6JfibX3Rt^@bsUegI7+sE9DrfSkq&dV@QrCFCtEB$WN)A;jkd|0s
z=QYW0qcofun!x6l`C^9MLP?Gbm<%~JG*r$Un9+<tm{CvR^K&Fa9~?*6jUN}*1bnI_
zE|3Mhbt)NNW|E-~-D9fC!JF==-~v0&8UOE60&3hme3jCv8&A8j6xeIE{=1vj2p_jE
zSL${k<?K(r2IQovTYGOs-EIVM+TNQ4QyyCZzc565xN1$?<9KMFGNyT~h-9k_Hg5E9
z)7t_a_F0R})P@SjViV`V_CZrx`3?vlu@#imW7>&qne}c&UlqEX2gk!Uu1f})c5UL{
zb>4;V@HW}Dw?ZK8ojf07#667m_}*E2H-l{-p!)sU_`8|DVX{_hyInBl|1n3YKNKA;
z@_U~2`$VTw<FH4+Fg@+}Ua;*0RCnWds06_z+s2nt+UvrCuYip9FobD)C&9K4P<;aS
zw%bh<Z65<mdwXDS6dh@gKZUW4>-;HX+Ur7Q`bn!&pYuZIlWojjFs0Qyy)ZnKAlAw1
zJ&hU<8k@cay$!a4l6p)pAX{d=4g=%<+hp6m1A&~!<Lkn4a~^Ti#(De@+4cddIZ)tQ
z*<{;(0D-jkH0)82_S#Gv?QxC7vZ_a+a27I~tUZ<@j8xZBrCx%NU$mQ%>8lADAvwcd
z({iP5hRh~w&(>`z<x%z8udJM9WQIl7#m4D&d#Z%JA~SY|`f|ltH=k6YI_g}BT8ik%
zmUTvEEk*RI$$Cqz0>am&U#lb7M2e_+qDFo0a4ki!L*fX~>xy5!bmDo|j2?-ws-IkU
zc~-HG*L3<vc<NuQHNywnw<7bymGQv#D^c3ScAj%pWZTZa_}j$xVdUe;IM#IkJW89`
zF1|y{Tix`xvgxZ>cz46i+uWf{A-)sZ%TVpRow-ok>$<*r8|My#5s5qMm@wh$TV}jk
zULlzA>zHj~v^ZvqI2Xq(KHnS1{N|S+b8(Q`k)6dFb!4{kU_`nCnar_d4b#O@!yL<l
zhB+2~MpB<+A^T=L-A2xFk$p3^ZAQ*9l6^DIKFZzjQgs#Cgy)T9*ylXRzM0D~<<RFI
z=Ez3>ZDi;tP?CK!-y>k^A47Qu+30_e41KN#**9zQQOcoz3gts&qYqRqcy&2n&VkG+
zGdt#$)@zQwOk6Mig9+18WXtqN<~i0yMqjQIv$eB<Z2E4Z4wz++V6GeGybJ6i!_FR*
z%+}66vaxeLb-<LR1dkftk8+$0J5`j-*3J~!*f~TUFxzhve9Z79%Hw3%xfdm~wex<m
zv2%htVCsHU@JYk(LkSbgiQ$2y-w{5L_&MMhW_Vd<h*<mFPTFT$itLy}s-0~5^4zh!
zUhrnYJZr4ZZo$_HW_(&5#-!x~f^QLgr{E6={$s&U3Vv4bi-P}I@XrME=V3dBM!_wD
zmk3@jc$?szf)5EkCiq^#4+uUb_%Xpx3Fe>D?Koc){EFb83wE)eR=-j3Lcyy9_X^%E
z_(s7u2|ghB0m1w?0qd9lr(pSOg8yAG|EbUFEE3!<xLfd6!2^Q#2|gzHUcsjXKPLDo
z!TgsvJDwK>zan@64mPW^N^rN}9>F^W?-x8OctY?|!FLNjA^0J|pAr0|;AaJYU+|9v
zzb=^n0AuIXEI1)JDR`6MLBT&3{JP*M4k>GYuHf?oZxGxoc(>p{@STF+C-?!urv?9|
z;I9aNPVmcu|3&Z{f@AoSVCOPV@G`-jf;S277yM?yX~E-y9~JzR;5P)<;q15L84_F&
zJSF&c!N&!k5d4tfPYM2l;4hK!J~KT7wx1)<37x+q*M~a)Aml$Go4$2uw>+0@K6lO)
z@+Dx}-vm=@DMx17B6tVc*t||~mW)_rDv*u+NuhHKnD+U(|6a<GnLa4^q~OzJ<Lep0
z&y$U>?~{$M9}1lxgXxQRgI`jP%;e)MjO8}Li^;~<#ey#*8(&wEjjwBk&VDd`@&1q%
zI^$&HcS6Vy3;A7w?;)Ep+y|yj-UmNGx$*mPq4Q<Ie@iywd|BwfCioYEW4MD@n;n9?
z1@{Y13%*q_*OcRA!cjNPP?=_a3$!}?#%6h;;MIb=1Yach62ZKmTRYbXW^7sc^@7I)
zmjv@(Wc7Jhw|tji?yHsGFPM8{<);Pzx!}hHKQ8!dg1;sBdBHCTepT>U!LJK`LoolB
z%8qTWVE#U5<%<OKf26FuQ!wviR=!bikKkUx{O2mGzhCf>;H+T&|CQC}z0UI61;0Zu
zJ|dKZbD60L*}gBWVB7aSh({~uzjrsA_|*U14aQYNJ!s^7Wga$+<5E3hnDP4=!}w~Z
z9yiRG{i5MT;HM3*0Dsf)`QYaa^ZV!vhP%Np8Ri-LPlmUF@z1<^oL7K<Vt5yrcR7xq
zas5lfyyNp;M|l=}j^RAG$uQ5oxM9XM?|#%j3SMUT7?}4!${FKH!|w<4PDnXpe52t9
z!Iv671!i)%I3`(cK;5o?n_#Yym3Il|T3C6X;5~xhDwy-M`cr~$7tHxsofCrp3+|Vw
AOaK4?

diff --git a/ssl/p12.o b/ssl/p12.o
deleted file mode 100644
index 8b874f138a88cbbfd6df82735082b23f1b2297d1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1812
zcma)7K~EDw6rSz2wos`MR4~M3H7c06+m>Jg#2SHAL<y+Sgp<v--L@OHyJTk};01qx
zzr&wl`~hA)d+`r&@!~<hH#<Y82cs{%dEa~An>TM}I?H)|`?+BlOo_qXv7v{knd*{A
zSYVTEf`!0Y;b#pO*7%0ukq9uB$>s@VGWnlmj4L;VDSQ^e++7$moAbkjWeT}5ER`wb
zUlNzieHA7@k(%#hjKT#BGp3CDrRkzsnk!AtAbgJ%i%;RAmV^alU8fn8F1r&D!!2lr
zO=C2SU!@6*V#8P)f5##Bd!g5{s3q>d_mZ<C4?x7)eK%&jAH|8F%MI?uyzKYl=&&Cp
zhtWydE4!yjz{_5h1yR_u#4u8GbEjc#SWC{bvuN1^;@fTzaNsbq6Yn&!xz|qoD6|7V
z@nV;#o@MXC>|zE_I<@x7ie-0^?uUUNdUp3X6f^j+d(o*_T<n7f<)iAN(@vWj=||hs
zNPO5nRbZPN8>`krJB~O{qA0L;Hm$0&SaB*3)4i~(I8Tet6nc<&A$OZwVK-upy?S$P
zeQ$TWv0ra)Z|&FLu5IttD&uSGTea#qk{y0FNZb}|5~sGW5FH0|I&R`Jr^PvQVlQx=
zj@LTwHGL{BvD<3J-pL5<#%|d2FeS~Vb5a=9nbVF20}mT>PDQVdD2HzTQ|6FIJG~<F
z)Aul(OdQD_C}DawB!A1B2S>lzf8|w?qiO?+dNBbhilgV3zR8q$fkwXo;)#ejadcxf
zsG0-FK0zN4kfONP@D(PC-sUU;DT;dqUthO?*H7!vy7VDX>o$Sa96<I1dYgb0#T~*Y
zTv2g2Gm4ZPxhE2<yjeVa`nD*c9MW^B_#jDQ6?w}NlToFofYn`4JVxF}0#Z~SSx}eq
zA(x)>HAHCNwBJeS7*wzK4ELe;q3R)RMD%!;UHsNb^RnACYL0Y5>**_!uip&$XhIWn
zq$A>~>!Fy8p6gIdRvbD&Cha)=%!tZ{EKlcP$WnB!3g6H$eUlA(01ykRa^^McX!x;)
fpJ<r=b*Q;-G<=|8@!OOAbhY?E!_>NgyCnGo8Dq)d


From 6030371051fb340be1ccf5b7dee883e7e9fcee89 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Mon, 31 Aug 2015 09:05:04 +0300
Subject: [PATCH 218/301] Initial compilation fixes

---
 Makefile      |  8 ++++----
 ssl/os_port.h | 13 +++++++++++--
 ssl/tls1.c    |  4 ++++
 util/time.h   | 11 +++++++++++
 4 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 util/time.h

diff --git a/Makefile b/Makefile
index 3af715f094..c2c2469f5c 100644
--- a/Makefile
+++ b/Makefile
@@ -28,17 +28,17 @@ OBJ_FILES := \
 	ssl/tls1_clnt.o \
 	ssl/tls1_svr.o \
 	ssl/x509.o \
-	crypto/crypto_misc.o \
+#	crypto/crypto_misc.o \
 
 
 CPPFLAGS += -I$(XTENSA_LIBS)/include \
-		-I$(SDK_BASE)/include \
 		-Icrypto \
-		-Issl
+		-Issl \
+		-I.
 
 LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
 		-L$(XTENSA_LIBS)/arch/lib \
-		-L$(SDK_BASE)/lib
+
 
 CFLAGS+=-std=c99 -DESP8266
 
diff --git a/ssl/os_port.h b/ssl/os_port.h
index d63a48ddcc..f2195eed7d 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -62,8 +62,17 @@ extern "C" {
 
 #if defined(ESP8266)
 
-
-
+#include "util/time.h"
+#define alloca(size) __builtin_alloca(size)
+#define TTY_FLUSH()
+#ifdef putc
+#undef putc
+#endif
+#define putc(x, f)   ets_putc(x)
+#ifdef printf
+#undef printf
+#endif
+#define printf(...)  ets_printf(__VA_ARGS__)
 
 #elif defined(WIN32)
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 428c9ea56b..2aaeb5b751 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -943,6 +943,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
     return NULL;    /* its all gone wrong */
 }
 
+#ifndef ESP8266
 /**
  * Send a packet over the socket.
  */
@@ -1004,6 +1005,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 
     return ret;
 }
+#endif
 
 /**
  * Send an encrypted packet with padding bytes if necessary.
@@ -1190,6 +1192,7 @@ static int set_key_block(SSL *ssl, int is_write)
     return 0;
 }
 
+#ifndef ESP8266
 /**
  * Read the SSL connection.
  */
@@ -1385,6 +1388,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
     return ret;
 }
+#endif
 
 /**
  * Do some basic checking of data and then perform the appropriate handshaking.
diff --git a/util/time.h b/util/time.h
new file mode 100644
index 0000000000..78e37b1d39
--- /dev/null
+++ b/util/time.h
@@ -0,0 +1,11 @@
+#ifndef TIME_H
+#define TIME_H
+
+struct timeval
+{
+  time_t tv_sec;
+  long   tv_usec;
+};
+
+
+#endif //TIME_H

From 6c91aa10fca36ebee76b13fd36189c1a0dd0bf6b Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrr@users.noreply.github.com>
Date: Mon, 31 Aug 2015 09:22:23 +0300
Subject: [PATCH 219/301] Create README.md

---
 README.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..04779e8de9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
+Currently based on axTLS 1.4.9, will be upgraded to 1.5.3.
+
+This is not a self-sufficient library. Application has to provide the following symbols (list not complete yet):
+```
+malloc
+calloc
+free
+abort
+gettimeofday
+time
+ctime
+printf
+vprintf
+```
+
+Additionally, functions for non-blocking TCP socket reads and writes have to be provided (details TBD).
+
+To build, add xtensa toolchain to your path, and run `make`.
+
+See [LICENSE](LICENSE) file for axTLS license.

From 6095fde37e72933f0f0c38e49d98e5879c8829e2 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 1 Sep 2015 15:59:34 +0300
Subject: [PATCH 220/301] Allocation debugging, reduce SSL structure size.

---
 Makefile             |  4 +--
 crypto/crypto_misc.c |  8 +++--
 crypto/rsa.c         |  4 +--
 ssl/config.h         |  2 +-
 ssl/gen_cert.c       | 14 +++++---
 ssl/os_port.c        | 85 +++++++-------------------------------------
 ssl/os_port.h        | 62 ++++++++++++++++++++------------
 ssl/tls1.c           | 13 ++++---
 ssl/tls1.h           |  2 +-
 ssl/x509.c           |  4 +--
 10 files changed, 82 insertions(+), 116 deletions(-)

diff --git a/Makefile b/Makefile
index c2c2469f5c..2f9d349bf5 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ OBJ_FILES := \
 	ssl/tls1_clnt.o \
 	ssl/tls1_svr.o \
 	ssl/x509.o \
-#	crypto/crypto_misc.o \
+	crypto/crypto_misc.o \
 
 
 CPPFLAGS += -I$(XTENSA_LIBS)/include \
@@ -63,7 +63,7 @@ $(BIN_DIR):
 	mkdir -p $(BIN_DIR)
 
 clean:
-	rm -rf $(OBJ_FILES) $(LWIP_AR)
+	rm -rf $(OBJ_FILES) $(AXTLS_AR)
 
 
 .PHONY: all clean
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 62eb6fe700..9a85ee82b3 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -42,7 +42,11 @@
 #include "wincrypt.h"
 #endif
 
-#ifndef WIN32
+#ifdef ESP8266
+#define CONFIG_SSL_SKELETON_MODE 1
+#endif
+
+#if defined(CONFIG_USE_DEV_URANDOM)
 static int rng_fd = -1;
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
 static HCRYPTPROV gCryptProv;
@@ -146,7 +150,7 @@ EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
  */
 EXP_FUNC void STDCALL RNG_terminate(void)
 {
-#ifndef WIN32
+#if defined(CONFIG_USE_DEV_URANDOM)
     close(rng_fd);
 #elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
     CryptReleaseContext(gCryptProv, 0);
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 143e66add5..9d52c062f5 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -146,7 +146,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     const int byte_size = ctx->num_octets;
     int i, size;
     bigint *decrypted_bi, *dat_bi;
-    uint8_t *block = (uint8_t *)alloca(byte_size);
+    uint8_t *block = (uint8_t *)malloc(byte_size);
 
     memset(out_data, 0, byte_size); /* initialise */
 
@@ -182,7 +182,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     /* get only the bit we want */
     if (size > 0)
         memcpy(out_data, &block[i], size);
-    
+    free(block);
     return size ? size : -1;
 }
 
diff --git a/ssl/config.h b/ssl/config.h
index 3404b5be5c..1bb1de6df3 100644
--- a/ssl/config.h
+++ b/ssl/config.h
@@ -48,7 +48,7 @@
 #define CONFIG_X509_MAX_CA_CERTS 150
 #define CONFIG_SSL_MAX_CERTS 3
 #undef CONFIG_SSL_CTX_MUTEXING
-//#define CONFIG_USE_DEV_URANDOM 1
+#undef CONFIG_USE_DEV_URANDOM
 #undef CONFIG_WIN32_USE_CRYPTO_LIB
 #undef CONFIG_OPENSSL_COMPATIBLE
 #undef CONFIG_PERFORMANCE_TESTING
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
index c2fe381eb9..ef223b27b6 100644
--- a/ssl/gen_cert.c
+++ b/ssl/gen_cert.c
@@ -214,14 +214,14 @@ static void gen_utc_time(uint8_t *buf, int *offset)
 
 static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
 {
-    static const uint8_t pub_key_seq[] = 
+    static const uint8_t pub_key_seq[] =
     {
         ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
     };
 
     int seq_offset;
     int pub_key_size = rsa_ctx->num_octets;
-    uint8_t *block = (uint8_t *)alloca(pub_key_size);
+    uint8_t *block = (uint8_t *)malloc(pub_key_size);
     int seq_size = pre_adjust_with_size(
                             ASN1_SEQUENCE, &seq_offset, buf, offset);
     buf[(*offset)++] = ASN1_INTEGER;
@@ -236,6 +236,7 @@ static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
         set_gen_length(pub_key_size, buf, offset);
 
     memcpy(&buf[*offset], block, pub_key_size);
+    free(block);
     *offset += pub_key_size;
     memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
     *offset += sizeof(pub_key_seq);
@@ -282,8 +283,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
         ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
     };
 
-    uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets);
-    uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE);
+    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
     int sig_size;
 
     /* add the digest as an embedded asn.1 sequence */
@@ -297,6 +298,8 @@ static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst,
     set_gen_length(sig_size+1, buf, offset);
     buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
     memcpy(&buf[*offset], enc_block, sig_size);
+    free(enc_block);
+    free(block);
     *offset += sig_size;
 }
 
@@ -342,7 +345,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
 {
     int ret = X509_OK, offset = 0, seq_offset;
     /* allocate enough space to load a new certificate */
-    uint8_t *buf = (uint8_t *)alloca(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
     uint8_t sha_dgst[SHA1_SIZE];
     int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
                                     &seq_offset, buf, &offset);
@@ -357,6 +360,7 @@ EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const c
     memcpy(*cert_data, buf, offset);
 
 error:
+    free(buf);
     return ret < 0 ? ret : offset;
 }
 
diff --git a/ssl/os_port.c b/ssl/os_port.c
index 6a71000b47..b8a2b19a8d 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -37,17 +37,18 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <stdarg.h>
+#include <string.h>
 #include "os_port.h"
 
 #ifdef WIN32
 /**
- * gettimeofday() not in Win32 
+ * gettimeofday() not in Win32
  */
 EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
-{       
+{
 #if defined(_WIN32_WCE)
     t->tv_sec = time(NULL);
-    t->tv_usec = 0;                         /* 1sec precision only */ 
+    t->tv_usec = 0;                         /* 1sec precision only */
 #else
     struct _timeb timebuffer;
     _ftime(&timebuffer);
@@ -86,7 +87,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 
     RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
     RegCloseKey(hKey);
-    return 0; 
+    return 0;
 }
 #endif
 
@@ -96,63 +97,3 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 
 static const char * out_of_mem_str = "out of memory";
 static const char * file_open_str = "Could not open file \"%s\"";
-
-/* 
- * Some functions that call display some error trace and then call abort().
- * This just makes life much easier on embedded systems, since we're 
- * suffering major trauma...
- */
-EXP_FUNC void * STDCALL ax_malloc(size_t s)
-{
-    void *x;
-
-    if ((x = malloc(s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s)
-{
-    void *x;
-
-    if ((x = realloc(y, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s)
-{
-    void *x;
-
-    if ((x = calloc(n, s)) == NULL)
-        exit_now(out_of_mem_str);
-
-    return x;
-}
-
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags)
-{
-    int x;
-
-    if ((x = open(pathname, flags)) < 0)
-        exit_now(file_open_str, pathname);
-
-    return x;
-}
-
-/**
- * This is a call which will deliberately exit an application, but will
- * display some information before dying.
- */
-void exit_now(const char *format, ...)
-{
-    va_list argp;
-
-    va_start(argp, format);
-    vfprintf(stderr, format, argp);
-    va_end(argp);
-    abort();
-}
-
diff --git a/ssl/os_port.h b/ssl/os_port.h
index f2195eed7d..73a0e917b7 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -44,9 +44,6 @@ extern "C" {
 #include "os_int.h"
 #include <stdio.h>
 
-
-
-
 #ifdef WIN32
 #define STDCALL                 __stdcall
 #define EXP_FUNC                __declspec(dllexport)
@@ -63,7 +60,8 @@ extern "C" {
 #if defined(ESP8266)
 
 #include "util/time.h"
-#define alloca(size) __builtin_alloca(size)
+#include <errno.h>
+// #define alloca(size) __builtin_alloca(size)
 #define TTY_FLUSH()
 #ifdef putc
 #undef putc
@@ -74,6 +72,15 @@ extern "C" {
 #endif
 #define printf(...)  ets_printf(__VA_ARGS__)
 
+#define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
+#define SOCKET_CLOSE(A)         ax_port_close(A)
+#define get_file                ax_get_file
+#define EWOULDBLOCK EAGAIN
+
+#define hmac_sha1 ax_hmac_sha1
+#define hmac_md5 ax_hmac_md5
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */
@@ -122,7 +129,7 @@ extern "C" {
 
 /* This fix gets around a problem where a win32 application on a cygwin xterm
    doesn't display regular output (until a certain buffer limit) - but it works
-   fine under a normal DOS window. This is a hack to get around the issue - 
+   fine under a normal DOS window. This is a hack to get around the issue -
    see http://www.khngai.com/emacs/tty.php  */
 #define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
 
@@ -161,16 +168,27 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */
-#define malloc(A)       ax_malloc(A)
+#define malloc(A)       ax_port_malloc(A, __FILE__, __LINE__)
 #ifndef realloc
-#define realloc(A,B)    ax_realloc(A,B)
+#define realloc(A,B)    ax_port_realloc(A,B, __FILE__, __LINE__)
 #endif
-#define calloc(A,B)     ax_calloc(A,B)
+#define calloc(A,B)     ax_port_calloc(A,B, __FILE__, __LINE__)
+#define free(x)         ax_port_free(x)
+
+EXP_FUNC void * STDCALL ax_port_malloc(size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_realloc(void *y, size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_calloc(size_t n, size_t s, const char*, int);
+EXP_FUNC void * STDCALL ax_port_free(void*);
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
+
+inline uint32_t htonl(uint32_t n){
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
 
-EXP_FUNC void * STDCALL ax_malloc(size_t s);
-EXP_FUNC void * STDCALL ax_realloc(void *y, size_t s);
-EXP_FUNC void * STDCALL ax_calloc(size_t n, size_t s);
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+#define ntohl htonl
 
 #ifdef CONFIG_PLATFORM_LINUX
 void exit_now(const char *format, ...) __attribute((noreturn));
@@ -186,7 +204,7 @@ void exit_now(const char *format, ...);
 #define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
 #define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
 #define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
-#else 
+#else
 #include <pthread.h>
 #define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
 #define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
@@ -205,4 +223,4 @@ void exit_now(const char *format, ...);
 }
 #endif
 
-#endif 
+#endif
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 2aaeb5b751..a5b9f014fb 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -647,7 +647,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)alloca(hmac_len+10);
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -659,6 +659,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
+    free(t_buf);
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
@@ -943,7 +944,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
     return NULL;    /* its all gone wrong */
 }
 
-#ifndef ESP8266
 /**
  * Send a packet over the socket.
  */
@@ -980,7 +980,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 #endif
                 return SSL_ERROR_CONN_LOST;
         }
-
+#ifndef ESP8266
         /* keep going until the write buffer has some space */
         if (sent != pkt_size)
         {
@@ -992,6 +992,7 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
             if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
                 return SSL_ERROR_CONN_LOST;
         }
+#endif
     }
 
     SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
@@ -1005,7 +1006,6 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol)
 
     return ret;
 }
-#endif
 
 /**
  * Send an encrypted packet with padding bytes if necessary.
@@ -1075,11 +1075,12 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
                         ssl->cipher_info->iv_size)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
-            uint8_t *t_buf = alloca(msg_length + iv_size);
+            uint8_t *t_buf = malloc(msg_length + iv_size);
             memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
             get_random(iv_size, t_buf);
             msg_length += iv_size;
             memcpy(ssl->bm_data, t_buf, msg_length);
+            free(t_buf);
         }
 
         /* now encrypt the packet */
@@ -1192,7 +1193,6 @@ static int set_key_block(SSL *ssl, int is_write)
     return 0;
 }
 
-#ifndef ESP8266
 /**
  * Read the SSL connection.
  */
@@ -1388,7 +1388,6 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
     return ret;
 }
-#endif
 
 /**
  * Do some basic checking of data and then perform the appropriate handshaking.
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 414a173438..4dcb9b5035 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -75,7 +75,7 @@ extern "C" {
 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
 
 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_MAX_PLAIN_LENGTH         4096
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
 
diff --git a/ssl/x509.c b/ssl/x509.c
index cb007fbbc7..0b092111f1 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -270,7 +270,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
     int i, size;
     bigint *decrypted_bi, *dat_bi;
     bigint *bir = NULL;
-    uint8_t *block = (uint8_t *)alloca(sig_len);
+    uint8_t *block = (uint8_t *)malloc(sig_len);
 
     /* decrypt */
     dat_bi = bi_import(ctx, sig, sig_len);
@@ -297,7 +297,7 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
             bir = bi_import(ctx, sig_ptr, len);
         }
     }
-
+    free(block);
     /* save a few bytes of memory */
     bi_clear_cache(ctx);
     return bir;

From ad9780684a698fad10baad7c1720d214d17ef2a9 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Mon, 14 Sep 2015 08:51:13 +0300
Subject: [PATCH 221/301] Calculate SHA-1 fingerprint when loading the
 certificate

---
 ssl/crypto_misc.h |  1 +
 ssl/x509.c        | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 1fd514eeb1..5b08d36e48 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -76,6 +76,7 @@ struct _x509_ctx
     uint8_t sig_type;
     RSA_CTX *rsa_ctx;
     bigint *digest;
+    bigint *fingerprint;
     struct _x509_ctx *next;
 };
 
diff --git a/ssl/x509.c b/ssl/x509.c
index 0b092111f1..7402a4d794 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -119,6 +119,13 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
+    SHA1_CTX sha_fp_ctx;
+    uint8_t sha_fp_dgst[SHA1_SIZE];
+    SHA1_Init(&sha_fp_ctx);
+    SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
+    SHA1_Final(sha_fp_dgst, &sha_fp_ctx);
+    x509_ctx->fingerprint = bi_import(bi_ctx, sha_fp_dgst, SHA1_SIZE);
+
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
     if (x509_ctx->sig_type == SIG_TYPE_MD5)
@@ -245,6 +252,11 @@ void x509_free(X509_CTX *x509_ctx)
         bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
     }
 
+    if (x509_ctx->fingerprint)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->fingerprint);
+    }
+
     if (x509_ctx->subject_alt_dnsnames)
     {
         for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)

From a069bc0eb6523aaf2f53031d5f93a50f42b64a58 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Mon, 14 Sep 2015 10:24:51 +0300
Subject: [PATCH 222/301] Add function to match certificate fingerprint

---
 ssl/ssl.h  | 9 +++++++++
 ssl/tls1.c | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 198efc6899..97e87d495d 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -371,6 +371,15 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code);
  */
 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
 
+/**
+ * @brief Check if certificate fingerprint (SHA1) matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA1 fingerprint to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
+
 /**
  * @brief Retrieve an X.509 distinguished name component.
  * 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index a5b9f014fb..c2895ea5f6 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1887,6 +1887,15 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     return ret;
 }
 
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
+{
+    uint8_t cert_fp[SHA1_SIZE];
+    X509_CTX* x509 = ssl->x509_ctx;
+
+    bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE);
+    return memcmp(cert_fp, fp, SHA1_SIZE);
+}
+
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /**

From 6f48f0d11462dba88aa14e0fcd5b5c6abdb5e660 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 18 Sep 2015 12:38:27 +0300
Subject: [PATCH 223/301] Store fingerprint as raw byte array

---
 ssl/crypto_misc.h | 2 +-
 ssl/tls1.c        | 3 +--
 ssl/x509.c        | 7 +++----
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 5b08d36e48..0201f5b5e1 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -76,7 +76,7 @@ struct _x509_ctx
     uint8_t sig_type;
     RSA_CTX *rsa_ctx;
     bigint *digest;
-    bigint *fingerprint;
+    uint8_t *fingerprint;
     struct _x509_ctx *next;
 };
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c2895ea5f6..f0b527676e 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1892,8 +1892,7 @@ EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
     uint8_t cert_fp[SHA1_SIZE];
     X509_CTX* x509 = ssl->x509_ctx;
 
-    bi_export(x509->rsa_ctx->bi_ctx, x509->fingerprint, cert_fp, SHA1_SIZE);
-    return memcmp(cert_fp, fp, SHA1_SIZE);
+    return memcmp(x509->fingerprint, fp, SHA1_SIZE);
 }
 
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/x509.c b/ssl/x509.c
index 7402a4d794..a291f20127 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -119,12 +119,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
+    x509_ctx->fingerprint = malloc(SHA1_SIZE);
     SHA1_CTX sha_fp_ctx;
-    uint8_t sha_fp_dgst[SHA1_SIZE];
     SHA1_Init(&sha_fp_ctx);
     SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
-    SHA1_Final(sha_fp_dgst, &sha_fp_ctx);
-    x509_ctx->fingerprint = bi_import(bi_ctx, sha_fp_dgst, SHA1_SIZE);
+    SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
@@ -254,7 +253,7 @@ void x509_free(X509_CTX *x509_ctx)
 
     if (x509_ctx->fingerprint)
     {
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->fingerprint);
+        free(x509_ctx->fingerprint);
     }
 
     if (x509_ctx->subject_alt_dnsnames)

From d1bcdc5f97ae590d798030e90e4df167e41fa36f Mon Sep 17 00:00:00 2001
From: olereinhardt <olereinhardt@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 1 Oct 2015 15:58:22 +0000
Subject: [PATCH 224/301] Tag 64-bit constants with "LL" (make e.g. AVR32 gcc
 happy)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@251 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/sha384.c | 16 +++++++-------
 crypto/sha512.c | 56 ++++++++++++++++++++++++-------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/crypto/sha384.c b/crypto/sha384.c
index 1d9d7e0d90..f1071be93b 100644
--- a/crypto/sha384.c
+++ b/crypto/sha384.c
@@ -38,14 +38,14 @@
  void SHA384_Init(SHA384_CTX *ctx)
  {
     //Set initial hash value
-    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8;
-    ctx->h_dig.h[1] = 0x629A292A367CD507;
-    ctx->h_dig.h[2] = 0x9159015A3070DD17;
-    ctx->h_dig.h[3] = 0x152FECD8F70E5939;
-    ctx->h_dig.h[4] = 0x67332667FFC00B31;
-    ctx->h_dig.h[5] = 0x8EB44A8768581511;
-    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7;
-    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4;
+    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8LL;
+    ctx->h_dig.h[1] = 0x629A292A367CD507LL;
+    ctx->h_dig.h[2] = 0x9159015A3070DD17LL;
+    ctx->h_dig.h[3] = 0x152FECD8F70E5939LL;
+    ctx->h_dig.h[4] = 0x67332667FFC00B31LL;
+    ctx->h_dig.h[5] = 0x8EB44A8768581511LL;
+    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7LL;
+    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4LL;
  
     // Number of bytes in the buffer
     ctx->size = 0;
diff --git a/crypto/sha512.c b/crypto/sha512.c
index ede5664202..aa2f58938f 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -56,26 +56,26 @@ static const uint8_t padding[128] =
  
 static const uint64_t k[80] =
 {
-    0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC,
-    0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118,
-    0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2,
-    0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694,
-    0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65,
-    0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5,
-    0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4,
-    0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70,
-    0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF,
-    0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B,
-    0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30,
-    0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8,
-    0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8,
-    0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3,
-    0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC,
-    0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B,
-    0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178,
-    0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B,
-    0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C,
-    0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817
+    0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL,
+    0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL,
+    0xD807AA98A3030242LL, 0x12835B0145706FBELL, 0x243185BE4EE4B28CLL, 0x550C7DC3D5FFB4E2LL,
+    0x72BE5D74F27B896FLL, 0x80DEB1FE3B1696B1LL, 0x9BDC06A725C71235LL, 0xC19BF174CF692694LL,
+    0xE49B69C19EF14AD2LL, 0xEFBE4786384F25E3LL, 0x0FC19DC68B8CD5B5LL, 0x240CA1CC77AC9C65LL,
+    0x2DE92C6F592B0275LL, 0x4A7484AA6EA6E483LL, 0x5CB0A9DCBD41FBD4LL, 0x76F988DA831153B5LL,
+    0x983E5152EE66DFABLL, 0xA831C66D2DB43210LL, 0xB00327C898FB213FLL, 0xBF597FC7BEEF0EE4LL,
+    0xC6E00BF33DA88FC2LL, 0xD5A79147930AA725LL, 0x06CA6351E003826FLL, 0x142929670A0E6E70LL,
+    0x27B70A8546D22FFCLL, 0x2E1B21385C26C926LL, 0x4D2C6DFC5AC42AEDLL, 0x53380D139D95B3DFLL,
+    0x650A73548BAF63DELL, 0x766A0ABB3C77B2A8LL, 0x81C2C92E47EDAEE6LL, 0x92722C851482353BLL,
+    0xA2BFE8A14CF10364LL, 0xA81A664BBC423001LL, 0xC24B8B70D0F89791LL, 0xC76C51A30654BE30LL,
+    0xD192E819D6EF5218LL, 0xD69906245565A910LL, 0xF40E35855771202ALL, 0x106AA07032BBD1B8LL,
+    0x19A4C116B8D2D0C8LL, 0x1E376C085141AB53LL, 0x2748774CDF8EEB99LL, 0x34B0BCB5E19B48A8LL,
+    0x391C0CB3C5C95A63LL, 0x4ED8AA4AE3418ACBLL, 0x5B9CCA4F7763E373LL, 0x682E6FF3D6B2B8A3LL,
+    0x748F82EE5DEFB2FCLL, 0x78A5636F43172F60LL, 0x84C87814A1F0AB72LL, 0x8CC702081A6439ECLL,
+    0x90BEFFFA23631E28LL, 0xA4506CEBDE82BDE9LL, 0xBEF9A3F7B2C67915LL, 0xC67178F2E372532BLL,
+    0xCA273ECEEA26619CLL, 0xD186B8C721C0C207LL, 0xEADA7DD6CDE0EB1ELL, 0xF57D4F7FEE6ED178LL,
+    0x06F067AA72176FBALL, 0x0A637DC5A2C898A6LL, 0x113F9804BEF90DAELL, 0x1B710B35131C471BLL,
+    0x28DB77F523047D84LL, 0x32CAAB7B40C72493LL, 0x3C9EBE0A15C9BEBCLL, 0x431D67C49C100D4CLL,
+    0x4CC5D4BECB3E42B6LL, 0x597F299CFC657E2ALL, 0x5FCB6FAB3AD6FAECLL, 0x6C44198C4A475817LL
 };
  
 /**
@@ -83,14 +83,14 @@ static const uint64_t k[80] =
 */
 void SHA512_Init(SHA512_CTX *ctx)
 {
-    ctx->h_dig.h[0] = 0x6A09E667F3BCC908;
-    ctx->h_dig.h[1] = 0xBB67AE8584CAA73B;
-    ctx->h_dig.h[2] = 0x3C6EF372FE94F82B;
-    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1;
-    ctx->h_dig.h[4] = 0x510E527FADE682D1;
-    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1F;
-    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6B;
-    ctx->h_dig.h[7] = 0x5BE0CD19137E2179;
+    ctx->h_dig.h[0] = 0x6A09E667F3BCC908LL;
+    ctx->h_dig.h[1] = 0xBB67AE8584CAA73BLL;
+    ctx->h_dig.h[2] = 0x3C6EF372FE94F82BLL;
+    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1LL;
+    ctx->h_dig.h[4] = 0x510E527FADE682D1LL;
+    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1FLL;
+    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6BLL;
+    ctx->h_dig.h[7] = 0x5BE0CD19137E2179LL;
     ctx->size = 0;
     ctx->totalSize = 0;
 }

From 10b41c811a486db7df19d6ee967dad33eaa220bb Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 17 Nov 2015 01:50:35 +0300
Subject: [PATCH 225/301] Increase plaintext buffer size after handshake is
 complete

---
 ssl/config.h    |  2 +-
 ssl/tls1.c      | 79 +++++++++++++++++++++++++++++++++++--------------
 ssl/tls1.h      |  7 +++--
 ssl/tls1_clnt.c |  3 ++
 4 files changed, 66 insertions(+), 25 deletions(-)

diff --git a/ssl/config.h b/ssl/config.h
index 1bb1de6df3..c1764e5abf 100644
--- a/ssl/config.h
+++ b/ssl/config.h
@@ -46,7 +46,7 @@
 #undef CONFIG_SSL_USE_PKCS12
 #define CONFIG_SSL_EXPIRY_TIME 24
 #define CONFIG_X509_MAX_CA_CERTS 150
-#define CONFIG_SSL_MAX_CERTS 3
+#define CONFIG_SSL_MAX_CERTS 1
 #undef CONFIG_SSL_CTX_MUTEXING
 #undef CONFIG_USE_DEV_URANDOM
 #undef CONFIG_WIN32_USE_CRYPTO_LIB
diff --git a/ssl/tls1.c b/ssl/tls1.c
index f0b527676e..569d8ad0cc 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -273,10 +273,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     free(ssl->encrypt_ctx);
     free(ssl->decrypt_ctx);
     disposable_free(ssl);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    x509_free(ssl->x509_ctx);
-#endif
-
+    free(ssl->bm_all_data);
+    free(ssl->fingerprint);
     free(ssl);
 }
 
@@ -315,8 +313,8 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
     {
         nw = n;
 
-        if (nw > RT_MAX_PLAIN_LENGTH)    /* fragment if necessary */
-            nw = RT_MAX_PLAIN_LENGTH;
+        if (nw > ssl->max_plain_length)    /* fragment if necessary */
+            nw = ssl->max_plain_length;
 
         if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
                                             &out_data[tot], nw)) <= 0)
@@ -564,15 +562,18 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
 {
     SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
     ssl->ssl_ctx = ssl_ctx;
+    ssl->max_plain_length = 1460*4;
+    ssl->bm_all_data = (uint8_t*) calloc(1, ssl->max_plain_length + RT_EXTRA);
     ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
     ssl->client_fd = client_fd;
     ssl->flag = SSL_NEED_RECORD;
-    ssl->bm_data = ssl->bm_all_data+BM_RECORD_OFFSET; /* space at the start */
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
     disposable_new(ssl);
+    ssl->fingerprint = 0;
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
@@ -646,20 +647,36 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len+10);
-
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+    const prefix_size = 8 + SSL_RECORD_SIZE;
+    bool hmac_inplace = (uint32_t)buf - (uint32_t)ssl->bm_data >= prefix_size;
+    uint8_t tmp[prefix_size];
+    int hmac_len = buf_len + prefix_size;
+    uint8_t *t_buf;
+    if (hmac_inplace) {
+        t_buf = buf - prefix_size;
+        memcpy(tmp, t_buf, prefix_size);
+    } else {
+        t_buf = (uint8_t *)malloc(hmac_len+10);
+    }
+
+    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
                     ssl->write_sequence : ssl->read_sequence, 8);
     memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
-    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+    if (!hmac_inplace) {
+        memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+    }
 
-    ssl->cipher_info->hmac(t_buf, hmac_len, 
-            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
-                ssl->server_mac : ssl->client_mac, 
+    ssl->cipher_info->hmac(t_buf, hmac_len,
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ?
+                ssl->server_mac : ssl->client_mac,
             ssl->cipher_info->digest_size, hmac_buf);
 
-    free(t_buf);
+    if (hmac_inplace) {
+        memcpy(t_buf, tmp, prefix_size);
+    }
+    else {
+        free(t_buf);
+    }
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
@@ -1272,9 +1289,10 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         ssl->need_bytes = (buf[3] << 8) + buf[4];
 
         /* do we violate the spec with the message size?  */
-        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
         {
             ret = SSL_ERROR_INVALID_PROT_MSG;              
+            printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
             goto error;
         }
 
@@ -1389,6 +1407,19 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     return ret;
 }
 
+void increase_bm_data_size(SSL *ssl)
+{
+    uint8_t* pr = (uint8_t*) realloc(ssl->bm_all_data, RT_MAX_PLAIN_LENGTH + RT_EXTRA);
+    if (pr) {
+        ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
+        ssl->bm_all_data = pr;
+        ssl->bm_data = pr + BM_RECORD_OFFSET;
+    }
+    else {
+        printf("failed to grow plain buffer\r\n");
+    }
+}
+
 /**
  * Do some basic checking of data and then perform the appropriate handshaking.
  */
@@ -1643,7 +1674,12 @@ void disposable_free(SSL *ssl)
         free(ssl->dc);
         ssl->dc = NULL;
     }
-
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (ssl->x509_ctx) {
+        x509_free(ssl->x509_ctx);
+        ssl->x509_ctx = 0;
+    }
+#endif
 }
 
 #ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
@@ -1889,10 +1925,9 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 
 EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
 {
-    uint8_t cert_fp[SHA1_SIZE];
-    X509_CTX* x509 = ssl->x509_ctx;
-
-    return memcmp(x509->fingerprint, fp, SHA1_SIZE);
+    if (!ssl->fingerprint)
+        return 1;
+    return memcmp(ssl->fingerprint, fp, SHA1_SIZE);
 }
 
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 4dcb9b5035..673c7fa002 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -75,7 +75,7 @@ extern "C" {
 #define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
 
 #define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         4096
+#define RT_MAX_PLAIN_LENGTH         16384
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
 
@@ -175,10 +175,11 @@ struct _SSL
     const cipher_info_t *cipher_info;
     void *encrypt_ctx;
     void *decrypt_ctx;
-    uint8_t bm_all_data[RT_MAX_PLAIN_LENGTH+RT_EXTRA];
+    uint8_t *bm_all_data;
     uint8_t *bm_data;
     uint16_t bm_index;
     uint16_t bm_read_index;
+    size_t max_plain_length;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
@@ -189,6 +190,7 @@ struct _SSL
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     X509_CTX *x509_ctx;
 #endif
+    uint8_t* fingerprint;
 
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
@@ -260,6 +262,7 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
 #ifdef CONFIG_SSL_ENABLE_CLIENT
 int do_client_connect(SSL *ssl);
 #endif
+void increase_bm_data_size(SSL *ssl);
 
 #ifdef CONFIG_SSL_FULL_MODE
 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 196b40ed3c..5f25989222 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -119,7 +119,10 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, buf, hs_len);
+            ssl->fingerprint = ssl->x509_ctx->fingerprint;
+            ssl->x509_ctx->fingerprint = 0;
             disposable_free(ssl);   /* free up some memory */
+            increase_bm_data_size(ssl);
             /* note: client renegotiation is not allowed after this */
             break;
 

From 6830d98c7ff14d8bd667d28c871414d939c1d24d Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 17 Nov 2015 02:32:59 +0300
Subject: [PATCH 226/301] Pre-allocate encrypt/decrypt ctx to reduce memory
 fragmentation

---
 ssl/tls1.c | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 569d8ad0cc..19bf86d69c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -50,7 +50,7 @@ static const char * client_finished = "client finished";
 static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
 static int set_key_block(SSL *ssl, int is_write);
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
 
 /**
@@ -591,6 +591,9 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
         ssl_ctx->tail = ssl;
     }
 
+    ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
+    ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
+
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
     return ssl;
 }
@@ -917,14 +920,18 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 /**
  * Retrieve (and initialise) the context of a cipher.
  */
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached)
 {
     switch (ssl->cipher)
     {
 #ifndef CONFIG_SSL_SKELETON_MODE
         case SSL_AES128_SHA:
             {
-                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
                 AES_set_key(aes_ctx, key, iv, AES_MODE_128);
 
                 if (is_decrypt)
@@ -937,7 +944,12 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
 
         case SSL_AES256_SHA:
             {
-                AES_CTX *aes_ctx = (AES_CTX *)malloc(sizeof(AES_CTX));
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
+
                 AES_set_key(aes_ctx, key, iv, AES_MODE_256);
 
                 if (is_decrypt)
@@ -952,7 +964,12 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt)
 #endif
         case SSL_RC4_128_SHA:
             {
-                RC4_CTX *rc4_ctx = (RC4_CTX *)malloc(sizeof(RC4_CTX));
+                RC4_CTX* rc4_ctx;
+                if (cached)
+                    rc4_ctx = (RC4_CTX*) cached;
+                else
+                    rc4_ctx = (RC4_CTX*) malloc(sizeof(RC4_CTX));
+
                 RC4_setup(rc4_ctx, key, 16);
                 return (void *)rc4_ctx;
             }
@@ -1184,7 +1201,7 @@ static int set_key_block(SSL *ssl, int is_write)
     }
 #endif
 
-    free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+    // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
 
     /* now initialise the ciphers */
     if (is_client)
@@ -1192,18 +1209,18 @@ static int set_key_block(SSL *ssl, int is_write)
         finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
 
         if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0);
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0, ssl->encrypt_ctx);
         else
-            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1);
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1, ssl->decrypt_ctx);
     }
     else
     {
         finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
 
         if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0);
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0, ssl->encrypt_ctx);
         else
-            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1);
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1, ssl->decrypt_ctx);
     }
 
     ssl->cipher_info = ciph_info;

From 34ff4421d2c5f7386c70d17e2848091c1aa493f3 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Wed, 2 Dec 2015 23:49:49 +0300
Subject: [PATCH 227/301] Get random bytes from hardware RNG

---
 crypto/crypto_misc.c | 63 +++++++++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 9a85ee82b3..a2ea2e367f 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -1,18 +1,18 @@
 /*
  * Copyright (c) 2007, Cameron Rich
- * 
+ *
  * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
+ *
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
- * * Redistributions of source code must retain the above copyright notice, 
+ * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
  *   without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -44,6 +44,7 @@
 
 #ifdef ESP8266
 #define CONFIG_SSL_SKELETON_MODE 1
+uint32_t phy_get_rand();
 #endif
 
 #if defined(CONFIG_USE_DEV_URANDOM)
@@ -63,20 +64,20 @@ static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
 const char * const unsupported_str = "Error: Feature not supported\n";
 
 #ifndef CONFIG_SSL_SKELETON_MODE
-/** 
+/**
  * Retrieve a file and put it into memory
  * @return The size of the file, or -1 on failure.
  */
 int get_file(const char *filename, uint8_t **buf)
 {
     int total_bytes = 0;
-    int bytes_read = 0; 
+    int bytes_read = 0;
     int filesize;
     FILE *stream = fopen(filename, "rb");
 
     if (stream == NULL)
     {
-#ifdef CONFIG_SSL_FULL_MODE         
+#ifdef CONFIG_SSL_FULL_MODE
         printf("file '%s' does not exist\n", filename); TTY_FLUSH();
 #endif
         return -1;
@@ -93,7 +94,7 @@ int get_file(const char *filename, uint8_t **buf)
         bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
         total_bytes += bytes_read;
     } while (total_bytes < filesize && bytes_read > 0);
-    
+
     fclose(stream);
     return filesize;
 }
@@ -110,25 +111,26 @@ EXP_FUNC void STDCALL RNG_initialize()
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
     rng_fd = ax_open("/dev/urandom", O_RDONLY);
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    if (!CryptAcquireContext(&gCryptProv, 
+    if (!CryptAcquireContext(&gCryptProv,
                       NULL, NULL, PROV_RSA_FULL, 0))
     {
         if (GetLastError() == NTE_BAD_KEYSET &&
-                !CryptAcquireContext(&gCryptProv, 
-                       NULL, 
-                       NULL, 
-                       PROV_RSA_FULL, 
+                !CryptAcquireContext(&gCryptProv,
+                       NULL,
+                       NULL,
+                       PROV_RSA_FULL,
                        CRYPT_NEWKEYSET))
         {
             printf("CryptoLib: %x\n", unsupported_str, GetLastError());
             exit(1);
         }
     }
+#elif defined(ESP8266)
 #else
     /* start of with a stack to copy across */
     int i;
     memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
-    srand((unsigned int)&i); 
+    srand((unsigned int)&i);
 #endif
 }
 
@@ -161,15 +163,22 @@ EXP_FUNC void STDCALL RNG_terminate(void)
  * Set a series of bytes with a random number. Individual bytes can be 0
  */
 EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
-{   
+{
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
     /* use the Linux default */
     read(rng_fd, rand_data, num_rand_bytes);    /* read from /dev/urandom */
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
     /* use Microsoft Crypto Libraries */
     CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#elif defined(ESP8266)
+    for (size_t cb = 0; cb < num_rand_bytes; cb += 4) {
+        uint32_t r = phy_get_rand();
+        size_t left = num_rand_bytes - cb;
+        left = (left < 4) ? left : 4;
+        memcpy(rand_data + cb, &r, left);
+    }
 #else   /* nothing else to use, so use a custom RNG */
-    /* The method we use when we've got nothing better. Use RC4, time 
+    /* The method we use when we've got nothing better. Use RC4, time
        and a couple of random seeds to generate a random sequence */
     RC4_CTX rng_ctx;
     struct timeval tv;
@@ -179,10 +188,10 @@ EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     int i;
 
     /* A proper implementation would use counters etc for entropy */
-    gettimeofday(&tv, NULL);    
+    gettimeofday(&tv, NULL);
     ep = (uint64_t *)entropy_pool;
     ep[0] ^= ENTROPY_COUNTER1;
-    ep[1] ^= ENTROPY_COUNTER2; 
+    ep[1] ^= ENTROPY_COUNTER2;
 
     /* use a digested version of the entropy pool as a key */
     MD5_Init(&rng_digest_ctx);
@@ -214,8 +223,9 @@ void get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
 
     for (i = 0; i < num_rand_bytes; i++)
     {
-        while (rand_data[i] == 0)  /* can't be 0 */
-            rand_data[i] = (uint8_t)(rand());
+        while (rand_data[i] == 0)  {
+            get_random(1, rand_data + i);
+        }
     }
 }
 
@@ -267,7 +277,7 @@ static void print_hex(uint8_t hex)
  * @param data     [in]    The start of data to use
  * @param ...      [in]    Any additional arguments
  */
-EXP_FUNC void STDCALL print_blob(const char *format, 
+EXP_FUNC void STDCALL print_blob(const char *format,
         const uint8_t *data, int size, ...)
 {
     int i;
@@ -348,7 +358,7 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
         }
 
         /* check that we don't go past the output buffer */
-        if (z > *outlen) 
+        if (z > *outlen)
             goto error;
     }
 
@@ -368,4 +378,3 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
 
 }
 #endif
-

From 155107681689564acb141bff37cf1d4fe1b528e2 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 4 Dec 2015 17:04:49 +0300
Subject: [PATCH 228/301] Remove default private key and certificate (#3)

---
 ssl/cert.h        | 43 -------------------------------------
 ssl/loader.c      | 10 ++++-----
 ssl/private_key.h | 54 -----------------------------------------------
 ssl/tls1.c        |  4 ++--
 4 files changed, 7 insertions(+), 104 deletions(-)
 delete mode 100644 ssl/cert.h
 delete mode 100644 ssl/private_key.h

diff --git a/ssl/cert.h b/ssl/cert.h
deleted file mode 100644
index 30c7b65882..0000000000
--- a/ssl/cert.h
+++ /dev/null
@@ -1,43 +0,0 @@
-unsigned char default_certificate[] = {
-  0x30, 0x82, 0x01, 0xd7, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xab,
-  0x08, 0x18, 0xa7, 0x03, 0x07, 0x27, 0xfd, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
-  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
-  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
-  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
-  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32,
-  0x32, 0x36, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a, 0x17, 0x0d, 0x32,
-  0x34, 0x30, 0x39, 0x30, 0x33, 0x32, 0x32, 0x33, 0x33, 0x33, 0x39, 0x5a,
-  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
-  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
-  0x09, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, 0x30, 0x81,
-  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xcd, 0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76,
-  0xd4, 0x13, 0x30, 0x0e, 0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f,
-  0x51, 0x09, 0x9d, 0x29, 0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90,
-  0x80, 0xa1, 0x71, 0xdf, 0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14,
-  0x90, 0x0a, 0xf9, 0xb7, 0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d,
-  0x57, 0x41, 0x86, 0x60, 0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46,
-  0x1b, 0xf6, 0xa2, 0x84, 0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa,
-  0x91, 0xf8, 0x61, 0x04, 0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a,
-  0xcc, 0x31, 0x01, 0x14, 0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82,
-  0xd6, 0xc6, 0xc4, 0xbe, 0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32,
-  0x7a, 0x86, 0x0e, 0x91, 0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02,
-  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x40,
-  0xb4, 0x94, 0x9a, 0xa8, 0x89, 0x72, 0x1d, 0x07, 0xe5, 0xb3, 0x6b, 0x88,
-  0x21, 0xc2, 0x38, 0x36, 0x9e, 0x7a, 0x8c, 0x49, 0x48, 0x68, 0x0c, 0x06,
-  0xe8, 0xdb, 0x1f, 0x4e, 0x05, 0xe6, 0x31, 0xe3, 0xfd, 0xe6, 0x0d, 0x6b,
-  0xd8, 0x13, 0x17, 0xe0, 0x2d, 0x0d, 0xb8, 0x7e, 0xcb, 0x20, 0x6c, 0xa8,
-  0x73, 0xa7, 0xfd, 0xe3, 0xa7, 0xfa, 0xf3, 0x02, 0x60, 0x78, 0x1f, 0x13,
-  0x40, 0x45, 0xee, 0x75, 0xf5, 0x10, 0xfd, 0x8f, 0x68, 0x74, 0xd4, 0xac,
-  0xae, 0x04, 0x09, 0x55, 0x2c, 0xdb, 0xd8, 0x07, 0x07, 0x65, 0x69, 0x27,
-  0x6e, 0xbf, 0x5e, 0x61, 0x40, 0x56, 0x8b, 0xd7, 0x33, 0x3b, 0xff, 0x6e,
-  0x53, 0x7e, 0x9d, 0x3f, 0xc0, 0x40, 0x3a, 0xab, 0xa0, 0x50, 0x4e, 0x80,
-  0x47, 0x46, 0x0d, 0x1e, 0xdb, 0x4c, 0xf1, 0x1b, 0x5d, 0x3c, 0x2a, 0x54,
-  0xa7, 0x4d, 0xfa, 0x7b, 0x72, 0x66, 0xc5
-};
-unsigned int default_certificate_len = 475;
diff --git a/ssl/loader.c b/ssl/loader.c
index 333fb18e9c..9d157f7969 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -434,8 +434,8 @@ int load_key_certs(SSL_CTX *ssl_ctx)
     else if (!(options & SSL_NO_DEFAULT_KEY))
     {
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-        static const    /* saves a few more bytes */
-#include "private_key.h"
+        extern const unsigned char* default_private_key;
+        extern const unsigned int default_private_key_len;
 
         ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
                 default_private_key_len, NULL); 
@@ -462,9 +462,9 @@ int load_key_certs(SSL_CTX *ssl_ctx)
     else if (!(options & SSL_NO_DEFAULT_KEY))
     {
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-        static const    /* saves a few bytes and RAM */
-#include "cert.h"
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+        extern const unsigned char* default_certificate;
+        extern const unsigned int default_certificate_len;
+        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
                     default_certificate, default_certificate_len, NULL);
 #endif
     }
diff --git a/ssl/private_key.h b/ssl/private_key.h
deleted file mode 100644
index ce7985c5a7..0000000000
--- a/ssl/private_key.h
+++ /dev/null
@@ -1,54 +0,0 @@
-unsigned char default_private_key[] = {
-  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xcd,
-  0xfd, 0x89, 0x48, 0xbe, 0x36, 0xb9, 0x95, 0x76, 0xd4, 0x13, 0x30, 0x0e,
-  0xbf, 0xb2, 0xed, 0x67, 0x0a, 0xc0, 0x16, 0x3f, 0x51, 0x09, 0x9d, 0x29,
-  0x2f, 0xb2, 0x6d, 0x3f, 0x3e, 0x6c, 0x2f, 0x90, 0x80, 0xa1, 0x71, 0xdf,
-  0xbe, 0x38, 0xc5, 0xcb, 0xa9, 0x9a, 0x40, 0x14, 0x90, 0x0a, 0xf9, 0xb7,
-  0x07, 0x0b, 0xe1, 0xda, 0xe7, 0x09, 0xbf, 0x0d, 0x57, 0x41, 0x86, 0x60,
-  0xa1, 0xc1, 0x27, 0x91, 0x5b, 0x0a, 0x98, 0x46, 0x1b, 0xf6, 0xa2, 0x84,
-  0xf8, 0x65, 0xc7, 0xce, 0x2d, 0x96, 0x17, 0xaa, 0x91, 0xf8, 0x61, 0x04,
-  0x50, 0x70, 0xeb, 0xb4, 0x43, 0xb7, 0xdc, 0x9a, 0xcc, 0x31, 0x01, 0x14,
-  0xd4, 0xcd, 0xcc, 0xc2, 0x37, 0x6d, 0x69, 0x82, 0xd6, 0xc6, 0xc4, 0xbe,
-  0xf2, 0x34, 0xa5, 0xc9, 0xa6, 0x19, 0x53, 0x32, 0x7a, 0x86, 0x0e, 0x91,
-  0x82, 0x0f, 0xa1, 0x42, 0x54, 0xaa, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01,
-  0x02, 0x81, 0x81, 0x00, 0x95, 0xaa, 0x6e, 0x11, 0xf5, 0x6a, 0x8b, 0xa2,
-  0xc6, 0x48, 0xc6, 0x7c, 0x37, 0x6b, 0x1f, 0x55, 0x10, 0x76, 0x26, 0x24,
-  0xc3, 0xf2, 0x5c, 0x5a, 0xdd, 0x2e, 0xf3, 0xa4, 0x1e, 0xbc, 0x7b, 0x1c,
-  0x80, 0x10, 0x85, 0xbc, 0xd8, 0x45, 0x3c, 0xb8, 0xb2, 0x06, 0x53, 0xb5,
-  0xd5, 0x7a, 0xe7, 0x0e, 0x92, 0xe6, 0x42, 0xc2, 0xe2, 0x2a, 0xd5, 0xd1,
-  0x03, 0x9f, 0x6f, 0x53, 0x74, 0x68, 0x72, 0x8e, 0xbf, 0x03, 0xbb, 0xab,
-  0xbd, 0xa1, 0xf9, 0x81, 0x7d, 0x12, 0xd4, 0x9d, 0xb6, 0xae, 0x4c, 0xad,
-  0xca, 0xa8, 0xc9, 0x80, 0x8d, 0x0d, 0xd5, 0xd0, 0xa1, 0xbf, 0xec, 0x60,
-  0x48, 0x49, 0xed, 0x97, 0x0f, 0x5e, 0xed, 0xfc, 0x39, 0x15, 0x96, 0x9e,
-  0x5d, 0xe2, 0xb4, 0x5d, 0x2e, 0x04, 0xdc, 0x08, 0xa2, 0x65, 0x29, 0x2d,
-  0x37, 0xfb, 0x62, 0x90, 0x1b, 0x7b, 0xe5, 0x3a, 0x58, 0x05, 0x55, 0xc1,
-  0x02, 0x41, 0x00, 0xfc, 0x69, 0x28, 0xc9, 0xa8, 0xc4, 0x5c, 0xe3, 0xd0,
-  0x5e, 0xaa, 0xda, 0xde, 0x87, 0x74, 0xdb, 0xcb, 0x40, 0x78, 0x8e, 0x1d,
-  0x12, 0x96, 0x16, 0x61, 0x3f, 0xb3, 0x3e, 0xa3, 0x0d, 0xdc, 0x49, 0xa5,
-  0x25, 0x87, 0xc5, 0x97, 0x85, 0x9d, 0xbb, 0xb4, 0xf0, 0x44, 0xfd, 0x6c,
-  0xe8, 0xd2, 0x8c, 0xec, 0x33, 0x81, 0x46, 0x1e, 0x10, 0x12, 0x33, 0x16,
-  0x95, 0x00, 0x4f, 0x75, 0xb4, 0xe5, 0x79, 0x02, 0x41, 0x00, 0xd0, 0xeb,
-  0x65, 0x07, 0x10, 0x3b, 0xd9, 0x03, 0xeb, 0xdc, 0x6f, 0x4b, 0x8f, 0xc3,
-  0x87, 0xce, 0x76, 0xd6, 0xc5, 0x14, 0x21, 0x4e, 0xe7, 0x4f, 0x1b, 0xe8,
-  0x05, 0xf8, 0x84, 0x1a, 0xe0, 0xc5, 0xd6, 0xe3, 0x08, 0xb3, 0x54, 0x57,
-  0x02, 0x1f, 0xd4, 0xd9, 0xfb, 0xff, 0x40, 0xb1, 0x56, 0x1c, 0x60, 0xf7,
-  0xac, 0x91, 0xf3, 0xd3, 0xc6, 0x7f, 0x84, 0xfd, 0x84, 0x9d, 0xea, 0x26,
-  0xee, 0xc9, 0x02, 0x41, 0x00, 0xa6, 0xcf, 0x1c, 0x6c, 0x81, 0x03, 0x1c,
-  0x5c, 0x56, 0x05, 0x6a, 0x26, 0x70, 0xef, 0xd6, 0x13, 0xb7, 0x74, 0x28,
-  0xf7, 0xca, 0x50, 0xd1, 0x2d, 0x83, 0x21, 0x64, 0xe4, 0xdd, 0x3f, 0x38,
-  0xb8, 0xd6, 0xd2, 0x41, 0xb3, 0x1c, 0x9a, 0xea, 0x0d, 0xf5, 0xda, 0xdf,
-  0xcd, 0x17, 0x9f, 0x9a, 0x1e, 0x15, 0xaf, 0x48, 0x1c, 0xbd, 0x9b, 0x63,
-  0x5b, 0xad, 0xed, 0xd4, 0xa1, 0xae, 0xa9, 0x59, 0x09, 0x02, 0x40, 0x4e,
-  0x08, 0xce, 0xa8, 0x8f, 0xc0, 0xba, 0xf3, 0x83, 0x02, 0xc8, 0x33, 0x62,
-  0x14, 0x77, 0xc2, 0x7f, 0x93, 0x02, 0xf3, 0xdc, 0xe9, 0x1a, 0xee, 0xea,
-  0x8e, 0x84, 0xc4, 0x69, 0x9b, 0x9c, 0x7f, 0x69, 0x1f, 0x4e, 0x1d, 0xa5,
-  0x90, 0x06, 0x44, 0x1b, 0x7d, 0xfc, 0x69, 0x40, 0x21, 0xbc, 0xf7, 0x46,
-  0xa4, 0xdc, 0x39, 0x7b, 0xe8, 0x8b, 0x49, 0x10, 0x44, 0x9d, 0x67, 0x5a,
-  0x91, 0x86, 0x39, 0x02, 0x40, 0x41, 0x2c, 0x4e, 0xfe, 0xd9, 0x90, 0x89,
-  0x00, 0x5c, 0x94, 0x0a, 0x4a, 0x7e, 0x1b, 0x1a, 0x80, 0x06, 0x01, 0x37,
-  0xda, 0x50, 0x61, 0x9d, 0x9c, 0xfe, 0x25, 0x7f, 0xd8, 0xd4, 0xc4, 0x9e,
-  0x81, 0xf2, 0x0c, 0x1e, 0x38, 0x21, 0x1e, 0x90, 0x3f, 0xd4, 0xba, 0x6c,
-  0x53, 0xcb, 0xf0, 0x77, 0x79, 0x9b, 0xf1, 0xfa, 0x3f, 0x81, 0xdc, 0xf3,
-  0x21, 0x02, 0x6d, 0xb7, 0x95, 0xc3, 0x2e, 0xce, 0xd5
-};
-unsigned int default_private_key_len = 609;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 19bf86d69c..1f27265c56 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -650,13 +650,13 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    const prefix_size = 8 + SSL_RECORD_SIZE;
+    const size_t prefix_size = 8 + SSL_RECORD_SIZE;
     bool hmac_inplace = (uint32_t)buf - (uint32_t)ssl->bm_data >= prefix_size;
     uint8_t tmp[prefix_size];
     int hmac_len = buf_len + prefix_size;
     uint8_t *t_buf;
     if (hmac_inplace) {
-        t_buf = buf - prefix_size;
+        t_buf = ((uint8_t*)buf) - prefix_size;
         memcpy(tmp, t_buf, prefix_size);
     } else {
         t_buf = (uint8_t *)malloc(hmac_len+10);

From f98cae7b2fb07658ed637cc469b43f1f0b98d5c2 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 4 Dec 2015 18:44:40 +0300
Subject: [PATCH 229/301] Don't try to load certificate and private key if it
 is null

---
 ssl/loader.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ssl/loader.c b/ssl/loader.c
index 9d157f7969..6c7a6308c5 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -436,9 +436,9 @@ int load_key_certs(SSL_CTX *ssl_ctx)
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
         extern const unsigned char* default_private_key;
         extern const unsigned int default_private_key_len;
-
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
-                default_private_key_len, NULL); 
+        if (default_private_key != NULL && default_private_key_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
+                default_private_key_len, NULL);
 #endif
     }
 
@@ -464,7 +464,8 @@ int load_key_certs(SSL_CTX *ssl_ctx)
 #if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
         extern const unsigned char* default_certificate;
         extern const unsigned int default_certificate_len;
-        ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
+        if (default_certificate != NULL && default_certificate_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
                     default_certificate, default_certificate_len, NULL);
 #endif
     }

From 514b6685c5a84232caeed72dc5720c652bbe9f73 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Wed, 9 Dec 2015 23:39:26 +0300
Subject: [PATCH 230/301] Disable RC4

---
 ssl/tls1.c | 40 +++++++---------------------------------
 ssl/tls1.h |  2 +-
 2 files changed, 8 insertions(+), 34 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 1f27265c56..c4a676b102 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -58,18 +58,18 @@ static int send_raw_packet(SSL *ssl, uint8_t protocol);
  * ciphers are listed. This order is defined at compile time.
  */
 #ifdef CONFIG_SSL_SKELETON_MODE
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
 { SSL_RC4_128_SHA };
 #else
 static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
 
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
 #ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
-{ SSL_RC4_128_SHA, SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_MD5 };
+{ SSL_AES128_SHA, SSL_AES256_SHA};
 #elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
-{ SSL_AES128_SHA, SSL_AES256_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };    
+{ SSL_AES128_SHA, SSL_AES256_SHA};
 #else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA, SSL_AES128_SHA, SSL_RC4_128_SHA, SSL_RC4_128_MD5 };
+{ SSL_AES256_SHA, SSL_AES128_SHA};
 #endif
 #endif /* CONFIG_SSL_SKELETON_MODE */
 
@@ -108,40 +108,14 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
     {   /* AES256-SHA */
         SSL_AES256_SHA,                 /* AES256-SHA */
         32,                             /* key size */
-        16,                             /* iv size */ 
+        16,                             /* iv size */
         2*(SHA1_SIZE+32+16),            /* key block size */
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
         hmac_sha1,                      /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },       
-    {   /* RC4-SHA */
-        SSL_RC4_128_SHA,                /* RC4-SHA */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(SHA1_SIZE+16),               /* key block size */
-        0,                              /* no padding */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
-    /*
-     * This protocol is from SSLv2 days and is unlikely to be used - but was
-     * useful for testing different possible digest algorithms.
-     */
-    {   /* RC4-MD5 */
-        SSL_RC4_128_MD5,                /* RC4-MD5 */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(MD5_SIZE+16),                /* key block size */
-        0,                              /* no padding */
-        MD5_SIZE,                       /* digest size */
-        hmac_md5,                       /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
+    }
 };
 #endif
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 673c7fa002..b7cd7f36e7 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -82,7 +82,7 @@ extern "C" {
 #ifdef CONFIG_SSL_SKELETON_MODE
 #define NUM_PROTOCOLS               1
 #else
-#define NUM_PROTOCOLS               4
+#define NUM_PROTOCOLS               2
 #endif
 
 #define PARANOIA_CHECK(A, B)        if (A < B) { \

From d78e7a07998f456d452a760d478d1518b009fd4a Mon Sep 17 00:00:00 2001
From: Slavey Karadzhov <slavey.karadzhov@zend.com>
Date: Mon, 1 Feb 2016 12:05:09 +0100
Subject: [PATCH 231/301] Initial version of axTLS integration with lwip raw
 tcp mode (http://lwip.wikia.com/wiki/Raw/TCP).

---
 tools/make_certs.sh | 186 ++++++++++++++++++++++++++++++++++
 util/README.md      | 149 +++++++++++++++++++++++++++
 util/lwipr_compat.c | 241 ++++++++++++++++++++++++++++++++++++++++++++
 util/lwipr_compat.h |  82 +++++++++++++++
 4 files changed, 658 insertions(+)
 create mode 100755 tools/make_certs.sh
 create mode 100644 util/README.md
 create mode 100644 util/lwipr_compat.c
 create mode 100644 util/lwipr_compat.h

diff --git a/tools/make_certs.sh b/tools/make_certs.sh
new file mode 100755
index 0000000000..d521e9218d
--- /dev/null
+++ b/tools/make_certs.sh
@@ -0,0 +1,186 @@
+#!/bin/sh
+#
+# Copyright (c) 2007, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+AXDIR=`pwd`/`dirname $0`
+CWD=`mktemp -d` && cd $dir
+cd $CWD 
+
+#
+# Generate the certificates and keys for testing.
+#
+
+PROJECT_NAME="axTLS Project"
+
+# Generate the openssl configuration files.
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Dodgy Certificate Authority
+EOF
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME
+ CN                     = 127.0.0.1
+EOF
+
+cat > device_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Device Certificate
+EOF
+
+# private key generation
+openssl genrsa -out axTLS.ca_key.pem 1024
+openssl genrsa -out axTLS.key_512.pem 512
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_1042.pem 1042
+openssl genrsa -out axTLS.key_2048.pem 2048
+openssl genrsa -out axTLS.key_4096.pem 4096
+openssl genrsa -out axTLS.device_key.pem 1024
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
+
+
+# convert private keys into DER format
+openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
+openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_1042.pem -out axTLS.key_1042 -outform DER
+openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
+openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
+openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
+
+# cert requests
+openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
+            -config ./ca_cert.conf 
+openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_1042.req -key axTLS.key_1042.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
+            -config ./device_cert.conf
+openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
+            -new -config ./certs.conf -passin pass:abcd
+openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
+            -new -config ./certs.conf -passin pass:abcd
+
+# generate the actual certs.
+openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
+            -sha1 -days 5000 -signkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
+            -md5 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
+            -md5 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
+openssl x509 -req -in axTLS.x509_aes128.req \
+            -out axTLS.x509_aes128.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_aes256.req \
+            -out axTLS.x509_aes256.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# note: must be root to do this
+DATE_NOW=`date`
+if date -s "Jan 1 2025"; then
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
+            -sha1 -CAcreateserial -days 365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+date -s "$DATE_NOW"
+touch axTLS.x509_bad_before.pem
+fi
+openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
+            -sha1 -CAcreateserial -days -365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# some cleanup
+rm axTLS*.req
+rm axTLS.srl
+rm *.conf
+
+# need this for the client tests
+openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
+openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
+openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_1042.pem -outform DER -out axTLS.x509_1042.cer
+openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
+openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
+openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
+
+# generate pkcs8 files (use RC4-128 for encryption)
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+
+# generate pkcs12 files (use RC4-128 for encryption)
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
+
+# PEM certificate chain
+cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
+
+# set default key/cert for use in the server
+xxd -i axTLS.x509_1024.cer | sed -e \
+        "s/axTLS_x509_1024_cer/default_certificate/" > $AXDIR/../ssl/cert.h
+xxd -i axTLS.key_1024 | sed -e \
+        "s/axTLS_key_1024/default_private_key/" > $AXDIR/../ssl/private_key.h
diff --git a/util/README.md b/util/README.md
new file mode 100644
index 0000000000..6c3b10ba3b
--- /dev/null
+++ b/util/README.md
@@ -0,0 +1,149 @@
+If you are using [LWIP raw tcp mode](http://lwip.wikia.com/wiki/Raw/TCP) and want to add SSL support below are the steps that can help you to achieve this with the help of [axTLS]( http://axtls.sourceforge.net/ ).
+		
+First you have to include the `lwipr_compat.h` header.
+
+```C
+#include "util/lwipr_compat.h"
+```
+
+Then in the code block where you initialize the tcp raw connection you should call `axl_init`.
+Take a look at the example below:
+
+```C
+lwip_init();
+
+/* 
+ * The line below should be added AFTER the lwip_init code
+ * AND BEFORE the call to tcp_new()
+ * The parameter value 10 specifies how many SSL connections are expected
+ */ 
+axl_init(10);
+
+// .. some more code
+tcp = tcp_new();
+tcp_sent(tcp, staticOnSent);
+tcp_recv(tcp, staticOnReceive);
+tcp_err(tcp, staticOnError);
+tcp_poll(tcp, staticOnPoll, 4);
+// ... and even more code 
+res = tcp_connect(tcp, &addr, port, staticOnConnected);
+
+
+```
+
+Now we should add in our `staticOnConnected` funciton code to create new ssl context and ssl object. 
+In the example below the `sslObj` and `sslContext` are defined as global
+
+```C
+// global definitions
+SSL *sslObj = NULL;
+SSLCTX* sslContext = NULL;
+
+// and some more code...
+
+err_t staticOnConnected(void *arg, struct tcp_pcb *tcp, err_t err)
+{
+	int clientfd = -1;
+	uint32_t options = 0;
+
+	if (tcp == NULL) {
+		/* @TODO: Take care to handle error conditions */
+		return -1;
+	}
+
+	clientfd = axl_append(tcp);
+	if(clientfd == -1) {
+		printf("Unable to add LWIP tcp -> clientfd mapping\n");
+		return ERR_OK;
+	}
+	
+	printf("Connected: ClientId: %d\n", clientfd);
+#ifdef SSL_DEBUG
+	options |= SSL_DISPLAY_STATES | SSL_DISPLAY_BYTES;
+#endif	
+	
+	// if you want to verify the server certificate later you can also add the following option
+	options |= SSL_SERVER_VERIFY_LATER
+	
+	sslContext = ssl_ctx_new(SSL_CONNECT_IN_PARTS | options, 1); // !!! SSL_CONNECT_IN_PARTS must be in the flags !!!
+	sslObj = ssl_client_new(sslContext, clientfd, NULL, 0);
+
+	return ERR_OK;
+}
+```
+
+
+Once we are connected we can send and receive information. For the receiving part we can do the following
+
+```C
+err_t staticOnReceive(void *arg, struct tcp_pcb *tcp, struct pbuf *p, err_t err)
+{
+	uint8_t *read_buf = NULL;
+	int read_bytes = 0;
+
+	printf("Err: %d\n", err);
+
+	if(tcp == NULL || p == NULL) {
+		/* @TODO: Take care to handle error conditions */
+		return -1;
+	}
+
+	read_bytes = axl_ssl_read(sslObj, &read_buf, tcp, p);
+	if(read_bytes > 0) {
+		printf("Got data: %s", read_buf);
+		// @TODO: Do something useful with the read_buf 
+	}
+
+	return ERR_OK;
+}
+```
+
+In the receiving part you can also add debug code to display more information about the SSL handshake, once it was successul.
+
+
+```C
+err_t staticOnReceive(void *arg, struct tcp_pcb *tcp, struct pbuf *p, err_t err)
+{
+	static int show_info = 0;
+	const char *common_name = NULL;
+	
+	// ..
+	read_bytes = axl_ssl_read(sslObj, &read_buf, tcp, p);
+	if(read_bytes > 0) {
+		printf("Got data: %s", read_buf);
+		// @TODO: Do something useful with the read_buf 
+	}
+	
+	if(!show_info && ssl_handshake_status(sslObj) == SSL_OK) {
+		common_name = ssl_get_cert_dn(sslObj, SSL_X509_CERT_COMMON_NAME);
+		if (common_name) {
+			printf("Common Name:\t\t\t%s\n", common_name);
+		}
+
+		// These two funcitons below can be found in the axtls examples
+		display_session_id(sslObj); 
+		display_cipher(sslObj);
+		show_info = 1;
+	}
+	
+	return ERR_OK;
+}
+
+```
+
+
+And for the sending part we can use the following code sample as a start
+
+```C
+void someSendingfunction() {
+	uint8_t *out_buf;
+	int out_bytes = 0;
+	
+	// ... take care to store something in the out_buf
+	
+	axl_ssl_write(sslObj, out_buf, out_bytes);
+}
+
+```
+
+Good luck and send your success stories at slaff@attachix.com.
diff --git a/util/lwipr_compat.c b/util/lwipr_compat.c
new file mode 100644
index 0000000000..6cd75188fb
--- /dev/null
+++ b/util/lwipr_compat.c
@@ -0,0 +1,241 @@
+/*
+ * Compatibility for AxTLS with LWIP raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP)
+ *
+ *  Created on: Jan 15, 2016
+ *      Author: Slavey Karadzhov
+ */
+#include "lwipr_compat.h"
+
+#include <stdlib.h>
+
+/* High Level "public" functions */
+
+/**
+ * Function that should be called once we are ready to use the axTLS - LWIP raw compatibility
+ */
+void axl_init(int capacity) {
+	ax_fd_init(&axlFdArray, capacity);
+}
+
+/**
+ * Appends a tcp to the internal array. Returns client file descriptor
+ */
+int axl_append(struct tcp_pcb *tcp) {
+	return ax_fd_append(&axlFdArray, tcp);
+}
+
+/**
+ * Reads data from the SSL over TCP stream. Returns decrypted data.
+ * @param SSL *sslObj
+ * @param uint8_t **in_data - pointer to the decrypted incoming data, or NULL if nothing was read
+ * @param void *arg - possible arguments passed to the tcp raw layer during initialization
+ * @param tcp_pcb *tcp - pointer to the raw tcp object
+ * @param pbuf *p - pointer to the buffer with the TCP packet data
+ *
+ * @return int
+ * 			0 - when everything is fine but there are no symbols to process yet
+ * 			< 0 - when there is an error
+ * 			> 0 - the length of the clear text characters that were read
+ */
+int axl_ssl_read(SSL *ssl, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *p) {
+	int read_bytes = 0;
+	int total_bytes = 0;
+	int clientfd = -1;
+
+	AxlTcpData* data = NULL;
+
+	if (ssl == NULL) {
+		return ERR_AXL_INVALID_SSL;
+	}
+
+	clientfd = ax_fd_getfd(&axlFdArray, tcp);
+	if(clientfd == -1) {
+		return ERR_AXL_INVALID_CLIENTFD;
+	}
+
+	data = ax_fd_get(&axlFdArray, clientfd);
+	if(data == NULL) {
+		return ERR_AXL_INVALID_CLIENTFD_DATA;
+	}
+
+	if (p != NULL) {
+		data->tcp_pbuf = p;
+		data->pbuf_offset = 0;
+	}
+
+	tcp_recved(tcp, p->tot_len);
+	do {
+		read_bytes = ssl_read(ssl, in_data);
+		if(read_bytes < SSL_OK) {
+			/* An error has occurred. Give it back for further processing */
+			total_bytes = read_bytes;
+			break;
+		}
+		total_bytes+= read_bytes;
+	} while (p->tot_len - data->pbuf_offset > 0);
+
+	pbuf_free(p);
+
+	return total_bytes;
+}
+
+/*
+ * Lower Level LWIP RAW functions
+ */
+
+/*
+ * The LWIP tcp raw version of the SOCKET_WRITE(A, B, C)
+ */
+int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed) {
+	AxlTcpData *data = NULL;
+	int tcp_len = 0;
+	err_t err = ERR_OK;
+
+	data = ax_fd_get(&axlFdArray, clientfd);
+	if(data == NULL) {
+		return ERR_AXL_INVALID_CLIENTFD;
+	}
+
+	if (data == NULL || data->tcp == NULL || buf == NULL || bytes_needed == 0) {
+		return 0;
+	}
+
+	if (tcp_sndbuf(data->tcp) < bytes_needed) {
+		tcp_len = tcp_sndbuf(data->tcp);
+		if(tcp_len == 0) {
+			AXL_DEBUG("The send buffer is full! We have problem.\n");
+			return 0;
+		}
+
+	} else {
+		tcp_len = bytes_needed;
+	}
+
+	if (tcp_len > 2 * data->tcp->mss) {
+		tcp_len = 2 * data->tcp->mss;
+	}
+
+	do {
+		err = tcp_write(data->tcp, buf, tcp_len, TCP_WRITE_FLAG_COPY | TCP_WRITE_FLAG_MORE);
+		if(err < SSL_OK) {
+			AXL_DEBUG("Got error: %d\n", err);
+		}
+
+		if (err == ERR_MEM) {
+			tcp_len /= 2;
+		}
+	} while (err == ERR_MEM && tcp_len > 1);
+	AXL_DEBUG("send_raw_packet length %d\n", tcp_len);
+	if (err == ERR_OK) {
+		err = tcp_output(data->tcp);
+		if(err != ERR_OK) {
+			AXL_DEBUG("tcp_output got err: %d\n", err);
+		}
+	}
+
+	return tcp_len;
+}
+
+/*
+ * The LWIP tcp raw version of the SOCKET_READ(A, B, C)
+ */
+int ax_port_read(int clientfd, uint8_t *buf, int bytes_needed) {
+	AxlTcpData *data = NULL;
+	uint8_t *read_buf = NULL;
+	uint8_t *pread_buf = NULL;
+	u16_t recv_len = 0;
+
+	data = ax_fd_get(&axlFdArray, clientfd);
+	if (data == NULL) {
+		return ERR_AXL_INVALID_CLIENTFD_DATA;
+	}
+
+	if(data->tcp_pbuf == NULL || data->tcp_pbuf->tot_len == 0) {
+		AXL_DEBUG("Nothing to read?! May be the connection needs resetting?\n");
+		return 0;
+	}
+
+	read_buf =(uint8_t*)calloc(data->tcp_pbuf->len + 1, sizeof(uint8_t));
+	pread_buf = read_buf;
+	if (pread_buf != NULL){
+		recv_len = pbuf_copy_partial(data->tcp_pbuf, read_buf, bytes_needed, data->pbuf_offset);
+		data->pbuf_offset += recv_len;
+	}
+
+	if (recv_len != 0) {
+		memcpy(buf, read_buf, recv_len);
+	}
+
+	if(bytes_needed < recv_len) {
+		AXL_DEBUG("Bytes needed: %d, Bytes read: %d\n", bytes_needed, recv_len);
+	}
+
+	free(pread_buf);
+	pread_buf = NULL;
+
+	return recv_len;
+}
+
+/*
+ * Utility functions
+ */
+void ax_fd_init(AxlTcpDataArray *vector, int capacity) {
+	vector->size = 0;
+	vector->capacity = capacity;
+	vector->data = (AxlTcpData*) malloc(sizeof(AxlTcpData) * vector->capacity);
+}
+
+int ax_fd_append(AxlTcpDataArray *vector, struct tcp_pcb *tcp) {
+	int index;
+
+	ax_fd_double_capacity_if_full(vector);
+	index = vector->size++;
+	vector->data[index].tcp = tcp;
+	vector->data[index].tcp_pbuf = NULL;
+	vector->data[index].pbuf_offset = 0;
+
+	return index;
+}
+
+AxlTcpData* ax_fd_get(AxlTcpDataArray *vector, int index) {
+	if (index >= vector->size || index < 0) {
+		AXL_DEBUG("Index %d out of bounds for vector of size %d\n", index,
+				vector->size);
+		return NULL;
+	}
+	return &(vector->data[index]);
+}
+
+int ax_fd_getfd(AxlTcpDataArray *vector, struct tcp_pcb *tcp) {
+	int i;
+	for (i = 0; i < vector->size; i++) {
+		if (vector->data[i].tcp == tcp) {
+			return i;
+		}
+	}
+
+	return -1;
+}
+
+void ax_fd_set(AxlTcpDataArray *vector, int index, struct tcp_pcb *tcp) {
+	AxlTcpData value;
+	while (index >= vector->size) {
+		ax_fd_append(vector, 0);
+	}
+
+	value.tcp = tcp;
+	value.tcp_pbuf = NULL;
+	value.pbuf_offset = 0;
+	vector->data[index] = value;
+}
+
+void ax_fd_double_capacity_if_full(AxlTcpDataArray *vector) {
+	if (vector->size >= vector->capacity) {
+		vector->capacity *= 2;
+		vector->data = (AxlTcpData*)realloc(vector->data, sizeof(AxlTcpData) * vector->capacity);
+	}
+}
+
+void ax_fd_free(AxlTcpDataArray *vector) {
+	free(vector->data);
+}
diff --git a/util/lwipr_compat.h b/util/lwipr_compat.h
new file mode 100644
index 0000000000..1e5d73fa23
--- /dev/null
+++ b/util/lwipr_compat.h
@@ -0,0 +1,82 @@
+/*
+ * Compatibility for AxTLS with LWIP raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP)
+ *
+ *  Created on: Jan 15, 2016
+ *      Author: Slavey Karadzhov
+ */
+
+#ifndef LWIPR_COMPAT_H
+#define LWIPR_COMPAT_H
+
+#include <stdint.h>
+
+/*
+ * All those functions will run only if LWIP tcp raw mode is used
+ */
+#if LWIP_RAW==1
+
+#include "lwip/tcp.h"
+#include "ssl/ssl.h"
+#include "ssl/tls1.h"
+
+#define ERR_AXL_INVALID_SSL -101
+#define ERR_AXL_INVALID_TCP -102
+#define ERR_AXL_INVALID_CLIENTFD -103
+#define ERR_AXL_INVALID_CLIENTFD_DATA -104
+
+#define SOCKET_READ(A, B, C) 	ax_port_read(A, B, C)
+#define SOCKET_WRITE(A, B, C) 	ax_port_write(A, B, C)
+
+/*
+ * Define the AXL_DEBUG function to add debug functionality
+ */
+#ifndef AXL_DEBUG
+#define AXL_DEBUG printf
+#endif
+
+typedef struct {
+	struct tcp_pcb *tcp;
+	struct pbuf *tcp_pbuf;
+	int pbuf_offset;
+} AxlTcpData;
+
+
+typedef struct {
+  int size;      /* slots used so far */
+  int capacity;  /* total available slots */
+  AxlTcpData *data;     /* array of TcpData objects */
+} AxlTcpDataArray;
+
+AxlTcpDataArray axlFdArray;
+
+/*
+ * High Level Functions - these are the ones that should be used directly
+ */
+
+void axl_init(int capacity);
+int axl_append(struct tcp_pcb *tcp);
+
+#define axl_ssl_write(A, B, C) ssl_write(A, B, C)
+int axl_ssl_read(SSL *sslObj, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *p);
+
+/*
+ * Lower Level Socket Functions - used internally from axTLS
+ */
+
+int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed);
+int ax_port_read(int clientfd, uint8_t *buf, int bytes_needed);
+
+/*
+ * Lower Level Utility functions
+ */
+void ax_fd_init(AxlTcpDataArray *vector, int capacity);
+int ax_fd_append(AxlTcpDataArray *vector, struct tcp_pcb *tcp);
+AxlTcpData* ax_fd_get(AxlTcpDataArray *vector, int index);
+int ax_fd_getfd(AxlTcpDataArray *vector, struct tcp_pcb *tcp);
+void ax_fd_set(AxlTcpDataArray *vector, int index, struct tcp_pcb *tcp);
+void ax_fd_double_capacity_if_full(AxlTcpDataArray *vector);
+void ax_fd_free(AxlTcpDataArray *vector);
+
+#endif
+
+#endif /* LWIPR_COMPAT_H */

From 7c38865f66cfdd0884183619b0d1e89b8717cb01 Mon Sep 17 00:00:00 2001
From: Slavey Karadzhov <slavey.karadzhov@zend.com>
Date: Fri, 19 Feb 2016 11:53:05 +0100
Subject: [PATCH 232/301] Restructured the lwip raw comat code. Added
 replacements for the time functions on ESP8266.

---
 {util => compat}/README.md      |   2 +-
 {util => compat}/lwipr_compat.c |  45 +++++++++-
 {util => compat}/lwipr_compat.h |  25 ++++--
 compat/lwipr_platform.h         |  27 ++++++
 replacements/time.c             | 147 ++++++++++++++++++++++++++++++++
 5 files changed, 237 insertions(+), 9 deletions(-)
 rename {util => compat}/README.md (99%)
 rename {util => compat}/lwipr_compat.c (83%)
 rename {util => compat}/lwipr_compat.h (86%)
 create mode 100644 compat/lwipr_platform.h
 create mode 100644 replacements/time.c

diff --git a/util/README.md b/compat/README.md
similarity index 99%
rename from util/README.md
rename to compat/README.md
index 6c3b10ba3b..fff33837d7 100644
--- a/util/README.md
+++ b/compat/README.md
@@ -3,7 +3,7 @@ If you are using [LWIP raw tcp mode](http://lwip.wikia.com/wiki/Raw/TCP) and wan
 First you have to include the `lwipr_compat.h` header.
 
 ```C
-#include "util/lwipr_compat.h"
+#include "compat/lwipr_compat.h"
 ```
 
 Then in the code block where you initialize the tcp raw connection you should call `axl_init`.
diff --git a/util/lwipr_compat.c b/compat/lwipr_compat.c
similarity index 83%
rename from util/lwipr_compat.c
rename to compat/lwipr_compat.c
index 6cd75188fb..834b3f071c 100644
--- a/util/lwipr_compat.c
+++ b/compat/lwipr_compat.c
@@ -6,6 +6,8 @@
  */
 #include "lwipr_compat.h"
 
+AxlTcpDataArray axlFdArray;
+
 #include <stdlib.h>
 
 /* High Level "public" functions */
@@ -24,6 +26,34 @@ int axl_append(struct tcp_pcb *tcp) {
 	return ax_fd_append(&axlFdArray, tcp);
 }
 
+/**
+ * Frees  the internal mapping from this tcp. Returns the number of occurrences of the tcp
+ */
+int axl_free(struct tcp_pcb *tcp) {
+	int i;
+	int occurances = 0;
+
+	if(tcp == NULL) {
+		return 0;
+	}
+
+	AxlTcpDataArray *vector = &axlFdArray;
+	AXL_DEBUG("AXL: Freeing %d tcp item", vector->size);
+	for (i = 0; i < vector->size; i++) {
+		if (vector->data[i].tcp == tcp) {
+			if(vector->data[i].tcp_pbuf != NULL) {
+				pbuf_free(vector->data[i].tcp_pbuf);
+				vector->data[i].tcp_pbuf = NULL;
+			}
+			vector->data[i].tcp = NULL;
+			vector->data[i].pbuf_offset = 0;
+			occurances++;
+		}
+	}
+
+	return occurances;
+}
+
 /**
  * Reads data from the SSL over TCP stream. Returns decrypted data.
  * @param SSL *sslObj
@@ -63,9 +93,13 @@ int axl_ssl_read(SSL *ssl, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *
 		data->pbuf_offset = 0;
 	}
 
+	AXL_DEBUG("READY TO READ SOME DATA\n");
+
 	tcp_recved(tcp, p->tot_len);
 	do {
+		WATCHDOG_FEED();
 		read_bytes = ssl_read(ssl, in_data);
+		AXL_DEBUG("axl_ssl_read: Read bytes: %d\n", read_bytes);
 		if(read_bytes < SSL_OK) {
 			/* An error has occurred. Give it back for further processing */
 			total_bytes = read_bytes;
@@ -97,6 +131,7 @@ int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed) {
 	}
 
 	if (data == NULL || data->tcp == NULL || buf == NULL || bytes_needed == 0) {
+		AXL_DEBUG("Return Zero.\n");
 		return 0;
 	}
 
@@ -116,16 +151,17 @@ int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed) {
 	}
 
 	do {
-		err = tcp_write(data->tcp, buf, tcp_len, TCP_WRITE_FLAG_COPY | TCP_WRITE_FLAG_MORE);
+		err = tcp_write(data->tcp, buf, tcp_len, TCP_WRITE_FLAG_COPY);
 		if(err < SSL_OK) {
 			AXL_DEBUG("Got error: %d\n", err);
 		}
 
 		if (err == ERR_MEM) {
+			AXL_DEBUG("Not enough memory to write data with length: %d (%d)\n", tcp_len, bytes_needed);
 			tcp_len /= 2;
 		}
 	} while (err == ERR_MEM && tcp_len > 1);
-	AXL_DEBUG("send_raw_packet length %d\n", tcp_len);
+	AXL_DEBUG("send_raw_packet length %d(%d)\n", tcp_len, bytes_needed);
 	if (err == ERR_OK) {
 		err = tcp_output(data->tcp);
 		if(err != ERR_OK) {
@@ -176,6 +212,11 @@ int ax_port_read(int clientfd, uint8_t *buf, int bytes_needed) {
 	return recv_len;
 }
 
+int ax_get_file(const char *filename, uint8_t **buf) {
+    *buf = 0;
+    return 0;
+}
+
 /*
  * Utility functions
  */
diff --git a/util/lwipr_compat.h b/compat/lwipr_compat.h
similarity index 86%
rename from util/lwipr_compat.h
rename to compat/lwipr_compat.h
index 1e5d73fa23..1a8846f946 100644
--- a/util/lwipr_compat.h
+++ b/compat/lwipr_compat.h
@@ -8,14 +8,16 @@
 #ifndef LWIPR_COMPAT_H
 #define LWIPR_COMPAT_H
 
-#include <stdint.h>
-
 /*
  * All those functions will run only if LWIP tcp raw mode is used
  */
 #if LWIP_RAW==1
 
-#include "lwip/tcp.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "lwipr_platform.h"
 #include "ssl/ssl.h"
 #include "ssl/tls1.h"
 
@@ -31,7 +33,14 @@
  * Define the AXL_DEBUG function to add debug functionality
  */
 #ifndef AXL_DEBUG
-#define AXL_DEBUG printf
+	#define AXL_DEBUG(...)
+#endif
+
+/**
+ * Define watchdog function to be called during CPU intensive operations.
+ */
+#ifndef WATCHDOG_FEED
+	#define WATCHDOG_FEED()
 #endif
 
 typedef struct {
@@ -47,14 +56,13 @@ typedef struct {
   AxlTcpData *data;     /* array of TcpData objects */
 } AxlTcpDataArray;
 
-AxlTcpDataArray axlFdArray;
-
 /*
  * High Level Functions - these are the ones that should be used directly
  */
 
 void axl_init(int capacity);
 int axl_append(struct tcp_pcb *tcp);
+int axl_free(struct tcp_pcb *tcp);
 
 #define axl_ssl_write(A, B, C) ssl_write(A, B, C)
 int axl_ssl_read(SSL *sslObj, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *p);
@@ -77,6 +85,11 @@ void ax_fd_set(AxlTcpDataArray *vector, int index, struct tcp_pcb *tcp);
 void ax_fd_double_capacity_if_full(AxlTcpDataArray *vector);
 void ax_fd_free(AxlTcpDataArray *vector);
 
+
+#ifdef __cplusplus
+}
 #endif
 
+#endif /* LWIP_RAW==1 */
+
 #endif /* LWIPR_COMPAT_H */
diff --git a/compat/lwipr_platform.h b/compat/lwipr_platform.h
new file mode 100644
index 0000000000..518e8bf4e1
--- /dev/null
+++ b/compat/lwipr_platform.h
@@ -0,0 +1,27 @@
+/*
+ * lwipr_platform.h
+ *
+ *  Created on: Feb 8, 2016
+ *      Author: slavey
+ *
+ */
+
+#ifndef AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_
+#define AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_
+
+/* Add here all platform specific things */
+
+
+// Some calls require the watchdog to be reset
+#ifndef WATCHDOG_FEED
+	#define WATCHDOG_FEED()
+#endif
+
+
+/* SSL_DEBUG is for more information */
+#ifndef SSL_DEBUG
+	#define AXL_DEBUG(...)
+#endif
+
+
+#endif /* AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_ */
diff --git a/replacements/time.c b/replacements/time.c
new file mode 100644
index 0000000000..4972119bb4
--- /dev/null
+++ b/replacements/time.c
@@ -0,0 +1,147 @@
+/*
+ * time.c - ESP8266-specific functions for SNTP
+ * Copyright (c) 2015 Peter Dobler. All rights reserved.
+ * This file is part of the esp8266 core for Arduino environment.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include <time.h>
+#include <sntp.h>
+
+extern uint32_t system_get_time(void);
+extern uint64_t system_mktime(uint32_t year, uint32_t mon, uint32_t day, uint32_t hour, uint32_t min, uint32_t sec);
+
+static int errno_var = 0;
+
+int* __errno(void) {
+    // DEBUGV("__errno is called last error: %d (not current)\n", errno_var);
+    return &errno_var;
+}
+
+unsigned long millis(void)
+{
+	return system_get_time() / 1000UL;
+}
+
+unsigned long micros(void)
+{
+	return system_get_time();
+}
+
+#ifndef _TIMEVAL_DEFINED
+#define _TIMEVAL_DEFINED
+struct timeval {
+  time_t      tv_sec;
+  suseconds_t tv_usec;
+};
+#endif
+
+extern char* sntp_asctime(const struct tm *t);
+extern struct tm* sntp_localtime(const time_t *clock);
+
+// time gap in seconds from 01.01.1900 (NTP time) to 01.01.1970 (UNIX time)
+#define DIFF1900TO1970 2208988800UL
+
+static int s_daylightOffset_sec = 0;
+static long s_timezone_sec = 0;
+static time_t s_bootTime = 0;
+
+// calculate offset used in gettimeofday
+static void ensureBootTimeIsSet()
+{
+    if (!s_bootTime)
+    {
+        time_t now = sntp_get_current_timestamp();
+        if (now)
+        {
+            s_bootTime =  now - millis() / 1000;
+        }
+    }
+}
+
+static void setServer(int id, const char* name_or_ip)
+{
+    if (name_or_ip)
+    {
+        //TODO: check whether server is given by name or IP
+        sntp_setservername(id, (char*) name_or_ip);
+    }
+}
+
+void configTime(int timezone, int daylightOffset_sec, const char* server1, const char* server2, const char* server3)
+{
+    sntp_stop();
+
+    setServer(0, server1);
+    setServer(1, server2);
+    setServer(2, server3);
+
+    s_timezone_sec = timezone;
+    s_daylightOffset_sec = daylightOffset_sec;
+    sntp_set_timezone(timezone/3600);
+    sntp_init();
+}
+
+int clock_gettime(clockid_t unused, struct timespec *tp)
+{
+    tp->tv_sec  = millis() / 1000;
+    tp->tv_nsec = micros() * 1000;
+    return 0;
+}
+
+// seconds since 1970
+time_t mktime(struct tm *t)
+{
+    // system_mktime expects month in range 1..12
+    #define START_MONTH 1
+    return DIFF1900TO1970 + system_mktime(t->tm_year, t->tm_mon + START_MONTH, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+}
+
+time_t time(time_t * t)
+{
+    time_t seconds = sntp_get_current_timestamp();
+    if (t)
+    {
+        *t = seconds;
+    }
+    return seconds;
+}
+
+char* asctime(const struct tm *t)
+{
+    return sntp_asctime(t);
+}
+
+struct tm* localtime(const time_t *clock)
+{
+    return sntp_localtime(clock);
+}
+
+char* ctime(const time_t *t)
+{
+    struct tm* p_tm = localtime(t);
+    char* result = asctime(p_tm);
+    return result;
+}
+
+int gettimeofday(struct timeval *tp, void *tzp)
+{
+    if (tp)
+    {
+        ensureBootTimeIsSet();
+        tp->tv_sec  = (s_bootTime + millis()) / 1000;
+        tp->tv_usec = micros() * 1000;
+    }
+    return 0;
+}

From 63da8991c2878f2a7cd526667f9e23adc9dca1c9 Mon Sep 17 00:00:00 2001
From: Slavey Karadzhov <slavey.karadzhov@zend.com>
Date: Fri, 19 Feb 2016 11:41:45 +0100
Subject: [PATCH 233/301] Added SNI (
 https://en.wikipedia.org/wiki/Server_Name_Indication ) support.

---
 ssl/ssl.h       | 10 ++++++++++
 ssl/tls1.c      | 13 +++++++++++++
 ssl/tls1.h      |  1 +
 ssl/tls1_clnt.c | 20 ++++++++++++++++++++
 4 files changed, 44 insertions(+)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 97e87d495d..c39f921f58 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -352,6 +352,16 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
  */
 EXP_FUNC int STDCALL ssl_get_config(int offset);
 
+/**
+ * @brief Sets the hostname to be used for SNI
+ * @see https://en.wikipedia.org/wiki/Server_Name_Indication
+ * @param char* hostname
+ * @return success from the operation
+ * - 1 on success
+ * - 0 on failure
+ */
+EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name);
+
 /**
  * @brief Display why the handshake failed.
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c4a676b102..a1783bf469 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1849,6 +1849,19 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
     }
 }
 
+/**
+ * Sets the SNI hostname
+ */
+EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name) {
+	if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
+		return 0;
+	}
+
+	strncpy((char*)&ssl->host_name, host_name, strlen(host_name));
+
+	return 1;
+}
+
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 /**
  * Authenticate a received certificate.
diff --git a/ssl/tls1.h b/ssl/tls1.h
index b7cd7f36e7..d5440aa6c3 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -198,6 +198,7 @@ struct _SSL
     uint8_t read_sequence[8];       /* 64 bit sequence number */
     uint8_t write_sequence[8];      /* 64 bit sequence number */
     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
+    const char host_name[255]; /* Needed for the SNI support */
 };
 
 typedef struct _SSL SSL;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 5f25989222..5eee5713ac 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -220,6 +220,26 @@ static int send_client_hello(SSL *ssl)
 
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
+
+    if (ssl->host_name[0] != 0) {
+         unsigned int host_len = strnlen((char*) ssl->host_name, 255);
+
+         buf[offset++] = 0;
+         buf[offset++] = host_len+9;     /* extensions length */
+
+         buf[offset++] = 0;
+         buf[offset++] = 0;              /* server_name(0) (65535) */
+         buf[offset++] = 0;
+         buf[offset++] = host_len+5;     /* server_name length */
+         buf[offset++] = 0;
+         buf[offset++] = host_len+3;     /* server_list length */
+         buf[offset++] = 0;              /* host_name(0) (255) */
+         buf[offset++] = 0;
+         buf[offset++] = host_len;       /* host_name length */
+         strncpy((char*) &buf[offset], ssl->host_name, host_len);
+         offset += host_len;
+    }
+
     buf[3] = offset - 4;            /* handshake size */
 
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);

From 1154d0a985cc442f39f5e6b3678a7d4ffca5db31 Mon Sep 17 00:00:00 2001
From: Slavey Karadzhov <slavey.karadzhov@zend.com>
Date: Mon, 22 Feb 2016 10:02:40 +0100
Subject: [PATCH 234/301] Changed the code to reserve bytes for hostname only
 if needed.

---
 ssl/ssl.h       |  2 +-
 ssl/tls1.c      | 24 ++++++++++++++++++------
 ssl/tls1.h      |  2 +-
 ssl/tls1_clnt.c | 34 +++++++++++++++++-----------------
 4 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index c39f921f58..b287d5aa8b 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -360,7 +360,7 @@ EXP_FUNC int STDCALL ssl_get_config(int offset);
  * - 1 on success
  * - 0 on failure
  */
-EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name);
+EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
 
 /**
  * @brief Display why the handshake failed.
diff --git a/ssl/tls1.c b/ssl/tls1.c
index a1783bf469..195cb0196c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -568,6 +568,8 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
     ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
 
+    ssl->host_name = NULL;
+
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
     return ssl;
 }
@@ -1852,14 +1854,24 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
 /**
  * Sets the SNI hostname
  */
-EXP_FUNC int STDCALL ssl_set_hostname(const SSL *ssl, const char* host_name) {
-	if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
-		return 0;
-	}
+EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
+    if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
+        return 0;
+    }
+
+    if(ssl->host_name != NULL) {
+        free(ssl->host_name);
+    }
+
+    ssl->host_name = (char *)malloc(strlen(host_name)+1);
+    if(ssl->host_name == NULL) {
+        // most probably there was no memory available
+        return 0;
+    }
 
-	strncpy((char*)&ssl->host_name, host_name, strlen(host_name));
+    strcpy(ssl->host_name, host_name);
 
-	return 1;
+    return 1;
 }
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
diff --git a/ssl/tls1.h b/ssl/tls1.h
index d5440aa6c3..c53ce6da06 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -198,7 +198,7 @@ struct _SSL
     uint8_t read_sequence[8];       /* 64 bit sequence number */
     uint8_t write_sequence[8];      /* 64 bit sequence number */
     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
-    const char host_name[255]; /* Needed for the SNI support */
+    char *host_name; /* Needed for the SNI support */
 };
 
 typedef struct _SSL SSL;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 5eee5713ac..b84877da73 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -221,23 +221,23 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
 
-    if (ssl->host_name[0] != 0) {
-         unsigned int host_len = strnlen((char*) ssl->host_name, 255);
-
-         buf[offset++] = 0;
-         buf[offset++] = host_len+9;     /* extensions length */
-
-         buf[offset++] = 0;
-         buf[offset++] = 0;              /* server_name(0) (65535) */
-         buf[offset++] = 0;
-         buf[offset++] = host_len+5;     /* server_name length */
-         buf[offset++] = 0;
-         buf[offset++] = host_len+3;     /* server_list length */
-         buf[offset++] = 0;              /* host_name(0) (255) */
-         buf[offset++] = 0;
-         buf[offset++] = host_len;       /* host_name length */
-         strncpy((char*) &buf[offset], ssl->host_name, host_len);
-         offset += host_len;
+    if (ssl->host_name != NULL) {
+        unsigned int host_len = strlen(ssl->host_name);
+
+        buf[offset++] = 0;
+        buf[offset++] = host_len+9;     /* extensions length */
+
+        buf[offset++] = 0;
+        buf[offset++] = 0;              /* server_name(0) (65535) */
+        buf[offset++] = 0;
+        buf[offset++] = host_len+5;     /* server_name length */
+        buf[offset++] = 0;
+        buf[offset++] = host_len+3;     /* server_list length */
+        buf[offset++] = 0;              /* host_name(0) (255) */
+        buf[offset++] = 0;
+        buf[offset++] = host_len;       /* host_name length */
+        strncpy((char*) &buf[offset], ssl->host_name, host_len);
+        offset += host_len;
     }
 
     buf[3] = offset - 4;            /* handshake size */

From 28869ea94b3b1cabfbe8679d962adc12ba0b28db Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 26 Feb 2016 16:09:47 +0300
Subject: [PATCH 235/301] Use free followed by malloc instead of realloc when
 increasing raw buffer

At this point we don't need to preserve the data inside the buffer.
Using free followed by malloc reduces fragmentation for some heap implementations.
---
 ssl/tls1.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 195cb0196c..bac9d96f62 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1402,15 +1402,19 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
 void increase_bm_data_size(SSL *ssl)
 {
-    uint8_t* pr = (uint8_t*) realloc(ssl->bm_all_data, RT_MAX_PLAIN_LENGTH + RT_EXTRA);
-    if (pr) {
-        ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
-        ssl->bm_all_data = pr;
-        ssl->bm_data = pr + BM_RECORD_OFFSET;
+    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
+        return;
     }
-    else {
+
+    free(ssl->bm_all_data);
+    ssl->bm_data = 0;
+    ssl->bm_all_data = malloc(RT_MAX_PLAIN_LENGTH + RT_EXTRA);
+    if (!ssl->bm_all_data) {
         printf("failed to grow plain buffer\r\n");
+        return;
     }
+    ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
 }
 
 /**

From 9eaeca3a030692bdf949b89d80705061b516f70b Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 26 Feb 2016 16:21:09 +0300
Subject: [PATCH 236/301] Postpone freeing of X509 context to the first data
 exchange after handshake

X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.

Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
---
 ssl/tls1.c      | 32 +++++++++++++++++++++++++++-----
 ssl/tls1.h      |  2 --
 ssl/tls1_clnt.c |  5 +----
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index bac9d96f62..51b64b1f86 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -52,6 +52,7 @@ static int set_key_block(SSL *ssl, int is_write);
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
 static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
+static void certificate_free(SSL* ssl);
 
 /**
  * The server will pick the cipher based on the order that the order that the
@@ -247,8 +248,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     free(ssl->encrypt_ctx);
     free(ssl->decrypt_ctx);
     disposable_free(ssl);
+    certificate_free(ssl);
     free(ssl->bm_all_data);
-    free(ssl->fingerprint);
     free(ssl);
 }
 
@@ -257,6 +258,9 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
  */
 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 {
+    if (ssl->hs_status == SSL_OK) {
+        certificate_free(ssl);
+    }
     int ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
@@ -281,7 +285,9 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
     int n = out_len, nw, i, tot = 0;
-
+    if (ssl->hs_status == SSL_OK) {
+        certificate_free(ssl);
+    }
     /* maximum size of a TLS packet is around 16kB, so fragment */
     do 
     {
@@ -547,7 +553,6 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
     disposable_new(ssl);
-    ssl->fingerprint = 0;
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
@@ -1671,12 +1676,17 @@ void disposable_free(SSL *ssl)
         free(ssl->dc);
         ssl->dc = NULL;
     }
+}
+
+static void certificate_free(SSL* ssl)
+{
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     if (ssl->x509_ctx) {
         x509_free(ssl->x509_ctx);
         ssl->x509_ctx = 0;
     }
 #endif
+    increase_bm_data_size(ssl);
 }
 
 #ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
@@ -1945,9 +1955,21 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
 
 EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
 {
-    if (!ssl->fingerprint)
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->fingerprint == NULL)
         return 1;
-    return memcmp(ssl->fingerprint, fp, SHA1_SIZE);
+    int res = memcmp(ssl->x509_ctx->fingerprint, fp, SHA1_SIZE);
+    if (res != 0) {
+        printf("cert FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->fingerprint[i]);
+        }
+        printf("\r\ntest FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", fp[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
 }
 
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index c53ce6da06..2b002baea6 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -190,8 +190,6 @@ struct _SSL
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     X509_CTX *x509_ctx;
 #endif
-    uint8_t* fingerprint;
-
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
     uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index b84877da73..cdb94468ec 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -119,10 +119,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, buf, hs_len);
-            ssl->fingerprint = ssl->x509_ctx->fingerprint;
-            ssl->x509_ctx->fingerprint = 0;
-            disposable_free(ssl);   /* free up some memory */
-            increase_bm_data_size(ssl);
+            disposable_free(ssl);
             /* note: client renegotiation is not allowed after this */
             break;
 

From c18bb56e6100177cfa0bef3c90708efb9d7a071d Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 26 Feb 2016 16:40:05 +0300
Subject: [PATCH 237/301] Add travis CI

---
 .travis.yml             | 43 +++++++++++++++++++++++++++++++++++++++++
 Makefile                |  2 --
 Makefile.local.template |  3 ---
 3 files changed, 43 insertions(+), 5 deletions(-)
 create mode 100644 .travis.yml
 delete mode 100644 Makefile.local.template

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000000..e948be2508
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,43 @@
+sudo: false
+language: bash
+os:
+  - linux
+
+script:
+  # Download Arduino IDE
+  - wget -O arduino.tar.xz https://www.arduino.cc/download.php?f=/arduino-nightly-linux64.tar.xz
+  - tar xf arduino.tar.xz
+  - mv arduino-nightly $HOME/arduino_ide
+  # Download ESP8266 Arduino core
+  - cd $HOME/arduino_ide/hardware
+  - mkdir esp8266com
+  - cd esp8266com
+  - git clone https://github.com/esp8266/Arduino.git esp8266
+  - cd esp8266
+  - export ESP8266_ARDUINO_DIR="$PWD"
+  # Download toolchain and esptool
+  - cd tools
+  - python get.py
+  - export PATH="$PATH:$PWD/xtensa-lx106-elf/bin"
+  # Build axTLS
+  - cd $TRAVIS_BUILD_DIR
+  - make
+  # Copy the library into Arduino core
+  - cp bin/libaxtls.a $ESP8266_ARDUINO_DIR/tools/sdk/lib/libaxtls.a
+  # Try building examples in ESP8266WiFi library from the ESP8266 Arduino core
+  - /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_1.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :1 -ac -screen 0 1280x1024x16
+  - sleep 3
+  - export DISPLAY=:1.0
+  - export PATH="$HOME/arduino_ide:$PATH"
+  - which arduino
+  - cd $ESP8266_ARDUINO_DIR
+  - source tests/common.sh
+  - arduino --board esp8266com:esp8266:generic --save-prefs
+  - arduino --get-pref sketchbook.path
+  - build_sketches arduino $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
+  # Feel free to add more test cases (for other environments) here
+
+notifications:
+  email:
+    on_success: change
+    on_failure: change
diff --git a/Makefile b/Makefile
index 2f9d349bf5..5b3a9b2d08 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,3 @@
-include Makefile.local
-
 TOOLCHAIN_PREFIX := xtensa-lx106-elf-
 CC := $(TOOLCHAIN_PREFIX)gcc
 AR := $(TOOLCHAIN_PREFIX)ar
diff --git a/Makefile.local.template b/Makefile.local.template
deleted file mode 100644
index 937027f990..0000000000
--- a/Makefile.local.template
+++ /dev/null
@@ -1,3 +0,0 @@
-# Set this to SDK path and save as Makefile.local
-SDK_BASE := $(HOME)/esp8266/sdk
-

From 96fbb39f21d3af7ca3e4dee78f8c45c4e2e652b5 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrr@users.noreply.github.com>
Date: Fri, 26 Feb 2016 17:10:31 +0300
Subject: [PATCH 238/301] Update README.md

---
 README.md | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 04779e8de9..e0e454a4b6 100644
--- a/README.md
+++ b/README.md
@@ -1,20 +1,28 @@
 Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
 Currently based on axTLS 1.4.9, will be upgraded to 1.5.3.
 
+[![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
+
 This is not a self-sufficient library. Application has to provide the following symbols (list not complete yet):
 ```
-malloc
-calloc
-free
-abort
+ax_port_malloc
+ax_port_calloc
+ax_port_realloc
+ax_port_free
+ax_port_read
+ax_port_write
+ax_port_open
+ax_port_close
+ax_get_file
+phy_get_rand  (provided by the IoT SDK)
+ets_printf    (in ESP8266 ROM)
+ets_putc      (in ESP8266 ROM)
 gettimeofday
 time
 ctime
-printf
-vprintf
 ```
 
-Additionally, functions for non-blocking TCP socket reads and writes have to be provided (details TBD).
+For use with LwIP raw TCP API, see [compat/README.md](compat/README.md)
 
 To build, add xtensa toolchain to your path, and run `make`.
 

From 324c2fdade3f39b4c7fb7fbe707f4a313023ecd3 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Fri, 26 Feb 2016 17:53:19 +0300
Subject: [PATCH 239/301] Terminate connection if increase_bm_data_size fails

As suggested in https://github.com/igrr/axtls-8266/issues/2#issuecomment-188544798
---
 ssl/tls1.c      | 29 ++++++++++++++++++-----------
 ssl/tls1.h      |  2 +-
 ssl/tls1_clnt.c |  1 +
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 51b64b1f86..7652e086fb 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -53,6 +53,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
 static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
 static void certificate_free(SSL* ssl);
+static int increase_bm_data_size(SSL *ssl);
 
 /**
  * The server will pick the cipher based on the order that the order that the
@@ -258,10 +259,11 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
  */
 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 {
-    if (ssl->hs_status == SSL_OK) {
-        certificate_free(ssl);
+    int ret = increase_bm_data_size(ssl);
+    if (ret != SSL_OK) {
+        return ret;
     }
-    int ret = basic_read(ssl, in_data);
+    ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
     if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
@@ -285,8 +287,9 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
     int n = out_len, nw, i, tot = 0;
-    if (ssl->hs_status == SSL_OK) {
-        certificate_free(ssl);
+    int ret = increase_bm_data_size(ssl);
+    if (ret != SSL_OK) {
+        return ret;
     }
     /* maximum size of a TLS packet is around 16kB, so fragment */
     do 
@@ -549,6 +552,7 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->flag = SSL_NEED_RECORD;
     ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
+    ssl->can_increase_data_size = false;
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
 #endif
@@ -1405,21 +1409,25 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     return ret;
 }
 
-void increase_bm_data_size(SSL *ssl)
+int increase_bm_data_size(SSL *ssl)
 {
-    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
-        return;
+    if (!ssl->can_increase_data_size ||
+        ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
+        return SSL_OK;
     }
-
+    ssl->can_increase_data_size = false;
+    certificate_free(ssl);
     free(ssl->bm_all_data);
     ssl->bm_data = 0;
     ssl->bm_all_data = malloc(RT_MAX_PLAIN_LENGTH + RT_EXTRA);
     if (!ssl->bm_all_data) {
         printf("failed to grow plain buffer\r\n");
-        return;
+        ssl->hs_status == SSL_ERROR_DEAD;
+        return SSL_ERROR_CONN_LOST;
     }
     ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
     ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
+    return SSL_OK;
 }
 
 /**
@@ -1686,7 +1694,6 @@ static void certificate_free(SSL* ssl)
         ssl->x509_ctx = 0;
     }
 #endif
-    increase_bm_data_size(ssl);
 }
 
 #ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 2b002baea6..7dfb918a90 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -189,6 +189,7 @@ struct _SSL
 #endif
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     X509_CTX *x509_ctx;
+    bool can_increase_data_size;
 #endif
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
@@ -261,7 +262,6 @@ void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
 #ifdef CONFIG_SSL_ENABLE_CLIENT
 int do_client_connect(SSL *ssl);
 #endif
-void increase_bm_data_size(SSL *ssl);
 
 #ifdef CONFIG_SSL_FULL_MODE
 void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index cdb94468ec..2de777f076 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -119,6 +119,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, buf, hs_len);
+            ssl->can_increase_data_size = true;
             disposable_free(ssl);
             /* note: client renegotiation is not allowed after this */
             break;

From b33ef68e6a3e2be1171e5a9f5b6156af424489ec Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Wed, 2 Mar 2016 15:17:47 +0300
Subject: [PATCH 240/301] Fix handshake status not being set if
 increase_bm_data_size fails

Also set warning level to -Wall
https://github.com/esp8266/Arduino/issues/1708
---
 Makefile   | 2 +-
 ssl/tls1.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 5b3a9b2d08..15c5e72233 100644
--- a/Makefile
+++ b/Makefile
@@ -40,7 +40,7 @@ LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
 
 CFLAGS+=-std=c99 -DESP8266
 
-CFLAGS += -Os -g -O2 -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
 BIN_DIR := bin
 AXTLS_AR := $(BIN_DIR)/libaxtls.a
 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 7652e086fb..8b53ee36a8 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1415,16 +1415,16 @@ int increase_bm_data_size(SSL *ssl)
         ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
         return SSL_OK;
     }
-    ssl->can_increase_data_size = false;
     certificate_free(ssl);
     free(ssl->bm_all_data);
     ssl->bm_data = 0;
     ssl->bm_all_data = malloc(RT_MAX_PLAIN_LENGTH + RT_EXTRA);
     if (!ssl->bm_all_data) {
         printf("failed to grow plain buffer\r\n");
-        ssl->hs_status == SSL_ERROR_DEAD;
+        ssl->hs_status = SSL_ERROR_DEAD;
         return SSL_ERROR_CONN_LOST;
     }
+    ssl->can_increase_data_size = false;
     ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
     ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
     return SSL_OK;

From 5b4be7d2738de5874f2e302157a0b726fe7bd4a6 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Wed, 2 Mar 2016 15:34:15 +0300
Subject: [PATCH 241/301] Reserve 16k fragment buffer only when it is actually
 required.

This change reduces memory pressure when server response size fits into 6k buffer allocated by default.
---
 ssl/tls1.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 8b53ee36a8..e7b8319d00 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -259,11 +259,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
  */
 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 {
-    int ret = increase_bm_data_size(ssl);
-    if (ret != SSL_OK) {
-        return ret;
-    }
-    ret = basic_read(ssl, in_data);
+    int ret = basic_read(ssl, in_data);
 
     /* check for return code so we can send an alert */
     if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
@@ -287,10 +283,6 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
     int n = out_len, nw, i, tot = 0;
-    int ret = increase_bm_data_size(ssl);
-    if (ret != SSL_OK) {
-        return ret;
-    }
     /* maximum size of a TLS packet is around 16kB, so fragment */
     do 
     {
@@ -1293,9 +1285,21 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         /* do we violate the spec with the message size?  */
         if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
         {
-            ret = SSL_ERROR_INVALID_PROT_MSG;              
             printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
-            goto error;
+            if (ssl->can_increase_data_size)
+            {
+                ret = increase_bm_data_size(ssl);
+                if (ret != SSL_OK)
+                {
+                    ret = SSL_ERROR_INVALID_PROT_MSG;
+                    goto error;
+                }
+            }
+            else
+            {
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+                goto error;
+            }
         }
 
         CLR_SSL_FLAG(SSL_NEED_RECORD);

From fe4518da8de87a751ff74111884c775152287ae5 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 19 Apr 2016 07:56:22 +0300
Subject: [PATCH 242/301] Make SNI host name an ssl_client_new argument

ssl_set_hostname was mostly useless, because it allowed setting host name of an existing SSL object. However SNI was sent as part of client_hello, which was done in ssl_client_new. So it wasn't possible to actually set host name before connection would start.
---
 ssl/ssl.h       | 13 ++-----------
 ssl/tls1.c      | 24 +-----------------------
 ssl/tls1_clnt.c |  6 +++++-
 3 files changed, 8 insertions(+), 35 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index b287d5aa8b..9d9a61463a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -241,10 +241,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * can be null if no session resumption is being used or required. This option
  * is not used in skeleton mode.
  * @param sess_id_size The size of the session id (max 32)
+ * @param host_name If non-zero, host name to be sent to server for SNI support
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
 
 /**
  * @brief Free any used resources on this connection. 
@@ -352,16 +353,6 @@ EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
  */
 EXP_FUNC int STDCALL ssl_get_config(int offset);
 
-/**
- * @brief Sets the hostname to be used for SNI
- * @see https://en.wikipedia.org/wiki/Server_Name_Indication
- * @param char* hostname
- * @return success from the operation
- * - 1 on success
- * - 0 on failure
- */
-EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name);
-
 /**
  * @brief Display why the handshake failed.
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
index e7b8319d00..e581ae0ea4 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -251,6 +251,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     disposable_free(ssl);
     certificate_free(ssl);
     free(ssl->bm_all_data);
+    free(ssl->host_name);
     free(ssl);
 }
 
@@ -1876,29 +1877,6 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
     }
 }
 
-/**
- * Sets the SNI hostname
- */
-EXP_FUNC int STDCALL ssl_set_hostname(SSL *ssl, const char* host_name) {
-    if(host_name == NULL || strlen(host_name) == 0 || strlen(host_name) > 255 ) {
-        return 0;
-    }
-
-    if(ssl->host_name != NULL) {
-        free(ssl->host_name);
-    }
-
-    ssl->host_name = (char *)malloc(strlen(host_name)+1);
-    if(ssl->host_name == NULL) {
-        // most probably there was no memory available
-        return 0;
-    }
-
-    strcpy(ssl->host_name, host_name);
-
-    return 1;
-}
-
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 /**
  * Authenticate a received certificate.
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 2de777f076..c72a2072e1 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -48,7 +48,7 @@ static int send_cert_verify(SSL *ssl);
  * Establish a new SSL connection to an SSL server.
  */
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size)
+        uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
@@ -66,6 +66,10 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
     }
 
+    if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
+        ssl->host_name = (char *)strdup(host_name);
+    }
+
     SET_SSL_FLAG(SSL_IS_CLIENT);
     do_client_connect(ssl);
     return ssl;

From 3fdea2885d0f8287c81069b5b90cce7a170f0b48 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 19 Apr 2016 08:41:06 +0300
Subject: [PATCH 243/301] Fix Travis build

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index e948be2508..5258cf5890 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,7 +34,7 @@ script:
   - source tests/common.sh
   - arduino --board esp8266com:esp8266:generic --save-prefs
   - arduino --get-pref sketchbook.path
-  - build_sketches arduino $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
+  - build_sketches $HOME/arduino_ide $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
   # Feel free to add more test cases (for other environments) here
 
 notifications:

From 69c757f2a366c79e0ff7385aa7b0bcbec958b2a2 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrokhotkov@gmail.com>
Date: Tue, 19 Apr 2016 09:30:50 +0300
Subject: [PATCH 244/301] Allow plain buffer size increase during handshake

---
 ssl/tls1.c      | 45 +++++++++++++++++++++++----------------------
 ssl/tls1.h      |  2 +-
 ssl/tls1_clnt.c |  3 +--
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index e581ae0ea4..68c188e10f 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -53,7 +53,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
 static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
 static void certificate_free(SSL* ssl);
-static int increase_bm_data_size(SSL *ssl);
+static int increase_bm_data_size(SSL *ssl, size_t size);
 
 /**
  * The server will pick the cipher based on the order that the order that the
@@ -285,6 +285,11 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
 {
     int n = out_len, nw, i, tot = 0;
     /* maximum size of a TLS packet is around 16kB, so fragment */
+
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
+
     do 
     {
         nw = n;
@@ -545,9 +550,9 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->flag = SSL_NEED_RECORD;
     ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
     ssl->hs_status = SSL_NOT_OK;            /* not connected */
-    ssl->can_increase_data_size = false;
 #ifdef CONFIG_ENABLE_VERIFICATION
     ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+    ssl->can_free_certificates = false;
 #endif
     disposable_new(ssl);
 
@@ -1214,6 +1219,10 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     uint8_t *buf = ssl->bm_data;
 
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
+
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
@@ -1287,16 +1296,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
         {
             printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
-            if (ssl->can_increase_data_size)
-            {
-                ret = increase_bm_data_size(ssl);
-                if (ret != SSL_OK)
-                {
-                    ret = SSL_ERROR_INVALID_PROT_MSG;
-                    goto error;
-                }
-            }
-            else
+            ret = increase_bm_data_size(ssl, ssl->need_bytes + BM_RECORD_OFFSET - RT_EXTRA);
+            if (ret != SSL_OK)
             {
                 ret = SSL_ERROR_INVALID_PROT_MSG;
                 goto error;
@@ -1414,24 +1415,22 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     return ret;
 }
 
-int increase_bm_data_size(SSL *ssl)
+int increase_bm_data_size(SSL *ssl, size_t size)
 {
-    if (!ssl->can_increase_data_size ||
-        ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
+    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
         return SSL_OK;
     }
-    certificate_free(ssl);
-    free(ssl->bm_all_data);
-    ssl->bm_data = 0;
-    ssl->bm_all_data = malloc(RT_MAX_PLAIN_LENGTH + RT_EXTRA);
-    if (!ssl->bm_all_data) {
+    size_t required = (size + 1023) & ~(1023); // round up to 1k
+    required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
+    uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);
+    if (!new_bm_all_data) {
         printf("failed to grow plain buffer\r\n");
         ssl->hs_status = SSL_ERROR_DEAD;
         return SSL_ERROR_CONN_LOST;
     }
-    ssl->can_increase_data_size = false;
-    ssl->max_plain_length = RT_MAX_PLAIN_LENGTH;
+    ssl->bm_all_data = new_bm_all_data;
     ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
+    ssl->max_plain_length = required;
     return SSL_OK;
 }
 
@@ -1689,6 +1688,7 @@ void disposable_free(SSL *ssl)
         free(ssl->dc);
         ssl->dc = NULL;
     }
+    ssl->can_free_certificates = true;
 }
 
 static void certificate_free(SSL* ssl)
@@ -1698,6 +1698,7 @@ static void certificate_free(SSL* ssl)
         x509_free(ssl->x509_ctx);
         ssl->x509_ctx = 0;
     }
+    ssl->can_free_certificates = false;
 #endif
 }
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 7dfb918a90..e03eef9be6 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -189,7 +189,7 @@ struct _SSL
 #endif
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     X509_CTX *x509_ctx;
-    bool can_increase_data_size;
+    bool can_free_certificates;
 #endif
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
     uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index c72a2072e1..46f9df24b8 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -66,7 +66,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
     }
 
-    if(host_name != NULL && strlen(host_name) > 0 || strlen(host_name) < 255 ) {
+    if(host_name != NULL && strlen(host_name) > 0) {
         ssl->host_name = (char *)strdup(host_name);
     }
 
@@ -123,7 +123,6 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
 
         case HS_FINISHED:
             ret = process_finished(ssl, buf, hs_len);
-            ssl->can_increase_data_size = true;
             disposable_free(ssl);
             /* note: client renegotiation is not allowed after this */
             break;

From cd6c04a809e93da2f2fe861368fea610159612b5 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 10 May 2016 23:00:33 +0800
Subject: [PATCH 245/301] Add hooks to feed watchdog during lengthy bigint
 operations

---
 compat/lwipr_compat.c | 3 +++
 crypto/bigint.c       | 2 ++
 ssl/os_port.h         | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/compat/lwipr_compat.c b/compat/lwipr_compat.c
index 834b3f071c..a334454fb0 100644
--- a/compat/lwipr_compat.c
+++ b/compat/lwipr_compat.c
@@ -217,6 +217,9 @@ int ax_get_file(const char *filename, uint8_t **buf) {
     return 0;
 }
 
+void ax_wdt_feed() {
+}
+
 /*
  * Utility functions
  */
diff --git a/crypto/bigint.c b/crypto/bigint.c
index e9ca04cb99..3d44def096 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -1218,6 +1218,7 @@ bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
 
     check(bixy);
 
+    ax_wdt_feed();
     if (ctx->use_classical)     /* just use classical instead */
     {
         return bi_mod(ctx, bixy);
@@ -1274,6 +1275,7 @@ bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
     check(bi);
     check(bim);
 
+    ax_wdt_feed();
     /* use Classical method instead  - Barrett cannot help here */
     if (bi->size > k*2)
     {
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 73a0e917b7..c11ec3bd30 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -81,6 +81,8 @@ extern "C" {
 #define hmac_sha1 ax_hmac_sha1
 #define hmac_md5 ax_hmac_md5
 
+void ax_wdt_feed();
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */

From 139914f31250d8341b6ecdae7e3c8ab3422135a6 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 10 May 2016 23:17:44 +0800
Subject: [PATCH 246/301] Add option for blocking reads

---
 ssl/ssl.h       |  1 +
 ssl/tls1.c      | 37 +++++++++++++++++++++++++------------
 ssl/tls1_clnt.c |  3 +++
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9d9a61463a..11debcb94c 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -83,6 +83,7 @@ extern "C" {
 #define SSL_DISPLAY_CERTS                       0x00200000
 #define SSL_DISPLAY_RSA                         0x00400000
 #define SSL_CONNECT_IN_PARTS                    0x00800000
+#define SSL_READ_BLOCKING                       0x01000000
 
 /* errors that can be generated */
 #define SSL_OK                                  0
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 68c188e10f..f8ec6b0a72 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -260,21 +260,23 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
  */
 EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
 {
-    int ret = basic_read(ssl, in_data);
+    int ret = SSL_OK;
+    do {
+        ret= basic_read(ssl, in_data);
 
-    /* check for return code so we can send an alert */
-    if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
-    {
-        if (ret != SSL_ERROR_CONN_LOST)
+        /* check for return code so we can send an alert */
+        if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
         {
-            send_alert(ssl, ret);
-#ifndef CONFIG_SSL_SKELETON_MODE
-            /* something nasty happened, so get rid of this session */
-            kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
-#endif
+            if (ret != SSL_ERROR_CONN_LOST)
+            {
+                send_alert(ssl, ret);
+    #ifndef CONFIG_SSL_SKELETON_MODE
+                /* something nasty happened, so get rid of this session */
+                kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+    #endif
+            }
         }
-    }
-
+    } while (IS_SET_SSL_FLAG(SSL_READ_BLOCKING) && (ssl->got_bytes < ssl->need_bytes) && ret == 0 && !IS_SET_SSL_FLAG(SSL_NEED_RECORD));
     return ret;
 }
 
@@ -558,6 +560,9 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
 
     /* a bit hacky but saves a few bytes of memory */
     ssl->flag |= ssl_ctx->options;
+    if (IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS) && IS_SET_SSL_FLAG(SSL_READ_BLOCKING)) {
+        CLR_SSL_FLAG(SSL_READ_BLOCKING);
+    }
     SSL_CTX_LOCK(ssl_ctx->mutex);
 
     if (ssl_ctx->head == NULL)
@@ -1293,6 +1298,14 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         ssl->need_bytes = (buf[3] << 8) + buf[4];
 
         /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            printf("ssl->need_bytes=%d violates spec\r\n", ssl->need_bytes, RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET);
+            ret = SSL_ERROR_INVALID_PROT_MSG;
+            goto error;
+        }
+
+        /* is the allocated buffer large enough to handle all the data? if not, increase its size*/
         if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
         {
             printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 46f9df24b8..c02d903eb3 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -124,6 +124,9 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
         case HS_FINISHED:
             ret = process_finished(ssl, buf, hs_len);
             disposable_free(ssl);
+            if (ssl->ssl_ctx->options & SSL_READ_BLOCKING) {
+                ssl->flag |= SSL_READ_BLOCKING;
+            }
             /* note: client renegotiation is not allowed after this */
             break;
 

From 0c09e2c8a35199971916d91b2ce68246070b32c9 Mon Sep 17 00:00:00 2001
From: Yasuki Ikeuchi <ikeyasu@gmail.com>
Date: Sun, 18 Oct 2015 20:22:31 +0900
Subject: [PATCH 247/301] add be64toh

---
 ssl/os_port.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ssl/os_port.h b/ssl/os_port.h
index e85d426725..791c10af2f 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -82,6 +82,19 @@ extern "C" {
 #define hmac_sha1 ax_hmac_sha1
 #define hmac_md5 ax_hmac_md5
 
+#ifndef be64toh
+# define __bswap_constant_64(x) \
+     ((((x) & 0xff00000000000000ull) >> 56)                                   \
+      | (((x) & 0x00ff000000000000ull) >> 40)                                 \
+      | (((x) & 0x0000ff0000000000ull) >> 24)                                 \
+      | (((x) & 0x000000ff00000000ull) >> 8)                                  \
+      | (((x) & 0x00000000ff000000ull) << 8)                                  \
+      | (((x) & 0x0000000000ff0000ull) << 24)                                 \
+      | (((x) & 0x000000000000ff00ull) << 40)                                 \
+      | (((x) & 0x00000000000000ffull) << 56))
+#define be64toh(x) __bswap_constant_64(x)
+#endif
+
 void ax_wdt_feed();
 
 #elif defined(WIN32)

From 87163b23e0befc85d48627ee5840853cbb505e5b Mon Sep 17 00:00:00 2001
From: Jens Mueller <tschenser@gmx.de>
Date: Sat, 21 May 2016 21:13:48 +0200
Subject: [PATCH 248/301] fix memset usage

---
 ssl/tls1.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 mode change 100755 => 100644 ssl/tls1.c

diff --git a/ssl/tls1.c b/ssl/tls1.c
old mode 100755
new mode 100644
index d38904b1a2..7d96f510c5
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1722,8 +1722,8 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
 
     /* ok, we've used up all of our sessions. So blow the oldest session away */
     oldest_sess->conn_time = tm;
-    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
+    memset(oldest_sess->session_id, 0, SSL_SESSION_ID_SIZE);
+    memset(oldest_sess->master_secret, 0, SSL_SECRET_SIZE);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }

From 07fe8831578948cc9b359378e25156492727304b Mon Sep 17 00:00:00 2001
From: Jens Mueller <tschenser@gmx.de>
Date: Sat, 21 May 2016 21:26:39 +0200
Subject: [PATCH 249/301] fix doubled code introduced with r231 - 97f9f969

---
 ssl/tls1.c | 2 --
 1 file changed, 2 deletions(-)
 mode change 100755 => 100644 ssl/tls1.c

diff --git a/ssl/tls1.c b/ssl/tls1.c
old mode 100755
new mode 100644
index d38904b1a2..5833535182
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1448,8 +1448,6 @@ int send_change_cipher_spec(SSL *ssl)
     if (ret >= 0 && set_key_block(ssl, 1) < 0)
         ret = SSL_ERROR_INVALID_HANDSHAKE;
     
-    if (ssl->cipher_info)
-        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
     if (ssl->cipher_info)
         SET_SSL_FLAG(SSL_TX_ENCRYPTED);
 

From a2311331f939085e47c5a956d2b54a981462a750 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <igrr@users.noreply.github.com>
Date: Wed, 1 Jun 2016 17:41:09 +0800
Subject: [PATCH 250/301] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e0e454a4b6..48b4c5e886 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
-Currently based on axTLS 1.4.9, will be upgraded to 1.5.3.
+Currently based on axTLS 1.5.3+.
 
 [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
 

From ab516f799dd43faccaf01ce5eacd5f7a1b9b109a Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Mon, 13 Jun 2016 00:50:25 +0800
Subject: [PATCH 251/301] Purge certificates only when expanding plaintext
 buffer

---
 ssl/tls1.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index cfb9776d01..1a13fc5796 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -288,10 +288,6 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
     int n = out_len, nw, i, tot = 0;
     /* maximum size of a TLS packet is around 16kB, so fragment */
 
-    if (ssl->can_free_certificates) {
-        certificate_free(ssl);
-    }
-
     do 
     {
         nw = n;
@@ -1226,10 +1222,6 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     uint8_t *buf = ssl->bm_data;
 
-    if (ssl->can_free_certificates) {
-        certificate_free(ssl);
-    }
-
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
@@ -1436,6 +1428,9 @@ int increase_bm_data_size(SSL *ssl, size_t size)
     if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
         return SSL_OK;
     }
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
     size_t required = (size + 1023) & ~(1023); // round up to 1k
     required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
     uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);

From 0d6e51aae409ee666bc5f415867815ce06ef9a2a Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sun, 12 Jun 2016 10:51:12 +0000
Subject: [PATCH 252/301] Removed RC4 from the list of negotiated ciphers as
 browsers don't support it anymore

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@252 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/aes.c   |  7 +----
 ssl/openssl.c  |  9 ++----
 ssl/tls1.c     | 75 ++++----------------------------------------------
 ssl/tls1.h     |  4 ---
 ssl/tls1_svr.c | 73 +-----------------------------------------------
 5 files changed, 10 insertions(+), 158 deletions(-)

diff --git a/crypto/aes.c b/crypto/aes.c
index 9b07e27ea1..d573f77901 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -38,9 +38,6 @@
 #include "os_port.h"
 #include "crypto.h"
 
-/* all commented out in skeleton mode */
-#ifndef CONFIG_SSL_SKELETON_MODE
-
 #define rot1(x) (((x) << 24) | ((x) >> 8))
 #define rot2(x) (((x) << 16) | ((x) >> 16))
 #define rot3(x) (((x) <<  8) | ((x) >> 24))
@@ -453,5 +450,3 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
             data[row-1] = tmp[row-1] ^ *(--k);
     }
 }
-
-#endif
diff --git a/ssl/openssl.c b/ssl/openssl.c
index 6b5c4d8ee9..52c3a4967b 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -49,10 +49,8 @@
 
 static char *key_password = NULL;
 
-void *SSLv23_server_method(void) { return NULL; }
 void *SSLv3_server_method(void) { return NULL; }
 void *TLSv1_server_method(void) { return NULL; }
-void *SSLv23_client_method(void) { return NULL; }
 void *SSLv3_client_method(void) { return NULL; }
 void *TLSv1_client_method(void) { return NULL; }
 
@@ -87,8 +85,7 @@ SSL * SSL_new(SSL_CTX *ssl_ctx)
     ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
 
 #ifdef CONFIG_SSL_ENABLE_CLIENT
-    if (ssl_func_type == SSLv23_client_method ||
-        ssl_func_type == SSLv3_client_method ||
+    if (ssl_func_type == SSLv3_client_method ||
         ssl_func_type == TLSv1_client_method)
     {
         SET_SSL_FLAG(SSL_IS_CLIENT);
@@ -231,8 +228,6 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file)
     ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
 }
 
-void SSLv23_method(void) { }
-
 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
 
 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 1a13fc5796..608d0e5fe6 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -59,41 +59,19 @@ static int increase_bm_data_size(SSL *ssl, size_t size);
  * The server will pick the cipher based on the order that the order that the
  * ciphers are listed. This order is defined at compile time.
  */
-#ifdef CONFIG_SSL_SKELETON_MODE
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
-{ SSL_RC4_128_SHA };
-#else
 static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
 
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
-#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
-{ SSL_AES128_SHA, SSL_AES256_SHA};
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* same as medium for now */
+{ SSL_AES128_SHA, SSL_AES256_SHA };
 #elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
-{ SSL_AES128_SHA, SSL_AES256_SHA};
+{ SSL_AES128_SHA, SSL_AES256_SHA };    
 #else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA, SSL_AES128_SHA};
+{ SSL_AES256_SHA, SSL_AES128_SHA };
 #endif
-#endif /* CONFIG_SSL_SKELETON_MODE */
-
 /**
  * The cipher map containing all the essentials for each cipher.
  */
-#ifdef CONFIG_SSL_SKELETON_MODE
-static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
-{
-    {   /* RC4-SHA */
-        SSL_RC4_128_SHA,                /* RC4-SHA */
-        16,                             /* key size */
-        0,                              /* iv size */ 
-        2*(SHA1_SIZE+16),               /* key block size */
-        0,                              /* no padding */
-        SHA1_SIZE,                      /* digest size */
-        hmac_sha1,                      /* hmac algorithm */
-        (crypt_func)RC4_crypt,          /* encrypt */
-        (crypt_func)RC4_crypt           /* decrypt */
-    },
-};
-#else
 static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
 {
     {   /* AES128-SHA */
@@ -117,9 +95,8 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         hmac_sha1,                      /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
-    }
+    },       
 };
-#endif
 
 static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
         uint8_t *out, int olen);
@@ -908,7 +885,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
 {
     switch (ssl->cipher)
     {
-#ifndef CONFIG_SSL_SKELETON_MODE
         case SSL_AES128_SHA:
             {
                 AES_CTX *aes_ctx;
@@ -943,20 +919,6 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
 
                 return (void *)aes_ctx;
             }
-
-        case SSL_RC4_128_MD5:
-#endif
-        case SSL_RC4_128_SHA:
-            {
-                RC4_CTX* rc4_ctx;
-                if (cached)
-                    rc4_ctx = (RC4_CTX*) cached;
-                else
-                    rc4_ctx = (RC4_CTX*) malloc(sizeof(RC4_CTX));
-
-                RC4_setup(rc4_ctx, key, 16);
-                return (void *)rc4_ctx;
-            }
     }
 
     return NULL;    /* its all gone wrong */
@@ -1177,7 +1139,6 @@ static int set_key_block(SSL *ssl, int is_write)
     memcpy(server_key, q, ciph_info->key_size);
     q += ciph_info->key_size;
 
-#ifndef CONFIG_SSL_SKELETON_MODE 
     if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
     {
         memcpy(client_iv, q, ciph_info->iv_size);
@@ -1185,7 +1146,6 @@ static int set_key_block(SSL *ssl, int is_write)
         memcpy(server_iv, q, ciph_info->iv_size);
         q += ciph_info->iv_size;
     }
-#endif
 
     // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
 
@@ -1261,31 +1221,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         /* check for sslv2 "client hello" */
         if (buf[0] & 0x80 && buf[2] == 1)
         {
-#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-            uint8_t version = (buf[3] << 4) + buf[4];
-            DISPLAY_BYTES(ssl, "ssl2 record", buf, 5);
-
-            /* should be v3.1 (TLSv1) or better  */
-            ssl->version = ssl->client_version = version;
-
-            if (version > SSL_PROTOCOL_VERSION_MAX)
-            {
-                /* use client's version */
-                ssl->version = SSL_PROTOCOL_VERSION_MAX;
-            }
-            else if (version < SSL_PROTOCOL_MIN_VERSION)  
-            {
-                ret = SSL_ERROR_INVALID_VERSION;
-                ssl_display_error(ret);
-                return ret;
-            }
-
-            add_packet(ssl, &buf[2], 3);
-            ret = process_sslv23_client_hello(ssl); 
-#else
             printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
             ret = SSL_ERROR_NOT_SUPPORTED;
-#endif
             goto error; /* not an error - just get out of here */
         }
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index abbc933930..e0a008c1bd 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -79,11 +79,7 @@ extern "C" {
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
 
-#ifdef CONFIG_SSL_SKELETON_MODE
-#define NUM_PROTOCOLS               1
-#else
 #define NUM_PROTOCOLS               2
-#endif
 
 #define PARANOIA_CHECK(A, B)        if (A < B) { \
     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index b4b0f648da..9c0cec4449 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -178,77 +178,6 @@ static int process_client_hello(SSL *ssl)
     return ret;
 }
 
-#ifdef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-/*
- * Some browsers use a hybrid SSLv2 "client hello" 
- */
-int process_sslv23_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int bytes_needed = ((buf[0] & 0x7f) << 8) + buf[1];
-    int ret = SSL_OK;
-
-    /* we have already read 3 extra bytes so far */
-    int read_len = SOCKET_READ(ssl->client_fd, buf, bytes_needed-3);
-    int cs_len = buf[1];
-    int id_len = buf[3];
-    int ch_len = buf[5];
-    int i, j, offset = 8;   /* start at first cipher */
-    int random_offset = 0;
-
-    DISPLAY_BYTES(ssl, "received %d bytes", buf, read_len, read_len);
-    
-    /* connection has gone, so die */
-    if (read_len < 0)
-    {
-        return SSL_ERROR_CONN_LOST;
-    }
-
-    add_packet(ssl, buf, read_len);
-
-    /* now work out what cipher suite we are going to use */
-    for (j = 0; j < NUM_PROTOCOLS; j++)
-    {
-        for (i = 0; i < cs_len; i += 3)
-        {
-            if (ssl_prot_prefs[j] == buf[offset+i])
-            {
-                ssl->cipher = ssl_prot_prefs[j];
-                goto server_hello;
-            }
-        }
-    }
-
-    /* ouch! protocol is not supported */
-    ret = SSL_ERROR_NO_CIPHER;
-    goto error;
-
-server_hello:
-    /* get the session id */
-    offset += cs_len - 2;   /* we've gone 2 bytes past the end */
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
-            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
-#endif
-
-    /* get the client random data */
-    offset += id_len;
-
-    /* random can be anywhere between 16 and 32 bytes long - so it is padded
-     * with 0's to the left */
-    if (ch_len == 0x10)
-    {
-        random_offset += 0x10;
-    }
-
-    memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
-    ret = send_server_hello_sequence(ssl);
-
-error:
-    return ret;
-}
-#endif
-
 /*
  * Send the entire server hello sequence
  */

From acc38e3ab332db6353461f00835d63a0cc5d22bd Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Jul 2016 07:07:45 +0000
Subject: [PATCH 253/301] Can handle SSL chains which are out of order (thanks
 Paul Johnstone)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@254 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 76 insertions(+), 4 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 608d0e5fe6..1004e5bc8d 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1855,32 +1855,97 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     int ret = SSL_OK;
     uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
-    int cert_size, offset = 5;
+    int cert_size, offset = 5, offset_start;
     int total_cert_size = (buf[offset]<<8) + buf[offset+1];
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    X509_CTX **chain = x509_ctx;
+    X509_CTX *chain = 0;
+    X509_CTX **certs = 0;
+    int *cert_used = 0;
+    int num_certs = 0;
+    int i = 0;
     offset += 2;
 
     PARANOIA_CHECK(total_cert_size, offset);
 
+    // record the start point for the second pass
+    offset_start = offset;
+
+    // first pass - count the certificates
+    while (offset < total_cert_size)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        offset += cert_size;
+        num_certs++;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    certs = (X509_CTX**) calloc(num_certs, sizeof(void*));
+    cert_used = (int*) calloc(num_certs, sizeof(int));
+    num_certs = 0;
+
+    // restore the offset from the saved value 
+    offset = offset_start;
+
+    // second pass - load the certificates
     while (offset < total_cert_size)
     {
         offset++;       /* skip empty char */
         cert_size = (buf[offset]<<8) + buf[offset+1];
         offset += 2;
         
-        if (x509_new(&buf[offset], NULL, chain))
+        if (x509_new(&buf[offset], NULL, certs+num_certs))
         {
             ret = SSL_ERROR_BAD_CERTIFICATE;
             goto error;
         }
 
-        chain = &((*chain)->next);
+        num_certs++;
         offset += cert_size;
     }
 
     PARANOIA_CHECK(pkt_size, offset);
 
+    // third pass - link certs together, assume server cert is the first
+    *x509_ctx = certs[0];
+    chain = certs[0];
+    cert_used[0] = 1;
+
+    // repeat until the end of the chain is found
+    while (1)
+    {
+        // look for CA cert
+        for( i = 1; i < num_certs; i++ )
+        {
+            if (certs[i] == chain) 
+                continue;
+            if (cert_used[i]) 
+                continue; // don't allow loops
+
+            if (asn1_compare_dn(chain->ca_cert_dn, certs[i]->cert_dn) == 0)
+            {
+                // CA cert found, add it to the chain
+                cert_used[i] = 1;
+                chain->next = certs[i];
+                chain = certs[i];
+                break;
+            }
+        }
+
+        // no CA cert found, reached the end of the chain
+        if (i >= num_certs) 
+            break;
+    }
+
+    // clean up any certs that aren't part of the chain
+    for (i = 1; i < num_certs; i++)
+    {
+        if (cert_used[i] == 0) 
+            x509_free(certs[i]);
+    }
+
     /* if we are client we can do the verify now or later */
     if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
     {
@@ -1890,6 +1955,13 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
     ssl->dc->bm_proc_index += offset;
 error:
+    // clean up arrays
+    if (certs) 
+        free(certs);
+
+    if (cert_used) 
+        free(cert_used);
+
     return ret;
 }
 

From a9eab104994b7c0e1ceead80eb8906f2e2032705 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Jul 2016 19:54:05 +0000
Subject: [PATCH 254/301] Now include os_port.h in tls1.h, but removed
 ax_malloc and friends

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@255 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto_misc.c | 10 +++++-----
 ssl/os_port.c        | 10 ++--------
 ssl/os_port.h        | 24 ++----------------------
 ssl/tls1.h           |  3 ++-
 4 files changed, 11 insertions(+), 36 deletions(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 621b1f6dc1..bf51cbc757 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -109,7 +109,7 @@ int get_file(const char *filename, uint8_t **buf)
 EXP_FUNC void STDCALL RNG_initialize()
 {
 #if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-    rng_fd = ax_open("/dev/urandom", O_RDONLY);
+    rng_fd = open("/dev/urandom", O_RDONLY);
 #elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
     if (!CryptAcquireContext(&gCryptProv,
                       NULL, NULL, PROV_RSA_FULL, 0))
@@ -130,7 +130,7 @@ EXP_FUNC void STDCALL RNG_initialize()
     /* start of with a stack to copy across */
     int i;
     memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
-    srand((unsigned int)&i);
+    rand_r((unsigned int *)entropy_pool); 
 #endif
 }
 
@@ -181,7 +181,7 @@ EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
 #else   /* nothing else to use, so use a custom RNG */
     /* The method we use when we've got nothing better. Use RC4, time
        and a couple of random seeds to generate a random sequence */
-    RC4_CTX rng_ctx;
+    AES_CTX rng_ctx;
     struct timeval tv;
     MD5_CTX rng_digest_ctx;
     uint8_t digest[MD5_SIZE];
@@ -200,10 +200,10 @@ EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
     MD5_Final(digest, &rng_digest_ctx);
 
     /* come up with the random sequence */
-    RC4_setup(&rng_ctx, digest, MD5_SIZE); /* use as a key */
+    AES_set_key(&rng_ctx, digest, (const uint8_t *)ep, AES_MODE_128); /* use as a key */
     memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
 				num_rand_bytes : ENTROPY_POOL_SIZE);
-    RC4_crypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+    AES_cbc_encrypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
 
     /* move things along */
     for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
diff --git a/ssl/os_port.c b/ssl/os_port.c
index b8a2b19a8d..060bc073a5 100644
--- a/ssl/os_port.c
+++ b/ssl/os_port.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2007, Cameron Rich
- *
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -91,9 +91,3 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
 }
 #endif
 
-#undef malloc
-#undef realloc
-#undef calloc
-
-static const char * out_of_mem_str = "out of memory";
-static const char * file_open_str = "Could not open file \"%s\"";
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 791c10af2f..1962938095 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  *
@@ -189,27 +189,7 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */
-#define malloc(A)       ax_port_malloc(A, __FILE__, __LINE__)
-#ifndef realloc
-#define realloc(A,B)    ax_port_realloc(A,B, __FILE__, __LINE__)
-#endif
-#define calloc(A,B)     ax_port_calloc(A,B, __FILE__, __LINE__)
-#define free(x)         ax_port_free(x)
-
-EXP_FUNC void * STDCALL ax_port_malloc(size_t s, const char*, int);
-EXP_FUNC void * STDCALL ax_port_realloc(void *y, size_t s, const char*, int);
-EXP_FUNC void * STDCALL ax_port_calloc(size_t n, size_t s, const char*, int);
-EXP_FUNC void * STDCALL ax_port_free(void*);
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags);
-
-inline uint32_t htonl(uint32_t n){
-  return ((n & 0xff) << 24) |
-    ((n & 0xff00) << 8) |
-    ((n & 0xff0000UL) >> 8) |
-    ((n & 0xff000000UL) >> 24);
-}
-
-#define ntohl htonl
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
 
 #ifdef CONFIG_PLATFORM_LINUX
 void exit_now(const char *format, ...) __attribute((noreturn));
diff --git a/ssl/tls1.h b/ssl/tls1.h
index e0a008c1bd..624fe9dfda 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2014, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -43,6 +43,7 @@ extern "C" {
 #include "version.h"
 #include "config.h"
 #include "os_int.h"
+#include "os_port.h"
 #include "crypto.h"
 #include "crypto_misc.h"
 

From 14d6809c0d59026c18e84a5769d3a13f226b589c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Jul 2016 19:57:29 +0000
Subject: [PATCH 255/301] removed endian.h from os_int.h as it is no longer
 needed and was causing issues with the micropython build

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@256 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/os_int.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/crypto/os_int.h b/crypto/os_int.h
index 69e06c50e4..a849e5b1a4 100644
--- a/crypto/os_int.h
+++ b/crypto/os_int.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Cameron Rich
+ * Copyright (c) 2012-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -56,7 +56,6 @@ typedef INT64 int64_t;
 #include <inttypes.h>
 #else
 #include <stdint.h>
-#include <endian.h>
 #endif /* Not Solaris */
 
 #endif /* Not Win32 */

From 6d0a2c03c31ce8b0fbb47857f774846514da1c3b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Jul 2016 20:07:17 +0000
Subject: [PATCH 256/301] Fixed some skeleton mode warnings

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@257 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/openssl.c | 8 +++++---
 ssl/tls1.c    | 2 ++
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/ssl/openssl.c b/ssl/openssl.c
index 52c3a4967b..3518a7081f 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -79,12 +79,14 @@ void SSL_CTX_free(SSL_CTX * ssl_ctx)
 SSL * SSL_new(SSL_CTX *ssl_ctx)
 {
     SSL *ssl;
-    ssl_func_type_t ssl_func_type;
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    ssl_func_type_t ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+#endif
 
     ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
-    ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
-
 #ifdef CONFIG_SSL_ENABLE_CLIENT
+    ssl_func_type 
+
     if (ssl_func_type == SSLv3_client_method ||
         ssl_func_type == TLSv1_client_method)
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 1004e5bc8d..55a3bae8b5 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -59,7 +59,9 @@ static int increase_bm_data_size(SSL *ssl, size_t size);
  * The server will pick the cipher based on the order that the order that the
  * ciphers are listed. This order is defined at compile time.
  */
+#ifndef CONFIG_SSL_SKELETON_MODE
 static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
+#endif
 
 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
 #ifdef CONFIG_SSL_PROT_LOW                  /* same as medium for now */

From 106a59cf23893ccd1893ba4a9fcdbeb4237ab5aa Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 5 Jul 2016 20:16:05 +0000
Subject: [PATCH 257/301] Removed some printfs in skeleton mode

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@258 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/loader.c  | 12 +++++++++---
 ssl/openssl.c |  2 --
 ssl/tls1.c    |  7 +++----
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/ssl/loader.c b/ssl/loader.c
index 34ee3248dd..3d07323900 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -82,7 +82,9 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
 #ifdef CONFIG_SSL_HAS_PEM
         ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
 #else
+#ifdef CONFIG_SSL_FULL_MODE
         printf("%s", unsupported_str);
+#endif
         ret = SSL_ERROR_NOT_SUPPORTED;
 #endif
     }
@@ -93,7 +95,9 @@ EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type,
     ssl_obj_free(ssl_obj);
     return ret;
 #else
+#ifdef CONFIG_SSL_FULL_MODE
     printf("%s", unsupported_str);
+#endif
     return SSL_ERROR_NOT_SUPPORTED;
 #endif /* CONFIG_SSL_SKELETON_MODE */
 }
@@ -150,7 +154,9 @@ static int do_obj(SSL_CTX *ssl_ctx, int obj_type,
             break;
 #endif
         default:
+#ifdef CONFIG_SSL_FULL_MODE
             printf("%s", unsupported_str);
+#endif
             ret = SSL_ERROR_NOT_SUPPORTED;
             break;
     }
@@ -223,7 +229,7 @@ static int pem_decrypt(const char *where, const char *end,
     if (password == NULL || strlen(password) == 0)
     {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Need a password for this PEM file\n"); TTY_FLUSH();
+        printf("Error: Need a password for this PEM file\n");
 #endif
         goto error;
     }
@@ -240,7 +246,7 @@ static int pem_decrypt(const char *where, const char *end,
     else 
     {
 #ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Unsupported password cipher\n"); TTY_FLUSH();
+        printf("Error: Unsupported password cipher\n");
 #endif
         goto error;
     }
@@ -475,7 +481,7 @@ int load_key_certs(SSL_CTX *ssl_ctx)
 #ifdef CONFIG_SSL_FULL_MODE
     if (ret)
     {
-        printf("Error: Certificate or key not loaded\n"); TTY_FLUSH();
+        printf("Error: Certificate or key not loaded\n");
     }
 #endif
 
diff --git a/ssl/openssl.c b/ssl/openssl.c
index 3518a7081f..d0343e5680 100644
--- a/ssl/openssl.c
+++ b/ssl/openssl.c
@@ -85,8 +85,6 @@ SSL * SSL_new(SSL_CTX *ssl_ctx)
 
     ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
 #ifdef CONFIG_SSL_ENABLE_CLIENT
-    ssl_func_type 
-
     if (ssl_func_type == SSLv3_client_method ||
         ssl_func_type == TLSv1_client_method)
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 55a3bae8b5..4407afe3c4 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1223,7 +1223,9 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         /* check for sslv2 "client hello" */
         if (buf[0] & 0x80 && buf[2] == 1)
         {
-            printf("Error: no SSLv23 handshaking allowed\n"); TTY_FLUSH();
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: no SSLv23 handshaking allowed\n");
+#endif
             ret = SSL_ERROR_NOT_SUPPORTED;
             goto error; /* not an error - just get out of here */
         }
@@ -2054,7 +2056,6 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
     }
 
     printf("%s\n", str);
-    TTY_FLUSH();
 }
 
 /**
@@ -2174,7 +2175,6 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     }
 
     printf("\n");
-    TTY_FLUSH();
 }
 
 /**
@@ -2235,7 +2235,6 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
     }
 
     printf("\n");
-    TTY_FLUSH();
 }
 
 #endif /* CONFIG_SSL_FULL_MODE */

From 549bcb478ea6747c7de09883b8da79946d45eb4b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 18 Jul 2016 20:29:14 +0000
Subject: [PATCH 258/301] Tightened up closure alerts for v1.2 (7.2.1)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@260 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4407afe3c4..93afe8ce5c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -205,7 +205,7 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     /* only notify if we weren't notified first */
     /* spec says we must notify when we are dying */
     if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
-      send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+        send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
 
     ssl_ctx = ssl->ssl_ctx;
 
@@ -1000,6 +1000,9 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
     if (ssl->hs_status == SSL_ERROR_DEAD)
         return SSL_ERROR_CONN_LOST;
 
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
     if (in) /* has the buffer already been initialised? */
     {
         memcpy(ssl->bm_data, in, length);
@@ -1184,6 +1187,9 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     uint8_t *buf = ssl->bm_data;
 
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
     read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                             ssl->need_bytes-ssl->got_bytes);
 
@@ -1335,12 +1341,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
 
         case PT_ALERT_PROTOCOL:
             /* return the alert # with alert bit set */
-            if(buf[0] == SSL_ALERT_TYPE_WARNING &&
+            if (buf[0] == SSL_ALERT_TYPE_WARNING &&
                buf[1] == SSL_ALERT_CLOSE_NOTIFY)
             {
               ret = SSL_CLOSE_NOTIFY;
-              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
-              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
+              ssl_free(ssl);
+              SOCKET_CLOSE(ssl->client_fd);
             }
             else 
             {

From 01a0531bc34b36483687b405c96158565b845e40 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 19 Jul 2016 20:44:20 +0000
Subject: [PATCH 259/301] * Backed out code where close notify from other side
 closed the socket and ssl session. This needs to be done by the application.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@261 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 93afe8ce5c..59801a9954 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -226,7 +226,9 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
 
     /* may already be free - but be sure */
     free(ssl->encrypt_ctx);
+    ssl->encrypt_ctx = NULL;
     free(ssl->decrypt_ctx);
+    ssl->decrypt_ctx = NULL;
     disposable_free(ssl);
     certificate_free(ssl);
     free(ssl->bm_all_data);
@@ -1345,8 +1347,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
                buf[1] == SSL_ALERT_CLOSE_NOTIFY)
             {
               ret = SSL_CLOSE_NOTIFY;
-              ssl_free(ssl);
-              SOCKET_CLOSE(ssl->client_fd);
+              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
             }
             else 
             {

From abda243710e8e0276bca6d84a4064b134746c05c Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 21 Jul 2016 19:26:45 +0000
Subject: [PATCH 260/301] Cleaned up alerts as per TLS v1.2 spec (7.2.2)

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@262 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/ssl.h  |  8 ++++-
 ssl/tls1.c | 88 ++++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 73 insertions(+), 23 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 11debcb94c..36d56fd192 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -91,6 +91,7 @@ extern "C" {
 #define SSL_ERROR_DEAD                          -2
 #define SSL_CLOSE_NOTIFY                        -3
 #define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_RECORD_OVERFLOW               -257
 #define SSL_ERROR_SOCK_SETUP_FAILURE            -258
 #define SSL_ERROR_INVALID_HANDSHAKE             -260
 #define SSL_ERROR_INVALID_PROT_MSG              -261
@@ -115,9 +116,14 @@ extern "C" {
 #define SSL_ALERT_CLOSE_NOTIFY                  0
 #define SSL_ALERT_UNEXPECTED_MESSAGE            10
 #define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_RECORD_OVERFLOW               22
 #define SSL_ALERT_HANDSHAKE_FAILURE             40
 #define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_UNSUPPORTED_CERTIFICATE       43
+#define SSL_ALERT_CERTIFICATE_EXPIRED           45
+#define SSL_ALERT_CERTIFICATE_UNKNOWN           46
 #define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_UNKNOWN_CA                    48
 #define SSL_ALERT_DECODE_ERROR                  50
 #define SSL_ALERT_DECRYPT_ERROR                 51
 #define SSL_ALERT_INVALID_VERSION               70
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 59801a9954..a3b06381b0 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1243,8 +1243,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
         /* do we violate the spec with the message size?  */
         if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
         {
-            printf("ssl->need_bytes=%d violates spec\r\n", ssl->need_bytes, RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET);
-            ret = SSL_ERROR_INVALID_PROT_MSG;
+            ret = SSL_ERROR_RECORD_OVERFLOW;              
             goto error;
         }
 
@@ -1496,7 +1495,7 @@ int send_alert(SSL *ssl, int error_code)
     int is_warning = 0;
     uint8_t buf[2];
 
-    /* Don't bother we're already dead */
+    /* Don't bother, we're already dead */
     if (ssl->hs_status == SSL_ERROR_DEAD)
     {
         return SSL_ERROR_CONN_LOST;
@@ -1518,38 +1517,59 @@ int send_alert(SSL *ssl, int error_code)
             is_warning = 1;
             break;
 
-        case SSL_ERROR_INVALID_HANDSHAKE:
-        case SSL_ERROR_INVALID_PROT_MSG:
+        case SSL_ERROR_NO_CIPHER:
             alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
             break;
 
         case SSL_ERROR_INVALID_HMAC:
-        case SSL_ERROR_FINISHED_INVALID:
             alert_num = SSL_ALERT_BAD_RECORD_MAC;
             break;
 
+        case SSL_ERROR_FINISHED_INVALID:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_DECRYPT_ERROR;
+            break;
+
         case SSL_ERROR_INVALID_VERSION:
             alert_num = SSL_ALERT_INVALID_VERSION;
             break;
 
         case SSL_ERROR_INVALID_SESSION:
-        case SSL_ERROR_NO_CIPHER:
-        case SSL_ERROR_INVALID_KEY:
             alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
             break;
 
-        case SSL_ERROR_BAD_CERTIFICATE:
-            alert_num = SSL_ALERT_BAD_CERTIFICATE;
-            break;
-
         case SSL_ERROR_NO_CLIENT_RENOG:
             alert_num = SSL_ALERT_NO_RENEGOTIATION;
             break;
 
+        case SSL_ERROR_RECORD_OVERFLOW:
+            alert_num = SSL_ALERT_RECORD_OVERFLOW;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED):
+        case SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID):
+            alert_num = SSL_ALERT_CERTIFICATE_EXPIRED;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT):
+            alert_num = SSL_ALERT_UNKNOWN_CA;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
+            alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+        case SSL_X509_ERROR(X509_VFY_ERROR_BAD_SIGNATURE):
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
         default:
-            /* a catch-all for any badly verified certificates */
+            /* a catch-all for anything bad */
             alert_num = (error_code <= SSL_X509_OFFSET) ?  
-                SSL_ALERT_BAD_CERTIFICATE : SSL_ALERT_UNEXPECTED_MESSAGE;
+                SSL_ALERT_CERTIFICATE_UNKNOWN: SSL_ALERT_UNEXPECTED_MESSAGE;
             break;
     }
 
@@ -2125,6 +2145,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
             printf("connection dead");
             break;
 
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overflow");
+            break;
+
         case SSL_ERROR_INVALID_HANDSHAKE:
             printf("invalid handshake");
             break;
@@ -2201,14 +2225,6 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
             printf("close notify");
             break;
 
-        case SSL_ALERT_INVALID_VERSION:
-            printf("invalid version");
-            break;
-
-        case SSL_ALERT_BAD_CERTIFICATE:
-            printf("bad certificate");
-            break;
-
         case SSL_ALERT_UNEXPECTED_MESSAGE:
             printf("unexpected message");
             break;
@@ -2217,14 +2233,38 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
             printf("bad record mac");
             break;
 
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overlow");
+            break;
+
         case SSL_ALERT_HANDSHAKE_FAILURE:
             printf("handshake failure");
             break;
 
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNSUPPORTED_CERTIFICATE:
+            printf("unsupported certificate");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_EXPIRED:
+            printf("certificate expired");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_UNKNOWN:
+            printf("certificate unknown");
+            break;
+
         case SSL_ALERT_ILLEGAL_PARAMETER:
             printf("illegal parameter");
             break;
 
+        case SSL_ALERT_UNKNOWN_CA:
+            printf("unknown ca");
+            break;
+
         case SSL_ALERT_DECODE_ERROR:
             printf("decode error");
             break;
@@ -2233,6 +2273,10 @@ void DISPLAY_ALERT(SSL *ssl, int alert)
             printf("decrypt error");
             break;
 
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
         case SSL_ALERT_NO_RENEGOTIATION:
             printf("no renegotiation");
             break;

From d476a7941138fe03382d1b11f78f69fee8d70144 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 27 Jul 2016 11:05:09 +0000
Subject: [PATCH 261/301] * Initial crack at TLS 1.2 client side only (server
 side is seriously broken).

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@263 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/crypto.h |   4 +-
 crypto/hmac.c   |  36 +++++++-
 ssl/ssl.h       |   6 +-
 ssl/tls1.c      | 240 +++++++++++++++++++++++++++++++-----------------
 ssl/tls1.h      |  26 +++---
 ssl/tls1_clnt.c |  69 +++++++++-----
 ssl/tls1_svr.c  |   2 +-
 7 files changed, 263 insertions(+), 120 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index fcf32c703a..9914afeec1 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -200,6 +200,8 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
         int key_len, uint8_t *digest);
 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
 
 /**************************************************************************
  * RSA declarations 
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 24a04d77ae..e618ee2eb1 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -103,3 +103,37 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
     SHA1_Update(&context, digest, SHA1_SIZE);
     SHA1_Final(digest, &context);
 }
+
+/**
+ * Perform HMAC-SHA256
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA256_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_ipad, 64);
+    SHA256_Update(&context, msg, length);
+    SHA256_Final(digest, &context);
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_opad, 64);
+    SHA256_Update(&context, digest, SHA256_SIZE);
+    SHA256_Final(digest, &context);
+}
+
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 36d56fd192..064a008968 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -97,6 +97,7 @@ extern "C" {
 #define SSL_ERROR_INVALID_PROT_MSG              -261
 #define SSL_ERROR_INVALID_HMAC                  -262
 #define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
 #define SSL_ERROR_INVALID_SESSION               -265
 #define SSL_ERROR_NO_CIPHER                     -266
 #define SSL_ERROR_BAD_CERTIFICATE               -268
@@ -128,12 +129,13 @@ extern "C" {
 #define SSL_ALERT_DECRYPT_ERROR                 51
 #define SSL_ALERT_INVALID_VERSION               70
 #define SSL_ALERT_NO_RENEGOTIATION              100
+#define SSL_ALERT_UNSUPPORTED_EXTENSION         110
 
 /* The ciphers that are supported */
 #define SSL_AES128_SHA                          0x2f
 #define SSL_AES256_SHA                          0x35
-#define SSL_RC4_128_SHA                         0x05
-#define SSL_RC4_128_MD5                         0x04
+#define SSL_AES128_SHA256                       0x3c
+#define SSL_AES256_SHA256                       0x3d
 
 /* build mode ids' */
 #define SSL_BUILD_SKELETON_MODE                 0x01
diff --git a/ssl/tls1.c b/ssl/tls1.c
index a3b06381b0..eb38531f45 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -64,13 +64,14 @@ static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
 #endif
 
 const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
-#ifdef CONFIG_SSL_PROT_LOW                  /* same as medium for now */
-{ SSL_AES128_SHA, SSL_AES256_SHA };
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_AES128_SHA, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES256_SHA256 };
 #elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
-{ SSL_AES128_SHA, SSL_AES256_SHA };    
+{ SSL_AES128_SHA256, SSL_AES256_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };    
 #else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA, SSL_AES128_SHA };
+{ SSL_AES256_SHA, SSL_AES128_SHA256, SSL_AES_256_SHA, SSL_AES128_SHA };
 #endif
+
 /**
  * The cipher map containing all the essentials for each cipher.
  */
@@ -80,9 +81,9 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         SSL_AES128_SHA,                 /* AES128-SHA */
         16,                             /* key size */
         16,                             /* iv size */ 
-        2*(SHA1_SIZE+16+16),            /* key block size */
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+16+16),            /* key block size */
         hmac_sha1,                      /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
@@ -90,17 +91,40 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
     {   /* AES256-SHA */
         SSL_AES256_SHA,                 /* AES256-SHA */
         32,                             /* key size */
-        16,                             /* iv size */
-        2*(SHA1_SIZE+32+16),            /* key block size */
+        16,                             /* iv size */ 
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+32+16),            /* key block size */
         hmac_sha1,                      /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },       
+    {   /* AES128-SHA256 */
+        SSL_AES128_SHA256,              /* AES128-SHA256 */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* AES256-SHA256 */
+        SSL_AES256_SHA256,              /* AES256-SHA256 */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    }
 };
 
-static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
         uint8_t *out, int olen);
 static const cipher_info_t *get_cipher_info(uint8_t cipher);
 static void increment_read_sequence(SSL *ssl);
@@ -615,36 +639,19 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    const size_t prefix_size = 8 + SSL_RECORD_SIZE;
-    bool hmac_inplace = (uint32_t)buf - (uint32_t)ssl->bm_data >= prefix_size;
-    uint8_t tmp[prefix_size];
-    int hmac_len = buf_len + prefix_size;
-    uint8_t *t_buf;
-    if (hmac_inplace) {
-        t_buf = ((uint8_t*)buf) - prefix_size;
-        memcpy(tmp, t_buf, prefix_size);
-    } else {
-        t_buf = (uint8_t *)malloc(hmac_len+10);
-    }
-
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
+    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
+    uint8_t *t_buf = (uint8_t *)alloca(buf_len);
+
+    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
     memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
-    if (!hmac_inplace) {
-        memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
-    }
+    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
 
-    ssl->cipher_info->hmac(t_buf, hmac_len,
-            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ?
-                ssl->server_mac : ssl->client_mac,
+    ssl->cipher_info->hmac(t_buf, hmac_len, 
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
-    if (hmac_inplace) {
-        memcpy(t_buf, tmp, prefix_size);
-    }
-    else {
-        free(t_buf);
-    }
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
@@ -667,7 +674,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         print_blob("client mac", 
                 ssl->client_mac, ssl->cipher_info->digest_size);
     }
-    print_blob("hmac", hmac_buf, SHA1_SIZE);
+    print_blob("hmac", hmac_buf, ssl->cipher_info->digest_size);
 #endif
 }
 
@@ -676,7 +683,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
  */
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
 {   
-    uint8_t hmac_buf[SHA1_SIZE];
+    uint8_t hmac_buf[SHA256_SIZE];
     int hmac_offset;
    
     if (ssl->cipher_info->padding_size)
@@ -731,8 +738,15 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    MD5_Update(&ssl->dc->md5_ctx, pkt, len);
-    SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
+    }
+    else // TLS1.0/1.0
+    {
+        MD5_Update(&ssl->dc->md5_ctx, pkt, len);
+        SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
+    }
 }
 
 /**
@@ -791,27 +805,63 @@ static void p_hash_sha1(const uint8_t *sec, int sec_len,
     }
 }
 
+/**
+ * Work out the SHA256 PRF.
+ */
+static void p_hash_sha256(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[128];
+
+    /* A(1) */
+    hmac_sha256(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA256_SIZE], seed, seed_len);
+    hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA256_SIZE)
+    {
+        uint8_t a2[SHA256_SIZE];
+        out += SHA256_SIZE;
+        olen -= SHA256_SIZE;
+
+        // A(N)
+        hmac_sha256(a1, SHA256_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA256_SIZE);
+
+        // work out the actual hash 
+        hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
 /**
  * Work out the PRF.
  */
-static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
         uint8_t *out, int olen)
 {
-    int len, i;
-    const uint8_t *S1, *S2;
-    uint8_t xbuf[256]; /* needs to be > the amount of key data */
-    uint8_t ybuf[256]; /* needs to be > the amount of key data */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2
+    {
+        p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
+    }
+    else // TLS1.0/1.1
+    {
+        int len, i;
+        const uint8_t *S1, *S2;
+        uint8_t xbuf[256]; /* needs to be > the amount of key data */
+        uint8_t ybuf[256]; /* needs to be > the amount of key data */
 
-    len = sec_len/2;
-    S1 = sec;
-    S2 = &sec[len];
-    len += (sec_len & 1); /* add for odd, make longer */
+        len = sec_len/2;
+        S1 = sec;
+        S2 = &sec[len];
+        len += (sec_len & 1); /* add for odd, make longer */
 
-    p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
-    p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+        p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+        p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
 
-    for (i = 0; i < olen; i++)
-        out[i] = xbuf[i] ^ ybuf[i];
+        for (i = 0; i < olen; i++)
+            out[i] = xbuf[i] ^ ybuf[i];
+    }
 }
 
 /**
@@ -821,24 +871,32 @@ static void prf(const uint8_t *sec, int sec_len, uint8_t *seed, int seed_len,
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
 {
     uint8_t buf[128];   /* needs to be > 13+32+32 in size */
+    //print_blob("premaster secret", premaster_secret, 48);
     strcpy((char *)buf, "master secret");
     memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
     memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
-    prf(premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
+    prf(ssl, premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
             SSL_SECRET_SIZE);
+#if 0
+    print_blob("client random", ssl->dc->client_random, 32);
+    print_blob("server random", ssl->dc->server_random, 32);
+    print_blob("master secret", ssl->dc->master_secret, 48);
+#endif
 }
 
 /**
  * Generate a 'random' blob of data used for the generation of keys.
  */
-static void generate_key_block(uint8_t *client_random, uint8_t *server_random,
+static void generate_key_block(SSL *ssl, 
+        uint8_t *client_random, uint8_t *server_random,
         uint8_t *master_secret, uint8_t *key_block, int key_block_size)
 {
     uint8_t buf[128];
     strcpy((char *)buf, "key expansion");
     memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
     memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
-    prf(master_secret, SSL_SECRET_SIZE, buf, 77, key_block, key_block_size);
+    prf(ssl, master_secret, SSL_SECRET_SIZE, buf, 77, 
+                    key_block, key_block_size);
 }
 
 /** 
@@ -849,8 +907,6 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
     uint8_t mac_buf[128]; 
     uint8_t *q = mac_buf;
-    MD5_CTX md5_ctx = ssl->dc->md5_ctx;
-    SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
 
     if (label)
     {
@@ -858,25 +914,47 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         q += strlen(label);
     }
 
-    MD5_Final(q, &md5_ctx);
-    q += MD5_SIZE;
-    
-    SHA1_Final(q, &sha1_ctx);
-    q += SHA1_SIZE;
-
-    if (label)
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
-        prf(ssl->dc->master_secret, SSL_SECRET_SIZE, mac_buf, (int)(q-mac_buf),
-            digest, SSL_FINISHED_HASH_SIZE);
+        SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
+        SHA256_Final(q, &sha256_ctx);
+        q += SHA256_SIZE;
+
+        if (label)
+        {
+            prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
+                    mac_buf, (int)(q-mac_buf), digest,
+                    SSL_FINISHED_HASH_SIZE);
+        }
+        else    // for use in a certificate verify
+        {
+            memcpy(digest, mac_buf, SHA256_SIZE);
+        }
     }
-    else    /* for use in a certificate verify */
+    else // TLS1.0/1.1
     {
-        memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
+        MD5_CTX md5_ctx = ssl->dc->md5_ctx; // interim copy
+        SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
+
+        MD5_Final(q, &md5_ctx);
+        q += MD5_SIZE;
+        
+        SHA1_Final(q, &sha1_ctx);
+        q += SHA1_SIZE;
+
+        if (label)
+        {
+            prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
+                    mac_buf, (int)(q-mac_buf), digest, SSL_FINISHED_HASH_SIZE);
+        }
+        else    /* for use in a certificate verify */
+        {
+            memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
+        }
     }
 
 #if 0
     printf("label: %s\n", label);
-    print_blob("master secret", ssl->dc->master_secret, 48);
     print_blob("mac_buf", mac_buf, q-mac_buf);
     print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
 #endif
@@ -890,6 +968,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
     switch (ssl->cipher)
     {
         case SSL_AES128_SHA:
+        case SSL_AES128_SHA256:
             {
                 AES_CTX *aes_ctx;
                 if (cached)
@@ -907,6 +986,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
             }
 
         case SSL_AES256_SHA:
+        case SSL_AES256_SHA256:
             {
                 AES_CTX *aes_ctx;
                 if (cached)
@@ -923,6 +1003,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
 
                 return (void *)aes_ctx;
             }
+
     }
 
     return NULL;    /* its all gone wrong */
@@ -1058,7 +1139,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         increment_write_sequence(ssl);
 
         /* add the explicit IV for TLS1.1 */
-        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
                         ssl->cipher_info->iv_size)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
@@ -1109,16 +1190,14 @@ static int set_key_block(SSL *ssl, int is_write)
         return -1;
 
     /* only do once in a handshake */
-    if (ssl->dc->key_block == NULL)
+    if (ssl->dc->bm_proc_index ==0 )
     {
-        ssl->dc->key_block = (uint8_t *)malloc(ciph_info->key_block_size);
-
 #if 0
         print_blob("client", ssl->dc->client_random, 32);
         print_blob("server", ssl->dc->server_random, 32);
         print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
 #endif
-        generate_key_block(ssl->dc->client_random, ssl->dc->server_random,
+        generate_key_block(ssl, ssl->dc->client_random, ssl->dc->server_random,
             ssl->dc->master_secret, ssl->dc->key_block, 
             ciph_info->key_block_size);
 #if 0
@@ -1146,13 +1225,10 @@ static int set_key_block(SSL *ssl, int is_write)
     memcpy(server_key, q, ciph_info->key_size);
     q += ciph_info->key_size;
 
-    if (ciph_info->iv_size)    /* RC4 has no IV, AES does */
-    {
-        memcpy(client_iv, q, ciph_info->iv_size);
-        q += ciph_info->iv_size;
-        memcpy(server_iv, q, ciph_info->iv_size);
-        q += ciph_info->iv_size;
-    }
+    memcpy(client_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
+    memcpy(server_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
 
     // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
 
@@ -1274,7 +1350,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
 
-        if (ssl->version >= SSL_PROTOCOL_VERSION1_1 &&
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
                         ssl->cipher_info->iv_size)
         {
             buf += ssl->cipher_info->iv_size;
@@ -1464,7 +1540,7 @@ int send_change_cipher_spec(SSL *ssl)
  */
 int send_finished(SSL *ssl)
 {
-    uint8_t buf[SSL_FINISHED_HASH_SIZE+4] = {
+    uint8_t buf[128] = {
         HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
 
     /* now add the finished digest mac (12 bytes) */
@@ -1653,6 +1729,7 @@ void disposable_new(SSL *ssl)
     if (ssl->dc == NULL)
     {
         ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
+        SHA256_Init(&ssl->dc->sha256_ctx);
         MD5_Init(&ssl->dc->md5_ctx);
         SHA1_Init(&ssl->dc->sha1_ctx);
     }
@@ -1665,7 +1742,6 @@ void disposable_free(SSL *ssl)
 {
     if (ssl->dc)
     {
-        free(ssl->dc->key_block);
         memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
         free(ssl->dc);
         ssl->dc = NULL;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 624fe9dfda..516626cf81 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -48,9 +48,9 @@ extern "C" {
 #include "crypto_misc.h"
 
 #define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
-#define SSL_PROTOCOL_MINOR_VERSION  0x02   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION_MAX    0x32   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION1_1     0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.2 */
+#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
 #define SSL_FINISHED_HASH_SIZE      12
@@ -80,7 +80,8 @@ extern "C" {
 #define RT_EXTRA                    1024
 #define BM_RECORD_OFFSET            5
 
-#define NUM_PROTOCOLS               2
+#define NUM_PROTOCOLS               4
+#define SIG_ALG_EXTENSION           0x0d
 
 #define PARANOIA_CHECK(A, B)        if (A < B) { \
     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
@@ -114,9 +115,9 @@ typedef struct
     uint8_t cipher;
     uint8_t key_size;
     uint8_t iv_size;
-    uint8_t key_block_size;
     uint8_t padding_size;
     uint8_t digest_size;
+    uint8_t key_block_size;
     hmac_func hmac;
     crypt_func encrypt;
     crypt_func decrypt;
@@ -147,11 +148,12 @@ typedef struct
 {
     MD5_CTX md5_ctx;
     SHA1_CTX sha1_ctx;
-    uint8_t final_finish_mac[SSL_FINISHED_HASH_SIZE];
-    uint8_t *key_block;
-    uint8_t master_secret[SSL_SECRET_SIZE];
+    SHA256_CTX sha256_ctx;
     uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
     uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint8_t final_finish_mac[128];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+    uint8_t key_block[256];
     uint16_t bm_proc_index;
 } DISPOSABLE_CTX;
 
@@ -189,10 +191,10 @@ struct _SSL
     bool can_free_certificates;
 #endif
     uint8_t session_id[SSL_SESSION_ID_SIZE]; 
-    uint8_t client_mac[SHA1_SIZE];  /* for HMAC verification */
-    uint8_t server_mac[SHA1_SIZE];  /* for HMAC verification */
-    uint8_t read_sequence[8];       /* 64 bit sequence number */
-    uint8_t write_sequence[8];      /* 64 bit sequence number */
+    uint8_t client_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t server_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t read_sequence[8];           /* 64 bit sequence number */
+    uint8_t write_sequence[8];          /* 64 bit sequence number */
     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
     char *host_name; /* Needed for the SNI support */
 };
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 77f11780d5..62b457a9e7 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -37,6 +37,11 @@
 
 #ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
 
+/* support sha512/384/256/224/1 rsa */
+static const uint8_t g_sig_alg[] = { 0x00, 0x10, 
+                0x00, SIG_ALG_EXTENSION, 0x00, 0x0c, 0x00, 0x0a,
+                0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01 };
+
 static int send_client_hello(SSL *ssl);
 static int process_server_hello(SSL *ssl);
 static int process_server_hello_done(SSL *ssl);
@@ -227,23 +232,10 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
 
-    if (ssl->host_name != NULL) {
-        unsigned int host_len = strlen(ssl->host_name);
-
-        buf[offset++] = 0;
-        buf[offset++] = host_len+9;     /* extensions length */
-
-        buf[offset++] = 0;
-        buf[offset++] = 0;              /* server_name(0) (65535) */
-        buf[offset++] = 0;
-        buf[offset++] = host_len+5;     /* server_name length */
-        buf[offset++] = 0;
-        buf[offset++] = host_len+3;     /* server_list length */
-        buf[offset++] = 0;              /* host_name(0) (255) */
-        buf[offset++] = 0;
-        buf[offset++] = host_len;       /* host_name length */
-        strncpy((char*) &buf[offset], ssl->host_name, host_len);
-        offset += host_len;
+    if (ssl->version > SSL_PROTOCOL_VERSION_TLS1_1)
+    {
+        memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
+        offset += sizeof(g_sig_alg);
     }
 
     buf[3] = offset - 4;            /* handshake size */
@@ -306,13 +298,46 @@ static int process_server_hello(SSL *ssl)
     ssl->sess_id_size = sess_id_size;
     offset += sess_id_size;
 
-    /* get the real cipher we are using */
+    /* get the real cipher we are using - ignore MSB */
     ssl->cipher = buf[++offset];
     ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
                                         HS_FINISHED : HS_CERTIFICATE;
 
     offset++;   // skip the compr
     PARANOIA_CHECK(pkt_size, offset);
+
+    // Check for extensions from the server - only the signature algorithm
+    // is supported
+    if (pkt_size > offset) 
+    {
+        if (buf[offset++] > 0) // MSB of extension len must be 0
+        {
+            ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
+            goto error;
+        }
+
+        offset++; // ignore the extension size as we only look at one
+
+        if (buf[offset++] == 0 && buf[offset++] == SIG_ALG_EXTENSION)
+        {
+            if (buf[offset++] != 0) // MSB of alg_sig_len must be 0
+            {
+                ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
+                goto error;
+            }
+
+            int alg_sig_len = buf[offset++];
+            offset += alg_sig_len;
+            PARANOIA_CHECK(pkt_size, offset);
+            // we don't use what comes back (for now)
+        }
+        else
+        {
+            ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
+            goto error;
+        }
+    }
+
     ssl->dc->bm_proc_index = offset+1; 
 
 error:
@@ -340,8 +365,10 @@ static int send_client_key_xchg(SSL *ssl)
     buf[0] = HS_CLIENT_KEY_XCHG;
     buf[1] = 0;
 
-    premaster_secret[0] = 0x03; /* encode the version number */
-    premaster_secret[1] = SSL_PROTOCOL_MINOR_VERSION; /* must be TLS 1.1 */
+    // spec says client must use the what is initially negotiated -
+    // and this is our current version
+    premaster_secret[0] = 0x03; 
+    premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f; 
     if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
         return SSL_NOT_OK;
 
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 9c0cec4449..b67f88a74e 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -279,7 +279,7 @@ static int send_server_hello(SSL *ssl)
 
     buf[offset++] = 0;      /* cipher we are using */
     buf[offset++] = ssl->cipher;
-    buf[offset++] = 0;      /* no compression */
+    buf[offset++] = 0;      /* no compression and no extensions supported */
     buf[3] = offset - 4;    /* handshake size */
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }

From 09619c934001c2b44831049d2ca601275f4f2595 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 9 Aug 2016 07:15:32 +0000
Subject: [PATCH 262/301] Client side works with a certificate verify - still
 lots of work to go.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@264 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c          | 81 ++++++++++++++++++++++++-----------------
 ssl/tls1.h          | 11 +++++-
 ssl/tls1_clnt.c     | 89 ++++++++++++++++++++++-----------------------
 ssl/tls1_svr.c      | 45 +++++++++++++++--------
 tools/make_certs.sh |  8 ++--
 5 files changed, 135 insertions(+), 99 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index eb38531f45..c23e36053c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -69,7 +69,7 @@ const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] =
 #elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
 { SSL_AES128_SHA256, SSL_AES256_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };    
 #else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA, SSL_AES128_SHA256, SSL_AES_256_SHA, SSL_AES128_SHA };
+{ SSL_AES256_SHA256, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };
 #endif
 
 /**
@@ -640,7 +640,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)alloca(buf_len);
+    uint8_t *t_buf = (uint8_t *)alloca(buf_len+100);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -683,7 +683,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
  */
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
 {   
-    uint8_t hmac_buf[SHA256_SIZE];
+    uint8_t hmac_buf[128];
     int hmac_offset;
    
     if (ssl->cipher_info->padding_size)
@@ -738,12 +738,22 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
     {
         SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
+#if 0
+uint8_t buf[128];
+SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
+SHA256_Final(buf, &sha256_ctx);
+print_blob("handshake", buf, 8);
+#endif
+
     }
-    else // TLS1.0/1.0
+
+    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0)
     {
+        uint8_t q[128]; 
         MD5_Update(&ssl->dc->md5_ctx, pkt, len);
         SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
     }
@@ -870,7 +880,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
  */
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
 {
-    uint8_t buf[128];   /* needs to be > 13+32+32 in size */
+    uint8_t buf[128]; 
     //print_blob("premaster secret", premaster_secret, 48);
     strcpy((char *)buf, "master secret");
     memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
@@ -903,10 +913,11 @@ static void generate_key_block(SSL *ssl,
  * Calculate the digest used in the finished message. This function also
  * doubles up as a certificate verify function.
  */
-void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
     uint8_t mac_buf[128]; 
     uint8_t *q = mac_buf;
+    int dgst_len;
 
     if (label)
     {
@@ -919,17 +930,7 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
         SHA256_Final(q, &sha256_ctx);
         q += SHA256_SIZE;
-
-        if (label)
-        {
-            prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
-                    mac_buf, (int)(q-mac_buf), digest,
-                    SSL_FINISHED_HASH_SIZE);
-        }
-        else    // for use in a certificate verify
-        {
-            memcpy(digest, mac_buf, SHA256_SIZE);
-        }
+        dgst_len = (int)(q-mac_buf);
     }
     else // TLS1.0/1.1
     {
@@ -941,23 +942,26 @@ void finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         
         SHA1_Final(q, &sha1_ctx);
         q += SHA1_SIZE;
+        dgst_len = (int)(q-mac_buf);
+    }
 
-        if (label)
-        {
-            prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
-                    mac_buf, (int)(q-mac_buf), digest, SSL_FINISHED_HASH_SIZE);
-        }
-        else    /* for use in a certificate verify */
-        {
-            memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
-        }
+    if (label)
+    {
+        prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
+                mac_buf, dgst_len, digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, dgst_len);
     }
 
 #if 0
     printf("label: %s\n", label);
-    print_blob("mac_buf", mac_buf, q-mac_buf);
+    print_blob("mac_buf", mac_buf, dgst_len);
     print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
 #endif
+
+    return dgst_len;
 }   
     
 /**
@@ -1190,19 +1194,18 @@ static int set_key_block(SSL *ssl, int is_write)
         return -1;
 
     /* only do once in a handshake */
-    if (ssl->dc->bm_proc_index ==0 )
+    if (!ssl->dc->key_block_generated)
     {
-#if 0
-        print_blob("client", ssl->dc->client_random, 32);
-        print_blob("server", ssl->dc->server_random, 32);
-        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
-#endif
         generate_key_block(ssl, ssl->dc->client_random, ssl->dc->server_random,
             ssl->dc->master_secret, ssl->dc->key_block, 
             ciph_info->key_block_size);
 #if 0
+        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
         print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
+        print_blob("client random", ssl->dc->client_random, 32);
+        print_blob("server random", ssl->dc->server_random, 32);
 #endif
+        ssl->dc->key_block_generated = 1;
     }
 
     q = ssl->dc->key_block;
@@ -1229,6 +1232,12 @@ static int set_key_block(SSL *ssl, int is_write)
     q += ciph_info->iv_size;
     memcpy(server_iv, q, ciph_info->iv_size);
     q += ciph_info->iv_size;
+#if 0
+        print_blob("client key", client_key, ciph_info->key_size);
+        print_blob("server key", server_key, ciph_info->key_size);
+        print_blob("client iv", client_iv, ciph_info->iv_size);
+        print_blob("server iv", server_iv, ciph_info->iv_size);
+#endif
 
     // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
 
@@ -2285,6 +2294,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     printf("\n");
 }
 
+/**
+ * Debugging routine to display alerts.
+ */
+
 /**
  * Debugging routine to display alerts.
  */
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 516626cf81..03b56499d4 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -81,7 +81,15 @@ extern "C" {
 #define BM_RECORD_OFFSET            5
 
 #define NUM_PROTOCOLS               4
+
 #define SIG_ALG_EXTENSION           0x0d
+#define SIG_ALG_MD5                 1
+#define SIG_ALG_SHA1                2
+#define SIG_ALG_SHA224              3
+#define SIG_ALG_SHA256              4
+#define SIG_ALG_SHA384              5
+#define SIG_ALG_SHA512              6
+#define SIG_ALG_RSA                 1
 
 #define PARANOIA_CHECK(A, B)        if (A < B) { \
     ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
@@ -155,6 +163,7 @@ typedef struct
     uint8_t master_secret[SSL_SECRET_SIZE];
     uint8_t key_block[256];
     uint16_t bm_proc_index;
+    uint8_t key_block_generated;
 } DISPOSABLE_CTX;
 
 struct _SSL
@@ -245,7 +254,7 @@ int send_finished(SSL *ssl);
 int send_certificate(SSL *ssl);
 int basic_read(SSL *ssl, uint8_t **in_data);
 int send_change_cipher_spec(SSL *ssl);
-void finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
 void add_packet(SSL *ssl, const uint8_t *pkt, int len);
 int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 62b457a9e7..d5888a0690 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -37,10 +37,16 @@
 
 #ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
 
-/* support sha512/384/256/224/1 rsa */
-static const uint8_t g_sig_alg[] = { 0x00, 0x10, 
-                0x00, SIG_ALG_EXTENSION, 0x00, 0x0c, 0x00, 0x0a,
-                0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01 };
+/* support sha512/384/256/1 rsa */
+static const uint8_t g_sig_alg[] = { 0x00, 0x08, 
+                0x00, SIG_ALG_EXTENSION, 0x00, 0x04, 0x00, 0x02,
+                SIG_ALG_SHA256, SIG_ALG_RSA };
+
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
 
 static int send_client_hello(SSL *ssl);
 static int process_server_hello(SSL *ssl);
@@ -232,14 +238,13 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
 
-    if (ssl->version > SSL_PROTOCOL_VERSION_TLS1_1)
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
         memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
         offset += sizeof(g_sig_alg);
     }
 
     buf[3] = offset - 4;            /* handshake size */
-
     return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
 }
 
@@ -303,43 +308,13 @@ static int process_server_hello(SSL *ssl)
     ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
                                         HS_FINISHED : HS_CERTIFICATE;
 
-    offset++;   // skip the compr
+    offset += 2; // ignore compression
     PARANOIA_CHECK(pkt_size, offset);
 
-    // Check for extensions from the server - only the signature algorithm
-    // is supported
-    if (pkt_size > offset) 
-    {
-        if (buf[offset++] > 0) // MSB of extension len must be 0
-        {
-            ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
-            goto error;
-        }
-
-        offset++; // ignore the extension size as we only look at one
-
-        if (buf[offset++] == 0 && buf[offset++] == SIG_ALG_EXTENSION)
-        {
-            if (buf[offset++] != 0) // MSB of alg_sig_len must be 0
-            {
-                ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
-                goto error;
-            }
-
-            int alg_sig_len = buf[offset++];
-            offset += alg_sig_len;
-            PARANOIA_CHECK(pkt_size, offset);
-            // we don't use what comes back (for now)
-        }
-        else
-        {
-            ret = SSL_ALERT_UNSUPPORTED_EXTENSION;
-            goto error;
-        }
-    }
-
     ssl->dc->bm_proc_index = offset+1; 
+    PARANOIA_CHECK(pkt_size, offset);
 
+    // no extensions
 error:
     return ret;
 }
@@ -404,6 +379,9 @@ static int process_cert_req(SSL *ssl)
     SET_SSL_FLAG(SSL_HAS_CERT_REQ);
     ssl->dc->bm_proc_index += offset;
     PARANOIA_CHECK(pkt_size, offset);
+
+    // don't care about sig/hash algorithm, let server take care of that
+    // (only SHA256/RSA supported)
 error:
     return ret;
 }
@@ -414,9 +392,11 @@ static int process_cert_req(SSL *ssl)
 static int send_cert_verify(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
-    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    uint8_t dgst[128];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
     int n = 0, ret;
+    int offset = 0;
+    int dgst_len;
 
     if (rsa_ctx == NULL)
         return SSL_OK;
@@ -426,13 +406,26 @@ static int send_cert_verify(SSL *ssl)
     buf[0] = HS_CERT_VERIFY;
     buf[1] = 0;
 
-    finished_digest(ssl, NULL, dgst);   /* calculate the digest */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        buf[4] = SIG_ALG_SHA256;
+        buf[5] = SIG_ALG_RSA;
+        offset = 6;
+        memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
+        dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) + 
+                        sizeof(g_asn1_sha256);
+    }
+    else
+    {
+        offset = 4;
+        dgst_len = finished_digest(ssl, NULL, dgst);
+    }
 
     /* rsa_ctx->bi_ctx is not thread-safe */
     if (rsa_ctx)
     {
         SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-        n = RSA_encrypt(rsa_ctx, dgst, sizeof(dgst), &buf[6], 1);
+        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset+2], 1);
         SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
         if (n == 0)
@@ -442,12 +435,18 @@ static int send_cert_verify(SSL *ssl)
         }
     }
     
-    buf[4] = n >> 8;        /* add the RSA size (not officially documented) */
-    buf[5] = n & 0xff;
+    buf[offset] = n >> 8;        /* add the RSA size */
+    buf[offset+1] = n & 0xff;
     n += 2;
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        n += 2;
+    }
+
     buf[2] = n >> 8;
     buf[3] = n & 0xff;
-    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n+4);
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset - 2);
 
 error:
     return ret;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index b67f88a74e..dcec6b9b45 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -165,15 +165,17 @@ static int process_client_hello(SSL *ssl)
             if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
             {
                 ssl->cipher = ssl_prot_prefs[j];
-                goto do_state;
+                goto do_extensions;
             }
         }
     }
 
     /* ouch! protocol is not supported */
-    ret = SSL_ERROR_NO_CIPHER;
+    return SSL_ERROR_NO_CIPHER;
+
+do_extensions:
+    PARANOIA_CHECK(pkt_size, offset);
 
-do_state:
 error:
     return ret;
 }
@@ -338,10 +340,6 @@ static int process_client_key_xchg(SSL *ssl)
         /* and continue - will die eventually when checking the mac */
     }
 
-#if 0
-    print_blob("pre-master", premaster_secret, SSL_SECRET_SIZE);
-#endif
-
     generate_master_secret(ssl, premaster_secret);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
@@ -377,7 +375,7 @@ static int process_cert_verify(SSL *ssl)
     uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
-    uint8_t dgst[MD5_SIZE+SHA1_SIZE];
+    uint8_t dgst[128];
     X509_CTX *x509_ctx = ssl->x509_ctx;
     int ret = SSL_OK;
     int n;
@@ -390,16 +388,33 @@ static int process_cert_verify(SSL *ssl)
     n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
-    if (n != SHA1_SIZE + MD5_SIZE)
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto end_cert_vfy;
-    }
+        if (n != SHA256_SIZE)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto end_cert_vfy;
+        }
 
-    finished_digest(ssl, NULL, dgst);       /* calculate the digest */
-    if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(dgst_buf, dgst, SHA256_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+        }
+    }
+    else // TLS1.0/1.1
     {
-        ret = SSL_ERROR_INVALID_KEY;
+        if (n != SHA1_SIZE + MD5_SIZE)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto end_cert_vfy;
+        }
+
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+        }
     }
 
 end_cert_vfy:
diff --git a/tools/make_certs.sh b/tools/make_certs.sh
index d521e9218d..ace400f886 100644
--- a/tools/make_certs.sh
+++ b/tools/make_certs.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (c) 2007, Cameron Rich
+# Copyright (c) 2007-2016, Cameron Rich
 #
 # All rights reserved.
 #
@@ -69,7 +69,7 @@ prompt                 = no
 EOF
 
 # private key generation
-openssl genrsa -out axTLS.ca_key.pem 1024
+openssl genrsa -out axTLS.ca_key.pem 2048
 openssl genrsa -out axTLS.key_512.pem 512
 openssl genrsa -out axTLS.key_1024.pem 1024
 openssl genrsa -out axTLS.key_1042.pem 1042
@@ -121,10 +121,10 @@ openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
-            -md5 -CAcreateserial -days 5000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-            -md5 -CAcreateserial -days 5000 \
+            -sha256 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
             -sha1 -CAcreateserial -days 5000 \

From fc6b6b346feaa950fa1ae690af9f690f56380746 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Thu, 11 Aug 2016 10:04:13 +0000
Subject: [PATCH 263/301] Server side v1.2 is basically working

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@265 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/crypto_misc.h |   1 -
 ssl/ssl.h         |   1 +
 ssl/tls1.c        |  84 +++++++++++++++++++++++++++++++++-----
 ssl/tls1.h        |   6 ++-
 ssl/tls1_clnt.c   |  55 +++++++++++++++++++++----
 ssl/tls1_svr.c    | 102 +++++++++++++++++++++++++++++++++++++++++-----
 ssl/x509.c        |   3 --
 7 files changed, 217 insertions(+), 35 deletions(-)

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 2129422f62..92494b6058 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -125,7 +125,6 @@ const char * x509_display_error(int error);
 #define ASN1_EXPLICIT_TAG       0xa0
 #define ASN1_V3_DATA			0xa3
 
-#define SIG_TYPE_MD2            0x02
 #define SIG_TYPE_MD5            0x04
 #define SIG_TYPE_SHA1           0x05
 #define SIG_TYPE_SHA256         0x0b
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 064a008968..fb91602f9c 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -100,6 +100,7 @@ extern "C" {
 #define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
 #define SSL_ERROR_INVALID_SESSION               -265
 #define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_INVALID_CERT_HASH_ALG         -267
 #define SSL_ERROR_BAD_CERTIFICATE               -268
 #define SSL_ERROR_INVALID_KEY                   -269
 #define SSL_ERROR_FINISHED_INVALID              -271
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c23e36053c..ba84d043d8 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -54,6 +54,7 @@ static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void
 static int send_raw_packet(SSL *ssl, uint8_t protocol);
 static void certificate_free(SSL* ssl);
 static int increase_bm_data_size(SSL *ssl, size_t size);
+static int check_certificate_chain(SSL *ssl);
 
 /**
  * The server will pick the cipher based on the order that the order that the
@@ -348,6 +349,26 @@ int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
     ssl_cert = &ssl_ctx->certs[i];
     ssl_cert->size = len;
     ssl_cert->buf = (uint8_t *)malloc(len);
+
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_SHA1:
+            ssl_cert->hash_alg = SIG_ALG_SHA1;
+            break;
+
+        case SIG_TYPE_SHA256:
+            ssl_cert->hash_alg = SIG_ALG_SHA256;
+            break;
+
+        case SIG_TYPE_SHA384:
+            ssl_cert->hash_alg = SIG_ALG_SHA384;
+            break;
+
+        case SIG_TYPE_SHA512:
+            ssl_cert->hash_alg = SIG_ALG_SHA512;
+            break;
+    }
+
     memcpy(ssl_cert->buf, buf, len);
     ssl_ctx->chain_length++;
     len -= offset;
@@ -742,18 +763,10 @@ void add_packet(SSL *ssl, const uint8_t *pkt, int len)
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
     {
         SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
-#if 0
-uint8_t buf[128];
-SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
-SHA256_Final(buf, &sha256_ctx);
-print_blob("handshake", buf, 8);
-#endif
-
     }
 
-    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0)
+    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2)
     {
-        uint8_t q[128]; 
         MD5_Update(&ssl->dc->md5_ctx, pkt, len);
         SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
     }
@@ -1641,6 +1654,7 @@ int send_alert(SSL *ssl, int error_code)
             break;
 
         case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
             alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
             break;
 
@@ -1699,6 +1713,7 @@ int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
  */
 int send_certificate(SSL *ssl)
 {
+    int ret = SSL_OK;
     int i = 0;
     uint8_t *buf = ssl->bm_data;
     int offset = 7;
@@ -1708,6 +1723,12 @@ int send_certificate(SSL *ssl)
     buf[1] = 0;
     buf[4] = 0;
 
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
+             ((ret = check_certificate_chain(ssl)) != SSL_OK))
+    {
+        goto error;
+    }
+
     while (i < ssl->ssl_ctx->chain_length)
     {
         SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
@@ -1726,7 +1747,10 @@ int send_certificate(SSL *ssl)
     buf[2] = chain_length >> 8;        /* handshake length */
     buf[3] = chain_length & 0xff;
     ssl->bm_index = offset;
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+
+error:
+    return ret;
 }
 
 /**
@@ -1945,6 +1969,42 @@ EXP_FUNC int STDCALL ssl_get_config(int offset)
     }
 }
 
+/**
+ * Check the certificate chain to see if the certs are supported
+ */
+static int check_certificate_chain(SSL *ssl)
+{
+    int i = 0;
+    int ret = SSL_OK;
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        int j = 0;
+        uint8_t found = 0;
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+
+        while (j < ssl->num_sig_algs)
+        {
+            if (ssl->sig_algs[j++] == cert->hash_alg)
+            {
+                found = 1;
+                break;
+            }
+        } 
+
+        if (!found)
+        {
+            ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
+            goto error;
+        }
+
+        i++;
+    }
+
+error:
+    return ret;
+}
+
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 /**
  * Authenticate a received certificate.
@@ -2258,6 +2318,10 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
             printf("no cipher");
             break;
 
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
+            printf("invalid cert hash algorithm");
+            break;
+
         case SSL_ERROR_CONN_LOST:
             printf("connection lost");
             break;
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 03b56499d4..e2768d419f 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -82,10 +82,9 @@ extern "C" {
 
 #define NUM_PROTOCOLS               4
 
+#define MAX_SIG_ALGORITHMS          4
 #define SIG_ALG_EXTENSION           0x0d
-#define SIG_ALG_MD5                 1
 #define SIG_ALG_SHA1                2
-#define SIG_ALG_SHA224              3
 #define SIG_ALG_SHA256              4
 #define SIG_ALG_SHA384              5
 #define SIG_ALG_SHA512              6
@@ -150,6 +149,7 @@ typedef struct
 {
     uint8_t *buf;
     int size;
+    uint8_t hash_alg;
 } SSL_CERT;
 
 typedef struct
@@ -188,6 +188,8 @@ struct _SSL
     uint16_t bm_index;
     uint16_t bm_read_index;
     size_t max_plain_length;
+    uint8_t sig_algs[MAX_SIG_ALGORITHMS];
+    uint8_t num_sig_algs;
     struct _SSL *next;                  /* doubly linked list */
     struct _SSL *prev;
     struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index d5888a0690..d0a85384ab 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -38,9 +38,15 @@
 #ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
 
 /* support sha512/384/256/1 rsa */
-static const uint8_t g_sig_alg[] = { 0x00, 0x08, 
-                0x00, SIG_ALG_EXTENSION, 0x00, 0x04, 0x00, 0x02,
-                SIG_ALG_SHA256, SIG_ALG_RSA };
+static const uint8_t g_sig_alg[] = { 
+                0x00, 0x0e, 
+                0x00, SIG_ALG_EXTENSION, 
+                0x00, 0x0a, 0x00, 0x08,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA 
+};
 
 static const uint8_t g_asn1_sha256[] = 
 { 
@@ -238,7 +244,8 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    /* send the signature algorithm extension for TLS 1.2+ */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) 
     {
         memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
         offset += sizeof(g_sig_alg);
@@ -371,17 +378,47 @@ static int process_cert_req(SSL *ssl)
 {
     uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int ret = SSL_OK;
-    int offset = (buf[2] << 4) + buf[3];
+    int cert_req_size = (buf[2]<<8) + buf[3];
+    int offset = 4;
     int pkt_size = ssl->bm_index;
+    uint8_t cert_type_len, sig_alg_len;
+
+    PARANOIA_CHECK(pkt_size, offset + cert_req_size);
+    ssl->dc->bm_proc_index = cert_req_size;
 
     /* don't do any processing - we will send back an RSA certificate anyway */
     ssl->next_state = HS_SERVER_HELLO_DONE;
     SET_SSL_FLAG(SSL_HAS_CERT_REQ);
-    ssl->dc->bm_proc_index += offset;
-    PARANOIA_CHECK(pkt_size, offset);
 
-    // don't care about sig/hash algorithm, let server take care of that
-    // (only SHA256/RSA supported)
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        // supported certificate types
+        cert_type_len = buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + cert_type_len);
+        offset += cert_type_len;
+        
+        // supported signature algorithms
+        sig_alg_len = buf[offset++] << 8;
+        sig_alg_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
+        
+        while (sig_alg_len > 0)
+        {
+            uint8_t hash_alg = buf[offset++];
+            uint8_t sig_alg = buf[offset++];
+            sig_alg_len -= 2;
+
+            if (sig_alg == SIG_ALG_RSA && 
+                    (hash_alg == SIG_ALG_SHA1 ||
+                     hash_alg == SIG_ALG_SHA256 ||
+                     hash_alg == SIG_ALG_SHA384 ||
+                     hash_alg == SIG_ALG_SHA512))
+            {
+                ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+            }
+        }
+    }
+
 error:
     return ret;
 }
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index dcec6b9b45..e9d0269b99 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -35,6 +35,11 @@
 #include "ssl.h"
 
 static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
 
 static int process_client_hello(SSL *ssl);
 static int send_server_hello_sequence(SSL *ssl);
@@ -154,7 +159,7 @@ static int process_client_hello(SSL *ssl)
     cs_len = (buf[offset]<<8) + buf[offset+1];
     offset += 3;        /* add 1 due to all cipher suites being 8 bit */
 
-    PARANOIA_CHECK(pkt_size, offset);
+    PARANOIA_CHECK(pkt_size, offset + cs_len);
 
     /* work out what cipher suite we are going to use - client defines 
        the preference */
@@ -165,7 +170,7 @@ static int process_client_hello(SSL *ssl)
             if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
             {
                 ssl->cipher = ssl_prot_prefs[j];
-                goto do_extensions;
+                goto do_compression;
             }
         }
     }
@@ -173,8 +178,57 @@ static int process_client_hello(SSL *ssl)
     /* ouch! protocol is not supported */
     return SSL_ERROR_NO_CIPHER;
 
-do_extensions:
-    PARANOIA_CHECK(pkt_size, offset);
+    /* completely ignore compression */
+do_compression:
+    offset += cs_len;
+    id_len = buf[offset++];
+    offset += id_len;
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+
+    /* extension size */
+    id_len = buf[offset++] << 8;
+    id_len += buf[offset++];
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+    
+    // Check for extensions from the client - only the signature algorithm
+    // is supported
+    while (offset < pkt_size) 
+    {
+        int ext = buf[offset++] << 8;
+        ext += buf[offset++];
+        int ext_len = buf[offset++] << 8;
+        ext_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + ext_len);
+        
+        if (ext == SIG_ALG_EXTENSION)
+        {
+            while (ext_len > 0)
+            {
+                uint8_t hash_alg = buf[offset++];
+                uint8_t sig_alg = buf[offset++];
+                ext_len -= 2;
+
+                if (sig_alg == SIG_ALG_RSA && 
+                        (hash_alg == SIG_ALG_SHA1 ||
+                         hash_alg == SIG_ALG_SHA256 ||
+                         hash_alg == SIG_ALG_SHA384 ||
+                         hash_alg == SIG_ALG_SHA512))
+                {
+                    ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+                }
+            }
+        }
+        else
+        {
+            offset += ext_len;
+        }
+    }
+
+    /* default is RSA/SHA1 */
+    if (ssl->num_sig_algs == 0)
+    {
+        ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
+    }
 
 error:
     return ret;
@@ -355,7 +409,16 @@ static int process_client_key_xchg(SSL *ssl)
 }
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
-static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 
+                0, 0x0e, 
+                1, 1, // rsa sign 
+                0x00, 0x08,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA,
+                0, 0
+};
 
 /*
  * Send the certificate request message.
@@ -378,28 +441,47 @@ static int process_cert_verify(SSL *ssl)
     uint8_t dgst[128];
     X509_CTX *x509_ctx = ssl->x509_ctx;
     int ret = SSL_OK;
+    int offset = 6;
+    uint8_t hash_alg;
+    uint8_t sig_alg;
+    int rsa_len;
     int n;
 
-    PARANOIA_CHECK(pkt_size, x509_ctx->rsa_ctx->num_octets+6);
     DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
 
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        hash_alg = buf[4];
+        sig_alg = buf[5];
+        offset = 8;
+        rsa_len = (buf[6] << 8) + buf[7];
+    }
+    else
+    {
+        rsa_len = (buf[4] << 8) + buf[5];
+    }
+
+    PARANOIA_CHECK(pkt_size, offset + rsa_len);
+
     /* rsa_ctx->bi_ctx is not thread-safe */
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[6], dgst_buf, sizeof(dgst_buf), 0);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, 
+                    sizeof(dgst_buf), 0);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
-        if (n != SHA256_SIZE)
+        if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
         {
             ret = SSL_ERROR_INVALID_KEY;
-            goto end_cert_vfy;
+            goto error;
         }
 
         finished_digest(ssl, NULL, dgst);       /* calculate the digest */
-        if (memcmp(dgst_buf, dgst, SHA256_SIZE))
+        if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
         {
             ret = SSL_ERROR_INVALID_KEY;
+            goto error;
         }
     }
     else // TLS1.0/1.1
diff --git a/ssl/x509.c b/ssl/x509.c
index da0706288c..2a3fd565ea 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -524,9 +524,6 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     printf("Sig Type:\t\t\t");
     switch (cert->sig_type)
     {
-        case SIG_TYPE_MD2:
-            printf("MD2\n");
-            break;
         case SIG_TYPE_MD5:
             printf("MD5\n");
             break;

From 871a70e49542a5964a0787e0d7d1535c4ec736be Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 15 Aug 2016 10:51:02 +0000
Subject: [PATCH 264/301] TLS 1.2 now passing a bunch of tests.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@266 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/test/axTLS.ca_x509_sha256.pem   | 18 ++++++++++
 ssl/test/axTLS.x509_1024_sha256.pem | 15 ++++++++
 ssl/test/axTLS.x509_1024_sha384.pem | 15 ++++++++
 ssl/test/axTLS.x509_1024_sha512.pem | 15 ++++++++
 ssl/tls1.c                          | 15 ++++----
 ssl/tls1_clnt.c                     |  7 ++--
 ssl/tls1_svr.c                      | 26 +++++++++++---
 tools/make_certs.sh                 | 56 ++++++++++++++---------------
 8 files changed, 123 insertions(+), 44 deletions(-)
 create mode 100644 ssl/test/axTLS.ca_x509_sha256.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha256.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha384.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha512.pem

diff --git a/ssl/test/axTLS.ca_x509_sha256.pem b/ssl/test/axTLS.ca_x509_sha256.pem
new file mode 100644
index 0000000000..f50a475834
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509_sha256.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAcwCCQDGL4Ul/VVK0TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
+MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
+Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA6d9BDlOJo6fdmSkUdAkMYFnlAK4Q5qwE/vYX8umY0Gz1
+CEIwEyKJq+rCpl2vmlwEETGcphlRsiybOMwVfdRDQv51ZfTJnz1WQZBKdsYb55xy
+JWOZFHSpuZa+THW1TOImpvxXoK3OMh/dcuaQG5G7QoWMWRK5aZvpl27rRx033dik
+U8lO12oaUtCD3AgNttU7zTLiIQjeIZ9JbES74mx1s4lT22nmXoL5/AdJa3yGjDjG
+J1RX8hQ7/pbcC2s4+0XIjGthB2ClJWyvv8bY96POZ+Kc5XLFFjxYoGHtRzQbw2gx
+rx7r5/a+d7XgWedMnwf1M1/v9vNA14kgjg2pwuFD4QIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQBW9MtGYroXnu8id8rDvjki8Vk8lDBD0AkOq5QYbXB322Wbg2C+cmHP
+zQAJ9YZU/NjnRZiEX1QVoZAXdSXXScbUbSlBQweEvGZmailTGPhJ/wtmNtK6P7ZP
+YIJ6XaQdALvteULFMhEQKM9UUkrsbqh41wtoTjOsMlWcRvq9FHLujXxyzjvFPdEI
+kz26d7F2yqtgzxW4YLAlclZu6vex/MzNmbjhHenMWp6LNWVWofdIv9jRS1tOSyK+
+hg2sV7CL75nzQ/A22ql8X3SZLAZNR/V7DF+MSBrIcHBzgFZ8QEGlNam29WseuC2C
+51+ZXtv0DZ1bPmX+Pz1E06wMGlBTpC4z
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha256.pem b/ssl/test/axTLS.x509_1024_sha256.pem
new file mode 100644
index 0000000000..aba66956eb
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQCMs+C6AhuzaTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
+MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
+pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
+JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAG/SBHWYNVf5drxN1aLx9UqTpryjmzDP9/gckKpuNEiDCmp38
+MIKBJYamL9hTwmtf1k4vHB2sxXfv9AVULwMa7+RcgUc3fhTWWoqf1LvYvzMrx9W9
+yU6bfXQh5zb6TOrq/j4fliA2NeDvAzq8tzhBVhiyvy0GhhU1C9eBRVFr4D9l/B2z
+odWvCZ4ljLjtmoOhrSSf0OHFuk/eqFJ/SS1jo3ugl7wEmMzphOjmwgK7CLyACBSn
+6Bzlh/A16AgqznniMHZ9p99zopMSqPUkCCHPEUiqs8hoy6Pc7O6FrTKfkeiAnY1u
+SfKiOf4ODmDcLb5gVtDx+zp59Q/khBX+6IT+BA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha384.pem b/ssl/test/axTLS.x509_1024_sha384.pem
new file mode 100644
index 0000000000..a3adbb0444
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha384.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQCMs+C6AhuzajANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
+MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
+pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
+JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
+9w0BAQwFAAOCAQEA151mqDTC1YPiFq4t7J2UK84jYlGriW0z6KhfmtecLm18Uu07
+vDh+cvWoFRf/fgSlO7c6td0Jb4NGjPBwpV4UmoYND65d1+EkrP+Bl+2DndUi/xka
+h4bwfmPrKAjDbUZaNnRi1zQdyPU9tta9b0MamHQVHFOIAyLQXDf1/Tz+wRaFPCIH
+PfJEqjD4Nr15O41aMJOaM170rOtbQ9uH4Vlotpt+xJsHufmHFMf1fJtgBXayCzmS
+1927ajoKNyDA/QQ+e+60uba6UN6CQnoMzmkMypMxD4JBUt6TEgB46uQ7nkkf3raS
+tMAyMnytSc+O7EbhZSWWBSTUkeI+YWjLAtI42Q==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha512.pem b/ssl/test/axTLS.x509_1024_sha512.pem
new file mode 100644
index 0000000000..cc369005e4
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha512.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQCMs+C6AhuzazANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
+MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
+pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
+JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
+9w0BAQ0FAAOCAQEA51hsTX6DlE9WnI0XaNfx0hfWG74maMZK+GG1LQKi6JlaA6U4
+7aLpoluw4G7oZz39ROuNbOvTMrhN4kOXG16Zk2HGufzAQgqoegIsgI2BiaOtmBnn
+vOchhiZ16JLmKB6ZMlESFubV1Ynyr6QacTLOipLGICGn3N65BrbwfaXD/nbJQd+a
+YOwkJ9OHxbK9zqLMBG3kK/QKXqID3dI21+MDCGSSBAh/tVPhwTMcTzViF5vT4Mpq
+81+Z9eg3vI++rOiBppdjRKH4CFcO74rEA6j9fNFHI0PiS142TtT4vXLf+D4PQLkI
+tBuSq99ensRy5IvjYXpcx7/jixVd3MmwWrolbg==
+-----END CERTIFICATE-----
diff --git a/ssl/tls1.c b/ssl/tls1.c
index ba84d043d8..e3cea2bb9b 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -765,7 +765,9 @@ void add_packet(SSL *ssl, const uint8_t *pkt, int len)
         SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
     }
 
-    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2)
+    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || 
+                ssl->next_state == HS_SERVER_HELLO ||
+                ssl->next_state == 0) 
     {
         MD5_Update(&ssl->dc->md5_ctx, pkt, len);
         SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
@@ -894,7 +896,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
 {
     uint8_t buf[128]; 
-    //print_blob("premaster secret", premaster_secret, 48);
+//print_blob("premaster secret", premaster_secret, 48);
     strcpy((char *)buf, "master secret");
     memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
     memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
@@ -1994,6 +1996,7 @@ static int check_certificate_chain(SSL *ssl)
 
         if (!found)
         {
+
             ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
             goto error;
         }
@@ -2033,7 +2036,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     int cert_size, offset = 5, offset_start;
-    int total_cert_size = (buf[offset]<<8) + buf[offset+1];
+    int total_cert_len = (buf[offset]<<8) + buf[offset+1];
     int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
     X509_CTX *chain = 0;
     X509_CTX **certs = 0;
@@ -2042,13 +2045,13 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     int i = 0;
     offset += 2;
 
-    PARANOIA_CHECK(total_cert_size, offset);
+    PARANOIA_CHECK(pkt_size, total_cert_len + offset);
 
     // record the start point for the second pass
     offset_start = offset;
 
     // first pass - count the certificates
-    while (offset < total_cert_size)
+    while (offset < total_cert_len)
     {
         offset++;       /* skip empty char */
         cert_size = (buf[offset]<<8) + buf[offset+1];
@@ -2067,7 +2070,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     offset = offset_start;
 
     // second pass - load the certificates
-    while (offset < total_cert_size)
+    while (offset < total_cert_len)
     {
         offset++;       /* skip empty char */
         cert_size = (buf[offset]<<8) + buf[offset+1];
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index d0a85384ab..7087de2f01 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -462,7 +462,7 @@ static int send_cert_verify(SSL *ssl)
     if (rsa_ctx)
     {
         SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset+2], 1);
+        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1);
         SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
         if (n == 0)
@@ -478,12 +478,13 @@ static int send_cert_verify(SSL *ssl)
 
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
-        n += 2;
+        n += 2; // sig/alg
+        offset -= 2;
     }
 
     buf[2] = n >> 8;
     buf[3] = n & 0xff;
-    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset - 2);
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset);
 
 error:
     return ret;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index e9d0269b99..6bc75e5180 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -185,6 +185,12 @@ static int process_client_hello(SSL *ssl)
     offset += id_len;
     PARANOIA_CHECK(pkt_size, offset + id_len);
 
+    if (offset == pkt_size)
+    {
+        /* no extensions */
+        goto error;
+    }
+
     /* extension size */
     id_len = buf[offset++] << 8;
     id_len += buf[offset++];
@@ -420,13 +426,23 @@ static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0,
                 0, 0
 };
 
+static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
 /*
  * Send the certificate request message.
  */
 static int send_certificate_request(SSL *ssl)
 {
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
             g_cert_request, sizeof(g_cert_request));
+    }
+    else
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request_v1, sizeof(g_cert_request_v1));
+    }
 }
 
 /*
@@ -442,8 +458,6 @@ static int process_cert_verify(SSL *ssl)
     X509_CTX *x509_ctx = ssl->x509_ctx;
     int ret = SSL_OK;
     int offset = 6;
-    uint8_t hash_alg;
-    uint8_t sig_alg;
     int rsa_len;
     int n;
 
@@ -451,10 +465,12 @@ static int process_cert_verify(SSL *ssl)
 
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
     {
-        hash_alg = buf[4];
-        sig_alg = buf[5];
+        // TODO: need to be able to handle another hash type here
+        //uint8_t hash_alg = buf[4];
+        //uint8_t sig_alg = buf[5];
         offset = 8;
         rsa_len = (buf[6] << 8) + buf[7];
+        //printf("YO, GOT %d %d\n", hash_alg, sig_alg);
     }
     else
     {
diff --git a/tools/make_certs.sh b/tools/make_certs.sh
index ace400f886..dc577e74e4 100644
--- a/tools/make_certs.sh
+++ b/tools/make_certs.sh
@@ -56,7 +56,7 @@ prompt                 = no
 
 [ req_distinguished_name ]
  O                      = $PROJECT_NAME
- CN                     = 127.0.0.1
+ CN                     = localhost
 EOF
 
 cat > device_cert.conf << EOF  
@@ -70,20 +70,15 @@ EOF
 
 # private key generation
 openssl genrsa -out axTLS.ca_key.pem 2048
-openssl genrsa -out axTLS.key_512.pem 512
 openssl genrsa -out axTLS.key_1024.pem 1024
-openssl genrsa -out axTLS.key_1042.pem 1042
 openssl genrsa -out axTLS.key_2048.pem 2048
 openssl genrsa -out axTLS.key_4096.pem 4096
 openssl genrsa -out axTLS.device_key.pem 1024
-openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
-openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512
-
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
 
 # convert private keys into DER format
-openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER
 openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
-openssl rsa -in axTLS.key_1042.pem -out axTLS.key_1042 -outform DER
 openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
 openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
 openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
@@ -91,12 +86,8 @@ openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
 # cert requests
 openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
             -config ./ca_cert.conf 
-openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \
-            -config ./certs.conf 
 openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
             -config ./certs.conf 
-openssl req -out axTLS.x509_1042.req -key axTLS.key_1042.pem -new \
-            -config ./certs.conf 
 openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
             -config ./certs.conf 
 openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
@@ -110,25 +101,32 @@ openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
 
 # generate the actual certs.
 openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
-            -sha1 -days 5000 -signkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+            -sha1 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509_sha256.pem \
+            -sha256 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1042.req -out axTLS.x509_1042.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha256.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha384.pem \
+            -sha384 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha512.pem \
+            -sha512 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
-            -sha256 -CAcreateserial -days 5000 \
+            -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
             -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem
+            -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
 openssl x509 -req -in axTLS.x509_aes128.req \
             -out axTLS.x509_aes128.pem \
             -sha1 -CAcreateserial -days 5000 \
@@ -141,35 +139,33 @@ openssl x509 -req -in axTLS.x509_aes256.req \
 # note: must be root to do this
 DATE_NOW=`date`
 if date -s "Jan 1 2025"; then
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_bad_before.pem \
             -sha1 -CAcreateserial -days 365 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 date -s "$DATE_NOW"
 touch axTLS.x509_bad_before.pem
 fi
-openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \
+openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_bad_after.pem \
             -sha1 -CAcreateserial -days -365 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 
 # some cleanup
 rm axTLS*.req
-rm axTLS.srl
+rm *.srl
 rm *.conf
 
 # need this for the client tests
 openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
-openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer
 openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
-openssl x509 -in axTLS.x509_1042.pem -outform DER -out axTLS.x509_1042.cer
 openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
 openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
 openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
 
 # generate pkcs8 files (use RC4-128 for encryption)
-openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
-openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
-openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
-openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
 
 # generate pkcs12 files (use RC4-128 for encryption)
 openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd

From f599ff830e5c632df014db2daa59275cd916a312 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 16 Aug 2016 07:13:15 +0000
Subject: [PATCH 265/301] * Tightened up the buffer sizes * Removed support for
 TLS1.0.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@267 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c      | 78 +++++++++++++++++++------------------------------
 ssl/tls1.h      |  3 +-
 ssl/tls1_clnt.c | 14 ++++-----
 ssl/tls1_svr.c  | 12 ++++----
 4 files changed, 44 insertions(+), 63 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index e3cea2bb9b..c3e38889d5 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -704,39 +704,27 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
  */
 static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
 {   
-    uint8_t hmac_buf[128];
+    uint8_t hmac_buf[SHA256_SIZE]; // size of largest digest
     int hmac_offset;
    
-    if (ssl->cipher_info->padding_size)
-    {
-        int last_blk_size = buf[read_len-1], i;
-        hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
+    int last_blk_size = buf[read_len-1], i;
+    hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
 
-        /* guard against a timing attack - make sure we do the digest */
-        if (hmac_offset < 0)
-        {
-            hmac_offset = 0;
-        }
-        else
-        {
-            /* already looked at last byte */
-            for (i = 1; i < last_blk_size; i++)
-            {
-                if (buf[read_len-i] != last_blk_size)
-                {
-                    hmac_offset = 0;
-                    break;
-                }
-            }
-        }
+    /* guard against a timing attack - make sure we do the digest */
+    if (hmac_offset < 0)
+    {
+        hmac_offset = 0;
     }
-    else /* stream cipher */
+    else
     {
-        hmac_offset = read_len - ssl->cipher_info->digest_size;
-
-        if (hmac_offset < 0)
+        /* already looked at last byte */
+        for (i = 1; i < last_blk_size; i++)
         {
-            hmac_offset = 0;
+            if (buf[read_len-i] != last_blk_size)
+            {
+                hmac_offset = 0;
+                break;
+            }
         }
     }
 
@@ -759,7 +747,7 @@ static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
  */
 void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 {
-    // TLS1.2
+    // TLS1.2+
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
     {
         SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
@@ -780,7 +768,7 @@ void add_packet(SSL *ssl, const uint8_t *pkt, int len)
 static void p_hash_md5(const uint8_t *sec, int sec_len, 
         uint8_t *seed, int seed_len, uint8_t *out, int olen)
 {
-    uint8_t a1[128];
+    uint8_t a1[MD5_SIZE+77];
 
     /* A(1) */
     hmac_md5(seed, seed_len, sec, sec_len, a1);
@@ -808,7 +796,7 @@ static void p_hash_md5(const uint8_t *sec, int sec_len,
 static void p_hash_sha1(const uint8_t *sec, int sec_len, 
         uint8_t *seed, int seed_len, uint8_t *out, int olen)
 {
-    uint8_t a1[128];
+    uint8_t a1[SHA1_SIZE+77];
 
     /* A(1) */
     hmac_sha1(seed, seed_len, sec, sec_len, a1);
@@ -836,7 +824,7 @@ static void p_hash_sha1(const uint8_t *sec, int sec_len,
 static void p_hash_sha256(const uint8_t *sec, int sec_len, 
         uint8_t *seed, int seed_len, uint8_t *out, int olen)
 {
-    uint8_t a1[128];
+    uint8_t a1[SHA256_SIZE+77];
 
     /* A(1) */
     hmac_sha256(seed, seed_len, sec, sec_len, a1);
@@ -865,7 +853,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
         uint8_t *seed, int seed_len,
         uint8_t *out, int olen)
 {
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2+
     {
         p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
     }
@@ -895,7 +883,7 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
  */
 void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
 {
-    uint8_t buf[128]; 
+    uint8_t buf[77]; 
 //print_blob("premaster secret", premaster_secret, 48);
     strcpy((char *)buf, "master secret");
     memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
@@ -916,7 +904,7 @@ static void generate_key_block(SSL *ssl,
         uint8_t *client_random, uint8_t *server_random,
         uint8_t *master_secret, uint8_t *key_block, int key_block_size)
 {
-    uint8_t buf[128];
+    uint8_t buf[77];
     strcpy((char *)buf, "key expansion");
     memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
     memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
@@ -930,7 +918,7 @@ static void generate_key_block(SSL *ssl,
  */
 int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
 {
-    uint8_t mac_buf[128]; 
+    uint8_t mac_buf[SHA1_SIZE+MD5_SIZE+15]; 
     uint8_t *q = mac_buf;
     int dgst_len;
 
@@ -940,7 +928,7 @@ int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
         q += strlen(label);
     }
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
         SHA256_Final(q, &sha256_ctx);
@@ -1140,8 +1128,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
                                                 &ssl->bm_data[msg_length]);
         msg_length += ssl->cipher_info->digest_size;
 
-        /* add padding? */
-        if (ssl->cipher_info->padding_size)
+        /* add padding */
         {
             int last_blk_size = msg_length%ssl->cipher_info->padding_size;
             int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
@@ -1158,8 +1145,6 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         increment_write_sequence(ssl);
 
         /* add the explicit IV for TLS1.1 */
-        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
-                        ssl->cipher_info->iv_size)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = malloc(msg_length + iv_size);
@@ -1373,13 +1358,8 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
-
-        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1 &&
-                        ssl->cipher_info->iv_size)
-        {
-            buf += ssl->cipher_info->iv_size;
-            read_len -= ssl->cipher_info->iv_size;
-        }
+        buf += ssl->cipher_info->iv_size;
+        read_len -= ssl->cipher_info->iv_size;
 
         read_len = verify_digest(ssl, 
                 is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
@@ -1564,7 +1544,7 @@ int send_change_cipher_spec(SSL *ssl)
  */
 int send_finished(SSL *ssl)
 {
-    uint8_t buf[128] = {
+    uint8_t buf[SHA1_SIZE+MD5_SIZE+15+4] = {
         HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
 
     /* now add the finished digest mac (12 bytes) */
@@ -1725,9 +1705,11 @@ int send_certificate(SSL *ssl)
     buf[1] = 0;
     buf[4] = 0;
 
+    /* spec says we must check if the hash/sig algorithm is OK */
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
              ((ret = check_certificate_chain(ssl)) != SSL_OK))
     {
+        ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
         goto error;
     }
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index e2768d419f..5a24a697f1 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -47,9 +47,8 @@ extern "C" {
 #include "crypto.h"
 #include "crypto_misc.h"
 
-#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_MIN_VERSION    0x32   /* TLS v1.1 */
 #define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.2 */
-#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
 #define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 7087de2f01..43efca305a 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -37,14 +37,14 @@
 
 #ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
 
-/* support sha512/384/256/1 rsa */
+/* support sha512/384/256/1 RSA */
 static const uint8_t g_sig_alg[] = { 
                 0x00, 0x0e, 
                 0x00, SIG_ALG_EXTENSION, 
                 0x00, 0x0a, 0x00, 0x08,
-                SIG_ALG_SHA256, SIG_ALG_RSA,
                 SIG_ALG_SHA512, SIG_ALG_RSA,
                 SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
                 SIG_ALG_SHA1, SIG_ALG_RSA 
 };
 
@@ -245,7 +245,7 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 0;
 
     /* send the signature algorithm extension for TLS 1.2+ */
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) 
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
     {
         memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
         offset += sizeof(g_sig_alg);
@@ -390,7 +390,7 @@ static int process_cert_req(SSL *ssl)
     ssl->next_state = HS_SERVER_HELLO_DONE;
     SET_SSL_FLAG(SSL_HAS_CERT_REQ);
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         // supported certificate types
         cert_type_len = buf[offset++];
@@ -429,7 +429,7 @@ static int process_cert_req(SSL *ssl)
 static int send_cert_verify(SSL *ssl)
 {
     uint8_t *buf = ssl->bm_data;
-    uint8_t dgst[128];
+    uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
     RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
     int n = 0, ret;
     int offset = 0;
@@ -443,7 +443,7 @@ static int send_cert_verify(SSL *ssl)
     buf[0] = HS_CERT_VERIFY;
     buf[1] = 0;
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         buf[4] = SIG_ALG_SHA256;
         buf[5] = SIG_ALG_RSA;
@@ -476,7 +476,7 @@ static int send_cert_verify(SSL *ssl)
     buf[offset+1] = n & 0xff;
     n += 2;
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         n += 2; // sig/alg
         offset -= 2;
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 6bc75e5180..48c664ef91 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -433,7 +433,7 @@ static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
  */
 static int send_certificate_request(SSL *ssl)
 {
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
             g_cert_request, sizeof(g_cert_request));
@@ -454,7 +454,7 @@ static int process_cert_verify(SSL *ssl)
     uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
     int pkt_size = ssl->bm_index;
     uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
-    uint8_t dgst[128];
+    uint8_t dgst[MD5_SIZE + SHA1_SIZE];
     X509_CTX *x509_ctx = ssl->x509_ctx;
     int ret = SSL_OK;
     int offset = 6;
@@ -463,14 +463,14 @@ static int process_cert_verify(SSL *ssl)
 
     DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
-        // TODO: need to be able to handle another hash type here
+        // TODO: should really need to be able to handle other algorihms. An 
+        // assumption is made on RSA/SHA256 and appears to be OK.
         //uint8_t hash_alg = buf[4];
         //uint8_t sig_alg = buf[5];
         offset = 8;
         rsa_len = (buf[6] << 8) + buf[7];
-        //printf("YO, GOT %d %d\n", hash_alg, sig_alg);
     }
     else
     {
@@ -485,7 +485,7 @@ static int process_cert_verify(SSL *ssl)
                     sizeof(dgst_buf), 0);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
     {
         if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
         {

From 29b478f3cffdcfbe3c582e5728d8454a9445b031 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 17 Aug 2016 10:42:49 +0000
Subject: [PATCH 266/301] * Put back TLS 1.0.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@268 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 9 +++++++--
 ssl/tls1.h | 5 +++--
 ssl/x509.c | 5 ++++-
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index c3e38889d5..c40a0691f7 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1145,6 +1145,7 @@ int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
         increment_write_sequence(ssl);
 
         /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
         {
             uint8_t iv_size = ssl->cipher_info->iv_size;
             uint8_t *t_buf = malloc(msg_length + iv_size);
@@ -1358,8 +1359,12 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
     {
         ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
-        buf += ssl->cipher_info->iv_size;
-        read_len -= ssl->cipher_info->iv_size;
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
 
         read_len = verify_digest(ssl, 
                 is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 5a24a697f1..152c69ec30 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -47,8 +47,9 @@ extern "C" {
 #include "crypto.h"
 #include "crypto_misc.h"
 
-#define SSL_PROTOCOL_MIN_VERSION    0x32   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.2 */
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.3 */
+#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
 #define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
 #define SSL_RANDOM_SIZE             32
 #define SSL_SECRET_SIZE             48
diff --git a/ssl/x509.c b/ssl/x509.c
index 2a3fd565ea..862d897fbe 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -74,7 +74,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     int begin_tbs, end_tbs;
     int ret = X509_NOT_OK, offset = 0, cert_size = 0;
     X509_CTX *x509_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     BI_CTX *bi_ctx;
+#endif
 
     *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
     x509_ctx = *ctx;
@@ -117,7 +119,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         goto end_cert;
     }
 
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
     x509_ctx->fingerprint = malloc(SHA1_SIZE);
     SHA1_CTX sha_fp_ctx;
@@ -126,6 +127,8 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
     /* use the appropriate signature algorithm */
     switch (x509_ctx->sig_type)
     {

From ab9f8b53b7a73b5ea89780cc2e0feac950f61212 Mon Sep 17 00:00:00 2001
From: Yasuki Ikeuchi <ikeyasu@gmail.com>
Date: Sat, 20 Aug 2016 10:27:09 +0900
Subject: [PATCH 267/301] Fix unused variable error

---
 crypto/crypto_misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index bf51cbc757..dfd5e7642c 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -53,7 +53,7 @@ static int rng_fd = -1;
 static HCRYPTPROV gCryptProv;
 #endif
 
-#if (!defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+#if (!defined(ESP8266) && !defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
 /* change to processor registers as appropriate */
 #define ENTROPY_POOL_SIZE 32
 #define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)

From 9ca7e76cf3b82394365bcddde53410da25dbf166 Mon Sep 17 00:00:00 2001
From: Yasuki Ikeuchi <ikeyasu@gmail.com>
Date: Sat, 20 Aug 2016 12:32:42 +0900
Subject: [PATCH 268/301] Fix build error on ESP8266

---
 ssl/os_port.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/ssl/os_port.h b/ssl/os_port.h
index 1962938095..efda6b5a4b 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -62,7 +62,7 @@ extern "C" {
 
 #include "util/time.h"
 #include <errno.h>
-// #define alloca(size) __builtin_alloca(size)
+#define alloca(size) __builtin_alloca(size)
 #define TTY_FLUSH()
 #ifdef putc
 #undef putc
@@ -80,6 +80,7 @@ extern "C" {
 #define EWOULDBLOCK EAGAIN
 
 #define hmac_sha1 ax_hmac_sha1
+#define hmac_sha256 ax_hmac_sha256
 #define hmac_md5 ax_hmac_md5
 
 #ifndef be64toh
@@ -189,6 +190,15 @@ EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
 #endif  /* Not Win32 */
 
 /* some functions to mutate the way these work */
+inline uint32_t htonl(uint32_t n){
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
+
+#define ntohl htonl
+
 EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
 
 #ifdef CONFIG_PLATFORM_LINUX

From f3e154b870961a2f5ad665d1999eeffc868244be Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 25 Aug 2016 12:46:51 +0800
Subject: [PATCH 269/301] ssl: use malloc instead of alloca

---
 ssl/tls1.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index c40a0691f7..c9615de1cd 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -661,7 +661,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)alloca(buf_len+100);
+    uint8_t *t_buf = (uint8_t *)malloc(buf_len+100);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -673,6 +673,8 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
+    free(t_buf);
+
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);

From d26f23a1cebec304c2fc023306c50a08e839c844 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 25 Aug 2016 12:48:10 +0800
Subject: [PATCH 270/301] ssl: disable default cert, enable cert chain
 verification

---
 ssl/config.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/config.h b/ssl/config.h
index c1764e5abf..8b90bb09c4 100644
--- a/ssl/config.h
+++ b/ssl/config.h
@@ -26,14 +26,14 @@
  * SSL Library
  */
 #undef CONFIG_SSL_SERVER_ONLY
-#undef CONFIG_SSL_CERT_VERIFICATION
+#define CONFIG_SSL_CERT_VERIFICATION
 #undef CONFIG_SSL_ENABLE_CLIENT
 #define CONFIG_SSL_FULL_MODE 1
 #undef CONFIG_SSL_SKELETON_MODE
 #undef CONFIG_SSL_PROT_LOW
 #define CONFIG_SSL_PROT_MEDIUM 1
 #undef CONFIG_SSL_PROT_HIGH
-#define CONFIG_SSL_USE_DEFAULT_KEY
+#undef CONFIG_SSL_USE_DEFAULT_KEY
 #define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
 #define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
 #define CONFIG_SSL_X509_CERT_LOCATION ""

From 23d532ae2d43f4f1def95e4c02307c90ad5fe50f Mon Sep 17 00:00:00 2001
From: Me No Dev <me-no-dev@vdnsbg.com>
Date: Sat, 27 Aug 2016 18:47:02 +0300
Subject: [PATCH 271/301] add send packet size calculator

---
 ssl/ssl.h  |  9 +++++++++
 ssl/tls1.c | 29 +++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index fb91602f9c..9bf91b39b1 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -296,6 +296,15 @@ EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
  */
 EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
 
+/**
+ * @brief Calculate the size of the encrypted data from what you are about to send 
+ * @param ssl [in] An SSL obect reference.
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes that will be sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int out_len);
+
 /**
  * @brief Find an ssl object based on a file descriptor.
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c9615de1cd..ccb253a9bf 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -315,6 +315,35 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
     return out_len;
 }
 
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int length)
+{
+    int msg_length = 0;
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (ssl->flag & SSL_SENT_CLOSE_NOTIFY)
+        return SSL_CLOSE_NOTIFY;
+
+    msg_length += length;
+
+    if (ssl->flag & SSL_TX_ENCRYPTED)
+    {
+        msg_length += ssl->cipher_info->digest_size;
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+            msg_length += pad_bytes;
+        }
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            msg_length += ssl->cipher_info->iv_size;
+        }
+    }
+    return SSL_RECORD_SIZE+msg_length;
+}
+
 /**
  * Add a certificate to the certificate chain.
  */

From fac976c5d54df62f372f264e3f95e5896961cec4 Mon Sep 17 00:00:00 2001
From: Slavey Karadzhov <slavey.karadzhov@zend.com>
Date: Thu, 15 Sep 2016 17:59:08 +0200
Subject: [PATCH 272/301] Re-added the SNI extension. Add code for better
 handling of SSL extension types in the CLIENT_HELLO message.

---
 ssl/tls1.h      |  8 +++++++-
 ssl/tls1_clnt.c | 38 +++++++++++++++++++++++++++++++++++---
 ssl/tls1_svr.c  |  2 +-
 3 files changed, 43 insertions(+), 5 deletions(-)

diff --git a/ssl/tls1.h b/ssl/tls1.h
index 152c69ec30..d62bdb258e 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -83,7 +83,6 @@ extern "C" {
 #define NUM_PROTOCOLS               4
 
 #define MAX_SIG_ALGORITHMS          4
-#define SIG_ALG_EXTENSION           0x0d
 #define SIG_ALG_SHA1                2
 #define SIG_ALG_SHA256              4
 #define SIG_ALG_SHA384              5
@@ -117,6 +116,13 @@ enum
     HS_FINISHED = 20
 };
 
+/* SSL extension types */
+enum
+{
+    SSL_EXT_SERVER_NAME = 0,
+    SSL_EXT_SIG_ALG = 0x0d,
+};
+
 typedef struct 
 {
     uint8_t cipher;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 43efca305a..59db8c1d71 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -39,8 +39,7 @@
 
 /* support sha512/384/256/1 RSA */
 static const uint8_t g_sig_alg[] = { 
-                0x00, 0x0e, 
-                0x00, SIG_ALG_EXTENSION, 
+                0x00, SSL_EXT_SIG_ALG,
                 0x00, 0x0a, 0x00, 0x08,
                 SIG_ALG_SHA512, SIG_ALG_RSA,
                 SIG_ALG_SHA384, SIG_ALG_RSA,
@@ -197,7 +196,10 @@ static int send_client_hello(SSL *ssl)
     uint8_t *buf = ssl->bm_data;
     time_t tm = time(NULL);
     uint8_t *tm_ptr = &buf[6]; /* time will go here */
-    int i, offset;
+    int i, offset, ext_offset;
+    uint16_t ext_len; /* extensions total length */
+
+    ext_len = 0;
 
     buf[0] = HS_CLIENT_HELLO;
     buf[1] = 0;
@@ -244,11 +246,41 @@ static int send_client_hello(SSL *ssl)
     buf[offset++] = 1;              /* no compression */
     buf[offset++] = 0;
 
+    ext_offset = offset;
+
+    buf[offset++] = 0;              /* total length of extensions */
+    buf[offset++] = 0;
+
     /* send the signature algorithm extension for TLS 1.2+ */
     if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
     {
         memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
         offset += sizeof(g_sig_alg);
+        ext_len += sizeof(g_sig_alg);
+    }
+
+    /* send the host name if specified */
+    if (ssl->host_name != NULL) {
+	unsigned int host_len = strlen(ssl->host_name);
+
+	buf[offset++] = 0;
+	buf[offset++] = SSL_EXT_SERVER_NAME;              /* server_name(0) (65535) */
+	buf[offset++] = 0;
+	buf[offset++] = host_len+5;     /* server_name length */
+	buf[offset++] = 0;
+	buf[offset++] = host_len+3;     /* server_list length */
+	buf[offset++] = 0;              /* host_name(0) (255) */
+	buf[offset++] = 0;
+	buf[offset++] = host_len;       /* host_name length */
+	strncpy((char*) &buf[offset], ssl->host_name, host_len);
+	offset += host_len;
+	ext_len += host_len + 9;
+    }
+
+    if(ext_len > 0) {
+    	// update the extensions length value
+    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
+    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
     }
 
     buf[3] = offset - 4;            /* handshake size */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 48c664ef91..163abbd41c 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -206,7 +206,7 @@ static int process_client_hello(SSL *ssl)
         ext_len += buf[offset++];
         PARANOIA_CHECK(pkt_size, offset + ext_len);
         
-        if (ext == SIG_ALG_EXTENSION)
+        if (ext == SSL_EXT_SIG_ALG)
         {
             while (ext_len > 0)
             {

From b20140f86747e0570770e78a6fec220c7b77e1d0 Mon Sep 17 00:00:00 2001
From: anmaped <apedro.1@gmail.com>
Date: Sat, 15 Oct 2016 02:39:10 +0100
Subject: [PATCH 273/301] axTLS fails to aws iot with
 SSL_ERROR_INVALID_HANDSHAKE. It is a wrong OFFSET. (#27)

---
 ssl/tls1_clnt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 59db8c1d71..81738cfb49 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -350,7 +350,7 @@ static int process_server_hello(SSL *ssl)
     offset += 2; // ignore compression
     PARANOIA_CHECK(pkt_size, offset);
 
-    ssl->dc->bm_proc_index = offset+1; 
+    ssl->dc->bm_proc_index = offset;
     PARANOIA_CHECK(pkt_size, offset);
 
     // no extensions

From aa87239cbd216504a13bb22a86b41b8b755ccf4a Mon Sep 17 00:00:00 2001
From: slaff <slaff2@gmail.com>
Date: Mon, 21 Nov 2016 21:02:17 +0100
Subject: [PATCH 274/301] Moved the LWIP RAW compat module into a submodule.
 (#26)

---
 .gitmodules             |   3 +
 README.md               |   2 +-
 compat                  |   1 +
 compat/README.md        | 149 ---------------------
 compat/lwipr_compat.c   | 285 ----------------------------------------
 compat/lwipr_compat.h   |  95 --------------
 compat/lwipr_platform.h |  27 ----
 7 files changed, 5 insertions(+), 557 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 compat
 delete mode 100644 compat/README.md
 delete mode 100644 compat/lwipr_compat.c
 delete mode 100644 compat/lwipr_compat.h
 delete mode 100644 compat/lwipr_platform.h

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000..6816a4b760
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "compat"]
+	path = compat
+	url = https://github.com/attachix/lwirax.git
diff --git a/README.md b/README.md
index 48b4c5e886..fe46b327c7 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ time
 ctime
 ```
 
-For use with LwIP raw TCP API, see [compat/README.md](compat/README.md)
+For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
 
 To build, add xtensa toolchain to your path, and run `make`.
 
diff --git a/compat b/compat
new file mode 160000
index 0000000000..227b8e248b
--- /dev/null
+++ b/compat
@@ -0,0 +1 @@
+Subproject commit 227b8e248b6013f88c14bc37a8b8574cf0d8535a
diff --git a/compat/README.md b/compat/README.md
deleted file mode 100644
index fff33837d7..0000000000
--- a/compat/README.md
+++ /dev/null
@@ -1,149 +0,0 @@
-If you are using [LWIP raw tcp mode](http://lwip.wikia.com/wiki/Raw/TCP) and want to add SSL support below are the steps that can help you to achieve this with the help of [axTLS]( http://axtls.sourceforge.net/ ).
-		
-First you have to include the `lwipr_compat.h` header.
-
-```C
-#include "compat/lwipr_compat.h"
-```
-
-Then in the code block where you initialize the tcp raw connection you should call `axl_init`.
-Take a look at the example below:
-
-```C
-lwip_init();
-
-/* 
- * The line below should be added AFTER the lwip_init code
- * AND BEFORE the call to tcp_new()
- * The parameter value 10 specifies how many SSL connections are expected
- */ 
-axl_init(10);
-
-// .. some more code
-tcp = tcp_new();
-tcp_sent(tcp, staticOnSent);
-tcp_recv(tcp, staticOnReceive);
-tcp_err(tcp, staticOnError);
-tcp_poll(tcp, staticOnPoll, 4);
-// ... and even more code 
-res = tcp_connect(tcp, &addr, port, staticOnConnected);
-
-
-```
-
-Now we should add in our `staticOnConnected` funciton code to create new ssl context and ssl object. 
-In the example below the `sslObj` and `sslContext` are defined as global
-
-```C
-// global definitions
-SSL *sslObj = NULL;
-SSLCTX* sslContext = NULL;
-
-// and some more code...
-
-err_t staticOnConnected(void *arg, struct tcp_pcb *tcp, err_t err)
-{
-	int clientfd = -1;
-	uint32_t options = 0;
-
-	if (tcp == NULL) {
-		/* @TODO: Take care to handle error conditions */
-		return -1;
-	}
-
-	clientfd = axl_append(tcp);
-	if(clientfd == -1) {
-		printf("Unable to add LWIP tcp -> clientfd mapping\n");
-		return ERR_OK;
-	}
-	
-	printf("Connected: ClientId: %d\n", clientfd);
-#ifdef SSL_DEBUG
-	options |= SSL_DISPLAY_STATES | SSL_DISPLAY_BYTES;
-#endif	
-	
-	// if you want to verify the server certificate later you can also add the following option
-	options |= SSL_SERVER_VERIFY_LATER
-	
-	sslContext = ssl_ctx_new(SSL_CONNECT_IN_PARTS | options, 1); // !!! SSL_CONNECT_IN_PARTS must be in the flags !!!
-	sslObj = ssl_client_new(sslContext, clientfd, NULL, 0);
-
-	return ERR_OK;
-}
-```
-
-
-Once we are connected we can send and receive information. For the receiving part we can do the following
-
-```C
-err_t staticOnReceive(void *arg, struct tcp_pcb *tcp, struct pbuf *p, err_t err)
-{
-	uint8_t *read_buf = NULL;
-	int read_bytes = 0;
-
-	printf("Err: %d\n", err);
-
-	if(tcp == NULL || p == NULL) {
-		/* @TODO: Take care to handle error conditions */
-		return -1;
-	}
-
-	read_bytes = axl_ssl_read(sslObj, &read_buf, tcp, p);
-	if(read_bytes > 0) {
-		printf("Got data: %s", read_buf);
-		// @TODO: Do something useful with the read_buf 
-	}
-
-	return ERR_OK;
-}
-```
-
-In the receiving part you can also add debug code to display more information about the SSL handshake, once it was successul.
-
-
-```C
-err_t staticOnReceive(void *arg, struct tcp_pcb *tcp, struct pbuf *p, err_t err)
-{
-	static int show_info = 0;
-	const char *common_name = NULL;
-	
-	// ..
-	read_bytes = axl_ssl_read(sslObj, &read_buf, tcp, p);
-	if(read_bytes > 0) {
-		printf("Got data: %s", read_buf);
-		// @TODO: Do something useful with the read_buf 
-	}
-	
-	if(!show_info && ssl_handshake_status(sslObj) == SSL_OK) {
-		common_name = ssl_get_cert_dn(sslObj, SSL_X509_CERT_COMMON_NAME);
-		if (common_name) {
-			printf("Common Name:\t\t\t%s\n", common_name);
-		}
-
-		// These two funcitons below can be found in the axtls examples
-		display_session_id(sslObj); 
-		display_cipher(sslObj);
-		show_info = 1;
-	}
-	
-	return ERR_OK;
-}
-
-```
-
-
-And for the sending part we can use the following code sample as a start
-
-```C
-void someSendingfunction() {
-	uint8_t *out_buf;
-	int out_bytes = 0;
-	
-	// ... take care to store something in the out_buf
-	
-	axl_ssl_write(sslObj, out_buf, out_bytes);
-}
-
-```
-
-Good luck and send your success stories at slaff@attachix.com.
diff --git a/compat/lwipr_compat.c b/compat/lwipr_compat.c
deleted file mode 100644
index a334454fb0..0000000000
--- a/compat/lwipr_compat.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Compatibility for AxTLS with LWIP raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP)
- *
- *  Created on: Jan 15, 2016
- *      Author: Slavey Karadzhov
- */
-#include "lwipr_compat.h"
-
-AxlTcpDataArray axlFdArray;
-
-#include <stdlib.h>
-
-/* High Level "public" functions */
-
-/**
- * Function that should be called once we are ready to use the axTLS - LWIP raw compatibility
- */
-void axl_init(int capacity) {
-	ax_fd_init(&axlFdArray, capacity);
-}
-
-/**
- * Appends a tcp to the internal array. Returns client file descriptor
- */
-int axl_append(struct tcp_pcb *tcp) {
-	return ax_fd_append(&axlFdArray, tcp);
-}
-
-/**
- * Frees  the internal mapping from this tcp. Returns the number of occurrences of the tcp
- */
-int axl_free(struct tcp_pcb *tcp) {
-	int i;
-	int occurances = 0;
-
-	if(tcp == NULL) {
-		return 0;
-	}
-
-	AxlTcpDataArray *vector = &axlFdArray;
-	AXL_DEBUG("AXL: Freeing %d tcp item", vector->size);
-	for (i = 0; i < vector->size; i++) {
-		if (vector->data[i].tcp == tcp) {
-			if(vector->data[i].tcp_pbuf != NULL) {
-				pbuf_free(vector->data[i].tcp_pbuf);
-				vector->data[i].tcp_pbuf = NULL;
-			}
-			vector->data[i].tcp = NULL;
-			vector->data[i].pbuf_offset = 0;
-			occurances++;
-		}
-	}
-
-	return occurances;
-}
-
-/**
- * Reads data from the SSL over TCP stream. Returns decrypted data.
- * @param SSL *sslObj
- * @param uint8_t **in_data - pointer to the decrypted incoming data, or NULL if nothing was read
- * @param void *arg - possible arguments passed to the tcp raw layer during initialization
- * @param tcp_pcb *tcp - pointer to the raw tcp object
- * @param pbuf *p - pointer to the buffer with the TCP packet data
- *
- * @return int
- * 			0 - when everything is fine but there are no symbols to process yet
- * 			< 0 - when there is an error
- * 			> 0 - the length of the clear text characters that were read
- */
-int axl_ssl_read(SSL *ssl, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *p) {
-	int read_bytes = 0;
-	int total_bytes = 0;
-	int clientfd = -1;
-
-	AxlTcpData* data = NULL;
-
-	if (ssl == NULL) {
-		return ERR_AXL_INVALID_SSL;
-	}
-
-	clientfd = ax_fd_getfd(&axlFdArray, tcp);
-	if(clientfd == -1) {
-		return ERR_AXL_INVALID_CLIENTFD;
-	}
-
-	data = ax_fd_get(&axlFdArray, clientfd);
-	if(data == NULL) {
-		return ERR_AXL_INVALID_CLIENTFD_DATA;
-	}
-
-	if (p != NULL) {
-		data->tcp_pbuf = p;
-		data->pbuf_offset = 0;
-	}
-
-	AXL_DEBUG("READY TO READ SOME DATA\n");
-
-	tcp_recved(tcp, p->tot_len);
-	do {
-		WATCHDOG_FEED();
-		read_bytes = ssl_read(ssl, in_data);
-		AXL_DEBUG("axl_ssl_read: Read bytes: %d\n", read_bytes);
-		if(read_bytes < SSL_OK) {
-			/* An error has occurred. Give it back for further processing */
-			total_bytes = read_bytes;
-			break;
-		}
-		total_bytes+= read_bytes;
-	} while (p->tot_len - data->pbuf_offset > 0);
-
-	pbuf_free(p);
-
-	return total_bytes;
-}
-
-/*
- * Lower Level LWIP RAW functions
- */
-
-/*
- * The LWIP tcp raw version of the SOCKET_WRITE(A, B, C)
- */
-int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed) {
-	AxlTcpData *data = NULL;
-	int tcp_len = 0;
-	err_t err = ERR_OK;
-
-	data = ax_fd_get(&axlFdArray, clientfd);
-	if(data == NULL) {
-		return ERR_AXL_INVALID_CLIENTFD;
-	}
-
-	if (data == NULL || data->tcp == NULL || buf == NULL || bytes_needed == 0) {
-		AXL_DEBUG("Return Zero.\n");
-		return 0;
-	}
-
-	if (tcp_sndbuf(data->tcp) < bytes_needed) {
-		tcp_len = tcp_sndbuf(data->tcp);
-		if(tcp_len == 0) {
-			AXL_DEBUG("The send buffer is full! We have problem.\n");
-			return 0;
-		}
-
-	} else {
-		tcp_len = bytes_needed;
-	}
-
-	if (tcp_len > 2 * data->tcp->mss) {
-		tcp_len = 2 * data->tcp->mss;
-	}
-
-	do {
-		err = tcp_write(data->tcp, buf, tcp_len, TCP_WRITE_FLAG_COPY);
-		if(err < SSL_OK) {
-			AXL_DEBUG("Got error: %d\n", err);
-		}
-
-		if (err == ERR_MEM) {
-			AXL_DEBUG("Not enough memory to write data with length: %d (%d)\n", tcp_len, bytes_needed);
-			tcp_len /= 2;
-		}
-	} while (err == ERR_MEM && tcp_len > 1);
-	AXL_DEBUG("send_raw_packet length %d(%d)\n", tcp_len, bytes_needed);
-	if (err == ERR_OK) {
-		err = tcp_output(data->tcp);
-		if(err != ERR_OK) {
-			AXL_DEBUG("tcp_output got err: %d\n", err);
-		}
-	}
-
-	return tcp_len;
-}
-
-/*
- * The LWIP tcp raw version of the SOCKET_READ(A, B, C)
- */
-int ax_port_read(int clientfd, uint8_t *buf, int bytes_needed) {
-	AxlTcpData *data = NULL;
-	uint8_t *read_buf = NULL;
-	uint8_t *pread_buf = NULL;
-	u16_t recv_len = 0;
-
-	data = ax_fd_get(&axlFdArray, clientfd);
-	if (data == NULL) {
-		return ERR_AXL_INVALID_CLIENTFD_DATA;
-	}
-
-	if(data->tcp_pbuf == NULL || data->tcp_pbuf->tot_len == 0) {
-		AXL_DEBUG("Nothing to read?! May be the connection needs resetting?\n");
-		return 0;
-	}
-
-	read_buf =(uint8_t*)calloc(data->tcp_pbuf->len + 1, sizeof(uint8_t));
-	pread_buf = read_buf;
-	if (pread_buf != NULL){
-		recv_len = pbuf_copy_partial(data->tcp_pbuf, read_buf, bytes_needed, data->pbuf_offset);
-		data->pbuf_offset += recv_len;
-	}
-
-	if (recv_len != 0) {
-		memcpy(buf, read_buf, recv_len);
-	}
-
-	if(bytes_needed < recv_len) {
-		AXL_DEBUG("Bytes needed: %d, Bytes read: %d\n", bytes_needed, recv_len);
-	}
-
-	free(pread_buf);
-	pread_buf = NULL;
-
-	return recv_len;
-}
-
-int ax_get_file(const char *filename, uint8_t **buf) {
-    *buf = 0;
-    return 0;
-}
-
-void ax_wdt_feed() {
-}
-
-/*
- * Utility functions
- */
-void ax_fd_init(AxlTcpDataArray *vector, int capacity) {
-	vector->size = 0;
-	vector->capacity = capacity;
-	vector->data = (AxlTcpData*) malloc(sizeof(AxlTcpData) * vector->capacity);
-}
-
-int ax_fd_append(AxlTcpDataArray *vector, struct tcp_pcb *tcp) {
-	int index;
-
-	ax_fd_double_capacity_if_full(vector);
-	index = vector->size++;
-	vector->data[index].tcp = tcp;
-	vector->data[index].tcp_pbuf = NULL;
-	vector->data[index].pbuf_offset = 0;
-
-	return index;
-}
-
-AxlTcpData* ax_fd_get(AxlTcpDataArray *vector, int index) {
-	if (index >= vector->size || index < 0) {
-		AXL_DEBUG("Index %d out of bounds for vector of size %d\n", index,
-				vector->size);
-		return NULL;
-	}
-	return &(vector->data[index]);
-}
-
-int ax_fd_getfd(AxlTcpDataArray *vector, struct tcp_pcb *tcp) {
-	int i;
-	for (i = 0; i < vector->size; i++) {
-		if (vector->data[i].tcp == tcp) {
-			return i;
-		}
-	}
-
-	return -1;
-}
-
-void ax_fd_set(AxlTcpDataArray *vector, int index, struct tcp_pcb *tcp) {
-	AxlTcpData value;
-	while (index >= vector->size) {
-		ax_fd_append(vector, 0);
-	}
-
-	value.tcp = tcp;
-	value.tcp_pbuf = NULL;
-	value.pbuf_offset = 0;
-	vector->data[index] = value;
-}
-
-void ax_fd_double_capacity_if_full(AxlTcpDataArray *vector) {
-	if (vector->size >= vector->capacity) {
-		vector->capacity *= 2;
-		vector->data = (AxlTcpData*)realloc(vector->data, sizeof(AxlTcpData) * vector->capacity);
-	}
-}
-
-void ax_fd_free(AxlTcpDataArray *vector) {
-	free(vector->data);
-}
diff --git a/compat/lwipr_compat.h b/compat/lwipr_compat.h
deleted file mode 100644
index 1a8846f946..0000000000
--- a/compat/lwipr_compat.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Compatibility for AxTLS with LWIP raw tcp mode (http://lwip.wikia.com/wiki/Raw/TCP)
- *
- *  Created on: Jan 15, 2016
- *      Author: Slavey Karadzhov
- */
-
-#ifndef LWIPR_COMPAT_H
-#define LWIPR_COMPAT_H
-
-/*
- * All those functions will run only if LWIP tcp raw mode is used
- */
-#if LWIP_RAW==1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "lwipr_platform.h"
-#include "ssl/ssl.h"
-#include "ssl/tls1.h"
-
-#define ERR_AXL_INVALID_SSL -101
-#define ERR_AXL_INVALID_TCP -102
-#define ERR_AXL_INVALID_CLIENTFD -103
-#define ERR_AXL_INVALID_CLIENTFD_DATA -104
-
-#define SOCKET_READ(A, B, C) 	ax_port_read(A, B, C)
-#define SOCKET_WRITE(A, B, C) 	ax_port_write(A, B, C)
-
-/*
- * Define the AXL_DEBUG function to add debug functionality
- */
-#ifndef AXL_DEBUG
-	#define AXL_DEBUG(...)
-#endif
-
-/**
- * Define watchdog function to be called during CPU intensive operations.
- */
-#ifndef WATCHDOG_FEED
-	#define WATCHDOG_FEED()
-#endif
-
-typedef struct {
-	struct tcp_pcb *tcp;
-	struct pbuf *tcp_pbuf;
-	int pbuf_offset;
-} AxlTcpData;
-
-
-typedef struct {
-  int size;      /* slots used so far */
-  int capacity;  /* total available slots */
-  AxlTcpData *data;     /* array of TcpData objects */
-} AxlTcpDataArray;
-
-/*
- * High Level Functions - these are the ones that should be used directly
- */
-
-void axl_init(int capacity);
-int axl_append(struct tcp_pcb *tcp);
-int axl_free(struct tcp_pcb *tcp);
-
-#define axl_ssl_write(A, B, C) ssl_write(A, B, C)
-int axl_ssl_read(SSL *sslObj, uint8_t **in_data, struct tcp_pcb *tcp, struct pbuf *p);
-
-/*
- * Lower Level Socket Functions - used internally from axTLS
- */
-
-int ax_port_write(int clientfd, uint8_t *buf, uint16_t bytes_needed);
-int ax_port_read(int clientfd, uint8_t *buf, int bytes_needed);
-
-/*
- * Lower Level Utility functions
- */
-void ax_fd_init(AxlTcpDataArray *vector, int capacity);
-int ax_fd_append(AxlTcpDataArray *vector, struct tcp_pcb *tcp);
-AxlTcpData* ax_fd_get(AxlTcpDataArray *vector, int index);
-int ax_fd_getfd(AxlTcpDataArray *vector, struct tcp_pcb *tcp);
-void ax_fd_set(AxlTcpDataArray *vector, int index, struct tcp_pcb *tcp);
-void ax_fd_double_capacity_if_full(AxlTcpDataArray *vector);
-void ax_fd_free(AxlTcpDataArray *vector);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* LWIP_RAW==1 */
-
-#endif /* LWIPR_COMPAT_H */
diff --git a/compat/lwipr_platform.h b/compat/lwipr_platform.h
deleted file mode 100644
index 518e8bf4e1..0000000000
--- a/compat/lwipr_platform.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * lwipr_platform.h
- *
- *  Created on: Feb 8, 2016
- *      Author: slavey
- *
- */
-
-#ifndef AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_
-#define AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_
-
-/* Add here all platform specific things */
-
-
-// Some calls require the watchdog to be reset
-#ifndef WATCHDOG_FEED
-	#define WATCHDOG_FEED()
-#endif
-
-
-/* SSL_DEBUG is for more information */
-#ifndef SSL_DEBUG
-	#define AXL_DEBUG(...)
-#endif
-
-
-#endif /* AXTLS_8266_COMPAT_LWIPR_PLATFORM_H_ */

From cf4c0bba3446ce3e735a9fc4616ef366678c5808 Mon Sep 17 00:00:00 2001
From: slaff <slaff2@gmail.com>
Date: Mon, 21 Nov 2016 21:03:24 +0100
Subject: [PATCH 275/301] Added initial support for max fragment size
 extension. (#25)

Refactored the code to support more SSL extensions in the future.
---
 ssl/ssl.h       | 20 +++++++++++++++++--
 ssl/tls1.c      | 34 +++++++++++++++++++++++++++++---
 ssl/tls1.h      |  8 +++++++-
 ssl/tls1_clnt.c | 52 ++++++++++++++++++++++++++++++-------------------
 4 files changed, 88 insertions(+), 26 deletions(-)

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9bf91b39b1..4869fa8796 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -225,6 +225,22 @@ EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
  */
 EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
 
+/**
+ * @brief Allocates new SSL extensions structure and returns pointer to it
+ *
+ * @return ssl_ext Pointer to SSL_EXTENSIONS structure
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new();
+
+/**
+ * @brief Frees SSL extensions structure
+ *
+ * @param ssl_ext [in] Pointer to SSL_EXTENSION structure
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
+
 /**
  * @brief (server only) Establish a new SSL connection to an SSL client.
  *
@@ -251,11 +267,11 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * can be null if no session resumption is being used or required. This option
  * is not used in skeleton mode.
  * @param sess_id_size The size of the session id (max 32)
- * @param host_name If non-zero, host name to be sent to server for SNI support
+ * @param ssl_ext pointer to a structure with the activated SSL extensions and their values
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, const char* host_name);
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext);
 
 /**
  * @brief Free any used resources on this connection. 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index ccb253a9bf..0cf2e4c2fe 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -139,6 +139,35 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,
         const uint8_t *data, int size, ...) {}
 #endif
 
+/**
+ * Allocates new SSL extensions structure and returns pointer to it
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
+{
+    SSL_EXTENSIONS *ssl_ext = (SSL_EXTENSIONS *)malloc(sizeof(SSL_EXTENSIONS));
+    ssl_ext->max_fragment_size = 0;
+    ssl_ext->host_name = NULL;
+
+    return ssl_ext;
+}
+
+/**
+ * Allocates new SSL extensions structure and returns pointer to it
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
+{
+    if(ssl_ext == NULL ) {
+        return;
+    }
+
+    if(ssl_ext->host_name != NULL) {
+        free(ssl_ext->host_name);
+    }
+    free(ssl_ext);
+}
+
 /**
  * Establish a new client/server context.
  */
@@ -257,7 +286,8 @@ EXP_FUNC void STDCALL ssl_free(SSL *ssl)
     disposable_free(ssl);
     certificate_free(ssl);
     free(ssl->bm_all_data);
-    free(ssl->host_name);
+    ssl_ext_free(ssl->extensions);
+    ssl->extensions = NULL;
     free(ssl);
 }
 
@@ -631,8 +661,6 @@ SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
     ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
     ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
 
-    ssl->host_name = NULL;
-
     SSL_CTX_UNLOCK(ssl_ctx->mutex);
     return ssl;
 }
diff --git a/ssl/tls1.h b/ssl/tls1.h
index d62bdb258e..6565625aec 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -120,6 +120,7 @@ enum
 enum
 {
     SSL_EXT_SERVER_NAME = 0,
+    SSL_EXT_MAX_FRAGMENT_SIZE,
     SSL_EXT_SIG_ALG = 0x0d,
 };
 
@@ -172,6 +173,11 @@ typedef struct
     uint8_t key_block_generated;
 } DISPOSABLE_CTX;
 
+typedef struct {
+    char *host_name; /* Needed for the SNI support */
+    uint16_t max_fragment_size; /* Needed for the Max Fragment Size Extension. Allowed values: 2^9, 2^10 .. 2^14 */
+} SSL_EXTENSIONS;
+
 struct _SSL
 {
     uint32_t flag;
@@ -213,7 +219,7 @@ struct _SSL
     uint8_t read_sequence[8];           /* 64 bit sequence number */
     uint8_t write_sequence[8];          /* 64 bit sequence number */
     uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
-    char *host_name; /* Needed for the SNI support */
+    SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
 };
 
 typedef struct _SSL SSL;
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index 81738cfb49..fab26676a3 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -64,7 +64,7 @@ static int send_cert_verify(SSL *ssl);
  * Establish a new SSL connection to an SSL server.
  */
 EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size, const char* host_name)
+        uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext)
 {
     SSL *ssl = ssl_new(ssl_ctx, client_fd);
     ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
@@ -82,9 +82,7 @@ EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
         SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
     }
 
-    if(host_name != NULL && strlen(host_name) > 0) {
-        ssl->host_name = (char *)strdup(host_name);
-    }
+    ssl->extensions = ssl_ext;
 
     SET_SSL_FLAG(SSL_IS_CLIENT);
     do_client_connect(ssl);
@@ -259,22 +257,36 @@ static int send_client_hello(SSL *ssl)
         ext_len += sizeof(g_sig_alg);
     }
 
-    /* send the host name if specified */
-    if (ssl->host_name != NULL) {
-	unsigned int host_len = strlen(ssl->host_name);
-
-	buf[offset++] = 0;
-	buf[offset++] = SSL_EXT_SERVER_NAME;              /* server_name(0) (65535) */
-	buf[offset++] = 0;
-	buf[offset++] = host_len+5;     /* server_name length */
-	buf[offset++] = 0;
-	buf[offset++] = host_len+3;     /* server_list length */
-	buf[offset++] = 0;              /* host_name(0) (255) */
-	buf[offset++] = 0;
-	buf[offset++] = host_len;       /* host_name length */
-	strncpy((char*) &buf[offset], ssl->host_name, host_len);
-	offset += host_len;
-	ext_len += host_len + 9;
+    if (ssl->extensions != NULL) {
+        /* send the host name if specified */
+        if (ssl->extensions->host_name != NULL) {
+	    unsigned int host_len = strlen(ssl->extensions->host_name);
+
+	    buf[offset++] = 0;
+	    buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
+	    buf[offset++] = 0;
+	    buf[offset++] = host_len + 5; /* server_name length */
+	    buf[offset++] = 0;
+	    buf[offset++] = host_len + 3; /* server_list length */
+	    buf[offset++] = 0; /* host_name(0) (255) */
+	    buf[offset++] = 0;
+	    buf[offset++] = host_len; /* host_name length */
+	    strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
+	    offset += host_len;
+	    ext_len += host_len + 9;
+        }
+
+        if (ssl->extensions->max_fragment_size) {
+	    buf[offset++] = 0;
+	    buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
+
+	    buf[offset++] = 0; // size of data
+	    buf[offset++] = 2;
+
+	    buf[offset++] = (uint8_t)((ssl->extensions->max_fragment_size >> 8) & 0xff);
+	    buf[offset++] = (uint8_t)(ssl->extensions->max_fragment_size & 0xff);
+	    ext_len += 6;
+        }
     }
 
     if(ext_len > 0) {

From 5282123a963ae95a294daca7a0b95ae1b9f2d8fa Mon Sep 17 00:00:00 2001
From: slaff <slaff2@gmail.com>
Date: Tue, 22 Nov 2016 10:05:03 +0100
Subject: [PATCH 276/301] Updated Lwirax to its latest version. (#29)

---
 compat | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compat b/compat
index 227b8e248b..bc2bf7b61b 160000
--- a/compat
+++ b/compat
@@ -1 +1 @@
-Subproject commit 227b8e248b6013f88c14bc37a8b8574cf0d8535a
+Subproject commit bc2bf7b61b9295b07d2fd9b5a9bb7824b1677c85

From d768568ae799ad41c2e6668ac54d7896584ad667 Mon Sep 17 00:00:00 2001
From: slaff <slaff2@gmail.com>
Date: Sun, 11 Dec 2016 16:48:15 +0100
Subject: [PATCH 277/301] Memory optimization for static const data. (#30)

---
 Makefile             | 9 +++++++++
 crypto/aes.c         | 4 ++--
 crypto/crypto_misc.c | 2 +-
 crypto/sha512.c      | 2 +-
 ssl/os_port.h        | 4 ++++
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 0cdd8dad21..538f340b3a 100644
--- a/Makefile
+++ b/Makefile
@@ -4,6 +4,7 @@ AR := $(TOOLCHAIN_PREFIX)ar
 LD := $(TOOLCHAIN_PREFIX)gcc
 OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
 
+MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
 
 XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
 
@@ -43,6 +44,14 @@ LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
 CFLAGS+=-std=c99 -DESP8266
 
 CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+
+ifneq ($(MFORCE32),)
+    # Your compiler supports the -mforce-l32 flag which means that 
+    # constants can be stored in flash (program) memory instead of SRAM.
+    # See: https://www.arduino.cc/en/Reference/PROGMEM
+    CFLAGS += -DPROGMEM="__attribute__((aligned(4))) __attribute__((section(\".irom.text\")))" -mforce-l32
+endif
+
 BIN_DIR := bin
 AXTLS_AR := $(BIN_DIR)/libaxtls.a
 
diff --git a/crypto/aes.c b/crypto/aes.c
index d573f77901..ba76d301d9 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -75,7 +75,7 @@
 /*
  * AES S-box
  */
-static const uint8_t aes_sbox[256] =
+static const uint8_t aes_sbox[256] PROGMEM =
 {
 	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
 	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
@@ -114,7 +114,7 @@ static const uint8_t aes_sbox[256] =
 /*
  * AES is-box
  */
-static const uint8_t aes_isbox[256] = 
+static const uint8_t aes_isbox[256] PROGMEM = 
 {
     0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
     0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index dfd5e7642c..f166bb8c3a 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -309,7 +309,7 @@ EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
 
 #if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
 /* base64 to binary lookup table */
-static const uint8_t map[128] =
+static const uint8_t map[128] PROGMEM =
 {
     255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
     255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
diff --git a/crypto/sha512.c b/crypto/sha512.c
index aa2f58938f..76250089c3 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -42,7 +42,7 @@
 #define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
 #define MIN(x, y) ((x) < (y) ? x : y)
  
-static const uint8_t padding[128] =
+static const uint8_t padding[128] PROGMEM =
 {
     0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
diff --git a/ssl/os_port.h b/ssl/os_port.h
index efda6b5a4b..e672f102c2 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -230,6 +230,10 @@ void exit_now(const char *format, ...);
 #define SSL_CTX_UNLOCK(A)
 #endif
 
+#ifndef PROGMEM
+#define PROGMEM
+#endif
+
 #ifdef __cplusplus
 }
 #endif

From 993a29f2b26cefeb80189451b88c29b31e84e640 Mon Sep 17 00:00:00 2001
From: silbe <silbe@users.noreply.github.com>
Date: Sun, 19 Feb 2017 03:29:31 +0100
Subject: [PATCH 278/301] Add support for verifying SHA-256 hash of Subject
 Public Key Info (#31)

For HTTP public key pinning (RFC7469), the SHA-256 hash of the Subject
Public Key Info (which usually only changes when the public key
changes) is used rather than the SHA-1 hash of the entire certificate
(which will change on each certificate renewal).
---
 ssl/crypto_misc.h |  1 +
 ssl/ssl.h         |  9 +++++++++
 ssl/tls1.c        | 19 +++++++++++++++++++
 ssl/x509.c        | 20 +++++++++++++++++---
 4 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 92494b6058..d66839755b 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -78,6 +78,7 @@ struct _x509_ctx
     RSA_CTX *rsa_ctx;
     bigint *digest;
     uint8_t *fingerprint;
+    uint8_t *spki_sha256;
     struct _x509_ctx *next;
 };
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4869fa8796..e2b220dd79 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -416,6 +416,15 @@ EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
  */
 EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
 
+/**
+ * @brief Check if SHA256 hash of Subject Public Key Info matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA256 hash to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
+
 /**
  * @brief Retrieve an X.509 distinguished name component.
  * 
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 0cf2e4c2fe..4066d49224 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2210,6 +2210,25 @@ EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
     return res;
 }
 
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash)
+{
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->spki_sha256 == NULL)
+        return 1;
+    int res = memcmp(ssl->x509_ctx->spki_sha256, hash, SHA256_SIZE);
+    if (res != 0) {
+        printf("cert SPKI SHA-256 hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->spki_sha256[i]);
+        }
+        printf("\r\ntest hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", hash[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
+}
+
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /**
diff --git a/ssl/x509.c b/ssl/x509.c
index 862d897fbe..35bd7281e5 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -71,7 +71,7 @@ static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
  */
 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 {
-    int begin_tbs, end_tbs;
+    int begin_tbs, end_tbs, begin_spki, end_spki;
     int ret = X509_NOT_OK, offset = 0, cert_size = 0;
     X509_CTX *x509_ctx;
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
@@ -113,11 +113,14 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 
     if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
             asn1_validity(cert, &offset, x509_ctx) ||
-            asn1_name(cert, &offset, x509_ctx->cert_dn) ||
-            asn1_public_key(cert, &offset, x509_ctx))
+            asn1_name(cert, &offset, x509_ctx->cert_dn))
     {
         goto end_cert;
     }
+    begin_spki = offset;
+    if (asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+    end_spki = offset;
 
 
     x509_ctx->fingerprint = malloc(SHA1_SIZE);
@@ -126,6 +129,12 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
     SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
 
+    x509_ctx->spki_sha256 = malloc(SHA256_SIZE);
+    SHA256_CTX spki_hash_ctx;
+    SHA256_Init(&spki_hash_ctx);
+    SHA256_Update(&spki_hash_ctx, &cert[begin_spki], end_spki-begin_spki);
+    SHA256_Final(x509_ctx->spki_sha256, &spki_hash_ctx);
+
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
 
@@ -289,6 +298,11 @@ void x509_free(X509_CTX *x509_ctx)
         free(x509_ctx->fingerprint);
     }
 
+    if (x509_ctx->spki_sha256)
+    {
+        free(x509_ctx->spki_sha256);
+    }
+
     if (x509_ctx->subject_alt_dnsnames)
     {
         for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)

From 33833fb3c67fcfdadfa752bd55aae2df84a98a1d Mon Sep 17 00:00:00 2001
From: ADiea <ADiea@users.noreply.github.com>
Date: Mon, 13 Mar 2017 09:36:51 +0200
Subject: [PATCH 279/301] Fix memleak in rsa.c (#35)

* fix memleak in rsa.c

* don't alloc block from the start;check block;don't use goto

* fix whitespaces
---
 crypto/rsa.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/crypto/rsa.c b/crypto/rsa.c
index fe09c58287..ab74b4d3be 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -145,13 +145,19 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
                             uint8_t *out_data, int out_len, int is_decryption)
 {
     const int byte_size = ctx->num_octets;
-    int i = 0, size;
+    int i = 0, size = -1;
     bigint *decrypted_bi, *dat_bi;
-    uint8_t *block = (uint8_t *)malloc(byte_size);
+    uint8_t *block = NULL;
     int pad_count = 0;
 
+    do
+    {
     if (out_len < byte_size)        /* check output has enough size */
-        return -1;
+       break;
+
+    block = (uint8_t *)malloc(byte_size);
+    if (!block)
+       break;
 
     memset(out_data, 0, out_len);   /* initialise */
 
@@ -168,13 +174,13 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
     bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
 
     if (block[i++] != 0)             /* leading 0? */
-        return -1;
+        break;
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
     if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
     {
         if (block[i++] != 0x01)     /* BT correct? */
-            return -1;
+            break;
 
         while (block[i++] == 0xff && i < byte_size)
             pad_count++;
@@ -183,7 +189,7 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
 #endif
     {
         if (block[i++] != 0x02)     /* BT correct? */
-            return -1;
+            break;
 
         while (block[i++] && i < byte_size)
             pad_count++;
@@ -191,13 +197,17 @@ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data,
 
     /* check separator byte 0x00 - and padding must be 8 or more bytes */
     if (i == byte_size || pad_count < 8) 
-        return -1;
+        break;
 
     size = byte_size - i;
 
     /* get only the bit we want */
     memcpy(out_data, &block[i], size);
-    free(block);
+    } while(false);
+
+    if(block)
+       free(block);
+
     return size;
 }
 

From 47efb7adf46fafe7ebdf17fb2613075753edf6ac Mon Sep 17 00:00:00 2001
From: ADiea <ADiea@users.noreply.github.com>
Date: Mon, 13 Mar 2017 09:39:00 +0200
Subject: [PATCH 280/301] use snprintf in print_blob (#40)

---
 crypto/crypto_misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index f166bb8c3a..6c7e682d1c 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -290,7 +290,7 @@ EXP_FUNC void STDCALL print_blob(const char *format,
     va_list(ap);
 
     va_start(ap, size);
-    sprintf(tmp, "%s\n", format);
+    snprintf(tmp, sizeof(tmp), "SSL: %s\n", format);
     vprintf(tmp, ap);
     print_hex_init(size);
     for (i = 0; i < size; i++)

From 8afe55267ad1488fdf0d75487d7b826a4468539f Mon Sep 17 00:00:00 2001
From: Myles Eftos <myles@madpilot.com.au>
Date: Thu, 13 Apr 2017 20:04:15 +1000
Subject: [PATCH 281/301] Prefixing max/min defines with axtls_ so they don't
 clash with other libraries that use the sam name

---
 crypto/bigint.c      | 8 ++++----
 crypto/bigint_impl.h | 6 ++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/crypto/bigint.c b/crypto/bigint.c
index 3d44def096..d90b093822 100644
--- a/crypto/bigint.c
+++ b/crypto/bigint.c
@@ -282,7 +282,7 @@ bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
     check(bia);
     check(bib);
 
-    n = max(bia->size, bib->size);
+    n = axtls_max(bia->size, bib->size);
     more_comps(bia, n+1);
     more_comps(bib, n);
     pa = bia->comps;
@@ -876,7 +876,7 @@ static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
     }
     else
     {
-        m = (max(bia->size, bib->size) + 1)/2;
+        m = (axtls_max(bia->size, bib->size) + 1)/2;
     }
 
     x0 = bi_clone(ctx, bia);
@@ -928,7 +928,7 @@ bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
     check(bib);
 
 #ifdef CONFIG_BIGINT_KARATSUBA
-    if (min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    if (axtls_min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
     {
         return regular_multiply(ctx, bia, bib, 0, 0);
     }
@@ -1068,7 +1068,7 @@ static void more_comps(bigint *bi, int n)
 {
     if (n > bi->max_comps)
     {
-        bi->max_comps = max(bi->max_comps * 2, n);
+        bi->max_comps = axtls_max(bi->max_comps * 2, n);
         bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
     }
 
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
index fef6e0378b..b70d32dd32 100644
--- a/crypto/bigint_impl.h
+++ b/crypto/bigint_impl.h
@@ -121,10 +121,8 @@ typedef struct /**< A big integer "session" context. */
     uint8_t mod_offset;         /**< The mod offset we are using */
 } BI_CTX;
 
-#ifndef WIN32
-#define max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
-#define min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
-#endif
+#define axtls_max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define axtls_min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
 
 #define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
 

From feed1ca219c6f498bd9500a88db59dceb54d28f7 Mon Sep 17 00:00:00 2001
From: AndreiD <diea_andrei@yahoo.com>
Date: Sun, 19 Feb 2017 14:53:17 +0200
Subject: [PATCH 282/301] decrease RAM usage using PROGMEM

---
 Makefile             | 16 +++++++++-------
 crypto/aes.c         | 32 ++++++++++++++++----------------
 crypto/crypto_misc.c |  2 +-
 crypto/md5.c         | 11 +++++++++--
 crypto/sha256.c      | 11 +++++++++--
 ssl/config.h         |  2 +-
 ssl/os_port.h        | 25 +++++++++++++++++++++++++
 ssl/ssl.h            | 14 ++++++++++++++
 ssl/tls1.c           | 25 +++++++++++++++++++------
 9 files changed, 103 insertions(+), 35 deletions(-)

diff --git a/Makefile b/Makefile
index 538f340b3a..c3f51ac1df 100644
--- a/Makefile
+++ b/Makefile
@@ -4,8 +4,6 @@ AR := $(TOOLCHAIN_PREFIX)ar
 LD := $(TOOLCHAIN_PREFIX)gcc
 OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
 
-MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
-
 XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
 
 
@@ -43,13 +41,17 @@ LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
 
 CFLAGS+=-std=c99 -DESP8266
 
-CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
 
+MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
 ifneq ($(MFORCE32),)
-    # Your compiler supports the -mforce-l32 flag which means that 
-    # constants can be stored in flash (program) memory instead of SRAM.
-    # See: https://www.arduino.cc/en/Reference/PROGMEM
-    CFLAGS += -DPROGMEM="__attribute__((aligned(4))) __attribute__((section(\".irom.text\")))" -mforce-l32
+    # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading
+    # 16- and 8-bit constants from program memory. So in the code we can directly access the arrays
+    # placed into program memory.
+    CFLAGS +=  -mforce-l32
+else
+	# Otherwise we need to use a helper function to load 16- and 8-bit constants from program memory.
+    CFLAGS += -DWITH_PGM_READ_HELPER
 endif
 
 BIN_DIR := bin
diff --git a/crypto/aes.c b/crypto/aes.c
index ba76d301d9..af6bd98b7a 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -220,20 +220,20 @@ void AES_set_key(AES_CTX *ctx, const uint8_t *key,
 
         if ((i % words) == 0)
         {
-            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]<< 8;
-            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<<16;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<24;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ];
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<24;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)));
             tmp=tmp2^(((unsigned int)*ip)<<24);
             ip++;
         }
 
         if ((words == 8) && ((i % words) == 4))
         {
-            tmp2 =(uint32_t)aes_sbox[(tmp    )&0xff]    ;
-            tmp2|=(uint32_t)aes_sbox[(tmp>> 8)&0xff]<< 8;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>16)&0xff]<<16;
-            tmp2|=(uint32_t)aes_sbox[(tmp>>24)     ]<<24;
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))    ;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)     ))<<24;
             tmp=tmp2;
         }
 
@@ -369,10 +369,10 @@ static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
         /* Perform ByteSub and ShiftRow operations together */
         for (row = 0; row < 4; row++)
         {
-            a0 = (uint32_t)aes_sbox[(data[row%4]>>24)&0xFF];
-            a1 = (uint32_t)aes_sbox[(data[(row+1)%4]>>16)&0xFF];
-            a2 = (uint32_t)aes_sbox[(data[(row+2)%4]>>8)&0xFF]; 
-            a3 = (uint32_t)aes_sbox[(data[(row+3)%4])&0xFF];
+            a0 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[row%4]>>24)&0xFF));
+            a1 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+1)%4]>>16)&0xFF));
+            a2 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+2)%4]>>8)&0xFF));
+            a3 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+3)%4])&0xFF));
 
             /* Perform MixColumn iff not last round */
             if (curr_rnd < (rounds - 1))
@@ -417,10 +417,10 @@ static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
         /* Perform ByteSub and ShiftRow operations together */
         for (row = 4; row > 0; row--)
         {
-            a0 = aes_isbox[(data[(row+3)%4]>>24)&0xFF];
-            a1 = aes_isbox[(data[(row+2)%4]>>16)&0xFF];
-            a2 = aes_isbox[(data[(row+1)%4]>>8)&0xFF];
-            a3 = aes_isbox[(data[row%4])&0xFF];
+            a0 = ax_array_read_u8(aes_isbox, (data[(row+3)%4]>>24)&0xFF);
+            a1 = ax_array_read_u8(aes_isbox, (data[(row+2)%4]>>16)&0xFF);
+            a2 = ax_array_read_u8(aes_isbox, (data[(row+1)%4]>>8)&0xFF);
+            a3 = ax_array_read_u8(aes_isbox, (data[row%4])&0xFF);
 
             /* Perform MixColumn iff not last round */
             if (curr_rnd<(rounds-1))
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
index 6c7e682d1c..c7f086dadb 100644
--- a/crypto/crypto_misc.c
+++ b/crypto/crypto_misc.c
@@ -334,7 +334,7 @@ EXP_FUNC int STDCALL base64_decode(const char *in, int len,
     g = 3;
     for (x = y = z = t = 0; x < len; x++)
     {
-        if ((c = map[in[x]&0x7F]) == 0xff)
+        if ((c = ax_array_read_u8(map, in[x]&0x7F)) == 0xff)
             continue;
 
         if (c == 254)   /* this is the end... */
diff --git a/crypto/md5.c b/crypto/md5.c
index 7f50713006..1a8786f473 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -60,7 +60,7 @@ static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
 static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
 static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
 
-static const uint8_t PADDING[64] = 
+static const uint8_t PADDING[64] PROGMEM = 
 {
     0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -158,7 +158,10 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
 {
     uint8_t bits[8];
     uint32_t x, padLen;
-
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t PADDING_stack[64];
+    memcpy(PADDING_stack, PADDING, 64);
+#endif
     /* Save number of bits */
     Encode(bits, ctx->count, 8);
 
@@ -166,7 +169,11 @@ EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
      */
     x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
     padLen = (x < 56) ? (56 - x) : (120 - x);
+#ifdef WITH_PGM_READ_HELPER
+    MD5_Update(ctx, PADDING_stack, padLen);
+#else
     MD5_Update(ctx, PADDING, padLen);
+#endif
 
     /* Append length (before padding) */
     MD5_Update(ctx, bits, 8);
diff --git a/crypto/sha256.c b/crypto/sha256.c
index 50f5f8cef8..ba1ac95fe4 100644
--- a/crypto/sha256.c
+++ b/crypto/sha256.c
@@ -48,7 +48,7 @@
     (b)[(i) + 3] = (uint8_t) ((n)      );       \
 }
 
-static const uint8_t sha256_padding[64] =
+static const uint8_t sha256_padding[64] PROGMEM =
 {
  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -249,6 +249,10 @@ void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
     uint32_t last, padn;
     uint32_t high, low;
     uint8_t msglen[8];
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t sha256_padding_ram[64];
+    memcpy(sha256_padding_ram, sha256_padding, 64);
+#endif
 
     high = (ctx->total[0] >> 29)
          | (ctx->total[1] <<  3);
@@ -259,8 +263,11 @@ void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
 
     last = ctx->total[0] & 0x3F;
     padn = (last < 56) ? (56 - last) : (120 - last);
-
+#ifdef WITH_PGM_READ_HELPER
+    SHA256_Update(ctx, sha256_padding_ram, padn);
+#else
     SHA256_Update(ctx, sha256_padding, padn);
+#endif
     SHA256_Update(ctx, msglen, 8);
 
     PUT_UINT32(ctx->state[0], digest,  0);
diff --git a/ssl/config.h b/ssl/config.h
index 8b90bb09c4..8731430703 100644
--- a/ssl/config.h
+++ b/ssl/config.h
@@ -45,7 +45,7 @@
 #define CONFIG_SSL_HAS_PEM 1
 #undef CONFIG_SSL_USE_PKCS12
 #define CONFIG_SSL_EXPIRY_TIME 24
-#define CONFIG_X509_MAX_CA_CERTS 150
+#define CONFIG_X509_MAX_CA_CERTS 10
 #define CONFIG_SSL_MAX_CERTS 1
 #undef CONFIG_SSL_CTX_MUTEXING
 #undef CONFIG_USE_DEV_URANDOM
diff --git a/ssl/os_port.h b/ssl/os_port.h
index e672f102c2..07377966d0 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -98,6 +98,31 @@ extern "C" {
 
 void ax_wdt_feed();
 
+#ifndef PROGMEM
+#define PROGMEM __attribute__((aligned(4))) __attribute__((section(".irom.text")))
+#endif
+
+#ifndef WITH_PGM_READ_HELPER
+#define ax_array_read_u8(x, y) x[y]
+#else
+
+static inline uint8_t pgm_read_byte(const void* addr) {
+  register uint32_t res;
+  __asm__("extui    %0, %1, 0, 2\n"     /* Extract offset within word (in bytes) */
+      "sub      %1, %1, %0\n"       /* Subtract offset from addr, yielding an aligned address */
+      "l32i.n   %1, %1, 0x0\n"      /* Load word from aligned address */
+      "slli     %0, %0, 3\n"        /* Multiply offset by 8, yielding an offset in bits */
+      "ssr      %0\n"               /* Prepare to shift by offset (in bits) */
+      "srl      %0, %1\n"           /* Shift right; now the requested byte is the first one */
+      :"=r"(res), "=r"(addr)
+      :"1"(addr)
+      :);
+  return (uint8_t) res;     /* This masks the lower byte from the returned word */
+}
+
+#define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
+#endif //WITH_PGM_READ_HELPER
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index e2b220dd79..09d205a8d0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -233,6 +233,20 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
  */
 EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new();
 
+/**
+ * @brief Set the host name for SNI extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param host_name pointer to a zero-terminated string containing host name
+ */
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name);
+
+/**
+ * @brief Set the maximum fragment size for the fragment size negotiation extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param fragment_size fragment size, allowed values: 2^9, 2^10 ... 2^14
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size);
+
 /**
  * @brief Frees SSL extensions structure
  *
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4066d49224..7294278ad2 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -140,7 +140,7 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,
 #endif
 
 /**
- * Allocates new SSL extensions structure and returns pointer to it
+ * Allocate new SSL extensions structure and return pointer to it
  *
  */
 EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
@@ -153,7 +153,7 @@ EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
 }
 
 /**
- * Allocates new SSL extensions structure and returns pointer to it
+ * Free SSL extensions structure
  *
  */
 EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
@@ -168,6 +168,23 @@ EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
     free(ssl_ext);
 }
 
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name)
+{
+    free(ext->host_name);
+    ext->host_name = NULL;
+    if (host_name) {
+        ext->host_name = strdup(host_name);
+    }
+}
+
+/**
+ * Set the maximum fragment size for the fragment size negotiation extension
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size)
+{
+    ext->max_fragment_size = fragment_size;
+}
+
 /**
  * Establish a new client/server context.
  */
@@ -2426,10 +2443,6 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     printf("\n");
 }
 
-/**
- * Debugging routine to display alerts.
- */
-
 /**
  * Debugging routine to display alerts.
  */

From 822e866d051031b93de133d487c16b7ba3e2470e Mon Sep 17 00:00:00 2001
From: AndreiD <diea_andrei@yahoo.com>
Date: Mon, 20 Feb 2017 20:28:30 +0200
Subject: [PATCH 283/301] Prevent WDT reset while processing the certificates

---
 ssl/tls1.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 7294278ad2..3de849930a 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2108,6 +2108,8 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
     int i = 0;
     offset += 2;
 
+    ax_wdt_feed();
+
     PARANOIA_CHECK(pkt_size, total_cert_len + offset);
 
     // record the start point for the second pass
@@ -2138,7 +2140,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
         offset++;       /* skip empty char */
         cert_size = (buf[offset]<<8) + buf[offset+1];
         offset += 2;
-        
+        ax_wdt_feed();
         if (x509_new(&buf[offset], NULL, certs+num_certs))
         {
             ret = SSL_ERROR_BAD_CERTIFICATE;

From da2dabf4ed11b427724c9e72bd1fbf202d272feb Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Tue, 30 Aug 2016 10:26:04 +0000
Subject: [PATCH 284/301] * RC4 only used if PKCS12 is used. * Buffer sizes
 tightned up. * Buffer check on client handshake due to some
 incompatibilities.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@270 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/rc4.c       |    5 +
 ssl/test/ssltest.c | 2521 ++++++++++++++++
 ssl/tls1.c         |    6 +-
 www/index.html     | 7103 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 9632 insertions(+), 3 deletions(-)
 create mode 100644 ssl/test/ssltest.c
 create mode 100755 www/index.html

diff --git a/crypto/rc4.c b/crypto/rc4.c
index 12a121151d..edfb27a575 100644
--- a/crypto/rc4.c
+++ b/crypto/rc4.c
@@ -37,6 +37,9 @@
 #include "os_port.h"
 #include "crypto.h"
 
+/* only used for PKCS12 now */
+#ifdef CONFIG_SSL_USE_PKCS12
+
 /**
  * Get ready for an encrypt/decrypt operation
  */
@@ -90,3 +93,5 @@ void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
     ctx->x = x;
     ctx->y = y;
 }
+
+#endif
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
new file mode 100644
index 0000000000..98ba3e192f
--- /dev/null
+++ b/ssl/test/ssltest.c
@@ -0,0 +1,2521 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The testing of the crypto and ssl stuff goes here. Keeps the individual code
+ * modules from being uncluttered with test code.
+ *
+ * This is test code - I make no apologies for the quality!
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifndef WIN32
+#include <pthread.h>
+#endif
+
+#include "os_port.h"
+#include "ssl.h"
+
+#define DEFAULT_CERT            "../ssl/test/axTLS.x509_1024.cer"
+#define DEFAULT_KEY             "../ssl/test/axTLS.key_1024"     
+//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_SVR_OPTION      0
+//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_CLNT_OPTION     0
+
+/* hack to remove gcc warning */
+#define SYSTEM(A)           if (system(A) < 0) printf("system call error\n");
+
+static int g_port = 19001;
+
+/**************************************************************************
+ * AES tests 
+ * 
+ * Run through a couple of the RFC3602 tests to verify that AES is correct.
+ **************************************************************************/
+#define TEST1_SIZE  16
+#define TEST2_SIZE  32
+
+static int AES_test(BI_CTX *bi_ctx)
+{
+    AES_CTX aes_key;
+    int res = 1;
+    uint8_t key[TEST1_SIZE];
+    uint8_t iv[TEST1_SIZE];
+
+    {
+        /*
+            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
+            Key       : 0x06a9214036b8a15b512e03d534120006
+            IV        : 0x3dafba429d9eb430b422da802c9fac41
+            Plaintext : "Single block msg"
+            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
+
+        */
+        char *in_str =  "Single block msg";
+        uint8_t ct[TEST1_SIZE];
+        uint8_t enc_data[TEST1_SIZE];
+        uint8_t dec_data[TEST1_SIZE];
+
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "06A9214036B8A15B512E03D534120006");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "E353779C1079AEB82708942DBE77181A");
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
+                enc_data, sizeof(enc_data));
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: AES ENCRYPT #1 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+
+        if (memcmp(dec_data, in_str, sizeof(dec_data)))
+        {
+            printf("Error: AES DECRYPT #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        /*
+            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
+            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
+            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
+            Plaintext : 0x000102030405060708090a0b0c0d0e0f
+                          101112131415161718191a1b1c1d1e1f
+            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
+                          7586602d253cfff91b8266bea6d61ab1
+        */
+        uint8_t in_data[TEST2_SIZE];
+        uint8_t ct[TEST2_SIZE];
+        uint8_t enc_data[TEST2_SIZE];
+        uint8_t dec_data[TEST2_SIZE];
+
+        bigint *in_bi = bi_str_import(bi_ctx,
+            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
+        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
+                enc_data, sizeof(enc_data));
+
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: ENCRYPT #2 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+        if (memcmp(dec_data, in_data, sizeof(dec_data)))
+        {
+            printf("Error: DECRYPT #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All AES tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA1 tests 
+ *
+ * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
+ **************************************************************************/
+static int SHA1_test(BI_CTX *bi_ctx)
+{
+    SHA1_CTX ctx;
+    uint8_t ct[SHA1_SIZE];
+    uint8_t digest[SHA1_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "A9993E364706816ABA3E25717850C26C9CD0D89D");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA1 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA256 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
+ **************************************************************************/
+static int SHA256_test(BI_CTX *bi_ctx)
+{
+    SHA256_CTX ctx;
+    uint8_t ct[SHA256_SIZE];
+    uint8_t digest[SHA256_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA256 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA384 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
+ **************************************************************************/
+static int SHA384_test(BI_CTX *bi_ctx)
+{
+    SHA384_CTX ctx;
+    uint8_t ct[SHA384_SIZE];
+    uint8_t digest[SHA384_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA384 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * SHA512 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
+ **************************************************************************/
+static int SHA512_test(BI_CTX *bi_ctx)
+{
+    SHA512_CTX ctx;
+    uint8_t ct[SHA512_SIZE];
+    uint8_t digest[SHA512_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA512 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * MD5 tests 
+ *
+ * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
+ **************************************************************************/
+static int MD5_test(BI_CTX *bi_ctx)
+{
+    MD5_CTX ctx;
+    uint8_t ct[MD5_SIZE];
+    uint8_t digest[MD5_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str =  "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx, 
+                "900150983CD24FB0D6963F7D28E17F72");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #2 failed\n");
+            goto end;
+        }
+    }
+    res = 0;
+    printf("All MD5 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * HMAC tests 
+ *
+ * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
+ **************************************************************************/
+static int HMAC_test(BI_CTX *bi_ctx)
+{
+    uint8_t key[SHA256_SIZE];
+    uint8_t ct[SHA256_SIZE];
+    uint8_t dgst[SHA256_SIZE];
+    int res = 1;
+    const char *key_str;
+
+    const char *data_str = "Hi There";
+    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
+    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #2 failed\n");
+        goto end;
+    }
+   
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
+    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, SHA1_SIZE, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #2 failed\n");
+        goto end;
+    }
+
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx,
+            "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
+    bi_export(bi_ctx, key_bi, key, 20);
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, 20, dgst);
+
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #1 failed\n");
+        goto end;
+    } 
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx,
+            "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 28, 
+            (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #2 failed\n");
+        goto end;
+    }
+
+    // other test
+    /*uint8_t secret[16];
+    key_str = "9BBE436BA940F017B17652849A71DB35";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 16);
+
+    uint8_t random[26];
+    data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 26);
+
+    uint8_t output[256];
+    p_hash_sha256(secret, 16, random, 26, output, 100);
+    ct_bi = bi_import(bi_ctx, output, 100);
+    bi_print("RESULT", ct_bi);
+    */
+
+    /*uint8_t secret[48];
+    uint8_t random[256];
+    uint8_t output[256];
+
+    key_str =
+        "8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 48);
+
+    data_str =
+        "636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 47);
+
+    p_hash_sha256(secret, 48, random, 47, output, 12);
+    ct_bi = bi_import(bi_ctx, output, 12);
+    bi_print("RESULT1", ct_bi);*/
+
+    res = 0;
+    printf("All HMAC tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+static int BIGINT_test(BI_CTX *ctx)
+{
+    int res = 1;
+
+#ifndef CONFIG_INTEGER_8BIT 
+#ifndef CONFIG_INTEGER_16BIT 
+    bigint *bi_data, *bi_exp, *bi_res;
+    const char *expnt, *plaintext, *mod;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
+
+    mod = "C30773C8ABE09FCC279EE0E5343370DE"
+          "8B2FFDB6059271E3005A7CEEF0D35E0A"
+          "1F9915D95E63560836CC2EB2C289270D"
+          "BCAE8CAF6F5E907FC2759EE220071E1B";
+
+    expnt = "A1E556CD1738E10DF539E35101334E97"
+          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
+          "F3140F5091CC535CBAA47CEC4159EE1F"
+          "B6A3661AFF1AB758426EAB158452A9B9";
+
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_exp = int_to_bi(ctx, 0x10001);
+    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+
+    bi_data = bi_res;   /* resuse again - see if we get the original */
+
+    bi_exp = bi_str_import(ctx, expnt);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+    bi_free_mod(ctx, 0);
+
+    bi_export(ctx, bi_res, compare, 64);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+#endif
+#endif
+
+    /*
+     * Multiply with psssible carry issue (8 bit)
+     */
+    {
+        bigint *bi_x = bi_str_import(ctx, 
+                "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
+        bigint *arg2 = bi_clone(ctx, bi_x);
+        bigint *arg3 = bi_clone(ctx, bi_x);
+        bigint *sqr_result = bi_square(ctx, bi_x);
+        bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
+
+        if (bi_compare(sqr_result, mlt_result) != 0)
+        {
+            bi_print("SQR_RESULT", sqr_result);
+            bi_print("MLT_RESULT", mlt_result);
+            bi_free(ctx, sqr_result);
+            bi_free(ctx, mlt_result);
+            goto end;
+        }
+
+        bi_free(ctx, sqr_result);
+        bi_free(ctx, mlt_result);
+    }
+
+    printf("All BIGINT tests passed\n");
+    res = 0;
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RSA tests 
+ *
+ * Use the results from openssl to verify PKCS1 etc 
+ **************************************************************************/
+static int RSA_test(void)
+{
+    int res = 1;
+    const char *plaintext = /* 128 byte hex number */
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
+    uint8_t enc_data[128], dec_data[128];
+    RSA_CTX *rsa_ctx = NULL;
+    BI_CTX *bi_ctx;
+    bigint *plaintext_bi;
+    bigint *enc_data_bi, *dec_data_bi;
+    uint8_t enc_data2[128], dec_data2[128];
+    int len; 
+    uint8_t *buf;
+
+    RNG_initialize();
+
+    /* extract the private key elements */
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
+    {
+        goto end;
+    }
+
+    free(buf);
+    bi_ctx = rsa_ctx->bi_ctx;
+    plaintext_bi = bi_import(bi_ctx, 
+            (const uint8_t *)plaintext, strlen(plaintext));
+
+    /* basic rsa encrypt */
+    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
+    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
+
+    /* basic rsa decrypt */
+    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
+    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
+
+    if (memcmp(dec_data, plaintext, strlen(plaintext)))
+    {
+        printf("Error: DECRYPT #1 failed\n");
+        goto end;
+    }
+
+    if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
+    {
+        printf("Error: ENCRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
+    if (memcmp("abc", dec_data2, 3))
+    {
+        printf("Error: DECRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_free(rsa_ctx);
+    res = 0;
+    printf("All RSA tests passed\n");
+
+end:
+    RNG_terminate();
+    return res;
+}
+
+/**************************************************************************
+ * Cert Testing
+ *
+ **************************************************************************/
+static int cert_tests(void)
+{
+    int res = -1, len;
+    X509_CTX *x509_ctx;
+    SSL_CTX *ssl_ctx;
+    uint8_t *buf;
+
+    /* check a bunch of 3rd party certificates */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #1\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/thawte.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #2\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #3\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/equifax.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #4\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/gnutls.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/socgen.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
+    {
+        printf("Cert #7\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #8\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, 
+              SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #9\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #10\n");
+        res = -1;
+        goto bad_cert;
+    }
+
+    if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
+    {
+        printf("Cert #11\n");
+        res = -1;
+        goto bad_cert;
+    }
+    x509_free(x509_ctx);
+    free(buf);
+
+    // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    res = 0;        /* all ok */
+    printf("All Certificate tests passed\n");
+
+bad_cert:
+    if (res)
+        printf("Error: A certificate test failed\n");
+
+    return res;
+}
+
+/**
+ * init a server socket.
+ */
+static int server_socket_init(int *port)
+{
+    struct sockaddr_in serv_addr;
+    int server_fd;
+    char yes = 1;
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        return -1;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+go_again:
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(*port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        (*port)++;
+        goto go_again;
+    }
+    /* Mark the socket so it will listen for incoming connections */
+    if (listen(server_fd, 3000) < 0)
+    {
+        return -1;
+    }
+
+    return server_fd;
+}
+
+/**
+ * init a client socket.
+ */
+static int client_socket_init(uint16_t port)
+{
+    struct sockaddr_in address;
+    int client_fd;
+
+    address.sin_family = AF_INET;
+    address.sin_port = htons(port);
+    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
+    client_fd = socket(AF_INET, SOCK_STREAM, 0);
+    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
+    {
+        perror("socket");
+        SOCKET_CLOSE(client_fd);
+        client_fd = -1;
+    }
+
+    return client_fd;
+}
+
+/**************************************************************************
+ * SSL Server Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    /* not used as yet */
+    int dummy;
+} SVR_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} client_t;
+
+static void do_client(client_t *clnt)
+{
+    char openssl_buf[2048];
+    usleep(200000);           /* allow server to start */
+
+    /* show the session ids in the reconnect test */
+    if (strcmp(clnt->testname, "Session Reuse") == 0)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
+            g_port, clnt->openssl_option);
+    }
+    else if (strstr(clnt->testname, "GNUTLS") == NULL)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+#ifdef WIN32
+            "-connect localhost:%d -quiet %s",
+#else
+            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
+#endif
+            g_port, clnt->openssl_option);
+    }
+    else /* gnutls */
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
+#ifdef WIN32
+            "-p %d %s localhost",
+#else
+            "-p %d %s localhost > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
+
+//printf("CLIENT %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_server_test(
+        const char *testname, 
+        const char *openssl_option, 
+        const char *device_cert, 
+        const char *product_cert, 
+        const char *private_key,
+        const char *ca_cert,
+        const char *password,
+        int axtls_option)
+{
+    int server_fd, ret = 0;
+    SSL_CTX *ssl_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    client_t client_data;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    g_port++;
+
+    client_data.testname = testname;
+    client_data.openssl_option = openssl_option;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    if (private_key)
+    {
+        axtls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    if (private_key)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+
+        if (strstr(private_key, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+
+    if (device_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (product_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (ca_cert)                  /* test adding certificate authorities */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_client, (void *)&client_data);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
+            (LPVOID)&client_data, 0, NULL);
+#endif
+
+    for (;;)
+    {
+        int client_fd, size = 0; 
+        SSL *ssl;
+
+        /* Wait for a client to connect */
+        if ((client_fd = accept(server_fd, 
+                        (struct sockaddr *)&client_addr, &clnt_len)) < 0)
+        {
+            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+            goto error;
+        }
+        
+        /* we are ready to go */
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
+        SOCKET_CLOSE(client_fd);
+        
+        if (size == SSL_CLOSE_NOTIFY)
+        {
+            /* do nothing */ 
+        }
+        else if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ret = size;
+
+            if (ret == SSL_ERROR_CONN_LOST)
+                continue;
+
+            break;  /* we've got a problem */
+        }
+        else /* looks more promising */
+        {
+            if (strstr("hello client", (char *)read_buf) == NULL)
+            {
+                printf("SSL server test \"%s\" passed\n", testname);
+                TTY_FLUSH();
+                ret = 0;
+                break;
+            }
+        }
+
+        ssl_free(ssl);
+    }
+
+    SOCKET_CLOSE(server_fd);
+
+error:
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+int SSL_server_tests(void)
+{
+    int ret = -1;
+    struct stat stat_buf;
+    SVR_CTX svr_test_ctx;
+    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
+
+    printf("### starting server tests\n"); TTY_FLUSH();
+
+    /* Go through the algorithms */
+
+    /* 
+     * TLS client hello 
+     */
+
+    /*
+     * AES128-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES256-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA TLS1.2", 
+                    "-cipher AES256-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA256 TLS1.2", 
+                    "-cipher AES128-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+
+    /*
+     * AES256-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA256 TLS1.2", 
+                    "-cipher AES256-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.1
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.0
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.0", 
+                    "-cipher AES128-SHA -tls1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * Session Reuse
+     * all the session id's should match for session resumption.
+     */
+    if ((ret = SSL_server_test("Session Reuse", 
+                    "-cipher AES128-SHA -reconnect -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 1024 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test("1024 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 2048 bit RSA key 
+     */
+    if ((ret = SSL_server_test("2048 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "../ssl/test/axTLS.key_2048",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 4096 bit RSA key 
+     */
+    if ((ret = SSL_server_test("4096 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "../ssl/test/axTLS.key_4096",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA256
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA256",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha256.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA384
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA384",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha384.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA512
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA512",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha512.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Client Verification
+     */
+    if ((ret = SSL_server_test("Client Verification TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("Client Verification TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* this test should fail */
+    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    {
+        if ((ret = SSL_server_test("Error: Bad Before Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
+            goto cleanup;
+
+        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
+        TTY_FLUSH();
+    }
+
+    /* this test should fail */
+    if ((ret = SSL_server_test("Error: Bad After Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
+    TTY_FLUSH();
+
+    /*
+     * No trusted cert
+     */
+    if ((ret = SSL_server_test("Error: No trusted certificate", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL, NULL, NULL, 
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "No trusted certificate");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the server)
+     */
+    if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
+                    NULL, NULL, NULL, 
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", 
+                            "Self-signed certificate (from server)");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the client)
+     */
+    if ((ret = SSL_server_test("Self-signed certificate (from client)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL, NULL, NULL, 
+                    "../ssl/test/axTLS.ca_x509.cer",
+                    NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* 
+     * Key in PEM format
+     */
+    if ((ret = SSL_server_test("Key in PEM format",
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert in PEM format
+     */
+    if ((ret = SSL_server_test("Cert in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert chain in PEM format
+     */
+    if ((ret = SSL_server_test("Cert chain in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_device.pem", 
+                    NULL, "../ssl/test/axTLS.device_key.pem",
+                    "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES256 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES256 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes256.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted invalid key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted invalid key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
+    TTY_FLUSH();
+
+    /*
+     * PKCS#8 key (encrypted)
+     */
+    if ((ret = SSL_server_test("pkcs#8 encrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted DER format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 DER unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted PEM format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#12 key/certificate
+     */
+    if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher AES128-SHA", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher AES128-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * GNUTLS
+     */
+    if ((ret = SSL_server_test("GNUTLS client", 
+                    "",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+    
+    if ((ret = SSL_server_test("GNUTLS client with verify", 
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL, 
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        printf("Error: A server test failed\n");
+        ssl_display_error(ret);
+        exit(1);
+    }
+    else
+    {
+        printf("All server tests passed\n"); TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Client Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+#ifndef WIN32
+    pthread_t server_thread;
+#endif
+    int start_server;
+    int stop_server;
+    int do_reneg;
+} CLNT_SESSION_RESUME_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+    int do_gnutls;
+} server_t;
+
+static void do_server(server_t *svr)
+{
+    char openssl_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    if (svr->do_gnutls)
+    {
+        sprintf(openssl_buf, "gnutls-serv " 
+                "-p %d --quiet %s ", g_port, svr->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "openssl s_server " 
+#ifdef WIN32
+                "-accept %d -quiet %s", 
+#else
+                "-accept %d -quiet %s > /dev/null", 
+#endif
+                g_port, svr->openssl_option);
+    }
+//printf("SERVER %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_client_test(
+        const char *test,
+        SSL_CTX **ssl_ctx,
+        const char *openssl_option, 
+        CLNT_SESSION_RESUME_CTX *sess_resume,
+        uint32_t client_options,
+        const char *private_key,
+        const char *password,
+        const char *cert)
+{
+    server_t server_data;
+    SSL *ssl = NULL;
+    int client_fd = -1;
+    uint8_t *session_id = NULL;
+    int ret = 1;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
+
+    if (sess_resume == NULL || sess_resume->start_server)
+    {
+        g_port++;
+        server_data.openssl_option = openssl_option;
+
+#ifndef WIN32
+        pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_server, (void *)&server_data);
+        pthread_detach(thread);
+#else
+        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
+            (LPVOID)&server_data, 0, NULL);
+#endif
+    }
+    
+    usleep(200000);           /* allow server to start */
+
+    if (*ssl_ctx == NULL)
+    {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
+        if ((*ssl_ctx = ssl_ctx_new(
+                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto client_test_exit;
+        }
+
+        if (private_key)
+        {
+            int obj_type = SSL_OBJ_RSA_KEY;
+
+            if (strstr(private_key, ".p8"))
+                obj_type = SSL_OBJ_PKCS8;
+            else if (strstr(private_key, ".p12"))
+                obj_type = SSL_OBJ_PKCS12;
+
+            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
+            {
+                ret = SSL_ERROR_INVALID_KEY;
+                goto client_test_exit;
+            }
+        }
+
+        if (cert)                  
+        {
+            if ((ret = ssl_obj_load(*ssl_ctx, 
+                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
+            {
+                printf("could not add cert %s (%d)\n", cert, ret);
+                TTY_FLUSH();
+                goto client_test_exit;
+            }
+        }
+
+        if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                "../ssl/test/axTLS.ca_x509.cer", NULL))
+        {
+            printf("could not add cert auth\n"); TTY_FLUSH();
+            goto client_test_exit;
+        }
+    }
+    
+    if (sess_resume && !sess_resume->start_server) 
+    {
+        session_id = sess_resume->session_id;
+    }
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+    {
+        printf("could not start socket on %d\n", g_port); TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
+
+    /* check the return status */
+    if ((ret = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    /* renegotiate client */
+    if (sess_resume && sess_resume->do_reneg) 
+    {
+        if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION) 
+            ret = 0;
+        else
+            ret = -SSL_ALERT_NO_RENEGOTIATION;
+
+        goto client_test_exit;
+    }
+
+    if (sess_resume)
+    {
+        memcpy(sess_resume->session_id, 
+                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
+                                            (ret = ssl_verify_cert(ssl)))
+    {
+        goto client_test_exit;
+    }
+
+    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
+    if (sess_resume)
+    {
+        const uint8_t *sess_id = ssl_get_session_id(ssl);
+        int i;
+
+        printf("    Session-ID: ");
+        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+        {
+            printf("%02X", sess_id[i]);
+        }
+        printf("\n");
+        TTY_FLUSH();
+    }
+
+    ret = 0;
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    usleep(200000);           /* allow openssl to say something */
+
+    if (sess_resume)
+    {
+        if (sess_resume->stop_server)
+        {
+            ssl_ctx_free(*ssl_ctx);
+            *ssl_ctx = NULL;
+        }
+        else if (sess_resume->start_server)
+        {
+#ifndef WIN32
+           sess_resume->server_thread = thread;
+#endif
+        }
+    }
+    else
+    {
+        ssl_ctx_free(*ssl_ctx);
+        *ssl_ctx = NULL;
+    }
+
+    if (ret == 0)
+    {
+        printf("SSL client test \"%s\" passed\n", test);
+        TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+int SSL_client_tests(void)
+{
+    int ret =  -1;
+    SSL_CTX *ssl_ctx = NULL;
+    CLNT_SESSION_RESUME_CTX sess_resume;
+    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
+
+    sess_resume.start_server = 1;
+    printf("### starting client tests\n");
+   
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", 
+                    &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* all the session id's should match for session resumption */
+    sess_resume.start_server = 0;
+    if ((ret = SSL_client_test("Client session resumption #1", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    // no client renegotiation
+    sess_resume.do_reneg = 1;
+    // test relies on openssl killing the call
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
+
+    sess_resume.stop_server = 1;
+    if ((ret = SSL_client_test("Client session resumption #2", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("2048 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("4096 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_4096.pem "
+                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.1", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.0", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Server cert chaining", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_device.pem "
+                    "-key ../ssl/test/axTLS.device_key.pem "
+                    "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication TLS1.1",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
+     * the certificate verification fails) */
+    if ((ret = SSL_client_test("Error: Expired cert (verify now)",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify now)\" passed\n");
+
+    /* There is no "ERROR" from openssl */
+    if ((ret = SSL_client_test("Error: Expired cert (verify later)", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
+                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    /* invalid cert type */
+    if ((ret = SSL_client_test("Error: Invalid certificate type", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.x509_1024.cer", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")) 
+                            != SSL_ERROR_INVALID_KEY)
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Invalid certificate type\" passed\n");
+
+    if ((ret = SSL_client_test("GNUTLS client", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    ret = 0;
+
+    if ((ret = SSL_client_test("GNUTLS client with verify", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, 
+                    NULL, NULL, NULL)))
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        ssl_display_error(ret);
+        printf("Error: A client test failed\n");
+        SYSTEM("sh ../ssl/test/killopenssl.sh");
+        SYSTEM("sh ../ssl/test/killgnutls.sh");
+        exit(1);
+    }
+    else
+    {
+        printf("All client tests passed\n"); TTY_FLUSH();
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Basic Testing (test a big packet handshake)
+ *
+ **************************************************************************/
+static uint8_t basic_buf[256*1024];
+
+static void do_basic(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+
+    /* check the return status */
+    if (ssl_handshake_status(ssl_clnt) < 0)
+    {
+        ssl_display_error(ssl_handshake_status(ssl_clnt));
+        goto error;
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_basic_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_basic, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL basic test passed\n" :
+                            "SSL basic test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL unblocked case
+ *
+ **************************************************************************/
+static void do_unblocked(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, 
+                            SSL_DEFAULT_CLNT_SESS |
+                            SSL_CONNECT_IN_PARTS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    {
+#ifdef WIN32
+        u_long argp = 1;
+        ioctlsocket(client_fd, FIONBIO, &argp);
+#else
+        int flags = fcntl(client_fd, F_GETFL, NULL);
+        fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
+#endif
+    }
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+
+    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
+    {
+        if (ssl_read(ssl_clnt, NULL) < 0)
+        {
+            ssl_display_error(ssl_handshake_status(ssl_clnt));
+            goto error;
+        }
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_unblocked_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_unblocked, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked, 
+                        NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL unblocked test passed\n" :
+                            "SSL unblocked test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         100
+
+typedef struct
+{
+    SSL_CTX *ssl_clnt_ctx;
+    int port;
+    int thread_id;
+} multi_t;
+
+void do_multi_clnt(multi_t *multi_data)
+{
+    int res = 1, client_fd, i;
+    SSL *ssl = NULL;
+    char tmp[5];
+
+    if ((client_fd = client_socket_init(multi_data->port)) < 0)
+        goto client_test_exit;
+
+    usleep(200000);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
+
+    if ((res = ssl_handshake_status(ssl)))
+    {
+        printf("Client ");
+        ssl_display_error(res);
+        goto client_test_exit;
+    }
+
+    sprintf(tmp, "%d\n", multi_data->thread_id);
+    for (i = 0; i < 10; i++)
+        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    free(multi_data);
+}
+
+void do_multi_svr(SSL *ssl)
+{
+    uint8_t *read_buf;
+    int *res_ptr = malloc(sizeof(int));
+    int res;
+
+    for (;;)
+    {
+        res = ssl_read(ssl, &read_buf);
+
+        /* kill the client */
+        if (res != SSL_OK)
+        {
+            if (res == SSL_ERROR_CONN_LOST)
+            {
+                SOCKET_CLOSE(ssl->client_fd);
+                ssl_free(ssl);
+                break;
+            }
+            else if (res > 0)
+            {
+                /* do nothing */
+            }
+            else /* some problem */
+            {
+                printf("Server ");
+                ssl_display_error(res);
+                goto error;
+            }
+        }
+    }
+
+    res = SSL_OK;
+error:
+    *res_ptr = res;
+    pthread_exit(res_ptr);
+}
+
+int multi_thread_test(void)
+{
+    int server_fd = -1;
+    SSL_CTX *ssl_server_ctx;
+    SSL_CTX *ssl_clnt_ctx;
+    pthread_t clnt_threads[NUM_THREADS];
+    pthread_t svr_threads[NUM_THREADS];
+    int i, res = 0;
+    struct sockaddr_in client_addr;
+    socklen_t clnt_len = sizeof(client_addr);
+
+    printf("Do multi-threading test (takes a minute)\n");
+
+    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
+        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
+        multi_data->port = g_port;
+        multi_data->thread_id = i+1;
+        pthread_create(&clnt_threads[i], NULL, 
+                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
+        pthread_detach(clnt_threads[i]);
+    }
+
+    for (i = 0; i < NUM_THREADS; i++)
+    { 
+        SSL *ssl_svr;
+        int client_fd = accept(server_fd, 
+                      (struct sockaddr *)&client_addr, &clnt_len);
+
+        if (client_fd < 0)
+            goto error;
+
+        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
+
+        pthread_create(&svr_threads[i], NULL, 
+                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
+    }
+
+    /* make sure we've run all of the threads */
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        void *thread_res;
+        pthread_join(svr_threads[i], &thread_res);
+
+        if (*((int *)thread_res) != 0)
+            res = 1;
+
+        free(thread_res);
+    } 
+
+    if (res) 
+        goto error;
+
+    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
+error:
+    ssl_ctx_free(ssl_server_ctx);
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(server_fd);
+    return res;
+}
+#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ 
+
+/**************************************************************************
+ * Header issue
+ *
+ **************************************************************************/
+//static void do_header_issue(void)
+//{
+//    char axtls_buf[2048];
+//#ifndef WIN32
+//    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+//#endif
+//    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
+//    SYSTEM(axtls_buf);
+//}
+//
+//static int header_issue(void)
+//{
+//    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
+//    int server_fd = -1, client_fd = -1, ret = 1;
+//    uint8_t buf[2048];
+//    int size = 0;
+//    struct sockaddr_in client_addr;
+//    socklen_t clnt_len = sizeof(client_addr);
+//#ifndef WIN32
+//    pthread_t thread;
+//#endif
+//
+//    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
+//        goto error;
+//
+//#ifndef WIN32
+//    pthread_create(&thread, NULL, 
+//                (void *(*)(void *))do_header_issue, NULL);
+//    pthread_detach(thread);
+//#else
+//    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
+//                NULL, 0, NULL);
+//#endif
+//    if ((client_fd = accept(server_fd, 
+//                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    size = fread(buf, 1, sizeof(buf), f);
+//    if (SOCKET_WRITE(client_fd, buf, size) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    usleep(200000);
+//
+//    ret = 0;
+//error:
+//    fclose(f);
+//    SOCKET_CLOSE(client_fd);
+//    SOCKET_CLOSE(server_fd);
+//    TTY_FLUSH();
+//    SYSTEM("killall axssl");
+//    return ret;
+//}
+
+/**************************************************************************
+ * main()
+ *
+ **************************************************************************/
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    BI_CTX *bi_ctx;
+    int fd;
+
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
+    dup2(fd, 2);                        /* write stderr to this file */
+#else
+    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+    dup2(fd, 2);
+#endif
+
+    /* can't do testing in this mode */
+#if defined CONFIG_SSL_GENERATE_X509_CERT
+    printf("Error: Must compile with default key/certificates\n");
+    exit(1);
+#endif
+
+    bi_ctx = bi_initialize();
+
+    if (AES_test(bi_ctx))
+    {
+        printf("AES tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (MD5_test(bi_ctx))
+    {
+        printf("MD5 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA1_test(bi_ctx))
+    {
+        printf("SHA1 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA256_test(bi_ctx))
+    {
+        printf("SHA256 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA384_test(bi_ctx))
+    {
+        printf("SHA384 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA512_test(bi_ctx))
+    {
+        printf("SHA512 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (HMAC_test(bi_ctx))
+    {
+        printf("HMAC tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (BIGINT_test(bi_ctx))
+    {
+        printf("BigInt tests failed!\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    bi_terminate(bi_ctx);
+
+    if (RSA_test())
+    {
+        printf("RSA tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (cert_tests())
+    {
+        printf("CERT tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+    if (multi_thread_test())
+        goto cleanup;
+#endif
+
+    if (SSL_basic_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_unblocked_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_client_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killgnutls.sh");
+
+    if (SSL_server_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+//    if (header_issue())
+//    {
+//        printf("Header tests failed\n"); TTY_FLUSH();
+//        goto cleanup;
+//    }
+
+    ret = 0;        /* all ok */
+    printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
+cleanup:
+
+    if (ret)
+        printf("Error: Some tests failed!\n");
+
+    close(fd);
+    return ret;
+}
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 3de849930a..7b84ef2776 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -735,7 +735,7 @@ static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
     int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(buf_len+100);
+    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
 
     memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
                     ssl->write_sequence : ssl->read_sequence, 8);
@@ -937,8 +937,8 @@ static void prf(SSL *ssl, const uint8_t *sec, int sec_len,
     {
         int len, i;
         const uint8_t *S1, *S2;
-        uint8_t xbuf[256]; /* needs to be > the amount of key data */
-        uint8_t ybuf[256]; /* needs to be > the amount of key data */
+        uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
+        uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
 
         len = sec_len/2;
         S1 = sec;
diff --git a/www/index.html b/www/index.html
new file mode 100755
index 0000000000..ff6d15e523
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,7103 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<script type="text/javascript">
+//<![CDATA[
+var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
+//]]>
+</script>
+<!--
+TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
+
+Copyright (c) Osmosoft Limited 2004-2006
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+Neither the name of the Osmosoft Limited nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+-->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<!--PRE-HEAD-START-->
+<!--{{{-->
+<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
+<!--}}}-->
+<!--PRE-HEAD-END-->
+<title> axTLS Embedded SSL - changes, notes and errata </title>
+<script type="text/javascript">
+//<![CDATA[
+// ---------------------------------------------------------------------------------
+// Configuration repository
+// ---------------------------------------------------------------------------------
+
+// Miscellaneous options
+var config = {
+    numRssItems: 20, // Number of items in the RSS feed
+    animFast: 0.12, // Speed for animations (lower == slower)
+    animSlow: 0.01, // Speed for EasterEgg animations
+    cascadeFast: 20, // Speed for cascade animations (higher == slower)
+    cascadeSlow: 60, // Speed for EasterEgg cascade animations
+    cascadeDepth: 5, // Depth of cascade animation
+    displayStartupTime: false // Whether to display startup time
+    };
+
+// Messages
+config.messages = {
+    messageClose: {},
+    dates: {}
+};
+
+// Options that can be set in the options panel and/or cookies
+config.options = {
+    chkRegExpSearch: false,
+    chkCaseSensitiveSearch: false,
+    chkAnimate: true,
+    chkSaveBackups: true,
+    chkAutoSave: false,
+    chkGenerateAnRssFeed: false,
+    chkSaveEmptyTemplate: false,
+    chkOpenInNewWindow: true,
+    chkToggleLinks: false,
+    chkHttpReadOnly: true,
+    chkForceMinorUpdate: false,
+    chkConfirmDelete: true,
+    chkInsertTabs: false,
+    txtBackupFolder: "",
+    txtMainTab: "tabTimeline",
+    txtMoreTab: "moreTabAll",
+    txtMaxEditRows: "30"
+    };
+
+// List of notification functions to be called when certain tiddlers are changed or deleted
+config.notifyTiddlers = [
+    {name: "StyleSheetLayout", notify: refreshStyles},
+    {name: "StyleSheetColors", notify: refreshStyles},
+    {name: "StyleSheet", notify: refreshStyles},
+    {name: "StyleSheetPrint", notify: refreshStyles},
+    {name: "PageTemplate", notify: refreshPageTemplate},
+    {name: "SiteTitle", notify: refreshPageTitle},
+    {name: "SiteSubtitle", notify: refreshPageTitle},
+    {name: "ColorPalette", notify: refreshColorPalette},
+    {name: null, notify: refreshDisplay}
+    ];
+
+// Default tiddler templates
+var DEFAULT_VIEW_TEMPLATE = 1;
+var DEFAULT_EDIT_TEMPLATE = 2;
+config.tiddlerTemplates = {
+    1: "ViewTemplate",
+    2: "EditTemplate"
+    };
+
+// More messages (rather a legacy layout that shouldn't really be like this)
+config.views = {
+    wikified: {
+        tag: {}
+        },
+    editor: {
+        tagChooser: {}
+        }
+    };
+
+// Macros; each has a 'handler' member that is inserted later
+config.macros = {
+    today: {},
+    version: {},
+    search: {sizeTextbox: 15},
+    tiddler: {},
+    tag: {},
+    tags: {},
+    tagging: {},
+    timeline: {},
+    allTags: {},
+    list: {
+        all: {},
+        missing: {},
+        orphans: {},
+        shadowed: {}
+        },
+    closeAll: {},
+    permaview: {},
+    saveChanges: {},
+    slider: {},
+    option: {},
+    newTiddler: {},
+    newJournal: {},
+    sparkline: {},
+    tabs: {},
+    gradient: {},
+    message: {},
+    view: {},
+    edit: {},
+    tagChooser: {},
+    toolbar: {},
+    br: {},
+    plugins: {},
+    refreshDisplay: {},
+    importTiddlers: {}
+    };
+
+// Commands supported by the toolbar macro
+config.commands = {
+    closeTiddler: {},
+    closeOthers: {},
+    editTiddler: {},
+    saveTiddler: {hideReadOnly: true},
+    cancelTiddler: {},
+    deleteTiddler: {hideReadOnly: true},
+    permalink: {},
+    references: {},
+    jump: {}
+    };
+
+// Browser detection... In a very few places, there's nothing else for it but to
+// know what browser we're using.
+config.userAgent = navigator.userAgent.toLowerCase();
+config.browser = {
+    isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+    ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+    isSafari: config.userAgent.indexOf("applewebkit") != -1,
+    isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+    firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+    isOpera: config.userAgent.indexOf("opera") != -1,
+    isLinux: config.userAgent.indexOf("linux") != -1,
+    isUnix: config.userAgent.indexOf("x11") != -1,
+    isMac: config.userAgent.indexOf("mac") != -1,
+    isWindows: config.userAgent.indexOf("win") != -1
+    };
+
+// Basic regular expressions
+config.textPrimitives = {
+    upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+    lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+    anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+    anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+    };
+if(config.browser.isBadSafari)
+    config.textPrimitives = {
+        upperLetter: "[A-Z\u00c0-\u00de]",
+        lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+        anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+        anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+        }
+config.textPrimitives.sliceSeparator = "::";
+config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
+config.textPrimitives.unWikiLink = "~";
+config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
+                                                config.textPrimitives.lowerLetter + "+" +
+                                                config.textPrimitives.upperLetter +
+                                                config.textPrimitives.anyLetter + "*)|(?:" +
+                                                config.textPrimitives.upperLetter + "{2,}" +
+                                                config.textPrimitives.lowerLetter + "+))";
+
+config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
+config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
+
+config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
+config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
+config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
+    config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+
+// ---------------------------------------------------------------------------------
+// Shadow tiddlers
+// ---------------------------------------------------------------------------------
+
+config.shadowTiddlers = {
+    ColorPalette: "Background: #fff\n" +
+                  "Foreground: #000\n" +
+                  "PrimaryPale: #8cf\n" +
+                  "PrimaryLight: #18f\n" +
+                  "PrimaryMid: #04b\n" +
+                  "PrimaryDark: #014\n" +
+                  "SecondaryPale: #ffc\n" +
+                  "SecondaryLight: #fe8\n" +
+                  "SecondaryMid: #db4\n" +
+                  "SecondaryDark: #841\n" +
+                  "TertiaryPale: #eee\n" +
+                  "TertiaryLight: #ccc\n" +
+                  "TertiaryMid: #999\n" +
+                  "TertiaryDark: #666\n" +
+                  "Error: #f88\n",
+    StyleSheet: "",
+    StyleSheetColors: "/*{{{*/\nbody {\n    background: [[ColorPalette::Background]];\n color: [[ColorPalette::Foreground]];\n}\n\na{\n color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n   background: [[ColorPalette::PrimaryMid]];\n color: [[ColorPalette::Background]];\n}\n\na img{\n border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n color: [[ColorPalette::SecondaryDark]];\n   background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n    color: [[ColorPalette::PrimaryDark]];\n border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::SecondaryLight]];\n border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n    background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n   color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n  font-weight: normal;\n  color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n    color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n  font-weight: normal;\n  color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border-left: 1px solid [[ColorPalette::TertiaryLight]];\n   border-top: 1px solid [[ColorPalette::TertiaryLight]];\n    border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n   color: [[ColorPalette::Background]];\n  background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n   color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n    border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n  background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n   color: [[ColorPalette::PrimaryMid]];\n  background: [[ColorPalette::Background]];\n}\n\n.wizard {\n background: [[ColorPalette::SecondaryLight]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n    color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n  background: [[ColorPalette::Background]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n  border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n    color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n  color: [[ColorPalette::PrimaryLight]];\n    background: [[ColorPalette::PrimaryDark]];\n    border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n    background: [[ColorPalette::SecondaryMid]];\n   color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n    padding: 0.2em 0.2em 0.2em 0.2em;\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::Background]];\n}\n\n.popup {\n  background: [[ColorPalette::PrimaryLight]];\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px;\n}\n\n.listBreak div{\n border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n    color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n color: [[ColorPalette::TertiaryPale]];\n    border: none;\n}\n\n.popup li a:hover {\n   background: [[ColorPalette::PrimaryDark]];\n    color: [[ColorPalette::Background]];\n  border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n   color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n    border: 1px solid [[ColorPalette::TertiaryPale]];\n background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n   background-color: [[ColorPalette::TertiaryLight]];\n    border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n  color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n       border: none;\n}\n\n.footer {\n color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n  background: [[ColorPalette::PrimaryPale]];\n    border: 0;\n}\n\n.sparktick {\n background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n   color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::Error]];\n}\n\n.warning {\n color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n background: [[ColorPalette::TertiaryPale]];\n   color: [[ColorPalette::TertiaryMid]];\n border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n  background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n    border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n  border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n  border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n    background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n border: 1px solid [[ColorPalette::SecondaryLight]];\n   background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n    border: 0;\n    border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n    background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n   width: 100%;\n}\n\n.editorFooter {\n    color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+    StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n   font-size: .75em;\n font-family: arial,helvetica;\n margin: 0;\n    padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n    font-weight: bold;\n    text-decoration: none;\n    padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n  height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n  border: 0;\n}\n\n.externalLink {\n  text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n  font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n   font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n        position: relative;\n}\n\n.header a:hover {\n   background: transparent;\n}\n\n.headerShadow {\n    position: relative;\n   padding: 4.5em 0em 1em 1em;\n   left: -1px;\n   top: -1px;\n}\n\n.headerForeground {\n  position: absolute;\n   padding: 4.5em 0em 1em 1em;\n   left: 0px;\n    top: 0px;\n}\n\n.siteTitle {\n  font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n#mainMenu {\n   position: absolute;\n   left: 0;\n  width: 10em;\n  text-align: right;\n    line-height: 1.6em;\n   padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n#sidebar {\n    position: absolute;\n   right: 3px;\n   width: 16em;\n  font-size: .9em;\n}\n\n#sidebarOptions {\n  padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n    padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n   font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n  font-weight: bold;\n    display: inline;\n  padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n    margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n width: 15em;\n  overflow: hidden;\n}\n\n.wizard {\n padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n    font-size: 2em;\n   font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n   font-size: 1.2em;\n font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n  padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n margin: 0.5em 0em 0em 0em;\n    font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n    text-decoration: underline;\n}\n\n.popup {\n    font-size: .9em;\n  padding: 0.2em;\n   list-style: none;\n margin: 0;\n}\n\n.popup hr {\n  display: block;\n   height: 1px;\n  width: auto;\n  padding: 0;\n   margin: 0.2em 0em;\n}\n\n.listBreak {\n font-size: 1px;\n   line-height: 1px;\n}\n\n.listBreak div {\n  margin: 2px 0;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n    display: block;\n   padding: 0.2em;\n}\n\n.tabset {\n   padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n  margin: 0em 0em 0em 0.25em;\n   padding: 2px;\n}\n\n.tabContents {\n    padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n  margin: 0;\n    padding: 0;\n}\n\n.txtMainTab .tabContents li {\n   list-style: none;\n}\n\n.tabContents li.listLink {\n     margin-left: .75em;\n}\n\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n    font-size: .9em;\n  visibility: hidden;\n}\n\n.selected .toolbar {\n    visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n    font-style: italic;\n}\n\n.title {\n    font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n  font-size: 1.1em;\n}\n\n.tiddler .button {\n    padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n  font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n  width: 99%;\n   padding: 0 0 1em 0;\n}\n\n.viewer {\n   line-height: 1.4em;\n   padding-top: 0.5em;\n}\n\n.viewer .button {\n   margin: 0em 0.25em;\n   padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n   line-height: 1.5em;\n   padding-left: 0.8em;\n  margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n   padding-left: 1.5em;\n}\n\n.viewer table {\n    border-collapse: collapse;\n    margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n    padding: 3px;\n}\n\n.viewer table.listView {\n  font-size: 0.85em;\n    margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n  padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n   margin-left: 0.5em;\n   font-size: 1.2em;\n line-height: 1.4em;\n   overflow: auto;\n}\n\n.viewer code {\n  font-size: 1.2em;\n line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n    display: block;\n   width: 100%;\n  font: inherit;\n}\n\n.editorFooter {\n  padding: 0.25em 0em;\n  font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n  outline: 0;\n}\n\n.zoomer {\n   font-size: 1.1em;\n position: absolute;\n   padding: 1em;\n}\n\n.cascade {\n    font-size: 1.1em;\n position: absolute;\n   overflow: hidden;\n}\n/*}}}*/",
+    StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+    PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+    ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+    EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+    MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+    MarkupPostHead: "",
+    MarkupPreBody: "",
+    MarkupPostBody: ""
+    };
+
+// ---------------------------------------------------------------------------------
+// Translateable strings
+// ---------------------------------------------------------------------------------
+
+// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
+
+merge(config.options,{
+    txtUserName: "YourName"});
+
+merge(config.messages,{
+    customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+    pluginError: "Error: %0",
+    pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+    pluginForced: "Executed because forced via 'systemConfigForce' tag",
+    pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+    nothingSelected: "Nothing is selected. You must select one or more items first",
+    savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+    subtitleUnknown: "(unknown)",
+    undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+    shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+    tiddlerLinkTooltip: "%0 - %1, %2",
+    externalLinkTooltip: "External link to %0",
+    noTags: "There are no tagged tiddlers",
+    notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+    cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+    invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+    backupSaved: "Backup saved",
+    backupFailed: "Failed to save backup file",
+    rssSaved: "RSS feed saved",
+    rssFailed: "Failed to save RSS feed file",
+    emptySaved: "Empty template saved",
+    emptyFailed: "Failed to save empty template file",
+    mainSaved: "Main TiddlyWiki file saved",
+    mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+    macroError: "Error in macro <<%0>>",
+    macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+    missingMacro: "No such macro",
+    overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+    unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+    confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+    saveInstructions: "SaveChanges",
+    unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+    tiddlerSaveError: "Error when saving tiddler '%0'",
+    tiddlerLoadError: "Error when loading tiddler '%0'",
+    wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+    invalidFieldName: "Invalid field name %0",
+    fieldCannotBeChanged: "Field '%0' cannot be changed"});
+
+merge(config.messages.messageClose,{
+    text: "close",
+    tooltip: "close this message area"});
+
+config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
+config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+merge(config.views.wikified.tag,{
+    labelNoTags: "no tags",
+    labelTags: "tags: ",
+    openTag: "Open tag '%0'",
+    tooltip: "Show tiddlers tagged with '%0'",
+    openAllText: "Open all",
+    openAllTooltip: "Open all of these tiddlers",
+    popupNone: "No other tiddlers tagged with '%0'"});
+
+merge(config.views.wikified,{
+    defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+    defaultModifier: "(missing)",
+    shadowModifier: "(built-in shadow tiddler)",
+    createdPrompt: "created"});
+
+merge(config.views.editor,{
+    tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+    defaultText: "Type the text for '%0'"});
+
+merge(config.views.editor.tagChooser,{
+    text: "tags",
+    tooltip: "Choose existing tags to add to this tiddler",
+    popupNone: "There are no tags defined",
+    tagTooltip: "Add the tag '%0'"});
+
+merge(config.macros.search,{
+    label: "search",
+    prompt: "Search this TiddlyWiki",
+    accessKey: "F",
+    successMsg: "%0 tiddlers found matching %1",
+    failureMsg: "No tiddlers found matching %0"});
+
+merge(config.macros.tagging,{
+    label: "tagging: ",
+    labelNotTag: "not tagging",
+    tooltip: "List of tiddlers tagged with '%0'"});
+
+merge(config.macros.timeline,{
+    dateFormat: "DD MMM YYYY"});
+
+merge(config.macros.allTags,{
+    tooltip: "Show tiddlers tagged with '%0'",
+    noTags: "There are no tagged tiddlers"});
+
+config.macros.list.all.prompt = "All tiddlers in alphabetical order";
+config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
+config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
+config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
+
+merge(config.macros.closeAll,{
+    label: "close all",
+    prompt: "Close all displayed tiddlers (except any that are being edited)"});
+
+merge(config.macros.permaview,{
+    label: "permaview",
+    prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+
+merge(config.macros.saveChanges,{
+    label: "save changes",
+    prompt: "Save all tiddlers to create a new TiddlyWiki",
+    accessKey: "S"});
+
+merge(config.macros.newTiddler,{
+    label: "new tiddler",
+    prompt: "Create a new tiddler",
+    title: "New Tiddler",
+    accessKey: "N"});
+
+merge(config.macros.newJournal,{
+    label: "new journal",
+    prompt: "Create a new tiddler from the current date and time",
+    accessKey: "J"});
+
+merge(config.macros.plugins,{
+    skippedText: "(This plugin has not been executed because it was added since startup)",
+    noPluginText: "There are no plugins installed",
+    confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+    listViewTemplate : {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+            {name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+            {name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+            {name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+            {name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+            {name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+            ],
+        rowClasses: [
+            {className: 'error', field: 'error'},
+            {className: 'warning', field: 'warning'}
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Remove systemConfig tag", name: 'remove'},
+            {caption: "Delete these tiddlers forever", name: 'delete'}
+            ]}
+    });
+
+merge(config.macros.refreshDisplay,{
+    label: "refresh",
+    prompt: "Redraw the entire TiddlyWiki display"
+    });
+
+merge(config.macros.importTiddlers,{
+    readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+    defaultPath: "http://www.tiddlywiki.com/index.html",
+    fetchLabel: "fetch",
+    fetchPrompt: "Fetch the tiddlywiki file",
+    fetchError: "There were problems fetching the tiddlywiki file",
+    confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+    wizardTitle: "Import tiddlers from another TiddlyWiki file",
+    step1: "Step 1: Locate the TiddlyWiki file",
+    step1prompt: "Enter the URL or pathname here: ",
+    step1promptFile: "...or browse for a file: ",
+    step1promptFeeds: "...or select a pre-defined feed: ",
+    step1feedPrompt: "Choose...",
+    step2: "Step 2: Loading TiddlyWiki file",
+    step2Text: "Please wait while the file is loaded from: %0",
+    step3: "Step 3: Choose the tiddlers to import",
+    step4: "%0 tiddler(s) imported",
+    step5: "Done",
+    listViewTemplate: {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', title: "Title", type: 'String'},
+            {name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+            {name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+            ],
+        rowClasses: [
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Import these tiddlers", name: 'import'}
+            ]}
+    });
+
+merge(config.commands.closeTiddler,{
+    text: "close",
+    tooltip: "Close this tiddler"});
+
+merge(config.commands.closeOthers,{
+    text: "close others",
+    tooltip: "Close all other tiddlers"});
+
+merge(config.commands.editTiddler,{
+    text: "edit",
+    tooltip: "Edit this tiddler",
+    readOnlyText: "view",
+    readOnlyTooltip: "View the source of this tiddler"});
+
+merge(config.commands.saveTiddler,{
+    text: "done",
+    tooltip: "Save changes to this tiddler"});
+
+merge(config.commands.cancelTiddler,{
+    text: "cancel",
+    tooltip: "Undo changes to this tiddler",
+    warning: "Are you sure you want to abandon your changes to '%0'?",
+    readOnlyText: "done",
+    readOnlyTooltip: "View this tiddler normally"});
+
+merge(config.commands.deleteTiddler,{
+    text: "delete",
+    tooltip: "Delete this tiddler",
+    warning: "Are you sure you want to delete '%0'?"});
+
+merge(config.commands.permalink,{
+    text: "permalink",
+    tooltip: "Permalink for this tiddler"});
+
+merge(config.commands.references,{
+    text: "references",
+    tooltip: "Show tiddlers that link to this one",
+    popupNone: "No references"});
+
+merge(config.commands.jump,{
+    text: "jump",
+    tooltip: "Jump to another open tiddler"});
+
+merge(config.shadowTiddlers,{
+    DefaultTiddlers: "GettingStarted",
+    MainMenu: "GettingStarted",
+    SiteTitle: "My TiddlyWiki",
+    SiteSubtitle: "a reusable non-linear personal web notebook",
+    SiteUrl: "http://www.tiddlywiki.com/",
+    GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+    SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+    OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+    AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+    SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+    TabTimeline: "<<timeline>>",
+    TabAll: "<<list all>>",
+    TabTags: "<<allTags>>",
+    TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+    TabMoreMissing: "<<list missing>>",
+    TabMoreOrphans: "<<list orphans>>",
+    TabMoreShadowed: "<<list shadowed>>",
+    PluginManager: "<<plugins>>",
+    ImportTiddlers: "<<importTiddlers>>"});
+
+// ---------------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------------
+
+var params = null; // Command line parameters
+var store = null; // TiddlyWiki storage
+var story = null; // Main story
+var formatter = null; // Default formatters for the wikifier
+config.parsers = {}; // Hashmap of alternative parsers for the wikifier
+var anim = new Animator(); // Animation engine
+var readOnly = false; // Whether we're in readonly mode
+var highlightHack = null; // Embarrassing hack department...
+var hadConfirmExit = false; // Don't warn more than once
+var safeMode = false; // Disable all plugins and cookies
+var installedPlugins = []; // Information filled in when plugins are executed
+var startingUp = false; // Whether we're in the process of starting up
+var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
+
+// Whether to use the JavaSaver applet
+var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
+
+// Starting up
+function main()
+{
+    var now, then = new Date();
+    startingUp = true;
+    window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+    params = getParameters();
+    if(params)
+        params = params.parseParams("open",null,false);
+    store = new TiddlyWiki();
+    invokeParamifier(params,"oninit");
+    story = new Story("tiddlerDisplay","tiddler");
+    addEvent(document,"click",Popup.onDocumentClick);
+    saveTest();
+    loadOptionsCookie();
+    for(var s=0; s<config.notifyTiddlers.length; s++)
+        store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+    store.loadFromDiv("storeArea","store",true);
+    invokeParamifier(params,"onload");
+    var pluginProblem = loadPlugins();
+    formatter = new Formatter(config.formatters);
+    readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+    invokeParamifier(params,"onconfig");
+    store.notifyAll();
+    restart();
+    if(pluginProblem)
+        {
+        story.displayTiddler(null,"PluginManager");
+        displayMessage(config.messages.customConfigError);
+        }
+    now = new Date();
+    if(config.displayStartupTime)
+        displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+    startingUp = false;
+}
+
+// Restarting
+function restart()
+{
+    invokeParamifier(params,"onstart");
+    if(story.isEmpty())
+        {
+        var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+        invokeParamifier(defaultParams,"onstart");
+        }
+    window.scrollTo(0,0);
+}
+
+function saveTest()
+{
+    var saveTest = document.getElementById("saveTest");
+    if(saveTest.hasChildNodes())
+        alert(config.messages.savedSnapshotError);
+    saveTest.appendChild(document.createTextNode("savetest"));
+}
+
+function loadPlugins()
+{
+    if(safeMode)
+        return false;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    installedPlugins = [];
+    var hadProblem = false;
+    for(var t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        pluginInfo = getPluginInfo(tiddler);
+        if(isPluginExecutable(pluginInfo))
+            {
+            pluginInfo.executed = true;
+            pluginInfo.error = false;
+            try
+                {
+                if(tiddler.text && tiddler.text != "")
+                    window.eval(tiddler.text);
+                }
+            catch(e)
+                {
+                pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+                pluginInfo.error = true;
+                hadProblem = true;
+                }
+            }
+        else
+            pluginInfo.warning = true;
+        installedPlugins.push(pluginInfo);
+        }
+    return hadProblem;
+}
+
+function getPluginInfo(tiddler)
+{
+    var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+    p.tiddler = tiddler;
+    p.title = tiddler.title;
+    p.log = [];
+    return p;
+}
+
+// Check that a particular plugin is valid for execution
+function isPluginExecutable(plugin)
+{
+    if(plugin.tiddler.isTagged("systemConfigDisable"))
+        return verifyTail(plugin,false,config.messages.pluginDisabled);
+    if(plugin.tiddler.isTagged("systemConfigForce"))
+        return verifyTail(plugin,true,config.messages.pluginForced);
+    if(plugin["CoreVersion"])
+        {
+        var coreVersion = plugin["CoreVersion"].split(".");
+        var w = parseInt(coreVersion[0]) - version.major;
+        if(w == 0 && coreVersion[1])
+            w = parseInt(coreVersion[1]) - version.minor;
+        if(w == 0 && coreVersion[2])
+            w = parseInt(coreVersion[2]) - version.revision;
+        if(w > 0)
+            return verifyTail(plugin,false,config.messages.pluginVersionError);
+        }
+    return true;
+}
+
+function verifyTail(plugin,result,message)
+{
+    plugin.log.push(message);
+    return result;
+}
+
+function invokeMacro(place,macro,params,wikifier,tiddler)
+{
+    try
+        {
+        var m = config.macros[macro];
+        if(m && m.handler)
+            m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+        else
+            createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+        }
+    catch(ex)
+        {
+        createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Paramifiers
+// ---------------------------------------------------------------------------------
+
+function getParameters()
+{
+    var p = null;
+    if(window.location.hash)
+        {
+        p = decodeURI(window.location.hash.substr(1));
+        if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+            p = convertUTF8ToUnicode(p);
+        }
+    return p;
+}
+
+function invokeParamifier(params,handler)
+{
+    if(!params || params.length == undefined || params.length <= 1)
+        return;
+    for(var t=1; t<params.length; t++)
+        {
+        var p = config.paramifiers[params[t].name];
+        if(p && p[handler] instanceof Function)
+            p[handler](params[t].value);
+        }
+}
+
+config.paramifiers = {};
+
+config.paramifiers.start = {
+    oninit: function(v) {
+        safeMode = v.toLowerCase() == "safe";
+        }
+};
+
+config.paramifiers.open = {
+    onstart: function(v) {
+        story.displayTiddler("bottom",v,null,false,false);
+        }
+};
+
+config.paramifiers.story = {
+    onstart: function(v) {
+        var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+        invokeParamifier(list,"onstart");
+        }
+};
+
+config.paramifiers.search = {
+    onstart: function(v) {
+        story.search(v,false,false);
+        }
+};
+
+config.paramifiers.searchRegExp = {
+    onstart: function(v) {
+        story.prototype.search(v,false,true);
+        }
+};
+
+config.paramifiers.tag = {
+    onstart: function(v) {
+        var tagged = store.getTaggedTiddlers(v,"title");
+        for(var t=0; t<tagged.length; t++)
+            story.displayTiddler("bottom",tagged[t].title,null,false,false);
+        }
+};
+
+config.paramifiers.newTiddler = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(v,"text");
+            }
+        }
+};
+
+config.paramifiers.newJournal = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            var now = new Date();
+            var title = now.formatString(v.trim());
+            story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(title,"text");
+            }
+        }
+};
+
+// ---------------------------------------------------------------------------------
+// Formatter helpers
+// ---------------------------------------------------------------------------------
+
+function Formatter(formatters)
+{
+    this.formatters = [];
+    var pattern = [];
+    for(var n=0; n<formatters.length; n++)
+        {
+        pattern.push("(" + formatters[n].match + ")");
+        this.formatters.push(formatters[n]);
+        }
+    this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+}
+
+config.formatterHelpers = {
+
+    createElementAndWikify: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+    },
+
+    inlineCssHelper: function(w)
+    {
+        var styles = [];
+        config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var s,v;
+            if(lookaheadMatch[1])
+                {
+                s = lookaheadMatch[1].unDash();
+                v = lookaheadMatch[2];
+                }
+            else
+                {
+                s = lookaheadMatch[3].unDash();
+                v = lookaheadMatch[4];
+                }
+            if (s=="bgcolor")
+                s = "backgroundColor";
+            styles.push({style: s, value: v});
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+            }
+        return styles;
+    },
+
+    applyCssHelper: function(e,styles)
+    {
+        for(var t=0; t< styles.length; t++)
+            {
+            try
+                {
+                e.style[styles[t].style] = styles[t].value;
+                }
+            catch (ex)
+                {
+                }
+            }
+    },
+
+    enclosedTextHelper: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var text = lookaheadMatch[1];
+            if(config.browser.isIE)
+                text = text.replace(/\n/g,"\r");
+            createTiddlyElement(w.output,this.element,null,null,text);
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            }
+    },
+
+    isExternalLink: function(link)
+    {
+        if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+            {
+            //# Definitely not an external link
+            return false;
+            }
+        var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+        if(urlRegExp.exec(link))
+            {
+            // Definitely an external link
+            return true;
+            }
+        if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+            {
+            //# Link contains . / or \ so is probably an external link
+            return true;
+            }
+        //# Otherwise assume it is not an external link
+        return false;
+    }
+
+};
+
+// ---------------------------------------------------------------------------------
+// Standard formatters
+// ---------------------------------------------------------------------------------
+
+config.formatters = [
+{
+    name: "table",
+    match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+    lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+    rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+    cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+    cellTermRegExp: /((?:\x20*)\|)/mg,
+    rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+    handler: function(w)
+    {
+        var table = createTiddlyElement(w.output,"table");
+        var prevColumns = [];
+        var currRowType = null;
+        var rowContainer;
+        var rowCount = 0;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var nextRowType = lookaheadMatch[2];
+            if(nextRowType == "k")
+                {
+                table.className = lookaheadMatch[1];
+                w.nextMatch += lookaheadMatch[0].length+1;
+                }
+            else
+                {
+                if(nextRowType != currRowType)
+                    {
+                    rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+                    currRowType = nextRowType;
+                    }
+                if(currRowType == "c")
+                    {
+                    // Caption
+                    w.nextMatch++;
+                    if(rowContainer != table.firstChild)
+                        table.insertBefore(rowContainer,table.firstChild);
+                    rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+                    w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+                    }
+                else
+                    {
+                    this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+                    rowCount++;
+                    }
+                }
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            }
+    },
+    rowHandler: function(w,e,prevColumns)
+    {
+        var col = 0;
+        var colSpanCount = 1;
+        var prevCell = null;
+        this.cellRegExp.lastIndex = w.nextMatch;
+        var cellMatch = this.cellRegExp.exec(w.source);
+        while(cellMatch && cellMatch.index == w.nextMatch)
+            {
+            if(cellMatch[1] == "~")
+                {
+                // Rowspan
+                var last = prevColumns[col];
+                if(last)
+                    {
+                    last.rowSpanCount++;
+                    last.element.setAttribute("rowspan",last.rowSpanCount);
+                    last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+                    last.element.valign = "center";
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[1] == ">")
+                {
+                // Colspan
+                colSpanCount++;
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[2])
+                {
+                // End of row
+                if(prevCell && colSpanCount > 1)
+                    {
+                    prevCell.setAttribute("colspan",colSpanCount);
+                    prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex;
+                break;
+                }
+            else
+                {
+                // Cell
+                w.nextMatch++;
+                var styles = config.formatterHelpers.inlineCssHelper(w);
+                var spaceLeft = false;
+                var chr = w.source.substr(w.nextMatch,1);
+                while(chr == " ")
+                    {
+                    spaceLeft = true;
+                    w.nextMatch++;
+                    chr = w.source.substr(w.nextMatch,1);
+                    }
+                var cell;
+                if(chr == "!")
+                    {
+                    cell = createTiddlyElement(e,"th");
+                    w.nextMatch++;
+                    }
+                else
+                    cell = createTiddlyElement(e,"td");
+                prevCell = cell;
+                prevColumns[col] = {rowSpanCount:1, element:cell};
+                if(colSpanCount > 1)
+                    {
+                    cell.setAttribute("colspan",colSpanCount);
+                    cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    colSpanCount = 1;
+                    }
+                config.formatterHelpers.applyCssHelper(cell,styles);
+                w.subWikifyTerm(cell,this.cellTermRegExp);
+                if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+                    cell.align = spaceLeft ? "center" : "left";
+                else if(spaceLeft)
+                    cell.align = "right";
+                w.nextMatch--;
+                }
+            col++;
+            this.cellRegExp.lastIndex = w.nextMatch;
+            cellMatch = this.cellRegExp.exec(w.source);
+            }
+    }
+},
+
+{
+    name: "heading",
+    match: "^!{1,5}",
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+    }
+},
+
+{
+    name: "list",
+    match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+    lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0, currType = null;
+        var listLevel, listType, itemType;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            if(lookaheadMatch[1])
+                {
+                listType = "ul";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[2])
+                {
+                listType = "ol";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[3])
+                {
+                listType = "dl";
+                itemType = "dt";
+                }
+            else if(lookaheadMatch[4])
+                {
+                listType = "dl";
+                itemType = "dd";
+                }
+            listLevel = lookaheadMatch[0].length;
+            w.nextMatch += lookaheadMatch[0].length;
+            if(listLevel > currLevel)
+                {
+                for(var t=currLevel; t<listLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            else if(listLevel < currLevel)
+                {
+                for(var t=currLevel; t>listLevel; t--)
+                    placeStack.pop();
+                }
+            else if(listLevel == currLevel && listType != currType)
+                {
+                placeStack.pop();
+                placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            currLevel = listLevel;
+            currType = listType;
+            var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+            w.subWikifyTerm(e,this.termRegExp);
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        }
+    }
+},
+
+{
+    name: "quoteByBlock",
+    match: "^<<<\\n",
+    termRegExp: /(^<<<(\n|$))/mg,
+    element: "blockquote",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "quoteByLine",
+    match: "^>+",
+    lookaheadRegExp: /^>+/mg,
+    termRegExp: /(\n)/mg,
+    element: "blockquote",
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0;
+        var newLevel = w.matchLength;
+        var t;
+        do {
+            if(newLevel > currLevel)
+                {
+                for(t=currLevel; t<newLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+                }
+            else if(newLevel < currLevel)
+                {
+                for(t=currLevel; t>newLevel; t--)
+                    placeStack.pop();
+                }
+            currLevel = newLevel;
+            w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+            createTiddlyElement(placeStack[placeStack.length-1],"br");
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+            if(matched)
+                {
+                newLevel = lookaheadMatch[0].length;
+                w.nextMatch += lookaheadMatch[0].length;
+                }
+        } while(matched);
+    }
+},
+
+{
+    name: "rule",
+    match: "^----+$\\n?",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"hr");
+    }
+},
+
+{
+    name: "monospacedByLine",
+    match: "^\\{\\{\\{\\n",
+    lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForCSS",
+    match: "^/\\*[\\{]{3}\\*/\\n",
+    lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForPlugin",
+    match: "^//\\{\\{\\{\\n",
+    lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForTemplate",
+    match: "^<!--[\\{]{3}-->\\n",
+    lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "wikifyCommentForPlugin",
+    match: "^/\\*\\*\\*\\n",
+    termRegExp: /(^\*\*\*\/\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "wikifyCommentForTemplate",
+    match: "^<!---\\n",
+    termRegExp: /(^--->\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "macro",
+    match: "<<",
+    lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+            {
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+            }
+    }
+},
+
+{
+    name: "prettyLink",
+    match: "\\[\\[",
+    lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var e;
+            var text = lookaheadMatch[1];
+            if(lookaheadMatch[3])
+                {
+                // Pretty bracketted link
+                var link = lookaheadMatch[3];
+                e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+                        ? createExternalLink(w.output,link)
+                        : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                }
+            else
+                {
+                // Simple bracketted link
+                e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+                }
+            createTiddlyText(e,text);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "unWikiLink",
+    match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        w.outputText(w.output,w.matchStart+1,w.nextMatch);
+    }
+},
+
+{
+    name: "wikiLink",
+    match: config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        if(w.matchStart > 0)
+            {
+            var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+            preRegExp.lastIndex = w.matchStart-1;
+            var preMatch = preRegExp.exec(w.source);
+            if(preMatch.index == w.matchStart-1)
+                {
+                w.outputText(w.output,w.matchStart,w.nextMatch);
+                return;
+                }
+            }
+        if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+            {
+            var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+            w.outputText(link,w.matchStart,w.nextMatch);
+            }
+        else
+            {
+            w.outputText(w.output,w.matchStart,w.nextMatch);
+            }
+    }
+},
+
+{
+    name: "urlLink",
+    match: config.textPrimitives.urlPattern,
+    handler: function(w)
+    {
+        w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+    }
+},
+
+{
+    name: "image",
+    match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+    lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+            {
+            var e = w.output;
+            if(lookaheadMatch[5])
+                {
+                var link = lookaheadMatch[5];
+                e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                addClass(e,"imageLink");
+                }
+            var img = createTiddlyElement(e,"img");
+            if(lookaheadMatch[1])
+                img.align = "left";
+            else if(lookaheadMatch[2])
+                img.align = "right";
+            if(lookaheadMatch[3])
+                img.title = lookaheadMatch[3];
+            img.src = lookaheadMatch[4];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "html",
+    match: "<[Hh][Tt][Mm][Ll]>",
+    lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "commentByBlock",
+    match: "/%",
+    lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+    }
+},
+
+{
+    name: "boldByChar",
+    match: "''",
+    termRegExp: /('')/mg,
+    element: "strong",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "italicByChar",
+    match: "//",
+    termRegExp: /(\/\/)/mg,
+    element: "em",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "underlineByChar",
+    match: "__",
+    termRegExp: /(__)/mg,
+    element: "u",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "strikeByChar",
+    match: "--(?!\\s|$)",
+    termRegExp: /((?!\s)--|(?=\n\n))/mg,
+    element: "strike",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "superscriptByChar",
+    match: "\\^\\^",
+    termRegExp: /(\^\^)/mg,
+    element: "sup",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "subscriptByChar",
+    match: "~~",
+    termRegExp: /(~~)/mg,
+    element: "sub",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "monospacedByChar",
+    match: "\\{\\{\\{",
+    lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "styleByChar",
+    match: "@@",
+    termRegExp: /(@@)/mg,
+    handler:  function(w)
+    {
+        var e = createTiddlyElement(w.output,"span");
+        var styles = config.formatterHelpers.inlineCssHelper(w);
+        if(styles.length == 0)
+            e.className = "marked";
+        else
+            config.formatterHelpers.applyCssHelper(e,styles);
+        w.subWikifyTerm(e,this.termRegExp);
+    }
+},
+
+{
+    name: "lineBreak",
+    match: "\\n|<br ?/?>",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"br");
+    }
+},
+
+{
+    name: "rawText",
+    match: "\\\"{3}|<nowiki>",
+    lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "mdash",
+    match: "--",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+        }
+},
+
+{
+    name: "htmlEntitiesEncoding",
+    match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+        }
+},
+
+{
+    name: "customClasses",
+    match: "\\{\\{",
+    termRegExp: /(\}\}\})/mg,
+    lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch)
+            {
+            var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            w.subWikifyTerm(e,this.termRegExp);
+            }
+    }
+}
+
+];
+
+// ---------------------------------------------------------------------------------
+// Wikifier
+// ---------------------------------------------------------------------------------
+
+function getParser(tiddler)
+{
+    var f = formatter;
+    if(tiddler!=null)
+        {
+        for(var i in config.parsers)
+            {
+            if(tiddler.isTagged(config.parsers[i].formatTag))
+                {
+                f = config.parsers[i];
+                break;
+                }
+            }
+        }
+    return f;
+}
+
+function wikify(source,output,highlightRegExp,tiddler)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.subWikifyUnterm(output);
+        }
+}
+
+function wikifyStatic(source,highlightRegExp,tiddler)
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    var html = "";
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.isStatic = true;
+        wikifier.subWikifyUnterm(e);
+        html = e.innerHTML;
+        e.parentNode.removeChild(e);
+        }
+    return html;
+}
+
+// Wikify a named tiddler to plain text
+function wikifyPlain(title)
+{
+    if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+        {
+        var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+        return wikifier.wikifyPlain();
+        }
+    else
+        return "";
+}
+
+// Highlight plain text into an element
+function highlightify(source,output,highlightRegExp)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,formatter,highlightRegExp);
+        wikifier.outputText(output,0,source.length);
+        }
+}
+
+// Construct a wikifier object
+// source - source string that's going to be wikified
+// formatter - Formatter() object containing the list of formatters to be used
+// highlightRegExp - regular expression of the text string to highlight
+// tiddler - reference to the tiddler that's taken to be the container for this wikification
+function Wikifier(source,formatter,highlightRegExp,tiddler)
+{
+    this.source = source;
+    this.output = null;
+    this.formatter = formatter;
+    this.nextMatch = 0;
+    this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+    this.highlightRegExp = highlightRegExp;
+    this.highlightMatch = null;
+    this.isStatic = false;
+    if(highlightRegExp)
+        {
+        highlightRegExp.lastIndex = 0;
+        this.highlightMatch = highlightRegExp.exec(source);
+        }
+    this.tiddler = tiddler;
+}
+
+Wikifier.prototype.wikifyPlain = function()
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    this.subWikify(e);
+    var text = getPlainText(e);
+    e.parentNode.removeChild(e);
+    return text;
+}
+
+Wikifier.prototype.subWikify = function(output,terminator)
+{
+    // Handle the terminated and unterminated cases separately
+    if (terminator)
+        this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+    else
+        this.subWikifyUnterm(output);
+}
+
+Wikifier.prototype.subWikifyUnterm = function(output)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first match
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+    while(formatterMatch)
+        {
+        // Output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters for the handler
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first matches for the formatter and terminator RegExps
+    terminatorRegExp.lastIndex = this.nextMatch;
+    var terminatorMatch = terminatorRegExp.exec(this.source);
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+    while(terminatorMatch || formatterMatch)
+        {
+        // Check for a terminator match  before the next formatter match
+        if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+            {
+            // Output any text before the match
+            if(terminatorMatch.index > this.nextMatch)
+                this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+            // Set the match parameters
+            this.matchText = terminatorMatch[1];
+            this.matchLength = terminatorMatch[1].length;
+            this.matchStart = terminatorMatch.index;
+            this.nextMatch = this.matchStart + this.matchLength;
+            // Restore the output pointer
+            this.output = oldOutput;
+            return;
+            }
+        // It must be a formatter match; output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        terminatorRegExp.lastIndex = this.nextMatch;
+        terminatorMatch = terminatorRegExp.exec(this.source);
+        formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.outputText = function(place,startPos,endPos)
+{
+    // Check for highlights
+    while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+        {
+        // Deal with any plain text before the highlight
+        if(this.highlightMatch.index > startPos)
+            {
+            createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+            startPos = this.highlightMatch.index;
+            }
+        // Deal with the highlight
+        var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+        var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+        startPos = highlightEnd;
+        // Nudge along to the next highlight if we're done with this one
+        if(startPos >= this.highlightRegExp.lastIndex)
+            this.highlightMatch = this.highlightRegExp.exec(this.source);
+        }
+    // Do the unhighlighted text left over
+    if(startPos < endPos)
+        {
+        createTiddlyText(place,this.source.substring(startPos,endPos));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Macro definitions
+// ---------------------------------------------------------------------------------
+
+config.macros.today.handler = function(place,macroName,params)
+{
+    var now = new Date();
+    var text;
+    if(params[0])
+        text = now.formatString(params[0].trim());
+    else
+        text = now.toLocaleString();
+    createTiddlyElement(place,"span",null,null,text);
+}
+
+config.macros.version.handler = function(place)
+{
+    createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+}
+
+config.macros.list.handler = function(place,macroName,params)
+{
+    var type = params[0] ? params[0] : "all";
+    var theList = document.createElement("ul");
+    place.appendChild(theList);
+    if(this[type].prompt)
+        createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+    var results;
+    if(this[type].handler)
+        results = this[type].handler(params);
+    for(var t = 0; t < results.length; t++)
+        {
+        var theListItem = document.createElement("li")
+        theList.appendChild(theListItem);
+        if(typeof results[t] == "string")
+            createTiddlyLink(theListItem,results[t],true);
+        else
+            createTiddlyLink(theListItem,results[t].title,true);
+        }
+}
+
+config.macros.list.all.handler = function(params)
+{
+    return store.reverseLookup("tags","excludeLists",false,"title");
+}
+
+config.macros.list.missing.handler = function(params)
+{
+    return store.getMissingLinks();
+}
+
+config.macros.list.orphans.handler = function(params)
+{
+    return store.getOrphans();
+}
+
+config.macros.list.shadowed.handler = function(params)
+{
+    return store.getShadowed();
+}
+
+config.macros.allTags.handler = function(place,macroName,params)
+{
+    var tags = store.getTags();
+    var theDateList = createTiddlyElement(place,"ul");
+    if(tags.length == 0)
+        createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theListItem =createTiddlyElement(theDateList,"li");
+        var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+        theTag.setAttribute("tag",tags[t][0]);
+        }
+}
+
+config.macros.timeline.handler = function(place,macroName,params)
+{
+    var field = params[0] ? params[0] : "modified";
+    var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+    var lastDay = "";
+    var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+    for(var t=tiddlers.length-1; t>=last; t--)
+        {
+        var tiddler = tiddlers[t];
+        var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+        if(theDay != lastDay)
+            {
+            var theDateList = document.createElement("ul");
+            place.appendChild(theDateList);
+            createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+            lastDay = theDay;
+            }
+        var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+        theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+        }
+}
+
+config.macros.search.handler = function(place,macroName,params)
+{
+    var searchTimeout = null;
+    var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+    if(params[0])
+        txt.value = params[0];
+    txt.onkeyup = this.onKeyPress;
+    txt.onfocus = this.onFocus;
+    txt.setAttribute("size",this.sizeTextbox);
+    txt.setAttribute("accessKey",this.accessKey);
+    txt.setAttribute("autocomplete","off");
+    txt.setAttribute("lastSearchText","");
+    if(config.browser.isSafari)
+        {
+        txt.setAttribute("type","search");
+        txt.setAttribute("results","5");
+        }
+    else
+        txt.setAttribute("type","text");
+}
+
+// Global because there's only ever one outstanding incremental search timer
+config.macros.search.timeout = null;
+
+config.macros.search.doSearch = function(txt)
+{
+    if(txt.value.length > 0)
+        {
+        story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+        txt.setAttribute("lastSearchText",txt.value);
+        }
+}
+
+config.macros.search.onClick = function(e)
+{
+    config.macros.search.doSearch(this.nextSibling);
+    return false;
+}
+
+config.macros.search.onKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    switch(e.keyCode)
+        {
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+            config.macros.search.doSearch(this);
+            break;
+        case 27: // Escape
+            this.value = "";
+            clearMessage();
+            break;
+        }
+    if(this.value.length > 2)
+        {
+        if(this.value != this.getAttribute("lastSearchText"))
+            {
+            if(config.macros.search.timeout)
+                clearTimeout(config.macros.search.timeout);
+            var txt = this;
+            config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+            }
+        }
+    else
+        {
+        if(config.macros.search.timeout)
+            clearTimeout(config.macros.search.timeout);
+        }
+}
+
+config.macros.search.onFocus = function(e)
+{
+    this.select();
+}
+
+config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("name",null,true,false,true);
+    var names = params[0]["name"];
+    var tiddlerName = names[0];
+    var className = names[1] ? names[1] : null;
+    var args = params[0]["with"];
+    var wrapper = createTiddlyElement(place,"span",null,className);
+    if(!args)
+        {
+        wrapper.setAttribute("refresh","content");
+        wrapper.setAttribute("tiddler",tiddlerName);
+        }
+    var text = store.getTiddlerText(tiddlerName);
+    if(text)
+        {
+        var stack = config.macros.tiddler.tiddlerStack;
+        if(stack.indexOf(tiddlerName) !== -1)
+            return;
+        stack.push(tiddlerName);
+        try
+            {
+            var n = args ? Math.min(args.length,9) : 0;
+            for(var i=0; i<n; i++)
+                {
+                var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+                text = text.replace(placeholderRE,args[i]);
+                }
+            config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+            }
+        finally
+            {
+            stack.pop();
+            }
+        }
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params)
+{
+    wikify(text,place,null,store.getTiddler(tiddlerName));
+}
+
+config.macros.tiddler.tiddlerStack = [];
+
+config.macros.tag.handler = function(place,macroName,params)
+{
+    createTagButton(place,params[0]);
+}
+
+config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title && store.tiddlerExists(title))
+        tiddler = store.getTiddler(title);
+    var sep = getParam(params,"sep"," ");
+    var lingo = config.views.wikified.tag;
+    var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+    for(var t=0; t<tiddler.tags.length; t++)
+        {
+        createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+        if(t<tiddler.tags.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title == "" && tiddler instanceof Tiddler)
+        title = tiddler.title;
+    var sep = getParam(params,"sep"," ");
+    theList.setAttribute("title",this.tooltip.format([title]));
+    var tagged = store.getTaggedTiddlers(title);
+    var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+    for(var t=0; t<tagged.length; t++)
+        {
+        createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+        if(t<tagged.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.closeAll.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.closeAll.onClick = function(e)
+{
+    story.closeAllTiddlers();
+    return false;
+}
+
+config.macros.permaview.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.permaview.onClick = function(e)
+{
+    story.permaView();
+    return false;
+}
+
+config.macros.saveChanges.handler = function(place)
+{
+    if(!readOnly)
+        createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+}
+
+config.macros.saveChanges.onClick = function(e)
+{
+    saveChanges();
+    return false;
+}
+
+config.macros.slider.onClickSlider = function(e)
+{
+    if(!e) var e = window.event;
+    var n = this.nextSibling;
+    var cookie = n.getAttribute("cookie");
+    var isOpen = n.style.display != "none";
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+    else
+        n.style.display = isOpen ? "none" : "block";
+    config.options[cookie] = !isOpen;
+    saveOptionCookie(cookie);
+    return false;
+}
+
+config.macros.slider.createSlider = function(place,cookie,title,tooltip)
+{
+    var cookie = cookie ? cookie : "";
+    var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+    var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+    panel.setAttribute("cookie",cookie);
+    panel.style.display = config.options[cookie] ? "block" : "none";
+    place.appendChild(panel);
+    return panel;
+}
+
+config.macros.slider.handler = function(place,macroName,params)
+{
+    var panel = this.createSlider(place,params[0],params[2],params[3]);
+    var text = store.getTiddlerText(params[1]);
+    panel.setAttribute("refresh", "content");
+    panel.setAttribute("tiddler", params[1]);
+    if(text)
+        wikify(text,panel,null,store.getTiddler(params[1]));
+}
+
+config.macros.option.onChangeOption = function(e)
+{
+    var opt = this.getAttribute("option");
+    var elementType,valueField;
+    if(opt)
+        {
+        switch(opt.substr(0,3))
+            {
+            case "txt":
+                elementType = "input";
+                valueField = "value";
+                break;
+            case "chk":
+                elementType = "input";
+                valueField = "checked";
+                break;
+            }
+        config.options[opt] = this[valueField];
+        saveOptionCookie(opt);
+        var nodes = document.getElementsByTagName(elementType);
+        for(var t=0; t<nodes.length; t++)
+            {
+            var optNode = nodes[t].getAttribute("option");
+            if(opt == optNode)
+                nodes[t][valueField] = this[valueField];
+            }
+        }
+    return(true);
+}
+
+config.macros.option.handler = function(place,macroName,params)
+{
+    var opt = params[0];
+    if(config.options[opt] == undefined)
+        return;
+    var c;
+    switch(opt.substr(0,3))
+        {
+        case "txt":
+            c = document.createElement("input");
+            c.onkeyup = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "txtOptionInput";
+            place.appendChild(c);
+            c.value = config.options[opt];
+            break;
+        case "chk":
+            c = document.createElement("input");
+            c.setAttribute("type","checkbox");
+            c.onclick = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "chkOptionInput";
+            place.appendChild(c);
+            c.checked = config.options[opt];
+            break;
+        }
+}
+
+
+
+config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
+{
+    var tags = [];
+    for(var t=1; t<params.length; t++)
+        if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+            tags.push(params[t].value);
+    label = getParam(params,"label",label);
+    prompt = getParam(params,"prompt",prompt);
+    accessKey = getParam(params,"accessKey",accessKey);
+    newFocus = getParam(params,"focus",newFocus);
+    var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+    btn.setAttribute("newTitle",title);
+    btn.setAttribute("isJournal",isJournal);
+    btn.setAttribute("params",tags.join("|"));
+    btn.setAttribute("newFocus",newFocus);
+    btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+    var text = getParam(params,"text");
+    if(text !== undefined)
+        btn.setAttribute("newText",text);
+    return btn;
+}
+
+config.macros.newTiddler.onClickNewTiddler = function()
+{
+    var title = this.getAttribute("newTitle");
+    if(this.getAttribute("isJournal"))
+        {
+        var now = new Date();
+        title = now.formatString(title.trim());
+        }
+    var params = this.getAttribute("params").split("|");
+    var focus = this.getAttribute("newFocus");
+    var template = this.getAttribute("newTemplate");
+    story.displayTiddler(null,title,template);
+    var text = this.getAttribute("newText");
+    if(typeof text == "string")
+        story.getTiddlerField(title,"text").value = text.format([title]);
+    for(var t=0;t<params.length;t++)
+        story.setTiddlerTag(title,params[t],+1);
+    story.focusTiddler(title,focus);
+    return false;
+}
+
+config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+        title = getParam(params,"title",title);
+        this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+        }
+}
+
+config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+        title = getParam(params,"title",title);
+        config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+        }
+}
+
+config.macros.sparkline.handler = function(place,macroName,params)
+{
+    var data = [];
+    var min = 0;
+    var max = 0;
+    for(var t=0; t<params.length; t++)
+        {
+        var v = parseInt(params[t]);
+        if(v < min)
+            min = v;
+        if(v > max)
+            max = v;
+        data.push(v);
+        }
+    if(data.length < 1)
+        return;
+    var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+    box.title = data.join(",");
+    var w = box.offsetWidth;
+    var h = box.offsetHeight;
+    box.style.paddingRight = (data.length * 2 - w) + "px";
+    box.style.position = "relative";
+    for(var d=0; d<data.length; d++)
+        {
+        var tick = document.createElement("img");
+        tick.border = 0;
+        tick.className = "sparktick";
+        tick.style.position = "absolute";
+        tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+        tick.style.left = d*2 + "px";
+        tick.style.width = "2px";
+        var v = Math.floor(((data[d] - min)/(max-min)) * h);
+        tick.style.top = (h-v) + "px";
+        tick.style.height = v + "px";
+        box.appendChild(tick);
+        }
+}
+
+config.macros.tabs.handler = function(place,macroName,params)
+{
+    var cookie = params[0];
+    var numTabs = (params.length-1)/3;
+    var wrapper = createTiddlyElement(null,"div",null,cookie);
+    var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+    tabset.setAttribute("cookie",cookie);
+    var validTab = false;
+    for(var t=0; t<numTabs; t++)
+        {
+        var label = params[t*3+1];
+        var prompt = params[t*3+2];
+        var content = params[t*3+3];
+        var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+        tab.setAttribute("tab",label);
+        tab.setAttribute("content",content);
+        tab.title = prompt;
+        if(config.options[cookie] == label)
+            validTab = true;
+        }
+    if(!validTab)
+        config.options[cookie] = params[1];
+    place.appendChild(wrapper);
+    this.switchTab(tabset,config.options[cookie]);
+}
+
+config.macros.tabs.onClickTab = function(e)
+{
+    config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+    return false;
+}
+
+config.macros.tabs.switchTab = function(tabset,tab)
+{
+    var cookie = tabset.getAttribute("cookie");
+    var theTab = null
+    var nodes = tabset.childNodes;
+    for(var t=0; t<nodes.length; t++)
+        if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+            {
+            theTab = nodes[t];
+            theTab.className = "tab tabSelected";
+            }
+        else
+            nodes[t].className = "tab tabUnselected"
+    if(theTab)
+        {
+        if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+            tabset.parentNode.removeChild(tabset.nextSibling);
+        var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+        tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+        var contentTitle = theTab.getAttribute("content");
+        wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+        if(cookie)
+            {
+            config.options[cookie] = tab;
+            saveOptionCookie(cookie);
+            }
+        }
+}
+
+// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
+config.macros.gradient.handler = function(place,macroName,params,wikifier)
+{
+    var terminator = ">>";
+    var panel;
+    if(wikifier)
+        panel = createTiddlyElement(place,"div",null,"gradient");
+    else
+        panel = place;
+    panel.style.position = "relative";
+    panel.style.overflow = "hidden";
+    panel.style.zIndex = "0";
+    var t;
+    if(wikifier)
+        {
+        var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+        config.formatterHelpers.applyCssHelper(panel,styles);
+        }
+    var colours = [];
+    for(t=1; t<params.length; t++)
+        {
+        var c = new RGB(params[t]);
+        if(c)
+            colours.push(c);
+        }
+    drawGradient(panel,params[0] != "vert",colours);
+    if(wikifier)
+        wikifier.subWikify(panel,terminator);
+    if(document.all)
+        {
+        panel.style.height = "100%";
+        panel.style.width = "100%";
+        }
+}
+
+config.macros.message.handler = function(place,macroName,params)
+{
+    if(params[0])
+        {
+        var m = config;
+        var p = params[0].split(".");
+        for(var t=0; t<p.length; t++)
+            {
+            if(p[t] in m)
+                m = m[p[t]];
+            else
+                break;
+            }
+        createTiddlyText(place,m.toString().format(params.splice(1)));
+        }
+}
+
+config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if((tiddler instanceof Tiddler) && params[0])
+        {
+        var value = store.getValue(tiddler,params[0]);
+        if(value != undefined)
+            switch(params[1])
+                {
+                case undefined:
+                    highlightify(value,place,highlightHack);
+                    break;
+                case "link":
+                    createTiddlyLink(place,value,true);
+                    break;
+                case "wikified":
+                    wikify(value,place,highlightHack,tiddler);
+                    break;
+                case "date":
+                    value = Date.convertFromYYYYMMDDHHMM(value);
+                    if(params[2])
+                        createTiddlyText(place,value.formatString(params[2]));
+                    else
+                        createTiddlyText(place,value);
+                    break;
+                }
+        }
+}
+
+config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var field = params[0];
+    if((tiddler instanceof Tiddler) && field)
+        {
+        story.setDirty(tiddler.title,true);
+        if(field != "text")
+            {
+                var e = createTiddlyElement(null,"input");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                e.setAttribute("edit",field);
+                e.setAttribute("type","text");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                e.setAttribute("size","40");
+                e.setAttribute("autocomplete","off");
+                place.appendChild(e);
+            }
+        else
+            {
+                var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+                var wrapper2 = createTiddlyElement(wrapper1,"div");
+                var e = createTiddlyElement(wrapper2,"textarea");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                var rows = 10;
+                var lines = v.match(/\n/mg);
+                var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+                if(lines != null && lines.length > rows)
+                    rows = lines.length + 5;
+                rows = Math.min(rows,maxLines);
+                e.setAttribute("rows",rows);
+                e.setAttribute("edit",field);
+                place.appendChild(wrapper1);
+            }
+        }
+}
+
+config.macros.tagChooser.onClick = function(e)
+{
+    if(!e) var e = window.event;
+    var lingo = config.views.editor.tagChooser;
+    var popup = Popup.create(this);
+    var tags = store.getTags();
+    if(tags.length == 0)
+        createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+        theTag.setAttribute("tag",tags[t][0]);
+        theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if(e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+config.macros.tagChooser.onTagClick = function(e)
+{
+    if(!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(!readOnly)
+        story.setTiddlerTag(title,tag,0);
+    return(false);
+}
+
+config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(tiddler instanceof Tiddler)
+        {
+        var title = tiddler.title;
+        var lingo = config.views.editor.tagChooser;
+        var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+        btn.setAttribute("tiddler", title);
+        }
+}
+
+// Create a toolbar command button
+// place - parent DOM element
+// command - reference to config.commands[] member -or- name of member
+// tiddler - reference to tiddler that toolbar applies to
+// theClass - the class to give the button
+config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
+{
+    if(typeof commandName != "string")
+        {
+        var c = null;
+        for(var t in config.commands)
+            if(config.commands[t] == commandName)
+                c = t;
+        commandName = c;
+        }
+    if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+        {
+        var title = tiddler.title;
+        var command = config.commands[commandName];
+        var ro = tiddler.isReadOnly();
+        var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+        var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+        var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+        if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+            {
+            var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+            btn.setAttribute("commandName", commandName);
+            btn.setAttribute("tiddler", title);
+            if(theClass)
+                addClass(btn,theClass);
+            place.appendChild(btn);
+            }
+        }
+}
+
+config.macros.toolbar.onClickCommand = function(e)
+{
+    if(!e) var e = window.event;
+    var command = config.commands[this.getAttribute("commandName")];
+    return command.handler(e,this,this.getAttribute("tiddler"));
+}
+
+// Invoke the first command encountered from a given place that is tagged with a specified class
+config.macros.toolbar.invokeCommand = function(place,theClass,event)
+{
+    var children = place.getElementsByTagName("a")
+    for(var t=0; t<children.length; t++)
+        {
+        var c = children[t];
+        if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+            {
+            if(c.onclick instanceof Function)
+                c.onclick.call(c,event);
+            break;
+            }
+        }
+}
+
+config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    for(var t=0; t<params.length; t++)
+        {
+        var c = params[t];
+        var theClass = "";
+        switch(c.substr(0,1))
+            {
+            case "+":
+                theClass = "defaultCommand";
+                c = c.substr(1);
+                break;
+            case "-":
+                theClass = "cancelCommand";
+                c = c.substr(1);
+                break;
+            }
+        if(c in config.commands)
+            this.createCommand(place,c,tiddler,theClass);
+        }
+}
+
+config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var e = createTiddlyElement(place,"div");
+    e.setAttribute("refresh","macro");
+    e.setAttribute("macroName","plugins");
+    e.setAttribute("params",paramString);
+    this.refresh(e,paramString);
+}
+
+config.macros.plugins.refresh = function(place,params)
+{
+    var selectedRows = [];
+    ListView.forEachSelector(place,function(e,rowName) {
+            if(e.checked)
+                selectedRows.push(e.getAttribute("rowName"));
+        });
+    removeChildren(place);
+    params = params.parseParams("anon");
+    var plugins = installedPlugins.slice(0);
+    var t,tiddler,p;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    for(t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        if(plugins.findByField("title",tiddler.title) == null)
+            {
+            p = getPluginInfo(tiddler);
+            p.executed = false;
+            p.log.splice(0,0,this.skippedText);
+            plugins.push(p);
+            }
+        }
+    for(t=0; t<plugins.length; t++)
+        {
+        var p = plugins[t];
+        p.forced = p.tiddler.isTagged("systemConfigForce");
+        p.disabled = p.tiddler.isTagged("systemConfigDisable");
+        p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+        }
+    if(plugins.length == 0)
+        createTiddlyElement(place,"em",null,null,this.noPluginText);
+    else
+        ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+}
+
+config.macros.plugins.onSelectCommand = function(command,rowNames)
+{
+    var t;
+    switch(command)
+        {
+        case "remove":
+            for(t=0; t<rowNames.length; t++)
+                store.setTiddlerTag(rowNames[t],false,"systemConfig");
+            break;
+        case "delete":
+            if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+                {
+                for(t=0; t<rowNames.length; t++)
+                    {
+                    store.removeTiddler(rowNames[t]);
+                    story.closeTiddler(rowNames[t],true,false);
+                    }
+                }
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.refreshDisplay.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.refreshDisplay.onClick = function(e)
+{
+    refreshAll();
+    return false;
+}
+
+config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(readOnly)
+        {
+        createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+        return;
+        }
+    var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+    createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+    createTiddlyElement(importer,"h2",null,"step1",this.step1);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    createTiddlyText(step,this.step1prompt);
+    var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+    input.type = "text";
+    input.size = 50;
+    step.appendChild(input);
+    importer.inputBox = input;
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFile);
+    var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+    fileInput.type = "file";
+    fileInput.size = 50;
+    fileInput.onchange = this.onBrowseChange;
+    fileInput.onkeyup = this.onBrowseChange;
+    step.appendChild(fileInput);
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFeeds);
+    var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+    createTiddlyDropDown(step,this.onFeedChange,feeds);
+    createTiddlyElement(step,"br");
+    createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+        place.appendChild(importer);
+}
+
+config.macros.importTiddlers.getFeeds = function(feeds)
+{
+    var tagged = store.getTaggedTiddlers("contentPublisher","title");
+    for(var t=0; t<tagged.length; t++)
+        feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+    return feeds;
+}
+
+config.macros.importTiddlers.onFeedChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = this.value;
+    this.selectedIndex = 0;
+}
+
+config.macros.importTiddlers.onBrowseChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = "file://" + this.value;
+}
+
+config.macros.importTiddlers.onFetch = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    var url = importer.inputBox.value;
+    var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+    while(cutoff)
+        {
+        var temp = cutoff.nextSibling;
+        cutoff.parentNode.removeChild(cutoff);
+        cutoff = temp;
+        }
+    createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+    loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+}
+
+config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
+{
+    if(!status)
+        {
+        displayMessage(this.fetchError);
+        return;
+        }
+    var importer = params;
+    // Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//  var p = importer;
+//  while(p.parentNode)
+//      p = p.parentNode;
+//  if(!(p instanceof HTMLDocument))
+//      return;
+    // Crack out the content - (should be refactored)
+    var posOpeningDiv = responseText.indexOf(startSaveArea);
+    var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([url]));
+        return;
+        }
+    var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+    // Create the iframe
+    var iframe = document.createElement("iframe");
+    iframe.style.display = "none";
+    importer.insertBefore(iframe,importer.firstChild);
+    var doc = iframe.document;
+    if(iframe.contentDocument)
+        doc = iframe.contentDocument; // For NS6
+    else if(iframe.contentWindow)
+        doc = iframe.contentWindow.document; // For IE5.5 and IE6
+    // Put the content in the iframe
+    doc.open();
+    doc.writeln(content);
+    doc.close();
+    // Load the content into a TiddlyWiki() object
+    var storeArea = doc.getElementById("storeArea");
+    var importStore = new TiddlyWiki();
+    importStore.loadFromDiv(storeArea,"store");
+    // Get rid of the iframe
+    iframe.parentNode.removeChild(iframe);
+    // Extract data for the listview
+    var tiddlers = [];
+    importStore.forEachTiddler(function(title,tiddler)
+        {
+        var t = {};
+        t.title = title;
+        t.modified = tiddler.modified;
+        t.modifier = tiddler.modifier;
+        t.text = tiddler.text.substr(0,50);
+        t.tags = tiddler.tags;
+        tiddlers.push(t);
+        });
+    // Display the listview
+    createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+    // Save the importer
+    importer.store = importStore;
+}
+
+config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
+{
+    var importer = findRelated(listView,"importTiddler","className","parentNode");
+    switch(command)
+        {
+        case "import":
+            config.macros.importTiddlers.doImport(importer,rowNames);
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.importTiddlers.doImport = function(importer,rowNames)
+{
+    var theStore = importer.store;
+    var overwrite = new Array();
+    var t;
+    for(t=0; t<rowNames.length; t++)
+        {
+        if(store.tiddlerExists(rowNames[t]))
+            overwrite.push(rowNames[t]);
+    }
+    if(overwrite.length > 0)
+        if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+            return;
+    for(t=0; t<rowNames.length; t++)
+        {
+        var inbound = theStore.fetchTiddler(rowNames[t]);
+        store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+        store.fetchTiddler(inbound.title).created = inbound.created;
+        store.notify(rowNames[t],false);
+        }
+    store.notifyAll();
+    store.setDirty(true);
+    createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    for(t=0; t<rowNames.length; t++)
+        {
+        createTiddlyLink(step,rowNames[t],true);
+        createTiddlyElement(step,"br");
+        }
+    createTiddlyElement(importer,"h2",null,"step5",this.step5);
+}
+// ---------------------------------------------------------------------------------
+// Menu and toolbar commands
+// ---------------------------------------------------------------------------------
+
+config.commands.closeTiddler.handler = function(event,src,title)
+{
+    story.closeTiddler(title,true,event.shiftKey || event.altKey);
+    return false;
+}
+
+config.commands.closeOthers.handler = function(event,src,title)
+{
+    story.closeAllTiddlers(title);
+    return false;
+}
+
+config.commands.editTiddler.handler = function(event,src,title)
+{
+    clearMessage();
+    story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+    story.focusTiddler(title,"text");
+    return false;
+}
+
+config.commands.saveTiddler.handler = function(event,src,title)
+{
+    var newTitle = story.saveTiddler(title,event.shiftKey);
+    if(newTitle)
+       story.displayTiddler(null,newTitle);
+    return false;
+}
+
+config.commands.cancelTiddler.handler = function(event,src,title)
+{
+    if(story.hasChanges(title) && !readOnly)
+        if(!confirm(this.warning.format([title])))
+            return false;
+    story.setDirty(title,false);
+    story.displayTiddler(null,title);
+    return false;
+}
+
+config.commands.deleteTiddler.handler = function(event,src,title)
+{
+    var deleteIt = true;
+    if (config.options.chkConfirmDelete)
+        deleteIt = confirm(this.warning.format([title]));
+    if (deleteIt)
+        {
+        store.removeTiddler(title);
+        story.closeTiddler(title,true,event.shiftKey || event.altKey);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        }
+    return false;
+}
+
+config.commands.permalink.handler = function(event,src,title)
+{
+    var t = encodeURIComponent(String.encodeTiddlyLink(title));
+    if(window.location.hash != t)
+        window.location.hash = t;
+    return false;
+}
+
+config.commands.references.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        var references = store.getReferringTiddlers(title);
+        var c = false;
+        for(var r=0; r<references.length; r++)
+            if(references[r].title != title && !references[r].isTagged("excludeLists"))
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+                c = true;
+                }
+        if(!c)
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+config.commands.jump.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        story.forEachTiddler(function(title,element) {
+            createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+            });
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Tiddler() object
+// ---------------------------------------------------------------------------------
+
+function Tiddler()
+{
+    this.title = null;
+    this.text = null;
+    this.modifier = null;
+    this.modified = new Date();
+    this.created = new Date();
+    this.links = [];
+    this.linksUpdated = false;
+    this.tags = [];
+    return this;
+}
+
+Tiddler.prototype.getLinks = function()
+{
+    if(this.linksUpdated==false)
+        this.changed();
+    return this.links;
+}
+
+// Format the text for storage in an RSS item
+Tiddler.prototype.saveToRss = function(url)
+{
+    var s = [];
+    s.push("<item>");
+    s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+    s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+    for(var t=0; t<this.tags.length; t++)
+        s.push("<category>" + this.tags[t] + "</category>");
+    s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+    s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+    s.push("</item>");
+    return(s.join("\n"));
+}
+
+// Change the text and other attributes of a tiddler
+Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
+{
+    this.assign(title,text,modifier,modified,tags,created,fields);
+    this.changed();
+    return this;
+}
+
+// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
+Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
+{
+    if(title != undefined)
+        this.title = title;
+    if(text != undefined)
+        this.text = text;
+    if(modifier != undefined)
+        this.modifier = modifier;
+    if(modified != undefined)
+        this.modified = modified;
+    if(created != undefined)
+        this.created = created;
+    if(fields != undefined)
+        this.fields = fields;
+    if(tags != undefined)
+        this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+    else if(this.tags == undefined)
+        this.tags = [];
+    return this;
+}
+
+// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
+Tiddler.prototype.getTags = function()
+{
+    return String.encodeTiddlyLinkList(this.tags);
+}
+
+// Test if a tiddler carries a tag
+Tiddler.prototype.isTagged = function(tag)
+{
+    return this.tags.indexOf(tag) != -1;
+}
+
+// Static method to convert "\n" to newlines, "\s" to "\"
+Tiddler.unescapeLineBreaks = function(text)
+{
+    return text ? text.unescapeLineBreaks() : "";
+}
+
+// Convert newlines to "\n", "\" to "\s"
+Tiddler.prototype.escapeLineBreaks = function()
+{
+    return this.text.escapeLineBreaks();
+}
+
+// Updates the secondary information (like links[] array) after a change to a tiddler
+Tiddler.prototype.changed = function()
+{
+    this.links = [];
+    var t = this.autoLinkWikiWords() ? 0 : 1;
+    var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+    tiddlerLinkRegExp.lastIndex = 0;
+    var formatMatch = tiddlerLinkRegExp.exec(this.text);
+    while(formatMatch)
+        {
+        if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+            {
+            if(formatMatch.index > 0)
+                {
+                var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+                preRegExp.lastIndex = formatMatch.index-1;
+                var preMatch = preRegExp.exec(this.text);
+                if(preMatch.index != formatMatch.index-1)
+                    this.links.pushUnique(formatMatch[1]);
+                }
+            else
+                this.links.pushUnique(formatMatch[1]);
+            }
+        else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+            this.links.pushUnique(formatMatch[3-t]);
+        else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+            this.links.pushUnique(formatMatch[4-t]);
+        // Do not add link if match urlPattern (formatMatch[5-t])
+        formatMatch = tiddlerLinkRegExp.exec(this.text);
+        }
+    this.linksUpdated = true;
+    return;
+}
+
+Tiddler.prototype.getSubtitle = function()
+{
+    var theModifier = this.modifier;
+    if(!theModifier)
+        theModifier = config.messages.subtitleUnknown;
+    var theModified = this.modified;
+    if(theModified)
+        theModified = theModified.toLocaleString();
+    else
+        theModified = config.messages.subtitleUnknown;
+    return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+}
+
+Tiddler.prototype.isReadOnly = function()
+{
+    return readOnly;
+}
+
+Tiddler.prototype.autoLinkWikiWords = function()
+{
+    return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+}
+
+Tiddler.prototype.generateFingerprint = function()
+{
+    return "0x" + Crypto.hexSha1Str(this.text);
+}
+
+// ---------------------------------------------------------------------------------
+// TiddlyWiki() object contains Tiddler()s
+// ---------------------------------------------------------------------------------
+
+function TiddlyWiki()
+{
+    var tiddlers = {}; // Hashmap by name of tiddlers
+    this.tiddlersUpdated = false;
+    this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+    this.notificationLevel = 0;
+    this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+    this.clear = function() {
+        tiddlers = {};
+        this.setDirty(false);
+        };
+    this.fetchTiddler = function(title) {
+        return tiddlers[title];
+        };
+    this.deleteTiddler = function(title) {
+        delete this.slices[title];
+        delete tiddlers[title];
+        };
+    this.addTiddler = function(tiddler) {
+        delete this.slices[tiddler.title];
+        tiddlers[tiddler.title] = tiddler;
+        };
+    this.forEachTiddler = function(callback) {
+        for(var t in tiddlers)
+            {
+            var tiddler = tiddlers[t];
+            if(tiddler instanceof Tiddler)
+                callback.call(this,t,tiddler);
+            }
+        };
+}
+
+// Set the dirty flag
+TiddlyWiki.prototype.setDirty = function(dirty)
+{
+    this.dirty = dirty;
+}
+
+TiddlyWiki.prototype.isDirty = function()
+{
+    return this.dirty;
+}
+
+TiddlyWiki.prototype.suspendNotifications = function()
+{
+    this.notificationLevel--;
+}
+
+TiddlyWiki.prototype.resumeNotifications = function()
+{
+    this.notificationLevel++;
+}
+
+// Invoke the notification handlers for a particular tiddler
+TiddlyWiki.prototype.notify = function(title,doBlanket)
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if((n.name == null && doBlanket) || (n.name == title))
+                n.notify(title);
+            }
+}
+
+// Invoke the notification handlers for all tiddlers
+TiddlyWiki.prototype.notifyAll = function()
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if(n.name)
+                n.notify(n.name);
+            }
+}
+
+// Add a notification handler to a tiddler
+TiddlyWiki.prototype.addNotification = function(title,fn)
+{
+    for (var i=0; i<this.namedNotifications.length; i++)
+        if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+            return this;
+    this.namedNotifications.push({name: title, notify: fn});
+    return this;
+}
+
+TiddlyWiki.prototype.removeTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        this.deleteTiddler(title);
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.tiddlerExists = function(title)
+{
+    var t = this.fetchTiddler(title);
+    return (t != undefined);
+}
+
+TiddlyWiki.prototype.isShadowTiddler = function(title)
+{
+    return typeof config.shadowTiddlers[title] == "string";
+}
+
+TiddlyWiki.prototype.getTiddler = function(title)
+{
+    var t = this.fetchTiddler(title);
+    if(t != undefined)
+        return t;
+    else
+        return null;
+}
+
+TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        return tiddler.text;
+    if(!title)
+        return defaultText;
+    var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+    if(pos != -1)
+        {
+        var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+        if(slice)
+            return slice;
+        }
+    if(this.isShadowTiddler(title))
+        return config.shadowTiddlers[title];
+    if(defaultText != undefined)
+        return defaultText;
+    return null;
+}
+
+TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
+
+// @internal
+TiddlyWiki.prototype.calcAllSlices = function(title)
+{
+    var slices = {};
+    var text = this.getTiddlerText(title,"");
+    this.slicesRE.lastIndex = 0;
+    do
+        {
+            var m = this.slicesRE.exec(text);
+            if (m)
+                {
+                    if (m[1])
+                        slices[m[1]] = m[2];
+                    else
+                        slices[m[3]] = m[4];
+                }
+        }
+    while(m);
+    return slices;
+}
+
+// Returns the slice of text of the given name
+//#
+//# A text slice is a substring in the tiddler's text that is defined
+//# either like this
+//#    aName:  textSlice
+//# or
+//#    |aName:| textSlice |
+//# or
+//#    |aName| textSlice |
+//#
+//# In the text the name (or name:) may be decorated with '' or //. I.e.
+//# this would also a possible text slice:
+//#
+//#    |''aName:''| textSlice |
+//#
+//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
+//# @return [may be undefined] the (trimmed) text of the specified slice.
+TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
+{
+    var slices = this.slices[title];
+    if (!slices) {
+        slices = this.calcAllSlices(title);
+        this.slices[title] = slices;
+    }
+    return slices[sliceName];
+}
+
+// Build an hashmap of the specified named slices of a tiddler
+TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
+{
+    var r = {};
+    for(var t=0; t<sliceNames.length; t++)
+        {
+        var slice = this.getTiddlerSlice(title,sliceNames[t]);
+        if(slice)
+            r[sliceNames[t]] = slice;
+        }
+    return r;
+}
+
+TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
+{
+    var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+    var text = this.getTiddlerText(title,null);
+    if(text == null)
+        return defaultText;
+    var textOut = [];
+    var lastPos = 0;
+    do {
+        var match = bracketRegExp.exec(text);
+        if(match)
+            {
+            textOut.push(text.substr(lastPos,match.index-lastPos));
+            if(match[1])
+                {
+                if(depth <= 0)
+                    textOut.push(match[1]);
+                else
+                    textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+                }
+            lastPos = match.index + match[0].length;
+            }
+        else
+            textOut.push(text.substr(lastPos));
+    } while(match);
+    return(textOut.join(""));
+}
+
+TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        var t = tiddler.tags.indexOf(tag);
+        if(t != -1)
+            tiddler.tags.splice(t,1);
+        if(status)
+            tiddler.tags.push(tag);
+        tiddler.changed();
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
+{
+    var tiddler = this.fetchTiddler(title);
+    var created;
+    if(tiddler)
+        {
+        created = tiddler.created; // Preserve created date
+        this.deleteTiddler(title);
+        }
+    else
+        {
+        tiddler = new Tiddler();
+        created = modified;
+        }
+    tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+    this.addTiddler(tiddler);
+    if(title != newTitle)
+        this.notify(title,true);
+    this.notify(newTitle,true);
+    this.setDirty(true);
+    return tiddler;
+}
+
+TiddlyWiki.prototype.createTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(!tiddler)
+        {
+        tiddler = new Tiddler();
+        tiddler.title = title;
+        this.addTiddler(tiddler);
+        this.setDirty(true);
+        }
+    return tiddler;
+}
+
+// Load contents of a tiddlywiki from an HTML DIV
+TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
+{
+    this.idPrefix = idPrefix;
+    var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+    var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+    this.setDirty(false);
+    if(!noUpdate)
+        {
+        for(var i = 0;i<tiddlers.length; i++)
+            tiddlers[i].changed();
+        }
+}
+
+TiddlyWiki.prototype.updateTiddlers = function()
+{
+    this.tiddlersUpdated = true;
+    this.forEachTiddler(function(title,tiddler) {
+        tiddler.changed();
+        });
+}
+
+// Return all tiddlers formatted as an HTML string
+TiddlyWiki.prototype.allTiddlersAsHtml = function()
+{
+    return store.getSaver().externalize(store);
+}
+
+// Return an array of tiddlers matching a search regular expression
+TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
+{
+    var candidates = this.reverseLookup("tags",excludeTag,false);
+    var results = [];
+    for(var t=0; t<candidates.length; t++)
+        {
+        if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+            results.push(candidates[t]);
+        }
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
+TiddlyWiki.prototype.getTags = function()
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        for(var g=0; g<tiddler.tags.length; g++)
+            {
+            var tag = tiddler.tags[g];
+            var f = false;
+            for(var c=0; c<results.length; c++)
+                if(results[c][0] == tag)
+                    {
+                    f = true;
+                    results[c][1]++;
+                    }
+            if(!f)
+                results.push([tag,1]);
+            }
+        });
+    results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+    return results;
+}
+
+// Return an array of the tiddlers that are tagged with a given tag
+TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
+{
+    return this.reverseLookup("tags",tag,true,sortField);
+}
+
+// Return an array of the tiddlers that link to a given tiddler
+TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    return this.reverseLookup("links",title,true,sortField);
+}
+
+// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
+// lookupMatch == true to match tiddlers, false to exclude tiddlers
+TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        var f = !lookupMatch;
+        for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+            if(tiddler[lookupField][lookup] == lookupValue)
+                f = lookupMatch;
+        if(f)
+            results.push(tiddler);
+        });
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return the tiddlers as a sorted array
+TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+            results.push(tiddler);
+        });
+    if(field)
+        results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+    return results;
+}
+
+// Return array of names of tiddlers that are referred to but not defined
+TiddlyWiki.prototype.getMissingLinks = function(sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        for(var n=0; n<tiddler.links.length;n++)
+            {
+            var link = tiddler.links[n];
+            if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+                results.pushUnique(link);
+            }
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of tiddlers that are defined but not referred to
+TiddlyWiki.prototype.getOrphans = function()
+{
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+            results.push(title);
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of all the shadow tiddlers
+TiddlyWiki.prototype.getShadowed = function()
+{
+    var results = [];
+    for(var t in config.shadowTiddlers)
+        if(typeof config.shadowTiddlers[t] == "string")
+            results.push(t);
+    results.sort();
+    return results;
+}
+
+// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
+TiddlyWiki.prototype.resolveTiddler = function(tiddler)
+{
+    var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+    return t instanceof Tiddler ? t : null;
+}
+
+TiddlyWiki.prototype.getLoader = function()
+{
+    if (!this.loader)
+        this.loader = new TW21Loader();
+    return this.loader;
+}
+
+TiddlyWiki.prototype.getSaver = function()
+{
+    if (!this.saver)
+        this.saver = new TW21Saver();
+    return this.saver;
+}
+
+// Returns true if path is a valid field name (path),
+// i.e. a sequence of identifiers, separated by '.'
+TiddlyWiki.isValidFieldName = function (name) {
+    var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+    return match && (match[0] == name);
+}
+
+// Throws an exception when name is not a valid field name.
+TiddlyWiki.checkFieldName = function(name) {
+    if (!TiddlyWiki.isValidFieldName(name))
+        throw config.messages.invalidFieldName.format([name]);
+}
+
+function StringFieldAccess(n, readOnly) {
+    this.set = readOnly
+        ? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+        : function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+    this.get = function(t) {return t[n];};
+}
+
+function DateFieldAccess(n) {
+    this.set = function(t,v) {
+            var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v);
+            if (d != t[n]) {
+                t[n] = d; return true;
+            }
+        };
+    this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+}
+
+function LinksFieldAccess(n) {
+    this.set = function(t,v) {
+            var s = (typeof v == "string") ? v.readBracketedList() : v;
+            if (s.toString() != t[n].toString()) {
+                t[n] = s; return true;
+            }
+        };
+    this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+}
+
+TiddlyWiki.standardFieldAccess = {
+    // The set functions return true when setting the data has changed the value.
+
+    "title":    new StringFieldAccess("title", true),
+    // Handle the "tiddler" field name as the title
+    "tiddler":  new StringFieldAccess("title", true),
+
+    "text":     new StringFieldAccess("text"),
+    "modifier": new StringFieldAccess("modifier"),
+    "modified": new DateFieldAccess("modified"),
+    "created":  new DateFieldAccess("created"),
+    "tags":     new LinksFieldAccess("tags")
+};
+
+TiddlyWiki.isStandardField = function(name) {
+    return TiddlyWiki.standardFieldAccess[name] != undefined;
+}
+
+// Sets the value of the given field of the tiddler to the value.
+// Setting an ExtendedField's value to null or undefined removes the field.
+// Setting a namespace to undefined removes all fields of that namespace.
+// The fieldName is case-insensitive.
+// All values will be converted to a string value.
+TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
+    TiddlyWiki.checkFieldName(fieldName);
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return;
+
+    fieldName = fieldName.toLowerCase();
+
+    var isRemove = (value === undefined) || (value === null);
+
+    if (!t.fields)
+        t.fields = {};
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        if (isRemove)
+            // don't remove StandardFields
+            return;
+        var h = TiddlyWiki.standardFieldAccess[fieldName];
+        if (!h.set(t, value))
+            return;
+
+    } else {
+        var oldValue = t.fields[fieldName];
+
+        if (isRemove) {
+            if (oldValue !== undefined) {
+                // deletes a single field
+                delete t.fields[fieldName];
+            } else {
+                // no concrete value is defined for the fieldName
+                // so we guess this is a namespace path.
+
+                // delete all fields in a namespace
+                var re = new RegExp('^'+fieldName+'\\.');
+                var dirty = false;
+                for (var n in t.fields) {
+                    if (n.match(re)) {
+                        delete t.fields[n];
+                        dirty = true;
+                    }
+                }
+                if (!dirty)
+                    return
+            }
+
+        } else {
+            // the "normal" set case. value is defined (not null/undefined)
+            // For convenience provide a nicer conversion Date->String
+            value = value instanceof Date
+                ? value.convertToYYYYMMDDHHMMSSMMM()
+                : String(value);
+            if (oldValue == value)
+                return;
+            t.fields[fieldName] = value;
+        }
+    }
+
+    // When we are here the tiddler/store really was changed.
+    this.notify(t.title,true);
+    if (!fieldName.match(/^temp\./))
+        this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler.
+// The fieldName is case-insensitive.
+// Will only return String values (or undefined).
+TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    fieldName = fieldName.toLowerCase();
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        return accessor.get(t);
+    }
+
+    return t.fields ? t.fields[fieldName] : undefined;
+}
+
+// Calls the callback function for every field in the tiddler.
+//
+// When callback function returns a non-false value the iteration stops
+// and that value is returned.
+//
+// The order of the fields is not defined.
+//
+// @param callback a function(tiddler, fieldName, value).
+//
+TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    if (t.fields) {
+        for (var n in t.fields) {
+            var result = callback(t, n, t.fields[n]);
+            if (result)
+                return result;
+        }
+    }
+
+    if (onlyExtendedFields)
+        return undefined;
+
+    for (var n in TiddlyWiki.standardFieldAccess) {
+        if (n == "tiddler")
+            // even though the "title" field can also be referenced through the name "tiddler"
+            // we only visit this field once.
+            continue;
+
+        var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+        if (result)
+            return result;
+    }
+
+    return undefined;
+};
+// ---------------------------------------------------------------------------------
+// Story functions
+// ---------------------------------------------------------------------------------
+
+// A story is a HTML div containing a sequence of tiddlers that can be manipulated
+// container - id of containing element
+// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
+function Story(container,idPrefix)
+{
+    this.container = container;
+    this.idPrefix = idPrefix;
+    this.highlightRegExp = null;
+}
+
+// Iterate through all the tiddlers in a story
+// fn - callback function to be called for each tiddler. Arguments are:
+//      tiddler - reference to Tiddler object
+//      element - reference to tiddler display element
+Story.prototype.forEachTiddler = function(fn)
+{
+    var place = document.getElementById(this.container);
+    if(!place)
+        return;
+    var e = place.firstChild;
+    while(e)
+        {
+        var n = e.nextSibling;
+        var title = e.getAttribute("tiddler");
+        fn.call(this,title,e);
+        e = n;
+        }
+}
+
+// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
+// titles - array of string titles
+Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
+{
+    for(var t = titles.length-1;t>=0;t--)
+        this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+}
+
+// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
+// template, it is switched to the specified template
+// srcElement - reference to element from which this one is being opened -or-
+//              special positions "top", "bottom"
+// title - title of tiddler to display
+// template - the name of the tiddler containing the template -or-
+//            one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//            null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
+{
+    var place = document.getElementById(this.container);
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        this.refreshTiddler(title,template);
+    else
+        {
+        var before = this.positionTiddler(srcElement);
+        tiddlerElem = this.createTiddler(place,before,title,template);
+        }
+    if(srcElement && typeof srcElement !== "string")
+        {
+        if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+            anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+        else
+            window.scrollTo(0,ensureVisible(tiddlerElem));
+        }
+}
+
+// Figure out the appropriate position for a newly opened tiddler
+// srcElement - reference to the element containing the link to the tiddler -or-
+//              special positions "top", "bottom"
+// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
+Story.prototype.positionTiddler = function(srcElement)
+{
+    var place = document.getElementById(this.container);
+    var before;
+    if(typeof srcElement == "string")
+        {
+        switch(srcElement)
+            {
+            case "top":
+                before = place.firstChild;
+                break;
+            case "bottom":
+                before = null;
+                break;
+            }
+        }
+    else
+        {
+        var after = this.findContainingTiddler(srcElement);
+        if(after == null)
+            before = place.firstChild;
+        else if(after.nextSibling)
+            before = after.nextSibling;
+        else
+            before = null;
+        }
+    return before;
+}
+
+// Create a tiddler frame at the appropriate place in a story column
+// place - reference to parent element
+// before - null, or reference to element before which to insert new tiddler
+// title - title of new tiddler
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+Story.prototype.createTiddler = function(place,before,title,template)
+{
+    var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+    tiddlerElem.setAttribute("refresh","tiddler");
+    place.insertBefore(tiddlerElem,before);
+    this.refreshTiddler(title,template);
+    return tiddlerElem;
+}
+
+// Overridable for choosing the name of the template to apply for a tiddler
+Story.prototype.chooseTemplateForTiddler = function(title,template)
+{
+    if(!template)
+        template = DEFAULT_VIEW_TEMPLATE;
+    if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+        template = config.tiddlerTemplates[template];
+    return template;
+}
+
+// Overridable for extracting the text of a template from a tiddler
+Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
+{
+    return store.getRecursiveTiddlerText(template,null,10);
+}
+
+// Apply a template to an existing tiddler if it is not already displayed using that template
+// title - title of tiddler to update
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+// force - if true, forces the refresh even if the template hasn't changedd
+Story.prototype.refreshTiddler = function(title,template,force)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        {
+        if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+            return tiddlerElem;
+        template = this.chooseTemplateForTiddler(title,template);
+        var currTemplate = tiddlerElem.getAttribute("template");
+        if((template != currTemplate) || force)
+            {
+            var tiddler = store.getTiddler(title);
+            if(!tiddler)
+                {
+                tiddler = new Tiddler();
+                if(store.isShadowTiddler(title))
+                    tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+                else
+                    {
+                    var text = template=="EditTemplate"
+                                ? config.views.editor.defaultText.format([title])
+                                : config.views.wikified.defaultText.format([title]);
+                    tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+                    }
+                }
+            tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+            tiddlerElem.setAttribute("tiddler",title);
+            tiddlerElem.setAttribute("template",template);
+            var me = this;
+            tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+            tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+            tiddlerElem.ondblclick = this.onTiddlerDblClick;
+            tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+            var html = this.getTemplateForTiddler(title,template,tiddler);
+            tiddlerElem.innerHTML = html;
+            applyHtmlMacros(tiddlerElem,tiddler);
+            if(store.getTaggedTiddlers(title).length > 0)
+                addClass(tiddlerElem,"isTag");
+            else
+                removeClass(tiddlerElem,"isTag");
+            if(!store.tiddlerExists(title))
+                {
+                if(store.isShadowTiddler(title))
+                    addClass(tiddlerElem,"shadow");
+                else
+                    addClass(tiddlerElem,"missing");
+                }
+            else
+                {
+                removeClass(tiddlerElem,"shadow");
+                removeClass(tiddlerElem,"missing");
+                }
+            }
+        }
+    return tiddlerElem;
+}
+
+// Refresh all tiddlers in the Story
+Story.prototype.refreshAllTiddlers = function()
+{
+    var place = document.getElementById(this.container);
+    var e = place.firstChild;
+    if(!e)
+        return;
+    this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+    while((e = e.nextSibling) != null)
+        this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+}
+
+// Default tiddler onmouseover/out event handlers
+Story.prototype.onTiddlerMouseOver = function(e)
+{
+    if(window.addClass instanceof Function)
+        addClass(this,"selected");
+}
+
+Story.prototype.onTiddlerMouseOut = function(e)
+{
+    if(window.removeClass instanceof Function)
+        removeClass(this,"selected");
+}
+
+// Default tiddler ondblclick event handler
+Story.prototype.onTiddlerDblClick = function(e)
+{
+    if(!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+        {
+        if(document.selection && document.selection.empty)
+            document.selection.empty();
+        config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+        e.cancelBubble = true;
+        if (e.stopPropagation) e.stopPropagation();
+        return true;
+        }
+    else
+        return false;
+}
+
+Story.prototype.onTiddlerKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    clearMessage();
+    var consume = false;
+    var title = this.getAttribute("tiddler");
+    var target = resolveTarget(e);
+    switch(e.keyCode)
+        {
+        case 9: // Tab
+            if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+                {
+                replaceSelection(target,String.fromCharCode(9));
+                consume = true;
+                }
+            if(config.isOpera)
+                {
+                target.onblur = function()
+                    {
+                    this.focus();
+                    this.onblur = null;
+                    }
+                }
+            break;
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+        case 77: // Ctrl-Enter is "M" on some platforms
+            if(e.ctrlKey)
+                {
+                blurElement(this);
+                config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+                consume = true;
+                }
+            break;
+        case 27: // Escape
+            blurElement(this);
+            config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+            consume = true;
+            break;
+        }
+    e.cancelBubble = consume;
+    if(consume)
+        {
+        if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+        e.returnValue = true; // Cancel The Event in IE
+        if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+        }
+    return(!consume);
+};
+
+// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
+// or null if it found no edit field at all
+Story.prototype.getTiddlerField = function(title,field)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    var e = null;
+    if(tiddlerElem != null)
+        {
+        var children = tiddlerElem.getElementsByTagName("*");
+        for (var t=0; t<children.length; t++)
+            {
+            var c = children[t];
+            if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+                {
+                if(!e)
+                    e = c;
+                if(c.getAttribute("edit") == field)
+                    e = c;
+                }
+            }
+        }
+    return e;
+}
+
+// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
+Story.prototype.focusTiddler = function(title,field)
+{
+    var e = this.getTiddlerField(title,field);
+    if(e)
+        {
+        e.focus();
+        e.select();
+        }
+}
+
+// Ensures that a specified tiddler does not have the focus
+Story.prototype.blurTiddler = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+        {
+        tiddlerElem.focus();
+        tiddlerElem.blur();
+        }
+}
+
+// Adds a specified value to the edit controls (if any) of a particular
+// array-formatted field of a particular tiddler (eg "tags")
+//  title - name of tiddler
+//  tag - value of field, without any [[brackets]]
+//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
+//  field - name of field (eg "tags")
+Story.prototype.setTiddlerField = function(title,tag,mode,field)
+{
+    var c = story.getTiddlerField(title,field);
+
+    var tags = c.value.readBracketedList();
+    tags.setItem(tag,mode);
+    c.value = String.encodeTiddlyLinkList(tags);
+}
+
+// The same as setTiddlerField but preset to the "tags" field
+Story.prototype.setTiddlerTag = function(title,tag,mode)
+{
+    Story.prototype.setTiddlerField(title,tag,mode,"tags");
+}
+
+// Close a specified tiddler
+// title - name of tiddler to close
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.closeTiddler = function(title,animate,slowly)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        clearMessage();
+        this.scrubTiddler(tiddlerElem);
+        if(anim && config.options.chkAnimate && animate)
+            anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+        else
+            tiddlerElem.parentNode.removeChild(tiddlerElem);
+        }
+}
+
+// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
+// does not interfere with things
+// tiddler - reference to the tiddler element
+Story.prototype.scrubTiddler = function(tiddlerElem)
+{
+    tiddlerElem.id = null;
+}
+
+// Set the 'dirty' flag of a tiddler
+// title - title of tiddler to change
+// dirty - new boolean status of flag
+Story.prototype.setDirty = function(title,dirty)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+}
+
+// Is a particular tiddler dirty (with unsaved changes)?
+Story.prototype.isDirty = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        return tiddlerElem.getAttribute("dirty") == "true";
+    return null;
+}
+
+// Determine whether any open tiddler are dirty
+Story.prototype.areAnyDirty = function()
+{
+    var r = false;
+    this.forEachTiddler(function(title,element) {
+        if(this.isDirty(title))
+            r = true;
+        });
+    return r;
+}
+
+// Close all tiddlers in the story
+Story.prototype.closeAllTiddlers = function(exclude)
+{
+    clearMessage();
+    this.forEachTiddler(function(title,element) {
+        if((title != exclude) && element.getAttribute("dirty") != "true")
+            this.closeTiddler(title);
+        });
+    window.scrollTo(0,0);
+}
+
+// Check if there are any tiddlers in the story
+Story.prototype.isEmpty = function()
+{
+    var place = document.getElementById(this.container);
+    return(place && place.firstChild == null);
+}
+
+// Perform a search and display the result
+// text - text to search for
+// useCaseSensitive - true for case sensitive matching
+// useRegExp - true to interpret text as a RegExp
+Story.prototype.search = function(text,useCaseSensitive,useRegExp)
+{
+    this.closeAllTiddlers();
+    highlightHack = new RegExp(useRegExp ?   text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+    var matches = store.search(highlightHack,"title","excludeSearch");
+    var titles = [];
+    for(var t=matches.length-1; t>=0; t--)
+        titles.push(matches[t].title);
+    this.displayTiddlers(null,titles);
+    highlightHack = null;
+    var q = useRegExp ? "/" : "'";
+    if(matches.length > 0)
+        displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+    else
+        displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+}
+
+// Determine if the specified element is within a tiddler in this story
+// e - reference to an element
+// returns: reference to a tiddler element or null if none
+Story.prototype.findContainingTiddler = function(e)
+{
+    while(e && !hasClass(e,"tiddler"))
+        e = e.parentNode;
+    return(e);
+}
+
+// Gather any saveable fields from a tiddler element
+// e - reference to an element to scan recursively
+// fields - object to contain gathered field values
+Story.prototype.gatherSaveFields = function(e,fields)
+{
+    if(e && e.getAttribute)
+        {
+        var f = e.getAttribute("edit");
+        if(f)
+            fields[f] = e.value.replace(/\r/mg,"");;
+        if(e.hasChildNodes())
+            {
+            var c = e.childNodes;
+            for(var t=0; t<c.length; t++)
+                this.gatherSaveFields(c[t],fields)
+            }
+        }
+}
+
+// Determine whether a tiddler has any edit fields, and if so if their values have been changed
+// title - name of tiddler
+Story.prototype.hasChanges = function(title)
+{
+    var e = document.getElementById(this.idPrefix + title);
+    if(e != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(e,fields);
+        var tiddler = store.fetchTiddler(title);
+        if (!tiddler)
+            return false;
+        for(var n in fields)
+            if (store.getValue(title,n) != fields[n])
+                return true;
+        }
+    return false;
+}
+
+// Save any open edit fields of a tiddler and updates the display as necessary
+// title - name of tiddler
+// minorUpdate - true if the modified date shouldn't be updated
+// returns: title of saved tiddler, or null if not saved
+Story.prototype.saveTiddler = function(title,minorUpdate)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(tiddlerElem,fields);
+        var newTitle = fields.title ? fields.title : title;
+        if(store.tiddlerExists(newTitle) && newTitle != title)
+            {
+            if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+                this.closeTiddler(newTitle,false,false);
+            else
+                return null;
+            }
+        tiddlerElem.id = this.idPrefix + newTitle;
+        tiddlerElem.setAttribute("tiddler",newTitle);
+        tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+        tiddlerElem.setAttribute("dirty","false");
+        if(config.options.chkForceMinorUpdate)
+            minorUpdate = !minorUpdate;
+        var newDate = new Date();
+        store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+        for (var n in fields)
+            if (!TiddlyWiki.isStandardField(n))
+                store.setValue(newTitle,n,fields[n]);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        return newTitle;
+        }
+    return null;
+}
+
+Story.prototype.permaView = function()
+{
+    var links = [];
+    this.forEachTiddler(function(title,element) {
+        links.push(String.encodeTiddlyLink(title));
+        });
+    var t = encodeURIComponent(links.join(" "));
+    if(t == "")
+        t = "#";
+    if(window.location.hash != t)
+        window.location.hash = t;
+}
+
+// ---------------------------------------------------------------------------------
+// Message area
+// ---------------------------------------------------------------------------------
+
+function getMessageDiv()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(!msgArea)
+        return null;
+    if(!msgArea.hasChildNodes())
+        createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+            config.messages.messageClose.text,
+            config.messages.messageClose.tooltip,
+            clearMessage);
+    msgArea.style.display = "block";
+    return createTiddlyElement(msgArea,"div");
+}
+
+function displayMessage(text,linkText)
+{
+    var e = getMessageDiv();
+    if(!e)
+        {
+        alert(text);
+        return;
+        }
+    if(linkText)
+        {
+        var link = createTiddlyElement(e,"a",null,null,text);
+        link.href = linkText;
+        link.target = "_blank";
+        }
+    else
+        e.appendChild(document.createTextNode(text));
+}
+
+function clearMessage()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(msgArea)
+        {
+        removeChildren(msgArea);
+        msgArea.style.display = "none";
+        }
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Refresh mechanism
+// ---------------------------------------------------------------------------------
+
+config.refreshers = {
+    link: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddlyLink");
+        refreshTiddlyLink(e,title);
+        return true;
+        },
+
+    tiddler: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var template = e.getAttribute("template");
+        if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+            story.refreshTiddler(title,template,true);
+        else
+            refreshElements(e,changeList);
+        return true;
+        },
+
+    content: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var force = e.getAttribute("force");
+        if(force != null || changeList == null || changeList.indexOf(title) != -1)
+            {
+            removeChildren(e);
+            wikify(store.getTiddlerText(title,title),e);
+            return true;
+            }
+        else
+            return false;
+        },
+
+    macro: function(e,changeList)
+        {
+        var macro = e.getAttribute("macroName");
+        var params = e.getAttribute("params");
+        if(macro)
+            macro = config.macros[macro];
+        if(macro && macro.refresh)
+            macro.refresh(e,params);
+        return true;
+        }
+};
+
+function refreshElements(root,changeList)
+{
+    var nodes = root.childNodes;
+    for(var c=0; c<nodes.length; c++)
+        {
+        var e = nodes[c],type;
+        if(e.getAttribute)
+            type = e.getAttribute("refresh");
+        else
+            type = null;
+        var refresher = config.refreshers[type];
+        var refreshed = false;
+        if(refresher != undefined)
+            refreshed = refresher(e,changeList);
+        if(e.hasChildNodes() && !refreshed)
+            refreshElements(e,changeList);
+        }
+}
+
+function applyHtmlMacros(root,tiddler)
+{
+    var e = root.firstChild;
+    while(e)
+        {
+        var nextChild = e.nextSibling;
+        if(e.getAttribute)
+            {
+            var macro = e.getAttribute("macro");
+            if(macro)
+                {
+                var params = "";
+                var p = macro.indexOf(" ");
+                if(p != -1)
+                    {
+                    params = macro.substr(p+1);
+                    macro = macro.substr(0,p);
+                    }
+                invokeMacro(e,macro,params,null,tiddler);
+                }
+            }
+        if(e.hasChildNodes())
+            applyHtmlMacros(e,tiddler);
+        e = nextChild;
+        }
+}
+
+function refreshPageTemplate(title)
+{
+    var stash = createTiddlyElement(document.body,"div");
+    stash.style.display = "none";
+    var display = document.getElementById("tiddlerDisplay");
+    var nodes,t;
+    if(display)
+        {
+        nodes = display.childNodes;
+        for(t=nodes.length-1; t>=0; t--)
+            stash.appendChild(nodes[t]);
+        }
+    var wrapper = document.getElementById("contentWrapper");
+    if(!title)
+        title = "PageTemplate";
+    var html = store.getRecursiveTiddlerText(title,null,10);
+    wrapper.innerHTML = html;
+    applyHtmlMacros(wrapper);
+    refreshElements(wrapper);
+    display = document.getElementById("tiddlerDisplay");
+    removeChildren(display);
+    if(!display)
+        display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+    nodes = stash.childNodes;
+    for(t=nodes.length-1; t>=0; t--)
+        display.appendChild(nodes[t]);
+    stash.parentNode.removeChild(stash);
+}
+
+function refreshDisplay(hint)
+{
+    var e = document.getElementById("contentWrapper");
+    if(typeof hint == "string")
+        hint = [hint];
+    refreshElements(e,hint);
+}
+
+function refreshPageTitle()
+{
+    document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+}
+
+function refreshStyles(title)
+{
+    setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+}
+
+function refreshColorPalette(title)
+{
+    if(!startingUp)
+        refreshAll();
+}
+
+function refreshAll()
+{
+    refreshPageTemplate();
+    refreshDisplay();
+    refreshStyles("StyleSheetLayout");
+    refreshStyles("StyleSheetColors");
+    refreshStyles("StyleSheet");
+    refreshStyles("StyleSheetPrint");
+}
+
+// ---------------------------------------------------------------------------------
+// Options cookie stuff
+// ---------------------------------------------------------------------------------
+
+function loadOptionsCookie()
+{
+    if(safeMode)
+        return;
+    var cookies = document.cookie.split(";");
+    for(var c=0; c<cookies.length; c++)
+        {
+        var p = cookies[c].indexOf("=");
+        if(p != -1)
+            {
+            var name = cookies[c].substr(0,p).trim();
+            var value = cookies[c].substr(p+1).trim();
+            switch(name.substr(0,3))
+                {
+                case "txt":
+                    config.options[name] = unescape(value);
+                    break;
+                case "chk":
+                    config.options[name] = value == "true";
+                    break;
+                }
+            }
+        }
+}
+
+function saveOptionCookie(name)
+{
+    if(safeMode)
+        return;
+    var c = name + "=";
+    switch(name.substr(0,3))
+        {
+        case "txt":
+            c += escape(config.options[name].toString());
+            break;
+        case "chk":
+            c += config.options[name] ? "true" : "false";
+            break;
+        }
+    c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+    document.cookie = c;
+}
+
+// ---------------------------------------------------------------------------------
+// Saving
+// ---------------------------------------------------------------------------------
+
+var saveUsingSafari = false;
+
+var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
+var endSaveArea = '</d' + 'iv>';
+
+// If there are unsaved changes, force the user to confirm before exitting
+function confirmExit()
+{
+    hadConfirmExit = true;
+    if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+        return config.messages.confirmExit;
+}
+
+// Give the user a chance to save changes before exitting
+function checkUnsavedChanges()
+{
+    if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+        {
+        if(confirm(config.messages.unsavedChangesWarning))
+            saveChanges();
+        }
+}
+
+function updateMarkupBlock(s,blockName,tiddlerName)
+{
+    return s.replaceChunk(
+            "<!--%0-START-->".format([blockName]),
+            "<!--%0-END-->".format([blockName]),
+            "\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+}
+
+// Save this tiddlywiki with the pending changes
+function saveChanges(onlyIfDirty)
+{
+    if(onlyIfDirty && !store.isDirty())
+        return;
+    clearMessage();
+    // Get the URL of the document
+    var originalPath = document.location.toString();
+    // Check we were loaded from a file URL
+    if(originalPath.substr(0,5) != "file:")
+        {
+        alert(config.messages.notFileUrlError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    var localPath = getLocalPath(originalPath);
+    // Load the original file
+    var original = loadFile(localPath);
+    if(original == null)
+        {
+        alert(config.messages.cantSaveError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    // Locate the storeArea div's
+    var posOpeningDiv = original.indexOf(startSaveArea);
+    var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([localPath]));
+        return;
+        }
+    // Save the backup
+    if(config.options.chkSaveBackups)
+        {
+        var backupPath = getBackupPath(localPath);
+        var backup = saveFile(backupPath,original);
+        if(backup)
+            displayMessage(config.messages.backupSaved,"file://" + backupPath);
+        else
+            alert(config.messages.backupFailed);
+        }
+    // Save Rss
+    if(config.options.chkGenerateAnRssFeed)
+        {
+        var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+        var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+        if(rssSave)
+            displayMessage(config.messages.rssSaved,"file://" + rssPath);
+        else
+            alert(config.messages.rssFailed);
+        }
+    // Save empty template
+    if(config.options.chkSaveEmptyTemplate)
+        {
+        var emptyPath,p;
+        if((p = localPath.lastIndexOf("/")) != -1)
+            emptyPath = localPath.substr(0,p) + "/empty.html";
+        else if((p = localPath.lastIndexOf("\\")) != -1)
+            emptyPath = localPath.substr(0,p) + "\\empty.html";
+        else
+            emptyPath = localPath + ".empty.html";
+        var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+        var emptySave = saveFile(emptyPath,empty);
+        if(emptySave)
+            displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+        else
+            alert(config.messages.emptyFailed);
+        }
+    var save;
+    try
+        {
+        // Save new file
+        var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+                    convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+                    original.substr(posClosingDiv);
+        var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+        revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+        revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+        revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+        revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+        revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+        save = saveFile(localPath,revised);
+        }
+    catch (e)
+        {
+        showException(e);
+        }
+    if(save)
+        {
+        displayMessage(config.messages.mainSaved,"file://" + localPath);
+        store.setDirty(false);
+        }
+    else
+        alert(config.messages.mainFailed);
+}
+
+function getLocalPath(originalPath)
+{
+    // Remove any location or query part of the URL
+    var argPos = originalPath.indexOf("?");
+    if(argPos != -1)
+        originalPath = originalPath.substr(0,argPos);
+    var hashPos = originalPath.indexOf("#");
+    if(hashPos != -1)
+        originalPath = originalPath.substr(0,hashPos);
+    // Convert file://localhost/ to file:///
+    if(originalPath.indexOf("file://localhost/") == 0)
+        originalPath = "file://" + originalPath.substr(16);
+    // Convert to a native file format assuming
+    // "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+    // "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+    // "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+    // "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+    var localPath;
+    if(originalPath.charAt(9) == ":") // pc local file
+        localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(7));
+    else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(5));
+    else // pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+    return localPath;
+}
+
+function getBackupPath(localPath)
+{
+    var backSlash = true;
+    var dirPathPos = localPath.lastIndexOf("\\");
+    if(dirPathPos == -1)
+        {
+        dirPathPos = localPath.lastIndexOf("/");
+        backSlash = false;
+        }
+    var backupFolder = config.options.txtBackupFolder;
+    if(!backupFolder || backupFolder == "")
+        backupFolder = ".";
+    var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+    backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+    return backupPath;
+}
+
+function generateRss()
+{
+    var s = [];
+    var d = new Date();
+    var u = store.getTiddlerText("SiteUrl");
+    // Assemble the header
+    s.push("<" + "?xml version=\"1.0\"?" + ">");
+    s.push("<rss version=\"2.0\">");
+    s.push("<channel>");
+    s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+    if(u)
+        s.push("<link>" + u.htmlEncode() + "</link>");
+    s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+    s.push("<language>en-us</language>");
+    s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+    s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+    s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+    s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+    s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+    // The body
+    var tiddlers = store.getTiddlers("modified","excludeLists");
+    var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+    for (var t=tiddlers.length-1; t>=n; t--)
+        s.push(tiddlers[t].saveToRss(u));
+    // And footer
+    s.push("</channel>");
+    s.push("</rss>");
+    // Save it all
+    return s.join("\n");
+}
+
+
+// UTF-8 encoding rules:
+// 0x0000 - 0x007F: 0xxxxxxx
+// 0x0080 - 0x07FF: 110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF: 1110xxxx 10xxxxxx 10xxxxxx
+
+function convertUTF8ToUnicode(u)
+{
+    if(window.netscape == undefined)
+        return manualConvertUTF8ToUnicode(u);
+    else
+        return mozConvertUTF8ToUnicode(u);
+}
+
+function manualConvertUTF8ToUnicode(utf)
+{
+    var uni = utf;
+    var src = 0;
+    var dst = 0;
+    var b1, b2, b3;
+    var c;
+    while(src < utf.length)
+        {
+        b1 = utf.charCodeAt(src++);
+        if(b1 < 0x80)
+            dst++;
+        else if(b1 < 0xE0)
+            {
+            b2 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+        else
+            {
+            b2 = utf.charCodeAt(src++);
+            b3 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+    }
+    return(uni);
+}
+
+function mozConvertUTF8ToUnicode(u)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUTF8ToUnicode(u);
+        } // fallback
+    var s = converter.ConvertToUnicode(u);
+    var fin = converter.Finish();
+    return (fin.length > 0) ? s+fin : s;
+}
+
+function convertUnicodeToUTF8(s)
+{
+    if(window.netscape == undefined)
+        return manualConvertUnicodeToUTF8(s);
+    else
+        return mozConvertUnicodeToUTF8(s);
+}
+
+function manualConvertUnicodeToUTF8(s)
+{
+    var re = /[^\u0000-\u007F]/g ;
+    return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+}
+
+function mozConvertUnicodeToUTF8(s)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUnicodeToUTF8(s);
+        } // fallback
+    var u = converter.ConvertFromUnicode(s);
+    var fin = converter.Finish();
+    if(fin.length > 0)
+        return u + fin;
+    else
+        return u;
+}
+
+function saveFile(fileUrl, content)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = ieSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = javaSaveFile(fileUrl, content);
+    return(r);
+}
+
+function loadFile(fileUrl)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = ieLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = javaLoadFile(fileUrl);
+    return(r);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function ieSaveFile(filePath, content)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to save\n\n" + e.toString());
+        return(null);
+        }
+    var file = fso.OpenTextFile(filePath,2,-1,0);
+    file.Write(content);
+    file.Close();
+    return(true);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function ieLoadFile(filePath)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        var file = fso.OpenTextFile(filePath,1);
+        var content = file.ReadAll();
+        file.Close();
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to load\n\n" + e.toString());
+        return(null);
+        }
+    return(content);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function mozillaSaveFile(filePath, content)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                file.create(0, 0664);
+            var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+            out.init(file, 0x20 | 0x02, 00004,null);
+            out.write(content, content.length);
+            out.flush();
+            out.close();
+            return(true);
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to save\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function mozillaLoadFile(filePath)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                return(null);
+            var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+            inputStream.init(file, 0x01, 00004, null);
+            var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+            sInputStream.init(inputStream);
+            return(sInputStream.read(sInputStream.available()));
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to load\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+function javaUrlToFilename(url)
+{
+    var f = "//localhost";
+    if(url.indexOf(f) == 0)
+        return url.substring(f.length);
+    var i = url.indexOf(":");
+    if(i > 0)
+        return url.substring(i-1);
+    return url;
+}
+
+function javaSaveFile(filePath, content)
+{
+    try
+        {
+        if(document.applets["TiddlySaver"])
+            return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+        }
+    catch(e)
+        {
+        }
+    try
+        {
+        var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+        s.print(content);
+        s.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return true;
+}
+
+function javaLoadFile(filePath)
+{
+    try
+        {
+    if(document.applets["TiddlySaver"])
+        return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+        }
+    catch(e)
+        {
+        }
+    var content = [];
+    try
+        {
+        var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+        var line;
+        while ((line = r.readLine()) != null)
+            content.push(new String(line));
+        r.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return content.join("\n");
+}
+
+
+// ---------------------------------------------------------------------------------
+// Remote HTTP requests
+// ---------------------------------------------------------------------------------
+
+// Load a file over http
+//   url - the source url
+//   callback - function to call when there's a response
+//   params - parameter object that gets passed to the callback for storing it's state
+// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
+// Callback function is called like this:
+//   callback(status,params,responseText,xhr)
+//     status - true if OK, false if error
+//     params - the parameter object provided to loadRemoteFile()
+//     responseText - the text of the file
+//     xhr - the underlying XMLHttpRequest object
+function loadRemoteFile(url,callback,params)
+{
+    // Get an xhr object
+    var x;
+    try
+        {
+        x = new XMLHttpRequest(); // Modern
+        }
+    catch(e)
+        {
+        try
+            {
+            x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+            }
+        catch (e)
+            {
+            return null;
+            }
+        }
+    // Install callback
+    x.onreadystatechange = function()
+        {
+        if (x.readyState == 4)
+            {
+            if ((x.status == 0 || x.status == 200) && callback)
+                {
+                callback(true,params,x.responseText,url,x);
+            }
+            else
+                callback(false,params,null,url,x);
+            }
+        }
+    // Send request
+    if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+        window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+    try
+        {
+        url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+        x.open("GET",url,true);
+        if (x.overrideMimeType)
+            x.overrideMimeType("text/html");
+        x.send(null);
+        }
+    catch (e)
+        {
+        alert("Error in send " + e);
+        return null;
+        }
+    return x;
+}
+// ---------------------------------------------------------------------------------
+// TiddlyWiki-specific utility functions
+// ---------------------------------------------------------------------------------
+
+function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
+{
+    var theButton = document.createElement("a");
+    if(theAction)
+        {
+        theButton.onclick = theAction;
+        theButton.setAttribute("href","javascript:;");
+        }
+    if(theTooltip)
+        theButton.setAttribute("title",theTooltip);
+    if(theText)
+        theButton.appendChild(document.createTextNode(theText));
+    if(theClass)
+        theButton.className = theClass;
+    else
+        theButton.className = "button";
+    if(theId)
+        theButton.id = theId;
+    if(theParent)
+        theParent.appendChild(theButton);
+    if(theAccessKey)
+        theButton.setAttribute("accessKey",theAccessKey);
+    return(theButton);
+}
+
+function createTiddlyLink(place,title,includeText,theClass,isStatic)
+{
+    var text = includeText ? title : null;
+    var i = getTiddlyLinkInfo(title,theClass)
+    var btn;
+    if(isStatic)
+        btn = createExternalLink(place,"#" + title);
+    else
+        btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+    btn.setAttribute("refresh","link");
+    btn.setAttribute("tiddlyLink",title);
+    return(btn);
+}
+
+function refreshTiddlyLink(e,title)
+{
+    var i = getTiddlyLinkInfo(title,e.className);
+    e.className = i.classes;
+    e.title = i.subTitle;
+}
+
+function getTiddlyLinkInfo(title,currClasses)
+{
+    var classes = currClasses ? currClasses.split(" ") : [];
+    classes.pushUnique("tiddlyLink");
+    var tiddler = store.fetchTiddler(title);
+    var subTitle;
+    if(tiddler)
+        {
+        subTitle = tiddler.getSubtitle();
+        classes.pushUnique("tiddlyLinkExisting");
+        classes.remove("tiddlyLinkNonExisting");
+        classes.remove("shadow");
+        }
+    else
+        {
+        classes.remove("tiddlyLinkExisting");
+        classes.pushUnique("tiddlyLinkNonExisting");
+        if(store.isShadowTiddler(title))
+            {
+            subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+            classes.pushUnique("shadow");
+            }
+        else
+            {
+            subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+            classes.remove("shadow");
+            }
+        }
+    return {classes: classes.join(" "), subTitle: subTitle};
+}
+
+function createExternalLink(place,url)
+{
+    var theLink = document.createElement("a");
+    theLink.className = "externalLink";
+    theLink.href = url;
+    theLink.title = config.messages.externalLinkTooltip.format([url]);
+    if(config.options.chkOpenInNewWindow)
+        theLink.target = "_blank";
+    place.appendChild(theLink);
+    return(theLink);
+}
+
+// Event handler for clicking on a tiddly link
+function onClickTiddlerLink(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var theLink = theTarget;
+    var title = null;
+    do {
+        title = theLink.getAttribute("tiddlyLink");
+        theLink = theLink.parentNode;
+    } while(title == null && theLink != null);
+    if(title)
+        {
+        var toggling = e.metaKey || e.ctrlKey;
+        if(config.options.chkToggleLinks)
+            toggling = !toggling;
+        var opening;
+        if(toggling && document.getElementById("tiddler" + title))
+            story.closeTiddler(title,true,e.shiftKey || e.altKey);
+        else
+            story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+        }
+    clearMessage();
+    return(false);
+}
+
+// Create a button for a tag with a popup listing all the tiddlers that it tags
+function createTagButton(place,tag,excludeTiddler)
+{
+    var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+    theTag.setAttribute("tag",tag);
+    if(excludeTiddler)
+        theTag.setAttribute("tiddler",excludeTiddler);
+    return(theTag);
+}
+
+// Event handler for clicking on a tiddler tag
+function onClickTag(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var popup = Popup.create(this);
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(popup && tag)
+        {
+        var tagged = store.getTaggedTiddlers(tag);
+        var titles = [];
+        var li,r;
+        for(r=0;r<tagged.length;r++)
+            if(tagged[r].title != title)
+                titles.push(tagged[r].title);
+        var lingo = config.views.wikified.tag;
+        if(titles.length > 0)
+            {
+            var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+            openAll.setAttribute("tag",tag);
+            createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+            for(r=0; r<titles.length; r++)
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+                }
+            }
+        else
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+        createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+        var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+        createTiddlyText(h,lingo.openTag.format([tag]));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+// Event handler for 'open all' on a tiddler popup
+function onClickTagOpenAll(e)
+{
+    if (!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var tagged = store.getTaggedTiddlers(tag);
+    var titles = [];
+    for(var t=0; t<tagged.length; t++)
+        titles.push(tagged[t].title);
+    story.displayTiddlers(this,titles);
+    return(false);
+}
+
+function onClickError(e)
+{
+    if (!e) var e = window.event;
+    var popup = Popup.create(this);
+    var lines = this.getAttribute("errorText").split("\n");
+    for(var t=0; t<lines.length; t++)
+        createTiddlyElement(popup,"li",null,null,lines[t]);
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return false;
+}
+
+function createTiddlyDropDown(place,onchange,options)
+{
+    var sel = createTiddlyElement(place,"select");
+    sel.onchange = onchange;
+    for(var t=0; t<options.length; t++)
+        {
+        var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+        e.value = options[t].name;
+        }
+}
+
+function createTiddlyError(place,title,text)
+{
+    var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+    if (text) btn.setAttribute("errorText",text);
+}
+
+function merge(dst,src,preserveExisting)
+{
+    for (p in src)
+        if (!preserveExisting || dst[p] === undefined)
+            dst[p] = src[p];
+    return dst;
+}
+
+// Returns a string containing the description of an exception, optionally prepended by a message
+function exceptionText(e, message)
+{
+    var s = e.description ? e.description : e.toString();
+    return message ? "%0:\n%1".format([message, s]) : s;
+}
+
+// Displays an alert of an exception description with optional message
+function showException(e, message)
+{
+    alert(exceptionText(e, message));
+}
+
+// ---------------------------------------------------------------------------------
+// Animation engine
+// ---------------------------------------------------------------------------------
+
+function Animator()
+{
+    this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+    this.timerID = 0; // ID of the timer used for animating
+    this.animations = []; // List of animations in progress
+    return this;
+}
+
+// Start animation engine
+Animator.prototype.startAnimating = function() // Variable number of arguments
+{
+    for(var t=0; t<arguments.length; t++)
+        this.animations.push(arguments[t]);
+    if(this.running == 0)
+        {
+        var me = this;
+        this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+        }
+    this.running += arguments.length;
+}
+
+// Perform an animation engine tick, calling each of the known animation modules
+Animator.prototype.doAnimate = function(me)
+{
+    var a = 0;
+    while(a < me.animations.length)
+        {
+        var animation = me.animations[a];
+        if(animation.tick())
+            a++;
+        else
+            {
+            me.animations.splice(a,1);
+            if(--me.running == 0)
+                window.clearInterval(me.timerID);
+            }
+        }
+}
+
+// Map a 0..1 value to 0..1, but slow down at the start and end
+Animator.slowInSlowOut = function(progress)
+{
+    return(1-((Math.cos(progress * Math.PI)+1)/2));
+}
+
+// ---------------------------------------------------------------------------------
+// Cascade animation
+// ---------------------------------------------------------------------------------
+
+function Cascade(text,startElement,targetElement,slowly)
+{
+    var winWidth = findWindowWidth();
+    var winHeight = findWindowHeight();
+    this.elements = [];
+    this.startElement = startElement;
+    this.startLeft = findPosX(this.startElement);
+    this.startTop = findPosY(this.startElement);
+    this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+    this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+    this.targetElement = targetElement;
+    targetElement.style.position = "relative";
+    targetElement.style.zIndex = 2;
+    this.targetLeft = findPosX(this.targetElement);
+    this.targetTop = findPosY(this.targetElement);
+    this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+    this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+    this.progress = -1;
+    this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+    this.text = text;
+    this.tick();
+    return this;
+}
+
+Cascade.prototype.tick = function()
+{
+    this.progress++;
+    if(this.progress >= this.steps)
+        {
+        while(this.elements.length > 0)
+            this.removeTail();
+        this.targetElement.style.position = "static";
+        this.targetElement.style.zIndex = "";
+        return false;
+        }
+    else
+        {
+        if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+            this.removeTail();
+        if(this.progress < (this.steps - config.cascadeDepth))
+            {
+            var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+            var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+            e.style.zIndex = 1;
+            e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+            e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+            e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+            e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+            e.style.display = "block";
+            this.elements.push(e);
+            }
+        return true;
+        }
+}
+
+Cascade.prototype.removeTail = function()
+{
+    var e = this.elements[0];
+    e.parentNode.removeChild(e);
+    this.elements.shift();
+}
+
+// ---------------------------------------------------------------------------------
+// Scroller animation
+// ---------------------------------------------------------------------------------
+
+function Scroller(targetElement,slowly)
+{
+    this.targetElement = targetElement;
+    this.startScroll = findScrollY();
+    this.targetScroll = ensureVisible(targetElement);
+    this.progress = 0;
+    this.step = slowly ? config.animSlow : config.animFast;
+    return this;
+}
+
+Scroller.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress > 1)
+        {
+        window.scrollTo(0,this.targetScroll);
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Slider animation
+// ---------------------------------------------------------------------------------
+
+// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
+function Slider(element,opening,slowly,deleteMode)
+{
+    this.element = element;
+    element.style.display = "block";
+    this.deleteMode = deleteMode;
+    this.element.style.height = "auto";
+    this.realHeight = element.offsetHeight;
+    this.opening = opening;
+    this.step = slowly ? config.animSlow : config.animFast;
+    if(opening)
+        {
+        this.progress = 0;
+        element.style.height = "0px";
+        element.style.display = "block";
+        }
+    else
+        {
+        this.progress = 1;
+        this.step = -this.step;
+        }
+    element.style.overflow = "hidden";
+    return this;
+}
+
+Slider.prototype.stop = function()
+{
+    if(this.opening)
+        {
+        this.element.style.height = "auto";
+        this.element.style.opacity = 1;
+        this.element.style.filter = "alpha(opacity:100)";
+        }
+    else
+        {
+        switch(this.deleteMode)
+            {
+            case "none":
+                this.element.style.display = "none";
+                break;
+            case "all":
+                this.element.parentNode.removeChild(this.element);
+                break;
+            case "children":
+                removeChildren(this.element);
+                break;
+            }
+        }
+}
+
+Slider.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress < 0 || this.progress > 1)
+        {
+        this.stop();
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        var h = this.realHeight * f;
+        this.element.style.height = h + "px";
+        this.element.style.opacity = f;
+        this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Popup menu
+// ---------------------------------------------------------------------------------
+
+var Popup = {
+    stack: [] // Array of objects with members root: and popup:
+    };
+
+Popup.create = function(root)
+{
+    Popup.remove();
+    var popup = createTiddlyElement(document.body,"ol","popup","popup");
+    Popup.stack.push({root: root, popup: popup});
+    return popup;
+}
+
+Popup.onDocumentClick = function(e)
+{
+    if (!e) var e = window.event;
+    var target = resolveTarget(e);
+    if(e.eventPhase == undefined)
+        Popup.remove();
+    else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+        Popup.remove();
+    return true;
+}
+
+Popup.show = function(unused,slowly)
+{
+    var curr = Popup.stack[Popup.stack.length-1];
+    var rootLeft = findPosX(curr.root);
+    var rootTop = findPosY(curr.root);
+    var rootHeight = curr.root.offsetHeight;
+    var popupLeft = rootLeft;
+    var popupTop = rootTop + rootHeight;
+    var popupWidth = curr.popup.offsetWidth;
+    var winWidth = findWindowWidth();
+    if(popupLeft + popupWidth > winWidth)
+        popupLeft = winWidth - popupWidth;
+    curr.popup.style.left = popupLeft + "px";
+    curr.popup.style.top = popupTop + "px";
+    curr.popup.style.display = "block";
+    addClass(curr.root,"highlight");
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Scroller(curr.popup,slowly));
+    else
+        window.scrollTo(0,ensureVisible(curr.popup));
+}
+
+Popup.remove = function()
+{
+    if(Popup.stack.length > 0)
+        {
+        Popup.removeFrom(0);
+        }
+}
+
+Popup.removeFrom = function(from)
+{
+    for(var t=Popup.stack.length-1; t>=from; t--)
+        {
+        var p = Popup.stack[t];
+        removeClass(p.root,"highlight");
+        p.popup.parentNode.removeChild(p.popup);
+        }
+    Popup.stack = Popup.stack.slice(0,from);
+}
+
+// ---------------------------------------------------------------------------------
+// ListView gadget
+// ---------------------------------------------------------------------------------
+
+var ListView = {};
+
+// Create a listview
+//   place - where in the DOM tree to insert the listview
+//   listObject - array of objects to be included in the listview
+//   listTemplate - template for the listview
+//   callback - callback for a command being selected
+//   className - optional classname for the <table> element
+ListView.create = function(place,listObject,listTemplate,callback,className)
+{
+    var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+    var thead = createTiddlyElement(table,"thead");
+    var r = createTiddlyElement(thead,"tr");
+    for(var t=0; t<listTemplate.columns.length; t++)
+        {
+        var columnTemplate = listTemplate.columns[t];
+        var c = createTiddlyElement(r,"th");
+        var colType = ListView.columnTypes[columnTemplate.type];
+        if(colType && colType.createHeader)
+            colType.createHeader(c,columnTemplate,t);
+        }
+    var tbody = createTiddlyElement(table,"tbody");
+    for(var rc=0; rc<listObject.length; rc++)
+        {
+        rowObject = listObject[rc];
+        r = createTiddlyElement(tbody,"tr");
+        for(var c=0; c<listTemplate.rowClasses.length; c++)
+            {
+            if(rowObject[listTemplate.rowClasses[c].field])
+                addClass(r,listTemplate.rowClasses[c].className);
+            }
+        rowObject.rowElement = rowObject;
+        rowObject.colElements = {};
+        for(var cc=0; cc<listTemplate.columns.length; cc++)
+            {
+            var c = createTiddlyElement(r,"td");
+            var columnTemplate = listTemplate.columns[cc];
+            var field = columnTemplate.field;
+            var colType = ListView.columnTypes[columnTemplate.type];
+            if(colType && colType.createItem)
+                colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+            rowObject.colElements[field] = c;
+            }
+        }
+    if(callback && listTemplate.actions)
+        createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+    if(callback && listTemplate.buttons)
+        {
+        for(t=0; t<listTemplate.buttons.length; t++)
+            {
+            var a = listTemplate.buttons[t];
+            if(a && a.name != "")
+                createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+            }
+        }
+    return table;
+}
+
+ListView.getCommandHandler = function(callback,name,allowEmptySelection)
+{
+    return function(e)
+        {
+        var view = findRelated(this,"TABLE",null,"previousSibling");
+        var tiddlers = [];
+        ListView.forEachSelector(view,function(e,rowName) {
+                    if(e.checked)
+                        tiddlers.push(rowName);
+                    });
+        if(tiddlers.length == 0 && !allowEmptySelection)
+            alert(config.messages.nothingSelected);
+        else
+            {
+            if(this.nodeName.toLowerCase() == "select")
+                {
+                callback(view,this.value,tiddlers);
+                this.selectedIndex = 0;
+                }
+            else
+                callback(view,name,tiddlers);
+            }
+        };
+}
+
+// Invoke a callback for each selector checkbox in the listview
+//   view - <table> element of listView
+//   callback(checkboxElement,rowName)
+//     where
+//       checkboxElement - DOM element of checkbox
+//       rowName - name of this row as assigned by the column template
+//   result: true if at least one selector was checked
+ListView.forEachSelector = function(view,callback)
+{
+    var checkboxes = view.getElementsByTagName("input");
+    var hadOne = false;
+    for(var t=0; t<checkboxes.length; t++)
+        {
+        var cb = checkboxes[t];
+        if(cb.getAttribute("type") == "checkbox")
+            {
+            var rn = cb.getAttribute("rowName");
+            if(rn)
+                {
+                callback(cb,rn);
+                hadOne = true;
+                }
+            }
+        }
+    return hadOne;
+}
+
+ListView.columnTypes = {};
+
+ListView.columnTypes.String = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyText(place,columnTemplate.title);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v);
+        }
+};
+
+ListView.columnTypes.Date = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+        }
+};
+
+ListView.columnTypes.StringList = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                for(var t=0; t<v.length; t++)
+                    {
+                    createTiddlyText(place,v[t]);
+                    createTiddlyElement(place,"br");
+                    }
+                }
+        }
+};
+
+ListView.columnTypes.Selector = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],null);
+            e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+        },
+    onHeaderChange: function(e)
+        {
+            var state = this.checked;
+            var view = findRelated(this,"TABLE");
+            if(!view)
+                return;
+            ListView.forEachSelector(view,function(e,rowName) {
+                                e.checked = state;
+                            });
+        }
+};
+
+ListView.columnTypes.Tags = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var tags = listObject[field];
+            createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+        }
+};
+
+ListView.columnTypes.Boolean = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            if(listObject[field] == true)
+                createTiddlyText(place,columnTemplate.trueText);
+            if(listObject[field] == false)
+                createTiddlyText(place,columnTemplate.falseText);
+        }
+};
+
+ListView.columnTypes.TagCheckbox = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+            e.setAttribute("tiddler",listObject.title);
+            e.setAttribute("tag",columnTemplate.tag);
+        },
+    onChange : function(e)
+        {
+            var tag = this.getAttribute("tag");
+            var tiddler = this.getAttribute("tiddler");
+            store.setTiddlerTag(tiddler,this.checked,tag);
+        }
+};
+
+ListView.columnTypes.TiddlerLink = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+                createTiddlyText(link,listObject[field]);
+                }
+        }
+};
+// ---------------------------------------------------------------------------------
+// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
+// ---------------------------------------------------------------------------------
+
+// Clamp a number to a range
+Number.prototype.clamp = function(min,max)
+{
+    var c = this;
+    if(c < min)
+        c = min;
+    if(c > max)
+        c = max;
+    return c;
+}
+
+// Add indexOf function if browser does not support it
+if(!Array.indexOf) {
+Array.prototype.indexOf = function(item,from)
+{
+    if(!from)
+        from = 0;
+    for(var i=from; i<this.length; i++)
+        if(this[i] === item)
+            return i;
+    return -1;
+}}
+
+// Find an entry in a given field of the members of an array
+Array.prototype.findByField = function(field,value)
+{
+    for(var t=0; t<this.length; t++)
+        if(this[t][field] == value)
+            return t;
+    return null;
+}
+
+// Return whether an entry exists in an array
+Array.prototype.contains = function(item)
+{
+    return this.indexOf(item) != -1;
+};
+
+// Adds, removes or toggles a particular value within an array
+//  value - value to add
+//  mode - +1 to add value, -1 to remove value, 0 to toggle it
+Array.prototype.setItem = function(value,mode)
+{
+    var p = this.indexOf(value);
+    if(mode == 0)
+        mode = (p == -1) ? +1 : -1;
+    if(mode == +1)
+        {
+        if(p == -1)
+            this.push(value);
+        }
+    else if(mode == -1)
+        {
+        if(p != -1)
+            this.splice(p,1);
+        }
+}
+
+// Return whether one of a list of values exists in an array
+Array.prototype.containsAny = function(items)
+{
+    for(var i=0; i<items.length; i++)
+        if (this.indexOf(items[i]) != -1)
+            return true;
+    return false;
+};
+
+// Return whether all of a list of values exists in an array
+Array.prototype.containsAll = function(items)
+{
+    for (var i = 0; i<items.length; i++)
+        if (this.indexOf(items[i]) == -1)
+            return false;
+    return true;
+};
+
+// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
+Array.prototype.pushUnique = function(item,unique)
+{
+    if(unique != undefined && unique == false)
+        this.push(item);
+    else
+        {
+        if(this.indexOf(item) == -1)
+            this.push(item);
+        }
+}
+
+Array.prototype.remove = function(item)
+{
+    var p = this.indexOf(item);
+    if(p != -1)
+        this.splice(p,1);
+}
+
+// Get characters from the right end of a string
+String.prototype.right = function(n)
+{
+    if(n < this.length)
+        return this.slice(this.length-n);
+    else
+        return this;
+}
+
+// Trim whitespace from both ends of a string
+String.prototype.trim = function()
+{
+    return this.replace(/^\s*|\s*$/g,"");
+}
+
+// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
+String.prototype.unDash = function()
+{
+    var s = this.split("-");
+    if(s.length > 1)
+        for(var t=1; t<s.length; t++)
+            s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+    return s.join("");
+}
+
+// Substitute substrings from an array into a format string that includes '%1'-type specifiers
+String.prototype.format = function(substrings)
+{
+    var subRegExp = /(?:%(\d+))/mg;
+    var currPos = 0;
+    var r = [];
+    do {
+        var match = subRegExp.exec(this);
+        if(match && match[1])
+            {
+            if(match.index > currPos)
+                r.push(this.substring(currPos,match.index));
+            r.push(substrings[parseInt(match[1])]);
+            currPos = subRegExp.lastIndex;
+            }
+    } while(match);
+    if(currPos < this.length)
+        r.push(this.substring(currPos,this.length));
+    return r.join("");
+}
+
+// Escape any special RegExp characters with that character preceded by a backslash
+String.prototype.escapeRegExp = function()
+{
+    var s = "\\^$*+?()=!|,{}[].";
+    var c = this;
+    for(var t=0; t<s.length; t++)
+        c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+    return c;
+}
+
+// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
+String.prototype.escapeLineBreaks = function()
+{
+    return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+}
+
+// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
+String.prototype.unescapeLineBreaks = function()
+{
+    return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+}
+
+// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
+String.prototype.htmlEncode = function()
+{
+    return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+}
+
+// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+String.prototype.htmlDecode = function()
+{
+    return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+}
+
+// Parse a space-separated string of name:value parameters where:
+//   - the name or the value can be optional (in which case separate defaults are used instead)
+//     - in case of ambiguity, a lone word is taken to be a value
+//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
+//     - name prefixes are not allowed if the 'noNames' parameter is true
+//   - if both the name and value are present they must be separated by a colon
+//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
+//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
+//     - as long as the 'allowEval' parameter is true
+// The result is an array of objects:
+//   result[0] = object with a member for each parameter name, value of that member being an array of values
+//   result[1..n] = one object for each parameter, with 'name' and 'value' members
+String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
+{
+    var parseToken = function(match,p)
+        {
+        var n;
+        if(match[p]) // Double quoted
+            n = match[p];
+        else if(match[p+1]) // Single quoted
+            n = match[p+1];
+        else if(match[p+2]) // Double-square-bracket quoted
+            n = match[p+2];
+        else if(match[p+3]) // Double-brace quoted
+            try
+                {
+                n = match[p+3];
+                if(allowEval)
+                    n = window.eval(n);
+                }
+            catch(e)
+                {
+                throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+                }
+        else if(match[p+4]) // Unquoted
+            n = match[p+4];
+        else if(match[p+5]) // empty quote
+            n = "";
+        return n;
+        };
+    var r = [{}];
+    var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+    var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+    var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+    var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+    var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+    var emptyQuote = "((?:\"\")|(?:''))";
+    var skipSpace = "(?:\\s*)";
+    var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+    var re = noNames
+        ? new RegExp(token,"mg")
+        : new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+    var params = [];
+    do {
+        var match = re.exec(this);
+        if(match)
+            {
+            var n = parseToken(match,1);
+            if(noNames)
+                r.push({name: "", value: n});
+            else
+                {
+                var v = parseToken(match,8);
+                if(v == null && defaultName)
+                    {
+                    v = n;
+                    n = defaultName;
+                    }
+                else if(v == null && defaultValue)
+                    v = defaultValue;
+                r.push({name: n, value: v});
+                if(cascadeDefaults)
+                    {
+                    defaultName = n;
+                    defaultValue = v;
+                    }
+                }
+            }
+    } while(match);
+    // Summarise parameters into first element
+    for(var t=1; t<r.length; t++)
+        {
+        if(r[0][r[t].name])
+            r[0][r[t].name].push(r[t].value);
+        else
+            r[0][r[t].name] = [r[t].value];
+        }
+    return r;
+}
+
+// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
+// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
+// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
+String.prototype.readMacroParams = function()
+{
+    var p = this.parseParams("list",null,true,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.push(p[t].value);
+    return n;
+}
+
+// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
+String.prototype.readBracketedList = function(unique)
+{
+    var p = this.parseParams("list",null,false,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.pushUnique(p[t].value,unique);
+    return n;
+}
+
+// Returns array with start and end index of chunk between given start and end marker, or undefined.
+String.prototype.getChunkRange = function(start,end)
+{
+    var s = this.indexOf(start);
+    if(s != -1)
+        {
+        s += start.length;
+        var e = this.indexOf(end,s);
+        if(e != -1)
+            return [s, e];
+        }
+}
+
+// Replace a chunk of a string given start and end markers
+String.prototype.replaceChunk = function(start,end,sub)
+{
+    var r = this.getChunkRange(start,end);
+    return r
+        ? this.substring(0,r[0]) + sub + this.substring(r[1])
+        : this;
+}
+
+// Returns a chunk of a string between start and end markers, or undefined
+String.prototype.getChunk = function(start,end)
+{
+    var r = this.getChunkRange(start,end);
+    if (r)
+        return this.substring(r[0],r[1]);
+}
+
+
+// Static method to bracket a string with double square brackets if it contains a space
+String.encodeTiddlyLink = function(title)
+{
+    if(title.indexOf(" ") == -1)
+        return(title);
+    else
+        return("[[" + title + "]]");
+}
+
+// Static method to encodeTiddlyLink for every item in an array and join them with spaces
+String.encodeTiddlyLinkList = function(list)
+{
+    if(list)
+        {
+        var results = [];
+        for(var t=0; t<list.length; t++)
+            results.push(String.encodeTiddlyLink(list[t]));
+        return results.join(" ");
+        }
+    else
+        return "";
+}
+
+// Static method to left-pad a string with 0s to a certain width
+String.zeroPad = function(n,d)
+{
+    var s = n.toString();
+    if(s.length < d)
+        s = "000000000000000000000000000".substr(0,d-s.length) + s;
+    return(s);
+}
+
+String.prototype.startsWith = function(prefix)
+{
+    return !prefix || this.substring(0,prefix.length) == prefix;
+}
+
+// Returns the first value of the given named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//# @return [may be null/undefined]
+//#
+function getParam(params, name, defaultValue) {
+    if (!params)
+        return defaultValue;
+    var p = params[0][name];
+    return p ? p[0] : defaultValue;
+}
+
+// Returns the first value of the given boolean named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//#
+function getFlag(params, name, defaultValue) {
+    return !!getParam(params, name, defaultValue);
+}
+
+// Substitute date components into a string
+Date.prototype.formatString = function(template)
+{
+    var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+    t = t.replace(/hh12/g,this.getHours12());
+    t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+    t = t.replace(/hh/g,this.getHours());
+    t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+    t = t.replace(/mm/g,this.getMinutes());
+    t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+    t = t.replace(/ss/g,this.getSeconds());
+    t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+    t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+    t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+    t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+    t = t.replace(/YYYY/g,this.getFullYear());
+    t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+    t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+    t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+    t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+    t = t.replace(/MM/g,this.getMonth()+1);
+    t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+    t = t.replace(/WW/g,this.getWeek());
+    t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+    t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+    t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+    t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+    t = t.replace(/DD/g,this.getDate());
+    return t;
+}
+
+Date.prototype.getWeek = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+    var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000);
+    return Math.floor(n/7)+1;
+}
+
+Date.prototype.getYearForWeekNo = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+    return dt.getFullYear();
+}
+
+Date.prototype.getHours12 = function()
+{
+    var h = this.getHours();
+    return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+}
+
+Date.prototype.getAmPm = function()
+{
+    return this.getHours() >= 12 ? "pm" : "am";
+}
+
+Date.prototype.daySuffix = function()
+{
+    var num = this.getDate();
+    if (num >= 11 && num <= 13) return "th";
+    else if (num.toString().substr(-1)=="1") return "st";
+    else if (num.toString().substr(-1)=="2") return "nd";
+    else if (num.toString().substr(-1)=="3") return "rd";
+    return "th";
+}
+
+// Convert a date to local YYYYMMDDHHMM string format
+Date.prototype.convertToLocalYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDDHHMM string format
+Date.prototype.convertToYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
+Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+}
+
+// Static method to create a date from a UTC YYYYMMDDHHMM format string
+Date.convertFromYYYYMMDDHHMM = function(d)
+{
+    var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+                            parseInt(d.substr(4,2),10)-1,
+                            parseInt(d.substr(6,2),10),
+                            parseInt(d.substr(8,2),10),
+                            parseInt(d.substr(10,2),10),0,0));
+    return(theDate);
+}
+
+// ---------------------------------------------------------------------------------
+// Crypto functions and associated conversion routines
+// ---------------------------------------------------------------------------------
+
+// Crypto "namespace"
+function Crypto() {}
+
+// Convert a string to an array of big-endian 32-bit words
+Crypto.strToBe32s = function(str)
+{
+    var be = Array();
+    var len = Math.floor(str.length/4);
+    var i, j;
+    for(i=0, j=0; i<len; i++, j+=4)
+        {
+        be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+        }
+    while (j<str.length)
+        {
+        be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+        j++;
+        }
+    return be;
+}
+
+// Convert an array of big-endian 32-bit words to a string
+Crypto.be32sToStr = function(be)
+{
+    var str = "";
+    for(var i=0;i<be.length*32;i+=8)
+        str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+    return str;
+}
+
+// Convert an array of big-endian 32-bit words to a hex string
+Crypto.be32sToHex = function(be)
+{
+    var hex = "0123456789ABCDEF";
+    var str = "";
+    for(var i=0;i<be.length*4;i++)
+        str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+    return str;
+}
+
+// Return, in hex, the SHA-1 hash of a string
+Crypto.hexSha1Str = function(str)
+{
+    return Crypto.be32sToHex(Crypto.sha1Str(str));
+}
+
+// Return the SHA-1 hash of a string
+Crypto.sha1Str = function(str)
+{
+    return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+}
+
+// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
+Crypto.sha1 = function(x,blen)
+{
+    // Add 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32 = function(a,b)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Add five 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32x5 = function(a,b,c,d,e)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Bitwise rotate left a 32-bit integer by 1 bit
+    rol32 = function(n)
+    {
+        return (n>>>31)|(n<<1);
+    };
+
+    var len = blen*8;
+    // Append padding so length in bits is 448 mod 512
+    x[len>>5] |= 0x80 << (24-len%32);
+    // Append length
+    x[((len+64>>9)<<4)+15] = len;
+    var w = Array(80);
+
+    var k1 = 0x5A827999;
+    var k2 = 0x6ED9EBA1;
+    var k3 = 0x8F1BBCDC;
+    var k4 = 0xCA62C1D6;
+
+    var h0 = 0x67452301;
+    var h1 = 0xEFCDAB89;
+    var h2 = 0x98BADCFE;
+    var h3 = 0x10325476;
+    var h4 = 0xC3D2E1F0;
+
+    for(var i=0;i<x.length;i+=16)
+        {
+        var j,t;
+        var a = h0;
+        var b = h1;
+        var c = h2;
+        var d = h3;
+        var e = h4;
+        for(j = 0;j<16;j++)
+            {
+            w[j] = x[i+j];
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=16;j<20;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=20;j<40;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=40;j<60;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=60;j<80;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+
+        h0 = add32(h0,a);
+        h1 = add32(h1,b);
+        h2 = add32(h2,c);
+        h3 = add32(h3,d);
+        h4 = add32(h4,e);
+        }
+    return Array(h0,h1,h2,h3,h4);
+}
+
+// ---------------------------------------------------------------------------------
+// RGB colour object
+// ---------------------------------------------------------------------------------
+
+// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
+function RGB(r,g,b)
+{
+    this.r = 0;
+    this.g = 0;
+    this.b = 0;
+    if(typeof r == "string")
+        {
+        if(r.substr(0,1) == "#")
+            {
+            if(r.length == 7)
+                {
+                this.r = parseInt(r.substr(1,2),16)/255;
+                this.g = parseInt(r.substr(3,2),16)/255;
+                this.b = parseInt(r.substr(5,2),16)/255;
+                }
+            else
+                {
+                this.r = parseInt(r.substr(1,1),16)/15;
+                this.g = parseInt(r.substr(2,1),16)/15;
+                this.b = parseInt(r.substr(3,1),16)/15;
+                }
+            }
+        else
+            {
+            var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+            var c = r.match(rgbPattern);
+            if (c)
+                {
+                this.r = parseInt(c[1],10)/255;
+                this.g = parseInt(c[2],10)/255;
+                this.b = parseInt(c[3],10)/255;
+                }
+            }
+        }
+    else
+        {
+        this.r = r;
+        this.g = g;
+        this.b = b;
+        }
+    return this;
+}
+
+// Mixes this colour with another in a specified proportion
+// c = other colour to mix
+// f = 0..1 where 0 is this colour and 1 is the new colour
+// Returns an RGB object
+RGB.prototype.mix = function(c,f)
+{
+    return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+}
+
+// Return an rgb colour as a #rrggbb format hex string
+RGB.prototype.toString = function()
+{
+    var r = this.r.clamp(0,1);
+    var g = this.g.clamp(0,1);
+    var b = this.b.clamp(0,1);
+    return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(b * 255).toString(16)).right(2));
+}
+
+// ---------------------------------------------------------------------------------
+// DOM utilities - many derived from www.quirksmode.org
+// ---------------------------------------------------------------------------------
+
+function drawGradient(place,horiz,colours)
+{
+    for(var t=0; t<= 100; t+=2)
+        {
+        var bar = document.createElement("div");
+        place.appendChild(bar);
+        bar.style.position = "absolute";
+        bar.style.left = horiz ? t + "%" : 0;
+        bar.style.top = horiz ? 0 : t + "%";
+        bar.style.width = horiz ? (101-t) + "%" : "100%";
+        bar.style.height = horiz ? "100%" : (101-t) + "%";
+        bar.style.zIndex = -1;
+        var f = t/100;
+        var p = f*(colours.length-1);
+        bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+        }
+}
+
+function createTiddlyText(theParent,theText)
+{
+    return theParent.appendChild(document.createTextNode(theText));
+}
+
+function createTiddlyCheckbox(theParent,caption,checked,onChange)
+{
+    var cb = document.createElement("input");
+    cb.setAttribute("type","checkbox");
+    cb.onclick = onChange;
+    theParent.appendChild(cb);
+    cb.checked = checked;
+    cb.className = "chkOptionInput";
+    if(caption)
+        wikify(caption,theParent);
+    return cb;
+}
+
+function createTiddlyElement(theParent,theElement,theID,theClass,theText)
+{
+    var e = document.createElement(theElement);
+    if(theClass != null)
+        e.className = theClass;
+    if(theID != null)
+        e.setAttribute("id",theID);
+    if(theText != null)
+        e.appendChild(document.createTextNode(theText));
+    if(theParent != null)
+        theParent.appendChild(e);
+    return(e);
+}
+
+// Add an event handler
+// Thanks to John Resig, via QuirksMode
+function addEvent(obj,type,fn)
+{
+    if(obj.attachEvent)
+        {
+        obj['e'+type+fn] = fn;
+        obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+        obj.attachEvent('on'+type,obj[type+fn]);
+        }
+    else
+        obj.addEventListener(type,fn,false);
+}
+
+// Remove  an event handler
+// Thanks to John Resig, via QuirksMode
+function removeEvent(obj,type,fn)
+{
+    if(obj.detachEvent)
+        {
+        obj.detachEvent('on'+type,obj[type+fn]);
+        obj[type+fn] = null;
+        }
+    else
+        obj.removeEventListener(type,fn,false);
+}
+
+function addClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    if(currClass.indexOf(theClass) == -1)
+        e.className += " " + theClass;
+}
+
+function removeClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    var i = currClass.indexOf(theClass);
+    while(i != -1)
+        {
+        currClass.splice(i,1);
+        i = currClass.indexOf(theClass);
+        }
+    e.className = currClass.join(" ");
+}
+
+function hasClass(e,theClass)
+{
+    if(e.className)
+        {
+        if(e.className.split(" ").indexOf(theClass) != -1)
+            return true;
+        }
+    return false;
+}
+
+// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
+function findRelated(e,value,name,relative)
+{
+    name = name ? name : "tagName";
+    relative = relative ? relative : "parentNode";
+    if(name == "className")
+        {
+        while(e && !hasClass(e,value))
+            {
+            e = e[relative];
+            }
+        }
+    else
+        {
+        while(e && e[name] != value)
+            {
+            e = e[relative];
+            }
+        }
+    return e;
+}
+
+// Resolve the target object of an event
+function resolveTarget(e)
+{
+    var obj;
+    if (e.target)
+        obj = e.target;
+    else if (e.srcElement)
+        obj = e.srcElement;
+    if (obj.nodeType == 3) // defeat Safari bug
+        obj = obj.parentNode;
+    return(obj);
+}
+
+// Return the content of an element as plain text with no formatting
+function getPlainText(e)
+{
+    var text = "";
+    if(e.innerText)
+        text = e.innerText;
+    else if(e.textContent)
+        text = e.textContent;
+    return text;
+}
+
+// Get the scroll position for window.scrollTo necessary to scroll a given element into view
+function ensureVisible(e)
+{
+    var posTop = findPosY(e);
+    var posBot = posTop + e.offsetHeight;
+    var winTop = findScrollY();
+    var winHeight = findWindowHeight();
+    var winBot = winTop + winHeight;
+    if(posTop < winTop)
+        return(posTop);
+    else if(posBot > winBot)
+        {
+        if(e.offsetHeight < winHeight)
+            return(posTop - (winHeight - e.offsetHeight));
+        else
+            return(posTop);
+        }
+    else
+        return(winTop);
+}
+
+// Get the current width of the display window
+function findWindowWidth()
+{
+    return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+}
+
+// Get the current height of the display window
+function findWindowHeight()
+{
+    return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+}
+
+// Get the current horizontal page scroll position
+function findScrollX()
+{
+    return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+}
+
+// Get the current vertical page scroll position
+function findScrollY()
+{
+    return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+}
+
+function findPosX(obj)
+{
+    var curleft = 0;
+    while (obj.offsetParent)
+        {
+        curleft += obj.offsetLeft;
+        obj = obj.offsetParent;
+        }
+    return curleft;
+}
+
+function findPosY(obj)
+{
+    var curtop = 0;
+    while (obj.offsetParent)
+        {
+        curtop += obj.offsetTop;
+        obj = obj.offsetParent;
+        }
+    return curtop;
+}
+
+// Blur a particular element
+function blurElement(e)
+{
+    if(e != null && e.focus && e.blur)
+        {
+        e.focus();
+        e.blur();
+        }
+}
+
+// Create a non-breaking space
+function insertSpacer(place)
+{
+    var e = document.createTextNode(String.fromCharCode(160));
+    if(place)
+        place.appendChild(e);
+    return e;
+}
+
+// Remove all children of a node
+function removeChildren(e)
+{
+    while(e.hasChildNodes())
+        e.removeChild(e.firstChild);
+}
+
+// Add a stylesheet, replacing any previous custom stylesheet
+function setStylesheet(s,id)
+{
+    if(!id)
+        id = "customStyleSheet";
+    var n = document.getElementById(id);
+    if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+        {
+        if(n)
+            n.parentNode.removeChild(n);
+        // This failed without the &nbsp;
+        document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+        }
+    else
+        {
+        if(n)
+            n.replaceChild(document.createTextNode(s),n.firstChild);
+        else
+            {
+            var n = document.createElement("style");
+            n.type = "text/css";
+            n.id = id;
+            n.appendChild(document.createTextNode(s));
+            document.getElementsByTagName("head")[0].appendChild(n);
+            }
+        }
+}
+
+// Replace the current selection of a textarea or text input and scroll it into view
+
+function replaceSelection(e,text)
+{
+    if (e.setSelectionRange)
+        {
+        var oldpos = e.selectionStart + 1;
+        e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+        e.setSelectionRange( oldpos, oldpos);
+        var linecount = e.value.split('\n').length;
+        var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+        e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+        }
+    else if (document.selection)
+        {
+        var range = document.selection.createRange();
+        if (range.parentElement() == e)
+            {
+            var isCollapsed = range.text == "";
+            range.text = text;
+             if (!isCollapsed)
+                {
+                range.moveStart('character', -text.length);
+                range.select();
+                }
+            }
+        }
+}
+
+// Returns the text of the given (text) node, possibly merging subsequent text nodes
+function getNodeText(e)
+{
+    var t = "";
+    while (e && e.nodeName == "#text")
+        {
+        t += e.nodeValue;
+        e = e.nextSibling;
+        }
+    return t;
+}
+//# -------------------------
+//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
+//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
+//# Subclasses must implement:
+//#             function getTitle(store, e)
+//#
+//# store must implement:
+//#             function createTiddler(title).
+//#
+
+function LoaderBase()
+{
+}
+
+LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
+{
+    var title = this.getTitle(store, e);
+    if (title)
+        {
+        var tiddler = store.createTiddler(title);
+        this.internalizeTiddler(store, tiddler, title, e);
+        tiddlers.push(tiddler);
+        }
+}
+
+LoaderBase.prototype.loadTiddlers = function(store,nodes)
+{
+    var tiddlers = [];
+    for (var t = 0; t < nodes.length; t++)
+        {
+        try
+            {
+            this.loadTiddler(store, nodes[t], tiddlers);
+            }
+        catch(e)
+            {
+            showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+            }
+        }
+    return tiddlers;
+}
+
+//# -------------------------
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string,
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines
+//# Subclasses must implement:
+//#             function externalizeTiddler(store, tiddler)
+//#
+//# store must implement:
+//#             function getTiddlers(sortByFieldName)
+//#
+
+function SaverBase()
+{
+}
+
+SaverBase.prototype.externalize = function(store)
+{
+    var results = [];
+    var tiddlers = store.getTiddlers("title");
+    for (var t = 0; t < tiddlers.length; t++)
+        results.push(this.externalizeTiddler(store, tiddlers[t]));
+    return results.join("\n");
+}
+//--------------------------------
+// TW21Loader (inherits from LoaderBase)
+
+function TW21Loader() {};
+
+TW21Loader.prototype = new LoaderBase();
+
+TW21Loader.prototype.getTitle = function(store, e) {
+    var title = null;
+    if(e.getAttribute)
+        title = e.getAttribute("tiddler");
+    if(!title && e.id) {
+        var lenPrefix = store.idPrefix.length;
+        if (e.id.substr(0,lenPrefix) == store.idPrefix)
+            title = e.id.substr(lenPrefix);
+    }
+    return title;
+}
+
+TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
+    var text = getNodeText(data.firstChild).unescapeLineBreaks();
+    var modifier = data.getAttribute("modifier");
+    var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+    var c = data.getAttribute("created");
+    var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+    var tags = data.getAttribute("tags");
+    var fields = {};
+    var attrs = data.attributes;
+    for(var i = attrs.length-1; i >= 0; i--) {
+        var name = attrs[i].name;
+        if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+            fields[name] = attrs[i].value.unescapeLineBreaks();
+        }
+    }
+    tiddler.assign(title,text,modifier,modified,tags,created, fields);
+    return tiddler;
+};
+
+//--------------------------------
+// TW21Saver (inherits from SaverBase)
+
+function TW21Saver() {};
+
+TW21Saver.prototype = new SaverBase();
+
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler)
+{
+    try {
+        var extendedFieldAttributes = "";
+        store.forEachField(tiddler,
+            function(tiddler, fieldName, value) {
+                // don't store stuff from the temp namespace
+                if (!fieldName.match(/^temp\./))
+                    extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+            }, true);
+        return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+                tiddler.title.htmlEncode(),
+                tiddler.modifier.htmlEncode(),
+                tiddler.modified.convertToYYYYMMDDHHMM(),
+                tiddler.created.convertToYYYYMMDDHHMM(),
+                tiddler.getTags().htmlEncode(),
+                tiddler.escapeLineBreaks().htmlEncode(),
+                extendedFieldAttributes
+            ]);
+    } catch (e) {
+        throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+    }
+}
+
+// ---------------------------------------------------------------------------------
+// Deprecated code
+// ---------------------------------------------------------------------------------
+
+// @Deprecated: Use createElementAndWikify and this.termRegExp instead
+config.formatterHelpers.charFormatHelper = function(w)
+{
+    w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+}
+
+// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
+config.formatterHelpers.monospacedByLineHelper = function(w)
+{
+    var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+    lookaheadRegExp.lastIndex = w.matchStart;
+    var lookaheadMatch = lookaheadRegExp.exec(w.source);
+    if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+        {
+        var text = lookaheadMatch[1];
+        if(config.browser.isIE)
+            text = text.replace(/\n/g,"\r");
+        createTiddlyElement(w.output,"pre",null,null,text);
+        w.nextMatch = lookaheadRegExp.lastIndex;
+        }
+}
+
+// @Deprecated: Use <br> or <br /> instead of <<br>>
+config.macros.br.handler = function(place)
+{
+    createTiddlyElement(place,"br");
+}
+
+// Find an entry in an array. Returns the array index or null
+// @Deprecated: Use indexOf instead
+Array.prototype.find = function(item)
+{
+    var i = this.indexOf(item);
+    return i == -1 ? null : i;
+}
+
+// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
+// @Deprecated: Use store.getLoader().internalizeTiddler instead
+Tiddler.prototype.loadFromDiv = function(divRef,title)
+{
+    return store.getLoader().internalizeTiddler(store,this,title,divRef);
+}
+
+// Format the text for storage in an HTML DIV
+// @Deprecated Use store.getSaver().externalizeTiddler instead.
+Tiddler.prototype.saveToDiv = function()
+{
+    return store.getSaver().externalizeTiddler(store,this);
+}
+
+// @Deprecated: Use store.allTiddlersAsHtml() instead
+function allTiddlersAsHtml()
+{
+    return store.allTiddlersAsHtml();
+}
+
+// @Deprecated: Use refreshPageTemplate instead
+function applyPageTemplate(title)
+{
+    refreshPageTemplate(title);
+}
+
+// @Deprecated: Use story.displayTiddlers instead
+function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddlers(srcElement,titles,template,animate,slowly);
+}
+
+// @Deprecated: Use story.displayTiddler instead
+function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddler(srcElement,title,template,animate,slowly);
+}
+
+// @Deprecated: Use functions on right hand side directly instead
+var createTiddlerPopup = Popup.create;
+var scrollToTiddlerPopup = Popup.show;
+var hideTiddlerPopup = Popup.remove;
+
+// @Deprecated: Use right hand side directly instead
+var regexpBackSlashEn = new RegExp("\\\\n","mg");
+var regexpBackSlash = new RegExp("\\\\","mg");
+var regexpBackSlashEss = new RegExp("\\\\s","mg");
+var regexpNewLine = new RegExp("\n","mg");
+var regexpCarriageReturn = new RegExp("\r","mg");
+// ---------------------------------------------------------------------------------
+// End of scripts
+merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
+merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
+merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
+merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
+merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
+// ---------------------------------------------------------------------------------
+//]]>
+</script>
+<style type="text/css">
+
+#saveTest {
+    display: none;
+}
+
+.zoomer {
+    display: none;
+}
+
+#messageArea {
+    display: none;
+}
+
+#copyright {
+    display: none;
+}
+
+.popup {
+    position: absolute;
+}
+
+#storeArea {
+    display: none;
+    margin: 4em 10em 3em;
+}
+
+#storeArea div {
+ padding: 0.5em;
+ margin: 1em 0em 0em 0em;
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0;
+ border-style: solid;
+ border-width: 2px;
+ overflow: auto;
+}
+
+#javascriptWarning {
+    width: 100%;
+    text-align: center;
+    font-weight: bold;
+    background-color: #dd1100;
+    color: #fff;
+    padding:1em 0em;
+}
+
+</style>
+<!--POST-HEAD-START-->
+
+<!--POST-HEAD-END-->
+</head>
+<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
+<!--PRE-BODY-START-->
+
+<!--PRE-BODY-END-->
+    <script type="text/javascript">
+//<![CDATA[
+if (useJavaSaver)
+    document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+//]]>
+    </script>
+    <div id="copyright">
+    Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+    </div>
+    <noscript>
+        <div id="javascriptWarning">This page requires JavaScript to function properly</div>
+    </noscript>
+    <div id="saveTest"></div>
+    <div id="contentWrapper"></div>
+    <div id="contentStash"></div>
+    <div id="storeArea">
+<div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="axTLS" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="axTLS" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="axTLS" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="axTLS" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+</div>
+<!--POST-BODY-START-->
+
+<!--POST-BODY-END-->
+    </body>
+</html>

From 78c24497f9eaf22cd30523ac58f9c9988ade0347 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Sat, 29 Apr 2017 22:26:08 +0800
Subject: [PATCH 285/301] =?UTF-8?q?Makefile:=20use=20-f{function,data}-sec?=
 =?UTF-8?q?tions,=20don=E2=80=99t=20rename=20sections?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Platform- and application-specific section placement is best done in
the application makefiles and linker scripts. On the other hand,
compiling with split sections allows code and data usage to be reduced
without tuning specific options in config file.
---
 Makefile | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index c3f51ac1df..4d975ea3b0 100644
--- a/Makefile
+++ b/Makefile
@@ -43,6 +43,8 @@ CFLAGS+=-std=c99 -DESP8266
 
 CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
 
+CFLAGS += -ffunction-sections -fdata-sections
+
 MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
 ifneq ($(MFORCE32),)
     # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading
@@ -62,12 +64,6 @@ all: $(AXTLS_AR)
 $(AXTLS_AR): | $(BIN_DIR)
 
 $(AXTLS_AR): $(OBJ_FILES)
-	for file in $(OBJ_FILES); do \
-		$(OBJCOPY) \
-		--rename-section .text=.irom0.text \
-		--rename-section .literal=.irom0.literal \
-		$$file; \
-	done
 	$(AR) cru $@ $^
 
 $(BIN_DIR):

From bddda2a0cfc4eb51a093e887dff47097459ec9d1 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Sat, 29 Apr 2017 22:52:55 +0800
Subject: [PATCH 286/301] Makefile: strip build path prefix from debug info

---
 Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Makefile b/Makefile
index 4d975ea3b0..e48e869f15 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,7 @@ OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
 
 XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
 
+TOOLCHAIN_DIR=$(shell cd $(XTENSA_LIBS)/../../; pwd)
 
 OBJ_FILES := \
 	crypto/aes.o \
@@ -45,6 +46,8 @@ CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-te
 
 CFLAGS += -ffunction-sections -fdata-sections
 
+CFLAGS += -fdebug-prefix-map=$(PWD)= -fdebug-prefix-map=$(TOOLCHAIN_DIR)=xtensa-lx106-elf -gno-record-gcc-switches
+
 MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
 ifneq ($(MFORCE32),)
     # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading

From a68324f17c154c7f7ce4203e8895afa9a4c28d84 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Sat, 29 Apr 2017 23:07:53 +0800
Subject: [PATCH 287/301] Update version numbers in readme and version.h

Closes https://github.com/igrr/axtls-8266/issues/34
---
 README.md     | 2 +-
 ssl/version.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fe46b327c7..1e0fc3e733 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
-Currently based on axTLS 1.5.3+.
+Currently based on axTLS 2.0.0+.
 
 [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
 
diff --git a/ssl/version.h b/ssl/version.h
index e8158cc0d9..4f03dca0f6 100644
--- a/ssl/version.h
+++ b/ssl/version.h
@@ -1 +1 @@
-#define AXTLS_VERSION    "1.4.9"
+#define AXTLS_VERSION    "2.0.0"

From 425067abe69606ab7002b34c047e46a007f29895 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 12 Dec 2016 19:27:38 +0000
Subject: [PATCH 288/301] * SNI added * Some non-C sample code updated.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@271 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 bindings/Config.in                  | 105 ++++
 bindings/csharp/axTLS.cs            | 491 +++++++++++++++
 bindings/generate_SWIG_interface.pl | 392 ++++++++++++
 bindings/java/SSL.java              | 137 +++++
 config/makefile.conf                | 134 ++++
 samples/c/axssl.c                   | 912 ++++++++++++++++++++++++++++
 samples/csharp/axssl.cs             | 758 +++++++++++++++++++++++
 samples/java/Makefile               |  51 ++
 samples/java/axssl.java             | 760 +++++++++++++++++++++++
 samples/lua/axssl.lua               | 562 +++++++++++++++++
 samples/perl/axssl.pl               | 634 +++++++++++++++++++
 samples/vbnet/axssl.vb              | 702 +++++++++++++++++++++
 ssl/asn1.c                          |  20 +-
 ssl/ssl.h                           |   9 +-
 ssl/test/ssltest.c                  |  11 +-
 ssl/tls1.c                          |   6 +-
 ssl/tls1.h                          |   7 +-
 ssl/tls1_clnt.c                     |  58 +-
 18 files changed, 5701 insertions(+), 48 deletions(-)
 create mode 100644 bindings/Config.in
 create mode 100644 bindings/csharp/axTLS.cs
 create mode 100755 bindings/generate_SWIG_interface.pl
 create mode 100644 bindings/java/SSL.java
 create mode 100644 config/makefile.conf
 create mode 100644 samples/c/axssl.c
 create mode 100644 samples/csharp/axssl.cs
 create mode 100644 samples/java/Makefile
 create mode 100644 samples/java/axssl.java
 create mode 100755 samples/lua/axssl.lua
 create mode 100755 samples/perl/axssl.pl
 create mode 100644 samples/vbnet/axssl.vb

diff --git a/bindings/Config.in b/bindings/Config.in
new file mode 100644
index 0000000000..443fc1a323
--- /dev/null
+++ b/bindings/Config.in
@@ -0,0 +1,105 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Language Bindings"
+
+config CONFIG_BINDINGS
+    bool "Create language bindings"
+    default n
+    help
+        axTLS supports language bindings in C#, VB.NET, Java and Perl.
+
+        Select Y here if you want to build the various language bindings.
+
+config CONFIG_CSHARP_BINDINGS
+    bool "Create C# bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build C# bindings.
+
+        This requires .NET to be installed on Win32 platforms and mono to be
+        installed on all other platforms.
+
+config CONFIG_VBNET_BINDINGS
+    bool "Create VB.NET bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build VB.NET bindings.
+
+        This requires the .NET to be installed and is only built under Win32
+        platforms.
+
+menu ".Net Framework"
+depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
+config CONFIG_DOT_NET_FRAMEWORK_BASE
+    string "Location of .NET Framework"
+    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+endmenu
+
+config CONFIG_JAVA_BINDINGS
+    bool "Create Java bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Java bindings.
+
+        Current Issues (see README): 
+        * Needs Java 1.4 or better.
+        * If building under Win32 it will use the Win32 JDK.
+
+menu "Java Home"
+depends on CONFIG_JAVA_BINDINGS
+config CONFIG_JAVA_HOME
+    string "Location of JDK"
+    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
+    default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_JAVA_BINDINGS 
+    help
+        The location of Sun's JDK.
+endmenu
+
+config CONFIG_PERL_BINDINGS
+    bool "Create Perl bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Perl bindings.
+
+        Current Issues (see README):
+        * 64 bit versions don't work at present.
+        * libperl.so needs to be in the shared library path.
+
+menu "Perl Home"
+depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
+config CONFIG_PERL_CORE
+    string "Location of Perl CORE"
+    default "c:\\perl\\lib\\CORE"
+    help:
+        works with ActiveState
+        "http://www.activestate.com/Products/ActivePerl"
+
+config CONFIG_PERL_LIB
+    string "Name of Perl Library"
+    default "perl58.lib"
+endmenu
+
+config CONFIG_LUA_BINDINGS
+    bool "Create Lua bindings"
+    default n
+    depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32
+    help
+        Build Lua bindings (see www.lua.org).
+
+menu "Lua Home"
+depends on CONFIG_LUA_BINDINGS 
+config CONFIG_LUA_CORE
+    string "Location of Lua CORE"
+    default "/usr/local"
+    help:
+        If the Lua exists on another directory then this needs to be changed
+endmenu
+
+endmenu
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
new file mode 100644
index 0000000000..6a2f6b0633
--- /dev/null
+++ b/bindings/csharp/axTLS.cs
@@ -0,0 +1,491 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * A wrapper around the unmanaged interface to give a semi-decent C# API
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Net.Sockets;
+
+/**
+ * @defgroup csharp_api C# API.
+ *
+ * Ensure that the appropriate Dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ * @{
+ */
+namespace axTLS
+{
+    /**
+     * @class SSL
+     * @ingroup csharp_api 
+     * @brief A representation of an SSL connection.
+     */
+    public class SSL
+    {
+        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
+
+        /**
+         * @brief Store the reference to an SSL context.
+         * @param ip [in] A reference to an SSL object.
+         */
+        public SSL(IntPtr ip)
+        {
+            m_ssl = ip;
+        }
+
+        /**
+         * @brief Free any used resources on this connection. 
+         * 
+         * A "Close Notify" message is sent on this connection (if possible). 
+         * It is up to the application to close the socket.
+         */
+        public void Dispose()
+        {
+            axtls.ssl_free(m_ssl);
+        }
+
+        /**
+         * @brief Return the result of a handshake.
+         * @return SSL_OK if the handshake is complete and ok.
+         * @see ssl.h for the error code list.
+         */
+        public int HandshakeStatus()
+        {
+            return axtls.ssl_handshake_status(m_ssl);
+        }
+
+        /**
+         * @brief Return the SSL cipher id.
+         * @return The cipher id which is one of:
+         * - SSL_AES128_SHA (0x2f)
+         * - SSL_AES256_SHA (0x35)
+         * - SSL_AES128_SHA256 (0x3c)
+         * - SSL_AES256_SHA256 (0x3d)
+         */
+        public byte GetCipherId()
+        {
+            return axtls.ssl_get_cipher_id(m_ssl);
+        }
+
+        /**
+         * @brief Get the session id for a handshake. 
+         * 
+         * This will be a 32 byte sequence and is available after the first
+         * handshaking messages are sent.
+         * @return The session id as a 32 byte sequence.
+         * @note A SSLv23 handshake may have only 16 valid bytes.
+         */
+        public byte[] GetSessionId()
+        {
+            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
+            byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
+            byte[] result = new byte[sess_id_size];
+            Marshal.Copy(ptr, result, 0, sess_id_size);
+            return result;
+        }
+
+        /**
+         * @brief Retrieve an X.509 distinguished name component.
+         * 
+         * When a handshake is complete and a certificate has been exchanged, 
+         * then the details of the remote certificate can be retrieved.
+         *
+         * This will usually be used by a client to check that the server's 
+         * common name matches the URL.
+         *
+         * A full handshake needs to occur for this call to work.
+         *
+         * @param component [in] one of:
+         * - SSL_X509_CERT_COMMON_NAME
+         * - SSL_X509_CERT_ORGANIZATION
+         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+         * - SSL_X509_CA_CERT_COMMON_NAME
+         * - SSL_X509_CA_CERT_ORGANIZATION
+         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+         * @return The appropriate string (or null if not defined)
+         */
+        public string GetCertificateDN(int component)
+        {
+            return axtls.ssl_get_cert_dn(m_ssl, component);
+        }
+    }
+
+    /**
+     * @class SSLUtil
+     * @ingroup csharp_api 
+     * @brief Some global helper functions.
+     */
+    public class SSLUtil
+    {
+
+        /**
+         * @brief Return the build mode of the axTLS project.
+         * @return The build mode is one of:
+         * - SSL_BUILD_SERVER_ONLY
+         * - SSL_BUILD_ENABLE_VERIFICATION
+         * - SSL_BUILD_ENABLE_CLIENT
+         * - SSL_BUILD_FULL_MODE
+         */
+        public static int BuildMode()
+        {
+            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
+        }
+
+        /**
+         * @brief Return the number of chained certificates that the 
+         * client/server supports.
+         * @return The number of supported server certificates.
+         */
+        public static int MaxCerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Return the number of CA certificates that the client/server
+         * supports.
+         * @return The number of supported CA certificates.
+         */
+        public static int MaxCACerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Indicate if PEM is supported.
+         * @return true if PEM supported.
+         */
+        public static bool HasPEM()
+        {
+            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
+        }
+
+        /**
+         * @brief Display the text string of the error.
+         * @param error_code [in] The integer error code.
+         */
+        public static void DisplayError(int error_code)
+        {
+            axtls.ssl_display_error(error_code);
+        }
+
+        /**
+         * @brief Return the version of the axTLS project.
+         */
+        public static string Version()
+        {
+            return axtls.ssl_version();
+        }
+    }
+
+    /**
+     * @class SSLCTX
+     * @ingroup csharp_api 
+     * @brief A base object for SSLServer/SSLClient.
+     */
+    public class SSLCTX
+    {
+        /**
+         * @brief A reference to the real client/server context.
+         */
+        protected IntPtr m_ctx;
+
+        /**
+         * @brief Establish a new client/server context.
+         *
+         * This function is called before any client/server SSL connections are 
+         * made.  If multiple threads are used, then each thread will have its 
+         * own SSLCTX context. Any number of connections may be made with a 
+         * single context. 
+         *
+         * Each new connection will use the this context's private key and 
+         * certificate chain. If a different certificate chain is required, 
+         * then a different context needs to be be used.
+         *
+         * @param options [in]  Any particular options. At present the options
+         * supported are:
+         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
+         * the server authentication fails. The certificate can be 
+         * authenticated later with a call to VerifyCert().
+         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
+         * authentication i.e. each handshake will include a "certificate 
+         * request" message from the server.
+         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
+         * sequences during the handshake.
+         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
+         * changes during the handshake.
+         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
+         * certificates that are passed during a handshake.
+         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
+         * details that are passed during a handshake.
+         * @param num_sessions [in] The number of sessions to be used for 
+         * session caching. If this value is 0, then there is no session 
+         * caching.
+         * @return A client/server context.
+         */
+        protected SSLCTX(uint options, int num_sessions)
+        {
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
+        }
+
+        /**
+         * @brief Remove a client/server context.
+         *
+         * Frees any used resources used by this context. Each connection will 
+         * be sent a "Close Notify" alert (if possible).
+         */
+        public void Dispose()
+        {
+            axtls.ssl_ctx_free(m_ctx);
+        }
+
+        /**
+         * @brief Read the SSL data stream.
+         * @param ssl [in] An SSL object reference.
+         * @param in_data [out] After a successful read, the decrypted data 
+         * will be here. It will be null otherwise.
+         * @return The number of decrypted bytes:
+         * - if > 0, then the handshaking is complete and we are returning the 
+         * number of decrypted bytes. 
+         * - SSL_OK if the handshaking stage is successful (but not yet 
+         * complete).  
+         * - < 0 if an error.
+         * @see ssl.h for the error code list.
+         * @note Use in_data before doing any successive ssl calls.
+         */
+        public int Read(SSL ssl, out byte[] in_data)
+        {
+            IntPtr ptr = IntPtr.Zero;
+            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
+
+            if (ret > axtls.SSL_OK)
+            {
+                in_data = new byte[ret];
+                Marshal.Copy(ptr, in_data, 0, ret);
+            }
+            else
+            {
+                in_data = null;
+            }
+
+            return ret;
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @param out_len [in] The number of bytes to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data, int out_len)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
+        }
+
+        /**
+         * @brief Find an ssl object based on a Socket reference.
+         *
+         * Goes through the list of SSL objects maintained in a client/server 
+         * context to look for a socket match.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return A reference to the SSL object. Returns null if the object 
+         * could not be found.
+         */
+        public SSL Find(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
+        }
+
+        /**
+         * @brief Authenticate a received certificate.
+         * 
+         * This call is usually made by a client after a handshake is complete 
+         * and the context is in SSL_SERVER_VERIFY_LATER mode.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if the certificate is verified.
+         */
+        public int VerifyCert(SSL ssl)
+        {
+            return axtls.ssl_verify_cert(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Force the client to perform its handshake again.
+         *
+         * For a client this involves sending another "client hello" message.
+         * For the server is means sending a "hello request" message.
+         *
+         * This is a blocking call on the client (until the handshake 
+         * completes).
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if renegotiation instantiation was ok
+         */
+        public int Renegotiate(SSL ssl)
+        {
+            return axtls.ssl_renegotiate(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Load a file into memory that is in binary DER or ASCII PEM 
+         * format.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the file. Can be one of:
+         * - SSL_OBJ_X509_CERT (no password required)
+         * - SSL_OBJ_X509_CACERT (no password required)
+         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+         *
+         * PEM files are automatically detected (if supported).
+         * @param filename [in] The location of a file in DER/PEM format.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, string filename, string password)
+        {
+            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
+        }
+
+        /**
+         * @brief Transfer binary data into the object loader.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the memory data.
+         * @param data [in] The binary data to be loaded.
+         * @param len [in] The amount of data to be loaded.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, byte[] data, int len, string password)
+        {
+            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
+                                            data, len, password);
+        }
+    }
+
+    /**
+     * @class SSLServer
+     * @ingroup csharp_api 
+     * @brief The server context.
+     *
+     * All server connections are started within a server context.
+     */
+    public class SSLServer : SSLCTX
+    {
+        /**
+         * @brief Start a new server context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLServer(uint options, int num_sessions) :
+                            base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL client.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return An SSL object reference.
+         */
+        public SSL Connect(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
+        }
+    }
+
+    /**
+     * @class SSLClient
+     * @ingroup csharp_api
+     * @brief The client context.
+     *
+     * All client connections are started within a client context.
+     */
+    public class SSLClient : SSLCTX
+    {
+        /**
+         * @brief Start a new client context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLClient(uint options, int num_sessions) :
+                        base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL server.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * This is a blocking call - it will finish when the handshake is 
+         * complete (or has failed).
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @param session_id [in] A 32 byte session id for session resumption. 
+         * This can be null if no session resumption is not required.
+         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+         * if a handshake succeeded.
+         */
+        public SSL Connect(Socket s, byte[] session_id)
+        {
+            int client_fd = s.Handle.ToInt32();
+            byte sess_id_size = (byte)(session_id != null ? 
+                                session_id.Length : 0);
+            return new SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id,
+                        sess_id_size));
+        }
+    }
+}
+/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
new file mode 100755
index 0000000000..90c4ba3bef
--- /dev/null
+++ b/bindings/generate_SWIG_interface.pl
@@ -0,0 +1,392 @@
+#!/usr/bin/perl
+
+#
+# Copyright (c) 2007, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#===============================================================
+# Transforms function signature into SWIG format
+sub transformSignature
+{
+    foreach $item (@_)
+    { 
+        $line =~ s/STDCALL //g;
+        $line =~ s/EXP_FUNC/extern/g;
+
+        # make API Java more 'byte' friendly
+        $line =~ s/uint32_t/int/g;
+        $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        $line =~ s/\(void\)/()/g;
+        if ($ARGV[0] eq "-java")
+        {
+            $line =~ s/.*ssl_read.*//g;
+            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
+            $line =~ s/uint8_t/signed char/g;
+        }
+        elsif ($ARGV[0] eq "-perl")
+        {
+            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+        else # lua
+        {
+            $line =~ s/const uint8_t \*session_id/const unsigned char session_id\[\]/g;
+            $line =~ s/const uint8_t \*\w+/unsigned char *INPUT/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    foreach $line (@_)
+    {
+        next if $line =~ /ssl_x509_create/; # ignore for now
+
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            print DATA_OUT $line;
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $module;
+my $interfaceFile;
+my $data_file;
+my $skip;
+my $splitLine;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+if ($ARGV[0] eq "-java")
+{
+    print "Generating Java interface file\n";
+    $module = "axtlsj";
+    $interfaceFile = "java/axTLSj.i";
+}
+elsif ($ARGV[0] eq "-perl")
+{
+    print "Generating Perl interface file\n";
+    $module = "axtlsp";
+    $interfaceFile = "perl/axTLSp.i";
+}
+elsif ($ARGV[0] eq "-lua")
+{
+    print "Generating lua interface file\n";
+    $module = "axtlsl";
+    $interfaceFile = "lua/axTLSl.i";
+}
+else
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+# Input file required to generate SWIG interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+# Open output file
+open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+
+#
+# I wish I could say it was easy to generate the Perl/Java/Lua bindings, 
+# but each had their own set of challenges... :-(.
+#
+print DATA_OUT << "END";
+%module $module\n
+
+/* include our own header */
+%inline %{
+#include "ssl.h"
+%}
+
+%include "typemaps.i"
+/* Some SWIG magic to make the API a bit more Java friendly */
+#ifdef SWIGJAVA
+
+%apply long { SSL * };
+%apply long { SSL_CTX * };
+%apply long { SSLObjLoader * };
+
+/* allow "unsigned char []" to become "byte[]" */
+%include "arrays_java.i"
+
+/* convert these pointers to use long */
+%apply signed char[] {unsigned char *};
+%apply signed char[] {signed char *};
+
+/* allow ssl_get_session_id() to return "byte[]" */
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, ssl_get_session_id_size((SSL const *)arg1));\"
+
+/* allow ssl_client_new() to have a null session_id input */
+%typemap(in) const signed char session_id[] (jbyte *jarr) {
+    if (jarg3 == NULL)
+    {
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL,0);
+        return jresult;
+    }
+    
+    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
+}   
+
+/* Lot's of work required for an ssl_read() due to its various custom
+ * requirements.
+ */
+%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
+    jint jresult = 0 ;
+    SSL *arg1;
+    unsigned char *arg2;
+    jbyte *jarr;
+    int result;
+    JNIEnv e = *jenv;
+    jclass holder_class;
+    jfieldID fid;
+
+    arg1 = (SSL *)jarg1;
+    result = (int)ssl_read(arg1, &arg2);
+
+    /* find the "m_buf" entry in the SSLReadHolder class */
+    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
+            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
+        return SSL_NOT_OK;
+
+    if (result > SSL_OK)
+    {
+        int i;
+
+        /* create a new byte array to hold the read data */
+        jbyteArray jarray = e->NewByteArray(jenv, result);
+
+        /* copy the bytes across to the java byte array */
+        jarr = e->GetByteArrayElements(jenv, jarray, 0);
+        for (i = 0; i < result; i++)
+            jarr[i] = (jbyte)arg2[i];
+
+        /* clean up and set the new m_buf object */
+        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
+        e->SetObjectField(jenv, jarg2, fid, jarray);
+    }
+    else    /* set to null */
+        e->SetObjectField(jenv, jarg2, fid, NULL);
+
+    jresult = (jint)result;
+    return jresult;
+}
+%}
+
+/* Big hack to get hold of a socket's file descriptor */
+%typemap (jtype) long "Object"
+%typemap (jstype) long "Object"
+%native (getFd) int getFd(long sock);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
+{
+    JNIEnv e = *env;
+    jfieldID fid;
+    jobject impl;
+    jobject fdesc;
+
+    /* get the SocketImpl from the Socket */
+    if (!(jcls = e->GetObjectClass(env,sock)) ||
+            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
+            !(impl = e->GetObjectField(env,sock,fid))) return -1;
+
+    /* get the FileDescriptor from the SocketImpl */
+    if (!(jcls = e->GetObjectClass(env,impl)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
+            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
+
+    /* get the fd from the FileDescriptor */
+    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
+
+    /* return the descriptor */
+    return e->GetIntField(env,fdesc,fid);
+} 
+%}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Perl friendly */
+#ifdef SWIGPERL
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    SV *svs = newSVpv((unsigned char *)\$1, ssl_get_session_id_size((SSL const *)arg1));
+    \$result = newRV(svs);
+    sv_2mortal(\$result);
+    argvi++;
+}
+
+/* for ssl_write() */
+%typemap(in) const unsigned char out_data[] {
+    SV* tempsv;
+    if (!SvROK(\$input))
+        croak("Argument \$argnum is not a reference.");
+    tempsv = SvRV(\$input);
+    if (SvTYPE(tempsv) != SVt_PV)
+        croak("Argument \$argnum is not an string.");
+    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+        SV *svs = newSVpv(*\$1, result);
+        \$result = newRV(svs);
+        sv_2mortal(\$result);
+        argvi++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    /* check for a reference */
+    if (SvOK(\$input) && SvROK(\$input)) {
+        SV* tempsv = SvRV(\$input);
+        if (SvTYPE(tempsv) != SVt_PV)
+            croak("Argument \$argnum is not an string.");
+        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
+    } 
+    else
+        \$1 = NULL;
+}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Lua friendly */
+#ifdef SWIGLUA
+SWIG_NUMBER_TYPEMAP(unsigned char);
+SWIG_TYPEMAP_NUM_ARR(uchar,unsigned char);
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    int i;
+    lua_newtable(L);
+    for (i = 0; i < ssl_get_session_id_size((SSL const *)arg1); i++){
+        lua_pushnumber(L,(lua_Number)result[i]);
+        lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+    }
+    SWIG_arg++;
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+		int i;
+		lua_newtable(L);
+		for (i = 0; i < result; i++){
+			lua_pushnumber(L,(lua_Number)buf2[i]);
+			lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+		}
+        SWIG_arg++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    if (lua_isnil(L,\$input))
+        \$1 = NULL;
+    else
+        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, ssl_get_session_id((SSL const *)\$1));
+}
+
+#endif
+
+END
+
+# Initialise loop variables
+$skip = 1;
+$splitLine = 0;
+
+parseFile(@raw_data);
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
new file mode 100644
index 0000000000..e0400b6016
--- /dev/null
+++ b/bindings/java/SSL.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @defgroup java_api Java API.
+ *
+ * Ensure that the appropriate dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ */
+
+/**
+ * @class SSL
+ * @ingroup java_api 
+ * @brief A representation of an SSL connection.
+ *
+ */
+public class SSL
+{
+    public int m_ssl;    /**< A pointer to the real SSL type */
+
+    /**
+     * @brief Store the reference to an SSL context.
+     * @param ip [in] A reference to an SSL object.
+     */
+    public SSL(int ip)
+    {
+        m_ssl = ip;
+    }
+
+    /**
+     * @brief Free any used resources on this connection. 
+     * 
+     * A "Close Notify" message is sent on this connection (if possible). It 
+     * is up to the application to close the socket.
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_free(m_ssl);
+    }
+
+    /**
+     * @brief Return the result of a handshake.
+     * @return SSL_OK if the handshake is complete and ok.
+     * @see ssl.h for the error code list.
+     */
+    public int handshakeStatus()
+    {
+        return axtlsj.ssl_handshake_status(m_ssl);
+    }
+
+    /**
+     * @brief Return the SSL cipher id.
+     * @return The cipher id which is one of:
+     * - SSL_AES128_SHA (0x2f)
+     * - SSL_AES256_SHA (0x35)
+     * - SSL_AES128_SHA256 (0x3c)
+     * - SSL_AES256_SHA256 (0x3d)
+     */
+    public byte getCipherId()
+    {
+        return axtlsj.ssl_get_cipher_id(m_ssl);
+    }
+
+    /**
+     * @brief Get the session id for a handshake. 
+     * 
+     * This will be a 32 byte sequence and is available after the first
+     * handshaking messages are sent.
+     * @return The session id as a 32 byte sequence.
+     * @note A SSLv23 handshake may have only 16 valid bytes.
+     */
+    public byte[] getSessionId()
+    {
+        return axtlsj.ssl_get_session_id(m_ssl);
+    }
+
+    /**
+     * @brief Retrieve an X.509 distinguished name component.
+     * 
+     * When a handshake is complete and a certificate has been exchanged, 
+     * then the details of the remote certificate can be retrieved.
+     *
+     * This will usually be used by a client to check that the server's common 
+     * name matches the URL.
+     *
+     * A full handshake needs to occur for this call to work.
+     *
+     * @param component [in] one of:
+     * - SSL_X509_CERT_COMMON_NAME
+     * - SSL_X509_CERT_ORGANIZATION
+     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+     * - SSL_X509_CA_CERT_COMMON_NAME
+     * - SSL_X509_CA_CERT_ORGANIZATION
+     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+     * @return The appropriate string (or null if not defined)
+     */
+    public String getCertificateDN(int component)
+    {
+        return axtlsj.ssl_get_cert_dn(m_ssl, component);
+    }
+}
diff --git a/config/makefile.conf b/config/makefile.conf
new file mode 100644
index 0000000000..702abfd238
--- /dev/null
+++ b/config/makefile.conf
@@ -0,0 +1,134 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# A standard makefile for all makefiles
+#
+
+# All executables and libraries go here
+STAGE=./_stage
+
+ifneq ($(MAKECMDGOALS), clean)
+
+# Give an initial rule
+all: 
+
+# Win32 
+ifdef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_VISUAL_STUDIO_7_0
+CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_8_0
+CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_10_0
+CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH)
+stuff:
+	@echo $(INCLUDE)
+endif
+
+CC=cl.exe
+LD=link.exe
+AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
+CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386
+LDSHARED = /dll
+AR=lib /nologo
+
+ifdef CONFIG_DEBUG
+	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
+	LDFLAGS += /debug /incremental:yes 
+else
+	CFLAGS += /O2 /D "NDEBUG"
+	LDFLAGS += /incremental:no 
+endif
+
+else    # Not Win32
+
+-include .depend
+
+CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
+LD=$(CC)
+STRIP=$(CROSS)strip
+
+# Solaris
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -DCONFIG_PLATFORM_SOLARIS
+LDFLAGS += -lsocket -lnsl -lc
+LDSHARED = -G
+# Linux/Cygwin
+else 
+CFLAGS += -Wall -Wstrict-prototypes -Wshadow
+LDSHARED = -shared
+
+# Linux
+ifndef CONFIG_PLATFORM_CYGWIN
+ifndef CONFIG_PLATFORM_NOMMU
+CFLAGS += -fPIC 
+
+# Cygwin
+else
+CFLAGS += -DCONFIG_PLATFORM_CYGWIN
+LDFLAGS += -enable-auto-import
+endif
+endif
+endif
+
+ifdef CONFIG_DEBUG
+CFLAGS += -g
+else
+LDFLAGS += -s
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -O 
+else
+CFLAGS += -O3
+endif
+
+endif	# CONFIG_DEBUG
+endif   # WIN32
+
+CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
+LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
+
+endif   # not 'clean'
+
+clean::
+	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
+
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
new file mode 100644
index 0000000000..aaf803440a
--- /dev/null
+++ b/samples/c/axssl.c
@@ -0,0 +1,912 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl s_server -?
+ * > axssl s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* define standard input */
+#ifndef STDIN_FILENO
+#define STDIN_FILENO        0
+#endif
+
+static void do_server(int argc, char *argv[]);
+static void print_options(char *option);
+static void print_server_options(char *option);
+static void do_client(int argc, char *argv[]);
+static void print_client_options(char *option);
+static void display_cipher(SSL *ssl);
+static void display_session_id(SSL *ssl);
+
+/**
+ * Main entry point. Doesn't do much except works out whether we are a client
+ * or a server.
+ */
+int main(int argc, char *argv[])
+{
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+#elif !defined(CONFIG_PLATFORM_SOLARIS)
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+#endif
+
+    if (argc == 2 && strcmp(argv[1], "version") == 0)
+    {
+        printf("axssl %s %s\n", ssl_version(), __DATE__);
+        exit(0);
+    }
+
+    if (argc < 2 || (
+                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
+        print_options(argc > 1 ? argv[1] : "");
+
+    strcmp(argv[1], "s_server") ? 
+        do_client(argc, argv) : do_server(argc, argv);
+    return 0;
+}
+
+/**
+ * Implement the SSL server logic. 
+ */
+static void do_server(int argc, char *argv[])
+{
+    int i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_DISPLAY_CERTS;
+    int client_fd;
+    SSL_CTX *ssl_ctx;
+    int server_fd, res = 0;
+    socklen_t client_len;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    char *private_key_file = NULL;
+    const char *password = NULL;
+    char **cert;
+    int cert_index = 0;
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef WIN32
+    char yes = 1;
+#else
+    int yes = 1;
+#endif
+    struct sockaddr_in serv_addr;
+    struct sockaddr_in client_addr;
+    int quiet = 0;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_index = 0;
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+#endif
+    fd_set read_set;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+#endif
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-accept") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            port = atoi(argv[++i]);
+        }
+#ifndef CONFIG_SSL_SKELETON_MODE
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#endif
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options |= SSL_CLIENT_AUTHENTICATION;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_server_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Server context is invalid\n");
+        exit(1);
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(ca_cert);
+#endif
+#ifndef CONFIG_SSL_SKELETON_MODE
+    free(cert);
+#endif
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    for (;;)
+    {
+        SSL *ssl;
+        int reconnected = 0;
+
+        if (!quiet)
+        {
+            printf("ACCEPT\n");
+            TTY_FLUSH();
+        }
+
+        if ((client_fd = accept(server_fd, 
+                (struct sockaddr *)&client_addr, &client_len)) < 0)
+        {
+            break;
+        }
+
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+
+        /* now read (and display) whatever the client sends us */
+        for (;;)
+        {
+            /* allow parallel reading of client and standard input */
+            FD_ZERO(&read_set);
+            FD_SET(client_fd, &read_set);
+
+#ifndef WIN32
+            /* win32 doesn't like mixing up stdin and sockets */
+            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
+            {
+                FD_SET(STDIN_FILENO, &read_set);
+            }
+
+            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+            {
+               uint8_t buf[1024];
+
+                /* read standard input? */
+                if (FD_ISSET(STDIN_FILENO, &read_set))
+                {
+                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                    {
+                        res = SSL_ERROR_CONN_LOST;
+                    }
+                    else
+                    {
+                        /* small hack to check renegotiation */
+                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
+                        {
+                            res = ssl_renegotiate(ssl);
+                        }
+                        else    /* write our ramblings to the client */
+                        {
+                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        }
+                    }
+                }
+                else    /* a socket read */
+#endif
+                {
+                    /* keep reading until we get something interesting */
+                    uint8_t *read_buf;
+
+                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
+                    {
+                        /* are we in the middle of doing a handshake? */
+                        if (ssl_handshake_status(ssl) != SSL_OK)
+                        {
+                            reconnected = 0;
+                        }
+                        else if (!reconnected)
+                        {
+                            /* we are connected/reconnected */
+                            if (!quiet)
+                            {
+                                display_session_id(ssl);
+                                display_cipher(ssl);
+                            }
+
+                            reconnected = 1;
+                        }
+                    }
+
+                    if (res > SSL_OK)    /* display our interesting output */
+                    {
+                        int written = 0;
+                        while (written < res)
+                        {
+                            written += write(STDOUT_FILENO, read_buf+written,
+                                                res-written);
+                        }
+                        TTY_FLUSH();
+                    }
+                    else if (res == SSL_CLOSE_NOTIFY)
+                    {
+                        printf("shutting down SSL\n");
+                        TTY_FLUSH();
+                    }
+                    else if (res < SSL_OK && !quiet)
+                    {
+                        ssl_display_error(res);
+                    }
+                }
+#ifndef WIN32
+            }
+#endif
+
+            if (res < SSL_OK)
+            {
+                if (!quiet)
+                {
+                    printf("CONNECTION CLOSED\n");
+                    TTY_FLUSH();
+                }
+
+                break;
+            }
+        }
+
+        /* client was disconnected or the handshake failed. */
+        ssl_free(ssl);
+        SOCKET_CLOSE(client_fd);
+    }
+
+    ssl_ctx_free(ssl_ctx);
+}
+
+/**
+ * Implement the SSL client logic.
+ */
+static void do_client(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int res, i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
+    int client_fd;
+    char *private_key_file = NULL;
+    struct sockaddr_in client_addr;
+    struct hostent *hostent;
+    int reconnect = 0;
+    uint32_t sin_addr;
+    SSL_CTX *ssl_ctx;
+    SSL *ssl = NULL;
+    int quiet = 0;
+    int cert_index = 0, ca_cert_index = 0;
+    int cert_size, ca_cert_size;
+    char **ca_cert, **cert;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    fd_set read_set;
+    const char *password = NULL;
+    SSL_EXTENSIONS *extensions = NULL;
+
+    FD_ZERO(&read_set);
+    sin_addr = inet_addr("127.0.0.1");
+    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-connect") == 0)
+        {
+            char *host, *ptr;
+
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            host = argv[++i];
+            if ((ptr = strchr(host, ':')) == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            *ptr++ = 0;
+            port = atoi(ptr);
+            hostent = gethostbyname(host);
+
+            if (hostent == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
+        }
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options &= ~SSL_SERVER_VERIFY_LATER;
+        }
+        else if (strcmp(argv[i], "-reconnect") == 0)
+        {
+            reconnect = 4;
+        }
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+        else if (strcmp(argv[i], "-servername") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            extensions = ssl_ext_new();
+            extensions->host_name = argv[++i];
+        }
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_client_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Client context is invalid\n");
+        exit(1);
+    }
+
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(cert);
+    free(ca_cert);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
+    /* Try session resumption? */
+    if (reconnect)
+    {
+        while (reconnect--)
+        {
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
+                    sizeof(session_id), extensions);
+            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+            {
+                if (!quiet)
+                {
+                    ssl_display_error(res);
+                }
+
+                ssl_free(ssl);
+                ssl_ext_free(extensions);
+                exit(1);
+            }
+
+            display_session_id(ssl);
+            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+
+            if (reconnect)
+            {
+                ssl_free(ssl);
+                ssl_ext_free(extensions);
+                SOCKET_CLOSE(client_fd);
+
+                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+                connect(client_fd, (struct sockaddr *)&client_addr, 
+                        sizeof(client_addr));
+            }
+        }
+    }
+    else
+    {
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions);
+    }
+
+    /* check the return status */
+    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+    {
+        if (!quiet)
+        {
+            ssl_display_error(res);
+        }
+
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        const char *common_name = ssl_get_cert_dn(ssl,
+                SSL_X509_CERT_COMMON_NAME);
+        if (common_name)
+        {
+            printf("Common Name:\t\t\t%s\n", common_name);
+        }
+
+        display_session_id(ssl);
+        display_cipher(ssl);
+    }
+
+    for (;;)
+    {
+        uint8_t buf[1024];
+
+        /* allow parallel reading of server and standard input */
+        FD_SET(client_fd, &read_set);
+#ifndef WIN32
+        /* win32 doesn't like mixing up stdin and sockets */
+        FD_SET(STDIN_FILENO, &read_set);
+
+        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+        {
+            /* read standard input? */
+            if (FD_ISSET(STDIN_FILENO, &read_set))
+#endif
+            {
+                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                {
+                    /* bomb out of here */
+                    ssl_free(ssl);
+                    break;
+                }
+                else
+                {
+                    /* small hack to check renegotiation */
+                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
+                    {
+                        res = ssl_renegotiate(ssl);
+                    }
+                    else
+                    {
+                        res = ssl_write(ssl, buf, strlen((char *)buf));
+                    }
+                }
+            }
+#ifndef WIN32
+            else    /* a socket read */
+            {
+                uint8_t *read_buf;
+
+                res = ssl_read(ssl, &read_buf);
+
+                if (res > 0)    /* display our interesting output */
+                {
+                    int written = 0;
+                    while (written < res)
+                    {
+                        written += write(STDOUT_FILENO, read_buf+written,
+                                            res-written);
+                    }
+                    TTY_FLUSH();
+                }
+            }
+        }
+#endif
+
+        if (res < 0)
+        {
+            if (!quiet)
+            {
+                ssl_display_error(res);
+            }
+
+            break;      /* get outta here */
+        }
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    ssl_ext_free(extensions);
+    SOCKET_CLOSE(client_fd);
+#else
+    print_client_options(argv[1]);
+#endif
+}
+
+/**
+ * We've had some sort of command-line error. Print out the basic options.
+ */
+static void print_options(char *option)
+{
+    printf("axssl: Error: '%s' is an invalid command.\n", option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the server options.
+ */
+static void print_server_options(char *option)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+#ifndef CONFIG_SSL_SKELETON_MODE
+    printf(" -cert arg\t- certificate file to add (in addition to default)"
+                                    " to chain -\n"
+          "\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#endif
+    printf(" -quiet\t\t- No server output\n");
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the client options.
+ */
+static void print_client_options(char *option)
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    printf("usage: s_client [args ...]\n");
+    printf(" -connect host:port - who to connect to (default "
+            "is localhost:4433)\n");
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -cert arg\t- certificate file to use\n");
+    printf("\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+    printf(" -quiet\t\t- No client output\n");
+    printf(" -reconnect\t- Drop and re-make the connection "
+            "with the same Session-ID\n");
+    printf(" -pass\t\t- Private key file pass phrase source\n");
+    printf(" -servername\t- Set TLS extension servername in ClientHello\n");
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+#else
+    printf("Change configuration to allow this feature\n");
+#endif
+    exit(1);
+}
+
+/**
+ * Display what cipher we are using 
+ */
+static void display_cipher(SSL *ssl)
+{
+    printf("CIPHER is ");
+    switch (ssl_get_cipher_id(ssl))
+    {
+        case SSL_AES128_SHA:
+            printf("AES128-SHA");
+            break;
+
+        case SSL_AES256_SHA:
+            printf("AES256-SHA");
+            break;
+
+        case SSL_AES128_SHA256:
+            printf("AES128-SHA256");
+            break;
+
+        case SSL_AES256_SHA256:
+            printf("AES256-SHA256");
+            break;
+
+        default:
+            printf("Unknown - %d", ssl_get_cipher_id(ssl));
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Display what session id we have.
+ */
+static void display_session_id(SSL *ssl)
+{    
+    int i;
+    const uint8_t *session_id = ssl_get_session_id(ssl);
+    int sess_id_size = ssl_get_session_id_size(ssl);
+
+    if (sess_id_size > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        for (i = 0; i < sess_id_size; i++)
+        {
+            printf("%02x", session_id[i]);
+        }
+
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+        TTY_FLUSH();
+    }
+}
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
new file mode 100644
index 0000000000..df3c576623
--- /dev/null
+++ b/samples/csharp/axssl.cs
@@ -0,0 +1,758 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C# with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl.csharp.exe s_server -?
+ * > axssl.csharp.exe s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+
+using System;
+using System.Net;
+using System.Net.Sockets;
+using axTLS;
+
+public class axssl
+{
+    /*
+     * Main()
+     */
+    public static void Main(string[] args)
+    {
+        if (args.Length == 1 && args[0] == "version")
+        {
+            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
+            Environment.Exit(0); 
+        }
+
+        axssl runner = new axssl();
+
+        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
+            runner.print_options(args.Length > 0 ? args[0] : "");
+
+        int build_mode = SSLUtil.BuildMode();
+
+        if (args[0] == "s_server")
+            runner.do_server(build_mode, args);
+        else 
+            runner.do_client(build_mode, args);
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, string[] args)
+    {
+        int i = 1;
+        int port = 4433;
+        uint options = axtls.SSL_DISPLAY_CERTS;
+        bool quiet = false;
+        string password = null;
+        string private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-accept")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Int32.Parse(args[++i]);
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i] == "-cert")
+                {
+                    if (i >= args.Length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i] == "-key")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtls.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i] == "-pass")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i] == "-verify")
+                    {
+                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i] == "-CAfile")
+                    {
+                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i] == "-debug")
+                        {
+                            options |= axtls.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i] == "-state")
+                        {
+                            options |= axtls.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i] == "-show-rsa")
+                        {
+                            options |= axtls.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
+        TcpListener server_sock = new TcpListener(ep);
+        server_sock.Start();      
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(
+                                options, axtls.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Server context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        byte[] buf = null;
+        int res;
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                Console.WriteLine("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.AcceptSocket();
+
+            SSL ssl = ssl_ctx.Connect(client_sock);
+
+            /* do the actual SSL handshake */
+            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.HandshakeStatus() == axtls.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtls.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtls.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            Console.WriteLine("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to string */
+                    char[] str = new char[res];
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    Console.Write(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.Dispose();
+            client_sock.Close();
+        }
+
+        /* ssl_ctx.Dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, string[] args)
+    {
+        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        bool quiet = false;
+        string password = null;
+        int reconnect = 0;
+        string private_key_file = null;
+        string hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+
+        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-connect")
+            {
+                string host_port;
+
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.IndexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new string(host_port.ToCharArray(), 
+                        0, index_colon);
+                port = Int32.Parse(new String(host_port.ToCharArray(), 
+                            index_colon+1, host_port.Length-index_colon-1));
+            }
+            else if (args[i] == "-cert")
+            {
+                if (i >= args.Length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i] == "-key")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtls.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i] == "-CAfile")
+            {
+                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i] == "-verify")
+            {
+                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i] == "-reconnect")
+            {
+                reconnect = 4;
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i] == "-pass")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i] == "-debug")
+                {
+                    options |= axtls.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i] == "-state")
+                {
+                    options |= axtls.SSL_DISPLAY_STATES;
+                }
+                else if (args[i] == "-show-rsa")
+                {
+                    options |= axtls.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
+        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
+        IPAddress[] addresses = hostInfo.AddressList;
+        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
+        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
+                SocketType.Stream, ProtocolType.Tcp);
+        client_sock.Connect(ep);
+
+        if (!client_sock.Connected)
+        {
+            Console.WriteLine("could not connect");
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            Console.WriteLine("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options,
+                                    axtls.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Client context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.Connect(client_sock, session_id);
+
+                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.DisplayError(res);
+                    }
+
+                    ssl.Dispose();
+                    Environment.Exit(1);
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.GetSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.Dispose();
+                    client_sock.Close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(AddressFamily.InterNetwork, 
+                        SocketType.Stream, ProtocolType.Tcp);
+                    client_sock.Connect(ep);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.Connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            string common_name =
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                Console.WriteLine("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        for (;;)
+        {
+            string user_input = Console.ReadLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.Length+2];
+            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.Length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.Length-2; i++)
+            {
+                buf[i] = (byte)user_input[i];
+            }
+
+            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.DisplayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.Dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(string option)
+    {
+        Console.WriteLine("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        Console.WriteLine("usage: axssl.csharp [s_server|" +
+                            "s_client|version] [args ...]");
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+        Console.WriteLine("usage: s_server [args ...]");
+        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        Console.WriteLine(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+        {
+          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
+                  "addition to default) to chain -");
+          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
+          Console.WriteLine(" -key arg\t- Private key file to use");
+          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            Console.WriteLine(" -verify\t- turn on peer certificate " +
+                    "verification");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + 
+                    ca_cert_size + "times");
+        }
+
+        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+        {
+            Console.WriteLine(" -debug\t\t- Print more output");
+            Console.WriteLine(" -state\t\t- Show state messages");
+            Console.WriteLine(" -show-rsa\t- Show RSA state");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            Console.WriteLine("usage: s_client [args ...]");
+            Console.WriteLine(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            Console.WriteLine(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            Console.WriteLine(" -cert arg\t- certificate file to use");
+            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
+            Console.WriteLine(" -key arg\t- Private key file to use");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            Console.WriteLine(" -quiet\t\t- No client output");
+            Console.WriteLine(" -pass\t\t- private key file pass " + 
+                    "phrase source");
+            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                Console.WriteLine(" -debug\t\t- Print more output");
+                Console.WriteLine(" -state\t\t- Show state messages");
+                Console.WriteLine(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            Console.WriteLine("Change configuration to allow this feature");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        Console.Write("CIPHER is ");
+
+        switch (ssl.GetCipherId())
+        {
+            case axtls.SSL_AES128_SHA:
+                Console.WriteLine("AES128-SHA");
+                break;
+
+            case axtls.SSL_AES256_SHA:
+                Console.WriteLine("AES256-SHA");
+                break;
+
+            case axtls.SSL_AES128_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            case axtls.SSL_AES256_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            default:
+                Console.WriteLine("Unknown - " + ssl.GetCipherId());
+                break;
+        }
+    }
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.GetSessionId();
+
+        if (session_id.Length > 0)
+        {
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+            foreach (byte b in session_id)
+            {
+                Console.Write("{0:x02}", b);
+            }
+
+            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/java/Makefile b/samples/java/Makefile
new file mode 100644
index 0000000000..9c1ed6da2e
--- /dev/null
+++ b/samples/java/Makefile
@@ -0,0 +1,51 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all : sample
+JAR=../../$(STAGE)/axtls.jar
+CLASSES=../../bindings/java/classes
+sample : $(JAR)
+
+$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
+	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
+
+JAVA_FILES=axssl.java
+JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
+
+$(CLASSES)/%.class : %.java
+	javac -d $(CLASSES) -classpath $(CLASSES) $^
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
new file mode 100644
index 0000000000..e013c11b47
--- /dev/null
+++ b/samples/java/axssl.java
@@ -0,0 +1,760 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Demonstrate the use of the axTLS library in Java with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.  *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > java -jar axtls.jar s_server -?
+ * > java -jar axtls.jar s_client -?
+ *
+ * The axtls/axtlsj shared libraries must be in the same directory or be found 
+ * by the OS.
+ */
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import axTLSj.*;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void main(String[] args)
+    {
+        if (args.length == 1 && args[0].equals("version"))
+        {
+            System.out.println("axtls.jar " + SSLUtil.version());
+            System.exit(0);
+        }
+
+        axssl runner = new axssl();
+
+        try
+        {
+            if (args.length < 1 || 
+                    (!args[0].equals("s_server") &&
+                     !args[0].equals("s_client")))
+            {
+                runner.print_options(args.length > 0 ? args[0] : "");
+            }
+
+            int build_mode = SSLUtil.buildMode();
+
+            if (args[0].equals("s_server"))
+                runner.do_server(build_mode, args);
+            else 
+                runner.do_client(build_mode, args);
+        }
+        catch (Exception e) 
+        {
+            System.out.println(e);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, String[] args)
+                    throws Exception
+    {
+        int i = 1;
+        int port = 4433;
+        int options = axtlsj.SSL_DISPLAY_CERTS;
+        boolean quiet = false;
+        String password = null;
+        String private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-accept"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Integer.parseInt(args[++i]);
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i].equals("-cert"))
+                {
+                    if (i >= args.length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i].equals("-key"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i].equals("-pass"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i].equals("-verify"))
+                    {
+                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i].equals("-CAfile"))
+                    {
+                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i].equals("-debug"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i].equals("-state"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i].equals("-show-rsa"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else 
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        ServerSocket server_sock = new ServerSocket(port);
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(options, 
+                                    axtlsj.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+            throw new Exception("Error: Server context is invalid");
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        int res;
+        SSLReadHolder rh = new SSLReadHolder();
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                System.out.println("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.accept();
+
+            SSL ssl = ssl_ctx.connect(client_sock);
+
+            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtlsj.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtlsj.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            System.out.println("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to String */
+                    byte[] buf = rh.getData();
+                    char[] str = new char[res];
+
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    System.out.print(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.dispose();
+            client_sock.close();
+        }
+
+        /* ssl_ctx.dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, String[] args)
+                    throws Exception
+    {
+        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
+            print_client_options(build_mode, args[1]);
+
+        int i = 1, res;
+        int port = 4433;
+        boolean quiet = false;
+        String password = null;
+        int reconnect = 0;
+        String private_key_file = null;
+        String hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+
+        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-connect"))
+            {
+                String host_port;
+
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.indexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new String(host_port.toCharArray(), 
+                        0, index_colon);
+                port = Integer.parseInt(new String(host_port.toCharArray(), 
+                            index_colon+1, host_port.length()-index_colon-1));
+            }
+            else if (args[i].equals("-cert"))
+            {
+                if (i >= args.length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-CAfile"))
+            {
+                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-key"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtlsj.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i].equals("-verify"))
+            {
+                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i].equals("-reconnect"))
+            {
+                reconnect = 4;
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i].equals("-pass"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i].equals("-debug"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i].equals("-state"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_STATES;
+                }
+                else if (args[i].equals("-show-rsa"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        Socket client_sock = new Socket(hostname, port);
+
+        if (!client_sock.isConnected())
+        {
+            System.out.println("could not connect");
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            System.out.println("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options, 
+                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Client context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        SSL ssl = null;
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.connect(client_sock, session_id);
+
+                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.displayError(res);
+                    }
+
+                    ssl.dispose();
+                    throw new Exception();
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.getSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.dispose();
+                    client_sock.close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(hostname, port);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            String common_name =
+                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                System.out.println("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        BufferedReader in = new BufferedReader(
+                new InputStreamReader(System.in));
+
+        for (;;)
+        {
+            String user_input = in.readLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.length()+2];
+            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.length-2; i++)
+            {
+                buf[i] = (byte)user_input.charAt(i);
+            }
+
+            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.displayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(String option)
+    {
+        System.out.println("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
+                "[args ...]");
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+        System.out.println("usage: s_server [args ...]");
+        System.out.println(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        System.out.println(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+        {
+            System.out.println(" -cert arg\t- certificate file to add (in " + 
+                    "addition to default) to chain -");
+            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            System.out.println(" -verify\t- turn on peer certificate " +
+                    "verification");
+            System.out.println(" -CAfile arg\t- Certificate authority. ");
+            System.out.println("\t\t  Can repeat up to " + 
+                    ca_cert_size + " times");
+        }
+
+        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+        {
+            System.out.println(" -debug\t\t- Print more output");
+            System.out.println(" -state\t\t- Show state messages");
+            System.out.println(" -show-rsa\t- Show RSA state");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            System.out.println("usage: s_client [args ...]");
+            System.out.println(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            System.out.println(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            System.out.println(" -cert arg\t- certificate file to use");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println("\t\t  Can repeat up to " + cert_size + 
+                    " times");
+            System.out.println(" -CAfile arg\t- Certificate authority.");
+            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            System.out.println(" -quiet\t\t- No client output");
+            System.out.println(" -pass\t\t- private key file pass " + 
+                        "phrase source");
+            System.out.println(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                System.out.println(" -debug\t\t- Print more output");
+                System.out.println(" -state\t\t- Show state messages");
+                System.out.println(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            System.out.println("Change configuration to allow this feature");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        System.out.print("CIPHER is ");
+
+        byte ciph_id = ssl.getCipherId();
+
+        if (ciph_id == axtlsj.SSL_AES128_SHA)
+            System.out.println("AES128-SHA");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA)
+            System.out.println("AES256-SHA");
+        else if (ciph_id == axtlsj.SSL_AES128_SHA256)
+            System.out.println("AES128-SHA256");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA256)
+            System.out.println("AES256-SHA256");
+        else
+            System.out.println("Unknown - " + ssl.getCipherId());
+    }
+
+    public char toHexChar(int i)
+    {
+        if ((0 <= i) && (i <= 9 ))
+            return (char)('0' + i);
+        else
+            return (char)('a' + (i-10));
+    }
+
+    public void bytesToHex(byte[] data) 
+    {
+        StringBuffer buf = new StringBuffer();
+        for (int i = 0; i < data.length; i++ ) 
+        {
+            buf.append(toHexChar((data[i]>>>4)&0x0F));
+            buf.append(toHexChar(data[i]&0x0F));
+        }
+
+        System.out.println(buf);
+    }
+
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.getSessionId();
+
+        if (session_id.length > 0)
+        {
+            System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+            bytesToHex(session_id);
+            System.out.println("-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
new file mode 100755
index 0000000000..b4f24edf04
--- /dev/null
+++ b/samples/lua/axssl.lua
@@ -0,0 +1,562 @@
+#!/usr/local/bin/lua
+
+--
+-- Copyright (c) 2007-2016, Cameron Rich
+--
+-- All rights reserved.
+--
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions are met:
+--
+-- * Redistributions of source code must retain the above copyright notice,
+--   this list of conditions and the following disclaimer.
+-- * Redistributions in binary form must reproduce the above copyright
+--   notice, this list of conditions and the following disclaimer in the
+--   documentation and/or other materials provided with the distribution.
+-- * Neither the name of the axTLS project nor the names of its
+--   contributors may be used to endorse or promote products derived
+--   from this software without specific prior written permission.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+-- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+-- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+-- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+-- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+-- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+--
+
+--
+-- Demonstrate the use of the axTLS library in Lua with a set of 
+-- command-line parameters similar to openssl. In fact, openssl clients 
+-- should be able to communicate with axTLS servers and visa-versa.
+--
+-- This code has various bits enabled depending on the configuration. To enable
+-- the most interesting version, compile with the 'full mode' enabled.
+--
+-- To see what options you have, run the following:
+-- > [lua] axssl s_server -?
+-- > [lua] axssl s_client -?
+--
+-- The axtls/axtlsl shared libraries must be in the same directory or be found 
+-- by the OS.
+--
+--
+require "bit"
+require("axtlsl")
+local socket = require("socket")
+
+-- print version?
+if #arg == 1 and arg[1] == "version" then
+    print("axssl.lua "..axtlsl.ssl_version())
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the basic options.
+--
+function print_options(option)
+    print("axssl: Error: '"..option.."' is an invalid command.")
+    print("usage: axssl [s_server|s_client|version] [args ...]")
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the server options.
+--
+function print_server_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+    print("usage: s_server [args ...]")
+    print(" -accept\t- port to accept on (default is 4433)")
+    print(" -quiet\t\t- No server output")
+
+    if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+        print(" -cert arg\t- certificate file to add (in addition to "..
+                "default) to chain -")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print(" -pass\t\t- private key file pass phrase source")
+    end
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.." times")
+    end
+
+    if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+        print(" -debug\t\t- Print more output")
+        print(" -state\t\t- Show state messages")
+        print(" -show-rsa\t- Show RSA state")
+    end
+
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the client options.
+--
+function print_client_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
+        print("usage: s_client [args ...]")
+        print(" -connect host:port - who to connect to (default "..
+                "is localhost:4433)")
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -cert arg\t- certificate file to use - default DER format")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.."times")
+        print(" -quiet\t\t- No client output")
+        print(" -pass\t\t- private key file pass phrase source")
+        print(" -reconnect\t- Drop and re-make the connection "..
+                "with the same Session-ID")
+
+        if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            print(" -debug\t\t- Print more output")
+            print(" -state\t\t- Show state messages")
+            print(" -show-rsa\t- Show RSA state")
+        end
+    else
+        print("Change configuration to allow this feature")
+    end
+
+    os.exit(1)
+end
+
+-- Implement the SSL server logic. 
+function do_server(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = axtlsl.SSL_DISPLAY_CERTS
+    local quiet = false
+    local password = ""
+    local private_key_file = nil
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] ==  "-accept" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            port = arg[i]
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+            if arg[i] == "-cert" then
+                if i >= #arg or #cert >= cert_size then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                table.insert(cert, arg[i])
+            elseif arg[i] == "-key" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                private_key_file = arg[i]
+                options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+            elseif arg[i] == "-pass" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                password = arg[i]
+            elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+                if arg[i] == "-verify" then
+                    options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
+                elseif arg[i] == "-CAfile" then
+                    if i >= #arg or #ca_cert >= ca_cert_size then
+                        print_server_options(build_mode, arg[i])  
+                    end
+
+                    i = i + 1
+                    table.insert(ca_cert, arg[i])
+                elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+                    if arg[i] == "-debug" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+                    elseif arg[i] == "-state" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
+                    elseif arg[i] == "-show-rsa" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
+                    else
+                        print_server_options(build_mode, arg[i])
+                    end
+                else
+                    print_server_options(build_mode, arg[i])
+                end
+            else 
+                print_server_options(build_mode, arg[i])
+            end
+        else 
+            print_server_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    -- Create socket for incoming connections
+    local server_sock = socket.try(socket.bind("*", port))
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
+    if ssl_ctx == nil then error("Error: Server context is invalid") end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '" .. private_key_file .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    while true do
+        if not quiet then print("ACCEPT") end
+        local client_sock = server_sock:accept();
+        local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
+
+        -- do the actual SSL handshake
+        local connected = false
+        local res
+        local buf
+
+        while true do
+            socket.select({client_sock}, nil)
+            res, buf = axtlsl.ssl_read(ssl)
+
+            if res == axtlsl.SSL_OK then -- connection established and ok
+                if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
+                    if not quiet and not connected then
+                        display_session_id(ssl)
+                        display_cipher(ssl)
+                    end
+                    connected = true
+                end
+            end
+
+            if res > axtlsl.SSL_OK then
+                for _, v in ipairs(buf) do
+                    io.write(string.format("%c", v))
+                end
+            elseif res < axtlsl.SSL_OK then 
+                if not quiet then
+                    axtlsl.ssl_display_error(res)
+                end
+                break
+            end
+        end
+
+        -- client was disconnected or the handshake failed.
+        print("CONNECTION CLOSED")
+        axtlsl.ssl_free(ssl)
+        client_sock:close()
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+end
+
+--
+-- Implement the SSL client logic.
+--
+function do_client(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = 
+            bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
+    local private_key_file = nil
+    local reconnect = 0
+    local quiet = false
+    local password = ""
+    local session_id = {}
+    local host = "127.0.0.1"
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] == "-connect" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            local t = string.find(arg[i], ":")
+            host = string.sub(arg[i], 1, t-1)
+            port = string.sub(arg[i], t+1)
+        elseif arg[i] == "-cert" then
+            if i >= #arg or #cert >= cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(cert, arg[i])
+        elseif arg[i] == "-key" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            private_key_file = arg[i]
+            options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+        elseif arg[i] == "-CAfile" then
+            if i >= #arg or #ca_cert >= ca_cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(ca_cert, arg[i])
+        elseif arg[i] == "-verify" then
+            options = bit.band(options, 
+                                bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
+        elseif arg[i] == "-reconnect" then
+            reconnect = 4
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif arg[i] == "-pass" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            password = arg[i]
+        elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            if arg[i] == "-debug" then
+                options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+            elseif arg[i] == "-state" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
+            elseif arg[i] == "-show-rsa" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
+            else    -- don't know what this is
+                print_client_options(build_mode, arg[i])
+            end
+        else    -- don't know what this is
+            print_client_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    local client_sock = socket.try(socket.connect(host, port))
+    local ssl
+    local res
+
+    if not quiet then print("CONNECTED") end
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
+
+    if ssl_ctx == nil then 
+        error("Error: Client context is invalid")
+    end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '"..private_key_file.."' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    -- Try session resumption?
+    if reconnect ~= 0 then
+        local session_id = nil
+        local sess_id_size = 0
+
+        while reconnect > 0 do
+            reconnect = reconnect - 1
+            ssl = axtlsl.ssl_client_new(ssl_ctx, 
+                    client_sock:getfd(), session_id, sess_id_size)
+
+            res = axtlsl.ssl_handshake_status(ssl)
+            if res ~= axtlsl.SSL_OK then
+                if not quiet then axtlsl.ssl_display_error(res) end
+                axtlsl.ssl_free(ssl)
+                os.exit(1)
+            end
+
+            display_session_id(ssl)
+            session_id = axtlsl.ssl_get_session_id(ssl)
+            sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
+
+            if reconnect > 0 then
+                axtlsl.ssl_free(ssl)
+                client_sock:close()
+                client_sock = socket.try(socket.connect(host, port))
+            end
+
+        end
+    else
+        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
+    end
+
+    -- check the return status
+    res = axtlsl.ssl_handshake_status(ssl)
+    if res ~= axtlsl.SSL_OK then
+        if not quiet then axtlsl.ssl_display_error(res) end
+        os.exit(1)
+    end
+
+    if not quiet then
+        local common_name = axtlsl.ssl_get_cert_dn(ssl, 
+                            axtlsl.SSL_X509_CERT_COMMON_NAME)
+
+        if common_name ~= nil then 
+            print("Common Name:\t\t\t"..common_name)
+        end
+
+        display_session_id(ssl)
+        display_cipher(ssl)
+    end
+
+    while true do
+        local line = io.read()
+    if line == nil then break end
+        local bytes = {}
+
+        for i = 1, #line do
+            bytes[i] = line.byte(line, i)
+        end
+
+        bytes[#line+1] = 10      -- add carriage return, null
+        bytes[#line+2] = 0
+
+        res = axtlsl.ssl_write(ssl, bytes, #bytes)
+        if res < axtlsl.SSL_OK then
+            if not quiet then axtlsl.ssl_display_error(res) end
+            break
+        end
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+    client_sock:close()
+end
+
+--
+-- Display what cipher we are using 
+--
+function display_cipher(ssl)
+    io.write("CIPHER is ")
+    local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
+
+    if cipher_id == axtlsl.SSL_AES128_SHA then
+        print("AES128-SHA")
+    elseif cipher_id == axtlsl.SSL_AES256_SHA then
+        print("AES256-SHA")
+    elseif axtlsl.SSL_AES128_SHA256 then
+        print("AES128-SHA256")
+    elseif axtlsl.SSL_AES256_SHA256 then
+        print("AES256-SHA256")
+    else 
+        print("Unknown - "..cipher_id)
+    end
+end
+
+--
+-- Display what session id we have.
+--
+function display_session_id(ssl)
+    local session_id = axtlsl.ssl_get_session_id(ssl)
+    local v
+
+    if #session_id > 0 then
+        print("-----BEGIN SSL SESSION PARAMETERS-----")
+        for _, v in ipairs(session_id) do
+            io.write(string.format("%02x", v))
+        end
+        print("\n-----END SSL SESSION PARAMETERS-----")
+    end
+end
+
+--
+-- Main entry point. Doesn't do much except works out whether we are a client
+-- or a server.
+--
+if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
+    print_options(#arg > 0 and arg[1] or "")
+end
+
+local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
+_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
+os.exit(0)
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
new file mode 100755
index 0000000000..f3b044939c
--- /dev/null
+++ b/samples/perl/axssl.pl
@@ -0,0 +1,634 @@
+#!/usr/bin/perl -w
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# Demonstrate the use of the axTLS library in Perl with a set of 
+# command-line parameters similar to openssl. In fact, openssl clients 
+# should be able to communicate with axTLS servers and visa-versa.
+#
+# This code has various bits enabled depending on the configuration. To enable
+# the most interesting version, compile with the 'full mode' enabled.
+#
+# To see what options you have, run the following:
+# > [perl] axssl s_server -?
+# > [perl] axssl s_client -?
+#
+# The axtls/axtlsp shared libraries must be in the same directory or be found 
+# by the OS. axtlsp.pm must be in this directory or be in @INC.
+#
+# Under Win32, ActivePerl was used (see
+# http://www.activestate.com/Products/ActivePerl/?mp=1)
+#
+use axtlsp;
+use IO::Socket;
+
+# To get access to Win32 file descriptor stuff
+my $is_win32 = 0;
+
+if ($^O eq "MSWin32")
+{
+    eval("use Win32API::File 0.08 qw( :ALL )");
+    $is_win32 = 1;
+}
+
+use strict;
+
+#
+# Win32 has some problems with socket handles
+#
+sub get_native_sock
+{
+    my ($sock) = @_;
+    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
+}
+
+# print version?
+if ($#ARGV == 0 && $ARGV[0] eq "version")
+{
+    printf("axssl.pl ".axtlsp::ssl_version()."\n");
+    exit 0;
+}
+
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
+print_options($#ARGV > -1 ? $ARGV[0] : "")
+        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
+
+
+# Cygwin/Win32 issue - flush our output continuously
+select STDOUT;
+local $|=1;
+
+my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
+$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
+
+#
+# Implement the SSL server logic. 
+#
+sub do_server
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_DISPLAY_CERTS;
+    my $quiet = 0;
+    my $password = undef;
+    my $private_key_file = undef;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+    my @cert;
+    my @ca_cert;
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq  "-accept")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $port = $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+        {
+            if ($ARGV[$i] eq "-cert")
+            {
+                print_server_options($build_mode, $ARGV[$i]) 
+                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+                push @cert,  $ARGV[++$i];
+            }
+            elsif ($ARGV[$i] eq "-key")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $private_key_file = $ARGV[++$i];
+                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+            }
+            elsif ($ARGV[$i] eq "-pass")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $password = $ARGV[++$i];
+            }
+            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+            {
+                if ($ARGV[$i] eq "-verify")
+                {
+                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
+                }
+                elsif ($ARGV[$i] eq "-CAfile")
+                {
+                    print_server_options($build_mode, $ARGV[$i])  
+                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+                    push @ca_cert, $ARGV[++$i];
+                }
+                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+                {
+                    if ($ARGV[$i] eq "-debug")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
+                    }
+                    elsif ($ARGV[$i] eq "-state")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_STATES;
+                    }
+                    elsif ($ARGV[$i] eq "-show-rsa")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_RSA;
+                    }
+                    else
+                    {
+                        print_server_options($build_mode, $ARGV[$i]);
+                    }
+                }
+                else
+                {
+                    print_server_options($build_mode, $ARGV[$i]);
+                }
+            }
+            else 
+            {
+                print_server_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else 
+        {
+            print_server_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    # Create socket for incoming connections
+    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => $port,
+                              Listen => 1,
+                              Reuse => 1) or die $!;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
+    die "Error: Server context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    for (;;)
+    {
+        printf("ACCEPT\n") if not $quiet;
+        my $client_sock = $server_sock->accept;
+        my $native_sock = get_native_sock($client_sock->fileno);
+
+        # This doesn't work in Win32 - need to get file descriptor from socket.
+        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
+
+        # do the actual SSL handshake
+        my $res;
+        my $buf;
+        my $connected = 0;
+
+        while (1)
+        {
+            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+            last if $res < $axtlsp::SSL_OK;
+
+            if ($res == $axtlsp::SSL_OK) # connection established and ok
+            {
+                if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
+                {
+                    if (!$quiet && !$connected)
+                    {
+                        display_session_id($ssl);
+                        display_cipher($ssl);
+                    }
+
+                    $connected = 1;
+                }
+            }
+
+            if ($res > $axtlsp::SSL_OK)
+            {
+                printf($$buf);
+            }
+            elsif ($res < $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if not $quiet;
+                last;
+            } 
+        }
+
+        # client was disconnected or the handshake failed.
+        printf("CONNECTION CLOSED\n") if not $quiet;
+        axtlsp::ssl_free($ssl);
+        $client_sock->close;
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+}
+
+#
+# Implement the SSL client logic.
+#
+sub do_client
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
+    my $private_key_file = undef;
+    my $reconnect = 0;
+    my $quiet = 0;
+    my $password = undef;
+    my @session_id;
+    my $host = "127.0.0.1";
+    my @cert;
+    my @ca_cert;
+    my $cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq "-connect")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            ($host, $port) = split(':', $ARGV[++$i]);
+        }
+        elsif ($ARGV[$i] eq "-cert")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+            push @cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-key")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $private_key_file = $ARGV[++$i];
+            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+        }
+        elsif ($ARGV[$i] eq "-CAfile")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+
+            push @ca_cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-verify")
+        {
+            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
+        }
+        elsif ($ARGV[$i] eq "-reconnect")
+        {
+            $reconnect = 4;
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($ARGV[$i] eq "-pass")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $password = $ARGV[++$i];
+        }
+        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            if ($ARGV[$i] eq "-debug")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_BYTES;
+            }
+            elsif ($ARGV[$i] eq "-state")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_STATES;
+            }
+            elsif ($ARGV[$i] eq "-show-rsa")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_RSA;
+            }
+            else    # don't know what this is
+            {
+                print_client_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else    # don't know what this is
+        {
+            print_client_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    my $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+    my $ssl;
+    my $res;
+    my $native_sock = get_native_sock($client_sock->fileno);
+
+    printf("CONNECTED\n") if not $quiet;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
+    die "Error: Client context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    # Try session resumption?
+    if ($reconnect)
+    {
+        my $session_id = undef;
+        my $sess_id_size = 0;
+
+        while ($reconnect--)
+        {
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, 
+                            $session_id, $sess_id_size);
+
+            $res = axtlsp::ssl_handshake_status($ssl);
+            if ($res != $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if !$quiet;
+                axtlsp::ssl_free($ssl);
+                exit 1;
+            }
+
+            display_session_id($ssl);
+            $session_id = axtlsp::ssl_get_session_id($ssl);
+
+            if ($reconnect)
+            {
+                axtlsp::ssl_free($ssl);
+                $client_sock->close;
+                $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+
+            }
+        }
+    }
+    else
+    {
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
+    }
+
+    # check the return status
+    $res = axtlsp::ssl_handshake_status($ssl);
+    if ($res != $axtlsp::SSL_OK)
+    {
+        axtlsp::ssl_display_error($res) if not $quiet;
+        exit 1;
+    }
+
+    if (!$quiet)
+    {
+        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
+                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
+
+        printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
+        display_session_id($ssl);
+        display_cipher($ssl);
+    }
+
+    while (<STDIN>)
+    {
+        my $cstring = pack("a*x", $_);   # add null terminator
+        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
+        if ($res < $axtlsp::SSL_OK)
+        {
+            axtlsp::ssl_display_error($res) if not $quiet;
+            last;
+        }
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+    $client_sock->close;
+}
+
+#
+# We've had some sort of command-line error. Print out the basic options.
+#
+sub print_options
+{
+    my ($option) = @_;
+    printf("axssl: Error: '%s' is an invalid command.\n", $option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the server options.
+#
+sub print_server_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+    printf(" -quiet\t\t- No server output\n");
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+    {
+        printf(" -cert arg\t- certificate file to add (in addition to default)".
+                                        " to chain -\n".
+          "\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+    }
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+    {
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+    }
+
+    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+    {
+        printf(" -debug\t\t- Print more output\n");
+        printf(" -state\t\t- Show state messages\n");
+        printf(" -show-rsa\t- Show RSA state\n");
+    }
+
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the client options.
+#
+sub print_client_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
+    {
+        printf("usage: s_client [args ...]\n");
+        printf(" -connect host:port - who to connect to (default ".
+                "is localhost:4433)\n");
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -cert arg\t- certificate file to use - default DER format\n");
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+        printf(" -quiet\t\t- No client output\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+        printf(" -reconnect\t- Drop and re-make the connection ".
+                "with the same Session-ID\n");
+
+        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            printf(" -debug\t\t- Print more output\n");
+            printf(" -state\t\t- Show state messages\n");
+            printf(" -show-rsa\t- Show RSA state\n");
+        }
+    }
+    else
+    {
+        printf("Change configuration to allow this feature\n");
+    }
+
+    exit 1;
+}
+
+#
+# Display what cipher we are using 
+#
+sub display_cipher
+{
+    my ($ssl) = @_;
+    printf("CIPHER is ");
+    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
+
+    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
+    {
+        printf("AES128-SHA");
+    }
+    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
+    {
+        printf("AES256-SHA");
+    }
+    elsif ($axtlsp::SSL_AES128_SHA256)
+    {
+        printf("AES128-SHA256");
+    }
+    elsif ($axtlsp::SSL_AES256_SHA256)
+    {
+        printf("AES256-SHA256");
+    }
+    else 
+    {
+        printf("Unknown - %d", $cipher_id);
+    }
+
+    printf("\n");
+}
+
+#
+# Display what session id we have.
+#
+sub display_session_id
+{    
+    my ($ssl) = @_;
+    my $session_id = axtlsp::ssl_get_session_id($ssl);
+    if (length($$session_id) > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        printf(unpack("H*", $$session_id));
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    }
+}
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
new file mode 100644
index 0000000000..7e5d68277e
--- /dev/null
+++ b/samples/vbnet/axssl.vb
@@ -0,0 +1,702 @@
+'
+' Copyright (c) 2007-2016, Cameron Rich
+'
+' All rights reserved.
+'
+' Redistribution and use in source and binary forms, with or without
+' modification, are permitted provided that the following conditions are met:
+'
+' * Redistributions of source code must retain the above copyright notice,
+'   this list of conditions and the following disclaimer.
+' * Redistributions in binary form must reproduce the above copyright
+'   notice, this list of conditions and the following disclaimer in the
+'   documentation and/or other materials provided with the distribution.
+' * Neither the name of the axTLS project nor the names of its
+'   contributors may be used to endorse or promote products derived
+'   from this software without specific prior written permission.
+'
+' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+'
+
+'
+' Demonstrate the use of the axTLS library in VB.NET with a set of 
+' command-line parameters similar to openssl. In fact, openssl clients 
+' should be able to communicate with axTLS servers and visa-versa.
+'
+' This code has various bits enabled depending on the configuration. To enable
+' the most interesting version, compile with the 'full mode' enabled.
+'
+' To see what options you have, run the following:
+' > axssl.vbnet.exe s_server -?
+' > axssl.vbnet.exe s_client -?
+'
+' The axtls shared library must be in the same directory or be found 
+' by the OS.
+'
+
+Imports System
+Imports System.Net
+Imports System.Net.Sockets
+Imports Microsoft.VisualBasic
+Imports axTLSvb
+
+Public Class axssl
+    ' 
+    ' do_server()
+    '
+    Public Sub do_server(ByVal build_mode As Integer, _
+                                        ByVal args() As String)
+        Dim i As Integer = 1
+        Dim port As Integer = 4433
+        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim private_key_file As String = Nothing
+
+        ' organise the cert/ca_cert lists 
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        While i < args.Length
+            If args(i) = "-accept" Then
+                If i >= args.Length-1
+                    print_server_options(build_mode, args(i))
+                End If
+
+                i += 1
+                port = Int32.Parse(args(i))
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And Not axtls.SSL_DISPLAY_CERTS
+            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
+                If args(i) = "-cert"
+                    If i >= args.Length-1 Or cert_index >= cert_size
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    cert(cert_index) = args(i)
+                    cert_index += 1
+                ElseIf args(i) = "-key"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    private_key_file = args(i)
+                    options = options Or axtls.SSL_NO_DEFAULT_KEY
+                ElseIf args(i) = "-pass"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    password = args(i)
+                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+                    If args(i) = "-verify" Then
+                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
+                    ElseIf args(i) = "-CAfile"
+                        If i >= args.Length-1 Or _
+                                    ca_cert_index >= ca_cert_size Then
+                            print_server_options(build_mode, args(i))
+                        End If
+
+                        i += 1
+                        ca_cert(ca_cert_index) = args(i)
+                        ca_cert_index += 1
+                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                        If args(i) = "-debug" Then
+                            options = options Or axtls.SSL_DISPLAY_BYTES
+                        ElseIf args(i) = "-state"
+                            options = options Or axtls.SSL_DISPLAY_STATES
+                        ElseIf args(i) = "-show-rsa"
+                            options = options Or axtls.SSL_DISPLAY_RSA
+                        Else
+                            print_server_options(build_mode, args(i))
+                        End If
+                    Else
+                        print_server_options(build_mode, args(i))
+                    End If
+                Else
+                    print_server_options(build_mode, args(i))
+                End If
+            End If
+
+            i += 1
+        End While
+
+        ' Create socket for incoming connections
+        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
+        Dim server_sock As TcpListener = New TcpListener(ep)
+        server_sock.Start()      
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLServer = New SSLServer(options, _
+                axtls.SSL_DEFAULT_SVR_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Server context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        Dim buf As Byte() = Nothing
+        Dim res As Integer
+        Dim ssl As SSL
+
+        While 1
+            If Not quiet Then
+                Console.WriteLine("ACCEPT")
+            End If
+
+            Dim client_sock As Socket = server_sock.AcceptSocket()
+
+            ssl = ssl_ctx.Connect(client_sock)
+
+            ' do the actual SSL handshake 
+            While 1
+                res = ssl_ctx.Read(ssl, buf)
+                If  res <> axtls.SSL_OK Then
+                    Exit While
+                End If
+
+                ' check when the connection has been established 
+                If ssl.HandshakeStatus() = axtls.SSL_OK
+                    Exit While
+                End If
+
+                ' could do something else here 
+            End While
+
+            If res = axtls.SSL_OK Then  ' connection established and ok
+                If Not quiet
+                    display_session_id(ssl)
+                    display_cipher(ssl)
+                End If
+
+                ' now read (and display) whatever the client sends us
+                While 1
+                    ' keep reading until we get something interesting 
+                    While 1
+                        res = ssl_ctx.Read(ssl, buf)
+                        If res <> axtls.SSL_OK Then
+                            Exit While
+                        End If
+
+                        ' could do something else here
+                    End While
+
+                    If res < axtls.SSL_OK
+                        If Not quiet
+                            Console.WriteLine("CONNECTION CLOSED")
+                        End If
+
+                        Exit While
+                    End If
+
+                    ' convert to String 
+                    Dim str(res) As Char
+                    For i = 0 To res-1
+                        str(i) = Chr(buf(i))
+                    Next
+
+                    Console.Write(str)
+                End While
+            ElseIf Not quiet
+                SSLUtil.DisplayError(res)
+            End If
+
+            ' client was disconnected or the handshake failed. */
+            ssl.Dispose()
+            client_sock.Close()
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    ' 
+    ' do_client()
+    '
+    Public Sub do_client(ByVal build_mode As Integer, _
+                                    ByVal args() As String)
+
+        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
+            print_client_options(build_mode, args(1))
+        End If
+
+        Dim i As Integer = 1
+        Dim res As Integer
+        Dim port As Integer = 4433
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim reconnect As Integer = 0
+        Dim private_key_file As String = Nothing
+        Dim hostname As String = "127.0.0.1"
+
+        ' organise the cert/ca_cert lists
+        Dim ssl As SSL = Nothing
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        Dim options As Integer = _
+                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
+        Dim session_id As Byte() = Nothing
+
+        While i < args.Length
+            If args(i) = "-connect" Then
+                Dim host_port As String
+
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                host_port = args(i)
+
+                Dim index_colon As Integer = host_port.IndexOf(":"C)
+                If index_colon < 0 Then 
+                    print_client_options(build_mode, args(i))
+                End If
+
+                hostname = New String(host_port.ToCharArray(), _
+                        0, index_colon)
+                port = Int32.Parse(New String(host_port.ToCharArray(), _
+                            index_colon+1, host_port.Length-index_colon-1))
+            ElseIf args(i) = "-cert"
+                If i >= args.Length-1 Or cert_index >= cert_size Then
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                cert(cert_index) = args(i)
+                cert_index += 1
+            ElseIf args(i) = "-key"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                private_key_file = args(i)
+                options = options Or axtls.SSL_NO_DEFAULT_KEY
+            ElseIf args(i) = "-CAfile"
+                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                ca_cert(ca_cert_index) = args(i)
+                ca_cert_index += 1
+            ElseIf args(i) = "-verify"
+                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
+            ElseIf args(i) = "-reconnect"
+                reconnect = 4
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And  Not axtls.SSL_DISPLAY_CERTS
+            ElseIf args(i) = "-pass"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                password = args(i)
+            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                If args(i) = "-debug" Then
+                    options = options Or axtls.SSL_DISPLAY_BYTES
+                ElseIf args(i) = "-state"
+                    options = options Or axtls.SSL_DISPLAY_STATES
+                ElseIf args(i) = "-show-rsa"
+                    options = options Or axtls.SSL_DISPLAY_RSA
+                Else
+                    print_client_options(build_mode, args(i))
+                End If
+            Else    ' don't know what this is 
+                print_client_options(build_mode, args(i))
+            End If
+
+            i += 1
+        End While
+
+        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
+        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
+        Dim  addresses As IPAddress() = hostInfo.AddressList
+        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
+        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
+                SocketType.Stream, ProtocolType.Tcp)
+        client_sock.Connect(ep)
+
+        If Not client_sock.Connected Then
+            Console.WriteLine("could not connect")
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Console.WriteLine("CONNECTED")
+        End If
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLClient = New SSLClient(options, _
+                axtls.SSL_DEFAULT_CLNT_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Client context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        ' Try session resumption?
+        If reconnect > 0 Then
+            While reconnect > 0
+                reconnect -= 1
+                ssl = ssl_ctx.Connect(client_sock, session_id)
+
+                res = ssl.HandshakeStatus()
+                If res <> axtls.SSL_OK Then
+                    If Not quiet Then
+                        SSLUtil.DisplayError(res)
+                    End If
+
+                    ssl.Dispose()
+                    Environment.Exit(1)
+                End If
+
+                display_session_id(ssl)
+                session_id = ssl.GetSessionId()
+
+                If reconnect > 0 Then
+                    ssl.Dispose()
+                    client_sock.Close()
+                    
+                    ' and reconnect
+                    client_sock = New Socket(AddressFamily.InterNetwork, _
+                        SocketType.Stream, ProtocolType.Tcp)
+                    client_sock.Connect(ep)
+                End If
+            End While
+        Else
+            ssl = ssl_ctx.Connect(client_sock, Nothing)
+        End If
+
+        ' check the return status 
+        res = ssl.HandshakeStatus()
+        If res <> axtls.SSL_OK Then
+            If Not quiet Then
+                SSLUtil.DisplayError(res)
+            End If
+
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Dim common_name As String = _
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
+
+            If common_name <> Nothing
+                Console.WriteLine("Common Name:" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        ControlChars.Tab & common_name)
+            End If
+
+            display_session_id(ssl)
+            display_cipher(ssl)
+        End If
+
+        While (1)
+            Dim user_input As String = Console.ReadLine()
+
+            If user_input = Nothing Then
+                Exit While
+            End If
+
+            Dim buf(user_input.Length+1) As Byte
+            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
+            buf(buf.Length-1) = 0                    ' null terminate 
+
+            For i = 0 To user_input.Length-1
+                buf(i) = Asc(user_input.Chars(i))
+            Next
+
+            res = ssl_ctx.Write(ssl, buf, buf.Length)
+            If res < axtls.SSL_OK Then
+                If Not quiet Then
+                    SSLUtil.DisplayError(res)
+                End If
+
+                Exit While
+            End If
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    '
+    ' Display what cipher we are using
+    '
+    Private Sub display_cipher(ByVal ssl As SSL)
+        Console.Write("CIPHER is ")
+
+        Select ssl.GetCipherId()
+            Case axtls.SSL_AES128_SHA
+                Console.WriteLine("AES128-SHA")
+
+            Case axtls.SSL_AES256_SHA
+                Console.WriteLine("AES256-SHA")
+
+            Case axtls.SSL_AES128_SHA256
+                Console.WriteLine("AES128-SHA256")
+
+            Case axtls.SSL_AES256_SHA256
+                Console.WriteLine("AES256-SHA256")
+
+            Case Else
+                Console.WriteLine("Unknown - " & ssl.GetCipherId())
+        End Select
+    End Sub
+
+    '
+    ' Display what session id we have.
+    '
+    Private Sub display_session_id(ByVal ssl As SSL)
+        Dim session_id As Byte() = ssl.GetSessionId()
+
+        If session_id.Length > 0 Then
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+            Dim b As Byte
+            For Each b In session_id
+                Console.Write("{0:x02}", b)
+            Next
+
+            Console.WriteLine()
+            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+        End If
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the basic options.
+    '
+    Public Sub print_options(ByVal options As String)
+        Console.WriteLine("axssl: Error: '" & options & _
+                "' is an invalid command.")
+        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
+                "version] [args ...]")
+        Environment.Exit(1)
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the server options.
+    '
+    Private Sub print_server_options(ByVal build_mode As Integer, _
+                                    ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+        Console.WriteLine("usage: s_server [args ...]")
+        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
+                "- port to accept on (default is 4433)")
+        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
+                "- No server output")
+        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+               "- certificate file to add (in addition to default) to chain -")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                        "- Private key file to use")
+            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
+                    "- private key file pass phrase source")
+        End If
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+        End If
+
+        If build_mode = axtls.SSL_BUILD_FULL_MODE
+            Console.WriteLine(" -debug" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Print more output")
+            Console.WriteLine(" -state" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Show state messages")
+            Console.WriteLine(" -show-rsa" & _
+                    ControlChars.Tab & "- Show RSA state")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+    '
+    ' We've had some sort of command-line error. Print out the client options.
+    '
+    Private Sub print_client_options(ByVal build_mode As Integer, _
+                                                ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
+            Console.WriteLine("usage: s_client [args ...]")
+            Console.WriteLine(" -connect host:port - who to connect to " & _
+                    "(default is localhost:4433)")
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+                    "- certificate file to use")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                    "- Private key file to use")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+            Console.WriteLine(" -quiet" & _
+                    ControlChars.Tab & ControlChars.Tab & "- No client output")
+            Console.WriteLine(" -pass" & ControlChars.Tab & _
+                    ControlChars.Tab & _
+                    "- private key file pass phrase source")
+            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
+                    "- Drop and re-make the " & _
+                    "connection with the same Session-ID")
+
+            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
+                Console.WriteLine(" -debug" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Print more output")
+                Console.WriteLine(" -state" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Show state messages")
+                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
+                        "- Show RSA state")
+            End If
+        Else 
+            Console.WriteLine("Change configuration to allow this feature")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+End Class
+
+Public Module MyMain
+    Function Main(ByVal args() As String) As Integer
+        Dim runner As axssl = New axssl()
+
+        If args.Length = 1 And args(0) = "version" Then
+           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
+            Environment.Exit(0)
+        End If
+
+        If args.Length < 1 
+            runner.print_options("")
+        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
+            runner.print_options(args(0))
+        End If
+
+        Dim build_mode As Integer = SSLUtil.BuildMode()
+
+        If args(0) = "s_server" Then
+            runner.do_server(build_mode, args)
+        Else
+            runner.do_client(build_mode, args)
+        End If
+    End Function
+End Module
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 0a139bb51b..8faefe23a3 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -243,13 +243,16 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
         memset(&tm, 0, sizeof(struct tm));
         tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
 
-        if (tm.tm_year <= 50)    /* 1951-2050 thing */
+        if (tm.tm_year < 50)    /* 1951-2050 thing */
         {
             tm.tm_year += 100;
         }
 
         tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
         tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+        tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+        tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+        tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
         *t = mktime(&tm);
         *offset += len;
         ret = X509_OK;
@@ -274,13 +277,14 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
         }
         else
         {
-          tm.tm_year = abs_year - 1900;
-          tm.tm_mon = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0') - 1;
-          tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
-          tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
-          tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
-          tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
-          *t = mktime(&tm);
+            tm.tm_year = abs_year - 1900;
+            tm.tm_mon = (buf[t_offset+4] - '0')*10 + 
+                                    (buf[t_offset+5] - '0') - 1;
+            tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+            tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+            tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+            tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
+            *t = mktime(&tm);
         }
 
         *offset += len;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 09d205a8d0..71f92f0f54 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -231,7 +231,7 @@ EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
  * @return ssl_ext Pointer to SSL_EXTENSIONS structure
  *
  */
-EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new();
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
 
 /**
  * @brief Set the host name for SNI extension
@@ -281,7 +281,8 @@ EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
  * can be null if no session resumption is being used or required. This option
  * is not used in skeleton mode.
  * @param sess_id_size The size of the session id (max 32)
- * @param ssl_ext pointer to a structure with the activated SSL extensions and their values
+ * @param ssl_ext pointer to a structure with the activated SSL extensions 
+ * and their values
  * @return An SSL object reference. Use ssl_handshake_status() to check 
  * if a handshake succeeded.
  */
@@ -373,8 +374,8 @@ EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
  * @return The cipher id. This will be one of the following:
  * - SSL_AES128_SHA (0x2f)
  * - SSL_AES256_SHA (0x35)
- * - SSL_RC4_128_SHA (0x05)
- * - SSL_RC4_128_MD5 (0x04)
+ * - SSL_AES128_SHA256 (0x3c)
+ * - SSL_AES256_SHA256 (0x3d)
  */
 EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
 
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index 98ba3e192f..b7a2c9b8b0 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1587,7 +1587,7 @@ static int SSL_client_test(
 #endif
     }
     
-    usleep(200000);           /* allow server to start */
+    usleep(500000);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1649,7 +1649,8 @@ static int SSL_client_test(
         goto client_test_exit;
     }
 
-    ssl = ssl_client_new(*ssl_ctx, client_fd, session_id, sizeof(session_id));
+    ssl = ssl_client_new(*ssl_ctx, client_fd, 
+            session_id, sizeof(session_id), NULL);
 
     /* check the return status */
     if ((ret = ssl_handshake_status(ssl)))
@@ -1938,7 +1939,7 @@ static void do_basic(void)
                                         "../ssl/test/axTLS.ca_x509.cer", NULL))
         goto error;
 
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
 
     /* check the return status */
     if (ssl_handshake_status(ssl_clnt) < 0)
@@ -2062,7 +2063,7 @@ static void do_unblocked(void)
                                         "../ssl/test/axTLS.ca_x509.cer", NULL))
         goto error;
 
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
 
     while (ssl_handshake_status(ssl_clnt) != SSL_OK)
     {
@@ -2182,7 +2183,7 @@ void do_multi_clnt(multi_t *multi_data)
         goto client_test_exit;
 
     usleep(200000);
-    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
 
     if ((res = ssl_handshake_status(ssl)))
     {
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 7b84ef2776..b8a813bc58 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -158,11 +158,13 @@ EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
  */
 EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
 {
-    if(ssl_ext == NULL ) {
+    if (ssl_ext == NULL ) 
+    {
         return;
     }
 
-    if(ssl_ext->host_name != NULL) {
+    if (ssl_ext->host_name != NULL) 
+    {
         free(ssl_ext->host_name);
     }
     free(ssl_ext);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 6565625aec..9f49268761 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -173,9 +173,12 @@ typedef struct
     uint8_t key_block_generated;
 } DISPOSABLE_CTX;
 
-typedef struct {
+typedef struct 
+{
     char *host_name; /* Needed for the SNI support */
-    uint16_t max_fragment_size; /* Needed for the Max Fragment Size Extension. Allowed values: 2^9, 2^10 .. 2^14 */
+    /* Needed for the Max Fragment Size Extension. 
+       Allowed values: 2^9, 2^10 .. 2^14 */
+    uint16_t max_fragment_size; 
 } SSL_EXTENSIONS;
 
 struct _SSL
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
index fab26676a3..f670e704f6 100644
--- a/ssl/tls1_clnt.c
+++ b/ssl/tls1_clnt.c
@@ -195,9 +195,8 @@ static int send_client_hello(SSL *ssl)
     time_t tm = time(NULL);
     uint8_t *tm_ptr = &buf[6]; /* time will go here */
     int i, offset, ext_offset;
-    uint16_t ext_len; /* extensions total length */
+    int ext_len = 0;
 
-    ext_len = 0;
 
     buf[0] = HS_CLIENT_HELLO;
     buf[1] = 0;
@@ -257,39 +256,44 @@ static int send_client_hello(SSL *ssl)
         ext_len += sizeof(g_sig_alg);
     }
 
-    if (ssl->extensions != NULL) {
+    if (ssl->extensions != NULL) 
+    {
         /* send the host name if specified */
-        if (ssl->extensions->host_name != NULL) {
-	    unsigned int host_len = strlen(ssl->extensions->host_name);
-
-	    buf[offset++] = 0;
-	    buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len + 5; /* server_name length */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len + 3; /* server_list length */
-	    buf[offset++] = 0; /* host_name(0) (255) */
-	    buf[offset++] = 0;
-	    buf[offset++] = host_len; /* host_name length */
-	    strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
-	    offset += host_len;
-	    ext_len += host_len + 9;
+        if (ssl->extensions->host_name != NULL) 
+        {
+            size_t host_len = strlen(ssl->extensions->host_name);
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 5; /* server_name length */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 3; /* server_list length */
+            buf[offset++] = 0; /* host_name(0) (255) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len; /* host_name length */
+            strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
+            offset += host_len;
+            ext_len += host_len + 9;
         }
 
-        if (ssl->extensions->max_fragment_size) {
-	    buf[offset++] = 0;
-	    buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
+        if (ssl->extensions->max_fragment_size) 
+        {
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
 
-	    buf[offset++] = 0; // size of data
-	    buf[offset++] = 2;
+            buf[offset++] = 0; // size of data
+            buf[offset++] = 2;
 
-	    buf[offset++] = (uint8_t)((ssl->extensions->max_fragment_size >> 8) & 0xff);
-	    buf[offset++] = (uint8_t)(ssl->extensions->max_fragment_size & 0xff);
-	    ext_len += 6;
+            buf[offset++] = (uint8_t)
+                ((ssl->extensions->max_fragment_size >> 8) & 0xff);
+            buf[offset++] = (uint8_t)
+                (ssl->extensions->max_fragment_size & 0xff);
+            ext_len += 6;
         }
     }
 
-    if(ext_len > 0) {
+    if (ext_len > 0) 
+    {
     	// update the extensions length value
     	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
     	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);

From 2213f304490e059d72fd511cd6548b23a685ee8f Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 19 Dec 2016 20:20:01 +0000
Subject: [PATCH 289/301] * X509 State, country and location are now used for
 verification and display. * SNI hostname memory is now managed by the calling
 application * X509 version number is checked before processing v3 extensions.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@272 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 samples/c/axssl.c | 10 --------
 ssl/asn1.c        | 20 ++++++++++------
 ssl/crypto_misc.h |  5 +++-
 ssl/ssl.h         | 18 +++++++++++---
 ssl/tls1.c        | 35 +++++++++++++++++++--------
 ssl/x509.c        | 60 +++++++++++++++++++++++++++++++++++++++--------
 6 files changed, 107 insertions(+), 41 deletions(-)

diff --git a/samples/c/axssl.c b/samples/c/axssl.c
index aaf803440a..2bc872a5e7 100644
--- a/samples/c/axssl.c
+++ b/samples/c/axssl.c
@@ -650,7 +650,6 @@ static void do_client(int argc, char *argv[])
                 }
 
                 ssl_free(ssl);
-                ssl_ext_free(extensions);
                 exit(1);
             }
 
@@ -660,7 +659,6 @@ static void do_client(int argc, char *argv[])
             if (reconnect)
             {
                 ssl_free(ssl);
-                ssl_ext_free(extensions);
                 SOCKET_CLOSE(client_fd);
 
                 client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
@@ -687,13 +685,6 @@ static void do_client(int argc, char *argv[])
 
     if (!quiet)
     {
-        const char *common_name = ssl_get_cert_dn(ssl,
-                SSL_X509_CERT_COMMON_NAME);
-        if (common_name)
-        {
-            printf("Common Name:\t\t\t%s\n", common_name);
-        }
-
         display_session_id(ssl);
         display_cipher(ssl);
     }
@@ -766,7 +757,6 @@ static void do_client(int argc, char *argv[])
     }
 
     ssl_ctx_free(ssl_ctx);
-    ssl_ext_free(extensions);
     SOCKET_CLOSE(client_fd);
 #else
     print_client_options(argv[1]);
diff --git a/ssl/asn1.c b/ssl/asn1.c
index 8faefe23a3..d2bd889804 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -80,8 +80,8 @@ static const uint8_t sig_subject_alt_name[] =
     0x55, 0x1d, 0x11
 };
 
-/* CN, O, OU */
-static const uint8_t g_dn_types[] = { 3, 10, 11 };
+/* CN, O, OU, L, C, ST */
+static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
 
 uint32_t get_asn1_length(const uint8_t *buf, int *offset)
 {
@@ -300,13 +300,19 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
 {
     int ret = X509_NOT_OK;
+    int len;
 
     (*offset) += 2;        /* get past explicit tag */
-    if (asn1_skip_obj(cert, offset, ASN1_INTEGER))
-        goto end_version;
+    if (cert[(*offset)++] != ASN1_INTEGER)
+		return X509_NOT_OK;
 
-    ret = X509_OK;
-end_version:
+	len = get_asn1_length(cert, offset);
+	if (len == 1)
+	{
+		ret = cert[*offset];
+	}
+
+	*offset += len;
     return ret;
 }
 
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index d66839755b..34593fdae6 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -60,10 +60,13 @@ extern "C" {
 /*
  * The Distinguished Name
  */
-#define X509_NUM_DN_TYPES                   3
+#define X509_NUM_DN_TYPES                   6
 #define X509_COMMON_NAME                    0
 #define X509_ORGANIZATION                   1
 #define X509_ORGANIZATIONAL_UNIT            2
+#define X509_LOCATION                       3
+#define X509_COUNTRY                        4
+#define X509_STATE                          5
 
 struct _x509_ctx
 {
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 71f92f0f54..df4fed9bc4 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -159,9 +159,15 @@ extern "C" {
 #define SSL_X509_CERT_COMMON_NAME               0
 #define SSL_X509_CERT_ORGANIZATION              1
 #define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
-#define SSL_X509_CA_CERT_COMMON_NAME            3
-#define SSL_X509_CA_CERT_ORGANIZATION           4
-#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    5
+#define SSL_X509_CERT_LOCATION                  3
+#define SSL_X509_CERT_COUNTRY                   4
+#define SSL_X509_CERT_STATE                     5
+#define SSL_X509_CA_CERT_COMMON_NAME            6
+#define SSL_X509_CA_CERT_ORGANIZATION           7
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    8
+#define SSL_X509_CA_CERT_LOCATION               9
+#define SSL_X509_CA_CERT_COUNTRY                10
+#define SSL_X509_CA_CERT_STATE                  11
 
 /* SSL object loader types */
 #define SSL_OBJ_X509_CERT                       1
@@ -454,9 +460,15 @@ EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
  * - SSL_X509_CERT_COMMON_NAME
  * - SSL_X509_CERT_ORGANIZATION
  * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CERT_LOCATION
+ * - SSL_X509_CERT_COUNTRY
+ * - SSL_X509_CERT_STATE
  * - SSL_X509_CA_CERT_COMMON_NAME
  * - SSL_X509_CA_CERT_ORGANIZATION
  * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_LOCATION
+ * - SSL_X509_CA_CERT_COUNTRY
+ * - SSL_X509_CA_CERT_STATE
  * @return The appropriate string (or null if not defined)
  * @note Verification build mode must be enabled.
  */
diff --git a/ssl/tls1.c b/ssl/tls1.c
index b8a813bc58..5257cbda6c 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -145,11 +145,7 @@ void DISPLAY_BYTES(SSL *ssl, const char *format,
  */
 EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
 {
-    SSL_EXTENSIONS *ssl_ext = (SSL_EXTENSIONS *)malloc(sizeof(SSL_EXTENSIONS));
-    ssl_ext->max_fragment_size = 0;
-    ssl_ext->host_name = NULL;
-
-    return ssl_ext;
+    return (SSL_EXTENSIONS *)calloc(1, sizeof(SSL_EXTENSIONS));
 }
 
 /**
@@ -163,10 +159,6 @@ EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
         return;
     }
 
-    if (ssl_ext->host_name != NULL) 
-    {
-        free(ssl_ext->host_name);
-    }
     free(ssl_ext);
 }
 
@@ -530,6 +522,15 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
         case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
             return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
 
+        case SSL_X509_CERT_LOCATION:       
+            return ssl->x509_ctx->cert_dn[X509_LOCATION];
+
+        case SSL_X509_CERT_COUNTRY:       
+            return ssl->x509_ctx->cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CERT_STATE:       
+            return ssl->x509_ctx->cert_dn[X509_STATE];
+
         case SSL_X509_CA_CERT_COMMON_NAME:
             return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
 
@@ -539,6 +540,15 @@ EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
         case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
             return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
 
+        case SSL_X509_CA_CERT_LOCATION:       
+            return ssl->x509_ctx->ca_cert_dn[X509_LOCATION];
+
+        case SSL_X509_CA_CERT_COUNTRY:       
+            return ssl->x509_ctx->ca_cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CA_CERT_STATE:       
+            return ssl->x509_ctx->ca_cert_dn[X509_STATE];
+
         default:
             return NULL;
     }
@@ -1393,7 +1403,7 @@ int basic_read(SSL *ssl, uint8_t **in_data)
     if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
     {
         /* check for sslv2 "client hello" */
-        if (buf[0] & 0x80 && buf[2] == 1)
+        if ((buf[0] & 0x80) && buf[2] == 1)
         {
 #ifdef CONFIG_SSL_FULL_MODE
             printf("Error: no SSLv23 handshaking allowed\n");
@@ -2149,6 +2159,10 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
             goto error;
         }
 
+#if defined (CONFIG_SSL_FULL_MODE)
+        if (ssl->ssl_ctx->options & SSL_DISPLAY_CERTS)
+            x509_print(certs[num_certs], NULL);
+#endif
         num_certs++;
         offset += cert_size;
     }
@@ -2168,6 +2182,7 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
         {
             if (certs[i] == chain) 
                 continue;
+
             if (cert_used[i]) 
                 continue; // don't allow loops
 
diff --git a/ssl/x509.c b/ssl/x509.c
index 35bd7281e5..3d1541461c 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -73,6 +73,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 {
     int begin_tbs, end_tbs, begin_spki, end_spki;
     int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    int version = 0;
     X509_CTX *x509_ctx;
 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
     BI_CTX *bi_ctx;
@@ -96,7 +97,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
 
     if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
     {
-        if (asn1_version(cert, &offset, x509_ctx))
+        if ((version = asn1_version(cert, &offset, x509_ctx)) == X509_NOT_OK)
             goto end_cert;
     }
 
@@ -122,7 +123,6 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
         goto end_cert;
     end_spki = offset;
 
-
     x509_ctx->fingerprint = malloc(SHA1_SIZE);
     SHA1_CTX sha_fp_ctx;
     SHA1_Init(&sha_fp_ctx);
@@ -197,7 +197,7 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
             break;
     }
 
-    if (cert[offset] == ASN1_V3_DATA)
+    if (version == 2 && cert[offset] == ASN1_V3_DATA)
     {
         int suboffset;
 
@@ -518,9 +518,29 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
         cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
 
-    printf("Organizational Unit (OU):\t");
-    printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
-        cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
+    if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_STATE]);
+    }
 
     printf("=== CERTIFICATE ISSUED BY ===\n");
     printf("Common Name (CN):\t\t");
@@ -531,9 +551,29 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
         cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
 
-    printf("Organizational Unit (OU):\t");
-    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
-        cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->ca_cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->ca_cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_STATE]);
+    }
 
     printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
     printf("Not After:\t\t\t%s", ctime(&cert->not_after));

From a2c7c7e40a6355c05e40b5560bf76829a67d02d2 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Wed, 28 Dec 2016 19:43:52 +0000
Subject: [PATCH 290/301] * Basic constraint functionality added.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@273 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 crypto/os_int.h   |   5 ++
 ssl/asn1.c        | 174 +++++++++++++++++++++++++++++++-------
 ssl/crypto_misc.h |  45 ++++++++--
 ssl/p12.c         |   6 +-
 ssl/tls1.c        |   5 +-
 ssl/tls1_svr.c    |   6 +-
 ssl/x509.c        | 210 ++++++++++++++++++++++++++++++++++------------
 7 files changed, 356 insertions(+), 95 deletions(-)

diff --git a/crypto/os_int.h b/crypto/os_int.h
index a849e5b1a4..02e7d2d546 100644
--- a/crypto/os_int.h
+++ b/crypto/os_int.h
@@ -41,6 +41,11 @@
 extern "C" {
 #endif
 
+/* some bool types - just make life easier */
+typedef char bool;
+#define false       0
+#define true        1
+
 #if defined(WIN32)
 typedef UINT8 uint8_t;
 typedef INT8 int8_t;
diff --git a/ssl/asn1.c b/ssl/asn1.c
index d2bd889804..058e315060 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -80,6 +80,16 @@ static const uint8_t sig_subject_alt_name[] =
     0x55, 0x1d, 0x11
 };
 
+static const uint8_t sig_basic_constraints[] =
+{
+    0x55, 0x1d, 0x13
+};
+
+static const uint8_t sig_key_usage[] =
+{
+    0x55, 0x1d, 0x0f
+};
+
 /* CN, O, OU, L, C, ST */
 static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
 
@@ -117,6 +127,7 @@ int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
 {
     if (buf[*offset] != obj_type)
         return X509_NOT_OK;
+
     (*offset)++;
     return get_asn1_length(buf, offset);
 }
@@ -141,12 +152,12 @@ int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
  * Read an integer value for ASN.1 data
  * Note: This function allocates memory which must be freed by the user.
  */
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
 {
     int len;
 
     if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
-        goto end_int_array;
+        goto end_big_int;
 
     if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
     {
@@ -158,10 +169,93 @@ int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object)
     memcpy(*object, &buf[*offset], len);
     *offset += len;
 
-end_int_array:
+end_big_int:
     return len;
 }
 
+/**
+ * Read an integer value for ASN.1 data
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
+{
+    int res = X509_OK;
+    int len;
+    int i;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 || 
+                len > sizeof(int32_t))
+    {
+        res = X509_NOT_OK;
+        goto end_int;
+    }
+
+    *val = 0;
+    for (i = 0; i < len; i++)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset)++];
+    }
+
+end_int:
+    return res;
+}
+
+/**
+ * Read an boolean value for ASN.1 data
+ */
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
+{
+    int res = X509_OK;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
+    {
+        res = X509_NOT_OK;
+        goto end_bool;
+    }
+
+    /* DER demands that "If the encoding represents the boolean value TRUE,
+       its single contents octet shall have all eight bits set to one."
+       Thus only 0 and 255 are valid encoded values. */
+    *val = buf[(*offset)++] == 0xFF;
+
+end_bool:
+    return res;
+}
+
+/**
+ * Convert an ASN.1 bit string into a 32 bit integer
+ */
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
+{
+    int res = X509_OK;
+    int len, i;
+    int ignore_bits;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
+    {
+        res = X509_NOT_OK;
+        goto end_bit_string_as_int;
+    }
+
+    /* number of bits left unused in the final byte of content */
+    ignore_bits = buf[(*offset)++];
+    len--;
+    *val = 0;
+    for (i = 0; i < len; i++)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset)++];
+    }
+
+    for (i = 0; i < ignore_bits; i++)
+    {
+        *val >>= 1;
+    }
+
+end_bit_string_as_int:
+    return res;
+}
+
 /**
  * Get all the RSA private key specifics from an ASN.1 encoded file 
  */
@@ -187,19 +281,19 @@ int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
     /* Use the private key to mix up the RNG if possible. */
     RNG_custom_init(buf, len);
 
-    mod_len = asn1_get_int(buf, &offset, &modulus);
-    pub_len = asn1_get_int(buf, &offset, &pub_exp);
-    priv_len = asn1_get_int(buf, &offset, &priv_exp);
+    mod_len = asn1_get_big_int(buf, &offset, &modulus);
+    pub_len = asn1_get_big_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_big_int(buf, &offset, &priv_exp);
 
     if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
         return X509_INVALID_PRIV_KEY;
 
 #ifdef CONFIG_BIGINT_CRT
-    p_len = asn1_get_int(buf, &offset, &p);
-    q_len = asn1_get_int(buf, &offset, &q);
-    dP_len = asn1_get_int(buf, &offset, &dP);
-    dQ_len = asn1_get_int(buf, &offset, &dQ);
-    qInv_len = asn1_get_int(buf, &offset, &qInv);
+    p_len = asn1_get_big_int(buf, &offset, &p);
+    q_len = asn1_get_big_int(buf, &offset, &q);
+    dP_len = asn1_get_big_int(buf, &offset, &dP);
+    dQ_len = asn1_get_big_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_big_int(buf, &offset, &qInv);
 
     if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
         return X509_INVALID_PRIV_KEY;
@@ -295,25 +389,12 @@ static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
 }
 
 /**
- * Get the version type of a certificate (which we don't actually care about)
+ * Get the version type of a certificate
  */
-int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+int asn1_version(const uint8_t *cert, int *offset, int *val)
 {
-    int ret = X509_NOT_OK;
-    int len;
-
     (*offset) += 2;        /* get past explicit tag */
-    if (cert[(*offset)++] != ASN1_INTEGER)
-		return X509_NOT_OK;
-
-	len = get_asn1_length(cert, offset);
-	if (len == 1)
-	{
-		ret = cert[*offset];
-	}
-
-	*offset += len;
-    return ret;
+    return asn1_get_int(cert, offset, val);
 }
 
 /**
@@ -463,8 +544,8 @@ int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
     if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
         goto end_pub_key;
 
-    mod_len = asn1_get_int(cert, offset, &modulus);
-    pub_len = asn1_get_int(cert, offset, &pub_exp);
+    mod_len = asn1_get_big_int(cert, offset, &modulus);
+    pub_len = asn1_get_big_int(cert, offset, &pub_exp);
 
     RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
 
@@ -584,7 +665,7 @@ int asn1_find_oid(const uint8_t* cert, int* offset,
     return 0;
 }
 
-int asn1_find_subjectaltname(const uint8_t* cert, int offset)
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
 {
     if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
                                 sizeof(sig_subject_alt_name)))
@@ -595,6 +676,39 @@ int asn1_find_subjectaltname(const uint8_t* cert, int offset)
     return 0;
 }
 
+int asn1_is_basic_constraints(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_basic_constraints, 
+                                sizeof(sig_basic_constraints)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+int asn1_is_key_usage(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_key_usage, 
+                                sizeof(sig_key_usage)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
+{
+    /* critical is optional */
+    bool res = false;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
+        res = buf[(*offset)++] == 0xFF;
+
+    return res;
+}
+
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
 
 /**
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 34593fdae6..fb9d965a6b 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007-2015, Cameron Rich
+ * Copyright (c) 2007-2016, Cameron Rich
  * 
  * All rights reserved.
  * 
@@ -56,6 +56,7 @@ extern "C" {
 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
 #define X509_INVALID_PRIV_KEY               -9
 #define X509_MAX_CERTS                      -10
+#define X509_VFY_ERROR_BASIC_CONSTRAINT     -11
 
 /*
  * The Distinguished Name
@@ -68,6 +69,21 @@ extern "C" {
 #define X509_COUNTRY                        4
 #define X509_STATE                          5
 
+/*
+ * Key Usage bits
+ */
+#define IS_SET_KEY_USAGE_FLAG(A, B)          (A->key_usage & B)
+
+#define KEY_USAGE_DIGITAL_SIGNATURE         0x0001
+#define KEY_USAGE_CONTENT_COMMITMENT        0x0002
+#define KEY_USAGE_KEY_ENCIPHERMENT          0x0004
+#define KEY_USAGE_DATA_ENCIPHERMENT         0x0008
+#define KEY_USAGE_KEY_AGREEMENT             0x0010
+#define KEY_USAGE_KEY_CERT_SIGN             0x0020
+#define KEY_USAGE_CRL_SIGN                  0x0040
+#define KEY_USAGE_ENCIPHER_ONLY             0x0080
+#define KEY_USAGE_DECIPHER_ONLY             0x0100
+
 struct _x509_ctx
 {
     char *ca_cert_dn[X509_NUM_DN_TYPES];
@@ -76,12 +92,19 @@ struct _x509_ctx
     time_t not_before;
     time_t not_after;
     uint8_t *signature;
-    uint16_t sig_len;
-    uint8_t sig_type;
     RSA_CTX *rsa_ctx;
     bigint *digest;
     uint8_t *fingerprint;
     uint8_t *spki_sha256;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    bool basic_constraint_present;
+    bool basic_constraint_is_critical;
+    bool key_usage_present;
+    bool key_usage_is_critical;
+    bool basic_constaint_cA;
+    int basic_constraint_pathLenConstraint;
+    uint32_t key_usage;
     struct _x509_ctx *next;
 };
 
@@ -97,7 +120,8 @@ typedef struct
 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
 void x509_free(X509_CTX *x509_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint);
 #endif
 #ifdef CONFIG_SSL_FULL_MODE
 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
@@ -107,6 +131,7 @@ const char * x509_display_error(int error);
 /**************************************************************************
  * ASN1 declarations 
  **************************************************************************/
+#define ASN1_BOOLEAN            0x01
 #define ASN1_INTEGER            0x02
 #define ASN1_BIT_STRING         0x03
 #define ASN1_OCTET_STRING       0x04
@@ -139,15 +164,21 @@ uint32_t get_asn1_length(const uint8_t *buf, int *offset);
 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
-int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
+int asn1_version(const uint8_t *cert, int *offset, int *val);
 int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
 int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
 #ifdef CONFIG_SSL_CERT_VERIFICATION
 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_find_subjectaltname(const uint8_t* cert, int offset);
 int asn1_compare_dn(char * const dn1[], char * const dn2[]);
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
+int asn1_is_basic_constraints(const uint8_t *cert, int offset);
+int asn1_is_key_usage(const uint8_t *cert, int offset);
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
 #endif /* CONFIG_SSL_CERT_VERIFICATION */
 int asn1_signature_type(const uint8_t *cert, 
                                 int *offset, X509_CTX *x509_ctx);
diff --git a/ssl/p12.c b/ssl/p12.c
index 2bafaf7eaf..5bd2394626 100644
--- a/ssl/p12.c
+++ b/ssl/p12.c
@@ -105,7 +105,7 @@ int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
     }
 
     /* unencrypted key? */
-    if (asn1_get_int(buf, &offset, &version) > 0 && *version == 0)
+    if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0)
     {
         ret = p8_add_key(ssl_ctx, buf);
         goto error;
@@ -257,7 +257,7 @@ int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
         goto error;
     }
 
-    if (asn1_get_int(buf, &offset, &version) < 0 || *version != 3)
+    if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3)
     {
         ret = SSL_ERROR_INVALID_VERSION;
         goto error;
@@ -463,7 +463,7 @@ static int get_pbe_params(uint8_t *buf, int *offset,
     *salt = &buf[*offset];
     *offset += len;
 
-    if ((len = asn1_get_int(buf, offset, &iter)) < 0)
+    if ((len = asn1_get_big_int(buf, offset, &iter)) < 0)
         goto error;
 
     *iterations = 0;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 5257cbda6c..fcc0bbaadc 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2090,8 +2090,11 @@ static int check_certificate_chain(SSL *ssl)
 EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
 {
     int ret;
+    int pathLenConstraint = 0;
+
     SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx,
+            &pathLenConstraint);
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
 
     if (ret)        /* modify into an SSL error type */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
index 163abbd41c..abc044552d 100644
--- a/ssl/tls1_svr.c
+++ b/ssl/tls1_svr.c
@@ -92,8 +92,10 @@ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
             if (ret == SSL_OK)    /* verify the cert */
             { 
                 int cert_res;
-                cert_res = x509_verify(
-                        ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx);
+                int pathLenConstraint = 0;
+
+                cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, 
+                        ssl->x509_ctx, &pathLenConstraint);
                 ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
             }
             break;
diff --git a/ssl/x509.c b/ssl/x509.c
index 3d1541461c..7375ae37f5 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -42,6 +42,13 @@
 #include "crypto_misc.h"
 
 #ifdef CONFIG_SSL_CERT_VERIFICATION
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+
 /**
  * Retrieve the signature from a certificate.
  */
@@ -95,11 +102,10 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
         goto end_cert;
 
-    if (cert[offset] == ASN1_EXPLICIT_TAG)   /* optional version */
-    {
-        if ((version = asn1_version(cert, &offset, x509_ctx)) == X509_NOT_OK)
-            goto end_cert;
-    }
+    /* optional version */
+    if (cert[offset] == ASN1_EXPLICIT_TAG && 
+            asn1_version(cert, &offset, &version) == X509_NOT_OK)
+        goto end_cert;
 
     if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
             asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
@@ -197,50 +203,11 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
             break;
     }
 
-    if (version == 2 && cert[offset] == ASN1_V3_DATA)
+    if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
     {
-        int suboffset;
-
-        ++offset;
-        get_asn1_length(cert, &offset);
-
-        if ((suboffset = asn1_find_subjectaltname(cert, offset)) > 0)
-        {
-            if (asn1_next_obj(cert, &suboffset, ASN1_OCTET_STRING) > 0)
-            {
-                int altlen;
-
-                if ((altlen = asn1_next_obj(cert, 
-                                            &suboffset, ASN1_SEQUENCE)) > 0)
-                {
-                    int endalt = suboffset + altlen;
-                    int totalnames = 0;
-
-                    while (suboffset < endalt)
-                    {
-                        int type = cert[suboffset++];
-                        int dnslen = get_asn1_length(cert, &suboffset);
-
-                        if (type == ASN1_CONTEXT_DNSNAME)
-                        {
-                            x509_ctx->subject_alt_dnsnames = (char**)
-                                    realloc(x509_ctx->subject_alt_dnsnames, 
-                                       (totalnames + 2) * sizeof(char*));
-                            x509_ctx->subject_alt_dnsnames[totalnames] = 
-                                    (char*)malloc(dnslen + 1);
-                            x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
-                            memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
-                                    cert + suboffset, dnslen);
-                            x509_ctx->subject_alt_dnsnames[
-                                    totalnames][dnslen] = 0;
-                            ++totalnames;
-                        }
-
-                        suboffset += dnslen;
-                    }
-                }
-            }
-        }
+        x509_v3_subject_alt_name(cert, offset, x509_ctx);
+        x509_v3_basic_constraints(cert, offset, x509_ctx);
+        x509_v3_key_usage(cert, offset, x509_ctx);
     }
 
     offset = end_tbs;   /* skip the rest of v3 data */
@@ -268,6 +235,106 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     return ret;
 }
 
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
+    {
+        /* ignore if present */
+        asn1_is_critical_ext(cert, &offset);
+
+        if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
+        {
+            int altlen;
+
+            if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
+            {
+                int endalt = offset + altlen;
+                int totalnames = 0;
+
+                while (offset < endalt)
+                {
+                    int type = cert[offset++];
+                    int dnslen = get_asn1_length(cert, &offset);
+
+                    if (type == ASN1_CONTEXT_DNSNAME)
+                    {
+                        x509_ctx->subject_alt_dnsnames = (char**)
+                                realloc(x509_ctx->subject_alt_dnsnames, 
+                                   (totalnames + 2) * sizeof(char*));
+                        x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                (char*)malloc(dnslen + 1);
+                        x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                        memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                cert + offset, dnslen);
+                        x509_ctx->subject_alt_dnsnames[
+                                totalnames][dnslen] = 0;
+                        ++totalnames;
+                    }
+
+                    offset += dnslen;
+                }
+            }
+        }
+    }
+
+    return X509_OK;
+}
+
+/**
+ * Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
+ */
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
+        goto end_contraints;
+
+    x509_ctx->basic_constraint_present = true;
+    x509_ctx->basic_constraint_is_critical = 
+                    asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
+    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constaint_cA) < 0 ||
+    		asn1_get_int(cert, &offset,
+    		                &x509_ctx->basic_constraint_pathLenConstraint) < 0)
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_contraints:
+    return ret;
+}
+
+/*
+ * Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
+ */
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_key_usage(cert, offset)) == 0)
+        goto end_key_usage;
+
+    x509_ctx->key_usage_present = true;
+    x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_key_usage:
+    return ret;
+}
+#endif
+
 /**
  * Free an X.509 object's resources.
  */
@@ -371,8 +438,10 @@ static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
  * - That the certificate(s) are not self-signed.
  * - The certificate chain is valid.
  * - The signature of the certificate is valid.
+ * - Basic constraints 
  */
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert) 
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint) 
 {
     int ret = X509_OK, i = 0;
     bigint *cert_sig;
@@ -415,6 +484,13 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
         goto end_verify;
     }
 
+    if (cert->basic_constaint_cA && 
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+    {
+        ret = X509_VFY_ERROR_BASIC_CONSTRAINT;     
+        goto end_verify;
+    }
+
     next_cert = cert->next;
 
     /* last cert in the chain - look for a trusted cert */
@@ -425,14 +501,29 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
             /* go thu the CA store */
             while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
             {
+                /* ignore CA certs that are not really CA certs */
+                if (cert->basic_constraint_present && 
+                        !ca_cert_ctx->cert[i]->basic_constaint_cA)
+                    continue;
+                        
                 if (asn1_compare_dn(cert->ca_cert_dn,
                                             ca_cert_ctx->cert[i]->cert_dn) == 0)
                 {
                     /* use this CA certificate for signature verification */
-                    match_ca_cert = 1;
+                    match_ca_cert = true;
                     ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
                     mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
                     expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
+
+                    if (ca_cert_ctx->cert[i]->basic_constaint_cA &&
+                        ca_cert_ctx->cert[i]->
+                                    basic_constraint_pathLenConstraint <
+                                                            *pathLenConstraint)
+                    {
+                        ret = X509_VFY_ERROR_BASIC_CONSTRAINT;       
+                        goto end_verify;
+                    }
+
                     break;
                 }
 
@@ -491,7 +582,8 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
     /* go down the certificate chain using recursion. */
     if (next_cert != NULL)
     {
-        ret = x509_verify(ca_cert_ctx, next_cert);
+        ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
+        (*pathLenConstraint)++; /* don't include last certificate */
     }
 
 end_verify:
@@ -603,8 +695,19 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
 
     if (ca_cert_ctx)
     {
+        int pathLenConstraint = 0;
         printf("Verify:\t\t\t\t%s\n",
-                x509_display_error(x509_verify(ca_cert_ctx, cert)));
+                x509_display_error(x509_verify(ca_cert_ctx, cert,
+                        &pathLenConstraint)));
+    }
+
+    if (cert->basic_constraint_present)
+    {
+        printf("Basic Constraints:\t\t%s, CA:%s, pathlen:%d\n",
+                cert->basic_constraint_is_critical ? 
+                    "critical" : "NOT critical",
+                cert->basic_constaint_cA? "TRUE" : "FALSE",
+                cert->basic_constraint_pathLenConstraint);
     }
 
 #if 0
@@ -655,6 +758,9 @@ const char * x509_display_error(int error)
         case X509_INVALID_PRIV_KEY:
             return "Invalid private key";
 
+        case X509_VFY_ERROR_BASIC_CONSTRAINT:
+            return "Basic constraint invalid";
+
         default:
             return "Unknown";
     }

From acab61d0e08f567b6927b1df21abfd66e5d4f14b Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Fri, 30 Dec 2016 21:59:50 +0000
Subject: [PATCH 291/301] * Basic constraint/key usage v3 extensions now
 supported * Test harness must now be run without built-in default cert

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@274 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c                               |  14 +-
 ssl/cert.h                               |  54 +++++++
 ssl/crypto_misc.h                        |  22 +--
 ssl/private_key.h                        |  54 +++++++
 ssl/test/axTLS.ca_key.pem                |  27 ++++
 ssl/test/axTLS.ca_x509.cer               | Bin 0 -> 786 bytes
 ssl/test/axTLS.ca_x509.pem               |  19 +++
 ssl/test/axTLS.ca_x509_sha256.pem        |  33 +++--
 ssl/test/axTLS.encrypted.p8              | Bin 0 -> 673 bytes
 ssl/test/axTLS.encrypted_pem.p8          |  17 +++
 ssl/test/axTLS.key_1024                  | Bin 0 -> 609 bytes
 ssl/test/axTLS.key_1024.pem              |  15 ++
 ssl/test/axTLS.key_2048                  | Bin 0 -> 1192 bytes
 ssl/test/axTLS.key_2048.pem              |  27 ++++
 ssl/test/axTLS.key_4096                  | Bin 0 -> 2347 bytes
 ssl/test/axTLS.key_4096.pem              |  51 +++++++
 ssl/test/axTLS.key_aes128.pem            |  18 +++
 ssl/test/axTLS.key_aes256.pem            |  18 +++
 ssl/test/axTLS.key_device.pem            |  27 ++++
 ssl/test/axTLS.key_end_chain.pem         |  27 ++++
 ssl/test/axTLS.key_intermediate_ca.pem   |  27 ++++
 ssl/test/axTLS.key_intermediate_ca2.pem  |  27 ++++
 ssl/test/axTLS.noname.p12                | Bin 0 -> 1612 bytes
 ssl/test/axTLS.unencrypted.p8            | Bin 0 -> 635 bytes
 ssl/test/axTLS.unencrypted_pem.p8        |  16 ++
 ssl/test/axTLS.withCA.p12                | Bin 0 -> 2521 bytes
 ssl/test/axTLS.withoutCA.p12             | Bin 0 -> 1702 bytes
 ssl/test/axTLS.x509_1024.cer             | Bin 0 -> 604 bytes
 ssl/test/axTLS.x509_1024.pem             |  15 ++
 ssl/test/axTLS.x509_1024_sha256.pem      |  24 +--
 ssl/test/axTLS.x509_1024_sha384.pem      |  24 +--
 ssl/test/axTLS.x509_1024_sha512.pem      |  24 +--
 ssl/test/axTLS.x509_2048.cer             | Bin 0 -> 736 bytes
 ssl/test/axTLS.x509_2048.pem             |  18 +++
 ssl/test/axTLS.x509_4096.cer             | Bin 0 -> 992 bytes
 ssl/test/axTLS.x509_4096.pem             |  23 +++
 ssl/test/axTLS.x509_aes128.pem           |  15 ++
 ssl/test/axTLS.x509_aes256.pem           |  15 ++
 ssl/test/axTLS.x509_bad_after.pem        |  15 ++
 ssl/test/axTLS.x509_bad_before.pem       |  15 ++
 ssl/test/axTLS.x509_device.pem           |  34 +++++
 ssl/test/axTLS.x509_end_chain.pem        |  19 +++
 ssl/test/axTLS.x509_end_chain_bad.pem    |  19 +++
 ssl/test/axTLS.x509_intermediate_ca.pem  |  19 +++
 ssl/test/axTLS.x509_intermediate_ca2.pem |  37 +++++
 ssl/test/ssltest.c                       | 105 ++++++++++---
 ssl/x509.c                               | 178 +++++++++++++++++++----
 tools/make_certs.sh                      | 134 +++++++++++++----
 www/index.html                           |   2 +-
 49 files changed, 1080 insertions(+), 148 deletions(-)
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/test/axTLS.ca_key.pem
 create mode 100644 ssl/test/axTLS.ca_x509.cer
 create mode 100644 ssl/test/axTLS.ca_x509.pem
 create mode 100644 ssl/test/axTLS.encrypted.p8
 create mode 100644 ssl/test/axTLS.encrypted_pem.p8
 create mode 100644 ssl/test/axTLS.key_1024
 create mode 100644 ssl/test/axTLS.key_1024.pem
 create mode 100644 ssl/test/axTLS.key_2048
 create mode 100644 ssl/test/axTLS.key_2048.pem
 create mode 100644 ssl/test/axTLS.key_4096
 create mode 100644 ssl/test/axTLS.key_4096.pem
 create mode 100644 ssl/test/axTLS.key_aes128.pem
 create mode 100644 ssl/test/axTLS.key_aes256.pem
 create mode 100644 ssl/test/axTLS.key_device.pem
 create mode 100644 ssl/test/axTLS.key_end_chain.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca2.pem
 create mode 100644 ssl/test/axTLS.noname.p12
 create mode 100644 ssl/test/axTLS.unencrypted.p8
 create mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 create mode 100644 ssl/test/axTLS.withCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.p12
 create mode 100644 ssl/test/axTLS.x509_1024.cer
 create mode 100644 ssl/test/axTLS.x509_1024.pem
 create mode 100644 ssl/test/axTLS.x509_2048.cer
 create mode 100644 ssl/test/axTLS.x509_2048.pem
 create mode 100644 ssl/test/axTLS.x509_4096.cer
 create mode 100644 ssl/test/axTLS.x509_4096.pem
 create mode 100644 ssl/test/axTLS.x509_aes128.pem
 create mode 100644 ssl/test/axTLS.x509_aes256.pem
 create mode 100644 ssl/test/axTLS.x509_bad_after.pem
 create mode 100644 ssl/test/axTLS.x509_bad_before.pem
 create mode 100644 ssl/test/axTLS.x509_device.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain_bad.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca2.pem

diff --git a/ssl/asn1.c b/ssl/asn1.c
index 058e315060..b53562cd9e 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -223,7 +223,7 @@ int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
 }
 
 /**
- * Convert an ASN.1 bit string into a 32 bit integer
+ * Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
  */
 int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
 {
@@ -241,16 +241,20 @@ int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
     ignore_bits = buf[(*offset)++];
     len--;
     *val = 0;
-    for (i = 0; i < len; i++)
+
+    /* not sure why key usage doesn't used proper DER spec version */
+    for (i = len-1; i >= 0; --i)
     {
         *val <<= 8;
-        *val |= buf[(*offset)++];
+        *val |= buf[(*offset) + i];
     }
 
-    for (i = 0; i < ignore_bits; i++)
+    *offset += len;
+
+    /*for (i = 0; i < ignore_bits; i++)
     {
         *val >>= 1;
-    }
+    }*/
 
 end_bit_string_as_int:
     return res;
diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..40234b9b1c
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,54 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5,
+  0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32,
+  0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33,
+  0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa,
+  0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0,
+  0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3,
+  0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a,
+  0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99,
+  0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01,
+  0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0,
+  0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28,
+  0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb,
+  0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07,
+  0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+  0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a,
+  0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0,
+  0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2,
+  0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77,
+  0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80,
+  0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77,
+  0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32,
+  0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9,
+  0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d,
+  0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9,
+  0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95,
+  0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
+  0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
+  0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
+  0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
+  0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
+  0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
+  0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
+  0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
+  0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
+  0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
+  0xb1, 0x22, 0x6b, 0x50
+};
+unsigned int default_certificate_len = 604;
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index fb9d965a6b..5dd3921975 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -74,15 +74,15 @@ extern "C" {
  */
 #define IS_SET_KEY_USAGE_FLAG(A, B)          (A->key_usage & B)
 
-#define KEY_USAGE_DIGITAL_SIGNATURE         0x0001
-#define KEY_USAGE_CONTENT_COMMITMENT        0x0002
-#define KEY_USAGE_KEY_ENCIPHERMENT          0x0004
-#define KEY_USAGE_DATA_ENCIPHERMENT         0x0008
-#define KEY_USAGE_KEY_AGREEMENT             0x0010
-#define KEY_USAGE_KEY_CERT_SIGN             0x0020
-#define KEY_USAGE_CRL_SIGN                  0x0040
-#define KEY_USAGE_ENCIPHER_ONLY             0x0080
-#define KEY_USAGE_DECIPHER_ONLY             0x0100
+#define KEY_USAGE_DIGITAL_SIGNATURE         0x0080
+#define KEY_USAGE_NON_REPUDIATION           0x0040
+#define KEY_USAGE_KEY_ENCIPHERMENT          0x0020
+#define KEY_USAGE_DATA_ENCIPHERMENT         0x0010
+#define KEY_USAGE_KEY_AGREEMENT             0x0008
+#define KEY_USAGE_KEY_CERT_SIGN             0x0004
+#define KEY_USAGE_CRL_SIGN                  0x0002
+#define KEY_USAGE_ENCIPHER_ONLY             0x0001
+#define KEY_USAGE_DECIPHER_ONLY             0x8000
 
 struct _x509_ctx
 {
@@ -102,7 +102,9 @@ struct _x509_ctx
     bool basic_constraint_is_critical;
     bool key_usage_present;
     bool key_usage_is_critical;
-    bool basic_constaint_cA;
+    bool subject_alt_name_present;
+    bool subject_alt_name_is_critical;
+    bool basic_constraint_cA;
     int basic_constraint_pathLenConstraint;
     uint32_t key_usage;
     struct _x509_ctx *next;
diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..f72bee23ae
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,54 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd,
+  0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b,
+  0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc,
+  0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1,
+  0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a,
+  0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53,
+  0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec,
+  0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45,
+  0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73,
+  0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8,
+  0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f,
+  0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e,
+  0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69,
+  0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe,
+  0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf,
+  0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b,
+  0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33,
+  0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1,
+  0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6,
+  0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a,
+  0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22,
+  0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02,
+  0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74,
+  0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c,
+  0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84,
+  0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb,
+  0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8,
+  0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23,
+  0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb,
+  0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24,
+  0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca,
+  0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08,
+  0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99,
+  0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4,
+  0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a,
+  0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6,
+  0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7,
+  0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f,
+  0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b,
+  0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78,
+  0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2,
+  0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88,
+  0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57,
+  0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b,
+  0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26,
+  0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95,
+  0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad,
+  0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11,
+  0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1,
+  0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
new file mode 100644
index 0000000000..0c8c19b3fb
--- /dev/null
+++ b/ssl/test/axTLS.ca_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r
+QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI
+1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6
+x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO
+XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf
+2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ
+b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O
+TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E
+YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi
+7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd
+mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I
+ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+
+Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov
+M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
+O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
+Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
+i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
+E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
+neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
+Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
+qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
+GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
+0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
+ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
+89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
new file mode 100644
index 0000000000000000000000000000000000000000..7bde7b0a4231cedc65d7bbdcb877cfc56e79ade4
GIT binary patch
literal 786
zcmXqLV&*ewV*Iv%nTe5!iId?;!n6&HOIThQ@Un4gwRyCC=VfGMWo0lhF*GtTU}Fwt
z;S$zNtO)T5RtPA{&q_@$QE<smNv~9JPAw|QOv_A8EJ;;xEG@~%FUl;bG>{YLH8e9c
zGBz+WG%ztTj}qrKHZZU>uz+&OG_{FQ3E6p!tPIRejQk8hZ*Va+F)}i2R5qA2jeR<k
zPIr{yv>@*u=Ewc&hTrZ@xFftdMr1`wx#<D^)sE3!va4QJpN_Ct>1%)N_tzJ<x&D6*
zE=~<|=2W|MGvK%LK|_PU$u81ykB;h@e@g7Q!gf6FkD~1=;oGf7Go0t-%yCG2u$1@D
zsU`OgO<%m(eDlV~9qcm%8of#tT{urB3;a5MhEboNy`)y!@RrQ&hd;Dcw_khAws+m3
zubm+rUjrmQ<@o${)|FOSt-ski*u~Z5T)eh>Wz*C4um2Z6jtKiI|2Apes|DMY8&Cas
zR%w}g<cC|!`zi^yR8iigQG52?c3CKY<I3!FJt9A&S%qq*E5zNHE0}q~wrI_nTipH8
zyiClD42+AF4HOOdfiWg4%*gnkh1Gx=NEz^f1o%M$EWikFLk>n@ECYj)k)bI0{DSQw
zUDgwX5*BDDADR7FsNllkf=%5FZn@PP?f(RtulByMW}}Pv#60dy-^<>Hp+`lHzr5f5
zSbNXgyc)$dZf5IERy|Cy{1tTndehcj%{Sjk{F&W!-^1%q=0djB&5aS|=PR5)Ke!UN
z-rPTa?>UY`%O>4({MK4!c1u-9;Qgar4KshLPEN`wbu$m_dlmBQY3}EhuPV>_&3b4T
zQaNi$vi9a$gJ>lWmd3T5XTCL+-t)BD!|Gnj8x_Q4E%m$Y!U?ezlh^PH%BT6x+S$o_
z*mOzgQU~Ved#nU?A8XF~I+L$(b!5ZmQ+Ji0<Vq`i`h7c2CV!@()%Rml&au4uztm92
IUdHMK07gbX4gdfE

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
new file mode 100644
index 0000000000..0dfd1f4d59
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.ca_x509_sha256.pem b/ssl/test/axTLS.ca_x509_sha256.pem
index f50a475834..0771ca651c 100644
--- a/ssl/test/axTLS.ca_x509_sha256.pem
+++ b/ssl/test/axTLS.ca_x509_sha256.pem
@@ -1,18 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIC5DCCAcwCCQDGL4Ul/VVK0TANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
-MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMDQxMjAwBgNVBAoTKWF4VExTIFByb2pl
-Y3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA6d9BDlOJo6fdmSkUdAkMYFnlAK4Q5qwE/vYX8umY0Gz1
-CEIwEyKJq+rCpl2vmlwEETGcphlRsiybOMwVfdRDQv51ZfTJnz1WQZBKdsYb55xy
-JWOZFHSpuZa+THW1TOImpvxXoK3OMh/dcuaQG5G7QoWMWRK5aZvpl27rRx033dik
-U8lO12oaUtCD3AgNttU7zTLiIQjeIZ9JbES74mx1s4lT22nmXoL5/AdJa3yGjDjG
-J1RX8hQ7/pbcC2s4+0XIjGthB2ClJWyvv8bY96POZ+Kc5XLFFjxYoGHtRzQbw2gx
-rx7r5/a+d7XgWedMnwf1M1/v9vNA14kgjg2pwuFD4QIDAQABMA0GCSqGSIb3DQEB
-CwUAA4IBAQBW9MtGYroXnu8id8rDvjki8Vk8lDBD0AkOq5QYbXB322Wbg2C+cmHP
-zQAJ9YZU/NjnRZiEX1QVoZAXdSXXScbUbSlBQweEvGZmailTGPhJ/wtmNtK6P7ZP
-YIJ6XaQdALvteULFMhEQKM9UUkrsbqh41wtoTjOsMlWcRvq9FHLujXxyzjvFPdEI
-kz26d7F2yqtgzxW4YLAlclZu6vex/MzNmbjhHenMWp6LNWVWofdIv9jRS1tOSyK+
-hg2sV7CL75nzQ/A22ql8X3SZLAZNR/V7DF+MSBrIcHBzgFZ8QEGlNam29WseuC2C
-51+ZXtv0DZ1bPmX+Pz1E06wMGlBTpC4z
+MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
+AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
+BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
+08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
+jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
+9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
+LfUXs2/UCNpEHS60Xl8UDJXA
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..07feaac9b509a32687f6bc823b426191f0a9e765
GIT binary patch
literal 673
zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2*{m0{+oFxcLD+k00e>pdkmlHgD7Vz
zCm9>FJDCD@>~r}|@snQhXFpIWl5vk2sM{QxjI_9P)WipyQj*FPWsvp@aSaHp@pMDK
z$MZ1uGwhQEoVP#A-kSi+dF@r}0bd6_%=)sMicLuiwtg#<3Y7GXU1(kJiz<Q-P<M{w
zh<Zl%4ezO~WC1q+jC3=}+KCnrxf17Ms=%3VdN|B|v>JNz?rB8R{k=4>M8Z{jx$bSb
z<wWMo&!9FcoY8I$HN)~qeQmQAOUA9Q0_{xeFn}g;XxEeFcsUpD>;tb0$e|023ira)
zD>a(ty;nL}MC^RHtzL7Qc>{bsjm=OO9*Eb+*ftfQu80Z%gf49F03=jRv$9vannCiq
zf5{60qu}m6-rO}9Z!j6by%67<A-WSO6&dlrbR<4jQ5xTOl{Z>*uwJK$%i(EW%Y3`v
zEK6MzCSvG=;jW{#t^^ps&}d7nJ?CA*f8PEzY6f44WRx=aquSW0uMo|h^4N5oU#CUY
zzPn(1I=F_2Luh4{P}g>Lw+t71V^!Z#OO^Sep<NF%Pb0E!e5`LBo|UHIQ{WU32?2Cz
zSAi2$TCN*B_T!_6t;z0Y#esM~IX%TNEa=m6&*x>e==Jwey=>11<+a%YiDyyv0<IhH
zsf>>1%F)+lUE`S)`6xBS@V)O-(`jMu^s6c^<#;>i{2IW5?bTxuZ~w%dx787P?vjtU
zyeek_O^XX?nEBTi*5i#QQZL#ra;^+llVBeDl_hR{TBlMCL`Xov*IvWw@7Mab>K>qx
z91lbWCd`Ij^a&hPw#2c(_^5Pcxmu-5%&Fk~WTNIbGwDg(YP}?j6oq}T(+M_nCrTlQ
HUEnaSBD_pH

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
new file mode 100644
index 0000000000..bc28403bba
--- /dev/null
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr
+j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd
+ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K
+bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8
+LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq
+3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K
+2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze
+Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC
+ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
+zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
+bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
+a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
+wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
+eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
+2A==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
new file mode 100644
index 0000000000000000000000000000000000000000..e39791ec8b54056d5bc75137a9e8ade3ae6c29c5
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdIV^)Iz9qhg7P$Iv<P9y|-oiKt0eAnw;E%eCntd;dJu_
z4q?H;c#5*R6(U;yo49%|4~VyP-UOMYqM1{Rt$127?Ysf!-|6fxpj}h;=8B-mZ9zq2
zBeTy=P#-AYHsW*N)}gaTPj0&noA0RkOr>$5h}{RNh7CW>nIocvcMk#s0RRC4fq*7I
z?3Sz4ABhf~IM^oz<+c<E*Z*mF7D~hh7FD-8RiD0w_*m%0MyT-Z+Sb2_RW0UnDJ*2k
zT^*YwI+#GA(yv^rBjhvC>R?jmdY*G%E`ZV8Z$}T8fHu-F2i?}!6^Sc!)qaY+V?qk@
zF)6?K`S6I3iozmp6(+Y{TUbOKJ9z>@0O9en<;Z}OKu~lP-Lmp0Tns(HU+$bmY!d+A
z(Ak6fkSv7qs>0p-&jUe-5XQS+x3(^(9jdzfN^;nmt%wb36#_v3);1&aU3bXSNx_r;
z$_?wA+Pz08bC;k{*Gween+rFt!!fl_VhGCR@0WW+pxP@Rzo-b4(iR+vnepEy(L$M%
z0zm+=LF9hlAot|)`A^YmEe-MM?3_C0z?8Zt;(WBFp(FO~=2KSUP%_v8j_b#Dk<-dP
z)HEP`EBh}x5OT2xR<_LoKps2t0}XUEvMs#U$fbBCgAekXGKg*@K!n1`iH`Q1TU<?z
z%dm)%Dz^}5V|g}_)1Oy%E_VKl^q2SDi8~AJWdcC}xv#$o$&e=Va*MySeCKa(Tcee@
vo&&khpi{as!PBjUyLm_n)<2xtH<1wy1l2prbX^>gjXm-B`Mx#RvQtnU*ex&x

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
new file mode 100644
index 0000000000..fd8226eba1
--- /dev/null
+++ b/ssl/test/axTLS.key_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB
+wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF
+YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB
+AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/
+iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W
+1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0
+FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY
+mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK
+5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6
+5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47
+8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X
+di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt
+hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
new file mode 100644
index 0000000000000000000000000000000000000000..00989873bb903c8c1537d4318e535fe068d6aa00
GIT binary patch
literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaH{T6R3AC2^VxXLF))22BHn=^2*8_o14xzC`P*=rH@6
z?q9N&et`5QFL)W+(l6XVbV9<GF3&c{LIa}!3_GpM-iV5(@^VbX4*?X@2?%@il5pik
zJ;&S3XinWcXY&GlCNepC6|j?%=oF4g(N)VhUsI{TiSA;uMkko3oSGII7H@b<#g-()
zU=sW@KPX+8PAjIR0UZ>s-!tGHNzp`upSmteb&<0wmV){%MxUPyI4%}1$so8x0|-eF
z53KPPtq)(3fr9U|R-lCkCHu0BSqDwK7RiZF-j+6sH-#U^)dhS-)$f4D)6-0{m`T`G
z`Tb<R=UpgDBfSrcmNnG^0|5X50)hbn0MI}h>wxtpv2E)FiZC|-?&eX=i#pSP=0JEA
z`*pDo=d(>5BYeo-P6_TWG5D<hN5+)Wgv|v14pPtYRhr(Mp##}4)C;Bri_}_cp2oS3
znrEUuBV6{v3GwGsrZuADGrAY_Zb)VT_}>C>*nJWe!wIXSrR*ifFe{Iz);M+Zz{jwH
z7={XO-&;!7t}aIj4&HO+t{m{TDFKj~5b2S1EX8coAi^v#r?)d`*bnMt;~5F4-F`V=
zz&>OjFDoICVE7Q<>Kj*Lc*Hb&&PT@(v20NjJ2<J+>PKA0?ZuDilWu=VCv63J0Z@{)
zDxfm3MqM7$mYQie95%BL9ghXFsRDt40RMqc^_O{AEjs;TcPsrwZTOJlLJg!&wOKcV
zlMOBS{g{a*a{(PoDPg2sZ@#fm0b~daQ}Y%}q%zMMBH*+dZZpJxyhL6(mk3~Sc~?Kq
z$cT)V=o+qS31(OWJy3cj-}d$ZJydp@hI>ixT8%3rt2m|GMobPtNhKJ0rdNkCLjr+;
z0QuG#YJ+OL(ruGCO=l~|qrP%7=d#>GTjwB1A}gENm8)#5_<8v|P1-lqtdd-Y#ds*n
z2S&ZNC!G0rx&-y#(u9bIlt>^{*Oia_)?SX0=CwiHxI8suq@@I(Q~I7lNHIRzLTF~~
za~rj{cp7VF%&IkOaNIl`*x#O-v3@jP2LgeC0Nli^1x2f<pY%_PEA)$U{2qaMuAe~g
zZA-Xj?7_c|Tlm+{&h8MDs2$-ssi-(-E4+3i$jQp$^6sDdGFH3i_I|E&yoJhevTC1#
zjM(v>N3o3HyN-%ezUg{&+8)+iF^8WCm-LE4e4f0-pB70*JaNYbk69WV847=TWm`?k
zCjx<hP$^~>O8j7flrH>@xnRz@w@sxFy3hH%?>FdeE?D02hXZ4*hE{d7(IddsZcxeH
zYGjNKF`$KI$aFILIK?}Etd6n~-QuCvT4K!EYn6*K-%YmqdN&s}sLclAM>D8M$)rUa
zv8(jlPBY9Nc{`-cUVyD^l>MZ$;cQ-RJoHG}0)c>43rt-w_O7VyNPF?A=_BhSAAW2w
z<-kkl4oJV*6MN5+B$ye|7ZdX93W12hQN)$V;;qt2CgO3wyG;p7+x2Swvid>z<3P_D
z6FN_Nb}2vnGBE|+R~O;bVM9+hq5>7uyc-!-KN0JNO@!8spNZNsP`HMyT4!Q_(+cBF
G5|Pp%l0WbO

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
new file mode 100644
index 0000000000..5ef719db71
--- /dev/null
+++ b/ssl/test/axTLS.key_2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y
+ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl
+RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94
+S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W
+L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8
+RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r
+BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP
+8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C
+cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ
+mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0
+e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz
+Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd
+SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu
+aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW
+GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo
+ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+
+2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL
+cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7
+5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ
+RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo
+bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM
+2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe
+bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy
+6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh
+1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
new file mode 100644
index 0000000000000000000000000000000000000000..df8a8fde95f87836187040e8746243bebd557e15
GIT binary patch
literal 2347
zcmV+`3Dov5f(a)A0RRGm0s#QP3QnWf^s^<%@HvE#|2%kbpk<#0x@QOp%A6JL4$B06
zQpMDD2u!G_%q}k$mC8P>+J$g8>^C4Klpx}(&t0eXjgNSz2~a3rc8R(sQ0dkEQqWOU
zMZI#r^XVAit&~0Z$s0Q#j9piF;Ey8_Wo}z)3f1H@Q{hx^U7e4PW=*2$FQ9Q<#l{P_
zwkao$@0gatD@@2~i9#yX@%wF1*1A>luI?)_5iI$Qr6##63}lIV9yz}&8JWgFZWjGn
zn_{FYqAgeTszHFOo(QGXj&mfq$5>Ni1FiT|t@2r#IW1%u@|t<WEiAMzJIIjx(z`6q
zIk(N|?OX+7rfs|UWuDcti0METe<8Qa=EMM_hI7{XQk4nrBu{sJgRPK>*BhHvZOg~#
z3gv<evHssc1Wy6CH7UD^*kX3S*r6cY<f|n5H=#+M&%tq-#{qdhDvHw6d_yt<KM2Bv
zj)ys7F<AC04pRH=rRX-1y%kccz#Qqgi{R9Mno#p=hu5n|R!x}6nvGc1Zt=$0u&@dh
zgYC-d{SfVwc&I`n>%fj)MK=x8KnU{G-Vg4HL!_8>R!n)TXWMBD$g5GzqV%R1qOUo%
z<BSR_mjzmgE2NUY-HlySdhJP1of<#8Y6#=21%O&ubG0Dgdc;$bevl-&m0#ithq7Ix
zP9oUrFyWD>$%26b0|5X50)henB`H~QXEoUT^w(Fa35@!jtKPl~dB#d@$;U-e5a5mU
zzH_JursW1el*jZR^pxY^ApYQ2h}zQ#3w@BMjBCP4;Bp{SPOpTmYbr4qu9bDljSSm&
z0fEI?Q9sw&l90q<0i~GvW$$^Im9dV&P<nb&f<U^5Ku>uIC(FyzozS{5PC|nptna#&
zMdhF^A%Vx+RFj}~AI1sc)F{ztqy7nO+*@&nHYJ9*d+K|I)rh`h#248>-wZ=9lmt1t
zsQzN6HUZEWcUO%0V?1A+2Y1n2N6mYX7gqf7Qt%Wvwwhh&Lermw^m*rQuDv+mrFw7j
z39c=jQ1`8v^)M5N4p&Ro<g@h+BU1XnL)7Z*L*^}__-*sA1}wxsccVV@Vgt`+t<q4?
z`=U!28ra&imtrlpexaaB4TP*Q4S|I<b^CQ;&nyEllb4l({1{*(7T-`PY+|JmzOLVC
zs+E1dbQQxGQON(S1=UEiu8SRqQUdHjDE2WsZ@C`+1xO*-p(cnXj3+LFLn0uw<l}~8
z>N37kd-7O|RFNA*v1XeXgk(>CFuaZpWc^u@pb3(u`k#iV6fhkx0ypxWj72$-jbw#u
zNguMfE%9jNL0gpoJZsq<EmzL$UCFrVK5qEX&~+q-H_A{JaFG^vndy_mvt%G4iTrdG
zs_Uzz+PY4^WV>DA0)hbn0O73zXm=?(p;NijJdiKV+fi;4)j2T|?I&T+<7kr*2h59B
z>1H#x<_M}{7x6ThvP}8b4Y?8>Tg|y5z#E@GUd;+l<-!sLt^lw_wg@-$8qZBXO2c5C
zs3-`h9zd)d1^anJd}0Tbhp0LfdpN1h@vVRAUdmMA@mGONU)GhHiM$k|s*RQ$Ikr6L
z$O}2MEw`O7(ZZM-16d0#M=piOL}Gs4oT+3*bgLH5w`j%!5h)G-%XNQ5&wvPEt$O{g
zK)p%LCR@#SZwo#I!o2dlG93S#?&h<?A7^OvgqSAUKVyi*%Fzq*g=)F&H|taH2UsGr
zu}8-<RAR#2GxG08r2>Kh0RY+9MDO3_$)TR!Txuq4@pQ4bDjIjd2{`>DItc$>l;26>
zNIOtbh!ap0v%SYZ30InfvJ+bVgQd0!qfB<rYN(QqAcVj3*{d0wI`SG*Ew@pvI?XlY
z%ar6C7yEHF_OM_}PrwJAjEqzi1j-I3+Yblc(w*i-l&1bTv^RPAdJ<*GJRfN#Y-Y*_
zT5SeV_)Ju6F4X2@0AZ;ak{|xpBQVrAaG)lr3(=(-<#U~0Qw~h|pN~2OSlVgpDg@L-
zL33!ay4vZQO;pAUr)T@*3qE0Bpj)M(B?&b~(MIwh_1~Ilt7qBhuCNjdRjSZ%ah7*0
zE-+fLP@h#D3W7GGIIRML0RUq?#zp2q2Rm}AK`vbB=*bPDF0PTA_X@j8)HK-x^8~v3
zdzs)1)=wUIZt}ouw91qBIv$3|WQe|tFR=4;uvKg=piF^plXul^uKGdR`AOjC!*Pj0
zuagHS=JoQ@yzmr?TNe|w>8MU#Tq|SSsA(fNAw|{<Mc?o5I6B=9r3&=k&N<pqtk2{~
z9L4*|zxCG56#i9cwdczGlSsZeu1s)L0%<x#k`|ygLuq_<w(9)$-wFl&m9Y9qwA&Rw
z0j3U@snfWFK89kKKUlNoy2JkDnHmxC^5_J8uPLw(MdG4PzT3gtQz$^H%9_xv^lNfr
zuu8$1<OH+%rF8b(D$xRh0RR|?&+^D0q#n$=v}4R77VDCnQ)HRC3J=~2nw_f6CoLkd
z7JPrEKN1ze&me!1Eaxra$tr&24Mm%S=v`Al8YvVYXRj;6HSe4`tYF#jCPeTs_g`m2
zc3w4hsEEuCOw&Gf9PK`?QpWc!E&%7L9-zs+A+ccI(?}n8nQUqkTiH05U6vROd-3zE
z@>Mqy0!i+4B(58%Xu+2L=R++!W1c%WXF1Y9xZDb%Mc7D>_yDs|rPRi*_@>yY0GWKE
zmr#8v4<}lQ<4w8bR2@|GF$4UGnq}Acmnb__*Lw>H1xW&?1_bjs&U?%JbkKntIN!cn
zA)uCqL(@JDz(PC@_Z<R)0RS|LF%0`{%a3WUNgeYP5OM615xL(9<mHUlb-6(*k}g9?
zlOJ8E@VO}zt`<O@C$CSrJq9}f&Y{fq#j2xlw>=6)17tt3<iPG!h{qzYLx%1BmW(m#
z@(VD(SfTva;dkVU5bIv2%$)uMxgi~Y{+Fg*OVu4MiI`A8bv*@L(D6`1uHBr_iQBG6
zi=G!P?ESAhm~P`mA-}MLfozRm4IM-hGK@DZ0?RP%dY-F2l>jyEXH%9Ok?Hm;qWF4;
zx^5dYje5j|($8)!ETTCNR1Bx5H1pe>7fjq7D&)@gqg_ZV1kb*&d3#T2+2L5xDQd!^
R-KpUHmbT&ib)P%cX;_ZKh7|w+

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
new file mode 100644
index 0000000000..73fb75f899
--- /dev/null
+++ b/ssl/test/axTLS.key_4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU
+dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR
+VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx
+XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/
+KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5
+wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ
+7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ
+ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU
+f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy
+1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J
+T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA
+AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0
+H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X
+2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg
+LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5
+uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04
+4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+
+82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg
+IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh
+2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS
+pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74
+0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp
+OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS
+HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH
+lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY
+GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN
+d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH
+M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J
+4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR
+rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl
+yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M
++Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a
+aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c
+6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz
+dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj
+26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+
+OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz
+5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2
+3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV
+wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41
+dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz
+rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY
+qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL
+/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf
+CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/
+seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud
+LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3
+LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb
+nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
new file mode 100644
index 0000000000..470f29b514
--- /dev/null
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89
+
+aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb
+hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa
+oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb
+sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY
+pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ
+7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX
+8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K
+SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
+JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
+0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
+8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
+9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
+v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
new file mode 100644
index 0000000000..5e9c5fd46d
--- /dev/null
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048
+
+eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ
+aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC
+yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90
+aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E
+r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi
+EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl
+YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3
+UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
+0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
+qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
+RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
+9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
+mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_device.pem b/ssl/test/axTLS.key_device.pem
new file mode 100644
index 0000000000..5c9a845847
--- /dev/null
+++ b/ssl/test/axTLS.key_device.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
+SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
+GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
+yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
+Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
+yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
+P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
+CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
+VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
+hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
+OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
+BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
+NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
+CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
+rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
+qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
+apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
+4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
+jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
+hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
+LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
+rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
+THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
+1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
+iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_end_chain.pem b/ssl/test/axTLS.key_end_chain.pem
new file mode 100644
index 0000000000..7c1cb6cbf3
--- /dev/null
+++ b/ssl/test/axTLS.key_end_chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
+DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
+uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
+TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
+I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
+DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
+rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
+ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
+yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
+5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
+tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
+uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
+GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
+ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
+u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
+t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
+hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
+p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
+dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
+uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
+90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
+rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
+Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
+87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
+yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca.pem b/ssl/test/axTLS.key_intermediate_ca.pem
new file mode 100644
index 0000000000..57fef36137
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
+I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
+u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
+YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
+zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
+Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
+tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
+Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
+D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
+UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
+iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
+gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
+QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
+JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
+FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
+NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
+SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
+gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
+RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
+lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
+6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
+ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
+wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
+fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
+/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca2.pem b/ssl/test/axTLS.key_intermediate_ca2.pem
new file mode 100644
index 0000000000..5a4dbee96a
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
+2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
+zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
+yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
+7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
+t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
+DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
+hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
+psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
+3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
+ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
+narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
+dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
+50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
+f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
+PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
+WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
+EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
+zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
+e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
+oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
+cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
+MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
+Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
+eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0383293487b156598a1383a699cb16e6db4a4a1b
GIT binary patch
literal 1612
zcmZXTdpOez7{|AtZ5mk{T5@nSilMbVGnR6hWS87_s8HAxJMCC<iAvYGQ!ZU4oe5!M
zJ*$vTj@wbmr4-F|WOIAaN<uE>tmiqm=Q)48&-*-|@AJNYeZF`;j0S+!@O&5o2DeC}
zB`s)y)xr6E=qiK{UB>gF3wS=T{BH!y=L6F!Gy#A?sx|y?0>&G_H2(Uq77WHCAZvD<
z6Q_nwKXU|tHK6l+pn~xdJsU6T+gKWOpI|W6#>7-w?*<|El0^O>)P4%m{>@9^{N)e3
z+~A3<lc%G%A1Vn8G3!#4J`Cs_*>oA+g`9RLRWTs(#p{*g`%zmOjy6M10R!(o+awd_
zXbx^UyHl2Nl3BkBM2TKRv{Rz`!Q_a*ZeGp%2Sx|Xi3b?YvZR!ipKXA*7FpqKy#bH?
zM((ck6e2{Dnw~ng;o!h~Wh}1Oo<8|VUcT96EIxt2X4Wr>IbQA%o2`D+u|Cv5Bz6d1
zx9ox4xxcnZnu<>03|5`=-_s?9@iQ1MP32gz&^7VMH|=rfp>x7pr4+80&y5CxXL9lI
zP-uy?I{4I*Wo1hDSv?cn=W*+*3HldB$AOS)WB<hyUjb56=)7CL;K(iHu^WBr)EO!9
zt;DW%s~{$_Vo)q1DbPWb-nHI3lUeU0j~yYcY3bbC9IPy-BL#QBTlK4WGdj5)I`YA<
z*$|NV(;A)_tHIq+nVoydG&Vw`pfA<I4{b;*t{<5%kxcy<^>Vn_IPJ4pH_Eg9%2Ua{
z?6q~?9=;}vSn|<SAadj*^7R#ghl_vtbuUJ*p{2sk9>eAkq@B`^u-UWj$mZp+(B1np
z@@FHw8}vC{M49F*U&rDBIPPW|Il>dS+jb-9)2<ge`lMC?iH$H5mX}Sp6B%hKFF2#f
zH`je!IQ?PI${syg*Di~V+w&Nb2gf0v9|aEw%0|>hHN4)X+Mx<i>uP%8A8)QQk8dbN
zoN~R5kq={L&JCjVO4vhDMv>~W+H2Z{Jp?L?F3`<x_)ywi(4ehl$DG5~s7c3VMpjm}
zUX&!5ec6fS?m$h4_S<%cJhu12nw~S6q52*1PX<W|c!jfEnS01&@8U1e9F|tW$ID;V
z$#*n5wsgGGZ>%~T{8Ot|PMdQ#bD=*|CHd$7NUqX<6r%E8g=MPgg=zk+yapIhg?Ci&
z_Wzr3>4h@8$KK)E_a>;$<8IzNmXI=x-7l}cPWLTnnY5T{ex$_SJ0r%HQRgM$TvNas
z+o~tdFmK89j5l_>Q&-`&_)0$~XwJjNj=kQ|#aj19_!tpf8o5Zmcnb(h<_hNXl6qn?
zS%(j|Ni~gT`gH>xDQ5ib_&)@>)ZhmT6<Og^1*hFF{c4WvEpfi<hRyxJ#GU*G4}#bA
z9Iw5AtNo&kd&tG?8=L%+hf;*YQNoR+ve8kaqNApjI(eHS=(lc89)B9frjb8wS!sBa
zcE)AZ;lllH-Ylc@$tqbY%IK{57C1~U(vj083?FiZ&}5=qG*%EW8Lw>-8D*ZO7#GaZ
z1kk&6F|nZZls-c}j&TuFZ5?_GC9Sl7qd^Q4U}`P03NwZIJ1?w=xf3I{24SaVae)Ia
z4`msZI=<W)q$w{fVaA${wA6l@RBw>iKu>N?{}d~exNn>2i&}aextd7q{jtq(Dd3SH
z<lwtuc~aCh>c{4b7LUhjy4Ge*I<<86<-)zZkba({gWLKk7MM26=-AincOYjjk$bOp
zL!vtEH-|YhR5r$x&{&`42K!nUmL^>1z0I?chvAgGz*J}5MZZEv?R3t37u-W$IYy0#
zYA!*274meEW?NN4eJf9RZkt*^J9C6)Oev)pAy}yg{jbJ!RGFV9H*Mw-%-tz1wqoL0
zrQW=C@;<+;jvp*xh6}ECCy{DS^-~_M6Yx|yy&YopbM-S<0nx{4>fo6NN^9x>q^SA^
zNC{cY$=hpfyQu{vskmgU(ZExnHrV1|TQ4_h#zvoD*|PQp2~)@W9qC=2i)Vil{f>nX
zHeR)#+hdY)<lFn^LMrMbDO~2>sca@}#+&>jG<-b)4bd&kz6Lm1aWbOycP3*VzJ;Iy
zCMNI%{3bjc2DL<}0s2r7M0a!g#q{~O5TK6iMN8_B+@Wj3w}PyhVLV64LdIC%#r_j8
CC*Z9B

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..df7c2e21600e2f296671ecc261f79616e864929e
GIT binary patch
literal 635
zcmV->0)+iAf&zB}0RS)!1_>&LNQU<f0RaI800e>pVK9OMT>=3B0)c@5y${qvsC0)^
zs<}EJi_X2bW&1!q&=H!P+=6`Ss2AaM^92rJ!NGWnvbq%_TK}84dM*!$w{+eFnWdtc
zQ;V&5S~2as0q5W8>@T2QQ}*VHpvY}OMPnng&rVPuDBm{XbKlmXvqn#DyA7M~sQFB#
zaiNIa2dRb)Kh2pVqJ(!30s{d60Rn-5CO_<!tJEKf4xKpICk5rU6bRS<X?PY&#0C~s
zw>njyzJ~Z%=*32;@a@{xzlc>W=5i@4WXW9}n<P4zK%vsFT&pAGGtlZ_Qs;V}b6+li
z(cEuG50`*8(l7_z*4Gt@D|FR<io9b&3i2^2zxny_h>wcGB5oBXw_aOVL>xPL0zm-b
z@v`N}fRjK_bQImP@+VvjJ-}b?oJDLC0N>ErgZhvxgz~Dw-TTi2L5L8>yI!}pE~Xu-
zy8B9U*qW_~4QdqvK>*e^BlBH%$kR!|lm5yL>zmrWM<{cbpitLLB;T70H?G4mwNGLQ
z%H{8udqbewD<8k82$Rwl9Eq9n-zL#QnUexR0I@;je%~PX<nj4W(P}LX@#*ZGI_AKX
zx+mg%w56dV_U-0VR^m`H*aD90$90j@%0ARIAbczPFFFu%u?JSR%>qCkJMse!bTqOp
zyw=F2cqM}m@|!Y<ZX`g2!pMn^_MBT>O^wU2h><F{5NKn0Hj&exS9UIT{)_aN_uYv*
z3+-hBK>)e0zX{2ZCi8NOzq5SjZ*N<pmAIY*xzC_ex-!Ajt%bXJND0<IoY^;#5e)>@
VJIZuj9FdJZ@%Z_^HP^CJP#x3uH1Yrd

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
new file mode 100644
index 0000000000..dee0ed461e
--- /dev/null
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6
+H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi
+mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b
+76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX
+/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj
+5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K
+wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ
+LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K
+Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
+QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
+68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
+hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
+kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
+PfH4+b4117JTUB0=
+-----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0a89e7358b4104678b647bbd9388f20d8a2593ff
GIT binary patch
literal 2521
zcmZXVc{CJ^8pdbL7{-=m&^MNv2qCjrN|I#Xm&u3h#%CK_mh53H*`f?t(-1->`!?gF
zi4fWM5REL!GReN(zH{!q-E;0A?|I(yJnwn`dd~Tw2+&amAP7Z(=0c#7aoTaa>_8?U
zi2zLo6QJ?G>=+aQ;_y3ykO&adUzQ;Q5b#U1ekVYbAcW=LAJ~9E6bG2uIC4nybws@h
z0|PT4k^q6X!@S{(F^()r+zqW8Y!{%%O#-28{V&AJee{*mkyuJ3H6Jy)vQ4)!feE<H
z7SDT&&^>*0BKvZ{ScKQ}wW6H1VXqs1|AlAgfW())?i^h{Y9g;IFvW11_uLky<Dg5?
zy;^~+={u>pk<OQ`g0(fjY1!-D*-8j$-{_2sct)&qIP3SC+fRku@4rZIXjxL-3^@rI
zq8U=j>IsfW;l+OGg%?zx&Y6**8s|?~&`_<VO~#RZSN6r|=&O!(C9FK^rOcZf1n)zK
z0M(e@6?M&Xj~=XzuSJb7?>>%LV+?uGdM5Zs3d*Nh8!q-??7j@opZ;rHvqoLPj1Qk1
z9bOXy{ls?_SQhBL-Fwj}TFP>{q>MD{cvk$F0`FbB9n!9U6wY7Dq?(YWf*5l0`HIx$
zMr*Hyo!d^dw&+kgzTs^e{%|WFAw~$878BV`V=oBsI<E$}vUa_=sk9_kBW!QJ>b!k`
zXL0NtCY|#sy$x@xw2t)@Zc~y}j~ZDdwR*0^-A`<1Vmw*-AS|XcPF8bLQ6;%+>Oy$F
zG|>zWZo8)KeGf#w$J=4rx-bjag<#|gI@$W=IU}f6x$YCa*U7433P*cEB4(*Pwexjy
zwX-``bdyS`y{1zS50iO?PkrM1mu7MkQ8T?m6^1hs@~d-i7TBj61wVF{F)HyoWh1uU
zB6$0|r(y?m7t=Dn3=?-0O1P)?)=z)(a2@)5V+g=8)8dO_TMESl2#!VZby>s9xv^eA
z`Azd7OK{dBid%f0GLuz4u`u_($WHPW&3NppS;t&+noD+i^OPg5g4fA3P&D)<<!!?L
z^Gz~H`CINS8N0?z6&CeNg=-3aT1E3!V_G54_gvTuc!>9M-kXX_9pA2bTh0CxWGL_B
zgxYpB5ZgNAVptk}%j_L&p^3_-K%L~0RaU%b{ScXLe`hMh#uwAkFMF3`j8`Qz!tNxH
z^_t9IJl=5zUo6W6gudv>Q}X{#vhS!0nyVY^OaGXt%kOI#cPJZi99gw*_~ct|`KAt0
z%1E|C<beN%t#9K&zKYBqIeO;J_Z3fZR_SH6UJzUF7cLp4p=isS+=4egxWro1Tp%Wx
z2yHnEZrh`{{qs3m^za#`hFy$87>pu+X5A-Th00TrBff_(lGyJ@^G_H{#UX%6pP^%s
zO+A5U4LT+*(EW|CA1tyUX}*<XUCH`5i562`z=d0_I@5%NVc?ZYi4hQ<Y&&w(8<{^T
z_{_EovDG&GNsn&AcjvUsHvv5)sN4OuEj%ta3D4;;9#JV7E~e7{K_)Rae^BE|GzY)c
zQvvhw=bYt&hX;5{B_ums8pb}DIiEVM$Nyu=hWhBB%)@UY;M$R(LU8&>a&vR`{Ij+O
zvU*0>DU3}i<ZlDGWC{JU-PP#FS@o3rIXva**s$-uMB)J7LO<eO2E>w9pT=#l`IXT#
zX5f9*3P%0WWMbv=Sx=$dSuk@(ajd4SV9mLA@ZonRee}CQB=hx=2BG0_Q+IPr@V=tt
z_a)1(!^r+MzLop6F;bF3PMeFqr1PI)0iD-)3v1fi@0M@ZaK__o;!4{u-@N+dFr>Q(
z_X+Se=t>)=&P79A%}d{$X-<6_>r>6Yq?0GZQMJ>ol)Bv;8*z{`cTjozQZh*DE=n)<
z9^Ow8LJkTBw!TWAJLTKs>X!5;vS4vZCcZ4u-BWkL3mZeJ%&$s#%(pu<7TjBYbjs?@
z2A1nMhi3|Xvv*5<bMvshtbM?b?lDw1wP8n$^F=OWJ1omv;Htdjt7URhXd`no>YmPo
zpkY`SO8De_)QHxy#h$`Aa0Xk$^ojS=v0d?CPRD9wVVWF}SGc9x5a2*orI8H-%(`lh
zO(r-Uf<u0^a=+?MT)bY3;cBy%YFe$Q6`@zT3f-M%6q<03DG#8u>a`PVt}6UH4GWWA
z8@WRp(oqSAp<`nVGVInMD8;r9Lp6<=wyA}U>W3@pp_|H`T$67VMON@di5;!T=PuSG
zlHWk6Z}b~zc@x?%?XzBjW1PfEW(AZ|h;p|$?)-J2T2dzoCM1R`SAa78Ax)%D_vv--
z5rQc2nXLvC0VME0C?OF*Y+wS2`Iim;H2?_ff55^5WFQe33Qz=wr~l6z@|@>iFztk@
ze|Q5XFoZ^|E_MC6)hcT?==UZMYXLXh*_Ix2YpyvDkaLr-Bgu7cyOaiqa*2rI19)e|
z<709wsi}~~F0Z(B{<DRK2$-{c+5XD9oAC&+>xU%kta9v5ipvqJE5RD0n5BRd7$h&>
z$m)IKA&(aCIb2|e%ZHj=s!6(g+g~NzUZ*9=l|(*MiD7G)iZY(B+{CI=xMds;g?kA7
zQ>h(NIg^LFGl357p+S%3j87G53>yKK_?zPT@%~k!Gg^$Uh1288oV<-v_nj|XzOo^G
zs{FFPc7S+8)ACxJ(bL_`)sz{vxdeEnx8NufYoH*p1}eJiIq1X*k{sv9CbYn}_Nk#7
z>9%nBi&m@wAGog_qNv(j9}9g`7W%Tmv>M~4+K1Pl*}*Lvhtu^R-}%W%=axSye%IH}
zGKJyK;<(sdG;i+Bh|qCfZIBvdk*BNAB)A)?`$pi_N7!C1uUw@S5CQ3VVHP~G#>a{t
zQuQ1An1PmeQdKi6e<(d1-_0GlM6D75c{CnqtJpx5XMH8$)NRtYp?h+vy#AjwA8}~(
zNMvrNxEm<oPv0+U(vKcnN>{+yUpNQO^TV;@Uk5(Z+bSQaze-cgUn+*70sQDcyJ*oI
zh%2|;BV<kDw>Y)7_)aB8|7iOnUZeGuF(bHHZV&&SFwCsKrS?jJ8Nr_y?Gfq-jG;^6
z^Ce0PR24@Ajxt`iESWgJsP(dvw4ww#74ov<Iy0e07r02Q>A@E!lmRD6syRdmOoacz
z^t`7~M>zy(+@|#uvQ>Qi(Zc5EiYaqX9&%D2SH1Sp<|HaliE+9wPk7u8nQfu$(gDUc
zM?fX%s~_2iDUf3irOFYsK1$@jg@*E?`M|K}k24r<O1q@^!>>QMP%{eVvRPh6UHp9n
zL!TAq1NZ>Y01Utm5D0Js_yb&jZE65j6dHv<K_QG%93TcbBLEDm&WsanytjOR+ehV0
Zb@U{W#1a7kGjry~*vbW0@BP#Ne*pwro@@XB

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..10e28fa01a430afea59df57317f35d781ff1486e
GIT binary patch
literal 1702
zcmZY8c{JOJ76<TOeu*Cmp$z&g(PMo^EQz($R;4n}R;|QdrHys0NeL=4L588V4>hI4
ztI#*;Vi-gxmeST%6y<5PXsxvz8iHqdnRDj7zH{Cm_uO;7_n!OL{ot4o8-&4eOeh>e
z>ahqcAsQwQt7byJ2qr`n#hy4OT=&Zes%FBKM3Djr14K>w%LIl~g;0N9kb=Q*(g=x|
z0N;tfbu&MMpaj5Rf^+tc<AcX2)KFfSo%IV#Ac{x%#r*7P?VTfGxbxfd)Ee1@l0KE;
zt0U3tD8DH~|4JQ|Ly8Bf=G-kY68c-~;r5>E^T|Bl#(|R6D|SDOc2R$#B-wegbMVjh
z;bZ7#_iI6yAOH1`cTMxCKYqr@>`5MN`)2&iqnGjSQda4LD*W$+_K{dN$0}imMrVYC
zZ|w}XEYY|X)wK~jLq0J_5~jAM{;yrzNd*Ge+aXJGk!SWN2U?6JlBVx{y~&uK-}EP*
zOZagVDMq&)pB}W#e-oV?6+MOKzW5=6;NJV{?)dz9j#A{p^Q?)3$7aYgzLT`?>j-X}
zmWNlu+ia3)<lWEGD|2RIOV9es8z0V6PF}t_bL(H?92+t@wN<%##F%GbE}Nn#`BlPI
zC6xZ{ci~yfrtI?hsP+9tsI9EQ+PJtO)?VXE)F&_Dm6`(Yh`O7X^HeF$TT7=`#q+dG
zxx850MZ)baF)f$0t8L3YT{q}+&t3O#D0JvjIb~~<5w}n^Mcw4sgOy>ECU4`?Tj?Lm
zCnihvNj5cAhjmi%Kj)&c&MtRkgYK?5>7zdeSfBEGwzoU_bppwX(ny6OsYDN#?W^?K
zZ#<lDmO>ha!FsmgJ5ZXS>}7j1wHM~)bl^`SY^5pmef2c1xI>?JIn;#sz9cicNXlUJ
zWL9@q!}^^K48?{o(72?mTzACQR;qPL3@xVUVcwK8>qjv+xI;$U9vHin;_=20=^4Dr
zOQ<nJDG+!>IQ}F!Oq0*@Yp9aa*%DUHj-lxa8A}(Y9#z~`rcCJWpT(Sz6VrXQw`k}0
zdLhHCjPW_&I5W|T%m-Zh$HWJ{(mUY}CNi8E-e%0Hz}a_$tSo<i&p$4OyoJzD*WO6>
z3v-t$Bc%J{IWpjTq&QYPu=uIFfWOhsZxL?bW%z4_O%sjV2AFf|&H_#G8aBXdRS=GE
zoQigL8{+TG8wgWUE5-C9P8vBtNg@&I|06<VMGhfCB8pL>f*{HN_&~wHY9?5NV}h0c
z&t}C{-X$x5w)F=a1QSd(Wm31h8vjzi`uwqsr^U*dgW#>AuJ-m={Rh!`;XT2*)fX0#
zO#}tv9_zQn`;nV!c@;DRv$tEIYGC}zqHJa*(03veRJg<VZn8=3g5JrD7r|Q#4hb_x
z53=B6oCdjS?%$g<FxV;Lp1EWnGAEN{_=K+Gy{rCuuAlqQ-+)qlr;+FC*p4kLD}SQ}
zlI*DWR~`G&hs0?TxG3jLVCj~+sIB*D0-KCE7FNFXsQ;(tG}WFVGOKWw9vGnNP&E)&
z<pEmHXQy6&1fqN4-@WAR;TejyAr`bHD6)B%6SBX({_bP$s}!Y-CIjDV5{%Uc<(7rb
zlU}|4`BO(Vl7+cW#c%`f0NFS{XTxsD&yBJ!Q$K3;p=c2>KkxH|-Nn(gJ(Zk9u$VVp
zEZWmC8;l_5VO_EvcP&-3)11go1zu8q4%sz#VoW|coqne#U^S)Njx?9)68IA0reVdQ
z7_5BefZfrGl+c8bf-^q&*6umY{Gm5d&MvvI6-spE*0cCdEepU!Kt-j(zVO!`mDYl~
zz)$>y)Sr*3#~-NL-3V@x1XrP?twe?~WUGk0*a!`U;c+&Z>A6!D$MT(pZ1H<;rUwn}
z!PT|VTFGv%Ipz*$htn7GLr1(*z($6mmj5)tIjICBcBoV1+8jxn-NE<t9yAncf(FBr
z%QA`;2y^x~<VIwuz!94_Fnv+3>eXwynSGA6AsAzXJg=50AEXqv;<Jd@K4H_EzE3OZ
z{1t|)MO#fFv=(0c9-Q3SiP?=eFB@1Bros%eXV=E9$ER|lMv9Ws^kPm3E;w%L=HpcE
z7LYxCY|gM3?sxcr_bpp3OfC)f;4k7d|NGEL1-v3czP7LwwAT;2MOC)`UgMVuglypQ
zG7kG?Ngl7JrV7LXc)%D40+N6TfC_{IvA}gv4+72sXK{F(It~emVWr`qvKWAnf2-ZI
h^iXFE2aFn1x{keK>a0+`2nnLQ|IE&UO4=U^{tdWe_eTH#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
new file mode 100644
index 0000000000000000000000000000000000000000..784e26ffb786bd96d7d95ecab3eaca6f55beca66
GIT binary patch
literal 604
zcmXqLVu~<mVsv2QWLT<oqN4rN^P>j5Y@Awc9&O)w85vnw84OGejSLLfm_u2(gf$Z@
zLVSW10*dmpQj<#*T=G-WD;1nmi%K%nGLsWaQWYFaOEU6{GD|8A<ivRm%?yo<4U7y8
zOpMH<#CeSk3@i;Spj-nTLoovph^f3NrWy(v2!O<yg*kKblM{0?@{3Ch8s{UsijkFp
zxv`hQps|ywv5{df{}rbdCG8=rc3R1IpWC}V^|yoV1;JT!?ljfBS|R?h<TEQ@;=zLz
zU7L1^Dn<RDy`xHxzhisJJ(ihE7tIXrURx1m_;wHD^ZPH~=r4#3{`RbE!HHZ)*JS0*
z=lufYHSU`|D!zYh;bu4gyxqLB->>-Tv$Sww$6fZ7ZM^npXDTmhDd%TmW@KPQb{;U$
zn41_G8H^s-<S9N|_GO2_{H|x*Eq*#rMNWk^+8@waY}u)DZoRvnWYVT5WfN8RJY4ZE
zE5oXM=cc6TJgPQv!XE7niznXHdp1d1CP-yt`LS>JZp^+JZXT8)Zj{EzVZkx$U{9R=
z^OG*8lXiL>?_Bo3uh#aVo6#I$wpka&SKF_gz+$Xx-^jHz^xU?oA!|SSFFJMjn`(98
zrHs~>McZbY<UWo6RwA==(JgJ3|4m0ZS&r=5(`2`$NTSam!^4Yrx$V|3PFB+sYF8w7
z&6{zgE_LRsx>KdkZ!5;0t4Xu1yCd>1lx6yg6rn9!4LpkW+<qPHzwCEAqvOOkGiH4B
Uwpirwk#)lE*|F0$DrE-%0ONc2ga7~l

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
new file mode 100644
index 0000000000..0a5c7a69f1
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy
+5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy
+ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV
+VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
+Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
+61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha256.pem b/ssl/test/axTLS.x509_1024_sha256.pem
index aba66956eb..b1059b4385 100644
--- a/ssl/test/axTLS.x509_1024_sha256.pem
+++ b/ssl/test/axTLS.x509_1024_sha256.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICWDCCAUACCQCMs+C6AhuzaTANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
-MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
-pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
-JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
-9w0BAQsFAAOCAQEAG/SBHWYNVf5drxN1aLx9UqTpryjmzDP9/gckKpuNEiDCmp38
-MIKBJYamL9hTwmtf1k4vHB2sxXfv9AVULwMa7+RcgUc3fhTWWoqf1LvYvzMrx9W9
-yU6bfXQh5zb6TOrq/j4fliA2NeDvAzq8tzhBVhiyvy0GhhU1C9eBRVFr4D9l/B2z
-odWvCZ4ljLjtmoOhrSSf0OHFuk/eqFJ/SS1jo3ugl7wEmMzphOjmwgK7CLyACBSn
-6Bzlh/A16AgqznniMHZ9p99zopMSqPUkCCHPEUiqs8hoy6Pc7O6FrTKfkeiAnY1u
-SfKiOf4ODmDcLb5gVtDx+zp59Q/khBX+6IT+BA==
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
+7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
+JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
+84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
+uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
+j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha384.pem b/ssl/test/axTLS.x509_1024_sha384.pem
index a3adbb0444..cbdca1d1b3 100644
--- a/ssl/test/axTLS.x509_1024_sha384.pem
+++ b/ssl/test/axTLS.x509_1024_sha384.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICWDCCAUACCQCMs+C6AhuzajANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
-MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
-pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
-JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
-9w0BAQwFAAOCAQEA151mqDTC1YPiFq4t7J2UK84jYlGriW0z6KhfmtecLm18Uu07
-vDh+cvWoFRf/fgSlO7c6td0Jb4NGjPBwpV4UmoYND65d1+EkrP+Bl+2DndUi/xka
-h4bwfmPrKAjDbUZaNnRi1zQdyPU9tta9b0MamHQVHFOIAyLQXDf1/Tz+wRaFPCIH
-PfJEqjD4Nr15O41aMJOaM170rOtbQ9uH4Vlotpt+xJsHufmHFMf1fJtgBXayCzmS
-1927ajoKNyDA/QQ+e+60uba6UN6CQnoMzmkMypMxD4JBUt6TEgB46uQ7nkkf3raS
-tMAyMnytSc+O7EbhZSWWBSTUkeI+YWjLAtI42Q==
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
+WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
+UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
+HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
+HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
+ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha512.pem b/ssl/test/axTLS.x509_1024_sha512.pem
index cc369005e4..83648e6630 100644
--- a/ssl/test/axTLS.x509_1024_sha512.pem
+++ b/ssl/test/axTLS.x509_1024_sha512.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICWDCCAUACCQCMs+C6AhuzazANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA4
-MTUxMDIwNTZaFw0zMDA0MjQxMDIwNTZaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
 Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAq9P2gjL8e0OgMrA81JoZeqaZMRmSaTH8xIHf7MkbGYW1ZyBWW+n+017itYgH
-pu61CiYcyAfuUACTL2VBhrakCb+j53OF0V+9uEH/BkftUUcu+6ppBB4XI5KbYmTH
-JjhBW8N1OHadHLCG4dkQLjnaFgekpM8xZzvd4kkbM4mZqtECAwEAATANBgkqhkiG
-9w0BAQ0FAAOCAQEA51hsTX6DlE9WnI0XaNfx0hfWG74maMZK+GG1LQKi6JlaA6U4
-7aLpoluw4G7oZz39ROuNbOvTMrhN4kOXG16Zk2HGufzAQgqoegIsgI2BiaOtmBnn
-vOchhiZ16JLmKB6ZMlESFubV1Ynyr6QacTLOipLGICGn3N65BrbwfaXD/nbJQd+a
-YOwkJ9OHxbK9zqLMBG3kK/QKXqID3dI21+MDCGSSBAh/tVPhwTMcTzViF5vT4Mpq
-81+Z9eg3vI++rOiBppdjRKH4CFcO74rEA6j9fNFHI0PiS142TtT4vXLf+D4PQLkI
-tBuSq99ensRy5IvjYXpcx7/jixVd3MmwWrolbg==
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
+73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
+7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
+xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
+evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
+4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
 -----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
new file mode 100644
index 0000000000000000000000000000000000000000..45a291293a5bf0f7c4cc0f272a0a924248dab5af
GIT binary patch
literal 736
zcmXqLV!C6{#CU{>lVPdWiHi15&rcfgvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MG&3|ZHZU?Y
zFflTZ66ZBGFt9YRfN~9V48;sYAg1!7m})3wAOI3)7Us;!PfpCq$S*Ddx=;z(S&Xa<
z%uS5^3_x)%rY1&4hM!SoHp^8DXK|$$FDhj7Wo~^bIqmTGg|jy9b9ue`g~9LH@8UO2
zt84h8re7g>>yrK*hZ3hl)AY`p9d}}0%)n#4_Vm4uu4SK!e2(xlid^R8sQxmk;Hj(a
z@!MxI{O;PMe`cytGqS7_-7tC53z0t0i=n42;)7Qn=zN#7$xVI6@;S4_q{Q+oypK*(
zIh-K$$JkyYc7~t!vZai&BJ1uOKalmj=+ZoYm!4PY#LZgMnttiJ&7aR>p(mz)QelTP
zGl!=D|C*0tYx(0RHa5NA9JZj9UG?{-o=A4z-C`#@1MW>T>oRYZKYo?9#`Ws^hGUm6
z`)r!wc_Z}a-;{mNV>P^#_wsj7Grh{h%*eoq974c|1BMVIgUqU~+buVuH|I+=Db;Li
zJ-K89BWu0IgO{B%CwIQR{#3x-y-xq@&x4a^Eoc3AB*p#EjuZAXFAL00%-P=EcwRp1
z!_VB>lTDfR`>&j3eOB{O=*-Ex2kz}T5O?HewR7kFgezwqH9Sv=ELeYC;Lkdn$(I;j
zw*(dn|K-gNGPf={Z(tFiwRD2?sq!Uv3-nhr8!u|S5q#c#Yxbq7HA^;bttsMQkvy?H
zr#3S&T=jh9-F0j4bJT1<UZ&`y&9iCkgQntcCq8oq$3rRm)9&jZnEmjm?5*D(pFHM#
zH)RxEJngi7u9Z5Qbf&q7#M$pRCe#S%tlao`OXlOBmuB<mgrDx7yWtXV<45xh0G=K)
A=>Px#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
new file mode 100644
index 0000000000..95bdb5a3a2
--- /dev/null
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm
+L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM
+aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD
+YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD
+AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG
+09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC
+uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN
+QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT
+z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
+QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
++dKbDCxXy4udsNINgfE3aA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
new file mode 100644
index 0000000000000000000000000000000000000000..f90fb1cc28c86af31bb0a93aa18c129d2d3698b6
GIT binary patch
literal 992
zcmV<610Vb_f&<(zf&#<>2>_)k$ashH=gKe*1_>&LNQU<f0RaUC05CK$GB7X(162eH
z6DeVMR7_JKP;zf-Wn*+8L~mqgc_2e&a&&2CX=7n@WgtOybZBpKX>@ro9v2NUHZd|Y
zFfuVPG%`0@7Y#EoFgY+dGBGeTGB;W<EHM@^6b1uT1PT)kVR%$bQy@@sZ)#;@bTJYz
z5C#KP1OpQZY;R*>Y-n$DbTEPfA}|dG2`Yw2hW8Bt0RaU71A+n%05F0A3Ic)x0RX@X
zPNUcKvn9yzIfRh^Ja}-RWuFDQX9x+(oE7a3%LIK=#ng2OOsJ>KE-x09%08^xg>X0Q
zHy|aHAmXdfU8nYqk9emEP$*t@iMl3G>DB#G&{0%Hy>h?v=@{Uxls)*#8#^D2T~~PE
zk0TLfZd+;!)#Ni%;Z$#3osW)YO`_>9pmANr#tXN$DJPEan3lpTOvq`8LMqkq`)yFx
zx>fS7?kh17EcuP4Cb=sNWQlqnIln6znZ`hF7X4Y9Vx%gfEm!rbL4d2C2&L4Hb0oOO
zSW{yIt@u-|@>!ZWEo2z-nt8)5EVM5>$dLQeyDZK*x6SD7Tm@pLZM*nop4GC5=|B~K
zA-Bus!~mm)bJqG&l?m=7Pj`KTt&oY=8=F;a%g5*n<$?>b{@*|ZPXV_zDZ7c-Vs^jS
zp&;Dkt0ek2p-G<4!Eu?#0eL<uiqg}3LoxzC2*QMphdE*~SoSIoQv2<t=r)nP6;i9f
z9O<}=;M9MbQ1fet*Q-ZXO_<4=jab!g@y6J&unHA}?aJ!?5bcwAs6r#_z>Z!;Hx1K3
z2=dh45AKOWq?mP9OnIwk+i45Pt5M9N^rjf1uQ|2jj0!531zLzJq>{hgja^fE?MY9a
z8b7;g2;-{-fLd5{wIJYn#8Z-fkR-X4U*ZafvR$K2BG~IN;gP4wf`I}90RRCo4F(A+
zhDe6@4FLfK1potr0RaFL<b1YOAf9vO!XcU?dCI8FDvNU%%p&e6Vm}`kN&sBi3drmV
zvZ6WvfbdhirN%{oh6}crAR0RL8C#v4v{h|iE~*Wq%)0wB;;$gB#>@KNiqM#QC5L6G
ze>~xk+?vfj)}U+iSBjy`u1Zt8<g8jpa|nwS7$pS5_^#>>tH{{n0)wpm#ij<5rH&0c
zZtJ76;$u0Laz23cXCmrpx#jBmWM%Zok51H8&SWe=1oB0YF#wZ+kV(ec5HML<F+he%
zoxzF3-hQsI`P4@Wbn@`gk=`2_+RRU4tv`?wHYgChMwpLkP$aax5?Jtasl)~0t7l#x
O8FkuLAF1^+tEA7R*1hro

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
new file mode 100644
index 0000000000..e6aaf2573d
--- /dev/null
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin
+zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/
+8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3
+tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA
+bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv
+O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9
+g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ
+xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr
+h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J
+Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7
+agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc
+2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6
+3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY
+4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
+kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
+vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
new file mode 100644
index 0000000000..1eeb6013ca
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2
+/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ
+EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM
+VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG
+5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
+npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
+osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
+WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
new file mode 100644
index 0000000000..89fe526af9
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9
+CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3
+NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc
+fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC
+3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
+DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
+wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
+7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
new file mode 100644
index 0000000000..c90d630499
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm
+CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP
+DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
+V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
+tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
+0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
new file mode 100644
index 0000000000..3d65fe60b8
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy
+MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH
+WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII
+WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
+Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
+xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
+EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
new file mode 100644
index 0000000000..2ecdabefaa
--- /dev/null
+++ b/ssl/test/axTLS.x509_device.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3
+WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d
+D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8
+vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe
+Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx
+dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi
+WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc
+bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
+6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
+IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
+TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain.pem b/ssl/test/axTLS.x509_end_chain.pem
new file mode 100644
index 0000000000..c0a4eb3c78
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
+A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
+xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
+69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
+v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
+7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
+7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
+/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
+5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
+Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
+1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
+eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
+57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain_bad.pem b/ssl/test/axTLS.x509_end_chain_bad.pem
new file mode 100644
index 0000000000..743dbc07e0
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain_bad.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
+NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
+EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
+z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
+Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
+tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
+A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
+1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
+AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
+ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
+GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
+zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
+064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
+4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca.pem b/ssl/test/axTLS.x509_intermediate_ca.pem
new file mode 100644
index 0000000000..4fbad81b05
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca2.pem b/ssl/test/axTLS.x509_intermediate_ca2.pem
new file mode 100644
index 0000000000..ea8ab7d7df
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca2.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
+cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
+fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
+XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
+rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
+hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
+wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
+t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
+HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
+4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
+eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
+rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
+FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
+Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
index b7a2c9b8b0..ceb241ea19 100644
--- a/ssl/test/ssltest.c
+++ b/ssl/test/ssltest.c
@@ -1273,8 +1273,10 @@ int SSL_server_tests(void)
     if ((ret = SSL_server_test("Client Verification TLS1.2", 
                     "-cipher AES128-SHA -tls1_2 "
                     "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem ",
-                    NULL, NULL, NULL, 
+                    "-key ../ssl/test/axTLS.key_2048.pem ", 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
         goto cleanup;
@@ -1283,7 +1285,9 @@ int SSL_server_tests(void)
                     "-cipher AES128-SHA -tls1_1 "
                     "-cert ../ssl/test/axTLS.x509_2048.pem "
                     "-key ../ssl/test/axTLS.key_2048.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
         goto cleanup;
@@ -1295,7 +1299,9 @@ int SSL_server_tests(void)
                     "-cipher AES128-SHA -tls1_2 "
                     "-cert ../ssl/test/axTLS.x509_bad_before.pem "
                     "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
@@ -1310,7 +1316,9 @@ int SSL_server_tests(void)
                     "-cipher AES128-SHA -tls1_2 "
                     "-cert ../ssl/test/axTLS.x509_bad_after.pem "
                     "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     "../ssl/test/axTLS.ca_x509.cer", NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
@@ -1326,7 +1334,9 @@ int SSL_server_tests(void)
                     "-cipher AES128-SHA -tls1_2 "
                     "-cert ../ssl/test/axTLS.x509_1024.pem "
                     "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     NULL, NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
@@ -1343,7 +1353,9 @@ int SSL_server_tests(void)
                     "-cert ../ssl/test/axTLS.x509_1024.pem "
                     "-key ../ssl/test/axTLS.key_1024.pem "
                     "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     NULL, NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
                             SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
@@ -1360,7 +1372,9 @@ int SSL_server_tests(void)
                     "-cipher AES128-SHA -tls1_2 "
                     "-cert ../ssl/test/axTLS.x509_1024.pem "
                     "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL, NULL, NULL, 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
                     "../ssl/test/axTLS.ca_x509.cer",
                     NULL,
                     DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
@@ -1392,7 +1406,7 @@ int SSL_server_tests(void)
     if ((ret = SSL_server_test("Cert chain in PEM format", 
                     "-cipher AES128-SHA -tls1_2", 
                     "../ssl/test/axTLS.x509_device.pem", 
-                    NULL, "../ssl/test/axTLS.device_key.pem",
+                    NULL, "../ssl/test/axTLS.key_device.pem",
                     "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
         goto cleanup;
 
@@ -1587,7 +1601,7 @@ static int SSL_client_test(
 #endif
     }
     
-    usleep(500000);           /* allow server to start */
+    usleep(200000);           /* allow server to start */
 
     if (*ssl_ctx == NULL)
     {
@@ -1805,10 +1819,37 @@ int SSL_client_tests(void)
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
 
+    if ((ret = SSL_client_test("Basic Constraint - len OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Basic Constraint - len NOT OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca2.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
+                            != SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
+    {
+        printf("*** Error: %d\n", ret); 
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
+        goto cleanup;
+    }
+
+    printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
+
     if ((ret = SSL_client_test("Server cert chaining", 
                     &ssl_ctx,
                     "-cert ../ssl/test/axTLS.x509_device.pem "
-                    "-key ../ssl/test/axTLS.device_key.pem "
+                    "-key ../ssl/test/axTLS.key_device.pem "
                     "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
                     DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
         goto cleanup;
@@ -1865,27 +1906,32 @@ int SSL_client_tests(void)
     printf("SSL client test \"Expired cert (verify later)\" passed\n");
 
     /* invalid cert type */
-    if ((ret = SSL_client_test("Error: Invalid certificate type", 
+    /*if ((ret = SSL_client_test("Error: Invalid certificate type", 
                     &ssl_ctx,
                     "-cert ../ssl/test/axTLS.x509_2048.pem "
                     "-key ../ssl/test/axTLS.key_2048.pem "
                     "-CAfile ../ssl/test/axTLS.ca_x509.pem "
                     "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.x509_1024.cer", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")) 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")) 
                             != SSL_ERROR_INVALID_KEY)
     {
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
         printf("*** Error: %d\n", ret); TTY_FLUSH();
         goto cleanup;
     }
 
-    printf("SSL client test \"Invalid certificate type\" passed\n");
+    printf("SSL client test \"Invalid certificate type\" passed\n"); */
 
     if ((ret = SSL_client_test("GNUTLS client", 
                     &ssl_ctx,
                     "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
                     "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+                    DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")))
         goto cleanup;
 
     ret = 0;
@@ -1895,7 +1941,8 @@ int SSL_client_tests(void)
                     "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
                     "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
                     DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, 
-                    NULL, NULL, NULL)))
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem"))) 
         goto cleanup;
 
     ret = 0;
@@ -1976,7 +2023,13 @@ static int SSL_basic_test(void)
         goto error;
 
     ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
 
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
 #ifndef WIN32
     pthread_create(&thread, NULL, 
                 (void *(*)(void *))do_basic, NULL);
@@ -2102,6 +2155,13 @@ static int SSL_unblocked_test(void)
         goto error;
 
     ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
 
 #ifndef WIN32
     pthread_create(&thread, NULL, 
@@ -2253,7 +2313,14 @@ int multi_thread_test(void)
 
     printf("Do multi-threading test (takes a minute)\n");
 
-    ssl_server_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
     ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
 
     if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
@@ -2306,7 +2373,7 @@ int multi_thread_test(void)
 
     printf("Multi-thread test passed (%d)\n", NUM_THREADS);
 error:
-    ssl_ctx_free(ssl_server_ctx);
+    ssl_ctx_free(ssl_svr_ctx);
     ssl_ctx_free(ssl_clnt_ctx);
     SOCKET_CLOSE(server_fd);
     return res;
diff --git a/ssl/x509.c b/ssl/x509.c
index 7375ae37f5..c050eb88ea 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -241,8 +241,9 @@ static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
 {
     if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
     {
-        /* ignore if present */
-        asn1_is_critical_ext(cert, &offset);
+        x509_ctx->subject_alt_name_present = true;
+        x509_ctx->subject_alt_name_is_critical = 
+                        asn1_is_critical_ext(cert, &offset);
 
         if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
         {
@@ -268,9 +269,8 @@ static int x509_v3_subject_alt_name(const uint8_t *cert, int offset,
                         x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
                         memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
                                 cert + offset, dnslen);
-                        x509_ctx->subject_alt_dnsnames[
-                                totalnames][dnslen] = 0;
-                        ++totalnames;
+                        x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
+                        totalnames++;
                     }
 
                     offset += dnslen;
@@ -299,7 +299,7 @@ static int x509_v3_basic_constraints(const uint8_t *cert, int offset,
 
     if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
     		asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
-    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constaint_cA) < 0 ||
+    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
     		asn1_get_int(cert, &offset,
     		                &x509_ctx->basic_constraint_pathLenConstraint) < 0)
     {
@@ -484,11 +484,31 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
         goto end_verify;
     }
 
-    if (cert->basic_constaint_cA && 
-                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+    if (cert->basic_constraint_present)
     {
-        ret = X509_VFY_ERROR_BASIC_CONSTRAINT;     
-        goto end_verify;
+    	/* If the cA boolean is not asserted,
+    	   then the keyCertSign bit in the key usage extension MUST NOT be
+    	   asserted. */
+    	if (!cert->basic_constraint_cA &&
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
+
+        /* The pathLenConstraint field is meaningful only if the cA boolean is
+           asserted and the key usage extension, if present, asserts the
+           keyCertSign bit.  In this case, it gives the maximum number of 
+           non-self-issued intermediate certificates that may follow this 
+           certificate in a valid certification path. */
+		if (cert->basic_constraint_cA &&
+            (!cert->key_usage_present || 
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
+            (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
     }
 
     next_cert = cert->next;
@@ -498,12 +518,14 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
     {
        if (ca_cert_ctx != NULL) 
        {
-            /* go thu the CA store */
+            /* go thru the CA store */
             while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
             {
-                /* ignore CA certs that are not really CA certs */
+                /* the extension is present but the cA boolean is not 
+                   asserted, then the certified public key MUST NOT be used 
+                   to verify certificate signatures. */
                 if (cert->basic_constraint_present && 
-                        !ca_cert_ctx->cert[i]->basic_constaint_cA)
+                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
                     continue;
                         
                 if (asn1_compare_dn(cert->ca_cert_dn,
@@ -515,14 +537,6 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
                     mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
                     expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
 
-                    if (ca_cert_ctx->cert[i]->basic_constaint_cA &&
-                        ca_cert_ctx->cert[i]->
-                                    basic_constraint_pathLenConstraint <
-                                                            *pathLenConstraint)
-                    {
-                        ret = X509_VFY_ERROR_BASIC_CONSTRAINT;       
-                        goto end_verify;
-                    }
 
                     break;
                 }
@@ -582,8 +596,8 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
     /* go down the certificate chain using recursion. */
     if (next_cert != NULL)
     {
+    	(*pathLenConstraint)++; /* don't include last certificate */
         ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
-        (*pathLenConstraint)++; /* don't include last certificate */
     }
 
 end_verify:
@@ -634,6 +648,117 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
         printf("%s\n", cert->cert_dn[X509_STATE]);
     }
 
+    if (cert->basic_constraint_present)
+    {
+        printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
+                cert->basic_constraint_is_critical ? 
+                    "critical, " : "",
+                cert->basic_constraint_cA? "TRUE" : "FALSE",
+                cert->basic_constraint_pathLenConstraint);
+    }
+
+    if (cert->key_usage_present)
+    {
+        printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ? 
+                    "critical, " : "");
+        bool has_started = false;
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
+        {
+            printf("Digital Signature");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Non Repudiation");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Encipherment");
+            has_started = true;
+        }
+        
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Data Encipherment");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Agreement");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Cert Sign");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("CRL Sign");
+            has_started = true;
+        }
+       
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Encipher Only");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Decipher Only");
+            has_started = true;
+        }
+
+        printf("\n");
+    }
+
+    if (cert->subject_alt_name_present)
+    {
+        printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical 
+                ?  "critical, " : "");
+        if (cert->subject_alt_dnsnames)
+        {
+            int i = 0;
+
+            while (cert->subject_alt_dnsnames[i])
+                printf("%s ", cert->subject_alt_dnsnames[i++]);
+        }
+        printf("\n");
+
+    }
+
     printf("=== CERTIFICATE ISSUED BY ===\n");
     printf("Common Name (CN):\t\t");
     printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
@@ -701,15 +826,6 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
                         &pathLenConstraint)));
     }
 
-    if (cert->basic_constraint_present)
-    {
-        printf("Basic Constraints:\t\t%s, CA:%s, pathlen:%d\n",
-                cert->basic_constraint_is_critical ? 
-                    "critical" : "NOT critical",
-                cert->basic_constaint_cA? "TRUE" : "FALSE",
-                cert->basic_constraint_pathLenConstraint);
-    }
-
 #if 0
     print_blob("Signature", cert->signature, cert->sig_len);
     bi_print("Modulus", cert->rsa_ctx->m);
diff --git a/tools/make_certs.sh b/tools/make_certs.sh
index dc577e74e4..fc6cc90ae8 100644
--- a/tools/make_certs.sh
+++ b/tools/make_certs.sh
@@ -42,21 +42,36 @@ PROJECT_NAME="axTLS Project"
 # Generate the openssl configuration files.
 cat > ca_cert.conf << EOF  
 [ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_ca
 
 [ req_distinguished_name ]
  O                      = $PROJECT_NAME Dodgy Certificate Authority
+
+[ v3_ca ]
+basicConstraints        = critical, CA:true
+keyUsage                = critical, cRLSign, keyCertSign, digitalSignature
 EOF
 
 cat > certs.conf << EOF  
 [ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_usr_cert
 
 [ req_distinguished_name ]
  O                      = $PROJECT_NAME
  CN                     = localhost
+
+[ v3_usr_cert ]
+basicConstraints        = critical, CA:false
+keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName          = @alt_names
+ 
+[alt_names]
+DNS.1 = www.example.net
+DNS.2 = www.example.org
 EOF
 
 cat > device_cert.conf << EOF  
@@ -68,12 +83,43 @@ prompt                 = no
  O                      = $PROJECT_NAME Device Certificate
 EOF
 
+cat > intermediate_ca.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+req_extensions         = v3_intermediate_ca
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate CA
+
+[ v3_intermediate_ca ]
+basicConstraints        = critical, CA:true, pathlen:0
+keyUsage                = cRLSign, keyCertSign, digitalSignature
+EOF
+
+cat > intermediate_ca2.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_intermediate_ca2
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate 2 CA
+
+[ v3_intermediate_ca2 ]
+basicConstraints        = critical, CA:true, pathlen:10
+keyUsage                = encipherOnly, keyCertSign, decipherOnly
+EOF
+
 # private key generation
 openssl genrsa -out axTLS.ca_key.pem 2048
 openssl genrsa -out axTLS.key_1024.pem 1024
 openssl genrsa -out axTLS.key_2048.pem 2048
 openssl genrsa -out axTLS.key_4096.pem 4096
-openssl genrsa -out axTLS.device_key.pem 1024
+openssl genrsa -out axTLS.key_device.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048
+openssl genrsa -out axTLS.key_end_chain.pem 2048
 openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
 openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
 
@@ -81,57 +127,86 @@ openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
 openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
 openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
 openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
-openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER
 
 # cert requests
-openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \
+openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \
             -config ./ca_cert.conf 
-openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \
+openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \
             -config ./certs.conf 
-openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \
+openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \
             -config ./certs.conf 
-openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \
+openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \
             -config ./certs.conf 
-openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \
+openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \
             -config ./device_cert.conf
-openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \
+openssl req -out axTLS.x509_intermediate_ca.csr \
+            -key axTLS.key_intermediate_ca.pem -new \
+            -config ./intermediate_ca.conf
+openssl req -out axTLS.x509_intermediate_ca2.csr \
+            -key axTLS.key_intermediate_ca2.pem -new \
+            -config ./intermediate_ca2.conf
+openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
+            -config ./certs.conf
+openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
             -new -config ./certs.conf -passin pass:abcd
-openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \
+openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \
             -new -config ./certs.conf -passin pass:abcd
 
 # generate the actual certs.
-openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \
             -sha1 -days 5000 -signkey axTLS.ca_key.pem \
-            -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509_sha256.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
             -sha256 -days 5000 -signkey axTLS.ca_key.pem \
-            -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha256.pem \
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \
             -sha256 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha384.pem \
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
             -sha384 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024_sha512.pem \
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
             -sha512 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \
+openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \
+openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \
+openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
-openssl x509 -req -in axTLS.x509_aes128.req \
+openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
+            -extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
+openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
+openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+# basic constraint path len failure
+openssl x509 -req -in axTLS.x509_end_chain.csr \
+            -out axTLS.x509_end_chain_bad.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca2.pem \
+            -CAkey axTLS.key_intermediate_ca2.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem 
+openssl x509 -req -in axTLS.x509_aes128.csr \
             -out axTLS.x509_aes128.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_aes256.req \
+openssl x509 -req -in axTLS.x509_aes256.csr \
             -out axTLS.x509_aes256.pem \
             -sha1 -CAcreateserial -days 5000 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
@@ -139,18 +214,18 @@ openssl x509 -req -in axTLS.x509_aes256.req \
 # note: must be root to do this
 DATE_NOW=`date`
 if date -s "Jan 1 2025"; then
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_bad_before.pem \
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \
             -sha1 -CAcreateserial -days 365 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 date -s "$DATE_NOW"
 touch axTLS.x509_bad_before.pem
 fi
-openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_bad_after.pem \
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \
             -sha1 -CAcreateserial -days -365 \
             -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
 
 # some cleanup
-rm axTLS*.req
+rm axTLS*.csr
 rm *.srl
 rm *.conf
 
@@ -159,7 +234,6 @@ openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer
 openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
 openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
 openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
-openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer
 
 # generate pkcs8 files (use RC4-128 for encryption)
 openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
diff --git a/www/index.html b/www/index.html
index ff6d15e523..2b1d8b3eb6 100755
--- a/www/index.html
+++ b/www/index.html
@@ -7087,7 +7087,7 @@
     <div id="storeArea">
 <div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
 <div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.2 (2016-12-31)@@\n\n!!__SSL Library__\n* Basic constraint/key usage v3 extensions now supported\n* Test harness must now be run without built-in default cert\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.1 (2016-12-20)@@\n\n!!__SSL Library__\n* X509 State, country and location are now used for verification and display.\n* SNI hostname memory is now managed by the calling application\n* X509 version number is checked before processing v3 extensions.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.0 (2016-12-13)@@\n\n!!__SSL Library__\n* SNI added\n* Some non-C sample code updated.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.1 (2016-08-30)@@\n\n!!__SSL Library__\n* ~RC4 only used if ~PKCS12 is used.\n* Buffer sizes tightned up.\n* Buffer check on client handshake due to some incompatibilities.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
 <div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
 <div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
 <div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>

From 25200d45e0f531aba1aba84d686b16f615682e38 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 2 May 2017 18:15:59 +0800
Subject: [PATCH 292/301] Update readme and version.h

---
 README.md     | 25 +++++++++++++++----------
 ssl/version.h |  2 +-
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 1e0fc3e733..75b7ceb40e 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
 Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
-Currently based on axTLS 2.0.0+.
+
+Currently based on axTLS 2.1.2 (SVN version 274).
 
 [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
 
-This is not a self-sufficient library. Application has to provide the following symbols (list not complete yet):
+## Using the library
+
+This is not a self-sufficient library. In addition to the standard C library functions, application has to provide the following functions:
+
 ```
-ax_port_malloc
-ax_port_calloc
-ax_port_realloc
-ax_port_free
 ax_port_read
 ax_port_write
 ax_port_open
@@ -17,13 +17,18 @@ ax_get_file
 phy_get_rand  (provided by the IoT SDK)
 ets_printf    (in ESP8266 ROM)
 ets_putc      (in ESP8266 ROM)
-gettimeofday
-time
-ctime
 ```
 
 For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
 
-To build, add xtensa toolchain to your path, and run `make`.
+## Building
+
+To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory.
+
+## Credits and license
+
+[axTLS](http://axtls.sourceforge.net/) is written and maintained by Cameron Rich.
+
+Other people have contributed to this port; see git logs for a full list.
 
 See [LICENSE](LICENSE) file for axTLS license.
diff --git a/ssl/version.h b/ssl/version.h
index 4f03dca0f6..c9d6c252f2 100644
--- a/ssl/version.h
+++ b/ssl/version.h
@@ -1 +1 @@
-#define AXTLS_VERSION    "2.0.0"
+#define AXTLS_VERSION    "2.1.2"

From abec5280027dd3a63e56a9dfdab0b7096b5c5914 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 2 May 2017 18:42:05 +0800
Subject: [PATCH 293/301] readme: list supported cipher suites

---
 README.md | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 75b7ceb40e..8537ba13f9 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,13 @@
-Replacement for Espressif's libssl, kept as close as possible to [axTLS](http://axtls.sourceforge.net/) source.
+This is an ESP8266 port of [axTLS](http://axtls.sourceforge.net/) library, currently based on axTLS 2.1.2 (SVN version 274). 
 
-Currently based on axTLS 2.1.2 (SVN version 274).
+This library supports TLS 1.2, and the following cipher suites:
 
-[![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
+Cipher suite name (RFC)           | OpenSSL name  | Key exchange | Encryption |  Hash
+----------------------------------|---------------|--------------|------------|---------
+TLS_RSA_WITH_AES_128_CBC_SHA      | AES128-SHA    |      RSA     |  AES-128   | SHA-1
+TLS_RSA_WITH_AES_256_CBC_SHA      | AES256-SHA    |      RSA     |  AES-256   | SHA-1
+TLS_RSA_WITH_AES_128_CBC_SHA256   | AES128-SHA256 |      RSA     |  AES-128   | SHA-256
+TLS_RSA_WITH_AES_256_CBC_SHA256   | AES256-SHA256 |      RSA     |  AES-256   | SHA-256
 
 ## Using the library
 
@@ -21,7 +26,7 @@ ets_putc      (in ESP8266 ROM)
 
 For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
 
-## Building
+## Building [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
 
 To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory.
 

From 48d0f114bbdad41d280e2f0f741574a1b7811890 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Mon, 8 May 2017 22:01:27 +0800
Subject: [PATCH 294/301] Introduce HMAC functions operating on vectors

---
 crypto/crypto.h   | 10 ++++++++++
 crypto/hmac.c     | 33 ++++++++++++++++++++++++++++++---
 ssl/crypto_misc.h |  3 +++
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 9914afeec1..da24d31c55 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -203,6 +203,16 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
 void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
 
+/**************************************************************************
+ * HMAC functions operating on vectors 
+ **************************************************************************/
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha256_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
 /**************************************************************************
  * RSA declarations 
  **************************************************************************/
diff --git a/crypto/hmac.c b/crypto/hmac.c
index e618ee2eb1..a0ae84ccf8 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -44,6 +44,12 @@
  */
 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest)
+{
+    hmac_md5_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
 {
     MD5_CTX context;
     uint8_t k_ipad[64];
@@ -63,7 +69,10 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
 
     MD5_Init(&context);
     MD5_Update(&context, k_ipad, 64);
-    MD5_Update(&context, msg, length);
+    for (i = 0; i < count; ++i) 
+    {
+        MD5_Update(&context, msg[i], length[i]);
+    }
     MD5_Final(digest, &context);
     MD5_Init(&context);
     MD5_Update(&context, k_opad, 64);
@@ -77,6 +86,12 @@ void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
  */
 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest)
+{
+    hmac_sha1_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha1_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
 {
     SHA1_CTX context;
     uint8_t k_ipad[64];
@@ -96,7 +111,10 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
 
     SHA1_Init(&context);
     SHA1_Update(&context, k_ipad, 64);
-    SHA1_Update(&context, msg, length);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA1_Update(&context, msg[i], length[i]);
+    }
     SHA1_Final(digest, &context);
     SHA1_Init(&context);
     SHA1_Update(&context, k_opad, 64);
@@ -110,6 +128,12 @@ void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
  */
 void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest)
+{
+    hmac_sha256_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha256_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
 {
     SHA256_CTX context;
     uint8_t k_ipad[64];
@@ -129,7 +153,10 @@ void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key,
 
     SHA256_Init(&context);
     SHA256_Update(&context, k_ipad, 64);
-    SHA256_Update(&context, msg, length);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA256_Update(&context, msg[i], length[i]);
+    }
     SHA256_Final(digest, &context);
     SHA256_Init(&context);
     SHA256_Update(&context, k_opad, 64);
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 5dd3921975..77712f5093 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -195,6 +195,9 @@ extern const char * const unsupported_str;
 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
         int key_len, uint8_t *digest);
+typedef void (*hmac_func_v)(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
 
 int get_file(const char *filename, uint8_t **buf);
 

From da7ab4ade2cac18966a615c95b9b4bfd117a24b3 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Mon, 8 May 2017 22:02:41 +0800
Subject: [PATCH 295/301] =?UTF-8?q?Don=E2=80=99t=20allocate=20extra=20memo?=
 =?UTF-8?q?ry=20in=20add=5Fhmac=5Fdigest,=20use=20hmac=5Fv=20functions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ssl/tls1.c | 29 ++++++++++++++++-------------
 ssl/tls1.h |  2 +-
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index fcc0bbaadc..c021b100ab 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -85,7 +85,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
         2*(SHA1_SIZE+16+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },
@@ -96,7 +96,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA1_SIZE,                      /* digest size */
         2*(SHA1_SIZE+32+16),            /* key block size */
-        hmac_sha1,                      /* hmac algorithm */
+        hmac_sha1_v,                    /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },       
@@ -107,7 +107,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA256_SIZE,                    /* digest size */
         2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     },       
@@ -118,7 +118,7 @@ static const cipher_info_t cipher_info[NUM_PROTOCOLS] =
         16,                             /* block padding size */
         SHA256_SIZE,                    /* digest size */
         2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256,                    /* hmac algorithm */
+        hmac_sha256_v,                  /* hmac algorithm */
         (crypt_func)AES_cbc_encrypt,    /* encrypt */
         (crypt_func)AES_cbc_decrypt     /* decrypt */
     }
@@ -746,21 +746,24 @@ static void increment_write_sequence(SSL *ssl)
 static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
         const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
 {
-    int hmac_len = buf_len + 8 + SSL_RECORD_SIZE;
-    uint8_t *t_buf = (uint8_t *)malloc(hmac_len);
+    const uint8_t* bufs[] = {
+        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence,
+        hmac_header,
+        buf
+    };
 
-    memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
-                    ssl->write_sequence : ssl->read_sequence, 8);
-    memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
-    memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
+    int lengths[] = {
+        8,
+        SSL_RECORD_SIZE,
+        buf_len
+    };
 
-    ssl->cipher_info->hmac(t_buf, hmac_len, 
+    ssl->cipher_info->hmac_v(bufs, lengths, 3,
             (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
                 ssl->server_mac : ssl->client_mac, 
             ssl->cipher_info->digest_size, hmac_buf);
 
-    free(t_buf);
-
 #if 0
     print_blob("record", hmac_header, SSL_RECORD_SIZE);
     print_blob("buf", buf, buf_len);
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 9f49268761..fb3e555278 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -132,7 +132,7 @@ typedef struct
     uint8_t padding_size;
     uint8_t digest_size;
     uint8_t key_block_size;
-    hmac_func hmac;
+    hmac_func_v hmac_v;
     crypt_func encrypt;
     crypt_func decrypt;
 } cipher_info_t;

From 1b2c2996d688e924fc5a29e66b0c9a438352a742 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 9 May 2017 15:03:12 +0800
Subject: [PATCH 296/301] sha512: place 64-bit constants into PROGMEM

---
 crypto/sha512.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/sha512.c b/crypto/sha512.c
index 76250089c3..b24a28ee02 100644
--- a/crypto/sha512.c
+++ b/crypto/sha512.c
@@ -54,7 +54,7 @@ static const uint8_t padding[128] PROGMEM =
     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
  
-static const uint64_t k[80] =
+static const uint64_t k[80] PROGMEM =
 {
     0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL,
     0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL,

From 27f4a6caf69625a9e798b7a1c3b1406ec1ec1d85 Mon Sep 17 00:00:00 2001
From: "Earle F. Philhower, III" <earlephilhower@yahoo.com>
Date: Mon, 19 Jun 2017 12:34:20 -0700
Subject: [PATCH 297/301] Save ~3KB by moving strings out of RODATA

Constant text strings actually take up SRAM space on the ESP8266
because the .RODATA segment must be copied to RAM at startup since
FLASH isn't byte-accessible.

Move the constant format strings in a printf completely into FLASH
and add a wrapper to copy it into a local stack-allocated space
when needed, freeing up about 3100 bytes of RAM for use.  This doesn't
make FLASH usage any higher, either, since those strings were already
being stored there (but never used after the power-on startup code).

Minor edits required in some of the output/debug/tracing functions,
but no logic changed.
---
 ssl/crypto_misc.h |  2 +-
 ssl/os_port.h     | 25 +++++++++++++++++++++----
 ssl/tls1.c        | 34 +++++++++++++++++-----------------
 ssl/x509.c        | 44 +++++++++++++++++++++++++++++---------------
 4 files changed, 68 insertions(+), 37 deletions(-)

diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
index 77712f5093..33a4455c90 100644
--- a/ssl/crypto_misc.h
+++ b/ssl/crypto_misc.h
@@ -127,7 +127,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
 #endif
 #ifdef CONFIG_SSL_FULL_MODE
 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
-const char * x509_display_error(int error);
+const char * x509_display_error(int error, char *buff);
 #endif
 
 /**************************************************************************
diff --git a/ssl/os_port.h b/ssl/os_port.h
index 07377966d0..ded2c4878f 100644
--- a/ssl/os_port.h
+++ b/ssl/os_port.h
@@ -68,10 +68,6 @@ extern "C" {
 #undef putc
 #endif
 #define putc(x, f)   ets_putc(x)
-#ifdef printf
-#undef printf
-#endif
-#define printf(...)  ets_printf(__VA_ARGS__)
 
 #define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
 #define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
@@ -123,6 +119,27 @@ static inline uint8_t pgm_read_byte(const void* addr) {
 #define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
 #endif //WITH_PGM_READ_HELPER
 
+#ifdef printf
+#undef printf
+#endif
+//#define printf(...)  ets_printf(__VA_ARGS__)
+#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];}))
+#define PGM_VOID_P const void *
+static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
+    const uint8_t* read = (const uint8_t*)(src);
+    uint8_t* write = (uint8_t*)(dest);
+
+    while (count)
+    {
+        *write++ = pgm_read_byte(read++);
+        count--;
+    }
+
+    return dest;
+}
+#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0)
+#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
+
 #elif defined(WIN32)
 
 /* Windows CE stuff */
diff --git a/ssl/tls1.c b/ssl/tls1.c
index c021b100ab..ac347d261a 100644
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -2287,58 +2287,57 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
     if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
         return;
 
-    printf(not_ok ? "Error - invalid State:\t" : "State:\t");
-    printf(is_send ? "sending " : "receiving ");
+    if (not_ok) printf("Error - invalid State:\t");
+    else printf("State:\t");
+    if (is_send) printf("sending ");
+    else printf("receiving ");
 
     switch (state)
     {
         case HS_HELLO_REQUEST:
-            str = "Hello Request (0)";
+            printf("Hello Request (0)\n");
             break;
 
         case HS_CLIENT_HELLO:
-            str = "Client Hello (1)";
+            printf("Client Hello (1)\n");
             break;
 
         case HS_SERVER_HELLO:
-            str = "Server Hello (2)";
+            printf("Server Hello (2)\n");
             break;
 
         case HS_CERTIFICATE:
-            str = "Certificate (11)";
+            printf("Certificate (11)\n");
             break;
 
         case HS_SERVER_KEY_XCHG:
-            str = "Certificate Request (12)";
+            printf("Certificate Request (12)\n");
             break;
 
         case HS_CERT_REQ:
-            str = "Certificate Request (13)";
+            printf("Certificate Request (13)\n");
             break;
 
         case HS_SERVER_HELLO_DONE:
-            str = "Server Hello Done (14)";
+            printf("Server Hello Done (14)\n");
             break;
 
         case HS_CERT_VERIFY:
-            str = "Certificate Verify (15)";
+            printf("Certificate Verify (15)\n");
             break;
 
         case HS_CLIENT_KEY_XCHG:
-            str = "Client Key Exchange (16)";
+            printf("Client Key Exchange (16)\n");
             break;
 
         case HS_FINISHED:
-            str = "Finished (16)";
+            printf("Finished (16)\n");
             break;
 
         default:
-            str = "Error (Unknown)";
-            
+            printf("Error (Unknown)\n");
             break;
     }
-
-    printf("%s\n", str);
 }
 
 /**
@@ -2383,7 +2382,8 @@ EXP_FUNC void STDCALL ssl_display_error(int error_code)
     /* X509 error? */
     if (error_code < SSL_X509_OFFSET)
     {
-        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET));
+        char buff[64];
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff));
         return;
     }
 
diff --git a/ssl/x509.c b/ssl/x509.c
index c050eb88ea..dbb9fd3dd3 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -225,8 +225,9 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
     if (ret)
     {
 #ifdef CONFIG_SSL_FULL_MODE
+        char buff[64];
         printf("Error: Invalid X509 ASN.1 file (%s)\n",
-                        x509_display_error(ret));
+                        x509_display_error(ret, buff));
 #endif
         x509_free(x509_ctx);
         *ctx = NULL;
@@ -821,9 +822,10 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     if (ca_cert_ctx)
     {
         int pathLenConstraint = 0;
+        char buff[64];
         printf("Verify:\t\t\t\t%s\n",
                 x509_display_error(x509_verify(ca_cert_ctx, cert,
-                        &pathLenConstraint)));
+                        &pathLenConstraint), buff));
     }
 
 #if 0
@@ -840,45 +842,57 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
     TTY_FLUSH();
 }
 
-const char * x509_display_error(int error)
+const char * x509_display_error(int error, char *buff)
 {
     switch (error)
     {
         case X509_OK:
-            return "Certificate verify successful";
+            strcpy_P(buff, "Certificate verify successful");
+            return buff;
 
         case X509_NOT_OK:
-            return "X509 not ok";
+            strcpy_P(buff, "X509 not ok");
+            return buff;
 
         case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            return "No trusted cert is available";
+            strcpy_P(buff, "No trusted cert is available");
+            return buff;
 
         case X509_VFY_ERROR_BAD_SIGNATURE:
-            return "Bad signature";
+            strcpy_P(buff, "Bad signature");
+            return buff;
 
         case X509_VFY_ERROR_NOT_YET_VALID:
-            return "Cert is not yet valid";
+            strcpy_P(buff, "Cert is not yet valid");
+            return buff;
 
         case X509_VFY_ERROR_EXPIRED:
-            return "Cert has expired";
+            strcpy_P(buff, "Cert has expired");
+            return buff;
 
         case X509_VFY_ERROR_SELF_SIGNED:
-            return "Cert is self-signed";
+            strcpy_P(buff, "Cert is self-signed");
+            return buff;
 
         case X509_VFY_ERROR_INVALID_CHAIN:
-            return "Chain is invalid (check order of certs)";
+            strcpy_P(buff, "Chain is invalid (check order of certs)");
+            return buff;
 
         case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            return "Unsupported digest";
+            strcpy_P(buff, "Unsupported digest");
+            return buff;
 
         case X509_INVALID_PRIV_KEY:
-            return "Invalid private key";
+            strcpy_P(buff, "Invalid private key");
+            return buff;
 
         case X509_VFY_ERROR_BASIC_CONSTRAINT:
-            return "Basic constraint invalid";
+            strcpy_P(buff, "Basic constraint invalid");
+            return buff;
 
         default:
-            return "Unknown";
+            strcpy_P(buff, "Unknown");
+            return buff;
     }
 }
 #endif      /* CONFIG_SSL_FULL_MODE */

From a21aaa8b62cba9fa63fefcec79e1aaa4d2ec3314 Mon Sep 17 00:00:00 2001
From: Myles Eftos <myles@madpilot.com.au>
Date: Fri, 14 Jul 2017 07:59:04 +1000
Subject: [PATCH 298/301] Squashed 'tools/sdk/axtls/' content from commit
 27f4a6c

git-subtree-dir: tools/sdk/axtls
git-subtree-split: 27f4a6caf69625a9e798b7a1c3b1406ec1ec1d85
---
 .gitignore                               |    5 +
 .gitmodules                              |    3 +
 .travis.yml                              |   43 +
 LICENSE                                  |   24 +
 Makefile                                 |   79 +
 README.md                                |   39 +
 VERSION                                  |    1 +
 bindings/Config.in                       |  105 +
 bindings/csharp/axTLS.cs                 |  491 ++
 bindings/generate_SWIG_interface.pl      |  392 ++
 bindings/java/SSL.java                   |  137 +
 compat                                   |    1 +
 config/makefile.conf                     |  134 +
 crypto/aes.c                             |  452 ++
 crypto/bigint.c                          | 1514 +++++
 crypto/bigint.h                          |   99 +
 crypto/bigint_impl.h                     |  129 +
 crypto/crypto.h                          |  277 +
 crypto/crypto_misc.c                     |  385 ++
 crypto/hmac.c                            |  166 +
 crypto/md5.c                             |  301 +
 crypto/os_int.h                          |   72 +
 crypto/rc4.c                             |   97 +
 crypto/rsa.c                             |  295 +
 crypto/sha1.c                            |  249 +
 crypto/sha256.c                          |  281 +
 crypto/sha384.c                          |   77 +
 crypto/sha512.c                          |  220 +
 replacements/time.c                      |  147 +
 samples/c/axssl.c                        |  902 +++
 samples/csharp/axssl.cs                  |  758 +++
 samples/java/Makefile                    |   51 +
 samples/java/axssl.java                  |  760 +++
 samples/lua/axssl.lua                    |  562 ++
 samples/perl/axssl.pl                    |  634 ++
 samples/vbnet/axssl.vb                   |  702 +++
 ssl/asn1.c                               |  782 +++
 ssl/cert.h                               |   54 +
 ssl/config.h                             |  127 +
 ssl/crypto_misc.h                        |  217 +
 ssl/gen_cert.c                           |  374 ++
 ssl/loader.c                             |  490 ++
 ssl/openssl.c                            |  318 +
 ssl/os_int.h                             |    8 +
 ssl/os_port.c                            |   93 +
 ssl/os_port.h                            |  283 +
 ssl/p12.c                                |  483 ++
 ssl/private_key.h                        |   54 +
 ssl/ssl.h                                |  580 ++
 ssl/test/axTLS.ca_key.pem                |   27 +
 ssl/test/axTLS.ca_x509.cer               |  Bin 0 -> 786 bytes
 ssl/test/axTLS.ca_x509.pem               |   19 +
 ssl/test/axTLS.ca_x509_sha256.pem        |   19 +
 ssl/test/axTLS.encrypted.p8              |  Bin 0 -> 673 bytes
 ssl/test/axTLS.encrypted_pem.p8          |   17 +
 ssl/test/axTLS.key_1024                  |  Bin 0 -> 609 bytes
 ssl/test/axTLS.key_1024.pem              |   15 +
 ssl/test/axTLS.key_2048                  |  Bin 0 -> 1192 bytes
 ssl/test/axTLS.key_2048.pem              |   27 +
 ssl/test/axTLS.key_4096                  |  Bin 0 -> 2347 bytes
 ssl/test/axTLS.key_4096.pem              |   51 +
 ssl/test/axTLS.key_aes128.pem            |   18 +
 ssl/test/axTLS.key_aes256.pem            |   18 +
 ssl/test/axTLS.key_device.pem            |   27 +
 ssl/test/axTLS.key_end_chain.pem         |   27 +
 ssl/test/axTLS.key_intermediate_ca.pem   |   27 +
 ssl/test/axTLS.key_intermediate_ca2.pem  |   27 +
 ssl/test/axTLS.noname.p12                |  Bin 0 -> 1612 bytes
 ssl/test/axTLS.unencrypted.p8            |  Bin 0 -> 635 bytes
 ssl/test/axTLS.unencrypted_pem.p8        |   16 +
 ssl/test/axTLS.withCA.p12                |  Bin 0 -> 2521 bytes
 ssl/test/axTLS.withoutCA.p12             |  Bin 0 -> 1702 bytes
 ssl/test/axTLS.x509_1024.cer             |  Bin 0 -> 604 bytes
 ssl/test/axTLS.x509_1024.pem             |   15 +
 ssl/test/axTLS.x509_1024_sha256.pem      |   15 +
 ssl/test/axTLS.x509_1024_sha384.pem      |   15 +
 ssl/test/axTLS.x509_1024_sha512.pem      |   15 +
 ssl/test/axTLS.x509_2048.cer             |  Bin 0 -> 736 bytes
 ssl/test/axTLS.x509_2048.pem             |   18 +
 ssl/test/axTLS.x509_4096.cer             |  Bin 0 -> 992 bytes
 ssl/test/axTLS.x509_4096.pem             |   23 +
 ssl/test/axTLS.x509_aes128.pem           |   15 +
 ssl/test/axTLS.x509_aes256.pem           |   15 +
 ssl/test/axTLS.x509_bad_after.pem        |   15 +
 ssl/test/axTLS.x509_bad_before.pem       |   15 +
 ssl/test/axTLS.x509_device.pem           |   34 +
 ssl/test/axTLS.x509_end_chain.pem        |   19 +
 ssl/test/axTLS.x509_end_chain_bad.pem    |   19 +
 ssl/test/axTLS.x509_intermediate_ca.pem  |   19 +
 ssl/test/axTLS.x509_intermediate_ca2.pem |   37 +
 ssl/test/ssltest.c                       | 2589 ++++++++
 ssl/tls1.c                               | 2603 ++++++++
 ssl/tls1.h                               |  324 +
 ssl/tls1_clnt.c                          |  541 ++
 ssl/tls1_svr.c                           |  526 ++
 ssl/version.h                            |    1 +
 ssl/x509.c                               |  899 +++
 tools/make_certs.sh                      |  256 +
 util/time.h                              |   11 +
 www/index.html                           | 7103 ++++++++++++++++++++++
 100 files changed, 29924 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .gitmodules
 create mode 100644 .travis.yml
 create mode 100644 LICENSE
 create mode 100644 Makefile
 create mode 100644 README.md
 create mode 100644 VERSION
 create mode 100644 bindings/Config.in
 create mode 100644 bindings/csharp/axTLS.cs
 create mode 100755 bindings/generate_SWIG_interface.pl
 create mode 100644 bindings/java/SSL.java
 create mode 160000 compat
 create mode 100644 config/makefile.conf
 create mode 100644 crypto/aes.c
 create mode 100644 crypto/bigint.c
 create mode 100644 crypto/bigint.h
 create mode 100644 crypto/bigint_impl.h
 create mode 100644 crypto/crypto.h
 create mode 100644 crypto/crypto_misc.c
 create mode 100644 crypto/hmac.c
 create mode 100644 crypto/md5.c
 create mode 100644 crypto/os_int.h
 create mode 100644 crypto/rc4.c
 create mode 100644 crypto/rsa.c
 create mode 100644 crypto/sha1.c
 create mode 100644 crypto/sha256.c
 create mode 100644 crypto/sha384.c
 create mode 100644 crypto/sha512.c
 create mode 100644 replacements/time.c
 create mode 100644 samples/c/axssl.c
 create mode 100644 samples/csharp/axssl.cs
 create mode 100644 samples/java/Makefile
 create mode 100644 samples/java/axssl.java
 create mode 100755 samples/lua/axssl.lua
 create mode 100755 samples/perl/axssl.pl
 create mode 100644 samples/vbnet/axssl.vb
 create mode 100644 ssl/asn1.c
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/config.h
 create mode 100644 ssl/crypto_misc.h
 create mode 100644 ssl/gen_cert.c
 create mode 100644 ssl/loader.c
 create mode 100644 ssl/openssl.c
 create mode 100644 ssl/os_int.h
 create mode 100644 ssl/os_port.c
 create mode 100644 ssl/os_port.h
 create mode 100644 ssl/p12.c
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/ssl.h
 create mode 100644 ssl/test/axTLS.ca_key.pem
 create mode 100644 ssl/test/axTLS.ca_x509.cer
 create mode 100644 ssl/test/axTLS.ca_x509.pem
 create mode 100644 ssl/test/axTLS.ca_x509_sha256.pem
 create mode 100644 ssl/test/axTLS.encrypted.p8
 create mode 100644 ssl/test/axTLS.encrypted_pem.p8
 create mode 100644 ssl/test/axTLS.key_1024
 create mode 100644 ssl/test/axTLS.key_1024.pem
 create mode 100644 ssl/test/axTLS.key_2048
 create mode 100644 ssl/test/axTLS.key_2048.pem
 create mode 100644 ssl/test/axTLS.key_4096
 create mode 100644 ssl/test/axTLS.key_4096.pem
 create mode 100644 ssl/test/axTLS.key_aes128.pem
 create mode 100644 ssl/test/axTLS.key_aes256.pem
 create mode 100644 ssl/test/axTLS.key_device.pem
 create mode 100644 ssl/test/axTLS.key_end_chain.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca2.pem
 create mode 100644 ssl/test/axTLS.noname.p12
 create mode 100644 ssl/test/axTLS.unencrypted.p8
 create mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 create mode 100644 ssl/test/axTLS.withCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.p12
 create mode 100644 ssl/test/axTLS.x509_1024.cer
 create mode 100644 ssl/test/axTLS.x509_1024.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha256.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha384.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha512.pem
 create mode 100644 ssl/test/axTLS.x509_2048.cer
 create mode 100644 ssl/test/axTLS.x509_2048.pem
 create mode 100644 ssl/test/axTLS.x509_4096.cer
 create mode 100644 ssl/test/axTLS.x509_4096.pem
 create mode 100644 ssl/test/axTLS.x509_aes128.pem
 create mode 100644 ssl/test/axTLS.x509_aes256.pem
 create mode 100644 ssl/test/axTLS.x509_bad_after.pem
 create mode 100644 ssl/test/axTLS.x509_bad_before.pem
 create mode 100644 ssl/test/axTLS.x509_device.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain_bad.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca2.pem
 create mode 100644 ssl/test/ssltest.c
 create mode 100644 ssl/tls1.c
 create mode 100644 ssl/tls1.h
 create mode 100644 ssl/tls1_clnt.c
 create mode 100644 ssl/tls1_svr.c
 create mode 100644 ssl/version.h
 create mode 100644 ssl/x509.c
 create mode 100644 tools/make_certs.sh
 create mode 100644 util/time.h
 create mode 100755 www/index.html

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..03ba8b58a6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*.o
+bin/
+Makefile.local
+.DS_Store
+
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000..6816a4b760
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "compat"]
+	path = compat
+	url = https://github.com/attachix/lwirax.git
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000000..5258cf5890
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,43 @@
+sudo: false
+language: bash
+os:
+  - linux
+
+script:
+  # Download Arduino IDE
+  - wget -O arduino.tar.xz https://www.arduino.cc/download.php?f=/arduino-nightly-linux64.tar.xz
+  - tar xf arduino.tar.xz
+  - mv arduino-nightly $HOME/arduino_ide
+  # Download ESP8266 Arduino core
+  - cd $HOME/arduino_ide/hardware
+  - mkdir esp8266com
+  - cd esp8266com
+  - git clone https://github.com/esp8266/Arduino.git esp8266
+  - cd esp8266
+  - export ESP8266_ARDUINO_DIR="$PWD"
+  # Download toolchain and esptool
+  - cd tools
+  - python get.py
+  - export PATH="$PATH:$PWD/xtensa-lx106-elf/bin"
+  # Build axTLS
+  - cd $TRAVIS_BUILD_DIR
+  - make
+  # Copy the library into Arduino core
+  - cp bin/libaxtls.a $ESP8266_ARDUINO_DIR/tools/sdk/lib/libaxtls.a
+  # Try building examples in ESP8266WiFi library from the ESP8266 Arduino core
+  - /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_1.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :1 -ac -screen 0 1280x1024x16
+  - sleep 3
+  - export DISPLAY=:1.0
+  - export PATH="$HOME/arduino_ide:$PATH"
+  - which arduino
+  - cd $ESP8266_ARDUINO_DIR
+  - source tests/common.sh
+  - arduino --board esp8266com:esp8266:generic --save-prefs
+  - arduino --get-pref sketchbook.path
+  - build_sketches $HOME/arduino_ide $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
+  # Feel free to add more test cases (for other environments) here
+
+notifications:
+  email:
+    on_success: change
+    on_failure: change
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000000..eed70a9a67
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2008, Cameron Rich All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer. Redistributions in binary
+form must reproduce the above copyright notice, this list of conditions and
+the following disclaimer in the documentation and/or other materials
+provided with the distribution. Neither the name of the axTLS Project nor
+the names of its contributors may be used to endorse or promote products
+derived from this software without specific prior written permission. 
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..e48e869f15
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,79 @@
+TOOLCHAIN_PREFIX := xtensa-lx106-elf-
+CC := $(TOOLCHAIN_PREFIX)gcc
+AR := $(TOOLCHAIN_PREFIX)ar
+LD := $(TOOLCHAIN_PREFIX)gcc
+OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
+
+XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
+
+TOOLCHAIN_DIR=$(shell cd $(XTENSA_LIBS)/../../; pwd)
+
+OBJ_FILES := \
+	crypto/aes.o \
+	crypto/bigint.o \
+	crypto/hmac.o \
+	crypto/md5.o \
+	crypto/rc4.o \
+	crypto/rsa.o \
+	crypto/sha1.o \
+	crypto/sha256.o \
+	crypto/sha384.o \
+	crypto/sha512.o \
+	ssl/asn1.o \
+	ssl/gen_cert.o \
+	ssl/loader.o \
+	ssl/os_port.o \
+	ssl/p12.o \
+	ssl/tls1.o \
+	ssl/tls1_clnt.o \
+	ssl/tls1_svr.o \
+	ssl/x509.o \
+	crypto/crypto_misc.o \
+
+
+CPPFLAGS += -I$(XTENSA_LIBS)/include \
+		-Icrypto \
+		-Issl \
+		-I.
+
+LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
+		-L$(XTENSA_LIBS)/arch/lib \
+
+
+CFLAGS+=-std=c99 -DESP8266
+
+CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+
+CFLAGS += -ffunction-sections -fdata-sections
+
+CFLAGS += -fdebug-prefix-map=$(PWD)= -fdebug-prefix-map=$(TOOLCHAIN_DIR)=xtensa-lx106-elf -gno-record-gcc-switches
+
+MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
+ifneq ($(MFORCE32),)
+    # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading
+    # 16- and 8-bit constants from program memory. So in the code we can directly access the arrays
+    # placed into program memory.
+    CFLAGS +=  -mforce-l32
+else
+	# Otherwise we need to use a helper function to load 16- and 8-bit constants from program memory.
+    CFLAGS += -DWITH_PGM_READ_HELPER
+endif
+
+BIN_DIR := bin
+AXTLS_AR := $(BIN_DIR)/libaxtls.a
+
+all: $(AXTLS_AR)
+
+$(AXTLS_AR): | $(BIN_DIR)
+
+$(AXTLS_AR): $(OBJ_FILES)
+	$(AR) cru $@ $^
+
+$(BIN_DIR):
+	mkdir -p $(BIN_DIR)
+
+clean:
+	rm -rf $(OBJ_FILES) $(AXTLS_AR)
+
+
+.PHONY: all clean
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..8537ba13f9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+This is an ESP8266 port of [axTLS](http://axtls.sourceforge.net/) library, currently based on axTLS 2.1.2 (SVN version 274). 
+
+This library supports TLS 1.2, and the following cipher suites:
+
+Cipher suite name (RFC)           | OpenSSL name  | Key exchange | Encryption |  Hash
+----------------------------------|---------------|--------------|------------|---------
+TLS_RSA_WITH_AES_128_CBC_SHA      | AES128-SHA    |      RSA     |  AES-128   | SHA-1
+TLS_RSA_WITH_AES_256_CBC_SHA      | AES256-SHA    |      RSA     |  AES-256   | SHA-1
+TLS_RSA_WITH_AES_128_CBC_SHA256   | AES128-SHA256 |      RSA     |  AES-128   | SHA-256
+TLS_RSA_WITH_AES_256_CBC_SHA256   | AES256-SHA256 |      RSA     |  AES-256   | SHA-256
+
+## Using the library
+
+This is not a self-sufficient library. In addition to the standard C library functions, application has to provide the following functions:
+
+```
+ax_port_read
+ax_port_write
+ax_port_open
+ax_port_close
+ax_get_file
+phy_get_rand  (provided by the IoT SDK)
+ets_printf    (in ESP8266 ROM)
+ets_putc      (in ESP8266 ROM)
+```
+
+For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
+
+## Building [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
+
+To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory.
+
+## Credits and license
+
+[axTLS](http://axtls.sourceforge.net/) is written and maintained by Cameron Rich.
+
+Other people have contributed to this port; see git logs for a full list.
+
+See [LICENSE](LICENSE) file for axTLS license.
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000000..4ea2b1f403
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+1.4.9
diff --git a/bindings/Config.in b/bindings/Config.in
new file mode 100644
index 0000000000..443fc1a323
--- /dev/null
+++ b/bindings/Config.in
@@ -0,0 +1,105 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Language Bindings"
+
+config CONFIG_BINDINGS
+    bool "Create language bindings"
+    default n
+    help
+        axTLS supports language bindings in C#, VB.NET, Java and Perl.
+
+        Select Y here if you want to build the various language bindings.
+
+config CONFIG_CSHARP_BINDINGS
+    bool "Create C# bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build C# bindings.
+
+        This requires .NET to be installed on Win32 platforms and mono to be
+        installed on all other platforms.
+
+config CONFIG_VBNET_BINDINGS
+    bool "Create VB.NET bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build VB.NET bindings.
+
+        This requires the .NET to be installed and is only built under Win32
+        platforms.
+
+menu ".Net Framework"
+depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
+config CONFIG_DOT_NET_FRAMEWORK_BASE
+    string "Location of .NET Framework"
+    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+endmenu
+
+config CONFIG_JAVA_BINDINGS
+    bool "Create Java bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Java bindings.
+
+        Current Issues (see README): 
+        * Needs Java 1.4 or better.
+        * If building under Win32 it will use the Win32 JDK.
+
+menu "Java Home"
+depends on CONFIG_JAVA_BINDINGS
+config CONFIG_JAVA_HOME
+    string "Location of JDK"
+    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
+    default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_JAVA_BINDINGS 
+    help
+        The location of Sun's JDK.
+endmenu
+
+config CONFIG_PERL_BINDINGS
+    bool "Create Perl bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Perl bindings.
+
+        Current Issues (see README):
+        * 64 bit versions don't work at present.
+        * libperl.so needs to be in the shared library path.
+
+menu "Perl Home"
+depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
+config CONFIG_PERL_CORE
+    string "Location of Perl CORE"
+    default "c:\\perl\\lib\\CORE"
+    help:
+        works with ActiveState
+        "http://www.activestate.com/Products/ActivePerl"
+
+config CONFIG_PERL_LIB
+    string "Name of Perl Library"
+    default "perl58.lib"
+endmenu
+
+config CONFIG_LUA_BINDINGS
+    bool "Create Lua bindings"
+    default n
+    depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32
+    help
+        Build Lua bindings (see www.lua.org).
+
+menu "Lua Home"
+depends on CONFIG_LUA_BINDINGS 
+config CONFIG_LUA_CORE
+    string "Location of Lua CORE"
+    default "/usr/local"
+    help:
+        If the Lua exists on another directory then this needs to be changed
+endmenu
+
+endmenu
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
new file mode 100644
index 0000000000..6a2f6b0633
--- /dev/null
+++ b/bindings/csharp/axTLS.cs
@@ -0,0 +1,491 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * A wrapper around the unmanaged interface to give a semi-decent C# API
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Net.Sockets;
+
+/**
+ * @defgroup csharp_api C# API.
+ *
+ * Ensure that the appropriate Dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ * @{
+ */
+namespace axTLS
+{
+    /**
+     * @class SSL
+     * @ingroup csharp_api 
+     * @brief A representation of an SSL connection.
+     */
+    public class SSL
+    {
+        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
+
+        /**
+         * @brief Store the reference to an SSL context.
+         * @param ip [in] A reference to an SSL object.
+         */
+        public SSL(IntPtr ip)
+        {
+            m_ssl = ip;
+        }
+
+        /**
+         * @brief Free any used resources on this connection. 
+         * 
+         * A "Close Notify" message is sent on this connection (if possible). 
+         * It is up to the application to close the socket.
+         */
+        public void Dispose()
+        {
+            axtls.ssl_free(m_ssl);
+        }
+
+        /**
+         * @brief Return the result of a handshake.
+         * @return SSL_OK if the handshake is complete and ok.
+         * @see ssl.h for the error code list.
+         */
+        public int HandshakeStatus()
+        {
+            return axtls.ssl_handshake_status(m_ssl);
+        }
+
+        /**
+         * @brief Return the SSL cipher id.
+         * @return The cipher id which is one of:
+         * - SSL_AES128_SHA (0x2f)
+         * - SSL_AES256_SHA (0x35)
+         * - SSL_AES128_SHA256 (0x3c)
+         * - SSL_AES256_SHA256 (0x3d)
+         */
+        public byte GetCipherId()
+        {
+            return axtls.ssl_get_cipher_id(m_ssl);
+        }
+
+        /**
+         * @brief Get the session id for a handshake. 
+         * 
+         * This will be a 32 byte sequence and is available after the first
+         * handshaking messages are sent.
+         * @return The session id as a 32 byte sequence.
+         * @note A SSLv23 handshake may have only 16 valid bytes.
+         */
+        public byte[] GetSessionId()
+        {
+            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
+            byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
+            byte[] result = new byte[sess_id_size];
+            Marshal.Copy(ptr, result, 0, sess_id_size);
+            return result;
+        }
+
+        /**
+         * @brief Retrieve an X.509 distinguished name component.
+         * 
+         * When a handshake is complete and a certificate has been exchanged, 
+         * then the details of the remote certificate can be retrieved.
+         *
+         * This will usually be used by a client to check that the server's 
+         * common name matches the URL.
+         *
+         * A full handshake needs to occur for this call to work.
+         *
+         * @param component [in] one of:
+         * - SSL_X509_CERT_COMMON_NAME
+         * - SSL_X509_CERT_ORGANIZATION
+         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+         * - SSL_X509_CA_CERT_COMMON_NAME
+         * - SSL_X509_CA_CERT_ORGANIZATION
+         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+         * @return The appropriate string (or null if not defined)
+         */
+        public string GetCertificateDN(int component)
+        {
+            return axtls.ssl_get_cert_dn(m_ssl, component);
+        }
+    }
+
+    /**
+     * @class SSLUtil
+     * @ingroup csharp_api 
+     * @brief Some global helper functions.
+     */
+    public class SSLUtil
+    {
+
+        /**
+         * @brief Return the build mode of the axTLS project.
+         * @return The build mode is one of:
+         * - SSL_BUILD_SERVER_ONLY
+         * - SSL_BUILD_ENABLE_VERIFICATION
+         * - SSL_BUILD_ENABLE_CLIENT
+         * - SSL_BUILD_FULL_MODE
+         */
+        public static int BuildMode()
+        {
+            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
+        }
+
+        /**
+         * @brief Return the number of chained certificates that the 
+         * client/server supports.
+         * @return The number of supported server certificates.
+         */
+        public static int MaxCerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Return the number of CA certificates that the client/server
+         * supports.
+         * @return The number of supported CA certificates.
+         */
+        public static int MaxCACerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Indicate if PEM is supported.
+         * @return true if PEM supported.
+         */
+        public static bool HasPEM()
+        {
+            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
+        }
+
+        /**
+         * @brief Display the text string of the error.
+         * @param error_code [in] The integer error code.
+         */
+        public static void DisplayError(int error_code)
+        {
+            axtls.ssl_display_error(error_code);
+        }
+
+        /**
+         * @brief Return the version of the axTLS project.
+         */
+        public static string Version()
+        {
+            return axtls.ssl_version();
+        }
+    }
+
+    /**
+     * @class SSLCTX
+     * @ingroup csharp_api 
+     * @brief A base object for SSLServer/SSLClient.
+     */
+    public class SSLCTX
+    {
+        /**
+         * @brief A reference to the real client/server context.
+         */
+        protected IntPtr m_ctx;
+
+        /**
+         * @brief Establish a new client/server context.
+         *
+         * This function is called before any client/server SSL connections are 
+         * made.  If multiple threads are used, then each thread will have its 
+         * own SSLCTX context. Any number of connections may be made with a 
+         * single context. 
+         *
+         * Each new connection will use the this context's private key and 
+         * certificate chain. If a different certificate chain is required, 
+         * then a different context needs to be be used.
+         *
+         * @param options [in]  Any particular options. At present the options
+         * supported are:
+         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
+         * the server authentication fails. The certificate can be 
+         * authenticated later with a call to VerifyCert().
+         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
+         * authentication i.e. each handshake will include a "certificate 
+         * request" message from the server.
+         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
+         * sequences during the handshake.
+         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
+         * changes during the handshake.
+         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
+         * certificates that are passed during a handshake.
+         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
+         * details that are passed during a handshake.
+         * @param num_sessions [in] The number of sessions to be used for 
+         * session caching. If this value is 0, then there is no session 
+         * caching.
+         * @return A client/server context.
+         */
+        protected SSLCTX(uint options, int num_sessions)
+        {
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
+        }
+
+        /**
+         * @brief Remove a client/server context.
+         *
+         * Frees any used resources used by this context. Each connection will 
+         * be sent a "Close Notify" alert (if possible).
+         */
+        public void Dispose()
+        {
+            axtls.ssl_ctx_free(m_ctx);
+        }
+
+        /**
+         * @brief Read the SSL data stream.
+         * @param ssl [in] An SSL object reference.
+         * @param in_data [out] After a successful read, the decrypted data 
+         * will be here. It will be null otherwise.
+         * @return The number of decrypted bytes:
+         * - if > 0, then the handshaking is complete and we are returning the 
+         * number of decrypted bytes. 
+         * - SSL_OK if the handshaking stage is successful (but not yet 
+         * complete).  
+         * - < 0 if an error.
+         * @see ssl.h for the error code list.
+         * @note Use in_data before doing any successive ssl calls.
+         */
+        public int Read(SSL ssl, out byte[] in_data)
+        {
+            IntPtr ptr = IntPtr.Zero;
+            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
+
+            if (ret > axtls.SSL_OK)
+            {
+                in_data = new byte[ret];
+                Marshal.Copy(ptr, in_data, 0, ret);
+            }
+            else
+            {
+                in_data = null;
+            }
+
+            return ret;
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @param out_len [in] The number of bytes to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data, int out_len)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
+        }
+
+        /**
+         * @brief Find an ssl object based on a Socket reference.
+         *
+         * Goes through the list of SSL objects maintained in a client/server 
+         * context to look for a socket match.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return A reference to the SSL object. Returns null if the object 
+         * could not be found.
+         */
+        public SSL Find(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
+        }
+
+        /**
+         * @brief Authenticate a received certificate.
+         * 
+         * This call is usually made by a client after a handshake is complete 
+         * and the context is in SSL_SERVER_VERIFY_LATER mode.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if the certificate is verified.
+         */
+        public int VerifyCert(SSL ssl)
+        {
+            return axtls.ssl_verify_cert(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Force the client to perform its handshake again.
+         *
+         * For a client this involves sending another "client hello" message.
+         * For the server is means sending a "hello request" message.
+         *
+         * This is a blocking call on the client (until the handshake 
+         * completes).
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if renegotiation instantiation was ok
+         */
+        public int Renegotiate(SSL ssl)
+        {
+            return axtls.ssl_renegotiate(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Load a file into memory that is in binary DER or ASCII PEM 
+         * format.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the file. Can be one of:
+         * - SSL_OBJ_X509_CERT (no password required)
+         * - SSL_OBJ_X509_CACERT (no password required)
+         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+         *
+         * PEM files are automatically detected (if supported).
+         * @param filename [in] The location of a file in DER/PEM format.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, string filename, string password)
+        {
+            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
+        }
+
+        /**
+         * @brief Transfer binary data into the object loader.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the memory data.
+         * @param data [in] The binary data to be loaded.
+         * @param len [in] The amount of data to be loaded.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, byte[] data, int len, string password)
+        {
+            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
+                                            data, len, password);
+        }
+    }
+
+    /**
+     * @class SSLServer
+     * @ingroup csharp_api 
+     * @brief The server context.
+     *
+     * All server connections are started within a server context.
+     */
+    public class SSLServer : SSLCTX
+    {
+        /**
+         * @brief Start a new server context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLServer(uint options, int num_sessions) :
+                            base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL client.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return An SSL object reference.
+         */
+        public SSL Connect(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
+        }
+    }
+
+    /**
+     * @class SSLClient
+     * @ingroup csharp_api
+     * @brief The client context.
+     *
+     * All client connections are started within a client context.
+     */
+    public class SSLClient : SSLCTX
+    {
+        /**
+         * @brief Start a new client context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLClient(uint options, int num_sessions) :
+                        base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL server.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * This is a blocking call - it will finish when the handshake is 
+         * complete (or has failed).
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @param session_id [in] A 32 byte session id for session resumption. 
+         * This can be null if no session resumption is not required.
+         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+         * if a handshake succeeded.
+         */
+        public SSL Connect(Socket s, byte[] session_id)
+        {
+            int client_fd = s.Handle.ToInt32();
+            byte sess_id_size = (byte)(session_id != null ? 
+                                session_id.Length : 0);
+            return new SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id,
+                        sess_id_size));
+        }
+    }
+}
+/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
new file mode 100755
index 0000000000..90c4ba3bef
--- /dev/null
+++ b/bindings/generate_SWIG_interface.pl
@@ -0,0 +1,392 @@
+#!/usr/bin/perl
+
+#
+# Copyright (c) 2007, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#===============================================================
+# Transforms function signature into SWIG format
+sub transformSignature
+{
+    foreach $item (@_)
+    { 
+        $line =~ s/STDCALL //g;
+        $line =~ s/EXP_FUNC/extern/g;
+
+        # make API Java more 'byte' friendly
+        $line =~ s/uint32_t/int/g;
+        $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        $line =~ s/\(void\)/()/g;
+        if ($ARGV[0] eq "-java")
+        {
+            $line =~ s/.*ssl_read.*//g;
+            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
+            $line =~ s/uint8_t/signed char/g;
+        }
+        elsif ($ARGV[0] eq "-perl")
+        {
+            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+        else # lua
+        {
+            $line =~ s/const uint8_t \*session_id/const unsigned char session_id\[\]/g;
+            $line =~ s/const uint8_t \*\w+/unsigned char *INPUT/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    foreach $line (@_)
+    {
+        next if $line =~ /ssl_x509_create/; # ignore for now
+
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            print DATA_OUT $line;
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $module;
+my $interfaceFile;
+my $data_file;
+my $skip;
+my $splitLine;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+if ($ARGV[0] eq "-java")
+{
+    print "Generating Java interface file\n";
+    $module = "axtlsj";
+    $interfaceFile = "java/axTLSj.i";
+}
+elsif ($ARGV[0] eq "-perl")
+{
+    print "Generating Perl interface file\n";
+    $module = "axtlsp";
+    $interfaceFile = "perl/axTLSp.i";
+}
+elsif ($ARGV[0] eq "-lua")
+{
+    print "Generating lua interface file\n";
+    $module = "axtlsl";
+    $interfaceFile = "lua/axTLSl.i";
+}
+else
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+# Input file required to generate SWIG interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+# Open output file
+open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+
+#
+# I wish I could say it was easy to generate the Perl/Java/Lua bindings, 
+# but each had their own set of challenges... :-(.
+#
+print DATA_OUT << "END";
+%module $module\n
+
+/* include our own header */
+%inline %{
+#include "ssl.h"
+%}
+
+%include "typemaps.i"
+/* Some SWIG magic to make the API a bit more Java friendly */
+#ifdef SWIGJAVA
+
+%apply long { SSL * };
+%apply long { SSL_CTX * };
+%apply long { SSLObjLoader * };
+
+/* allow "unsigned char []" to become "byte[]" */
+%include "arrays_java.i"
+
+/* convert these pointers to use long */
+%apply signed char[] {unsigned char *};
+%apply signed char[] {signed char *};
+
+/* allow ssl_get_session_id() to return "byte[]" */
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, ssl_get_session_id_size((SSL const *)arg1));\"
+
+/* allow ssl_client_new() to have a null session_id input */
+%typemap(in) const signed char session_id[] (jbyte *jarr) {
+    if (jarg3 == NULL)
+    {
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL,0);
+        return jresult;
+    }
+    
+    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
+}   
+
+/* Lot's of work required for an ssl_read() due to its various custom
+ * requirements.
+ */
+%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
+    jint jresult = 0 ;
+    SSL *arg1;
+    unsigned char *arg2;
+    jbyte *jarr;
+    int result;
+    JNIEnv e = *jenv;
+    jclass holder_class;
+    jfieldID fid;
+
+    arg1 = (SSL *)jarg1;
+    result = (int)ssl_read(arg1, &arg2);
+
+    /* find the "m_buf" entry in the SSLReadHolder class */
+    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
+            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
+        return SSL_NOT_OK;
+
+    if (result > SSL_OK)
+    {
+        int i;
+
+        /* create a new byte array to hold the read data */
+        jbyteArray jarray = e->NewByteArray(jenv, result);
+
+        /* copy the bytes across to the java byte array */
+        jarr = e->GetByteArrayElements(jenv, jarray, 0);
+        for (i = 0; i < result; i++)
+            jarr[i] = (jbyte)arg2[i];
+
+        /* clean up and set the new m_buf object */
+        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
+        e->SetObjectField(jenv, jarg2, fid, jarray);
+    }
+    else    /* set to null */
+        e->SetObjectField(jenv, jarg2, fid, NULL);
+
+    jresult = (jint)result;
+    return jresult;
+}
+%}
+
+/* Big hack to get hold of a socket's file descriptor */
+%typemap (jtype) long "Object"
+%typemap (jstype) long "Object"
+%native (getFd) int getFd(long sock);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
+{
+    JNIEnv e = *env;
+    jfieldID fid;
+    jobject impl;
+    jobject fdesc;
+
+    /* get the SocketImpl from the Socket */
+    if (!(jcls = e->GetObjectClass(env,sock)) ||
+            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
+            !(impl = e->GetObjectField(env,sock,fid))) return -1;
+
+    /* get the FileDescriptor from the SocketImpl */
+    if (!(jcls = e->GetObjectClass(env,impl)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
+            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
+
+    /* get the fd from the FileDescriptor */
+    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
+
+    /* return the descriptor */
+    return e->GetIntField(env,fdesc,fid);
+} 
+%}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Perl friendly */
+#ifdef SWIGPERL
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    SV *svs = newSVpv((unsigned char *)\$1, ssl_get_session_id_size((SSL const *)arg1));
+    \$result = newRV(svs);
+    sv_2mortal(\$result);
+    argvi++;
+}
+
+/* for ssl_write() */
+%typemap(in) const unsigned char out_data[] {
+    SV* tempsv;
+    if (!SvROK(\$input))
+        croak("Argument \$argnum is not a reference.");
+    tempsv = SvRV(\$input);
+    if (SvTYPE(tempsv) != SVt_PV)
+        croak("Argument \$argnum is not an string.");
+    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+        SV *svs = newSVpv(*\$1, result);
+        \$result = newRV(svs);
+        sv_2mortal(\$result);
+        argvi++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    /* check for a reference */
+    if (SvOK(\$input) && SvROK(\$input)) {
+        SV* tempsv = SvRV(\$input);
+        if (SvTYPE(tempsv) != SVt_PV)
+            croak("Argument \$argnum is not an string.");
+        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
+    } 
+    else
+        \$1 = NULL;
+}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Lua friendly */
+#ifdef SWIGLUA
+SWIG_NUMBER_TYPEMAP(unsigned char);
+SWIG_TYPEMAP_NUM_ARR(uchar,unsigned char);
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    int i;
+    lua_newtable(L);
+    for (i = 0; i < ssl_get_session_id_size((SSL const *)arg1); i++){
+        lua_pushnumber(L,(lua_Number)result[i]);
+        lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+    }
+    SWIG_arg++;
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+		int i;
+		lua_newtable(L);
+		for (i = 0; i < result; i++){
+			lua_pushnumber(L,(lua_Number)buf2[i]);
+			lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+		}
+        SWIG_arg++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    if (lua_isnil(L,\$input))
+        \$1 = NULL;
+    else
+        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, ssl_get_session_id((SSL const *)\$1));
+}
+
+#endif
+
+END
+
+# Initialise loop variables
+$skip = 1;
+$splitLine = 0;
+
+parseFile(@raw_data);
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
new file mode 100644
index 0000000000..e0400b6016
--- /dev/null
+++ b/bindings/java/SSL.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @defgroup java_api Java API.
+ *
+ * Ensure that the appropriate dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ */
+
+/**
+ * @class SSL
+ * @ingroup java_api 
+ * @brief A representation of an SSL connection.
+ *
+ */
+public class SSL
+{
+    public int m_ssl;    /**< A pointer to the real SSL type */
+
+    /**
+     * @brief Store the reference to an SSL context.
+     * @param ip [in] A reference to an SSL object.
+     */
+    public SSL(int ip)
+    {
+        m_ssl = ip;
+    }
+
+    /**
+     * @brief Free any used resources on this connection. 
+     * 
+     * A "Close Notify" message is sent on this connection (if possible). It 
+     * is up to the application to close the socket.
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_free(m_ssl);
+    }
+
+    /**
+     * @brief Return the result of a handshake.
+     * @return SSL_OK if the handshake is complete and ok.
+     * @see ssl.h for the error code list.
+     */
+    public int handshakeStatus()
+    {
+        return axtlsj.ssl_handshake_status(m_ssl);
+    }
+
+    /**
+     * @brief Return the SSL cipher id.
+     * @return The cipher id which is one of:
+     * - SSL_AES128_SHA (0x2f)
+     * - SSL_AES256_SHA (0x35)
+     * - SSL_AES128_SHA256 (0x3c)
+     * - SSL_AES256_SHA256 (0x3d)
+     */
+    public byte getCipherId()
+    {
+        return axtlsj.ssl_get_cipher_id(m_ssl);
+    }
+
+    /**
+     * @brief Get the session id for a handshake. 
+     * 
+     * This will be a 32 byte sequence and is available after the first
+     * handshaking messages are sent.
+     * @return The session id as a 32 byte sequence.
+     * @note A SSLv23 handshake may have only 16 valid bytes.
+     */
+    public byte[] getSessionId()
+    {
+        return axtlsj.ssl_get_session_id(m_ssl);
+    }
+
+    /**
+     * @brief Retrieve an X.509 distinguished name component.
+     * 
+     * When a handshake is complete and a certificate has been exchanged, 
+     * then the details of the remote certificate can be retrieved.
+     *
+     * This will usually be used by a client to check that the server's common 
+     * name matches the URL.
+     *
+     * A full handshake needs to occur for this call to work.
+     *
+     * @param component [in] one of:
+     * - SSL_X509_CERT_COMMON_NAME
+     * - SSL_X509_CERT_ORGANIZATION
+     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+     * - SSL_X509_CA_CERT_COMMON_NAME
+     * - SSL_X509_CA_CERT_ORGANIZATION
+     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+     * @return The appropriate string (or null if not defined)
+     */
+    public String getCertificateDN(int component)
+    {
+        return axtlsj.ssl_get_cert_dn(m_ssl, component);
+    }
+}
diff --git a/compat b/compat
new file mode 160000
index 0000000000..bc2bf7b61b
--- /dev/null
+++ b/compat
@@ -0,0 +1 @@
+Subproject commit bc2bf7b61b9295b07d2fd9b5a9bb7824b1677c85
diff --git a/config/makefile.conf b/config/makefile.conf
new file mode 100644
index 0000000000..702abfd238
--- /dev/null
+++ b/config/makefile.conf
@@ -0,0 +1,134 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# A standard makefile for all makefiles
+#
+
+# All executables and libraries go here
+STAGE=./_stage
+
+ifneq ($(MAKECMDGOALS), clean)
+
+# Give an initial rule
+all: 
+
+# Win32 
+ifdef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_VISUAL_STUDIO_7_0
+CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_8_0
+CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_10_0
+CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH)
+stuff:
+	@echo $(INCLUDE)
+endif
+
+CC=cl.exe
+LD=link.exe
+AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
+CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386
+LDSHARED = /dll
+AR=lib /nologo
+
+ifdef CONFIG_DEBUG
+	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
+	LDFLAGS += /debug /incremental:yes 
+else
+	CFLAGS += /O2 /D "NDEBUG"
+	LDFLAGS += /incremental:no 
+endif
+
+else    # Not Win32
+
+-include .depend
+
+CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
+LD=$(CC)
+STRIP=$(CROSS)strip
+
+# Solaris
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -DCONFIG_PLATFORM_SOLARIS
+LDFLAGS += -lsocket -lnsl -lc
+LDSHARED = -G
+# Linux/Cygwin
+else 
+CFLAGS += -Wall -Wstrict-prototypes -Wshadow
+LDSHARED = -shared
+
+# Linux
+ifndef CONFIG_PLATFORM_CYGWIN
+ifndef CONFIG_PLATFORM_NOMMU
+CFLAGS += -fPIC 
+
+# Cygwin
+else
+CFLAGS += -DCONFIG_PLATFORM_CYGWIN
+LDFLAGS += -enable-auto-import
+endif
+endif
+endif
+
+ifdef CONFIG_DEBUG
+CFLAGS += -g
+else
+LDFLAGS += -s
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -O 
+else
+CFLAGS += -O3
+endif
+
+endif	# CONFIG_DEBUG
+endif   # WIN32
+
+CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
+LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
+
+endif   # not 'clean'
+
+clean::
+	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
+
diff --git a/crypto/aes.c b/crypto/aes.c
new file mode 100644
index 0000000000..af6bd98b7a
--- /dev/null
+++ b/crypto/aes.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * AES implementation - this is a small code version. There are much faster
+ * versions around but they are much larger in size (i.e. they use large 
+ * submix tables).
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+#define rot1(x) (((x) << 24) | ((x) >> 8))
+#define rot2(x) (((x) << 16) | ((x) >> 16))
+#define rot3(x) (((x) <<  8) | ((x) >> 24))
+
+/* 
+ * This cute trick does 4 'mul by two' at once.  Stolen from
+ * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
+ * a standard graphics trick
+ * The key to this is that we need to xor with 0x1b if the top bit is set.
+ * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
+ * c 0000 0001   0000 0000 we then subtract (c) from (b)
+ * d 0111 1111   0000 0000 and now we and with our mask
+ * e 0001 1011   0000 0000
+ */
+#define mt  0x80808080
+#define ml  0x7f7f7f7f
+#define mh  0xfefefefe
+#define mm  0x1b1b1b1b
+#define mul2(x,t)	((t)=((x)&mt), \
+			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
+
+#define inv_mix_col(x,f2,f4,f8,f9) (\
+			(f2)=mul2(x,f2), \
+			(f4)=mul2(f2,f4), \
+			(f8)=mul2(f4,f8), \
+			(f9)=(x)^(f8), \
+			(f8)=((f2)^(f4)^(f8)), \
+			(f2)^=(f9), \
+			(f4)^=(f9), \
+			(f8)^=rot3(f2), \
+			(f8)^=rot2(f4), \
+			(f8)^rot1(f9))
+
+/*
+ * AES S-box
+ */
+static const uint8_t aes_sbox[256] PROGMEM =
+{
+	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
+	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
+	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
+	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
+	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
+	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
+	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
+	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
+	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
+	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
+	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
+	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
+	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
+	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
+	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
+	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
+	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
+	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
+	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
+	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
+	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
+	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
+	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
+	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
+	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
+	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
+	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
+	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
+	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
+	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
+	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
+	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
+};
+
+/*
+ * AES is-box
+ */
+static const uint8_t aes_isbox[256] PROGMEM = 
+{
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const unsigned char Rcon[30]=
+{
+	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
+	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
+	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
+	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
+};
+
+/* ----- static functions ----- */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
+
+/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
+   x^8+x^4+x^3+x+1 */
+static unsigned char AES_xtime(uint32_t x)
+{
+	return (x&0x80) ? (x<<1)^0x1b : x<<1;
+}
+
+/**
+ * Set up AES with the key/iv and cipher size.
+ */
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode)
+{
+    int i, ii;
+    uint32_t *W, tmp, tmp2;
+    const unsigned char *ip;
+    int words;
+
+    switch (mode)
+    {
+        case AES_MODE_128:
+            i = 10;
+            words = 4;
+            break;
+
+        case AES_MODE_256:
+            i = 14;
+            words = 8;
+            break;
+
+        default:        /* fail silently */
+            return;
+    }
+
+    ctx->rounds = i;
+    ctx->key_size = words;
+    W = ctx->ks;
+    for (i = 0; i < words; i+=2)
+    {
+        W[i+0]=	((uint32_t)key[ 0]<<24)|
+            ((uint32_t)key[ 1]<<16)|
+            ((uint32_t)key[ 2]<< 8)|
+            ((uint32_t)key[ 3]    );
+        W[i+1]=	((uint32_t)key[ 4]<<24)|
+            ((uint32_t)key[ 5]<<16)|
+            ((uint32_t)key[ 6]<< 8)|
+            ((uint32_t)key[ 7]    );
+        key += 8;
+    }
+
+    ip = Rcon;
+    ii = 4 * (ctx->rounds+1);
+    for (i = words; i<ii; i++)
+    {
+        tmp = W[i-1];
+
+        if ((i % words) == 0)
+        {
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<24;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)));
+            tmp=tmp2^(((unsigned int)*ip)<<24);
+            ip++;
+        }
+
+        if ((words == 8) && ((i % words) == 4))
+        {
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))    ;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)     ))<<24;
+            tmp=tmp2;
+        }
+
+        W[i]=W[i-words]^tmp;
+    }
+
+    /* copy the iv across */
+    memcpy(ctx->iv, iv, 16);
+}
+
+/**
+ * Change a key for decryption.
+ */
+void AES_convert_key(AES_CTX *ctx)
+{
+    int i;
+    uint32_t *k,w,t1,t2,t3,t4;
+
+    k = ctx->ks;
+    k += 4;
+
+    for (i= ctx->rounds*4; i > 4; i--)
+    {
+        w= *k;
+        w = inv_mix_col(w,t1,t2,t3,t4);
+        *k++ =w;
+    }
+}
+
+/**
+ * Encrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], tout[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        tout[i] = ntohl(iv[i]);
+
+    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+            tin[i] = ntohl(msg_32[i])^tout[i];
+
+        AES_encrypt(ctx, tin);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = tin[i]; 
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(tout[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Decrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        xor[i] = ntohl(iv[i]);
+
+    for (length -= 16; length >= 0; length -= 16)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+        {
+            tin[i] = ntohl(msg_32[i]);
+            data[i] = tin[i];
+        }
+
+        AES_decrypt(ctx, data);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = data[i]^xor[i];
+            xor[i] = tin[i];
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(xor[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Encrypt a single block (16 bytes) of data
+ */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+{
+    /* To make this code smaller, generate the sbox entries on the fly.
+     * This will have a really heavy effect upon performance.
+     */
+    uint32_t tmp[4];
+    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds; 
+    const uint32_t *k = ctx->ks;
+
+    /* Pre-round key addition */
+    for (row = 0; row < 4; row++)
+        data[row] ^= *(k++);
+
+    /* Encrypt one block. */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 0; row < 4; row++)
+        {
+            a0 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[row%4]>>24)&0xFF));
+            a1 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+1)%4]>>16)&0xFF));
+            a2 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+2)%4]>>8)&0xFF));
+            a3 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+3)%4])&0xFF));
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd < (rounds - 1))
+            {
+                tmp1 = a0 ^ a1 ^ a2 ^ a3;
+                old_a0 = a0;
+                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
+                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
+                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
+                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
+            }
+
+            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
+        }
+
+        /* KeyAddition - note that it is vital that this loop is separate from
+           the MixColumn operation, which must be atomic...*/ 
+        for (row = 0; row < 4; row++)
+            data[row] = tmp[row] ^ *(k++);
+    }
+}
+
+/**
+ * Decrypt a single block (16 bytes) of data
+ */
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+{ 
+    uint32_t tmp[4];
+    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
+    uint32_t a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds;
+    const uint32_t *k = ctx->ks + ((rounds+1)*4);
+
+    /* pre-round key addition */
+    for (row=4; row > 0;row--)
+        data[row-1] ^= *(--k);
+
+    /* Decrypt one block */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 4; row > 0; row--)
+        {
+            a0 = ax_array_read_u8(aes_isbox, (data[(row+3)%4]>>24)&0xFF);
+            a1 = ax_array_read_u8(aes_isbox, (data[(row+2)%4]>>16)&0xFF);
+            a2 = ax_array_read_u8(aes_isbox, (data[(row+1)%4]>>8)&0xFF);
+            a3 = ax_array_read_u8(aes_isbox, (data[row%4])&0xFF);
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd<(rounds-1))
+            {
+                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
+                   are quite large compared to encryption; this 
+                   operation slows decryption down noticeably. */
+                xt0 = AES_xtime(a0^a1);
+                xt1 = AES_xtime(a1^a2);
+                xt2 = AES_xtime(a2^a3);
+                xt3 = AES_xtime(a3^a0);
+                xt4 = AES_xtime(xt0^xt1);
+                xt5 = AES_xtime(xt1^xt2);
+                xt6 = AES_xtime(xt4^xt5);
+
+                xt0 ^= a1^a2^a3^xt4^xt6;
+                xt1 ^= a0^a2^a3^xt5^xt6;
+                xt2 ^= a0^a1^a3^xt4^xt6;
+                xt3 ^= a0^a1^a2^xt5^xt6;
+                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
+            }
+            else
+                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
+        }
+
+        for (row = 4; row > 0; row--)
+            data[row-1] = tmp[row-1] ^ *(--k);
+    }
+}
diff --git a/crypto/bigint.c b/crypto/bigint.c
new file mode 100644
index 0000000000..d90b093822
--- /dev/null
+++ b/crypto/bigint.c
@@ -0,0 +1,1514 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @defgroup bigint_api Big Integer API
+ * @brief The bigint implementation as used by the axTLS project.
+ *
+ * The bigint library is for RSA encryption/decryption as well as signing.
+ * This code tries to minimise use of malloc/free by maintaining a small 
+ * cache. A bigint context may maintain state by being made "permanent". 
+ * It be be later released with a bi_depermanent() and bi_free() call.
+ *
+ * It supports the following reduction techniques:
+ * - Classical
+ * - Barrett
+ * - Montgomery
+ *
+ * It also implements the following:
+ * - Karatsuba multiplication
+ * - Squaring
+ * - Sliding window exponentiation
+ * - Chinese Remainder Theorem (implemented in rsa.c).
+ *
+ * All the algorithms used are pretty standard, and designed for different
+ * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
+ * may need to be tested for negativity.
+ *
+ * This library steals some ideas from Jef Poskanzer
+ * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
+ * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
+ * detail from "The Handbook of Applied Cryptography"
+ * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
+ * @{
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "os_port.h"
+#include "bigint.h"
+
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
+static bigint *alloc(BI_CTX *ctx, int size);
+static bigint *trim(bigint *bi);
+static void more_comps(bigint *bi, int n);
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+static bigint *comp_right_shift(bigint *biR, int num_shifts);
+static bigint *comp_left_shift(bigint *biR, int num_shifts);
+#endif
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+static void check(const bigint *bi);
+#else
+#define check(A)                /**< disappears in normal production mode */
+#endif
+
+
+/**
+ * @brief Start a new bigint context.
+ * @return A bigint context.
+ */
+BI_CTX *bi_initialize(void)
+{
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
+   
+    /* the radix */
+    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix->comps[0] = 0;
+    ctx->bi_radix->comps[1] = 1;
+    bi_permanent(ctx->bi_radix);
+    return ctx;
+}
+
+/**
+ * @brief Close the bigint context and free any resources.
+ *
+ * Free up any used memory - a check is done if all objects were not 
+ * properly freed.
+ * @param ctx [in]   The bigint session context.
+ */
+void bi_terminate(BI_CTX *ctx)
+{
+    bi_depermanent(ctx->bi_radix); 
+    bi_free(ctx, ctx->bi_radix);
+
+    if (ctx->active_count != 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_terminate: there were %d un-freed bigints\n",
+                       ctx->active_count);
+#endif
+        abort();
+    }
+
+    bi_clear_cache(ctx);
+    free(ctx);
+}
+
+/**
+ *@brief Clear the memory cache.
+ */
+void bi_clear_cache(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    if (ctx->free_list == NULL)
+        return;
+    
+    for (p = ctx->free_list; p != NULL; p = pn)
+    {
+        pn = p->next;
+        free(p->comps);
+        free(p);
+    }
+
+    ctx->free_count = 0;
+    ctx->free_list = NULL;
+}
+
+/**
+ * @brief Increment the number of references to this object. 
+ * It does not do a full copy.
+ * @param bi [in]   The bigint to copy.
+ * @return A reference to the same bigint.
+ */
+bigint *bi_copy(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+        bi->refs++;
+    return bi;
+}
+
+/**
+ * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
+ *
+ * For this object to be freed, bi_depermanent() must be called.
+ * @param bi [in]   The bigint to be made permanent.
+ */
+void bi_permanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != 1)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_permanent: refs was not 1\n");
+#endif
+        abort();
+    }
+
+    bi->refs = PERMANENT;
+}
+
+/**
+ * @brief Take a permanent object and make it eligible for freedom.
+ * @param bi [in]   The bigint to be made back to temporary.
+ */
+void bi_depermanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_depermanent: bigint was not permanent\n");
+#endif
+        abort();
+    }
+
+    bi->refs = 1;
+}
+
+/**
+ * @brief Free a bigint object so it can be used again. 
+ *
+ * The memory itself it not actually freed, just tagged as being available 
+ * @param ctx [in]   The bigint session context.
+ * @param bi [in]    The bigint to be freed.
+ */
+void bi_free(BI_CTX *ctx, bigint *bi)
+{
+    check(bi);
+    if (bi->refs == PERMANENT)
+    {
+        return;
+    }
+
+    if (--bi->refs > 0)
+    {
+        return;
+    }
+
+    bi->next = ctx->free_list;
+    ctx->free_list = bi;
+    ctx->free_count++;
+
+    if (--ctx->active_count < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_free: active_count went negative "
+                "- double-freed bigint?\n");
+#endif
+        abort();
+    }
+}
+
+/**
+ * @brief Convert an (unsigned) integer into a bigint.
+ * @param ctx [in]   The bigint session context.
+ * @param i [in]     The (unsigned) integer to be converted.
+ * 
+ */
+bigint *int_to_bi(BI_CTX *ctx, comp i)
+{
+    bigint *biR = alloc(ctx, 1);
+    biR->comps[0] = i;
+    return biR;
+}
+
+/**
+ * @brief Do a full copy of the bigint object.
+ * @param ctx [in]   The bigint session context.
+ * @param bi  [in]   The bigint object to be copied.
+ */
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
+{
+    bigint *biR = alloc(ctx, bi->size);
+    check(bi);
+    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
+    return biR;
+}
+
+/**
+ * @brief Perform an addition operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the addition.
+ */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int n;
+    comp carry = 0;
+    comp *pa, *pb;
+
+    check(bia);
+    check(bib);
+
+    n = axtls_max(bia->size, bib->size);
+    more_comps(bia, n+1);
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do
+    {
+        comp  sl, rl, cy1;
+        sl = *pa + *pb++;
+        rl = sl + carry;
+        cy1 = sl < *pa;
+        carry = cy1 | (rl < sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    *pa = carry;                  /* do overflow */
+    bi_free(ctx, bib);
+    return trim(bia);
+}
+
+/**
+ * @brief Perform a subtraction operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @param is_negative [out] If defined, indicates that the result was negative.
+ * is_negative may be null.
+ * @return The result of the subtraction. The result is always positive.
+ */
+bigint *bi_subtract(BI_CTX *ctx, 
+        bigint *bia, bigint *bib, int *is_negative)
+{
+    int n = bia->size;
+    comp *pa, *pb, carry = 0;
+
+    check(bia);
+    check(bib);
+
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do 
+    {
+        comp sl, rl, cy1;
+        sl = *pa - *pb++;
+        rl = sl - carry;
+        cy1 = sl > *pa;
+        carry = cy1 | (rl > sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    if (is_negative)    /* indicate a negative result */
+    {
+        *is_negative = carry;
+    }
+
+    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
+    return trim(bia);
+}
+
+/**
+ * Perform a multiply between a bigint an an (unsigned) integer
+ */
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
+{
+    int j = 0, n = bia->size;
+    bigint *biR = alloc(ctx, n + 1);
+    comp carry = 0;
+    comp *r = biR->comps;
+    comp *a = bia->comps;
+
+    check(bia);
+
+    /* clear things to start with */
+    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
+
+    do
+    {
+        long_comp tmp = *r + (long_comp)a[j]*b + carry;
+        *r++ = (comp)tmp;              /* downsize */
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+    } while (++j < n);
+
+    *r = carry;
+    bi_free(ctx, bia);
+    return trim(biR);
+}
+
+/**
+ * @brief Does both division and modulo calculations. 
+ *
+ * Used extensively when doing classical reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param u [in]    A bigint which is the numerator.
+ * @param v [in]    Either the denominator or the modulus depending on the mode.
+ * @param is_mod [n] Determines if this is a normal division (0) or a reduction
+ * (1).
+ * @return  The result of the division/reduction.
+ */
+bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
+{
+    int n = v->size, m = u->size-n;
+    int j = 0, orig_u_size = u->size;
+    uint8_t mod_offset = ctx->mod_offset;
+    comp d;
+    bigint *quotient, *tmp_u;
+    comp q_dash;
+
+    check(u);
+    check(v);
+
+    /* if doing reduction and we are < mod, then return mod */
+    if (is_mod && bi_compare(v, u) > 0)
+    {
+        bi_free(ctx, v);
+        return u;
+    }
+
+    quotient = alloc(ctx, m+1);
+    tmp_u = alloc(ctx, n+1);
+    v = trim(v);        /* make sure we have no leading 0's */
+    d = (comp)((long_comp)COMP_RADIX/(V1+1));
+
+    /* clear things to start with */
+    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
+
+    /* normalise */
+    if (d > 1)
+    {
+        u = bi_int_multiply(ctx, u, d);
+
+        if (is_mod)
+        {
+            v = ctx->bi_normalised_mod[mod_offset];
+        }
+        else
+        {
+            v = bi_int_multiply(ctx, v, d);
+        }
+    }
+
+    if (orig_u_size == u->size)  /* new digit position u0 */
+    {
+        more_comps(u, orig_u_size + 1);
+    }
+
+    do
+    {
+        /* get a temporary short version of u */
+        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
+
+        /* calculate q' */
+        if (U(0) == V1)
+        {
+            q_dash = COMP_RADIX-1;
+        }
+        else
+        {
+            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
+
+            if (v->size > 1 && V2)
+            {
+                /* we are implementing the following:
+                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                        q_dash*V1)*COMP_RADIX) + U(2))) ... */
+                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                            (long_comp)q_dash*V1);
+                if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+                {
+                    q_dash--;
+                }
+            }
+        }
+
+        /* multiply and subtract */
+        if (q_dash)
+        {
+            int is_negative;
+            tmp_u = bi_subtract(ctx, tmp_u, 
+                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
+            more_comps(tmp_u, n+1);
+
+            Q(j) = q_dash; 
+
+            /* add back */
+            if (is_negative)
+            {
+                Q(j)--;
+                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+
+                /* lop off the carry */
+                tmp_u->size--;
+                v->size--;
+            }
+        }
+        else
+        {
+            Q(j) = 0; 
+        }
+
+        /* copy back to u */
+        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
+    } while (++j <= m);
+
+    bi_free(ctx, tmp_u);
+    bi_free(ctx, v);
+
+    if (is_mod)     /* get the remainder */
+    {
+        bi_free(ctx, quotient);
+        return bi_int_divide(ctx, trim(u), d);
+    }
+    else            /* get the quotient */
+    {
+        bi_free(ctx, u);
+        return trim(quotient);
+    }
+}
+
+/*
+ * Perform an integer divide on a bigint.
+ */
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
+{
+    int i = biR->size - 1;
+    long_comp r = 0;
+
+    check(biR);
+
+    do
+    {
+        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
+        biR->comps[i] = (comp)(r / denom);
+        r %= denom;
+    } while (--i >= 0);
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+/**
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
+ * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * find N0' from N0 and b */
+static comp modular_inverse(bigint *bim)
+{
+    int i;
+    comp t = 1;
+    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    long_comp two_2_i = 4;      /* 2^i */
+    comp N = bim->comps[0];
+
+    for (i = 2; i <= COMP_BIT_SIZE; i++)
+    {
+        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
+        {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (comp)(COMP_RADIX-t);
+}
+#endif
+
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * Take each component and shift down (in terms of components) 
+ */
+static bigint *comp_right_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-num_shifts;
+    comp *x = biR->comps;
+    comp *y = &biR->comps[num_shifts];
+
+    check(biR);
+
+    if (i <= 0)     /* have we completely right shifted? */
+    {
+        biR->comps[0] = 0;  /* return 0 */
+        biR->size = 1;
+        return biR;
+    }
+
+    do
+    {
+        *x++ = *y++;
+    } while (--i > 0);
+
+    biR->size -= num_shifts;
+    return biR;
+}
+
+/**
+ * Take each component and shift it up (in terms of components) 
+ */
+static bigint *comp_left_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-1;
+    comp *x, *y;
+
+    check(biR);
+
+    if (num_shifts <= 0)
+    {
+        return biR;
+    }
+
+    more_comps(biR, biR->size + num_shifts);
+
+    x = &biR->comps[i+num_shifts];
+    y = &biR->comps[i];
+
+    do
+    {
+        *x-- = *y--;
+    } while (i--);
+
+    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
+    return biR;
+}
+#endif
+
+/**
+ * @brief Allow a binary sequence to be imported as a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] The data to be converted.
+ * @param size [in] The number of bytes of data.
+ * @return A bigint representing this data.
+ */
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
+{
+    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
+    int i, j = 0, offset = 0;
+
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        biR->comps[offset] += data[i] << (j*8);
+
+        if (++j == COMP_BYTE_SIZE)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * @brief The testharness uses this code to import text hex-streams and 
+ * convert them into bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] A string consisting of hex characters. The characters must
+ * be in upper case.
+ * @return A bigint representing this data.
+ */
+bigint *bi_str_import(BI_CTX *ctx, const char *data)
+{
+    int size = strlen(data);
+    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
+    int i, j = 0, offset = 0;
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
+        biR->comps[offset] += num << (j*4);
+
+        if (++j == COMP_NUM_NIBBLES)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return biR;
+}
+
+void bi_print(const char *label, bigint *x)
+{
+    int i, j;
+
+    if (x == NULL)
+    {
+        printf("%s: (null)\n", label);
+        return;
+    }
+
+    printf("%s: (size %d)\n", label, x->size);
+    for (i = x->size-1; i >= 0; i--)
+    {
+        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
+        {
+            comp mask = 0x0f << (j*4);
+            comp num = (x->comps[i] & mask) >> (j*4);
+            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
+        }
+    }  
+
+    printf("\n");
+}
+#endif
+
+/**
+ * @brief Take a bigint and convert it into a byte sequence. 
+ *
+ * This is useful after a decrypt operation.
+ * @param ctx [in]  The bigint session context.
+ * @param x [in]  The bigint to be converted.
+ * @param data [out] The converted data as a byte stream.
+ * @param size [in] The maximum size of the byte stream. Unused bytes will be
+ * zeroed.
+ */
+void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
+{
+    int i, j, k = size-1;
+
+    check(x);
+    memset(data, 0, size);  /* ensure all leading 0's are cleared */
+
+    for (i = 0; i < x->size; i++)
+    {
+        for (j = 0; j < COMP_BYTE_SIZE; j++)
+        {
+            comp mask = 0xff << (j*8);
+            int num = (x->comps[i] & mask) >> (j*8);
+            data[k--] = num;
+
+            if (k < 0)
+            {
+                goto buf_done;
+            }
+        }
+    }
+buf_done:
+
+    bi_free(ctx, x);
+}
+
+/**
+ * @brief Pre-calculate some of the expensive steps in reduction. 
+ *
+ * This function should only be called once (normally when a session starts).
+ * When the session is over, bi_free_mod() should be called. bi_mod_power()
+ * relies on this function being called.
+ * @param ctx [in]  The bigint session context.
+ * @param bim [in]  The bigint modulus that will be used.
+ * @param mod_offset [in] There are three moduluii that can be stored - the
+ * standard modulus, and its two primes p and q. This offset refers to which
+ * modulus we are referring to.
+ * @see bi_free_mod(), bi_mod_power().
+ */
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
+{
+    int k = bim->size;
+    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    bigint *R, *R2;
+#endif
+
+    ctx->bi_mod[mod_offset] = bim;
+    bi_permanent(ctx->bi_mod[mod_offset]);
+    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
+    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    /* set montgomery variables */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
+    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
+    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
+
+    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
+
+    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+
+#elif defined (CONFIG_BIGINT_BARRETT)
+    ctx->bi_mu[mod_offset] = 
+        bi_divide(ctx, comp_left_shift(
+            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+    bi_permanent(ctx->bi_mu[mod_offset]);
+#endif
+}
+
+/**
+ * @brief Used when cleaning various bigints at the end of a session.
+ * @param ctx [in]  The bigint session context.
+ * @param mod_offset [in] The offset to use.
+ * @see bi_set_mod().
+ */
+void bi_free_mod(BI_CTX *ctx, int mod_offset)
+{
+    bi_depermanent(ctx->bi_mod[mod_offset]);
+    bi_free(ctx, ctx->bi_mod[mod_offset]);
+#if defined (CONFIG_BIGINT_MONTGOMERY)
+    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_free(ctx, ctx->bi_mu[mod_offset]);
+#endif
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
+}
+
+/** 
+ * Perform a standard multiplication between two bigints.
+ *
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over Classical/Montgomery reduction methods. 
+ */
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
+{
+    int i = 0, j;
+    int n = bia->size;
+    int t = bib->size;
+    bigint *biR = alloc(ctx, n + t);
+    comp *sr = biR->comps;
+    comp *sa = bia->comps;
+    comp *sb = bib->comps;
+
+    check(bia);
+    check(bib);
+
+    /* clear things to start with */
+    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
+
+    do 
+    {
+        long_comp tmp;
+        comp carry = 0;
+        int r_index = i;
+        j = 0;
+
+        if (outer_partial && outer_partial-i > 0 && outer_partial < n)
+        {
+            r_index = outer_partial-1;
+            j = outer_partial-i-1;
+        }
+
+        do
+        {
+            if (inner_partial && r_index >= inner_partial) 
+            {
+                break;
+            }
+
+            tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
+            sr[r_index++] = (comp)tmp;              /* downsize */
+            carry = tmp >> COMP_BIT_SIZE;
+        } while (++j < n);
+
+        sr[r_index] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+/*
+ * Karatsuba improves on regular multiplication due to only 3 multiplications 
+ * being done instead of 4. The additional additions/subtractions are O(N) 
+ * rather than O(N^2) and so for big numbers it saves on a few operations 
+ */
+static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
+{
+    bigint *x0, *x1;
+    bigint *p0, *p1, *p2;
+    int m;
+
+    if (is_square)
+    {
+        m = (bia->size + 1)/2;
+    }
+    else
+    {
+        m = (axtls_max(bia->size, bib->size) + 1)/2;
+    }
+
+    x0 = bi_clone(ctx, bia);
+    x0->size = m;
+    x1 = bi_clone(ctx, bia);
+    comp_right_shift(x1, m);
+    bi_free(ctx, bia);
+
+    /* work out the 3 partial products */
+    if (is_square)
+    {
+        p0 = bi_square(ctx, bi_copy(x0));
+        p2 = bi_square(ctx, bi_copy(x1));
+        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
+    }
+    else /* normal multiply */
+    {
+        bigint *y0, *y1;
+        y0 = bi_clone(ctx, bib);
+        y0->size = m;
+        y1 = bi_clone(ctx, bib);
+        comp_right_shift(y1, m);
+        bi_free(ctx, bib);
+
+        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
+        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
+        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
+    }
+
+    p1 = bi_subtract(ctx, 
+            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
+
+    comp_left_shift(p1, m);
+    comp_left_shift(p2, 2*m);
+    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
+}
+#endif
+
+/**
+ * @brief Perform a multiplication operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    check(bia);
+    check(bib);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (axtls_min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    {
+        return regular_multiply(ctx, bia, bib, 0, 0);
+    }
+
+    return karatsuba(ctx, bia, bib, 0);
+#else
+    return regular_multiply(ctx, bia, bib, 0, 0);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_SQUARE
+/*
+ * Perform the actual square operion. It takes into account overflow.
+ */
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+{
+    int t = bi->size;
+    int i = 0, j;
+    bigint *biR = alloc(ctx, t*2+1);
+    comp *w = biR->comps;
+    comp *x = bi->comps;
+    long_comp carry;
+    memset(w, 0, biR->size*COMP_BYTE_SIZE);
+
+    do
+    {
+        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
+        w[2*i] = (comp)tmp;
+        carry = tmp >> COMP_BIT_SIZE;
+
+        for (j = i+1; j < t; j++)
+        {
+            uint8_t c = 0;
+            long_comp xx = (long_comp)x[i]*x[j];
+            if ((COMP_MAX-xx) < xx)
+                c = 1;
+
+            tmp = (xx<<1);
+
+            if ((COMP_MAX-tmp) < w[i+j])
+                c = 1;
+
+            tmp += w[i+j];
+
+            if ((COMP_MAX-tmp) < carry)
+                c = 1;
+
+            tmp += carry;
+            w[i+j] = (comp)tmp;
+            carry = tmp >> COMP_BIT_SIZE;
+
+            if (c)
+                carry += COMP_RADIX;
+        }
+
+        tmp = w[i+t] + carry;
+        w[i+t] = (comp)tmp;
+        w[i+t+1] = tmp >> COMP_BIT_SIZE;
+    } while (++i < t);
+
+    bi_free(ctx, bi);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a square operation on a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_square(BI_CTX *ctx, bigint *bia)
+{
+    check(bia);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (bia->size < SQU_KARATSUBA_THRESH) 
+    {
+        return regular_square(ctx, bia);
+    }
+
+    return karatsuba(ctx, bia, NULL, 1);
+#else
+    return regular_square(ctx, bia);
+#endif
+}
+#endif
+
+/**
+ * @brief Compare two bigints.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return -1 if smaller, 1 if larger and 0 if equal.
+ */
+int bi_compare(bigint *bia, bigint *bib)
+{
+    int r, i;
+
+    check(bia);
+    check(bib);
+
+    if (bia->size > bib->size)
+        r = 1;
+    else if (bia->size < bib->size)
+        r = -1;
+    else
+    {
+        comp *a = bia->comps; 
+        comp *b = bib->comps; 
+
+        /* Same number of components.  Compare starting from the high end
+         * and working down. */
+        r = 0;
+        i = bia->size - 1;
+
+        do 
+        {
+            if (a[i] > b[i])
+            { 
+                r = 1;
+                break; 
+            }
+            else if (a[i] < b[i])
+            { 
+                r = -1;
+                break; 
+            }
+        } while (--i >= 0);
+    }
+
+    return r;
+}
+
+/*
+ * Allocate and zero more components.  Does not consume bi. 
+ */
+static void more_comps(bigint *bi, int n)
+{
+    if (n > bi->max_comps)
+    {
+        bi->max_comps = axtls_max(bi->max_comps * 2, n);
+        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
+    }
+
+    if (n > bi->size)
+    {
+        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
+    }
+
+    bi->size = n;
+}
+
+/*
+ * Make a new empty bigint. It may just use an old one if one is available.
+ * Otherwise get one off the heap.
+ */
+static bigint *alloc(BI_CTX *ctx, int size)
+{
+    bigint *biR;
+
+    /* Can we recycle an old bigint? */
+    if (ctx->free_list != NULL)
+    {
+        biR = ctx->free_list;
+        ctx->free_list = biR->next;
+        ctx->free_count--;
+
+        if (biR->refs != 0)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("alloc: refs was not 0\n");
+#endif
+            abort();    /* create a stack trace from a core dump */
+        }
+
+        more_comps(biR, size);
+    }
+    else
+    {
+        /* No free bigints available - create a new one. */
+        biR = (bigint *)malloc(sizeof(bigint));
+        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
+        biR->max_comps = size;  /* give some space to spare */
+    }
+
+    biR->size = size;
+    biR->refs = 1;
+    biR->next = NULL;
+    ctx->active_count++;
+    return biR;
+}
+
+/*
+ * Work out the highest '1' bit in an exponent. Used when doing sliding-window
+ * exponentiation.
+ */
+static int find_max_exp_index(bigint *biexp)
+{
+    int i = COMP_BIT_SIZE-1;
+    comp shift = COMP_RADIX/2;
+    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
+
+    check(biexp);
+
+    do
+    {
+        if (test & shift)
+        {
+            return i+(biexp->size-1)*COMP_BIT_SIZE;
+        }
+
+        shift >>= 1;
+    } while (i-- != 0);
+
+    return -1;      /* error - must have been a leading 0 */
+}
+
+/*
+ * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
+ * exponentiation.
+ */
+static int exp_bit_is_one(bigint *biexp, int offset)
+{
+    comp test = biexp->comps[offset / COMP_BIT_SIZE];
+    int num_shifts = offset % COMP_BIT_SIZE;
+    comp shift = 1;
+    int i;
+
+    check(biexp);
+
+    for (i = 0; i < num_shifts; i++)
+    {
+        shift <<= 1;
+    }
+
+    return (test & shift) != 0;
+}
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+/*
+ * Perform a sanity check on bi.
+ */
+static void check(const bigint *bi)
+{
+    if (bi->refs <= 0)
+    {
+        printf("check: zero or negative refs in bigint\n");
+        abort();
+    }
+
+    if (bi->next != NULL)
+    {
+        printf("check: attempt to use a bigint from "
+                "the free list\n");
+        abort();
+    }
+}
+#endif
+
+/*
+ * Delete any leading 0's (and allow for 0).
+ */
+static bigint *trim(bigint *bi)
+{
+    check(bi);
+
+    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
+    {
+        bi->size--;
+    }
+
+    return bi;
+}
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * @brief Perform a single montgomery reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bixy [in]  A bigint.
+ * @return The result of the montgomery reduction.
+ */
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
+{
+    int i = 0, n;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    comp mod_inv = ctx->N0_dash[mod_offset];
+
+    check(bixy);
+
+    ax_wdt_feed();
+    if (ctx->use_classical)     /* just use classical instead */
+    {
+        return bi_mod(ctx, bixy);
+    }
+
+    n = bim->size;
+
+    do
+    {
+        bixy = bi_add(ctx, bixy, comp_left_shift(
+                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
+    } while (++i < n);
+
+    comp_right_shift(bixy, n);
+
+    if (bi_compare(bixy, bim) >= 0)
+    {
+        bixy = bi_subtract(ctx, bixy, bim, NULL);
+    }
+
+    return bixy;
+}
+
+#elif defined(CONFIG_BIGINT_BARRETT)
+/*
+ * Stomp on the most significant components to give the illusion of a "mod base
+ * radix" operation 
+ */
+static bigint *comp_mod(bigint *bi, int mod)
+{
+    check(bi);
+
+    if (bi->size > mod)
+    {
+        bi->size = mod;
+    }
+
+    return bi;
+}
+
+/**
+ * @brief Perform a single Barrett reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bi [in]  A bigint.
+ * @return The result of the Barrett reduction.
+ */
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
+{
+    bigint *q1, *q2, *q3, *r1, *r2, *r;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    int k = bim->size;
+
+    check(bi);
+    check(bim);
+
+    ax_wdt_feed();
+    /* use Classical method instead  - Barrett cannot help here */
+    if (bi->size > k*2)
+    {
+        return bi_mod(ctx, bi);
+    }
+
+    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
+
+    /* do outer partial multiply */
+    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q3 = comp_right_shift(q2, k+1);
+    r1 = comp_mod(bi, k+1);
+
+    /* do inner partial multiply */
+    r2 = comp_mod(regular_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r = bi_subtract(ctx, r1, r2, NULL);
+
+    /* if (r >= m) r = r - m; */
+    if (bi_compare(r, bim) >= 0)
+    {
+        r = bi_subtract(ctx, r, bim, NULL);
+    }
+
+    return r;
+}
+#endif /* CONFIG_BIGINT_BARRETT */
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+/*
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ */
+static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
+{
+    int k = 1, i;
+    bigint *g2;
+
+    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
+    {
+        k <<= 1;
+    }
+
+    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, g1);
+    bi_permanent(ctx->g[0]);
+    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
+
+    for (i = 1; i < k; i++)
+    {
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
+        bi_permanent(ctx->g[i]);
+    }
+
+    bi_free(ctx, g2);
+    ctx->window = k;
+}
+#endif
+
+/**
+ * @brief Perform a modular exponentiation.
+ *
+ * This function requires bi_set_mod() to have been called previously. This is 
+ * one of the optimisations used for performance.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint on which to perform the mod power operation.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
+{
+    int i = find_max_exp_index(biexp), j, window_size = 1;
+    bigint *biR = int_to_bi(ctx, 1);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    uint8_t mod_offset = ctx->mod_offset;
+    if (!ctx->use_classical)
+    {
+        /* preconvert */
+        bi = bi_mont(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
+        bi_free(ctx, biR);
+        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
+    }
+#endif
+
+    check(bi);
+    check(biexp);
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+    for (j = i; j > 32; j /= 5) /* work out an optimum size */
+        window_size++;
+
+    /* work out the slide constants */
+    precompute_slide_window(ctx, window_size, bi);
+#else   /* just one constant */
+    ctx->g = (bigint **)malloc(sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, bi);
+    ctx->window = 1;
+    bi_permanent(ctx->g[0]);
+#endif
+
+    /* if sliding-window is off, then only one bit will be done at a time and
+     * will reduce to standard left-to-right exponentiation */
+    do
+    {
+        if (exp_bit_is_one(biexp, i))
+        {
+            int l = i-window_size+1;
+            int part_exp = 0;
+
+            if (l < 0)  /* LSB of exponent will always be 1 */
+                l = 0;
+            else
+            {
+                while (exp_bit_is_one(biexp, l) == 0)
+                    l++;    /* go back up */
+            }
+
+            /* build up the section of the exponent */
+            for (j = i; j >= l; j--)
+            {
+                biR = bi_residue(ctx, bi_square(ctx, biR));
+                if (exp_bit_is_one(biexp, j))
+                    part_exp++;
+
+                if (j != l)
+                    part_exp <<= 1;
+            }
+
+            part_exp = (part_exp-1)/2;  /* adjust for array */
+            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
+            i = l-1;
+        }
+        else    /* square it */
+        {
+            biR = bi_residue(ctx, bi_square(ctx, biR));
+            i--;
+        }
+    } while (i >= 0);
+     
+    /* cleanup */
+    for (i = 0; i < ctx->window; i++)
+    {
+        bi_depermanent(ctx->g[i]);
+        bi_free(ctx, ctx->g[i]);
+    }
+
+    free(ctx->g);
+    bi_free(ctx, bi);
+    bi_free(ctx, biexp);
+#if defined CONFIG_BIGINT_MONTGOMERY
+    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
+#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
+    return biR;
+#endif
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * @brief Perform a modular exponentiation using a temporary modulus.
+ *
+ * We need this function to check the signatures of certificates. The modulus
+ * of this function is temporary as it's just used for authentication.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param bim [in]  The temporary modulus.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
+{
+    bigint *biR, *tmp_biR;
+
+    /* Set up a temporary bigint context and transfer what we need between
+     * them. We need to do this since we want to keep the original modulus
+     * which is already in this context. This operation is only called when
+     * doing peer verification, and so is not expensive :-) */
+    BI_CTX *tmp_ctx = bi_initialize();
+    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
+    tmp_biR = bi_mod_power(tmp_ctx, 
+                bi_clone(tmp_ctx, bi), 
+                bi_clone(tmp_ctx, biexp));
+    biR = bi_clone(ctx, tmp_biR);
+    bi_free(tmp_ctx, tmp_biR);
+    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
+    bi_terminate(tmp_ctx);
+
+    bi_free(ctx, bi);
+    bi_free(ctx, bim);
+    bi_free(ctx, biexp);
+    return biR;
+}
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ *
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param dP [in] CRT's dP bigint
+ * @param dQ [in] CRT's dQ bigint
+ * @param p [in] CRT's p bigint
+ * @param q [in] CRT's q bigint
+ * @param qInv [in] CRT's qInv bigint
+ * @return The result of the CRT operation
+ */
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q, bigint *qInv)
+{
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, q, h));
+}
+#endif
+/** @} */
diff --git a/crypto/bigint.h b/crypto/bigint.h
new file mode 100644
index 0000000000..2966a3edb3
--- /dev/null
+++ b/crypto/bigint.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_HEADER
+#define BIGINT_HEADER
+
+#include "crypto.h"
+
+BI_CTX *bi_initialize(void);
+void bi_terminate(BI_CTX *ctx);
+void bi_permanent(bigint *bi);
+void bi_depermanent(bigint *bi);
+void bi_clear_cache(BI_CTX *ctx);
+void bi_free(BI_CTX *ctx, bigint *bi);
+bigint *bi_copy(bigint *bi);
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
+void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
+bigint *int_to_bi(BI_CTX *ctx, comp i);
+
+/* the functions that actually do something interesting */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
+        bigint *bib, int *is_negative);
+bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
+int bi_compare(bigint *bia, bigint *bib);
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
+void bi_free_mod(BI_CTX *ctx, int mod_offset);
+
+#ifdef CONFIG_SSL_FULL_MODE
+void bi_print(const char *label, bigint *bi);
+bigint *bi_str_import(BI_CTX *ctx, const char *data);
+#endif
+
+/**
+ * @def bi_mod
+ * Find the residue of B. bi_set_mod() must be called before hand.
+ */
+#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
+
+/**
+ * bi_residue() is technically the same as bi_mod(), but it uses the
+ * appropriate reduction technique (which is bi_mod() when doing classical
+ * reduction).
+ */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#elif defined(CONFIG_BIGINT_BARRETT)
+#define bi_residue(A, B)         bi_barrett(A, B)
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
+#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
+#define bi_residue(A, B)         bi_mod(A, B)
+#endif
+
+#ifdef CONFIG_BIGINT_SQUARE
+bigint *bi_square(BI_CTX *ctx, bigint *bi);
+#else
+#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q,
+        bigint *qInv);
+#endif
+
+#endif
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
new file mode 100644
index 0000000000..b70d32dd32
--- /dev/null
+++ b/crypto/bigint_impl.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_IMPL_HEADER
+#define BIGINT_IMPL_HEADER
+
+/* Maintain a number of precomputed variables when doing reduction */
+#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
+#ifdef CONFIG_BIGINT_CRT
+#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
+#define BIGINT_Q_OFFSET     2    /**< q module offset. */
+#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
+#else
+#define BIGINT_NUM_MODS     1    
+#endif
+
+/* Architecture specific functions for big ints */
+#if defined(CONFIG_INTEGER_8BIT)
+#define COMP_RADIX          256U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */
+typedef uint8_t comp;	        /**< A single precision component. */
+typedef uint16_t long_comp;     /**< A double precision component. */
+typedef int16_t slong_comp;     /**< A signed double precision component. */
+#elif defined(CONFIG_INTEGER_16BIT)
+#define COMP_RADIX          65536U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */
+typedef uint16_t comp;	        /**< A single precision component. */
+typedef uint32_t long_comp;     /**< A double precision component. */
+typedef int32_t slong_comp;     /**< A signed double precision component. */
+#else /* regular 32 bit */
+#ifdef WIN32
+#define COMP_RADIX          4294967296i64         
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
+#else
+#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
+#endif
+#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
+typedef uint32_t comp;	        /**< A single precision component. */
+typedef uint64_t long_comp;     /**< A double precision component. */
+typedef int64_t slong_comp;     /**< A signed double precision component. */
+#endif
+
+/**
+ * @struct  _bigint
+ * @brief A big integer basic object
+ */
+struct _bigint
+{
+    struct _bigint* next;       /**< The next bigint in the cache. */
+    short size;                 /**< The number of components in this bigint. */
+    short max_comps;            /**< The heapsize allocated for this bigint */
+    int refs;                   /**< An internal reference count. */
+    comp* comps;                /**< A ptr to the actual component data */
+};
+
+typedef struct _bigint bigint;  /**< An alias for _bigint */
+
+/**
+ * Maintains the state of the cache, and a number of variables used in 
+ * reduction.
+ */
+typedef struct /**< A big integer "session" context. */
+{
+    bigint *active_list;                    /**< Bigints currently used. */
+    bigint *free_list;                      /**< Bigints not used. */
+    bigint *bi_radix;                       /**< The radix used. */
+    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
+    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
+    comp N0_dash[BIGINT_NUM_MODS];
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
+#endif
+    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
+    bigint **g;                 /**< Used by sliding-window. */
+    int window;                 /**< The size of the sliding window */
+    int active_count;           /**< Number of active bigints. */
+    int free_count;             /**< Number of free bigints. */
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    uint8_t use_classical;      /**< Use classical reduction. */
+#endif
+    uint8_t mod_offset;         /**< The mod offset we are using */
+} BI_CTX;
+
+#define axtls_max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define axtls_min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
+
+#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
+
+#endif
diff --git a/crypto/crypto.h b/crypto/crypto.h
new file mode 100644
index 0000000000..da24d31c55
--- /dev/null
+++ b/crypto/crypto.h
@@ -0,0 +1,277 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bigint_impl.h"
+#include "bigint.h"
+
+#ifndef STDCALL
+#define STDCALL
+#endif
+#ifndef EXP_FUNC
+#define EXP_FUNC
+#endif
+
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[AES_IV_SIZE];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    uint8_t x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
+    uint32_t Length_Low;            /* Message length in bits */
+    uint32_t Length_High;           /* Message length in bits */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks */
+} SHA1_CTX;
+
+void SHA1_Init(SHA1_CTX *);
+void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1_Final(uint8_t *digest, SHA1_CTX *);
+
+/**************************************************************************
+ * SHA256 declarations 
+ **************************************************************************/
+
+#define SHA256_SIZE   32
+
+typedef struct
+{
+    uint32_t total[2];
+    uint32_t state[8];
+    uint8_t buffer[64];
+} SHA256_CTX;
+
+void SHA256_Init(SHA256_CTX *c);
+void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
+void SHA256_Final(uint8_t *digest, SHA256_CTX *);
+
+/**************************************************************************
+ * SHA512 declarations 
+ **************************************************************************/
+
+#define SHA512_SIZE   64
+
+typedef struct
+{
+    union
+    {
+        uint64_t h[8];
+        uint8_t digest[64];
+    } h_dig;
+    union
+    {
+        uint64_t w[80];
+        uint8_t buffer[128];
+    } w_buf;
+    size_t size;
+    uint64_t totalSize;
+} SHA512_CTX;
+
+void SHA512_Init(SHA512_CTX *c);
+void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len);
+void SHA512_Final(uint8_t *digest, SHA512_CTX *);
+
+/**************************************************************************
+ * SHA384 declarations 
+ **************************************************************************/
+
+#define SHA384_SIZE   48
+
+typedef SHA512_CTX SHA384_CTX;
+void SHA384_Init(SHA384_CTX *c);
+void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len);
+void SHA384_Final(uint8_t *digest, SHA384_CTX *);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * HMAC functions operating on vectors 
+ **************************************************************************/
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha256_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int out_len, int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(void);
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
new file mode 100644
index 0000000000..c7f086dadb
--- /dev/null
+++ b/crypto/crypto_misc.c
@@ -0,0 +1,385 @@
+/*
+ * Copyright (c) 2007-2015, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some misc. routines to help things out
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#include "wincrypt.h"
+#endif
+
+#ifdef ESP8266
+#define CONFIG_SSL_SKELETON_MODE 1
+uint32_t phy_get_rand();
+#endif
+
+#if defined(CONFIG_USE_DEV_URANDOM)
+static int rng_fd = -1;
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+static HCRYPTPROV gCryptProv;
+#endif
+
+#if (!defined(ESP8266) && !defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+/* change to processor registers as appropriate */
+#define ENTROPY_POOL_SIZE 32
+#define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)
+#define ENTROPY_COUNTER2 rand()
+static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
+#endif
+
+const char * const unsupported_str = "Error: Feature not supported\n";
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+/**
+ * Retrieve a file and put it into memory
+ * @return The size of the file, or -1 on failure.
+ */
+int get_file(const char *filename, uint8_t **buf)
+{
+    int total_bytes = 0;
+    int bytes_read = 0;
+    int filesize;
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
+#endif
+        return -1;
+    }
+
+    /* Win CE doesn't support stat() */
+    fseek(stream, 0, SEEK_END);
+    filesize = ftell(stream);
+    *buf = (uint8_t *)malloc(filesize);
+    fseek(stream, 0, SEEK_SET);
+
+    do
+    {
+        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
+        total_bytes += bytes_read;
+    } while (total_bytes < filesize && bytes_read > 0);
+
+    fclose(stream);
+    return filesize;
+}
+#endif
+
+/**
+ * Initialise the Random Number Generator engine.
+ * - On Win32 use the platform SDK's crypto engine.
+ * - On Linux use /dev/urandom
+ * - If none of these work then use a custom RNG.
+ */
+EXP_FUNC void STDCALL RNG_initialize()
+{
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    rng_fd = open("/dev/urandom", O_RDONLY);
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    if (!CryptAcquireContext(&gCryptProv,
+                      NULL, NULL, PROV_RSA_FULL, 0))
+    {
+        if (GetLastError() == NTE_BAD_KEYSET &&
+                !CryptAcquireContext(&gCryptProv,
+                       NULL,
+                       NULL,
+                       PROV_RSA_FULL,
+                       CRYPT_NEWKEYSET))
+        {
+            printf("CryptoLib: %x\n", unsupported_str, GetLastError());
+            exit(1);
+        }
+    }
+#elif defined(ESP8266)
+#else
+    /* start of with a stack to copy across */
+    int i;
+    memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
+    rand_r((unsigned int *)entropy_pool); 
+#endif
+}
+
+/**
+ * If no /dev/urandom, then initialise the RNG with something interesting.
+ */
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
+{
+#if defined(WIN32) || defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    int i;
+
+    for (i = 0; i < ENTROPY_POOL_SIZE && i < size; i++)
+        entropy_pool[i] ^= seed_buf[i];
+#endif
+}
+
+/**
+ * Terminate the RNG engine.
+ */
+EXP_FUNC void STDCALL RNG_terminate(void)
+{
+#if defined(CONFIG_USE_DEV_URANDOM)
+    close(rng_fd);
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    CryptReleaseContext(gCryptProv, 0);
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes can be 0
+ */
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
+{   
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    /* use the Linux default - read from /dev/urandom */
+    if (read(rng_fd, rand_data, num_rand_bytes) < 0) 
+        return -1;
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    /* use Microsoft Crypto Libraries */
+    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#elif defined(ESP8266)
+    for (size_t cb = 0; cb < num_rand_bytes; cb += 4) {
+        uint32_t r = phy_get_rand();
+        size_t left = num_rand_bytes - cb;
+        left = (left < 4) ? left : 4;
+        memcpy(rand_data + cb, &r, left);
+    }
+#else   /* nothing else to use, so use a custom RNG */
+    /* The method we use when we've got nothing better. Use RC4, time
+       and a couple of random seeds to generate a random sequence */
+    AES_CTX rng_ctx;
+    struct timeval tv;
+    MD5_CTX rng_digest_ctx;
+    uint8_t digest[MD5_SIZE];
+    uint64_t *ep;
+    int i;
+
+    /* A proper implementation would use counters etc for entropy */
+    gettimeofday(&tv, NULL);
+    ep = (uint64_t *)entropy_pool;
+    ep[0] ^= ENTROPY_COUNTER1;
+    ep[1] ^= ENTROPY_COUNTER2;
+
+    /* use a digested version of the entropy pool as a key */
+    MD5_Init(&rng_digest_ctx);
+    MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
+    MD5_Final(digest, &rng_digest_ctx);
+
+    /* come up with the random sequence */
+    AES_set_key(&rng_ctx, digest, (const uint8_t *)ep, AES_MODE_128); /* use as a key */
+    memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
+				num_rand_bytes : ENTROPY_POOL_SIZE);
+    AES_cbc_encrypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+
+    /* move things along */
+    for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
+        entropy_pool[i] = entropy_pool[i-MD5_SIZE];
+
+    /* insert the digest at the start of the entropy pool */
+    memcpy(entropy_pool, digest, MD5_SIZE);
+#endif
+    return 0;
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes are not zero.
+ */
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+{
+    int i;
+    if (get_random(num_rand_bytes, rand_data))
+        return -1;
+
+    for (i = 0; i < num_rand_bytes; i++)
+    {
+        while (rand_data[i] == 0)  {
+            get_random(1, rand_data + i);
+        }
+    }
+
+    return 0;
+}
+
+/**
+ * Some useful diagnostic routines
+ */
+#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
+int hex_finish;
+int hex_index;
+
+static void print_hex_init(int finish)
+{
+    hex_finish = finish;
+    hex_index = 0;
+}
+
+static void print_hex(uint8_t hex)
+{
+    static int column;
+
+    if (hex_index == 0)
+    {
+        column = 0;
+    }
+
+    printf("%02x ", hex);
+    if (++column == 8)
+    {
+        printf(": ");
+    }
+    else if (column >= 16)
+    {
+        printf("\n");
+        column = 0;
+    }
+
+    if (++hex_index >= hex_finish && column > 0)
+    {
+        printf("\n");
+    }
+}
+
+/**
+ * Spit out a blob of data for diagnostics. The data is is a nice column format
+ * for easy reading.
+ *
+ * @param format   [in]    The string (with possible embedded format characters)
+ * @param size     [in]    The number of numbers to print
+ * @param data     [in]    The start of data to use
+ * @param ...      [in]    Any additional arguments
+ */
+EXP_FUNC void STDCALL print_blob(const char *format,
+        const uint8_t *data, int size, ...)
+{
+    int i;
+    char tmp[80];
+    va_list(ap);
+
+    va_start(ap, size);
+    snprintf(tmp, sizeof(tmp), "SSL: %s\n", format);
+    vprintf(tmp, ap);
+    print_hex_init(size);
+    for (i = 0; i < size; i++)
+    {
+        print_hex(data[i]);
+    }
+
+    va_end(ap);
+    TTY_FLUSH();
+}
+#elif defined(WIN32)
+/* VC6.0 doesn't handle variadic macros */
+EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
+        int size, ...) {}
+#endif
+
+#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+/* base64 to binary lookup table */
+static const uint8_t map[128] PROGMEM =
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+EXP_FUNC int STDCALL base64_decode(const char *in, int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++)
+    {
+        if ((c = ax_array_read_u8(map, in[x]&0x7F)) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0)
+                goto error;
+        }
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4)
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1)
+                out[z++] = (uint8_t)((t>>8)&255);
+
+            if (g > 2)
+                out[z++] = (uint8_t)(t&255);
+
+            y = t = 0;
+        }
+
+        /* check that we don't go past the output buffer */
+        if (z > *outlen)
+            goto error;
+    }
+
+    if (y != 0)
+        goto error;
+
+    *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+        printf("Error: Invalid base64\n"); TTY_FLUSH();
+#endif
+    TTY_FLUSH();
+    return ret;
+
+}
+#endif
diff --git a/crypto/hmac.c b/crypto/hmac.c
new file mode 100644
index 0000000000..a0ae84ccf8
--- /dev/null
+++ b/crypto/hmac.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * HMAC implementation - This code was originally taken from RFC2104
+ * See http://www.ietf.org/rfc/rfc2104.txt and
+ * http://www.faqs.org/rfcs/rfc2202.html
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/**
+ * Perform HMAC-MD5
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_md5_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    MD5_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5_Init(&context);
+    MD5_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        MD5_Update(&context, msg[i], length[i]);
+    }
+    MD5_Final(digest, &context);
+    MD5_Init(&context);
+    MD5_Update(&context, k_opad, 64);
+    MD5_Update(&context, digest, MD5_SIZE);
+    MD5_Final(digest, &context);
+}
+
+/**
+ * Perform HMAC-SHA1
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_sha1_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha1_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA1_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA1_Update(&context, msg[i], length[i]);
+    }
+    SHA1_Final(digest, &context);
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_opad, 64);
+    SHA1_Update(&context, digest, SHA1_SIZE);
+    SHA1_Final(digest, &context);
+}
+
+/**
+ * Perform HMAC-SHA256
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_sha256_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha256_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA256_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA256_Update(&context, msg[i], length[i]);
+    }
+    SHA256_Final(digest, &context);
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_opad, 64);
+    SHA256_Update(&context, digest, SHA256_SIZE);
+    SHA256_Final(digest, &context);
+}
+
diff --git a/crypto/md5.c b/crypto/md5.c
new file mode 100644
index 0000000000..1a8786f473
--- /dev/null
+++ b/crypto/md5.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * This file implements the MD5 algorithm as defined in RFC1321
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+/* ----- static functions ----- */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
+
+static const uint8_t PADDING[64] PROGMEM = 
+{
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.  */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.  */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/**
+ * MD5 initialization - begins an MD5 operation, writing a new ctx.
+ */
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
+{
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Load magic initialization constants.
+     */
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xefcdab89;
+    ctx->state[2] = 0x98badcfe;
+    ctx->state[3] = 0x10325476;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t x;
+    int i, partLen;
+
+    /* Compute number of bytes mod 64 */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
+
+    /* Update number of bits */
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
+        ctx->count[1]++;
+    ctx->count[1] += ((uint32_t)len >> 29);
+
+    partLen = 64 - x;
+
+    /* Transform as many times as possible.  */
+    if (len >= partLen) 
+    {
+        memcpy(&ctx->buffer[x], msg, partLen);
+        MD5Transform(ctx->state, ctx->buffer);
+
+        for (i = partLen; i + 63 < len; i += 64)
+            MD5Transform(ctx->state, &msg[i]);
+
+        x = 0;
+    }
+    else
+        i = 0;
+
+    /* Buffer remaining input */
+    memcpy(&ctx->buffer[x], &msg[i], len-i);
+}
+
+/**
+ * Return the 128-bit message digest into the user's array
+ */
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
+{
+    uint8_t bits[8];
+    uint32_t x, padLen;
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t PADDING_stack[64];
+    memcpy(PADDING_stack, PADDING, 64);
+#endif
+    /* Save number of bits */
+    Encode(bits, ctx->count, 8);
+
+    /* Pad out to 56 mod 64.
+     */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+    padLen = (x < 56) ? (56 - x) : (120 - x);
+#ifdef WITH_PGM_READ_HELPER
+    MD5_Update(ctx, PADDING_stack, padLen);
+#else
+    MD5_Update(ctx, PADDING, padLen);
+#endif
+
+    /* Append length (before padding) */
+    MD5_Update(ctx, bits, 8);
+
+    /* Store state in digest */
+    Encode(digest, ctx->state, MD5_SIZE);
+}
+
+/**
+ * MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+{
+    uint32_t a = state[0], b = state[1], c = state[2], 
+             d = state[3], x[MD5_SIZE];
+
+    Decode(x, block, 64);
+
+    /* Round 1 */
+    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+    /* Round 2 */
+    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+    /* Round 3 */
+    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+    /* Round 4 */
+    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+}
+
+/**
+ * Encodes input (uint32_t) into output (uint8_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4) 
+    {
+        output[j] = (uint8_t)(input[i] & 0xff);
+        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+    }
+}
+
+/**
+ *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4)
+        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+}
diff --git a/crypto/os_int.h b/crypto/os_int.h
new file mode 100644
index 0000000000..02e7d2d546
--- /dev/null
+++ b/crypto/os_int.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2012-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_int.h
+ *
+ * Ensure a consistent bit size 
+ */
+
+#ifndef HEADER_OS_INT_H
+#define HEADER_OS_INT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* some bool types - just make life easier */
+typedef char bool;
+#define false       0
+#define true        1
+
+#if defined(WIN32)
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
+#else   /* Not Win32 */
+
+#ifdef CONFIG_PLATFORM_SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#endif /* Not Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/rc4.c b/crypto/rc4.c
new file mode 100644
index 0000000000..edfb27a575
--- /dev/null
+++ b/crypto/rc4.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * An implementation of the RC4/ARC4 algorithm.
+ * Originally written by Christophe Devine.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* only used for PKCS12 now */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+/**
+ * Get ready for an encrypt/decrypt operation
+ */
+void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
+{
+    int i, j = 0, k = 0, a;
+    uint8_t *m;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for (i = 0; i < 256; i++)
+        m[i] = i;
+
+    for (i = 0; i < 256; i++)
+    {
+        a = m[i];
+        j = (uint8_t)(j + a + key[k]);
+        m[i] = m[j]; 
+        m[j] = a;
+
+        if (++k >= length) 
+            k = 0;
+    }
+}
+
+/**
+ * Perform the encrypt/decrypt operation (can use it for either since
+ * this is a stream cipher).
+ * NOTE: *msg and *out must be the same pointer (performance tweak)
+ */
+void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{ 
+    int i;
+    uint8_t *m, x, y, a, b;
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for (i = 0; i < length; i++)
+    {
+        a = m[++x];
+        y += a;
+        m[x] = b = m[y];
+        m[y] = a;
+        out[i] ^= m[(uint8_t)(a + b)];
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+}
+
+#endif
diff --git a/crypto/rsa.c b/crypto/rsa.c
new file mode 100644
index 0000000000..ab74b4d3be
--- /dev/null
+++ b/crypto/rsa.c
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Implements the RSA public encryption algorithm. Uses the bigint library to
+ * perform its calculations.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "crypto.h"
+
+void RSA_priv_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#if CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+    )
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
+    rsa_ctx = *ctx;
+    bi_ctx = rsa_ctx->bi_ctx;
+    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
+    bi_permanent(rsa_ctx->d);
+
+#ifdef CONFIG_BIGINT_CRT
+    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
+    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
+    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
+    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
+    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
+    bi_permanent(rsa_ctx->dP);
+    bi_permanent(rsa_ctx->dQ);
+    bi_permanent(rsa_ctx->qInv);
+    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
+    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
+#endif
+}
+
+void RSA_pub_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len)
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+
+    if (*ctx)   /* if we load multiple certs, dump the old one */
+        RSA_free(*ctx);
+
+    bi_ctx = bi_initialize();
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
+    rsa_ctx = *ctx;
+    rsa_ctx->bi_ctx = bi_ctx;
+    rsa_ctx->num_octets = mod_len;
+    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
+    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
+    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
+    bi_permanent(rsa_ctx->e);
+}
+
+/**
+ * Free up any RSA context resources.
+ */
+void RSA_free(RSA_CTX *rsa_ctx)
+{
+    BI_CTX *bi_ctx;
+    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
+        return;
+
+    bi_ctx = rsa_ctx->bi_ctx;
+
+    bi_depermanent(rsa_ctx->e);
+    bi_free(bi_ctx, rsa_ctx->e);
+    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
+
+    if (rsa_ctx->d)
+    {
+        bi_depermanent(rsa_ctx->d);
+        bi_free(bi_ctx, rsa_ctx->d);
+#ifdef CONFIG_BIGINT_CRT
+        bi_depermanent(rsa_ctx->dP);
+        bi_depermanent(rsa_ctx->dQ);
+        bi_depermanent(rsa_ctx->qInv);
+        bi_free(bi_ctx, rsa_ctx->dP);
+        bi_free(bi_ctx, rsa_ctx->dQ);
+        bi_free(bi_ctx, rsa_ctx->qInv);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
+#endif
+    }
+
+    bi_terminate(bi_ctx);
+    free(rsa_ctx);
+}
+
+/**
+ * @brief Use PKCS1.5 for decryption/verification.
+ * @param ctx [in] The context
+ * @param in_data [in] The data to decrypt (must be < modulus size-11)
+ * @param out_data [out] The decrypted data.
+ * @param out_len [int] The size of the decrypted buffer in bytes
+ * @param is_decryption [in] Decryption or verify operation.
+ * @return  The number of bytes that were originally encrypted. -1 on error.
+ * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
+                            uint8_t *out_data, int out_len, int is_decryption)
+{
+    const int byte_size = ctx->num_octets;
+    int i = 0, size = -1;
+    bigint *decrypted_bi, *dat_bi;
+    uint8_t *block = NULL;
+    int pad_count = 0;
+
+    do
+    {
+    if (out_len < byte_size)        /* check output has enough size */
+       break;
+
+    block = (uint8_t *)malloc(byte_size);
+    if (!block)
+       break;
+
+    memset(out_data, 0, out_len);   /* initialise */
+
+    /* decrypt */
+    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    decrypted_bi = is_decryption ?  /* decrypt or verify? */
+            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+#else   /* always a decryption */
+    decrypted_bi = RSA_private(ctx, dat_bi);
+#endif
+
+    /* convert to a normal block */
+    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
+
+    if (block[i++] != 0)             /* leading 0? */
+        break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
+    {
+        if (block[i++] != 0x01)     /* BT correct? */
+            break;
+
+        while (block[i++] == 0xff && i < byte_size)
+            pad_count++;
+    }
+    else                    /* PKCS1.5 encryption padding is random */
+#endif
+    {
+        if (block[i++] != 0x02)     /* BT correct? */
+            break;
+
+        while (block[i++] && i < byte_size)
+            pad_count++;
+    }
+
+    /* check separator byte 0x00 - and padding must be 8 or more bytes */
+    if (i == byte_size || pad_count < 8) 
+        break;
+
+    size = byte_size - i;
+
+    /* get only the bit we want */
+    memcpy(out_data, &block[i], size);
+    } while(false);
+
+    if(block)
+       free(block);
+
+    return size;
+}
+
+/**
+ * Performs m = c^d mod n
+ */
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
+{
+#ifdef CONFIG_BIGINT_CRT
+    return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
+#else
+    BI_CTX *ctx = c->bi_ctx;
+    ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(ctx, bi_msg, c->d);
+#endif
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Used for diagnostics.
+ */
+void RSA_print(const RSA_CTX *rsa_ctx) 
+{
+    if (rsa_ctx == NULL)
+        return;
+
+    printf("-----------------   RSA DEBUG   ----------------\n");
+    printf("Size:\t%d\n", rsa_ctx->num_octets);
+    bi_print("Modulus", rsa_ctx->m);
+    bi_print("Public Key", rsa_ctx->e);
+    bi_print("Private Key", rsa_ctx->d);
+}
+#endif
+
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+/**
+ * Performs c = m^e mod n
+ */
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
+{
+    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
+}
+
+/**
+ * Use PKCS1.5 for encryption/signing.
+ * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing)
+{
+    int byte_size = ctx->num_octets;
+    int num_pads_needed = byte_size-in_len-3;
+    bigint *dat_bi, *encrypt_bi;
+
+    /* note: in_len+11 must be > byte_size */
+    out_data[0] = 0;     /* ensure encryption block is < modulus */
+
+    if (is_signing)
+    {
+        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
+        memset(&out_data[2], 0xff, num_pads_needed);
+    }
+    else /* randomize the encryption padding with non-zero bytes */   
+    {
+        out_data[1] = 2;
+        if (get_random_NZ(num_pads_needed, &out_data[2]) < 0)
+            return -1;
+    }
+
+    out_data[2+num_pads_needed] = 0;
+    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
+
+    /* now encrypt it */
+    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
+    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
+                              RSA_public(ctx, dat_bi);
+    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx->bi_ctx);
+    return byte_size;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/crypto/sha1.c b/crypto/sha1.c
new file mode 100644
index 0000000000..1082733e7e
--- /dev/null
+++ b/crypto/sha1.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
+ * This code was originally taken from RFC3174
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/*
+ *  Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* ----- static functions ----- */
+static void SHA1PadMessage(SHA1_CTX *ctx);
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
+
+/**
+ * Initialize the SHA1 context 
+ */
+void SHA1_Init(SHA1_CTX *ctx)
+{
+    ctx->Length_Low             = 0;
+    ctx->Length_High            = 0;
+    ctx->Message_Block_Index    = 0;
+    ctx->Intermediate_Hash[0]   = 0x67452301;
+    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
+    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
+    ctx->Intermediate_Hash[3]   = 0x10325476;
+    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+{
+    while (len--)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
+        ctx->Length_Low += 8;
+
+        if (ctx->Length_Low == 0)
+            ctx->Length_High++;
+
+        if (ctx->Message_Block_Index == 64)
+            SHA1ProcessMessageBlock(ctx);
+
+        msg++;
+    }
+}
+
+/**
+ * Return the 160-bit message digest into the user's array
+ */
+void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
+{
+    int i;
+
+    SHA1PadMessage(ctx);
+    memset(ctx->Message_Block, 0, 64);
+    ctx->Length_Low = 0;    /* and clear length */
+    ctx->Length_High = 0;
+
+    for  (i = 0; i < SHA1_SIZE; i++)
+    {
+        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
+    }
+}
+
+/**
+ * Process the next 512 bits of the message stored in the array.
+ */
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
+{
+    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
+                            0x5A827999,
+                            0x6ED9EBA1,
+                            0x8F1BBCDC,
+                            0xCA62C1D6
+                            };
+    int        t;                 /* Loop counter                */
+    uint32_t      temp;              /* Temporary word value        */
+    uint32_t      W[80];             /* Word sequence               */
+    uint32_t      A, B, C, D, E;     /* Word buffers                */
+
+    /*
+     *  Initialize the first 16 words in the array W
+     */
+    for  (t = 0; t < 16; t++)
+    {
+        W[t] = ctx->Message_Block[t * 4] << 24;
+        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
+        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
+        W[t] |= ctx->Message_Block[t * 4 + 3];
+    }
+
+    for (t = 16; t < 80; t++)
+    {
+       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->Intermediate_Hash[0];
+    B = ctx->Intermediate_Hash[1];
+    C = ctx->Intermediate_Hash[2];
+    D = ctx->Intermediate_Hash[3];
+    E = ctx->Intermediate_Hash[4];
+
+    for (t = 0; t < 20; t++)
+    {
+        temp =  SHA1CircularShift(5,A) +
+                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+
+        B = A;
+        A = temp;
+    }
+
+    for (t = 20; t < 40; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 40; t < 60; t++)
+    {
+        temp = SHA1CircularShift(5,A) +
+               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 60; t < 80; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    ctx->Intermediate_Hash[0] += A;
+    ctx->Intermediate_Hash[1] += B;
+    ctx->Intermediate_Hash[2] += C;
+    ctx->Intermediate_Hash[3] += D;
+    ctx->Intermediate_Hash[4] += E;
+    ctx->Message_Block_Index = 0;
+}
+
+/*
+ * According to the standard, the message must be padded to an even
+ * 512 bits.  The first padding bit must be a '1'.  The last 64
+ * bits represent the length of the original message.  All bits in
+ * between should be 0.  This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly.  It will also call the ProcessMessageBlock function
+ * provided appropriately.  When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * @param ctx [in, out] The SHA1 context
+ */
+static void SHA1PadMessage(SHA1_CTX *ctx)
+{
+    /*
+     *  Check to see if the current message block is too small to hold
+     *  the initial padding bits and length.  If so, we will pad the
+     *  block, process it, and then continue padding into a second
+     *  block.
+     */
+    if (ctx->Message_Block_Index > 55)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 64)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+
+        SHA1ProcessMessageBlock(ctx);
+
+        while (ctx->Message_Block_Index < 56)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+    else
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 56)
+        {
+
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+
+    /*
+     *  Store the message length as the last 8 octets
+     */
+    ctx->Message_Block[56] = ctx->Length_High >> 24;
+    ctx->Message_Block[57] = ctx->Length_High >> 16;
+    ctx->Message_Block[58] = ctx->Length_High >> 8;
+    ctx->Message_Block[59] = ctx->Length_High;
+    ctx->Message_Block[60] = ctx->Length_Low >> 24;
+    ctx->Message_Block[61] = ctx->Length_Low >> 16;
+    ctx->Message_Block[62] = ctx->Length_Low >> 8;
+    ctx->Message_Block[63] = ctx->Length_Low;
+    SHA1ProcessMessageBlock(ctx);
+}
diff --git a/crypto/sha256.c b/crypto/sha256.c
new file mode 100644
index 0000000000..ba1ac95fe4
--- /dev/null
+++ b/crypto/sha256.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+#define GET_UINT32(n,b,i)                       \
+{                                               \
+    (n) = ((uint32_t) (b)[(i)    ] << 24)       \
+        | ((uint32_t) (b)[(i) + 1] << 16)       \
+        | ((uint32_t) (b)[(i) + 2] <<  8)       \
+        | ((uint32_t) (b)[(i) + 3]      );      \
+}
+
+#define PUT_UINT32(n,b,i)                       \
+{                                               \
+    (b)[(i)    ] = (uint8_t) ((n) >> 24);       \
+    (b)[(i) + 1] = (uint8_t) ((n) >> 16);       \
+    (b)[(i) + 2] = (uint8_t) ((n) >>  8);       \
+    (b)[(i) + 3] = (uint8_t) ((n)      );       \
+}
+
+static const uint8_t sha256_padding[64] PROGMEM =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/**
+ * Initialize the SHA256 context 
+ */
+void SHA256_Init(SHA256_CTX *ctx)
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x6A09E667;
+    ctx->state[1] = 0xBB67AE85;
+    ctx->state[2] = 0x3C6EF372;
+    ctx->state[3] = 0xA54FF53A;
+    ctx->state[4] = 0x510E527F;
+    ctx->state[5] = 0x9B05688C;
+    ctx->state[6] = 0x1F83D9AB;
+    ctx->state[7] = 0x5BE0CD19;
+}
+
+static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
+{
+    uint32_t temp1, temp2, W[64];
+    uint32_t A, B, C, D, E, F, G, H;
+
+    GET_UINT32(W[0],  digest,  0);
+    GET_UINT32(W[1],  digest,  4);
+    GET_UINT32(W[2],  digest,  8);
+    GET_UINT32(W[3],  digest, 12);
+    GET_UINT32(W[4],  digest, 16);
+    GET_UINT32(W[5],  digest, 20);
+    GET_UINT32(W[6],  digest, 24);
+    GET_UINT32(W[7],  digest, 28);
+    GET_UINT32(W[8],  digest, 32);
+    GET_UINT32(W[9],  digest, 36);
+    GET_UINT32(W[10], digest, 40);
+    GET_UINT32(W[11], digest, 44);
+    GET_UINT32(W[12], digest, 48);
+    GET_UINT32(W[13], digest, 52);
+    GET_UINT32(W[14], digest, 56);
+    GET_UINT32(W[15], digest, 60);
+
+#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+
+#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
+#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
+
+#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define R(t)                                    \
+(                                              \
+    W[t] = S1(W[t -  2]) + W[t -  7] +          \
+           S0(W[t - 15]) + W[t - 16]            \
+)
+
+#define P(a,b,c,d,e,f,g,h,x,K)                  \
+{                                               \
+    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
+    temp2 = S2(a) + F0(a,b,c);                  \
+    d += temp1; h = temp1 + temp2;              \
+}
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+    F = ctx->state[5];
+    G = ctx->state[6];
+    H = ctx->state[7];
+
+    P(A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
+    P(H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
+    P(G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
+    P(F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
+    P(E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
+    P(D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
+    P(C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
+    P(B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
+    P(A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
+    P(H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
+    P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
+    P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
+    P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
+    P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
+    P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
+    P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
+    P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
+    P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
+    P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
+    P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
+    P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
+    P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
+    P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
+    P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
+    P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
+    P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
+    P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
+    P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
+    P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
+    P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
+    P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
+    P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
+    P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
+    P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
+    P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
+    P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
+    P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
+    P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
+    P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
+    P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
+    P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
+    P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
+    P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
+    P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
+    P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
+    P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
+    P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
+    P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
+    P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
+    P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
+    P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
+    P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
+    P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
+    P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
+    P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
+    P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
+    P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
+    P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
+    P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
+    P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
+    P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
+    P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
+    P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
+    P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+    ctx->state[5] += F;
+    ctx->state[6] += G;
+    ctx->state[7] += H;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA256_Update(SHA256_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t left = ctx->total[0] & 0x3F;
+    uint32_t fill = 64 - left;
+
+    ctx->total[0] += len;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if (ctx->total[0] < len)
+        ctx->total[1]++;
+
+    if (left && len >= fill)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *)msg, fill);
+        SHA256_Process(ctx->buffer, ctx);
+        len -= fill;
+        msg  += fill;
+        left = 0;
+    }
+
+    while (len >= 64)
+    {
+        SHA256_Process(msg, ctx);
+        len -= 64;
+        msg  += 64;
+    }
+
+    if (len)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *) msg, len);
+    }
+}
+
+/**
+ * Return the 256-bit message digest into the user's array
+ */
+void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    uint8_t msglen[8];
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t sha256_padding_ram[64];
+    memcpy(sha256_padding_ram, sha256_padding, 64);
+#endif
+
+    high = (ctx->total[0] >> 29)
+         | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
+
+    PUT_UINT32(high, msglen, 0);
+    PUT_UINT32(low,  msglen, 4);
+
+    last = ctx->total[0] & 0x3F;
+    padn = (last < 56) ? (56 - last) : (120 - last);
+#ifdef WITH_PGM_READ_HELPER
+    SHA256_Update(ctx, sha256_padding_ram, padn);
+#else
+    SHA256_Update(ctx, sha256_padding, padn);
+#endif
+    SHA256_Update(ctx, msglen, 8);
+
+    PUT_UINT32(ctx->state[0], digest,  0);
+    PUT_UINT32(ctx->state[1], digest,  4);
+    PUT_UINT32(ctx->state[2], digest,  8);
+    PUT_UINT32(ctx->state[3], digest, 12);
+    PUT_UINT32(ctx->state[4], digest, 16);
+    PUT_UINT32(ctx->state[5], digest, 20);
+    PUT_UINT32(ctx->state[6], digest, 24);
+    PUT_UINT32(ctx->state[7], digest, 28);
+}
diff --git a/crypto/sha384.c b/crypto/sha384.c
new file mode 100644
index 0000000000..f1071be93b
--- /dev/null
+++ b/crypto/sha384.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+ 
+/**
+* Initialize the SHA384 context 
+*/
+ void SHA384_Init(SHA384_CTX *ctx)
+ {
+    //Set initial hash value
+    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8LL;
+    ctx->h_dig.h[1] = 0x629A292A367CD507LL;
+    ctx->h_dig.h[2] = 0x9159015A3070DD17LL;
+    ctx->h_dig.h[3] = 0x152FECD8F70E5939LL;
+    ctx->h_dig.h[4] = 0x67332667FFC00B31LL;
+    ctx->h_dig.h[5] = 0x8EB44A8768581511LL;
+    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7LL;
+    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4LL;
+ 
+    // Number of bytes in the buffer
+    ctx->size = 0;
+    // Total length of the message
+    ctx->totalSize = 0;
+ }
+ 
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Update(ctx, msg, len);
+}
+ 
+/**
+* Return the 384-bit message digest into the user's array
+*/
+void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Final(NULL, ctx);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+        memcpy(digest, ctx->h_dig.digest, SHA384_SIZE);
+}
+ 
diff --git a/crypto/sha512.c b/crypto/sha512.c
new file mode 100644
index 0000000000..b24a28ee02
--- /dev/null
+++ b/crypto/sha512.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+ 
+#define SHR64(a, n) ((a) >> (n))
+#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n))))
+#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39))
+#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41))
+#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7))
+#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
+#define MIN(x, y) ((x) < (y) ? x : y)
+ 
+static const uint8_t padding[128] PROGMEM =
+{
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+ 
+static const uint64_t k[80] PROGMEM =
+{
+    0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL,
+    0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL,
+    0xD807AA98A3030242LL, 0x12835B0145706FBELL, 0x243185BE4EE4B28CLL, 0x550C7DC3D5FFB4E2LL,
+    0x72BE5D74F27B896FLL, 0x80DEB1FE3B1696B1LL, 0x9BDC06A725C71235LL, 0xC19BF174CF692694LL,
+    0xE49B69C19EF14AD2LL, 0xEFBE4786384F25E3LL, 0x0FC19DC68B8CD5B5LL, 0x240CA1CC77AC9C65LL,
+    0x2DE92C6F592B0275LL, 0x4A7484AA6EA6E483LL, 0x5CB0A9DCBD41FBD4LL, 0x76F988DA831153B5LL,
+    0x983E5152EE66DFABLL, 0xA831C66D2DB43210LL, 0xB00327C898FB213FLL, 0xBF597FC7BEEF0EE4LL,
+    0xC6E00BF33DA88FC2LL, 0xD5A79147930AA725LL, 0x06CA6351E003826FLL, 0x142929670A0E6E70LL,
+    0x27B70A8546D22FFCLL, 0x2E1B21385C26C926LL, 0x4D2C6DFC5AC42AEDLL, 0x53380D139D95B3DFLL,
+    0x650A73548BAF63DELL, 0x766A0ABB3C77B2A8LL, 0x81C2C92E47EDAEE6LL, 0x92722C851482353BLL,
+    0xA2BFE8A14CF10364LL, 0xA81A664BBC423001LL, 0xC24B8B70D0F89791LL, 0xC76C51A30654BE30LL,
+    0xD192E819D6EF5218LL, 0xD69906245565A910LL, 0xF40E35855771202ALL, 0x106AA07032BBD1B8LL,
+    0x19A4C116B8D2D0C8LL, 0x1E376C085141AB53LL, 0x2748774CDF8EEB99LL, 0x34B0BCB5E19B48A8LL,
+    0x391C0CB3C5C95A63LL, 0x4ED8AA4AE3418ACBLL, 0x5B9CCA4F7763E373LL, 0x682E6FF3D6B2B8A3LL,
+    0x748F82EE5DEFB2FCLL, 0x78A5636F43172F60LL, 0x84C87814A1F0AB72LL, 0x8CC702081A6439ECLL,
+    0x90BEFFFA23631E28LL, 0xA4506CEBDE82BDE9LL, 0xBEF9A3F7B2C67915LL, 0xC67178F2E372532BLL,
+    0xCA273ECEEA26619CLL, 0xD186B8C721C0C207LL, 0xEADA7DD6CDE0EB1ELL, 0xF57D4F7FEE6ED178LL,
+    0x06F067AA72176FBALL, 0x0A637DC5A2C898A6LL, 0x113F9804BEF90DAELL, 0x1B710B35131C471BLL,
+    0x28DB77F523047D84LL, 0x32CAAB7B40C72493LL, 0x3C9EBE0A15C9BEBCLL, 0x431D67C49C100D4CLL,
+    0x4CC5D4BECB3E42B6LL, 0x597F299CFC657E2ALL, 0x5FCB6FAB3AD6FAECLL, 0x6C44198C4A475817LL
+};
+ 
+/**
+* Initialize the SHA512 context
+*/
+void SHA512_Init(SHA512_CTX *ctx)
+{
+    ctx->h_dig.h[0] = 0x6A09E667F3BCC908LL;
+    ctx->h_dig.h[1] = 0xBB67AE8584CAA73BLL;
+    ctx->h_dig.h[2] = 0x3C6EF372FE94F82BLL;
+    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1LL;
+    ctx->h_dig.h[4] = 0x510E527FADE682D1LL;
+    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1FLL;
+    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6BLL;
+    ctx->h_dig.h[7] = 0x5BE0CD19137E2179LL;
+    ctx->size = 0;
+    ctx->totalSize = 0;
+}
+ 
+static void SHA512_Process(SHA512_CTX *ctx)
+{
+    int t;
+    uint64_t temp1;
+    uint64_t temp2;
+ 
+    // Initialize the 8 working registers
+    uint64_t a = ctx->h_dig.h[0];
+    uint64_t b = ctx->h_dig.h[1];
+    uint64_t c = ctx->h_dig.h[2];
+    uint64_t d = ctx->h_dig.h[3];
+    uint64_t e = ctx->h_dig.h[4];
+    uint64_t f = ctx->h_dig.h[5];
+    uint64_t g = ctx->h_dig.h[6];
+    uint64_t h = ctx->h_dig.h[7];
+ 
+    // Process message in 16-word blocks
+    uint64_t *w = ctx->w_buf.w;
+ 
+    // Convert from big-endian byte order to host byte order
+    for (t = 0; t < 16; t++)
+       w[t] = be64toh(w[t]);
+
+    // Prepare the message schedule
+    for (t = 16; t < 80; t++)
+       w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
+ 
+    // SHA-512 hash computation
+    for (t = 0; t < 80; t++)
+    {
+       // Calculate T1 and T2
+       temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
+       temp2 = SIGMA1(a) + MAJ(a, b, c);
+ 
+       // Update the working registers
+       h = g;
+       g = f;
+       f = e;
+       e = d + temp1;
+       d = c;
+       c = b;
+       b = a;
+       a = temp1 + temp2;
+    }
+ 
+    // Update the hash value
+    ctx->h_dig.h[0] += a;
+    ctx->h_dig.h[1] += b;
+    ctx->h_dig.h[2] += c;
+    ctx->h_dig.h[3] += d;
+    ctx->h_dig.h[4] += e;
+    ctx->h_dig.h[5] += f;
+    ctx->h_dig.h[6] += g;
+    ctx->h_dig.h[7] += h;
+ }
+
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
+{
+    // Process the incoming data
+    while (len > 0)
+    {
+        // The buffer can hold at most 128 bytes
+        size_t n = MIN(len, 128 - ctx->size);
+ 
+        // Copy the data to the buffer
+        memcpy(ctx->w_buf.buffer + ctx->size, msg, n);
+ 
+        // Update the SHA-512 ctx
+        ctx->size += n;
+        ctx->totalSize += n;
+        // Advance the data pointer
+        msg = (uint8_t *) msg + n;
+        // Remaining bytes to process
+        len -= n;
+ 
+        // Process message in 16-word blocks
+        if (ctx->size == 128)
+        {
+            // Transform the 16-word block
+            SHA512_Process(ctx);
+            // Empty the buffer
+            ctx->size = 0;
+        }
+    }
+}
+ 
+/**
+* Return the 512-bit message digest into the user's array
+*/
+void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
+{
+    int i;
+    size_t paddingSize;
+    uint64_t totalSize;
+ 
+    // Length of the original message (before padding)
+    totalSize = ctx->totalSize * 8;
+ 
+    // Pad the message so that its length is congruent to 112 modulo 128
+    paddingSize = (ctx->size < 112) ? (112 - ctx->size) : 
+                                        (128 + 112 - ctx->size);
+    // Append padding
+    SHA512_Update(ctx, padding, paddingSize);
+ 
+    // Append the length of the original message
+    ctx->w_buf.w[14] = 0;
+    ctx->w_buf.w[15] = be64toh(totalSize);
+ 
+    // Calculate the message digest
+    SHA512_Process(ctx);
+ 
+    // Convert from host byte order to big-endian byte order
+    for (i = 0; i < 8; i++)
+       ctx->h_dig.h[i] = be64toh(ctx->h_dig.h[i]);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+       memcpy(digest, ctx->h_dig.digest, SHA512_SIZE);
+ }
+ 
diff --git a/replacements/time.c b/replacements/time.c
new file mode 100644
index 0000000000..4972119bb4
--- /dev/null
+++ b/replacements/time.c
@@ -0,0 +1,147 @@
+/*
+ * time.c - ESP8266-specific functions for SNTP
+ * Copyright (c) 2015 Peter Dobler. All rights reserved.
+ * This file is part of the esp8266 core for Arduino environment.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include <time.h>
+#include <sntp.h>
+
+extern uint32_t system_get_time(void);
+extern uint64_t system_mktime(uint32_t year, uint32_t mon, uint32_t day, uint32_t hour, uint32_t min, uint32_t sec);
+
+static int errno_var = 0;
+
+int* __errno(void) {
+    // DEBUGV("__errno is called last error: %d (not current)\n", errno_var);
+    return &errno_var;
+}
+
+unsigned long millis(void)
+{
+	return system_get_time() / 1000UL;
+}
+
+unsigned long micros(void)
+{
+	return system_get_time();
+}
+
+#ifndef _TIMEVAL_DEFINED
+#define _TIMEVAL_DEFINED
+struct timeval {
+  time_t      tv_sec;
+  suseconds_t tv_usec;
+};
+#endif
+
+extern char* sntp_asctime(const struct tm *t);
+extern struct tm* sntp_localtime(const time_t *clock);
+
+// time gap in seconds from 01.01.1900 (NTP time) to 01.01.1970 (UNIX time)
+#define DIFF1900TO1970 2208988800UL
+
+static int s_daylightOffset_sec = 0;
+static long s_timezone_sec = 0;
+static time_t s_bootTime = 0;
+
+// calculate offset used in gettimeofday
+static void ensureBootTimeIsSet()
+{
+    if (!s_bootTime)
+    {
+        time_t now = sntp_get_current_timestamp();
+        if (now)
+        {
+            s_bootTime =  now - millis() / 1000;
+        }
+    }
+}
+
+static void setServer(int id, const char* name_or_ip)
+{
+    if (name_or_ip)
+    {
+        //TODO: check whether server is given by name or IP
+        sntp_setservername(id, (char*) name_or_ip);
+    }
+}
+
+void configTime(int timezone, int daylightOffset_sec, const char* server1, const char* server2, const char* server3)
+{
+    sntp_stop();
+
+    setServer(0, server1);
+    setServer(1, server2);
+    setServer(2, server3);
+
+    s_timezone_sec = timezone;
+    s_daylightOffset_sec = daylightOffset_sec;
+    sntp_set_timezone(timezone/3600);
+    sntp_init();
+}
+
+int clock_gettime(clockid_t unused, struct timespec *tp)
+{
+    tp->tv_sec  = millis() / 1000;
+    tp->tv_nsec = micros() * 1000;
+    return 0;
+}
+
+// seconds since 1970
+time_t mktime(struct tm *t)
+{
+    // system_mktime expects month in range 1..12
+    #define START_MONTH 1
+    return DIFF1900TO1970 + system_mktime(t->tm_year, t->tm_mon + START_MONTH, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+}
+
+time_t time(time_t * t)
+{
+    time_t seconds = sntp_get_current_timestamp();
+    if (t)
+    {
+        *t = seconds;
+    }
+    return seconds;
+}
+
+char* asctime(const struct tm *t)
+{
+    return sntp_asctime(t);
+}
+
+struct tm* localtime(const time_t *clock)
+{
+    return sntp_localtime(clock);
+}
+
+char* ctime(const time_t *t)
+{
+    struct tm* p_tm = localtime(t);
+    char* result = asctime(p_tm);
+    return result;
+}
+
+int gettimeofday(struct timeval *tp, void *tzp)
+{
+    if (tp)
+    {
+        ensureBootTimeIsSet();
+        tp->tv_sec  = (s_bootTime + millis()) / 1000;
+        tp->tv_usec = micros() * 1000;
+    }
+    return 0;
+}
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
new file mode 100644
index 0000000000..2bc872a5e7
--- /dev/null
+++ b/samples/c/axssl.c
@@ -0,0 +1,902 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl s_server -?
+ * > axssl s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* define standard input */
+#ifndef STDIN_FILENO
+#define STDIN_FILENO        0
+#endif
+
+static void do_server(int argc, char *argv[]);
+static void print_options(char *option);
+static void print_server_options(char *option);
+static void do_client(int argc, char *argv[]);
+static void print_client_options(char *option);
+static void display_cipher(SSL *ssl);
+static void display_session_id(SSL *ssl);
+
+/**
+ * Main entry point. Doesn't do much except works out whether we are a client
+ * or a server.
+ */
+int main(int argc, char *argv[])
+{
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+#elif !defined(CONFIG_PLATFORM_SOLARIS)
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+#endif
+
+    if (argc == 2 && strcmp(argv[1], "version") == 0)
+    {
+        printf("axssl %s %s\n", ssl_version(), __DATE__);
+        exit(0);
+    }
+
+    if (argc < 2 || (
+                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
+        print_options(argc > 1 ? argv[1] : "");
+
+    strcmp(argv[1], "s_server") ? 
+        do_client(argc, argv) : do_server(argc, argv);
+    return 0;
+}
+
+/**
+ * Implement the SSL server logic. 
+ */
+static void do_server(int argc, char *argv[])
+{
+    int i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_DISPLAY_CERTS;
+    int client_fd;
+    SSL_CTX *ssl_ctx;
+    int server_fd, res = 0;
+    socklen_t client_len;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    char *private_key_file = NULL;
+    const char *password = NULL;
+    char **cert;
+    int cert_index = 0;
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef WIN32
+    char yes = 1;
+#else
+    int yes = 1;
+#endif
+    struct sockaddr_in serv_addr;
+    struct sockaddr_in client_addr;
+    int quiet = 0;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_index = 0;
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+#endif
+    fd_set read_set;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+#endif
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-accept") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            port = atoi(argv[++i]);
+        }
+#ifndef CONFIG_SSL_SKELETON_MODE
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#endif
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options |= SSL_CLIENT_AUTHENTICATION;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_server_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Server context is invalid\n");
+        exit(1);
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(ca_cert);
+#endif
+#ifndef CONFIG_SSL_SKELETON_MODE
+    free(cert);
+#endif
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    for (;;)
+    {
+        SSL *ssl;
+        int reconnected = 0;
+
+        if (!quiet)
+        {
+            printf("ACCEPT\n");
+            TTY_FLUSH();
+        }
+
+        if ((client_fd = accept(server_fd, 
+                (struct sockaddr *)&client_addr, &client_len)) < 0)
+        {
+            break;
+        }
+
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+
+        /* now read (and display) whatever the client sends us */
+        for (;;)
+        {
+            /* allow parallel reading of client and standard input */
+            FD_ZERO(&read_set);
+            FD_SET(client_fd, &read_set);
+
+#ifndef WIN32
+            /* win32 doesn't like mixing up stdin and sockets */
+            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
+            {
+                FD_SET(STDIN_FILENO, &read_set);
+            }
+
+            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+            {
+               uint8_t buf[1024];
+
+                /* read standard input? */
+                if (FD_ISSET(STDIN_FILENO, &read_set))
+                {
+                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                    {
+                        res = SSL_ERROR_CONN_LOST;
+                    }
+                    else
+                    {
+                        /* small hack to check renegotiation */
+                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
+                        {
+                            res = ssl_renegotiate(ssl);
+                        }
+                        else    /* write our ramblings to the client */
+                        {
+                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        }
+                    }
+                }
+                else    /* a socket read */
+#endif
+                {
+                    /* keep reading until we get something interesting */
+                    uint8_t *read_buf;
+
+                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
+                    {
+                        /* are we in the middle of doing a handshake? */
+                        if (ssl_handshake_status(ssl) != SSL_OK)
+                        {
+                            reconnected = 0;
+                        }
+                        else if (!reconnected)
+                        {
+                            /* we are connected/reconnected */
+                            if (!quiet)
+                            {
+                                display_session_id(ssl);
+                                display_cipher(ssl);
+                            }
+
+                            reconnected = 1;
+                        }
+                    }
+
+                    if (res > SSL_OK)    /* display our interesting output */
+                    {
+                        int written = 0;
+                        while (written < res)
+                        {
+                            written += write(STDOUT_FILENO, read_buf+written,
+                                                res-written);
+                        }
+                        TTY_FLUSH();
+                    }
+                    else if (res == SSL_CLOSE_NOTIFY)
+                    {
+                        printf("shutting down SSL\n");
+                        TTY_FLUSH();
+                    }
+                    else if (res < SSL_OK && !quiet)
+                    {
+                        ssl_display_error(res);
+                    }
+                }
+#ifndef WIN32
+            }
+#endif
+
+            if (res < SSL_OK)
+            {
+                if (!quiet)
+                {
+                    printf("CONNECTION CLOSED\n");
+                    TTY_FLUSH();
+                }
+
+                break;
+            }
+        }
+
+        /* client was disconnected or the handshake failed. */
+        ssl_free(ssl);
+        SOCKET_CLOSE(client_fd);
+    }
+
+    ssl_ctx_free(ssl_ctx);
+}
+
+/**
+ * Implement the SSL client logic.
+ */
+static void do_client(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int res, i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
+    int client_fd;
+    char *private_key_file = NULL;
+    struct sockaddr_in client_addr;
+    struct hostent *hostent;
+    int reconnect = 0;
+    uint32_t sin_addr;
+    SSL_CTX *ssl_ctx;
+    SSL *ssl = NULL;
+    int quiet = 0;
+    int cert_index = 0, ca_cert_index = 0;
+    int cert_size, ca_cert_size;
+    char **ca_cert, **cert;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    fd_set read_set;
+    const char *password = NULL;
+    SSL_EXTENSIONS *extensions = NULL;
+
+    FD_ZERO(&read_set);
+    sin_addr = inet_addr("127.0.0.1");
+    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-connect") == 0)
+        {
+            char *host, *ptr;
+
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            host = argv[++i];
+            if ((ptr = strchr(host, ':')) == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            *ptr++ = 0;
+            port = atoi(ptr);
+            hostent = gethostbyname(host);
+
+            if (hostent == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
+        }
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options &= ~SSL_SERVER_VERIFY_LATER;
+        }
+        else if (strcmp(argv[i], "-reconnect") == 0)
+        {
+            reconnect = 4;
+        }
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+        else if (strcmp(argv[i], "-servername") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            extensions = ssl_ext_new();
+            extensions->host_name = argv[++i];
+        }
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_client_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Client context is invalid\n");
+        exit(1);
+    }
+
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(cert);
+    free(ca_cert);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
+    /* Try session resumption? */
+    if (reconnect)
+    {
+        while (reconnect--)
+        {
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
+                    sizeof(session_id), extensions);
+            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+            {
+                if (!quiet)
+                {
+                    ssl_display_error(res);
+                }
+
+                ssl_free(ssl);
+                exit(1);
+            }
+
+            display_session_id(ssl);
+            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+
+            if (reconnect)
+            {
+                ssl_free(ssl);
+                SOCKET_CLOSE(client_fd);
+
+                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+                connect(client_fd, (struct sockaddr *)&client_addr, 
+                        sizeof(client_addr));
+            }
+        }
+    }
+    else
+    {
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions);
+    }
+
+    /* check the return status */
+    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+    {
+        if (!quiet)
+        {
+            ssl_display_error(res);
+        }
+
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        display_session_id(ssl);
+        display_cipher(ssl);
+    }
+
+    for (;;)
+    {
+        uint8_t buf[1024];
+
+        /* allow parallel reading of server and standard input */
+        FD_SET(client_fd, &read_set);
+#ifndef WIN32
+        /* win32 doesn't like mixing up stdin and sockets */
+        FD_SET(STDIN_FILENO, &read_set);
+
+        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+        {
+            /* read standard input? */
+            if (FD_ISSET(STDIN_FILENO, &read_set))
+#endif
+            {
+                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                {
+                    /* bomb out of here */
+                    ssl_free(ssl);
+                    break;
+                }
+                else
+                {
+                    /* small hack to check renegotiation */
+                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
+                    {
+                        res = ssl_renegotiate(ssl);
+                    }
+                    else
+                    {
+                        res = ssl_write(ssl, buf, strlen((char *)buf));
+                    }
+                }
+            }
+#ifndef WIN32
+            else    /* a socket read */
+            {
+                uint8_t *read_buf;
+
+                res = ssl_read(ssl, &read_buf);
+
+                if (res > 0)    /* display our interesting output */
+                {
+                    int written = 0;
+                    while (written < res)
+                    {
+                        written += write(STDOUT_FILENO, read_buf+written,
+                                            res-written);
+                    }
+                    TTY_FLUSH();
+                }
+            }
+        }
+#endif
+
+        if (res < 0)
+        {
+            if (!quiet)
+            {
+                ssl_display_error(res);
+            }
+
+            break;      /* get outta here */
+        }
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    SOCKET_CLOSE(client_fd);
+#else
+    print_client_options(argv[1]);
+#endif
+}
+
+/**
+ * We've had some sort of command-line error. Print out the basic options.
+ */
+static void print_options(char *option)
+{
+    printf("axssl: Error: '%s' is an invalid command.\n", option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the server options.
+ */
+static void print_server_options(char *option)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+#ifndef CONFIG_SSL_SKELETON_MODE
+    printf(" -cert arg\t- certificate file to add (in addition to default)"
+                                    " to chain -\n"
+          "\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#endif
+    printf(" -quiet\t\t- No server output\n");
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the client options.
+ */
+static void print_client_options(char *option)
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    printf("usage: s_client [args ...]\n");
+    printf(" -connect host:port - who to connect to (default "
+            "is localhost:4433)\n");
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -cert arg\t- certificate file to use\n");
+    printf("\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+    printf(" -quiet\t\t- No client output\n");
+    printf(" -reconnect\t- Drop and re-make the connection "
+            "with the same Session-ID\n");
+    printf(" -pass\t\t- Private key file pass phrase source\n");
+    printf(" -servername\t- Set TLS extension servername in ClientHello\n");
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+#else
+    printf("Change configuration to allow this feature\n");
+#endif
+    exit(1);
+}
+
+/**
+ * Display what cipher we are using 
+ */
+static void display_cipher(SSL *ssl)
+{
+    printf("CIPHER is ");
+    switch (ssl_get_cipher_id(ssl))
+    {
+        case SSL_AES128_SHA:
+            printf("AES128-SHA");
+            break;
+
+        case SSL_AES256_SHA:
+            printf("AES256-SHA");
+            break;
+
+        case SSL_AES128_SHA256:
+            printf("AES128-SHA256");
+            break;
+
+        case SSL_AES256_SHA256:
+            printf("AES256-SHA256");
+            break;
+
+        default:
+            printf("Unknown - %d", ssl_get_cipher_id(ssl));
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Display what session id we have.
+ */
+static void display_session_id(SSL *ssl)
+{    
+    int i;
+    const uint8_t *session_id = ssl_get_session_id(ssl);
+    int sess_id_size = ssl_get_session_id_size(ssl);
+
+    if (sess_id_size > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        for (i = 0; i < sess_id_size; i++)
+        {
+            printf("%02x", session_id[i]);
+        }
+
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+        TTY_FLUSH();
+    }
+}
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
new file mode 100644
index 0000000000..df3c576623
--- /dev/null
+++ b/samples/csharp/axssl.cs
@@ -0,0 +1,758 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C# with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl.csharp.exe s_server -?
+ * > axssl.csharp.exe s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+
+using System;
+using System.Net;
+using System.Net.Sockets;
+using axTLS;
+
+public class axssl
+{
+    /*
+     * Main()
+     */
+    public static void Main(string[] args)
+    {
+        if (args.Length == 1 && args[0] == "version")
+        {
+            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
+            Environment.Exit(0); 
+        }
+
+        axssl runner = new axssl();
+
+        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
+            runner.print_options(args.Length > 0 ? args[0] : "");
+
+        int build_mode = SSLUtil.BuildMode();
+
+        if (args[0] == "s_server")
+            runner.do_server(build_mode, args);
+        else 
+            runner.do_client(build_mode, args);
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, string[] args)
+    {
+        int i = 1;
+        int port = 4433;
+        uint options = axtls.SSL_DISPLAY_CERTS;
+        bool quiet = false;
+        string password = null;
+        string private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-accept")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Int32.Parse(args[++i]);
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i] == "-cert")
+                {
+                    if (i >= args.Length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i] == "-key")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtls.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i] == "-pass")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i] == "-verify")
+                    {
+                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i] == "-CAfile")
+                    {
+                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i] == "-debug")
+                        {
+                            options |= axtls.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i] == "-state")
+                        {
+                            options |= axtls.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i] == "-show-rsa")
+                        {
+                            options |= axtls.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
+        TcpListener server_sock = new TcpListener(ep);
+        server_sock.Start();      
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(
+                                options, axtls.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Server context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        byte[] buf = null;
+        int res;
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                Console.WriteLine("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.AcceptSocket();
+
+            SSL ssl = ssl_ctx.Connect(client_sock);
+
+            /* do the actual SSL handshake */
+            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.HandshakeStatus() == axtls.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtls.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtls.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            Console.WriteLine("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to string */
+                    char[] str = new char[res];
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    Console.Write(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.Dispose();
+            client_sock.Close();
+        }
+
+        /* ssl_ctx.Dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, string[] args)
+    {
+        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        bool quiet = false;
+        string password = null;
+        int reconnect = 0;
+        string private_key_file = null;
+        string hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+
+        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-connect")
+            {
+                string host_port;
+
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.IndexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new string(host_port.ToCharArray(), 
+                        0, index_colon);
+                port = Int32.Parse(new String(host_port.ToCharArray(), 
+                            index_colon+1, host_port.Length-index_colon-1));
+            }
+            else if (args[i] == "-cert")
+            {
+                if (i >= args.Length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i] == "-key")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtls.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i] == "-CAfile")
+            {
+                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i] == "-verify")
+            {
+                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i] == "-reconnect")
+            {
+                reconnect = 4;
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i] == "-pass")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i] == "-debug")
+                {
+                    options |= axtls.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i] == "-state")
+                {
+                    options |= axtls.SSL_DISPLAY_STATES;
+                }
+                else if (args[i] == "-show-rsa")
+                {
+                    options |= axtls.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
+        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
+        IPAddress[] addresses = hostInfo.AddressList;
+        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
+        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
+                SocketType.Stream, ProtocolType.Tcp);
+        client_sock.Connect(ep);
+
+        if (!client_sock.Connected)
+        {
+            Console.WriteLine("could not connect");
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            Console.WriteLine("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options,
+                                    axtls.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Client context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.Connect(client_sock, session_id);
+
+                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.DisplayError(res);
+                    }
+
+                    ssl.Dispose();
+                    Environment.Exit(1);
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.GetSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.Dispose();
+                    client_sock.Close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(AddressFamily.InterNetwork, 
+                        SocketType.Stream, ProtocolType.Tcp);
+                    client_sock.Connect(ep);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.Connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            string common_name =
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                Console.WriteLine("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        for (;;)
+        {
+            string user_input = Console.ReadLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.Length+2];
+            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.Length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.Length-2; i++)
+            {
+                buf[i] = (byte)user_input[i];
+            }
+
+            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.DisplayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.Dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(string option)
+    {
+        Console.WriteLine("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        Console.WriteLine("usage: axssl.csharp [s_server|" +
+                            "s_client|version] [args ...]");
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+        Console.WriteLine("usage: s_server [args ...]");
+        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        Console.WriteLine(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+        {
+          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
+                  "addition to default) to chain -");
+          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
+          Console.WriteLine(" -key arg\t- Private key file to use");
+          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            Console.WriteLine(" -verify\t- turn on peer certificate " +
+                    "verification");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + 
+                    ca_cert_size + "times");
+        }
+
+        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+        {
+            Console.WriteLine(" -debug\t\t- Print more output");
+            Console.WriteLine(" -state\t\t- Show state messages");
+            Console.WriteLine(" -show-rsa\t- Show RSA state");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            Console.WriteLine("usage: s_client [args ...]");
+            Console.WriteLine(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            Console.WriteLine(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            Console.WriteLine(" -cert arg\t- certificate file to use");
+            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
+            Console.WriteLine(" -key arg\t- Private key file to use");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            Console.WriteLine(" -quiet\t\t- No client output");
+            Console.WriteLine(" -pass\t\t- private key file pass " + 
+                    "phrase source");
+            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                Console.WriteLine(" -debug\t\t- Print more output");
+                Console.WriteLine(" -state\t\t- Show state messages");
+                Console.WriteLine(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            Console.WriteLine("Change configuration to allow this feature");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        Console.Write("CIPHER is ");
+
+        switch (ssl.GetCipherId())
+        {
+            case axtls.SSL_AES128_SHA:
+                Console.WriteLine("AES128-SHA");
+                break;
+
+            case axtls.SSL_AES256_SHA:
+                Console.WriteLine("AES256-SHA");
+                break;
+
+            case axtls.SSL_AES128_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            case axtls.SSL_AES256_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            default:
+                Console.WriteLine("Unknown - " + ssl.GetCipherId());
+                break;
+        }
+    }
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.GetSessionId();
+
+        if (session_id.Length > 0)
+        {
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+            foreach (byte b in session_id)
+            {
+                Console.Write("{0:x02}", b);
+            }
+
+            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/java/Makefile b/samples/java/Makefile
new file mode 100644
index 0000000000..9c1ed6da2e
--- /dev/null
+++ b/samples/java/Makefile
@@ -0,0 +1,51 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all : sample
+JAR=../../$(STAGE)/axtls.jar
+CLASSES=../../bindings/java/classes
+sample : $(JAR)
+
+$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
+	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
+
+JAVA_FILES=axssl.java
+JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
+
+$(CLASSES)/%.class : %.java
+	javac -d $(CLASSES) -classpath $(CLASSES) $^
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
new file mode 100644
index 0000000000..e013c11b47
--- /dev/null
+++ b/samples/java/axssl.java
@@ -0,0 +1,760 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Demonstrate the use of the axTLS library in Java with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.  *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > java -jar axtls.jar s_server -?
+ * > java -jar axtls.jar s_client -?
+ *
+ * The axtls/axtlsj shared libraries must be in the same directory or be found 
+ * by the OS.
+ */
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import axTLSj.*;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void main(String[] args)
+    {
+        if (args.length == 1 && args[0].equals("version"))
+        {
+            System.out.println("axtls.jar " + SSLUtil.version());
+            System.exit(0);
+        }
+
+        axssl runner = new axssl();
+
+        try
+        {
+            if (args.length < 1 || 
+                    (!args[0].equals("s_server") &&
+                     !args[0].equals("s_client")))
+            {
+                runner.print_options(args.length > 0 ? args[0] : "");
+            }
+
+            int build_mode = SSLUtil.buildMode();
+
+            if (args[0].equals("s_server"))
+                runner.do_server(build_mode, args);
+            else 
+                runner.do_client(build_mode, args);
+        }
+        catch (Exception e) 
+        {
+            System.out.println(e);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, String[] args)
+                    throws Exception
+    {
+        int i = 1;
+        int port = 4433;
+        int options = axtlsj.SSL_DISPLAY_CERTS;
+        boolean quiet = false;
+        String password = null;
+        String private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-accept"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Integer.parseInt(args[++i]);
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i].equals("-cert"))
+                {
+                    if (i >= args.length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i].equals("-key"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i].equals("-pass"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i].equals("-verify"))
+                    {
+                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i].equals("-CAfile"))
+                    {
+                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i].equals("-debug"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i].equals("-state"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i].equals("-show-rsa"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else 
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        ServerSocket server_sock = new ServerSocket(port);
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(options, 
+                                    axtlsj.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+            throw new Exception("Error: Server context is invalid");
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        int res;
+        SSLReadHolder rh = new SSLReadHolder();
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                System.out.println("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.accept();
+
+            SSL ssl = ssl_ctx.connect(client_sock);
+
+            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtlsj.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtlsj.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            System.out.println("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to String */
+                    byte[] buf = rh.getData();
+                    char[] str = new char[res];
+
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    System.out.print(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.dispose();
+            client_sock.close();
+        }
+
+        /* ssl_ctx.dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, String[] args)
+                    throws Exception
+    {
+        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
+            print_client_options(build_mode, args[1]);
+
+        int i = 1, res;
+        int port = 4433;
+        boolean quiet = false;
+        String password = null;
+        int reconnect = 0;
+        String private_key_file = null;
+        String hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+
+        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-connect"))
+            {
+                String host_port;
+
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.indexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new String(host_port.toCharArray(), 
+                        0, index_colon);
+                port = Integer.parseInt(new String(host_port.toCharArray(), 
+                            index_colon+1, host_port.length()-index_colon-1));
+            }
+            else if (args[i].equals("-cert"))
+            {
+                if (i >= args.length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-CAfile"))
+            {
+                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-key"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtlsj.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i].equals("-verify"))
+            {
+                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i].equals("-reconnect"))
+            {
+                reconnect = 4;
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i].equals("-pass"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i].equals("-debug"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i].equals("-state"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_STATES;
+                }
+                else if (args[i].equals("-show-rsa"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        Socket client_sock = new Socket(hostname, port);
+
+        if (!client_sock.isConnected())
+        {
+            System.out.println("could not connect");
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            System.out.println("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options, 
+                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Client context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        SSL ssl = null;
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.connect(client_sock, session_id);
+
+                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.displayError(res);
+                    }
+
+                    ssl.dispose();
+                    throw new Exception();
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.getSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.dispose();
+                    client_sock.close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(hostname, port);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            String common_name =
+                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                System.out.println("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        BufferedReader in = new BufferedReader(
+                new InputStreamReader(System.in));
+
+        for (;;)
+        {
+            String user_input = in.readLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.length()+2];
+            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.length-2; i++)
+            {
+                buf[i] = (byte)user_input.charAt(i);
+            }
+
+            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.displayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(String option)
+    {
+        System.out.println("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
+                "[args ...]");
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+        System.out.println("usage: s_server [args ...]");
+        System.out.println(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        System.out.println(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+        {
+            System.out.println(" -cert arg\t- certificate file to add (in " + 
+                    "addition to default) to chain -");
+            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            System.out.println(" -verify\t- turn on peer certificate " +
+                    "verification");
+            System.out.println(" -CAfile arg\t- Certificate authority. ");
+            System.out.println("\t\t  Can repeat up to " + 
+                    ca_cert_size + " times");
+        }
+
+        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+        {
+            System.out.println(" -debug\t\t- Print more output");
+            System.out.println(" -state\t\t- Show state messages");
+            System.out.println(" -show-rsa\t- Show RSA state");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            System.out.println("usage: s_client [args ...]");
+            System.out.println(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            System.out.println(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            System.out.println(" -cert arg\t- certificate file to use");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println("\t\t  Can repeat up to " + cert_size + 
+                    " times");
+            System.out.println(" -CAfile arg\t- Certificate authority.");
+            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            System.out.println(" -quiet\t\t- No client output");
+            System.out.println(" -pass\t\t- private key file pass " + 
+                        "phrase source");
+            System.out.println(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                System.out.println(" -debug\t\t- Print more output");
+                System.out.println(" -state\t\t- Show state messages");
+                System.out.println(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            System.out.println("Change configuration to allow this feature");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        System.out.print("CIPHER is ");
+
+        byte ciph_id = ssl.getCipherId();
+
+        if (ciph_id == axtlsj.SSL_AES128_SHA)
+            System.out.println("AES128-SHA");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA)
+            System.out.println("AES256-SHA");
+        else if (ciph_id == axtlsj.SSL_AES128_SHA256)
+            System.out.println("AES128-SHA256");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA256)
+            System.out.println("AES256-SHA256");
+        else
+            System.out.println("Unknown - " + ssl.getCipherId());
+    }
+
+    public char toHexChar(int i)
+    {
+        if ((0 <= i) && (i <= 9 ))
+            return (char)('0' + i);
+        else
+            return (char)('a' + (i-10));
+    }
+
+    public void bytesToHex(byte[] data) 
+    {
+        StringBuffer buf = new StringBuffer();
+        for (int i = 0; i < data.length; i++ ) 
+        {
+            buf.append(toHexChar((data[i]>>>4)&0x0F));
+            buf.append(toHexChar(data[i]&0x0F));
+        }
+
+        System.out.println(buf);
+    }
+
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.getSessionId();
+
+        if (session_id.length > 0)
+        {
+            System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+            bytesToHex(session_id);
+            System.out.println("-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
new file mode 100755
index 0000000000..b4f24edf04
--- /dev/null
+++ b/samples/lua/axssl.lua
@@ -0,0 +1,562 @@
+#!/usr/local/bin/lua
+
+--
+-- Copyright (c) 2007-2016, Cameron Rich
+--
+-- All rights reserved.
+--
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions are met:
+--
+-- * Redistributions of source code must retain the above copyright notice,
+--   this list of conditions and the following disclaimer.
+-- * Redistributions in binary form must reproduce the above copyright
+--   notice, this list of conditions and the following disclaimer in the
+--   documentation and/or other materials provided with the distribution.
+-- * Neither the name of the axTLS project nor the names of its
+--   contributors may be used to endorse or promote products derived
+--   from this software without specific prior written permission.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+-- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+-- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+-- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+-- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+-- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+--
+
+--
+-- Demonstrate the use of the axTLS library in Lua with a set of 
+-- command-line parameters similar to openssl. In fact, openssl clients 
+-- should be able to communicate with axTLS servers and visa-versa.
+--
+-- This code has various bits enabled depending on the configuration. To enable
+-- the most interesting version, compile with the 'full mode' enabled.
+--
+-- To see what options you have, run the following:
+-- > [lua] axssl s_server -?
+-- > [lua] axssl s_client -?
+--
+-- The axtls/axtlsl shared libraries must be in the same directory or be found 
+-- by the OS.
+--
+--
+require "bit"
+require("axtlsl")
+local socket = require("socket")
+
+-- print version?
+if #arg == 1 and arg[1] == "version" then
+    print("axssl.lua "..axtlsl.ssl_version())
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the basic options.
+--
+function print_options(option)
+    print("axssl: Error: '"..option.."' is an invalid command.")
+    print("usage: axssl [s_server|s_client|version] [args ...]")
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the server options.
+--
+function print_server_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+    print("usage: s_server [args ...]")
+    print(" -accept\t- port to accept on (default is 4433)")
+    print(" -quiet\t\t- No server output")
+
+    if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+        print(" -cert arg\t- certificate file to add (in addition to "..
+                "default) to chain -")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print(" -pass\t\t- private key file pass phrase source")
+    end
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.." times")
+    end
+
+    if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+        print(" -debug\t\t- Print more output")
+        print(" -state\t\t- Show state messages")
+        print(" -show-rsa\t- Show RSA state")
+    end
+
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the client options.
+--
+function print_client_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
+        print("usage: s_client [args ...]")
+        print(" -connect host:port - who to connect to (default "..
+                "is localhost:4433)")
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -cert arg\t- certificate file to use - default DER format")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.."times")
+        print(" -quiet\t\t- No client output")
+        print(" -pass\t\t- private key file pass phrase source")
+        print(" -reconnect\t- Drop and re-make the connection "..
+                "with the same Session-ID")
+
+        if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            print(" -debug\t\t- Print more output")
+            print(" -state\t\t- Show state messages")
+            print(" -show-rsa\t- Show RSA state")
+        end
+    else
+        print("Change configuration to allow this feature")
+    end
+
+    os.exit(1)
+end
+
+-- Implement the SSL server logic. 
+function do_server(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = axtlsl.SSL_DISPLAY_CERTS
+    local quiet = false
+    local password = ""
+    local private_key_file = nil
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] ==  "-accept" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            port = arg[i]
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+            if arg[i] == "-cert" then
+                if i >= #arg or #cert >= cert_size then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                table.insert(cert, arg[i])
+            elseif arg[i] == "-key" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                private_key_file = arg[i]
+                options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+            elseif arg[i] == "-pass" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                password = arg[i]
+            elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+                if arg[i] == "-verify" then
+                    options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
+                elseif arg[i] == "-CAfile" then
+                    if i >= #arg or #ca_cert >= ca_cert_size then
+                        print_server_options(build_mode, arg[i])  
+                    end
+
+                    i = i + 1
+                    table.insert(ca_cert, arg[i])
+                elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+                    if arg[i] == "-debug" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+                    elseif arg[i] == "-state" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
+                    elseif arg[i] == "-show-rsa" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
+                    else
+                        print_server_options(build_mode, arg[i])
+                    end
+                else
+                    print_server_options(build_mode, arg[i])
+                end
+            else 
+                print_server_options(build_mode, arg[i])
+            end
+        else 
+            print_server_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    -- Create socket for incoming connections
+    local server_sock = socket.try(socket.bind("*", port))
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
+    if ssl_ctx == nil then error("Error: Server context is invalid") end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '" .. private_key_file .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    while true do
+        if not quiet then print("ACCEPT") end
+        local client_sock = server_sock:accept();
+        local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
+
+        -- do the actual SSL handshake
+        local connected = false
+        local res
+        local buf
+
+        while true do
+            socket.select({client_sock}, nil)
+            res, buf = axtlsl.ssl_read(ssl)
+
+            if res == axtlsl.SSL_OK then -- connection established and ok
+                if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
+                    if not quiet and not connected then
+                        display_session_id(ssl)
+                        display_cipher(ssl)
+                    end
+                    connected = true
+                end
+            end
+
+            if res > axtlsl.SSL_OK then
+                for _, v in ipairs(buf) do
+                    io.write(string.format("%c", v))
+                end
+            elseif res < axtlsl.SSL_OK then 
+                if not quiet then
+                    axtlsl.ssl_display_error(res)
+                end
+                break
+            end
+        end
+
+        -- client was disconnected or the handshake failed.
+        print("CONNECTION CLOSED")
+        axtlsl.ssl_free(ssl)
+        client_sock:close()
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+end
+
+--
+-- Implement the SSL client logic.
+--
+function do_client(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = 
+            bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
+    local private_key_file = nil
+    local reconnect = 0
+    local quiet = false
+    local password = ""
+    local session_id = {}
+    local host = "127.0.0.1"
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] == "-connect" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            local t = string.find(arg[i], ":")
+            host = string.sub(arg[i], 1, t-1)
+            port = string.sub(arg[i], t+1)
+        elseif arg[i] == "-cert" then
+            if i >= #arg or #cert >= cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(cert, arg[i])
+        elseif arg[i] == "-key" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            private_key_file = arg[i]
+            options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+        elseif arg[i] == "-CAfile" then
+            if i >= #arg or #ca_cert >= ca_cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(ca_cert, arg[i])
+        elseif arg[i] == "-verify" then
+            options = bit.band(options, 
+                                bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
+        elseif arg[i] == "-reconnect" then
+            reconnect = 4
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif arg[i] == "-pass" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            password = arg[i]
+        elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            if arg[i] == "-debug" then
+                options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+            elseif arg[i] == "-state" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
+            elseif arg[i] == "-show-rsa" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
+            else    -- don't know what this is
+                print_client_options(build_mode, arg[i])
+            end
+        else    -- don't know what this is
+            print_client_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    local client_sock = socket.try(socket.connect(host, port))
+    local ssl
+    local res
+
+    if not quiet then print("CONNECTED") end
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
+
+    if ssl_ctx == nil then 
+        error("Error: Client context is invalid")
+    end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '"..private_key_file.."' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    -- Try session resumption?
+    if reconnect ~= 0 then
+        local session_id = nil
+        local sess_id_size = 0
+
+        while reconnect > 0 do
+            reconnect = reconnect - 1
+            ssl = axtlsl.ssl_client_new(ssl_ctx, 
+                    client_sock:getfd(), session_id, sess_id_size)
+
+            res = axtlsl.ssl_handshake_status(ssl)
+            if res ~= axtlsl.SSL_OK then
+                if not quiet then axtlsl.ssl_display_error(res) end
+                axtlsl.ssl_free(ssl)
+                os.exit(1)
+            end
+
+            display_session_id(ssl)
+            session_id = axtlsl.ssl_get_session_id(ssl)
+            sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
+
+            if reconnect > 0 then
+                axtlsl.ssl_free(ssl)
+                client_sock:close()
+                client_sock = socket.try(socket.connect(host, port))
+            end
+
+        end
+    else
+        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
+    end
+
+    -- check the return status
+    res = axtlsl.ssl_handshake_status(ssl)
+    if res ~= axtlsl.SSL_OK then
+        if not quiet then axtlsl.ssl_display_error(res) end
+        os.exit(1)
+    end
+
+    if not quiet then
+        local common_name = axtlsl.ssl_get_cert_dn(ssl, 
+                            axtlsl.SSL_X509_CERT_COMMON_NAME)
+
+        if common_name ~= nil then 
+            print("Common Name:\t\t\t"..common_name)
+        end
+
+        display_session_id(ssl)
+        display_cipher(ssl)
+    end
+
+    while true do
+        local line = io.read()
+    if line == nil then break end
+        local bytes = {}
+
+        for i = 1, #line do
+            bytes[i] = line.byte(line, i)
+        end
+
+        bytes[#line+1] = 10      -- add carriage return, null
+        bytes[#line+2] = 0
+
+        res = axtlsl.ssl_write(ssl, bytes, #bytes)
+        if res < axtlsl.SSL_OK then
+            if not quiet then axtlsl.ssl_display_error(res) end
+            break
+        end
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+    client_sock:close()
+end
+
+--
+-- Display what cipher we are using 
+--
+function display_cipher(ssl)
+    io.write("CIPHER is ")
+    local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
+
+    if cipher_id == axtlsl.SSL_AES128_SHA then
+        print("AES128-SHA")
+    elseif cipher_id == axtlsl.SSL_AES256_SHA then
+        print("AES256-SHA")
+    elseif axtlsl.SSL_AES128_SHA256 then
+        print("AES128-SHA256")
+    elseif axtlsl.SSL_AES256_SHA256 then
+        print("AES256-SHA256")
+    else 
+        print("Unknown - "..cipher_id)
+    end
+end
+
+--
+-- Display what session id we have.
+--
+function display_session_id(ssl)
+    local session_id = axtlsl.ssl_get_session_id(ssl)
+    local v
+
+    if #session_id > 0 then
+        print("-----BEGIN SSL SESSION PARAMETERS-----")
+        for _, v in ipairs(session_id) do
+            io.write(string.format("%02x", v))
+        end
+        print("\n-----END SSL SESSION PARAMETERS-----")
+    end
+end
+
+--
+-- Main entry point. Doesn't do much except works out whether we are a client
+-- or a server.
+--
+if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
+    print_options(#arg > 0 and arg[1] or "")
+end
+
+local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
+_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
+os.exit(0)
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
new file mode 100755
index 0000000000..f3b044939c
--- /dev/null
+++ b/samples/perl/axssl.pl
@@ -0,0 +1,634 @@
+#!/usr/bin/perl -w
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# Demonstrate the use of the axTLS library in Perl with a set of 
+# command-line parameters similar to openssl. In fact, openssl clients 
+# should be able to communicate with axTLS servers and visa-versa.
+#
+# This code has various bits enabled depending on the configuration. To enable
+# the most interesting version, compile with the 'full mode' enabled.
+#
+# To see what options you have, run the following:
+# > [perl] axssl s_server -?
+# > [perl] axssl s_client -?
+#
+# The axtls/axtlsp shared libraries must be in the same directory or be found 
+# by the OS. axtlsp.pm must be in this directory or be in @INC.
+#
+# Under Win32, ActivePerl was used (see
+# http://www.activestate.com/Products/ActivePerl/?mp=1)
+#
+use axtlsp;
+use IO::Socket;
+
+# To get access to Win32 file descriptor stuff
+my $is_win32 = 0;
+
+if ($^O eq "MSWin32")
+{
+    eval("use Win32API::File 0.08 qw( :ALL )");
+    $is_win32 = 1;
+}
+
+use strict;
+
+#
+# Win32 has some problems with socket handles
+#
+sub get_native_sock
+{
+    my ($sock) = @_;
+    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
+}
+
+# print version?
+if ($#ARGV == 0 && $ARGV[0] eq "version")
+{
+    printf("axssl.pl ".axtlsp::ssl_version()."\n");
+    exit 0;
+}
+
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
+print_options($#ARGV > -1 ? $ARGV[0] : "")
+        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
+
+
+# Cygwin/Win32 issue - flush our output continuously
+select STDOUT;
+local $|=1;
+
+my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
+$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
+
+#
+# Implement the SSL server logic. 
+#
+sub do_server
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_DISPLAY_CERTS;
+    my $quiet = 0;
+    my $password = undef;
+    my $private_key_file = undef;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+    my @cert;
+    my @ca_cert;
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq  "-accept")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $port = $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+        {
+            if ($ARGV[$i] eq "-cert")
+            {
+                print_server_options($build_mode, $ARGV[$i]) 
+                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+                push @cert,  $ARGV[++$i];
+            }
+            elsif ($ARGV[$i] eq "-key")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $private_key_file = $ARGV[++$i];
+                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+            }
+            elsif ($ARGV[$i] eq "-pass")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $password = $ARGV[++$i];
+            }
+            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+            {
+                if ($ARGV[$i] eq "-verify")
+                {
+                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
+                }
+                elsif ($ARGV[$i] eq "-CAfile")
+                {
+                    print_server_options($build_mode, $ARGV[$i])  
+                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+                    push @ca_cert, $ARGV[++$i];
+                }
+                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+                {
+                    if ($ARGV[$i] eq "-debug")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
+                    }
+                    elsif ($ARGV[$i] eq "-state")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_STATES;
+                    }
+                    elsif ($ARGV[$i] eq "-show-rsa")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_RSA;
+                    }
+                    else
+                    {
+                        print_server_options($build_mode, $ARGV[$i]);
+                    }
+                }
+                else
+                {
+                    print_server_options($build_mode, $ARGV[$i]);
+                }
+            }
+            else 
+            {
+                print_server_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else 
+        {
+            print_server_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    # Create socket for incoming connections
+    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => $port,
+                              Listen => 1,
+                              Reuse => 1) or die $!;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
+    die "Error: Server context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    for (;;)
+    {
+        printf("ACCEPT\n") if not $quiet;
+        my $client_sock = $server_sock->accept;
+        my $native_sock = get_native_sock($client_sock->fileno);
+
+        # This doesn't work in Win32 - need to get file descriptor from socket.
+        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
+
+        # do the actual SSL handshake
+        my $res;
+        my $buf;
+        my $connected = 0;
+
+        while (1)
+        {
+            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+            last if $res < $axtlsp::SSL_OK;
+
+            if ($res == $axtlsp::SSL_OK) # connection established and ok
+            {
+                if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
+                {
+                    if (!$quiet && !$connected)
+                    {
+                        display_session_id($ssl);
+                        display_cipher($ssl);
+                    }
+
+                    $connected = 1;
+                }
+            }
+
+            if ($res > $axtlsp::SSL_OK)
+            {
+                printf($$buf);
+            }
+            elsif ($res < $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if not $quiet;
+                last;
+            } 
+        }
+
+        # client was disconnected or the handshake failed.
+        printf("CONNECTION CLOSED\n") if not $quiet;
+        axtlsp::ssl_free($ssl);
+        $client_sock->close;
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+}
+
+#
+# Implement the SSL client logic.
+#
+sub do_client
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
+    my $private_key_file = undef;
+    my $reconnect = 0;
+    my $quiet = 0;
+    my $password = undef;
+    my @session_id;
+    my $host = "127.0.0.1";
+    my @cert;
+    my @ca_cert;
+    my $cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq "-connect")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            ($host, $port) = split(':', $ARGV[++$i]);
+        }
+        elsif ($ARGV[$i] eq "-cert")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+            push @cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-key")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $private_key_file = $ARGV[++$i];
+            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+        }
+        elsif ($ARGV[$i] eq "-CAfile")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+
+            push @ca_cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-verify")
+        {
+            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
+        }
+        elsif ($ARGV[$i] eq "-reconnect")
+        {
+            $reconnect = 4;
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($ARGV[$i] eq "-pass")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $password = $ARGV[++$i];
+        }
+        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            if ($ARGV[$i] eq "-debug")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_BYTES;
+            }
+            elsif ($ARGV[$i] eq "-state")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_STATES;
+            }
+            elsif ($ARGV[$i] eq "-show-rsa")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_RSA;
+            }
+            else    # don't know what this is
+            {
+                print_client_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else    # don't know what this is
+        {
+            print_client_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    my $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+    my $ssl;
+    my $res;
+    my $native_sock = get_native_sock($client_sock->fileno);
+
+    printf("CONNECTED\n") if not $quiet;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
+    die "Error: Client context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    # Try session resumption?
+    if ($reconnect)
+    {
+        my $session_id = undef;
+        my $sess_id_size = 0;
+
+        while ($reconnect--)
+        {
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, 
+                            $session_id, $sess_id_size);
+
+            $res = axtlsp::ssl_handshake_status($ssl);
+            if ($res != $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if !$quiet;
+                axtlsp::ssl_free($ssl);
+                exit 1;
+            }
+
+            display_session_id($ssl);
+            $session_id = axtlsp::ssl_get_session_id($ssl);
+
+            if ($reconnect)
+            {
+                axtlsp::ssl_free($ssl);
+                $client_sock->close;
+                $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+
+            }
+        }
+    }
+    else
+    {
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
+    }
+
+    # check the return status
+    $res = axtlsp::ssl_handshake_status($ssl);
+    if ($res != $axtlsp::SSL_OK)
+    {
+        axtlsp::ssl_display_error($res) if not $quiet;
+        exit 1;
+    }
+
+    if (!$quiet)
+    {
+        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
+                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
+
+        printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
+        display_session_id($ssl);
+        display_cipher($ssl);
+    }
+
+    while (<STDIN>)
+    {
+        my $cstring = pack("a*x", $_);   # add null terminator
+        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
+        if ($res < $axtlsp::SSL_OK)
+        {
+            axtlsp::ssl_display_error($res) if not $quiet;
+            last;
+        }
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+    $client_sock->close;
+}
+
+#
+# We've had some sort of command-line error. Print out the basic options.
+#
+sub print_options
+{
+    my ($option) = @_;
+    printf("axssl: Error: '%s' is an invalid command.\n", $option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the server options.
+#
+sub print_server_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+    printf(" -quiet\t\t- No server output\n");
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+    {
+        printf(" -cert arg\t- certificate file to add (in addition to default)".
+                                        " to chain -\n".
+          "\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+    }
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+    {
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+    }
+
+    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+    {
+        printf(" -debug\t\t- Print more output\n");
+        printf(" -state\t\t- Show state messages\n");
+        printf(" -show-rsa\t- Show RSA state\n");
+    }
+
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the client options.
+#
+sub print_client_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
+    {
+        printf("usage: s_client [args ...]\n");
+        printf(" -connect host:port - who to connect to (default ".
+                "is localhost:4433)\n");
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -cert arg\t- certificate file to use - default DER format\n");
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+        printf(" -quiet\t\t- No client output\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+        printf(" -reconnect\t- Drop and re-make the connection ".
+                "with the same Session-ID\n");
+
+        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            printf(" -debug\t\t- Print more output\n");
+            printf(" -state\t\t- Show state messages\n");
+            printf(" -show-rsa\t- Show RSA state\n");
+        }
+    }
+    else
+    {
+        printf("Change configuration to allow this feature\n");
+    }
+
+    exit 1;
+}
+
+#
+# Display what cipher we are using 
+#
+sub display_cipher
+{
+    my ($ssl) = @_;
+    printf("CIPHER is ");
+    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
+
+    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
+    {
+        printf("AES128-SHA");
+    }
+    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
+    {
+        printf("AES256-SHA");
+    }
+    elsif ($axtlsp::SSL_AES128_SHA256)
+    {
+        printf("AES128-SHA256");
+    }
+    elsif ($axtlsp::SSL_AES256_SHA256)
+    {
+        printf("AES256-SHA256");
+    }
+    else 
+    {
+        printf("Unknown - %d", $cipher_id);
+    }
+
+    printf("\n");
+}
+
+#
+# Display what session id we have.
+#
+sub display_session_id
+{    
+    my ($ssl) = @_;
+    my $session_id = axtlsp::ssl_get_session_id($ssl);
+    if (length($$session_id) > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        printf(unpack("H*", $$session_id));
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    }
+}
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
new file mode 100644
index 0000000000..7e5d68277e
--- /dev/null
+++ b/samples/vbnet/axssl.vb
@@ -0,0 +1,702 @@
+'
+' Copyright (c) 2007-2016, Cameron Rich
+'
+' All rights reserved.
+'
+' Redistribution and use in source and binary forms, with or without
+' modification, are permitted provided that the following conditions are met:
+'
+' * Redistributions of source code must retain the above copyright notice,
+'   this list of conditions and the following disclaimer.
+' * Redistributions in binary form must reproduce the above copyright
+'   notice, this list of conditions and the following disclaimer in the
+'   documentation and/or other materials provided with the distribution.
+' * Neither the name of the axTLS project nor the names of its
+'   contributors may be used to endorse or promote products derived
+'   from this software without specific prior written permission.
+'
+' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+'
+
+'
+' Demonstrate the use of the axTLS library in VB.NET with a set of 
+' command-line parameters similar to openssl. In fact, openssl clients 
+' should be able to communicate with axTLS servers and visa-versa.
+'
+' This code has various bits enabled depending on the configuration. To enable
+' the most interesting version, compile with the 'full mode' enabled.
+'
+' To see what options you have, run the following:
+' > axssl.vbnet.exe s_server -?
+' > axssl.vbnet.exe s_client -?
+'
+' The axtls shared library must be in the same directory or be found 
+' by the OS.
+'
+
+Imports System
+Imports System.Net
+Imports System.Net.Sockets
+Imports Microsoft.VisualBasic
+Imports axTLSvb
+
+Public Class axssl
+    ' 
+    ' do_server()
+    '
+    Public Sub do_server(ByVal build_mode As Integer, _
+                                        ByVal args() As String)
+        Dim i As Integer = 1
+        Dim port As Integer = 4433
+        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim private_key_file As String = Nothing
+
+        ' organise the cert/ca_cert lists 
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        While i < args.Length
+            If args(i) = "-accept" Then
+                If i >= args.Length-1
+                    print_server_options(build_mode, args(i))
+                End If
+
+                i += 1
+                port = Int32.Parse(args(i))
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And Not axtls.SSL_DISPLAY_CERTS
+            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
+                If args(i) = "-cert"
+                    If i >= args.Length-1 Or cert_index >= cert_size
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    cert(cert_index) = args(i)
+                    cert_index += 1
+                ElseIf args(i) = "-key"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    private_key_file = args(i)
+                    options = options Or axtls.SSL_NO_DEFAULT_KEY
+                ElseIf args(i) = "-pass"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    password = args(i)
+                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+                    If args(i) = "-verify" Then
+                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
+                    ElseIf args(i) = "-CAfile"
+                        If i >= args.Length-1 Or _
+                                    ca_cert_index >= ca_cert_size Then
+                            print_server_options(build_mode, args(i))
+                        End If
+
+                        i += 1
+                        ca_cert(ca_cert_index) = args(i)
+                        ca_cert_index += 1
+                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                        If args(i) = "-debug" Then
+                            options = options Or axtls.SSL_DISPLAY_BYTES
+                        ElseIf args(i) = "-state"
+                            options = options Or axtls.SSL_DISPLAY_STATES
+                        ElseIf args(i) = "-show-rsa"
+                            options = options Or axtls.SSL_DISPLAY_RSA
+                        Else
+                            print_server_options(build_mode, args(i))
+                        End If
+                    Else
+                        print_server_options(build_mode, args(i))
+                    End If
+                Else
+                    print_server_options(build_mode, args(i))
+                End If
+            End If
+
+            i += 1
+        End While
+
+        ' Create socket for incoming connections
+        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
+        Dim server_sock As TcpListener = New TcpListener(ep)
+        server_sock.Start()      
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLServer = New SSLServer(options, _
+                axtls.SSL_DEFAULT_SVR_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Server context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        Dim buf As Byte() = Nothing
+        Dim res As Integer
+        Dim ssl As SSL
+
+        While 1
+            If Not quiet Then
+                Console.WriteLine("ACCEPT")
+            End If
+
+            Dim client_sock As Socket = server_sock.AcceptSocket()
+
+            ssl = ssl_ctx.Connect(client_sock)
+
+            ' do the actual SSL handshake 
+            While 1
+                res = ssl_ctx.Read(ssl, buf)
+                If  res <> axtls.SSL_OK Then
+                    Exit While
+                End If
+
+                ' check when the connection has been established 
+                If ssl.HandshakeStatus() = axtls.SSL_OK
+                    Exit While
+                End If
+
+                ' could do something else here 
+            End While
+
+            If res = axtls.SSL_OK Then  ' connection established and ok
+                If Not quiet
+                    display_session_id(ssl)
+                    display_cipher(ssl)
+                End If
+
+                ' now read (and display) whatever the client sends us
+                While 1
+                    ' keep reading until we get something interesting 
+                    While 1
+                        res = ssl_ctx.Read(ssl, buf)
+                        If res <> axtls.SSL_OK Then
+                            Exit While
+                        End If
+
+                        ' could do something else here
+                    End While
+
+                    If res < axtls.SSL_OK
+                        If Not quiet
+                            Console.WriteLine("CONNECTION CLOSED")
+                        End If
+
+                        Exit While
+                    End If
+
+                    ' convert to String 
+                    Dim str(res) As Char
+                    For i = 0 To res-1
+                        str(i) = Chr(buf(i))
+                    Next
+
+                    Console.Write(str)
+                End While
+            ElseIf Not quiet
+                SSLUtil.DisplayError(res)
+            End If
+
+            ' client was disconnected or the handshake failed. */
+            ssl.Dispose()
+            client_sock.Close()
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    ' 
+    ' do_client()
+    '
+    Public Sub do_client(ByVal build_mode As Integer, _
+                                    ByVal args() As String)
+
+        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
+            print_client_options(build_mode, args(1))
+        End If
+
+        Dim i As Integer = 1
+        Dim res As Integer
+        Dim port As Integer = 4433
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim reconnect As Integer = 0
+        Dim private_key_file As String = Nothing
+        Dim hostname As String = "127.0.0.1"
+
+        ' organise the cert/ca_cert lists
+        Dim ssl As SSL = Nothing
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        Dim options As Integer = _
+                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
+        Dim session_id As Byte() = Nothing
+
+        While i < args.Length
+            If args(i) = "-connect" Then
+                Dim host_port As String
+
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                host_port = args(i)
+
+                Dim index_colon As Integer = host_port.IndexOf(":"C)
+                If index_colon < 0 Then 
+                    print_client_options(build_mode, args(i))
+                End If
+
+                hostname = New String(host_port.ToCharArray(), _
+                        0, index_colon)
+                port = Int32.Parse(New String(host_port.ToCharArray(), _
+                            index_colon+1, host_port.Length-index_colon-1))
+            ElseIf args(i) = "-cert"
+                If i >= args.Length-1 Or cert_index >= cert_size Then
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                cert(cert_index) = args(i)
+                cert_index += 1
+            ElseIf args(i) = "-key"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                private_key_file = args(i)
+                options = options Or axtls.SSL_NO_DEFAULT_KEY
+            ElseIf args(i) = "-CAfile"
+                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                ca_cert(ca_cert_index) = args(i)
+                ca_cert_index += 1
+            ElseIf args(i) = "-verify"
+                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
+            ElseIf args(i) = "-reconnect"
+                reconnect = 4
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And  Not axtls.SSL_DISPLAY_CERTS
+            ElseIf args(i) = "-pass"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                password = args(i)
+            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                If args(i) = "-debug" Then
+                    options = options Or axtls.SSL_DISPLAY_BYTES
+                ElseIf args(i) = "-state"
+                    options = options Or axtls.SSL_DISPLAY_STATES
+                ElseIf args(i) = "-show-rsa"
+                    options = options Or axtls.SSL_DISPLAY_RSA
+                Else
+                    print_client_options(build_mode, args(i))
+                End If
+            Else    ' don't know what this is 
+                print_client_options(build_mode, args(i))
+            End If
+
+            i += 1
+        End While
+
+        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
+        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
+        Dim  addresses As IPAddress() = hostInfo.AddressList
+        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
+        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
+                SocketType.Stream, ProtocolType.Tcp)
+        client_sock.Connect(ep)
+
+        If Not client_sock.Connected Then
+            Console.WriteLine("could not connect")
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Console.WriteLine("CONNECTED")
+        End If
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLClient = New SSLClient(options, _
+                axtls.SSL_DEFAULT_CLNT_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Client context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        ' Try session resumption?
+        If reconnect > 0 Then
+            While reconnect > 0
+                reconnect -= 1
+                ssl = ssl_ctx.Connect(client_sock, session_id)
+
+                res = ssl.HandshakeStatus()
+                If res <> axtls.SSL_OK Then
+                    If Not quiet Then
+                        SSLUtil.DisplayError(res)
+                    End If
+
+                    ssl.Dispose()
+                    Environment.Exit(1)
+                End If
+
+                display_session_id(ssl)
+                session_id = ssl.GetSessionId()
+
+                If reconnect > 0 Then
+                    ssl.Dispose()
+                    client_sock.Close()
+                    
+                    ' and reconnect
+                    client_sock = New Socket(AddressFamily.InterNetwork, _
+                        SocketType.Stream, ProtocolType.Tcp)
+                    client_sock.Connect(ep)
+                End If
+            End While
+        Else
+            ssl = ssl_ctx.Connect(client_sock, Nothing)
+        End If
+
+        ' check the return status 
+        res = ssl.HandshakeStatus()
+        If res <> axtls.SSL_OK Then
+            If Not quiet Then
+                SSLUtil.DisplayError(res)
+            End If
+
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Dim common_name As String = _
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
+
+            If common_name <> Nothing
+                Console.WriteLine("Common Name:" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        ControlChars.Tab & common_name)
+            End If
+
+            display_session_id(ssl)
+            display_cipher(ssl)
+        End If
+
+        While (1)
+            Dim user_input As String = Console.ReadLine()
+
+            If user_input = Nothing Then
+                Exit While
+            End If
+
+            Dim buf(user_input.Length+1) As Byte
+            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
+            buf(buf.Length-1) = 0                    ' null terminate 
+
+            For i = 0 To user_input.Length-1
+                buf(i) = Asc(user_input.Chars(i))
+            Next
+
+            res = ssl_ctx.Write(ssl, buf, buf.Length)
+            If res < axtls.SSL_OK Then
+                If Not quiet Then
+                    SSLUtil.DisplayError(res)
+                End If
+
+                Exit While
+            End If
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    '
+    ' Display what cipher we are using
+    '
+    Private Sub display_cipher(ByVal ssl As SSL)
+        Console.Write("CIPHER is ")
+
+        Select ssl.GetCipherId()
+            Case axtls.SSL_AES128_SHA
+                Console.WriteLine("AES128-SHA")
+
+            Case axtls.SSL_AES256_SHA
+                Console.WriteLine("AES256-SHA")
+
+            Case axtls.SSL_AES128_SHA256
+                Console.WriteLine("AES128-SHA256")
+
+            Case axtls.SSL_AES256_SHA256
+                Console.WriteLine("AES256-SHA256")
+
+            Case Else
+                Console.WriteLine("Unknown - " & ssl.GetCipherId())
+        End Select
+    End Sub
+
+    '
+    ' Display what session id we have.
+    '
+    Private Sub display_session_id(ByVal ssl As SSL)
+        Dim session_id As Byte() = ssl.GetSessionId()
+
+        If session_id.Length > 0 Then
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+            Dim b As Byte
+            For Each b In session_id
+                Console.Write("{0:x02}", b)
+            Next
+
+            Console.WriteLine()
+            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+        End If
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the basic options.
+    '
+    Public Sub print_options(ByVal options As String)
+        Console.WriteLine("axssl: Error: '" & options & _
+                "' is an invalid command.")
+        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
+                "version] [args ...]")
+        Environment.Exit(1)
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the server options.
+    '
+    Private Sub print_server_options(ByVal build_mode As Integer, _
+                                    ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+        Console.WriteLine("usage: s_server [args ...]")
+        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
+                "- port to accept on (default is 4433)")
+        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
+                "- No server output")
+        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+               "- certificate file to add (in addition to default) to chain -")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                        "- Private key file to use")
+            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
+                    "- private key file pass phrase source")
+        End If
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+        End If
+
+        If build_mode = axtls.SSL_BUILD_FULL_MODE
+            Console.WriteLine(" -debug" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Print more output")
+            Console.WriteLine(" -state" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Show state messages")
+            Console.WriteLine(" -show-rsa" & _
+                    ControlChars.Tab & "- Show RSA state")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+    '
+    ' We've had some sort of command-line error. Print out the client options.
+    '
+    Private Sub print_client_options(ByVal build_mode As Integer, _
+                                                ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
+            Console.WriteLine("usage: s_client [args ...]")
+            Console.WriteLine(" -connect host:port - who to connect to " & _
+                    "(default is localhost:4433)")
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+                    "- certificate file to use")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                    "- Private key file to use")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+            Console.WriteLine(" -quiet" & _
+                    ControlChars.Tab & ControlChars.Tab & "- No client output")
+            Console.WriteLine(" -pass" & ControlChars.Tab & _
+                    ControlChars.Tab & _
+                    "- private key file pass phrase source")
+            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
+                    "- Drop and re-make the " & _
+                    "connection with the same Session-ID")
+
+            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
+                Console.WriteLine(" -debug" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Print more output")
+                Console.WriteLine(" -state" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Show state messages")
+                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
+                        "- Show RSA state")
+            End If
+        Else 
+            Console.WriteLine("Change configuration to allow this feature")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+End Class
+
+Public Module MyMain
+    Function Main(ByVal args() As String) As Integer
+        Dim runner As axssl = New axssl()
+
+        If args.Length = 1 And args(0) = "version" Then
+           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
+            Environment.Exit(0)
+        End If
+
+        If args.Length < 1 
+            runner.print_options("")
+        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
+            runner.print_options(args(0))
+        End If
+
+        Dim build_mode As Integer = SSLUtil.BuildMode()
+
+        If args(0) = "s_server" Then
+            runner.do_server(build_mode, args)
+        Else
+            runner.do_client(build_mode, args)
+        End If
+    End Function
+End Module
diff --git a/ssl/asn1.c b/ssl/asn1.c
new file mode 100644
index 0000000000..b53562cd9e
--- /dev/null
+++ b/ssl/asn1.c
@@ -0,0 +1,782 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some primitive asn methods for extraction ASN.1 data.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+/* 1.2.840.113549.1.1 OID prefix - handle the following */
+/* md5WithRSAEncryption(4) */
+/* sha1WithRSAEncryption(5) */
+/* sha256WithRSAEncryption (11) */
+/* sha384WithRSAEncryption (12) */
+/* sha512WithRSAEncryption (13) */
+static const uint8_t sig_oid_prefix[] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
+};
+
+/* 1.3.14.3.2.29 SHA1 with RSA signature */
+static const uint8_t sig_sha1WithRSAEncrypt[] =
+{
+    0x2b, 0x0e, 0x03, 0x02, 0x1d
+};
+
+/* 2.16.840.1.101.3.4.2.1 SHA-256 */
+static const uint8_t sig_sha256[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+};
+
+/* 2.16.840.1.101.3.4.2.2 SHA-384 */
+static const uint8_t sig_sha384[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+};
+
+/* 2.16.840.1.101.3.4.2.3 SHA-512 */
+static const uint8_t sig_sha512[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+};
+
+static const uint8_t sig_subject_alt_name[] =
+{
+    0x55, 0x1d, 0x11
+};
+
+static const uint8_t sig_basic_constraints[] =
+{
+    0x55, 0x1d, 0x13
+};
+
+static const uint8_t sig_key_usage[] =
+{
+    0x55, 0x1d, 0x0f
+};
+
+/* CN, O, OU, L, C, ST */
+static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
+
+uint32_t get_asn1_length(const uint8_t *buf, int *offset)
+{
+    int i;
+    uint32_t len;
+
+    if (!(buf[*offset] & 0x80)) /* short form */
+    {
+        len = buf[(*offset)++];
+    }
+    else  /* long form */
+    {
+        int length_bytes = buf[(*offset)++]&0x7f;
+        if (length_bytes > 4)   /* limit number of bytes */
+            return 0;
+
+        len = 0;
+        for (i = 0; i < length_bytes; i++)
+        {
+            len <<= 8;
+            len += buf[(*offset)++];
+        }
+    }
+
+    return len;
+}
+
+/**
+ * Skip the ASN1.1 object type and its length. Get ready to read the object's
+ * data.
+ */
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+
+    (*offset)++;
+    return get_asn1_length(buf, offset);
+}
+
+/**
+ * Skip over an ASN.1 object type completely. Get ready to read the next
+ * object.
+ */
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    int len;
+
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *offset += len;
+    return 0;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ * Note: This function allocates memory which must be freed by the user.
+ */
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
+{
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
+        goto end_big_int;
+
+    if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
+    {
+        len--;
+        (*offset)++;
+    }
+
+    *object = (uint8_t *)malloc(len);
+    memcpy(*object, &buf[*offset], len);
+    *offset += len;
+
+end_big_int:
+    return len;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
+{
+    int res = X509_OK;
+    int len;
+    int i;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 || 
+                len > sizeof(int32_t))
+    {
+        res = X509_NOT_OK;
+        goto end_int;
+    }
+
+    *val = 0;
+    for (i = 0; i < len; i++)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset)++];
+    }
+
+end_int:
+    return res;
+}
+
+/**
+ * Read an boolean value for ASN.1 data
+ */
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
+{
+    int res = X509_OK;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
+    {
+        res = X509_NOT_OK;
+        goto end_bool;
+    }
+
+    /* DER demands that "If the encoding represents the boolean value TRUE,
+       its single contents octet shall have all eight bits set to one."
+       Thus only 0 and 255 are valid encoded values. */
+    *val = buf[(*offset)++] == 0xFF;
+
+end_bool:
+    return res;
+}
+
+/**
+ * Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
+ */
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
+{
+    int res = X509_OK;
+    int len, i;
+    int ignore_bits;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
+    {
+        res = X509_NOT_OK;
+        goto end_bit_string_as_int;
+    }
+
+    /* number of bits left unused in the final byte of content */
+    ignore_bits = buf[(*offset)++];
+    len--;
+    *val = 0;
+
+    /* not sure why key usage doesn't used proper DER spec version */
+    for (i = len-1; i >= 0; --i)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset) + i];
+    }
+
+    *offset += len;
+
+    /*for (i = 0; i < ignore_bits; i++)
+    {
+        *val >>= 1;
+    }*/
+
+end_bit_string_as_int:
+    return res;
+}
+
+/**
+ * Get all the RSA private key specifics from an ASN.1 encoded file 
+ */
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
+{
+    int offset = 7;
+    uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
+    int mod_len, priv_len, pub_len;
+#ifdef CONFIG_BIGINT_CRT
+    uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
+    int p_len, q_len, dP_len, dQ_len, qInv_len;
+#endif
+
+    /* not in der format */
+    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: This is not a valid ASN.1 file\n");
+#endif
+        return X509_INVALID_PRIV_KEY;
+    }
+
+    /* Use the private key to mix up the RNG if possible. */
+    RNG_custom_init(buf, len);
+
+    mod_len = asn1_get_big_int(buf, &offset, &modulus);
+    pub_len = asn1_get_big_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_big_int(buf, &offset, &priv_exp);
+
+    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+#ifdef CONFIG_BIGINT_CRT
+    p_len = asn1_get_big_int(buf, &offset, &p);
+    q_len = asn1_get_big_int(buf, &offset, &q);
+    dP_len = asn1_get_big_int(buf, &offset, &dP);
+    dQ_len = asn1_get_big_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_big_int(buf, &offset, &qInv);
+
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
+            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
+
+    free(p);
+    free(q);
+    free(dP);
+    free(dQ);
+    free(qInv);
+#else
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
+#endif
+
+    free(modulus);
+    free(priv_exp);
+    free(pub_exp);
+    return X509_OK;
+}
+
+/**
+ * Get the time of a certificate. Ignore hours/minutes/seconds.
+ */
+static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
+{
+    int ret = X509_NOT_OK, len, t_offset, abs_year;
+    struct tm tm;
+
+    /* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */
+    if (buf[*offset] == ASN1_UTC_TIME)
+    {
+        (*offset)++;
+
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
+
+        memset(&tm, 0, sizeof(struct tm));
+        tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+
+        if (tm.tm_year < 50)    /* 1951-2050 thing */
+        {
+            tm.tm_year += 100;
+        }
+
+        tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+        tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+        tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+        tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+        tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+        *t = mktime(&tm);
+        *offset += len;
+        ret = X509_OK;
+    }
+    else if (buf[*offset] == ASN1_GENERALIZED_TIME)
+    {
+        (*offset)++;
+
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
+
+        memset(&tm, 0, sizeof(struct tm));
+        abs_year = ((buf[t_offset] - '0')*1000 +
+                (buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 +
+                (buf[t_offset+3] - '0'));
+
+        if (abs_year <= 1901)
+        {
+          tm.tm_year = 1;
+          tm.tm_mon = 0;
+          tm.tm_mday = 1;
+        }
+        else
+        {
+            tm.tm_year = abs_year - 1900;
+            tm.tm_mon = (buf[t_offset+4] - '0')*10 + 
+                                    (buf[t_offset+5] - '0') - 1;
+            tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+            tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+            tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+            tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
+            *t = mktime(&tm);
+        }
+
+        *offset += len;
+        ret = X509_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Get the version type of a certificate
+ */
+int asn1_version(const uint8_t *cert, int *offset, int *val)
+{
+    (*offset) += 2;        /* get past explicit tag */
+    return asn1_get_int(cert, offset, val);
+}
+
+/**
+ * Retrieve the notbefore and notafter certificate times.
+ */
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+}
+
+/**
+ * Get the components of a distinguished name 
+ */
+static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
+{
+    int dn_type = 0;
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto end_oid;
+
+    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
+       components we are interested in. */
+    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
+        dn_type = buf[(*offset)++];
+    else
+    {
+        *offset += len;     /* skip over it */
+    }
+
+end_oid:
+    return dn_type;
+}
+
+/**
+ * Obtain an ASN.1 printable string type.
+ */
+static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
+{
+    int len = X509_NOT_OK;
+    int asn1_type = buf[*offset];
+
+    /* some certs have this awful crud in them for some reason */
+    if (asn1_type != ASN1_PRINTABLE_STR &&  
+            asn1_type != ASN1_PRINTABLE_STR2 &&  
+            asn1_type != ASN1_TELETEX_STR &&  
+            asn1_type != ASN1_IA5_STR &&  
+            asn1_type != ASN1_UNICODE_STR)
+        goto end_pnt_str;
+
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+
+    if (asn1_type == ASN1_UNICODE_STR)
+    {
+        int i;
+        *str = (char *)malloc(len/2+1);     /* allow for null */
+
+        for (i = 0; i < len; i += 2)
+            (*str)[i/2] = buf[*offset + i + 1];
+
+        (*str)[len/2] = 0;                  /* null terminate */
+    }
+    else
+    {
+        *str = (char *)malloc(len+1);       /* allow for null */
+        memcpy(*str, &buf[*offset], len);
+        (*str)[len] = 0;                    /* null terminate */
+    }
+
+    *offset += len;
+
+end_pnt_str:
+    return len;
+}
+
+/**
+ * Get the subject name (or the issuer) of a certificate.
+ */
+int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+{
+    int ret = X509_NOT_OK;
+    int dn_type;
+    char *tmp;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_name;
+
+    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
+    {
+        int i, found = 0;
+
+        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
+            goto end_name;
+
+        tmp = NULL;
+
+        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
+        {
+            free(tmp);
+            goto end_name;
+        }
+
+        /* find the distinguished named type */
+        for (i = 0; i < X509_NUM_DN_TYPES; i++)
+        {
+            if (dn_type == g_dn_types[i])
+            {
+                if (dn[i] == NULL)
+                {
+                    dn[i] = tmp;
+                    found = 1;
+                    break;
+                }
+            }
+        }
+
+        if (found == 0) /* not found so get rid of it */
+        {
+            free(tmp);
+        }
+    }
+
+    ret = X509_OK;
+end_name:
+    return ret;
+}
+
+/**
+ * Read the modulus and public exponent of a certificate.
+ */
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, mod_len, pub_len;
+    uint8_t *modulus = NULL, *pub_exp = NULL;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
+            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
+        goto end_pub_key;
+
+    (*offset)++;        /* ignore the padding bit field */
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_pub_key;
+
+    mod_len = asn1_get_big_int(cert, offset, &modulus);
+    pub_len = asn1_get_big_int(cert, offset, &pub_exp);
+
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
+
+    free(modulus);
+    free(pub_exp);
+    ret = X509_OK;
+
+end_pub_key:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Read the signature of the certificate.
+ */
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    if (cert[(*offset)++] != ASN1_BIT_STRING)
+        goto end_sig;
+
+    x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
+    (*offset)++;            /* ignore bit string padding bits */
+    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
+    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
+    *offset += x509_ctx->sig_len;
+    ret = X509_OK;
+
+end_sig:
+    return ret;
+}
+
+/*
+ * Compare 2 distinguished name components for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
+{
+    int ret;
+
+    if (dn1 == NULL && dn2 == NULL)
+        ret = 0;
+    else
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
+
+    return ret;
+}
+
+/**
+ * Clean up all of the CA certificates.
+ */
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
+{
+    int i = 0;
+
+    if (ca_cert_ctx == NULL)
+        return;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+    {
+        x509_free(ca_cert_ctx->cert[i]);
+        ca_cert_ctx->cert[i++] = NULL;
+    }
+
+    free(ca_cert_ctx);
+}
+
+/*
+ * Compare 2 distinguished names for equality 
+ * @return 0 if a match
+ */
+int asn1_compare_dn(char * const dn1[], char * const dn2[])
+{
+    int i;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
+            return 1;
+    }
+
+    return 0;       /* all good */
+}
+
+int asn1_find_oid(const uint8_t* cert, int* offset, 
+                    const uint8_t* oid, int oid_length)
+{
+    int seqlen;
+    if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
+    {
+        int end = *offset + seqlen;
+
+        while (*offset < end)
+        {
+            int type = cert[(*offset)++];
+            int length = get_asn1_length(cert, offset);
+            int noffset = *offset + length;
+
+            if (type == ASN1_SEQUENCE)
+            {
+                type = cert[(*offset)++];
+                length = get_asn1_length(cert, offset);
+
+                if (type == ASN1_OID && length == oid_length && 
+                              memcmp(cert + *offset, oid, oid_length) == 0)
+                {
+                    *offset += oid_length;
+                    return 1;
+                }
+            }
+
+            *offset = noffset;
+        }
+    }
+
+    return 0;
+}
+
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
+                                sizeof(sig_subject_alt_name)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+int asn1_is_basic_constraints(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_basic_constraints, 
+                                sizeof(sig_basic_constraints)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+int asn1_is_key_usage(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_key_usage, 
+                                sizeof(sig_key_usage)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
+{
+    /* critical is optional */
+    bool res = false;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
+        res = buf[(*offset)++] == 0xFF;
+
+    return res;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Read the signature type of the certificate. We only support RSA-MD5 and
+ * RSA-SHA1 signature types.
+ */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, len;
+
+    if (cert[(*offset)++] != ASN1_OID)
+        goto end_check_sig;
+
+    len = get_asn1_length(cert, offset);
+
+    if (len == sizeof(sig_sha1WithRSAEncrypt) && 
+            memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
+                                    sizeof(sig_sha1WithRSAEncrypt)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA1;
+    }
+    else if (len == sizeof(sig_sha256) && 
+            memcmp(sig_sha256, &cert[*offset], 
+                                    sizeof(sig_sha256)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA256;
+    }
+    else if (len == sizeof(sig_sha384) && 
+            memcmp(sig_sha384, &cert[*offset], 
+                                    sizeof(sig_sha384)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA384;
+    }
+    else if (len == sizeof(sig_sha512) && 
+            memcmp(sig_sha512, &cert[*offset], 
+                                    sizeof(sig_sha512)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA512;
+    }
+    else
+    {
+        if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            int i;
+            printf("invalid digest: ");
+
+            for (i = 0; i < len; i++)
+                printf("%02x ", cert[*offset + i]);
+
+            printf("\n");
+#endif
+            goto end_check_sig;     /* unrecognised cert type */
+        }
+
+        x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
+    }
+
+    *offset += len;
+    asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
+    ret = X509_OK;
+
+end_check_sig:
+    return ret;
+}
+
diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..40234b9b1c
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,54 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5,
+  0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32,
+  0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33,
+  0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa,
+  0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0,
+  0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3,
+  0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a,
+  0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99,
+  0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01,
+  0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0,
+  0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28,
+  0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb,
+  0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07,
+  0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+  0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a,
+  0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0,
+  0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2,
+  0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77,
+  0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80,
+  0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77,
+  0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32,
+  0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9,
+  0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d,
+  0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9,
+  0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95,
+  0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
+  0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
+  0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
+  0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
+  0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
+  0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
+  0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
+  0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
+  0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
+  0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
+  0xb1, 0x22, 0x6b, 0x50
+};
+unsigned int default_certificate_len = 604;
diff --git a/ssl/config.h b/ssl/config.h
new file mode 100644
index 0000000000..8731430703
--- /dev/null
+++ b/ssl/config.h
@@ -0,0 +1,127 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#undef CONFIG_PLATFORM_LINUX
+#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#define PREFIX "/usr/local"
+#define CONFIG_DEBUG 1
+#undef CONFIG_STRIP_UNWANTED_SECTIONS
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#undef CONFIG_VISUAL_STUDIO_10_0
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#define CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
+#undef CONFIG_SSL_PROT_LOW
+#define CONFIG_SSL_PROT_MEDIUM 1
+#undef CONFIG_SSL_PROT_HIGH
+#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
+#define CONFIG_SSL_X509_CERT_LOCATION ""
+#undef CONFIG_SSL_GENERATE_X509_CERT
+#define CONFIG_SSL_X509_COMMON_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
+#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+#define CONFIG_SSL_HAS_PEM 1
+#undef CONFIG_SSL_USE_PKCS12
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 10
+#define CONFIG_SSL_MAX_CERTS 1
+#undef CONFIG_SSL_CTX_MUTEXING
+#undef CONFIG_USE_DEV_URANDOM
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_OPENSSL_COMPATIBLE
+#undef CONFIG_PERFORMANCE_TESTING
+#define CONFIG_SSL_TEST 1
+#undef CONFIG_AXTLSWRAP
+#define CONFIG_AXHTTPD 1
+
+/*
+ * Axhttpd Configuration
+ */
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_PORT 80
+#define CONFIG_HTTP_HTTPS_PORT 443
+#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
+#define CONFIG_HTTP_WEBROOT "../www"
+#define CONFIG_HTTP_TIMEOUT 300
+
+/*
+ * CGI
+ */
+#undef CONFIG_HTTP_HAS_CGI 
+#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
+#define CONFIG_HTTP_ENABLE_LUA 1
+#define CONFIG_HTTP_LUA_PREFIX "/usr"
+#undef CONFIG_HTTP_BUILD_LUA
+#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
+#define CONFIG_HTTP_DIRECTORIES 1
+#define CONFIG_HTTP_HAS_AUTHORIZATION 1
+#undef CONFIG_HTTP_HAS_IPV6
+#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
+#define CONFIG_HTTP_USER ""
+#define CONFIG_HTTP_VERBOSE 0
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#undef CONFIG_BINDINGS
+#undef CONFIG_CSHARP_BINDINGS
+#undef CONFIG_VBNET_BINDINGS
+#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
+#undef CONFIG_JAVA_BINDINGS
+#define CONFIG_JAVA_HOME ""
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+#undef CONFIG_LUA_BINDINGS
+#define CONFIG_LUA_CORE ""
+
+/*
+ * Samples
+ */
+#define CONFIG_SAMPLES 1
+#define CONFIG_C_SAMPLES 1
+#undef CONFIG_CSHARP_SAMPLES
+#undef CONFIG_VBNET_SAMPLES
+#undef CONFIG_JAVA_SAMPLES
+#undef CONFIG_PERL_SAMPLES
+#undef CONFIG_LUA_SAMPLES
+
+/*
+ * BigInt Options
+ */
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH 
+#define SQU_KARATSUBA_THRESH 
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
+#define CONFIG_BIGINT_CHECK_ON 1
+#define CONFIG_INTEGER_32BIT 1
+#undef CONFIG_INTEGER_16BIT
+#undef CONFIG_INTEGER_8BIT
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
new file mode 100644
index 0000000000..33a4455c90
--- /dev/null
+++ b/ssl/crypto_misc.h
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/**
+ * @file crypto_misc.h
+ */
+
+#ifndef HEADER_CRYPTO_MISC_H
+#define HEADER_CRYPTO_MISC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "crypto.h"
+#include "bigint.h"
+
+/**************************************************************************
+ * X509 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+#define X509_MAX_CERTS                      -10
+#define X509_VFY_ERROR_BASIC_CONSTRAINT     -11
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   6
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_UNIT            2
+#define X509_LOCATION                       3
+#define X509_COUNTRY                        4
+#define X509_STATE                          5
+
+/*
+ * Key Usage bits
+ */
+#define IS_SET_KEY_USAGE_FLAG(A, B)          (A->key_usage & B)
+
+#define KEY_USAGE_DIGITAL_SIGNATURE         0x0080
+#define KEY_USAGE_NON_REPUDIATION           0x0040
+#define KEY_USAGE_KEY_ENCIPHERMENT          0x0020
+#define KEY_USAGE_DATA_ENCIPHERMENT         0x0010
+#define KEY_USAGE_KEY_AGREEMENT             0x0008
+#define KEY_USAGE_KEY_CERT_SIGN             0x0004
+#define KEY_USAGE_CRL_SIGN                  0x0002
+#define KEY_USAGE_ENCIPHER_ONLY             0x0001
+#define KEY_USAGE_DECIPHER_ONLY             0x8000
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+    char **subject_alt_dnsnames;
+    time_t not_before;
+    time_t not_after;
+    uint8_t *signature;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    uint8_t *fingerprint;
+    uint8_t *spki_sha256;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    bool basic_constraint_present;
+    bool basic_constraint_is_critical;
+    bool key_usage_present;
+    bool key_usage_is_critical;
+    bool subject_alt_name_present;
+    bool subject_alt_name_is_critical;
+    bool basic_constraint_cA;
+    int basic_constraint_pathLenConstraint;
+    uint32_t key_usage;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
+const char * x509_display_error(int error, char *buff);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define ASN1_BOOLEAN            0x01
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_GENERALIZED_TIME   0x18
+#define ASN1_UNICODE_STR        0x1e
+#define ASN1_SEQUENCE           0x30
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_SET                0x31
+#define ASN1_V3_DATA			0xa3
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_EXPLICIT_TAG       0xa0
+#define ASN1_V3_DATA			0xa3
+
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+#define SIG_TYPE_SHA256         0x0b
+#define SIG_TYPE_SHA384         0x0c
+#define SIG_TYPE_SHA512         0x0d
+
+uint32_t get_asn1_length(const uint8_t *buf, int *offset);
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
+int asn1_version(const uint8_t *cert, int *offset, int *val);
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_compare_dn(char * const dn1[], char * const dn2[]);
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
+int asn1_is_basic_constraints(const uint8_t *cert, int offset);
+int asn1_is_key_usage(const uint8_t *cert, int offset);
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx);
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+#define SALT_SIZE               8
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+typedef void (*hmac_func_v)(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
new file mode 100644
index 0000000000..093ae9c093
--- /dev/null
+++ b/ssl/gen_cert.c
@@ -0,0 +1,374 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+#include <string.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/**
+ * Generate a basic X.509 certificate
+ */
+
+static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
+{
+    if (len < 0x80) /* short form */
+    {
+        buf[(*offset)++] = len;
+        return 1;
+    }
+    else /* long form */
+    {
+        int i, length_bytes = 0;
+
+        if (len & 0x00FF0000)
+            length_bytes = 3;
+        else if (len & 0x0000FF00)
+            length_bytes = 2;
+        else if (len & 0x000000FF)
+            length_bytes = 1;
+            
+        buf[(*offset)++] = 0x80 + length_bytes;
+
+        for (i = length_bytes-1; i >= 0; i--)
+        {
+            buf[*offset+i] = len & 0xFF;
+            len >>= 8;
+        }
+
+        *offset += length_bytes;
+        return length_bytes+1;
+    }
+}
+
+static int pre_adjust_with_size(uint8_t type,
+        int *seq_offset, uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = type;
+    *seq_offset = *offset;
+    *offset += 4;   /* fill in later */
+    return *offset;
+}
+
+static void adjust_with_size(int seq_size, int seq_start, 
+                uint8_t *buf, int *offset)
+{
+    uint8_t seq_byte_size; 
+    int orig_seq_size = seq_size;
+    int orig_seq_start = seq_start;
+
+    seq_size = *offset-seq_size;
+    seq_byte_size = set_gen_length(seq_size, buf, &seq_start);
+
+    if (seq_byte_size != 4)
+    {
+        memmove(&buf[orig_seq_start+seq_byte_size], 
+                &buf[orig_seq_size], seq_size);
+        *offset -= 4-seq_byte_size;
+    }
+}
+
+static void gen_serial_number(uint8_t *buf, int *offset)
+{
+    static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F };
+    memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
+    *offset += sizeof(ser_oid);
+}
+
+static void gen_signature_alg(uint8_t *buf, int *offset)
+{
+    /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
+    static const uint8_t sig_oid[] = 
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, 
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+        ASN1_NULL, 0x00
+    };
+
+    memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
+    *offset += sizeof(sig_oid);
+}
+
+static int gen_dn(const char *name, uint8_t dn_type, 
+                        uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int name_size = strlen(name);
+
+    if (name_size > 0x70)    /* just too big */
+    {
+        ret = X509_NOT_OK;
+        goto error;
+    }
+
+    buf[(*offset)++] = ASN1_SET;
+    set_gen_length(9+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(7+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    buf[(*offset)++] = 3;
+    buf[(*offset)++] = 0x55;
+    buf[(*offset)++] = 0x04;
+    buf[(*offset)++] = dn_type;
+    buf[(*offset)++] = ASN1_PRINTABLE_STR;
+    buf[(*offset)++] = name_size;
+    strcpy((char *)&buf[*offset], name);
+    *offset += name_size;
+
+error:
+    return ret;
+}
+
+static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    char fqdn[128]; 
+
+    /* we need the common name, so if not configured, work out the fully
+     * qualified domain name */
+    if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
+    {
+        int fqdn_len;
+        gethostname(fqdn, sizeof(fqdn));
+        fqdn_len = strlen(fqdn);
+        fqdn[fqdn_len++] = '.';
+
+        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
+        {
+            ret = X509_NOT_OK;
+            goto error;
+        }
+
+        fqdn_len = strlen(fqdn);
+
+        if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
+            fqdn[fqdn_len-1] = 0;
+
+        dn[X509_COMMON_NAME] = fqdn;
+    }
+
+    if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
+        goto error;
+
+    if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))
+            goto error;
+    }
+
+    if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
+                                strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 11, buf, offset)))
+            goto error;
+    }
+
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+error:
+    return ret;
+}
+
+static void gen_utc_time(uint8_t *buf, int *offset)
+{
+    static const uint8_t time_seq[] = 
+    {
+        ASN1_SEQUENCE, 30, 
+        ASN1_UTC_TIME, 13, 
+        '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
+        ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
+        '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+    };
+
+    /* fixed time */
+    memcpy(&buf[*offset], time_seq, sizeof(time_seq));
+    *offset += sizeof(time_seq);
+}
+
+static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    static const uint8_t pub_key_seq[] =
+    {
+        ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
+    };
+
+    int seq_offset;
+    int pub_key_size = rsa_ctx->num_octets;
+    uint8_t *block = (uint8_t *)malloc(pub_key_size);
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    buf[(*offset)++] = ASN1_INTEGER;
+    bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
+
+    if (*block & 0x80)  /* make integer positive */
+    {
+        set_gen_length(pub_key_size+1, buf, offset);
+        buf[(*offset)++] = 0;
+    }
+    else
+        set_gen_length(pub_key_size, buf, offset);
+
+    memcpy(&buf[*offset], block, pub_key_size);
+    free(block);
+    *offset += pub_key_size;
+    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
+    *offset += sizeof(pub_key_seq);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_BIT_STRING, &seq_offset, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    gen_pub_key2(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    /*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
+    static const uint8_t rsa_enc_oid[] =
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+        ASN1_NULL, 0x00
+    };
+
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
+    *offset += sizeof(rsa_enc_oid);
+    gen_pub_key1(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
+                        uint8_t *buf, int *offset)
+{
+    static const uint8_t asn1_sig[] = 
+    {
+        ASN1_SEQUENCE,  0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, 
+        0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */
+        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
+    };
+
+    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
+    int sig_size;
+
+    /* add the digest as an embedded asn.1 sequence */
+    memcpy(block, asn1_sig, sizeof(asn1_sig));
+    memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
+
+    sig_size = RSA_encrypt(rsa_ctx, block, 
+                            sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
+
+    buf[(*offset)++] = ASN1_BIT_STRING;
+    set_gen_length(sig_size+1, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    memcpy(&buf[*offset], enc_block, sig_size);
+    free(enc_block);
+    free(block);
+    *offset += sig_size;
+}
+
+static int gen_tbs_cert(const char * dn[],
+                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
+                    uint8_t *sha_dgst)
+{
+    int ret = X509_OK;
+    SHA1_CTX sha_ctx;
+    int seq_offset;
+    int begin_tbs = *offset;
+    int seq_size = pre_adjust_with_size(
+                        ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    gen_serial_number(buf, offset);
+    gen_signature_alg(buf, offset);
+
+    /* CA certicate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_utc_time(buf, offset);
+
+    /* certificate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_pub_key(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
+    SHA1_Final(sha_dgst, &sha_ctx);
+
+error:
+    return ret;
+}
+
+/**
+ * Create a new certificate.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data)
+{
+    int ret = X509_OK, offset = 0, seq_offset;
+    /* allocate enough space to load a new certificate */
+    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t sha_dgst[SHA1_SIZE];
+    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
+                                    &seq_offset, buf, &offset);
+
+    if ((ret = gen_tbs_cert(dn, ssl_ctx->rsa_ctx, buf, &offset, sha_dgst)) < 0)
+        goto error;
+
+    gen_signature_alg(buf, &offset);
+    gen_signature(ssl_ctx->rsa_ctx, sha_dgst, buf, &offset);
+    adjust_with_size(seq_size, seq_offset, buf, &offset);
+    *cert_data = (uint8_t *)malloc(offset); /* create the exact memory for it */
+    memcpy(*cert_data, buf, offset);
+
+error:
+    free(buf);
+    return ret < 0 ? ret : offset;
+}
+
+#endif
+
diff --git a/ssl/loader.c b/ssl/loader.c
new file mode 100644
index 0000000000..3d07323900
--- /dev/null
+++ b/ssl/loader.c
@@ -0,0 +1,490 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Load certificates/keys into memory. These can be in many different formats.
+ * PEM support and other formats can be processed here.
+ *
+ * The PEM private keys may be optionally encrypted with AES128 or AES256. 
+ * The encrypted PEM keys were generated with something like:
+ *
+ * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_HAS_PEM
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password);
+#endif
+
+/*
+ * Load a file into memory that is in binary DER (or ascii PEM) format.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
+                            const char *filename, const char *password)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    static const char * const begin = "-----BEGIN";
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+
+    if (filename == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->len = get_file(filename, &ssl_obj->buf); 
+    if (ssl_obj->len <= 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    /* is the file a PEM file? */
+    if (strstr((char *)ssl_obj->buf, begin) != NULL)
+    {
+#ifdef CONFIG_SSL_HAS_PEM
+        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
+#else
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("%s", unsupported_str);
+#endif
+        ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    else
+        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+#else
+#ifdef CONFIG_SSL_FULL_MODE
+    printf("%s", unsupported_str);
+#endif
+    return SSL_ERROR_NOT_SUPPORTED;
+#endif /* CONFIG_SSL_SKELETON_MODE */
+}
+
+/*
+ * Transfer binary data into the object loader.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
+        const uint8_t *data, int len, const char *password)
+{
+    int ret;
+    SSLObjLoader *ssl_obj;
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_obj->buf, data, len);
+    ssl_obj->len = len;
+    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Actually work out what we are doing 
+ */
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password)
+{
+    int ret = SSL_OK;
+
+    switch (obj_type)
+    {
+        case SSL_OBJ_RSA_KEY:
+            ret = add_private_key(ssl_ctx, ssl_obj);
+            break;
+
+        case SSL_OBJ_X509_CERT:
+            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_OBJ_X509_CACERT:
+            add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+#endif
+
+#ifdef CONFIG_SSL_USE_PKCS12
+        case SSL_OBJ_PKCS8:
+            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
+            break;
+
+        case SSL_OBJ_PKCS12:
+            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
+            break;
+#endif
+        default:
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("%s", unsupported_str);
+#endif
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Clean up our mess.
+ */
+void ssl_obj_free(SSLObjLoader *ssl_obj)
+{
+    if (ssl_obj)
+    {
+        free(ssl_obj->buf);
+        free(ssl_obj);
+    }
+}
+
+/*
+ * Support for PEM encoded keys/certificates.
+ */
+#ifdef CONFIG_SSL_HAS_PEM
+
+#define NUM_PEM_TYPES               4
+#define IV_SIZE                     16
+#define IS_RSA_PRIVATE_KEY          0
+#define IS_ENCRYPTED_PRIVATE_KEY    1
+#define IS_PRIVATE_KEY              2
+#define IS_CERTIFICATE              3
+
+static const char * const begins[NUM_PEM_TYPES] =
+{
+    "-----BEGIN RSA PRIVATE KEY-----",
+    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN PRIVATE KEY-----",
+    "-----BEGIN CERTIFICATE-----",
+};
+
+static const char * const ends[NUM_PEM_TYPES] =
+{
+    "-----END RSA PRIVATE KEY-----",
+    "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----",
+    "-----END CERTIFICATE-----",
+};
+
+static const char * const aes_str[2] =
+{
+    "DEK-Info: AES-128-CBC,",
+    "DEK-Info: AES-256-CBC," 
+};
+
+/**
+ * Take a base64 blob of data and decrypt it (using AES) into its 
+ * proper ASN.1 form.
+ */
+static int pem_decrypt(const char *where, const char *end,
+                        const char *password, SSLObjLoader *ssl_obj)
+{
+    int ret = -1;
+    int is_aes_256 = 0;
+    char *start = NULL;
+    uint8_t iv[IV_SIZE];
+    int i, pem_size;
+    MD5_CTX md5_ctx;
+    AES_CTX aes_ctx;
+    uint8_t key[32];        /* AES256 size */
+
+    if (password == NULL || strlen(password) == 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Need a password for this PEM file\n");
+#endif
+        goto error;
+    }
+
+    if ((start = strstr((const char *)where, aes_str[0])))         /* AES128? */
+    {
+        start += strlen(aes_str[0]);
+    }
+    else if ((start = strstr((const char *)where, aes_str[1])))    /* AES256? */
+    {
+        is_aes_256 = 1;
+        start += strlen(aes_str[1]);
+    }
+    else 
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Unsupported password cipher\n");
+#endif
+        goto error;
+    }
+
+    /* convert from hex to binary - assumes uppercase hex */
+    for (i = 0; i < IV_SIZE; i++)
+    {
+        char c = *start++ - '0';
+        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
+        c = *start++ - '0';
+        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
+    }
+
+    while (*start == '\r' || *start == '\n')
+        start++;
+
+    /* turn base64 into binary */
+    pem_size = (int)(end-start);
+    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
+        goto error;
+
+    /* work out the key */
+    MD5_Init(&md5_ctx);
+    MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5_Update(&md5_ctx, iv, SALT_SIZE);
+    MD5_Final(key, &md5_ctx);
+
+    if (is_aes_256)
+    {
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, key, MD5_SIZE);
+        MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5_Update(&md5_ctx, iv, SALT_SIZE);
+        MD5_Final(&key[MD5_SIZE], &md5_ctx);
+    }
+
+    /* decrypt using the key/iv */
+    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
+    AES_convert_key(&aes_ctx);
+    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
+    ret = 0;
+
+error:
+    return ret; 
+}
+
+/**
+ * Take a base64 blob of data and turn it into its proper ASN.1 form.
+ */
+static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
+                    int remain, const char *password)
+{
+    int ret = SSL_ERROR_BAD_CERTIFICATE;
+    SSLObjLoader *ssl_obj = NULL;
+
+    while (remain > 0)
+    {
+        int i, pem_size, obj_type;
+        char *start = NULL, *end = NULL;
+
+        for (i = 0; i < NUM_PEM_TYPES; i++)
+        {
+            if ((start = strstr(where, begins[i])) &&
+                    (end = strstr(where, ends[i])))
+            {
+                remain -= (int)(end-where);
+                start += strlen(begins[i]);
+                pem_size = (int)(end-start);
+
+                ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+                /* 4/3 bigger than what we need but so what */
+                ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+                ssl_obj->len = pem_size;
+
+                if (i == IS_RSA_PRIVATE_KEY && 
+                            strstr(start, "Proc-Type:") && 
+                            strstr(start, "4,ENCRYPTED"))
+                {
+                    /* check for encrypted PEM file */
+                    if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+                else 
+                {
+                    ssl_obj->len = pem_size;
+                    if (base64_decode(start, pem_size, 
+                                ssl_obj->buf, &ssl_obj->len) != 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+
+                switch (i)
+                {
+                    case IS_RSA_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_RSA_KEY;
+                        break;
+
+                    case IS_ENCRYPTED_PRIVATE_KEY:
+                    case IS_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_PKCS8;
+                        break;
+
+                    case IS_CERTIFICATE:
+                        obj_type = is_cacert ?
+                                        SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                        break;
+
+                    default:
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                }
+
+                /* In a format we can now understand - so process it */
+                if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
+                    goto error;
+
+                end += strlen(ends[i]);
+                remain -= strlen(ends[i]);
+                while (remain > 0 && (*end == '\r' || *end == '\n'))
+                {
+                    end++;
+                    remain--;
+                }
+
+                where = end;
+                break;
+            }
+        }
+
+        ssl_obj_free(ssl_obj);
+        ssl_obj = NULL;
+        if (start == NULL)
+           break;
+    }
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Load a file into memory that is in ASCII PEM format.
+ */
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password)
+{
+    char *start;
+
+    /* add a null terminator */
+    ssl_obj->len++;
+    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
+    ssl_obj->buf[ssl_obj->len-1] = 0;
+    start = (char *)ssl_obj->buf;
+    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
+                                start, ssl_obj->len, password);
+}
+#endif /* CONFIG_SSL_HAS_PEM */
+
+/**
+ * Load the key/certificates in memory depending on compile-time and user
+ * options. 
+ */
+int load_key_certs(SSL_CTX *ssl_ctx)
+{
+    int ret = SSL_OK;
+    uint32_t options = ssl_ctx->options;
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    uint8_t *cert_data = NULL;
+    int cert_size;
+    static const char *dn[] = 
+    {
+        CONFIG_SSL_X509_COMMON_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    };
+#endif
+
+    /* do the private key first */
+    if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, 
+                                CONFIG_SSL_PRIVATE_KEY_LOCATION,
+                                CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        extern const unsigned char* default_private_key;
+        extern const unsigned int default_private_key_len;
+        if (default_private_key != NULL && default_private_key_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
+                default_private_key_len, NULL);
+#endif
+    }
+
+    /* now load the certificate */
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
+    {
+        ret = cert_size;
+        goto error;
+    }
+
+    ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
+    free(cert_data);
+#else
+    if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                                CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        extern const unsigned char* default_certificate;
+        extern const unsigned int default_certificate_len;
+        if (default_certificate != NULL && default_certificate_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
+                    default_certificate, default_certificate_len, NULL);
+#endif
+    }
+#endif
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Certificate or key not loaded\n");
+    }
+#endif
+
+    return ret;
+
+}
diff --git a/ssl/openssl.c b/ssl/openssl.c
new file mode 100644
index 0000000000..d0343e5680
--- /dev/null
+++ b/ssl/openssl.c
@@ -0,0 +1,318 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Enable a subset of openssl compatible functions. We don't aim to be 100%
+ * compatible - just to be able to do basic ports etc.
+ *
+ * Only really tested on mini_httpd, so I'm not too sure how extensive this
+ * port is.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+
+static char *key_password = NULL;
+
+void *SSLv3_server_method(void) { return NULL; }
+void *TLSv1_server_method(void) { return NULL; }
+void *SSLv3_client_method(void) { return NULL; }
+void *TLSv1_client_method(void) { return NULL; }
+
+typedef void * (*ssl_func_type_t)(void);
+typedef void * (*bio_func_type_t)(void);
+
+typedef struct
+{
+    ssl_func_type_t ssl_func_type;
+} OPENSSL_CTX;
+
+SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
+{
+    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
+    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
+    OPENSSL_CTX_ATTR->ssl_func_type = meth;
+    return ssl_ctx;
+}
+
+void SSL_CTX_free(SSL_CTX * ssl_ctx)
+{
+    free(ssl_ctx->bonus_attr);
+    ssl_ctx_free(ssl_ctx);
+}
+
+SSL * SSL_new(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    ssl_func_type_t ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+#endif
+
+    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (ssl_func_type == SSLv3_client_method ||
+        ssl_func_type == TLSv1_client_method)
+    {
+        SET_SSL_FLAG(SSL_IS_CLIENT);
+    }
+    else
+#endif
+    {
+        ssl->next_state = HS_CLIENT_HELLO;
+    }
+
+    return ssl;
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+    s->client_fd = fd;
+    return 1;   /* always succeeds */
+}
+
+int SSL_accept(SSL *ssl)
+{
+    while (ssl_read(ssl, NULL) == SSL_OK)
+    {
+        if (ssl->next_state == HS_CLIENT_HELLO)
+            return 1;   /* we're done */
+    }
+
+    return -1;
+}
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int SSL_connect(SSL *ssl)
+{
+    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
+}
+#endif
+
+void SSL_free(SSL *ssl)
+{
+    ssl_free(ssl);
+}
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+    uint8_t *read_buf;
+    int ret;
+
+    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
+
+    if (ret > SSL_OK)
+    {
+        memcpy(buf, read_buf, ret > num ? num : ret);
+    }
+
+    return ret;
+}
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+    return ssl_write(ssl, buf, num);
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
+{
+    return (ssl_obj_memory_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                            unsigned int sid_ctx_len)
+{
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
+{
+    return (ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_shutdown(SSL *ssl)
+{
+    return 1;
+}
+
+/*** get/set session ***/
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+{
+    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
+}
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session)
+{
+    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
+    return 1;
+}
+
+void SSL_SESSION_free(SSL_SESSION *session) { }
+/*** end get/set session ***/
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return 0;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                                 int (*verify_callback)(int, void *)) { }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                           const char *CApath)
+{
+    return 1;
+}
+
+void *SSL_load_client_CA_file(const char *file)
+{
+    return (void *)file;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
+{ 
+
+    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
+{ 
+    key_password = (char *)u;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num)
+{
+    memcpy(buf, ssl->bm_data, num);
+    return num;
+}
+
+void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl_handshake_status(ssl);
+}
+
+int SSL_state(SSL *ssl)
+{
+    return 0x03; // ok state
+}
+
+/** end of could do better list */
+
+void *SSL_get_peer_certificate(const SSL *ssl)
+{
+    return &ssl->ssl_ctx->certs[0];
+}
+
+int SSL_clear(SSL *ssl)
+{
+    return 1;
+}
+
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_set_cipher_list(SSL *s, const char *str)
+{
+    return 1;
+}
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+    ssl_display_error(ret);
+    return 0;   /* TODO: return proper return code */
+}
+
+void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
+int SSL_library_init(void ) { return 1; }
+void SSL_load_error_strings(void ) {}
+void ERR_print_errors_fp(FILE *fp) {}
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
+                            return CONFIG_SSL_EXPIRY_TIME*3600; }
+long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
+                            return SSL_CTX_get_timeout(ssl_ctx); }
+#endif
+void BIO_printf(FILE *f, const char *format, ...)
+{
+    va_list(ap);
+    va_start(ap, format);
+    vfprintf(f, format, ap);
+    va_end(ap);
+}
+
+void* BIO_s_null(void) { return NULL; }
+FILE *BIO_new(bio_func_type_t func)
+{
+    if (func == BIO_s_null)
+        return fopen("/dev/null", "r");
+    else
+        return NULL;
+}
+
+FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
+int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
+
+
+
+#endif
diff --git a/ssl/os_int.h b/ssl/os_int.h
new file mode 100644
index 0000000000..a6207f1d42
--- /dev/null
+++ b/ssl/os_int.h
@@ -0,0 +1,8 @@
+#ifndef OS_INT_H
+#define OS_INT_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+#endif //OS_INT_H
\ No newline at end of file
diff --git a/ssl/os_port.c b/ssl/os_port.c
new file mode 100644
index 0000000000..060bc073a5
--- /dev/null
+++ b/ssl/os_port.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.c
+ *
+ * OS specific functions.
+ */
+#include <time.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <string.h>
+#include "os_port.h"
+
+#ifdef WIN32
+/**
+ * gettimeofday() not in Win32
+ */
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
+{
+#if defined(_WIN32_WCE)
+    t->tv_sec = time(NULL);
+    t->tv_usec = 0;                         /* 1sec precision only */
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    t->tv_sec = (long)timebuffer.time;
+    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
+#endif
+}
+
+/**
+ * strcasecmp() not in Win32
+ */
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
+{
+    while (tolower(*s1) == tolower(*s2++))
+    {
+        if (*s1++ == '\0')
+        {
+            return 0;
+        }
+    }
+
+    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
+}
+
+
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
+{
+    HKEY hKey;
+    unsigned long datatype;
+    unsigned long bufferlength = buf_size;
+
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+            TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
+                        0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        return -1;
+
+    RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
+    RegCloseKey(hKey);
+    return 0;
+}
+#endif
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
new file mode 100644
index 0000000000..ded2c4878f
--- /dev/null
+++ b/ssl/os_port.h
@@ -0,0 +1,283 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.h
+ *
+ * Some stuff to minimise the differences between windows and linux/unix
+ */
+
+#ifndef HEADER_OS_PORT_H
+#define HEADER_OS_PORT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "os_int.h"
+#include "config.h"
+#include <stdio.h>
+
+#ifdef WIN32
+#define STDCALL                 __stdcall
+#define EXP_FUNC                __declspec(dllexport)
+#else
+#define STDCALL
+#define EXP_FUNC
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WIN32
+#define WIN32
+#endif
+
+#if defined(ESP8266)
+
+#include "util/time.h"
+#include <errno.h>
+#define alloca(size) __builtin_alloca(size)
+#define TTY_FLUSH()
+#ifdef putc
+#undef putc
+#endif
+#define putc(x, f)   ets_putc(x)
+
+#define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
+#define SOCKET_CLOSE(A)         ax_port_close(A)
+#define get_file                ax_get_file
+#define EWOULDBLOCK EAGAIN
+
+#define hmac_sha1 ax_hmac_sha1
+#define hmac_sha256 ax_hmac_sha256
+#define hmac_md5 ax_hmac_md5
+
+#ifndef be64toh
+# define __bswap_constant_64(x) \
+     ((((x) & 0xff00000000000000ull) >> 56)                                   \
+      | (((x) & 0x00ff000000000000ull) >> 40)                                 \
+      | (((x) & 0x0000ff0000000000ull) >> 24)                                 \
+      | (((x) & 0x000000ff00000000ull) >> 8)                                  \
+      | (((x) & 0x00000000ff000000ull) << 8)                                  \
+      | (((x) & 0x0000000000ff0000ull) << 24)                                 \
+      | (((x) & 0x000000000000ff00ull) << 40)                                 \
+      | (((x) & 0x00000000000000ffull) << 56))
+#define be64toh(x) __bswap_constant_64(x)
+#endif
+
+void ax_wdt_feed();
+
+#ifndef PROGMEM
+#define PROGMEM __attribute__((aligned(4))) __attribute__((section(".irom.text")))
+#endif
+
+#ifndef WITH_PGM_READ_HELPER
+#define ax_array_read_u8(x, y) x[y]
+#else
+
+static inline uint8_t pgm_read_byte(const void* addr) {
+  register uint32_t res;
+  __asm__("extui    %0, %1, 0, 2\n"     /* Extract offset within word (in bytes) */
+      "sub      %1, %1, %0\n"       /* Subtract offset from addr, yielding an aligned address */
+      "l32i.n   %1, %1, 0x0\n"      /* Load word from aligned address */
+      "slli     %0, %0, 3\n"        /* Multiply offset by 8, yielding an offset in bits */
+      "ssr      %0\n"               /* Prepare to shift by offset (in bits) */
+      "srl      %0, %1\n"           /* Shift right; now the requested byte is the first one */
+      :"=r"(res), "=r"(addr)
+      :"1"(addr)
+      :);
+  return (uint8_t) res;     /* This masks the lower byte from the returned word */
+}
+
+#define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
+#endif //WITH_PGM_READ_HELPER
+
+#ifdef printf
+#undef printf
+#endif
+//#define printf(...)  ets_printf(__VA_ARGS__)
+#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];}))
+#define PGM_VOID_P const void *
+static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
+    const uint8_t* read = (const uint8_t*)(src);
+    uint8_t* write = (uint8_t*)(dest);
+
+    while (count)
+    {
+        *write++ = pgm_read_byte(read++);
+        count--;
+    }
+
+    return dest;
+}
+#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0)
+#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
+
+#elif defined(WIN32)
+
+/* Windows CE stuff */
+#if defined(_WIN32_WCE)
+#include <basetsd.h>
+#define abort()                 exit(1)
+#else
+#include <io.h>
+#include <process.h>
+#include <sys/timeb.h>
+#include <fcntl.h>
+#endif      /* _WIN32_WCE */
+
+#include <winsock.h>
+#include <direct.h>
+#undef getpid
+#undef open
+#undef close
+#undef sleep
+#undef gettimeofday
+#undef dup2
+#undef unlink
+
+#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
+#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
+#define SOCKET_CLOSE(A)         closesocket(A)
+#define srandom(A)              srand(A)
+#define random()                rand()
+#define getpid()                _getpid()
+#define snprintf                _snprintf
+#define open(A,B)               _open(A,B)
+#define dup2(A,B)               _dup2(A,B)
+#define unlink(A)               _unlink(A)
+#define close(A)                _close(A)
+#define read(A,B,C)             _read(A,B,C)
+#define write(A,B,C)            _write(A,B,C)
+#define sleep(A)                Sleep(A*1000)
+#define usleep(A)               Sleep(A/1000)
+#define strdup(A)               _strdup(A)
+#define chroot(A)               _chdir(A)
+#define chdir(A)                _chdir(A)
+#define alloca(A)               _alloca(A)
+#ifndef lseek
+#define lseek(A,B,C)            _lseek(A,B,C)
+#endif
+
+/* This fix gets around a problem where a win32 application on a cygwin xterm
+   doesn't display regular output (until a certain buffer limit) - but it works
+   fine under a normal DOS window. This is a hack to get around the issue -
+   see http://www.khngai.com/emacs/tty.php  */
+#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
+
+/*
+ * automatically build some library dependencies.
+ */
+#pragma comment(lib, "WS2_32.lib")
+#pragma comment(lib, "AdvAPI32.lib")
+
+typedef int socklen_t;
+
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
+
+#else   /* Not Win32 */
+
+#include <unistd.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <asm/byteorder.h>
+
+#define SOCKET_READ(A,B,C)      read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     write(A,B,C)
+#define SOCKET_CLOSE(A)         if (A >= 0) close(A)
+#define TTY_FLUSH()
+
+#ifndef be64toh
+#define be64toh(x) __be64_to_cpu(x)
+#endif
+
+#endif  /* Not Win32 */
+
+/* some functions to mutate the way these work */
+inline uint32_t htonl(uint32_t n){
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
+
+#define ntohl htonl
+
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+
+#ifdef CONFIG_PLATFORM_LINUX
+void exit_now(const char *format, ...) __attribute((noreturn));
+#else
+void exit_now(const char *format, ...);
+#endif
+
+/* Mutexing definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
+#ifndef PROGMEM
+#define PROGMEM
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/p12.c b/ssl/p12.c
new file mode 100644
index 0000000000..5bd2394626
--- /dev/null
+++ b/ssl/p12.c
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Process PKCS#8/PKCS#12 keys.
+ *
+ * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
+ * key generated with:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
+ * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
+ *
+ * or with a certificate chain:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
+ * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
+ *
+ * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
+ * private/public keys/certs have to use RSA encryption. Both the integrity
+ * and privacy passwords are the same.
+ *
+ * The PKCS#8 files were generated with something like:
+ *
+ * PEM format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
+ * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+ *
+ * DER format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
+ * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* all commented out if not used */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+#define BLOCK_SIZE          64
+#define PKCS12_KEY_ID       1
+#define PKCS12_IV_ID        2
+#define PKCS12_MAC_ID       3
+
+static char *make_uni_pass(const char *password, int *uni_pass_len);
+static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id);
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations);
+
+/*
+ * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
+ */
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, offset = 0;
+    int iterations;
+    int ret = SSL_NOT_OK;
+    uint8_t *version = NULL;
+    const uint8_t *salt;
+    uint8_t *priv_key;
+    int uni_pass_len;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p8 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    /* unencrypted key? */
+    if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0)
+    {
+        ret = p8_add_key(ssl_ctx, buf);
+        goto error;
+    }
+
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
+        goto error;
+
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    priv_key = &buf[offset];
+
+    p8_decrypt(uni_pass, uni_pass_len, salt, 
+                        iterations, priv_key, len, PKCS12_KEY_ID);
+    ret = p8_add_key(ssl_ctx, priv_key);
+
+error:
+    free(version);
+    free(uni_pass);
+    return ret;
+}
+
+/*
+ * Take the unencrypted pkcs8 and turn it into a private key 
+ */
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
+{
+    uint8_t *buf = priv_key;
+    int len, offset = 0;
+    int ret = SSL_NOT_OK;
+
+    /* Skip the preamble and go straight to the private key.
+       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
+
+error:
+    return ret;
+}
+
+/*
+ * Create the unicode password 
+ */
+static char *make_uni_pass(const char *password, int *uni_pass_len)
+{
+    int pass_len = 0, i;
+    char *uni_pass;
+
+    if (password == NULL)
+    {
+        password = "";
+    }
+
+    uni_pass = (char *)malloc((strlen(password)+1)*2);
+
+    /* modify the password into a unicode version */
+    for (i = 0; i < (int)strlen(password); i++)
+    {
+        uni_pass[pass_len++] = 0;
+        uni_pass[pass_len++] = password[i];
+    }
+
+    uni_pass[pass_len++] = 0;       /* null terminate */
+    uni_pass[pass_len++] = 0;
+    *uni_pass_len = pass_len;
+    return uni_pass;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *uni_pass, int uni_pass_len,
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    int i;
+
+    for (i = 0; i < BLOCK_SIZE; i++)
+    {
+        p[i] = salt[i % SALT_SIZE];
+        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
+        d[i] = id;
+    }
+
+    /* get the key - no IV since we are using RC4 */
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, d, sizeof(d));
+    SHA1_Update(&sha_ctx, p, sizeof(p));
+    SHA1_Final(Ai, &sha_ctx);
+
+    for (i = 1; i < iter; i++)
+    {
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1_Final(Ai, &sha_ctx);
+    }
+
+    /* do the decryption */
+    if (id == PKCS12_KEY_ID)
+    {
+        RC4_setup(&rc4_ctx, Ai, 16);
+        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    }
+    else  /* MAC */
+        memcpy(priv_key, Ai, SHA1_SIZE);
+
+    return 0;
+}
+
+/*
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
+ * and keys.
+ */
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, iterations, auth_safes_start, 
+              auth_safes_end, auth_safes_len, key_offset, offset = 0;
+    int all_certs = 0;
+    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
+    uint8_t key[SHA1_SIZE];
+    uint8_t mac[SHA1_SIZE];
+    const uint8_t *salt;
+    int uni_pass_len, ret = SSL_OK;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+    static const uint8_t pkcs_data[] = /* pkc7 data */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
+    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
+    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p12 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        goto error;
+    }
+
+    /* remove all the boring pcks7 bits */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
+                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+                len != sizeof(pkcs_data) || 
+                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
+        goto error;
+
+    /* work out the MAC start/end points (done on AuthSafes) */
+    auth_safes_start = offset;
+    auth_safes_end = offset;
+    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
+        goto error;
+
+    auth_safes_len = auth_safes_end - auth_safes_start;
+    auth_safes = malloc(auth_safes_len);
+
+    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs_encrypted) || 
+            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the certificate */
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
+        goto error;
+
+    /* decrypt the certificate */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the certificate */
+    key_offset = 0;
+    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
+
+    /* keep going until all certs are loaded */
+    while (key_offset < all_certs)
+    {
+        int cert_offset = key_offset;
+
+        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
+            goto error;
+
+        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
+            goto error;
+
+        key_offset = cert_offset;
+    }
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs8_key_bag)) || 
+            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the private key */
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    /* decrypt the private key */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the private key */
+    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
+        goto error;
+
+    /* miss out on friendly name, local key id etc */
+    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
+        goto error;
+
+    /* work out the MAC */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != SHA1_SIZE)
+        goto error;
+
+    orig_mac = &buf[offset];
+    offset += len;
+
+    /* get the salt */
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
+        goto error;
+
+    salt = &buf[offset];
+
+    /* work out what the mac should be */
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
+                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
+        goto error;
+
+    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
+
+    if (memcmp(mac, orig_mac, SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_HMAC;                  
+        goto error;
+    }
+
+error:
+    free(version);
+    free(uni_pass);
+    free(auth_safes);
+    return ret;
+}
+
+/*
+ * Retrieve the salt/iteration details from a PBE block.
+ */
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations)
+{
+    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
+            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
+
+    int i, len;
+    uint8_t *iter = NULL;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+
+    /* Get the PBE type */
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto error;
+
+    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
+       which is the only algorithm we support */
+    if (len != sizeof(pbeSH1RC4) || 
+                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
+#endif
+        goto error;
+    }
+
+    *offset += len;
+
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
+            len != 8)
+        goto error;
+
+    *salt = &buf[*offset];
+    *offset += len;
+
+    if ((len = asn1_get_big_int(buf, offset, &iter)) < 0)
+        goto error;
+
+    *iterations = 0;
+    for (i = 0; i < len; i++)
+    {
+        (*iterations) <<= 8;
+        (*iterations) += iter[i];
+    }
+
+    free(iter);
+    error_code = SSL_OK;       /* got here - we are ok */
+
+error:
+    return error_code;
+}
+
+#endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..f72bee23ae
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,54 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd,
+  0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b,
+  0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc,
+  0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1,
+  0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a,
+  0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53,
+  0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec,
+  0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45,
+  0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73,
+  0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8,
+  0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f,
+  0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e,
+  0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69,
+  0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe,
+  0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf,
+  0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b,
+  0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33,
+  0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1,
+  0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6,
+  0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a,
+  0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22,
+  0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02,
+  0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74,
+  0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c,
+  0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84,
+  0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb,
+  0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8,
+  0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23,
+  0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb,
+  0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24,
+  0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca,
+  0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08,
+  0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99,
+  0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4,
+  0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a,
+  0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6,
+  0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7,
+  0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f,
+  0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b,
+  0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78,
+  0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2,
+  0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88,
+  0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57,
+  0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b,
+  0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26,
+  0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95,
+  0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad,
+  0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11,
+  0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1,
+  0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/ssl.h b/ssl/ssl.h
new file mode 100644
index 0000000000..df4fed9bc4
--- /dev/null
+++ b/ssl/ssl.h
@@ -0,0 +1,580 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @mainpage axTLS API
+ *
+ * @image html axolotl.jpg
+ *
+ * The axTLS library has features such as:
+ * - The TLSv1 SSL client/server protocol
+ * - No requirement to use any openssl libraries.
+ * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
+ * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
+ * - Certificate chaining and peer authentication.
+ * - Session resumption, session renegotiation.
+ * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
+ * - Highly configurable compile time options.
+ * - Portable across many platforms (written in ANSI C), and has language
+ * bindings in C, C#, VB.NET, Java, Perl and Lua.
+ * - Partial openssl API compatibility (via a wrapper).
+ * - A very small footprint (around 50-60kB for the library in 'server-only' 
+ *   mode).
+ * - No dependencies on sockets - can use serial connections for example.
+ * - A very simple API - ~ 20 functions/methods.
+ *
+ * A list of these functions/methods are described below.
+ *
+ *  @ref c_api 
+ *
+ *  @ref bigint_api 
+ *
+ *  @ref csharp_api 
+ *
+ *  @ref java_api 
+ */
+#ifndef HEADER_SSL_H
+#define HEADER_SSL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <time.h>
+
+/* need to predefine before ssl_lib.h gets to it */
+#define SSL_SESSION_ID_SIZE                     32
+
+#include "tls1.h"
+
+/* The optional parameters that can be given to the client/server SSL engine */
+#define SSL_CLIENT_AUTHENTICATION               0x00010000
+#define SSL_SERVER_VERIFY_LATER                 0x00020000
+#define SSL_NO_DEFAULT_KEY                      0x00040000
+#define SSL_DISPLAY_STATES                      0x00080000
+#define SSL_DISPLAY_BYTES                       0x00100000
+#define SSL_DISPLAY_CERTS                       0x00200000
+#define SSL_DISPLAY_RSA                         0x00400000
+#define SSL_CONNECT_IN_PARTS                    0x00800000
+#define SSL_READ_BLOCKING                       0x01000000
+
+/* errors that can be generated */
+#define SSL_OK                                  0
+#define SSL_NOT_OK                              -1
+#define SSL_ERROR_DEAD                          -2
+#define SSL_CLOSE_NOTIFY                        -3
+#define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_RECORD_OVERFLOW               -257
+#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
+#define SSL_ERROR_INVALID_HANDSHAKE             -260
+#define SSL_ERROR_INVALID_PROT_MSG              -261
+#define SSL_ERROR_INVALID_HMAC                  -262
+#define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
+#define SSL_ERROR_INVALID_SESSION               -265
+#define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_INVALID_CERT_HASH_ALG         -267
+#define SSL_ERROR_BAD_CERTIFICATE               -268
+#define SSL_ERROR_INVALID_KEY                   -269
+#define SSL_ERROR_FINISHED_INVALID              -271
+#define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NO_CLIENT_RENOG               -273
+#define SSL_ERROR_NOT_SUPPORTED                 -274
+#define SSL_X509_OFFSET                         -512
+#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
+
+/* alert types that are recognized */
+#define SSL_ALERT_TYPE_WARNING                  1
+#define SLL_ALERT_TYPE_FATAL                    2
+
+/* these are all the alerts that are recognized */
+#define SSL_ALERT_CLOSE_NOTIFY                  0
+#define SSL_ALERT_UNEXPECTED_MESSAGE            10
+#define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_RECORD_OVERFLOW               22
+#define SSL_ALERT_HANDSHAKE_FAILURE             40
+#define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_UNSUPPORTED_CERTIFICATE       43
+#define SSL_ALERT_CERTIFICATE_EXPIRED           45
+#define SSL_ALERT_CERTIFICATE_UNKNOWN           46
+#define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_UNKNOWN_CA                    48
+#define SSL_ALERT_DECODE_ERROR                  50
+#define SSL_ALERT_DECRYPT_ERROR                 51
+#define SSL_ALERT_INVALID_VERSION               70
+#define SSL_ALERT_NO_RENEGOTIATION              100
+#define SSL_ALERT_UNSUPPORTED_EXTENSION         110
+
+/* The ciphers that are supported */
+#define SSL_AES128_SHA                          0x2f
+#define SSL_AES256_SHA                          0x35
+#define SSL_AES128_SHA256                       0x3c
+#define SSL_AES256_SHA256                       0x3d
+
+/* build mode ids' */
+#define SSL_BUILD_SKELETON_MODE                 0x01
+#define SSL_BUILD_SERVER_ONLY                   0x02
+#define SSL_BUILD_ENABLE_VERIFICATION           0x03
+#define SSL_BUILD_ENABLE_CLIENT                 0x04
+#define SSL_BUILD_FULL_MODE                     0x05
+
+/* offsets to retrieve configuration information */
+#define SSL_BUILD_MODE                          0
+#define SSL_MAX_CERT_CFG_OFFSET                 1
+#define SSL_MAX_CA_CERT_CFG_OFFSET              2
+#define SSL_HAS_PEM                             3
+
+/* default session sizes */
+#define SSL_DEFAULT_SVR_SESS                    5
+#define SSL_DEFAULT_CLNT_SESS                   1
+
+/* X.509/X.520 distinguished name types */
+#define SSL_X509_CERT_COMMON_NAME               0
+#define SSL_X509_CERT_ORGANIZATION              1
+#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
+#define SSL_X509_CERT_LOCATION                  3
+#define SSL_X509_CERT_COUNTRY                   4
+#define SSL_X509_CERT_STATE                     5
+#define SSL_X509_CA_CERT_COMMON_NAME            6
+#define SSL_X509_CA_CERT_ORGANIZATION           7
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    8
+#define SSL_X509_CA_CERT_LOCATION               9
+#define SSL_X509_CA_CERT_COUNTRY                10
+#define SSL_X509_CA_CERT_STATE                  11
+
+/* SSL object loader types */
+#define SSL_OBJ_X509_CERT                       1
+#define SSL_OBJ_X509_CACERT                     2
+#define SSL_OBJ_RSA_KEY                         3
+#define SSL_OBJ_PKCS8                           4
+#define SSL_OBJ_PKCS12                          5
+
+/**
+ * @defgroup c_api Standard C API
+ * @brief The standard interface in C.
+ * @{
+ */
+
+/**
+ * @brief Establish a new client/server context.
+ *
+ * This function is called before any client/server SSL connections are made. 
+ *
+ * Each new connection will use the this context's private key and 
+ * certificate chain. If a different certificate chain is required, then a 
+ * different context needs to be be used.
+ *
+ * There are two threading models supported - a single thread with one
+ * SSL_CTX can support any number of SSL connections - and multiple threads can 
+ * support one SSL_CTX object each (the default). But if a single SSL_CTX 
+ * object uses many SSL objects in individual threads, then the 
+ * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
+ *
+ * @param options [in]  Any particular options. At present the options
+ * supported are:
+ * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
+ * authentication fails. The certificate can be authenticated later with a
+ * call to ssl_verify_cert().
+ * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+ * i.e. each handshake will include a "certificate request" message from the
+ * server. Only available if verification has been enabled.
+ * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+ * during the handshake.
+ * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+ * during the handshake.
+ * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+ * are passed during a handshake.
+ * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
+ * are passed during a handshake.
+ * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 
+ * ssl_client_new().
+ * @param num_sessions [in] The number of sessions to be used for session
+ * caching. If this value is 0, then there is no session caching. This option
+ * is not used in skeleton mode.
+ * @return A client/server context.
+ */
+EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+
+/**
+ * @brief Remove a client/server context.
+ *
+ * Frees any used resources used by this context. Each connection will be 
+ * sent a "Close Notify" alert (if possible).
+ * @param ssl_ctx [in] The client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
+
+/**
+ * @brief Allocates new SSL extensions structure and returns pointer to it
+ *
+ * @return ssl_ext Pointer to SSL_EXTENSIONS structure
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
+
+/**
+ * @brief Set the host name for SNI extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param host_name pointer to a zero-terminated string containing host name
+ */
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name);
+
+/**
+ * @brief Set the maximum fragment size for the fragment size negotiation extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param fragment_size fragment size, allowed values: 2^9, 2^10 ... 2^14
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size);
+
+/**
+ * @brief Frees SSL extensions structure
+ *
+ * @param ssl_ext [in] Pointer to SSL_EXTENSION structure
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
+
+/**
+ * @brief (server only) Establish a new SSL connection to an SSL client.
+ *
+ * It is up to the application to establish the logical connection (whether it
+ * is  a socket, serial connection etc).
+ * @param ssl_ctx [in] The server context.
+ * @param client_fd [in] The client's file descriptor. 
+ * @return An SSL object reference.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief (client only) Establish a new SSL connection to an SSL server.
+ *
+ * It is up to the application to establish the initial logical connection 
+ * (whether it is  a socket, serial connection etc).
+ *
+ * This is a normally a blocking call - it will finish when the handshake is 
+ * complete (or has failed). To use in non-blocking mode, set 
+ * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
+ * @param ssl_ctx [in] The client context.
+ * @param client_fd [in] The client's file descriptor.
+ * @param session_id [in] A 32 byte session id for session resumption. This 
+ * can be null if no session resumption is being used or required. This option
+ * is not used in skeleton mode.
+ * @param sess_id_size The size of the session id (max 32)
+ * @param ssl_ext pointer to a structure with the activated SSL extensions 
+ * and their values
+ * @return An SSL object reference. Use ssl_handshake_status() to check 
+ * if a handshake succeeded.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext);
+
+/**
+ * @brief Free any used resources on this connection. 
+ 
+ * A "Close Notify" message is sent on this connection (if possible). It is up 
+ * to the application to close the socket or file descriptor.
+ * @param ssl [in] The ssl object reference.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl);
+
+/**
+ * @brief Read the SSL data stream.
+ * If the socket is non-blocking and data is blocked then SSO_OK will be
+ * returned.
+ * @param ssl [in] An SSL object reference.
+ * @param in_data [out] If the read was successful, a pointer to the read
+ * buffer will be here. Do NOT ever free this memory as this buffer is used in
+ * sucessive calls. If the call was unsuccessful, this value will be null.
+ * @return The number of decrypted bytes:
+ * - if > 0, then the handshaking is complete and we are returning the number 
+ *   of decrypted bytes. 
+ * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+ * - < 0 if an error.
+ * @see ssl.h for the error code list.
+ * @note Use in_data before doing any successive ssl calls.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
+
+/**
+ * @brief Write to the SSL data stream. 
+ * if the socket is non-blocking and data is blocked then a check is made
+ * to ensure that all data is sent (i.e. blocked mode is forced).
+ * @param ssl [in] An SSL obect reference.
+ * @param out_data [in] The data to be written
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
+
+/**
+ * @brief Calculate the size of the encrypted data from what you are about to send 
+ * @param ssl [in] An SSL obect reference.
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes that will be sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int out_len);
+
+/**
+ * @brief Find an ssl object based on a file descriptor.
+ *
+ * Goes through the list of SSL objects maintained in a client/server context
+ * to look for a file descriptor match.
+ * @param ssl_ctx [in] The client/server context.
+ * @param client_fd [in]  The file descriptor.
+ * @return A reference to the SSL object. Returns null if the object could not 
+ * be found.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief Get the session id for a handshake. 
+ * 
+ * This will be a 32 byte sequence and is available after the first
+ * handshaking messages are sent.
+ * @param ssl [in] An SSL object reference.
+ * @return The session id as a 32 byte sequence.
+ * @note A SSLv23 handshake may have only 16 valid bytes.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
+
+/**
+ * @brief Get the session id size for a handshake. 
+ * 
+ * This will normally be 32 but could be 0 (no session id) or something else.
+ * @param ssl [in] An SSL object reference.
+ * @return The size of the session id.
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
+
+/**
+ * @brief Return the cipher id (in the SSL form).
+ * @param ssl [in] An SSL object reference.
+ * @return The cipher id. This will be one of the following:
+ * - SSL_AES128_SHA (0x2f)
+ * - SSL_AES256_SHA (0x35)
+ * - SSL_AES128_SHA256 (0x3c)
+ * - SSL_AES256_SHA256 (0x3d)
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
+
+/**
+ * @brief Return the status of the handshake.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the handshake is complete and ok. 
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
+
+/**
+ * @brief Retrieve various parameters about the axTLS engine.
+ * @param offset [in] The configuration offset. It will be one of the following:
+ * - SSL_BUILD_MODE The build mode. This will be one of the following:
+ *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
+ *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
+ *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
+ *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
+ *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
+ * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
+ * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
+ * - SSL_HAS_PEM                        1 if supported
+ * @return The value of the requested parameter.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset);
+
+/**
+ * @brief Display why the handshake failed.
+ *
+ * This call is only useful in a 'full mode' build. The output is to stdout.
+ * @param error_code [in] An error code.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code);
+
+/**
+ * @brief Authenticate a received certificate.
+ * 
+ * This call is usually made by a client after a handshake is complete and the
+ * context is in SSL_SERVER_VERIFY_LATER mode.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
+
+/**
+ * @brief Check if certificate fingerprint (SHA1) matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA1 fingerprint to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
+
+/**
+ * @brief Check if SHA256 hash of Subject Public Key Info matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA256 hash to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
+
+/**
+ * @brief Retrieve an X.509 distinguished name component.
+ * 
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param component [in] one of:
+ * - SSL_X509_CERT_COMMON_NAME
+ * - SSL_X509_CERT_ORGANIZATION
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CERT_LOCATION
+ * - SSL_X509_CERT_COUNTRY
+ * - SSL_X509_CERT_STATE
+ * - SSL_X509_CA_CERT_COMMON_NAME
+ * - SSL_X509_CA_CERT_ORGANIZATION
+ * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_LOCATION
+ * - SSL_X509_CA_CERT_COUNTRY
+ * - SSL_X509_CA_CERT_STATE
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
+
+/**
+ * @brief Retrieve a Subject Alternative DNSName
+ *
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's DNS  
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param dnsindex [in] The index of the DNS name to retrieve.
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
+
+/**
+ * @brief Force the client to perform its handshake again.
+ *
+ * For a client this involves sending another "client hello" message.
+ * For the server is means sending a "hello request" message.
+ *
+ * This is a blocking call on the client (until the handshake completes).
+ *
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if renegotiation instantiation was ok
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
+
+/**
+ * @brief Process a file that is in binary DER or ASCII PEM format.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the file. Can be one of:
+ * - SSL_OBJ_X509_CERT (no password required)
+ * - SSL_OBJ_X509_CACERT (no password required)
+ * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+ * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
+ * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
+ *
+ * PEM files are automatically detected (if supported). The object type is
+ * also detected, and so is not relevant for these types of files.
+ * @param filename [in] The location of a file in DER/PEM format.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @note Not available in skeleton build mode.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+
+/**
+ * @brief Process binary data.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the memory data.
+ * @param data [in] The binary data to be loaded.
+ * @param len [in] The amount of data to be loaded.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @see ssl_obj_load for more details on obj_type.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+/**
+ * @brief Create an X.509 certificate. 
+ * 
+ * This certificate is a self-signed v1 cert with a fixed start/stop validity 
+ * times. It is signed with an internal private key in ssl_ctx.
+ *
+ * @param ssl_ctx [in] The client/server context.
+ * @param options [in] Not used yet.
+ * @param dn [in] An array of distinguished name strings. The array is defined
+ * by:
+ * - SSL_X509_CERT_COMMON_NAME (0)
+ *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 
+ *        hostname will be used.
+ * - SSL_X509_CERT_ORGANIZATION (1)
+ *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 
+ *        will be used.
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
+ *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
+ * @param cert_data [out] The certificate as a sequence of bytes.
+ * @return < 0 if an error, or the size of the certificate in bytes.
+ * @note cert_data must be freed when there is no more need for it.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
+#endif
+
+/**
+ * @brief Return the axTLS library version as a string.
+ */
+EXP_FUNC const char * STDCALL ssl_version(void);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
new file mode 100644
index 0000000000..0c8c19b3fb
--- /dev/null
+++ b/ssl/test/axTLS.ca_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r
+QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI
+1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6
+x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO
+XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf
+2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ
+b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O
+TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E
+YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi
+7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd
+mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I
+ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+
+Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov
+M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
+O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
+Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
+i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
+E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
+neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
+Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
+qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
+GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
+0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
+ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
+89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
new file mode 100644
index 0000000000000000000000000000000000000000..7bde7b0a4231cedc65d7bbdcb877cfc56e79ade4
GIT binary patch
literal 786
zcmXqLV&*ewV*Iv%nTe5!iId?;!n6&HOIThQ@Un4gwRyCC=VfGMWo0lhF*GtTU}Fwt
z;S$zNtO)T5RtPA{&q_@$QE<smNv~9JPAw|QOv_A8EJ;;xEG@~%FUl;bG>{YLH8e9c
zGBz+WG%ztTj}qrKHZZU>uz+&OG_{FQ3E6p!tPIRejQk8hZ*Va+F)}i2R5qA2jeR<k
zPIr{yv>@*u=Ewc&hTrZ@xFftdMr1`wx#<D^)sE3!va4QJpN_Ct>1%)N_tzJ<x&D6*
zE=~<|=2W|MGvK%LK|_PU$u81ykB;h@e@g7Q!gf6FkD~1=;oGf7Go0t-%yCG2u$1@D
zsU`OgO<%m(eDlV~9qcm%8of#tT{urB3;a5MhEboNy`)y!@RrQ&hd;Dcw_khAws+m3
zubm+rUjrmQ<@o${)|FOSt-ski*u~Z5T)eh>Wz*C4um2Z6jtKiI|2Apes|DMY8&Cas
zR%w}g<cC|!`zi^yR8iigQG52?c3CKY<I3!FJt9A&S%qq*E5zNHE0}q~wrI_nTipH8
zyiClD42+AF4HOOdfiWg4%*gnkh1Gx=NEz^f1o%M$EWikFLk>n@ECYj)k)bI0{DSQw
zUDgwX5*BDDADR7FsNllkf=%5FZn@PP?f(RtulByMW}}Pv#60dy-^<>Hp+`lHzr5f5
zSbNXgyc)$dZf5IERy|Cy{1tTndehcj%{Sjk{F&W!-^1%q=0djB&5aS|=PR5)Ke!UN
z-rPTa?>UY`%O>4({MK4!c1u-9;Qgar4KshLPEN`wbu$m_dlmBQY3}EhuPV>_&3b4T
zQaNi$vi9a$gJ>lWmd3T5XTCL+-t)BD!|Gnj8x_Q4E%m$Y!U?ezlh^PH%BT6x+S$o_
z*mOzgQU~Ved#nU?A8XF~I+L$(b!5ZmQ+Ji0<Vq`i`h7c2CV!@()%Rml&au4uztm92
IUdHMK07gbX4gdfE

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
new file mode 100644
index 0000000000..0dfd1f4d59
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.ca_x509_sha256.pem b/ssl/test/axTLS.ca_x509_sha256.pem
new file mode 100644
index 0000000000..0771ca651c
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509_sha256.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
+AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
+BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
+08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
+jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
+9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
+LfUXs2/UCNpEHS60Xl8UDJXA
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..07feaac9b509a32687f6bc823b426191f0a9e765
GIT binary patch
literal 673
zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2*{m0{+oFxcLD+k00e>pdkmlHgD7Vz
zCm9>FJDCD@>~r}|@snQhXFpIWl5vk2sM{QxjI_9P)WipyQj*FPWsvp@aSaHp@pMDK
z$MZ1uGwhQEoVP#A-kSi+dF@r}0bd6_%=)sMicLuiwtg#<3Y7GXU1(kJiz<Q-P<M{w
zh<Zl%4ezO~WC1q+jC3=}+KCnrxf17Ms=%3VdN|B|v>JNz?rB8R{k=4>M8Z{jx$bSb
z<wWMo&!9FcoY8I$HN)~qeQmQAOUA9Q0_{xeFn}g;XxEeFcsUpD>;tb0$e|023ira)
zD>a(ty;nL}MC^RHtzL7Qc>{bsjm=OO9*Eb+*ftfQu80Z%gf49F03=jRv$9vannCiq
zf5{60qu}m6-rO}9Z!j6by%67<A-WSO6&dlrbR<4jQ5xTOl{Z>*uwJK$%i(EW%Y3`v
zEK6MzCSvG=;jW{#t^^ps&}d7nJ?CA*f8PEzY6f44WRx=aquSW0uMo|h^4N5oU#CUY
zzPn(1I=F_2Luh4{P}g>Lw+t71V^!Z#OO^Sep<NF%Pb0E!e5`LBo|UHIQ{WU32?2Cz
zSAi2$TCN*B_T!_6t;z0Y#esM~IX%TNEa=m6&*x>e==Jwey=>11<+a%YiDyyv0<IhH
zsf>>1%F)+lUE`S)`6xBS@V)O-(`jMu^s6c^<#;>i{2IW5?bTxuZ~w%dx787P?vjtU
zyeek_O^XX?nEBTi*5i#QQZL#ra;^+llVBeDl_hR{TBlMCL`Xov*IvWw@7Mab>K>qx
z91lbWCd`Ij^a&hPw#2c(_^5Pcxmu-5%&Fk~WTNIbGwDg(YP}?j6oq}T(+M_nCrTlQ
HUEnaSBD_pH

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
new file mode 100644
index 0000000000..bc28403bba
--- /dev/null
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr
+j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd
+ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K
+bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8
+LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq
+3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K
+2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze
+Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC
+ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
+zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
+bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
+a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
+wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
+eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
+2A==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
new file mode 100644
index 0000000000000000000000000000000000000000..e39791ec8b54056d5bc75137a9e8ade3ae6c29c5
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdIV^)Iz9qhg7P$Iv<P9y|-oiKt0eAnw;E%eCntd;dJu_
z4q?H;c#5*R6(U;yo49%|4~VyP-UOMYqM1{Rt$127?Ysf!-|6fxpj}h;=8B-mZ9zq2
zBeTy=P#-AYHsW*N)}gaTPj0&noA0RkOr>$5h}{RNh7CW>nIocvcMk#s0RRC4fq*7I
z?3Sz4ABhf~IM^oz<+c<E*Z*mF7D~hh7FD-8RiD0w_*m%0MyT-Z+Sb2_RW0UnDJ*2k
zT^*YwI+#GA(yv^rBjhvC>R?jmdY*G%E`ZV8Z$}T8fHu-F2i?}!6^Sc!)qaY+V?qk@
zF)6?K`S6I3iozmp6(+Y{TUbOKJ9z>@0O9en<;Z}OKu~lP-Lmp0Tns(HU+$bmY!d+A
z(Ak6fkSv7qs>0p-&jUe-5XQS+x3(^(9jdzfN^;nmt%wb36#_v3);1&aU3bXSNx_r;
z$_?wA+Pz08bC;k{*Gween+rFt!!fl_VhGCR@0WW+pxP@Rzo-b4(iR+vnepEy(L$M%
z0zm+=LF9hlAot|)`A^YmEe-MM?3_C0z?8Zt;(WBFp(FO~=2KSUP%_v8j_b#Dk<-dP
z)HEP`EBh}x5OT2xR<_LoKps2t0}XUEvMs#U$fbBCgAekXGKg*@K!n1`iH`Q1TU<?z
z%dm)%Dz^}5V|g}_)1Oy%E_VKl^q2SDi8~AJWdcC}xv#$o$&e=Va*MySeCKa(Tcee@
vo&&khpi{as!PBjUyLm_n)<2xtH<1wy1l2prbX^>gjXm-B`Mx#RvQtnU*ex&x

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
new file mode 100644
index 0000000000..fd8226eba1
--- /dev/null
+++ b/ssl/test/axTLS.key_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB
+wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF
+YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB
+AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/
+iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W
+1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0
+FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY
+mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK
+5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6
+5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47
+8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X
+di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt
+hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
new file mode 100644
index 0000000000000000000000000000000000000000..00989873bb903c8c1537d4318e535fe068d6aa00
GIT binary patch
literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaH{T6R3AC2^VxXLF))22BHn=^2*8_o14xzC`P*=rH@6
z?q9N&et`5QFL)W+(l6XVbV9<GF3&c{LIa}!3_GpM-iV5(@^VbX4*?X@2?%@il5pik
zJ;&S3XinWcXY&GlCNepC6|j?%=oF4g(N)VhUsI{TiSA;uMkko3oSGII7H@b<#g-()
zU=sW@KPX+8PAjIR0UZ>s-!tGHNzp`upSmteb&<0wmV){%MxUPyI4%}1$so8x0|-eF
z53KPPtq)(3fr9U|R-lCkCHu0BSqDwK7RiZF-j+6sH-#U^)dhS-)$f4D)6-0{m`T`G
z`Tb<R=UpgDBfSrcmNnG^0|5X50)hbn0MI}h>wxtpv2E)FiZC|-?&eX=i#pSP=0JEA
z`*pDo=d(>5BYeo-P6_TWG5D<hN5+)Wgv|v14pPtYRhr(Mp##}4)C;Bri_}_cp2oS3
znrEUuBV6{v3GwGsrZuADGrAY_Zb)VT_}>C>*nJWe!wIXSrR*ifFe{Iz);M+Zz{jwH
z7={XO-&;!7t}aIj4&HO+t{m{TDFKj~5b2S1EX8coAi^v#r?)d`*bnMt;~5F4-F`V=
zz&>OjFDoICVE7Q<>Kj*Lc*Hb&&PT@(v20NjJ2<J+>PKA0?ZuDilWu=VCv63J0Z@{)
zDxfm3MqM7$mYQie95%BL9ghXFsRDt40RMqc^_O{AEjs;TcPsrwZTOJlLJg!&wOKcV
zlMOBS{g{a*a{(PoDPg2sZ@#fm0b~daQ}Y%}q%zMMBH*+dZZpJxyhL6(mk3~Sc~?Kq
z$cT)V=o+qS31(OWJy3cj-}d$ZJydp@hI>ixT8%3rt2m|GMobPtNhKJ0rdNkCLjr+;
z0QuG#YJ+OL(ruGCO=l~|qrP%7=d#>GTjwB1A}gENm8)#5_<8v|P1-lqtdd-Y#ds*n
z2S&ZNC!G0rx&-y#(u9bIlt>^{*Oia_)?SX0=CwiHxI8suq@@I(Q~I7lNHIRzLTF~~
za~rj{cp7VF%&IkOaNIl`*x#O-v3@jP2LgeC0Nli^1x2f<pY%_PEA)$U{2qaMuAe~g
zZA-Xj?7_c|Tlm+{&h8MDs2$-ssi-(-E4+3i$jQp$^6sDdGFH3i_I|E&yoJhevTC1#
zjM(v>N3o3HyN-%ezUg{&+8)+iF^8WCm-LE4e4f0-pB70*JaNYbk69WV847=TWm`?k
zCjx<hP$^~>O8j7flrH>@xnRz@w@sxFy3hH%?>FdeE?D02hXZ4*hE{d7(IddsZcxeH
zYGjNKF`$KI$aFILIK?}Etd6n~-QuCvT4K!EYn6*K-%YmqdN&s}sLclAM>D8M$)rUa
zv8(jlPBY9Nc{`-cUVyD^l>MZ$;cQ-RJoHG}0)c>43rt-w_O7VyNPF?A=_BhSAAW2w
z<-kkl4oJV*6MN5+B$ye|7ZdX93W12hQN)$V;;qt2CgO3wyG;p7+x2Swvid>z<3P_D
z6FN_Nb}2vnGBE|+R~O;bVM9+hq5>7uyc-!-KN0JNO@!8spNZNsP`HMyT4!Q_(+cBF
G5|Pp%l0WbO

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
new file mode 100644
index 0000000000..5ef719db71
--- /dev/null
+++ b/ssl/test/axTLS.key_2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y
+ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl
+RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94
+S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W
+L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8
+RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r
+BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP
+8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C
+cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ
+mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0
+e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz
+Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd
+SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu
+aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW
+GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo
+ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+
+2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL
+cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7
+5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ
+RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo
+bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM
+2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe
+bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy
+6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh
+1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
new file mode 100644
index 0000000000000000000000000000000000000000..df8a8fde95f87836187040e8746243bebd557e15
GIT binary patch
literal 2347
zcmV+`3Dov5f(a)A0RRGm0s#QP3QnWf^s^<%@HvE#|2%kbpk<#0x@QOp%A6JL4$B06
zQpMDD2u!G_%q}k$mC8P>+J$g8>^C4Klpx}(&t0eXjgNSz2~a3rc8R(sQ0dkEQqWOU
zMZI#r^XVAit&~0Z$s0Q#j9piF;Ey8_Wo}z)3f1H@Q{hx^U7e4PW=*2$FQ9Q<#l{P_
zwkao$@0gatD@@2~i9#yX@%wF1*1A>luI?)_5iI$Qr6##63}lIV9yz}&8JWgFZWjGn
zn_{FYqAgeTszHFOo(QGXj&mfq$5>Ni1FiT|t@2r#IW1%u@|t<WEiAMzJIIjx(z`6q
zIk(N|?OX+7rfs|UWuDcti0METe<8Qa=EMM_hI7{XQk4nrBu{sJgRPK>*BhHvZOg~#
z3gv<evHssc1Wy6CH7UD^*kX3S*r6cY<f|n5H=#+M&%tq-#{qdhDvHw6d_yt<KM2Bv
zj)ys7F<AC04pRH=rRX-1y%kccz#Qqgi{R9Mno#p=hu5n|R!x}6nvGc1Zt=$0u&@dh
zgYC-d{SfVwc&I`n>%fj)MK=x8KnU{G-Vg4HL!_8>R!n)TXWMBD$g5GzqV%R1qOUo%
z<BSR_mjzmgE2NUY-HlySdhJP1of<#8Y6#=21%O&ubG0Dgdc;$bevl-&m0#ithq7Ix
zP9oUrFyWD>$%26b0|5X50)henB`H~QXEoUT^w(Fa35@!jtKPl~dB#d@$;U-e5a5mU
zzH_JursW1el*jZR^pxY^ApYQ2h}zQ#3w@BMjBCP4;Bp{SPOpTmYbr4qu9bDljSSm&
z0fEI?Q9sw&l90q<0i~GvW$$^Im9dV&P<nb&f<U^5Ku>uIC(FyzozS{5PC|nptna#&
zMdhF^A%Vx+RFj}~AI1sc)F{ztqy7nO+*@&nHYJ9*d+K|I)rh`h#248>-wZ=9lmt1t
zsQzN6HUZEWcUO%0V?1A+2Y1n2N6mYX7gqf7Qt%Wvwwhh&Lermw^m*rQuDv+mrFw7j
z39c=jQ1`8v^)M5N4p&Ro<g@h+BU1XnL)7Z*L*^}__-*sA1}wxsccVV@Vgt`+t<q4?
z`=U!28ra&imtrlpexaaB4TP*Q4S|I<b^CQ;&nyEllb4l({1{*(7T-`PY+|JmzOLVC
zs+E1dbQQxGQON(S1=UEiu8SRqQUdHjDE2WsZ@C`+1xO*-p(cnXj3+LFLn0uw<l}~8
z>N37kd-7O|RFNA*v1XeXgk(>CFuaZpWc^u@pb3(u`k#iV6fhkx0ypxWj72$-jbw#u
zNguMfE%9jNL0gpoJZsq<EmzL$UCFrVK5qEX&~+q-H_A{JaFG^vndy_mvt%G4iTrdG
zs_Uzz+PY4^WV>DA0)hbn0O73zXm=?(p;NijJdiKV+fi;4)j2T|?I&T+<7kr*2h59B
z>1H#x<_M}{7x6ThvP}8b4Y?8>Tg|y5z#E@GUd;+l<-!sLt^lw_wg@-$8qZBXO2c5C
zs3-`h9zd)d1^anJd}0Tbhp0LfdpN1h@vVRAUdmMA@mGONU)GhHiM$k|s*RQ$Ikr6L
z$O}2MEw`O7(ZZM-16d0#M=piOL}Gs4oT+3*bgLH5w`j%!5h)G-%XNQ5&wvPEt$O{g
zK)p%LCR@#SZwo#I!o2dlG93S#?&h<?A7^OvgqSAUKVyi*%Fzq*g=)F&H|taH2UsGr
zu}8-<RAR#2GxG08r2>Kh0RY+9MDO3_$)TR!Txuq4@pQ4bDjIjd2{`>DItc$>l;26>
zNIOtbh!ap0v%SYZ30InfvJ+bVgQd0!qfB<rYN(QqAcVj3*{d0wI`SG*Ew@pvI?XlY
z%ar6C7yEHF_OM_}PrwJAjEqzi1j-I3+Yblc(w*i-l&1bTv^RPAdJ<*GJRfN#Y-Y*_
zT5SeV_)Ju6F4X2@0AZ;ak{|xpBQVrAaG)lr3(=(-<#U~0Qw~h|pN~2OSlVgpDg@L-
zL33!ay4vZQO;pAUr)T@*3qE0Bpj)M(B?&b~(MIwh_1~Ilt7qBhuCNjdRjSZ%ah7*0
zE-+fLP@h#D3W7GGIIRML0RUq?#zp2q2Rm}AK`vbB=*bPDF0PTA_X@j8)HK-x^8~v3
zdzs)1)=wUIZt}ouw91qBIv$3|WQe|tFR=4;uvKg=piF^plXul^uKGdR`AOjC!*Pj0
zuagHS=JoQ@yzmr?TNe|w>8MU#Tq|SSsA(fNAw|{<Mc?o5I6B=9r3&=k&N<pqtk2{~
z9L4*|zxCG56#i9cwdczGlSsZeu1s)L0%<x#k`|ygLuq_<w(9)$-wFl&m9Y9qwA&Rw
z0j3U@snfWFK89kKKUlNoy2JkDnHmxC^5_J8uPLw(MdG4PzT3gtQz$^H%9_xv^lNfr
zuu8$1<OH+%rF8b(D$xRh0RR|?&+^D0q#n$=v}4R77VDCnQ)HRC3J=~2nw_f6CoLkd
z7JPrEKN1ze&me!1Eaxra$tr&24Mm%S=v`Al8YvVYXRj;6HSe4`tYF#jCPeTs_g`m2
zc3w4hsEEuCOw&Gf9PK`?QpWc!E&%7L9-zs+A+ccI(?}n8nQUqkTiH05U6vROd-3zE
z@>Mqy0!i+4B(58%Xu+2L=R++!W1c%WXF1Y9xZDb%Mc7D>_yDs|rPRi*_@>yY0GWKE
zmr#8v4<}lQ<4w8bR2@|GF$4UGnq}Acmnb__*Lw>H1xW&?1_bjs&U?%JbkKntIN!cn
zA)uCqL(@JDz(PC@_Z<R)0RS|LF%0`{%a3WUNgeYP5OM615xL(9<mHUlb-6(*k}g9?
zlOJ8E@VO}zt`<O@C$CSrJq9}f&Y{fq#j2xlw>=6)17tt3<iPG!h{qzYLx%1BmW(m#
z@(VD(SfTva;dkVU5bIv2%$)uMxgi~Y{+Fg*OVu4MiI`A8bv*@L(D6`1uHBr_iQBG6
zi=G!P?ESAhm~P`mA-}MLfozRm4IM-hGK@DZ0?RP%dY-F2l>jyEXH%9Ok?Hm;qWF4;
zx^5dYje5j|($8)!ETTCNR1Bx5H1pe>7fjq7D&)@gqg_ZV1kb*&d3#T2+2L5xDQd!^
R-KpUHmbT&ib)P%cX;_ZKh7|w+

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
new file mode 100644
index 0000000000..73fb75f899
--- /dev/null
+++ b/ssl/test/axTLS.key_4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU
+dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR
+VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx
+XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/
+KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5
+wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ
+7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ
+ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU
+f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy
+1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J
+T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA
+AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0
+H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X
+2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg
+LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5
+uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04
+4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+
+82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg
+IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh
+2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS
+pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74
+0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp
+OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS
+HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH
+lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY
+GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN
+d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH
+M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J
+4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR
+rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl
+yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M
++Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a
+aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c
+6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz
+dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj
+26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+
+OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz
+5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2
+3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV
+wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41
+dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz
+rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY
+qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL
+/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf
+CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/
+seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud
+LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3
+LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb
+nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
new file mode 100644
index 0000000000..470f29b514
--- /dev/null
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89
+
+aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb
+hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa
+oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb
+sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY
+pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ
+7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX
+8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K
+SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
+JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
+0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
+8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
+9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
+v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
new file mode 100644
index 0000000000..5e9c5fd46d
--- /dev/null
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048
+
+eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ
+aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC
+yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90
+aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E
+r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi
+EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl
+YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3
+UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
+0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
+qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
+RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
+9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
+mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_device.pem b/ssl/test/axTLS.key_device.pem
new file mode 100644
index 0000000000..5c9a845847
--- /dev/null
+++ b/ssl/test/axTLS.key_device.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
+SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
+GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
+yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
+Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
+yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
+P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
+CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
+VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
+hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
+OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
+BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
+NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
+CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
+rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
+qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
+apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
+4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
+jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
+hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
+LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
+rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
+THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
+1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
+iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_end_chain.pem b/ssl/test/axTLS.key_end_chain.pem
new file mode 100644
index 0000000000..7c1cb6cbf3
--- /dev/null
+++ b/ssl/test/axTLS.key_end_chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
+DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
+uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
+TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
+I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
+DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
+rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
+ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
+yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
+5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
+tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
+uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
+GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
+ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
+u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
+t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
+hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
+p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
+dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
+uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
+90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
+rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
+Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
+87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
+yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca.pem b/ssl/test/axTLS.key_intermediate_ca.pem
new file mode 100644
index 0000000000..57fef36137
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
+I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
+u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
+YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
+zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
+Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
+tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
+Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
+D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
+UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
+iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
+gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
+QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
+JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
+FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
+NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
+SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
+gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
+RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
+lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
+6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
+ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
+wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
+fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
+/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca2.pem b/ssl/test/axTLS.key_intermediate_ca2.pem
new file mode 100644
index 0000000000..5a4dbee96a
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
+2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
+zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
+yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
+7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
+t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
+DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
+hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
+psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
+3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
+ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
+narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
+dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
+50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
+f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
+PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
+WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
+EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
+zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
+e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
+oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
+cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
+MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
+Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
+eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0383293487b156598a1383a699cb16e6db4a4a1b
GIT binary patch
literal 1612
zcmZXTdpOez7{|AtZ5mk{T5@nSilMbVGnR6hWS87_s8HAxJMCC<iAvYGQ!ZU4oe5!M
zJ*$vTj@wbmr4-F|WOIAaN<uE>tmiqm=Q)48&-*-|@AJNYeZF`;j0S+!@O&5o2DeC}
zB`s)y)xr6E=qiK{UB>gF3wS=T{BH!y=L6F!Gy#A?sx|y?0>&G_H2(Uq77WHCAZvD<
z6Q_nwKXU|tHK6l+pn~xdJsU6T+gKWOpI|W6#>7-w?*<|El0^O>)P4%m{>@9^{N)e3
z+~A3<lc%G%A1Vn8G3!#4J`Cs_*>oA+g`9RLRWTs(#p{*g`%zmOjy6M10R!(o+awd_
zXbx^UyHl2Nl3BkBM2TKRv{Rz`!Q_a*ZeGp%2Sx|Xi3b?YvZR!ipKXA*7FpqKy#bH?
zM((ck6e2{Dnw~ng;o!h~Wh}1Oo<8|VUcT96EIxt2X4Wr>IbQA%o2`D+u|Cv5Bz6d1
zx9ox4xxcnZnu<>03|5`=-_s?9@iQ1MP32gz&^7VMH|=rfp>x7pr4+80&y5CxXL9lI
zP-uy?I{4I*Wo1hDSv?cn=W*+*3HldB$AOS)WB<hyUjb56=)7CL;K(iHu^WBr)EO!9
zt;DW%s~{$_Vo)q1DbPWb-nHI3lUeU0j~yYcY3bbC9IPy-BL#QBTlK4WGdj5)I`YA<
z*$|NV(;A)_tHIq+nVoydG&Vw`pfA<I4{b;*t{<5%kxcy<^>Vn_IPJ4pH_Eg9%2Ua{
z?6q~?9=;}vSn|<SAadj*^7R#ghl_vtbuUJ*p{2sk9>eAkq@B`^u-UWj$mZp+(B1np
z@@FHw8}vC{M49F*U&rDBIPPW|Il>dS+jb-9)2<ge`lMC?iH$H5mX}Sp6B%hKFF2#f
zH`je!IQ?PI${syg*Di~V+w&Nb2gf0v9|aEw%0|>hHN4)X+Mx<i>uP%8A8)QQk8dbN
zoN~R5kq={L&JCjVO4vhDMv>~W+H2Z{Jp?L?F3`<x_)ywi(4ehl$DG5~s7c3VMpjm}
zUX&!5ec6fS?m$h4_S<%cJhu12nw~S6q52*1PX<W|c!jfEnS01&@8U1e9F|tW$ID;V
z$#*n5wsgGGZ>%~T{8Ot|PMdQ#bD=*|CHd$7NUqX<6r%E8g=MPgg=zk+yapIhg?Ci&
z_Wzr3>4h@8$KK)E_a>;$<8IzNmXI=x-7l}cPWLTnnY5T{ex$_SJ0r%HQRgM$TvNas
z+o~tdFmK89j5l_>Q&-`&_)0$~XwJjNj=kQ|#aj19_!tpf8o5Zmcnb(h<_hNXl6qn?
zS%(j|Ni~gT`gH>xDQ5ib_&)@>)ZhmT6<Og^1*hFF{c4WvEpfi<hRyxJ#GU*G4}#bA
z9Iw5AtNo&kd&tG?8=L%+hf;*YQNoR+ve8kaqNApjI(eHS=(lc89)B9frjb8wS!sBa
zcE)AZ;lllH-Ylc@$tqbY%IK{57C1~U(vj083?FiZ&}5=qG*%EW8Lw>-8D*ZO7#GaZ
z1kk&6F|nZZls-c}j&TuFZ5?_GC9Sl7qd^Q4U}`P03NwZIJ1?w=xf3I{24SaVae)Ia
z4`msZI=<W)q$w{fVaA${wA6l@RBw>iKu>N?{}d~exNn>2i&}aextd7q{jtq(Dd3SH
z<lwtuc~aCh>c{4b7LUhjy4Ge*I<<86<-)zZkba({gWLKk7MM26=-AincOYjjk$bOp
zL!vtEH-|YhR5r$x&{&`42K!nUmL^>1z0I?chvAgGz*J}5MZZEv?R3t37u-W$IYy0#
zYA!*274meEW?NN4eJf9RZkt*^J9C6)Oev)pAy}yg{jbJ!RGFV9H*Mw-%-tz1wqoL0
zrQW=C@;<+;jvp*xh6}ECCy{DS^-~_M6Yx|yy&YopbM-S<0nx{4>fo6NN^9x>q^SA^
zNC{cY$=hpfyQu{vskmgU(ZExnHrV1|TQ4_h#zvoD*|PQp2~)@W9qC=2i)Vil{f>nX
zHeR)#+hdY)<lFn^LMrMbDO~2>sca@}#+&>jG<-b)4bd&kz6Lm1aWbOycP3*VzJ;Iy
zCMNI%{3bjc2DL<}0s2r7M0a!g#q{~O5TK6iMN8_B+@Wj3w}PyhVLV64LdIC%#r_j8
CC*Z9B

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..df7c2e21600e2f296671ecc261f79616e864929e
GIT binary patch
literal 635
zcmV->0)+iAf&zB}0RS)!1_>&LNQU<f0RaI800e>pVK9OMT>=3B0)c@5y${qvsC0)^
zs<}EJi_X2bW&1!q&=H!P+=6`Ss2AaM^92rJ!NGWnvbq%_TK}84dM*!$w{+eFnWdtc
zQ;V&5S~2as0q5W8>@T2QQ}*VHpvY}OMPnng&rVPuDBm{XbKlmXvqn#DyA7M~sQFB#
zaiNIa2dRb)Kh2pVqJ(!30s{d60Rn-5CO_<!tJEKf4xKpICk5rU6bRS<X?PY&#0C~s
zw>njyzJ~Z%=*32;@a@{xzlc>W=5i@4WXW9}n<P4zK%vsFT&pAGGtlZ_Qs;V}b6+li
z(cEuG50`*8(l7_z*4Gt@D|FR<io9b&3i2^2zxny_h>wcGB5oBXw_aOVL>xPL0zm-b
z@v`N}fRjK_bQImP@+VvjJ-}b?oJDLC0N>ErgZhvxgz~Dw-TTi2L5L8>yI!}pE~Xu-
zy8B9U*qW_~4QdqvK>*e^BlBH%$kR!|lm5yL>zmrWM<{cbpitLLB;T70H?G4mwNGLQ
z%H{8udqbewD<8k82$Rwl9Eq9n-zL#QnUexR0I@;je%~PX<nj4W(P}LX@#*ZGI_AKX
zx+mg%w56dV_U-0VR^m`H*aD90$90j@%0ARIAbczPFFFu%u?JSR%>qCkJMse!bTqOp
zyw=F2cqM}m@|!Y<ZX`g2!pMn^_MBT>O^wU2h><F{5NKn0Hj&exS9UIT{)_aN_uYv*
z3+-hBK>)e0zX{2ZCi8NOzq5SjZ*N<pmAIY*xzC_ex-!Ajt%bXJND0<IoY^;#5e)>@
VJIZuj9FdJZ@%Z_^HP^CJP#x3uH1Yrd

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
new file mode 100644
index 0000000000..dee0ed461e
--- /dev/null
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6
+H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi
+mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b
+76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX
+/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj
+5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K
+wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ
+LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K
+Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
+QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
+68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
+hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
+kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
+PfH4+b4117JTUB0=
+-----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0a89e7358b4104678b647bbd9388f20d8a2593ff
GIT binary patch
literal 2521
zcmZXVc{CJ^8pdbL7{-=m&^MNv2qCjrN|I#Xm&u3h#%CK_mh53H*`f?t(-1->`!?gF
zi4fWM5REL!GReN(zH{!q-E;0A?|I(yJnwn`dd~Tw2+&amAP7Z(=0c#7aoTaa>_8?U
zi2zLo6QJ?G>=+aQ;_y3ykO&adUzQ;Q5b#U1ekVYbAcW=LAJ~9E6bG2uIC4nybws@h
z0|PT4k^q6X!@S{(F^()r+zqW8Y!{%%O#-28{V&AJee{*mkyuJ3H6Jy)vQ4)!feE<H
z7SDT&&^>*0BKvZ{ScKQ}wW6H1VXqs1|AlAgfW())?i^h{Y9g;IFvW11_uLky<Dg5?
zy;^~+={u>pk<OQ`g0(fjY1!-D*-8j$-{_2sct)&qIP3SC+fRku@4rZIXjxL-3^@rI
zq8U=j>IsfW;l+OGg%?zx&Y6**8s|?~&`_<VO~#RZSN6r|=&O!(C9FK^rOcZf1n)zK
z0M(e@6?M&Xj~=XzuSJb7?>>%LV+?uGdM5Zs3d*Nh8!q-??7j@opZ;rHvqoLPj1Qk1
z9bOXy{ls?_SQhBL-Fwj}TFP>{q>MD{cvk$F0`FbB9n!9U6wY7Dq?(YWf*5l0`HIx$
zMr*Hyo!d^dw&+kgzTs^e{%|WFAw~$878BV`V=oBsI<E$}vUa_=sk9_kBW!QJ>b!k`
zXL0NtCY|#sy$x@xw2t)@Zc~y}j~ZDdwR*0^-A`<1Vmw*-AS|XcPF8bLQ6;%+>Oy$F
zG|>zWZo8)KeGf#w$J=4rx-bjag<#|gI@$W=IU}f6x$YCa*U7433P*cEB4(*Pwexjy
zwX-``bdyS`y{1zS50iO?PkrM1mu7MkQ8T?m6^1hs@~d-i7TBj61wVF{F)HyoWh1uU
zB6$0|r(y?m7t=Dn3=?-0O1P)?)=z)(a2@)5V+g=8)8dO_TMESl2#!VZby>s9xv^eA
z`Azd7OK{dBid%f0GLuz4u`u_($WHPW&3NppS;t&+noD+i^OPg5g4fA3P&D)<<!!?L
z^Gz~H`CINS8N0?z6&CeNg=-3aT1E3!V_G54_gvTuc!>9M-kXX_9pA2bTh0CxWGL_B
zgxYpB5ZgNAVptk}%j_L&p^3_-K%L~0RaU%b{ScXLe`hMh#uwAkFMF3`j8`Qz!tNxH
z^_t9IJl=5zUo6W6gudv>Q}X{#vhS!0nyVY^OaGXt%kOI#cPJZi99gw*_~ct|`KAt0
z%1E|C<beN%t#9K&zKYBqIeO;J_Z3fZR_SH6UJzUF7cLp4p=isS+=4egxWro1Tp%Wx
z2yHnEZrh`{{qs3m^za#`hFy$87>pu+X5A-Th00TrBff_(lGyJ@^G_H{#UX%6pP^%s
zO+A5U4LT+*(EW|CA1tyUX}*<XUCH`5i562`z=d0_I@5%NVc?ZYi4hQ<Y&&w(8<{^T
z_{_EovDG&GNsn&AcjvUsHvv5)sN4OuEj%ta3D4;;9#JV7E~e7{K_)Rae^BE|GzY)c
zQvvhw=bYt&hX;5{B_ums8pb}DIiEVM$Nyu=hWhBB%)@UY;M$R(LU8&>a&vR`{Ij+O
zvU*0>DU3}i<ZlDGWC{JU-PP#FS@o3rIXva**s$-uMB)J7LO<eO2E>w9pT=#l`IXT#
zX5f9*3P%0WWMbv=Sx=$dSuk@(ajd4SV9mLA@ZonRee}CQB=hx=2BG0_Q+IPr@V=tt
z_a)1(!^r+MzLop6F;bF3PMeFqr1PI)0iD-)3v1fi@0M@ZaK__o;!4{u-@N+dFr>Q(
z_X+Se=t>)=&P79A%}d{$X-<6_>r>6Yq?0GZQMJ>ol)Bv;8*z{`cTjozQZh*DE=n)<
z9^Ow8LJkTBw!TWAJLTKs>X!5;vS4vZCcZ4u-BWkL3mZeJ%&$s#%(pu<7TjBYbjs?@
z2A1nMhi3|Xvv*5<bMvshtbM?b?lDw1wP8n$^F=OWJ1omv;Htdjt7URhXd`no>YmPo
zpkY`SO8De_)QHxy#h$`Aa0Xk$^ojS=v0d?CPRD9wVVWF}SGc9x5a2*orI8H-%(`lh
zO(r-Uf<u0^a=+?MT)bY3;cBy%YFe$Q6`@zT3f-M%6q<03DG#8u>a`PVt}6UH4GWWA
z8@WRp(oqSAp<`nVGVInMD8;r9Lp6<=wyA}U>W3@pp_|H`T$67VMON@di5;!T=PuSG
zlHWk6Z}b~zc@x?%?XzBjW1PfEW(AZ|h;p|$?)-J2T2dzoCM1R`SAa78Ax)%D_vv--
z5rQc2nXLvC0VME0C?OF*Y+wS2`Iim;H2?_ff55^5WFQe33Qz=wr~l6z@|@>iFztk@
ze|Q5XFoZ^|E_MC6)hcT?==UZMYXLXh*_Ix2YpyvDkaLr-Bgu7cyOaiqa*2rI19)e|
z<709wsi}~~F0Z(B{<DRK2$-{c+5XD9oAC&+>xU%kta9v5ipvqJE5RD0n5BRd7$h&>
z$m)IKA&(aCIb2|e%ZHj=s!6(g+g~NzUZ*9=l|(*MiD7G)iZY(B+{CI=xMds;g?kA7
zQ>h(NIg^LFGl357p+S%3j87G53>yKK_?zPT@%~k!Gg^$Uh1288oV<-v_nj|XzOo^G
zs{FFPc7S+8)ACxJ(bL_`)sz{vxdeEnx8NufYoH*p1}eJiIq1X*k{sv9CbYn}_Nk#7
z>9%nBi&m@wAGog_qNv(j9}9g`7W%Tmv>M~4+K1Pl*}*Lvhtu^R-}%W%=axSye%IH}
zGKJyK;<(sdG;i+Bh|qCfZIBvdk*BNAB)A)?`$pi_N7!C1uUw@S5CQ3VVHP~G#>a{t
zQuQ1An1PmeQdKi6e<(d1-_0GlM6D75c{CnqtJpx5XMH8$)NRtYp?h+vy#AjwA8}~(
zNMvrNxEm<oPv0+U(vKcnN>{+yUpNQO^TV;@Uk5(Z+bSQaze-cgUn+*70sQDcyJ*oI
zh%2|;BV<kDw>Y)7_)aB8|7iOnUZeGuF(bHHZV&&SFwCsKrS?jJ8Nr_y?Gfq-jG;^6
z^Ce0PR24@Ajxt`iESWgJsP(dvw4ww#74ov<Iy0e07r02Q>A@E!lmRD6syRdmOoacz
z^t`7~M>zy(+@|#uvQ>Qi(Zc5EiYaqX9&%D2SH1Sp<|HaliE+9wPk7u8nQfu$(gDUc
zM?fX%s~_2iDUf3irOFYsK1$@jg@*E?`M|K}k24r<O1q@^!>>QMP%{eVvRPh6UHp9n
zL!TAq1NZ>Y01Utm5D0Js_yb&jZE65j6dHv<K_QG%93TcbBLEDm&WsanytjOR+ehV0
Zb@U{W#1a7kGjry~*vbW0@BP#Ne*pwro@@XB

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..10e28fa01a430afea59df57317f35d781ff1486e
GIT binary patch
literal 1702
zcmZY8c{JOJ76<TOeu*Cmp$z&g(PMo^EQz($R;4n}R;|QdrHys0NeL=4L588V4>hI4
ztI#*;Vi-gxmeST%6y<5PXsxvz8iHqdnRDj7zH{Cm_uO;7_n!OL{ot4o8-&4eOeh>e
z>ahqcAsQwQt7byJ2qr`n#hy4OT=&Zes%FBKM3Djr14K>w%LIl~g;0N9kb=Q*(g=x|
z0N;tfbu&MMpaj5Rf^+tc<AcX2)KFfSo%IV#Ac{x%#r*7P?VTfGxbxfd)Ee1@l0KE;
zt0U3tD8DH~|4JQ|Ly8Bf=G-kY68c-~;r5>E^T|Bl#(|R6D|SDOc2R$#B-wegbMVjh
z;bZ7#_iI6yAOH1`cTMxCKYqr@>`5MN`)2&iqnGjSQda4LD*W$+_K{dN$0}imMrVYC
zZ|w}XEYY|X)wK~jLq0J_5~jAM{;yrzNd*Ge+aXJGk!SWN2U?6JlBVx{y~&uK-}EP*
zOZagVDMq&)pB}W#e-oV?6+MOKzW5=6;NJV{?)dz9j#A{p^Q?)3$7aYgzLT`?>j-X}
zmWNlu+ia3)<lWEGD|2RIOV9es8z0V6PF}t_bL(H?92+t@wN<%##F%GbE}Nn#`BlPI
zC6xZ{ci~yfrtI?hsP+9tsI9EQ+PJtO)?VXE)F&_Dm6`(Yh`O7X^HeF$TT7=`#q+dG
zxx850MZ)baF)f$0t8L3YT{q}+&t3O#D0JvjIb~~<5w}n^Mcw4sgOy>ECU4`?Tj?Lm
zCnihvNj5cAhjmi%Kj)&c&MtRkgYK?5>7zdeSfBEGwzoU_bppwX(ny6OsYDN#?W^?K
zZ#<lDmO>ha!FsmgJ5ZXS>}7j1wHM~)bl^`SY^5pmef2c1xI>?JIn;#sz9cicNXlUJ
zWL9@q!}^^K48?{o(72?mTzACQR;qPL3@xVUVcwK8>qjv+xI;$U9vHin;_=20=^4Dr
zOQ<nJDG+!>IQ}F!Oq0*@Yp9aa*%DUHj-lxa8A}(Y9#z~`rcCJWpT(Sz6VrXQw`k}0
zdLhHCjPW_&I5W|T%m-Zh$HWJ{(mUY}CNi8E-e%0Hz}a_$tSo<i&p$4OyoJzD*WO6>
z3v-t$Bc%J{IWpjTq&QYPu=uIFfWOhsZxL?bW%z4_O%sjV2AFf|&H_#G8aBXdRS=GE
zoQigL8{+TG8wgWUE5-C9P8vBtNg@&I|06<VMGhfCB8pL>f*{HN_&~wHY9?5NV}h0c
z&t}C{-X$x5w)F=a1QSd(Wm31h8vjzi`uwqsr^U*dgW#>AuJ-m={Rh!`;XT2*)fX0#
zO#}tv9_zQn`;nV!c@;DRv$tEIYGC}zqHJa*(03veRJg<VZn8=3g5JrD7r|Q#4hb_x
z53=B6oCdjS?%$g<FxV;Lp1EWnGAEN{_=K+Gy{rCuuAlqQ-+)qlr;+FC*p4kLD}SQ}
zlI*DWR~`G&hs0?TxG3jLVCj~+sIB*D0-KCE7FNFXsQ;(tG}WFVGOKWw9vGnNP&E)&
z<pEmHXQy6&1fqN4-@WAR;TejyAr`bHD6)B%6SBX({_bP$s}!Y-CIjDV5{%Uc<(7rb
zlU}|4`BO(Vl7+cW#c%`f0NFS{XTxsD&yBJ!Q$K3;p=c2>KkxH|-Nn(gJ(Zk9u$VVp
zEZWmC8;l_5VO_EvcP&-3)11go1zu8q4%sz#VoW|coqne#U^S)Njx?9)68IA0reVdQ
z7_5BefZfrGl+c8bf-^q&*6umY{Gm5d&MvvI6-spE*0cCdEepU!Kt-j(zVO!`mDYl~
zz)$>y)Sr*3#~-NL-3V@x1XrP?twe?~WUGk0*a!`U;c+&Z>A6!D$MT(pZ1H<;rUwn}
z!PT|VTFGv%Ipz*$htn7GLr1(*z($6mmj5)tIjICBcBoV1+8jxn-NE<t9yAncf(FBr
z%QA`;2y^x~<VIwuz!94_Fnv+3>eXwynSGA6AsAzXJg=50AEXqv;<Jd@K4H_EzE3OZ
z{1t|)MO#fFv=(0c9-Q3SiP?=eFB@1Bros%eXV=E9$ER|lMv9Ws^kPm3E;w%L=HpcE
z7LYxCY|gM3?sxcr_bpp3OfC)f;4k7d|NGEL1-v3czP7LwwAT;2MOC)`UgMVuglypQ
zG7kG?Ngl7JrV7LXc)%D40+N6TfC_{IvA}gv4+72sXK{F(It~emVWr`qvKWAnf2-ZI
h^iXFE2aFn1x{keK>a0+`2nnLQ|IE&UO4=U^{tdWe_eTH#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
new file mode 100644
index 0000000000000000000000000000000000000000..784e26ffb786bd96d7d95ecab3eaca6f55beca66
GIT binary patch
literal 604
zcmXqLVu~<mVsv2QWLT<oqN4rN^P>j5Y@Awc9&O)w85vnw84OGejSLLfm_u2(gf$Z@
zLVSW10*dmpQj<#*T=G-WD;1nmi%K%nGLsWaQWYFaOEU6{GD|8A<ivRm%?yo<4U7y8
zOpMH<#CeSk3@i;Spj-nTLoovph^f3NrWy(v2!O<yg*kKblM{0?@{3Ch8s{UsijkFp
zxv`hQps|ywv5{df{}rbdCG8=rc3R1IpWC}V^|yoV1;JT!?ljfBS|R?h<TEQ@;=zLz
zU7L1^Dn<RDy`xHxzhisJJ(ihE7tIXrURx1m_;wHD^ZPH~=r4#3{`RbE!HHZ)*JS0*
z=lufYHSU`|D!zYh;bu4gyxqLB->>-Tv$Sww$6fZ7ZM^npXDTmhDd%TmW@KPQb{;U$
zn41_G8H^s-<S9N|_GO2_{H|x*Eq*#rMNWk^+8@waY}u)DZoRvnWYVT5WfN8RJY4ZE
zE5oXM=cc6TJgPQv!XE7niznXHdp1d1CP-yt`LS>JZp^+JZXT8)Zj{EzVZkx$U{9R=
z^OG*8lXiL>?_Bo3uh#aVo6#I$wpka&SKF_gz+$Xx-^jHz^xU?oA!|SSFFJMjn`(98
zrHs~>McZbY<UWo6RwA==(JgJ3|4m0ZS&r=5(`2`$NTSam!^4Yrx$V|3PFB+sYF8w7
z&6{zgE_LRsx>KdkZ!5;0t4Xu1yCd>1lx6yg6rn9!4LpkW+<qPHzwCEAqvOOkGiH4B
Uwpirwk#)lE*|F0$DrE-%0ONc2ga7~l

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
new file mode 100644
index 0000000000..0a5c7a69f1
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy
+5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy
+ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV
+VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
+Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
+61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha256.pem b/ssl/test/axTLS.x509_1024_sha256.pem
new file mode 100644
index 0000000000..b1059b4385
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
+7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
+JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
+84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
+uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
+j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha384.pem b/ssl/test/axTLS.x509_1024_sha384.pem
new file mode 100644
index 0000000000..cbdca1d1b3
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha384.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
+WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
+UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
+HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
+HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
+ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha512.pem b/ssl/test/axTLS.x509_1024_sha512.pem
new file mode 100644
index 0000000000..83648e6630
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha512.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
+73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
+7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
+xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
+evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
+4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
new file mode 100644
index 0000000000000000000000000000000000000000..45a291293a5bf0f7c4cc0f272a0a924248dab5af
GIT binary patch
literal 736
zcmXqLV!C6{#CU{>lVPdWiHi15&rcfgvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MG&3|ZHZU?Y
zFflTZ66ZBGFt9YRfN~9V48;sYAg1!7m})3wAOI3)7Us;!PfpCq$S*Ddx=;z(S&Xa<
z%uS5^3_x)%rY1&4hM!SoHp^8DXK|$$FDhj7Wo~^bIqmTGg|jy9b9ue`g~9LH@8UO2
zt84h8re7g>>yrK*hZ3hl)AY`p9d}}0%)n#4_Vm4uu4SK!e2(xlid^R8sQxmk;Hj(a
z@!MxI{O;PMe`cytGqS7_-7tC53z0t0i=n42;)7Qn=zN#7$xVI6@;S4_q{Q+oypK*(
zIh-K$$JkyYc7~t!vZai&BJ1uOKalmj=+ZoYm!4PY#LZgMnttiJ&7aR>p(mz)QelTP
zGl!=D|C*0tYx(0RHa5NA9JZj9UG?{-o=A4z-C`#@1MW>T>oRYZKYo?9#`Ws^hGUm6
z`)r!wc_Z}a-;{mNV>P^#_wsj7Grh{h%*eoq974c|1BMVIgUqU~+buVuH|I+=Db;Li
zJ-K89BWu0IgO{B%CwIQR{#3x-y-xq@&x4a^Eoc3AB*p#EjuZAXFAL00%-P=EcwRp1
z!_VB>lTDfR`>&j3eOB{O=*-Ex2kz}T5O?HewR7kFgezwqH9Sv=ELeYC;Lkdn$(I;j
zw*(dn|K-gNGPf={Z(tFiwRD2?sq!Uv3-nhr8!u|S5q#c#Yxbq7HA^;bttsMQkvy?H
zr#3S&T=jh9-F0j4bJT1<UZ&`y&9iCkgQntcCq8oq$3rRm)9&jZnEmjm?5*D(pFHM#
zH)RxEJngi7u9Z5Qbf&q7#M$pRCe#S%tlao`OXlOBmuB<mgrDx7yWtXV<45xh0G=K)
A=>Px#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
new file mode 100644
index 0000000000..95bdb5a3a2
--- /dev/null
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm
+L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM
+aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD
+YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD
+AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG
+09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC
+uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN
+QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT
+z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
+QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
++dKbDCxXy4udsNINgfE3aA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
new file mode 100644
index 0000000000000000000000000000000000000000..f90fb1cc28c86af31bb0a93aa18c129d2d3698b6
GIT binary patch
literal 992
zcmV<610Vb_f&<(zf&#<>2>_)k$ashH=gKe*1_>&LNQU<f0RaUC05CK$GB7X(162eH
z6DeVMR7_JKP;zf-Wn*+8L~mqgc_2e&a&&2CX=7n@WgtOybZBpKX>@ro9v2NUHZd|Y
zFfuVPG%`0@7Y#EoFgY+dGBGeTGB;W<EHM@^6b1uT1PT)kVR%$bQy@@sZ)#;@bTJYz
z5C#KP1OpQZY;R*>Y-n$DbTEPfA}|dG2`Yw2hW8Bt0RaU71A+n%05F0A3Ic)x0RX@X
zPNUcKvn9yzIfRh^Ja}-RWuFDQX9x+(oE7a3%LIK=#ng2OOsJ>KE-x09%08^xg>X0Q
zHy|aHAmXdfU8nYqk9emEP$*t@iMl3G>DB#G&{0%Hy>h?v=@{Uxls)*#8#^D2T~~PE
zk0TLfZd+;!)#Ni%;Z$#3osW)YO`_>9pmANr#tXN$DJPEan3lpTOvq`8LMqkq`)yFx
zx>fS7?kh17EcuP4Cb=sNWQlqnIln6znZ`hF7X4Y9Vx%gfEm!rbL4d2C2&L4Hb0oOO
zSW{yIt@u-|@>!ZWEo2z-nt8)5EVM5>$dLQeyDZK*x6SD7Tm@pLZM*nop4GC5=|B~K
zA-Bus!~mm)bJqG&l?m=7Pj`KTt&oY=8=F;a%g5*n<$?>b{@*|ZPXV_zDZ7c-Vs^jS
zp&;Dkt0ek2p-G<4!Eu?#0eL<uiqg}3LoxzC2*QMphdE*~SoSIoQv2<t=r)nP6;i9f
z9O<}=;M9MbQ1fet*Q-ZXO_<4=jab!g@y6J&unHA}?aJ!?5bcwAs6r#_z>Z!;Hx1K3
z2=dh45AKOWq?mP9OnIwk+i45Pt5M9N^rjf1uQ|2jj0!531zLzJq>{hgja^fE?MY9a
z8b7;g2;-{-fLd5{wIJYn#8Z-fkR-X4U*ZafvR$K2BG~IN;gP4wf`I}90RRCo4F(A+
zhDe6@4FLfK1potr0RaFL<b1YOAf9vO!XcU?dCI8FDvNU%%p&e6Vm}`kN&sBi3drmV
zvZ6WvfbdhirN%{oh6}crAR0RL8C#v4v{h|iE~*Wq%)0wB;;$gB#>@KNiqM#QC5L6G
ze>~xk+?vfj)}U+iSBjy`u1Zt8<g8jpa|nwS7$pS5_^#>>tH{{n0)wpm#ij<5rH&0c
zZtJ76;$u0Laz23cXCmrpx#jBmWM%Zok51H8&SWe=1oB0YF#wZ+kV(ec5HML<F+he%
zoxzF3-hQsI`P4@Wbn@`gk=`2_+RRU4tv`?wHYgChMwpLkP$aax5?Jtasl)~0t7l#x
O8FkuLAF1^+tEA7R*1hro

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
new file mode 100644
index 0000000000..e6aaf2573d
--- /dev/null
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin
+zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/
+8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3
+tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA
+bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv
+O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9
+g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ
+xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr
+h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J
+Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7
+agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc
+2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6
+3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY
+4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
+kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
+vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
new file mode 100644
index 0000000000..1eeb6013ca
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2
+/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ
+EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM
+VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG
+5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
+npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
+osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
+WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
new file mode 100644
index 0000000000..89fe526af9
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9
+CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3
+NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc
+fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC
+3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
+DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
+wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
+7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
new file mode 100644
index 0000000000..c90d630499
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm
+CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP
+DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
+V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
+tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
+0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
new file mode 100644
index 0000000000..3d65fe60b8
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy
+MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH
+WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII
+WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
+Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
+xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
+EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
new file mode 100644
index 0000000000..2ecdabefaa
--- /dev/null
+++ b/ssl/test/axTLS.x509_device.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3
+WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d
+D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8
+vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe
+Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx
+dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi
+WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc
+bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
+6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
+IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
+TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain.pem b/ssl/test/axTLS.x509_end_chain.pem
new file mode 100644
index 0000000000..c0a4eb3c78
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
+A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
+xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
+69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
+v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
+7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
+7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
+/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
+5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
+Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
+1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
+eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
+57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain_bad.pem b/ssl/test/axTLS.x509_end_chain_bad.pem
new file mode 100644
index 0000000000..743dbc07e0
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain_bad.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
+NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
+EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
+z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
+Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
+tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
+A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
+1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
+AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
+ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
+GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
+zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
+064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
+4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca.pem b/ssl/test/axTLS.x509_intermediate_ca.pem
new file mode 100644
index 0000000000..4fbad81b05
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca2.pem b/ssl/test/axTLS.x509_intermediate_ca2.pem
new file mode 100644
index 0000000000..ea8ab7d7df
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca2.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
+cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
+fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
+XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
+rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
+hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
+wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
+t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
+HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
+4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
+eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
+rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
+FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
+Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
new file mode 100644
index 0000000000..ceb241ea19
--- /dev/null
+++ b/ssl/test/ssltest.c
@@ -0,0 +1,2589 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The testing of the crypto and ssl stuff goes here. Keeps the individual code
+ * modules from being uncluttered with test code.
+ *
+ * This is test code - I make no apologies for the quality!
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifndef WIN32
+#include <pthread.h>
+#endif
+
+#include "os_port.h"
+#include "ssl.h"
+
+#define DEFAULT_CERT            "../ssl/test/axTLS.x509_1024.cer"
+#define DEFAULT_KEY             "../ssl/test/axTLS.key_1024"     
+//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_SVR_OPTION      0
+//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_CLNT_OPTION     0
+
+/* hack to remove gcc warning */
+#define SYSTEM(A)           if (system(A) < 0) printf("system call error\n");
+
+static int g_port = 19001;
+
+/**************************************************************************
+ * AES tests 
+ * 
+ * Run through a couple of the RFC3602 tests to verify that AES is correct.
+ **************************************************************************/
+#define TEST1_SIZE  16
+#define TEST2_SIZE  32
+
+static int AES_test(BI_CTX *bi_ctx)
+{
+    AES_CTX aes_key;
+    int res = 1;
+    uint8_t key[TEST1_SIZE];
+    uint8_t iv[TEST1_SIZE];
+
+    {
+        /*
+            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
+            Key       : 0x06a9214036b8a15b512e03d534120006
+            IV        : 0x3dafba429d9eb430b422da802c9fac41
+            Plaintext : "Single block msg"
+            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
+
+        */
+        char *in_str =  "Single block msg";
+        uint8_t ct[TEST1_SIZE];
+        uint8_t enc_data[TEST1_SIZE];
+        uint8_t dec_data[TEST1_SIZE];
+
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "06A9214036B8A15B512E03D534120006");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "E353779C1079AEB82708942DBE77181A");
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
+                enc_data, sizeof(enc_data));
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: AES ENCRYPT #1 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+
+        if (memcmp(dec_data, in_str, sizeof(dec_data)))
+        {
+            printf("Error: AES DECRYPT #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        /*
+            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
+            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
+            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
+            Plaintext : 0x000102030405060708090a0b0c0d0e0f
+                          101112131415161718191a1b1c1d1e1f
+            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
+                          7586602d253cfff91b8266bea6d61ab1
+        */
+        uint8_t in_data[TEST2_SIZE];
+        uint8_t ct[TEST2_SIZE];
+        uint8_t enc_data[TEST2_SIZE];
+        uint8_t dec_data[TEST2_SIZE];
+
+        bigint *in_bi = bi_str_import(bi_ctx,
+            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
+        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
+                enc_data, sizeof(enc_data));
+
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: ENCRYPT #2 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+        if (memcmp(dec_data, in_data, sizeof(dec_data)))
+        {
+            printf("Error: DECRYPT #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All AES tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA1 tests 
+ *
+ * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
+ **************************************************************************/
+static int SHA1_test(BI_CTX *bi_ctx)
+{
+    SHA1_CTX ctx;
+    uint8_t ct[SHA1_SIZE];
+    uint8_t digest[SHA1_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "A9993E364706816ABA3E25717850C26C9CD0D89D");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA1 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA256 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
+ **************************************************************************/
+static int SHA256_test(BI_CTX *bi_ctx)
+{
+    SHA256_CTX ctx;
+    uint8_t ct[SHA256_SIZE];
+    uint8_t digest[SHA256_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA256 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA384 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
+ **************************************************************************/
+static int SHA384_test(BI_CTX *bi_ctx)
+{
+    SHA384_CTX ctx;
+    uint8_t ct[SHA384_SIZE];
+    uint8_t digest[SHA384_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA384 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * SHA512 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
+ **************************************************************************/
+static int SHA512_test(BI_CTX *bi_ctx)
+{
+    SHA512_CTX ctx;
+    uint8_t ct[SHA512_SIZE];
+    uint8_t digest[SHA512_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA512 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * MD5 tests 
+ *
+ * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
+ **************************************************************************/
+static int MD5_test(BI_CTX *bi_ctx)
+{
+    MD5_CTX ctx;
+    uint8_t ct[MD5_SIZE];
+    uint8_t digest[MD5_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str =  "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx, 
+                "900150983CD24FB0D6963F7D28E17F72");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #2 failed\n");
+            goto end;
+        }
+    }
+    res = 0;
+    printf("All MD5 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * HMAC tests 
+ *
+ * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
+ **************************************************************************/
+static int HMAC_test(BI_CTX *bi_ctx)
+{
+    uint8_t key[SHA256_SIZE];
+    uint8_t ct[SHA256_SIZE];
+    uint8_t dgst[SHA256_SIZE];
+    int res = 1;
+    const char *key_str;
+
+    const char *data_str = "Hi There";
+    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
+    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #2 failed\n");
+        goto end;
+    }
+   
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
+    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, SHA1_SIZE, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #2 failed\n");
+        goto end;
+    }
+
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx,
+            "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
+    bi_export(bi_ctx, key_bi, key, 20);
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, 20, dgst);
+
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #1 failed\n");
+        goto end;
+    } 
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx,
+            "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 28, 
+            (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #2 failed\n");
+        goto end;
+    }
+
+    // other test
+    /*uint8_t secret[16];
+    key_str = "9BBE436BA940F017B17652849A71DB35";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 16);
+
+    uint8_t random[26];
+    data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 26);
+
+    uint8_t output[256];
+    p_hash_sha256(secret, 16, random, 26, output, 100);
+    ct_bi = bi_import(bi_ctx, output, 100);
+    bi_print("RESULT", ct_bi);
+    */
+
+    /*uint8_t secret[48];
+    uint8_t random[256];
+    uint8_t output[256];
+
+    key_str =
+        "8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 48);
+
+    data_str =
+        "636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 47);
+
+    p_hash_sha256(secret, 48, random, 47, output, 12);
+    ct_bi = bi_import(bi_ctx, output, 12);
+    bi_print("RESULT1", ct_bi);*/
+
+    res = 0;
+    printf("All HMAC tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+static int BIGINT_test(BI_CTX *ctx)
+{
+    int res = 1;
+
+#ifndef CONFIG_INTEGER_8BIT 
+#ifndef CONFIG_INTEGER_16BIT 
+    bigint *bi_data, *bi_exp, *bi_res;
+    const char *expnt, *plaintext, *mod;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
+
+    mod = "C30773C8ABE09FCC279EE0E5343370DE"
+          "8B2FFDB6059271E3005A7CEEF0D35E0A"
+          "1F9915D95E63560836CC2EB2C289270D"
+          "BCAE8CAF6F5E907FC2759EE220071E1B";
+
+    expnt = "A1E556CD1738E10DF539E35101334E97"
+          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
+          "F3140F5091CC535CBAA47CEC4159EE1F"
+          "B6A3661AFF1AB758426EAB158452A9B9";
+
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_exp = int_to_bi(ctx, 0x10001);
+    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+
+    bi_data = bi_res;   /* resuse again - see if we get the original */
+
+    bi_exp = bi_str_import(ctx, expnt);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+    bi_free_mod(ctx, 0);
+
+    bi_export(ctx, bi_res, compare, 64);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+#endif
+#endif
+
+    /*
+     * Multiply with psssible carry issue (8 bit)
+     */
+    {
+        bigint *bi_x = bi_str_import(ctx, 
+                "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
+        bigint *arg2 = bi_clone(ctx, bi_x);
+        bigint *arg3 = bi_clone(ctx, bi_x);
+        bigint *sqr_result = bi_square(ctx, bi_x);
+        bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
+
+        if (bi_compare(sqr_result, mlt_result) != 0)
+        {
+            bi_print("SQR_RESULT", sqr_result);
+            bi_print("MLT_RESULT", mlt_result);
+            bi_free(ctx, sqr_result);
+            bi_free(ctx, mlt_result);
+            goto end;
+        }
+
+        bi_free(ctx, sqr_result);
+        bi_free(ctx, mlt_result);
+    }
+
+    printf("All BIGINT tests passed\n");
+    res = 0;
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RSA tests 
+ *
+ * Use the results from openssl to verify PKCS1 etc 
+ **************************************************************************/
+static int RSA_test(void)
+{
+    int res = 1;
+    const char *plaintext = /* 128 byte hex number */
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
+    uint8_t enc_data[128], dec_data[128];
+    RSA_CTX *rsa_ctx = NULL;
+    BI_CTX *bi_ctx;
+    bigint *plaintext_bi;
+    bigint *enc_data_bi, *dec_data_bi;
+    uint8_t enc_data2[128], dec_data2[128];
+    int len; 
+    uint8_t *buf;
+
+    RNG_initialize();
+
+    /* extract the private key elements */
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
+    {
+        goto end;
+    }
+
+    free(buf);
+    bi_ctx = rsa_ctx->bi_ctx;
+    plaintext_bi = bi_import(bi_ctx, 
+            (const uint8_t *)plaintext, strlen(plaintext));
+
+    /* basic rsa encrypt */
+    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
+    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
+
+    /* basic rsa decrypt */
+    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
+    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
+
+    if (memcmp(dec_data, plaintext, strlen(plaintext)))
+    {
+        printf("Error: DECRYPT #1 failed\n");
+        goto end;
+    }
+
+    if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
+    {
+        printf("Error: ENCRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
+    if (memcmp("abc", dec_data2, 3))
+    {
+        printf("Error: DECRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_free(rsa_ctx);
+    res = 0;
+    printf("All RSA tests passed\n");
+
+end:
+    RNG_terminate();
+    return res;
+}
+
+/**************************************************************************
+ * Cert Testing
+ *
+ **************************************************************************/
+static int cert_tests(void)
+{
+    int res = -1, len;
+    X509_CTX *x509_ctx;
+    SSL_CTX *ssl_ctx;
+    uint8_t *buf;
+
+    /* check a bunch of 3rd party certificates */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #1\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/thawte.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #2\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #3\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/equifax.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #4\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/gnutls.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/socgen.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
+    {
+        printf("Cert #7\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #8\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, 
+              SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #9\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #10\n");
+        res = -1;
+        goto bad_cert;
+    }
+
+    if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
+    {
+        printf("Cert #11\n");
+        res = -1;
+        goto bad_cert;
+    }
+    x509_free(x509_ctx);
+    free(buf);
+
+    // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    res = 0;        /* all ok */
+    printf("All Certificate tests passed\n");
+
+bad_cert:
+    if (res)
+        printf("Error: A certificate test failed\n");
+
+    return res;
+}
+
+/**
+ * init a server socket.
+ */
+static int server_socket_init(int *port)
+{
+    struct sockaddr_in serv_addr;
+    int server_fd;
+    char yes = 1;
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        return -1;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+go_again:
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(*port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        (*port)++;
+        goto go_again;
+    }
+    /* Mark the socket so it will listen for incoming connections */
+    if (listen(server_fd, 3000) < 0)
+    {
+        return -1;
+    }
+
+    return server_fd;
+}
+
+/**
+ * init a client socket.
+ */
+static int client_socket_init(uint16_t port)
+{
+    struct sockaddr_in address;
+    int client_fd;
+
+    address.sin_family = AF_INET;
+    address.sin_port = htons(port);
+    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
+    client_fd = socket(AF_INET, SOCK_STREAM, 0);
+    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
+    {
+        perror("socket");
+        SOCKET_CLOSE(client_fd);
+        client_fd = -1;
+    }
+
+    return client_fd;
+}
+
+/**************************************************************************
+ * SSL Server Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    /* not used as yet */
+    int dummy;
+} SVR_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} client_t;
+
+static void do_client(client_t *clnt)
+{
+    char openssl_buf[2048];
+    usleep(200000);           /* allow server to start */
+
+    /* show the session ids in the reconnect test */
+    if (strcmp(clnt->testname, "Session Reuse") == 0)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
+            g_port, clnt->openssl_option);
+    }
+    else if (strstr(clnt->testname, "GNUTLS") == NULL)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+#ifdef WIN32
+            "-connect localhost:%d -quiet %s",
+#else
+            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
+#endif
+            g_port, clnt->openssl_option);
+    }
+    else /* gnutls */
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
+#ifdef WIN32
+            "-p %d %s localhost",
+#else
+            "-p %d %s localhost > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
+
+//printf("CLIENT %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_server_test(
+        const char *testname, 
+        const char *openssl_option, 
+        const char *device_cert, 
+        const char *product_cert, 
+        const char *private_key,
+        const char *ca_cert,
+        const char *password,
+        int axtls_option)
+{
+    int server_fd, ret = 0;
+    SSL_CTX *ssl_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    client_t client_data;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    g_port++;
+
+    client_data.testname = testname;
+    client_data.openssl_option = openssl_option;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    if (private_key)
+    {
+        axtls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    if (private_key)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+
+        if (strstr(private_key, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+
+    if (device_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (product_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (ca_cert)                  /* test adding certificate authorities */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_client, (void *)&client_data);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
+            (LPVOID)&client_data, 0, NULL);
+#endif
+
+    for (;;)
+    {
+        int client_fd, size = 0; 
+        SSL *ssl;
+
+        /* Wait for a client to connect */
+        if ((client_fd = accept(server_fd, 
+                        (struct sockaddr *)&client_addr, &clnt_len)) < 0)
+        {
+            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+            goto error;
+        }
+        
+        /* we are ready to go */
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
+        SOCKET_CLOSE(client_fd);
+        
+        if (size == SSL_CLOSE_NOTIFY)
+        {
+            /* do nothing */ 
+        }
+        else if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ret = size;
+
+            if (ret == SSL_ERROR_CONN_LOST)
+                continue;
+
+            break;  /* we've got a problem */
+        }
+        else /* looks more promising */
+        {
+            if (strstr("hello client", (char *)read_buf) == NULL)
+            {
+                printf("SSL server test \"%s\" passed\n", testname);
+                TTY_FLUSH();
+                ret = 0;
+                break;
+            }
+        }
+
+        ssl_free(ssl);
+    }
+
+    SOCKET_CLOSE(server_fd);
+
+error:
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+int SSL_server_tests(void)
+{
+    int ret = -1;
+    struct stat stat_buf;
+    SVR_CTX svr_test_ctx;
+    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
+
+    printf("### starting server tests\n"); TTY_FLUSH();
+
+    /* Go through the algorithms */
+
+    /* 
+     * TLS client hello 
+     */
+
+    /*
+     * AES128-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES256-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA TLS1.2", 
+                    "-cipher AES256-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA256 TLS1.2", 
+                    "-cipher AES128-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+
+    /*
+     * AES256-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA256 TLS1.2", 
+                    "-cipher AES256-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.1
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.0
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.0", 
+                    "-cipher AES128-SHA -tls1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * Session Reuse
+     * all the session id's should match for session resumption.
+     */
+    if ((ret = SSL_server_test("Session Reuse", 
+                    "-cipher AES128-SHA -reconnect -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 1024 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test("1024 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 2048 bit RSA key 
+     */
+    if ((ret = SSL_server_test("2048 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "../ssl/test/axTLS.key_2048",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 4096 bit RSA key 
+     */
+    if ((ret = SSL_server_test("4096 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "../ssl/test/axTLS.key_4096",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA256
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA256",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha256.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA384
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA384",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha384.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA512
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA512",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha512.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Client Verification
+     */
+    if ((ret = SSL_server_test("Client Verification TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ", 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("Client Verification TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* this test should fail */
+    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    {
+        if ((ret = SSL_server_test("Error: Bad Before Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
+            goto cleanup;
+
+        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
+        TTY_FLUSH();
+    }
+
+    /* this test should fail */
+    if ((ret = SSL_server_test("Error: Bad After Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
+    TTY_FLUSH();
+
+    /*
+     * No trusted cert
+     */
+    if ((ret = SSL_server_test("Error: No trusted certificate", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "No trusted certificate");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the server)
+     */
+    if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", 
+                            "Self-signed certificate (from server)");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the client)
+     */
+    if ((ret = SSL_server_test("Self-signed certificate (from client)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer",
+                    NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* 
+     * Key in PEM format
+     */
+    if ((ret = SSL_server_test("Key in PEM format",
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert in PEM format
+     */
+    if ((ret = SSL_server_test("Cert in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert chain in PEM format
+     */
+    if ((ret = SSL_server_test("Cert chain in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_device.pem", 
+                    NULL, "../ssl/test/axTLS.key_device.pem",
+                    "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES256 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES256 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes256.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted invalid key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted invalid key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
+    TTY_FLUSH();
+
+    /*
+     * PKCS#8 key (encrypted)
+     */
+    if ((ret = SSL_server_test("pkcs#8 encrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted DER format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 DER unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted PEM format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#12 key/certificate
+     */
+    if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher AES128-SHA", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher AES128-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * GNUTLS
+     */
+    if ((ret = SSL_server_test("GNUTLS client", 
+                    "",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+    
+    if ((ret = SSL_server_test("GNUTLS client with verify", 
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL, 
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        printf("Error: A server test failed\n");
+        ssl_display_error(ret);
+        exit(1);
+    }
+    else
+    {
+        printf("All server tests passed\n"); TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Client Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+#ifndef WIN32
+    pthread_t server_thread;
+#endif
+    int start_server;
+    int stop_server;
+    int do_reneg;
+} CLNT_SESSION_RESUME_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+    int do_gnutls;
+} server_t;
+
+static void do_server(server_t *svr)
+{
+    char openssl_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    if (svr->do_gnutls)
+    {
+        sprintf(openssl_buf, "gnutls-serv " 
+                "-p %d --quiet %s ", g_port, svr->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "openssl s_server " 
+#ifdef WIN32
+                "-accept %d -quiet %s", 
+#else
+                "-accept %d -quiet %s > /dev/null", 
+#endif
+                g_port, svr->openssl_option);
+    }
+//printf("SERVER %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_client_test(
+        const char *test,
+        SSL_CTX **ssl_ctx,
+        const char *openssl_option, 
+        CLNT_SESSION_RESUME_CTX *sess_resume,
+        uint32_t client_options,
+        const char *private_key,
+        const char *password,
+        const char *cert)
+{
+    server_t server_data;
+    SSL *ssl = NULL;
+    int client_fd = -1;
+    uint8_t *session_id = NULL;
+    int ret = 1;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
+
+    if (sess_resume == NULL || sess_resume->start_server)
+    {
+        g_port++;
+        server_data.openssl_option = openssl_option;
+
+#ifndef WIN32
+        pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_server, (void *)&server_data);
+        pthread_detach(thread);
+#else
+        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
+            (LPVOID)&server_data, 0, NULL);
+#endif
+    }
+    
+    usleep(200000);           /* allow server to start */
+
+    if (*ssl_ctx == NULL)
+    {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
+        if ((*ssl_ctx = ssl_ctx_new(
+                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto client_test_exit;
+        }
+
+        if (private_key)
+        {
+            int obj_type = SSL_OBJ_RSA_KEY;
+
+            if (strstr(private_key, ".p8"))
+                obj_type = SSL_OBJ_PKCS8;
+            else if (strstr(private_key, ".p12"))
+                obj_type = SSL_OBJ_PKCS12;
+
+            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
+            {
+                ret = SSL_ERROR_INVALID_KEY;
+                goto client_test_exit;
+            }
+        }
+
+        if (cert)                  
+        {
+            if ((ret = ssl_obj_load(*ssl_ctx, 
+                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
+            {
+                printf("could not add cert %s (%d)\n", cert, ret);
+                TTY_FLUSH();
+                goto client_test_exit;
+            }
+        }
+
+        if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                "../ssl/test/axTLS.ca_x509.cer", NULL))
+        {
+            printf("could not add cert auth\n"); TTY_FLUSH();
+            goto client_test_exit;
+        }
+    }
+    
+    if (sess_resume && !sess_resume->start_server) 
+    {
+        session_id = sess_resume->session_id;
+    }
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+    {
+        printf("could not start socket on %d\n", g_port); TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    ssl = ssl_client_new(*ssl_ctx, client_fd, 
+            session_id, sizeof(session_id), NULL);
+
+    /* check the return status */
+    if ((ret = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    /* renegotiate client */
+    if (sess_resume && sess_resume->do_reneg) 
+    {
+        if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION) 
+            ret = 0;
+        else
+            ret = -SSL_ALERT_NO_RENEGOTIATION;
+
+        goto client_test_exit;
+    }
+
+    if (sess_resume)
+    {
+        memcpy(sess_resume->session_id, 
+                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
+                                            (ret = ssl_verify_cert(ssl)))
+    {
+        goto client_test_exit;
+    }
+
+    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
+    if (sess_resume)
+    {
+        const uint8_t *sess_id = ssl_get_session_id(ssl);
+        int i;
+
+        printf("    Session-ID: ");
+        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+        {
+            printf("%02X", sess_id[i]);
+        }
+        printf("\n");
+        TTY_FLUSH();
+    }
+
+    ret = 0;
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    usleep(200000);           /* allow openssl to say something */
+
+    if (sess_resume)
+    {
+        if (sess_resume->stop_server)
+        {
+            ssl_ctx_free(*ssl_ctx);
+            *ssl_ctx = NULL;
+        }
+        else if (sess_resume->start_server)
+        {
+#ifndef WIN32
+           sess_resume->server_thread = thread;
+#endif
+        }
+    }
+    else
+    {
+        ssl_ctx_free(*ssl_ctx);
+        *ssl_ctx = NULL;
+    }
+
+    if (ret == 0)
+    {
+        printf("SSL client test \"%s\" passed\n", test);
+        TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+int SSL_client_tests(void)
+{
+    int ret =  -1;
+    SSL_CTX *ssl_ctx = NULL;
+    CLNT_SESSION_RESUME_CTX sess_resume;
+    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
+
+    sess_resume.start_server = 1;
+    printf("### starting client tests\n");
+   
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", 
+                    &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* all the session id's should match for session resumption */
+    sess_resume.start_server = 0;
+    if ((ret = SSL_client_test("Client session resumption #1", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    // no client renegotiation
+    sess_resume.do_reneg = 1;
+    // test relies on openssl killing the call
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
+
+    sess_resume.stop_server = 1;
+    if ((ret = SSL_client_test("Client session resumption #2", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("2048 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("4096 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_4096.pem "
+                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.1", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.0", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Basic Constraint - len OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Basic Constraint - len NOT OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca2.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
+                            != SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
+    {
+        printf("*** Error: %d\n", ret); 
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
+        goto cleanup;
+    }
+
+    printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
+
+    if ((ret = SSL_client_test("Server cert chaining", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_device.pem "
+                    "-key ../ssl/test/axTLS.key_device.pem "
+                    "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication TLS1.1",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
+     * the certificate verification fails) */
+    if ((ret = SSL_client_test("Error: Expired cert (verify now)",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify now)\" passed\n");
+
+    /* There is no "ERROR" from openssl */
+    if ((ret = SSL_client_test("Error: Expired cert (verify later)", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
+                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    /* invalid cert type */
+    /*if ((ret = SSL_client_test("Error: Invalid certificate type", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")) 
+                            != SSL_ERROR_INVALID_KEY)
+    {
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Invalid certificate type\" passed\n"); */
+
+    if ((ret = SSL_client_test("GNUTLS client", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
+                    DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")))
+        goto cleanup;
+
+    ret = 0;
+
+    if ((ret = SSL_client_test("GNUTLS client with verify", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem"))) 
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        ssl_display_error(ret);
+        printf("Error: A client test failed\n");
+        SYSTEM("sh ../ssl/test/killopenssl.sh");
+        SYSTEM("sh ../ssl/test/killgnutls.sh");
+        exit(1);
+    }
+    else
+    {
+        printf("All client tests passed\n"); TTY_FLUSH();
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Basic Testing (test a big packet handshake)
+ *
+ **************************************************************************/
+static uint8_t basic_buf[256*1024];
+
+static void do_basic(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    /* check the return status */
+    if (ssl_handshake_status(ssl_clnt) < 0)
+    {
+        ssl_display_error(ssl_handshake_status(ssl_clnt));
+        goto error;
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_basic_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_basic, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL basic test passed\n" :
+                            "SSL basic test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL unblocked case
+ *
+ **************************************************************************/
+static void do_unblocked(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, 
+                            SSL_DEFAULT_CLNT_SESS |
+                            SSL_CONNECT_IN_PARTS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    {
+#ifdef WIN32
+        u_long argp = 1;
+        ioctlsocket(client_fd, FIONBIO, &argp);
+#else
+        int flags = fcntl(client_fd, F_GETFL, NULL);
+        fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
+#endif
+    }
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
+    {
+        if (ssl_read(ssl_clnt, NULL) < 0)
+        {
+            ssl_display_error(ssl_handshake_status(ssl_clnt));
+            goto error;
+        }
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_unblocked_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_unblocked, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked, 
+                        NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL unblocked test passed\n" :
+                            "SSL unblocked test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         100
+
+typedef struct
+{
+    SSL_CTX *ssl_clnt_ctx;
+    int port;
+    int thread_id;
+} multi_t;
+
+void do_multi_clnt(multi_t *multi_data)
+{
+    int res = 1, client_fd, i;
+    SSL *ssl = NULL;
+    char tmp[5];
+
+    if ((client_fd = client_socket_init(multi_data->port)) < 0)
+        goto client_test_exit;
+
+    usleep(200000);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    if ((res = ssl_handshake_status(ssl)))
+    {
+        printf("Client ");
+        ssl_display_error(res);
+        goto client_test_exit;
+    }
+
+    sprintf(tmp, "%d\n", multi_data->thread_id);
+    for (i = 0; i < 10; i++)
+        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    free(multi_data);
+}
+
+void do_multi_svr(SSL *ssl)
+{
+    uint8_t *read_buf;
+    int *res_ptr = malloc(sizeof(int));
+    int res;
+
+    for (;;)
+    {
+        res = ssl_read(ssl, &read_buf);
+
+        /* kill the client */
+        if (res != SSL_OK)
+        {
+            if (res == SSL_ERROR_CONN_LOST)
+            {
+                SOCKET_CLOSE(ssl->client_fd);
+                ssl_free(ssl);
+                break;
+            }
+            else if (res > 0)
+            {
+                /* do nothing */
+            }
+            else /* some problem */
+            {
+                printf("Server ");
+                ssl_display_error(res);
+                goto error;
+            }
+        }
+    }
+
+    res = SSL_OK;
+error:
+    *res_ptr = res;
+    pthread_exit(res_ptr);
+}
+
+int multi_thread_test(void)
+{
+    int server_fd = -1;
+    SSL_CTX *ssl_server_ctx;
+    SSL_CTX *ssl_clnt_ctx;
+    pthread_t clnt_threads[NUM_THREADS];
+    pthread_t svr_threads[NUM_THREADS];
+    int i, res = 0;
+    struct sockaddr_in client_addr;
+    socklen_t clnt_len = sizeof(client_addr);
+
+    printf("Do multi-threading test (takes a minute)\n");
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
+        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
+        multi_data->port = g_port;
+        multi_data->thread_id = i+1;
+        pthread_create(&clnt_threads[i], NULL, 
+                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
+        pthread_detach(clnt_threads[i]);
+    }
+
+    for (i = 0; i < NUM_THREADS; i++)
+    { 
+        SSL *ssl_svr;
+        int client_fd = accept(server_fd, 
+                      (struct sockaddr *)&client_addr, &clnt_len);
+
+        if (client_fd < 0)
+            goto error;
+
+        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
+
+        pthread_create(&svr_threads[i], NULL, 
+                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
+    }
+
+    /* make sure we've run all of the threads */
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        void *thread_res;
+        pthread_join(svr_threads[i], &thread_res);
+
+        if (*((int *)thread_res) != 0)
+            res = 1;
+
+        free(thread_res);
+    } 
+
+    if (res) 
+        goto error;
+
+    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(server_fd);
+    return res;
+}
+#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ 
+
+/**************************************************************************
+ * Header issue
+ *
+ **************************************************************************/
+//static void do_header_issue(void)
+//{
+//    char axtls_buf[2048];
+//#ifndef WIN32
+//    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+//#endif
+//    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
+//    SYSTEM(axtls_buf);
+//}
+//
+//static int header_issue(void)
+//{
+//    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
+//    int server_fd = -1, client_fd = -1, ret = 1;
+//    uint8_t buf[2048];
+//    int size = 0;
+//    struct sockaddr_in client_addr;
+//    socklen_t clnt_len = sizeof(client_addr);
+//#ifndef WIN32
+//    pthread_t thread;
+//#endif
+//
+//    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
+//        goto error;
+//
+//#ifndef WIN32
+//    pthread_create(&thread, NULL, 
+//                (void *(*)(void *))do_header_issue, NULL);
+//    pthread_detach(thread);
+//#else
+//    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
+//                NULL, 0, NULL);
+//#endif
+//    if ((client_fd = accept(server_fd, 
+//                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    size = fread(buf, 1, sizeof(buf), f);
+//    if (SOCKET_WRITE(client_fd, buf, size) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    usleep(200000);
+//
+//    ret = 0;
+//error:
+//    fclose(f);
+//    SOCKET_CLOSE(client_fd);
+//    SOCKET_CLOSE(server_fd);
+//    TTY_FLUSH();
+//    SYSTEM("killall axssl");
+//    return ret;
+//}
+
+/**************************************************************************
+ * main()
+ *
+ **************************************************************************/
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    BI_CTX *bi_ctx;
+    int fd;
+
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
+    dup2(fd, 2);                        /* write stderr to this file */
+#else
+    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+    dup2(fd, 2);
+#endif
+
+    /* can't do testing in this mode */
+#if defined CONFIG_SSL_GENERATE_X509_CERT
+    printf("Error: Must compile with default key/certificates\n");
+    exit(1);
+#endif
+
+    bi_ctx = bi_initialize();
+
+    if (AES_test(bi_ctx))
+    {
+        printf("AES tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (MD5_test(bi_ctx))
+    {
+        printf("MD5 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA1_test(bi_ctx))
+    {
+        printf("SHA1 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA256_test(bi_ctx))
+    {
+        printf("SHA256 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA384_test(bi_ctx))
+    {
+        printf("SHA384 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA512_test(bi_ctx))
+    {
+        printf("SHA512 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (HMAC_test(bi_ctx))
+    {
+        printf("HMAC tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (BIGINT_test(bi_ctx))
+    {
+        printf("BigInt tests failed!\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    bi_terminate(bi_ctx);
+
+    if (RSA_test())
+    {
+        printf("RSA tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (cert_tests())
+    {
+        printf("CERT tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+    if (multi_thread_test())
+        goto cleanup;
+#endif
+
+    if (SSL_basic_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_unblocked_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_client_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killgnutls.sh");
+
+    if (SSL_server_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+//    if (header_issue())
+//    {
+//        printf("Header tests failed\n"); TTY_FLUSH();
+//        goto cleanup;
+//    }
+
+    ret = 0;        /* all ok */
+    printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
+cleanup:
+
+    if (ret)
+        printf("Error: Some tests failed!\n");
+
+    close(fd);
+    return ret;
+}
diff --git a/ssl/tls1.c b/ssl/tls1.c
new file mode 100644
index 0000000000..ac347d261a
--- /dev/null
+++ b/ssl/tls1.c
@@ -0,0 +1,2603 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Common ssl/tlsv1 code to both the client and server implementations.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* The session expiry time */
+#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
+
+static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
+static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
+static const char * server_finished = "server finished";
+static const char * client_finished = "client finished";
+
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
+static int set_key_block(SSL *ssl, int is_write);
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
+static int send_raw_packet(SSL *ssl, uint8_t protocol);
+static void certificate_free(SSL* ssl);
+static int increase_bm_data_size(SSL *ssl, size_t size);
+static int check_certificate_chain(SSL *ssl);
+
+/**
+ * The server will pick the cipher based on the order that the order that the
+ * ciphers are listed. This order is defined at compile time.
+ */
+#ifndef CONFIG_SSL_SKELETON_MODE
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
+#endif
+
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_AES128_SHA, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES256_SHA256 };
+#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
+{ SSL_AES128_SHA256, SSL_AES256_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };    
+#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
+{ SSL_AES256_SHA256, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };
+#endif
+
+/**
+ * The cipher map containing all the essentials for each cipher.
+ */
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* AES128-SHA */
+        SSL_AES128_SHA,                 /* AES128-SHA */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+16+16),            /* key block size */
+        hmac_sha1_v,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },
+    {   /* AES256-SHA */
+        SSL_AES256_SHA,                 /* AES256-SHA */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+32+16),            /* key block size */
+        hmac_sha1_v,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* AES128-SHA256 */
+        SSL_AES128_SHA256,              /* AES128-SHA256 */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256_v,                  /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* AES256-SHA256 */
+        SSL_AES256_SHA256,              /* AES256-SHA256 */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256_v,                  /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    }
+};
+
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
+        uint8_t *out, int olen);
+static const cipher_info_t *get_cipher_info(uint8_t cipher);
+static void increment_read_sequence(SSL *ssl);
+static void increment_write_sequence(SSL *ssl);
+static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
+
+/* win32 VC6.0 doesn't have variadic macros */
+#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...) {}
+#endif
+
+/**
+ * Allocate new SSL extensions structure and return pointer to it
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
+{
+    return (SSL_EXTENSIONS *)calloc(1, sizeof(SSL_EXTENSIONS));
+}
+
+/**
+ * Free SSL extensions structure
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
+{
+    if (ssl_ext == NULL ) 
+    {
+        return;
+    }
+
+    free(ssl_ext);
+}
+
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name)
+{
+    free(ext->host_name);
+    ext->host_name = NULL;
+    if (host_name) {
+        ext->host_name = strdup(host_name);
+    }
+}
+
+/**
+ * Set the maximum fragment size for the fragment size negotiation extension
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size)
+{
+    ext->max_fragment_size = fragment_size;
+}
+
+/**
+ * Establish a new client/server context.
+ */
+EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+{
+    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
+    ssl_ctx->options = options;
+    RNG_initialize();
+
+    if (load_key_certs(ssl_ctx) < 0)
+    {
+        free(ssl_ctx);  /* can't load our key/certificate pair, so die */
+        return NULL;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl_ctx->num_sessions = num_sessions;
+#endif
+
+    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (num_sessions)
+    {
+        ssl_ctx->ssl_sessions = (SSL_SESSION **)
+                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
+    }
+#endif
+
+    return ssl_ctx;
+}
+
+/*
+ * Remove a client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    int i;
+
+    if (ssl_ctx == NULL)
+        return;
+
+    ssl = ssl_ctx->head;
+
+    /* clear out all the ssl entries */
+    while (ssl)
+    {
+        SSL *next = ssl->next;
+        ssl_free(ssl);
+        ssl = next;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* clear out all the sessions */
+    for (i = 0; i < ssl_ctx->num_sessions; i++)
+        session_free(ssl_ctx->ssl_sessions, i);
+
+    free(ssl_ctx->ssl_sessions);
+#endif
+
+    i = 0;
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
+    {
+        free(ssl_ctx->certs[i].buf);
+        ssl_ctx->certs[i++].buf = NULL;
+    }
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    remove_ca_certs(ssl_ctx->ca_cert_ctx);
+#endif
+    ssl_ctx->chain_length = 0;
+    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
+    RSA_free(ssl_ctx->rsa_ctx);
+    RNG_terminate();
+    free(ssl_ctx);
+}
+
+/*
+ * Free any used resources used by this connection.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl)
+{
+    SSL_CTX *ssl_ctx;
+
+    if (ssl == NULL)        /* just ignore null pointers */
+        return;
+
+    /* only notify if we weren't notified first */
+    /* spec says we must notify when we are dying */
+    if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+
+    ssl_ctx = ssl->ssl_ctx;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    /* adjust the server SSL list */
+    if (ssl->prev)
+        ssl->prev->next = ssl->next;
+    else
+        ssl_ctx->head = ssl->next;
+
+    if (ssl->next)
+        ssl->next->prev = ssl->prev;
+    else
+        ssl_ctx->tail = ssl->prev;
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+
+    /* may already be free - but be sure */
+    free(ssl->encrypt_ctx);
+    ssl->encrypt_ctx = NULL;
+    free(ssl->decrypt_ctx);
+    ssl->decrypt_ctx = NULL;
+    disposable_free(ssl);
+    certificate_free(ssl);
+    free(ssl->bm_all_data);
+    ssl_ext_free(ssl->extensions);
+    ssl->extensions = NULL;
+    free(ssl);
+}
+
+/*
+ * Read the SSL connection and send any alerts for various errors.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    do {
+        ret= basic_read(ssl, in_data);
+
+        /* check for return code so we can send an alert */
+        if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
+        {
+            if (ret != SSL_ERROR_CONN_LOST)
+            {
+                send_alert(ssl, ret);
+    #ifndef CONFIG_SSL_SKELETON_MODE
+                /* something nasty happened, so get rid of this session */
+                kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+    #endif
+            }
+        }
+    } while (IS_SET_SSL_FLAG(SSL_READ_BLOCKING) && (ssl->got_bytes < ssl->need_bytes) && ret == 0 && !IS_SET_SSL_FLAG(SSL_NEED_RECORD));
+    return ret;
+}
+
+/*
+ * Write application data to the client
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
+{
+    int n = out_len, nw, i, tot = 0;
+    /* maximum size of a TLS packet is around 16kB, so fragment */
+
+    do 
+    {
+        nw = n;
+
+        if (nw > ssl->max_plain_length)    /* fragment if necessary */
+            nw = ssl->max_plain_length;
+
+        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
+                                            &out_data[tot], nw)) <= 0)
+        {
+            out_len = i;    /* an error */
+            break;
+        }
+
+        tot += i;
+        n -= i;
+    } while (n > 0);
+
+    return out_len;
+}
+
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int length)
+{
+    int msg_length = 0;
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (ssl->flag & SSL_SENT_CLOSE_NOTIFY)
+        return SSL_CLOSE_NOTIFY;
+
+    msg_length += length;
+
+    if (ssl->flag & SSL_TX_ENCRYPTED)
+    {
+        msg_length += ssl->cipher_info->digest_size;
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+            msg_length += pad_bytes;
+        }
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            msg_length += ssl->cipher_info->iv_size;
+        }
+    }
+    return SSL_RECORD_SIZE+msg_length;
+}
+
+/**
+ * Add a certificate to the certificate chain.
+ */
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
+    SSL_CERT *ssl_cert;
+    X509_CTX *cert = NULL;
+    int offset;
+
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf) 
+        i++;
+
+    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of certs added (%d) - change of "
+                "compile-time configuration required\n",
+                CONFIG_SSL_MAX_CERTS);
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &cert)))
+        goto error;
+
+#if defined (CONFIG_SSL_FULL_MODE)
+    if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+        x509_print(cert, NULL);
+#endif
+
+    ssl_cert = &ssl_ctx->certs[i];
+    ssl_cert->size = len;
+    ssl_cert->buf = (uint8_t *)malloc(len);
+
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_SHA1:
+            ssl_cert->hash_alg = SIG_ALG_SHA1;
+            break;
+
+        case SIG_TYPE_SHA256:
+            ssl_cert->hash_alg = SIG_ALG_SHA256;
+            break;
+
+        case SIG_TYPE_SHA384:
+            ssl_cert->hash_alg = SIG_ALG_SHA384;
+            break;
+
+        case SIG_TYPE_SHA512:
+            ssl_cert->hash_alg = SIG_ALG_SHA512;
+            break;
+    }
+
+    memcpy(ssl_cert->buf, buf, len);
+    ssl_ctx->chain_length++;
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    x509_free(cert);        /* don't need anymore */
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Add a certificate authority.
+ */
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = X509_OK; /* ignore errors for now */
+    int i = 0;
+    CA_CERT_CTX *ca_cert_ctx;
+
+    if (ssl_ctx->ca_cert_ctx == NULL)
+        ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+
+    ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
+        i++;
+
+    while (len > 0)
+    {
+        int offset;
+        if (i >= CONFIG_X509_MAX_CA_CERTS)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: maximum number of CA certs added (%d) - change of "
+                    "compile-time configuration required\n", 
+                    CONFIG_X509_MAX_CA_CERTS);
+#endif
+            ret = X509_MAX_CERTS;
+            break;
+        }
+
+        /* ignore the return code */
+        if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+        {
+#if defined (CONFIG_SSL_FULL_MODE)
+            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+                x509_print(ca_cert_ctx->cert[i], NULL);
+#endif
+        }
+
+        i++;
+        len -= offset;
+    }
+
+    return ret;
+}
+
+/*
+ * Retrieve an X.509 distinguished name component
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    if (ssl->x509_ctx == NULL)
+        return NULL;
+
+    switch (component)
+    {
+        case SSL_X509_CERT_COMMON_NAME:
+            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CERT_ORGANIZATION:
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        case SSL_X509_CERT_LOCATION:       
+            return ssl->x509_ctx->cert_dn[X509_LOCATION];
+
+        case SSL_X509_CERT_COUNTRY:       
+            return ssl->x509_ctx->cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CERT_STATE:       
+            return ssl->x509_ctx->cert_dn[X509_STATE];
+
+        case SSL_X509_CA_CERT_COMMON_NAME:
+            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CA_CERT_ORGANIZATION:
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        case SSL_X509_CA_CERT_LOCATION:       
+            return ssl->x509_ctx->ca_cert_dn[X509_LOCATION];
+
+        case SSL_X509_CA_CERT_COUNTRY:       
+            return ssl->x509_ctx->ca_cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CA_CERT_STATE:       
+            return ssl->x509_ctx->ca_cert_dn[X509_STATE];
+
+        default:
+            return NULL;
+    }
+}
+
+/*
+ * Retrieve a "Subject Alternative Name" from a v3 certificate
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
+        int dnsindex)
+{
+    int i;
+
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
+        return NULL;
+
+    for (i = 0; i < dnsindex; ++i)
+    {
+        if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
+            return NULL;
+    }
+
+    return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/*
+ * Find an ssl object based on the client's file descriptor.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+    ssl = ssl_ctx->head;
+
+    /* search through all the ssl entries */
+    while (ssl)
+    {
+        if (ssl->client_fd == client_fd)
+        {
+            SSL_CTX_UNLOCK(ssl_ctx->mutex);
+            return ssl;
+        }
+
+        ssl = ssl->next;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return NULL;
+}
+
+/*
+ * Force the client to perform its handshake again.
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    disposable_new(ssl);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+    {
+        ret = do_client_connect(ssl);
+    }
+    else
+#endif
+    {
+        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                g_hello_request, sizeof(g_hello_request));
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Get what we need for key info.
+ * @param cipher    [in]    The cipher information we are after
+ * @param key_size  [out]   The key size for the cipher
+ * @param iv_size   [out]   The iv size for the cipher
+ * @return  The amount of key information we need.
+ */
+static const cipher_info_t *get_cipher_info(uint8_t cipher)
+{
+    int i;
+
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        if (cipher_info[i].cipher == cipher)
+        {
+            return &cipher_info[i];
+        }
+    }
+
+    return NULL;  /* error */
+}
+
+/*
+ * Get a new ssl context for a new connection.
+ */
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
+    ssl->ssl_ctx = ssl_ctx;
+    ssl->max_plain_length = 1460*4;
+    ssl->bm_all_data = (uint8_t*) calloc(1, ssl->max_plain_length + RT_EXTRA);
+    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
+    ssl->client_fd = client_fd;
+    ssl->flag = SSL_NEED_RECORD;
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+#ifdef CONFIG_ENABLE_VERIFICATION
+    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+    ssl->can_free_certificates = false;
+#endif
+    disposable_new(ssl);
+
+    /* a bit hacky but saves a few bytes of memory */
+    ssl->flag |= ssl_ctx->options;
+    if (IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS) && IS_SET_SSL_FLAG(SSL_READ_BLOCKING)) {
+        CLR_SSL_FLAG(SSL_READ_BLOCKING);
+    }
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    if (ssl_ctx->head == NULL)
+    {
+        ssl_ctx->head = ssl;
+        ssl_ctx->tail = ssl;
+    }
+    else
+    {
+        ssl->prev = ssl_ctx->tail;
+        ssl_ctx->tail->next = ssl;
+        ssl_ctx->tail = ssl;
+    }
+
+    ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
+    ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return ssl;
+}
+
+/*
+ * Add a private key to a context.
+ */
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
+{
+    int ret = SSL_OK;
+
+    /* get the private key details */
+    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+error:
+    return ret;
+}
+
+/** 
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */     
+static void increment_read_sequence(SSL *ssl)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) 
+    {       
+        if (++ssl->read_sequence[i])
+            break;
+    }
+}
+            
+/**
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */      
+static void increment_write_sequence(SSL *ssl)
+{        
+    int i;                  
+         
+    for (i = 7; i >= 0; i--)
+    {                       
+        if (++ssl->write_sequence[i])
+            break;
+    }                       
+}
+
+/**
+ * Work out the HMAC digest in a packet.
+ */
+static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
+{
+    const uint8_t* bufs[] = {
+        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence,
+        hmac_header,
+        buf
+    };
+
+    int lengths[] = {
+        8,
+        SSL_RECORD_SIZE,
+        buf_len
+    };
+
+    ssl->cipher_info->hmac_v(bufs, lengths, 3,
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
+            ssl->cipher_info->digest_size, hmac_buf);
+
+#if 0
+    print_blob("record", hmac_header, SSL_RECORD_SIZE);
+    print_blob("buf", buf, buf_len);
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
+    {
+        print_blob("write seq", ssl->write_sequence, 8);
+    }
+    else
+    {
+        print_blob("read seq", ssl->read_sequence, 8);
+    }
+
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
+    {
+        print_blob("server mac", 
+                ssl->server_mac, ssl->cipher_info->digest_size);
+    }
+    else
+    {
+        print_blob("client mac", 
+                ssl->client_mac, ssl->cipher_info->digest_size);
+    }
+    print_blob("hmac", hmac_buf, ssl->cipher_info->digest_size);
+#endif
+}
+
+/**
+ * Verify that the digest of a packet is correct.
+ */
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
+{   
+    uint8_t hmac_buf[SHA256_SIZE]; // size of largest digest
+    int hmac_offset;
+   
+    int last_blk_size = buf[read_len-1], i;
+    hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
+
+    /* guard against a timing attack - make sure we do the digest */
+    if (hmac_offset < 0)
+    {
+        hmac_offset = 0;
+    }
+    else
+    {
+        /* already looked at last byte */
+        for (i = 1; i < last_blk_size; i++)
+        {
+            if (buf[read_len-i] != last_blk_size)
+            {
+                hmac_offset = 0;
+                break;
+            }
+        }
+    }
+
+    /* sanity check the offset */
+    ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
+    ssl->hmac_header[4] = hmac_offset & 0xff;
+    add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
+
+    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    return hmac_offset;
+}
+
+/**
+ * Add a packet to the end of our sent and received packets, so that we may use
+ * it to calculate the hash at the end.
+ */
+void add_packet(SSL *ssl, const uint8_t *pkt, int len)
+{
+    // TLS1.2+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
+    {
+        SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
+    }
+
+    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || 
+                ssl->next_state == HS_SERVER_HELLO ||
+                ssl->next_state == 0) 
+    {
+        MD5_Update(&ssl->dc->md5_ctx, pkt, len);
+        SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
+    }
+}
+
+/**
+ * Work out the MD5 PRF.
+ */
+static void p_hash_md5(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[MD5_SIZE+77];
+
+    /* A(1) */
+    hmac_md5(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[MD5_SIZE], seed, seed_len);
+    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > MD5_SIZE)
+    {
+        uint8_t a2[MD5_SIZE];
+        out += MD5_SIZE;
+        olen -= MD5_SIZE;
+
+        /* A(N) */
+        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, MD5_SIZE);
+
+        /* work out the actual hash */
+        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA1 PRF.
+ */
+static void p_hash_sha1(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[SHA1_SIZE+77];
+
+    /* A(1) */
+    hmac_sha1(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA1_SIZE], seed, seed_len);
+    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA1_SIZE)
+    {
+        uint8_t a2[SHA1_SIZE];
+        out += SHA1_SIZE;
+        olen -= SHA1_SIZE;
+
+        /* A(N) */
+        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA1_SIZE);
+
+        /* work out the actual hash */
+        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA256 PRF.
+ */
+static void p_hash_sha256(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[SHA256_SIZE+77];
+
+    /* A(1) */
+    hmac_sha256(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA256_SIZE], seed, seed_len);
+    hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA256_SIZE)
+    {
+        uint8_t a2[SHA256_SIZE];
+        out += SHA256_SIZE;
+        olen -= SHA256_SIZE;
+
+        // A(N)
+        hmac_sha256(a1, SHA256_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA256_SIZE);
+
+        // work out the actual hash 
+        hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the PRF.
+ */
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
+        uint8_t *out, int olen)
+{
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2+
+    {
+        p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
+    }
+    else // TLS1.0/1.1
+    {
+        int len, i;
+        const uint8_t *S1, *S2;
+        uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
+        uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
+
+        len = sec_len/2;
+        S1 = sec;
+        S2 = &sec[len];
+        len += (sec_len & 1); /* add for odd, make longer */
+
+        p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+        p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+
+        for (i = 0; i < olen; i++)
+            out[i] = xbuf[i] ^ ybuf[i];
+    }
+}
+
+/**
+ * Generate a master secret based on the client/server random data and the
+ * premaster secret.
+ */
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
+{
+    uint8_t buf[77]; 
+//print_blob("premaster secret", premaster_secret, 48);
+    strcpy((char *)buf, "master secret");
+    memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
+    prf(ssl, premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
+            SSL_SECRET_SIZE);
+#if 0
+    print_blob("client random", ssl->dc->client_random, 32);
+    print_blob("server random", ssl->dc->server_random, 32);
+    print_blob("master secret", ssl->dc->master_secret, 48);
+#endif
+}
+
+/**
+ * Generate a 'random' blob of data used for the generation of keys.
+ */
+static void generate_key_block(SSL *ssl, 
+        uint8_t *client_random, uint8_t *server_random,
+        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
+{
+    uint8_t buf[77];
+    strcpy((char *)buf, "key expansion");
+    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
+    prf(ssl, master_secret, SSL_SECRET_SIZE, buf, 77, 
+                    key_block, key_block_size);
+}
+
+/** 
+ * Calculate the digest used in the finished message. This function also
+ * doubles up as a certificate verify function.
+ */
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+{
+    uint8_t mac_buf[SHA1_SIZE+MD5_SIZE+15]; 
+    uint8_t *q = mac_buf;
+    int dgst_len;
+
+    if (label)
+    {
+        strcpy((char *)q, label);
+        q += strlen(label);
+    }
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
+        SHA256_Final(q, &sha256_ctx);
+        q += SHA256_SIZE;
+        dgst_len = (int)(q-mac_buf);
+    }
+    else // TLS1.0/1.1
+    {
+        MD5_CTX md5_ctx = ssl->dc->md5_ctx; // interim copy
+        SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
+
+        MD5_Final(q, &md5_ctx);
+        q += MD5_SIZE;
+        
+        SHA1_Final(q, &sha1_ctx);
+        q += SHA1_SIZE;
+        dgst_len = (int)(q-mac_buf);
+    }
+
+    if (label)
+    {
+        prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
+                mac_buf, dgst_len, digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, dgst_len);
+    }
+
+#if 0
+    printf("label: %s\n", label);
+    print_blob("mac_buf", mac_buf, dgst_len);
+    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
+#endif
+
+    return dgst_len;
+}   
+    
+/**
+ * Retrieve (and initialise) the context of a cipher.
+ */
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached)
+{
+    switch (ssl->cipher)
+    {
+        case SSL_AES128_SHA:
+        case SSL_AES128_SHA256:
+            {
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_AES256_SHA:
+        case SSL_AES256_SHA256:
+            {
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
+
+                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+    }
+
+    return NULL;    /* its all gone wrong */
+}
+
+/**
+ * Send a packet over the socket.
+ */
+static int send_raw_packet(SSL *ssl, uint8_t protocol)
+{
+    uint8_t *rec_buf = ssl->bm_all_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
+    int sent = 0;
+    int ret = SSL_OK;
+
+    rec_buf[0] = protocol;
+    rec_buf[1] = 0x03;      /* version = 3.1 or higher */
+    rec_buf[2] = ssl->version & 0x0f;
+    rec_buf[3] = ssl->bm_index >> 8;
+    rec_buf[4] = ssl->bm_index & 0xff;
+
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
+                             pkt_size, pkt_size);
+
+    while (sent < pkt_size)
+    {
+        ret = SOCKET_WRITE(ssl->client_fd, 
+                        &ssl->bm_all_data[sent], pkt_size-sent);
+
+        if (ret >= 0)
+            sent += ret;
+        else
+        {
+
+#ifdef WIN32
+            if (GetLastError() != WSAEWOULDBLOCK)
+#else
+            if (errno != EAGAIN && errno != EWOULDBLOCK)
+#endif
+                return SSL_ERROR_CONN_LOST;
+        }
+#ifndef ESP8266
+        /* keep going until the write buffer has some space */
+        if (sent != pkt_size)
+        {
+            fd_set wfds;
+            FD_ZERO(&wfds);
+            FD_SET(ssl->client_fd, &wfds);
+
+            /* block and wait for it */
+            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
+                return SSL_ERROR_CONN_LOST;
+        }
+#endif
+    }
+
+    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
+    ssl->bm_index = 0;
+
+    if (protocol != PT_APP_PROTOCOL_DATA)  
+    {
+        /* always return SSL_OK during handshake */   
+        ret = SSL_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Send an encrypted packet with padding bytes if necessary.
+ */
+int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
+{
+    int ret, msg_length = 0;
+
+    /* if our state is bad, don't bother */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
+    if (in) /* has the buffer already been initialised? */
+    {
+        memcpy(ssl->bm_data, in, length);
+    }
+
+    msg_length += length;
+
+    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
+    {
+        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
+        uint8_t hmac_header[SSL_RECORD_SIZE] = 
+        {
+            protocol, 
+            0x03, /* version = 3.1 or higher */
+            ssl->version & 0x0f,
+            msg_length >> 8,
+            msg_length & 0xff 
+        };
+
+        if (protocol == PT_HANDSHAKE_PROTOCOL)
+        {
+            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+            {
+                add_packet(ssl, ssl->bm_data, msg_length);
+            }
+        }
+
+        /* add the packet digest */
+        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length, 
+                                                &ssl->bm_data[msg_length]);
+        msg_length += ssl->cipher_info->digest_size;
+
+        /* add padding */
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+
+            /* ensure we always have at least 1 padding byte */
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+
+            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
+            msg_length += pad_bytes;
+        }
+
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
+        increment_write_sequence(ssl);
+
+        /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            uint8_t iv_size = ssl->cipher_info->iv_size;
+            uint8_t *t_buf = malloc(msg_length + iv_size);
+            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
+            if (get_random(iv_size, t_buf) < 0)
+                return SSL_NOT_OK;
+
+            msg_length += iv_size;
+            memcpy(ssl->bm_data, t_buf, msg_length);
+            free(t_buf);
+        }
+
+        /* now encrypt the packet */
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
+                                            ssl->bm_data, msg_length);
+    }
+    else if (protocol == PT_HANDSHAKE_PROTOCOL)
+    {
+        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+        {
+            add_packet(ssl, ssl->bm_data, length);
+        }
+    }
+
+    ssl->bm_index = msg_length;
+    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
+        return ret;
+
+    return length;  /* just return what we wanted to send */
+}
+
+/**
+ * Work out the cipher keys we are going to use for this session based on the
+ * master secret.
+ */
+static int set_key_block(SSL *ssl, int is_write)
+{
+    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
+    uint8_t *q;
+    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
+    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    if (ciph_info == NULL)
+        return -1;
+
+    /* only do once in a handshake */
+    if (!ssl->dc->key_block_generated)
+    {
+        generate_key_block(ssl, ssl->dc->client_random, ssl->dc->server_random,
+            ssl->dc->master_secret, ssl->dc->key_block, 
+            ciph_info->key_block_size);
+#if 0
+        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
+        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
+        print_blob("client random", ssl->dc->client_random, 32);
+        print_blob("server random", ssl->dc->server_random, 32);
+#endif
+        ssl->dc->key_block_generated = 1;
+    }
+
+    q = ssl->dc->key_block;
+
+    if ((is_client && is_write) || (!is_client && !is_write))
+    {
+        memcpy(ssl->client_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+
+    if ((!is_client && is_write) || (is_client && !is_write))
+    {
+        memcpy(ssl->server_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+    memcpy(client_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+    memcpy(server_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+
+    memcpy(client_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
+    memcpy(server_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
+#if 0
+        print_blob("client key", client_key, ciph_info->key_size);
+        print_blob("server key", server_key, ciph_info->key_size);
+        print_blob("client iv", client_iv, ciph_info->iv_size);
+        print_blob("server iv", server_iv, ciph_info->iv_size);
+#endif
+
+    // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+
+    /* now initialise the ciphers */
+    if (is_client)
+    {
+        finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0, ssl->encrypt_ctx);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1, ssl->decrypt_ctx);
+    }
+    else
+    {
+        finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0, ssl->encrypt_ctx);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1, ssl->decrypt_ctx);
+    }
+
+    ssl->cipher_info = ciph_info;
+    return 0;
+}
+
+/**
+ * Read the SSL connection.
+ */
+int basic_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf = ssl->bm_data;
+
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
+                            ssl->need_bytes-ssl->got_bytes);
+
+    if (read_len < 0) 
+    {
+#ifdef WIN32
+        if (GetLastError() == WSAEWOULDBLOCK)
+#else
+        if (errno == EAGAIN || errno == EWOULDBLOCK)
+#endif
+            return 0;
+    }
+
+    /* connection has gone, so die */
+    if (read_len <= 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
+        goto error;
+    }
+
+    DISPLAY_BYTES(ssl, "received %d bytes", 
+            &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
+
+    ssl->got_bytes += read_len;
+    ssl->bm_read_index += read_len;
+
+    /* haven't quite got what we want, so try again later */
+    if (ssl->got_bytes < ssl->need_bytes)
+        return SSL_OK;
+
+    read_len = ssl->got_bytes;
+    ssl->got_bytes = 0;
+
+    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
+    {
+        /* check for sslv2 "client hello" */
+        if ((buf[0] & 0x80) && buf[2] == 1)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: no SSLv23 handshaking allowed\n");
+#endif
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            goto error; /* not an error - just get out of here */
+        }
+
+        ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            ret = SSL_ERROR_RECORD_OVERFLOW;              
+            goto error;
+        }
+
+        /* is the allocated buffer large enough to handle all the data? if not, increase its size*/
+        if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
+            ret = increase_bm_data_size(ssl, ssl->need_bytes + BM_RECORD_OFFSET - RT_EXTRA);
+            if (ret != SSL_OK)
+            {
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+                goto error;
+            }
+        }
+
+        CLR_SSL_FLAG(SSL_NEED_RECORD);
+        memcpy(ssl->hmac_header, buf, 3);       /* store for hmac */
+        ssl->record_type = buf[0];
+        goto error;                         /* no error, we're done */
+    }
+
+    /* for next time - just do it now in case of an error */
+    SET_SSL_FLAG(SSL_NEED_RECORD);
+    ssl->need_bytes = SSL_RECORD_SIZE;
+
+    /* decrypt if we need to */
+    if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    {
+        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
+
+        read_len = verify_digest(ssl, 
+                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
+
+        /* does the hmac work? */
+        if (read_len < 0)
+        {
+            ret = read_len;
+            goto error;
+        }
+
+        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
+        increment_read_sequence(ssl);
+    }
+
+    /* The main part of the SSL packet */
+    switch (ssl->record_type)
+    {
+        case PT_HANDSHAKE_PROTOCOL:
+            if (ssl->dc != NULL)
+            {
+                ssl->dc->bm_proc_index = 0;
+                ret = do_handshake(ssl, buf, read_len);
+            }
+            else /* no client renegotiation allowed */
+            {
+                ret = SSL_ERROR_NO_CLIENT_RENOG;              
+                goto error;
+            }
+            break;
+
+        case PT_CHANGE_CIPHER_SPEC:
+            if (ssl->next_state != HS_FINISHED)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+
+            if (set_key_block(ssl, 0) < 0)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+            
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+            memset(ssl->read_sequence, 0, 8);
+            break;
+
+        case PT_APP_PROTOCOL_DATA:
+            if (in_data && ssl->hs_status == SSL_OK)
+            {
+                *in_data = buf;   /* point to the work buffer */
+                (*in_data)[read_len] = 0;  /* null terminate just in case */
+                ret = read_len;
+            }
+            else
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
+
+        case PT_ALERT_PROTOCOL:
+            /* return the alert # with alert bit set */
+            if (buf[0] == SSL_ALERT_TYPE_WARNING &&
+               buf[1] == SSL_ALERT_CLOSE_NOTIFY)
+            {
+              ret = SSL_CLOSE_NOTIFY;
+              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
+            }
+            else 
+            {
+                ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+            }
+
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
+    }
+
+error:
+    ssl->bm_read_index = 0;          /* reset to go again */
+
+    if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
+        *in_data = NULL;
+
+    return ret;
+}
+
+int increase_bm_data_size(SSL *ssl, size_t size)
+{
+    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
+        return SSL_OK;
+    }
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
+    size_t required = (size + 1023) & ~(1023); // round up to 1k
+    required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
+    uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);
+    if (!new_bm_all_data) {
+        printf("failed to grow plain buffer\r\n");
+        ssl->hs_status = SSL_ERROR_DEAD;
+        return SSL_ERROR_CONN_LOST;
+    }
+    ssl->bm_all_data = new_bm_all_data;
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
+    ssl->max_plain_length = required;
+    return SSL_OK;
+}
+
+/**
+ * Do some basic checking of data and then perform the appropriate handshaking.
+ */
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
+{
+    int hs_len = (buf[2]<<8) + buf[3];
+    uint8_t handshake_type = buf[0];
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    /* some integrity checking on the handshake */
+    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
+
+    if (handshake_type != ssl->next_state)
+    {
+        /* handle a special case on the client */
+        if (!is_client || handshake_type != HS_CERT_REQ ||
+                        ssl->next_state != HS_SERVER_HELLO_DONE)
+        {
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            goto error;
+        }
+    }
+
+    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
+    ssl->bm_index = hs_len;     /* store the size and check later */
+    DISPLAY_STATE(ssl, 0, handshake_type, 0);
+
+    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
+        add_packet(ssl, buf, hs_len); 
+
+#if defined(CONFIG_SSL_ENABLE_CLIENT)
+    ret = is_client ? 
+        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
+        do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#else
+    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#endif
+
+    /* just use recursion to get the rest */
+    if (hs_len < read_len && ret == SSL_OK)
+        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
+
+error:
+    return ret;
+}
+
+/**
+ * Sends the change cipher spec message. We have just read a finished message
+ * from the client.
+ */
+int send_change_cipher_spec(SSL *ssl)
+{
+    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
+            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
+
+    if (ret >= 0 && set_key_block(ssl, 1) < 0)
+        ret = SSL_ERROR_INVALID_HANDSHAKE;
+    
+    if (ssl->cipher_info)
+        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+
+    memset(ssl->write_sequence, 0, 8);
+    return ret;
+}
+
+/**
+ * Send a "finished" message
+ */
+int send_finished(SSL *ssl)
+{
+    uint8_t buf[SHA1_SIZE+MD5_SIZE+15+4] = {
+        HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
+
+    /* now add the finished digest mac (12 bytes) */
+    finished_digest(ssl, 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
+                    client_finished : server_finished, &buf[4]);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* store in the session cache */
+    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session->master_secret,
+                ssl->dc->master_secret, SSL_SECRET_SIZE);
+    }
+#endif
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
+                                buf, SSL_FINISHED_HASH_SIZE+4);
+}
+
+/**
+ * Send an alert message.
+ * Return 1 if the alert was an "error".
+ */
+int send_alert(SSL *ssl, int error_code)
+{
+    int alert_num = 0;
+    int is_warning = 0;
+    uint8_t buf[2];
+
+    /* Don't bother, we're already dead */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        ssl_display_error(error_code);
+#endif
+
+    switch (error_code)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            is_warning = 1;
+            alert_num = SSL_ALERT_CLOSE_NOTIFY;
+            break;
+
+        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
+            is_warning = 1;
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            alert_num = SSL_ALERT_BAD_RECORD_MAC;
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_DECRYPT_ERROR;
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            alert_num = SSL_ALERT_INVALID_VERSION;
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            alert_num = SSL_ALERT_NO_RENEGOTIATION;
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            alert_num = SSL_ALERT_RECORD_OVERFLOW;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED):
+        case SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID):
+            alert_num = SSL_ALERT_CERTIFICATE_EXPIRED;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT):
+            alert_num = SSL_ALERT_UNKNOWN_CA;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
+            alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+        case SSL_X509_ERROR(X509_VFY_ERROR_BAD_SIGNATURE):
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
+        default:
+            /* a catch-all for anything bad */
+            alert_num = (error_code <= SSL_X509_OFFSET) ?  
+                SSL_ALERT_CERTIFICATE_UNKNOWN: SSL_ALERT_UNEXPECTED_MESSAGE;
+            break;
+    }
+
+    buf[0] = is_warning ? 1 : 2;
+    buf[1] = alert_num;
+    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
+    DISPLAY_ALERT(ssl, alert_num);
+    return is_warning ? 0 : 1;
+}
+
+/**
+ * Process a client finished message.
+ */
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
+
+    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
+
+    /* check that we all work before we continue */
+    if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+        return SSL_ERROR_FINISHED_INVALID;
+
+    if ((!is_client && !resume) || (is_client && resume))
+    {
+        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            ret = send_finished(ssl);
+    }
+
+    /* if we ever renegotiate */
+    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
+    ssl->hs_status = ret;  /* set the final handshake status */
+
+error:
+    return ret;
+}
+
+/**
+ * Send a certificate.
+ */
+int send_certificate(SSL *ssl)
+{
+    int ret = SSL_OK;
+    int i = 0;
+    uint8_t *buf = ssl->bm_data;
+    int offset = 7;
+    int chain_length;
+
+    buf[0] = HS_CERTIFICATE;
+    buf[1] = 0;
+    buf[4] = 0;
+
+    /* spec says we must check if the hash/sig algorithm is OK */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
+             ((ret = check_certificate_chain(ssl)) != SSL_OK))
+    {
+        ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
+        goto error;
+    }
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+        buf[offset++] = 0;        
+        buf[offset++] = cert->size >> 8;        /* cert 1 length */
+        buf[offset++] = cert->size & 0xff;
+        memcpy(&buf[offset], cert->buf, cert->size);
+        offset += cert->size;
+        i++;
+    }
+
+    chain_length = offset - 7;
+    buf[5] = chain_length >> 8;        /* cert chain length */
+    buf[6] = chain_length & 0xff;
+    chain_length += 3;
+    buf[2] = chain_length >> 8;        /* handshake length */
+    buf[3] = chain_length & 0xff;
+    ssl->bm_index = offset;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+
+error:
+    return ret;
+}
+
+/**
+ * Create a blob of memory that we'll get rid of once the handshake is
+ * complete.
+ */
+void disposable_new(SSL *ssl)
+{
+    if (ssl->dc == NULL)
+    {
+        ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
+        SHA256_Init(&ssl->dc->sha256_ctx);
+        MD5_Init(&ssl->dc->md5_ctx);
+        SHA1_Init(&ssl->dc->sha1_ctx);
+    }
+}
+
+/**
+ * Remove the temporary blob of memory.
+ */
+void disposable_free(SSL *ssl)
+{
+    if (ssl->dc)
+    {
+        memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
+        free(ssl->dc);
+        ssl->dc = NULL;
+    }
+    ssl->can_free_certificates = true;
+}
+
+static void certificate_free(SSL* ssl)
+{
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (ssl->x509_ctx) {
+        x509_free(ssl->x509_ctx);
+        ssl->x509_ctx = 0;
+    }
+    ssl->can_free_certificates = false;
+#endif
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
+/**
+ * Find if an existing session has the same session id. If so, use the
+ * master secret from this session for session resumption.
+ */
+SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
+        SSL *ssl, const uint8_t *session_id)
+{
+    time_t tm = time(NULL);
+    time_t oldest_sess_time = tm;
+    SSL_SESSION *oldest_sess = NULL;
+    int i;
+
+    /* no sessions? Then bail */
+    if (max_sessions == 0)
+        return NULL;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    if (session_id)
+    {
+        for (i = 0; i < max_sessions; i++)
+        {
+            if (ssl_sessions[i])
+            {
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
+                {
+                    session_free(ssl_sessions, i);
+                    continue;
+                }
+
+                /* if the session id matches, it must still be less than 
+                   the expiry time */
+                if (memcmp(ssl_sessions[i]->session_id, session_id,
+                                                SSL_SESSION_ID_SIZE) == 0)
+                {
+                    ssl->session_index = i;
+                    memcpy(ssl->dc->master_secret, 
+                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
+                    SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+                    return ssl_sessions[i];  /* a session was found */
+                }
+            }
+        }
+    }
+
+    /* If we've got here, no matching session was found - so create one */
+    for (i = 0; i < max_sessions; i++)
+    {
+        if (ssl_sessions[i] == NULL)
+        {
+            /* perfect, this will do */
+            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
+            ssl_sessions[i]->conn_time = tm;
+            ssl->session_index = i;
+            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+            return ssl_sessions[i]; /* return the session object */
+        }
+        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
+        {
+            /* find the oldest session */
+            oldest_sess_time = ssl_sessions[i]->conn_time;
+            oldest_sess = ssl_sessions[i];
+            ssl->session_index = i;
+        }
+    }
+
+    /* ok, we've used up all of our sessions. So blow the oldest session away */
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, SSL_SESSION_ID_SIZE);
+    memset(oldest_sess->master_secret, 0, SSL_SECRET_SIZE);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+    return oldest_sess;
+}
+
+/**
+ * Free an existing session.
+ */
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
+{
+    if (ssl_sessions[sess_index])
+    {
+        free(ssl_sessions[sess_index]);
+        ssl_sessions[sess_index] = NULL;
+    }
+}
+
+/**
+ * This ssl object doesn't want this session anymore.
+ */
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
+{
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->ssl_ctx->num_sessions)
+    {
+        session_free(ssl_sessions, ssl->session_index);
+        ssl->session = NULL;
+    }
+
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+}
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/*
+ * Get the session id for a handshake. This will be a 32 byte sequence.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
+{
+    return ssl->session_id;
+}
+
+/*
+ * Get the session id size for a handshake. 
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
+{
+    return ssl->sess_id_size;
+}
+
+/*
+ * Return the cipher id (in the SSL form).
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
+{
+    return ssl->cipher;
+}
+
+/*
+ * Return the status of the handshake.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
+{
+    return ssl->hs_status;
+}
+
+/*
+ * Retrieve various parameters about the SSL engine.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset)
+{
+    switch (offset)
+    {
+        /* return the appropriate build mode */
+        case SSL_BUILD_MODE:
+#if defined(CONFIG_SSL_FULL_MODE)
+            return SSL_BUILD_FULL_MODE;
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+            return SSL_BUILD_ENABLE_CLIENT;
+#elif defined(CONFIG_ENABLE_VERIFICATION)
+            return SSL_BUILD_ENABLE_VERIFICATION;
+#elif defined(CONFIG_SSL_SERVER_ONLY )
+            return SSL_BUILD_SERVER_ONLY;
+#else 
+            return SSL_BUILD_SKELETON_MODE;
+#endif
+
+        case SSL_MAX_CERT_CFG_OFFSET:
+            return CONFIG_SSL_MAX_CERTS;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_MAX_CA_CERT_CFG_OFFSET:
+            return CONFIG_X509_MAX_CA_CERTS;
+#endif
+#ifdef CONFIG_SSL_HAS_PEM
+        case SSL_HAS_PEM:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
+/**
+ * Check the certificate chain to see if the certs are supported
+ */
+static int check_certificate_chain(SSL *ssl)
+{
+    int i = 0;
+    int ret = SSL_OK;
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        int j = 0;
+        uint8_t found = 0;
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+
+        while (j < ssl->num_sig_algs)
+        {
+            if (ssl->sig_algs[j++] == cert->hash_alg)
+            {
+                found = 1;
+                break;
+            }
+        } 
+
+        if (!found)
+        {
+
+            ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
+            goto error;
+        }
+
+        i++;
+    }
+
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Authenticate a received certificate.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    int ret;
+    int pathLenConstraint = 0;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx,
+            &pathLenConstraint);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (ret)        /* modify into an SSL error type */
+    {
+        ret = SSL_X509_ERROR(ret);
+    }
+
+    return ret;
+}
+
+/**
+ * Process a certificate message.
+ */
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
+{
+    int ret = SSL_OK;
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int cert_size, offset = 5, offset_start;
+    int total_cert_len = (buf[offset]<<8) + buf[offset+1];
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    X509_CTX *chain = 0;
+    X509_CTX **certs = 0;
+    int *cert_used = 0;
+    int num_certs = 0;
+    int i = 0;
+    offset += 2;
+
+    ax_wdt_feed();
+
+    PARANOIA_CHECK(pkt_size, total_cert_len + offset);
+
+    // record the start point for the second pass
+    offset_start = offset;
+
+    // first pass - count the certificates
+    while (offset < total_cert_len)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        offset += cert_size;
+        num_certs++;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    certs = (X509_CTX**) calloc(num_certs, sizeof(void*));
+    cert_used = (int*) calloc(num_certs, sizeof(int));
+    num_certs = 0;
+
+    // restore the offset from the saved value 
+    offset = offset_start;
+
+    // second pass - load the certificates
+    while (offset < total_cert_len)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        ax_wdt_feed();
+        if (x509_new(&buf[offset], NULL, certs+num_certs))
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+
+#if defined (CONFIG_SSL_FULL_MODE)
+        if (ssl->ssl_ctx->options & SSL_DISPLAY_CERTS)
+            x509_print(certs[num_certs], NULL);
+#endif
+        num_certs++;
+        offset += cert_size;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    // third pass - link certs together, assume server cert is the first
+    *x509_ctx = certs[0];
+    chain = certs[0];
+    cert_used[0] = 1;
+
+    // repeat until the end of the chain is found
+    while (1)
+    {
+        // look for CA cert
+        for( i = 1; i < num_certs; i++ )
+        {
+            if (certs[i] == chain) 
+                continue;
+
+            if (cert_used[i]) 
+                continue; // don't allow loops
+
+            if (asn1_compare_dn(chain->ca_cert_dn, certs[i]->cert_dn) == 0)
+            {
+                // CA cert found, add it to the chain
+                cert_used[i] = 1;
+                chain->next = certs[i];
+                chain = certs[i];
+                break;
+            }
+        }
+
+        // no CA cert found, reached the end of the chain
+        if (i >= num_certs) 
+            break;
+    }
+
+    // clean up any certs that aren't part of the chain
+    for (i = 1; i < num_certs; i++)
+    {
+        if (cert_used[i] == 0) 
+            x509_free(certs[i]);
+    }
+
+    /* if we are client we can do the verify now or later */
+    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
+    {
+        ret = ssl_verify_cert(ssl);
+    }
+
+    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+    ssl->dc->bm_proc_index += offset;
+error:
+    // clean up arrays
+    if (certs) 
+        free(certs);
+
+    if (cert_used) 
+        free(cert_used);
+
+    return ret;
+}
+
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
+{
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->fingerprint == NULL)
+        return 1;
+    int res = memcmp(ssl->x509_ctx->fingerprint, fp, SHA1_SIZE);
+    if (res != 0) {
+        printf("cert FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->fingerprint[i]);
+        }
+        printf("\r\ntest FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", fp[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
+}
+
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash)
+{
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->spki_sha256 == NULL)
+        return 1;
+    int res = memcmp(ssl->x509_ctx->spki_sha256, hash, SHA256_SIZE);
+    if (res != 0) {
+        printf("cert SPKI SHA-256 hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->spki_sha256[i]);
+        }
+        printf("\r\ntest hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", hash[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Debugging routine to display SSL handshaking stuff.
+ */
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Debugging routine to display SSL states.
+ */
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
+{
+    const char *str;
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    if (not_ok) printf("Error - invalid State:\t");
+    else printf("State:\t");
+    if (is_send) printf("sending ");
+    else printf("receiving ");
+
+    switch (state)
+    {
+        case HS_HELLO_REQUEST:
+            printf("Hello Request (0)\n");
+            break;
+
+        case HS_CLIENT_HELLO:
+            printf("Client Hello (1)\n");
+            break;
+
+        case HS_SERVER_HELLO:
+            printf("Server Hello (2)\n");
+            break;
+
+        case HS_CERTIFICATE:
+            printf("Certificate (11)\n");
+            break;
+
+        case HS_SERVER_KEY_XCHG:
+            printf("Certificate Request (12)\n");
+            break;
+
+        case HS_CERT_REQ:
+            printf("Certificate Request (13)\n");
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            printf("Server Hello Done (14)\n");
+            break;
+
+        case HS_CERT_VERIFY:
+            printf("Certificate Verify (15)\n");
+            break;
+
+        case HS_CLIENT_KEY_XCHG:
+            printf("Client Key Exchange (16)\n");
+            break;
+
+        case HS_FINISHED:
+            printf("Finished (16)\n");
+            break;
+
+        default:
+            printf("Error (Unknown)\n");
+            break;
+    }
+}
+
+/**
+ * Debugging routine to display RSA objects
+ */
+void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
+        return;
+
+    RSA_print(rsa_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking bytes.
+ */
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    va_list(ap);
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
+        return;
+
+    va_start(ap, size);
+    print_blob(format, data, size, va_arg(ap, char *));
+    va_end(ap);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking errors.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code)
+{
+    if (error_code == SSL_OK)
+        return;
+
+    printf("Error: ");
+
+    /* X509 error? */
+    if (error_code < SSL_X509_OFFSET)
+    {
+        char buff[64];
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff));
+        return;
+    }
+
+    /* SSL alert error code */
+    if (error_code > SSL_ERROR_CONN_LOST)
+    {
+        printf("SSL error %d\n", -error_code);
+        return;
+    }
+
+    switch (error_code)
+    {
+        case SSL_ERROR_DEAD:
+            printf("connection dead");
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overflow");
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+            printf("invalid handshake");
+            break;
+
+        case SSL_ERROR_INVALID_PROT_MSG:
+            printf("invalid protocol message");
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            printf("invalid mac");
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            printf("invalid session");
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            printf("no cipher");
+            break;
+
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
+            printf("invalid cert hash algorithm");
+            break;
+
+        case SSL_ERROR_CONN_LOST:
+            printf("connection lost");
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ERROR_INVALID_KEY:
+            printf("invalid key");
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+            printf("finished invalid");
+            break;
+
+        case SSL_ERROR_NO_CERT_DEFINED:
+            printf("no certificate defined");
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            printf("client renegotiation not supported");
+            break;
+            
+        case SSL_ERROR_NOT_SUPPORTED:
+            printf("Option not supported");
+            break;
+
+        default:
+            printf("undefined as yet - %d", error_code);
+            break;
+    }
+
+    printf("\n");
+}
+
+/**
+ * Debugging routine to display alerts.
+ */
+void DISPLAY_ALERT(SSL *ssl, int alert)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf("Alert: ");
+
+    switch (alert)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            printf("close notify");
+            break;
+
+        case SSL_ALERT_UNEXPECTED_MESSAGE:
+            printf("unexpected message");
+            break;
+
+        case SSL_ALERT_BAD_RECORD_MAC:
+            printf("bad record mac");
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overlow");
+            break;
+
+        case SSL_ALERT_HANDSHAKE_FAILURE:
+            printf("handshake failure");
+            break;
+
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNSUPPORTED_CERTIFICATE:
+            printf("unsupported certificate");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_EXPIRED:
+            printf("certificate expired");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_UNKNOWN:
+            printf("certificate unknown");
+            break;
+
+        case SSL_ALERT_ILLEGAL_PARAMETER:
+            printf("illegal parameter");
+            break;
+
+        case SSL_ALERT_UNKNOWN_CA:
+            printf("unknown ca");
+            break;
+
+        case SSL_ALERT_DECODE_ERROR:
+            printf("decode error");
+            break;
+
+        case SSL_ALERT_DECRYPT_ERROR:
+            printf("decrypt error");
+            break;
+
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ALERT_NO_RENEGOTIATION:
+            printf("no renegotiation");
+            break;
+
+        default:
+            printf("alert - (unknown %d)", alert);
+            break;
+    }
+
+    printf("\n");
+}
+
+#endif /* CONFIG_SSL_FULL_MODE */
+
+/**
+ * Return the version of this library.
+ */
+EXP_FUNC const char  * STDCALL ssl_version()
+{
+    static const char * axtls_version = AXTLS_VERSION;
+    return axtls_version;
+}
+
+/**
+ * Enable the various language bindings to work regardless of the
+ * configuration - they just return an error statement and a bad return code.
+ */
+#if !defined(CONFIG_SSL_FULL_MODE)
+EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
+#endif
+
+#ifdef CONFIG_BINDINGS
+#if !defined(CONFIG_SSL_ENABLE_CLIENT)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+#endif
+
+#if !defined(CONFIG_SSL_CERT_VERIFICATION)
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    printf("%s", unsupported_str);
+    return -1;
+}
+
+
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
+
+#endif /* CONFIG_BINDINGS */
+
diff --git a/ssl/tls1.h b/ssl/tls1.h
new file mode 100644
index 0000000000..fb3e555278
--- /dev/null
+++ b/ssl/tls1.h
@@ -0,0 +1,324 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file tls1.h
+ *
+ * @brief The definitions for the TLS library.
+ */
+#ifndef HEADER_SSL_LIB_H
+#define HEADER_SSL_LIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "version.h"
+#include "config.h"
+#include "os_int.h"
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.3 */
+#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
+#define SSL_RANDOM_SIZE             32
+#define SSL_SECRET_SIZE             48
+#define SSL_FINISHED_HASH_SIZE      12
+#define SSL_RECORD_SIZE             5
+#define SSL_SERVER_READ             0
+#define SSL_SERVER_WRITE            1
+#define SSL_CLIENT_READ             2
+#define SSL_CLIENT_WRITE            3
+#define SSL_HS_HDR_SIZE             4
+
+/* the flags we use while establishing a connection */
+#define SSL_NEED_RECORD             0x0001
+#define SSL_TX_ENCRYPTED            0x0002 
+#define SSL_RX_ENCRYPTED            0x0004
+#define SSL_SESSION_RESUME          0x0008
+#define SSL_IS_CLIENT               0x0010
+#define SSL_HAS_CERT_REQ            0x0020
+#define SSL_SENT_CLOSE_NOTIFY       0x0040
+
+/* some macros to muck around with flag bits */
+#define SET_SSL_FLAG(A)             (ssl->flag |= A)
+#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
+#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
+
+#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_EXTRA                    1024
+#define BM_RECORD_OFFSET            5
+
+#define NUM_PROTOCOLS               4
+
+#define MAX_SIG_ALGORITHMS          4
+#define SIG_ALG_SHA1                2
+#define SIG_ALG_SHA256              4
+#define SIG_ALG_SHA384              5
+#define SIG_ALG_SHA512              6
+#define SIG_ALG_RSA                 1
+
+#define PARANOIA_CHECK(A, B)        if (A < B) { \
+    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
+
+/* protocol types */
+enum
+{
+    PT_CHANGE_CIPHER_SPEC = 20,
+    PT_ALERT_PROTOCOL,
+    PT_HANDSHAKE_PROTOCOL,
+    PT_APP_PROTOCOL_DATA
+};
+
+/* handshaking types */
+enum
+{
+    HS_HELLO_REQUEST,
+    HS_CLIENT_HELLO,
+    HS_SERVER_HELLO,
+    HS_CERTIFICATE = 11,
+    HS_SERVER_KEY_XCHG,
+    HS_CERT_REQ,
+    HS_SERVER_HELLO_DONE,
+    HS_CERT_VERIFY,
+    HS_CLIENT_KEY_XCHG,
+    HS_FINISHED = 20
+};
+
+/* SSL extension types */
+enum
+{
+    SSL_EXT_SERVER_NAME = 0,
+    SSL_EXT_MAX_FRAGMENT_SIZE,
+    SSL_EXT_SIG_ALG = 0x0d,
+};
+
+typedef struct 
+{
+    uint8_t cipher;
+    uint8_t key_size;
+    uint8_t iv_size;
+    uint8_t padding_size;
+    uint8_t digest_size;
+    uint8_t key_block_size;
+    hmac_func_v hmac_v;
+    crypt_func encrypt;
+    crypt_func decrypt;
+} cipher_info_t;
+
+struct _SSLObjLoader 
+{
+    uint8_t *buf;
+    int len;
+};
+
+typedef struct _SSLObjLoader SSLObjLoader;
+
+typedef struct 
+{
+    time_t conn_time;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+} SSL_SESSION;
+
+typedef struct
+{
+    uint8_t *buf;
+    int size;
+    uint8_t hash_alg;
+} SSL_CERT;
+
+typedef struct
+{
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+    SHA256_CTX sha256_ctx;
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint8_t final_finish_mac[128];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+    uint8_t key_block[256];
+    uint16_t bm_proc_index;
+    uint8_t key_block_generated;
+} DISPOSABLE_CTX;
+
+typedef struct 
+{
+    char *host_name; /* Needed for the SNI support */
+    /* Needed for the Max Fragment Size Extension. 
+       Allowed values: 2^9, 2^10 .. 2^14 */
+    uint16_t max_fragment_size; 
+} SSL_EXTENSIONS;
+
+struct _SSL
+{
+    uint32_t flag;
+    uint16_t need_bytes;
+    uint16_t got_bytes;
+    uint8_t record_type;
+    uint8_t cipher;
+    uint8_t sess_id_size;
+    uint8_t version;
+    uint8_t client_version;
+    int16_t next_state;
+    int16_t hs_status;
+    DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
+    int client_fd;
+    const cipher_info_t *cipher_info;
+    void *encrypt_ctx;
+    void *decrypt_ctx;
+    uint8_t *bm_all_data;
+    uint8_t *bm_data;
+    uint16_t bm_index;
+    uint16_t bm_read_index;
+    size_t max_plain_length;
+    uint8_t sig_algs[MAX_SIG_ALGORITHMS];
+    uint8_t num_sig_algs;
+    struct _SSL *next;                  /* doubly linked list */
+    struct _SSL *prev;
+    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t session_index;
+    SSL_SESSION *session;
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    X509_CTX *x509_ctx;
+    bool can_free_certificates;
+#endif
+    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
+    uint8_t client_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t server_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t read_sequence[8];           /* 64 bit sequence number */
+    uint8_t write_sequence[8];          /* 64 bit sequence number */
+    uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
+    SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
+};
+
+typedef struct _SSL SSL;
+
+struct _SSL_CTX
+{
+    uint32_t options;
+    uint8_t chain_length;
+    RSA_CTX *rsa_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    CA_CERT_CTX *ca_cert_ctx;
+#endif
+    SSL *head;
+    SSL *tail;
+    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t num_sessions;
+    SSL_SESSION **ssl_sessions;
+#endif
+#ifdef CONFIG_SSL_CTX_MUTEXING
+    SSL_CTX_MUTEX_TYPE mutex;
+#endif
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+    void *bonus_attr;
+#endif
+};
+
+typedef struct _SSL_CTX SSL_CTX;
+
+/* backwards compatibility */
+typedef struct _SSL_CTX SSLCTX;
+
+extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
+
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
+void disposable_new(SSL *ssl);
+void disposable_free(SSL *ssl);
+int send_packet(SSL *ssl, uint8_t protocol, 
+        const uint8_t *in, int length);
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
+int process_sslv23_client_hello(SSL *ssl);
+int send_alert(SSL *ssl, int error_code);
+int send_finished(SSL *ssl);
+int send_certificate(SSL *ssl);
+int basic_read(SSL *ssl, uint8_t **in_data);
+int send_change_cipher_spec(SSL *ssl);
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
+void add_packet(SSL *ssl, const uint8_t *pkt, int len);
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
+void ssl_obj_free(SSLObjLoader *ssl_obj);
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int load_key_certs(SSL_CTX *ssl_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
+#endif
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int do_client_connect(SSL *ssl);
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...);
+void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
+void DISPLAY_ALERT(SSL *ssl, int alert);
+#else
+#define DISPLAY_STATE(A,B,C,D)
+#define DISPLAY_CERT(A,B)
+#define DISPLAY_RSA(A,B)
+#define DISPLAY_ALERT(A, B)
+#ifdef WIN32
+void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
+        const uint8_t *data, int size, ...);
+#else
+#define DISPLAY_BYTES(A,B,C,D,...)
+#endif
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
+#endif
+
+SSL_SESSION *ssl_session_update(int max_sessions, 
+        SSL_SESSION *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id);
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
new file mode 100644
index 0000000000..f670e704f6
--- /dev/null
+++ b/ssl/tls1_clnt.c
@@ -0,0 +1,541 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
+
+/* support sha512/384/256/1 RSA */
+static const uint8_t g_sig_alg[] = { 
+                0x00, SSL_EXT_SIG_ALG,
+                0x00, 0x0a, 0x00, 0x08,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA 
+};
+
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static int send_client_hello(SSL *ssl);
+static int process_server_hello(SSL *ssl);
+static int process_server_hello_done(SSL *ssl);
+static int send_client_key_xchg(SSL *ssl);
+static int process_cert_req(SSL *ssl);
+static int send_cert_verify(SSL *ssl);
+
+/*
+ * Establish a new SSL connection to an SSL server.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext)
+{
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
+
+    if (session_id && ssl_ctx->num_sessions)
+    {
+        if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
+        {
+            ssl_free(ssl);
+            return NULL;
+        }
+
+        memcpy(ssl->session_id, session_id, sess_id_size);
+        ssl->sess_id_size = sess_id_size;
+        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
+    }
+
+    ssl->extensions = ssl_ext;
+
+    SET_SSL_FLAG(SSL_IS_CLIENT);
+    do_client_connect(ssl);
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret;
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_SERVER_HELLO:
+            ret = process_server_hello(ssl);
+            break;
+
+        case HS_CERTIFICATE:
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
+            {
+                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
+                {
+                    if ((ret = send_certificate(ssl)) == SSL_OK &&
+                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
+                    {
+                        send_cert_verify(ssl);
+                    }
+                }
+                else
+                {
+                    ret = send_client_key_xchg(ssl);
+                }
+
+                if (ret == SSL_OK && 
+                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
+                {
+                    ret = send_finished(ssl);
+                }
+            }
+            break;
+
+        case HS_CERT_REQ:
+            ret = process_cert_req(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);
+            if (ssl->ssl_ctx->options & SSL_READ_BLOCKING) {
+                ssl->flag |= SSL_READ_BLOCKING;
+            }
+            /* note: client renegotiation is not allowed after this */
+            break;
+
+        case HS_HELLO_REQUEST:
+            disposable_new(ssl);
+            ret = do_client_connect(ssl);
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Do the handshaking from the beginning.
+ */
+int do_client_connect(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    send_client_hello(ssl);                 /* send the client hello */
+    ssl->bm_read_index = 0;
+    ssl->next_state = HS_SERVER_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* sit in a loop until it all looks good */
+    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
+    {
+        while (ssl->hs_status != SSL_OK)
+        {
+            ret = ssl_read(ssl, NULL);
+            
+            if (ret < SSL_OK)
+                break;
+        }
+
+        ssl->hs_status = ret;            /* connected? */    
+    }
+
+    return ret;
+}
+
+/*
+ * Send the initial client hello.
+ */
+static int send_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    time_t tm = time(NULL);
+    uint8_t *tm_ptr = &buf[6]; /* time will go here */
+    int i, offset, ext_offset;
+    int ext_len = 0;
+
+
+    buf[0] = HS_CLIENT_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* client random value - spec says that 1st 4 bytes are big endian time */
+    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
+    if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
+        return SSL_NOT_OK;
+
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* give session resumption a go */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially by user */
+    {
+        buf[offset++] = ssl->sess_id_size;
+        memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
+        offset += ssl->sess_id_size;
+        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
+    }
+    else
+    {
+        /* no session id - because no session resumption just yet */
+        buf[offset++] = 0;
+    }
+
+    buf[offset++] = 0;              /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
+
+    /* put all our supported protocols in our request */
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        buf[offset++] = 0;          /* cipher we are using */
+        buf[offset++] = ssl_prot_prefs[i];
+    }
+
+    buf[offset++] = 1;              /* no compression */
+    buf[offset++] = 0;
+
+    ext_offset = offset;
+
+    buf[offset++] = 0;              /* total length of extensions */
+    buf[offset++] = 0;
+
+    /* send the signature algorithm extension for TLS 1.2+ */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
+    {
+        memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
+        offset += sizeof(g_sig_alg);
+        ext_len += sizeof(g_sig_alg);
+    }
+
+    if (ssl->extensions != NULL) 
+    {
+        /* send the host name if specified */
+        if (ssl->extensions->host_name != NULL) 
+        {
+            size_t host_len = strlen(ssl->extensions->host_name);
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 5; /* server_name length */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 3; /* server_list length */
+            buf[offset++] = 0; /* host_name(0) (255) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len; /* host_name length */
+            strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
+            offset += host_len;
+            ext_len += host_len + 9;
+        }
+
+        if (ssl->extensions->max_fragment_size) 
+        {
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
+
+            buf[offset++] = 0; // size of data
+            buf[offset++] = 2;
+
+            buf[offset++] = (uint8_t)
+                ((ssl->extensions->max_fragment_size >> 8) & 0xff);
+            buf[offset++] = (uint8_t)
+                (ssl->extensions->max_fragment_size & 0xff);
+            ext_len += 6;
+        }
+    }
+
+    if (ext_len > 0) 
+    {
+    	// update the extensions length value
+    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
+    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
+    }
+
+    buf[3] = offset - 4;            /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Process the server hello.
+ */
+static int process_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t sess_id_size;
+    int offset, ret = SSL_OK;
+
+    /* check that we are talking to a TLSv1 server */
+    uint8_t version = (buf[4] << 4) + buf[5];
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        version = SSL_PROTOCOL_VERSION_MAX;
+    }
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    ssl->version = version;
+
+    /* get the server random value */
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    sess_id_size = buf[offset++];
+
+    if (sess_id_size > SSL_SESSION_ID_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_SESSION;
+        goto error;
+    }
+
+    if (num_sessions)
+    {
+        ssl->session = ssl_session_update(num_sessions,
+                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
+        memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
+
+        /* pad the rest with 0's */
+        if (sess_id_size < SSL_SESSION_ID_SIZE)
+        {
+            memset(&ssl->session->session_id[sess_id_size], 0,
+                SSL_SESSION_ID_SIZE-sess_id_size);
+        }
+    }
+
+    memcpy(ssl->session_id, &buf[offset], sess_id_size);
+    ssl->sess_id_size = sess_id_size;
+    offset += sess_id_size;
+
+    /* get the real cipher we are using - ignore MSB */
+    ssl->cipher = buf[++offset];
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
+                                        HS_FINISHED : HS_CERTIFICATE;
+
+    offset += 2; // ignore compression
+    PARANOIA_CHECK(pkt_size, offset);
+
+    ssl->dc->bm_proc_index = offset;
+    PARANOIA_CHECK(pkt_size, offset);
+
+    // no extensions
+error:
+    return ret;
+}
+
+/**
+ * Process the server hello done message.
+ */
+static int process_server_hello_done(SSL *ssl)
+{
+    ssl->next_state = HS_FINISHED;
+    return SSL_OK;
+}
+
+/*
+ * Send a client key exchange message.
+ */
+static int send_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t premaster_secret[SSL_SECRET_SIZE];
+    int enc_secret_size = -1;
+
+    buf[0] = HS_CLIENT_KEY_XCHG;
+    buf[1] = 0;
+
+    // spec says client must use the what is initially negotiated -
+    // and this is our current version
+    premaster_secret[0] = 0x03; 
+    premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f; 
+    if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
+        return SSL_NOT_OK;
+
+    DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
+            SSL_SECRET_SIZE, &buf[6], 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    buf[2] = (enc_secret_size + 2) >> 8;
+    buf[3] = (enc_secret_size + 2) & 0xff;
+    buf[4] = enc_secret_size >> 8;
+    buf[5] = enc_secret_size & 0xff;
+
+    generate_master_secret(ssl, premaster_secret);
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
+}
+
+/*
+ * Process the certificate request.
+ */
+static int process_cert_req(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int ret = SSL_OK;
+    int cert_req_size = (buf[2]<<8) + buf[3];
+    int offset = 4;
+    int pkt_size = ssl->bm_index;
+    uint8_t cert_type_len, sig_alg_len;
+
+    PARANOIA_CHECK(pkt_size, offset + cert_req_size);
+    ssl->dc->bm_proc_index = cert_req_size;
+
+    /* don't do any processing - we will send back an RSA certificate anyway */
+    ssl->next_state = HS_SERVER_HELLO_DONE;
+    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        // supported certificate types
+        cert_type_len = buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + cert_type_len);
+        offset += cert_type_len;
+        
+        // supported signature algorithms
+        sig_alg_len = buf[offset++] << 8;
+        sig_alg_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
+        
+        while (sig_alg_len > 0)
+        {
+            uint8_t hash_alg = buf[offset++];
+            uint8_t sig_alg = buf[offset++];
+            sig_alg_len -= 2;
+
+            if (sig_alg == SIG_ALG_RSA && 
+                    (hash_alg == SIG_ALG_SHA1 ||
+                     hash_alg == SIG_ALG_SHA256 ||
+                     hash_alg == SIG_ALG_SHA384 ||
+                     hash_alg == SIG_ALG_SHA512))
+            {
+                ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+            }
+        }
+    }
+
+error:
+    return ret;
+}
+
+/*
+ * Send a certificate verify message.
+ */
+static int send_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int n = 0, ret;
+    int offset = 0;
+    int dgst_len;
+
+    if (rsa_ctx == NULL)
+        return SSL_OK;
+
+    DISPLAY_RSA(ssl, rsa_ctx);
+
+    buf[0] = HS_CERT_VERIFY;
+    buf[1] = 0;
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        buf[4] = SIG_ALG_SHA256;
+        buf[5] = SIG_ALG_RSA;
+        offset = 6;
+        memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
+        dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) + 
+                        sizeof(g_asn1_sha256);
+    }
+    else
+    {
+        offset = 4;
+        dgst_len = finished_digest(ssl, NULL, dgst);
+    }
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    if (rsa_ctx)
+    {
+        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1);
+        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+        if (n == 0)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+    
+    buf[offset] = n >> 8;        /* add the RSA size */
+    buf[offset+1] = n & 0xff;
+    n += 2;
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        n += 2; // sig/alg
+        offset -= 2;
+    }
+
+    buf[2] = n >> 8;
+    buf[3] = n & 0xff;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset);
+
+error:
+    return ret;
+}
+
+#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
new file mode 100644
index 0000000000..abc044552d
--- /dev/null
+++ b/ssl/tls1_svr.c
@@ -0,0 +1,526 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static int process_client_hello(SSL *ssl);
+static int send_server_hello_sequence(SSL *ssl);
+static int send_server_hello(SSL *ssl);
+static int send_server_hello_done(SSL *ssl);
+static int process_client_key_xchg(SSL *ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int send_certificate_request(SSL *ssl);
+static int process_cert_verify(SSL *ssl);
+#endif
+
+/*
+ * Establish a new SSL connection to an SSL client.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->next_state = HS_CLIENT_HELLO;
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ssl_ctx->chain_length == 0)
+        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
+#endif
+
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_CLIENT_HELLO:
+            if ((ret = process_client_hello(ssl)) == SSL_OK)
+                ret = send_server_hello_sequence(ssl);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case HS_CERTIFICATE:/* the client sends its cert */
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+
+            if (ret == SSL_OK)    /* verify the cert */
+            { 
+                int cert_res;
+                int pathLenConstraint = 0;
+
+                cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, 
+                        ssl->x509_ctx, &pathLenConstraint);
+                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
+            }
+            break;
+
+        case HS_CERT_VERIFY:    
+            ret = process_cert_verify(ssl);
+            add_packet(ssl, buf, hs_len);   /* needs to be done after */
+            break;
+#endif
+        case HS_CLIENT_KEY_XCHG:
+            ret = process_client_key_xchg(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);   /* free up some memory */
+            break;
+    }
+
+    return ret;
+}
+
+/* 
+ * Process a client hello message.
+ */
+static int process_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int ret = SSL_OK;
+    
+    uint8_t version = (buf[4] << 4) + buf[5];
+    ssl->version = ssl->client_version = version;
+
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        /* use client's version instead */
+        ssl->version = SSL_PROTOCOL_VERSION_MAX; 
+    }
+    else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+
+    /* process the session id */
+    id_len = buf[offset++];
+    if (id_len > SSL_SESSION_ID_SIZE)
+    {
+        return SSL_ERROR_INVALID_SESSION;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    offset += id_len;
+    cs_len = (buf[offset]<<8) + buf[offset+1];
+    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
+
+    PARANOIA_CHECK(pkt_size, offset + cs_len);
+
+    /* work out what cipher suite we are going to use - client defines 
+       the preference */
+    for (i = 0; i < cs_len; i += 2)
+    {
+        for (j = 0; j < NUM_PROTOCOLS; j++)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto do_compression;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    return SSL_ERROR_NO_CIPHER;
+
+    /* completely ignore compression */
+do_compression:
+    offset += cs_len;
+    id_len = buf[offset++];
+    offset += id_len;
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+
+    if (offset == pkt_size)
+    {
+        /* no extensions */
+        goto error;
+    }
+
+    /* extension size */
+    id_len = buf[offset++] << 8;
+    id_len += buf[offset++];
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+    
+    // Check for extensions from the client - only the signature algorithm
+    // is supported
+    while (offset < pkt_size) 
+    {
+        int ext = buf[offset++] << 8;
+        ext += buf[offset++];
+        int ext_len = buf[offset++] << 8;
+        ext_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + ext_len);
+        
+        if (ext == SSL_EXT_SIG_ALG)
+        {
+            while (ext_len > 0)
+            {
+                uint8_t hash_alg = buf[offset++];
+                uint8_t sig_alg = buf[offset++];
+                ext_len -= 2;
+
+                if (sig_alg == SIG_ALG_RSA && 
+                        (hash_alg == SIG_ALG_SHA1 ||
+                         hash_alg == SIG_ALG_SHA256 ||
+                         hash_alg == SIG_ALG_SHA384 ||
+                         hash_alg == SIG_ALG_SHA512))
+                {
+                    ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+                }
+            }
+        }
+        else
+        {
+            offset += ext_len;
+        }
+    }
+
+    /* default is RSA/SHA1 */
+    if (ssl->num_sig_algs == 0)
+    {
+        ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
+    }
+
+error:
+    return ret;
+}
+
+/*
+ * Send the entire server hello sequence
+ */
+static int send_server_hello_sequence(SSL *ssl)
+{
+    int ret;
+
+    if ((ret = send_server_hello(ssl)) == SSL_OK)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* resume handshake? */
+        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+        {
+            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            {
+                ret = send_finished(ssl);
+                ssl->next_state = HS_FINISHED;
+            }
+        }
+        else 
+#endif
+        if ((ret = send_certificate(ssl)) == SSL_OK)
+        {
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+            /* ask the client for its certificate */
+            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
+            {
+                if ((ret = send_certificate_request(ssl)) == SSL_OK)
+                {
+                    ret = send_server_hello_done(ssl);
+                    ssl->next_state = HS_CERTIFICATE;
+                }
+            }
+            else
+#endif
+            {
+                ret = send_server_hello_done(ssl);
+                ssl->next_state = HS_CLIENT_KEY_XCHG;
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Send a server hello message.
+ */
+static int send_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int offset = 0;
+
+    buf[0] = HS_SERVER_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* server random value */
+    if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0)
+        return SSL_NOT_OK;
+
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+    {
+        /* retrieve id from session cache */
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+        offset += SSL_SESSION_ID_SIZE;
+    }
+    else    /* generate our own session id */
+#endif
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
+        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+
+        /* store id in session cache */
+        if (ssl->ssl_ctx->num_sessions)
+        {
+            memcpy(ssl->session->session_id, 
+                    ssl->session_id, SSL_SESSION_ID_SIZE);
+        }
+
+        offset += SSL_SESSION_ID_SIZE;
+#else
+        buf[offset++] = 0;  /* don't bother with session id in skelton mode */
+#endif
+    }
+
+    buf[offset++] = 0;      /* cipher we are using */
+    buf[offset++] = ssl->cipher;
+    buf[offset++] = 0;      /* no compression and no extensions supported */
+    buf[3] = offset - 4;    /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Send the server hello done message.
+ */
+static int send_server_hello_done(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                            g_hello_done, sizeof(g_hello_done));
+}
+
+/*
+ * Pull apart a client key exchange message. Decrypt the pre-master key (using
+ * our RSA private key) and then work out the master key. Initialise the
+ * ciphers.
+ */
+static int process_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
+    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int offset = 4;
+    int ret = SSL_OK;
+    
+    if (rsa_ctx == NULL)
+    {
+        ret = SSL_ERROR_NO_CERT_DEFINED;
+        goto error;
+    }
+
+    /* is there an extra size field? */
+    if ((secret_length - 2) == rsa_ctx->num_octets)
+        offset += 2;
+
+    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret,
+            sizeof(premaster_secret), 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (premaster_size != SSL_SECRET_SIZE || 
+            premaster_secret[0] != 0x03 ||  /* must be the same as client
+                                               offered version */
+                premaster_secret[1] != (ssl->client_version & 0x0f))
+    {
+        /* guard against a Bleichenbacher attack */
+        if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0)
+            return SSL_NOT_OK;
+
+        /* and continue - will die eventually when checking the mac */
+    }
+
+    generate_master_secret(ssl, premaster_secret);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
+                                            HS_CERT_VERIFY : HS_FINISHED;
+#else
+    ssl->next_state = HS_FINISHED; 
+#endif
+
+    ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 
+                0, 0x0e, 
+                1, 1, // rsa sign 
+                0x00, 0x08,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA,
+                0, 0
+};
+
+static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
+/*
+ * Send the certificate request message.
+ */
+static int send_certificate_request(SSL *ssl)
+{
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request, sizeof(g_cert_request));
+    }
+    else
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request_v1, sizeof(g_cert_request_v1));
+    }
+}
+
+/*
+ * Ensure the client has the private key by first decrypting the packet and
+ * then checking the packet digests.
+ */
+static int process_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
+    uint8_t dgst[MD5_SIZE + SHA1_SIZE];
+    X509_CTX *x509_ctx = ssl->x509_ctx;
+    int ret = SSL_OK;
+    int offset = 6;
+    int rsa_len;
+    int n;
+
+    DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        // TODO: should really need to be able to handle other algorihms. An 
+        // assumption is made on RSA/SHA256 and appears to be OK.
+        //uint8_t hash_alg = buf[4];
+        //uint8_t sig_alg = buf[5];
+        offset = 8;
+        rsa_len = (buf[6] << 8) + buf[7];
+    }
+    else
+    {
+        rsa_len = (buf[4] << 8) + buf[5];
+    }
+
+    PARANOIA_CHECK(pkt_size, offset + rsa_len);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, 
+                    sizeof(dgst_buf), 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+    else // TLS1.0/1.1
+    {
+        if (n != SHA1_SIZE + MD5_SIZE)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto end_cert_vfy;
+        }
+
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+        }
+    }
+
+end_cert_vfy:
+    ssl->next_state = HS_FINISHED;
+error:
+    return ret;
+}
+
+#endif
diff --git a/ssl/version.h b/ssl/version.h
new file mode 100644
index 0000000000..c9d6c252f2
--- /dev/null
+++ b/ssl/version.h
@@ -0,0 +1 @@
+#define AXTLS_VERSION    "2.1.2"
diff --git a/ssl/x509.c b/ssl/x509.c
new file mode 100644
index 0000000000..dbb9fd3dd3
--- /dev/null
+++ b/ssl/x509.c
@@ -0,0 +1,899 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file x509.c
+ * 
+ * Certificate processing.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+
+/**
+ * Retrieve the signature from a certificate.
+ */
+static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs, begin_spki, end_spki;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    int version = 0;
+    X509_CTX *x509_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    BI_CTX *bi_ctx;
+#endif
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* optional version */
+    if (cert[offset] == ASN1_EXPLICIT_TAG && 
+            asn1_version(cert, &offset, &version) == X509_NOT_OK)
+        goto end_cert;
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn))
+    {
+        goto end_cert;
+    }
+    begin_spki = offset;
+    if (asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+    end_spki = offset;
+
+    x509_ctx->fingerprint = malloc(SHA1_SIZE);
+    SHA1_CTX sha_fp_ctx;
+    SHA1_Init(&sha_fp_ctx);
+    SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
+    SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
+
+    x509_ctx->spki_sha256 = malloc(SHA256_SIZE);
+    SHA256_CTX spki_hash_ctx;
+    SHA256_Init(&spki_hash_ctx);
+    SHA256_Update(&spki_hash_ctx, &cert[begin_spki], end_spki-begin_spki);
+    SHA256_Final(x509_ctx->spki_sha256, &spki_hash_ctx);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+    /* use the appropriate signature algorithm */
+    switch (x509_ctx->sig_type)
+    {
+        case SIG_TYPE_MD5:
+        {
+            MD5_CTX md5_ctx;
+            uint8_t md5_dgst[MD5_SIZE];
+            MD5_Init(&md5_ctx);
+            MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            MD5_Final(md5_dgst, &md5_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA1:
+        {
+            SHA1_CTX sha_ctx;
+            uint8_t sha_dgst[SHA1_SIZE];
+            SHA1_Init(&sha_ctx);
+            SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA1_Final(sha_dgst, &sha_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA256:
+        {
+            SHA256_CTX sha256_ctx;
+            uint8_t sha256_dgst[SHA256_SIZE];
+            SHA256_Init(&sha256_ctx);
+            SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA256_Final(sha256_dgst, &sha256_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA384:
+        {
+            SHA384_CTX sha384_ctx;
+            uint8_t sha384_dgst[SHA384_SIZE];
+            SHA384_Init(&sha384_ctx);
+            SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA384_Final(sha384_dgst, &sha384_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA512:
+        {
+            SHA512_CTX sha512_ctx;
+            uint8_t sha512_dgst[SHA512_SIZE];
+            SHA512_Init(&sha512_ctx);
+            SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA512_Final(sha512_dgst, &sha512_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
+        }
+            break;
+    }
+
+    if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
+    {
+        x509_v3_subject_alt_name(cert, offset, x509_ctx);
+        x509_v3_basic_constraints(cert, offset, x509_ctx);
+        x509_v3_key_usage(cert, offset, x509_ctx);
+    }
+
+    offset = end_tbs;   /* skip the rest of v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+    ret = X509_OK;
+end_cert:
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    if (ret)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        char buff[64];
+        printf("Error: Invalid X509 ASN.1 file (%s)\n",
+                        x509_display_error(ret, buff));
+#endif
+        x509_free(x509_ctx);
+        *ctx = NULL;
+    }
+
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
+    {
+        x509_ctx->subject_alt_name_present = true;
+        x509_ctx->subject_alt_name_is_critical = 
+                        asn1_is_critical_ext(cert, &offset);
+
+        if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
+        {
+            int altlen;
+
+            if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
+            {
+                int endalt = offset + altlen;
+                int totalnames = 0;
+
+                while (offset < endalt)
+                {
+                    int type = cert[offset++];
+                    int dnslen = get_asn1_length(cert, &offset);
+
+                    if (type == ASN1_CONTEXT_DNSNAME)
+                    {
+                        x509_ctx->subject_alt_dnsnames = (char**)
+                                realloc(x509_ctx->subject_alt_dnsnames, 
+                                   (totalnames + 2) * sizeof(char*));
+                        x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                (char*)malloc(dnslen + 1);
+                        x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                        memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                cert + offset, dnslen);
+                        x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
+                        totalnames++;
+                    }
+
+                    offset += dnslen;
+                }
+            }
+        }
+    }
+
+    return X509_OK;
+}
+
+/**
+ * Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
+ */
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
+        goto end_contraints;
+
+    x509_ctx->basic_constraint_present = true;
+    x509_ctx->basic_constraint_is_critical = 
+                    asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
+    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
+    		asn1_get_int(cert, &offset,
+    		                &x509_ctx->basic_constraint_pathLenConstraint) < 0)
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_contraints:
+    return ret;
+}
+
+/*
+ * Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
+ */
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_key_usage(cert, offset)) == 0)
+        goto end_key_usage;
+
+    x509_ctx->key_usage_present = true;
+    x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_key_usage:
+    return ret;
+}
+#endif
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+
+    if (x509_ctx->fingerprint)
+    {
+        free(x509_ctx->fingerprint);
+    }
+
+    if (x509_ctx->spki_sha256)
+    {
+        free(x509_ctx->spki_sha256);
+    }
+
+    if (x509_ctx->subject_alt_dnsnames)
+    {
+        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
+            free(x509_ctx->subject_alt_dnsnames[i]);
+
+        free(x509_ctx->subject_alt_dnsnames);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Take a signature and decrypt it.
+ */
+static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+    uint8_t *block = (uint8_t *)malloc(sig_len);
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+    free(block);
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx);
+    return bir;
+}
+
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - A root certificate exists in the certificate store.
+ * - That the certificate(s) are not self-signed.
+ * - The certificate chain is valid.
+ * - The signature of the certificate is valid.
+ * - Basic constraints 
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx = NULL;
+    bigint *mod = NULL, *expn = NULL;
+    int match_ca_cert = 0;
+    struct timeval tv;
+    uint8_t is_self_signed = 0;
+
+    if (cert == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* a self-signed certificate that is not in the CA store - use this 
+       to check the signature */
+    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        is_self_signed = 1;
+        ctx = cert->rsa_ctx->bi_ctx;
+        mod = cert->rsa_ctx->m;
+        expn = cert->rsa_ctx->e;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    if (cert->basic_constraint_present)
+    {
+    	/* If the cA boolean is not asserted,
+    	   then the keyCertSign bit in the key usage extension MUST NOT be
+    	   asserted. */
+    	if (!cert->basic_constraint_cA &&
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
+
+        /* The pathLenConstraint field is meaningful only if the cA boolean is
+           asserted and the key usage extension, if present, asserts the
+           keyCertSign bit.  In this case, it gives the maximum number of 
+           non-self-issued intermediate certificates that may follow this 
+           certificate in a valid certification path. */
+		if (cert->basic_constraint_cA &&
+            (!cert->key_usage_present || 
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
+            (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
+    }
+
+    next_cert = cert->next;
+
+    /* last cert in the chain - look for a trusted cert */
+    if (next_cert == NULL)
+    {
+       if (ca_cert_ctx != NULL) 
+       {
+            /* go thru the CA store */
+            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            {
+                /* the extension is present but the cA boolean is not 
+                   asserted, then the certified public key MUST NOT be used 
+                   to verify certificate signatures. */
+                if (cert->basic_constraint_present && 
+                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
+                    continue;
+                        
+                if (asn1_compare_dn(cert->ca_cert_dn,
+                                            ca_cert_ctx->cert[i]->cert_dn) == 0)
+                {
+                    /* use this CA certificate for signature verification */
+                    match_ca_cert = true;
+                    ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
+                    mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
+                    expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
+
+
+                    break;
+                }
+
+                i++;
+            }
+        }
+
+        /* couldn't find a trusted cert (& let self-signed errors 
+           be returned) */
+        if (!match_ca_cert && !is_self_signed)
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
+    {
+        /* check the chain */
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+    else /* use the next certificate in the chain for signature verify */
+    {
+        ctx = next_cert->rsa_ctx->bi_ctx;
+        mod = next_cert->rsa_ctx->m;
+        expn = next_cert->rsa_ctx->e;
+    }
+
+    /* cert is self signed */
+    if (!match_ca_cert && is_self_signed)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
+                        bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig && cert->digest)
+    {
+        if (bi_compare(cert_sig, cert->digest) != 0)
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
+
+
+        bi_free(ctx, cert_sig);
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+    }
+
+    if (ret)
+        goto end_verify;
+
+    /* go down the certificate chain using recursion. */
+    if (next_cert != NULL)
+    {
+    	(*pathLenConstraint)++; /* don't include last certificate */
+        ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+static const char *not_part_of_cert = "<Not Part Of Certificate>";
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("=== CERTIFICATE ISSUED TO ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
+                    cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
+        cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_STATE]);
+    }
+
+    if (cert->basic_constraint_present)
+    {
+        printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
+                cert->basic_constraint_is_critical ? 
+                    "critical, " : "",
+                cert->basic_constraint_cA? "TRUE" : "FALSE",
+                cert->basic_constraint_pathLenConstraint);
+    }
+
+    if (cert->key_usage_present)
+    {
+        printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ? 
+                    "critical, " : "");
+        bool has_started = false;
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
+        {
+            printf("Digital Signature");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Non Repudiation");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Encipherment");
+            has_started = true;
+        }
+        
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Data Encipherment");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Agreement");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Cert Sign");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("CRL Sign");
+            has_started = true;
+        }
+       
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Encipher Only");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Decipher Only");
+            has_started = true;
+        }
+
+        printf("\n");
+    }
+
+    if (cert->subject_alt_name_present)
+    {
+        printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical 
+                ?  "critical, " : "");
+        if (cert->subject_alt_dnsnames)
+        {
+            int i = 0;
+
+            while (cert->subject_alt_dnsnames[i])
+                printf("%s ", cert->subject_alt_dnsnames[i++]);
+        }
+        printf("\n");
+
+    }
+
+    printf("=== CERTIFICATE ISSUED BY ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
+                    cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
+        cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->ca_cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->ca_cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_STATE]);
+    }
+
+    printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_SHA256:
+            printf("SHA256\n");
+            break;
+        case SIG_TYPE_SHA384:
+            printf("SHA384\n");
+            break;
+        case SIG_TYPE_SHA512:
+            printf("SHA512\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    if (ca_cert_ctx)
+    {
+        int pathLenConstraint = 0;
+        char buff[64];
+        printf("Verify:\t\t\t\t%s\n",
+                x509_display_error(x509_verify(ca_cert_ctx, cert,
+                        &pathLenConstraint), buff));
+    }
+
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(cert->next, ca_cert_ctx);
+    }
+
+    TTY_FLUSH();
+}
+
+const char * x509_display_error(int error, char *buff)
+{
+    switch (error)
+    {
+        case X509_OK:
+            strcpy_P(buff, "Certificate verify successful");
+            return buff;
+
+        case X509_NOT_OK:
+            strcpy_P(buff, "X509 not ok");
+            return buff;
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            strcpy_P(buff, "No trusted cert is available");
+            return buff;
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            strcpy_P(buff, "Bad signature");
+            return buff;
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            strcpy_P(buff, "Cert is not yet valid");
+            return buff;
+
+        case X509_VFY_ERROR_EXPIRED:
+            strcpy_P(buff, "Cert has expired");
+            return buff;
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            strcpy_P(buff, "Cert is self-signed");
+            return buff;
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            strcpy_P(buff, "Chain is invalid (check order of certs)");
+            return buff;
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            strcpy_P(buff, "Unsupported digest");
+            return buff;
+
+        case X509_INVALID_PRIV_KEY:
+            strcpy_P(buff, "Invalid private key");
+            return buff;
+
+        case X509_VFY_ERROR_BASIC_CONSTRAINT:
+            strcpy_P(buff, "Basic constraint invalid");
+            return buff;
+
+        default:
+            strcpy_P(buff, "Unknown");
+            return buff;
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+
diff --git a/tools/make_certs.sh b/tools/make_certs.sh
new file mode 100644
index 0000000000..fc6cc90ae8
--- /dev/null
+++ b/tools/make_certs.sh
@@ -0,0 +1,256 @@
+#!/bin/sh
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+AXDIR=`pwd`/`dirname $0`
+CWD=`mktemp -d` && cd $dir
+cd $CWD 
+
+#
+# Generate the certificates and keys for testing.
+#
+
+PROJECT_NAME="axTLS Project"
+
+# Generate the openssl configuration files.
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_ca
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Dodgy Certificate Authority
+
+[ v3_ca ]
+basicConstraints        = critical, CA:true
+keyUsage                = critical, cRLSign, keyCertSign, digitalSignature
+EOF
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_usr_cert
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME
+ CN                     = localhost
+
+[ v3_usr_cert ]
+basicConstraints        = critical, CA:false
+keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName          = @alt_names
+ 
+[alt_names]
+DNS.1 = www.example.net
+DNS.2 = www.example.org
+EOF
+
+cat > device_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Device Certificate
+EOF
+
+cat > intermediate_ca.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+req_extensions         = v3_intermediate_ca
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate CA
+
+[ v3_intermediate_ca ]
+basicConstraints        = critical, CA:true, pathlen:0
+keyUsage                = cRLSign, keyCertSign, digitalSignature
+EOF
+
+cat > intermediate_ca2.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_intermediate_ca2
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate 2 CA
+
+[ v3_intermediate_ca2 ]
+basicConstraints        = critical, CA:true, pathlen:10
+keyUsage                = encipherOnly, keyCertSign, decipherOnly
+EOF
+
+# private key generation
+openssl genrsa -out axTLS.ca_key.pem 2048
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_2048.pem 2048
+openssl genrsa -out axTLS.key_4096.pem 4096
+openssl genrsa -out axTLS.key_device.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048
+openssl genrsa -out axTLS.key_end_chain.pem 2048
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
+
+# convert private keys into DER format
+openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
+openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
+
+# cert requests
+openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \
+            -config ./ca_cert.conf 
+openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \
+            -config ./device_cert.conf
+openssl req -out axTLS.x509_intermediate_ca.csr \
+            -key axTLS.key_intermediate_ca.pem -new \
+            -config ./intermediate_ca.conf
+openssl req -out axTLS.x509_intermediate_ca2.csr \
+            -key axTLS.key_intermediate_ca2.pem -new \
+            -config ./intermediate_ca2.conf
+openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
+            -config ./certs.conf
+openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
+            -new -config ./certs.conf -passin pass:abcd
+openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \
+            -new -config ./certs.conf -passin pass:abcd
+
+# generate the actual certs.
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \
+            -sha1 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
+            -sha256 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
+            -sha384 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
+            -sha512 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
+openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
+            -extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
+openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
+openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+# basic constraint path len failure
+openssl x509 -req -in axTLS.x509_end_chain.csr \
+            -out axTLS.x509_end_chain_bad.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca2.pem \
+            -CAkey axTLS.key_intermediate_ca2.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem 
+openssl x509 -req -in axTLS.x509_aes128.csr \
+            -out axTLS.x509_aes128.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_aes256.csr \
+            -out axTLS.x509_aes256.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# note: must be root to do this
+DATE_NOW=`date`
+if date -s "Jan 1 2025"; then
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \
+            -sha1 -CAcreateserial -days 365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+date -s "$DATE_NOW"
+touch axTLS.x509_bad_before.pem
+fi
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \
+            -sha1 -CAcreateserial -days -365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# some cleanup
+rm axTLS*.csr
+rm *.srl
+rm *.conf
+
+# need this for the client tests
+openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
+openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
+openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
+
+# generate pkcs8 files (use RC4-128 for encryption)
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+
+# generate pkcs12 files (use RC4-128 for encryption)
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
+
+# PEM certificate chain
+cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
+
+# set default key/cert for use in the server
+xxd -i axTLS.x509_1024.cer | sed -e \
+        "s/axTLS_x509_1024_cer/default_certificate/" > $AXDIR/../ssl/cert.h
+xxd -i axTLS.key_1024 | sed -e \
+        "s/axTLS_key_1024/default_private_key/" > $AXDIR/../ssl/private_key.h
diff --git a/util/time.h b/util/time.h
new file mode 100644
index 0000000000..78e37b1d39
--- /dev/null
+++ b/util/time.h
@@ -0,0 +1,11 @@
+#ifndef TIME_H
+#define TIME_H
+
+struct timeval
+{
+  time_t tv_sec;
+  long   tv_usec;
+};
+
+
+#endif //TIME_H
diff --git a/www/index.html b/www/index.html
new file mode 100755
index 0000000000..2b1d8b3eb6
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,7103 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<script type="text/javascript">
+//<![CDATA[
+var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
+//]]>
+</script>
+<!--
+TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
+
+Copyright (c) Osmosoft Limited 2004-2006
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+Neither the name of the Osmosoft Limited nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+-->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<!--PRE-HEAD-START-->
+<!--{{{-->
+<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
+<!--}}}-->
+<!--PRE-HEAD-END-->
+<title> axTLS Embedded SSL - changes, notes and errata </title>
+<script type="text/javascript">
+//<![CDATA[
+// ---------------------------------------------------------------------------------
+// Configuration repository
+// ---------------------------------------------------------------------------------
+
+// Miscellaneous options
+var config = {
+    numRssItems: 20, // Number of items in the RSS feed
+    animFast: 0.12, // Speed for animations (lower == slower)
+    animSlow: 0.01, // Speed for EasterEgg animations
+    cascadeFast: 20, // Speed for cascade animations (higher == slower)
+    cascadeSlow: 60, // Speed for EasterEgg cascade animations
+    cascadeDepth: 5, // Depth of cascade animation
+    displayStartupTime: false // Whether to display startup time
+    };
+
+// Messages
+config.messages = {
+    messageClose: {},
+    dates: {}
+};
+
+// Options that can be set in the options panel and/or cookies
+config.options = {
+    chkRegExpSearch: false,
+    chkCaseSensitiveSearch: false,
+    chkAnimate: true,
+    chkSaveBackups: true,
+    chkAutoSave: false,
+    chkGenerateAnRssFeed: false,
+    chkSaveEmptyTemplate: false,
+    chkOpenInNewWindow: true,
+    chkToggleLinks: false,
+    chkHttpReadOnly: true,
+    chkForceMinorUpdate: false,
+    chkConfirmDelete: true,
+    chkInsertTabs: false,
+    txtBackupFolder: "",
+    txtMainTab: "tabTimeline",
+    txtMoreTab: "moreTabAll",
+    txtMaxEditRows: "30"
+    };
+
+// List of notification functions to be called when certain tiddlers are changed or deleted
+config.notifyTiddlers = [
+    {name: "StyleSheetLayout", notify: refreshStyles},
+    {name: "StyleSheetColors", notify: refreshStyles},
+    {name: "StyleSheet", notify: refreshStyles},
+    {name: "StyleSheetPrint", notify: refreshStyles},
+    {name: "PageTemplate", notify: refreshPageTemplate},
+    {name: "SiteTitle", notify: refreshPageTitle},
+    {name: "SiteSubtitle", notify: refreshPageTitle},
+    {name: "ColorPalette", notify: refreshColorPalette},
+    {name: null, notify: refreshDisplay}
+    ];
+
+// Default tiddler templates
+var DEFAULT_VIEW_TEMPLATE = 1;
+var DEFAULT_EDIT_TEMPLATE = 2;
+config.tiddlerTemplates = {
+    1: "ViewTemplate",
+    2: "EditTemplate"
+    };
+
+// More messages (rather a legacy layout that shouldn't really be like this)
+config.views = {
+    wikified: {
+        tag: {}
+        },
+    editor: {
+        tagChooser: {}
+        }
+    };
+
+// Macros; each has a 'handler' member that is inserted later
+config.macros = {
+    today: {},
+    version: {},
+    search: {sizeTextbox: 15},
+    tiddler: {},
+    tag: {},
+    tags: {},
+    tagging: {},
+    timeline: {},
+    allTags: {},
+    list: {
+        all: {},
+        missing: {},
+        orphans: {},
+        shadowed: {}
+        },
+    closeAll: {},
+    permaview: {},
+    saveChanges: {},
+    slider: {},
+    option: {},
+    newTiddler: {},
+    newJournal: {},
+    sparkline: {},
+    tabs: {},
+    gradient: {},
+    message: {},
+    view: {},
+    edit: {},
+    tagChooser: {},
+    toolbar: {},
+    br: {},
+    plugins: {},
+    refreshDisplay: {},
+    importTiddlers: {}
+    };
+
+// Commands supported by the toolbar macro
+config.commands = {
+    closeTiddler: {},
+    closeOthers: {},
+    editTiddler: {},
+    saveTiddler: {hideReadOnly: true},
+    cancelTiddler: {},
+    deleteTiddler: {hideReadOnly: true},
+    permalink: {},
+    references: {},
+    jump: {}
+    };
+
+// Browser detection... In a very few places, there's nothing else for it but to
+// know what browser we're using.
+config.userAgent = navigator.userAgent.toLowerCase();
+config.browser = {
+    isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+    ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+    isSafari: config.userAgent.indexOf("applewebkit") != -1,
+    isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+    firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+    isOpera: config.userAgent.indexOf("opera") != -1,
+    isLinux: config.userAgent.indexOf("linux") != -1,
+    isUnix: config.userAgent.indexOf("x11") != -1,
+    isMac: config.userAgent.indexOf("mac") != -1,
+    isWindows: config.userAgent.indexOf("win") != -1
+    };
+
+// Basic regular expressions
+config.textPrimitives = {
+    upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+    lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+    anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+    anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+    };
+if(config.browser.isBadSafari)
+    config.textPrimitives = {
+        upperLetter: "[A-Z\u00c0-\u00de]",
+        lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+        anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+        anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+        }
+config.textPrimitives.sliceSeparator = "::";
+config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
+config.textPrimitives.unWikiLink = "~";
+config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
+                                                config.textPrimitives.lowerLetter + "+" +
+                                                config.textPrimitives.upperLetter +
+                                                config.textPrimitives.anyLetter + "*)|(?:" +
+                                                config.textPrimitives.upperLetter + "{2,}" +
+                                                config.textPrimitives.lowerLetter + "+))";
+
+config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
+config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
+
+config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
+config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
+config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
+    config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+
+// ---------------------------------------------------------------------------------
+// Shadow tiddlers
+// ---------------------------------------------------------------------------------
+
+config.shadowTiddlers = {
+    ColorPalette: "Background: #fff\n" +
+                  "Foreground: #000\n" +
+                  "PrimaryPale: #8cf\n" +
+                  "PrimaryLight: #18f\n" +
+                  "PrimaryMid: #04b\n" +
+                  "PrimaryDark: #014\n" +
+                  "SecondaryPale: #ffc\n" +
+                  "SecondaryLight: #fe8\n" +
+                  "SecondaryMid: #db4\n" +
+                  "SecondaryDark: #841\n" +
+                  "TertiaryPale: #eee\n" +
+                  "TertiaryLight: #ccc\n" +
+                  "TertiaryMid: #999\n" +
+                  "TertiaryDark: #666\n" +
+                  "Error: #f88\n",
+    StyleSheet: "",
+    StyleSheetColors: "/*{{{*/\nbody {\n    background: [[ColorPalette::Background]];\n color: [[ColorPalette::Foreground]];\n}\n\na{\n color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n   background: [[ColorPalette::PrimaryMid]];\n color: [[ColorPalette::Background]];\n}\n\na img{\n border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n color: [[ColorPalette::SecondaryDark]];\n   background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n    color: [[ColorPalette::PrimaryDark]];\n border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::SecondaryLight]];\n border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n    background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n   color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n  font-weight: normal;\n  color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n    color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n  font-weight: normal;\n  color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border-left: 1px solid [[ColorPalette::TertiaryLight]];\n   border-top: 1px solid [[ColorPalette::TertiaryLight]];\n    border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n   color: [[ColorPalette::Background]];\n  background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n   color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n    border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n  background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n   color: [[ColorPalette::PrimaryMid]];\n  background: [[ColorPalette::Background]];\n}\n\n.wizard {\n background: [[ColorPalette::SecondaryLight]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n    color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n  background: [[ColorPalette::Background]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n  border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n    color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n  color: [[ColorPalette::PrimaryLight]];\n    background: [[ColorPalette::PrimaryDark]];\n    border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n    background: [[ColorPalette::SecondaryMid]];\n   color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n    padding: 0.2em 0.2em 0.2em 0.2em;\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::Background]];\n}\n\n.popup {\n  background: [[ColorPalette::PrimaryLight]];\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px;\n}\n\n.listBreak div{\n border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n    color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n color: [[ColorPalette::TertiaryPale]];\n    border: none;\n}\n\n.popup li a:hover {\n   background: [[ColorPalette::PrimaryDark]];\n    color: [[ColorPalette::Background]];\n  border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n   color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n    border: 1px solid [[ColorPalette::TertiaryPale]];\n background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n   background-color: [[ColorPalette::TertiaryLight]];\n    border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n  color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n       border: none;\n}\n\n.footer {\n color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n  background: [[ColorPalette::PrimaryPale]];\n    border: 0;\n}\n\n.sparktick {\n background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n   color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::Error]];\n}\n\n.warning {\n color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n background: [[ColorPalette::TertiaryPale]];\n   color: [[ColorPalette::TertiaryMid]];\n border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n  background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n    border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n  border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n  border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n    background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n border: 1px solid [[ColorPalette::SecondaryLight]];\n   background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n    border: 0;\n    border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n    background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n   width: 100%;\n}\n\n.editorFooter {\n    color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+    StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n   font-size: .75em;\n font-family: arial,helvetica;\n margin: 0;\n    padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n    font-weight: bold;\n    text-decoration: none;\n    padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n  height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n  border: 0;\n}\n\n.externalLink {\n  text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n  font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n   font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n        position: relative;\n}\n\n.header a:hover {\n   background: transparent;\n}\n\n.headerShadow {\n    position: relative;\n   padding: 4.5em 0em 1em 1em;\n   left: -1px;\n   top: -1px;\n}\n\n.headerForeground {\n  position: absolute;\n   padding: 4.5em 0em 1em 1em;\n   left: 0px;\n    top: 0px;\n}\n\n.siteTitle {\n  font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n#mainMenu {\n   position: absolute;\n   left: 0;\n  width: 10em;\n  text-align: right;\n    line-height: 1.6em;\n   padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n#sidebar {\n    position: absolute;\n   right: 3px;\n   width: 16em;\n  font-size: .9em;\n}\n\n#sidebarOptions {\n  padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n    padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n   font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n  font-weight: bold;\n    display: inline;\n  padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n    margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n width: 15em;\n  overflow: hidden;\n}\n\n.wizard {\n padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n    font-size: 2em;\n   font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n   font-size: 1.2em;\n font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n  padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n margin: 0.5em 0em 0em 0em;\n    font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n    text-decoration: underline;\n}\n\n.popup {\n    font-size: .9em;\n  padding: 0.2em;\n   list-style: none;\n margin: 0;\n}\n\n.popup hr {\n  display: block;\n   height: 1px;\n  width: auto;\n  padding: 0;\n   margin: 0.2em 0em;\n}\n\n.listBreak {\n font-size: 1px;\n   line-height: 1px;\n}\n\n.listBreak div {\n  margin: 2px 0;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n    display: block;\n   padding: 0.2em;\n}\n\n.tabset {\n   padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n  margin: 0em 0em 0em 0.25em;\n   padding: 2px;\n}\n\n.tabContents {\n    padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n  margin: 0;\n    padding: 0;\n}\n\n.txtMainTab .tabContents li {\n   list-style: none;\n}\n\n.tabContents li.listLink {\n     margin-left: .75em;\n}\n\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n    font-size: .9em;\n  visibility: hidden;\n}\n\n.selected .toolbar {\n    visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n    font-style: italic;\n}\n\n.title {\n    font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n  font-size: 1.1em;\n}\n\n.tiddler .button {\n    padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n  font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n  width: 99%;\n   padding: 0 0 1em 0;\n}\n\n.viewer {\n   line-height: 1.4em;\n   padding-top: 0.5em;\n}\n\n.viewer .button {\n   margin: 0em 0.25em;\n   padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n   line-height: 1.5em;\n   padding-left: 0.8em;\n  margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n   padding-left: 1.5em;\n}\n\n.viewer table {\n    border-collapse: collapse;\n    margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n    padding: 3px;\n}\n\n.viewer table.listView {\n  font-size: 0.85em;\n    margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n  padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n   margin-left: 0.5em;\n   font-size: 1.2em;\n line-height: 1.4em;\n   overflow: auto;\n}\n\n.viewer code {\n  font-size: 1.2em;\n line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n    display: block;\n   width: 100%;\n  font: inherit;\n}\n\n.editorFooter {\n  padding: 0.25em 0em;\n  font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n  outline: 0;\n}\n\n.zoomer {\n   font-size: 1.1em;\n position: absolute;\n   padding: 1em;\n}\n\n.cascade {\n    font-size: 1.1em;\n position: absolute;\n   overflow: hidden;\n}\n/*}}}*/",
+    StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+    PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+    ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+    EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+    MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+    MarkupPostHead: "",
+    MarkupPreBody: "",
+    MarkupPostBody: ""
+    };
+
+// ---------------------------------------------------------------------------------
+// Translateable strings
+// ---------------------------------------------------------------------------------
+
+// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
+
+merge(config.options,{
+    txtUserName: "YourName"});
+
+merge(config.messages,{
+    customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+    pluginError: "Error: %0",
+    pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+    pluginForced: "Executed because forced via 'systemConfigForce' tag",
+    pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+    nothingSelected: "Nothing is selected. You must select one or more items first",
+    savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+    subtitleUnknown: "(unknown)",
+    undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+    shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+    tiddlerLinkTooltip: "%0 - %1, %2",
+    externalLinkTooltip: "External link to %0",
+    noTags: "There are no tagged tiddlers",
+    notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+    cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+    invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+    backupSaved: "Backup saved",
+    backupFailed: "Failed to save backup file",
+    rssSaved: "RSS feed saved",
+    rssFailed: "Failed to save RSS feed file",
+    emptySaved: "Empty template saved",
+    emptyFailed: "Failed to save empty template file",
+    mainSaved: "Main TiddlyWiki file saved",
+    mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+    macroError: "Error in macro <<%0>>",
+    macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+    missingMacro: "No such macro",
+    overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+    unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+    confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+    saveInstructions: "SaveChanges",
+    unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+    tiddlerSaveError: "Error when saving tiddler '%0'",
+    tiddlerLoadError: "Error when loading tiddler '%0'",
+    wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+    invalidFieldName: "Invalid field name %0",
+    fieldCannotBeChanged: "Field '%0' cannot be changed"});
+
+merge(config.messages.messageClose,{
+    text: "close",
+    tooltip: "close this message area"});
+
+config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
+config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+merge(config.views.wikified.tag,{
+    labelNoTags: "no tags",
+    labelTags: "tags: ",
+    openTag: "Open tag '%0'",
+    tooltip: "Show tiddlers tagged with '%0'",
+    openAllText: "Open all",
+    openAllTooltip: "Open all of these tiddlers",
+    popupNone: "No other tiddlers tagged with '%0'"});
+
+merge(config.views.wikified,{
+    defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+    defaultModifier: "(missing)",
+    shadowModifier: "(built-in shadow tiddler)",
+    createdPrompt: "created"});
+
+merge(config.views.editor,{
+    tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+    defaultText: "Type the text for '%0'"});
+
+merge(config.views.editor.tagChooser,{
+    text: "tags",
+    tooltip: "Choose existing tags to add to this tiddler",
+    popupNone: "There are no tags defined",
+    tagTooltip: "Add the tag '%0'"});
+
+merge(config.macros.search,{
+    label: "search",
+    prompt: "Search this TiddlyWiki",
+    accessKey: "F",
+    successMsg: "%0 tiddlers found matching %1",
+    failureMsg: "No tiddlers found matching %0"});
+
+merge(config.macros.tagging,{
+    label: "tagging: ",
+    labelNotTag: "not tagging",
+    tooltip: "List of tiddlers tagged with '%0'"});
+
+merge(config.macros.timeline,{
+    dateFormat: "DD MMM YYYY"});
+
+merge(config.macros.allTags,{
+    tooltip: "Show tiddlers tagged with '%0'",
+    noTags: "There are no tagged tiddlers"});
+
+config.macros.list.all.prompt = "All tiddlers in alphabetical order";
+config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
+config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
+config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
+
+merge(config.macros.closeAll,{
+    label: "close all",
+    prompt: "Close all displayed tiddlers (except any that are being edited)"});
+
+merge(config.macros.permaview,{
+    label: "permaview",
+    prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+
+merge(config.macros.saveChanges,{
+    label: "save changes",
+    prompt: "Save all tiddlers to create a new TiddlyWiki",
+    accessKey: "S"});
+
+merge(config.macros.newTiddler,{
+    label: "new tiddler",
+    prompt: "Create a new tiddler",
+    title: "New Tiddler",
+    accessKey: "N"});
+
+merge(config.macros.newJournal,{
+    label: "new journal",
+    prompt: "Create a new tiddler from the current date and time",
+    accessKey: "J"});
+
+merge(config.macros.plugins,{
+    skippedText: "(This plugin has not been executed because it was added since startup)",
+    noPluginText: "There are no plugins installed",
+    confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+    listViewTemplate : {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+            {name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+            {name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+            {name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+            {name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+            {name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+            ],
+        rowClasses: [
+            {className: 'error', field: 'error'},
+            {className: 'warning', field: 'warning'}
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Remove systemConfig tag", name: 'remove'},
+            {caption: "Delete these tiddlers forever", name: 'delete'}
+            ]}
+    });
+
+merge(config.macros.refreshDisplay,{
+    label: "refresh",
+    prompt: "Redraw the entire TiddlyWiki display"
+    });
+
+merge(config.macros.importTiddlers,{
+    readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+    defaultPath: "http://www.tiddlywiki.com/index.html",
+    fetchLabel: "fetch",
+    fetchPrompt: "Fetch the tiddlywiki file",
+    fetchError: "There were problems fetching the tiddlywiki file",
+    confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+    wizardTitle: "Import tiddlers from another TiddlyWiki file",
+    step1: "Step 1: Locate the TiddlyWiki file",
+    step1prompt: "Enter the URL or pathname here: ",
+    step1promptFile: "...or browse for a file: ",
+    step1promptFeeds: "...or select a pre-defined feed: ",
+    step1feedPrompt: "Choose...",
+    step2: "Step 2: Loading TiddlyWiki file",
+    step2Text: "Please wait while the file is loaded from: %0",
+    step3: "Step 3: Choose the tiddlers to import",
+    step4: "%0 tiddler(s) imported",
+    step5: "Done",
+    listViewTemplate: {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', title: "Title", type: 'String'},
+            {name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+            {name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+            ],
+        rowClasses: [
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Import these tiddlers", name: 'import'}
+            ]}
+    });
+
+merge(config.commands.closeTiddler,{
+    text: "close",
+    tooltip: "Close this tiddler"});
+
+merge(config.commands.closeOthers,{
+    text: "close others",
+    tooltip: "Close all other tiddlers"});
+
+merge(config.commands.editTiddler,{
+    text: "edit",
+    tooltip: "Edit this tiddler",
+    readOnlyText: "view",
+    readOnlyTooltip: "View the source of this tiddler"});
+
+merge(config.commands.saveTiddler,{
+    text: "done",
+    tooltip: "Save changes to this tiddler"});
+
+merge(config.commands.cancelTiddler,{
+    text: "cancel",
+    tooltip: "Undo changes to this tiddler",
+    warning: "Are you sure you want to abandon your changes to '%0'?",
+    readOnlyText: "done",
+    readOnlyTooltip: "View this tiddler normally"});
+
+merge(config.commands.deleteTiddler,{
+    text: "delete",
+    tooltip: "Delete this tiddler",
+    warning: "Are you sure you want to delete '%0'?"});
+
+merge(config.commands.permalink,{
+    text: "permalink",
+    tooltip: "Permalink for this tiddler"});
+
+merge(config.commands.references,{
+    text: "references",
+    tooltip: "Show tiddlers that link to this one",
+    popupNone: "No references"});
+
+merge(config.commands.jump,{
+    text: "jump",
+    tooltip: "Jump to another open tiddler"});
+
+merge(config.shadowTiddlers,{
+    DefaultTiddlers: "GettingStarted",
+    MainMenu: "GettingStarted",
+    SiteTitle: "My TiddlyWiki",
+    SiteSubtitle: "a reusable non-linear personal web notebook",
+    SiteUrl: "http://www.tiddlywiki.com/",
+    GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+    SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+    OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+    AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+    SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+    TabTimeline: "<<timeline>>",
+    TabAll: "<<list all>>",
+    TabTags: "<<allTags>>",
+    TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+    TabMoreMissing: "<<list missing>>",
+    TabMoreOrphans: "<<list orphans>>",
+    TabMoreShadowed: "<<list shadowed>>",
+    PluginManager: "<<plugins>>",
+    ImportTiddlers: "<<importTiddlers>>"});
+
+// ---------------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------------
+
+var params = null; // Command line parameters
+var store = null; // TiddlyWiki storage
+var story = null; // Main story
+var formatter = null; // Default formatters for the wikifier
+config.parsers = {}; // Hashmap of alternative parsers for the wikifier
+var anim = new Animator(); // Animation engine
+var readOnly = false; // Whether we're in readonly mode
+var highlightHack = null; // Embarrassing hack department...
+var hadConfirmExit = false; // Don't warn more than once
+var safeMode = false; // Disable all plugins and cookies
+var installedPlugins = []; // Information filled in when plugins are executed
+var startingUp = false; // Whether we're in the process of starting up
+var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
+
+// Whether to use the JavaSaver applet
+var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
+
+// Starting up
+function main()
+{
+    var now, then = new Date();
+    startingUp = true;
+    window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+    params = getParameters();
+    if(params)
+        params = params.parseParams("open",null,false);
+    store = new TiddlyWiki();
+    invokeParamifier(params,"oninit");
+    story = new Story("tiddlerDisplay","tiddler");
+    addEvent(document,"click",Popup.onDocumentClick);
+    saveTest();
+    loadOptionsCookie();
+    for(var s=0; s<config.notifyTiddlers.length; s++)
+        store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+    store.loadFromDiv("storeArea","store",true);
+    invokeParamifier(params,"onload");
+    var pluginProblem = loadPlugins();
+    formatter = new Formatter(config.formatters);
+    readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+    invokeParamifier(params,"onconfig");
+    store.notifyAll();
+    restart();
+    if(pluginProblem)
+        {
+        story.displayTiddler(null,"PluginManager");
+        displayMessage(config.messages.customConfigError);
+        }
+    now = new Date();
+    if(config.displayStartupTime)
+        displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+    startingUp = false;
+}
+
+// Restarting
+function restart()
+{
+    invokeParamifier(params,"onstart");
+    if(story.isEmpty())
+        {
+        var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+        invokeParamifier(defaultParams,"onstart");
+        }
+    window.scrollTo(0,0);
+}
+
+function saveTest()
+{
+    var saveTest = document.getElementById("saveTest");
+    if(saveTest.hasChildNodes())
+        alert(config.messages.savedSnapshotError);
+    saveTest.appendChild(document.createTextNode("savetest"));
+}
+
+function loadPlugins()
+{
+    if(safeMode)
+        return false;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    installedPlugins = [];
+    var hadProblem = false;
+    for(var t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        pluginInfo = getPluginInfo(tiddler);
+        if(isPluginExecutable(pluginInfo))
+            {
+            pluginInfo.executed = true;
+            pluginInfo.error = false;
+            try
+                {
+                if(tiddler.text && tiddler.text != "")
+                    window.eval(tiddler.text);
+                }
+            catch(e)
+                {
+                pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+                pluginInfo.error = true;
+                hadProblem = true;
+                }
+            }
+        else
+            pluginInfo.warning = true;
+        installedPlugins.push(pluginInfo);
+        }
+    return hadProblem;
+}
+
+function getPluginInfo(tiddler)
+{
+    var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+    p.tiddler = tiddler;
+    p.title = tiddler.title;
+    p.log = [];
+    return p;
+}
+
+// Check that a particular plugin is valid for execution
+function isPluginExecutable(plugin)
+{
+    if(plugin.tiddler.isTagged("systemConfigDisable"))
+        return verifyTail(plugin,false,config.messages.pluginDisabled);
+    if(plugin.tiddler.isTagged("systemConfigForce"))
+        return verifyTail(plugin,true,config.messages.pluginForced);
+    if(plugin["CoreVersion"])
+        {
+        var coreVersion = plugin["CoreVersion"].split(".");
+        var w = parseInt(coreVersion[0]) - version.major;
+        if(w == 0 && coreVersion[1])
+            w = parseInt(coreVersion[1]) - version.minor;
+        if(w == 0 && coreVersion[2])
+            w = parseInt(coreVersion[2]) - version.revision;
+        if(w > 0)
+            return verifyTail(plugin,false,config.messages.pluginVersionError);
+        }
+    return true;
+}
+
+function verifyTail(plugin,result,message)
+{
+    plugin.log.push(message);
+    return result;
+}
+
+function invokeMacro(place,macro,params,wikifier,tiddler)
+{
+    try
+        {
+        var m = config.macros[macro];
+        if(m && m.handler)
+            m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+        else
+            createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+        }
+    catch(ex)
+        {
+        createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Paramifiers
+// ---------------------------------------------------------------------------------
+
+function getParameters()
+{
+    var p = null;
+    if(window.location.hash)
+        {
+        p = decodeURI(window.location.hash.substr(1));
+        if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+            p = convertUTF8ToUnicode(p);
+        }
+    return p;
+}
+
+function invokeParamifier(params,handler)
+{
+    if(!params || params.length == undefined || params.length <= 1)
+        return;
+    for(var t=1; t<params.length; t++)
+        {
+        var p = config.paramifiers[params[t].name];
+        if(p && p[handler] instanceof Function)
+            p[handler](params[t].value);
+        }
+}
+
+config.paramifiers = {};
+
+config.paramifiers.start = {
+    oninit: function(v) {
+        safeMode = v.toLowerCase() == "safe";
+        }
+};
+
+config.paramifiers.open = {
+    onstart: function(v) {
+        story.displayTiddler("bottom",v,null,false,false);
+        }
+};
+
+config.paramifiers.story = {
+    onstart: function(v) {
+        var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+        invokeParamifier(list,"onstart");
+        }
+};
+
+config.paramifiers.search = {
+    onstart: function(v) {
+        story.search(v,false,false);
+        }
+};
+
+config.paramifiers.searchRegExp = {
+    onstart: function(v) {
+        story.prototype.search(v,false,true);
+        }
+};
+
+config.paramifiers.tag = {
+    onstart: function(v) {
+        var tagged = store.getTaggedTiddlers(v,"title");
+        for(var t=0; t<tagged.length; t++)
+            story.displayTiddler("bottom",tagged[t].title,null,false,false);
+        }
+};
+
+config.paramifiers.newTiddler = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(v,"text");
+            }
+        }
+};
+
+config.paramifiers.newJournal = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            var now = new Date();
+            var title = now.formatString(v.trim());
+            story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(title,"text");
+            }
+        }
+};
+
+// ---------------------------------------------------------------------------------
+// Formatter helpers
+// ---------------------------------------------------------------------------------
+
+function Formatter(formatters)
+{
+    this.formatters = [];
+    var pattern = [];
+    for(var n=0; n<formatters.length; n++)
+        {
+        pattern.push("(" + formatters[n].match + ")");
+        this.formatters.push(formatters[n]);
+        }
+    this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+}
+
+config.formatterHelpers = {
+
+    createElementAndWikify: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+    },
+
+    inlineCssHelper: function(w)
+    {
+        var styles = [];
+        config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var s,v;
+            if(lookaheadMatch[1])
+                {
+                s = lookaheadMatch[1].unDash();
+                v = lookaheadMatch[2];
+                }
+            else
+                {
+                s = lookaheadMatch[3].unDash();
+                v = lookaheadMatch[4];
+                }
+            if (s=="bgcolor")
+                s = "backgroundColor";
+            styles.push({style: s, value: v});
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+            }
+        return styles;
+    },
+
+    applyCssHelper: function(e,styles)
+    {
+        for(var t=0; t< styles.length; t++)
+            {
+            try
+                {
+                e.style[styles[t].style] = styles[t].value;
+                }
+            catch (ex)
+                {
+                }
+            }
+    },
+
+    enclosedTextHelper: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var text = lookaheadMatch[1];
+            if(config.browser.isIE)
+                text = text.replace(/\n/g,"\r");
+            createTiddlyElement(w.output,this.element,null,null,text);
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            }
+    },
+
+    isExternalLink: function(link)
+    {
+        if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+            {
+            //# Definitely not an external link
+            return false;
+            }
+        var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+        if(urlRegExp.exec(link))
+            {
+            // Definitely an external link
+            return true;
+            }
+        if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+            {
+            //# Link contains . / or \ so is probably an external link
+            return true;
+            }
+        //# Otherwise assume it is not an external link
+        return false;
+    }
+
+};
+
+// ---------------------------------------------------------------------------------
+// Standard formatters
+// ---------------------------------------------------------------------------------
+
+config.formatters = [
+{
+    name: "table",
+    match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+    lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+    rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+    cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+    cellTermRegExp: /((?:\x20*)\|)/mg,
+    rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+    handler: function(w)
+    {
+        var table = createTiddlyElement(w.output,"table");
+        var prevColumns = [];
+        var currRowType = null;
+        var rowContainer;
+        var rowCount = 0;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var nextRowType = lookaheadMatch[2];
+            if(nextRowType == "k")
+                {
+                table.className = lookaheadMatch[1];
+                w.nextMatch += lookaheadMatch[0].length+1;
+                }
+            else
+                {
+                if(nextRowType != currRowType)
+                    {
+                    rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+                    currRowType = nextRowType;
+                    }
+                if(currRowType == "c")
+                    {
+                    // Caption
+                    w.nextMatch++;
+                    if(rowContainer != table.firstChild)
+                        table.insertBefore(rowContainer,table.firstChild);
+                    rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+                    w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+                    }
+                else
+                    {
+                    this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+                    rowCount++;
+                    }
+                }
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            }
+    },
+    rowHandler: function(w,e,prevColumns)
+    {
+        var col = 0;
+        var colSpanCount = 1;
+        var prevCell = null;
+        this.cellRegExp.lastIndex = w.nextMatch;
+        var cellMatch = this.cellRegExp.exec(w.source);
+        while(cellMatch && cellMatch.index == w.nextMatch)
+            {
+            if(cellMatch[1] == "~")
+                {
+                // Rowspan
+                var last = prevColumns[col];
+                if(last)
+                    {
+                    last.rowSpanCount++;
+                    last.element.setAttribute("rowspan",last.rowSpanCount);
+                    last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+                    last.element.valign = "center";
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[1] == ">")
+                {
+                // Colspan
+                colSpanCount++;
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[2])
+                {
+                // End of row
+                if(prevCell && colSpanCount > 1)
+                    {
+                    prevCell.setAttribute("colspan",colSpanCount);
+                    prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex;
+                break;
+                }
+            else
+                {
+                // Cell
+                w.nextMatch++;
+                var styles = config.formatterHelpers.inlineCssHelper(w);
+                var spaceLeft = false;
+                var chr = w.source.substr(w.nextMatch,1);
+                while(chr == " ")
+                    {
+                    spaceLeft = true;
+                    w.nextMatch++;
+                    chr = w.source.substr(w.nextMatch,1);
+                    }
+                var cell;
+                if(chr == "!")
+                    {
+                    cell = createTiddlyElement(e,"th");
+                    w.nextMatch++;
+                    }
+                else
+                    cell = createTiddlyElement(e,"td");
+                prevCell = cell;
+                prevColumns[col] = {rowSpanCount:1, element:cell};
+                if(colSpanCount > 1)
+                    {
+                    cell.setAttribute("colspan",colSpanCount);
+                    cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    colSpanCount = 1;
+                    }
+                config.formatterHelpers.applyCssHelper(cell,styles);
+                w.subWikifyTerm(cell,this.cellTermRegExp);
+                if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+                    cell.align = spaceLeft ? "center" : "left";
+                else if(spaceLeft)
+                    cell.align = "right";
+                w.nextMatch--;
+                }
+            col++;
+            this.cellRegExp.lastIndex = w.nextMatch;
+            cellMatch = this.cellRegExp.exec(w.source);
+            }
+    }
+},
+
+{
+    name: "heading",
+    match: "^!{1,5}",
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+    }
+},
+
+{
+    name: "list",
+    match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+    lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0, currType = null;
+        var listLevel, listType, itemType;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            if(lookaheadMatch[1])
+                {
+                listType = "ul";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[2])
+                {
+                listType = "ol";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[3])
+                {
+                listType = "dl";
+                itemType = "dt";
+                }
+            else if(lookaheadMatch[4])
+                {
+                listType = "dl";
+                itemType = "dd";
+                }
+            listLevel = lookaheadMatch[0].length;
+            w.nextMatch += lookaheadMatch[0].length;
+            if(listLevel > currLevel)
+                {
+                for(var t=currLevel; t<listLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            else if(listLevel < currLevel)
+                {
+                for(var t=currLevel; t>listLevel; t--)
+                    placeStack.pop();
+                }
+            else if(listLevel == currLevel && listType != currType)
+                {
+                placeStack.pop();
+                placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            currLevel = listLevel;
+            currType = listType;
+            var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+            w.subWikifyTerm(e,this.termRegExp);
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        }
+    }
+},
+
+{
+    name: "quoteByBlock",
+    match: "^<<<\\n",
+    termRegExp: /(^<<<(\n|$))/mg,
+    element: "blockquote",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "quoteByLine",
+    match: "^>+",
+    lookaheadRegExp: /^>+/mg,
+    termRegExp: /(\n)/mg,
+    element: "blockquote",
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0;
+        var newLevel = w.matchLength;
+        var t;
+        do {
+            if(newLevel > currLevel)
+                {
+                for(t=currLevel; t<newLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+                }
+            else if(newLevel < currLevel)
+                {
+                for(t=currLevel; t>newLevel; t--)
+                    placeStack.pop();
+                }
+            currLevel = newLevel;
+            w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+            createTiddlyElement(placeStack[placeStack.length-1],"br");
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+            if(matched)
+                {
+                newLevel = lookaheadMatch[0].length;
+                w.nextMatch += lookaheadMatch[0].length;
+                }
+        } while(matched);
+    }
+},
+
+{
+    name: "rule",
+    match: "^----+$\\n?",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"hr");
+    }
+},
+
+{
+    name: "monospacedByLine",
+    match: "^\\{\\{\\{\\n",
+    lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForCSS",
+    match: "^/\\*[\\{]{3}\\*/\\n",
+    lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForPlugin",
+    match: "^//\\{\\{\\{\\n",
+    lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForTemplate",
+    match: "^<!--[\\{]{3}-->\\n",
+    lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "wikifyCommentForPlugin",
+    match: "^/\\*\\*\\*\\n",
+    termRegExp: /(^\*\*\*\/\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "wikifyCommentForTemplate",
+    match: "^<!---\\n",
+    termRegExp: /(^--->\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "macro",
+    match: "<<",
+    lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+            {
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+            }
+    }
+},
+
+{
+    name: "prettyLink",
+    match: "\\[\\[",
+    lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var e;
+            var text = lookaheadMatch[1];
+            if(lookaheadMatch[3])
+                {
+                // Pretty bracketted link
+                var link = lookaheadMatch[3];
+                e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+                        ? createExternalLink(w.output,link)
+                        : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                }
+            else
+                {
+                // Simple bracketted link
+                e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+                }
+            createTiddlyText(e,text);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "unWikiLink",
+    match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        w.outputText(w.output,w.matchStart+1,w.nextMatch);
+    }
+},
+
+{
+    name: "wikiLink",
+    match: config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        if(w.matchStart > 0)
+            {
+            var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+            preRegExp.lastIndex = w.matchStart-1;
+            var preMatch = preRegExp.exec(w.source);
+            if(preMatch.index == w.matchStart-1)
+                {
+                w.outputText(w.output,w.matchStart,w.nextMatch);
+                return;
+                }
+            }
+        if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+            {
+            var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+            w.outputText(link,w.matchStart,w.nextMatch);
+            }
+        else
+            {
+            w.outputText(w.output,w.matchStart,w.nextMatch);
+            }
+    }
+},
+
+{
+    name: "urlLink",
+    match: config.textPrimitives.urlPattern,
+    handler: function(w)
+    {
+        w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+    }
+},
+
+{
+    name: "image",
+    match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+    lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+            {
+            var e = w.output;
+            if(lookaheadMatch[5])
+                {
+                var link = lookaheadMatch[5];
+                e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                addClass(e,"imageLink");
+                }
+            var img = createTiddlyElement(e,"img");
+            if(lookaheadMatch[1])
+                img.align = "left";
+            else if(lookaheadMatch[2])
+                img.align = "right";
+            if(lookaheadMatch[3])
+                img.title = lookaheadMatch[3];
+            img.src = lookaheadMatch[4];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "html",
+    match: "<[Hh][Tt][Mm][Ll]>",
+    lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "commentByBlock",
+    match: "/%",
+    lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+    }
+},
+
+{
+    name: "boldByChar",
+    match: "''",
+    termRegExp: /('')/mg,
+    element: "strong",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "italicByChar",
+    match: "//",
+    termRegExp: /(\/\/)/mg,
+    element: "em",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "underlineByChar",
+    match: "__",
+    termRegExp: /(__)/mg,
+    element: "u",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "strikeByChar",
+    match: "--(?!\\s|$)",
+    termRegExp: /((?!\s)--|(?=\n\n))/mg,
+    element: "strike",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "superscriptByChar",
+    match: "\\^\\^",
+    termRegExp: /(\^\^)/mg,
+    element: "sup",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "subscriptByChar",
+    match: "~~",
+    termRegExp: /(~~)/mg,
+    element: "sub",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "monospacedByChar",
+    match: "\\{\\{\\{",
+    lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "styleByChar",
+    match: "@@",
+    termRegExp: /(@@)/mg,
+    handler:  function(w)
+    {
+        var e = createTiddlyElement(w.output,"span");
+        var styles = config.formatterHelpers.inlineCssHelper(w);
+        if(styles.length == 0)
+            e.className = "marked";
+        else
+            config.formatterHelpers.applyCssHelper(e,styles);
+        w.subWikifyTerm(e,this.termRegExp);
+    }
+},
+
+{
+    name: "lineBreak",
+    match: "\\n|<br ?/?>",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"br");
+    }
+},
+
+{
+    name: "rawText",
+    match: "\\\"{3}|<nowiki>",
+    lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "mdash",
+    match: "--",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+        }
+},
+
+{
+    name: "htmlEntitiesEncoding",
+    match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+        }
+},
+
+{
+    name: "customClasses",
+    match: "\\{\\{",
+    termRegExp: /(\}\}\})/mg,
+    lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch)
+            {
+            var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            w.subWikifyTerm(e,this.termRegExp);
+            }
+    }
+}
+
+];
+
+// ---------------------------------------------------------------------------------
+// Wikifier
+// ---------------------------------------------------------------------------------
+
+function getParser(tiddler)
+{
+    var f = formatter;
+    if(tiddler!=null)
+        {
+        for(var i in config.parsers)
+            {
+            if(tiddler.isTagged(config.parsers[i].formatTag))
+                {
+                f = config.parsers[i];
+                break;
+                }
+            }
+        }
+    return f;
+}
+
+function wikify(source,output,highlightRegExp,tiddler)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.subWikifyUnterm(output);
+        }
+}
+
+function wikifyStatic(source,highlightRegExp,tiddler)
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    var html = "";
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.isStatic = true;
+        wikifier.subWikifyUnterm(e);
+        html = e.innerHTML;
+        e.parentNode.removeChild(e);
+        }
+    return html;
+}
+
+// Wikify a named tiddler to plain text
+function wikifyPlain(title)
+{
+    if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+        {
+        var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+        return wikifier.wikifyPlain();
+        }
+    else
+        return "";
+}
+
+// Highlight plain text into an element
+function highlightify(source,output,highlightRegExp)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,formatter,highlightRegExp);
+        wikifier.outputText(output,0,source.length);
+        }
+}
+
+// Construct a wikifier object
+// source - source string that's going to be wikified
+// formatter - Formatter() object containing the list of formatters to be used
+// highlightRegExp - regular expression of the text string to highlight
+// tiddler - reference to the tiddler that's taken to be the container for this wikification
+function Wikifier(source,formatter,highlightRegExp,tiddler)
+{
+    this.source = source;
+    this.output = null;
+    this.formatter = formatter;
+    this.nextMatch = 0;
+    this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+    this.highlightRegExp = highlightRegExp;
+    this.highlightMatch = null;
+    this.isStatic = false;
+    if(highlightRegExp)
+        {
+        highlightRegExp.lastIndex = 0;
+        this.highlightMatch = highlightRegExp.exec(source);
+        }
+    this.tiddler = tiddler;
+}
+
+Wikifier.prototype.wikifyPlain = function()
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    this.subWikify(e);
+    var text = getPlainText(e);
+    e.parentNode.removeChild(e);
+    return text;
+}
+
+Wikifier.prototype.subWikify = function(output,terminator)
+{
+    // Handle the terminated and unterminated cases separately
+    if (terminator)
+        this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+    else
+        this.subWikifyUnterm(output);
+}
+
+Wikifier.prototype.subWikifyUnterm = function(output)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first match
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+    while(formatterMatch)
+        {
+        // Output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters for the handler
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first matches for the formatter and terminator RegExps
+    terminatorRegExp.lastIndex = this.nextMatch;
+    var terminatorMatch = terminatorRegExp.exec(this.source);
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+    while(terminatorMatch || formatterMatch)
+        {
+        // Check for a terminator match  before the next formatter match
+        if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+            {
+            // Output any text before the match
+            if(terminatorMatch.index > this.nextMatch)
+                this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+            // Set the match parameters
+            this.matchText = terminatorMatch[1];
+            this.matchLength = terminatorMatch[1].length;
+            this.matchStart = terminatorMatch.index;
+            this.nextMatch = this.matchStart + this.matchLength;
+            // Restore the output pointer
+            this.output = oldOutput;
+            return;
+            }
+        // It must be a formatter match; output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        terminatorRegExp.lastIndex = this.nextMatch;
+        terminatorMatch = terminatorRegExp.exec(this.source);
+        formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.outputText = function(place,startPos,endPos)
+{
+    // Check for highlights
+    while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+        {
+        // Deal with any plain text before the highlight
+        if(this.highlightMatch.index > startPos)
+            {
+            createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+            startPos = this.highlightMatch.index;
+            }
+        // Deal with the highlight
+        var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+        var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+        startPos = highlightEnd;
+        // Nudge along to the next highlight if we're done with this one
+        if(startPos >= this.highlightRegExp.lastIndex)
+            this.highlightMatch = this.highlightRegExp.exec(this.source);
+        }
+    // Do the unhighlighted text left over
+    if(startPos < endPos)
+        {
+        createTiddlyText(place,this.source.substring(startPos,endPos));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Macro definitions
+// ---------------------------------------------------------------------------------
+
+config.macros.today.handler = function(place,macroName,params)
+{
+    var now = new Date();
+    var text;
+    if(params[0])
+        text = now.formatString(params[0].trim());
+    else
+        text = now.toLocaleString();
+    createTiddlyElement(place,"span",null,null,text);
+}
+
+config.macros.version.handler = function(place)
+{
+    createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+}
+
+config.macros.list.handler = function(place,macroName,params)
+{
+    var type = params[0] ? params[0] : "all";
+    var theList = document.createElement("ul");
+    place.appendChild(theList);
+    if(this[type].prompt)
+        createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+    var results;
+    if(this[type].handler)
+        results = this[type].handler(params);
+    for(var t = 0; t < results.length; t++)
+        {
+        var theListItem = document.createElement("li")
+        theList.appendChild(theListItem);
+        if(typeof results[t] == "string")
+            createTiddlyLink(theListItem,results[t],true);
+        else
+            createTiddlyLink(theListItem,results[t].title,true);
+        }
+}
+
+config.macros.list.all.handler = function(params)
+{
+    return store.reverseLookup("tags","excludeLists",false,"title");
+}
+
+config.macros.list.missing.handler = function(params)
+{
+    return store.getMissingLinks();
+}
+
+config.macros.list.orphans.handler = function(params)
+{
+    return store.getOrphans();
+}
+
+config.macros.list.shadowed.handler = function(params)
+{
+    return store.getShadowed();
+}
+
+config.macros.allTags.handler = function(place,macroName,params)
+{
+    var tags = store.getTags();
+    var theDateList = createTiddlyElement(place,"ul");
+    if(tags.length == 0)
+        createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theListItem =createTiddlyElement(theDateList,"li");
+        var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+        theTag.setAttribute("tag",tags[t][0]);
+        }
+}
+
+config.macros.timeline.handler = function(place,macroName,params)
+{
+    var field = params[0] ? params[0] : "modified";
+    var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+    var lastDay = "";
+    var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+    for(var t=tiddlers.length-1; t>=last; t--)
+        {
+        var tiddler = tiddlers[t];
+        var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+        if(theDay != lastDay)
+            {
+            var theDateList = document.createElement("ul");
+            place.appendChild(theDateList);
+            createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+            lastDay = theDay;
+            }
+        var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+        theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+        }
+}
+
+config.macros.search.handler = function(place,macroName,params)
+{
+    var searchTimeout = null;
+    var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+    if(params[0])
+        txt.value = params[0];
+    txt.onkeyup = this.onKeyPress;
+    txt.onfocus = this.onFocus;
+    txt.setAttribute("size",this.sizeTextbox);
+    txt.setAttribute("accessKey",this.accessKey);
+    txt.setAttribute("autocomplete","off");
+    txt.setAttribute("lastSearchText","");
+    if(config.browser.isSafari)
+        {
+        txt.setAttribute("type","search");
+        txt.setAttribute("results","5");
+        }
+    else
+        txt.setAttribute("type","text");
+}
+
+// Global because there's only ever one outstanding incremental search timer
+config.macros.search.timeout = null;
+
+config.macros.search.doSearch = function(txt)
+{
+    if(txt.value.length > 0)
+        {
+        story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+        txt.setAttribute("lastSearchText",txt.value);
+        }
+}
+
+config.macros.search.onClick = function(e)
+{
+    config.macros.search.doSearch(this.nextSibling);
+    return false;
+}
+
+config.macros.search.onKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    switch(e.keyCode)
+        {
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+            config.macros.search.doSearch(this);
+            break;
+        case 27: // Escape
+            this.value = "";
+            clearMessage();
+            break;
+        }
+    if(this.value.length > 2)
+        {
+        if(this.value != this.getAttribute("lastSearchText"))
+            {
+            if(config.macros.search.timeout)
+                clearTimeout(config.macros.search.timeout);
+            var txt = this;
+            config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+            }
+        }
+    else
+        {
+        if(config.macros.search.timeout)
+            clearTimeout(config.macros.search.timeout);
+        }
+}
+
+config.macros.search.onFocus = function(e)
+{
+    this.select();
+}
+
+config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("name",null,true,false,true);
+    var names = params[0]["name"];
+    var tiddlerName = names[0];
+    var className = names[1] ? names[1] : null;
+    var args = params[0]["with"];
+    var wrapper = createTiddlyElement(place,"span",null,className);
+    if(!args)
+        {
+        wrapper.setAttribute("refresh","content");
+        wrapper.setAttribute("tiddler",tiddlerName);
+        }
+    var text = store.getTiddlerText(tiddlerName);
+    if(text)
+        {
+        var stack = config.macros.tiddler.tiddlerStack;
+        if(stack.indexOf(tiddlerName) !== -1)
+            return;
+        stack.push(tiddlerName);
+        try
+            {
+            var n = args ? Math.min(args.length,9) : 0;
+            for(var i=0; i<n; i++)
+                {
+                var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+                text = text.replace(placeholderRE,args[i]);
+                }
+            config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+            }
+        finally
+            {
+            stack.pop();
+            }
+        }
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params)
+{
+    wikify(text,place,null,store.getTiddler(tiddlerName));
+}
+
+config.macros.tiddler.tiddlerStack = [];
+
+config.macros.tag.handler = function(place,macroName,params)
+{
+    createTagButton(place,params[0]);
+}
+
+config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title && store.tiddlerExists(title))
+        tiddler = store.getTiddler(title);
+    var sep = getParam(params,"sep"," ");
+    var lingo = config.views.wikified.tag;
+    var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+    for(var t=0; t<tiddler.tags.length; t++)
+        {
+        createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+        if(t<tiddler.tags.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title == "" && tiddler instanceof Tiddler)
+        title = tiddler.title;
+    var sep = getParam(params,"sep"," ");
+    theList.setAttribute("title",this.tooltip.format([title]));
+    var tagged = store.getTaggedTiddlers(title);
+    var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+    for(var t=0; t<tagged.length; t++)
+        {
+        createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+        if(t<tagged.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.closeAll.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.closeAll.onClick = function(e)
+{
+    story.closeAllTiddlers();
+    return false;
+}
+
+config.macros.permaview.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.permaview.onClick = function(e)
+{
+    story.permaView();
+    return false;
+}
+
+config.macros.saveChanges.handler = function(place)
+{
+    if(!readOnly)
+        createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+}
+
+config.macros.saveChanges.onClick = function(e)
+{
+    saveChanges();
+    return false;
+}
+
+config.macros.slider.onClickSlider = function(e)
+{
+    if(!e) var e = window.event;
+    var n = this.nextSibling;
+    var cookie = n.getAttribute("cookie");
+    var isOpen = n.style.display != "none";
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+    else
+        n.style.display = isOpen ? "none" : "block";
+    config.options[cookie] = !isOpen;
+    saveOptionCookie(cookie);
+    return false;
+}
+
+config.macros.slider.createSlider = function(place,cookie,title,tooltip)
+{
+    var cookie = cookie ? cookie : "";
+    var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+    var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+    panel.setAttribute("cookie",cookie);
+    panel.style.display = config.options[cookie] ? "block" : "none";
+    place.appendChild(panel);
+    return panel;
+}
+
+config.macros.slider.handler = function(place,macroName,params)
+{
+    var panel = this.createSlider(place,params[0],params[2],params[3]);
+    var text = store.getTiddlerText(params[1]);
+    panel.setAttribute("refresh", "content");
+    panel.setAttribute("tiddler", params[1]);
+    if(text)
+        wikify(text,panel,null,store.getTiddler(params[1]));
+}
+
+config.macros.option.onChangeOption = function(e)
+{
+    var opt = this.getAttribute("option");
+    var elementType,valueField;
+    if(opt)
+        {
+        switch(opt.substr(0,3))
+            {
+            case "txt":
+                elementType = "input";
+                valueField = "value";
+                break;
+            case "chk":
+                elementType = "input";
+                valueField = "checked";
+                break;
+            }
+        config.options[opt] = this[valueField];
+        saveOptionCookie(opt);
+        var nodes = document.getElementsByTagName(elementType);
+        for(var t=0; t<nodes.length; t++)
+            {
+            var optNode = nodes[t].getAttribute("option");
+            if(opt == optNode)
+                nodes[t][valueField] = this[valueField];
+            }
+        }
+    return(true);
+}
+
+config.macros.option.handler = function(place,macroName,params)
+{
+    var opt = params[0];
+    if(config.options[opt] == undefined)
+        return;
+    var c;
+    switch(opt.substr(0,3))
+        {
+        case "txt":
+            c = document.createElement("input");
+            c.onkeyup = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "txtOptionInput";
+            place.appendChild(c);
+            c.value = config.options[opt];
+            break;
+        case "chk":
+            c = document.createElement("input");
+            c.setAttribute("type","checkbox");
+            c.onclick = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "chkOptionInput";
+            place.appendChild(c);
+            c.checked = config.options[opt];
+            break;
+        }
+}
+
+
+
+config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
+{
+    var tags = [];
+    for(var t=1; t<params.length; t++)
+        if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+            tags.push(params[t].value);
+    label = getParam(params,"label",label);
+    prompt = getParam(params,"prompt",prompt);
+    accessKey = getParam(params,"accessKey",accessKey);
+    newFocus = getParam(params,"focus",newFocus);
+    var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+    btn.setAttribute("newTitle",title);
+    btn.setAttribute("isJournal",isJournal);
+    btn.setAttribute("params",tags.join("|"));
+    btn.setAttribute("newFocus",newFocus);
+    btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+    var text = getParam(params,"text");
+    if(text !== undefined)
+        btn.setAttribute("newText",text);
+    return btn;
+}
+
+config.macros.newTiddler.onClickNewTiddler = function()
+{
+    var title = this.getAttribute("newTitle");
+    if(this.getAttribute("isJournal"))
+        {
+        var now = new Date();
+        title = now.formatString(title.trim());
+        }
+    var params = this.getAttribute("params").split("|");
+    var focus = this.getAttribute("newFocus");
+    var template = this.getAttribute("newTemplate");
+    story.displayTiddler(null,title,template);
+    var text = this.getAttribute("newText");
+    if(typeof text == "string")
+        story.getTiddlerField(title,"text").value = text.format([title]);
+    for(var t=0;t<params.length;t++)
+        story.setTiddlerTag(title,params[t],+1);
+    story.focusTiddler(title,focus);
+    return false;
+}
+
+config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+        title = getParam(params,"title",title);
+        this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+        }
+}
+
+config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+        title = getParam(params,"title",title);
+        config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+        }
+}
+
+config.macros.sparkline.handler = function(place,macroName,params)
+{
+    var data = [];
+    var min = 0;
+    var max = 0;
+    for(var t=0; t<params.length; t++)
+        {
+        var v = parseInt(params[t]);
+        if(v < min)
+            min = v;
+        if(v > max)
+            max = v;
+        data.push(v);
+        }
+    if(data.length < 1)
+        return;
+    var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+    box.title = data.join(",");
+    var w = box.offsetWidth;
+    var h = box.offsetHeight;
+    box.style.paddingRight = (data.length * 2 - w) + "px";
+    box.style.position = "relative";
+    for(var d=0; d<data.length; d++)
+        {
+        var tick = document.createElement("img");
+        tick.border = 0;
+        tick.className = "sparktick";
+        tick.style.position = "absolute";
+        tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+        tick.style.left = d*2 + "px";
+        tick.style.width = "2px";
+        var v = Math.floor(((data[d] - min)/(max-min)) * h);
+        tick.style.top = (h-v) + "px";
+        tick.style.height = v + "px";
+        box.appendChild(tick);
+        }
+}
+
+config.macros.tabs.handler = function(place,macroName,params)
+{
+    var cookie = params[0];
+    var numTabs = (params.length-1)/3;
+    var wrapper = createTiddlyElement(null,"div",null,cookie);
+    var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+    tabset.setAttribute("cookie",cookie);
+    var validTab = false;
+    for(var t=0; t<numTabs; t++)
+        {
+        var label = params[t*3+1];
+        var prompt = params[t*3+2];
+        var content = params[t*3+3];
+        var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+        tab.setAttribute("tab",label);
+        tab.setAttribute("content",content);
+        tab.title = prompt;
+        if(config.options[cookie] == label)
+            validTab = true;
+        }
+    if(!validTab)
+        config.options[cookie] = params[1];
+    place.appendChild(wrapper);
+    this.switchTab(tabset,config.options[cookie]);
+}
+
+config.macros.tabs.onClickTab = function(e)
+{
+    config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+    return false;
+}
+
+config.macros.tabs.switchTab = function(tabset,tab)
+{
+    var cookie = tabset.getAttribute("cookie");
+    var theTab = null
+    var nodes = tabset.childNodes;
+    for(var t=0; t<nodes.length; t++)
+        if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+            {
+            theTab = nodes[t];
+            theTab.className = "tab tabSelected";
+            }
+        else
+            nodes[t].className = "tab tabUnselected"
+    if(theTab)
+        {
+        if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+            tabset.parentNode.removeChild(tabset.nextSibling);
+        var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+        tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+        var contentTitle = theTab.getAttribute("content");
+        wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+        if(cookie)
+            {
+            config.options[cookie] = tab;
+            saveOptionCookie(cookie);
+            }
+        }
+}
+
+// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
+config.macros.gradient.handler = function(place,macroName,params,wikifier)
+{
+    var terminator = ">>";
+    var panel;
+    if(wikifier)
+        panel = createTiddlyElement(place,"div",null,"gradient");
+    else
+        panel = place;
+    panel.style.position = "relative";
+    panel.style.overflow = "hidden";
+    panel.style.zIndex = "0";
+    var t;
+    if(wikifier)
+        {
+        var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+        config.formatterHelpers.applyCssHelper(panel,styles);
+        }
+    var colours = [];
+    for(t=1; t<params.length; t++)
+        {
+        var c = new RGB(params[t]);
+        if(c)
+            colours.push(c);
+        }
+    drawGradient(panel,params[0] != "vert",colours);
+    if(wikifier)
+        wikifier.subWikify(panel,terminator);
+    if(document.all)
+        {
+        panel.style.height = "100%";
+        panel.style.width = "100%";
+        }
+}
+
+config.macros.message.handler = function(place,macroName,params)
+{
+    if(params[0])
+        {
+        var m = config;
+        var p = params[0].split(".");
+        for(var t=0; t<p.length; t++)
+            {
+            if(p[t] in m)
+                m = m[p[t]];
+            else
+                break;
+            }
+        createTiddlyText(place,m.toString().format(params.splice(1)));
+        }
+}
+
+config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if((tiddler instanceof Tiddler) && params[0])
+        {
+        var value = store.getValue(tiddler,params[0]);
+        if(value != undefined)
+            switch(params[1])
+                {
+                case undefined:
+                    highlightify(value,place,highlightHack);
+                    break;
+                case "link":
+                    createTiddlyLink(place,value,true);
+                    break;
+                case "wikified":
+                    wikify(value,place,highlightHack,tiddler);
+                    break;
+                case "date":
+                    value = Date.convertFromYYYYMMDDHHMM(value);
+                    if(params[2])
+                        createTiddlyText(place,value.formatString(params[2]));
+                    else
+                        createTiddlyText(place,value);
+                    break;
+                }
+        }
+}
+
+config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var field = params[0];
+    if((tiddler instanceof Tiddler) && field)
+        {
+        story.setDirty(tiddler.title,true);
+        if(field != "text")
+            {
+                var e = createTiddlyElement(null,"input");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                e.setAttribute("edit",field);
+                e.setAttribute("type","text");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                e.setAttribute("size","40");
+                e.setAttribute("autocomplete","off");
+                place.appendChild(e);
+            }
+        else
+            {
+                var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+                var wrapper2 = createTiddlyElement(wrapper1,"div");
+                var e = createTiddlyElement(wrapper2,"textarea");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                var rows = 10;
+                var lines = v.match(/\n/mg);
+                var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+                if(lines != null && lines.length > rows)
+                    rows = lines.length + 5;
+                rows = Math.min(rows,maxLines);
+                e.setAttribute("rows",rows);
+                e.setAttribute("edit",field);
+                place.appendChild(wrapper1);
+            }
+        }
+}
+
+config.macros.tagChooser.onClick = function(e)
+{
+    if(!e) var e = window.event;
+    var lingo = config.views.editor.tagChooser;
+    var popup = Popup.create(this);
+    var tags = store.getTags();
+    if(tags.length == 0)
+        createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+        theTag.setAttribute("tag",tags[t][0]);
+        theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if(e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+config.macros.tagChooser.onTagClick = function(e)
+{
+    if(!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(!readOnly)
+        story.setTiddlerTag(title,tag,0);
+    return(false);
+}
+
+config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(tiddler instanceof Tiddler)
+        {
+        var title = tiddler.title;
+        var lingo = config.views.editor.tagChooser;
+        var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+        btn.setAttribute("tiddler", title);
+        }
+}
+
+// Create a toolbar command button
+// place - parent DOM element
+// command - reference to config.commands[] member -or- name of member
+// tiddler - reference to tiddler that toolbar applies to
+// theClass - the class to give the button
+config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
+{
+    if(typeof commandName != "string")
+        {
+        var c = null;
+        for(var t in config.commands)
+            if(config.commands[t] == commandName)
+                c = t;
+        commandName = c;
+        }
+    if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+        {
+        var title = tiddler.title;
+        var command = config.commands[commandName];
+        var ro = tiddler.isReadOnly();
+        var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+        var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+        var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+        if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+            {
+            var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+            btn.setAttribute("commandName", commandName);
+            btn.setAttribute("tiddler", title);
+            if(theClass)
+                addClass(btn,theClass);
+            place.appendChild(btn);
+            }
+        }
+}
+
+config.macros.toolbar.onClickCommand = function(e)
+{
+    if(!e) var e = window.event;
+    var command = config.commands[this.getAttribute("commandName")];
+    return command.handler(e,this,this.getAttribute("tiddler"));
+}
+
+// Invoke the first command encountered from a given place that is tagged with a specified class
+config.macros.toolbar.invokeCommand = function(place,theClass,event)
+{
+    var children = place.getElementsByTagName("a")
+    for(var t=0; t<children.length; t++)
+        {
+        var c = children[t];
+        if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+            {
+            if(c.onclick instanceof Function)
+                c.onclick.call(c,event);
+            break;
+            }
+        }
+}
+
+config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    for(var t=0; t<params.length; t++)
+        {
+        var c = params[t];
+        var theClass = "";
+        switch(c.substr(0,1))
+            {
+            case "+":
+                theClass = "defaultCommand";
+                c = c.substr(1);
+                break;
+            case "-":
+                theClass = "cancelCommand";
+                c = c.substr(1);
+                break;
+            }
+        if(c in config.commands)
+            this.createCommand(place,c,tiddler,theClass);
+        }
+}
+
+config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var e = createTiddlyElement(place,"div");
+    e.setAttribute("refresh","macro");
+    e.setAttribute("macroName","plugins");
+    e.setAttribute("params",paramString);
+    this.refresh(e,paramString);
+}
+
+config.macros.plugins.refresh = function(place,params)
+{
+    var selectedRows = [];
+    ListView.forEachSelector(place,function(e,rowName) {
+            if(e.checked)
+                selectedRows.push(e.getAttribute("rowName"));
+        });
+    removeChildren(place);
+    params = params.parseParams("anon");
+    var plugins = installedPlugins.slice(0);
+    var t,tiddler,p;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    for(t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        if(plugins.findByField("title",tiddler.title) == null)
+            {
+            p = getPluginInfo(tiddler);
+            p.executed = false;
+            p.log.splice(0,0,this.skippedText);
+            plugins.push(p);
+            }
+        }
+    for(t=0; t<plugins.length; t++)
+        {
+        var p = plugins[t];
+        p.forced = p.tiddler.isTagged("systemConfigForce");
+        p.disabled = p.tiddler.isTagged("systemConfigDisable");
+        p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+        }
+    if(plugins.length == 0)
+        createTiddlyElement(place,"em",null,null,this.noPluginText);
+    else
+        ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+}
+
+config.macros.plugins.onSelectCommand = function(command,rowNames)
+{
+    var t;
+    switch(command)
+        {
+        case "remove":
+            for(t=0; t<rowNames.length; t++)
+                store.setTiddlerTag(rowNames[t],false,"systemConfig");
+            break;
+        case "delete":
+            if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+                {
+                for(t=0; t<rowNames.length; t++)
+                    {
+                    store.removeTiddler(rowNames[t]);
+                    story.closeTiddler(rowNames[t],true,false);
+                    }
+                }
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.refreshDisplay.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.refreshDisplay.onClick = function(e)
+{
+    refreshAll();
+    return false;
+}
+
+config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(readOnly)
+        {
+        createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+        return;
+        }
+    var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+    createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+    createTiddlyElement(importer,"h2",null,"step1",this.step1);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    createTiddlyText(step,this.step1prompt);
+    var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+    input.type = "text";
+    input.size = 50;
+    step.appendChild(input);
+    importer.inputBox = input;
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFile);
+    var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+    fileInput.type = "file";
+    fileInput.size = 50;
+    fileInput.onchange = this.onBrowseChange;
+    fileInput.onkeyup = this.onBrowseChange;
+    step.appendChild(fileInput);
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFeeds);
+    var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+    createTiddlyDropDown(step,this.onFeedChange,feeds);
+    createTiddlyElement(step,"br");
+    createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+        place.appendChild(importer);
+}
+
+config.macros.importTiddlers.getFeeds = function(feeds)
+{
+    var tagged = store.getTaggedTiddlers("contentPublisher","title");
+    for(var t=0; t<tagged.length; t++)
+        feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+    return feeds;
+}
+
+config.macros.importTiddlers.onFeedChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = this.value;
+    this.selectedIndex = 0;
+}
+
+config.macros.importTiddlers.onBrowseChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = "file://" + this.value;
+}
+
+config.macros.importTiddlers.onFetch = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    var url = importer.inputBox.value;
+    var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+    while(cutoff)
+        {
+        var temp = cutoff.nextSibling;
+        cutoff.parentNode.removeChild(cutoff);
+        cutoff = temp;
+        }
+    createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+    loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+}
+
+config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
+{
+    if(!status)
+        {
+        displayMessage(this.fetchError);
+        return;
+        }
+    var importer = params;
+    // Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//  var p = importer;
+//  while(p.parentNode)
+//      p = p.parentNode;
+//  if(!(p instanceof HTMLDocument))
+//      return;
+    // Crack out the content - (should be refactored)
+    var posOpeningDiv = responseText.indexOf(startSaveArea);
+    var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([url]));
+        return;
+        }
+    var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+    // Create the iframe
+    var iframe = document.createElement("iframe");
+    iframe.style.display = "none";
+    importer.insertBefore(iframe,importer.firstChild);
+    var doc = iframe.document;
+    if(iframe.contentDocument)
+        doc = iframe.contentDocument; // For NS6
+    else if(iframe.contentWindow)
+        doc = iframe.contentWindow.document; // For IE5.5 and IE6
+    // Put the content in the iframe
+    doc.open();
+    doc.writeln(content);
+    doc.close();
+    // Load the content into a TiddlyWiki() object
+    var storeArea = doc.getElementById("storeArea");
+    var importStore = new TiddlyWiki();
+    importStore.loadFromDiv(storeArea,"store");
+    // Get rid of the iframe
+    iframe.parentNode.removeChild(iframe);
+    // Extract data for the listview
+    var tiddlers = [];
+    importStore.forEachTiddler(function(title,tiddler)
+        {
+        var t = {};
+        t.title = title;
+        t.modified = tiddler.modified;
+        t.modifier = tiddler.modifier;
+        t.text = tiddler.text.substr(0,50);
+        t.tags = tiddler.tags;
+        tiddlers.push(t);
+        });
+    // Display the listview
+    createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+    // Save the importer
+    importer.store = importStore;
+}
+
+config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
+{
+    var importer = findRelated(listView,"importTiddler","className","parentNode");
+    switch(command)
+        {
+        case "import":
+            config.macros.importTiddlers.doImport(importer,rowNames);
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.importTiddlers.doImport = function(importer,rowNames)
+{
+    var theStore = importer.store;
+    var overwrite = new Array();
+    var t;
+    for(t=0; t<rowNames.length; t++)
+        {
+        if(store.tiddlerExists(rowNames[t]))
+            overwrite.push(rowNames[t]);
+    }
+    if(overwrite.length > 0)
+        if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+            return;
+    for(t=0; t<rowNames.length; t++)
+        {
+        var inbound = theStore.fetchTiddler(rowNames[t]);
+        store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+        store.fetchTiddler(inbound.title).created = inbound.created;
+        store.notify(rowNames[t],false);
+        }
+    store.notifyAll();
+    store.setDirty(true);
+    createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    for(t=0; t<rowNames.length; t++)
+        {
+        createTiddlyLink(step,rowNames[t],true);
+        createTiddlyElement(step,"br");
+        }
+    createTiddlyElement(importer,"h2",null,"step5",this.step5);
+}
+// ---------------------------------------------------------------------------------
+// Menu and toolbar commands
+// ---------------------------------------------------------------------------------
+
+config.commands.closeTiddler.handler = function(event,src,title)
+{
+    story.closeTiddler(title,true,event.shiftKey || event.altKey);
+    return false;
+}
+
+config.commands.closeOthers.handler = function(event,src,title)
+{
+    story.closeAllTiddlers(title);
+    return false;
+}
+
+config.commands.editTiddler.handler = function(event,src,title)
+{
+    clearMessage();
+    story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+    story.focusTiddler(title,"text");
+    return false;
+}
+
+config.commands.saveTiddler.handler = function(event,src,title)
+{
+    var newTitle = story.saveTiddler(title,event.shiftKey);
+    if(newTitle)
+       story.displayTiddler(null,newTitle);
+    return false;
+}
+
+config.commands.cancelTiddler.handler = function(event,src,title)
+{
+    if(story.hasChanges(title) && !readOnly)
+        if(!confirm(this.warning.format([title])))
+            return false;
+    story.setDirty(title,false);
+    story.displayTiddler(null,title);
+    return false;
+}
+
+config.commands.deleteTiddler.handler = function(event,src,title)
+{
+    var deleteIt = true;
+    if (config.options.chkConfirmDelete)
+        deleteIt = confirm(this.warning.format([title]));
+    if (deleteIt)
+        {
+        store.removeTiddler(title);
+        story.closeTiddler(title,true,event.shiftKey || event.altKey);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        }
+    return false;
+}
+
+config.commands.permalink.handler = function(event,src,title)
+{
+    var t = encodeURIComponent(String.encodeTiddlyLink(title));
+    if(window.location.hash != t)
+        window.location.hash = t;
+    return false;
+}
+
+config.commands.references.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        var references = store.getReferringTiddlers(title);
+        var c = false;
+        for(var r=0; r<references.length; r++)
+            if(references[r].title != title && !references[r].isTagged("excludeLists"))
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+                c = true;
+                }
+        if(!c)
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+config.commands.jump.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        story.forEachTiddler(function(title,element) {
+            createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+            });
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Tiddler() object
+// ---------------------------------------------------------------------------------
+
+function Tiddler()
+{
+    this.title = null;
+    this.text = null;
+    this.modifier = null;
+    this.modified = new Date();
+    this.created = new Date();
+    this.links = [];
+    this.linksUpdated = false;
+    this.tags = [];
+    return this;
+}
+
+Tiddler.prototype.getLinks = function()
+{
+    if(this.linksUpdated==false)
+        this.changed();
+    return this.links;
+}
+
+// Format the text for storage in an RSS item
+Tiddler.prototype.saveToRss = function(url)
+{
+    var s = [];
+    s.push("<item>");
+    s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+    s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+    for(var t=0; t<this.tags.length; t++)
+        s.push("<category>" + this.tags[t] + "</category>");
+    s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+    s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+    s.push("</item>");
+    return(s.join("\n"));
+}
+
+// Change the text and other attributes of a tiddler
+Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
+{
+    this.assign(title,text,modifier,modified,tags,created,fields);
+    this.changed();
+    return this;
+}
+
+// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
+Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
+{
+    if(title != undefined)
+        this.title = title;
+    if(text != undefined)
+        this.text = text;
+    if(modifier != undefined)
+        this.modifier = modifier;
+    if(modified != undefined)
+        this.modified = modified;
+    if(created != undefined)
+        this.created = created;
+    if(fields != undefined)
+        this.fields = fields;
+    if(tags != undefined)
+        this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+    else if(this.tags == undefined)
+        this.tags = [];
+    return this;
+}
+
+// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
+Tiddler.prototype.getTags = function()
+{
+    return String.encodeTiddlyLinkList(this.tags);
+}
+
+// Test if a tiddler carries a tag
+Tiddler.prototype.isTagged = function(tag)
+{
+    return this.tags.indexOf(tag) != -1;
+}
+
+// Static method to convert "\n" to newlines, "\s" to "\"
+Tiddler.unescapeLineBreaks = function(text)
+{
+    return text ? text.unescapeLineBreaks() : "";
+}
+
+// Convert newlines to "\n", "\" to "\s"
+Tiddler.prototype.escapeLineBreaks = function()
+{
+    return this.text.escapeLineBreaks();
+}
+
+// Updates the secondary information (like links[] array) after a change to a tiddler
+Tiddler.prototype.changed = function()
+{
+    this.links = [];
+    var t = this.autoLinkWikiWords() ? 0 : 1;
+    var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+    tiddlerLinkRegExp.lastIndex = 0;
+    var formatMatch = tiddlerLinkRegExp.exec(this.text);
+    while(formatMatch)
+        {
+        if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+            {
+            if(formatMatch.index > 0)
+                {
+                var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+                preRegExp.lastIndex = formatMatch.index-1;
+                var preMatch = preRegExp.exec(this.text);
+                if(preMatch.index != formatMatch.index-1)
+                    this.links.pushUnique(formatMatch[1]);
+                }
+            else
+                this.links.pushUnique(formatMatch[1]);
+            }
+        else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+            this.links.pushUnique(formatMatch[3-t]);
+        else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+            this.links.pushUnique(formatMatch[4-t]);
+        // Do not add link if match urlPattern (formatMatch[5-t])
+        formatMatch = tiddlerLinkRegExp.exec(this.text);
+        }
+    this.linksUpdated = true;
+    return;
+}
+
+Tiddler.prototype.getSubtitle = function()
+{
+    var theModifier = this.modifier;
+    if(!theModifier)
+        theModifier = config.messages.subtitleUnknown;
+    var theModified = this.modified;
+    if(theModified)
+        theModified = theModified.toLocaleString();
+    else
+        theModified = config.messages.subtitleUnknown;
+    return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+}
+
+Tiddler.prototype.isReadOnly = function()
+{
+    return readOnly;
+}
+
+Tiddler.prototype.autoLinkWikiWords = function()
+{
+    return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+}
+
+Tiddler.prototype.generateFingerprint = function()
+{
+    return "0x" + Crypto.hexSha1Str(this.text);
+}
+
+// ---------------------------------------------------------------------------------
+// TiddlyWiki() object contains Tiddler()s
+// ---------------------------------------------------------------------------------
+
+function TiddlyWiki()
+{
+    var tiddlers = {}; // Hashmap by name of tiddlers
+    this.tiddlersUpdated = false;
+    this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+    this.notificationLevel = 0;
+    this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+    this.clear = function() {
+        tiddlers = {};
+        this.setDirty(false);
+        };
+    this.fetchTiddler = function(title) {
+        return tiddlers[title];
+        };
+    this.deleteTiddler = function(title) {
+        delete this.slices[title];
+        delete tiddlers[title];
+        };
+    this.addTiddler = function(tiddler) {
+        delete this.slices[tiddler.title];
+        tiddlers[tiddler.title] = tiddler;
+        };
+    this.forEachTiddler = function(callback) {
+        for(var t in tiddlers)
+            {
+            var tiddler = tiddlers[t];
+            if(tiddler instanceof Tiddler)
+                callback.call(this,t,tiddler);
+            }
+        };
+}
+
+// Set the dirty flag
+TiddlyWiki.prototype.setDirty = function(dirty)
+{
+    this.dirty = dirty;
+}
+
+TiddlyWiki.prototype.isDirty = function()
+{
+    return this.dirty;
+}
+
+TiddlyWiki.prototype.suspendNotifications = function()
+{
+    this.notificationLevel--;
+}
+
+TiddlyWiki.prototype.resumeNotifications = function()
+{
+    this.notificationLevel++;
+}
+
+// Invoke the notification handlers for a particular tiddler
+TiddlyWiki.prototype.notify = function(title,doBlanket)
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if((n.name == null && doBlanket) || (n.name == title))
+                n.notify(title);
+            }
+}
+
+// Invoke the notification handlers for all tiddlers
+TiddlyWiki.prototype.notifyAll = function()
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if(n.name)
+                n.notify(n.name);
+            }
+}
+
+// Add a notification handler to a tiddler
+TiddlyWiki.prototype.addNotification = function(title,fn)
+{
+    for (var i=0; i<this.namedNotifications.length; i++)
+        if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+            return this;
+    this.namedNotifications.push({name: title, notify: fn});
+    return this;
+}
+
+TiddlyWiki.prototype.removeTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        this.deleteTiddler(title);
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.tiddlerExists = function(title)
+{
+    var t = this.fetchTiddler(title);
+    return (t != undefined);
+}
+
+TiddlyWiki.prototype.isShadowTiddler = function(title)
+{
+    return typeof config.shadowTiddlers[title] == "string";
+}
+
+TiddlyWiki.prototype.getTiddler = function(title)
+{
+    var t = this.fetchTiddler(title);
+    if(t != undefined)
+        return t;
+    else
+        return null;
+}
+
+TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        return tiddler.text;
+    if(!title)
+        return defaultText;
+    var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+    if(pos != -1)
+        {
+        var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+        if(slice)
+            return slice;
+        }
+    if(this.isShadowTiddler(title))
+        return config.shadowTiddlers[title];
+    if(defaultText != undefined)
+        return defaultText;
+    return null;
+}
+
+TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
+
+// @internal
+TiddlyWiki.prototype.calcAllSlices = function(title)
+{
+    var slices = {};
+    var text = this.getTiddlerText(title,"");
+    this.slicesRE.lastIndex = 0;
+    do
+        {
+            var m = this.slicesRE.exec(text);
+            if (m)
+                {
+                    if (m[1])
+                        slices[m[1]] = m[2];
+                    else
+                        slices[m[3]] = m[4];
+                }
+        }
+    while(m);
+    return slices;
+}
+
+// Returns the slice of text of the given name
+//#
+//# A text slice is a substring in the tiddler's text that is defined
+//# either like this
+//#    aName:  textSlice
+//# or
+//#    |aName:| textSlice |
+//# or
+//#    |aName| textSlice |
+//#
+//# In the text the name (or name:) may be decorated with '' or //. I.e.
+//# this would also a possible text slice:
+//#
+//#    |''aName:''| textSlice |
+//#
+//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
+//# @return [may be undefined] the (trimmed) text of the specified slice.
+TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
+{
+    var slices = this.slices[title];
+    if (!slices) {
+        slices = this.calcAllSlices(title);
+        this.slices[title] = slices;
+    }
+    return slices[sliceName];
+}
+
+// Build an hashmap of the specified named slices of a tiddler
+TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
+{
+    var r = {};
+    for(var t=0; t<sliceNames.length; t++)
+        {
+        var slice = this.getTiddlerSlice(title,sliceNames[t]);
+        if(slice)
+            r[sliceNames[t]] = slice;
+        }
+    return r;
+}
+
+TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
+{
+    var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+    var text = this.getTiddlerText(title,null);
+    if(text == null)
+        return defaultText;
+    var textOut = [];
+    var lastPos = 0;
+    do {
+        var match = bracketRegExp.exec(text);
+        if(match)
+            {
+            textOut.push(text.substr(lastPos,match.index-lastPos));
+            if(match[1])
+                {
+                if(depth <= 0)
+                    textOut.push(match[1]);
+                else
+                    textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+                }
+            lastPos = match.index + match[0].length;
+            }
+        else
+            textOut.push(text.substr(lastPos));
+    } while(match);
+    return(textOut.join(""));
+}
+
+TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        var t = tiddler.tags.indexOf(tag);
+        if(t != -1)
+            tiddler.tags.splice(t,1);
+        if(status)
+            tiddler.tags.push(tag);
+        tiddler.changed();
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
+{
+    var tiddler = this.fetchTiddler(title);
+    var created;
+    if(tiddler)
+        {
+        created = tiddler.created; // Preserve created date
+        this.deleteTiddler(title);
+        }
+    else
+        {
+        tiddler = new Tiddler();
+        created = modified;
+        }
+    tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+    this.addTiddler(tiddler);
+    if(title != newTitle)
+        this.notify(title,true);
+    this.notify(newTitle,true);
+    this.setDirty(true);
+    return tiddler;
+}
+
+TiddlyWiki.prototype.createTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(!tiddler)
+        {
+        tiddler = new Tiddler();
+        tiddler.title = title;
+        this.addTiddler(tiddler);
+        this.setDirty(true);
+        }
+    return tiddler;
+}
+
+// Load contents of a tiddlywiki from an HTML DIV
+TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
+{
+    this.idPrefix = idPrefix;
+    var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+    var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+    this.setDirty(false);
+    if(!noUpdate)
+        {
+        for(var i = 0;i<tiddlers.length; i++)
+            tiddlers[i].changed();
+        }
+}
+
+TiddlyWiki.prototype.updateTiddlers = function()
+{
+    this.tiddlersUpdated = true;
+    this.forEachTiddler(function(title,tiddler) {
+        tiddler.changed();
+        });
+}
+
+// Return all tiddlers formatted as an HTML string
+TiddlyWiki.prototype.allTiddlersAsHtml = function()
+{
+    return store.getSaver().externalize(store);
+}
+
+// Return an array of tiddlers matching a search regular expression
+TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
+{
+    var candidates = this.reverseLookup("tags",excludeTag,false);
+    var results = [];
+    for(var t=0; t<candidates.length; t++)
+        {
+        if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+            results.push(candidates[t]);
+        }
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
+TiddlyWiki.prototype.getTags = function()
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        for(var g=0; g<tiddler.tags.length; g++)
+            {
+            var tag = tiddler.tags[g];
+            var f = false;
+            for(var c=0; c<results.length; c++)
+                if(results[c][0] == tag)
+                    {
+                    f = true;
+                    results[c][1]++;
+                    }
+            if(!f)
+                results.push([tag,1]);
+            }
+        });
+    results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+    return results;
+}
+
+// Return an array of the tiddlers that are tagged with a given tag
+TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
+{
+    return this.reverseLookup("tags",tag,true,sortField);
+}
+
+// Return an array of the tiddlers that link to a given tiddler
+TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    return this.reverseLookup("links",title,true,sortField);
+}
+
+// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
+// lookupMatch == true to match tiddlers, false to exclude tiddlers
+TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        var f = !lookupMatch;
+        for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+            if(tiddler[lookupField][lookup] == lookupValue)
+                f = lookupMatch;
+        if(f)
+            results.push(tiddler);
+        });
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return the tiddlers as a sorted array
+TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+            results.push(tiddler);
+        });
+    if(field)
+        results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+    return results;
+}
+
+// Return array of names of tiddlers that are referred to but not defined
+TiddlyWiki.prototype.getMissingLinks = function(sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        for(var n=0; n<tiddler.links.length;n++)
+            {
+            var link = tiddler.links[n];
+            if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+                results.pushUnique(link);
+            }
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of tiddlers that are defined but not referred to
+TiddlyWiki.prototype.getOrphans = function()
+{
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+            results.push(title);
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of all the shadow tiddlers
+TiddlyWiki.prototype.getShadowed = function()
+{
+    var results = [];
+    for(var t in config.shadowTiddlers)
+        if(typeof config.shadowTiddlers[t] == "string")
+            results.push(t);
+    results.sort();
+    return results;
+}
+
+// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
+TiddlyWiki.prototype.resolveTiddler = function(tiddler)
+{
+    var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+    return t instanceof Tiddler ? t : null;
+}
+
+TiddlyWiki.prototype.getLoader = function()
+{
+    if (!this.loader)
+        this.loader = new TW21Loader();
+    return this.loader;
+}
+
+TiddlyWiki.prototype.getSaver = function()
+{
+    if (!this.saver)
+        this.saver = new TW21Saver();
+    return this.saver;
+}
+
+// Returns true if path is a valid field name (path),
+// i.e. a sequence of identifiers, separated by '.'
+TiddlyWiki.isValidFieldName = function (name) {
+    var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+    return match && (match[0] == name);
+}
+
+// Throws an exception when name is not a valid field name.
+TiddlyWiki.checkFieldName = function(name) {
+    if (!TiddlyWiki.isValidFieldName(name))
+        throw config.messages.invalidFieldName.format([name]);
+}
+
+function StringFieldAccess(n, readOnly) {
+    this.set = readOnly
+        ? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+        : function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+    this.get = function(t) {return t[n];};
+}
+
+function DateFieldAccess(n) {
+    this.set = function(t,v) {
+            var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v);
+            if (d != t[n]) {
+                t[n] = d; return true;
+            }
+        };
+    this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+}
+
+function LinksFieldAccess(n) {
+    this.set = function(t,v) {
+            var s = (typeof v == "string") ? v.readBracketedList() : v;
+            if (s.toString() != t[n].toString()) {
+                t[n] = s; return true;
+            }
+        };
+    this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+}
+
+TiddlyWiki.standardFieldAccess = {
+    // The set functions return true when setting the data has changed the value.
+
+    "title":    new StringFieldAccess("title", true),
+    // Handle the "tiddler" field name as the title
+    "tiddler":  new StringFieldAccess("title", true),
+
+    "text":     new StringFieldAccess("text"),
+    "modifier": new StringFieldAccess("modifier"),
+    "modified": new DateFieldAccess("modified"),
+    "created":  new DateFieldAccess("created"),
+    "tags":     new LinksFieldAccess("tags")
+};
+
+TiddlyWiki.isStandardField = function(name) {
+    return TiddlyWiki.standardFieldAccess[name] != undefined;
+}
+
+// Sets the value of the given field of the tiddler to the value.
+// Setting an ExtendedField's value to null or undefined removes the field.
+// Setting a namespace to undefined removes all fields of that namespace.
+// The fieldName is case-insensitive.
+// All values will be converted to a string value.
+TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
+    TiddlyWiki.checkFieldName(fieldName);
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return;
+
+    fieldName = fieldName.toLowerCase();
+
+    var isRemove = (value === undefined) || (value === null);
+
+    if (!t.fields)
+        t.fields = {};
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        if (isRemove)
+            // don't remove StandardFields
+            return;
+        var h = TiddlyWiki.standardFieldAccess[fieldName];
+        if (!h.set(t, value))
+            return;
+
+    } else {
+        var oldValue = t.fields[fieldName];
+
+        if (isRemove) {
+            if (oldValue !== undefined) {
+                // deletes a single field
+                delete t.fields[fieldName];
+            } else {
+                // no concrete value is defined for the fieldName
+                // so we guess this is a namespace path.
+
+                // delete all fields in a namespace
+                var re = new RegExp('^'+fieldName+'\\.');
+                var dirty = false;
+                for (var n in t.fields) {
+                    if (n.match(re)) {
+                        delete t.fields[n];
+                        dirty = true;
+                    }
+                }
+                if (!dirty)
+                    return
+            }
+
+        } else {
+            // the "normal" set case. value is defined (not null/undefined)
+            // For convenience provide a nicer conversion Date->String
+            value = value instanceof Date
+                ? value.convertToYYYYMMDDHHMMSSMMM()
+                : String(value);
+            if (oldValue == value)
+                return;
+            t.fields[fieldName] = value;
+        }
+    }
+
+    // When we are here the tiddler/store really was changed.
+    this.notify(t.title,true);
+    if (!fieldName.match(/^temp\./))
+        this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler.
+// The fieldName is case-insensitive.
+// Will only return String values (or undefined).
+TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    fieldName = fieldName.toLowerCase();
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        return accessor.get(t);
+    }
+
+    return t.fields ? t.fields[fieldName] : undefined;
+}
+
+// Calls the callback function for every field in the tiddler.
+//
+// When callback function returns a non-false value the iteration stops
+// and that value is returned.
+//
+// The order of the fields is not defined.
+//
+// @param callback a function(tiddler, fieldName, value).
+//
+TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    if (t.fields) {
+        for (var n in t.fields) {
+            var result = callback(t, n, t.fields[n]);
+            if (result)
+                return result;
+        }
+    }
+
+    if (onlyExtendedFields)
+        return undefined;
+
+    for (var n in TiddlyWiki.standardFieldAccess) {
+        if (n == "tiddler")
+            // even though the "title" field can also be referenced through the name "tiddler"
+            // we only visit this field once.
+            continue;
+
+        var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+        if (result)
+            return result;
+    }
+
+    return undefined;
+};
+// ---------------------------------------------------------------------------------
+// Story functions
+// ---------------------------------------------------------------------------------
+
+// A story is a HTML div containing a sequence of tiddlers that can be manipulated
+// container - id of containing element
+// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
+function Story(container,idPrefix)
+{
+    this.container = container;
+    this.idPrefix = idPrefix;
+    this.highlightRegExp = null;
+}
+
+// Iterate through all the tiddlers in a story
+// fn - callback function to be called for each tiddler. Arguments are:
+//      tiddler - reference to Tiddler object
+//      element - reference to tiddler display element
+Story.prototype.forEachTiddler = function(fn)
+{
+    var place = document.getElementById(this.container);
+    if(!place)
+        return;
+    var e = place.firstChild;
+    while(e)
+        {
+        var n = e.nextSibling;
+        var title = e.getAttribute("tiddler");
+        fn.call(this,title,e);
+        e = n;
+        }
+}
+
+// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
+// titles - array of string titles
+Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
+{
+    for(var t = titles.length-1;t>=0;t--)
+        this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+}
+
+// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
+// template, it is switched to the specified template
+// srcElement - reference to element from which this one is being opened -or-
+//              special positions "top", "bottom"
+// title - title of tiddler to display
+// template - the name of the tiddler containing the template -or-
+//            one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//            null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
+{
+    var place = document.getElementById(this.container);
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        this.refreshTiddler(title,template);
+    else
+        {
+        var before = this.positionTiddler(srcElement);
+        tiddlerElem = this.createTiddler(place,before,title,template);
+        }
+    if(srcElement && typeof srcElement !== "string")
+        {
+        if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+            anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+        else
+            window.scrollTo(0,ensureVisible(tiddlerElem));
+        }
+}
+
+// Figure out the appropriate position for a newly opened tiddler
+// srcElement - reference to the element containing the link to the tiddler -or-
+//              special positions "top", "bottom"
+// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
+Story.prototype.positionTiddler = function(srcElement)
+{
+    var place = document.getElementById(this.container);
+    var before;
+    if(typeof srcElement == "string")
+        {
+        switch(srcElement)
+            {
+            case "top":
+                before = place.firstChild;
+                break;
+            case "bottom":
+                before = null;
+                break;
+            }
+        }
+    else
+        {
+        var after = this.findContainingTiddler(srcElement);
+        if(after == null)
+            before = place.firstChild;
+        else if(after.nextSibling)
+            before = after.nextSibling;
+        else
+            before = null;
+        }
+    return before;
+}
+
+// Create a tiddler frame at the appropriate place in a story column
+// place - reference to parent element
+// before - null, or reference to element before which to insert new tiddler
+// title - title of new tiddler
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+Story.prototype.createTiddler = function(place,before,title,template)
+{
+    var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+    tiddlerElem.setAttribute("refresh","tiddler");
+    place.insertBefore(tiddlerElem,before);
+    this.refreshTiddler(title,template);
+    return tiddlerElem;
+}
+
+// Overridable for choosing the name of the template to apply for a tiddler
+Story.prototype.chooseTemplateForTiddler = function(title,template)
+{
+    if(!template)
+        template = DEFAULT_VIEW_TEMPLATE;
+    if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+        template = config.tiddlerTemplates[template];
+    return template;
+}
+
+// Overridable for extracting the text of a template from a tiddler
+Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
+{
+    return store.getRecursiveTiddlerText(template,null,10);
+}
+
+// Apply a template to an existing tiddler if it is not already displayed using that template
+// title - title of tiddler to update
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+// force - if true, forces the refresh even if the template hasn't changedd
+Story.prototype.refreshTiddler = function(title,template,force)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        {
+        if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+            return tiddlerElem;
+        template = this.chooseTemplateForTiddler(title,template);
+        var currTemplate = tiddlerElem.getAttribute("template");
+        if((template != currTemplate) || force)
+            {
+            var tiddler = store.getTiddler(title);
+            if(!tiddler)
+                {
+                tiddler = new Tiddler();
+                if(store.isShadowTiddler(title))
+                    tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+                else
+                    {
+                    var text = template=="EditTemplate"
+                                ? config.views.editor.defaultText.format([title])
+                                : config.views.wikified.defaultText.format([title]);
+                    tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+                    }
+                }
+            tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+            tiddlerElem.setAttribute("tiddler",title);
+            tiddlerElem.setAttribute("template",template);
+            var me = this;
+            tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+            tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+            tiddlerElem.ondblclick = this.onTiddlerDblClick;
+            tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+            var html = this.getTemplateForTiddler(title,template,tiddler);
+            tiddlerElem.innerHTML = html;
+            applyHtmlMacros(tiddlerElem,tiddler);
+            if(store.getTaggedTiddlers(title).length > 0)
+                addClass(tiddlerElem,"isTag");
+            else
+                removeClass(tiddlerElem,"isTag");
+            if(!store.tiddlerExists(title))
+                {
+                if(store.isShadowTiddler(title))
+                    addClass(tiddlerElem,"shadow");
+                else
+                    addClass(tiddlerElem,"missing");
+                }
+            else
+                {
+                removeClass(tiddlerElem,"shadow");
+                removeClass(tiddlerElem,"missing");
+                }
+            }
+        }
+    return tiddlerElem;
+}
+
+// Refresh all tiddlers in the Story
+Story.prototype.refreshAllTiddlers = function()
+{
+    var place = document.getElementById(this.container);
+    var e = place.firstChild;
+    if(!e)
+        return;
+    this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+    while((e = e.nextSibling) != null)
+        this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+}
+
+// Default tiddler onmouseover/out event handlers
+Story.prototype.onTiddlerMouseOver = function(e)
+{
+    if(window.addClass instanceof Function)
+        addClass(this,"selected");
+}
+
+Story.prototype.onTiddlerMouseOut = function(e)
+{
+    if(window.removeClass instanceof Function)
+        removeClass(this,"selected");
+}
+
+// Default tiddler ondblclick event handler
+Story.prototype.onTiddlerDblClick = function(e)
+{
+    if(!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+        {
+        if(document.selection && document.selection.empty)
+            document.selection.empty();
+        config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+        e.cancelBubble = true;
+        if (e.stopPropagation) e.stopPropagation();
+        return true;
+        }
+    else
+        return false;
+}
+
+Story.prototype.onTiddlerKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    clearMessage();
+    var consume = false;
+    var title = this.getAttribute("tiddler");
+    var target = resolveTarget(e);
+    switch(e.keyCode)
+        {
+        case 9: // Tab
+            if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+                {
+                replaceSelection(target,String.fromCharCode(9));
+                consume = true;
+                }
+            if(config.isOpera)
+                {
+                target.onblur = function()
+                    {
+                    this.focus();
+                    this.onblur = null;
+                    }
+                }
+            break;
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+        case 77: // Ctrl-Enter is "M" on some platforms
+            if(e.ctrlKey)
+                {
+                blurElement(this);
+                config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+                consume = true;
+                }
+            break;
+        case 27: // Escape
+            blurElement(this);
+            config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+            consume = true;
+            break;
+        }
+    e.cancelBubble = consume;
+    if(consume)
+        {
+        if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+        e.returnValue = true; // Cancel The Event in IE
+        if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+        }
+    return(!consume);
+};
+
+// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
+// or null if it found no edit field at all
+Story.prototype.getTiddlerField = function(title,field)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    var e = null;
+    if(tiddlerElem != null)
+        {
+        var children = tiddlerElem.getElementsByTagName("*");
+        for (var t=0; t<children.length; t++)
+            {
+            var c = children[t];
+            if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+                {
+                if(!e)
+                    e = c;
+                if(c.getAttribute("edit") == field)
+                    e = c;
+                }
+            }
+        }
+    return e;
+}
+
+// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
+Story.prototype.focusTiddler = function(title,field)
+{
+    var e = this.getTiddlerField(title,field);
+    if(e)
+        {
+        e.focus();
+        e.select();
+        }
+}
+
+// Ensures that a specified tiddler does not have the focus
+Story.prototype.blurTiddler = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+        {
+        tiddlerElem.focus();
+        tiddlerElem.blur();
+        }
+}
+
+// Adds a specified value to the edit controls (if any) of a particular
+// array-formatted field of a particular tiddler (eg "tags")
+//  title - name of tiddler
+//  tag - value of field, without any [[brackets]]
+//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
+//  field - name of field (eg "tags")
+Story.prototype.setTiddlerField = function(title,tag,mode,field)
+{
+    var c = story.getTiddlerField(title,field);
+
+    var tags = c.value.readBracketedList();
+    tags.setItem(tag,mode);
+    c.value = String.encodeTiddlyLinkList(tags);
+}
+
+// The same as setTiddlerField but preset to the "tags" field
+Story.prototype.setTiddlerTag = function(title,tag,mode)
+{
+    Story.prototype.setTiddlerField(title,tag,mode,"tags");
+}
+
+// Close a specified tiddler
+// title - name of tiddler to close
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.closeTiddler = function(title,animate,slowly)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        clearMessage();
+        this.scrubTiddler(tiddlerElem);
+        if(anim && config.options.chkAnimate && animate)
+            anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+        else
+            tiddlerElem.parentNode.removeChild(tiddlerElem);
+        }
+}
+
+// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
+// does not interfere with things
+// tiddler - reference to the tiddler element
+Story.prototype.scrubTiddler = function(tiddlerElem)
+{
+    tiddlerElem.id = null;
+}
+
+// Set the 'dirty' flag of a tiddler
+// title - title of tiddler to change
+// dirty - new boolean status of flag
+Story.prototype.setDirty = function(title,dirty)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+}
+
+// Is a particular tiddler dirty (with unsaved changes)?
+Story.prototype.isDirty = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        return tiddlerElem.getAttribute("dirty") == "true";
+    return null;
+}
+
+// Determine whether any open tiddler are dirty
+Story.prototype.areAnyDirty = function()
+{
+    var r = false;
+    this.forEachTiddler(function(title,element) {
+        if(this.isDirty(title))
+            r = true;
+        });
+    return r;
+}
+
+// Close all tiddlers in the story
+Story.prototype.closeAllTiddlers = function(exclude)
+{
+    clearMessage();
+    this.forEachTiddler(function(title,element) {
+        if((title != exclude) && element.getAttribute("dirty") != "true")
+            this.closeTiddler(title);
+        });
+    window.scrollTo(0,0);
+}
+
+// Check if there are any tiddlers in the story
+Story.prototype.isEmpty = function()
+{
+    var place = document.getElementById(this.container);
+    return(place && place.firstChild == null);
+}
+
+// Perform a search and display the result
+// text - text to search for
+// useCaseSensitive - true for case sensitive matching
+// useRegExp - true to interpret text as a RegExp
+Story.prototype.search = function(text,useCaseSensitive,useRegExp)
+{
+    this.closeAllTiddlers();
+    highlightHack = new RegExp(useRegExp ?   text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+    var matches = store.search(highlightHack,"title","excludeSearch");
+    var titles = [];
+    for(var t=matches.length-1; t>=0; t--)
+        titles.push(matches[t].title);
+    this.displayTiddlers(null,titles);
+    highlightHack = null;
+    var q = useRegExp ? "/" : "'";
+    if(matches.length > 0)
+        displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+    else
+        displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+}
+
+// Determine if the specified element is within a tiddler in this story
+// e - reference to an element
+// returns: reference to a tiddler element or null if none
+Story.prototype.findContainingTiddler = function(e)
+{
+    while(e && !hasClass(e,"tiddler"))
+        e = e.parentNode;
+    return(e);
+}
+
+// Gather any saveable fields from a tiddler element
+// e - reference to an element to scan recursively
+// fields - object to contain gathered field values
+Story.prototype.gatherSaveFields = function(e,fields)
+{
+    if(e && e.getAttribute)
+        {
+        var f = e.getAttribute("edit");
+        if(f)
+            fields[f] = e.value.replace(/\r/mg,"");;
+        if(e.hasChildNodes())
+            {
+            var c = e.childNodes;
+            for(var t=0; t<c.length; t++)
+                this.gatherSaveFields(c[t],fields)
+            }
+        }
+}
+
+// Determine whether a tiddler has any edit fields, and if so if their values have been changed
+// title - name of tiddler
+Story.prototype.hasChanges = function(title)
+{
+    var e = document.getElementById(this.idPrefix + title);
+    if(e != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(e,fields);
+        var tiddler = store.fetchTiddler(title);
+        if (!tiddler)
+            return false;
+        for(var n in fields)
+            if (store.getValue(title,n) != fields[n])
+                return true;
+        }
+    return false;
+}
+
+// Save any open edit fields of a tiddler and updates the display as necessary
+// title - name of tiddler
+// minorUpdate - true if the modified date shouldn't be updated
+// returns: title of saved tiddler, or null if not saved
+Story.prototype.saveTiddler = function(title,minorUpdate)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(tiddlerElem,fields);
+        var newTitle = fields.title ? fields.title : title;
+        if(store.tiddlerExists(newTitle) && newTitle != title)
+            {
+            if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+                this.closeTiddler(newTitle,false,false);
+            else
+                return null;
+            }
+        tiddlerElem.id = this.idPrefix + newTitle;
+        tiddlerElem.setAttribute("tiddler",newTitle);
+        tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+        tiddlerElem.setAttribute("dirty","false");
+        if(config.options.chkForceMinorUpdate)
+            minorUpdate = !minorUpdate;
+        var newDate = new Date();
+        store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+        for (var n in fields)
+            if (!TiddlyWiki.isStandardField(n))
+                store.setValue(newTitle,n,fields[n]);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        return newTitle;
+        }
+    return null;
+}
+
+Story.prototype.permaView = function()
+{
+    var links = [];
+    this.forEachTiddler(function(title,element) {
+        links.push(String.encodeTiddlyLink(title));
+        });
+    var t = encodeURIComponent(links.join(" "));
+    if(t == "")
+        t = "#";
+    if(window.location.hash != t)
+        window.location.hash = t;
+}
+
+// ---------------------------------------------------------------------------------
+// Message area
+// ---------------------------------------------------------------------------------
+
+function getMessageDiv()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(!msgArea)
+        return null;
+    if(!msgArea.hasChildNodes())
+        createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+            config.messages.messageClose.text,
+            config.messages.messageClose.tooltip,
+            clearMessage);
+    msgArea.style.display = "block";
+    return createTiddlyElement(msgArea,"div");
+}
+
+function displayMessage(text,linkText)
+{
+    var e = getMessageDiv();
+    if(!e)
+        {
+        alert(text);
+        return;
+        }
+    if(linkText)
+        {
+        var link = createTiddlyElement(e,"a",null,null,text);
+        link.href = linkText;
+        link.target = "_blank";
+        }
+    else
+        e.appendChild(document.createTextNode(text));
+}
+
+function clearMessage()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(msgArea)
+        {
+        removeChildren(msgArea);
+        msgArea.style.display = "none";
+        }
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Refresh mechanism
+// ---------------------------------------------------------------------------------
+
+config.refreshers = {
+    link: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddlyLink");
+        refreshTiddlyLink(e,title);
+        return true;
+        },
+
+    tiddler: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var template = e.getAttribute("template");
+        if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+            story.refreshTiddler(title,template,true);
+        else
+            refreshElements(e,changeList);
+        return true;
+        },
+
+    content: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var force = e.getAttribute("force");
+        if(force != null || changeList == null || changeList.indexOf(title) != -1)
+            {
+            removeChildren(e);
+            wikify(store.getTiddlerText(title,title),e);
+            return true;
+            }
+        else
+            return false;
+        },
+
+    macro: function(e,changeList)
+        {
+        var macro = e.getAttribute("macroName");
+        var params = e.getAttribute("params");
+        if(macro)
+            macro = config.macros[macro];
+        if(macro && macro.refresh)
+            macro.refresh(e,params);
+        return true;
+        }
+};
+
+function refreshElements(root,changeList)
+{
+    var nodes = root.childNodes;
+    for(var c=0; c<nodes.length; c++)
+        {
+        var e = nodes[c],type;
+        if(e.getAttribute)
+            type = e.getAttribute("refresh");
+        else
+            type = null;
+        var refresher = config.refreshers[type];
+        var refreshed = false;
+        if(refresher != undefined)
+            refreshed = refresher(e,changeList);
+        if(e.hasChildNodes() && !refreshed)
+            refreshElements(e,changeList);
+        }
+}
+
+function applyHtmlMacros(root,tiddler)
+{
+    var e = root.firstChild;
+    while(e)
+        {
+        var nextChild = e.nextSibling;
+        if(e.getAttribute)
+            {
+            var macro = e.getAttribute("macro");
+            if(macro)
+                {
+                var params = "";
+                var p = macro.indexOf(" ");
+                if(p != -1)
+                    {
+                    params = macro.substr(p+1);
+                    macro = macro.substr(0,p);
+                    }
+                invokeMacro(e,macro,params,null,tiddler);
+                }
+            }
+        if(e.hasChildNodes())
+            applyHtmlMacros(e,tiddler);
+        e = nextChild;
+        }
+}
+
+function refreshPageTemplate(title)
+{
+    var stash = createTiddlyElement(document.body,"div");
+    stash.style.display = "none";
+    var display = document.getElementById("tiddlerDisplay");
+    var nodes,t;
+    if(display)
+        {
+        nodes = display.childNodes;
+        for(t=nodes.length-1; t>=0; t--)
+            stash.appendChild(nodes[t]);
+        }
+    var wrapper = document.getElementById("contentWrapper");
+    if(!title)
+        title = "PageTemplate";
+    var html = store.getRecursiveTiddlerText(title,null,10);
+    wrapper.innerHTML = html;
+    applyHtmlMacros(wrapper);
+    refreshElements(wrapper);
+    display = document.getElementById("tiddlerDisplay");
+    removeChildren(display);
+    if(!display)
+        display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+    nodes = stash.childNodes;
+    for(t=nodes.length-1; t>=0; t--)
+        display.appendChild(nodes[t]);
+    stash.parentNode.removeChild(stash);
+}
+
+function refreshDisplay(hint)
+{
+    var e = document.getElementById("contentWrapper");
+    if(typeof hint == "string")
+        hint = [hint];
+    refreshElements(e,hint);
+}
+
+function refreshPageTitle()
+{
+    document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+}
+
+function refreshStyles(title)
+{
+    setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+}
+
+function refreshColorPalette(title)
+{
+    if(!startingUp)
+        refreshAll();
+}
+
+function refreshAll()
+{
+    refreshPageTemplate();
+    refreshDisplay();
+    refreshStyles("StyleSheetLayout");
+    refreshStyles("StyleSheetColors");
+    refreshStyles("StyleSheet");
+    refreshStyles("StyleSheetPrint");
+}
+
+// ---------------------------------------------------------------------------------
+// Options cookie stuff
+// ---------------------------------------------------------------------------------
+
+function loadOptionsCookie()
+{
+    if(safeMode)
+        return;
+    var cookies = document.cookie.split(";");
+    for(var c=0; c<cookies.length; c++)
+        {
+        var p = cookies[c].indexOf("=");
+        if(p != -1)
+            {
+            var name = cookies[c].substr(0,p).trim();
+            var value = cookies[c].substr(p+1).trim();
+            switch(name.substr(0,3))
+                {
+                case "txt":
+                    config.options[name] = unescape(value);
+                    break;
+                case "chk":
+                    config.options[name] = value == "true";
+                    break;
+                }
+            }
+        }
+}
+
+function saveOptionCookie(name)
+{
+    if(safeMode)
+        return;
+    var c = name + "=";
+    switch(name.substr(0,3))
+        {
+        case "txt":
+            c += escape(config.options[name].toString());
+            break;
+        case "chk":
+            c += config.options[name] ? "true" : "false";
+            break;
+        }
+    c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+    document.cookie = c;
+}
+
+// ---------------------------------------------------------------------------------
+// Saving
+// ---------------------------------------------------------------------------------
+
+var saveUsingSafari = false;
+
+var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
+var endSaveArea = '</d' + 'iv>';
+
+// If there are unsaved changes, force the user to confirm before exitting
+function confirmExit()
+{
+    hadConfirmExit = true;
+    if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+        return config.messages.confirmExit;
+}
+
+// Give the user a chance to save changes before exitting
+function checkUnsavedChanges()
+{
+    if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+        {
+        if(confirm(config.messages.unsavedChangesWarning))
+            saveChanges();
+        }
+}
+
+function updateMarkupBlock(s,blockName,tiddlerName)
+{
+    return s.replaceChunk(
+            "<!--%0-START-->".format([blockName]),
+            "<!--%0-END-->".format([blockName]),
+            "\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+}
+
+// Save this tiddlywiki with the pending changes
+function saveChanges(onlyIfDirty)
+{
+    if(onlyIfDirty && !store.isDirty())
+        return;
+    clearMessage();
+    // Get the URL of the document
+    var originalPath = document.location.toString();
+    // Check we were loaded from a file URL
+    if(originalPath.substr(0,5) != "file:")
+        {
+        alert(config.messages.notFileUrlError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    var localPath = getLocalPath(originalPath);
+    // Load the original file
+    var original = loadFile(localPath);
+    if(original == null)
+        {
+        alert(config.messages.cantSaveError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    // Locate the storeArea div's
+    var posOpeningDiv = original.indexOf(startSaveArea);
+    var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([localPath]));
+        return;
+        }
+    // Save the backup
+    if(config.options.chkSaveBackups)
+        {
+        var backupPath = getBackupPath(localPath);
+        var backup = saveFile(backupPath,original);
+        if(backup)
+            displayMessage(config.messages.backupSaved,"file://" + backupPath);
+        else
+            alert(config.messages.backupFailed);
+        }
+    // Save Rss
+    if(config.options.chkGenerateAnRssFeed)
+        {
+        var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+        var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+        if(rssSave)
+            displayMessage(config.messages.rssSaved,"file://" + rssPath);
+        else
+            alert(config.messages.rssFailed);
+        }
+    // Save empty template
+    if(config.options.chkSaveEmptyTemplate)
+        {
+        var emptyPath,p;
+        if((p = localPath.lastIndexOf("/")) != -1)
+            emptyPath = localPath.substr(0,p) + "/empty.html";
+        else if((p = localPath.lastIndexOf("\\")) != -1)
+            emptyPath = localPath.substr(0,p) + "\\empty.html";
+        else
+            emptyPath = localPath + ".empty.html";
+        var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+        var emptySave = saveFile(emptyPath,empty);
+        if(emptySave)
+            displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+        else
+            alert(config.messages.emptyFailed);
+        }
+    var save;
+    try
+        {
+        // Save new file
+        var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+                    convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+                    original.substr(posClosingDiv);
+        var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+        revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+        revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+        revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+        revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+        revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+        save = saveFile(localPath,revised);
+        }
+    catch (e)
+        {
+        showException(e);
+        }
+    if(save)
+        {
+        displayMessage(config.messages.mainSaved,"file://" + localPath);
+        store.setDirty(false);
+        }
+    else
+        alert(config.messages.mainFailed);
+}
+
+function getLocalPath(originalPath)
+{
+    // Remove any location or query part of the URL
+    var argPos = originalPath.indexOf("?");
+    if(argPos != -1)
+        originalPath = originalPath.substr(0,argPos);
+    var hashPos = originalPath.indexOf("#");
+    if(hashPos != -1)
+        originalPath = originalPath.substr(0,hashPos);
+    // Convert file://localhost/ to file:///
+    if(originalPath.indexOf("file://localhost/") == 0)
+        originalPath = "file://" + originalPath.substr(16);
+    // Convert to a native file format assuming
+    // "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+    // "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+    // "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+    // "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+    var localPath;
+    if(originalPath.charAt(9) == ":") // pc local file
+        localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(7));
+    else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(5));
+    else // pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+    return localPath;
+}
+
+function getBackupPath(localPath)
+{
+    var backSlash = true;
+    var dirPathPos = localPath.lastIndexOf("\\");
+    if(dirPathPos == -1)
+        {
+        dirPathPos = localPath.lastIndexOf("/");
+        backSlash = false;
+        }
+    var backupFolder = config.options.txtBackupFolder;
+    if(!backupFolder || backupFolder == "")
+        backupFolder = ".";
+    var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+    backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+    return backupPath;
+}
+
+function generateRss()
+{
+    var s = [];
+    var d = new Date();
+    var u = store.getTiddlerText("SiteUrl");
+    // Assemble the header
+    s.push("<" + "?xml version=\"1.0\"?" + ">");
+    s.push("<rss version=\"2.0\">");
+    s.push("<channel>");
+    s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+    if(u)
+        s.push("<link>" + u.htmlEncode() + "</link>");
+    s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+    s.push("<language>en-us</language>");
+    s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+    s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+    s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+    s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+    s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+    // The body
+    var tiddlers = store.getTiddlers("modified","excludeLists");
+    var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+    for (var t=tiddlers.length-1; t>=n; t--)
+        s.push(tiddlers[t].saveToRss(u));
+    // And footer
+    s.push("</channel>");
+    s.push("</rss>");
+    // Save it all
+    return s.join("\n");
+}
+
+
+// UTF-8 encoding rules:
+// 0x0000 - 0x007F: 0xxxxxxx
+// 0x0080 - 0x07FF: 110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF: 1110xxxx 10xxxxxx 10xxxxxx
+
+function convertUTF8ToUnicode(u)
+{
+    if(window.netscape == undefined)
+        return manualConvertUTF8ToUnicode(u);
+    else
+        return mozConvertUTF8ToUnicode(u);
+}
+
+function manualConvertUTF8ToUnicode(utf)
+{
+    var uni = utf;
+    var src = 0;
+    var dst = 0;
+    var b1, b2, b3;
+    var c;
+    while(src < utf.length)
+        {
+        b1 = utf.charCodeAt(src++);
+        if(b1 < 0x80)
+            dst++;
+        else if(b1 < 0xE0)
+            {
+            b2 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+        else
+            {
+            b2 = utf.charCodeAt(src++);
+            b3 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+    }
+    return(uni);
+}
+
+function mozConvertUTF8ToUnicode(u)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUTF8ToUnicode(u);
+        } // fallback
+    var s = converter.ConvertToUnicode(u);
+    var fin = converter.Finish();
+    return (fin.length > 0) ? s+fin : s;
+}
+
+function convertUnicodeToUTF8(s)
+{
+    if(window.netscape == undefined)
+        return manualConvertUnicodeToUTF8(s);
+    else
+        return mozConvertUnicodeToUTF8(s);
+}
+
+function manualConvertUnicodeToUTF8(s)
+{
+    var re = /[^\u0000-\u007F]/g ;
+    return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+}
+
+function mozConvertUnicodeToUTF8(s)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUnicodeToUTF8(s);
+        } // fallback
+    var u = converter.ConvertFromUnicode(s);
+    var fin = converter.Finish();
+    if(fin.length > 0)
+        return u + fin;
+    else
+        return u;
+}
+
+function saveFile(fileUrl, content)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = ieSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = javaSaveFile(fileUrl, content);
+    return(r);
+}
+
+function loadFile(fileUrl)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = ieLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = javaLoadFile(fileUrl);
+    return(r);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function ieSaveFile(filePath, content)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to save\n\n" + e.toString());
+        return(null);
+        }
+    var file = fso.OpenTextFile(filePath,2,-1,0);
+    file.Write(content);
+    file.Close();
+    return(true);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function ieLoadFile(filePath)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        var file = fso.OpenTextFile(filePath,1);
+        var content = file.ReadAll();
+        file.Close();
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to load\n\n" + e.toString());
+        return(null);
+        }
+    return(content);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function mozillaSaveFile(filePath, content)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                file.create(0, 0664);
+            var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+            out.init(file, 0x20 | 0x02, 00004,null);
+            out.write(content, content.length);
+            out.flush();
+            out.close();
+            return(true);
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to save\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function mozillaLoadFile(filePath)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                return(null);
+            var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+            inputStream.init(file, 0x01, 00004, null);
+            var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+            sInputStream.init(inputStream);
+            return(sInputStream.read(sInputStream.available()));
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to load\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+function javaUrlToFilename(url)
+{
+    var f = "//localhost";
+    if(url.indexOf(f) == 0)
+        return url.substring(f.length);
+    var i = url.indexOf(":");
+    if(i > 0)
+        return url.substring(i-1);
+    return url;
+}
+
+function javaSaveFile(filePath, content)
+{
+    try
+        {
+        if(document.applets["TiddlySaver"])
+            return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+        }
+    catch(e)
+        {
+        }
+    try
+        {
+        var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+        s.print(content);
+        s.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return true;
+}
+
+function javaLoadFile(filePath)
+{
+    try
+        {
+    if(document.applets["TiddlySaver"])
+        return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+        }
+    catch(e)
+        {
+        }
+    var content = [];
+    try
+        {
+        var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+        var line;
+        while ((line = r.readLine()) != null)
+            content.push(new String(line));
+        r.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return content.join("\n");
+}
+
+
+// ---------------------------------------------------------------------------------
+// Remote HTTP requests
+// ---------------------------------------------------------------------------------
+
+// Load a file over http
+//   url - the source url
+//   callback - function to call when there's a response
+//   params - parameter object that gets passed to the callback for storing it's state
+// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
+// Callback function is called like this:
+//   callback(status,params,responseText,xhr)
+//     status - true if OK, false if error
+//     params - the parameter object provided to loadRemoteFile()
+//     responseText - the text of the file
+//     xhr - the underlying XMLHttpRequest object
+function loadRemoteFile(url,callback,params)
+{
+    // Get an xhr object
+    var x;
+    try
+        {
+        x = new XMLHttpRequest(); // Modern
+        }
+    catch(e)
+        {
+        try
+            {
+            x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+            }
+        catch (e)
+            {
+            return null;
+            }
+        }
+    // Install callback
+    x.onreadystatechange = function()
+        {
+        if (x.readyState == 4)
+            {
+            if ((x.status == 0 || x.status == 200) && callback)
+                {
+                callback(true,params,x.responseText,url,x);
+            }
+            else
+                callback(false,params,null,url,x);
+            }
+        }
+    // Send request
+    if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+        window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+    try
+        {
+        url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+        x.open("GET",url,true);
+        if (x.overrideMimeType)
+            x.overrideMimeType("text/html");
+        x.send(null);
+        }
+    catch (e)
+        {
+        alert("Error in send " + e);
+        return null;
+        }
+    return x;
+}
+// ---------------------------------------------------------------------------------
+// TiddlyWiki-specific utility functions
+// ---------------------------------------------------------------------------------
+
+function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
+{
+    var theButton = document.createElement("a");
+    if(theAction)
+        {
+        theButton.onclick = theAction;
+        theButton.setAttribute("href","javascript:;");
+        }
+    if(theTooltip)
+        theButton.setAttribute("title",theTooltip);
+    if(theText)
+        theButton.appendChild(document.createTextNode(theText));
+    if(theClass)
+        theButton.className = theClass;
+    else
+        theButton.className = "button";
+    if(theId)
+        theButton.id = theId;
+    if(theParent)
+        theParent.appendChild(theButton);
+    if(theAccessKey)
+        theButton.setAttribute("accessKey",theAccessKey);
+    return(theButton);
+}
+
+function createTiddlyLink(place,title,includeText,theClass,isStatic)
+{
+    var text = includeText ? title : null;
+    var i = getTiddlyLinkInfo(title,theClass)
+    var btn;
+    if(isStatic)
+        btn = createExternalLink(place,"#" + title);
+    else
+        btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+    btn.setAttribute("refresh","link");
+    btn.setAttribute("tiddlyLink",title);
+    return(btn);
+}
+
+function refreshTiddlyLink(e,title)
+{
+    var i = getTiddlyLinkInfo(title,e.className);
+    e.className = i.classes;
+    e.title = i.subTitle;
+}
+
+function getTiddlyLinkInfo(title,currClasses)
+{
+    var classes = currClasses ? currClasses.split(" ") : [];
+    classes.pushUnique("tiddlyLink");
+    var tiddler = store.fetchTiddler(title);
+    var subTitle;
+    if(tiddler)
+        {
+        subTitle = tiddler.getSubtitle();
+        classes.pushUnique("tiddlyLinkExisting");
+        classes.remove("tiddlyLinkNonExisting");
+        classes.remove("shadow");
+        }
+    else
+        {
+        classes.remove("tiddlyLinkExisting");
+        classes.pushUnique("tiddlyLinkNonExisting");
+        if(store.isShadowTiddler(title))
+            {
+            subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+            classes.pushUnique("shadow");
+            }
+        else
+            {
+            subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+            classes.remove("shadow");
+            }
+        }
+    return {classes: classes.join(" "), subTitle: subTitle};
+}
+
+function createExternalLink(place,url)
+{
+    var theLink = document.createElement("a");
+    theLink.className = "externalLink";
+    theLink.href = url;
+    theLink.title = config.messages.externalLinkTooltip.format([url]);
+    if(config.options.chkOpenInNewWindow)
+        theLink.target = "_blank";
+    place.appendChild(theLink);
+    return(theLink);
+}
+
+// Event handler for clicking on a tiddly link
+function onClickTiddlerLink(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var theLink = theTarget;
+    var title = null;
+    do {
+        title = theLink.getAttribute("tiddlyLink");
+        theLink = theLink.parentNode;
+    } while(title == null && theLink != null);
+    if(title)
+        {
+        var toggling = e.metaKey || e.ctrlKey;
+        if(config.options.chkToggleLinks)
+            toggling = !toggling;
+        var opening;
+        if(toggling && document.getElementById("tiddler" + title))
+            story.closeTiddler(title,true,e.shiftKey || e.altKey);
+        else
+            story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+        }
+    clearMessage();
+    return(false);
+}
+
+// Create a button for a tag with a popup listing all the tiddlers that it tags
+function createTagButton(place,tag,excludeTiddler)
+{
+    var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+    theTag.setAttribute("tag",tag);
+    if(excludeTiddler)
+        theTag.setAttribute("tiddler",excludeTiddler);
+    return(theTag);
+}
+
+// Event handler for clicking on a tiddler tag
+function onClickTag(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var popup = Popup.create(this);
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(popup && tag)
+        {
+        var tagged = store.getTaggedTiddlers(tag);
+        var titles = [];
+        var li,r;
+        for(r=0;r<tagged.length;r++)
+            if(tagged[r].title != title)
+                titles.push(tagged[r].title);
+        var lingo = config.views.wikified.tag;
+        if(titles.length > 0)
+            {
+            var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+            openAll.setAttribute("tag",tag);
+            createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+            for(r=0; r<titles.length; r++)
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+                }
+            }
+        else
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+        createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+        var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+        createTiddlyText(h,lingo.openTag.format([tag]));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+// Event handler for 'open all' on a tiddler popup
+function onClickTagOpenAll(e)
+{
+    if (!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var tagged = store.getTaggedTiddlers(tag);
+    var titles = [];
+    for(var t=0; t<tagged.length; t++)
+        titles.push(tagged[t].title);
+    story.displayTiddlers(this,titles);
+    return(false);
+}
+
+function onClickError(e)
+{
+    if (!e) var e = window.event;
+    var popup = Popup.create(this);
+    var lines = this.getAttribute("errorText").split("\n");
+    for(var t=0; t<lines.length; t++)
+        createTiddlyElement(popup,"li",null,null,lines[t]);
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return false;
+}
+
+function createTiddlyDropDown(place,onchange,options)
+{
+    var sel = createTiddlyElement(place,"select");
+    sel.onchange = onchange;
+    for(var t=0; t<options.length; t++)
+        {
+        var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+        e.value = options[t].name;
+        }
+}
+
+function createTiddlyError(place,title,text)
+{
+    var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+    if (text) btn.setAttribute("errorText",text);
+}
+
+function merge(dst,src,preserveExisting)
+{
+    for (p in src)
+        if (!preserveExisting || dst[p] === undefined)
+            dst[p] = src[p];
+    return dst;
+}
+
+// Returns a string containing the description of an exception, optionally prepended by a message
+function exceptionText(e, message)
+{
+    var s = e.description ? e.description : e.toString();
+    return message ? "%0:\n%1".format([message, s]) : s;
+}
+
+// Displays an alert of an exception description with optional message
+function showException(e, message)
+{
+    alert(exceptionText(e, message));
+}
+
+// ---------------------------------------------------------------------------------
+// Animation engine
+// ---------------------------------------------------------------------------------
+
+function Animator()
+{
+    this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+    this.timerID = 0; // ID of the timer used for animating
+    this.animations = []; // List of animations in progress
+    return this;
+}
+
+// Start animation engine
+Animator.prototype.startAnimating = function() // Variable number of arguments
+{
+    for(var t=0; t<arguments.length; t++)
+        this.animations.push(arguments[t]);
+    if(this.running == 0)
+        {
+        var me = this;
+        this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+        }
+    this.running += arguments.length;
+}
+
+// Perform an animation engine tick, calling each of the known animation modules
+Animator.prototype.doAnimate = function(me)
+{
+    var a = 0;
+    while(a < me.animations.length)
+        {
+        var animation = me.animations[a];
+        if(animation.tick())
+            a++;
+        else
+            {
+            me.animations.splice(a,1);
+            if(--me.running == 0)
+                window.clearInterval(me.timerID);
+            }
+        }
+}
+
+// Map a 0..1 value to 0..1, but slow down at the start and end
+Animator.slowInSlowOut = function(progress)
+{
+    return(1-((Math.cos(progress * Math.PI)+1)/2));
+}
+
+// ---------------------------------------------------------------------------------
+// Cascade animation
+// ---------------------------------------------------------------------------------
+
+function Cascade(text,startElement,targetElement,slowly)
+{
+    var winWidth = findWindowWidth();
+    var winHeight = findWindowHeight();
+    this.elements = [];
+    this.startElement = startElement;
+    this.startLeft = findPosX(this.startElement);
+    this.startTop = findPosY(this.startElement);
+    this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+    this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+    this.targetElement = targetElement;
+    targetElement.style.position = "relative";
+    targetElement.style.zIndex = 2;
+    this.targetLeft = findPosX(this.targetElement);
+    this.targetTop = findPosY(this.targetElement);
+    this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+    this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+    this.progress = -1;
+    this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+    this.text = text;
+    this.tick();
+    return this;
+}
+
+Cascade.prototype.tick = function()
+{
+    this.progress++;
+    if(this.progress >= this.steps)
+        {
+        while(this.elements.length > 0)
+            this.removeTail();
+        this.targetElement.style.position = "static";
+        this.targetElement.style.zIndex = "";
+        return false;
+        }
+    else
+        {
+        if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+            this.removeTail();
+        if(this.progress < (this.steps - config.cascadeDepth))
+            {
+            var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+            var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+            e.style.zIndex = 1;
+            e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+            e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+            e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+            e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+            e.style.display = "block";
+            this.elements.push(e);
+            }
+        return true;
+        }
+}
+
+Cascade.prototype.removeTail = function()
+{
+    var e = this.elements[0];
+    e.parentNode.removeChild(e);
+    this.elements.shift();
+}
+
+// ---------------------------------------------------------------------------------
+// Scroller animation
+// ---------------------------------------------------------------------------------
+
+function Scroller(targetElement,slowly)
+{
+    this.targetElement = targetElement;
+    this.startScroll = findScrollY();
+    this.targetScroll = ensureVisible(targetElement);
+    this.progress = 0;
+    this.step = slowly ? config.animSlow : config.animFast;
+    return this;
+}
+
+Scroller.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress > 1)
+        {
+        window.scrollTo(0,this.targetScroll);
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Slider animation
+// ---------------------------------------------------------------------------------
+
+// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
+function Slider(element,opening,slowly,deleteMode)
+{
+    this.element = element;
+    element.style.display = "block";
+    this.deleteMode = deleteMode;
+    this.element.style.height = "auto";
+    this.realHeight = element.offsetHeight;
+    this.opening = opening;
+    this.step = slowly ? config.animSlow : config.animFast;
+    if(opening)
+        {
+        this.progress = 0;
+        element.style.height = "0px";
+        element.style.display = "block";
+        }
+    else
+        {
+        this.progress = 1;
+        this.step = -this.step;
+        }
+    element.style.overflow = "hidden";
+    return this;
+}
+
+Slider.prototype.stop = function()
+{
+    if(this.opening)
+        {
+        this.element.style.height = "auto";
+        this.element.style.opacity = 1;
+        this.element.style.filter = "alpha(opacity:100)";
+        }
+    else
+        {
+        switch(this.deleteMode)
+            {
+            case "none":
+                this.element.style.display = "none";
+                break;
+            case "all":
+                this.element.parentNode.removeChild(this.element);
+                break;
+            case "children":
+                removeChildren(this.element);
+                break;
+            }
+        }
+}
+
+Slider.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress < 0 || this.progress > 1)
+        {
+        this.stop();
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        var h = this.realHeight * f;
+        this.element.style.height = h + "px";
+        this.element.style.opacity = f;
+        this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Popup menu
+// ---------------------------------------------------------------------------------
+
+var Popup = {
+    stack: [] // Array of objects with members root: and popup:
+    };
+
+Popup.create = function(root)
+{
+    Popup.remove();
+    var popup = createTiddlyElement(document.body,"ol","popup","popup");
+    Popup.stack.push({root: root, popup: popup});
+    return popup;
+}
+
+Popup.onDocumentClick = function(e)
+{
+    if (!e) var e = window.event;
+    var target = resolveTarget(e);
+    if(e.eventPhase == undefined)
+        Popup.remove();
+    else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+        Popup.remove();
+    return true;
+}
+
+Popup.show = function(unused,slowly)
+{
+    var curr = Popup.stack[Popup.stack.length-1];
+    var rootLeft = findPosX(curr.root);
+    var rootTop = findPosY(curr.root);
+    var rootHeight = curr.root.offsetHeight;
+    var popupLeft = rootLeft;
+    var popupTop = rootTop + rootHeight;
+    var popupWidth = curr.popup.offsetWidth;
+    var winWidth = findWindowWidth();
+    if(popupLeft + popupWidth > winWidth)
+        popupLeft = winWidth - popupWidth;
+    curr.popup.style.left = popupLeft + "px";
+    curr.popup.style.top = popupTop + "px";
+    curr.popup.style.display = "block";
+    addClass(curr.root,"highlight");
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Scroller(curr.popup,slowly));
+    else
+        window.scrollTo(0,ensureVisible(curr.popup));
+}
+
+Popup.remove = function()
+{
+    if(Popup.stack.length > 0)
+        {
+        Popup.removeFrom(0);
+        }
+}
+
+Popup.removeFrom = function(from)
+{
+    for(var t=Popup.stack.length-1; t>=from; t--)
+        {
+        var p = Popup.stack[t];
+        removeClass(p.root,"highlight");
+        p.popup.parentNode.removeChild(p.popup);
+        }
+    Popup.stack = Popup.stack.slice(0,from);
+}
+
+// ---------------------------------------------------------------------------------
+// ListView gadget
+// ---------------------------------------------------------------------------------
+
+var ListView = {};
+
+// Create a listview
+//   place - where in the DOM tree to insert the listview
+//   listObject - array of objects to be included in the listview
+//   listTemplate - template for the listview
+//   callback - callback for a command being selected
+//   className - optional classname for the <table> element
+ListView.create = function(place,listObject,listTemplate,callback,className)
+{
+    var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+    var thead = createTiddlyElement(table,"thead");
+    var r = createTiddlyElement(thead,"tr");
+    for(var t=0; t<listTemplate.columns.length; t++)
+        {
+        var columnTemplate = listTemplate.columns[t];
+        var c = createTiddlyElement(r,"th");
+        var colType = ListView.columnTypes[columnTemplate.type];
+        if(colType && colType.createHeader)
+            colType.createHeader(c,columnTemplate,t);
+        }
+    var tbody = createTiddlyElement(table,"tbody");
+    for(var rc=0; rc<listObject.length; rc++)
+        {
+        rowObject = listObject[rc];
+        r = createTiddlyElement(tbody,"tr");
+        for(var c=0; c<listTemplate.rowClasses.length; c++)
+            {
+            if(rowObject[listTemplate.rowClasses[c].field])
+                addClass(r,listTemplate.rowClasses[c].className);
+            }
+        rowObject.rowElement = rowObject;
+        rowObject.colElements = {};
+        for(var cc=0; cc<listTemplate.columns.length; cc++)
+            {
+            var c = createTiddlyElement(r,"td");
+            var columnTemplate = listTemplate.columns[cc];
+            var field = columnTemplate.field;
+            var colType = ListView.columnTypes[columnTemplate.type];
+            if(colType && colType.createItem)
+                colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+            rowObject.colElements[field] = c;
+            }
+        }
+    if(callback && listTemplate.actions)
+        createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+    if(callback && listTemplate.buttons)
+        {
+        for(t=0; t<listTemplate.buttons.length; t++)
+            {
+            var a = listTemplate.buttons[t];
+            if(a && a.name != "")
+                createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+            }
+        }
+    return table;
+}
+
+ListView.getCommandHandler = function(callback,name,allowEmptySelection)
+{
+    return function(e)
+        {
+        var view = findRelated(this,"TABLE",null,"previousSibling");
+        var tiddlers = [];
+        ListView.forEachSelector(view,function(e,rowName) {
+                    if(e.checked)
+                        tiddlers.push(rowName);
+                    });
+        if(tiddlers.length == 0 && !allowEmptySelection)
+            alert(config.messages.nothingSelected);
+        else
+            {
+            if(this.nodeName.toLowerCase() == "select")
+                {
+                callback(view,this.value,tiddlers);
+                this.selectedIndex = 0;
+                }
+            else
+                callback(view,name,tiddlers);
+            }
+        };
+}
+
+// Invoke a callback for each selector checkbox in the listview
+//   view - <table> element of listView
+//   callback(checkboxElement,rowName)
+//     where
+//       checkboxElement - DOM element of checkbox
+//       rowName - name of this row as assigned by the column template
+//   result: true if at least one selector was checked
+ListView.forEachSelector = function(view,callback)
+{
+    var checkboxes = view.getElementsByTagName("input");
+    var hadOne = false;
+    for(var t=0; t<checkboxes.length; t++)
+        {
+        var cb = checkboxes[t];
+        if(cb.getAttribute("type") == "checkbox")
+            {
+            var rn = cb.getAttribute("rowName");
+            if(rn)
+                {
+                callback(cb,rn);
+                hadOne = true;
+                }
+            }
+        }
+    return hadOne;
+}
+
+ListView.columnTypes = {};
+
+ListView.columnTypes.String = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyText(place,columnTemplate.title);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v);
+        }
+};
+
+ListView.columnTypes.Date = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+        }
+};
+
+ListView.columnTypes.StringList = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                for(var t=0; t<v.length; t++)
+                    {
+                    createTiddlyText(place,v[t]);
+                    createTiddlyElement(place,"br");
+                    }
+                }
+        }
+};
+
+ListView.columnTypes.Selector = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],null);
+            e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+        },
+    onHeaderChange: function(e)
+        {
+            var state = this.checked;
+            var view = findRelated(this,"TABLE");
+            if(!view)
+                return;
+            ListView.forEachSelector(view,function(e,rowName) {
+                                e.checked = state;
+                            });
+        }
+};
+
+ListView.columnTypes.Tags = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var tags = listObject[field];
+            createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+        }
+};
+
+ListView.columnTypes.Boolean = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            if(listObject[field] == true)
+                createTiddlyText(place,columnTemplate.trueText);
+            if(listObject[field] == false)
+                createTiddlyText(place,columnTemplate.falseText);
+        }
+};
+
+ListView.columnTypes.TagCheckbox = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+            e.setAttribute("tiddler",listObject.title);
+            e.setAttribute("tag",columnTemplate.tag);
+        },
+    onChange : function(e)
+        {
+            var tag = this.getAttribute("tag");
+            var tiddler = this.getAttribute("tiddler");
+            store.setTiddlerTag(tiddler,this.checked,tag);
+        }
+};
+
+ListView.columnTypes.TiddlerLink = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+                createTiddlyText(link,listObject[field]);
+                }
+        }
+};
+// ---------------------------------------------------------------------------------
+// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
+// ---------------------------------------------------------------------------------
+
+// Clamp a number to a range
+Number.prototype.clamp = function(min,max)
+{
+    var c = this;
+    if(c < min)
+        c = min;
+    if(c > max)
+        c = max;
+    return c;
+}
+
+// Add indexOf function if browser does not support it
+if(!Array.indexOf) {
+Array.prototype.indexOf = function(item,from)
+{
+    if(!from)
+        from = 0;
+    for(var i=from; i<this.length; i++)
+        if(this[i] === item)
+            return i;
+    return -1;
+}}
+
+// Find an entry in a given field of the members of an array
+Array.prototype.findByField = function(field,value)
+{
+    for(var t=0; t<this.length; t++)
+        if(this[t][field] == value)
+            return t;
+    return null;
+}
+
+// Return whether an entry exists in an array
+Array.prototype.contains = function(item)
+{
+    return this.indexOf(item) != -1;
+};
+
+// Adds, removes or toggles a particular value within an array
+//  value - value to add
+//  mode - +1 to add value, -1 to remove value, 0 to toggle it
+Array.prototype.setItem = function(value,mode)
+{
+    var p = this.indexOf(value);
+    if(mode == 0)
+        mode = (p == -1) ? +1 : -1;
+    if(mode == +1)
+        {
+        if(p == -1)
+            this.push(value);
+        }
+    else if(mode == -1)
+        {
+        if(p != -1)
+            this.splice(p,1);
+        }
+}
+
+// Return whether one of a list of values exists in an array
+Array.prototype.containsAny = function(items)
+{
+    for(var i=0; i<items.length; i++)
+        if (this.indexOf(items[i]) != -1)
+            return true;
+    return false;
+};
+
+// Return whether all of a list of values exists in an array
+Array.prototype.containsAll = function(items)
+{
+    for (var i = 0; i<items.length; i++)
+        if (this.indexOf(items[i]) == -1)
+            return false;
+    return true;
+};
+
+// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
+Array.prototype.pushUnique = function(item,unique)
+{
+    if(unique != undefined && unique == false)
+        this.push(item);
+    else
+        {
+        if(this.indexOf(item) == -1)
+            this.push(item);
+        }
+}
+
+Array.prototype.remove = function(item)
+{
+    var p = this.indexOf(item);
+    if(p != -1)
+        this.splice(p,1);
+}
+
+// Get characters from the right end of a string
+String.prototype.right = function(n)
+{
+    if(n < this.length)
+        return this.slice(this.length-n);
+    else
+        return this;
+}
+
+// Trim whitespace from both ends of a string
+String.prototype.trim = function()
+{
+    return this.replace(/^\s*|\s*$/g,"");
+}
+
+// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
+String.prototype.unDash = function()
+{
+    var s = this.split("-");
+    if(s.length > 1)
+        for(var t=1; t<s.length; t++)
+            s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+    return s.join("");
+}
+
+// Substitute substrings from an array into a format string that includes '%1'-type specifiers
+String.prototype.format = function(substrings)
+{
+    var subRegExp = /(?:%(\d+))/mg;
+    var currPos = 0;
+    var r = [];
+    do {
+        var match = subRegExp.exec(this);
+        if(match && match[1])
+            {
+            if(match.index > currPos)
+                r.push(this.substring(currPos,match.index));
+            r.push(substrings[parseInt(match[1])]);
+            currPos = subRegExp.lastIndex;
+            }
+    } while(match);
+    if(currPos < this.length)
+        r.push(this.substring(currPos,this.length));
+    return r.join("");
+}
+
+// Escape any special RegExp characters with that character preceded by a backslash
+String.prototype.escapeRegExp = function()
+{
+    var s = "\\^$*+?()=!|,{}[].";
+    var c = this;
+    for(var t=0; t<s.length; t++)
+        c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+    return c;
+}
+
+// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
+String.prototype.escapeLineBreaks = function()
+{
+    return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+}
+
+// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
+String.prototype.unescapeLineBreaks = function()
+{
+    return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+}
+
+// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
+String.prototype.htmlEncode = function()
+{
+    return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+}
+
+// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+String.prototype.htmlDecode = function()
+{
+    return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+}
+
+// Parse a space-separated string of name:value parameters where:
+//   - the name or the value can be optional (in which case separate defaults are used instead)
+//     - in case of ambiguity, a lone word is taken to be a value
+//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
+//     - name prefixes are not allowed if the 'noNames' parameter is true
+//   - if both the name and value are present they must be separated by a colon
+//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
+//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
+//     - as long as the 'allowEval' parameter is true
+// The result is an array of objects:
+//   result[0] = object with a member for each parameter name, value of that member being an array of values
+//   result[1..n] = one object for each parameter, with 'name' and 'value' members
+String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
+{
+    var parseToken = function(match,p)
+        {
+        var n;
+        if(match[p]) // Double quoted
+            n = match[p];
+        else if(match[p+1]) // Single quoted
+            n = match[p+1];
+        else if(match[p+2]) // Double-square-bracket quoted
+            n = match[p+2];
+        else if(match[p+3]) // Double-brace quoted
+            try
+                {
+                n = match[p+3];
+                if(allowEval)
+                    n = window.eval(n);
+                }
+            catch(e)
+                {
+                throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+                }
+        else if(match[p+4]) // Unquoted
+            n = match[p+4];
+        else if(match[p+5]) // empty quote
+            n = "";
+        return n;
+        };
+    var r = [{}];
+    var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+    var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+    var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+    var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+    var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+    var emptyQuote = "((?:\"\")|(?:''))";
+    var skipSpace = "(?:\\s*)";
+    var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+    var re = noNames
+        ? new RegExp(token,"mg")
+        : new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+    var params = [];
+    do {
+        var match = re.exec(this);
+        if(match)
+            {
+            var n = parseToken(match,1);
+            if(noNames)
+                r.push({name: "", value: n});
+            else
+                {
+                var v = parseToken(match,8);
+                if(v == null && defaultName)
+                    {
+                    v = n;
+                    n = defaultName;
+                    }
+                else if(v == null && defaultValue)
+                    v = defaultValue;
+                r.push({name: n, value: v});
+                if(cascadeDefaults)
+                    {
+                    defaultName = n;
+                    defaultValue = v;
+                    }
+                }
+            }
+    } while(match);
+    // Summarise parameters into first element
+    for(var t=1; t<r.length; t++)
+        {
+        if(r[0][r[t].name])
+            r[0][r[t].name].push(r[t].value);
+        else
+            r[0][r[t].name] = [r[t].value];
+        }
+    return r;
+}
+
+// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
+// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
+// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
+String.prototype.readMacroParams = function()
+{
+    var p = this.parseParams("list",null,true,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.push(p[t].value);
+    return n;
+}
+
+// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
+String.prototype.readBracketedList = function(unique)
+{
+    var p = this.parseParams("list",null,false,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.pushUnique(p[t].value,unique);
+    return n;
+}
+
+// Returns array with start and end index of chunk between given start and end marker, or undefined.
+String.prototype.getChunkRange = function(start,end)
+{
+    var s = this.indexOf(start);
+    if(s != -1)
+        {
+        s += start.length;
+        var e = this.indexOf(end,s);
+        if(e != -1)
+            return [s, e];
+        }
+}
+
+// Replace a chunk of a string given start and end markers
+String.prototype.replaceChunk = function(start,end,sub)
+{
+    var r = this.getChunkRange(start,end);
+    return r
+        ? this.substring(0,r[0]) + sub + this.substring(r[1])
+        : this;
+}
+
+// Returns a chunk of a string between start and end markers, or undefined
+String.prototype.getChunk = function(start,end)
+{
+    var r = this.getChunkRange(start,end);
+    if (r)
+        return this.substring(r[0],r[1]);
+}
+
+
+// Static method to bracket a string with double square brackets if it contains a space
+String.encodeTiddlyLink = function(title)
+{
+    if(title.indexOf(" ") == -1)
+        return(title);
+    else
+        return("[[" + title + "]]");
+}
+
+// Static method to encodeTiddlyLink for every item in an array and join them with spaces
+String.encodeTiddlyLinkList = function(list)
+{
+    if(list)
+        {
+        var results = [];
+        for(var t=0; t<list.length; t++)
+            results.push(String.encodeTiddlyLink(list[t]));
+        return results.join(" ");
+        }
+    else
+        return "";
+}
+
+// Static method to left-pad a string with 0s to a certain width
+String.zeroPad = function(n,d)
+{
+    var s = n.toString();
+    if(s.length < d)
+        s = "000000000000000000000000000".substr(0,d-s.length) + s;
+    return(s);
+}
+
+String.prototype.startsWith = function(prefix)
+{
+    return !prefix || this.substring(0,prefix.length) == prefix;
+}
+
+// Returns the first value of the given named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//# @return [may be null/undefined]
+//#
+function getParam(params, name, defaultValue) {
+    if (!params)
+        return defaultValue;
+    var p = params[0][name];
+    return p ? p[0] : defaultValue;
+}
+
+// Returns the first value of the given boolean named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//#
+function getFlag(params, name, defaultValue) {
+    return !!getParam(params, name, defaultValue);
+}
+
+// Substitute date components into a string
+Date.prototype.formatString = function(template)
+{
+    var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+    t = t.replace(/hh12/g,this.getHours12());
+    t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+    t = t.replace(/hh/g,this.getHours());
+    t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+    t = t.replace(/mm/g,this.getMinutes());
+    t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+    t = t.replace(/ss/g,this.getSeconds());
+    t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+    t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+    t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+    t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+    t = t.replace(/YYYY/g,this.getFullYear());
+    t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+    t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+    t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+    t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+    t = t.replace(/MM/g,this.getMonth()+1);
+    t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+    t = t.replace(/WW/g,this.getWeek());
+    t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+    t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+    t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+    t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+    t = t.replace(/DD/g,this.getDate());
+    return t;
+}
+
+Date.prototype.getWeek = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+    var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000);
+    return Math.floor(n/7)+1;
+}
+
+Date.prototype.getYearForWeekNo = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+    return dt.getFullYear();
+}
+
+Date.prototype.getHours12 = function()
+{
+    var h = this.getHours();
+    return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+}
+
+Date.prototype.getAmPm = function()
+{
+    return this.getHours() >= 12 ? "pm" : "am";
+}
+
+Date.prototype.daySuffix = function()
+{
+    var num = this.getDate();
+    if (num >= 11 && num <= 13) return "th";
+    else if (num.toString().substr(-1)=="1") return "st";
+    else if (num.toString().substr(-1)=="2") return "nd";
+    else if (num.toString().substr(-1)=="3") return "rd";
+    return "th";
+}
+
+// Convert a date to local YYYYMMDDHHMM string format
+Date.prototype.convertToLocalYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDDHHMM string format
+Date.prototype.convertToYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
+Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+}
+
+// Static method to create a date from a UTC YYYYMMDDHHMM format string
+Date.convertFromYYYYMMDDHHMM = function(d)
+{
+    var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+                            parseInt(d.substr(4,2),10)-1,
+                            parseInt(d.substr(6,2),10),
+                            parseInt(d.substr(8,2),10),
+                            parseInt(d.substr(10,2),10),0,0));
+    return(theDate);
+}
+
+// ---------------------------------------------------------------------------------
+// Crypto functions and associated conversion routines
+// ---------------------------------------------------------------------------------
+
+// Crypto "namespace"
+function Crypto() {}
+
+// Convert a string to an array of big-endian 32-bit words
+Crypto.strToBe32s = function(str)
+{
+    var be = Array();
+    var len = Math.floor(str.length/4);
+    var i, j;
+    for(i=0, j=0; i<len; i++, j+=4)
+        {
+        be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+        }
+    while (j<str.length)
+        {
+        be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+        j++;
+        }
+    return be;
+}
+
+// Convert an array of big-endian 32-bit words to a string
+Crypto.be32sToStr = function(be)
+{
+    var str = "";
+    for(var i=0;i<be.length*32;i+=8)
+        str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+    return str;
+}
+
+// Convert an array of big-endian 32-bit words to a hex string
+Crypto.be32sToHex = function(be)
+{
+    var hex = "0123456789ABCDEF";
+    var str = "";
+    for(var i=0;i<be.length*4;i++)
+        str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+    return str;
+}
+
+// Return, in hex, the SHA-1 hash of a string
+Crypto.hexSha1Str = function(str)
+{
+    return Crypto.be32sToHex(Crypto.sha1Str(str));
+}
+
+// Return the SHA-1 hash of a string
+Crypto.sha1Str = function(str)
+{
+    return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+}
+
+// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
+Crypto.sha1 = function(x,blen)
+{
+    // Add 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32 = function(a,b)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Add five 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32x5 = function(a,b,c,d,e)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Bitwise rotate left a 32-bit integer by 1 bit
+    rol32 = function(n)
+    {
+        return (n>>>31)|(n<<1);
+    };
+
+    var len = blen*8;
+    // Append padding so length in bits is 448 mod 512
+    x[len>>5] |= 0x80 << (24-len%32);
+    // Append length
+    x[((len+64>>9)<<4)+15] = len;
+    var w = Array(80);
+
+    var k1 = 0x5A827999;
+    var k2 = 0x6ED9EBA1;
+    var k3 = 0x8F1BBCDC;
+    var k4 = 0xCA62C1D6;
+
+    var h0 = 0x67452301;
+    var h1 = 0xEFCDAB89;
+    var h2 = 0x98BADCFE;
+    var h3 = 0x10325476;
+    var h4 = 0xC3D2E1F0;
+
+    for(var i=0;i<x.length;i+=16)
+        {
+        var j,t;
+        var a = h0;
+        var b = h1;
+        var c = h2;
+        var d = h3;
+        var e = h4;
+        for(j = 0;j<16;j++)
+            {
+            w[j] = x[i+j];
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=16;j<20;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=20;j<40;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=40;j<60;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=60;j<80;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+
+        h0 = add32(h0,a);
+        h1 = add32(h1,b);
+        h2 = add32(h2,c);
+        h3 = add32(h3,d);
+        h4 = add32(h4,e);
+        }
+    return Array(h0,h1,h2,h3,h4);
+}
+
+// ---------------------------------------------------------------------------------
+// RGB colour object
+// ---------------------------------------------------------------------------------
+
+// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
+function RGB(r,g,b)
+{
+    this.r = 0;
+    this.g = 0;
+    this.b = 0;
+    if(typeof r == "string")
+        {
+        if(r.substr(0,1) == "#")
+            {
+            if(r.length == 7)
+                {
+                this.r = parseInt(r.substr(1,2),16)/255;
+                this.g = parseInt(r.substr(3,2),16)/255;
+                this.b = parseInt(r.substr(5,2),16)/255;
+                }
+            else
+                {
+                this.r = parseInt(r.substr(1,1),16)/15;
+                this.g = parseInt(r.substr(2,1),16)/15;
+                this.b = parseInt(r.substr(3,1),16)/15;
+                }
+            }
+        else
+            {
+            var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+            var c = r.match(rgbPattern);
+            if (c)
+                {
+                this.r = parseInt(c[1],10)/255;
+                this.g = parseInt(c[2],10)/255;
+                this.b = parseInt(c[3],10)/255;
+                }
+            }
+        }
+    else
+        {
+        this.r = r;
+        this.g = g;
+        this.b = b;
+        }
+    return this;
+}
+
+// Mixes this colour with another in a specified proportion
+// c = other colour to mix
+// f = 0..1 where 0 is this colour and 1 is the new colour
+// Returns an RGB object
+RGB.prototype.mix = function(c,f)
+{
+    return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+}
+
+// Return an rgb colour as a #rrggbb format hex string
+RGB.prototype.toString = function()
+{
+    var r = this.r.clamp(0,1);
+    var g = this.g.clamp(0,1);
+    var b = this.b.clamp(0,1);
+    return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(b * 255).toString(16)).right(2));
+}
+
+// ---------------------------------------------------------------------------------
+// DOM utilities - many derived from www.quirksmode.org
+// ---------------------------------------------------------------------------------
+
+function drawGradient(place,horiz,colours)
+{
+    for(var t=0; t<= 100; t+=2)
+        {
+        var bar = document.createElement("div");
+        place.appendChild(bar);
+        bar.style.position = "absolute";
+        bar.style.left = horiz ? t + "%" : 0;
+        bar.style.top = horiz ? 0 : t + "%";
+        bar.style.width = horiz ? (101-t) + "%" : "100%";
+        bar.style.height = horiz ? "100%" : (101-t) + "%";
+        bar.style.zIndex = -1;
+        var f = t/100;
+        var p = f*(colours.length-1);
+        bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+        }
+}
+
+function createTiddlyText(theParent,theText)
+{
+    return theParent.appendChild(document.createTextNode(theText));
+}
+
+function createTiddlyCheckbox(theParent,caption,checked,onChange)
+{
+    var cb = document.createElement("input");
+    cb.setAttribute("type","checkbox");
+    cb.onclick = onChange;
+    theParent.appendChild(cb);
+    cb.checked = checked;
+    cb.className = "chkOptionInput";
+    if(caption)
+        wikify(caption,theParent);
+    return cb;
+}
+
+function createTiddlyElement(theParent,theElement,theID,theClass,theText)
+{
+    var e = document.createElement(theElement);
+    if(theClass != null)
+        e.className = theClass;
+    if(theID != null)
+        e.setAttribute("id",theID);
+    if(theText != null)
+        e.appendChild(document.createTextNode(theText));
+    if(theParent != null)
+        theParent.appendChild(e);
+    return(e);
+}
+
+// Add an event handler
+// Thanks to John Resig, via QuirksMode
+function addEvent(obj,type,fn)
+{
+    if(obj.attachEvent)
+        {
+        obj['e'+type+fn] = fn;
+        obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+        obj.attachEvent('on'+type,obj[type+fn]);
+        }
+    else
+        obj.addEventListener(type,fn,false);
+}
+
+// Remove  an event handler
+// Thanks to John Resig, via QuirksMode
+function removeEvent(obj,type,fn)
+{
+    if(obj.detachEvent)
+        {
+        obj.detachEvent('on'+type,obj[type+fn]);
+        obj[type+fn] = null;
+        }
+    else
+        obj.removeEventListener(type,fn,false);
+}
+
+function addClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    if(currClass.indexOf(theClass) == -1)
+        e.className += " " + theClass;
+}
+
+function removeClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    var i = currClass.indexOf(theClass);
+    while(i != -1)
+        {
+        currClass.splice(i,1);
+        i = currClass.indexOf(theClass);
+        }
+    e.className = currClass.join(" ");
+}
+
+function hasClass(e,theClass)
+{
+    if(e.className)
+        {
+        if(e.className.split(" ").indexOf(theClass) != -1)
+            return true;
+        }
+    return false;
+}
+
+// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
+function findRelated(e,value,name,relative)
+{
+    name = name ? name : "tagName";
+    relative = relative ? relative : "parentNode";
+    if(name == "className")
+        {
+        while(e && !hasClass(e,value))
+            {
+            e = e[relative];
+            }
+        }
+    else
+        {
+        while(e && e[name] != value)
+            {
+            e = e[relative];
+            }
+        }
+    return e;
+}
+
+// Resolve the target object of an event
+function resolveTarget(e)
+{
+    var obj;
+    if (e.target)
+        obj = e.target;
+    else if (e.srcElement)
+        obj = e.srcElement;
+    if (obj.nodeType == 3) // defeat Safari bug
+        obj = obj.parentNode;
+    return(obj);
+}
+
+// Return the content of an element as plain text with no formatting
+function getPlainText(e)
+{
+    var text = "";
+    if(e.innerText)
+        text = e.innerText;
+    else if(e.textContent)
+        text = e.textContent;
+    return text;
+}
+
+// Get the scroll position for window.scrollTo necessary to scroll a given element into view
+function ensureVisible(e)
+{
+    var posTop = findPosY(e);
+    var posBot = posTop + e.offsetHeight;
+    var winTop = findScrollY();
+    var winHeight = findWindowHeight();
+    var winBot = winTop + winHeight;
+    if(posTop < winTop)
+        return(posTop);
+    else if(posBot > winBot)
+        {
+        if(e.offsetHeight < winHeight)
+            return(posTop - (winHeight - e.offsetHeight));
+        else
+            return(posTop);
+        }
+    else
+        return(winTop);
+}
+
+// Get the current width of the display window
+function findWindowWidth()
+{
+    return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+}
+
+// Get the current height of the display window
+function findWindowHeight()
+{
+    return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+}
+
+// Get the current horizontal page scroll position
+function findScrollX()
+{
+    return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+}
+
+// Get the current vertical page scroll position
+function findScrollY()
+{
+    return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+}
+
+function findPosX(obj)
+{
+    var curleft = 0;
+    while (obj.offsetParent)
+        {
+        curleft += obj.offsetLeft;
+        obj = obj.offsetParent;
+        }
+    return curleft;
+}
+
+function findPosY(obj)
+{
+    var curtop = 0;
+    while (obj.offsetParent)
+        {
+        curtop += obj.offsetTop;
+        obj = obj.offsetParent;
+        }
+    return curtop;
+}
+
+// Blur a particular element
+function blurElement(e)
+{
+    if(e != null && e.focus && e.blur)
+        {
+        e.focus();
+        e.blur();
+        }
+}
+
+// Create a non-breaking space
+function insertSpacer(place)
+{
+    var e = document.createTextNode(String.fromCharCode(160));
+    if(place)
+        place.appendChild(e);
+    return e;
+}
+
+// Remove all children of a node
+function removeChildren(e)
+{
+    while(e.hasChildNodes())
+        e.removeChild(e.firstChild);
+}
+
+// Add a stylesheet, replacing any previous custom stylesheet
+function setStylesheet(s,id)
+{
+    if(!id)
+        id = "customStyleSheet";
+    var n = document.getElementById(id);
+    if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+        {
+        if(n)
+            n.parentNode.removeChild(n);
+        // This failed without the &nbsp;
+        document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+        }
+    else
+        {
+        if(n)
+            n.replaceChild(document.createTextNode(s),n.firstChild);
+        else
+            {
+            var n = document.createElement("style");
+            n.type = "text/css";
+            n.id = id;
+            n.appendChild(document.createTextNode(s));
+            document.getElementsByTagName("head")[0].appendChild(n);
+            }
+        }
+}
+
+// Replace the current selection of a textarea or text input and scroll it into view
+
+function replaceSelection(e,text)
+{
+    if (e.setSelectionRange)
+        {
+        var oldpos = e.selectionStart + 1;
+        e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+        e.setSelectionRange( oldpos, oldpos);
+        var linecount = e.value.split('\n').length;
+        var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+        e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+        }
+    else if (document.selection)
+        {
+        var range = document.selection.createRange();
+        if (range.parentElement() == e)
+            {
+            var isCollapsed = range.text == "";
+            range.text = text;
+             if (!isCollapsed)
+                {
+                range.moveStart('character', -text.length);
+                range.select();
+                }
+            }
+        }
+}
+
+// Returns the text of the given (text) node, possibly merging subsequent text nodes
+function getNodeText(e)
+{
+    var t = "";
+    while (e && e.nodeName == "#text")
+        {
+        t += e.nodeValue;
+        e = e.nextSibling;
+        }
+    return t;
+}
+//# -------------------------
+//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
+//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
+//# Subclasses must implement:
+//#             function getTitle(store, e)
+//#
+//# store must implement:
+//#             function createTiddler(title).
+//#
+
+function LoaderBase()
+{
+}
+
+LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
+{
+    var title = this.getTitle(store, e);
+    if (title)
+        {
+        var tiddler = store.createTiddler(title);
+        this.internalizeTiddler(store, tiddler, title, e);
+        tiddlers.push(tiddler);
+        }
+}
+
+LoaderBase.prototype.loadTiddlers = function(store,nodes)
+{
+    var tiddlers = [];
+    for (var t = 0; t < nodes.length; t++)
+        {
+        try
+            {
+            this.loadTiddler(store, nodes[t], tiddlers);
+            }
+        catch(e)
+            {
+            showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+            }
+        }
+    return tiddlers;
+}
+
+//# -------------------------
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string,
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines
+//# Subclasses must implement:
+//#             function externalizeTiddler(store, tiddler)
+//#
+//# store must implement:
+//#             function getTiddlers(sortByFieldName)
+//#
+
+function SaverBase()
+{
+}
+
+SaverBase.prototype.externalize = function(store)
+{
+    var results = [];
+    var tiddlers = store.getTiddlers("title");
+    for (var t = 0; t < tiddlers.length; t++)
+        results.push(this.externalizeTiddler(store, tiddlers[t]));
+    return results.join("\n");
+}
+//--------------------------------
+// TW21Loader (inherits from LoaderBase)
+
+function TW21Loader() {};
+
+TW21Loader.prototype = new LoaderBase();
+
+TW21Loader.prototype.getTitle = function(store, e) {
+    var title = null;
+    if(e.getAttribute)
+        title = e.getAttribute("tiddler");
+    if(!title && e.id) {
+        var lenPrefix = store.idPrefix.length;
+        if (e.id.substr(0,lenPrefix) == store.idPrefix)
+            title = e.id.substr(lenPrefix);
+    }
+    return title;
+}
+
+TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
+    var text = getNodeText(data.firstChild).unescapeLineBreaks();
+    var modifier = data.getAttribute("modifier");
+    var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+    var c = data.getAttribute("created");
+    var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+    var tags = data.getAttribute("tags");
+    var fields = {};
+    var attrs = data.attributes;
+    for(var i = attrs.length-1; i >= 0; i--) {
+        var name = attrs[i].name;
+        if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+            fields[name] = attrs[i].value.unescapeLineBreaks();
+        }
+    }
+    tiddler.assign(title,text,modifier,modified,tags,created, fields);
+    return tiddler;
+};
+
+//--------------------------------
+// TW21Saver (inherits from SaverBase)
+
+function TW21Saver() {};
+
+TW21Saver.prototype = new SaverBase();
+
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler)
+{
+    try {
+        var extendedFieldAttributes = "";
+        store.forEachField(tiddler,
+            function(tiddler, fieldName, value) {
+                // don't store stuff from the temp namespace
+                if (!fieldName.match(/^temp\./))
+                    extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+            }, true);
+        return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+                tiddler.title.htmlEncode(),
+                tiddler.modifier.htmlEncode(),
+                tiddler.modified.convertToYYYYMMDDHHMM(),
+                tiddler.created.convertToYYYYMMDDHHMM(),
+                tiddler.getTags().htmlEncode(),
+                tiddler.escapeLineBreaks().htmlEncode(),
+                extendedFieldAttributes
+            ]);
+    } catch (e) {
+        throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+    }
+}
+
+// ---------------------------------------------------------------------------------
+// Deprecated code
+// ---------------------------------------------------------------------------------
+
+// @Deprecated: Use createElementAndWikify and this.termRegExp instead
+config.formatterHelpers.charFormatHelper = function(w)
+{
+    w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+}
+
+// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
+config.formatterHelpers.monospacedByLineHelper = function(w)
+{
+    var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+    lookaheadRegExp.lastIndex = w.matchStart;
+    var lookaheadMatch = lookaheadRegExp.exec(w.source);
+    if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+        {
+        var text = lookaheadMatch[1];
+        if(config.browser.isIE)
+            text = text.replace(/\n/g,"\r");
+        createTiddlyElement(w.output,"pre",null,null,text);
+        w.nextMatch = lookaheadRegExp.lastIndex;
+        }
+}
+
+// @Deprecated: Use <br> or <br /> instead of <<br>>
+config.macros.br.handler = function(place)
+{
+    createTiddlyElement(place,"br");
+}
+
+// Find an entry in an array. Returns the array index or null
+// @Deprecated: Use indexOf instead
+Array.prototype.find = function(item)
+{
+    var i = this.indexOf(item);
+    return i == -1 ? null : i;
+}
+
+// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
+// @Deprecated: Use store.getLoader().internalizeTiddler instead
+Tiddler.prototype.loadFromDiv = function(divRef,title)
+{
+    return store.getLoader().internalizeTiddler(store,this,title,divRef);
+}
+
+// Format the text for storage in an HTML DIV
+// @Deprecated Use store.getSaver().externalizeTiddler instead.
+Tiddler.prototype.saveToDiv = function()
+{
+    return store.getSaver().externalizeTiddler(store,this);
+}
+
+// @Deprecated: Use store.allTiddlersAsHtml() instead
+function allTiddlersAsHtml()
+{
+    return store.allTiddlersAsHtml();
+}
+
+// @Deprecated: Use refreshPageTemplate instead
+function applyPageTemplate(title)
+{
+    refreshPageTemplate(title);
+}
+
+// @Deprecated: Use story.displayTiddlers instead
+function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddlers(srcElement,titles,template,animate,slowly);
+}
+
+// @Deprecated: Use story.displayTiddler instead
+function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddler(srcElement,title,template,animate,slowly);
+}
+
+// @Deprecated: Use functions on right hand side directly instead
+var createTiddlerPopup = Popup.create;
+var scrollToTiddlerPopup = Popup.show;
+var hideTiddlerPopup = Popup.remove;
+
+// @Deprecated: Use right hand side directly instead
+var regexpBackSlashEn = new RegExp("\\\\n","mg");
+var regexpBackSlash = new RegExp("\\\\","mg");
+var regexpBackSlashEss = new RegExp("\\\\s","mg");
+var regexpNewLine = new RegExp("\n","mg");
+var regexpCarriageReturn = new RegExp("\r","mg");
+// ---------------------------------------------------------------------------------
+// End of scripts
+merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
+merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
+merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
+merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
+merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
+// ---------------------------------------------------------------------------------
+//]]>
+</script>
+<style type="text/css">
+
+#saveTest {
+    display: none;
+}
+
+.zoomer {
+    display: none;
+}
+
+#messageArea {
+    display: none;
+}
+
+#copyright {
+    display: none;
+}
+
+.popup {
+    position: absolute;
+}
+
+#storeArea {
+    display: none;
+    margin: 4em 10em 3em;
+}
+
+#storeArea div {
+ padding: 0.5em;
+ margin: 1em 0em 0em 0em;
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0;
+ border-style: solid;
+ border-width: 2px;
+ overflow: auto;
+}
+
+#javascriptWarning {
+    width: 100%;
+    text-align: center;
+    font-weight: bold;
+    background-color: #dd1100;
+    color: #fff;
+    padding:1em 0em;
+}
+
+</style>
+<!--POST-HEAD-START-->
+
+<!--POST-HEAD-END-->
+</head>
+<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
+<!--PRE-BODY-START-->
+
+<!--PRE-BODY-END-->
+    <script type="text/javascript">
+//<![CDATA[
+if (useJavaSaver)
+    document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+//]]>
+    </script>
+    <div id="copyright">
+    Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+    </div>
+    <noscript>
+        <div id="javascriptWarning">This page requires JavaScript to function properly</div>
+    </noscript>
+    <div id="saveTest"></div>
+    <div id="contentWrapper"></div>
+    <div id="contentStash"></div>
+    <div id="storeArea">
+<div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.2 (2016-12-31)@@\n\n!!__SSL Library__\n* Basic constraint/key usage v3 extensions now supported\n* Test harness must now be run without built-in default cert\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.1 (2016-12-20)@@\n\n!!__SSL Library__\n* X509 State, country and location are now used for verification and display.\n* SNI hostname memory is now managed by the calling application\n* X509 version number is checked before processing v3 extensions.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.0 (2016-12-13)@@\n\n!!__SSL Library__\n* SNI added\n* Some non-C sample code updated.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.1 (2016-08-30)@@\n\n!!__SSL Library__\n* ~RC4 only used if ~PKCS12 is used.\n* Buffer sizes tightned up.\n* Buffer check on client handshake due to some incompatibilities.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="axTLS" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="axTLS" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="axTLS" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="axTLS" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+</div>
+<!--POST-BODY-START-->
+
+<!--POST-BODY-END-->
+    </body>
+</html>

From cd1dc97d1346ddf4b65bb53aded7d6417548b5c8 Mon Sep 17 00:00:00 2001
From: Myles Eftos <myles@madpilot.com.au>
Date: Sat, 15 Jul 2017 09:35:22 +1000
Subject: [PATCH 299/301] Adding axtls directory to include path in
 platform.txt, modified Hash.cpp to use the axtls version of the sha1
 algorithm, removed the custom sha 1 implementation

---
 libraries/Hash/src/Hash.cpp    |  32 +----
 libraries/Hash/src/sha1/sha1.c | 208 ---------------------------------
 libraries/Hash/src/sha1/sha1.h |  32 -----
 platform.txt                   |   2 +-
 4 files changed, 5 insertions(+), 269 deletions(-)
 delete mode 100644 libraries/Hash/src/sha1/sha1.c
 delete mode 100644 libraries/Hash/src/sha1/sha1.h

diff --git a/libraries/Hash/src/Hash.cpp b/libraries/Hash/src/Hash.cpp
index 5a58c961d2..4c9a9a7233 100644
--- a/libraries/Hash/src/Hash.cpp
+++ b/libraries/Hash/src/Hash.cpp
@@ -26,9 +26,7 @@
 
 #include "Hash.h"
 
-extern "C" {
-#include "sha1/sha1.h"
-}
+#include <crypto/crypto.h>
 
 /**
  * create a sha1 hash from data
@@ -39,31 +37,9 @@ extern "C" {
 void sha1(uint8_t * data, uint32_t size, uint8_t hash[20]) {
 
     SHA1_CTX ctx;
-
-#ifdef DEBUG_SHA1
-    os_printf("DATA:");
-    for(uint16_t i = 0; i < size; i++) {
-        os_printf("%02X", data[i]);
-    }
-    os_printf("\n");
-    os_printf("DATA:");
-    for(uint16_t i = 0; i < size; i++) {
-        os_printf("%c", data[i]);
-    }
-    os_printf("\n");
-#endif
-
-    SHA1Init(&ctx);
-    SHA1Update(&ctx, data, size);
-    SHA1Final(hash, &ctx);
-
-#ifdef DEBUG_SHA1
-    os_printf("SHA1:");
-    for(uint16_t i = 0; i < 20; i++) {
-        os_printf("%02X", hash[i]);
-    }
-    os_printf("\n\n");
-#endif
+    SHA1_Init(&ctx);
+    SHA1_Update(&ctx, data, size);
+    SHA1_Final(hash, &ctx);
 }
 
 void sha1(char * data, uint32_t size, uint8_t hash[20]) {
diff --git a/libraries/Hash/src/sha1/sha1.c b/libraries/Hash/src/sha1/sha1.c
deleted file mode 100644
index fae926462d..0000000000
--- a/libraries/Hash/src/sha1/sha1.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/**
- * @file sha1.c
- * @date 20.05.2015
- * @author Steve Reid <steve@edmweb.com>
- *
- * from: http://www.virtualbox.org/svn/vbox/trunk/src/recompiler/tests/sha1.c
- */
-
-/* from valgrind tests */
-
-/* ================ sha1.c ================ */
-/*
-    SHA-1 in C
-    By Steve Reid <steve@edmweb.com>
-    100% Public Domain
-
-    Test Vectors (from FIPS PUB 180-1)
-    "abc"
-      A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-      84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
-    A million repetitions of "a"
-      34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-*/
-
-/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
-
-#define SHA1HANDSOFF
-
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-#include <c_types.h>
-
-#include "sha1.h"
-
-//#include <endian.h>
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
-    |(rol(block->l[i],8)&0x00FF00FF))
-#elif BYTE_ORDER == BIG_ENDIAN
-#define blk0(i) block->l[i]
-#else
-#error "Endianness not defined!"
-#endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
-    ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-
-void ICACHE_FLASH_ATTR SHA1Transform(uint32_t state[5], uint8_t buffer[64])
-{
-uint32_t a, b, c, d, e;
-typedef union {
-    unsigned char c[64];
-    uint32_t l[16];
-} CHAR64LONG16;
-#ifdef SHA1HANDSOFF
-CHAR64LONG16 block[1];  /* use array to appear as a pointer */
-    memcpy(block, buffer, 64);
-#else
-    /* The following had better never be used because it causes the
-     * pointer-to-const buffer to be cast into a pointer to non-const.
-     * And the result is written through.  I threw a "const" in, hoping
-     * this will cause a diagnostic.
-     */
-CHAR64LONG16* block = (const CHAR64LONG16*)buffer;
-#endif
-    /* Copy context->state[] to working vars */
-    a = state[0];
-    b = state[1];
-    c = state[2];
-    d = state[3];
-    e = state[4];
-    /* 4 rounds of 20 operations each. Loop unrolled. */
-    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
-    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
-    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
-    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
-    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
-    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
-    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
-    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
-    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
-    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
-    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
-    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
-    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
-    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
-    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
-    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-    /* Add the working vars back into context.state[] */
-    state[0] += a;
-    state[1] += b;
-    state[2] += c;
-    state[3] += d;
-    state[4] += e;
-    /* Wipe variables */
-    a = b = c = d = e = 0;
-#ifdef SHA1HANDSOFF
-    memset(block, '\0', sizeof(block));
-#endif
-}
-
-
-/* SHA1Init - Initialize new context */
-
-void ICACHE_FLASH_ATTR SHA1Init(SHA1_CTX* context)
-{
-    /* SHA1 initialization constants */
-    context->state[0] = 0x67452301;
-    context->state[1] = 0xEFCDAB89;
-    context->state[2] = 0x98BADCFE;
-    context->state[3] = 0x10325476;
-    context->state[4] = 0xC3D2E1F0;
-    context->count[0] = context->count[1] = 0;
-}
-
-
-/* Run your data through this. */
-
-void ICACHE_FLASH_ATTR SHA1Update(SHA1_CTX* context, uint8_t* data, uint32_t len)
-{
-    uint32_t i;
-    uint32_t j;
-
-    j = context->count[0];
-    if ((context->count[0] += len << 3) < j)
-    context->count[1]++;
-    context->count[1] += (len>>29);
-    j = (j >> 3) & 63;
-    if ((j + len) > 63) {
-        memcpy(&context->buffer[j], data, (i = 64-j));
-        SHA1Transform(context->state, context->buffer);
-        for ( ; i + 63 < len; i += 64) {
-            SHA1Transform(context->state, &data[i]);
-        }
-        j = 0;
-    }
-    else i = 0;
-    memcpy(&context->buffer[j], &data[i], len - i);
-}
-
-
-/* Add padding and return the message digest. */
-
-void ICACHE_FLASH_ATTR SHA1Final(unsigned char digest[20], SHA1_CTX* context)
-{
-unsigned i;
-unsigned char finalcount[8];
-unsigned char c;
-
-#if 0   /* untested "improvement" by DHR */
-    /* Convert context->count to a sequence of bytes
-     * in finalcount.  Second element first, but
-     * big-endian order within element.
-     * But we do it all backwards.
-     */
-    unsigned char *fcp = &finalcount[8];
-
-    for (i = 0; i < 2; i++)
-    {
-    uint32_t t = context->count[i];
-    int j;
-
-    for (j = 0; j < 4; t >>= 8, j++)
-        *--fcp = (unsigned char) t;
-    }
-#else
-    for (i = 0; i < 8; i++) {
-        finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
-         >> ((3-(i & 3)) * 8) ) & 255);  /* Endian independent */
-    }
-#endif
-    c = 0200;
-    SHA1Update(context, &c, 1);
-    while ((context->count[0] & 504) != 448) {
-    c = 0000;
-        SHA1Update(context, &c, 1);
-    }
-    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
-    for (i = 0; i < 20; i++) {
-        digest[i] = (unsigned char)
-         ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
-    }
-    /* Wipe variables */
-    memset(context, '\0', sizeof(*context));
-    memset(&finalcount, '\0', sizeof(finalcount));
-}
-/* ================ end of sha1.c ================ */
diff --git a/libraries/Hash/src/sha1/sha1.h b/libraries/Hash/src/sha1/sha1.h
deleted file mode 100644
index 158bd76b36..0000000000
--- a/libraries/Hash/src/sha1/sha1.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * @file sha1.h
- * @date 20.05.2015
- * @author Steve Reid <steve@edmweb.com>
- *
- * from: http://www.virtualbox.org/svn/vbox/trunk/src/recompiler/tests/sha1.c
- */
-
-/* ================ sha1.h ================ */
-/*
-    SHA-1 in C
-    By Steve Reid <steve@edmweb.com>
-    100% Public Domain
-*/
-
-#ifndef SHA1_H_
-#define SHA1_H_
-
-typedef struct {
-    uint32_t state[5];
-    uint32_t count[2];
-    unsigned char buffer[64];
-} SHA1_CTX;
-
-void SHA1Transform(uint32_t state[5], uint8_t buffer[64]);
-void SHA1Init(SHA1_CTX* context);
-void SHA1Update(SHA1_CTX* context, uint8_t* data, uint32_t len);
-void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
-
-#endif /* SHA1_H_ */
-
-/* ================ end of sha1.h ================ */
diff --git a/platform.txt b/platform.txt
index 4c305a85dc..8ab5bc1642 100644
--- a/platform.txt
+++ b/platform.txt
@@ -23,7 +23,7 @@ build.lwip_flags=-DLWIP_OPEN_SRC
 compiler.path={runtime.tools.xtensa-lx106-elf-gcc.path}/bin/
 compiler.sdk.path={runtime.platform.path}/tools/sdk
 compiler.libc.path={runtime.platform.path}/tools/sdk/libc/xtensa-lx106-elf
-compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/lwip/include" "-I{compiler.libc.path}/include" "-I{build.path}/core"
+compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/lwip/include" "-I{compiler.libc.path}/include" "-I{build.path}/core" "-I{compiler.sdk.path}/axtls" 
 
 compiler.c.cmd=xtensa-lx106-elf-gcc
 compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections

From cc8550dd5ff296c0a525b6b509a75409a4b7a989 Mon Sep 17 00:00:00 2001
From: Myles Eftos <myles@madpilot.com.au>
Date: Sat, 15 Jul 2017 10:26:28 +1000
Subject: [PATCH 300/301] removing axtls directory to re-add via subtree

---
 tools/sdk/axtls/.gitignore                    |    5 -
 tools/sdk/axtls/.gitmodules                   |    3 -
 tools/sdk/axtls/.travis.yml                   |   43 -
 tools/sdk/axtls/LICENSE                       |   24 -
 tools/sdk/axtls/Makefile                      |   79 -
 tools/sdk/axtls/README.md                     |   39 -
 tools/sdk/axtls/VERSION                       |    1 -
 tools/sdk/axtls/bindings/Config.in            |  105 -
 tools/sdk/axtls/bindings/csharp/axTLS.cs      |  491 --
 .../axtls/bindings/generate_SWIG_interface.pl |  392 -
 tools/sdk/axtls/bindings/java/SSL.java        |  137 -
 tools/sdk/axtls/compat                        |    1 -
 tools/sdk/axtls/config/makefile.conf          |  134 -
 tools/sdk/axtls/crypto/aes.c                  |  452 --
 tools/sdk/axtls/crypto/bigint.c               | 1514 ----
 tools/sdk/axtls/crypto/bigint.h               |   99 -
 tools/sdk/axtls/crypto/bigint_impl.h          |  129 -
 tools/sdk/axtls/crypto/crypto.h               |  277 -
 tools/sdk/axtls/crypto/crypto_misc.c          |  385 -
 tools/sdk/axtls/crypto/hmac.c                 |  166 -
 tools/sdk/axtls/crypto/md5.c                  |  301 -
 tools/sdk/axtls/crypto/os_int.h               |   72 -
 tools/sdk/axtls/crypto/rc4.c                  |   97 -
 tools/sdk/axtls/crypto/rsa.c                  |  295 -
 tools/sdk/axtls/crypto/sha1.c                 |  249 -
 tools/sdk/axtls/crypto/sha256.c               |  281 -
 tools/sdk/axtls/crypto/sha384.c               |   77 -
 tools/sdk/axtls/crypto/sha512.c               |  220 -
 tools/sdk/axtls/replacements/time.c           |  147 -
 tools/sdk/axtls/samples/c/axssl.c             |  902 ---
 tools/sdk/axtls/samples/csharp/axssl.cs       |  758 --
 tools/sdk/axtls/samples/java/Makefile         |   51 -
 tools/sdk/axtls/samples/java/axssl.java       |  760 --
 tools/sdk/axtls/samples/lua/axssl.lua         |  562 --
 tools/sdk/axtls/samples/perl/axssl.pl         |  634 --
 tools/sdk/axtls/samples/vbnet/axssl.vb        |  702 --
 tools/sdk/axtls/ssl/asn1.c                    |  782 --
 tools/sdk/axtls/ssl/cert.h                    |   54 -
 tools/sdk/axtls/ssl/config.h                  |  127 -
 tools/sdk/axtls/ssl/crypto_misc.h             |  217 -
 tools/sdk/axtls/ssl/gen_cert.c                |  374 -
 tools/sdk/axtls/ssl/loader.c                  |  490 --
 tools/sdk/axtls/ssl/openssl.c                 |  318 -
 tools/sdk/axtls/ssl/os_int.h                  |    8 -
 tools/sdk/axtls/ssl/os_port.c                 |   93 -
 tools/sdk/axtls/ssl/os_port.h                 |  283 -
 tools/sdk/axtls/ssl/p12.c                     |  483 --
 tools/sdk/axtls/ssl/private_key.h             |   54 -
 tools/sdk/axtls/ssl/ssl.h                     |  580 --
 tools/sdk/axtls/ssl/test/axTLS.ca_key.pem     |   27 -
 tools/sdk/axtls/ssl/test/axTLS.ca_x509.cer    |  Bin 786 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.ca_x509.pem    |   19 -
 .../axtls/ssl/test/axTLS.ca_x509_sha256.pem   |   19 -
 tools/sdk/axtls/ssl/test/axTLS.encrypted.p8   |  Bin 673 -> 0 bytes
 .../sdk/axtls/ssl/test/axTLS.encrypted_pem.p8 |   17 -
 tools/sdk/axtls/ssl/test/axTLS.key_1024       |  Bin 609 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.key_1024.pem   |   15 -
 tools/sdk/axtls/ssl/test/axTLS.key_2048       |  Bin 1192 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.key_2048.pem   |   27 -
 tools/sdk/axtls/ssl/test/axTLS.key_4096       |  Bin 2347 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.key_4096.pem   |   51 -
 tools/sdk/axtls/ssl/test/axTLS.key_aes128.pem |   18 -
 tools/sdk/axtls/ssl/test/axTLS.key_aes256.pem |   18 -
 tools/sdk/axtls/ssl/test/axTLS.key_device.pem |   27 -
 .../axtls/ssl/test/axTLS.key_end_chain.pem    |   27 -
 .../ssl/test/axTLS.key_intermediate_ca.pem    |   27 -
 .../ssl/test/axTLS.key_intermediate_ca2.pem   |   27 -
 tools/sdk/axtls/ssl/test/axTLS.noname.p12     |  Bin 1612 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.unencrypted.p8 |  Bin 635 -> 0 bytes
 .../axtls/ssl/test/axTLS.unencrypted_pem.p8   |   16 -
 tools/sdk/axtls/ssl/test/axTLS.withCA.p12     |  Bin 2521 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.withoutCA.p12  |  Bin 1702 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.x509_1024.cer  |  Bin 604 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.x509_1024.pem  |   15 -
 .../axtls/ssl/test/axTLS.x509_1024_sha256.pem |   15 -
 .../axtls/ssl/test/axTLS.x509_1024_sha384.pem |   15 -
 .../axtls/ssl/test/axTLS.x509_1024_sha512.pem |   15 -
 tools/sdk/axtls/ssl/test/axTLS.x509_2048.cer  |  Bin 736 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.x509_2048.pem  |   18 -
 tools/sdk/axtls/ssl/test/axTLS.x509_4096.cer  |  Bin 992 -> 0 bytes
 tools/sdk/axtls/ssl/test/axTLS.x509_4096.pem  |   23 -
 .../sdk/axtls/ssl/test/axTLS.x509_aes128.pem  |   15 -
 .../sdk/axtls/ssl/test/axTLS.x509_aes256.pem  |   15 -
 .../axtls/ssl/test/axTLS.x509_bad_after.pem   |   15 -
 .../axtls/ssl/test/axTLS.x509_bad_before.pem  |   15 -
 .../sdk/axtls/ssl/test/axTLS.x509_device.pem  |   34 -
 .../axtls/ssl/test/axTLS.x509_end_chain.pem   |   19 -
 .../ssl/test/axTLS.x509_end_chain_bad.pem     |   19 -
 .../ssl/test/axTLS.x509_intermediate_ca.pem   |   19 -
 .../ssl/test/axTLS.x509_intermediate_ca2.pem  |   37 -
 tools/sdk/axtls/ssl/test/ssltest.c            | 2589 ------
 tools/sdk/axtls/ssl/tls1.c                    | 2603 ------
 tools/sdk/axtls/ssl/tls1.h                    |  324 -
 tools/sdk/axtls/ssl/tls1_clnt.c               |  541 --
 tools/sdk/axtls/ssl/tls1_svr.c                |  526 --
 tools/sdk/axtls/ssl/version.h                 |    1 -
 tools/sdk/axtls/ssl/x509.c                    |  899 ---
 tools/sdk/axtls/tools/make_certs.sh           |  256 -
 tools/sdk/axtls/util/time.h                   |   11 -
 tools/sdk/axtls/www/index.html                | 7103 -----------------
 100 files changed, 29924 deletions(-)
 delete mode 100644 tools/sdk/axtls/.gitignore
 delete mode 100644 tools/sdk/axtls/.gitmodules
 delete mode 100644 tools/sdk/axtls/.travis.yml
 delete mode 100644 tools/sdk/axtls/LICENSE
 delete mode 100644 tools/sdk/axtls/Makefile
 delete mode 100644 tools/sdk/axtls/README.md
 delete mode 100644 tools/sdk/axtls/VERSION
 delete mode 100644 tools/sdk/axtls/bindings/Config.in
 delete mode 100644 tools/sdk/axtls/bindings/csharp/axTLS.cs
 delete mode 100755 tools/sdk/axtls/bindings/generate_SWIG_interface.pl
 delete mode 100644 tools/sdk/axtls/bindings/java/SSL.java
 delete mode 160000 tools/sdk/axtls/compat
 delete mode 100644 tools/sdk/axtls/config/makefile.conf
 delete mode 100644 tools/sdk/axtls/crypto/aes.c
 delete mode 100644 tools/sdk/axtls/crypto/bigint.c
 delete mode 100644 tools/sdk/axtls/crypto/bigint.h
 delete mode 100644 tools/sdk/axtls/crypto/bigint_impl.h
 delete mode 100644 tools/sdk/axtls/crypto/crypto.h
 delete mode 100644 tools/sdk/axtls/crypto/crypto_misc.c
 delete mode 100644 tools/sdk/axtls/crypto/hmac.c
 delete mode 100644 tools/sdk/axtls/crypto/md5.c
 delete mode 100644 tools/sdk/axtls/crypto/os_int.h
 delete mode 100644 tools/sdk/axtls/crypto/rc4.c
 delete mode 100644 tools/sdk/axtls/crypto/rsa.c
 delete mode 100644 tools/sdk/axtls/crypto/sha1.c
 delete mode 100644 tools/sdk/axtls/crypto/sha256.c
 delete mode 100644 tools/sdk/axtls/crypto/sha384.c
 delete mode 100644 tools/sdk/axtls/crypto/sha512.c
 delete mode 100644 tools/sdk/axtls/replacements/time.c
 delete mode 100644 tools/sdk/axtls/samples/c/axssl.c
 delete mode 100644 tools/sdk/axtls/samples/csharp/axssl.cs
 delete mode 100644 tools/sdk/axtls/samples/java/Makefile
 delete mode 100644 tools/sdk/axtls/samples/java/axssl.java
 delete mode 100755 tools/sdk/axtls/samples/lua/axssl.lua
 delete mode 100755 tools/sdk/axtls/samples/perl/axssl.pl
 delete mode 100644 tools/sdk/axtls/samples/vbnet/axssl.vb
 delete mode 100644 tools/sdk/axtls/ssl/asn1.c
 delete mode 100644 tools/sdk/axtls/ssl/cert.h
 delete mode 100644 tools/sdk/axtls/ssl/config.h
 delete mode 100644 tools/sdk/axtls/ssl/crypto_misc.h
 delete mode 100644 tools/sdk/axtls/ssl/gen_cert.c
 delete mode 100644 tools/sdk/axtls/ssl/loader.c
 delete mode 100644 tools/sdk/axtls/ssl/openssl.c
 delete mode 100644 tools/sdk/axtls/ssl/os_int.h
 delete mode 100644 tools/sdk/axtls/ssl/os_port.c
 delete mode 100644 tools/sdk/axtls/ssl/os_port.h
 delete mode 100644 tools/sdk/axtls/ssl/p12.c
 delete mode 100644 tools/sdk/axtls/ssl/private_key.h
 delete mode 100644 tools/sdk/axtls/ssl/ssl.h
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.ca_key.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.ca_x509.cer
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.ca_x509.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.ca_x509_sha256.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.encrypted.p8
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.encrypted_pem.p8
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_1024
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_1024.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_2048
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_2048.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_4096
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_4096.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_aes128.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_aes256.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_device.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_end_chain.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca2.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.noname.p12
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.unencrypted.p8
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.unencrypted_pem.p8
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.withCA.p12
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.withoutCA.p12
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_1024.cer
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_1024.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha256.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha384.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha512.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_2048.cer
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_2048.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_4096.cer
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_4096.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_aes128.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_aes256.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_bad_after.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_bad_before.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_device.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_end_chain.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_end_chain_bad.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca2.pem
 delete mode 100644 tools/sdk/axtls/ssl/test/ssltest.c
 delete mode 100644 tools/sdk/axtls/ssl/tls1.c
 delete mode 100644 tools/sdk/axtls/ssl/tls1.h
 delete mode 100644 tools/sdk/axtls/ssl/tls1_clnt.c
 delete mode 100644 tools/sdk/axtls/ssl/tls1_svr.c
 delete mode 100644 tools/sdk/axtls/ssl/version.h
 delete mode 100644 tools/sdk/axtls/ssl/x509.c
 delete mode 100644 tools/sdk/axtls/tools/make_certs.sh
 delete mode 100644 tools/sdk/axtls/util/time.h
 delete mode 100755 tools/sdk/axtls/www/index.html

diff --git a/tools/sdk/axtls/.gitignore b/tools/sdk/axtls/.gitignore
deleted file mode 100644
index 03ba8b58a6..0000000000
--- a/tools/sdk/axtls/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-*.o
-bin/
-Makefile.local
-.DS_Store
-
diff --git a/tools/sdk/axtls/.gitmodules b/tools/sdk/axtls/.gitmodules
deleted file mode 100644
index 6816a4b760..0000000000
--- a/tools/sdk/axtls/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "compat"]
-	path = compat
-	url = https://github.com/attachix/lwirax.git
diff --git a/tools/sdk/axtls/.travis.yml b/tools/sdk/axtls/.travis.yml
deleted file mode 100644
index 5258cf5890..0000000000
--- a/tools/sdk/axtls/.travis.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-sudo: false
-language: bash
-os:
-  - linux
-
-script:
-  # Download Arduino IDE
-  - wget -O arduino.tar.xz https://www.arduino.cc/download.php?f=/arduino-nightly-linux64.tar.xz
-  - tar xf arduino.tar.xz
-  - mv arduino-nightly $HOME/arduino_ide
-  # Download ESP8266 Arduino core
-  - cd $HOME/arduino_ide/hardware
-  - mkdir esp8266com
-  - cd esp8266com
-  - git clone https://github.com/esp8266/Arduino.git esp8266
-  - cd esp8266
-  - export ESP8266_ARDUINO_DIR="$PWD"
-  # Download toolchain and esptool
-  - cd tools
-  - python get.py
-  - export PATH="$PATH:$PWD/xtensa-lx106-elf/bin"
-  # Build axTLS
-  - cd $TRAVIS_BUILD_DIR
-  - make
-  # Copy the library into Arduino core
-  - cp bin/libaxtls.a $ESP8266_ARDUINO_DIR/tools/sdk/lib/libaxtls.a
-  # Try building examples in ESP8266WiFi library from the ESP8266 Arduino core
-  - /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_1.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :1 -ac -screen 0 1280x1024x16
-  - sleep 3
-  - export DISPLAY=:1.0
-  - export PATH="$HOME/arduino_ide:$PATH"
-  - which arduino
-  - cd $ESP8266_ARDUINO_DIR
-  - source tests/common.sh
-  - arduino --board esp8266com:esp8266:generic --save-prefs
-  - arduino --get-pref sketchbook.path
-  - build_sketches $HOME/arduino_ide $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
-  # Feel free to add more test cases (for other environments) here
-
-notifications:
-  email:
-    on_success: change
-    on_failure: change
diff --git a/tools/sdk/axtls/LICENSE b/tools/sdk/axtls/LICENSE
deleted file mode 100644
index eed70a9a67..0000000000
--- a/tools/sdk/axtls/LICENSE
+++ /dev/null
@@ -1,24 +0,0 @@
-Copyright (c) 2008, Cameron Rich All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer. Redistributions in binary
-form must reproduce the above copyright notice, this list of conditions and
-the following disclaimer in the documentation and/or other materials
-provided with the distribution. Neither the name of the axTLS Project nor
-the names of its contributors may be used to endorse or promote products
-derived from this software without specific prior written permission. 
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGE.
diff --git a/tools/sdk/axtls/Makefile b/tools/sdk/axtls/Makefile
deleted file mode 100644
index e48e869f15..0000000000
--- a/tools/sdk/axtls/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-TOOLCHAIN_PREFIX := xtensa-lx106-elf-
-CC := $(TOOLCHAIN_PREFIX)gcc
-AR := $(TOOLCHAIN_PREFIX)ar
-LD := $(TOOLCHAIN_PREFIX)gcc
-OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
-
-XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
-
-TOOLCHAIN_DIR=$(shell cd $(XTENSA_LIBS)/../../; pwd)
-
-OBJ_FILES := \
-	crypto/aes.o \
-	crypto/bigint.o \
-	crypto/hmac.o \
-	crypto/md5.o \
-	crypto/rc4.o \
-	crypto/rsa.o \
-	crypto/sha1.o \
-	crypto/sha256.o \
-	crypto/sha384.o \
-	crypto/sha512.o \
-	ssl/asn1.o \
-	ssl/gen_cert.o \
-	ssl/loader.o \
-	ssl/os_port.o \
-	ssl/p12.o \
-	ssl/tls1.o \
-	ssl/tls1_clnt.o \
-	ssl/tls1_svr.o \
-	ssl/x509.o \
-	crypto/crypto_misc.o \
-
-
-CPPFLAGS += -I$(XTENSA_LIBS)/include \
-		-Icrypto \
-		-Issl \
-		-I.
-
-LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
-		-L$(XTENSA_LIBS)/arch/lib \
-
-
-CFLAGS+=-std=c99 -DESP8266
-
-CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
-
-CFLAGS += -ffunction-sections -fdata-sections
-
-CFLAGS += -fdebug-prefix-map=$(PWD)= -fdebug-prefix-map=$(TOOLCHAIN_DIR)=xtensa-lx106-elf -gno-record-gcc-switches
-
-MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
-ifneq ($(MFORCE32),)
-    # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading
-    # 16- and 8-bit constants from program memory. So in the code we can directly access the arrays
-    # placed into program memory.
-    CFLAGS +=  -mforce-l32
-else
-	# Otherwise we need to use a helper function to load 16- and 8-bit constants from program memory.
-    CFLAGS += -DWITH_PGM_READ_HELPER
-endif
-
-BIN_DIR := bin
-AXTLS_AR := $(BIN_DIR)/libaxtls.a
-
-all: $(AXTLS_AR)
-
-$(AXTLS_AR): | $(BIN_DIR)
-
-$(AXTLS_AR): $(OBJ_FILES)
-	$(AR) cru $@ $^
-
-$(BIN_DIR):
-	mkdir -p $(BIN_DIR)
-
-clean:
-	rm -rf $(OBJ_FILES) $(AXTLS_AR)
-
-
-.PHONY: all clean
diff --git a/tools/sdk/axtls/README.md b/tools/sdk/axtls/README.md
deleted file mode 100644
index 8537ba13f9..0000000000
--- a/tools/sdk/axtls/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-This is an ESP8266 port of [axTLS](http://axtls.sourceforge.net/) library, currently based on axTLS 2.1.2 (SVN version 274). 
-
-This library supports TLS 1.2, and the following cipher suites:
-
-Cipher suite name (RFC)           | OpenSSL name  | Key exchange | Encryption |  Hash
-----------------------------------|---------------|--------------|------------|---------
-TLS_RSA_WITH_AES_128_CBC_SHA      | AES128-SHA    |      RSA     |  AES-128   | SHA-1
-TLS_RSA_WITH_AES_256_CBC_SHA      | AES256-SHA    |      RSA     |  AES-256   | SHA-1
-TLS_RSA_WITH_AES_128_CBC_SHA256   | AES128-SHA256 |      RSA     |  AES-128   | SHA-256
-TLS_RSA_WITH_AES_256_CBC_SHA256   | AES256-SHA256 |      RSA     |  AES-256   | SHA-256
-
-## Using the library
-
-This is not a self-sufficient library. In addition to the standard C library functions, application has to provide the following functions:
-
-```
-ax_port_read
-ax_port_write
-ax_port_open
-ax_port_close
-ax_get_file
-phy_get_rand  (provided by the IoT SDK)
-ets_printf    (in ESP8266 ROM)
-ets_putc      (in ESP8266 ROM)
-```
-
-For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
-
-## Building [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
-
-To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory.
-
-## Credits and license
-
-[axTLS](http://axtls.sourceforge.net/) is written and maintained by Cameron Rich.
-
-Other people have contributed to this port; see git logs for a full list.
-
-See [LICENSE](LICENSE) file for axTLS license.
diff --git a/tools/sdk/axtls/VERSION b/tools/sdk/axtls/VERSION
deleted file mode 100644
index 4ea2b1f403..0000000000
--- a/tools/sdk/axtls/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.4.9
diff --git a/tools/sdk/axtls/bindings/Config.in b/tools/sdk/axtls/bindings/Config.in
deleted file mode 100644
index 443fc1a323..0000000000
--- a/tools/sdk/axtls/bindings/Config.in
+++ /dev/null
@@ -1,105 +0,0 @@
-#
-# For a description of the syntax of this configuration file,
-# see scripts/config/Kconfig-language.txt
-#
-menu "Language Bindings"
-
-config CONFIG_BINDINGS
-    bool "Create language bindings"
-    default n
-    help
-        axTLS supports language bindings in C#, VB.NET, Java and Perl.
-
-        Select Y here if you want to build the various language bindings.
-
-config CONFIG_CSHARP_BINDINGS
-    bool "Create C# bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build C# bindings.
-
-        This requires .NET to be installed on Win32 platforms and mono to be
-        installed on all other platforms.
-
-config CONFIG_VBNET_BINDINGS
-    bool "Create VB.NET bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build VB.NET bindings.
-
-        This requires the .NET to be installed and is only built under Win32
-        platforms.
-
-menu ".Net Framework"
-depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
-config CONFIG_DOT_NET_FRAMEWORK_BASE
-    string "Location of .NET Framework"
-    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
-endmenu
-
-config CONFIG_JAVA_BINDINGS
-    bool "Create Java bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build Java bindings.
-
-        Current Issues (see README): 
-        * Needs Java 1.4 or better.
-        * If building under Win32 it will use the Win32 JDK.
-
-menu "Java Home"
-depends on CONFIG_JAVA_BINDINGS
-config CONFIG_JAVA_HOME
-    string "Location of JDK"
-    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
-    default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
-    depends on CONFIG_JAVA_BINDINGS 
-    help
-        The location of Sun's JDK.
-endmenu
-
-config CONFIG_PERL_BINDINGS
-    bool "Create Perl bindings"
-    default n
-    depends on CONFIG_BINDINGS
-    help
-        Build Perl bindings.
-
-        Current Issues (see README):
-        * 64 bit versions don't work at present.
-        * libperl.so needs to be in the shared library path.
-
-menu "Perl Home"
-depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
-config CONFIG_PERL_CORE
-    string "Location of Perl CORE"
-    default "c:\\perl\\lib\\CORE"
-    help:
-        works with ActiveState
-        "http://www.activestate.com/Products/ActivePerl"
-
-config CONFIG_PERL_LIB
-    string "Name of Perl Library"
-    default "perl58.lib"
-endmenu
-
-config CONFIG_LUA_BINDINGS
-    bool "Create Lua bindings"
-    default n
-    depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32
-    help
-        Build Lua bindings (see www.lua.org).
-
-menu "Lua Home"
-depends on CONFIG_LUA_BINDINGS 
-config CONFIG_LUA_CORE
-    string "Location of Lua CORE"
-    default "/usr/local"
-    help:
-        If the Lua exists on another directory then this needs to be changed
-endmenu
-
-endmenu
diff --git a/tools/sdk/axtls/bindings/csharp/axTLS.cs b/tools/sdk/axtls/bindings/csharp/axTLS.cs
deleted file mode 100644
index 6a2f6b0633..0000000000
--- a/tools/sdk/axtls/bindings/csharp/axTLS.cs
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * A wrapper around the unmanaged interface to give a semi-decent C# API
- */
-
-using System;
-using System.Runtime.InteropServices;
-using System.Net.Sockets;
-
-/**
- * @defgroup csharp_api C# API.
- *
- * Ensure that the appropriate Dispose() methods are called when finished with
- * various objects - otherwise memory leaks will result.
- * @{
- */
-namespace axTLS
-{
-    /**
-     * @class SSL
-     * @ingroup csharp_api 
-     * @brief A representation of an SSL connection.
-     */
-    public class SSL
-    {
-        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
-
-        /**
-         * @brief Store the reference to an SSL context.
-         * @param ip [in] A reference to an SSL object.
-         */
-        public SSL(IntPtr ip)
-        {
-            m_ssl = ip;
-        }
-
-        /**
-         * @brief Free any used resources on this connection. 
-         * 
-         * A "Close Notify" message is sent on this connection (if possible). 
-         * It is up to the application to close the socket.
-         */
-        public void Dispose()
-        {
-            axtls.ssl_free(m_ssl);
-        }
-
-        /**
-         * @brief Return the result of a handshake.
-         * @return SSL_OK if the handshake is complete and ok.
-         * @see ssl.h for the error code list.
-         */
-        public int HandshakeStatus()
-        {
-            return axtls.ssl_handshake_status(m_ssl);
-        }
-
-        /**
-         * @brief Return the SSL cipher id.
-         * @return The cipher id which is one of:
-         * - SSL_AES128_SHA (0x2f)
-         * - SSL_AES256_SHA (0x35)
-         * - SSL_AES128_SHA256 (0x3c)
-         * - SSL_AES256_SHA256 (0x3d)
-         */
-        public byte GetCipherId()
-        {
-            return axtls.ssl_get_cipher_id(m_ssl);
-        }
-
-        /**
-         * @brief Get the session id for a handshake. 
-         * 
-         * This will be a 32 byte sequence and is available after the first
-         * handshaking messages are sent.
-         * @return The session id as a 32 byte sequence.
-         * @note A SSLv23 handshake may have only 16 valid bytes.
-         */
-        public byte[] GetSessionId()
-        {
-            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
-            byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
-            byte[] result = new byte[sess_id_size];
-            Marshal.Copy(ptr, result, 0, sess_id_size);
-            return result;
-        }
-
-        /**
-         * @brief Retrieve an X.509 distinguished name component.
-         * 
-         * When a handshake is complete and a certificate has been exchanged, 
-         * then the details of the remote certificate can be retrieved.
-         *
-         * This will usually be used by a client to check that the server's 
-         * common name matches the URL.
-         *
-         * A full handshake needs to occur for this call to work.
-         *
-         * @param component [in] one of:
-         * - SSL_X509_CERT_COMMON_NAME
-         * - SSL_X509_CERT_ORGANIZATION
-         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
-         * - SSL_X509_CA_CERT_COMMON_NAME
-         * - SSL_X509_CA_CERT_ORGANIZATION
-         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
-         * @return The appropriate string (or null if not defined)
-         */
-        public string GetCertificateDN(int component)
-        {
-            return axtls.ssl_get_cert_dn(m_ssl, component);
-        }
-    }
-
-    /**
-     * @class SSLUtil
-     * @ingroup csharp_api 
-     * @brief Some global helper functions.
-     */
-    public class SSLUtil
-    {
-
-        /**
-         * @brief Return the build mode of the axTLS project.
-         * @return The build mode is one of:
-         * - SSL_BUILD_SERVER_ONLY
-         * - SSL_BUILD_ENABLE_VERIFICATION
-         * - SSL_BUILD_ENABLE_CLIENT
-         * - SSL_BUILD_FULL_MODE
-         */
-        public static int BuildMode()
-        {
-            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
-        }
-
-        /**
-         * @brief Return the number of chained certificates that the 
-         * client/server supports.
-         * @return The number of supported server certificates.
-         */
-        public static int MaxCerts()
-        {
-            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
-        }
-
-        /**
-         * @brief Return the number of CA certificates that the client/server
-         * supports.
-         * @return The number of supported CA certificates.
-         */
-        public static int MaxCACerts()
-        {
-            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
-        }
-
-        /**
-         * @brief Indicate if PEM is supported.
-         * @return true if PEM supported.
-         */
-        public static bool HasPEM()
-        {
-            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
-        }
-
-        /**
-         * @brief Display the text string of the error.
-         * @param error_code [in] The integer error code.
-         */
-        public static void DisplayError(int error_code)
-        {
-            axtls.ssl_display_error(error_code);
-        }
-
-        /**
-         * @brief Return the version of the axTLS project.
-         */
-        public static string Version()
-        {
-            return axtls.ssl_version();
-        }
-    }
-
-    /**
-     * @class SSLCTX
-     * @ingroup csharp_api 
-     * @brief A base object for SSLServer/SSLClient.
-     */
-    public class SSLCTX
-    {
-        /**
-         * @brief A reference to the real client/server context.
-         */
-        protected IntPtr m_ctx;
-
-        /**
-         * @brief Establish a new client/server context.
-         *
-         * This function is called before any client/server SSL connections are 
-         * made.  If multiple threads are used, then each thread will have its 
-         * own SSLCTX context. Any number of connections may be made with a 
-         * single context. 
-         *
-         * Each new connection will use the this context's private key and 
-         * certificate chain. If a different certificate chain is required, 
-         * then a different context needs to be be used.
-         *
-         * @param options [in]  Any particular options. At present the options
-         * supported are:
-         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
-         * the server authentication fails. The certificate can be 
-         * authenticated later with a call to VerifyCert().
-         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
-         * authentication i.e. each handshake will include a "certificate 
-         * request" message from the server.
-         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
-         * sequences during the handshake.
-         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
-         * changes during the handshake.
-         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
-         * certificates that are passed during a handshake.
-         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
-         * details that are passed during a handshake.
-         * @param num_sessions [in] The number of sessions to be used for 
-         * session caching. If this value is 0, then there is no session 
-         * caching.
-         * @return A client/server context.
-         */
-        protected SSLCTX(uint options, int num_sessions)
-        {
-            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
-        }
-
-        /**
-         * @brief Remove a client/server context.
-         *
-         * Frees any used resources used by this context. Each connection will 
-         * be sent a "Close Notify" alert (if possible).
-         */
-        public void Dispose()
-        {
-            axtls.ssl_ctx_free(m_ctx);
-        }
-
-        /**
-         * @brief Read the SSL data stream.
-         * @param ssl [in] An SSL object reference.
-         * @param in_data [out] After a successful read, the decrypted data 
-         * will be here. It will be null otherwise.
-         * @return The number of decrypted bytes:
-         * - if > 0, then the handshaking is complete and we are returning the 
-         * number of decrypted bytes. 
-         * - SSL_OK if the handshaking stage is successful (but not yet 
-         * complete).  
-         * - < 0 if an error.
-         * @see ssl.h for the error code list.
-         * @note Use in_data before doing any successive ssl calls.
-         */
-        public int Read(SSL ssl, out byte[] in_data)
-        {
-            IntPtr ptr = IntPtr.Zero;
-            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
-
-            if (ret > axtls.SSL_OK)
-            {
-                in_data = new byte[ret];
-                Marshal.Copy(ptr, in_data, 0, ret);
-            }
-            else
-            {
-                in_data = null;
-            }
-
-            return ret;
-        }
-
-        /**
-         * @brief Write to the SSL data stream.
-         * @param ssl [in] An SSL obect reference.
-         * @param out_data [in] The data to be written
-         * @return The number of bytes sent, or if < 0 if an error.
-         * @see ssl.h for the error code list.
-         */
-        public int Write(SSL ssl, byte[] out_data)
-        {
-            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
-        }
-
-        /**
-         * @brief Write to the SSL data stream.
-         * @param ssl [in] An SSL obect reference.
-         * @param out_data [in] The data to be written
-         * @param out_len [in] The number of bytes to be written
-         * @return The number of bytes sent, or if < 0 if an error.
-         * @see ssl.h for the error code list.
-         */
-        public int Write(SSL ssl, byte[] out_data, int out_len)
-        {
-            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
-        }
-
-        /**
-         * @brief Find an ssl object based on a Socket reference.
-         *
-         * Goes through the list of SSL objects maintained in a client/server 
-         * context to look for a socket match.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @return A reference to the SSL object. Returns null if the object 
-         * could not be found.
-         */
-        public SSL Find(Socket s)
-        {
-            int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
-        }
-
-        /**
-         * @brief Authenticate a received certificate.
-         * 
-         * This call is usually made by a client after a handshake is complete 
-         * and the context is in SSL_SERVER_VERIFY_LATER mode.
-         * @param ssl [in] An SSL object reference.
-         * @return SSL_OK if the certificate is verified.
-         */
-        public int VerifyCert(SSL ssl)
-        {
-            return axtls.ssl_verify_cert(ssl.m_ssl);
-        }
-
-        /**
-         * @brief Force the client to perform its handshake again.
-         *
-         * For a client this involves sending another "client hello" message.
-         * For the server is means sending a "hello request" message.
-         *
-         * This is a blocking call on the client (until the handshake 
-         * completes).
-         * @param ssl [in] An SSL object reference.
-         * @return SSL_OK if renegotiation instantiation was ok
-         */
-        public int Renegotiate(SSL ssl)
-        {
-            return axtls.ssl_renegotiate(ssl.m_ssl);
-        }
-
-        /**
-         * @brief Load a file into memory that is in binary DER or ASCII PEM 
-         * format.
-         *
-         * These are temporary objects that are used to load private keys,
-         * certificates etc into memory.
-         * @param obj_type [in] The format of the file. Can be one of:
-         * - SSL_OBJ_X509_CERT (no password required)
-         * - SSL_OBJ_X509_CACERT (no password required)
-         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
-         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
-         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
-         *
-         * PEM files are automatically detected (if supported).
-         * @param filename [in] The location of a file in DER/PEM format.
-         * @param password [in] The password used. Can be null if not required.
-         * @return SSL_OK if all ok
-         */
-        public int ObjLoad(int obj_type, string filename, string password)
-        {
-            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
-        }
-
-        /**
-         * @brief Transfer binary data into the object loader.
-         *
-         * These are temporary objects that are used to load private keys,
-         * certificates etc into memory.
-         * @param obj_type [in] The format of the memory data.
-         * @param data [in] The binary data to be loaded.
-         * @param len [in] The amount of data to be loaded.
-         * @param password [in] The password used. Can be null if not required.
-         * @return SSL_OK if all ok
-         */
-        public int ObjLoad(int obj_type, byte[] data, int len, string password)
-        {
-            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
-                                            data, len, password);
-        }
-    }
-
-    /**
-     * @class SSLServer
-     * @ingroup csharp_api 
-     * @brief The server context.
-     *
-     * All server connections are started within a server context.
-     */
-    public class SSLServer : SSLCTX
-    {
-        /**
-         * @brief Start a new server context.
-         * 
-         * @see SSLCTX for details.
-         */
-        public SSLServer(uint options, int num_sessions) :
-                            base(options, num_sessions) {}
-
-        /**
-         * @brief Establish a new SSL connection to an SSL client.
-         *
-         * It is up to the application to establish the initial socket 
-         * connection.
-         *
-         * Call Dispose() when the connection is to be removed.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @return An SSL object reference.
-         */
-        public SSL Connect(Socket s)
-        {
-            int client_fd = s.Handle.ToInt32();
-            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
-        }
-    }
-
-    /**
-     * @class SSLClient
-     * @ingroup csharp_api
-     * @brief The client context.
-     *
-     * All client connections are started within a client context.
-     */
-    public class SSLClient : SSLCTX
-    {
-        /**
-         * @brief Start a new client context.
-         * 
-         * @see SSLCTX for details.
-         */
-        public SSLClient(uint options, int num_sessions) :
-                        base(options, num_sessions) {}
-
-        /**
-         * @brief Establish a new SSL connection to an SSL server.
-         *
-         * It is up to the application to establish the initial socket 
-         * connection.
-         *
-         * This is a blocking call - it will finish when the handshake is 
-         * complete (or has failed).
-         *
-         * Call Dispose() when the connection is to be removed.
-         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
-         * @param session_id [in] A 32 byte session id for session resumption. 
-         * This can be null if no session resumption is not required.
-         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
-         * if a handshake succeeded.
-         */
-        public SSL Connect(Socket s, byte[] session_id)
-        {
-            int client_fd = s.Handle.ToInt32();
-            byte sess_id_size = (byte)(session_id != null ? 
-                                session_id.Length : 0);
-            return new SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id,
-                        sess_id_size));
-        }
-    }
-}
-/** @} */
diff --git a/tools/sdk/axtls/bindings/generate_SWIG_interface.pl b/tools/sdk/axtls/bindings/generate_SWIG_interface.pl
deleted file mode 100755
index 90c4ba3bef..0000000000
--- a/tools/sdk/axtls/bindings/generate_SWIG_interface.pl
+++ /dev/null
@@ -1,392 +0,0 @@
-#!/usr/bin/perl
-
-#
-# Copyright (c) 2007, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-#   this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-#   contributors may be used to endorse or promote products derived
-#   from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#===============================================================
-# Transforms function signature into SWIG format
-sub transformSignature
-{
-    foreach $item (@_)
-    { 
-        $line =~ s/STDCALL //g;
-        $line =~ s/EXP_FUNC/extern/g;
-
-        # make API Java more 'byte' friendly
-        $line =~ s/uint32_t/int/g;
-        $line =~ s/const uint8_t \* /const unsigned char \* /g;
-        $line =~ s/\(void\)/()/g;
-        if ($ARGV[0] eq "-java")
-        {
-            $line =~ s/.*ssl_read.*//g;
-            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
-            $line =~ s/uint8_t/signed char/g;
-        }
-        elsif ($ARGV[0] eq "-perl")
-        {
-            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
-            $line =~ s/uint8_t/unsigned char/g;
-        }
-        else # lua
-        {
-            $line =~ s/const uint8_t \*session_id/const unsigned char session_id\[\]/g;
-            $line =~ s/const uint8_t \*\w+/unsigned char *INPUT/g;
-            $line =~ s/uint8_t/unsigned char/g;
-        }
-    }
-
-    return $line;
-}
-
-# Parse input file
-sub parseFile
-{
-    foreach $line (@_)
-    {
-        next if $line =~ /ssl_x509_create/; # ignore for now
-
-        # test for a #define
-        if (!$skip && $line =~ m/^#define/)
-        {
-            $splitDefine = 1 if $line =~ m/\\$/;
-            print DATA_OUT $line;
-
-            # check line is not split
-            next if $splitDefine == 1;
-        }
-
-        # pick up second line of #define statement
-        if ($splitDefine) 
-        {
-            print DATA_OUT $line;
-
-            # check line is not split
-            $splitDefine = ($line =~ m/\\$/);
-            next;
-        } 
-
-        # test for function declaration
-        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            print DATA_OUT $line;
-            next;
-        }
-
-        if ($splitFunctionDeclaration) 
-        {
-            $line = transformSignature($line);
-            $splitFunctionDeclaration = $line !~ /;/;
-            print DATA_OUT $line;
-            next;
-        }
-    }
-}
-
-#===============================================================
-
-# Determine which module to build from cammand-line options
-use strict;
-use Getopt::Std;
-
-my $module;
-my $interfaceFile;
-my $data_file;
-my $skip;
-my $splitLine;
-my @raw_data;
-
-if (not defined  $ARGV[0])
-{
-    die "Usage: $0 [-java | -perl | -lua]\n";
-}
-
-if ($ARGV[0] eq "-java")
-{
-    print "Generating Java interface file\n";
-    $module = "axtlsj";
-    $interfaceFile = "java/axTLSj.i";
-}
-elsif ($ARGV[0] eq "-perl")
-{
-    print "Generating Perl interface file\n";
-    $module = "axtlsp";
-    $interfaceFile = "perl/axTLSp.i";
-}
-elsif ($ARGV[0] eq "-lua")
-{
-    print "Generating lua interface file\n";
-    $module = "axtlsl";
-    $interfaceFile = "lua/axTLSl.i";
-}
-else
-{
-    die "Usage: $0 [-java | -perl | -lua]\n";
-}
-
-# Input file required to generate SWIG interface file.
-$data_file = "../ssl/ssl.h";
-
-# Open input files
-open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
-@raw_data = <DATA_IN>;
-
-# Open output file
-open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
-
-#
-# I wish I could say it was easy to generate the Perl/Java/Lua bindings, 
-# but each had their own set of challenges... :-(.
-#
-print DATA_OUT << "END";
-%module $module\n
-
-/* include our own header */
-%inline %{
-#include "ssl.h"
-%}
-
-%include "typemaps.i"
-/* Some SWIG magic to make the API a bit more Java friendly */
-#ifdef SWIGJAVA
-
-%apply long { SSL * };
-%apply long { SSL_CTX * };
-%apply long { SSLObjLoader * };
-
-/* allow "unsigned char []" to become "byte[]" */
-%include "arrays_java.i"
-
-/* convert these pointers to use long */
-%apply signed char[] {unsigned char *};
-%apply signed char[] {signed char *};
-
-/* allow ssl_get_session_id() to return "byte[]" */
-%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, ssl_get_session_id_size((SSL const *)arg1));\"
-
-/* allow ssl_client_new() to have a null session_id input */
-%typemap(in) const signed char session_id[] (jbyte *jarr) {
-    if (jarg3 == NULL)
-    {
-        jresult = (jint)ssl_client_new(arg1,arg2,NULL,0);
-        return jresult;
-    }
-    
-    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
-}   
-
-/* Lot's of work required for an ssl_read() due to its various custom
- * requirements.
- */
-%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
-%{
-JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
-    jint jresult = 0 ;
-    SSL *arg1;
-    unsigned char *arg2;
-    jbyte *jarr;
-    int result;
-    JNIEnv e = *jenv;
-    jclass holder_class;
-    jfieldID fid;
-
-    arg1 = (SSL *)jarg1;
-    result = (int)ssl_read(arg1, &arg2);
-
-    /* find the "m_buf" entry in the SSLReadHolder class */
-    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
-            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
-        return SSL_NOT_OK;
-
-    if (result > SSL_OK)
-    {
-        int i;
-
-        /* create a new byte array to hold the read data */
-        jbyteArray jarray = e->NewByteArray(jenv, result);
-
-        /* copy the bytes across to the java byte array */
-        jarr = e->GetByteArrayElements(jenv, jarray, 0);
-        for (i = 0; i < result; i++)
-            jarr[i] = (jbyte)arg2[i];
-
-        /* clean up and set the new m_buf object */
-        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
-        e->SetObjectField(jenv, jarg2, fid, jarray);
-    }
-    else    /* set to null */
-        e->SetObjectField(jenv, jarg2, fid, NULL);
-
-    jresult = (jint)result;
-    return jresult;
-}
-%}
-
-/* Big hack to get hold of a socket's file descriptor */
-%typemap (jtype) long "Object"
-%typemap (jstype) long "Object"
-%native (getFd) int getFd(long sock);
-%{
-JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
-{
-    JNIEnv e = *env;
-    jfieldID fid;
-    jobject impl;
-    jobject fdesc;
-
-    /* get the SocketImpl from the Socket */
-    if (!(jcls = e->GetObjectClass(env,sock)) ||
-            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
-            !(impl = e->GetObjectField(env,sock,fid))) return -1;
-
-    /* get the FileDescriptor from the SocketImpl */
-    if (!(jcls = e->GetObjectClass(env,impl)) ||
-            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
-            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
-
-    /* get the fd from the FileDescriptor */
-    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
-            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
-
-    /* return the descriptor */
-    return e->GetIntField(env,fdesc,fid);
-} 
-%}
-
-#endif
-
-/* Some SWIG magic to make the API a bit more Perl friendly */
-#ifdef SWIGPERL
-
-/* for ssl_session_id() */
-%typemap(out) const unsigned char * {
-    SV *svs = newSVpv((unsigned char *)\$1, ssl_get_session_id_size((SSL const *)arg1));
-    \$result = newRV(svs);
-    sv_2mortal(\$result);
-    argvi++;
-}
-
-/* for ssl_write() */
-%typemap(in) const unsigned char out_data[] {
-    SV* tempsv;
-    if (!SvROK(\$input))
-        croak("Argument \$argnum is not a reference.");
-    tempsv = SvRV(\$input);
-    if (SvTYPE(tempsv) != SVt_PV)
-        croak("Argument \$argnum is not an string.");
-    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
-}
-
-/* for ssl_read() */
-%typemap(in) unsigned char **in_data (unsigned char *buf) {
-    \$1 = &buf;
-}
-
-%typemap(argout) unsigned char **in_data { 
-    if (result > SSL_OK) {
-        SV *svs = newSVpv(*\$1, result);
-        \$result = newRV(svs);
-        sv_2mortal(\$result);
-        argvi++;
-    }
-}
-
-/* for ssl_client_new() */
-%typemap(in) const unsigned char session_id[] {
-    /* check for a reference */
-    if (SvOK(\$input) && SvROK(\$input)) {
-        SV* tempsv = SvRV(\$input);
-        if (SvTYPE(tempsv) != SVt_PV)
-            croak("Argument \$argnum is not an string.");
-        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
-    } 
-    else
-        \$1 = NULL;
-}
-
-#endif
-
-/* Some SWIG magic to make the API a bit more Lua friendly */
-#ifdef SWIGLUA
-SWIG_NUMBER_TYPEMAP(unsigned char);
-SWIG_TYPEMAP_NUM_ARR(uchar,unsigned char);
-
-/* for ssl_session_id() */
-%typemap(out) const unsigned char * {
-    int i;
-    lua_newtable(L);
-    for (i = 0; i < ssl_get_session_id_size((SSL const *)arg1); i++){
-        lua_pushnumber(L,(lua_Number)result[i]);
-        lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
-    }
-    SWIG_arg++;
-}
-
-/* for ssl_read() */
-%typemap(in) unsigned char **in_data (unsigned char *buf) {
-    \$1 = &buf;
-}
-
-%typemap(argout) unsigned char **in_data { 
-    if (result > SSL_OK) {
-		int i;
-		lua_newtable(L);
-		for (i = 0; i < result; i++){
-			lua_pushnumber(L,(lua_Number)buf2[i]);
-			lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
-		}
-        SWIG_arg++;
-    }
-}
-
-/* for ssl_client_new() */
-%typemap(in) const unsigned char session_id[] {
-    if (lua_isnil(L,\$input))
-        \$1 = NULL;
-    else
-        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, ssl_get_session_id((SSL const *)\$1));
-}
-
-#endif
-
-END
-
-# Initialise loop variables
-$skip = 1;
-$splitLine = 0;
-
-parseFile(@raw_data);
-
-close(DATA_IN);
-close(DATA_OUT);
-
-#===============================================================
-
diff --git a/tools/sdk/axtls/bindings/java/SSL.java b/tools/sdk/axtls/bindings/java/SSL.java
deleted file mode 100644
index e0400b6016..0000000000
--- a/tools/sdk/axtls/bindings/java/SSL.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * A wrapper around the unmanaged interface to give a semi-decent Java API
- */
-
-package axTLSj;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * @defgroup java_api Java API.
- *
- * Ensure that the appropriate dispose() methods are called when finished with
- * various objects - otherwise memory leaks will result.
- */
-
-/**
- * @class SSL
- * @ingroup java_api 
- * @brief A representation of an SSL connection.
- *
- */
-public class SSL
-{
-    public int m_ssl;    /**< A pointer to the real SSL type */
-
-    /**
-     * @brief Store the reference to an SSL context.
-     * @param ip [in] A reference to an SSL object.
-     */
-    public SSL(int ip)
-    {
-        m_ssl = ip;
-    }
-
-    /**
-     * @brief Free any used resources on this connection. 
-     * 
-     * A "Close Notify" message is sent on this connection (if possible). It 
-     * is up to the application to close the socket.
-     */
-    public void dispose()
-    {
-        axtlsj.ssl_free(m_ssl);
-    }
-
-    /**
-     * @brief Return the result of a handshake.
-     * @return SSL_OK if the handshake is complete and ok.
-     * @see ssl.h for the error code list.
-     */
-    public int handshakeStatus()
-    {
-        return axtlsj.ssl_handshake_status(m_ssl);
-    }
-
-    /**
-     * @brief Return the SSL cipher id.
-     * @return The cipher id which is one of:
-     * - SSL_AES128_SHA (0x2f)
-     * - SSL_AES256_SHA (0x35)
-     * - SSL_AES128_SHA256 (0x3c)
-     * - SSL_AES256_SHA256 (0x3d)
-     */
-    public byte getCipherId()
-    {
-        return axtlsj.ssl_get_cipher_id(m_ssl);
-    }
-
-    /**
-     * @brief Get the session id for a handshake. 
-     * 
-     * This will be a 32 byte sequence and is available after the first
-     * handshaking messages are sent.
-     * @return The session id as a 32 byte sequence.
-     * @note A SSLv23 handshake may have only 16 valid bytes.
-     */
-    public byte[] getSessionId()
-    {
-        return axtlsj.ssl_get_session_id(m_ssl);
-    }
-
-    /**
-     * @brief Retrieve an X.509 distinguished name component.
-     * 
-     * When a handshake is complete and a certificate has been exchanged, 
-     * then the details of the remote certificate can be retrieved.
-     *
-     * This will usually be used by a client to check that the server's common 
-     * name matches the URL.
-     *
-     * A full handshake needs to occur for this call to work.
-     *
-     * @param component [in] one of:
-     * - SSL_X509_CERT_COMMON_NAME
-     * - SSL_X509_CERT_ORGANIZATION
-     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
-     * - SSL_X509_CA_CERT_COMMON_NAME
-     * - SSL_X509_CA_CERT_ORGANIZATION
-     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
-     * @return The appropriate string (or null if not defined)
-     */
-    public String getCertificateDN(int component)
-    {
-        return axtlsj.ssl_get_cert_dn(m_ssl, component);
-    }
-}
diff --git a/tools/sdk/axtls/compat b/tools/sdk/axtls/compat
deleted file mode 160000
index bc2bf7b61b..0000000000
--- a/tools/sdk/axtls/compat
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit bc2bf7b61b9295b07d2fd9b5a9bb7824b1677c85
diff --git a/tools/sdk/axtls/config/makefile.conf b/tools/sdk/axtls/config/makefile.conf
deleted file mode 100644
index 702abfd238..0000000000
--- a/tools/sdk/axtls/config/makefile.conf
+++ /dev/null
@@ -1,134 +0,0 @@
-#
-# Copyright (c) 2007-2016, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-#   this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-#   contributors may be used to endorse or promote products derived
-#   from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# A standard makefile for all makefiles
-#
-
-# All executables and libraries go here
-STAGE=./_stage
-
-ifneq ($(MAKECMDGOALS), clean)
-
-# Give an initial rule
-all: 
-
-# Win32 
-ifdef CONFIG_PLATFORM_WIN32
-
-ifdef CONFIG_VISUAL_STUDIO_7_0
-CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
-export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
-export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
-PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
-endif
-ifdef CONFIG_VISUAL_STUDIO_8_0
-CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
-export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
-export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
-PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
-endif
-ifdef CONFIG_VISUAL_STUDIO_10_0
-CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE))
-export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include")
-export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib")
-PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH)
-stuff:
-	@echo $(INCLUDE)
-endif
-
-CC=cl.exe
-LD=link.exe
-AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
-CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
-LDFLAGS=/nologo /subsystem:console /machine:I386
-LDSHARED = /dll
-AR=lib /nologo
-
-ifdef CONFIG_DEBUG
-	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
-	LDFLAGS += /debug /incremental:yes 
-else
-	CFLAGS += /O2 /D "NDEBUG"
-	LDFLAGS += /incremental:no 
-endif
-
-else    # Not Win32
-
--include .depend
-
-CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
-LD=$(CC)
-STRIP=$(CROSS)strip
-
-# Solaris
-ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -DCONFIG_PLATFORM_SOLARIS
-LDFLAGS += -lsocket -lnsl -lc
-LDSHARED = -G
-# Linux/Cygwin
-else 
-CFLAGS += -Wall -Wstrict-prototypes -Wshadow
-LDSHARED = -shared
-
-# Linux
-ifndef CONFIG_PLATFORM_CYGWIN
-ifndef CONFIG_PLATFORM_NOMMU
-CFLAGS += -fPIC 
-
-# Cygwin
-else
-CFLAGS += -DCONFIG_PLATFORM_CYGWIN
-LDFLAGS += -enable-auto-import
-endif
-endif
-endif
-
-ifdef CONFIG_DEBUG
-CFLAGS += -g
-else
-LDFLAGS += -s
-ifdef CONFIG_PLATFORM_SOLARIS
-CFLAGS += -O 
-else
-CFLAGS += -O3
-endif
-
-endif	# CONFIG_DEBUG
-endif   # WIN32
-
-CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
-LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
-
-endif   # not 'clean'
-
-clean::
-	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
-
diff --git a/tools/sdk/axtls/crypto/aes.c b/tools/sdk/axtls/crypto/aes.c
deleted file mode 100644
index af6bd98b7a..0000000000
--- a/tools/sdk/axtls/crypto/aes.c
+++ /dev/null
@@ -1,452 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * AES implementation - this is a small code version. There are much faster
- * versions around but they are much larger in size (i.e. they use large 
- * submix tables).
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-#define rot1(x) (((x) << 24) | ((x) >> 8))
-#define rot2(x) (((x) << 16) | ((x) >> 16))
-#define rot3(x) (((x) <<  8) | ((x) >> 24))
-
-/* 
- * This cute trick does 4 'mul by two' at once.  Stolen from
- * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
- * a standard graphics trick
- * The key to this is that we need to xor with 0x1b if the top bit is set.
- * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
- * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
- * c 0000 0001   0000 0000 we then subtract (c) from (b)
- * d 0111 1111   0000 0000 and now we and with our mask
- * e 0001 1011   0000 0000
- */
-#define mt  0x80808080
-#define ml  0x7f7f7f7f
-#define mh  0xfefefefe
-#define mm  0x1b1b1b1b
-#define mul2(x,t)	((t)=((x)&mt), \
-			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
-
-#define inv_mix_col(x,f2,f4,f8,f9) (\
-			(f2)=mul2(x,f2), \
-			(f4)=mul2(f2,f4), \
-			(f8)=mul2(f4,f8), \
-			(f9)=(x)^(f8), \
-			(f8)=((f2)^(f4)^(f8)), \
-			(f2)^=(f9), \
-			(f4)^=(f9), \
-			(f8)^=rot3(f2), \
-			(f8)^=rot2(f4), \
-			(f8)^rot1(f9))
-
-/*
- * AES S-box
- */
-static const uint8_t aes_sbox[256] PROGMEM =
-{
-	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
-	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
-	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
-	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
-	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
-	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
-	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
-	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
-	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
-	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
-	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
-	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
-	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
-	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
-	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
-	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
-	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
-	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
-	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
-	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
-	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
-	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
-	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
-	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
-	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
-	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
-	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
-	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
-	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
-	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
-	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
-	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
-};
-
-/*
- * AES is-box
- */
-static const uint8_t aes_isbox[256] PROGMEM = 
-{
-    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
-    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
-    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
-    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
-    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
-    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
-    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
-    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
-    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
-    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
-    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
-    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
-    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
-    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
-    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
-    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
-    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
-    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
-    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
-    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
-    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
-    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
-    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
-    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
-    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
-    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
-    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
-    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
-    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
-    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
-    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
-    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-};
-
-static const unsigned char Rcon[30]=
-{
-	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
-	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
-	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
-	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
-};
-
-/* ----- static functions ----- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
-
-/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
-   x^8+x^4+x^3+x+1 */
-static unsigned char AES_xtime(uint32_t x)
-{
-	return (x&0x80) ? (x<<1)^0x1b : x<<1;
-}
-
-/**
- * Set up AES with the key/iv and cipher size.
- */
-void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
-        const uint8_t *iv, AES_MODE mode)
-{
-    int i, ii;
-    uint32_t *W, tmp, tmp2;
-    const unsigned char *ip;
-    int words;
-
-    switch (mode)
-    {
-        case AES_MODE_128:
-            i = 10;
-            words = 4;
-            break;
-
-        case AES_MODE_256:
-            i = 14;
-            words = 8;
-            break;
-
-        default:        /* fail silently */
-            return;
-    }
-
-    ctx->rounds = i;
-    ctx->key_size = words;
-    W = ctx->ks;
-    for (i = 0; i < words; i+=2)
-    {
-        W[i+0]=	((uint32_t)key[ 0]<<24)|
-            ((uint32_t)key[ 1]<<16)|
-            ((uint32_t)key[ 2]<< 8)|
-            ((uint32_t)key[ 3]    );
-        W[i+1]=	((uint32_t)key[ 4]<<24)|
-            ((uint32_t)key[ 5]<<16)|
-            ((uint32_t)key[ 6]<< 8)|
-            ((uint32_t)key[ 7]    );
-        key += 8;
-    }
-
-    ip = Rcon;
-    ii = 4 * (ctx->rounds+1);
-    for (i = words; i<ii; i++)
-    {
-        tmp = W[i-1];
-
-        if ((i % words) == 0)
-        {
-            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))<< 8;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<<16;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<24;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)));
-            tmp=tmp2^(((unsigned int)*ip)<<24);
-            ip++;
-        }
-
-        if ((words == 8) && ((i % words) == 4))
-        {
-            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))    ;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<< 8;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<16;
-            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)     ))<<24;
-            tmp=tmp2;
-        }
-
-        W[i]=W[i-words]^tmp;
-    }
-
-    /* copy the iv across */
-    memcpy(ctx->iv, iv, 16);
-}
-
-/**
- * Change a key for decryption.
- */
-void AES_convert_key(AES_CTX *ctx)
-{
-    int i;
-    uint32_t *k,w,t1,t2,t3,t4;
-
-    k = ctx->ks;
-    k += 4;
-
-    for (i= ctx->rounds*4; i > 4; i--)
-    {
-        w= *k;
-        w = inv_mix_col(w,t1,t2,t3,t4);
-        *k++ =w;
-    }
-}
-
-/**
- * Encrypt a byte sequence (with a block size 16) using the AES cipher.
- */
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{
-    int i;
-    uint32_t tin[4], tout[4], iv[4];
-
-    memcpy(iv, ctx->iv, AES_IV_SIZE);
-    for (i = 0; i < 4; i++)
-        tout[i] = ntohl(iv[i]);
-
-    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
-    {
-        uint32_t msg_32[4];
-        uint32_t out_32[4];
-        memcpy(msg_32, msg, AES_BLOCKSIZE);
-        msg += AES_BLOCKSIZE;
-
-        for (i = 0; i < 4; i++)
-            tin[i] = ntohl(msg_32[i])^tout[i];
-
-        AES_encrypt(ctx, tin);
-
-        for (i = 0; i < 4; i++)
-        {
-            tout[i] = tin[i]; 
-            out_32[i] = htonl(tout[i]);
-        }
-
-        memcpy(out, out_32, AES_BLOCKSIZE);
-        out += AES_BLOCKSIZE;
-    }
-
-    for (i = 0; i < 4; i++)
-        iv[i] = htonl(tout[i]);
-    memcpy(ctx->iv, iv, AES_IV_SIZE);
-}
-
-/**
- * Decrypt a byte sequence (with a block size 16) using the AES cipher.
- */
-void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{
-    int i;
-    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
-
-    memcpy(iv, ctx->iv, AES_IV_SIZE);
-    for (i = 0; i < 4; i++)
-        xor[i] = ntohl(iv[i]);
-
-    for (length -= 16; length >= 0; length -= 16)
-    {
-        uint32_t msg_32[4];
-        uint32_t out_32[4];
-        memcpy(msg_32, msg, AES_BLOCKSIZE);
-        msg += AES_BLOCKSIZE;
-
-        for (i = 0; i < 4; i++)
-        {
-            tin[i] = ntohl(msg_32[i]);
-            data[i] = tin[i];
-        }
-
-        AES_decrypt(ctx, data);
-
-        for (i = 0; i < 4; i++)
-        {
-            tout[i] = data[i]^xor[i];
-            xor[i] = tin[i];
-            out_32[i] = htonl(tout[i]);
-        }
-
-        memcpy(out, out_32, AES_BLOCKSIZE);
-        out += AES_BLOCKSIZE;
-    }
-
-    for (i = 0; i < 4; i++)
-        iv[i] = htonl(xor[i]);
-    memcpy(ctx->iv, iv, AES_IV_SIZE);
-}
-
-/**
- * Encrypt a single block (16 bytes) of data
- */
-static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
-{
-    /* To make this code smaller, generate the sbox entries on the fly.
-     * This will have a really heavy effect upon performance.
-     */
-    uint32_t tmp[4];
-    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
-    int curr_rnd;
-    int rounds = ctx->rounds; 
-    const uint32_t *k = ctx->ks;
-
-    /* Pre-round key addition */
-    for (row = 0; row < 4; row++)
-        data[row] ^= *(k++);
-
-    /* Encrypt one block. */
-    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
-    {
-        /* Perform ByteSub and ShiftRow operations together */
-        for (row = 0; row < 4; row++)
-        {
-            a0 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[row%4]>>24)&0xFF));
-            a1 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+1)%4]>>16)&0xFF));
-            a2 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+2)%4]>>8)&0xFF));
-            a3 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+3)%4])&0xFF));
-
-            /* Perform MixColumn iff not last round */
-            if (curr_rnd < (rounds - 1))
-            {
-                tmp1 = a0 ^ a1 ^ a2 ^ a3;
-                old_a0 = a0;
-                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
-                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
-                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
-                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
-            }
-
-            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
-        }
-
-        /* KeyAddition - note that it is vital that this loop is separate from
-           the MixColumn operation, which must be atomic...*/ 
-        for (row = 0; row < 4; row++)
-            data[row] = tmp[row] ^ *(k++);
-    }
-}
-
-/**
- * Decrypt a single block (16 bytes) of data
- */
-static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
-{ 
-    uint32_t tmp[4];
-    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
-    uint32_t a0, a1, a2, a3, row;
-    int curr_rnd;
-    int rounds = ctx->rounds;
-    const uint32_t *k = ctx->ks + ((rounds+1)*4);
-
-    /* pre-round key addition */
-    for (row=4; row > 0;row--)
-        data[row-1] ^= *(--k);
-
-    /* Decrypt one block */
-    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
-    {
-        /* Perform ByteSub and ShiftRow operations together */
-        for (row = 4; row > 0; row--)
-        {
-            a0 = ax_array_read_u8(aes_isbox, (data[(row+3)%4]>>24)&0xFF);
-            a1 = ax_array_read_u8(aes_isbox, (data[(row+2)%4]>>16)&0xFF);
-            a2 = ax_array_read_u8(aes_isbox, (data[(row+1)%4]>>8)&0xFF);
-            a3 = ax_array_read_u8(aes_isbox, (data[row%4])&0xFF);
-
-            /* Perform MixColumn iff not last round */
-            if (curr_rnd<(rounds-1))
-            {
-                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
-                   are quite large compared to encryption; this 
-                   operation slows decryption down noticeably. */
-                xt0 = AES_xtime(a0^a1);
-                xt1 = AES_xtime(a1^a2);
-                xt2 = AES_xtime(a2^a3);
-                xt3 = AES_xtime(a3^a0);
-                xt4 = AES_xtime(xt0^xt1);
-                xt5 = AES_xtime(xt1^xt2);
-                xt6 = AES_xtime(xt4^xt5);
-
-                xt0 ^= a1^a2^a3^xt4^xt6;
-                xt1 ^= a0^a2^a3^xt5^xt6;
-                xt2 ^= a0^a1^a3^xt4^xt6;
-                xt3 ^= a0^a1^a2^xt5^xt6;
-                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
-            }
-            else
-                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
-        }
-
-        for (row = 4; row > 0; row--)
-            data[row-1] = tmp[row-1] ^ *(--k);
-    }
-}
diff --git a/tools/sdk/axtls/crypto/bigint.c b/tools/sdk/axtls/crypto/bigint.c
deleted file mode 100644
index d90b093822..0000000000
--- a/tools/sdk/axtls/crypto/bigint.c
+++ /dev/null
@@ -1,1514 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @defgroup bigint_api Big Integer API
- * @brief The bigint implementation as used by the axTLS project.
- *
- * The bigint library is for RSA encryption/decryption as well as signing.
- * This code tries to minimise use of malloc/free by maintaining a small 
- * cache. A bigint context may maintain state by being made "permanent". 
- * It be be later released with a bi_depermanent() and bi_free() call.
- *
- * It supports the following reduction techniques:
- * - Classical
- * - Barrett
- * - Montgomery
- *
- * It also implements the following:
- * - Karatsuba multiplication
- * - Squaring
- * - Sliding window exponentiation
- * - Chinese Remainder Theorem (implemented in rsa.c).
- *
- * All the algorithms used are pretty standard, and designed for different
- * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
- * may need to be tested for negativity.
- *
- * This library steals some ideas from Jef Poskanzer
- * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
- * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
- * detail from "The Handbook of Applied Cryptography"
- * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
- * @{
- */
-
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include <time.h>
-#include "os_port.h"
-#include "bigint.h"
-
-#define V1      v->comps[v->size-1]                 /**< v1 for division */
-#define V2      v->comps[v->size-2]                 /**< v2 for division */
-#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
-#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
-
-static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
-static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
-static bigint *alloc(BI_CTX *ctx, int size);
-static bigint *trim(bigint *bi);
-static void more_comps(bigint *bi, int n);
-#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
-    defined(CONFIG_BIGINT_MONTGOMERY)
-static bigint *comp_right_shift(bigint *biR, int num_shifts);
-static bigint *comp_left_shift(bigint *biR, int num_shifts);
-#endif
-
-#ifdef CONFIG_BIGINT_CHECK_ON
-static void check(const bigint *bi);
-#else
-#define check(A)                /**< disappears in normal production mode */
-#endif
-
-
-/**
- * @brief Start a new bigint context.
- * @return A bigint context.
- */
-BI_CTX *bi_initialize(void)
-{
-    /* calloc() sets everything to zero */
-    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
-   
-    /* the radix */
-    ctx->bi_radix = alloc(ctx, 2); 
-    ctx->bi_radix->comps[0] = 0;
-    ctx->bi_radix->comps[1] = 1;
-    bi_permanent(ctx->bi_radix);
-    return ctx;
-}
-
-/**
- * @brief Close the bigint context and free any resources.
- *
- * Free up any used memory - a check is done if all objects were not 
- * properly freed.
- * @param ctx [in]   The bigint session context.
- */
-void bi_terminate(BI_CTX *ctx)
-{
-    bi_depermanent(ctx->bi_radix); 
-    bi_free(ctx, ctx->bi_radix);
-
-    if (ctx->active_count != 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_terminate: there were %d un-freed bigints\n",
-                       ctx->active_count);
-#endif
-        abort();
-    }
-
-    bi_clear_cache(ctx);
-    free(ctx);
-}
-
-/**
- *@brief Clear the memory cache.
- */
-void bi_clear_cache(BI_CTX *ctx)
-{
-    bigint *p, *pn;
-
-    if (ctx->free_list == NULL)
-        return;
-    
-    for (p = ctx->free_list; p != NULL; p = pn)
-    {
-        pn = p->next;
-        free(p->comps);
-        free(p);
-    }
-
-    ctx->free_count = 0;
-    ctx->free_list = NULL;
-}
-
-/**
- * @brief Increment the number of references to this object. 
- * It does not do a full copy.
- * @param bi [in]   The bigint to copy.
- * @return A reference to the same bigint.
- */
-bigint *bi_copy(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != PERMANENT)
-        bi->refs++;
-    return bi;
-}
-
-/**
- * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
- *
- * For this object to be freed, bi_depermanent() must be called.
- * @param bi [in]   The bigint to be made permanent.
- */
-void bi_permanent(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != 1)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_permanent: refs was not 1\n");
-#endif
-        abort();
-    }
-
-    bi->refs = PERMANENT;
-}
-
-/**
- * @brief Take a permanent object and make it eligible for freedom.
- * @param bi [in]   The bigint to be made back to temporary.
- */
-void bi_depermanent(bigint *bi)
-{
-    check(bi);
-    if (bi->refs != PERMANENT)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_depermanent: bigint was not permanent\n");
-#endif
-        abort();
-    }
-
-    bi->refs = 1;
-}
-
-/**
- * @brief Free a bigint object so it can be used again. 
- *
- * The memory itself it not actually freed, just tagged as being available 
- * @param ctx [in]   The bigint session context.
- * @param bi [in]    The bigint to be freed.
- */
-void bi_free(BI_CTX *ctx, bigint *bi)
-{
-    check(bi);
-    if (bi->refs == PERMANENT)
-    {
-        return;
-    }
-
-    if (--bi->refs > 0)
-    {
-        return;
-    }
-
-    bi->next = ctx->free_list;
-    ctx->free_list = bi;
-    ctx->free_count++;
-
-    if (--ctx->active_count < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("bi_free: active_count went negative "
-                "- double-freed bigint?\n");
-#endif
-        abort();
-    }
-}
-
-/**
- * @brief Convert an (unsigned) integer into a bigint.
- * @param ctx [in]   The bigint session context.
- * @param i [in]     The (unsigned) integer to be converted.
- * 
- */
-bigint *int_to_bi(BI_CTX *ctx, comp i)
-{
-    bigint *biR = alloc(ctx, 1);
-    biR->comps[0] = i;
-    return biR;
-}
-
-/**
- * @brief Do a full copy of the bigint object.
- * @param ctx [in]   The bigint session context.
- * @param bi  [in]   The bigint object to be copied.
- */
-bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
-{
-    bigint *biR = alloc(ctx, bi->size);
-    check(bi);
-    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
-    return biR;
-}
-
-/**
- * @brief Perform an addition operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return The result of the addition.
- */
-bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
-{
-    int n;
-    comp carry = 0;
-    comp *pa, *pb;
-
-    check(bia);
-    check(bib);
-
-    n = axtls_max(bia->size, bib->size);
-    more_comps(bia, n+1);
-    more_comps(bib, n);
-    pa = bia->comps;
-    pb = bib->comps;
-
-    do
-    {
-        comp  sl, rl, cy1;
-        sl = *pa + *pb++;
-        rl = sl + carry;
-        cy1 = sl < *pa;
-        carry = cy1 | (rl < sl);
-        *pa++ = rl;
-    } while (--n != 0);
-
-    *pa = carry;                  /* do overflow */
-    bi_free(ctx, bib);
-    return trim(bia);
-}
-
-/**
- * @brief Perform a subtraction operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @param is_negative [out] If defined, indicates that the result was negative.
- * is_negative may be null.
- * @return The result of the subtraction. The result is always positive.
- */
-bigint *bi_subtract(BI_CTX *ctx, 
-        bigint *bia, bigint *bib, int *is_negative)
-{
-    int n = bia->size;
-    comp *pa, *pb, carry = 0;
-
-    check(bia);
-    check(bib);
-
-    more_comps(bib, n);
-    pa = bia->comps;
-    pb = bib->comps;
-
-    do 
-    {
-        comp sl, rl, cy1;
-        sl = *pa - *pb++;
-        rl = sl - carry;
-        cy1 = sl > *pa;
-        carry = cy1 | (rl > sl);
-        *pa++ = rl;
-    } while (--n != 0);
-
-    if (is_negative)    /* indicate a negative result */
-    {
-        *is_negative = carry;
-    }
-
-    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
-    return trim(bia);
-}
-
-/**
- * Perform a multiply between a bigint an an (unsigned) integer
- */
-static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
-{
-    int j = 0, n = bia->size;
-    bigint *biR = alloc(ctx, n + 1);
-    comp carry = 0;
-    comp *r = biR->comps;
-    comp *a = bia->comps;
-
-    check(bia);
-
-    /* clear things to start with */
-    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
-
-    do
-    {
-        long_comp tmp = *r + (long_comp)a[j]*b + carry;
-        *r++ = (comp)tmp;              /* downsize */
-        carry = (comp)(tmp >> COMP_BIT_SIZE);
-    } while (++j < n);
-
-    *r = carry;
-    bi_free(ctx, bia);
-    return trim(biR);
-}
-
-/**
- * @brief Does both division and modulo calculations. 
- *
- * Used extensively when doing classical reduction.
- * @param ctx [in]  The bigint session context.
- * @param u [in]    A bigint which is the numerator.
- * @param v [in]    Either the denominator or the modulus depending on the mode.
- * @param is_mod [n] Determines if this is a normal division (0) or a reduction
- * (1).
- * @return  The result of the division/reduction.
- */
-bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
-{
-    int n = v->size, m = u->size-n;
-    int j = 0, orig_u_size = u->size;
-    uint8_t mod_offset = ctx->mod_offset;
-    comp d;
-    bigint *quotient, *tmp_u;
-    comp q_dash;
-
-    check(u);
-    check(v);
-
-    /* if doing reduction and we are < mod, then return mod */
-    if (is_mod && bi_compare(v, u) > 0)
-    {
-        bi_free(ctx, v);
-        return u;
-    }
-
-    quotient = alloc(ctx, m+1);
-    tmp_u = alloc(ctx, n+1);
-    v = trim(v);        /* make sure we have no leading 0's */
-    d = (comp)((long_comp)COMP_RADIX/(V1+1));
-
-    /* clear things to start with */
-    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
-
-    /* normalise */
-    if (d > 1)
-    {
-        u = bi_int_multiply(ctx, u, d);
-
-        if (is_mod)
-        {
-            v = ctx->bi_normalised_mod[mod_offset];
-        }
-        else
-        {
-            v = bi_int_multiply(ctx, v, d);
-        }
-    }
-
-    if (orig_u_size == u->size)  /* new digit position u0 */
-    {
-        more_comps(u, orig_u_size + 1);
-    }
-
-    do
-    {
-        /* get a temporary short version of u */
-        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
-
-        /* calculate q' */
-        if (U(0) == V1)
-        {
-            q_dash = COMP_RADIX-1;
-        }
-        else
-        {
-            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
-
-            if (v->size > 1 && V2)
-            {
-                /* we are implementing the following:
-                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
-                        q_dash*V1)*COMP_RADIX) + U(2))) ... */
-                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
-                                            (long_comp)q_dash*V1);
-                if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
-                {
-                    q_dash--;
-                }
-            }
-        }
-
-        /* multiply and subtract */
-        if (q_dash)
-        {
-            int is_negative;
-            tmp_u = bi_subtract(ctx, tmp_u, 
-                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
-            more_comps(tmp_u, n+1);
-
-            Q(j) = q_dash; 
-
-            /* add back */
-            if (is_negative)
-            {
-                Q(j)--;
-                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
-
-                /* lop off the carry */
-                tmp_u->size--;
-                v->size--;
-            }
-        }
-        else
-        {
-            Q(j) = 0; 
-        }
-
-        /* copy back to u */
-        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
-    } while (++j <= m);
-
-    bi_free(ctx, tmp_u);
-    bi_free(ctx, v);
-
-    if (is_mod)     /* get the remainder */
-    {
-        bi_free(ctx, quotient);
-        return bi_int_divide(ctx, trim(u), d);
-    }
-    else            /* get the quotient */
-    {
-        bi_free(ctx, u);
-        return trim(quotient);
-    }
-}
-
-/*
- * Perform an integer divide on a bigint.
- */
-static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
-{
-    int i = biR->size - 1;
-    long_comp r = 0;
-
-    check(biR);
-
-    do
-    {
-        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
-        biR->comps[i] = (comp)(r / denom);
-        r %= denom;
-    } while (--i >= 0);
-
-    return trim(biR);
-}
-
-#ifdef CONFIG_BIGINT_MONTGOMERY
-/**
- * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
- * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
- * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
- * simple algorithm from an article by Dusse and Kaliski to efficiently 
- * find N0' from N0 and b */
-static comp modular_inverse(bigint *bim)
-{
-    int i;
-    comp t = 1;
-    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
-    long_comp two_2_i = 4;      /* 2^i */
-    comp N = bim->comps[0];
-
-    for (i = 2; i <= COMP_BIT_SIZE; i++)
-    {
-        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
-        {
-            t += two_2_i_minus_1;
-        }
-
-        two_2_i_minus_1 <<= 1;
-        two_2_i <<= 1;
-    }
-
-    return (comp)(COMP_RADIX-t);
-}
-#endif
-
-#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
-    defined(CONFIG_BIGINT_MONTGOMERY)
-/**
- * Take each component and shift down (in terms of components) 
- */
-static bigint *comp_right_shift(bigint *biR, int num_shifts)
-{
-    int i = biR->size-num_shifts;
-    comp *x = biR->comps;
-    comp *y = &biR->comps[num_shifts];
-
-    check(biR);
-
-    if (i <= 0)     /* have we completely right shifted? */
-    {
-        biR->comps[0] = 0;  /* return 0 */
-        biR->size = 1;
-        return biR;
-    }
-
-    do
-    {
-        *x++ = *y++;
-    } while (--i > 0);
-
-    biR->size -= num_shifts;
-    return biR;
-}
-
-/**
- * Take each component and shift it up (in terms of components) 
- */
-static bigint *comp_left_shift(bigint *biR, int num_shifts)
-{
-    int i = biR->size-1;
-    comp *x, *y;
-
-    check(biR);
-
-    if (num_shifts <= 0)
-    {
-        return biR;
-    }
-
-    more_comps(biR, biR->size + num_shifts);
-
-    x = &biR->comps[i+num_shifts];
-    y = &biR->comps[i];
-
-    do
-    {
-        *x-- = *y--;
-    } while (i--);
-
-    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
-    return biR;
-}
-#endif
-
-/**
- * @brief Allow a binary sequence to be imported as a bigint.
- * @param ctx [in]  The bigint session context.
- * @param data [in] The data to be converted.
- * @param size [in] The number of bytes of data.
- * @return A bigint representing this data.
- */
-bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
-{
-    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
-    int i, j = 0, offset = 0;
-
-    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
-
-    for (i = size-1; i >= 0; i--)
-    {
-        biR->comps[offset] += data[i] << (j*8);
-
-        if (++j == COMP_BYTE_SIZE)
-        {
-            j = 0;
-            offset ++;
-        }
-    }
-
-    return trim(biR);
-}
-
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * @brief The testharness uses this code to import text hex-streams and 
- * convert them into bigints.
- * @param ctx [in]  The bigint session context.
- * @param data [in] A string consisting of hex characters. The characters must
- * be in upper case.
- * @return A bigint representing this data.
- */
-bigint *bi_str_import(BI_CTX *ctx, const char *data)
-{
-    int size = strlen(data);
-    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
-    int i, j = 0, offset = 0;
-    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
-
-    for (i = size-1; i >= 0; i--)
-    {
-        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
-        biR->comps[offset] += num << (j*4);
-
-        if (++j == COMP_NUM_NIBBLES)
-        {
-            j = 0;
-            offset ++;
-        }
-    }
-
-    return biR;
-}
-
-void bi_print(const char *label, bigint *x)
-{
-    int i, j;
-
-    if (x == NULL)
-    {
-        printf("%s: (null)\n", label);
-        return;
-    }
-
-    printf("%s: (size %d)\n", label, x->size);
-    for (i = x->size-1; i >= 0; i--)
-    {
-        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
-        {
-            comp mask = 0x0f << (j*4);
-            comp num = (x->comps[i] & mask) >> (j*4);
-            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
-        }
-    }  
-
-    printf("\n");
-}
-#endif
-
-/**
- * @brief Take a bigint and convert it into a byte sequence. 
- *
- * This is useful after a decrypt operation.
- * @param ctx [in]  The bigint session context.
- * @param x [in]  The bigint to be converted.
- * @param data [out] The converted data as a byte stream.
- * @param size [in] The maximum size of the byte stream. Unused bytes will be
- * zeroed.
- */
-void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
-{
-    int i, j, k = size-1;
-
-    check(x);
-    memset(data, 0, size);  /* ensure all leading 0's are cleared */
-
-    for (i = 0; i < x->size; i++)
-    {
-        for (j = 0; j < COMP_BYTE_SIZE; j++)
-        {
-            comp mask = 0xff << (j*8);
-            int num = (x->comps[i] & mask) >> (j*8);
-            data[k--] = num;
-
-            if (k < 0)
-            {
-                goto buf_done;
-            }
-        }
-    }
-buf_done:
-
-    bi_free(ctx, x);
-}
-
-/**
- * @brief Pre-calculate some of the expensive steps in reduction. 
- *
- * This function should only be called once (normally when a session starts).
- * When the session is over, bi_free_mod() should be called. bi_mod_power()
- * relies on this function being called.
- * @param ctx [in]  The bigint session context.
- * @param bim [in]  The bigint modulus that will be used.
- * @param mod_offset [in] There are three moduluii that can be stored - the
- * standard modulus, and its two primes p and q. This offset refers to which
- * modulus we are referring to.
- * @see bi_free_mod(), bi_mod_power().
- */
-void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
-{
-    int k = bim->size;
-    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    bigint *R, *R2;
-#endif
-
-    ctx->bi_mod[mod_offset] = bim;
-    bi_permanent(ctx->bi_mod[mod_offset]);
-    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
-    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    /* set montgomery variables */
-    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
-    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
-    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
-    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
-
-    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
-    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
-
-    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
-
-#elif defined (CONFIG_BIGINT_BARRETT)
-    ctx->bi_mu[mod_offset] = 
-        bi_divide(ctx, comp_left_shift(
-            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
-    bi_permanent(ctx->bi_mu[mod_offset]);
-#endif
-}
-
-/**
- * @brief Used when cleaning various bigints at the end of a session.
- * @param ctx [in]  The bigint session context.
- * @param mod_offset [in] The offset to use.
- * @see bi_set_mod().
- */
-void bi_free_mod(BI_CTX *ctx, int mod_offset)
-{
-    bi_depermanent(ctx->bi_mod[mod_offset]);
-    bi_free(ctx, ctx->bi_mod[mod_offset]);
-#if defined (CONFIG_BIGINT_MONTGOMERY)
-    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
-    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
-    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
-    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
-#elif defined(CONFIG_BIGINT_BARRETT)
-    bi_depermanent(ctx->bi_mu[mod_offset]); 
-    bi_free(ctx, ctx->bi_mu[mod_offset]);
-#endif
-    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
-    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
-}
-
-/** 
- * Perform a standard multiplication between two bigints.
- *
- * Barrett reduction has no need for some parts of the product, so ignore bits
- * of the multiply. This routine gives Barrett its big performance
- * improvements over Classical/Montgomery reduction methods. 
- */
-static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
-        int inner_partial, int outer_partial)
-{
-    int i = 0, j;
-    int n = bia->size;
-    int t = bib->size;
-    bigint *biR = alloc(ctx, n + t);
-    comp *sr = biR->comps;
-    comp *sa = bia->comps;
-    comp *sb = bib->comps;
-
-    check(bia);
-    check(bib);
-
-    /* clear things to start with */
-    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
-
-    do 
-    {
-        long_comp tmp;
-        comp carry = 0;
-        int r_index = i;
-        j = 0;
-
-        if (outer_partial && outer_partial-i > 0 && outer_partial < n)
-        {
-            r_index = outer_partial-1;
-            j = outer_partial-i-1;
-        }
-
-        do
-        {
-            if (inner_partial && r_index >= inner_partial) 
-            {
-                break;
-            }
-
-            tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
-            sr[r_index++] = (comp)tmp;              /* downsize */
-            carry = tmp >> COMP_BIT_SIZE;
-        } while (++j < n);
-
-        sr[r_index] = carry;
-    } while (++i < t);
-
-    bi_free(ctx, bia);
-    bi_free(ctx, bib);
-    return trim(biR);
-}
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-/*
- * Karatsuba improves on regular multiplication due to only 3 multiplications 
- * being done instead of 4. The additional additions/subtractions are O(N) 
- * rather than O(N^2) and so for big numbers it saves on a few operations 
- */
-static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
-{
-    bigint *x0, *x1;
-    bigint *p0, *p1, *p2;
-    int m;
-
-    if (is_square)
-    {
-        m = (bia->size + 1)/2;
-    }
-    else
-    {
-        m = (axtls_max(bia->size, bib->size) + 1)/2;
-    }
-
-    x0 = bi_clone(ctx, bia);
-    x0->size = m;
-    x1 = bi_clone(ctx, bia);
-    comp_right_shift(x1, m);
-    bi_free(ctx, bia);
-
-    /* work out the 3 partial products */
-    if (is_square)
-    {
-        p0 = bi_square(ctx, bi_copy(x0));
-        p2 = bi_square(ctx, bi_copy(x1));
-        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
-    }
-    else /* normal multiply */
-    {
-        bigint *y0, *y1;
-        y0 = bi_clone(ctx, bib);
-        y0->size = m;
-        y1 = bi_clone(ctx, bib);
-        comp_right_shift(y1, m);
-        bi_free(ctx, bib);
-
-        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
-        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
-        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
-    }
-
-    p1 = bi_subtract(ctx, 
-            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
-
-    comp_left_shift(p1, m);
-    comp_left_shift(p2, 2*m);
-    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
-}
-#endif
-
-/**
- * @brief Perform a multiplication operation between two bigints.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return The result of the multiplication.
- */
-bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
-{
-    check(bia);
-    check(bib);
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-    if (axtls_min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
-    {
-        return regular_multiply(ctx, bia, bib, 0, 0);
-    }
-
-    return karatsuba(ctx, bia, bib, 0);
-#else
-    return regular_multiply(ctx, bia, bib, 0, 0);
-#endif
-}
-
-#ifdef CONFIG_BIGINT_SQUARE
-/*
- * Perform the actual square operion. It takes into account overflow.
- */
-static bigint *regular_square(BI_CTX *ctx, bigint *bi)
-{
-    int t = bi->size;
-    int i = 0, j;
-    bigint *biR = alloc(ctx, t*2+1);
-    comp *w = biR->comps;
-    comp *x = bi->comps;
-    long_comp carry;
-    memset(w, 0, biR->size*COMP_BYTE_SIZE);
-
-    do
-    {
-        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
-        w[2*i] = (comp)tmp;
-        carry = tmp >> COMP_BIT_SIZE;
-
-        for (j = i+1; j < t; j++)
-        {
-            uint8_t c = 0;
-            long_comp xx = (long_comp)x[i]*x[j];
-            if ((COMP_MAX-xx) < xx)
-                c = 1;
-
-            tmp = (xx<<1);
-
-            if ((COMP_MAX-tmp) < w[i+j])
-                c = 1;
-
-            tmp += w[i+j];
-
-            if ((COMP_MAX-tmp) < carry)
-                c = 1;
-
-            tmp += carry;
-            w[i+j] = (comp)tmp;
-            carry = tmp >> COMP_BIT_SIZE;
-
-            if (c)
-                carry += COMP_RADIX;
-        }
-
-        tmp = w[i+t] + carry;
-        w[i+t] = (comp)tmp;
-        w[i+t+1] = tmp >> COMP_BIT_SIZE;
-    } while (++i < t);
-
-    bi_free(ctx, bi);
-    return trim(biR);
-}
-
-/**
- * @brief Perform a square operation on a bigint.
- * @param ctx [in]  The bigint session context.
- * @param bia [in]  A bigint.
- * @return The result of the multiplication.
- */
-bigint *bi_square(BI_CTX *ctx, bigint *bia)
-{
-    check(bia);
-
-#ifdef CONFIG_BIGINT_KARATSUBA
-    if (bia->size < SQU_KARATSUBA_THRESH) 
-    {
-        return regular_square(ctx, bia);
-    }
-
-    return karatsuba(ctx, bia, NULL, 1);
-#else
-    return regular_square(ctx, bia);
-#endif
-}
-#endif
-
-/**
- * @brief Compare two bigints.
- * @param bia [in]  A bigint.
- * @param bib [in]  Another bigint.
- * @return -1 if smaller, 1 if larger and 0 if equal.
- */
-int bi_compare(bigint *bia, bigint *bib)
-{
-    int r, i;
-
-    check(bia);
-    check(bib);
-
-    if (bia->size > bib->size)
-        r = 1;
-    else if (bia->size < bib->size)
-        r = -1;
-    else
-    {
-        comp *a = bia->comps; 
-        comp *b = bib->comps; 
-
-        /* Same number of components.  Compare starting from the high end
-         * and working down. */
-        r = 0;
-        i = bia->size - 1;
-
-        do 
-        {
-            if (a[i] > b[i])
-            { 
-                r = 1;
-                break; 
-            }
-            else if (a[i] < b[i])
-            { 
-                r = -1;
-                break; 
-            }
-        } while (--i >= 0);
-    }
-
-    return r;
-}
-
-/*
- * Allocate and zero more components.  Does not consume bi. 
- */
-static void more_comps(bigint *bi, int n)
-{
-    if (n > bi->max_comps)
-    {
-        bi->max_comps = axtls_max(bi->max_comps * 2, n);
-        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
-    }
-
-    if (n > bi->size)
-    {
-        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
-    }
-
-    bi->size = n;
-}
-
-/*
- * Make a new empty bigint. It may just use an old one if one is available.
- * Otherwise get one off the heap.
- */
-static bigint *alloc(BI_CTX *ctx, int size)
-{
-    bigint *biR;
-
-    /* Can we recycle an old bigint? */
-    if (ctx->free_list != NULL)
-    {
-        biR = ctx->free_list;
-        ctx->free_list = biR->next;
-        ctx->free_count--;
-
-        if (biR->refs != 0)
-        {
-#ifdef CONFIG_SSL_FULL_MODE
-            printf("alloc: refs was not 0\n");
-#endif
-            abort();    /* create a stack trace from a core dump */
-        }
-
-        more_comps(biR, size);
-    }
-    else
-    {
-        /* No free bigints available - create a new one. */
-        biR = (bigint *)malloc(sizeof(bigint));
-        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
-        biR->max_comps = size;  /* give some space to spare */
-    }
-
-    biR->size = size;
-    biR->refs = 1;
-    biR->next = NULL;
-    ctx->active_count++;
-    return biR;
-}
-
-/*
- * Work out the highest '1' bit in an exponent. Used when doing sliding-window
- * exponentiation.
- */
-static int find_max_exp_index(bigint *biexp)
-{
-    int i = COMP_BIT_SIZE-1;
-    comp shift = COMP_RADIX/2;
-    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
-
-    check(biexp);
-
-    do
-    {
-        if (test & shift)
-        {
-            return i+(biexp->size-1)*COMP_BIT_SIZE;
-        }
-
-        shift >>= 1;
-    } while (i-- != 0);
-
-    return -1;      /* error - must have been a leading 0 */
-}
-
-/*
- * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
- * exponentiation.
- */
-static int exp_bit_is_one(bigint *biexp, int offset)
-{
-    comp test = biexp->comps[offset / COMP_BIT_SIZE];
-    int num_shifts = offset % COMP_BIT_SIZE;
-    comp shift = 1;
-    int i;
-
-    check(biexp);
-
-    for (i = 0; i < num_shifts; i++)
-    {
-        shift <<= 1;
-    }
-
-    return (test & shift) != 0;
-}
-
-#ifdef CONFIG_BIGINT_CHECK_ON
-/*
- * Perform a sanity check on bi.
- */
-static void check(const bigint *bi)
-{
-    if (bi->refs <= 0)
-    {
-        printf("check: zero or negative refs in bigint\n");
-        abort();
-    }
-
-    if (bi->next != NULL)
-    {
-        printf("check: attempt to use a bigint from "
-                "the free list\n");
-        abort();
-    }
-}
-#endif
-
-/*
- * Delete any leading 0's (and allow for 0).
- */
-static bigint *trim(bigint *bi)
-{
-    check(bi);
-
-    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
-    {
-        bi->size--;
-    }
-
-    return bi;
-}
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-/**
- * @brief Perform a single montgomery reduction.
- * @param ctx [in]  The bigint session context.
- * @param bixy [in]  A bigint.
- * @return The result of the montgomery reduction.
- */
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
-{
-    int i = 0, n;
-    uint8_t mod_offset = ctx->mod_offset;
-    bigint *bim = ctx->bi_mod[mod_offset];
-    comp mod_inv = ctx->N0_dash[mod_offset];
-
-    check(bixy);
-
-    ax_wdt_feed();
-    if (ctx->use_classical)     /* just use classical instead */
-    {
-        return bi_mod(ctx, bixy);
-    }
-
-    n = bim->size;
-
-    do
-    {
-        bixy = bi_add(ctx, bixy, comp_left_shift(
-                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
-    } while (++i < n);
-
-    comp_right_shift(bixy, n);
-
-    if (bi_compare(bixy, bim) >= 0)
-    {
-        bixy = bi_subtract(ctx, bixy, bim, NULL);
-    }
-
-    return bixy;
-}
-
-#elif defined(CONFIG_BIGINT_BARRETT)
-/*
- * Stomp on the most significant components to give the illusion of a "mod base
- * radix" operation 
- */
-static bigint *comp_mod(bigint *bi, int mod)
-{
-    check(bi);
-
-    if (bi->size > mod)
-    {
-        bi->size = mod;
-    }
-
-    return bi;
-}
-
-/**
- * @brief Perform a single Barrett reduction.
- * @param ctx [in]  The bigint session context.
- * @param bi [in]  A bigint.
- * @return The result of the Barrett reduction.
- */
-bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
-{
-    bigint *q1, *q2, *q3, *r1, *r2, *r;
-    uint8_t mod_offset = ctx->mod_offset;
-    bigint *bim = ctx->bi_mod[mod_offset];
-    int k = bim->size;
-
-    check(bi);
-    check(bim);
-
-    ax_wdt_feed();
-    /* use Classical method instead  - Barrett cannot help here */
-    if (bi->size > k*2)
-    {
-        return bi_mod(ctx, bi);
-    }
-
-    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
-
-    /* do outer partial multiply */
-    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
-    q3 = comp_right_shift(q2, k+1);
-    r1 = comp_mod(bi, k+1);
-
-    /* do inner partial multiply */
-    r2 = comp_mod(regular_multiply(ctx, q3, bim, k+1, 0), k+1);
-    r = bi_subtract(ctx, r1, r2, NULL);
-
-    /* if (r >= m) r = r - m; */
-    if (bi_compare(r, bim) >= 0)
-    {
-        r = bi_subtract(ctx, r, bim, NULL);
-    }
-
-    return r;
-}
-#endif /* CONFIG_BIGINT_BARRETT */
-
-#ifdef CONFIG_BIGINT_SLIDING_WINDOW
-/*
- * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
- */
-static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
-{
-    int k = 1, i;
-    bigint *g2;
-
-    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
-    {
-        k <<= 1;
-    }
-
-    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
-    ctx->g[0] = bi_clone(ctx, g1);
-    bi_permanent(ctx->g[0]);
-    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
-
-    for (i = 1; i < k; i++)
-    {
-        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
-        bi_permanent(ctx->g[i]);
-    }
-
-    bi_free(ctx, g2);
-    ctx->window = k;
-}
-#endif
-
-/**
- * @brief Perform a modular exponentiation.
- *
- * This function requires bi_set_mod() to have been called previously. This is 
- * one of the optimisations used for performance.
- * @param ctx [in]  The bigint session context.
- * @param bi  [in]  The bigint on which to perform the mod power operation.
- * @param biexp [in] The bigint exponent.
- * @return The result of the mod exponentiation operation
- * @see bi_set_mod().
- */
-bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
-{
-    int i = find_max_exp_index(biexp), j, window_size = 1;
-    bigint *biR = int_to_bi(ctx, 1);
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    uint8_t mod_offset = ctx->mod_offset;
-    if (!ctx->use_classical)
-    {
-        /* preconvert */
-        bi = bi_mont(ctx, 
-                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
-        bi_free(ctx, biR);
-        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
-    }
-#endif
-
-    check(bi);
-    check(biexp);
-
-#ifdef CONFIG_BIGINT_SLIDING_WINDOW
-    for (j = i; j > 32; j /= 5) /* work out an optimum size */
-        window_size++;
-
-    /* work out the slide constants */
-    precompute_slide_window(ctx, window_size, bi);
-#else   /* just one constant */
-    ctx->g = (bigint **)malloc(sizeof(bigint *));
-    ctx->g[0] = bi_clone(ctx, bi);
-    ctx->window = 1;
-    bi_permanent(ctx->g[0]);
-#endif
-
-    /* if sliding-window is off, then only one bit will be done at a time and
-     * will reduce to standard left-to-right exponentiation */
-    do
-    {
-        if (exp_bit_is_one(biexp, i))
-        {
-            int l = i-window_size+1;
-            int part_exp = 0;
-
-            if (l < 0)  /* LSB of exponent will always be 1 */
-                l = 0;
-            else
-            {
-                while (exp_bit_is_one(biexp, l) == 0)
-                    l++;    /* go back up */
-            }
-
-            /* build up the section of the exponent */
-            for (j = i; j >= l; j--)
-            {
-                biR = bi_residue(ctx, bi_square(ctx, biR));
-                if (exp_bit_is_one(biexp, j))
-                    part_exp++;
-
-                if (j != l)
-                    part_exp <<= 1;
-            }
-
-            part_exp = (part_exp-1)/2;  /* adjust for array */
-            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
-            i = l-1;
-        }
-        else    /* square it */
-        {
-            biR = bi_residue(ctx, bi_square(ctx, biR));
-            i--;
-        }
-    } while (i >= 0);
-     
-    /* cleanup */
-    for (i = 0; i < ctx->window; i++)
-    {
-        bi_depermanent(ctx->g[i]);
-        bi_free(ctx, ctx->g[i]);
-    }
-
-    free(ctx->g);
-    bi_free(ctx, bi);
-    bi_free(ctx, biexp);
-#if defined CONFIG_BIGINT_MONTGOMERY
-    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
-#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
-    return biR;
-#endif
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * @brief Perform a modular exponentiation using a temporary modulus.
- *
- * We need this function to check the signatures of certificates. The modulus
- * of this function is temporary as it's just used for authentication.
- * @param ctx [in]  The bigint session context.
- * @param bi  [in]  The bigint to perform the exp/mod.
- * @param bim [in]  The temporary modulus.
- * @param biexp [in] The bigint exponent.
- * @return The result of the mod exponentiation operation
- * @see bi_set_mod().
- */
-bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
-{
-    bigint *biR, *tmp_biR;
-
-    /* Set up a temporary bigint context and transfer what we need between
-     * them. We need to do this since we want to keep the original modulus
-     * which is already in this context. This operation is only called when
-     * doing peer verification, and so is not expensive :-) */
-    BI_CTX *tmp_ctx = bi_initialize();
-    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
-    tmp_biR = bi_mod_power(tmp_ctx, 
-                bi_clone(tmp_ctx, bi), 
-                bi_clone(tmp_ctx, biexp));
-    biR = bi_clone(ctx, tmp_biR);
-    bi_free(tmp_ctx, tmp_biR);
-    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
-    bi_terminate(tmp_ctx);
-
-    bi_free(ctx, bi);
-    bi_free(ctx, bim);
-    bi_free(ctx, biexp);
-    return biR;
-}
-#endif
-
-#ifdef CONFIG_BIGINT_CRT
-/**
- * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
- *
- * @param ctx [in]  The bigint session context.
- * @param bi  [in]  The bigint to perform the exp/mod.
- * @param dP [in] CRT's dP bigint
- * @param dQ [in] CRT's dQ bigint
- * @param p [in] CRT's p bigint
- * @param q [in] CRT's q bigint
- * @param qInv [in] CRT's qInv bigint
- * @return The result of the CRT operation
- */
-bigint *bi_crt(BI_CTX *ctx, bigint *bi,
-        bigint *dP, bigint *dQ,
-        bigint *p, bigint *q, bigint *qInv)
-{
-    bigint *m1, *m2, *h;
-
-    /* Montgomery has a condition the 0 < x, y < m and these products violate
-     * that condition. So disable Montgomery when using CRT */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 1;
-#endif
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    m1 = bi_mod_power(ctx, bi_copy(bi), dP);
-
-    ctx->mod_offset = BIGINT_Q_OFFSET;
-    m2 = bi_mod_power(ctx, bi, dQ);
-
-    h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
-    h = bi_multiply(ctx, h, qInv);
-    ctx->mod_offset = BIGINT_P_OFFSET;
-    h = bi_residue(ctx, h);
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    ctx->use_classical = 0;         /* reset for any further operation */
-#endif
-    return bi_add(ctx, m2, bi_multiply(ctx, q, h));
-}
-#endif
-/** @} */
diff --git a/tools/sdk/axtls/crypto/bigint.h b/tools/sdk/axtls/crypto/bigint.h
deleted file mode 100644
index 2966a3edb3..0000000000
--- a/tools/sdk/axtls/crypto/bigint.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef BIGINT_HEADER
-#define BIGINT_HEADER
-
-#include "crypto.h"
-
-BI_CTX *bi_initialize(void);
-void bi_terminate(BI_CTX *ctx);
-void bi_permanent(bigint *bi);
-void bi_depermanent(bigint *bi);
-void bi_clear_cache(BI_CTX *ctx);
-void bi_free(BI_CTX *ctx, bigint *bi);
-bigint *bi_copy(bigint *bi);
-bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
-void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
-bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
-bigint *int_to_bi(BI_CTX *ctx, comp i);
-
-/* the functions that actually do something interesting */
-bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
-        bigint *bib, int *is_negative);
-bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
-bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
-bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
-bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
-int bi_compare(bigint *bia, bigint *bib);
-void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
-void bi_free_mod(BI_CTX *ctx, int mod_offset);
-
-#ifdef CONFIG_SSL_FULL_MODE
-void bi_print(const char *label, bigint *bi);
-bigint *bi_str_import(BI_CTX *ctx, const char *data);
-#endif
-
-/**
- * @def bi_mod
- * Find the residue of B. bi_set_mod() must be called before hand.
- */
-#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
-
-/**
- * bi_residue() is technically the same as bi_mod(), but it uses the
- * appropriate reduction technique (which is bi_mod() when doing classical
- * reduction).
- */
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-#define bi_residue(A, B)         bi_mont(A, B)
-bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
-#elif defined(CONFIG_BIGINT_BARRETT)
-#define bi_residue(A, B)         bi_barrett(A, B)
-bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
-#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
-#define bi_residue(A, B)         bi_mod(A, B)
-#endif
-
-#ifdef CONFIG_BIGINT_SQUARE
-bigint *bi_square(BI_CTX *ctx, bigint *bi);
-#else
-#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
-#endif
-
-#ifdef CONFIG_BIGINT_CRT
-bigint *bi_crt(BI_CTX *ctx, bigint *bi,
-        bigint *dP, bigint *dQ,
-        bigint *p, bigint *q,
-        bigint *qInv);
-#endif
-
-#endif
diff --git a/tools/sdk/axtls/crypto/bigint_impl.h b/tools/sdk/axtls/crypto/bigint_impl.h
deleted file mode 100644
index b70d32dd32..0000000000
--- a/tools/sdk/axtls/crypto/bigint_impl.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef BIGINT_IMPL_HEADER
-#define BIGINT_IMPL_HEADER
-
-/* Maintain a number of precomputed variables when doing reduction */
-#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
-#ifdef CONFIG_BIGINT_CRT
-#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
-#define BIGINT_Q_OFFSET     2    /**< q module offset. */
-#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
-#else
-#define BIGINT_NUM_MODS     1    
-#endif
-
-/* Architecture specific functions for big ints */
-#if defined(CONFIG_INTEGER_8BIT)
-#define COMP_RADIX          256U       /**< Max component + 1 */
-#define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
-#define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */
-typedef uint8_t comp;	        /**< A single precision component. */
-typedef uint16_t long_comp;     /**< A double precision component. */
-typedef int16_t slong_comp;     /**< A signed double precision component. */
-#elif defined(CONFIG_INTEGER_16BIT)
-#define COMP_RADIX          65536U       /**< Max component + 1 */
-#define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
-#define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */
-typedef uint16_t comp;	        /**< A single precision component. */
-typedef uint32_t long_comp;     /**< A double precision component. */
-typedef int32_t slong_comp;     /**< A signed double precision component. */
-#else /* regular 32 bit */
-#ifdef WIN32
-#define COMP_RADIX          4294967296i64         
-#define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
-#else
-#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
-#define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
-#endif
-#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
-#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
-#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
-typedef uint32_t comp;	        /**< A single precision component. */
-typedef uint64_t long_comp;     /**< A double precision component. */
-typedef int64_t slong_comp;     /**< A signed double precision component. */
-#endif
-
-/**
- * @struct  _bigint
- * @brief A big integer basic object
- */
-struct _bigint
-{
-    struct _bigint* next;       /**< The next bigint in the cache. */
-    short size;                 /**< The number of components in this bigint. */
-    short max_comps;            /**< The heapsize allocated for this bigint */
-    int refs;                   /**< An internal reference count. */
-    comp* comps;                /**< A ptr to the actual component data */
-};
-
-typedef struct _bigint bigint;  /**< An alias for _bigint */
-
-/**
- * Maintains the state of the cache, and a number of variables used in 
- * reduction.
- */
-typedef struct /**< A big integer "session" context. */
-{
-    bigint *active_list;                    /**< Bigints currently used. */
-    bigint *free_list;                      /**< Bigints not used. */
-    bigint *bi_radix;                       /**< The radix used. */
-    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
-
-#if defined(CONFIG_BIGINT_MONTGOMERY)
-    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
-    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
-    comp N0_dash[BIGINT_NUM_MODS];
-#elif defined(CONFIG_BIGINT_BARRETT)
-    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
-#endif
-    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
-    bigint **g;                 /**< Used by sliding-window. */
-    int window;                 /**< The size of the sliding window */
-    int active_count;           /**< Number of active bigints. */
-    int free_count;             /**< Number of free bigints. */
-
-#ifdef CONFIG_BIGINT_MONTGOMERY
-    uint8_t use_classical;      /**< Use classical reduction. */
-#endif
-    uint8_t mod_offset;         /**< The mod offset we are using */
-} BI_CTX;
-
-#define axtls_max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
-#define axtls_min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
-
-#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
-
-#endif
diff --git a/tools/sdk/axtls/crypto/crypto.h b/tools/sdk/axtls/crypto/crypto.h
deleted file mode 100644
index da24d31c55..0000000000
--- a/tools/sdk/axtls/crypto/crypto.h
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file crypto.h
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "bigint_impl.h"
-#include "bigint.h"
-
-#ifndef STDCALL
-#define STDCALL
-#endif
-#ifndef EXP_FUNC
-#define EXP_FUNC
-#endif
-
-
-/* enable features based on a 'super-set' capbaility. */
-#if defined(CONFIG_SSL_FULL_MODE) 
-#define CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_CERT_VERIFICATION
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-#define CONFIG_SSL_CERT_VERIFICATION
-#endif
-
-/**************************************************************************
- * AES declarations 
- **************************************************************************/
-
-#define AES_MAXROUNDS			14
-#define AES_BLOCKSIZE           16
-#define AES_IV_SIZE             16
-
-typedef struct aes_key_st 
-{
-    uint16_t rounds;
-    uint16_t key_size;
-    uint32_t ks[(AES_MAXROUNDS+1)*8];
-    uint8_t iv[AES_IV_SIZE];
-} AES_CTX;
-
-typedef enum
-{
-    AES_MODE_128,
-    AES_MODE_256
-} AES_MODE;
-
-void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
-        const uint8_t *iv, AES_MODE mode);
-void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
-        uint8_t *out, int length);
-void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
-void AES_convert_key(AES_CTX *ctx);
-
-/**************************************************************************
- * RC4 declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    uint8_t x, y, m[256];
-} RC4_CTX;
-
-void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
-void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
-
-/**************************************************************************
- * SHA1 declarations 
- **************************************************************************/
-
-#define SHA1_SIZE   20
-
-/*
- *  This structure will hold context information for the SHA-1
- *  hashing operation
- */
-typedef struct 
-{
-    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
-    uint32_t Length_Low;            /* Message length in bits */
-    uint32_t Length_High;           /* Message length in bits */
-    uint16_t Message_Block_Index;   /* Index into message block array   */
-    uint8_t Message_Block[64];      /* 512-bit message blocks */
-} SHA1_CTX;
-
-void SHA1_Init(SHA1_CTX *);
-void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
-void SHA1_Final(uint8_t *digest, SHA1_CTX *);
-
-/**************************************************************************
- * SHA256 declarations 
- **************************************************************************/
-
-#define SHA256_SIZE   32
-
-typedef struct
-{
-    uint32_t total[2];
-    uint32_t state[8];
-    uint8_t buffer[64];
-} SHA256_CTX;
-
-void SHA256_Init(SHA256_CTX *c);
-void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
-void SHA256_Final(uint8_t *digest, SHA256_CTX *);
-
-/**************************************************************************
- * SHA512 declarations 
- **************************************************************************/
-
-#define SHA512_SIZE   64
-
-typedef struct
-{
-    union
-    {
-        uint64_t h[8];
-        uint8_t digest[64];
-    } h_dig;
-    union
-    {
-        uint64_t w[80];
-        uint8_t buffer[128];
-    } w_buf;
-    size_t size;
-    uint64_t totalSize;
-} SHA512_CTX;
-
-void SHA512_Init(SHA512_CTX *c);
-void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len);
-void SHA512_Final(uint8_t *digest, SHA512_CTX *);
-
-/**************************************************************************
- * SHA384 declarations 
- **************************************************************************/
-
-#define SHA384_SIZE   48
-
-typedef SHA512_CTX SHA384_CTX;
-void SHA384_Init(SHA384_CTX *c);
-void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len);
-void SHA384_Final(uint8_t *digest, SHA384_CTX *);
-
-/**************************************************************************
- * MD5 declarations 
- **************************************************************************/
-
-#define MD5_SIZE    16
-
-typedef struct 
-{
-  uint32_t state[4];        /* state (ABCD) */
-  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
-  uint8_t buffer[64];       /* input buffer */
-} MD5_CTX;
-
-EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
-EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
-EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
-
-/**************************************************************************
- * HMAC declarations 
- **************************************************************************/
-void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-/**************************************************************************
- * HMAC functions operating on vectors 
- **************************************************************************/
-void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha1_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-void hmac_sha256_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-/**************************************************************************
- * RSA declarations 
- **************************************************************************/
-
-typedef struct 
-{
-    bigint *m;              /* modulus */
-    bigint *e;              /* public exponent */
-    bigint *d;              /* private exponent */
-#ifdef CONFIG_BIGINT_CRT
-    bigint *p;              /* p as in m = pq */
-    bigint *q;              /* q as in m = pq */
-    bigint *dP;             /* d mod (p-1) */
-    bigint *dQ;             /* d mod (q-1) */
-    bigint *qInv;           /* q^-1 mod p */
-#endif
-    int num_octets;
-    BI_CTX *bi_ctx;
-} RSA_CTX;
-
-void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#ifdef CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-        );
-void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len);
-void RSA_free(RSA_CTX *ctx);
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
-        int out_len, int is_decryption);
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
-#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
-bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp);
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing);
-void RSA_print(const RSA_CTX *ctx);
-#endif
-
-/**************************************************************************
- * RNG declarations 
- **************************************************************************/
-EXP_FUNC void STDCALL RNG_initialize(void);
-EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
-EXP_FUNC void STDCALL RNG_terminate(void);
-EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
-int get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/tools/sdk/axtls/crypto/crypto_misc.c b/tools/sdk/axtls/crypto/crypto_misc.c
deleted file mode 100644
index c7f086dadb..0000000000
--- a/tools/sdk/axtls/crypto/crypto_misc.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * Copyright (c) 2007-2015, Cameron Rich
- * 
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- *   may be used to endorse or promote products derived from this software
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Some misc. routines to help things out
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "crypto_misc.h"
-#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
-#include "wincrypt.h"
-#endif
-
-#ifdef ESP8266
-#define CONFIG_SSL_SKELETON_MODE 1
-uint32_t phy_get_rand();
-#endif
-
-#if defined(CONFIG_USE_DEV_URANDOM)
-static int rng_fd = -1;
-#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-static HCRYPTPROV gCryptProv;
-#endif
-
-#if (!defined(ESP8266) && !defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
-/* change to processor registers as appropriate */
-#define ENTROPY_POOL_SIZE 32
-#define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)
-#define ENTROPY_COUNTER2 rand()
-static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
-#endif
-
-const char * const unsupported_str = "Error: Feature not supported\n";
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-/**
- * Retrieve a file and put it into memory
- * @return The size of the file, or -1 on failure.
- */
-int get_file(const char *filename, uint8_t **buf)
-{
-    int total_bytes = 0;
-    int bytes_read = 0;
-    int filesize;
-    FILE *stream = fopen(filename, "rb");
-
-    if (stream == NULL)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
-#endif
-        return -1;
-    }
-
-    /* Win CE doesn't support stat() */
-    fseek(stream, 0, SEEK_END);
-    filesize = ftell(stream);
-    *buf = (uint8_t *)malloc(filesize);
-    fseek(stream, 0, SEEK_SET);
-
-    do
-    {
-        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
-        total_bytes += bytes_read;
-    } while (total_bytes < filesize && bytes_read > 0);
-
-    fclose(stream);
-    return filesize;
-}
-#endif
-
-/**
- * Initialise the Random Number Generator engine.
- * - On Win32 use the platform SDK's crypto engine.
- * - On Linux use /dev/urandom
- * - If none of these work then use a custom RNG.
- */
-EXP_FUNC void STDCALL RNG_initialize()
-{
-#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-    rng_fd = open("/dev/urandom", O_RDONLY);
-#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    if (!CryptAcquireContext(&gCryptProv,
-                      NULL, NULL, PROV_RSA_FULL, 0))
-    {
-        if (GetLastError() == NTE_BAD_KEYSET &&
-                !CryptAcquireContext(&gCryptProv,
-                       NULL,
-                       NULL,
-                       PROV_RSA_FULL,
-                       CRYPT_NEWKEYSET))
-        {
-            printf("CryptoLib: %x\n", unsupported_str, GetLastError());
-            exit(1);
-        }
-    }
-#elif defined(ESP8266)
-#else
-    /* start of with a stack to copy across */
-    int i;
-    memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
-    rand_r((unsigned int *)entropy_pool); 
-#endif
-}
-
-/**
- * If no /dev/urandom, then initialise the RNG with something interesting.
- */
-EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
-{
-#if defined(WIN32) || defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    int i;
-
-    for (i = 0; i < ENTROPY_POOL_SIZE && i < size; i++)
-        entropy_pool[i] ^= seed_buf[i];
-#endif
-}
-
-/**
- * Terminate the RNG engine.
- */
-EXP_FUNC void STDCALL RNG_terminate(void)
-{
-#if defined(CONFIG_USE_DEV_URANDOM)
-    close(rng_fd);
-#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    CryptReleaseContext(gCryptProv, 0);
-#endif
-}
-
-/**
- * Set a series of bytes with a random number. Individual bytes can be 0
- */
-EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
-{   
-#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
-    /* use the Linux default - read from /dev/urandom */
-    if (read(rng_fd, rand_data, num_rand_bytes) < 0) 
-        return -1;
-#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
-    /* use Microsoft Crypto Libraries */
-    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
-#elif defined(ESP8266)
-    for (size_t cb = 0; cb < num_rand_bytes; cb += 4) {
-        uint32_t r = phy_get_rand();
-        size_t left = num_rand_bytes - cb;
-        left = (left < 4) ? left : 4;
-        memcpy(rand_data + cb, &r, left);
-    }
-#else   /* nothing else to use, so use a custom RNG */
-    /* The method we use when we've got nothing better. Use RC4, time
-       and a couple of random seeds to generate a random sequence */
-    AES_CTX rng_ctx;
-    struct timeval tv;
-    MD5_CTX rng_digest_ctx;
-    uint8_t digest[MD5_SIZE];
-    uint64_t *ep;
-    int i;
-
-    /* A proper implementation would use counters etc for entropy */
-    gettimeofday(&tv, NULL);
-    ep = (uint64_t *)entropy_pool;
-    ep[0] ^= ENTROPY_COUNTER1;
-    ep[1] ^= ENTROPY_COUNTER2;
-
-    /* use a digested version of the entropy pool as a key */
-    MD5_Init(&rng_digest_ctx);
-    MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
-    MD5_Final(digest, &rng_digest_ctx);
-
-    /* come up with the random sequence */
-    AES_set_key(&rng_ctx, digest, (const uint8_t *)ep, AES_MODE_128); /* use as a key */
-    memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
-				num_rand_bytes : ENTROPY_POOL_SIZE);
-    AES_cbc_encrypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
-
-    /* move things along */
-    for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
-        entropy_pool[i] = entropy_pool[i-MD5_SIZE];
-
-    /* insert the digest at the start of the entropy pool */
-    memcpy(entropy_pool, digest, MD5_SIZE);
-#endif
-    return 0;
-}
-
-/**
- * Set a series of bytes with a random number. Individual bytes are not zero.
- */
-int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
-{
-    int i;
-    if (get_random(num_rand_bytes, rand_data))
-        return -1;
-
-    for (i = 0; i < num_rand_bytes; i++)
-    {
-        while (rand_data[i] == 0)  {
-            get_random(1, rand_data + i);
-        }
-    }
-
-    return 0;
-}
-
-/**
- * Some useful diagnostic routines
- */
-#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
-int hex_finish;
-int hex_index;
-
-static void print_hex_init(int finish)
-{
-    hex_finish = finish;
-    hex_index = 0;
-}
-
-static void print_hex(uint8_t hex)
-{
-    static int column;
-
-    if (hex_index == 0)
-    {
-        column = 0;
-    }
-
-    printf("%02x ", hex);
-    if (++column == 8)
-    {
-        printf(": ");
-    }
-    else if (column >= 16)
-    {
-        printf("\n");
-        column = 0;
-    }
-
-    if (++hex_index >= hex_finish && column > 0)
-    {
-        printf("\n");
-    }
-}
-
-/**
- * Spit out a blob of data for diagnostics. The data is is a nice column format
- * for easy reading.
- *
- * @param format   [in]    The string (with possible embedded format characters)
- * @param size     [in]    The number of numbers to print
- * @param data     [in]    The start of data to use
- * @param ...      [in]    Any additional arguments
- */
-EXP_FUNC void STDCALL print_blob(const char *format,
-        const uint8_t *data, int size, ...)
-{
-    int i;
-    char tmp[80];
-    va_list(ap);
-
-    va_start(ap, size);
-    snprintf(tmp, sizeof(tmp), "SSL: %s\n", format);
-    vprintf(tmp, ap);
-    print_hex_init(size);
-    for (i = 0; i < size; i++)
-    {
-        print_hex(data[i]);
-    }
-
-    va_end(ap);
-    TTY_FLUSH();
-}
-#elif defined(WIN32)
-/* VC6.0 doesn't handle variadic macros */
-EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
-        int size, ...) {}
-#endif
-
-#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
-/* base64 to binary lookup table */
-static const uint8_t map[128] PROGMEM =
-{
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
-    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
-    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
-    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
-    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
-    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
-    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
-    49,  50,  51, 255, 255, 255, 255, 255
-};
-
-EXP_FUNC int STDCALL base64_decode(const char *in, int len,
-                    uint8_t *out, int *outlen)
-{
-    int g, t, x, y, z;
-    uint8_t c;
-    int ret = -1;
-
-    g = 3;
-    for (x = y = z = t = 0; x < len; x++)
-    {
-        if ((c = ax_array_read_u8(map, in[x]&0x7F)) == 0xff)
-            continue;
-
-        if (c == 254)   /* this is the end... */
-        {
-            c = 0;
-
-            if (--g < 0)
-                goto error;
-        }
-        else if (g != 3) /* only allow = at end */
-            goto error;
-
-        t = (t<<6) | c;
-
-        if (++y == 4)
-        {
-            out[z++] = (uint8_t)((t>>16)&255);
-
-            if (g > 1)
-                out[z++] = (uint8_t)((t>>8)&255);
-
-            if (g > 2)
-                out[z++] = (uint8_t)(t&255);
-
-            y = t = 0;
-        }
-
-        /* check that we don't go past the output buffer */
-        if (z > *outlen)
-            goto error;
-    }
-
-    if (y != 0)
-        goto error;
-
-    *outlen = z;
-    ret = 0;
-
-error:
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret < 0)
-        printf("Error: Invalid base64\n"); TTY_FLUSH();
-#endif
-    TTY_FLUSH();
-    return ret;
-
-}
-#endif
diff --git a/tools/sdk/axtls/crypto/hmac.c b/tools/sdk/axtls/crypto/hmac.c
deleted file mode 100644
index a0ae84ccf8..0000000000
--- a/tools/sdk/axtls/crypto/hmac.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * HMAC implementation - This code was originally taken from RFC2104
- * See http://www.ietf.org/rfc/rfc2104.txt and
- * http://www.faqs.org/rfcs/rfc2202.html
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-/**
- * Perform HMAC-MD5
- * NOTE: does not handle keys larger than the block size.
- */
-void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    hmac_md5_v(&msg, &length, 1, key, key_len, digest);
-}
-
-void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    MD5_CTX context;
-    uint8_t k_ipad[64];
-    uint8_t k_opad[64];
-    int i;
-
-    memset(k_ipad, 0, sizeof k_ipad);
-    memset(k_opad, 0, sizeof k_opad);
-    memcpy(k_ipad, key, key_len);
-    memcpy(k_opad, key, key_len);
-
-    for (i = 0; i < 64; i++) 
-    {
-        k_ipad[i] ^= 0x36;
-        k_opad[i] ^= 0x5c;
-    }
-
-    MD5_Init(&context);
-    MD5_Update(&context, k_ipad, 64);
-    for (i = 0; i < count; ++i) 
-    {
-        MD5_Update(&context, msg[i], length[i]);
-    }
-    MD5_Final(digest, &context);
-    MD5_Init(&context);
-    MD5_Update(&context, k_opad, 64);
-    MD5_Update(&context, digest, MD5_SIZE);
-    MD5_Final(digest, &context);
-}
-
-/**
- * Perform HMAC-SHA1
- * NOTE: does not handle keys larger than the block size.
- */
-void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    hmac_sha1_v(&msg, &length, 1, key, key_len, digest);
-}
-
-void hmac_sha1_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    SHA1_CTX context;
-    uint8_t k_ipad[64];
-    uint8_t k_opad[64];
-    int i;
-
-    memset(k_ipad, 0, sizeof k_ipad);
-    memset(k_opad, 0, sizeof k_opad);
-    memcpy(k_ipad, key, key_len);
-    memcpy(k_opad, key, key_len);
-
-    for (i = 0; i < 64; i++) 
-    {
-        k_ipad[i] ^= 0x36;
-        k_opad[i] ^= 0x5c;
-    }
-
-    SHA1_Init(&context);
-    SHA1_Update(&context, k_ipad, 64);
-    for (i = 0; i < count; ++i) 
-    {
-        SHA1_Update(&context, msg[i], length[i]);
-    }
-    SHA1_Final(digest, &context);
-    SHA1_Init(&context);
-    SHA1_Update(&context, k_opad, 64);
-    SHA1_Update(&context, digest, SHA1_SIZE);
-    SHA1_Final(digest, &context);
-}
-
-/**
- * Perform HMAC-SHA256
- * NOTE: does not handle keys larger than the block size.
- */
-void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    hmac_sha256_v(&msg, &length, 1, key, key_len, digest);
-}
-
-void hmac_sha256_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest)
-{
-    SHA256_CTX context;
-    uint8_t k_ipad[64];
-    uint8_t k_opad[64];
-    int i;
-
-    memset(k_ipad, 0, sizeof k_ipad);
-    memset(k_opad, 0, sizeof k_opad);
-    memcpy(k_ipad, key, key_len);
-    memcpy(k_opad, key, key_len);
-
-    for (i = 0; i < 64; i++) 
-    {
-        k_ipad[i] ^= 0x36;
-        k_opad[i] ^= 0x5c;
-    }
-
-    SHA256_Init(&context);
-    SHA256_Update(&context, k_ipad, 64);
-    for (i = 0; i < count; ++i) 
-    {
-        SHA256_Update(&context, msg[i], length[i]);
-    }
-    SHA256_Final(digest, &context);
-    SHA256_Init(&context);
-    SHA256_Update(&context, k_opad, 64);
-    SHA256_Update(&context, digest, SHA256_SIZE);
-    SHA256_Final(digest, &context);
-}
-
diff --git a/tools/sdk/axtls/crypto/md5.c b/tools/sdk/axtls/crypto/md5.c
deleted file mode 100644
index 1a8786f473..0000000000
--- a/tools/sdk/axtls/crypto/md5.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * This file implements the MD5 algorithm as defined in RFC1321
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-/* Constants for MD5Transform routine.
- */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-/* ----- static functions ----- */
-static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
-static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
-static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
-
-static const uint8_t PADDING[64] PROGMEM = 
-{
-    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* F, G, H and I are basic MD5 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.  */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-   Rotation is separate from addition to prevent recomputation.  */
-#define FF(a, b, c, d, x, s, ac) { \
-    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define GG(a, b, c, d, x, s, ac) { \
-    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define HH(a, b, c, d, x, s, ac) { \
-    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-#define II(a, b, c, d, x, s, ac) { \
-    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
-    (a) = ROTATE_LEFT ((a), (s)); \
-    (a) += (b); \
-  }
-
-/**
- * MD5 initialization - begins an MD5 operation, writing a new ctx.
- */
-EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
-{
-    ctx->count[0] = ctx->count[1] = 0;
-
-    /* Load magic initialization constants.
-     */
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xefcdab89;
-    ctx->state[2] = 0x98badcfe;
-    ctx->state[3] = 0x10325476;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
-{
-    uint32_t x;
-    int i, partLen;
-
-    /* Compute number of bytes mod 64 */
-    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
-
-    /* Update number of bits */
-    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
-        ctx->count[1]++;
-    ctx->count[1] += ((uint32_t)len >> 29);
-
-    partLen = 64 - x;
-
-    /* Transform as many times as possible.  */
-    if (len >= partLen) 
-    {
-        memcpy(&ctx->buffer[x], msg, partLen);
-        MD5Transform(ctx->state, ctx->buffer);
-
-        for (i = partLen; i + 63 < len; i += 64)
-            MD5Transform(ctx->state, &msg[i]);
-
-        x = 0;
-    }
-    else
-        i = 0;
-
-    /* Buffer remaining input */
-    memcpy(&ctx->buffer[x], &msg[i], len-i);
-}
-
-/**
- * Return the 128-bit message digest into the user's array
- */
-EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
-{
-    uint8_t bits[8];
-    uint32_t x, padLen;
-#ifdef WITH_PGM_READ_HELPER
-    uint8_t PADDING_stack[64];
-    memcpy(PADDING_stack, PADDING, 64);
-#endif
-    /* Save number of bits */
-    Encode(bits, ctx->count, 8);
-
-    /* Pad out to 56 mod 64.
-     */
-    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
-    padLen = (x < 56) ? (56 - x) : (120 - x);
-#ifdef WITH_PGM_READ_HELPER
-    MD5_Update(ctx, PADDING_stack, padLen);
-#else
-    MD5_Update(ctx, PADDING, padLen);
-#endif
-
-    /* Append length (before padding) */
-    MD5_Update(ctx, bits, 8);
-
-    /* Store state in digest */
-    Encode(digest, ctx->state, MD5_SIZE);
-}
-
-/**
- * MD5 basic transformation. Transforms state based on block.
- */
-static void MD5Transform(uint32_t state[4], const uint8_t block[64])
-{
-    uint32_t a = state[0], b = state[1], c = state[2], 
-             d = state[3], x[MD5_SIZE];
-
-    Decode(x, block, 64);
-
-    /* Round 1 */
-    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
-    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
-    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
-    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
-    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
-    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
-    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
-    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
-    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
-    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
-    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
-    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
-    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
-    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
-    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
-    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
-    /* Round 2 */
-    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
-    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
-    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
-    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
-    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
-    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
-    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
-    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
-    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
-    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
-    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
-    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
-    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
-    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
-    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
-    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
-    /* Round 3 */
-    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
-    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
-    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
-    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
-    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
-    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
-    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
-    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
-    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
-    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
-    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
-    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
-    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
-    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
-    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
-    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
-    /* Round 4 */
-    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
-    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
-    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
-    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
-    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
-    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
-    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
-    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
-    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
-    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
-    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
-    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
-    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
-    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
-    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
-    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
-    state[0] += a;
-    state[1] += b;
-    state[2] += c;
-    state[3] += d;
-}
-
-/**
- * Encodes input (uint32_t) into output (uint8_t). Assumes len is
- *   a multiple of 4.
- */
-static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
-{
-    uint32_t i, j;
-
-    for (i = 0, j = 0; j < len; i++, j += 4) 
-    {
-        output[j] = (uint8_t)(input[i] & 0xff);
-        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
-        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
-        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
-    }
-}
-
-/**
- *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
- *   a multiple of 4.
- */
-static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
-{
-    uint32_t i, j;
-
-    for (i = 0, j = 0; j < len; i++, j += 4)
-        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
-            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
-}
diff --git a/tools/sdk/axtls/crypto/os_int.h b/tools/sdk/axtls/crypto/os_int.h
deleted file mode 100644
index 02e7d2d546..0000000000
--- a/tools/sdk/axtls/crypto/os_int.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (c) 2012-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file os_int.h
- *
- * Ensure a consistent bit size 
- */
-
-#ifndef HEADER_OS_INT_H
-#define HEADER_OS_INT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* some bool types - just make life easier */
-typedef char bool;
-#define false       0
-#define true        1
-
-#if defined(WIN32)
-typedef UINT8 uint8_t;
-typedef INT8 int8_t;
-typedef UINT16 uint16_t;
-typedef INT16 int16_t;
-typedef UINT32 uint32_t;
-typedef INT32 int32_t;
-typedef UINT64 uint64_t;
-typedef INT64 int64_t;
-#else   /* Not Win32 */
-
-#ifdef CONFIG_PLATFORM_SOLARIS
-#include <inttypes.h>
-#else
-#include <stdint.h>
-#endif /* Not Solaris */
-
-#endif /* Not Win32 */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/tools/sdk/axtls/crypto/rc4.c b/tools/sdk/axtls/crypto/rc4.c
deleted file mode 100644
index edfb27a575..0000000000
--- a/tools/sdk/axtls/crypto/rc4.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * An implementation of the RC4/ARC4 algorithm.
- * Originally written by Christophe Devine.
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-/* only used for PKCS12 now */
-#ifdef CONFIG_SSL_USE_PKCS12
-
-/**
- * Get ready for an encrypt/decrypt operation
- */
-void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
-{
-    int i, j = 0, k = 0, a;
-    uint8_t *m;
-
-    ctx->x = 0;
-    ctx->y = 0;
-    m = ctx->m;
-
-    for (i = 0; i < 256; i++)
-        m[i] = i;
-
-    for (i = 0; i < 256; i++)
-    {
-        a = m[i];
-        j = (uint8_t)(j + a + key[k]);
-        m[i] = m[j]; 
-        m[j] = a;
-
-        if (++k >= length) 
-            k = 0;
-    }
-}
-
-/**
- * Perform the encrypt/decrypt operation (can use it for either since
- * this is a stream cipher).
- * NOTE: *msg and *out must be the same pointer (performance tweak)
- */
-void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
-{ 
-    int i;
-    uint8_t *m, x, y, a, b;
-
-    x = ctx->x;
-    y = ctx->y;
-    m = ctx->m;
-
-    for (i = 0; i < length; i++)
-    {
-        a = m[++x];
-        y += a;
-        m[x] = b = m[y];
-        m[y] = a;
-        out[i] ^= m[(uint8_t)(a + b)];
-    }
-
-    ctx->x = x;
-    ctx->y = y;
-}
-
-#endif
diff --git a/tools/sdk/axtls/crypto/rsa.c b/tools/sdk/axtls/crypto/rsa.c
deleted file mode 100644
index ab74b4d3be..0000000000
--- a/tools/sdk/axtls/crypto/rsa.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Implements the RSA public encryption algorithm. Uses the bigint library to
- * perform its calculations.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <stdlib.h>
-#include "os_port.h"
-#include "crypto.h"
-
-void RSA_priv_key_new(RSA_CTX **ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len,
-        const uint8_t *priv_exp, int priv_len
-#if CONFIG_BIGINT_CRT
-      , const uint8_t *p, int p_len,
-        const uint8_t *q, int q_len,
-        const uint8_t *dP, int dP_len,
-        const uint8_t *dQ, int dQ_len,
-        const uint8_t *qInv, int qInv_len
-#endif
-    )
-{
-    RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx;
-    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
-    rsa_ctx = *ctx;
-    bi_ctx = rsa_ctx->bi_ctx;
-    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
-    bi_permanent(rsa_ctx->d);
-
-#ifdef CONFIG_BIGINT_CRT
-    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
-    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
-    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
-    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
-    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
-    bi_permanent(rsa_ctx->dP);
-    bi_permanent(rsa_ctx->dQ);
-    bi_permanent(rsa_ctx->qInv);
-    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
-    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
-#endif
-}
-
-void RSA_pub_key_new(RSA_CTX **ctx, 
-        const uint8_t *modulus, int mod_len,
-        const uint8_t *pub_exp, int pub_len)
-{
-    RSA_CTX *rsa_ctx;
-    BI_CTX *bi_ctx;
-
-    if (*ctx)   /* if we load multiple certs, dump the old one */
-        RSA_free(*ctx);
-
-    bi_ctx = bi_initialize();
-    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
-    rsa_ctx = *ctx;
-    rsa_ctx->bi_ctx = bi_ctx;
-    rsa_ctx->num_octets = mod_len;
-    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
-    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
-    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
-    bi_permanent(rsa_ctx->e);
-}
-
-/**
- * Free up any RSA context resources.
- */
-void RSA_free(RSA_CTX *rsa_ctx)
-{
-    BI_CTX *bi_ctx;
-    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
-        return;
-
-    bi_ctx = rsa_ctx->bi_ctx;
-
-    bi_depermanent(rsa_ctx->e);
-    bi_free(bi_ctx, rsa_ctx->e);
-    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
-
-    if (rsa_ctx->d)
-    {
-        bi_depermanent(rsa_ctx->d);
-        bi_free(bi_ctx, rsa_ctx->d);
-#ifdef CONFIG_BIGINT_CRT
-        bi_depermanent(rsa_ctx->dP);
-        bi_depermanent(rsa_ctx->dQ);
-        bi_depermanent(rsa_ctx->qInv);
-        bi_free(bi_ctx, rsa_ctx->dP);
-        bi_free(bi_ctx, rsa_ctx->dQ);
-        bi_free(bi_ctx, rsa_ctx->qInv);
-        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
-        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
-#endif
-    }
-
-    bi_terminate(bi_ctx);
-    free(rsa_ctx);
-}
-
-/**
- * @brief Use PKCS1.5 for decryption/verification.
- * @param ctx [in] The context
- * @param in_data [in] The data to decrypt (must be < modulus size-11)
- * @param out_data [out] The decrypted data.
- * @param out_len [int] The size of the decrypted buffer in bytes
- * @param is_decryption [in] Decryption or verify operation.
- * @return  The number of bytes that were originally encrypted. -1 on error.
- * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
- */
-int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
-                            uint8_t *out_data, int out_len, int is_decryption)
-{
-    const int byte_size = ctx->num_octets;
-    int i = 0, size = -1;
-    bigint *decrypted_bi, *dat_bi;
-    uint8_t *block = NULL;
-    int pad_count = 0;
-
-    do
-    {
-    if (out_len < byte_size)        /* check output has enough size */
-       break;
-
-    block = (uint8_t *)malloc(byte_size);
-    if (!block)
-       break;
-
-    memset(out_data, 0, out_len);   /* initialise */
-
-    /* decrypt */
-    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    decrypted_bi = is_decryption ?  /* decrypt or verify? */
-            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
-#else   /* always a decryption */
-    decrypted_bi = RSA_private(ctx, dat_bi);
-#endif
-
-    /* convert to a normal block */
-    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
-
-    if (block[i++] != 0)             /* leading 0? */
-        break;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
-    {
-        if (block[i++] != 0x01)     /* BT correct? */
-            break;
-
-        while (block[i++] == 0xff && i < byte_size)
-            pad_count++;
-    }
-    else                    /* PKCS1.5 encryption padding is random */
-#endif
-    {
-        if (block[i++] != 0x02)     /* BT correct? */
-            break;
-
-        while (block[i++] && i < byte_size)
-            pad_count++;
-    }
-
-    /* check separator byte 0x00 - and padding must be 8 or more bytes */
-    if (i == byte_size || pad_count < 8) 
-        break;
-
-    size = byte_size - i;
-
-    /* get only the bit we want */
-    memcpy(out_data, &block[i], size);
-    } while(false);
-
-    if(block)
-       free(block);
-
-    return size;
-}
-
-/**
- * Performs m = c^d mod n
- */
-bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
-{
-#ifdef CONFIG_BIGINT_CRT
-    return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
-#else
-    BI_CTX *ctx = c->bi_ctx;
-    ctx->mod_offset = BIGINT_M_OFFSET;
-    return bi_mod_power(ctx, bi_msg, c->d);
-#endif
-}
-
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * Used for diagnostics.
- */
-void RSA_print(const RSA_CTX *rsa_ctx) 
-{
-    if (rsa_ctx == NULL)
-        return;
-
-    printf("-----------------   RSA DEBUG   ----------------\n");
-    printf("Size:\t%d\n", rsa_ctx->num_octets);
-    bi_print("Modulus", rsa_ctx->m);
-    bi_print("Public Key", rsa_ctx->e);
-    bi_print("Private Key", rsa_ctx->d);
-}
-#endif
-
-#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
-/**
- * Performs c = m^e mod n
- */
-bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
-{
-    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
-    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
-}
-
-/**
- * Use PKCS1.5 for encryption/signing.
- * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
- */
-int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
-        uint8_t *out_data, int is_signing)
-{
-    int byte_size = ctx->num_octets;
-    int num_pads_needed = byte_size-in_len-3;
-    bigint *dat_bi, *encrypt_bi;
-
-    /* note: in_len+11 must be > byte_size */
-    out_data[0] = 0;     /* ensure encryption block is < modulus */
-
-    if (is_signing)
-    {
-        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
-        memset(&out_data[2], 0xff, num_pads_needed);
-    }
-    else /* randomize the encryption padding with non-zero bytes */   
-    {
-        out_data[1] = 2;
-        if (get_random_NZ(num_pads_needed, &out_data[2]) < 0)
-            return -1;
-    }
-
-    out_data[2+num_pads_needed] = 0;
-    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
-
-    /* now encrypt it */
-    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
-    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
-                              RSA_public(ctx, dat_bi);
-    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
-
-    /* save a few bytes of memory */
-    bi_clear_cache(ctx->bi_ctx);
-    return byte_size;
-}
-
-#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/tools/sdk/axtls/crypto/sha1.c b/tools/sdk/axtls/crypto/sha1.c
deleted file mode 100644
index 1082733e7e..0000000000
--- a/tools/sdk/axtls/crypto/sha1.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
- * This code was originally taken from RFC3174
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-/*
- *  Define the SHA1 circular left shift macro
- */
-#define SHA1CircularShift(bits,word) \
-                (((word) << (bits)) | ((word) >> (32-(bits))))
-
-/* ----- static functions ----- */
-static void SHA1PadMessage(SHA1_CTX *ctx);
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
-
-/**
- * Initialize the SHA1 context 
- */
-void SHA1_Init(SHA1_CTX *ctx)
-{
-    ctx->Length_Low             = 0;
-    ctx->Length_High            = 0;
-    ctx->Message_Block_Index    = 0;
-    ctx->Intermediate_Hash[0]   = 0x67452301;
-    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
-    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
-    ctx->Intermediate_Hash[3]   = 0x10325476;
-    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
-{
-    while (len--)
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
-        ctx->Length_Low += 8;
-
-        if (ctx->Length_Low == 0)
-            ctx->Length_High++;
-
-        if (ctx->Message_Block_Index == 64)
-            SHA1ProcessMessageBlock(ctx);
-
-        msg++;
-    }
-}
-
-/**
- * Return the 160-bit message digest into the user's array
- */
-void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
-{
-    int i;
-
-    SHA1PadMessage(ctx);
-    memset(ctx->Message_Block, 0, 64);
-    ctx->Length_Low = 0;    /* and clear length */
-    ctx->Length_High = 0;
-
-    for  (i = 0; i < SHA1_SIZE; i++)
-    {
-        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
-    }
-}
-
-/**
- * Process the next 512 bits of the message stored in the array.
- */
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
-{
-    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
-                            0x5A827999,
-                            0x6ED9EBA1,
-                            0x8F1BBCDC,
-                            0xCA62C1D6
-                            };
-    int        t;                 /* Loop counter                */
-    uint32_t      temp;              /* Temporary word value        */
-    uint32_t      W[80];             /* Word sequence               */
-    uint32_t      A, B, C, D, E;     /* Word buffers                */
-
-    /*
-     *  Initialize the first 16 words in the array W
-     */
-    for  (t = 0; t < 16; t++)
-    {
-        W[t] = ctx->Message_Block[t * 4] << 24;
-        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
-        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
-        W[t] |= ctx->Message_Block[t * 4 + 3];
-    }
-
-    for (t = 16; t < 80; t++)
-    {
-       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
-    }
-
-    A = ctx->Intermediate_Hash[0];
-    B = ctx->Intermediate_Hash[1];
-    C = ctx->Intermediate_Hash[2];
-    D = ctx->Intermediate_Hash[3];
-    E = ctx->Intermediate_Hash[4];
-
-    for (t = 0; t < 20; t++)
-    {
-        temp =  SHA1CircularShift(5,A) +
-                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-
-        B = A;
-        A = temp;
-    }
-
-    for (t = 20; t < 40; t++)
-    {
-        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    for (t = 40; t < 60; t++)
-    {
-        temp = SHA1CircularShift(5,A) +
-               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    for (t = 60; t < 80; t++)
-    {
-        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
-        E = D;
-        D = C;
-        C = SHA1CircularShift(30,B);
-        B = A;
-        A = temp;
-    }
-
-    ctx->Intermediate_Hash[0] += A;
-    ctx->Intermediate_Hash[1] += B;
-    ctx->Intermediate_Hash[2] += C;
-    ctx->Intermediate_Hash[3] += D;
-    ctx->Intermediate_Hash[4] += E;
-    ctx->Message_Block_Index = 0;
-}
-
-/*
- * According to the standard, the message must be padded to an even
- * 512 bits.  The first padding bit must be a '1'.  The last 64
- * bits represent the length of the original message.  All bits in
- * between should be 0.  This function will pad the message
- * according to those rules by filling the Message_Block array
- * accordingly.  It will also call the ProcessMessageBlock function
- * provided appropriately.  When it returns, it can be assumed that
- * the message digest has been computed.
- *
- * @param ctx [in, out] The SHA1 context
- */
-static void SHA1PadMessage(SHA1_CTX *ctx)
-{
-    /*
-     *  Check to see if the current message block is too small to hold
-     *  the initial padding bits and length.  If so, we will pad the
-     *  block, process it, and then continue padding into a second
-     *  block.
-     */
-    if (ctx->Message_Block_Index > 55)
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
-        while(ctx->Message_Block_Index < 64)
-        {
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-
-        SHA1ProcessMessageBlock(ctx);
-
-        while (ctx->Message_Block_Index < 56)
-        {
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-    }
-    else
-    {
-        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
-        while(ctx->Message_Block_Index < 56)
-        {
-
-            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
-        }
-    }
-
-    /*
-     *  Store the message length as the last 8 octets
-     */
-    ctx->Message_Block[56] = ctx->Length_High >> 24;
-    ctx->Message_Block[57] = ctx->Length_High >> 16;
-    ctx->Message_Block[58] = ctx->Length_High >> 8;
-    ctx->Message_Block[59] = ctx->Length_High;
-    ctx->Message_Block[60] = ctx->Length_Low >> 24;
-    ctx->Message_Block[61] = ctx->Length_Low >> 16;
-    ctx->Message_Block[62] = ctx->Length_Low >> 8;
-    ctx->Message_Block[63] = ctx->Length_Low;
-    SHA1ProcessMessageBlock(ctx);
-}
diff --git a/tools/sdk/axtls/crypto/sha256.c b/tools/sdk/axtls/crypto/sha256.c
deleted file mode 100644
index ba1ac95fe4..0000000000
--- a/tools/sdk/axtls/crypto/sha256.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * Copyright (c) 2015, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
-
-#define GET_UINT32(n,b,i)                       \
-{                                               \
-    (n) = ((uint32_t) (b)[(i)    ] << 24)       \
-        | ((uint32_t) (b)[(i) + 1] << 16)       \
-        | ((uint32_t) (b)[(i) + 2] <<  8)       \
-        | ((uint32_t) (b)[(i) + 3]      );      \
-}
-
-#define PUT_UINT32(n,b,i)                       \
-{                                               \
-    (b)[(i)    ] = (uint8_t) ((n) >> 24);       \
-    (b)[(i) + 1] = (uint8_t) ((n) >> 16);       \
-    (b)[(i) + 2] = (uint8_t) ((n) >>  8);       \
-    (b)[(i) + 3] = (uint8_t) ((n)      );       \
-}
-
-static const uint8_t sha256_padding[64] PROGMEM =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/**
- * Initialize the SHA256 context 
- */
-void SHA256_Init(SHA256_CTX *ctx)
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x6A09E667;
-    ctx->state[1] = 0xBB67AE85;
-    ctx->state[2] = 0x3C6EF372;
-    ctx->state[3] = 0xA54FF53A;
-    ctx->state[4] = 0x510E527F;
-    ctx->state[5] = 0x9B05688C;
-    ctx->state[6] = 0x1F83D9AB;
-    ctx->state[7] = 0x5BE0CD19;
-}
-
-static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
-{
-    uint32_t temp1, temp2, W[64];
-    uint32_t A, B, C, D, E, F, G, H;
-
-    GET_UINT32(W[0],  digest,  0);
-    GET_UINT32(W[1],  digest,  4);
-    GET_UINT32(W[2],  digest,  8);
-    GET_UINT32(W[3],  digest, 12);
-    GET_UINT32(W[4],  digest, 16);
-    GET_UINT32(W[5],  digest, 20);
-    GET_UINT32(W[6],  digest, 24);
-    GET_UINT32(W[7],  digest, 28);
-    GET_UINT32(W[8],  digest, 32);
-    GET_UINT32(W[9],  digest, 36);
-    GET_UINT32(W[10], digest, 40);
-    GET_UINT32(W[11], digest, 44);
-    GET_UINT32(W[12], digest, 48);
-    GET_UINT32(W[13], digest, 52);
-    GET_UINT32(W[14], digest, 56);
-    GET_UINT32(W[15], digest, 60);
-
-#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
-#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
-
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
-
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
-
-#define F0(x,y,z) ((x & y) | (z & (x | y)))
-#define F1(x,y,z) (z ^ (x & (y ^ z)))
-
-#define R(t)                                    \
-(                                              \
-    W[t] = S1(W[t -  2]) + W[t -  7] +          \
-           S0(W[t - 15]) + W[t - 16]            \
-)
-
-#define P(a,b,c,d,e,f,g,h,x,K)                  \
-{                                               \
-    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
-    temp2 = S2(a) + F0(a,b,c);                  \
-    d += temp1; h = temp1 + temp2;              \
-}
-
-    A = ctx->state[0];
-    B = ctx->state[1];
-    C = ctx->state[2];
-    D = ctx->state[3];
-    E = ctx->state[4];
-    F = ctx->state[5];
-    G = ctx->state[6];
-    H = ctx->state[7];
-
-    P(A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
-    P(H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
-    P(G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
-    P(F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
-    P(E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
-    P(D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
-    P(C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
-    P(B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
-    P(A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
-    P(H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
-    P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
-    P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
-    P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
-    P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
-    P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
-    P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
-    P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
-    P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
-    P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
-    P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
-    P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
-    P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
-    P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
-    P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
-    P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
-    P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
-    P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
-    P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
-    P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
-    P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
-    P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
-    P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
-    P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
-    P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
-    P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
-    P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
-    P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
-    P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
-    P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
-    P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
-    P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
-    P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
-    P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
-    P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
-    P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
-    P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
-    P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
-    P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
-    P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
-    P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
-    P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
-    P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
-    P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
-    P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
-    P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
-    P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
-    P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
-    P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
-    P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
-    P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
-    P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
-    P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
-    P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
-    P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
-
-    ctx->state[0] += A;
-    ctx->state[1] += B;
-    ctx->state[2] += C;
-    ctx->state[3] += D;
-    ctx->state[4] += E;
-    ctx->state[5] += F;
-    ctx->state[6] += G;
-    ctx->state[7] += H;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-void SHA256_Update(SHA256_CTX *ctx, const uint8_t * msg, int len)
-{
-    uint32_t left = ctx->total[0] & 0x3F;
-    uint32_t fill = 64 - left;
-
-    ctx->total[0] += len;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if (ctx->total[0] < len)
-        ctx->total[1]++;
-
-    if (left && len >= fill)
-    {
-        memcpy((void *) (ctx->buffer + left), (void *)msg, fill);
-        SHA256_Process(ctx->buffer, ctx);
-        len -= fill;
-        msg  += fill;
-        left = 0;
-    }
-
-    while (len >= 64)
-    {
-        SHA256_Process(msg, ctx);
-        len -= 64;
-        msg  += 64;
-    }
-
-    if (len)
-    {
-        memcpy((void *) (ctx->buffer + left), (void *) msg, len);
-    }
-}
-
-/**
- * Return the 256-bit message digest into the user's array
- */
-void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
-{
-    uint32_t last, padn;
-    uint32_t high, low;
-    uint8_t msglen[8];
-#ifdef WITH_PGM_READ_HELPER
-    uint8_t sha256_padding_ram[64];
-    memcpy(sha256_padding_ram, sha256_padding, 64);
-#endif
-
-    high = (ctx->total[0] >> 29)
-         | (ctx->total[1] <<  3);
-    low  = (ctx->total[0] <<  3);
-
-    PUT_UINT32(high, msglen, 0);
-    PUT_UINT32(low,  msglen, 4);
-
-    last = ctx->total[0] & 0x3F;
-    padn = (last < 56) ? (56 - last) : (120 - last);
-#ifdef WITH_PGM_READ_HELPER
-    SHA256_Update(ctx, sha256_padding_ram, padn);
-#else
-    SHA256_Update(ctx, sha256_padding, padn);
-#endif
-    SHA256_Update(ctx, msglen, 8);
-
-    PUT_UINT32(ctx->state[0], digest,  0);
-    PUT_UINT32(ctx->state[1], digest,  4);
-    PUT_UINT32(ctx->state[2], digest,  8);
-    PUT_UINT32(ctx->state[3], digest, 12);
-    PUT_UINT32(ctx->state[4], digest, 16);
-    PUT_UINT32(ctx->state[5], digest, 20);
-    PUT_UINT32(ctx->state[6], digest, 24);
-    PUT_UINT32(ctx->state[7], digest, 28);
-}
diff --git a/tools/sdk/axtls/crypto/sha384.c b/tools/sdk/axtls/crypto/sha384.c
deleted file mode 100644
index f1071be93b..0000000000
--- a/tools/sdk/axtls/crypto/sha384.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (c) 2015, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
- 
-/**
-* Initialize the SHA384 context 
-*/
- void SHA384_Init(SHA384_CTX *ctx)
- {
-    //Set initial hash value
-    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8LL;
-    ctx->h_dig.h[1] = 0x629A292A367CD507LL;
-    ctx->h_dig.h[2] = 0x9159015A3070DD17LL;
-    ctx->h_dig.h[3] = 0x152FECD8F70E5939LL;
-    ctx->h_dig.h[4] = 0x67332667FFC00B31LL;
-    ctx->h_dig.h[5] = 0x8EB44A8768581511LL;
-    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7LL;
-    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4LL;
- 
-    // Number of bytes in the buffer
-    ctx->size = 0;
-    // Total length of the message
-    ctx->totalSize = 0;
- }
- 
-/**
-* Accepts an array of octets as the next portion of the message.
-*/
-void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len)
-{
-    // The function is defined in the exact same manner as SHA-512
-    SHA512_Update(ctx, msg, len);
-}
- 
-/**
-* Return the 384-bit message digest into the user's array
-*/
-void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
-{
-    // The function is defined in the exact same manner as SHA-512
-    SHA512_Final(NULL, ctx);
- 
-    // Copy the resulting digest
-    if (digest != NULL)
-        memcpy(digest, ctx->h_dig.digest, SHA384_SIZE);
-}
- 
diff --git a/tools/sdk/axtls/crypto/sha512.c b/tools/sdk/axtls/crypto/sha512.c
deleted file mode 100644
index b24a28ee02..0000000000
--- a/tools/sdk/axtls/crypto/sha512.c
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright (c) 2015, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <string.h>
-#include "os_port.h"
-#include "crypto.h"
- 
-#define SHR64(a, n) ((a) >> (n))
-#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n))))
-#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
-#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39))
-#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41))
-#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7))
-#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
-#define MIN(x, y) ((x) < (y) ? x : y)
- 
-static const uint8_t padding[128] PROGMEM =
-{
-    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
- 
-static const uint64_t k[80] PROGMEM =
-{
-    0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL,
-    0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL,
-    0xD807AA98A3030242LL, 0x12835B0145706FBELL, 0x243185BE4EE4B28CLL, 0x550C7DC3D5FFB4E2LL,
-    0x72BE5D74F27B896FLL, 0x80DEB1FE3B1696B1LL, 0x9BDC06A725C71235LL, 0xC19BF174CF692694LL,
-    0xE49B69C19EF14AD2LL, 0xEFBE4786384F25E3LL, 0x0FC19DC68B8CD5B5LL, 0x240CA1CC77AC9C65LL,
-    0x2DE92C6F592B0275LL, 0x4A7484AA6EA6E483LL, 0x5CB0A9DCBD41FBD4LL, 0x76F988DA831153B5LL,
-    0x983E5152EE66DFABLL, 0xA831C66D2DB43210LL, 0xB00327C898FB213FLL, 0xBF597FC7BEEF0EE4LL,
-    0xC6E00BF33DA88FC2LL, 0xD5A79147930AA725LL, 0x06CA6351E003826FLL, 0x142929670A0E6E70LL,
-    0x27B70A8546D22FFCLL, 0x2E1B21385C26C926LL, 0x4D2C6DFC5AC42AEDLL, 0x53380D139D95B3DFLL,
-    0x650A73548BAF63DELL, 0x766A0ABB3C77B2A8LL, 0x81C2C92E47EDAEE6LL, 0x92722C851482353BLL,
-    0xA2BFE8A14CF10364LL, 0xA81A664BBC423001LL, 0xC24B8B70D0F89791LL, 0xC76C51A30654BE30LL,
-    0xD192E819D6EF5218LL, 0xD69906245565A910LL, 0xF40E35855771202ALL, 0x106AA07032BBD1B8LL,
-    0x19A4C116B8D2D0C8LL, 0x1E376C085141AB53LL, 0x2748774CDF8EEB99LL, 0x34B0BCB5E19B48A8LL,
-    0x391C0CB3C5C95A63LL, 0x4ED8AA4AE3418ACBLL, 0x5B9CCA4F7763E373LL, 0x682E6FF3D6B2B8A3LL,
-    0x748F82EE5DEFB2FCLL, 0x78A5636F43172F60LL, 0x84C87814A1F0AB72LL, 0x8CC702081A6439ECLL,
-    0x90BEFFFA23631E28LL, 0xA4506CEBDE82BDE9LL, 0xBEF9A3F7B2C67915LL, 0xC67178F2E372532BLL,
-    0xCA273ECEEA26619CLL, 0xD186B8C721C0C207LL, 0xEADA7DD6CDE0EB1ELL, 0xF57D4F7FEE6ED178LL,
-    0x06F067AA72176FBALL, 0x0A637DC5A2C898A6LL, 0x113F9804BEF90DAELL, 0x1B710B35131C471BLL,
-    0x28DB77F523047D84LL, 0x32CAAB7B40C72493LL, 0x3C9EBE0A15C9BEBCLL, 0x431D67C49C100D4CLL,
-    0x4CC5D4BECB3E42B6LL, 0x597F299CFC657E2ALL, 0x5FCB6FAB3AD6FAECLL, 0x6C44198C4A475817LL
-};
- 
-/**
-* Initialize the SHA512 context
-*/
-void SHA512_Init(SHA512_CTX *ctx)
-{
-    ctx->h_dig.h[0] = 0x6A09E667F3BCC908LL;
-    ctx->h_dig.h[1] = 0xBB67AE8584CAA73BLL;
-    ctx->h_dig.h[2] = 0x3C6EF372FE94F82BLL;
-    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1LL;
-    ctx->h_dig.h[4] = 0x510E527FADE682D1LL;
-    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1FLL;
-    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6BLL;
-    ctx->h_dig.h[7] = 0x5BE0CD19137E2179LL;
-    ctx->size = 0;
-    ctx->totalSize = 0;
-}
- 
-static void SHA512_Process(SHA512_CTX *ctx)
-{
-    int t;
-    uint64_t temp1;
-    uint64_t temp2;
- 
-    // Initialize the 8 working registers
-    uint64_t a = ctx->h_dig.h[0];
-    uint64_t b = ctx->h_dig.h[1];
-    uint64_t c = ctx->h_dig.h[2];
-    uint64_t d = ctx->h_dig.h[3];
-    uint64_t e = ctx->h_dig.h[4];
-    uint64_t f = ctx->h_dig.h[5];
-    uint64_t g = ctx->h_dig.h[6];
-    uint64_t h = ctx->h_dig.h[7];
- 
-    // Process message in 16-word blocks
-    uint64_t *w = ctx->w_buf.w;
- 
-    // Convert from big-endian byte order to host byte order
-    for (t = 0; t < 16; t++)
-       w[t] = be64toh(w[t]);
-
-    // Prepare the message schedule
-    for (t = 16; t < 80; t++)
-       w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
- 
-    // SHA-512 hash computation
-    for (t = 0; t < 80; t++)
-    {
-       // Calculate T1 and T2
-       temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
-       temp2 = SIGMA1(a) + MAJ(a, b, c);
- 
-       // Update the working registers
-       h = g;
-       g = f;
-       f = e;
-       e = d + temp1;
-       d = c;
-       c = b;
-       b = a;
-       a = temp1 + temp2;
-    }
- 
-    // Update the hash value
-    ctx->h_dig.h[0] += a;
-    ctx->h_dig.h[1] += b;
-    ctx->h_dig.h[2] += c;
-    ctx->h_dig.h[3] += d;
-    ctx->h_dig.h[4] += e;
-    ctx->h_dig.h[5] += f;
-    ctx->h_dig.h[6] += g;
-    ctx->h_dig.h[7] += h;
- }
-
-/**
-* Accepts an array of octets as the next portion of the message.
-*/
-void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
-{
-    // Process the incoming data
-    while (len > 0)
-    {
-        // The buffer can hold at most 128 bytes
-        size_t n = MIN(len, 128 - ctx->size);
- 
-        // Copy the data to the buffer
-        memcpy(ctx->w_buf.buffer + ctx->size, msg, n);
- 
-        // Update the SHA-512 ctx
-        ctx->size += n;
-        ctx->totalSize += n;
-        // Advance the data pointer
-        msg = (uint8_t *) msg + n;
-        // Remaining bytes to process
-        len -= n;
- 
-        // Process message in 16-word blocks
-        if (ctx->size == 128)
-        {
-            // Transform the 16-word block
-            SHA512_Process(ctx);
-            // Empty the buffer
-            ctx->size = 0;
-        }
-    }
-}
- 
-/**
-* Return the 512-bit message digest into the user's array
-*/
-void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
-{
-    int i;
-    size_t paddingSize;
-    uint64_t totalSize;
- 
-    // Length of the original message (before padding)
-    totalSize = ctx->totalSize * 8;
- 
-    // Pad the message so that its length is congruent to 112 modulo 128
-    paddingSize = (ctx->size < 112) ? (112 - ctx->size) : 
-                                        (128 + 112 - ctx->size);
-    // Append padding
-    SHA512_Update(ctx, padding, paddingSize);
- 
-    // Append the length of the original message
-    ctx->w_buf.w[14] = 0;
-    ctx->w_buf.w[15] = be64toh(totalSize);
- 
-    // Calculate the message digest
-    SHA512_Process(ctx);
- 
-    // Convert from host byte order to big-endian byte order
-    for (i = 0; i < 8; i++)
-       ctx->h_dig.h[i] = be64toh(ctx->h_dig.h[i]);
- 
-    // Copy the resulting digest
-    if (digest != NULL)
-       memcpy(digest, ctx->h_dig.digest, SHA512_SIZE);
- }
- 
diff --git a/tools/sdk/axtls/replacements/time.c b/tools/sdk/axtls/replacements/time.c
deleted file mode 100644
index 4972119bb4..0000000000
--- a/tools/sdk/axtls/replacements/time.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * time.c - ESP8266-specific functions for SNTP
- * Copyright (c) 2015 Peter Dobler. All rights reserved.
- * This file is part of the esp8266 core for Arduino environment.
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU Lesser General Public License for more details.
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- */
-
-#include <time.h>
-#include <sntp.h>
-
-extern uint32_t system_get_time(void);
-extern uint64_t system_mktime(uint32_t year, uint32_t mon, uint32_t day, uint32_t hour, uint32_t min, uint32_t sec);
-
-static int errno_var = 0;
-
-int* __errno(void) {
-    // DEBUGV("__errno is called last error: %d (not current)\n", errno_var);
-    return &errno_var;
-}
-
-unsigned long millis(void)
-{
-	return system_get_time() / 1000UL;
-}
-
-unsigned long micros(void)
-{
-	return system_get_time();
-}
-
-#ifndef _TIMEVAL_DEFINED
-#define _TIMEVAL_DEFINED
-struct timeval {
-  time_t      tv_sec;
-  suseconds_t tv_usec;
-};
-#endif
-
-extern char* sntp_asctime(const struct tm *t);
-extern struct tm* sntp_localtime(const time_t *clock);
-
-// time gap in seconds from 01.01.1900 (NTP time) to 01.01.1970 (UNIX time)
-#define DIFF1900TO1970 2208988800UL
-
-static int s_daylightOffset_sec = 0;
-static long s_timezone_sec = 0;
-static time_t s_bootTime = 0;
-
-// calculate offset used in gettimeofday
-static void ensureBootTimeIsSet()
-{
-    if (!s_bootTime)
-    {
-        time_t now = sntp_get_current_timestamp();
-        if (now)
-        {
-            s_bootTime =  now - millis() / 1000;
-        }
-    }
-}
-
-static void setServer(int id, const char* name_or_ip)
-{
-    if (name_or_ip)
-    {
-        //TODO: check whether server is given by name or IP
-        sntp_setservername(id, (char*) name_or_ip);
-    }
-}
-
-void configTime(int timezone, int daylightOffset_sec, const char* server1, const char* server2, const char* server3)
-{
-    sntp_stop();
-
-    setServer(0, server1);
-    setServer(1, server2);
-    setServer(2, server3);
-
-    s_timezone_sec = timezone;
-    s_daylightOffset_sec = daylightOffset_sec;
-    sntp_set_timezone(timezone/3600);
-    sntp_init();
-}
-
-int clock_gettime(clockid_t unused, struct timespec *tp)
-{
-    tp->tv_sec  = millis() / 1000;
-    tp->tv_nsec = micros() * 1000;
-    return 0;
-}
-
-// seconds since 1970
-time_t mktime(struct tm *t)
-{
-    // system_mktime expects month in range 1..12
-    #define START_MONTH 1
-    return DIFF1900TO1970 + system_mktime(t->tm_year, t->tm_mon + START_MONTH, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
-}
-
-time_t time(time_t * t)
-{
-    time_t seconds = sntp_get_current_timestamp();
-    if (t)
-    {
-        *t = seconds;
-    }
-    return seconds;
-}
-
-char* asctime(const struct tm *t)
-{
-    return sntp_asctime(t);
-}
-
-struct tm* localtime(const time_t *clock)
-{
-    return sntp_localtime(clock);
-}
-
-char* ctime(const time_t *t)
-{
-    struct tm* p_tm = localtime(t);
-    char* result = asctime(p_tm);
-    return result;
-}
-
-int gettimeofday(struct timeval *tp, void *tzp)
-{
-    if (tp)
-    {
-        ensureBootTimeIsSet();
-        tp->tv_sec  = (s_bootTime + millis()) / 1000;
-        tp->tv_usec = micros() * 1000;
-    }
-    return 0;
-}
diff --git a/tools/sdk/axtls/samples/c/axssl.c b/tools/sdk/axtls/samples/c/axssl.c
deleted file mode 100644
index 2bc872a5e7..0000000000
--- a/tools/sdk/axtls/samples/c/axssl.c
+++ /dev/null
@@ -1,902 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Demonstrate the use of the axTLS library in C with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl s_server -?
- * > axssl s_client -?
- *
- * The axtls shared library must be in the same directory or be found 
- * by the OS.
- */
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "os_port.h"
-#include "ssl.h"
-
-/* define standard input */
-#ifndef STDIN_FILENO
-#define STDIN_FILENO        0
-#endif
-
-static void do_server(int argc, char *argv[]);
-static void print_options(char *option);
-static void print_server_options(char *option);
-static void do_client(int argc, char *argv[]);
-static void print_client_options(char *option);
-static void display_cipher(SSL *ssl);
-static void display_session_id(SSL *ssl);
-
-/**
- * Main entry point. Doesn't do much except works out whether we are a client
- * or a server.
- */
-int main(int argc, char *argv[])
-{
-#ifdef WIN32
-    WSADATA wsaData;
-    WORD wVersionRequested = MAKEWORD(2, 2);
-    WSAStartup(wVersionRequested, &wsaData);
-#elif !defined(CONFIG_PLATFORM_SOLARIS)
-    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
-#endif
-
-    if (argc == 2 && strcmp(argv[1], "version") == 0)
-    {
-        printf("axssl %s %s\n", ssl_version(), __DATE__);
-        exit(0);
-    }
-
-    if (argc < 2 || (
-                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
-        print_options(argc > 1 ? argv[1] : "");
-
-    strcmp(argv[1], "s_server") ? 
-        do_client(argc, argv) : do_server(argc, argv);
-    return 0;
-}
-
-/**
- * Implement the SSL server logic. 
- */
-static void do_server(int argc, char *argv[])
-{
-    int i = 2;
-    uint16_t port = 4433;
-    uint32_t options = SSL_DISPLAY_CERTS;
-    int client_fd;
-    SSL_CTX *ssl_ctx;
-    int server_fd, res = 0;
-    socklen_t client_len;
-#ifndef CONFIG_SSL_SKELETON_MODE
-    char *private_key_file = NULL;
-    const char *password = NULL;
-    char **cert;
-    int cert_index = 0;
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef WIN32
-    char yes = 1;
-#else
-    int yes = 1;
-#endif
-    struct sockaddr_in serv_addr;
-    struct sockaddr_in client_addr;
-    int quiet = 0;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    int ca_cert_index = 0;
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
-#endif
-    fd_set read_set;
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    cert = (char **)calloc(1, sizeof(char *)*cert_size);
-#endif
-
-    while (i < argc)
-    {
-        if (strcmp(argv[i], "-accept") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            port = atoi(argv[++i]);
-        }
-#ifndef CONFIG_SSL_SKELETON_MODE
-        else if (strcmp(argv[i], "-cert") == 0)
-        {
-            if (i >= argc-1 || cert_index >= cert_size)
-            {
-                print_server_options(argv[i]);
-            }
-
-            cert[cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-key") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            private_key_file = argv[++i];
-            options |= SSL_NO_DEFAULT_KEY;
-        }
-        else if (strcmp(argv[i], "-pass") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_server_options(argv[i]);
-            }
-
-            password = argv[++i];
-        }
-#endif
-        else if (strcmp(argv[i], "-quiet") == 0)
-        {
-            quiet = 1;
-            options &= ~SSL_DISPLAY_CERTS;
-        }
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        else if (strcmp(argv[i], "-verify") == 0)
-        {
-            options |= SSL_CLIENT_AUTHENTICATION;
-        }
-        else if (strcmp(argv[i], "-CAfile") == 0)
-        {
-            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
-            {
-                print_server_options(argv[i]);
-            }
-
-            ca_cert[ca_cert_index++] = argv[++i];
-        }
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-        else if (strcmp(argv[i], "-debug") == 0)
-        {
-            options |= SSL_DISPLAY_BYTES;
-        }
-        else if (strcmp(argv[i], "-state") == 0)
-        {
-            options |= SSL_DISPLAY_STATES;
-        }
-        else if (strcmp(argv[i], "-show-rsa") == 0)
-        {
-            options |= SSL_DISPLAY_RSA;
-        }
-#endif
-        else    /* don't know what this is */
-        {
-            print_server_options(argv[i]);
-        }
-
-        i++;
-    }
-
-    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
-    {
-        fprintf(stderr, "Error: Server context is invalid\n");
-        exit(1);
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (private_key_file)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-        
-        /* auto-detect the key type from the file extension */
-        if (strstr(private_key_file, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key_file, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
-        {
-            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
-                                                        private_key_file);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", cert[i]);
-            exit(1);
-        }
-    }
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    for (i = 0; i < ca_cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
-            exit(1);
-        }
-    }
-
-    free(ca_cert);
-#endif
-#ifndef CONFIG_SSL_SKELETON_MODE
-    free(cert);
-#endif
-
-    /* Create socket for incoming connections */
-    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-    {
-        perror("socket");
-        return;
-    }
-      
-    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
-    /* Construct local address structure */
-    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
-    serv_addr.sin_family = AF_INET;                /* Internet address family */
-    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-    serv_addr.sin_port = htons(port);              /* Local port */
-
-    /* Bind to the local address */
-    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
-    {
-        perror("bind");
-        exit(1);
-    }
-
-    if (listen(server_fd, 5) < 0)
-    {
-        perror("listen");
-        exit(1);
-    }
-
-    client_len = sizeof(client_addr);
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
-    for (;;)
-    {
-        SSL *ssl;
-        int reconnected = 0;
-
-        if (!quiet)
-        {
-            printf("ACCEPT\n");
-            TTY_FLUSH();
-        }
-
-        if ((client_fd = accept(server_fd, 
-                (struct sockaddr *)&client_addr, &client_len)) < 0)
-        {
-            break;
-        }
-
-        ssl = ssl_server_new(ssl_ctx, client_fd);
-
-        /* now read (and display) whatever the client sends us */
-        for (;;)
-        {
-            /* allow parallel reading of client and standard input */
-            FD_ZERO(&read_set);
-            FD_SET(client_fd, &read_set);
-
-#ifndef WIN32
-            /* win32 doesn't like mixing up stdin and sockets */
-            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
-            {
-                FD_SET(STDIN_FILENO, &read_set);
-            }
-
-            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
-            {
-               uint8_t buf[1024];
-
-                /* read standard input? */
-                if (FD_ISSET(STDIN_FILENO, &read_set))
-                {
-                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
-                    {
-                        res = SSL_ERROR_CONN_LOST;
-                    }
-                    else
-                    {
-                        /* small hack to check renegotiation */
-                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
-                        {
-                            res = ssl_renegotiate(ssl);
-                        }
-                        else    /* write our ramblings to the client */
-                        {
-                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
-                        }
-                    }
-                }
-                else    /* a socket read */
-#endif
-                {
-                    /* keep reading until we get something interesting */
-                    uint8_t *read_buf;
-
-                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
-                    {
-                        /* are we in the middle of doing a handshake? */
-                        if (ssl_handshake_status(ssl) != SSL_OK)
-                        {
-                            reconnected = 0;
-                        }
-                        else if (!reconnected)
-                        {
-                            /* we are connected/reconnected */
-                            if (!quiet)
-                            {
-                                display_session_id(ssl);
-                                display_cipher(ssl);
-                            }
-
-                            reconnected = 1;
-                        }
-                    }
-
-                    if (res > SSL_OK)    /* display our interesting output */
-                    {
-                        int written = 0;
-                        while (written < res)
-                        {
-                            written += write(STDOUT_FILENO, read_buf+written,
-                                                res-written);
-                        }
-                        TTY_FLUSH();
-                    }
-                    else if (res == SSL_CLOSE_NOTIFY)
-                    {
-                        printf("shutting down SSL\n");
-                        TTY_FLUSH();
-                    }
-                    else if (res < SSL_OK && !quiet)
-                    {
-                        ssl_display_error(res);
-                    }
-                }
-#ifndef WIN32
-            }
-#endif
-
-            if (res < SSL_OK)
-            {
-                if (!quiet)
-                {
-                    printf("CONNECTION CLOSED\n");
-                    TTY_FLUSH();
-                }
-
-                break;
-            }
-        }
-
-        /* client was disconnected or the handshake failed. */
-        ssl_free(ssl);
-        SOCKET_CLOSE(client_fd);
-    }
-
-    ssl_ctx_free(ssl_ctx);
-}
-
-/**
- * Implement the SSL client logic.
- */
-static void do_client(int argc, char *argv[])
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    int res, i = 2;
-    uint16_t port = 4433;
-    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
-    int client_fd;
-    char *private_key_file = NULL;
-    struct sockaddr_in client_addr;
-    struct hostent *hostent;
-    int reconnect = 0;
-    uint32_t sin_addr;
-    SSL_CTX *ssl_ctx;
-    SSL *ssl = NULL;
-    int quiet = 0;
-    int cert_index = 0, ca_cert_index = 0;
-    int cert_size, ca_cert_size;
-    char **ca_cert, **cert;
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-    fd_set read_set;
-    const char *password = NULL;
-    SSL_EXTENSIONS *extensions = NULL;
-
-    FD_ZERO(&read_set);
-    sin_addr = inet_addr("127.0.0.1");
-    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
-    cert = (char **)calloc(1, sizeof(char *)*cert_size);
-
-    while (i < argc)
-    {
-        if (strcmp(argv[i], "-connect") == 0)
-        {
-            char *host, *ptr;
-
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            host = argv[++i];
-            if ((ptr = strchr(host, ':')) == NULL)
-            {
-                print_client_options(argv[i]);
-            }
-
-            *ptr++ = 0;
-            port = atoi(ptr);
-            hostent = gethostbyname(host);
-
-            if (hostent == NULL)
-            {
-                print_client_options(argv[i]);
-            }
-
-            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
-        }
-        else if (strcmp(argv[i], "-cert") == 0)
-        {
-            if (i >= argc-1 || cert_index >= cert_size)
-            {
-                print_client_options(argv[i]);
-            }
-
-            cert[cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-key") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            private_key_file = argv[++i];
-            options |= SSL_NO_DEFAULT_KEY;
-        }
-        else if (strcmp(argv[i], "-CAfile") == 0)
-        {
-            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
-            {
-                print_client_options(argv[i]);
-            }
-
-            ca_cert[ca_cert_index++] = argv[++i];
-        }
-        else if (strcmp(argv[i], "-verify") == 0)
-        {
-            options &= ~SSL_SERVER_VERIFY_LATER;
-        }
-        else if (strcmp(argv[i], "-reconnect") == 0)
-        {
-            reconnect = 4;
-        }
-        else if (strcmp(argv[i], "-quiet") == 0)
-        {
-            quiet = 1;
-            options &= ~SSL_DISPLAY_CERTS;
-        }
-        else if (strcmp(argv[i], "-pass") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            password = argv[++i];
-        }
-        else if (strcmp(argv[i], "-servername") == 0)
-        {
-            if (i >= argc-1)
-            {
-                print_client_options(argv[i]);
-            }
-
-            extensions = ssl_ext_new();
-            extensions->host_name = argv[++i];
-        }
-#ifdef CONFIG_SSL_FULL_MODE
-        else if (strcmp(argv[i], "-debug") == 0)
-        {
-            options |= SSL_DISPLAY_BYTES;
-        }
-        else if (strcmp(argv[i], "-state") == 0)
-        {
-            options |= SSL_DISPLAY_STATES;
-        }
-        else if (strcmp(argv[i], "-show-rsa") == 0)
-        {
-            options |= SSL_DISPLAY_RSA;
-        }
-#endif
-        else    /* don't know what this is */
-        {
-            print_client_options(argv[i]);
-        }
-
-        i++;
-    }
-
-    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
-    {
-        fprintf(stderr, "Error: Client context is invalid\n");
-        exit(1);
-    }
-
-    if (private_key_file)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-        
-        /* auto-detect the key type from the file extension */
-        if (strstr(private_key_file, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key_file, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
-        {
-            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
-                                                        private_key_file);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", cert[i]);
-            exit(1);
-        }
-    }
-
-    for (i = 0; i < ca_cert_index; i++)
-    {
-        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
-        {
-            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
-            exit(1);
-        }
-    }
-
-    free(cert);
-    free(ca_cert);
-
-    /*************************************************************************
-     * This is where the interesting stuff happens. Up until now we've
-     * just been setting up sockets etc. Now we do the SSL handshake.
-     *************************************************************************/
-    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    memset(&client_addr, 0, sizeof(client_addr));
-    client_addr.sin_family = AF_INET;
-    client_addr.sin_port = htons(port);
-    client_addr.sin_addr.s_addr = sin_addr;
-
-    if (connect(client_fd, (struct sockaddr *)&client_addr, 
-                sizeof(client_addr)) < 0)
-    {
-        perror("connect");
-        exit(1);
-    }
-
-    if (!quiet)
-    {
-        printf("CONNECTED\n");
-        TTY_FLUSH();
-    }
-
-    /* Try session resumption? */
-    if (reconnect)
-    {
-        while (reconnect--)
-        {
-            ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
-                    sizeof(session_id), extensions);
-            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
-            {
-                if (!quiet)
-                {
-                    ssl_display_error(res);
-                }
-
-                ssl_free(ssl);
-                exit(1);
-            }
-
-            display_session_id(ssl);
-            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
-
-            if (reconnect)
-            {
-                ssl_free(ssl);
-                SOCKET_CLOSE(client_fd);
-
-                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-                connect(client_fd, (struct sockaddr *)&client_addr, 
-                        sizeof(client_addr));
-            }
-        }
-    }
-    else
-    {
-        ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions);
-    }
-
-    /* check the return status */
-    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
-    {
-        if (!quiet)
-        {
-            ssl_display_error(res);
-        }
-
-        exit(1);
-    }
-
-    if (!quiet)
-    {
-        display_session_id(ssl);
-        display_cipher(ssl);
-    }
-
-    for (;;)
-    {
-        uint8_t buf[1024];
-
-        /* allow parallel reading of server and standard input */
-        FD_SET(client_fd, &read_set);
-#ifndef WIN32
-        /* win32 doesn't like mixing up stdin and sockets */
-        FD_SET(STDIN_FILENO, &read_set);
-
-        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
-        {
-            /* read standard input? */
-            if (FD_ISSET(STDIN_FILENO, &read_set))
-#endif
-            {
-                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
-                {
-                    /* bomb out of here */
-                    ssl_free(ssl);
-                    break;
-                }
-                else
-                {
-                    /* small hack to check renegotiation */
-                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
-                    {
-                        res = ssl_renegotiate(ssl);
-                    }
-                    else
-                    {
-                        res = ssl_write(ssl, buf, strlen((char *)buf));
-                    }
-                }
-            }
-#ifndef WIN32
-            else    /* a socket read */
-            {
-                uint8_t *read_buf;
-
-                res = ssl_read(ssl, &read_buf);
-
-                if (res > 0)    /* display our interesting output */
-                {
-                    int written = 0;
-                    while (written < res)
-                    {
-                        written += write(STDOUT_FILENO, read_buf+written,
-                                            res-written);
-                    }
-                    TTY_FLUSH();
-                }
-            }
-        }
-#endif
-
-        if (res < 0)
-        {
-            if (!quiet)
-            {
-                ssl_display_error(res);
-            }
-
-            break;      /* get outta here */
-        }
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    SOCKET_CLOSE(client_fd);
-#else
-    print_client_options(argv[1]);
-#endif
-}
-
-/**
- * We've had some sort of command-line error. Print out the basic options.
- */
-static void print_options(char *option)
-{
-    printf("axssl: Error: '%s' is an invalid command.\n", option);
-    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
-    exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the server options.
- */
-static void print_server_options(char *option)
-{
-#ifndef CONFIG_SSL_SKELETON_MODE
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
-    printf("unknown option %s\n", option);
-    printf("usage: s_server [args ...]\n");
-    printf(" -accept arg\t- port to accept on (default is 4433)\n");
-#ifndef CONFIG_SSL_SKELETON_MODE
-    printf(" -cert arg\t- certificate file to add (in addition to default)"
-                                    " to chain -\n"
-          "\t\t  Can repeat up to %d times\n", cert_size);
-    printf(" -key arg\t- Private key file to use\n");
-    printf(" -pass\t\t- private key file pass phrase source\n");
-#endif
-    printf(" -quiet\t\t- No server output\n");
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    printf(" -verify\t- turn on peer certificate verification\n");
-    printf(" -CAfile arg\t- Certificate authority\n");
-    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-    printf(" -debug\t\t- Print more output\n");
-    printf(" -state\t\t- Show state messages\n");
-    printf(" -show-rsa\t- Show RSA state\n");
-#endif
-    exit(1);
-}
-
-/**
- * We've had some sort of command-line error. Print out the client options.
- */
-static void print_client_options(char *option)
-{
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
-    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
-#endif
-
-    printf("unknown option %s\n", option);
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    printf("usage: s_client [args ...]\n");
-    printf(" -connect host:port - who to connect to (default "
-            "is localhost:4433)\n");
-    printf(" -verify\t- turn on peer certificate verification\n");
-    printf(" -cert arg\t- certificate file to use\n");
-    printf("\t\t  Can repeat up to %d times\n", cert_size);
-    printf(" -key arg\t- Private key file to use\n");
-    printf(" -CAfile arg\t- Certificate authority\n");
-    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
-    printf(" -quiet\t\t- No client output\n");
-    printf(" -reconnect\t- Drop and re-make the connection "
-            "with the same Session-ID\n");
-    printf(" -pass\t\t- Private key file pass phrase source\n");
-    printf(" -servername\t- Set TLS extension servername in ClientHello\n");
-#ifdef CONFIG_SSL_FULL_MODE
-    printf(" -debug\t\t- Print more output\n");
-    printf(" -state\t\t- Show state messages\n");
-    printf(" -show-rsa\t- Show RSA state\n");
-#endif
-#else
-    printf("Change configuration to allow this feature\n");
-#endif
-    exit(1);
-}
-
-/**
- * Display what cipher we are using 
- */
-static void display_cipher(SSL *ssl)
-{
-    printf("CIPHER is ");
-    switch (ssl_get_cipher_id(ssl))
-    {
-        case SSL_AES128_SHA:
-            printf("AES128-SHA");
-            break;
-
-        case SSL_AES256_SHA:
-            printf("AES256-SHA");
-            break;
-
-        case SSL_AES128_SHA256:
-            printf("AES128-SHA256");
-            break;
-
-        case SSL_AES256_SHA256:
-            printf("AES256-SHA256");
-            break;
-
-        default:
-            printf("Unknown - %d", ssl_get_cipher_id(ssl));
-            break;
-    }
-
-    printf("\n");
-    TTY_FLUSH();
-}
-
-/**
- * Display what session id we have.
- */
-static void display_session_id(SSL *ssl)
-{    
-    int i;
-    const uint8_t *session_id = ssl_get_session_id(ssl);
-    int sess_id_size = ssl_get_session_id_size(ssl);
-
-    if (sess_id_size > 0)
-    {
-        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-        for (i = 0; i < sess_id_size; i++)
-        {
-            printf("%02x", session_id[i]);
-        }
-
-        printf("\n-----END SSL SESSION PARAMETERS-----\n");
-        TTY_FLUSH();
-    }
-}
diff --git a/tools/sdk/axtls/samples/csharp/axssl.cs b/tools/sdk/axtls/samples/csharp/axssl.cs
deleted file mode 100644
index df3c576623..0000000000
--- a/tools/sdk/axtls/samples/csharp/axssl.cs
+++ /dev/null
@@ -1,758 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Demonstrate the use of the axTLS library in C# with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.
- *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > axssl.csharp.exe s_server -?
- * > axssl.csharp.exe s_client -?
- *
- * The axtls shared library must be in the same directory or be found 
- * by the OS.
- */
-
-using System;
-using System.Net;
-using System.Net.Sockets;
-using axTLS;
-
-public class axssl
-{
-    /*
-     * Main()
-     */
-    public static void Main(string[] args)
-    {
-        if (args.Length == 1 && args[0] == "version")
-        {
-            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
-            Environment.Exit(0); 
-        }
-
-        axssl runner = new axssl();
-
-        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
-            runner.print_options(args.Length > 0 ? args[0] : "");
-
-        int build_mode = SSLUtil.BuildMode();
-
-        if (args[0] == "s_server")
-            runner.do_server(build_mode, args);
-        else 
-            runner.do_client(build_mode, args);
-    }
-
-    /*
-     * do_server()
-     */
-    private void do_server(int build_mode, string[] args)
-    {
-        int i = 1;
-        int port = 4433;
-        uint options = axtls.SSL_DISPLAY_CERTS;
-        bool quiet = false;
-        string password = null;
-        string private_key_file = null;
-
-        /* organise the cert/ca_cert lists */
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-        string[] cert = new string[cert_size];
-        string[] ca_cert = new string[ca_cert_size];
-        int cert_index = 0;
-        int ca_cert_index = 0;
-
-        while (i < args.Length)
-        {
-            if (args[i] == "-accept")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                port = Int32.Parse(args[++i]);
-            }
-            else if (args[i] == "-quiet")
-            {
-                quiet = true;
-                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
-            }
-            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
-            {
-                if (args[i] == "-cert")
-                {
-                    if (i >= args.Length-1 || cert_index >= cert_size)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    cert[cert_index++] = args[++i];
-                }
-                else if (args[i] == "-key")
-                {
-                    if (i >= args.Length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    private_key_file = args[++i];
-                    options |= axtls.SSL_NO_DEFAULT_KEY;
-                }
-                else if (args[i] == "-pass")
-                {
-                    if (i >= args.Length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    password = args[++i];
-                }
-                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
-                {
-                    if (args[i] == "-verify")
-                    {
-                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
-                    }
-                    else if (args[i] == "-CAfile")
-                    {
-                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
-                        {
-                            print_server_options(build_mode, args[i]);
-                        }
-
-                        ca_cert[ca_cert_index++] = args[++i];
-                    }
-                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-                    {
-                        if (args[i] == "-debug")
-                        {
-                            options |= axtls.SSL_DISPLAY_BYTES;
-                        }
-                        else if (args[i] == "-state")
-                        {
-                            options |= axtls.SSL_DISPLAY_STATES;
-                        }
-                        else if (args[i] == "-show-rsa")
-                        {
-                            options |= axtls.SSL_DISPLAY_RSA;
-                        }
-                        else
-                            print_server_options(build_mode, args[i]);
-                    }
-                    else
-                        print_server_options(build_mode, args[i]);
-                }
-                else 
-                    print_server_options(build_mode, args[i]);
-            }
-            else
-                print_server_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        /* Create socket for incoming connections */
-        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
-        TcpListener server_sock = new TcpListener(ep);
-        server_sock.Start();      
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLServer ssl_ctx = new SSLServer(
-                                options, axtls.SSL_DEFAULT_SVR_SESS);
-
-        if (ssl_ctx == null)
-        {
-            Console.Error.WriteLine("Error: Server context is invalid");
-            Environment.Exit(1);
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.EndsWith(".p8"))
-                obj_type = axtls.SSL_OBJ_PKCS8;
-            else if (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.ObjLoad(obj_type,
-                             private_key_file, password) != axtls.SSL_OK)
-            {
-                Console.Error.WriteLine("Private key '" + private_key_file +
-                                                            "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                                                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        byte[] buf = null;
-        int res;
-
-        for (;;)
-        {
-            if (!quiet)
-            {
-                Console.WriteLine("ACCEPT");
-            }
-
-            Socket client_sock = server_sock.AcceptSocket();
-
-            SSL ssl = ssl_ctx.Connect(client_sock);
-
-            /* do the actual SSL handshake */
-            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
-            {
-                /* check when the connection has been established */
-                if (ssl.HandshakeStatus() == axtls.SSL_OK)
-                    break;
-
-                /* could do something else here */
-            }
-
-            if (res == axtls.SSL_OK) /* connection established and ok */
-            {
-                if (!quiet)
-                {
-                    display_session_id(ssl);
-                    display_cipher(ssl);
-                }
-
-                /* now read (and display) whatever the client sends us */
-                for (;;)
-                {
-                    /* keep reading until we get something interesting */
-                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
-                    {
-                        /* could do something else here */
-                    }
-
-                    if (res < axtls.SSL_OK)
-                    {
-                        if (!quiet)
-                        {
-                            Console.WriteLine("CONNECTION CLOSED");
-                        }
-
-                        break;
-                    }
-
-                    /* convert to string */
-                    char[] str = new char[res];
-                    for (i = 0; i < res; i++)
-                    {
-                        str[i] = (char)buf[i];
-                    }
-
-                    Console.Write(str);
-                }
-            }
-            else if (!quiet)
-            {
-                SSLUtil.DisplayError(res);
-            }
-
-            /* client was disconnected or the handshake failed. */
-            ssl.Dispose();
-            client_sock.Close();
-        }
-
-        /* ssl_ctx.Dispose(); */
-    }
-
-    /*
-     * do_client()
-     */
-    private void do_client(int build_mode, string[] args)
-    {
-        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
-        {
-            print_client_options(build_mode, args[1]);
-        }
-
-        int i = 1, res;
-        int port = 4433;
-        bool quiet = false;
-        string password = null;
-        int reconnect = 0;
-        string private_key_file = null;
-        string hostname = "127.0.0.1";
-
-        /* organise the cert/ca_cert lists */
-        int cert_index = 0;
-        int ca_cert_index = 0;
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-        string[] cert = new string[cert_size];
-        string[] ca_cert = new string[ca_cert_size];
-
-        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
-        byte[] session_id = null;
-
-        while (i < args.Length)
-        {
-            if (args[i] == "-connect")
-            {
-                string host_port;
-
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                host_port = args[++i];
-                int index_colon;
-
-                if ((index_colon = host_port.IndexOf(':')) < 0)
-                    print_client_options(build_mode, args[i]);
-
-                hostname = new string(host_port.ToCharArray(), 
-                        0, index_colon);
-                port = Int32.Parse(new String(host_port.ToCharArray(), 
-                            index_colon+1, host_port.Length-index_colon-1));
-            }
-            else if (args[i] == "-cert")
-            {
-                if (i >= args.Length-1 || cert_index >= cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                cert[cert_index++] = args[++i];
-            }
-            else if (args[i] == "-key")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                private_key_file = args[++i];
-                options |= axtls.SSL_NO_DEFAULT_KEY;
-            }
-            else if (args[i] == "-CAfile")
-            {
-                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                ca_cert[ca_cert_index++] = args[++i];
-            }
-            else if (args[i] == "-verify")
-            {
-                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
-            }
-            else if (args[i] == "-reconnect")
-            {
-                reconnect = 4;
-            }
-            else if (args[i] == "-quiet")
-            {
-                quiet = true;
-                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
-            }
-            else if (args[i] == "-pass")
-            {
-                if (i >= args.Length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                password = args[++i];
-            }
-            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-            {
-                if (args[i] == "-debug")
-                {
-                    options |= axtls.SSL_DISPLAY_BYTES;
-                }
-                else if (args[i] == "-state")
-                {
-                    options |= axtls.SSL_DISPLAY_STATES;
-                }
-                else if (args[i] == "-show-rsa")
-                {
-                    options |= axtls.SSL_DISPLAY_RSA;
-                }
-                else
-                    print_client_options(build_mode, args[i]);
-            }
-            else    /* don't know what this is */
-                print_client_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
-        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
-        IPAddress[] addresses = hostInfo.AddressList;
-        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
-        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
-                SocketType.Stream, ProtocolType.Tcp);
-        client_sock.Connect(ep);
-
-        if (!client_sock.Connected)
-        {
-            Console.WriteLine("could not connect");
-            Environment.Exit(1);
-        }
-
-        if (!quiet)
-        {
-            Console.WriteLine("CONNECTED");
-        }
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLClient ssl_ctx = new SSLClient(options,
-                                    axtls.SSL_DEFAULT_CLNT_SESS);
-
-        if (ssl_ctx == null)
-        {
-            Console.Error.WriteLine("Error: Client context is invalid");
-            Environment.Exit(1);
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type = axtls.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.EndsWith(".p8"))
-                obj_type = axtls.SSL_OBJ_PKCS8;
-            else if (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.ObjLoad(obj_type,
-                             private_key_file, password) != axtls.SSL_OK)
-            {
-                Console.Error.WriteLine("Private key '" + private_key_file +
-                                                            "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtls.SSL_OK)
-            {
-                Console.WriteLine("Certificate '" + cert[i] + 
-                                                        "' is undefined.");
-                Environment.Exit(1);
-            }
-        }
-
-        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
-
-        /* Try session resumption? */
-        if (reconnect > 0)
-        {
-            while (reconnect-- > 0)
-            {
-                ssl = ssl_ctx.Connect(client_sock, session_id);
-
-                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
-                {
-                    if (!quiet)
-                    {
-                        SSLUtil.DisplayError(res);
-                    }
-
-                    ssl.Dispose();
-                    Environment.Exit(1);
-                }
-
-                display_session_id(ssl);
-                session_id = ssl.GetSessionId();
-
-                if (reconnect > 0)
-                {
-                    ssl.Dispose();
-                    client_sock.Close();
-                    
-                    /* and reconnect */
-                    client_sock = new Socket(AddressFamily.InterNetwork, 
-                        SocketType.Stream, ProtocolType.Tcp);
-                    client_sock.Connect(ep);
-                }
-            }
-        }
-        else
-        {
-            ssl = ssl_ctx.Connect(client_sock, null);
-        }
-
-        /* check the return status */
-        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
-        {
-            if (!quiet)
-            {
-                SSLUtil.DisplayError(res);
-            }
-
-            Environment.Exit(1);
-        }
-
-        if (!quiet)
-        {
-            string common_name =
-                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
-
-            if (common_name != null)
-            {
-                Console.WriteLine("Common Name:\t\t\t" + common_name);
-            }
-
-            display_session_id(ssl);
-            display_cipher(ssl);
-        }
-
-        for (;;)
-        {
-            string user_input = Console.ReadLine();
-
-            if (user_input == null)
-                break;
-
-            byte[] buf = new byte[user_input.Length+2];
-            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
-            buf[buf.Length-1] = 0;              /* null terminate */
-
-            for (i = 0; i < buf.Length-2; i++)
-            {
-                buf[i] = (byte)user_input[i];
-            }
-
-            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
-            {
-                if (!quiet)
-                {
-                    SSLUtil.DisplayError(res);
-                }
-
-                break;
-            }
-        }
-
-        ssl_ctx.Dispose();
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the basic options.
-     */
-    private void print_options(string option)
-    {
-        Console.WriteLine("axssl: Error: '" + option + 
-                "' is an invalid command.");
-        Console.WriteLine("usage: axssl.csharp [s_server|" +
-                            "s_client|version] [args ...]");
-        Environment.Exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the server options.
-     */
-    private void print_server_options(int build_mode, string option)
-    {
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-
-        Console.WriteLine("unknown option " + option);
-        Console.WriteLine("usage: s_server [args ...]");
-        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
-                "is 4433)");
-        Console.WriteLine(" -quiet\t\t- No server output");
-
-        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
-        {
-          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
-                  "addition to default) to chain -");
-          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
-          Console.WriteLine(" -key arg\t- Private key file to use");
-          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
-        }
-
-        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
-        {
-            Console.WriteLine(" -verify\t- turn on peer certificate " +
-                    "verification");
-            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
-            Console.WriteLine("\t\t  Can repeat up to " + 
-                    ca_cert_size + "times");
-        }
-
-        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-        {
-            Console.WriteLine(" -debug\t\t- Print more output");
-            Console.WriteLine(" -state\t\t- Show state messages");
-            Console.WriteLine(" -show-rsa\t- Show RSA state");
-        }
-
-        Environment.Exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the client options.
-     */
-    private void print_client_options(int build_mode, string option)
-    {
-        int cert_size = SSLUtil.MaxCerts();
-        int ca_cert_size = SSLUtil.MaxCACerts();
-
-        Console.WriteLine("unknown option " + option);
-
-        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
-        {
-            Console.WriteLine("usage: s_client [args ...]");
-            Console.WriteLine(" -connect host:port - who to connect to " + 
-                    "(default is localhost:4433)");
-            Console.WriteLine(" -verify\t- turn on peer certificate " + 
-                    "verification");
-            Console.WriteLine(" -cert arg\t- certificate file to use");
-            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
-            Console.WriteLine(" -key arg\t- Private key file to use");
-            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
-            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
-                    " times");
-            Console.WriteLine(" -quiet\t\t- No client output");
-            Console.WriteLine(" -pass\t\t- private key file pass " + 
-                    "phrase source");
-            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
-                    "connection with the same Session-ID");
-
-            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
-            {
-                Console.WriteLine(" -debug\t\t- Print more output");
-                Console.WriteLine(" -state\t\t- Show state messages");
-                Console.WriteLine(" -show-rsa\t- Show RSA state");
-            }
-        }
-        else 
-        {
-            Console.WriteLine("Change configuration to allow this feature");
-        }
-
-        Environment.Exit(1);
-    }
-
-    /**
-     * Display what cipher we are using 
-     */
-    private void display_cipher(SSL ssl)
-    {
-        Console.Write("CIPHER is ");
-
-        switch (ssl.GetCipherId())
-        {
-            case axtls.SSL_AES128_SHA:
-                Console.WriteLine("AES128-SHA");
-                break;
-
-            case axtls.SSL_AES256_SHA:
-                Console.WriteLine("AES256-SHA");
-                break;
-
-            case axtls.SSL_AES128_SHA256:
-                Console.WriteLine("AES128-SHA256");
-                break;
-
-            case axtls.SSL_AES256_SHA256:
-                Console.WriteLine("AES128-SHA256");
-                break;
-
-            default:
-                Console.WriteLine("Unknown - " + ssl.GetCipherId());
-                break;
-        }
-    }
-
-    /**
-     * Display what session id we have.
-     */
-    private void display_session_id(SSL ssl)
-    {    
-        byte[] session_id = ssl.GetSessionId();
-
-        if (session_id.Length > 0)
-        {
-            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
-            foreach (byte b in session_id)
-            {
-                Console.Write("{0:x02}", b);
-            }
-
-            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
-        }
-    }
-}
diff --git a/tools/sdk/axtls/samples/java/Makefile b/tools/sdk/axtls/samples/java/Makefile
deleted file mode 100644
index 9c1ed6da2e..0000000000
--- a/tools/sdk/axtls/samples/java/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Copyright (c) 2007-2016, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-#   this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-#   contributors may be used to endorse or promote products derived
-#   from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-include ../../config/.config
-include ../../config/makefile.conf
-include ../../config/makefile.java.conf
-
-all : sample
-JAR=../../$(STAGE)/axtls.jar
-CLASSES=../../bindings/java/classes
-sample : $(JAR)
-
-$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
-	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
-
-JAVA_FILES=axssl.java
-JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
-
-$(CLASSES)/%.class : %.java
-	javac -d $(CLASSES) -classpath $(CLASSES) $^
-
-clean::
-	-@rm -f $(TARGET)
-
diff --git a/tools/sdk/axtls/samples/java/axssl.java b/tools/sdk/axtls/samples/java/axssl.java
deleted file mode 100644
index e013c11b47..0000000000
--- a/tools/sdk/axtls/samples/java/axssl.java
+++ /dev/null
@@ -1,760 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Demonstrate the use of the axTLS library in Java with a set of 
- * command-line parameters similar to openssl. In fact, openssl clients 
- * should be able to communicate with axTLS servers and visa-versa.  *
- * This code has various bits enabled depending on the configuration. To enable
- * the most interesting version, compile with the 'full mode' enabled.
- *
- * To see what options you have, run the following:
- * > java -jar axtls.jar s_server -?
- * > java -jar axtls.jar s_client -?
- *
- * The axtls/axtlsj shared libraries must be in the same directory or be found 
- * by the OS.
- */
-
-import java.io.*;
-import java.util.*;
-import java.net.*;
-import axTLSj.*;
-
-public class axssl
-{
-   /*
-     * Main()
-     */
-    public static void main(String[] args)
-    {
-        if (args.length == 1 && args[0].equals("version"))
-        {
-            System.out.println("axtls.jar " + SSLUtil.version());
-            System.exit(0);
-        }
-
-        axssl runner = new axssl();
-
-        try
-        {
-            if (args.length < 1 || 
-                    (!args[0].equals("s_server") &&
-                     !args[0].equals("s_client")))
-            {
-                runner.print_options(args.length > 0 ? args[0] : "");
-            }
-
-            int build_mode = SSLUtil.buildMode();
-
-            if (args[0].equals("s_server"))
-                runner.do_server(build_mode, args);
-            else 
-                runner.do_client(build_mode, args);
-        }
-        catch (Exception e) 
-        {
-            System.out.println(e);
-        }
-    }
-
-    /*
-     * do_server()
-     */
-    private void do_server(int build_mode, String[] args)
-                    throws Exception
-    {
-        int i = 1;
-        int port = 4433;
-        int options = axtlsj.SSL_DISPLAY_CERTS;
-        boolean quiet = false;
-        String password = null;
-        String private_key_file = null;
-
-        /* organise the cert/ca_cert lists */
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-        String[] cert = new String[cert_size];
-        String[] ca_cert = new String[ca_cert_size];
-        int cert_index = 0;
-        int ca_cert_index = 0;
-
-        while (i < args.length)
-        {
-            if (args[i].equals("-accept"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                port = Integer.parseInt(args[++i]);
-            }
-            else if (args[i].equals("-quiet"))
-            {
-                quiet = true;
-                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
-            }
-            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
-            {
-                if (args[i].equals("-cert"))
-                {
-                    if (i >= args.length-1 || cert_index >= cert_size)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    cert[cert_index++] = args[++i];
-                }
-                else if (args[i].equals("-key"))
-                {
-                    if (i >= args.length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    private_key_file = args[++i];
-                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
-                }
-                else if (args[i].equals("-pass"))
-                {
-                    if (i >= args.length-1)
-                    {
-                        print_server_options(build_mode, args[i]);
-                    }
-
-                    password = args[++i];
-                }
-                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
-                {
-                    if (args[i].equals("-verify"))
-                    {
-                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
-                    }
-                    else if (args[i].equals("-CAfile"))
-                    {
-                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
-                        {
-                            print_server_options(build_mode, args[i]);
-                        }
-
-                        ca_cert[ca_cert_index++] = args[++i];
-                    }
-                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-                    {
-                        if (args[i].equals("-debug"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_BYTES;
-                        }
-                        else if (args[i].equals("-state"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_STATES;
-                        }
-                        else if (args[i].equals("-show-rsa"))
-                        {
-                            options |= axtlsj.SSL_DISPLAY_RSA;
-                        }
-                        else
-                            print_server_options(build_mode, args[i]);
-                    }
-                    else
-                        print_server_options(build_mode, args[i]);
-                }
-                else 
-                    print_server_options(build_mode, args[i]);
-            }
-            else 
-                print_server_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        /* Create socket for incoming connections */
-        ServerSocket server_sock = new ServerSocket(port);
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLServer ssl_ctx = new SSLServer(options, 
-                                    axtlsj.SSL_DEFAULT_SVR_SESS);
-
-        if (ssl_ctx == null)
-            throw new Exception("Error: Server context is invalid");
-
-        if (private_key_file != null)
-        {
-            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.endsWith(".p8"))
-                obj_type = axtlsj.SSL_OBJ_PKCS8;
-            else if (private_key_file.endsWith(".p12"))
-                obj_type = axtlsj.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.objLoad(obj_type, 
-                            private_key_file, password) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Error: Private key '" + private_key_file + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + ca_cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        int res;
-        SSLReadHolder rh = new SSLReadHolder();
-
-        for (;;)
-        {
-            if (!quiet)
-            {
-                System.out.println("ACCEPT");
-            }
-
-            Socket client_sock = server_sock.accept();
-
-            SSL ssl = ssl_ctx.connect(client_sock);
-
-            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
-            {
-                /* check when the connection has been established */
-                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
-                    break;
-
-                /* could do something else here */
-            }
-
-            if (res == axtlsj.SSL_OK) /* connection established and ok */
-            {
-                if (!quiet)
-                {
-                    display_session_id(ssl);
-                    display_cipher(ssl);
-                }
-
-                /* now read (and display) whatever the client sends us */
-                for (;;)
-                {
-                    /* keep reading until we get something interesting */
-                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
-                    {
-                        /* could do something else here */
-                    }
-
-                    if (res < axtlsj.SSL_OK)
-                    {
-                        if (!quiet)
-                        {
-                            System.out.println("CONNECTION CLOSED");
-                        }
-
-                        break;
-                    }
-
-                    /* convert to String */
-                    byte[] buf = rh.getData();
-                    char[] str = new char[res];
-
-                    for (i = 0; i < res; i++)
-                    {
-                        str[i] = (char)buf[i];
-                    }
-
-                    System.out.print(str);
-                }
-            }
-            else if (!quiet)
-            {
-                SSLUtil.displayError(res);
-            }
-
-            /* client was disconnected or the handshake failed. */
-            ssl.dispose();
-            client_sock.close();
-        }
-
-        /* ssl_ctx.dispose(); */
-    }
-
-    /*
-     * do_client()
-     */
-    private void do_client(int build_mode, String[] args)
-                    throws Exception
-    {
-        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
-            print_client_options(build_mode, args[1]);
-
-        int i = 1, res;
-        int port = 4433;
-        boolean quiet = false;
-        String password = null;
-        int reconnect = 0;
-        String private_key_file = null;
-        String hostname = "127.0.0.1";
-
-        /* organise the cert/ca_cert lists */
-        int cert_index = 0;
-        int ca_cert_index = 0;
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-        String[] cert = new String[cert_size];
-        String[] ca_cert = new String[ca_cert_size];
-
-        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
-        byte[] session_id = null;
-
-        while (i < args.length)
-        {
-            if (args[i].equals("-connect"))
-            {
-                String host_port;
-
-                if (i >= args.length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                host_port = args[++i];
-                int index_colon;
-
-                if ((index_colon = host_port.indexOf(':')) < 0)
-                    print_client_options(build_mode, args[i]);
-
-                hostname = new String(host_port.toCharArray(), 
-                        0, index_colon);
-                port = Integer.parseInt(new String(host_port.toCharArray(), 
-                            index_colon+1, host_port.length()-index_colon-1));
-            }
-            else if (args[i].equals("-cert"))
-            {
-                if (i >= args.length-1 || cert_index >= cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                cert[cert_index++] = args[++i];
-            }
-            else if (args[i].equals("-CAfile"))
-            {
-                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                ca_cert[ca_cert_index++] = args[++i];
-            }
-            else if (args[i].equals("-key"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_client_options(build_mode, args[i]);
-                }
-
-                private_key_file = args[++i];
-                options |= axtlsj.SSL_NO_DEFAULT_KEY;
-            }
-            else if (args[i].equals("-verify"))
-            {
-                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
-            }
-            else if (args[i].equals("-reconnect"))
-            {
-                reconnect = 4;
-            }
-            else if (args[i].equals("-quiet"))
-            {
-                quiet = true;
-                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
-            }
-            else if (args[i].equals("-pass"))
-            {
-                if (i >= args.length-1)
-                {
-                    print_server_options(build_mode, args[i]);
-                }
-
-                password = args[++i];
-            }
-            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-            {
-                if (args[i].equals("-debug"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_BYTES;
-                }
-                else if (args[i].equals("-state"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_STATES;
-                }
-                else if (args[i].equals("-show-rsa"))
-                {
-                    options |= axtlsj.SSL_DISPLAY_RSA;
-                }
-                else
-                    print_client_options(build_mode, args[i]);
-            }
-            else    /* don't know what this is */
-                print_client_options(build_mode, args[i]);
-
-            i++;
-        }
-
-        Socket client_sock = new Socket(hostname, port);
-
-        if (!client_sock.isConnected())
-        {
-            System.out.println("could not connect");
-            throw new Exception();
-        }
-
-        if (!quiet)
-        {
-            System.out.println("CONNECTED");
-        }
-
-        /**********************************************************************
-         * This is where the interesting stuff happens. Up until now we've
-         * just been setting up sockets etc. Now we do the SSL handshake.
-         **********************************************************************/
-        SSLClient ssl_ctx = new SSLClient(options, 
-                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
-
-        if (ssl_ctx == null)
-        {
-            throw new Exception("Error: Client context is invalid");
-        }
-
-        if (private_key_file != null)
-        {
-            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
-
-            if (private_key_file.endsWith(".p8"))
-                obj_type = axtlsj.SSL_OBJ_PKCS8;
-            else if (private_key_file.endsWith(".p12"))
-                obj_type = axtlsj.SSL_OBJ_PKCS12;
-
-            if (ssl_ctx.objLoad(obj_type, 
-                            private_key_file, password) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Error: Private key '" + private_key_file + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
-                                        cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        for (i = 0; i < ca_cert_index; i++)
-        {
-            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
-                                        ca_cert[i], null) != axtlsj.SSL_OK)
-            {
-                throw new Exception("Certificate '" + ca_cert[i] + 
-                        "' is undefined.");
-            }
-        }
-
-        SSL ssl = null;
-
-        /* Try session resumption? */
-        if (reconnect > 0)
-        {
-            while (reconnect-- > 0)
-            {
-                ssl = ssl_ctx.connect(client_sock, session_id);
-
-                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
-                {
-                    if (!quiet)
-                    {
-                        SSLUtil.displayError(res);
-                    }
-
-                    ssl.dispose();
-                    throw new Exception();
-                }
-
-                display_session_id(ssl);
-                session_id = ssl.getSessionId();
-
-                if (reconnect > 0)
-                {
-                    ssl.dispose();
-                    client_sock.close();
-                    
-                    /* and reconnect */
-                    client_sock = new Socket(hostname, port);
-                }
-            }
-        }
-        else
-        {
-            ssl = ssl_ctx.connect(client_sock, null);
-        }
-
-        /* check the return status */
-        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
-        {
-            if (!quiet)
-            {
-                SSLUtil.displayError(res);
-            }
-
-            throw new Exception();
-        }
-
-        if (!quiet)
-        {
-            String common_name =
-                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
-
-            if (common_name != null)
-            {
-                System.out.println("Common Name:\t\t\t" + common_name);
-            }
-
-            display_session_id(ssl);
-            display_cipher(ssl);
-        }
-
-        BufferedReader in = new BufferedReader(
-                new InputStreamReader(System.in));
-
-        for (;;)
-        {
-            String user_input = in.readLine();
-
-            if (user_input == null)
-                break;
-
-            byte[] buf = new byte[user_input.length()+2];
-            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
-            buf[buf.length-1] = 0;              /* null terminate */
-
-            for (i = 0; i < buf.length-2; i++)
-            {
-                buf[i] = (byte)user_input.charAt(i);
-            }
-
-            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
-            {
-                if (!quiet)
-                {
-                    SSLUtil.displayError(res);
-                }
-
-                break;
-            }
-        }
-
-        ssl_ctx.dispose();
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the basic options.
-     */
-    private void print_options(String option)
-    {
-        System.out.println("axssl: Error: '" + option + 
-                "' is an invalid command.");
-        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
-                "[args ...]");
-        System.exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the server options.
-     */
-    private void print_server_options(int build_mode, String option)
-    {
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-
-        System.out.println("unknown option " + option);
-        System.out.println("usage: s_server [args ...]");
-        System.out.println(" -accept arg\t- port to accept on (default " + 
-                "is 4433)");
-        System.out.println(" -quiet\t\t- No server output");
-
-        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
-        {
-            System.out.println(" -cert arg\t- certificate file to add (in " + 
-                    "addition to default) to chain -");
-            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
-            System.out.println(" -key arg\t- Private key file to use");
-            System.out.println(" -pass\t\t- private key file pass phrase source");
-        }
-
-        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
-        {
-            System.out.println(" -verify\t- turn on peer certificate " +
-                    "verification");
-            System.out.println(" -CAfile arg\t- Certificate authority. ");
-            System.out.println("\t\t  Can repeat up to " + 
-                    ca_cert_size + " times");
-        }
-
-        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-        {
-            System.out.println(" -debug\t\t- Print more output");
-            System.out.println(" -state\t\t- Show state messages");
-            System.out.println(" -show-rsa\t- Show RSA state");
-        }
-
-        System.exit(1);
-    }
-
-    /**
-     * We've had some sort of command-line error. Print out the client options.
-     */
-    private void print_client_options(int build_mode, String option)
-    {
-        int cert_size = SSLUtil.maxCerts();
-        int ca_cert_size = SSLUtil.maxCACerts();
-
-        System.out.println("unknown option " + option);
-
-        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
-        {
-            System.out.println("usage: s_client [args ...]");
-            System.out.println(" -connect host:port - who to connect to " + 
-                    "(default is localhost:4433)");
-            System.out.println(" -verify\t- turn on peer certificate " + 
-                    "verification");
-            System.out.println(" -cert arg\t- certificate file to use");
-            System.out.println(" -key arg\t- Private key file to use");
-            System.out.println("\t\t  Can repeat up to " + cert_size + 
-                    " times");
-            System.out.println(" -CAfile arg\t- Certificate authority.");
-            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
-                    " times");
-            System.out.println(" -quiet\t\t- No client output");
-            System.out.println(" -pass\t\t- private key file pass " + 
-                        "phrase source");
-            System.out.println(" -reconnect\t- Drop and re-make the " +
-                    "connection with the same Session-ID");
-
-            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
-            {
-                System.out.println(" -debug\t\t- Print more output");
-                System.out.println(" -state\t\t- Show state messages");
-                System.out.println(" -show-rsa\t- Show RSA state");
-            }
-        }
-        else 
-        {
-            System.out.println("Change configuration to allow this feature");
-        }
-
-        System.exit(1);
-    }
-
-    /**
-     * Display what cipher we are using 
-     */
-    private void display_cipher(SSL ssl)
-    {
-        System.out.print("CIPHER is ");
-
-        byte ciph_id = ssl.getCipherId();
-
-        if (ciph_id == axtlsj.SSL_AES128_SHA)
-            System.out.println("AES128-SHA");
-        else if (ciph_id == axtlsj.SSL_AES256_SHA)
-            System.out.println("AES256-SHA");
-        else if (ciph_id == axtlsj.SSL_AES128_SHA256)
-            System.out.println("AES128-SHA256");
-        else if (ciph_id == axtlsj.SSL_AES256_SHA256)
-            System.out.println("AES256-SHA256");
-        else
-            System.out.println("Unknown - " + ssl.getCipherId());
-    }
-
-    public char toHexChar(int i)
-    {
-        if ((0 <= i) && (i <= 9 ))
-            return (char)('0' + i);
-        else
-            return (char)('a' + (i-10));
-    }
-
-    public void bytesToHex(byte[] data) 
-    {
-        StringBuffer buf = new StringBuffer();
-        for (int i = 0; i < data.length; i++ ) 
-        {
-            buf.append(toHexChar((data[i]>>>4)&0x0F));
-            buf.append(toHexChar(data[i]&0x0F));
-        }
-
-        System.out.println(buf);
-    }
-
-
-    /**
-     * Display what session id we have.
-     */
-    private void display_session_id(SSL ssl)
-    {    
-        byte[] session_id = ssl.getSessionId();
-
-        if (session_id.length > 0)
-        {
-            System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
-            bytesToHex(session_id);
-            System.out.println("-----END SSL SESSION PARAMETERS-----");
-        }
-    }
-}
diff --git a/tools/sdk/axtls/samples/lua/axssl.lua b/tools/sdk/axtls/samples/lua/axssl.lua
deleted file mode 100755
index b4f24edf04..0000000000
--- a/tools/sdk/axtls/samples/lua/axssl.lua
+++ /dev/null
@@ -1,562 +0,0 @@
-#!/usr/local/bin/lua
-
---
--- Copyright (c) 2007-2016, Cameron Rich
---
--- All rights reserved.
---
--- Redistribution and use in source and binary forms, with or without
--- modification, are permitted provided that the following conditions are met:
---
--- * Redistributions of source code must retain the above copyright notice,
---   this list of conditions and the following disclaimer.
--- * Redistributions in binary form must reproduce the above copyright
---   notice, this list of conditions and the following disclaimer in the
---   documentation and/or other materials provided with the distribution.
--- * Neither the name of the axTLS project nor the names of its
---   contributors may be used to endorse or promote products derived
---   from this software without specific prior written permission.
---
--- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
--- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
--- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
--- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
--- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
--- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
--- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
--- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
--- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
--- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
--- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---
-
---
--- Demonstrate the use of the axTLS library in Lua with a set of 
--- command-line parameters similar to openssl. In fact, openssl clients 
--- should be able to communicate with axTLS servers and visa-versa.
---
--- This code has various bits enabled depending on the configuration. To enable
--- the most interesting version, compile with the 'full mode' enabled.
---
--- To see what options you have, run the following:
--- > [lua] axssl s_server -?
--- > [lua] axssl s_client -?
---
--- The axtls/axtlsl shared libraries must be in the same directory or be found 
--- by the OS.
---
---
-require "bit"
-require("axtlsl")
-local socket = require("socket")
-
--- print version?
-if #arg == 1 and arg[1] == "version" then
-    print("axssl.lua "..axtlsl.ssl_version())
-    os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the basic options.
---
-function print_options(option)
-    print("axssl: Error: '"..option.."' is an invalid command.")
-    print("usage: axssl [s_server|s_client|version] [args ...]")
-    os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the server options.
---
-function print_server_options(build_mode, option)
-    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = axtlsl.ssl_get_config(
-            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-
-    print("unknown option "..option)
-    print("usage: s_server [args ...]")
-    print(" -accept\t- port to accept on (default is 4433)")
-    print(" -quiet\t\t- No server output")
-
-    if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
-        print(" -cert arg\t- certificate file to add (in addition to "..
-                "default) to chain -")
-        print("\t\t  Can repeat up to "..cert_size.." times")
-        print(" -key arg\t- Private key file to use - default DER format")
-        print(" -pass\t\t- private key file pass phrase source")
-    end
-
-    if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
-        print(" -verify\t- turn on peer certificate verification")
-        print(" -CAfile arg\t- Certificate authority - default DER format")
-        print("\t\t  Can repeat up to "..ca_cert_size.." times")
-    end
-
-    if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
-        print(" -debug\t\t- Print more output")
-        print(" -state\t\t- Show state messages")
-        print(" -show-rsa\t- Show RSA state")
-    end
-
-    os.exit(1)
-end
-
---
--- We've had some sort of command-line error. Print out the client options.
---
-function print_client_options(build_mode, option)
-    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = axtlsl.ssl_get_config(
-            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-
-    print("unknown option "..option)
-
-    if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
-        print("usage: s_client [args ...]")
-        print(" -connect host:port - who to connect to (default "..
-                "is localhost:4433)")
-        print(" -verify\t- turn on peer certificate verification")
-        print(" -cert arg\t- certificate file to use - default DER format")
-        print(" -key arg\t- Private key file to use - default DER format")
-        print("\t\t  Can repeat up to "..cert_size.." times")
-        print(" -CAfile arg\t- Certificate authority - default DER format")
-        print("\t\t  Can repeat up to "..ca_cert_size.."times")
-        print(" -quiet\t\t- No client output")
-        print(" -pass\t\t- private key file pass phrase source")
-        print(" -reconnect\t- Drop and re-make the connection "..
-                "with the same Session-ID")
-
-        if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
-            print(" -debug\t\t- Print more output")
-            print(" -state\t\t- Show state messages")
-            print(" -show-rsa\t- Show RSA state")
-        end
-    else
-        print("Change configuration to allow this feature")
-    end
-
-    os.exit(1)
-end
-
--- Implement the SSL server logic. 
-function do_server(build_mode)
-    local i = 2
-    local v
-    local port = 4433
-    local options = axtlsl.SSL_DISPLAY_CERTS
-    local quiet = false
-    local password = ""
-    local private_key_file = nil
-    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = axtlsl.
-                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-    local cert = {}
-    local ca_cert = {}
-
-    while i <= #arg do
-        if arg[i] ==  "-accept" then
-            if i >= #arg then
-                print_server_options(build_mode, arg[i])
-            end
-
-            i = i + 1
-            port = arg[i]
-        elseif arg[i] == "-quiet" then
-            quiet = true
-            options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
-        elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
-            if arg[i] == "-cert" then
-                if i >= #arg or #cert >= cert_size then
-                    print_server_options(build_mode, arg[i]) 
-                end
-
-                i = i + 1
-                table.insert(cert, arg[i])
-            elseif arg[i] == "-key" then
-                if i >= #arg then
-                    print_server_options(build_mode, arg[i]) 
-                end
-
-                i = i + 1
-                private_key_file = arg[i]
-                options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
-            elseif arg[i] == "-pass" then
-                if i >= #arg then
-                    print_server_options(build_mode, arg[i]) 
-                end
-
-                i = i + 1
-                password = arg[i]
-            elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
-                if arg[i] == "-verify" then
-                    options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
-                elseif arg[i] == "-CAfile" then
-                    if i >= #arg or #ca_cert >= ca_cert_size then
-                        print_server_options(build_mode, arg[i])  
-                    end
-
-                    i = i + 1
-                    table.insert(ca_cert, arg[i])
-                elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
-                    if arg[i] == "-debug" then
-                        options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
-                    elseif arg[i] == "-state" then
-                        options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
-                    elseif arg[i] == "-show-rsa" then
-                        options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
-                    else
-                        print_server_options(build_mode, arg[i])
-                    end
-                else
-                    print_server_options(build_mode, arg[i])
-                end
-            else 
-                print_server_options(build_mode, arg[i])
-            end
-        else 
-            print_server_options(build_mode, arg[i])
-        end
-
-        i = i + 1
-    end
-
-    -- Create socket for incoming connections
-    local server_sock = socket.try(socket.bind("*", port))
-
-    ---------------------------------------------------------------------------
-    -- This is where the interesting stuff happens. Up until now we've
-    -- just been setting up sockets etc. Now we do the SSL handshake.
-    ---------------------------------------------------------------------------
-    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
-    if ssl_ctx == nil then error("Error: Server context is invalid") end
-
-    if private_key_file ~= nil then
-        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
-
-        if string.find(private_key_file, ".p8") then 
-            obj_type = axtlsl.SSL_OBJ_PKCS8 
-        end
-
-        if string.find(private_key_file, ".p12") then 
-            obj_type = axtlsl.SSL_OBJ_PKCS12 
-        end
-
-        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
-                                        password) ~= axtlsl.SSL_OK then
-            error("Private key '" .. private_key_file .. "' is undefined.")
-        end
-    end
-
-    for _, v in ipairs(cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
-                                        axtlsl.SSL_OK then
-            error("Certificate '"..v .. "' is undefined.")
-        end
-    end
-
-    for _, v in ipairs(ca_cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
-                                        axtlsl.SSL_OK then
-            error("Certificate '"..v .."' is undefined.")
-        end
-    end
-
-    while true do
-        if not quiet then print("ACCEPT") end
-        local client_sock = server_sock:accept();
-        local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
-
-        -- do the actual SSL handshake
-        local connected = false
-        local res
-        local buf
-
-        while true do
-            socket.select({client_sock}, nil)
-            res, buf = axtlsl.ssl_read(ssl)
-
-            if res == axtlsl.SSL_OK then -- connection established and ok
-                if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
-                    if not quiet and not connected then
-                        display_session_id(ssl)
-                        display_cipher(ssl)
-                    end
-                    connected = true
-                end
-            end
-
-            if res > axtlsl.SSL_OK then
-                for _, v in ipairs(buf) do
-                    io.write(string.format("%c", v))
-                end
-            elseif res < axtlsl.SSL_OK then 
-                if not quiet then
-                    axtlsl.ssl_display_error(res)
-                end
-                break
-            end
-        end
-
-        -- client was disconnected or the handshake failed.
-        print("CONNECTION CLOSED")
-        axtlsl.ssl_free(ssl)
-        client_sock:close()
-    end
-
-    axtlsl.ssl_ctx_free(ssl_ctx)
-end
-
---
--- Implement the SSL client logic.
---
-function do_client(build_mode)
-    local i = 2
-    local v
-    local port = 4433
-    local options = 
-            bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
-    local private_key_file = nil
-    local reconnect = 0
-    local quiet = false
-    local password = ""
-    local session_id = {}
-    local host = "127.0.0.1"
-    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
-    local ca_cert_size = axtlsl.
-                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
-    local cert = {}
-    local ca_cert = {}
-
-    while i <= #arg do
-        if arg[i] == "-connect" then
-            if i >= #arg then
-                print_client_options(build_mode, arg[i]) 
-            end
-
-            i = i + 1
-            local t = string.find(arg[i], ":")
-            host = string.sub(arg[i], 1, t-1)
-            port = string.sub(arg[i], t+1)
-        elseif arg[i] == "-cert" then
-            if i >= #arg or #cert >= cert_size then
-                print_client_options(build_mode, arg[i]) 
-            end
-
-            i = i + 1
-            table.insert(cert, arg[i])
-        elseif arg[i] == "-key" then
-            if i >= #arg then
-                print_client_options(build_mode, arg[i])
-            end
-
-            i = i + 1
-            private_key_file = arg[i]
-            options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
-        elseif arg[i] == "-CAfile" then
-            if i >= #arg or #ca_cert >= ca_cert_size then
-                print_client_options(build_mode, arg[i]) 
-            end
-
-            i = i + 1
-            table.insert(ca_cert, arg[i])
-        elseif arg[i] == "-verify" then
-            options = bit.band(options, 
-                                bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
-        elseif arg[i] == "-reconnect" then
-            reconnect = 4
-        elseif arg[i] == "-quiet" then
-            quiet = true
-            options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
-        elseif arg[i] == "-pass" then
-            if i >= #arg then
-                print_server_options(build_mode, arg[i])
-            end
-
-            i = i + 1
-            password = arg[i]
-        elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
-            if arg[i] == "-debug" then
-                options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
-            elseif arg[i] == "-state" then
-                options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
-            elseif arg[i] == "-show-rsa" then
-                options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
-            else    -- don't know what this is
-                print_client_options(build_mode, arg[i])
-            end
-        else    -- don't know what this is
-            print_client_options(build_mode, arg[i])
-        end
-
-        i = i + 1
-    end
-
-    local client_sock = socket.try(socket.connect(host, port))
-    local ssl
-    local res
-
-    if not quiet then print("CONNECTED") end
-
-    ---------------------------------------------------------------------------
-    -- This is where the interesting stuff happens. Up until now we've
-    -- just been setting up sockets etc. Now we do the SSL handshake.
-    ---------------------------------------------------------------------------
-    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
-
-    if ssl_ctx == nil then 
-        error("Error: Client context is invalid")
-    end
-
-    if private_key_file ~= nil then
-        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
-
-        if string.find(private_key_file, ".p8") then 
-            obj_type = axtlsl.SSL_OBJ_PKCS8 
-        end
-
-        if string.find(private_key_file, ".p12") then 
-            obj_type = axtlsl.SSL_OBJ_PKCS12 
-        end
-
-        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
-                                        password) ~= axtlsl.SSL_OK then
-            error("Private key '"..private_key_file.."' is undefined.")
-        end
-    end
-
-    for _, v in ipairs(cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
-                                        axtlsl.SSL_OK then
-            error("Certificate '"..v .. "' is undefined.")
-        end
-    end
-
-    for _, v in ipairs(ca_cert) do
-        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
-                                        axtlsl.SSL_OK then
-            error("Certificate '"..v .."' is undefined.")
-        end
-    end
-
-    -- Try session resumption?
-    if reconnect ~= 0 then
-        local session_id = nil
-        local sess_id_size = 0
-
-        while reconnect > 0 do
-            reconnect = reconnect - 1
-            ssl = axtlsl.ssl_client_new(ssl_ctx, 
-                    client_sock:getfd(), session_id, sess_id_size)
-
-            res = axtlsl.ssl_handshake_status(ssl)
-            if res ~= axtlsl.SSL_OK then
-                if not quiet then axtlsl.ssl_display_error(res) end
-                axtlsl.ssl_free(ssl)
-                os.exit(1)
-            end
-
-            display_session_id(ssl)
-            session_id = axtlsl.ssl_get_session_id(ssl)
-            sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
-
-            if reconnect > 0 then
-                axtlsl.ssl_free(ssl)
-                client_sock:close()
-                client_sock = socket.try(socket.connect(host, port))
-            end
-
-        end
-    else
-        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
-    end
-
-    -- check the return status
-    res = axtlsl.ssl_handshake_status(ssl)
-    if res ~= axtlsl.SSL_OK then
-        if not quiet then axtlsl.ssl_display_error(res) end
-        os.exit(1)
-    end
-
-    if not quiet then
-        local common_name = axtlsl.ssl_get_cert_dn(ssl, 
-                            axtlsl.SSL_X509_CERT_COMMON_NAME)
-
-        if common_name ~= nil then 
-            print("Common Name:\t\t\t"..common_name)
-        end
-
-        display_session_id(ssl)
-        display_cipher(ssl)
-    end
-
-    while true do
-        local line = io.read()
-    if line == nil then break end
-        local bytes = {}
-
-        for i = 1, #line do
-            bytes[i] = line.byte(line, i)
-        end
-
-        bytes[#line+1] = 10      -- add carriage return, null
-        bytes[#line+2] = 0
-
-        res = axtlsl.ssl_write(ssl, bytes, #bytes)
-        if res < axtlsl.SSL_OK then
-            if not quiet then axtlsl.ssl_display_error(res) end
-            break
-        end
-    end
-
-    axtlsl.ssl_ctx_free(ssl_ctx)
-    client_sock:close()
-end
-
---
--- Display what cipher we are using 
---
-function display_cipher(ssl)
-    io.write("CIPHER is ")
-    local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
-
-    if cipher_id == axtlsl.SSL_AES128_SHA then
-        print("AES128-SHA")
-    elseif cipher_id == axtlsl.SSL_AES256_SHA then
-        print("AES256-SHA")
-    elseif axtlsl.SSL_AES128_SHA256 then
-        print("AES128-SHA256")
-    elseif axtlsl.SSL_AES256_SHA256 then
-        print("AES256-SHA256")
-    else 
-        print("Unknown - "..cipher_id)
-    end
-end
-
---
--- Display what session id we have.
---
-function display_session_id(ssl)
-    local session_id = axtlsl.ssl_get_session_id(ssl)
-    local v
-
-    if #session_id > 0 then
-        print("-----BEGIN SSL SESSION PARAMETERS-----")
-        for _, v in ipairs(session_id) do
-            io.write(string.format("%02x", v))
-        end
-        print("\n-----END SSL SESSION PARAMETERS-----")
-    end
-end
-
---
--- Main entry point. Doesn't do much except works out whether we are a client
--- or a server.
---
-if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
-    print_options(#arg > 0 and arg[1] or "")
-end
-
-local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
-_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
-os.exit(0)
-
diff --git a/tools/sdk/axtls/samples/perl/axssl.pl b/tools/sdk/axtls/samples/perl/axssl.pl
deleted file mode 100755
index f3b044939c..0000000000
--- a/tools/sdk/axtls/samples/perl/axssl.pl
+++ /dev/null
@@ -1,634 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Copyright (c) 2007-2016, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-#   this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-#   contributors may be used to endorse or promote products derived
-#   from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# Demonstrate the use of the axTLS library in Perl with a set of 
-# command-line parameters similar to openssl. In fact, openssl clients 
-# should be able to communicate with axTLS servers and visa-versa.
-#
-# This code has various bits enabled depending on the configuration. To enable
-# the most interesting version, compile with the 'full mode' enabled.
-#
-# To see what options you have, run the following:
-# > [perl] axssl s_server -?
-# > [perl] axssl s_client -?
-#
-# The axtls/axtlsp shared libraries must be in the same directory or be found 
-# by the OS. axtlsp.pm must be in this directory or be in @INC.
-#
-# Under Win32, ActivePerl was used (see
-# http://www.activestate.com/Products/ActivePerl/?mp=1)
-#
-use axtlsp;
-use IO::Socket;
-
-# To get access to Win32 file descriptor stuff
-my $is_win32 = 0;
-
-if ($^O eq "MSWin32")
-{
-    eval("use Win32API::File 0.08 qw( :ALL )");
-    $is_win32 = 1;
-}
-
-use strict;
-
-#
-# Win32 has some problems with socket handles
-#
-sub get_native_sock
-{
-    my ($sock) = @_;
-    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
-}
-
-# print version?
-if ($#ARGV == 0 && $ARGV[0] eq "version")
-{
-    printf("axssl.pl ".axtlsp::ssl_version()."\n");
-    exit 0;
-}
-
-#
-# Main entry point. Doesn't do much except works out whether we are a client
-# or a server.
-#
-print_options($#ARGV > -1 ? $ARGV[0] : "")
-        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
-
-
-# Cygwin/Win32 issue - flush our output continuously
-select STDOUT;
-local $|=1;
-
-my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
-$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
-
-#
-# Implement the SSL server logic. 
-#
-sub do_server
-{
-    my ($build_mode) = @_;
-    my $i = 1;
-    my $port = 4433;
-    my $options = $axtlsp::SSL_DISPLAY_CERTS;
-    my $quiet = 0;
-    my $password = undef;
-    my $private_key_file = undef;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-    my @cert;
-    my @ca_cert;
-
-    while ($i <= $#ARGV)
-    {
-        if ($ARGV[$i] eq  "-accept")
-        {
-            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $port = $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-quiet")
-        {
-            $quiet = 1;
-            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
-        }
-        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
-        {
-            if ($ARGV[$i] eq "-cert")
-            {
-                print_server_options($build_mode, $ARGV[$i]) 
-                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
-
-                push @cert,  $ARGV[++$i];
-            }
-            elsif ($ARGV[$i] eq "-key")
-            {
-                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-                $private_key_file = $ARGV[++$i];
-                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
-            }
-            elsif ($ARGV[$i] eq "-pass")
-            {
-                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-                $password = $ARGV[++$i];
-            }
-            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
-            {
-                if ($ARGV[$i] eq "-verify")
-                {
-                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
-                }
-                elsif ($ARGV[$i] eq "-CAfile")
-                {
-                    print_server_options($build_mode, $ARGV[$i])  
-                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-                    push @ca_cert, $ARGV[++$i];
-                }
-                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-                {
-                    if ($ARGV[$i] eq "-debug")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
-                    }
-                    elsif ($ARGV[$i] eq "-state")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_STATES;
-                    }
-                    elsif ($ARGV[$i] eq "-show-rsa")
-                    {
-                        $options |= $axtlsp::SSL_DISPLAY_RSA;
-                    }
-                    else
-                    {
-                        print_server_options($build_mode, $ARGV[$i]);
-                    }
-                }
-                else
-                {
-                    print_server_options($build_mode, $ARGV[$i]);
-                }
-            }
-            else 
-            {
-                print_server_options($build_mode, $ARGV[$i]);
-            }
-        }
-        else 
-        {
-            print_server_options($build_mode, $ARGV[$i]);
-        }
-
-        $i++;
-    }
-
-    # Create socket for incoming connections
-    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
-                              LocalPort => $port,
-                              Listen => 1,
-                              Reuse => 1) or die $!;
-
-    ###########################################################################
-    # This is where the interesting stuff happens. Up until now we've
-    # just been setting up sockets etc. Now we do the SSL handshake.
-    ###########################################################################
-    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
-    die "Error: Server context is invalid" if not defined $ssl_ctx;
-
-    if (defined $private_key_file)
-    {
-        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
-        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
-        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
-        die "Private key '$private_key_file' is undefined." if 
-                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
-                        $private_key_file, $password);
-    }
-
-    foreach (@cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    foreach (@ca_cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    for (;;)
-    {
-        printf("ACCEPT\n") if not $quiet;
-        my $client_sock = $server_sock->accept;
-        my $native_sock = get_native_sock($client_sock->fileno);
-
-        # This doesn't work in Win32 - need to get file descriptor from socket.
-        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
-
-        # do the actual SSL handshake
-        my $res;
-        my $buf;
-        my $connected = 0;
-
-        while (1)
-        {
-            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
-            last if $res < $axtlsp::SSL_OK;
-
-            if ($res == $axtlsp::SSL_OK) # connection established and ok
-            {
-                if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
-                {
-                    if (!$quiet && !$connected)
-                    {
-                        display_session_id($ssl);
-                        display_cipher($ssl);
-                    }
-
-                    $connected = 1;
-                }
-            }
-
-            if ($res > $axtlsp::SSL_OK)
-            {
-                printf($$buf);
-            }
-            elsif ($res < $axtlsp::SSL_OK)
-            {
-                axtlsp::ssl_display_error($res) if not $quiet;
-                last;
-            } 
-        }
-
-        # client was disconnected or the handshake failed.
-        printf("CONNECTION CLOSED\n") if not $quiet;
-        axtlsp::ssl_free($ssl);
-        $client_sock->close;
-    }
-
-    axtlsp::ssl_ctx_free($ssl_ctx);
-}
-
-#
-# Implement the SSL client logic.
-#
-sub do_client
-{
-    my ($build_mode) = @_;
-    my $i = 1;
-    my $port = 4433;
-    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
-    my $private_key_file = undef;
-    my $reconnect = 0;
-    my $quiet = 0;
-    my $password = undef;
-    my @session_id;
-    my $host = "127.0.0.1";
-    my @cert;
-    my @ca_cert;
-    my $cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    while ($i <= $#ARGV)
-    {
-        if ($ARGV[$i] eq "-connect")
-        {
-            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            ($host, $port) = split(':', $ARGV[++$i]);
-        }
-        elsif ($ARGV[$i] eq "-cert")
-        {
-            print_client_options($build_mode, $ARGV[$i]) 
-                if $i >= $#ARGV || $#cert >= $cert_size-1;
-
-            push @cert, $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-key")
-        {
-            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $private_key_file = $ARGV[++$i];
-            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
-        }
-        elsif ($ARGV[$i] eq "-CAfile")
-        {
-            print_client_options($build_mode, $ARGV[$i]) 
-                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
-
-            push @ca_cert, $ARGV[++$i];
-        }
-        elsif ($ARGV[$i] eq "-verify")
-        {
-            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
-        }
-        elsif ($ARGV[$i] eq "-reconnect")
-        {
-            $reconnect = 4;
-        }
-        elsif ($ARGV[$i] eq "-quiet")
-        {
-            $quiet = 1;
-            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
-        }
-        elsif ($ARGV[$i] eq "-pass")
-        {
-            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
-            $password = $ARGV[++$i];
-        }
-        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-        {
-            if ($ARGV[$i] eq "-debug")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_BYTES;
-            }
-            elsif ($ARGV[$i] eq "-state")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_STATES;
-            }
-            elsif ($ARGV[$i] eq "-show-rsa")
-            {
-                $options |= $axtlsp::SSL_DISPLAY_RSA;
-            }
-            else    # don't know what this is
-            {
-                print_client_options($build_mode, $ARGV[$i]);
-            }
-        }
-        else    # don't know what this is
-        {
-            print_client_options($build_mode, $ARGV[$i]);
-        }
-
-        $i++;
-    }
-
-    my $client_sock = new IO::Socket::INET (
-                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
-                    || die ("no socket: $!");
-    my $ssl;
-    my $res;
-    my $native_sock = get_native_sock($client_sock->fileno);
-
-    printf("CONNECTED\n") if not $quiet;
-
-    ###########################################################################
-    # This is where the interesting stuff happens. Up until now we've
-    # just been setting up sockets etc. Now we do the SSL handshake.
-    ###########################################################################
-    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
-    die "Error: Client context is invalid" if not defined $ssl_ctx;
-
-    if (defined $private_key_file)
-    {
-        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
-
-        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
-        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
-
-        die "Private key '$private_key_file' is undefined." if 
-                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
-                        $private_key_file, $password);
-    }
-
-    foreach (@cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    foreach (@ca_cert)
-    {
-        die "Certificate '$_' is undefined." 
-            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
-                    $_, undef) != $axtlsp::SSL_OK;
-    }
-
-    # Try session resumption?
-    if ($reconnect)
-    {
-        my $session_id = undef;
-        my $sess_id_size = 0;
-
-        while ($reconnect--)
-        {
-            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, 
-                            $session_id, $sess_id_size);
-
-            $res = axtlsp::ssl_handshake_status($ssl);
-            if ($res != $axtlsp::SSL_OK)
-            {
-                axtlsp::ssl_display_error($res) if !$quiet;
-                axtlsp::ssl_free($ssl);
-                exit 1;
-            }
-
-            display_session_id($ssl);
-            $session_id = axtlsp::ssl_get_session_id($ssl);
-
-            if ($reconnect)
-            {
-                axtlsp::ssl_free($ssl);
-                $client_sock->close;
-                $client_sock = new IO::Socket::INET (
-                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
-                    || die ("no socket: $!");
-
-            }
-        }
-    }
-    else
-    {
-        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
-    }
-
-    # check the return status
-    $res = axtlsp::ssl_handshake_status($ssl);
-    if ($res != $axtlsp::SSL_OK)
-    {
-        axtlsp::ssl_display_error($res) if not $quiet;
-        exit 1;
-    }
-
-    if (!$quiet)
-    {
-        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
-                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
-
-        printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
-        display_session_id($ssl);
-        display_cipher($ssl);
-    }
-
-    while (<STDIN>)
-    {
-        my $cstring = pack("a*x", $_);   # add null terminator
-        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
-        if ($res < $axtlsp::SSL_OK)
-        {
-            axtlsp::ssl_display_error($res) if not $quiet;
-            last;
-        }
-    }
-
-    axtlsp::ssl_ctx_free($ssl_ctx);
-    $client_sock->close;
-}
-
-#
-# We've had some sort of command-line error. Print out the basic options.
-#
-sub print_options
-{
-    my ($option) = @_;
-    printf("axssl: Error: '%s' is an invalid command.\n", $option);
-    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
-    exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the server options.
-#
-sub print_server_options
-{
-    my ($build_mode, $option) = @_;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    printf("unknown option %s\n", $option);
-    printf("usage: s_server [args ...]\n");
-    printf(" -accept arg\t- port to accept on (default is 4433)\n");
-    printf(" -quiet\t\t- No server output\n");
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
-    {
-        printf(" -cert arg\t- certificate file to add (in addition to default)".
-                                        " to chain -\n".
-          "\t\t  Can repeat up to %d times\n", $cert_size);
-        printf(" -key arg\t- Private key file to use - default DER format\n");
-        printf(" -pass\t\t- private key file pass phrase source\n");
-    }
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
-    {
-        printf(" -verify\t- turn on peer certificate verification\n");
-        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
-    }
-
-    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-    {
-        printf(" -debug\t\t- Print more output\n");
-        printf(" -state\t\t- Show state messages\n");
-        printf(" -show-rsa\t- Show RSA state\n");
-    }
-
-    exit 1;
-}
-
-#
-# We've had some sort of command-line error. Print out the client options.
-#
-sub print_client_options
-{
-    my ($build_mode, $option) = @_;
-    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
-    my $ca_cert_size = axtlsp::ssl_get_config(
-            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
-
-    printf("unknown option %s\n", $option);
-
-    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
-    {
-        printf("usage: s_client [args ...]\n");
-        printf(" -connect host:port - who to connect to (default ".
-                "is localhost:4433)\n");
-        printf(" -verify\t- turn on peer certificate verification\n");
-        printf(" -cert arg\t- certificate file to use - default DER format\n");
-        printf(" -key arg\t- Private key file to use - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $cert_size);
-        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
-        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
-        printf(" -quiet\t\t- No client output\n");
-        printf(" -pass\t\t- private key file pass phrase source\n");
-        printf(" -reconnect\t- Drop and re-make the connection ".
-                "with the same Session-ID\n");
-
-        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
-        {
-            printf(" -debug\t\t- Print more output\n");
-            printf(" -state\t\t- Show state messages\n");
-            printf(" -show-rsa\t- Show RSA state\n");
-        }
-    }
-    else
-    {
-        printf("Change configuration to allow this feature\n");
-    }
-
-    exit 1;
-}
-
-#
-# Display what cipher we are using 
-#
-sub display_cipher
-{
-    my ($ssl) = @_;
-    printf("CIPHER is ");
-    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
-
-    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
-    {
-        printf("AES128-SHA");
-    }
-    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
-    {
-        printf("AES256-SHA");
-    }
-    elsif ($axtlsp::SSL_AES128_SHA256)
-    {
-        printf("AES128-SHA256");
-    }
-    elsif ($axtlsp::SSL_AES256_SHA256)
-    {
-        printf("AES256-SHA256");
-    }
-    else 
-    {
-        printf("Unknown - %d", $cipher_id);
-    }
-
-    printf("\n");
-}
-
-#
-# Display what session id we have.
-#
-sub display_session_id
-{    
-    my ($ssl) = @_;
-    my $session_id = axtlsp::ssl_get_session_id($ssl);
-    if (length($$session_id) > 0)
-    {
-        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
-        printf(unpack("H*", $$session_id));
-        printf("\n-----END SSL SESSION PARAMETERS-----\n");
-    }
-}
diff --git a/tools/sdk/axtls/samples/vbnet/axssl.vb b/tools/sdk/axtls/samples/vbnet/axssl.vb
deleted file mode 100644
index 7e5d68277e..0000000000
--- a/tools/sdk/axtls/samples/vbnet/axssl.vb
+++ /dev/null
@@ -1,702 +0,0 @@
-'
-' Copyright (c) 2007-2016, Cameron Rich
-'
-' All rights reserved.
-'
-' Redistribution and use in source and binary forms, with or without
-' modification, are permitted provided that the following conditions are met:
-'
-' * Redistributions of source code must retain the above copyright notice,
-'   this list of conditions and the following disclaimer.
-' * Redistributions in binary form must reproduce the above copyright
-'   notice, this list of conditions and the following disclaimer in the
-'   documentation and/or other materials provided with the distribution.
-' * Neither the name of the axTLS project nor the names of its
-'   contributors may be used to endorse or promote products derived
-'   from this software without specific prior written permission.
-'
-' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-'
-
-'
-' Demonstrate the use of the axTLS library in VB.NET with a set of 
-' command-line parameters similar to openssl. In fact, openssl clients 
-' should be able to communicate with axTLS servers and visa-versa.
-'
-' This code has various bits enabled depending on the configuration. To enable
-' the most interesting version, compile with the 'full mode' enabled.
-'
-' To see what options you have, run the following:
-' > axssl.vbnet.exe s_server -?
-' > axssl.vbnet.exe s_client -?
-'
-' The axtls shared library must be in the same directory or be found 
-' by the OS.
-'
-
-Imports System
-Imports System.Net
-Imports System.Net.Sockets
-Imports Microsoft.VisualBasic
-Imports axTLSvb
-
-Public Class axssl
-    ' 
-    ' do_server()
-    '
-    Public Sub do_server(ByVal build_mode As Integer, _
-                                        ByVal args() As String)
-        Dim i As Integer = 1
-        Dim port As Integer = 4433
-        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
-        Dim quiet As Boolean = False
-        Dim password As String = Nothing
-        Dim private_key_file As String = Nothing
-
-        ' organise the cert/ca_cert lists 
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-        Dim cert(cert_size) As String
-        Dim ca_cert(ca_cert_size) As String
-        Dim cert_index As Integer = 0
-        Dim ca_cert_index As Integer = 0
-
-        While i < args.Length
-            If args(i) = "-accept" Then
-                If i >= args.Length-1
-                    print_server_options(build_mode, args(i))
-                End If
-
-                i += 1
-                port = Int32.Parse(args(i))
-            ElseIf args(i) = "-quiet"
-                quiet = True
-                options = options And Not axtls.SSL_DISPLAY_CERTS
-            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
-                If args(i) = "-cert"
-                    If i >= args.Length-1 Or cert_index >= cert_size
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    cert(cert_index) = args(i)
-                    cert_index += 1
-                ElseIf args(i) = "-key"
-                    If i >= args.Length-1
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    private_key_file = args(i)
-                    options = options Or axtls.SSL_NO_DEFAULT_KEY
-                ElseIf args(i) = "-pass"
-                    If i >= args.Length-1
-                        print_server_options(build_mode, args(i))
-                    End If
-
-                    i += 1
-                    password = args(i)
-                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
-                    If args(i) = "-verify" Then
-                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
-                    ElseIf args(i) = "-CAfile"
-                        If i >= args.Length-1 Or _
-                                    ca_cert_index >= ca_cert_size Then
-                            print_server_options(build_mode, args(i))
-                        End If
-
-                        i += 1
-                        ca_cert(ca_cert_index) = args(i)
-                        ca_cert_index += 1
-                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
-                        If args(i) = "-debug" Then
-                            options = options Or axtls.SSL_DISPLAY_BYTES
-                        ElseIf args(i) = "-state"
-                            options = options Or axtls.SSL_DISPLAY_STATES
-                        ElseIf args(i) = "-show-rsa"
-                            options = options Or axtls.SSL_DISPLAY_RSA
-                        Else
-                            print_server_options(build_mode, args(i))
-                        End If
-                    Else
-                        print_server_options(build_mode, args(i))
-                    End If
-                Else
-                    print_server_options(build_mode, args(i))
-                End If
-            End If
-
-            i += 1
-        End While
-
-        ' Create socket for incoming connections
-        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
-        Dim server_sock As TcpListener = New TcpListener(ep)
-        server_sock.Start()      
-
-        '*********************************************************************
-        ' This is where the interesting stuff happens. Up until now we've
-        ' just been setting up sockets etc. Now we do the SSL handshake.
-        '*********************************************************************/
-        Dim ssl_ctx As SSLServer = New SSLServer(options, _
-                axtls.SSL_DEFAULT_SVR_SESS)
-
-        If ssl_ctx Is Nothing Then
-            Console.Error.WriteLine("Error: Server context is invalid")
-            Environment.Exit(1)
-        End If
-
-        If private_key_file <> Nothing Then
-            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
-            If private_key_file.EndsWith(".p8") Then
-                obj_type = axtls.SSL_OBJ_PKCS8
-            Else If (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12
-            End If
-
-            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
-                                            password) <> axtls.SSL_OK Then
-                Console.Error.WriteLine("Error: Private key '" & _
-                        private_key_file & "' is undefined.")
-                Environment.Exit(1)
-            End If
-        End If
-
-        For i = 0 To cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
-                            cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        For i = 0 To ca_cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
-                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & ca_cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        Dim buf As Byte() = Nothing
-        Dim res As Integer
-        Dim ssl As SSL
-
-        While 1
-            If Not quiet Then
-                Console.WriteLine("ACCEPT")
-            End If
-
-            Dim client_sock As Socket = server_sock.AcceptSocket()
-
-            ssl = ssl_ctx.Connect(client_sock)
-
-            ' do the actual SSL handshake 
-            While 1
-                res = ssl_ctx.Read(ssl, buf)
-                If  res <> axtls.SSL_OK Then
-                    Exit While
-                End If
-
-                ' check when the connection has been established 
-                If ssl.HandshakeStatus() = axtls.SSL_OK
-                    Exit While
-                End If
-
-                ' could do something else here 
-            End While
-
-            If res = axtls.SSL_OK Then  ' connection established and ok
-                If Not quiet
-                    display_session_id(ssl)
-                    display_cipher(ssl)
-                End If
-
-                ' now read (and display) whatever the client sends us
-                While 1
-                    ' keep reading until we get something interesting 
-                    While 1
-                        res = ssl_ctx.Read(ssl, buf)
-                        If res <> axtls.SSL_OK Then
-                            Exit While
-                        End If
-
-                        ' could do something else here
-                    End While
-
-                    If res < axtls.SSL_OK
-                        If Not quiet
-                            Console.WriteLine("CONNECTION CLOSED")
-                        End If
-
-                        Exit While
-                    End If
-
-                    ' convert to String 
-                    Dim str(res) As Char
-                    For i = 0 To res-1
-                        str(i) = Chr(buf(i))
-                    Next
-
-                    Console.Write(str)
-                End While
-            ElseIf Not quiet
-                SSLUtil.DisplayError(res)
-            End If
-
-            ' client was disconnected or the handshake failed. */
-            ssl.Dispose()
-            client_sock.Close()
-        End While
-
-        ssl_ctx.Dispose()
-    End Sub
-
-    ' 
-    ' do_client()
-    '
-    Public Sub do_client(ByVal build_mode As Integer, _
-                                    ByVal args() As String)
-
-        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
-            print_client_options(build_mode, args(1))
-        End If
-
-        Dim i As Integer = 1
-        Dim res As Integer
-        Dim port As Integer = 4433
-        Dim quiet As Boolean = False
-        Dim password As String = Nothing
-        Dim reconnect As Integer = 0
-        Dim private_key_file As String = Nothing
-        Dim hostname As String = "127.0.0.1"
-
-        ' organise the cert/ca_cert lists
-        Dim ssl As SSL = Nothing
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-        Dim cert(cert_size) As String
-        Dim ca_cert(ca_cert_size) As String
-        Dim cert_index As Integer = 0
-        Dim ca_cert_index As Integer = 0
-
-        Dim options As Integer = _
-                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
-        Dim session_id As Byte() = Nothing
-
-        While i < args.Length
-            If args(i) = "-connect" Then
-                Dim host_port As String
-
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                host_port = args(i)
-
-                Dim index_colon As Integer = host_port.IndexOf(":"C)
-                If index_colon < 0 Then 
-                    print_client_options(build_mode, args(i))
-                End If
-
-                hostname = New String(host_port.ToCharArray(), _
-                        0, index_colon)
-                port = Int32.Parse(New String(host_port.ToCharArray(), _
-                            index_colon+1, host_port.Length-index_colon-1))
-            ElseIf args(i) = "-cert"
-                If i >= args.Length-1 Or cert_index >= cert_size Then
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                cert(cert_index) = args(i)
-                cert_index += 1
-            ElseIf args(i) = "-key"
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                private_key_file = args(i)
-                options = options Or axtls.SSL_NO_DEFAULT_KEY
-            ElseIf args(i) = "-CAfile"
-                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                ca_cert(ca_cert_index) = args(i)
-                ca_cert_index += 1
-            ElseIf args(i) = "-verify"
-                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
-            ElseIf args(i) = "-reconnect"
-                reconnect = 4
-            ElseIf args(i) = "-quiet"
-                quiet = True
-                options = options And  Not axtls.SSL_DISPLAY_CERTS
-            ElseIf args(i) = "-pass"
-                If i >= args.Length-1
-                    print_client_options(build_mode, args(i))
-                End If
-
-                i += 1
-                password = args(i)
-            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
-                If args(i) = "-debug" Then
-                    options = options Or axtls.SSL_DISPLAY_BYTES
-                ElseIf args(i) = "-state"
-                    options = options Or axtls.SSL_DISPLAY_STATES
-                ElseIf args(i) = "-show-rsa"
-                    options = options Or axtls.SSL_DISPLAY_RSA
-                Else
-                    print_client_options(build_mode, args(i))
-                End If
-            Else    ' don't know what this is 
-                print_client_options(build_mode, args(i))
-            End If
-
-            i += 1
-        End While
-
-        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
-        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
-        Dim  addresses As IPAddress() = hostInfo.AddressList
-        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
-        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
-                SocketType.Stream, ProtocolType.Tcp)
-        client_sock.Connect(ep)
-
-        If Not client_sock.Connected Then
-            Console.WriteLine("could not connect")
-            Environment.Exit(1)
-        End If
-
-        If Not quiet Then
-            Console.WriteLine("CONNECTED")
-        End If
-
-        '*********************************************************************
-        ' This is where the interesting stuff happens. Up until now we've
-        ' just been setting up sockets etc. Now we do the SSL handshake.
-        '*********************************************************************/
-        Dim ssl_ctx As SSLClient = New SSLClient(options, _
-                axtls.SSL_DEFAULT_CLNT_SESS)
-
-        If ssl_ctx Is Nothing Then
-            Console.Error.WriteLine("Error: Client context is invalid")
-            Environment.Exit(1)
-        End If
-
-        If private_key_file <> Nothing Then
-            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
-
-            If private_key_file.EndsWith(".p8") Then
-                obj_type = axtls.SSL_OBJ_PKCS8
-            Else If (private_key_file.EndsWith(".p12"))
-                obj_type = axtls.SSL_OBJ_PKCS12
-            End If
-
-            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
-                                            password) <> axtls.SSL_OK Then
-                Console.Error.WriteLine("Error: Private key '" & _
-                        private_key_file & "' is undefined.")
-                Environment.Exit(1)
-            End If
-        End If
-
-        For i = 0 To cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
-                            cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        For i = 0 To ca_cert_index-1
-            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
-                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
-                Console.WriteLine("Certificate '" & ca_cert(i) & _
-                        "' is undefined.")
-                Environment.Exit(1)
-            End If
-        Next
-
-        ' Try session resumption?
-        If reconnect > 0 Then
-            While reconnect > 0
-                reconnect -= 1
-                ssl = ssl_ctx.Connect(client_sock, session_id)
-
-                res = ssl.HandshakeStatus()
-                If res <> axtls.SSL_OK Then
-                    If Not quiet Then
-                        SSLUtil.DisplayError(res)
-                    End If
-
-                    ssl.Dispose()
-                    Environment.Exit(1)
-                End If
-
-                display_session_id(ssl)
-                session_id = ssl.GetSessionId()
-
-                If reconnect > 0 Then
-                    ssl.Dispose()
-                    client_sock.Close()
-                    
-                    ' and reconnect
-                    client_sock = New Socket(AddressFamily.InterNetwork, _
-                        SocketType.Stream, ProtocolType.Tcp)
-                    client_sock.Connect(ep)
-                End If
-            End While
-        Else
-            ssl = ssl_ctx.Connect(client_sock, Nothing)
-        End If
-
-        ' check the return status 
-        res = ssl.HandshakeStatus()
-        If res <> axtls.SSL_OK Then
-            If Not quiet Then
-                SSLUtil.DisplayError(res)
-            End If
-
-            Environment.Exit(1)
-        End If
-
-        If Not quiet Then
-            Dim common_name As String = _
-                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
-
-            If common_name <> Nothing
-                Console.WriteLine("Common Name:" & _
-                        ControlChars.Tab & ControlChars.Tab & _
-                        ControlChars.Tab & common_name)
-            End If
-
-            display_session_id(ssl)
-            display_cipher(ssl)
-        End If
-
-        While (1)
-            Dim user_input As String = Console.ReadLine()
-
-            If user_input = Nothing Then
-                Exit While
-            End If
-
-            Dim buf(user_input.Length+1) As Byte
-            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
-            buf(buf.Length-1) = 0                    ' null terminate 
-
-            For i = 0 To user_input.Length-1
-                buf(i) = Asc(user_input.Chars(i))
-            Next
-
-            res = ssl_ctx.Write(ssl, buf, buf.Length)
-            If res < axtls.SSL_OK Then
-                If Not quiet Then
-                    SSLUtil.DisplayError(res)
-                End If
-
-                Exit While
-            End If
-        End While
-
-        ssl_ctx.Dispose()
-    End Sub
-
-    '
-    ' Display what cipher we are using
-    '
-    Private Sub display_cipher(ByVal ssl As SSL)
-        Console.Write("CIPHER is ")
-
-        Select ssl.GetCipherId()
-            Case axtls.SSL_AES128_SHA
-                Console.WriteLine("AES128-SHA")
-
-            Case axtls.SSL_AES256_SHA
-                Console.WriteLine("AES256-SHA")
-
-            Case axtls.SSL_AES128_SHA256
-                Console.WriteLine("AES128-SHA256")
-
-            Case axtls.SSL_AES256_SHA256
-                Console.WriteLine("AES256-SHA256")
-
-            Case Else
-                Console.WriteLine("Unknown - " & ssl.GetCipherId())
-        End Select
-    End Sub
-
-    '
-    ' Display what session id we have.
-    '
-    Private Sub display_session_id(ByVal ssl As SSL)
-        Dim session_id As Byte() = ssl.GetSessionId()
-
-        If session_id.Length > 0 Then
-            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
-            Dim b As Byte
-            For Each b In session_id
-                Console.Write("{0:x02}", b)
-            Next
-
-            Console.WriteLine()
-            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
-        End If
-    End Sub
-
-    ' 
-    ' We've had some sort of command-line error. Print out the basic options.
-    '
-    Public Sub print_options(ByVal options As String)
-        Console.WriteLine("axssl: Error: '" & options & _
-                "' is an invalid command.")
-        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
-                "version] [args ...]")
-        Environment.Exit(1)
-    End Sub
-
-    ' 
-    ' We've had some sort of command-line error. Print out the server options.
-    '
-    Private Sub print_server_options(ByVal build_mode As Integer, _
-                                    ByVal options As String)
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
-        Console.WriteLine("unknown option " & options)
-        Console.WriteLine("usage: s_server [args ...]")
-        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
-                "- port to accept on (default is 4433)")
-        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
-                "- No server output")
-        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
-            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
-               "- certificate file to add (in addition to default) to chain -")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & cert_size & " times")
-            Console.WriteLine(" -key arg" & ControlChars.Tab & _
-                        "- Private key file to use")
-            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
-                    "- private key file pass phrase source")
-        End If
-
-        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
-            Console.WriteLine(" -verify" & ControlChars.Tab & _
-                    "- turn on peer certificate verification")
-            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
-                    "- Certificate authority")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & ca_cert_size & " times")
-        End If
-
-        If build_mode = axtls.SSL_BUILD_FULL_MODE
-            Console.WriteLine(" -debug" & _
-                    ControlChars.Tab & ControlChars.Tab & _
-                    "- Print more output")
-            Console.WriteLine(" -state" & _
-                    ControlChars.Tab & ControlChars.Tab & _
-                    "- Show state messages")
-            Console.WriteLine(" -show-rsa" & _
-                    ControlChars.Tab & "- Show RSA state")
-        End If
-
-        Environment.Exit(1)
-    End Sub
-
-    '
-    ' We've had some sort of command-line error. Print out the client options.
-    '
-    Private Sub print_client_options(ByVal build_mode As Integer, _
-                                                ByVal options As String)
-        Dim cert_size As Integer = SSLUtil.MaxCerts()
-        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
-
-        Console.WriteLine("unknown option " & options)
-
-        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
-            Console.WriteLine("usage: s_client [args ...]")
-            Console.WriteLine(" -connect host:port - who to connect to " & _
-                    "(default is localhost:4433)")
-            Console.WriteLine(" -verify" & ControlChars.Tab & _
-                    "- turn on peer certificate verification")
-            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
-                    "- certificate file to use")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & cert_size & " times")
-            Console.WriteLine(" -key arg" & ControlChars.Tab & _
-                    "- Private key file to use")
-            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
-                    "- Certificate authority")
-            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
-                    "  Can repeat up to " & ca_cert_size & " times")
-            Console.WriteLine(" -quiet" & _
-                    ControlChars.Tab & ControlChars.Tab & "- No client output")
-            Console.WriteLine(" -pass" & ControlChars.Tab & _
-                    ControlChars.Tab & _
-                    "- private key file pass phrase source")
-            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
-                    "- Drop and re-make the " & _
-                    "connection with the same Session-ID")
-
-            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
-                Console.WriteLine(" -debug" & _
-                        ControlChars.Tab & ControlChars.Tab & _
-                        "- Print more output")
-                Console.WriteLine(" -state" & _
-                        ControlChars.Tab & ControlChars.Tab & _
-                        "- Show state messages")
-                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
-                        "- Show RSA state")
-            End If
-        Else 
-            Console.WriteLine("Change configuration to allow this feature")
-        End If
-
-        Environment.Exit(1)
-    End Sub
-
-End Class
-
-Public Module MyMain
-    Function Main(ByVal args() As String) As Integer
-        Dim runner As axssl = New axssl()
-
-        If args.Length = 1 And args(0) = "version" Then
-           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
-            Environment.Exit(0)
-        End If
-
-        If args.Length < 1 
-            runner.print_options("")
-        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
-            runner.print_options(args(0))
-        End If
-
-        Dim build_mode As Integer = SSLUtil.BuildMode()
-
-        If args(0) = "s_server" Then
-            runner.do_server(build_mode, args)
-        Else
-            runner.do_client(build_mode, args)
-        End If
-    End Function
-End Module
diff --git a/tools/sdk/axtls/ssl/asn1.c b/tools/sdk/axtls/ssl/asn1.c
deleted file mode 100644
index b53562cd9e..0000000000
--- a/tools/sdk/axtls/ssl/asn1.c
+++ /dev/null
@@ -1,782 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Some primitive asn methods for extraction ASN.1 data.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "os_port.h"
-#include "crypto.h"
-#include "crypto_misc.h"
-
-/* 1.2.840.113549.1.1 OID prefix - handle the following */
-/* md5WithRSAEncryption(4) */
-/* sha1WithRSAEncryption(5) */
-/* sha256WithRSAEncryption (11) */
-/* sha384WithRSAEncryption (12) */
-/* sha512WithRSAEncryption (13) */
-static const uint8_t sig_oid_prefix[] = 
-{
-    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
-};
-
-/* 1.3.14.3.2.29 SHA1 with RSA signature */
-static const uint8_t sig_sha1WithRSAEncrypt[] =
-{
-    0x2b, 0x0e, 0x03, 0x02, 0x1d
-};
-
-/* 2.16.840.1.101.3.4.2.1 SHA-256 */
-static const uint8_t sig_sha256[] =
-{
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
-};
-
-/* 2.16.840.1.101.3.4.2.2 SHA-384 */
-static const uint8_t sig_sha384[] =
-{
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
-};
-
-/* 2.16.840.1.101.3.4.2.3 SHA-512 */
-static const uint8_t sig_sha512[] =
-{
-    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
-};
-
-static const uint8_t sig_subject_alt_name[] =
-{
-    0x55, 0x1d, 0x11
-};
-
-static const uint8_t sig_basic_constraints[] =
-{
-    0x55, 0x1d, 0x13
-};
-
-static const uint8_t sig_key_usage[] =
-{
-    0x55, 0x1d, 0x0f
-};
-
-/* CN, O, OU, L, C, ST */
-static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
-
-uint32_t get_asn1_length(const uint8_t *buf, int *offset)
-{
-    int i;
-    uint32_t len;
-
-    if (!(buf[*offset] & 0x80)) /* short form */
-    {
-        len = buf[(*offset)++];
-    }
-    else  /* long form */
-    {
-        int length_bytes = buf[(*offset)++]&0x7f;
-        if (length_bytes > 4)   /* limit number of bytes */
-            return 0;
-
-        len = 0;
-        for (i = 0; i < length_bytes; i++)
-        {
-            len <<= 8;
-            len += buf[(*offset)++];
-        }
-    }
-
-    return len;
-}
-
-/**
- * Skip the ASN1.1 object type and its length. Get ready to read the object's
- * data.
- */
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
-{
-    if (buf[*offset] != obj_type)
-        return X509_NOT_OK;
-
-    (*offset)++;
-    return get_asn1_length(buf, offset);
-}
-
-/**
- * Skip over an ASN.1 object type completely. Get ready to read the next
- * object.
- */
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
-{
-    int len;
-
-    if (buf[*offset] != obj_type)
-        return X509_NOT_OK;
-    (*offset)++;
-    len = get_asn1_length(buf, offset);
-    *offset += len;
-    return 0;
-}
-
-/**
- * Read an integer value for ASN.1 data
- * Note: This function allocates memory which must be freed by the user.
- */
-int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
-{
-    int len;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
-        goto end_big_int;
-
-    if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
-    {
-        len--;
-        (*offset)++;
-    }
-
-    *object = (uint8_t *)malloc(len);
-    memcpy(*object, &buf[*offset], len);
-    *offset += len;
-
-end_big_int:
-    return len;
-}
-
-/**
- * Read an integer value for ASN.1 data
- */
-int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
-{
-    int res = X509_OK;
-    int len;
-    int i;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 || 
-                len > sizeof(int32_t))
-    {
-        res = X509_NOT_OK;
-        goto end_int;
-    }
-
-    *val = 0;
-    for (i = 0; i < len; i++)
-    {
-        *val <<= 8;
-        *val |= buf[(*offset)++];
-    }
-
-end_int:
-    return res;
-}
-
-/**
- * Read an boolean value for ASN.1 data
- */
-int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
-{
-    int res = X509_OK;
-
-    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
-    {
-        res = X509_NOT_OK;
-        goto end_bool;
-    }
-
-    /* DER demands that "If the encoding represents the boolean value TRUE,
-       its single contents octet shall have all eight bits set to one."
-       Thus only 0 and 255 are valid encoded values. */
-    *val = buf[(*offset)++] == 0xFF;
-
-end_bool:
-    return res;
-}
-
-/**
- * Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
- */
-int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
-{
-    int res = X509_OK;
-    int len, i;
-    int ignore_bits;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
-    {
-        res = X509_NOT_OK;
-        goto end_bit_string_as_int;
-    }
-
-    /* number of bits left unused in the final byte of content */
-    ignore_bits = buf[(*offset)++];
-    len--;
-    *val = 0;
-
-    /* not sure why key usage doesn't used proper DER spec version */
-    for (i = len-1; i >= 0; --i)
-    {
-        *val <<= 8;
-        *val |= buf[(*offset) + i];
-    }
-
-    *offset += len;
-
-    /*for (i = 0; i < ignore_bits; i++)
-    {
-        *val >>= 1;
-    }*/
-
-end_bit_string_as_int:
-    return res;
-}
-
-/**
- * Get all the RSA private key specifics from an ASN.1 encoded file 
- */
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
-{
-    int offset = 7;
-    uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
-    int mod_len, priv_len, pub_len;
-#ifdef CONFIG_BIGINT_CRT
-    uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
-    int p_len, q_len, dP_len, dQ_len, qInv_len;
-#endif
-
-    /* not in der format */
-    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: This is not a valid ASN.1 file\n");
-#endif
-        return X509_INVALID_PRIV_KEY;
-    }
-
-    /* Use the private key to mix up the RNG if possible. */
-    RNG_custom_init(buf, len);
-
-    mod_len = asn1_get_big_int(buf, &offset, &modulus);
-    pub_len = asn1_get_big_int(buf, &offset, &pub_exp);
-    priv_len = asn1_get_big_int(buf, &offset, &priv_exp);
-
-    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
-        return X509_INVALID_PRIV_KEY;
-
-#ifdef CONFIG_BIGINT_CRT
-    p_len = asn1_get_big_int(buf, &offset, &p);
-    q_len = asn1_get_big_int(buf, &offset, &q);
-    dP_len = asn1_get_big_int(buf, &offset, &dP);
-    dQ_len = asn1_get_big_int(buf, &offset, &dQ);
-    qInv_len = asn1_get_big_int(buf, &offset, &qInv);
-
-    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
-        return X509_INVALID_PRIV_KEY;
-
-    RSA_priv_key_new(rsa_ctx, 
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
-            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
-
-    free(p);
-    free(q);
-    free(dP);
-    free(dQ);
-    free(qInv);
-#else
-    RSA_priv_key_new(rsa_ctx, 
-            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
-#endif
-
-    free(modulus);
-    free(priv_exp);
-    free(pub_exp);
-    return X509_OK;
-}
-
-/**
- * Get the time of a certificate. Ignore hours/minutes/seconds.
- */
-static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
-{
-    int ret = X509_NOT_OK, len, t_offset, abs_year;
-    struct tm tm;
-
-    /* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */
-    if (buf[*offset] == ASN1_UTC_TIME)
-    {
-        (*offset)++;
-
-        len = get_asn1_length(buf, offset);
-        t_offset = *offset;
-
-        memset(&tm, 0, sizeof(struct tm));
-        tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
-
-        if (tm.tm_year < 50)    /* 1951-2050 thing */
-        {
-            tm.tm_year += 100;
-        }
-
-        tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
-        tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
-        tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
-        tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
-        tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
-        *t = mktime(&tm);
-        *offset += len;
-        ret = X509_OK;
-    }
-    else if (buf[*offset] == ASN1_GENERALIZED_TIME)
-    {
-        (*offset)++;
-
-        len = get_asn1_length(buf, offset);
-        t_offset = *offset;
-
-        memset(&tm, 0, sizeof(struct tm));
-        abs_year = ((buf[t_offset] - '0')*1000 +
-                (buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 +
-                (buf[t_offset+3] - '0'));
-
-        if (abs_year <= 1901)
-        {
-          tm.tm_year = 1;
-          tm.tm_mon = 0;
-          tm.tm_mday = 1;
-        }
-        else
-        {
-            tm.tm_year = abs_year - 1900;
-            tm.tm_mon = (buf[t_offset+4] - '0')*10 + 
-                                    (buf[t_offset+5] - '0') - 1;
-            tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
-            tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
-            tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
-            tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
-            *t = mktime(&tm);
-        }
-
-        *offset += len;
-        ret = X509_OK;
-    }
-
-    return ret;
-}
-
-/**
- * Get the version type of a certificate
- */
-int asn1_version(const uint8_t *cert, int *offset, int *val)
-{
-    (*offset) += 2;        /* get past explicit tag */
-    return asn1_get_int(cert, offset, val);
-}
-
-/**
- * Retrieve the notbefore and notafter certificate times.
- */
-int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
-              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
-}
-
-/**
- * Get the components of a distinguished name 
- */
-static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
-{
-    int dn_type = 0;
-    int len;
-
-    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
-        goto end_oid;
-
-    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
-       components we are interested in. */
-    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
-        dn_type = buf[(*offset)++];
-    else
-    {
-        *offset += len;     /* skip over it */
-    }
-
-end_oid:
-    return dn_type;
-}
-
-/**
- * Obtain an ASN.1 printable string type.
- */
-static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
-{
-    int len = X509_NOT_OK;
-    int asn1_type = buf[*offset];
-
-    /* some certs have this awful crud in them for some reason */
-    if (asn1_type != ASN1_PRINTABLE_STR &&  
-            asn1_type != ASN1_PRINTABLE_STR2 &&  
-            asn1_type != ASN1_TELETEX_STR &&  
-            asn1_type != ASN1_IA5_STR &&  
-            asn1_type != ASN1_UNICODE_STR)
-        goto end_pnt_str;
-
-    (*offset)++;
-    len = get_asn1_length(buf, offset);
-
-    if (asn1_type == ASN1_UNICODE_STR)
-    {
-        int i;
-        *str = (char *)malloc(len/2+1);     /* allow for null */
-
-        for (i = 0; i < len; i += 2)
-            (*str)[i/2] = buf[*offset + i + 1];
-
-        (*str)[len/2] = 0;                  /* null terminate */
-    }
-    else
-    {
-        *str = (char *)malloc(len+1);       /* allow for null */
-        memcpy(*str, &buf[*offset], len);
-        (*str)[len] = 0;                    /* null terminate */
-    }
-
-    *offset += len;
-
-end_pnt_str:
-    return len;
-}
-
-/**
- * Get the subject name (or the issuer) of a certificate.
- */
-int asn1_name(const uint8_t *cert, int *offset, char *dn[])
-{
-    int ret = X509_NOT_OK;
-    int dn_type;
-    char *tmp;
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
-        goto end_name;
-
-    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
-    {
-        int i, found = 0;
-
-        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
-            goto end_name;
-
-        tmp = NULL;
-
-        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
-        {
-            free(tmp);
-            goto end_name;
-        }
-
-        /* find the distinguished named type */
-        for (i = 0; i < X509_NUM_DN_TYPES; i++)
-        {
-            if (dn_type == g_dn_types[i])
-            {
-                if (dn[i] == NULL)
-                {
-                    dn[i] = tmp;
-                    found = 1;
-                    break;
-                }
-            }
-        }
-
-        if (found == 0) /* not found so get rid of it */
-        {
-            free(tmp);
-        }
-    }
-
-    ret = X509_OK;
-end_name:
-    return ret;
-}
-
-/**
- * Read the modulus and public exponent of a certificate.
- */
-int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK, mod_len, pub_len;
-    uint8_t *modulus = NULL, *pub_exp = NULL;
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
-            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
-        goto end_pub_key;
-
-    (*offset)++;        /* ignore the padding bit field */
-
-    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
-        goto end_pub_key;
-
-    mod_len = asn1_get_big_int(cert, offset, &modulus);
-    pub_len = asn1_get_big_int(cert, offset, &pub_exp);
-
-    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
-
-    free(modulus);
-    free(pub_exp);
-    ret = X509_OK;
-
-end_pub_key:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Read the signature of the certificate.
- */
-int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK;
-
-    if (cert[(*offset)++] != ASN1_BIT_STRING)
-        goto end_sig;
-
-    x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
-    (*offset)++;            /* ignore bit string padding bits */
-    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
-    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
-    *offset += x509_ctx->sig_len;
-    ret = X509_OK;
-
-end_sig:
-    return ret;
-}
-
-/*
- * Compare 2 distinguished name components for equality 
- * @return 0 if a match
- */
-static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
-{
-    int ret;
-
-    if (dn1 == NULL && dn2 == NULL)
-        ret = 0;
-    else
-        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
-
-    return ret;
-}
-
-/**
- * Clean up all of the CA certificates.
- */
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
-{
-    int i = 0;
-
-    if (ca_cert_ctx == NULL)
-        return;
-
-    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-    {
-        x509_free(ca_cert_ctx->cert[i]);
-        ca_cert_ctx->cert[i++] = NULL;
-    }
-
-    free(ca_cert_ctx);
-}
-
-/*
- * Compare 2 distinguished names for equality 
- * @return 0 if a match
- */
-int asn1_compare_dn(char * const dn1[], char * const dn2[])
-{
-    int i;
-
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
-    {
-        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
-            return 1;
-    }
-
-    return 0;       /* all good */
-}
-
-int asn1_find_oid(const uint8_t* cert, int* offset, 
-                    const uint8_t* oid, int oid_length)
-{
-    int seqlen;
-    if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
-    {
-        int end = *offset + seqlen;
-
-        while (*offset < end)
-        {
-            int type = cert[(*offset)++];
-            int length = get_asn1_length(cert, offset);
-            int noffset = *offset + length;
-
-            if (type == ASN1_SEQUENCE)
-            {
-                type = cert[(*offset)++];
-                length = get_asn1_length(cert, offset);
-
-                if (type == ASN1_OID && length == oid_length && 
-                              memcmp(cert + *offset, oid, oid_length) == 0)
-                {
-                    *offset += oid_length;
-                    return 1;
-                }
-            }
-
-            *offset = noffset;
-        }
-    }
-
-    return 0;
-}
-
-int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
-{
-    if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
-                                sizeof(sig_subject_alt_name)))
-    {
-        return offset;
-    }
-
-    return 0;
-}
-
-int asn1_is_basic_constraints(const uint8_t *cert, int offset)
-{
-    if (asn1_find_oid(cert, &offset, sig_basic_constraints, 
-                                sizeof(sig_basic_constraints)))
-    {
-        return offset;
-    }
-
-    return 0;
-}
-
-int asn1_is_key_usage(const uint8_t *cert, int offset)
-{
-    if (asn1_find_oid(cert, &offset, sig_key_usage, 
-                                sizeof(sig_key_usage)))
-    {
-        return offset;
-    }
-
-    return 0;
-}
-
-bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
-{
-    /* critical is optional */
-    bool res = false;
-
-    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
-        res = buf[(*offset)++] == 0xFF;
-
-    return res;
-}
-
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-
-/**
- * Read the signature type of the certificate. We only support RSA-MD5 and
- * RSA-SHA1 signature types.
- */
-int asn1_signature_type(const uint8_t *cert, 
-                                int *offset, X509_CTX *x509_ctx)
-{
-    int ret = X509_NOT_OK, len;
-
-    if (cert[(*offset)++] != ASN1_OID)
-        goto end_check_sig;
-
-    len = get_asn1_length(cert, offset);
-
-    if (len == sizeof(sig_sha1WithRSAEncrypt) && 
-            memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
-                                    sizeof(sig_sha1WithRSAEncrypt)) == 0)
-    {
-        x509_ctx->sig_type = SIG_TYPE_SHA1;
-    }
-    else if (len == sizeof(sig_sha256) && 
-            memcmp(sig_sha256, &cert[*offset], 
-                                    sizeof(sig_sha256)) == 0)
-    {
-        x509_ctx->sig_type = SIG_TYPE_SHA256;
-    }
-    else if (len == sizeof(sig_sha384) && 
-            memcmp(sig_sha384, &cert[*offset], 
-                                    sizeof(sig_sha384)) == 0)
-    {
-        x509_ctx->sig_type = SIG_TYPE_SHA384;
-    }
-    else if (len == sizeof(sig_sha512) && 
-            memcmp(sig_sha512, &cert[*offset], 
-                                    sizeof(sig_sha512)) == 0)
-    {
-        x509_ctx->sig_type = SIG_TYPE_SHA512;
-    }
-    else
-    {
-        if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
-        {
-#ifdef CONFIG_SSL_FULL_MODE
-            int i;
-            printf("invalid digest: ");
-
-            for (i = 0; i < len; i++)
-                printf("%02x ", cert[*offset + i]);
-
-            printf("\n");
-#endif
-            goto end_check_sig;     /* unrecognised cert type */
-        }
-
-        x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
-    }
-
-    *offset += len;
-    asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
-    ret = X509_OK;
-
-end_check_sig:
-    return ret;
-}
-
diff --git a/tools/sdk/axtls/ssl/cert.h b/tools/sdk/axtls/ssl/cert.h
deleted file mode 100644
index 40234b9b1c..0000000000
--- a/tools/sdk/axtls/ssl/cert.h
+++ /dev/null
@@ -1,54 +0,0 @@
-unsigned char default_certificate[] = {
-  0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5,
-  0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
-  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
-  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
-  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
-  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
-  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32,
-  0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33,
-  0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a,
-  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
-  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
-  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
-  0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81,
-  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
-  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
-  0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa,
-  0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0,
-  0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3,
-  0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a,
-  0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99,
-  0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01,
-  0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0,
-  0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28,
-  0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb,
-  0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07,
-  0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02,
-  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-  0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a,
-  0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0,
-  0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2,
-  0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77,
-  0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80,
-  0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77,
-  0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32,
-  0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9,
-  0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d,
-  0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9,
-  0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95,
-  0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
-  0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
-  0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
-  0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
-  0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
-  0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
-  0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
-  0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
-  0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
-  0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
-  0xb1, 0x22, 0x6b, 0x50
-};
-unsigned int default_certificate_len = 604;
diff --git a/tools/sdk/axtls/ssl/config.h b/tools/sdk/axtls/ssl/config.h
deleted file mode 100644
index 8731430703..0000000000
--- a/tools/sdk/axtls/ssl/config.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Automatically generated header file: don't edit
- */
-
-#define HAVE_DOT_CONFIG 1
-#undef CONFIG_PLATFORM_LINUX
-#define CONFIG_PLATFORM_CYGWIN 1
-#undef CONFIG_PLATFORM_WIN32
-
-/*
- * General Configuration
- */
-#define PREFIX "/usr/local"
-#define CONFIG_DEBUG 1
-#undef CONFIG_STRIP_UNWANTED_SECTIONS
-#undef CONFIG_VISUAL_STUDIO_7_0
-#undef CONFIG_VISUAL_STUDIO_8_0
-#undef CONFIG_VISUAL_STUDIO_10_0
-#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
-#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
-#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
-#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
-
-/*
- * SSL Library
- */
-#undef CONFIG_SSL_SERVER_ONLY
-#define CONFIG_SSL_CERT_VERIFICATION
-#undef CONFIG_SSL_ENABLE_CLIENT
-#define CONFIG_SSL_FULL_MODE 1
-#undef CONFIG_SSL_SKELETON_MODE
-#undef CONFIG_SSL_PROT_LOW
-#define CONFIG_SSL_PROT_MEDIUM 1
-#undef CONFIG_SSL_PROT_HIGH
-#undef CONFIG_SSL_USE_DEFAULT_KEY
-#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
-#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
-#define CONFIG_SSL_X509_CERT_LOCATION ""
-#undef CONFIG_SSL_GENERATE_X509_CERT
-#define CONFIG_SSL_X509_COMMON_NAME ""
-#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
-#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
-#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
-#define CONFIG_SSL_HAS_PEM 1
-#undef CONFIG_SSL_USE_PKCS12
-#define CONFIG_SSL_EXPIRY_TIME 24
-#define CONFIG_X509_MAX_CA_CERTS 10
-#define CONFIG_SSL_MAX_CERTS 1
-#undef CONFIG_SSL_CTX_MUTEXING
-#undef CONFIG_USE_DEV_URANDOM
-#undef CONFIG_WIN32_USE_CRYPTO_LIB
-#undef CONFIG_OPENSSL_COMPATIBLE
-#undef CONFIG_PERFORMANCE_TESTING
-#define CONFIG_SSL_TEST 1
-#undef CONFIG_AXTLSWRAP
-#define CONFIG_AXHTTPD 1
-
-/*
- * Axhttpd Configuration
- */
-#undef CONFIG_HTTP_STATIC_BUILD
-#define CONFIG_HTTP_PORT 80
-#define CONFIG_HTTP_HTTPS_PORT 443
-#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
-#define CONFIG_HTTP_WEBROOT "../www"
-#define CONFIG_HTTP_TIMEOUT 300
-
-/*
- * CGI
- */
-#undef CONFIG_HTTP_HAS_CGI 
-#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
-#define CONFIG_HTTP_ENABLE_LUA 1
-#define CONFIG_HTTP_LUA_PREFIX "/usr"
-#undef CONFIG_HTTP_BUILD_LUA
-#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
-#define CONFIG_HTTP_DIRECTORIES 1
-#define CONFIG_HTTP_HAS_AUTHORIZATION 1
-#undef CONFIG_HTTP_HAS_IPV6
-#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
-#define CONFIG_HTTP_USER ""
-#define CONFIG_HTTP_VERBOSE 0
-#undef CONFIG_HTTP_IS_DAEMON
-
-/*
- * Language Bindings
- */
-#undef CONFIG_BINDINGS
-#undef CONFIG_CSHARP_BINDINGS
-#undef CONFIG_VBNET_BINDINGS
-#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
-#undef CONFIG_JAVA_BINDINGS
-#define CONFIG_JAVA_HOME ""
-#undef CONFIG_PERL_BINDINGS
-#define CONFIG_PERL_CORE ""
-#define CONFIG_PERL_LIB ""
-#undef CONFIG_LUA_BINDINGS
-#define CONFIG_LUA_CORE ""
-
-/*
- * Samples
- */
-#define CONFIG_SAMPLES 1
-#define CONFIG_C_SAMPLES 1
-#undef CONFIG_CSHARP_SAMPLES
-#undef CONFIG_VBNET_SAMPLES
-#undef CONFIG_JAVA_SAMPLES
-#undef CONFIG_PERL_SAMPLES
-#undef CONFIG_LUA_SAMPLES
-
-/*
- * BigInt Options
- */
-#undef CONFIG_BIGINT_CLASSICAL
-#undef CONFIG_BIGINT_MONTGOMERY
-#define CONFIG_BIGINT_BARRETT 1
-#define CONFIG_BIGINT_CRT 1
-#undef CONFIG_BIGINT_KARATSUBA
-#define MUL_KARATSUBA_THRESH 
-#define SQU_KARATSUBA_THRESH 
-#define CONFIG_BIGINT_SLIDING_WINDOW 1
-#define CONFIG_BIGINT_SQUARE 1
-#define CONFIG_BIGINT_CHECK_ON 1
-#define CONFIG_INTEGER_32BIT 1
-#undef CONFIG_INTEGER_16BIT
-#undef CONFIG_INTEGER_8BIT
diff --git a/tools/sdk/axtls/ssl/crypto_misc.h b/tools/sdk/axtls/ssl/crypto_misc.h
deleted file mode 100644
index 33a4455c90..0000000000
--- a/tools/sdk/axtls/ssl/crypto_misc.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/**
- * @file crypto_misc.h
- */
-
-#ifndef HEADER_CRYPTO_MISC_H
-#define HEADER_CRYPTO_MISC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "crypto.h"
-#include "bigint.h"
-
-/**************************************************************************
- * X509 declarations 
- **************************************************************************/
-#define X509_OK                             0
-#define X509_NOT_OK                         -1
-#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
-#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
-#define X509_VFY_ERROR_NOT_YET_VALID        -4
-#define X509_VFY_ERROR_EXPIRED              -5
-#define X509_VFY_ERROR_SELF_SIGNED          -6
-#define X509_VFY_ERROR_INVALID_CHAIN        -7
-#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
-#define X509_INVALID_PRIV_KEY               -9
-#define X509_MAX_CERTS                      -10
-#define X509_VFY_ERROR_BASIC_CONSTRAINT     -11
-
-/*
- * The Distinguished Name
- */
-#define X509_NUM_DN_TYPES                   6
-#define X509_COMMON_NAME                    0
-#define X509_ORGANIZATION                   1
-#define X509_ORGANIZATIONAL_UNIT            2
-#define X509_LOCATION                       3
-#define X509_COUNTRY                        4
-#define X509_STATE                          5
-
-/*
- * Key Usage bits
- */
-#define IS_SET_KEY_USAGE_FLAG(A, B)          (A->key_usage & B)
-
-#define KEY_USAGE_DIGITAL_SIGNATURE         0x0080
-#define KEY_USAGE_NON_REPUDIATION           0x0040
-#define KEY_USAGE_KEY_ENCIPHERMENT          0x0020
-#define KEY_USAGE_DATA_ENCIPHERMENT         0x0010
-#define KEY_USAGE_KEY_AGREEMENT             0x0008
-#define KEY_USAGE_KEY_CERT_SIGN             0x0004
-#define KEY_USAGE_CRL_SIGN                  0x0002
-#define KEY_USAGE_ENCIPHER_ONLY             0x0001
-#define KEY_USAGE_DECIPHER_ONLY             0x8000
-
-struct _x509_ctx
-{
-    char *ca_cert_dn[X509_NUM_DN_TYPES];
-    char *cert_dn[X509_NUM_DN_TYPES];
-    char **subject_alt_dnsnames;
-    time_t not_before;
-    time_t not_after;
-    uint8_t *signature;
-    RSA_CTX *rsa_ctx;
-    bigint *digest;
-    uint8_t *fingerprint;
-    uint8_t *spki_sha256;
-    uint16_t sig_len;
-    uint8_t sig_type;
-    bool basic_constraint_present;
-    bool basic_constraint_is_critical;
-    bool key_usage_present;
-    bool key_usage_is_critical;
-    bool subject_alt_name_present;
-    bool subject_alt_name_is_critical;
-    bool basic_constraint_cA;
-    int basic_constraint_pathLenConstraint;
-    uint32_t key_usage;
-    struct _x509_ctx *next;
-};
-
-typedef struct _x509_ctx X509_CTX;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-typedef struct 
-{
-    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
-} CA_CERT_CTX;
-#endif
-
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
-void x509_free(X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
-        int *pathLenConstraint);
-#endif
-#ifdef CONFIG_SSL_FULL_MODE
-void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
-const char * x509_display_error(int error, char *buff);
-#endif
-
-/**************************************************************************
- * ASN1 declarations 
- **************************************************************************/
-#define ASN1_BOOLEAN            0x01
-#define ASN1_INTEGER            0x02
-#define ASN1_BIT_STRING         0x03
-#define ASN1_OCTET_STRING       0x04
-#define ASN1_NULL               0x05
-#define ASN1_PRINTABLE_STR2     0x0C
-#define ASN1_OID                0x06
-#define ASN1_PRINTABLE_STR2     0x0C
-#define ASN1_PRINTABLE_STR      0x13
-#define ASN1_TELETEX_STR        0x14
-#define ASN1_IA5_STR            0x16
-#define ASN1_UTC_TIME           0x17
-#define ASN1_GENERALIZED_TIME   0x18
-#define ASN1_UNICODE_STR        0x1e
-#define ASN1_SEQUENCE           0x30
-#define ASN1_CONTEXT_DNSNAME	0x82
-#define ASN1_SET                0x31
-#define ASN1_V3_DATA			0xa3
-#define ASN1_IMPLICIT_TAG       0x80
-#define ASN1_CONTEXT_DNSNAME	0x82
-#define ASN1_EXPLICIT_TAG       0xa0
-#define ASN1_V3_DATA			0xa3
-
-#define SIG_TYPE_MD5            0x04
-#define SIG_TYPE_SHA1           0x05
-#define SIG_TYPE_SHA256         0x0b
-#define SIG_TYPE_SHA384         0x0c
-#define SIG_TYPE_SHA512         0x0d
-
-uint32_t get_asn1_length(const uint8_t *buf, int *offset);
-int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
-int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
-int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
-int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
-int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
-int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
-int asn1_version(const uint8_t *cert, int *offset, int *val);
-int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
-int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
-int asn1_compare_dn(char * const dn1[], char * const dn2[]);
-int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
-int asn1_is_basic_constraints(const uint8_t *cert, int offset);
-int asn1_is_key_usage(const uint8_t *cert, int offset);
-bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-int asn1_signature_type(const uint8_t *cert, 
-                                int *offset, X509_CTX *x509_ctx);
-
-/**************************************************************************
- * MISC declarations 
- **************************************************************************/
-#define SALT_SIZE               8
-
-extern const char * const unsupported_str;
-
-typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
-typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-typedef void (*hmac_func_v)(const uint8_t **msg, int *length, int count, const uint8_t *key, 
-        int key_len, uint8_t *digest);
-
-
-int get_file(const char *filename, uint8_t **buf);
-
-#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
-EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
-#else
-    #define print_blob(...)
-#endif
-
-EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
-                    uint8_t *out, int *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/tools/sdk/axtls/ssl/gen_cert.c b/tools/sdk/axtls/ssl/gen_cert.c
deleted file mode 100644
index 093ae9c093..0000000000
--- a/tools/sdk/axtls/ssl/gen_cert.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#ifdef CONFIG_SSL_GENERATE_X509_CERT
-#include <string.h>
-#include <stdlib.h>
-#include "os_port.h"
-#include "ssl.h"
-
-/**
- * Generate a basic X.509 certificate
- */
-
-static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
-{
-    if (len < 0x80) /* short form */
-    {
-        buf[(*offset)++] = len;
-        return 1;
-    }
-    else /* long form */
-    {
-        int i, length_bytes = 0;
-
-        if (len & 0x00FF0000)
-            length_bytes = 3;
-        else if (len & 0x0000FF00)
-            length_bytes = 2;
-        else if (len & 0x000000FF)
-            length_bytes = 1;
-            
-        buf[(*offset)++] = 0x80 + length_bytes;
-
-        for (i = length_bytes-1; i >= 0; i--)
-        {
-            buf[*offset+i] = len & 0xFF;
-            len >>= 8;
-        }
-
-        *offset += length_bytes;
-        return length_bytes+1;
-    }
-}
-
-static int pre_adjust_with_size(uint8_t type,
-        int *seq_offset, uint8_t *buf, int *offset)
-{
-    buf[(*offset)++] = type;
-    *seq_offset = *offset;
-    *offset += 4;   /* fill in later */
-    return *offset;
-}
-
-static void adjust_with_size(int seq_size, int seq_start, 
-                uint8_t *buf, int *offset)
-{
-    uint8_t seq_byte_size; 
-    int orig_seq_size = seq_size;
-    int orig_seq_start = seq_start;
-
-    seq_size = *offset-seq_size;
-    seq_byte_size = set_gen_length(seq_size, buf, &seq_start);
-
-    if (seq_byte_size != 4)
-    {
-        memmove(&buf[orig_seq_start+seq_byte_size], 
-                &buf[orig_seq_size], seq_size);
-        *offset -= 4-seq_byte_size;
-    }
-}
-
-static void gen_serial_number(uint8_t *buf, int *offset)
-{
-    static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F };
-    memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
-    *offset += sizeof(ser_oid);
-}
-
-static void gen_signature_alg(uint8_t *buf, int *offset)
-{
-    /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
-    static const uint8_t sig_oid[] = 
-    {
-        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, 
-        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
-        ASN1_NULL, 0x00
-    };
-
-    memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
-    *offset += sizeof(sig_oid);
-}
-
-static int gen_dn(const char *name, uint8_t dn_type, 
-                        uint8_t *buf, int *offset)
-{
-    int ret = X509_OK;
-    int name_size = strlen(name);
-
-    if (name_size > 0x70)    /* just too big */
-    {
-        ret = X509_NOT_OK;
-        goto error;
-    }
-
-    buf[(*offset)++] = ASN1_SET;
-    set_gen_length(9+name_size, buf, offset);
-    buf[(*offset)++] = ASN1_SEQUENCE;
-    set_gen_length(7+name_size, buf, offset);
-    buf[(*offset)++] = ASN1_OID;
-    buf[(*offset)++] = 3;
-    buf[(*offset)++] = 0x55;
-    buf[(*offset)++] = 0x04;
-    buf[(*offset)++] = dn_type;
-    buf[(*offset)++] = ASN1_PRINTABLE_STR;
-    buf[(*offset)++] = name_size;
-    strcpy((char *)&buf[*offset], name);
-    *offset += name_size;
-
-error:
-    return ret;
-}
-
-static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
-{
-    int ret = X509_OK;
-    int seq_offset;
-    int seq_size = pre_adjust_with_size(
-                            ASN1_SEQUENCE, &seq_offset, buf, offset);
-    char fqdn[128]; 
-
-    /* we need the common name, so if not configured, work out the fully
-     * qualified domain name */
-    if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
-    {
-        int fqdn_len;
-        gethostname(fqdn, sizeof(fqdn));
-        fqdn_len = strlen(fqdn);
-        fqdn[fqdn_len++] = '.';
-
-        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
-        {
-            ret = X509_NOT_OK;
-            goto error;
-        }
-
-        fqdn_len = strlen(fqdn);
-
-        if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
-            fqdn[fqdn_len-1] = 0;
-
-        dn[X509_COMMON_NAME] = fqdn;
-    }
-
-    if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
-        goto error;
-
-    if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
-    {
-        if ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))
-            goto error;
-    }
-
-    if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
-                                strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
-    {
-        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 11, buf, offset)))
-            goto error;
-    }
-
-    adjust_with_size(seq_size, seq_offset, buf, offset);
-
-error:
-    return ret;
-}
-
-static void gen_utc_time(uint8_t *buf, int *offset)
-{
-    static const uint8_t time_seq[] = 
-    {
-        ASN1_SEQUENCE, 30, 
-        ASN1_UTC_TIME, 13, 
-        '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
-        ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
-        '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
-    };
-
-    /* fixed time */
-    memcpy(&buf[*offset], time_seq, sizeof(time_seq));
-    *offset += sizeof(time_seq);
-}
-
-static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
-{
-    static const uint8_t pub_key_seq[] =
-    {
-        ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
-    };
-
-    int seq_offset;
-    int pub_key_size = rsa_ctx->num_octets;
-    uint8_t *block = (uint8_t *)malloc(pub_key_size);
-    int seq_size = pre_adjust_with_size(
-                            ASN1_SEQUENCE, &seq_offset, buf, offset);
-    buf[(*offset)++] = ASN1_INTEGER;
-    bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
-
-    if (*block & 0x80)  /* make integer positive */
-    {
-        set_gen_length(pub_key_size+1, buf, offset);
-        buf[(*offset)++] = 0;
-    }
-    else
-        set_gen_length(pub_key_size, buf, offset);
-
-    memcpy(&buf[*offset], block, pub_key_size);
-    free(block);
-    *offset += pub_key_size;
-    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
-    *offset += sizeof(pub_key_seq);
-    adjust_with_size(seq_size, seq_offset, buf, offset);
-}
-
-static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
-{
-    int seq_offset;
-    int seq_size = pre_adjust_with_size(
-                            ASN1_BIT_STRING, &seq_offset, buf, offset);
-    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
-    gen_pub_key2(rsa_ctx, buf, offset);
-    adjust_with_size(seq_size, seq_offset, buf, offset);
-}
-
-static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
-{
-    /*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
-    static const uint8_t rsa_enc_oid[] =
-    {
-        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09,
-        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
-        ASN1_NULL, 0x00
-    };
-
-    int seq_offset;
-    int seq_size = pre_adjust_with_size(
-                            ASN1_SEQUENCE, &seq_offset, buf, offset);
-
-    memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
-    *offset += sizeof(rsa_enc_oid);
-    gen_pub_key1(rsa_ctx, buf, offset);
-    adjust_with_size(seq_size, seq_offset, buf, offset);
-}
-
-static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
-                        uint8_t *buf, int *offset)
-{
-    static const uint8_t asn1_sig[] = 
-    {
-        ASN1_SEQUENCE,  0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, 
-        0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */
-        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
-    };
-
-    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
-    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
-    int sig_size;
-
-    /* add the digest as an embedded asn.1 sequence */
-    memcpy(block, asn1_sig, sizeof(asn1_sig));
-    memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
-
-    sig_size = RSA_encrypt(rsa_ctx, block, 
-                            sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
-
-    buf[(*offset)++] = ASN1_BIT_STRING;
-    set_gen_length(sig_size+1, buf, offset);
-    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
-    memcpy(&buf[*offset], enc_block, sig_size);
-    free(enc_block);
-    free(block);
-    *offset += sig_size;
-}
-
-static int gen_tbs_cert(const char * dn[],
-                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
-                    uint8_t *sha_dgst)
-{
-    int ret = X509_OK;
-    SHA1_CTX sha_ctx;
-    int seq_offset;
-    int begin_tbs = *offset;
-    int seq_size = pre_adjust_with_size(
-                        ASN1_SEQUENCE, &seq_offset, buf, offset);
-
-    gen_serial_number(buf, offset);
-    gen_signature_alg(buf, offset);
-
-    /* CA certicate issuer */
-    if ((ret = gen_issuer(dn, buf, offset)))
-        goto error;
-
-    gen_utc_time(buf, offset);
-
-    /* certificate issuer */
-    if ((ret = gen_issuer(dn, buf, offset)))
-        goto error;
-
-    gen_pub_key(rsa_ctx, buf, offset);
-    adjust_with_size(seq_size, seq_offset, buf, offset);
-
-    SHA1_Init(&sha_ctx);
-    SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
-    SHA1_Final(sha_dgst, &sha_ctx);
-
-error:
-    return ret;
-}
-
-/**
- * Create a new certificate.
- */
-EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data)
-{
-    int ret = X509_OK, offset = 0, seq_offset;
-    /* allocate enough space to load a new certificate */
-    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
-    uint8_t sha_dgst[SHA1_SIZE];
-    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
-                                    &seq_offset, buf, &offset);
-
-    if ((ret = gen_tbs_cert(dn, ssl_ctx->rsa_ctx, buf, &offset, sha_dgst)) < 0)
-        goto error;
-
-    gen_signature_alg(buf, &offset);
-    gen_signature(ssl_ctx->rsa_ctx, sha_dgst, buf, &offset);
-    adjust_with_size(seq_size, seq_offset, buf, &offset);
-    *cert_data = (uint8_t *)malloc(offset); /* create the exact memory for it */
-    memcpy(*cert_data, buf, offset);
-
-error:
-    free(buf);
-    return ret < 0 ? ret : offset;
-}
-
-#endif
-
diff --git a/tools/sdk/axtls/ssl/loader.c b/tools/sdk/axtls/ssl/loader.c
deleted file mode 100644
index 3d07323900..0000000000
--- a/tools/sdk/axtls/ssl/loader.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/*
- * Copyright (c) 2007-2014, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Load certificates/keys into memory. These can be in many different formats.
- * PEM support and other formats can be processed here.
- *
- * The PEM private keys may be optionally encrypted with AES128 or AES256. 
- * The encrypted PEM keys were generated with something like:
- *
- * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "ssl.h"
-
-static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
-                    SSLObjLoader *ssl_obj, const char *password);
-#ifdef CONFIG_SSL_HAS_PEM
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
-                        SSLObjLoader *ssl_obj, const char *password);
-#endif
-
-/*
- * Load a file into memory that is in binary DER (or ascii PEM) format.
- */
-EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
-                            const char *filename, const char *password)
-{
-#ifndef CONFIG_SSL_SKELETON_MODE
-    static const char * const begin = "-----BEGIN";
-    int ret = SSL_OK;
-    SSLObjLoader *ssl_obj = NULL;
-
-    if (filename == NULL)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-    ssl_obj->len = get_file(filename, &ssl_obj->buf); 
-    if (ssl_obj->len <= 0)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    /* is the file a PEM file? */
-    if (strstr((char *)ssl_obj->buf, begin) != NULL)
-    {
-#ifdef CONFIG_SSL_HAS_PEM
-        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
-#else
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("%s", unsupported_str);
-#endif
-        ret = SSL_ERROR_NOT_SUPPORTED;
-#endif
-    }
-    else
-        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
-
-error:
-    ssl_obj_free(ssl_obj);
-    return ret;
-#else
-#ifdef CONFIG_SSL_FULL_MODE
-    printf("%s", unsupported_str);
-#endif
-    return SSL_ERROR_NOT_SUPPORTED;
-#endif /* CONFIG_SSL_SKELETON_MODE */
-}
-
-/*
- * Transfer binary data into the object loader.
- */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
-        const uint8_t *data, int len, const char *password)
-{
-    int ret;
-    SSLObjLoader *ssl_obj;
-
-    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-    ssl_obj->buf = (uint8_t *)malloc(len);
-    memcpy(ssl_obj->buf, data, len);
-    ssl_obj->len = len;
-    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
-    ssl_obj_free(ssl_obj);
-    return ret;
-}
-
-/*
- * Actually work out what we are doing 
- */
-static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
-                    SSLObjLoader *ssl_obj, const char *password)
-{
-    int ret = SSL_OK;
-
-    switch (obj_type)
-    {
-        case SSL_OBJ_RSA_KEY:
-            ret = add_private_key(ssl_ctx, ssl_obj);
-            break;
-
-        case SSL_OBJ_X509_CERT:
-            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
-            break;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case SSL_OBJ_X509_CACERT:
-            add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
-            break;
-#endif
-
-#ifdef CONFIG_SSL_USE_PKCS12
-        case SSL_OBJ_PKCS8:
-            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
-            break;
-
-        case SSL_OBJ_PKCS12:
-            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
-            break;
-#endif
-        default:
-#ifdef CONFIG_SSL_FULL_MODE
-            printf("%s", unsupported_str);
-#endif
-            ret = SSL_ERROR_NOT_SUPPORTED;
-            break;
-    }
-
-    return ret;
-}
-
-/*
- * Clean up our mess.
- */
-void ssl_obj_free(SSLObjLoader *ssl_obj)
-{
-    if (ssl_obj)
-    {
-        free(ssl_obj->buf);
-        free(ssl_obj);
-    }
-}
-
-/*
- * Support for PEM encoded keys/certificates.
- */
-#ifdef CONFIG_SSL_HAS_PEM
-
-#define NUM_PEM_TYPES               4
-#define IV_SIZE                     16
-#define IS_RSA_PRIVATE_KEY          0
-#define IS_ENCRYPTED_PRIVATE_KEY    1
-#define IS_PRIVATE_KEY              2
-#define IS_CERTIFICATE              3
-
-static const char * const begins[NUM_PEM_TYPES] =
-{
-    "-----BEGIN RSA PRIVATE KEY-----",
-    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
-    "-----BEGIN PRIVATE KEY-----",
-    "-----BEGIN CERTIFICATE-----",
-};
-
-static const char * const ends[NUM_PEM_TYPES] =
-{
-    "-----END RSA PRIVATE KEY-----",
-    "-----END ENCRYPTED PRIVATE KEY-----",
-    "-----END PRIVATE KEY-----",
-    "-----END CERTIFICATE-----",
-};
-
-static const char * const aes_str[2] =
-{
-    "DEK-Info: AES-128-CBC,",
-    "DEK-Info: AES-256-CBC," 
-};
-
-/**
- * Take a base64 blob of data and decrypt it (using AES) into its 
- * proper ASN.1 form.
- */
-static int pem_decrypt(const char *where, const char *end,
-                        const char *password, SSLObjLoader *ssl_obj)
-{
-    int ret = -1;
-    int is_aes_256 = 0;
-    char *start = NULL;
-    uint8_t iv[IV_SIZE];
-    int i, pem_size;
-    MD5_CTX md5_ctx;
-    AES_CTX aes_ctx;
-    uint8_t key[32];        /* AES256 size */
-
-    if (password == NULL || strlen(password) == 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Need a password for this PEM file\n");
-#endif
-        goto error;
-    }
-
-    if ((start = strstr((const char *)where, aes_str[0])))         /* AES128? */
-    {
-        start += strlen(aes_str[0]);
-    }
-    else if ((start = strstr((const char *)where, aes_str[1])))    /* AES256? */
-    {
-        is_aes_256 = 1;
-        start += strlen(aes_str[1]);
-    }
-    else 
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Unsupported password cipher\n");
-#endif
-        goto error;
-    }
-
-    /* convert from hex to binary - assumes uppercase hex */
-    for (i = 0; i < IV_SIZE; i++)
-    {
-        char c = *start++ - '0';
-        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
-        c = *start++ - '0';
-        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
-    }
-
-    while (*start == '\r' || *start == '\n')
-        start++;
-
-    /* turn base64 into binary */
-    pem_size = (int)(end-start);
-    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
-        goto error;
-
-    /* work out the key */
-    MD5_Init(&md5_ctx);
-    MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-    MD5_Update(&md5_ctx, iv, SALT_SIZE);
-    MD5_Final(key, &md5_ctx);
-
-    if (is_aes_256)
-    {
-        MD5_Init(&md5_ctx);
-        MD5_Update(&md5_ctx, key, MD5_SIZE);
-        MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
-        MD5_Update(&md5_ctx, iv, SALT_SIZE);
-        MD5_Final(&key[MD5_SIZE], &md5_ctx);
-    }
-
-    /* decrypt using the key/iv */
-    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
-    AES_convert_key(&aes_ctx);
-    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
-    ret = 0;
-
-error:
-    return ret; 
-}
-
-/**
- * Take a base64 blob of data and turn it into its proper ASN.1 form.
- */
-static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
-                    int remain, const char *password)
-{
-    int ret = SSL_ERROR_BAD_CERTIFICATE;
-    SSLObjLoader *ssl_obj = NULL;
-
-    while (remain > 0)
-    {
-        int i, pem_size, obj_type;
-        char *start = NULL, *end = NULL;
-
-        for (i = 0; i < NUM_PEM_TYPES; i++)
-        {
-            if ((start = strstr(where, begins[i])) &&
-                    (end = strstr(where, ends[i])))
-            {
-                remain -= (int)(end-where);
-                start += strlen(begins[i]);
-                pem_size = (int)(end-start);
-
-                ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
-
-                /* 4/3 bigger than what we need but so what */
-                ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
-                ssl_obj->len = pem_size;
-
-                if (i == IS_RSA_PRIVATE_KEY && 
-                            strstr(start, "Proc-Type:") && 
-                            strstr(start, "4,ENCRYPTED"))
-                {
-                    /* check for encrypted PEM file */
-                    if (pem_decrypt(start, end, password, ssl_obj) < 0)
-                    {
-                        ret = SSL_ERROR_BAD_CERTIFICATE;
-                        goto error;
-                    }
-                }
-                else 
-                {
-                    ssl_obj->len = pem_size;
-                    if (base64_decode(start, pem_size, 
-                                ssl_obj->buf, &ssl_obj->len) != 0)
-                    {
-                        ret = SSL_ERROR_BAD_CERTIFICATE;
-                        goto error;
-                    }
-                }
-
-                switch (i)
-                {
-                    case IS_RSA_PRIVATE_KEY:
-                        obj_type = SSL_OBJ_RSA_KEY;
-                        break;
-
-                    case IS_ENCRYPTED_PRIVATE_KEY:
-                    case IS_PRIVATE_KEY:
-                        obj_type = SSL_OBJ_PKCS8;
-                        break;
-
-                    case IS_CERTIFICATE:
-                        obj_type = is_cacert ?
-                                        SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
-                        break;
-
-                    default:
-                        ret = SSL_ERROR_BAD_CERTIFICATE;
-                        goto error;
-                }
-
-                /* In a format we can now understand - so process it */
-                if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
-                    goto error;
-
-                end += strlen(ends[i]);
-                remain -= strlen(ends[i]);
-                while (remain > 0 && (*end == '\r' || *end == '\n'))
-                {
-                    end++;
-                    remain--;
-                }
-
-                where = end;
-                break;
-            }
-        }
-
-        ssl_obj_free(ssl_obj);
-        ssl_obj = NULL;
-        if (start == NULL)
-           break;
-    }
-error:
-    ssl_obj_free(ssl_obj);
-    return ret;
-}
-
-/*
- * Load a file into memory that is in ASCII PEM format.
- */
-static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
-                        SSLObjLoader *ssl_obj, const char *password)
-{
-    char *start;
-
-    /* add a null terminator */
-    ssl_obj->len++;
-    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
-    ssl_obj->buf[ssl_obj->len-1] = 0;
-    start = (char *)ssl_obj->buf;
-    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
-                                start, ssl_obj->len, password);
-}
-#endif /* CONFIG_SSL_HAS_PEM */
-
-/**
- * Load the key/certificates in memory depending on compile-time and user
- * options. 
- */
-int load_key_certs(SSL_CTX *ssl_ctx)
-{
-    int ret = SSL_OK;
-    uint32_t options = ssl_ctx->options;
-#ifdef CONFIG_SSL_GENERATE_X509_CERT 
-    uint8_t *cert_data = NULL;
-    int cert_size;
-    static const char *dn[] = 
-    {
-        CONFIG_SSL_X509_COMMON_NAME,
-        CONFIG_SSL_X509_ORGANIZATION_NAME,
-        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
-    };
-#endif
-
-    /* do the private key first */
-    if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, 
-                                CONFIG_SSL_PRIVATE_KEY_LOCATION,
-                                CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
-            goto error;
-    }
-    else if (!(options & SSL_NO_DEFAULT_KEY))
-    {
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-        extern const unsigned char* default_private_key;
-        extern const unsigned int default_private_key_len;
-        if (default_private_key != NULL && default_private_key_len > 0)
-            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
-                default_private_key_len, NULL);
-#endif
-    }
-
-    /* now load the certificate */
-#ifdef CONFIG_SSL_GENERATE_X509_CERT 
-    if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
-    {
-        ret = cert_size;
-        goto error;
-    }
-
-    ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
-    free(cert_data);
-#else
-    if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
-                                CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
-            goto error;
-    }
-    else if (!(options & SSL_NO_DEFAULT_KEY))
-    {
-#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
-        extern const unsigned char* default_certificate;
-        extern const unsigned int default_certificate_len;
-        if (default_certificate != NULL && default_certificate_len > 0)
-            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
-                    default_certificate, default_certificate_len, NULL);
-#endif
-    }
-#endif
-
-error:
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ret)
-    {
-        printf("Error: Certificate or key not loaded\n");
-    }
-#endif
-
-    return ret;
-
-}
diff --git a/tools/sdk/axtls/ssl/openssl.c b/tools/sdk/axtls/ssl/openssl.c
deleted file mode 100644
index d0343e5680..0000000000
--- a/tools/sdk/axtls/ssl/openssl.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Enable a subset of openssl compatible functions. We don't aim to be 100%
- * compatible - just to be able to do basic ports etc.
- *
- * Only really tested on mini_httpd, so I'm not too sure how extensive this
- * port is.
- */
-
-#include "config.h"
-
-#ifdef CONFIG_OPENSSL_COMPATIBLE
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include "os_port.h"
-#include "ssl.h"
-
-#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
-
-static char *key_password = NULL;
-
-void *SSLv3_server_method(void) { return NULL; }
-void *TLSv1_server_method(void) { return NULL; }
-void *SSLv3_client_method(void) { return NULL; }
-void *TLSv1_client_method(void) { return NULL; }
-
-typedef void * (*ssl_func_type_t)(void);
-typedef void * (*bio_func_type_t)(void);
-
-typedef struct
-{
-    ssl_func_type_t ssl_func_type;
-} OPENSSL_CTX;
-
-SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
-{
-    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
-    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
-    OPENSSL_CTX_ATTR->ssl_func_type = meth;
-    return ssl_ctx;
-}
-
-void SSL_CTX_free(SSL_CTX * ssl_ctx)
-{
-    free(ssl_ctx->bonus_attr);
-    ssl_ctx_free(ssl_ctx);
-}
-
-SSL * SSL_new(SSL_CTX *ssl_ctx)
-{
-    SSL *ssl;
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    ssl_func_type_t ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
-#endif
-
-    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    if (ssl_func_type == SSLv3_client_method ||
-        ssl_func_type == TLSv1_client_method)
-    {
-        SET_SSL_FLAG(SSL_IS_CLIENT);
-    }
-    else
-#endif
-    {
-        ssl->next_state = HS_CLIENT_HELLO;
-    }
-
-    return ssl;
-}
-
-int SSL_set_fd(SSL *s, int fd)
-{
-    s->client_fd = fd;
-    return 1;   /* always succeeds */
-}
-
-int SSL_accept(SSL *ssl)
-{
-    while (ssl_read(ssl, NULL) == SSL_OK)
-    {
-        if (ssl->next_state == HS_CLIENT_HELLO)
-            return 1;   /* we're done */
-    }
-
-    return -1;
-}
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-int SSL_connect(SSL *ssl)
-{
-    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
-}
-#endif
-
-void SSL_free(SSL *ssl)
-{
-    ssl_free(ssl);
-}
-
-int SSL_read(SSL *ssl, void *buf, int num)
-{
-    uint8_t *read_buf;
-    int ret;
-
-    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
-
-    if (ret > SSL_OK)
-    {
-        memcpy(buf, read_buf, ret > num ? num : ret);
-    }
-
-    return ret;
-}
-
-int SSL_write(SSL *ssl, const void *buf, int num)
-{
-    return ssl_write(ssl, buf, num);
-}
-
-int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
-{
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
-}
-
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
-{
-    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
-}
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
-{
-    return (ssl_obj_memory_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
-}
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-                                            unsigned int sid_ctx_len)
-{
-    return 1;
-}
-
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
-{
-    return 1;
-}
-
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
-{
-    return (ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
-}
-
-int SSL_shutdown(SSL *ssl)
-{
-    return 1;
-}
-
-/*** get/set session ***/
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-{
-    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
-}
-
-int SSL_set_session(SSL *ssl, SSL_SESSION *session)
-{
-    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
-    return 1;
-}
-
-void SSL_SESSION_free(SSL_SESSION *session) { }
-/*** end get/set session ***/
-
-long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-    return 0;
-}
-
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                                 int (*verify_callback)(int, void *)) { }
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                                           const char *CApath)
-{
-    return 1;
-}
-
-void *SSL_load_client_CA_file(const char *file)
-{
-    return (void *)file;
-}
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
-{ 
-
-    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
-}
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
-{ 
-    key_password = (char *)u;
-}
-
-int SSL_peek(SSL *ssl, void *buf, int num)
-{
-    memcpy(buf, ssl->bm_data, num);
-    return num;
-}
-
-void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
-
-long SSL_get_verify_result(const SSL *ssl)
-{
-    return ssl_handshake_status(ssl);
-}
-
-int SSL_state(SSL *ssl)
-{
-    return 0x03; // ok state
-}
-
-/** end of could do better list */
-
-void *SSL_get_peer_certificate(const SSL *ssl)
-{
-    return &ssl->ssl_ctx->certs[0];
-}
-
-int SSL_clear(SSL *ssl)
-{
-    return 1;
-}
-
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
-{
-    return 1;
-}
-
-int SSL_CTX_set_cipher_list(SSL *s, const char *str)
-{
-    return 1;
-}
-
-int SSL_get_error(const SSL *ssl, int ret)
-{
-    ssl_display_error(ret);
-    return 0;   /* TODO: return proper return code */
-}
-
-void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
-int SSL_library_init(void ) { return 1; }
-void SSL_load_error_strings(void ) {}
-void ERR_print_errors_fp(FILE *fp) {}
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
-                            return CONFIG_SSL_EXPIRY_TIME*3600; }
-long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
-                            return SSL_CTX_get_timeout(ssl_ctx); }
-#endif
-void BIO_printf(FILE *f, const char *format, ...)
-{
-    va_list(ap);
-    va_start(ap, format);
-    vfprintf(f, format, ap);
-    va_end(ap);
-}
-
-void* BIO_s_null(void) { return NULL; }
-FILE *BIO_new(bio_func_type_t func)
-{
-    if (func == BIO_s_null)
-        return fopen("/dev/null", "r");
-    else
-        return NULL;
-}
-
-FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
-int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
-
-
-
-#endif
diff --git a/tools/sdk/axtls/ssl/os_int.h b/tools/sdk/axtls/ssl/os_int.h
deleted file mode 100644
index a6207f1d42..0000000000
--- a/tools/sdk/axtls/ssl/os_int.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef OS_INT_H
-#define OS_INT_H
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdbool.h>
-
-#endif //OS_INT_H
\ No newline at end of file
diff --git a/tools/sdk/axtls/ssl/os_port.c b/tools/sdk/axtls/ssl/os_port.c
deleted file mode 100644
index 060bc073a5..0000000000
--- a/tools/sdk/axtls/ssl/os_port.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- *   may be used to endorse or promote products derived from this software
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file os_port.c
- *
- * OS specific functions.
- */
-#include <time.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <string.h>
-#include "os_port.h"
-
-#ifdef WIN32
-/**
- * gettimeofday() not in Win32
- */
-EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
-{
-#if defined(_WIN32_WCE)
-    t->tv_sec = time(NULL);
-    t->tv_usec = 0;                         /* 1sec precision only */
-#else
-    struct _timeb timebuffer;
-    _ftime(&timebuffer);
-    t->tv_sec = (long)timebuffer.time;
-    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
-#endif
-}
-
-/**
- * strcasecmp() not in Win32
- */
-EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
-{
-    while (tolower(*s1) == tolower(*s2++))
-    {
-        if (*s1++ == '\0')
-        {
-            return 0;
-        }
-    }
-
-    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
-}
-
-
-EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
-{
-    HKEY hKey;
-    unsigned long datatype;
-    unsigned long bufferlength = buf_size;
-
-    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
-            TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
-                        0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
-        return -1;
-
-    RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
-    RegCloseKey(hKey);
-    return 0;
-}
-#endif
-
diff --git a/tools/sdk/axtls/ssl/os_port.h b/tools/sdk/axtls/ssl/os_port.h
deleted file mode 100644
index ded2c4878f..0000000000
--- a/tools/sdk/axtls/ssl/os_port.h
+++ /dev/null
@@ -1,283 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- *   this list of conditions and the following disclaimer in the documentation
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors
- *   may be used to endorse or promote products derived from this software
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file os_port.h
- *
- * Some stuff to minimise the differences between windows and linux/unix
- */
-
-#ifndef HEADER_OS_PORT_H
-#define HEADER_OS_PORT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "os_int.h"
-#include "config.h"
-#include <stdio.h>
-
-#ifdef WIN32
-#define STDCALL                 __stdcall
-#define EXP_FUNC                __declspec(dllexport)
-#else
-#define STDCALL
-#define EXP_FUNC
-#endif
-
-#if defined(_WIN32_WCE)
-#undef WIN32
-#define WIN32
-#endif
-
-#if defined(ESP8266)
-
-#include "util/time.h"
-#include <errno.h>
-#define alloca(size) __builtin_alloca(size)
-#define TTY_FLUSH()
-#ifdef putc
-#undef putc
-#endif
-#define putc(x, f)   ets_putc(x)
-
-#define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
-#define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
-#define SOCKET_CLOSE(A)         ax_port_close(A)
-#define get_file                ax_get_file
-#define EWOULDBLOCK EAGAIN
-
-#define hmac_sha1 ax_hmac_sha1
-#define hmac_sha256 ax_hmac_sha256
-#define hmac_md5 ax_hmac_md5
-
-#ifndef be64toh
-# define __bswap_constant_64(x) \
-     ((((x) & 0xff00000000000000ull) >> 56)                                   \
-      | (((x) & 0x00ff000000000000ull) >> 40)                                 \
-      | (((x) & 0x0000ff0000000000ull) >> 24)                                 \
-      | (((x) & 0x000000ff00000000ull) >> 8)                                  \
-      | (((x) & 0x00000000ff000000ull) << 8)                                  \
-      | (((x) & 0x0000000000ff0000ull) << 24)                                 \
-      | (((x) & 0x000000000000ff00ull) << 40)                                 \
-      | (((x) & 0x00000000000000ffull) << 56))
-#define be64toh(x) __bswap_constant_64(x)
-#endif
-
-void ax_wdt_feed();
-
-#ifndef PROGMEM
-#define PROGMEM __attribute__((aligned(4))) __attribute__((section(".irom.text")))
-#endif
-
-#ifndef WITH_PGM_READ_HELPER
-#define ax_array_read_u8(x, y) x[y]
-#else
-
-static inline uint8_t pgm_read_byte(const void* addr) {
-  register uint32_t res;
-  __asm__("extui    %0, %1, 0, 2\n"     /* Extract offset within word (in bytes) */
-      "sub      %1, %1, %0\n"       /* Subtract offset from addr, yielding an aligned address */
-      "l32i.n   %1, %1, 0x0\n"      /* Load word from aligned address */
-      "slli     %0, %0, 3\n"        /* Multiply offset by 8, yielding an offset in bits */
-      "ssr      %0\n"               /* Prepare to shift by offset (in bits) */
-      "srl      %0, %1\n"           /* Shift right; now the requested byte is the first one */
-      :"=r"(res), "=r"(addr)
-      :"1"(addr)
-      :);
-  return (uint8_t) res;     /* This masks the lower byte from the returned word */
-}
-
-#define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
-#endif //WITH_PGM_READ_HELPER
-
-#ifdef printf
-#undef printf
-#endif
-//#define printf(...)  ets_printf(__VA_ARGS__)
-#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];}))
-#define PGM_VOID_P const void *
-static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
-    const uint8_t* read = (const uint8_t*)(src);
-    uint8_t* write = (uint8_t*)(dest);
-
-    while (count)
-    {
-        *write++ = pgm_read_byte(read++);
-        count--;
-    }
-
-    return dest;
-}
-#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0)
-#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
-
-#elif defined(WIN32)
-
-/* Windows CE stuff */
-#if defined(_WIN32_WCE)
-#include <basetsd.h>
-#define abort()                 exit(1)
-#else
-#include <io.h>
-#include <process.h>
-#include <sys/timeb.h>
-#include <fcntl.h>
-#endif      /* _WIN32_WCE */
-
-#include <winsock.h>
-#include <direct.h>
-#undef getpid
-#undef open
-#undef close
-#undef sleep
-#undef gettimeofday
-#undef dup2
-#undef unlink
-
-#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
-#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
-#define SOCKET_CLOSE(A)         closesocket(A)
-#define srandom(A)              srand(A)
-#define random()                rand()
-#define getpid()                _getpid()
-#define snprintf                _snprintf
-#define open(A,B)               _open(A,B)
-#define dup2(A,B)               _dup2(A,B)
-#define unlink(A)               _unlink(A)
-#define close(A)                _close(A)
-#define read(A,B,C)             _read(A,B,C)
-#define write(A,B,C)            _write(A,B,C)
-#define sleep(A)                Sleep(A*1000)
-#define usleep(A)               Sleep(A/1000)
-#define strdup(A)               _strdup(A)
-#define chroot(A)               _chdir(A)
-#define chdir(A)                _chdir(A)
-#define alloca(A)               _alloca(A)
-#ifndef lseek
-#define lseek(A,B,C)            _lseek(A,B,C)
-#endif
-
-/* This fix gets around a problem where a win32 application on a cygwin xterm
-   doesn't display regular output (until a certain buffer limit) - but it works
-   fine under a normal DOS window. This is a hack to get around the issue -
-   see http://www.khngai.com/emacs/tty.php  */
-#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
-
-/*
- * automatically build some library dependencies.
- */
-#pragma comment(lib, "WS2_32.lib")
-#pragma comment(lib, "AdvAPI32.lib")
-
-typedef int socklen_t;
-
-EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
-EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
-EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
-
-#else   /* Not Win32 */
-
-#include <unistd.h>
-#include <pwd.h>
-#include <netdb.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <asm/byteorder.h>
-
-#define SOCKET_READ(A,B,C)      read(A,B,C)
-#define SOCKET_WRITE(A,B,C)     write(A,B,C)
-#define SOCKET_CLOSE(A)         if (A >= 0) close(A)
-#define TTY_FLUSH()
-
-#ifndef be64toh
-#define be64toh(x) __be64_to_cpu(x)
-#endif
-
-#endif  /* Not Win32 */
-
-/* some functions to mutate the way these work */
-inline uint32_t htonl(uint32_t n){
-  return ((n & 0xff) << 24) |
-    ((n & 0xff00) << 8) |
-    ((n & 0xff0000UL) >> 8) |
-    ((n & 0xff000000UL) >> 24);
-}
-
-#define ntohl htonl
-
-EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
-
-#ifdef CONFIG_PLATFORM_LINUX
-void exit_now(const char *format, ...) __attribute((noreturn));
-#else
-void exit_now(const char *format, ...);
-#endif
-
-/* Mutexing definitions */
-#if defined(CONFIG_SSL_CTX_MUTEXING)
-#if defined(WIN32)
-#define SSL_CTX_MUTEX_TYPE          HANDLE
-#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
-#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
-#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
-#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
-#else
-#include <pthread.h>
-#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
-#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
-#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
-#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
-#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
-#endif
-#else   /* no mutexing */
-#define SSL_CTX_MUTEX_INIT(A)
-#define SSL_CTX_MUTEX_DESTROY(A)
-#define SSL_CTX_LOCK(A)
-#define SSL_CTX_UNLOCK(A)
-#endif
-
-#ifndef PROGMEM
-#define PROGMEM
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/tools/sdk/axtls/ssl/p12.c b/tools/sdk/axtls/ssl/p12.c
deleted file mode 100644
index 5bd2394626..0000000000
--- a/tools/sdk/axtls/ssl/p12.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- * Copyright (c) 2007, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Process PKCS#8/PKCS#12 keys.
- *
- * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
- * key generated with:
- *
- * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
- * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
- * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
- *
- * or with a certificate chain:
- *
- * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
- * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
- * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
- *
- * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
- * private/public keys/certs have to use RSA encryption. Both the integrity
- * and privacy passwords are the same.
- *
- * The PKCS#8 files were generated with something like:
- *
- * PEM format:
- * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
- * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
- *
- * DER format:
- * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
- * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "ssl.h"
-
-/* all commented out if not used */
-#ifdef CONFIG_SSL_USE_PKCS12
-
-#define BLOCK_SIZE          64
-#define PKCS12_KEY_ID       1
-#define PKCS12_IV_ID        2
-#define PKCS12_MAC_ID       3
-
-static char *make_uni_pass(const char *password, int *uni_pass_len);
-static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
-                        const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len, int id);
-static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
-static int get_pbe_params(uint8_t *buf, int *offset, 
-        const uint8_t **salt, int *iterations);
-
-/*
- * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
- */
-int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
-{
-    uint8_t *buf = ssl_obj->buf;
-    int len, offset = 0;
-    int iterations;
-    int ret = SSL_NOT_OK;
-    uint8_t *version = NULL;
-    const uint8_t *salt;
-    uint8_t *priv_key;
-    int uni_pass_len;
-    char *uni_pass = make_uni_pass(password, &uni_pass_len);
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Invalid p8 ASN.1 file\n");
-#endif
-        goto error;
-    }
-
-    /* unencrypted key? */
-    if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0)
-    {
-        ret = p8_add_key(ssl_ctx, buf);
-        goto error;
-    }
-
-    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
-        goto error;
-
-    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    priv_key = &buf[offset];
-
-    p8_decrypt(uni_pass, uni_pass_len, salt, 
-                        iterations, priv_key, len, PKCS12_KEY_ID);
-    ret = p8_add_key(ssl_ctx, priv_key);
-
-error:
-    free(version);
-    free(uni_pass);
-    return ret;
-}
-
-/*
- * Take the unencrypted pkcs8 and turn it into a private key 
- */
-static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
-{
-    uint8_t *buf = priv_key;
-    int len, offset = 0;
-    int ret = SSL_NOT_OK;
-
-    /* Skip the preamble and go straight to the private key.
-       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
-
-error:
-    return ret;
-}
-
-/*
- * Create the unicode password 
- */
-static char *make_uni_pass(const char *password, int *uni_pass_len)
-{
-    int pass_len = 0, i;
-    char *uni_pass;
-
-    if (password == NULL)
-    {
-        password = "";
-    }
-
-    uni_pass = (char *)malloc((strlen(password)+1)*2);
-
-    /* modify the password into a unicode version */
-    for (i = 0; i < (int)strlen(password); i++)
-    {
-        uni_pass[pass_len++] = 0;
-        uni_pass[pass_len++] = password[i];
-    }
-
-    uni_pass[pass_len++] = 0;       /* null terminate */
-    uni_pass[pass_len++] = 0;
-    *uni_pass_len = pass_len;
-    return uni_pass;
-}
-
-/*
- * Decrypt a pkcs8 block.
- */
-static int p8_decrypt(const char *uni_pass, int uni_pass_len,
-                        const uint8_t *salt, int iter, 
-                        uint8_t *priv_key, int priv_key_len, int id)
-{
-    uint8_t p[BLOCK_SIZE*2];
-    uint8_t d[BLOCK_SIZE];
-    uint8_t Ai[SHA1_SIZE];
-    SHA1_CTX sha_ctx;
-    RC4_CTX rc4_ctx;
-    int i;
-
-    for (i = 0; i < BLOCK_SIZE; i++)
-    {
-        p[i] = salt[i % SALT_SIZE];
-        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
-        d[i] = id;
-    }
-
-    /* get the key - no IV since we are using RC4 */
-    SHA1_Init(&sha_ctx);
-    SHA1_Update(&sha_ctx, d, sizeof(d));
-    SHA1_Update(&sha_ctx, p, sizeof(p));
-    SHA1_Final(Ai, &sha_ctx);
-
-    for (i = 1; i < iter; i++)
-    {
-        SHA1_Init(&sha_ctx);
-        SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
-        SHA1_Final(Ai, &sha_ctx);
-    }
-
-    /* do the decryption */
-    if (id == PKCS12_KEY_ID)
-    {
-        RC4_setup(&rc4_ctx, Ai, 16);
-        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
-    }
-    else  /* MAC */
-        memcpy(priv_key, Ai, SHA1_SIZE);
-
-    return 0;
-}
-
-/*
- * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
- * and keys.
- */
-int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
-{
-    uint8_t *buf = ssl_obj->buf;
-    int len, iterations, auth_safes_start, 
-              auth_safes_end, auth_safes_len, key_offset, offset = 0;
-    int all_certs = 0;
-    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
-    uint8_t key[SHA1_SIZE];
-    uint8_t mac[SHA1_SIZE];
-    const uint8_t *salt;
-    int uni_pass_len, ret = SSL_OK;
-    char *uni_pass = make_uni_pass(password, &uni_pass_len);
-    static const uint8_t pkcs_data[] = /* pkc7 data */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
-    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
-    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
-        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: Invalid p12 ASN.1 file\n");
-#endif
-        goto error;
-    }
-
-    if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3)
-    {
-        ret = SSL_ERROR_INVALID_VERSION;
-        goto error;
-    }
-
-    /* remove all the boring pcks7 bits */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
-                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-                len != sizeof(pkcs_data) || 
-                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
-        goto error;
-
-    /* work out the MAC start/end points (done on AuthSafes) */
-    auth_safes_start = offset;
-    auth_safes_end = offset;
-    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
-        goto error;
-
-    auth_safes_len = auth_safes_end - auth_safes_start;
-    auth_safes = malloc(auth_safes_len);
-
-    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            (len != sizeof(pkcs_encrypted) || 
-            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            len != sizeof(pkcs_data) || 
-            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    /* work out the salt for the certificate */
-    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
-        goto error;
-
-    /* decrypt the certificate */
-    cert = &buf[offset];
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
-                            len, PKCS12_KEY_ID)) < 0)
-        goto error;
-
-    offset += len;
-
-    /* load the certificate */
-    key_offset = 0;
-    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
-
-    /* keep going until all certs are loaded */
-    while (key_offset < all_certs)
-    {
-        int cert_offset = key_offset;
-
-        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
-                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
-                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
-                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
-            goto error;
-
-        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
-            goto error;
-
-        key_offset = cert_offset;
-    }
-
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            len != sizeof(pkcs_data) || 
-            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
-        goto error;
-
-    offset += len;
-
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
-            (len != sizeof(pkcs8_key_bag)) || 
-            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
-        goto error;
-
-    offset += len;
-
-    /* work out the salt for the private key */
-    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
-        goto error;
-
-    /* decrypt the private key */
-    cert = &buf[offset];
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
-                            len, PKCS12_KEY_ID)) < 0)
-        goto error;
-
-    offset += len;
-
-    /* load the private key */
-    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
-        goto error;
-
-    /* miss out on friendly name, local key id etc */
-    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
-        goto error;
-
-    /* work out the MAC */
-    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
-            len != SHA1_SIZE)
-        goto error;
-
-    orig_mac = &buf[offset];
-    offset += len;
-
-    /* get the salt */
-    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
-        goto error;
-
-    salt = &buf[offset];
-
-    /* work out what the mac should be */
-    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
-                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
-        goto error;
-
-    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
-
-    if (memcmp(mac, orig_mac, SHA1_SIZE))
-    {
-        ret = SSL_ERROR_INVALID_HMAC;                  
-        goto error;
-    }
-
-error:
-    free(version);
-    free(uni_pass);
-    free(auth_safes);
-    return ret;
-}
-
-/*
- * Retrieve the salt/iteration details from a PBE block.
- */
-static int get_pbe_params(uint8_t *buf, int *offset, 
-        const uint8_t **salt, int *iterations)
-{
-    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
-            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
-
-    int i, len;
-    uint8_t *iter = NULL;
-    int error_code = SSL_ERROR_NOT_SUPPORTED;
-
-    /* Get the PBE type */
-    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
-        goto error;
-
-    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
-       which is the only algorithm we support */
-    if (len != sizeof(pbeSH1RC4) || 
-                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
-#endif
-        goto error;
-    }
-
-    *offset += len;
-
-    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
-            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
-            len != 8)
-        goto error;
-
-    *salt = &buf[*offset];
-    *offset += len;
-
-    if ((len = asn1_get_big_int(buf, offset, &iter)) < 0)
-        goto error;
-
-    *iterations = 0;
-    for (i = 0; i < len; i++)
-    {
-        (*iterations) <<= 8;
-        (*iterations) += iter[i];
-    }
-
-    free(iter);
-    error_code = SSL_OK;       /* got here - we are ok */
-
-error:
-    return error_code;
-}
-
-#endif
diff --git a/tools/sdk/axtls/ssl/private_key.h b/tools/sdk/axtls/ssl/private_key.h
deleted file mode 100644
index f72bee23ae..0000000000
--- a/tools/sdk/axtls/ssl/private_key.h
+++ /dev/null
@@ -1,54 +0,0 @@
-unsigned char default_private_key[] = {
-  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd,
-  0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b,
-  0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc,
-  0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1,
-  0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a,
-  0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53,
-  0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec,
-  0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45,
-  0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73,
-  0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8,
-  0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f,
-  0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01,
-  0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e,
-  0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69,
-  0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe,
-  0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf,
-  0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b,
-  0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33,
-  0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1,
-  0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6,
-  0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a,
-  0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22,
-  0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02,
-  0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74,
-  0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c,
-  0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84,
-  0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb,
-  0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8,
-  0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23,
-  0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb,
-  0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24,
-  0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca,
-  0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08,
-  0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99,
-  0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4,
-  0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a,
-  0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6,
-  0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7,
-  0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f,
-  0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b,
-  0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78,
-  0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2,
-  0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88,
-  0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57,
-  0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b,
-  0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26,
-  0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95,
-  0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad,
-  0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11,
-  0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1,
-  0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d
-};
-unsigned int default_private_key_len = 609;
diff --git a/tools/sdk/axtls/ssl/ssl.h b/tools/sdk/axtls/ssl/ssl.h
deleted file mode 100644
index df4fed9bc4..0000000000
--- a/tools/sdk/axtls/ssl/ssl.h
+++ /dev/null
@@ -1,580 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @mainpage axTLS API
- *
- * @image html axolotl.jpg
- *
- * The axTLS library has features such as:
- * - The TLSv1 SSL client/server protocol
- * - No requirement to use any openssl libraries.
- * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
- * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
- * - Certificate chaining and peer authentication.
- * - Session resumption, session renegotiation.
- * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
- * - Highly configurable compile time options.
- * - Portable across many platforms (written in ANSI C), and has language
- * bindings in C, C#, VB.NET, Java, Perl and Lua.
- * - Partial openssl API compatibility (via a wrapper).
- * - A very small footprint (around 50-60kB for the library in 'server-only' 
- *   mode).
- * - No dependencies on sockets - can use serial connections for example.
- * - A very simple API - ~ 20 functions/methods.
- *
- * A list of these functions/methods are described below.
- *
- *  @ref c_api 
- *
- *  @ref bigint_api 
- *
- *  @ref csharp_api 
- *
- *  @ref java_api 
- */
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <time.h>
-
-/* need to predefine before ssl_lib.h gets to it */
-#define SSL_SESSION_ID_SIZE                     32
-
-#include "tls1.h"
-
-/* The optional parameters that can be given to the client/server SSL engine */
-#define SSL_CLIENT_AUTHENTICATION               0x00010000
-#define SSL_SERVER_VERIFY_LATER                 0x00020000
-#define SSL_NO_DEFAULT_KEY                      0x00040000
-#define SSL_DISPLAY_STATES                      0x00080000
-#define SSL_DISPLAY_BYTES                       0x00100000
-#define SSL_DISPLAY_CERTS                       0x00200000
-#define SSL_DISPLAY_RSA                         0x00400000
-#define SSL_CONNECT_IN_PARTS                    0x00800000
-#define SSL_READ_BLOCKING                       0x01000000
-
-/* errors that can be generated */
-#define SSL_OK                                  0
-#define SSL_NOT_OK                              -1
-#define SSL_ERROR_DEAD                          -2
-#define SSL_CLOSE_NOTIFY                        -3
-#define SSL_ERROR_CONN_LOST                     -256
-#define SSL_ERROR_RECORD_OVERFLOW               -257
-#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
-#define SSL_ERROR_INVALID_HANDSHAKE             -260
-#define SSL_ERROR_INVALID_PROT_MSG              -261
-#define SSL_ERROR_INVALID_HMAC                  -262
-#define SSL_ERROR_INVALID_VERSION               -263
-#define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
-#define SSL_ERROR_INVALID_SESSION               -265
-#define SSL_ERROR_NO_CIPHER                     -266
-#define SSL_ERROR_INVALID_CERT_HASH_ALG         -267
-#define SSL_ERROR_BAD_CERTIFICATE               -268
-#define SSL_ERROR_INVALID_KEY                   -269
-#define SSL_ERROR_FINISHED_INVALID              -271
-#define SSL_ERROR_NO_CERT_DEFINED               -272
-#define SSL_ERROR_NO_CLIENT_RENOG               -273
-#define SSL_ERROR_NOT_SUPPORTED                 -274
-#define SSL_X509_OFFSET                         -512
-#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
-
-/* alert types that are recognized */
-#define SSL_ALERT_TYPE_WARNING                  1
-#define SLL_ALERT_TYPE_FATAL                    2
-
-/* these are all the alerts that are recognized */
-#define SSL_ALERT_CLOSE_NOTIFY                  0
-#define SSL_ALERT_UNEXPECTED_MESSAGE            10
-#define SSL_ALERT_BAD_RECORD_MAC                20
-#define SSL_ALERT_RECORD_OVERFLOW               22
-#define SSL_ALERT_HANDSHAKE_FAILURE             40
-#define SSL_ALERT_BAD_CERTIFICATE               42
-#define SSL_ALERT_UNSUPPORTED_CERTIFICATE       43
-#define SSL_ALERT_CERTIFICATE_EXPIRED           45
-#define SSL_ALERT_CERTIFICATE_UNKNOWN           46
-#define SSL_ALERT_ILLEGAL_PARAMETER             47
-#define SSL_ALERT_UNKNOWN_CA                    48
-#define SSL_ALERT_DECODE_ERROR                  50
-#define SSL_ALERT_DECRYPT_ERROR                 51
-#define SSL_ALERT_INVALID_VERSION               70
-#define SSL_ALERT_NO_RENEGOTIATION              100
-#define SSL_ALERT_UNSUPPORTED_EXTENSION         110
-
-/* The ciphers that are supported */
-#define SSL_AES128_SHA                          0x2f
-#define SSL_AES256_SHA                          0x35
-#define SSL_AES128_SHA256                       0x3c
-#define SSL_AES256_SHA256                       0x3d
-
-/* build mode ids' */
-#define SSL_BUILD_SKELETON_MODE                 0x01
-#define SSL_BUILD_SERVER_ONLY                   0x02
-#define SSL_BUILD_ENABLE_VERIFICATION           0x03
-#define SSL_BUILD_ENABLE_CLIENT                 0x04
-#define SSL_BUILD_FULL_MODE                     0x05
-
-/* offsets to retrieve configuration information */
-#define SSL_BUILD_MODE                          0
-#define SSL_MAX_CERT_CFG_OFFSET                 1
-#define SSL_MAX_CA_CERT_CFG_OFFSET              2
-#define SSL_HAS_PEM                             3
-
-/* default session sizes */
-#define SSL_DEFAULT_SVR_SESS                    5
-#define SSL_DEFAULT_CLNT_SESS                   1
-
-/* X.509/X.520 distinguished name types */
-#define SSL_X509_CERT_COMMON_NAME               0
-#define SSL_X509_CERT_ORGANIZATION              1
-#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
-#define SSL_X509_CERT_LOCATION                  3
-#define SSL_X509_CERT_COUNTRY                   4
-#define SSL_X509_CERT_STATE                     5
-#define SSL_X509_CA_CERT_COMMON_NAME            6
-#define SSL_X509_CA_CERT_ORGANIZATION           7
-#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    8
-#define SSL_X509_CA_CERT_LOCATION               9
-#define SSL_X509_CA_CERT_COUNTRY                10
-#define SSL_X509_CA_CERT_STATE                  11
-
-/* SSL object loader types */
-#define SSL_OBJ_X509_CERT                       1
-#define SSL_OBJ_X509_CACERT                     2
-#define SSL_OBJ_RSA_KEY                         3
-#define SSL_OBJ_PKCS8                           4
-#define SSL_OBJ_PKCS12                          5
-
-/**
- * @defgroup c_api Standard C API
- * @brief The standard interface in C.
- * @{
- */
-
-/**
- * @brief Establish a new client/server context.
- *
- * This function is called before any client/server SSL connections are made. 
- *
- * Each new connection will use the this context's private key and 
- * certificate chain. If a different certificate chain is required, then a 
- * different context needs to be be used.
- *
- * There are two threading models supported - a single thread with one
- * SSL_CTX can support any number of SSL connections - and multiple threads can 
- * support one SSL_CTX object each (the default). But if a single SSL_CTX 
- * object uses many SSL objects in individual threads, then the 
- * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
- *
- * @param options [in]  Any particular options. At present the options
- * supported are:
- * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
- * authentication fails. The certificate can be authenticated later with a
- * call to ssl_verify_cert().
- * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
- * i.e. each handshake will include a "certificate request" message from the
- * server. Only available if verification has been enabled.
- * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
- * during the handshake.
- * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
- * during the handshake.
- * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
- * are passed during a handshake.
- * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
- * are passed during a handshake.
- * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 
- * ssl_client_new().
- * @param num_sessions [in] The number of sessions to be used for session
- * caching. If this value is 0, then there is no session caching. This option
- * is not used in skeleton mode.
- * @return A client/server context.
- */
-EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
-
-/**
- * @brief Remove a client/server context.
- *
- * Frees any used resources used by this context. Each connection will be 
- * sent a "Close Notify" alert (if possible).
- * @param ssl_ctx [in] The client/server context.
- */
-EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
-
-/**
- * @brief Allocates new SSL extensions structure and returns pointer to it
- *
- * @return ssl_ext Pointer to SSL_EXTENSIONS structure
- *
- */
-EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
-
-/**
- * @brief Set the host name for SNI extension
- * @param ssl_ext pointer returned by ssl_ext_new
- * @param host_name pointer to a zero-terminated string containing host name
- */
-EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name);
-
-/**
- * @brief Set the maximum fragment size for the fragment size negotiation extension
- * @param ssl_ext pointer returned by ssl_ext_new
- * @param fragment_size fragment size, allowed values: 2^9, 2^10 ... 2^14
- */
-EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size);
-
-/**
- * @brief Frees SSL extensions structure
- *
- * @param ssl_ext [in] Pointer to SSL_EXTENSION structure
- *
- */
-EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
-
-/**
- * @brief (server only) Establish a new SSL connection to an SSL client.
- *
- * It is up to the application to establish the logical connection (whether it
- * is  a socket, serial connection etc).
- * @param ssl_ctx [in] The server context.
- * @param client_fd [in] The client's file descriptor. 
- * @return An SSL object reference.
- */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief (client only) Establish a new SSL connection to an SSL server.
- *
- * It is up to the application to establish the initial logical connection 
- * (whether it is  a socket, serial connection etc).
- *
- * This is a normally a blocking call - it will finish when the handshake is 
- * complete (or has failed). To use in non-blocking mode, set 
- * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
- * @param ssl_ctx [in] The client context.
- * @param client_fd [in] The client's file descriptor.
- * @param session_id [in] A 32 byte session id for session resumption. This 
- * can be null if no session resumption is being used or required. This option
- * is not used in skeleton mode.
- * @param sess_id_size The size of the session id (max 32)
- * @param ssl_ext pointer to a structure with the activated SSL extensions 
- * and their values
- * @return An SSL object reference. Use ssl_handshake_status() to check 
- * if a handshake succeeded.
- */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext);
-
-/**
- * @brief Free any used resources on this connection. 
- 
- * A "Close Notify" message is sent on this connection (if possible). It is up 
- * to the application to close the socket or file descriptor.
- * @param ssl [in] The ssl object reference.
- */
-EXP_FUNC void STDCALL ssl_free(SSL *ssl);
-
-/**
- * @brief Read the SSL data stream.
- * If the socket is non-blocking and data is blocked then SSO_OK will be
- * returned.
- * @param ssl [in] An SSL object reference.
- * @param in_data [out] If the read was successful, a pointer to the read
- * buffer will be here. Do NOT ever free this memory as this buffer is used in
- * sucessive calls. If the call was unsuccessful, this value will be null.
- * @return The number of decrypted bytes:
- * - if > 0, then the handshaking is complete and we are returning the number 
- *   of decrypted bytes. 
- * - SSL_OK if the handshaking stage is successful (but not yet complete).  
- * - < 0 if an error.
- * @see ssl.h for the error code list.
- * @note Use in_data before doing any successive ssl calls.
- */
-EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
-
-/**
- * @brief Write to the SSL data stream. 
- * if the socket is non-blocking and data is blocked then a check is made
- * to ensure that all data is sent (i.e. blocked mode is forced).
- * @param ssl [in] An SSL obect reference.
- * @param out_data [in] The data to be written
- * @param out_len [in] The number of bytes to be written.
- * @return The number of bytes sent, or if < 0 if an error.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
-
-/**
- * @brief Calculate the size of the encrypted data from what you are about to send 
- * @param ssl [in] An SSL obect reference.
- * @param out_len [in] The number of bytes to be written.
- * @return The number of bytes that will be sent, or if < 0 if an error.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int out_len);
-
-/**
- * @brief Find an ssl object based on a file descriptor.
- *
- * Goes through the list of SSL objects maintained in a client/server context
- * to look for a file descriptor match.
- * @param ssl_ctx [in] The client/server context.
- * @param client_fd [in]  The file descriptor.
- * @return A reference to the SSL object. Returns null if the object could not 
- * be found.
- */
-EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
-
-/**
- * @brief Get the session id for a handshake. 
- * 
- * This will be a 32 byte sequence and is available after the first
- * handshaking messages are sent.
- * @param ssl [in] An SSL object reference.
- * @return The session id as a 32 byte sequence.
- * @note A SSLv23 handshake may have only 16 valid bytes.
- */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
-
-/**
- * @brief Get the session id size for a handshake. 
- * 
- * This will normally be 32 but could be 0 (no session id) or something else.
- * @param ssl [in] An SSL object reference.
- * @return The size of the session id.
- */
-EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
-
-/**
- * @brief Return the cipher id (in the SSL form).
- * @param ssl [in] An SSL object reference.
- * @return The cipher id. This will be one of the following:
- * - SSL_AES128_SHA (0x2f)
- * - SSL_AES256_SHA (0x35)
- * - SSL_AES128_SHA256 (0x3c)
- * - SSL_AES256_SHA256 (0x3d)
- */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
-
-/**
- * @brief Return the status of the handshake.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the handshake is complete and ok. 
- * @see ssl.h for the error code list.
- */
-EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
-
-/**
- * @brief Retrieve various parameters about the axTLS engine.
- * @param offset [in] The configuration offset. It will be one of the following:
- * - SSL_BUILD_MODE The build mode. This will be one of the following:
- *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
- *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
- *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
- *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
- *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
- * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
- * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
- * - SSL_HAS_PEM                        1 if supported
- * @return The value of the requested parameter.
- */
-EXP_FUNC int STDCALL ssl_get_config(int offset);
-
-/**
- * @brief Display why the handshake failed.
- *
- * This call is only useful in a 'full mode' build. The output is to stdout.
- * @param error_code [in] An error code.
- * @see ssl.h for the error code list.
- */
-EXP_FUNC void STDCALL ssl_display_error(int error_code);
-
-/**
- * @brief Authenticate a received certificate.
- * 
- * This call is usually made by a client after a handshake is complete and the
- * context is in SSL_SERVER_VERIFY_LATER mode.
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if the certificate is verified.
- */
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
-
-/**
- * @brief Check if certificate fingerprint (SHA1) matches the one given.
- *
- * @param ssl [in] An SSL object reference.
- * @param fp [in] SHA1 fingerprint to match against
- * @return SSL_OK if the certificate is verified.
- */
-EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
-
-/**
- * @brief Check if SHA256 hash of Subject Public Key Info matches the one given.
- *
- * @param ssl [in] An SSL object reference.
- * @param fp [in] SHA256 hash to match against
- * @return SSL_OK if the certificate is verified.
- */
-EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
-
-/**
- * @brief Retrieve an X.509 distinguished name component.
- * 
- * When a handshake is complete and a certificate has been exchanged, then the
- * details of the remote certificate can be retrieved.
- *
- * This will usually be used by a client to check that the server's common 
- * name matches the URL.
- *
- * @param ssl [in] An SSL object reference.
- * @param component [in] one of:
- * - SSL_X509_CERT_COMMON_NAME
- * - SSL_X509_CERT_ORGANIZATION
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME
- * - SSL_X509_CERT_LOCATION
- * - SSL_X509_CERT_COUNTRY
- * - SSL_X509_CERT_STATE
- * - SSL_X509_CA_CERT_COMMON_NAME
- * - SSL_X509_CA_CERT_ORGANIZATION
- * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
- * - SSL_X509_CA_CERT_LOCATION
- * - SSL_X509_CA_CERT_COUNTRY
- * - SSL_X509_CA_CERT_STATE
- * @return The appropriate string (or null if not defined)
- * @note Verification build mode must be enabled.
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
-
-/**
- * @brief Retrieve a Subject Alternative DNSName
- *
- * When a handshake is complete and a certificate has been exchanged, then the
- * details of the remote certificate can be retrieved.
- *
- * This will usually be used by a client to check that the server's DNS  
- * name matches the URL.
- *
- * @param ssl [in] An SSL object reference.
- * @param dnsindex [in] The index of the DNS name to retrieve.
- * @return The appropriate string (or null if not defined)
- * @note Verification build mode must be enabled.
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
-
-/**
- * @brief Force the client to perform its handshake again.
- *
- * For a client this involves sending another "client hello" message.
- * For the server is means sending a "hello request" message.
- *
- * This is a blocking call on the client (until the handshake completes).
- *
- * @param ssl [in] An SSL object reference.
- * @return SSL_OK if renegotiation instantiation was ok
- */
-EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
-
-/**
- * @brief Process a file that is in binary DER or ASCII PEM format.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the file. Can be one of:
- * - SSL_OBJ_X509_CERT (no password required)
- * - SSL_OBJ_X509_CACERT (no password required)
- * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
- * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
- * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
- *
- * PEM files are automatically detected (if supported). The object type is
- * also detected, and so is not relevant for these types of files.
- * @param filename [in] The location of a file in DER/PEM format.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @note Not available in skeleton build mode.
- */
-EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
-
-/**
- * @brief Process binary data.
- *
- * These are temporary objects that are used to load private keys,
- * certificates etc into memory.
- * @param ssl_ctx [in] The client/server context.
- * @param obj_type [in] The format of the memory data.
- * @param data [in] The binary data to be loaded.
- * @param len [in] The amount of data to be loaded.
- * @param password [in] The password used. Can be null if not required.
- * @return SSL_OK if all ok
- * @see ssl_obj_load for more details on obj_type.
- */
-EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
-
-#ifdef CONFIG_SSL_GENERATE_X509_CERT
-/**
- * @brief Create an X.509 certificate. 
- * 
- * This certificate is a self-signed v1 cert with a fixed start/stop validity 
- * times. It is signed with an internal private key in ssl_ctx.
- *
- * @param ssl_ctx [in] The client/server context.
- * @param options [in] Not used yet.
- * @param dn [in] An array of distinguished name strings. The array is defined
- * by:
- * - SSL_X509_CERT_COMMON_NAME (0)
- *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 
- *        hostname will be used.
- * - SSL_X509_CERT_ORGANIZATION (1)
- *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 
- *        will be used.
- * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
- *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
- * @param cert_data [out] The certificate as a sequence of bytes.
- * @return < 0 if an error, or the size of the certificate in bytes.
- * @note cert_data must be freed when there is no more need for it.
- */
-EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
-#endif
-
-/**
- * @brief Return the axTLS library version as a string.
- */
-EXP_FUNC const char * STDCALL ssl_version(void);
-
-/** @} */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/tools/sdk/axtls/ssl/test/axTLS.ca_key.pem b/tools/sdk/axtls/ssl/test/axTLS.ca_key.pem
deleted file mode 100644
index 0c8c19b3fb..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.ca_key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r
-QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI
-1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6
-x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO
-XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf
-2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ
-b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O
-TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E
-YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi
-7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd
-mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I
-ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+
-Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov
-M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
-O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
-Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
-i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
-E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
-neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
-Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
-qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
-GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
-0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
-ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
-89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.ca_x509.cer b/tools/sdk/axtls/ssl/test/axTLS.ca_x509.cer
deleted file mode 100644
index 7bde7b0a4231cedc65d7bbdcb877cfc56e79ade4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 786
zcmXqLV&*ewV*Iv%nTe5!iId?;!n6&HOIThQ@Un4gwRyCC=VfGMWo0lhF*GtTU}Fwt
z;S$zNtO)T5RtPA{&q_@$QE<smNv~9JPAw|QOv_A8EJ;;xEG@~%FUl;bG>{YLH8e9c
zGBz+WG%ztTj}qrKHZZU>uz+&OG_{FQ3E6p!tPIRejQk8hZ*Va+F)}i2R5qA2jeR<k
zPIr{yv>@*u=Ewc&hTrZ@xFftdMr1`wx#<D^)sE3!va4QJpN_Ct>1%)N_tzJ<x&D6*
zE=~<|=2W|MGvK%LK|_PU$u81ykB;h@e@g7Q!gf6FkD~1=;oGf7Go0t-%yCG2u$1@D
zsU`OgO<%m(eDlV~9qcm%8of#tT{urB3;a5MhEboNy`)y!@RrQ&hd;Dcw_khAws+m3
zubm+rUjrmQ<@o${)|FOSt-ski*u~Z5T)eh>Wz*C4um2Z6jtKiI|2Apes|DMY8&Cas
zR%w}g<cC|!`zi^yR8iigQG52?c3CKY<I3!FJt9A&S%qq*E5zNHE0}q~wrI_nTipH8
zyiClD42+AF4HOOdfiWg4%*gnkh1Gx=NEz^f1o%M$EWikFLk>n@ECYj)k)bI0{DSQw
zUDgwX5*BDDADR7FsNllkf=%5FZn@PP?f(RtulByMW}}Pv#60dy-^<>Hp+`lHzr5f5
zSbNXgyc)$dZf5IERy|Cy{1tTndehcj%{Sjk{F&W!-^1%q=0djB&5aS|=PR5)Ke!UN
z-rPTa?>UY`%O>4({MK4!c1u-9;Qgar4KshLPEN`wbu$m_dlmBQY3}EhuPV>_&3b4T
zQaNi$vi9a$gJ>lWmd3T5XTCL+-t)BD!|Gnj8x_Q4E%m$Y!U?ezlh^PH%BT6x+S$o_
z*mOzgQU~Ved#nU?A8XF~I+L$(b!5ZmQ+Ji0<Vq`i`h7c2CV!@()%Rml&au4uztm92
IUdHMK07gbX4gdfE

diff --git a/tools/sdk/axtls/ssl/test/axTLS.ca_x509.pem b/tools/sdk/axtls/ssl/test/axTLS.ca_x509.pem
deleted file mode 100644
index 0dfd1f4d59..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.ca_x509.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
-BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
-UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
-FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
-XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
-dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
-L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
-pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
-AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
-SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
-gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
-5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
-FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
-b5kxOvfGlM4E6v+lMSw/HDrI
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.ca_x509_sha256.pem b/tools/sdk/axtls/ssl/test/axTLS.ca_x509_sha256.pem
deleted file mode 100644
index 0771ca651c..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.ca_x509_sha256.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
-BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
-UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
-FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
-XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
-dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
-L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
-pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
-AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
-BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
-08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
-jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
-9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
-LfUXs2/UCNpEHS60Xl8UDJXA
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.encrypted.p8 b/tools/sdk/axtls/ssl/test/axTLS.encrypted.p8
deleted file mode 100644
index 07feaac9b509a32687f6bc823b426191f0a9e765..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 673
zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2*{m0{+oFxcLD+k00e>pdkmlHgD7Vz
zCm9>FJDCD@>~r}|@snQhXFpIWl5vk2sM{QxjI_9P)WipyQj*FPWsvp@aSaHp@pMDK
z$MZ1uGwhQEoVP#A-kSi+dF@r}0bd6_%=)sMicLuiwtg#<3Y7GXU1(kJiz<Q-P<M{w
zh<Zl%4ezO~WC1q+jC3=}+KCnrxf17Ms=%3VdN|B|v>JNz?rB8R{k=4>M8Z{jx$bSb
z<wWMo&!9FcoY8I$HN)~qeQmQAOUA9Q0_{xeFn}g;XxEeFcsUpD>;tb0$e|023ira)
zD>a(ty;nL}MC^RHtzL7Qc>{bsjm=OO9*Eb+*ftfQu80Z%gf49F03=jRv$9vannCiq
zf5{60qu}m6-rO}9Z!j6by%67<A-WSO6&dlrbR<4jQ5xTOl{Z>*uwJK$%i(EW%Y3`v
zEK6MzCSvG=;jW{#t^^ps&}d7nJ?CA*f8PEzY6f44WRx=aquSW0uMo|h^4N5oU#CUY
zzPn(1I=F_2Luh4{P}g>Lw+t71V^!Z#OO^Sep<NF%Pb0E!e5`LBo|UHIQ{WU32?2Cz
zSAi2$TCN*B_T!_6t;z0Y#esM~IX%TNEa=m6&*x>e==Jwey=>11<+a%YiDyyv0<IhH
zsf>>1%F)+lUE`S)`6xBS@V)O-(`jMu^s6c^<#;>i{2IW5?bTxuZ~w%dx787P?vjtU
zyeek_O^XX?nEBTi*5i#QQZL#ra;^+llVBeDl_hR{TBlMCL`Xov*IvWw@7Mab>K>qx
z91lbWCd`Ij^a&hPw#2c(_^5Pcxmu-5%&Fk~WTNIbGwDg(YP}?j6oq}T(+M_nCrTlQ
HUEnaSBD_pH

diff --git a/tools/sdk/axtls/ssl/test/axTLS.encrypted_pem.p8 b/tools/sdk/axtls/ssl/test/axTLS.encrypted_pem.p8
deleted file mode 100644
index bc28403bba..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.encrypted_pem.p8
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr
-j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd
-ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K
-bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8
-LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq
-3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K
-2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze
-Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC
-ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
-zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
-bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
-a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
-wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
-eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
-2A==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_1024 b/tools/sdk/axtls/ssl/test/axTLS.key_1024
deleted file mode 100644
index e39791ec8b54056d5bc75137a9e8ade3ae6c29c5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 609
zcmV-n0-pUaf&yIv0RRGlfdIV^)Iz9qhg7P$Iv<P9y|-oiKt0eAnw;E%eCntd;dJu_
z4q?H;c#5*R6(U;yo49%|4~VyP-UOMYqM1{Rt$127?Ysf!-|6fxpj}h;=8B-mZ9zq2
zBeTy=P#-AYHsW*N)}gaTPj0&noA0RkOr>$5h}{RNh7CW>nIocvcMk#s0RRC4fq*7I
z?3Sz4ABhf~IM^oz<+c<E*Z*mF7D~hh7FD-8RiD0w_*m%0MyT-Z+Sb2_RW0UnDJ*2k
zT^*YwI+#GA(yv^rBjhvC>R?jmdY*G%E`ZV8Z$}T8fHu-F2i?}!6^Sc!)qaY+V?qk@
zF)6?K`S6I3iozmp6(+Y{TUbOKJ9z>@0O9en<;Z}OKu~lP-Lmp0Tns(HU+$bmY!d+A
z(Ak6fkSv7qs>0p-&jUe-5XQS+x3(^(9jdzfN^;nmt%wb36#_v3);1&aU3bXSNx_r;
z$_?wA+Pz08bC;k{*Gween+rFt!!fl_VhGCR@0WW+pxP@Rzo-b4(iR+vnepEy(L$M%
z0zm+=LF9hlAot|)`A^YmEe-MM?3_C0z?8Zt;(WBFp(FO~=2KSUP%_v8j_b#Dk<-dP
z)HEP`EBh}x5OT2xR<_LoKps2t0}XUEvMs#U$fbBCgAekXGKg*@K!n1`iH`Q1TU<?z
z%dm)%Dz^}5V|g}_)1Oy%E_VKl^q2SDi8~AJWdcC}xv#$o$&e=Va*MySeCKa(Tcee@
vo&&khpi{as!PBjUyLm_n)<2xtH<1wy1l2prbX^>gjXm-B`Mx#RvQtnU*ex&x

diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_1024.pem b/tools/sdk/axtls/ssl/test/axTLS.key_1024.pem
deleted file mode 100644
index fd8226eba1..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_1024.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB
-wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF
-YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB
-AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/
-iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W
-1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0
-FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY
-mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK
-5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6
-5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47
-8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X
-di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt
-hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_2048 b/tools/sdk/axtls/ssl/test/axTLS.key_2048
deleted file mode 100644
index 00989873bb903c8c1537d4318e535fe068d6aa00..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaH{T6R3AC2^VxXLF))22BHn=^2*8_o14xzC`P*=rH@6
z?q9N&et`5QFL)W+(l6XVbV9<GF3&c{LIa}!3_GpM-iV5(@^VbX4*?X@2?%@il5pik
zJ;&S3XinWcXY&GlCNepC6|j?%=oF4g(N)VhUsI{TiSA;uMkko3oSGII7H@b<#g-()
zU=sW@KPX+8PAjIR0UZ>s-!tGHNzp`upSmteb&<0wmV){%MxUPyI4%}1$so8x0|-eF
z53KPPtq)(3fr9U|R-lCkCHu0BSqDwK7RiZF-j+6sH-#U^)dhS-)$f4D)6-0{m`T`G
z`Tb<R=UpgDBfSrcmNnG^0|5X50)hbn0MI}h>wxtpv2E)FiZC|-?&eX=i#pSP=0JEA
z`*pDo=d(>5BYeo-P6_TWG5D<hN5+)Wgv|v14pPtYRhr(Mp##}4)C;Bri_}_cp2oS3
znrEUuBV6{v3GwGsrZuADGrAY_Zb)VT_}>C>*nJWe!wIXSrR*ifFe{Iz);M+Zz{jwH
z7={XO-&;!7t}aIj4&HO+t{m{TDFKj~5b2S1EX8coAi^v#r?)d`*bnMt;~5F4-F`V=
zz&>OjFDoICVE7Q<>Kj*Lc*Hb&&PT@(v20NjJ2<J+>PKA0?ZuDilWu=VCv63J0Z@{)
zDxfm3MqM7$mYQie95%BL9ghXFsRDt40RMqc^_O{AEjs;TcPsrwZTOJlLJg!&wOKcV
zlMOBS{g{a*a{(PoDPg2sZ@#fm0b~daQ}Y%}q%zMMBH*+dZZpJxyhL6(mk3~Sc~?Kq
z$cT)V=o+qS31(OWJy3cj-}d$ZJydp@hI>ixT8%3rt2m|GMobPtNhKJ0rdNkCLjr+;
z0QuG#YJ+OL(ruGCO=l~|qrP%7=d#>GTjwB1A}gENm8)#5_<8v|P1-lqtdd-Y#ds*n
z2S&ZNC!G0rx&-y#(u9bIlt>^{*Oia_)?SX0=CwiHxI8suq@@I(Q~I7lNHIRzLTF~~
za~rj{cp7VF%&IkOaNIl`*x#O-v3@jP2LgeC0Nli^1x2f<pY%_PEA)$U{2qaMuAe~g
zZA-Xj?7_c|Tlm+{&h8MDs2$-ssi-(-E4+3i$jQp$^6sDdGFH3i_I|E&yoJhevTC1#
zjM(v>N3o3HyN-%ezUg{&+8)+iF^8WCm-LE4e4f0-pB70*JaNYbk69WV847=TWm`?k
zCjx<hP$^~>O8j7flrH>@xnRz@w@sxFy3hH%?>FdeE?D02hXZ4*hE{d7(IddsZcxeH
zYGjNKF`$KI$aFILIK?}Etd6n~-QuCvT4K!EYn6*K-%YmqdN&s}sLclAM>D8M$)rUa
zv8(jlPBY9Nc{`-cUVyD^l>MZ$;cQ-RJoHG}0)c>43rt-w_O7VyNPF?A=_BhSAAW2w
z<-kkl4oJV*6MN5+B$ye|7ZdX93W12hQN)$V;;qt2CgO3wyG;p7+x2Swvid>z<3P_D
z6FN_Nb}2vnGBE|+R~O;bVM9+hq5>7uyc-!-KN0JNO@!8spNZNsP`HMyT4!Q_(+cBF
G5|Pp%l0WbO

diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_2048.pem b/tools/sdk/axtls/ssl/test/axTLS.key_2048.pem
deleted file mode 100644
index 5ef719db71..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_2048.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y
-ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl
-RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94
-S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W
-L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8
-RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r
-BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP
-8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C
-cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ
-mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0
-e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz
-Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd
-SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu
-aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW
-GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo
-ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+
-2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL
-cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7
-5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ
-RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo
-bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM
-2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe
-bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy
-6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh
-1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g==
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_4096 b/tools/sdk/axtls/ssl/test/axTLS.key_4096
deleted file mode 100644
index df8a8fde95f87836187040e8746243bebd557e15..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2347
zcmV+`3Dov5f(a)A0RRGm0s#QP3QnWf^s^<%@HvE#|2%kbpk<#0x@QOp%A6JL4$B06
zQpMDD2u!G_%q}k$mC8P>+J$g8>^C4Klpx}(&t0eXjgNSz2~a3rc8R(sQ0dkEQqWOU
zMZI#r^XVAit&~0Z$s0Q#j9piF;Ey8_Wo}z)3f1H@Q{hx^U7e4PW=*2$FQ9Q<#l{P_
zwkao$@0gatD@@2~i9#yX@%wF1*1A>luI?)_5iI$Qr6##63}lIV9yz}&8JWgFZWjGn
zn_{FYqAgeTszHFOo(QGXj&mfq$5>Ni1FiT|t@2r#IW1%u@|t<WEiAMzJIIjx(z`6q
zIk(N|?OX+7rfs|UWuDcti0METe<8Qa=EMM_hI7{XQk4nrBu{sJgRPK>*BhHvZOg~#
z3gv<evHssc1Wy6CH7UD^*kX3S*r6cY<f|n5H=#+M&%tq-#{qdhDvHw6d_yt<KM2Bv
zj)ys7F<AC04pRH=rRX-1y%kccz#Qqgi{R9Mno#p=hu5n|R!x}6nvGc1Zt=$0u&@dh
zgYC-d{SfVwc&I`n>%fj)MK=x8KnU{G-Vg4HL!_8>R!n)TXWMBD$g5GzqV%R1qOUo%
z<BSR_mjzmgE2NUY-HlySdhJP1of<#8Y6#=21%O&ubG0Dgdc;$bevl-&m0#ithq7Ix
zP9oUrFyWD>$%26b0|5X50)henB`H~QXEoUT^w(Fa35@!jtKPl~dB#d@$;U-e5a5mU
zzH_JursW1el*jZR^pxY^ApYQ2h}zQ#3w@BMjBCP4;Bp{SPOpTmYbr4qu9bDljSSm&
z0fEI?Q9sw&l90q<0i~GvW$$^Im9dV&P<nb&f<U^5Ku>uIC(FyzozS{5PC|nptna#&
zMdhF^A%Vx+RFj}~AI1sc)F{ztqy7nO+*@&nHYJ9*d+K|I)rh`h#248>-wZ=9lmt1t
zsQzN6HUZEWcUO%0V?1A+2Y1n2N6mYX7gqf7Qt%Wvwwhh&Lermw^m*rQuDv+mrFw7j
z39c=jQ1`8v^)M5N4p&Ro<g@h+BU1XnL)7Z*L*^}__-*sA1}wxsccVV@Vgt`+t<q4?
z`=U!28ra&imtrlpexaaB4TP*Q4S|I<b^CQ;&nyEllb4l({1{*(7T-`PY+|JmzOLVC
zs+E1dbQQxGQON(S1=UEiu8SRqQUdHjDE2WsZ@C`+1xO*-p(cnXj3+LFLn0uw<l}~8
z>N37kd-7O|RFNA*v1XeXgk(>CFuaZpWc^u@pb3(u`k#iV6fhkx0ypxWj72$-jbw#u
zNguMfE%9jNL0gpoJZsq<EmzL$UCFrVK5qEX&~+q-H_A{JaFG^vndy_mvt%G4iTrdG
zs_Uzz+PY4^WV>DA0)hbn0O73zXm=?(p;NijJdiKV+fi;4)j2T|?I&T+<7kr*2h59B
z>1H#x<_M}{7x6ThvP}8b4Y?8>Tg|y5z#E@GUd;+l<-!sLt^lw_wg@-$8qZBXO2c5C
zs3-`h9zd)d1^anJd}0Tbhp0LfdpN1h@vVRAUdmMA@mGONU)GhHiM$k|s*RQ$Ikr6L
z$O}2MEw`O7(ZZM-16d0#M=piOL}Gs4oT+3*bgLH5w`j%!5h)G-%XNQ5&wvPEt$O{g
zK)p%LCR@#SZwo#I!o2dlG93S#?&h<?A7^OvgqSAUKVyi*%Fzq*g=)F&H|taH2UsGr
zu}8-<RAR#2GxG08r2>Kh0RY+9MDO3_$)TR!Txuq4@pQ4bDjIjd2{`>DItc$>l;26>
zNIOtbh!ap0v%SYZ30InfvJ+bVgQd0!qfB<rYN(QqAcVj3*{d0wI`SG*Ew@pvI?XlY
z%ar6C7yEHF_OM_}PrwJAjEqzi1j-I3+Yblc(w*i-l&1bTv^RPAdJ<*GJRfN#Y-Y*_
zT5SeV_)Ju6F4X2@0AZ;ak{|xpBQVrAaG)lr3(=(-<#U~0Qw~h|pN~2OSlVgpDg@L-
zL33!ay4vZQO;pAUr)T@*3qE0Bpj)M(B?&b~(MIwh_1~Ilt7qBhuCNjdRjSZ%ah7*0
zE-+fLP@h#D3W7GGIIRML0RUq?#zp2q2Rm}AK`vbB=*bPDF0PTA_X@j8)HK-x^8~v3
zdzs)1)=wUIZt}ouw91qBIv$3|WQe|tFR=4;uvKg=piF^plXul^uKGdR`AOjC!*Pj0
zuagHS=JoQ@yzmr?TNe|w>8MU#Tq|SSsA(fNAw|{<Mc?o5I6B=9r3&=k&N<pqtk2{~
z9L4*|zxCG56#i9cwdczGlSsZeu1s)L0%<x#k`|ygLuq_<w(9)$-wFl&m9Y9qwA&Rw
z0j3U@snfWFK89kKKUlNoy2JkDnHmxC^5_J8uPLw(MdG4PzT3gtQz$^H%9_xv^lNfr
zuu8$1<OH+%rF8b(D$xRh0RR|?&+^D0q#n$=v}4R77VDCnQ)HRC3J=~2nw_f6CoLkd
z7JPrEKN1ze&me!1Eaxra$tr&24Mm%S=v`Al8YvVYXRj;6HSe4`tYF#jCPeTs_g`m2
zc3w4hsEEuCOw&Gf9PK`?QpWc!E&%7L9-zs+A+ccI(?}n8nQUqkTiH05U6vROd-3zE
z@>Mqy0!i+4B(58%Xu+2L=R++!W1c%WXF1Y9xZDb%Mc7D>_yDs|rPRi*_@>yY0GWKE
zmr#8v4<}lQ<4w8bR2@|GF$4UGnq}Acmnb__*Lw>H1xW&?1_bjs&U?%JbkKntIN!cn
zA)uCqL(@JDz(PC@_Z<R)0RS|LF%0`{%a3WUNgeYP5OM615xL(9<mHUlb-6(*k}g9?
zlOJ8E@VO}zt`<O@C$CSrJq9}f&Y{fq#j2xlw>=6)17tt3<iPG!h{qzYLx%1BmW(m#
z@(VD(SfTva;dkVU5bIv2%$)uMxgi~Y{+Fg*OVu4MiI`A8bv*@L(D6`1uHBr_iQBG6
zi=G!P?ESAhm~P`mA-}MLfozRm4IM-hGK@DZ0?RP%dY-F2l>jyEXH%9Ok?Hm;qWF4;
zx^5dYje5j|($8)!ETTCNR1Bx5H1pe>7fjq7D&)@gqg_ZV1kb*&d3#T2+2L5xDQd!^
R-KpUHmbT&ib)P%cX;_ZKh7|w+

diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_4096.pem b/tools/sdk/axtls/ssl/test/axTLS.key_4096.pem
deleted file mode 100644
index 73fb75f899..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_4096.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU
-dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR
-VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx
-XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/
-KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5
-wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ
-7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ
-ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU
-f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy
-1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J
-T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA
-AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0
-H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X
-2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg
-LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5
-uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04
-4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+
-82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg
-IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh
-2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS
-pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74
-0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp
-OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS
-HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH
-lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY
-GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN
-d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH
-M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J
-4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR
-rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl
-yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M
-+Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a
-aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c
-6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz
-dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj
-26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+
-OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz
-5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2
-3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV
-wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41
-dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz
-rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY
-qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL
-/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf
-CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/
-seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud
-LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3
-LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb
-nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA==
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_aes128.pem b/tools/sdk/axtls/ssl/test/axTLS.key_aes128.pem
deleted file mode 100644
index 470f29b514..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_aes128.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89
-
-aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb
-hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa
-oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb
-sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY
-pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ
-7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX
-8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K
-SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
-JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
-0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
-8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
-9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
-v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_aes256.pem b/tools/sdk/axtls/ssl/test/axTLS.key_aes256.pem
deleted file mode 100644
index 5e9c5fd46d..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_aes256.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048
-
-eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ
-aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC
-yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90
-aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E
-r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi
-EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl
-YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3
-UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
-0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
-qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
-RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
-9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
-mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_device.pem b/tools/sdk/axtls/ssl/test/axTLS.key_device.pem
deleted file mode 100644
index 5c9a845847..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_device.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
-SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
-GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
-yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
-Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
-yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
-P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
-CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
-VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
-hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
-OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
-BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
-NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
-CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
-rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
-qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
-apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
-4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
-jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
-hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
-LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
-rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
-THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
-1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
-iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_end_chain.pem b/tools/sdk/axtls/ssl/test/axTLS.key_end_chain.pem
deleted file mode 100644
index 7c1cb6cbf3..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_end_chain.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
-DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
-uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
-TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
-I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
-DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
-rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
-ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
-yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
-5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
-tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
-uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
-GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
-ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
-u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
-t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
-hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
-p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
-dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
-uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
-90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
-rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
-Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
-87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
-yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca.pem b/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca.pem
deleted file mode 100644
index 57fef36137..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
-I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
-u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
-YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
-zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
-Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
-tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
-Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
-D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
-UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
-iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
-gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
-QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
-JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
-FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
-NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
-SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
-gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
-RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
-lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
-6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
-ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
-wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
-fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
-/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca2.pem b/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca2.pem
deleted file mode 100644
index 5a4dbee96a..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.key_intermediate_ca2.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
-2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
-zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
-yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
-7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
-t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
-DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
-hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
-psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
-3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
-ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
-narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
-dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
-50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
-f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
-PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
-WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
-EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
-zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
-e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
-oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
-cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
-MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
-Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
-eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
------END RSA PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.noname.p12 b/tools/sdk/axtls/ssl/test/axTLS.noname.p12
deleted file mode 100644
index 0383293487b156598a1383a699cb16e6db4a4a1b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1612
zcmZXTdpOez7{|AtZ5mk{T5@nSilMbVGnR6hWS87_s8HAxJMCC<iAvYGQ!ZU4oe5!M
zJ*$vTj@wbmr4-F|WOIAaN<uE>tmiqm=Q)48&-*-|@AJNYeZF`;j0S+!@O&5o2DeC}
zB`s)y)xr6E=qiK{UB>gF3wS=T{BH!y=L6F!Gy#A?sx|y?0>&G_H2(Uq77WHCAZvD<
z6Q_nwKXU|tHK6l+pn~xdJsU6T+gKWOpI|W6#>7-w?*<|El0^O>)P4%m{>@9^{N)e3
z+~A3<lc%G%A1Vn8G3!#4J`Cs_*>oA+g`9RLRWTs(#p{*g`%zmOjy6M10R!(o+awd_
zXbx^UyHl2Nl3BkBM2TKRv{Rz`!Q_a*ZeGp%2Sx|Xi3b?YvZR!ipKXA*7FpqKy#bH?
zM((ck6e2{Dnw~ng;o!h~Wh}1Oo<8|VUcT96EIxt2X4Wr>IbQA%o2`D+u|Cv5Bz6d1
zx9ox4xxcnZnu<>03|5`=-_s?9@iQ1MP32gz&^7VMH|=rfp>x7pr4+80&y5CxXL9lI
zP-uy?I{4I*Wo1hDSv?cn=W*+*3HldB$AOS)WB<hyUjb56=)7CL;K(iHu^WBr)EO!9
zt;DW%s~{$_Vo)q1DbPWb-nHI3lUeU0j~yYcY3bbC9IPy-BL#QBTlK4WGdj5)I`YA<
z*$|NV(;A)_tHIq+nVoydG&Vw`pfA<I4{b;*t{<5%kxcy<^>Vn_IPJ4pH_Eg9%2Ua{
z?6q~?9=;}vSn|<SAadj*^7R#ghl_vtbuUJ*p{2sk9>eAkq@B`^u-UWj$mZp+(B1np
z@@FHw8}vC{M49F*U&rDBIPPW|Il>dS+jb-9)2<ge`lMC?iH$H5mX}Sp6B%hKFF2#f
zH`je!IQ?PI${syg*Di~V+w&Nb2gf0v9|aEw%0|>hHN4)X+Mx<i>uP%8A8)QQk8dbN
zoN~R5kq={L&JCjVO4vhDMv>~W+H2Z{Jp?L?F3`<x_)ywi(4ehl$DG5~s7c3VMpjm}
zUX&!5ec6fS?m$h4_S<%cJhu12nw~S6q52*1PX<W|c!jfEnS01&@8U1e9F|tW$ID;V
z$#*n5wsgGGZ>%~T{8Ot|PMdQ#bD=*|CHd$7NUqX<6r%E8g=MPgg=zk+yapIhg?Ci&
z_Wzr3>4h@8$KK)E_a>;$<8IzNmXI=x-7l}cPWLTnnY5T{ex$_SJ0r%HQRgM$TvNas
z+o~tdFmK89j5l_>Q&-`&_)0$~XwJjNj=kQ|#aj19_!tpf8o5Zmcnb(h<_hNXl6qn?
zS%(j|Ni~gT`gH>xDQ5ib_&)@>)ZhmT6<Og^1*hFF{c4WvEpfi<hRyxJ#GU*G4}#bA
z9Iw5AtNo&kd&tG?8=L%+hf;*YQNoR+ve8kaqNApjI(eHS=(lc89)B9frjb8wS!sBa
zcE)AZ;lllH-Ylc@$tqbY%IK{57C1~U(vj083?FiZ&}5=qG*%EW8Lw>-8D*ZO7#GaZ
z1kk&6F|nZZls-c}j&TuFZ5?_GC9Sl7qd^Q4U}`P03NwZIJ1?w=xf3I{24SaVae)Ia
z4`msZI=<W)q$w{fVaA${wA6l@RBw>iKu>N?{}d~exNn>2i&}aextd7q{jtq(Dd3SH
z<lwtuc~aCh>c{4b7LUhjy4Ge*I<<86<-)zZkba({gWLKk7MM26=-AincOYjjk$bOp
zL!vtEH-|YhR5r$x&{&`42K!nUmL^>1z0I?chvAgGz*J}5MZZEv?R3t37u-W$IYy0#
zYA!*274meEW?NN4eJf9RZkt*^J9C6)Oev)pAy}yg{jbJ!RGFV9H*Mw-%-tz1wqoL0
zrQW=C@;<+;jvp*xh6}ECCy{DS^-~_M6Yx|yy&YopbM-S<0nx{4>fo6NN^9x>q^SA^
zNC{cY$=hpfyQu{vskmgU(ZExnHrV1|TQ4_h#zvoD*|PQp2~)@W9qC=2i)Vil{f>nX
zHeR)#+hdY)<lFn^LMrMbDO~2>sca@}#+&>jG<-b)4bd&kz6Lm1aWbOycP3*VzJ;Iy
zCMNI%{3bjc2DL<}0s2r7M0a!g#q{~O5TK6iMN8_B+@Wj3w}PyhVLV64LdIC%#r_j8
CC*Z9B

diff --git a/tools/sdk/axtls/ssl/test/axTLS.unencrypted.p8 b/tools/sdk/axtls/ssl/test/axTLS.unencrypted.p8
deleted file mode 100644
index df7c2e21600e2f296671ecc261f79616e864929e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 635
zcmV->0)+iAf&zB}0RS)!1_>&LNQU<f0RaI800e>pVK9OMT>=3B0)c@5y${qvsC0)^
zs<}EJi_X2bW&1!q&=H!P+=6`Ss2AaM^92rJ!NGWnvbq%_TK}84dM*!$w{+eFnWdtc
zQ;V&5S~2as0q5W8>@T2QQ}*VHpvY}OMPnng&rVPuDBm{XbKlmXvqn#DyA7M~sQFB#
zaiNIa2dRb)Kh2pVqJ(!30s{d60Rn-5CO_<!tJEKf4xKpICk5rU6bRS<X?PY&#0C~s
zw>njyzJ~Z%=*32;@a@{xzlc>W=5i@4WXW9}n<P4zK%vsFT&pAGGtlZ_Qs;V}b6+li
z(cEuG50`*8(l7_z*4Gt@D|FR<io9b&3i2^2zxny_h>wcGB5oBXw_aOVL>xPL0zm-b
z@v`N}fRjK_bQImP@+VvjJ-}b?oJDLC0N>ErgZhvxgz~Dw-TTi2L5L8>yI!}pE~Xu-
zy8B9U*qW_~4QdqvK>*e^BlBH%$kR!|lm5yL>zmrWM<{cbpitLLB;T70H?G4mwNGLQ
z%H{8udqbewD<8k82$Rwl9Eq9n-zL#QnUexR0I@;je%~PX<nj4W(P}LX@#*ZGI_AKX
zx+mg%w56dV_U-0VR^m`H*aD90$90j@%0ARIAbczPFFFu%u?JSR%>qCkJMse!bTqOp
zyw=F2cqM}m@|!Y<ZX`g2!pMn^_MBT>O^wU2h><F{5NKn0Hj&exS9UIT{)_aN_uYv*
z3+-hBK>)e0zX{2ZCi8NOzq5SjZ*N<pmAIY*xzC_ex-!Ajt%bXJND0<IoY^;#5e)>@
VJIZuj9FdJZ@%Z_^HP^CJP#x3uH1Yrd

diff --git a/tools/sdk/axtls/ssl/test/axTLS.unencrypted_pem.p8 b/tools/sdk/axtls/ssl/test/axTLS.unencrypted_pem.p8
deleted file mode 100644
index dee0ed461e..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.unencrypted_pem.p8
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6
-H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi
-mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b
-76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX
-/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj
-5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K
-wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ
-LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K
-Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
-QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
-68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
-hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
-kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
-PfH4+b4117JTUB0=
------END PRIVATE KEY-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.withCA.p12 b/tools/sdk/axtls/ssl/test/axTLS.withCA.p12
deleted file mode 100644
index 0a89e7358b4104678b647bbd9388f20d8a2593ff..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2521
zcmZXVc{CJ^8pdbL7{-=m&^MNv2qCjrN|I#Xm&u3h#%CK_mh53H*`f?t(-1->`!?gF
zi4fWM5REL!GReN(zH{!q-E;0A?|I(yJnwn`dd~Tw2+&amAP7Z(=0c#7aoTaa>_8?U
zi2zLo6QJ?G>=+aQ;_y3ykO&adUzQ;Q5b#U1ekVYbAcW=LAJ~9E6bG2uIC4nybws@h
z0|PT4k^q6X!@S{(F^()r+zqW8Y!{%%O#-28{V&AJee{*mkyuJ3H6Jy)vQ4)!feE<H
z7SDT&&^>*0BKvZ{ScKQ}wW6H1VXqs1|AlAgfW())?i^h{Y9g;IFvW11_uLky<Dg5?
zy;^~+={u>pk<OQ`g0(fjY1!-D*-8j$-{_2sct)&qIP3SC+fRku@4rZIXjxL-3^@rI
zq8U=j>IsfW;l+OGg%?zx&Y6**8s|?~&`_<VO~#RZSN6r|=&O!(C9FK^rOcZf1n)zK
z0M(e@6?M&Xj~=XzuSJb7?>>%LV+?uGdM5Zs3d*Nh8!q-??7j@opZ;rHvqoLPj1Qk1
z9bOXy{ls?_SQhBL-Fwj}TFP>{q>MD{cvk$F0`FbB9n!9U6wY7Dq?(YWf*5l0`HIx$
zMr*Hyo!d^dw&+kgzTs^e{%|WFAw~$878BV`V=oBsI<E$}vUa_=sk9_kBW!QJ>b!k`
zXL0NtCY|#sy$x@xw2t)@Zc~y}j~ZDdwR*0^-A`<1Vmw*-AS|XcPF8bLQ6;%+>Oy$F
zG|>zWZo8)KeGf#w$J=4rx-bjag<#|gI@$W=IU}f6x$YCa*U7433P*cEB4(*Pwexjy
zwX-``bdyS`y{1zS50iO?PkrM1mu7MkQ8T?m6^1hs@~d-i7TBj61wVF{F)HyoWh1uU
zB6$0|r(y?m7t=Dn3=?-0O1P)?)=z)(a2@)5V+g=8)8dO_TMESl2#!VZby>s9xv^eA
z`Azd7OK{dBid%f0GLuz4u`u_($WHPW&3NppS;t&+noD+i^OPg5g4fA3P&D)<<!!?L
z^Gz~H`CINS8N0?z6&CeNg=-3aT1E3!V_G54_gvTuc!>9M-kXX_9pA2bTh0CxWGL_B
zgxYpB5ZgNAVptk}%j_L&p^3_-K%L~0RaU%b{ScXLe`hMh#uwAkFMF3`j8`Qz!tNxH
z^_t9IJl=5zUo6W6gudv>Q}X{#vhS!0nyVY^OaGXt%kOI#cPJZi99gw*_~ct|`KAt0
z%1E|C<beN%t#9K&zKYBqIeO;J_Z3fZR_SH6UJzUF7cLp4p=isS+=4egxWro1Tp%Wx
z2yHnEZrh`{{qs3m^za#`hFy$87>pu+X5A-Th00TrBff_(lGyJ@^G_H{#UX%6pP^%s
zO+A5U4LT+*(EW|CA1tyUX}*<XUCH`5i562`z=d0_I@5%NVc?ZYi4hQ<Y&&w(8<{^T
z_{_EovDG&GNsn&AcjvUsHvv5)sN4OuEj%ta3D4;;9#JV7E~e7{K_)Rae^BE|GzY)c
zQvvhw=bYt&hX;5{B_ums8pb}DIiEVM$Nyu=hWhBB%)@UY;M$R(LU8&>a&vR`{Ij+O
zvU*0>DU3}i<ZlDGWC{JU-PP#FS@o3rIXva**s$-uMB)J7LO<eO2E>w9pT=#l`IXT#
zX5f9*3P%0WWMbv=Sx=$dSuk@(ajd4SV9mLA@ZonRee}CQB=hx=2BG0_Q+IPr@V=tt
z_a)1(!^r+MzLop6F;bF3PMeFqr1PI)0iD-)3v1fi@0M@ZaK__o;!4{u-@N+dFr>Q(
z_X+Se=t>)=&P79A%}d{$X-<6_>r>6Yq?0GZQMJ>ol)Bv;8*z{`cTjozQZh*DE=n)<
z9^Ow8LJkTBw!TWAJLTKs>X!5;vS4vZCcZ4u-BWkL3mZeJ%&$s#%(pu<7TjBYbjs?@
z2A1nMhi3|Xvv*5<bMvshtbM?b?lDw1wP8n$^F=OWJ1omv;Htdjt7URhXd`no>YmPo
zpkY`SO8De_)QHxy#h$`Aa0Xk$^ojS=v0d?CPRD9wVVWF}SGc9x5a2*orI8H-%(`lh
zO(r-Uf<u0^a=+?MT)bY3;cBy%YFe$Q6`@zT3f-M%6q<03DG#8u>a`PVt}6UH4GWWA
z8@WRp(oqSAp<`nVGVInMD8;r9Lp6<=wyA}U>W3@pp_|H`T$67VMON@di5;!T=PuSG
zlHWk6Z}b~zc@x?%?XzBjW1PfEW(AZ|h;p|$?)-J2T2dzoCM1R`SAa78Ax)%D_vv--
z5rQc2nXLvC0VME0C?OF*Y+wS2`Iim;H2?_ff55^5WFQe33Qz=wr~l6z@|@>iFztk@
ze|Q5XFoZ^|E_MC6)hcT?==UZMYXLXh*_Ix2YpyvDkaLr-Bgu7cyOaiqa*2rI19)e|
z<709wsi}~~F0Z(B{<DRK2$-{c+5XD9oAC&+>xU%kta9v5ipvqJE5RD0n5BRd7$h&>
z$m)IKA&(aCIb2|e%ZHj=s!6(g+g~NzUZ*9=l|(*MiD7G)iZY(B+{CI=xMds;g?kA7
zQ>h(NIg^LFGl357p+S%3j87G53>yKK_?zPT@%~k!Gg^$Uh1288oV<-v_nj|XzOo^G
zs{FFPc7S+8)ACxJ(bL_`)sz{vxdeEnx8NufYoH*p1}eJiIq1X*k{sv9CbYn}_Nk#7
z>9%nBi&m@wAGog_qNv(j9}9g`7W%Tmv>M~4+K1Pl*}*Lvhtu^R-}%W%=axSye%IH}
zGKJyK;<(sdG;i+Bh|qCfZIBvdk*BNAB)A)?`$pi_N7!C1uUw@S5CQ3VVHP~G#>a{t
zQuQ1An1PmeQdKi6e<(d1-_0GlM6D75c{CnqtJpx5XMH8$)NRtYp?h+vy#AjwA8}~(
zNMvrNxEm<oPv0+U(vKcnN>{+yUpNQO^TV;@Uk5(Z+bSQaze-cgUn+*70sQDcyJ*oI
zh%2|;BV<kDw>Y)7_)aB8|7iOnUZeGuF(bHHZV&&SFwCsKrS?jJ8Nr_y?Gfq-jG;^6
z^Ce0PR24@Ajxt`iESWgJsP(dvw4ww#74ov<Iy0e07r02Q>A@E!lmRD6syRdmOoacz
z^t`7~M>zy(+@|#uvQ>Qi(Zc5EiYaqX9&%D2SH1Sp<|HaliE+9wPk7u8nQfu$(gDUc
zM?fX%s~_2iDUf3irOFYsK1$@jg@*E?`M|K}k24r<O1q@^!>>QMP%{eVvRPh6UHp9n
zL!TAq1NZ>Y01Utm5D0Js_yb&jZE65j6dHv<K_QG%93TcbBLEDm&WsanytjOR+ehV0
Zb@U{W#1a7kGjry~*vbW0@BP#Ne*pwro@@XB

diff --git a/tools/sdk/axtls/ssl/test/axTLS.withoutCA.p12 b/tools/sdk/axtls/ssl/test/axTLS.withoutCA.p12
deleted file mode 100644
index 10e28fa01a430afea59df57317f35d781ff1486e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1702
zcmZY8c{JOJ76<TOeu*Cmp$z&g(PMo^EQz($R;4n}R;|QdrHys0NeL=4L588V4>hI4
ztI#*;Vi-gxmeST%6y<5PXsxvz8iHqdnRDj7zH{Cm_uO;7_n!OL{ot4o8-&4eOeh>e
z>ahqcAsQwQt7byJ2qr`n#hy4OT=&Zes%FBKM3Djr14K>w%LIl~g;0N9kb=Q*(g=x|
z0N;tfbu&MMpaj5Rf^+tc<AcX2)KFfSo%IV#Ac{x%#r*7P?VTfGxbxfd)Ee1@l0KE;
zt0U3tD8DH~|4JQ|Ly8Bf=G-kY68c-~;r5>E^T|Bl#(|R6D|SDOc2R$#B-wegbMVjh
z;bZ7#_iI6yAOH1`cTMxCKYqr@>`5MN`)2&iqnGjSQda4LD*W$+_K{dN$0}imMrVYC
zZ|w}XEYY|X)wK~jLq0J_5~jAM{;yrzNd*Ge+aXJGk!SWN2U?6JlBVx{y~&uK-}EP*
zOZagVDMq&)pB}W#e-oV?6+MOKzW5=6;NJV{?)dz9j#A{p^Q?)3$7aYgzLT`?>j-X}
zmWNlu+ia3)<lWEGD|2RIOV9es8z0V6PF}t_bL(H?92+t@wN<%##F%GbE}Nn#`BlPI
zC6xZ{ci~yfrtI?hsP+9tsI9EQ+PJtO)?VXE)F&_Dm6`(Yh`O7X^HeF$TT7=`#q+dG
zxx850MZ)baF)f$0t8L3YT{q}+&t3O#D0JvjIb~~<5w}n^Mcw4sgOy>ECU4`?Tj?Lm
zCnihvNj5cAhjmi%Kj)&c&MtRkgYK?5>7zdeSfBEGwzoU_bppwX(ny6OsYDN#?W^?K
zZ#<lDmO>ha!FsmgJ5ZXS>}7j1wHM~)bl^`SY^5pmef2c1xI>?JIn;#sz9cicNXlUJ
zWL9@q!}^^K48?{o(72?mTzACQR;qPL3@xVUVcwK8>qjv+xI;$U9vHin;_=20=^4Dr
zOQ<nJDG+!>IQ}F!Oq0*@Yp9aa*%DUHj-lxa8A}(Y9#z~`rcCJWpT(Sz6VrXQw`k}0
zdLhHCjPW_&I5W|T%m-Zh$HWJ{(mUY}CNi8E-e%0Hz}a_$tSo<i&p$4OyoJzD*WO6>
z3v-t$Bc%J{IWpjTq&QYPu=uIFfWOhsZxL?bW%z4_O%sjV2AFf|&H_#G8aBXdRS=GE
zoQigL8{+TG8wgWUE5-C9P8vBtNg@&I|06<VMGhfCB8pL>f*{HN_&~wHY9?5NV}h0c
z&t}C{-X$x5w)F=a1QSd(Wm31h8vjzi`uwqsr^U*dgW#>AuJ-m={Rh!`;XT2*)fX0#
zO#}tv9_zQn`;nV!c@;DRv$tEIYGC}zqHJa*(03veRJg<VZn8=3g5JrD7r|Q#4hb_x
z53=B6oCdjS?%$g<FxV;Lp1EWnGAEN{_=K+Gy{rCuuAlqQ-+)qlr;+FC*p4kLD}SQ}
zlI*DWR~`G&hs0?TxG3jLVCj~+sIB*D0-KCE7FNFXsQ;(tG}WFVGOKWw9vGnNP&E)&
z<pEmHXQy6&1fqN4-@WAR;TejyAr`bHD6)B%6SBX({_bP$s}!Y-CIjDV5{%Uc<(7rb
zlU}|4`BO(Vl7+cW#c%`f0NFS{XTxsD&yBJ!Q$K3;p=c2>KkxH|-Nn(gJ(Zk9u$VVp
zEZWmC8;l_5VO_EvcP&-3)11go1zu8q4%sz#VoW|coqne#U^S)Njx?9)68IA0reVdQ
z7_5BefZfrGl+c8bf-^q&*6umY{Gm5d&MvvI6-spE*0cCdEepU!Kt-j(zVO!`mDYl~
zz)$>y)Sr*3#~-NL-3V@x1XrP?twe?~WUGk0*a!`U;c+&Z>A6!D$MT(pZ1H<;rUwn}
z!PT|VTFGv%Ipz*$htn7GLr1(*z($6mmj5)tIjICBcBoV1+8jxn-NE<t9yAncf(FBr
z%QA`;2y^x~<VIwuz!94_Fnv+3>eXwynSGA6AsAzXJg=50AEXqv;<Jd@K4H_EzE3OZ
z{1t|)MO#fFv=(0c9-Q3SiP?=eFB@1Bros%eXV=E9$ER|lMv9Ws^kPm3E;w%L=HpcE
z7LYxCY|gM3?sxcr_bpp3OfC)f;4k7d|NGEL1-v3czP7LwwAT;2MOC)`UgMVuglypQ
zG7kG?Ngl7JrV7LXc)%D40+N6TfC_{IvA}gv4+72sXK{F(It~emVWr`qvKWAnf2-ZI
h^iXFE2aFn1x{keK>a0+`2nnLQ|IE&UO4=U^{tdWe_eTH#

diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_1024.cer b/tools/sdk/axtls/ssl/test/axTLS.x509_1024.cer
deleted file mode 100644
index 784e26ffb786bd96d7d95ecab3eaca6f55beca66..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 604
zcmXqLVu~<mVsv2QWLT<oqN4rN^P>j5Y@Awc9&O)w85vnw84OGejSLLfm_u2(gf$Z@
zLVSW10*dmpQj<#*T=G-WD;1nmi%K%nGLsWaQWYFaOEU6{GD|8A<ivRm%?yo<4U7y8
zOpMH<#CeSk3@i;Spj-nTLoovph^f3NrWy(v2!O<yg*kKblM{0?@{3Ch8s{UsijkFp
zxv`hQps|ywv5{df{}rbdCG8=rc3R1IpWC}V^|yoV1;JT!?ljfBS|R?h<TEQ@;=zLz
zU7L1^Dn<RDy`xHxzhisJJ(ihE7tIXrURx1m_;wHD^ZPH~=r4#3{`RbE!HHZ)*JS0*
z=lufYHSU`|D!zYh;bu4gyxqLB->>-Tv$Sww$6fZ7ZM^npXDTmhDd%TmW@KPQb{;U$
zn41_G8H^s-<S9N|_GO2_{H|x*Eq*#rMNWk^+8@waY}u)DZoRvnWYVT5WfN8RJY4ZE
zE5oXM=cc6TJgPQv!XE7niznXHdp1d1CP-yt`LS>JZp^+JZXT8)Zj{EzVZkx$U{9R=
z^OG*8lXiL>?_Bo3uh#aVo6#I$wpka&SKF_gz+$Xx-^jHz^xU?oA!|SSFFJMjn`(98
zrHs~>McZbY<UWo6RwA==(JgJ3|4m0ZS&r=5(`2`$NTSam!^4Yrx$V|3PFB+sYF8w7
z&6{zgE_LRsx>KdkZ!5;0t4Xu1yCd>1lx6yg6rn9!4LpkW+<qPHzwCEAqvOOkGiH4B
Uwpirwk#)lE*|F0$DrE-%0ONc2ga7~l

diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_1024.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_1024.pem
deleted file mode 100644
index 0a5c7a69f1..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_1024.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy
-5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy
-ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV
-VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
-Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
-61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha256.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha256.pem
deleted file mode 100644
index b1059b4385..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha256.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
-7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
-JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
-84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
-uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
-j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha384.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha384.pem
deleted file mode 100644
index cbdca1d1b3..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha384.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
-WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
-UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
-HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
-HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
-ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha512.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha512.pem
deleted file mode 100644
index 83648e6630..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_1024_sha512.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
-73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
-7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
-xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
-evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
-4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_2048.cer b/tools/sdk/axtls/ssl/test/axTLS.x509_2048.cer
deleted file mode 100644
index 45a291293a5bf0f7c4cc0f272a0a924248dab5af..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 736
zcmXqLV!C6{#CU{>lVPdWiHi15&rcfgvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MG&3|ZHZU?Y
zFflTZ66ZBGFt9YRfN~9V48;sYAg1!7m})3wAOI3)7Us;!PfpCq$S*Ddx=;z(S&Xa<
z%uS5^3_x)%rY1&4hM!SoHp^8DXK|$$FDhj7Wo~^bIqmTGg|jy9b9ue`g~9LH@8UO2
zt84h8re7g>>yrK*hZ3hl)AY`p9d}}0%)n#4_Vm4uu4SK!e2(xlid^R8sQxmk;Hj(a
z@!MxI{O;PMe`cytGqS7_-7tC53z0t0i=n42;)7Qn=zN#7$xVI6@;S4_q{Q+oypK*(
zIh-K$$JkyYc7~t!vZai&BJ1uOKalmj=+ZoYm!4PY#LZgMnttiJ&7aR>p(mz)QelTP
zGl!=D|C*0tYx(0RHa5NA9JZj9UG?{-o=A4z-C`#@1MW>T>oRYZKYo?9#`Ws^hGUm6
z`)r!wc_Z}a-;{mNV>P^#_wsj7Grh{h%*eoq974c|1BMVIgUqU~+buVuH|I+=Db;Li
zJ-K89BWu0IgO{B%CwIQR{#3x-y-xq@&x4a^Eoc3AB*p#EjuZAXFAL00%-P=EcwRp1
z!_VB>lTDfR`>&j3eOB{O=*-Ex2kz}T5O?HewR7kFgezwqH9Sv=ELeYC;Lkdn$(I;j
zw*(dn|K-gNGPf={Z(tFiwRD2?sq!Uv3-nhr8!u|S5q#c#Yxbq7HA^;bttsMQkvy?H
zr#3S&T=jh9-F0j4bJT1<UZ&`y&9iCkgQntcCq8oq$3rRm)9&jZnEmjm?5*D(pFHM#
zH)RxEJngi7u9Z5Qbf&q7#M$pRCe#S%tlao`OXlOBmuB<mgrDx7yWtXV<45xh0G=K)
A=>Px#

diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_2048.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_2048.pem
deleted file mode 100644
index 95bdb5a3a2..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_2048.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm
-L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM
-aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD
-YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD
-AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG
-09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
-HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC
-uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN
-QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT
-z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
-QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
-+dKbDCxXy4udsNINgfE3aA==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_4096.cer b/tools/sdk/axtls/ssl/test/axTLS.x509_4096.cer
deleted file mode 100644
index f90fb1cc28c86af31bb0a93aa18c129d2d3698b6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 992
zcmV<610Vb_f&<(zf&#<>2>_)k$ashH=gKe*1_>&LNQU<f0RaUC05CK$GB7X(162eH
z6DeVMR7_JKP;zf-Wn*+8L~mqgc_2e&a&&2CX=7n@WgtOybZBpKX>@ro9v2NUHZd|Y
zFfuVPG%`0@7Y#EoFgY+dGBGeTGB;W<EHM@^6b1uT1PT)kVR%$bQy@@sZ)#;@bTJYz
z5C#KP1OpQZY;R*>Y-n$DbTEPfA}|dG2`Yw2hW8Bt0RaU71A+n%05F0A3Ic)x0RX@X
zPNUcKvn9yzIfRh^Ja}-RWuFDQX9x+(oE7a3%LIK=#ng2OOsJ>KE-x09%08^xg>X0Q
zHy|aHAmXdfU8nYqk9emEP$*t@iMl3G>DB#G&{0%Hy>h?v=@{Uxls)*#8#^D2T~~PE
zk0TLfZd+;!)#Ni%;Z$#3osW)YO`_>9pmANr#tXN$DJPEan3lpTOvq`8LMqkq`)yFx
zx>fS7?kh17EcuP4Cb=sNWQlqnIln6znZ`hF7X4Y9Vx%gfEm!rbL4d2C2&L4Hb0oOO
zSW{yIt@u-|@>!ZWEo2z-nt8)5EVM5>$dLQeyDZK*x6SD7Tm@pLZM*nop4GC5=|B~K
zA-Bus!~mm)bJqG&l?m=7Pj`KTt&oY=8=F;a%g5*n<$?>b{@*|ZPXV_zDZ7c-Vs^jS
zp&;Dkt0ek2p-G<4!Eu?#0eL<uiqg}3LoxzC2*QMphdE*~SoSIoQv2<t=r)nP6;i9f
z9O<}=;M9MbQ1fet*Q-ZXO_<4=jab!g@y6J&unHA}?aJ!?5bcwAs6r#_z>Z!;Hx1K3
z2=dh45AKOWq?mP9OnIwk+i45Pt5M9N^rjf1uQ|2jj0!531zLzJq>{hgja^fE?MY9a
z8b7;g2;-{-fLd5{wIJYn#8Z-fkR-X4U*ZafvR$K2BG~IN;gP4wf`I}90RRCo4F(A+
zhDe6@4FLfK1potr0RaFL<b1YOAf9vO!XcU?dCI8FDvNU%%p&e6Vm}`kN&sBi3drmV
zvZ6WvfbdhirN%{oh6}crAR0RL8C#v4v{h|iE~*Wq%)0wB;;$gB#>@KNiqM#QC5L6G
ze>~xk+?vfj)}U+iSBjy`u1Zt8<g8jpa|nwS7$pS5_^#>>tH{{n0)wpm#ij<5rH&0c
zZtJ76;$u0Laz23cXCmrpx#jBmWM%Zok51H8&SWe=1oB0YF#wZ+kV(ec5HML<F+he%
zoxzF3-hQsI`P4@Wbn@`gk=`2_+RRU4tv`?wHYgChMwpLkP$aax5?Jtasl)~0t7l#x
O8FkuLAF1^+tEA7R*1hro

diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_4096.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_4096.pem
deleted file mode 100644
index e6aaf2573d..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_4096.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin
-zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/
-8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3
-tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA
-bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv
-O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9
-g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ
-xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr
-h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J
-Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7
-agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ
-KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc
-2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6
-3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY
-4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
-kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
-vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_aes128.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_aes128.pem
deleted file mode 100644
index 1eeb6013ca..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_aes128.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2
-/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ
-EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM
-VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG
-5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
-npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
-osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
-WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_aes256.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_aes256.pem
deleted file mode 100644
index 89fe526af9..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_aes256.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9
-CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3
-NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc
-fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC
-3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
-DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
-wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
-7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_bad_after.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_bad_after.pem
deleted file mode 100644
index c90d630499..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_bad_after.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
-MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm
-CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP
-DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
-V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
-tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
-0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_bad_before.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_bad_before.pem
deleted file mode 100644
index 3d65fe60b8..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_bad_before.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
-eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy
-MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
-Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
-/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
-3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
-9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH
-WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII
-WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
-Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
-xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
-EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_device.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_device.pem
deleted file mode 100644
index 2ecdabefaa..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_device.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
-eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3
-WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
-ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d
-D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8
-vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe
-Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx
-dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi
-WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc
-bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
-6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
-IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
-TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
-BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
-UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
-FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
-XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
-dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
-L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
-pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
-A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
-AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
-SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
-gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
-5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
-FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
-b5kxOvfGlM4E6v+lMSw/HDrI
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain.pem
deleted file mode 100644
index c0a4eb3c78..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
-BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
-OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
-A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
-xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
-69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
-v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
-7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
-7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
-/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
-Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
-5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
-Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
-1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
-eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
-57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain_bad.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain_bad.pem
deleted file mode 100644
index 743dbc07e0..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_end_chain_bad.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
-BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
-NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
-EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
-z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
-Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
-tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
-A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
-1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
-AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
-bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
-ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
-GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
-zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
-064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
-4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca.pem
deleted file mode 100644
index 4fbad81b05..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
-BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
-UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
-UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
-R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
-aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
-HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
-u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
-Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
-mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
-+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
-QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
-c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
-SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
-2L3MUIVn
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca2.pem b/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca2.pem
deleted file mode 100644
index ea8ab7d7df..0000000000
--- a/tools/sdk/axtls/ssl/test/axTLS.x509_intermediate_ca2.pem
+++ /dev/null
@@ -1,37 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
-BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
-N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
-cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
-fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
-XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
-rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
-hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
-wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
-t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
-HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
-4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
-eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
-rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
-FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
-Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
-BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
-DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
-UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
-UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
-R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
-aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
-HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
-u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
-Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
-mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
-+innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
-QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
-c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
-SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
-2L3MUIVn
------END CERTIFICATE-----
diff --git a/tools/sdk/axtls/ssl/test/ssltest.c b/tools/sdk/axtls/ssl/test/ssltest.c
deleted file mode 100644
index ceb241ea19..0000000000
--- a/tools/sdk/axtls/ssl/test/ssltest.c
+++ /dev/null
@@ -1,2589 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * The testing of the crypto and ssl stuff goes here. Keeps the individual code
- * modules from being uncluttered with test code.
- *
- * This is test code - I make no apologies for the quality!
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#ifndef WIN32
-#include <pthread.h>
-#endif
-
-#include "os_port.h"
-#include "ssl.h"
-
-#define DEFAULT_CERT            "../ssl/test/axTLS.x509_1024.cer"
-#define DEFAULT_KEY             "../ssl/test/axTLS.key_1024"     
-//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
-#define DEFAULT_SVR_OPTION      0
-//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
-#define DEFAULT_CLNT_OPTION     0
-
-/* hack to remove gcc warning */
-#define SYSTEM(A)           if (system(A) < 0) printf("system call error\n");
-
-static int g_port = 19001;
-
-/**************************************************************************
- * AES tests 
- * 
- * Run through a couple of the RFC3602 tests to verify that AES is correct.
- **************************************************************************/
-#define TEST1_SIZE  16
-#define TEST2_SIZE  32
-
-static int AES_test(BI_CTX *bi_ctx)
-{
-    AES_CTX aes_key;
-    int res = 1;
-    uint8_t key[TEST1_SIZE];
-    uint8_t iv[TEST1_SIZE];
-
-    {
-        /*
-            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
-            Key       : 0x06a9214036b8a15b512e03d534120006
-            IV        : 0x3dafba429d9eb430b422da802c9fac41
-            Plaintext : "Single block msg"
-            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
-
-        */
-        char *in_str =  "Single block msg";
-        uint8_t ct[TEST1_SIZE];
-        uint8_t enc_data[TEST1_SIZE];
-        uint8_t dec_data[TEST1_SIZE];
-
-        bigint *key_bi = bi_str_import(
-                bi_ctx, "06A9214036B8A15B512E03D534120006");
-        bigint *iv_bi = bi_str_import(
-                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
-        bigint *ct_bi = bi_str_import(
-                bi_ctx, "E353779C1079AEB82708942DBE77181A");
-        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
-        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
-        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
-                enc_data, sizeof(enc_data));
-        if (memcmp(enc_data, ct, sizeof(ct)))
-        {
-            printf("Error: AES ENCRYPT #1 failed\n");
-            goto end;
-        }
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_convert_key(&aes_key);
-        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
-
-        if (memcmp(dec_data, in_str, sizeof(dec_data)))
-        {
-            printf("Error: AES DECRYPT #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        /*
-            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
-            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
-            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
-            Plaintext : 0x000102030405060708090a0b0c0d0e0f
-                          101112131415161718191a1b1c1d1e1f
-            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
-                          7586602d253cfff91b8266bea6d61ab1
-        */
-        uint8_t in_data[TEST2_SIZE];
-        uint8_t ct[TEST2_SIZE];
-        uint8_t enc_data[TEST2_SIZE];
-        uint8_t dec_data[TEST2_SIZE];
-
-        bigint *in_bi = bi_str_import(bi_ctx,
-            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
-        bigint *key_bi = bi_str_import(
-                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
-        bigint *iv_bi = bi_str_import(
-                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
-        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
-        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
-        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
-        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
-                enc_data, sizeof(enc_data));
-
-        if (memcmp(enc_data, ct, sizeof(ct)))
-        {
-            printf("Error: ENCRYPT #2 failed\n");
-            goto end;
-        }
-
-        AES_set_key(&aes_key, key, iv, AES_MODE_128);
-        AES_convert_key(&aes_key);
-        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
-        if (memcmp(dec_data, in_data, sizeof(dec_data)))
-        {
-            printf("Error: DECRYPT #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All AES tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * SHA1 tests 
- *
- * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
- **************************************************************************/
-static int SHA1_test(BI_CTX *bi_ctx)
-{
-    SHA1_CTX ctx;
-    uint8_t ct[SHA1_SIZE];
-    uint8_t digest[SHA1_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str = "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-                "A9993E364706816ABA3E25717850C26C9CD0D89D");
-        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-        SHA1_Init(&ctx);
-        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA1 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
-        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-        SHA1_Init(&ctx);
-        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA1_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA1 #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All SHA1 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * SHA256 tests 
- *
- * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
- **************************************************************************/
-static int SHA256_test(BI_CTX *bi_ctx)
-{
-    SHA256_CTX ctx;
-    uint8_t ct[SHA256_SIZE];
-    uint8_t digest[SHA256_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str = "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
-        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
-
-        SHA256_Init(&ctx);
-        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA256_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA256 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
-        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
-
-        SHA256_Init(&ctx);
-        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA256_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA256 #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All SHA256 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * SHA384 tests 
- *
- * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
- **************************************************************************/
-static int SHA384_test(BI_CTX *bi_ctx)
-{
-    SHA384_CTX ctx;
-    uint8_t ct[SHA384_SIZE];
-    uint8_t digest[SHA384_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str = "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
-        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
-
-        SHA384_Init(&ctx);
-        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA384_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA384 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
-        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
-
-        SHA384_Init(&ctx);
-        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA384_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA384 #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All SHA384 tests passed\n");
-
-end:
-    return res;
-}
-/**************************************************************************
- * SHA512 tests 
- *
- * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
- **************************************************************************/
-static int SHA512_test(BI_CTX *bi_ctx)
-{
-    SHA512_CTX ctx;
-    uint8_t ct[SHA512_SIZE];
-    uint8_t digest[SHA512_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str = "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
-        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
-
-        SHA512_Init(&ctx);
-        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA512_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA512 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-        bigint *ct_bi = bi_str_import(bi_ctx,
-            "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
-        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
-
-        SHA512_Init(&ctx);
-        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        SHA512_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: SHA512 #2 failed\n");
-            goto end;
-        }
-    }
-
-    res = 0;
-    printf("All SHA512 tests passed\n");
-
-end:
-    return res;
-}
-/**************************************************************************
- * MD5 tests 
- *
- * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
- **************************************************************************/
-static int MD5_test(BI_CTX *bi_ctx)
-{
-    MD5_CTX ctx;
-    uint8_t ct[MD5_SIZE];
-    uint8_t digest[MD5_SIZE];
-    int res = 1;
-
-    {
-        const char *in_str =  "abc";
-        bigint *ct_bi = bi_str_import(bi_ctx, 
-                "900150983CD24FB0D6963F7D28E17F72");
-        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-
-        MD5_Init(&ctx);
-        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: MD5 #1 failed\n");
-            goto end;
-        }
-    }
-
-    {
-        const char *in_str =
-            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
-        bigint *ct_bi = bi_str_import(
-                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
-        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-
-        MD5_Init(&ctx);
-        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
-        MD5_Final(digest, &ctx);
-
-        if (memcmp(digest, ct, sizeof(ct)))
-        {
-            printf("Error: MD5 #2 failed\n");
-            goto end;
-        }
-    }
-    res = 0;
-    printf("All MD5 tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * HMAC tests 
- *
- * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
- **************************************************************************/
-static int HMAC_test(BI_CTX *bi_ctx)
-{
-    uint8_t key[SHA256_SIZE];
-    uint8_t ct[SHA256_SIZE];
-    uint8_t dgst[SHA256_SIZE];
-    int res = 1;
-    const char *key_str;
-
-    const char *data_str = "Hi There";
-    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
-    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
-    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
-    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
-    if (memcmp(dgst, ct, MD5_SIZE))
-    {
-        printf("HMAC MD5 #1 failed\n");
-        goto end;
-    }
-
-    data_str = "what do ya want for nothing?";
-    key_str = "Jefe";
-    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
-    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
-    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
-    if (memcmp(dgst, ct, MD5_SIZE))
-    {
-        printf("HMAC MD5 #2 failed\n");
-        goto end;
-    }
-   
-    data_str = "Hi There";
-    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
-    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
-    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
-    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-    hmac_sha1((const uint8_t *)data_str, 8, 
-            (const uint8_t *)key, SHA1_SIZE, dgst);
-    if (memcmp(dgst, ct, SHA1_SIZE))
-    {
-        printf("HMAC SHA1 #1 failed\n");
-        goto end;
-    }
-
-    data_str = "what do ya want for nothing?";
-    key_str = "Jefe";
-    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
-    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
-
-    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
-    if (memcmp(dgst, ct, SHA1_SIZE))
-    {
-        printf("HMAC SHA1 #2 failed\n");
-        goto end;
-    }
-
-    data_str = "Hi There";
-    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
-    ct_bi = bi_str_import(bi_ctx,
-            "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
-    bi_export(bi_ctx, key_bi, key, 20);
-    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
-
-    hmac_sha256((const uint8_t *)data_str, 8, 
-            (const uint8_t *)key, 20, dgst);
-
-    if (memcmp(dgst, ct, SHA256_SIZE))
-    {
-        printf("HMAC SHA256 #1 failed\n");
-        goto end;
-    } 
-
-    data_str = "what do ya want for nothing?";
-    key_str = "Jefe";
-    ct_bi = bi_str_import(bi_ctx,
-            "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
-    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
-
-    hmac_sha256((const uint8_t *)data_str, 28, 
-            (const uint8_t *)key_str, 4, dgst);
-    if (memcmp(dgst, ct, SHA256_SIZE))
-    {
-        printf("HMAC SHA256 #2 failed\n");
-        goto end;
-    }
-
-    // other test
-    /*uint8_t secret[16];
-    key_str = "9BBE436BA940F017B17652849A71DB35";
-    ct_bi = bi_str_import(bi_ctx, key_str);
-    bi_export(bi_ctx, ct_bi, secret, 16);
-
-    uint8_t random[26];
-    data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
-    ct_bi = bi_str_import(bi_ctx, data_str);
-    bi_export(bi_ctx, ct_bi, random, 26);
-
-    uint8_t output[256];
-    p_hash_sha256(secret, 16, random, 26, output, 100);
-    ct_bi = bi_import(bi_ctx, output, 100);
-    bi_print("RESULT", ct_bi);
-    */
-
-    /*uint8_t secret[48];
-    uint8_t random[256];
-    uint8_t output[256];
-
-    key_str =
-        "8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
-    ct_bi = bi_str_import(bi_ctx, key_str);
-    bi_export(bi_ctx, ct_bi, secret, 48);
-
-    data_str =
-        "636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
-    ct_bi = bi_str_import(bi_ctx, data_str);
-    bi_export(bi_ctx, ct_bi, random, 47);
-
-    p_hash_sha256(secret, 48, random, 47, output, 12);
-    ct_bi = bi_import(bi_ctx, output, 12);
-    bi_print("RESULT1", ct_bi);*/
-
-    res = 0;
-    printf("All HMAC tests passed\n");
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * BIGINT tests 
- *
- **************************************************************************/
-static int BIGINT_test(BI_CTX *ctx)
-{
-    int res = 1;
-
-#ifndef CONFIG_INTEGER_8BIT 
-#ifndef CONFIG_INTEGER_16BIT 
-    bigint *bi_data, *bi_exp, *bi_res;
-    const char *expnt, *plaintext, *mod;
-    uint8_t compare[MAX_KEY_BYTE_SIZE];
-    /**
-     * 512 bit key
-     */
-    plaintext = /* 64 byte number */
-        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
-
-    mod = "C30773C8ABE09FCC279EE0E5343370DE"
-          "8B2FFDB6059271E3005A7CEEF0D35E0A"
-          "1F9915D95E63560836CC2EB2C289270D"
-          "BCAE8CAF6F5E907FC2759EE220071E1B";
-
-    expnt = "A1E556CD1738E10DF539E35101334E97"
-          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
-          "F3140F5091CC535CBAA47CEC4159EE1F"
-          "B6A3661AFF1AB758426EAB158452A9B9";
-
-    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
-    bi_exp = int_to_bi(ctx, 0x10001);
-    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
-    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
-
-    bi_data = bi_res;   /* resuse again - see if we get the original */
-
-    bi_exp = bi_str_import(ctx, expnt);
-    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
-    bi_free_mod(ctx, 0);
-
-    bi_export(ctx, bi_res, compare, 64);
-    if (memcmp(plaintext, compare, 64) != 0)
-        goto end;
-#endif
-#endif
-
-    /*
-     * Multiply with psssible carry issue (8 bit)
-     */
-    {
-        bigint *bi_x = bi_str_import(ctx, 
-                "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
-        bigint *arg2 = bi_clone(ctx, bi_x);
-        bigint *arg3 = bi_clone(ctx, bi_x);
-        bigint *sqr_result = bi_square(ctx, bi_x);
-        bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
-
-        if (bi_compare(sqr_result, mlt_result) != 0)
-        {
-            bi_print("SQR_RESULT", sqr_result);
-            bi_print("MLT_RESULT", mlt_result);
-            bi_free(ctx, sqr_result);
-            bi_free(ctx, mlt_result);
-            goto end;
-        }
-
-        bi_free(ctx, sqr_result);
-        bi_free(ctx, mlt_result);
-    }
-
-    printf("All BIGINT tests passed\n");
-    res = 0;
-
-end:
-    return res;
-}
-
-/**************************************************************************
- * RSA tests 
- *
- * Use the results from openssl to verify PKCS1 etc 
- **************************************************************************/
-static int RSA_test(void)
-{
-    int res = 1;
-    const char *plaintext = /* 128 byte hex number */
-        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
-        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
-    uint8_t enc_data[128], dec_data[128];
-    RSA_CTX *rsa_ctx = NULL;
-    BI_CTX *bi_ctx;
-    bigint *plaintext_bi;
-    bigint *enc_data_bi, *dec_data_bi;
-    uint8_t enc_data2[128], dec_data2[128];
-    int len; 
-    uint8_t *buf;
-
-    RNG_initialize();
-
-    /* extract the private key elements */
-    len = get_file("../ssl/test/axTLS.key_1024", &buf);
-    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
-    {
-        goto end;
-    }
-
-    free(buf);
-    bi_ctx = rsa_ctx->bi_ctx;
-    plaintext_bi = bi_import(bi_ctx, 
-            (const uint8_t *)plaintext, strlen(plaintext));
-
-    /* basic rsa encrypt */
-    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
-    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
-
-    /* basic rsa decrypt */
-    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
-    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
-
-    if (memcmp(dec_data, plaintext, strlen(plaintext)))
-    {
-        printf("Error: DECRYPT #1 failed\n");
-        goto end;
-    }
-
-    if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
-    {
-        printf("Error: ENCRYPT #2 failed\n");
-        goto end;
-    }
-
-    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
-    if (memcmp("abc", dec_data2, 3))
-    {
-        printf("Error: DECRYPT #2 failed\n");
-        goto end;
-    }
-
-    RSA_free(rsa_ctx);
-    res = 0;
-    printf("All RSA tests passed\n");
-
-end:
-    RNG_terminate();
-    return res;
-}
-
-/**************************************************************************
- * Cert Testing
- *
- **************************************************************************/
-static int cert_tests(void)
-{
-    int res = -1, len;
-    X509_CTX *x509_ctx;
-    SSL_CTX *ssl_ctx;
-    uint8_t *buf;
-
-    /* check a bunch of 3rd party certificates */
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #1\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/thawte.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #2\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #3\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/equifax.x509_ca", &buf);
-    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #4\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/gnutls.cer", &buf);
-    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #5\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    len = get_file("../ssl/test/socgen.cer", &buf);
-    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
-    {
-        printf("Cert #6\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    free(buf);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
-                "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
-    {
-        printf("Cert #7\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
-                "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
-    {
-        printf("Cert #8\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if ((res = ssl_obj_load(ssl_ctx, 
-              SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
-    {
-        printf("Cert #9\n");
-        ssl_display_error(res);
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-
-    if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
-                                    x509_new(buf, &len, &x509_ctx))
-    {
-        printf("Cert #10\n");
-        res = -1;
-        goto bad_cert;
-    }
-
-    if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
-    {
-        printf("Cert #11\n");
-        res = -1;
-        goto bad_cert;
-    }
-    x509_free(x509_ctx);
-    free(buf);
-
-    // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
-    ssl_ctx = ssl_ctx_new(0, 0);
-    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
-            "../ssl/test/ca-bundle.crt", NULL))
-    {
-        goto bad_cert;
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    res = 0;        /* all ok */
-    printf("All Certificate tests passed\n");
-
-bad_cert:
-    if (res)
-        printf("Error: A certificate test failed\n");
-
-    return res;
-}
-
-/**
- * init a server socket.
- */
-static int server_socket_init(int *port)
-{
-    struct sockaddr_in serv_addr;
-    int server_fd;
-    char yes = 1;
-
-    /* Create socket for incoming connections */
-    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
-    {
-        return -1;
-    }
-      
-    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
-
-go_again:
-    /* Construct local address structure */
-    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
-    serv_addr.sin_family = AF_INET;                /* Internet address family */
-    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
-    serv_addr.sin_port = htons(*port);              /* Local port */
-
-    /* Bind to the local address */
-    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
-    {
-        (*port)++;
-        goto go_again;
-    }
-    /* Mark the socket so it will listen for incoming connections */
-    if (listen(server_fd, 3000) < 0)
-    {
-        return -1;
-    }
-
-    return server_fd;
-}
-
-/**
- * init a client socket.
- */
-static int client_socket_init(uint16_t port)
-{
-    struct sockaddr_in address;
-    int client_fd;
-
-    address.sin_family = AF_INET;
-    address.sin_port = htons(port);
-    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
-    client_fd = socket(AF_INET, SOCK_STREAM, 0);
-    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
-    {
-        perror("socket");
-        SOCKET_CLOSE(client_fd);
-        client_fd = -1;
-    }
-
-    return client_fd;
-}
-
-/**************************************************************************
- * SSL Server Testing
- *
- **************************************************************************/
-typedef struct
-{
-    /* not used as yet */
-    int dummy;
-} SVR_CTX;
-
-typedef struct
-{
-    const char *testname;
-    const char *openssl_option;
-} client_t;
-
-static void do_client(client_t *clnt)
-{
-    char openssl_buf[2048];
-    usleep(200000);           /* allow server to start */
-
-    /* show the session ids in the reconnect test */
-    if (strcmp(clnt->testname, "Session Reuse") == 0)
-    {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
-            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
-            g_port, clnt->openssl_option);
-    }
-    else if (strstr(clnt->testname, "GNUTLS") == NULL)
-    {
-        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
-#ifdef WIN32
-            "-connect localhost:%d -quiet %s",
-#else
-            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
-#endif
-            g_port, clnt->openssl_option);
-    }
-    else /* gnutls */
-    {
-        sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
-#ifdef WIN32
-            "-p %d %s localhost",
-#else
-            "-p %d %s localhost > /dev/null 2>&1",
-#endif
-        g_port, clnt->openssl_option);
-    }
-
-//printf("CLIENT %s\n", openssl_buf);
-    SYSTEM(openssl_buf);
-}
-
-static int SSL_server_test(
-        const char *testname, 
-        const char *openssl_option, 
-        const char *device_cert, 
-        const char *product_cert, 
-        const char *private_key,
-        const char *ca_cert,
-        const char *password,
-        int axtls_option)
-{
-    int server_fd, ret = 0;
-    SSL_CTX *ssl_ctx = NULL;
-    struct sockaddr_in client_addr;
-    uint8_t *read_buf;
-    socklen_t clnt_len = sizeof(client_addr);
-    client_t client_data;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-    g_port++;
-
-    client_data.testname = testname;
-    client_data.openssl_option = openssl_option;
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    if (private_key)
-    {
-        axtls_option |= SSL_NO_DEFAULT_KEY;
-    }
-
-    if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-    if (private_key)
-    {
-        int obj_type = SSL_OBJ_RSA_KEY;
-
-        if (strstr(private_key, ".p8"))
-            obj_type = SSL_OBJ_PKCS8;
-        else if (strstr(private_key, ".p12"))
-            obj_type = SSL_OBJ_PKCS12;
-
-        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto error;
-        }
-    }
-
-    if (device_cert)             /* test chaining */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-    if (product_cert)             /* test chaining */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-    if (ca_cert)                  /* test adding certificate authorities */
-    {
-        if ((ret = ssl_obj_load(ssl_ctx, 
-                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
-            goto error;
-    }
-
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_client, (void *)&client_data);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
-            (LPVOID)&client_data, 0, NULL);
-#endif
-
-    for (;;)
-    {
-        int client_fd, size = 0; 
-        SSL *ssl;
-
-        /* Wait for a client to connect */
-        if ((client_fd = accept(server_fd, 
-                        (struct sockaddr *)&client_addr, &clnt_len)) < 0)
-        {
-            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-            goto error;
-        }
-        
-        /* we are ready to go */
-        ssl = ssl_server_new(ssl_ctx, client_fd);
-        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
-        SOCKET_CLOSE(client_fd);
-        
-        if (size == SSL_CLOSE_NOTIFY)
-        {
-            /* do nothing */ 
-        }
-        else if (size < SSL_OK) /* got some alert or something nasty */
-        {
-            ret = size;
-
-            if (ret == SSL_ERROR_CONN_LOST)
-                continue;
-
-            break;  /* we've got a problem */
-        }
-        else /* looks more promising */
-        {
-            if (strstr("hello client", (char *)read_buf) == NULL)
-            {
-                printf("SSL server test \"%s\" passed\n", testname);
-                TTY_FLUSH();
-                ret = 0;
-                break;
-            }
-        }
-
-        ssl_free(ssl);
-    }
-
-    SOCKET_CLOSE(server_fd);
-
-error:
-    ssl_ctx_free(ssl_ctx);
-    return ret;
-}
-
-int SSL_server_tests(void)
-{
-    int ret = -1;
-    struct stat stat_buf;
-    SVR_CTX svr_test_ctx;
-    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
-
-    printf("### starting server tests\n"); TTY_FLUSH();
-
-    /* Go through the algorithms */
-
-    /* 
-     * TLS client hello 
-     */
-
-    /*
-     * AES128-SHA TLS1.2
-     */
-    if ((ret = SSL_server_test("AES128-SHA TLS1.2", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES256-SHA TLS1.2
-     */
-    if ((ret = SSL_server_test("AES256-SHA TLS1.2", 
-                    "-cipher AES256-SHA -tls1_2", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES128-SHA256 TLS1.2
-     */
-    if ((ret = SSL_server_test("AES128-SHA256 TLS1.2", 
-                    "-cipher AES128-SHA256 -tls1_2", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-
-    /*
-     * AES256-SHA256 TLS1.2
-     */
-    if ((ret = SSL_server_test("AES256-SHA256 TLS1.2", 
-                    "-cipher AES256-SHA256 -tls1_2", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES128-SHA TLS1.1
-     */
-    if ((ret = SSL_server_test("AES128-SHA TLS1.1", 
-                    "-cipher AES128-SHA -tls1_1", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * AES128-SHA TLS1.0
-     */
-    if ((ret = SSL_server_test("AES128-SHA TLS1.0", 
-                    "-cipher AES128-SHA -tls1", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * Session Reuse
-     * all the session id's should match for session resumption.
-     */
-    if ((ret = SSL_server_test("Session Reuse", 
-                    "-cipher AES128-SHA -reconnect -tls1_2", 
-                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
-                    DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 1024 bit RSA key (check certificate chaining)
-     */
-    if ((ret = SSL_server_test("1024 bit key", 
-                    "-cipher AES128-SHA -tls1_2",
-                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 2048 bit RSA key 
-     */
-    if ((ret = SSL_server_test("2048 bit key", 
-                    "-cipher AES128-SHA -tls1_2",
-                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
-                    "../ssl/test/axTLS.key_2048",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * 4096 bit RSA key 
-     */
-    if ((ret = SSL_server_test("4096 bit key", 
-                    "-cipher AES128-SHA -tls1_2",
-                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
-                    "../ssl/test/axTLS.key_4096",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * RSA1024/SHA256
-     */
-    if ((ret = SSL_server_test("RSA1024/SHA256",
-                    "-tls1_2",
-                    "../ssl/test/axTLS.x509_1024_sha256.pem" , NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * RSA1024/SHA384
-     */
-    if ((ret = SSL_server_test("RSA1024/SHA384",
-                    "-tls1_2",
-                    "../ssl/test/axTLS.x509_1024_sha384.pem" , NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * RSA1024/SHA512
-     */
-    if ((ret = SSL_server_test("RSA1024/SHA512",
-                    "-tls1_2",
-                    "../ssl/test/axTLS.x509_1024_sha512.pem" , NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Client Verification
-     */
-    if ((ret = SSL_server_test("Client Verification TLS1.2", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem ", 
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
-        goto cleanup;
-
-    if ((ret = SSL_server_test("Client Verification TLS1.1", 
-                    "-cipher AES128-SHA -tls1_1 "
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
-        goto cleanup;
-
-    /* this test should fail */
-    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
-    {
-        if ((ret = SSL_server_test("Error: Bad Before Cert", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
-            goto cleanup;
-
-        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
-        TTY_FLUSH();
-    }
-
-    /* this test should fail */
-    if ((ret = SSL_server_test("Error: Bad After Cert", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.ca_x509.cer", NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
-    TTY_FLUSH();
-
-    /*
-     * No trusted cert
-     */
-    if ((ret = SSL_server_test("Error: No trusted certificate", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    NULL, NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "No trusted certificate");
-    TTY_FLUSH();
-
-    /*
-     * Self-signed (from the server)
-     */
-    if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem "
-                    "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    NULL, NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
-                            SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", 
-                            "Self-signed certificate (from server)");
-    TTY_FLUSH();
-
-    /*
-     * Self-signed (from the client)
-     */
-    if ((ret = SSL_server_test("Self-signed certificate (from client)", 
-                    "-cipher AES128-SHA -tls1_2 "
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem ",
-                    NULL,
-                "../ssl/test/axTLS.x509_1024.pem", 
-                "../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.ca_x509.cer",
-                    NULL,
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
-        goto cleanup;
-
-    /* 
-     * Key in PEM format
-     */
-    if ((ret = SSL_server_test("Key in PEM format",
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL,
-                    NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Cert in PEM format
-     */
-    if ((ret = SSL_server_test("Cert in PEM format", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_1024.pem", NULL, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL,
-                    NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * Cert chain in PEM format
-     */
-    if ((ret = SSL_server_test("Cert chain in PEM format", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_device.pem", 
-                    NULL, "../ssl/test/axTLS.key_device.pem",
-                    "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES128 Encrypted key 
-     */
-    if ((ret = SSL_server_test("AES128 encrypted key", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes128.pem",
-                    NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES256 Encrypted key 
-     */
-    if ((ret = SSL_server_test("AES256 encrypted key", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes256.pem",
-                    NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * AES128 Encrypted invalid key 
-     */
-    if ((ret = SSL_server_test("AES128 encrypted invalid key", 
-                    "-cipher AES128-SHA -tls1_2", 
-                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
-                    "../ssl/test/axTLS.key_aes128.pem",
-                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
-        goto cleanup;
-
-    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
-    TTY_FLUSH();
-
-    /*
-     * PKCS#8 key (encrypted)
-     */
-    if ((ret = SSL_server_test("pkcs#8 encrypted", 
-                "-cipher AES128-SHA -tls1_2", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * PKCS#8 key (unencrypted DER format)
-     */
-    if ((ret = SSL_server_test("pkcs#8 DER unencrypted", 
-                "-cipher AES128-SHA -tls1_2", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
-                NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * PKCS#8 key (unencrypted PEM format)
-     */
-    if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", 
-                "-cipher AES128-SHA -tls1_2", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", 
-                NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /*
-     * PKCS#12 key/certificate
-     */
-    if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher AES128-SHA", 
-                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher AES128-SHA", 
-                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
-                NULL, "abcd", DEFAULT_SVR_OPTION)))
-        goto cleanup;
-
-    /* 
-     * GNUTLS
-     */
-    if ((ret = SSL_server_test("GNUTLS client", 
-                    "",
-                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    NULL, NULL, DEFAULT_SVR_OPTION)))
-        goto cleanup;
-    
-    if ((ret = SSL_server_test("GNUTLS client with verify", 
-                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
-                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem",
-                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
-                    "../ssl/test/axTLS.key_1024",
-                    "../ssl/test/axTLS.ca_x509.cer", NULL, 
-                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
-        goto cleanup;
-    ret = 0;
-
-cleanup:
-    if (ret)
-    {
-        printf("Error: A server test failed\n");
-        ssl_display_error(ret);
-        exit(1);
-    }
-    else
-    {
-        printf("All server tests passed\n"); TTY_FLUSH();
-    }
-
-    return ret;
-}
-
-/**************************************************************************
- * SSL Client Testing
- *
- **************************************************************************/
-typedef struct
-{
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-#ifndef WIN32
-    pthread_t server_thread;
-#endif
-    int start_server;
-    int stop_server;
-    int do_reneg;
-} CLNT_SESSION_RESUME_CTX;
-
-typedef struct
-{
-    const char *testname;
-    const char *openssl_option;
-    int do_gnutls;
-} server_t;
-
-static void do_server(server_t *svr)
-{
-    char openssl_buf[2048];
-#ifndef WIN32
-    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-#endif
-    if (svr->do_gnutls)
-    {
-        sprintf(openssl_buf, "gnutls-serv " 
-                "-p %d --quiet %s ", g_port, svr->openssl_option);
-    }
-    else
-    {
-        sprintf(openssl_buf, "openssl s_server " 
-#ifdef WIN32
-                "-accept %d -quiet %s", 
-#else
-                "-accept %d -quiet %s > /dev/null", 
-#endif
-                g_port, svr->openssl_option);
-    }
-//printf("SERVER %s\n", openssl_buf);
-    SYSTEM(openssl_buf);
-}
-
-static int SSL_client_test(
-        const char *test,
-        SSL_CTX **ssl_ctx,
-        const char *openssl_option, 
-        CLNT_SESSION_RESUME_CTX *sess_resume,
-        uint32_t client_options,
-        const char *private_key,
-        const char *password,
-        const char *cert)
-{
-    server_t server_data;
-    SSL *ssl = NULL;
-    int client_fd = -1;
-    uint8_t *session_id = NULL;
-    int ret = 1;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-
-    server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
-
-    if (sess_resume == NULL || sess_resume->start_server)
-    {
-        g_port++;
-        server_data.openssl_option = openssl_option;
-
-#ifndef WIN32
-        pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_server, (void *)&server_data);
-        pthread_detach(thread);
-#else
-        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
-            (LPVOID)&server_data, 0, NULL);
-#endif
-    }
-    
-    usleep(200000);           /* allow server to start */
-
-    if (*ssl_ctx == NULL)
-    {
-        if (private_key)
-        {
-            client_options |= SSL_NO_DEFAULT_KEY;
-        }
-
-        if ((*ssl_ctx = ssl_ctx_new(
-                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto client_test_exit;
-        }
-
-        if (private_key)
-        {
-            int obj_type = SSL_OBJ_RSA_KEY;
-
-            if (strstr(private_key, ".p8"))
-                obj_type = SSL_OBJ_PKCS8;
-            else if (strstr(private_key, ".p12"))
-                obj_type = SSL_OBJ_PKCS12;
-
-            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
-            {
-                ret = SSL_ERROR_INVALID_KEY;
-                goto client_test_exit;
-            }
-        }
-
-        if (cert)                  
-        {
-            if ((ret = ssl_obj_load(*ssl_ctx, 
-                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
-            {
-                printf("could not add cert %s (%d)\n", cert, ret);
-                TTY_FLUSH();
-                goto client_test_exit;
-            }
-        }
-
-        if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
-                "../ssl/test/axTLS.ca_x509.cer", NULL))
-        {
-            printf("could not add cert auth\n"); TTY_FLUSH();
-            goto client_test_exit;
-        }
-    }
-    
-    if (sess_resume && !sess_resume->start_server) 
-    {
-        session_id = sess_resume->session_id;
-    }
-
-    if ((client_fd = client_socket_init(g_port)) < 0)
-    {
-        printf("could not start socket on %d\n", g_port); TTY_FLUSH();
-        goto client_test_exit;
-    }
-
-    ssl = ssl_client_new(*ssl_ctx, client_fd, 
-            session_id, sizeof(session_id), NULL);
-
-    /* check the return status */
-    if ((ret = ssl_handshake_status(ssl)))
-        goto client_test_exit;
-
-    /* renegotiate client */
-    if (sess_resume && sess_resume->do_reneg) 
-    {
-        if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION) 
-            ret = 0;
-        else
-            ret = -SSL_ALERT_NO_RENEGOTIATION;
-
-        goto client_test_exit;
-    }
-
-    if (sess_resume)
-    {
-        memcpy(sess_resume->session_id, 
-                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
-    }
-
-    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
-                                            (ret = ssl_verify_cert(ssl)))
-    {
-        goto client_test_exit;
-    }
-
-    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
-    if (sess_resume)
-    {
-        const uint8_t *sess_id = ssl_get_session_id(ssl);
-        int i;
-
-        printf("    Session-ID: ");
-        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
-        {
-            printf("%02X", sess_id[i]);
-        }
-        printf("\n");
-        TTY_FLUSH();
-    }
-
-    ret = 0;
-
-client_test_exit:
-    ssl_free(ssl);
-    SOCKET_CLOSE(client_fd);
-    usleep(200000);           /* allow openssl to say something */
-
-    if (sess_resume)
-    {
-        if (sess_resume->stop_server)
-        {
-            ssl_ctx_free(*ssl_ctx);
-            *ssl_ctx = NULL;
-        }
-        else if (sess_resume->start_server)
-        {
-#ifndef WIN32
-           sess_resume->server_thread = thread;
-#endif
-        }
-    }
-    else
-    {
-        ssl_ctx_free(*ssl_ctx);
-        *ssl_ctx = NULL;
-    }
-
-    if (ret == 0)
-    {
-        printf("SSL client test \"%s\" passed\n", test);
-        TTY_FLUSH();
-    }
-
-    return ret;
-}
-
-int SSL_client_tests(void)
-{
-    int ret =  -1;
-    SSL_CTX *ssl_ctx = NULL;
-    CLNT_SESSION_RESUME_CTX sess_resume;
-    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
-
-    sess_resume.start_server = 1;
-    printf("### starting client tests\n");
-   
-    if ((ret = SSL_client_test("1024 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem", 
-                    &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    /* all the session id's should match for session resumption */
-    sess_resume.start_server = 0;
-    if ((ret = SSL_client_test("Client session resumption #1", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    // no client renegotiation
-    sess_resume.do_reneg = 1;
-    // test relies on openssl killing the call
-    if ((ret = SSL_client_test("Client renegotiation", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-    sess_resume.do_reneg = 0;
-
-    sess_resume.stop_server = 1;
-    if ((ret = SSL_client_test("Client session resumption #2", 
-                    &ssl_ctx, NULL, &sess_resume, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("1024 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("2048 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("4096 bit key", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_4096.pem "
-                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("TLS 1.1", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("TLS 1.0", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_1024.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("Basic Constraint - len OK", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
-                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
-                    "../ssl/test/axTLS.x509_intermediate_ca.pem",
-                    NULL, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    if ((ret = SSL_client_test("Basic Constraint - len NOT OK", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
-                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
-                    "../ssl/test/axTLS.x509_intermediate_ca2.pem",
-                    NULL, 
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
-                            != SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
-    {
-        printf("*** Error: %d\n", ret); 
-        if (ret == 0)
-            ret = SSL_NOT_OK;
-
-        goto cleanup;
-    }
-
-    printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
-
-    if ((ret = SSL_client_test("Server cert chaining", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_device.pem "
-                    "-key ../ssl/test/axTLS.key_device.pem "
-                    "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
-        goto cleanup;
-
-    /* Check the server can verify the client */
-    if ((ret = SSL_client_test("Client peer authentication",
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem "
-                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
-                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.key_1024", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")))
-        goto cleanup;
-
-    /* Check the server can verify the client */
-    if ((ret = SSL_client_test("Client peer authentication TLS1.1",
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem "
-                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
-                    "-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.key_1024", NULL,
-                    "../ssl/test/axTLS.x509_1024.cer")))
-        goto cleanup;
-
-    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
-     * the certificate verification fails) */
-    if ((ret = SSL_client_test("Error: Expired cert (verify now)",
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
-                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
-                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-    {
-        printf("*** Error: %d\n", ret);
-        goto cleanup;
-    }
-
-    printf("SSL client test \"Expired cert (verify now)\" passed\n");
-
-    /* There is no "ERROR" from openssl */
-    if ((ret = SSL_client_test("Error: Expired cert (verify later)", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
-                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
-                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
-                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
-    {
-        printf("*** Error: %d\n", ret); TTY_FLUSH();
-        goto cleanup;
-    }
-
-    printf("SSL client test \"Expired cert (verify later)\" passed\n");
-
-    /* invalid cert type */
-    /*if ((ret = SSL_client_test("Error: Invalid certificate type", 
-                    &ssl_ctx,
-                    "-cert ../ssl/test/axTLS.x509_2048.pem "
-                    "-key ../ssl/test/axTLS.key_2048.pem "
-                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
-                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL,
-                    "../ssl/test/axTLS.x509_1024.pem")) 
-                            != SSL_ERROR_INVALID_KEY)
-    {
-        if (ret == 0)
-            ret = SSL_NOT_OK;
-
-        printf("*** Error: %d\n", ret); TTY_FLUSH();
-        goto cleanup;
-    }
-
-    printf("SSL client test \"Invalid certificate type\" passed\n"); */
-
-    if ((ret = SSL_client_test("GNUTLS client", 
-                    &ssl_ctx,
-                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
-                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
-                    DEFAULT_CLNT_OPTION, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL,
-                    "../ssl/test/axTLS.x509_1024.pem")))
-        goto cleanup;
-
-    ret = 0;
-
-    if ((ret = SSL_client_test("GNUTLS client with verify", 
-                    &ssl_ctx,
-                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
-                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
-                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL,
-                    "../ssl/test/axTLS.x509_1024.pem"))) 
-        goto cleanup;
-
-    ret = 0;
-
-cleanup:
-    if (ret)
-    {
-        ssl_display_error(ret);
-        printf("Error: A client test failed\n");
-        SYSTEM("sh ../ssl/test/killopenssl.sh");
-        SYSTEM("sh ../ssl/test/killgnutls.sh");
-        exit(1);
-    }
-    else
-    {
-        printf("All client tests passed\n"); TTY_FLUSH();
-    }
-
-    ssl_ctx_free(ssl_ctx);
-    return ret;
-}
-
-/**************************************************************************
- * SSL Basic Testing (test a big packet handshake)
- *
- **************************************************************************/
-static uint8_t basic_buf[256*1024];
-
-static void do_basic(void)
-{
-    int client_fd;
-    SSL *ssl_clnt;
-    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
-                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-    usleep(200000);           /* allow server to start */
-
-    if ((client_fd = client_socket_init(g_port)) < 0)
-        goto error;
-
-    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-        goto error;
-
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
-
-    /* check the return status */
-    if (ssl_handshake_status(ssl_clnt) < 0)
-    {
-        ssl_display_error(ssl_handshake_status(ssl_clnt));
-        goto error;
-    }
-
-    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
-    ssl_free(ssl_clnt);
-
-error:
-    ssl_ctx_free(ssl_clnt_ctx);
-    SOCKET_CLOSE(client_fd);
-
-    /* exit this thread */
-}
-
-static int SSL_basic_test(void)
-{
-    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
-    SSL_CTX *ssl_svr_ctx = NULL;
-    struct sockaddr_in client_addr;
-    uint8_t *read_buf;
-    socklen_t clnt_len = sizeof(client_addr);
-    SSL *ssl_svr;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
-    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
-                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
-        goto error;
-
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
-        goto error;
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_basic, NULL);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
-#endif
-
-    /* Wait for a client to connect */
-    if ((client_fd = accept(server_fd, 
-                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-    {
-        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-        goto error;
-    }
-    
-    /* we are ready to go */
-    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
-    
-    do
-    {
-        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
-
-        if (size < SSL_OK) /* got some alert or something nasty */
-        {
-            ssl_display_error(size);
-            ret = size;
-            break;
-        }
-        else /* looks more promising */
-        {
-            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
-            {
-                ret = SSL_NOT_OK;
-                break;
-            }
-        }
-
-        offset += size;
-    } while (offset < sizeof(basic_buf));
-
-    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
-                            "SSL basic test passed\n" :
-                            "SSL basic test failed\n");
-    TTY_FLUSH();
-
-    ssl_free(ssl_svr);
-    SOCKET_CLOSE(server_fd);
-    SOCKET_CLOSE(client_fd);
-
-error:
-    ssl_ctx_free(ssl_svr_ctx);
-    return ret;
-}
-
-/**************************************************************************
- * SSL unblocked case
- *
- **************************************************************************/
-static void do_unblocked(void)
-{
-    int client_fd;
-    SSL *ssl_clnt;
-    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
-                            DEFAULT_CLNT_OPTION, 
-                            SSL_DEFAULT_CLNT_SESS |
-                            SSL_CONNECT_IN_PARTS);
-    usleep(200000);           /* allow server to start */
-
-    if ((client_fd = client_socket_init(g_port)) < 0)
-        goto error;
-
-    {
-#ifdef WIN32
-        u_long argp = 1;
-        ioctlsocket(client_fd, FIONBIO, &argp);
-#else
-        int flags = fcntl(client_fd, F_GETFL, NULL);
-        fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
-#endif
-    }
-
-    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-        goto error;
-
-    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
-
-    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
-    {
-        if (ssl_read(ssl_clnt, NULL) < 0)
-        {
-            ssl_display_error(ssl_handshake_status(ssl_clnt));
-            goto error;
-        }
-    }
-
-    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
-    ssl_free(ssl_clnt);
-
-error:
-    ssl_ctx_free(ssl_clnt_ctx);
-    SOCKET_CLOSE(client_fd);
-
-    /* exit this thread */
-}
-
-static int SSL_unblocked_test(void)
-{
-    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
-    SSL_CTX *ssl_svr_ctx = NULL;
-    struct sockaddr_in client_addr;
-    uint8_t *read_buf;
-    socklen_t clnt_len = sizeof(client_addr);
-    SSL *ssl_svr;
-#ifndef WIN32
-    pthread_t thread;
-#endif
-    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
-    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
-                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
-        goto error;
-
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
-        goto error;
-
-#ifndef WIN32
-    pthread_create(&thread, NULL, 
-                (void *(*)(void *))do_unblocked, NULL);
-    pthread_detach(thread);
-#else
-    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked, 
-                        NULL, 0, NULL);
-#endif
-
-    /* Wait for a client to connect */
-    if ((client_fd = accept(server_fd, 
-                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-    {
-        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-        goto error;
-    }
-    
-    /* we are ready to go */
-    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
-    
-    do
-    {
-        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
-
-        if (size < SSL_OK) /* got some alert or something nasty */
-        {
-            ssl_display_error(size);
-            ret = size;
-            break;
-        }
-        else /* looks more promising */
-        {
-            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
-            {
-                ret = SSL_NOT_OK;
-                break;
-            }
-        }
-
-        offset += size;
-    } while (offset < sizeof(basic_buf));
-
-    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
-                            "SSL unblocked test passed\n" :
-                            "SSL unblocked test failed\n");
-    TTY_FLUSH();
-
-    ssl_free(ssl_svr);
-    SOCKET_CLOSE(server_fd);
-    SOCKET_CLOSE(client_fd);
-
-error:
-    ssl_ctx_free(ssl_svr_ctx);
-    return ret;
-}
-
-#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
-/**************************************************************************
- * Multi-Threading Tests
- *
- **************************************************************************/
-#define NUM_THREADS         100
-
-typedef struct
-{
-    SSL_CTX *ssl_clnt_ctx;
-    int port;
-    int thread_id;
-} multi_t;
-
-void do_multi_clnt(multi_t *multi_data)
-{
-    int res = 1, client_fd, i;
-    SSL *ssl = NULL;
-    char tmp[5];
-
-    if ((client_fd = client_socket_init(multi_data->port)) < 0)
-        goto client_test_exit;
-
-    usleep(200000);
-    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
-
-    if ((res = ssl_handshake_status(ssl)))
-    {
-        printf("Client ");
-        ssl_display_error(res);
-        goto client_test_exit;
-    }
-
-    sprintf(tmp, "%d\n", multi_data->thread_id);
-    for (i = 0; i < 10; i++)
-        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
-
-client_test_exit:
-    ssl_free(ssl);
-    SOCKET_CLOSE(client_fd);
-    free(multi_data);
-}
-
-void do_multi_svr(SSL *ssl)
-{
-    uint8_t *read_buf;
-    int *res_ptr = malloc(sizeof(int));
-    int res;
-
-    for (;;)
-    {
-        res = ssl_read(ssl, &read_buf);
-
-        /* kill the client */
-        if (res != SSL_OK)
-        {
-            if (res == SSL_ERROR_CONN_LOST)
-            {
-                SOCKET_CLOSE(ssl->client_fd);
-                ssl_free(ssl);
-                break;
-            }
-            else if (res > 0)
-            {
-                /* do nothing */
-            }
-            else /* some problem */
-            {
-                printf("Server ");
-                ssl_display_error(res);
-                goto error;
-            }
-        }
-    }
-
-    res = SSL_OK;
-error:
-    *res_ptr = res;
-    pthread_exit(res_ptr);
-}
-
-int multi_thread_test(void)
-{
-    int server_fd = -1;
-    SSL_CTX *ssl_server_ctx;
-    SSL_CTX *ssl_clnt_ctx;
-    pthread_t clnt_threads[NUM_THREADS];
-    pthread_t svr_threads[NUM_THREADS];
-    int i, res = 0;
-    struct sockaddr_in client_addr;
-    socklen_t clnt_len = sizeof(client_addr);
-
-    printf("Do multi-threading test (takes a minute)\n");
-
-    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
-                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
-        goto error;
-
-    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
-                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
-        goto error;
-    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
-
-    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
-                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
-        goto error;
-
-    if ((server_fd = server_socket_init(&g_port)) < 0)
-        goto error;
-
-    for (i = 0; i < NUM_THREADS; i++)
-    {
-        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
-        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
-        multi_data->port = g_port;
-        multi_data->thread_id = i+1;
-        pthread_create(&clnt_threads[i], NULL, 
-                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
-        pthread_detach(clnt_threads[i]);
-    }
-
-    for (i = 0; i < NUM_THREADS; i++)
-    { 
-        SSL *ssl_svr;
-        int client_fd = accept(server_fd, 
-                      (struct sockaddr *)&client_addr, &clnt_len);
-
-        if (client_fd < 0)
-            goto error;
-
-        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
-
-        pthread_create(&svr_threads[i], NULL, 
-                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
-    }
-
-    /* make sure we've run all of the threads */
-    for (i = 0; i < NUM_THREADS; i++)
-    {
-        void *thread_res;
-        pthread_join(svr_threads[i], &thread_res);
-
-        if (*((int *)thread_res) != 0)
-            res = 1;
-
-        free(thread_res);
-    } 
-
-    if (res) 
-        goto error;
-
-    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
-error:
-    ssl_ctx_free(ssl_svr_ctx);
-    ssl_ctx_free(ssl_clnt_ctx);
-    SOCKET_CLOSE(server_fd);
-    return res;
-}
-#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ 
-
-/**************************************************************************
- * Header issue
- *
- **************************************************************************/
-//static void do_header_issue(void)
-//{
-//    char axtls_buf[2048];
-//#ifndef WIN32
-//    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
-//#endif
-//    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
-//    SYSTEM(axtls_buf);
-//}
-//
-//static int header_issue(void)
-//{
-//    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
-//    int server_fd = -1, client_fd = -1, ret = 1;
-//    uint8_t buf[2048];
-//    int size = 0;
-//    struct sockaddr_in client_addr;
-//    socklen_t clnt_len = sizeof(client_addr);
-//#ifndef WIN32
-//    pthread_t thread;
-//#endif
-//
-//    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
-//        goto error;
-//
-//#ifndef WIN32
-//    pthread_create(&thread, NULL, 
-//                (void *(*)(void *))do_header_issue, NULL);
-//    pthread_detach(thread);
-//#else
-//    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
-//                NULL, 0, NULL);
-//#endif
-//    if ((client_fd = accept(server_fd, 
-//                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
-//    {
-//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-//        goto error;
-//    }
-//
-//    size = fread(buf, 1, sizeof(buf), f);
-//    if (SOCKET_WRITE(client_fd, buf, size) < 0)
-//    {
-//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
-//        goto error;
-//    }
-//
-//    usleep(200000);
-//
-//    ret = 0;
-//error:
-//    fclose(f);
-//    SOCKET_CLOSE(client_fd);
-//    SOCKET_CLOSE(server_fd);
-//    TTY_FLUSH();
-//    SYSTEM("killall axssl");
-//    return ret;
-//}
-
-/**************************************************************************
- * main()
- *
- **************************************************************************/
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    BI_CTX *bi_ctx;
-    int fd;
-
-#ifdef WIN32
-    WSADATA wsaData;
-    WORD wVersionRequested = MAKEWORD(2, 2);
-    WSAStartup(wVersionRequested, &wsaData);
-    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
-    dup2(fd, 2);                        /* write stderr to this file */
-#else
-    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
-    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
-    dup2(fd, 2);
-#endif
-
-    /* can't do testing in this mode */
-#if defined CONFIG_SSL_GENERATE_X509_CERT
-    printf("Error: Must compile with default key/certificates\n");
-    exit(1);
-#endif
-
-    bi_ctx = bi_initialize();
-
-    if (AES_test(bi_ctx))
-    {
-        printf("AES tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (MD5_test(bi_ctx))
-    {
-        printf("MD5 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (SHA1_test(bi_ctx))
-    {
-        printf("SHA1 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (SHA256_test(bi_ctx))
-    {
-        printf("SHA256 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (SHA384_test(bi_ctx))
-    {
-        printf("SHA384 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (SHA512_test(bi_ctx))
-    {
-        printf("SHA512 tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (HMAC_test(bi_ctx))
-    {
-        printf("HMAC tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (BIGINT_test(bi_ctx))
-    {
-        printf("BigInt tests failed!\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    bi_terminate(bi_ctx);
-
-    if (RSA_test())
-    {
-        printf("RSA tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-    if (cert_tests())
-    {
-        printf("CERT tests failed\n");
-        goto cleanup;
-    }
-    TTY_FLUSH();
-
-#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
-    if (multi_thread_test())
-        goto cleanup;
-#endif
-
-    if (SSL_basic_test())
-        goto cleanup;
-
-    SYSTEM("sh ../ssl/test/killopenssl.sh");
-
-    if (SSL_unblocked_test())
-        goto cleanup;
-
-    SYSTEM("sh ../ssl/test/killopenssl.sh");
-
-    if (SSL_client_tests())
-        goto cleanup;
-
-    SYSTEM("sh ../ssl/test/killopenssl.sh");
-    SYSTEM("sh ../ssl/test/killgnutls.sh");
-
-    if (SSL_server_tests())
-        goto cleanup;
-
-    SYSTEM("sh ../ssl/test/killopenssl.sh");
-
-//    if (header_issue())
-//    {
-//        printf("Header tests failed\n"); TTY_FLUSH();
-//        goto cleanup;
-//    }
-
-    ret = 0;        /* all ok */
-    printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
-cleanup:
-
-    if (ret)
-        printf("Error: Some tests failed!\n");
-
-    close(fd);
-    return ret;
-}
diff --git a/tools/sdk/axtls/ssl/tls1.c b/tools/sdk/axtls/ssl/tls1.c
deleted file mode 100644
index ac347d261a..0000000000
--- a/tools/sdk/axtls/ssl/tls1.c
+++ /dev/null
@@ -1,2603 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Common ssl/tlsv1 code to both the client and server implementations.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include "os_port.h"
-#include "ssl.h"
-
-/* The session expiry time */
-#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
-
-static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
-static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
-static const char * server_finished = "server finished";
-static const char * client_finished = "client finished";
-
-static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
-static int set_key_block(SSL *ssl, int is_write);
-static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
-static int send_raw_packet(SSL *ssl, uint8_t protocol);
-static void certificate_free(SSL* ssl);
-static int increase_bm_data_size(SSL *ssl, size_t size);
-static int check_certificate_chain(SSL *ssl);
-
-/**
- * The server will pick the cipher based on the order that the order that the
- * ciphers are listed. This order is defined at compile time.
- */
-#ifndef CONFIG_SSL_SKELETON_MODE
-static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
-#endif
-
-const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
-#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
-{ SSL_AES128_SHA, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES256_SHA256 };
-#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
-{ SSL_AES128_SHA256, SSL_AES256_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };    
-#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
-{ SSL_AES256_SHA256, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };
-#endif
-
-/**
- * The cipher map containing all the essentials for each cipher.
- */
-static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
-{
-    {   /* AES128-SHA */
-        SSL_AES128_SHA,                 /* AES128-SHA */
-        16,                             /* key size */
-        16,                             /* iv size */ 
-        16,                             /* block padding size */
-        SHA1_SIZE,                      /* digest size */
-        2*(SHA1_SIZE+16+16),            /* key block size */
-        hmac_sha1_v,                    /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },
-    {   /* AES256-SHA */
-        SSL_AES256_SHA,                 /* AES256-SHA */
-        32,                             /* key size */
-        16,                             /* iv size */ 
-        16,                             /* block padding size */
-        SHA1_SIZE,                      /* digest size */
-        2*(SHA1_SIZE+32+16),            /* key block size */
-        hmac_sha1_v,                    /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },       
-    {   /* AES128-SHA256 */
-        SSL_AES128_SHA256,              /* AES128-SHA256 */
-        16,                             /* key size */
-        16,                             /* iv size */ 
-        16,                             /* block padding size */
-        SHA256_SIZE,                    /* digest size */
-        2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256_v,                  /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    },       
-    {   /* AES256-SHA256 */
-        SSL_AES256_SHA256,              /* AES256-SHA256 */
-        32,                             /* key size */
-        16,                             /* iv size */ 
-        16,                             /* block padding size */
-        SHA256_SIZE,                    /* digest size */
-        2*(SHA256_SIZE+32+16),          /* key block size */
-        hmac_sha256_v,                  /* hmac algorithm */
-        (crypt_func)AES_cbc_encrypt,    /* encrypt */
-        (crypt_func)AES_cbc_decrypt     /* decrypt */
-    }
-};
-
-static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len,
-        uint8_t *out, int olen);
-static const cipher_info_t *get_cipher_info(uint8_t cipher);
-static void increment_read_sequence(SSL *ssl);
-static void increment_write_sequence(SSL *ssl);
-static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
-        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
-
-/* win32 VC6.0 doesn't have variadic macros */
-#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...) {}
-#endif
-
-/**
- * Allocate new SSL extensions structure and return pointer to it
- *
- */
-EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
-{
-    return (SSL_EXTENSIONS *)calloc(1, sizeof(SSL_EXTENSIONS));
-}
-
-/**
- * Free SSL extensions structure
- *
- */
-EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
-{
-    if (ssl_ext == NULL ) 
-    {
-        return;
-    }
-
-    free(ssl_ext);
-}
-
-EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name)
-{
-    free(ext->host_name);
-    ext->host_name = NULL;
-    if (host_name) {
-        ext->host_name = strdup(host_name);
-    }
-}
-
-/**
- * Set the maximum fragment size for the fragment size negotiation extension
- */
-EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size)
-{
-    ext->max_fragment_size = fragment_size;
-}
-
-/**
- * Establish a new client/server context.
- */
-EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
-{
-    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
-    ssl_ctx->options = options;
-    RNG_initialize();
-
-    if (load_key_certs(ssl_ctx) < 0)
-    {
-        free(ssl_ctx);  /* can't load our key/certificate pair, so die */
-        return NULL;
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl_ctx->num_sessions = num_sessions;
-#endif
-
-    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (num_sessions)
-    {
-        ssl_ctx->ssl_sessions = (SSL_SESSION **)
-                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
-    }
-#endif
-
-    return ssl_ctx;
-}
-
-/*
- * Remove a client/server context.
- */
-EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
-{
-    SSL *ssl;
-    int i;
-
-    if (ssl_ctx == NULL)
-        return;
-
-    ssl = ssl_ctx->head;
-
-    /* clear out all the ssl entries */
-    while (ssl)
-    {
-        SSL *next = ssl->next;
-        ssl_free(ssl);
-        ssl = next;
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    /* clear out all the sessions */
-    for (i = 0; i < ssl_ctx->num_sessions; i++)
-        session_free(ssl_ctx->ssl_sessions, i);
-
-    free(ssl_ctx->ssl_sessions);
-#endif
-
-    i = 0;
-    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
-    {
-        free(ssl_ctx->certs[i].buf);
-        ssl_ctx->certs[i++].buf = NULL;
-    }
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    remove_ca_certs(ssl_ctx->ca_cert_ctx);
-#endif
-    ssl_ctx->chain_length = 0;
-    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
-    RSA_free(ssl_ctx->rsa_ctx);
-    RNG_terminate();
-    free(ssl_ctx);
-}
-
-/*
- * Free any used resources used by this connection.
- */
-EXP_FUNC void STDCALL ssl_free(SSL *ssl)
-{
-    SSL_CTX *ssl_ctx;
-
-    if (ssl == NULL)        /* just ignore null pointers */
-        return;
-
-    /* only notify if we weren't notified first */
-    /* spec says we must notify when we are dying */
-    if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
-        send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
-
-    ssl_ctx = ssl->ssl_ctx;
-
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-
-    /* adjust the server SSL list */
-    if (ssl->prev)
-        ssl->prev->next = ssl->next;
-    else
-        ssl_ctx->head = ssl->next;
-
-    if (ssl->next)
-        ssl->next->prev = ssl->prev;
-    else
-        ssl_ctx->tail = ssl->prev;
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-
-    /* may already be free - but be sure */
-    free(ssl->encrypt_ctx);
-    ssl->encrypt_ctx = NULL;
-    free(ssl->decrypt_ctx);
-    ssl->decrypt_ctx = NULL;
-    disposable_free(ssl);
-    certificate_free(ssl);
-    free(ssl->bm_all_data);
-    ssl_ext_free(ssl->extensions);
-    ssl->extensions = NULL;
-    free(ssl);
-}
-
-/*
- * Read the SSL connection and send any alerts for various errors.
- */
-EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
-{
-    int ret = SSL_OK;
-    do {
-        ret= basic_read(ssl, in_data);
-
-        /* check for return code so we can send an alert */
-        if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
-        {
-            if (ret != SSL_ERROR_CONN_LOST)
-            {
-                send_alert(ssl, ret);
-    #ifndef CONFIG_SSL_SKELETON_MODE
-                /* something nasty happened, so get rid of this session */
-                kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
-    #endif
-            }
-        }
-    } while (IS_SET_SSL_FLAG(SSL_READ_BLOCKING) && (ssl->got_bytes < ssl->need_bytes) && ret == 0 && !IS_SET_SSL_FLAG(SSL_NEED_RECORD));
-    return ret;
-}
-
-/*
- * Write application data to the client
- */
-EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
-{
-    int n = out_len, nw, i, tot = 0;
-    /* maximum size of a TLS packet is around 16kB, so fragment */
-
-    do 
-    {
-        nw = n;
-
-        if (nw > ssl->max_plain_length)    /* fragment if necessary */
-            nw = ssl->max_plain_length;
-
-        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
-                                            &out_data[tot], nw)) <= 0)
-        {
-            out_len = i;    /* an error */
-            break;
-        }
-
-        tot += i;
-        n -= i;
-    } while (n > 0);
-
-    return out_len;
-}
-
-EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int length)
-{
-    int msg_length = 0;
-    if (ssl->hs_status == SSL_ERROR_DEAD)
-        return SSL_ERROR_CONN_LOST;
-
-    if (ssl->flag & SSL_SENT_CLOSE_NOTIFY)
-        return SSL_CLOSE_NOTIFY;
-
-    msg_length += length;
-
-    if (ssl->flag & SSL_TX_ENCRYPTED)
-    {
-        msg_length += ssl->cipher_info->digest_size;
-        {
-            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
-            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
-            if (pad_bytes == 0)
-                pad_bytes += ssl->cipher_info->padding_size;
-            msg_length += pad_bytes;
-        }
-        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
-        {
-            msg_length += ssl->cipher_info->iv_size;
-        }
-    }
-    return SSL_RECORD_SIZE+msg_length;
-}
-
-/**
- * Add a certificate to the certificate chain.
- */
-int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
-{
-    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
-    SSL_CERT *ssl_cert;
-    X509_CTX *cert = NULL;
-    int offset;
-
-    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf) 
-        i++;
-
-    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        printf("Error: maximum number of certs added (%d) - change of "
-                "compile-time configuration required\n",
-                CONFIG_SSL_MAX_CERTS);
-#endif
-        goto error;
-    }
-
-    if ((ret = x509_new(buf, &offset, &cert)))
-        goto error;
-
-#if defined (CONFIG_SSL_FULL_MODE)
-    if (ssl_ctx->options & SSL_DISPLAY_CERTS)
-        x509_print(cert, NULL);
-#endif
-
-    ssl_cert = &ssl_ctx->certs[i];
-    ssl_cert->size = len;
-    ssl_cert->buf = (uint8_t *)malloc(len);
-
-    switch (cert->sig_type)
-    {
-        case SIG_TYPE_SHA1:
-            ssl_cert->hash_alg = SIG_ALG_SHA1;
-            break;
-
-        case SIG_TYPE_SHA256:
-            ssl_cert->hash_alg = SIG_ALG_SHA256;
-            break;
-
-        case SIG_TYPE_SHA384:
-            ssl_cert->hash_alg = SIG_ALG_SHA384;
-            break;
-
-        case SIG_TYPE_SHA512:
-            ssl_cert->hash_alg = SIG_ALG_SHA512;
-            break;
-    }
-
-    memcpy(ssl_cert->buf, buf, len);
-    ssl_ctx->chain_length++;
-    len -= offset;
-    ret = SSL_OK;           /* ok so far */
-
-    /* recurse? */
-    if (len > 0)
-    {
-        ret = add_cert(ssl_ctx, &buf[offset], len);
-    }
-
-error:
-    x509_free(cert);        /* don't need anymore */
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Add a certificate authority.
- */
-int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
-{
-    int ret = X509_OK; /* ignore errors for now */
-    int i = 0;
-    CA_CERT_CTX *ca_cert_ctx;
-
-    if (ssl_ctx->ca_cert_ctx == NULL)
-        ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
-
-    ca_cert_ctx = ssl_ctx->ca_cert_ctx;
-
-    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
-        i++;
-
-    while (len > 0)
-    {
-        int offset;
-        if (i >= CONFIG_X509_MAX_CA_CERTS)
-        {
-#ifdef CONFIG_SSL_FULL_MODE
-            printf("Error: maximum number of CA certs added (%d) - change of "
-                    "compile-time configuration required\n", 
-                    CONFIG_X509_MAX_CA_CERTS);
-#endif
-            ret = X509_MAX_CERTS;
-            break;
-        }
-
-        /* ignore the return code */
-        if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
-        {
-#if defined (CONFIG_SSL_FULL_MODE)
-            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
-                x509_print(ca_cert_ctx->cert[i], NULL);
-#endif
-        }
-
-        i++;
-        len -= offset;
-    }
-
-    return ret;
-}
-
-/*
- * Retrieve an X.509 distinguished name component
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
-{
-    if (ssl->x509_ctx == NULL)
-        return NULL;
-
-    switch (component)
-    {
-        case SSL_X509_CERT_COMMON_NAME:
-            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
-
-        case SSL_X509_CERT_ORGANIZATION:
-            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
-
-        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
-
-        case SSL_X509_CERT_LOCATION:       
-            return ssl->x509_ctx->cert_dn[X509_LOCATION];
-
-        case SSL_X509_CERT_COUNTRY:       
-            return ssl->x509_ctx->cert_dn[X509_COUNTRY];
-
-        case SSL_X509_CERT_STATE:       
-            return ssl->x509_ctx->cert_dn[X509_STATE];
-
-        case SSL_X509_CA_CERT_COMMON_NAME:
-            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
-
-        case SSL_X509_CA_CERT_ORGANIZATION:
-            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
-
-        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
-            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
-
-        case SSL_X509_CA_CERT_LOCATION:       
-            return ssl->x509_ctx->ca_cert_dn[X509_LOCATION];
-
-        case SSL_X509_CA_CERT_COUNTRY:       
-            return ssl->x509_ctx->ca_cert_dn[X509_COUNTRY];
-
-        case SSL_X509_CA_CERT_STATE:       
-            return ssl->x509_ctx->ca_cert_dn[X509_STATE];
-
-        default:
-            return NULL;
-    }
-}
-
-/*
- * Retrieve a "Subject Alternative Name" from a v3 certificate
- */
-EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
-        int dnsindex)
-{
-    int i;
-
-    if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
-        return NULL;
-
-    for (i = 0; i < dnsindex; ++i)
-    {
-        if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
-            return NULL;
-    }
-
-    return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
-}
-
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-
-/*
- * Find an ssl object based on the client's file descriptor.
- */
-EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl;
-
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-    ssl = ssl_ctx->head;
-
-    /* search through all the ssl entries */
-    while (ssl)
-    {
-        if (ssl->client_fd == client_fd)
-        {
-            SSL_CTX_UNLOCK(ssl_ctx->mutex);
-            return ssl;
-        }
-
-        ssl = ssl->next;
-    }
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-    return NULL;
-}
-
-/*
- * Force the client to perform its handshake again.
- */
-EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
-{
-    int ret = SSL_OK;
-
-    disposable_new(ssl);
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
-    {
-        ret = do_client_connect(ssl);
-    }
-    else
-#endif
-    {
-        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-                g_hello_request, sizeof(g_hello_request));
-        SET_SSL_FLAG(SSL_NEED_RECORD);
-    }
-
-    return ret;
-}
-
-/**
- * @brief Get what we need for key info.
- * @param cipher    [in]    The cipher information we are after
- * @param key_size  [out]   The key size for the cipher
- * @param iv_size   [out]   The iv size for the cipher
- * @return  The amount of key information we need.
- */
-static const cipher_info_t *get_cipher_info(uint8_t cipher)
-{
-    int i;
-
-    for (i = 0; i < NUM_PROTOCOLS; i++)
-    {
-        if (cipher_info[i].cipher == cipher)
-        {
-            return &cipher_info[i];
-        }
-    }
-
-    return NULL;  /* error */
-}
-
-/*
- * Get a new ssl context for a new connection.
- */
-SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
-    ssl->ssl_ctx = ssl_ctx;
-    ssl->max_plain_length = 1460*4;
-    ssl->bm_all_data = (uint8_t*) calloc(1, ssl->max_plain_length + RT_EXTRA);
-    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
-    ssl->client_fd = client_fd;
-    ssl->flag = SSL_NEED_RECORD;
-    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-#ifdef CONFIG_ENABLE_VERIFICATION
-    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
-    ssl->can_free_certificates = false;
-#endif
-    disposable_new(ssl);
-
-    /* a bit hacky but saves a few bytes of memory */
-    ssl->flag |= ssl_ctx->options;
-    if (IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS) && IS_SET_SSL_FLAG(SSL_READ_BLOCKING)) {
-        CLR_SSL_FLAG(SSL_READ_BLOCKING);
-    }
-    SSL_CTX_LOCK(ssl_ctx->mutex);
-
-    if (ssl_ctx->head == NULL)
-    {
-        ssl_ctx->head = ssl;
-        ssl_ctx->tail = ssl;
-    }
-    else
-    {
-        ssl->prev = ssl_ctx->tail;
-        ssl_ctx->tail->next = ssl;
-        ssl_ctx->tail = ssl;
-    }
-
-    ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
-    ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
-
-    SSL_CTX_UNLOCK(ssl_ctx->mutex);
-    return ssl;
-}
-
-/*
- * Add a private key to a context.
- */
-int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
-{
-    int ret = SSL_OK;
-
-    /* get the private key details */
-    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
-    {
-        ret = SSL_ERROR_INVALID_KEY;
-        goto error;
-    }
-
-error:
-    return ret;
-}
-
-/** 
- * Increment the read sequence number (as a 64 bit endian indepenent #)
- */     
-static void increment_read_sequence(SSL *ssl)
-{
-    int i;
-
-    for (i = 7; i >= 0; i--) 
-    {       
-        if (++ssl->read_sequence[i])
-            break;
-    }
-}
-            
-/**
- * Increment the read sequence number (as a 64 bit endian indepenent #)
- */      
-static void increment_write_sequence(SSL *ssl)
-{        
-    int i;                  
-         
-    for (i = 7; i >= 0; i--)
-    {                       
-        if (++ssl->write_sequence[i])
-            break;
-    }                       
-}
-
-/**
- * Work out the HMAC digest in a packet.
- */
-static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
-        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
-{
-    const uint8_t* bufs[] = {
-        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
-            ssl->write_sequence : ssl->read_sequence,
-        hmac_header,
-        buf
-    };
-
-    int lengths[] = {
-        8,
-        SSL_RECORD_SIZE,
-        buf_len
-    };
-
-    ssl->cipher_info->hmac_v(bufs, lengths, 3,
-            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
-                ssl->server_mac : ssl->client_mac, 
-            ssl->cipher_info->digest_size, hmac_buf);
-
-#if 0
-    print_blob("record", hmac_header, SSL_RECORD_SIZE);
-    print_blob("buf", buf, buf_len);
-    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
-    {
-        print_blob("write seq", ssl->write_sequence, 8);
-    }
-    else
-    {
-        print_blob("read seq", ssl->read_sequence, 8);
-    }
-
-    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
-    {
-        print_blob("server mac", 
-                ssl->server_mac, ssl->cipher_info->digest_size);
-    }
-    else
-    {
-        print_blob("client mac", 
-                ssl->client_mac, ssl->cipher_info->digest_size);
-    }
-    print_blob("hmac", hmac_buf, ssl->cipher_info->digest_size);
-#endif
-}
-
-/**
- * Verify that the digest of a packet is correct.
- */
-static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
-{   
-    uint8_t hmac_buf[SHA256_SIZE]; // size of largest digest
-    int hmac_offset;
-   
-    int last_blk_size = buf[read_len-1], i;
-    hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
-
-    /* guard against a timing attack - make sure we do the digest */
-    if (hmac_offset < 0)
-    {
-        hmac_offset = 0;
-    }
-    else
-    {
-        /* already looked at last byte */
-        for (i = 1; i < last_blk_size; i++)
-        {
-            if (buf[read_len-i] != last_blk_size)
-            {
-                hmac_offset = 0;
-                break;
-            }
-        }
-    }
-
-    /* sanity check the offset */
-    ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
-    ssl->hmac_header[4] = hmac_offset & 0xff;
-    add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
-
-    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
-    {
-        return SSL_ERROR_INVALID_HMAC;
-    }
-
-    return hmac_offset;
-}
-
-/**
- * Add a packet to the end of our sent and received packets, so that we may use
- * it to calculate the hash at the end.
- */
-void add_packet(SSL *ssl, const uint8_t *pkt, int len)
-{
-    // TLS1.2+
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
-    {
-        SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
-    }
-
-    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || 
-                ssl->next_state == HS_SERVER_HELLO ||
-                ssl->next_state == 0) 
-    {
-        MD5_Update(&ssl->dc->md5_ctx, pkt, len);
-        SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
-    }
-}
-
-/**
- * Work out the MD5 PRF.
- */
-static void p_hash_md5(const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len, uint8_t *out, int olen)
-{
-    uint8_t a1[MD5_SIZE+77];
-
-    /* A(1) */
-    hmac_md5(seed, seed_len, sec, sec_len, a1);
-    memcpy(&a1[MD5_SIZE], seed, seed_len);
-    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
-
-    while (olen > MD5_SIZE)
-    {
-        uint8_t a2[MD5_SIZE];
-        out += MD5_SIZE;
-        olen -= MD5_SIZE;
-
-        /* A(N) */
-        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
-        memcpy(a1, a2, MD5_SIZE);
-
-        /* work out the actual hash */
-        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
-    }
-}
-
-/**
- * Work out the SHA1 PRF.
- */
-static void p_hash_sha1(const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len, uint8_t *out, int olen)
-{
-    uint8_t a1[SHA1_SIZE+77];
-
-    /* A(1) */
-    hmac_sha1(seed, seed_len, sec, sec_len, a1);
-    memcpy(&a1[SHA1_SIZE], seed, seed_len);
-    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
-
-    while (olen > SHA1_SIZE)
-    {
-        uint8_t a2[SHA1_SIZE];
-        out += SHA1_SIZE;
-        olen -= SHA1_SIZE;
-
-        /* A(N) */
-        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
-        memcpy(a1, a2, SHA1_SIZE);
-
-        /* work out the actual hash */
-        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
-    }
-}
-
-/**
- * Work out the SHA256 PRF.
- */
-static void p_hash_sha256(const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len, uint8_t *out, int olen)
-{
-    uint8_t a1[SHA256_SIZE+77];
-
-    /* A(1) */
-    hmac_sha256(seed, seed_len, sec, sec_len, a1);
-    memcpy(&a1[SHA256_SIZE], seed, seed_len);
-    hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
-
-    while (olen > SHA256_SIZE)
-    {
-        uint8_t a2[SHA256_SIZE];
-        out += SHA256_SIZE;
-        olen -= SHA256_SIZE;
-
-        // A(N)
-        hmac_sha256(a1, SHA256_SIZE, sec, sec_len, a2);
-        memcpy(a1, a2, SHA256_SIZE);
-
-        // work out the actual hash 
-        hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
-    }
-}
-
-/**
- * Work out the PRF.
- */
-static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
-        uint8_t *seed, int seed_len,
-        uint8_t *out, int olen)
-{
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2+
-    {
-        p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
-    }
-    else // TLS1.0/1.1
-    {
-        int len, i;
-        const uint8_t *S1, *S2;
-        uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
-        uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
-
-        len = sec_len/2;
-        S1 = sec;
-        S2 = &sec[len];
-        len += (sec_len & 1); /* add for odd, make longer */
-
-        p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
-        p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
-
-        for (i = 0; i < olen; i++)
-            out[i] = xbuf[i] ^ ybuf[i];
-    }
-}
-
-/**
- * Generate a master secret based on the client/server random data and the
- * premaster secret.
- */
-void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
-{
-    uint8_t buf[77]; 
-//print_blob("premaster secret", premaster_secret, 48);
-    strcpy((char *)buf, "master secret");
-    memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
-    memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
-    prf(ssl, premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
-            SSL_SECRET_SIZE);
-#if 0
-    print_blob("client random", ssl->dc->client_random, 32);
-    print_blob("server random", ssl->dc->server_random, 32);
-    print_blob("master secret", ssl->dc->master_secret, 48);
-#endif
-}
-
-/**
- * Generate a 'random' blob of data used for the generation of keys.
- */
-static void generate_key_block(SSL *ssl, 
-        uint8_t *client_random, uint8_t *server_random,
-        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
-{
-    uint8_t buf[77];
-    strcpy((char *)buf, "key expansion");
-    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
-    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
-    prf(ssl, master_secret, SSL_SECRET_SIZE, buf, 77, 
-                    key_block, key_block_size);
-}
-
-/** 
- * Calculate the digest used in the finished message. This function also
- * doubles up as a certificate verify function.
- */
-int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
-{
-    uint8_t mac_buf[SHA1_SIZE+MD5_SIZE+15]; 
-    uint8_t *q = mac_buf;
-    int dgst_len;
-
-    if (label)
-    {
-        strcpy((char *)q, label);
-        q += strlen(label);
-    }
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
-        SHA256_Final(q, &sha256_ctx);
-        q += SHA256_SIZE;
-        dgst_len = (int)(q-mac_buf);
-    }
-    else // TLS1.0/1.1
-    {
-        MD5_CTX md5_ctx = ssl->dc->md5_ctx; // interim copy
-        SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
-
-        MD5_Final(q, &md5_ctx);
-        q += MD5_SIZE;
-        
-        SHA1_Final(q, &sha1_ctx);
-        q += SHA1_SIZE;
-        dgst_len = (int)(q-mac_buf);
-    }
-
-    if (label)
-    {
-        prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
-                mac_buf, dgst_len, digest, SSL_FINISHED_HASH_SIZE);
-    }
-    else    /* for use in a certificate verify */
-    {
-        memcpy(digest, mac_buf, dgst_len);
-    }
-
-#if 0
-    printf("label: %s\n", label);
-    print_blob("mac_buf", mac_buf, dgst_len);
-    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
-#endif
-
-    return dgst_len;
-}   
-    
-/**
- * Retrieve (and initialise) the context of a cipher.
- */
-static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached)
-{
-    switch (ssl->cipher)
-    {
-        case SSL_AES128_SHA:
-        case SSL_AES128_SHA256:
-            {
-                AES_CTX *aes_ctx;
-                if (cached)
-                    aes_ctx = (AES_CTX*) cached;
-                else
-                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
-                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
-
-                if (is_decrypt)
-                {
-                    AES_convert_key(aes_ctx);
-                }
-
-                return (void *)aes_ctx;
-            }
-
-        case SSL_AES256_SHA:
-        case SSL_AES256_SHA256:
-            {
-                AES_CTX *aes_ctx;
-                if (cached)
-                    aes_ctx = (AES_CTX*) cached;
-                else
-                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
-
-                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
-
-                if (is_decrypt)
-                {
-                    AES_convert_key(aes_ctx);
-                }
-
-                return (void *)aes_ctx;
-            }
-
-    }
-
-    return NULL;    /* its all gone wrong */
-}
-
-/**
- * Send a packet over the socket.
- */
-static int send_raw_packet(SSL *ssl, uint8_t protocol)
-{
-    uint8_t *rec_buf = ssl->bm_all_data;
-    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
-    int sent = 0;
-    int ret = SSL_OK;
-
-    rec_buf[0] = protocol;
-    rec_buf[1] = 0x03;      /* version = 3.1 or higher */
-    rec_buf[2] = ssl->version & 0x0f;
-    rec_buf[3] = ssl->bm_index >> 8;
-    rec_buf[4] = ssl->bm_index & 0xff;
-
-    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
-                             pkt_size, pkt_size);
-
-    while (sent < pkt_size)
-    {
-        ret = SOCKET_WRITE(ssl->client_fd, 
-                        &ssl->bm_all_data[sent], pkt_size-sent);
-
-        if (ret >= 0)
-            sent += ret;
-        else
-        {
-
-#ifdef WIN32
-            if (GetLastError() != WSAEWOULDBLOCK)
-#else
-            if (errno != EAGAIN && errno != EWOULDBLOCK)
-#endif
-                return SSL_ERROR_CONN_LOST;
-        }
-#ifndef ESP8266
-        /* keep going until the write buffer has some space */
-        if (sent != pkt_size)
-        {
-            fd_set wfds;
-            FD_ZERO(&wfds);
-            FD_SET(ssl->client_fd, &wfds);
-
-            /* block and wait for it */
-            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
-                return SSL_ERROR_CONN_LOST;
-        }
-#endif
-    }
-
-    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
-    ssl->bm_index = 0;
-
-    if (protocol != PT_APP_PROTOCOL_DATA)  
-    {
-        /* always return SSL_OK during handshake */   
-        ret = SSL_OK;
-    }
-
-    return ret;
-}
-
-/**
- * Send an encrypted packet with padding bytes if necessary.
- */
-int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
-{
-    int ret, msg_length = 0;
-
-    /* if our state is bad, don't bother */
-    if (ssl->hs_status == SSL_ERROR_DEAD)
-        return SSL_ERROR_CONN_LOST;
-
-    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
-        return SSL_CLOSE_NOTIFY;
-
-    if (in) /* has the buffer already been initialised? */
-    {
-        memcpy(ssl->bm_data, in, length);
-    }
-
-    msg_length += length;
-
-    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
-    {
-        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
-                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
-        uint8_t hmac_header[SSL_RECORD_SIZE] = 
-        {
-            protocol, 
-            0x03, /* version = 3.1 or higher */
-            ssl->version & 0x0f,
-            msg_length >> 8,
-            msg_length & 0xff 
-        };
-
-        if (protocol == PT_HANDSHAKE_PROTOCOL)
-        {
-            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
-
-            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
-            {
-                add_packet(ssl, ssl->bm_data, msg_length);
-            }
-        }
-
-        /* add the packet digest */
-        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length, 
-                                                &ssl->bm_data[msg_length]);
-        msg_length += ssl->cipher_info->digest_size;
-
-        /* add padding */
-        {
-            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
-            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
-
-            /* ensure we always have at least 1 padding byte */
-            if (pad_bytes == 0)
-                pad_bytes += ssl->cipher_info->padding_size;
-
-            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
-            msg_length += pad_bytes;
-        }
-
-        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
-        increment_write_sequence(ssl);
-
-        /* add the explicit IV for TLS1.1 */
-        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
-        {
-            uint8_t iv_size = ssl->cipher_info->iv_size;
-            uint8_t *t_buf = malloc(msg_length + iv_size);
-            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
-            if (get_random(iv_size, t_buf) < 0)
-                return SSL_NOT_OK;
-
-            msg_length += iv_size;
-            memcpy(ssl->bm_data, t_buf, msg_length);
-            free(t_buf);
-        }
-
-        /* now encrypt the packet */
-        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
-                                            ssl->bm_data, msg_length);
-    }
-    else if (protocol == PT_HANDSHAKE_PROTOCOL)
-    {
-        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
-
-        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
-        {
-            add_packet(ssl, ssl->bm_data, length);
-        }
-    }
-
-    ssl->bm_index = msg_length;
-    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
-        return ret;
-
-    return length;  /* just return what we wanted to send */
-}
-
-/**
- * Work out the cipher keys we are going to use for this session based on the
- * master secret.
- */
-static int set_key_block(SSL *ssl, int is_write)
-{
-    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
-    uint8_t *q;
-    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
-    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-
-    if (ciph_info == NULL)
-        return -1;
-
-    /* only do once in a handshake */
-    if (!ssl->dc->key_block_generated)
-    {
-        generate_key_block(ssl, ssl->dc->client_random, ssl->dc->server_random,
-            ssl->dc->master_secret, ssl->dc->key_block, 
-            ciph_info->key_block_size);
-#if 0
-        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
-        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
-        print_blob("client random", ssl->dc->client_random, 32);
-        print_blob("server random", ssl->dc->server_random, 32);
-#endif
-        ssl->dc->key_block_generated = 1;
-    }
-
-    q = ssl->dc->key_block;
-
-    if ((is_client && is_write) || (!is_client && !is_write))
-    {
-        memcpy(ssl->client_mac, q, ciph_info->digest_size);
-    }
-
-    q += ciph_info->digest_size;
-
-    if ((!is_client && is_write) || (is_client && !is_write))
-    {
-        memcpy(ssl->server_mac, q, ciph_info->digest_size);
-    }
-
-    q += ciph_info->digest_size;
-    memcpy(client_key, q, ciph_info->key_size);
-    q += ciph_info->key_size;
-    memcpy(server_key, q, ciph_info->key_size);
-    q += ciph_info->key_size;
-
-    memcpy(client_iv, q, ciph_info->iv_size);
-    q += ciph_info->iv_size;
-    memcpy(server_iv, q, ciph_info->iv_size);
-    q += ciph_info->iv_size;
-#if 0
-        print_blob("client key", client_key, ciph_info->key_size);
-        print_blob("server key", server_key, ciph_info->key_size);
-        print_blob("client iv", client_iv, ciph_info->iv_size);
-        print_blob("server iv", server_iv, ciph_info->iv_size);
-#endif
-
-    // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
-
-    /* now initialise the ciphers */
-    if (is_client)
-    {
-        finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
-
-        if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0, ssl->encrypt_ctx);
-        else
-            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1, ssl->decrypt_ctx);
-    }
-    else
-    {
-        finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
-
-        if (is_write)
-            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0, ssl->encrypt_ctx);
-        else
-            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1, ssl->decrypt_ctx);
-    }
-
-    ssl->cipher_info = ciph_info;
-    return 0;
-}
-
-/**
- * Read the SSL connection.
- */
-int basic_read(SSL *ssl, uint8_t **in_data)
-{
-    int ret = SSL_OK;
-    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    uint8_t *buf = ssl->bm_data;
-
-    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
-        return SSL_CLOSE_NOTIFY;
-
-    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
-                            ssl->need_bytes-ssl->got_bytes);
-
-    if (read_len < 0) 
-    {
-#ifdef WIN32
-        if (GetLastError() == WSAEWOULDBLOCK)
-#else
-        if (errno == EAGAIN || errno == EWOULDBLOCK)
-#endif
-            return 0;
-    }
-
-    /* connection has gone, so die */
-    if (read_len <= 0)
-    {
-        ret = SSL_ERROR_CONN_LOST;
-        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
-        goto error;
-    }
-
-    DISPLAY_BYTES(ssl, "received %d bytes", 
-            &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
-
-    ssl->got_bytes += read_len;
-    ssl->bm_read_index += read_len;
-
-    /* haven't quite got what we want, so try again later */
-    if (ssl->got_bytes < ssl->need_bytes)
-        return SSL_OK;
-
-    read_len = ssl->got_bytes;
-    ssl->got_bytes = 0;
-
-    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
-    {
-        /* check for sslv2 "client hello" */
-        if ((buf[0] & 0x80) && buf[2] == 1)
-        {
-#ifdef CONFIG_SSL_FULL_MODE
-            printf("Error: no SSLv23 handshaking allowed\n");
-#endif
-            ret = SSL_ERROR_NOT_SUPPORTED;
-            goto error; /* not an error - just get out of here */
-        }
-
-        ssl->need_bytes = (buf[3] << 8) + buf[4];
-
-        /* do we violate the spec with the message size?  */
-        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
-        {
-            ret = SSL_ERROR_RECORD_OVERFLOW;              
-            goto error;
-        }
-
-        /* is the allocated buffer large enough to handle all the data? if not, increase its size*/
-        if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
-        {
-            printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
-            ret = increase_bm_data_size(ssl, ssl->need_bytes + BM_RECORD_OFFSET - RT_EXTRA);
-            if (ret != SSL_OK)
-            {
-                ret = SSL_ERROR_INVALID_PROT_MSG;
-                goto error;
-            }
-        }
-
-        CLR_SSL_FLAG(SSL_NEED_RECORD);
-        memcpy(ssl->hmac_header, buf, 3);       /* store for hmac */
-        ssl->record_type = buf[0];
-        goto error;                         /* no error, we're done */
-    }
-
-    /* for next time - just do it now in case of an error */
-    SET_SSL_FLAG(SSL_NEED_RECORD);
-    ssl->need_bytes = SSL_RECORD_SIZE;
-
-    /* decrypt if we need to */
-    if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
-    {
-        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
-
-        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
-        {
-            buf += ssl->cipher_info->iv_size;
-            read_len -= ssl->cipher_info->iv_size;
-        }
-
-        read_len = verify_digest(ssl, 
-                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
-
-        /* does the hmac work? */
-        if (read_len < 0)
-        {
-            ret = read_len;
-            goto error;
-        }
-
-        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
-        increment_read_sequence(ssl);
-    }
-
-    /* The main part of the SSL packet */
-    switch (ssl->record_type)
-    {
-        case PT_HANDSHAKE_PROTOCOL:
-            if (ssl->dc != NULL)
-            {
-                ssl->dc->bm_proc_index = 0;
-                ret = do_handshake(ssl, buf, read_len);
-            }
-            else /* no client renegotiation allowed */
-            {
-                ret = SSL_ERROR_NO_CLIENT_RENOG;              
-                goto error;
-            }
-            break;
-
-        case PT_CHANGE_CIPHER_SPEC:
-            if (ssl->next_state != HS_FINISHED)
-            {
-                ret = SSL_ERROR_INVALID_HANDSHAKE;
-                goto error;
-            }
-
-            if (set_key_block(ssl, 0) < 0)
-            {
-                ret = SSL_ERROR_INVALID_HANDSHAKE;
-                goto error;
-            }
-            
-            /* all encrypted from now on */
-            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
-            memset(ssl->read_sequence, 0, 8);
-            break;
-
-        case PT_APP_PROTOCOL_DATA:
-            if (in_data && ssl->hs_status == SSL_OK)
-            {
-                *in_data = buf;   /* point to the work buffer */
-                (*in_data)[read_len] = 0;  /* null terminate just in case */
-                ret = read_len;
-            }
-            else
-                ret = SSL_ERROR_INVALID_PROT_MSG;
-            break;
-
-        case PT_ALERT_PROTOCOL:
-            /* return the alert # with alert bit set */
-            if (buf[0] == SSL_ALERT_TYPE_WARNING &&
-               buf[1] == SSL_ALERT_CLOSE_NOTIFY)
-            {
-              ret = SSL_CLOSE_NOTIFY;
-              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
-              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
-            }
-            else 
-            {
-                ret = -buf[1]; 
-                DISPLAY_ALERT(ssl, buf[1]);
-            }
-
-            break;
-
-        default:
-            ret = SSL_ERROR_INVALID_PROT_MSG;
-            break;
-    }
-
-error:
-    ssl->bm_read_index = 0;          /* reset to go again */
-
-    if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
-        *in_data = NULL;
-
-    return ret;
-}
-
-int increase_bm_data_size(SSL *ssl, size_t size)
-{
-    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
-        return SSL_OK;
-    }
-    if (ssl->can_free_certificates) {
-        certificate_free(ssl);
-    }
-    size_t required = (size + 1023) & ~(1023); // round up to 1k
-    required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
-    uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);
-    if (!new_bm_all_data) {
-        printf("failed to grow plain buffer\r\n");
-        ssl->hs_status = SSL_ERROR_DEAD;
-        return SSL_ERROR_CONN_LOST;
-    }
-    ssl->bm_all_data = new_bm_all_data;
-    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
-    ssl->max_plain_length = required;
-    return SSL_OK;
-}
-
-/**
- * Do some basic checking of data and then perform the appropriate handshaking.
- */
-static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
-{
-    int hs_len = (buf[2]<<8) + buf[3];
-    uint8_t handshake_type = buf[0];
-    int ret = SSL_OK;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-
-    /* some integrity checking on the handshake */
-    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
-
-    if (handshake_type != ssl->next_state)
-    {
-        /* handle a special case on the client */
-        if (!is_client || handshake_type != HS_CERT_REQ ||
-                        ssl->next_state != HS_SERVER_HELLO_DONE)
-        {
-            ret = SSL_ERROR_INVALID_HANDSHAKE;
-            goto error;
-        }
-    }
-
-    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
-    ssl->bm_index = hs_len;     /* store the size and check later */
-    DISPLAY_STATE(ssl, 0, handshake_type, 0);
-
-    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
-        add_packet(ssl, buf, hs_len); 
-
-#if defined(CONFIG_SSL_ENABLE_CLIENT)
-    ret = is_client ? 
-        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
-        do_svr_handshake(ssl, handshake_type, buf, hs_len);
-#else
-    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
-#endif
-
-    /* just use recursion to get the rest */
-    if (hs_len < read_len && ret == SSL_OK)
-        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
-
-error:
-    return ret;
-}
-
-/**
- * Sends the change cipher spec message. We have just read a finished message
- * from the client.
- */
-int send_change_cipher_spec(SSL *ssl)
-{
-    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
-            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
-
-    if (ret >= 0 && set_key_block(ssl, 1) < 0)
-        ret = SSL_ERROR_INVALID_HANDSHAKE;
-    
-    if (ssl->cipher_info)
-        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
-
-    memset(ssl->write_sequence, 0, 8);
-    return ret;
-}
-
-/**
- * Send a "finished" message
- */
-int send_finished(SSL *ssl)
-{
-    uint8_t buf[SHA1_SIZE+MD5_SIZE+15+4] = {
-        HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
-
-    /* now add the finished digest mac (12 bytes) */
-    finished_digest(ssl, 
-        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
-                    client_finished : server_finished, &buf[4]);
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    /* store in the session cache */
-    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
-    {
-        memcpy(ssl->session->master_secret,
-                ssl->dc->master_secret, SSL_SECRET_SIZE);
-    }
-#endif
-
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
-                                buf, SSL_FINISHED_HASH_SIZE+4);
-}
-
-/**
- * Send an alert message.
- * Return 1 if the alert was an "error".
- */
-int send_alert(SSL *ssl, int error_code)
-{
-    int alert_num = 0;
-    int is_warning = 0;
-    uint8_t buf[2];
-
-    /* Don't bother, we're already dead */
-    if (ssl->hs_status == SSL_ERROR_DEAD)
-    {
-        return SSL_ERROR_CONN_LOST;
-    }
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        ssl_display_error(error_code);
-#endif
-
-    switch (error_code)
-    {
-        case SSL_ALERT_CLOSE_NOTIFY:
-            is_warning = 1;
-            alert_num = SSL_ALERT_CLOSE_NOTIFY;
-            break;
-
-        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
-            is_warning = 1;
-            break;
-
-        case SSL_ERROR_NO_CIPHER:
-            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
-            break;
-
-        case SSL_ERROR_INVALID_HMAC:
-            alert_num = SSL_ALERT_BAD_RECORD_MAC;
-            break;
-
-        case SSL_ERROR_FINISHED_INVALID:
-        case SSL_ERROR_INVALID_KEY:
-            alert_num = SSL_ALERT_DECRYPT_ERROR;
-            break;
-
-        case SSL_ERROR_INVALID_VERSION:
-            alert_num = SSL_ALERT_INVALID_VERSION;
-            break;
-
-        case SSL_ERROR_INVALID_SESSION:
-            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
-            break;
-
-        case SSL_ERROR_NO_CLIENT_RENOG:
-            alert_num = SSL_ALERT_NO_RENEGOTIATION;
-            break;
-
-        case SSL_ERROR_RECORD_OVERFLOW:
-            alert_num = SSL_ALERT_RECORD_OVERFLOW;
-            break;
-
-        case SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED):
-        case SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID):
-            alert_num = SSL_ALERT_CERTIFICATE_EXPIRED;
-            break;
-
-        case SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT):
-            alert_num = SSL_ALERT_UNKNOWN_CA;
-            break;
-
-        case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
-        case SSL_ERROR_INVALID_CERT_HASH_ALG:
-            alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
-            break;
-
-        case SSL_ERROR_BAD_CERTIFICATE:
-        case SSL_X509_ERROR(X509_VFY_ERROR_BAD_SIGNATURE):
-            alert_num = SSL_ALERT_BAD_CERTIFICATE;
-            break;
-
-        case SSL_ERROR_INVALID_HANDSHAKE:
-        case SSL_ERROR_INVALID_PROT_MSG:
-        default:
-            /* a catch-all for anything bad */
-            alert_num = (error_code <= SSL_X509_OFFSET) ?  
-                SSL_ALERT_CERTIFICATE_UNKNOWN: SSL_ALERT_UNEXPECTED_MESSAGE;
-            break;
-    }
-
-    buf[0] = is_warning ? 1 : 2;
-    buf[1] = alert_num;
-    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
-    DISPLAY_ALERT(ssl, alert_num);
-    return is_warning ? 0 : 1;
-}
-
-/**
- * Process a client finished message.
- */
-int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
-{
-    int ret = SSL_OK;
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
-
-    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
-
-    /* check that we all work before we continue */
-    if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
-        return SSL_ERROR_FINISHED_INVALID;
-
-    if ((!is_client && !resume) || (is_client && resume))
-    {
-        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
-            ret = send_finished(ssl);
-    }
-
-    /* if we ever renegotiate */
-    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
-    ssl->hs_status = ret;  /* set the final handshake status */
-
-error:
-    return ret;
-}
-
-/**
- * Send a certificate.
- */
-int send_certificate(SSL *ssl)
-{
-    int ret = SSL_OK;
-    int i = 0;
-    uint8_t *buf = ssl->bm_data;
-    int offset = 7;
-    int chain_length;
-
-    buf[0] = HS_CERTIFICATE;
-    buf[1] = 0;
-    buf[4] = 0;
-
-    /* spec says we must check if the hash/sig algorithm is OK */
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
-             ((ret = check_certificate_chain(ssl)) != SSL_OK))
-    {
-        ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
-        goto error;
-    }
-
-    while (i < ssl->ssl_ctx->chain_length)
-    {
-        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
-        buf[offset++] = 0;        
-        buf[offset++] = cert->size >> 8;        /* cert 1 length */
-        buf[offset++] = cert->size & 0xff;
-        memcpy(&buf[offset], cert->buf, cert->size);
-        offset += cert->size;
-        i++;
-    }
-
-    chain_length = offset - 7;
-    buf[5] = chain_length >> 8;        /* cert chain length */
-    buf[6] = chain_length & 0xff;
-    chain_length += 3;
-    buf[2] = chain_length >> 8;        /* handshake length */
-    buf[3] = chain_length & 0xff;
-    ssl->bm_index = offset;
-    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-
-error:
-    return ret;
-}
-
-/**
- * Create a blob of memory that we'll get rid of once the handshake is
- * complete.
- */
-void disposable_new(SSL *ssl)
-{
-    if (ssl->dc == NULL)
-    {
-        ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
-        SHA256_Init(&ssl->dc->sha256_ctx);
-        MD5_Init(&ssl->dc->md5_ctx);
-        SHA1_Init(&ssl->dc->sha1_ctx);
-    }
-}
-
-/**
- * Remove the temporary blob of memory.
- */
-void disposable_free(SSL *ssl)
-{
-    if (ssl->dc)
-    {
-        memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
-        free(ssl->dc);
-        ssl->dc = NULL;
-    }
-    ssl->can_free_certificates = true;
-}
-
-static void certificate_free(SSL* ssl)
-{
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    if (ssl->x509_ctx) {
-        x509_free(ssl->x509_ctx);
-        ssl->x509_ctx = 0;
-    }
-    ssl->can_free_certificates = false;
-#endif
-}
-
-#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
-/**
- * Find if an existing session has the same session id. If so, use the
- * master secret from this session for session resumption.
- */
-SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
-        SSL *ssl, const uint8_t *session_id)
-{
-    time_t tm = time(NULL);
-    time_t oldest_sess_time = tm;
-    SSL_SESSION *oldest_sess = NULL;
-    int i;
-
-    /* no sessions? Then bail */
-    if (max_sessions == 0)
-        return NULL;
-
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    if (session_id)
-    {
-        for (i = 0; i < max_sessions; i++)
-        {
-            if (ssl_sessions[i])
-            {
-                /* kill off any expired sessions (including those in 
-                   the future) */
-                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
-                            (tm < ssl_sessions[i]->conn_time))
-                {
-                    session_free(ssl_sessions, i);
-                    continue;
-                }
-
-                /* if the session id matches, it must still be less than 
-                   the expiry time */
-                if (memcmp(ssl_sessions[i]->session_id, session_id,
-                                                SSL_SESSION_ID_SIZE) == 0)
-                {
-                    ssl->session_index = i;
-                    memcpy(ssl->dc->master_secret, 
-                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
-                    SET_SSL_FLAG(SSL_SESSION_RESUME);
-                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-                    return ssl_sessions[i];  /* a session was found */
-                }
-            }
-        }
-    }
-
-    /* If we've got here, no matching session was found - so create one */
-    for (i = 0; i < max_sessions; i++)
-    {
-        if (ssl_sessions[i] == NULL)
-        {
-            /* perfect, this will do */
-            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
-            ssl_sessions[i]->conn_time = tm;
-            ssl->session_index = i;
-            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-            return ssl_sessions[i]; /* return the session object */
-        }
-        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
-        {
-            /* find the oldest session */
-            oldest_sess_time = ssl_sessions[i]->conn_time;
-            oldest_sess = ssl_sessions[i];
-            ssl->session_index = i;
-        }
-    }
-
-    /* ok, we've used up all of our sessions. So blow the oldest session away */
-    oldest_sess->conn_time = tm;
-    memset(oldest_sess->session_id, 0, SSL_SESSION_ID_SIZE);
-    memset(oldest_sess->master_secret, 0, SSL_SECRET_SIZE);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-    return oldest_sess;
-}
-
-/**
- * Free an existing session.
- */
-static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
-{
-    if (ssl_sessions[sess_index])
-    {
-        free(ssl_sessions[sess_index]);
-        ssl_sessions[sess_index] = NULL;
-    }
-}
-
-/**
- * This ssl object doesn't want this session anymore.
- */
-void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
-{
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-
-    if (ssl->ssl_ctx->num_sessions)
-    {
-        session_free(ssl_sessions, ssl->session_index);
-        ssl->session = NULL;
-    }
-
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-}
-#endif /* CONFIG_SSL_SKELETON_MODE */
-
-/*
- * Get the session id for a handshake. This will be a 32 byte sequence.
- */
-EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
-{
-    return ssl->session_id;
-}
-
-/*
- * Get the session id size for a handshake. 
- */
-EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
-{
-    return ssl->sess_id_size;
-}
-
-/*
- * Return the cipher id (in the SSL form).
- */
-EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
-{
-    return ssl->cipher;
-}
-
-/*
- * Return the status of the handshake.
- */
-EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
-{
-    return ssl->hs_status;
-}
-
-/*
- * Retrieve various parameters about the SSL engine.
- */
-EXP_FUNC int STDCALL ssl_get_config(int offset)
-{
-    switch (offset)
-    {
-        /* return the appropriate build mode */
-        case SSL_BUILD_MODE:
-#if defined(CONFIG_SSL_FULL_MODE)
-            return SSL_BUILD_FULL_MODE;
-#elif defined(CONFIG_SSL_ENABLE_CLIENT)
-            return SSL_BUILD_ENABLE_CLIENT;
-#elif defined(CONFIG_ENABLE_VERIFICATION)
-            return SSL_BUILD_ENABLE_VERIFICATION;
-#elif defined(CONFIG_SSL_SERVER_ONLY )
-            return SSL_BUILD_SERVER_ONLY;
-#else 
-            return SSL_BUILD_SKELETON_MODE;
-#endif
-
-        case SSL_MAX_CERT_CFG_OFFSET:
-            return CONFIG_SSL_MAX_CERTS;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case SSL_MAX_CA_CERT_CFG_OFFSET:
-            return CONFIG_X509_MAX_CA_CERTS;
-#endif
-#ifdef CONFIG_SSL_HAS_PEM
-        case SSL_HAS_PEM:
-            return 1;
-#endif
-        default:
-            return 0;
-    }
-}
-
-/**
- * Check the certificate chain to see if the certs are supported
- */
-static int check_certificate_chain(SSL *ssl)
-{
-    int i = 0;
-    int ret = SSL_OK;
-
-    while (i < ssl->ssl_ctx->chain_length)
-    {
-        int j = 0;
-        uint8_t found = 0;
-        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
-
-        while (j < ssl->num_sig_algs)
-        {
-            if (ssl->sig_algs[j++] == cert->hash_alg)
-            {
-                found = 1;
-                break;
-            }
-        } 
-
-        if (!found)
-        {
-
-            ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
-            goto error;
-        }
-
-        i++;
-    }
-
-error:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Authenticate a received certificate.
- */
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
-{
-    int ret;
-    int pathLenConstraint = 0;
-
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx,
-            &pathLenConstraint);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (ret)        /* modify into an SSL error type */
-    {
-        ret = SSL_X509_ERROR(ret);
-    }
-
-    return ret;
-}
-
-/**
- * Process a certificate message.
- */
-int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
-{
-    int ret = SSL_OK;
-    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
-    int pkt_size = ssl->bm_index;
-    int cert_size, offset = 5, offset_start;
-    int total_cert_len = (buf[offset]<<8) + buf[offset+1];
-    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
-    X509_CTX *chain = 0;
-    X509_CTX **certs = 0;
-    int *cert_used = 0;
-    int num_certs = 0;
-    int i = 0;
-    offset += 2;
-
-    ax_wdt_feed();
-
-    PARANOIA_CHECK(pkt_size, total_cert_len + offset);
-
-    // record the start point for the second pass
-    offset_start = offset;
-
-    // first pass - count the certificates
-    while (offset < total_cert_len)
-    {
-        offset++;       /* skip empty char */
-        cert_size = (buf[offset]<<8) + buf[offset+1];
-        offset += 2;
-        offset += cert_size;
-        num_certs++;
-    }
-
-    PARANOIA_CHECK(pkt_size, offset);
-
-    certs = (X509_CTX**) calloc(num_certs, sizeof(void*));
-    cert_used = (int*) calloc(num_certs, sizeof(int));
-    num_certs = 0;
-
-    // restore the offset from the saved value 
-    offset = offset_start;
-
-    // second pass - load the certificates
-    while (offset < total_cert_len)
-    {
-        offset++;       /* skip empty char */
-        cert_size = (buf[offset]<<8) + buf[offset+1];
-        offset += 2;
-        ax_wdt_feed();
-        if (x509_new(&buf[offset], NULL, certs+num_certs))
-        {
-            ret = SSL_ERROR_BAD_CERTIFICATE;
-            goto error;
-        }
-
-#if defined (CONFIG_SSL_FULL_MODE)
-        if (ssl->ssl_ctx->options & SSL_DISPLAY_CERTS)
-            x509_print(certs[num_certs], NULL);
-#endif
-        num_certs++;
-        offset += cert_size;
-    }
-
-    PARANOIA_CHECK(pkt_size, offset);
-
-    // third pass - link certs together, assume server cert is the first
-    *x509_ctx = certs[0];
-    chain = certs[0];
-    cert_used[0] = 1;
-
-    // repeat until the end of the chain is found
-    while (1)
-    {
-        // look for CA cert
-        for( i = 1; i < num_certs; i++ )
-        {
-            if (certs[i] == chain) 
-                continue;
-
-            if (cert_used[i]) 
-                continue; // don't allow loops
-
-            if (asn1_compare_dn(chain->ca_cert_dn, certs[i]->cert_dn) == 0)
-            {
-                // CA cert found, add it to the chain
-                cert_used[i] = 1;
-                chain->next = certs[i];
-                chain = certs[i];
-                break;
-            }
-        }
-
-        // no CA cert found, reached the end of the chain
-        if (i >= num_certs) 
-            break;
-    }
-
-    // clean up any certs that aren't part of the chain
-    for (i = 1; i < num_certs; i++)
-    {
-        if (cert_used[i] == 0) 
-            x509_free(certs[i]);
-    }
-
-    /* if we are client we can do the verify now or later */
-    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
-    {
-        ret = ssl_verify_cert(ssl);
-    }
-
-    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
-    ssl->dc->bm_proc_index += offset;
-error:
-    // clean up arrays
-    if (certs) 
-        free(certs);
-
-    if (cert_used) 
-        free(cert_used);
-
-    return ret;
-}
-
-EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
-{
-    if (ssl->x509_ctx == NULL || ssl->x509_ctx->fingerprint == NULL)
-        return 1;
-    int res = memcmp(ssl->x509_ctx->fingerprint, fp, SHA1_SIZE);
-    if (res != 0) {
-        printf("cert FP: ");
-        for (int i = 0; i < SHA1_SIZE; ++i) {
-            printf("%02X ", ssl->x509_ctx->fingerprint[i]);
-        }
-        printf("\r\ntest FP: ");
-        for (int i = 0; i < SHA1_SIZE; ++i) {
-            printf("%02X ", fp[i]);
-        }
-        printf("\r\n");
-    }
-    return res;
-}
-
-EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash)
-{
-    if (ssl->x509_ctx == NULL || ssl->x509_ctx->spki_sha256 == NULL)
-        return 1;
-    int res = memcmp(ssl->x509_ctx->spki_sha256, hash, SHA256_SIZE);
-    if (res != 0) {
-        printf("cert SPKI SHA-256 hash: ");
-        for (int i = 0; i < SHA256_SIZE; ++i) {
-            printf("%02X ", ssl->x509_ctx->spki_sha256[i]);
-        }
-        printf("\r\ntest hash: ");
-        for (int i = 0; i < SHA256_SIZE; ++i) {
-            printf("%02X ", hash[i]);
-        }
-        printf("\r\n");
-    }
-    return res;
-}
-
-#endif /* CONFIG_SSL_CERT_VERIFICATION */
-
-/**
- * Debugging routine to display SSL handshaking stuff.
- */
-#ifdef CONFIG_SSL_FULL_MODE
-/**
- * Debugging routine to display SSL states.
- */
-void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
-{
-    const char *str;
-
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        return;
-
-    if (not_ok) printf("Error - invalid State:\t");
-    else printf("State:\t");
-    if (is_send) printf("sending ");
-    else printf("receiving ");
-
-    switch (state)
-    {
-        case HS_HELLO_REQUEST:
-            printf("Hello Request (0)\n");
-            break;
-
-        case HS_CLIENT_HELLO:
-            printf("Client Hello (1)\n");
-            break;
-
-        case HS_SERVER_HELLO:
-            printf("Server Hello (2)\n");
-            break;
-
-        case HS_CERTIFICATE:
-            printf("Certificate (11)\n");
-            break;
-
-        case HS_SERVER_KEY_XCHG:
-            printf("Certificate Request (12)\n");
-            break;
-
-        case HS_CERT_REQ:
-            printf("Certificate Request (13)\n");
-            break;
-
-        case HS_SERVER_HELLO_DONE:
-            printf("Server Hello Done (14)\n");
-            break;
-
-        case HS_CERT_VERIFY:
-            printf("Certificate Verify (15)\n");
-            break;
-
-        case HS_CLIENT_KEY_XCHG:
-            printf("Client Key Exchange (16)\n");
-            break;
-
-        case HS_FINISHED:
-            printf("Finished (16)\n");
-            break;
-
-        default:
-            printf("Error (Unknown)\n");
-            break;
-    }
-}
-
-/**
- * Debugging routine to display RSA objects
- */
-void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
-        return;
-
-    RSA_print(rsa_ctx);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display SSL handshaking bytes.
- */
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...)
-{
-    va_list(ap);
-
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
-        return;
-
-    va_start(ap, size);
-    print_blob(format, data, size, va_arg(ap, char *));
-    va_end(ap);
-    TTY_FLUSH();
-}
-
-/**
- * Debugging routine to display SSL handshaking errors.
- */
-EXP_FUNC void STDCALL ssl_display_error(int error_code)
-{
-    if (error_code == SSL_OK)
-        return;
-
-    printf("Error: ");
-
-    /* X509 error? */
-    if (error_code < SSL_X509_OFFSET)
-    {
-        char buff[64];
-        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff));
-        return;
-    }
-
-    /* SSL alert error code */
-    if (error_code > SSL_ERROR_CONN_LOST)
-    {
-        printf("SSL error %d\n", -error_code);
-        return;
-    }
-
-    switch (error_code)
-    {
-        case SSL_ERROR_DEAD:
-            printf("connection dead");
-            break;
-
-        case SSL_ERROR_RECORD_OVERFLOW:
-            printf("record overflow");
-            break;
-
-        case SSL_ERROR_INVALID_HANDSHAKE:
-            printf("invalid handshake");
-            break;
-
-        case SSL_ERROR_INVALID_PROT_MSG:
-            printf("invalid protocol message");
-            break;
-
-        case SSL_ERROR_INVALID_HMAC:
-            printf("invalid mac");
-            break;
-
-        case SSL_ERROR_INVALID_VERSION:
-            printf("invalid version");
-            break;
-
-        case SSL_ERROR_INVALID_SESSION:
-            printf("invalid session");
-            break;
-
-        case SSL_ERROR_NO_CIPHER:
-            printf("no cipher");
-            break;
-
-        case SSL_ERROR_INVALID_CERT_HASH_ALG:
-            printf("invalid cert hash algorithm");
-            break;
-
-        case SSL_ERROR_CONN_LOST:
-            printf("connection lost");
-            break;
-
-        case SSL_ERROR_BAD_CERTIFICATE:
-            printf("bad certificate");
-            break;
-
-        case SSL_ERROR_INVALID_KEY:
-            printf("invalid key");
-            break;
-
-        case SSL_ERROR_FINISHED_INVALID:
-            printf("finished invalid");
-            break;
-
-        case SSL_ERROR_NO_CERT_DEFINED:
-            printf("no certificate defined");
-            break;
-
-        case SSL_ERROR_NO_CLIENT_RENOG:
-            printf("client renegotiation not supported");
-            break;
-            
-        case SSL_ERROR_NOT_SUPPORTED:
-            printf("Option not supported");
-            break;
-
-        default:
-            printf("undefined as yet - %d", error_code);
-            break;
-    }
-
-    printf("\n");
-}
-
-/**
- * Debugging routine to display alerts.
- */
-void DISPLAY_ALERT(SSL *ssl, int alert)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
-        return;
-
-    printf("Alert: ");
-
-    switch (alert)
-    {
-        case SSL_ALERT_CLOSE_NOTIFY:
-            printf("close notify");
-            break;
-
-        case SSL_ALERT_UNEXPECTED_MESSAGE:
-            printf("unexpected message");
-            break;
-
-        case SSL_ALERT_BAD_RECORD_MAC:
-            printf("bad record mac");
-            break;
-
-        case SSL_ERROR_RECORD_OVERFLOW:
-            printf("record overlow");
-            break;
-
-        case SSL_ALERT_HANDSHAKE_FAILURE:
-            printf("handshake failure");
-            break;
-
-        case SSL_ALERT_BAD_CERTIFICATE:
-            printf("bad certificate");
-            break;
-
-        case SSL_ALERT_UNSUPPORTED_CERTIFICATE:
-            printf("unsupported certificate");
-            break;
-
-        case SSL_ALERT_CERTIFICATE_EXPIRED:
-            printf("certificate expired");
-            break;
-
-        case SSL_ALERT_CERTIFICATE_UNKNOWN:
-            printf("certificate unknown");
-            break;
-
-        case SSL_ALERT_ILLEGAL_PARAMETER:
-            printf("illegal parameter");
-            break;
-
-        case SSL_ALERT_UNKNOWN_CA:
-            printf("unknown ca");
-            break;
-
-        case SSL_ALERT_DECODE_ERROR:
-            printf("decode error");
-            break;
-
-        case SSL_ALERT_DECRYPT_ERROR:
-            printf("decrypt error");
-            break;
-
-        case SSL_ALERT_INVALID_VERSION:
-            printf("invalid version");
-            break;
-
-        case SSL_ALERT_NO_RENEGOTIATION:
-            printf("no renegotiation");
-            break;
-
-        default:
-            printf("alert - (unknown %d)", alert);
-            break;
-    }
-
-    printf("\n");
-}
-
-#endif /* CONFIG_SSL_FULL_MODE */
-
-/**
- * Return the version of this library.
- */
-EXP_FUNC const char  * STDCALL ssl_version()
-{
-    static const char * axtls_version = AXTLS_VERSION;
-    return axtls_version;
-}
-
-/**
- * Enable the various language bindings to work regardless of the
- * configuration - they just return an error statement and a bad return code.
- */
-#if !defined(CONFIG_SSL_FULL_MODE)
-EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
-#endif
-
-#ifdef CONFIG_BINDINGS
-#if !defined(CONFIG_SSL_ENABLE_CLIENT)
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size)
-{
-    printf("%s", unsupported_str);
-    return NULL;
-}
-#endif
-
-#if !defined(CONFIG_SSL_CERT_VERIFICATION)
-EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
-{
-    printf("%s", unsupported_str);
-    return -1;
-}
-
-
-EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
-{
-    printf("%s", unsupported_str);
-    return NULL;
-}
-
-EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
-{
-    printf("%s", unsupported_str);
-    return NULL;
-}
-
-#endif  /* CONFIG_SSL_CERT_VERIFICATION */
-
-#endif /* CONFIG_BINDINGS */
-
diff --git a/tools/sdk/axtls/ssl/tls1.h b/tools/sdk/axtls/ssl/tls1.h
deleted file mode 100644
index fb3e555278..0000000000
--- a/tools/sdk/axtls/ssl/tls1.h
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file tls1.h
- *
- * @brief The definitions for the TLS library.
- */
-#ifndef HEADER_SSL_LIB_H
-#define HEADER_SSL_LIB_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "version.h"
-#include "config.h"
-#include "os_int.h"
-#include "os_port.h"
-#include "crypto.h"
-#include "crypto_misc.h"
-
-#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
-#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.3 */
-#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
-#define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
-#define SSL_RANDOM_SIZE             32
-#define SSL_SECRET_SIZE             48
-#define SSL_FINISHED_HASH_SIZE      12
-#define SSL_RECORD_SIZE             5
-#define SSL_SERVER_READ             0
-#define SSL_SERVER_WRITE            1
-#define SSL_CLIENT_READ             2
-#define SSL_CLIENT_WRITE            3
-#define SSL_HS_HDR_SIZE             4
-
-/* the flags we use while establishing a connection */
-#define SSL_NEED_RECORD             0x0001
-#define SSL_TX_ENCRYPTED            0x0002 
-#define SSL_RX_ENCRYPTED            0x0004
-#define SSL_SESSION_RESUME          0x0008
-#define SSL_IS_CLIENT               0x0010
-#define SSL_HAS_CERT_REQ            0x0020
-#define SSL_SENT_CLOSE_NOTIFY       0x0040
-
-/* some macros to muck around with flag bits */
-#define SET_SSL_FLAG(A)             (ssl->flag |= A)
-#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
-#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
-
-#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
-#define RT_MAX_PLAIN_LENGTH         16384
-#define RT_EXTRA                    1024
-#define BM_RECORD_OFFSET            5
-
-#define NUM_PROTOCOLS               4
-
-#define MAX_SIG_ALGORITHMS          4
-#define SIG_ALG_SHA1                2
-#define SIG_ALG_SHA256              4
-#define SIG_ALG_SHA384              5
-#define SIG_ALG_SHA512              6
-#define SIG_ALG_RSA                 1
-
-#define PARANOIA_CHECK(A, B)        if (A < B) { \
-    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
-
-/* protocol types */
-enum
-{
-    PT_CHANGE_CIPHER_SPEC = 20,
-    PT_ALERT_PROTOCOL,
-    PT_HANDSHAKE_PROTOCOL,
-    PT_APP_PROTOCOL_DATA
-};
-
-/* handshaking types */
-enum
-{
-    HS_HELLO_REQUEST,
-    HS_CLIENT_HELLO,
-    HS_SERVER_HELLO,
-    HS_CERTIFICATE = 11,
-    HS_SERVER_KEY_XCHG,
-    HS_CERT_REQ,
-    HS_SERVER_HELLO_DONE,
-    HS_CERT_VERIFY,
-    HS_CLIENT_KEY_XCHG,
-    HS_FINISHED = 20
-};
-
-/* SSL extension types */
-enum
-{
-    SSL_EXT_SERVER_NAME = 0,
-    SSL_EXT_MAX_FRAGMENT_SIZE,
-    SSL_EXT_SIG_ALG = 0x0d,
-};
-
-typedef struct 
-{
-    uint8_t cipher;
-    uint8_t key_size;
-    uint8_t iv_size;
-    uint8_t padding_size;
-    uint8_t digest_size;
-    uint8_t key_block_size;
-    hmac_func_v hmac_v;
-    crypt_func encrypt;
-    crypt_func decrypt;
-} cipher_info_t;
-
-struct _SSLObjLoader 
-{
-    uint8_t *buf;
-    int len;
-};
-
-typedef struct _SSLObjLoader SSLObjLoader;
-
-typedef struct 
-{
-    time_t conn_time;
-    uint8_t session_id[SSL_SESSION_ID_SIZE];
-    uint8_t master_secret[SSL_SECRET_SIZE];
-} SSL_SESSION;
-
-typedef struct
-{
-    uint8_t *buf;
-    int size;
-    uint8_t hash_alg;
-} SSL_CERT;
-
-typedef struct
-{
-    MD5_CTX md5_ctx;
-    SHA1_CTX sha1_ctx;
-    SHA256_CTX sha256_ctx;
-    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
-    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
-    uint8_t final_finish_mac[128];
-    uint8_t master_secret[SSL_SECRET_SIZE];
-    uint8_t key_block[256];
-    uint16_t bm_proc_index;
-    uint8_t key_block_generated;
-} DISPOSABLE_CTX;
-
-typedef struct 
-{
-    char *host_name; /* Needed for the SNI support */
-    /* Needed for the Max Fragment Size Extension. 
-       Allowed values: 2^9, 2^10 .. 2^14 */
-    uint16_t max_fragment_size; 
-} SSL_EXTENSIONS;
-
-struct _SSL
-{
-    uint32_t flag;
-    uint16_t need_bytes;
-    uint16_t got_bytes;
-    uint8_t record_type;
-    uint8_t cipher;
-    uint8_t sess_id_size;
-    uint8_t version;
-    uint8_t client_version;
-    int16_t next_state;
-    int16_t hs_status;
-    DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
-    int client_fd;
-    const cipher_info_t *cipher_info;
-    void *encrypt_ctx;
-    void *decrypt_ctx;
-    uint8_t *bm_all_data;
-    uint8_t *bm_data;
-    uint16_t bm_index;
-    uint16_t bm_read_index;
-    size_t max_plain_length;
-    uint8_t sig_algs[MAX_SIG_ALGORITHMS];
-    uint8_t num_sig_algs;
-    struct _SSL *next;                  /* doubly linked list */
-    struct _SSL *prev;
-    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
-#ifndef CONFIG_SSL_SKELETON_MODE
-    uint16_t session_index;
-    SSL_SESSION *session;
-#endif
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    X509_CTX *x509_ctx;
-    bool can_free_certificates;
-#endif
-    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
-    uint8_t client_mac[SHA256_SIZE];    /* for HMAC verification */
-    uint8_t server_mac[SHA256_SIZE];    /* for HMAC verification */
-    uint8_t read_sequence[8];           /* 64 bit sequence number */
-    uint8_t write_sequence[8];          /* 64 bit sequence number */
-    uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
-    SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
-};
-
-typedef struct _SSL SSL;
-
-struct _SSL_CTX
-{
-    uint32_t options;
-    uint8_t chain_length;
-    RSA_CTX *rsa_ctx;
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    CA_CERT_CTX *ca_cert_ctx;
-#endif
-    SSL *head;
-    SSL *tail;
-    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
-#ifndef CONFIG_SSL_SKELETON_MODE
-    uint16_t num_sessions;
-    SSL_SESSION **ssl_sessions;
-#endif
-#ifdef CONFIG_SSL_CTX_MUTEXING
-    SSL_CTX_MUTEX_TYPE mutex;
-#endif
-#ifdef CONFIG_OPENSSL_COMPATIBLE
-    void *bonus_attr;
-#endif
-};
-
-typedef struct _SSL_CTX SSL_CTX;
-
-/* backwards compatibility */
-typedef struct _SSL_CTX SSLCTX;
-
-extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
-
-SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
-void disposable_new(SSL *ssl);
-void disposable_free(SSL *ssl);
-int send_packet(SSL *ssl, uint8_t protocol, 
-        const uint8_t *in, int length);
-int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
-int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
-int process_sslv23_client_hello(SSL *ssl);
-int send_alert(SSL *ssl, int error_code);
-int send_finished(SSL *ssl);
-int send_certificate(SSL *ssl);
-int basic_read(SSL *ssl, uint8_t **in_data);
-int send_change_cipher_spec(SSL *ssl);
-int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
-void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
-void add_packet(SSL *ssl, const uint8_t *pkt, int len);
-int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
-void ssl_obj_free(SSLObjLoader *ssl_obj);
-int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
-int load_key_certs(SSL_CTX *ssl_ctx);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
-void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
-#endif
-#ifdef CONFIG_SSL_ENABLE_CLIENT
-int do_client_connect(SSL *ssl);
-#endif
-
-#ifdef CONFIG_SSL_FULL_MODE
-void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
-void DISPLAY_BYTES(SSL *ssl, const char *format, 
-        const uint8_t *data, int size, ...);
-void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
-void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
-void DISPLAY_ALERT(SSL *ssl, int alert);
-#else
-#define DISPLAY_STATE(A,B,C,D)
-#define DISPLAY_CERT(A,B)
-#define DISPLAY_RSA(A,B)
-#define DISPLAY_ALERT(A, B)
-#ifdef WIN32
-void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
-        const uint8_t *data, int size, ...);
-#else
-#define DISPLAY_BYTES(A,B,C,D,...)
-#endif
-#endif
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
-#endif
-
-SSL_SESSION *ssl_session_update(int max_sessions, 
-        SSL_SESSION *ssl_sessions[], SSL *ssl,
-        const uint8_t *session_id);
-void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif 
diff --git a/tools/sdk/axtls/ssl/tls1_clnt.c b/tools/sdk/axtls/ssl/tls1_clnt.c
deleted file mode 100644
index f670e704f6..0000000000
--- a/tools/sdk/axtls/ssl/tls1_clnt.c
+++ /dev/null
@@ -1,541 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "ssl.h"
-
-#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
-
-/* support sha512/384/256/1 RSA */
-static const uint8_t g_sig_alg[] = { 
-                0x00, SSL_EXT_SIG_ALG,
-                0x00, 0x0a, 0x00, 0x08,
-                SIG_ALG_SHA512, SIG_ALG_RSA,
-                SIG_ALG_SHA384, SIG_ALG_RSA,
-                SIG_ALG_SHA256, SIG_ALG_RSA,
-                SIG_ALG_SHA1, SIG_ALG_RSA 
-};
-
-static const uint8_t g_asn1_sha256[] = 
-{ 
-    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
-    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
-};
-
-static int send_client_hello(SSL *ssl);
-static int process_server_hello(SSL *ssl);
-static int process_server_hello_done(SSL *ssl);
-static int send_client_key_xchg(SSL *ssl);
-static int process_cert_req(SSL *ssl);
-static int send_cert_verify(SSL *ssl);
-
-/*
- * Establish a new SSL connection to an SSL server.
- */
-EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
-        uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext)
-{
-    SSL *ssl = ssl_new(ssl_ctx, client_fd);
-    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
-
-    if (session_id && ssl_ctx->num_sessions)
-    {
-        if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
-        {
-            ssl_free(ssl);
-            return NULL;
-        }
-
-        memcpy(ssl->session_id, session_id, sess_id_size);
-        ssl->sess_id_size = sess_id_size;
-        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
-    }
-
-    ssl->extensions = ssl_ext;
-
-    SET_SSL_FLAG(SSL_IS_CLIENT);
-    do_client_connect(ssl);
-    return ssl;
-}
-
-/*
- * Process the handshake record.
- */
-int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
-{
-    int ret;
-
-    /* To get here the state must be valid */
-    switch (handshake_type)
-    {
-        case HS_SERVER_HELLO:
-            ret = process_server_hello(ssl);
-            break;
-
-        case HS_CERTIFICATE:
-            ret = process_certificate(ssl, &ssl->x509_ctx);
-            break;
-
-        case HS_SERVER_HELLO_DONE:
-            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
-            {
-                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
-                {
-                    if ((ret = send_certificate(ssl)) == SSL_OK &&
-                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
-                    {
-                        send_cert_verify(ssl);
-                    }
-                }
-                else
-                {
-                    ret = send_client_key_xchg(ssl);
-                }
-
-                if (ret == SSL_OK && 
-                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
-                {
-                    ret = send_finished(ssl);
-                }
-            }
-            break;
-
-        case HS_CERT_REQ:
-            ret = process_cert_req(ssl);
-            break;
-
-        case HS_FINISHED:
-            ret = process_finished(ssl, buf, hs_len);
-            disposable_free(ssl);
-            if (ssl->ssl_ctx->options & SSL_READ_BLOCKING) {
-                ssl->flag |= SSL_READ_BLOCKING;
-            }
-            /* note: client renegotiation is not allowed after this */
-            break;
-
-        case HS_HELLO_REQUEST:
-            disposable_new(ssl);
-            ret = do_client_connect(ssl);
-            break;
-
-        default:
-            ret = SSL_ERROR_INVALID_HANDSHAKE;
-            break;
-    }
-
-    return ret;
-}
-
-/*
- * Do the handshaking from the beginning.
- */
-int do_client_connect(SSL *ssl)
-{
-    int ret = SSL_OK;
-
-    send_client_hello(ssl);                 /* send the client hello */
-    ssl->bm_read_index = 0;
-    ssl->next_state = HS_SERVER_HELLO;
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-
-    /* sit in a loop until it all looks good */
-    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
-    {
-        while (ssl->hs_status != SSL_OK)
-        {
-            ret = ssl_read(ssl, NULL);
-            
-            if (ret < SSL_OK)
-                break;
-        }
-
-        ssl->hs_status = ret;            /* connected? */    
-    }
-
-    return ret;
-}
-
-/*
- * Send the initial client hello.
- */
-static int send_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    time_t tm = time(NULL);
-    uint8_t *tm_ptr = &buf[6]; /* time will go here */
-    int i, offset, ext_offset;
-    int ext_len = 0;
-
-
-    buf[0] = HS_CLIENT_HELLO;
-    buf[1] = 0;
-    buf[2] = 0;
-    /* byte 3 is calculated later */
-    buf[4] = 0x03;
-    buf[5] = ssl->version & 0x0f;
-
-    /* client random value - spec says that 1st 4 bytes are big endian time */
-    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
-    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
-    if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
-        return SSL_NOT_OK;
-
-    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 6 + SSL_RANDOM_SIZE;
-
-    /* give session resumption a go */
-    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially by user */
-    {
-        buf[offset++] = ssl->sess_id_size;
-        memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
-        offset += ssl->sess_id_size;
-        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
-    }
-    else
-    {
-        /* no session id - because no session resumption just yet */
-        buf[offset++] = 0;
-    }
-
-    buf[offset++] = 0;              /* number of ciphers */
-    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
-
-    /* put all our supported protocols in our request */
-    for (i = 0; i < NUM_PROTOCOLS; i++)
-    {
-        buf[offset++] = 0;          /* cipher we are using */
-        buf[offset++] = ssl_prot_prefs[i];
-    }
-
-    buf[offset++] = 1;              /* no compression */
-    buf[offset++] = 0;
-
-    ext_offset = offset;
-
-    buf[offset++] = 0;              /* total length of extensions */
-    buf[offset++] = 0;
-
-    /* send the signature algorithm extension for TLS 1.2+ */
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
-    {
-        memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
-        offset += sizeof(g_sig_alg);
-        ext_len += sizeof(g_sig_alg);
-    }
-
-    if (ssl->extensions != NULL) 
-    {
-        /* send the host name if specified */
-        if (ssl->extensions->host_name != NULL) 
-        {
-            size_t host_len = strlen(ssl->extensions->host_name);
-            buf[offset++] = 0;
-            buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
-            buf[offset++] = 0;
-            buf[offset++] = host_len + 5; /* server_name length */
-            buf[offset++] = 0;
-            buf[offset++] = host_len + 3; /* server_list length */
-            buf[offset++] = 0; /* host_name(0) (255) */
-            buf[offset++] = 0;
-            buf[offset++] = host_len; /* host_name length */
-            strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
-            offset += host_len;
-            ext_len += host_len + 9;
-        }
-
-        if (ssl->extensions->max_fragment_size) 
-        {
-            buf[offset++] = 0;
-            buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
-
-            buf[offset++] = 0; // size of data
-            buf[offset++] = 2;
-
-            buf[offset++] = (uint8_t)
-                ((ssl->extensions->max_fragment_size >> 8) & 0xff);
-            buf[offset++] = (uint8_t)
-                (ssl->extensions->max_fragment_size & 0xff);
-            ext_len += 6;
-        }
-    }
-
-    if (ext_len > 0) 
-    {
-    	// update the extensions length value
-    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
-    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
-    }
-
-    buf[3] = offset - 4;            /* handshake size */
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-}
-
-/*
- * Process the server hello.
- */
-static int process_server_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int pkt_size = ssl->bm_index;
-    int num_sessions = ssl->ssl_ctx->num_sessions;
-    uint8_t sess_id_size;
-    int offset, ret = SSL_OK;
-
-    /* check that we are talking to a TLSv1 server */
-    uint8_t version = (buf[4] << 4) + buf[5];
-    if (version > SSL_PROTOCOL_VERSION_MAX)
-    {
-        version = SSL_PROTOCOL_VERSION_MAX;
-    }
-    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
-    {
-        ret = SSL_ERROR_INVALID_VERSION;
-        ssl_display_error(ret);
-        goto error;
-    }
-
-    ssl->version = version;
-
-    /* get the server random value */
-    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
-    sess_id_size = buf[offset++];
-
-    if (sess_id_size > SSL_SESSION_ID_SIZE)
-    {
-        ret = SSL_ERROR_INVALID_SESSION;
-        goto error;
-    }
-
-    if (num_sessions)
-    {
-        ssl->session = ssl_session_update(num_sessions,
-                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
-        memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
-
-        /* pad the rest with 0's */
-        if (sess_id_size < SSL_SESSION_ID_SIZE)
-        {
-            memset(&ssl->session->session_id[sess_id_size], 0,
-                SSL_SESSION_ID_SIZE-sess_id_size);
-        }
-    }
-
-    memcpy(ssl->session_id, &buf[offset], sess_id_size);
-    ssl->sess_id_size = sess_id_size;
-    offset += sess_id_size;
-
-    /* get the real cipher we are using - ignore MSB */
-    ssl->cipher = buf[++offset];
-    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
-                                        HS_FINISHED : HS_CERTIFICATE;
-
-    offset += 2; // ignore compression
-    PARANOIA_CHECK(pkt_size, offset);
-
-    ssl->dc->bm_proc_index = offset;
-    PARANOIA_CHECK(pkt_size, offset);
-
-    // no extensions
-error:
-    return ret;
-}
-
-/**
- * Process the server hello done message.
- */
-static int process_server_hello_done(SSL *ssl)
-{
-    ssl->next_state = HS_FINISHED;
-    return SSL_OK;
-}
-
-/*
- * Send a client key exchange message.
- */
-static int send_client_key_xchg(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    uint8_t premaster_secret[SSL_SECRET_SIZE];
-    int enc_secret_size = -1;
-
-    buf[0] = HS_CLIENT_KEY_XCHG;
-    buf[1] = 0;
-
-    // spec says client must use the what is initially negotiated -
-    // and this is our current version
-    premaster_secret[0] = 0x03; 
-    premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f; 
-    if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
-        return SSL_NOT_OK;
-
-    DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
-            SSL_SECRET_SIZE, &buf[6], 0);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    buf[2] = (enc_secret_size + 2) >> 8;
-    buf[3] = (enc_secret_size + 2) & 0xff;
-    buf[4] = enc_secret_size >> 8;
-    buf[5] = enc_secret_size & 0xff;
-
-    generate_master_secret(ssl, premaster_secret);
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
-}
-
-/*
- * Process the certificate request.
- */
-static int process_cert_req(SSL *ssl)
-{
-    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
-    int ret = SSL_OK;
-    int cert_req_size = (buf[2]<<8) + buf[3];
-    int offset = 4;
-    int pkt_size = ssl->bm_index;
-    uint8_t cert_type_len, sig_alg_len;
-
-    PARANOIA_CHECK(pkt_size, offset + cert_req_size);
-    ssl->dc->bm_proc_index = cert_req_size;
-
-    /* don't do any processing - we will send back an RSA certificate anyway */
-    ssl->next_state = HS_SERVER_HELLO_DONE;
-    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        // supported certificate types
-        cert_type_len = buf[offset++];
-        PARANOIA_CHECK(pkt_size, offset + cert_type_len);
-        offset += cert_type_len;
-        
-        // supported signature algorithms
-        sig_alg_len = buf[offset++] << 8;
-        sig_alg_len += buf[offset++];
-        PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
-        
-        while (sig_alg_len > 0)
-        {
-            uint8_t hash_alg = buf[offset++];
-            uint8_t sig_alg = buf[offset++];
-            sig_alg_len -= 2;
-
-            if (sig_alg == SIG_ALG_RSA && 
-                    (hash_alg == SIG_ALG_SHA1 ||
-                     hash_alg == SIG_ALG_SHA256 ||
-                     hash_alg == SIG_ALG_SHA384 ||
-                     hash_alg == SIG_ALG_SHA512))
-            {
-                ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
-            }
-        }
-    }
-
-error:
-    return ret;
-}
-
-/*
- * Send a certificate verify message.
- */
-static int send_cert_verify(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
-    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int n = 0, ret;
-    int offset = 0;
-    int dgst_len;
-
-    if (rsa_ctx == NULL)
-        return SSL_OK;
-
-    DISPLAY_RSA(ssl, rsa_ctx);
-
-    buf[0] = HS_CERT_VERIFY;
-    buf[1] = 0;
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        buf[4] = SIG_ALG_SHA256;
-        buf[5] = SIG_ALG_RSA;
-        offset = 6;
-        memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
-        dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) + 
-                        sizeof(g_asn1_sha256);
-    }
-    else
-    {
-        offset = 4;
-        dgst_len = finished_digest(ssl, NULL, dgst);
-    }
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    if (rsa_ctx)
-    {
-        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1);
-        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-        if (n == 0)
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto error;
-        }
-    }
-    
-    buf[offset] = n >> 8;        /* add the RSA size */
-    buf[offset+1] = n & 0xff;
-    n += 2;
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        n += 2; // sig/alg
-        offset -= 2;
-    }
-
-    buf[2] = n >> 8;
-    buf[3] = n & 0xff;
-    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset);
-
-error:
-    return ret;
-}
-
-#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/tools/sdk/axtls/ssl/tls1_svr.c b/tools/sdk/axtls/ssl/tls1_svr.c
deleted file mode 100644
index abc044552d..0000000000
--- a/tools/sdk/axtls/ssl/tls1_svr.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include "os_port.h"
-#include "ssl.h"
-
-static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
-static const uint8_t g_asn1_sha256[] = 
-{ 
-    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
-    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
-};
-
-static int process_client_hello(SSL *ssl);
-static int send_server_hello_sequence(SSL *ssl);
-static int send_server_hello(SSL *ssl);
-static int send_server_hello_done(SSL *ssl);
-static int process_client_key_xchg(SSL *ssl);
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-static int send_certificate_request(SSL *ssl);
-static int process_cert_verify(SSL *ssl);
-#endif
-
-/*
- * Establish a new SSL connection to an SSL client.
- */
-EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
-{
-    SSL *ssl;
-
-    ssl = ssl_new(ssl_ctx, client_fd);
-    ssl->next_state = HS_CLIENT_HELLO;
-
-#ifdef CONFIG_SSL_FULL_MODE
-    if (ssl_ctx->chain_length == 0)
-        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
-#endif
-
-    return ssl;
-}
-
-/*
- * Process the handshake record.
- */
-int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
-{
-    int ret = SSL_OK;
-    ssl->hs_status = SSL_NOT_OK;            /* not connected */
-
-    /* To get here the state must be valid */
-    switch (handshake_type)
-    {
-        case HS_CLIENT_HELLO:
-            if ((ret = process_client_hello(ssl)) == SSL_OK)
-                ret = send_server_hello_sequence(ssl);
-            break;
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-        case HS_CERTIFICATE:/* the client sends its cert */
-            ret = process_certificate(ssl, &ssl->x509_ctx);
-
-            if (ret == SSL_OK)    /* verify the cert */
-            { 
-                int cert_res;
-                int pathLenConstraint = 0;
-
-                cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, 
-                        ssl->x509_ctx, &pathLenConstraint);
-                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
-            }
-            break;
-
-        case HS_CERT_VERIFY:    
-            ret = process_cert_verify(ssl);
-            add_packet(ssl, buf, hs_len);   /* needs to be done after */
-            break;
-#endif
-        case HS_CLIENT_KEY_XCHG:
-            ret = process_client_key_xchg(ssl);
-            break;
-
-        case HS_FINISHED:
-            ret = process_finished(ssl, buf, hs_len);
-            disposable_free(ssl);   /* free up some memory */
-            break;
-    }
-
-    return ret;
-}
-
-/* 
- * Process a client hello message.
- */
-static int process_client_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int pkt_size = ssl->bm_index;
-    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
-    int ret = SSL_OK;
-    
-    uint8_t version = (buf[4] << 4) + buf[5];
-    ssl->version = ssl->client_version = version;
-
-    if (version > SSL_PROTOCOL_VERSION_MAX)
-    {
-        /* use client's version instead */
-        ssl->version = SSL_PROTOCOL_VERSION_MAX; 
-    }
-    else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
-    {
-        ret = SSL_ERROR_INVALID_VERSION;
-        ssl_display_error(ret);
-        goto error;
-    }
-
-    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
-
-    /* process the session id */
-    id_len = buf[offset++];
-    if (id_len > SSL_SESSION_ID_SIZE)
-    {
-        return SSL_ERROR_INVALID_SESSION;
-    }
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
-            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
-#endif
-
-    offset += id_len;
-    cs_len = (buf[offset]<<8) + buf[offset+1];
-    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
-
-    PARANOIA_CHECK(pkt_size, offset + cs_len);
-
-    /* work out what cipher suite we are going to use - client defines 
-       the preference */
-    for (i = 0; i < cs_len; i += 2)
-    {
-        for (j = 0; j < NUM_PROTOCOLS; j++)
-        {
-            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
-            {
-                ssl->cipher = ssl_prot_prefs[j];
-                goto do_compression;
-            }
-        }
-    }
-
-    /* ouch! protocol is not supported */
-    return SSL_ERROR_NO_CIPHER;
-
-    /* completely ignore compression */
-do_compression:
-    offset += cs_len;
-    id_len = buf[offset++];
-    offset += id_len;
-    PARANOIA_CHECK(pkt_size, offset + id_len);
-
-    if (offset == pkt_size)
-    {
-        /* no extensions */
-        goto error;
-    }
-
-    /* extension size */
-    id_len = buf[offset++] << 8;
-    id_len += buf[offset++];
-    PARANOIA_CHECK(pkt_size, offset + id_len);
-    
-    // Check for extensions from the client - only the signature algorithm
-    // is supported
-    while (offset < pkt_size) 
-    {
-        int ext = buf[offset++] << 8;
-        ext += buf[offset++];
-        int ext_len = buf[offset++] << 8;
-        ext_len += buf[offset++];
-        PARANOIA_CHECK(pkt_size, offset + ext_len);
-        
-        if (ext == SSL_EXT_SIG_ALG)
-        {
-            while (ext_len > 0)
-            {
-                uint8_t hash_alg = buf[offset++];
-                uint8_t sig_alg = buf[offset++];
-                ext_len -= 2;
-
-                if (sig_alg == SIG_ALG_RSA && 
-                        (hash_alg == SIG_ALG_SHA1 ||
-                         hash_alg == SIG_ALG_SHA256 ||
-                         hash_alg == SIG_ALG_SHA384 ||
-                         hash_alg == SIG_ALG_SHA512))
-                {
-                    ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
-                }
-            }
-        }
-        else
-        {
-            offset += ext_len;
-        }
-    }
-
-    /* default is RSA/SHA1 */
-    if (ssl->num_sig_algs == 0)
-    {
-        ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
-    }
-
-error:
-    return ret;
-}
-
-/*
- * Send the entire server hello sequence
- */
-static int send_server_hello_sequence(SSL *ssl)
-{
-    int ret;
-
-    if ((ret = send_server_hello(ssl)) == SSL_OK)
-    {
-#ifndef CONFIG_SSL_SKELETON_MODE
-        /* resume handshake? */
-        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
-        {
-            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
-            {
-                ret = send_finished(ssl);
-                ssl->next_state = HS_FINISHED;
-            }
-        }
-        else 
-#endif
-        if ((ret = send_certificate(ssl)) == SSL_OK)
-        {
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-            /* ask the client for its certificate */
-            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
-            {
-                if ((ret = send_certificate_request(ssl)) == SSL_OK)
-                {
-                    ret = send_server_hello_done(ssl);
-                    ssl->next_state = HS_CERTIFICATE;
-                }
-            }
-            else
-#endif
-            {
-                ret = send_server_hello_done(ssl);
-                ssl->next_state = HS_CLIENT_KEY_XCHG;
-            }
-        }
-    }
-
-    return ret;
-}
-
-/*
- * Send a server hello message.
- */
-static int send_server_hello(SSL *ssl)
-{
-    uint8_t *buf = ssl->bm_data;
-    int offset = 0;
-
-    buf[0] = HS_SERVER_HELLO;
-    buf[1] = 0;
-    buf[2] = 0;
-    /* byte 3 is calculated later */
-    buf[4] = 0x03;
-    buf[5] = ssl->version & 0x0f;
-
-    /* server random value */
-    if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0)
-        return SSL_NOT_OK;
-
-    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
-    offset = 6 + SSL_RANDOM_SIZE;
-
-#ifndef CONFIG_SSL_SKELETON_MODE
-    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
-    {
-        /* retrieve id from session cache */
-        buf[offset++] = SSL_SESSION_ID_SIZE;
-        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
-        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
-        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
-        offset += SSL_SESSION_ID_SIZE;
-    }
-    else    /* generate our own session id */
-#endif
-    {
-#ifndef CONFIG_SSL_SKELETON_MODE
-        buf[offset++] = SSL_SESSION_ID_SIZE;
-        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
-        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
-        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
-
-        /* store id in session cache */
-        if (ssl->ssl_ctx->num_sessions)
-        {
-            memcpy(ssl->session->session_id, 
-                    ssl->session_id, SSL_SESSION_ID_SIZE);
-        }
-
-        offset += SSL_SESSION_ID_SIZE;
-#else
-        buf[offset++] = 0;  /* don't bother with session id in skelton mode */
-#endif
-    }
-
-    buf[offset++] = 0;      /* cipher we are using */
-    buf[offset++] = ssl->cipher;
-    buf[offset++] = 0;      /* no compression and no extensions supported */
-    buf[3] = offset - 4;    /* handshake size */
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
-}
-
-/*
- * Send the server hello done message.
- */
-static int send_server_hello_done(SSL *ssl)
-{
-    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-                            g_hello_done, sizeof(g_hello_done));
-}
-
-/*
- * Pull apart a client key exchange message. Decrypt the pre-master key (using
- * our RSA private key) and then work out the master key. Initialise the
- * ciphers.
- */
-static int process_client_key_xchg(SSL *ssl)
-{
-    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
-    int pkt_size = ssl->bm_index;
-    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
-    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
-    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
-    int offset = 4;
-    int ret = SSL_OK;
-    
-    if (rsa_ctx == NULL)
-    {
-        ret = SSL_ERROR_NO_CERT_DEFINED;
-        goto error;
-    }
-
-    /* is there an extra size field? */
-    if ((secret_length - 2) == rsa_ctx->num_octets)
-        offset += 2;
-
-    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret,
-            sizeof(premaster_secret), 1);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (premaster_size != SSL_SECRET_SIZE || 
-            premaster_secret[0] != 0x03 ||  /* must be the same as client
-                                               offered version */
-                premaster_secret[1] != (ssl->client_version & 0x0f))
-    {
-        /* guard against a Bleichenbacher attack */
-        if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0)
-            return SSL_NOT_OK;
-
-        /* and continue - will die eventually when checking the mac */
-    }
-
-    generate_master_secret(ssl, premaster_secret);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
-                                            HS_CERT_VERIFY : HS_FINISHED;
-#else
-    ssl->next_state = HS_FINISHED; 
-#endif
-
-    ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
-error:
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 
-                0, 0x0e, 
-                1, 1, // rsa sign 
-                0x00, 0x08,
-                SIG_ALG_SHA256, SIG_ALG_RSA,
-                SIG_ALG_SHA512, SIG_ALG_RSA,
-                SIG_ALG_SHA384, SIG_ALG_RSA,
-                SIG_ALG_SHA1, SIG_ALG_RSA,
-                0, 0
-};
-
-static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
-
-/*
- * Send the certificate request message.
- */
-static int send_certificate_request(SSL *ssl)
-{
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-            g_cert_request, sizeof(g_cert_request));
-    }
-    else
-    {
-        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
-            g_cert_request_v1, sizeof(g_cert_request_v1));
-    }
-}
-
-/*
- * Ensure the client has the private key by first decrypting the packet and
- * then checking the packet digests.
- */
-static int process_cert_verify(SSL *ssl)
-{
-    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
-    int pkt_size = ssl->bm_index;
-    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
-    uint8_t dgst[MD5_SIZE + SHA1_SIZE];
-    X509_CTX *x509_ctx = ssl->x509_ctx;
-    int ret = SSL_OK;
-    int offset = 6;
-    int rsa_len;
-    int n;
-
-    DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        // TODO: should really need to be able to handle other algorihms. An 
-        // assumption is made on RSA/SHA256 and appears to be OK.
-        //uint8_t hash_alg = buf[4];
-        //uint8_t sig_alg = buf[5];
-        offset = 8;
-        rsa_len = (buf[6] << 8) + buf[7];
-    }
-    else
-    {
-        rsa_len = (buf[4] << 8) + buf[5];
-    }
-
-    PARANOIA_CHECK(pkt_size, offset + rsa_len);
-
-    /* rsa_ctx->bi_ctx is not thread-safe */
-    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
-    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, 
-                    sizeof(dgst_buf), 0);
-    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
-
-    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
-    {
-        if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto error;
-        }
-
-        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
-        if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto error;
-        }
-    }
-    else // TLS1.0/1.1
-    {
-        if (n != SHA1_SIZE + MD5_SIZE)
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-            goto end_cert_vfy;
-        }
-
-        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
-        if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
-        {
-            ret = SSL_ERROR_INVALID_KEY;
-        }
-    }
-
-end_cert_vfy:
-    ssl->next_state = HS_FINISHED;
-error:
-    return ret;
-}
-
-#endif
diff --git a/tools/sdk/axtls/ssl/version.h b/tools/sdk/axtls/ssl/version.h
deleted file mode 100644
index c9d6c252f2..0000000000
--- a/tools/sdk/axtls/ssl/version.h
+++ /dev/null
@@ -1 +0,0 @@
-#define AXTLS_VERSION    "2.1.2"
diff --git a/tools/sdk/axtls/ssl/x509.c b/tools/sdk/axtls/ssl/x509.c
deleted file mode 100644
index dbb9fd3dd3..0000000000
--- a/tools/sdk/axtls/ssl/x509.c
+++ /dev/null
@@ -1,899 +0,0 @@
-/*
- * Copyright (c) 2007-2016, Cameron Rich
- * 
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions are met:
- *
- * * Redistributions of source code must retain the above copyright notice, 
- *   this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice, 
- *   this list of conditions and the following disclaimer in the documentation 
- *   and/or other materials provided with the distribution.
- * * Neither the name of the axTLS project nor the names of its contributors 
- *   may be used to endorse or promote products derived from this software 
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * @file x509.c
- * 
- * Certificate processing.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "os_port.h"
-#include "crypto_misc.h"
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx);
-static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx);
-static int x509_v3_key_usage(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx);
-
-/**
- * Retrieve the signature from a certificate.
- */
-static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
-{
-    int offset = 0;
-    const uint8_t *ptr = NULL;
-
-    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
-            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
-        goto end_get_sig;
-
-    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
-        goto end_get_sig;
-    *len = get_asn1_length(asn1_sig, &offset);
-    ptr = &asn1_sig[offset];          /* all ok */
-
-end_get_sig:
-    return ptr;
-}
-
-#endif
-
-/**
- * Construct a new x509 object.
- * @return 0 if ok. < 0 if there was a problem.
- */
-int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
-{
-    int begin_tbs, end_tbs, begin_spki, end_spki;
-    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
-    int version = 0;
-    X509_CTX *x509_ctx;
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    BI_CTX *bi_ctx;
-#endif
-
-    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
-    x509_ctx = *ctx;
-
-    /* get the certificate size */
-    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    begin_tbs = offset;         /* start of the tbs */
-    end_tbs = begin_tbs;        /* work out the end of the tbs */
-    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
-
-    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    /* optional version */
-    if (cert[offset] == ASN1_EXPLICIT_TAG && 
-            asn1_version(cert, &offset, &version) == X509_NOT_OK)
-        goto end_cert;
-
-    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
-            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
-        goto end_cert;
-
-    /* make sure the signature is ok */
-    if (asn1_signature_type(cert, &offset, x509_ctx))
-    {
-        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
-        goto end_cert;
-    }
-
-    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
-            asn1_validity(cert, &offset, x509_ctx) ||
-            asn1_name(cert, &offset, x509_ctx->cert_dn))
-    {
-        goto end_cert;
-    }
-    begin_spki = offset;
-    if (asn1_public_key(cert, &offset, x509_ctx))
-        goto end_cert;
-    end_spki = offset;
-
-    x509_ctx->fingerprint = malloc(SHA1_SIZE);
-    SHA1_CTX sha_fp_ctx;
-    SHA1_Init(&sha_fp_ctx);
-    SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
-    SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
-
-    x509_ctx->spki_sha256 = malloc(SHA256_SIZE);
-    SHA256_CTX spki_hash_ctx;
-    SHA256_Init(&spki_hash_ctx);
-    SHA256_Update(&spki_hash_ctx, &cert[begin_spki], end_spki-begin_spki);
-    SHA256_Final(x509_ctx->spki_sha256, &spki_hash_ctx);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
-
-    /* use the appropriate signature algorithm */
-    switch (x509_ctx->sig_type)
-    {
-        case SIG_TYPE_MD5:
-        {
-            MD5_CTX md5_ctx;
-            uint8_t md5_dgst[MD5_SIZE];
-            MD5_Init(&md5_ctx);
-            MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-            MD5_Final(md5_dgst, &md5_ctx);
-            x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
-        }
-            break;
-
-        case SIG_TYPE_SHA1:
-        {
-            SHA1_CTX sha_ctx;
-            uint8_t sha_dgst[SHA1_SIZE];
-            SHA1_Init(&sha_ctx);
-            SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-            SHA1_Final(sha_dgst, &sha_ctx);
-            x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
-        }
-            break;
-
-        case SIG_TYPE_SHA256:
-        {
-            SHA256_CTX sha256_ctx;
-            uint8_t sha256_dgst[SHA256_SIZE];
-            SHA256_Init(&sha256_ctx);
-            SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-            SHA256_Final(sha256_dgst, &sha256_ctx);
-            x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
-        }
-            break;
-
-        case SIG_TYPE_SHA384:
-        {
-            SHA384_CTX sha384_ctx;
-            uint8_t sha384_dgst[SHA384_SIZE];
-            SHA384_Init(&sha384_ctx);
-            SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-            SHA384_Final(sha384_dgst, &sha384_ctx);
-            x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
-        }
-            break;
-
-        case SIG_TYPE_SHA512:
-        {
-            SHA512_CTX sha512_ctx;
-            uint8_t sha512_dgst[SHA512_SIZE];
-            SHA512_Init(&sha512_ctx);
-            SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
-            SHA512_Final(sha512_dgst, &sha512_ctx);
-            x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
-        }
-            break;
-    }
-
-    if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
-    {
-        x509_v3_subject_alt_name(cert, offset, x509_ctx);
-        x509_v3_basic_constraints(cert, offset, x509_ctx);
-        x509_v3_key_usage(cert, offset, x509_ctx);
-    }
-
-    offset = end_tbs;   /* skip the rest of v3 data */
-    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
-            asn1_signature(cert, &offset, x509_ctx))
-        goto end_cert;
-#endif
-    ret = X509_OK;
-end_cert:
-    if (len)
-    {
-        *len = cert_size;
-    }
-
-    if (ret)
-    {
-#ifdef CONFIG_SSL_FULL_MODE
-        char buff[64];
-        printf("Error: Invalid X509 ASN.1 file (%s)\n",
-                        x509_display_error(ret, buff));
-#endif
-        x509_free(x509_ctx);
-        *ctx = NULL;
-    }
-
-    return ret;
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
-static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx)
-{
-    if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
-    {
-        x509_ctx->subject_alt_name_present = true;
-        x509_ctx->subject_alt_name_is_critical = 
-                        asn1_is_critical_ext(cert, &offset);
-
-        if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
-        {
-            int altlen;
-
-            if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
-            {
-                int endalt = offset + altlen;
-                int totalnames = 0;
-
-                while (offset < endalt)
-                {
-                    int type = cert[offset++];
-                    int dnslen = get_asn1_length(cert, &offset);
-
-                    if (type == ASN1_CONTEXT_DNSNAME)
-                    {
-                        x509_ctx->subject_alt_dnsnames = (char**)
-                                realloc(x509_ctx->subject_alt_dnsnames, 
-                                   (totalnames + 2) * sizeof(char*));
-                        x509_ctx->subject_alt_dnsnames[totalnames] = 
-                                (char*)malloc(dnslen + 1);
-                        x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
-                        memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
-                                cert + offset, dnslen);
-                        x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
-                        totalnames++;
-                    }
-
-                    offset += dnslen;
-                }
-            }
-        }
-    }
-
-    return X509_OK;
-}
-
-/**
- * Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
- */
-static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx)
-{
-    int ret = X509_OK;
-
-    if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
-        goto end_contraints;
-
-    x509_ctx->basic_constraint_present = true;
-    x509_ctx->basic_constraint_is_critical = 
-                    asn1_is_critical_ext(cert, &offset);
-
-    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
-    		asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
-    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
-    		asn1_get_int(cert, &offset,
-    		                &x509_ctx->basic_constraint_pathLenConstraint) < 0)
-    {
-        ret = X509_NOT_OK;       
-    }
-
-end_contraints:
-    return ret;
-}
-
-/*
- * Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
- */
-static int x509_v3_key_usage(const uint8_t *cert, int offset, 
-        X509_CTX *x509_ctx)
-{
-    int ret = X509_OK;
-
-    if ((offset = asn1_is_key_usage(cert, offset)) == 0)
-        goto end_key_usage;
-
-    x509_ctx->key_usage_present = true;
-    x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
-
-    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
-    		asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
-    {
-        ret = X509_NOT_OK;       
-    }
-
-end_key_usage:
-    return ret;
-}
-#endif
-
-/**
- * Free an X.509 object's resources.
- */
-void x509_free(X509_CTX *x509_ctx)
-{
-    X509_CTX *next;
-    int i;
-
-    if (x509_ctx == NULL)       /* if already null, then don't bother */
-        return;
-
-    for (i = 0; i < X509_NUM_DN_TYPES; i++)
-    {
-        free(x509_ctx->ca_cert_dn[i]);
-        free(x509_ctx->cert_dn[i]);
-    }
-
-    free(x509_ctx->signature);
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION 
-    if (x509_ctx->digest)
-    {
-        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
-    }
-
-    if (x509_ctx->fingerprint)
-    {
-        free(x509_ctx->fingerprint);
-    }
-
-    if (x509_ctx->spki_sha256)
-    {
-        free(x509_ctx->spki_sha256);
-    }
-
-    if (x509_ctx->subject_alt_dnsnames)
-    {
-        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
-            free(x509_ctx->subject_alt_dnsnames[i]);
-
-        free(x509_ctx->subject_alt_dnsnames);
-    }
-#endif
-
-    RSA_free(x509_ctx->rsa_ctx);
-    next = x509_ctx->next;
-    free(x509_ctx);
-    x509_free(next);        /* clear the chain */
-}
-
-#ifdef CONFIG_SSL_CERT_VERIFICATION
-/**
- * Take a signature and decrypt it.
- */
-static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
-        bigint *modulus, bigint *pub_exp)
-{
-    int i, size;
-    bigint *decrypted_bi, *dat_bi;
-    bigint *bir = NULL;
-    uint8_t *block = (uint8_t *)malloc(sig_len);
-
-    /* decrypt */
-    dat_bi = bi_import(ctx, sig, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    /* convert to a normal block */
-    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
-
-    bi_export(ctx, decrypted_bi, block, sig_len);
-    ctx->mod_offset = BIGINT_M_OFFSET;
-
-    i = 10; /* start at the first possible non-padded byte */
-    while (block[i++] && i < sig_len);
-    size = sig_len - i;
-
-    /* get only the bit we want */
-    if (size > 0)
-    {
-        int len;
-        const uint8_t *sig_ptr = get_signature(&block[i], &len);
-
-        if (sig_ptr)
-        {
-            bir = bi_import(ctx, sig_ptr, len);
-        }
-    }
-    free(block);
-    /* save a few bytes of memory */
-    bi_clear_cache(ctx);
-    return bir;
-}
-
-/**
- * Do some basic checks on the certificate chain.
- *
- * Certificate verification consists of a number of checks:
- * - The date of the certificate is after the start date.
- * - The date of the certificate is before the finish date.
- * - A root certificate exists in the certificate store.
- * - That the certificate(s) are not self-signed.
- * - The certificate chain is valid.
- * - The signature of the certificate is valid.
- * - Basic constraints 
- */
-int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
-        int *pathLenConstraint) 
-{
-    int ret = X509_OK, i = 0;
-    bigint *cert_sig;
-    X509_CTX *next_cert = NULL;
-    BI_CTX *ctx = NULL;
-    bigint *mod = NULL, *expn = NULL;
-    int match_ca_cert = 0;
-    struct timeval tv;
-    uint8_t is_self_signed = 0;
-
-    if (cert == NULL)
-    {
-        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-        goto end_verify;
-    }
-
-    /* a self-signed certificate that is not in the CA store - use this 
-       to check the signature */
-    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
-    {
-        is_self_signed = 1;
-        ctx = cert->rsa_ctx->bi_ctx;
-        mod = cert->rsa_ctx->m;
-        expn = cert->rsa_ctx->e;
-    }
-
-    gettimeofday(&tv, NULL);
-
-    /* check the not before date */
-    if (tv.tv_sec < cert->not_before)
-    {
-        ret = X509_VFY_ERROR_NOT_YET_VALID;
-        goto end_verify;
-    }
-
-    /* check the not after date */
-    if (tv.tv_sec > cert->not_after)
-    {
-        ret = X509_VFY_ERROR_EXPIRED;
-        goto end_verify;
-    }
-
-    if (cert->basic_constraint_present)
-    {
-    	/* If the cA boolean is not asserted,
-    	   then the keyCertSign bit in the key usage extension MUST NOT be
-    	   asserted. */
-    	if (!cert->basic_constraint_cA &&
-                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
-		{
-			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
-			goto end_verify;
-		}
-
-        /* The pathLenConstraint field is meaningful only if the cA boolean is
-           asserted and the key usage extension, if present, asserts the
-           keyCertSign bit.  In this case, it gives the maximum number of 
-           non-self-issued intermediate certificates that may follow this 
-           certificate in a valid certification path. */
-		if (cert->basic_constraint_cA &&
-            (!cert->key_usage_present || 
-                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
-            (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
-		{
-			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
-			goto end_verify;
-		}
-    }
-
-    next_cert = cert->next;
-
-    /* last cert in the chain - look for a trusted cert */
-    if (next_cert == NULL)
-    {
-       if (ca_cert_ctx != NULL) 
-       {
-            /* go thru the CA store */
-            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
-            {
-                /* the extension is present but the cA boolean is not 
-                   asserted, then the certified public key MUST NOT be used 
-                   to verify certificate signatures. */
-                if (cert->basic_constraint_present && 
-                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
-                    continue;
-                        
-                if (asn1_compare_dn(cert->ca_cert_dn,
-                                            ca_cert_ctx->cert[i]->cert_dn) == 0)
-                {
-                    /* use this CA certificate for signature verification */
-                    match_ca_cert = true;
-                    ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
-                    mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
-                    expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
-
-
-                    break;
-                }
-
-                i++;
-            }
-        }
-
-        /* couldn't find a trusted cert (& let self-signed errors 
-           be returned) */
-        if (!match_ca_cert && !is_self_signed)
-        {
-            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
-            goto end_verify;
-        }
-    }
-    else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
-    {
-        /* check the chain */
-        ret = X509_VFY_ERROR_INVALID_CHAIN;
-        goto end_verify;
-    }
-    else /* use the next certificate in the chain for signature verify */
-    {
-        ctx = next_cert->rsa_ctx->bi_ctx;
-        mod = next_cert->rsa_ctx->m;
-        expn = next_cert->rsa_ctx->e;
-    }
-
-    /* cert is self signed */
-    if (!match_ca_cert && is_self_signed)
-    {
-        ret = X509_VFY_ERROR_SELF_SIGNED;
-        goto end_verify;
-    }
-
-    /* check the signature */
-    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
-                        bi_clone(ctx, mod), bi_clone(ctx, expn));
-
-    if (cert_sig && cert->digest)
-    {
-        if (bi_compare(cert_sig, cert->digest) != 0)
-            ret = X509_VFY_ERROR_BAD_SIGNATURE;
-
-
-        bi_free(ctx, cert_sig);
-    }
-    else
-    {
-        ret = X509_VFY_ERROR_BAD_SIGNATURE;
-    }
-
-    if (ret)
-        goto end_verify;
-
-    /* go down the certificate chain using recursion. */
-    if (next_cert != NULL)
-    {
-    	(*pathLenConstraint)++; /* don't include last certificate */
-        ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
-    }
-
-end_verify:
-    return ret;
-}
-#endif
-
-#if defined (CONFIG_SSL_FULL_MODE)
-/**
- * Used for diagnostics.
- */
-static const char *not_part_of_cert = "<Not Part Of Certificate>";
-void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
-{
-    if (cert == NULL)
-        return;
-
-    printf("=== CERTIFICATE ISSUED TO ===\n");
-    printf("Common Name (CN):\t\t");
-    printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
-                    cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
-
-    printf("Organization (O):\t\t");
-    printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
-        cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
-
-    if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT]) 
-    {
-        printf("Organizational Unit (OU):\t");
-        printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
-    }
-
-    if (cert->cert_dn[X509_LOCATION]) 
-    {
-        printf("Location (L):\t\t\t");
-        printf("%s\n", cert->cert_dn[X509_LOCATION]);
-    }
-
-    if (cert->cert_dn[X509_COUNTRY]) 
-    {
-        printf("Country (C):\t\t\t");
-        printf("%s\n", cert->cert_dn[X509_COUNTRY]);
-    }
-
-    if (cert->cert_dn[X509_STATE]) 
-    {
-        printf("State (ST):\t\t\t");
-        printf("%s\n", cert->cert_dn[X509_STATE]);
-    }
-
-    if (cert->basic_constraint_present)
-    {
-        printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
-                cert->basic_constraint_is_critical ? 
-                    "critical, " : "",
-                cert->basic_constraint_cA? "TRUE" : "FALSE",
-                cert->basic_constraint_pathLenConstraint);
-    }
-
-    if (cert->key_usage_present)
-    {
-        printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ? 
-                    "critical, " : "");
-        bool has_started = false;
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
-        {
-            printf("Digital Signature");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Non Repudiation");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Key Encipherment");
-            has_started = true;
-        }
-        
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Data Encipherment");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Key Agreement");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Key Cert Sign");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("CRL Sign");
-            has_started = true;
-        }
-       
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Encipher Only");
-            has_started = true;
-        }
-
-        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
-        {
-            if (has_started)
-                printf(", ");
-
-            printf("Decipher Only");
-            has_started = true;
-        }
-
-        printf("\n");
-    }
-
-    if (cert->subject_alt_name_present)
-    {
-        printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical 
-                ?  "critical, " : "");
-        if (cert->subject_alt_dnsnames)
-        {
-            int i = 0;
-
-            while (cert->subject_alt_dnsnames[i])
-                printf("%s ", cert->subject_alt_dnsnames[i++]);
-        }
-        printf("\n");
-
-    }
-
-    printf("=== CERTIFICATE ISSUED BY ===\n");
-    printf("Common Name (CN):\t\t");
-    printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
-                    cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
-
-    printf("Organization (O):\t\t");
-    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
-        cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
-
-    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]) 
-    {
-        printf("Organizational Unit (OU):\t");
-        printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
-    }
-
-    if (cert->ca_cert_dn[X509_LOCATION]) 
-    {
-        printf("Location (L):\t\t\t");
-        printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
-    }
-
-    if (cert->ca_cert_dn[X509_COUNTRY]) 
-    {
-        printf("Country (C):\t\t\t");
-        printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
-    }
-
-    if (cert->ca_cert_dn[X509_STATE]) 
-    {
-        printf("State (ST):\t\t\t");
-        printf("%s\n", cert->ca_cert_dn[X509_STATE]);
-    }
-
-    printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
-    printf("Not After:\t\t\t%s", ctime(&cert->not_after));
-    printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
-    printf("Sig Type:\t\t\t");
-    switch (cert->sig_type)
-    {
-        case SIG_TYPE_MD5:
-            printf("MD5\n");
-            break;
-        case SIG_TYPE_SHA1:
-            printf("SHA1\n");
-            break;
-        case SIG_TYPE_SHA256:
-            printf("SHA256\n");
-            break;
-        case SIG_TYPE_SHA384:
-            printf("SHA384\n");
-            break;
-        case SIG_TYPE_SHA512:
-            printf("SHA512\n");
-            break;
-        default:
-            printf("Unrecognized: %d\n", cert->sig_type);
-            break;
-    }
-
-    if (ca_cert_ctx)
-    {
-        int pathLenConstraint = 0;
-        char buff[64];
-        printf("Verify:\t\t\t\t%s\n",
-                x509_display_error(x509_verify(ca_cert_ctx, cert,
-                        &pathLenConstraint), buff));
-    }
-
-#if 0
-    print_blob("Signature", cert->signature, cert->sig_len);
-    bi_print("Modulus", cert->rsa_ctx->m);
-    bi_print("Pub Exp", cert->rsa_ctx->e);
-#endif
-
-    if (ca_cert_ctx)
-    {
-        x509_print(cert->next, ca_cert_ctx);
-    }
-
-    TTY_FLUSH();
-}
-
-const char * x509_display_error(int error, char *buff)
-{
-    switch (error)
-    {
-        case X509_OK:
-            strcpy_P(buff, "Certificate verify successful");
-            return buff;
-
-        case X509_NOT_OK:
-            strcpy_P(buff, "X509 not ok");
-            return buff;
-
-        case X509_VFY_ERROR_NO_TRUSTED_CERT:
-            strcpy_P(buff, "No trusted cert is available");
-            return buff;
-
-        case X509_VFY_ERROR_BAD_SIGNATURE:
-            strcpy_P(buff, "Bad signature");
-            return buff;
-
-        case X509_VFY_ERROR_NOT_YET_VALID:
-            strcpy_P(buff, "Cert is not yet valid");
-            return buff;
-
-        case X509_VFY_ERROR_EXPIRED:
-            strcpy_P(buff, "Cert has expired");
-            return buff;
-
-        case X509_VFY_ERROR_SELF_SIGNED:
-            strcpy_P(buff, "Cert is self-signed");
-            return buff;
-
-        case X509_VFY_ERROR_INVALID_CHAIN:
-            strcpy_P(buff, "Chain is invalid (check order of certs)");
-            return buff;
-
-        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
-            strcpy_P(buff, "Unsupported digest");
-            return buff;
-
-        case X509_INVALID_PRIV_KEY:
-            strcpy_P(buff, "Invalid private key");
-            return buff;
-
-        case X509_VFY_ERROR_BASIC_CONSTRAINT:
-            strcpy_P(buff, "Basic constraint invalid");
-            return buff;
-
-        default:
-            strcpy_P(buff, "Unknown");
-            return buff;
-    }
-}
-#endif      /* CONFIG_SSL_FULL_MODE */
-
diff --git a/tools/sdk/axtls/tools/make_certs.sh b/tools/sdk/axtls/tools/make_certs.sh
deleted file mode 100644
index fc6cc90ae8..0000000000
--- a/tools/sdk/axtls/tools/make_certs.sh
+++ /dev/null
@@ -1,256 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2007-2016, Cameron Rich
-#
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice,
-#   this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the name of the axTLS project nor the names of its
-#   contributors may be used to endorse or promote products derived
-#   from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
-# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-AXDIR=`pwd`/`dirname $0`
-CWD=`mktemp -d` && cd $dir
-cd $CWD 
-
-#
-# Generate the certificates and keys for testing.
-#
-
-PROJECT_NAME="axTLS Project"
-
-# Generate the openssl configuration files.
-cat > ca_cert.conf << EOF  
-[ req ]
-distinguished_name      = req_distinguished_name
-prompt                  = no
-req_extensions          = v3_ca
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Dodgy Certificate Authority
-
-[ v3_ca ]
-basicConstraints        = critical, CA:true
-keyUsage                = critical, cRLSign, keyCertSign, digitalSignature
-EOF
-
-cat > certs.conf << EOF  
-[ req ]
-distinguished_name      = req_distinguished_name
-prompt                  = no
-req_extensions          = v3_usr_cert
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME
- CN                     = localhost
-
-[ v3_usr_cert ]
-basicConstraints        = critical, CA:false
-keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName          = @alt_names
- 
-[alt_names]
-DNS.1 = www.example.net
-DNS.2 = www.example.org
-EOF
-
-cat > device_cert.conf << EOF  
-[ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Device Certificate
-EOF
-
-cat > intermediate_ca.conf << EOF  
-[ req ]
-distinguished_name     = req_distinguished_name
-prompt                 = no
-req_extensions         = v3_intermediate_ca
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Intermediate CA
-
-[ v3_intermediate_ca ]
-basicConstraints        = critical, CA:true, pathlen:0
-keyUsage                = cRLSign, keyCertSign, digitalSignature
-EOF
-
-cat > intermediate_ca2.conf << EOF  
-[ req ]
-distinguished_name      = req_distinguished_name
-prompt                  = no
-req_extensions          = v3_intermediate_ca2
-
-[ req_distinguished_name ]
- O                      = $PROJECT_NAME Intermediate 2 CA
-
-[ v3_intermediate_ca2 ]
-basicConstraints        = critical, CA:true, pathlen:10
-keyUsage                = encipherOnly, keyCertSign, decipherOnly
-EOF
-
-# private key generation
-openssl genrsa -out axTLS.ca_key.pem 2048
-openssl genrsa -out axTLS.key_1024.pem 1024
-openssl genrsa -out axTLS.key_2048.pem 2048
-openssl genrsa -out axTLS.key_4096.pem 4096
-openssl genrsa -out axTLS.key_device.pem 2048
-openssl genrsa -out axTLS.key_intermediate_ca.pem 2048
-openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048
-openssl genrsa -out axTLS.key_end_chain.pem 2048
-openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
-openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
-
-# convert private keys into DER format
-openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
-openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
-openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
-
-# cert requests
-openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \
-            -config ./ca_cert.conf 
-openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \
-            -config ./certs.conf 
-openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \
-            -config ./device_cert.conf
-openssl req -out axTLS.x509_intermediate_ca.csr \
-            -key axTLS.key_intermediate_ca.pem -new \
-            -config ./intermediate_ca.conf
-openssl req -out axTLS.x509_intermediate_ca2.csr \
-            -key axTLS.key_intermediate_ca2.pem -new \
-            -config ./intermediate_ca2.conf
-openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
-            -config ./certs.conf
-openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
-            -new -config ./certs.conf -passin pass:abcd
-openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \
-            -new -config ./certs.conf -passin pass:abcd
-
-# generate the actual certs.
-openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \
-            -sha1 -days 5000 -signkey axTLS.ca_key.pem \
-            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
-openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
-            -sha256 -days 5000 -signkey axTLS.ca_key.pem \
-            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \
-            -sha256 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
-            -sha384 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
-            -sha512 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
-openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \
-            -sha256 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
-            -extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
-openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
-            -sha256 -CAcreateserial -days 5000 \
-            -CA axTLS.x509_intermediate_ca.pem \
-            -CAkey axTLS.key_intermediate_ca.pem \
-            -extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
-openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
-            -sha256 -CAcreateserial -days 5000 \
-            -CA axTLS.x509_intermediate_ca.pem \
-            -CAkey axTLS.key_intermediate_ca.pem \
-            -extfile ./certs.conf -extensions v3_usr_cert 
-# basic constraint path len failure
-openssl x509 -req -in axTLS.x509_end_chain.csr \
-            -out axTLS.x509_end_chain_bad.pem \
-            -sha256 -CAcreateserial -days 5000 \
-            -CA axTLS.x509_intermediate_ca2.pem \
-            -CAkey axTLS.key_intermediate_ca2.pem \
-            -extfile ./certs.conf -extensions v3_usr_cert 
-cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem 
-openssl x509 -req -in axTLS.x509_aes128.csr \
-            -out axTLS.x509_aes128.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-openssl x509 -req -in axTLS.x509_aes256.csr \
-            -out axTLS.x509_aes256.pem \
-            -sha1 -CAcreateserial -days 5000 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-
-# note: must be root to do this
-DATE_NOW=`date`
-if date -s "Jan 1 2025"; then
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \
-            -sha1 -CAcreateserial -days 365 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-date -s "$DATE_NOW"
-touch axTLS.x509_bad_before.pem
-fi
-openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \
-            -sha1 -CAcreateserial -days -365 \
-            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
-
-# some cleanup
-rm axTLS*.csr
-rm *.srl
-rm *.conf
-
-# need this for the client tests
-openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
-openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
-openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
-openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
-
-# generate pkcs8 files (use RC4-128 for encryption)
-openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
-openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
-openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
-openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
-
-# generate pkcs12 files (use RC4-128 for encryption)
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
-openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
-
-# PEM certificate chain
-cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
-
-# set default key/cert for use in the server
-xxd -i axTLS.x509_1024.cer | sed -e \
-        "s/axTLS_x509_1024_cer/default_certificate/" > $AXDIR/../ssl/cert.h
-xxd -i axTLS.key_1024 | sed -e \
-        "s/axTLS_key_1024/default_private_key/" > $AXDIR/../ssl/private_key.h
diff --git a/tools/sdk/axtls/util/time.h b/tools/sdk/axtls/util/time.h
deleted file mode 100644
index 78e37b1d39..0000000000
--- a/tools/sdk/axtls/util/time.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef TIME_H
-#define TIME_H
-
-struct timeval
-{
-  time_t tv_sec;
-  long   tv_usec;
-};
-
-
-#endif //TIME_H
diff --git a/tools/sdk/axtls/www/index.html b/tools/sdk/axtls/www/index.html
deleted file mode 100755
index 2b1d8b3eb6..0000000000
--- a/tools/sdk/axtls/www/index.html
+++ /dev/null
@@ -1,7103 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<script type="text/javascript">
-//<![CDATA[
-var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
-//]]>
-</script>
-<!--
-TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
-
-Copyright (c) Osmosoft Limited 2004-2006
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-Redistributions in binary form must reproduce the above copyright notice, this
-list of conditions and the following disclaimer in the documentation and/or other
-materials provided with the distribution.
-
-Neither the name of the Osmosoft Limited nor the names of its contributors may be
-used to endorse or promote products derived from this software without specific
-prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
-SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGE.
--->
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
-<!--PRE-HEAD-START-->
-<!--{{{-->
-<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
-<!--}}}-->
-<!--PRE-HEAD-END-->
-<title> axTLS Embedded SSL - changes, notes and errata </title>
-<script type="text/javascript">
-//<![CDATA[
-// ---------------------------------------------------------------------------------
-// Configuration repository
-// ---------------------------------------------------------------------------------
-
-// Miscellaneous options
-var config = {
-    numRssItems: 20, // Number of items in the RSS feed
-    animFast: 0.12, // Speed for animations (lower == slower)
-    animSlow: 0.01, // Speed for EasterEgg animations
-    cascadeFast: 20, // Speed for cascade animations (higher == slower)
-    cascadeSlow: 60, // Speed for EasterEgg cascade animations
-    cascadeDepth: 5, // Depth of cascade animation
-    displayStartupTime: false // Whether to display startup time
-    };
-
-// Messages
-config.messages = {
-    messageClose: {},
-    dates: {}
-};
-
-// Options that can be set in the options panel and/or cookies
-config.options = {
-    chkRegExpSearch: false,
-    chkCaseSensitiveSearch: false,
-    chkAnimate: true,
-    chkSaveBackups: true,
-    chkAutoSave: false,
-    chkGenerateAnRssFeed: false,
-    chkSaveEmptyTemplate: false,
-    chkOpenInNewWindow: true,
-    chkToggleLinks: false,
-    chkHttpReadOnly: true,
-    chkForceMinorUpdate: false,
-    chkConfirmDelete: true,
-    chkInsertTabs: false,
-    txtBackupFolder: "",
-    txtMainTab: "tabTimeline",
-    txtMoreTab: "moreTabAll",
-    txtMaxEditRows: "30"
-    };
-
-// List of notification functions to be called when certain tiddlers are changed or deleted
-config.notifyTiddlers = [
-    {name: "StyleSheetLayout", notify: refreshStyles},
-    {name: "StyleSheetColors", notify: refreshStyles},
-    {name: "StyleSheet", notify: refreshStyles},
-    {name: "StyleSheetPrint", notify: refreshStyles},
-    {name: "PageTemplate", notify: refreshPageTemplate},
-    {name: "SiteTitle", notify: refreshPageTitle},
-    {name: "SiteSubtitle", notify: refreshPageTitle},
-    {name: "ColorPalette", notify: refreshColorPalette},
-    {name: null, notify: refreshDisplay}
-    ];
-
-// Default tiddler templates
-var DEFAULT_VIEW_TEMPLATE = 1;
-var DEFAULT_EDIT_TEMPLATE = 2;
-config.tiddlerTemplates = {
-    1: "ViewTemplate",
-    2: "EditTemplate"
-    };
-
-// More messages (rather a legacy layout that shouldn't really be like this)
-config.views = {
-    wikified: {
-        tag: {}
-        },
-    editor: {
-        tagChooser: {}
-        }
-    };
-
-// Macros; each has a 'handler' member that is inserted later
-config.macros = {
-    today: {},
-    version: {},
-    search: {sizeTextbox: 15},
-    tiddler: {},
-    tag: {},
-    tags: {},
-    tagging: {},
-    timeline: {},
-    allTags: {},
-    list: {
-        all: {},
-        missing: {},
-        orphans: {},
-        shadowed: {}
-        },
-    closeAll: {},
-    permaview: {},
-    saveChanges: {},
-    slider: {},
-    option: {},
-    newTiddler: {},
-    newJournal: {},
-    sparkline: {},
-    tabs: {},
-    gradient: {},
-    message: {},
-    view: {},
-    edit: {},
-    tagChooser: {},
-    toolbar: {},
-    br: {},
-    plugins: {},
-    refreshDisplay: {},
-    importTiddlers: {}
-    };
-
-// Commands supported by the toolbar macro
-config.commands = {
-    closeTiddler: {},
-    closeOthers: {},
-    editTiddler: {},
-    saveTiddler: {hideReadOnly: true},
-    cancelTiddler: {},
-    deleteTiddler: {hideReadOnly: true},
-    permalink: {},
-    references: {},
-    jump: {}
-    };
-
-// Browser detection... In a very few places, there's nothing else for it but to
-// know what browser we're using.
-config.userAgent = navigator.userAgent.toLowerCase();
-config.browser = {
-    isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
-    ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
-    isSafari: config.userAgent.indexOf("applewebkit") != -1,
-    isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
-    firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
-    isOpera: config.userAgent.indexOf("opera") != -1,
-    isLinux: config.userAgent.indexOf("linux") != -1,
-    isUnix: config.userAgent.indexOf("x11") != -1,
-    isMac: config.userAgent.indexOf("mac") != -1,
-    isWindows: config.userAgent.indexOf("win") != -1
-    };
-
-// Basic regular expressions
-config.textPrimitives = {
-    upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
-    lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
-    anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
-    anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
-    };
-if(config.browser.isBadSafari)
-    config.textPrimitives = {
-        upperLetter: "[A-Z\u00c0-\u00de]",
-        lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
-        anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
-        anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
-        }
-config.textPrimitives.sliceSeparator = "::";
-config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
-config.textPrimitives.unWikiLink = "~";
-config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
-                                                config.textPrimitives.lowerLetter + "+" +
-                                                config.textPrimitives.upperLetter +
-                                                config.textPrimitives.anyLetter + "*)|(?:" +
-                                                config.textPrimitives.upperLetter + "{2,}" +
-                                                config.textPrimitives.lowerLetter + "+))";
-
-config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
-config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
-
-config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
-config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
-config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
-    config.textPrimitives.brackettedLink + ")|(?:" +
-    config.textPrimitives.urlPattern + ")","mg");
-config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
-    config.textPrimitives.titledBrackettedLink + ")|(?:" +
-    config.textPrimitives.brackettedLink + ")|(?:" +
-    config.textPrimitives.urlPattern + ")","mg");
-
-// ---------------------------------------------------------------------------------
-// Shadow tiddlers
-// ---------------------------------------------------------------------------------
-
-config.shadowTiddlers = {
-    ColorPalette: "Background: #fff\n" +
-                  "Foreground: #000\n" +
-                  "PrimaryPale: #8cf\n" +
-                  "PrimaryLight: #18f\n" +
-                  "PrimaryMid: #04b\n" +
-                  "PrimaryDark: #014\n" +
-                  "SecondaryPale: #ffc\n" +
-                  "SecondaryLight: #fe8\n" +
-                  "SecondaryMid: #db4\n" +
-                  "SecondaryDark: #841\n" +
-                  "TertiaryPale: #eee\n" +
-                  "TertiaryLight: #ccc\n" +
-                  "TertiaryMid: #999\n" +
-                  "TertiaryDark: #666\n" +
-                  "Error: #f88\n",
-    StyleSheet: "",
-    StyleSheetColors: "/*{{{*/\nbody {\n    background: [[ColorPalette::Background]];\n color: [[ColorPalette::Foreground]];\n}\n\na{\n color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n   background: [[ColorPalette::PrimaryMid]];\n color: [[ColorPalette::Background]];\n}\n\na img{\n border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n color: [[ColorPalette::SecondaryDark]];\n   background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n    color: [[ColorPalette::PrimaryDark]];\n border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::SecondaryLight]];\n border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n    background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n   color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n  font-weight: normal;\n  color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n    color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n  font-weight: normal;\n  color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border-left: 1px solid [[ColorPalette::TertiaryLight]];\n   border-top: 1px solid [[ColorPalette::TertiaryLight]];\n    border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n   color: [[ColorPalette::Background]];\n  background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n   color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n    border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n  background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n   color: [[ColorPalette::PrimaryMid]];\n  background: [[ColorPalette::Background]];\n}\n\n.wizard {\n background: [[ColorPalette::SecondaryLight]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n    color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n  background: [[ColorPalette::Background]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n  border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n    color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n  color: [[ColorPalette::PrimaryLight]];\n    background: [[ColorPalette::PrimaryDark]];\n    border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n    background: [[ColorPalette::SecondaryMid]];\n   color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n    padding: 0.2em 0.2em 0.2em 0.2em;\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::Background]];\n}\n\n.popup {\n  background: [[ColorPalette::PrimaryLight]];\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px;\n}\n\n.listBreak div{\n border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n    color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n color: [[ColorPalette::TertiaryPale]];\n    border: none;\n}\n\n.popup li a:hover {\n   background: [[ColorPalette::PrimaryDark]];\n    color: [[ColorPalette::Background]];\n  border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n   color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n    border: 1px solid [[ColorPalette::TertiaryPale]];\n background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n   background-color: [[ColorPalette::TertiaryLight]];\n    border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n  color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n       border: none;\n}\n\n.footer {\n color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n  background: [[ColorPalette::PrimaryPale]];\n    border: 0;\n}\n\n.sparktick {\n background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n   color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::Error]];\n}\n\n.warning {\n color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n background: [[ColorPalette::TertiaryPale]];\n   color: [[ColorPalette::TertiaryMid]];\n border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n  background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n    border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n  border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n  border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n    background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n border: 1px solid [[ColorPalette::SecondaryLight]];\n   background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n    border: 0;\n    border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n    background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n   width: 100%;\n}\n\n.editorFooter {\n    color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
-    StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n   font-size: .75em;\n font-family: arial,helvetica;\n margin: 0;\n    padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n    font-weight: bold;\n    text-decoration: none;\n    padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n  height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n  border: 0;\n}\n\n.externalLink {\n  text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n  font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n   font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n        position: relative;\n}\n\n.header a:hover {\n   background: transparent;\n}\n\n.headerShadow {\n    position: relative;\n   padding: 4.5em 0em 1em 1em;\n   left: -1px;\n   top: -1px;\n}\n\n.headerForeground {\n  position: absolute;\n   padding: 4.5em 0em 1em 1em;\n   left: 0px;\n    top: 0px;\n}\n\n.siteTitle {\n  font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n#mainMenu {\n   position: absolute;\n   left: 0;\n  width: 10em;\n  text-align: right;\n    line-height: 1.6em;\n   padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n#sidebar {\n    position: absolute;\n   right: 3px;\n   width: 16em;\n  font-size: .9em;\n}\n\n#sidebarOptions {\n  padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n    padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n   font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n  font-weight: bold;\n    display: inline;\n  padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n    margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n width: 15em;\n  overflow: hidden;\n}\n\n.wizard {\n padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n    font-size: 2em;\n   font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n   font-size: 1.2em;\n font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n  padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n margin: 0.5em 0em 0em 0em;\n    font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n    text-decoration: underline;\n}\n\n.popup {\n    font-size: .9em;\n  padding: 0.2em;\n   list-style: none;\n margin: 0;\n}\n\n.popup hr {\n  display: block;\n   height: 1px;\n  width: auto;\n  padding: 0;\n   margin: 0.2em 0em;\n}\n\n.listBreak {\n font-size: 1px;\n   line-height: 1px;\n}\n\n.listBreak div {\n  margin: 2px 0;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n    display: block;\n   padding: 0.2em;\n}\n\n.tabset {\n   padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n  margin: 0em 0em 0em 0.25em;\n   padding: 2px;\n}\n\n.tabContents {\n    padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n  margin: 0;\n    padding: 0;\n}\n\n.txtMainTab .tabContents li {\n   list-style: none;\n}\n\n.tabContents li.listLink {\n     margin-left: .75em;\n}\n\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n    font-size: .9em;\n  visibility: hidden;\n}\n\n.selected .toolbar {\n    visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n    font-style: italic;\n}\n\n.title {\n    font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n  font-size: 1.1em;\n}\n\n.tiddler .button {\n    padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n  font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n  width: 99%;\n   padding: 0 0 1em 0;\n}\n\n.viewer {\n   line-height: 1.4em;\n   padding-top: 0.5em;\n}\n\n.viewer .button {\n   margin: 0em 0.25em;\n   padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n   line-height: 1.5em;\n   padding-left: 0.8em;\n  margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n   padding-left: 1.5em;\n}\n\n.viewer table {\n    border-collapse: collapse;\n    margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n    padding: 3px;\n}\n\n.viewer table.listView {\n  font-size: 0.85em;\n    margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n  padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n   margin-left: 0.5em;\n   font-size: 1.2em;\n line-height: 1.4em;\n   overflow: auto;\n}\n\n.viewer code {\n  font-size: 1.2em;\n line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n    display: block;\n   width: 100%;\n  font: inherit;\n}\n\n.editorFooter {\n  padding: 0.25em 0em;\n  font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n  outline: 0;\n}\n\n.zoomer {\n   font-size: 1.1em;\n position: absolute;\n   padding: 1em;\n}\n\n.cascade {\n    font-size: 1.1em;\n position: absolute;\n   overflow: hidden;\n}\n/*}}}*/",
-    StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
-    PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
-    ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
-    EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
-    MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
-    MarkupPostHead: "",
-    MarkupPreBody: "",
-    MarkupPostBody: ""
-    };
-
-// ---------------------------------------------------------------------------------
-// Translateable strings
-// ---------------------------------------------------------------------------------
-
-// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
-
-merge(config.options,{
-    txtUserName: "YourName"});
-
-merge(config.messages,{
-    customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
-    pluginError: "Error: %0",
-    pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
-    pluginForced: "Executed because forced via 'systemConfigForce' tag",
-    pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
-    nothingSelected: "Nothing is selected. You must select one or more items first",
-    savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
-    subtitleUnknown: "(unknown)",
-    undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
-    shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
-    tiddlerLinkTooltip: "%0 - %1, %2",
-    externalLinkTooltip: "External link to %0",
-    noTags: "There are no tagged tiddlers",
-    notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
-    cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
-    invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
-    backupSaved: "Backup saved",
-    backupFailed: "Failed to save backup file",
-    rssSaved: "RSS feed saved",
-    rssFailed: "Failed to save RSS feed file",
-    emptySaved: "Empty template saved",
-    emptyFailed: "Failed to save empty template file",
-    mainSaved: "Main TiddlyWiki file saved",
-    mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
-    macroError: "Error in macro <<%0>>",
-    macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
-    missingMacro: "No such macro",
-    overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
-    unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
-    confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
-    saveInstructions: "SaveChanges",
-    unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
-    tiddlerSaveError: "Error when saving tiddler '%0'",
-    tiddlerLoadError: "Error when loading tiddler '%0'",
-    wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
-    invalidFieldName: "Invalid field name %0",
-    fieldCannotBeChanged: "Field '%0' cannot be changed"});
-
-merge(config.messages.messageClose,{
-    text: "close",
-    tooltip: "close this message area"});
-
-config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
-config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
-config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
-config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
-
-merge(config.views.wikified.tag,{
-    labelNoTags: "no tags",
-    labelTags: "tags: ",
-    openTag: "Open tag '%0'",
-    tooltip: "Show tiddlers tagged with '%0'",
-    openAllText: "Open all",
-    openAllTooltip: "Open all of these tiddlers",
-    popupNone: "No other tiddlers tagged with '%0'"});
-
-merge(config.views.wikified,{
-    defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
-    defaultModifier: "(missing)",
-    shadowModifier: "(built-in shadow tiddler)",
-    createdPrompt: "created"});
-
-merge(config.views.editor,{
-    tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
-    defaultText: "Type the text for '%0'"});
-
-merge(config.views.editor.tagChooser,{
-    text: "tags",
-    tooltip: "Choose existing tags to add to this tiddler",
-    popupNone: "There are no tags defined",
-    tagTooltip: "Add the tag '%0'"});
-
-merge(config.macros.search,{
-    label: "search",
-    prompt: "Search this TiddlyWiki",
-    accessKey: "F",
-    successMsg: "%0 tiddlers found matching %1",
-    failureMsg: "No tiddlers found matching %0"});
-
-merge(config.macros.tagging,{
-    label: "tagging: ",
-    labelNotTag: "not tagging",
-    tooltip: "List of tiddlers tagged with '%0'"});
-
-merge(config.macros.timeline,{
-    dateFormat: "DD MMM YYYY"});
-
-merge(config.macros.allTags,{
-    tooltip: "Show tiddlers tagged with '%0'",
-    noTags: "There are no tagged tiddlers"});
-
-config.macros.list.all.prompt = "All tiddlers in alphabetical order";
-config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
-config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
-config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
-
-merge(config.macros.closeAll,{
-    label: "close all",
-    prompt: "Close all displayed tiddlers (except any that are being edited)"});
-
-merge(config.macros.permaview,{
-    label: "permaview",
-    prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
-
-merge(config.macros.saveChanges,{
-    label: "save changes",
-    prompt: "Save all tiddlers to create a new TiddlyWiki",
-    accessKey: "S"});
-
-merge(config.macros.newTiddler,{
-    label: "new tiddler",
-    prompt: "Create a new tiddler",
-    title: "New Tiddler",
-    accessKey: "N"});
-
-merge(config.macros.newJournal,{
-    label: "new journal",
-    prompt: "Create a new tiddler from the current date and time",
-    accessKey: "J"});
-
-merge(config.macros.plugins,{
-    skippedText: "(This plugin has not been executed because it was added since startup)",
-    noPluginText: "There are no plugins installed",
-    confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
-    listViewTemplate : {
-        columns: [
-            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-            {name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
-            {name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
-            {name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
-            {name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
-            {name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
-            {name: 'Log', field: 'log', title: "Log", type: 'StringList'}
-            ],
-        rowClasses: [
-            {className: 'error', field: 'error'},
-            {className: 'warning', field: 'warning'}
-            ],
-        actions: [
-            {caption: "More actions...", name: ''},
-            {caption: "Remove systemConfig tag", name: 'remove'},
-            {caption: "Delete these tiddlers forever", name: 'delete'}
-            ]}
-    });
-
-merge(config.macros.refreshDisplay,{
-    label: "refresh",
-    prompt: "Redraw the entire TiddlyWiki display"
-    });
-
-merge(config.macros.importTiddlers,{
-    readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
-    defaultPath: "http://www.tiddlywiki.com/index.html",
-    fetchLabel: "fetch",
-    fetchPrompt: "Fetch the tiddlywiki file",
-    fetchError: "There were problems fetching the tiddlywiki file",
-    confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
-    wizardTitle: "Import tiddlers from another TiddlyWiki file",
-    step1: "Step 1: Locate the TiddlyWiki file",
-    step1prompt: "Enter the URL or pathname here: ",
-    step1promptFile: "...or browse for a file: ",
-    step1promptFeeds: "...or select a pre-defined feed: ",
-    step1feedPrompt: "Choose...",
-    step2: "Step 2: Loading TiddlyWiki file",
-    step2Text: "Please wait while the file is loaded from: %0",
-    step3: "Step 3: Choose the tiddlers to import",
-    step4: "%0 tiddler(s) imported",
-    step5: "Done",
-    listViewTemplate: {
-        columns: [
-            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
-            {name: 'Title', field: 'title', title: "Title", type: 'String'},
-            {name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
-            {name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
-            ],
-        rowClasses: [
-            ],
-        actions: [
-            {caption: "More actions...", name: ''},
-            {caption: "Import these tiddlers", name: 'import'}
-            ]}
-    });
-
-merge(config.commands.closeTiddler,{
-    text: "close",
-    tooltip: "Close this tiddler"});
-
-merge(config.commands.closeOthers,{
-    text: "close others",
-    tooltip: "Close all other tiddlers"});
-
-merge(config.commands.editTiddler,{
-    text: "edit",
-    tooltip: "Edit this tiddler",
-    readOnlyText: "view",
-    readOnlyTooltip: "View the source of this tiddler"});
-
-merge(config.commands.saveTiddler,{
-    text: "done",
-    tooltip: "Save changes to this tiddler"});
-
-merge(config.commands.cancelTiddler,{
-    text: "cancel",
-    tooltip: "Undo changes to this tiddler",
-    warning: "Are you sure you want to abandon your changes to '%0'?",
-    readOnlyText: "done",
-    readOnlyTooltip: "View this tiddler normally"});
-
-merge(config.commands.deleteTiddler,{
-    text: "delete",
-    tooltip: "Delete this tiddler",
-    warning: "Are you sure you want to delete '%0'?"});
-
-merge(config.commands.permalink,{
-    text: "permalink",
-    tooltip: "Permalink for this tiddler"});
-
-merge(config.commands.references,{
-    text: "references",
-    tooltip: "Show tiddlers that link to this one",
-    popupNone: "No references"});
-
-merge(config.commands.jump,{
-    text: "jump",
-    tooltip: "Jump to another open tiddler"});
-
-merge(config.shadowTiddlers,{
-    DefaultTiddlers: "GettingStarted",
-    MainMenu: "GettingStarted",
-    SiteTitle: "My TiddlyWiki",
-    SiteSubtitle: "a reusable non-linear personal web notebook",
-    SiteUrl: "http://www.tiddlywiki.com/",
-    GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
-    SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
-    OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
-    AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
-    SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
-    TabTimeline: "<<timeline>>",
-    TabAll: "<<list all>>",
-    TabTags: "<<allTags>>",
-    TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
-    TabMoreMissing: "<<list missing>>",
-    TabMoreOrphans: "<<list orphans>>",
-    TabMoreShadowed: "<<list shadowed>>",
-    PluginManager: "<<plugins>>",
-    ImportTiddlers: "<<importTiddlers>>"});
-
-// ---------------------------------------------------------------------------------
-// Main
-// ---------------------------------------------------------------------------------
-
-var params = null; // Command line parameters
-var store = null; // TiddlyWiki storage
-var story = null; // Main story
-var formatter = null; // Default formatters for the wikifier
-config.parsers = {}; // Hashmap of alternative parsers for the wikifier
-var anim = new Animator(); // Animation engine
-var readOnly = false; // Whether we're in readonly mode
-var highlightHack = null; // Embarrassing hack department...
-var hadConfirmExit = false; // Don't warn more than once
-var safeMode = false; // Disable all plugins and cookies
-var installedPlugins = []; // Information filled in when plugins are executed
-var startingUp = false; // Whether we're in the process of starting up
-var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
-
-// Whether to use the JavaSaver applet
-var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
-
-// Starting up
-function main()
-{
-    var now, then = new Date();
-    startingUp = true;
-    window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
-    params = getParameters();
-    if(params)
-        params = params.parseParams("open",null,false);
-    store = new TiddlyWiki();
-    invokeParamifier(params,"oninit");
-    story = new Story("tiddlerDisplay","tiddler");
-    addEvent(document,"click",Popup.onDocumentClick);
-    saveTest();
-    loadOptionsCookie();
-    for(var s=0; s<config.notifyTiddlers.length; s++)
-        store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
-    store.loadFromDiv("storeArea","store",true);
-    invokeParamifier(params,"onload");
-    var pluginProblem = loadPlugins();
-    formatter = new Formatter(config.formatters);
-    readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
-    invokeParamifier(params,"onconfig");
-    store.notifyAll();
-    restart();
-    if(pluginProblem)
-        {
-        story.displayTiddler(null,"PluginManager");
-        displayMessage(config.messages.customConfigError);
-        }
-    now = new Date();
-    if(config.displayStartupTime)
-        displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
-    startingUp = false;
-}
-
-// Restarting
-function restart()
-{
-    invokeParamifier(params,"onstart");
-    if(story.isEmpty())
-        {
-        var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
-        invokeParamifier(defaultParams,"onstart");
-        }
-    window.scrollTo(0,0);
-}
-
-function saveTest()
-{
-    var saveTest = document.getElementById("saveTest");
-    if(saveTest.hasChildNodes())
-        alert(config.messages.savedSnapshotError);
-    saveTest.appendChild(document.createTextNode("savetest"));
-}
-
-function loadPlugins()
-{
-    if(safeMode)
-        return false;
-    var configTiddlers = store.getTaggedTiddlers("systemConfig");
-    installedPlugins = [];
-    var hadProblem = false;
-    for(var t=0; t<configTiddlers.length; t++)
-        {
-        tiddler = configTiddlers[t];
-        pluginInfo = getPluginInfo(tiddler);
-        if(isPluginExecutable(pluginInfo))
-            {
-            pluginInfo.executed = true;
-            pluginInfo.error = false;
-            try
-                {
-                if(tiddler.text && tiddler.text != "")
-                    window.eval(tiddler.text);
-                }
-            catch(e)
-                {
-                pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
-                pluginInfo.error = true;
-                hadProblem = true;
-                }
-            }
-        else
-            pluginInfo.warning = true;
-        installedPlugins.push(pluginInfo);
-        }
-    return hadProblem;
-}
-
-function getPluginInfo(tiddler)
-{
-    var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
-    p.tiddler = tiddler;
-    p.title = tiddler.title;
-    p.log = [];
-    return p;
-}
-
-// Check that a particular plugin is valid for execution
-function isPluginExecutable(plugin)
-{
-    if(plugin.tiddler.isTagged("systemConfigDisable"))
-        return verifyTail(plugin,false,config.messages.pluginDisabled);
-    if(plugin.tiddler.isTagged("systemConfigForce"))
-        return verifyTail(plugin,true,config.messages.pluginForced);
-    if(plugin["CoreVersion"])
-        {
-        var coreVersion = plugin["CoreVersion"].split(".");
-        var w = parseInt(coreVersion[0]) - version.major;
-        if(w == 0 && coreVersion[1])
-            w = parseInt(coreVersion[1]) - version.minor;
-        if(w == 0 && coreVersion[2])
-            w = parseInt(coreVersion[2]) - version.revision;
-        if(w > 0)
-            return verifyTail(plugin,false,config.messages.pluginVersionError);
-        }
-    return true;
-}
-
-function verifyTail(plugin,result,message)
-{
-    plugin.log.push(message);
-    return result;
-}
-
-function invokeMacro(place,macro,params,wikifier,tiddler)
-{
-    try
-        {
-        var m = config.macros[macro];
-        if(m && m.handler)
-            m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
-        else
-            createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
-        }
-    catch(ex)
-        {
-        createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
-        }
-}
-
-// ---------------------------------------------------------------------------------
-// Paramifiers
-// ---------------------------------------------------------------------------------
-
-function getParameters()
-{
-    var p = null;
-    if(window.location.hash)
-        {
-        p = decodeURI(window.location.hash.substr(1));
-        if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
-            p = convertUTF8ToUnicode(p);
-        }
-    return p;
-}
-
-function invokeParamifier(params,handler)
-{
-    if(!params || params.length == undefined || params.length <= 1)
-        return;
-    for(var t=1; t<params.length; t++)
-        {
-        var p = config.paramifiers[params[t].name];
-        if(p && p[handler] instanceof Function)
-            p[handler](params[t].value);
-        }
-}
-
-config.paramifiers = {};
-
-config.paramifiers.start = {
-    oninit: function(v) {
-        safeMode = v.toLowerCase() == "safe";
-        }
-};
-
-config.paramifiers.open = {
-    onstart: function(v) {
-        story.displayTiddler("bottom",v,null,false,false);
-        }
-};
-
-config.paramifiers.story = {
-    onstart: function(v) {
-        var list = store.getTiddlerText(v,"").parseParams("open",null,false);
-        invokeParamifier(list,"onstart");
-        }
-};
-
-config.paramifiers.search = {
-    onstart: function(v) {
-        story.search(v,false,false);
-        }
-};
-
-config.paramifiers.searchRegExp = {
-    onstart: function(v) {
-        story.prototype.search(v,false,true);
-        }
-};
-
-config.paramifiers.tag = {
-    onstart: function(v) {
-        var tagged = store.getTaggedTiddlers(v,"title");
-        for(var t=0; t<tagged.length; t++)
-            story.displayTiddler("bottom",tagged[t].title,null,false,false);
-        }
-};
-
-config.paramifiers.newTiddler = {
-    onstart: function(v) {
-        if(!readOnly)
-            {
-            story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
-            story.focusTiddler(v,"text");
-            }
-        }
-};
-
-config.paramifiers.newJournal = {
-    onstart: function(v) {
-        if(!readOnly)
-            {
-            var now = new Date();
-            var title = now.formatString(v.trim());
-            story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-            story.focusTiddler(title,"text");
-            }
-        }
-};
-
-// ---------------------------------------------------------------------------------
-// Formatter helpers
-// ---------------------------------------------------------------------------------
-
-function Formatter(formatters)
-{
-    this.formatters = [];
-    var pattern = [];
-    for(var n=0; n<formatters.length; n++)
-        {
-        pattern.push("(" + formatters[n].match + ")");
-        this.formatters.push(formatters[n]);
-        }
-    this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
-}
-
-config.formatterHelpers = {
-
-    createElementAndWikify: function(w)
-    {
-        w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
-    },
-
-    inlineCssHelper: function(w)
-    {
-        var styles = [];
-        config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-        var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-            {
-            var s,v;
-            if(lookaheadMatch[1])
-                {
-                s = lookaheadMatch[1].unDash();
-                v = lookaheadMatch[2];
-                }
-            else
-                {
-                s = lookaheadMatch[3].unDash();
-                v = lookaheadMatch[4];
-                }
-            if (s=="bgcolor")
-                s = "backgroundColor";
-            styles.push({style: s, value: v});
-            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-            config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
-            lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
-            }
-        return styles;
-    },
-
-    applyCssHelper: function(e,styles)
-    {
-        for(var t=0; t< styles.length; t++)
-            {
-            try
-                {
-                e.style[styles[t].style] = styles[t].value;
-                }
-            catch (ex)
-                {
-                }
-            }
-    },
-
-    enclosedTextHelper: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            {
-            var text = lookaheadMatch[1];
-            if(config.browser.isIE)
-                text = text.replace(/\n/g,"\r");
-            createTiddlyElement(w.output,this.element,null,null,text);
-            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
-            }
-    },
-
-    isExternalLink: function(link)
-    {
-        if(store.tiddlerExists(link) || store.isShadowTiddler(link))
-            {
-            //# Definitely not an external link
-            return false;
-            }
-        var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
-        if(urlRegExp.exec(link))
-            {
-            // Definitely an external link
-            return true;
-            }
-        if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
-            {
-            //# Link contains . / or \ so is probably an external link
-            return true;
-            }
-        //# Otherwise assume it is not an external link
-        return false;
-    }
-
-};
-
-// ---------------------------------------------------------------------------------
-// Standard formatters
-// ---------------------------------------------------------------------------------
-
-config.formatters = [
-{
-    name: "table",
-    match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
-    lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
-    rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
-    cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
-    cellTermRegExp: /((?:\x20*)\|)/mg,
-    rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
-
-    handler: function(w)
-    {
-        var table = createTiddlyElement(w.output,"table");
-        var prevColumns = [];
-        var currRowType = null;
-        var rowContainer;
-        var rowCount = 0;
-        w.nextMatch = w.matchStart;
-        this.lookaheadRegExp.lastIndex = w.nextMatch;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-            {
-            var nextRowType = lookaheadMatch[2];
-            if(nextRowType == "k")
-                {
-                table.className = lookaheadMatch[1];
-                w.nextMatch += lookaheadMatch[0].length+1;
-                }
-            else
-                {
-                if(nextRowType != currRowType)
-                    {
-                    rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
-                    currRowType = nextRowType;
-                    }
-                if(currRowType == "c")
-                    {
-                    // Caption
-                    w.nextMatch++;
-                    if(rowContainer != table.firstChild)
-                        table.insertBefore(rowContainer,table.firstChild);
-                    rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
-                    w.subWikifyTerm(rowContainer,this.rowTermRegExp);
-                    }
-                else
-                    {
-                    this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
-                    rowCount++;
-                    }
-                }
-            this.lookaheadRegExp.lastIndex = w.nextMatch;
-            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-            }
-    },
-    rowHandler: function(w,e,prevColumns)
-    {
-        var col = 0;
-        var colSpanCount = 1;
-        var prevCell = null;
-        this.cellRegExp.lastIndex = w.nextMatch;
-        var cellMatch = this.cellRegExp.exec(w.source);
-        while(cellMatch && cellMatch.index == w.nextMatch)
-            {
-            if(cellMatch[1] == "~")
-                {
-                // Rowspan
-                var last = prevColumns[col];
-                if(last)
-                    {
-                    last.rowSpanCount++;
-                    last.element.setAttribute("rowspan",last.rowSpanCount);
-                    last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
-                    last.element.valign = "center";
-                    }
-                w.nextMatch = this.cellRegExp.lastIndex-1;
-                }
-            else if(cellMatch[1] == ">")
-                {
-                // Colspan
-                colSpanCount++;
-                w.nextMatch = this.cellRegExp.lastIndex-1;
-                }
-            else if(cellMatch[2])
-                {
-                // End of row
-                if(prevCell && colSpanCount > 1)
-                    {
-                    prevCell.setAttribute("colspan",colSpanCount);
-                    prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
-                    }
-                w.nextMatch = this.cellRegExp.lastIndex;
-                break;
-                }
-            else
-                {
-                // Cell
-                w.nextMatch++;
-                var styles = config.formatterHelpers.inlineCssHelper(w);
-                var spaceLeft = false;
-                var chr = w.source.substr(w.nextMatch,1);
-                while(chr == " ")
-                    {
-                    spaceLeft = true;
-                    w.nextMatch++;
-                    chr = w.source.substr(w.nextMatch,1);
-                    }
-                var cell;
-                if(chr == "!")
-                    {
-                    cell = createTiddlyElement(e,"th");
-                    w.nextMatch++;
-                    }
-                else
-                    cell = createTiddlyElement(e,"td");
-                prevCell = cell;
-                prevColumns[col] = {rowSpanCount:1, element:cell};
-                if(colSpanCount > 1)
-                    {
-                    cell.setAttribute("colspan",colSpanCount);
-                    cell.setAttribute("colSpan",colSpanCount); // Needed for IE
-                    colSpanCount = 1;
-                    }
-                config.formatterHelpers.applyCssHelper(cell,styles);
-                w.subWikifyTerm(cell,this.cellTermRegExp);
-                if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
-                    cell.align = spaceLeft ? "center" : "left";
-                else if(spaceLeft)
-                    cell.align = "right";
-                w.nextMatch--;
-                }
-            col++;
-            this.cellRegExp.lastIndex = w.nextMatch;
-            cellMatch = this.cellRegExp.exec(w.source);
-            }
-    }
-},
-
-{
-    name: "heading",
-    match: "^!{1,5}",
-    termRegExp: /(\n)/mg,
-    handler: function(w)
-    {
-        w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
-    }
-},
-
-{
-    name: "list",
-    match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
-    lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
-    termRegExp: /(\n)/mg,
-    handler: function(w)
-    {
-        var placeStack = [w.output];
-        var currLevel = 0, currType = null;
-        var listLevel, listType, itemType;
-        w.nextMatch = w.matchStart;
-        this.lookaheadRegExp.lastIndex = w.nextMatch;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
-            {
-            if(lookaheadMatch[1])
-                {
-                listType = "ul";
-                itemType = "li";
-                }
-            else if(lookaheadMatch[2])
-                {
-                listType = "ol";
-                itemType = "li";
-                }
-            else if(lookaheadMatch[3])
-                {
-                listType = "dl";
-                itemType = "dt";
-                }
-            else if(lookaheadMatch[4])
-                {
-                listType = "dl";
-                itemType = "dd";
-                }
-            listLevel = lookaheadMatch[0].length;
-            w.nextMatch += lookaheadMatch[0].length;
-            if(listLevel > currLevel)
-                {
-                for(var t=currLevel; t<listLevel; t++)
-                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-                }
-            else if(listLevel < currLevel)
-                {
-                for(var t=currLevel; t>listLevel; t--)
-                    placeStack.pop();
-                }
-            else if(listLevel == currLevel && listType != currType)
-                {
-                placeStack.pop();
-                placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
-                }
-            currLevel = listLevel;
-            currType = listType;
-            var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
-            w.subWikifyTerm(e,this.termRegExp);
-            this.lookaheadRegExp.lastIndex = w.nextMatch;
-            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        }
-    }
-},
-
-{
-    name: "quoteByBlock",
-    match: "^<<<\\n",
-    termRegExp: /(^<<<(\n|$))/mg,
-    element: "blockquote",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "quoteByLine",
-    match: "^>+",
-    lookaheadRegExp: /^>+/mg,
-    termRegExp: /(\n)/mg,
-    element: "blockquote",
-    handler: function(w)
-    {
-        var placeStack = [w.output];
-        var currLevel = 0;
-        var newLevel = w.matchLength;
-        var t;
-        do {
-            if(newLevel > currLevel)
-                {
-                for(t=currLevel; t<newLevel; t++)
-                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
-                }
-            else if(newLevel < currLevel)
-                {
-                for(t=currLevel; t>newLevel; t--)
-                    placeStack.pop();
-                }
-            currLevel = newLevel;
-            w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
-            createTiddlyElement(placeStack[placeStack.length-1],"br");
-            this.lookaheadRegExp.lastIndex = w.nextMatch;
-            var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-            var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
-            if(matched)
-                {
-                newLevel = lookaheadMatch[0].length;
-                w.nextMatch += lookaheadMatch[0].length;
-                }
-        } while(matched);
-    }
-},
-
-{
-    name: "rule",
-    match: "^----+$\\n?",
-    handler: function(w)
-    {
-        createTiddlyElement(w.output,"hr");
-    }
-},
-
-{
-    name: "monospacedByLine",
-    match: "^\\{\\{\\{\\n",
-    lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
-    element: "pre",
-    handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-    name: "monospacedByLineForCSS",
-    match: "^/\\*[\\{]{3}\\*/\\n",
-    lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
-    element: "pre",
-    handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-    name: "monospacedByLineForPlugin",
-    match: "^//\\{\\{\\{\\n",
-    lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
-    element: "pre",
-    handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-    name: "monospacedByLineForTemplate",
-    match: "^<!--[\\{]{3}-->\\n",
-    lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg,
-    element: "pre",
-    handler: config.formatterHelpers.enclosedTextHelper
-},
-
-{
-    name: "wikifyCommentForPlugin",
-    match: "^/\\*\\*\\*\\n",
-    termRegExp: /(^\*\*\*\/\n)/mg,
-    handler: function(w)
-    {
-        w.subWikifyTerm(w.output,this.termRegExp);
-    }
-},
-
-{
-    name: "wikifyCommentForTemplate",
-    match: "^<!---\\n",
-    termRegExp: /(^--->\n)/mg,
-    handler: function(w)
-    {
-        w.subWikifyTerm(w.output,this.termRegExp);
-    }
-},
-
-{
-    name: "macro",
-    match: "<<",
-    lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
-            {
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
-            }
-    }
-},
-
-{
-    name: "prettyLink",
-    match: "\\[\\[",
-    lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            {
-            var e;
-            var text = lookaheadMatch[1];
-            if(lookaheadMatch[3])
-                {
-                // Pretty bracketted link
-                var link = lookaheadMatch[3];
-                e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
-                        ? createExternalLink(w.output,link)
-                        : createTiddlyLink(w.output,link,false,null,w.isStatic);
-                }
-            else
-                {
-                // Simple bracketted link
-                e = createTiddlyLink(w.output,text,false,null,w.isStatic);
-                }
-            createTiddlyText(e,text);
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            }
-    }
-},
-
-{
-    name: "unWikiLink",
-    match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
-    handler: function(w)
-    {
-        w.outputText(w.output,w.matchStart+1,w.nextMatch);
-    }
-},
-
-{
-    name: "wikiLink",
-    match: config.textPrimitives.wikiLink,
-    handler: function(w)
-    {
-        if(w.matchStart > 0)
-            {
-            var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
-            preRegExp.lastIndex = w.matchStart-1;
-            var preMatch = preRegExp.exec(w.source);
-            if(preMatch.index == w.matchStart-1)
-                {
-                w.outputText(w.output,w.matchStart,w.nextMatch);
-                return;
-                }
-            }
-        if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
-            {
-            var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
-            w.outputText(link,w.matchStart,w.nextMatch);
-            }
-        else
-            {
-            w.outputText(w.output,w.matchStart,w.nextMatch);
-            }
-    }
-},
-
-{
-    name: "urlLink",
-    match: config.textPrimitives.urlPattern,
-    handler: function(w)
-    {
-        w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
-    }
-},
-
-{
-    name: "image",
-    match: "\\[[<>]?[Ii][Mm][Gg]\\[",
-    lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
-            {
-            var e = w.output;
-            if(lookaheadMatch[5])
-                {
-                var link = lookaheadMatch[5];
-                e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
-                addClass(e,"imageLink");
-                }
-            var img = createTiddlyElement(e,"img");
-            if(lookaheadMatch[1])
-                img.align = "left";
-            else if(lookaheadMatch[2])
-                img.align = "right";
-            if(lookaheadMatch[3])
-                img.title = lookaheadMatch[3];
-            img.src = lookaheadMatch[4];
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            }
-    }
-},
-
-{
-    name: "html",
-    match: "<[Hh][Tt][Mm][Ll]>",
-    lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            {
-            createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            }
-    }
-},
-
-{
-    name: "commentByBlock",
-    match: "/%",
-    lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-    }
-},
-
-{
-    name: "boldByChar",
-    match: "''",
-    termRegExp: /('')/mg,
-    element: "strong",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "italicByChar",
-    match: "//",
-    termRegExp: /(\/\/)/mg,
-    element: "em",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "underlineByChar",
-    match: "__",
-    termRegExp: /(__)/mg,
-    element: "u",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "strikeByChar",
-    match: "--(?!\\s|$)",
-    termRegExp: /((?!\s)--|(?=\n\n))/mg,
-    element: "strike",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "superscriptByChar",
-    match: "\\^\\^",
-    termRegExp: /(\^\^)/mg,
-    element: "sup",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "subscriptByChar",
-    match: "~~",
-    termRegExp: /(~~)/mg,
-    element: "sub",
-    handler: config.formatterHelpers.createElementAndWikify
-},
-
-{
-    name: "monospacedByChar",
-    match: "\\{\\{\\{",
-    lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            {
-            createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            }
-    }
-},
-
-{
-    name: "styleByChar",
-    match: "@@",
-    termRegExp: /(@@)/mg,
-    handler:  function(w)
-    {
-        var e = createTiddlyElement(w.output,"span");
-        var styles = config.formatterHelpers.inlineCssHelper(w);
-        if(styles.length == 0)
-            e.className = "marked";
-        else
-            config.formatterHelpers.applyCssHelper(e,styles);
-        w.subWikifyTerm(e,this.termRegExp);
-    }
-},
-
-{
-    name: "lineBreak",
-    match: "\\n|<br ?/?>",
-    handler: function(w)
-    {
-        createTiddlyElement(w.output,"br");
-    }
-},
-
-{
-    name: "rawText",
-    match: "\\\"{3}|<nowiki>",
-    lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
-        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-            {
-            createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            }
-    }
-},
-
-{
-    name: "mdash",
-    match: "--",
-    handler: function(w)
-        {
-        createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
-        }
-},
-
-{
-    name: "htmlEntitiesEncoding",
-    match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
-    handler: function(w)
-        {
-        createTiddlyElement(w.output,"span").innerHTML = w.matchText;
-        }
-},
-
-{
-    name: "customClasses",
-    match: "\\{\\{",
-    termRegExp: /(\}\}\})/mg,
-    lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
-    handler: function(w)
-    {
-        this.lookaheadRegExp.lastIndex = w.matchStart;
-        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
-        if(lookaheadMatch)
-            {
-            var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
-            w.nextMatch = this.lookaheadRegExp.lastIndex;
-            w.subWikifyTerm(e,this.termRegExp);
-            }
-    }
-}
-
-];
-
-// ---------------------------------------------------------------------------------
-// Wikifier
-// ---------------------------------------------------------------------------------
-
-function getParser(tiddler)
-{
-    var f = formatter;
-    if(tiddler!=null)
-        {
-        for(var i in config.parsers)
-            {
-            if(tiddler.isTagged(config.parsers[i].formatTag))
-                {
-                f = config.parsers[i];
-                break;
-                }
-            }
-        }
-    return f;
-}
-
-function wikify(source,output,highlightRegExp,tiddler)
-{
-    if(source && source != "")
-        {
-        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-        wikifier.subWikifyUnterm(output);
-        }
-}
-
-function wikifyStatic(source,highlightRegExp,tiddler)
-{
-    var e = createTiddlyElement(document.body,"div");
-    e.style.display = "none";
-    var html = "";
-    if(source && source != "")
-        {
-        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
-        wikifier.isStatic = true;
-        wikifier.subWikifyUnterm(e);
-        html = e.innerHTML;
-        e.parentNode.removeChild(e);
-        }
-    return html;
-}
-
-// Wikify a named tiddler to plain text
-function wikifyPlain(title)
-{
-    if(store.tiddlerExists(title) || store.isShadowTiddler(title))
-        {
-        var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
-        return wikifier.wikifyPlain();
-        }
-    else
-        return "";
-}
-
-// Highlight plain text into an element
-function highlightify(source,output,highlightRegExp)
-{
-    if(source && source != "")
-        {
-        var wikifier = new Wikifier(source,formatter,highlightRegExp);
-        wikifier.outputText(output,0,source.length);
-        }
-}
-
-// Construct a wikifier object
-// source - source string that's going to be wikified
-// formatter - Formatter() object containing the list of formatters to be used
-// highlightRegExp - regular expression of the text string to highlight
-// tiddler - reference to the tiddler that's taken to be the container for this wikification
-function Wikifier(source,formatter,highlightRegExp,tiddler)
-{
-    this.source = source;
-    this.output = null;
-    this.formatter = formatter;
-    this.nextMatch = 0;
-    this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
-    this.highlightRegExp = highlightRegExp;
-    this.highlightMatch = null;
-    this.isStatic = false;
-    if(highlightRegExp)
-        {
-        highlightRegExp.lastIndex = 0;
-        this.highlightMatch = highlightRegExp.exec(source);
-        }
-    this.tiddler = tiddler;
-}
-
-Wikifier.prototype.wikifyPlain = function()
-{
-    var e = createTiddlyElement(document.body,"div");
-    e.style.display = "none";
-    this.subWikify(e);
-    var text = getPlainText(e);
-    e.parentNode.removeChild(e);
-    return text;
-}
-
-Wikifier.prototype.subWikify = function(output,terminator)
-{
-    // Handle the terminated and unterminated cases separately
-    if (terminator)
-        this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
-    else
-        this.subWikifyUnterm(output);
-}
-
-Wikifier.prototype.subWikifyUnterm = function(output)
-{
-    // subWikify() can be indirectly recursive, so we need to save the old output pointer
-    var oldOutput = this.output;
-    this.output = output;
-    // Get the first match
-    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-    var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-    while(formatterMatch)
-        {
-        // Output any text before the match
-        if(formatterMatch.index > this.nextMatch)
-            this.outputText(this.output,this.nextMatch,formatterMatch.index);
-        // Set the match parameters for the handler
-        this.matchStart = formatterMatch.index;
-        this.matchLength = formatterMatch[0].length;
-        this.matchText = formatterMatch[0];
-        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-        // Figure out which formatter matched and call its handler
-        for(var t=1; t<formatterMatch.length; t++)
-            {
-            if(formatterMatch[t])
-                {
-                this.formatter.formatters[t-1].handler(this);
-                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-                break;
-                }
-            }
-        // Get the next match
-        formatterMatch = this.formatter.formatterRegExp.exec(this.source);
-        }
-    // Output any text after the last match
-    if(this.nextMatch < this.source.length)
-        {
-        this.outputText(this.output,this.nextMatch,this.source.length);
-        this.nextMatch = this.source.length;
-        }
-    // Restore the output pointer
-    this.output = oldOutput;
-}
-
-Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
-{
-    // subWikify() can be indirectly recursive, so we need to save the old output pointer
-    var oldOutput = this.output;
-    this.output = output;
-    // Get the first matches for the formatter and terminator RegExps
-    terminatorRegExp.lastIndex = this.nextMatch;
-    var terminatorMatch = terminatorRegExp.exec(this.source);
-    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-    var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-    while(terminatorMatch || formatterMatch)
-        {
-        // Check for a terminator match  before the next formatter match
-        if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
-            {
-            // Output any text before the match
-            if(terminatorMatch.index > this.nextMatch)
-                this.outputText(this.output,this.nextMatch,terminatorMatch.index);
-            // Set the match parameters
-            this.matchText = terminatorMatch[1];
-            this.matchLength = terminatorMatch[1].length;
-            this.matchStart = terminatorMatch.index;
-            this.nextMatch = this.matchStart + this.matchLength;
-            // Restore the output pointer
-            this.output = oldOutput;
-            return;
-            }
-        // It must be a formatter match; output any text before the match
-        if(formatterMatch.index > this.nextMatch)
-            this.outputText(this.output,this.nextMatch,formatterMatch.index);
-        // Set the match parameters
-        this.matchStart = formatterMatch.index;
-        this.matchLength = formatterMatch[0].length;
-        this.matchText = formatterMatch[0];
-        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
-        // Figure out which formatter matched and call its handler
-        for(var t=1; t<formatterMatch.length; t++)
-            {
-            if(formatterMatch[t])
-                {
-                this.formatter.formatters[t-1].handler(this);
-                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
-                break;
-                }
-            }
-        // Get the next match
-        terminatorRegExp.lastIndex = this.nextMatch;
-        terminatorMatch = terminatorRegExp.exec(this.source);
-        formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
-        }
-    // Output any text after the last match
-    if(this.nextMatch < this.source.length)
-        {
-        this.outputText(this.output,this.nextMatch,this.source.length);
-        this.nextMatch = this.source.length;
-        }
-    // Restore the output pointer
-    this.output = oldOutput;
-}
-
-Wikifier.prototype.outputText = function(place,startPos,endPos)
-{
-    // Check for highlights
-    while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
-        {
-        // Deal with any plain text before the highlight
-        if(this.highlightMatch.index > startPos)
-            {
-            createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
-            startPos = this.highlightMatch.index;
-            }
-        // Deal with the highlight
-        var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
-        var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
-        startPos = highlightEnd;
-        // Nudge along to the next highlight if we're done with this one
-        if(startPos >= this.highlightRegExp.lastIndex)
-            this.highlightMatch = this.highlightRegExp.exec(this.source);
-        }
-    // Do the unhighlighted text left over
-    if(startPos < endPos)
-        {
-        createTiddlyText(place,this.source.substring(startPos,endPos));
-        }
-}
-
-// ---------------------------------------------------------------------------------
-// Macro definitions
-// ---------------------------------------------------------------------------------
-
-config.macros.today.handler = function(place,macroName,params)
-{
-    var now = new Date();
-    var text;
-    if(params[0])
-        text = now.formatString(params[0].trim());
-    else
-        text = now.toLocaleString();
-    createTiddlyElement(place,"span",null,null,text);
-}
-
-config.macros.version.handler = function(place)
-{
-    createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
-}
-
-config.macros.list.handler = function(place,macroName,params)
-{
-    var type = params[0] ? params[0] : "all";
-    var theList = document.createElement("ul");
-    place.appendChild(theList);
-    if(this[type].prompt)
-        createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
-    var results;
-    if(this[type].handler)
-        results = this[type].handler(params);
-    for(var t = 0; t < results.length; t++)
-        {
-        var theListItem = document.createElement("li")
-        theList.appendChild(theListItem);
-        if(typeof results[t] == "string")
-            createTiddlyLink(theListItem,results[t],true);
-        else
-            createTiddlyLink(theListItem,results[t].title,true);
-        }
-}
-
-config.macros.list.all.handler = function(params)
-{
-    return store.reverseLookup("tags","excludeLists",false,"title");
-}
-
-config.macros.list.missing.handler = function(params)
-{
-    return store.getMissingLinks();
-}
-
-config.macros.list.orphans.handler = function(params)
-{
-    return store.getOrphans();
-}
-
-config.macros.list.shadowed.handler = function(params)
-{
-    return store.getShadowed();
-}
-
-config.macros.allTags.handler = function(place,macroName,params)
-{
-    var tags = store.getTags();
-    var theDateList = createTiddlyElement(place,"ul");
-    if(tags.length == 0)
-        createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
-    for(var t=0; t<tags.length; t++)
-        {
-        var theListItem =createTiddlyElement(theDateList,"li");
-        var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
-        theTag.setAttribute("tag",tags[t][0]);
-        }
-}
-
-config.macros.timeline.handler = function(place,macroName,params)
-{
-    var field = params[0] ? params[0] : "modified";
-    var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
-    var lastDay = "";
-    var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
-    for(var t=tiddlers.length-1; t>=last; t--)
-        {
-        var tiddler = tiddlers[t];
-        var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
-        if(theDay != lastDay)
-            {
-            var theDateList = document.createElement("ul");
-            place.appendChild(theDateList);
-            createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
-            lastDay = theDay;
-            }
-        var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
-        theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
-        }
-}
-
-config.macros.search.handler = function(place,macroName,params)
-{
-    var searchTimeout = null;
-    var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
-    var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
-    if(params[0])
-        txt.value = params[0];
-    txt.onkeyup = this.onKeyPress;
-    txt.onfocus = this.onFocus;
-    txt.setAttribute("size",this.sizeTextbox);
-    txt.setAttribute("accessKey",this.accessKey);
-    txt.setAttribute("autocomplete","off");
-    txt.setAttribute("lastSearchText","");
-    if(config.browser.isSafari)
-        {
-        txt.setAttribute("type","search");
-        txt.setAttribute("results","5");
-        }
-    else
-        txt.setAttribute("type","text");
-}
-
-// Global because there's only ever one outstanding incremental search timer
-config.macros.search.timeout = null;
-
-config.macros.search.doSearch = function(txt)
-{
-    if(txt.value.length > 0)
-        {
-        story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
-        txt.setAttribute("lastSearchText",txt.value);
-        }
-}
-
-config.macros.search.onClick = function(e)
-{
-    config.macros.search.doSearch(this.nextSibling);
-    return false;
-}
-
-config.macros.search.onKeyPress = function(e)
-{
-    if(!e) var e = window.event;
-    switch(e.keyCode)
-        {
-        case 13: // Ctrl-Enter
-        case 10: // Ctrl-Enter on IE PC
-            config.macros.search.doSearch(this);
-            break;
-        case 27: // Escape
-            this.value = "";
-            clearMessage();
-            break;
-        }
-    if(this.value.length > 2)
-        {
-        if(this.value != this.getAttribute("lastSearchText"))
-            {
-            if(config.macros.search.timeout)
-                clearTimeout(config.macros.search.timeout);
-            var txt = this;
-            config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
-            }
-        }
-    else
-        {
-        if(config.macros.search.timeout)
-            clearTimeout(config.macros.search.timeout);
-        }
-}
-
-config.macros.search.onFocus = function(e)
-{
-    this.select();
-}
-
-config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    params = paramString.parseParams("name",null,true,false,true);
-    var names = params[0]["name"];
-    var tiddlerName = names[0];
-    var className = names[1] ? names[1] : null;
-    var args = params[0]["with"];
-    var wrapper = createTiddlyElement(place,"span",null,className);
-    if(!args)
-        {
-        wrapper.setAttribute("refresh","content");
-        wrapper.setAttribute("tiddler",tiddlerName);
-        }
-    var text = store.getTiddlerText(tiddlerName);
-    if(text)
-        {
-        var stack = config.macros.tiddler.tiddlerStack;
-        if(stack.indexOf(tiddlerName) !== -1)
-            return;
-        stack.push(tiddlerName);
-        try
-            {
-            var n = args ? Math.min(args.length,9) : 0;
-            for(var i=0; i<n; i++)
-                {
-                var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
-                text = text.replace(placeholderRE,args[i]);
-                }
-            config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
-            }
-        finally
-            {
-            stack.pop();
-            }
-        }
-}
-
-config.macros.tiddler.renderText = function(place,text,tiddlerName,params)
-{
-    wikify(text,place,null,store.getTiddler(tiddlerName));
-}
-
-config.macros.tiddler.tiddlerStack = [];
-
-config.macros.tag.handler = function(place,macroName,params)
-{
-    createTagButton(place,params[0]);
-}
-
-config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    params = paramString.parseParams("anon",null,true,false,false);
-    var theList = createTiddlyElement(place,"ul");
-    var title = getParam(params,"anon","");
-    if(title && store.tiddlerExists(title))
-        tiddler = store.getTiddler(title);
-    var sep = getParam(params,"sep"," ");
-    var lingo = config.views.wikified.tag;
-    var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
-    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
-    for(var t=0; t<tiddler.tags.length; t++)
-        {
-        createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
-        if(t<tiddler.tags.length-1)
-            createTiddlyText(theList,sep);
-        }
-}
-
-config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    params = paramString.parseParams("anon",null,true,false,false);
-    var theList = createTiddlyElement(place,"ul");
-    var title = getParam(params,"anon","");
-    if(title == "" && tiddler instanceof Tiddler)
-        title = tiddler.title;
-    var sep = getParam(params,"sep"," ");
-    theList.setAttribute("title",this.tooltip.format([title]));
-    var tagged = store.getTaggedTiddlers(title);
-    var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
-    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
-    for(var t=0; t<tagged.length; t++)
-        {
-        createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
-        if(t<tagged.length-1)
-            createTiddlyText(theList,sep);
-        }
-}
-
-config.macros.closeAll.handler = function(place)
-{
-    createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.closeAll.onClick = function(e)
-{
-    story.closeAllTiddlers();
-    return false;
-}
-
-config.macros.permaview.handler = function(place)
-{
-    createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.permaview.onClick = function(e)
-{
-    story.permaView();
-    return false;
-}
-
-config.macros.saveChanges.handler = function(place)
-{
-    if(!readOnly)
-        createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
-}
-
-config.macros.saveChanges.onClick = function(e)
-{
-    saveChanges();
-    return false;
-}
-
-config.macros.slider.onClickSlider = function(e)
-{
-    if(!e) var e = window.event;
-    var n = this.nextSibling;
-    var cookie = n.getAttribute("cookie");
-    var isOpen = n.style.display != "none";
-    if(anim && config.options.chkAnimate)
-        anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
-    else
-        n.style.display = isOpen ? "none" : "block";
-    config.options[cookie] = !isOpen;
-    saveOptionCookie(cookie);
-    return false;
-}
-
-config.macros.slider.createSlider = function(place,cookie,title,tooltip)
-{
-    var cookie = cookie ? cookie : "";
-    var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
-    var panel = createTiddlyElement(null,"div",null,"sliderPanel");
-    panel.setAttribute("cookie",cookie);
-    panel.style.display = config.options[cookie] ? "block" : "none";
-    place.appendChild(panel);
-    return panel;
-}
-
-config.macros.slider.handler = function(place,macroName,params)
-{
-    var panel = this.createSlider(place,params[0],params[2],params[3]);
-    var text = store.getTiddlerText(params[1]);
-    panel.setAttribute("refresh", "content");
-    panel.setAttribute("tiddler", params[1]);
-    if(text)
-        wikify(text,panel,null,store.getTiddler(params[1]));
-}
-
-config.macros.option.onChangeOption = function(e)
-{
-    var opt = this.getAttribute("option");
-    var elementType,valueField;
-    if(opt)
-        {
-        switch(opt.substr(0,3))
-            {
-            case "txt":
-                elementType = "input";
-                valueField = "value";
-                break;
-            case "chk":
-                elementType = "input";
-                valueField = "checked";
-                break;
-            }
-        config.options[opt] = this[valueField];
-        saveOptionCookie(opt);
-        var nodes = document.getElementsByTagName(elementType);
-        for(var t=0; t<nodes.length; t++)
-            {
-            var optNode = nodes[t].getAttribute("option");
-            if(opt == optNode)
-                nodes[t][valueField] = this[valueField];
-            }
-        }
-    return(true);
-}
-
-config.macros.option.handler = function(place,macroName,params)
-{
-    var opt = params[0];
-    if(config.options[opt] == undefined)
-        return;
-    var c;
-    switch(opt.substr(0,3))
-        {
-        case "txt":
-            c = document.createElement("input");
-            c.onkeyup = this.onChangeOption;
-            c.setAttribute("option",opt);
-            c.className = "txtOptionInput";
-            place.appendChild(c);
-            c.value = config.options[opt];
-            break;
-        case "chk":
-            c = document.createElement("input");
-            c.setAttribute("type","checkbox");
-            c.onclick = this.onChangeOption;
-            c.setAttribute("option",opt);
-            c.className = "chkOptionInput";
-            place.appendChild(c);
-            c.checked = config.options[opt];
-            break;
-        }
-}
-
-
-
-config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
-{
-    var tags = [];
-    for(var t=1; t<params.length; t++)
-        if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
-            tags.push(params[t].value);
-    label = getParam(params,"label",label);
-    prompt = getParam(params,"prompt",prompt);
-    accessKey = getParam(params,"accessKey",accessKey);
-    newFocus = getParam(params,"focus",newFocus);
-    var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
-    btn.setAttribute("newTitle",title);
-    btn.setAttribute("isJournal",isJournal);
-    btn.setAttribute("params",tags.join("|"));
-    btn.setAttribute("newFocus",newFocus);
-    btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
-    var text = getParam(params,"text");
-    if(text !== undefined)
-        btn.setAttribute("newText",text);
-    return btn;
-}
-
-config.macros.newTiddler.onClickNewTiddler = function()
-{
-    var title = this.getAttribute("newTitle");
-    if(this.getAttribute("isJournal"))
-        {
-        var now = new Date();
-        title = now.formatString(title.trim());
-        }
-    var params = this.getAttribute("params").split("|");
-    var focus = this.getAttribute("newFocus");
-    var template = this.getAttribute("newTemplate");
-    story.displayTiddler(null,title,template);
-    var text = this.getAttribute("newText");
-    if(typeof text == "string")
-        story.getTiddlerField(title,"text").value = text.format([title]);
-    for(var t=0;t<params.length;t++)
-        story.setTiddlerTag(title,params[t],+1);
-    story.focusTiddler(title,focus);
-    return false;
-}
-
-config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    if(!readOnly)
-        {
-        params = paramString.parseParams("anon",null,true,false,false);
-        var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
-        title = getParam(params,"title",title);
-        this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
-        }
-}
-
-config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    if(!readOnly)
-        {
-        params = paramString.parseParams("anon",null,true,false,false);
-        var title = params[1] && params[1].name == "anon" ? params[1].value : "";
-        title = getParam(params,"title",title);
-        config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
-        }
-}
-
-config.macros.sparkline.handler = function(place,macroName,params)
-{
-    var data = [];
-    var min = 0;
-    var max = 0;
-    for(var t=0; t<params.length; t++)
-        {
-        var v = parseInt(params[t]);
-        if(v < min)
-            min = v;
-        if(v > max)
-            max = v;
-        data.push(v);
-        }
-    if(data.length < 1)
-        return;
-    var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
-    box.title = data.join(",");
-    var w = box.offsetWidth;
-    var h = box.offsetHeight;
-    box.style.paddingRight = (data.length * 2 - w) + "px";
-    box.style.position = "relative";
-    for(var d=0; d<data.length; d++)
-        {
-        var tick = document.createElement("img");
-        tick.border = 0;
-        tick.className = "sparktick";
-        tick.style.position = "absolute";
-        tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
-        tick.style.left = d*2 + "px";
-        tick.style.width = "2px";
-        var v = Math.floor(((data[d] - min)/(max-min)) * h);
-        tick.style.top = (h-v) + "px";
-        tick.style.height = v + "px";
-        box.appendChild(tick);
-        }
-}
-
-config.macros.tabs.handler = function(place,macroName,params)
-{
-    var cookie = params[0];
-    var numTabs = (params.length-1)/3;
-    var wrapper = createTiddlyElement(null,"div",null,cookie);
-    var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
-    tabset.setAttribute("cookie",cookie);
-    var validTab = false;
-    for(var t=0; t<numTabs; t++)
-        {
-        var label = params[t*3+1];
-        var prompt = params[t*3+2];
-        var content = params[t*3+3];
-        var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
-        tab.setAttribute("tab",label);
-        tab.setAttribute("content",content);
-        tab.title = prompt;
-        if(config.options[cookie] == label)
-            validTab = true;
-        }
-    if(!validTab)
-        config.options[cookie] = params[1];
-    place.appendChild(wrapper);
-    this.switchTab(tabset,config.options[cookie]);
-}
-
-config.macros.tabs.onClickTab = function(e)
-{
-    config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
-    return false;
-}
-
-config.macros.tabs.switchTab = function(tabset,tab)
-{
-    var cookie = tabset.getAttribute("cookie");
-    var theTab = null
-    var nodes = tabset.childNodes;
-    for(var t=0; t<nodes.length; t++)
-        if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
-            {
-            theTab = nodes[t];
-            theTab.className = "tab tabSelected";
-            }
-        else
-            nodes[t].className = "tab tabUnselected"
-    if(theTab)
-        {
-        if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
-            tabset.parentNode.removeChild(tabset.nextSibling);
-        var tabContent = createTiddlyElement(null,"div",null,"tabContents");
-        tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
-        var contentTitle = theTab.getAttribute("content");
-        wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
-        if(cookie)
-            {
-            config.options[cookie] = tab;
-            saveOptionCookie(cookie);
-            }
-        }
-}
-
-// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
-config.macros.gradient.handler = function(place,macroName,params,wikifier)
-{
-    var terminator = ">>";
-    var panel;
-    if(wikifier)
-        panel = createTiddlyElement(place,"div",null,"gradient");
-    else
-        panel = place;
-    panel.style.position = "relative";
-    panel.style.overflow = "hidden";
-    panel.style.zIndex = "0";
-    var t;
-    if(wikifier)
-        {
-        var styles = config.formatterHelpers.inlineCssHelper(wikifier);
-        config.formatterHelpers.applyCssHelper(panel,styles);
-        }
-    var colours = [];
-    for(t=1; t<params.length; t++)
-        {
-        var c = new RGB(params[t]);
-        if(c)
-            colours.push(c);
-        }
-    drawGradient(panel,params[0] != "vert",colours);
-    if(wikifier)
-        wikifier.subWikify(panel,terminator);
-    if(document.all)
-        {
-        panel.style.height = "100%";
-        panel.style.width = "100%";
-        }
-}
-
-config.macros.message.handler = function(place,macroName,params)
-{
-    if(params[0])
-        {
-        var m = config;
-        var p = params[0].split(".");
-        for(var t=0; t<p.length; t++)
-            {
-            if(p[t] in m)
-                m = m[p[t]];
-            else
-                break;
-            }
-        createTiddlyText(place,m.toString().format(params.splice(1)));
-        }
-}
-
-config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    if((tiddler instanceof Tiddler) && params[0])
-        {
-        var value = store.getValue(tiddler,params[0]);
-        if(value != undefined)
-            switch(params[1])
-                {
-                case undefined:
-                    highlightify(value,place,highlightHack);
-                    break;
-                case "link":
-                    createTiddlyLink(place,value,true);
-                    break;
-                case "wikified":
-                    wikify(value,place,highlightHack,tiddler);
-                    break;
-                case "date":
-                    value = Date.convertFromYYYYMMDDHHMM(value);
-                    if(params[2])
-                        createTiddlyText(place,value.formatString(params[2]));
-                    else
-                        createTiddlyText(place,value);
-                    break;
-                }
-        }
-}
-
-config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    var field = params[0];
-    if((tiddler instanceof Tiddler) && field)
-        {
-        story.setDirty(tiddler.title,true);
-        if(field != "text")
-            {
-                var e = createTiddlyElement(null,"input");
-                if(tiddler.isReadOnly())
-                    e.setAttribute("readOnly","readOnly");
-                e.setAttribute("edit",field);
-                e.setAttribute("type","text");
-                var v = store.getValue(tiddler,field);
-                if(!v)
-                    v = "";
-                e.value = v;
-                e.setAttribute("size","40");
-                e.setAttribute("autocomplete","off");
-                place.appendChild(e);
-            }
-        else
-            {
-                var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
-                var wrapper2 = createTiddlyElement(wrapper1,"div");
-                var e = createTiddlyElement(wrapper2,"textarea");
-                if(tiddler.isReadOnly())
-                    e.setAttribute("readOnly","readOnly");
-                var v = store.getValue(tiddler,field);
-                if(!v)
-                    v = "";
-                e.value = v;
-                var rows = 10;
-                var lines = v.match(/\n/mg);
-                var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
-                if(lines != null && lines.length > rows)
-                    rows = lines.length + 5;
-                rows = Math.min(rows,maxLines);
-                e.setAttribute("rows",rows);
-                e.setAttribute("edit",field);
-                place.appendChild(wrapper1);
-            }
-        }
-}
-
-config.macros.tagChooser.onClick = function(e)
-{
-    if(!e) var e = window.event;
-    var lingo = config.views.editor.tagChooser;
-    var popup = Popup.create(this);
-    var tags = store.getTags();
-    if(tags.length == 0)
-        createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
-    for(var t=0; t<tags.length; t++)
-        {
-        var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
-        theTag.setAttribute("tag",tags[t][0]);
-        theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
-        }
-    Popup.show(popup,false);
-    e.cancelBubble = true;
-    if(e.stopPropagation) e.stopPropagation();
-    return(false);
-}
-
-config.macros.tagChooser.onTagClick = function(e)
-{
-    if(!e) var e = window.event;
-    var tag = this.getAttribute("tag");
-    var title = this.getAttribute("tiddler");
-    if(!readOnly)
-        story.setTiddlerTag(title,tag,0);
-    return(false);
-}
-
-config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    if(tiddler instanceof Tiddler)
-        {
-        var title = tiddler.title;
-        var lingo = config.views.editor.tagChooser;
-        var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
-        btn.setAttribute("tiddler", title);
-        }
-}
-
-// Create a toolbar command button
-// place - parent DOM element
-// command - reference to config.commands[] member -or- name of member
-// tiddler - reference to tiddler that toolbar applies to
-// theClass - the class to give the button
-config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
-{
-    if(typeof commandName != "string")
-        {
-        var c = null;
-        for(var t in config.commands)
-            if(config.commands[t] == commandName)
-                c = t;
-        commandName = c;
-        }
-    if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
-        {
-        var title = tiddler.title;
-        var command = config.commands[commandName];
-        var ro = tiddler.isReadOnly();
-        var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
-        var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
-        var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
-        if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
-
-            {
-            var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
-            btn.setAttribute("commandName", commandName);
-            btn.setAttribute("tiddler", title);
-            if(theClass)
-                addClass(btn,theClass);
-            place.appendChild(btn);
-            }
-        }
-}
-
-config.macros.toolbar.onClickCommand = function(e)
-{
-    if(!e) var e = window.event;
-    var command = config.commands[this.getAttribute("commandName")];
-    return command.handler(e,this,this.getAttribute("tiddler"));
-}
-
-// Invoke the first command encountered from a given place that is tagged with a specified class
-config.macros.toolbar.invokeCommand = function(place,theClass,event)
-{
-    var children = place.getElementsByTagName("a")
-    for(var t=0; t<children.length; t++)
-        {
-        var c = children[t];
-        if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
-            {
-            if(c.onclick instanceof Function)
-                c.onclick.call(c,event);
-            break;
-            }
-        }
-}
-
-config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    for(var t=0; t<params.length; t++)
-        {
-        var c = params[t];
-        var theClass = "";
-        switch(c.substr(0,1))
-            {
-            case "+":
-                theClass = "defaultCommand";
-                c = c.substr(1);
-                break;
-            case "-":
-                theClass = "cancelCommand";
-                c = c.substr(1);
-                break;
-            }
-        if(c in config.commands)
-            this.createCommand(place,c,tiddler,theClass);
-        }
-}
-
-config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    var e = createTiddlyElement(place,"div");
-    e.setAttribute("refresh","macro");
-    e.setAttribute("macroName","plugins");
-    e.setAttribute("params",paramString);
-    this.refresh(e,paramString);
-}
-
-config.macros.plugins.refresh = function(place,params)
-{
-    var selectedRows = [];
-    ListView.forEachSelector(place,function(e,rowName) {
-            if(e.checked)
-                selectedRows.push(e.getAttribute("rowName"));
-        });
-    removeChildren(place);
-    params = params.parseParams("anon");
-    var plugins = installedPlugins.slice(0);
-    var t,tiddler,p;
-    var configTiddlers = store.getTaggedTiddlers("systemConfig");
-    for(t=0; t<configTiddlers.length; t++)
-        {
-        tiddler = configTiddlers[t];
-        if(plugins.findByField("title",tiddler.title) == null)
-            {
-            p = getPluginInfo(tiddler);
-            p.executed = false;
-            p.log.splice(0,0,this.skippedText);
-            plugins.push(p);
-            }
-        }
-    for(t=0; t<plugins.length; t++)
-        {
-        var p = plugins[t];
-        p.forced = p.tiddler.isTagged("systemConfigForce");
-        p.disabled = p.tiddler.isTagged("systemConfigDisable");
-        p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
-        }
-    if(plugins.length == 0)
-        createTiddlyElement(place,"em",null,null,this.noPluginText);
-    else
-        ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
-}
-
-config.macros.plugins.onSelectCommand = function(command,rowNames)
-{
-    var t;
-    switch(command)
-        {
-        case "remove":
-            for(t=0; t<rowNames.length; t++)
-                store.setTiddlerTag(rowNames[t],false,"systemConfig");
-            break;
-        case "delete":
-            if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
-                {
-                for(t=0; t<rowNames.length; t++)
-                    {
-                    store.removeTiddler(rowNames[t]);
-                    story.closeTiddler(rowNames[t],true,false);
-                    }
-                }
-            break;
-        }
-    if(config.options.chkAutoSave)
-        saveChanges(true);
-}
-
-config.macros.refreshDisplay.handler = function(place)
-{
-    createTiddlyButton(place,this.label,this.prompt,this.onClick);
-}
-
-config.macros.refreshDisplay.onClick = function(e)
-{
-    refreshAll();
-    return false;
-}
-
-config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
-{
-    if(readOnly)
-        {
-        createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
-        return;
-        }
-    var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
-    createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
-    createTiddlyElement(importer,"h2",null,"step1",this.step1);
-    var step = createTiddlyElement(importer,"div",null,"wizardStep");
-    createTiddlyText(step,this.step1prompt);
-    var input = createTiddlyElement(null,"input",null,"txtOptionInput");
-    input.type = "text";
-    input.size = 50;
-    step.appendChild(input);
-    importer.inputBox = input;
-    createTiddlyElement(step,"br");
-    createTiddlyText(step,this.step1promptFile);
-    var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
-    fileInput.type = "file";
-    fileInput.size = 50;
-    fileInput.onchange = this.onBrowseChange;
-    fileInput.onkeyup = this.onBrowseChange;
-    step.appendChild(fileInput);
-    createTiddlyElement(step,"br");
-    createTiddlyText(step,this.step1promptFeeds);
-    var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
-    createTiddlyDropDown(step,this.onFeedChange,feeds);
-    createTiddlyElement(step,"br");
-    createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
-        place.appendChild(importer);
-}
-
-config.macros.importTiddlers.getFeeds = function(feeds)
-{
-    var tagged = store.getTaggedTiddlers("contentPublisher","title");
-    for(var t=0; t<tagged.length; t++)
-        feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
-    return feeds;
-}
-
-config.macros.importTiddlers.onFeedChange = function(e)
-{
-    var importer = findRelated(this,"importTiddler","className","parentNode");
-    importer.inputBox.value = this.value;
-    this.selectedIndex = 0;
-}
-
-config.macros.importTiddlers.onBrowseChange = function(e)
-{
-    var importer = findRelated(this,"importTiddler","className","parentNode");
-    importer.inputBox.value = "file://" + this.value;
-}
-
-config.macros.importTiddlers.onFetch = function(e)
-{
-    var importer = findRelated(this,"importTiddler","className","parentNode");
-    var url = importer.inputBox.value;
-    var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
-    while(cutoff)
-        {
-        var temp = cutoff.nextSibling;
-        cutoff.parentNode.removeChild(cutoff);
-        cutoff = temp;
-        }
-    createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
-    var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
-    loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
-}
-
-config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
-{
-    if(!status)
-        {
-        displayMessage(this.fetchError);
-        return;
-        }
-    var importer = params;
-    // Check that the tiddler we're in hasn't been closed - doesn't work on IE
-//  var p = importer;
-//  while(p.parentNode)
-//      p = p.parentNode;
-//  if(!(p instanceof HTMLDocument))
-//      return;
-    // Crack out the content - (should be refactored)
-    var posOpeningDiv = responseText.indexOf(startSaveArea);
-    var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
-    var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
-    if((posOpeningDiv == -1) || (posClosingDiv == -1))
-        {
-        alert(config.messages.invalidFileError.format([url]));
-        return;
-        }
-    var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
-    // Create the iframe
-    var iframe = document.createElement("iframe");
-    iframe.style.display = "none";
-    importer.insertBefore(iframe,importer.firstChild);
-    var doc = iframe.document;
-    if(iframe.contentDocument)
-        doc = iframe.contentDocument; // For NS6
-    else if(iframe.contentWindow)
-        doc = iframe.contentWindow.document; // For IE5.5 and IE6
-    // Put the content in the iframe
-    doc.open();
-    doc.writeln(content);
-    doc.close();
-    // Load the content into a TiddlyWiki() object
-    var storeArea = doc.getElementById("storeArea");
-    var importStore = new TiddlyWiki();
-    importStore.loadFromDiv(storeArea,"store");
-    // Get rid of the iframe
-    iframe.parentNode.removeChild(iframe);
-    // Extract data for the listview
-    var tiddlers = [];
-    importStore.forEachTiddler(function(title,tiddler)
-        {
-        var t = {};
-        t.title = title;
-        t.modified = tiddler.modified;
-        t.modifier = tiddler.modifier;
-        t.text = tiddler.text.substr(0,50);
-        t.tags = tiddler.tags;
-        tiddlers.push(t);
-        });
-    // Display the listview
-    createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
-    var step = createTiddlyElement(importer,"div",null,"wizardStep");
-    ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
-    // Save the importer
-    importer.store = importStore;
-}
-
-config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
-{
-    var importer = findRelated(listView,"importTiddler","className","parentNode");
-    switch(command)
-        {
-        case "import":
-            config.macros.importTiddlers.doImport(importer,rowNames);
-            break;
-        }
-    if(config.options.chkAutoSave)
-        saveChanges(true);
-}
-
-config.macros.importTiddlers.doImport = function(importer,rowNames)
-{
-    var theStore = importer.store;
-    var overwrite = new Array();
-    var t;
-    for(t=0; t<rowNames.length; t++)
-        {
-        if(store.tiddlerExists(rowNames[t]))
-            overwrite.push(rowNames[t]);
-    }
-    if(overwrite.length > 0)
-        if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
-            return;
-    for(t=0; t<rowNames.length; t++)
-        {
-        var inbound = theStore.fetchTiddler(rowNames[t]);
-        store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
-        store.fetchTiddler(inbound.title).created = inbound.created;
-        store.notify(rowNames[t],false);
-        }
-    store.notifyAll();
-    store.setDirty(true);
-    createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
-    var step = createTiddlyElement(importer,"div",null,"wizardStep");
-    for(t=0; t<rowNames.length; t++)
-        {
-        createTiddlyLink(step,rowNames[t],true);
-        createTiddlyElement(step,"br");
-        }
-    createTiddlyElement(importer,"h2",null,"step5",this.step5);
-}
-// ---------------------------------------------------------------------------------
-// Menu and toolbar commands
-// ---------------------------------------------------------------------------------
-
-config.commands.closeTiddler.handler = function(event,src,title)
-{
-    story.closeTiddler(title,true,event.shiftKey || event.altKey);
-    return false;
-}
-
-config.commands.closeOthers.handler = function(event,src,title)
-{
-    story.closeAllTiddlers(title);
-    return false;
-}
-
-config.commands.editTiddler.handler = function(event,src,title)
-{
-    clearMessage();
-    story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
-    story.focusTiddler(title,"text");
-    return false;
-}
-
-config.commands.saveTiddler.handler = function(event,src,title)
-{
-    var newTitle = story.saveTiddler(title,event.shiftKey);
-    if(newTitle)
-       story.displayTiddler(null,newTitle);
-    return false;
-}
-
-config.commands.cancelTiddler.handler = function(event,src,title)
-{
-    if(story.hasChanges(title) && !readOnly)
-        if(!confirm(this.warning.format([title])))
-            return false;
-    story.setDirty(title,false);
-    story.displayTiddler(null,title);
-    return false;
-}
-
-config.commands.deleteTiddler.handler = function(event,src,title)
-{
-    var deleteIt = true;
-    if (config.options.chkConfirmDelete)
-        deleteIt = confirm(this.warning.format([title]));
-    if (deleteIt)
-        {
-        store.removeTiddler(title);
-        story.closeTiddler(title,true,event.shiftKey || event.altKey);
-        if(config.options.chkAutoSave)
-            saveChanges();
-        }
-    return false;
-}
-
-config.commands.permalink.handler = function(event,src,title)
-{
-    var t = encodeURIComponent(String.encodeTiddlyLink(title));
-    if(window.location.hash != t)
-        window.location.hash = t;
-    return false;
-}
-
-config.commands.references.handler = function(event,src,title)
-{
-    var popup = Popup.create(src);
-    if(popup)
-        {
-        var references = store.getReferringTiddlers(title);
-        var c = false;
-        for(var r=0; r<references.length; r++)
-            if(references[r].title != title && !references[r].isTagged("excludeLists"))
-                {
-                createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
-                c = true;
-                }
-        if(!c)
-            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
-        }
-    Popup.show(popup,false);
-    event.cancelBubble = true;
-    if (event.stopPropagation) event.stopPropagation();
-    return false;
-}
-
-config.commands.jump.handler = function(event,src,title)
-{
-    var popup = Popup.create(src);
-    if(popup)
-        {
-        story.forEachTiddler(function(title,element) {
-            createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
-            });
-        }
-    Popup.show(popup,false);
-    event.cancelBubble = true;
-    if (event.stopPropagation) event.stopPropagation();
-    return false;
-}
-
-// ---------------------------------------------------------------------------------
-// Tiddler() object
-// ---------------------------------------------------------------------------------
-
-function Tiddler()
-{
-    this.title = null;
-    this.text = null;
-    this.modifier = null;
-    this.modified = new Date();
-    this.created = new Date();
-    this.links = [];
-    this.linksUpdated = false;
-    this.tags = [];
-    return this;
-}
-
-Tiddler.prototype.getLinks = function()
-{
-    if(this.linksUpdated==false)
-        this.changed();
-    return this.links;
-}
-
-// Format the text for storage in an RSS item
-Tiddler.prototype.saveToRss = function(url)
-{
-    var s = [];
-    s.push("<item>");
-    s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
-    s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
-    for(var t=0; t<this.tags.length; t++)
-        s.push("<category>" + this.tags[t] + "</category>");
-    s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
-    s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
-    s.push("</item>");
-    return(s.join("\n"));
-}
-
-// Change the text and other attributes of a tiddler
-Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
-{
-    this.assign(title,text,modifier,modified,tags,created,fields);
-    this.changed();
-    return this;
-}
-
-// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
-Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
-{
-    if(title != undefined)
-        this.title = title;
-    if(text != undefined)
-        this.text = text;
-    if(modifier != undefined)
-        this.modifier = modifier;
-    if(modified != undefined)
-        this.modified = modified;
-    if(created != undefined)
-        this.created = created;
-    if(fields != undefined)
-        this.fields = fields;
-    if(tags != undefined)
-        this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
-    else if(this.tags == undefined)
-        this.tags = [];
-    return this;
-}
-
-// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
-Tiddler.prototype.getTags = function()
-{
-    return String.encodeTiddlyLinkList(this.tags);
-}
-
-// Test if a tiddler carries a tag
-Tiddler.prototype.isTagged = function(tag)
-{
-    return this.tags.indexOf(tag) != -1;
-}
-
-// Static method to convert "\n" to newlines, "\s" to "\"
-Tiddler.unescapeLineBreaks = function(text)
-{
-    return text ? text.unescapeLineBreaks() : "";
-}
-
-// Convert newlines to "\n", "\" to "\s"
-Tiddler.prototype.escapeLineBreaks = function()
-{
-    return this.text.escapeLineBreaks();
-}
-
-// Updates the secondary information (like links[] array) after a change to a tiddler
-Tiddler.prototype.changed = function()
-{
-    this.links = [];
-    var t = this.autoLinkWikiWords() ? 0 : 1;
-    var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
-    tiddlerLinkRegExp.lastIndex = 0;
-    var formatMatch = tiddlerLinkRegExp.exec(this.text);
-    while(formatMatch)
-        {
-        if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
-            {
-            if(formatMatch.index > 0)
-                {
-                var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
-                preRegExp.lastIndex = formatMatch.index-1;
-                var preMatch = preRegExp.exec(this.text);
-                if(preMatch.index != formatMatch.index-1)
-                    this.links.pushUnique(formatMatch[1]);
-                }
-            else
-                this.links.pushUnique(formatMatch[1]);
-            }
-        else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
-            this.links.pushUnique(formatMatch[3-t]);
-        else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
-            this.links.pushUnique(formatMatch[4-t]);
-        // Do not add link if match urlPattern (formatMatch[5-t])
-        formatMatch = tiddlerLinkRegExp.exec(this.text);
-        }
-    this.linksUpdated = true;
-    return;
-}
-
-Tiddler.prototype.getSubtitle = function()
-{
-    var theModifier = this.modifier;
-    if(!theModifier)
-        theModifier = config.messages.subtitleUnknown;
-    var theModified = this.modified;
-    if(theModified)
-        theModified = theModified.toLocaleString();
-    else
-        theModified = config.messages.subtitleUnknown;
-    return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
-}
-
-Tiddler.prototype.isReadOnly = function()
-{
-    return readOnly;
-}
-
-Tiddler.prototype.autoLinkWikiWords = function()
-{
-    return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
-}
-
-Tiddler.prototype.generateFingerprint = function()
-{
-    return "0x" + Crypto.hexSha1Str(this.text);
-}
-
-// ---------------------------------------------------------------------------------
-// TiddlyWiki() object contains Tiddler()s
-// ---------------------------------------------------------------------------------
-
-function TiddlyWiki()
-{
-    var tiddlers = {}; // Hashmap by name of tiddlers
-    this.tiddlersUpdated = false;
-    this.namedNotifications = []; // Array of {name:,notify:} of notification functions
-    this.notificationLevel = 0;
-    this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
-    this.clear = function() {
-        tiddlers = {};
-        this.setDirty(false);
-        };
-    this.fetchTiddler = function(title) {
-        return tiddlers[title];
-        };
-    this.deleteTiddler = function(title) {
-        delete this.slices[title];
-        delete tiddlers[title];
-        };
-    this.addTiddler = function(tiddler) {
-        delete this.slices[tiddler.title];
-        tiddlers[tiddler.title] = tiddler;
-        };
-    this.forEachTiddler = function(callback) {
-        for(var t in tiddlers)
-            {
-            var tiddler = tiddlers[t];
-            if(tiddler instanceof Tiddler)
-                callback.call(this,t,tiddler);
-            }
-        };
-}
-
-// Set the dirty flag
-TiddlyWiki.prototype.setDirty = function(dirty)
-{
-    this.dirty = dirty;
-}
-
-TiddlyWiki.prototype.isDirty = function()
-{
-    return this.dirty;
-}
-
-TiddlyWiki.prototype.suspendNotifications = function()
-{
-    this.notificationLevel--;
-}
-
-TiddlyWiki.prototype.resumeNotifications = function()
-{
-    this.notificationLevel++;
-}
-
-// Invoke the notification handlers for a particular tiddler
-TiddlyWiki.prototype.notify = function(title,doBlanket)
-{
-    if(!this.notificationLevel)
-        for(var t=0; t<this.namedNotifications.length; t++)
-            {
-            var n = this.namedNotifications[t];
-            if((n.name == null && doBlanket) || (n.name == title))
-                n.notify(title);
-            }
-}
-
-// Invoke the notification handlers for all tiddlers
-TiddlyWiki.prototype.notifyAll = function()
-{
-    if(!this.notificationLevel)
-        for(var t=0; t<this.namedNotifications.length; t++)
-            {
-            var n = this.namedNotifications[t];
-            if(n.name)
-                n.notify(n.name);
-            }
-}
-
-// Add a notification handler to a tiddler
-TiddlyWiki.prototype.addNotification = function(title,fn)
-{
-    for (var i=0; i<this.namedNotifications.length; i++)
-        if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
-            return this;
-    this.namedNotifications.push({name: title, notify: fn});
-    return this;
-}
-
-TiddlyWiki.prototype.removeTiddler = function(title)
-{
-    var tiddler = this.fetchTiddler(title);
-    if(tiddler)
-        {
-        this.deleteTiddler(title);
-        this.notify(title,true);
-        this.setDirty(true);
-        }
-}
-
-TiddlyWiki.prototype.tiddlerExists = function(title)
-{
-    var t = this.fetchTiddler(title);
-    return (t != undefined);
-}
-
-TiddlyWiki.prototype.isShadowTiddler = function(title)
-{
-    return typeof config.shadowTiddlers[title] == "string";
-}
-
-TiddlyWiki.prototype.getTiddler = function(title)
-{
-    var t = this.fetchTiddler(title);
-    if(t != undefined)
-        return t;
-    else
-        return null;
-}
-
-TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
-{
-    var tiddler = this.fetchTiddler(title);
-    if(tiddler)
-        return tiddler.text;
-    if(!title)
-        return defaultText;
-    var pos = title.indexOf(config.textPrimitives.sliceSeparator);
-    if(pos != -1)
-        {
-        var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
-        if(slice)
-            return slice;
-        }
-    if(this.isShadowTiddler(title))
-        return config.shadowTiddlers[title];
-    if(defaultText != undefined)
-        return defaultText;
-    return null;
-}
-
-TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
-
-// @internal
-TiddlyWiki.prototype.calcAllSlices = function(title)
-{
-    var slices = {};
-    var text = this.getTiddlerText(title,"");
-    this.slicesRE.lastIndex = 0;
-    do
-        {
-            var m = this.slicesRE.exec(text);
-            if (m)
-                {
-                    if (m[1])
-                        slices[m[1]] = m[2];
-                    else
-                        slices[m[3]] = m[4];
-                }
-        }
-    while(m);
-    return slices;
-}
-
-// Returns the slice of text of the given name
-//#
-//# A text slice is a substring in the tiddler's text that is defined
-//# either like this
-//#    aName:  textSlice
-//# or
-//#    |aName:| textSlice |
-//# or
-//#    |aName| textSlice |
-//#
-//# In the text the name (or name:) may be decorated with '' or //. I.e.
-//# this would also a possible text slice:
-//#
-//#    |''aName:''| textSlice |
-//#
-//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
-//# @return [may be undefined] the (trimmed) text of the specified slice.
-TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
-{
-    var slices = this.slices[title];
-    if (!slices) {
-        slices = this.calcAllSlices(title);
-        this.slices[title] = slices;
-    }
-    return slices[sliceName];
-}
-
-// Build an hashmap of the specified named slices of a tiddler
-TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
-{
-    var r = {};
-    for(var t=0; t<sliceNames.length; t++)
-        {
-        var slice = this.getTiddlerSlice(title,sliceNames[t]);
-        if(slice)
-            r[sliceNames[t]] = slice;
-        }
-    return r;
-}
-
-TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
-{
-    var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
-    var text = this.getTiddlerText(title,null);
-    if(text == null)
-        return defaultText;
-    var textOut = [];
-    var lastPos = 0;
-    do {
-        var match = bracketRegExp.exec(text);
-        if(match)
-            {
-            textOut.push(text.substr(lastPos,match.index-lastPos));
-            if(match[1])
-                {
-                if(depth <= 0)
-                    textOut.push(match[1]);
-                else
-                    textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
-                }
-            lastPos = match.index + match[0].length;
-            }
-        else
-            textOut.push(text.substr(lastPos));
-    } while(match);
-    return(textOut.join(""));
-}
-
-TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
-{
-    var tiddler = this.fetchTiddler(title);
-    if(tiddler)
-        {
-        var t = tiddler.tags.indexOf(tag);
-        if(t != -1)
-            tiddler.tags.splice(t,1);
-        if(status)
-            tiddler.tags.push(tag);
-        tiddler.changed();
-        this.notify(title,true);
-        this.setDirty(true);
-        }
-}
-
-TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
-{
-    var tiddler = this.fetchTiddler(title);
-    var created;
-    if(tiddler)
-        {
-        created = tiddler.created; // Preserve created date
-        this.deleteTiddler(title);
-        }
-    else
-        {
-        tiddler = new Tiddler();
-        created = modified;
-        }
-    tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
-    this.addTiddler(tiddler);
-    if(title != newTitle)
-        this.notify(title,true);
-    this.notify(newTitle,true);
-    this.setDirty(true);
-    return tiddler;
-}
-
-TiddlyWiki.prototype.createTiddler = function(title)
-{
-    var tiddler = this.fetchTiddler(title);
-    if(!tiddler)
-        {
-        tiddler = new Tiddler();
-        tiddler.title = title;
-        this.addTiddler(tiddler);
-        this.setDirty(true);
-        }
-    return tiddler;
-}
-
-// Load contents of a tiddlywiki from an HTML DIV
-TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
-{
-    this.idPrefix = idPrefix;
-    var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
-    var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
-    this.setDirty(false);
-    if(!noUpdate)
-        {
-        for(var i = 0;i<tiddlers.length; i++)
-            tiddlers[i].changed();
-        }
-}
-
-TiddlyWiki.prototype.updateTiddlers = function()
-{
-    this.tiddlersUpdated = true;
-    this.forEachTiddler(function(title,tiddler) {
-        tiddler.changed();
-        });
-}
-
-// Return all tiddlers formatted as an HTML string
-TiddlyWiki.prototype.allTiddlersAsHtml = function()
-{
-    return store.getSaver().externalize(store);
-}
-
-// Return an array of tiddlers matching a search regular expression
-TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
-{
-    var candidates = this.reverseLookup("tags",excludeTag,false);
-    var results = [];
-    for(var t=0; t<candidates.length; t++)
-        {
-        if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
-            results.push(candidates[t]);
-        }
-    if(!sortField)
-        sortField = "title";
-    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-    return results;
-}
-
-// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
-TiddlyWiki.prototype.getTags = function()
-{
-    var results = [];
-    this.forEachTiddler(function(title,tiddler) {
-        for(var g=0; g<tiddler.tags.length; g++)
-            {
-            var tag = tiddler.tags[g];
-            var f = false;
-            for(var c=0; c<results.length; c++)
-                if(results[c][0] == tag)
-                    {
-                    f = true;
-                    results[c][1]++;
-                    }
-            if(!f)
-                results.push([tag,1]);
-            }
-        });
-    results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
-    return results;
-}
-
-// Return an array of the tiddlers that are tagged with a given tag
-TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
-{
-    return this.reverseLookup("tags",tag,true,sortField);
-}
-
-// Return an array of the tiddlers that link to a given tiddler
-TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
-{
-    if(!this.tiddlersUpdated)
-        this.updateTiddlers();
-    return this.reverseLookup("links",title,true,sortField);
-}
-
-// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
-// lookupMatch == true to match tiddlers, false to exclude tiddlers
-TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
-{
-    var results = [];
-    this.forEachTiddler(function(title,tiddler) {
-        var f = !lookupMatch;
-        for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
-            if(tiddler[lookupField][lookup] == lookupValue)
-                f = lookupMatch;
-        if(f)
-            results.push(tiddler);
-        });
-    if(!sortField)
-        sortField = "title";
-    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
-    return results;
-}
-
-// Return the tiddlers as a sorted array
-TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
-{
-    var results = [];
-    this.forEachTiddler(function(title,tiddler) {
-        if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
-            results.push(tiddler);
-        });
-    if(field)
-        results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
-    return results;
-}
-
-// Return array of names of tiddlers that are referred to but not defined
-TiddlyWiki.prototype.getMissingLinks = function(sortField)
-{
-    if(!this.tiddlersUpdated)
-        this.updateTiddlers();
-    var results = [];
-    this.forEachTiddler(function (title,tiddler) {
-        for(var n=0; n<tiddler.links.length;n++)
-            {
-            var link = tiddler.links[n];
-            if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
-                results.pushUnique(link);
-            }
-        });
-    results.sort();
-    return results;
-}
-
-// Return an array of names of tiddlers that are defined but not referred to
-TiddlyWiki.prototype.getOrphans = function()
-{
-    var results = [];
-    this.forEachTiddler(function (title,tiddler) {
-        if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
-            results.push(title);
-        });
-    results.sort();
-    return results;
-}
-
-// Return an array of names of all the shadow tiddlers
-TiddlyWiki.prototype.getShadowed = function()
-{
-    var results = [];
-    for(var t in config.shadowTiddlers)
-        if(typeof config.shadowTiddlers[t] == "string")
-            results.push(t);
-    results.sort();
-    return results;
-}
-
-// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
-TiddlyWiki.prototype.resolveTiddler = function(tiddler)
-{
-    var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
-    return t instanceof Tiddler ? t : null;
-}
-
-TiddlyWiki.prototype.getLoader = function()
-{
-    if (!this.loader)
-        this.loader = new TW21Loader();
-    return this.loader;
-}
-
-TiddlyWiki.prototype.getSaver = function()
-{
-    if (!this.saver)
-        this.saver = new TW21Saver();
-    return this.saver;
-}
-
-// Returns true if path is a valid field name (path),
-// i.e. a sequence of identifiers, separated by '.'
-TiddlyWiki.isValidFieldName = function (name) {
-    var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
-    return match && (match[0] == name);
-}
-
-// Throws an exception when name is not a valid field name.
-TiddlyWiki.checkFieldName = function(name) {
-    if (!TiddlyWiki.isValidFieldName(name))
-        throw config.messages.invalidFieldName.format([name]);
-}
-
-function StringFieldAccess(n, readOnly) {
-    this.set = readOnly
-        ? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
-        : function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
-    this.get = function(t) {return t[n];};
-}
-
-function DateFieldAccess(n) {
-    this.set = function(t,v) {
-            var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v);
-            if (d != t[n]) {
-                t[n] = d; return true;
-            }
-        };
-    this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
-}
-
-function LinksFieldAccess(n) {
-    this.set = function(t,v) {
-            var s = (typeof v == "string") ? v.readBracketedList() : v;
-            if (s.toString() != t[n].toString()) {
-                t[n] = s; return true;
-            }
-        };
-    this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
-}
-
-TiddlyWiki.standardFieldAccess = {
-    // The set functions return true when setting the data has changed the value.
-
-    "title":    new StringFieldAccess("title", true),
-    // Handle the "tiddler" field name as the title
-    "tiddler":  new StringFieldAccess("title", true),
-
-    "text":     new StringFieldAccess("text"),
-    "modifier": new StringFieldAccess("modifier"),
-    "modified": new DateFieldAccess("modified"),
-    "created":  new DateFieldAccess("created"),
-    "tags":     new LinksFieldAccess("tags")
-};
-
-TiddlyWiki.isStandardField = function(name) {
-    return TiddlyWiki.standardFieldAccess[name] != undefined;
-}
-
-// Sets the value of the given field of the tiddler to the value.
-// Setting an ExtendedField's value to null or undefined removes the field.
-// Setting a namespace to undefined removes all fields of that namespace.
-// The fieldName is case-insensitive.
-// All values will be converted to a string value.
-TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
-    TiddlyWiki.checkFieldName(fieldName);
-    var t = this.resolveTiddler(tiddler);
-    if (!t)
-        return;
-
-    fieldName = fieldName.toLowerCase();
-
-    var isRemove = (value === undefined) || (value === null);
-
-    if (!t.fields)
-        t.fields = {};
-
-    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-    if (accessor) {
-        if (isRemove)
-            // don't remove StandardFields
-            return;
-        var h = TiddlyWiki.standardFieldAccess[fieldName];
-        if (!h.set(t, value))
-            return;
-
-    } else {
-        var oldValue = t.fields[fieldName];
-
-        if (isRemove) {
-            if (oldValue !== undefined) {
-                // deletes a single field
-                delete t.fields[fieldName];
-            } else {
-                // no concrete value is defined for the fieldName
-                // so we guess this is a namespace path.
-
-                // delete all fields in a namespace
-                var re = new RegExp('^'+fieldName+'\\.');
-                var dirty = false;
-                for (var n in t.fields) {
-                    if (n.match(re)) {
-                        delete t.fields[n];
-                        dirty = true;
-                    }
-                }
-                if (!dirty)
-                    return
-            }
-
-        } else {
-            // the "normal" set case. value is defined (not null/undefined)
-            // For convenience provide a nicer conversion Date->String
-            value = value instanceof Date
-                ? value.convertToYYYYMMDDHHMMSSMMM()
-                : String(value);
-            if (oldValue == value)
-                return;
-            t.fields[fieldName] = value;
-        }
-    }
-
-    // When we are here the tiddler/store really was changed.
-    this.notify(t.title,true);
-    if (!fieldName.match(/^temp\./))
-        this.setDirty(true);
-}
-
-// Returns the value of the given field of the tiddler.
-// The fieldName is case-insensitive.
-// Will only return String values (or undefined).
-TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
-    var t = this.resolveTiddler(tiddler);
-    if (!t)
-        return undefined;
-
-    fieldName = fieldName.toLowerCase();
-
-    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
-    if (accessor) {
-        return accessor.get(t);
-    }
-
-    return t.fields ? t.fields[fieldName] : undefined;
-}
-
-// Calls the callback function for every field in the tiddler.
-//
-// When callback function returns a non-false value the iteration stops
-// and that value is returned.
-//
-// The order of the fields is not defined.
-//
-// @param callback a function(tiddler, fieldName, value).
-//
-TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
-    var t = this.resolveTiddler(tiddler);
-    if (!t)
-        return undefined;
-
-    if (t.fields) {
-        for (var n in t.fields) {
-            var result = callback(t, n, t.fields[n]);
-            if (result)
-                return result;
-        }
-    }
-
-    if (onlyExtendedFields)
-        return undefined;
-
-    for (var n in TiddlyWiki.standardFieldAccess) {
-        if (n == "tiddler")
-            // even though the "title" field can also be referenced through the name "tiddler"
-            // we only visit this field once.
-            continue;
-
-        var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
-        if (result)
-            return result;
-    }
-
-    return undefined;
-};
-// ---------------------------------------------------------------------------------
-// Story functions
-// ---------------------------------------------------------------------------------
-
-// A story is a HTML div containing a sequence of tiddlers that can be manipulated
-// container - id of containing element
-// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
-function Story(container,idPrefix)
-{
-    this.container = container;
-    this.idPrefix = idPrefix;
-    this.highlightRegExp = null;
-}
-
-// Iterate through all the tiddlers in a story
-// fn - callback function to be called for each tiddler. Arguments are:
-//      tiddler - reference to Tiddler object
-//      element - reference to tiddler display element
-Story.prototype.forEachTiddler = function(fn)
-{
-    var place = document.getElementById(this.container);
-    if(!place)
-        return;
-    var e = place.firstChild;
-    while(e)
-        {
-        var n = e.nextSibling;
-        var title = e.getAttribute("tiddler");
-        fn.call(this,title,e);
-        e = n;
-        }
-}
-
-// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
-// titles - array of string titles
-Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
-{
-    for(var t = titles.length-1;t>=0;t--)
-        this.displayTiddler(srcElement,titles[t],template,animate,slowly);
-}
-
-// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
-// template, it is switched to the specified template
-// srcElement - reference to element from which this one is being opened -or-
-//              special positions "top", "bottom"
-// title - title of tiddler to display
-// template - the name of the tiddler containing the template -or-
-//            one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
-//            null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
-// animate - whether to perform animations
-// slowly - whether to perform animations in slomo
-Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
-{
-    var place = document.getElementById(this.container);
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem)
-        this.refreshTiddler(title,template);
-    else
-        {
-        var before = this.positionTiddler(srcElement);
-        tiddlerElem = this.createTiddler(place,before,title,template);
-        }
-    if(srcElement && typeof srcElement !== "string")
-        {
-        if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
-            anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
-        else
-            window.scrollTo(0,ensureVisible(tiddlerElem));
-        }
-}
-
-// Figure out the appropriate position for a newly opened tiddler
-// srcElement - reference to the element containing the link to the tiddler -or-
-//              special positions "top", "bottom"
-// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
-Story.prototype.positionTiddler = function(srcElement)
-{
-    var place = document.getElementById(this.container);
-    var before;
-    if(typeof srcElement == "string")
-        {
-        switch(srcElement)
-            {
-            case "top":
-                before = place.firstChild;
-                break;
-            case "bottom":
-                before = null;
-                break;
-            }
-        }
-    else
-        {
-        var after = this.findContainingTiddler(srcElement);
-        if(after == null)
-            before = place.firstChild;
-        else if(after.nextSibling)
-            before = after.nextSibling;
-        else
-            before = null;
-        }
-    return before;
-}
-
-// Create a tiddler frame at the appropriate place in a story column
-// place - reference to parent element
-// before - null, or reference to element before which to insert new tiddler
-// title - title of new tiddler
-// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
-Story.prototype.createTiddler = function(place,before,title,template)
-{
-    var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
-    tiddlerElem.setAttribute("refresh","tiddler");
-    place.insertBefore(tiddlerElem,before);
-    this.refreshTiddler(title,template);
-    return tiddlerElem;
-}
-
-// Overridable for choosing the name of the template to apply for a tiddler
-Story.prototype.chooseTemplateForTiddler = function(title,template)
-{
-    if(!template)
-        template = DEFAULT_VIEW_TEMPLATE;
-    if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
-        template = config.tiddlerTemplates[template];
-    return template;
-}
-
-// Overridable for extracting the text of a template from a tiddler
-Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
-{
-    return store.getRecursiveTiddlerText(template,null,10);
-}
-
-// Apply a template to an existing tiddler if it is not already displayed using that template
-// title - title of tiddler to update
-// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
-// force - if true, forces the refresh even if the template hasn't changedd
-Story.prototype.refreshTiddler = function(title,template,force)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem)
-        {
-        if(tiddlerElem.getAttribute("dirty") == "true" && !force)
-            return tiddlerElem;
-        template = this.chooseTemplateForTiddler(title,template);
-        var currTemplate = tiddlerElem.getAttribute("template");
-        if((template != currTemplate) || force)
-            {
-            var tiddler = store.getTiddler(title);
-            if(!tiddler)
-                {
-                tiddler = new Tiddler();
-                if(store.isShadowTiddler(title))
-                    tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
-                else
-                    {
-                    var text = template=="EditTemplate"
-                                ? config.views.editor.defaultText.format([title])
-                                : config.views.wikified.defaultText.format([title]);
-                    tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
-                    }
-                }
-            tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
-            tiddlerElem.setAttribute("tiddler",title);
-            tiddlerElem.setAttribute("template",template);
-            var me = this;
-            tiddlerElem.onmouseover = this.onTiddlerMouseOver;
-            tiddlerElem.onmouseout = this.onTiddlerMouseOut;
-            tiddlerElem.ondblclick = this.onTiddlerDblClick;
-            tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
-            var html = this.getTemplateForTiddler(title,template,tiddler);
-            tiddlerElem.innerHTML = html;
-            applyHtmlMacros(tiddlerElem,tiddler);
-            if(store.getTaggedTiddlers(title).length > 0)
-                addClass(tiddlerElem,"isTag");
-            else
-                removeClass(tiddlerElem,"isTag");
-            if(!store.tiddlerExists(title))
-                {
-                if(store.isShadowTiddler(title))
-                    addClass(tiddlerElem,"shadow");
-                else
-                    addClass(tiddlerElem,"missing");
-                }
-            else
-                {
-                removeClass(tiddlerElem,"shadow");
-                removeClass(tiddlerElem,"missing");
-                }
-            }
-        }
-    return tiddlerElem;
-}
-
-// Refresh all tiddlers in the Story
-Story.prototype.refreshAllTiddlers = function()
-{
-    var place = document.getElementById(this.container);
-    var e = place.firstChild;
-    if(!e)
-        return;
-    this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
-    while((e = e.nextSibling) != null)
-        this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
-}
-
-// Default tiddler onmouseover/out event handlers
-Story.prototype.onTiddlerMouseOver = function(e)
-{
-    if(window.addClass instanceof Function)
-        addClass(this,"selected");
-}
-
-Story.prototype.onTiddlerMouseOut = function(e)
-{
-    if(window.removeClass instanceof Function)
-        removeClass(this,"selected");
-}
-
-// Default tiddler ondblclick event handler
-Story.prototype.onTiddlerDblClick = function(e)
-{
-    if(!e) var e = window.event;
-    var theTarget = resolveTarget(e);
-    if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
-        {
-        if(document.selection && document.selection.empty)
-            document.selection.empty();
-        config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-        e.cancelBubble = true;
-        if (e.stopPropagation) e.stopPropagation();
-        return true;
-        }
-    else
-        return false;
-}
-
-Story.prototype.onTiddlerKeyPress = function(e)
-{
-    if(!e) var e = window.event;
-    clearMessage();
-    var consume = false;
-    var title = this.getAttribute("tiddler");
-    var target = resolveTarget(e);
-    switch(e.keyCode)
-        {
-        case 9: // Tab
-            if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
-                {
-                replaceSelection(target,String.fromCharCode(9));
-                consume = true;
-                }
-            if(config.isOpera)
-                {
-                target.onblur = function()
-                    {
-                    this.focus();
-                    this.onblur = null;
-                    }
-                }
-            break;
-        case 13: // Ctrl-Enter
-        case 10: // Ctrl-Enter on IE PC
-        case 77: // Ctrl-Enter is "M" on some platforms
-            if(e.ctrlKey)
-                {
-                blurElement(this);
-                config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
-                consume = true;
-                }
-            break;
-        case 27: // Escape
-            blurElement(this);
-            config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
-            consume = true;
-            break;
-        }
-    e.cancelBubble = consume;
-    if(consume)
-        {
-        if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
-        e.returnValue = true; // Cancel The Event in IE
-        if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
-        }
-    return(!consume);
-};
-
-// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
-// or null if it found no edit field at all
-Story.prototype.getTiddlerField = function(title,field)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    var e = null;
-    if(tiddlerElem != null)
-        {
-        var children = tiddlerElem.getElementsByTagName("*");
-        for (var t=0; t<children.length; t++)
-            {
-            var c = children[t];
-            if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
-                {
-                if(!e)
-                    e = c;
-                if(c.getAttribute("edit") == field)
-                    e = c;
-                }
-            }
-        }
-    return e;
-}
-
-// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
-Story.prototype.focusTiddler = function(title,field)
-{
-    var e = this.getTiddlerField(title,field);
-    if(e)
-        {
-        e.focus();
-        e.select();
-        }
-}
-
-// Ensures that a specified tiddler does not have the focus
-Story.prototype.blurTiddler = function(title)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
-        {
-        tiddlerElem.focus();
-        tiddlerElem.blur();
-        }
-}
-
-// Adds a specified value to the edit controls (if any) of a particular
-// array-formatted field of a particular tiddler (eg "tags")
-//  title - name of tiddler
-//  tag - value of field, without any [[brackets]]
-//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
-//  field - name of field (eg "tags")
-Story.prototype.setTiddlerField = function(title,tag,mode,field)
-{
-    var c = story.getTiddlerField(title,field);
-
-    var tags = c.value.readBracketedList();
-    tags.setItem(tag,mode);
-    c.value = String.encodeTiddlyLinkList(tags);
-}
-
-// The same as setTiddlerField but preset to the "tags" field
-Story.prototype.setTiddlerTag = function(title,tag,mode)
-{
-    Story.prototype.setTiddlerField(title,tag,mode,"tags");
-}
-
-// Close a specified tiddler
-// title - name of tiddler to close
-// animate - whether to perform animations
-// slowly - whether to perform animations in slomo
-Story.prototype.closeTiddler = function(title,animate,slowly)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem != null)
-        {
-        clearMessage();
-        this.scrubTiddler(tiddlerElem);
-        if(anim && config.options.chkAnimate && animate)
-            anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
-        else
-            tiddlerElem.parentNode.removeChild(tiddlerElem);
-        }
-}
-
-// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
-// does not interfere with things
-// tiddler - reference to the tiddler element
-Story.prototype.scrubTiddler = function(tiddlerElem)
-{
-    tiddlerElem.id = null;
-}
-
-// Set the 'dirty' flag of a tiddler
-// title - title of tiddler to change
-// dirty - new boolean status of flag
-Story.prototype.setDirty = function(title,dirty)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem != null)
-        tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
-}
-
-// Is a particular tiddler dirty (with unsaved changes)?
-Story.prototype.isDirty = function(title)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem != null)
-        return tiddlerElem.getAttribute("dirty") == "true";
-    return null;
-}
-
-// Determine whether any open tiddler are dirty
-Story.prototype.areAnyDirty = function()
-{
-    var r = false;
-    this.forEachTiddler(function(title,element) {
-        if(this.isDirty(title))
-            r = true;
-        });
-    return r;
-}
-
-// Close all tiddlers in the story
-Story.prototype.closeAllTiddlers = function(exclude)
-{
-    clearMessage();
-    this.forEachTiddler(function(title,element) {
-        if((title != exclude) && element.getAttribute("dirty") != "true")
-            this.closeTiddler(title);
-        });
-    window.scrollTo(0,0);
-}
-
-// Check if there are any tiddlers in the story
-Story.prototype.isEmpty = function()
-{
-    var place = document.getElementById(this.container);
-    return(place && place.firstChild == null);
-}
-
-// Perform a search and display the result
-// text - text to search for
-// useCaseSensitive - true for case sensitive matching
-// useRegExp - true to interpret text as a RegExp
-Story.prototype.search = function(text,useCaseSensitive,useRegExp)
-{
-    this.closeAllTiddlers();
-    highlightHack = new RegExp(useRegExp ?   text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
-    var matches = store.search(highlightHack,"title","excludeSearch");
-    var titles = [];
-    for(var t=matches.length-1; t>=0; t--)
-        titles.push(matches[t].title);
-    this.displayTiddlers(null,titles);
-    highlightHack = null;
-    var q = useRegExp ? "/" : "'";
-    if(matches.length > 0)
-        displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
-    else
-        displayMessage(config.macros.search.failureMsg.format([q + text + q]));
-}
-
-// Determine if the specified element is within a tiddler in this story
-// e - reference to an element
-// returns: reference to a tiddler element or null if none
-Story.prototype.findContainingTiddler = function(e)
-{
-    while(e && !hasClass(e,"tiddler"))
-        e = e.parentNode;
-    return(e);
-}
-
-// Gather any saveable fields from a tiddler element
-// e - reference to an element to scan recursively
-// fields - object to contain gathered field values
-Story.prototype.gatherSaveFields = function(e,fields)
-{
-    if(e && e.getAttribute)
-        {
-        var f = e.getAttribute("edit");
-        if(f)
-            fields[f] = e.value.replace(/\r/mg,"");;
-        if(e.hasChildNodes())
-            {
-            var c = e.childNodes;
-            for(var t=0; t<c.length; t++)
-                this.gatherSaveFields(c[t],fields)
-            }
-        }
-}
-
-// Determine whether a tiddler has any edit fields, and if so if their values have been changed
-// title - name of tiddler
-Story.prototype.hasChanges = function(title)
-{
-    var e = document.getElementById(this.idPrefix + title);
-    if(e != null)
-        {
-        var fields = {};
-        this.gatherSaveFields(e,fields);
-        var tiddler = store.fetchTiddler(title);
-        if (!tiddler)
-            return false;
-        for(var n in fields)
-            if (store.getValue(title,n) != fields[n])
-                return true;
-        }
-    return false;
-}
-
-// Save any open edit fields of a tiddler and updates the display as necessary
-// title - name of tiddler
-// minorUpdate - true if the modified date shouldn't be updated
-// returns: title of saved tiddler, or null if not saved
-Story.prototype.saveTiddler = function(title,minorUpdate)
-{
-    var tiddlerElem = document.getElementById(this.idPrefix + title);
-    if(tiddlerElem != null)
-        {
-        var fields = {};
-        this.gatherSaveFields(tiddlerElem,fields);
-        var newTitle = fields.title ? fields.title : title;
-        if(store.tiddlerExists(newTitle) && newTitle != title)
-            {
-            if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
-                this.closeTiddler(newTitle,false,false);
-            else
-                return null;
-            }
-        tiddlerElem.id = this.idPrefix + newTitle;
-        tiddlerElem.setAttribute("tiddler",newTitle);
-        tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
-        tiddlerElem.setAttribute("dirty","false");
-        if(config.options.chkForceMinorUpdate)
-            minorUpdate = !minorUpdate;
-        var newDate = new Date();
-        store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
-        for (var n in fields)
-            if (!TiddlyWiki.isStandardField(n))
-                store.setValue(newTitle,n,fields[n]);
-        if(config.options.chkAutoSave)
-            saveChanges();
-        return newTitle;
-        }
-    return null;
-}
-
-Story.prototype.permaView = function()
-{
-    var links = [];
-    this.forEachTiddler(function(title,element) {
-        links.push(String.encodeTiddlyLink(title));
-        });
-    var t = encodeURIComponent(links.join(" "));
-    if(t == "")
-        t = "#";
-    if(window.location.hash != t)
-        window.location.hash = t;
-}
-
-// ---------------------------------------------------------------------------------
-// Message area
-// ---------------------------------------------------------------------------------
-
-function getMessageDiv()
-{
-    var msgArea = document.getElementById("messageArea");
-    if(!msgArea)
-        return null;
-    if(!msgArea.hasChildNodes())
-        createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
-            config.messages.messageClose.text,
-            config.messages.messageClose.tooltip,
-            clearMessage);
-    msgArea.style.display = "block";
-    return createTiddlyElement(msgArea,"div");
-}
-
-function displayMessage(text,linkText)
-{
-    var e = getMessageDiv();
-    if(!e)
-        {
-        alert(text);
-        return;
-        }
-    if(linkText)
-        {
-        var link = createTiddlyElement(e,"a",null,null,text);
-        link.href = linkText;
-        link.target = "_blank";
-        }
-    else
-        e.appendChild(document.createTextNode(text));
-}
-
-function clearMessage()
-{
-    var msgArea = document.getElementById("messageArea");
-    if(msgArea)
-        {
-        removeChildren(msgArea);
-        msgArea.style.display = "none";
-        }
-    return false;
-}
-
-// ---------------------------------------------------------------------------------
-// Refresh mechanism
-// ---------------------------------------------------------------------------------
-
-config.refreshers = {
-    link: function(e,changeList)
-        {
-        var title = e.getAttribute("tiddlyLink");
-        refreshTiddlyLink(e,title);
-        return true;
-        },
-
-    tiddler: function(e,changeList)
-        {
-        var title = e.getAttribute("tiddler");
-        var template = e.getAttribute("template");
-        if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
-            story.refreshTiddler(title,template,true);
-        else
-            refreshElements(e,changeList);
-        return true;
-        },
-
-    content: function(e,changeList)
-        {
-        var title = e.getAttribute("tiddler");
-        var force = e.getAttribute("force");
-        if(force != null || changeList == null || changeList.indexOf(title) != -1)
-            {
-            removeChildren(e);
-            wikify(store.getTiddlerText(title,title),e);
-            return true;
-            }
-        else
-            return false;
-        },
-
-    macro: function(e,changeList)
-        {
-        var macro = e.getAttribute("macroName");
-        var params = e.getAttribute("params");
-        if(macro)
-            macro = config.macros[macro];
-        if(macro && macro.refresh)
-            macro.refresh(e,params);
-        return true;
-        }
-};
-
-function refreshElements(root,changeList)
-{
-    var nodes = root.childNodes;
-    for(var c=0; c<nodes.length; c++)
-        {
-        var e = nodes[c],type;
-        if(e.getAttribute)
-            type = e.getAttribute("refresh");
-        else
-            type = null;
-        var refresher = config.refreshers[type];
-        var refreshed = false;
-        if(refresher != undefined)
-            refreshed = refresher(e,changeList);
-        if(e.hasChildNodes() && !refreshed)
-            refreshElements(e,changeList);
-        }
-}
-
-function applyHtmlMacros(root,tiddler)
-{
-    var e = root.firstChild;
-    while(e)
-        {
-        var nextChild = e.nextSibling;
-        if(e.getAttribute)
-            {
-            var macro = e.getAttribute("macro");
-            if(macro)
-                {
-                var params = "";
-                var p = macro.indexOf(" ");
-                if(p != -1)
-                    {
-                    params = macro.substr(p+1);
-                    macro = macro.substr(0,p);
-                    }
-                invokeMacro(e,macro,params,null,tiddler);
-                }
-            }
-        if(e.hasChildNodes())
-            applyHtmlMacros(e,tiddler);
-        e = nextChild;
-        }
-}
-
-function refreshPageTemplate(title)
-{
-    var stash = createTiddlyElement(document.body,"div");
-    stash.style.display = "none";
-    var display = document.getElementById("tiddlerDisplay");
-    var nodes,t;
-    if(display)
-        {
-        nodes = display.childNodes;
-        for(t=nodes.length-1; t>=0; t--)
-            stash.appendChild(nodes[t]);
-        }
-    var wrapper = document.getElementById("contentWrapper");
-    if(!title)
-        title = "PageTemplate";
-    var html = store.getRecursiveTiddlerText(title,null,10);
-    wrapper.innerHTML = html;
-    applyHtmlMacros(wrapper);
-    refreshElements(wrapper);
-    display = document.getElementById("tiddlerDisplay");
-    removeChildren(display);
-    if(!display)
-        display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
-    nodes = stash.childNodes;
-    for(t=nodes.length-1; t>=0; t--)
-        display.appendChild(nodes[t]);
-    stash.parentNode.removeChild(stash);
-}
-
-function refreshDisplay(hint)
-{
-    var e = document.getElementById("contentWrapper");
-    if(typeof hint == "string")
-        hint = [hint];
-    refreshElements(e,hint);
-}
-
-function refreshPageTitle()
-{
-    document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
-}
-
-function refreshStyles(title)
-{
-    setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
-}
-
-function refreshColorPalette(title)
-{
-    if(!startingUp)
-        refreshAll();
-}
-
-function refreshAll()
-{
-    refreshPageTemplate();
-    refreshDisplay();
-    refreshStyles("StyleSheetLayout");
-    refreshStyles("StyleSheetColors");
-    refreshStyles("StyleSheet");
-    refreshStyles("StyleSheetPrint");
-}
-
-// ---------------------------------------------------------------------------------
-// Options cookie stuff
-// ---------------------------------------------------------------------------------
-
-function loadOptionsCookie()
-{
-    if(safeMode)
-        return;
-    var cookies = document.cookie.split(";");
-    for(var c=0; c<cookies.length; c++)
-        {
-        var p = cookies[c].indexOf("=");
-        if(p != -1)
-            {
-            var name = cookies[c].substr(0,p).trim();
-            var value = cookies[c].substr(p+1).trim();
-            switch(name.substr(0,3))
-                {
-                case "txt":
-                    config.options[name] = unescape(value);
-                    break;
-                case "chk":
-                    config.options[name] = value == "true";
-                    break;
-                }
-            }
-        }
-}
-
-function saveOptionCookie(name)
-{
-    if(safeMode)
-        return;
-    var c = name + "=";
-    switch(name.substr(0,3))
-        {
-        case "txt":
-            c += escape(config.options[name].toString());
-            break;
-        case "chk":
-            c += config.options[name] ? "true" : "false";
-            break;
-        }
-    c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
-    document.cookie = c;
-}
-
-// ---------------------------------------------------------------------------------
-// Saving
-// ---------------------------------------------------------------------------------
-
-var saveUsingSafari = false;
-
-var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
-var endSaveArea = '</d' + 'iv>';
-
-// If there are unsaved changes, force the user to confirm before exitting
-function confirmExit()
-{
-    hadConfirmExit = true;
-    if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
-        return config.messages.confirmExit;
-}
-
-// Give the user a chance to save changes before exitting
-function checkUnsavedChanges()
-{
-    if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
-        {
-        if(confirm(config.messages.unsavedChangesWarning))
-            saveChanges();
-        }
-}
-
-function updateMarkupBlock(s,blockName,tiddlerName)
-{
-    return s.replaceChunk(
-            "<!--%0-START-->".format([blockName]),
-            "<!--%0-END-->".format([blockName]),
-            "\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
-}
-
-// Save this tiddlywiki with the pending changes
-function saveChanges(onlyIfDirty)
-{
-    if(onlyIfDirty && !store.isDirty())
-        return;
-    clearMessage();
-    // Get the URL of the document
-    var originalPath = document.location.toString();
-    // Check we were loaded from a file URL
-    if(originalPath.substr(0,5) != "file:")
-        {
-        alert(config.messages.notFileUrlError);
-        if(store.tiddlerExists(config.messages.saveInstructions))
-            story.displayTiddler(null,config.messages.saveInstructions);
-        return;
-        }
-    var localPath = getLocalPath(originalPath);
-    // Load the original file
-    var original = loadFile(localPath);
-    if(original == null)
-        {
-        alert(config.messages.cantSaveError);
-        if(store.tiddlerExists(config.messages.saveInstructions))
-            story.displayTiddler(null,config.messages.saveInstructions);
-        return;
-        }
-    // Locate the storeArea div's
-    var posOpeningDiv = original.indexOf(startSaveArea);
-    var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
-    var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
-    if((posOpeningDiv == -1) || (posClosingDiv == -1))
-        {
-        alert(config.messages.invalidFileError.format([localPath]));
-        return;
-        }
-    // Save the backup
-    if(config.options.chkSaveBackups)
-        {
-        var backupPath = getBackupPath(localPath);
-        var backup = saveFile(backupPath,original);
-        if(backup)
-            displayMessage(config.messages.backupSaved,"file://" + backupPath);
-        else
-            alert(config.messages.backupFailed);
-        }
-    // Save Rss
-    if(config.options.chkGenerateAnRssFeed)
-        {
-        var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
-        var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
-        if(rssSave)
-            displayMessage(config.messages.rssSaved,"file://" + rssPath);
-        else
-            alert(config.messages.rssFailed);
-        }
-    // Save empty template
-    if(config.options.chkSaveEmptyTemplate)
-        {
-        var emptyPath,p;
-        if((p = localPath.lastIndexOf("/")) != -1)
-            emptyPath = localPath.substr(0,p) + "/empty.html";
-        else if((p = localPath.lastIndexOf("\\")) != -1)
-            emptyPath = localPath.substr(0,p) + "\\empty.html";
-        else
-            emptyPath = localPath + ".empty.html";
-        var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
-        var emptySave = saveFile(emptyPath,empty);
-        if(emptySave)
-            displayMessage(config.messages.emptySaved,"file://" + emptyPath);
-        else
-            alert(config.messages.emptyFailed);
-        }
-    var save;
-    try
-        {
-        // Save new file
-        var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
-                    convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
-                    original.substr(posClosingDiv);
-        var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
-        revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
-        revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
-        revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
-        revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
-        revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
-        save = saveFile(localPath,revised);
-        }
-    catch (e)
-        {
-        showException(e);
-        }
-    if(save)
-        {
-        displayMessage(config.messages.mainSaved,"file://" + localPath);
-        store.setDirty(false);
-        }
-    else
-        alert(config.messages.mainFailed);
-}
-
-function getLocalPath(originalPath)
-{
-    // Remove any location or query part of the URL
-    var argPos = originalPath.indexOf("?");
-    if(argPos != -1)
-        originalPath = originalPath.substr(0,argPos);
-    var hashPos = originalPath.indexOf("#");
-    if(hashPos != -1)
-        originalPath = originalPath.substr(0,hashPos);
-    // Convert file://localhost/ to file:///
-    if(originalPath.indexOf("file://localhost/") == 0)
-        originalPath = "file://" + originalPath.substr(16);
-    // Convert to a native file format assuming
-    // "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
-    // "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
-    // "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
-    // "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
-    var localPath;
-    if(originalPath.charAt(9) == ":") // pc local file
-        localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
-    else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
-        localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
-    else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
-        localPath = unescape(originalPath.substr(7));
-    else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
-        localPath = unescape(originalPath.substr(5));
-    else // pc network file
-        localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
-    return localPath;
-}
-
-function getBackupPath(localPath)
-{
-    var backSlash = true;
-    var dirPathPos = localPath.lastIndexOf("\\");
-    if(dirPathPos == -1)
-        {
-        dirPathPos = localPath.lastIndexOf("/");
-        backSlash = false;
-        }
-    var backupFolder = config.options.txtBackupFolder;
-    if(!backupFolder || backupFolder == "")
-        backupFolder = ".";
-    var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
-    backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
-    return backupPath;
-}
-
-function generateRss()
-{
-    var s = [];
-    var d = new Date();
-    var u = store.getTiddlerText("SiteUrl");
-    // Assemble the header
-    s.push("<" + "?xml version=\"1.0\"?" + ">");
-    s.push("<rss version=\"2.0\">");
-    s.push("<channel>");
-    s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
-    if(u)
-        s.push("<link>" + u.htmlEncode() + "</link>");
-    s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
-    s.push("<language>en-us</language>");
-    s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
-    s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
-    s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
-    s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
-    s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
-    // The body
-    var tiddlers = store.getTiddlers("modified","excludeLists");
-    var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
-    for (var t=tiddlers.length-1; t>=n; t--)
-        s.push(tiddlers[t].saveToRss(u));
-    // And footer
-    s.push("</channel>");
-    s.push("</rss>");
-    // Save it all
-    return s.join("\n");
-}
-
-
-// UTF-8 encoding rules:
-// 0x0000 - 0x007F: 0xxxxxxx
-// 0x0080 - 0x07FF: 110xxxxx 10xxxxxx
-// 0x0800 - 0xFFFF: 1110xxxx 10xxxxxx 10xxxxxx
-
-function convertUTF8ToUnicode(u)
-{
-    if(window.netscape == undefined)
-        return manualConvertUTF8ToUnicode(u);
-    else
-        return mozConvertUTF8ToUnicode(u);
-}
-
-function manualConvertUTF8ToUnicode(utf)
-{
-    var uni = utf;
-    var src = 0;
-    var dst = 0;
-    var b1, b2, b3;
-    var c;
-    while(src < utf.length)
-        {
-        b1 = utf.charCodeAt(src++);
-        if(b1 < 0x80)
-            dst++;
-        else if(b1 < 0xE0)
-            {
-            b2 = utf.charCodeAt(src++);
-            c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
-            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-            }
-        else
-            {
-            b2 = utf.charCodeAt(src++);
-            b3 = utf.charCodeAt(src++);
-            c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
-            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
-            }
-    }
-    return(uni);
-}
-
-function mozConvertUTF8ToUnicode(u)
-{
-    try
-        {
-        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-        converter.charset = "UTF-8";
-        }
-    catch(e)
-        {
-        return manualConvertUTF8ToUnicode(u);
-        } // fallback
-    var s = converter.ConvertToUnicode(u);
-    var fin = converter.Finish();
-    return (fin.length > 0) ? s+fin : s;
-}
-
-function convertUnicodeToUTF8(s)
-{
-    if(window.netscape == undefined)
-        return manualConvertUnicodeToUTF8(s);
-    else
-        return mozConvertUnicodeToUTF8(s);
-}
-
-function manualConvertUnicodeToUTF8(s)
-{
-    var re = /[^\u0000-\u007F]/g ;
-    return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
-}
-
-function mozConvertUnicodeToUTF8(s)
-{
-    try
-        {
-        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
-        converter.charset = "UTF-8";
-        }
-    catch(e)
-        {
-        return manualConvertUnicodeToUTF8(s);
-        } // fallback
-    var u = converter.ConvertFromUnicode(s);
-    var fin = converter.Finish();
-    if(fin.length > 0)
-        return u + fin;
-    else
-        return u;
-}
-
-function saveFile(fileUrl, content)
-{
-    var r = null;
-    if((r == null) || (r == false))
-        r = mozillaSaveFile(fileUrl, content);
-    if((r == null) || (r == false))
-        r = ieSaveFile(fileUrl, content);
-    if((r == null) || (r == false))
-        r = javaSaveFile(fileUrl, content);
-    return(r);
-}
-
-function loadFile(fileUrl)
-{
-    var r = null;
-    if((r == null) || (r == false))
-        r = mozillaLoadFile(fileUrl);
-    if((r == null) || (r == false))
-        r = ieLoadFile(fileUrl);
-    if((r == null) || (r == false))
-        r = javaLoadFile(fileUrl);
-    return(r);
-}
-
-// Returns null if it can't do it, false if there's an error, true if it saved OK
-function ieSaveFile(filePath, content)
-{
-    try
-        {
-        var fso = new ActiveXObject("Scripting.FileSystemObject");
-        }
-    catch(e)
-        {
-        //alert("Exception while attempting to save\n\n" + e.toString());
-        return(null);
-        }
-    var file = fso.OpenTextFile(filePath,2,-1,0);
-    file.Write(content);
-    file.Close();
-    return(true);
-}
-
-// Returns null if it can't do it, false if there's an error, or a string of the content if successful
-function ieLoadFile(filePath)
-{
-    try
-        {
-        var fso = new ActiveXObject("Scripting.FileSystemObject");
-        var file = fso.OpenTextFile(filePath,1);
-        var content = file.ReadAll();
-        file.Close();
-        }
-    catch(e)
-        {
-        //alert("Exception while attempting to load\n\n" + e.toString());
-        return(null);
-        }
-    return(content);
-}
-
-// Returns null if it can't do it, false if there's an error, true if it saved OK
-function mozillaSaveFile(filePath, content)
-{
-    if(window.Components)
-        try
-            {
-            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-            file.initWithPath(filePath);
-            if (!file.exists())
-                file.create(0, 0664);
-            var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
-            out.init(file, 0x20 | 0x02, 00004,null);
-            out.write(content, content.length);
-            out.flush();
-            out.close();
-            return(true);
-            }
-        catch(e)
-            {
-            //alert("Exception while attempting to save\n\n" + e);
-            return(false);
-            }
-    return(null);
-}
-
-// Returns null if it can't do it, false if there's an error, or a string of the content if successful
-function mozillaLoadFile(filePath)
-{
-    if(window.Components)
-        try
-            {
-            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
-            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
-            file.initWithPath(filePath);
-            if (!file.exists())
-                return(null);
-            var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
-            inputStream.init(file, 0x01, 00004, null);
-            var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
-            sInputStream.init(inputStream);
-            return(sInputStream.read(sInputStream.available()));
-            }
-        catch(e)
-            {
-            //alert("Exception while attempting to load\n\n" + e);
-            return(false);
-            }
-    return(null);
-}
-
-function javaUrlToFilename(url)
-{
-    var f = "//localhost";
-    if(url.indexOf(f) == 0)
-        return url.substring(f.length);
-    var i = url.indexOf(":");
-    if(i > 0)
-        return url.substring(i-1);
-    return url;
-}
-
-function javaSaveFile(filePath, content)
-{
-    try
-        {
-        if(document.applets["TiddlySaver"])
-            return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
-        }
-    catch(e)
-        {
-        }
-    try
-        {
-        var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
-        s.print(content);
-        s.close();
-        }
-    catch(e)
-        {
-        return null;
-        }
-    return true;
-}
-
-function javaLoadFile(filePath)
-{
-    try
-        {
-    if(document.applets["TiddlySaver"])
-        return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
-        }
-    catch(e)
-        {
-        }
-    var content = [];
-    try
-        {
-        var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
-        var line;
-        while ((line = r.readLine()) != null)
-            content.push(new String(line));
-        r.close();
-        }
-    catch(e)
-        {
-        return null;
-        }
-    return content.join("\n");
-}
-
-
-// ---------------------------------------------------------------------------------
-// Remote HTTP requests
-// ---------------------------------------------------------------------------------
-
-// Load a file over http
-//   url - the source url
-//   callback - function to call when there's a response
-//   params - parameter object that gets passed to the callback for storing it's state
-// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
-// Callback function is called like this:
-//   callback(status,params,responseText,xhr)
-//     status - true if OK, false if error
-//     params - the parameter object provided to loadRemoteFile()
-//     responseText - the text of the file
-//     xhr - the underlying XMLHttpRequest object
-function loadRemoteFile(url,callback,params)
-{
-    // Get an xhr object
-    var x;
-    try
-        {
-        x = new XMLHttpRequest(); // Modern
-        }
-    catch(e)
-        {
-        try
-            {
-            x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
-            }
-        catch (e)
-            {
-            return null;
-            }
-        }
-    // Install callback
-    x.onreadystatechange = function()
-        {
-        if (x.readyState == 4)
-            {
-            if ((x.status == 0 || x.status == 200) && callback)
-                {
-                callback(true,params,x.responseText,url,x);
-            }
-            else
-                callback(false,params,null,url,x);
-            }
-        }
-    // Send request
-    if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
-        window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
-    try
-        {
-        url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
-        x.open("GET",url,true);
-        if (x.overrideMimeType)
-            x.overrideMimeType("text/html");
-        x.send(null);
-        }
-    catch (e)
-        {
-        alert("Error in send " + e);
-        return null;
-        }
-    return x;
-}
-// ---------------------------------------------------------------------------------
-// TiddlyWiki-specific utility functions
-// ---------------------------------------------------------------------------------
-
-function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
-{
-    var theButton = document.createElement("a");
-    if(theAction)
-        {
-        theButton.onclick = theAction;
-        theButton.setAttribute("href","javascript:;");
-        }
-    if(theTooltip)
-        theButton.setAttribute("title",theTooltip);
-    if(theText)
-        theButton.appendChild(document.createTextNode(theText));
-    if(theClass)
-        theButton.className = theClass;
-    else
-        theButton.className = "button";
-    if(theId)
-        theButton.id = theId;
-    if(theParent)
-        theParent.appendChild(theButton);
-    if(theAccessKey)
-        theButton.setAttribute("accessKey",theAccessKey);
-    return(theButton);
-}
-
-function createTiddlyLink(place,title,includeText,theClass,isStatic)
-{
-    var text = includeText ? title : null;
-    var i = getTiddlyLinkInfo(title,theClass)
-    var btn;
-    if(isStatic)
-        btn = createExternalLink(place,"#" + title);
-    else
-        btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
-    btn.setAttribute("refresh","link");
-    btn.setAttribute("tiddlyLink",title);
-    return(btn);
-}
-
-function refreshTiddlyLink(e,title)
-{
-    var i = getTiddlyLinkInfo(title,e.className);
-    e.className = i.classes;
-    e.title = i.subTitle;
-}
-
-function getTiddlyLinkInfo(title,currClasses)
-{
-    var classes = currClasses ? currClasses.split(" ") : [];
-    classes.pushUnique("tiddlyLink");
-    var tiddler = store.fetchTiddler(title);
-    var subTitle;
-    if(tiddler)
-        {
-        subTitle = tiddler.getSubtitle();
-        classes.pushUnique("tiddlyLinkExisting");
-        classes.remove("tiddlyLinkNonExisting");
-        classes.remove("shadow");
-        }
-    else
-        {
-        classes.remove("tiddlyLinkExisting");
-        classes.pushUnique("tiddlyLinkNonExisting");
-        if(store.isShadowTiddler(title))
-            {
-            subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
-            classes.pushUnique("shadow");
-            }
-        else
-            {
-            subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
-            classes.remove("shadow");
-            }
-        }
-    return {classes: classes.join(" "), subTitle: subTitle};
-}
-
-function createExternalLink(place,url)
-{
-    var theLink = document.createElement("a");
-    theLink.className = "externalLink";
-    theLink.href = url;
-    theLink.title = config.messages.externalLinkTooltip.format([url]);
-    if(config.options.chkOpenInNewWindow)
-        theLink.target = "_blank";
-    place.appendChild(theLink);
-    return(theLink);
-}
-
-// Event handler for clicking on a tiddly link
-function onClickTiddlerLink(e)
-{
-    if (!e) var e = window.event;
-    var theTarget = resolveTarget(e);
-    var theLink = theTarget;
-    var title = null;
-    do {
-        title = theLink.getAttribute("tiddlyLink");
-        theLink = theLink.parentNode;
-    } while(title == null && theLink != null);
-    if(title)
-        {
-        var toggling = e.metaKey || e.ctrlKey;
-        if(config.options.chkToggleLinks)
-            toggling = !toggling;
-        var opening;
-        if(toggling && document.getElementById("tiddler" + title))
-            story.closeTiddler(title,true,e.shiftKey || e.altKey);
-        else
-            story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
-        }
-    clearMessage();
-    return(false);
-}
-
-// Create a button for a tag with a popup listing all the tiddlers that it tags
-function createTagButton(place,tag,excludeTiddler)
-{
-    var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
-    theTag.setAttribute("tag",tag);
-    if(excludeTiddler)
-        theTag.setAttribute("tiddler",excludeTiddler);
-    return(theTag);
-}
-
-// Event handler for clicking on a tiddler tag
-function onClickTag(e)
-{
-    if (!e) var e = window.event;
-    var theTarget = resolveTarget(e);
-    var popup = Popup.create(this);
-    var tag = this.getAttribute("tag");
-    var title = this.getAttribute("tiddler");
-    if(popup && tag)
-        {
-        var tagged = store.getTaggedTiddlers(tag);
-        var titles = [];
-        var li,r;
-        for(r=0;r<tagged.length;r++)
-            if(tagged[r].title != title)
-                titles.push(tagged[r].title);
-        var lingo = config.views.wikified.tag;
-        if(titles.length > 0)
-            {
-            var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
-            openAll.setAttribute("tag",tag);
-            createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-            for(r=0; r<titles.length; r++)
-                {
-                createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
-                }
-            }
-        else
-            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
-        createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
-        var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
-        createTiddlyText(h,lingo.openTag.format([tag]));
-        }
-    Popup.show(popup,false);
-    e.cancelBubble = true;
-    if (e.stopPropagation) e.stopPropagation();
-    return(false);
-}
-
-// Event handler for 'open all' on a tiddler popup
-function onClickTagOpenAll(e)
-{
-    if (!e) var e = window.event;
-    var tag = this.getAttribute("tag");
-    var tagged = store.getTaggedTiddlers(tag);
-    var titles = [];
-    for(var t=0; t<tagged.length; t++)
-        titles.push(tagged[t].title);
-    story.displayTiddlers(this,titles);
-    return(false);
-}
-
-function onClickError(e)
-{
-    if (!e) var e = window.event;
-    var popup = Popup.create(this);
-    var lines = this.getAttribute("errorText").split("\n");
-    for(var t=0; t<lines.length; t++)
-        createTiddlyElement(popup,"li",null,null,lines[t]);
-    Popup.show(popup,false);
-    e.cancelBubble = true;
-    if (e.stopPropagation) e.stopPropagation();
-    return false;
-}
-
-function createTiddlyDropDown(place,onchange,options)
-{
-    var sel = createTiddlyElement(place,"select");
-    sel.onchange = onchange;
-    for(var t=0; t<options.length; t++)
-        {
-        var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
-        e.value = options[t].name;
-        }
-}
-
-function createTiddlyError(place,title,text)
-{
-    var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
-    if (text) btn.setAttribute("errorText",text);
-}
-
-function merge(dst,src,preserveExisting)
-{
-    for (p in src)
-        if (!preserveExisting || dst[p] === undefined)
-            dst[p] = src[p];
-    return dst;
-}
-
-// Returns a string containing the description of an exception, optionally prepended by a message
-function exceptionText(e, message)
-{
-    var s = e.description ? e.description : e.toString();
-    return message ? "%0:\n%1".format([message, s]) : s;
-}
-
-// Displays an alert of an exception description with optional message
-function showException(e, message)
-{
-    alert(exceptionText(e, message));
-}
-
-// ---------------------------------------------------------------------------------
-// Animation engine
-// ---------------------------------------------------------------------------------
-
-function Animator()
-{
-    this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
-    this.timerID = 0; // ID of the timer used for animating
-    this.animations = []; // List of animations in progress
-    return this;
-}
-
-// Start animation engine
-Animator.prototype.startAnimating = function() // Variable number of arguments
-{
-    for(var t=0; t<arguments.length; t++)
-        this.animations.push(arguments[t]);
-    if(this.running == 0)
-        {
-        var me = this;
-        this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
-        }
-    this.running += arguments.length;
-}
-
-// Perform an animation engine tick, calling each of the known animation modules
-Animator.prototype.doAnimate = function(me)
-{
-    var a = 0;
-    while(a < me.animations.length)
-        {
-        var animation = me.animations[a];
-        if(animation.tick())
-            a++;
-        else
-            {
-            me.animations.splice(a,1);
-            if(--me.running == 0)
-                window.clearInterval(me.timerID);
-            }
-        }
-}
-
-// Map a 0..1 value to 0..1, but slow down at the start and end
-Animator.slowInSlowOut = function(progress)
-{
-    return(1-((Math.cos(progress * Math.PI)+1)/2));
-}
-
-// ---------------------------------------------------------------------------------
-// Cascade animation
-// ---------------------------------------------------------------------------------
-
-function Cascade(text,startElement,targetElement,slowly)
-{
-    var winWidth = findWindowWidth();
-    var winHeight = findWindowHeight();
-    this.elements = [];
-    this.startElement = startElement;
-    this.startLeft = findPosX(this.startElement);
-    this.startTop = findPosY(this.startElement);
-    this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
-    this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
-    this.targetElement = targetElement;
-    targetElement.style.position = "relative";
-    targetElement.style.zIndex = 2;
-    this.targetLeft = findPosX(this.targetElement);
-    this.targetTop = findPosY(this.targetElement);
-    this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
-    this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
-    this.progress = -1;
-    this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
-    this.text = text;
-    this.tick();
-    return this;
-}
-
-Cascade.prototype.tick = function()
-{
-    this.progress++;
-    if(this.progress >= this.steps)
-        {
-        while(this.elements.length > 0)
-            this.removeTail();
-        this.targetElement.style.position = "static";
-        this.targetElement.style.zIndex = "";
-        return false;
-        }
-    else
-        {
-        if(this.elements.length > 0 && this.progress > config.cascadeDepth)
-            this.removeTail();
-        if(this.progress < (this.steps - config.cascadeDepth))
-            {
-            var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
-            var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
-            e.style.zIndex = 1;
-            e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
-            e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
-            e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
-            e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
-            e.style.display = "block";
-            this.elements.push(e);
-            }
-        return true;
-        }
-}
-
-Cascade.prototype.removeTail = function()
-{
-    var e = this.elements[0];
-    e.parentNode.removeChild(e);
-    this.elements.shift();
-}
-
-// ---------------------------------------------------------------------------------
-// Scroller animation
-// ---------------------------------------------------------------------------------
-
-function Scroller(targetElement,slowly)
-{
-    this.targetElement = targetElement;
-    this.startScroll = findScrollY();
-    this.targetScroll = ensureVisible(targetElement);
-    this.progress = 0;
-    this.step = slowly ? config.animSlow : config.animFast;
-    return this;
-}
-
-Scroller.prototype.tick = function()
-{
-    this.progress += this.step;
-    if(this.progress > 1)
-        {
-        window.scrollTo(0,this.targetScroll);
-        return false;
-        }
-    else
-        {
-        var f = Animator.slowInSlowOut(this.progress);
-        window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
-        return true;
-        }
-}
-
-// ---------------------------------------------------------------------------------
-// Slider animation
-// ---------------------------------------------------------------------------------
-
-// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
-function Slider(element,opening,slowly,deleteMode)
-{
-    this.element = element;
-    element.style.display = "block";
-    this.deleteMode = deleteMode;
-    this.element.style.height = "auto";
-    this.realHeight = element.offsetHeight;
-    this.opening = opening;
-    this.step = slowly ? config.animSlow : config.animFast;
-    if(opening)
-        {
-        this.progress = 0;
-        element.style.height = "0px";
-        element.style.display = "block";
-        }
-    else
-        {
-        this.progress = 1;
-        this.step = -this.step;
-        }
-    element.style.overflow = "hidden";
-    return this;
-}
-
-Slider.prototype.stop = function()
-{
-    if(this.opening)
-        {
-        this.element.style.height = "auto";
-        this.element.style.opacity = 1;
-        this.element.style.filter = "alpha(opacity:100)";
-        }
-    else
-        {
-        switch(this.deleteMode)
-            {
-            case "none":
-                this.element.style.display = "none";
-                break;
-            case "all":
-                this.element.parentNode.removeChild(this.element);
-                break;
-            case "children":
-                removeChildren(this.element);
-                break;
-            }
-        }
-}
-
-Slider.prototype.tick = function()
-{
-    this.progress += this.step;
-    if(this.progress < 0 || this.progress > 1)
-        {
-        this.stop();
-        return false;
-        }
-    else
-        {
-        var f = Animator.slowInSlowOut(this.progress);
-        var h = this.realHeight * f;
-        this.element.style.height = h + "px";
-        this.element.style.opacity = f;
-        this.element.style.filter = "alpha(opacity:" + f * 100 +")";
-        return true;
-        }
-}
-
-// ---------------------------------------------------------------------------------
-// Popup menu
-// ---------------------------------------------------------------------------------
-
-var Popup = {
-    stack: [] // Array of objects with members root: and popup:
-    };
-
-Popup.create = function(root)
-{
-    Popup.remove();
-    var popup = createTiddlyElement(document.body,"ol","popup","popup");
-    Popup.stack.push({root: root, popup: popup});
-    return popup;
-}
-
-Popup.onDocumentClick = function(e)
-{
-    if (!e) var e = window.event;
-    var target = resolveTarget(e);
-    if(e.eventPhase == undefined)
-        Popup.remove();
-    else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
-        Popup.remove();
-    return true;
-}
-
-Popup.show = function(unused,slowly)
-{
-    var curr = Popup.stack[Popup.stack.length-1];
-    var rootLeft = findPosX(curr.root);
-    var rootTop = findPosY(curr.root);
-    var rootHeight = curr.root.offsetHeight;
-    var popupLeft = rootLeft;
-    var popupTop = rootTop + rootHeight;
-    var popupWidth = curr.popup.offsetWidth;
-    var winWidth = findWindowWidth();
-    if(popupLeft + popupWidth > winWidth)
-        popupLeft = winWidth - popupWidth;
-    curr.popup.style.left = popupLeft + "px";
-    curr.popup.style.top = popupTop + "px";
-    curr.popup.style.display = "block";
-    addClass(curr.root,"highlight");
-    if(anim && config.options.chkAnimate)
-        anim.startAnimating(new Scroller(curr.popup,slowly));
-    else
-        window.scrollTo(0,ensureVisible(curr.popup));
-}
-
-Popup.remove = function()
-{
-    if(Popup.stack.length > 0)
-        {
-        Popup.removeFrom(0);
-        }
-}
-
-Popup.removeFrom = function(from)
-{
-    for(var t=Popup.stack.length-1; t>=from; t--)
-        {
-        var p = Popup.stack[t];
-        removeClass(p.root,"highlight");
-        p.popup.parentNode.removeChild(p.popup);
-        }
-    Popup.stack = Popup.stack.slice(0,from);
-}
-
-// ---------------------------------------------------------------------------------
-// ListView gadget
-// ---------------------------------------------------------------------------------
-
-var ListView = {};
-
-// Create a listview
-//   place - where in the DOM tree to insert the listview
-//   listObject - array of objects to be included in the listview
-//   listTemplate - template for the listview
-//   callback - callback for a command being selected
-//   className - optional classname for the <table> element
-ListView.create = function(place,listObject,listTemplate,callback,className)
-{
-    var table = createTiddlyElement(place,"table",null,className ? className : "listView");
-    var thead = createTiddlyElement(table,"thead");
-    var r = createTiddlyElement(thead,"tr");
-    for(var t=0; t<listTemplate.columns.length; t++)
-        {
-        var columnTemplate = listTemplate.columns[t];
-        var c = createTiddlyElement(r,"th");
-        var colType = ListView.columnTypes[columnTemplate.type];
-        if(colType && colType.createHeader)
-            colType.createHeader(c,columnTemplate,t);
-        }
-    var tbody = createTiddlyElement(table,"tbody");
-    for(var rc=0; rc<listObject.length; rc++)
-        {
-        rowObject = listObject[rc];
-        r = createTiddlyElement(tbody,"tr");
-        for(var c=0; c<listTemplate.rowClasses.length; c++)
-            {
-            if(rowObject[listTemplate.rowClasses[c].field])
-                addClass(r,listTemplate.rowClasses[c].className);
-            }
-        rowObject.rowElement = rowObject;
-        rowObject.colElements = {};
-        for(var cc=0; cc<listTemplate.columns.length; cc++)
-            {
-            var c = createTiddlyElement(r,"td");
-            var columnTemplate = listTemplate.columns[cc];
-            var field = columnTemplate.field;
-            var colType = ListView.columnTypes[columnTemplate.type];
-            if(colType && colType.createItem)
-                colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
-            rowObject.colElements[field] = c;
-            }
-        }
-    if(callback && listTemplate.actions)
-        createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
-    if(callback && listTemplate.buttons)
-        {
-        for(t=0; t<listTemplate.buttons.length; t++)
-            {
-            var a = listTemplate.buttons[t];
-            if(a && a.name != "")
-                createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
-            }
-        }
-    return table;
-}
-
-ListView.getCommandHandler = function(callback,name,allowEmptySelection)
-{
-    return function(e)
-        {
-        var view = findRelated(this,"TABLE",null,"previousSibling");
-        var tiddlers = [];
-        ListView.forEachSelector(view,function(e,rowName) {
-                    if(e.checked)
-                        tiddlers.push(rowName);
-                    });
-        if(tiddlers.length == 0 && !allowEmptySelection)
-            alert(config.messages.nothingSelected);
-        else
-            {
-            if(this.nodeName.toLowerCase() == "select")
-                {
-                callback(view,this.value,tiddlers);
-                this.selectedIndex = 0;
-                }
-            else
-                callback(view,name,tiddlers);
-            }
-        };
-}
-
-// Invoke a callback for each selector checkbox in the listview
-//   view - <table> element of listView
-//   callback(checkboxElement,rowName)
-//     where
-//       checkboxElement - DOM element of checkbox
-//       rowName - name of this row as assigned by the column template
-//   result: true if at least one selector was checked
-ListView.forEachSelector = function(view,callback)
-{
-    var checkboxes = view.getElementsByTagName("input");
-    var hadOne = false;
-    for(var t=0; t<checkboxes.length; t++)
-        {
-        var cb = checkboxes[t];
-        if(cb.getAttribute("type") == "checkbox")
-            {
-            var rn = cb.getAttribute("rowName");
-            if(rn)
-                {
-                callback(cb,rn);
-                hadOne = true;
-                }
-            }
-        }
-    return hadOne;
-}
-
-ListView.columnTypes = {};
-
-ListView.columnTypes.String = {
-    createHeader: function(place,columnTemplate,col)
-        {
-            createTiddlyText(place,columnTemplate.title);
-        },
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var v = listObject[field];
-            if(v != undefined)
-                createTiddlyText(place,v);
-        }
-};
-
-ListView.columnTypes.Date = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var v = listObject[field];
-            if(v != undefined)
-                createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
-        }
-};
-
-ListView.columnTypes.StringList = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var v = listObject[field];
-            if(v != undefined)
-                {
-                for(var t=0; t<v.length; t++)
-                    {
-                    createTiddlyText(place,v[t]);
-                    createTiddlyElement(place,"br");
-                    }
-                }
-        }
-};
-
-ListView.columnTypes.Selector = {
-    createHeader: function(place,columnTemplate,col)
-        {
-            createTiddlyCheckbox(place,null,false,this.onHeaderChange);
-        },
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var e = createTiddlyCheckbox(place,null,listObject[field],null);
-            e.setAttribute("rowName",listObject[columnTemplate.rowName]);
-        },
-    onHeaderChange: function(e)
-        {
-            var state = this.checked;
-            var view = findRelated(this,"TABLE");
-            if(!view)
-                return;
-            ListView.forEachSelector(view,function(e,rowName) {
-                                e.checked = state;
-                            });
-        }
-};
-
-ListView.columnTypes.Tags = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var tags = listObject[field];
-            createTiddlyText(place,String.encodeTiddlyLinkList(tags));
-        }
-};
-
-ListView.columnTypes.Boolean = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            if(listObject[field] == true)
-                createTiddlyText(place,columnTemplate.trueText);
-            if(listObject[field] == false)
-                createTiddlyText(place,columnTemplate.falseText);
-        }
-};
-
-ListView.columnTypes.TagCheckbox = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
-            e.setAttribute("tiddler",listObject.title);
-            e.setAttribute("tag",columnTemplate.tag);
-        },
-    onChange : function(e)
-        {
-            var tag = this.getAttribute("tag");
-            var tiddler = this.getAttribute("tiddler");
-            store.setTiddlerTag(tiddler,this.checked,tag);
-        }
-};
-
-ListView.columnTypes.TiddlerLink = {
-    createHeader: ListView.columnTypes.String.createHeader,
-    createItem: function(place,listObject,field,columnTemplate,col,row)
-        {
-            var v = listObject[field];
-            if(v != undefined)
-                {
-                var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
-                createTiddlyText(link,listObject[field]);
-                }
-        }
-};
-// ---------------------------------------------------------------------------------
-// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
-// ---------------------------------------------------------------------------------
-
-// Clamp a number to a range
-Number.prototype.clamp = function(min,max)
-{
-    var c = this;
-    if(c < min)
-        c = min;
-    if(c > max)
-        c = max;
-    return c;
-}
-
-// Add indexOf function if browser does not support it
-if(!Array.indexOf) {
-Array.prototype.indexOf = function(item,from)
-{
-    if(!from)
-        from = 0;
-    for(var i=from; i<this.length; i++)
-        if(this[i] === item)
-            return i;
-    return -1;
-}}
-
-// Find an entry in a given field of the members of an array
-Array.prototype.findByField = function(field,value)
-{
-    for(var t=0; t<this.length; t++)
-        if(this[t][field] == value)
-            return t;
-    return null;
-}
-
-// Return whether an entry exists in an array
-Array.prototype.contains = function(item)
-{
-    return this.indexOf(item) != -1;
-};
-
-// Adds, removes or toggles a particular value within an array
-//  value - value to add
-//  mode - +1 to add value, -1 to remove value, 0 to toggle it
-Array.prototype.setItem = function(value,mode)
-{
-    var p = this.indexOf(value);
-    if(mode == 0)
-        mode = (p == -1) ? +1 : -1;
-    if(mode == +1)
-        {
-        if(p == -1)
-            this.push(value);
-        }
-    else if(mode == -1)
-        {
-        if(p != -1)
-            this.splice(p,1);
-        }
-}
-
-// Return whether one of a list of values exists in an array
-Array.prototype.containsAny = function(items)
-{
-    for(var i=0; i<items.length; i++)
-        if (this.indexOf(items[i]) != -1)
-            return true;
-    return false;
-};
-
-// Return whether all of a list of values exists in an array
-Array.prototype.containsAll = function(items)
-{
-    for (var i = 0; i<items.length; i++)
-        if (this.indexOf(items[i]) == -1)
-            return false;
-    return true;
-};
-
-// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
-Array.prototype.pushUnique = function(item,unique)
-{
-    if(unique != undefined && unique == false)
-        this.push(item);
-    else
-        {
-        if(this.indexOf(item) == -1)
-            this.push(item);
-        }
-}
-
-Array.prototype.remove = function(item)
-{
-    var p = this.indexOf(item);
-    if(p != -1)
-        this.splice(p,1);
-}
-
-// Get characters from the right end of a string
-String.prototype.right = function(n)
-{
-    if(n < this.length)
-        return this.slice(this.length-n);
-    else
-        return this;
-}
-
-// Trim whitespace from both ends of a string
-String.prototype.trim = function()
-{
-    return this.replace(/^\s*|\s*$/g,"");
-}
-
-// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
-String.prototype.unDash = function()
-{
-    var s = this.split("-");
-    if(s.length > 1)
-        for(var t=1; t<s.length; t++)
-            s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
-    return s.join("");
-}
-
-// Substitute substrings from an array into a format string that includes '%1'-type specifiers
-String.prototype.format = function(substrings)
-{
-    var subRegExp = /(?:%(\d+))/mg;
-    var currPos = 0;
-    var r = [];
-    do {
-        var match = subRegExp.exec(this);
-        if(match && match[1])
-            {
-            if(match.index > currPos)
-                r.push(this.substring(currPos,match.index));
-            r.push(substrings[parseInt(match[1])]);
-            currPos = subRegExp.lastIndex;
-            }
-    } while(match);
-    if(currPos < this.length)
-        r.push(this.substring(currPos,this.length));
-    return r.join("");
-}
-
-// Escape any special RegExp characters with that character preceded by a backslash
-String.prototype.escapeRegExp = function()
-{
-    var s = "\\^$*+?()=!|,{}[].";
-    var c = this;
-    for(var t=0; t<s.length; t++)
-        c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
-    return c;
-}
-
-// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
-String.prototype.escapeLineBreaks = function()
-{
-    return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
-}
-
-// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
-String.prototype.unescapeLineBreaks = function()
-{
-    return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
-}
-
-// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
-String.prototype.htmlEncode = function()
-{
-    return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
-}
-
-// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
-String.prototype.htmlDecode = function()
-{
-    return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
-}
-
-// Parse a space-separated string of name:value parameters where:
-//   - the name or the value can be optional (in which case separate defaults are used instead)
-//     - in case of ambiguity, a lone word is taken to be a value
-//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
-//     - name prefixes are not allowed if the 'noNames' parameter is true
-//   - if both the name and value are present they must be separated by a colon
-//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
-//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
-//     - as long as the 'allowEval' parameter is true
-// The result is an array of objects:
-//   result[0] = object with a member for each parameter name, value of that member being an array of values
-//   result[1..n] = one object for each parameter, with 'name' and 'value' members
-String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
-{
-    var parseToken = function(match,p)
-        {
-        var n;
-        if(match[p]) // Double quoted
-            n = match[p];
-        else if(match[p+1]) // Single quoted
-            n = match[p+1];
-        else if(match[p+2]) // Double-square-bracket quoted
-            n = match[p+2];
-        else if(match[p+3]) // Double-brace quoted
-            try
-                {
-                n = match[p+3];
-                if(allowEval)
-                    n = window.eval(n);
-                }
-            catch(e)
-                {
-                throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
-                }
-        else if(match[p+4]) // Unquoted
-            n = match[p+4];
-        else if(match[p+5]) // empty quote
-            n = "";
-        return n;
-        };
-    var r = [{}];
-    var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
-    var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
-    var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
-    var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
-    var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
-    var emptyQuote = "((?:\"\")|(?:''))";
-    var skipSpace = "(?:\\s*)";
-    var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
-    var re = noNames
-        ? new RegExp(token,"mg")
-        : new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
-    var params = [];
-    do {
-        var match = re.exec(this);
-        if(match)
-            {
-            var n = parseToken(match,1);
-            if(noNames)
-                r.push({name: "", value: n});
-            else
-                {
-                var v = parseToken(match,8);
-                if(v == null && defaultName)
-                    {
-                    v = n;
-                    n = defaultName;
-                    }
-                else if(v == null && defaultValue)
-                    v = defaultValue;
-                r.push({name: n, value: v});
-                if(cascadeDefaults)
-                    {
-                    defaultName = n;
-                    defaultValue = v;
-                    }
-                }
-            }
-    } while(match);
-    // Summarise parameters into first element
-    for(var t=1; t<r.length; t++)
-        {
-        if(r[0][r[t].name])
-            r[0][r[t].name].push(r[t].value);
-        else
-            r[0][r[t].name] = [r[t].value];
-        }
-    return r;
-}
-
-// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
-// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
-// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
-String.prototype.readMacroParams = function()
-{
-    var p = this.parseParams("list",null,true,true);
-    var n = [];
-    for(var t=1; t<p.length; t++)
-        n.push(p[t].value);
-    return n;
-}
-
-// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
-String.prototype.readBracketedList = function(unique)
-{
-    var p = this.parseParams("list",null,false,true);
-    var n = [];
-    for(var t=1; t<p.length; t++)
-        n.pushUnique(p[t].value,unique);
-    return n;
-}
-
-// Returns array with start and end index of chunk between given start and end marker, or undefined.
-String.prototype.getChunkRange = function(start,end)
-{
-    var s = this.indexOf(start);
-    if(s != -1)
-        {
-        s += start.length;
-        var e = this.indexOf(end,s);
-        if(e != -1)
-            return [s, e];
-        }
-}
-
-// Replace a chunk of a string given start and end markers
-String.prototype.replaceChunk = function(start,end,sub)
-{
-    var r = this.getChunkRange(start,end);
-    return r
-        ? this.substring(0,r[0]) + sub + this.substring(r[1])
-        : this;
-}
-
-// Returns a chunk of a string between start and end markers, or undefined
-String.prototype.getChunk = function(start,end)
-{
-    var r = this.getChunkRange(start,end);
-    if (r)
-        return this.substring(r[0],r[1]);
-}
-
-
-// Static method to bracket a string with double square brackets if it contains a space
-String.encodeTiddlyLink = function(title)
-{
-    if(title.indexOf(" ") == -1)
-        return(title);
-    else
-        return("[[" + title + "]]");
-}
-
-// Static method to encodeTiddlyLink for every item in an array and join them with spaces
-String.encodeTiddlyLinkList = function(list)
-{
-    if(list)
-        {
-        var results = [];
-        for(var t=0; t<list.length; t++)
-            results.push(String.encodeTiddlyLink(list[t]));
-        return results.join(" ");
-        }
-    else
-        return "";
-}
-
-// Static method to left-pad a string with 0s to a certain width
-String.zeroPad = function(n,d)
-{
-    var s = n.toString();
-    if(s.length < d)
-        s = "000000000000000000000000000".substr(0,d-s.length) + s;
-    return(s);
-}
-
-String.prototype.startsWith = function(prefix)
-{
-    return !prefix || this.substring(0,prefix.length) == prefix;
-}
-
-// Returns the first value of the given named parameter.
-//#
-//# @param params
-//#         as returned by parseParams or null/undefined
-//# @return [may be null/undefined]
-//#
-function getParam(params, name, defaultValue) {
-    if (!params)
-        return defaultValue;
-    var p = params[0][name];
-    return p ? p[0] : defaultValue;
-}
-
-// Returns the first value of the given boolean named parameter.
-//#
-//# @param params
-//#         as returned by parseParams or null/undefined
-//#
-function getFlag(params, name, defaultValue) {
-    return !!getParam(params, name, defaultValue);
-}
-
-// Substitute date components into a string
-Date.prototype.formatString = function(template)
-{
-    var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
-    t = t.replace(/hh12/g,this.getHours12());
-    t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
-    t = t.replace(/hh/g,this.getHours());
-    t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
-    t = t.replace(/mm/g,this.getMinutes());
-    t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
-    t = t.replace(/ss/g,this.getSeconds());
-    t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
-    t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
-    t = t.replace(/wYYYY/g,this.getYearForWeekNo());
-    t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
-    t = t.replace(/YYYY/g,this.getFullYear());
-    t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
-    t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
-    t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
-    t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
-    t = t.replace(/MM/g,this.getMonth()+1);
-    t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
-    t = t.replace(/WW/g,this.getWeek());
-    t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
-    t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
-    t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
-    t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
-    t = t.replace(/DD/g,this.getDate());
-    return t;
-}
-
-Date.prototype.getWeek = function()
-{
-    var dt = new Date(this.getTime());
-    var d = dt.getDay();
-    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
-    var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000);
-    return Math.floor(n/7)+1;
-}
-
-Date.prototype.getYearForWeekNo = function()
-{
-    var dt = new Date(this.getTime());
-    var d = dt.getDay();
-    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
-    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
-    return dt.getFullYear();
-}
-
-Date.prototype.getHours12 = function()
-{
-    var h = this.getHours();
-    return h > 12 ? h-12 : ( h > 0 ? h : 12 );
-}
-
-Date.prototype.getAmPm = function()
-{
-    return this.getHours() >= 12 ? "pm" : "am";
-}
-
-Date.prototype.daySuffix = function()
-{
-    var num = this.getDate();
-    if (num >= 11 && num <= 13) return "th";
-    else if (num.toString().substr(-1)=="1") return "st";
-    else if (num.toString().substr(-1)=="2") return "nd";
-    else if (num.toString().substr(-1)=="3") return "rd";
-    return "th";
-}
-
-// Convert a date to local YYYYMMDDHHMM string format
-Date.prototype.convertToLocalYYYYMMDDHHMM = function()
-{
-    return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
-}
-
-// Convert a date to UTC YYYYMMDDHHMM string format
-Date.prototype.convertToYYYYMMDDHHMM = function()
-{
-    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
-}
-
-// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
-Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
-{
-    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
-}
-
-// Static method to create a date from a UTC YYYYMMDDHHMM format string
-Date.convertFromYYYYMMDDHHMM = function(d)
-{
-    var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
-                            parseInt(d.substr(4,2),10)-1,
-                            parseInt(d.substr(6,2),10),
-                            parseInt(d.substr(8,2),10),
-                            parseInt(d.substr(10,2),10),0,0));
-    return(theDate);
-}
-
-// ---------------------------------------------------------------------------------
-// Crypto functions and associated conversion routines
-// ---------------------------------------------------------------------------------
-
-// Crypto "namespace"
-function Crypto() {}
-
-// Convert a string to an array of big-endian 32-bit words
-Crypto.strToBe32s = function(str)
-{
-    var be = Array();
-    var len = Math.floor(str.length/4);
-    var i, j;
-    for(i=0, j=0; i<len; i++, j+=4)
-        {
-        be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
-        }
-    while (j<str.length)
-        {
-        be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
-        j++;
-        }
-    return be;
-}
-
-// Convert an array of big-endian 32-bit words to a string
-Crypto.be32sToStr = function(be)
-{
-    var str = "";
-    for(var i=0;i<be.length*32;i+=8)
-        str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
-    return str;
-}
-
-// Convert an array of big-endian 32-bit words to a hex string
-Crypto.be32sToHex = function(be)
-{
-    var hex = "0123456789ABCDEF";
-    var str = "";
-    for(var i=0;i<be.length*4;i++)
-        str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
-    return str;
-}
-
-// Return, in hex, the SHA-1 hash of a string
-Crypto.hexSha1Str = function(str)
-{
-    return Crypto.be32sToHex(Crypto.sha1Str(str));
-}
-
-// Return the SHA-1 hash of a string
-Crypto.sha1Str = function(str)
-{
-    return Crypto.sha1(Crypto.strToBe32s(str),str.length);
-}
-
-// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
-Crypto.sha1 = function(x,blen)
-{
-    // Add 32-bit integers, wrapping at 32 bits
-    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-    add32 = function(a,b)
-    {
-        var lsw = (a&0xFFFF)+(b&0xFFFF);
-        var msw = (a>>16)+(b>>16)+(lsw>>16);
-        return (msw<<16)|(lsw&0xFFFF);
-    };
-    // Add five 32-bit integers, wrapping at 32 bits
-    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
-    add32x5 = function(a,b,c,d,e)
-    {
-        var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
-        var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
-        return (msw<<16)|(lsw&0xFFFF);
-    };
-    // Bitwise rotate left a 32-bit integer by 1 bit
-    rol32 = function(n)
-    {
-        return (n>>>31)|(n<<1);
-    };
-
-    var len = blen*8;
-    // Append padding so length in bits is 448 mod 512
-    x[len>>5] |= 0x80 << (24-len%32);
-    // Append length
-    x[((len+64>>9)<<4)+15] = len;
-    var w = Array(80);
-
-    var k1 = 0x5A827999;
-    var k2 = 0x6ED9EBA1;
-    var k3 = 0x8F1BBCDC;
-    var k4 = 0xCA62C1D6;
-
-    var h0 = 0x67452301;
-    var h1 = 0xEFCDAB89;
-    var h2 = 0x98BADCFE;
-    var h3 = 0x10325476;
-    var h4 = 0xC3D2E1F0;
-
-    for(var i=0;i<x.length;i+=16)
-        {
-        var j,t;
-        var a = h0;
-        var b = h1;
-        var c = h2;
-        var d = h3;
-        var e = h4;
-        for(j = 0;j<16;j++)
-            {
-            w[j] = x[i+j];
-            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-            }
-        for(j=16;j<20;j++)
-            {
-            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
-            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-            }
-        for(j=20;j<40;j++)
-            {
-            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
-            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-            }
-        for(j=40;j<60;j++)
-            {
-            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-            t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
-            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-            }
-        for(j=60;j<80;j++)
-            {
-            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
-            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
-            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
-            }
-
-        h0 = add32(h0,a);
-        h1 = add32(h1,b);
-        h2 = add32(h2,c);
-        h3 = add32(h3,d);
-        h4 = add32(h4,e);
-        }
-    return Array(h0,h1,h2,h3,h4);
-}
-
-// ---------------------------------------------------------------------------------
-// RGB colour object
-// ---------------------------------------------------------------------------------
-
-// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
-function RGB(r,g,b)
-{
-    this.r = 0;
-    this.g = 0;
-    this.b = 0;
-    if(typeof r == "string")
-        {
-        if(r.substr(0,1) == "#")
-            {
-            if(r.length == 7)
-                {
-                this.r = parseInt(r.substr(1,2),16)/255;
-                this.g = parseInt(r.substr(3,2),16)/255;
-                this.b = parseInt(r.substr(5,2),16)/255;
-                }
-            else
-                {
-                this.r = parseInt(r.substr(1,1),16)/15;
-                this.g = parseInt(r.substr(2,1),16)/15;
-                this.b = parseInt(r.substr(3,1),16)/15;
-                }
-            }
-        else
-            {
-            var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
-            var c = r.match(rgbPattern);
-            if (c)
-                {
-                this.r = parseInt(c[1],10)/255;
-                this.g = parseInt(c[2],10)/255;
-                this.b = parseInt(c[3],10)/255;
-                }
-            }
-        }
-    else
-        {
-        this.r = r;
-        this.g = g;
-        this.b = b;
-        }
-    return this;
-}
-
-// Mixes this colour with another in a specified proportion
-// c = other colour to mix
-// f = 0..1 where 0 is this colour and 1 is the new colour
-// Returns an RGB object
-RGB.prototype.mix = function(c,f)
-{
-    return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
-}
-
-// Return an rgb colour as a #rrggbb format hex string
-RGB.prototype.toString = function()
-{
-    var r = this.r.clamp(0,1);
-    var g = this.g.clamp(0,1);
-    var b = this.b.clamp(0,1);
-    return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
-                 ("0" + Math.floor(g * 255).toString(16)).right(2) +
-                 ("0" + Math.floor(b * 255).toString(16)).right(2));
-}
-
-// ---------------------------------------------------------------------------------
-// DOM utilities - many derived from www.quirksmode.org
-// ---------------------------------------------------------------------------------
-
-function drawGradient(place,horiz,colours)
-{
-    for(var t=0; t<= 100; t+=2)
-        {
-        var bar = document.createElement("div");
-        place.appendChild(bar);
-        bar.style.position = "absolute";
-        bar.style.left = horiz ? t + "%" : 0;
-        bar.style.top = horiz ? 0 : t + "%";
-        bar.style.width = horiz ? (101-t) + "%" : "100%";
-        bar.style.height = horiz ? "100%" : (101-t) + "%";
-        bar.style.zIndex = -1;
-        var f = t/100;
-        var p = f*(colours.length-1);
-        bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
-        }
-}
-
-function createTiddlyText(theParent,theText)
-{
-    return theParent.appendChild(document.createTextNode(theText));
-}
-
-function createTiddlyCheckbox(theParent,caption,checked,onChange)
-{
-    var cb = document.createElement("input");
-    cb.setAttribute("type","checkbox");
-    cb.onclick = onChange;
-    theParent.appendChild(cb);
-    cb.checked = checked;
-    cb.className = "chkOptionInput";
-    if(caption)
-        wikify(caption,theParent);
-    return cb;
-}
-
-function createTiddlyElement(theParent,theElement,theID,theClass,theText)
-{
-    var e = document.createElement(theElement);
-    if(theClass != null)
-        e.className = theClass;
-    if(theID != null)
-        e.setAttribute("id",theID);
-    if(theText != null)
-        e.appendChild(document.createTextNode(theText));
-    if(theParent != null)
-        theParent.appendChild(e);
-    return(e);
-}
-
-// Add an event handler
-// Thanks to John Resig, via QuirksMode
-function addEvent(obj,type,fn)
-{
-    if(obj.attachEvent)
-        {
-        obj['e'+type+fn] = fn;
-        obj[type+fn] = function(){obj['e'+type+fn](window.event);}
-        obj.attachEvent('on'+type,obj[type+fn]);
-        }
-    else
-        obj.addEventListener(type,fn,false);
-}
-
-// Remove  an event handler
-// Thanks to John Resig, via QuirksMode
-function removeEvent(obj,type,fn)
-{
-    if(obj.detachEvent)
-        {
-        obj.detachEvent('on'+type,obj[type+fn]);
-        obj[type+fn] = null;
-        }
-    else
-        obj.removeEventListener(type,fn,false);
-}
-
-function addClass(e,theClass)
-{
-    var currClass = e.className.split(" ");
-    if(currClass.indexOf(theClass) == -1)
-        e.className += " " + theClass;
-}
-
-function removeClass(e,theClass)
-{
-    var currClass = e.className.split(" ");
-    var i = currClass.indexOf(theClass);
-    while(i != -1)
-        {
-        currClass.splice(i,1);
-        i = currClass.indexOf(theClass);
-        }
-    e.className = currClass.join(" ");
-}
-
-function hasClass(e,theClass)
-{
-    if(e.className)
-        {
-        if(e.className.split(" ").indexOf(theClass) != -1)
-            return true;
-        }
-    return false;
-}
-
-// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
-function findRelated(e,value,name,relative)
-{
-    name = name ? name : "tagName";
-    relative = relative ? relative : "parentNode";
-    if(name == "className")
-        {
-        while(e && !hasClass(e,value))
-            {
-            e = e[relative];
-            }
-        }
-    else
-        {
-        while(e && e[name] != value)
-            {
-            e = e[relative];
-            }
-        }
-    return e;
-}
-
-// Resolve the target object of an event
-function resolveTarget(e)
-{
-    var obj;
-    if (e.target)
-        obj = e.target;
-    else if (e.srcElement)
-        obj = e.srcElement;
-    if (obj.nodeType == 3) // defeat Safari bug
-        obj = obj.parentNode;
-    return(obj);
-}
-
-// Return the content of an element as plain text with no formatting
-function getPlainText(e)
-{
-    var text = "";
-    if(e.innerText)
-        text = e.innerText;
-    else if(e.textContent)
-        text = e.textContent;
-    return text;
-}
-
-// Get the scroll position for window.scrollTo necessary to scroll a given element into view
-function ensureVisible(e)
-{
-    var posTop = findPosY(e);
-    var posBot = posTop + e.offsetHeight;
-    var winTop = findScrollY();
-    var winHeight = findWindowHeight();
-    var winBot = winTop + winHeight;
-    if(posTop < winTop)
-        return(posTop);
-    else if(posBot > winBot)
-        {
-        if(e.offsetHeight < winHeight)
-            return(posTop - (winHeight - e.offsetHeight));
-        else
-            return(posTop);
-        }
-    else
-        return(winTop);
-}
-
-// Get the current width of the display window
-function findWindowWidth()
-{
-    return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
-}
-
-// Get the current height of the display window
-function findWindowHeight()
-{
-    return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
-}
-
-// Get the current horizontal page scroll position
-function findScrollX()
-{
-    return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
-}
-
-// Get the current vertical page scroll position
-function findScrollY()
-{
-    return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
-}
-
-function findPosX(obj)
-{
-    var curleft = 0;
-    while (obj.offsetParent)
-        {
-        curleft += obj.offsetLeft;
-        obj = obj.offsetParent;
-        }
-    return curleft;
-}
-
-function findPosY(obj)
-{
-    var curtop = 0;
-    while (obj.offsetParent)
-        {
-        curtop += obj.offsetTop;
-        obj = obj.offsetParent;
-        }
-    return curtop;
-}
-
-// Blur a particular element
-function blurElement(e)
-{
-    if(e != null && e.focus && e.blur)
-        {
-        e.focus();
-        e.blur();
-        }
-}
-
-// Create a non-breaking space
-function insertSpacer(place)
-{
-    var e = document.createTextNode(String.fromCharCode(160));
-    if(place)
-        place.appendChild(e);
-    return e;
-}
-
-// Remove all children of a node
-function removeChildren(e)
-{
-    while(e.hasChildNodes())
-        e.removeChild(e.firstChild);
-}
-
-// Add a stylesheet, replacing any previous custom stylesheet
-function setStylesheet(s,id)
-{
-    if(!id)
-        id = "customStyleSheet";
-    var n = document.getElementById(id);
-    if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
-        {
-        if(n)
-            n.parentNode.removeChild(n);
-        // This failed without the &nbsp;
-        document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
-        }
-    else
-        {
-        if(n)
-            n.replaceChild(document.createTextNode(s),n.firstChild);
-        else
-            {
-            var n = document.createElement("style");
-            n.type = "text/css";
-            n.id = id;
-            n.appendChild(document.createTextNode(s));
-            document.getElementsByTagName("head")[0].appendChild(n);
-            }
-        }
-}
-
-// Replace the current selection of a textarea or text input and scroll it into view
-
-function replaceSelection(e,text)
-{
-    if (e.setSelectionRange)
-        {
-        var oldpos = e.selectionStart + 1;
-        e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
-        e.setSelectionRange( oldpos, oldpos);
-        var linecount = e.value.split('\n').length;
-        var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
-        e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
-        }
-    else if (document.selection)
-        {
-        var range = document.selection.createRange();
-        if (range.parentElement() == e)
-            {
-            var isCollapsed = range.text == "";
-            range.text = text;
-             if (!isCollapsed)
-                {
-                range.moveStart('character', -text.length);
-                range.select();
-                }
-            }
-        }
-}
-
-// Returns the text of the given (text) node, possibly merging subsequent text nodes
-function getNodeText(e)
-{
-    var t = "";
-    while (e && e.nodeName == "#text")
-        {
-        t += e.nodeValue;
-        e = e.nextSibling;
-        }
-    return t;
-}
-//# -------------------------
-//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
-//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
-//# Subclasses must implement:
-//#             function getTitle(store, e)
-//#
-//# store must implement:
-//#             function createTiddler(title).
-//#
-
-function LoaderBase()
-{
-}
-
-LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
-{
-    var title = this.getTitle(store, e);
-    if (title)
-        {
-        var tiddler = store.createTiddler(title);
-        this.internalizeTiddler(store, tiddler, title, e);
-        tiddlers.push(tiddler);
-        }
-}
-
-LoaderBase.prototype.loadTiddlers = function(store,nodes)
-{
-    var tiddlers = [];
-    for (var t = 0; t < nodes.length; t++)
-        {
-        try
-            {
-            this.loadTiddler(store, nodes[t], tiddlers);
-            }
-        catch(e)
-            {
-            showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
-            }
-        }
-    return tiddlers;
-}
-
-//# -------------------------
-//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string,
-//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines
-//# Subclasses must implement:
-//#             function externalizeTiddler(store, tiddler)
-//#
-//# store must implement:
-//#             function getTiddlers(sortByFieldName)
-//#
-
-function SaverBase()
-{
-}
-
-SaverBase.prototype.externalize = function(store)
-{
-    var results = [];
-    var tiddlers = store.getTiddlers("title");
-    for (var t = 0; t < tiddlers.length; t++)
-        results.push(this.externalizeTiddler(store, tiddlers[t]));
-    return results.join("\n");
-}
-//--------------------------------
-// TW21Loader (inherits from LoaderBase)
-
-function TW21Loader() {};
-
-TW21Loader.prototype = new LoaderBase();
-
-TW21Loader.prototype.getTitle = function(store, e) {
-    var title = null;
-    if(e.getAttribute)
-        title = e.getAttribute("tiddler");
-    if(!title && e.id) {
-        var lenPrefix = store.idPrefix.length;
-        if (e.id.substr(0,lenPrefix) == store.idPrefix)
-            title = e.id.substr(lenPrefix);
-    }
-    return title;
-}
-
-TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
-    var text = getNodeText(data.firstChild).unescapeLineBreaks();
-    var modifier = data.getAttribute("modifier");
-    var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
-    var c = data.getAttribute("created");
-    var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
-    var tags = data.getAttribute("tags");
-    var fields = {};
-    var attrs = data.attributes;
-    for(var i = attrs.length-1; i >= 0; i--) {
-        var name = attrs[i].name;
-        if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
-            fields[name] = attrs[i].value.unescapeLineBreaks();
-        }
-    }
-    tiddler.assign(title,text,modifier,modified,tags,created, fields);
-    return tiddler;
-};
-
-//--------------------------------
-// TW21Saver (inherits from SaverBase)
-
-function TW21Saver() {};
-
-TW21Saver.prototype = new SaverBase();
-
-TW21Saver.prototype.externalizeTiddler = function(store, tiddler)
-{
-    try {
-        var extendedFieldAttributes = "";
-        store.forEachField(tiddler,
-            function(tiddler, fieldName, value) {
-                // don't store stuff from the temp namespace
-                if (!fieldName.match(/^temp\./))
-                    extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
-            }, true);
-        return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
-                tiddler.title.htmlEncode(),
-                tiddler.modifier.htmlEncode(),
-                tiddler.modified.convertToYYYYMMDDHHMM(),
-                tiddler.created.convertToYYYYMMDDHHMM(),
-                tiddler.getTags().htmlEncode(),
-                tiddler.escapeLineBreaks().htmlEncode(),
-                extendedFieldAttributes
-            ]);
-    } catch (e) {
-        throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
-    }
-}
-
-// ---------------------------------------------------------------------------------
-// Deprecated code
-// ---------------------------------------------------------------------------------
-
-// @Deprecated: Use createElementAndWikify and this.termRegExp instead
-config.formatterHelpers.charFormatHelper = function(w)
-{
-    w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
-}
-
-// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
-config.formatterHelpers.monospacedByLineHelper = function(w)
-{
-    var lookaheadRegExp = new RegExp(this.lookahead,"mg");
-    lookaheadRegExp.lastIndex = w.matchStart;
-    var lookaheadMatch = lookaheadRegExp.exec(w.source);
-    if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
-        {
-        var text = lookaheadMatch[1];
-        if(config.browser.isIE)
-            text = text.replace(/\n/g,"\r");
-        createTiddlyElement(w.output,"pre",null,null,text);
-        w.nextMatch = lookaheadRegExp.lastIndex;
-        }
-}
-
-// @Deprecated: Use <br> or <br /> instead of <<br>>
-config.macros.br.handler = function(place)
-{
-    createTiddlyElement(place,"br");
-}
-
-// Find an entry in an array. Returns the array index or null
-// @Deprecated: Use indexOf instead
-Array.prototype.find = function(item)
-{
-    var i = this.indexOf(item);
-    return i == -1 ? null : i;
-}
-
-// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
-// @Deprecated: Use store.getLoader().internalizeTiddler instead
-Tiddler.prototype.loadFromDiv = function(divRef,title)
-{
-    return store.getLoader().internalizeTiddler(store,this,title,divRef);
-}
-
-// Format the text for storage in an HTML DIV
-// @Deprecated Use store.getSaver().externalizeTiddler instead.
-Tiddler.prototype.saveToDiv = function()
-{
-    return store.getSaver().externalizeTiddler(store,this);
-}
-
-// @Deprecated: Use store.allTiddlersAsHtml() instead
-function allTiddlersAsHtml()
-{
-    return store.allTiddlersAsHtml();
-}
-
-// @Deprecated: Use refreshPageTemplate instead
-function applyPageTemplate(title)
-{
-    refreshPageTemplate(title);
-}
-
-// @Deprecated: Use story.displayTiddlers instead
-function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
-{
-    story.displayTiddlers(srcElement,titles,template,animate,slowly);
-}
-
-// @Deprecated: Use story.displayTiddler instead
-function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
-{
-    story.displayTiddler(srcElement,title,template,animate,slowly);
-}
-
-// @Deprecated: Use functions on right hand side directly instead
-var createTiddlerPopup = Popup.create;
-var scrollToTiddlerPopup = Popup.show;
-var hideTiddlerPopup = Popup.remove;
-
-// @Deprecated: Use right hand side directly instead
-var regexpBackSlashEn = new RegExp("\\\\n","mg");
-var regexpBackSlash = new RegExp("\\\\","mg");
-var regexpBackSlashEss = new RegExp("\\\\s","mg");
-var regexpNewLine = new RegExp("\n","mg");
-var regexpCarriageReturn = new RegExp("\r","mg");
-// ---------------------------------------------------------------------------------
-// End of scripts
-merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
-merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
-merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
-merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
-merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
-// ---------------------------------------------------------------------------------
-//]]>
-</script>
-<style type="text/css">
-
-#saveTest {
-    display: none;
-}
-
-.zoomer {
-    display: none;
-}
-
-#messageArea {
-    display: none;
-}
-
-#copyright {
-    display: none;
-}
-
-.popup {
-    position: absolute;
-}
-
-#storeArea {
-    display: none;
-    margin: 4em 10em 3em;
-}
-
-#storeArea div {
- padding: 0.5em;
- margin: 1em 0em 0em 0em;
- border-color: #f0f0f0 #606060 #404040 #d0d0d0;
- border-style: solid;
- border-width: 2px;
- overflow: auto;
-}
-
-#javascriptWarning {
-    width: 100%;
-    text-align: center;
-    font-weight: bold;
-    background-color: #dd1100;
-    color: #fff;
-    padding:1em 0em;
-}
-
-</style>
-<!--POST-HEAD-START-->
-
-<!--POST-HEAD-END-->
-</head>
-<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
-<!--PRE-BODY-START-->
-
-<!--PRE-BODY-END-->
-    <script type="text/javascript">
-//<![CDATA[
-if (useJavaSaver)
-    document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
-//]]>
-    </script>
-    <div id="copyright">
-    Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
-    </div>
-    <noscript>
-        <div id="javascriptWarning">This page requires JavaScript to function properly</div>
-    </noscript>
-    <div id="saveTest"></div>
-    <div id="contentWrapper"></div>
-    <div id="contentStash"></div>
-    <div id="storeArea">
-<div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
-<div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
-<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.2 (2016-12-31)@@\n\n!!__SSL Library__\n* Basic constraint/key usage v3 extensions now supported\n* Test harness must now be run without built-in default cert\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.1 (2016-12-20)@@\n\n!!__SSL Library__\n* X509 State, country and location are now used for verification and display.\n* SNI hostname memory is now managed by the calling application\n* X509 version number is checked before processing v3 extensions.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.0 (2016-12-13)@@\n\n!!__SSL Library__\n* SNI added\n* Some non-C sample code updated.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.1 (2016-08-30)@@\n\n!!__SSL Library__\n* ~RC4 only used if ~PKCS12 is used.\n* Buffer sizes tightned up.\n* Buffer check on client handshake due to some incompatibilities.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
-<div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
-<div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
-<div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
-<div tiddler="SiteTitle" modifier="axTLS" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
-<div tiddler="SiteUrl" modifier="axTLS" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
-<div tiddler="StyleSheet" modifier="axTLS" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
-<div tiddler="axhttpd" modifier="axTLS" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
-</div>
-<!--POST-BODY-START-->
-
-<!--POST-BODY-END-->
-    </body>
-</html>

From 821237756e767e26008b5a54ec7b172e3754fc88 Mon Sep 17 00:00:00 2001
From: Myles Eftos <myles@madpilot.com.au>
Date: Sat, 15 Jul 2017 10:26:41 +1000
Subject: [PATCH 301/301] Squashed 'tools/sdk/axtls/' content from commit
 27f4a6c

git-subtree-dir: tools/sdk/axtls
git-subtree-split: 27f4a6caf69625a9e798b7a1c3b1406ec1ec1d85
---
 .gitignore                               |    5 +
 .gitmodules                              |    3 +
 .travis.yml                              |   43 +
 LICENSE                                  |   24 +
 Makefile                                 |   79 +
 README.md                                |   39 +
 VERSION                                  |    1 +
 bindings/Config.in                       |  105 +
 bindings/csharp/axTLS.cs                 |  491 ++
 bindings/generate_SWIG_interface.pl      |  392 ++
 bindings/java/SSL.java                   |  137 +
 compat                                   |    1 +
 config/makefile.conf                     |  134 +
 crypto/aes.c                             |  452 ++
 crypto/bigint.c                          | 1514 +++++
 crypto/bigint.h                          |   99 +
 crypto/bigint_impl.h                     |  129 +
 crypto/crypto.h                          |  277 +
 crypto/crypto_misc.c                     |  385 ++
 crypto/hmac.c                            |  166 +
 crypto/md5.c                             |  301 +
 crypto/os_int.h                          |   72 +
 crypto/rc4.c                             |   97 +
 crypto/rsa.c                             |  295 +
 crypto/sha1.c                            |  249 +
 crypto/sha256.c                          |  281 +
 crypto/sha384.c                          |   77 +
 crypto/sha512.c                          |  220 +
 replacements/time.c                      |  147 +
 samples/c/axssl.c                        |  902 +++
 samples/csharp/axssl.cs                  |  758 +++
 samples/java/Makefile                    |   51 +
 samples/java/axssl.java                  |  760 +++
 samples/lua/axssl.lua                    |  562 ++
 samples/perl/axssl.pl                    |  634 ++
 samples/vbnet/axssl.vb                   |  702 +++
 ssl/asn1.c                               |  782 +++
 ssl/cert.h                               |   54 +
 ssl/config.h                             |  127 +
 ssl/crypto_misc.h                        |  217 +
 ssl/gen_cert.c                           |  374 ++
 ssl/loader.c                             |  490 ++
 ssl/openssl.c                            |  318 +
 ssl/os_int.h                             |    8 +
 ssl/os_port.c                            |   93 +
 ssl/os_port.h                            |  283 +
 ssl/p12.c                                |  483 ++
 ssl/private_key.h                        |   54 +
 ssl/ssl.h                                |  580 ++
 ssl/test/axTLS.ca_key.pem                |   27 +
 ssl/test/axTLS.ca_x509.cer               |  Bin 0 -> 786 bytes
 ssl/test/axTLS.ca_x509.pem               |   19 +
 ssl/test/axTLS.ca_x509_sha256.pem        |   19 +
 ssl/test/axTLS.encrypted.p8              |  Bin 0 -> 673 bytes
 ssl/test/axTLS.encrypted_pem.p8          |   17 +
 ssl/test/axTLS.key_1024                  |  Bin 0 -> 609 bytes
 ssl/test/axTLS.key_1024.pem              |   15 +
 ssl/test/axTLS.key_2048                  |  Bin 0 -> 1192 bytes
 ssl/test/axTLS.key_2048.pem              |   27 +
 ssl/test/axTLS.key_4096                  |  Bin 0 -> 2347 bytes
 ssl/test/axTLS.key_4096.pem              |   51 +
 ssl/test/axTLS.key_aes128.pem            |   18 +
 ssl/test/axTLS.key_aes256.pem            |   18 +
 ssl/test/axTLS.key_device.pem            |   27 +
 ssl/test/axTLS.key_end_chain.pem         |   27 +
 ssl/test/axTLS.key_intermediate_ca.pem   |   27 +
 ssl/test/axTLS.key_intermediate_ca2.pem  |   27 +
 ssl/test/axTLS.noname.p12                |  Bin 0 -> 1612 bytes
 ssl/test/axTLS.unencrypted.p8            |  Bin 0 -> 635 bytes
 ssl/test/axTLS.unencrypted_pem.p8        |   16 +
 ssl/test/axTLS.withCA.p12                |  Bin 0 -> 2521 bytes
 ssl/test/axTLS.withoutCA.p12             |  Bin 0 -> 1702 bytes
 ssl/test/axTLS.x509_1024.cer             |  Bin 0 -> 604 bytes
 ssl/test/axTLS.x509_1024.pem             |   15 +
 ssl/test/axTLS.x509_1024_sha256.pem      |   15 +
 ssl/test/axTLS.x509_1024_sha384.pem      |   15 +
 ssl/test/axTLS.x509_1024_sha512.pem      |   15 +
 ssl/test/axTLS.x509_2048.cer             |  Bin 0 -> 736 bytes
 ssl/test/axTLS.x509_2048.pem             |   18 +
 ssl/test/axTLS.x509_4096.cer             |  Bin 0 -> 992 bytes
 ssl/test/axTLS.x509_4096.pem             |   23 +
 ssl/test/axTLS.x509_aes128.pem           |   15 +
 ssl/test/axTLS.x509_aes256.pem           |   15 +
 ssl/test/axTLS.x509_bad_after.pem        |   15 +
 ssl/test/axTLS.x509_bad_before.pem       |   15 +
 ssl/test/axTLS.x509_device.pem           |   34 +
 ssl/test/axTLS.x509_end_chain.pem        |   19 +
 ssl/test/axTLS.x509_end_chain_bad.pem    |   19 +
 ssl/test/axTLS.x509_intermediate_ca.pem  |   19 +
 ssl/test/axTLS.x509_intermediate_ca2.pem |   37 +
 ssl/test/ssltest.c                       | 2589 ++++++++
 ssl/tls1.c                               | 2603 ++++++++
 ssl/tls1.h                               |  324 +
 ssl/tls1_clnt.c                          |  541 ++
 ssl/tls1_svr.c                           |  526 ++
 ssl/version.h                            |    1 +
 ssl/x509.c                               |  899 +++
 tools/make_certs.sh                      |  256 +
 util/time.h                              |   11 +
 www/index.html                           | 7103 ++++++++++++++++++++++
 100 files changed, 29924 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .gitmodules
 create mode 100644 .travis.yml
 create mode 100644 LICENSE
 create mode 100644 Makefile
 create mode 100644 README.md
 create mode 100644 VERSION
 create mode 100644 bindings/Config.in
 create mode 100644 bindings/csharp/axTLS.cs
 create mode 100755 bindings/generate_SWIG_interface.pl
 create mode 100644 bindings/java/SSL.java
 create mode 160000 compat
 create mode 100644 config/makefile.conf
 create mode 100644 crypto/aes.c
 create mode 100644 crypto/bigint.c
 create mode 100644 crypto/bigint.h
 create mode 100644 crypto/bigint_impl.h
 create mode 100644 crypto/crypto.h
 create mode 100644 crypto/crypto_misc.c
 create mode 100644 crypto/hmac.c
 create mode 100644 crypto/md5.c
 create mode 100644 crypto/os_int.h
 create mode 100644 crypto/rc4.c
 create mode 100644 crypto/rsa.c
 create mode 100644 crypto/sha1.c
 create mode 100644 crypto/sha256.c
 create mode 100644 crypto/sha384.c
 create mode 100644 crypto/sha512.c
 create mode 100644 replacements/time.c
 create mode 100644 samples/c/axssl.c
 create mode 100644 samples/csharp/axssl.cs
 create mode 100644 samples/java/Makefile
 create mode 100644 samples/java/axssl.java
 create mode 100755 samples/lua/axssl.lua
 create mode 100755 samples/perl/axssl.pl
 create mode 100644 samples/vbnet/axssl.vb
 create mode 100644 ssl/asn1.c
 create mode 100644 ssl/cert.h
 create mode 100644 ssl/config.h
 create mode 100644 ssl/crypto_misc.h
 create mode 100644 ssl/gen_cert.c
 create mode 100644 ssl/loader.c
 create mode 100644 ssl/openssl.c
 create mode 100644 ssl/os_int.h
 create mode 100644 ssl/os_port.c
 create mode 100644 ssl/os_port.h
 create mode 100644 ssl/p12.c
 create mode 100644 ssl/private_key.h
 create mode 100644 ssl/ssl.h
 create mode 100644 ssl/test/axTLS.ca_key.pem
 create mode 100644 ssl/test/axTLS.ca_x509.cer
 create mode 100644 ssl/test/axTLS.ca_x509.pem
 create mode 100644 ssl/test/axTLS.ca_x509_sha256.pem
 create mode 100644 ssl/test/axTLS.encrypted.p8
 create mode 100644 ssl/test/axTLS.encrypted_pem.p8
 create mode 100644 ssl/test/axTLS.key_1024
 create mode 100644 ssl/test/axTLS.key_1024.pem
 create mode 100644 ssl/test/axTLS.key_2048
 create mode 100644 ssl/test/axTLS.key_2048.pem
 create mode 100644 ssl/test/axTLS.key_4096
 create mode 100644 ssl/test/axTLS.key_4096.pem
 create mode 100644 ssl/test/axTLS.key_aes128.pem
 create mode 100644 ssl/test/axTLS.key_aes256.pem
 create mode 100644 ssl/test/axTLS.key_device.pem
 create mode 100644 ssl/test/axTLS.key_end_chain.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.key_intermediate_ca2.pem
 create mode 100644 ssl/test/axTLS.noname.p12
 create mode 100644 ssl/test/axTLS.unencrypted.p8
 create mode 100644 ssl/test/axTLS.unencrypted_pem.p8
 create mode 100644 ssl/test/axTLS.withCA.p12
 create mode 100644 ssl/test/axTLS.withoutCA.p12
 create mode 100644 ssl/test/axTLS.x509_1024.cer
 create mode 100644 ssl/test/axTLS.x509_1024.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha256.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha384.pem
 create mode 100644 ssl/test/axTLS.x509_1024_sha512.pem
 create mode 100644 ssl/test/axTLS.x509_2048.cer
 create mode 100644 ssl/test/axTLS.x509_2048.pem
 create mode 100644 ssl/test/axTLS.x509_4096.cer
 create mode 100644 ssl/test/axTLS.x509_4096.pem
 create mode 100644 ssl/test/axTLS.x509_aes128.pem
 create mode 100644 ssl/test/axTLS.x509_aes256.pem
 create mode 100644 ssl/test/axTLS.x509_bad_after.pem
 create mode 100644 ssl/test/axTLS.x509_bad_before.pem
 create mode 100644 ssl/test/axTLS.x509_device.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain.pem
 create mode 100644 ssl/test/axTLS.x509_end_chain_bad.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca.pem
 create mode 100644 ssl/test/axTLS.x509_intermediate_ca2.pem
 create mode 100644 ssl/test/ssltest.c
 create mode 100644 ssl/tls1.c
 create mode 100644 ssl/tls1.h
 create mode 100644 ssl/tls1_clnt.c
 create mode 100644 ssl/tls1_svr.c
 create mode 100644 ssl/version.h
 create mode 100644 ssl/x509.c
 create mode 100644 tools/make_certs.sh
 create mode 100644 util/time.h
 create mode 100755 www/index.html

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..03ba8b58a6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+*.o
+bin/
+Makefile.local
+.DS_Store
+
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000000..6816a4b760
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "compat"]
+	path = compat
+	url = https://github.com/attachix/lwirax.git
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000000..5258cf5890
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,43 @@
+sudo: false
+language: bash
+os:
+  - linux
+
+script:
+  # Download Arduino IDE
+  - wget -O arduino.tar.xz https://www.arduino.cc/download.php?f=/arduino-nightly-linux64.tar.xz
+  - tar xf arduino.tar.xz
+  - mv arduino-nightly $HOME/arduino_ide
+  # Download ESP8266 Arduino core
+  - cd $HOME/arduino_ide/hardware
+  - mkdir esp8266com
+  - cd esp8266com
+  - git clone https://github.com/esp8266/Arduino.git esp8266
+  - cd esp8266
+  - export ESP8266_ARDUINO_DIR="$PWD"
+  # Download toolchain and esptool
+  - cd tools
+  - python get.py
+  - export PATH="$PATH:$PWD/xtensa-lx106-elf/bin"
+  # Build axTLS
+  - cd $TRAVIS_BUILD_DIR
+  - make
+  # Copy the library into Arduino core
+  - cp bin/libaxtls.a $ESP8266_ARDUINO_DIR/tools/sdk/lib/libaxtls.a
+  # Try building examples in ESP8266WiFi library from the ESP8266 Arduino core
+  - /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_1.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :1 -ac -screen 0 1280x1024x16
+  - sleep 3
+  - export DISPLAY=:1.0
+  - export PATH="$HOME/arduino_ide:$PATH"
+  - which arduino
+  - cd $ESP8266_ARDUINO_DIR
+  - source tests/common.sh
+  - arduino --board esp8266com:esp8266:generic --save-prefs
+  - arduino --get-pref sketchbook.path
+  - build_sketches $HOME/arduino_ide $ESP8266_ARDUINO_DIR/libraries/ESP8266WiFi/examples/HTTPSRequest
+  # Feel free to add more test cases (for other environments) here
+
+notifications:
+  email:
+    on_success: change
+    on_failure: change
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000000..eed70a9a67
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2008, Cameron Rich All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer. Redistributions in binary
+form must reproduce the above copyright notice, this list of conditions and
+the following disclaimer in the documentation and/or other materials
+provided with the distribution. Neither the name of the axTLS Project nor
+the names of its contributors may be used to endorse or promote products
+derived from this software without specific prior written permission. 
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..e48e869f15
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,79 @@
+TOOLCHAIN_PREFIX := xtensa-lx106-elf-
+CC := $(TOOLCHAIN_PREFIX)gcc
+AR := $(TOOLCHAIN_PREFIX)ar
+LD := $(TOOLCHAIN_PREFIX)gcc
+OBJCOPY := $(TOOLCHAIN_PREFIX)objcopy
+
+XTENSA_LIBS ?= $(shell $(CC) -print-sysroot)
+
+TOOLCHAIN_DIR=$(shell cd $(XTENSA_LIBS)/../../; pwd)
+
+OBJ_FILES := \
+	crypto/aes.o \
+	crypto/bigint.o \
+	crypto/hmac.o \
+	crypto/md5.o \
+	crypto/rc4.o \
+	crypto/rsa.o \
+	crypto/sha1.o \
+	crypto/sha256.o \
+	crypto/sha384.o \
+	crypto/sha512.o \
+	ssl/asn1.o \
+	ssl/gen_cert.o \
+	ssl/loader.o \
+	ssl/os_port.o \
+	ssl/p12.o \
+	ssl/tls1.o \
+	ssl/tls1_clnt.o \
+	ssl/tls1_svr.o \
+	ssl/x509.o \
+	crypto/crypto_misc.o \
+
+
+CPPFLAGS += -I$(XTENSA_LIBS)/include \
+		-Icrypto \
+		-Issl \
+		-I.
+
+LDFLAGS  += 	-L$(XTENSA_LIBS)/lib \
+		-L$(XTENSA_LIBS)/arch/lib \
+
+
+CFLAGS+=-std=c99 -DESP8266
+
+CFLAGS += -Wall -Os -g -O2 -Wpointer-arith -Wl,-EL -nostdlib -mlongcalls -mno-text-section-literals  -D__ets__ -DICACHE_FLASH
+
+CFLAGS += -ffunction-sections -fdata-sections
+
+CFLAGS += -fdebug-prefix-map=$(PWD)= -fdebug-prefix-map=$(TOOLCHAIN_DIR)=xtensa-lx106-elf -gno-record-gcc-switches
+
+MFORCE32 := $(shell $(CC) --help=target | grep mforce-l32)
+ifneq ($(MFORCE32),)
+    # If the compiler supports the -mforce-l32 flag, the compiler will generate correct code for loading
+    # 16- and 8-bit constants from program memory. So in the code we can directly access the arrays
+    # placed into program memory.
+    CFLAGS +=  -mforce-l32
+else
+	# Otherwise we need to use a helper function to load 16- and 8-bit constants from program memory.
+    CFLAGS += -DWITH_PGM_READ_HELPER
+endif
+
+BIN_DIR := bin
+AXTLS_AR := $(BIN_DIR)/libaxtls.a
+
+all: $(AXTLS_AR)
+
+$(AXTLS_AR): | $(BIN_DIR)
+
+$(AXTLS_AR): $(OBJ_FILES)
+	$(AR) cru $@ $^
+
+$(BIN_DIR):
+	mkdir -p $(BIN_DIR)
+
+clean:
+	rm -rf $(OBJ_FILES) $(AXTLS_AR)
+
+
+.PHONY: all clean
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..8537ba13f9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+This is an ESP8266 port of [axTLS](http://axtls.sourceforge.net/) library, currently based on axTLS 2.1.2 (SVN version 274). 
+
+This library supports TLS 1.2, and the following cipher suites:
+
+Cipher suite name (RFC)           | OpenSSL name  | Key exchange | Encryption |  Hash
+----------------------------------|---------------|--------------|------------|---------
+TLS_RSA_WITH_AES_128_CBC_SHA      | AES128-SHA    |      RSA     |  AES-128   | SHA-1
+TLS_RSA_WITH_AES_256_CBC_SHA      | AES256-SHA    |      RSA     |  AES-256   | SHA-1
+TLS_RSA_WITH_AES_128_CBC_SHA256   | AES128-SHA256 |      RSA     |  AES-128   | SHA-256
+TLS_RSA_WITH_AES_256_CBC_SHA256   | AES256-SHA256 |      RSA     |  AES-256   | SHA-256
+
+## Using the library
+
+This is not a self-sufficient library. In addition to the standard C library functions, application has to provide the following functions:
+
+```
+ax_port_read
+ax_port_write
+ax_port_open
+ax_port_close
+ax_get_file
+phy_get_rand  (provided by the IoT SDK)
+ets_printf    (in ESP8266 ROM)
+ets_putc      (in ESP8266 ROM)
+```
+
+For use with LwIP raw TCP API, see [compat/README.md](https://github.com/attachix/lwirax/blob/master/README.md)
+
+## Building [![Build status](https://travis-ci.org/igrr/axtls-8266.svg)](https://travis-ci.org/igrr/axtls-8266)
+
+To build, add xtensa toolchain to your path, and run `make`. The library will be built in `bin/` directory.
+
+## Credits and license
+
+[axTLS](http://axtls.sourceforge.net/) is written and maintained by Cameron Rich.
+
+Other people have contributed to this port; see git logs for a full list.
+
+See [LICENSE](LICENSE) file for axTLS license.
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000000..4ea2b1f403
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+1.4.9
diff --git a/bindings/Config.in b/bindings/Config.in
new file mode 100644
index 0000000000..443fc1a323
--- /dev/null
+++ b/bindings/Config.in
@@ -0,0 +1,105 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/config/Kconfig-language.txt
+#
+menu "Language Bindings"
+
+config CONFIG_BINDINGS
+    bool "Create language bindings"
+    default n
+    help
+        axTLS supports language bindings in C#, VB.NET, Java and Perl.
+
+        Select Y here if you want to build the various language bindings.
+
+config CONFIG_CSHARP_BINDINGS
+    bool "Create C# bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build C# bindings.
+
+        This requires .NET to be installed on Win32 platforms and mono to be
+        installed on all other platforms.
+
+config CONFIG_VBNET_BINDINGS
+    bool "Create VB.NET bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build VB.NET bindings.
+
+        This requires the .NET to be installed and is only built under Win32
+        platforms.
+
+menu ".Net Framework"
+depends on CONFIG_CSHARP_BINDINGS || CONFIG_VBNET_BINDINGS
+config CONFIG_DOT_NET_FRAMEWORK_BASE
+    string "Location of .NET Framework"
+    default "c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727"
+endmenu
+
+config CONFIG_JAVA_BINDINGS
+    bool "Create Java bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Java bindings.
+
+        Current Issues (see README): 
+        * Needs Java 1.4 or better.
+        * If building under Win32 it will use the Win32 JDK.
+
+menu "Java Home"
+depends on CONFIG_JAVA_BINDINGS
+config CONFIG_JAVA_HOME
+    string "Location of JDK"
+    default "c:\\Program Files\\Java\\jdk1.5.0_06" if CONFIG_PLATFORM_WIN32 || CONFIG_PLATFORM_CYGWIN
+    default "/usr/lib/jvm/java-7-openjdk-amd64" if !CONFIG_PLATFORM_WIN32 && !CONFIG_PLATFORM_CYGWIN
+    depends on CONFIG_JAVA_BINDINGS 
+    help
+        The location of Sun's JDK.
+endmenu
+
+config CONFIG_PERL_BINDINGS
+    bool "Create Perl bindings"
+    default n
+    depends on CONFIG_BINDINGS
+    help
+        Build Perl bindings.
+
+        Current Issues (see README):
+        * 64 bit versions don't work at present.
+        * libperl.so needs to be in the shared library path.
+
+menu "Perl Home"
+depends on CONFIG_PERL_BINDINGS && CONFIG_PLATFORM_WIN32
+config CONFIG_PERL_CORE
+    string "Location of Perl CORE"
+    default "c:\\perl\\lib\\CORE"
+    help:
+        works with ActiveState
+        "http://www.activestate.com/Products/ActivePerl"
+
+config CONFIG_PERL_LIB
+    string "Name of Perl Library"
+    default "perl58.lib"
+endmenu
+
+config CONFIG_LUA_BINDINGS
+    bool "Create Lua bindings"
+    default n
+    depends on CONFIG_BINDINGS && !CONFIG_PLATFORM_WIN32
+    help
+        Build Lua bindings (see www.lua.org).
+
+menu "Lua Home"
+depends on CONFIG_LUA_BINDINGS 
+config CONFIG_LUA_CORE
+    string "Location of Lua CORE"
+    default "/usr/local"
+    help:
+        If the Lua exists on another directory then this needs to be changed
+endmenu
+
+endmenu
diff --git a/bindings/csharp/axTLS.cs b/bindings/csharp/axTLS.cs
new file mode 100644
index 0000000000..6a2f6b0633
--- /dev/null
+++ b/bindings/csharp/axTLS.cs
@@ -0,0 +1,491 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * A wrapper around the unmanaged interface to give a semi-decent C# API
+ */
+
+using System;
+using System.Runtime.InteropServices;
+using System.Net.Sockets;
+
+/**
+ * @defgroup csharp_api C# API.
+ *
+ * Ensure that the appropriate Dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ * @{
+ */
+namespace axTLS
+{
+    /**
+     * @class SSL
+     * @ingroup csharp_api 
+     * @brief A representation of an SSL connection.
+     */
+    public class SSL
+    {
+        public IntPtr m_ssl;    /**< A pointer to the real SSL type */
+
+        /**
+         * @brief Store the reference to an SSL context.
+         * @param ip [in] A reference to an SSL object.
+         */
+        public SSL(IntPtr ip)
+        {
+            m_ssl = ip;
+        }
+
+        /**
+         * @brief Free any used resources on this connection. 
+         * 
+         * A "Close Notify" message is sent on this connection (if possible). 
+         * It is up to the application to close the socket.
+         */
+        public void Dispose()
+        {
+            axtls.ssl_free(m_ssl);
+        }
+
+        /**
+         * @brief Return the result of a handshake.
+         * @return SSL_OK if the handshake is complete and ok.
+         * @see ssl.h for the error code list.
+         */
+        public int HandshakeStatus()
+        {
+            return axtls.ssl_handshake_status(m_ssl);
+        }
+
+        /**
+         * @brief Return the SSL cipher id.
+         * @return The cipher id which is one of:
+         * - SSL_AES128_SHA (0x2f)
+         * - SSL_AES256_SHA (0x35)
+         * - SSL_AES128_SHA256 (0x3c)
+         * - SSL_AES256_SHA256 (0x3d)
+         */
+        public byte GetCipherId()
+        {
+            return axtls.ssl_get_cipher_id(m_ssl);
+        }
+
+        /**
+         * @brief Get the session id for a handshake. 
+         * 
+         * This will be a 32 byte sequence and is available after the first
+         * handshaking messages are sent.
+         * @return The session id as a 32 byte sequence.
+         * @note A SSLv23 handshake may have only 16 valid bytes.
+         */
+        public byte[] GetSessionId()
+        {
+            IntPtr ptr = axtls.ssl_get_session_id(m_ssl);
+            byte sess_id_size = axtls.ssl_get_session_id_size(m_ssl);
+            byte[] result = new byte[sess_id_size];
+            Marshal.Copy(ptr, result, 0, sess_id_size);
+            return result;
+        }
+
+        /**
+         * @brief Retrieve an X.509 distinguished name component.
+         * 
+         * When a handshake is complete and a certificate has been exchanged, 
+         * then the details of the remote certificate can be retrieved.
+         *
+         * This will usually be used by a client to check that the server's 
+         * common name matches the URL.
+         *
+         * A full handshake needs to occur for this call to work.
+         *
+         * @param component [in] one of:
+         * - SSL_X509_CERT_COMMON_NAME
+         * - SSL_X509_CERT_ORGANIZATION
+         * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+         * - SSL_X509_CA_CERT_COMMON_NAME
+         * - SSL_X509_CA_CERT_ORGANIZATION
+         * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+         * @return The appropriate string (or null if not defined)
+         */
+        public string GetCertificateDN(int component)
+        {
+            return axtls.ssl_get_cert_dn(m_ssl, component);
+        }
+    }
+
+    /**
+     * @class SSLUtil
+     * @ingroup csharp_api 
+     * @brief Some global helper functions.
+     */
+    public class SSLUtil
+    {
+
+        /**
+         * @brief Return the build mode of the axTLS project.
+         * @return The build mode is one of:
+         * - SSL_BUILD_SERVER_ONLY
+         * - SSL_BUILD_ENABLE_VERIFICATION
+         * - SSL_BUILD_ENABLE_CLIENT
+         * - SSL_BUILD_FULL_MODE
+         */
+        public static int BuildMode()
+        {
+            return axtls.ssl_get_config(axtls.SSL_BUILD_MODE);
+        }
+
+        /**
+         * @brief Return the number of chained certificates that the 
+         * client/server supports.
+         * @return The number of supported server certificates.
+         */
+        public static int MaxCerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Return the number of CA certificates that the client/server
+         * supports.
+         * @return The number of supported CA certificates.
+         */
+        public static int MaxCACerts()
+        {
+            return axtls.ssl_get_config(axtls.SSL_MAX_CA_CERT_CFG_OFFSET);
+        }
+
+        /**
+         * @brief Indicate if PEM is supported.
+         * @return true if PEM supported.
+         */
+        public static bool HasPEM()
+        {
+            return axtls.ssl_get_config(axtls.SSL_HAS_PEM) > 0 ? true : false;
+        }
+
+        /**
+         * @brief Display the text string of the error.
+         * @param error_code [in] The integer error code.
+         */
+        public static void DisplayError(int error_code)
+        {
+            axtls.ssl_display_error(error_code);
+        }
+
+        /**
+         * @brief Return the version of the axTLS project.
+         */
+        public static string Version()
+        {
+            return axtls.ssl_version();
+        }
+    }
+
+    /**
+     * @class SSLCTX
+     * @ingroup csharp_api 
+     * @brief A base object for SSLServer/SSLClient.
+     */
+    public class SSLCTX
+    {
+        /**
+         * @brief A reference to the real client/server context.
+         */
+        protected IntPtr m_ctx;
+
+        /**
+         * @brief Establish a new client/server context.
+         *
+         * This function is called before any client/server SSL connections are 
+         * made.  If multiple threads are used, then each thread will have its 
+         * own SSLCTX context. Any number of connections may be made with a 
+         * single context. 
+         *
+         * Each new connection will use the this context's private key and 
+         * certificate chain. If a different certificate chain is required, 
+         * then a different context needs to be be used.
+         *
+         * @param options [in]  Any particular options. At present the options
+         * supported are:
+         * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if 
+         * the server authentication fails. The certificate can be 
+         * authenticated later with a call to VerifyCert().
+         * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client 
+         * authentication i.e. each handshake will include a "certificate 
+         * request" message from the server.
+         * - SSL_DISPLAY_BYTES (full mode build only): Display the byte 
+         * sequences during the handshake.
+         * - SSL_DISPLAY_STATES (full mode build only): Display the state 
+         * changes during the handshake.
+         * - SSL_DISPLAY_CERTS (full mode build only): Display the 
+         * certificates that are passed during a handshake.
+         * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key 
+         * details that are passed during a handshake.
+         * @param num_sessions [in] The number of sessions to be used for 
+         * session caching. If this value is 0, then there is no session 
+         * caching.
+         * @return A client/server context.
+         */
+        protected SSLCTX(uint options, int num_sessions)
+        {
+            m_ctx = axtls.ssl_ctx_new(options, num_sessions);
+        }
+
+        /**
+         * @brief Remove a client/server context.
+         *
+         * Frees any used resources used by this context. Each connection will 
+         * be sent a "Close Notify" alert (if possible).
+         */
+        public void Dispose()
+        {
+            axtls.ssl_ctx_free(m_ctx);
+        }
+
+        /**
+         * @brief Read the SSL data stream.
+         * @param ssl [in] An SSL object reference.
+         * @param in_data [out] After a successful read, the decrypted data 
+         * will be here. It will be null otherwise.
+         * @return The number of decrypted bytes:
+         * - if > 0, then the handshaking is complete and we are returning the 
+         * number of decrypted bytes. 
+         * - SSL_OK if the handshaking stage is successful (but not yet 
+         * complete).  
+         * - < 0 if an error.
+         * @see ssl.h for the error code list.
+         * @note Use in_data before doing any successive ssl calls.
+         */
+        public int Read(SSL ssl, out byte[] in_data)
+        {
+            IntPtr ptr = IntPtr.Zero;
+            int ret = axtls.ssl_read(ssl.m_ssl, ref ptr);
+
+            if (ret > axtls.SSL_OK)
+            {
+                in_data = new byte[ret];
+                Marshal.Copy(ptr, in_data, 0, ret);
+            }
+            else
+            {
+                in_data = null;
+            }
+
+            return ret;
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_data.Length);
+        }
+
+        /**
+         * @brief Write to the SSL data stream.
+         * @param ssl [in] An SSL obect reference.
+         * @param out_data [in] The data to be written
+         * @param out_len [in] The number of bytes to be written
+         * @return The number of bytes sent, or if < 0 if an error.
+         * @see ssl.h for the error code list.
+         */
+        public int Write(SSL ssl, byte[] out_data, int out_len)
+        {
+            return axtls.ssl_write(ssl.m_ssl, out_data, out_len);
+        }
+
+        /**
+         * @brief Find an ssl object based on a Socket reference.
+         *
+         * Goes through the list of SSL objects maintained in a client/server 
+         * context to look for a socket match.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return A reference to the SSL object. Returns null if the object 
+         * could not be found.
+         */
+        public SSL Find(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.  ssl_find(m_ctx, client_fd));
+        }
+
+        /**
+         * @brief Authenticate a received certificate.
+         * 
+         * This call is usually made by a client after a handshake is complete 
+         * and the context is in SSL_SERVER_VERIFY_LATER mode.
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if the certificate is verified.
+         */
+        public int VerifyCert(SSL ssl)
+        {
+            return axtls.ssl_verify_cert(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Force the client to perform its handshake again.
+         *
+         * For a client this involves sending another "client hello" message.
+         * For the server is means sending a "hello request" message.
+         *
+         * This is a blocking call on the client (until the handshake 
+         * completes).
+         * @param ssl [in] An SSL object reference.
+         * @return SSL_OK if renegotiation instantiation was ok
+         */
+        public int Renegotiate(SSL ssl)
+        {
+            return axtls.ssl_renegotiate(ssl.m_ssl);
+        }
+
+        /**
+         * @brief Load a file into memory that is in binary DER or ASCII PEM 
+         * format.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the file. Can be one of:
+         * - SSL_OBJ_X509_CERT (no password required)
+         * - SSL_OBJ_X509_CACERT (no password required)
+         * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+         * - SSL_OBJ_P8 (RC4-128 encrypted data supported)
+         * - SSL_OBJ_P12 (RC4-128 encrypted data supported)
+         *
+         * PEM files are automatically detected (if supported).
+         * @param filename [in] The location of a file in DER/PEM format.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, string filename, string password)
+        {
+            return axtls.ssl_obj_load(m_ctx, obj_type, filename, password);
+        }
+
+        /**
+         * @brief Transfer binary data into the object loader.
+         *
+         * These are temporary objects that are used to load private keys,
+         * certificates etc into memory.
+         * @param obj_type [in] The format of the memory data.
+         * @param data [in] The binary data to be loaded.
+         * @param len [in] The amount of data to be loaded.
+         * @param password [in] The password used. Can be null if not required.
+         * @return SSL_OK if all ok
+         */
+        public int ObjLoad(int obj_type, byte[] data, int len, string password)
+        {
+            return axtls.ssl_obj_memory_load(m_ctx, obj_type, 
+                                            data, len, password);
+        }
+    }
+
+    /**
+     * @class SSLServer
+     * @ingroup csharp_api 
+     * @brief The server context.
+     *
+     * All server connections are started within a server context.
+     */
+    public class SSLServer : SSLCTX
+    {
+        /**
+         * @brief Start a new server context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLServer(uint options, int num_sessions) :
+                            base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL client.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @return An SSL object reference.
+         */
+        public SSL Connect(Socket s)
+        {
+            int client_fd = s.Handle.ToInt32();
+            return new SSL(axtls.ssl_server_new(m_ctx, client_fd));
+        }
+    }
+
+    /**
+     * @class SSLClient
+     * @ingroup csharp_api
+     * @brief The client context.
+     *
+     * All client connections are started within a client context.
+     */
+    public class SSLClient : SSLCTX
+    {
+        /**
+         * @brief Start a new client context.
+         * 
+         * @see SSLCTX for details.
+         */
+        public SSLClient(uint options, int num_sessions) :
+                        base(options, num_sessions) {}
+
+        /**
+         * @brief Establish a new SSL connection to an SSL server.
+         *
+         * It is up to the application to establish the initial socket 
+         * connection.
+         *
+         * This is a blocking call - it will finish when the handshake is 
+         * complete (or has failed).
+         *
+         * Call Dispose() when the connection is to be removed.
+         * @param s [in] A reference to a <A HREF="http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnetsocketssocketclasstopic.asp">Socket</A> object.
+         * @param session_id [in] A 32 byte session id for session resumption. 
+         * This can be null if no session resumption is not required.
+         * @return An SSL object reference. Use SSL.handshakeStatus() to check 
+         * if a handshake succeeded.
+         */
+        public SSL Connect(Socket s, byte[] session_id)
+        {
+            int client_fd = s.Handle.ToInt32();
+            byte sess_id_size = (byte)(session_id != null ? 
+                                session_id.Length : 0);
+            return new SSL(axtls.ssl_client_new(m_ctx, client_fd, session_id,
+                        sess_id_size));
+        }
+    }
+}
+/** @} */
diff --git a/bindings/generate_SWIG_interface.pl b/bindings/generate_SWIG_interface.pl
new file mode 100755
index 0000000000..90c4ba3bef
--- /dev/null
+++ b/bindings/generate_SWIG_interface.pl
@@ -0,0 +1,392 @@
+#!/usr/bin/perl
+
+#
+# Copyright (c) 2007, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#===============================================================
+# Transforms function signature into SWIG format
+sub transformSignature
+{
+    foreach $item (@_)
+    { 
+        $line =~ s/STDCALL //g;
+        $line =~ s/EXP_FUNC/extern/g;
+
+        # make API Java more 'byte' friendly
+        $line =~ s/uint32_t/int/g;
+        $line =~ s/const uint8_t \* /const unsigned char \* /g;
+        $line =~ s/\(void\)/()/g;
+        if ($ARGV[0] eq "-java")
+        {
+            $line =~ s/.*ssl_read.*//g;
+            $line =~ s/const uint8_t \*(\w+)/const signed char $1\[\]/g;
+            $line =~ s/uint8_t/signed char/g;
+        }
+        elsif ($ARGV[0] eq "-perl")
+        {
+            $line =~ s/const uint8_t \*(\w+)/const unsigned char $1\[\]/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+        else # lua
+        {
+            $line =~ s/const uint8_t \*session_id/const unsigned char session_id\[\]/g;
+            $line =~ s/const uint8_t \*\w+/unsigned char *INPUT/g;
+            $line =~ s/uint8_t/unsigned char/g;
+        }
+    }
+
+    return $line;
+}
+
+# Parse input file
+sub parseFile
+{
+    foreach $line (@_)
+    {
+        next if $line =~ /ssl_x509_create/; # ignore for now
+
+        # test for a #define
+        if (!$skip && $line =~ m/^#define/)
+        {
+            $splitDefine = 1 if $line =~ m/\\$/;
+            print DATA_OUT $line;
+
+            # check line is not split
+            next if $splitDefine == 1;
+        }
+
+        # pick up second line of #define statement
+        if ($splitDefine) 
+        {
+            print DATA_OUT $line;
+
+            # check line is not split
+            $splitDefine = ($line =~ m/\\$/);
+            next;
+        } 
+
+        # test for function declaration
+        if (!$skip && $line =~ /EXP_FUNC/ && $line !~/\/\*/)
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+
+        if ($splitFunctionDeclaration) 
+        {
+            $line = transformSignature($line);
+            $splitFunctionDeclaration = $line !~ /;/;
+            print DATA_OUT $line;
+            next;
+        }
+    }
+}
+
+#===============================================================
+
+# Determine which module to build from cammand-line options
+use strict;
+use Getopt::Std;
+
+my $module;
+my $interfaceFile;
+my $data_file;
+my $skip;
+my $splitLine;
+my @raw_data;
+
+if (not defined  $ARGV[0])
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+if ($ARGV[0] eq "-java")
+{
+    print "Generating Java interface file\n";
+    $module = "axtlsj";
+    $interfaceFile = "java/axTLSj.i";
+}
+elsif ($ARGV[0] eq "-perl")
+{
+    print "Generating Perl interface file\n";
+    $module = "axtlsp";
+    $interfaceFile = "perl/axTLSp.i";
+}
+elsif ($ARGV[0] eq "-lua")
+{
+    print "Generating lua interface file\n";
+    $module = "axtlsl";
+    $interfaceFile = "lua/axTLSl.i";
+}
+else
+{
+    die "Usage: $0 [-java | -perl | -lua]\n";
+}
+
+# Input file required to generate SWIG interface file.
+$data_file = "../ssl/ssl.h";
+
+# Open input files
+open(DATA_IN, $data_file) || die("Could not open file ($data_file)!");
+@raw_data = <DATA_IN>;
+
+# Open output file
+open(DATA_OUT, ">$interfaceFile") || die("Cannot Open File");
+
+#
+# I wish I could say it was easy to generate the Perl/Java/Lua bindings, 
+# but each had their own set of challenges... :-(.
+#
+print DATA_OUT << "END";
+%module $module\n
+
+/* include our own header */
+%inline %{
+#include "ssl.h"
+%}
+
+%include "typemaps.i"
+/* Some SWIG magic to make the API a bit more Java friendly */
+#ifdef SWIGJAVA
+
+%apply long { SSL * };
+%apply long { SSL_CTX * };
+%apply long { SSLObjLoader * };
+
+/* allow "unsigned char []" to become "byte[]" */
+%include "arrays_java.i"
+
+/* convert these pointers to use long */
+%apply signed char[] {unsigned char *};
+%apply signed char[] {signed char *};
+
+/* allow ssl_get_session_id() to return "byte[]" */
+%typemap(out) unsigned char * ssl_get_session_id \"if (result) jresult = SWIG_JavaArrayOutSchar(jenv, result, ssl_get_session_id_size((SSL const *)arg1));\"
+
+/* allow ssl_client_new() to have a null session_id input */
+%typemap(in) const signed char session_id[] (jbyte *jarr) {
+    if (jarg3 == NULL)
+    {
+        jresult = (jint)ssl_client_new(arg1,arg2,NULL,0);
+        return jresult;
+    }
+    
+    if (!SWIG_JavaArrayInSchar(jenv, &jarr, &arg3, jarg3)) return 0;
+}   
+
+/* Lot's of work required for an ssl_read() due to its various custom
+ * requirements.
+ */
+%native (ssl_read) int ssl_read(SSL *ssl, jobject in_data);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_ssl_1read(JNIEnv *jenv, jclass jcls, jint jarg1, jobject jarg2) {
+    jint jresult = 0 ;
+    SSL *arg1;
+    unsigned char *arg2;
+    jbyte *jarr;
+    int result;
+    JNIEnv e = *jenv;
+    jclass holder_class;
+    jfieldID fid;
+
+    arg1 = (SSL *)jarg1;
+    result = (int)ssl_read(arg1, &arg2);
+
+    /* find the "m_buf" entry in the SSLReadHolder class */
+    if (!(holder_class = e->GetObjectClass(jenv,jarg2)) ||
+            !(fid = e->GetFieldID(jenv,holder_class, "m_buf", "[B")))
+        return SSL_NOT_OK;
+
+    if (result > SSL_OK)
+    {
+        int i;
+
+        /* create a new byte array to hold the read data */
+        jbyteArray jarray = e->NewByteArray(jenv, result);
+
+        /* copy the bytes across to the java byte array */
+        jarr = e->GetByteArrayElements(jenv, jarray, 0);
+        for (i = 0; i < result; i++)
+            jarr[i] = (jbyte)arg2[i];
+
+        /* clean up and set the new m_buf object */
+        e->ReleaseByteArrayElements(jenv, jarray, jarr, 0);
+        e->SetObjectField(jenv, jarg2, fid, jarray);
+    }
+    else    /* set to null */
+        e->SetObjectField(jenv, jarg2, fid, NULL);
+
+    jresult = (jint)result;
+    return jresult;
+}
+%}
+
+/* Big hack to get hold of a socket's file descriptor */
+%typemap (jtype) long "Object"
+%typemap (jstype) long "Object"
+%native (getFd) int getFd(long sock);
+%{
+JNIEXPORT jint JNICALL Java_axTLSj_axtlsjJNI_getFd(JNIEnv *env, jclass jcls, jobject sock)
+{
+    JNIEnv e = *env;
+    jfieldID fid;
+    jobject impl;
+    jobject fdesc;
+
+    /* get the SocketImpl from the Socket */
+    if (!(jcls = e->GetObjectClass(env,sock)) ||
+            !(fid = e->GetFieldID(env,jcls,"impl","Ljava/net/SocketImpl;")) ||
+            !(impl = e->GetObjectField(env,sock,fid))) return -1;
+
+    /* get the FileDescriptor from the SocketImpl */
+    if (!(jcls = e->GetObjectClass(env,impl)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","Ljava/io/FileDescriptor;")) ||
+            !(fdesc = e->GetObjectField(env,impl,fid))) return -1;
+
+    /* get the fd from the FileDescriptor */
+    if (!(jcls = e->GetObjectClass(env,fdesc)) ||
+            !(fid = e->GetFieldID(env,jcls,"fd","I"))) return -1;
+
+    /* return the descriptor */
+    return e->GetIntField(env,fdesc,fid);
+} 
+%}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Perl friendly */
+#ifdef SWIGPERL
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    SV *svs = newSVpv((unsigned char *)\$1, ssl_get_session_id_size((SSL const *)arg1));
+    \$result = newRV(svs);
+    sv_2mortal(\$result);
+    argvi++;
+}
+
+/* for ssl_write() */
+%typemap(in) const unsigned char out_data[] {
+    SV* tempsv;
+    if (!SvROK(\$input))
+        croak("Argument \$argnum is not a reference.");
+    tempsv = SvRV(\$input);
+    if (SvTYPE(tempsv) != SVt_PV)
+        croak("Argument \$argnum is not an string.");
+    \$1 = (unsigned char *)SvPV(tempsv, PL_na);
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+        SV *svs = newSVpv(*\$1, result);
+        \$result = newRV(svs);
+        sv_2mortal(\$result);
+        argvi++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    /* check for a reference */
+    if (SvOK(\$input) && SvROK(\$input)) {
+        SV* tempsv = SvRV(\$input);
+        if (SvTYPE(tempsv) != SVt_PV)
+            croak("Argument \$argnum is not an string.");
+        \$1 = (unsigned char *)SvPV(tempsv, PL_na); 
+    } 
+    else
+        \$1 = NULL;
+}
+
+#endif
+
+/* Some SWIG magic to make the API a bit more Lua friendly */
+#ifdef SWIGLUA
+SWIG_NUMBER_TYPEMAP(unsigned char);
+SWIG_TYPEMAP_NUM_ARR(uchar,unsigned char);
+
+/* for ssl_session_id() */
+%typemap(out) const unsigned char * {
+    int i;
+    lua_newtable(L);
+    for (i = 0; i < ssl_get_session_id_size((SSL const *)arg1); i++){
+        lua_pushnumber(L,(lua_Number)result[i]);
+        lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+    }
+    SWIG_arg++;
+}
+
+/* for ssl_read() */
+%typemap(in) unsigned char **in_data (unsigned char *buf) {
+    \$1 = &buf;
+}
+
+%typemap(argout) unsigned char **in_data { 
+    if (result > SSL_OK) {
+		int i;
+		lua_newtable(L);
+		for (i = 0; i < result; i++){
+			lua_pushnumber(L,(lua_Number)buf2[i]);
+			lua_rawseti(L,-2,i+1); /* -1 is the number, -2 is the table */
+		}
+        SWIG_arg++;
+    }
+}
+
+/* for ssl_client_new() */
+%typemap(in) const unsigned char session_id[] {
+    if (lua_isnil(L,\$input))
+        \$1 = NULL;
+    else
+        \$1 = SWIG_get_uchar_num_array_fixed(L,\$input, ssl_get_session_id((SSL const *)\$1));
+}
+
+#endif
+
+END
+
+# Initialise loop variables
+$skip = 1;
+$splitLine = 0;
+
+parseFile(@raw_data);
+
+close(DATA_IN);
+close(DATA_OUT);
+
+#===============================================================
+
diff --git a/bindings/java/SSL.java b/bindings/java/SSL.java
new file mode 100644
index 0000000000..e0400b6016
--- /dev/null
+++ b/bindings/java/SSL.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * A wrapper around the unmanaged interface to give a semi-decent Java API
+ */
+
+package axTLSj;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * @defgroup java_api Java API.
+ *
+ * Ensure that the appropriate dispose() methods are called when finished with
+ * various objects - otherwise memory leaks will result.
+ */
+
+/**
+ * @class SSL
+ * @ingroup java_api 
+ * @brief A representation of an SSL connection.
+ *
+ */
+public class SSL
+{
+    public int m_ssl;    /**< A pointer to the real SSL type */
+
+    /**
+     * @brief Store the reference to an SSL context.
+     * @param ip [in] A reference to an SSL object.
+     */
+    public SSL(int ip)
+    {
+        m_ssl = ip;
+    }
+
+    /**
+     * @brief Free any used resources on this connection. 
+     * 
+     * A "Close Notify" message is sent on this connection (if possible). It 
+     * is up to the application to close the socket.
+     */
+    public void dispose()
+    {
+        axtlsj.ssl_free(m_ssl);
+    }
+
+    /**
+     * @brief Return the result of a handshake.
+     * @return SSL_OK if the handshake is complete and ok.
+     * @see ssl.h for the error code list.
+     */
+    public int handshakeStatus()
+    {
+        return axtlsj.ssl_handshake_status(m_ssl);
+    }
+
+    /**
+     * @brief Return the SSL cipher id.
+     * @return The cipher id which is one of:
+     * - SSL_AES128_SHA (0x2f)
+     * - SSL_AES256_SHA (0x35)
+     * - SSL_AES128_SHA256 (0x3c)
+     * - SSL_AES256_SHA256 (0x3d)
+     */
+    public byte getCipherId()
+    {
+        return axtlsj.ssl_get_cipher_id(m_ssl);
+    }
+
+    /**
+     * @brief Get the session id for a handshake. 
+     * 
+     * This will be a 32 byte sequence and is available after the first
+     * handshaking messages are sent.
+     * @return The session id as a 32 byte sequence.
+     * @note A SSLv23 handshake may have only 16 valid bytes.
+     */
+    public byte[] getSessionId()
+    {
+        return axtlsj.ssl_get_session_id(m_ssl);
+    }
+
+    /**
+     * @brief Retrieve an X.509 distinguished name component.
+     * 
+     * When a handshake is complete and a certificate has been exchanged, 
+     * then the details of the remote certificate can be retrieved.
+     *
+     * This will usually be used by a client to check that the server's common 
+     * name matches the URL.
+     *
+     * A full handshake needs to occur for this call to work.
+     *
+     * @param component [in] one of:
+     * - SSL_X509_CERT_COMMON_NAME
+     * - SSL_X509_CERT_ORGANIZATION
+     * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+     * - SSL_X509_CA_CERT_COMMON_NAME
+     * - SSL_X509_CA_CERT_ORGANIZATION
+     * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+     * @return The appropriate string (or null if not defined)
+     */
+    public String getCertificateDN(int component)
+    {
+        return axtlsj.ssl_get_cert_dn(m_ssl, component);
+    }
+}
diff --git a/compat b/compat
new file mode 160000
index 0000000000..bc2bf7b61b
--- /dev/null
+++ b/compat
@@ -0,0 +1 @@
+Subproject commit bc2bf7b61b9295b07d2fd9b5a9bb7824b1677c85
diff --git a/config/makefile.conf b/config/makefile.conf
new file mode 100644
index 0000000000..702abfd238
--- /dev/null
+++ b/config/makefile.conf
@@ -0,0 +1,134 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# A standard makefile for all makefiles
+#
+
+# All executables and libraries go here
+STAGE=./_stage
+
+ifneq ($(MAKECMDGOALS), clean)
+
+# Give an initial rule
+all: 
+
+# Win32 
+ifdef CONFIG_PLATFORM_WIN32
+
+ifdef CONFIG_VISUAL_STUDIO_7_0
+CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_7_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\include;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_7_0_BASE)\vc7\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/vc7/bin:$(CONFIG_VISUAL_STUDIO_7_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_8_0
+CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_8_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\platformsdk\lib;$(CONFIG_VISUAL_STUDIO_8_0_BASE)\vc\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_8_0_BASE_UNIX)/common7/ide:$(PATH)
+endif
+ifdef CONFIG_VISUAL_STUDIO_10_0
+CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX:=$(shell cygpath -u $(CONFIG_VISUAL_STUDIO_10_0_BASE))
+export INCLUDE=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\include;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\include")
+export LIB=$(shell echo "$(CONFIG_VISUAL_STUDIO_10_0_BASE)\vc\lib;$(CONFIG_VISUAL_STUDIO_10_0_BASE)\..\Microsoft SDKs\Windows\v7.0A\lib")
+PATH:=$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/vc/bin:$(CONFIG_VISUAL_STUDIO_10_0_BASE_UNIX)/common7/ide:$(PATH)
+stuff:
+	@echo $(INCLUDE)
+endif
+
+CC=cl.exe
+LD=link.exe
+AXTLS_INCLUDE=$(shell cygpath -w $(AXTLS_HOME))
+CFLAGS+=/nologo /W3 /D"WIN32" /D"_MBCS" /D"_CONSOLE" /D"_CRT_SECURE_NO_DEPRECATE" /FD /I"$(AXTLS_INCLUDE)crypto" /I"$(AXTLS_INCLUDE)ssl" /I"$(AXTLS_INCLUDE)config" /c 
+LDFLAGS=/nologo /subsystem:console /machine:I386
+LDSHARED = /dll
+AR=lib /nologo
+
+ifdef CONFIG_DEBUG
+	CFLAGS += /Gm /Zi /Od /D "_DEBUG"
+	LDFLAGS += /debug /incremental:yes 
+else
+	CFLAGS += /O2 /D "NDEBUG"
+	LDFLAGS += /incremental:no 
+endif
+
+else    # Not Win32
+
+-include .depend
+
+CFLAGS += -I$(AXTLS_HOME)/config -I$(AXTLS_HOME)/ssl -I$(AXTLS_HOME)/crypto
+LD=$(CC)
+STRIP=$(CROSS)strip
+
+# Solaris
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -DCONFIG_PLATFORM_SOLARIS
+LDFLAGS += -lsocket -lnsl -lc
+LDSHARED = -G
+# Linux/Cygwin
+else 
+CFLAGS += -Wall -Wstrict-prototypes -Wshadow
+LDSHARED = -shared
+
+# Linux
+ifndef CONFIG_PLATFORM_CYGWIN
+ifndef CONFIG_PLATFORM_NOMMU
+CFLAGS += -fPIC 
+
+# Cygwin
+else
+CFLAGS += -DCONFIG_PLATFORM_CYGWIN
+LDFLAGS += -enable-auto-import
+endif
+endif
+endif
+
+ifdef CONFIG_DEBUG
+CFLAGS += -g
+else
+LDFLAGS += -s
+ifdef CONFIG_PLATFORM_SOLARIS
+CFLAGS += -O 
+else
+CFLAGS += -O3
+endif
+
+endif	# CONFIG_DEBUG
+endif   # WIN32
+
+CFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_CFLAGS_OPTIONS)))
+LDFLAGS+=$(subst ",, $(strip $(CONFIG_EXTRA_LDFLAGS_OPTIONS)))
+
+endif   # not 'clean'
+
+clean::
+	-@rm -f *.o *.obj core* *.out *~ \.depend vc*0* 
+
diff --git a/crypto/aes.c b/crypto/aes.c
new file mode 100644
index 0000000000..af6bd98b7a
--- /dev/null
+++ b/crypto/aes.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * AES implementation - this is a small code version. There are much faster
+ * versions around but they are much larger in size (i.e. they use large 
+ * submix tables).
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+#define rot1(x) (((x) << 24) | ((x) >> 8))
+#define rot2(x) (((x) << 16) | ((x) >> 16))
+#define rot3(x) (((x) <<  8) | ((x) >> 24))
+
+/* 
+ * This cute trick does 4 'mul by two' at once.  Stolen from
+ * Dr B. R. Gladman <brg@gladman.uk.net> but I'm sure the u-(u>>7) is
+ * a standard graphics trick
+ * The key to this is that we need to xor with 0x1b if the top bit is set.
+ * a 1xxx xxxx   0xxx 0xxx First we mask the 7bit,
+ * b 1000 0000   0000 0000 then we shift right by 7 putting the 7bit in 0bit,
+ * c 0000 0001   0000 0000 we then subtract (c) from (b)
+ * d 0111 1111   0000 0000 and now we and with our mask
+ * e 0001 1011   0000 0000
+ */
+#define mt  0x80808080
+#define ml  0x7f7f7f7f
+#define mh  0xfefefefe
+#define mm  0x1b1b1b1b
+#define mul2(x,t)	((t)=((x)&mt), \
+			((((x)+(x))&mh)^(((t)-((t)>>7))&mm)))
+
+#define inv_mix_col(x,f2,f4,f8,f9) (\
+			(f2)=mul2(x,f2), \
+			(f4)=mul2(f2,f4), \
+			(f8)=mul2(f4,f8), \
+			(f9)=(x)^(f8), \
+			(f8)=((f2)^(f4)^(f8)), \
+			(f2)^=(f9), \
+			(f4)^=(f9), \
+			(f8)^=rot3(f2), \
+			(f8)^=rot2(f4), \
+			(f8)^rot1(f9))
+
+/*
+ * AES S-box
+ */
+static const uint8_t aes_sbox[256] PROGMEM =
+{
+	0x63,0x7C,0x77,0x7B,0xF2,0x6B,0x6F,0xC5,
+	0x30,0x01,0x67,0x2B,0xFE,0xD7,0xAB,0x76,
+	0xCA,0x82,0xC9,0x7D,0xFA,0x59,0x47,0xF0,
+	0xAD,0xD4,0xA2,0xAF,0x9C,0xA4,0x72,0xC0,
+	0xB7,0xFD,0x93,0x26,0x36,0x3F,0xF7,0xCC,
+	0x34,0xA5,0xE5,0xF1,0x71,0xD8,0x31,0x15,
+	0x04,0xC7,0x23,0xC3,0x18,0x96,0x05,0x9A,
+	0x07,0x12,0x80,0xE2,0xEB,0x27,0xB2,0x75,
+	0x09,0x83,0x2C,0x1A,0x1B,0x6E,0x5A,0xA0,
+	0x52,0x3B,0xD6,0xB3,0x29,0xE3,0x2F,0x84,
+	0x53,0xD1,0x00,0xED,0x20,0xFC,0xB1,0x5B,
+	0x6A,0xCB,0xBE,0x39,0x4A,0x4C,0x58,0xCF,
+	0xD0,0xEF,0xAA,0xFB,0x43,0x4D,0x33,0x85,
+	0x45,0xF9,0x02,0x7F,0x50,0x3C,0x9F,0xA8,
+	0x51,0xA3,0x40,0x8F,0x92,0x9D,0x38,0xF5,
+	0xBC,0xB6,0xDA,0x21,0x10,0xFF,0xF3,0xD2,
+	0xCD,0x0C,0x13,0xEC,0x5F,0x97,0x44,0x17,
+	0xC4,0xA7,0x7E,0x3D,0x64,0x5D,0x19,0x73,
+	0x60,0x81,0x4F,0xDC,0x22,0x2A,0x90,0x88,
+	0x46,0xEE,0xB8,0x14,0xDE,0x5E,0x0B,0xDB,
+	0xE0,0x32,0x3A,0x0A,0x49,0x06,0x24,0x5C,
+	0xC2,0xD3,0xAC,0x62,0x91,0x95,0xE4,0x79,
+	0xE7,0xC8,0x37,0x6D,0x8D,0xD5,0x4E,0xA9,
+	0x6C,0x56,0xF4,0xEA,0x65,0x7A,0xAE,0x08,
+	0xBA,0x78,0x25,0x2E,0x1C,0xA6,0xB4,0xC6,
+	0xE8,0xDD,0x74,0x1F,0x4B,0xBD,0x8B,0x8A,
+	0x70,0x3E,0xB5,0x66,0x48,0x03,0xF6,0x0E,
+	0x61,0x35,0x57,0xB9,0x86,0xC1,0x1D,0x9E,
+	0xE1,0xF8,0x98,0x11,0x69,0xD9,0x8E,0x94,
+	0x9B,0x1E,0x87,0xE9,0xCE,0x55,0x28,0xDF,
+	0x8C,0xA1,0x89,0x0D,0xBF,0xE6,0x42,0x68,
+	0x41,0x99,0x2D,0x0F,0xB0,0x54,0xBB,0x16,
+};
+
+/*
+ * AES is-box
+ */
+static const uint8_t aes_isbox[256] PROGMEM = 
+{
+    0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+    0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+    0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+    0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+    0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+    0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+    0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+    0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+    0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+    0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+    0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+    0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+    0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+    0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+    0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+    0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+    0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+    0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+    0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+    0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+    0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+    0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+    0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+    0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+    0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+    0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+    0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+    0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+    0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+    0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+    0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+    0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+};
+
+static const unsigned char Rcon[30]=
+{
+	0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,
+	0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f,
+	0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4,
+	0xb3,0x7d,0xfa,0xef,0xc5,0x91,
+};
+
+/* ----- static functions ----- */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
+
+/* Perform doubling in Galois Field GF(2^8) using the irreducible polynomial
+   x^8+x^4+x^3+x+1 */
+static unsigned char AES_xtime(uint32_t x)
+{
+	return (x&0x80) ? (x<<1)^0x1b : x<<1;
+}
+
+/**
+ * Set up AES with the key/iv and cipher size.
+ */
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode)
+{
+    int i, ii;
+    uint32_t *W, tmp, tmp2;
+    const unsigned char *ip;
+    int words;
+
+    switch (mode)
+    {
+        case AES_MODE_128:
+            i = 10;
+            words = 4;
+            break;
+
+        case AES_MODE_256:
+            i = 14;
+            words = 8;
+            break;
+
+        default:        /* fail silently */
+            return;
+    }
+
+    ctx->rounds = i;
+    ctx->key_size = words;
+    W = ctx->ks;
+    for (i = 0; i < words; i+=2)
+    {
+        W[i+0]=	((uint32_t)key[ 0]<<24)|
+            ((uint32_t)key[ 1]<<16)|
+            ((uint32_t)key[ 2]<< 8)|
+            ((uint32_t)key[ 3]    );
+        W[i+1]=	((uint32_t)key[ 4]<<24)|
+            ((uint32_t)key[ 5]<<16)|
+            ((uint32_t)key[ 6]<< 8)|
+            ((uint32_t)key[ 7]    );
+        key += 8;
+    }
+
+    ip = Rcon;
+    ii = 4 * (ctx->rounds+1);
+    for (i = words; i<ii; i++)
+    {
+        tmp = W[i-1];
+
+        if ((i % words) == 0)
+        {
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<24;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)));
+            tmp=tmp2^(((unsigned int)*ip)<<24);
+            ip++;
+        }
+
+        if ((words == 8) && ((i % words) == 4))
+        {
+            tmp2 =(uint32_t)(ax_array_read_u8(aes_sbox, (tmp    )&0xff))    ;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>> 8)&0xff))<< 8;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>16)&0xff))<<16;
+            tmp2|=(uint32_t)(ax_array_read_u8(aes_sbox, (tmp>>24)     ))<<24;
+            tmp=tmp2;
+        }
+
+        W[i]=W[i-words]^tmp;
+    }
+
+    /* copy the iv across */
+    memcpy(ctx->iv, iv, 16);
+}
+
+/**
+ * Change a key for decryption.
+ */
+void AES_convert_key(AES_CTX *ctx)
+{
+    int i;
+    uint32_t *k,w,t1,t2,t3,t4;
+
+    k = ctx->ks;
+    k += 4;
+
+    for (i= ctx->rounds*4; i > 4; i--)
+    {
+        w= *k;
+        w = inv_mix_col(w,t1,t2,t3,t4);
+        *k++ =w;
+    }
+}
+
+/**
+ * Encrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], tout[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        tout[i] = ntohl(iv[i]);
+
+    for (length -= AES_BLOCKSIZE; length >= 0; length -= AES_BLOCKSIZE)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+            tin[i] = ntohl(msg_32[i])^tout[i];
+
+        AES_encrypt(ctx, tin);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = tin[i]; 
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(tout[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Decrypt a byte sequence (with a block size 16) using the AES cipher.
+ */
+void AES_cbc_decrypt(AES_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{
+    int i;
+    uint32_t tin[4], xor[4], tout[4], data[4], iv[4];
+
+    memcpy(iv, ctx->iv, AES_IV_SIZE);
+    for (i = 0; i < 4; i++)
+        xor[i] = ntohl(iv[i]);
+
+    for (length -= 16; length >= 0; length -= 16)
+    {
+        uint32_t msg_32[4];
+        uint32_t out_32[4];
+        memcpy(msg_32, msg, AES_BLOCKSIZE);
+        msg += AES_BLOCKSIZE;
+
+        for (i = 0; i < 4; i++)
+        {
+            tin[i] = ntohl(msg_32[i]);
+            data[i] = tin[i];
+        }
+
+        AES_decrypt(ctx, data);
+
+        for (i = 0; i < 4; i++)
+        {
+            tout[i] = data[i]^xor[i];
+            xor[i] = tin[i];
+            out_32[i] = htonl(tout[i]);
+        }
+
+        memcpy(out, out_32, AES_BLOCKSIZE);
+        out += AES_BLOCKSIZE;
+    }
+
+    for (i = 0; i < 4; i++)
+        iv[i] = htonl(xor[i]);
+    memcpy(ctx->iv, iv, AES_IV_SIZE);
+}
+
+/**
+ * Encrypt a single block (16 bytes) of data
+ */
+static void AES_encrypt(const AES_CTX *ctx, uint32_t *data)
+{
+    /* To make this code smaller, generate the sbox entries on the fly.
+     * This will have a really heavy effect upon performance.
+     */
+    uint32_t tmp[4];
+    uint32_t tmp1, old_a0, a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds; 
+    const uint32_t *k = ctx->ks;
+
+    /* Pre-round key addition */
+    for (row = 0; row < 4; row++)
+        data[row] ^= *(k++);
+
+    /* Encrypt one block. */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 0; row < 4; row++)
+        {
+            a0 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[row%4]>>24)&0xFF));
+            a1 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+1)%4]>>16)&0xFF));
+            a2 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+2)%4]>>8)&0xFF));
+            a3 = (uint32_t)(ax_array_read_u8(aes_sbox, (data[(row+3)%4])&0xFF));
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd < (rounds - 1))
+            {
+                tmp1 = a0 ^ a1 ^ a2 ^ a3;
+                old_a0 = a0;
+                a0 ^= tmp1 ^ AES_xtime(a0 ^ a1);
+                a1 ^= tmp1 ^ AES_xtime(a1 ^ a2);
+                a2 ^= tmp1 ^ AES_xtime(a2 ^ a3);
+                a3 ^= tmp1 ^ AES_xtime(a3 ^ old_a0);
+            }
+
+            tmp[row] = ((a0 << 24) | (a1 << 16) | (a2 << 8) | a3);
+        }
+
+        /* KeyAddition - note that it is vital that this loop is separate from
+           the MixColumn operation, which must be atomic...*/ 
+        for (row = 0; row < 4; row++)
+            data[row] = tmp[row] ^ *(k++);
+    }
+}
+
+/**
+ * Decrypt a single block (16 bytes) of data
+ */
+static void AES_decrypt(const AES_CTX *ctx, uint32_t *data)
+{ 
+    uint32_t tmp[4];
+    uint32_t xt0,xt1,xt2,xt3,xt4,xt5,xt6;
+    uint32_t a0, a1, a2, a3, row;
+    int curr_rnd;
+    int rounds = ctx->rounds;
+    const uint32_t *k = ctx->ks + ((rounds+1)*4);
+
+    /* pre-round key addition */
+    for (row=4; row > 0;row--)
+        data[row-1] ^= *(--k);
+
+    /* Decrypt one block */
+    for (curr_rnd = 0; curr_rnd < rounds; curr_rnd++)
+    {
+        /* Perform ByteSub and ShiftRow operations together */
+        for (row = 4; row > 0; row--)
+        {
+            a0 = ax_array_read_u8(aes_isbox, (data[(row+3)%4]>>24)&0xFF);
+            a1 = ax_array_read_u8(aes_isbox, (data[(row+2)%4]>>16)&0xFF);
+            a2 = ax_array_read_u8(aes_isbox, (data[(row+1)%4]>>8)&0xFF);
+            a3 = ax_array_read_u8(aes_isbox, (data[row%4])&0xFF);
+
+            /* Perform MixColumn iff not last round */
+            if (curr_rnd<(rounds-1))
+            {
+                /* The MDS cofefficients (0x09, 0x0B, 0x0D, 0x0E)
+                   are quite large compared to encryption; this 
+                   operation slows decryption down noticeably. */
+                xt0 = AES_xtime(a0^a1);
+                xt1 = AES_xtime(a1^a2);
+                xt2 = AES_xtime(a2^a3);
+                xt3 = AES_xtime(a3^a0);
+                xt4 = AES_xtime(xt0^xt1);
+                xt5 = AES_xtime(xt1^xt2);
+                xt6 = AES_xtime(xt4^xt5);
+
+                xt0 ^= a1^a2^a3^xt4^xt6;
+                xt1 ^= a0^a2^a3^xt5^xt6;
+                xt2 ^= a0^a1^a3^xt4^xt6;
+                xt3 ^= a0^a1^a2^xt5^xt6;
+                tmp[row-1] = ((xt0<<24)|(xt1<<16)|(xt2<<8)|xt3);
+            }
+            else
+                tmp[row-1] = ((a0<<24)|(a1<<16)|(a2<<8)|a3);
+        }
+
+        for (row = 4; row > 0; row--)
+            data[row-1] = tmp[row-1] ^ *(--k);
+    }
+}
diff --git a/crypto/bigint.c b/crypto/bigint.c
new file mode 100644
index 0000000000..d90b093822
--- /dev/null
+++ b/crypto/bigint.c
@@ -0,0 +1,1514 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @defgroup bigint_api Big Integer API
+ * @brief The bigint implementation as used by the axTLS project.
+ *
+ * The bigint library is for RSA encryption/decryption as well as signing.
+ * This code tries to minimise use of malloc/free by maintaining a small 
+ * cache. A bigint context may maintain state by being made "permanent". 
+ * It be be later released with a bi_depermanent() and bi_free() call.
+ *
+ * It supports the following reduction techniques:
+ * - Classical
+ * - Barrett
+ * - Montgomery
+ *
+ * It also implements the following:
+ * - Karatsuba multiplication
+ * - Squaring
+ * - Sliding window exponentiation
+ * - Chinese Remainder Theorem (implemented in rsa.c).
+ *
+ * All the algorithms used are pretty standard, and designed for different
+ * data bus sizes. Negative numbers are not dealt with at all, so a subtraction
+ * may need to be tested for negativity.
+ *
+ * This library steals some ideas from Jef Poskanzer
+ * <http://cs.marlboro.edu/term/cs-fall02/algorithms/crypto/RSA/bigint>
+ * and GMP <http://www.swox.com/gmp>. It gets most of its implementation
+ * detail from "The Handbook of Applied Cryptography"
+ * <http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf>
+ * @{
+ */
+
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "os_port.h"
+#include "bigint.h"
+
+#define V1      v->comps[v->size-1]                 /**< v1 for division */
+#define V2      v->comps[v->size-2]                 /**< v2 for division */
+#define U(j)    tmp_u->comps[tmp_u->size-j-1]       /**< uj for division */
+#define Q(j)    quotient->comps[quotient->size-j-1] /**< qj for division */
+
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bi, comp i);
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom);
+static bigint *alloc(BI_CTX *ctx, int size);
+static bigint *trim(bigint *bi);
+static void more_comps(bigint *bi, int n);
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+static bigint *comp_right_shift(bigint *biR, int num_shifts);
+static bigint *comp_left_shift(bigint *biR, int num_shifts);
+#endif
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+static void check(const bigint *bi);
+#else
+#define check(A)                /**< disappears in normal production mode */
+#endif
+
+
+/**
+ * @brief Start a new bigint context.
+ * @return A bigint context.
+ */
+BI_CTX *bi_initialize(void)
+{
+    /* calloc() sets everything to zero */
+    BI_CTX *ctx = (BI_CTX *)calloc(1, sizeof(BI_CTX));
+   
+    /* the radix */
+    ctx->bi_radix = alloc(ctx, 2); 
+    ctx->bi_radix->comps[0] = 0;
+    ctx->bi_radix->comps[1] = 1;
+    bi_permanent(ctx->bi_radix);
+    return ctx;
+}
+
+/**
+ * @brief Close the bigint context and free any resources.
+ *
+ * Free up any used memory - a check is done if all objects were not 
+ * properly freed.
+ * @param ctx [in]   The bigint session context.
+ */
+void bi_terminate(BI_CTX *ctx)
+{
+    bi_depermanent(ctx->bi_radix); 
+    bi_free(ctx, ctx->bi_radix);
+
+    if (ctx->active_count != 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_terminate: there were %d un-freed bigints\n",
+                       ctx->active_count);
+#endif
+        abort();
+    }
+
+    bi_clear_cache(ctx);
+    free(ctx);
+}
+
+/**
+ *@brief Clear the memory cache.
+ */
+void bi_clear_cache(BI_CTX *ctx)
+{
+    bigint *p, *pn;
+
+    if (ctx->free_list == NULL)
+        return;
+    
+    for (p = ctx->free_list; p != NULL; p = pn)
+    {
+        pn = p->next;
+        free(p->comps);
+        free(p);
+    }
+
+    ctx->free_count = 0;
+    ctx->free_list = NULL;
+}
+
+/**
+ * @brief Increment the number of references to this object. 
+ * It does not do a full copy.
+ * @param bi [in]   The bigint to copy.
+ * @return A reference to the same bigint.
+ */
+bigint *bi_copy(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+        bi->refs++;
+    return bi;
+}
+
+/**
+ * @brief Simply make a bigint object "unfreeable" if bi_free() is called on it.
+ *
+ * For this object to be freed, bi_depermanent() must be called.
+ * @param bi [in]   The bigint to be made permanent.
+ */
+void bi_permanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != 1)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_permanent: refs was not 1\n");
+#endif
+        abort();
+    }
+
+    bi->refs = PERMANENT;
+}
+
+/**
+ * @brief Take a permanent object and make it eligible for freedom.
+ * @param bi [in]   The bigint to be made back to temporary.
+ */
+void bi_depermanent(bigint *bi)
+{
+    check(bi);
+    if (bi->refs != PERMANENT)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_depermanent: bigint was not permanent\n");
+#endif
+        abort();
+    }
+
+    bi->refs = 1;
+}
+
+/**
+ * @brief Free a bigint object so it can be used again. 
+ *
+ * The memory itself it not actually freed, just tagged as being available 
+ * @param ctx [in]   The bigint session context.
+ * @param bi [in]    The bigint to be freed.
+ */
+void bi_free(BI_CTX *ctx, bigint *bi)
+{
+    check(bi);
+    if (bi->refs == PERMANENT)
+    {
+        return;
+    }
+
+    if (--bi->refs > 0)
+    {
+        return;
+    }
+
+    bi->next = ctx->free_list;
+    ctx->free_list = bi;
+    ctx->free_count++;
+
+    if (--ctx->active_count < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("bi_free: active_count went negative "
+                "- double-freed bigint?\n");
+#endif
+        abort();
+    }
+}
+
+/**
+ * @brief Convert an (unsigned) integer into a bigint.
+ * @param ctx [in]   The bigint session context.
+ * @param i [in]     The (unsigned) integer to be converted.
+ * 
+ */
+bigint *int_to_bi(BI_CTX *ctx, comp i)
+{
+    bigint *biR = alloc(ctx, 1);
+    biR->comps[0] = i;
+    return biR;
+}
+
+/**
+ * @brief Do a full copy of the bigint object.
+ * @param ctx [in]   The bigint session context.
+ * @param bi  [in]   The bigint object to be copied.
+ */
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi)
+{
+    bigint *biR = alloc(ctx, bi->size);
+    check(bi);
+    memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
+    return biR;
+}
+
+/**
+ * @brief Perform an addition operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the addition.
+ */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    int n;
+    comp carry = 0;
+    comp *pa, *pb;
+
+    check(bia);
+    check(bib);
+
+    n = axtls_max(bia->size, bib->size);
+    more_comps(bia, n+1);
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do
+    {
+        comp  sl, rl, cy1;
+        sl = *pa + *pb++;
+        rl = sl + carry;
+        cy1 = sl < *pa;
+        carry = cy1 | (rl < sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    *pa = carry;                  /* do overflow */
+    bi_free(ctx, bib);
+    return trim(bia);
+}
+
+/**
+ * @brief Perform a subtraction operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @param is_negative [out] If defined, indicates that the result was negative.
+ * is_negative may be null.
+ * @return The result of the subtraction. The result is always positive.
+ */
+bigint *bi_subtract(BI_CTX *ctx, 
+        bigint *bia, bigint *bib, int *is_negative)
+{
+    int n = bia->size;
+    comp *pa, *pb, carry = 0;
+
+    check(bia);
+    check(bib);
+
+    more_comps(bib, n);
+    pa = bia->comps;
+    pb = bib->comps;
+
+    do 
+    {
+        comp sl, rl, cy1;
+        sl = *pa - *pb++;
+        rl = sl - carry;
+        cy1 = sl > *pa;
+        carry = cy1 | (rl > sl);
+        *pa++ = rl;
+    } while (--n != 0);
+
+    if (is_negative)    /* indicate a negative result */
+    {
+        *is_negative = carry;
+    }
+
+    bi_free(ctx, trim(bib));    /* put bib back to the way it was */
+    return trim(bia);
+}
+
+/**
+ * Perform a multiply between a bigint an an (unsigned) integer
+ */
+static bigint *bi_int_multiply(BI_CTX *ctx, bigint *bia, comp b)
+{
+    int j = 0, n = bia->size;
+    bigint *biR = alloc(ctx, n + 1);
+    comp carry = 0;
+    comp *r = biR->comps;
+    comp *a = bia->comps;
+
+    check(bia);
+
+    /* clear things to start with */
+    memset(r, 0, ((n+1)*COMP_BYTE_SIZE));
+
+    do
+    {
+        long_comp tmp = *r + (long_comp)a[j]*b + carry;
+        *r++ = (comp)tmp;              /* downsize */
+        carry = (comp)(tmp >> COMP_BIT_SIZE);
+    } while (++j < n);
+
+    *r = carry;
+    bi_free(ctx, bia);
+    return trim(biR);
+}
+
+/**
+ * @brief Does both division and modulo calculations. 
+ *
+ * Used extensively when doing classical reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param u [in]    A bigint which is the numerator.
+ * @param v [in]    Either the denominator or the modulus depending on the mode.
+ * @param is_mod [n] Determines if this is a normal division (0) or a reduction
+ * (1).
+ * @return  The result of the division/reduction.
+ */
+bigint *bi_divide(BI_CTX *ctx, bigint *u, bigint *v, int is_mod)
+{
+    int n = v->size, m = u->size-n;
+    int j = 0, orig_u_size = u->size;
+    uint8_t mod_offset = ctx->mod_offset;
+    comp d;
+    bigint *quotient, *tmp_u;
+    comp q_dash;
+
+    check(u);
+    check(v);
+
+    /* if doing reduction and we are < mod, then return mod */
+    if (is_mod && bi_compare(v, u) > 0)
+    {
+        bi_free(ctx, v);
+        return u;
+    }
+
+    quotient = alloc(ctx, m+1);
+    tmp_u = alloc(ctx, n+1);
+    v = trim(v);        /* make sure we have no leading 0's */
+    d = (comp)((long_comp)COMP_RADIX/(V1+1));
+
+    /* clear things to start with */
+    memset(quotient->comps, 0, ((quotient->size)*COMP_BYTE_SIZE));
+
+    /* normalise */
+    if (d > 1)
+    {
+        u = bi_int_multiply(ctx, u, d);
+
+        if (is_mod)
+        {
+            v = ctx->bi_normalised_mod[mod_offset];
+        }
+        else
+        {
+            v = bi_int_multiply(ctx, v, d);
+        }
+    }
+
+    if (orig_u_size == u->size)  /* new digit position u0 */
+    {
+        more_comps(u, orig_u_size + 1);
+    }
+
+    do
+    {
+        /* get a temporary short version of u */
+        memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
+
+        /* calculate q' */
+        if (U(0) == V1)
+        {
+            q_dash = COMP_RADIX-1;
+        }
+        else
+        {
+            q_dash = (comp)(((long_comp)U(0)*COMP_RADIX + U(1))/V1);
+
+            if (v->size > 1 && V2)
+            {
+                /* we are implementing the following:
+                if (V2*q_dash > (((U(0)*COMP_RADIX + U(1) - 
+                        q_dash*V1)*COMP_RADIX) + U(2))) ... */
+                comp inner = (comp)((long_comp)COMP_RADIX*U(0) + U(1) - 
+                                            (long_comp)q_dash*V1);
+                if ((long_comp)V2*q_dash > (long_comp)inner*COMP_RADIX + U(2))
+                {
+                    q_dash--;
+                }
+            }
+        }
+
+        /* multiply and subtract */
+        if (q_dash)
+        {
+            int is_negative;
+            tmp_u = bi_subtract(ctx, tmp_u, 
+                    bi_int_multiply(ctx, bi_copy(v), q_dash), &is_negative);
+            more_comps(tmp_u, n+1);
+
+            Q(j) = q_dash; 
+
+            /* add back */
+            if (is_negative)
+            {
+                Q(j)--;
+                tmp_u = bi_add(ctx, tmp_u, bi_copy(v));
+
+                /* lop off the carry */
+                tmp_u->size--;
+                v->size--;
+            }
+        }
+        else
+        {
+            Q(j) = 0; 
+        }
+
+        /* copy back to u */
+        memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
+    } while (++j <= m);
+
+    bi_free(ctx, tmp_u);
+    bi_free(ctx, v);
+
+    if (is_mod)     /* get the remainder */
+    {
+        bi_free(ctx, quotient);
+        return bi_int_divide(ctx, trim(u), d);
+    }
+    else            /* get the quotient */
+    {
+        bi_free(ctx, u);
+        return trim(quotient);
+    }
+}
+
+/*
+ * Perform an integer divide on a bigint.
+ */
+static bigint *bi_int_divide(BI_CTX *ctx, bigint *biR, comp denom)
+{
+    int i = biR->size - 1;
+    long_comp r = 0;
+
+    check(biR);
+
+    do
+    {
+        r = (r<<COMP_BIT_SIZE) + biR->comps[i];
+        biR->comps[i] = (comp)(r / denom);
+        r %= denom;
+    } while (--i >= 0);
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+/**
+ * There is a need for the value of integer N' such that B^-1(B-1)-N^-1N'=1, 
+ * where B^-1(B-1) mod N=1. Actually, only the least significant part of 
+ * N' is needed, hence the definition N0'=N' mod b. We reproduce below the 
+ * simple algorithm from an article by Dusse and Kaliski to efficiently 
+ * find N0' from N0 and b */
+static comp modular_inverse(bigint *bim)
+{
+    int i;
+    comp t = 1;
+    comp two_2_i_minus_1 = 2;   /* 2^(i-1) */
+    long_comp two_2_i = 4;      /* 2^i */
+    comp N = bim->comps[0];
+
+    for (i = 2; i <= COMP_BIT_SIZE; i++)
+    {
+        if ((long_comp)N*t%two_2_i >= two_2_i_minus_1)
+        {
+            t += two_2_i_minus_1;
+        }
+
+        two_2_i_minus_1 <<= 1;
+        two_2_i <<= 1;
+    }
+
+    return (comp)(COMP_RADIX-t);
+}
+#endif
+
+#if defined(CONFIG_BIGINT_KARATSUBA) || defined(CONFIG_BIGINT_BARRETT) || \
+    defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * Take each component and shift down (in terms of components) 
+ */
+static bigint *comp_right_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-num_shifts;
+    comp *x = biR->comps;
+    comp *y = &biR->comps[num_shifts];
+
+    check(biR);
+
+    if (i <= 0)     /* have we completely right shifted? */
+    {
+        biR->comps[0] = 0;  /* return 0 */
+        biR->size = 1;
+        return biR;
+    }
+
+    do
+    {
+        *x++ = *y++;
+    } while (--i > 0);
+
+    biR->size -= num_shifts;
+    return biR;
+}
+
+/**
+ * Take each component and shift it up (in terms of components) 
+ */
+static bigint *comp_left_shift(bigint *biR, int num_shifts)
+{
+    int i = biR->size-1;
+    comp *x, *y;
+
+    check(biR);
+
+    if (num_shifts <= 0)
+    {
+        return biR;
+    }
+
+    more_comps(biR, biR->size + num_shifts);
+
+    x = &biR->comps[i+num_shifts];
+    y = &biR->comps[i];
+
+    do
+    {
+        *x-- = *y--;
+    } while (i--);
+
+    memset(biR->comps, 0, num_shifts*COMP_BYTE_SIZE); /* zero LS comps */
+    return biR;
+}
+#endif
+
+/**
+ * @brief Allow a binary sequence to be imported as a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] The data to be converted.
+ * @param size [in] The number of bytes of data.
+ * @return A bigint representing this data.
+ */
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int size)
+{
+    bigint *biR = alloc(ctx, (size+COMP_BYTE_SIZE-1)/COMP_BYTE_SIZE);
+    int i, j = 0, offset = 0;
+
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        biR->comps[offset] += data[i] << (j*8);
+
+        if (++j == COMP_BYTE_SIZE)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return trim(biR);
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * @brief The testharness uses this code to import text hex-streams and 
+ * convert them into bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param data [in] A string consisting of hex characters. The characters must
+ * be in upper case.
+ * @return A bigint representing this data.
+ */
+bigint *bi_str_import(BI_CTX *ctx, const char *data)
+{
+    int size = strlen(data);
+    bigint *biR = alloc(ctx, (size+COMP_NUM_NIBBLES-1)/COMP_NUM_NIBBLES);
+    int i, j = 0, offset = 0;
+    memset(biR->comps, 0, biR->size*COMP_BYTE_SIZE);
+
+    for (i = size-1; i >= 0; i--)
+    {
+        int num = (data[i] <= '9') ? (data[i] - '0') : (data[i] - 'A' + 10);
+        biR->comps[offset] += num << (j*4);
+
+        if (++j == COMP_NUM_NIBBLES)
+        {
+            j = 0;
+            offset ++;
+        }
+    }
+
+    return biR;
+}
+
+void bi_print(const char *label, bigint *x)
+{
+    int i, j;
+
+    if (x == NULL)
+    {
+        printf("%s: (null)\n", label);
+        return;
+    }
+
+    printf("%s: (size %d)\n", label, x->size);
+    for (i = x->size-1; i >= 0; i--)
+    {
+        for (j = COMP_NUM_NIBBLES-1; j >= 0; j--)
+        {
+            comp mask = 0x0f << (j*4);
+            comp num = (x->comps[i] & mask) >> (j*4);
+            putc((num <= 9) ? (num + '0') : (num + 'A' - 10), stdout);
+        }
+    }  
+
+    printf("\n");
+}
+#endif
+
+/**
+ * @brief Take a bigint and convert it into a byte sequence. 
+ *
+ * This is useful after a decrypt operation.
+ * @param ctx [in]  The bigint session context.
+ * @param x [in]  The bigint to be converted.
+ * @param data [out] The converted data as a byte stream.
+ * @param size [in] The maximum size of the byte stream. Unused bytes will be
+ * zeroed.
+ */
+void bi_export(BI_CTX *ctx, bigint *x, uint8_t *data, int size)
+{
+    int i, j, k = size-1;
+
+    check(x);
+    memset(data, 0, size);  /* ensure all leading 0's are cleared */
+
+    for (i = 0; i < x->size; i++)
+    {
+        for (j = 0; j < COMP_BYTE_SIZE; j++)
+        {
+            comp mask = 0xff << (j*8);
+            int num = (x->comps[i] & mask) >> (j*8);
+            data[k--] = num;
+
+            if (k < 0)
+            {
+                goto buf_done;
+            }
+        }
+    }
+buf_done:
+
+    bi_free(ctx, x);
+}
+
+/**
+ * @brief Pre-calculate some of the expensive steps in reduction. 
+ *
+ * This function should only be called once (normally when a session starts).
+ * When the session is over, bi_free_mod() should be called. bi_mod_power()
+ * relies on this function being called.
+ * @param ctx [in]  The bigint session context.
+ * @param bim [in]  The bigint modulus that will be used.
+ * @param mod_offset [in] There are three moduluii that can be stored - the
+ * standard modulus, and its two primes p and q. This offset refers to which
+ * modulus we are referring to.
+ * @see bi_free_mod(), bi_mod_power().
+ */
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset)
+{
+    int k = bim->size;
+    comp d = (comp)((long_comp)COMP_RADIX/(bim->comps[k-1]+1));
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    bigint *R, *R2;
+#endif
+
+    ctx->bi_mod[mod_offset] = bim;
+    bi_permanent(ctx->bi_mod[mod_offset]);
+    ctx->bi_normalised_mod[mod_offset] = bi_int_multiply(ctx, bim, d);
+    bi_permanent(ctx->bi_normalised_mod[mod_offset]);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    /* set montgomery variables */
+    R = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k-1);     /* R */
+    R2 = comp_left_shift(bi_clone(ctx, ctx->bi_radix), k*2-1);  /* R^2 */
+    ctx->bi_RR_mod_m[mod_offset] = bi_mod(ctx, R2);             /* R^2 mod m */
+    ctx->bi_R_mod_m[mod_offset] = bi_mod(ctx, R);               /* R mod m */
+
+    bi_permanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_permanent(ctx->bi_R_mod_m[mod_offset]);
+
+    ctx->N0_dash[mod_offset] = modular_inverse(ctx->bi_mod[mod_offset]);
+
+#elif defined (CONFIG_BIGINT_BARRETT)
+    ctx->bi_mu[mod_offset] = 
+        bi_divide(ctx, comp_left_shift(
+            bi_clone(ctx, ctx->bi_radix), k*2-1), ctx->bi_mod[mod_offset], 0);
+    bi_permanent(ctx->bi_mu[mod_offset]);
+#endif
+}
+
+/**
+ * @brief Used when cleaning various bigints at the end of a session.
+ * @param ctx [in]  The bigint session context.
+ * @param mod_offset [in] The offset to use.
+ * @see bi_set_mod().
+ */
+void bi_free_mod(BI_CTX *ctx, int mod_offset)
+{
+    bi_depermanent(ctx->bi_mod[mod_offset]);
+    bi_free(ctx, ctx->bi_mod[mod_offset]);
+#if defined (CONFIG_BIGINT_MONTGOMERY)
+    bi_depermanent(ctx->bi_RR_mod_m[mod_offset]);
+    bi_depermanent(ctx->bi_R_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_RR_mod_m[mod_offset]);
+    bi_free(ctx, ctx->bi_R_mod_m[mod_offset]);
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bi_depermanent(ctx->bi_mu[mod_offset]); 
+    bi_free(ctx, ctx->bi_mu[mod_offset]);
+#endif
+    bi_depermanent(ctx->bi_normalised_mod[mod_offset]); 
+    bi_free(ctx, ctx->bi_normalised_mod[mod_offset]);
+}
+
+/** 
+ * Perform a standard multiplication between two bigints.
+ *
+ * Barrett reduction has no need for some parts of the product, so ignore bits
+ * of the multiply. This routine gives Barrett its big performance
+ * improvements over Classical/Montgomery reduction methods. 
+ */
+static bigint *regular_multiply(BI_CTX *ctx, bigint *bia, bigint *bib, 
+        int inner_partial, int outer_partial)
+{
+    int i = 0, j;
+    int n = bia->size;
+    int t = bib->size;
+    bigint *biR = alloc(ctx, n + t);
+    comp *sr = biR->comps;
+    comp *sa = bia->comps;
+    comp *sb = bib->comps;
+
+    check(bia);
+    check(bib);
+
+    /* clear things to start with */
+    memset(biR->comps, 0, ((n+t)*COMP_BYTE_SIZE));
+
+    do 
+    {
+        long_comp tmp;
+        comp carry = 0;
+        int r_index = i;
+        j = 0;
+
+        if (outer_partial && outer_partial-i > 0 && outer_partial < n)
+        {
+            r_index = outer_partial-1;
+            j = outer_partial-i-1;
+        }
+
+        do
+        {
+            if (inner_partial && r_index >= inner_partial) 
+            {
+                break;
+            }
+
+            tmp = sr[r_index] + ((long_comp)sa[j])*sb[i] + carry;
+            sr[r_index++] = (comp)tmp;              /* downsize */
+            carry = tmp >> COMP_BIT_SIZE;
+        } while (++j < n);
+
+        sr[r_index] = carry;
+    } while (++i < t);
+
+    bi_free(ctx, bia);
+    bi_free(ctx, bib);
+    return trim(biR);
+}
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+/*
+ * Karatsuba improves on regular multiplication due to only 3 multiplications 
+ * being done instead of 4. The additional additions/subtractions are O(N) 
+ * rather than O(N^2) and so for big numbers it saves on a few operations 
+ */
+static bigint *karatsuba(BI_CTX *ctx, bigint *bia, bigint *bib, int is_square)
+{
+    bigint *x0, *x1;
+    bigint *p0, *p1, *p2;
+    int m;
+
+    if (is_square)
+    {
+        m = (bia->size + 1)/2;
+    }
+    else
+    {
+        m = (axtls_max(bia->size, bib->size) + 1)/2;
+    }
+
+    x0 = bi_clone(ctx, bia);
+    x0->size = m;
+    x1 = bi_clone(ctx, bia);
+    comp_right_shift(x1, m);
+    bi_free(ctx, bia);
+
+    /* work out the 3 partial products */
+    if (is_square)
+    {
+        p0 = bi_square(ctx, bi_copy(x0));
+        p2 = bi_square(ctx, bi_copy(x1));
+        p1 = bi_square(ctx, bi_add(ctx, x0, x1));
+    }
+    else /* normal multiply */
+    {
+        bigint *y0, *y1;
+        y0 = bi_clone(ctx, bib);
+        y0->size = m;
+        y1 = bi_clone(ctx, bib);
+        comp_right_shift(y1, m);
+        bi_free(ctx, bib);
+
+        p0 = bi_multiply(ctx, bi_copy(x0), bi_copy(y0));
+        p2 = bi_multiply(ctx, bi_copy(x1), bi_copy(y1));
+        p1 = bi_multiply(ctx, bi_add(ctx, x0, x1), bi_add(ctx, y0, y1));
+    }
+
+    p1 = bi_subtract(ctx, 
+            bi_subtract(ctx, p1, bi_copy(p2), NULL), bi_copy(p0), NULL);
+
+    comp_left_shift(p1, m);
+    comp_left_shift(p2, 2*m);
+    return bi_add(ctx, p1, bi_add(ctx, p0, p2));
+}
+#endif
+
+/**
+ * @brief Perform a multiplication operation between two bigints.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib)
+{
+    check(bia);
+    check(bib);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (axtls_min(bia->size, bib->size) < MUL_KARATSUBA_THRESH)
+    {
+        return regular_multiply(ctx, bia, bib, 0, 0);
+    }
+
+    return karatsuba(ctx, bia, bib, 0);
+#else
+    return regular_multiply(ctx, bia, bib, 0, 0);
+#endif
+}
+
+#ifdef CONFIG_BIGINT_SQUARE
+/*
+ * Perform the actual square operion. It takes into account overflow.
+ */
+static bigint *regular_square(BI_CTX *ctx, bigint *bi)
+{
+    int t = bi->size;
+    int i = 0, j;
+    bigint *biR = alloc(ctx, t*2+1);
+    comp *w = biR->comps;
+    comp *x = bi->comps;
+    long_comp carry;
+    memset(w, 0, biR->size*COMP_BYTE_SIZE);
+
+    do
+    {
+        long_comp tmp = w[2*i] + (long_comp)x[i]*x[i];
+        w[2*i] = (comp)tmp;
+        carry = tmp >> COMP_BIT_SIZE;
+
+        for (j = i+1; j < t; j++)
+        {
+            uint8_t c = 0;
+            long_comp xx = (long_comp)x[i]*x[j];
+            if ((COMP_MAX-xx) < xx)
+                c = 1;
+
+            tmp = (xx<<1);
+
+            if ((COMP_MAX-tmp) < w[i+j])
+                c = 1;
+
+            tmp += w[i+j];
+
+            if ((COMP_MAX-tmp) < carry)
+                c = 1;
+
+            tmp += carry;
+            w[i+j] = (comp)tmp;
+            carry = tmp >> COMP_BIT_SIZE;
+
+            if (c)
+                carry += COMP_RADIX;
+        }
+
+        tmp = w[i+t] + carry;
+        w[i+t] = (comp)tmp;
+        w[i+t+1] = tmp >> COMP_BIT_SIZE;
+    } while (++i < t);
+
+    bi_free(ctx, bi);
+    return trim(biR);
+}
+
+/**
+ * @brief Perform a square operation on a bigint.
+ * @param ctx [in]  The bigint session context.
+ * @param bia [in]  A bigint.
+ * @return The result of the multiplication.
+ */
+bigint *bi_square(BI_CTX *ctx, bigint *bia)
+{
+    check(bia);
+
+#ifdef CONFIG_BIGINT_KARATSUBA
+    if (bia->size < SQU_KARATSUBA_THRESH) 
+    {
+        return regular_square(ctx, bia);
+    }
+
+    return karatsuba(ctx, bia, NULL, 1);
+#else
+    return regular_square(ctx, bia);
+#endif
+}
+#endif
+
+/**
+ * @brief Compare two bigints.
+ * @param bia [in]  A bigint.
+ * @param bib [in]  Another bigint.
+ * @return -1 if smaller, 1 if larger and 0 if equal.
+ */
+int bi_compare(bigint *bia, bigint *bib)
+{
+    int r, i;
+
+    check(bia);
+    check(bib);
+
+    if (bia->size > bib->size)
+        r = 1;
+    else if (bia->size < bib->size)
+        r = -1;
+    else
+    {
+        comp *a = bia->comps; 
+        comp *b = bib->comps; 
+
+        /* Same number of components.  Compare starting from the high end
+         * and working down. */
+        r = 0;
+        i = bia->size - 1;
+
+        do 
+        {
+            if (a[i] > b[i])
+            { 
+                r = 1;
+                break; 
+            }
+            else if (a[i] < b[i])
+            { 
+                r = -1;
+                break; 
+            }
+        } while (--i >= 0);
+    }
+
+    return r;
+}
+
+/*
+ * Allocate and zero more components.  Does not consume bi. 
+ */
+static void more_comps(bigint *bi, int n)
+{
+    if (n > bi->max_comps)
+    {
+        bi->max_comps = axtls_max(bi->max_comps * 2, n);
+        bi->comps = (comp*)realloc(bi->comps, bi->max_comps * COMP_BYTE_SIZE);
+    }
+
+    if (n > bi->size)
+    {
+        memset(&bi->comps[bi->size], 0, (n-bi->size)*COMP_BYTE_SIZE);
+    }
+
+    bi->size = n;
+}
+
+/*
+ * Make a new empty bigint. It may just use an old one if one is available.
+ * Otherwise get one off the heap.
+ */
+static bigint *alloc(BI_CTX *ctx, int size)
+{
+    bigint *biR;
+
+    /* Can we recycle an old bigint? */
+    if (ctx->free_list != NULL)
+    {
+        biR = ctx->free_list;
+        ctx->free_list = biR->next;
+        ctx->free_count--;
+
+        if (biR->refs != 0)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("alloc: refs was not 0\n");
+#endif
+            abort();    /* create a stack trace from a core dump */
+        }
+
+        more_comps(biR, size);
+    }
+    else
+    {
+        /* No free bigints available - create a new one. */
+        biR = (bigint *)malloc(sizeof(bigint));
+        biR->comps = (comp*)malloc(size * COMP_BYTE_SIZE);
+        biR->max_comps = size;  /* give some space to spare */
+    }
+
+    biR->size = size;
+    biR->refs = 1;
+    biR->next = NULL;
+    ctx->active_count++;
+    return biR;
+}
+
+/*
+ * Work out the highest '1' bit in an exponent. Used when doing sliding-window
+ * exponentiation.
+ */
+static int find_max_exp_index(bigint *biexp)
+{
+    int i = COMP_BIT_SIZE-1;
+    comp shift = COMP_RADIX/2;
+    comp test = biexp->comps[biexp->size-1];    /* assume no leading zeroes */
+
+    check(biexp);
+
+    do
+    {
+        if (test & shift)
+        {
+            return i+(biexp->size-1)*COMP_BIT_SIZE;
+        }
+
+        shift >>= 1;
+    } while (i-- != 0);
+
+    return -1;      /* error - must have been a leading 0 */
+}
+
+/*
+ * Is a particular bit is an exponent 1 or 0? Used when doing sliding-window
+ * exponentiation.
+ */
+static int exp_bit_is_one(bigint *biexp, int offset)
+{
+    comp test = biexp->comps[offset / COMP_BIT_SIZE];
+    int num_shifts = offset % COMP_BIT_SIZE;
+    comp shift = 1;
+    int i;
+
+    check(biexp);
+
+    for (i = 0; i < num_shifts; i++)
+    {
+        shift <<= 1;
+    }
+
+    return (test & shift) != 0;
+}
+
+#ifdef CONFIG_BIGINT_CHECK_ON
+/*
+ * Perform a sanity check on bi.
+ */
+static void check(const bigint *bi)
+{
+    if (bi->refs <= 0)
+    {
+        printf("check: zero or negative refs in bigint\n");
+        abort();
+    }
+
+    if (bi->next != NULL)
+    {
+        printf("check: attempt to use a bigint from "
+                "the free list\n");
+        abort();
+    }
+}
+#endif
+
+/*
+ * Delete any leading 0's (and allow for 0).
+ */
+static bigint *trim(bigint *bi)
+{
+    check(bi);
+
+    while (bi->comps[bi->size-1] == 0 && bi->size > 1)
+    {
+        bi->size--;
+    }
+
+    return bi;
+}
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+/**
+ * @brief Perform a single montgomery reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bixy [in]  A bigint.
+ * @return The result of the montgomery reduction.
+ */
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy)
+{
+    int i = 0, n;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    comp mod_inv = ctx->N0_dash[mod_offset];
+
+    check(bixy);
+
+    ax_wdt_feed();
+    if (ctx->use_classical)     /* just use classical instead */
+    {
+        return bi_mod(ctx, bixy);
+    }
+
+    n = bim->size;
+
+    do
+    {
+        bixy = bi_add(ctx, bixy, comp_left_shift(
+                    bi_int_multiply(ctx, bim, bixy->comps[i]*mod_inv), i));
+    } while (++i < n);
+
+    comp_right_shift(bixy, n);
+
+    if (bi_compare(bixy, bim) >= 0)
+    {
+        bixy = bi_subtract(ctx, bixy, bim, NULL);
+    }
+
+    return bixy;
+}
+
+#elif defined(CONFIG_BIGINT_BARRETT)
+/*
+ * Stomp on the most significant components to give the illusion of a "mod base
+ * radix" operation 
+ */
+static bigint *comp_mod(bigint *bi, int mod)
+{
+    check(bi);
+
+    if (bi->size > mod)
+    {
+        bi->size = mod;
+    }
+
+    return bi;
+}
+
+/**
+ * @brief Perform a single Barrett reduction.
+ * @param ctx [in]  The bigint session context.
+ * @param bi [in]  A bigint.
+ * @return The result of the Barrett reduction.
+ */
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi)
+{
+    bigint *q1, *q2, *q3, *r1, *r2, *r;
+    uint8_t mod_offset = ctx->mod_offset;
+    bigint *bim = ctx->bi_mod[mod_offset];
+    int k = bim->size;
+
+    check(bi);
+    check(bim);
+
+    ax_wdt_feed();
+    /* use Classical method instead  - Barrett cannot help here */
+    if (bi->size > k*2)
+    {
+        return bi_mod(ctx, bi);
+    }
+
+    q1 = comp_right_shift(bi_clone(ctx, bi), k-1);
+
+    /* do outer partial multiply */
+    q2 = regular_multiply(ctx, q1, ctx->bi_mu[mod_offset], 0, k-1); 
+    q3 = comp_right_shift(q2, k+1);
+    r1 = comp_mod(bi, k+1);
+
+    /* do inner partial multiply */
+    r2 = comp_mod(regular_multiply(ctx, q3, bim, k+1, 0), k+1);
+    r = bi_subtract(ctx, r1, r2, NULL);
+
+    /* if (r >= m) r = r - m; */
+    if (bi_compare(r, bim) >= 0)
+    {
+        r = bi_subtract(ctx, r, bim, NULL);
+    }
+
+    return r;
+}
+#endif /* CONFIG_BIGINT_BARRETT */
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+/*
+ * Work out g1, g3, g5, g7... etc for the sliding-window algorithm 
+ */
+static void precompute_slide_window(BI_CTX *ctx, int window, bigint *g1)
+{
+    int k = 1, i;
+    bigint *g2;
+
+    for (i = 0; i < window-1; i++)   /* compute 2^(window-1) */
+    {
+        k <<= 1;
+    }
+
+    ctx->g = (bigint **)malloc(k*sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, g1);
+    bi_permanent(ctx->g[0]);
+    g2 = bi_residue(ctx, bi_square(ctx, ctx->g[0]));   /* g^2 */
+
+    for (i = 1; i < k; i++)
+    {
+        ctx->g[i] = bi_residue(ctx, bi_multiply(ctx, ctx->g[i-1], bi_copy(g2)));
+        bi_permanent(ctx->g[i]);
+    }
+
+    bi_free(ctx, g2);
+    ctx->window = k;
+}
+#endif
+
+/**
+ * @brief Perform a modular exponentiation.
+ *
+ * This function requires bi_set_mod() to have been called previously. This is 
+ * one of the optimisations used for performance.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint on which to perform the mod power operation.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp)
+{
+    int i = find_max_exp_index(biexp), j, window_size = 1;
+    bigint *biR = int_to_bi(ctx, 1);
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    uint8_t mod_offset = ctx->mod_offset;
+    if (!ctx->use_classical)
+    {
+        /* preconvert */
+        bi = bi_mont(ctx, 
+                bi_multiply(ctx, bi, ctx->bi_RR_mod_m[mod_offset]));    /* x' */
+        bi_free(ctx, biR);
+        biR = ctx->bi_R_mod_m[mod_offset];                              /* A */
+    }
+#endif
+
+    check(bi);
+    check(biexp);
+
+#ifdef CONFIG_BIGINT_SLIDING_WINDOW
+    for (j = i; j > 32; j /= 5) /* work out an optimum size */
+        window_size++;
+
+    /* work out the slide constants */
+    precompute_slide_window(ctx, window_size, bi);
+#else   /* just one constant */
+    ctx->g = (bigint **)malloc(sizeof(bigint *));
+    ctx->g[0] = bi_clone(ctx, bi);
+    ctx->window = 1;
+    bi_permanent(ctx->g[0]);
+#endif
+
+    /* if sliding-window is off, then only one bit will be done at a time and
+     * will reduce to standard left-to-right exponentiation */
+    do
+    {
+        if (exp_bit_is_one(biexp, i))
+        {
+            int l = i-window_size+1;
+            int part_exp = 0;
+
+            if (l < 0)  /* LSB of exponent will always be 1 */
+                l = 0;
+            else
+            {
+                while (exp_bit_is_one(biexp, l) == 0)
+                    l++;    /* go back up */
+            }
+
+            /* build up the section of the exponent */
+            for (j = i; j >= l; j--)
+            {
+                biR = bi_residue(ctx, bi_square(ctx, biR));
+                if (exp_bit_is_one(biexp, j))
+                    part_exp++;
+
+                if (j != l)
+                    part_exp <<= 1;
+            }
+
+            part_exp = (part_exp-1)/2;  /* adjust for array */
+            biR = bi_residue(ctx, bi_multiply(ctx, biR, ctx->g[part_exp]));
+            i = l-1;
+        }
+        else    /* square it */
+        {
+            biR = bi_residue(ctx, bi_square(ctx, biR));
+            i--;
+        }
+    } while (i >= 0);
+     
+    /* cleanup */
+    for (i = 0; i < ctx->window; i++)
+    {
+        bi_depermanent(ctx->g[i]);
+        bi_free(ctx, ctx->g[i]);
+    }
+
+    free(ctx->g);
+    bi_free(ctx, bi);
+    bi_free(ctx, biexp);
+#if defined CONFIG_BIGINT_MONTGOMERY
+    return ctx->use_classical ? biR : bi_mont(ctx, biR); /* convert back */
+#else /* CONFIG_BIGINT_CLASSICAL or CONFIG_BIGINT_BARRETT */
+    return biR;
+#endif
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * @brief Perform a modular exponentiation using a temporary modulus.
+ *
+ * We need this function to check the signatures of certificates. The modulus
+ * of this function is temporary as it's just used for authentication.
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param bim [in]  The temporary modulus.
+ * @param biexp [in] The bigint exponent.
+ * @return The result of the mod exponentiation operation
+ * @see bi_set_mod().
+ */
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp)
+{
+    bigint *biR, *tmp_biR;
+
+    /* Set up a temporary bigint context and transfer what we need between
+     * them. We need to do this since we want to keep the original modulus
+     * which is already in this context. This operation is only called when
+     * doing peer verification, and so is not expensive :-) */
+    BI_CTX *tmp_ctx = bi_initialize();
+    bi_set_mod(tmp_ctx, bi_clone(tmp_ctx, bim), BIGINT_M_OFFSET);
+    tmp_biR = bi_mod_power(tmp_ctx, 
+                bi_clone(tmp_ctx, bi), 
+                bi_clone(tmp_ctx, biexp));
+    biR = bi_clone(ctx, tmp_biR);
+    bi_free(tmp_ctx, tmp_biR);
+    bi_free_mod(tmp_ctx, BIGINT_M_OFFSET);
+    bi_terminate(tmp_ctx);
+
+    bi_free(ctx, bi);
+    bi_free(ctx, bim);
+    bi_free(ctx, biexp);
+    return biR;
+}
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+/**
+ * @brief Use the Chinese Remainder Theorem to quickly perform RSA decrypts.
+ *
+ * @param ctx [in]  The bigint session context.
+ * @param bi  [in]  The bigint to perform the exp/mod.
+ * @param dP [in] CRT's dP bigint
+ * @param dQ [in] CRT's dQ bigint
+ * @param p [in] CRT's p bigint
+ * @param q [in] CRT's q bigint
+ * @param qInv [in] CRT's qInv bigint
+ * @return The result of the CRT operation
+ */
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q, bigint *qInv)
+{
+    bigint *m1, *m2, *h;
+
+    /* Montgomery has a condition the 0 < x, y < m and these products violate
+     * that condition. So disable Montgomery when using CRT */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 1;
+#endif
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    m1 = bi_mod_power(ctx, bi_copy(bi), dP);
+
+    ctx->mod_offset = BIGINT_Q_OFFSET;
+    m2 = bi_mod_power(ctx, bi, dQ);
+
+    h = bi_subtract(ctx, bi_add(ctx, m1, p), bi_copy(m2), NULL);
+    h = bi_multiply(ctx, h, qInv);
+    ctx->mod_offset = BIGINT_P_OFFSET;
+    h = bi_residue(ctx, h);
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    ctx->use_classical = 0;         /* reset for any further operation */
+#endif
+    return bi_add(ctx, m2, bi_multiply(ctx, q, h));
+}
+#endif
+/** @} */
diff --git a/crypto/bigint.h b/crypto/bigint.h
new file mode 100644
index 0000000000..2966a3edb3
--- /dev/null
+++ b/crypto/bigint.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_HEADER
+#define BIGINT_HEADER
+
+#include "crypto.h"
+
+BI_CTX *bi_initialize(void);
+void bi_terminate(BI_CTX *ctx);
+void bi_permanent(bigint *bi);
+void bi_depermanent(bigint *bi);
+void bi_clear_cache(BI_CTX *ctx);
+void bi_free(BI_CTX *ctx, bigint *bi);
+bigint *bi_copy(bigint *bi);
+bigint *bi_clone(BI_CTX *ctx, const bigint *bi);
+void bi_export(BI_CTX *ctx, bigint *bi, uint8_t *data, int size);
+bigint *bi_import(BI_CTX *ctx, const uint8_t *data, int len);
+bigint *int_to_bi(BI_CTX *ctx, comp i);
+
+/* the functions that actually do something interesting */
+bigint *bi_add(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_subtract(BI_CTX *ctx, bigint *bia, 
+        bigint *bib, int *is_negative);
+bigint *bi_divide(BI_CTX *ctx, bigint *bia, bigint *bim, int is_mod);
+bigint *bi_multiply(BI_CTX *ctx, bigint *bia, bigint *bib);
+bigint *bi_mod_power(BI_CTX *ctx, bigint *bi, bigint *biexp);
+bigint *bi_mod_power2(BI_CTX *ctx, bigint *bi, bigint *bim, bigint *biexp);
+int bi_compare(bigint *bia, bigint *bib);
+void bi_set_mod(BI_CTX *ctx, bigint *bim, int mod_offset);
+void bi_free_mod(BI_CTX *ctx, int mod_offset);
+
+#ifdef CONFIG_SSL_FULL_MODE
+void bi_print(const char *label, bigint *bi);
+bigint *bi_str_import(BI_CTX *ctx, const char *data);
+#endif
+
+/**
+ * @def bi_mod
+ * Find the residue of B. bi_set_mod() must be called before hand.
+ */
+#define bi_mod(A, B)      bi_divide(A, B, ctx->bi_mod[ctx->mod_offset], 1)
+
+/**
+ * bi_residue() is technically the same as bi_mod(), but it uses the
+ * appropriate reduction technique (which is bi_mod() when doing classical
+ * reduction).
+ */
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+#define bi_residue(A, B)         bi_mont(A, B)
+bigint *bi_mont(BI_CTX *ctx, bigint *bixy);
+#elif defined(CONFIG_BIGINT_BARRETT)
+#define bi_residue(A, B)         bi_barrett(A, B)
+bigint *bi_barrett(BI_CTX *ctx, bigint *bi);
+#else /* if defined(CONFIG_BIGINT_CLASSICAL) */
+#define bi_residue(A, B)         bi_mod(A, B)
+#endif
+
+#ifdef CONFIG_BIGINT_SQUARE
+bigint *bi_square(BI_CTX *ctx, bigint *bi);
+#else
+#define bi_square(A, B)     bi_multiply(A, bi_copy(B), B)
+#endif
+
+#ifdef CONFIG_BIGINT_CRT
+bigint *bi_crt(BI_CTX *ctx, bigint *bi,
+        bigint *dP, bigint *dQ,
+        bigint *p, bigint *q,
+        bigint *qInv);
+#endif
+
+#endif
diff --git a/crypto/bigint_impl.h b/crypto/bigint_impl.h
new file mode 100644
index 0000000000..b70d32dd32
--- /dev/null
+++ b/crypto/bigint_impl.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BIGINT_IMPL_HEADER
+#define BIGINT_IMPL_HEADER
+
+/* Maintain a number of precomputed variables when doing reduction */
+#define BIGINT_M_OFFSET     0    /**< Normal modulo offset. */
+#ifdef CONFIG_BIGINT_CRT
+#define BIGINT_P_OFFSET     1    /**< p modulo offset. */
+#define BIGINT_Q_OFFSET     2    /**< q module offset. */
+#define BIGINT_NUM_MODS     3    /**< The number of modulus constants used. */
+#else
+#define BIGINT_NUM_MODS     1    
+#endif
+
+/* Architecture specific functions for big ints */
+#if defined(CONFIG_INTEGER_8BIT)
+#define COMP_RADIX          256U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       8   /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      1   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    2   /**< Used For diagnostics only. */
+typedef uint8_t comp;	        /**< A single precision component. */
+typedef uint16_t long_comp;     /**< A double precision component. */
+typedef int16_t slong_comp;     /**< A signed double precision component. */
+#elif defined(CONFIG_INTEGER_16BIT)
+#define COMP_RADIX          65536U       /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFU/**< (Max dbl comp -1) */
+#define COMP_BIT_SIZE       16  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      2   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    4   /**< Used For diagnostics only. */
+typedef uint16_t comp;	        /**< A single precision component. */
+typedef uint32_t long_comp;     /**< A double precision component. */
+typedef int32_t slong_comp;     /**< A signed double precision component. */
+#else /* regular 32 bit */
+#ifdef WIN32
+#define COMP_RADIX          4294967296i64         
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFui64
+#else
+#define COMP_RADIX          4294967296ULL         /**< Max component + 1 */
+#define COMP_MAX            0xFFFFFFFFFFFFFFFFULL/**< (Max dbl comp -1) */
+#endif
+#define COMP_BIT_SIZE       32  /**< Number of bits in a component. */
+#define COMP_BYTE_SIZE      4   /**< Number of bytes in a component. */
+#define COMP_NUM_NIBBLES    8   /**< Used For diagnostics only. */
+typedef uint32_t comp;	        /**< A single precision component. */
+typedef uint64_t long_comp;     /**< A double precision component. */
+typedef int64_t slong_comp;     /**< A signed double precision component. */
+#endif
+
+/**
+ * @struct  _bigint
+ * @brief A big integer basic object
+ */
+struct _bigint
+{
+    struct _bigint* next;       /**< The next bigint in the cache. */
+    short size;                 /**< The number of components in this bigint. */
+    short max_comps;            /**< The heapsize allocated for this bigint */
+    int refs;                   /**< An internal reference count. */
+    comp* comps;                /**< A ptr to the actual component data */
+};
+
+typedef struct _bigint bigint;  /**< An alias for _bigint */
+
+/**
+ * Maintains the state of the cache, and a number of variables used in 
+ * reduction.
+ */
+typedef struct /**< A big integer "session" context. */
+{
+    bigint *active_list;                    /**< Bigints currently used. */
+    bigint *free_list;                      /**< Bigints not used. */
+    bigint *bi_radix;                       /**< The radix used. */
+    bigint *bi_mod[BIGINT_NUM_MODS];        /**< modulus */
+
+#if defined(CONFIG_BIGINT_MONTGOMERY)
+    bigint *bi_RR_mod_m[BIGINT_NUM_MODS];   /**< R^2 mod m */
+    bigint *bi_R_mod_m[BIGINT_NUM_MODS];    /**< R mod m */
+    comp N0_dash[BIGINT_NUM_MODS];
+#elif defined(CONFIG_BIGINT_BARRETT)
+    bigint *bi_mu[BIGINT_NUM_MODS];         /**< Storage for mu */
+#endif
+    bigint *bi_normalised_mod[BIGINT_NUM_MODS]; /**< Normalised mod storage. */
+    bigint **g;                 /**< Used by sliding-window. */
+    int window;                 /**< The size of the sliding window */
+    int active_count;           /**< Number of active bigints. */
+    int free_count;             /**< Number of free bigints. */
+
+#ifdef CONFIG_BIGINT_MONTGOMERY
+    uint8_t use_classical;      /**< Use classical reduction. */
+#endif
+    uint8_t mod_offset;         /**< The mod offset we are using */
+} BI_CTX;
+
+#define axtls_max(a,b) ((a)>(b)?(a):(b))  /**< Find the maximum of 2 numbers. */
+#define axtls_min(a,b) ((a)<(b)?(a):(b))  /**< Find the minimum of 2 numbers. */
+
+#define PERMANENT           0x7FFF55AA  /**< A magic number for permanents. */
+
+#endif
diff --git a/crypto/crypto.h b/crypto/crypto.h
new file mode 100644
index 0000000000..da24d31c55
--- /dev/null
+++ b/crypto/crypto.h
@@ -0,0 +1,277 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file crypto.h
+ */
+
+#ifndef HEADER_CRYPTO_H
+#define HEADER_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "bigint_impl.h"
+#include "bigint.h"
+
+#ifndef STDCALL
+#define STDCALL
+#endif
+#ifndef EXP_FUNC
+#define EXP_FUNC
+#endif
+
+
+/* enable features based on a 'super-set' capbaility. */
+#if defined(CONFIG_SSL_FULL_MODE) 
+#define CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_CERT_VERIFICATION
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+#define CONFIG_SSL_CERT_VERIFICATION
+#endif
+
+/**************************************************************************
+ * AES declarations 
+ **************************************************************************/
+
+#define AES_MAXROUNDS			14
+#define AES_BLOCKSIZE           16
+#define AES_IV_SIZE             16
+
+typedef struct aes_key_st 
+{
+    uint16_t rounds;
+    uint16_t key_size;
+    uint32_t ks[(AES_MAXROUNDS+1)*8];
+    uint8_t iv[AES_IV_SIZE];
+} AES_CTX;
+
+typedef enum
+{
+    AES_MODE_128,
+    AES_MODE_256
+} AES_MODE;
+
+void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
+        const uint8_t *iv, AES_MODE mode);
+void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
+        uint8_t *out, int length);
+void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
+void AES_convert_key(AES_CTX *ctx);
+
+/**************************************************************************
+ * RC4 declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    uint8_t x, y, m[256];
+} RC4_CTX;
+
+void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
+void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
+
+/**************************************************************************
+ * SHA1 declarations 
+ **************************************************************************/
+
+#define SHA1_SIZE   20
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation
+ */
+typedef struct 
+{
+    uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
+    uint32_t Length_Low;            /* Message length in bits */
+    uint32_t Length_High;           /* Message length in bits */
+    uint16_t Message_Block_Index;   /* Index into message block array   */
+    uint8_t Message_Block[64];      /* 512-bit message blocks */
+} SHA1_CTX;
+
+void SHA1_Init(SHA1_CTX *);
+void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
+void SHA1_Final(uint8_t *digest, SHA1_CTX *);
+
+/**************************************************************************
+ * SHA256 declarations 
+ **************************************************************************/
+
+#define SHA256_SIZE   32
+
+typedef struct
+{
+    uint32_t total[2];
+    uint32_t state[8];
+    uint8_t buffer[64];
+} SHA256_CTX;
+
+void SHA256_Init(SHA256_CTX *c);
+void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
+void SHA256_Final(uint8_t *digest, SHA256_CTX *);
+
+/**************************************************************************
+ * SHA512 declarations 
+ **************************************************************************/
+
+#define SHA512_SIZE   64
+
+typedef struct
+{
+    union
+    {
+        uint64_t h[8];
+        uint8_t digest[64];
+    } h_dig;
+    union
+    {
+        uint64_t w[80];
+        uint8_t buffer[128];
+    } w_buf;
+    size_t size;
+    uint64_t totalSize;
+} SHA512_CTX;
+
+void SHA512_Init(SHA512_CTX *c);
+void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len);
+void SHA512_Final(uint8_t *digest, SHA512_CTX *);
+
+/**************************************************************************
+ * SHA384 declarations 
+ **************************************************************************/
+
+#define SHA384_SIZE   48
+
+typedef SHA512_CTX SHA384_CTX;
+void SHA384_Init(SHA384_CTX *c);
+void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len);
+void SHA384_Final(uint8_t *digest, SHA384_CTX *);
+
+/**************************************************************************
+ * MD5 declarations 
+ **************************************************************************/
+
+#define MD5_SIZE    16
+
+typedef struct 
+{
+  uint32_t state[4];        /* state (ABCD) */
+  uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
+  uint8_t buffer[64];       /* input buffer */
+} MD5_CTX;
+
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
+
+/**************************************************************************
+ * HMAC declarations 
+ **************************************************************************/
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * HMAC functions operating on vectors 
+ **************************************************************************/
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha1_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+void hmac_sha256_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+/**************************************************************************
+ * RSA declarations 
+ **************************************************************************/
+
+typedef struct 
+{
+    bigint *m;              /* modulus */
+    bigint *e;              /* public exponent */
+    bigint *d;              /* private exponent */
+#ifdef CONFIG_BIGINT_CRT
+    bigint *p;              /* p as in m = pq */
+    bigint *q;              /* q as in m = pq */
+    bigint *dP;             /* d mod (p-1) */
+    bigint *dQ;             /* d mod (q-1) */
+    bigint *qInv;           /* q^-1 mod p */
+#endif
+    int num_octets;
+    BI_CTX *bi_ctx;
+} RSA_CTX;
+
+void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#ifdef CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+        );
+void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len);
+void RSA_free(RSA_CTX *ctx);
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
+        int out_len, int is_decryption);
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp);
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing);
+void RSA_print(const RSA_CTX *ctx);
+#endif
+
+/**************************************************************************
+ * RNG declarations 
+ **************************************************************************/
+EXP_FUNC void STDCALL RNG_initialize(void);
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
+EXP_FUNC void STDCALL RNG_terminate(void);
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/crypto_misc.c b/crypto/crypto_misc.c
new file mode 100644
index 0000000000..c7f086dadb
--- /dev/null
+++ b/crypto/crypto_misc.c
@@ -0,0 +1,385 @@
+/*
+ * Copyright (c) 2007-2015, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some misc. routines to help things out
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+#ifdef CONFIG_WIN32_USE_CRYPTO_LIB
+#include "wincrypt.h"
+#endif
+
+#ifdef ESP8266
+#define CONFIG_SSL_SKELETON_MODE 1
+uint32_t phy_get_rand();
+#endif
+
+#if defined(CONFIG_USE_DEV_URANDOM)
+static int rng_fd = -1;
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+static HCRYPTPROV gCryptProv;
+#endif
+
+#if (!defined(ESP8266) && !defined(CONFIG_USE_DEV_URANDOM) && !defined(CONFIG_WIN32_USE_CRYPTO_LIB))
+/* change to processor registers as appropriate */
+#define ENTROPY_POOL_SIZE 32
+#define ENTROPY_COUNTER1 ((((uint64_t)tv.tv_sec)<<32) | tv.tv_usec)
+#define ENTROPY_COUNTER2 rand()
+static uint8_t entropy_pool[ENTROPY_POOL_SIZE];
+#endif
+
+const char * const unsupported_str = "Error: Feature not supported\n";
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+/**
+ * Retrieve a file and put it into memory
+ * @return The size of the file, or -1 on failure.
+ */
+int get_file(const char *filename, uint8_t **buf)
+{
+    int total_bytes = 0;
+    int bytes_read = 0;
+    int filesize;
+    FILE *stream = fopen(filename, "rb");
+
+    if (stream == NULL)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("file '%s' does not exist\n", filename); TTY_FLUSH();
+#endif
+        return -1;
+    }
+
+    /* Win CE doesn't support stat() */
+    fseek(stream, 0, SEEK_END);
+    filesize = ftell(stream);
+    *buf = (uint8_t *)malloc(filesize);
+    fseek(stream, 0, SEEK_SET);
+
+    do
+    {
+        bytes_read = fread(*buf+total_bytes, 1, filesize-total_bytes, stream);
+        total_bytes += bytes_read;
+    } while (total_bytes < filesize && bytes_read > 0);
+
+    fclose(stream);
+    return filesize;
+}
+#endif
+
+/**
+ * Initialise the Random Number Generator engine.
+ * - On Win32 use the platform SDK's crypto engine.
+ * - On Linux use /dev/urandom
+ * - If none of these work then use a custom RNG.
+ */
+EXP_FUNC void STDCALL RNG_initialize()
+{
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    rng_fd = open("/dev/urandom", O_RDONLY);
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    if (!CryptAcquireContext(&gCryptProv,
+                      NULL, NULL, PROV_RSA_FULL, 0))
+    {
+        if (GetLastError() == NTE_BAD_KEYSET &&
+                !CryptAcquireContext(&gCryptProv,
+                       NULL,
+                       NULL,
+                       PROV_RSA_FULL,
+                       CRYPT_NEWKEYSET))
+        {
+            printf("CryptoLib: %x\n", unsupported_str, GetLastError());
+            exit(1);
+        }
+    }
+#elif defined(ESP8266)
+#else
+    /* start of with a stack to copy across */
+    int i;
+    memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
+    rand_r((unsigned int *)entropy_pool); 
+#endif
+}
+
+/**
+ * If no /dev/urandom, then initialise the RNG with something interesting.
+ */
+EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size)
+{
+#if defined(WIN32) || defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    int i;
+
+    for (i = 0; i < ENTROPY_POOL_SIZE && i < size; i++)
+        entropy_pool[i] ^= seed_buf[i];
+#endif
+}
+
+/**
+ * Terminate the RNG engine.
+ */
+EXP_FUNC void STDCALL RNG_terminate(void)
+{
+#if defined(CONFIG_USE_DEV_URANDOM)
+    close(rng_fd);
+#elif defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    CryptReleaseContext(gCryptProv, 0);
+#endif
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes can be 0
+ */
+EXP_FUNC int STDCALL get_random(int num_rand_bytes, uint8_t *rand_data)
+{   
+#if !defined(WIN32) && defined(CONFIG_USE_DEV_URANDOM)
+    /* use the Linux default - read from /dev/urandom */
+    if (read(rng_fd, rand_data, num_rand_bytes) < 0) 
+        return -1;
+#elif defined(WIN32) && defined(CONFIG_WIN32_USE_CRYPTO_LIB)
+    /* use Microsoft Crypto Libraries */
+    CryptGenRandom(gCryptProv, num_rand_bytes, rand_data);
+#elif defined(ESP8266)
+    for (size_t cb = 0; cb < num_rand_bytes; cb += 4) {
+        uint32_t r = phy_get_rand();
+        size_t left = num_rand_bytes - cb;
+        left = (left < 4) ? left : 4;
+        memcpy(rand_data + cb, &r, left);
+    }
+#else   /* nothing else to use, so use a custom RNG */
+    /* The method we use when we've got nothing better. Use RC4, time
+       and a couple of random seeds to generate a random sequence */
+    AES_CTX rng_ctx;
+    struct timeval tv;
+    MD5_CTX rng_digest_ctx;
+    uint8_t digest[MD5_SIZE];
+    uint64_t *ep;
+    int i;
+
+    /* A proper implementation would use counters etc for entropy */
+    gettimeofday(&tv, NULL);
+    ep = (uint64_t *)entropy_pool;
+    ep[0] ^= ENTROPY_COUNTER1;
+    ep[1] ^= ENTROPY_COUNTER2;
+
+    /* use a digested version of the entropy pool as a key */
+    MD5_Init(&rng_digest_ctx);
+    MD5_Update(&rng_digest_ctx, entropy_pool, ENTROPY_POOL_SIZE);
+    MD5_Final(digest, &rng_digest_ctx);
+
+    /* come up with the random sequence */
+    AES_set_key(&rng_ctx, digest, (const uint8_t *)ep, AES_MODE_128); /* use as a key */
+    memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
+				num_rand_bytes : ENTROPY_POOL_SIZE);
+    AES_cbc_encrypt(&rng_ctx, rand_data, rand_data, num_rand_bytes);
+
+    /* move things along */
+    for (i = ENTROPY_POOL_SIZE-1; i >= MD5_SIZE ; i--)
+        entropy_pool[i] = entropy_pool[i-MD5_SIZE];
+
+    /* insert the digest at the start of the entropy pool */
+    memcpy(entropy_pool, digest, MD5_SIZE);
+#endif
+    return 0;
+}
+
+/**
+ * Set a series of bytes with a random number. Individual bytes are not zero.
+ */
+int get_random_NZ(int num_rand_bytes, uint8_t *rand_data)
+{
+    int i;
+    if (get_random(num_rand_bytes, rand_data))
+        return -1;
+
+    for (i = 0; i < num_rand_bytes; i++)
+    {
+        while (rand_data[i] == 0)  {
+            get_random(1, rand_data + i);
+        }
+    }
+
+    return 0;
+}
+
+/**
+ * Some useful diagnostic routines
+ */
+#if defined(CONFIG_SSL_FULL_MODE) || defined(CONFIG_DEBUG)
+int hex_finish;
+int hex_index;
+
+static void print_hex_init(int finish)
+{
+    hex_finish = finish;
+    hex_index = 0;
+}
+
+static void print_hex(uint8_t hex)
+{
+    static int column;
+
+    if (hex_index == 0)
+    {
+        column = 0;
+    }
+
+    printf("%02x ", hex);
+    if (++column == 8)
+    {
+        printf(": ");
+    }
+    else if (column >= 16)
+    {
+        printf("\n");
+        column = 0;
+    }
+
+    if (++hex_index >= hex_finish && column > 0)
+    {
+        printf("\n");
+    }
+}
+
+/**
+ * Spit out a blob of data for diagnostics. The data is is a nice column format
+ * for easy reading.
+ *
+ * @param format   [in]    The string (with possible embedded format characters)
+ * @param size     [in]    The number of numbers to print
+ * @param data     [in]    The start of data to use
+ * @param ...      [in]    Any additional arguments
+ */
+EXP_FUNC void STDCALL print_blob(const char *format,
+        const uint8_t *data, int size, ...)
+{
+    int i;
+    char tmp[80];
+    va_list(ap);
+
+    va_start(ap, size);
+    snprintf(tmp, sizeof(tmp), "SSL: %s\n", format);
+    vprintf(tmp, ap);
+    print_hex_init(size);
+    for (i = 0; i < size; i++)
+    {
+        print_hex(data[i]);
+    }
+
+    va_end(ap);
+    TTY_FLUSH();
+}
+#elif defined(WIN32)
+/* VC6.0 doesn't handle variadic macros */
+EXP_FUNC void STDCALL print_blob(const char *format, const unsigned char *data,
+        int size, ...) {}
+#endif
+
+#if defined(CONFIG_SSL_HAS_PEM) || defined(CONFIG_HTTP_HAS_AUTHORIZATION)
+/* base64 to binary lookup table */
+static const uint8_t map[128] PROGMEM =
+{
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+    255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
+    52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
+    255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
+    7,   8,   9,  10,  11,  12,  13,  14,  15,  16,  17,  18,
+    19,  20,  21,  22,  23,  24,  25, 255, 255, 255, 255, 255,
+    255,  26,  27,  28,  29,  30,  31,  32,  33,  34,  35,  36,
+    37,  38,  39,  40,  41,  42,  43,  44,  45,  46,  47,  48,
+    49,  50,  51, 255, 255, 255, 255, 255
+};
+
+EXP_FUNC int STDCALL base64_decode(const char *in, int len,
+                    uint8_t *out, int *outlen)
+{
+    int g, t, x, y, z;
+    uint8_t c;
+    int ret = -1;
+
+    g = 3;
+    for (x = y = z = t = 0; x < len; x++)
+    {
+        if ((c = ax_array_read_u8(map, in[x]&0x7F)) == 0xff)
+            continue;
+
+        if (c == 254)   /* this is the end... */
+        {
+            c = 0;
+
+            if (--g < 0)
+                goto error;
+        }
+        else if (g != 3) /* only allow = at end */
+            goto error;
+
+        t = (t<<6) | c;
+
+        if (++y == 4)
+        {
+            out[z++] = (uint8_t)((t>>16)&255);
+
+            if (g > 1)
+                out[z++] = (uint8_t)((t>>8)&255);
+
+            if (g > 2)
+                out[z++] = (uint8_t)(t&255);
+
+            y = t = 0;
+        }
+
+        /* check that we don't go past the output buffer */
+        if (z > *outlen)
+            goto error;
+    }
+
+    if (y != 0)
+        goto error;
+
+    *outlen = z;
+    ret = 0;
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret < 0)
+        printf("Error: Invalid base64\n"); TTY_FLUSH();
+#endif
+    TTY_FLUSH();
+    return ret;
+
+}
+#endif
diff --git a/crypto/hmac.c b/crypto/hmac.c
new file mode 100644
index 0000000000..a0ae84ccf8
--- /dev/null
+++ b/crypto/hmac.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * HMAC implementation - This code was originally taken from RFC2104
+ * See http://www.ietf.org/rfc/rfc2104.txt and
+ * http://www.faqs.org/rfcs/rfc2202.html
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/**
+ * Perform HMAC-MD5
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_md5_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_md5_v(const uint8_t **msg, int* length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    MD5_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    MD5_Init(&context);
+    MD5_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        MD5_Update(&context, msg[i], length[i]);
+    }
+    MD5_Final(digest, &context);
+    MD5_Init(&context);
+    MD5_Update(&context, k_opad, 64);
+    MD5_Update(&context, digest, MD5_SIZE);
+    MD5_Final(digest, &context);
+}
+
+/**
+ * Perform HMAC-SHA1
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_sha1_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha1_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA1_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA1_Update(&context, msg[i], length[i]);
+    }
+    SHA1_Final(digest, &context);
+    SHA1_Init(&context);
+    SHA1_Update(&context, k_opad, 64);
+    SHA1_Update(&context, digest, SHA1_SIZE);
+    SHA1_Final(digest, &context);
+}
+
+/**
+ * Perform HMAC-SHA256
+ * NOTE: does not handle keys larger than the block size.
+ */
+void hmac_sha256(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    hmac_sha256_v(&msg, &length, 1, key, key_len, digest);
+}
+
+void hmac_sha256_v(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest)
+{
+    SHA256_CTX context;
+    uint8_t k_ipad[64];
+    uint8_t k_opad[64];
+    int i;
+
+    memset(k_ipad, 0, sizeof k_ipad);
+    memset(k_opad, 0, sizeof k_opad);
+    memcpy(k_ipad, key, key_len);
+    memcpy(k_opad, key, key_len);
+
+    for (i = 0; i < 64; i++) 
+    {
+        k_ipad[i] ^= 0x36;
+        k_opad[i] ^= 0x5c;
+    }
+
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_ipad, 64);
+    for (i = 0; i < count; ++i) 
+    {
+        SHA256_Update(&context, msg[i], length[i]);
+    }
+    SHA256_Final(digest, &context);
+    SHA256_Init(&context);
+    SHA256_Update(&context, k_opad, 64);
+    SHA256_Update(&context, digest, SHA256_SIZE);
+    SHA256_Final(digest, &context);
+}
+
diff --git a/crypto/md5.c b/crypto/md5.c
new file mode 100644
index 0000000000..1a8786f473
--- /dev/null
+++ b/crypto/md5.c
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * This file implements the MD5 algorithm as defined in RFC1321
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+/* ----- static functions ----- */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64]);
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len);
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len);
+
+static const uint8_t PADDING[64] PROGMEM = 
+{
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.  */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+   Rotation is separate from addition to prevent recomputation.  */
+#define FF(a, b, c, d, x, s, ac) { \
+    (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define GG(a, b, c, d, x, s, ac) { \
+    (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define HH(a, b, c, d, x, s, ac) { \
+    (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+#define II(a, b, c, d, x, s, ac) { \
+    (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
+    (a) = ROTATE_LEFT ((a), (s)); \
+    (a) += (b); \
+  }
+
+/**
+ * MD5 initialization - begins an MD5 operation, writing a new ctx.
+ */
+EXP_FUNC void STDCALL MD5_Init(MD5_CTX *ctx)
+{
+    ctx->count[0] = ctx->count[1] = 0;
+
+    /* Load magic initialization constants.
+     */
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xefcdab89;
+    ctx->state[2] = 0x98badcfe;
+    ctx->state[3] = 0x10325476;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+EXP_FUNC void STDCALL MD5_Update(MD5_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t x;
+    int i, partLen;
+
+    /* Compute number of bytes mod 64 */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3F);
+
+    /* Update number of bits */
+    if ((ctx->count[0] += ((uint32_t)len << 3)) < ((uint32_t)len << 3))
+        ctx->count[1]++;
+    ctx->count[1] += ((uint32_t)len >> 29);
+
+    partLen = 64 - x;
+
+    /* Transform as many times as possible.  */
+    if (len >= partLen) 
+    {
+        memcpy(&ctx->buffer[x], msg, partLen);
+        MD5Transform(ctx->state, ctx->buffer);
+
+        for (i = partLen; i + 63 < len; i += 64)
+            MD5Transform(ctx->state, &msg[i]);
+
+        x = 0;
+    }
+    else
+        i = 0;
+
+    /* Buffer remaining input */
+    memcpy(&ctx->buffer[x], &msg[i], len-i);
+}
+
+/**
+ * Return the 128-bit message digest into the user's array
+ */
+EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *ctx)
+{
+    uint8_t bits[8];
+    uint32_t x, padLen;
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t PADDING_stack[64];
+    memcpy(PADDING_stack, PADDING, 64);
+#endif
+    /* Save number of bits */
+    Encode(bits, ctx->count, 8);
+
+    /* Pad out to 56 mod 64.
+     */
+    x = (uint32_t)((ctx->count[0] >> 3) & 0x3f);
+    padLen = (x < 56) ? (56 - x) : (120 - x);
+#ifdef WITH_PGM_READ_HELPER
+    MD5_Update(ctx, PADDING_stack, padLen);
+#else
+    MD5_Update(ctx, PADDING, padLen);
+#endif
+
+    /* Append length (before padding) */
+    MD5_Update(ctx, bits, 8);
+
+    /* Store state in digest */
+    Encode(digest, ctx->state, MD5_SIZE);
+}
+
+/**
+ * MD5 basic transformation. Transforms state based on block.
+ */
+static void MD5Transform(uint32_t state[4], const uint8_t block[64])
+{
+    uint32_t a = state[0], b = state[1], c = state[2], 
+             d = state[3], x[MD5_SIZE];
+
+    Decode(x, block, 64);
+
+    /* Round 1 */
+    FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
+    FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
+    FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
+    FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
+    FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
+    FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
+    FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
+    FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
+    FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
+    FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
+    FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
+    FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
+    FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
+    FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
+    FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
+    FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
+
+    /* Round 2 */
+    GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
+    GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
+    GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
+    GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
+    GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
+    GG (d, a, b, c, x[10], S22,  0x2441453); /* 22 */
+    GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
+    GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
+    GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
+    GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
+    GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
+    GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
+    GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
+    GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
+    GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
+    GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
+
+    /* Round 3 */
+    HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
+    HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
+    HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
+    HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
+    HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
+    HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
+    HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
+    HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
+    HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
+    HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
+    HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
+    HH (b, c, d, a, x[ 6], S34,  0x4881d05); /* 44 */
+    HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
+    HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
+    HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
+    HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
+
+    /* Round 4 */
+    II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
+    II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
+    II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
+    II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
+    II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
+    II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
+    II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
+    II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
+    II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
+    II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
+    II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
+    II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
+    II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
+    II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
+    II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
+    II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
+
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+}
+
+/**
+ * Encodes input (uint32_t) into output (uint8_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Encode(uint8_t *output, uint32_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4) 
+    {
+        output[j] = (uint8_t)(input[i] & 0xff);
+        output[j+1] = (uint8_t)((input[i] >> 8) & 0xff);
+        output[j+2] = (uint8_t)((input[i] >> 16) & 0xff);
+        output[j+3] = (uint8_t)((input[i] >> 24) & 0xff);
+    }
+}
+
+/**
+ *  Decodes input (uint8_t) into output (uint32_t). Assumes len is
+ *   a multiple of 4.
+ */
+static void Decode(uint32_t *output, const uint8_t *input, uint32_t len)
+{
+    uint32_t i, j;
+
+    for (i = 0, j = 0; j < len; i++, j += 4)
+        output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
+            (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
+}
diff --git a/crypto/os_int.h b/crypto/os_int.h
new file mode 100644
index 0000000000..02e7d2d546
--- /dev/null
+++ b/crypto/os_int.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2012-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_int.h
+ *
+ * Ensure a consistent bit size 
+ */
+
+#ifndef HEADER_OS_INT_H
+#define HEADER_OS_INT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* some bool types - just make life easier */
+typedef char bool;
+#define false       0
+#define true        1
+
+#if defined(WIN32)
+typedef UINT8 uint8_t;
+typedef INT8 int8_t;
+typedef UINT16 uint16_t;
+typedef INT16 int16_t;
+typedef UINT32 uint32_t;
+typedef INT32 int32_t;
+typedef UINT64 uint64_t;
+typedef INT64 int64_t;
+#else   /* Not Win32 */
+
+#ifdef CONFIG_PLATFORM_SOLARIS
+#include <inttypes.h>
+#else
+#include <stdint.h>
+#endif /* Not Solaris */
+
+#endif /* Not Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/crypto/rc4.c b/crypto/rc4.c
new file mode 100644
index 0000000000..edfb27a575
--- /dev/null
+++ b/crypto/rc4.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * An implementation of the RC4/ARC4 algorithm.
+ * Originally written by Christophe Devine.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/* only used for PKCS12 now */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+/**
+ * Get ready for an encrypt/decrypt operation
+ */
+void RC4_setup(RC4_CTX *ctx, const uint8_t *key, int length)
+{
+    int i, j = 0, k = 0, a;
+    uint8_t *m;
+
+    ctx->x = 0;
+    ctx->y = 0;
+    m = ctx->m;
+
+    for (i = 0; i < 256; i++)
+        m[i] = i;
+
+    for (i = 0; i < 256; i++)
+    {
+        a = m[i];
+        j = (uint8_t)(j + a + key[k]);
+        m[i] = m[j]; 
+        m[j] = a;
+
+        if (++k >= length) 
+            k = 0;
+    }
+}
+
+/**
+ * Perform the encrypt/decrypt operation (can use it for either since
+ * this is a stream cipher).
+ * NOTE: *msg and *out must be the same pointer (performance tweak)
+ */
+void RC4_crypt(RC4_CTX *ctx, const uint8_t *msg, uint8_t *out, int length)
+{ 
+    int i;
+    uint8_t *m, x, y, a, b;
+
+    x = ctx->x;
+    y = ctx->y;
+    m = ctx->m;
+
+    for (i = 0; i < length; i++)
+    {
+        a = m[++x];
+        y += a;
+        m[x] = b = m[y];
+        m[y] = a;
+        out[i] ^= m[(uint8_t)(a + b)];
+    }
+
+    ctx->x = x;
+    ctx->y = y;
+}
+
+#endif
diff --git a/crypto/rsa.c b/crypto/rsa.c
new file mode 100644
index 0000000000..ab74b4d3be
--- /dev/null
+++ b/crypto/rsa.c
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Implements the RSA public encryption algorithm. Uses the bigint library to
+ * perform its calculations.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "crypto.h"
+
+void RSA_priv_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len,
+        const uint8_t *priv_exp, int priv_len
+#if CONFIG_BIGINT_CRT
+      , const uint8_t *p, int p_len,
+        const uint8_t *q, int q_len,
+        const uint8_t *dP, int dP_len,
+        const uint8_t *dQ, int dQ_len,
+        const uint8_t *qInv, int qInv_len
+#endif
+    )
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+    RSA_pub_key_new(ctx, modulus, mod_len, pub_exp, pub_len);
+    rsa_ctx = *ctx;
+    bi_ctx = rsa_ctx->bi_ctx;
+    rsa_ctx->d = bi_import(bi_ctx, priv_exp, priv_len);
+    bi_permanent(rsa_ctx->d);
+
+#ifdef CONFIG_BIGINT_CRT
+    rsa_ctx->p = bi_import(bi_ctx, p, p_len);
+    rsa_ctx->q = bi_import(bi_ctx, q, q_len);
+    rsa_ctx->dP = bi_import(bi_ctx, dP, dP_len);
+    rsa_ctx->dQ = bi_import(bi_ctx, dQ, dQ_len);
+    rsa_ctx->qInv = bi_import(bi_ctx, qInv, qInv_len);
+    bi_permanent(rsa_ctx->dP);
+    bi_permanent(rsa_ctx->dQ);
+    bi_permanent(rsa_ctx->qInv);
+    bi_set_mod(bi_ctx, rsa_ctx->p, BIGINT_P_OFFSET);
+    bi_set_mod(bi_ctx, rsa_ctx->q, BIGINT_Q_OFFSET);
+#endif
+}
+
+void RSA_pub_key_new(RSA_CTX **ctx, 
+        const uint8_t *modulus, int mod_len,
+        const uint8_t *pub_exp, int pub_len)
+{
+    RSA_CTX *rsa_ctx;
+    BI_CTX *bi_ctx;
+
+    if (*ctx)   /* if we load multiple certs, dump the old one */
+        RSA_free(*ctx);
+
+    bi_ctx = bi_initialize();
+    *ctx = (RSA_CTX *)calloc(1, sizeof(RSA_CTX));
+    rsa_ctx = *ctx;
+    rsa_ctx->bi_ctx = bi_ctx;
+    rsa_ctx->num_octets = mod_len;
+    rsa_ctx->m = bi_import(bi_ctx, modulus, mod_len);
+    bi_set_mod(bi_ctx, rsa_ctx->m, BIGINT_M_OFFSET);
+    rsa_ctx->e = bi_import(bi_ctx, pub_exp, pub_len);
+    bi_permanent(rsa_ctx->e);
+}
+
+/**
+ * Free up any RSA context resources.
+ */
+void RSA_free(RSA_CTX *rsa_ctx)
+{
+    BI_CTX *bi_ctx;
+    if (rsa_ctx == NULL)                /* deal with ptrs that are null */
+        return;
+
+    bi_ctx = rsa_ctx->bi_ctx;
+
+    bi_depermanent(rsa_ctx->e);
+    bi_free(bi_ctx, rsa_ctx->e);
+    bi_free_mod(rsa_ctx->bi_ctx, BIGINT_M_OFFSET);
+
+    if (rsa_ctx->d)
+    {
+        bi_depermanent(rsa_ctx->d);
+        bi_free(bi_ctx, rsa_ctx->d);
+#ifdef CONFIG_BIGINT_CRT
+        bi_depermanent(rsa_ctx->dP);
+        bi_depermanent(rsa_ctx->dQ);
+        bi_depermanent(rsa_ctx->qInv);
+        bi_free(bi_ctx, rsa_ctx->dP);
+        bi_free(bi_ctx, rsa_ctx->dQ);
+        bi_free(bi_ctx, rsa_ctx->qInv);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_P_OFFSET);
+        bi_free_mod(rsa_ctx->bi_ctx, BIGINT_Q_OFFSET);
+#endif
+    }
+
+    bi_terminate(bi_ctx);
+    free(rsa_ctx);
+}
+
+/**
+ * @brief Use PKCS1.5 for decryption/verification.
+ * @param ctx [in] The context
+ * @param in_data [in] The data to decrypt (must be < modulus size-11)
+ * @param out_data [out] The decrypted data.
+ * @param out_len [int] The size of the decrypted buffer in bytes
+ * @param is_decryption [in] Decryption or verify operation.
+ * @return  The number of bytes that were originally encrypted. -1 on error.
+ * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, 
+                            uint8_t *out_data, int out_len, int is_decryption)
+{
+    const int byte_size = ctx->num_octets;
+    int i = 0, size = -1;
+    bigint *decrypted_bi, *dat_bi;
+    uint8_t *block = NULL;
+    int pad_count = 0;
+
+    do
+    {
+    if (out_len < byte_size)        /* check output has enough size */
+       break;
+
+    block = (uint8_t *)malloc(byte_size);
+    if (!block)
+       break;
+
+    memset(out_data, 0, out_len);   /* initialise */
+
+    /* decrypt */
+    dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    decrypted_bi = is_decryption ?  /* decrypt or verify? */
+            RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi);
+#else   /* always a decryption */
+    decrypted_bi = RSA_private(ctx, dat_bi);
+#endif
+
+    /* convert to a normal block */
+    bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size);
+
+    if (block[i++] != 0)             /* leading 0? */
+        break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */
+    {
+        if (block[i++] != 0x01)     /* BT correct? */
+            break;
+
+        while (block[i++] == 0xff && i < byte_size)
+            pad_count++;
+    }
+    else                    /* PKCS1.5 encryption padding is random */
+#endif
+    {
+        if (block[i++] != 0x02)     /* BT correct? */
+            break;
+
+        while (block[i++] && i < byte_size)
+            pad_count++;
+    }
+
+    /* check separator byte 0x00 - and padding must be 8 or more bytes */
+    if (i == byte_size || pad_count < 8) 
+        break;
+
+    size = byte_size - i;
+
+    /* get only the bit we want */
+    memcpy(out_data, &block[i], size);
+    } while(false);
+
+    if(block)
+       free(block);
+
+    return size;
+}
+
+/**
+ * Performs m = c^d mod n
+ */
+bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg)
+{
+#ifdef CONFIG_BIGINT_CRT
+    return bi_crt(c->bi_ctx, bi_msg, c->dP, c->dQ, c->p, c->q, c->qInv);
+#else
+    BI_CTX *ctx = c->bi_ctx;
+    ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(ctx, bi_msg, c->d);
+#endif
+}
+
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Used for diagnostics.
+ */
+void RSA_print(const RSA_CTX *rsa_ctx) 
+{
+    if (rsa_ctx == NULL)
+        return;
+
+    printf("-----------------   RSA DEBUG   ----------------\n");
+    printf("Size:\t%d\n", rsa_ctx->num_octets);
+    bi_print("Modulus", rsa_ctx->m);
+    bi_print("Public Key", rsa_ctx->e);
+    bi_print("Private Key", rsa_ctx->d);
+}
+#endif
+
+#if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
+/**
+ * Performs c = m^e mod n
+ */
+bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg)
+{
+    c->bi_ctx->mod_offset = BIGINT_M_OFFSET;
+    return bi_mod_power(c->bi_ctx, bi_msg, c->e);
+}
+
+/**
+ * Use PKCS1.5 for encryption/signing.
+ * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125
+ */
+int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
+        uint8_t *out_data, int is_signing)
+{
+    int byte_size = ctx->num_octets;
+    int num_pads_needed = byte_size-in_len-3;
+    bigint *dat_bi, *encrypt_bi;
+
+    /* note: in_len+11 must be > byte_size */
+    out_data[0] = 0;     /* ensure encryption block is < modulus */
+
+    if (is_signing)
+    {
+        out_data[1] = 1;        /* PKCS1.5 signing pads with "0xff"'s */
+        memset(&out_data[2], 0xff, num_pads_needed);
+    }
+    else /* randomize the encryption padding with non-zero bytes */   
+    {
+        out_data[1] = 2;
+        if (get_random_NZ(num_pads_needed, &out_data[2]) < 0)
+            return -1;
+    }
+
+    out_data[2+num_pads_needed] = 0;
+    memcpy(&out_data[3+num_pads_needed], in_data, in_len);
+
+    /* now encrypt it */
+    dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size);
+    encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : 
+                              RSA_public(ctx, dat_bi);
+    bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size);
+
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx->bi_ctx);
+    return byte_size;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
diff --git a/crypto/sha1.c b/crypto/sha1.c
new file mode 100644
index 0000000000..1082733e7e
--- /dev/null
+++ b/crypto/sha1.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
+ * This code was originally taken from RFC3174
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+/*
+ *  Define the SHA1 circular left shift macro
+ */
+#define SHA1CircularShift(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/* ----- static functions ----- */
+static void SHA1PadMessage(SHA1_CTX *ctx);
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
+
+/**
+ * Initialize the SHA1 context 
+ */
+void SHA1_Init(SHA1_CTX *ctx)
+{
+    ctx->Length_Low             = 0;
+    ctx->Length_High            = 0;
+    ctx->Message_Block_Index    = 0;
+    ctx->Intermediate_Hash[0]   = 0x67452301;
+    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
+    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
+    ctx->Intermediate_Hash[3]   = 0x10325476;
+    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
+{
+    while (len--)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
+        ctx->Length_Low += 8;
+
+        if (ctx->Length_Low == 0)
+            ctx->Length_High++;
+
+        if (ctx->Message_Block_Index == 64)
+            SHA1ProcessMessageBlock(ctx);
+
+        msg++;
+    }
+}
+
+/**
+ * Return the 160-bit message digest into the user's array
+ */
+void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
+{
+    int i;
+
+    SHA1PadMessage(ctx);
+    memset(ctx->Message_Block, 0, 64);
+    ctx->Length_Low = 0;    /* and clear length */
+    ctx->Length_High = 0;
+
+    for  (i = 0; i < SHA1_SIZE; i++)
+    {
+        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
+    }
+}
+
+/**
+ * Process the next 512 bits of the message stored in the array.
+ */
+static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
+{
+    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
+                            0x5A827999,
+                            0x6ED9EBA1,
+                            0x8F1BBCDC,
+                            0xCA62C1D6
+                            };
+    int        t;                 /* Loop counter                */
+    uint32_t      temp;              /* Temporary word value        */
+    uint32_t      W[80];             /* Word sequence               */
+    uint32_t      A, B, C, D, E;     /* Word buffers                */
+
+    /*
+     *  Initialize the first 16 words in the array W
+     */
+    for  (t = 0; t < 16; t++)
+    {
+        W[t] = ctx->Message_Block[t * 4] << 24;
+        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
+        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
+        W[t] |= ctx->Message_Block[t * 4 + 3];
+    }
+
+    for (t = 16; t < 80; t++)
+    {
+       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->Intermediate_Hash[0];
+    B = ctx->Intermediate_Hash[1];
+    C = ctx->Intermediate_Hash[2];
+    D = ctx->Intermediate_Hash[3];
+    E = ctx->Intermediate_Hash[4];
+
+    for (t = 0; t < 20; t++)
+    {
+        temp =  SHA1CircularShift(5,A) +
+                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+
+        B = A;
+        A = temp;
+    }
+
+    for (t = 20; t < 40; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 40; t < 60; t++)
+    {
+        temp = SHA1CircularShift(5,A) +
+               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    for (t = 60; t < 80; t++)
+    {
+        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+        E = D;
+        D = C;
+        C = SHA1CircularShift(30,B);
+        B = A;
+        A = temp;
+    }
+
+    ctx->Intermediate_Hash[0] += A;
+    ctx->Intermediate_Hash[1] += B;
+    ctx->Intermediate_Hash[2] += C;
+    ctx->Intermediate_Hash[3] += D;
+    ctx->Intermediate_Hash[4] += E;
+    ctx->Message_Block_Index = 0;
+}
+
+/*
+ * According to the standard, the message must be padded to an even
+ * 512 bits.  The first padding bit must be a '1'.  The last 64
+ * bits represent the length of the original message.  All bits in
+ * between should be 0.  This function will pad the message
+ * according to those rules by filling the Message_Block array
+ * accordingly.  It will also call the ProcessMessageBlock function
+ * provided appropriately.  When it returns, it can be assumed that
+ * the message digest has been computed.
+ *
+ * @param ctx [in, out] The SHA1 context
+ */
+static void SHA1PadMessage(SHA1_CTX *ctx)
+{
+    /*
+     *  Check to see if the current message block is too small to hold
+     *  the initial padding bits and length.  If so, we will pad the
+     *  block, process it, and then continue padding into a second
+     *  block.
+     */
+    if (ctx->Message_Block_Index > 55)
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 64)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+
+        SHA1ProcessMessageBlock(ctx);
+
+        while (ctx->Message_Block_Index < 56)
+        {
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+    else
+    {
+        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
+        while(ctx->Message_Block_Index < 56)
+        {
+
+            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
+        }
+    }
+
+    /*
+     *  Store the message length as the last 8 octets
+     */
+    ctx->Message_Block[56] = ctx->Length_High >> 24;
+    ctx->Message_Block[57] = ctx->Length_High >> 16;
+    ctx->Message_Block[58] = ctx->Length_High >> 8;
+    ctx->Message_Block[59] = ctx->Length_High;
+    ctx->Message_Block[60] = ctx->Length_Low >> 24;
+    ctx->Message_Block[61] = ctx->Length_Low >> 16;
+    ctx->Message_Block[62] = ctx->Length_Low >> 8;
+    ctx->Message_Block[63] = ctx->Length_Low;
+    SHA1ProcessMessageBlock(ctx);
+}
diff --git a/crypto/sha256.c b/crypto/sha256.c
new file mode 100644
index 0000000000..ba1ac95fe4
--- /dev/null
+++ b/crypto/sha256.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+
+#define GET_UINT32(n,b,i)                       \
+{                                               \
+    (n) = ((uint32_t) (b)[(i)    ] << 24)       \
+        | ((uint32_t) (b)[(i) + 1] << 16)       \
+        | ((uint32_t) (b)[(i) + 2] <<  8)       \
+        | ((uint32_t) (b)[(i) + 3]      );      \
+}
+
+#define PUT_UINT32(n,b,i)                       \
+{                                               \
+    (b)[(i)    ] = (uint8_t) ((n) >> 24);       \
+    (b)[(i) + 1] = (uint8_t) ((n) >> 16);       \
+    (b)[(i) + 2] = (uint8_t) ((n) >>  8);       \
+    (b)[(i) + 3] = (uint8_t) ((n)      );       \
+}
+
+static const uint8_t sha256_padding[64] PROGMEM =
+{
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+/**
+ * Initialize the SHA256 context 
+ */
+void SHA256_Init(SHA256_CTX *ctx)
+{
+    ctx->total[0] = 0;
+    ctx->total[1] = 0;
+
+    ctx->state[0] = 0x6A09E667;
+    ctx->state[1] = 0xBB67AE85;
+    ctx->state[2] = 0x3C6EF372;
+    ctx->state[3] = 0xA54FF53A;
+    ctx->state[4] = 0x510E527F;
+    ctx->state[5] = 0x9B05688C;
+    ctx->state[6] = 0x1F83D9AB;
+    ctx->state[7] = 0x5BE0CD19;
+}
+
+static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
+{
+    uint32_t temp1, temp2, W[64];
+    uint32_t A, B, C, D, E, F, G, H;
+
+    GET_UINT32(W[0],  digest,  0);
+    GET_UINT32(W[1],  digest,  4);
+    GET_UINT32(W[2],  digest,  8);
+    GET_UINT32(W[3],  digest, 12);
+    GET_UINT32(W[4],  digest, 16);
+    GET_UINT32(W[5],  digest, 20);
+    GET_UINT32(W[6],  digest, 24);
+    GET_UINT32(W[7],  digest, 28);
+    GET_UINT32(W[8],  digest, 32);
+    GET_UINT32(W[9],  digest, 36);
+    GET_UINT32(W[10], digest, 40);
+    GET_UINT32(W[11], digest, 44);
+    GET_UINT32(W[12], digest, 48);
+    GET_UINT32(W[13], digest, 52);
+    GET_UINT32(W[14], digest, 56);
+    GET_UINT32(W[15], digest, 60);
+
+#define  SHR(x,n) ((x & 0xFFFFFFFF) >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+
+#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
+#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
+
+#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define R(t)                                    \
+(                                              \
+    W[t] = S1(W[t -  2]) + W[t -  7] +          \
+           S0(W[t - 15]) + W[t - 16]            \
+)
+
+#define P(a,b,c,d,e,f,g,h,x,K)                  \
+{                                               \
+    temp1 = h + S3(e) + F1(e,f,g) + K + x;      \
+    temp2 = S2(a) + F0(a,b,c);                  \
+    d += temp1; h = temp1 + temp2;              \
+}
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+    F = ctx->state[5];
+    G = ctx->state[6];
+    H = ctx->state[7];
+
+    P(A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
+    P(H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
+    P(G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
+    P(F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
+    P(E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
+    P(D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
+    P(C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
+    P(B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
+    P(A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
+    P(H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
+    P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
+    P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
+    P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
+    P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
+    P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
+    P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
+    P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
+    P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
+    P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
+    P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
+    P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
+    P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
+    P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
+    P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
+    P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
+    P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
+    P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
+    P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
+    P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
+    P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
+    P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
+    P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
+    P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
+    P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
+    P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
+    P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
+    P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
+    P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
+    P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
+    P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
+    P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
+    P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
+    P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
+    P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
+    P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
+    P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
+    P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
+    P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
+    P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
+    P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
+    P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
+    P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
+    P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
+    P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
+    P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
+    P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
+    P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
+    P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
+    P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
+    P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
+    P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
+    P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
+    P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
+    P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+    ctx->state[5] += F;
+    ctx->state[6] += G;
+    ctx->state[7] += H;
+}
+
+/**
+ * Accepts an array of octets as the next portion of the message.
+ */
+void SHA256_Update(SHA256_CTX *ctx, const uint8_t * msg, int len)
+{
+    uint32_t left = ctx->total[0] & 0x3F;
+    uint32_t fill = 64 - left;
+
+    ctx->total[0] += len;
+    ctx->total[0] &= 0xFFFFFFFF;
+
+    if (ctx->total[0] < len)
+        ctx->total[1]++;
+
+    if (left && len >= fill)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *)msg, fill);
+        SHA256_Process(ctx->buffer, ctx);
+        len -= fill;
+        msg  += fill;
+        left = 0;
+    }
+
+    while (len >= 64)
+    {
+        SHA256_Process(msg, ctx);
+        len -= 64;
+        msg  += 64;
+    }
+
+    if (len)
+    {
+        memcpy((void *) (ctx->buffer + left), (void *) msg, len);
+    }
+}
+
+/**
+ * Return the 256-bit message digest into the user's array
+ */
+void SHA256_Final(uint8_t *digest, SHA256_CTX *ctx)
+{
+    uint32_t last, padn;
+    uint32_t high, low;
+    uint8_t msglen[8];
+#ifdef WITH_PGM_READ_HELPER
+    uint8_t sha256_padding_ram[64];
+    memcpy(sha256_padding_ram, sha256_padding, 64);
+#endif
+
+    high = (ctx->total[0] >> 29)
+         | (ctx->total[1] <<  3);
+    low  = (ctx->total[0] <<  3);
+
+    PUT_UINT32(high, msglen, 0);
+    PUT_UINT32(low,  msglen, 4);
+
+    last = ctx->total[0] & 0x3F;
+    padn = (last < 56) ? (56 - last) : (120 - last);
+#ifdef WITH_PGM_READ_HELPER
+    SHA256_Update(ctx, sha256_padding_ram, padn);
+#else
+    SHA256_Update(ctx, sha256_padding, padn);
+#endif
+    SHA256_Update(ctx, msglen, 8);
+
+    PUT_UINT32(ctx->state[0], digest,  0);
+    PUT_UINT32(ctx->state[1], digest,  4);
+    PUT_UINT32(ctx->state[2], digest,  8);
+    PUT_UINT32(ctx->state[3], digest, 12);
+    PUT_UINT32(ctx->state[4], digest, 16);
+    PUT_UINT32(ctx->state[5], digest, 20);
+    PUT_UINT32(ctx->state[6], digest, 24);
+    PUT_UINT32(ctx->state[7], digest, 28);
+}
diff --git a/crypto/sha384.c b/crypto/sha384.c
new file mode 100644
index 0000000000..f1071be93b
--- /dev/null
+++ b/crypto/sha384.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+ 
+/**
+* Initialize the SHA384 context 
+*/
+ void SHA384_Init(SHA384_CTX *ctx)
+ {
+    //Set initial hash value
+    ctx->h_dig.h[0] = 0xCBBB9D5DC1059ED8LL;
+    ctx->h_dig.h[1] = 0x629A292A367CD507LL;
+    ctx->h_dig.h[2] = 0x9159015A3070DD17LL;
+    ctx->h_dig.h[3] = 0x152FECD8F70E5939LL;
+    ctx->h_dig.h[4] = 0x67332667FFC00B31LL;
+    ctx->h_dig.h[5] = 0x8EB44A8768581511LL;
+    ctx->h_dig.h[6] = 0xDB0C2E0D64F98FA7LL;
+    ctx->h_dig.h[7] = 0x47B5481DBEFA4FA4LL;
+ 
+    // Number of bytes in the buffer
+    ctx->size = 0;
+    // Total length of the message
+    ctx->totalSize = 0;
+ }
+ 
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Update(ctx, msg, len);
+}
+ 
+/**
+* Return the 384-bit message digest into the user's array
+*/
+void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
+{
+    // The function is defined in the exact same manner as SHA-512
+    SHA512_Final(NULL, ctx);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+        memcpy(digest, ctx->h_dig.digest, SHA384_SIZE);
+}
+ 
diff --git a/crypto/sha512.c b/crypto/sha512.c
new file mode 100644
index 0000000000..b24a28ee02
--- /dev/null
+++ b/crypto/sha512.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 2015, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include "os_port.h"
+#include "crypto.h"
+ 
+#define SHR64(a, n) ((a) >> (n))
+#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n))))
+#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39))
+#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41))
+#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7))
+#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
+#define MIN(x, y) ((x) < (y) ? x : y)
+ 
+static const uint8_t padding[128] PROGMEM =
+{
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+ 
+static const uint64_t k[80] PROGMEM =
+{
+    0x428A2F98D728AE22LL, 0x7137449123EF65CDLL, 0xB5C0FBCFEC4D3B2FLL, 0xE9B5DBA58189DBBCLL,
+    0x3956C25BF348B538LL, 0x59F111F1B605D019LL, 0x923F82A4AF194F9BLL, 0xAB1C5ED5DA6D8118LL,
+    0xD807AA98A3030242LL, 0x12835B0145706FBELL, 0x243185BE4EE4B28CLL, 0x550C7DC3D5FFB4E2LL,
+    0x72BE5D74F27B896FLL, 0x80DEB1FE3B1696B1LL, 0x9BDC06A725C71235LL, 0xC19BF174CF692694LL,
+    0xE49B69C19EF14AD2LL, 0xEFBE4786384F25E3LL, 0x0FC19DC68B8CD5B5LL, 0x240CA1CC77AC9C65LL,
+    0x2DE92C6F592B0275LL, 0x4A7484AA6EA6E483LL, 0x5CB0A9DCBD41FBD4LL, 0x76F988DA831153B5LL,
+    0x983E5152EE66DFABLL, 0xA831C66D2DB43210LL, 0xB00327C898FB213FLL, 0xBF597FC7BEEF0EE4LL,
+    0xC6E00BF33DA88FC2LL, 0xD5A79147930AA725LL, 0x06CA6351E003826FLL, 0x142929670A0E6E70LL,
+    0x27B70A8546D22FFCLL, 0x2E1B21385C26C926LL, 0x4D2C6DFC5AC42AEDLL, 0x53380D139D95B3DFLL,
+    0x650A73548BAF63DELL, 0x766A0ABB3C77B2A8LL, 0x81C2C92E47EDAEE6LL, 0x92722C851482353BLL,
+    0xA2BFE8A14CF10364LL, 0xA81A664BBC423001LL, 0xC24B8B70D0F89791LL, 0xC76C51A30654BE30LL,
+    0xD192E819D6EF5218LL, 0xD69906245565A910LL, 0xF40E35855771202ALL, 0x106AA07032BBD1B8LL,
+    0x19A4C116B8D2D0C8LL, 0x1E376C085141AB53LL, 0x2748774CDF8EEB99LL, 0x34B0BCB5E19B48A8LL,
+    0x391C0CB3C5C95A63LL, 0x4ED8AA4AE3418ACBLL, 0x5B9CCA4F7763E373LL, 0x682E6FF3D6B2B8A3LL,
+    0x748F82EE5DEFB2FCLL, 0x78A5636F43172F60LL, 0x84C87814A1F0AB72LL, 0x8CC702081A6439ECLL,
+    0x90BEFFFA23631E28LL, 0xA4506CEBDE82BDE9LL, 0xBEF9A3F7B2C67915LL, 0xC67178F2E372532BLL,
+    0xCA273ECEEA26619CLL, 0xD186B8C721C0C207LL, 0xEADA7DD6CDE0EB1ELL, 0xF57D4F7FEE6ED178LL,
+    0x06F067AA72176FBALL, 0x0A637DC5A2C898A6LL, 0x113F9804BEF90DAELL, 0x1B710B35131C471BLL,
+    0x28DB77F523047D84LL, 0x32CAAB7B40C72493LL, 0x3C9EBE0A15C9BEBCLL, 0x431D67C49C100D4CLL,
+    0x4CC5D4BECB3E42B6LL, 0x597F299CFC657E2ALL, 0x5FCB6FAB3AD6FAECLL, 0x6C44198C4A475817LL
+};
+ 
+/**
+* Initialize the SHA512 context
+*/
+void SHA512_Init(SHA512_CTX *ctx)
+{
+    ctx->h_dig.h[0] = 0x6A09E667F3BCC908LL;
+    ctx->h_dig.h[1] = 0xBB67AE8584CAA73BLL;
+    ctx->h_dig.h[2] = 0x3C6EF372FE94F82BLL;
+    ctx->h_dig.h[3] = 0xA54FF53A5F1D36F1LL;
+    ctx->h_dig.h[4] = 0x510E527FADE682D1LL;
+    ctx->h_dig.h[5] = 0x9B05688C2B3E6C1FLL;
+    ctx->h_dig.h[6] = 0x1F83D9ABFB41BD6BLL;
+    ctx->h_dig.h[7] = 0x5BE0CD19137E2179LL;
+    ctx->size = 0;
+    ctx->totalSize = 0;
+}
+ 
+static void SHA512_Process(SHA512_CTX *ctx)
+{
+    int t;
+    uint64_t temp1;
+    uint64_t temp2;
+ 
+    // Initialize the 8 working registers
+    uint64_t a = ctx->h_dig.h[0];
+    uint64_t b = ctx->h_dig.h[1];
+    uint64_t c = ctx->h_dig.h[2];
+    uint64_t d = ctx->h_dig.h[3];
+    uint64_t e = ctx->h_dig.h[4];
+    uint64_t f = ctx->h_dig.h[5];
+    uint64_t g = ctx->h_dig.h[6];
+    uint64_t h = ctx->h_dig.h[7];
+ 
+    // Process message in 16-word blocks
+    uint64_t *w = ctx->w_buf.w;
+ 
+    // Convert from big-endian byte order to host byte order
+    for (t = 0; t < 16; t++)
+       w[t] = be64toh(w[t]);
+
+    // Prepare the message schedule
+    for (t = 16; t < 80; t++)
+       w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
+ 
+    // SHA-512 hash computation
+    for (t = 0; t < 80; t++)
+    {
+       // Calculate T1 and T2
+       temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
+       temp2 = SIGMA1(a) + MAJ(a, b, c);
+ 
+       // Update the working registers
+       h = g;
+       g = f;
+       f = e;
+       e = d + temp1;
+       d = c;
+       c = b;
+       b = a;
+       a = temp1 + temp2;
+    }
+ 
+    // Update the hash value
+    ctx->h_dig.h[0] += a;
+    ctx->h_dig.h[1] += b;
+    ctx->h_dig.h[2] += c;
+    ctx->h_dig.h[3] += d;
+    ctx->h_dig.h[4] += e;
+    ctx->h_dig.h[5] += f;
+    ctx->h_dig.h[6] += g;
+    ctx->h_dig.h[7] += h;
+ }
+
+/**
+* Accepts an array of octets as the next portion of the message.
+*/
+void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
+{
+    // Process the incoming data
+    while (len > 0)
+    {
+        // The buffer can hold at most 128 bytes
+        size_t n = MIN(len, 128 - ctx->size);
+ 
+        // Copy the data to the buffer
+        memcpy(ctx->w_buf.buffer + ctx->size, msg, n);
+ 
+        // Update the SHA-512 ctx
+        ctx->size += n;
+        ctx->totalSize += n;
+        // Advance the data pointer
+        msg = (uint8_t *) msg + n;
+        // Remaining bytes to process
+        len -= n;
+ 
+        // Process message in 16-word blocks
+        if (ctx->size == 128)
+        {
+            // Transform the 16-word block
+            SHA512_Process(ctx);
+            // Empty the buffer
+            ctx->size = 0;
+        }
+    }
+}
+ 
+/**
+* Return the 512-bit message digest into the user's array
+*/
+void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
+{
+    int i;
+    size_t paddingSize;
+    uint64_t totalSize;
+ 
+    // Length of the original message (before padding)
+    totalSize = ctx->totalSize * 8;
+ 
+    // Pad the message so that its length is congruent to 112 modulo 128
+    paddingSize = (ctx->size < 112) ? (112 - ctx->size) : 
+                                        (128 + 112 - ctx->size);
+    // Append padding
+    SHA512_Update(ctx, padding, paddingSize);
+ 
+    // Append the length of the original message
+    ctx->w_buf.w[14] = 0;
+    ctx->w_buf.w[15] = be64toh(totalSize);
+ 
+    // Calculate the message digest
+    SHA512_Process(ctx);
+ 
+    // Convert from host byte order to big-endian byte order
+    for (i = 0; i < 8; i++)
+       ctx->h_dig.h[i] = be64toh(ctx->h_dig.h[i]);
+ 
+    // Copy the resulting digest
+    if (digest != NULL)
+       memcpy(digest, ctx->h_dig.digest, SHA512_SIZE);
+ }
+ 
diff --git a/replacements/time.c b/replacements/time.c
new file mode 100644
index 0000000000..4972119bb4
--- /dev/null
+++ b/replacements/time.c
@@ -0,0 +1,147 @@
+/*
+ * time.c - ESP8266-specific functions for SNTP
+ * Copyright (c) 2015 Peter Dobler. All rights reserved.
+ * This file is part of the esp8266 core for Arduino environment.
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#include <time.h>
+#include <sntp.h>
+
+extern uint32_t system_get_time(void);
+extern uint64_t system_mktime(uint32_t year, uint32_t mon, uint32_t day, uint32_t hour, uint32_t min, uint32_t sec);
+
+static int errno_var = 0;
+
+int* __errno(void) {
+    // DEBUGV("__errno is called last error: %d (not current)\n", errno_var);
+    return &errno_var;
+}
+
+unsigned long millis(void)
+{
+	return system_get_time() / 1000UL;
+}
+
+unsigned long micros(void)
+{
+	return system_get_time();
+}
+
+#ifndef _TIMEVAL_DEFINED
+#define _TIMEVAL_DEFINED
+struct timeval {
+  time_t      tv_sec;
+  suseconds_t tv_usec;
+};
+#endif
+
+extern char* sntp_asctime(const struct tm *t);
+extern struct tm* sntp_localtime(const time_t *clock);
+
+// time gap in seconds from 01.01.1900 (NTP time) to 01.01.1970 (UNIX time)
+#define DIFF1900TO1970 2208988800UL
+
+static int s_daylightOffset_sec = 0;
+static long s_timezone_sec = 0;
+static time_t s_bootTime = 0;
+
+// calculate offset used in gettimeofday
+static void ensureBootTimeIsSet()
+{
+    if (!s_bootTime)
+    {
+        time_t now = sntp_get_current_timestamp();
+        if (now)
+        {
+            s_bootTime =  now - millis() / 1000;
+        }
+    }
+}
+
+static void setServer(int id, const char* name_or_ip)
+{
+    if (name_or_ip)
+    {
+        //TODO: check whether server is given by name or IP
+        sntp_setservername(id, (char*) name_or_ip);
+    }
+}
+
+void configTime(int timezone, int daylightOffset_sec, const char* server1, const char* server2, const char* server3)
+{
+    sntp_stop();
+
+    setServer(0, server1);
+    setServer(1, server2);
+    setServer(2, server3);
+
+    s_timezone_sec = timezone;
+    s_daylightOffset_sec = daylightOffset_sec;
+    sntp_set_timezone(timezone/3600);
+    sntp_init();
+}
+
+int clock_gettime(clockid_t unused, struct timespec *tp)
+{
+    tp->tv_sec  = millis() / 1000;
+    tp->tv_nsec = micros() * 1000;
+    return 0;
+}
+
+// seconds since 1970
+time_t mktime(struct tm *t)
+{
+    // system_mktime expects month in range 1..12
+    #define START_MONTH 1
+    return DIFF1900TO1970 + system_mktime(t->tm_year, t->tm_mon + START_MONTH, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+}
+
+time_t time(time_t * t)
+{
+    time_t seconds = sntp_get_current_timestamp();
+    if (t)
+    {
+        *t = seconds;
+    }
+    return seconds;
+}
+
+char* asctime(const struct tm *t)
+{
+    return sntp_asctime(t);
+}
+
+struct tm* localtime(const time_t *clock)
+{
+    return sntp_localtime(clock);
+}
+
+char* ctime(const time_t *t)
+{
+    struct tm* p_tm = localtime(t);
+    char* result = asctime(p_tm);
+    return result;
+}
+
+int gettimeofday(struct timeval *tp, void *tzp)
+{
+    if (tp)
+    {
+        ensureBootTimeIsSet();
+        tp->tv_sec  = (s_bootTime + millis()) / 1000;
+        tp->tv_usec = micros() * 1000;
+    }
+    return 0;
+}
diff --git a/samples/c/axssl.c b/samples/c/axssl.c
new file mode 100644
index 0000000000..2bc872a5e7
--- /dev/null
+++ b/samples/c/axssl.c
@@ -0,0 +1,902 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl s_server -?
+ * > axssl s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* define standard input */
+#ifndef STDIN_FILENO
+#define STDIN_FILENO        0
+#endif
+
+static void do_server(int argc, char *argv[]);
+static void print_options(char *option);
+static void print_server_options(char *option);
+static void do_client(int argc, char *argv[]);
+static void print_client_options(char *option);
+static void display_cipher(SSL *ssl);
+static void display_session_id(SSL *ssl);
+
+/**
+ * Main entry point. Doesn't do much except works out whether we are a client
+ * or a server.
+ */
+int main(int argc, char *argv[])
+{
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+#elif !defined(CONFIG_PLATFORM_SOLARIS)
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+#endif
+
+    if (argc == 2 && strcmp(argv[1], "version") == 0)
+    {
+        printf("axssl %s %s\n", ssl_version(), __DATE__);
+        exit(0);
+    }
+
+    if (argc < 2 || (
+                strcmp(argv[1], "s_server") && strcmp(argv[1], "s_client")))
+        print_options(argc > 1 ? argv[1] : "");
+
+    strcmp(argv[1], "s_server") ? 
+        do_client(argc, argv) : do_server(argc, argv);
+    return 0;
+}
+
+/**
+ * Implement the SSL server logic. 
+ */
+static void do_server(int argc, char *argv[])
+{
+    int i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_DISPLAY_CERTS;
+    int client_fd;
+    SSL_CTX *ssl_ctx;
+    int server_fd, res = 0;
+    socklen_t client_len;
+#ifndef CONFIG_SSL_SKELETON_MODE
+    char *private_key_file = NULL;
+    const char *password = NULL;
+    char **cert;
+    int cert_index = 0;
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef WIN32
+    char yes = 1;
+#else
+    int yes = 1;
+#endif
+    struct sockaddr_in serv_addr;
+    struct sockaddr_in client_addr;
+    int quiet = 0;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_index = 0;
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    char **ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+#endif
+    fd_set read_set;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+#endif
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-accept") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            port = atoi(argv[++i]);
+        }
+#ifndef CONFIG_SSL_SKELETON_MODE
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_server_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+#endif
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options |= SSL_CLIENT_AUTHENTICATION;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_server_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_server_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Server context is invalid\n");
+        exit(1);
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(ca_cert);
+#endif
+#ifndef CONFIG_SSL_SKELETON_MODE
+    free(cert);
+#endif
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        perror("socket");
+        return;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        perror("bind");
+        exit(1);
+    }
+
+    if (listen(server_fd, 5) < 0)
+    {
+        perror("listen");
+        exit(1);
+    }
+
+    client_len = sizeof(client_addr);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    for (;;)
+    {
+        SSL *ssl;
+        int reconnected = 0;
+
+        if (!quiet)
+        {
+            printf("ACCEPT\n");
+            TTY_FLUSH();
+        }
+
+        if ((client_fd = accept(server_fd, 
+                (struct sockaddr *)&client_addr, &client_len)) < 0)
+        {
+            break;
+        }
+
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+
+        /* now read (and display) whatever the client sends us */
+        for (;;)
+        {
+            /* allow parallel reading of client and standard input */
+            FD_ZERO(&read_set);
+            FD_SET(client_fd, &read_set);
+
+#ifndef WIN32
+            /* win32 doesn't like mixing up stdin and sockets */
+            if (isatty(STDIN_FILENO))/* but only if we are in an active shell */
+            {
+                FD_SET(STDIN_FILENO, &read_set);
+            }
+
+            if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+            {
+               uint8_t buf[1024];
+
+                /* read standard input? */
+                if (FD_ISSET(STDIN_FILENO, &read_set))
+                {
+                    if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                    {
+                        res = SSL_ERROR_CONN_LOST;
+                    }
+                    else
+                    {
+                        /* small hack to check renegotiation */
+                        if (buf[0] == 'r' && (buf[1] == '\n' || buf[1] == '\r'))
+                        {
+                            res = ssl_renegotiate(ssl);
+                        }
+                        else    /* write our ramblings to the client */
+                        {
+                            res = ssl_write(ssl, buf, strlen((char *)buf)+1);
+                        }
+                    }
+                }
+                else    /* a socket read */
+#endif
+                {
+                    /* keep reading until we get something interesting */
+                    uint8_t *read_buf;
+
+                    if ((res = ssl_read(ssl, &read_buf)) == SSL_OK)
+                    {
+                        /* are we in the middle of doing a handshake? */
+                        if (ssl_handshake_status(ssl) != SSL_OK)
+                        {
+                            reconnected = 0;
+                        }
+                        else if (!reconnected)
+                        {
+                            /* we are connected/reconnected */
+                            if (!quiet)
+                            {
+                                display_session_id(ssl);
+                                display_cipher(ssl);
+                            }
+
+                            reconnected = 1;
+                        }
+                    }
+
+                    if (res > SSL_OK)    /* display our interesting output */
+                    {
+                        int written = 0;
+                        while (written < res)
+                        {
+                            written += write(STDOUT_FILENO, read_buf+written,
+                                                res-written);
+                        }
+                        TTY_FLUSH();
+                    }
+                    else if (res == SSL_CLOSE_NOTIFY)
+                    {
+                        printf("shutting down SSL\n");
+                        TTY_FLUSH();
+                    }
+                    else if (res < SSL_OK && !quiet)
+                    {
+                        ssl_display_error(res);
+                    }
+                }
+#ifndef WIN32
+            }
+#endif
+
+            if (res < SSL_OK)
+            {
+                if (!quiet)
+                {
+                    printf("CONNECTION CLOSED\n");
+                    TTY_FLUSH();
+                }
+
+                break;
+            }
+        }
+
+        /* client was disconnected or the handshake failed. */
+        ssl_free(ssl);
+        SOCKET_CLOSE(client_fd);
+    }
+
+    ssl_ctx_free(ssl_ctx);
+}
+
+/**
+ * Implement the SSL client logic.
+ */
+static void do_client(int argc, char *argv[])
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int res, i = 2;
+    uint16_t port = 4433;
+    uint32_t options = SSL_SERVER_VERIFY_LATER|SSL_DISPLAY_CERTS;
+    int client_fd;
+    char *private_key_file = NULL;
+    struct sockaddr_in client_addr;
+    struct hostent *hostent;
+    int reconnect = 0;
+    uint32_t sin_addr;
+    SSL_CTX *ssl_ctx;
+    SSL *ssl = NULL;
+    int quiet = 0;
+    int cert_index = 0, ca_cert_index = 0;
+    int cert_size, ca_cert_size;
+    char **ca_cert, **cert;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    fd_set read_set;
+    const char *password = NULL;
+    SSL_EXTENSIONS *extensions = NULL;
+
+    FD_ZERO(&read_set);
+    sin_addr = inet_addr("127.0.0.1");
+    cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+    ca_cert = (char **)calloc(1, sizeof(char *)*ca_cert_size);
+    cert = (char **)calloc(1, sizeof(char *)*cert_size);
+
+    while (i < argc)
+    {
+        if (strcmp(argv[i], "-connect") == 0)
+        {
+            char *host, *ptr;
+
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            host = argv[++i];
+            if ((ptr = strchr(host, ':')) == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            *ptr++ = 0;
+            port = atoi(ptr);
+            hostent = gethostbyname(host);
+
+            if (hostent == NULL)
+            {
+                print_client_options(argv[i]);
+            }
+
+            sin_addr = *((uint32_t **)hostent->h_addr_list)[0];
+        }
+        else if (strcmp(argv[i], "-cert") == 0)
+        {
+            if (i >= argc-1 || cert_index >= cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            cert[cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-key") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            private_key_file = argv[++i];
+            options |= SSL_NO_DEFAULT_KEY;
+        }
+        else if (strcmp(argv[i], "-CAfile") == 0)
+        {
+            if (i >= argc-1 || ca_cert_index >= ca_cert_size)
+            {
+                print_client_options(argv[i]);
+            }
+
+            ca_cert[ca_cert_index++] = argv[++i];
+        }
+        else if (strcmp(argv[i], "-verify") == 0)
+        {
+            options &= ~SSL_SERVER_VERIFY_LATER;
+        }
+        else if (strcmp(argv[i], "-reconnect") == 0)
+        {
+            reconnect = 4;
+        }
+        else if (strcmp(argv[i], "-quiet") == 0)
+        {
+            quiet = 1;
+            options &= ~SSL_DISPLAY_CERTS;
+        }
+        else if (strcmp(argv[i], "-pass") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            password = argv[++i];
+        }
+        else if (strcmp(argv[i], "-servername") == 0)
+        {
+            if (i >= argc-1)
+            {
+                print_client_options(argv[i]);
+            }
+
+            extensions = ssl_ext_new();
+            extensions->host_name = argv[++i];
+        }
+#ifdef CONFIG_SSL_FULL_MODE
+        else if (strcmp(argv[i], "-debug") == 0)
+        {
+            options |= SSL_DISPLAY_BYTES;
+        }
+        else if (strcmp(argv[i], "-state") == 0)
+        {
+            options |= SSL_DISPLAY_STATES;
+        }
+        else if (strcmp(argv[i], "-show-rsa") == 0)
+        {
+            options |= SSL_DISPLAY_RSA;
+        }
+#endif
+        else    /* don't know what this is */
+        {
+            print_client_options(argv[i]);
+        }
+
+        i++;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+    {
+        fprintf(stderr, "Error: Client context is invalid\n");
+        exit(1);
+    }
+
+    if (private_key_file)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+        
+        /* auto-detect the key type from the file extension */
+        if (strstr(private_key_file, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key_file, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key_file, password))
+        {
+            fprintf(stderr, "Error: Private key '%s' is undefined.\n", 
+                                                        private_key_file);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", cert[i]);
+            exit(1);
+        }
+    }
+
+    for (i = 0; i < ca_cert_index; i++)
+    {
+        if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, ca_cert[i], NULL))
+        {
+            printf("Certificate '%s' is undefined.\n", ca_cert[i]);
+            exit(1);
+        }
+    }
+
+    free(cert);
+    free(ca_cert);
+
+    /*************************************************************************
+     * This is where the interesting stuff happens. Up until now we've
+     * just been setting up sockets etc. Now we do the SSL handshake.
+     *************************************************************************/
+    client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    memset(&client_addr, 0, sizeof(client_addr));
+    client_addr.sin_family = AF_INET;
+    client_addr.sin_port = htons(port);
+    client_addr.sin_addr.s_addr = sin_addr;
+
+    if (connect(client_fd, (struct sockaddr *)&client_addr, 
+                sizeof(client_addr)) < 0)
+    {
+        perror("connect");
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        printf("CONNECTED\n");
+        TTY_FLUSH();
+    }
+
+    /* Try session resumption? */
+    if (reconnect)
+    {
+        while (reconnect--)
+        {
+            ssl = ssl_client_new(ssl_ctx, client_fd, session_id,
+                    sizeof(session_id), extensions);
+            if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+            {
+                if (!quiet)
+                {
+                    ssl_display_error(res);
+                }
+
+                ssl_free(ssl);
+                exit(1);
+            }
+
+            display_session_id(ssl);
+            memcpy(session_id, ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+
+            if (reconnect)
+            {
+                ssl_free(ssl);
+                SOCKET_CLOSE(client_fd);
+
+                client_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+                connect(client_fd, (struct sockaddr *)&client_addr, 
+                        sizeof(client_addr));
+            }
+        }
+    }
+    else
+    {
+        ssl = ssl_client_new(ssl_ctx, client_fd, NULL, 0, extensions);
+    }
+
+    /* check the return status */
+    if ((res = ssl_handshake_status(ssl)) != SSL_OK)
+    {
+        if (!quiet)
+        {
+            ssl_display_error(res);
+        }
+
+        exit(1);
+    }
+
+    if (!quiet)
+    {
+        display_session_id(ssl);
+        display_cipher(ssl);
+    }
+
+    for (;;)
+    {
+        uint8_t buf[1024];
+
+        /* allow parallel reading of server and standard input */
+        FD_SET(client_fd, &read_set);
+#ifndef WIN32
+        /* win32 doesn't like mixing up stdin and sockets */
+        FD_SET(STDIN_FILENO, &read_set);
+
+        if ((res = select(client_fd+1, &read_set, NULL, NULL, NULL)) > 0)
+        {
+            /* read standard input? */
+            if (FD_ISSET(STDIN_FILENO, &read_set))
+#endif
+            {
+                if (fgets((char *)buf, sizeof(buf), stdin) == NULL)
+                {
+                    /* bomb out of here */
+                    ssl_free(ssl);
+                    break;
+                }
+                else
+                {
+                    /* small hack to check renegotiation */
+                    if (buf[0] == 'R' && (buf[1] == '\n' || buf[1] == '\r'))
+                    {
+                        res = ssl_renegotiate(ssl);
+                    }
+                    else
+                    {
+                        res = ssl_write(ssl, buf, strlen((char *)buf));
+                    }
+                }
+            }
+#ifndef WIN32
+            else    /* a socket read */
+            {
+                uint8_t *read_buf;
+
+                res = ssl_read(ssl, &read_buf);
+
+                if (res > 0)    /* display our interesting output */
+                {
+                    int written = 0;
+                    while (written < res)
+                    {
+                        written += write(STDOUT_FILENO, read_buf+written,
+                                            res-written);
+                    }
+                    TTY_FLUSH();
+                }
+            }
+        }
+#endif
+
+        if (res < 0)
+        {
+            if (!quiet)
+            {
+                ssl_display_error(res);
+            }
+
+            break;      /* get outta here */
+        }
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    SOCKET_CLOSE(client_fd);
+#else
+    print_client_options(argv[1]);
+#endif
+}
+
+/**
+ * We've had some sort of command-line error. Print out the basic options.
+ */
+static void print_options(char *option)
+{
+    printf("axssl: Error: '%s' is an invalid command.\n", option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the server options.
+ */
+static void print_server_options(char *option)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+#ifndef CONFIG_SSL_SKELETON_MODE
+    printf(" -cert arg\t- certificate file to add (in addition to default)"
+                                    " to chain -\n"
+          "\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -pass\t\t- private key file pass phrase source\n");
+#endif
+    printf(" -quiet\t\t- No server output\n");
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+    exit(1);
+}
+
+/**
+ * We've had some sort of command-line error. Print out the client options.
+ */
+static void print_client_options(char *option)
+{
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    int cert_size = ssl_get_config(SSL_MAX_CERT_CFG_OFFSET);
+    int ca_cert_size = ssl_get_config(SSL_MAX_CA_CERT_CFG_OFFSET);
+#endif
+
+    printf("unknown option %s\n", option);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    printf("usage: s_client [args ...]\n");
+    printf(" -connect host:port - who to connect to (default "
+            "is localhost:4433)\n");
+    printf(" -verify\t- turn on peer certificate verification\n");
+    printf(" -cert arg\t- certificate file to use\n");
+    printf("\t\t  Can repeat up to %d times\n", cert_size);
+    printf(" -key arg\t- Private key file to use\n");
+    printf(" -CAfile arg\t- Certificate authority\n");
+    printf("\t\t  Can repeat up to %d times\n", ca_cert_size);
+    printf(" -quiet\t\t- No client output\n");
+    printf(" -reconnect\t- Drop and re-make the connection "
+            "with the same Session-ID\n");
+    printf(" -pass\t\t- Private key file pass phrase source\n");
+    printf(" -servername\t- Set TLS extension servername in ClientHello\n");
+#ifdef CONFIG_SSL_FULL_MODE
+    printf(" -debug\t\t- Print more output\n");
+    printf(" -state\t\t- Show state messages\n");
+    printf(" -show-rsa\t- Show RSA state\n");
+#endif
+#else
+    printf("Change configuration to allow this feature\n");
+#endif
+    exit(1);
+}
+
+/**
+ * Display what cipher we are using 
+ */
+static void display_cipher(SSL *ssl)
+{
+    printf("CIPHER is ");
+    switch (ssl_get_cipher_id(ssl))
+    {
+        case SSL_AES128_SHA:
+            printf("AES128-SHA");
+            break;
+
+        case SSL_AES256_SHA:
+            printf("AES256-SHA");
+            break;
+
+        case SSL_AES128_SHA256:
+            printf("AES128-SHA256");
+            break;
+
+        case SSL_AES256_SHA256:
+            printf("AES256-SHA256");
+            break;
+
+        default:
+            printf("Unknown - %d", ssl_get_cipher_id(ssl));
+            break;
+    }
+
+    printf("\n");
+    TTY_FLUSH();
+}
+
+/**
+ * Display what session id we have.
+ */
+static void display_session_id(SSL *ssl)
+{    
+    int i;
+    const uint8_t *session_id = ssl_get_session_id(ssl);
+    int sess_id_size = ssl_get_session_id_size(ssl);
+
+    if (sess_id_size > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        for (i = 0; i < sess_id_size; i++)
+        {
+            printf("%02x", session_id[i]);
+        }
+
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+        TTY_FLUSH();
+    }
+}
diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs
new file mode 100644
index 0000000000..df3c576623
--- /dev/null
+++ b/samples/csharp/axssl.cs
@@ -0,0 +1,758 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Demonstrate the use of the axTLS library in C# with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.
+ *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > axssl.csharp.exe s_server -?
+ * > axssl.csharp.exe s_client -?
+ *
+ * The axtls shared library must be in the same directory or be found 
+ * by the OS.
+ */
+
+using System;
+using System.Net;
+using System.Net.Sockets;
+using axTLS;
+
+public class axssl
+{
+    /*
+     * Main()
+     */
+    public static void Main(string[] args)
+    {
+        if (args.Length == 1 && args[0] == "version")
+        {
+            Console.WriteLine("axssl.csharp " + SSLUtil.Version());
+            Environment.Exit(0); 
+        }
+
+        axssl runner = new axssl();
+
+        if (args.Length < 1 || (args[0] != "s_server" && args[0] != "s_client"))
+            runner.print_options(args.Length > 0 ? args[0] : "");
+
+        int build_mode = SSLUtil.BuildMode();
+
+        if (args[0] == "s_server")
+            runner.do_server(build_mode, args);
+        else 
+            runner.do_client(build_mode, args);
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, string[] args)
+    {
+        int i = 1;
+        int port = 4433;
+        uint options = axtls.SSL_DISPLAY_CERTS;
+        bool quiet = false;
+        string password = null;
+        string private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-accept")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Int32.Parse(args[++i]);
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i] == "-cert")
+                {
+                    if (i >= args.Length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i] == "-key")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtls.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i] == "-pass")
+                {
+                    if (i >= args.Length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i] == "-verify")
+                    {
+                        options |= axtls.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i] == "-CAfile")
+                    {
+                        if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i] == "-debug")
+                        {
+                            options |= axtls.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i] == "-state")
+                        {
+                            options |= axtls.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i] == "-show-rsa")
+                        {
+                            options |= axtls.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        IPEndPoint ep = new IPEndPoint(IPAddress.Any, port);
+        TcpListener server_sock = new TcpListener(ep);
+        server_sock.Start();      
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(
+                                options, axtls.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Server context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        byte[] buf = null;
+        int res;
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                Console.WriteLine("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.AcceptSocket();
+
+            SSL ssl = ssl_ctx.Connect(client_sock);
+
+            /* do the actual SSL handshake */
+            while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.HandshakeStatus() == axtls.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtls.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.Read(ssl, out buf)) == axtls.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtls.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            Console.WriteLine("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to string */
+                    char[] str = new char[res];
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    Console.Write(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.Dispose();
+            client_sock.Close();
+        }
+
+        /* ssl_ctx.Dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, string[] args)
+    {
+        if (build_mode < axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            print_client_options(build_mode, args[1]);
+        }
+
+        int i = 1, res;
+        int port = 4433;
+        bool quiet = false;
+        string password = null;
+        int reconnect = 0;
+        string private_key_file = null;
+        string hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+        string[] cert = new string[cert_size];
+        string[] ca_cert = new string[ca_cert_size];
+
+        uint options = axtls.SSL_SERVER_VERIFY_LATER|axtls.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.Length)
+        {
+            if (args[i] == "-connect")
+            {
+                string host_port;
+
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.IndexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new string(host_port.ToCharArray(), 
+                        0, index_colon);
+                port = Int32.Parse(new String(host_port.ToCharArray(), 
+                            index_colon+1, host_port.Length-index_colon-1));
+            }
+            else if (args[i] == "-cert")
+            {
+                if (i >= args.Length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i] == "-key")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtls.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i] == "-CAfile")
+            {
+                if (i >= args.Length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i] == "-verify")
+            {
+                options &= ~(uint)axtls.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i] == "-reconnect")
+            {
+                reconnect = 4;
+            }
+            else if (args[i] == "-quiet")
+            {
+                quiet = true;
+                options &= ~(uint)axtls.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i] == "-pass")
+            {
+                if (i >= args.Length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i] == "-debug")
+                {
+                    options |= axtls.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i] == "-state")
+                {
+                    options |= axtls.SSL_DISPLAY_STATES;
+                }
+                else if (args[i] == "-show-rsa")
+                {
+                    options |= axtls.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        // IPHostEntry hostInfo = Dns.Resolve(hostname); 
+        IPHostEntry hostInfo = Dns.GetHostEntry(hostname);
+        IPAddress[] addresses = hostInfo.AddressList;
+        IPEndPoint ep = new IPEndPoint(addresses[0], port); 
+        Socket client_sock = new Socket(AddressFamily.InterNetwork, 
+                SocketType.Stream, ProtocolType.Tcp);
+        client_sock.Connect(ep);
+
+        if (!client_sock.Connected)
+        {
+            Console.WriteLine("could not connect");
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            Console.WriteLine("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options,
+                                    axtls.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            Console.Error.WriteLine("Error: Client context is invalid");
+            Environment.Exit(1);
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type = axtls.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.EndsWith(".p8"))
+                obj_type = axtls.SSL_OBJ_PKCS8;
+            else if (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.ObjLoad(obj_type,
+                             private_key_file, password) != axtls.SSL_OK)
+            {
+                Console.Error.WriteLine("Private key '" + private_key_file +
+                                                            "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtls.SSL_OK)
+            {
+                Console.WriteLine("Certificate '" + cert[i] + 
+                                                        "' is undefined.");
+                Environment.Exit(1);
+            }
+        }
+
+        SSL ssl = new SSL(new IntPtr(0));   /* keep compiler happy */
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.Connect(client_sock, session_id);
+
+                if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.DisplayError(res);
+                    }
+
+                    ssl.Dispose();
+                    Environment.Exit(1);
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.GetSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.Dispose();
+                    client_sock.Close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(AddressFamily.InterNetwork, 
+                        SocketType.Stream, ProtocolType.Tcp);
+                    client_sock.Connect(ep);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.Connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.HandshakeStatus()) != axtls.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.DisplayError(res);
+            }
+
+            Environment.Exit(1);
+        }
+
+        if (!quiet)
+        {
+            string common_name =
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                Console.WriteLine("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        for (;;)
+        {
+            string user_input = Console.ReadLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.Length+2];
+            buf[buf.Length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.Length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.Length-2; i++)
+            {
+                buf[i] = (byte)user_input[i];
+            }
+
+            if ((res = ssl_ctx.Write(ssl, buf, buf.Length)) < axtls.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.DisplayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.Dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(string option)
+    {
+        Console.WriteLine("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        Console.WriteLine("usage: axssl.csharp [s_server|" +
+                            "s_client|version] [args ...]");
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+        Console.WriteLine("usage: s_server [args ...]");
+        Console.WriteLine(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        Console.WriteLine(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtls.SSL_BUILD_SERVER_ONLY)
+        {
+          Console.WriteLine(" -cert arg\t- certificate file to add (in " + 
+                  "addition to default) to chain -");
+          Console.WriteLine("\t\t  Can repeat up to " + cert_size + " times");
+          Console.WriteLine(" -key arg\t- Private key file to use");
+          Console.WriteLine(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            Console.WriteLine(" -verify\t- turn on peer certificate " +
+                    "verification");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + 
+                    ca_cert_size + "times");
+        }
+
+        if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+        {
+            Console.WriteLine(" -debug\t\t- Print more output");
+            Console.WriteLine(" -state\t\t- Show state messages");
+            Console.WriteLine(" -show-rsa\t- Show RSA state");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, string option)
+    {
+        int cert_size = SSLUtil.MaxCerts();
+        int ca_cert_size = SSLUtil.MaxCACerts();
+
+        Console.WriteLine("unknown option " + option);
+
+        if (build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT)
+        {
+            Console.WriteLine("usage: s_client [args ...]");
+            Console.WriteLine(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            Console.WriteLine(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            Console.WriteLine(" -cert arg\t- certificate file to use");
+            Console.WriteLine("\t\t  Can repeat up to %d times", cert_size);
+            Console.WriteLine(" -key arg\t- Private key file to use");
+            Console.WriteLine(" -CAfile arg\t- Certificate authority.");
+            Console.WriteLine("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            Console.WriteLine(" -quiet\t\t- No client output");
+            Console.WriteLine(" -pass\t\t- private key file pass " + 
+                    "phrase source");
+            Console.WriteLine(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtls.SSL_BUILD_FULL_MODE)
+            {
+                Console.WriteLine(" -debug\t\t- Print more output");
+                Console.WriteLine(" -state\t\t- Show state messages");
+                Console.WriteLine(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            Console.WriteLine("Change configuration to allow this feature");
+        }
+
+        Environment.Exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        Console.Write("CIPHER is ");
+
+        switch (ssl.GetCipherId())
+        {
+            case axtls.SSL_AES128_SHA:
+                Console.WriteLine("AES128-SHA");
+                break;
+
+            case axtls.SSL_AES256_SHA:
+                Console.WriteLine("AES256-SHA");
+                break;
+
+            case axtls.SSL_AES128_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            case axtls.SSL_AES256_SHA256:
+                Console.WriteLine("AES128-SHA256");
+                break;
+
+            default:
+                Console.WriteLine("Unknown - " + ssl.GetCipherId());
+                break;
+        }
+    }
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.GetSessionId();
+
+        if (session_id.Length > 0)
+        {
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----");
+            foreach (byte b in session_id)
+            {
+                Console.Write("{0:x02}", b);
+            }
+
+            Console.WriteLine("\n-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/java/Makefile b/samples/java/Makefile
new file mode 100644
index 0000000000..9c1ed6da2e
--- /dev/null
+++ b/samples/java/Makefile
@@ -0,0 +1,51 @@
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+include ../../config/.config
+include ../../config/makefile.conf
+include ../../config/makefile.java.conf
+
+all : sample
+JAR=../../$(STAGE)/axtls.jar
+CLASSES=../../bindings/java/classes
+sample : $(JAR)
+
+$(JAR) : $(CLASSES)/axssl.class $(wildcard $(CLASSES)/axTLSj/*.class)
+	jar mcvf manifest.mf $@ -C $(CLASSES) axTLSj -C $(CLASSES) axssl.class
+
+JAVA_FILES=axssl.java
+JAVA_CLASSES:=$(JAVA_FILES:%.java=$(CLASSES)/axTLSj/%.class)
+
+$(CLASSES)/%.class : %.java
+	javac -d $(CLASSES) -classpath $(CLASSES) $^
+
+clean::
+	-@rm -f $(TARGET)
+
diff --git a/samples/java/axssl.java b/samples/java/axssl.java
new file mode 100644
index 0000000000..e013c11b47
--- /dev/null
+++ b/samples/java/axssl.java
@@ -0,0 +1,760 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Demonstrate the use of the axTLS library in Java with a set of 
+ * command-line parameters similar to openssl. In fact, openssl clients 
+ * should be able to communicate with axTLS servers and visa-versa.  *
+ * This code has various bits enabled depending on the configuration. To enable
+ * the most interesting version, compile with the 'full mode' enabled.
+ *
+ * To see what options you have, run the following:
+ * > java -jar axtls.jar s_server -?
+ * > java -jar axtls.jar s_client -?
+ *
+ * The axtls/axtlsj shared libraries must be in the same directory or be found 
+ * by the OS.
+ */
+
+import java.io.*;
+import java.util.*;
+import java.net.*;
+import axTLSj.*;
+
+public class axssl
+{
+   /*
+     * Main()
+     */
+    public static void main(String[] args)
+    {
+        if (args.length == 1 && args[0].equals("version"))
+        {
+            System.out.println("axtls.jar " + SSLUtil.version());
+            System.exit(0);
+        }
+
+        axssl runner = new axssl();
+
+        try
+        {
+            if (args.length < 1 || 
+                    (!args[0].equals("s_server") &&
+                     !args[0].equals("s_client")))
+            {
+                runner.print_options(args.length > 0 ? args[0] : "");
+            }
+
+            int build_mode = SSLUtil.buildMode();
+
+            if (args[0].equals("s_server"))
+                runner.do_server(build_mode, args);
+            else 
+                runner.do_client(build_mode, args);
+        }
+        catch (Exception e) 
+        {
+            System.out.println(e);
+        }
+    }
+
+    /*
+     * do_server()
+     */
+    private void do_server(int build_mode, String[] args)
+                    throws Exception
+    {
+        int i = 1;
+        int port = 4433;
+        int options = axtlsj.SSL_DISPLAY_CERTS;
+        boolean quiet = false;
+        String password = null;
+        String private_key_file = null;
+
+        /* organise the cert/ca_cert lists */
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+        int cert_index = 0;
+        int ca_cert_index = 0;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-accept"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                port = Integer.parseInt(args[++i]);
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+            {
+                if (args[i].equals("-cert"))
+                {
+                    if (i >= args.length-1 || cert_index >= cert_size)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    cert[cert_index++] = args[++i];
+                }
+                else if (args[i].equals("-key"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    private_key_file = args[++i];
+                    options |= axtlsj.SSL_NO_DEFAULT_KEY;
+                }
+                else if (args[i].equals("-pass"))
+                {
+                    if (i >= args.length-1)
+                    {
+                        print_server_options(build_mode, args[i]);
+                    }
+
+                    password = args[++i];
+                }
+                else if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+                {
+                    if (args[i].equals("-verify"))
+                    {
+                        options |= axtlsj.SSL_CLIENT_AUTHENTICATION;
+                    }
+                    else if (args[i].equals("-CAfile"))
+                    {
+                        if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                        {
+                            print_server_options(build_mode, args[i]);
+                        }
+
+                        ca_cert[ca_cert_index++] = args[++i];
+                    }
+                    else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+                    {
+                        if (args[i].equals("-debug"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_BYTES;
+                        }
+                        else if (args[i].equals("-state"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_STATES;
+                        }
+                        else if (args[i].equals("-show-rsa"))
+                        {
+                            options |= axtlsj.SSL_DISPLAY_RSA;
+                        }
+                        else
+                            print_server_options(build_mode, args[i]);
+                    }
+                    else
+                        print_server_options(build_mode, args[i]);
+                }
+                else 
+                    print_server_options(build_mode, args[i]);
+            }
+            else 
+                print_server_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        /* Create socket for incoming connections */
+        ServerSocket server_sock = new ServerSocket(port);
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLServer ssl_ctx = new SSLServer(options, 
+                                    axtlsj.SSL_DEFAULT_SVR_SESS);
+
+        if (ssl_ctx == null)
+            throw new Exception("Error: Server context is invalid");
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        int res;
+        SSLReadHolder rh = new SSLReadHolder();
+
+        for (;;)
+        {
+            if (!quiet)
+            {
+                System.out.println("ACCEPT");
+            }
+
+            Socket client_sock = server_sock.accept();
+
+            SSL ssl = ssl_ctx.connect(client_sock);
+
+            while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+            {
+                /* check when the connection has been established */
+                if (ssl.handshakeStatus() == axtlsj.SSL_OK)
+                    break;
+
+                /* could do something else here */
+            }
+
+            if (res == axtlsj.SSL_OK) /* connection established and ok */
+            {
+                if (!quiet)
+                {
+                    display_session_id(ssl);
+                    display_cipher(ssl);
+                }
+
+                /* now read (and display) whatever the client sends us */
+                for (;;)
+                {
+                    /* keep reading until we get something interesting */
+                    while ((res = ssl_ctx.read(ssl, rh)) == axtlsj.SSL_OK)
+                    {
+                        /* could do something else here */
+                    }
+
+                    if (res < axtlsj.SSL_OK)
+                    {
+                        if (!quiet)
+                        {
+                            System.out.println("CONNECTION CLOSED");
+                        }
+
+                        break;
+                    }
+
+                    /* convert to String */
+                    byte[] buf = rh.getData();
+                    char[] str = new char[res];
+
+                    for (i = 0; i < res; i++)
+                    {
+                        str[i] = (char)buf[i];
+                    }
+
+                    System.out.print(str);
+                }
+            }
+            else if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            /* client was disconnected or the handshake failed. */
+            ssl.dispose();
+            client_sock.close();
+        }
+
+        /* ssl_ctx.dispose(); */
+    }
+
+    /*
+     * do_client()
+     */
+    private void do_client(int build_mode, String[] args)
+                    throws Exception
+    {
+        if (build_mode < axtlsj.SSL_BUILD_ENABLE_CLIENT)
+            print_client_options(build_mode, args[1]);
+
+        int i = 1, res;
+        int port = 4433;
+        boolean quiet = false;
+        String password = null;
+        int reconnect = 0;
+        String private_key_file = null;
+        String hostname = "127.0.0.1";
+
+        /* organise the cert/ca_cert lists */
+        int cert_index = 0;
+        int ca_cert_index = 0;
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+        String[] cert = new String[cert_size];
+        String[] ca_cert = new String[ca_cert_size];
+
+        int options = axtlsj.SSL_SERVER_VERIFY_LATER|axtlsj.SSL_DISPLAY_CERTS;
+        byte[] session_id = null;
+
+        while (i < args.length)
+        {
+            if (args[i].equals("-connect"))
+            {
+                String host_port;
+
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                host_port = args[++i];
+                int index_colon;
+
+                if ((index_colon = host_port.indexOf(':')) < 0)
+                    print_client_options(build_mode, args[i]);
+
+                hostname = new String(host_port.toCharArray(), 
+                        0, index_colon);
+                port = Integer.parseInt(new String(host_port.toCharArray(), 
+                            index_colon+1, host_port.length()-index_colon-1));
+            }
+            else if (args[i].equals("-cert"))
+            {
+                if (i >= args.length-1 || cert_index >= cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                cert[cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-CAfile"))
+            {
+                if (i >= args.length-1 || ca_cert_index >= ca_cert_size)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                ca_cert[ca_cert_index++] = args[++i];
+            }
+            else if (args[i].equals("-key"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_client_options(build_mode, args[i]);
+                }
+
+                private_key_file = args[++i];
+                options |= axtlsj.SSL_NO_DEFAULT_KEY;
+            }
+            else if (args[i].equals("-verify"))
+            {
+                options &= ~(int)axtlsj.SSL_SERVER_VERIFY_LATER;
+            }
+            else if (args[i].equals("-reconnect"))
+            {
+                reconnect = 4;
+            }
+            else if (args[i].equals("-quiet"))
+            {
+                quiet = true;
+                options &= ~(int)axtlsj.SSL_DISPLAY_CERTS;
+            }
+            else if (args[i].equals("-pass"))
+            {
+                if (i >= args.length-1)
+                {
+                    print_server_options(build_mode, args[i]);
+                }
+
+                password = args[++i];
+            }
+            else if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                if (args[i].equals("-debug"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_BYTES;
+                }
+                else if (args[i].equals("-state"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_STATES;
+                }
+                else if (args[i].equals("-show-rsa"))
+                {
+                    options |= axtlsj.SSL_DISPLAY_RSA;
+                }
+                else
+                    print_client_options(build_mode, args[i]);
+            }
+            else    /* don't know what this is */
+                print_client_options(build_mode, args[i]);
+
+            i++;
+        }
+
+        Socket client_sock = new Socket(hostname, port);
+
+        if (!client_sock.isConnected())
+        {
+            System.out.println("could not connect");
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            System.out.println("CONNECTED");
+        }
+
+        /**********************************************************************
+         * This is where the interesting stuff happens. Up until now we've
+         * just been setting up sockets etc. Now we do the SSL handshake.
+         **********************************************************************/
+        SSLClient ssl_ctx = new SSLClient(options, 
+                                    axtlsj.SSL_DEFAULT_CLNT_SESS);
+
+        if (ssl_ctx == null)
+        {
+            throw new Exception("Error: Client context is invalid");
+        }
+
+        if (private_key_file != null)
+        {
+            int obj_type =  axtlsj.SSL_OBJ_RSA_KEY;
+
+            if (private_key_file.endsWith(".p8"))
+                obj_type = axtlsj.SSL_OBJ_PKCS8;
+            else if (private_key_file.endsWith(".p12"))
+                obj_type = axtlsj.SSL_OBJ_PKCS12;
+
+            if (ssl_ctx.objLoad(obj_type, 
+                            private_key_file, password) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Error: Private key '" + private_key_file + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CERT, 
+                                        cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        for (i = 0; i < ca_cert_index; i++)
+        {
+            if (ssl_ctx.objLoad(axtlsj.SSL_OBJ_X509_CACERT, 
+                                        ca_cert[i], null) != axtlsj.SSL_OK)
+            {
+                throw new Exception("Certificate '" + ca_cert[i] + 
+                        "' is undefined.");
+            }
+        }
+
+        SSL ssl = null;
+
+        /* Try session resumption? */
+        if (reconnect > 0)
+        {
+            while (reconnect-- > 0)
+            {
+                ssl = ssl_ctx.connect(client_sock, session_id);
+
+                if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+                {
+                    if (!quiet)
+                    {
+                        SSLUtil.displayError(res);
+                    }
+
+                    ssl.dispose();
+                    throw new Exception();
+                }
+
+                display_session_id(ssl);
+                session_id = ssl.getSessionId();
+
+                if (reconnect > 0)
+                {
+                    ssl.dispose();
+                    client_sock.close();
+                    
+                    /* and reconnect */
+                    client_sock = new Socket(hostname, port);
+                }
+            }
+        }
+        else
+        {
+            ssl = ssl_ctx.connect(client_sock, null);
+        }
+
+        /* check the return status */
+        if ((res = ssl.handshakeStatus()) != axtlsj.SSL_OK)
+        {
+            if (!quiet)
+            {
+                SSLUtil.displayError(res);
+            }
+
+            throw new Exception();
+        }
+
+        if (!quiet)
+        {
+            String common_name =
+                ssl.getCertificateDN(axtlsj.SSL_X509_CERT_COMMON_NAME);
+
+            if (common_name != null)
+            {
+                System.out.println("Common Name:\t\t\t" + common_name);
+            }
+
+            display_session_id(ssl);
+            display_cipher(ssl);
+        }
+
+        BufferedReader in = new BufferedReader(
+                new InputStreamReader(System.in));
+
+        for (;;)
+        {
+            String user_input = in.readLine();
+
+            if (user_input == null)
+                break;
+
+            byte[] buf = new byte[user_input.length()+2];
+            buf[buf.length-2] = (byte)'\n';     /* add the carriage return */
+            buf[buf.length-1] = 0;              /* null terminate */
+
+            for (i = 0; i < buf.length-2; i++)
+            {
+                buf[i] = (byte)user_input.charAt(i);
+            }
+
+            if ((res = ssl_ctx.write(ssl, buf)) < axtlsj.SSL_OK)
+            {
+                if (!quiet)
+                {
+                    SSLUtil.displayError(res);
+                }
+
+                break;
+            }
+        }
+
+        ssl_ctx.dispose();
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the basic options.
+     */
+    private void print_options(String option)
+    {
+        System.out.println("axssl: Error: '" + option + 
+                "' is an invalid command.");
+        System.out.println("usage: axtlsj.jar [s_server|s_client|version] " + 
+                "[args ...]");
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the server options.
+     */
+    private void print_server_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+        System.out.println("usage: s_server [args ...]");
+        System.out.println(" -accept arg\t- port to accept on (default " + 
+                "is 4433)");
+        System.out.println(" -quiet\t\t- No server output");
+
+        if (build_mode >= axtlsj.SSL_BUILD_SERVER_ONLY)
+        {
+            System.out.println(" -cert arg\t- certificate file to add (in " + 
+                    "addition to default) to chain -");
+            System.out.println("\t\t  Can repeat up to " + cert_size + " times");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println(" -pass\t\t- private key file pass phrase source");
+        }
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_VERIFICATION)
+        {
+            System.out.println(" -verify\t- turn on peer certificate " +
+                    "verification");
+            System.out.println(" -CAfile arg\t- Certificate authority. ");
+            System.out.println("\t\t  Can repeat up to " + 
+                    ca_cert_size + " times");
+        }
+
+        if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+        {
+            System.out.println(" -debug\t\t- Print more output");
+            System.out.println(" -state\t\t- Show state messages");
+            System.out.println(" -show-rsa\t- Show RSA state");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * We've had some sort of command-line error. Print out the client options.
+     */
+    private void print_client_options(int build_mode, String option)
+    {
+        int cert_size = SSLUtil.maxCerts();
+        int ca_cert_size = SSLUtil.maxCACerts();
+
+        System.out.println("unknown option " + option);
+
+        if (build_mode >= axtlsj.SSL_BUILD_ENABLE_CLIENT)
+        {
+            System.out.println("usage: s_client [args ...]");
+            System.out.println(" -connect host:port - who to connect to " + 
+                    "(default is localhost:4433)");
+            System.out.println(" -verify\t- turn on peer certificate " + 
+                    "verification");
+            System.out.println(" -cert arg\t- certificate file to use");
+            System.out.println(" -key arg\t- Private key file to use");
+            System.out.println("\t\t  Can repeat up to " + cert_size + 
+                    " times");
+            System.out.println(" -CAfile arg\t- Certificate authority.");
+            System.out.println("\t\t  Can repeat up to " + ca_cert_size + 
+                    " times");
+            System.out.println(" -quiet\t\t- No client output");
+            System.out.println(" -pass\t\t- private key file pass " + 
+                        "phrase source");
+            System.out.println(" -reconnect\t- Drop and re-make the " +
+                    "connection with the same Session-ID");
+
+            if (build_mode == axtlsj.SSL_BUILD_FULL_MODE)
+            {
+                System.out.println(" -debug\t\t- Print more output");
+                System.out.println(" -state\t\t- Show state messages");
+                System.out.println(" -show-rsa\t- Show RSA state");
+            }
+        }
+        else 
+        {
+            System.out.println("Change configuration to allow this feature");
+        }
+
+        System.exit(1);
+    }
+
+    /**
+     * Display what cipher we are using 
+     */
+    private void display_cipher(SSL ssl)
+    {
+        System.out.print("CIPHER is ");
+
+        byte ciph_id = ssl.getCipherId();
+
+        if (ciph_id == axtlsj.SSL_AES128_SHA)
+            System.out.println("AES128-SHA");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA)
+            System.out.println("AES256-SHA");
+        else if (ciph_id == axtlsj.SSL_AES128_SHA256)
+            System.out.println("AES128-SHA256");
+        else if (ciph_id == axtlsj.SSL_AES256_SHA256)
+            System.out.println("AES256-SHA256");
+        else
+            System.out.println("Unknown - " + ssl.getCipherId());
+    }
+
+    public char toHexChar(int i)
+    {
+        if ((0 <= i) && (i <= 9 ))
+            return (char)('0' + i);
+        else
+            return (char)('a' + (i-10));
+    }
+
+    public void bytesToHex(byte[] data) 
+    {
+        StringBuffer buf = new StringBuffer();
+        for (int i = 0; i < data.length; i++ ) 
+        {
+            buf.append(toHexChar((data[i]>>>4)&0x0F));
+            buf.append(toHexChar(data[i]&0x0F));
+        }
+
+        System.out.println(buf);
+    }
+
+
+    /**
+     * Display what session id we have.
+     */
+    private void display_session_id(SSL ssl)
+    {    
+        byte[] session_id = ssl.getSessionId();
+
+        if (session_id.length > 0)
+        {
+            System.out.println("-----BEGIN SSL SESSION PARAMETERS-----");
+            bytesToHex(session_id);
+            System.out.println("-----END SSL SESSION PARAMETERS-----");
+        }
+    }
+}
diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua
new file mode 100755
index 0000000000..b4f24edf04
--- /dev/null
+++ b/samples/lua/axssl.lua
@@ -0,0 +1,562 @@
+#!/usr/local/bin/lua
+
+--
+-- Copyright (c) 2007-2016, Cameron Rich
+--
+-- All rights reserved.
+--
+-- Redistribution and use in source and binary forms, with or without
+-- modification, are permitted provided that the following conditions are met:
+--
+-- * Redistributions of source code must retain the above copyright notice,
+--   this list of conditions and the following disclaimer.
+-- * Redistributions in binary form must reproduce the above copyright
+--   notice, this list of conditions and the following disclaimer in the
+--   documentation and/or other materials provided with the distribution.
+-- * Neither the name of the axTLS project nor the names of its
+--   contributors may be used to endorse or promote products derived
+--   from this software without specific prior written permission.
+--
+-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+-- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+-- TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+-- OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+-- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+-- THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+--
+
+--
+-- Demonstrate the use of the axTLS library in Lua with a set of 
+-- command-line parameters similar to openssl. In fact, openssl clients 
+-- should be able to communicate with axTLS servers and visa-versa.
+--
+-- This code has various bits enabled depending on the configuration. To enable
+-- the most interesting version, compile with the 'full mode' enabled.
+--
+-- To see what options you have, run the following:
+-- > [lua] axssl s_server -?
+-- > [lua] axssl s_client -?
+--
+-- The axtls/axtlsl shared libraries must be in the same directory or be found 
+-- by the OS.
+--
+--
+require "bit"
+require("axtlsl")
+local socket = require("socket")
+
+-- print version?
+if #arg == 1 and arg[1] == "version" then
+    print("axssl.lua "..axtlsl.ssl_version())
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the basic options.
+--
+function print_options(option)
+    print("axssl: Error: '"..option.."' is an invalid command.")
+    print("usage: axssl [s_server|s_client|version] [args ...]")
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the server options.
+--
+function print_server_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+    print("usage: s_server [args ...]")
+    print(" -accept\t- port to accept on (default is 4433)")
+    print(" -quiet\t\t- No server output")
+
+    if build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+        print(" -cert arg\t- certificate file to add (in addition to "..
+                "default) to chain -")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print(" -pass\t\t- private key file pass phrase source")
+    end
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.." times")
+    end
+
+    if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+        print(" -debug\t\t- Print more output")
+        print(" -state\t\t- Show state messages")
+        print(" -show-rsa\t- Show RSA state")
+    end
+
+    os.exit(1)
+end
+
+--
+-- We've had some sort of command-line error. Print out the client options.
+--
+function print_client_options(build_mode, option)
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.ssl_get_config(
+            axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+
+    print("unknown option "..option)
+
+    if build_mode >= axtlsl.SSL_BUILD_ENABLE_CLIENT then
+        print("usage: s_client [args ...]")
+        print(" -connect host:port - who to connect to (default "..
+                "is localhost:4433)")
+        print(" -verify\t- turn on peer certificate verification")
+        print(" -cert arg\t- certificate file to use - default DER format")
+        print(" -key arg\t- Private key file to use - default DER format")
+        print("\t\t  Can repeat up to "..cert_size.." times")
+        print(" -CAfile arg\t- Certificate authority - default DER format")
+        print("\t\t  Can repeat up to "..ca_cert_size.."times")
+        print(" -quiet\t\t- No client output")
+        print(" -pass\t\t- private key file pass phrase source")
+        print(" -reconnect\t- Drop and re-make the connection "..
+                "with the same Session-ID")
+
+        if build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            print(" -debug\t\t- Print more output")
+            print(" -state\t\t- Show state messages")
+            print(" -show-rsa\t- Show RSA state")
+        end
+    else
+        print("Change configuration to allow this feature")
+    end
+
+    os.exit(1)
+end
+
+-- Implement the SSL server logic. 
+function do_server(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = axtlsl.SSL_DISPLAY_CERTS
+    local quiet = false
+    local password = ""
+    local private_key_file = nil
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] ==  "-accept" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            port = arg[i]
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bit.bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif build_mode >= axtlsl.SSL_BUILD_SERVER_ONLY then
+            if arg[i] == "-cert" then
+                if i >= #arg or #cert >= cert_size then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                table.insert(cert, arg[i])
+            elseif arg[i] == "-key" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                private_key_file = arg[i]
+                options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+            elseif arg[i] == "-pass" then
+                if i >= #arg then
+                    print_server_options(build_mode, arg[i]) 
+                end
+
+                i = i + 1
+                password = arg[i]
+            elseif build_mode >= axtlsl.SSL_BUILD_ENABLE_VERIFICATION then
+                if arg[i] == "-verify" then
+                    options = bit.bor(options, axtlsl.SSL_CLIENT_AUTHENTICATION)
+                elseif arg[i] == "-CAfile" then
+                    if i >= #arg or #ca_cert >= ca_cert_size then
+                        print_server_options(build_mode, arg[i])  
+                    end
+
+                    i = i + 1
+                    table.insert(ca_cert, arg[i])
+                elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+                    if arg[i] == "-debug" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+                    elseif arg[i] == "-state" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_STATES)
+                    elseif arg[i] == "-show-rsa" then
+                        options = bit.bor(options, axtlsl.SSL_DISPLAY_RSA)
+                    else
+                        print_server_options(build_mode, arg[i])
+                    end
+                else
+                    print_server_options(build_mode, arg[i])
+                end
+            else 
+                print_server_options(build_mode, arg[i])
+            end
+        else 
+            print_server_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    -- Create socket for incoming connections
+    local server_sock = socket.try(socket.bind("*", port))
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_SVR_SESS)
+    if ssl_ctx == nil then error("Error: Server context is invalid") end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '" .. private_key_file .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    while true do
+        if not quiet then print("ACCEPT") end
+        local client_sock = server_sock:accept();
+        local ssl = axtlsl.ssl_server_new(ssl_ctx, client_sock:getfd())
+
+        -- do the actual SSL handshake
+        local connected = false
+        local res
+        local buf
+
+        while true do
+            socket.select({client_sock}, nil)
+            res, buf = axtlsl.ssl_read(ssl)
+
+            if res == axtlsl.SSL_OK then -- connection established and ok
+                if axtlsl.ssl_handshake_status(ssl) == axtlsl.SSL_OK then
+                    if not quiet and not connected then
+                        display_session_id(ssl)
+                        display_cipher(ssl)
+                    end
+                    connected = true
+                end
+            end
+
+            if res > axtlsl.SSL_OK then
+                for _, v in ipairs(buf) do
+                    io.write(string.format("%c", v))
+                end
+            elseif res < axtlsl.SSL_OK then 
+                if not quiet then
+                    axtlsl.ssl_display_error(res)
+                end
+                break
+            end
+        end
+
+        -- client was disconnected or the handshake failed.
+        print("CONNECTION CLOSED")
+        axtlsl.ssl_free(ssl)
+        client_sock:close()
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+end
+
+--
+-- Implement the SSL client logic.
+--
+function do_client(build_mode)
+    local i = 2
+    local v
+    local port = 4433
+    local options = 
+            bit.bor(axtlsl.SSL_SERVER_VERIFY_LATER, axtlsl.SSL_DISPLAY_CERTS)
+    local private_key_file = nil
+    local reconnect = 0
+    local quiet = false
+    local password = ""
+    local session_id = {}
+    local host = "127.0.0.1"
+    local cert_size = axtlsl.ssl_get_config(axtlsl.SSL_MAX_CERT_CFG_OFFSET)
+    local ca_cert_size = axtlsl.
+                            ssl_get_config(axtlsl.SSL_MAX_CA_CERT_CFG_OFFSET)
+    local cert = {}
+    local ca_cert = {}
+
+    while i <= #arg do
+        if arg[i] == "-connect" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            local t = string.find(arg[i], ":")
+            host = string.sub(arg[i], 1, t-1)
+            port = string.sub(arg[i], t+1)
+        elseif arg[i] == "-cert" then
+            if i >= #arg or #cert >= cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(cert, arg[i])
+        elseif arg[i] == "-key" then
+            if i >= #arg then
+                print_client_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            private_key_file = arg[i]
+            options = bit.bor(options, axtlsl.SSL_NO_DEFAULT_KEY)
+        elseif arg[i] == "-CAfile" then
+            if i >= #arg or #ca_cert >= ca_cert_size then
+                print_client_options(build_mode, arg[i]) 
+            end
+
+            i = i + 1
+            table.insert(ca_cert, arg[i])
+        elseif arg[i] == "-verify" then
+            options = bit.band(options, 
+                                bit.bnot(axtlsl.SSL_SERVER_VERIFY_LATER))
+        elseif arg[i] == "-reconnect" then
+            reconnect = 4
+        elseif arg[i] == "-quiet" then
+            quiet = true
+            options = bit.band(options, bnot(axtlsl.SSL_DISPLAY_CERTS))
+        elseif arg[i] == "-pass" then
+            if i >= #arg then
+                print_server_options(build_mode, arg[i])
+            end
+
+            i = i + 1
+            password = arg[i]
+        elseif build_mode == axtlsl.SSL_BUILD_FULL_MODE then
+            if arg[i] == "-debug" then
+                options = bit.bor(options, axtlsl.SSL_DISPLAY_BYTES)
+            elseif arg[i] == "-state" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_STATES)
+            elseif arg[i] == "-show-rsa" then
+                options = bit.bor(axtlsl.SSL_DISPLAY_RSA)
+            else    -- don't know what this is
+                print_client_options(build_mode, arg[i])
+            end
+        else    -- don't know what this is
+            print_client_options(build_mode, arg[i])
+        end
+
+        i = i + 1
+    end
+
+    local client_sock = socket.try(socket.connect(host, port))
+    local ssl
+    local res
+
+    if not quiet then print("CONNECTED") end
+
+    ---------------------------------------------------------------------------
+    -- This is where the interesting stuff happens. Up until now we've
+    -- just been setting up sockets etc. Now we do the SSL handshake.
+    ---------------------------------------------------------------------------
+    local ssl_ctx = axtlsl.ssl_ctx_new(options, axtlsl.SSL_DEFAULT_CLNT_SESS)
+
+    if ssl_ctx == nil then 
+        error("Error: Client context is invalid")
+    end
+
+    if private_key_file ~= nil then
+        local obj_type = axtlsl.SSL_OBJ_RSA_KEY
+
+        if string.find(private_key_file, ".p8") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS8 
+        end
+
+        if string.find(private_key_file, ".p12") then 
+            obj_type = axtlsl.SSL_OBJ_PKCS12 
+        end
+
+        if axtlsl.ssl_obj_load(ssl_ctx, obj_type, private_key_file, 
+                                        password) ~= axtlsl.SSL_OK then
+            error("Private key '"..private_key_file.."' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .. "' is undefined.")
+        end
+    end
+
+    for _, v in ipairs(ca_cert) do
+        if axtlsl.ssl_obj_load(ssl_ctx, axtlsl.SSL_OBJ_X509_CACERT, v, "") ~= 
+                                        axtlsl.SSL_OK then
+            error("Certificate '"..v .."' is undefined.")
+        end
+    end
+
+    -- Try session resumption?
+    if reconnect ~= 0 then
+        local session_id = nil
+        local sess_id_size = 0
+
+        while reconnect > 0 do
+            reconnect = reconnect - 1
+            ssl = axtlsl.ssl_client_new(ssl_ctx, 
+                    client_sock:getfd(), session_id, sess_id_size)
+
+            res = axtlsl.ssl_handshake_status(ssl)
+            if res ~= axtlsl.SSL_OK then
+                if not quiet then axtlsl.ssl_display_error(res) end
+                axtlsl.ssl_free(ssl)
+                os.exit(1)
+            end
+
+            display_session_id(ssl)
+            session_id = axtlsl.ssl_get_session_id(ssl)
+            sess_id_size = axtlsl.ssl_get_session_id_size(ssl)
+
+            if reconnect > 0 then
+                axtlsl.ssl_free(ssl)
+                client_sock:close()
+                client_sock = socket.try(socket.connect(host, port))
+            end
+
+        end
+    else
+        ssl = axtlsl.ssl_client_new(ssl_ctx, client_sock:getfd(), nil, 0)
+    end
+
+    -- check the return status
+    res = axtlsl.ssl_handshake_status(ssl)
+    if res ~= axtlsl.SSL_OK then
+        if not quiet then axtlsl.ssl_display_error(res) end
+        os.exit(1)
+    end
+
+    if not quiet then
+        local common_name = axtlsl.ssl_get_cert_dn(ssl, 
+                            axtlsl.SSL_X509_CERT_COMMON_NAME)
+
+        if common_name ~= nil then 
+            print("Common Name:\t\t\t"..common_name)
+        end
+
+        display_session_id(ssl)
+        display_cipher(ssl)
+    end
+
+    while true do
+        local line = io.read()
+    if line == nil then break end
+        local bytes = {}
+
+        for i = 1, #line do
+            bytes[i] = line.byte(line, i)
+        end
+
+        bytes[#line+1] = 10      -- add carriage return, null
+        bytes[#line+2] = 0
+
+        res = axtlsl.ssl_write(ssl, bytes, #bytes)
+        if res < axtlsl.SSL_OK then
+            if not quiet then axtlsl.ssl_display_error(res) end
+            break
+        end
+    end
+
+    axtlsl.ssl_ctx_free(ssl_ctx)
+    client_sock:close()
+end
+
+--
+-- Display what cipher we are using 
+--
+function display_cipher(ssl)
+    io.write("CIPHER is ")
+    local cipher_id = axtlsl.ssl_get_cipher_id(ssl)
+
+    if cipher_id == axtlsl.SSL_AES128_SHA then
+        print("AES128-SHA")
+    elseif cipher_id == axtlsl.SSL_AES256_SHA then
+        print("AES256-SHA")
+    elseif axtlsl.SSL_AES128_SHA256 then
+        print("AES128-SHA256")
+    elseif axtlsl.SSL_AES256_SHA256 then
+        print("AES256-SHA256")
+    else 
+        print("Unknown - "..cipher_id)
+    end
+end
+
+--
+-- Display what session id we have.
+--
+function display_session_id(ssl)
+    local session_id = axtlsl.ssl_get_session_id(ssl)
+    local v
+
+    if #session_id > 0 then
+        print("-----BEGIN SSL SESSION PARAMETERS-----")
+        for _, v in ipairs(session_id) do
+            io.write(string.format("%02x", v))
+        end
+        print("\n-----END SSL SESSION PARAMETERS-----")
+    end
+end
+
+--
+-- Main entry point. Doesn't do much except works out whether we are a client
+-- or a server.
+--
+if #arg == 0 or (arg[1] ~= "s_server" and arg[1] ~= "s_client") then
+    print_options(#arg > 0 and arg[1] or "")
+end
+
+local build_mode = axtlsl.ssl_get_config(axtlsl.SSL_BUILD_MODE)
+_ = arg[1] == "s_server" and do_server(build_mode) or do_client(build_mode)
+os.exit(0)
+
diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl
new file mode 100755
index 0000000000..f3b044939c
--- /dev/null
+++ b/samples/perl/axssl.pl
@@ -0,0 +1,634 @@
+#!/usr/bin/perl -w
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#
+# Demonstrate the use of the axTLS library in Perl with a set of 
+# command-line parameters similar to openssl. In fact, openssl clients 
+# should be able to communicate with axTLS servers and visa-versa.
+#
+# This code has various bits enabled depending on the configuration. To enable
+# the most interesting version, compile with the 'full mode' enabled.
+#
+# To see what options you have, run the following:
+# > [perl] axssl s_server -?
+# > [perl] axssl s_client -?
+#
+# The axtls/axtlsp shared libraries must be in the same directory or be found 
+# by the OS. axtlsp.pm must be in this directory or be in @INC.
+#
+# Under Win32, ActivePerl was used (see
+# http://www.activestate.com/Products/ActivePerl/?mp=1)
+#
+use axtlsp;
+use IO::Socket;
+
+# To get access to Win32 file descriptor stuff
+my $is_win32 = 0;
+
+if ($^O eq "MSWin32")
+{
+    eval("use Win32API::File 0.08 qw( :ALL )");
+    $is_win32 = 1;
+}
+
+use strict;
+
+#
+# Win32 has some problems with socket handles
+#
+sub get_native_sock
+{
+    my ($sock) = @_;
+    return $is_win32 ? FdGetOsFHandle($sock) : $sock;
+}
+
+# print version?
+if ($#ARGV == 0 && $ARGV[0] eq "version")
+{
+    printf("axssl.pl ".axtlsp::ssl_version()."\n");
+    exit 0;
+}
+
+#
+# Main entry point. Doesn't do much except works out whether we are a client
+# or a server.
+#
+print_options($#ARGV > -1 ? $ARGV[0] : "")
+        if ($#ARGV < 0 || ($ARGV[0] ne "s_server" && $ARGV[0] ne "s_client"));
+
+
+# Cygwin/Win32 issue - flush our output continuously
+select STDOUT;
+local $|=1;
+
+my $build_mode = axtlsp::ssl_get_config($axtlsp::SSL_BUILD_MODE);
+$ARGV[0] eq "s_server" ? do_server($build_mode) : do_client($build_mode);
+
+#
+# Implement the SSL server logic. 
+#
+sub do_server
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_DISPLAY_CERTS;
+    my $quiet = 0;
+    my $password = undef;
+    my $private_key_file = undef;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+                        $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+    my @cert;
+    my @ca_cert;
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq  "-accept")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $port = $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+        {
+            if ($ARGV[$i] eq "-cert")
+            {
+                print_server_options($build_mode, $ARGV[$i]) 
+                                    if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+                push @cert,  $ARGV[++$i];
+            }
+            elsif ($ARGV[$i] eq "-key")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $private_key_file = $ARGV[++$i];
+                $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+            }
+            elsif ($ARGV[$i] eq "-pass")
+            {
+                print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+                $password = $ARGV[++$i];
+            }
+            elsif ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+            {
+                if ($ARGV[$i] eq "-verify")
+                {
+                    $options |= $axtlsp::SSL_CLIENT_AUTHENTICATION;
+                }
+                elsif ($ARGV[$i] eq "-CAfile")
+                {
+                    print_server_options($build_mode, $ARGV[$i])  
+                                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+                    push @ca_cert, $ARGV[++$i];
+                }
+                elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+                {
+                    if ($ARGV[$i] eq "-debug")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_BYTES;
+                    }
+                    elsif ($ARGV[$i] eq "-state")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_STATES;
+                    }
+                    elsif ($ARGV[$i] eq "-show-rsa")
+                    {
+                        $options |= $axtlsp::SSL_DISPLAY_RSA;
+                    }
+                    else
+                    {
+                        print_server_options($build_mode, $ARGV[$i]);
+                    }
+                }
+                else
+                {
+                    print_server_options($build_mode, $ARGV[$i]);
+                }
+            }
+            else 
+            {
+                print_server_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else 
+        {
+            print_server_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    # Create socket for incoming connections
+    my $server_sock = IO::Socket::INET->new(Proto => 'tcp',
+                              LocalPort => $port,
+                              Listen => 1,
+                              Reuse => 1) or die $!;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_SVR_SESS);
+    die "Error: Server context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    for (;;)
+    {
+        printf("ACCEPT\n") if not $quiet;
+        my $client_sock = $server_sock->accept;
+        my $native_sock = get_native_sock($client_sock->fileno);
+
+        # This doesn't work in Win32 - need to get file descriptor from socket.
+        my $ssl = axtlsp::ssl_server_new($ssl_ctx, $native_sock);
+
+        # do the actual SSL handshake
+        my $res;
+        my $buf;
+        my $connected = 0;
+
+        while (1)
+        {
+            ($res, $buf) = axtlsp::ssl_read($ssl, undef);
+            last if $res < $axtlsp::SSL_OK;
+
+            if ($res == $axtlsp::SSL_OK) # connection established and ok
+            {
+                if (axtlsp::ssl_handshake_status($ssl) == $axtlsp::SSL_OK)
+                {
+                    if (!$quiet && !$connected)
+                    {
+                        display_session_id($ssl);
+                        display_cipher($ssl);
+                    }
+
+                    $connected = 1;
+                }
+            }
+
+            if ($res > $axtlsp::SSL_OK)
+            {
+                printf($$buf);
+            }
+            elsif ($res < $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if not $quiet;
+                last;
+            } 
+        }
+
+        # client was disconnected or the handshake failed.
+        printf("CONNECTION CLOSED\n") if not $quiet;
+        axtlsp::ssl_free($ssl);
+        $client_sock->close;
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+}
+
+#
+# Implement the SSL client logic.
+#
+sub do_client
+{
+    my ($build_mode) = @_;
+    my $i = 1;
+    my $port = 4433;
+    my $options = $axtlsp::SSL_SERVER_VERIFY_LATER|$axtlsp::SSL_DISPLAY_CERTS;
+    my $private_key_file = undef;
+    my $reconnect = 0;
+    my $quiet = 0;
+    my $password = undef;
+    my @session_id;
+    my $host = "127.0.0.1";
+    my @cert;
+    my @ca_cert;
+    my $cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    while ($i <= $#ARGV)
+    {
+        if ($ARGV[$i] eq "-connect")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            ($host, $port) = split(':', $ARGV[++$i]);
+        }
+        elsif ($ARGV[$i] eq "-cert")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#cert >= $cert_size-1;
+
+            push @cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-key")
+        {
+            print_client_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $private_key_file = $ARGV[++$i];
+            $options |= $axtlsp::SSL_NO_DEFAULT_KEY;
+        }
+        elsif ($ARGV[$i] eq "-CAfile")
+        {
+            print_client_options($build_mode, $ARGV[$i]) 
+                if $i >= $#ARGV || $#ca_cert >= $ca_cert_size-1;
+
+            push @ca_cert, $ARGV[++$i];
+        }
+        elsif ($ARGV[$i] eq "-verify")
+        {
+            $options &= ~$axtlsp::SSL_SERVER_VERIFY_LATER;
+        }
+        elsif ($ARGV[$i] eq "-reconnect")
+        {
+            $reconnect = 4;
+        }
+        elsif ($ARGV[$i] eq "-quiet")
+        {
+            $quiet = 1;
+            $options &= ~$axtlsp::SSL_DISPLAY_CERTS;
+        }
+        elsif ($ARGV[$i] eq "-pass")
+        {
+            print_server_options($build_mode, $ARGV[$i]) if $i >= $#ARGV;
+            $password = $ARGV[++$i];
+        }
+        elsif ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            if ($ARGV[$i] eq "-debug")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_BYTES;
+            }
+            elsif ($ARGV[$i] eq "-state")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_STATES;
+            }
+            elsif ($ARGV[$i] eq "-show-rsa")
+            {
+                $options |= $axtlsp::SSL_DISPLAY_RSA;
+            }
+            else    # don't know what this is
+            {
+                print_client_options($build_mode, $ARGV[$i]);
+            }
+        }
+        else    # don't know what this is
+        {
+            print_client_options($build_mode, $ARGV[$i]);
+        }
+
+        $i++;
+    }
+
+    my $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+    my $ssl;
+    my $res;
+    my $native_sock = get_native_sock($client_sock->fileno);
+
+    printf("CONNECTED\n") if not $quiet;
+
+    ###########################################################################
+    # This is where the interesting stuff happens. Up until now we've
+    # just been setting up sockets etc. Now we do the SSL handshake.
+    ###########################################################################
+    my $ssl_ctx = axtlsp::ssl_ctx_new($options, $axtlsp::SSL_DEFAULT_CLNT_SESS);
+    die "Error: Client context is invalid" if not defined $ssl_ctx;
+
+    if (defined $private_key_file)
+    {
+        my $obj_type = $axtlsp::SSL_OBJ_RSA_KEY;
+
+        $obj_type = $axtlsp::SSL_OBJ_PKCS8 if $private_key_file =~ /.p8$/;
+        $obj_type = $axtlsp::SSL_OBJ_PKCS12 if $private_key_file =~ /.p12$/;
+
+        die "Private key '$private_key_file' is undefined." if 
+                axtlsp::ssl_obj_load($ssl_ctx, $obj_type,
+                        $private_key_file, $password);
+    }
+
+    foreach (@cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    foreach (@ca_cert)
+    {
+        die "Certificate '$_' is undefined." 
+            if axtlsp::ssl_obj_load($ssl_ctx, $axtlsp::SSL_OBJ_X509_CACERT, 
+                    $_, undef) != $axtlsp::SSL_OK;
+    }
+
+    # Try session resumption?
+    if ($reconnect)
+    {
+        my $session_id = undef;
+        my $sess_id_size = 0;
+
+        while ($reconnect--)
+        {
+            $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, 
+                            $session_id, $sess_id_size);
+
+            $res = axtlsp::ssl_handshake_status($ssl);
+            if ($res != $axtlsp::SSL_OK)
+            {
+                axtlsp::ssl_display_error($res) if !$quiet;
+                axtlsp::ssl_free($ssl);
+                exit 1;
+            }
+
+            display_session_id($ssl);
+            $session_id = axtlsp::ssl_get_session_id($ssl);
+
+            if ($reconnect)
+            {
+                axtlsp::ssl_free($ssl);
+                $client_sock->close;
+                $client_sock = new IO::Socket::INET (
+                        PeerAddr => $host, PeerPort => $port, Proto => 'tcp')
+                    || die ("no socket: $!");
+
+            }
+        }
+    }
+    else
+    {
+        $ssl = axtlsp::ssl_client_new($ssl_ctx, $native_sock, undef, 0);
+    }
+
+    # check the return status
+    $res = axtlsp::ssl_handshake_status($ssl);
+    if ($res != $axtlsp::SSL_OK)
+    {
+        axtlsp::ssl_display_error($res) if not $quiet;
+        exit 1;
+    }
+
+    if (!$quiet)
+    {
+        my $common_name = axtlsp::ssl_get_cert_dn($ssl, 
+                    $axtlsp::SSL_X509_CERT_COMMON_NAME);
+
+        printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name;
+        display_session_id($ssl);
+        display_cipher($ssl);
+    }
+
+    while (<STDIN>)
+    {
+        my $cstring = pack("a*x", $_);   # add null terminator
+        $res = axtlsp::ssl_write($ssl, \$cstring, length($cstring));
+        if ($res < $axtlsp::SSL_OK)
+        {
+            axtlsp::ssl_display_error($res) if not $quiet;
+            last;
+        }
+    }
+
+    axtlsp::ssl_ctx_free($ssl_ctx);
+    $client_sock->close;
+}
+
+#
+# We've had some sort of command-line error. Print out the basic options.
+#
+sub print_options
+{
+    my ($option) = @_;
+    printf("axssl: Error: '%s' is an invalid command.\n", $option);
+    printf("usage: axssl [s_server|s_client|version] [args ...]\n");
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the server options.
+#
+sub print_server_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+    printf("usage: s_server [args ...]\n");
+    printf(" -accept arg\t- port to accept on (default is 4433)\n");
+    printf(" -quiet\t\t- No server output\n");
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_SERVER_ONLY)
+    {
+        printf(" -cert arg\t- certificate file to add (in addition to default)".
+                                        " to chain -\n".
+          "\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+    }
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_VERIFICATION)
+    {
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+    }
+
+    if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+    {
+        printf(" -debug\t\t- Print more output\n");
+        printf(" -state\t\t- Show state messages\n");
+        printf(" -show-rsa\t- Show RSA state\n");
+    }
+
+    exit 1;
+}
+
+#
+# We've had some sort of command-line error. Print out the client options.
+#
+sub print_client_options
+{
+    my ($build_mode, $option) = @_;
+    my $cert_size = axtlsp::ssl_get_config($axtlsp::SSL_MAX_CERT_CFG_OFFSET);
+    my $ca_cert_size = axtlsp::ssl_get_config(
+            $axtlsp::SSL_MAX_CA_CERT_CFG_OFFSET);
+
+    printf("unknown option %s\n", $option);
+
+    if ($build_mode >= $axtlsp::SSL_BUILD_ENABLE_CLIENT)
+    {
+        printf("usage: s_client [args ...]\n");
+        printf(" -connect host:port - who to connect to (default ".
+                "is localhost:4433)\n");
+        printf(" -verify\t- turn on peer certificate verification\n");
+        printf(" -cert arg\t- certificate file to use - default DER format\n");
+        printf(" -key arg\t- Private key file to use - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $cert_size);
+        printf(" -CAfile arg\t- Certificate authority - default DER format\n");
+        printf("\t\t  Can repeat up to %d times\n", $ca_cert_size);
+        printf(" -quiet\t\t- No client output\n");
+        printf(" -pass\t\t- private key file pass phrase source\n");
+        printf(" -reconnect\t- Drop and re-make the connection ".
+                "with the same Session-ID\n");
+
+        if ($build_mode == $axtlsp::SSL_BUILD_FULL_MODE)
+        {
+            printf(" -debug\t\t- Print more output\n");
+            printf(" -state\t\t- Show state messages\n");
+            printf(" -show-rsa\t- Show RSA state\n");
+        }
+    }
+    else
+    {
+        printf("Change configuration to allow this feature\n");
+    }
+
+    exit 1;
+}
+
+#
+# Display what cipher we are using 
+#
+sub display_cipher
+{
+    my ($ssl) = @_;
+    printf("CIPHER is ");
+    my $cipher_id = axtlsp::ssl_get_cipher_id($ssl);
+
+    if ($cipher_id == $axtlsp::SSL_AES128_SHA)
+    {
+        printf("AES128-SHA");
+    }
+    elsif ($cipher_id == $axtlsp::SSL_AES256_SHA)
+    {
+        printf("AES256-SHA");
+    }
+    elsif ($axtlsp::SSL_AES128_SHA256)
+    {
+        printf("AES128-SHA256");
+    }
+    elsif ($axtlsp::SSL_AES256_SHA256)
+    {
+        printf("AES256-SHA256");
+    }
+    else 
+    {
+        printf("Unknown - %d", $cipher_id);
+    }
+
+    printf("\n");
+}
+
+#
+# Display what session id we have.
+#
+sub display_session_id
+{    
+    my ($ssl) = @_;
+    my $session_id = axtlsp::ssl_get_session_id($ssl);
+    if (length($$session_id) > 0)
+    {
+        printf("-----BEGIN SSL SESSION PARAMETERS-----\n");
+        printf(unpack("H*", $$session_id));
+        printf("\n-----END SSL SESSION PARAMETERS-----\n");
+    }
+}
diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb
new file mode 100644
index 0000000000..7e5d68277e
--- /dev/null
+++ b/samples/vbnet/axssl.vb
@@ -0,0 +1,702 @@
+'
+' Copyright (c) 2007-2016, Cameron Rich
+'
+' All rights reserved.
+'
+' Redistribution and use in source and binary forms, with or without
+' modification, are permitted provided that the following conditions are met:
+'
+' * Redistributions of source code must retain the above copyright notice,
+'   this list of conditions and the following disclaimer.
+' * Redistributions in binary form must reproduce the above copyright
+'   notice, this list of conditions and the following disclaimer in the
+'   documentation and/or other materials provided with the distribution.
+' * Neither the name of the axTLS project nor the names of its
+'   contributors may be used to endorse or promote products derived
+'   from this software without specific prior written permission.
+'
+' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+' "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+' LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+' A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+' CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+' TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+' DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+' OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+' NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+' THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+'
+
+'
+' Demonstrate the use of the axTLS library in VB.NET with a set of 
+' command-line parameters similar to openssl. In fact, openssl clients 
+' should be able to communicate with axTLS servers and visa-versa.
+'
+' This code has various bits enabled depending on the configuration. To enable
+' the most interesting version, compile with the 'full mode' enabled.
+'
+' To see what options you have, run the following:
+' > axssl.vbnet.exe s_server -?
+' > axssl.vbnet.exe s_client -?
+'
+' The axtls shared library must be in the same directory or be found 
+' by the OS.
+'
+
+Imports System
+Imports System.Net
+Imports System.Net.Sockets
+Imports Microsoft.VisualBasic
+Imports axTLSvb
+
+Public Class axssl
+    ' 
+    ' do_server()
+    '
+    Public Sub do_server(ByVal build_mode As Integer, _
+                                        ByVal args() As String)
+        Dim i As Integer = 1
+        Dim port As Integer = 4433
+        Dim options As Integer = axtls.SSL_DISPLAY_CERTS
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim private_key_file As String = Nothing
+
+        ' organise the cert/ca_cert lists 
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        While i < args.Length
+            If args(i) = "-accept" Then
+                If i >= args.Length-1
+                    print_server_options(build_mode, args(i))
+                End If
+
+                i += 1
+                port = Int32.Parse(args(i))
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And Not axtls.SSL_DISPLAY_CERTS
+            ElseIf build_mode >= axtls.SSL_BUILD_SERVER_ONLY
+                If args(i) = "-cert"
+                    If i >= args.Length-1 Or cert_index >= cert_size
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    cert(cert_index) = args(i)
+                    cert_index += 1
+                ElseIf args(i) = "-key"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    private_key_file = args(i)
+                    options = options Or axtls.SSL_NO_DEFAULT_KEY
+                ElseIf args(i) = "-pass"
+                    If i >= args.Length-1
+                        print_server_options(build_mode, args(i))
+                    End If
+
+                    i += 1
+                    password = args(i)
+                ElseIf build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+                    If args(i) = "-verify" Then
+                        options = options Or axtls.SSL_CLIENT_AUTHENTICATION
+                    ElseIf args(i) = "-CAfile"
+                        If i >= args.Length-1 Or _
+                                    ca_cert_index >= ca_cert_size Then
+                            print_server_options(build_mode, args(i))
+                        End If
+
+                        i += 1
+                        ca_cert(ca_cert_index) = args(i)
+                        ca_cert_index += 1
+                    ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                        If args(i) = "-debug" Then
+                            options = options Or axtls.SSL_DISPLAY_BYTES
+                        ElseIf args(i) = "-state"
+                            options = options Or axtls.SSL_DISPLAY_STATES
+                        ElseIf args(i) = "-show-rsa"
+                            options = options Or axtls.SSL_DISPLAY_RSA
+                        Else
+                            print_server_options(build_mode, args(i))
+                        End If
+                    Else
+                        print_server_options(build_mode, args(i))
+                    End If
+                Else
+                    print_server_options(build_mode, args(i))
+                End If
+            End If
+
+            i += 1
+        End While
+
+        ' Create socket for incoming connections
+        Dim ep As IPEndPoint = New IPEndPoint(IPAddress.Any, port)
+        Dim server_sock As TcpListener = New TcpListener(ep)
+        server_sock.Start()      
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLServer = New SSLServer(options, _
+                axtls.SSL_DEFAULT_SVR_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Server context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        Dim buf As Byte() = Nothing
+        Dim res As Integer
+        Dim ssl As SSL
+
+        While 1
+            If Not quiet Then
+                Console.WriteLine("ACCEPT")
+            End If
+
+            Dim client_sock As Socket = server_sock.AcceptSocket()
+
+            ssl = ssl_ctx.Connect(client_sock)
+
+            ' do the actual SSL handshake 
+            While 1
+                res = ssl_ctx.Read(ssl, buf)
+                If  res <> axtls.SSL_OK Then
+                    Exit While
+                End If
+
+                ' check when the connection has been established 
+                If ssl.HandshakeStatus() = axtls.SSL_OK
+                    Exit While
+                End If
+
+                ' could do something else here 
+            End While
+
+            If res = axtls.SSL_OK Then  ' connection established and ok
+                If Not quiet
+                    display_session_id(ssl)
+                    display_cipher(ssl)
+                End If
+
+                ' now read (and display) whatever the client sends us
+                While 1
+                    ' keep reading until we get something interesting 
+                    While 1
+                        res = ssl_ctx.Read(ssl, buf)
+                        If res <> axtls.SSL_OK Then
+                            Exit While
+                        End If
+
+                        ' could do something else here
+                    End While
+
+                    If res < axtls.SSL_OK
+                        If Not quiet
+                            Console.WriteLine("CONNECTION CLOSED")
+                        End If
+
+                        Exit While
+                    End If
+
+                    ' convert to String 
+                    Dim str(res) As Char
+                    For i = 0 To res-1
+                        str(i) = Chr(buf(i))
+                    Next
+
+                    Console.Write(str)
+                End While
+            ElseIf Not quiet
+                SSLUtil.DisplayError(res)
+            End If
+
+            ' client was disconnected or the handshake failed. */
+            ssl.Dispose()
+            client_sock.Close()
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    ' 
+    ' do_client()
+    '
+    Public Sub do_client(ByVal build_mode As Integer, _
+                                    ByVal args() As String)
+
+        If build_mode < axtls.SSL_BUILD_ENABLE_CLIENT Then
+            print_client_options(build_mode, args(1))
+        End If
+
+        Dim i As Integer = 1
+        Dim res As Integer
+        Dim port As Integer = 4433
+        Dim quiet As Boolean = False
+        Dim password As String = Nothing
+        Dim reconnect As Integer = 0
+        Dim private_key_file As String = Nothing
+        Dim hostname As String = "127.0.0.1"
+
+        ' organise the cert/ca_cert lists
+        Dim ssl As SSL = Nothing
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+        Dim cert(cert_size) As String
+        Dim ca_cert(ca_cert_size) As String
+        Dim cert_index As Integer = 0
+        Dim ca_cert_index As Integer = 0
+
+        Dim options As Integer = _
+                    axtls.SSL_SERVER_VERIFY_LATER Or axtls.SSL_DISPLAY_CERTS
+        Dim session_id As Byte() = Nothing
+
+        While i < args.Length
+            If args(i) = "-connect" Then
+                Dim host_port As String
+
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                host_port = args(i)
+
+                Dim index_colon As Integer = host_port.IndexOf(":"C)
+                If index_colon < 0 Then 
+                    print_client_options(build_mode, args(i))
+                End If
+
+                hostname = New String(host_port.ToCharArray(), _
+                        0, index_colon)
+                port = Int32.Parse(New String(host_port.ToCharArray(), _
+                            index_colon+1, host_port.Length-index_colon-1))
+            ElseIf args(i) = "-cert"
+                If i >= args.Length-1 Or cert_index >= cert_size Then
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                cert(cert_index) = args(i)
+                cert_index += 1
+            ElseIf args(i) = "-key"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                private_key_file = args(i)
+                options = options Or axtls.SSL_NO_DEFAULT_KEY
+            ElseIf args(i) = "-CAfile"
+                If i >= args.Length-1 Or ca_cert_index >= ca_cert_size
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                ca_cert(ca_cert_index) = args(i)
+                ca_cert_index += 1
+            ElseIf args(i) = "-verify"
+                options = options And Not axtls.SSL_SERVER_VERIFY_LATER
+            ElseIf args(i) = "-reconnect"
+                reconnect = 4
+            ElseIf args(i) = "-quiet"
+                quiet = True
+                options = options And  Not axtls.SSL_DISPLAY_CERTS
+            ElseIf args(i) = "-pass"
+                If i >= args.Length-1
+                    print_client_options(build_mode, args(i))
+                End If
+
+                i += 1
+                password = args(i)
+            ElseIf build_mode = axtls.SSL_BUILD_FULL_MODE
+                If args(i) = "-debug" Then
+                    options = options Or axtls.SSL_DISPLAY_BYTES
+                ElseIf args(i) = "-state"
+                    options = options Or axtls.SSL_DISPLAY_STATES
+                ElseIf args(i) = "-show-rsa"
+                    options = options Or axtls.SSL_DISPLAY_RSA
+                Else
+                    print_client_options(build_mode, args(i))
+                End If
+            Else    ' don't know what this is 
+                print_client_options(build_mode, args(i))
+            End If
+
+            i += 1
+        End While
+
+        'Dim hostInfo As IPHostEntry = Dns.Resolve(hostname)
+        Dim hostInfo As IPHostEntry = Dns.GetHostEntry(hostname)
+        Dim  addresses As IPAddress() = hostInfo.AddressList
+        Dim ep As IPEndPoint = New IPEndPoint(addresses(0), port) 
+        Dim client_sock As Socket = New Socket(AddressFamily.InterNetwork, _
+                SocketType.Stream, ProtocolType.Tcp)
+        client_sock.Connect(ep)
+
+        If Not client_sock.Connected Then
+            Console.WriteLine("could not connect")
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Console.WriteLine("CONNECTED")
+        End If
+
+        '*********************************************************************
+        ' This is where the interesting stuff happens. Up until now we've
+        ' just been setting up sockets etc. Now we do the SSL handshake.
+        '*********************************************************************/
+        Dim ssl_ctx As SSLClient = New SSLClient(options, _
+                axtls.SSL_DEFAULT_CLNT_SESS)
+
+        If ssl_ctx Is Nothing Then
+            Console.Error.WriteLine("Error: Client context is invalid")
+            Environment.Exit(1)
+        End If
+
+        If private_key_file <> Nothing Then
+            Dim obj_type As Integer = axtls.SSL_OBJ_RSA_KEY
+
+            If private_key_file.EndsWith(".p8") Then
+                obj_type = axtls.SSL_OBJ_PKCS8
+            Else If (private_key_file.EndsWith(".p12"))
+                obj_type = axtls.SSL_OBJ_PKCS12
+            End If
+
+            If ssl_ctx.ObjLoad(obj_type, private_key_file, _
+                                            password) <> axtls.SSL_OK Then
+                Console.Error.WriteLine("Error: Private key '" & _
+                        private_key_file & "' is undefined.")
+                Environment.Exit(1)
+            End If
+        End If
+
+        For i = 0 To cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CERT, _
+                            cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        For i = 0 To ca_cert_index-1
+            If ssl_ctx.ObjLoad(axtls.SSL_OBJ_X509_CACERT, _
+                            ca_cert(i), Nothing) <> axtls.SSL_OK Then
+                Console.WriteLine("Certificate '" & ca_cert(i) & _
+                        "' is undefined.")
+                Environment.Exit(1)
+            End If
+        Next
+
+        ' Try session resumption?
+        If reconnect > 0 Then
+            While reconnect > 0
+                reconnect -= 1
+                ssl = ssl_ctx.Connect(client_sock, session_id)
+
+                res = ssl.HandshakeStatus()
+                If res <> axtls.SSL_OK Then
+                    If Not quiet Then
+                        SSLUtil.DisplayError(res)
+                    End If
+
+                    ssl.Dispose()
+                    Environment.Exit(1)
+                End If
+
+                display_session_id(ssl)
+                session_id = ssl.GetSessionId()
+
+                If reconnect > 0 Then
+                    ssl.Dispose()
+                    client_sock.Close()
+                    
+                    ' and reconnect
+                    client_sock = New Socket(AddressFamily.InterNetwork, _
+                        SocketType.Stream, ProtocolType.Tcp)
+                    client_sock.Connect(ep)
+                End If
+            End While
+        Else
+            ssl = ssl_ctx.Connect(client_sock, Nothing)
+        End If
+
+        ' check the return status 
+        res = ssl.HandshakeStatus()
+        If res <> axtls.SSL_OK Then
+            If Not quiet Then
+                SSLUtil.DisplayError(res)
+            End If
+
+            Environment.Exit(1)
+        End If
+
+        If Not quiet Then
+            Dim common_name As String = _
+                ssl.GetCertificateDN(axtls.SSL_X509_CERT_COMMON_NAME)
+
+            If common_name <> Nothing
+                Console.WriteLine("Common Name:" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        ControlChars.Tab & common_name)
+            End If
+
+            display_session_id(ssl)
+            display_cipher(ssl)
+        End If
+
+        While (1)
+            Dim user_input As String = Console.ReadLine()
+
+            If user_input = Nothing Then
+                Exit While
+            End If
+
+            Dim buf(user_input.Length+1) As Byte
+            buf(buf.Length-2) = Asc(ControlChars.Lf) ' add the carriage return
+            buf(buf.Length-1) = 0                    ' null terminate 
+
+            For i = 0 To user_input.Length-1
+                buf(i) = Asc(user_input.Chars(i))
+            Next
+
+            res = ssl_ctx.Write(ssl, buf, buf.Length)
+            If res < axtls.SSL_OK Then
+                If Not quiet Then
+                    SSLUtil.DisplayError(res)
+                End If
+
+                Exit While
+            End If
+        End While
+
+        ssl_ctx.Dispose()
+    End Sub
+
+    '
+    ' Display what cipher we are using
+    '
+    Private Sub display_cipher(ByVal ssl As SSL)
+        Console.Write("CIPHER is ")
+
+        Select ssl.GetCipherId()
+            Case axtls.SSL_AES128_SHA
+                Console.WriteLine("AES128-SHA")
+
+            Case axtls.SSL_AES256_SHA
+                Console.WriteLine("AES256-SHA")
+
+            Case axtls.SSL_AES128_SHA256
+                Console.WriteLine("AES128-SHA256")
+
+            Case axtls.SSL_AES256_SHA256
+                Console.WriteLine("AES256-SHA256")
+
+            Case Else
+                Console.WriteLine("Unknown - " & ssl.GetCipherId())
+        End Select
+    End Sub
+
+    '
+    ' Display what session id we have.
+    '
+    Private Sub display_session_id(ByVal ssl As SSL)
+        Dim session_id As Byte() = ssl.GetSessionId()
+
+        If session_id.Length > 0 Then
+            Console.WriteLine("-----BEGIN SSL SESSION PARAMETERS-----")
+            Dim b As Byte
+            For Each b In session_id
+                Console.Write("{0:x02}", b)
+            Next
+
+            Console.WriteLine()
+            Console.WriteLine("-----END SSL SESSION PARAMETERS-----")
+        End If
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the basic options.
+    '
+    Public Sub print_options(ByVal options As String)
+        Console.WriteLine("axssl: Error: '" & options & _
+                "' is an invalid command.")
+        Console.WriteLine("usage: axssl.vbnet [s_server|s_client|" & _
+                "version] [args ...]")
+        Environment.Exit(1)
+    End Sub
+
+    ' 
+    ' We've had some sort of command-line error. Print out the server options.
+    '
+    Private Sub print_server_options(ByVal build_mode As Integer, _
+                                    ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+        Console.WriteLine("usage: s_server [args ...]")
+        Console.WriteLine(" -accept arg" & ControlChars.Tab & _
+                "- port to accept on (default is 4433)")
+        Console.WriteLine(" -quiet" & ControlChars.Tab & ControlChars.Tab & _
+                "- No server output")
+        If build_mode >= axtls.SSL_BUILD_SERVER_ONLY 
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+               "- certificate file to add (in addition to default) to chain -")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                        "- Private key file to use")
+            Console.WriteLine(" -pass" & ControlChars.Tab & ControlChars.Tab & _
+                    "- private key file pass phrase source")
+        End If
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_VERIFICATION
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+        End If
+
+        If build_mode = axtls.SSL_BUILD_FULL_MODE
+            Console.WriteLine(" -debug" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Print more output")
+            Console.WriteLine(" -state" & _
+                    ControlChars.Tab & ControlChars.Tab & _
+                    "- Show state messages")
+            Console.WriteLine(" -show-rsa" & _
+                    ControlChars.Tab & "- Show RSA state")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+    '
+    ' We've had some sort of command-line error. Print out the client options.
+    '
+    Private Sub print_client_options(ByVal build_mode As Integer, _
+                                                ByVal options As String)
+        Dim cert_size As Integer = SSLUtil.MaxCerts()
+        Dim ca_cert_size As Integer = SSLUtil.MaxCACerts()
+
+        Console.WriteLine("unknown option " & options)
+
+        If build_mode >= axtls.SSL_BUILD_ENABLE_CLIENT Then
+            Console.WriteLine("usage: s_client [args ...]")
+            Console.WriteLine(" -connect host:port - who to connect to " & _
+                    "(default is localhost:4433)")
+            Console.WriteLine(" -verify" & ControlChars.Tab & _
+                    "- turn on peer certificate verification")
+            Console.WriteLine(" -cert arg" & ControlChars.Tab & _
+                    "- certificate file to use")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & cert_size & " times")
+            Console.WriteLine(" -key arg" & ControlChars.Tab & _
+                    "- Private key file to use")
+            Console.WriteLine(" -CAfile arg" & ControlChars.Tab & _
+                    "- Certificate authority")
+            Console.WriteLine(ControlChars.Tab & ControlChars.Tab & _
+                    "  Can repeat up to " & ca_cert_size & " times")
+            Console.WriteLine(" -quiet" & _
+                    ControlChars.Tab & ControlChars.Tab & "- No client output")
+            Console.WriteLine(" -pass" & ControlChars.Tab & _
+                    ControlChars.Tab & _
+                    "- private key file pass phrase source")
+            Console.WriteLine(" -reconnect" & ControlChars.Tab & _
+                    "- Drop and re-make the " & _
+                    "connection with the same Session-ID")
+
+            If build_mode = axtls.SSL_BUILD_FULL_MODE Then
+                Console.WriteLine(" -debug" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Print more output")
+                Console.WriteLine(" -state" & _
+                        ControlChars.Tab & ControlChars.Tab & _
+                        "- Show state messages")
+                Console.WriteLine(" -show-rsa" & ControlChars.Tab & _
+                        "- Show RSA state")
+            End If
+        Else 
+            Console.WriteLine("Change configuration to allow this feature")
+        End If
+
+        Environment.Exit(1)
+    End Sub
+
+End Class
+
+Public Module MyMain
+    Function Main(ByVal args() As String) As Integer
+        Dim runner As axssl = New axssl()
+
+        If args.Length = 1 And args(0) = "version" Then
+           Console.WriteLine("axssl.vbnet " & SSLUtil.Version())
+            Environment.Exit(0)
+        End If
+
+        If args.Length < 1 
+            runner.print_options("")
+        ElseIf args(0) <> "s_server" And args(0) <> "s_client"
+            runner.print_options(args(0))
+        End If
+
+        Dim build_mode As Integer = SSLUtil.BuildMode()
+
+        If args(0) = "s_server" Then
+            runner.do_server(build_mode, args)
+        Else
+            runner.do_client(build_mode, args)
+        End If
+    End Function
+End Module
diff --git a/ssl/asn1.c b/ssl/asn1.c
new file mode 100644
index 0000000000..b53562cd9e
--- /dev/null
+++ b/ssl/asn1.c
@@ -0,0 +1,782 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Some primitive asn methods for extraction ASN.1 data.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+/* 1.2.840.113549.1.1 OID prefix - handle the following */
+/* md5WithRSAEncryption(4) */
+/* sha1WithRSAEncryption(5) */
+/* sha256WithRSAEncryption (11) */
+/* sha384WithRSAEncryption (12) */
+/* sha512WithRSAEncryption (13) */
+static const uint8_t sig_oid_prefix[] = 
+{
+    0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
+};
+
+/* 1.3.14.3.2.29 SHA1 with RSA signature */
+static const uint8_t sig_sha1WithRSAEncrypt[] =
+{
+    0x2b, 0x0e, 0x03, 0x02, 0x1d
+};
+
+/* 2.16.840.1.101.3.4.2.1 SHA-256 */
+static const uint8_t sig_sha256[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
+};
+
+/* 2.16.840.1.101.3.4.2.2 SHA-384 */
+static const uint8_t sig_sha384[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
+};
+
+/* 2.16.840.1.101.3.4.2.3 SHA-512 */
+static const uint8_t sig_sha512[] =
+{
+    0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
+};
+
+static const uint8_t sig_subject_alt_name[] =
+{
+    0x55, 0x1d, 0x11
+};
+
+static const uint8_t sig_basic_constraints[] =
+{
+    0x55, 0x1d, 0x13
+};
+
+static const uint8_t sig_key_usage[] =
+{
+    0x55, 0x1d, 0x0f
+};
+
+/* CN, O, OU, L, C, ST */
+static const uint8_t g_dn_types[] = { 3, 10, 11, 7, 6, 8 };
+
+uint32_t get_asn1_length(const uint8_t *buf, int *offset)
+{
+    int i;
+    uint32_t len;
+
+    if (!(buf[*offset] & 0x80)) /* short form */
+    {
+        len = buf[(*offset)++];
+    }
+    else  /* long form */
+    {
+        int length_bytes = buf[(*offset)++]&0x7f;
+        if (length_bytes > 4)   /* limit number of bytes */
+            return 0;
+
+        len = 0;
+        for (i = 0; i < length_bytes; i++)
+        {
+            len <<= 8;
+            len += buf[(*offset)++];
+        }
+    }
+
+    return len;
+}
+
+/**
+ * Skip the ASN1.1 object type and its length. Get ready to read the object's
+ * data.
+ */
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+
+    (*offset)++;
+    return get_asn1_length(buf, offset);
+}
+
+/**
+ * Skip over an ASN.1 object type completely. Get ready to read the next
+ * object.
+ */
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type)
+{
+    int len;
+
+    if (buf[*offset] != obj_type)
+        return X509_NOT_OK;
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+    *offset += len;
+    return 0;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ * Note: This function allocates memory which must be freed by the user.
+ */
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object)
+{
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0)
+        goto end_big_int;
+
+    if (len > 1 && buf[*offset] == 0x00)    /* ignore the negative byte */
+    {
+        len--;
+        (*offset)++;
+    }
+
+    *object = (uint8_t *)malloc(len);
+    memcpy(*object, &buf[*offset], len);
+    *offset += len;
+
+end_big_int:
+    return len;
+}
+
+/**
+ * Read an integer value for ASN.1 data
+ */
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val)
+{
+    int res = X509_OK;
+    int len;
+    int i;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_INTEGER)) < 0 || 
+                len > sizeof(int32_t))
+    {
+        res = X509_NOT_OK;
+        goto end_int;
+    }
+
+    *val = 0;
+    for (i = 0; i < len; i++)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset)++];
+    }
+
+end_int:
+    return res;
+}
+
+/**
+ * Read an boolean value for ASN.1 data
+ */
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val)
+{
+    int res = X509_OK;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) != 1)
+    {
+        res = X509_NOT_OK;
+        goto end_bool;
+    }
+
+    /* DER demands that "If the encoding represents the boolean value TRUE,
+       its single contents octet shall have all eight bits set to one."
+       Thus only 0 and 255 are valid encoded values. */
+    *val = buf[(*offset)++] == 0xFF;
+
+end_bool:
+    return res;
+}
+
+/**
+ * Convert an ASN.1 bit string into a 32 bit integer. Used for key usage
+ */
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val)
+{
+    int res = X509_OK;
+    int len, i;
+    int ignore_bits;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_BIT_STRING)) < 0 || len > 5)
+    {
+        res = X509_NOT_OK;
+        goto end_bit_string_as_int;
+    }
+
+    /* number of bits left unused in the final byte of content */
+    ignore_bits = buf[(*offset)++];
+    len--;
+    *val = 0;
+
+    /* not sure why key usage doesn't used proper DER spec version */
+    for (i = len-1; i >= 0; --i)
+    {
+        *val <<= 8;
+        *val |= buf[(*offset) + i];
+    }
+
+    *offset += len;
+
+    /*for (i = 0; i < ignore_bits; i++)
+    {
+        *val >>= 1;
+    }*/
+
+end_bit_string_as_int:
+    return res;
+}
+
+/**
+ * Get all the RSA private key specifics from an ASN.1 encoded file 
+ */
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx)
+{
+    int offset = 7;
+    uint8_t *modulus = NULL, *priv_exp = NULL, *pub_exp = NULL;
+    int mod_len, priv_len, pub_len;
+#ifdef CONFIG_BIGINT_CRT
+    uint8_t *p = NULL, *q = NULL, *dP = NULL, *dQ = NULL, *qInv = NULL;
+    int p_len, q_len, dP_len, dQ_len, qInv_len;
+#endif
+
+    /* not in der format */
+    if (buf[0] != ASN1_SEQUENCE) /* basic sanity check */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: This is not a valid ASN.1 file\n");
+#endif
+        return X509_INVALID_PRIV_KEY;
+    }
+
+    /* Use the private key to mix up the RNG if possible. */
+    RNG_custom_init(buf, len);
+
+    mod_len = asn1_get_big_int(buf, &offset, &modulus);
+    pub_len = asn1_get_big_int(buf, &offset, &pub_exp);
+    priv_len = asn1_get_big_int(buf, &offset, &priv_exp);
+
+    if (mod_len <= 0 || pub_len <= 0 || priv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+#ifdef CONFIG_BIGINT_CRT
+    p_len = asn1_get_big_int(buf, &offset, &p);
+    q_len = asn1_get_big_int(buf, &offset, &q);
+    dP_len = asn1_get_big_int(buf, &offset, &dP);
+    dQ_len = asn1_get_big_int(buf, &offset, &dQ);
+    qInv_len = asn1_get_big_int(buf, &offset, &qInv);
+
+    if (p_len <= 0 || q_len <= 0 || dP_len <= 0 || dQ_len <= 0 || qInv_len <= 0)
+        return X509_INVALID_PRIV_KEY;
+
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len,
+            p, p_len, q, p_len, dP, dP_len, dQ, dQ_len, qInv, qInv_len);
+
+    free(p);
+    free(q);
+    free(dP);
+    free(dQ);
+    free(qInv);
+#else
+    RSA_priv_key_new(rsa_ctx, 
+            modulus, mod_len, pub_exp, pub_len, priv_exp, priv_len);
+#endif
+
+    free(modulus);
+    free(priv_exp);
+    free(pub_exp);
+    return X509_OK;
+}
+
+/**
+ * Get the time of a certificate. Ignore hours/minutes/seconds.
+ */
+static int asn1_get_utc_time(const uint8_t *buf, int *offset, time_t *t)
+{
+    int ret = X509_NOT_OK, len, t_offset, abs_year;
+    struct tm tm;
+
+    /* see http://tools.ietf.org/html/rfc5280#section-4.1.2.5 */
+    if (buf[*offset] == ASN1_UTC_TIME)
+    {
+        (*offset)++;
+
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
+
+        memset(&tm, 0, sizeof(struct tm));
+        tm.tm_year = (buf[t_offset] - '0')*10 + (buf[t_offset+1] - '0');
+
+        if (tm.tm_year < 50)    /* 1951-2050 thing */
+        {
+            tm.tm_year += 100;
+        }
+
+        tm.tm_mon = (buf[t_offset+2] - '0')*10 + (buf[t_offset+3] - '0') - 1;
+        tm.tm_mday = (buf[t_offset+4] - '0')*10 + (buf[t_offset+5] - '0');
+        tm.tm_hour = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+        tm.tm_min = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+        tm.tm_sec = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+        *t = mktime(&tm);
+        *offset += len;
+        ret = X509_OK;
+    }
+    else if (buf[*offset] == ASN1_GENERALIZED_TIME)
+    {
+        (*offset)++;
+
+        len = get_asn1_length(buf, offset);
+        t_offset = *offset;
+
+        memset(&tm, 0, sizeof(struct tm));
+        abs_year = ((buf[t_offset] - '0')*1000 +
+                (buf[t_offset+1] - '0')*100 + (buf[t_offset+2] - '0')*10 +
+                (buf[t_offset+3] - '0'));
+
+        if (abs_year <= 1901)
+        {
+          tm.tm_year = 1;
+          tm.tm_mon = 0;
+          tm.tm_mday = 1;
+        }
+        else
+        {
+            tm.tm_year = abs_year - 1900;
+            tm.tm_mon = (buf[t_offset+4] - '0')*10 + 
+                                    (buf[t_offset+5] - '0') - 1;
+            tm.tm_mday = (buf[t_offset+6] - '0')*10 + (buf[t_offset+7] - '0');
+            tm.tm_hour = (buf[t_offset+8] - '0')*10 + (buf[t_offset+9] - '0');
+            tm.tm_min = (buf[t_offset+10] - '0')*10 + (buf[t_offset+11] - '0');
+            tm.tm_sec = (buf[t_offset+12] - '0')*10 + (buf[t_offset+13] - '0');
+            *t = mktime(&tm);
+        }
+
+        *offset += len;
+        ret = X509_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Get the version type of a certificate
+ */
+int asn1_version(const uint8_t *cert, int *offset, int *val)
+{
+    (*offset) += 2;        /* get past explicit tag */
+    return asn1_get_int(cert, offset, val);
+}
+
+/**
+ * Retrieve the notbefore and notafter certificate times.
+ */
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
+              asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
+}
+
+/**
+ * Get the components of a distinguished name 
+ */
+static int asn1_get_oid_x520(const uint8_t *buf, int *offset)
+{
+    int dn_type = 0;
+    int len;
+
+    if ((len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto end_oid;
+
+    /* expect a sequence of 2.5.4.[x] where x is a one of distinguished name 
+       components we are interested in. */
+    if (len == 3 && buf[(*offset)++] == 0x55 && buf[(*offset)++] == 0x04)
+        dn_type = buf[(*offset)++];
+    else
+    {
+        *offset += len;     /* skip over it */
+    }
+
+end_oid:
+    return dn_type;
+}
+
+/**
+ * Obtain an ASN.1 printable string type.
+ */
+static int asn1_get_printable_str(const uint8_t *buf, int *offset, char **str)
+{
+    int len = X509_NOT_OK;
+    int asn1_type = buf[*offset];
+
+    /* some certs have this awful crud in them for some reason */
+    if (asn1_type != ASN1_PRINTABLE_STR &&  
+            asn1_type != ASN1_PRINTABLE_STR2 &&  
+            asn1_type != ASN1_TELETEX_STR &&  
+            asn1_type != ASN1_IA5_STR &&  
+            asn1_type != ASN1_UNICODE_STR)
+        goto end_pnt_str;
+
+    (*offset)++;
+    len = get_asn1_length(buf, offset);
+
+    if (asn1_type == ASN1_UNICODE_STR)
+    {
+        int i;
+        *str = (char *)malloc(len/2+1);     /* allow for null */
+
+        for (i = 0; i < len; i += 2)
+            (*str)[i/2] = buf[*offset + i + 1];
+
+        (*str)[len/2] = 0;                  /* null terminate */
+    }
+    else
+    {
+        *str = (char *)malloc(len+1);       /* allow for null */
+        memcpy(*str, &buf[*offset], len);
+        (*str)[len] = 0;                    /* null terminate */
+    }
+
+    *offset += len;
+
+end_pnt_str:
+    return len;
+}
+
+/**
+ * Get the subject name (or the issuer) of a certificate.
+ */
+int asn1_name(const uint8_t *cert, int *offset, char *dn[])
+{
+    int ret = X509_NOT_OK;
+    int dn_type;
+    char *tmp;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_name;
+
+    while (asn1_next_obj(cert, offset, ASN1_SET) >= 0)
+    {
+        int i, found = 0;
+
+        if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+               (dn_type = asn1_get_oid_x520(cert, offset)) < 0)
+            goto end_name;
+
+        tmp = NULL;
+
+        if (asn1_get_printable_str(cert, offset, &tmp) < 0)
+        {
+            free(tmp);
+            goto end_name;
+        }
+
+        /* find the distinguished named type */
+        for (i = 0; i < X509_NUM_DN_TYPES; i++)
+        {
+            if (dn_type == g_dn_types[i])
+            {
+                if (dn[i] == NULL)
+                {
+                    dn[i] = tmp;
+                    found = 1;
+                    break;
+                }
+            }
+        }
+
+        if (found == 0) /* not found so get rid of it */
+        {
+            free(tmp);
+        }
+    }
+
+    ret = X509_OK;
+end_name:
+    return ret;
+}
+
+/**
+ * Read the modulus and public exponent of a certificate.
+ */
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, mod_len, pub_len;
+    uint8_t *modulus = NULL, *pub_exp = NULL;
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(cert, offset, ASN1_SEQUENCE) ||
+            asn1_next_obj(cert, offset, ASN1_BIT_STRING) < 0)
+        goto end_pub_key;
+
+    (*offset)++;        /* ignore the padding bit field */
+
+    if (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0)
+        goto end_pub_key;
+
+    mod_len = asn1_get_big_int(cert, offset, &modulus);
+    pub_len = asn1_get_big_int(cert, offset, &pub_exp);
+
+    RSA_pub_key_new(&x509_ctx->rsa_ctx, modulus, mod_len, pub_exp, pub_len);
+
+    free(modulus);
+    free(pub_exp);
+    ret = X509_OK;
+
+end_pub_key:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Read the signature of the certificate.
+ */
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK;
+
+    if (cert[(*offset)++] != ASN1_BIT_STRING)
+        goto end_sig;
+
+    x509_ctx->sig_len = get_asn1_length(cert, offset)-1;
+    (*offset)++;            /* ignore bit string padding bits */
+    x509_ctx->signature = (uint8_t *)malloc(x509_ctx->sig_len);
+    memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
+    *offset += x509_ctx->sig_len;
+    ret = X509_OK;
+
+end_sig:
+    return ret;
+}
+
+/*
+ * Compare 2 distinguished name components for equality 
+ * @return 0 if a match
+ */
+static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
+{
+    int ret;
+
+    if (dn1 == NULL && dn2 == NULL)
+        ret = 0;
+    else
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 1;
+
+    return ret;
+}
+
+/**
+ * Clean up all of the CA certificates.
+ */
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx)
+{
+    int i = 0;
+
+    if (ca_cert_ctx == NULL)
+        return;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+    {
+        x509_free(ca_cert_ctx->cert[i]);
+        ca_cert_ctx->cert[i++] = NULL;
+    }
+
+    free(ca_cert_ctx);
+}
+
+/*
+ * Compare 2 distinguished names for equality 
+ * @return 0 if a match
+ */
+int asn1_compare_dn(char * const dn1[], char * const dn2[])
+{
+    int i;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        if (asn1_compare_dn_comp(dn1[i], dn2[i]))
+            return 1;
+    }
+
+    return 0;       /* all good */
+}
+
+int asn1_find_oid(const uint8_t* cert, int* offset, 
+                    const uint8_t* oid, int oid_length)
+{
+    int seqlen;
+    if ((seqlen = asn1_next_obj(cert, offset, ASN1_SEQUENCE))> 0)
+    {
+        int end = *offset + seqlen;
+
+        while (*offset < end)
+        {
+            int type = cert[(*offset)++];
+            int length = get_asn1_length(cert, offset);
+            int noffset = *offset + length;
+
+            if (type == ASN1_SEQUENCE)
+            {
+                type = cert[(*offset)++];
+                length = get_asn1_length(cert, offset);
+
+                if (type == ASN1_OID && length == oid_length && 
+                              memcmp(cert + *offset, oid, oid_length) == 0)
+                {
+                    *offset += oid_length;
+                    return 1;
+                }
+            }
+
+            *offset = noffset;
+        }
+    }
+
+    return 0;
+}
+
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_subject_alt_name, 
+                                sizeof(sig_subject_alt_name)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+int asn1_is_basic_constraints(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_basic_constraints, 
+                                sizeof(sig_basic_constraints)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+int asn1_is_key_usage(const uint8_t *cert, int offset)
+{
+    if (asn1_find_oid(cert, &offset, sig_key_usage, 
+                                sizeof(sig_key_usage)))
+    {
+        return offset;
+    }
+
+    return 0;
+}
+
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset)
+{
+    /* critical is optional */
+    bool res = false;
+
+    if (asn1_next_obj(buf, offset, ASN1_BOOLEAN) == 1)
+        res = buf[(*offset)++] == 0xFF;
+
+    return res;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Read the signature type of the certificate. We only support RSA-MD5 and
+ * RSA-SHA1 signature types.
+ */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx)
+{
+    int ret = X509_NOT_OK, len;
+
+    if (cert[(*offset)++] != ASN1_OID)
+        goto end_check_sig;
+
+    len = get_asn1_length(cert, offset);
+
+    if (len == sizeof(sig_sha1WithRSAEncrypt) && 
+            memcmp(sig_sha1WithRSAEncrypt, &cert[*offset], 
+                                    sizeof(sig_sha1WithRSAEncrypt)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA1;
+    }
+    else if (len == sizeof(sig_sha256) && 
+            memcmp(sig_sha256, &cert[*offset], 
+                                    sizeof(sig_sha256)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA256;
+    }
+    else if (len == sizeof(sig_sha384) && 
+            memcmp(sig_sha384, &cert[*offset], 
+                                    sizeof(sig_sha384)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA384;
+    }
+    else if (len == sizeof(sig_sha512) && 
+            memcmp(sig_sha512, &cert[*offset], 
+                                    sizeof(sig_sha512)) == 0)
+    {
+        x509_ctx->sig_type = SIG_TYPE_SHA512;
+    }
+    else
+    {
+        if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            int i;
+            printf("invalid digest: ");
+
+            for (i = 0; i < len; i++)
+                printf("%02x ", cert[*offset + i]);
+
+            printf("\n");
+#endif
+            goto end_check_sig;     /* unrecognised cert type */
+        }
+
+        x509_ctx->sig_type = cert[*offset + sizeof(sig_oid_prefix)];
+    }
+
+    *offset += len;
+    asn1_skip_obj(cert, offset, ASN1_NULL); /* if it's there */
+    ret = X509_OK;
+
+end_check_sig:
+    return ret;
+}
+
diff --git a/ssl/cert.h b/ssl/cert.h
new file mode 100644
index 0000000000..40234b9b1c
--- /dev/null
+++ b/ssl/cert.h
@@ -0,0 +1,54 @@
+unsigned char default_certificate[] = {
+  0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0x40, 0x02, 0x09, 0x00, 0xa5,
+  0x2a, 0xc8, 0x78, 0x87, 0xf2, 0xe7, 0xc5, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x34,
+  0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x29, 0x61,
+  0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74,
+  0x20, 0x44, 0x6f, 0x64, 0x67, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+  0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f,
+  0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x31, 0x32,
+  0x33, 0x30, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a, 0x17, 0x0d, 0x33,
+  0x30, 0x30, 0x39, 0x30, 0x38, 0x32, 0x31, 0x30, 0x34, 0x32, 0x37, 0x5a,
+  0x30, 0x2c, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+  0x0d, 0x61, 0x78, 0x54, 0x4c, 0x53, 0x20, 0x50, 0x72, 0x6f, 0x6a, 0x65,
+  0x63, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+  0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x81,
+  0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+  0x81, 0x81, 0x00, 0xbd, 0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa,
+  0xb9, 0x3a, 0x1f, 0x8b, 0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0,
+  0x11, 0x9a, 0x9c, 0xdc, 0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3,
+  0x05, 0x0e, 0x61, 0xc1, 0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a,
+  0xff, 0x9b, 0xb8, 0x7a, 0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99,
+  0xa5, 0xa2, 0x99, 0x53, 0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01,
+  0xe7, 0xdf, 0xe9, 0xec, 0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0,
+  0xc8, 0x6d, 0x41, 0x45, 0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28,
+  0xdf, 0x36, 0xe2, 0x73, 0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb,
+  0x0d, 0x9b, 0xef, 0xa8, 0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07,
+  0xa9, 0x86, 0x0d, 0x3f, 0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02,
+  0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+  0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
+  0x32, 0xe0, 0x3c, 0x6e, 0x21, 0xe6, 0xa6, 0xf4, 0xb8, 0x10, 0x9f, 0x8a,
+  0xe6, 0x0b, 0x84, 0x4e, 0x2c, 0xe5, 0x14, 0xca, 0x56, 0x81, 0x3f, 0xc0,
+  0x2c, 0xa3, 0x39, 0x89, 0x24, 0xce, 0xaf, 0x47, 0x2e, 0x19, 0x62, 0xb2,
+  0xe4, 0x76, 0x91, 0x25, 0xbc, 0xe1, 0xa8, 0xee, 0x6a, 0x68, 0x3a, 0x77,
+  0xb9, 0xb2, 0x62, 0x97, 0x0c, 0x25, 0x3c, 0x5e, 0x13, 0x48, 0x87, 0x80,
+  0xa3, 0x91, 0xd9, 0x2e, 0xe6, 0x92, 0x2b, 0x1c, 0x52, 0x24, 0xb1, 0x77,
+  0xc6, 0xf6, 0xde, 0xd8, 0x9b, 0xd9, 0x57, 0x37, 0x56, 0x68, 0x17, 0x32,
+  0x66, 0x01, 0x08, 0x38, 0x08, 0x9a, 0xc1, 0x8c, 0x5e, 0x3f, 0xe7, 0xc9,
+  0x44, 0xcb, 0x62, 0xb9, 0x48, 0xc7, 0x89, 0xa6, 0xff, 0x8e, 0x7d, 0x3d,
+  0xe1, 0x46, 0x32, 0x9c, 0x13, 0x06, 0x9a, 0xd1, 0x17, 0xab, 0x3f, 0xa9,
+  0x90, 0x04, 0x33, 0x2d, 0x3f, 0x81, 0x0a, 0xa5, 0x55, 0xce, 0xb6, 0x95,
+  0x54, 0xad, 0xf1, 0x4f, 0xa2, 0xca, 0xc3, 0xf6, 0x25, 0x7b, 0x71, 0xd2,
+  0x68, 0x85, 0xe9, 0x72, 0xb6, 0x99, 0x34, 0x6d, 0xe5, 0x5f, 0xf6, 0x74,
+  0x1c, 0xb9, 0xa2, 0xda, 0x2b, 0x04, 0xff, 0x82, 0xc5, 0x09, 0x04, 0xc4,
+  0xba, 0xbc, 0x82, 0x3e, 0xb4, 0x72, 0x18, 0x8e, 0x30, 0x68, 0x48, 0x4a,
+  0x0d, 0xa7, 0x3d, 0xb5, 0xf4, 0x42, 0x3a, 0x97, 0x60, 0x7d, 0xa8, 0x61,
+  0x8a, 0x9e, 0x98, 0xc4, 0x7e, 0x65, 0x99, 0xea, 0x7e, 0xca, 0x75, 0xe7,
+  0xdb, 0x21, 0x5d, 0xce, 0x7c, 0x66, 0x3d, 0x7e, 0xdc, 0x14, 0xfe, 0x55,
+  0x04, 0x97, 0xa8, 0x64, 0x12, 0xb4, 0xb5, 0x30, 0x48, 0x72, 0xbc, 0xdb,
+  0xeb, 0x5b, 0x4f, 0xa6, 0xfb, 0x87, 0x01, 0x41, 0x91, 0xec, 0x98, 0x98,
+  0xf1, 0x4b, 0x38, 0xa2, 0x40, 0xf1, 0x05, 0x90, 0xbb, 0x9b, 0x5d, 0x96,
+  0xb1, 0x22, 0x6b, 0x50
+};
+unsigned int default_certificate_len = 604;
diff --git a/ssl/config.h b/ssl/config.h
new file mode 100644
index 0000000000..8731430703
--- /dev/null
+++ b/ssl/config.h
@@ -0,0 +1,127 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#undef CONFIG_PLATFORM_LINUX
+#define CONFIG_PLATFORM_CYGWIN 1
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#define PREFIX "/usr/local"
+#define CONFIG_DEBUG 1
+#undef CONFIG_STRIP_UNWANTED_SECTIONS
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#undef CONFIG_VISUAL_STUDIO_10_0
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#define CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
+#undef CONFIG_SSL_PROT_LOW
+#define CONFIG_SSL_PROT_MEDIUM 1
+#undef CONFIG_SSL_PROT_HIGH
+#undef CONFIG_SSL_USE_DEFAULT_KEY
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
+#define CONFIG_SSL_X509_CERT_LOCATION ""
+#undef CONFIG_SSL_GENERATE_X509_CERT
+#define CONFIG_SSL_X509_COMMON_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
+#undef CONFIG_SSL_ENABLE_V23_HANDSHAKE
+#define CONFIG_SSL_HAS_PEM 1
+#undef CONFIG_SSL_USE_PKCS12
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 10
+#define CONFIG_SSL_MAX_CERTS 1
+#undef CONFIG_SSL_CTX_MUTEXING
+#undef CONFIG_USE_DEV_URANDOM
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#undef CONFIG_OPENSSL_COMPATIBLE
+#undef CONFIG_PERFORMANCE_TESTING
+#define CONFIG_SSL_TEST 1
+#undef CONFIG_AXTLSWRAP
+#define CONFIG_AXHTTPD 1
+
+/*
+ * Axhttpd Configuration
+ */
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_PORT 80
+#define CONFIG_HTTP_HTTPS_PORT 443
+#define CONFIG_HTTP_SESSION_CACHE_SIZE 5
+#define CONFIG_HTTP_WEBROOT "../www"
+#define CONFIG_HTTP_TIMEOUT 300
+
+/*
+ * CGI
+ */
+#undef CONFIG_HTTP_HAS_CGI 
+#define CONFIG_HTTP_CGI_EXTENSIONS ".lua,.lp,.php"
+#define CONFIG_HTTP_ENABLE_LUA 1
+#define CONFIG_HTTP_LUA_PREFIX "/usr"
+#undef CONFIG_HTTP_BUILD_LUA
+#define CONFIG_HTTP_CGI_LAUNCHER "/usr/bin/cgi"
+#define CONFIG_HTTP_DIRECTORIES 1
+#define CONFIG_HTTP_HAS_AUTHORIZATION 1
+#undef CONFIG_HTTP_HAS_IPV6
+#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
+#define CONFIG_HTTP_USER ""
+#define CONFIG_HTTP_VERBOSE 0
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#undef CONFIG_BINDINGS
+#undef CONFIG_CSHARP_BINDINGS
+#undef CONFIG_VBNET_BINDINGS
+#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
+#undef CONFIG_JAVA_BINDINGS
+#define CONFIG_JAVA_HOME ""
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+#undef CONFIG_LUA_BINDINGS
+#define CONFIG_LUA_CORE ""
+
+/*
+ * Samples
+ */
+#define CONFIG_SAMPLES 1
+#define CONFIG_C_SAMPLES 1
+#undef CONFIG_CSHARP_SAMPLES
+#undef CONFIG_VBNET_SAMPLES
+#undef CONFIG_JAVA_SAMPLES
+#undef CONFIG_PERL_SAMPLES
+#undef CONFIG_LUA_SAMPLES
+
+/*
+ * BigInt Options
+ */
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH 
+#define SQU_KARATSUBA_THRESH 
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
+#define CONFIG_BIGINT_CHECK_ON 1
+#define CONFIG_INTEGER_32BIT 1
+#undef CONFIG_INTEGER_16BIT
+#undef CONFIG_INTEGER_8BIT
diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h
new file mode 100644
index 0000000000..33a4455c90
--- /dev/null
+++ b/ssl/crypto_misc.h
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/**
+ * @file crypto_misc.h
+ */
+
+#ifndef HEADER_CRYPTO_MISC_H
+#define HEADER_CRYPTO_MISC_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "crypto.h"
+#include "bigint.h"
+
+/**************************************************************************
+ * X509 declarations 
+ **************************************************************************/
+#define X509_OK                             0
+#define X509_NOT_OK                         -1
+#define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
+#define X509_VFY_ERROR_BAD_SIGNATURE        -3      
+#define X509_VFY_ERROR_NOT_YET_VALID        -4
+#define X509_VFY_ERROR_EXPIRED              -5
+#define X509_VFY_ERROR_SELF_SIGNED          -6
+#define X509_VFY_ERROR_INVALID_CHAIN        -7
+#define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
+#define X509_INVALID_PRIV_KEY               -9
+#define X509_MAX_CERTS                      -10
+#define X509_VFY_ERROR_BASIC_CONSTRAINT     -11
+
+/*
+ * The Distinguished Name
+ */
+#define X509_NUM_DN_TYPES                   6
+#define X509_COMMON_NAME                    0
+#define X509_ORGANIZATION                   1
+#define X509_ORGANIZATIONAL_UNIT            2
+#define X509_LOCATION                       3
+#define X509_COUNTRY                        4
+#define X509_STATE                          5
+
+/*
+ * Key Usage bits
+ */
+#define IS_SET_KEY_USAGE_FLAG(A, B)          (A->key_usage & B)
+
+#define KEY_USAGE_DIGITAL_SIGNATURE         0x0080
+#define KEY_USAGE_NON_REPUDIATION           0x0040
+#define KEY_USAGE_KEY_ENCIPHERMENT          0x0020
+#define KEY_USAGE_DATA_ENCIPHERMENT         0x0010
+#define KEY_USAGE_KEY_AGREEMENT             0x0008
+#define KEY_USAGE_KEY_CERT_SIGN             0x0004
+#define KEY_USAGE_CRL_SIGN                  0x0002
+#define KEY_USAGE_ENCIPHER_ONLY             0x0001
+#define KEY_USAGE_DECIPHER_ONLY             0x8000
+
+struct _x509_ctx
+{
+    char *ca_cert_dn[X509_NUM_DN_TYPES];
+    char *cert_dn[X509_NUM_DN_TYPES];
+    char **subject_alt_dnsnames;
+    time_t not_before;
+    time_t not_after;
+    uint8_t *signature;
+    RSA_CTX *rsa_ctx;
+    bigint *digest;
+    uint8_t *fingerprint;
+    uint8_t *spki_sha256;
+    uint16_t sig_len;
+    uint8_t sig_type;
+    bool basic_constraint_present;
+    bool basic_constraint_is_critical;
+    bool key_usage_present;
+    bool key_usage_is_critical;
+    bool subject_alt_name_present;
+    bool subject_alt_name_is_critical;
+    bool basic_constraint_cA;
+    int basic_constraint_pathLenConstraint;
+    uint32_t key_usage;
+    struct _x509_ctx *next;
+};
+
+typedef struct _x509_ctx X509_CTX;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+typedef struct 
+{
+    X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
+} CA_CERT_CTX;
+#endif
+
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
+void x509_free(X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint);
+#endif
+#ifdef CONFIG_SSL_FULL_MODE
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
+const char * x509_display_error(int error, char *buff);
+#endif
+
+/**************************************************************************
+ * ASN1 declarations 
+ **************************************************************************/
+#define ASN1_BOOLEAN            0x01
+#define ASN1_INTEGER            0x02
+#define ASN1_BIT_STRING         0x03
+#define ASN1_OCTET_STRING       0x04
+#define ASN1_NULL               0x05
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_OID                0x06
+#define ASN1_PRINTABLE_STR2     0x0C
+#define ASN1_PRINTABLE_STR      0x13
+#define ASN1_TELETEX_STR        0x14
+#define ASN1_IA5_STR            0x16
+#define ASN1_UTC_TIME           0x17
+#define ASN1_GENERALIZED_TIME   0x18
+#define ASN1_UNICODE_STR        0x1e
+#define ASN1_SEQUENCE           0x30
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_SET                0x31
+#define ASN1_V3_DATA			0xa3
+#define ASN1_IMPLICIT_TAG       0x80
+#define ASN1_CONTEXT_DNSNAME	0x82
+#define ASN1_EXPLICIT_TAG       0xa0
+#define ASN1_V3_DATA			0xa3
+
+#define SIG_TYPE_MD5            0x04
+#define SIG_TYPE_SHA1           0x05
+#define SIG_TYPE_SHA256         0x0b
+#define SIG_TYPE_SHA384         0x0c
+#define SIG_TYPE_SHA512         0x0d
+
+uint32_t get_asn1_length(const uint8_t *buf, int *offset);
+int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
+int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
+int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
+int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
+int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
+int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
+int asn1_version(const uint8_t *cert, int *offset, int *val);
+int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
+int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
+int asn1_compare_dn(char * const dn1[], char * const dn2[]);
+int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
+int asn1_is_basic_constraints(const uint8_t *cert, int offset);
+int asn1_is_key_usage(const uint8_t *cert, int offset);
+bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+int asn1_signature_type(const uint8_t *cert, 
+                                int *offset, X509_CTX *x509_ctx);
+
+/**************************************************************************
+ * MISC declarations 
+ **************************************************************************/
+#define SALT_SIZE               8
+
+extern const char * const unsupported_str;
+
+typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
+typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+typedef void (*hmac_func_v)(const uint8_t **msg, int *length, int count, const uint8_t *key, 
+        int key_len, uint8_t *digest);
+
+
+int get_file(const char *filename, uint8_t **buf);
+
+#if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
+EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
+#else
+    #define print_blob(...)
+#endif
+
+EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
+                    uint8_t *out, int *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c
new file mode 100644
index 0000000000..093ae9c093
--- /dev/null
+++ b/ssl/gen_cert.c
@@ -0,0 +1,374 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+#include <string.h>
+#include <stdlib.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/**
+ * Generate a basic X.509 certificate
+ */
+
+static uint8_t set_gen_length(int len, uint8_t *buf, int *offset)
+{
+    if (len < 0x80) /* short form */
+    {
+        buf[(*offset)++] = len;
+        return 1;
+    }
+    else /* long form */
+    {
+        int i, length_bytes = 0;
+
+        if (len & 0x00FF0000)
+            length_bytes = 3;
+        else if (len & 0x0000FF00)
+            length_bytes = 2;
+        else if (len & 0x000000FF)
+            length_bytes = 1;
+            
+        buf[(*offset)++] = 0x80 + length_bytes;
+
+        for (i = length_bytes-1; i >= 0; i--)
+        {
+            buf[*offset+i] = len & 0xFF;
+            len >>= 8;
+        }
+
+        *offset += length_bytes;
+        return length_bytes+1;
+    }
+}
+
+static int pre_adjust_with_size(uint8_t type,
+        int *seq_offset, uint8_t *buf, int *offset)
+{
+    buf[(*offset)++] = type;
+    *seq_offset = *offset;
+    *offset += 4;   /* fill in later */
+    return *offset;
+}
+
+static void adjust_with_size(int seq_size, int seq_start, 
+                uint8_t *buf, int *offset)
+{
+    uint8_t seq_byte_size; 
+    int orig_seq_size = seq_size;
+    int orig_seq_start = seq_start;
+
+    seq_size = *offset-seq_size;
+    seq_byte_size = set_gen_length(seq_size, buf, &seq_start);
+
+    if (seq_byte_size != 4)
+    {
+        memmove(&buf[orig_seq_start+seq_byte_size], 
+                &buf[orig_seq_size], seq_size);
+        *offset -= 4-seq_byte_size;
+    }
+}
+
+static void gen_serial_number(uint8_t *buf, int *offset)
+{
+    static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F };
+    memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
+    *offset += sizeof(ser_oid);
+}
+
+static void gen_signature_alg(uint8_t *buf, int *offset)
+{
+    /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */
+    static const uint8_t sig_oid[] = 
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, 
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+        ASN1_NULL, 0x00
+    };
+
+    memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
+    *offset += sizeof(sig_oid);
+}
+
+static int gen_dn(const char *name, uint8_t dn_type, 
+                        uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int name_size = strlen(name);
+
+    if (name_size > 0x70)    /* just too big */
+    {
+        ret = X509_NOT_OK;
+        goto error;
+    }
+
+    buf[(*offset)++] = ASN1_SET;
+    set_gen_length(9+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_SEQUENCE;
+    set_gen_length(7+name_size, buf, offset);
+    buf[(*offset)++] = ASN1_OID;
+    buf[(*offset)++] = 3;
+    buf[(*offset)++] = 0x55;
+    buf[(*offset)++] = 0x04;
+    buf[(*offset)++] = dn_type;
+    buf[(*offset)++] = ASN1_PRINTABLE_STR;
+    buf[(*offset)++] = name_size;
+    strcpy((char *)&buf[*offset], name);
+    *offset += name_size;
+
+error:
+    return ret;
+}
+
+static int gen_issuer(const char * dn[], uint8_t *buf, int *offset)
+{
+    int ret = X509_OK;
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    char fqdn[128]; 
+
+    /* we need the common name, so if not configured, work out the fully
+     * qualified domain name */
+    if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
+    {
+        int fqdn_len;
+        gethostname(fqdn, sizeof(fqdn));
+        fqdn_len = strlen(fqdn);
+        fqdn[fqdn_len++] = '.';
+
+        if (getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len) < 0)
+        {
+            ret = X509_NOT_OK;
+            goto error;
+        }
+
+        fqdn_len = strlen(fqdn);
+
+        if (fqdn[fqdn_len-1] == '.')    /* ensure '.' is not last char */
+            fqdn[fqdn_len-1] = 0;
+
+        dn[X509_COMMON_NAME] = fqdn;
+    }
+
+    if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset)))
+        goto error;
+
+    if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))
+            goto error;
+    }
+
+    if (dn[X509_ORGANIZATIONAL_UNIT] != NULL &&
+                                strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
+    {
+        if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 11, buf, offset)))
+            goto error;
+    }
+
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+error:
+    return ret;
+}
+
+static void gen_utc_time(uint8_t *buf, int *offset)
+{
+    static const uint8_t time_seq[] = 
+    {
+        ASN1_SEQUENCE, 30, 
+        ASN1_UTC_TIME, 13, 
+        '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', 
+        ASN1_UTC_TIME, 13,  /* make it good for 30 or so years */
+        '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z'
+    };
+
+    /* fixed time */
+    memcpy(&buf[*offset], time_seq, sizeof(time_seq));
+    *offset += sizeof(time_seq);
+}
+
+static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    static const uint8_t pub_key_seq[] =
+    {
+        ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */
+    };
+
+    int seq_offset;
+    int pub_key_size = rsa_ctx->num_octets;
+    uint8_t *block = (uint8_t *)malloc(pub_key_size);
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+    buf[(*offset)++] = ASN1_INTEGER;
+    bi_export(rsa_ctx->bi_ctx, rsa_ctx->m, block, pub_key_size);
+
+    if (*block & 0x80)  /* make integer positive */
+    {
+        set_gen_length(pub_key_size+1, buf, offset);
+        buf[(*offset)++] = 0;
+    }
+    else
+        set_gen_length(pub_key_size, buf, offset);
+
+    memcpy(&buf[*offset], block, pub_key_size);
+    free(block);
+    *offset += pub_key_size;
+    memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
+    *offset += sizeof(pub_key_seq);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_BIT_STRING, &seq_offset, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    gen_pub_key2(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset)
+{
+    /*  OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */
+    static const uint8_t rsa_enc_oid[] =
+    {
+        ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
+        ASN1_NULL, 0x00
+    };
+
+    int seq_offset;
+    int seq_size = pre_adjust_with_size(
+                            ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
+    *offset += sizeof(rsa_enc_oid);
+    gen_pub_key1(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+}
+
+static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, 
+                        uint8_t *buf, int *offset)
+{
+    static const uint8_t asn1_sig[] = 
+    {
+        ASN1_SEQUENCE,  0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, 
+        0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */
+        ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 
+    };
+
+    uint8_t *enc_block = (uint8_t *)malloc(rsa_ctx->num_octets);
+    uint8_t *block = (uint8_t *)malloc(sizeof(asn1_sig) + SHA1_SIZE);
+    int sig_size;
+
+    /* add the digest as an embedded asn.1 sequence */
+    memcpy(block, asn1_sig, sizeof(asn1_sig));
+    memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
+
+    sig_size = RSA_encrypt(rsa_ctx, block, 
+                            sizeof(asn1_sig) + SHA1_SIZE, enc_block, 1);
+
+    buf[(*offset)++] = ASN1_BIT_STRING;
+    set_gen_length(sig_size+1, buf, offset);
+    buf[(*offset)++] = 0;   /* bit string is multiple of 8 */
+    memcpy(&buf[*offset], enc_block, sig_size);
+    free(enc_block);
+    free(block);
+    *offset += sig_size;
+}
+
+static int gen_tbs_cert(const char * dn[],
+                    const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset,
+                    uint8_t *sha_dgst)
+{
+    int ret = X509_OK;
+    SHA1_CTX sha_ctx;
+    int seq_offset;
+    int begin_tbs = *offset;
+    int seq_size = pre_adjust_with_size(
+                        ASN1_SEQUENCE, &seq_offset, buf, offset);
+
+    gen_serial_number(buf, offset);
+    gen_signature_alg(buf, offset);
+
+    /* CA certicate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_utc_time(buf, offset);
+
+    /* certificate issuer */
+    if ((ret = gen_issuer(dn, buf, offset)))
+        goto error;
+
+    gen_pub_key(rsa_ctx, buf, offset);
+    adjust_with_size(seq_size, seq_offset, buf, offset);
+
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, &buf[begin_tbs], *offset-begin_tbs);
+    SHA1_Final(sha_dgst, &sha_ctx);
+
+error:
+    return ret;
+}
+
+/**
+ * Create a new certificate.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data)
+{
+    int ret = X509_OK, offset = 0, seq_offset;
+    /* allocate enough space to load a new certificate */
+    uint8_t *buf = (uint8_t *)malloc(ssl_ctx->rsa_ctx->num_octets*2 + 512);
+    uint8_t sha_dgst[SHA1_SIZE];
+    int seq_size = pre_adjust_with_size(ASN1_SEQUENCE, 
+                                    &seq_offset, buf, &offset);
+
+    if ((ret = gen_tbs_cert(dn, ssl_ctx->rsa_ctx, buf, &offset, sha_dgst)) < 0)
+        goto error;
+
+    gen_signature_alg(buf, &offset);
+    gen_signature(ssl_ctx->rsa_ctx, sha_dgst, buf, &offset);
+    adjust_with_size(seq_size, seq_offset, buf, &offset);
+    *cert_data = (uint8_t *)malloc(offset); /* create the exact memory for it */
+    memcpy(*cert_data, buf, offset);
+
+error:
+    free(buf);
+    return ret < 0 ? ret : offset;
+}
+
+#endif
+
diff --git a/ssl/loader.c b/ssl/loader.c
new file mode 100644
index 0000000000..3d07323900
--- /dev/null
+++ b/ssl/loader.c
@@ -0,0 +1,490 @@
+/*
+ * Copyright (c) 2007-2014, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Load certificates/keys into memory. These can be in many different formats.
+ * PEM support and other formats can be processed here.
+ *
+ * The PEM private keys may be optionally encrypted with AES128 or AES256. 
+ * The encrypted PEM keys were generated with something like:
+ *
+ * openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password);
+#ifdef CONFIG_SSL_HAS_PEM
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password);
+#endif
+
+/*
+ * Load a file into memory that is in binary DER (or ascii PEM) format.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, 
+                            const char *filename, const char *password)
+{
+#ifndef CONFIG_SSL_SKELETON_MODE
+    static const char * const begin = "-----BEGIN";
+    int ret = SSL_OK;
+    SSLObjLoader *ssl_obj = NULL;
+
+    if (filename == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->len = get_file(filename, &ssl_obj->buf); 
+    if (ssl_obj->len <= 0)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    /* is the file a PEM file? */
+    if (strstr((char *)ssl_obj->buf, begin) != NULL)
+    {
+#ifdef CONFIG_SSL_HAS_PEM
+        ret = ssl_obj_PEM_load(ssl_ctx, obj_type, ssl_obj, password);
+#else
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("%s", unsupported_str);
+#endif
+        ret = SSL_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    else
+        ret = do_obj(ssl_ctx, obj_type, ssl_obj, password);
+
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+#else
+#ifdef CONFIG_SSL_FULL_MODE
+    printf("%s", unsupported_str);
+#endif
+    return SSL_ERROR_NOT_SUPPORTED;
+#endif /* CONFIG_SSL_SKELETON_MODE */
+}
+
+/*
+ * Transfer binary data into the object loader.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int mem_type, 
+        const uint8_t *data, int len, const char *password)
+{
+    int ret;
+    SSLObjLoader *ssl_obj;
+
+    ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+    ssl_obj->buf = (uint8_t *)malloc(len);
+    memcpy(ssl_obj->buf, data, len);
+    ssl_obj->len = len;
+    ret = do_obj(ssl_ctx, mem_type, ssl_obj, password);
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Actually work out what we are doing 
+ */
+static int do_obj(SSL_CTX *ssl_ctx, int obj_type, 
+                    SSLObjLoader *ssl_obj, const char *password)
+{
+    int ret = SSL_OK;
+
+    switch (obj_type)
+    {
+        case SSL_OBJ_RSA_KEY:
+            ret = add_private_key(ssl_ctx, ssl_obj);
+            break;
+
+        case SSL_OBJ_X509_CERT:
+            ret = add_cert(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_OBJ_X509_CACERT:
+            add_cert_auth(ssl_ctx, ssl_obj->buf, ssl_obj->len);
+            break;
+#endif
+
+#ifdef CONFIG_SSL_USE_PKCS12
+        case SSL_OBJ_PKCS8:
+            ret = pkcs8_decode(ssl_ctx, ssl_obj, password);
+            break;
+
+        case SSL_OBJ_PKCS12:
+            ret = pkcs12_decode(ssl_ctx, ssl_obj, password);
+            break;
+#endif
+        default:
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("%s", unsupported_str);
+#endif
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Clean up our mess.
+ */
+void ssl_obj_free(SSLObjLoader *ssl_obj)
+{
+    if (ssl_obj)
+    {
+        free(ssl_obj->buf);
+        free(ssl_obj);
+    }
+}
+
+/*
+ * Support for PEM encoded keys/certificates.
+ */
+#ifdef CONFIG_SSL_HAS_PEM
+
+#define NUM_PEM_TYPES               4
+#define IV_SIZE                     16
+#define IS_RSA_PRIVATE_KEY          0
+#define IS_ENCRYPTED_PRIVATE_KEY    1
+#define IS_PRIVATE_KEY              2
+#define IS_CERTIFICATE              3
+
+static const char * const begins[NUM_PEM_TYPES] =
+{
+    "-----BEGIN RSA PRIVATE KEY-----",
+    "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+    "-----BEGIN PRIVATE KEY-----",
+    "-----BEGIN CERTIFICATE-----",
+};
+
+static const char * const ends[NUM_PEM_TYPES] =
+{
+    "-----END RSA PRIVATE KEY-----",
+    "-----END ENCRYPTED PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----",
+    "-----END CERTIFICATE-----",
+};
+
+static const char * const aes_str[2] =
+{
+    "DEK-Info: AES-128-CBC,",
+    "DEK-Info: AES-256-CBC," 
+};
+
+/**
+ * Take a base64 blob of data and decrypt it (using AES) into its 
+ * proper ASN.1 form.
+ */
+static int pem_decrypt(const char *where, const char *end,
+                        const char *password, SSLObjLoader *ssl_obj)
+{
+    int ret = -1;
+    int is_aes_256 = 0;
+    char *start = NULL;
+    uint8_t iv[IV_SIZE];
+    int i, pem_size;
+    MD5_CTX md5_ctx;
+    AES_CTX aes_ctx;
+    uint8_t key[32];        /* AES256 size */
+
+    if (password == NULL || strlen(password) == 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Need a password for this PEM file\n");
+#endif
+        goto error;
+    }
+
+    if ((start = strstr((const char *)where, aes_str[0])))         /* AES128? */
+    {
+        start += strlen(aes_str[0]);
+    }
+    else if ((start = strstr((const char *)where, aes_str[1])))    /* AES256? */
+    {
+        is_aes_256 = 1;
+        start += strlen(aes_str[1]);
+    }
+    else 
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Unsupported password cipher\n");
+#endif
+        goto error;
+    }
+
+    /* convert from hex to binary - assumes uppercase hex */
+    for (i = 0; i < IV_SIZE; i++)
+    {
+        char c = *start++ - '0';
+        iv[i] = (c > 9 ? c + '0' - 'A' + 10 : c) << 4;
+        c = *start++ - '0';
+        iv[i] += (c > 9 ? c + '0' - 'A' + 10 : c);
+    }
+
+    while (*start == '\r' || *start == '\n')
+        start++;
+
+    /* turn base64 into binary */
+    pem_size = (int)(end-start);
+    if (base64_decode(start, pem_size, ssl_obj->buf, &ssl_obj->len) != 0)
+        goto error;
+
+    /* work out the key */
+    MD5_Init(&md5_ctx);
+    MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+    MD5_Update(&md5_ctx, iv, SALT_SIZE);
+    MD5_Final(key, &md5_ctx);
+
+    if (is_aes_256)
+    {
+        MD5_Init(&md5_ctx);
+        MD5_Update(&md5_ctx, key, MD5_SIZE);
+        MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
+        MD5_Update(&md5_ctx, iv, SALT_SIZE);
+        MD5_Final(&key[MD5_SIZE], &md5_ctx);
+    }
+
+    /* decrypt using the key/iv */
+    AES_set_key(&aes_ctx, key, iv, is_aes_256 ? AES_MODE_256 : AES_MODE_128);
+    AES_convert_key(&aes_ctx);
+    AES_cbc_decrypt(&aes_ctx, ssl_obj->buf, ssl_obj->buf, ssl_obj->len);
+    ret = 0;
+
+error:
+    return ret; 
+}
+
+/**
+ * Take a base64 blob of data and turn it into its proper ASN.1 form.
+ */
+static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where, 
+                    int remain, const char *password)
+{
+    int ret = SSL_ERROR_BAD_CERTIFICATE;
+    SSLObjLoader *ssl_obj = NULL;
+
+    while (remain > 0)
+    {
+        int i, pem_size, obj_type;
+        char *start = NULL, *end = NULL;
+
+        for (i = 0; i < NUM_PEM_TYPES; i++)
+        {
+            if ((start = strstr(where, begins[i])) &&
+                    (end = strstr(where, ends[i])))
+            {
+                remain -= (int)(end-where);
+                start += strlen(begins[i]);
+                pem_size = (int)(end-start);
+
+                ssl_obj = (SSLObjLoader *)calloc(1, sizeof(SSLObjLoader));
+
+                /* 4/3 bigger than what we need but so what */
+                ssl_obj->buf = (uint8_t *)calloc(1, pem_size);
+                ssl_obj->len = pem_size;
+
+                if (i == IS_RSA_PRIVATE_KEY && 
+                            strstr(start, "Proc-Type:") && 
+                            strstr(start, "4,ENCRYPTED"))
+                {
+                    /* check for encrypted PEM file */
+                    if (pem_decrypt(start, end, password, ssl_obj) < 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+                else 
+                {
+                    ssl_obj->len = pem_size;
+                    if (base64_decode(start, pem_size, 
+                                ssl_obj->buf, &ssl_obj->len) != 0)
+                    {
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                    }
+                }
+
+                switch (i)
+                {
+                    case IS_RSA_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_RSA_KEY;
+                        break;
+
+                    case IS_ENCRYPTED_PRIVATE_KEY:
+                    case IS_PRIVATE_KEY:
+                        obj_type = SSL_OBJ_PKCS8;
+                        break;
+
+                    case IS_CERTIFICATE:
+                        obj_type = is_cacert ?
+                                        SSL_OBJ_X509_CACERT : SSL_OBJ_X509_CERT;
+                        break;
+
+                    default:
+                        ret = SSL_ERROR_BAD_CERTIFICATE;
+                        goto error;
+                }
+
+                /* In a format we can now understand - so process it */
+                if ((ret = do_obj(ssl_ctx, obj_type, ssl_obj, password)))
+                    goto error;
+
+                end += strlen(ends[i]);
+                remain -= strlen(ends[i]);
+                while (remain > 0 && (*end == '\r' || *end == '\n'))
+                {
+                    end++;
+                    remain--;
+                }
+
+                where = end;
+                break;
+            }
+        }
+
+        ssl_obj_free(ssl_obj);
+        ssl_obj = NULL;
+        if (start == NULL)
+           break;
+    }
+error:
+    ssl_obj_free(ssl_obj);
+    return ret;
+}
+
+/*
+ * Load a file into memory that is in ASCII PEM format.
+ */
+static int ssl_obj_PEM_load(SSL_CTX *ssl_ctx, int obj_type, 
+                        SSLObjLoader *ssl_obj, const char *password)
+{
+    char *start;
+
+    /* add a null terminator */
+    ssl_obj->len++;
+    ssl_obj->buf = (uint8_t *)realloc(ssl_obj->buf, ssl_obj->len);
+    ssl_obj->buf[ssl_obj->len-1] = 0;
+    start = (char *)ssl_obj->buf;
+    return new_pem_obj(ssl_ctx, obj_type == SSL_OBJ_X509_CACERT,
+                                start, ssl_obj->len, password);
+}
+#endif /* CONFIG_SSL_HAS_PEM */
+
+/**
+ * Load the key/certificates in memory depending on compile-time and user
+ * options. 
+ */
+int load_key_certs(SSL_CTX *ssl_ctx)
+{
+    int ret = SSL_OK;
+    uint32_t options = ssl_ctx->options;
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    uint8_t *cert_data = NULL;
+    int cert_size;
+    static const char *dn[] = 
+    {
+        CONFIG_SSL_X509_COMMON_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_NAME,
+        CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME
+    };
+#endif
+
+    /* do the private key first */
+    if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, 
+                                CONFIG_SSL_PRIVATE_KEY_LOCATION,
+                                CONFIG_SSL_PRIVATE_KEY_PASSWORD)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        extern const unsigned char* default_private_key;
+        extern const unsigned int default_private_key_len;
+        if (default_private_key != NULL && default_private_key_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_RSA_KEY, default_private_key,
+                default_private_key_len, NULL);
+#endif
+    }
+
+    /* now load the certificate */
+#ifdef CONFIG_SSL_GENERATE_X509_CERT 
+    if ((cert_size = ssl_x509_create(ssl_ctx, 0, dn, &cert_data)) < 0)
+    {
+        ret = cert_size;
+        goto error;
+    }
+
+    ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT, cert_data, cert_size, NULL);
+    free(cert_data);
+#else
+    if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                                CONFIG_SSL_X509_CERT_LOCATION, NULL)) < 0)
+            goto error;
+    }
+    else if (!(options & SSL_NO_DEFAULT_KEY))
+    {
+#if defined(CONFIG_SSL_USE_DEFAULT_KEY) || defined(CONFIG_SSL_SKELETON_MODE)
+        extern const unsigned char* default_certificate;
+        extern const unsigned int default_certificate_len;
+        if (default_certificate != NULL && default_certificate_len > 0)
+            ssl_obj_memory_load(ssl_ctx, SSL_OBJ_X509_CERT,
+                    default_certificate, default_certificate_len, NULL);
+#endif
+    }
+#endif
+
+error:
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ret)
+    {
+        printf("Error: Certificate or key not loaded\n");
+    }
+#endif
+
+    return ret;
+
+}
diff --git a/ssl/openssl.c b/ssl/openssl.c
new file mode 100644
index 0000000000..d0343e5680
--- /dev/null
+++ b/ssl/openssl.c
@@ -0,0 +1,318 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Enable a subset of openssl compatible functions. We don't aim to be 100%
+ * compatible - just to be able to do basic ports etc.
+ *
+ * Only really tested on mini_httpd, so I'm not too sure how extensive this
+ * port is.
+ */
+
+#include "config.h"
+
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#define OPENSSL_CTX_ATTR  ((OPENSSL_CTX *)ssl_ctx->bonus_attr)
+
+static char *key_password = NULL;
+
+void *SSLv3_server_method(void) { return NULL; }
+void *TLSv1_server_method(void) { return NULL; }
+void *SSLv3_client_method(void) { return NULL; }
+void *TLSv1_client_method(void) { return NULL; }
+
+typedef void * (*ssl_func_type_t)(void);
+typedef void * (*bio_func_type_t)(void);
+
+typedef struct
+{
+    ssl_func_type_t ssl_func_type;
+} OPENSSL_CTX;
+
+SSL_CTX * SSL_CTX_new(ssl_func_type_t meth)
+{
+    SSL_CTX *ssl_ctx = ssl_ctx_new(0, 5);
+    ssl_ctx->bonus_attr = malloc(sizeof(OPENSSL_CTX));
+    OPENSSL_CTX_ATTR->ssl_func_type = meth;
+    return ssl_ctx;
+}
+
+void SSL_CTX_free(SSL_CTX * ssl_ctx)
+{
+    free(ssl_ctx->bonus_attr);
+    ssl_ctx_free(ssl_ctx);
+}
+
+SSL * SSL_new(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    ssl_func_type_t ssl_func_type = OPENSSL_CTX_ATTR->ssl_func_type;
+#endif
+
+    ssl = ssl_new(ssl_ctx, -1);        /* fd is set later */
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (ssl_func_type == SSLv3_client_method ||
+        ssl_func_type == TLSv1_client_method)
+    {
+        SET_SSL_FLAG(SSL_IS_CLIENT);
+    }
+    else
+#endif
+    {
+        ssl->next_state = HS_CLIENT_HELLO;
+    }
+
+    return ssl;
+}
+
+int SSL_set_fd(SSL *s, int fd)
+{
+    s->client_fd = fd;
+    return 1;   /* always succeeds */
+}
+
+int SSL_accept(SSL *ssl)
+{
+    while (ssl_read(ssl, NULL) == SSL_OK)
+    {
+        if (ssl->next_state == HS_CLIENT_HELLO)
+            return 1;   /* we're done */
+    }
+
+    return -1;
+}
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int SSL_connect(SSL *ssl)
+{
+    return do_client_connect(ssl) == SSL_OK ? 1 : -1;
+}
+#endif
+
+void SSL_free(SSL *ssl)
+{
+    ssl_free(ssl);
+}
+
+int SSL_read(SSL *ssl, void *buf, int num)
+{
+    uint8_t *read_buf;
+    int ret;
+
+    while ((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
+
+    if (ret > SSL_OK)
+    {
+        memcpy(buf, read_buf, ret > num ? num : ret);
+    }
+
+    return ret;
+}
+
+int SSL_write(SSL *ssl, const void *buf, int num)
+{
+    return ssl_write(ssl, buf, num);
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ssl_ctx, const char *file, int type)
+{
+    return (ssl_obj_load(ssl_ctx, SSL_OBJ_RSA_KEY, file, key_password) == SSL_OK);
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ssl_ctx, int len, const uint8_t *d)
+{
+    return (ssl_obj_memory_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, d, len, NULL) == SSL_OK);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                            unsigned int sid_ctx_len)
+{
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ssl_ctx, const char *file)
+{
+    return (ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, file, NULL) == SSL_OK);
+}
+
+int SSL_shutdown(SSL *ssl)
+{
+    return 1;
+}
+
+/*** get/set session ***/
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+{
+    return (SSL_SESSION *)ssl_get_session_id(ssl); /* note: wrong cast */
+}
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session)
+{
+    memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
+    return 1;
+}
+
+void SSL_SESSION_free(SSL_SESSION *session) { }
+/*** end get/set session ***/
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return 0;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                                 int (*verify_callback)(int, void *)) { }
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) { }
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                           const char *CApath)
+{
+    return 1;
+}
+
+void *SSL_load_client_CA_file(const char *file)
+{
+    return (void *)file;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ssl_ctx, void *file) 
+{ 
+
+    ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, (const char *)file, NULL);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, void *cb) { }
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) 
+{ 
+    key_password = (char *)u;
+}
+
+int SSL_peek(SSL *ssl, void *buf, int num)
+{
+    memcpy(buf, ssl->bm_data, num);
+    return num;
+}
+
+void SSL_set_bio(SSL *ssl, void *rbio, void *wbio) { }
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl_handshake_status(ssl);
+}
+
+int SSL_state(SSL *ssl)
+{
+    return 0x03; // ok state
+}
+
+/** end of could do better list */
+
+void *SSL_get_peer_certificate(const SSL *ssl)
+{
+    return &ssl->ssl_ctx->certs[0];
+}
+
+int SSL_clear(SSL *ssl)
+{
+    return 1;
+}
+
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    return 1;
+}
+
+int SSL_CTX_set_cipher_list(SSL *s, const char *str)
+{
+    return 1;
+}
+
+int SSL_get_error(const SSL *ssl, int ret)
+{
+    ssl_display_error(ret);
+    return 0;   /* TODO: return proper return code */
+}
+
+void SSL_CTX_set_options(SSL_CTX *ssl_ctx, int option) {}
+int SSL_library_init(void ) { return 1; }
+void SSL_load_error_strings(void ) {}
+void ERR_print_errors_fp(FILE *fp) {}
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+long SSL_CTX_get_timeout(const SSL_CTX *ssl_ctx) { 
+                            return CONFIG_SSL_EXPIRY_TIME*3600; }
+long SSL_CTX_set_timeout(SSL_CTX *ssl_ctx, long t) { 
+                            return SSL_CTX_get_timeout(ssl_ctx); }
+#endif
+void BIO_printf(FILE *f, const char *format, ...)
+{
+    va_list(ap);
+    va_start(ap, format);
+    vfprintf(f, format, ap);
+    va_end(ap);
+}
+
+void* BIO_s_null(void) { return NULL; }
+FILE *BIO_new(bio_func_type_t func)
+{
+    if (func == BIO_s_null)
+        return fopen("/dev/null", "r");
+    else
+        return NULL;
+}
+
+FILE *BIO_new_fp(FILE *stream, int close_flag) { return stream; }
+int BIO_free(FILE *a) { if (a != stdout && a != stderr) fclose(a); return 1; }
+
+
+
+#endif
diff --git a/ssl/os_int.h b/ssl/os_int.h
new file mode 100644
index 0000000000..a6207f1d42
--- /dev/null
+++ b/ssl/os_int.h
@@ -0,0 +1,8 @@
+#ifndef OS_INT_H
+#define OS_INT_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+#endif //OS_INT_H
\ No newline at end of file
diff --git a/ssl/os_port.c b/ssl/os_port.c
new file mode 100644
index 0000000000..060bc073a5
--- /dev/null
+++ b/ssl/os_port.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.c
+ *
+ * OS specific functions.
+ */
+#include <time.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <string.h>
+#include "os_port.h"
+
+#ifdef WIN32
+/**
+ * gettimeofday() not in Win32
+ */
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t, void* timezone)
+{
+#if defined(_WIN32_WCE)
+    t->tv_sec = time(NULL);
+    t->tv_usec = 0;                         /* 1sec precision only */
+#else
+    struct _timeb timebuffer;
+    _ftime(&timebuffer);
+    t->tv_sec = (long)timebuffer.time;
+    t->tv_usec = 1000 * timebuffer.millitm; /* 1ms precision */
+#endif
+}
+
+/**
+ * strcasecmp() not in Win32
+ */
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2)
+{
+    while (tolower(*s1) == tolower(*s2++))
+    {
+        if (*s1++ == '\0')
+        {
+            return 0;
+        }
+    }
+
+    return *(unsigned char *)s1 - *(unsigned char *)(s2 - 1);
+}
+
+
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size)
+{
+    HKEY hKey;
+    unsigned long datatype;
+    unsigned long bufferlength = buf_size;
+
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+            TEXT("SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"),
+                        0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
+        return -1;
+
+    RegQueryValueEx(hKey, "Domain", NULL, &datatype, buf, &bufferlength);
+    RegCloseKey(hKey);
+    return 0;
+}
+#endif
+
diff --git a/ssl/os_port.h b/ssl/os_port.h
new file mode 100644
index 0000000000..ded2c4878f
--- /dev/null
+++ b/ssl/os_port.h
@@ -0,0 +1,283 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors
+ *   may be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file os_port.h
+ *
+ * Some stuff to minimise the differences between windows and linux/unix
+ */
+
+#ifndef HEADER_OS_PORT_H
+#define HEADER_OS_PORT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "os_int.h"
+#include "config.h"
+#include <stdio.h>
+
+#ifdef WIN32
+#define STDCALL                 __stdcall
+#define EXP_FUNC                __declspec(dllexport)
+#else
+#define STDCALL
+#define EXP_FUNC
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WIN32
+#define WIN32
+#endif
+
+#if defined(ESP8266)
+
+#include "util/time.h"
+#include <errno.h>
+#define alloca(size) __builtin_alloca(size)
+#define TTY_FLUSH()
+#ifdef putc
+#undef putc
+#endif
+#define putc(x, f)   ets_putc(x)
+
+#define SOCKET_READ(A,B,C)      ax_port_read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     ax_port_write(A,B,C)
+#define SOCKET_CLOSE(A)         ax_port_close(A)
+#define get_file                ax_get_file
+#define EWOULDBLOCK EAGAIN
+
+#define hmac_sha1 ax_hmac_sha1
+#define hmac_sha256 ax_hmac_sha256
+#define hmac_md5 ax_hmac_md5
+
+#ifndef be64toh
+# define __bswap_constant_64(x) \
+     ((((x) & 0xff00000000000000ull) >> 56)                                   \
+      | (((x) & 0x00ff000000000000ull) >> 40)                                 \
+      | (((x) & 0x0000ff0000000000ull) >> 24)                                 \
+      | (((x) & 0x000000ff00000000ull) >> 8)                                  \
+      | (((x) & 0x00000000ff000000ull) << 8)                                  \
+      | (((x) & 0x0000000000ff0000ull) << 24)                                 \
+      | (((x) & 0x000000000000ff00ull) << 40)                                 \
+      | (((x) & 0x00000000000000ffull) << 56))
+#define be64toh(x) __bswap_constant_64(x)
+#endif
+
+void ax_wdt_feed();
+
+#ifndef PROGMEM
+#define PROGMEM __attribute__((aligned(4))) __attribute__((section(".irom.text")))
+#endif
+
+#ifndef WITH_PGM_READ_HELPER
+#define ax_array_read_u8(x, y) x[y]
+#else
+
+static inline uint8_t pgm_read_byte(const void* addr) {
+  register uint32_t res;
+  __asm__("extui    %0, %1, 0, 2\n"     /* Extract offset within word (in bytes) */
+      "sub      %1, %1, %0\n"       /* Subtract offset from addr, yielding an aligned address */
+      "l32i.n   %1, %1, 0x0\n"      /* Load word from aligned address */
+      "slli     %0, %0, 3\n"        /* Multiply offset by 8, yielding an offset in bits */
+      "ssr      %0\n"               /* Prepare to shift by offset (in bits) */
+      "srl      %0, %1\n"           /* Shift right; now the requested byte is the first one */
+      :"=r"(res), "=r"(addr)
+      :"1"(addr)
+      :);
+  return (uint8_t) res;     /* This masks the lower byte from the returned word */
+}
+
+#define ax_array_read_u8(x, y) pgm_read_byte((x)+(y))
+#endif //WITH_PGM_READ_HELPER
+
+#ifdef printf
+#undef printf
+#endif
+//#define printf(...)  ets_printf(__VA_ARGS__)
+#define PSTR(s) (__extension__({static const char __c[] PROGMEM = (s); &__c[0];}))
+#define PGM_VOID_P const void *
+static inline void* memcpy_P(void* dest, PGM_VOID_P src, size_t count) {
+    const uint8_t* read = (const uint8_t*)(src);
+    uint8_t* write = (uint8_t*)(dest);
+
+    while (count)
+    {
+        *write++ = pgm_read_byte(read++);
+        count--;
+    }
+
+    return dest;
+}
+#define printf(fmt, ...) do { static const char fstr[] PROGMEM = fmt; char rstr[sizeof(fmt)]; memcpy_P(rstr, fstr, sizeof(rstr)); ets_printf(rstr, ##__VA_ARGS__); } while (0)
+#define strcpy_P(dst, src) do { static const char fstr[] PROGMEM = src; memcpy_P(dst, fstr, sizeof(src)); } while (0)
+
+#elif defined(WIN32)
+
+/* Windows CE stuff */
+#if defined(_WIN32_WCE)
+#include <basetsd.h>
+#define abort()                 exit(1)
+#else
+#include <io.h>
+#include <process.h>
+#include <sys/timeb.h>
+#include <fcntl.h>
+#endif      /* _WIN32_WCE */
+
+#include <winsock.h>
+#include <direct.h>
+#undef getpid
+#undef open
+#undef close
+#undef sleep
+#undef gettimeofday
+#undef dup2
+#undef unlink
+
+#define SOCKET_READ(A,B,C)      recv(A,B,C,0)
+#define SOCKET_WRITE(A,B,C)     send(A,B,C,0)
+#define SOCKET_CLOSE(A)         closesocket(A)
+#define srandom(A)              srand(A)
+#define random()                rand()
+#define getpid()                _getpid()
+#define snprintf                _snprintf
+#define open(A,B)               _open(A,B)
+#define dup2(A,B)               _dup2(A,B)
+#define unlink(A)               _unlink(A)
+#define close(A)                _close(A)
+#define read(A,B,C)             _read(A,B,C)
+#define write(A,B,C)            _write(A,B,C)
+#define sleep(A)                Sleep(A*1000)
+#define usleep(A)               Sleep(A/1000)
+#define strdup(A)               _strdup(A)
+#define chroot(A)               _chdir(A)
+#define chdir(A)                _chdir(A)
+#define alloca(A)               _alloca(A)
+#ifndef lseek
+#define lseek(A,B,C)            _lseek(A,B,C)
+#endif
+
+/* This fix gets around a problem where a win32 application on a cygwin xterm
+   doesn't display regular output (until a certain buffer limit) - but it works
+   fine under a normal DOS window. This is a hack to get around the issue -
+   see http://www.khngai.com/emacs/tty.php  */
+#define TTY_FLUSH()             if (!_isatty(_fileno(stdout))) fflush(stdout);
+
+/*
+ * automatically build some library dependencies.
+ */
+#pragma comment(lib, "WS2_32.lib")
+#pragma comment(lib, "AdvAPI32.lib")
+
+typedef int socklen_t;
+
+EXP_FUNC void STDCALL gettimeofday(struct timeval* t,void* timezone);
+EXP_FUNC int STDCALL strcasecmp(const char *s1, const char *s2);
+EXP_FUNC int STDCALL getdomainname(char *buf, int buf_size);
+
+#else   /* Not Win32 */
+
+#include <unistd.h>
+#include <pwd.h>
+#include <netdb.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <asm/byteorder.h>
+
+#define SOCKET_READ(A,B,C)      read(A,B,C)
+#define SOCKET_WRITE(A,B,C)     write(A,B,C)
+#define SOCKET_CLOSE(A)         if (A >= 0) close(A)
+#define TTY_FLUSH()
+
+#ifndef be64toh
+#define be64toh(x) __be64_to_cpu(x)
+#endif
+
+#endif  /* Not Win32 */
+
+/* some functions to mutate the way these work */
+inline uint32_t htonl(uint32_t n){
+  return ((n & 0xff) << 24) |
+    ((n & 0xff00) << 8) |
+    ((n & 0xff0000UL) >> 8) |
+    ((n & 0xff000000UL) >> 24);
+}
+
+#define ntohl htonl
+
+EXP_FUNC int STDCALL ax_open(const char *pathname, int flags); 
+
+#ifdef CONFIG_PLATFORM_LINUX
+void exit_now(const char *format, ...) __attribute((noreturn));
+#else
+void exit_now(const char *format, ...);
+#endif
+
+/* Mutexing definitions */
+#if defined(CONFIG_SSL_CTX_MUTEXING)
+#if defined(WIN32)
+#define SSL_CTX_MUTEX_TYPE          HANDLE
+#define SSL_CTX_MUTEX_INIT(A)       A=CreateMutex(0, FALSE, 0)
+#define SSL_CTX_MUTEX_DESTROY(A)    CloseHandle(A)
+#define SSL_CTX_LOCK(A)             WaitForSingleObject(A, INFINITE)
+#define SSL_CTX_UNLOCK(A)           ReleaseMutex(A)
+#else
+#include <pthread.h>
+#define SSL_CTX_MUTEX_TYPE          pthread_mutex_t
+#define SSL_CTX_MUTEX_INIT(A)       pthread_mutex_init(&A, NULL)
+#define SSL_CTX_MUTEX_DESTROY(A)    pthread_mutex_destroy(&A)
+#define SSL_CTX_LOCK(A)             pthread_mutex_lock(&A)
+#define SSL_CTX_UNLOCK(A)           pthread_mutex_unlock(&A)
+#endif
+#else   /* no mutexing */
+#define SSL_CTX_MUTEX_INIT(A)
+#define SSL_CTX_MUTEX_DESTROY(A)
+#define SSL_CTX_LOCK(A)
+#define SSL_CTX_UNLOCK(A)
+#endif
+
+#ifndef PROGMEM
+#define PROGMEM
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/p12.c b/ssl/p12.c
new file mode 100644
index 0000000000..5bd2394626
--- /dev/null
+++ b/ssl/p12.c
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 2007, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Process PKCS#8/PKCS#12 keys.
+ *
+ * The decoding of a PKCS#12 key is fairly specific - this code was tested on a
+ * key generated with:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 
+ * -name "p12_withoutCA" -out axTLS.withoutCA.p12 -password pass:abcd
+ *
+ * or with a certificate chain:
+ *
+ * openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem
+ * -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe
+ * PBE-SHA1-RC4-128 -name "p12_withCA" -out axTLS.withCA.p12 -password pass:abcd
+ *
+ * Note that the PBE has to be specified with PBE-SHA1-RC4-128. The
+ * private/public keys/certs have to use RSA encryption. Both the integrity
+ * and privacy passwords are the same.
+ *
+ * The PKCS#8 files were generated with something like:
+ *
+ * PEM format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1
+ * PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+ *
+ * DER format:
+ * openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER
+ * -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* all commented out if not used */
+#ifdef CONFIG_SSL_USE_PKCS12
+
+#define BLOCK_SIZE          64
+#define PKCS12_KEY_ID       1
+#define PKCS12_IV_ID        2
+#define PKCS12_MAC_ID       3
+
+static char *make_uni_pass(const char *password, int *uni_pass_len);
+static int p8_decrypt(const char *uni_pass, int uni_pass_len, 
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id);
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key);
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations);
+
+/*
+ * Take a raw pkcs8 block and then decrypt it and turn it into a normal key.
+ */
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, offset = 0;
+    int iterations;
+    int ret = SSL_NOT_OK;
+    uint8_t *version = NULL;
+    const uint8_t *salt;
+    uint8_t *priv_key;
+    int uni_pass_len;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p8 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    /* unencrypted key? */
+    if (asn1_get_big_int(buf, &offset, &version) > 0 && *version == 0)
+    {
+        ret = p8_add_key(ssl_ctx, buf);
+        goto error;
+    }
+
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0)
+        goto error;
+
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    priv_key = &buf[offset];
+
+    p8_decrypt(uni_pass, uni_pass_len, salt, 
+                        iterations, priv_key, len, PKCS12_KEY_ID);
+    ret = p8_add_key(ssl_ctx, priv_key);
+
+error:
+    free(version);
+    free(uni_pass);
+    return ret;
+}
+
+/*
+ * Take the unencrypted pkcs8 and turn it into a private key 
+ */
+static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
+{
+    uint8_t *buf = priv_key;
+    int len, offset = 0;
+    int ret = SSL_NOT_OK;
+
+    /* Skip the preamble and go straight to the private key.
+       We only support rsaEncryption (1.2.840.113549.1.1.1)  */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
+
+error:
+    return ret;
+}
+
+/*
+ * Create the unicode password 
+ */
+static char *make_uni_pass(const char *password, int *uni_pass_len)
+{
+    int pass_len = 0, i;
+    char *uni_pass;
+
+    if (password == NULL)
+    {
+        password = "";
+    }
+
+    uni_pass = (char *)malloc((strlen(password)+1)*2);
+
+    /* modify the password into a unicode version */
+    for (i = 0; i < (int)strlen(password); i++)
+    {
+        uni_pass[pass_len++] = 0;
+        uni_pass[pass_len++] = password[i];
+    }
+
+    uni_pass[pass_len++] = 0;       /* null terminate */
+    uni_pass[pass_len++] = 0;
+    *uni_pass_len = pass_len;
+    return uni_pass;
+}
+
+/*
+ * Decrypt a pkcs8 block.
+ */
+static int p8_decrypt(const char *uni_pass, int uni_pass_len,
+                        const uint8_t *salt, int iter, 
+                        uint8_t *priv_key, int priv_key_len, int id)
+{
+    uint8_t p[BLOCK_SIZE*2];
+    uint8_t d[BLOCK_SIZE];
+    uint8_t Ai[SHA1_SIZE];
+    SHA1_CTX sha_ctx;
+    RC4_CTX rc4_ctx;
+    int i;
+
+    for (i = 0; i < BLOCK_SIZE; i++)
+    {
+        p[i] = salt[i % SALT_SIZE];
+        p[BLOCK_SIZE+i] = uni_pass[i % uni_pass_len];
+        d[i] = id;
+    }
+
+    /* get the key - no IV since we are using RC4 */
+    SHA1_Init(&sha_ctx);
+    SHA1_Update(&sha_ctx, d, sizeof(d));
+    SHA1_Update(&sha_ctx, p, sizeof(p));
+    SHA1_Final(Ai, &sha_ctx);
+
+    for (i = 1; i < iter; i++)
+    {
+        SHA1_Init(&sha_ctx);
+        SHA1_Update(&sha_ctx, Ai, SHA1_SIZE);
+        SHA1_Final(Ai, &sha_ctx);
+    }
+
+    /* do the decryption */
+    if (id == PKCS12_KEY_ID)
+    {
+        RC4_setup(&rc4_ctx, Ai, 16);
+        RC4_crypt(&rc4_ctx, priv_key, priv_key, priv_key_len);
+    }
+    else  /* MAC */
+        memcpy(priv_key, Ai, SHA1_SIZE);
+
+    return 0;
+}
+
+/*
+ * Take a raw pkcs12 block and the decrypt it and turn it into a certificate(s)
+ * and keys.
+ */
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password)
+{
+    uint8_t *buf = ssl_obj->buf;
+    int len, iterations, auth_safes_start, 
+              auth_safes_end, auth_safes_len, key_offset, offset = 0;
+    int all_certs = 0;
+    uint8_t *version = NULL, *auth_safes = NULL, *cert, *orig_mac;
+    uint8_t key[SHA1_SIZE];
+    uint8_t mac[SHA1_SIZE];
+    const uint8_t *salt;
+    int uni_pass_len, ret = SSL_OK;
+    char *uni_pass = make_uni_pass(password, &uni_pass_len);
+    static const uint8_t pkcs_data[] = /* pkc7 data */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01 };
+    static const uint8_t pkcs_encrypted[] = /* pkc7 encrypted */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x06 };
+    static const uint8_t pkcs8_key_bag[] = /* 1.2.840.113549.1.12.10.1.2 */
+        { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02 };
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: Invalid p12 ASN.1 file\n");
+#endif
+        goto error;
+    }
+
+    if (asn1_get_big_int(buf, &offset, &version) < 0 || *version != 3)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        goto error;
+    }
+
+    /* remove all the boring pcks7 bits */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 || 
+                (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+                len != sizeof(pkcs_data) || 
+                memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0)
+        goto error;
+
+    /* work out the MAC start/end points (done on AuthSafes) */
+    auth_safes_start = offset;
+    auth_safes_end = offset;
+    if (asn1_skip_obj(buf, &auth_safes_end, ASN1_SEQUENCE) < 0)
+        goto error;
+
+    auth_safes_len = auth_safes_end - auth_safes_start;
+    auth_safes = malloc(auth_safes_len);
+
+    memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs_encrypted) || 
+            memcmp(&buf[offset], pkcs_encrypted, sizeof(pkcs_encrypted))))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the certificate */
+    if (get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_IMPLICIT_TAG)) < 0)
+        goto error;
+
+    /* decrypt the certificate */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the certificate */
+    key_offset = 0;
+    all_certs = asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE);
+
+    /* keep going until all certs are loaded */
+    while (key_offset < all_certs)
+    {
+        int cert_offset = key_offset;
+
+        if (asn1_skip_obj(cert, &cert_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_SEQUENCE) < 0 ||
+                asn1_skip_obj(cert, &key_offset, ASN1_OID) < 0 ||
+                asn1_next_obj(cert, &key_offset, ASN1_EXPLICIT_TAG) < 0 ||
+                (len = asn1_next_obj(cert, &key_offset, ASN1_OCTET_STRING)) < 0)
+            goto error;
+
+        if ((ret = add_cert(ssl_ctx, &cert[key_offset], len)) < 0)
+            goto error;
+
+        key_offset = cert_offset;
+    }
+
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            len != sizeof(pkcs_data) || 
+            memcmp(&buf[offset], pkcs_data, sizeof(pkcs_data)))
+        goto error;
+
+    offset += len;
+
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_OCTET_STRING) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OID)) < 0 ||
+            (len != sizeof(pkcs8_key_bag)) || 
+            memcmp(&buf[offset], pkcs8_key_bag, sizeof(pkcs8_key_bag)))
+        goto error;
+
+    offset += len;
+
+    /* work out the salt for the private key */
+    if (asn1_next_obj(buf, &offset, ASN1_EXPLICIT_TAG) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            get_pbe_params(buf, &offset, &salt, &iterations) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
+        goto error;
+
+    /* decrypt the private key */
+    cert = &buf[offset];
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, cert, 
+                            len, PKCS12_KEY_ID)) < 0)
+        goto error;
+
+    offset += len;
+
+    /* load the private key */
+    if ((ret = p8_add_key(ssl_ctx, cert)) < 0)
+        goto error;
+
+    /* miss out on friendly name, local key id etc */
+    if (asn1_skip_obj(buf, &offset, ASN1_SET) < 0)
+        goto error;
+
+    /* work out the MAC */
+    if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 ||
+            len != SHA1_SIZE)
+        goto error;
+
+    orig_mac = &buf[offset];
+    offset += len;
+
+    /* get the salt */
+    if ((len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0 || len != 8)
+        goto error;
+
+    salt = &buf[offset];
+
+    /* work out what the mac should be */
+    if ((ret = p8_decrypt(uni_pass, uni_pass_len, salt, iterations, 
+                            key, SHA1_SIZE, PKCS12_MAC_ID)) < 0)
+        goto error;
+
+    hmac_sha1(auth_safes, auth_safes_len, key, SHA1_SIZE, mac);
+
+    if (memcmp(mac, orig_mac, SHA1_SIZE))
+    {
+        ret = SSL_ERROR_INVALID_HMAC;                  
+        goto error;
+    }
+
+error:
+    free(version);
+    free(uni_pass);
+    free(auth_safes);
+    return ret;
+}
+
+/*
+ * Retrieve the salt/iteration details from a PBE block.
+ */
+static int get_pbe_params(uint8_t *buf, int *offset, 
+        const uint8_t **salt, int *iterations)
+{
+    static const uint8_t pbeSH1RC4[] = /* pbeWithSHAAnd128BitRC4  */
+            { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x01 };
+
+    int i, len;
+    uint8_t *iter = NULL;
+    int error_code = SSL_ERROR_NOT_SUPPORTED;
+
+    /* Get the PBE type */
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OID)) < 0)
+        goto error;
+
+    /* we expect pbeWithSHAAnd128BitRC4 (1.2.840.113549.1.12.1.1) 
+       which is the only algorithm we support */
+    if (len != sizeof(pbeSH1RC4) || 
+                    memcmp(&buf[*offset], pbeSH1RC4, sizeof(pbeSH1RC4)))
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: pkcs8/pkcs12 must use \"PBE-SHA1-RC4-128\"\n");
+#endif
+        goto error;
+    }
+
+    *offset += len;
+
+    if (asn1_next_obj(buf, offset, ASN1_SEQUENCE) < 0 ||
+            (len = asn1_next_obj(buf, offset, ASN1_OCTET_STRING)) < 0 || 
+            len != 8)
+        goto error;
+
+    *salt = &buf[*offset];
+    *offset += len;
+
+    if ((len = asn1_get_big_int(buf, offset, &iter)) < 0)
+        goto error;
+
+    *iterations = 0;
+    for (i = 0; i < len; i++)
+    {
+        (*iterations) <<= 8;
+        (*iterations) += iter[i];
+    }
+
+    free(iter);
+    error_code = SSL_OK;       /* got here - we are ok */
+
+error:
+    return error_code;
+}
+
+#endif
diff --git a/ssl/private_key.h b/ssl/private_key.h
new file mode 100644
index 0000000000..f72bee23ae
--- /dev/null
+++ b/ssl/private_key.h
@@ -0,0 +1,54 @@
+unsigned char default_private_key[] = {
+  0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xbd,
+  0x0f, 0xd4, 0x42, 0xa8, 0x74, 0x87, 0x54, 0xaa, 0xb9, 0x3a, 0x1f, 0x8b,
+  0xce, 0xbd, 0xb7, 0x65, 0xfb, 0x40, 0x3d, 0xd0, 0x11, 0x9a, 0x9c, 0xdc,
+  0x82, 0x7c, 0xea, 0xa8, 0x17, 0xe1, 0x74, 0xf3, 0x05, 0x0e, 0x61, 0xc1,
+  0xc1, 0x78, 0x8a, 0xb2, 0xba, 0x15, 0x22, 0x5a, 0xff, 0x9b, 0xb8, 0x7a,
+  0x2e, 0x0f, 0x88, 0xb7, 0x74, 0xde, 0x04, 0x99, 0xa5, 0xa2, 0x99, 0x53,
+  0x8b, 0xad, 0x78, 0x5a, 0x31, 0xed, 0xbc, 0x01, 0xe7, 0xdf, 0xe9, 0xec,
+  0x2f, 0xa0, 0x5d, 0x53, 0xf6, 0xe6, 0x8a, 0xa0, 0xc8, 0x6d, 0x41, 0x45,
+  0x63, 0x23, 0xb3, 0xcf, 0x4e, 0x50, 0x1f, 0x28, 0xdf, 0x36, 0xe2, 0x73,
+  0xdf, 0xd6, 0xa1, 0xb3, 0x46, 0x4f, 0x6e, 0xbb, 0x0d, 0x9b, 0xef, 0xa8,
+  0xf9, 0x4c, 0xa5, 0x71, 0xa1, 0x88, 0xdd, 0x07, 0xa9, 0x86, 0x0d, 0x3f,
+  0xcd, 0x99, 0x23, 0xa2, 0x84, 0x77, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01,
+  0x02, 0x81, 0x80, 0x26, 0x3f, 0xec, 0x96, 0xab, 0xd4, 0x1f, 0x89, 0x0e,
+  0x9d, 0x38, 0xd8, 0x27, 0x05, 0xe5, 0xb6, 0x14, 0x08, 0xd7, 0xff, 0x69,
+  0x78, 0x16, 0x4a, 0xc4, 0x06, 0x16, 0x55, 0xb7, 0x3a, 0x55, 0x9f, 0xbe,
+  0x86, 0xf8, 0x58, 0xe8, 0xc5, 0x46, 0xa8, 0xf0, 0xed, 0xda, 0xd6, 0xbf,
+  0x88, 0x55, 0x2d, 0xe6, 0x72, 0x29, 0x2c, 0x64, 0xc9, 0x5d, 0x1d, 0x9b,
+  0x24, 0x3a, 0x98, 0x40, 0xa1, 0xd2, 0xaf, 0x5c, 0xab, 0x23, 0xe4, 0x33,
+  0xd0, 0xea, 0x60, 0x52, 0xe7, 0x7a, 0x9e, 0x73, 0x5f, 0x2e, 0x80, 0xd1,
+  0xdc, 0x6f, 0x47, 0x0f, 0x97, 0x80, 0x36, 0xd2, 0x30, 0x07, 0xdd, 0xd6,
+  0xd7, 0x15, 0x89, 0x2b, 0x74, 0xd5, 0x7e, 0x8a, 0xbc, 0x63, 0x42, 0x0a,
+  0xf2, 0x31, 0x29, 0xbf, 0xf9, 0xf9, 0xf0, 0x88, 0x8f, 0x8a, 0xc2, 0x22,
+  0x6e, 0x15, 0x26, 0xb7, 0x5e, 0x5b, 0x58, 0x44, 0x1c, 0x3b, 0x79, 0x02,
+  0x41, 0x00, 0xe1, 0xf1, 0xb2, 0xe5, 0xc8, 0x80, 0x93, 0x40, 0x50, 0x74,
+  0x14, 0xdd, 0xb2, 0xf2, 0x27, 0x5c, 0x0c, 0x3d, 0xc0, 0x5f, 0xee, 0x9c,
+  0x45, 0x6c, 0x13, 0x00, 0xdf, 0xd0, 0xd9, 0x83, 0xfa, 0x90, 0x2c, 0x84,
+  0xf2, 0xaa, 0xc2, 0xdd, 0xfb, 0xcf, 0x03, 0x41, 0x88, 0x10, 0xc6, 0xbb,
+  0x5e, 0xb7, 0xb6, 0x2e, 0xa6, 0x1d, 0xaa, 0xba, 0xfb, 0x4a, 0x72, 0xd8,
+  0x9a, 0xad, 0x88, 0x0d, 0x6a, 0x15, 0x02, 0x41, 0x00, 0xd6, 0x36, 0x23,
+  0xf3, 0x5d, 0x77, 0xc8, 0xd3, 0x49, 0xc1, 0x93, 0xfe, 0xca, 0x0d, 0xeb,
+  0x9b, 0xda, 0xbd, 0x47, 0x28, 0x73, 0x97, 0xa0, 0x50, 0xd7, 0x4c, 0x24,
+  0xdf, 0x9b, 0x0b, 0x37, 0xae, 0xc3, 0x31, 0xb5, 0x4f, 0x62, 0x08, 0xca,
+  0xe5, 0xef, 0x97, 0x7b, 0x43, 0xa0, 0xda, 0x2b, 0x1f, 0xbf, 0xa8, 0x08,
+  0x93, 0xd2, 0x16, 0x1c, 0x89, 0x99, 0xf1, 0xdf, 0x26, 0xd1, 0x42, 0x99,
+  0x93, 0x02, 0x41, 0x00, 0xb1, 0x41, 0xe4, 0x7e, 0xdf, 0x20, 0xf7, 0xe4,
+  0xf1, 0xf9, 0x4f, 0xd1, 0x6a, 0x2d, 0x0d, 0xf1, 0xe9, 0xec, 0x9c, 0x3a,
+  0xe6, 0xc0, 0x94, 0xba, 0x27, 0xe2, 0x7c, 0xb4, 0xa5, 0xa1, 0x23, 0xf6,
+  0xed, 0xe6, 0x53, 0x56, 0xe2, 0x50, 0x32, 0xd8, 0x02, 0x8e, 0xeb, 0xc7,
+  0x75, 0x91, 0xd3, 0xca, 0x3e, 0xd4, 0x34, 0x20, 0x7c, 0x2b, 0xfb, 0x2f,
+  0x3a, 0x10, 0x72, 0xb1, 0x07, 0x56, 0xb6, 0xcd, 0x02, 0x40, 0x1e, 0x3b,
+  0xf2, 0x03, 0x0d, 0x74, 0x34, 0xb2, 0x2d, 0xbc, 0xd6, 0xc8, 0xa5, 0x78,
+  0x25, 0x83, 0x0f, 0xf2, 0x9b, 0x32, 0x88, 0x6e, 0x24, 0x40, 0x84, 0xc2,
+  0xc8, 0x89, 0x8e, 0xf6, 0x9c, 0x5b, 0x5c, 0x4d, 0x8d, 0xcb, 0xb0, 0x88,
+  0x91, 0x2a, 0xb7, 0x10, 0x68, 0x63, 0x79, 0x36, 0x91, 0xd3, 0x9f, 0x57,
+  0x76, 0x2e, 0x76, 0xfe, 0x8b, 0xf4, 0x97, 0xf7, 0xdd, 0x89, 0x3b, 0x0b,
+  0xed, 0x65, 0x02, 0x41, 0x00, 0xb9, 0xaf, 0xbf, 0x09, 0xc9, 0x90, 0x26,
+  0xf3, 0x72, 0x8b, 0xbf, 0xb3, 0x7c, 0xe7, 0x6f, 0x6f, 0x5b, 0xa3, 0x95,
+  0xb8, 0x9e, 0x03, 0xb9, 0xcf, 0xa0, 0x53, 0xba, 0x32, 0xc1, 0xd3, 0xad,
+  0x85, 0xbb, 0x79, 0x48, 0x09, 0xd6, 0x3f, 0x9c, 0xd9, 0x37, 0x91, 0x11,
+  0x0d, 0x04, 0xd5, 0x3b, 0xca, 0x74, 0x5d, 0x1c, 0x91, 0x8d, 0x3d, 0xf1,
+  0xf8, 0xf9, 0xbe, 0x35, 0xd7, 0xb2, 0x53, 0x50, 0x1d
+};
+unsigned int default_private_key_len = 609;
diff --git a/ssl/ssl.h b/ssl/ssl.h
new file mode 100644
index 0000000000..df4fed9bc4
--- /dev/null
+++ b/ssl/ssl.h
@@ -0,0 +1,580 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @mainpage axTLS API
+ *
+ * @image html axolotl.jpg
+ *
+ * The axTLS library has features such as:
+ * - The TLSv1 SSL client/server protocol
+ * - No requirement to use any openssl libraries.
+ * - A choice between AES block (128/256 bit) and RC4 (128 bit) stream ciphers.
+ * - RSA encryption/decryption with variable sized keys (up to 4096 bits).
+ * - Certificate chaining and peer authentication.
+ * - Session resumption, session renegotiation.
+ * - ASN.1, X.509, PKCS#8, PKCS#12 keys/certificates with DER/PEM encoding.
+ * - Highly configurable compile time options.
+ * - Portable across many platforms (written in ANSI C), and has language
+ * bindings in C, C#, VB.NET, Java, Perl and Lua.
+ * - Partial openssl API compatibility (via a wrapper).
+ * - A very small footprint (around 50-60kB for the library in 'server-only' 
+ *   mode).
+ * - No dependencies on sockets - can use serial connections for example.
+ * - A very simple API - ~ 20 functions/methods.
+ *
+ * A list of these functions/methods are described below.
+ *
+ *  @ref c_api 
+ *
+ *  @ref bigint_api 
+ *
+ *  @ref csharp_api 
+ *
+ *  @ref java_api 
+ */
+#ifndef HEADER_SSL_H
+#define HEADER_SSL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <time.h>
+
+/* need to predefine before ssl_lib.h gets to it */
+#define SSL_SESSION_ID_SIZE                     32
+
+#include "tls1.h"
+
+/* The optional parameters that can be given to the client/server SSL engine */
+#define SSL_CLIENT_AUTHENTICATION               0x00010000
+#define SSL_SERVER_VERIFY_LATER                 0x00020000
+#define SSL_NO_DEFAULT_KEY                      0x00040000
+#define SSL_DISPLAY_STATES                      0x00080000
+#define SSL_DISPLAY_BYTES                       0x00100000
+#define SSL_DISPLAY_CERTS                       0x00200000
+#define SSL_DISPLAY_RSA                         0x00400000
+#define SSL_CONNECT_IN_PARTS                    0x00800000
+#define SSL_READ_BLOCKING                       0x01000000
+
+/* errors that can be generated */
+#define SSL_OK                                  0
+#define SSL_NOT_OK                              -1
+#define SSL_ERROR_DEAD                          -2
+#define SSL_CLOSE_NOTIFY                        -3
+#define SSL_ERROR_CONN_LOST                     -256
+#define SSL_ERROR_RECORD_OVERFLOW               -257
+#define SSL_ERROR_SOCK_SETUP_FAILURE            -258
+#define SSL_ERROR_INVALID_HANDSHAKE             -260
+#define SSL_ERROR_INVALID_PROT_MSG              -261
+#define SSL_ERROR_INVALID_HMAC                  -262
+#define SSL_ERROR_INVALID_VERSION               -263
+#define SSL_ERROR_UNSUPPORTED_EXTENSION         -264
+#define SSL_ERROR_INVALID_SESSION               -265
+#define SSL_ERROR_NO_CIPHER                     -266
+#define SSL_ERROR_INVALID_CERT_HASH_ALG         -267
+#define SSL_ERROR_BAD_CERTIFICATE               -268
+#define SSL_ERROR_INVALID_KEY                   -269
+#define SSL_ERROR_FINISHED_INVALID              -271
+#define SSL_ERROR_NO_CERT_DEFINED               -272
+#define SSL_ERROR_NO_CLIENT_RENOG               -273
+#define SSL_ERROR_NOT_SUPPORTED                 -274
+#define SSL_X509_OFFSET                         -512
+#define SSL_X509_ERROR(A)                       (SSL_X509_OFFSET+A)
+
+/* alert types that are recognized */
+#define SSL_ALERT_TYPE_WARNING                  1
+#define SLL_ALERT_TYPE_FATAL                    2
+
+/* these are all the alerts that are recognized */
+#define SSL_ALERT_CLOSE_NOTIFY                  0
+#define SSL_ALERT_UNEXPECTED_MESSAGE            10
+#define SSL_ALERT_BAD_RECORD_MAC                20
+#define SSL_ALERT_RECORD_OVERFLOW               22
+#define SSL_ALERT_HANDSHAKE_FAILURE             40
+#define SSL_ALERT_BAD_CERTIFICATE               42
+#define SSL_ALERT_UNSUPPORTED_CERTIFICATE       43
+#define SSL_ALERT_CERTIFICATE_EXPIRED           45
+#define SSL_ALERT_CERTIFICATE_UNKNOWN           46
+#define SSL_ALERT_ILLEGAL_PARAMETER             47
+#define SSL_ALERT_UNKNOWN_CA                    48
+#define SSL_ALERT_DECODE_ERROR                  50
+#define SSL_ALERT_DECRYPT_ERROR                 51
+#define SSL_ALERT_INVALID_VERSION               70
+#define SSL_ALERT_NO_RENEGOTIATION              100
+#define SSL_ALERT_UNSUPPORTED_EXTENSION         110
+
+/* The ciphers that are supported */
+#define SSL_AES128_SHA                          0x2f
+#define SSL_AES256_SHA                          0x35
+#define SSL_AES128_SHA256                       0x3c
+#define SSL_AES256_SHA256                       0x3d
+
+/* build mode ids' */
+#define SSL_BUILD_SKELETON_MODE                 0x01
+#define SSL_BUILD_SERVER_ONLY                   0x02
+#define SSL_BUILD_ENABLE_VERIFICATION           0x03
+#define SSL_BUILD_ENABLE_CLIENT                 0x04
+#define SSL_BUILD_FULL_MODE                     0x05
+
+/* offsets to retrieve configuration information */
+#define SSL_BUILD_MODE                          0
+#define SSL_MAX_CERT_CFG_OFFSET                 1
+#define SSL_MAX_CA_CERT_CFG_OFFSET              2
+#define SSL_HAS_PEM                             3
+
+/* default session sizes */
+#define SSL_DEFAULT_SVR_SESS                    5
+#define SSL_DEFAULT_CLNT_SESS                   1
+
+/* X.509/X.520 distinguished name types */
+#define SSL_X509_CERT_COMMON_NAME               0
+#define SSL_X509_CERT_ORGANIZATION              1
+#define SSL_X509_CERT_ORGANIZATIONAL_NAME       2
+#define SSL_X509_CERT_LOCATION                  3
+#define SSL_X509_CERT_COUNTRY                   4
+#define SSL_X509_CERT_STATE                     5
+#define SSL_X509_CA_CERT_COMMON_NAME            6
+#define SSL_X509_CA_CERT_ORGANIZATION           7
+#define SSL_X509_CA_CERT_ORGANIZATIONAL_NAME    8
+#define SSL_X509_CA_CERT_LOCATION               9
+#define SSL_X509_CA_CERT_COUNTRY                10
+#define SSL_X509_CA_CERT_STATE                  11
+
+/* SSL object loader types */
+#define SSL_OBJ_X509_CERT                       1
+#define SSL_OBJ_X509_CACERT                     2
+#define SSL_OBJ_RSA_KEY                         3
+#define SSL_OBJ_PKCS8                           4
+#define SSL_OBJ_PKCS12                          5
+
+/**
+ * @defgroup c_api Standard C API
+ * @brief The standard interface in C.
+ * @{
+ */
+
+/**
+ * @brief Establish a new client/server context.
+ *
+ * This function is called before any client/server SSL connections are made. 
+ *
+ * Each new connection will use the this context's private key and 
+ * certificate chain. If a different certificate chain is required, then a 
+ * different context needs to be be used.
+ *
+ * There are two threading models supported - a single thread with one
+ * SSL_CTX can support any number of SSL connections - and multiple threads can 
+ * support one SSL_CTX object each (the default). But if a single SSL_CTX 
+ * object uses many SSL objects in individual threads, then the 
+ * CONFIG_SSL_CTX_MUTEXING option needs to be configured.
+ *
+ * @param options [in]  Any particular options. At present the options
+ * supported are:
+ * - SSL_SERVER_VERIFY_LATER (client only): Don't stop a handshake if the server
+ * authentication fails. The certificate can be authenticated later with a
+ * call to ssl_verify_cert().
+ * - SSL_CLIENT_AUTHENTICATION (server only): Enforce client authentication
+ * i.e. each handshake will include a "certificate request" message from the
+ * server. Only available if verification has been enabled.
+ * - SSL_DISPLAY_BYTES (full mode build only): Display the byte sequences
+ * during the handshake.
+ * - SSL_DISPLAY_STATES (full mode build only): Display the state changes
+ * during the handshake.
+ * - SSL_DISPLAY_CERTS (full mode build only): Display the certificates that
+ * are passed during a handshake.
+ * - SSL_DISPLAY_RSA (full mode build only): Display the RSA key details that
+ * are passed during a handshake.
+ * - SSL_CONNECT_IN_PARTS (client only): To use a non-blocking version of 
+ * ssl_client_new().
+ * @param num_sessions [in] The number of sessions to be used for session
+ * caching. If this value is 0, then there is no session caching. This option
+ * is not used in skeleton mode.
+ * @return A client/server context.
+ */
+EXP_FUNC SSL_CTX * STDCALL ssl_ctx_new(uint32_t options, int num_sessions);
+
+/**
+ * @brief Remove a client/server context.
+ *
+ * Frees any used resources used by this context. Each connection will be 
+ * sent a "Close Notify" alert (if possible).
+ * @param ssl_ctx [in] The client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx);
+
+/**
+ * @brief Allocates new SSL extensions structure and returns pointer to it
+ *
+ * @return ssl_ext Pointer to SSL_EXTENSIONS structure
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new(void);
+
+/**
+ * @brief Set the host name for SNI extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param host_name pointer to a zero-terminated string containing host name
+ */
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name);
+
+/**
+ * @brief Set the maximum fragment size for the fragment size negotiation extension
+ * @param ssl_ext pointer returned by ssl_ext_new
+ * @param fragment_size fragment size, allowed values: 2^9, 2^10 ... 2^14
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size);
+
+/**
+ * @brief Frees SSL extensions structure
+ *
+ * @param ssl_ext [in] Pointer to SSL_EXTENSION structure
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext);
+
+/**
+ * @brief (server only) Establish a new SSL connection to an SSL client.
+ *
+ * It is up to the application to establish the logical connection (whether it
+ * is  a socket, serial connection etc).
+ * @param ssl_ctx [in] The server context.
+ * @param client_fd [in] The client's file descriptor. 
+ * @return An SSL object reference.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief (client only) Establish a new SSL connection to an SSL server.
+ *
+ * It is up to the application to establish the initial logical connection 
+ * (whether it is  a socket, serial connection etc).
+ *
+ * This is a normally a blocking call - it will finish when the handshake is 
+ * complete (or has failed). To use in non-blocking mode, set 
+ * SSL_CONNECT_IN_PARTS in ssl_ctx_new().
+ * @param ssl_ctx [in] The client context.
+ * @param client_fd [in] The client's file descriptor.
+ * @param session_id [in] A 32 byte session id for session resumption. This 
+ * can be null if no session resumption is being used or required. This option
+ * is not used in skeleton mode.
+ * @param sess_id_size The size of the session id (max 32)
+ * @param ssl_ext pointer to a structure with the activated SSL extensions 
+ * and their values
+ * @return An SSL object reference. Use ssl_handshake_status() to check 
+ * if a handshake succeeded.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext);
+
+/**
+ * @brief Free any used resources on this connection. 
+ 
+ * A "Close Notify" message is sent on this connection (if possible). It is up 
+ * to the application to close the socket or file descriptor.
+ * @param ssl [in] The ssl object reference.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl);
+
+/**
+ * @brief Read the SSL data stream.
+ * If the socket is non-blocking and data is blocked then SSO_OK will be
+ * returned.
+ * @param ssl [in] An SSL object reference.
+ * @param in_data [out] If the read was successful, a pointer to the read
+ * buffer will be here. Do NOT ever free this memory as this buffer is used in
+ * sucessive calls. If the call was unsuccessful, this value will be null.
+ * @return The number of decrypted bytes:
+ * - if > 0, then the handshaking is complete and we are returning the number 
+ *   of decrypted bytes. 
+ * - SSL_OK if the handshaking stage is successful (but not yet complete).  
+ * - < 0 if an error.
+ * @see ssl.h for the error code list.
+ * @note Use in_data before doing any successive ssl calls.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data);
+
+/**
+ * @brief Write to the SSL data stream. 
+ * if the socket is non-blocking and data is blocked then a check is made
+ * to ensure that all data is sent (i.e. blocked mode is forced).
+ * @param ssl [in] An SSL obect reference.
+ * @param out_data [in] The data to be written
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len);
+
+/**
+ * @brief Calculate the size of the encrypted data from what you are about to send 
+ * @param ssl [in] An SSL obect reference.
+ * @param out_len [in] The number of bytes to be written.
+ * @return The number of bytes that will be sent, or if < 0 if an error.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int out_len);
+
+/**
+ * @brief Find an ssl object based on a file descriptor.
+ *
+ * Goes through the list of SSL objects maintained in a client/server context
+ * to look for a file descriptor match.
+ * @param ssl_ctx [in] The client/server context.
+ * @param client_fd [in]  The file descriptor.
+ * @return A reference to the SSL object. Returns null if the object could not 
+ * be found.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd);
+
+/**
+ * @brief Get the session id for a handshake. 
+ * 
+ * This will be a 32 byte sequence and is available after the first
+ * handshaking messages are sent.
+ * @param ssl [in] An SSL object reference.
+ * @return The session id as a 32 byte sequence.
+ * @note A SSLv23 handshake may have only 16 valid bytes.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl);
+
+/**
+ * @brief Get the session id size for a handshake. 
+ * 
+ * This will normally be 32 but could be 0 (no session id) or something else.
+ * @param ssl [in] An SSL object reference.
+ * @return The size of the session id.
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl);
+
+/**
+ * @brief Return the cipher id (in the SSL form).
+ * @param ssl [in] An SSL object reference.
+ * @return The cipher id. This will be one of the following:
+ * - SSL_AES128_SHA (0x2f)
+ * - SSL_AES256_SHA (0x35)
+ * - SSL_AES128_SHA256 (0x3c)
+ * - SSL_AES256_SHA256 (0x3d)
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl);
+
+/**
+ * @brief Return the status of the handshake.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the handshake is complete and ok. 
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl);
+
+/**
+ * @brief Retrieve various parameters about the axTLS engine.
+ * @param offset [in] The configuration offset. It will be one of the following:
+ * - SSL_BUILD_MODE The build mode. This will be one of the following:
+ *   - SSL_BUILD_SERVER_ONLY            (basic server mode)
+ *   - SSL_BUILD_ENABLE_VERIFICATION    (server can do client authentication)
+ *   - SSL_BUILD_ENABLE_CLIENT          (client/server capabilties)
+ *   - SSL_BUILD_FULL_MODE              (client/server with diagnostics)
+ *   - SSL_BUILD_SKELETON_MODE          (skeleton mode)
+ * - SSL_MAX_CERT_CFG_OFFSET The maximum number of certificates allowed.
+ * - SSL_MAX_CA_CERT_CFG_OFFSET The maximum number of CA certificates allowed.
+ * - SSL_HAS_PEM                        1 if supported
+ * @return The value of the requested parameter.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset);
+
+/**
+ * @brief Display why the handshake failed.
+ *
+ * This call is only useful in a 'full mode' build. The output is to stdout.
+ * @param error_code [in] An error code.
+ * @see ssl.h for the error code list.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code);
+
+/**
+ * @brief Authenticate a received certificate.
+ * 
+ * This call is usually made by a client after a handshake is complete and the
+ * context is in SSL_SERVER_VERIFY_LATER mode.
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl);
+
+/**
+ * @brief Check if certificate fingerprint (SHA1) matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA1 fingerprint to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp);
+
+/**
+ * @brief Check if SHA256 hash of Subject Public Key Info matches the one given.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param fp [in] SHA256 hash to match against
+ * @return SSL_OK if the certificate is verified.
+ */
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash);
+
+/**
+ * @brief Retrieve an X.509 distinguished name component.
+ * 
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's common 
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param component [in] one of:
+ * - SSL_X509_CERT_COMMON_NAME
+ * - SSL_X509_CERT_ORGANIZATION
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CERT_LOCATION
+ * - SSL_X509_CERT_COUNTRY
+ * - SSL_X509_CERT_STATE
+ * - SSL_X509_CA_CERT_COMMON_NAME
+ * - SSL_X509_CA_CERT_ORGANIZATION
+ * - SSL_X509_CA_CERT_ORGANIZATIONAL_NAME
+ * - SSL_X509_CA_CERT_LOCATION
+ * - SSL_X509_CA_CERT_COUNTRY
+ * - SSL_X509_CA_CERT_STATE
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component);
+
+/**
+ * @brief Retrieve a Subject Alternative DNSName
+ *
+ * When a handshake is complete and a certificate has been exchanged, then the
+ * details of the remote certificate can be retrieved.
+ *
+ * This will usually be used by a client to check that the server's DNS  
+ * name matches the URL.
+ *
+ * @param ssl [in] An SSL object reference.
+ * @param dnsindex [in] The index of the DNS name to retrieve.
+ * @return The appropriate string (or null if not defined)
+ * @note Verification build mode must be enabled.
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int dnsindex);
+
+/**
+ * @brief Force the client to perform its handshake again.
+ *
+ * For a client this involves sending another "client hello" message.
+ * For the server is means sending a "hello request" message.
+ *
+ * This is a blocking call on the client (until the handshake completes).
+ *
+ * @param ssl [in] An SSL object reference.
+ * @return SSL_OK if renegotiation instantiation was ok
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl);
+
+/**
+ * @brief Process a file that is in binary DER or ASCII PEM format.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the file. Can be one of:
+ * - SSL_OBJ_X509_CERT (no password required)
+ * - SSL_OBJ_X509_CACERT (no password required)
+ * - SSL_OBJ_RSA_KEY (AES128/AES256 PEM encryption supported)
+ * - SSL_OBJ_PKCS8 (RC4-128 encrypted data supported)
+ * - SSL_OBJ_PKCS12 (RC4-128 encrypted data supported)
+ *
+ * PEM files are automatically detected (if supported). The object type is
+ * also detected, and so is not relevant for these types of files.
+ * @param filename [in] The location of a file in DER/PEM format.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @note Not available in skeleton build mode.
+ */
+EXP_FUNC int STDCALL ssl_obj_load(SSL_CTX *ssl_ctx, int obj_type, const char *filename, const char *password);
+
+/**
+ * @brief Process binary data.
+ *
+ * These are temporary objects that are used to load private keys,
+ * certificates etc into memory.
+ * @param ssl_ctx [in] The client/server context.
+ * @param obj_type [in] The format of the memory data.
+ * @param data [in] The binary data to be loaded.
+ * @param len [in] The amount of data to be loaded.
+ * @param password [in] The password used. Can be null if not required.
+ * @return SSL_OK if all ok
+ * @see ssl_obj_load for more details on obj_type.
+ */
+EXP_FUNC int STDCALL ssl_obj_memory_load(SSL_CTX *ssl_ctx, int obj_type, const uint8_t *data, int len, const char *password);
+
+#ifdef CONFIG_SSL_GENERATE_X509_CERT
+/**
+ * @brief Create an X.509 certificate. 
+ * 
+ * This certificate is a self-signed v1 cert with a fixed start/stop validity 
+ * times. It is signed with an internal private key in ssl_ctx.
+ *
+ * @param ssl_ctx [in] The client/server context.
+ * @param options [in] Not used yet.
+ * @param dn [in] An array of distinguished name strings. The array is defined
+ * by:
+ * - SSL_X509_CERT_COMMON_NAME (0)
+ *      - If SSL_X509_CERT_COMMON_NAME is empty or not defined, then the 
+ *        hostname will be used.
+ * - SSL_X509_CERT_ORGANIZATION (1)
+ *      - If SSL_X509_CERT_ORGANIZATION is empty or not defined, then $USERNAME 
+ *        will be used.
+ * - SSL_X509_CERT_ORGANIZATIONAL_NAME (2)
+ *      - SSL_X509_CERT_ORGANIZATIONAL_NAME is optional.
+ * @param cert_data [out] The certificate as a sequence of bytes.
+ * @return < 0 if an error, or the size of the certificate in bytes.
+ * @note cert_data must be freed when there is no more need for it.
+ */
+EXP_FUNC int STDCALL ssl_x509_create(SSL_CTX *ssl_ctx, uint32_t options, const char * dn[], uint8_t **cert_data);
+#endif
+
+/**
+ * @brief Return the axTLS library version as a string.
+ */
+EXP_FUNC const char * STDCALL ssl_version(void);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/ssl/test/axTLS.ca_key.pem b/ssl/test/axTLS.ca_key.pem
new file mode 100644
index 0000000000..0c8c19b3fb
--- /dev/null
+++ b/ssl/test/axTLS.ca_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsSMwkpYHlwIsi1oxllJLjAPjjycx9t6Q3BOzXBSoZHc1wA+r
+QVuKHarpe8tYOKlNP8b79ejbCv/1U3NlVkMJJtLZUPtDwTEwUZNEG17ixS438mGI
+1AbHXvwhPaoT24UymEOcbJxAZuClDfzKpN7Cl6OzN7Ox44gHmBCBSnUhRAnJYxD6
+x8wBLw8HdH0bMdoc2+H4KyW31uMGva7C9YlUCPVQGPJsTP1DLRskqy+zO1NERUTO
+XytHeYLlh/X/o+NYVvUf7WKu6qC3I4HK+OZ5OW3E+EaE73oYRmUVDaVavL7bRKEf
+2NSbzowU+VsFEnyXIF7YnRFp0D1yrMzaC49bDQIDAQABAoIBAQCwOrNLUunwKaCJ
+b00gIXW5sfDGbhc+ZUU3Pn5V4NN7SEJ4dt5JYrnxNCWgHLkDfiQ1jFEF4QlzUx0O
+TiMGhCDpuCGueJx66uYIcnvywx7XT1kn0jNfxfK6JBsqDzg8ULL6W2GXiIhmEZ8E
+YHh3OIvec2WMyED1flMXzWvj2M4ksfMgZH290T9BSxzlEj9X7dZu55K4sFtu0XNi
+7uJDB0vF8KfW5gLpwj6pd7i32Cm/Pgpl+7lcqMNpDHo0U2dMyWeH1EmWinS4rHxd
+mGDm0N0qK4BOYAJdasq7HwRjzDZkAPuNqcH0gOzSq3aYCI2tP2E6IvprM/vbqA4I
+ooo+GDJhAoGBAORiphxweuGBRTpSqoi9qEICM2WMC2NZW8bpFyWn79CuALGzvvc+
+Buw8W3LVElByUyTVWBnBQQ1iXZGe9f1x2P9q8R1Bdl0rpePg3J9ff9674VRLrcov
+M85/NUHkj1fJ+2CkCx7KG5BFm3GaAb74e+7MceEW/eErMmCqtNgkR2Z5AoGBAMaO
+O9SnVNd4wgnJAjVgN4fqaXWNzZz6NYWtnFVIcTTO7vU1P9t5NjgcsdF9+SnLA/jV
+Ylo5Pl0fLPKg5QtIvlooZjXB8hgKVjrVGRLFt9TN0tJMeJ//11Bo88MNMOf0OQPg
+i2OMWI3w/oRFJthmpeYWOgXNlLOcoSW1LsnWR0Q1AoGBALAXi+KTq3tiM+FzSb/j
+E+/JSJ28bC9u/7+Pi2RiZxrsfuaFI/H4ZlgRdaVFujhC3e6hfKtnAWRzepfEDAEd
+neXaLAyVo9DUzbS1dQaBGNPA400eiOJCoNxP4t1qgEd9GhB6i4Ry6uvDb8YYq832
+Q4BtLEUUeC38I3y7QnMBDfhpAoGAZ13InA54xqvhKELy2WK7xhAs0rv93MkNcAhP
+qL5L4RgRoqoUEmfp6BBYKh2Qx0cfTD2aNCo04znFppJIazV1k24Qt8+9/vHyrjIe
+GX3BFBIKvNx+t5zzNLNOo66MVVT5EaGmLy7zMwHRHn75mBLoLv5HOpop3c+evQiz
+0POyqjkCgYA2+ql0jS7Qbk7EPyFXftQhHcD/Ld8TKjonShkASoudSEHKwuQGBuit
+ftPsg/E5YfhlRpQB6p00kXb4vZsdpFV38eXkyLuLwg0kbpaLedahIujIENNvWP1w
+89T/ueiafWPqvwu3M7sAkkd/ReAQ0LcPwrsBHlOk0uujq+WV+b+Xfw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.ca_x509.cer b/ssl/test/axTLS.ca_x509.cer
new file mode 100644
index 0000000000000000000000000000000000000000..7bde7b0a4231cedc65d7bbdcb877cfc56e79ade4
GIT binary patch
literal 786
zcmXqLV&*ewV*Iv%nTe5!iId?;!n6&HOIThQ@Un4gwRyCC=VfGMWo0lhF*GtTU}Fwt
z;S$zNtO)T5RtPA{&q_@$QE<smNv~9JPAw|QOv_A8EJ;;xEG@~%FUl;bG>{YLH8e9c
zGBz+WG%ztTj}qrKHZZU>uz+&OG_{FQ3E6p!tPIRejQk8hZ*Va+F)}i2R5qA2jeR<k
zPIr{yv>@*u=Ewc&hTrZ@xFftdMr1`wx#<D^)sE3!va4QJpN_Ct>1%)N_tzJ<x&D6*
zE=~<|=2W|MGvK%LK|_PU$u81ykB;h@e@g7Q!gf6FkD~1=;oGf7Go0t-%yCG2u$1@D
zsU`OgO<%m(eDlV~9qcm%8of#tT{urB3;a5MhEboNy`)y!@RrQ&hd;Dcw_khAws+m3
zubm+rUjrmQ<@o${)|FOSt-ski*u~Z5T)eh>Wz*C4um2Z6jtKiI|2Apes|DMY8&Cas
zR%w}g<cC|!`zi^yR8iigQG52?c3CKY<I3!FJt9A&S%qq*E5zNHE0}q~wrI_nTipH8
zyiClD42+AF4HOOdfiWg4%*gnkh1Gx=NEz^f1o%M$EWikFLk>n@ECYj)k)bI0{DSQw
zUDgwX5*BDDADR7FsNllkf=%5FZn@PP?f(RtulByMW}}Pv#60dy-^<>Hp+`lHzr5f5
zSbNXgyc)$dZf5IERy|Cy{1tTndehcj%{Sjk{F&W!-^1%q=0djB&5aS|=PR5)Ke!UN
z-rPTa?>UY`%O>4({MK4!c1u-9;Qgar4KshLPEN`wbu$m_dlmBQY3}EhuPV>_&3b4T
zQaNi$vi9a$gJ>lWmd3T5XTCL+-t)BD!|Gnj8x_Q4E%m$Y!U?ezlh^PH%BT6x+S$o_
z*mOzgQU~Ved#nU?A8XF~I+L$(b!5ZmQ+Ji0<Vq`i`h7c2CV!@()%Rml&au4uztm92
IUdHMK07gbX4gdfE

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.ca_x509.pem b/ssl/test/axTLS.ca_x509.pem
new file mode 100644
index 0000000000..0dfd1f4d59
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.ca_x509_sha256.pem b/ssl/test/axTLS.ca_x509_sha256.pem
new file mode 100644
index 0000000000..0771ca651c
--- /dev/null
+++ b/ssl/test/axTLS.ca_x509_sha256.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAJRCXZlKhZeHMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IB
+AQAm3qU+APMkgTRCWhw0m4+06gc2iGaf7l+3i/Kg6EvDB9js4cI1sqzRpSdqdjTZ
+BwVlIURlB6BnEMCB3hP69IF/oSnqrnIxx2KIeVJt4CCwW1mXKsBwxNMXwHYD3A02
+08eFTRkP0ofn+YBRfUYFkDFebqba4V3NBZtBW497YtQk/ssKAL1xaI0V26M4E/VH
+jkJtk99mcMjfuD8HPoqjTeVBGtY2h0A3j2LQPmOJNdSxv30SJuVjvpG7vejQripq
+9MW0kPMBIRKhBpUBLIthLLxm/2VBe0IHU34kpe60YpQdJqebbldtOG1Uxe4F2JpN
+LfUXs2/UCNpEHS60Xl8UDJXA
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.encrypted.p8 b/ssl/test/axTLS.encrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..07feaac9b509a32687f6bc823b426191f0a9e765
GIT binary patch
literal 673
zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2*{m0{+oFxcLD+k00e>pdkmlHgD7Vz
zCm9>FJDCD@>~r}|@snQhXFpIWl5vk2sM{QxjI_9P)WipyQj*FPWsvp@aSaHp@pMDK
z$MZ1uGwhQEoVP#A-kSi+dF@r}0bd6_%=)sMicLuiwtg#<3Y7GXU1(kJiz<Q-P<M{w
zh<Zl%4ezO~WC1q+jC3=}+KCnrxf17Ms=%3VdN|B|v>JNz?rB8R{k=4>M8Z{jx$bSb
z<wWMo&!9FcoY8I$HN)~qeQmQAOUA9Q0_{xeFn}g;XxEeFcsUpD>;tb0$e|023ira)
zD>a(ty;nL}MC^RHtzL7Qc>{bsjm=OO9*Eb+*ftfQu80Z%gf49F03=jRv$9vannCiq
zf5{60qu}m6-rO}9Z!j6by%67<A-WSO6&dlrbR<4jQ5xTOl{Z>*uwJK$%i(EW%Y3`v
zEK6MzCSvG=;jW{#t^^ps&}d7nJ?CA*f8PEzY6f44WRx=aquSW0uMo|h^4N5oU#CUY
zzPn(1I=F_2Luh4{P}g>Lw+t71V^!Z#OO^Sep<NF%Pb0E!e5`LBo|UHIQ{WU32?2Cz
zSAi2$TCN*B_T!_6t;z0Y#esM~IX%TNEa=m6&*x>e==Jwey=>11<+a%YiDyyv0<IhH
zsf>>1%F)+lUE`S)`6xBS@V)O-(`jMu^s6c^<#;>i{2IW5?bTxuZ~w%dx787P?vjtU
zyeek_O^XX?nEBTi*5i#QQZL#ra;^+llVBeDl_hR{TBlMCL`Xov*IvWw@7Mab>K>qx
z91lbWCd`Ij^a&hPw#2c(_^5Pcxmu-5%&Fk~WTNIbGwDg(YP}?j6oq}T(+M_nCrTlQ
HUEnaSBD_pH

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.encrypted_pem.p8 b/ssl/test/axTLS.encrypted_pem.p8
new file mode 100644
index 0000000000..bc28403bba
--- /dev/null
+++ b/ssl/test/axTLS.encrypted_pem.p8
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICnTAcBgoqhkiG9w0BDAEBMA4ECLZOmsNEeDZnAgIIAASCAnu22JX3BRRr9cTr
+j4x62+iDbrqcwmhQkybM1xShFgWObY3/OQf1NJfH4DO4zGQN45ZN0X9zSUVRu8Dd
+ycHls5qsROJ96PYQ8d1xnuh1C9TWmFiLieM0qUyn35raHcKPQiBl8PYHtNr3+m0K
+bsql6T23hE5ZjVhbRtcRdRd9MsQeTZ6n4mdWPEhzN1+rmSPV8ybCbrtJl3/Dh1v8
+LnswXB92T6WcmHRyRiNsbAXR9SQkOaXFZ/1RUXDNqoRYZjlWPBWdcQf48mzgaDjq
+3RXF1mjbOlX2x4/V4qVwH1qZADlT38fSRk/iVdRfureS+wfOuJgJ/g9Riwa0o41K
+2q+sOEcTOv4rShXRGp/0ckeuwhARDdSMymlSBhgBWdf14qdgxCx0rAXYlRAc/4Ze
+Zl9ErfydwdUfDJoPK+QlGZMF//hFRF+vdO/wJHleLsels4KaqN9v/sB+BrGWaeUC
+ScKMISixquCwfWi2qGiqLQGsxHn0d6ejiMblZR4kTf7dcuWVWGXdf5VZqxLNP8Xg
+zzjjeP59OxHRVH0ytGBUejTehcxWDKq+6ESAuujzVXa0v1+5QzZXsJ8rPyZOINzj
+bdpN4Cr3tZj9ALrNzoC2oG62+OO45U7lg54cV1nyrQ2QiI4XFnt0WA06K1G1JrRW
+a/y6nZkntGybbCpuuIBiWl2FfdcTepctiXcJ0vCYqVNOTT4L2Y1RwajDzALhgb7e
+wOy0eA8gmOmMLNozSlMV7siL0LeE1WlotLwK+AHMU1lmPMqS7jK9nycXtZyg4IKl
+eBAnW052fnKZhT4zNlfJkZqpcp6YWpCU16PWx6L+/FDzFPzswluHyfB72oVqRniI
+2A==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_1024 b/ssl/test/axTLS.key_1024
new file mode 100644
index 0000000000000000000000000000000000000000..e39791ec8b54056d5bc75137a9e8ade3ae6c29c5
GIT binary patch
literal 609
zcmV-n0-pUaf&yIv0RRGlfdIV^)Iz9qhg7P$Iv<P9y|-oiKt0eAnw;E%eCntd;dJu_
z4q?H;c#5*R6(U;yo49%|4~VyP-UOMYqM1{Rt$127?Ysf!-|6fxpj}h;=8B-mZ9zq2
zBeTy=P#-AYHsW*N)}gaTPj0&noA0RkOr>$5h}{RNh7CW>nIocvcMk#s0RRC4fq*7I
z?3Sz4ABhf~IM^oz<+c<E*Z*mF7D~hh7FD-8RiD0w_*m%0MyT-Z+Sb2_RW0UnDJ*2k
zT^*YwI+#GA(yv^rBjhvC>R?jmdY*G%E`ZV8Z$}T8fHu-F2i?}!6^Sc!)qaY+V?qk@
zF)6?K`S6I3iozmp6(+Y{TUbOKJ9z>@0O9en<;Z}OKu~lP-Lmp0Tns(HU+$bmY!d+A
z(Ak6fkSv7qs>0p-&jUe-5XQS+x3(^(9jdzfN^;nmt%wb36#_v3);1&aU3bXSNx_r;
z$_?wA+Pz08bC;k{*Gween+rFt!!fl_VhGCR@0WW+pxP@Rzo-b4(iR+vnepEy(L$M%
z0zm+=LF9hlAot|)`A^YmEe-MM?3_C0z?8Zt;(WBFp(FO~=2KSUP%_v8j_b#Dk<-dP
z)HEP`EBh}x5OT2xR<_LoKps2t0}XUEvMs#U$fbBCgAekXGKg*@K!n1`iH`Q1TU<?z
z%dm)%Dz^}5V|g}_)1Oy%E_VKl^q2SDi8~AJWdcC}xv#$o$&e=Va*MySeCKa(Tcee@
vo&&khpi{as!PBjUyLm_n)<2xtH<1wy1l2prbX^>gjXm-B`Mx#RvQtnU*ex&x

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_1024.pem b/ssl/test/axTLS.key_1024.pem
new file mode 100644
index 0000000000..fd8226eba1
--- /dev/null
+++ b/ssl/test/axTLS.key_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC9D9RCqHSHVKq5Oh+Lzr23ZftAPdARmpzcgnzqqBfhdPMFDmHB
+wXiKsroVIlr/m7h6Lg+It3TeBJmloplTi614WjHtvAHn3+nsL6BdU/bmiqDIbUFF
+YyOzz05QHyjfNuJz39ahs0ZPbrsNm++o+UylcaGI3Qephg0/zZkjooR3DwIDAQAB
+AoGAJj/slqvUH4kOnTjYJwXlthQI1/9peBZKxAYWVbc6VZ++hvhY6MVGqPDt2ta/
+iFUt5nIpLGTJXR2bJDqYQKHSr1yrI+Qz0OpgUud6nnNfLoDR3G9HD5eANtIwB93W
+1xWJK3TVfoq8Y0IK8jEpv/n58IiPisIibhUmt15bWEQcO3kCQQDh8bLlyICTQFB0
+FN2y8idcDD3AX+6cRWwTAN/Q2YP6kCyE8qrC3fvPA0GIEMa7Xre2LqYdqrr7SnLY
+mq2IDWoVAkEA1jYj8113yNNJwZP+yg3rm9q9Ryhzl6BQ10wk35sLN67DMbVPYgjK
+5e+Xe0Og2isfv6gIk9IWHImZ8d8m0UKZkwJBALFB5H7fIPfk8flP0WotDfHp7Jw6
+5sCUuififLSloSP27eZTVuJQMtgCjuvHdZHTyj7UNCB8K/svOhBysQdWts0CQB47
+8gMNdDSyLbzWyKV4JYMP8psyiG4kQITCyImO9pxbXE2Ny7CIkSq3EGhjeTaR059X
+di52/ov0l/fdiTsL7WUCQQC5r78JyZAm83KLv7N8529vW6OVuJ4Duc+gU7oywdOt
+hbt5SAnWP5zZN5ERDQTVO8p0XRyRjT3x+Pm+NdeyU1Ad
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_2048 b/ssl/test/axTLS.key_2048
new file mode 100644
index 0000000000000000000000000000000000000000..00989873bb903c8c1537d4318e535fe068d6aa00
GIT binary patch
literal 1192
zcmV;Z1Xueof&`=j0RRGm0RaH{T6R3AC2^VxXLF))22BHn=^2*8_o14xzC`P*=rH@6
z?q9N&et`5QFL)W+(l6XVbV9<GF3&c{LIa}!3_GpM-iV5(@^VbX4*?X@2?%@il5pik
zJ;&S3XinWcXY&GlCNepC6|j?%=oF4g(N)VhUsI{TiSA;uMkko3oSGII7H@b<#g-()
zU=sW@KPX+8PAjIR0UZ>s-!tGHNzp`upSmteb&<0wmV){%MxUPyI4%}1$so8x0|-eF
z53KPPtq)(3fr9U|R-lCkCHu0BSqDwK7RiZF-j+6sH-#U^)dhS-)$f4D)6-0{m`T`G
z`Tb<R=UpgDBfSrcmNnG^0|5X50)hbn0MI}h>wxtpv2E)FiZC|-?&eX=i#pSP=0JEA
z`*pDo=d(>5BYeo-P6_TWG5D<hN5+)Wgv|v14pPtYRhr(Mp##}4)C;Bri_}_cp2oS3
znrEUuBV6{v3GwGsrZuADGrAY_Zb)VT_}>C>*nJWe!wIXSrR*ifFe{Iz);M+Zz{jwH
z7={XO-&;!7t}aIj4&HO+t{m{TDFKj~5b2S1EX8coAi^v#r?)d`*bnMt;~5F4-F`V=
zz&>OjFDoICVE7Q<>Kj*Lc*Hb&&PT@(v20NjJ2<J+>PKA0?ZuDilWu=VCv63J0Z@{)
zDxfm3MqM7$mYQie95%BL9ghXFsRDt40RMqc^_O{AEjs;TcPsrwZTOJlLJg!&wOKcV
zlMOBS{g{a*a{(PoDPg2sZ@#fm0b~daQ}Y%}q%zMMBH*+dZZpJxyhL6(mk3~Sc~?Kq
z$cT)V=o+qS31(OWJy3cj-}d$ZJydp@hI>ixT8%3rt2m|GMobPtNhKJ0rdNkCLjr+;
z0QuG#YJ+OL(ruGCO=l~|qrP%7=d#>GTjwB1A}gENm8)#5_<8v|P1-lqtdd-Y#ds*n
z2S&ZNC!G0rx&-y#(u9bIlt>^{*Oia_)?SX0=CwiHxI8suq@@I(Q~I7lNHIRzLTF~~
za~rj{cp7VF%&IkOaNIl`*x#O-v3@jP2LgeC0Nli^1x2f<pY%_PEA)$U{2qaMuAe~g
zZA-Xj?7_c|Tlm+{&h8MDs2$-ssi-(-E4+3i$jQp$^6sDdGFH3i_I|E&yoJhevTC1#
zjM(v>N3o3HyN-%ezUg{&+8)+iF^8WCm-LE4e4f0-pB70*JaNYbk69WV847=TWm`?k
zCjx<hP$^~>O8j7flrH>@xnRz@w@sxFy3hH%?>FdeE?D02hXZ4*hE{d7(IddsZcxeH
zYGjNKF`$KI$aFILIK?}Etd6n~-QuCvT4K!EYn6*K-%YmqdN&s}sLclAM>D8M$)rUa
zv8(jlPBY9Nc{`-cUVyD^l>MZ$;cQ-RJoHG}0)c>43rt-w_O7VyNPF?A=_BhSAAW2w
z<-kkl4oJV*6MN5+B$ye|7ZdX93W12hQN)$V;;qt2CgO3wyG;p7+x2Swvid>z<3P_D
z6FN_Nb}2vnGBE|+R~O;bVM9+hq5>7uyc-!-KN0JNO@!8spNZNsP`HMyT4!Q_(+cBF
G5|Pp%l0WbO

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_2048.pem b/ssl/test/axTLS.key_2048.pem
new file mode 100644
index 0000000000..5ef719db71
--- /dev/null
+++ b/ssl/test/axTLS.key_2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA+Vp2PKclcZoKZ3OicQZNA4XpGZbD96Gasb5E66voMPub7l+y
+ln6A9CYveBna0i/cQHRCwpYuzzbHQgOjAAw7rcveiIqm8nJMxA8BFNMJCHv0knDl
+RT3H28xoTt08Z/MCfCYyOXoVsJOS6BSOSdFVyzhfU6nAie5iskYnmKecmhYaFm94
+S8WWJMNgEvwzPyhdmE4rpqUBHRSu3zPgHUnRRIOfui5KdZGzKpaC+i1Gn58MOC4W
+L8kguEMDCEkQD6zxFq0PX5GBgu+zVqCFByX7soxZB027FsmJUN6WNoo3hR/H1QV8
+RdXvgMbT00yymEnYVfn9ZL7nXShKI70Pi5Y11QIDAQABAoIBAQDQQBrrgPUmsW3r
+BIowNwDu5lHNizrTf+ZAeBX7dbEP57NNHCN8yN5OCe4vMfis/kfGlNKEzQT/DlLP
+8VWa3pyhA9kw1AumBIvUWmuexrmOmmeiPiNc9sIJ8edTpjWi4zO6F/RuSGYA+N8C
+cNh9EhXDCaujpewlxjArj6fWOHXzwMewghiGCm/fW0rWri5HCQ7ec+WuHPC2KQGQ
+mRDpkXUsxWzTIMIsMKe3M2jYD+pk4xkJqN1+OV/APmQfLyshkGD4EN/qG1dieMQ0
+e85HxxCxbFETOzip0+pHXMbtxY/ok25/SCdtBXkBUJK1KqAysEZdHtOWmmk4HDaz
+Dx2PBbKpAoGBAP+BT/WXeVgtOv1idyv9RG34kOJCDaROtVk3g5MNLfj9mIklcwEd
+SylhpFxvvrFQAWQIDFPzFkukMs8aIuC0Gm4zxH+8RF45lwhgcXlXP87IiIyW6Bqu
+aglmWAM9UHol3/b2AD1UdpqGe0nvWo0rIqs4pdtGTA5BSSUYeaZXhzFDAoGBAPnW
+GWqDarzSbZM4TWcrx6O+cjLnstxDW+cgSCIrm9iVq2ys+Hn5O03aN9SsklyGxXgo
+ygdGvbYnnPl3ugT139KEiIeUSCBU15WP/NZejpHmtUHduDw1Y6SlBJ9T+p5CSDE+
+2kJoZu1zG7W3eBprZsyqNWtw3Dwc2N+emrF+NF8HAoGBANzErAVFq6if9E+KK/SL
+cvwegXmun0DwbUu4ZuzBv45b+NfPzu4QlKgd4TmpqDhnK7x2I8jJyuLy7p/6Mla7
+5/Z+rnO8hcpwsmqfgozY8Z5HsYzgu46KU77penTaHtZcMYefCZf0ikJ8nrzEnxZJ
+RjxxxwWPWRocGQp/emVbTconAoGAUClmFkr8YIGULvyNuWDOubdNpQ+6z/m87zfo
+bS5Y3vGHA2OshlZ1tNEjwNVuUMndamSMDjGghWXIdDL6OMU7f6yOshHd4qHWWmLM
+2WuVizLfTbb6ejcXNajNBuJHM6hIyaRFG7Gr9NxOM8weeTukzF6ArWyU/aSz4Wxe
+bjz0SNkCgYBVC0xdMPauqO1Ie/Gp6SPrIx9+bDDlwEvnDki/2RN7z5IkmBnRFxPy
+6wqBiMFRxJXI4q3SSSbicb+7TQlK2/Vq/bL6QfjjQM8ZEzpPenYpP/wyMQXdVxfh
+1GFDTzeiAhXTvBsZVj8R64VNhNaNn4naMlC4hqxaZ2KA0wrjTRKR0g==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_4096 b/ssl/test/axTLS.key_4096
new file mode 100644
index 0000000000000000000000000000000000000000..df8a8fde95f87836187040e8746243bebd557e15
GIT binary patch
literal 2347
zcmV+`3Dov5f(a)A0RRGm0s#QP3QnWf^s^<%@HvE#|2%kbpk<#0x@QOp%A6JL4$B06
zQpMDD2u!G_%q}k$mC8P>+J$g8>^C4Klpx}(&t0eXjgNSz2~a3rc8R(sQ0dkEQqWOU
zMZI#r^XVAit&~0Z$s0Q#j9piF;Ey8_Wo}z)3f1H@Q{hx^U7e4PW=*2$FQ9Q<#l{P_
zwkao$@0gatD@@2~i9#yX@%wF1*1A>luI?)_5iI$Qr6##63}lIV9yz}&8JWgFZWjGn
zn_{FYqAgeTszHFOo(QGXj&mfq$5>Ni1FiT|t@2r#IW1%u@|t<WEiAMzJIIjx(z`6q
zIk(N|?OX+7rfs|UWuDcti0METe<8Qa=EMM_hI7{XQk4nrBu{sJgRPK>*BhHvZOg~#
z3gv<evHssc1Wy6CH7UD^*kX3S*r6cY<f|n5H=#+M&%tq-#{qdhDvHw6d_yt<KM2Bv
zj)ys7F<AC04pRH=rRX-1y%kccz#Qqgi{R9Mno#p=hu5n|R!x}6nvGc1Zt=$0u&@dh
zgYC-d{SfVwc&I`n>%fj)MK=x8KnU{G-Vg4HL!_8>R!n)TXWMBD$g5GzqV%R1qOUo%
z<BSR_mjzmgE2NUY-HlySdhJP1of<#8Y6#=21%O&ubG0Dgdc;$bevl-&m0#ithq7Ix
zP9oUrFyWD>$%26b0|5X50)henB`H~QXEoUT^w(Fa35@!jtKPl~dB#d@$;U-e5a5mU
zzH_JursW1el*jZR^pxY^ApYQ2h}zQ#3w@BMjBCP4;Bp{SPOpTmYbr4qu9bDljSSm&
z0fEI?Q9sw&l90q<0i~GvW$$^Im9dV&P<nb&f<U^5Ku>uIC(FyzozS{5PC|nptna#&
zMdhF^A%Vx+RFj}~AI1sc)F{ztqy7nO+*@&nHYJ9*d+K|I)rh`h#248>-wZ=9lmt1t
zsQzN6HUZEWcUO%0V?1A+2Y1n2N6mYX7gqf7Qt%Wvwwhh&Lermw^m*rQuDv+mrFw7j
z39c=jQ1`8v^)M5N4p&Ro<g@h+BU1XnL)7Z*L*^}__-*sA1}wxsccVV@Vgt`+t<q4?
z`=U!28ra&imtrlpexaaB4TP*Q4S|I<b^CQ;&nyEllb4l({1{*(7T-`PY+|JmzOLVC
zs+E1dbQQxGQON(S1=UEiu8SRqQUdHjDE2WsZ@C`+1xO*-p(cnXj3+LFLn0uw<l}~8
z>N37kd-7O|RFNA*v1XeXgk(>CFuaZpWc^u@pb3(u`k#iV6fhkx0ypxWj72$-jbw#u
zNguMfE%9jNL0gpoJZsq<EmzL$UCFrVK5qEX&~+q-H_A{JaFG^vndy_mvt%G4iTrdG
zs_Uzz+PY4^WV>DA0)hbn0O73zXm=?(p;NijJdiKV+fi;4)j2T|?I&T+<7kr*2h59B
z>1H#x<_M}{7x6ThvP}8b4Y?8>Tg|y5z#E@GUd;+l<-!sLt^lw_wg@-$8qZBXO2c5C
zs3-`h9zd)d1^anJd}0Tbhp0LfdpN1h@vVRAUdmMA@mGONU)GhHiM$k|s*RQ$Ikr6L
z$O}2MEw`O7(ZZM-16d0#M=piOL}Gs4oT+3*bgLH5w`j%!5h)G-%XNQ5&wvPEt$O{g
zK)p%LCR@#SZwo#I!o2dlG93S#?&h<?A7^OvgqSAUKVyi*%Fzq*g=)F&H|taH2UsGr
zu}8-<RAR#2GxG08r2>Kh0RY+9MDO3_$)TR!Txuq4@pQ4bDjIjd2{`>DItc$>l;26>
zNIOtbh!ap0v%SYZ30InfvJ+bVgQd0!qfB<rYN(QqAcVj3*{d0wI`SG*Ew@pvI?XlY
z%ar6C7yEHF_OM_}PrwJAjEqzi1j-I3+Yblc(w*i-l&1bTv^RPAdJ<*GJRfN#Y-Y*_
zT5SeV_)Ju6F4X2@0AZ;ak{|xpBQVrAaG)lr3(=(-<#U~0Qw~h|pN~2OSlVgpDg@L-
zL33!ay4vZQO;pAUr)T@*3qE0Bpj)M(B?&b~(MIwh_1~Ilt7qBhuCNjdRjSZ%ah7*0
zE-+fLP@h#D3W7GGIIRML0RUq?#zp2q2Rm}AK`vbB=*bPDF0PTA_X@j8)HK-x^8~v3
zdzs)1)=wUIZt}ouw91qBIv$3|WQe|tFR=4;uvKg=piF^plXul^uKGdR`AOjC!*Pj0
zuagHS=JoQ@yzmr?TNe|w>8MU#Tq|SSsA(fNAw|{<Mc?o5I6B=9r3&=k&N<pqtk2{~
z9L4*|zxCG56#i9cwdczGlSsZeu1s)L0%<x#k`|ygLuq_<w(9)$-wFl&m9Y9qwA&Rw
z0j3U@snfWFK89kKKUlNoy2JkDnHmxC^5_J8uPLw(MdG4PzT3gtQz$^H%9_xv^lNfr
zuu8$1<OH+%rF8b(D$xRh0RR|?&+^D0q#n$=v}4R77VDCnQ)HRC3J=~2nw_f6CoLkd
z7JPrEKN1ze&me!1Eaxra$tr&24Mm%S=v`Al8YvVYXRj;6HSe4`tYF#jCPeTs_g`m2
zc3w4hsEEuCOw&Gf9PK`?QpWc!E&%7L9-zs+A+ccI(?}n8nQUqkTiH05U6vROd-3zE
z@>Mqy0!i+4B(58%Xu+2L=R++!W1c%WXF1Y9xZDb%Mc7D>_yDs|rPRi*_@>yY0GWKE
zmr#8v4<}lQ<4w8bR2@|GF$4UGnq}Acmnb__*Lw>H1xW&?1_bjs&U?%JbkKntIN!cn
zA)uCqL(@JDz(PC@_Z<R)0RS|LF%0`{%a3WUNgeYP5OM615xL(9<mHUlb-6(*k}g9?
zlOJ8E@VO}zt`<O@C$CSrJq9}f&Y{fq#j2xlw>=6)17tt3<iPG!h{qzYLx%1BmW(m#
z@(VD(SfTva;dkVU5bIv2%$)uMxgi~Y{+Fg*OVu4MiI`A8bv*@L(D6`1uHBr_iQBG6
zi=G!P?ESAhm~P`mA-}MLfozRm4IM-hGK@DZ0?RP%dY-F2l>jyEXH%9Ok?Hm;qWF4;
zx^5dYje5j|($8)!ETTCNR1Bx5H1pe>7fjq7D&)@gqg_ZV1kb*&d3#T2+2L5xDQd!^
R-KpUHmbT&ib)P%cX;_ZKh7|w+

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.key_4096.pem b/ssl/test/axTLS.key_4096.pem
new file mode 100644
index 0000000000..73fb75f899
--- /dev/null
+++ b/ssl/test/axTLS.key_4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAwApOo9f0syXI8DmEkP88eHCgZZ8FumcICcqcFe0OywR9UsXU
+dQhMqKfMLi8Wlco+rNqFcDfsNyAllCDiq89dp/aNj3inCVAoXnaJuiZQ6dX9UtBR
+VEW9cr/z6RjgrZQ9+MkbOx+MXVd44I8jEWVuW2oK1eQzU+FUb12dj45mTaLpL6Bx
+XcXGC7e2KSeO75iWwitMyGmJQirV8fttUNa6VfKu7isxESz5jaUmuSsMZIl6Hjm/
+KxmZxkBuFv1Zm2KkKqItV/WqQYCrngil1I5zJLjHWFNjA634U63yWZo5LWQY8pp5
+wy0stC87yJD70rsszjm3zejtXAVipm27+GWe1bKI6UAVfyG3y+bEAKOGc9b6UpUJ
+7iRPd32DrZCJ1xubVW3Lx+gK5YILsf7fQARPAbc1KbuJ2GJ2v9ihINzkqyT6N6FJ
+ns/BcZnHAXk+KorS03xDMgI/CMKEjoc5YjFY9ioOUvvtpeg2kb0VUqvAHOm4i+DU
+f5pQ82uH16tHVk2YyZqNWNVu8cbYsLAKFYPtyur9EO2TeKhCI+vAjl5FNw3TQAjy
+1N4P7olDpJh1Vkx5q2fbaQvIq1HMovSmGKKvObXjjAoqlwVaiCukkr/djV1Teu1J
+T50aP7tqCOOrBYBaWHO1IOB6xFOSfpAkuZVf4gqHsl2jTiLY6zDhkafJgoECAwEA
+AQKCAgAlKVlyZzXY/PTXV6oJjPqcq96+C3nGSm3Jx0VREOCN9L5zqAim5QZAlMf0
+H/SU4+Ag/uBXiNrTCAt9kKeMa8JJ4HIgU06vhK1rKjEYrpV1yo0M23cBgcVZUT/X
+2ZKQxGEBpZj5Ze95mJWxjsFQenpSgkC6h0BPeQkny8vTndC6MU5Cgx+s77qVReWg
+LSGBx9tUk6B2H8YJ4dQo0Wij/gls3FtxhzYlhrh76nuF1Yi+Y8QX2UDfDEMvlAQ5
+uqj+YqY2AdAYd1eM+WM8X5wHd9FcR817kBdW/PFS8BQ3tppd6ELTn4T0eedurr04
+4KV6b/IJri2dUPetmPUwE4gOV0vW5LP1DSNS+sBD1OrsQ+Ytovht868GLMQ/d6M+
+82IDz2at0lDQ+6JLGBrY2rOXYi22fqGgSg2ErDENgYU1dft1Yc8sAzCTl5WC/Bhg
+IxbfUChsYqURvq7faaqVfb50FcMYUcj/rAXVSLOuix2HUgLsQSj2MTtvuR7+BUgh
+2KEmiCaMJy6CQyIgtOTjhmPqMr5Se/JYi1SRG0SxZpsYhGRPfjC8jg1k/VmRoAmS
+pvqfhqgUMB0vAjfynoxFOZGNZIVrSR+yuC3xaORBW5UAPGvZHS1XzuxdybjpPm74
+0NB1JIc3ylAWcJEWdpnpk8OzZCAhifx0Farrq6Xauk6/ZLtd4QKCAQEA4a0DaHcp
+OqFTudM8kC/N21FuE9U5MRLtJ2HP42iTEAfMi1bpZjO35giqYhfxNJiyTPnWDbkS
+HVvNuSLAG58/Xs0KTuXCEgWuALBFtgg39BrPTT9Kw2CdqCgIpx5ArBwF+3lDfGIH
+lIeoOhR7OKnN8a1/6l7KVOHxV4FMX9aVmom8FKKqjZYcObY86MgLObMtt50v0cKY
+GgNZCy1HLoXHRGJ+3pypZEV0qxbOt2jGAhEpDf/LdX9Ez4AIYK16/a5AvUnNJlvN
+d28LPgTCvPK8Mhz/m+7ms8IfZ2j0hJgm2j9jiMTK0QvyhWq57TfrU+8HWCKzsUfH
+M1Riwt0z8u9HpQKCAQEA2dhE79/lyaGe3lxqJmzxdLG3Khp3wAk4/SM6CP9elN9J
+4kg7UFGIE1AUs73HPwlXmoOyE1r+g6W2CaNMds5qqJKOIIS/89mrGZs68hpTLbdR
+rTrNNeTLlOQcF/txNfawYEtPwAedjIxUFATKDibbDwfe0p3mRZSm/ji0N3n5ehJl
+yDwfaSVsZsoHWm0GUfhMVGwu1OZjAGGpGZIf/tcjMNQ3cKAmqAvRpRrlc51eUw5M
++Z+POgRY2mnrKgTUREFzaLG62umaTVTGC6dn++QLPmFgoFuloSUJNUbRRvIg9d+a
+aatn2eiusBILVarQcHGWdysuMFqxUJ9VHQqCNqI4rQKCAQBjPcZF5kEHO3KqQS5c
+6ejJDaIurpGb9wq7StQ02QPzBLr6e5ngC9ZPHnhu8sBrtMqT9zoehshkiL6LL7Dz
+dLBVbC2gTIFvk3fVba76Qdr5SeDnw3GJQa+TByfm9fLSvPAUilsXE7TpqE5eXCtj
+26hpIzchRdYMRd/v7zg63Q6lCvTezjnaUazP5EgcxfvJv/XWzRT+VWi158r8k0i+
+OK5McFQCaTpEkhagNkNpfHW26vz23woF/ZWw+ki02xU/AaYOl6nTuIM+hmKXP1iz
+5rrD/uSZGhHx8ugEfa8psA9F4qJOvtvB2lMoQKrKmtCt9GtyYrBKwZnkBLP5pXT2
+3CrRAoIBABiIz/LIH6QezLq0Y8wiFuuSnFNkmboKD94Kmp2qzSctIrAWfH+mPxIV
+wc8gf5Es5y3iySp+5A1Fm4PoXVNAGikUIGevK8M175w5rGDZ8CZE8DD3X2dDdl41
+dqiIzA5M0z51HO0+rlLG9y0uAOepHqDJvSGxYN7TSB93mWxqE1vZOJddlhgMe/Hz
+rPJVNxICSe50JK4bqGjBlv7nQy07Y547OGc50kC43AqhRdhIj/gAs1Cl1Mau+KbY
+qQCZfKKXUH0pDydaieNNueRUHVT0MQP8iZpl1/iXKDtU13sLCAVJAqYGBPM4znvL
+/HTQgRs4375aIaCWhkPTPg3AQjwO9x0CggEANIoxDPtty49prkkd8xQQceySEbnf
+CeTljNd1uUEqki5DSJMfXajwuSkUrhZAnSevT7k9BjsAzqHM9sWqo3C3PQpFA2Q/
+seTA7lSIxyKvQ4bt/ZaMMeryCzC/WKH81+F35IoQ616nzJz+A7khHX/+l6ZdS9Ud
+LYmYUEB1PQVd0PFQQ67dnNCJ265Hi54XLez9rzuYbuNFIb+wg4FsjV8NHUQSMow3
+LQLLMO16nqs9lQA17WdTlhyR6fYrovh6h7puGzONesSF0s9uLSyiOQ9UDKenNPPb
+nBdM3Bwq5M72o11IKwTPvq95e09o2eFY0SlqwqLdqeD9lrbh/HWfO9VpWA==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes128.pem b/ssl/test/axTLS.key_aes128.pem
new file mode 100644
index 0000000000..470f29b514
--- /dev/null
+++ b/ssl/test/axTLS.key_aes128.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7BFA0887B7740C1BBA458D0362E75F89
+
+aBIhF2zVGRMFZAWg8s11WnxoTQhGabdzchHBxPltnipEgvwOM9FGmYnVIDsFPvyb
+hSA2HgmN972SPeRG4hITzrIXiRZMBOd6Lchz9p2Ui/mqkR6RUfnUBkUtkgxGymSa
+oD7WAmbpNG73+7KX4gV36tevC1dM9lQzbClhhXQL9FH9LFh11cS7ZFa9L/esWHbb
+sxgicR8zG919UEA+XvhLPVXpYD3AVHTcyEHbPWiGY49SIEI+GOcLi6rvxQizcXKY
+pFtmlk/jM06OdZWur5/qLg3HqGP/o8GUjjA6KuAe5SIWVrmlkHCYHj6c1KFLVQJZ
+7qAUNvjVaELXOc3+SE64Fl4OMP/4MiUA5WJ+gcdIKFtX/qksjywzF7goNTsxB1ZX
+8g9JP6m5BF2VS/Woz+9ypekzk7DEKST4Knh8cYBNdz6yYwX73FBb93jk1aPMXv2K
+SzhupTSHyAt7ddvXm+QYXBrklpZgUcuvinrkb7TNYEDcc2h3iDkLMHhI2VW0fiSF
+JcL2DZWLu1UChg+Nkc43+9f8Ao76tjJHdV+IkWfINlKz8cpKthIfOiUSQWYK4Czr
+0E3dyUrljIqFyKmZGokQ2QH+kdMmcm2/R+8NwL4s0Y4k1ylB0mZ5+A55t0ESaUVC
+8NJtoIMrLz2pyhf2ohXMVepcjvR/Id8vNxSlLFResmIwSo4orTZOnsHBlQqm5hJl
+9dr8G0o7n7WVfGbHLlpuPHoKegn1OK5xLbDbAi14HnZIi7/lUnbQHMbFFBjyS5EE
+v+SMbI7JU+5zeJc34WLUTm1zll1ZNpFH/76vlP7tUWxYqVUZfKYHOndqS4b1rAs2
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_aes256.pem b/ssl/test/axTLS.key_aes256.pem
new file mode 100644
index 0000000000..5e9c5fd46d
--- /dev/null
+++ b/ssl/test/axTLS.key_aes256.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,5AA67B48694516B66EECE19E0F3BB048
+
+eXbuyN1kJR84JMhFruS9yeJ/WnyD0V6h9w/6fhEcPfxW0HmFqgIk35IE4c4QYazZ
+aMC0J1S19Yb4kKnRd7j0+92IDBw3B7zeJKjPDrcRDSo8R8K7O7+6MYwcmJJ/DZlC
+yqcaHr3cJEiS4I8NS3EdffffFA37Uf2O4C26b96ewg899YZXmPtai6uOvKbF1A90
+aRV4PdCpJdJq0q69VfoSeQ5p//Wokb4RfDGWTNxpgclYr0SK2F8qfITjCNDbqR+E
+r+6tRsy9VcHVRjswuewU19HOQNQzaPlIiNaoGBGvOVRHLdE0s8b1Czyh3oeuRAZi
+EK/SPEdZ5JMWbtxpKi+rdqFZhW3sGE5T9QItYqAWezScOCcuZw7ivVITWj0HuAJl
+YZnkL4CS2qMKfQ7oz/YBAuShDvfl/W1M2YXt8caoYIox8NWnGaifHbk+eP7sQRE3
+UMA/71gfz4AOUSKOWTNCen+qeAImyRi++6kFOVyAZnmvGAj1INv76xh6tHP9aDN+
+0ROlEMeL+4EyqEeTeRL5+i9xEGtA247hMjtwB6i8SDl2N9RZkIzGOj6GmJpWQhHK
+qRSu+PvoDfSHqfHYXof0rtvCuKj6pAhYgKeL5Ycfc0FtJX6gTvErlKWENUrsJxgV
+RJNcRbltxcOylmdYP2tUe/PxQCSFcYIzFbQbXJDoZ9hMgJRv086fzn/QWiZEx59o
+9r8kKQrYhKjS34Aq13ghFBf/Mr+GKrB8JtO5DnlC4N9AnapVlDgeZn2NmXyVZygA
+mcIq5MTJcZzCdX6PdzNVBsttRfYeItN9M8aP5q5YodBfuLXPOvFhV2J7wc5Bgt4i
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_device.pem b/ssl/test/axTLS.key_device.pem
new file mode 100644
index 0000000000..5c9a845847
--- /dev/null
+++ b/ssl/test/axTLS.key_device.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvV0Pomdmpxx7s19ue0itPlPusWrTSwofoWEU141dp7cS9eXc
+SnQV5pfvYvvw21HsZHy+xW2cupjQBzvqPtrrqAz4p2E9VHTMuzvDSScj6GU0BUD+
+GQ3qthLkXMfh7pJZFN5DYtVqzSE+ufZlYlfBqsT1BON9eRs2fTf6OnMFApx0ANjJ
+yFElu2cEf3iif/3Z6PF0iUNtKaDNDVvVBoiRa9mUuj4vxnyH4HmyzThp2bXDLMUO
+Viz/WWZs9Nl/QoJduyJZGEii1UM5VS81qQnu2dT1g/E0yPXwtOQUnVgjSMPfW+CA
+yJ1XTdSwVDSsyXApyxxtSEYbM81t3GGvmmCf+QIDAQABAoIBAFFO4COvmlgu1r6S
+P3IYJqsYhukPIWKbGjHE6ZoUTR5ycWW8KPafGbhFjLhHzYeeiY4sMg27nwxQCSLS
+CyaqAX3K9AmKqzbUYAQVCSkj8TscGVYYLgK8Awfi3MMp4Ez78dwQA4cwdAdYOwLG
+VYoAfFvC7iIHPB0AHklt+7eVI5WWsYlOIf9aS6+PDVii86GVoCpBE0eNZjE3JJo7
+hC0ctcjOqSVZRPC4p5KLFI8QkwyEK3vstyIiQOKSCFbZIn5Wi0+d6A9K96WhwssM
+OpmenLv3xgz4zrUkRDbv0cPAU+/e7ZVPCiIbL/Y78qk3lBjUuyztX6fwQ/eDFadw
+BS6LcvECgYEA+Nlwgi1Kzcd46xKG7xryI0mYjHO4cbZMsTcB4FQK5xXkGlg6j+WD
+NAi/LKDJhaKcBKIYDhYi8tY1ye7JSDmyrPfZ0WvQF8K4yprUAqidNIuwOPMASjTW
+CEBgTfMwCATNYNiaQ8eRuTLyknF4I2lrc4Ifby7cYEZrJ6aLGyolvdcCgYEAws4J
+rGQS8W1DmzrL9mIDlSUtMFkTWqhx7nvG4lCYWVGpMByiQwf4DRvcqmXhwPr0syaj
+qE6nu8G3iuOywSx2qrPX1a6NzeoZZybOSL7poaVmnpxgtS1xXyo1Bdc5ZPPOom1T
+apb1QXHIPFVFKsuKsrQvyXfYLFGlQbYh3TGrtq8CgYEAmDqT+95vI0ECNHNp/f0y
+4OlVm53y2AUYF1S6Hhvra3/VwVP1xy80uvEa2dcmUEywOplaM8vQ51KpJvWfRkKd
+jfg01Eqqys5AsxhR16qEOK+3Rq9InxyBThzrjOPWnyEo7jSy8gG0oGGNSI6HWspT
+hB620hINmAub426bLCv1WJMCgYEAkdfBZEAT8o30BH5TfyVIO1v25fB6TfA4Q+yF
+LKBcPtqlSPDXBkosClxmq2fVSS5ZDtsJwZMJfsb8C86G4JrSSOCV4VNqtNPjqtdh
+rxLHRQ7YsjyvJlVcQHwP8Ex+mrbxZ6djwTQ9b36pA4pvWyfBsiK2eCXyQNPrXjPm
+THzIat8CgYAXN7CO+EUKtBil/r3PTj8FpWxvfZiKMbmktiHKD9ntcN3te2hrOWVs
+1SmrIzr8/eBIsh7OGS3LUZTb4wKGtY29N6fTHuoA8pYILeRcJALGZnmrsTyFDzGH
+iXBSkZ94EXpywxWHAEglow028nQ9UNugKk9SIkpg42u4vrqhRitMqw==
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_end_chain.pem b/ssl/test/axTLS.key_end_chain.pem
new file mode 100644
index 0000000000..7c1cb6cbf3
--- /dev/null
+++ b/ssl/test/axTLS.key_end_chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqe
+DyUTpdwtzBt8H8/axNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3Y
+uRN4Y0i8sn8A1Fbe69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+aj
+TB2TnO7UTsjKRrXPv16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzl
+I8eTDHZqZJiw8gPg7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOe
+DU6wo4/e0Ta5bdZe7apqOBfdDnq3EUnHO1ZQbQIDAQABAoIBADbu47Yse4L7YQ0/
+rRfWUfTpMsQgYd0far4P+Cqpeh1r32/Qp4OctFuVkeqaZ3w7PFSjQj1aPMh/ZoGJ
+ShxkBus/0dSA1yXNBix1wYNcEb9Mn25GU1I1R4vA2y6DK98FrSl2xwgickhiFQ4W
+yiD3huiphq8AcIQLqR679KIL63IF+lMnHmYTrm9/rkGvO/wiW55OMhLvhuR4w7/n
+5g+PMBLF4vEqtN6wEpb5f3Q8ugNCG35ykpgBMFWI6FGGmcZkYgux+xnTweZ9+Xol
+tBQRrq9cY3/ouIrRX4K30e/EcaJN0eA0Cx9WerEHfYO45BWUJGySsxPab9vk6Qep
+uxRnHoECgYEA+uv054HQKGQOZPjgZ9lCqfPB4wQ98T4hNSLgNwAkd85D7UtF6Wb9
+GMsEecJ5aPIQjDN6dTT6Nb45AV4e0XWtQFtxHFXP6SKfyIlf0Zcl0cd8Fvt7CX/e
+ghZF6ndUxHaWtAltALVwo+Fi6LOgEN7+dsBjkAZf994cZNfqrr6B1s0CgYEA8eqY
+u2p/QE7YNfw7naMUKDqgqGzo41IjF915rznYOyuO4hu+zGrL2D+7EeZnLWfSCSxl
+t0uowOzDOKkm6XeungMyJFH0DnzhYEgh6K9AXMi3QF0zfgGrh7hhK5wFEt+a4nOY
+hIAnqhANqISRhOOd0iT2VIt+igQhEQv8XLjAICECgYAVvkKfmQkfpuP0bfiMJzB2
+p6/Ca0iu0fJwt0/0lCeU1iPeuSoaupjuABGoN2jr5iX28DMJWwjfhVdNPgmvnuHf
+dM0NZoY4ro5oAzdxYwac8gtXtn0H6rOuVB3E3ohS6e/PNA3lBNP473vxrDcPnzMv
+uSYngdXpFa8iMe+dKtb3dQKBgQCAzse56q+Mvy5yODZJ7f4amXTXmP27pA1ZdKyI
+90TB5KR0kg9aanbVUsG5ezNuwrvb9I7INPnKl4Yu0ioM35PTQKJfIl/PowChsmaT
+rVSY0qp4E+gJ7Lu3TR44CR/Od87RSnln+5CjBV8wXj3ZQxTSQqoCRDABLseoevhJ
+Knnp4QKBgEHHHpegaCXl7+kaPzD/qD38iN6AmoAya9ZUxCUH55bDmkTFu1ZGgA6S
+87fuXQ2tzwFyOtaxAftPuOkSKMpZYRPJY92SalHA4WyN1pl0MhWMZQiyKOh0QQ7A
+yaHjrLn5wPrhHhkpmYu2L1ZNiN+NIFDuD/j+APCX+wqb9otfbfxk
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca.pem b/ssl/test/axTLS.key_intermediate_ca.pem
new file mode 100644
index 0000000000..57fef36137
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzhdv9CgZ895+JuF4J5ttgKS8HDKL5uCAYOS2B+o1OkGzYRkS
+I+vA41BpPfE8D8P9lgjcbzAOrOvgYHPZneE3Ix1mhlyPwbnXesC48AahbWXeHFJL
+u3Hr3EfjIVngptIHF0/FXmLtOjcxLpP/mXyUTX7bm0NMhgEvxAX34fPfgM4r6AwP
+YLwxJGl0c4rrb9choDmXp7+72NnjiO/pXzrUkI0VL+fV6U/cT9ro6p6wJYewvfXA
+zqV01B76xf+QhYGp6h/HSZQntTQfA2KIp3H7jhaVXgC/CyyZ/fvx1QUAVCy8pMck
+Fs7YuLtVuhAOZ1KpeZzaQotwRjTEeRkF99iCxwIDAQABAoIBAFNxi+O4hOGHuV42
+tjabKNgIWx2znY+KYJBaqhVET+7ZgS6UPxMKNlwTR7lLvjzH5xnjVpUySQ7cpkmH
+Ppo9AN0X31YRjicq/sL12ytcE+o+b5LaA03Oz2euN5leUaZZrYNTyh7wQQrsI96v
+D7NujIFgFryjoA0118gvfnEfE+SLW5q4m+n7D4cZ2D1nolDnOo2noLhKhMVWT9jp
+UVoa5sO+9/Ap71ElAaet2LawNsKbyjjRuI84544G09zQ+YUfcelADaqtXyYZpSJL
+iWrmHasD1w8NfiHB84y2hWHySoiuTBfVBJFfTjg075TaxBwCtDbzzEe0ecDCVGnb
+gZfkevECgYEA5+5cUFf9LXt7Cwqc/lnuIUYmX7pvTPVVZbdjEzd1MUvu12p01cRN
+QYk4K41LZsQYwDrCk82TFn1+hDbVt27i5r4FPJ9GbkSh4AiqUFDkqpqE/U06ZiUX
+JOosU6laI6MmguWbXAAQuv2OwK7xVA0575HdbsEK8LRP2bSTRUYNFjkCgYEA43qb
+FaKixVC4KOm8dyNYFHB5oldZW0u4ieemum8B+a9wd2BEG8FdxFw6IuGnKyMQ1BWu
+NVwN2wZsHbosmCYxGO7cX4OT37711hdCr4pCGQhQ3gf9eNls4ZjjykZp8EHWQnx8
+SYl7sjQMQUjhfqePKwR396IGx4KSrc/l1rxKYP8CgYEAjYPPJ+bIQFw7s30CVeAh
+gIQBHh/vkZGQTcQb27nW9AFU9nOqXlSsnvRPJaPNAiNcxs4Ts4OX3/0qmRmsRYSP
+RiNjpp24p8eQzdX7tY3mOIKX6saYf4LaIFgSO+n1ahE+ilf296fCjZXw6HjWH2cC
+lr710YJQXpZmsnuP8JDRo2ECgYBrasL+5WydZi+ASldPnuYByNb3HO46GTiMDlKB
+6Ndy8zBVfqTKwnWnurFNNWc+DHHu5En+Mnjse0zkgLx8IFTA5FI13Ckg18i4jwVT
+ZSMvNOkS340G2wz6PrsaEkQGSuCFRsld5Ej/7mn3DhZFO5R0iMipq94tqe/fmbN7
+wjAROwKBgHLl/XNhPTI/ed76ZjmCpbCvQlKZeYLhNbTS4lHvKCuniHKQsPz4BxjB
+fuVCUDH61yQT7WM31zIMfzQZjx9hTgFYYvnptRWj9zIBlIZJEieX3//flvEJ3Qmd
+/tbSoADa/1y+Y58biKkgmM4f4qS9h0AkVe88OCbpm14Xs2u7/4Nu
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.key_intermediate_ca2.pem b/ssl/test/axTLS.key_intermediate_ca2.pem
new file mode 100644
index 0000000000..5a4dbee96a
--- /dev/null
+++ b/ssl/test/axTLS.key_intermediate_ca2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqhp+ySEP4Oods+29nF39auqEmJ/qTUqQCz+9iWyOhp6NU5pJ
+2LZiQNxVWIzasFHp9I1cvmf+4fnstMpaFl/TtdCpQnuV+eFIe7alEP6+Pc3YiFrO
+zyO0XnqJcZwmmkpr5omvGcx9FbcrKflzfgmn4ZvGIdgtwkA+ZAj6WkpZHGGpzqLY
+yAFz86fwANeT4I3a90aGwOEo/on+jvJA+O8KARsFx+yspxrfSZtNVTNWFfQfkIIt
+7vOWnevZNAEkMnHxY8jDFq8EACNGDo3r0j+G5imRl8P0hdklpN261OS1hANVM3l2
+t2INNN/UkZjJe3/T7RW30A0VZ3Wk/nz3IgKlDwIDAQABAoIBACV6FurrPNtZ2Vd2
+DqtvzdCLgNE7klybC+dekLzBTRl9vzdnK9PyQu11XdxXlCr6sSfvKTrOIMrazHr8
+hiKd1EAfi9sY7W8TYmvXTsDSz0lAm+9Wym+6txeFudhtBdhCg0lUll6BviFVrM3f
+psFjETjUoC9+uH4ut1BE5huUe9OTmOXxupLWdETcHViMc2VrpnDsNKX/lFIMFSo7
+3JDVojyTA/xdawJgkksCmQyHLICDvqJrIbLaDKxCfEiMKMyjVqgf9qwR33WAJ73e
+ES8XMVtgIce2Zpzx6OITf+gNhS0ekqsxZJ56iiacOVHxpphNKk+BwSj1bBxHLRoo
+narBebkCgYEA1BuLsbfr5lXAmGxE4JG1XrOZ7YtTqQNMYzy03s6fndoITqS+YpHk
+dtPqM/lQ6qByqLbaPZFVEqecIb9EVRoG1m+9rIkAutiWf/vAWwr7w7yIbFID2YBH
+50crmdtbK+1eoml/MkNx2grmgelqtMy5iOzwbPcFzmgXaTBzXvJvZEUCgYEAzU3F
+f3QP0xgbrT0iK6138waegsuPaLoBdq+arlZ0LMzuN7T3KTKiNfkJKWbxoaECmu1p
+PpJsQpG+0cQxyKU1PK9Pz+9qUXaPf/OsRKTcvpiS2kdBFXLPEgGi2JeSoPZxErYM
+WuaqLIM8krYrV0JBRgGv38Pd0u0VaSbQvPx5u0MCgYEAidFoIE6IKf64CJH44w3q
+EiGSt8Va06u/+48bWtZY4kEkOq1Sw0tWbltdhu3NRNaCCdvdzDldVKSxjz/vD3i8
+zqKGVNAkOEO47mnO35kwY0tiPTfBJpbyoXUeAHeGMvGmFtODgU5PcMS6Z9kZq2aG
+e1CxG6waCraZ15BStnPCKx0CgYA2n7Olhp7TPn3WqQZXcq8QdTlleX2tkpfjGTPh
+oNUGOnxDTB3a00L/c0QxxNcTdwB3ciVnZZPyXk7UBwxr4zD39XkZzQyPoijqFU5H
+cUneWD/yXbT+XO6lTtQiJqn3s7pADTnaUbcDYuOR8XA0pkcxti8yLS3u+e+Ra6ds
+MQy+ewKBgDfHrvBhbxyYskxc/xHnSeAZjrKsKoFNmV3/n9XTmms3WAVoCYydIEou
+Pm3p5kDiaiTTqLBpxoa4g2tuaEXBJpgLwxq79Jod4PA1bnip45ERRrk4kRROIaFg
+eHV6U0+PQTrdFhiJkvK7CgNZVr+NLiS1V1pM3x7xI81nAV9Sv4c5
+-----END RSA PRIVATE KEY-----
diff --git a/ssl/test/axTLS.noname.p12 b/ssl/test/axTLS.noname.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0383293487b156598a1383a699cb16e6db4a4a1b
GIT binary patch
literal 1612
zcmZXTdpOez7{|AtZ5mk{T5@nSilMbVGnR6hWS87_s8HAxJMCC<iAvYGQ!ZU4oe5!M
zJ*$vTj@wbmr4-F|WOIAaN<uE>tmiqm=Q)48&-*-|@AJNYeZF`;j0S+!@O&5o2DeC}
zB`s)y)xr6E=qiK{UB>gF3wS=T{BH!y=L6F!Gy#A?sx|y?0>&G_H2(Uq77WHCAZvD<
z6Q_nwKXU|tHK6l+pn~xdJsU6T+gKWOpI|W6#>7-w?*<|El0^O>)P4%m{>@9^{N)e3
z+~A3<lc%G%A1Vn8G3!#4J`Cs_*>oA+g`9RLRWTs(#p{*g`%zmOjy6M10R!(o+awd_
zXbx^UyHl2Nl3BkBM2TKRv{Rz`!Q_a*ZeGp%2Sx|Xi3b?YvZR!ipKXA*7FpqKy#bH?
zM((ck6e2{Dnw~ng;o!h~Wh}1Oo<8|VUcT96EIxt2X4Wr>IbQA%o2`D+u|Cv5Bz6d1
zx9ox4xxcnZnu<>03|5`=-_s?9@iQ1MP32gz&^7VMH|=rfp>x7pr4+80&y5CxXL9lI
zP-uy?I{4I*Wo1hDSv?cn=W*+*3HldB$AOS)WB<hyUjb56=)7CL;K(iHu^WBr)EO!9
zt;DW%s~{$_Vo)q1DbPWb-nHI3lUeU0j~yYcY3bbC9IPy-BL#QBTlK4WGdj5)I`YA<
z*$|NV(;A)_tHIq+nVoydG&Vw`pfA<I4{b;*t{<5%kxcy<^>Vn_IPJ4pH_Eg9%2Ua{
z?6q~?9=;}vSn|<SAadj*^7R#ghl_vtbuUJ*p{2sk9>eAkq@B`^u-UWj$mZp+(B1np
z@@FHw8}vC{M49F*U&rDBIPPW|Il>dS+jb-9)2<ge`lMC?iH$H5mX}Sp6B%hKFF2#f
zH`je!IQ?PI${syg*Di~V+w&Nb2gf0v9|aEw%0|>hHN4)X+Mx<i>uP%8A8)QQk8dbN
zoN~R5kq={L&JCjVO4vhDMv>~W+H2Z{Jp?L?F3`<x_)ywi(4ehl$DG5~s7c3VMpjm}
zUX&!5ec6fS?m$h4_S<%cJhu12nw~S6q52*1PX<W|c!jfEnS01&@8U1e9F|tW$ID;V
z$#*n5wsgGGZ>%~T{8Ot|PMdQ#bD=*|CHd$7NUqX<6r%E8g=MPgg=zk+yapIhg?Ci&
z_Wzr3>4h@8$KK)E_a>;$<8IzNmXI=x-7l}cPWLTnnY5T{ex$_SJ0r%HQRgM$TvNas
z+o~tdFmK89j5l_>Q&-`&_)0$~XwJjNj=kQ|#aj19_!tpf8o5Zmcnb(h<_hNXl6qn?
zS%(j|Ni~gT`gH>xDQ5ib_&)@>)ZhmT6<Og^1*hFF{c4WvEpfi<hRyxJ#GU*G4}#bA
z9Iw5AtNo&kd&tG?8=L%+hf;*YQNoR+ve8kaqNApjI(eHS=(lc89)B9frjb8wS!sBa
zcE)AZ;lllH-Ylc@$tqbY%IK{57C1~U(vj083?FiZ&}5=qG*%EW8Lw>-8D*ZO7#GaZ
z1kk&6F|nZZls-c}j&TuFZ5?_GC9Sl7qd^Q4U}`P03NwZIJ1?w=xf3I{24SaVae)Ia
z4`msZI=<W)q$w{fVaA${wA6l@RBw>iKu>N?{}d~exNn>2i&}aextd7q{jtq(Dd3SH
z<lwtuc~aCh>c{4b7LUhjy4Ge*I<<86<-)zZkba({gWLKk7MM26=-AincOYjjk$bOp
zL!vtEH-|YhR5r$x&{&`42K!nUmL^>1z0I?chvAgGz*J}5MZZEv?R3t37u-W$IYy0#
zYA!*274meEW?NN4eJf9RZkt*^J9C6)Oev)pAy}yg{jbJ!RGFV9H*Mw-%-tz1wqoL0
zrQW=C@;<+;jvp*xh6}ECCy{DS^-~_M6Yx|yy&YopbM-S<0nx{4>fo6NN^9x>q^SA^
zNC{cY$=hpfyQu{vskmgU(ZExnHrV1|TQ4_h#zvoD*|PQp2~)@W9qC=2i)Vil{f>nX
zHeR)#+hdY)<lFn^LMrMbDO~2>sca@}#+&>jG<-b)4bd&kz6Lm1aWbOycP3*VzJ;Iy
zCMNI%{3bjc2DL<}0s2r7M0a!g#q{~O5TK6iMN8_B+@Wj3w}PyhVLV64LdIC%#r_j8
CC*Z9B

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted.p8 b/ssl/test/axTLS.unencrypted.p8
new file mode 100644
index 0000000000000000000000000000000000000000..df7c2e21600e2f296671ecc261f79616e864929e
GIT binary patch
literal 635
zcmV->0)+iAf&zB}0RS)!1_>&LNQU<f0RaI800e>pVK9OMT>=3B0)c@5y${qvsC0)^
zs<}EJi_X2bW&1!q&=H!P+=6`Ss2AaM^92rJ!NGWnvbq%_TK}84dM*!$w{+eFnWdtc
zQ;V&5S~2as0q5W8>@T2QQ}*VHpvY}OMPnng&rVPuDBm{XbKlmXvqn#DyA7M~sQFB#
zaiNIa2dRb)Kh2pVqJ(!30s{d60Rn-5CO_<!tJEKf4xKpICk5rU6bRS<X?PY&#0C~s
zw>njyzJ~Z%=*32;@a@{xzlc>W=5i@4WXW9}n<P4zK%vsFT&pAGGtlZ_Qs;V}b6+li
z(cEuG50`*8(l7_z*4Gt@D|FR<io9b&3i2^2zxny_h>wcGB5oBXw_aOVL>xPL0zm-b
z@v`N}fRjK_bQImP@+VvjJ-}b?oJDLC0N>ErgZhvxgz~Dw-TTi2L5L8>yI!}pE~Xu-
zy8B9U*qW_~4QdqvK>*e^BlBH%$kR!|lm5yL>zmrWM<{cbpitLLB;T70H?G4mwNGLQ
z%H{8udqbewD<8k82$Rwl9Eq9n-zL#QnUexR0I@;je%~PX<nj4W(P}LX@#*ZGI_AKX
zx+mg%w56dV_U-0VR^m`H*aD90$90j@%0ARIAbczPFFFu%u?JSR%>qCkJMse!bTqOp
zyw=F2cqM}m@|!Y<ZX`g2!pMn^_MBT>O^wU2h><F{5NKn0Hj&exS9UIT{)_aN_uYv*
z3+-hBK>)e0zX{2ZCi8NOzq5SjZ*N<pmAIY*xzC_ex-!Ajt%bXJND0<IoY^;#5e)>@
VJIZuj9FdJZ@%Z_^HP^CJP#x3uH1Yrd

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.unencrypted_pem.p8 b/ssl/test/axTLS.unencrypted_pem.p8
new file mode 100644
index 0000000000..dee0ed461e
--- /dev/null
+++ b/ssl/test/axTLS.unencrypted_pem.p8
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL0P1EKodIdUqrk6
+H4vOvbdl+0A90BGanNyCfOqoF+F08wUOYcHBeIqyuhUiWv+buHouD4i3dN4EmaWi
+mVOLrXhaMe28Aeff6ewvoF1T9uaKoMhtQUVjI7PPTlAfKN824nPf1qGzRk9uuw2b
+76j5TKVxoYjdB6mGDT/NmSOihHcPAgMBAAECgYAmP+yWq9QfiQ6dONgnBeW2FAjX
+/2l4FkrEBhZVtzpVn76G+FjoxUao8O3a1r+IVS3mciksZMldHZskOphAodKvXKsj
+5DPQ6mBS53qec18ugNHcb0cPl4A20jAH3dbXFYkrdNV+irxjQgryMSm/+fnwiI+K
+wiJuFSa3XltYRBw7eQJBAOHxsuXIgJNAUHQU3bLyJ1wMPcBf7pxFbBMA39DZg/qQ
+LITyqsLd+88DQYgQxrtet7Yuph2quvtKctiarYgNahUCQQDWNiPzXXfI00nBk/7K
+Deub2r1HKHOXoFDXTCTfmws3rsMxtU9iCMrl75d7Q6DaKx+/qAiT0hYciZnx3ybR
+QpmTAkEAsUHkft8g9+Tx+U/Rai0N8ensnDrmwJS6J+J8tKWhI/bt5lNW4lAy2AKO
+68d1kdPKPtQ0IHwr+y86EHKxB1a2zQJAHjvyAw10NLItvNbIpXglgw/ymzKIbiRA
+hMLIiY72nFtcTY3LsIiRKrcQaGN5NpHTn1d2Lnb+i/SX992JOwvtZQJBALmvvwnJ
+kCbzcou/s3znb29bo5W4ngO5z6BTujLB062Fu3lICdY/nNk3kRENBNU7ynRdHJGN
+PfH4+b4117JTUB0=
+-----END PRIVATE KEY-----
diff --git a/ssl/test/axTLS.withCA.p12 b/ssl/test/axTLS.withCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0a89e7358b4104678b647bbd9388f20d8a2593ff
GIT binary patch
literal 2521
zcmZXVc{CJ^8pdbL7{-=m&^MNv2qCjrN|I#Xm&u3h#%CK_mh53H*`f?t(-1->`!?gF
zi4fWM5REL!GReN(zH{!q-E;0A?|I(yJnwn`dd~Tw2+&amAP7Z(=0c#7aoTaa>_8?U
zi2zLo6QJ?G>=+aQ;_y3ykO&adUzQ;Q5b#U1ekVYbAcW=LAJ~9E6bG2uIC4nybws@h
z0|PT4k^q6X!@S{(F^()r+zqW8Y!{%%O#-28{V&AJee{*mkyuJ3H6Jy)vQ4)!feE<H
z7SDT&&^>*0BKvZ{ScKQ}wW6H1VXqs1|AlAgfW())?i^h{Y9g;IFvW11_uLky<Dg5?
zy;^~+={u>pk<OQ`g0(fjY1!-D*-8j$-{_2sct)&qIP3SC+fRku@4rZIXjxL-3^@rI
zq8U=j>IsfW;l+OGg%?zx&Y6**8s|?~&`_<VO~#RZSN6r|=&O!(C9FK^rOcZf1n)zK
z0M(e@6?M&Xj~=XzuSJb7?>>%LV+?uGdM5Zs3d*Nh8!q-??7j@opZ;rHvqoLPj1Qk1
z9bOXy{ls?_SQhBL-Fwj}TFP>{q>MD{cvk$F0`FbB9n!9U6wY7Dq?(YWf*5l0`HIx$
zMr*Hyo!d^dw&+kgzTs^e{%|WFAw~$878BV`V=oBsI<E$}vUa_=sk9_kBW!QJ>b!k`
zXL0NtCY|#sy$x@xw2t)@Zc~y}j~ZDdwR*0^-A`<1Vmw*-AS|XcPF8bLQ6;%+>Oy$F
zG|>zWZo8)KeGf#w$J=4rx-bjag<#|gI@$W=IU}f6x$YCa*U7433P*cEB4(*Pwexjy
zwX-``bdyS`y{1zS50iO?PkrM1mu7MkQ8T?m6^1hs@~d-i7TBj61wVF{F)HyoWh1uU
zB6$0|r(y?m7t=Dn3=?-0O1P)?)=z)(a2@)5V+g=8)8dO_TMESl2#!VZby>s9xv^eA
z`Azd7OK{dBid%f0GLuz4u`u_($WHPW&3NppS;t&+noD+i^OPg5g4fA3P&D)<<!!?L
z^Gz~H`CINS8N0?z6&CeNg=-3aT1E3!V_G54_gvTuc!>9M-kXX_9pA2bTh0CxWGL_B
zgxYpB5ZgNAVptk}%j_L&p^3_-K%L~0RaU%b{ScXLe`hMh#uwAkFMF3`j8`Qz!tNxH
z^_t9IJl=5zUo6W6gudv>Q}X{#vhS!0nyVY^OaGXt%kOI#cPJZi99gw*_~ct|`KAt0
z%1E|C<beN%t#9K&zKYBqIeO;J_Z3fZR_SH6UJzUF7cLp4p=isS+=4egxWro1Tp%Wx
z2yHnEZrh`{{qs3m^za#`hFy$87>pu+X5A-Th00TrBff_(lGyJ@^G_H{#UX%6pP^%s
zO+A5U4LT+*(EW|CA1tyUX}*<XUCH`5i562`z=d0_I@5%NVc?ZYi4hQ<Y&&w(8<{^T
z_{_EovDG&GNsn&AcjvUsHvv5)sN4OuEj%ta3D4;;9#JV7E~e7{K_)Rae^BE|GzY)c
zQvvhw=bYt&hX;5{B_ums8pb}DIiEVM$Nyu=hWhBB%)@UY;M$R(LU8&>a&vR`{Ij+O
zvU*0>DU3}i<ZlDGWC{JU-PP#FS@o3rIXva**s$-uMB)J7LO<eO2E>w9pT=#l`IXT#
zX5f9*3P%0WWMbv=Sx=$dSuk@(ajd4SV9mLA@ZonRee}CQB=hx=2BG0_Q+IPr@V=tt
z_a)1(!^r+MzLop6F;bF3PMeFqr1PI)0iD-)3v1fi@0M@ZaK__o;!4{u-@N+dFr>Q(
z_X+Se=t>)=&P79A%}d{$X-<6_>r>6Yq?0GZQMJ>ol)Bv;8*z{`cTjozQZh*DE=n)<
z9^Ow8LJkTBw!TWAJLTKs>X!5;vS4vZCcZ4u-BWkL3mZeJ%&$s#%(pu<7TjBYbjs?@
z2A1nMhi3|Xvv*5<bMvshtbM?b?lDw1wP8n$^F=OWJ1omv;Htdjt7URhXd`no>YmPo
zpkY`SO8De_)QHxy#h$`Aa0Xk$^ojS=v0d?CPRD9wVVWF}SGc9x5a2*orI8H-%(`lh
zO(r-Uf<u0^a=+?MT)bY3;cBy%YFe$Q6`@zT3f-M%6q<03DG#8u>a`PVt}6UH4GWWA
z8@WRp(oqSAp<`nVGVInMD8;r9Lp6<=wyA}U>W3@pp_|H`T$67VMON@di5;!T=PuSG
zlHWk6Z}b~zc@x?%?XzBjW1PfEW(AZ|h;p|$?)-J2T2dzoCM1R`SAa78Ax)%D_vv--
z5rQc2nXLvC0VME0C?OF*Y+wS2`Iim;H2?_ff55^5WFQe33Qz=wr~l6z@|@>iFztk@
ze|Q5XFoZ^|E_MC6)hcT?==UZMYXLXh*_Ix2YpyvDkaLr-Bgu7cyOaiqa*2rI19)e|
z<709wsi}~~F0Z(B{<DRK2$-{c+5XD9oAC&+>xU%kta9v5ipvqJE5RD0n5BRd7$h&>
z$m)IKA&(aCIb2|e%ZHj=s!6(g+g~NzUZ*9=l|(*MiD7G)iZY(B+{CI=xMds;g?kA7
zQ>h(NIg^LFGl357p+S%3j87G53>yKK_?zPT@%~k!Gg^$Uh1288oV<-v_nj|XzOo^G
zs{FFPc7S+8)ACxJ(bL_`)sz{vxdeEnx8NufYoH*p1}eJiIq1X*k{sv9CbYn}_Nk#7
z>9%nBi&m@wAGog_qNv(j9}9g`7W%Tmv>M~4+K1Pl*}*Lvhtu^R-}%W%=axSye%IH}
zGKJyK;<(sdG;i+Bh|qCfZIBvdk*BNAB)A)?`$pi_N7!C1uUw@S5CQ3VVHP~G#>a{t
zQuQ1An1PmeQdKi6e<(d1-_0GlM6D75c{CnqtJpx5XMH8$)NRtYp?h+vy#AjwA8}~(
zNMvrNxEm<oPv0+U(vKcnN>{+yUpNQO^TV;@Uk5(Z+bSQaze-cgUn+*70sQDcyJ*oI
zh%2|;BV<kDw>Y)7_)aB8|7iOnUZeGuF(bHHZV&&SFwCsKrS?jJ8Nr_y?Gfq-jG;^6
z^Ce0PR24@Ajxt`iESWgJsP(dvw4ww#74ov<Iy0e07r02Q>A@E!lmRD6syRdmOoacz
z^t`7~M>zy(+@|#uvQ>Qi(Zc5EiYaqX9&%D2SH1Sp<|HaliE+9wPk7u8nQfu$(gDUc
zM?fX%s~_2iDUf3irOFYsK1$@jg@*E?`M|K}k24r<O1q@^!>>QMP%{eVvRPh6UHp9n
zL!TAq1NZ>Y01Utm5D0Js_yb&jZE65j6dHv<K_QG%93TcbBLEDm&WsanytjOR+ehV0
Zb@U{W#1a7kGjry~*vbW0@BP#Ne*pwro@@XB

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.withoutCA.p12 b/ssl/test/axTLS.withoutCA.p12
new file mode 100644
index 0000000000000000000000000000000000000000..10e28fa01a430afea59df57317f35d781ff1486e
GIT binary patch
literal 1702
zcmZY8c{JOJ76<TOeu*Cmp$z&g(PMo^EQz($R;4n}R;|QdrHys0NeL=4L588V4>hI4
ztI#*;Vi-gxmeST%6y<5PXsxvz8iHqdnRDj7zH{Cm_uO;7_n!OL{ot4o8-&4eOeh>e
z>ahqcAsQwQt7byJ2qr`n#hy4OT=&Zes%FBKM3Djr14K>w%LIl~g;0N9kb=Q*(g=x|
z0N;tfbu&MMpaj5Rf^+tc<AcX2)KFfSo%IV#Ac{x%#r*7P?VTfGxbxfd)Ee1@l0KE;
zt0U3tD8DH~|4JQ|Ly8Bf=G-kY68c-~;r5>E^T|Bl#(|R6D|SDOc2R$#B-wegbMVjh
z;bZ7#_iI6yAOH1`cTMxCKYqr@>`5MN`)2&iqnGjSQda4LD*W$+_K{dN$0}imMrVYC
zZ|w}XEYY|X)wK~jLq0J_5~jAM{;yrzNd*Ge+aXJGk!SWN2U?6JlBVx{y~&uK-}EP*
zOZagVDMq&)pB}W#e-oV?6+MOKzW5=6;NJV{?)dz9j#A{p^Q?)3$7aYgzLT`?>j-X}
zmWNlu+ia3)<lWEGD|2RIOV9es8z0V6PF}t_bL(H?92+t@wN<%##F%GbE}Nn#`BlPI
zC6xZ{ci~yfrtI?hsP+9tsI9EQ+PJtO)?VXE)F&_Dm6`(Yh`O7X^HeF$TT7=`#q+dG
zxx850MZ)baF)f$0t8L3YT{q}+&t3O#D0JvjIb~~<5w}n^Mcw4sgOy>ECU4`?Tj?Lm
zCnihvNj5cAhjmi%Kj)&c&MtRkgYK?5>7zdeSfBEGwzoU_bppwX(ny6OsYDN#?W^?K
zZ#<lDmO>ha!FsmgJ5ZXS>}7j1wHM~)bl^`SY^5pmef2c1xI>?JIn;#sz9cicNXlUJ
zWL9@q!}^^K48?{o(72?mTzACQR;qPL3@xVUVcwK8>qjv+xI;$U9vHin;_=20=^4Dr
zOQ<nJDG+!>IQ}F!Oq0*@Yp9aa*%DUHj-lxa8A}(Y9#z~`rcCJWpT(Sz6VrXQw`k}0
zdLhHCjPW_&I5W|T%m-Zh$HWJ{(mUY}CNi8E-e%0Hz}a_$tSo<i&p$4OyoJzD*WO6>
z3v-t$Bc%J{IWpjTq&QYPu=uIFfWOhsZxL?bW%z4_O%sjV2AFf|&H_#G8aBXdRS=GE
zoQigL8{+TG8wgWUE5-C9P8vBtNg@&I|06<VMGhfCB8pL>f*{HN_&~wHY9?5NV}h0c
z&t}C{-X$x5w)F=a1QSd(Wm31h8vjzi`uwqsr^U*dgW#>AuJ-m={Rh!`;XT2*)fX0#
zO#}tv9_zQn`;nV!c@;DRv$tEIYGC}zqHJa*(03veRJg<VZn8=3g5JrD7r|Q#4hb_x
z53=B6oCdjS?%$g<FxV;Lp1EWnGAEN{_=K+Gy{rCuuAlqQ-+)qlr;+FC*p4kLD}SQ}
zlI*DWR~`G&hs0?TxG3jLVCj~+sIB*D0-KCE7FNFXsQ;(tG}WFVGOKWw9vGnNP&E)&
z<pEmHXQy6&1fqN4-@WAR;TejyAr`bHD6)B%6SBX({_bP$s}!Y-CIjDV5{%Uc<(7rb
zlU}|4`BO(Vl7+cW#c%`f0NFS{XTxsD&yBJ!Q$K3;p=c2>KkxH|-Nn(gJ(Zk9u$VVp
zEZWmC8;l_5VO_EvcP&-3)11go1zu8q4%sz#VoW|coqne#U^S)Njx?9)68IA0reVdQ
z7_5BefZfrGl+c8bf-^q&*6umY{Gm5d&MvvI6-spE*0cCdEepU!Kt-j(zVO!`mDYl~
zz)$>y)Sr*3#~-NL-3V@x1XrP?twe?~WUGk0*a!`U;c+&Z>A6!D$MT(pZ1H<;rUwn}
z!PT|VTFGv%Ipz*$htn7GLr1(*z($6mmj5)tIjICBcBoV1+8jxn-NE<t9yAncf(FBr
z%QA`;2y^x~<VIwuz!94_Fnv+3>eXwynSGA6AsAzXJg=50AEXqv;<Jd@K4H_EzE3OZ
z{1t|)MO#fFv=(0c9-Q3SiP?=eFB@1Bros%eXV=E9$ER|lMv9Ws^kPm3E;w%L=HpcE
z7LYxCY|gM3?sxcr_bpp3OfC)f;4k7d|NGEL1-v3czP7LwwAT;2MOC)`UgMVuglypQ
zG7kG?Ngl7JrV7LXc)%D40+N6TfC_{IvA}gv4+72sXK{F(It~emVWr`qvKWAnf2-ZI
h^iXFE2aFn1x{keK>a0+`2nnLQ|IE&UO4=U^{tdWe_eTH#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.cer b/ssl/test/axTLS.x509_1024.cer
new file mode 100644
index 0000000000000000000000000000000000000000..784e26ffb786bd96d7d95ecab3eaca6f55beca66
GIT binary patch
literal 604
zcmXqLVu~<mVsv2QWLT<oqN4rN^P>j5Y@Awc9&O)w85vnw84OGejSLLfm_u2(gf$Z@
zLVSW10*dmpQj<#*T=G-WD;1nmi%K%nGLsWaQWYFaOEU6{GD|8A<ivRm%?yo<4U7y8
zOpMH<#CeSk3@i;Spj-nTLoovph^f3NrWy(v2!O<yg*kKblM{0?@{3Ch8s{UsijkFp
zxv`hQps|ywv5{df{}rbdCG8=rc3R1IpWC}V^|yoV1;JT!?ljfBS|R?h<TEQ@;=zLz
zU7L1^Dn<RDy`xHxzhisJJ(ihE7tIXrURx1m_;wHD^ZPH~=r4#3{`RbE!HHZ)*JS0*
z=lufYHSU`|D!zYh;bu4gyxqLB->>-Tv$Sww$6fZ7ZM^npXDTmhDd%TmW@KPQb{;U$
zn41_G8H^s-<S9N|_GO2_{H|x*Eq*#rMNWk^+8@waY}u)DZoRvnWYVT5WfN8RJY4ZE
zE5oXM=cc6TJgPQv!XE7niznXHdp1d1CP-yt`LS>JZp^+JZXT8)Zj{EzVZkx$U{9R=
z^OG*8lXiL>?_Bo3uh#aVo6#I$wpka&SKF_gz+$Xx-^jHz^xU?oA!|SSFFJMjn`(98
zrHs~>McZbY<UWo6RwA==(JgJ3|4m0ZS&r=5(`2`$NTSam!^4Yrx$V|3PFB+sYF8w7
z&6{zgE_LRsx>KdkZ!5;0t4Xu1yCd>1lx6yg6rn9!4LpkW+<qPHzwCEAqvOOkGiH4B
Uwpirwk#)lE*|F0$DrE-%0ONc2ga7~l

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_1024.pem b/ssl/test/axTLS.x509_1024.pem
new file mode 100644
index 0000000000..0a5c7a69f1
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAMuA8biHmpvS4EJ+K5guETizlFMpWgT/ALKM5iSTOr0cuGWKy
+5HaRJbzhqO5qaDp3ubJilwwlPF4TSIeAo5HZLuaSKxxSJLF3xvbe2JvZVzdWaBcy
+ZgEIOAiawYxeP+fJRMtiuUjHiab/jn094UYynBMGmtEXqz+pkAQzLT+BCqVVzraV
+VK3xT6LKw/Yle3HSaIXpcraZNG3lX/Z0HLmi2isE/4LFCQTEuryCPrRyGI4waEhK
+Dac9tfRCOpdgfahhip6YxH5lmep+ynXn2yFdznxmPX7cFP5VBJeoZBK0tTBIcrzb
+61tPpvuHAUGR7JiY8Us4okDxBZC7m12WsSJrUA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha256.pem b/ssl/test/axTLS.x509_1024_sha256.pem
new file mode 100644
index 0000000000..b1059b4385
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAbpbFPGnc74yvFgxKiNGA8+9azns10+KionRirc6g/1X1zBnJ
+7vBXW9aXwUr2y9G3jnmX82eut0YnaJ3xlU5rp2NbGSH43fQd/OvWC+6yDFBeHfJG
+JqbyP9oBkrUSuaXO/svsGUr8z1YVnxvtN7A1NGt+xQmgTyNq2QWg3MSQQwVtNsQt
+84mQqU0BmmyRyi14LOCi2dHxjduXFVgHIcM6XzVL8lxQ1oaabA1mP5u8dzH+n+sT
+uVDMmn6ABDZsnnCo9i7WidPI8pfJ4k6xR5l0wUdcOQeY8ynwUmILBt7lhKhxtAIG
+j9SHuiQYstmr5+6wIBv6LRwjuXNDEwcqdT+o1g==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha384.pem b/ssl/test/axTLS.x509_1024_sha384.pem
new file mode 100644
index 0000000000..cbdca1d1b3
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha384.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnxzANBgkqhkiG9w0BAQwFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQwFAAOCAQEAcVYgGWa/OFtWSpsH55h4iHan1Hj8WMzhvczirWDP8EaG3N1P
+WVo7LQdfhs9OvQwLlacAym3eawwsMe7ODU6Iq2vsbajeKMuF0jb5teghb7dMIiIW
+UIy3zRe9pmOZZpIcwJfuzTMTXMq+UksNfSzgB8mGqnIj+4D3UPXce5KYMvxzAjYU
+HAAFR9+ZkTdpratH/qFlk14DJ4CKlH69/RUpekkXcn3lk1DutfQ15kaTnaFObTUs
+HvGr2pX5PsofeR7DW4NStIMbOwMvTby6thCw8zImI2yyouCv+LkilGxmxEMAV85X
+ZKu5dNZXbJwfOFjkmHEtDfmISsdl8NoQxyz55A==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_1024_sha512.pem b/ssl/test/axTLS.x509_1024_sha512.pem
new file mode 100644
index 0000000000..83648e6630
--- /dev/null
+++ b/ssl/test/axTLS.x509_1024_sha512.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/LnyDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQ0FAAOCAQEAbrG+mMdCorMaq6VHQC071CdXzqdUGFgXM/qpVjNo3tKjqUbD
+73FJOYYoSgXO7aJPebraaZTdSpgHO2vdJrifUjrJg+2RKDwIzCP853fgi3Nm4n+R
+7uDsd6K/cj4xvcnhIdmQZC3TPIJFujjbMy0Tw9EQ5Zoz5rNwR0Oy++HtWoULOjTe
+xsVsagshFaGajLF6RXoH+caKHIi4HANlWwJvHCBpqQYUyhUCAHUm9Pdo0+h7Viuj
+evzm3SPr5rOisE8xTDU4WPOhwel3lggZWfh6nbDG7+1sWmT4qTtAkv3V1m1o1h+8
+4TeJUOV9QHm88a2UUqWIZocaLxPYB6NThoBNVg==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_2048.cer b/ssl/test/axTLS.x509_2048.cer
new file mode 100644
index 0000000000000000000000000000000000000000..45a291293a5bf0f7c4cc0f272a0a924248dab5af
GIT binary patch
literal 736
zcmXqLV!C6{#CU{>lVPdWiHi15&rcfgvT<s)d9;1!Wn^S!WiT)?G%_$?V-98E64p$t
z2=NJ42q?<WN=+_NaLG?euT*eOEh@=O%S=uzNmXzxEy>6)$}FigkQ3)MG&3|ZHZU?Y
zFflTZ66ZBGFt9YRfN~9V48;sYAg1!7m})3wAOI3)7Us;!PfpCq$S*Ddx=;z(S&Xa<
z%uS5^3_x)%rY1&4hM!SoHp^8DXK|$$FDhj7Wo~^bIqmTGg|jy9b9ue`g~9LH@8UO2
zt84h8re7g>>yrK*hZ3hl)AY`p9d}}0%)n#4_Vm4uu4SK!e2(xlid^R8sQxmk;Hj(a
z@!MxI{O;PMe`cytGqS7_-7tC53z0t0i=n42;)7Qn=zN#7$xVI6@;S4_q{Q+oypK*(
zIh-K$$JkyYc7~t!vZai&BJ1uOKalmj=+ZoYm!4PY#LZgMnttiJ&7aR>p(mz)QelTP
zGl!=D|C*0tYx(0RHa5NA9JZj9UG?{-o=A4z-C`#@1MW>T>oRYZKYo?9#`Ws^hGUm6
z`)r!wc_Z}a-;{mNV>P^#_wsj7Grh{h%*eoq974c|1BMVIgUqU~+buVuH|I+=Db;Li
zJ-K89BWu0IgO{B%CwIQR{#3x-y-xq@&x4a^Eoc3AB*p#EjuZAXFAL00%-P=EcwRp1
z!_VB>lTDfR`>&j3eOB{O=*-Ex2kz}T5O?HewR7kFgezwqH9Sv=ELeYC;Lkdn$(I;j
zw*(dn|K-gNGPf={Z(tFiwRD2?sq!Uv3-nhr8!u|S5q#c#Yxbq7HA^;bttsMQkvy?H
zr#3S&T=jh9-F0j4bJT1<UZ&`y&9iCkgQntcCq8oq$3rRm)9&jZnEmjm?5*D(pFHM#
zH)RxEJngi7u9Z5Qbf&q7#M$pRCe#S%tlao`OXlOBmuB<mgrDx7yWtXV<45xh0G=K)
A=>Px#

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_2048.pem b/ssl/test/axTLS.x509_2048.pem
new file mode 100644
index 0000000000..95bdb5a3a2
--- /dev/null
+++ b/ssl/test/axTLS.x509_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcQCCQClKsh4h/LnyTANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAPladjynJXGaCmdzonEGTQOF6RmWw/ehmrG+ROur6DD7m+5fspZ+gPQm
+L3gZ2tIv3EB0QsKWLs82x0IDowAMO63L3oiKpvJyTMQPARTTCQh79JJw5UU9x9vM
+aE7dPGfzAnwmMjl6FbCTkugUjknRVcs4X1OpwInuYrJGJ5innJoWGhZveEvFliTD
+YBL8Mz8oXZhOK6alAR0Urt8z4B1J0USDn7ouSnWRsyqWgvotRp+fDDguFi/JILhD
+AwhJEA+s8RatD1+RgYLvs1aghQcl+7KMWQdNuxbJiVDeljaKN4Ufx9UFfEXV74DG
+09NMsphJ2FX5/WS+510oSiO9D4uWNdUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA
+HKqK24TYW7NvGoIifLaFyaSwAQV/OODpiZmTie3X5RBHR34v9fnBk5qnBf7EZEfC
+uMg/mdMQm2Fst4uBzx9q8PltfcmCaX+/1M0F5nzhEszJ3cDevMBexNl7Q4nfYNTN
+QShJyhSgr9cQ/K48k9IA64RRcRP9DWtSNzt0zzA4UCqlkBvKd6TdcC+rAzOigdhT
+z0e1a9KVfKSxtXxyCAQZyKdsfWlhVyXPWd2urd8IfLfHdiFMKwyyreCCc4tCDjcA
+QcJkv2bfL8Cb4cUd2vtI8kic9zUBFaOWyz9tOicGG2k3SBjN99iQfBAsqbHjtGnj
++dKbDCxXy4udsNINgfE3aA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_4096.cer b/ssl/test/axTLS.x509_4096.cer
new file mode 100644
index 0000000000000000000000000000000000000000..f90fb1cc28c86af31bb0a93aa18c129d2d3698b6
GIT binary patch
literal 992
zcmV<610Vb_f&<(zf&#<>2>_)k$ashH=gKe*1_>&LNQU<f0RaUC05CK$GB7X(162eH
z6DeVMR7_JKP;zf-Wn*+8L~mqgc_2e&a&&2CX=7n@WgtOybZBpKX>@ro9v2NUHZd|Y
zFfuVPG%`0@7Y#EoFgY+dGBGeTGB;W<EHM@^6b1uT1PT)kVR%$bQy@@sZ)#;@bTJYz
z5C#KP1OpQZY;R*>Y-n$DbTEPfA}|dG2`Yw2hW8Bt0RaU71A+n%05F0A3Ic)x0RX@X
zPNUcKvn9yzIfRh^Ja}-RWuFDQX9x+(oE7a3%LIK=#ng2OOsJ>KE-x09%08^xg>X0Q
zHy|aHAmXdfU8nYqk9emEP$*t@iMl3G>DB#G&{0%Hy>h?v=@{Uxls)*#8#^D2T~~PE
zk0TLfZd+;!)#Ni%;Z$#3osW)YO`_>9pmANr#tXN$DJPEan3lpTOvq`8LMqkq`)yFx
zx>fS7?kh17EcuP4Cb=sNWQlqnIln6znZ`hF7X4Y9Vx%gfEm!rbL4d2C2&L4Hb0oOO
zSW{yIt@u-|@>!ZWEo2z-nt8)5EVM5>$dLQeyDZK*x6SD7Tm@pLZM*nop4GC5=|B~K
zA-Bus!~mm)bJqG&l?m=7Pj`KTt&oY=8=F;a%g5*n<$?>b{@*|ZPXV_zDZ7c-Vs^jS
zp&;Dkt0ek2p-G<4!Eu?#0eL<uiqg}3LoxzC2*QMphdE*~SoSIoQv2<t=r)nP6;i9f
z9O<}=;M9MbQ1fet*Q-ZXO_<4=jab!g@y6J&unHA}?aJ!?5bcwAs6r#_z>Z!;Hx1K3
z2=dh45AKOWq?mP9OnIwk+i45Pt5M9N^rjf1uQ|2jj0!531zLzJq>{hgja^fE?MY9a
z8b7;g2;-{-fLd5{wIJYn#8Z-fkR-X4U*ZafvR$K2BG~IN;gP4wf`I}90RRCo4F(A+
zhDe6@4FLfK1potr0RaFL<b1YOAf9vO!XcU?dCI8FDvNU%%p&e6Vm}`kN&sBi3drmV
zvZ6WvfbdhirN%{oh6}crAR0RL8C#v4v{h|iE~*Wq%)0wB;;$gB#>@KNiqM#QC5L6G
ze>~xk+?vfj)}U+iSBjy`u1Zt8<g8jpa|nwS7$pS5_^#>>tH{{n0)wpm#ij<5rH&0c
zZtJ76;$u0Laz23cXCmrpx#jBmWM%Zok51H8&SWe=1oB0YF#wZ+kV(ec5HML<F+he%
zoxzF3-hQsI`P4@Wbn@`gk=`2_+RRU4tv`?wHYgChMwpLkP$aax5?Jtasl)~0t7l#x
O8FkuLAF1^+tEA7R*1hro

literal 0
HcmV?d00001

diff --git a/ssl/test/axTLS.x509_4096.pem b/ssl/test/axTLS.x509_4096.pem
new file mode 100644
index 0000000000..e6aaf2573d
--- /dev/null
+++ b/ssl/test/axTLS.x509_4096.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3DCCAsQCCQClKsh4h/LnyjANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjdaFw0zMDA5MDgyMTA0MjdaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAMAKTqPX9LMlyPA5hJD/PHhwoGWfBbpnCAnKnBXtDssEfVLF1HUITKin
+zC4vFpXKPqzahXA37DcgJZQg4qvPXaf2jY94pwlQKF52ibomUOnV/VLQUVRFvXK/
+8+kY4K2UPfjJGzsfjF1XeOCPIxFlbltqCtXkM1PhVG9dnY+OZk2i6S+gcV3Fxgu3
+tiknju+YlsIrTMhpiUIq1fH7bVDWulXyru4rMREs+Y2lJrkrDGSJeh45vysZmcZA
+bhb9WZtipCqiLVf1qkGAq54IpdSOcyS4x1hTYwOt+FOt8lmaOS1kGPKaecMtLLQv
+O8iQ+9K7LM45t83o7VwFYqZtu/hlntWyiOlAFX8ht8vmxACjhnPW+lKVCe4kT3d9
+g62Qidcbm1Vty8foCuWCC7H+30AETwG3NSm7idhidr/YoSDc5Ksk+jehSZ7PwXGZ
+xwF5PiqK0tN8QzICPwjChI6HOWIxWPYqDlL77aXoNpG9FVKrwBzpuIvg1H+aUPNr
+h9erR1ZNmMmajVjVbvHG2LCwChWD7crq/RDtk3ioQiPrwI5eRTcN00AI8tTeD+6J
+Q6SYdVZMeatn22kLyKtRzKL0phiirzm144wKKpcFWogrpJK/3Y1dU3rtSU+dGj+7
+agjjqwWAWlhztSDgesRTkn6QJLmVX+IKh7Jdo04i2Osw4ZGnyYKBAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBABPkfLZVIJ5z5cIhmiN5yqjMKotzGMwi7ihiPx8YSgBc
+2grI7Aqyojn/gPBTvKXGRYCGC7aXIBo69RlbnZy0VW1fLqoNo8y6+zLiryCtxsv6
+3orQmHslh2WofzzhkNyazT3WoGvzV4qhzK5KU7vkrFpHcwiLFRglBMP4ruoOq8jY
+4wKDrP3FpgaSpY4NOm7ro7LiYzmVcj6A9Gci6mm55er6ZGX0yI9O1FXOZCxABPJF
+kDEAk4GQScbaEDBZWjFAhkmdwYnE3n6usPnURwp08vDRkd4bGdrMT2KtP5ASNigQ
+vEaYj2pQJLS8Eljwc6nEBeGrZ14fGXXaVh+p9TKrpM8=
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes128.pem b/ssl/test/axTLS.x509_aes128.pem
new file mode 100644
index 0000000000..1eeb6013ca
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes128.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0DANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA8k4Lr67fner/JtPfbCJe9+RMyq4ErKmXDlxQnXDEcvn/7Mw/CcNQXDPDRTN2
+/pw0Cwb45Pgv0bqTAFPK2sWhp68QMiuyl+lIUGSrgXX69nW7B2cAp4YSNW55M8SQ
+EISL3QOkzl1oHW3iuxxGeuCGuVv0i4gRxhQ1XkHdoGOc4G0CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAPbTh7YlIYA/XOKC1Laf0SQ0HQU4hC9rd1IowBIyKYT5YlKVM
+VIrmqN7B3ytUZbP3eL9ZO63G5NHmGk/i+RpxF+O0oX09uhIPWHlupZ1LeEHDwsSG
+5OjZ1scU0bbIX/aBNPDL8hU7/TSTtL7NY9939cHE5LVwdSuOqndXl5nPFKxyJjfB
+npworzs+UUwXLAcJSRHTruyRf6fvSfl1NdMabWiR/L7+tzDV0842+HwUsJLUlWFv
+osK0avS8ER8PrFMRnKqGIK416B38ZMjn65G/J5v1j/RSHDAWjp+SYAFHaxiU0gEk
+WOAZlVmG1vVlFk/ubTJ/vd+RAk0QYI+THgwlbQ==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_aes256.pem b/ssl/test/axTLS.x509_aes256.pem
new file mode 100644
index 0000000000..89fe526af9
--- /dev/null
+++ b/ssl/test/axTLS.x509_aes256.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0TANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0zMDA5MDgyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAqn/ZBpw3WLD87W/rVp8rdvg2yoml5CSMfePkcXKCfbWMAkZOJJtMupPoMFC9
+CbQ5EUmSV47BHGTh0xnQK/4s4bc6lPVtkK7dJtFfonCsiTErW0p6z0q7tQfWFEd3
+NGNFv/qVIsB0hJDOJn8x30wYWCOY+gC+53KJzRVcRMoM75sCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqI4YkmyznQ9lE0+2cSkRX7ELJeKGedGFCCKJZaee5k9R4PBc
+fg97WsEMARSl2WLzAkK3rjSQWslbRxb/u1NYhd2uBdrYGIMXgPyBIjV7sSoI0TkC
+3muhke+W2yZsVp55DoJpfsX9dIfzbM0ICbaD509xuClfraIafO/6VLrw/+BzTTVM
+DECTo1dCheYYXyOJPgdgdcABKKb3WkTLJPkV6SCK0D8xAHpTRR8AtT0xu60JDRoq
+wcKZie02AXOgg3mEQPdvmVDb+cgOL2Cb/nyraS2OVKPRTZfQfvhve0mU3DN/TVDB
+7N9bVd1WNst+bsNIE0SbnYiF/oSdnHGNQxaLGA==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_after.pem b/ssl/test/axTLS.x509_bad_after.pem
new file mode 100644
index 0000000000..c90d630499
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_after.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0zANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjEy
+MzAyMTA0MjhaFw0xNTEyMzEyMTA0MjhaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAqk3O/LBqyketDzFqMe7L8nqmM/crpmjZ93KEwhrc7uRKJgXm
+CjfTSm7D43l4xbz/NbHnNvSFnblFoioAQP23opotJV/WutmrGCIjpidLc682GvcP
+DvhlOTAqoVFFWmjL6gj2iKEtIUzxCMI7K/h/znQvk/NrsfvOF0uZtpMoLqqo4o3Y
+V2vogbTEPpr77952JMpsLvJYatwiYo8G7Pc8qdl86mk3tx1Kqn/Pl9CgMgj8tgFi
+tcBRFePe3WvAiK7vnSqz7H4NUXrcv0RTA7f/bUXNWoRUI98GbYKVpxgIY7uFmLF8
+0jb92pWMlA9Ps0fAdMKs98c7dIaJi0buM5Mtuw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_bad_before.pem b/ssl/test/axTLS.x509_bad_before.pem
new file mode 100644
index 0000000000..3d65fe60b8
--- /dev/null
+++ b/ssl/test/axTLS.x509_bad_before.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAUACCQClKsh4h/Ln0jANBgkqhkiG9w0BAQUFADA0MTIwMAYDVQQKEylh
+eFRMUyBQcm9qZWN0IERvZGd5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yNDEy
+MzExNDAwMDBaFw0yNTEyMzExNDAwMDBaMCwxFjAUBgNVBAoTDWF4VExTIFByb2pl
+Y3QxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvQ/UQqh0h1SquTofi869t2X7QD3QEZqc3IJ86qgX4XTzBQ5hwcF4irK6FSJa
+/5u4ei4PiLd03gSZpaKZU4uteFox7bwB59/p7C+gXVP25oqgyG1BRWMjs89OUB8o
+3zbic9/WobNGT267DZvvqPlMpXGhiN0HqYYNP82ZI6KEdw8CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEALWtzVdl7s7NHPKslDc0NN2N/kqd8V5Ug93s9POLPQV6Cq7fH
+WPzxdU/IcLwocngqDzYEADlKJL1prRIP7IEtclRW109kVf5ge4waL7BIFogX0iII
+WzjSlLTdYFo6ZK/oxwg86+zVA9UbkWbvQwSGE60Hqr8GEaqon09CxYUpFTtOq7qZ
+Ikjjf1Rz/t1AAGXoN2Yls1hm2ONYFuxQq+dBME0sSL7hdhwFoOi/u3Q0QXmg4Z1Y
+xe0J3Pg1mt5nsh4cY0QDNZdSbZz1p4jVY5RxQsoYzgyVYQWBeDJGKs2RN8o1CFko
+EMQ4Bq65fSUs5hPnYGl4iibWmQQgAWkasKZwaw==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_device.pem b/ssl/test/axTLS.x509_device.pem
new file mode 100644
index 0000000000..2ecdabefaa
--- /dev/null
+++ b/ssl/test/axTLS.x509_device.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAbsCCQClKsh4h/LnyzANBgkqhkiG9w0BAQUFADAsMRYwFAYDVQQKEw1h
+eFRMUyBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYxMjMwMjEwNDI3
+WhcNMzAwOTA4MjEwNDI3WjArMSkwJwYDVQQKEyBheFRMUyBQcm9qZWN0IERldmlj
+ZSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1d
+D6JnZqcce7NfbntIrT5T7rFq00sKH6FhFNeNXae3EvXl3Ep0FeaX72L78NtR7GR8
+vsVtnLqY0Ac76j7a66gM+KdhPVR0zLs7w0knI+hlNAVA/hkN6rYS5FzH4e6SWRTe
+Q2LVas0hPrn2ZWJXwarE9QTjfXkbNn03+jpzBQKcdADYychRJbtnBH94on/92ejx
+dIlDbSmgzQ1b1QaIkWvZlLo+L8Z8h+B5ss04adm1wyzFDlYs/1lmbPTZf0KCXbsi
+WRhIotVDOVUvNakJ7tnU9YPxNMj18LTkFJ1YI0jD31vggMidV03UsFQ0rMlwKcsc
+bUhGGzPNbdxhr5pgn/kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBX+beg1jGMSqQd
+6Q/d07mQCLuEwmXmmz7hc0lgp6IumjsxulO2xLiotXie7e3GIRAVgJsd6ysRJKim
+IioOMxcwUMWw0CcqjcwqorczJjsqzW99dzCd3NcDiDxx+7Pye58D8qOLHGtafC9n
+TjQELV6dNIUX5IfH/18jAkPEmFcOUg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIJAORglrABpAToMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owNDEyMDAGA1UEChMpYXhUTFMg
+UHJvamVjdCBEb2RneSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCxIzCSlgeXAiyLWjGWUkuMA+OPJzH23pDcE7Nc
+FKhkdzXAD6tBW4odqul7y1g4qU0/xvv16NsK//VTc2VWQwkm0tlQ+0PBMTBRk0Qb
+XuLFLjfyYYjUBsde/CE9qhPbhTKYQ5xsnEBm4KUN/Mqk3sKXo7M3s7HjiAeYEIFK
+dSFECcljEPrHzAEvDwd0fRsx2hzb4fgrJbfW4wa9rsL1iVQI9VAY8mxM/UMtGySr
+L7M7U0RFRM5fK0d5guWH9f+j41hW9R/tYq7qoLcjgcr45nk5bcT4RoTvehhGZRUN
+pVq8vttEoR/Y1JvOjBT5WwUSfJcgXtidEWnQPXKszNoLj1sNAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IB
+AQByY8+gtxSKO5ASYKArY8Sb4xJw0MNwsosARm17sT/8UTerS9CssUQXkW4LaU3T
+SzFVxRUz9O+74yu87W58IaxGNq80quFkOfpS39eCtbqD2e4Y/JuC30hK/GmhBquD
+gVh3z3hD8+DUXq83T1+9zgjCppLeQfaFejbaJSwQ7+K6gJn5JZNiaHVGN1GO6lT6
+5W3zqep5zU6a4T5UeZqkYyuzfTBbIkgEga0JzPaCdd5JOrwFR3UNWlICOxr7htDI
+FqiTrA0RH2ZNmrmJDcM1pFWlQAPnvDoRLeMpmvWZDnGrWYDzyt0j5G0bIPL7214c
+b5kxOvfGlM4E6v+lMSw/HDrI
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain.pem b/ssl/test/axTLS.x509_end_chain.pem
new file mode 100644
index 0000000000..c0a4eb3c78
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIJAKUqyHiH8ufOMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+OFoXDTMwMDkwODIxMDQyOFowLDEWMBQGA1UEChMNYXhUTFMgUHJvamVjdDESMBAG
+A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+7R4S75j5ZfknrzbsAvUnqS997FNk545sGo0YraDQ7CeJXGqeDyUTpdwtzBt8H8/a
+xNP1BFdgNEWnF1C1HXVbhqWxq16IlakqZYkYldHJMPQgFa3YuRN4Y0i8sn8A1Fbe
+69D//57JZr1wt+qxAJWWn0anPGXmR0HlO0At1ACQkKGSE+ajTB2TnO7UTsjKRrXP
+v16FdWTXkJTVHUdVuAs6IfgAKkvQQ5zA8D6IXgjWsToWdFzlI8eTDHZqZJiw8gPg
+7xG0jepN9JU05JRc4NduzeVj/0WT0tdilO0jQP/+8FgikdOeDU6wo4/e0Ta5bdZe
+7apqOBfdDnq3EUnHO1ZQbQIDAQABo00wSzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
+/wQEAwIF4DArBgNVHREEJDAigg93d3cuZXhhbXBsZS5uZXSCD3d3dy5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAbPQ1Y205Ricl1K2ByVa2RHJyYGP0Qj+H
+5mWj4A92N1vAb6uOrliqFYOClYINGsKKC8YDZdyA4c8ZglCKZ2RePwOSdaWIw7wi
+Efhysyq3WLSlo5jEcnkO7o5dV/7V7FX/+65UEXu35ZqaE8ZY++eotmLzccnInYP3
+1e4oaF5hyZIHVNCXnywNvchSkXjN0HhvIpeLTyzC5MQkQMMEOi8EBOgTGAo4UvL9
+eau3YhhpvfnCDlrRB6N79RcTLmJyOj5g1YO/9wn/du+EMwEkKUg5QJHzwUB2+ISp
+57JjKh2BQt0g/XJfRugHQcNtjUu73Ziexpl0qaXjNjb8mvsuV9RX0g==
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_end_chain_bad.pem b/ssl/test/axTLS.x509_end_chain_bad.pem
new file mode 100644
index 0000000000..743dbc07e0
--- /dev/null
+++ b/ssl/test/axTLS.x509_end_chain_bad.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJjCCAg6gAwIBAgIJAKUqyHiH8ufPMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV
+BAoTH2F4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIDIgQ0EwHhcNMTYxMjMwMjEw
+NDI4WhcNMzAwOTA4MjEwNDI4WjAsMRYwFAYDVQQKEw1heFRMUyBQcm9qZWN0MRIw
+EAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDtHhLvmPll+SevNuwC9SepL33sU2TnjmwajRitoNDsJ4lcap4PJROl3C3MG3wf
+z9rE0/UEV2A0RacXULUddVuGpbGrXoiVqSpliRiV0ckw9CAVrdi5E3hjSLyyfwDU
+Vt7r0P//nslmvXC36rEAlZafRqc8ZeZHQeU7QC3UAJCQoZIT5qNMHZOc7tROyMpG
+tc+/XoV1ZNeQlNUdR1W4Czoh+AAqS9BDnMDwPoheCNaxOhZ0XOUjx5MMdmpkmLDy
+A+DvEbSN6k30lTTklFzg127N5WP/RZPS12KU7SNA//7wWCKR054NTrCjj97RNrlt
+1l7tqmo4F90OercRScc7VlBtAgMBAAGjTTBLMAwGA1UdEwEB/wQCMAAwDgYDVR0P
+AQH/BAQDAgXgMCsGA1UdEQQkMCKCD3d3dy5leGFtcGxlLm5ldIIPd3d3LmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBGJydzARx5fNYprptRG9c3pqecGKlX
+ArxbLe+K+83wS427HnWONnuZ5LJKGkuXjIeh1G/2AfKYXJz/SMN0IPYY3ro5Lt1Z
+GOPyn01qcj6OkfyiUPCDIsVFS9V0TVLTBLTMZFa1j6nMHs8Ajmm10Fkf/NQP/CVk
+zEgoktjb+wLqw1iPUGqkVepVtp3wg7VQY6E07SliNp/06Q3ue6xLJnYlKqFhUQf7
+064JyRIH9W/C2WnxWbKRBjsE4gCRnMvKQrCrfR64VohCr6XvygIIufwCG/CLJogn
+4OJMqz1oDkABPgSgjNhOdwnt+3dvxbjQBiRy1ERfNAJLo+V6x6aO1Gqz
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca.pem b/ssl/test/axTLS.x509_intermediate_ca.pem
new file mode 100644
index 0000000000..4fbad81b05
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/axTLS.x509_intermediate_ca2.pem b/ssl/test/axTLS.x509_intermediate_ca2.pem
new file mode 100644
index 0000000000..ea8ab7d7df
--- /dev/null
+++ b/ssl/test/axTLS.x509_intermediate_ca2.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAKUqyHiH8ufNMA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoTHWF4VExTIFByb2plY3QgSW50ZXJtZWRpYXRlIENBMB4XDTE2MTIzMDIxMDQy
+N1oXDTMwMDkwODIxMDQyN1owKjEoMCYGA1UEChMfYXhUTFMgUHJvamVjdCBJbnRl
+cm1lZGlhdGUgMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoa
+fskhD+DqHbPtvZxd/WrqhJif6k1KkAs/vYlsjoaejVOaSdi2YkDcVViM2rBR6fSN
+XL5n/uH57LTKWhZf07XQqUJ7lfnhSHu2pRD+vj3N2Ihazs8jtF56iXGcJppKa+aJ
+rxnMfRW3Kyn5c34Jp+GbxiHYLcJAPmQI+lpKWRxhqc6i2MgBc/On8ADXk+CN2vdG
+hsDhKP6J/o7yQPjvCgEbBcfsrKca30mbTVUzVhX0H5CCLe7zlp3r2TQBJDJx8WPI
+wxavBAAjRg6N69I/huYpkZfD9IXZJaTdutTktYQDVTN5drdiDTTf1JGYyXt/0+0V
+t9ANFWd1pP589yICpQ8CAwEAAaMkMCIwEgYDVR0TAQH/BAgwBgEB/wIBCjAMBgNV
+HQ8EBQMDBwWAMA0GCSqGSIb3DQEBCwUAA4IBAQBNWDjqxlO0BwMdyxfUs1wDsLiq
+4hOmUFwCv8TuTFsL9aNe7OIJRT8IF2pHw07qyvAxJVEWUCLK/KLq0HrRTzRZO/tK
+eNroHMHS+fBwFuHFp+1RGMK2rHLajxVVB6X0aeLWKrNKrvUQZL+Tx+NZ3dEO62rq
+rANnElCrnyI1bIBKwHdUbOMOHeZAECr7H0KfvaX8F67aln4IwPzCauQM3DFf9h9Z
+FvmxUdVgjRZK4e5he9k4gT/Faom0z/ApnW4DJRF8rpCPWqN872aNpL8NPZuOFtiD
+Gzg5O4wJYx7OWIPa/qcQ0hTbn5waPzC68X448tlJTPiwyeKsYT3JwWqLi6o5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAeqgAwIBAgIJAKUqyHiH8ufMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
+BAoTKWF4VExTIFByb2plY3QgRG9kZ3kgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
+DTE2MTIzMDIxMDQyN1oXDTMwMDkwODIxMDQyN1owKDEmMCQGA1UEChMdYXhUTFMg
+UHJvamVjdCBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDOF2/0KBnz3n4m4Xgnm22ApLwcMovm4IBg5LYH6jU6QbNhGRIj68Dj
+UGk98TwPw/2WCNxvMA6s6+Bgc9md4TcjHWaGXI/Budd6wLjwBqFtZd4cUku7cevc
+R+MhWeCm0gcXT8VeYu06NzEuk/+ZfJRNftubQ0yGAS/EBffh89+AzivoDA9gvDEk
+aXRziutv1yGgOZenv7vY2eOI7+lfOtSQjRUv59XpT9xP2ujqnrAlh7C99cDOpXTU
+HvrF/5CFganqH8dJlCe1NB8DYoincfuOFpVeAL8LLJn9+/HVBQBULLykxyQWzti4
+u1W6EA5nUql5nNpCi3BGNMR5GQX32ILHAgMBAAGjIzAhMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwCwYDVR0PBAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAYt1Wq1XsZjOWf
+mH9XzI3k8UEtErTkBX5SXH10siY5tYmHzH02jaZVRC1yNrxQevqARhR1yj3daKg3
++innX8foKlYRCxTfFeE/HELcm7rIt5mrIGdGAFn2fnImO5kpXxbPk6IAXRTp6lN8
+QS08Ah1Aaeh0ae2Ruzx2TOnG/IuB7ChliJxepo0KtRw6RN6ETvC2KS0glSf5fPW7
+c18UPbTesecrki12FlaGbPD/sWHOltBIpPXzgef7G8b6CiYqaX0T3T/47RLRwrMm
+SAcbMerJZoyudbLd+OHGtvz5kOmYCoZYkay121MSvtFucHnR3UjEui2lUbL1Qi92
+2L3MUIVn
+-----END CERTIFICATE-----
diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c
new file mode 100644
index 0000000000..ceb241ea19
--- /dev/null
+++ b/ssl/test/ssltest.c
@@ -0,0 +1,2589 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The testing of the crypto and ssl stuff goes here. Keeps the individual code
+ * modules from being uncluttered with test code.
+ *
+ * This is test code - I make no apologies for the quality!
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#ifndef WIN32
+#include <pthread.h>
+#endif
+
+#include "os_port.h"
+#include "ssl.h"
+
+#define DEFAULT_CERT            "../ssl/test/axTLS.x509_1024.cer"
+#define DEFAULT_KEY             "../ssl/test/axTLS.key_1024"     
+//#define DEFAULT_SVR_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_SVR_OPTION      0
+//#define DEFAULT_CLNT_OPTION      SSL_DISPLAY_BYTES|SSL_DISPLAY_STATES
+#define DEFAULT_CLNT_OPTION     0
+
+/* hack to remove gcc warning */
+#define SYSTEM(A)           if (system(A) < 0) printf("system call error\n");
+
+static int g_port = 19001;
+
+/**************************************************************************
+ * AES tests 
+ * 
+ * Run through a couple of the RFC3602 tests to verify that AES is correct.
+ **************************************************************************/
+#define TEST1_SIZE  16
+#define TEST2_SIZE  32
+
+static int AES_test(BI_CTX *bi_ctx)
+{
+    AES_CTX aes_key;
+    int res = 1;
+    uint8_t key[TEST1_SIZE];
+    uint8_t iv[TEST1_SIZE];
+
+    {
+        /*
+            Case #1: Encrypting 16 bytes (1 block) using AES-CBC
+            Key       : 0x06a9214036b8a15b512e03d534120006
+            IV        : 0x3dafba429d9eb430b422da802c9fac41
+            Plaintext : "Single block msg"
+            Ciphertext: 0xe353779c1079aeb82708942dbe77181a
+
+        */
+        char *in_str =  "Single block msg";
+        uint8_t ct[TEST1_SIZE];
+        uint8_t enc_data[TEST1_SIZE];
+        uint8_t dec_data[TEST1_SIZE];
+
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "06A9214036B8A15B512E03D534120006");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "3DAFBA429D9EB430B422DA802C9FAC41");
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "E353779C1079AEB82708942DBE77181A");
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST1_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_str, 
+                enc_data, sizeof(enc_data));
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: AES ENCRYPT #1 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+
+        if (memcmp(dec_data, in_str, sizeof(dec_data)))
+        {
+            printf("Error: AES DECRYPT #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        /*
+            Case #2: Encrypting 32 bytes (2 blocks) using AES-CBC 
+            Key       : 0xc286696d887c9aa0611bbb3e2025a45a
+            IV        : 0x562e17996d093d28ddb3ba695a2e6f58
+            Plaintext : 0x000102030405060708090a0b0c0d0e0f
+                          101112131415161718191a1b1c1d1e1f
+            Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
+                          7586602d253cfff91b8266bea6d61ab1
+        */
+        uint8_t in_data[TEST2_SIZE];
+        uint8_t ct[TEST2_SIZE];
+        uint8_t enc_data[TEST2_SIZE];
+        uint8_t dec_data[TEST2_SIZE];
+
+        bigint *in_bi = bi_str_import(bi_ctx,
+            "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+        bigint *key_bi = bi_str_import(
+                bi_ctx, "C286696D887C9AA0611BBB3E2025A45A");
+        bigint *iv_bi = bi_str_import(
+                bi_ctx, "562E17996D093D28DDB3BA695A2E6F58");
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "D296CD94C2CCCF8A3A863028B5E1DC0A7586602D253CFFF91B8266BEA6D61AB1");
+        bi_export(bi_ctx, in_bi, in_data, TEST2_SIZE);
+        bi_export(bi_ctx, key_bi, key, TEST1_SIZE);
+        bi_export(bi_ctx, iv_bi, iv, TEST1_SIZE);
+        bi_export(bi_ctx, ct_bi, ct, TEST2_SIZE);
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_cbc_encrypt(&aes_key, (const uint8_t *)in_data, 
+                enc_data, sizeof(enc_data));
+
+        if (memcmp(enc_data, ct, sizeof(ct)))
+        {
+            printf("Error: ENCRYPT #2 failed\n");
+            goto end;
+        }
+
+        AES_set_key(&aes_key, key, iv, AES_MODE_128);
+        AES_convert_key(&aes_key);
+        AES_cbc_decrypt(&aes_key, enc_data, dec_data, sizeof(enc_data));
+        if (memcmp(dec_data, in_data, sizeof(dec_data)))
+        {
+            printf("Error: DECRYPT #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All AES tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA1 tests 
+ *
+ * Run through a couple of the RFC3174 tests to verify that SHA1 is correct.
+ **************************************************************************/
+static int SHA1_test(BI_CTX *bi_ctx)
+{
+    SHA1_CTX ctx;
+    uint8_t ct[SHA1_SIZE];
+    uint8_t digest[SHA1_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "A9993E364706816ABA3E25717850C26C9CD0D89D");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+                "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+        bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+        SHA1_Init(&ctx);
+        SHA1_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA1_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA1 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA1 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA256 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA256 is correct.
+ **************************************************************************/
+static int SHA256_test(BI_CTX *bi_ctx)
+{
+    SHA256_CTX ctx;
+    uint8_t ct[SHA256_SIZE];
+    uint8_t digest[SHA256_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "248D6A61D20638B8E5C026930C3E6039A33CE45964FF2167F6ECEDD419DB06C1");
+        bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+        SHA256_Init(&ctx);
+        SHA256_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA256_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA256 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA256 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * SHA384 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
+ **************************************************************************/
+static int SHA384_test(BI_CTX *bi_ctx)
+{
+    SHA384_CTX ctx;
+    uint8_t ct[SHA384_SIZE];
+    uint8_t digest[SHA384_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
+        bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
+
+        SHA384_Init(&ctx);
+        SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA384_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA384 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA384 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * SHA512 tests 
+ *
+ * Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
+ **************************************************************************/
+static int SHA512_test(BI_CTX *bi_ctx)
+{
+    SHA512_CTX ctx;
+    uint8_t ct[SHA512_SIZE];
+    uint8_t digest[SHA512_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str = "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+        bigint *ct_bi = bi_str_import(bi_ctx,
+            "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
+        bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
+
+        SHA512_Init(&ctx);
+        SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        SHA512_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: SHA512 #2 failed\n");
+            goto end;
+        }
+    }
+
+    res = 0;
+    printf("All SHA512 tests passed\n");
+
+end:
+    return res;
+}
+/**************************************************************************
+ * MD5 tests 
+ *
+ * Run through a couple of the RFC1321 tests to verify that MD5 is correct.
+ **************************************************************************/
+static int MD5_test(BI_CTX *bi_ctx)
+{
+    MD5_CTX ctx;
+    uint8_t ct[MD5_SIZE];
+    uint8_t digest[MD5_SIZE];
+    int res = 1;
+
+    {
+        const char *in_str =  "abc";
+        bigint *ct_bi = bi_str_import(bi_ctx, 
+                "900150983CD24FB0D6963F7D28E17F72");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #1 failed\n");
+            goto end;
+        }
+    }
+
+    {
+        const char *in_str =
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        bigint *ct_bi = bi_str_import(
+                bi_ctx, "D174AB98D277D9F5A5611C2C9F419D9F");
+        bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+
+        MD5_Init(&ctx);
+        MD5_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
+        MD5_Final(digest, &ctx);
+
+        if (memcmp(digest, ct, sizeof(ct)))
+        {
+            printf("Error: MD5 #2 failed\n");
+            goto end;
+        }
+    }
+    res = 0;
+    printf("All MD5 tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * HMAC tests 
+ *
+ * Run through a couple of the RFC2202 tests to verify that HMAC is correct.
+ **************************************************************************/
+static int HMAC_test(BI_CTX *bi_ctx)
+{
+    uint8_t key[SHA256_SIZE];
+    uint8_t ct[SHA256_SIZE];
+    uint8_t dgst[SHA256_SIZE];
+    int res = 1;
+    const char *key_str;
+
+    const char *data_str = "Hi There";
+    bigint *key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    bigint *ct_bi = bi_str_import(bi_ctx, "9294727A3638BB1C13F48EF8158BFC9D");
+    bi_export(bi_ctx, key_bi, key, MD5_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 8, key, MD5_SIZE, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "750C783E6AB0B503EAA86E310A5DB738");
+    bi_export(bi_ctx, ct_bi, ct, MD5_SIZE);
+    hmac_md5((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, MD5_SIZE))
+    {
+        printf("HMAC MD5 #2 failed\n");
+        goto end;
+    }
+   
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx, "B617318655057264E28BC0B6FB378C8EF146BE00");
+    bi_export(bi_ctx, key_bi, key, SHA1_SIZE);
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, SHA1_SIZE, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #1 failed\n");
+        goto end;
+    }
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx, "EFFCDF6AE5EB2FA2D27416D5F184DF9C259A7C79");
+    bi_export(bi_ctx, ct_bi, ct, SHA1_SIZE);
+
+    hmac_sha1((const uint8_t *)data_str, 28, (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA1_SIZE))
+    {
+        printf("HMAC SHA1 #2 failed\n");
+        goto end;
+    }
+
+    data_str = "Hi There";
+    key_bi = bi_str_import(bi_ctx, "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+    ct_bi = bi_str_import(bi_ctx,
+            "B0344C61D8DB38535CA8AFCEAF0BF12B881DC200C9833DA726E9376C2E32CFF7");
+    bi_export(bi_ctx, key_bi, key, 20);
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 8, 
+            (const uint8_t *)key, 20, dgst);
+
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #1 failed\n");
+        goto end;
+    } 
+
+    data_str = "what do ya want for nothing?";
+    key_str = "Jefe";
+    ct_bi = bi_str_import(bi_ctx,
+            "5BDCC146BF60754E6A042426089575C75A003F089D2739839DEC58B964EC3843");
+    bi_export(bi_ctx, ct_bi, ct, SHA256_SIZE);
+
+    hmac_sha256((const uint8_t *)data_str, 28, 
+            (const uint8_t *)key_str, 4, dgst);
+    if (memcmp(dgst, ct, SHA256_SIZE))
+    {
+        printf("HMAC SHA256 #2 failed\n");
+        goto end;
+    }
+
+    // other test
+    /*uint8_t secret[16];
+    key_str = "9BBE436BA940F017B17652849A71DB35";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 16);
+
+    uint8_t random[26];
+    data_str = "74657374206C6162656CA0BA9F936CDA311827A6F796FFD5198C";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 26);
+
+    uint8_t output[256];
+    p_hash_sha256(secret, 16, random, 26, output, 100);
+    ct_bi = bi_import(bi_ctx, output, 100);
+    bi_print("RESULT", ct_bi);
+    */
+
+    /*uint8_t secret[48];
+    uint8_t random[256];
+    uint8_t output[256];
+
+    key_str =
+        "8C6D256467157DAEC7BAEBC1371E6DABFF1AB686EFA7DCF6B65242AA6EEBFC0A7472A1E583C4F2B23F784F25A6DE05A6";
+    ct_bi = bi_str_import(bi_ctx, key_str);
+    bi_export(bi_ctx, ct_bi, secret, 48);
+
+    data_str =
+        "636C69656E742066696E697368656475F80B2E4375CFA44105D16694A5E2D232302FF27241BDF52BA681C13E2CDF9F";
+    ct_bi = bi_str_import(bi_ctx, data_str);
+    bi_export(bi_ctx, ct_bi, random, 47);
+
+    p_hash_sha256(secret, 48, random, 47, output, 12);
+    ct_bi = bi_import(bi_ctx, output, 12);
+    bi_print("RESULT1", ct_bi);*/
+
+    res = 0;
+    printf("All HMAC tests passed\n");
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * BIGINT tests 
+ *
+ **************************************************************************/
+static int BIGINT_test(BI_CTX *ctx)
+{
+    int res = 1;
+
+#ifndef CONFIG_INTEGER_8BIT 
+#ifndef CONFIG_INTEGER_16BIT 
+    bigint *bi_data, *bi_exp, *bi_res;
+    const char *expnt, *plaintext, *mod;
+    uint8_t compare[MAX_KEY_BYTE_SIZE];
+    /**
+     * 512 bit key
+     */
+    plaintext = /* 64 byte number */
+        "01aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee";
+
+    mod = "C30773C8ABE09FCC279EE0E5343370DE"
+          "8B2FFDB6059271E3005A7CEEF0D35E0A"
+          "1F9915D95E63560836CC2EB2C289270D"
+          "BCAE8CAF6F5E907FC2759EE220071E1B";
+
+    expnt = "A1E556CD1738E10DF539E35101334E97"
+          "BE8D391C57A5C89A7AD9A2EA2ACA1B3D"
+          "F3140F5091CC535CBAA47CEC4159EE1F"
+          "B6A3661AFF1AB758426EAB158452A9B9";
+
+    bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
+    bi_exp = int_to_bi(ctx, 0x10001);
+    bi_set_mod(ctx, bi_str_import(ctx, mod), 0);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+
+    bi_data = bi_res;   /* resuse again - see if we get the original */
+
+    bi_exp = bi_str_import(ctx, expnt);
+    bi_res = bi_mod_power(ctx, bi_data, bi_exp);
+    bi_free_mod(ctx, 0);
+
+    bi_export(ctx, bi_res, compare, 64);
+    if (memcmp(plaintext, compare, 64) != 0)
+        goto end;
+#endif
+#endif
+
+    /*
+     * Multiply with psssible carry issue (8 bit)
+     */
+    {
+        bigint *bi_x = bi_str_import(ctx, 
+                "AFD5060E224B70DA99EFB385BA5C0D2BEA0AD1DAAA52686E1A02D677BC65C1DA7A496BBDCC02999E8814F10AFC4B8E0DD4E6687E0762CE717A5EA1E452B5C56065C8431F0FB9D23CFF3A4B4149798C0670AF7F9565A0EAE5CF1AB16A1F0C3DD5E485DC5ABB96EBE0B6778A15B7302CBCE358E4BF2E2E30932758AC6EFA9F5828");
+        bigint *arg2 = bi_clone(ctx, bi_x);
+        bigint *arg3 = bi_clone(ctx, bi_x);
+        bigint *sqr_result = bi_square(ctx, bi_x);
+        bigint *mlt_result = bi_multiply(ctx, arg2, arg3);
+
+        if (bi_compare(sqr_result, mlt_result) != 0)
+        {
+            bi_print("SQR_RESULT", sqr_result);
+            bi_print("MLT_RESULT", mlt_result);
+            bi_free(ctx, sqr_result);
+            bi_free(ctx, mlt_result);
+            goto end;
+        }
+
+        bi_free(ctx, sqr_result);
+        bi_free(ctx, mlt_result);
+    }
+
+    printf("All BIGINT tests passed\n");
+    res = 0;
+
+end:
+    return res;
+}
+
+/**************************************************************************
+ * RSA tests 
+ *
+ * Use the results from openssl to verify PKCS1 etc 
+ **************************************************************************/
+static int RSA_test(void)
+{
+    int res = 1;
+    const char *plaintext = /* 128 byte hex number */
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
+        "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
+    uint8_t enc_data[128], dec_data[128];
+    RSA_CTX *rsa_ctx = NULL;
+    BI_CTX *bi_ctx;
+    bigint *plaintext_bi;
+    bigint *enc_data_bi, *dec_data_bi;
+    uint8_t enc_data2[128], dec_data2[128];
+    int len; 
+    uint8_t *buf;
+
+    RNG_initialize();
+
+    /* extract the private key elements */
+    len = get_file("../ssl/test/axTLS.key_1024", &buf);
+    if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
+    {
+        goto end;
+    }
+
+    free(buf);
+    bi_ctx = rsa_ctx->bi_ctx;
+    plaintext_bi = bi_import(bi_ctx, 
+            (const uint8_t *)plaintext, strlen(plaintext));
+
+    /* basic rsa encrypt */
+    enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
+    bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
+
+    /* basic rsa decrypt */
+    dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
+    bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
+
+    if (memcmp(dec_data, plaintext, strlen(plaintext)))
+    {
+        printf("Error: DECRYPT #1 failed\n");
+        goto end;
+    }
+
+    if (RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0) < 0)
+    {
+        printf("Error: ENCRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_decrypt(rsa_ctx, enc_data2, dec_data2, sizeof(dec_data2), 1);
+    if (memcmp("abc", dec_data2, 3))
+    {
+        printf("Error: DECRYPT #2 failed\n");
+        goto end;
+    }
+
+    RSA_free(rsa_ctx);
+    res = 0;
+    printf("All RSA tests passed\n");
+
+end:
+    RNG_terminate();
+    return res;
+}
+
+/**************************************************************************
+ * Cert Testing
+ *
+ **************************************************************************/
+static int cert_tests(void)
+{
+    int res = -1, len;
+    X509_CTX *x509_ctx;
+    SSL_CTX *ssl_ctx;
+    uint8_t *buf;
+
+    /* check a bunch of 3rd party certificates */
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/microsoft.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #1\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/thawte.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #2\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/deutsche_telecom.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #3\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/equifax.x509_ca", &buf);
+    if ((res = add_cert_auth(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #4\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/gnutls.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #5\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    len = get_file("../ssl/test/socgen.cer", &buf);
+    if ((res = add_cert(ssl_ctx, buf, len)) < 0)
+    {
+        printf("Cert #6\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    free(buf);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/camster_duckdns_org.crt", NULL)) != SSL_OK)
+    {
+        printf("Cert #7\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, 
+                "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #8\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if ((res = ssl_obj_load(ssl_ctx, 
+              SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
+    {
+        printf("Cert #9\n");
+        ssl_display_error(res);
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+
+    if (get_file("../ssl/test/qualityssl.com.der", &buf) < 0 ||
+                                    x509_new(buf, &len, &x509_ctx))
+    {
+        printf("Cert #10\n");
+        res = -1;
+        goto bad_cert;
+    }
+
+    if (strcmp(x509_ctx->subject_alt_dnsnames[1], "qualityssl.com"))
+    {
+        printf("Cert #11\n");
+        res = -1;
+        goto bad_cert;
+    }
+    x509_free(x509_ctx);
+    free(buf);
+
+    // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
+    ssl_ctx = ssl_ctx_new(0, 0);
+    if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, 
+            "../ssl/test/ca-bundle.crt", NULL))
+    {
+        goto bad_cert;
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    res = 0;        /* all ok */
+    printf("All Certificate tests passed\n");
+
+bad_cert:
+    if (res)
+        printf("Error: A certificate test failed\n");
+
+    return res;
+}
+
+/**
+ * init a server socket.
+ */
+static int server_socket_init(int *port)
+{
+    struct sockaddr_in serv_addr;
+    int server_fd;
+    char yes = 1;
+
+    /* Create socket for incoming connections */
+    if ((server_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+    {
+        return -1;
+    }
+      
+    setsockopt(server_fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes));
+
+go_again:
+    /* Construct local address structure */
+    memset(&serv_addr, 0, sizeof(serv_addr));      /* Zero out structure */
+    serv_addr.sin_family = AF_INET;                /* Internet address family */
+    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY); /* Any incoming interface */
+    serv_addr.sin_port = htons(*port);              /* Local port */
+
+    /* Bind to the local address */
+    if (bind(server_fd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
+    {
+        (*port)++;
+        goto go_again;
+    }
+    /* Mark the socket so it will listen for incoming connections */
+    if (listen(server_fd, 3000) < 0)
+    {
+        return -1;
+    }
+
+    return server_fd;
+}
+
+/**
+ * init a client socket.
+ */
+static int client_socket_init(uint16_t port)
+{
+    struct sockaddr_in address;
+    int client_fd;
+
+    address.sin_family = AF_INET;
+    address.sin_port = htons(port);
+    address.sin_addr.s_addr =  inet_addr("127.0.0.1");
+    client_fd = socket(AF_INET, SOCK_STREAM, 0);
+    if (connect(client_fd, (struct sockaddr *)&address, sizeof(address)) < 0)
+    {
+        perror("socket");
+        SOCKET_CLOSE(client_fd);
+        client_fd = -1;
+    }
+
+    return client_fd;
+}
+
+/**************************************************************************
+ * SSL Server Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    /* not used as yet */
+    int dummy;
+} SVR_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+} client_t;
+
+static void do_client(client_t *clnt)
+{
+    char openssl_buf[2048];
+    usleep(200000);           /* allow server to start */
+
+    /* show the session ids in the reconnect test */
+    if (strcmp(clnt->testname, "Session Reuse") == 0)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+            "-connect localhost:%d %s 2>&1 | grep \"Session-ID:\"", 
+            g_port, clnt->openssl_option);
+    }
+    else if (strstr(clnt->testname, "GNUTLS") == NULL)
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | openssl s_client "
+#ifdef WIN32
+            "-connect localhost:%d -quiet %s",
+#else
+            "-connect localhost:%d -quiet %s > /dev/null 2>&1",
+#endif
+            g_port, clnt->openssl_option);
+    }
+    else /* gnutls */
+    {
+        sprintf(openssl_buf, "echo \"hello client\" | gnutls-cli "
+#ifdef WIN32
+            "-p %d %s localhost",
+#else
+            "-p %d %s localhost > /dev/null 2>&1",
+#endif
+        g_port, clnt->openssl_option);
+    }
+
+//printf("CLIENT %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_server_test(
+        const char *testname, 
+        const char *openssl_option, 
+        const char *device_cert, 
+        const char *product_cert, 
+        const char *private_key,
+        const char *ca_cert,
+        const char *password,
+        int axtls_option)
+{
+    int server_fd, ret = 0;
+    SSL_CTX *ssl_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    client_t client_data;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    g_port++;
+
+    client_data.testname = testname;
+    client_data.openssl_option = openssl_option;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    if (private_key)
+    {
+        axtls_option |= SSL_NO_DEFAULT_KEY;
+    }
+
+    if ((ssl_ctx = ssl_ctx_new(axtls_option, SSL_DEFAULT_SVR_SESS)) == NULL)
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+    if (private_key)
+    {
+        int obj_type = SSL_OBJ_RSA_KEY;
+
+        if (strstr(private_key, ".p8"))
+            obj_type = SSL_OBJ_PKCS8;
+        else if (strstr(private_key, ".p12"))
+            obj_type = SSL_OBJ_PKCS12;
+
+        if (ssl_obj_load(ssl_ctx, obj_type, private_key, password))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+
+    if (device_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, device_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (product_cert)             /* test chaining */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CERT, product_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+    if (ca_cert)                  /* test adding certificate authorities */
+    {
+        if ((ret = ssl_obj_load(ssl_ctx, 
+                        SSL_OBJ_X509_CACERT, ca_cert, NULL)) != SSL_OK)
+            goto error;
+    }
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_client, (void *)&client_data);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_client, 
+            (LPVOID)&client_data, 0, NULL);
+#endif
+
+    for (;;)
+    {
+        int client_fd, size = 0; 
+        SSL *ssl;
+
+        /* Wait for a client to connect */
+        if ((client_fd = accept(server_fd, 
+                        (struct sockaddr *)&client_addr, &clnt_len)) < 0)
+        {
+            ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+            goto error;
+        }
+        
+        /* we are ready to go */
+        ssl = ssl_server_new(ssl_ctx, client_fd);
+        while ((size = ssl_read(ssl, &read_buf)) == SSL_OK);
+        SOCKET_CLOSE(client_fd);
+        
+        if (size == SSL_CLOSE_NOTIFY)
+        {
+            /* do nothing */ 
+        }
+        else if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ret = size;
+
+            if (ret == SSL_ERROR_CONN_LOST)
+                continue;
+
+            break;  /* we've got a problem */
+        }
+        else /* looks more promising */
+        {
+            if (strstr("hello client", (char *)read_buf) == NULL)
+            {
+                printf("SSL server test \"%s\" passed\n", testname);
+                TTY_FLUSH();
+                ret = 0;
+                break;
+            }
+        }
+
+        ssl_free(ssl);
+    }
+
+    SOCKET_CLOSE(server_fd);
+
+error:
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+int SSL_server_tests(void)
+{
+    int ret = -1;
+    struct stat stat_buf;
+    SVR_CTX svr_test_ctx;
+    memset(&svr_test_ctx, 0, sizeof(SVR_CTX));
+
+    printf("### starting server tests\n"); TTY_FLUSH();
+
+    /* Go through the algorithms */
+
+    /* 
+     * TLS client hello 
+     */
+
+    /*
+     * AES128-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES256-SHA TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA TLS1.2", 
+                    "-cipher AES256-SHA -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES128-SHA256 TLS1.2", 
+                    "-cipher AES128-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+
+    /*
+     * AES256-SHA256 TLS1.2
+     */
+    if ((ret = SSL_server_test("AES256-SHA256 TLS1.2", 
+                    "-cipher AES256-SHA256 -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.1
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * AES128-SHA TLS1.0
+     */
+    if ((ret = SSL_server_test("AES128-SHA TLS1.0", 
+                    "-cipher AES128-SHA -tls1", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * Session Reuse
+     * all the session id's should match for session resumption.
+     */
+    if ((ret = SSL_server_test("Session Reuse", 
+                    "-cipher AES128-SHA -reconnect -tls1_2", 
+                    DEFAULT_CERT, NULL, DEFAULT_KEY, NULL, NULL,
+                    DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 1024 bit RSA key (check certificate chaining)
+     */
+    if ((ret = SSL_server_test("1024 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 2048 bit RSA key 
+     */
+    if ((ret = SSL_server_test("2048 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_2048.cer", NULL, 
+                    "../ssl/test/axTLS.key_2048",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * 4096 bit RSA key 
+     */
+    if ((ret = SSL_server_test("4096 bit key", 
+                    "-cipher AES128-SHA -tls1_2",
+                    "../ssl/test/axTLS.x509_4096.cer", NULL, 
+                    "../ssl/test/axTLS.key_4096",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA256
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA256",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha256.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA384
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA384",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha384.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * RSA1024/SHA512
+     */
+    if ((ret = SSL_server_test("RSA1024/SHA512",
+                    "-tls1_2",
+                    "../ssl/test/axTLS.x509_1024_sha512.pem" , NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Client Verification
+     */
+    if ((ret = SSL_server_test("Client Verification TLS1.2", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ", 
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("Client Verification TLS1.1", 
+                    "-cipher AES128-SHA -tls1_1 "
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* this test should fail */
+    if (stat("../ssl/test/axTLS.x509_bad_before.pem", &stat_buf) >= 0)
+    {
+        if ((ret = SSL_server_test("Error: Bad Before Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_before.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID))
+            goto cleanup;
+
+        printf("SSL server test \"%s\" passed\n", "Bad Before Cert");
+        TTY_FLUSH();
+    }
+
+    /* this test should fail */
+    if ((ret = SSL_server_test("Error: Bad After Cert", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "Bad After Cert");
+    TTY_FLUSH();
+
+    /*
+     * No trusted cert
+     */
+    if ((ret = SSL_server_test("Error: No trusted certificate", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "No trusted certificate");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the server)
+     */
+    if ((ret = SSL_server_test("Error: Self-signed certificate (from server)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    NULL, NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)) !=
+                            SSL_X509_ERROR(X509_VFY_ERROR_SELF_SIGNED))
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", 
+                            "Self-signed certificate (from server)");
+    TTY_FLUSH();
+
+    /*
+     * Self-signed (from the client)
+     */
+    if ((ret = SSL_server_test("Self-signed certificate (from client)", 
+                    "-cipher AES128-SHA -tls1_2 "
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem ",
+                    NULL,
+                "../ssl/test/axTLS.x509_1024.pem", 
+                "../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.ca_x509.cer",
+                    NULL,
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+
+    /* 
+     * Key in PEM format
+     */
+    if ((ret = SSL_server_test("Key in PEM format",
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert in PEM format
+     */
+    if ((ret = SSL_server_test("Cert in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * Cert chain in PEM format
+     */
+    if ((ret = SSL_server_test("Cert chain in PEM format", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_device.pem", 
+                    NULL, "../ssl/test/axTLS.key_device.pem",
+                    "../ssl/test/axTLS.ca_x509.pem", NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES256 Encrypted key 
+     */
+    if ((ret = SSL_server_test("AES256 encrypted key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes256.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes256.pem",
+                    NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * AES128 Encrypted invalid key 
+     */
+    if ((ret = SSL_server_test("AES128 encrypted invalid key", 
+                    "-cipher AES128-SHA -tls1_2", 
+                    "../ssl/test/axTLS.x509_aes128.pem", NULL, 
+                    "../ssl/test/axTLS.key_aes128.pem",
+                    NULL, "xyz", DEFAULT_SVR_OPTION)) != SSL_ERROR_INVALID_KEY)
+        goto cleanup;
+
+    printf("SSL server test \"%s\" passed\n", "AES128 encrypted invalid key");
+    TTY_FLUSH();
+
+    /*
+     * PKCS#8 key (encrypted)
+     */
+    if ((ret = SSL_server_test("pkcs#8 encrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.encrypted.p8", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted DER format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 DER unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#8 key (unencrypted PEM format)
+     */
+    if ((ret = SSL_server_test("pkcs#8 PEM unencrypted", 
+                "-cipher AES128-SHA -tls1_2", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.unencrypted_pem.p8", 
+                NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /*
+     * PKCS#12 key/certificate
+     */
+    if ((ret = SSL_server_test("pkcs#12 with CA", "-cipher AES128-SHA", 
+                NULL, NULL, "../ssl/test/axTLS.withCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    if ((ret = SSL_server_test("pkcs#12 no CA", "-cipher AES128-SHA", 
+                DEFAULT_CERT, NULL, "../ssl/test/axTLS.withoutCA.p12", 
+                NULL, "abcd", DEFAULT_SVR_OPTION)))
+        goto cleanup;
+
+    /* 
+     * GNUTLS
+     */
+    if ((ret = SSL_server_test("GNUTLS client", 
+                    "",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    NULL, NULL, DEFAULT_SVR_OPTION)))
+        goto cleanup;
+    
+    if ((ret = SSL_server_test("GNUTLS client with verify", 
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem",
+                    "../ssl/test/axTLS.x509_1024.cer", NULL, 
+                    "../ssl/test/axTLS.key_1024",
+                    "../ssl/test/axTLS.ca_x509.cer", NULL, 
+                    DEFAULT_SVR_OPTION|SSL_CLIENT_AUTHENTICATION)))
+        goto cleanup;
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        printf("Error: A server test failed\n");
+        ssl_display_error(ret);
+        exit(1);
+    }
+    else
+    {
+        printf("All server tests passed\n"); TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Client Testing
+ *
+ **************************************************************************/
+typedef struct
+{
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+#ifndef WIN32
+    pthread_t server_thread;
+#endif
+    int start_server;
+    int stop_server;
+    int do_reneg;
+} CLNT_SESSION_RESUME_CTX;
+
+typedef struct
+{
+    const char *testname;
+    const char *openssl_option;
+    int do_gnutls;
+} server_t;
+
+static void do_server(server_t *svr)
+{
+    char openssl_buf[2048];
+#ifndef WIN32
+    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+#endif
+    if (svr->do_gnutls)
+    {
+        sprintf(openssl_buf, "gnutls-serv " 
+                "-p %d --quiet %s ", g_port, svr->openssl_option);
+    }
+    else
+    {
+        sprintf(openssl_buf, "openssl s_server " 
+#ifdef WIN32
+                "-accept %d -quiet %s", 
+#else
+                "-accept %d -quiet %s > /dev/null", 
+#endif
+                g_port, svr->openssl_option);
+    }
+//printf("SERVER %s\n", openssl_buf);
+    SYSTEM(openssl_buf);
+}
+
+static int SSL_client_test(
+        const char *test,
+        SSL_CTX **ssl_ctx,
+        const char *openssl_option, 
+        CLNT_SESSION_RESUME_CTX *sess_resume,
+        uint32_t client_options,
+        const char *private_key,
+        const char *password,
+        const char *cert)
+{
+    server_t server_data;
+    SSL *ssl = NULL;
+    int client_fd = -1;
+    uint8_t *session_id = NULL;
+    int ret = 1;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+
+    server_data.do_gnutls = strstr(test, "GNUTLS") != NULL;
+
+    if (sess_resume == NULL || sess_resume->start_server)
+    {
+        g_port++;
+        server_data.openssl_option = openssl_option;
+
+#ifndef WIN32
+        pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_server, (void *)&server_data);
+        pthread_detach(thread);
+#else
+        CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_server, 
+            (LPVOID)&server_data, 0, NULL);
+#endif
+    }
+    
+    usleep(200000);           /* allow server to start */
+
+    if (*ssl_ctx == NULL)
+    {
+        if (private_key)
+        {
+            client_options |= SSL_NO_DEFAULT_KEY;
+        }
+
+        if ((*ssl_ctx = ssl_ctx_new(
+                            client_options, SSL_DEFAULT_CLNT_SESS)) == NULL)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto client_test_exit;
+        }
+
+        if (private_key)
+        {
+            int obj_type = SSL_OBJ_RSA_KEY;
+
+            if (strstr(private_key, ".p8"))
+                obj_type = SSL_OBJ_PKCS8;
+            else if (strstr(private_key, ".p12"))
+                obj_type = SSL_OBJ_PKCS12;
+
+            if (ssl_obj_load(*ssl_ctx, obj_type, private_key, password))
+            {
+                ret = SSL_ERROR_INVALID_KEY;
+                goto client_test_exit;
+            }
+        }
+
+        if (cert)                  
+        {
+            if ((ret = ssl_obj_load(*ssl_ctx, 
+                            SSL_OBJ_X509_CERT, cert, NULL)) != SSL_OK)
+            {
+                printf("could not add cert %s (%d)\n", cert, ret);
+                TTY_FLUSH();
+                goto client_test_exit;
+            }
+        }
+
+        if (ssl_obj_load(*ssl_ctx, SSL_OBJ_X509_CACERT, 
+                "../ssl/test/axTLS.ca_x509.cer", NULL))
+        {
+            printf("could not add cert auth\n"); TTY_FLUSH();
+            goto client_test_exit;
+        }
+    }
+    
+    if (sess_resume && !sess_resume->start_server) 
+    {
+        session_id = sess_resume->session_id;
+    }
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+    {
+        printf("could not start socket on %d\n", g_port); TTY_FLUSH();
+        goto client_test_exit;
+    }
+
+    ssl = ssl_client_new(*ssl_ctx, client_fd, 
+            session_id, sizeof(session_id), NULL);
+
+    /* check the return status */
+    if ((ret = ssl_handshake_status(ssl)))
+        goto client_test_exit;
+
+    /* renegotiate client */
+    if (sess_resume && sess_resume->do_reneg) 
+    {
+        if (ssl_renegotiate(ssl) == -SSL_ALERT_NO_RENEGOTIATION) 
+            ret = 0;
+        else
+            ret = -SSL_ALERT_NO_RENEGOTIATION;
+
+        goto client_test_exit;
+    }
+
+    if (sess_resume)
+    {
+        memcpy(sess_resume->session_id, 
+                ssl_get_session_id(ssl), SSL_SESSION_ID_SIZE);
+    }
+
+    if (IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER) && 
+                                            (ret = ssl_verify_cert(ssl)))
+    {
+        goto client_test_exit;
+    }
+
+    ssl_write(ssl, (uint8_t *)"hello world\n", 13);
+    if (sess_resume)
+    {
+        const uint8_t *sess_id = ssl_get_session_id(ssl);
+        int i;
+
+        printf("    Session-ID: ");
+        for (i = 0; i < SSL_SESSION_ID_SIZE; i++)
+        {
+            printf("%02X", sess_id[i]);
+        }
+        printf("\n");
+        TTY_FLUSH();
+    }
+
+    ret = 0;
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    usleep(200000);           /* allow openssl to say something */
+
+    if (sess_resume)
+    {
+        if (sess_resume->stop_server)
+        {
+            ssl_ctx_free(*ssl_ctx);
+            *ssl_ctx = NULL;
+        }
+        else if (sess_resume->start_server)
+        {
+#ifndef WIN32
+           sess_resume->server_thread = thread;
+#endif
+        }
+    }
+    else
+    {
+        ssl_ctx_free(*ssl_ctx);
+        *ssl_ctx = NULL;
+    }
+
+    if (ret == 0)
+    {
+        printf("SSL client test \"%s\" passed\n", test);
+        TTY_FLUSH();
+    }
+
+    return ret;
+}
+
+int SSL_client_tests(void)
+{
+    int ret =  -1;
+    SSL_CTX *ssl_ctx = NULL;
+    CLNT_SESSION_RESUME_CTX sess_resume;
+    memset(&sess_resume, 0, sizeof(CLNT_SESSION_RESUME_CTX));
+
+    sess_resume.start_server = 1;
+    printf("### starting client tests\n");
+   
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", 
+                    &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* all the session id's should match for session resumption */
+    sess_resume.start_server = 0;
+    if ((ret = SSL_client_test("Client session resumption #1", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    // no client renegotiation
+    sess_resume.do_reneg = 1;
+    // test relies on openssl killing the call
+    if ((ret = SSL_client_test("Client renegotiation", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+    sess_resume.do_reneg = 0;
+
+    sess_resume.stop_server = 1;
+    if ((ret = SSL_client_test("Client session resumption #2", 
+                    &ssl_ctx, NULL, &sess_resume, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("1024 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("2048 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem",  NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("4096 bit key", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_4096.pem "
+                    "-key ../ssl/test/axTLS.key_4096.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.1", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1_1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("TLS 1.0", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_1024.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem -tls1", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Basic Constraint - len OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    if ((ret = SSL_client_test("Basic Constraint - len NOT OK", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_end_chain_bad.pem -key "
+                    "../ssl/test/axTLS.key_end_chain.pem -CAfile "
+                    "../ssl/test/axTLS.x509_intermediate_ca2.pem",
+                    NULL, 
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL))
+                            != SSL_X509_ERROR(X509_VFY_ERROR_BASIC_CONSTRAINT))
+    {
+        printf("*** Error: %d\n", ret); 
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
+        goto cleanup;
+    }
+
+    printf("SSL server test \"%s\" passed\n", "Basic Constraint - len NOT OK");
+
+    if ((ret = SSL_client_test("Server cert chaining", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_device.pem "
+                    "-key ../ssl/test/axTLS.key_device.pem "
+                    "-CAfile ../ssl/test/axTLS.x509_1024.pem ", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Check the server can verify the client */
+    if ((ret = SSL_client_test("Client peer authentication TLS1.1",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 -tls1_1", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024", NULL,
+                    "../ssl/test/axTLS.x509_1024.cer")))
+        goto cleanup;
+
+    /* Should get an "ERROR" from openssl (as the handshake fails as soon as
+     * the certificate verification fails) */
+    if ((ret = SSL_client_test("Error: Expired cert (verify now)",
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION, NULL, NULL, NULL)) != 
+                            SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret);
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify now)\" passed\n");
+
+    /* There is no "ERROR" from openssl */
+    if ((ret = SSL_client_test("Error: Expired cert (verify later)", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_bad_after.pem "
+                    "-key ../ssl/test/axTLS.key_1024.pem", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, NULL, 
+                    NULL, NULL)) != SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED))
+    {
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Expired cert (verify later)\" passed\n");
+
+    /* invalid cert type */
+    /*if ((ret = SSL_client_test("Error: Invalid certificate type", 
+                    &ssl_ctx,
+                    "-cert ../ssl/test/axTLS.x509_2048.pem "
+                    "-key ../ssl/test/axTLS.key_2048.pem "
+                    "-CAfile ../ssl/test/axTLS.ca_x509.pem "
+                    "-verify 1 ", NULL, DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")) 
+                            != SSL_ERROR_INVALID_KEY)
+    {
+        if (ret == 0)
+            ret = SSL_NOT_OK;
+
+        printf("*** Error: %d\n", ret); TTY_FLUSH();
+        goto cleanup;
+    }
+
+    printf("SSL client test \"Invalid certificate type\" passed\n"); */
+
+    if ((ret = SSL_client_test("GNUTLS client", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -g", NULL,
+                    DEFAULT_CLNT_OPTION, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem")))
+        goto cleanup;
+
+    ret = 0;
+
+    if ((ret = SSL_client_test("GNUTLS client with verify", 
+                    &ssl_ctx,
+                    "--x509certfile ../ssl/test/axTLS.x509_1024.pem "
+                    "--x509keyfile ../ssl/test/axTLS.key_1024.pem -r -g", NULL,
+                    DEFAULT_CLNT_OPTION|SSL_SERVER_VERIFY_LATER, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL,
+                    "../ssl/test/axTLS.x509_1024.pem"))) 
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    if (ret)
+    {
+        ssl_display_error(ret);
+        printf("Error: A client test failed\n");
+        SYSTEM("sh ../ssl/test/killopenssl.sh");
+        SYSTEM("sh ../ssl/test/killgnutls.sh");
+        exit(1);
+    }
+    else
+    {
+        printf("All client tests passed\n"); TTY_FLUSH();
+    }
+
+    ssl_ctx_free(ssl_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL Basic Testing (test a big packet handshake)
+ *
+ **************************************************************************/
+static uint8_t basic_buf[256*1024];
+
+static void do_basic(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    /* check the return status */
+    if (ssl_handshake_status(ssl_clnt) < 0)
+    {
+        ssl_display_error(ssl_handshake_status(ssl_clnt));
+        goto error;
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_basic_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_basic, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_basic, NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL basic test passed\n" :
+                            "SSL basic test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+/**************************************************************************
+ * SSL unblocked case
+ *
+ **************************************************************************/
+static void do_unblocked(void)
+{
+    int client_fd;
+    SSL *ssl_clnt;
+    SSL_CTX *ssl_clnt_ctx = ssl_ctx_new(
+                            DEFAULT_CLNT_OPTION, 
+                            SSL_DEFAULT_CLNT_SESS |
+                            SSL_CONNECT_IN_PARTS);
+    usleep(200000);           /* allow server to start */
+
+    if ((client_fd = client_socket_init(g_port)) < 0)
+        goto error;
+
+    {
+#ifdef WIN32
+        u_long argp = 1;
+        ioctlsocket(client_fd, FIONBIO, &argp);
+#else
+        int flags = fcntl(client_fd, F_GETFL, NULL);
+        fcntl(client_fd, F_SETFL, flags | O_NONBLOCK);
+#endif
+    }
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    ssl_clnt = ssl_client_new(ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    while (ssl_handshake_status(ssl_clnt) != SSL_OK)
+    {
+        if (ssl_read(ssl_clnt, NULL) < 0)
+        {
+            ssl_display_error(ssl_handshake_status(ssl_clnt));
+            goto error;
+        }
+    }
+
+    ssl_write(ssl_clnt, basic_buf, sizeof(basic_buf));
+    ssl_free(ssl_clnt);
+
+error:
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(client_fd);
+
+    /* exit this thread */
+}
+
+static int SSL_unblocked_test(void)
+{
+    int server_fd, client_fd, ret = 0, size = 0, offset = 0;
+    SSL_CTX *ssl_svr_ctx = NULL;
+    struct sockaddr_in client_addr;
+    uint8_t *read_buf;
+    socklen_t clnt_len = sizeof(client_addr);
+    SSL *ssl_svr;
+#ifndef WIN32
+    pthread_t thread;
+#endif
+    memset(basic_buf, 0xA5, sizeof(basic_buf)/2);
+    memset(&basic_buf[sizeof(basic_buf)/2], 0x5A, sizeof(basic_buf)/2);
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+#ifndef WIN32
+    pthread_create(&thread, NULL, 
+                (void *(*)(void *))do_unblocked, NULL);
+    pthread_detach(thread);
+#else
+    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_unblocked, 
+                        NULL, 0, NULL);
+#endif
+
+    /* Wait for a client to connect */
+    if ((client_fd = accept(server_fd, 
+                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+    {
+        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+        goto error;
+    }
+    
+    /* we are ready to go */
+    ssl_svr = ssl_server_new(ssl_svr_ctx, client_fd);
+    
+    do
+    {
+        while ((size = ssl_read(ssl_svr, &read_buf)) == SSL_OK);
+
+        if (size < SSL_OK) /* got some alert or something nasty */
+        {
+            ssl_display_error(size);
+            ret = size;
+            break;
+        }
+        else /* looks more promising */
+        {
+            if (memcmp(read_buf, &basic_buf[offset], size) != 0)
+            {
+                ret = SSL_NOT_OK;
+                break;
+            }
+        }
+
+        offset += size;
+    } while (offset < sizeof(basic_buf));
+
+    printf(ret == SSL_OK && offset == sizeof(basic_buf) ? 
+                            "SSL unblocked test passed\n" :
+                            "SSL unblocked test failed\n");
+    TTY_FLUSH();
+
+    ssl_free(ssl_svr);
+    SOCKET_CLOSE(server_fd);
+    SOCKET_CLOSE(client_fd);
+
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    return ret;
+}
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+/**************************************************************************
+ * Multi-Threading Tests
+ *
+ **************************************************************************/
+#define NUM_THREADS         100
+
+typedef struct
+{
+    SSL_CTX *ssl_clnt_ctx;
+    int port;
+    int thread_id;
+} multi_t;
+
+void do_multi_clnt(multi_t *multi_data)
+{
+    int res = 1, client_fd, i;
+    SSL *ssl = NULL;
+    char tmp[5];
+
+    if ((client_fd = client_socket_init(multi_data->port)) < 0)
+        goto client_test_exit;
+
+    usleep(200000);
+    ssl = ssl_client_new(multi_data->ssl_clnt_ctx, client_fd, NULL, 0, NULL);
+
+    if ((res = ssl_handshake_status(ssl)))
+    {
+        printf("Client ");
+        ssl_display_error(res);
+        goto client_test_exit;
+    }
+
+    sprintf(tmp, "%d\n", multi_data->thread_id);
+    for (i = 0; i < 10; i++)
+        ssl_write(ssl, (uint8_t *)tmp, strlen(tmp)+1);
+
+client_test_exit:
+    ssl_free(ssl);
+    SOCKET_CLOSE(client_fd);
+    free(multi_data);
+}
+
+void do_multi_svr(SSL *ssl)
+{
+    uint8_t *read_buf;
+    int *res_ptr = malloc(sizeof(int));
+    int res;
+
+    for (;;)
+    {
+        res = ssl_read(ssl, &read_buf);
+
+        /* kill the client */
+        if (res != SSL_OK)
+        {
+            if (res == SSL_ERROR_CONN_LOST)
+            {
+                SOCKET_CLOSE(ssl->client_fd);
+                ssl_free(ssl);
+                break;
+            }
+            else if (res > 0)
+            {
+                /* do nothing */
+            }
+            else /* some problem */
+            {
+                printf("Server ");
+                ssl_display_error(res);
+                goto error;
+            }
+        }
+    }
+
+    res = SSL_OK;
+error:
+    *res_ptr = res;
+    pthread_exit(res_ptr);
+}
+
+int multi_thread_test(void)
+{
+    int server_fd = -1;
+    SSL_CTX *ssl_server_ctx;
+    SSL_CTX *ssl_clnt_ctx;
+    pthread_t clnt_threads[NUM_THREADS];
+    pthread_t svr_threads[NUM_THREADS];
+    int i, res = 0;
+    struct sockaddr_in client_addr;
+    socklen_t clnt_len = sizeof(client_addr);
+
+    printf("Do multi-threading test (takes a minute)\n");
+
+    ssl_svr_ctx = ssl_ctx_new(DEFAULT_SVR_OPTION, SSL_DEFAULT_SVR_SESS);
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_X509_CERT, 
+                    "../ssl/test/axTLS.x509_1024.pem", NULL)) != SSL_OK)
+        goto error;
+
+    if ((ret = ssl_obj_load(ssl_svr_ctx, SSL_OBJ_RSA_KEY, 
+                    "../ssl/test/axTLS.key_1024.pem", NULL)) != SSL_OK)
+        goto error;
+    ssl_clnt_ctx = ssl_ctx_new(DEFAULT_CLNT_OPTION, SSL_DEFAULT_CLNT_SESS);
+
+    if (ssl_obj_load(ssl_clnt_ctx, SSL_OBJ_X509_CACERT, 
+                                        "../ssl/test/axTLS.ca_x509.cer", NULL))
+        goto error;
+
+    if ((server_fd = server_socket_init(&g_port)) < 0)
+        goto error;
+
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        multi_t *multi_data = (multi_t *)malloc(sizeof(multi_t));
+        multi_data->ssl_clnt_ctx = ssl_clnt_ctx;
+        multi_data->port = g_port;
+        multi_data->thread_id = i+1;
+        pthread_create(&clnt_threads[i], NULL, 
+                (void *(*)(void *))do_multi_clnt, (void *)multi_data);
+        pthread_detach(clnt_threads[i]);
+    }
+
+    for (i = 0; i < NUM_THREADS; i++)
+    { 
+        SSL *ssl_svr;
+        int client_fd = accept(server_fd, 
+                      (struct sockaddr *)&client_addr, &clnt_len);
+
+        if (client_fd < 0)
+            goto error;
+
+        ssl_svr = ssl_server_new(ssl_server_ctx, client_fd);
+
+        pthread_create(&svr_threads[i], NULL, 
+                        (void *(*)(void *))do_multi_svr, (void *)ssl_svr);
+    }
+
+    /* make sure we've run all of the threads */
+    for (i = 0; i < NUM_THREADS; i++)
+    {
+        void *thread_res;
+        pthread_join(svr_threads[i], &thread_res);
+
+        if (*((int *)thread_res) != 0)
+            res = 1;
+
+        free(thread_res);
+    } 
+
+    if (res) 
+        goto error;
+
+    printf("Multi-thread test passed (%d)\n", NUM_THREADS);
+error:
+    ssl_ctx_free(ssl_svr_ctx);
+    ssl_ctx_free(ssl_clnt_ctx);
+    SOCKET_CLOSE(server_fd);
+    return res;
+}
+#endif /* !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING) */ 
+
+/**************************************************************************
+ * Header issue
+ *
+ **************************************************************************/
+//static void do_header_issue(void)
+//{
+//    char axtls_buf[2048];
+//#ifndef WIN32
+//    pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL);
+//#endif
+//    sprintf(axtls_buf, "./axssl s_client -connect localhost:%d", g_port);
+//    SYSTEM(axtls_buf);
+//}
+//
+//static int header_issue(void)
+//{
+//    FILE *f = fopen("../ssl/test/header_issue.dat", "r");
+//    int server_fd = -1, client_fd = -1, ret = 1;
+//    uint8_t buf[2048];
+//    int size = 0;
+//    struct sockaddr_in client_addr;
+//    socklen_t clnt_len = sizeof(client_addr);
+//#ifndef WIN32
+//    pthread_t thread;
+//#endif
+//
+//    if (f == NULL || (server_fd = server_socket_init(&g_port)) < 0)
+//        goto error;
+//
+//#ifndef WIN32
+//    pthread_create(&thread, NULL, 
+//                (void *(*)(void *))do_header_issue, NULL);
+//    pthread_detach(thread);
+//#else
+//    CreateThread(NULL, 1024, (LPTHREAD_START_ROUTINE)do_header_issue, 
+//                NULL, 0, NULL);
+//#endif
+//    if ((client_fd = accept(server_fd, 
+//                    (struct sockaddr *) &client_addr, &clnt_len)) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    size = fread(buf, 1, sizeof(buf), f);
+//    if (SOCKET_WRITE(client_fd, buf, size) < 0)
+//    {
+//        ret = SSL_ERROR_SOCK_SETUP_FAILURE;
+//        goto error;
+//    }
+//
+//    usleep(200000);
+//
+//    ret = 0;
+//error:
+//    fclose(f);
+//    SOCKET_CLOSE(client_fd);
+//    SOCKET_CLOSE(server_fd);
+//    TTY_FLUSH();
+//    SYSTEM("killall axssl");
+//    return ret;
+//}
+
+/**************************************************************************
+ * main()
+ *
+ **************************************************************************/
+int main(int argc, char *argv[])
+{
+    int ret = 1;
+    BI_CTX *bi_ctx;
+    int fd;
+
+#ifdef WIN32
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSAStartup(wVersionRequested, &wsaData);
+    fd = _open("test_result.txt", O_WRONLY|O_TEMPORARY|O_CREAT, _S_IWRITE);
+    dup2(fd, 2);                        /* write stderr to this file */
+#else
+    fd = open("/dev/null", O_WRONLY);   /* write stderr to /dev/null */
+    signal(SIGPIPE, SIG_IGN);           /* ignore pipe errors */
+    dup2(fd, 2);
+#endif
+
+    /* can't do testing in this mode */
+#if defined CONFIG_SSL_GENERATE_X509_CERT
+    printf("Error: Must compile with default key/certificates\n");
+    exit(1);
+#endif
+
+    bi_ctx = bi_initialize();
+
+    if (AES_test(bi_ctx))
+    {
+        printf("AES tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (MD5_test(bi_ctx))
+    {
+        printf("MD5 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA1_test(bi_ctx))
+    {
+        printf("SHA1 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA256_test(bi_ctx))
+    {
+        printf("SHA256 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA384_test(bi_ctx))
+    {
+        printf("SHA384 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (SHA512_test(bi_ctx))
+    {
+        printf("SHA512 tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (HMAC_test(bi_ctx))
+    {
+        printf("HMAC tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (BIGINT_test(bi_ctx))
+    {
+        printf("BigInt tests failed!\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    bi_terminate(bi_ctx);
+
+    if (RSA_test())
+    {
+        printf("RSA tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+    if (cert_tests())
+    {
+        printf("CERT tests failed\n");
+        goto cleanup;
+    }
+    TTY_FLUSH();
+
+#if !defined(WIN32) && defined(CONFIG_SSL_CTX_MUTEXING)
+    if (multi_thread_test())
+        goto cleanup;
+#endif
+
+    if (SSL_basic_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_unblocked_test())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+    if (SSL_client_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+    SYSTEM("sh ../ssl/test/killgnutls.sh");
+
+    if (SSL_server_tests())
+        goto cleanup;
+
+    SYSTEM("sh ../ssl/test/killopenssl.sh");
+
+//    if (header_issue())
+//    {
+//        printf("Header tests failed\n"); TTY_FLUSH();
+//        goto cleanup;
+//    }
+
+    ret = 0;        /* all ok */
+    printf("**** ALL TESTS PASSED ****\n"); TTY_FLUSH();
+cleanup:
+
+    if (ret)
+        printf("Error: Some tests failed!\n");
+
+    close(fd);
+    return ret;
+}
diff --git a/ssl/tls1.c b/ssl/tls1.c
new file mode 100644
index 0000000000..ac347d261a
--- /dev/null
+++ b/ssl/tls1.c
@@ -0,0 +1,2603 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Common ssl/tlsv1 code to both the client and server implementations.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include "os_port.h"
+#include "ssl.h"
+
+/* The session expiry time */
+#define SSL_EXPIRY_TIME     (CONFIG_SSL_EXPIRY_TIME*3600)
+
+static const uint8_t g_hello_request[] = { HS_HELLO_REQUEST, 0, 0, 0 };
+static const uint8_t g_chg_cipher_spec_pkt[] = { 1 };
+static const char * server_finished = "server finished";
+static const char * client_finished = "client finished";
+
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len);
+static int set_key_block(SSL *ssl, int is_write);
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len);
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached);
+static int send_raw_packet(SSL *ssl, uint8_t protocol);
+static void certificate_free(SSL* ssl);
+static int increase_bm_data_size(SSL *ssl, size_t size);
+static int check_certificate_chain(SSL *ssl);
+
+/**
+ * The server will pick the cipher based on the order that the order that the
+ * ciphers are listed. This order is defined at compile time.
+ */
+#ifndef CONFIG_SSL_SKELETON_MODE
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index);
+#endif
+
+const uint8_t ssl_prot_prefs[NUM_PROTOCOLS] = 
+#ifdef CONFIG_SSL_PROT_LOW                  /* low security, fast speed */
+{ SSL_AES128_SHA, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES256_SHA256 };
+#elif CONFIG_SSL_PROT_MEDIUM                /* medium security, medium speed */
+{ SSL_AES128_SHA256, SSL_AES256_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };    
+#else /* CONFIG_SSL_PROT_HIGH */            /* high security, low speed */
+{ SSL_AES256_SHA256, SSL_AES128_SHA256, SSL_AES256_SHA, SSL_AES128_SHA };
+#endif
+
+/**
+ * The cipher map containing all the essentials for each cipher.
+ */
+static const cipher_info_t cipher_info[NUM_PROTOCOLS] = 
+{
+    {   /* AES128-SHA */
+        SSL_AES128_SHA,                 /* AES128-SHA */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+16+16),            /* key block size */
+        hmac_sha1_v,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },
+    {   /* AES256-SHA */
+        SSL_AES256_SHA,                 /* AES256-SHA */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA1_SIZE,                      /* digest size */
+        2*(SHA1_SIZE+32+16),            /* key block size */
+        hmac_sha1_v,                    /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* AES128-SHA256 */
+        SSL_AES128_SHA256,              /* AES128-SHA256 */
+        16,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256_v,                  /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    },       
+    {   /* AES256-SHA256 */
+        SSL_AES256_SHA256,              /* AES256-SHA256 */
+        32,                             /* key size */
+        16,                             /* iv size */ 
+        16,                             /* block padding size */
+        SHA256_SIZE,                    /* digest size */
+        2*(SHA256_SIZE+32+16),          /* key block size */
+        hmac_sha256_v,                  /* hmac algorithm */
+        (crypt_func)AES_cbc_encrypt,    /* encrypt */
+        (crypt_func)AES_cbc_decrypt     /* decrypt */
+    }
+};
+
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
+        uint8_t *out, int olen);
+static const cipher_info_t *get_cipher_info(uint8_t cipher);
+static void increment_read_sequence(SSL *ssl);
+static void increment_write_sequence(SSL *ssl);
+static void add_hmac_digest(SSL *ssl, int snd, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf);
+
+/* win32 VC6.0 doesn't have variadic macros */
+#if defined(WIN32) && !defined(CONFIG_SSL_FULL_MODE)
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...) {}
+#endif
+
+/**
+ * Allocate new SSL extensions structure and return pointer to it
+ *
+ */
+EXP_FUNC SSL_EXTENSIONS * STDCALL ssl_ext_new()
+{
+    return (SSL_EXTENSIONS *)calloc(1, sizeof(SSL_EXTENSIONS));
+}
+
+/**
+ * Free SSL extensions structure
+ *
+ */
+EXP_FUNC void STDCALL ssl_ext_free(SSL_EXTENSIONS *ssl_ext)
+{
+    if (ssl_ext == NULL ) 
+    {
+        return;
+    }
+
+    free(ssl_ext);
+}
+
+EXP_FUNC void STDCALL ssl_ext_set_host_name(SSL_EXTENSIONS * ext, const char* host_name)
+{
+    free(ext->host_name);
+    ext->host_name = NULL;
+    if (host_name) {
+        ext->host_name = strdup(host_name);
+    }
+}
+
+/**
+ * Set the maximum fragment size for the fragment size negotiation extension
+ */
+EXP_FUNC void STDCALL ssl_ext_set_max_fragment_size(SSL_EXTENSIONS * ext, unsigned fragment_size)
+{
+    ext->max_fragment_size = fragment_size;
+}
+
+/**
+ * Establish a new client/server context.
+ */
+EXP_FUNC SSL_CTX *STDCALL ssl_ctx_new(uint32_t options, int num_sessions)
+{
+    SSL_CTX *ssl_ctx = (SSL_CTX *)calloc(1, sizeof (SSL_CTX));
+    ssl_ctx->options = options;
+    RNG_initialize();
+
+    if (load_key_certs(ssl_ctx) < 0)
+    {
+        free(ssl_ctx);  /* can't load our key/certificate pair, so die */
+        return NULL;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl_ctx->num_sessions = num_sessions;
+#endif
+
+    SSL_CTX_MUTEX_INIT(ssl_ctx->mutex);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (num_sessions)
+    {
+        ssl_ctx->ssl_sessions = (SSL_SESSION **)
+                        calloc(1, num_sessions*sizeof(SSL_SESSION *));
+    }
+#endif
+
+    return ssl_ctx;
+}
+
+/*
+ * Remove a client/server context.
+ */
+EXP_FUNC void STDCALL ssl_ctx_free(SSL_CTX *ssl_ctx)
+{
+    SSL *ssl;
+    int i;
+
+    if (ssl_ctx == NULL)
+        return;
+
+    ssl = ssl_ctx->head;
+
+    /* clear out all the ssl entries */
+    while (ssl)
+    {
+        SSL *next = ssl->next;
+        ssl_free(ssl);
+        ssl = next;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* clear out all the sessions */
+    for (i = 0; i < ssl_ctx->num_sessions; i++)
+        session_free(ssl_ctx->ssl_sessions, i);
+
+    free(ssl_ctx->ssl_sessions);
+#endif
+
+    i = 0;
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf)
+    {
+        free(ssl_ctx->certs[i].buf);
+        ssl_ctx->certs[i++].buf = NULL;
+    }
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    remove_ca_certs(ssl_ctx->ca_cert_ctx);
+#endif
+    ssl_ctx->chain_length = 0;
+    SSL_CTX_MUTEX_DESTROY(ssl_ctx->mutex);
+    RSA_free(ssl_ctx->rsa_ctx);
+    RNG_terminate();
+    free(ssl_ctx);
+}
+
+/*
+ * Free any used resources used by this connection.
+ */
+EXP_FUNC void STDCALL ssl_free(SSL *ssl)
+{
+    SSL_CTX *ssl_ctx;
+
+    if (ssl == NULL)        /* just ignore null pointers */
+        return;
+
+    /* only notify if we weren't notified first */
+    /* spec says we must notify when we are dying */
+    if (!IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+
+    ssl_ctx = ssl->ssl_ctx;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    /* adjust the server SSL list */
+    if (ssl->prev)
+        ssl->prev->next = ssl->next;
+    else
+        ssl_ctx->head = ssl->next;
+
+    if (ssl->next)
+        ssl->next->prev = ssl->prev;
+    else
+        ssl_ctx->tail = ssl->prev;
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+
+    /* may already be free - but be sure */
+    free(ssl->encrypt_ctx);
+    ssl->encrypt_ctx = NULL;
+    free(ssl->decrypt_ctx);
+    ssl->decrypt_ctx = NULL;
+    disposable_free(ssl);
+    certificate_free(ssl);
+    free(ssl->bm_all_data);
+    ssl_ext_free(ssl->extensions);
+    ssl->extensions = NULL;
+    free(ssl);
+}
+
+/*
+ * Read the SSL connection and send any alerts for various errors.
+ */
+EXP_FUNC int STDCALL ssl_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    do {
+        ret= basic_read(ssl, in_data);
+
+        /* check for return code so we can send an alert */
+        if (ret < SSL_OK && ret != SSL_CLOSE_NOTIFY)
+        {
+            if (ret != SSL_ERROR_CONN_LOST)
+            {
+                send_alert(ssl, ret);
+    #ifndef CONFIG_SSL_SKELETON_MODE
+                /* something nasty happened, so get rid of this session */
+                kill_ssl_session(ssl->ssl_ctx->ssl_sessions, ssl);
+    #endif
+            }
+        }
+    } while (IS_SET_SSL_FLAG(SSL_READ_BLOCKING) && (ssl->got_bytes < ssl->need_bytes) && ret == 0 && !IS_SET_SSL_FLAG(SSL_NEED_RECORD));
+    return ret;
+}
+
+/*
+ * Write application data to the client
+ */
+EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
+{
+    int n = out_len, nw, i, tot = 0;
+    /* maximum size of a TLS packet is around 16kB, so fragment */
+
+    do 
+    {
+        nw = n;
+
+        if (nw > ssl->max_plain_length)    /* fragment if necessary */
+            nw = ssl->max_plain_length;
+
+        if ((i = send_packet(ssl, PT_APP_PROTOCOL_DATA, 
+                                            &out_data[tot], nw)) <= 0)
+        {
+            out_len = i;    /* an error */
+            break;
+        }
+
+        tot += i;
+        n -= i;
+    } while (n > 0);
+
+    return out_len;
+}
+
+EXP_FUNC int STDCALL ssl_calculate_write_length(SSL *ssl, int length)
+{
+    int msg_length = 0;
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (ssl->flag & SSL_SENT_CLOSE_NOTIFY)
+        return SSL_CLOSE_NOTIFY;
+
+    msg_length += length;
+
+    if (ssl->flag & SSL_TX_ENCRYPTED)
+    {
+        msg_length += ssl->cipher_info->digest_size;
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+            msg_length += pad_bytes;
+        }
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            msg_length += ssl->cipher_info->iv_size;
+        }
+    }
+    return SSL_RECORD_SIZE+msg_length;
+}
+
+/**
+ * Add a certificate to the certificate chain.
+ */
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = SSL_ERROR_NO_CERT_DEFINED, i = 0;
+    SSL_CERT *ssl_cert;
+    X509_CTX *cert = NULL;
+    int offset;
+
+    while (i < CONFIG_SSL_MAX_CERTS && ssl_ctx->certs[i].buf) 
+        i++;
+
+    if (i == CONFIG_SSL_MAX_CERTS) /* too many certs */
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        printf("Error: maximum number of certs added (%d) - change of "
+                "compile-time configuration required\n",
+                CONFIG_SSL_MAX_CERTS);
+#endif
+        goto error;
+    }
+
+    if ((ret = x509_new(buf, &offset, &cert)))
+        goto error;
+
+#if defined (CONFIG_SSL_FULL_MODE)
+    if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+        x509_print(cert, NULL);
+#endif
+
+    ssl_cert = &ssl_ctx->certs[i];
+    ssl_cert->size = len;
+    ssl_cert->buf = (uint8_t *)malloc(len);
+
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_SHA1:
+            ssl_cert->hash_alg = SIG_ALG_SHA1;
+            break;
+
+        case SIG_TYPE_SHA256:
+            ssl_cert->hash_alg = SIG_ALG_SHA256;
+            break;
+
+        case SIG_TYPE_SHA384:
+            ssl_cert->hash_alg = SIG_ALG_SHA384;
+            break;
+
+        case SIG_TYPE_SHA512:
+            ssl_cert->hash_alg = SIG_ALG_SHA512;
+            break;
+    }
+
+    memcpy(ssl_cert->buf, buf, len);
+    ssl_ctx->chain_length++;
+    len -= offset;
+    ret = SSL_OK;           /* ok so far */
+
+    /* recurse? */
+    if (len > 0)
+    {
+        ret = add_cert(ssl_ctx, &buf[offset], len);
+    }
+
+error:
+    x509_free(cert);        /* don't need anymore */
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Add a certificate authority.
+ */
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
+{
+    int ret = X509_OK; /* ignore errors for now */
+    int i = 0;
+    CA_CERT_CTX *ca_cert_ctx;
+
+    if (ssl_ctx->ca_cert_ctx == NULL)
+        ssl_ctx->ca_cert_ctx = (CA_CERT_CTX *)calloc(1, sizeof(CA_CERT_CTX));
+
+    ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+
+    while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) 
+        i++;
+
+    while (len > 0)
+    {
+        int offset;
+        if (i >= CONFIG_X509_MAX_CA_CERTS)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: maximum number of CA certs added (%d) - change of "
+                    "compile-time configuration required\n", 
+                    CONFIG_X509_MAX_CA_CERTS);
+#endif
+            ret = X509_MAX_CERTS;
+            break;
+        }
+
+        /* ignore the return code */
+        if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+        {
+#if defined (CONFIG_SSL_FULL_MODE)
+            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+                x509_print(ca_cert_ctx->cert[i], NULL);
+#endif
+        }
+
+        i++;
+        len -= offset;
+    }
+
+    return ret;
+}
+
+/*
+ * Retrieve an X.509 distinguished name component
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    if (ssl->x509_ctx == NULL)
+        return NULL;
+
+    switch (component)
+    {
+        case SSL_X509_CERT_COMMON_NAME:
+            return ssl->x509_ctx->cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CERT_ORGANIZATION:
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        case SSL_X509_CERT_LOCATION:       
+            return ssl->x509_ctx->cert_dn[X509_LOCATION];
+
+        case SSL_X509_CERT_COUNTRY:       
+            return ssl->x509_ctx->cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CERT_STATE:       
+            return ssl->x509_ctx->cert_dn[X509_STATE];
+
+        case SSL_X509_CA_CERT_COMMON_NAME:
+            return ssl->x509_ctx->ca_cert_dn[X509_COMMON_NAME];
+
+        case SSL_X509_CA_CERT_ORGANIZATION:
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATION];
+
+        case SSL_X509_CA_CERT_ORGANIZATIONAL_NAME:       
+            return ssl->x509_ctx->ca_cert_dn[X509_ORGANIZATIONAL_UNIT];
+
+        case SSL_X509_CA_CERT_LOCATION:       
+            return ssl->x509_ctx->ca_cert_dn[X509_LOCATION];
+
+        case SSL_X509_CA_CERT_COUNTRY:       
+            return ssl->x509_ctx->ca_cert_dn[X509_COUNTRY];
+
+        case SSL_X509_CA_CERT_STATE:       
+            return ssl->x509_ctx->ca_cert_dn[X509_STATE];
+
+        default:
+            return NULL;
+    }
+}
+
+/*
+ * Retrieve a "Subject Alternative Name" from a v3 certificate
+ */
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl,
+        int dnsindex)
+{
+    int i;
+
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->subject_alt_dnsnames == NULL)
+        return NULL;
+
+    for (i = 0; i < dnsindex; ++i)
+    {
+        if (ssl->x509_ctx->subject_alt_dnsnames[i] == NULL)
+            return NULL;
+    }
+
+    return ssl->x509_ctx->subject_alt_dnsnames[dnsindex];
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/*
+ * Find an ssl object based on the client's file descriptor.
+ */
+EXP_FUNC SSL * STDCALL ssl_find(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+    ssl = ssl_ctx->head;
+
+    /* search through all the ssl entries */
+    while (ssl)
+    {
+        if (ssl->client_fd == client_fd)
+        {
+            SSL_CTX_UNLOCK(ssl_ctx->mutex);
+            return ssl;
+        }
+
+        ssl = ssl->next;
+    }
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return NULL;
+}
+
+/*
+ * Force the client to perform its handshake again.
+ */
+EXP_FUNC int STDCALL ssl_renegotiate(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    disposable_new(ssl);
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+    if (IS_SET_SSL_FLAG(SSL_IS_CLIENT))
+    {
+        ret = do_client_connect(ssl);
+    }
+    else
+#endif
+    {
+        send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                g_hello_request, sizeof(g_hello_request));
+        SET_SSL_FLAG(SSL_NEED_RECORD);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Get what we need for key info.
+ * @param cipher    [in]    The cipher information we are after
+ * @param key_size  [out]   The key size for the cipher
+ * @param iv_size   [out]   The iv size for the cipher
+ * @return  The amount of key information we need.
+ */
+static const cipher_info_t *get_cipher_info(uint8_t cipher)
+{
+    int i;
+
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        if (cipher_info[i].cipher == cipher)
+        {
+            return &cipher_info[i];
+        }
+    }
+
+    return NULL;  /* error */
+}
+
+/*
+ * Get a new ssl context for a new connection.
+ */
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl = (SSL *)calloc(1, sizeof(SSL));
+    ssl->ssl_ctx = ssl_ctx;
+    ssl->max_plain_length = 1460*4;
+    ssl->bm_all_data = (uint8_t*) calloc(1, ssl->max_plain_length + RT_EXTRA);
+    ssl->need_bytes = SSL_RECORD_SIZE;      /* need a record */
+    ssl->client_fd = client_fd;
+    ssl->flag = SSL_NEED_RECORD;
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET; /* space at the start */
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+#ifdef CONFIG_ENABLE_VERIFICATION
+    ssl->ca_cert_ctx = ssl_ctx->ca_cert_ctx;
+    ssl->can_free_certificates = false;
+#endif
+    disposable_new(ssl);
+
+    /* a bit hacky but saves a few bytes of memory */
+    ssl->flag |= ssl_ctx->options;
+    if (IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS) && IS_SET_SSL_FLAG(SSL_READ_BLOCKING)) {
+        CLR_SSL_FLAG(SSL_READ_BLOCKING);
+    }
+    SSL_CTX_LOCK(ssl_ctx->mutex);
+
+    if (ssl_ctx->head == NULL)
+    {
+        ssl_ctx->head = ssl;
+        ssl_ctx->tail = ssl;
+    }
+    else
+    {
+        ssl->prev = ssl_ctx->tail;
+        ssl_ctx->tail->next = ssl;
+        ssl_ctx->tail = ssl;
+    }
+
+    ssl->encrypt_ctx = malloc(sizeof(AES_CTX));
+    ssl->decrypt_ctx = malloc(sizeof(AES_CTX));
+
+    SSL_CTX_UNLOCK(ssl_ctx->mutex);
+    return ssl;
+}
+
+/*
+ * Add a private key to a context.
+ */
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj)
+{
+    int ret = SSL_OK;
+
+    /* get the private key details */
+    if (asn1_get_private_key(ssl_obj->buf, ssl_obj->len, &ssl_ctx->rsa_ctx))
+    {
+        ret = SSL_ERROR_INVALID_KEY;
+        goto error;
+    }
+
+error:
+    return ret;
+}
+
+/** 
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */     
+static void increment_read_sequence(SSL *ssl)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) 
+    {       
+        if (++ssl->read_sequence[i])
+            break;
+    }
+}
+            
+/**
+ * Increment the read sequence number (as a 64 bit endian indepenent #)
+ */      
+static void increment_write_sequence(SSL *ssl)
+{        
+    int i;                  
+         
+    for (i = 7; i >= 0; i--)
+    {                       
+        if (++ssl->write_sequence[i])
+            break;
+    }                       
+}
+
+/**
+ * Work out the HMAC digest in a packet.
+ */
+static void add_hmac_digest(SSL *ssl, int mode, uint8_t *hmac_header,
+        const uint8_t *buf, int buf_len, uint8_t *hmac_buf)
+{
+    const uint8_t* bufs[] = {
+        (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ? 
+            ssl->write_sequence : ssl->read_sequence,
+        hmac_header,
+        buf
+    };
+
+    int lengths[] = {
+        8,
+        SSL_RECORD_SIZE,
+        buf_len
+    };
+
+    ssl->cipher_info->hmac_v(bufs, lengths, 3,
+            (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ) ? 
+                ssl->server_mac : ssl->client_mac, 
+            ssl->cipher_info->digest_size, hmac_buf);
+
+#if 0
+    print_blob("record", hmac_header, SSL_RECORD_SIZE);
+    print_blob("buf", buf, buf_len);
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE)
+    {
+        print_blob("write seq", ssl->write_sequence, 8);
+    }
+    else
+    {
+        print_blob("read seq", ssl->read_sequence, 8);
+    }
+
+    if (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_READ)
+    {
+        print_blob("server mac", 
+                ssl->server_mac, ssl->cipher_info->digest_size);
+    }
+    else
+    {
+        print_blob("client mac", 
+                ssl->client_mac, ssl->cipher_info->digest_size);
+    }
+    print_blob("hmac", hmac_buf, ssl->cipher_info->digest_size);
+#endif
+}
+
+/**
+ * Verify that the digest of a packet is correct.
+ */
+static int verify_digest(SSL *ssl, int mode, const uint8_t *buf, int read_len)
+{   
+    uint8_t hmac_buf[SHA256_SIZE]; // size of largest digest
+    int hmac_offset;
+   
+    int last_blk_size = buf[read_len-1], i;
+    hmac_offset = read_len-last_blk_size-ssl->cipher_info->digest_size-1;
+
+    /* guard against a timing attack - make sure we do the digest */
+    if (hmac_offset < 0)
+    {
+        hmac_offset = 0;
+    }
+    else
+    {
+        /* already looked at last byte */
+        for (i = 1; i < last_blk_size; i++)
+        {
+            if (buf[read_len-i] != last_blk_size)
+            {
+                hmac_offset = 0;
+                break;
+            }
+        }
+    }
+
+    /* sanity check the offset */
+    ssl->hmac_header[3] = hmac_offset >> 8;      /* insert size */
+    ssl->hmac_header[4] = hmac_offset & 0xff;
+    add_hmac_digest(ssl, mode, ssl->hmac_header, buf, hmac_offset, hmac_buf);
+
+    if (memcmp(hmac_buf, &buf[hmac_offset], ssl->cipher_info->digest_size))
+    {
+        return SSL_ERROR_INVALID_HMAC;
+    }
+
+    return hmac_offset;
+}
+
+/**
+ * Add a packet to the end of our sent and received packets, so that we may use
+ * it to calculate the hash at the end.
+ */
+void add_packet(SSL *ssl, const uint8_t *pkt, int len)
+{
+    // TLS1.2+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 || ssl->version == 0) 
+    {
+        SHA256_Update(&ssl->dc->sha256_ctx, pkt, len);
+    }
+
+    if (ssl->version < SSL_PROTOCOL_VERSION_TLS1_2 || 
+                ssl->next_state == HS_SERVER_HELLO ||
+                ssl->next_state == 0) 
+    {
+        MD5_Update(&ssl->dc->md5_ctx, pkt, len);
+        SHA1_Update(&ssl->dc->sha1_ctx, pkt, len);
+    }
+}
+
+/**
+ * Work out the MD5 PRF.
+ */
+static void p_hash_md5(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[MD5_SIZE+77];
+
+    /* A(1) */
+    hmac_md5(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[MD5_SIZE], seed, seed_len);
+    hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > MD5_SIZE)
+    {
+        uint8_t a2[MD5_SIZE];
+        out += MD5_SIZE;
+        olen -= MD5_SIZE;
+
+        /* A(N) */
+        hmac_md5(a1, MD5_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, MD5_SIZE);
+
+        /* work out the actual hash */
+        hmac_md5(a1, MD5_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA1 PRF.
+ */
+static void p_hash_sha1(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[SHA1_SIZE+77];
+
+    /* A(1) */
+    hmac_sha1(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA1_SIZE], seed, seed_len);
+    hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA1_SIZE)
+    {
+        uint8_t a2[SHA1_SIZE];
+        out += SHA1_SIZE;
+        olen -= SHA1_SIZE;
+
+        /* A(N) */
+        hmac_sha1(a1, SHA1_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA1_SIZE);
+
+        /* work out the actual hash */
+        hmac_sha1(a1, SHA1_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the SHA256 PRF.
+ */
+static void p_hash_sha256(const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len, uint8_t *out, int olen)
+{
+    uint8_t a1[SHA256_SIZE+77];
+
+    /* A(1) */
+    hmac_sha256(seed, seed_len, sec, sec_len, a1);
+    memcpy(&a1[SHA256_SIZE], seed, seed_len);
+    hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+
+    while (olen > SHA256_SIZE)
+    {
+        uint8_t a2[SHA256_SIZE];
+        out += SHA256_SIZE;
+        olen -= SHA256_SIZE;
+
+        // A(N)
+        hmac_sha256(a1, SHA256_SIZE, sec, sec_len, a2);
+        memcpy(a1, a2, SHA256_SIZE);
+
+        // work out the actual hash 
+        hmac_sha256(a1, SHA256_SIZE+seed_len, sec, sec_len, out);
+    }
+}
+
+/**
+ * Work out the PRF.
+ */
+static void prf(SSL *ssl, const uint8_t *sec, int sec_len, 
+        uint8_t *seed, int seed_len,
+        uint8_t *out, int olen)
+{
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)    // TLS1.2+
+    {
+        p_hash_sha256(sec, sec_len, seed, seed_len, out, olen);
+    }
+    else // TLS1.0/1.1
+    {
+        int len, i;
+        const uint8_t *S1, *S2;
+        uint8_t xbuf[2*(SHA256_SIZE+32+16) + MD5_SIZE]; /* max keyblock */
+        uint8_t ybuf[2*(SHA256_SIZE+32+16) + SHA1_SIZE]; /* max keyblock */
+
+        len = sec_len/2;
+        S1 = sec;
+        S2 = &sec[len];
+        len += (sec_len & 1); /* add for odd, make longer */
+
+        p_hash_md5(S1, len, seed, seed_len, xbuf, olen);
+        p_hash_sha1(S2, len, seed, seed_len, ybuf, olen);
+
+        for (i = 0; i < olen; i++)
+            out[i] = xbuf[i] ^ ybuf[i];
+    }
+}
+
+/**
+ * Generate a master secret based on the client/server random data and the
+ * premaster secret.
+ */
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret)
+{
+    uint8_t buf[77]; 
+//print_blob("premaster secret", premaster_secret, 48);
+    strcpy((char *)buf, "master secret");
+    memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
+    prf(ssl, premaster_secret, SSL_SECRET_SIZE, buf, 77, ssl->dc->master_secret,
+            SSL_SECRET_SIZE);
+#if 0
+    print_blob("client random", ssl->dc->client_random, 32);
+    print_blob("server random", ssl->dc->server_random, 32);
+    print_blob("master secret", ssl->dc->master_secret, 48);
+#endif
+}
+
+/**
+ * Generate a 'random' blob of data used for the generation of keys.
+ */
+static void generate_key_block(SSL *ssl, 
+        uint8_t *client_random, uint8_t *server_random,
+        uint8_t *master_secret, uint8_t *key_block, int key_block_size)
+{
+    uint8_t buf[77];
+    strcpy((char *)buf, "key expansion");
+    memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
+    memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
+    prf(ssl, master_secret, SSL_SECRET_SIZE, buf, 77, 
+                    key_block, key_block_size);
+}
+
+/** 
+ * Calculate the digest used in the finished message. This function also
+ * doubles up as a certificate verify function.
+ */
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest)
+{
+    uint8_t mac_buf[SHA1_SIZE+MD5_SIZE+15]; 
+    uint8_t *q = mac_buf;
+    int dgst_len;
+
+    if (label)
+    {
+        strcpy((char *)q, label);
+        q += strlen(label);
+    }
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        SHA256_CTX sha256_ctx = ssl->dc->sha256_ctx; // interim copy
+        SHA256_Final(q, &sha256_ctx);
+        q += SHA256_SIZE;
+        dgst_len = (int)(q-mac_buf);
+    }
+    else // TLS1.0/1.1
+    {
+        MD5_CTX md5_ctx = ssl->dc->md5_ctx; // interim copy
+        SHA1_CTX sha1_ctx = ssl->dc->sha1_ctx;
+
+        MD5_Final(q, &md5_ctx);
+        q += MD5_SIZE;
+        
+        SHA1_Final(q, &sha1_ctx);
+        q += SHA1_SIZE;
+        dgst_len = (int)(q-mac_buf);
+    }
+
+    if (label)
+    {
+        prf(ssl, ssl->dc->master_secret, SSL_SECRET_SIZE, 
+                mac_buf, dgst_len, digest, SSL_FINISHED_HASH_SIZE);
+    }
+    else    /* for use in a certificate verify */
+    {
+        memcpy(digest, mac_buf, dgst_len);
+    }
+
+#if 0
+    printf("label: %s\n", label);
+    print_blob("mac_buf", mac_buf, dgst_len);
+    print_blob("finished digest", digest, SSL_FINISHED_HASH_SIZE);
+#endif
+
+    return dgst_len;
+}   
+    
+/**
+ * Retrieve (and initialise) the context of a cipher.
+ */
+static void *crypt_new(SSL *ssl, uint8_t *key, uint8_t *iv, int is_decrypt, void* cached)
+{
+    switch (ssl->cipher)
+    {
+        case SSL_AES128_SHA:
+        case SSL_AES128_SHA256:
+            {
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
+                AES_set_key(aes_ctx, key, iv, AES_MODE_128);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+        case SSL_AES256_SHA:
+        case SSL_AES256_SHA256:
+            {
+                AES_CTX *aes_ctx;
+                if (cached)
+                    aes_ctx = (AES_CTX*) cached;
+                else
+                    aes_ctx = (AES_CTX*) malloc(sizeof(AES_CTX));
+
+                AES_set_key(aes_ctx, key, iv, AES_MODE_256);
+
+                if (is_decrypt)
+                {
+                    AES_convert_key(aes_ctx);
+                }
+
+                return (void *)aes_ctx;
+            }
+
+    }
+
+    return NULL;    /* its all gone wrong */
+}
+
+/**
+ * Send a packet over the socket.
+ */
+static int send_raw_packet(SSL *ssl, uint8_t protocol)
+{
+    uint8_t *rec_buf = ssl->bm_all_data;
+    int pkt_size = SSL_RECORD_SIZE+ssl->bm_index;
+    int sent = 0;
+    int ret = SSL_OK;
+
+    rec_buf[0] = protocol;
+    rec_buf[1] = 0x03;      /* version = 3.1 or higher */
+    rec_buf[2] = ssl->version & 0x0f;
+    rec_buf[3] = ssl->bm_index >> 8;
+    rec_buf[4] = ssl->bm_index & 0xff;
+
+    DISPLAY_BYTES(ssl, "sending %d bytes", ssl->bm_all_data, 
+                             pkt_size, pkt_size);
+
+    while (sent < pkt_size)
+    {
+        ret = SOCKET_WRITE(ssl->client_fd, 
+                        &ssl->bm_all_data[sent], pkt_size-sent);
+
+        if (ret >= 0)
+            sent += ret;
+        else
+        {
+
+#ifdef WIN32
+            if (GetLastError() != WSAEWOULDBLOCK)
+#else
+            if (errno != EAGAIN && errno != EWOULDBLOCK)
+#endif
+                return SSL_ERROR_CONN_LOST;
+        }
+#ifndef ESP8266
+        /* keep going until the write buffer has some space */
+        if (sent != pkt_size)
+        {
+            fd_set wfds;
+            FD_ZERO(&wfds);
+            FD_SET(ssl->client_fd, &wfds);
+
+            /* block and wait for it */
+            if (select(ssl->client_fd + 1, NULL, &wfds, NULL, NULL) < 0)
+                return SSL_ERROR_CONN_LOST;
+        }
+#endif
+    }
+
+    SET_SSL_FLAG(SSL_NEED_RECORD);  /* reset for next time */
+    ssl->bm_index = 0;
+
+    if (protocol != PT_APP_PROTOCOL_DATA)  
+    {
+        /* always return SSL_OK during handshake */   
+        ret = SSL_OK;
+    }
+
+    return ret;
+}
+
+/**
+ * Send an encrypted packet with padding bytes if necessary.
+ */
+int send_packet(SSL *ssl, uint8_t protocol, const uint8_t *in, int length)
+{
+    int ret, msg_length = 0;
+
+    /* if our state is bad, don't bother */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+        return SSL_ERROR_CONN_LOST;
+
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
+    if (in) /* has the buffer already been initialised? */
+    {
+        memcpy(ssl->bm_data, in, length);
+    }
+
+    msg_length += length;
+
+    if (IS_SET_SSL_FLAG(SSL_TX_ENCRYPTED))
+    {
+        int mode = IS_SET_SSL_FLAG(SSL_IS_CLIENT) ? 
+                            SSL_CLIENT_WRITE : SSL_SERVER_WRITE;
+        uint8_t hmac_header[SSL_RECORD_SIZE] = 
+        {
+            protocol, 
+            0x03, /* version = 3.1 or higher */
+            ssl->version & 0x0f,
+            msg_length >> 8,
+            msg_length & 0xff 
+        };
+
+        if (protocol == PT_HANDSHAKE_PROTOCOL)
+        {
+            DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+            if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+            {
+                add_packet(ssl, ssl->bm_data, msg_length);
+            }
+        }
+
+        /* add the packet digest */
+        add_hmac_digest(ssl, mode, hmac_header, ssl->bm_data, msg_length, 
+                                                &ssl->bm_data[msg_length]);
+        msg_length += ssl->cipher_info->digest_size;
+
+        /* add padding */
+        {
+            int last_blk_size = msg_length%ssl->cipher_info->padding_size;
+            int pad_bytes = ssl->cipher_info->padding_size - last_blk_size;
+
+            /* ensure we always have at least 1 padding byte */
+            if (pad_bytes == 0)
+                pad_bytes += ssl->cipher_info->padding_size;
+
+            memset(&ssl->bm_data[msg_length], pad_bytes-1, pad_bytes);
+            msg_length += pad_bytes;
+        }
+
+        DISPLAY_BYTES(ssl, "unencrypted write", ssl->bm_data, msg_length);
+        increment_write_sequence(ssl);
+
+        /* add the explicit IV for TLS1.1 */
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            uint8_t iv_size = ssl->cipher_info->iv_size;
+            uint8_t *t_buf = malloc(msg_length + iv_size);
+            memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
+            if (get_random(iv_size, t_buf) < 0)
+                return SSL_NOT_OK;
+
+            msg_length += iv_size;
+            memcpy(ssl->bm_data, t_buf, msg_length);
+            free(t_buf);
+        }
+
+        /* now encrypt the packet */
+        ssl->cipher_info->encrypt(ssl->encrypt_ctx, ssl->bm_data, 
+                                            ssl->bm_data, msg_length);
+    }
+    else if (protocol == PT_HANDSHAKE_PROTOCOL)
+    {
+        DISPLAY_STATE(ssl, 1, ssl->bm_data[0], 0);
+
+        if (ssl->bm_data[0] != HS_HELLO_REQUEST)
+        {
+            add_packet(ssl, ssl->bm_data, length);
+        }
+    }
+
+    ssl->bm_index = msg_length;
+    if ((ret = send_raw_packet(ssl, protocol)) <= 0)
+        return ret;
+
+    return length;  /* just return what we wanted to send */
+}
+
+/**
+ * Work out the cipher keys we are going to use for this session based on the
+ * master secret.
+ */
+static int set_key_block(SSL *ssl, int is_write)
+{
+    const cipher_info_t *ciph_info = get_cipher_info(ssl->cipher);
+    uint8_t *q;
+    uint8_t client_key[32], server_key[32]; /* big enough for AES256 */
+    uint8_t client_iv[16], server_iv[16];   /* big enough for AES128/256 */
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    if (ciph_info == NULL)
+        return -1;
+
+    /* only do once in a handshake */
+    if (!ssl->dc->key_block_generated)
+    {
+        generate_key_block(ssl, ssl->dc->client_random, ssl->dc->server_random,
+            ssl->dc->master_secret, ssl->dc->key_block, 
+            ciph_info->key_block_size);
+#if 0
+        print_blob("master", ssl->dc->master_secret, SSL_SECRET_SIZE);
+        print_blob("keyblock", ssl->dc->key_block, ciph_info->key_block_size);
+        print_blob("client random", ssl->dc->client_random, 32);
+        print_blob("server random", ssl->dc->server_random, 32);
+#endif
+        ssl->dc->key_block_generated = 1;
+    }
+
+    q = ssl->dc->key_block;
+
+    if ((is_client && is_write) || (!is_client && !is_write))
+    {
+        memcpy(ssl->client_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+
+    if ((!is_client && is_write) || (is_client && !is_write))
+    {
+        memcpy(ssl->server_mac, q, ciph_info->digest_size);
+    }
+
+    q += ciph_info->digest_size;
+    memcpy(client_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+    memcpy(server_key, q, ciph_info->key_size);
+    q += ciph_info->key_size;
+
+    memcpy(client_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
+    memcpy(server_iv, q, ciph_info->iv_size);
+    q += ciph_info->iv_size;
+#if 0
+        print_blob("client key", client_key, ciph_info->key_size);
+        print_blob("server key", server_key, ciph_info->key_size);
+        print_blob("client iv", client_iv, ciph_info->iv_size);
+        print_blob("server iv", server_iv, ciph_info->iv_size);
+#endif
+
+    // free(is_write ? ssl->encrypt_ctx : ssl->decrypt_ctx);
+
+    /* now initialise the ciphers */
+    if (is_client)
+    {
+        finished_digest(ssl, server_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, client_key, client_iv, 0, ssl->encrypt_ctx);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, server_key, server_iv, 1, ssl->decrypt_ctx);
+    }
+    else
+    {
+        finished_digest(ssl, client_finished, ssl->dc->final_finish_mac);
+
+        if (is_write)
+            ssl->encrypt_ctx = crypt_new(ssl, server_key, server_iv, 0, ssl->encrypt_ctx);
+        else
+            ssl->decrypt_ctx = crypt_new(ssl, client_key, client_iv, 1, ssl->decrypt_ctx);
+    }
+
+    ssl->cipher_info = ciph_info;
+    return 0;
+}
+
+/**
+ * Read the SSL connection.
+ */
+int basic_read(SSL *ssl, uint8_t **in_data)
+{
+    int ret = SSL_OK;
+    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    uint8_t *buf = ssl->bm_data;
+
+    if (IS_SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY))
+        return SSL_CLOSE_NOTIFY;
+
+    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
+                            ssl->need_bytes-ssl->got_bytes);
+
+    if (read_len < 0) 
+    {
+#ifdef WIN32
+        if (GetLastError() == WSAEWOULDBLOCK)
+#else
+        if (errno == EAGAIN || errno == EWOULDBLOCK)
+#endif
+            return 0;
+    }
+
+    /* connection has gone, so die */
+    if (read_len <= 0)
+    {
+        ret = SSL_ERROR_CONN_LOST;
+        ssl->hs_status = SSL_ERROR_DEAD;  /* make sure it stays dead */
+        goto error;
+    }
+
+    DISPLAY_BYTES(ssl, "received %d bytes", 
+            &ssl->bm_data[ssl->bm_read_index], read_len, read_len);
+
+    ssl->got_bytes += read_len;
+    ssl->bm_read_index += read_len;
+
+    /* haven't quite got what we want, so try again later */
+    if (ssl->got_bytes < ssl->need_bytes)
+        return SSL_OK;
+
+    read_len = ssl->got_bytes;
+    ssl->got_bytes = 0;
+
+    if (IS_SET_SSL_FLAG(SSL_NEED_RECORD))
+    {
+        /* check for sslv2 "client hello" */
+        if ((buf[0] & 0x80) && buf[2] == 1)
+        {
+#ifdef CONFIG_SSL_FULL_MODE
+            printf("Error: no SSLv23 handshaking allowed\n");
+#endif
+            ret = SSL_ERROR_NOT_SUPPORTED;
+            goto error; /* not an error - just get out of here */
+        }
+
+        ssl->need_bytes = (buf[3] << 8) + buf[4];
+
+        /* do we violate the spec with the message size?  */
+        if (ssl->need_bytes > RT_MAX_PLAIN_LENGTH+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            ret = SSL_ERROR_RECORD_OVERFLOW;              
+            goto error;
+        }
+
+        /* is the allocated buffer large enough to handle all the data? if not, increase its size*/
+        if (ssl->need_bytes > ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET)
+        {
+            printf("ssl->need_bytes=%d > %d\r\n", ssl->need_bytes, ssl->max_plain_length+RT_EXTRA-BM_RECORD_OFFSET);
+            ret = increase_bm_data_size(ssl, ssl->need_bytes + BM_RECORD_OFFSET - RT_EXTRA);
+            if (ret != SSL_OK)
+            {
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+                goto error;
+            }
+        }
+
+        CLR_SSL_FLAG(SSL_NEED_RECORD);
+        memcpy(ssl->hmac_header, buf, 3);       /* store for hmac */
+        ssl->record_type = buf[0];
+        goto error;                         /* no error, we're done */
+    }
+
+    /* for next time - just do it now in case of an error */
+    SET_SSL_FLAG(SSL_NEED_RECORD);
+    ssl->need_bytes = SSL_RECORD_SIZE;
+
+    /* decrypt if we need to */
+    if (IS_SET_SSL_FLAG(SSL_RX_ENCRYPTED))
+    {
+        ssl->cipher_info->decrypt(ssl->decrypt_ctx, buf, buf, read_len);
+
+        if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_1)
+        {
+            buf += ssl->cipher_info->iv_size;
+            read_len -= ssl->cipher_info->iv_size;
+        }
+
+        read_len = verify_digest(ssl, 
+                is_client ? SSL_CLIENT_READ : SSL_SERVER_READ, buf, read_len);
+
+        /* does the hmac work? */
+        if (read_len < 0)
+        {
+            ret = read_len;
+            goto error;
+        }
+
+        DISPLAY_BYTES(ssl, "decrypted", buf, read_len);
+        increment_read_sequence(ssl);
+    }
+
+    /* The main part of the SSL packet */
+    switch (ssl->record_type)
+    {
+        case PT_HANDSHAKE_PROTOCOL:
+            if (ssl->dc != NULL)
+            {
+                ssl->dc->bm_proc_index = 0;
+                ret = do_handshake(ssl, buf, read_len);
+            }
+            else /* no client renegotiation allowed */
+            {
+                ret = SSL_ERROR_NO_CLIENT_RENOG;              
+                goto error;
+            }
+            break;
+
+        case PT_CHANGE_CIPHER_SPEC:
+            if (ssl->next_state != HS_FINISHED)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+
+            if (set_key_block(ssl, 0) < 0)
+            {
+                ret = SSL_ERROR_INVALID_HANDSHAKE;
+                goto error;
+            }
+            
+            /* all encrypted from now on */
+            SET_SSL_FLAG(SSL_RX_ENCRYPTED);
+            memset(ssl->read_sequence, 0, 8);
+            break;
+
+        case PT_APP_PROTOCOL_DATA:
+            if (in_data && ssl->hs_status == SSL_OK)
+            {
+                *in_data = buf;   /* point to the work buffer */
+                (*in_data)[read_len] = 0;  /* null terminate just in case */
+                ret = read_len;
+            }
+            else
+                ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
+
+        case PT_ALERT_PROTOCOL:
+            /* return the alert # with alert bit set */
+            if (buf[0] == SSL_ALERT_TYPE_WARNING &&
+               buf[1] == SSL_ALERT_CLOSE_NOTIFY)
+            {
+              ret = SSL_CLOSE_NOTIFY;
+              send_alert(ssl, SSL_ALERT_CLOSE_NOTIFY);
+              SET_SSL_FLAG(SSL_SENT_CLOSE_NOTIFY);
+            }
+            else 
+            {
+                ret = -buf[1]; 
+                DISPLAY_ALERT(ssl, buf[1]);
+            }
+
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_PROT_MSG;
+            break;
+    }
+
+error:
+    ssl->bm_read_index = 0;          /* reset to go again */
+
+    if (ret < SSL_OK && in_data)/* if all wrong, then clear this buffer ptr */
+        *in_data = NULL;
+
+    return ret;
+}
+
+int increase_bm_data_size(SSL *ssl, size_t size)
+{
+    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
+        return SSL_OK;
+    }
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
+    size_t required = (size + 1023) & ~(1023); // round up to 1k
+    required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
+    uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);
+    if (!new_bm_all_data) {
+        printf("failed to grow plain buffer\r\n");
+        ssl->hs_status = SSL_ERROR_DEAD;
+        return SSL_ERROR_CONN_LOST;
+    }
+    ssl->bm_all_data = new_bm_all_data;
+    ssl->bm_data = ssl->bm_all_data + BM_RECORD_OFFSET;
+    ssl->max_plain_length = required;
+    return SSL_OK;
+}
+
+/**
+ * Do some basic checking of data and then perform the appropriate handshaking.
+ */
+static int do_handshake(SSL *ssl, uint8_t *buf, int read_len)
+{
+    int hs_len = (buf[2]<<8) + buf[3];
+    uint8_t handshake_type = buf[0];
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+
+    /* some integrity checking on the handshake */
+    PARANOIA_CHECK(read_len-SSL_HS_HDR_SIZE, hs_len);
+
+    if (handshake_type != ssl->next_state)
+    {
+        /* handle a special case on the client */
+        if (!is_client || handshake_type != HS_CERT_REQ ||
+                        ssl->next_state != HS_SERVER_HELLO_DONE)
+        {
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            goto error;
+        }
+    }
+
+    hs_len += SSL_HS_HDR_SIZE;  /* adjust for when adding packets */
+    ssl->bm_index = hs_len;     /* store the size and check later */
+    DISPLAY_STATE(ssl, 0, handshake_type, 0);
+
+    if (handshake_type != HS_CERT_VERIFY && handshake_type != HS_HELLO_REQUEST)
+        add_packet(ssl, buf, hs_len); 
+
+#if defined(CONFIG_SSL_ENABLE_CLIENT)
+    ret = is_client ? 
+        do_clnt_handshake(ssl, handshake_type, buf, hs_len) :
+        do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#else
+    ret = do_svr_handshake(ssl, handshake_type, buf, hs_len);
+#endif
+
+    /* just use recursion to get the rest */
+    if (hs_len < read_len && ret == SSL_OK)
+        ret = do_handshake(ssl, &buf[hs_len], read_len-hs_len);
+
+error:
+    return ret;
+}
+
+/**
+ * Sends the change cipher spec message. We have just read a finished message
+ * from the client.
+ */
+int send_change_cipher_spec(SSL *ssl)
+{
+    int ret = send_packet(ssl, PT_CHANGE_CIPHER_SPEC, 
+            g_chg_cipher_spec_pkt, sizeof(g_chg_cipher_spec_pkt));
+
+    if (ret >= 0 && set_key_block(ssl, 1) < 0)
+        ret = SSL_ERROR_INVALID_HANDSHAKE;
+    
+    if (ssl->cipher_info)
+        SET_SSL_FLAG(SSL_TX_ENCRYPTED);
+
+    memset(ssl->write_sequence, 0, 8);
+    return ret;
+}
+
+/**
+ * Send a "finished" message
+ */
+int send_finished(SSL *ssl)
+{
+    uint8_t buf[SHA1_SIZE+MD5_SIZE+15+4] = {
+        HS_FINISHED, 0, 0, SSL_FINISHED_HASH_SIZE };
+
+    /* now add the finished digest mac (12 bytes) */
+    finished_digest(ssl, 
+        IS_SET_SSL_FLAG(SSL_IS_CLIENT) ?
+                    client_finished : server_finished, &buf[4]);
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    /* store in the session cache */
+    if (!IS_SET_SSL_FLAG(SSL_SESSION_RESUME) && ssl->ssl_ctx->num_sessions)
+    {
+        memcpy(ssl->session->master_secret,
+                ssl->dc->master_secret, SSL_SECRET_SIZE);
+    }
+#endif
+
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL,
+                                buf, SSL_FINISHED_HASH_SIZE+4);
+}
+
+/**
+ * Send an alert message.
+ * Return 1 if the alert was an "error".
+ */
+int send_alert(SSL *ssl, int error_code)
+{
+    int alert_num = 0;
+    int is_warning = 0;
+    uint8_t buf[2];
+
+    /* Don't bother, we're already dead */
+    if (ssl->hs_status == SSL_ERROR_DEAD)
+    {
+        return SSL_ERROR_CONN_LOST;
+    }
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        ssl_display_error(error_code);
+#endif
+
+    switch (error_code)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            is_warning = 1;
+            alert_num = SSL_ALERT_CLOSE_NOTIFY;
+            break;
+
+        case SSL_ERROR_CONN_LOST:       /* don't send alert just yet */
+            is_warning = 1;
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            alert_num = SSL_ALERT_HANDSHAKE_FAILURE;
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            alert_num = SSL_ALERT_BAD_RECORD_MAC;
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+        case SSL_ERROR_INVALID_KEY:
+            alert_num = SSL_ALERT_DECRYPT_ERROR;
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            alert_num = SSL_ALERT_INVALID_VERSION;
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            alert_num = SSL_ALERT_ILLEGAL_PARAMETER;
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            alert_num = SSL_ALERT_NO_RENEGOTIATION;
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            alert_num = SSL_ALERT_RECORD_OVERFLOW;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_EXPIRED):
+        case SSL_X509_ERROR(X509_VFY_ERROR_NOT_YET_VALID):
+            alert_num = SSL_ALERT_CERTIFICATE_EXPIRED;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_NO_TRUSTED_CERT):
+            alert_num = SSL_ALERT_UNKNOWN_CA;
+            break;
+
+        case SSL_X509_ERROR(X509_VFY_ERROR_UNSUPPORTED_DIGEST):
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
+            alert_num = SSL_ALERT_UNSUPPORTED_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+        case SSL_X509_ERROR(X509_VFY_ERROR_BAD_SIGNATURE):
+            alert_num = SSL_ALERT_BAD_CERTIFICATE;
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+        case SSL_ERROR_INVALID_PROT_MSG:
+        default:
+            /* a catch-all for anything bad */
+            alert_num = (error_code <= SSL_X509_OFFSET) ?  
+                SSL_ALERT_CERTIFICATE_UNKNOWN: SSL_ALERT_UNEXPECTED_MESSAGE;
+            break;
+    }
+
+    buf[0] = is_warning ? 1 : 2;
+    buf[1] = alert_num;
+    send_packet(ssl, PT_ALERT_PROTOCOL, buf, sizeof(buf));
+    DISPLAY_ALERT(ssl, alert_num);
+    return is_warning ? 0 : 1;
+}
+
+/**
+ * Process a client finished message.
+ */
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    int resume = IS_SET_SSL_FLAG(SSL_SESSION_RESUME);
+
+    PARANOIA_CHECK(ssl->bm_index, SSL_FINISHED_HASH_SIZE+4);
+
+    /* check that we all work before we continue */
+    if (memcmp(ssl->dc->final_finish_mac, &buf[4], SSL_FINISHED_HASH_SIZE))
+        return SSL_ERROR_FINISHED_INVALID;
+
+    if ((!is_client && !resume) || (is_client && resume))
+    {
+        if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            ret = send_finished(ssl);
+    }
+
+    /* if we ever renegotiate */
+    ssl->next_state = is_client ? HS_HELLO_REQUEST : HS_CLIENT_HELLO;  
+    ssl->hs_status = ret;  /* set the final handshake status */
+
+error:
+    return ret;
+}
+
+/**
+ * Send a certificate.
+ */
+int send_certificate(SSL *ssl)
+{
+    int ret = SSL_OK;
+    int i = 0;
+    uint8_t *buf = ssl->bm_data;
+    int offset = 7;
+    int chain_length;
+
+    buf[0] = HS_CERTIFICATE;
+    buf[1] = 0;
+    buf[4] = 0;
+
+    /* spec says we must check if the hash/sig algorithm is OK */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2 &&
+             ((ret = check_certificate_chain(ssl)) != SSL_OK))
+    {
+        ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
+        goto error;
+    }
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+        buf[offset++] = 0;        
+        buf[offset++] = cert->size >> 8;        /* cert 1 length */
+        buf[offset++] = cert->size & 0xff;
+        memcpy(&buf[offset], cert->buf, cert->size);
+        offset += cert->size;
+        i++;
+    }
+
+    chain_length = offset - 7;
+    buf[5] = chain_length >> 8;        /* cert chain length */
+    buf[6] = chain_length & 0xff;
+    chain_length += 3;
+    buf[2] = chain_length >> 8;        /* handshake length */
+    buf[3] = chain_length & 0xff;
+    ssl->bm_index = offset;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+
+error:
+    return ret;
+}
+
+/**
+ * Create a blob of memory that we'll get rid of once the handshake is
+ * complete.
+ */
+void disposable_new(SSL *ssl)
+{
+    if (ssl->dc == NULL)
+    {
+        ssl->dc = (DISPOSABLE_CTX *)calloc(1, sizeof(DISPOSABLE_CTX));
+        SHA256_Init(&ssl->dc->sha256_ctx);
+        MD5_Init(&ssl->dc->md5_ctx);
+        SHA1_Init(&ssl->dc->sha1_ctx);
+    }
+}
+
+/**
+ * Remove the temporary blob of memory.
+ */
+void disposable_free(SSL *ssl)
+{
+    if (ssl->dc)
+    {
+        memset(ssl->dc, 0, sizeof(DISPOSABLE_CTX));
+        free(ssl->dc);
+        ssl->dc = NULL;
+    }
+    ssl->can_free_certificates = true;
+}
+
+static void certificate_free(SSL* ssl)
+{
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    if (ssl->x509_ctx) {
+        x509_free(ssl->x509_ctx);
+        ssl->x509_ctx = 0;
+    }
+    ssl->can_free_certificates = false;
+#endif
+}
+
+#ifndef CONFIG_SSL_SKELETON_MODE     /* no session resumption in this mode */
+/**
+ * Find if an existing session has the same session id. If so, use the
+ * master secret from this session for session resumption.
+ */
+SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[], 
+        SSL *ssl, const uint8_t *session_id)
+{
+    time_t tm = time(NULL);
+    time_t oldest_sess_time = tm;
+    SSL_SESSION *oldest_sess = NULL;
+    int i;
+
+    /* no sessions? Then bail */
+    if (max_sessions == 0)
+        return NULL;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    if (session_id)
+    {
+        for (i = 0; i < max_sessions; i++)
+        {
+            if (ssl_sessions[i])
+            {
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
+                {
+                    session_free(ssl_sessions, i);
+                    continue;
+                }
+
+                /* if the session id matches, it must still be less than 
+                   the expiry time */
+                if (memcmp(ssl_sessions[i]->session_id, session_id,
+                                                SSL_SESSION_ID_SIZE) == 0)
+                {
+                    ssl->session_index = i;
+                    memcpy(ssl->dc->master_secret, 
+                            ssl_sessions[i]->master_secret, SSL_SECRET_SIZE);
+                    SET_SSL_FLAG(SSL_SESSION_RESUME);
+                    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+                    return ssl_sessions[i];  /* a session was found */
+                }
+            }
+        }
+    }
+
+    /* If we've got here, no matching session was found - so create one */
+    for (i = 0; i < max_sessions; i++)
+    {
+        if (ssl_sessions[i] == NULL)
+        {
+            /* perfect, this will do */
+            ssl_sessions[i] = (SSL_SESSION *)calloc(1, sizeof(SSL_SESSION));
+            ssl_sessions[i]->conn_time = tm;
+            ssl->session_index = i;
+            SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+            return ssl_sessions[i]; /* return the session object */
+        }
+        else if (ssl_sessions[i]->conn_time <= oldest_sess_time)
+        {
+            /* find the oldest session */
+            oldest_sess_time = ssl_sessions[i]->conn_time;
+            oldest_sess = ssl_sessions[i];
+            ssl->session_index = i;
+        }
+    }
+
+    /* ok, we've used up all of our sessions. So blow the oldest session away */
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, SSL_SESSION_ID_SIZE);
+    memset(oldest_sess->master_secret, 0, SSL_SECRET_SIZE);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+    return oldest_sess;
+}
+
+/**
+ * Free an existing session.
+ */
+static void session_free(SSL_SESSION *ssl_sessions[], int sess_index)
+{
+    if (ssl_sessions[sess_index])
+    {
+        free(ssl_sessions[sess_index]);
+        ssl_sessions[sess_index] = NULL;
+    }
+}
+
+/**
+ * This ssl object doesn't want this session anymore.
+ */
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl)
+{
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->ssl_ctx->num_sessions)
+    {
+        session_free(ssl_sessions, ssl->session_index);
+        ssl->session = NULL;
+    }
+
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+}
+#endif /* CONFIG_SSL_SKELETON_MODE */
+
+/*
+ * Get the session id for a handshake. This will be a 32 byte sequence.
+ */
+EXP_FUNC const uint8_t * STDCALL ssl_get_session_id(const SSL *ssl)
+{
+    return ssl->session_id;
+}
+
+/*
+ * Get the session id size for a handshake. 
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_session_id_size(const SSL *ssl)
+{
+    return ssl->sess_id_size;
+}
+
+/*
+ * Return the cipher id (in the SSL form).
+ */
+EXP_FUNC uint8_t STDCALL ssl_get_cipher_id(const SSL *ssl)
+{
+    return ssl->cipher;
+}
+
+/*
+ * Return the status of the handshake.
+ */
+EXP_FUNC int STDCALL ssl_handshake_status(const SSL *ssl)
+{
+    return ssl->hs_status;
+}
+
+/*
+ * Retrieve various parameters about the SSL engine.
+ */
+EXP_FUNC int STDCALL ssl_get_config(int offset)
+{
+    switch (offset)
+    {
+        /* return the appropriate build mode */
+        case SSL_BUILD_MODE:
+#if defined(CONFIG_SSL_FULL_MODE)
+            return SSL_BUILD_FULL_MODE;
+#elif defined(CONFIG_SSL_ENABLE_CLIENT)
+            return SSL_BUILD_ENABLE_CLIENT;
+#elif defined(CONFIG_ENABLE_VERIFICATION)
+            return SSL_BUILD_ENABLE_VERIFICATION;
+#elif defined(CONFIG_SSL_SERVER_ONLY )
+            return SSL_BUILD_SERVER_ONLY;
+#else 
+            return SSL_BUILD_SKELETON_MODE;
+#endif
+
+        case SSL_MAX_CERT_CFG_OFFSET:
+            return CONFIG_SSL_MAX_CERTS;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case SSL_MAX_CA_CERT_CFG_OFFSET:
+            return CONFIG_X509_MAX_CA_CERTS;
+#endif
+#ifdef CONFIG_SSL_HAS_PEM
+        case SSL_HAS_PEM:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
+/**
+ * Check the certificate chain to see if the certs are supported
+ */
+static int check_certificate_chain(SSL *ssl)
+{
+    int i = 0;
+    int ret = SSL_OK;
+
+    while (i < ssl->ssl_ctx->chain_length)
+    {
+        int j = 0;
+        uint8_t found = 0;
+        SSL_CERT *cert = &ssl->ssl_ctx->certs[i];
+
+        while (j < ssl->num_sig_algs)
+        {
+            if (ssl->sig_algs[j++] == cert->hash_alg)
+            {
+                found = 1;
+                break;
+            }
+        } 
+
+        if (!found)
+        {
+
+            ret = SSL_ERROR_INVALID_CERT_HASH_ALG;
+            goto error;
+        }
+
+        i++;
+    }
+
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Authenticate a received certificate.
+ */
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    int ret;
+    int pathLenConstraint = 0;
+
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    ret = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx,
+            &pathLenConstraint);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (ret)        /* modify into an SSL error type */
+    {
+        ret = SSL_X509_ERROR(ret);
+    }
+
+    return ret;
+}
+
+/**
+ * Process a certificate message.
+ */
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
+{
+    int ret = SSL_OK;
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int cert_size, offset = 5, offset_start;
+    int total_cert_len = (buf[offset]<<8) + buf[offset+1];
+    int is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
+    X509_CTX *chain = 0;
+    X509_CTX **certs = 0;
+    int *cert_used = 0;
+    int num_certs = 0;
+    int i = 0;
+    offset += 2;
+
+    ax_wdt_feed();
+
+    PARANOIA_CHECK(pkt_size, total_cert_len + offset);
+
+    // record the start point for the second pass
+    offset_start = offset;
+
+    // first pass - count the certificates
+    while (offset < total_cert_len)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        offset += cert_size;
+        num_certs++;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    certs = (X509_CTX**) calloc(num_certs, sizeof(void*));
+    cert_used = (int*) calloc(num_certs, sizeof(int));
+    num_certs = 0;
+
+    // restore the offset from the saved value 
+    offset = offset_start;
+
+    // second pass - load the certificates
+    while (offset < total_cert_len)
+    {
+        offset++;       /* skip empty char */
+        cert_size = (buf[offset]<<8) + buf[offset+1];
+        offset += 2;
+        ax_wdt_feed();
+        if (x509_new(&buf[offset], NULL, certs+num_certs))
+        {
+            ret = SSL_ERROR_BAD_CERTIFICATE;
+            goto error;
+        }
+
+#if defined (CONFIG_SSL_FULL_MODE)
+        if (ssl->ssl_ctx->options & SSL_DISPLAY_CERTS)
+            x509_print(certs[num_certs], NULL);
+#endif
+        num_certs++;
+        offset += cert_size;
+    }
+
+    PARANOIA_CHECK(pkt_size, offset);
+
+    // third pass - link certs together, assume server cert is the first
+    *x509_ctx = certs[0];
+    chain = certs[0];
+    cert_used[0] = 1;
+
+    // repeat until the end of the chain is found
+    while (1)
+    {
+        // look for CA cert
+        for( i = 1; i < num_certs; i++ )
+        {
+            if (certs[i] == chain) 
+                continue;
+
+            if (cert_used[i]) 
+                continue; // don't allow loops
+
+            if (asn1_compare_dn(chain->ca_cert_dn, certs[i]->cert_dn) == 0)
+            {
+                // CA cert found, add it to the chain
+                cert_used[i] = 1;
+                chain->next = certs[i];
+                chain = certs[i];
+                break;
+            }
+        }
+
+        // no CA cert found, reached the end of the chain
+        if (i >= num_certs) 
+            break;
+    }
+
+    // clean up any certs that aren't part of the chain
+    for (i = 1; i < num_certs; i++)
+    {
+        if (cert_used[i] == 0) 
+            x509_free(certs[i]);
+    }
+
+    /* if we are client we can do the verify now or later */
+    if (is_client && !IS_SET_SSL_FLAG(SSL_SERVER_VERIFY_LATER))
+    {
+        ret = ssl_verify_cert(ssl);
+    }
+
+    ssl->next_state = is_client ? HS_SERVER_HELLO_DONE : HS_CLIENT_KEY_XCHG;
+    ssl->dc->bm_proc_index += offset;
+error:
+    // clean up arrays
+    if (certs) 
+        free(certs);
+
+    if (cert_used) 
+        free(cert_used);
+
+    return ret;
+}
+
+EXP_FUNC int STDCALL ssl_match_fingerprint(const SSL *ssl, const uint8_t* fp)
+{
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->fingerprint == NULL)
+        return 1;
+    int res = memcmp(ssl->x509_ctx->fingerprint, fp, SHA1_SIZE);
+    if (res != 0) {
+        printf("cert FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->fingerprint[i]);
+        }
+        printf("\r\ntest FP: ");
+        for (int i = 0; i < SHA1_SIZE; ++i) {
+            printf("%02X ", fp[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
+}
+
+EXP_FUNC int STDCALL ssl_match_spki_sha256(const SSL *ssl, const uint8_t* hash)
+{
+    if (ssl->x509_ctx == NULL || ssl->x509_ctx->spki_sha256 == NULL)
+        return 1;
+    int res = memcmp(ssl->x509_ctx->spki_sha256, hash, SHA256_SIZE);
+    if (res != 0) {
+        printf("cert SPKI SHA-256 hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", ssl->x509_ctx->spki_sha256[i]);
+        }
+        printf("\r\ntest hash: ");
+        for (int i = 0; i < SHA256_SIZE; ++i) {
+            printf("%02X ", hash[i]);
+        }
+        printf("\r\n");
+    }
+    return res;
+}
+
+#endif /* CONFIG_SSL_CERT_VERIFICATION */
+
+/**
+ * Debugging routine to display SSL handshaking stuff.
+ */
+#ifdef CONFIG_SSL_FULL_MODE
+/**
+ * Debugging routine to display SSL states.
+ */
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
+{
+    const char *str;
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    if (not_ok) printf("Error - invalid State:\t");
+    else printf("State:\t");
+    if (is_send) printf("sending ");
+    else printf("receiving ");
+
+    switch (state)
+    {
+        case HS_HELLO_REQUEST:
+            printf("Hello Request (0)\n");
+            break;
+
+        case HS_CLIENT_HELLO:
+            printf("Client Hello (1)\n");
+            break;
+
+        case HS_SERVER_HELLO:
+            printf("Server Hello (2)\n");
+            break;
+
+        case HS_CERTIFICATE:
+            printf("Certificate (11)\n");
+            break;
+
+        case HS_SERVER_KEY_XCHG:
+            printf("Certificate Request (12)\n");
+            break;
+
+        case HS_CERT_REQ:
+            printf("Certificate Request (13)\n");
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            printf("Server Hello Done (14)\n");
+            break;
+
+        case HS_CERT_VERIFY:
+            printf("Certificate Verify (15)\n");
+            break;
+
+        case HS_CLIENT_KEY_XCHG:
+            printf("Client Key Exchange (16)\n");
+            break;
+
+        case HS_FINISHED:
+            printf("Finished (16)\n");
+            break;
+
+        default:
+            printf("Error (Unknown)\n");
+            break;
+    }
+}
+
+/**
+ * Debugging routine to display RSA objects
+ */
+void DISPLAY_RSA(SSL *ssl, const RSA_CTX *rsa_ctx)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_RSA))
+        return;
+
+    RSA_print(rsa_ctx);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking bytes.
+ */
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...)
+{
+    va_list(ap);
+
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_BYTES))
+        return;
+
+    va_start(ap, size);
+    print_blob(format, data, size, va_arg(ap, char *));
+    va_end(ap);
+    TTY_FLUSH();
+}
+
+/**
+ * Debugging routine to display SSL handshaking errors.
+ */
+EXP_FUNC void STDCALL ssl_display_error(int error_code)
+{
+    if (error_code == SSL_OK)
+        return;
+
+    printf("Error: ");
+
+    /* X509 error? */
+    if (error_code < SSL_X509_OFFSET)
+    {
+        char buff[64];
+        printf("%s\n", x509_display_error(error_code - SSL_X509_OFFSET, buff));
+        return;
+    }
+
+    /* SSL alert error code */
+    if (error_code > SSL_ERROR_CONN_LOST)
+    {
+        printf("SSL error %d\n", -error_code);
+        return;
+    }
+
+    switch (error_code)
+    {
+        case SSL_ERROR_DEAD:
+            printf("connection dead");
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overflow");
+            break;
+
+        case SSL_ERROR_INVALID_HANDSHAKE:
+            printf("invalid handshake");
+            break;
+
+        case SSL_ERROR_INVALID_PROT_MSG:
+            printf("invalid protocol message");
+            break;
+
+        case SSL_ERROR_INVALID_HMAC:
+            printf("invalid mac");
+            break;
+
+        case SSL_ERROR_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ERROR_INVALID_SESSION:
+            printf("invalid session");
+            break;
+
+        case SSL_ERROR_NO_CIPHER:
+            printf("no cipher");
+            break;
+
+        case SSL_ERROR_INVALID_CERT_HASH_ALG:
+            printf("invalid cert hash algorithm");
+            break;
+
+        case SSL_ERROR_CONN_LOST:
+            printf("connection lost");
+            break;
+
+        case SSL_ERROR_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ERROR_INVALID_KEY:
+            printf("invalid key");
+            break;
+
+        case SSL_ERROR_FINISHED_INVALID:
+            printf("finished invalid");
+            break;
+
+        case SSL_ERROR_NO_CERT_DEFINED:
+            printf("no certificate defined");
+            break;
+
+        case SSL_ERROR_NO_CLIENT_RENOG:
+            printf("client renegotiation not supported");
+            break;
+            
+        case SSL_ERROR_NOT_SUPPORTED:
+            printf("Option not supported");
+            break;
+
+        default:
+            printf("undefined as yet - %d", error_code);
+            break;
+    }
+
+    printf("\n");
+}
+
+/**
+ * Debugging routine to display alerts.
+ */
+void DISPLAY_ALERT(SSL *ssl, int alert)
+{
+    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_STATES))
+        return;
+
+    printf("Alert: ");
+
+    switch (alert)
+    {
+        case SSL_ALERT_CLOSE_NOTIFY:
+            printf("close notify");
+            break;
+
+        case SSL_ALERT_UNEXPECTED_MESSAGE:
+            printf("unexpected message");
+            break;
+
+        case SSL_ALERT_BAD_RECORD_MAC:
+            printf("bad record mac");
+            break;
+
+        case SSL_ERROR_RECORD_OVERFLOW:
+            printf("record overlow");
+            break;
+
+        case SSL_ALERT_HANDSHAKE_FAILURE:
+            printf("handshake failure");
+            break;
+
+        case SSL_ALERT_BAD_CERTIFICATE:
+            printf("bad certificate");
+            break;
+
+        case SSL_ALERT_UNSUPPORTED_CERTIFICATE:
+            printf("unsupported certificate");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_EXPIRED:
+            printf("certificate expired");
+            break;
+
+        case SSL_ALERT_CERTIFICATE_UNKNOWN:
+            printf("certificate unknown");
+            break;
+
+        case SSL_ALERT_ILLEGAL_PARAMETER:
+            printf("illegal parameter");
+            break;
+
+        case SSL_ALERT_UNKNOWN_CA:
+            printf("unknown ca");
+            break;
+
+        case SSL_ALERT_DECODE_ERROR:
+            printf("decode error");
+            break;
+
+        case SSL_ALERT_DECRYPT_ERROR:
+            printf("decrypt error");
+            break;
+
+        case SSL_ALERT_INVALID_VERSION:
+            printf("invalid version");
+            break;
+
+        case SSL_ALERT_NO_RENEGOTIATION:
+            printf("no renegotiation");
+            break;
+
+        default:
+            printf("alert - (unknown %d)", alert);
+            break;
+    }
+
+    printf("\n");
+}
+
+#endif /* CONFIG_SSL_FULL_MODE */
+
+/**
+ * Return the version of this library.
+ */
+EXP_FUNC const char  * STDCALL ssl_version()
+{
+    static const char * axtls_version = AXTLS_VERSION;
+    return axtls_version;
+}
+
+/**
+ * Enable the various language bindings to work regardless of the
+ * configuration - they just return an error statement and a bad return code.
+ */
+#if !defined(CONFIG_SSL_FULL_MODE)
+EXP_FUNC void STDCALL ssl_display_error(int error_code) {}
+#endif
+
+#ifdef CONFIG_BINDINGS
+#if !defined(CONFIG_SSL_ENABLE_CLIENT)
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+#endif
+
+#if !defined(CONFIG_SSL_CERT_VERIFICATION)
+EXP_FUNC int STDCALL ssl_verify_cert(const SSL *ssl)
+{
+    printf("%s", unsupported_str);
+    return -1;
+}
+
+
+EXP_FUNC const char * STDCALL ssl_get_cert_dn(const SSL *ssl, int component)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+
+EXP_FUNC const char * STDCALL ssl_get_cert_subject_alt_dnsname(const SSL *ssl, int index)
+{
+    printf("%s", unsupported_str);
+    return NULL;
+}
+
+#endif  /* CONFIG_SSL_CERT_VERIFICATION */
+
+#endif /* CONFIG_BINDINGS */
+
diff --git a/ssl/tls1.h b/ssl/tls1.h
new file mode 100644
index 0000000000..fb3e555278
--- /dev/null
+++ b/ssl/tls1.h
@@ -0,0 +1,324 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file tls1.h
+ *
+ * @brief The definitions for the TLS library.
+ */
+#ifndef HEADER_SSL_LIB_H
+#define HEADER_SSL_LIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "version.h"
+#include "config.h"
+#include "os_int.h"
+#include "os_port.h"
+#include "crypto.h"
+#include "crypto_misc.h"
+
+#define SSL_PROTOCOL_MIN_VERSION    0x31   /* TLS v1.0 */
+#define SSL_PROTOCOL_VERSION_MAX    0x33   /* TLS v1.3 */
+#define SSL_PROTOCOL_VERSION_TLS1_1 0x32   /* TLS v1.1 */
+#define SSL_PROTOCOL_VERSION_TLS1_2 0x33   /* TLS v1.2 */
+#define SSL_RANDOM_SIZE             32
+#define SSL_SECRET_SIZE             48
+#define SSL_FINISHED_HASH_SIZE      12
+#define SSL_RECORD_SIZE             5
+#define SSL_SERVER_READ             0
+#define SSL_SERVER_WRITE            1
+#define SSL_CLIENT_READ             2
+#define SSL_CLIENT_WRITE            3
+#define SSL_HS_HDR_SIZE             4
+
+/* the flags we use while establishing a connection */
+#define SSL_NEED_RECORD             0x0001
+#define SSL_TX_ENCRYPTED            0x0002 
+#define SSL_RX_ENCRYPTED            0x0004
+#define SSL_SESSION_RESUME          0x0008
+#define SSL_IS_CLIENT               0x0010
+#define SSL_HAS_CERT_REQ            0x0020
+#define SSL_SENT_CLOSE_NOTIFY       0x0040
+
+/* some macros to muck around with flag bits */
+#define SET_SSL_FLAG(A)             (ssl->flag |= A)
+#define CLR_SSL_FLAG(A)             (ssl->flag &= ~A)
+#define IS_SET_SSL_FLAG(A)          (ssl->flag & A)
+
+#define MAX_KEY_BYTE_SIZE           512     /* for a 4096 bit key */
+#define RT_MAX_PLAIN_LENGTH         16384
+#define RT_EXTRA                    1024
+#define BM_RECORD_OFFSET            5
+
+#define NUM_PROTOCOLS               4
+
+#define MAX_SIG_ALGORITHMS          4
+#define SIG_ALG_SHA1                2
+#define SIG_ALG_SHA256              4
+#define SIG_ALG_SHA384              5
+#define SIG_ALG_SHA512              6
+#define SIG_ALG_RSA                 1
+
+#define PARANOIA_CHECK(A, B)        if (A < B) { \
+    ret = SSL_ERROR_INVALID_HANDSHAKE; goto error; }
+
+/* protocol types */
+enum
+{
+    PT_CHANGE_CIPHER_SPEC = 20,
+    PT_ALERT_PROTOCOL,
+    PT_HANDSHAKE_PROTOCOL,
+    PT_APP_PROTOCOL_DATA
+};
+
+/* handshaking types */
+enum
+{
+    HS_HELLO_REQUEST,
+    HS_CLIENT_HELLO,
+    HS_SERVER_HELLO,
+    HS_CERTIFICATE = 11,
+    HS_SERVER_KEY_XCHG,
+    HS_CERT_REQ,
+    HS_SERVER_HELLO_DONE,
+    HS_CERT_VERIFY,
+    HS_CLIENT_KEY_XCHG,
+    HS_FINISHED = 20
+};
+
+/* SSL extension types */
+enum
+{
+    SSL_EXT_SERVER_NAME = 0,
+    SSL_EXT_MAX_FRAGMENT_SIZE,
+    SSL_EXT_SIG_ALG = 0x0d,
+};
+
+typedef struct 
+{
+    uint8_t cipher;
+    uint8_t key_size;
+    uint8_t iv_size;
+    uint8_t padding_size;
+    uint8_t digest_size;
+    uint8_t key_block_size;
+    hmac_func_v hmac_v;
+    crypt_func encrypt;
+    crypt_func decrypt;
+} cipher_info_t;
+
+struct _SSLObjLoader 
+{
+    uint8_t *buf;
+    int len;
+};
+
+typedef struct _SSLObjLoader SSLObjLoader;
+
+typedef struct 
+{
+    time_t conn_time;
+    uint8_t session_id[SSL_SESSION_ID_SIZE];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+} SSL_SESSION;
+
+typedef struct
+{
+    uint8_t *buf;
+    int size;
+    uint8_t hash_alg;
+} SSL_CERT;
+
+typedef struct
+{
+    MD5_CTX md5_ctx;
+    SHA1_CTX sha1_ctx;
+    SHA256_CTX sha256_ctx;
+    uint8_t client_random[SSL_RANDOM_SIZE]; /* client's random sequence */
+    uint8_t server_random[SSL_RANDOM_SIZE]; /* server's random sequence */
+    uint8_t final_finish_mac[128];
+    uint8_t master_secret[SSL_SECRET_SIZE];
+    uint8_t key_block[256];
+    uint16_t bm_proc_index;
+    uint8_t key_block_generated;
+} DISPOSABLE_CTX;
+
+typedef struct 
+{
+    char *host_name; /* Needed for the SNI support */
+    /* Needed for the Max Fragment Size Extension. 
+       Allowed values: 2^9, 2^10 .. 2^14 */
+    uint16_t max_fragment_size; 
+} SSL_EXTENSIONS;
+
+struct _SSL
+{
+    uint32_t flag;
+    uint16_t need_bytes;
+    uint16_t got_bytes;
+    uint8_t record_type;
+    uint8_t cipher;
+    uint8_t sess_id_size;
+    uint8_t version;
+    uint8_t client_version;
+    int16_t next_state;
+    int16_t hs_status;
+    DISPOSABLE_CTX *dc;         /* temporary data which we'll get rid of soon */
+    int client_fd;
+    const cipher_info_t *cipher_info;
+    void *encrypt_ctx;
+    void *decrypt_ctx;
+    uint8_t *bm_all_data;
+    uint8_t *bm_data;
+    uint16_t bm_index;
+    uint16_t bm_read_index;
+    size_t max_plain_length;
+    uint8_t sig_algs[MAX_SIG_ALGORITHMS];
+    uint8_t num_sig_algs;
+    struct _SSL *next;                  /* doubly linked list */
+    struct _SSL *prev;
+    struct _SSL_CTX *ssl_ctx;           /* back reference to a clnt/svr ctx */
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t session_index;
+    SSL_SESSION *session;
+#endif
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    X509_CTX *x509_ctx;
+    bool can_free_certificates;
+#endif
+    uint8_t session_id[SSL_SESSION_ID_SIZE]; 
+    uint8_t client_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t server_mac[SHA256_SIZE];    /* for HMAC verification */
+    uint8_t read_sequence[8];           /* 64 bit sequence number */
+    uint8_t write_sequence[8];          /* 64 bit sequence number */
+    uint8_t hmac_header[SSL_RECORD_SIZE];    /* rx hmac */
+    SSL_EXTENSIONS *extensions; /* Contains the SSL (client) extensions */
+};
+
+typedef struct _SSL SSL;
+
+struct _SSL_CTX
+{
+    uint32_t options;
+    uint8_t chain_length;
+    RSA_CTX *rsa_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    CA_CERT_CTX *ca_cert_ctx;
+#endif
+    SSL *head;
+    SSL *tail;
+    SSL_CERT certs[CONFIG_SSL_MAX_CERTS];
+#ifndef CONFIG_SSL_SKELETON_MODE
+    uint16_t num_sessions;
+    SSL_SESSION **ssl_sessions;
+#endif
+#ifdef CONFIG_SSL_CTX_MUTEXING
+    SSL_CTX_MUTEX_TYPE mutex;
+#endif
+#ifdef CONFIG_OPENSSL_COMPATIBLE
+    void *bonus_attr;
+#endif
+};
+
+typedef struct _SSL_CTX SSL_CTX;
+
+/* backwards compatibility */
+typedef struct _SSL_CTX SSLCTX;
+
+extern const uint8_t ssl_prot_prefs[NUM_PROTOCOLS];
+
+SSL *ssl_new(SSL_CTX *ssl_ctx, int client_fd);
+void disposable_new(SSL *ssl);
+void disposable_free(SSL *ssl);
+int send_packet(SSL *ssl, uint8_t protocol, 
+        const uint8_t *in, int length);
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len);
+int process_finished(SSL *ssl, uint8_t *buf, int hs_len);
+int process_sslv23_client_hello(SSL *ssl);
+int send_alert(SSL *ssl, int error_code);
+int send_finished(SSL *ssl);
+int send_certificate(SSL *ssl);
+int basic_read(SSL *ssl, uint8_t **in_data);
+int send_change_cipher_spec(SSL *ssl);
+int finished_digest(SSL *ssl, const char *label, uint8_t *digest);
+void generate_master_secret(SSL *ssl, const uint8_t *premaster_secret);
+void add_packet(SSL *ssl, const uint8_t *pkt, int len);
+int add_cert(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+int add_private_key(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj);
+void ssl_obj_free(SSLObjLoader *ssl_obj);
+int pkcs8_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int pkcs12_decode(SSL_CTX *ssl_ctx, SSLObjLoader *ssl_obj, const char *password);
+int load_key_certs(SSL_CTX *ssl_ctx);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len);
+void remove_ca_certs(CA_CERT_CTX *ca_cert_ctx);
+#endif
+#ifdef CONFIG_SSL_ENABLE_CLIENT
+int do_client_connect(SSL *ssl);
+#endif
+
+#ifdef CONFIG_SSL_FULL_MODE
+void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok);
+void DISPLAY_BYTES(SSL *ssl, const char *format, 
+        const uint8_t *data, int size, ...);
+void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx);
+void DISPLAY_RSA(SSL *ssl,  const RSA_CTX *rsa_ctx);
+void DISPLAY_ALERT(SSL *ssl, int alert);
+#else
+#define DISPLAY_STATE(A,B,C,D)
+#define DISPLAY_CERT(A,B)
+#define DISPLAY_RSA(A,B)
+#define DISPLAY_ALERT(A, B)
+#ifdef WIN32
+void DISPLAY_BYTES(SSL *ssl, const char *format,/* win32 has no variadic macros */
+        const uint8_t *data, int size, ...);
+#else
+#define DISPLAY_BYTES(A,B,C,D,...)
+#endif
+#endif
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+int process_certificate(SSL *ssl, X509_CTX **x509_ctx);
+#endif
+
+SSL_SESSION *ssl_session_update(int max_sessions, 
+        SSL_SESSION *ssl_sessions[], SSL *ssl,
+        const uint8_t *session_id);
+void kill_ssl_session(SSL_SESSION **ssl_sessions, SSL *ssl);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif 
diff --git a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
new file mode 100644
index 0000000000..f670e704f6
--- /dev/null
+++ b/ssl/tls1_clnt.c
@@ -0,0 +1,541 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+#ifdef CONFIG_SSL_ENABLE_CLIENT        /* all commented out if no client */
+
+/* support sha512/384/256/1 RSA */
+static const uint8_t g_sig_alg[] = { 
+                0x00, SSL_EXT_SIG_ALG,
+                0x00, 0x0a, 0x00, 0x08,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA 
+};
+
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static int send_client_hello(SSL *ssl);
+static int process_server_hello(SSL *ssl);
+static int process_server_hello_done(SSL *ssl);
+static int send_client_key_xchg(SSL *ssl);
+static int process_cert_req(SSL *ssl);
+static int send_cert_verify(SSL *ssl);
+
+/*
+ * Establish a new SSL connection to an SSL server.
+ */
+EXP_FUNC SSL * STDCALL ssl_client_new(SSL_CTX *ssl_ctx, int client_fd, const
+        uint8_t *session_id, uint8_t sess_id_size, SSL_EXTENSIONS* ssl_ext)
+{
+    SSL *ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->version = SSL_PROTOCOL_VERSION_MAX; /* try top version first */
+
+    if (session_id && ssl_ctx->num_sessions)
+    {
+        if (sess_id_size > SSL_SESSION_ID_SIZE) /* validity check */
+        {
+            ssl_free(ssl);
+            return NULL;
+        }
+
+        memcpy(ssl->session_id, session_id, sess_id_size);
+        ssl->sess_id_size = sess_id_size;
+        SET_SSL_FLAG(SSL_SESSION_RESUME);   /* just flag for later */
+    }
+
+    ssl->extensions = ssl_ext;
+
+    SET_SSL_FLAG(SSL_IS_CLIENT);
+    do_client_connect(ssl);
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret;
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_SERVER_HELLO:
+            ret = process_server_hello(ssl);
+            break;
+
+        case HS_CERTIFICATE:
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+            break;
+
+        case HS_SERVER_HELLO_DONE:
+            if ((ret = process_server_hello_done(ssl)) == SSL_OK)
+            {
+                if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ))
+                {
+                    if ((ret = send_certificate(ssl)) == SSL_OK &&
+                        (ret = send_client_key_xchg(ssl)) == SSL_OK)
+                    {
+                        send_cert_verify(ssl);
+                    }
+                }
+                else
+                {
+                    ret = send_client_key_xchg(ssl);
+                }
+
+                if (ret == SSL_OK && 
+                     (ret = send_change_cipher_spec(ssl)) == SSL_OK)
+                {
+                    ret = send_finished(ssl);
+                }
+            }
+            break;
+
+        case HS_CERT_REQ:
+            ret = process_cert_req(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);
+            if (ssl->ssl_ctx->options & SSL_READ_BLOCKING) {
+                ssl->flag |= SSL_READ_BLOCKING;
+            }
+            /* note: client renegotiation is not allowed after this */
+            break;
+
+        case HS_HELLO_REQUEST:
+            disposable_new(ssl);
+            ret = do_client_connect(ssl);
+            break;
+
+        default:
+            ret = SSL_ERROR_INVALID_HANDSHAKE;
+            break;
+    }
+
+    return ret;
+}
+
+/*
+ * Do the handshaking from the beginning.
+ */
+int do_client_connect(SSL *ssl)
+{
+    int ret = SSL_OK;
+
+    send_client_hello(ssl);                 /* send the client hello */
+    ssl->bm_read_index = 0;
+    ssl->next_state = HS_SERVER_HELLO;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* sit in a loop until it all looks good */
+    if (!IS_SET_SSL_FLAG(SSL_CONNECT_IN_PARTS))
+    {
+        while (ssl->hs_status != SSL_OK)
+        {
+            ret = ssl_read(ssl, NULL);
+            
+            if (ret < SSL_OK)
+                break;
+        }
+
+        ssl->hs_status = ret;            /* connected? */    
+    }
+
+    return ret;
+}
+
+/*
+ * Send the initial client hello.
+ */
+static int send_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    time_t tm = time(NULL);
+    uint8_t *tm_ptr = &buf[6]; /* time will go here */
+    int i, offset, ext_offset;
+    int ext_len = 0;
+
+
+    buf[0] = HS_CLIENT_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* client random value - spec says that 1st 4 bytes are big endian time */
+    *tm_ptr++ = (uint8_t)(((long)tm & 0xff000000) >> 24);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x00ff0000) >> 16);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x0000ff00) >> 8);
+    *tm_ptr++ = (uint8_t)(((long)tm & 0x000000ff));
+    if (get_random(SSL_RANDOM_SIZE-4, &buf[10]) < 0)
+        return SSL_NOT_OK;
+
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+    /* give session resumption a go */
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))    /* set initially by user */
+    {
+        buf[offset++] = ssl->sess_id_size;
+        memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
+        offset += ssl->sess_id_size;
+        CLR_SSL_FLAG(SSL_SESSION_RESUME);       /* clear so we can set later */
+    }
+    else
+    {
+        /* no session id - because no session resumption just yet */
+        buf[offset++] = 0;
+    }
+
+    buf[offset++] = 0;              /* number of ciphers */
+    buf[offset++] = NUM_PROTOCOLS*2;/* number of ciphers */
+
+    /* put all our supported protocols in our request */
+    for (i = 0; i < NUM_PROTOCOLS; i++)
+    {
+        buf[offset++] = 0;          /* cipher we are using */
+        buf[offset++] = ssl_prot_prefs[i];
+    }
+
+    buf[offset++] = 1;              /* no compression */
+    buf[offset++] = 0;
+
+    ext_offset = offset;
+
+    buf[offset++] = 0;              /* total length of extensions */
+    buf[offset++] = 0;
+
+    /* send the signature algorithm extension for TLS 1.2+ */
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2)
+    {
+        memcpy(&buf[offset], g_sig_alg, sizeof(g_sig_alg));
+        offset += sizeof(g_sig_alg);
+        ext_len += sizeof(g_sig_alg);
+    }
+
+    if (ssl->extensions != NULL) 
+    {
+        /* send the host name if specified */
+        if (ssl->extensions->host_name != NULL) 
+        {
+            size_t host_len = strlen(ssl->extensions->host_name);
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_SERVER_NAME; /* server_name(0) (65535) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 5; /* server_name length */
+            buf[offset++] = 0;
+            buf[offset++] = host_len + 3; /* server_list length */
+            buf[offset++] = 0; /* host_name(0) (255) */
+            buf[offset++] = 0;
+            buf[offset++] = host_len; /* host_name length */
+            strncpy((char*) &buf[offset], ssl->extensions->host_name, host_len);
+            offset += host_len;
+            ext_len += host_len + 9;
+        }
+
+        if (ssl->extensions->max_fragment_size) 
+        {
+            buf[offset++] = 0;
+            buf[offset++] = SSL_EXT_MAX_FRAGMENT_SIZE;
+
+            buf[offset++] = 0; // size of data
+            buf[offset++] = 2;
+
+            buf[offset++] = (uint8_t)
+                ((ssl->extensions->max_fragment_size >> 8) & 0xff);
+            buf[offset++] = (uint8_t)
+                (ssl->extensions->max_fragment_size & 0xff);
+            ext_len += 6;
+        }
+    }
+
+    if (ext_len > 0) 
+    {
+    	// update the extensions length value
+    	buf[ext_offset] = (uint8_t) ((ext_len >> 8) & 0xff);
+    	buf[ext_offset + 1] = (uint8_t) (ext_len & 0xff);
+    }
+
+    buf[3] = offset - 4;            /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Process the server hello.
+ */
+static int process_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int num_sessions = ssl->ssl_ctx->num_sessions;
+    uint8_t sess_id_size;
+    int offset, ret = SSL_OK;
+
+    /* check that we are talking to a TLSv1 server */
+    uint8_t version = (buf[4] << 4) + buf[5];
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        version = SSL_PROTOCOL_VERSION_MAX;
+    }
+    else if (ssl->version < SSL_PROTOCOL_MIN_VERSION)
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    ssl->version = version;
+
+    /* get the server random value */
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE; /* skip of session id size */
+    sess_id_size = buf[offset++];
+
+    if (sess_id_size > SSL_SESSION_ID_SIZE)
+    {
+        ret = SSL_ERROR_INVALID_SESSION;
+        goto error;
+    }
+
+    if (num_sessions)
+    {
+        ssl->session = ssl_session_update(num_sessions,
+                ssl->ssl_ctx->ssl_sessions, ssl, &buf[offset]);
+        memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
+
+        /* pad the rest with 0's */
+        if (sess_id_size < SSL_SESSION_ID_SIZE)
+        {
+            memset(&ssl->session->session_id[sess_id_size], 0,
+                SSL_SESSION_ID_SIZE-sess_id_size);
+        }
+    }
+
+    memcpy(ssl->session_id, &buf[offset], sess_id_size);
+    ssl->sess_id_size = sess_id_size;
+    offset += sess_id_size;
+
+    /* get the real cipher we are using - ignore MSB */
+    ssl->cipher = buf[++offset];
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_SESSION_RESUME) ? 
+                                        HS_FINISHED : HS_CERTIFICATE;
+
+    offset += 2; // ignore compression
+    PARANOIA_CHECK(pkt_size, offset);
+
+    ssl->dc->bm_proc_index = offset;
+    PARANOIA_CHECK(pkt_size, offset);
+
+    // no extensions
+error:
+    return ret;
+}
+
+/**
+ * Process the server hello done message.
+ */
+static int process_server_hello_done(SSL *ssl)
+{
+    ssl->next_state = HS_FINISHED;
+    return SSL_OK;
+}
+
+/*
+ * Send a client key exchange message.
+ */
+static int send_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t premaster_secret[SSL_SECRET_SIZE];
+    int enc_secret_size = -1;
+
+    buf[0] = HS_CLIENT_KEY_XCHG;
+    buf[1] = 0;
+
+    // spec says client must use the what is initially negotiated -
+    // and this is our current version
+    premaster_secret[0] = 0x03; 
+    premaster_secret[1] = SSL_PROTOCOL_VERSION_MAX & 0x0f; 
+    if (get_random(SSL_SECRET_SIZE-2, &premaster_secret[2]) < 0)
+        return SSL_NOT_OK;
+
+    DISPLAY_RSA(ssl, ssl->x509_ctx->rsa_ctx);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    enc_secret_size = RSA_encrypt(ssl->x509_ctx->rsa_ctx, premaster_secret,
+            SSL_SECRET_SIZE, &buf[6], 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    buf[2] = (enc_secret_size + 2) >> 8;
+    buf[3] = (enc_secret_size + 2) & 0xff;
+    buf[4] = enc_secret_size >> 8;
+    buf[5] = enc_secret_size & 0xff;
+
+    generate_master_secret(ssl, premaster_secret);
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, enc_secret_size+6);
+}
+
+/*
+ * Process the certificate request.
+ */
+static int process_cert_req(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int ret = SSL_OK;
+    int cert_req_size = (buf[2]<<8) + buf[3];
+    int offset = 4;
+    int pkt_size = ssl->bm_index;
+    uint8_t cert_type_len, sig_alg_len;
+
+    PARANOIA_CHECK(pkt_size, offset + cert_req_size);
+    ssl->dc->bm_proc_index = cert_req_size;
+
+    /* don't do any processing - we will send back an RSA certificate anyway */
+    ssl->next_state = HS_SERVER_HELLO_DONE;
+    SET_SSL_FLAG(SSL_HAS_CERT_REQ);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        // supported certificate types
+        cert_type_len = buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + cert_type_len);
+        offset += cert_type_len;
+        
+        // supported signature algorithms
+        sig_alg_len = buf[offset++] << 8;
+        sig_alg_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + sig_alg_len);
+        
+        while (sig_alg_len > 0)
+        {
+            uint8_t hash_alg = buf[offset++];
+            uint8_t sig_alg = buf[offset++];
+            sig_alg_len -= 2;
+
+            if (sig_alg == SIG_ALG_RSA && 
+                    (hash_alg == SIG_ALG_SHA1 ||
+                     hash_alg == SIG_ALG_SHA256 ||
+                     hash_alg == SIG_ALG_SHA384 ||
+                     hash_alg == SIG_ALG_SHA512))
+            {
+                ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+            }
+        }
+    }
+
+error:
+    return ret;
+}
+
+/*
+ * Send a certificate verify message.
+ */
+static int send_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    uint8_t dgst[SHA1_SIZE+MD5_SIZE+15];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int n = 0, ret;
+    int offset = 0;
+    int dgst_len;
+
+    if (rsa_ctx == NULL)
+        return SSL_OK;
+
+    DISPLAY_RSA(ssl, rsa_ctx);
+
+    buf[0] = HS_CERT_VERIFY;
+    buf[1] = 0;
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        buf[4] = SIG_ALG_SHA256;
+        buf[5] = SIG_ALG_RSA;
+        offset = 6;
+        memcpy(dgst, g_asn1_sha256, sizeof(g_asn1_sha256));
+        dgst_len = finished_digest(ssl, NULL, &dgst[sizeof(g_asn1_sha256)]) + 
+                        sizeof(g_asn1_sha256);
+    }
+    else
+    {
+        offset = 4;
+        dgst_len = finished_digest(ssl, NULL, dgst);
+    }
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    if (rsa_ctx)
+    {
+        SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+        n = RSA_encrypt(rsa_ctx, dgst, dgst_len, &buf[offset + 2], 1);
+        SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+        if (n == 0)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+    
+    buf[offset] = n >> 8;        /* add the RSA size */
+    buf[offset+1] = n & 0xff;
+    n += 2;
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        n += 2; // sig/alg
+        offset -= 2;
+    }
+
+    buf[2] = n >> 8;
+    buf[3] = n & 0xff;
+    ret = send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, n + offset);
+
+error:
+    return ret;
+}
+
+#endif      /* CONFIG_SSL_ENABLE_CLIENT */
diff --git a/ssl/tls1_svr.c b/ssl/tls1_svr.c
new file mode 100644
index 0000000000..abc044552d
--- /dev/null
+++ b/ssl/tls1_svr.c
@@ -0,0 +1,526 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "os_port.h"
+#include "ssl.h"
+
+static const uint8_t g_hello_done[] = { HS_SERVER_HELLO_DONE, 0, 0, 0 };
+static const uint8_t g_asn1_sha256[] = 
+{ 
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 
+    0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static int process_client_hello(SSL *ssl);
+static int send_server_hello_sequence(SSL *ssl);
+static int send_server_hello(SSL *ssl);
+static int send_server_hello_done(SSL *ssl);
+static int process_client_key_xchg(SSL *ssl);
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int send_certificate_request(SSL *ssl);
+static int process_cert_verify(SSL *ssl);
+#endif
+
+/*
+ * Establish a new SSL connection to an SSL client.
+ */
+EXP_FUNC SSL * STDCALL ssl_server_new(SSL_CTX *ssl_ctx, int client_fd)
+{
+    SSL *ssl;
+
+    ssl = ssl_new(ssl_ctx, client_fd);
+    ssl->next_state = HS_CLIENT_HELLO;
+
+#ifdef CONFIG_SSL_FULL_MODE
+    if (ssl_ctx->chain_length == 0)
+        printf("Warning - no server certificate defined\n"); TTY_FLUSH();
+#endif
+
+    return ssl;
+}
+
+/*
+ * Process the handshake record.
+ */
+int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
+{
+    int ret = SSL_OK;
+    ssl->hs_status = SSL_NOT_OK;            /* not connected */
+
+    /* To get here the state must be valid */
+    switch (handshake_type)
+    {
+        case HS_CLIENT_HELLO:
+            if ((ret = process_client_hello(ssl)) == SSL_OK)
+                ret = send_server_hello_sequence(ssl);
+            break;
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+        case HS_CERTIFICATE:/* the client sends its cert */
+            ret = process_certificate(ssl, &ssl->x509_ctx);
+
+            if (ret == SSL_OK)    /* verify the cert */
+            { 
+                int cert_res;
+                int pathLenConstraint = 0;
+
+                cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, 
+                        ssl->x509_ctx, &pathLenConstraint);
+                ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res);
+            }
+            break;
+
+        case HS_CERT_VERIFY:    
+            ret = process_cert_verify(ssl);
+            add_packet(ssl, buf, hs_len);   /* needs to be done after */
+            break;
+#endif
+        case HS_CLIENT_KEY_XCHG:
+            ret = process_client_key_xchg(ssl);
+            break;
+
+        case HS_FINISHED:
+            ret = process_finished(ssl, buf, hs_len);
+            disposable_free(ssl);   /* free up some memory */
+            break;
+    }
+
+    return ret;
+}
+
+/* 
+ * Process a client hello message.
+ */
+static int process_client_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int pkt_size = ssl->bm_index;
+    int i, j, cs_len, id_len, offset = 6 + SSL_RANDOM_SIZE;
+    int ret = SSL_OK;
+    
+    uint8_t version = (buf[4] << 4) + buf[5];
+    ssl->version = ssl->client_version = version;
+
+    if (version > SSL_PROTOCOL_VERSION_MAX)
+    {
+        /* use client's version instead */
+        ssl->version = SSL_PROTOCOL_VERSION_MAX; 
+    }
+    else if (version < SSL_PROTOCOL_MIN_VERSION)  /* old version supported? */
+    {
+        ret = SSL_ERROR_INVALID_VERSION;
+        ssl_display_error(ret);
+        goto error;
+    }
+
+    memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
+
+    /* process the session id */
+    id_len = buf[offset++];
+    if (id_len > SSL_SESSION_ID_SIZE)
+    {
+        return SSL_ERROR_INVALID_SESSION;
+    }
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    ssl->session = ssl_session_update(ssl->ssl_ctx->num_sessions,
+            ssl->ssl_ctx->ssl_sessions, ssl, id_len ? &buf[offset] : NULL);
+#endif
+
+    offset += id_len;
+    cs_len = (buf[offset]<<8) + buf[offset+1];
+    offset += 3;        /* add 1 due to all cipher suites being 8 bit */
+
+    PARANOIA_CHECK(pkt_size, offset + cs_len);
+
+    /* work out what cipher suite we are going to use - client defines 
+       the preference */
+    for (i = 0; i < cs_len; i += 2)
+    {
+        for (j = 0; j < NUM_PROTOCOLS; j++)
+        {
+            if (ssl_prot_prefs[j] == buf[offset+i])   /* got a match? */
+            {
+                ssl->cipher = ssl_prot_prefs[j];
+                goto do_compression;
+            }
+        }
+    }
+
+    /* ouch! protocol is not supported */
+    return SSL_ERROR_NO_CIPHER;
+
+    /* completely ignore compression */
+do_compression:
+    offset += cs_len;
+    id_len = buf[offset++];
+    offset += id_len;
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+
+    if (offset == pkt_size)
+    {
+        /* no extensions */
+        goto error;
+    }
+
+    /* extension size */
+    id_len = buf[offset++] << 8;
+    id_len += buf[offset++];
+    PARANOIA_CHECK(pkt_size, offset + id_len);
+    
+    // Check for extensions from the client - only the signature algorithm
+    // is supported
+    while (offset < pkt_size) 
+    {
+        int ext = buf[offset++] << 8;
+        ext += buf[offset++];
+        int ext_len = buf[offset++] << 8;
+        ext_len += buf[offset++];
+        PARANOIA_CHECK(pkt_size, offset + ext_len);
+        
+        if (ext == SSL_EXT_SIG_ALG)
+        {
+            while (ext_len > 0)
+            {
+                uint8_t hash_alg = buf[offset++];
+                uint8_t sig_alg = buf[offset++];
+                ext_len -= 2;
+
+                if (sig_alg == SIG_ALG_RSA && 
+                        (hash_alg == SIG_ALG_SHA1 ||
+                         hash_alg == SIG_ALG_SHA256 ||
+                         hash_alg == SIG_ALG_SHA384 ||
+                         hash_alg == SIG_ALG_SHA512))
+                {
+                    ssl->sig_algs[ssl->num_sig_algs++] = hash_alg;
+                }
+            }
+        }
+        else
+        {
+            offset += ext_len;
+        }
+    }
+
+    /* default is RSA/SHA1 */
+    if (ssl->num_sig_algs == 0)
+    {
+        ssl->sig_algs[ssl->num_sig_algs++] = SIG_ALG_SHA1;
+    }
+
+error:
+    return ret;
+}
+
+/*
+ * Send the entire server hello sequence
+ */
+static int send_server_hello_sequence(SSL *ssl)
+{
+    int ret;
+
+    if ((ret = send_server_hello(ssl)) == SSL_OK)
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        /* resume handshake? */
+        if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+        {
+            if ((ret = send_change_cipher_spec(ssl)) == SSL_OK)
+            {
+                ret = send_finished(ssl);
+                ssl->next_state = HS_FINISHED;
+            }
+        }
+        else 
+#endif
+        if ((ret = send_certificate(ssl)) == SSL_OK)
+        {
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+            /* ask the client for its certificate */
+            if (IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION))
+            {
+                if ((ret = send_certificate_request(ssl)) == SSL_OK)
+                {
+                    ret = send_server_hello_done(ssl);
+                    ssl->next_state = HS_CERTIFICATE;
+                }
+            }
+            else
+#endif
+            {
+                ret = send_server_hello_done(ssl);
+                ssl->next_state = HS_CLIENT_KEY_XCHG;
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*
+ * Send a server hello message.
+ */
+static int send_server_hello(SSL *ssl)
+{
+    uint8_t *buf = ssl->bm_data;
+    int offset = 0;
+
+    buf[0] = HS_SERVER_HELLO;
+    buf[1] = 0;
+    buf[2] = 0;
+    /* byte 3 is calculated later */
+    buf[4] = 0x03;
+    buf[5] = ssl->version & 0x0f;
+
+    /* server random value */
+    if (get_random(SSL_RANDOM_SIZE, &buf[6]) < 0)
+        return SSL_NOT_OK;
+
+    memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
+    offset = 6 + SSL_RANDOM_SIZE;
+
+#ifndef CONFIG_SSL_SKELETON_MODE
+    if (IS_SET_SSL_FLAG(SSL_SESSION_RESUME))
+    {
+        /* retrieve id from session cache */
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+        offset += SSL_SESSION_ID_SIZE;
+    }
+    else    /* generate our own session id */
+#endif
+    {
+#ifndef CONFIG_SSL_SKELETON_MODE
+        buf[offset++] = SSL_SESSION_ID_SIZE;
+        get_random(SSL_SESSION_ID_SIZE, &buf[offset]);
+        memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
+        ssl->sess_id_size = SSL_SESSION_ID_SIZE;
+
+        /* store id in session cache */
+        if (ssl->ssl_ctx->num_sessions)
+        {
+            memcpy(ssl->session->session_id, 
+                    ssl->session_id, SSL_SESSION_ID_SIZE);
+        }
+
+        offset += SSL_SESSION_ID_SIZE;
+#else
+        buf[offset++] = 0;  /* don't bother with session id in skelton mode */
+#endif
+    }
+
+    buf[offset++] = 0;      /* cipher we are using */
+    buf[offset++] = ssl->cipher;
+    buf[offset++] = 0;      /* no compression and no extensions supported */
+    buf[3] = offset - 4;    /* handshake size */
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
+}
+
+/*
+ * Send the server hello done message.
+ */
+static int send_server_hello_done(SSL *ssl)
+{
+    return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+                            g_hello_done, sizeof(g_hello_done));
+}
+
+/*
+ * Pull apart a client key exchange message. Decrypt the pre-master key (using
+ * our RSA private key) and then work out the master key. Initialise the
+ * ciphers.
+ */
+static int process_client_key_xchg(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    int premaster_size, secret_length = (buf[2] << 8) + buf[3];
+    uint8_t premaster_secret[MAX_KEY_BYTE_SIZE];
+    RSA_CTX *rsa_ctx = ssl->ssl_ctx->rsa_ctx;
+    int offset = 4;
+    int ret = SSL_OK;
+    
+    if (rsa_ctx == NULL)
+    {
+        ret = SSL_ERROR_NO_CERT_DEFINED;
+        goto error;
+    }
+
+    /* is there an extra size field? */
+    if ((secret_length - 2) == rsa_ctx->num_octets)
+        offset += 2;
+
+    PARANOIA_CHECK(pkt_size, rsa_ctx->num_octets+offset);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    premaster_size = RSA_decrypt(rsa_ctx, &buf[offset], premaster_secret,
+            sizeof(premaster_secret), 1);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (premaster_size != SSL_SECRET_SIZE || 
+            premaster_secret[0] != 0x03 ||  /* must be the same as client
+                                               offered version */
+                premaster_secret[1] != (ssl->client_version & 0x0f))
+    {
+        /* guard against a Bleichenbacher attack */
+        if (get_random(SSL_SECRET_SIZE, premaster_secret) < 0)
+            return SSL_NOT_OK;
+
+        /* and continue - will die eventually when checking the mac */
+    }
+
+    generate_master_secret(ssl, premaster_secret);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+    ssl->next_state = IS_SET_SSL_FLAG(SSL_CLIENT_AUTHENTICATION) ?  
+                                            HS_CERT_VERIFY : HS_FINISHED;
+#else
+    ssl->next_state = HS_FINISHED; 
+#endif
+
+    ssl->dc->bm_proc_index += rsa_ctx->num_octets+offset;
+error:
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static const uint8_t g_cert_request[] = { HS_CERT_REQ, 0, 
+                0, 0x0e, 
+                1, 1, // rsa sign 
+                0x00, 0x08,
+                SIG_ALG_SHA256, SIG_ALG_RSA,
+                SIG_ALG_SHA512, SIG_ALG_RSA,
+                SIG_ALG_SHA384, SIG_ALG_RSA,
+                SIG_ALG_SHA1, SIG_ALG_RSA,
+                0, 0
+};
+
+static const uint8_t g_cert_request_v1[] = { HS_CERT_REQ, 0, 0, 4, 1, 0, 0, 0 };
+
+/*
+ * Send the certificate request message.
+ */
+static int send_certificate_request(SSL *ssl)
+{
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request, sizeof(g_cert_request));
+    }
+    else
+    {
+        return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, 
+            g_cert_request_v1, sizeof(g_cert_request_v1));
+    }
+}
+
+/*
+ * Ensure the client has the private key by first decrypting the packet and
+ * then checking the packet digests.
+ */
+static int process_cert_verify(SSL *ssl)
+{
+    uint8_t *buf = &ssl->bm_data[ssl->dc->bm_proc_index];
+    int pkt_size = ssl->bm_index;
+    uint8_t dgst_buf[MAX_KEY_BYTE_SIZE];
+    uint8_t dgst[MD5_SIZE + SHA1_SIZE];
+    X509_CTX *x509_ctx = ssl->x509_ctx;
+    int ret = SSL_OK;
+    int offset = 6;
+    int rsa_len;
+    int n;
+
+    DISPLAY_RSA(ssl, x509_ctx->rsa_ctx);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        // TODO: should really need to be able to handle other algorihms. An 
+        // assumption is made on RSA/SHA256 and appears to be OK.
+        //uint8_t hash_alg = buf[4];
+        //uint8_t sig_alg = buf[5];
+        offset = 8;
+        rsa_len = (buf[6] << 8) + buf[7];
+    }
+    else
+    {
+        rsa_len = (buf[4] << 8) + buf[5];
+    }
+
+    PARANOIA_CHECK(pkt_size, offset + rsa_len);
+
+    /* rsa_ctx->bi_ctx is not thread-safe */
+    SSL_CTX_LOCK(ssl->ssl_ctx->mutex);
+    n = RSA_decrypt(x509_ctx->rsa_ctx, &buf[offset], dgst_buf, 
+                    sizeof(dgst_buf), 0);
+    SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
+
+    if (ssl->version >= SSL_PROTOCOL_VERSION_TLS1_2) // TLS1.2+
+    {
+        if (memcmp(dgst_buf, g_asn1_sha256, sizeof(g_asn1_sha256)))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(&dgst_buf[sizeof(g_asn1_sha256)], dgst, SHA256_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto error;
+        }
+    }
+    else // TLS1.0/1.1
+    {
+        if (n != SHA1_SIZE + MD5_SIZE)
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+            goto end_cert_vfy;
+        }
+
+        finished_digest(ssl, NULL, dgst);       /* calculate the digest */
+        if (memcmp(dgst_buf, dgst, MD5_SIZE + SHA1_SIZE))
+        {
+            ret = SSL_ERROR_INVALID_KEY;
+        }
+    }
+
+end_cert_vfy:
+    ssl->next_state = HS_FINISHED;
+error:
+    return ret;
+}
+
+#endif
diff --git a/ssl/version.h b/ssl/version.h
new file mode 100644
index 0000000000..c9d6c252f2
--- /dev/null
+++ b/ssl/version.h
@@ -0,0 +1 @@
+#define AXTLS_VERSION    "2.1.2"
diff --git a/ssl/x509.c b/ssl/x509.c
new file mode 100644
index 0000000000..dbb9fd3dd3
--- /dev/null
+++ b/ssl/x509.c
@@ -0,0 +1,899 @@
+/*
+ * Copyright (c) 2007-2016, Cameron Rich
+ * 
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice, 
+ *   this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice, 
+ *   this list of conditions and the following disclaimer in the documentation 
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the axTLS project nor the names of its contributors 
+ *   may be used to endorse or promote products derived from this software 
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file x509.c
+ * 
+ * Certificate processing.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "os_port.h"
+#include "crypto_misc.h"
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx);
+
+/**
+ * Retrieve the signature from a certificate.
+ */
+static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
+{
+    int offset = 0;
+    const uint8_t *ptr = NULL;
+
+    if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 || 
+            asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
+        goto end_get_sig;
+
+    if (asn1_sig[offset++] != ASN1_OCTET_STRING)
+        goto end_get_sig;
+    *len = get_asn1_length(asn1_sig, &offset);
+    ptr = &asn1_sig[offset];          /* all ok */
+
+end_get_sig:
+    return ptr;
+}
+
+#endif
+
+/**
+ * Construct a new x509 object.
+ * @return 0 if ok. < 0 if there was a problem.
+ */
+int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
+{
+    int begin_tbs, end_tbs, begin_spki, end_spki;
+    int ret = X509_NOT_OK, offset = 0, cert_size = 0;
+    int version = 0;
+    X509_CTX *x509_ctx;
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    BI_CTX *bi_ctx;
+#endif
+
+    *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
+    x509_ctx = *ctx;
+
+    /* get the certificate size */
+    asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE); 
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    begin_tbs = offset;         /* start of the tbs */
+    end_tbs = begin_tbs;        /* work out the end of the tbs */
+    asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
+
+    if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* optional version */
+    if (cert[offset] == ASN1_EXPLICIT_TAG && 
+            asn1_version(cert, &offset, &version) == X509_NOT_OK)
+        goto end_cert;
+
+    if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */ 
+            asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
+        goto end_cert;
+
+    /* make sure the signature is ok */
+    if (asn1_signature_type(cert, &offset, x509_ctx))
+    {
+        ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
+        goto end_cert;
+    }
+
+    if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) || 
+            asn1_validity(cert, &offset, x509_ctx) ||
+            asn1_name(cert, &offset, x509_ctx->cert_dn))
+    {
+        goto end_cert;
+    }
+    begin_spki = offset;
+    if (asn1_public_key(cert, &offset, x509_ctx))
+        goto end_cert;
+    end_spki = offset;
+
+    x509_ctx->fingerprint = malloc(SHA1_SIZE);
+    SHA1_CTX sha_fp_ctx;
+    SHA1_Init(&sha_fp_ctx);
+    SHA1_Update(&sha_fp_ctx, &cert[0], cert_size);
+    SHA1_Final(x509_ctx->fingerprint, &sha_fp_ctx);
+
+    x509_ctx->spki_sha256 = malloc(SHA256_SIZE);
+    SHA256_CTX spki_hash_ctx;
+    SHA256_Init(&spki_hash_ctx);
+    SHA256_Update(&spki_hash_ctx, &cert[begin_spki], end_spki-begin_spki);
+    SHA256_Final(x509_ctx->spki_sha256, &spki_hash_ctx);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+    bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
+
+    /* use the appropriate signature algorithm */
+    switch (x509_ctx->sig_type)
+    {
+        case SIG_TYPE_MD5:
+        {
+            MD5_CTX md5_ctx;
+            uint8_t md5_dgst[MD5_SIZE];
+            MD5_Init(&md5_ctx);
+            MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            MD5_Final(md5_dgst, &md5_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA1:
+        {
+            SHA1_CTX sha_ctx;
+            uint8_t sha_dgst[SHA1_SIZE];
+            SHA1_Init(&sha_ctx);
+            SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA1_Final(sha_dgst, &sha_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA256:
+        {
+            SHA256_CTX sha256_ctx;
+            uint8_t sha256_dgst[SHA256_SIZE];
+            SHA256_Init(&sha256_ctx);
+            SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA256_Final(sha256_dgst, &sha256_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA384:
+        {
+            SHA384_CTX sha384_ctx;
+            uint8_t sha384_dgst[SHA384_SIZE];
+            SHA384_Init(&sha384_ctx);
+            SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA384_Final(sha384_dgst, &sha384_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
+        }
+            break;
+
+        case SIG_TYPE_SHA512:
+        {
+            SHA512_CTX sha512_ctx;
+            uint8_t sha512_dgst[SHA512_SIZE];
+            SHA512_Init(&sha512_ctx);
+            SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
+            SHA512_Final(sha512_dgst, &sha512_ctx);
+            x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
+        }
+            break;
+    }
+
+    if (version == 2 && asn1_next_obj(cert, &offset, ASN1_V3_DATA) > 0)
+    {
+        x509_v3_subject_alt_name(cert, offset, x509_ctx);
+        x509_v3_basic_constraints(cert, offset, x509_ctx);
+        x509_v3_key_usage(cert, offset, x509_ctx);
+    }
+
+    offset = end_tbs;   /* skip the rest of v3 data */
+    if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) || 
+            asn1_signature(cert, &offset, x509_ctx))
+        goto end_cert;
+#endif
+    ret = X509_OK;
+end_cert:
+    if (len)
+    {
+        *len = cert_size;
+    }
+
+    if (ret)
+    {
+#ifdef CONFIG_SSL_FULL_MODE
+        char buff[64];
+        printf("Error: Invalid X509 ASN.1 file (%s)\n",
+                        x509_display_error(ret, buff));
+#endif
+        x509_free(x509_ctx);
+        *ctx = NULL;
+    }
+
+    return ret;
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
+static int x509_v3_subject_alt_name(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    if ((offset = asn1_is_subject_alt_name(cert, offset)) > 0)
+    {
+        x509_ctx->subject_alt_name_present = true;
+        x509_ctx->subject_alt_name_is_critical = 
+                        asn1_is_critical_ext(cert, &offset);
+
+        if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) > 0)
+        {
+            int altlen;
+
+            if ((altlen = asn1_next_obj(cert, &offset, ASN1_SEQUENCE)) > 0)
+            {
+                int endalt = offset + altlen;
+                int totalnames = 0;
+
+                while (offset < endalt)
+                {
+                    int type = cert[offset++];
+                    int dnslen = get_asn1_length(cert, &offset);
+
+                    if (type == ASN1_CONTEXT_DNSNAME)
+                    {
+                        x509_ctx->subject_alt_dnsnames = (char**)
+                                realloc(x509_ctx->subject_alt_dnsnames, 
+                                   (totalnames + 2) * sizeof(char*));
+                        x509_ctx->subject_alt_dnsnames[totalnames] = 
+                                (char*)malloc(dnslen + 1);
+                        x509_ctx->subject_alt_dnsnames[totalnames+1] = NULL;
+                        memcpy(x509_ctx->subject_alt_dnsnames[totalnames], 
+                                cert + offset, dnslen);
+                        x509_ctx->subject_alt_dnsnames[totalnames][dnslen] = 0;
+                        totalnames++;
+                    }
+
+                    offset += dnslen;
+                }
+            }
+        }
+    }
+
+    return X509_OK;
+}
+
+/**
+ * Basic constraints - see https://tools.ietf.org/html/rfc5280#page-39
+ */
+static int x509_v3_basic_constraints(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_basic_constraints(cert, offset)) == 0)
+        goto end_contraints;
+
+    x509_ctx->basic_constraint_present = true;
+    x509_ctx->basic_constraint_is_critical = 
+                    asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0 ||
+    		asn1_get_bool(cert, &offset, &x509_ctx->basic_constraint_cA) < 0 ||
+    		asn1_get_int(cert, &offset,
+    		                &x509_ctx->basic_constraint_pathLenConstraint) < 0)
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_contraints:
+    return ret;
+}
+
+/*
+ * Key usage - see https://tools.ietf.org/html/rfc5280#section-4.2.1.3
+ */
+static int x509_v3_key_usage(const uint8_t *cert, int offset, 
+        X509_CTX *x509_ctx)
+{
+    int ret = X509_OK;
+
+    if ((offset = asn1_is_key_usage(cert, offset)) == 0)
+        goto end_key_usage;
+
+    x509_ctx->key_usage_present = true;
+    x509_ctx->key_usage_is_critical = asn1_is_critical_ext(cert, &offset);
+
+    if (asn1_next_obj(cert, &offset, ASN1_OCTET_STRING) < 0 ||
+    		asn1_get_bit_string_as_int(cert, &offset, &x509_ctx->key_usage))
+    {
+        ret = X509_NOT_OK;       
+    }
+
+end_key_usage:
+    return ret;
+}
+#endif
+
+/**
+ * Free an X.509 object's resources.
+ */
+void x509_free(X509_CTX *x509_ctx)
+{
+    X509_CTX *next;
+    int i;
+
+    if (x509_ctx == NULL)       /* if already null, then don't bother */
+        return;
+
+    for (i = 0; i < X509_NUM_DN_TYPES; i++)
+    {
+        free(x509_ctx->ca_cert_dn[i]);
+        free(x509_ctx->cert_dn[i]);
+    }
+
+    free(x509_ctx->signature);
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION 
+    if (x509_ctx->digest)
+    {
+        bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
+    }
+
+    if (x509_ctx->fingerprint)
+    {
+        free(x509_ctx->fingerprint);
+    }
+
+    if (x509_ctx->spki_sha256)
+    {
+        free(x509_ctx->spki_sha256);
+    }
+
+    if (x509_ctx->subject_alt_dnsnames)
+    {
+        for (i = 0; x509_ctx->subject_alt_dnsnames[i]; ++i)
+            free(x509_ctx->subject_alt_dnsnames[i]);
+
+        free(x509_ctx->subject_alt_dnsnames);
+    }
+#endif
+
+    RSA_free(x509_ctx->rsa_ctx);
+    next = x509_ctx->next;
+    free(x509_ctx);
+    x509_free(next);        /* clear the chain */
+}
+
+#ifdef CONFIG_SSL_CERT_VERIFICATION
+/**
+ * Take a signature and decrypt it.
+ */
+static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
+        bigint *modulus, bigint *pub_exp)
+{
+    int i, size;
+    bigint *decrypted_bi, *dat_bi;
+    bigint *bir = NULL;
+    uint8_t *block = (uint8_t *)malloc(sig_len);
+
+    /* decrypt */
+    dat_bi = bi_import(ctx, sig, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    /* convert to a normal block */
+    decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
+
+    bi_export(ctx, decrypted_bi, block, sig_len);
+    ctx->mod_offset = BIGINT_M_OFFSET;
+
+    i = 10; /* start at the first possible non-padded byte */
+    while (block[i++] && i < sig_len);
+    size = sig_len - i;
+
+    /* get only the bit we want */
+    if (size > 0)
+    {
+        int len;
+        const uint8_t *sig_ptr = get_signature(&block[i], &len);
+
+        if (sig_ptr)
+        {
+            bir = bi_import(ctx, sig_ptr, len);
+        }
+    }
+    free(block);
+    /* save a few bytes of memory */
+    bi_clear_cache(ctx);
+    return bir;
+}
+
+/**
+ * Do some basic checks on the certificate chain.
+ *
+ * Certificate verification consists of a number of checks:
+ * - The date of the certificate is after the start date.
+ * - The date of the certificate is before the finish date.
+ * - A root certificate exists in the certificate store.
+ * - That the certificate(s) are not self-signed.
+ * - The certificate chain is valid.
+ * - The signature of the certificate is valid.
+ * - Basic constraints 
+ */
+int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert, 
+        int *pathLenConstraint) 
+{
+    int ret = X509_OK, i = 0;
+    bigint *cert_sig;
+    X509_CTX *next_cert = NULL;
+    BI_CTX *ctx = NULL;
+    bigint *mod = NULL, *expn = NULL;
+    int match_ca_cert = 0;
+    struct timeval tv;
+    uint8_t is_self_signed = 0;
+
+    if (cert == NULL)
+    {
+        ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+        goto end_verify;
+    }
+
+    /* a self-signed certificate that is not in the CA store - use this 
+       to check the signature */
+    if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
+    {
+        is_self_signed = 1;
+        ctx = cert->rsa_ctx->bi_ctx;
+        mod = cert->rsa_ctx->m;
+        expn = cert->rsa_ctx->e;
+    }
+
+    gettimeofday(&tv, NULL);
+
+    /* check the not before date */
+    if (tv.tv_sec < cert->not_before)
+    {
+        ret = X509_VFY_ERROR_NOT_YET_VALID;
+        goto end_verify;
+    }
+
+    /* check the not after date */
+    if (tv.tv_sec > cert->not_after)
+    {
+        ret = X509_VFY_ERROR_EXPIRED;
+        goto end_verify;
+    }
+
+    if (cert->basic_constraint_present)
+    {
+    	/* If the cA boolean is not asserted,
+    	   then the keyCertSign bit in the key usage extension MUST NOT be
+    	   asserted. */
+    	if (!cert->basic_constraint_cA &&
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
+
+        /* The pathLenConstraint field is meaningful only if the cA boolean is
+           asserted and the key usage extension, if present, asserts the
+           keyCertSign bit.  In this case, it gives the maximum number of 
+           non-self-issued intermediate certificates that may follow this 
+           certificate in a valid certification path. */
+		if (cert->basic_constraint_cA &&
+            (!cert->key_usage_present || 
+                IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN)) &&
+            (cert->basic_constraint_pathLenConstraint+1) < *pathLenConstraint)
+		{
+			ret = X509_VFY_ERROR_BASIC_CONSTRAINT;
+			goto end_verify;
+		}
+    }
+
+    next_cert = cert->next;
+
+    /* last cert in the chain - look for a trusted cert */
+    if (next_cert == NULL)
+    {
+       if (ca_cert_ctx != NULL) 
+       {
+            /* go thru the CA store */
+            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            {
+                /* the extension is present but the cA boolean is not 
+                   asserted, then the certified public key MUST NOT be used 
+                   to verify certificate signatures. */
+                if (cert->basic_constraint_present && 
+                        !ca_cert_ctx->cert[i]->basic_constraint_cA)
+                    continue;
+                        
+                if (asn1_compare_dn(cert->ca_cert_dn,
+                                            ca_cert_ctx->cert[i]->cert_dn) == 0)
+                {
+                    /* use this CA certificate for signature verification */
+                    match_ca_cert = true;
+                    ctx = ca_cert_ctx->cert[i]->rsa_ctx->bi_ctx;
+                    mod = ca_cert_ctx->cert[i]->rsa_ctx->m;
+                    expn = ca_cert_ctx->cert[i]->rsa_ctx->e;
+
+
+                    break;
+                }
+
+                i++;
+            }
+        }
+
+        /* couldn't find a trusted cert (& let self-signed errors 
+           be returned) */
+        if (!match_ca_cert && !is_self_signed)
+        {
+            ret = X509_VFY_ERROR_NO_TRUSTED_CERT;       
+            goto end_verify;
+        }
+    }
+    else if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
+    {
+        /* check the chain */
+        ret = X509_VFY_ERROR_INVALID_CHAIN;
+        goto end_verify;
+    }
+    else /* use the next certificate in the chain for signature verify */
+    {
+        ctx = next_cert->rsa_ctx->bi_ctx;
+        mod = next_cert->rsa_ctx->m;
+        expn = next_cert->rsa_ctx->e;
+    }
+
+    /* cert is self signed */
+    if (!match_ca_cert && is_self_signed)
+    {
+        ret = X509_VFY_ERROR_SELF_SIGNED;
+        goto end_verify;
+    }
+
+    /* check the signature */
+    cert_sig = sig_verify(ctx, cert->signature, cert->sig_len, 
+                        bi_clone(ctx, mod), bi_clone(ctx, expn));
+
+    if (cert_sig && cert->digest)
+    {
+        if (bi_compare(cert_sig, cert->digest) != 0)
+            ret = X509_VFY_ERROR_BAD_SIGNATURE;
+
+
+        bi_free(ctx, cert_sig);
+    }
+    else
+    {
+        ret = X509_VFY_ERROR_BAD_SIGNATURE;
+    }
+
+    if (ret)
+        goto end_verify;
+
+    /* go down the certificate chain using recursion. */
+    if (next_cert != NULL)
+    {
+    	(*pathLenConstraint)++; /* don't include last certificate */
+        ret = x509_verify(ca_cert_ctx, next_cert, pathLenConstraint);
+    }
+
+end_verify:
+    return ret;
+}
+#endif
+
+#if defined (CONFIG_SSL_FULL_MODE)
+/**
+ * Used for diagnostics.
+ */
+static const char *not_part_of_cert = "<Not Part Of Certificate>";
+void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) 
+{
+    if (cert == NULL)
+        return;
+
+    printf("=== CERTIFICATE ISSUED TO ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
+                    cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
+        cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    if (cert->cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->cert_dn[X509_STATE]);
+    }
+
+    if (cert->basic_constraint_present)
+    {
+        printf("Basic Constraints:\t\t%sCA:%s, pathlen:%d\n",
+                cert->basic_constraint_is_critical ? 
+                    "critical, " : "",
+                cert->basic_constraint_cA? "TRUE" : "FALSE",
+                cert->basic_constraint_pathLenConstraint);
+    }
+
+    if (cert->key_usage_present)
+    {
+        printf("Key Usage:\t\t\t%s", cert->key_usage_is_critical ? 
+                    "critical, " : "");
+        bool has_started = false;
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DIGITAL_SIGNATURE))
+        {
+            printf("Digital Signature");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_NON_REPUDIATION))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Non Repudiation");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Encipherment");
+            has_started = true;
+        }
+        
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DATA_ENCIPHERMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Data Encipherment");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_AGREEMENT))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Agreement");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_KEY_CERT_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Key Cert Sign");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_CRL_SIGN))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("CRL Sign");
+            has_started = true;
+        }
+       
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_ENCIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Encipher Only");
+            has_started = true;
+        }
+
+        if (IS_SET_KEY_USAGE_FLAG(cert, KEY_USAGE_DECIPHER_ONLY))
+        {
+            if (has_started)
+                printf(", ");
+
+            printf("Decipher Only");
+            has_started = true;
+        }
+
+        printf("\n");
+    }
+
+    if (cert->subject_alt_name_present)
+    {
+        printf("Subject Alt Name:\t\t%s", cert->subject_alt_name_is_critical 
+                ?  "critical, " : "");
+        if (cert->subject_alt_dnsnames)
+        {
+            int i = 0;
+
+            while (cert->subject_alt_dnsnames[i])
+                printf("%s ", cert->subject_alt_dnsnames[i++]);
+        }
+        printf("\n");
+
+    }
+
+    printf("=== CERTIFICATE ISSUED BY ===\n");
+    printf("Common Name (CN):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
+                    cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
+
+    printf("Organization (O):\t\t");
+    printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
+        cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
+
+    if (cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]) 
+    {
+        printf("Organizational Unit (OU):\t");
+        printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT]);
+    }
+
+    if (cert->ca_cert_dn[X509_LOCATION]) 
+    {
+        printf("Location (L):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_LOCATION]);
+    }
+
+    if (cert->ca_cert_dn[X509_COUNTRY]) 
+    {
+        printf("Country (C):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_COUNTRY]);
+    }
+
+    if (cert->ca_cert_dn[X509_STATE]) 
+    {
+        printf("State (ST):\t\t\t");
+        printf("%s\n", cert->ca_cert_dn[X509_STATE]);
+    }
+
+    printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
+    printf("Not After:\t\t\t%s", ctime(&cert->not_after));
+    printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
+    printf("Sig Type:\t\t\t");
+    switch (cert->sig_type)
+    {
+        case SIG_TYPE_MD5:
+            printf("MD5\n");
+            break;
+        case SIG_TYPE_SHA1:
+            printf("SHA1\n");
+            break;
+        case SIG_TYPE_SHA256:
+            printf("SHA256\n");
+            break;
+        case SIG_TYPE_SHA384:
+            printf("SHA384\n");
+            break;
+        case SIG_TYPE_SHA512:
+            printf("SHA512\n");
+            break;
+        default:
+            printf("Unrecognized: %d\n", cert->sig_type);
+            break;
+    }
+
+    if (ca_cert_ctx)
+    {
+        int pathLenConstraint = 0;
+        char buff[64];
+        printf("Verify:\t\t\t\t%s\n",
+                x509_display_error(x509_verify(ca_cert_ctx, cert,
+                        &pathLenConstraint), buff));
+    }
+
+#if 0
+    print_blob("Signature", cert->signature, cert->sig_len);
+    bi_print("Modulus", cert->rsa_ctx->m);
+    bi_print("Pub Exp", cert->rsa_ctx->e);
+#endif
+
+    if (ca_cert_ctx)
+    {
+        x509_print(cert->next, ca_cert_ctx);
+    }
+
+    TTY_FLUSH();
+}
+
+const char * x509_display_error(int error, char *buff)
+{
+    switch (error)
+    {
+        case X509_OK:
+            strcpy_P(buff, "Certificate verify successful");
+            return buff;
+
+        case X509_NOT_OK:
+            strcpy_P(buff, "X509 not ok");
+            return buff;
+
+        case X509_VFY_ERROR_NO_TRUSTED_CERT:
+            strcpy_P(buff, "No trusted cert is available");
+            return buff;
+
+        case X509_VFY_ERROR_BAD_SIGNATURE:
+            strcpy_P(buff, "Bad signature");
+            return buff;
+
+        case X509_VFY_ERROR_NOT_YET_VALID:
+            strcpy_P(buff, "Cert is not yet valid");
+            return buff;
+
+        case X509_VFY_ERROR_EXPIRED:
+            strcpy_P(buff, "Cert has expired");
+            return buff;
+
+        case X509_VFY_ERROR_SELF_SIGNED:
+            strcpy_P(buff, "Cert is self-signed");
+            return buff;
+
+        case X509_VFY_ERROR_INVALID_CHAIN:
+            strcpy_P(buff, "Chain is invalid (check order of certs)");
+            return buff;
+
+        case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
+            strcpy_P(buff, "Unsupported digest");
+            return buff;
+
+        case X509_INVALID_PRIV_KEY:
+            strcpy_P(buff, "Invalid private key");
+            return buff;
+
+        case X509_VFY_ERROR_BASIC_CONSTRAINT:
+            strcpy_P(buff, "Basic constraint invalid");
+            return buff;
+
+        default:
+            strcpy_P(buff, "Unknown");
+            return buff;
+    }
+}
+#endif      /* CONFIG_SSL_FULL_MODE */
+
diff --git a/tools/make_certs.sh b/tools/make_certs.sh
new file mode 100644
index 0000000000..fc6cc90ae8
--- /dev/null
+++ b/tools/make_certs.sh
@@ -0,0 +1,256 @@
+#!/bin/sh
+#
+# Copyright (c) 2007-2016, Cameron Rich
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+# * Neither the name of the axTLS project nor the names of its
+#   contributors may be used to endorse or promote products derived
+#   from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
+# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+AXDIR=`pwd`/`dirname $0`
+CWD=`mktemp -d` && cd $dir
+cd $CWD 
+
+#
+# Generate the certificates and keys for testing.
+#
+
+PROJECT_NAME="axTLS Project"
+
+# Generate the openssl configuration files.
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_ca
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Dodgy Certificate Authority
+
+[ v3_ca ]
+basicConstraints        = critical, CA:true
+keyUsage                = critical, cRLSign, keyCertSign, digitalSignature
+EOF
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_usr_cert
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME
+ CN                     = localhost
+
+[ v3_usr_cert ]
+basicConstraints        = critical, CA:false
+keyUsage                = critical, nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName          = @alt_names
+ 
+[alt_names]
+DNS.1 = www.example.net
+DNS.2 = www.example.org
+EOF
+
+cat > device_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Device Certificate
+EOF
+
+cat > intermediate_ca.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+req_extensions         = v3_intermediate_ca
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate CA
+
+[ v3_intermediate_ca ]
+basicConstraints        = critical, CA:true, pathlen:0
+keyUsage                = cRLSign, keyCertSign, digitalSignature
+EOF
+
+cat > intermediate_ca2.conf << EOF  
+[ req ]
+distinguished_name      = req_distinguished_name
+prompt                  = no
+req_extensions          = v3_intermediate_ca2
+
+[ req_distinguished_name ]
+ O                      = $PROJECT_NAME Intermediate 2 CA
+
+[ v3_intermediate_ca2 ]
+basicConstraints        = critical, CA:true, pathlen:10
+keyUsage                = encipherOnly, keyCertSign, decipherOnly
+EOF
+
+# private key generation
+openssl genrsa -out axTLS.ca_key.pem 2048
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl genrsa -out axTLS.key_2048.pem 2048
+openssl genrsa -out axTLS.key_4096.pem 4096
+openssl genrsa -out axTLS.key_device.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca.pem 2048
+openssl genrsa -out axTLS.key_intermediate_ca2.pem 2048
+openssl genrsa -out axTLS.key_end_chain.pem 2048
+openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 1024
+openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 1024
+
+# convert private keys into DER format
+openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER
+openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER
+openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER
+
+# cert requests
+openssl req -out axTLS.ca_x509.csr -key axTLS.ca_key.pem -new \
+            -config ./ca_cert.conf 
+openssl req -out axTLS.x509_1024.csr -key axTLS.key_1024.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_2048.csr -key axTLS.key_2048.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_4096.csr -key axTLS.key_4096.pem -new \
+            -config ./certs.conf 
+openssl req -out axTLS.x509_device.csr -key axTLS.key_device.pem -new \
+            -config ./device_cert.conf
+openssl req -out axTLS.x509_intermediate_ca.csr \
+            -key axTLS.key_intermediate_ca.pem -new \
+            -config ./intermediate_ca.conf
+openssl req -out axTLS.x509_intermediate_ca2.csr \
+            -key axTLS.key_intermediate_ca2.pem -new \
+            -config ./intermediate_ca2.conf
+openssl req -out axTLS.x509_end_chain.csr -key axTLS.key_end_chain.pem -new \
+            -config ./certs.conf
+openssl req -out axTLS.x509_aes128.csr -key axTLS.key_aes128.pem \
+            -new -config ./certs.conf -passin pass:abcd
+openssl req -out axTLS.x509_aes256.csr -key axTLS.key_aes256.pem \
+            -new -config ./certs.conf -passin pass:abcd
+
+# generate the actual certs.
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509.pem \
+            -sha1 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.ca_x509.csr -out axTLS.ca_x509_sha256.pem \
+            -sha256 -days 5000 -signkey axTLS.ca_key.pem \
+            -CAkey axTLS.ca_key.pem -extfile ./ca_cert.conf -extensions v3_ca
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha256.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha384.pem \
+            -sha384 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_1024_sha512.pem \
+            -sha512 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509_sha256.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_2048.csr -out axTLS.x509_2048.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_4096.csr -out axTLS.x509_4096.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_device.csr -out axTLS.x509_device.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_1024.pem -CAkey axTLS.key_1024.pem
+openssl x509 -req -in axTLS.x509_intermediate_ca.csr -out axTLS.x509_intermediate_ca.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem \
+            -extfile ./intermediate_ca.conf -extensions v3_intermediate_ca
+openssl x509 -req -in axTLS.x509_intermediate_ca2.csr -out axTLS.x509_intermediate_ca2.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./intermediate_ca2.conf -extensions v3_intermediate_ca2
+openssl x509 -req -in axTLS.x509_end_chain.csr -out axTLS.x509_end_chain.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca.pem \
+            -CAkey axTLS.key_intermediate_ca.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+# basic constraint path len failure
+openssl x509 -req -in axTLS.x509_end_chain.csr \
+            -out axTLS.x509_end_chain_bad.pem \
+            -sha256 -CAcreateserial -days 5000 \
+            -CA axTLS.x509_intermediate_ca2.pem \
+            -CAkey axTLS.key_intermediate_ca2.pem \
+            -extfile ./certs.conf -extensions v3_usr_cert 
+cat axTLS.x509_intermediate_ca.pem >> axTLS.x509_intermediate_ca2.pem 
+openssl x509 -req -in axTLS.x509_aes128.csr \
+            -out axTLS.x509_aes128.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+openssl x509 -req -in axTLS.x509_aes256.csr \
+            -out axTLS.x509_aes256.pem \
+            -sha1 -CAcreateserial -days 5000 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# note: must be root to do this
+DATE_NOW=`date`
+if date -s "Jan 1 2025"; then
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_before.pem \
+            -sha1 -CAcreateserial -days 365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+date -s "$DATE_NOW"
+touch axTLS.x509_bad_before.pem
+fi
+openssl x509 -req -in axTLS.x509_1024.csr -out axTLS.x509_bad_after.pem \
+            -sha1 -CAcreateserial -days -365 \
+            -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem
+
+# some cleanup
+rm axTLS*.csr
+rm *.srl
+rm *.conf
+
+# need this for the client tests
+openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer 
+openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer
+openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer
+openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer
+
+# generate pkcs8 files (use RC4-128 for encryption)
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8
+openssl pkcs8 -in axTLS.key_1024.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8
+
+# generate pkcs12 files (use RC4-128 for encryption)
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd
+openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd
+
+# PEM certificate chain
+cat axTLS.ca_x509.pem >> axTLS.x509_device.pem
+
+# set default key/cert for use in the server
+xxd -i axTLS.x509_1024.cer | sed -e \
+        "s/axTLS_x509_1024_cer/default_certificate/" > $AXDIR/../ssl/cert.h
+xxd -i axTLS.key_1024 | sed -e \
+        "s/axTLS_key_1024/default_private_key/" > $AXDIR/../ssl/private_key.h
diff --git a/util/time.h b/util/time.h
new file mode 100644
index 0000000000..78e37b1d39
--- /dev/null
+++ b/util/time.h
@@ -0,0 +1,11 @@
+#ifndef TIME_H
+#define TIME_H
+
+struct timeval
+{
+  time_t tv_sec;
+  long   tv_usec;
+};
+
+
+#endif //TIME_H
diff --git a/www/index.html b/www/index.html
new file mode 100755
index 0000000000..2b1d8b3eb6
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,7103 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<script type="text/javascript">
+//<![CDATA[
+var version = {major: 2, minor: 1, revision: 3, date: new Date("Nov 3, 2006"), extensions: {}};
+//]]>
+</script>
+<!--
+TiddlyWiki 2.1.3 by Jeremy Ruston, (jeremy [at] osmosoft [dot] com)
+
+Copyright (c) Osmosoft Limited 2004-2006
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or other
+materials provided with the distribution.
+
+Neither the name of the Osmosoft Limited nor the names of its contributors may be
+used to endorse or promote products derived from this software without specific
+prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGE.
+-->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
+<!--PRE-HEAD-START-->
+<!--{{{-->
+<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
+<!--}}}-->
+<!--PRE-HEAD-END-->
+<title> axTLS Embedded SSL - changes, notes and errata </title>
+<script type="text/javascript">
+//<![CDATA[
+// ---------------------------------------------------------------------------------
+// Configuration repository
+// ---------------------------------------------------------------------------------
+
+// Miscellaneous options
+var config = {
+    numRssItems: 20, // Number of items in the RSS feed
+    animFast: 0.12, // Speed for animations (lower == slower)
+    animSlow: 0.01, // Speed for EasterEgg animations
+    cascadeFast: 20, // Speed for cascade animations (higher == slower)
+    cascadeSlow: 60, // Speed for EasterEgg cascade animations
+    cascadeDepth: 5, // Depth of cascade animation
+    displayStartupTime: false // Whether to display startup time
+    };
+
+// Messages
+config.messages = {
+    messageClose: {},
+    dates: {}
+};
+
+// Options that can be set in the options panel and/or cookies
+config.options = {
+    chkRegExpSearch: false,
+    chkCaseSensitiveSearch: false,
+    chkAnimate: true,
+    chkSaveBackups: true,
+    chkAutoSave: false,
+    chkGenerateAnRssFeed: false,
+    chkSaveEmptyTemplate: false,
+    chkOpenInNewWindow: true,
+    chkToggleLinks: false,
+    chkHttpReadOnly: true,
+    chkForceMinorUpdate: false,
+    chkConfirmDelete: true,
+    chkInsertTabs: false,
+    txtBackupFolder: "",
+    txtMainTab: "tabTimeline",
+    txtMoreTab: "moreTabAll",
+    txtMaxEditRows: "30"
+    };
+
+// List of notification functions to be called when certain tiddlers are changed or deleted
+config.notifyTiddlers = [
+    {name: "StyleSheetLayout", notify: refreshStyles},
+    {name: "StyleSheetColors", notify: refreshStyles},
+    {name: "StyleSheet", notify: refreshStyles},
+    {name: "StyleSheetPrint", notify: refreshStyles},
+    {name: "PageTemplate", notify: refreshPageTemplate},
+    {name: "SiteTitle", notify: refreshPageTitle},
+    {name: "SiteSubtitle", notify: refreshPageTitle},
+    {name: "ColorPalette", notify: refreshColorPalette},
+    {name: null, notify: refreshDisplay}
+    ];
+
+// Default tiddler templates
+var DEFAULT_VIEW_TEMPLATE = 1;
+var DEFAULT_EDIT_TEMPLATE = 2;
+config.tiddlerTemplates = {
+    1: "ViewTemplate",
+    2: "EditTemplate"
+    };
+
+// More messages (rather a legacy layout that shouldn't really be like this)
+config.views = {
+    wikified: {
+        tag: {}
+        },
+    editor: {
+        tagChooser: {}
+        }
+    };
+
+// Macros; each has a 'handler' member that is inserted later
+config.macros = {
+    today: {},
+    version: {},
+    search: {sizeTextbox: 15},
+    tiddler: {},
+    tag: {},
+    tags: {},
+    tagging: {},
+    timeline: {},
+    allTags: {},
+    list: {
+        all: {},
+        missing: {},
+        orphans: {},
+        shadowed: {}
+        },
+    closeAll: {},
+    permaview: {},
+    saveChanges: {},
+    slider: {},
+    option: {},
+    newTiddler: {},
+    newJournal: {},
+    sparkline: {},
+    tabs: {},
+    gradient: {},
+    message: {},
+    view: {},
+    edit: {},
+    tagChooser: {},
+    toolbar: {},
+    br: {},
+    plugins: {},
+    refreshDisplay: {},
+    importTiddlers: {}
+    };
+
+// Commands supported by the toolbar macro
+config.commands = {
+    closeTiddler: {},
+    closeOthers: {},
+    editTiddler: {},
+    saveTiddler: {hideReadOnly: true},
+    cancelTiddler: {},
+    deleteTiddler: {hideReadOnly: true},
+    permalink: {},
+    references: {},
+    jump: {}
+    };
+
+// Browser detection... In a very few places, there's nothing else for it but to
+// know what browser we're using.
+config.userAgent = navigator.userAgent.toLowerCase();
+config.browser = {
+    isIE: config.userAgent.indexOf("msie") != -1 && config.userAgent.indexOf("opera") == -1,
+    ieVersion: /MSIE (\d.\d)/i.exec(config.userAgent), // config.browser.ieVersion[1], if it exists, will be the IE version string, eg "6.0"
+    isSafari: config.userAgent.indexOf("applewebkit") != -1,
+    isBadSafari: !((new RegExp("[\u0150\u0170]","g")).test("\u0150")),
+    firefoxDate: /Gecko\/(\d{8})/i.exec(config.userAgent), // config.browser.firefoxDate[1], if it exists, will be Firefox release date as "YYYYMMDD"
+    isOpera: config.userAgent.indexOf("opera") != -1,
+    isLinux: config.userAgent.indexOf("linux") != -1,
+    isUnix: config.userAgent.indexOf("x11") != -1,
+    isMac: config.userAgent.indexOf("mac") != -1,
+    isWindows: config.userAgent.indexOf("win") != -1
+    };
+
+// Basic regular expressions
+config.textPrimitives = {
+    upperLetter: "[A-Z\u00c0-\u00de\u0150\u0170]",
+    lowerLetter: "[a-z0-9_\\-\u00df-\u00ff\u0151\u0171]",
+    anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]",
+    anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff\u0150\u0170\u0151\u0171]"
+    };
+if(config.browser.isBadSafari)
+    config.textPrimitives = {
+        upperLetter: "[A-Z\u00c0-\u00de]",
+        lowerLetter: "[a-z0-9_\\-\u00df-\u00ff]",
+        anyLetter:   "[A-Za-z0-9_\\-\u00c0-\u00de\u00df-\u00ff]",
+        anyLetterStrict: "[A-Za-z0-9\u00c0-\u00de\u00df-\u00ff]"
+        }
+config.textPrimitives.sliceSeparator = "::";
+config.textPrimitives.urlPattern = "[a-z]{3,8}:[^\\s:'\"][^\\s'\"]*(?:/|\\b)";
+config.textPrimitives.unWikiLink = "~";
+config.textPrimitives.wikiLink = "(?:(?:" + config.textPrimitives.upperLetter + "+" +
+                                                config.textPrimitives.lowerLetter + "+" +
+                                                config.textPrimitives.upperLetter +
+                                                config.textPrimitives.anyLetter + "*)|(?:" +
+                                                config.textPrimitives.upperLetter + "{2,}" +
+                                                config.textPrimitives.lowerLetter + "+))";
+
+config.textPrimitives.cssLookahead = "(?:(" + config.textPrimitives.anyLetter + "+)\\(([^\\)\\|\\n]+)(?:\\):))|(?:(" + config.textPrimitives.anyLetter + "+):([^;\\|\\n]+);)";
+config.textPrimitives.cssLookaheadRegExp = new RegExp(config.textPrimitives.cssLookahead,"mg");
+
+config.textPrimitives.brackettedLink = "\\[\\[([^\\]]+)\\]\\]";
+config.textPrimitives.titledBrackettedLink = "\\[\\[([^\\[\\]\\|]+)\\|([^\\[\\]\\|]+)\\]\\]";
+config.textPrimitives.tiddlerForcedLinkRegExp = new RegExp("(?:" + config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+config.textPrimitives.tiddlerAnyLinkRegExp = new RegExp("("+ config.textPrimitives.wikiLink + ")|(?:" +
+    config.textPrimitives.titledBrackettedLink + ")|(?:" +
+    config.textPrimitives.brackettedLink + ")|(?:" +
+    config.textPrimitives.urlPattern + ")","mg");
+
+// ---------------------------------------------------------------------------------
+// Shadow tiddlers
+// ---------------------------------------------------------------------------------
+
+config.shadowTiddlers = {
+    ColorPalette: "Background: #fff\n" +
+                  "Foreground: #000\n" +
+                  "PrimaryPale: #8cf\n" +
+                  "PrimaryLight: #18f\n" +
+                  "PrimaryMid: #04b\n" +
+                  "PrimaryDark: #014\n" +
+                  "SecondaryPale: #ffc\n" +
+                  "SecondaryLight: #fe8\n" +
+                  "SecondaryMid: #db4\n" +
+                  "SecondaryDark: #841\n" +
+                  "TertiaryPale: #eee\n" +
+                  "TertiaryLight: #ccc\n" +
+                  "TertiaryMid: #999\n" +
+                  "TertiaryDark: #666\n" +
+                  "Error: #f88\n",
+    StyleSheet: "",
+    StyleSheetColors: "/*{{{*/\nbody {\n    background: [[ColorPalette::Background]];\n color: [[ColorPalette::Foreground]];\n}\n\na{\n color: [[ColorPalette::PrimaryMid]];\n}\n\na:hover{\n   background: [[ColorPalette::PrimaryMid]];\n color: [[ColorPalette::Background]];\n}\n\na img{\n border: 0;\n}\n\nh1,h2,h3,h4,h5 {\n color: [[ColorPalette::SecondaryDark]];\n   background: [[ColorPalette::PrimaryPale]];\n}\n\n.button {\n    color: [[ColorPalette::PrimaryDark]];\n border: 1px solid [[ColorPalette::Background]];\n}\n\n.button:hover {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::SecondaryLight]];\n border-color: [[ColorPalette::SecondaryMid]];\n}\n\n.button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n}\n\n.header {\n    background: [[ColorPalette::PrimaryMid]];\n}\n\n.headerShadow {\n   color: [[ColorPalette::Foreground]];\n}\n\n.headerShadow a {\n  font-weight: normal;\n  color: [[ColorPalette::Foreground]];\n}\n\n.headerForeground {\n    color: [[ColorPalette::Background]];\n}\n\n.headerForeground a {\n  font-weight: normal;\n  color: [[ColorPalette::PrimaryPale]];\n}\n\n.tabSelected{\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border-left: 1px solid [[ColorPalette::TertiaryLight]];\n   border-top: 1px solid [[ColorPalette::TertiaryLight]];\n    border-right: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabUnselected {\n   color: [[ColorPalette::Background]];\n  background: [[ColorPalette::TertiaryMid]];\n}\n\n.tabContents {\n   color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::TertiaryPale]];\n   border: 1px solid [[ColorPalette::TertiaryLight]];\n}\n\n.tabContents .button {\n    border: 0;}\n\n#sidebar {\n}\n\n#sidebarOptions input {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel {\n  background: [[ColorPalette::PrimaryPale]];\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n}\n\n#sidebarOptions .sliderPanel a:active {\n   color: [[ColorPalette::PrimaryMid]];\n  background: [[ColorPalette::Background]];\n}\n\n.wizard {\n background: [[ColorPalette::SecondaryLight]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard h1 {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.wizard h2 {\n    color: [[ColorPalette::Foreground]];\n}\n\n.wizardStep {\n  background: [[ColorPalette::Background]];\n border-top: 1px solid [[ColorPalette::SecondaryMid]];\n border-bottom: 1px solid [[ColorPalette::SecondaryMid]];\n  border-left: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.wizard .button {\n    color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:hover {\n  color: [[ColorPalette::PrimaryLight]];\n    background: [[ColorPalette::PrimaryDark]];\n    border-color: [[ColorPalette::PrimaryLight]];\n}\n\n.wizard .button:active {\n  color: [[ColorPalette::Background]];\n  background: [[ColorPalette::PrimaryMid]];\n border-top: 1px solid [[ColorPalette::PrimaryLight]];\n border-right: 1px solid [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n   border-left: 1px solid [[ColorPalette::PrimaryLight]];\n}\n\n#messageArea {\n   border: 1px solid [[ColorPalette::SecondaryDark]];\n    background: [[ColorPalette::SecondaryMid]];\n   color: [[ColorPalette::PrimaryDark]];\n}\n\n#messageArea .button {\n    padding: 0.2em 0.2em 0.2em 0.2em;\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::Background]];\n}\n\n.popup {\n  background: [[ColorPalette::PrimaryLight]];\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.popup hr {\n color: [[ColorPalette::PrimaryDark]];\n background: [[ColorPalette::PrimaryDark]];\n    border-bottom: 1px;\n}\n\n.listBreak div{\n border-bottom: 1px solid [[ColorPalette::PrimaryDark]];\n}\n\n.popup li.disabled {\n    color: [[ColorPalette::PrimaryMid]];\n}\n\n.popup li a, .popup li a:visited {\n color: [[ColorPalette::TertiaryPale]];\n    border: none;\n}\n\n.popup li a:hover {\n   background: [[ColorPalette::PrimaryDark]];\n    color: [[ColorPalette::Background]];\n  border: none;\n}\n\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.title {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.subtitle {\n color: [[ColorPalette::TertiaryDark]];\n}\n\n.toolbar {\n   color: [[ColorPalette::PrimaryMid]];\n}\n\n.tagging, .tagged {\n    border: 1px solid [[ColorPalette::TertiaryPale]];\n background-color: [[ColorPalette::TertiaryPale]];\n}\n\n.selected .tagging, .selected .tagged {\n   background-color: [[ColorPalette::TertiaryLight]];\n    border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.tagging .listTitle, .tagged .listTitle {\n  color: [[ColorPalette::PrimaryDark]];\n}\n\n.tagging .button, .tagged .button {\n       border: none;\n}\n\n.footer {\n color: [[ColorPalette::TertiaryLight]];\n}\n\n.selected .footer {\n color: [[ColorPalette::TertiaryMid]];\n}\n\n.sparkline {\n  background: [[ColorPalette::PrimaryPale]];\n    border: 0;\n}\n\n.sparktick {\n background: [[ColorPalette::PrimaryDark]];\n}\n\n.error, .errorButton {\n   color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::Error]];\n}\n\n.warning {\n color: [[ColorPalette::Foreground]];\n  background: [[ColorPalette::SecondaryPale]];\n}\n\n.cascade {\n background: [[ColorPalette::TertiaryPale]];\n   color: [[ColorPalette::TertiaryMid]];\n border: 1px solid [[ColorPalette::TertiaryMid]];\n}\n\n.imageLink, #displayArea .imageLink {\n  background: transparent;\n}\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n    border: 1px solid [[ColorPalette::SecondaryMid]];\n}\n\n.viewer blockquote {\n  border-left: 3px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer table {\n  border: 2px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer th, thead td {\n    background: [[ColorPalette::SecondaryMid]];\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n color: [[ColorPalette::Background]];\n}\n\n.viewer td, .viewer tr {\n   border: 1px solid [[ColorPalette::TertiaryDark]];\n}\n\n.viewer pre {\n border: 1px solid [[ColorPalette::SecondaryLight]];\n   background: [[ColorPalette::SecondaryPale]];\n}\n\n.viewer code {\n color: [[ColorPalette::SecondaryDark]];\n}\n\n.viewer hr {\n    border: 0;\n    border-top: dashed 1px [[ColorPalette::TertiaryDark]];\n    color: [[ColorPalette::TertiaryDark]];\n}\n\n.highlight, .marked {\n    background: [[ColorPalette::SecondaryLight]];\n}\n\n.editor input {\n   border: 1px solid [[ColorPalette::PrimaryMid]];\n}\n\n.editor textarea {\n  border: 1px solid [[ColorPalette::PrimaryMid]];\n   width: 100%;\n}\n\n.editorFooter {\n    color: [[ColorPalette::TertiaryMid]];\n}\n\n/*}}}*/",
+    StyleSheetLayout: "/*{{{*/\n* html .tiddler {\n    height: 1%;\n}\n\nbody {\n   font-size: .75em;\n font-family: arial,helvetica;\n margin: 0;\n    padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n    font-weight: bold;\n    text-decoration: none;\n    padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n  height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\ndt {font-weight: bold;}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n\n.txtOptionInput {\n width: 11em;\n}\n\n#contentWrapper .chkOptionInput {\n  border: 0;\n}\n\n.externalLink {\n  text-decoration: underline;\n}\n\n.indent {margin-left:3em;}\n.outdent {margin-left:3em; text-indent:-3em;}\ncode.escaped {white-space:nowrap;}\n\n.tiddlyLinkExisting {\n  font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n   font-weight: bold;\n}\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n#sidebarTabs .tiddlyLinkExisting {\n font-weight: bold;\n font-style: normal;\n}\n\n.header {\n        position: relative;\n}\n\n.header a:hover {\n   background: transparent;\n}\n\n.headerShadow {\n    position: relative;\n   padding: 4.5em 0em 1em 1em;\n   left: -1px;\n   top: -1px;\n}\n\n.headerForeground {\n  position: absolute;\n   padding: 4.5em 0em 1em 1em;\n   left: 0px;\n    top: 0px;\n}\n\n.siteTitle {\n  font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n#mainMenu {\n   position: absolute;\n   left: 0;\n  width: 10em;\n  text-align: right;\n    line-height: 1.6em;\n   padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n#sidebar {\n    position: absolute;\n   right: 3px;\n   width: 16em;\n  font-size: .9em;\n}\n\n#sidebarOptions {\n  padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n    padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n   font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n  font-weight: bold;\n    display: inline;\n  padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n    margin: 0 0 .3em 0;\n}\n\n#sidebarTabs .tabContents {\n width: 15em;\n  overflow: hidden;\n}\n\n.wizard {\n padding: 0.1em 0em 0em 2em;\n}\n\n.wizard h1 {\n    font-size: 2em;\n   font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.4em 0em 0.2em 0em;\n}\n\n.wizard h2 {\n   font-size: 1.2em;\n font-weight: bold;\n    background: none;\n padding: 0em 0em 0em 0em;\n margin: 0.2em 0em 0.2em 0em;\n}\n\n.wizardStep {\n  padding: 1em 1em 1em 1em;\n}\n\n.wizard .button {\n margin: 0.5em 0em 0em 0em;\n    font-size: 1.2em;\n}\n\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n    text-decoration: underline;\n}\n\n.popup {\n    font-size: .9em;\n  padding: 0.2em;\n   list-style: none;\n margin: 0;\n}\n\n.popup hr {\n  display: block;\n   height: 1px;\n  width: auto;\n  padding: 0;\n   margin: 0.2em 0em;\n}\n\n.listBreak {\n font-size: 1px;\n   line-height: 1px;\n}\n\n.listBreak div {\n  margin: 2px 0;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n    display: block;\n   padding: 0.2em;\n}\n\n.tabset {\n   padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n  margin: 0em 0em 0em 0.25em;\n   padding: 2px;\n}\n\n.tabContents {\n    padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n  margin: 0;\n    padding: 0;\n}\n\n.txtMainTab .tabContents li {\n   list-style: none;\n}\n\n.tabContents li.listLink {\n     margin-left: .75em;\n}\n\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n    font-size: .9em;\n  visibility: hidden;\n}\n\n.selected .toolbar {\n    visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n    font-style: italic;\n}\n\n.title {\n    font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n  font-size: 1.1em;\n}\n\n.tiddler .button {\n    padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n  font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n\n* html .viewer pre {\n  width: 99%;\n   padding: 0 0 1em 0;\n}\n\n.viewer {\n   line-height: 1.4em;\n   padding-top: 0.5em;\n}\n\n.viewer .button {\n   margin: 0em 0.25em;\n   padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n   line-height: 1.5em;\n   padding-left: 0.8em;\n  margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n   padding-left: 1.5em;\n}\n\n.viewer table {\n    border-collapse: collapse;\n    margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n    padding: 3px;\n}\n\n.viewer table.listView {\n  font-size: 0.85em;\n    margin: 0.8em 1.0em;\n}\n\n.viewer table.listView th, .viewer table.listView td, .viewer table.listView tr {\n  padding: 0px 3px 0px 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n   margin-left: 0.5em;\n   font-size: 1.2em;\n line-height: 1.4em;\n   overflow: auto;\n}\n\n.viewer code {\n  font-size: 1.2em;\n line-height: 1.4em;\n}\n\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n    display: block;\n   width: 100%;\n  font: inherit;\n}\n\n.editorFooter {\n  padding: 0.25em 0em;\n  font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n  outline: 0;\n}\n\n.zoomer {\n   font-size: 1.1em;\n position: absolute;\n   padding: 1em;\n}\n\n.cascade {\n    font-size: 1.1em;\n position: absolute;\n   overflow: hidden;\n}\n/*}}}*/",
+    StyleSheetPrint: "/*{{{*/\n@media print {\n#mainMenu, #sidebar, #messageArea, .toolbar {display: none ! important;}\n#displayArea {margin: 1em 1em 0em 1em;}\n/* Fixes a feature in Firefox 1.5.0.2 where print preview displays the noscript content */\nnoscript {display:none;}\n}\n/*}}}*/",
+    PageTemplate: "<!--{{{-->\n<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>\n<div class='headerShadow'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n<div class='headerForeground'>\n<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;\n<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>\n</div>\n</div>\n<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>\n<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>\n</div>\n<div id='displayArea'>\n<div id='messageArea'></div>\n<div id='tiddlerDisplay'></div>\n</div>\n<!--}}}-->",
+    ViewTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar closeTiddler closeOthers +editTiddler permalink references jump'></div>\n<div class='title' macro='view title'></div>\n<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date [[DD MMM YYYY]]'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date [[DD MMM YYYY]]'></span>)</div>\n<div class='tagging' macro='tagging'></div>\n<div class='tagged' macro='tags'></div>\n<div class='viewer' macro='view text wikified'></div>\n<div class='tagClear'></div>\n<!--}}}-->",
+    EditTemplate: "<!--{{{-->\n<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>\n<!--}}}-->",
+    MarkupPreHead: "<!--{{{-->\n<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>\n<!--}}}-->",
+    MarkupPostHead: "",
+    MarkupPreBody: "",
+    MarkupPostBody: ""
+    };
+
+// ---------------------------------------------------------------------------------
+// Translateable strings
+// ---------------------------------------------------------------------------------
+
+// Strings in "double quotes" should be translated; strings in 'single quotes' should be left alone
+
+merge(config.options,{
+    txtUserName: "YourName"});
+
+merge(config.messages,{
+    customConfigError: "Problems were encountered loading plugins. See PluginManager for details",
+    pluginError: "Error: %0",
+    pluginDisabled: "Not executed because disabled via 'systemConfigDisable' tag",
+    pluginForced: "Executed because forced via 'systemConfigForce' tag",
+    pluginVersionError: "Not executed because this plugin needs a newer version of TiddlyWiki",
+    nothingSelected: "Nothing is selected. You must select one or more items first",
+    savedSnapshotError: "It appears that this TiddlyWiki has been incorrectly saved. Please see http://www.tiddlywiki.com/#DownloadSoftware for details",
+    subtitleUnknown: "(unknown)",
+    undefinedTiddlerToolTip: "The tiddler '%0' doesn't yet exist",
+    shadowedTiddlerToolTip: "The tiddler '%0' doesn't yet exist, but has a pre-defined shadow value",
+    tiddlerLinkTooltip: "%0 - %1, %2",
+    externalLinkTooltip: "External link to %0",
+    noTags: "There are no tagged tiddlers",
+    notFileUrlError: "You need to save this TiddlyWiki to a file before you can save changes",
+    cantSaveError: "It's not possible to save changes. This could be because your browser doesn't support saving (instead, use FireFox if you can), or because the pathname to your TiddlyWiki file contains illegal characters",
+    invalidFileError: "The original file '%0' does not appear to be a valid TiddlyWiki",
+    backupSaved: "Backup saved",
+    backupFailed: "Failed to save backup file",
+    rssSaved: "RSS feed saved",
+    rssFailed: "Failed to save RSS feed file",
+    emptySaved: "Empty template saved",
+    emptyFailed: "Failed to save empty template file",
+    mainSaved: "Main TiddlyWiki file saved",
+    mainFailed: "Failed to save main TiddlyWiki file. Your changes have not been saved",
+    macroError: "Error in macro <<%0>>",
+    macroErrorDetails: "Error while executing macro <<%0>>:\n%1",
+    missingMacro: "No such macro",
+    overwriteWarning: "A tiddler named '%0' already exists. Choose OK to overwrite it",
+    unsavedChangesWarning: "WARNING! There are unsaved changes in TiddlyWiki\n\nChoose OK to save\nChoose CANCEL to discard",
+    confirmExit: "--------------------------------\n\nThere are unsaved changes in TiddlyWiki. If you continue you will lose those changes\n\n--------------------------------",
+    saveInstructions: "SaveChanges",
+    unsupportedTWFormat: "Unsupported TiddlyWiki format '%0'",
+    tiddlerSaveError: "Error when saving tiddler '%0'",
+    tiddlerLoadError: "Error when loading tiddler '%0'",
+    wrongSaveFormat: "Cannot save with storage format '%0'. Using standard format for save.",
+    invalidFieldName: "Invalid field name %0",
+    fieldCannotBeChanged: "Field '%0' cannot be changed"});
+
+merge(config.messages.messageClose,{
+    text: "close",
+    tooltip: "close this message area"});
+
+config.messages.dates.months = ["January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November","December"];
+config.messages.dates.days = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+config.messages.dates.shortMonths = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"];
+config.messages.dates.shortDays = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+merge(config.views.wikified.tag,{
+    labelNoTags: "no tags",
+    labelTags: "tags: ",
+    openTag: "Open tag '%0'",
+    tooltip: "Show tiddlers tagged with '%0'",
+    openAllText: "Open all",
+    openAllTooltip: "Open all of these tiddlers",
+    popupNone: "No other tiddlers tagged with '%0'"});
+
+merge(config.views.wikified,{
+    defaultText: "The tiddler '%0' doesn't yet exist. Double-click to create it",
+    defaultModifier: "(missing)",
+    shadowModifier: "(built-in shadow tiddler)",
+    createdPrompt: "created"});
+
+merge(config.views.editor,{
+    tagPrompt: "Type tags separated with spaces, [[use double square brackets]] if necessary, or add existing",
+    defaultText: "Type the text for '%0'"});
+
+merge(config.views.editor.tagChooser,{
+    text: "tags",
+    tooltip: "Choose existing tags to add to this tiddler",
+    popupNone: "There are no tags defined",
+    tagTooltip: "Add the tag '%0'"});
+
+merge(config.macros.search,{
+    label: "search",
+    prompt: "Search this TiddlyWiki",
+    accessKey: "F",
+    successMsg: "%0 tiddlers found matching %1",
+    failureMsg: "No tiddlers found matching %0"});
+
+merge(config.macros.tagging,{
+    label: "tagging: ",
+    labelNotTag: "not tagging",
+    tooltip: "List of tiddlers tagged with '%0'"});
+
+merge(config.macros.timeline,{
+    dateFormat: "DD MMM YYYY"});
+
+merge(config.macros.allTags,{
+    tooltip: "Show tiddlers tagged with '%0'",
+    noTags: "There are no tagged tiddlers"});
+
+config.macros.list.all.prompt = "All tiddlers in alphabetical order";
+config.macros.list.missing.prompt = "Tiddlers that have links to them but are not defined";
+config.macros.list.orphans.prompt = "Tiddlers that are not linked to from any other tiddlers";
+config.macros.list.shadowed.prompt = "Tiddlers shadowed with default contents";
+
+merge(config.macros.closeAll,{
+    label: "close all",
+    prompt: "Close all displayed tiddlers (except any that are being edited)"});
+
+merge(config.macros.permaview,{
+    label: "permaview",
+    prompt: "Link to an URL that retrieves all the currently displayed tiddlers"});
+
+merge(config.macros.saveChanges,{
+    label: "save changes",
+    prompt: "Save all tiddlers to create a new TiddlyWiki",
+    accessKey: "S"});
+
+merge(config.macros.newTiddler,{
+    label: "new tiddler",
+    prompt: "Create a new tiddler",
+    title: "New Tiddler",
+    accessKey: "N"});
+
+merge(config.macros.newJournal,{
+    label: "new journal",
+    prompt: "Create a new tiddler from the current date and time",
+    accessKey: "J"});
+
+merge(config.macros.plugins,{
+    skippedText: "(This plugin has not been executed because it was added since startup)",
+    noPluginText: "There are no plugins installed",
+    confirmDeleteText: "Are you sure you want to delete these tiddlers:\n\n%0",
+    listViewTemplate : {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', tiddlerLink: 'title', title: "Title", type: 'TiddlerLink'},
+            {name: 'Forced', field: 'forced', title: "Forced", tag: 'systemConfigForce', type: 'TagCheckbox'},
+            {name: 'Disabled', field: 'disabled', title: "Disabled", tag: 'systemConfigDisable', type: 'TagCheckbox'},
+            {name: 'Executed', field: 'executed', title: "Loaded", type: 'Boolean', trueText: "Yes", falseText: "No"},
+            {name: 'Error', field: 'error', title: "Status", type: 'Boolean', trueText: "Error", falseText: "OK"},
+            {name: 'Log', field: 'log', title: "Log", type: 'StringList'}
+            ],
+        rowClasses: [
+            {className: 'error', field: 'error'},
+            {className: 'warning', field: 'warning'}
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Remove systemConfig tag", name: 'remove'},
+            {caption: "Delete these tiddlers forever", name: 'delete'}
+            ]}
+    });
+
+merge(config.macros.refreshDisplay,{
+    label: "refresh",
+    prompt: "Redraw the entire TiddlyWiki display"
+    });
+
+merge(config.macros.importTiddlers,{
+    readOnlyWarning: "You cannot import tiddlers into a read-only TiddlyWiki. Try opening the TiddlyWiki file from a file:// URL",
+    defaultPath: "http://www.tiddlywiki.com/index.html",
+    fetchLabel: "fetch",
+    fetchPrompt: "Fetch the tiddlywiki file",
+    fetchError: "There were problems fetching the tiddlywiki file",
+    confirmOverwriteText: "Are you sure you want to overwrite these tiddlers:\n\n%0",
+    wizardTitle: "Import tiddlers from another TiddlyWiki file",
+    step1: "Step 1: Locate the TiddlyWiki file",
+    step1prompt: "Enter the URL or pathname here: ",
+    step1promptFile: "...or browse for a file: ",
+    step1promptFeeds: "...or select a pre-defined feed: ",
+    step1feedPrompt: "Choose...",
+    step2: "Step 2: Loading TiddlyWiki file",
+    step2Text: "Please wait while the file is loaded from: %0",
+    step3: "Step 3: Choose the tiddlers to import",
+    step4: "%0 tiddler(s) imported",
+    step5: "Done",
+    listViewTemplate: {
+        columns: [
+            {name: 'Selected', field: 'Selected', rowName: 'title', type: 'Selector'},
+            {name: 'Title', field: 'title', title: "Title", type: 'String'},
+            {name: 'Snippet', field: 'text', title: "Snippet", type: 'String'},
+            {name: 'Tags', field: 'tags', title: "Tags", type: 'Tags'}
+            ],
+        rowClasses: [
+            ],
+        actions: [
+            {caption: "More actions...", name: ''},
+            {caption: "Import these tiddlers", name: 'import'}
+            ]}
+    });
+
+merge(config.commands.closeTiddler,{
+    text: "close",
+    tooltip: "Close this tiddler"});
+
+merge(config.commands.closeOthers,{
+    text: "close others",
+    tooltip: "Close all other tiddlers"});
+
+merge(config.commands.editTiddler,{
+    text: "edit",
+    tooltip: "Edit this tiddler",
+    readOnlyText: "view",
+    readOnlyTooltip: "View the source of this tiddler"});
+
+merge(config.commands.saveTiddler,{
+    text: "done",
+    tooltip: "Save changes to this tiddler"});
+
+merge(config.commands.cancelTiddler,{
+    text: "cancel",
+    tooltip: "Undo changes to this tiddler",
+    warning: "Are you sure you want to abandon your changes to '%0'?",
+    readOnlyText: "done",
+    readOnlyTooltip: "View this tiddler normally"});
+
+merge(config.commands.deleteTiddler,{
+    text: "delete",
+    tooltip: "Delete this tiddler",
+    warning: "Are you sure you want to delete '%0'?"});
+
+merge(config.commands.permalink,{
+    text: "permalink",
+    tooltip: "Permalink for this tiddler"});
+
+merge(config.commands.references,{
+    text: "references",
+    tooltip: "Show tiddlers that link to this one",
+    popupNone: "No references"});
+
+merge(config.commands.jump,{
+    text: "jump",
+    tooltip: "Jump to another open tiddler"});
+
+merge(config.shadowTiddlers,{
+    DefaultTiddlers: "GettingStarted",
+    MainMenu: "GettingStarted",
+    SiteTitle: "My TiddlyWiki",
+    SiteSubtitle: "a reusable non-linear personal web notebook",
+    SiteUrl: "http://www.tiddlywiki.com/",
+    GettingStarted: "To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:\n* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)\n* MainMenu: The menu (usually on the left)\n* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened\nYou'll also need to enter your username for signing your edits: <<option txtUserName>>",
+    SideBarOptions: "<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>",
+    OptionsPanel: "These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\n----\nAdvancedOptions\nPluginManager\nImportTiddlers",
+    AdvancedOptions: "<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n<<option chkInsertTabs>> Use tab key to insert tab characters instead of jumping to next field",
+    SideBarTabs: "<<tabs txtMainTab Timeline Timeline TabTimeline All 'All tiddlers' TabAll Tags 'All tags' TabTags More 'More lists' TabMore>>",
+    TabTimeline: "<<timeline>>",
+    TabAll: "<<list all>>",
+    TabTags: "<<allTags>>",
+    TabMore: "<<tabs txtMoreTab Missing 'Missing tiddlers' TabMoreMissing Orphans 'Orphaned tiddlers' TabMoreOrphans Shadowed 'Shadowed tiddlers' TabMoreShadowed>>",
+    TabMoreMissing: "<<list missing>>",
+    TabMoreOrphans: "<<list orphans>>",
+    TabMoreShadowed: "<<list shadowed>>",
+    PluginManager: "<<plugins>>",
+    ImportTiddlers: "<<importTiddlers>>"});
+
+// ---------------------------------------------------------------------------------
+// Main
+// ---------------------------------------------------------------------------------
+
+var params = null; // Command line parameters
+var store = null; // TiddlyWiki storage
+var story = null; // Main story
+var formatter = null; // Default formatters for the wikifier
+config.parsers = {}; // Hashmap of alternative parsers for the wikifier
+var anim = new Animator(); // Animation engine
+var readOnly = false; // Whether we're in readonly mode
+var highlightHack = null; // Embarrassing hack department...
+var hadConfirmExit = false; // Don't warn more than once
+var safeMode = false; // Disable all plugins and cookies
+var installedPlugins = []; // Information filled in when plugins are executed
+var startingUp = false; // Whether we're in the process of starting up
+var pluginInfo,tiddler; // Used to pass information to plugins in loadPlugins()
+
+// Whether to use the JavaSaver applet
+var useJavaSaver = config.browser.isSafari || config.browser.isOpera;
+
+// Starting up
+function main()
+{
+    var now, then = new Date();
+    startingUp = true;
+    window.onbeforeunload = function(e) {if(window.confirmExit) return confirmExit();};
+    params = getParameters();
+    if(params)
+        params = params.parseParams("open",null,false);
+    store = new TiddlyWiki();
+    invokeParamifier(params,"oninit");
+    story = new Story("tiddlerDisplay","tiddler");
+    addEvent(document,"click",Popup.onDocumentClick);
+    saveTest();
+    loadOptionsCookie();
+    for(var s=0; s<config.notifyTiddlers.length; s++)
+        store.addNotification(config.notifyTiddlers[s].name,config.notifyTiddlers[s].notify);
+    store.loadFromDiv("storeArea","store",true);
+    invokeParamifier(params,"onload");
+    var pluginProblem = loadPlugins();
+    formatter = new Formatter(config.formatters);
+    readOnly = (window.location.protocol == "file:") ? false : config.options.chkHttpReadOnly;
+    invokeParamifier(params,"onconfig");
+    store.notifyAll();
+    restart();
+    if(pluginProblem)
+        {
+        story.displayTiddler(null,"PluginManager");
+        displayMessage(config.messages.customConfigError);
+        }
+    now = new Date();
+    if(config.displayStartupTime)
+        displayMessage("TiddlyWiki startup in " + (now-then)/1000 + " seconds");
+    startingUp = false;
+}
+
+// Restarting
+function restart()
+{
+    invokeParamifier(params,"onstart");
+    if(story.isEmpty())
+        {
+        var defaultParams = store.getTiddlerText("DefaultTiddlers").parseParams("open",null,false);
+        invokeParamifier(defaultParams,"onstart");
+        }
+    window.scrollTo(0,0);
+}
+
+function saveTest()
+{
+    var saveTest = document.getElementById("saveTest");
+    if(saveTest.hasChildNodes())
+        alert(config.messages.savedSnapshotError);
+    saveTest.appendChild(document.createTextNode("savetest"));
+}
+
+function loadPlugins()
+{
+    if(safeMode)
+        return false;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    installedPlugins = [];
+    var hadProblem = false;
+    for(var t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        pluginInfo = getPluginInfo(tiddler);
+        if(isPluginExecutable(pluginInfo))
+            {
+            pluginInfo.executed = true;
+            pluginInfo.error = false;
+            try
+                {
+                if(tiddler.text && tiddler.text != "")
+                    window.eval(tiddler.text);
+                }
+            catch(e)
+                {
+                pluginInfo.log.push(config.messages.pluginError.format([exceptionText(e)]));
+                pluginInfo.error = true;
+                hadProblem = true;
+                }
+            }
+        else
+            pluginInfo.warning = true;
+        installedPlugins.push(pluginInfo);
+        }
+    return hadProblem;
+}
+
+function getPluginInfo(tiddler)
+{
+    var p = store.getTiddlerSlices(tiddler.title,["Name","Description","Version","CoreVersion","Date","Source","Author","License","Browsers"]);
+    p.tiddler = tiddler;
+    p.title = tiddler.title;
+    p.log = [];
+    return p;
+}
+
+// Check that a particular plugin is valid for execution
+function isPluginExecutable(plugin)
+{
+    if(plugin.tiddler.isTagged("systemConfigDisable"))
+        return verifyTail(plugin,false,config.messages.pluginDisabled);
+    if(plugin.tiddler.isTagged("systemConfigForce"))
+        return verifyTail(plugin,true,config.messages.pluginForced);
+    if(plugin["CoreVersion"])
+        {
+        var coreVersion = plugin["CoreVersion"].split(".");
+        var w = parseInt(coreVersion[0]) - version.major;
+        if(w == 0 && coreVersion[1])
+            w = parseInt(coreVersion[1]) - version.minor;
+        if(w == 0 && coreVersion[2])
+            w = parseInt(coreVersion[2]) - version.revision;
+        if(w > 0)
+            return verifyTail(plugin,false,config.messages.pluginVersionError);
+        }
+    return true;
+}
+
+function verifyTail(plugin,result,message)
+{
+    plugin.log.push(message);
+    return result;
+}
+
+function invokeMacro(place,macro,params,wikifier,tiddler)
+{
+    try
+        {
+        var m = config.macros[macro];
+        if(m && m.handler)
+            m.handler(place,macro,params.readMacroParams(),wikifier,params,tiddler);
+        else
+            createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,config.messages.missingMacro]));
+        }
+    catch(ex)
+        {
+        createTiddlyError(place,config.messages.macroError.format([macro]),config.messages.macroErrorDetails.format([macro,ex.toString()]));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Paramifiers
+// ---------------------------------------------------------------------------------
+
+function getParameters()
+{
+    var p = null;
+    if(window.location.hash)
+        {
+        p = decodeURI(window.location.hash.substr(1));
+        if(config.browser.firefoxDate != null && config.browser.firefoxDate[1] < "20051111")
+            p = convertUTF8ToUnicode(p);
+        }
+    return p;
+}
+
+function invokeParamifier(params,handler)
+{
+    if(!params || params.length == undefined || params.length <= 1)
+        return;
+    for(var t=1; t<params.length; t++)
+        {
+        var p = config.paramifiers[params[t].name];
+        if(p && p[handler] instanceof Function)
+            p[handler](params[t].value);
+        }
+}
+
+config.paramifiers = {};
+
+config.paramifiers.start = {
+    oninit: function(v) {
+        safeMode = v.toLowerCase() == "safe";
+        }
+};
+
+config.paramifiers.open = {
+    onstart: function(v) {
+        story.displayTiddler("bottom",v,null,false,false);
+        }
+};
+
+config.paramifiers.story = {
+    onstart: function(v) {
+        var list = store.getTiddlerText(v,"").parseParams("open",null,false);
+        invokeParamifier(list,"onstart");
+        }
+};
+
+config.paramifiers.search = {
+    onstart: function(v) {
+        story.search(v,false,false);
+        }
+};
+
+config.paramifiers.searchRegExp = {
+    onstart: function(v) {
+        story.prototype.search(v,false,true);
+        }
+};
+
+config.paramifiers.tag = {
+    onstart: function(v) {
+        var tagged = store.getTaggedTiddlers(v,"title");
+        for(var t=0; t<tagged.length; t++)
+            story.displayTiddler("bottom",tagged[t].title,null,false,false);
+        }
+};
+
+config.paramifiers.newTiddler = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            story.displayTiddler(null,v,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(v,"text");
+            }
+        }
+};
+
+config.paramifiers.newJournal = {
+    onstart: function(v) {
+        if(!readOnly)
+            {
+            var now = new Date();
+            var title = now.formatString(v.trim());
+            story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+            story.focusTiddler(title,"text");
+            }
+        }
+};
+
+// ---------------------------------------------------------------------------------
+// Formatter helpers
+// ---------------------------------------------------------------------------------
+
+function Formatter(formatters)
+{
+    this.formatters = [];
+    var pattern = [];
+    for(var n=0; n<formatters.length; n++)
+        {
+        pattern.push("(" + formatters[n].match + ")");
+        this.formatters.push(formatters[n]);
+        }
+    this.formatterRegExp = new RegExp(pattern.join("|"),"mg");
+}
+
+config.formatterHelpers = {
+
+    createElementAndWikify: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,this.element),this.termRegExp);
+    },
+
+    inlineCssHelper: function(w)
+    {
+        var styles = [];
+        config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var s,v;
+            if(lookaheadMatch[1])
+                {
+                s = lookaheadMatch[1].unDash();
+                v = lookaheadMatch[2];
+                }
+            else
+                {
+                s = lookaheadMatch[3].unDash();
+                v = lookaheadMatch[4];
+                }
+            if (s=="bgcolor")
+                s = "backgroundColor";
+            styles.push({style: s, value: v});
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            config.textPrimitives.cssLookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = config.textPrimitives.cssLookaheadRegExp.exec(w.source);
+            }
+        return styles;
+    },
+
+    applyCssHelper: function(e,styles)
+    {
+        for(var t=0; t< styles.length; t++)
+            {
+            try
+                {
+                e.style[styles[t].style] = styles[t].value;
+                }
+            catch (ex)
+                {
+                }
+            }
+    },
+
+    enclosedTextHelper: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var text = lookaheadMatch[1];
+            if(config.browser.isIE)
+                text = text.replace(/\n/g,"\r");
+            createTiddlyElement(w.output,this.element,null,null,text);
+            w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
+            }
+    },
+
+    isExternalLink: function(link)
+    {
+        if(store.tiddlerExists(link) || store.isShadowTiddler(link))
+            {
+            //# Definitely not an external link
+            return false;
+            }
+        var urlRegExp = new RegExp(config.textPrimitives.urlPattern,"mg");
+        if(urlRegExp.exec(link))
+            {
+            // Definitely an external link
+            return true;
+            }
+        if (link.indexOf(".")!=-1 || link.indexOf("\\")!=-1 || link.indexOf("/")!=-1)
+            {
+            //# Link contains . / or \ so is probably an external link
+            return true;
+            }
+        //# Otherwise assume it is not an external link
+        return false;
+    }
+
+};
+
+// ---------------------------------------------------------------------------------
+// Standard formatters
+// ---------------------------------------------------------------------------------
+
+config.formatters = [
+{
+    name: "table",
+    match: "^\\|(?:[^\\n]*)\\|(?:[fhck]?)$",
+    lookaheadRegExp: /^\|([^\n]*)\|([fhck]?)$/mg,
+    rowTermRegExp: /(\|(?:[fhck]?)$\n?)/mg,
+    cellRegExp: /(?:\|([^\n\|]*)\|)|(\|[fhck]?$\n?)/mg,
+    cellTermRegExp: /((?:\x20*)\|)/mg,
+    rowTypes: {"c":"caption", "h":"thead", "":"tbody", "f":"tfoot"},
+
+    handler: function(w)
+    {
+        var table = createTiddlyElement(w.output,"table");
+        var prevColumns = [];
+        var currRowType = null;
+        var rowContainer;
+        var rowCount = 0;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            var nextRowType = lookaheadMatch[2];
+            if(nextRowType == "k")
+                {
+                table.className = lookaheadMatch[1];
+                w.nextMatch += lookaheadMatch[0].length+1;
+                }
+            else
+                {
+                if(nextRowType != currRowType)
+                    {
+                    rowContainer = createTiddlyElement(table,this.rowTypes[nextRowType]);
+                    currRowType = nextRowType;
+                    }
+                if(currRowType == "c")
+                    {
+                    // Caption
+                    w.nextMatch++;
+                    if(rowContainer != table.firstChild)
+                        table.insertBefore(rowContainer,table.firstChild);
+                    rowContainer.setAttribute("align",rowCount == 0?"top":"bottom");
+                    w.subWikifyTerm(rowContainer,this.rowTermRegExp);
+                    }
+                else
+                    {
+                    this.rowHandler(w,createTiddlyElement(rowContainer,"tr",null,(rowCount&1)?"oddRow":"evenRow"),prevColumns);
+                    rowCount++;
+                    }
+                }
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            }
+    },
+    rowHandler: function(w,e,prevColumns)
+    {
+        var col = 0;
+        var colSpanCount = 1;
+        var prevCell = null;
+        this.cellRegExp.lastIndex = w.nextMatch;
+        var cellMatch = this.cellRegExp.exec(w.source);
+        while(cellMatch && cellMatch.index == w.nextMatch)
+            {
+            if(cellMatch[1] == "~")
+                {
+                // Rowspan
+                var last = prevColumns[col];
+                if(last)
+                    {
+                    last.rowSpanCount++;
+                    last.element.setAttribute("rowspan",last.rowSpanCount);
+                    last.element.setAttribute("rowSpan",last.rowSpanCount); // Needed for IE
+                    last.element.valign = "center";
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[1] == ">")
+                {
+                // Colspan
+                colSpanCount++;
+                w.nextMatch = this.cellRegExp.lastIndex-1;
+                }
+            else if(cellMatch[2])
+                {
+                // End of row
+                if(prevCell && colSpanCount > 1)
+                    {
+                    prevCell.setAttribute("colspan",colSpanCount);
+                    prevCell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    }
+                w.nextMatch = this.cellRegExp.lastIndex;
+                break;
+                }
+            else
+                {
+                // Cell
+                w.nextMatch++;
+                var styles = config.formatterHelpers.inlineCssHelper(w);
+                var spaceLeft = false;
+                var chr = w.source.substr(w.nextMatch,1);
+                while(chr == " ")
+                    {
+                    spaceLeft = true;
+                    w.nextMatch++;
+                    chr = w.source.substr(w.nextMatch,1);
+                    }
+                var cell;
+                if(chr == "!")
+                    {
+                    cell = createTiddlyElement(e,"th");
+                    w.nextMatch++;
+                    }
+                else
+                    cell = createTiddlyElement(e,"td");
+                prevCell = cell;
+                prevColumns[col] = {rowSpanCount:1, element:cell};
+                if(colSpanCount > 1)
+                    {
+                    cell.setAttribute("colspan",colSpanCount);
+                    cell.setAttribute("colSpan",colSpanCount); // Needed for IE
+                    colSpanCount = 1;
+                    }
+                config.formatterHelpers.applyCssHelper(cell,styles);
+                w.subWikifyTerm(cell,this.cellTermRegExp);
+                if(w.matchText.substr(w.matchText.length-2,1) == " ") // spaceRight
+                    cell.align = spaceLeft ? "center" : "left";
+                else if(spaceLeft)
+                    cell.align = "right";
+                w.nextMatch--;
+                }
+            col++;
+            this.cellRegExp.lastIndex = w.nextMatch;
+            cellMatch = this.cellRegExp.exec(w.source);
+            }
+    }
+},
+
+{
+    name: "heading",
+    match: "^!{1,5}",
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(createTiddlyElement(w.output,"h" + w.matchLength),this.termRegExp);
+    }
+},
+
+{
+    name: "list",
+    match: "^(?:(?:(?:\\*)|(?:#)|(?:;)|(?::))+)",
+    lookaheadRegExp: /^(?:(?:(\*)|(#)|(;)|(:))+)/mg,
+    termRegExp: /(\n)/mg,
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0, currType = null;
+        var listLevel, listType, itemType;
+        w.nextMatch = w.matchStart;
+        this.lookaheadRegExp.lastIndex = w.nextMatch;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        while(lookaheadMatch && lookaheadMatch.index == w.nextMatch)
+            {
+            if(lookaheadMatch[1])
+                {
+                listType = "ul";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[2])
+                {
+                listType = "ol";
+                itemType = "li";
+                }
+            else if(lookaheadMatch[3])
+                {
+                listType = "dl";
+                itemType = "dt";
+                }
+            else if(lookaheadMatch[4])
+                {
+                listType = "dl";
+                itemType = "dd";
+                }
+            listLevel = lookaheadMatch[0].length;
+            w.nextMatch += lookaheadMatch[0].length;
+            if(listLevel > currLevel)
+                {
+                for(var t=currLevel; t<listLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            else if(listLevel < currLevel)
+                {
+                for(var t=currLevel; t>listLevel; t--)
+                    placeStack.pop();
+                }
+            else if(listLevel == currLevel && listType != currType)
+                {
+                placeStack.pop();
+                placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],listType));
+                }
+            currLevel = listLevel;
+            currType = listType;
+            var e = createTiddlyElement(placeStack[placeStack.length-1],itemType);
+            w.subWikifyTerm(e,this.termRegExp);
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        }
+    }
+},
+
+{
+    name: "quoteByBlock",
+    match: "^<<<\\n",
+    termRegExp: /(^<<<(\n|$))/mg,
+    element: "blockquote",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "quoteByLine",
+    match: "^>+",
+    lookaheadRegExp: /^>+/mg,
+    termRegExp: /(\n)/mg,
+    element: "blockquote",
+    handler: function(w)
+    {
+        var placeStack = [w.output];
+        var currLevel = 0;
+        var newLevel = w.matchLength;
+        var t;
+        do {
+            if(newLevel > currLevel)
+                {
+                for(t=currLevel; t<newLevel; t++)
+                    placeStack.push(createTiddlyElement(placeStack[placeStack.length-1],this.element));
+                }
+            else if(newLevel < currLevel)
+                {
+                for(t=currLevel; t>newLevel; t--)
+                    placeStack.pop();
+                }
+            currLevel = newLevel;
+            w.subWikifyTerm(placeStack[placeStack.length-1],this.termRegExp);
+            createTiddlyElement(placeStack[placeStack.length-1],"br");
+            this.lookaheadRegExp.lastIndex = w.nextMatch;
+            var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+            var matched = lookaheadMatch && lookaheadMatch.index == w.nextMatch;
+            if(matched)
+                {
+                newLevel = lookaheadMatch[0].length;
+                w.nextMatch += lookaheadMatch[0].length;
+                }
+        } while(matched);
+    }
+},
+
+{
+    name: "rule",
+    match: "^----+$\\n?",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"hr");
+    }
+},
+
+{
+    name: "monospacedByLine",
+    match: "^\\{\\{\\{\\n",
+    lookaheadRegExp: /^\{\{\{\n((?:^[^\n]*\n)+?)(^\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForCSS",
+    match: "^/\\*[\\{]{3}\\*/\\n",
+    lookaheadRegExp: /\/\*[\{]{3}\*\/\n*((?:^[^\n]*\n)+?)(\n*^\/\*[\}]{3}\*\/$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForPlugin",
+    match: "^//\\{\\{\\{\\n",
+    lookaheadRegExp: /^\/\/\{\{\{\n\n*((?:^[^\n]*\n)+?)(\n*^\/\/\}\}\}$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "monospacedByLineForTemplate",
+    match: "^<!--[\\{]{3}-->\\n",
+    lookaheadRegExp: /<!--[\{]{3}-->\n*((?:^[^\n]*\n)+?)(\n*^<!--[\}]{3}-->$\n?)/mg,
+    element: "pre",
+    handler: config.formatterHelpers.enclosedTextHelper
+},
+
+{
+    name: "wikifyCommentForPlugin",
+    match: "^/\\*\\*\\*\\n",
+    termRegExp: /(^\*\*\*\/\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "wikifyCommentForTemplate",
+    match: "^<!---\\n",
+    termRegExp: /(^--->\n)/mg,
+    handler: function(w)
+    {
+        w.subWikifyTerm(w.output,this.termRegExp);
+    }
+},
+
+{
+    name: "macro",
+    match: "<<",
+    lookaheadRegExp: /<<([^>\s]+)(?:\s*)((?:[^>]|(?:>(?!>)))*)>>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart && lookaheadMatch[1])
+            {
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            invokeMacro(w.output,lookaheadMatch[1],lookaheadMatch[2],w,w.tiddler);
+            }
+    }
+},
+
+{
+    name: "prettyLink",
+    match: "\\[\\[",
+    lookaheadRegExp: /\[\[(.*?)(?:\|(~)?(.*?))?\]\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            var e;
+            var text = lookaheadMatch[1];
+            if(lookaheadMatch[3])
+                {
+                // Pretty bracketted link
+                var link = lookaheadMatch[3];
+                e = (!lookaheadMatch[2] && config.formatterHelpers.isExternalLink(link))
+                        ? createExternalLink(w.output,link)
+                        : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                }
+            else
+                {
+                // Simple bracketted link
+                e = createTiddlyLink(w.output,text,false,null,w.isStatic);
+                }
+            createTiddlyText(e,text);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "unWikiLink",
+    match: config.textPrimitives.unWikiLink+config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        w.outputText(w.output,w.matchStart+1,w.nextMatch);
+    }
+},
+
+{
+    name: "wikiLink",
+    match: config.textPrimitives.wikiLink,
+    handler: function(w)
+    {
+        if(w.matchStart > 0)
+            {
+            var preRegExp = new RegExp(config.textPrimitives.anyLetterStrict,"mg");
+            preRegExp.lastIndex = w.matchStart-1;
+            var preMatch = preRegExp.exec(w.source);
+            if(preMatch.index == w.matchStart-1)
+                {
+                w.outputText(w.output,w.matchStart,w.nextMatch);
+                return;
+                }
+            }
+        if(w.autoLinkWikiWords == true || store.isShadowTiddler(w.matchText))
+            {
+            var link = createTiddlyLink(w.output,w.matchText,false,null,w.isStatic);
+            w.outputText(link,w.matchStart,w.nextMatch);
+            }
+        else
+            {
+            w.outputText(w.output,w.matchStart,w.nextMatch);
+            }
+    }
+},
+
+{
+    name: "urlLink",
+    match: config.textPrimitives.urlPattern,
+    handler: function(w)
+    {
+        w.outputText(createExternalLink(w.output,w.matchText),w.matchStart,w.nextMatch);
+    }
+},
+
+{
+    name: "image",
+    match: "\\[[<>]?[Ii][Mm][Gg]\\[",
+    lookaheadRegExp: /\[(<?)(>?)[Ii][Mm][Gg]\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart) // Simple bracketted link
+            {
+            var e = w.output;
+            if(lookaheadMatch[5])
+                {
+                var link = lookaheadMatch[5];
+                e = config.formatterHelpers.isExternalLink(link) ? createExternalLink(w.output,link) : createTiddlyLink(w.output,link,false,null,w.isStatic);
+                addClass(e,"imageLink");
+                }
+            var img = createTiddlyElement(e,"img");
+            if(lookaheadMatch[1])
+                img.align = "left";
+            else if(lookaheadMatch[2])
+                img.align = "right";
+            if(lookaheadMatch[3])
+                img.title = lookaheadMatch[3];
+            img.src = lookaheadMatch[4];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "html",
+    match: "<[Hh][Tt][Mm][Ll]>",
+    lookaheadRegExp: /<[Hh][Tt][Mm][Ll]>((?:.|\n)*?)<\/[Hh][Tt][Mm][Ll]>/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span").innerHTML = lookaheadMatch[1];
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "commentByBlock",
+    match: "/%",
+    lookaheadRegExp: /\/%((?:.|\n)*?)%\//mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+    }
+},
+
+{
+    name: "boldByChar",
+    match: "''",
+    termRegExp: /('')/mg,
+    element: "strong",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "italicByChar",
+    match: "//",
+    termRegExp: /(\/\/)/mg,
+    element: "em",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "underlineByChar",
+    match: "__",
+    termRegExp: /(__)/mg,
+    element: "u",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "strikeByChar",
+    match: "--(?!\\s|$)",
+    termRegExp: /((?!\s)--|(?=\n\n))/mg,
+    element: "strike",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "superscriptByChar",
+    match: "\\^\\^",
+    termRegExp: /(\^\^)/mg,
+    element: "sup",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "subscriptByChar",
+    match: "~~",
+    termRegExp: /(~~)/mg,
+    element: "sub",
+    handler: config.formatterHelpers.createElementAndWikify
+},
+
+{
+    name: "monospacedByChar",
+    match: "\\{\\{\\{",
+    lookaheadRegExp: /\{\{\{((?:.|\n)*?)\}\}\}/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"code",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "styleByChar",
+    match: "@@",
+    termRegExp: /(@@)/mg,
+    handler:  function(w)
+    {
+        var e = createTiddlyElement(w.output,"span");
+        var styles = config.formatterHelpers.inlineCssHelper(w);
+        if(styles.length == 0)
+            e.className = "marked";
+        else
+            config.formatterHelpers.applyCssHelper(e,styles);
+        w.subWikifyTerm(e,this.termRegExp);
+    }
+},
+
+{
+    name: "lineBreak",
+    match: "\\n|<br ?/?>",
+    handler: function(w)
+    {
+        createTiddlyElement(w.output,"br");
+    }
+},
+
+{
+    name: "rawText",
+    match: "\\\"{3}|<nowiki>",
+    lookaheadRegExp: /(?:\"{3}|<nowiki>)((?:.|\n)*?)(?:\"{3}|<\/nowiki>)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
+        if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+            {
+            createTiddlyElement(w.output,"span",null,null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            }
+    }
+},
+
+{
+    name: "mdash",
+    match: "--",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = "&mdash;";
+        }
+},
+
+{
+    name: "htmlEntitiesEncoding",
+    match: "(?:(?:&#?[a-zA-Z0-9]{2,8};|.)(?:&#?(?:x0*(?:3[0-6][0-9a-fA-F]|1D[c-fC-F][0-9a-fA-F]|20[d-fD-F][0-9a-fA-F]|FE2[0-9a-fA-F])|0*(?:76[89]|7[7-9][0-9]|8[0-7][0-9]|761[6-9]|76[2-7][0-9]|84[0-3][0-9]|844[0-7]|6505[6-9]|6506[0-9]|6507[0-1]));)+|&#?[a-zA-Z0-9]{2,8};)",
+    handler: function(w)
+        {
+        createTiddlyElement(w.output,"span").innerHTML = w.matchText;
+        }
+},
+
+{
+    name: "customClasses",
+    match: "\\{\\{",
+    termRegExp: /(\}\}\})/mg,
+    lookaheadRegExp: /\{\{[\s]*([\w]+[\s\w]*)[\s]*\{(\n?)/mg,
+    handler: function(w)
+    {
+        this.lookaheadRegExp.lastIndex = w.matchStart;
+        var lookaheadMatch = this.lookaheadRegExp.exec(w.source);
+        if(lookaheadMatch)
+            {
+            var e = createTiddlyElement(w.output,lookaheadMatch[2] == "\n" ? "div" : "span",null,lookaheadMatch[1]);
+            w.nextMatch = this.lookaheadRegExp.lastIndex;
+            w.subWikifyTerm(e,this.termRegExp);
+            }
+    }
+}
+
+];
+
+// ---------------------------------------------------------------------------------
+// Wikifier
+// ---------------------------------------------------------------------------------
+
+function getParser(tiddler)
+{
+    var f = formatter;
+    if(tiddler!=null)
+        {
+        for(var i in config.parsers)
+            {
+            if(tiddler.isTagged(config.parsers[i].formatTag))
+                {
+                f = config.parsers[i];
+                break;
+                }
+            }
+        }
+    return f;
+}
+
+function wikify(source,output,highlightRegExp,tiddler)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.subWikifyUnterm(output);
+        }
+}
+
+function wikifyStatic(source,highlightRegExp,tiddler)
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    var html = "";
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,getParser(tiddler),highlightRegExp,tiddler);
+        wikifier.isStatic = true;
+        wikifier.subWikifyUnterm(e);
+        html = e.innerHTML;
+        e.parentNode.removeChild(e);
+        }
+    return html;
+}
+
+// Wikify a named tiddler to plain text
+function wikifyPlain(title)
+{
+    if(store.tiddlerExists(title) || store.isShadowTiddler(title))
+        {
+        var wikifier = new Wikifier(store.getTiddlerText(title),formatter,null,store.getTiddler(title));
+        return wikifier.wikifyPlain();
+        }
+    else
+        return "";
+}
+
+// Highlight plain text into an element
+function highlightify(source,output,highlightRegExp)
+{
+    if(source && source != "")
+        {
+        var wikifier = new Wikifier(source,formatter,highlightRegExp);
+        wikifier.outputText(output,0,source.length);
+        }
+}
+
+// Construct a wikifier object
+// source - source string that's going to be wikified
+// formatter - Formatter() object containing the list of formatters to be used
+// highlightRegExp - regular expression of the text string to highlight
+// tiddler - reference to the tiddler that's taken to be the container for this wikification
+function Wikifier(source,formatter,highlightRegExp,tiddler)
+{
+    this.source = source;
+    this.output = null;
+    this.formatter = formatter;
+    this.nextMatch = 0;
+    this.autoLinkWikiWords = tiddler && tiddler.autoLinkWikiWords() == false ? false : true;
+    this.highlightRegExp = highlightRegExp;
+    this.highlightMatch = null;
+    this.isStatic = false;
+    if(highlightRegExp)
+        {
+        highlightRegExp.lastIndex = 0;
+        this.highlightMatch = highlightRegExp.exec(source);
+        }
+    this.tiddler = tiddler;
+}
+
+Wikifier.prototype.wikifyPlain = function()
+{
+    var e = createTiddlyElement(document.body,"div");
+    e.style.display = "none";
+    this.subWikify(e);
+    var text = getPlainText(e);
+    e.parentNode.removeChild(e);
+    return text;
+}
+
+Wikifier.prototype.subWikify = function(output,terminator)
+{
+    // Handle the terminated and unterminated cases separately
+    if (terminator)
+        this.subWikifyTerm(output,new RegExp("(" + terminator + ")","mg"));
+    else
+        this.subWikifyUnterm(output);
+}
+
+Wikifier.prototype.subWikifyUnterm = function(output)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first match
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+    while(formatterMatch)
+        {
+        // Output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters for the handler
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        formatterMatch = this.formatter.formatterRegExp.exec(this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.subWikifyTerm = function(output,terminatorRegExp)
+{
+    // subWikify() can be indirectly recursive, so we need to save the old output pointer
+    var oldOutput = this.output;
+    this.output = output;
+    // Get the first matches for the formatter and terminator RegExps
+    terminatorRegExp.lastIndex = this.nextMatch;
+    var terminatorMatch = terminatorRegExp.exec(this.source);
+    this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+    var formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+    while(terminatorMatch || formatterMatch)
+        {
+        // Check for a terminator match  before the next formatter match
+        if(terminatorMatch && (!formatterMatch || terminatorMatch.index <= formatterMatch.index))
+            {
+            // Output any text before the match
+            if(terminatorMatch.index > this.nextMatch)
+                this.outputText(this.output,this.nextMatch,terminatorMatch.index);
+            // Set the match parameters
+            this.matchText = terminatorMatch[1];
+            this.matchLength = terminatorMatch[1].length;
+            this.matchStart = terminatorMatch.index;
+            this.nextMatch = this.matchStart + this.matchLength;
+            // Restore the output pointer
+            this.output = oldOutput;
+            return;
+            }
+        // It must be a formatter match; output any text before the match
+        if(formatterMatch.index > this.nextMatch)
+            this.outputText(this.output,this.nextMatch,formatterMatch.index);
+        // Set the match parameters
+        this.matchStart = formatterMatch.index;
+        this.matchLength = formatterMatch[0].length;
+        this.matchText = formatterMatch[0];
+        this.nextMatch = this.formatter.formatterRegExp.lastIndex;
+        // Figure out which formatter matched and call its handler
+        for(var t=1; t<formatterMatch.length; t++)
+            {
+            if(formatterMatch[t])
+                {
+                this.formatter.formatters[t-1].handler(this);
+                this.formatter.formatterRegExp.lastIndex = this.nextMatch;
+                break;
+                }
+            }
+        // Get the next match
+        terminatorRegExp.lastIndex = this.nextMatch;
+        terminatorMatch = terminatorRegExp.exec(this.source);
+        formatterMatch = this.formatter.formatterRegExp.exec(terminatorMatch ? this.source.substr(0,terminatorMatch.index) : this.source);
+        }
+    // Output any text after the last match
+    if(this.nextMatch < this.source.length)
+        {
+        this.outputText(this.output,this.nextMatch,this.source.length);
+        this.nextMatch = this.source.length;
+        }
+    // Restore the output pointer
+    this.output = oldOutput;
+}
+
+Wikifier.prototype.outputText = function(place,startPos,endPos)
+{
+    // Check for highlights
+    while(this.highlightMatch && (this.highlightRegExp.lastIndex > startPos) && (this.highlightMatch.index < endPos) && (startPos < endPos))
+        {
+        // Deal with any plain text before the highlight
+        if(this.highlightMatch.index > startPos)
+            {
+            createTiddlyText(place,this.source.substring(startPos,this.highlightMatch.index));
+            startPos = this.highlightMatch.index;
+            }
+        // Deal with the highlight
+        var highlightEnd = Math.min(this.highlightRegExp.lastIndex,endPos);
+        var theHighlight = createTiddlyElement(place,"span",null,"highlight",this.source.substring(startPos,highlightEnd));
+        startPos = highlightEnd;
+        // Nudge along to the next highlight if we're done with this one
+        if(startPos >= this.highlightRegExp.lastIndex)
+            this.highlightMatch = this.highlightRegExp.exec(this.source);
+        }
+    // Do the unhighlighted text left over
+    if(startPos < endPos)
+        {
+        createTiddlyText(place,this.source.substring(startPos,endPos));
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Macro definitions
+// ---------------------------------------------------------------------------------
+
+config.macros.today.handler = function(place,macroName,params)
+{
+    var now = new Date();
+    var text;
+    if(params[0])
+        text = now.formatString(params[0].trim());
+    else
+        text = now.toLocaleString();
+    createTiddlyElement(place,"span",null,null,text);
+}
+
+config.macros.version.handler = function(place)
+{
+    createTiddlyElement(place,"span",null,null,version.major + "." + version.minor + "." + version.revision + (version.beta ? " (beta " + version.beta + ")" : ""));
+}
+
+config.macros.list.handler = function(place,macroName,params)
+{
+    var type = params[0] ? params[0] : "all";
+    var theList = document.createElement("ul");
+    place.appendChild(theList);
+    if(this[type].prompt)
+        createTiddlyElement(theList,"li",null,"listTitle",this[type].prompt);
+    var results;
+    if(this[type].handler)
+        results = this[type].handler(params);
+    for(var t = 0; t < results.length; t++)
+        {
+        var theListItem = document.createElement("li")
+        theList.appendChild(theListItem);
+        if(typeof results[t] == "string")
+            createTiddlyLink(theListItem,results[t],true);
+        else
+            createTiddlyLink(theListItem,results[t].title,true);
+        }
+}
+
+config.macros.list.all.handler = function(params)
+{
+    return store.reverseLookup("tags","excludeLists",false,"title");
+}
+
+config.macros.list.missing.handler = function(params)
+{
+    return store.getMissingLinks();
+}
+
+config.macros.list.orphans.handler = function(params)
+{
+    return store.getOrphans();
+}
+
+config.macros.list.shadowed.handler = function(params)
+{
+    return store.getShadowed();
+}
+
+config.macros.allTags.handler = function(place,macroName,params)
+{
+    var tags = store.getTags();
+    var theDateList = createTiddlyElement(place,"ul");
+    if(tags.length == 0)
+        createTiddlyElement(theDateList,"li",null,"listTitle",this.noTags);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theListItem =createTiddlyElement(theDateList,"li");
+        var theTag = createTiddlyButton(theListItem,tags[t][0] + " (" + tags[t][1] + ")",this.tooltip.format([tags[t][0]]),onClickTag);
+        theTag.setAttribute("tag",tags[t][0]);
+        }
+}
+
+config.macros.timeline.handler = function(place,macroName,params)
+{
+    var field = params[0] ? params[0] : "modified";
+    var tiddlers = store.reverseLookup("tags","excludeLists",false,field);
+    var lastDay = "";
+    var last = params[1] ? tiddlers.length-Math.min(tiddlers.length,parseInt(params[1])) : 0;
+    for(var t=tiddlers.length-1; t>=last; t--)
+        {
+        var tiddler = tiddlers[t];
+        var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);
+        if(theDay != lastDay)
+            {
+            var theDateList = document.createElement("ul");
+            place.appendChild(theDateList);
+            createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));
+            lastDay = theDay;
+            }
+        var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink");
+        theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));
+        }
+}
+
+config.macros.search.handler = function(place,macroName,params)
+{
+    var searchTimeout = null;
+    var btn = createTiddlyButton(place,this.label,this.prompt,this.onClick);
+    var txt = createTiddlyElement(place,"input",null,"txtOptionInput");
+    if(params[0])
+        txt.value = params[0];
+    txt.onkeyup = this.onKeyPress;
+    txt.onfocus = this.onFocus;
+    txt.setAttribute("size",this.sizeTextbox);
+    txt.setAttribute("accessKey",this.accessKey);
+    txt.setAttribute("autocomplete","off");
+    txt.setAttribute("lastSearchText","");
+    if(config.browser.isSafari)
+        {
+        txt.setAttribute("type","search");
+        txt.setAttribute("results","5");
+        }
+    else
+        txt.setAttribute("type","text");
+}
+
+// Global because there's only ever one outstanding incremental search timer
+config.macros.search.timeout = null;
+
+config.macros.search.doSearch = function(txt)
+{
+    if(txt.value.length > 0)
+        {
+        story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch);
+        txt.setAttribute("lastSearchText",txt.value);
+        }
+}
+
+config.macros.search.onClick = function(e)
+{
+    config.macros.search.doSearch(this.nextSibling);
+    return false;
+}
+
+config.macros.search.onKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    switch(e.keyCode)
+        {
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+            config.macros.search.doSearch(this);
+            break;
+        case 27: // Escape
+            this.value = "";
+            clearMessage();
+            break;
+        }
+    if(this.value.length > 2)
+        {
+        if(this.value != this.getAttribute("lastSearchText"))
+            {
+            if(config.macros.search.timeout)
+                clearTimeout(config.macros.search.timeout);
+            var txt = this;
+            config.macros.search.timeout = setTimeout(function() {config.macros.search.doSearch(txt);},500);
+            }
+        }
+    else
+        {
+        if(config.macros.search.timeout)
+            clearTimeout(config.macros.search.timeout);
+        }
+}
+
+config.macros.search.onFocus = function(e)
+{
+    this.select();
+}
+
+config.macros.tiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("name",null,true,false,true);
+    var names = params[0]["name"];
+    var tiddlerName = names[0];
+    var className = names[1] ? names[1] : null;
+    var args = params[0]["with"];
+    var wrapper = createTiddlyElement(place,"span",null,className);
+    if(!args)
+        {
+        wrapper.setAttribute("refresh","content");
+        wrapper.setAttribute("tiddler",tiddlerName);
+        }
+    var text = store.getTiddlerText(tiddlerName);
+    if(text)
+        {
+        var stack = config.macros.tiddler.tiddlerStack;
+        if(stack.indexOf(tiddlerName) !== -1)
+            return;
+        stack.push(tiddlerName);
+        try
+            {
+            var n = args ? Math.min(args.length,9) : 0;
+            for(var i=0; i<n; i++)
+                {
+                var placeholderRE = new RegExp("\\$" + (i + 1),"mg");
+                text = text.replace(placeholderRE,args[i]);
+                }
+            config.macros.tiddler.renderText(wrapper,text,tiddlerName,params);
+            }
+        finally
+            {
+            stack.pop();
+            }
+        }
+}
+
+config.macros.tiddler.renderText = function(place,text,tiddlerName,params)
+{
+    wikify(text,place,null,store.getTiddler(tiddlerName));
+}
+
+config.macros.tiddler.tiddlerStack = [];
+
+config.macros.tag.handler = function(place,macroName,params)
+{
+    createTagButton(place,params[0]);
+}
+
+config.macros.tags.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title && store.tiddlerExists(title))
+        tiddler = store.getTiddler(title);
+    var sep = getParam(params,"sep"," ");
+    var lingo = config.views.wikified.tag;
+    var prompt = tiddler.tags.length == 0 ? lingo.labelNoTags : lingo.labelTags;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([tiddler.title]));
+    for(var t=0; t<tiddler.tags.length; t++)
+        {
+        createTagButton(createTiddlyElement(theList,"li"),tiddler.tags[t],tiddler.title);
+        if(t<tiddler.tags.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.tagging.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    params = paramString.parseParams("anon",null,true,false,false);
+    var theList = createTiddlyElement(place,"ul");
+    var title = getParam(params,"anon","");
+    if(title == "" && tiddler instanceof Tiddler)
+        title = tiddler.title;
+    var sep = getParam(params,"sep"," ");
+    theList.setAttribute("title",this.tooltip.format([title]));
+    var tagged = store.getTaggedTiddlers(title);
+    var prompt = tagged.length == 0 ? this.labelNotTag : this.label;
+    createTiddlyElement(theList,"li",null,"listTitle",prompt.format([title,tagged.length]));
+    for(var t=0; t<tagged.length; t++)
+        {
+        createTiddlyLink(createTiddlyElement(theList,"li"),tagged[t].title,true);
+        if(t<tagged.length-1)
+            createTiddlyText(theList,sep);
+        }
+}
+
+config.macros.closeAll.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.closeAll.onClick = function(e)
+{
+    story.closeAllTiddlers();
+    return false;
+}
+
+config.macros.permaview.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.permaview.onClick = function(e)
+{
+    story.permaView();
+    return false;
+}
+
+config.macros.saveChanges.handler = function(place)
+{
+    if(!readOnly)
+        createTiddlyButton(place,this.label,this.prompt,this.onClick,null,null,this.accessKey);
+}
+
+config.macros.saveChanges.onClick = function(e)
+{
+    saveChanges();
+    return false;
+}
+
+config.macros.slider.onClickSlider = function(e)
+{
+    if(!e) var e = window.event;
+    var n = this.nextSibling;
+    var cookie = n.getAttribute("cookie");
+    var isOpen = n.style.display != "none";
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Slider(n,!isOpen,e.shiftKey || e.altKey,"none"));
+    else
+        n.style.display = isOpen ? "none" : "block";
+    config.options[cookie] = !isOpen;
+    saveOptionCookie(cookie);
+    return false;
+}
+
+config.macros.slider.createSlider = function(place,cookie,title,tooltip)
+{
+    var cookie = cookie ? cookie : "";
+    var btn = createTiddlyButton(place,title,tooltip,this.onClickSlider);
+    var panel = createTiddlyElement(null,"div",null,"sliderPanel");
+    panel.setAttribute("cookie",cookie);
+    panel.style.display = config.options[cookie] ? "block" : "none";
+    place.appendChild(panel);
+    return panel;
+}
+
+config.macros.slider.handler = function(place,macroName,params)
+{
+    var panel = this.createSlider(place,params[0],params[2],params[3]);
+    var text = store.getTiddlerText(params[1]);
+    panel.setAttribute("refresh", "content");
+    panel.setAttribute("tiddler", params[1]);
+    if(text)
+        wikify(text,panel,null,store.getTiddler(params[1]));
+}
+
+config.macros.option.onChangeOption = function(e)
+{
+    var opt = this.getAttribute("option");
+    var elementType,valueField;
+    if(opt)
+        {
+        switch(opt.substr(0,3))
+            {
+            case "txt":
+                elementType = "input";
+                valueField = "value";
+                break;
+            case "chk":
+                elementType = "input";
+                valueField = "checked";
+                break;
+            }
+        config.options[opt] = this[valueField];
+        saveOptionCookie(opt);
+        var nodes = document.getElementsByTagName(elementType);
+        for(var t=0; t<nodes.length; t++)
+            {
+            var optNode = nodes[t].getAttribute("option");
+            if(opt == optNode)
+                nodes[t][valueField] = this[valueField];
+            }
+        }
+    return(true);
+}
+
+config.macros.option.handler = function(place,macroName,params)
+{
+    var opt = params[0];
+    if(config.options[opt] == undefined)
+        return;
+    var c;
+    switch(opt.substr(0,3))
+        {
+        case "txt":
+            c = document.createElement("input");
+            c.onkeyup = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "txtOptionInput";
+            place.appendChild(c);
+            c.value = config.options[opt];
+            break;
+        case "chk":
+            c = document.createElement("input");
+            c.setAttribute("type","checkbox");
+            c.onclick = this.onChangeOption;
+            c.setAttribute("option",opt);
+            c.className = "chkOptionInput";
+            place.appendChild(c);
+            c.checked = config.options[opt];
+            break;
+        }
+}
+
+
+
+config.macros.newTiddler.createNewTiddlerButton = function(place,title,params,label,prompt,accessKey,newFocus,isJournal)
+{
+    var tags = [];
+    for(var t=1; t<params.length; t++)
+        if((params[t].name == "anon" && t != 1) || (params[t].name == "tag"))
+            tags.push(params[t].value);
+    label = getParam(params,"label",label);
+    prompt = getParam(params,"prompt",prompt);
+    accessKey = getParam(params,"accessKey",accessKey);
+    newFocus = getParam(params,"focus",newFocus);
+    var btn = createTiddlyButton(place,label,prompt,this.onClickNewTiddler,null,null,accessKey);
+    btn.setAttribute("newTitle",title);
+    btn.setAttribute("isJournal",isJournal);
+    btn.setAttribute("params",tags.join("|"));
+    btn.setAttribute("newFocus",newFocus);
+    btn.setAttribute("newTemplate",getParam(params,"template",DEFAULT_EDIT_TEMPLATE));
+    var text = getParam(params,"text");
+    if(text !== undefined)
+        btn.setAttribute("newText",text);
+    return btn;
+}
+
+config.macros.newTiddler.onClickNewTiddler = function()
+{
+    var title = this.getAttribute("newTitle");
+    if(this.getAttribute("isJournal"))
+        {
+        var now = new Date();
+        title = now.formatString(title.trim());
+        }
+    var params = this.getAttribute("params").split("|");
+    var focus = this.getAttribute("newFocus");
+    var template = this.getAttribute("newTemplate");
+    story.displayTiddler(null,title,template);
+    var text = this.getAttribute("newText");
+    if(typeof text == "string")
+        story.getTiddlerField(title,"text").value = text.format([title]);
+    for(var t=0;t<params.length;t++)
+        story.setTiddlerTag(title,params[t],+1);
+    story.focusTiddler(title,focus);
+    return false;
+}
+
+config.macros.newTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : this.title;
+        title = getParam(params,"title",title);
+        this.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"title",false);
+        }
+}
+
+config.macros.newJournal.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(!readOnly)
+        {
+        params = paramString.parseParams("anon",null,true,false,false);
+        var title = params[1] && params[1].name == "anon" ? params[1].value : "";
+        title = getParam(params,"title",title);
+        config.macros.newTiddler.createNewTiddlerButton(place,title,params,this.label,this.prompt,this.accessKey,"text",true);
+        }
+}
+
+config.macros.sparkline.handler = function(place,macroName,params)
+{
+    var data = [];
+    var min = 0;
+    var max = 0;
+    for(var t=0; t<params.length; t++)
+        {
+        var v = parseInt(params[t]);
+        if(v < min)
+            min = v;
+        if(v > max)
+            max = v;
+        data.push(v);
+        }
+    if(data.length < 1)
+        return;
+    var box = createTiddlyElement(place,"span",null,"sparkline",String.fromCharCode(160));
+    box.title = data.join(",");
+    var w = box.offsetWidth;
+    var h = box.offsetHeight;
+    box.style.paddingRight = (data.length * 2 - w) + "px";
+    box.style.position = "relative";
+    for(var d=0; d<data.length; d++)
+        {
+        var tick = document.createElement("img");
+        tick.border = 0;
+        tick.className = "sparktick";
+        tick.style.position = "absolute";
+        tick.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
+        tick.style.left = d*2 + "px";
+        tick.style.width = "2px";
+        var v = Math.floor(((data[d] - min)/(max-min)) * h);
+        tick.style.top = (h-v) + "px";
+        tick.style.height = v + "px";
+        box.appendChild(tick);
+        }
+}
+
+config.macros.tabs.handler = function(place,macroName,params)
+{
+    var cookie = params[0];
+    var numTabs = (params.length-1)/3;
+    var wrapper = createTiddlyElement(null,"div",null,cookie);
+    var tabset = createTiddlyElement(wrapper,"div",null,"tabset");
+    tabset.setAttribute("cookie",cookie);
+    var validTab = false;
+    for(var t=0; t<numTabs; t++)
+        {
+        var label = params[t*3+1];
+        var prompt = params[t*3+2];
+        var content = params[t*3+3];
+        var tab = createTiddlyButton(tabset,label,prompt,this.onClickTab,"tab tabUnselected");
+        tab.setAttribute("tab",label);
+        tab.setAttribute("content",content);
+        tab.title = prompt;
+        if(config.options[cookie] == label)
+            validTab = true;
+        }
+    if(!validTab)
+        config.options[cookie] = params[1];
+    place.appendChild(wrapper);
+    this.switchTab(tabset,config.options[cookie]);
+}
+
+config.macros.tabs.onClickTab = function(e)
+{
+    config.macros.tabs.switchTab(this.parentNode,this.getAttribute("tab"));
+    return false;
+}
+
+config.macros.tabs.switchTab = function(tabset,tab)
+{
+    var cookie = tabset.getAttribute("cookie");
+    var theTab = null
+    var nodes = tabset.childNodes;
+    for(var t=0; t<nodes.length; t++)
+        if(nodes[t].getAttribute && nodes[t].getAttribute("tab") == tab)
+            {
+            theTab = nodes[t];
+            theTab.className = "tab tabSelected";
+            }
+        else
+            nodes[t].className = "tab tabUnselected"
+    if(theTab)
+        {
+        if(tabset.nextSibling && tabset.nextSibling.className == "tabContents")
+            tabset.parentNode.removeChild(tabset.nextSibling);
+        var tabContent = createTiddlyElement(null,"div",null,"tabContents");
+        tabset.parentNode.insertBefore(tabContent,tabset.nextSibling);
+        var contentTitle = theTab.getAttribute("content");
+        wikify(store.getTiddlerText(contentTitle),tabContent,null,store.getTiddler(contentTitle));
+        if(cookie)
+            {
+            config.options[cookie] = tab;
+            saveOptionCookie(cookie);
+            }
+        }
+}
+
+// <<gradient [[tiddler name]] vert|horiz rgb rgb rgb rgb... >>
+config.macros.gradient.handler = function(place,macroName,params,wikifier)
+{
+    var terminator = ">>";
+    var panel;
+    if(wikifier)
+        panel = createTiddlyElement(place,"div",null,"gradient");
+    else
+        panel = place;
+    panel.style.position = "relative";
+    panel.style.overflow = "hidden";
+    panel.style.zIndex = "0";
+    var t;
+    if(wikifier)
+        {
+        var styles = config.formatterHelpers.inlineCssHelper(wikifier);
+        config.formatterHelpers.applyCssHelper(panel,styles);
+        }
+    var colours = [];
+    for(t=1; t<params.length; t++)
+        {
+        var c = new RGB(params[t]);
+        if(c)
+            colours.push(c);
+        }
+    drawGradient(panel,params[0] != "vert",colours);
+    if(wikifier)
+        wikifier.subWikify(panel,terminator);
+    if(document.all)
+        {
+        panel.style.height = "100%";
+        panel.style.width = "100%";
+        }
+}
+
+config.macros.message.handler = function(place,macroName,params)
+{
+    if(params[0])
+        {
+        var m = config;
+        var p = params[0].split(".");
+        for(var t=0; t<p.length; t++)
+            {
+            if(p[t] in m)
+                m = m[p[t]];
+            else
+                break;
+            }
+        createTiddlyText(place,m.toString().format(params.splice(1)));
+        }
+}
+
+config.macros.view.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if((tiddler instanceof Tiddler) && params[0])
+        {
+        var value = store.getValue(tiddler,params[0]);
+        if(value != undefined)
+            switch(params[1])
+                {
+                case undefined:
+                    highlightify(value,place,highlightHack);
+                    break;
+                case "link":
+                    createTiddlyLink(place,value,true);
+                    break;
+                case "wikified":
+                    wikify(value,place,highlightHack,tiddler);
+                    break;
+                case "date":
+                    value = Date.convertFromYYYYMMDDHHMM(value);
+                    if(params[2])
+                        createTiddlyText(place,value.formatString(params[2]));
+                    else
+                        createTiddlyText(place,value);
+                    break;
+                }
+        }
+}
+
+config.macros.edit.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var field = params[0];
+    if((tiddler instanceof Tiddler) && field)
+        {
+        story.setDirty(tiddler.title,true);
+        if(field != "text")
+            {
+                var e = createTiddlyElement(null,"input");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                e.setAttribute("edit",field);
+                e.setAttribute("type","text");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                e.setAttribute("size","40");
+                e.setAttribute("autocomplete","off");
+                place.appendChild(e);
+            }
+        else
+            {
+                var wrapper1 = createTiddlyElement(null,"fieldset",null,"fieldsetFix");
+                var wrapper2 = createTiddlyElement(wrapper1,"div");
+                var e = createTiddlyElement(wrapper2,"textarea");
+                if(tiddler.isReadOnly())
+                    e.setAttribute("readOnly","readOnly");
+                var v = store.getValue(tiddler,field);
+                if(!v)
+                    v = "";
+                e.value = v;
+                var rows = 10;
+                var lines = v.match(/\n/mg);
+                var maxLines = Math.max(parseInt(config.options.txtMaxEditRows),5);
+                if(lines != null && lines.length > rows)
+                    rows = lines.length + 5;
+                rows = Math.min(rows,maxLines);
+                e.setAttribute("rows",rows);
+                e.setAttribute("edit",field);
+                place.appendChild(wrapper1);
+            }
+        }
+}
+
+config.macros.tagChooser.onClick = function(e)
+{
+    if(!e) var e = window.event;
+    var lingo = config.views.editor.tagChooser;
+    var popup = Popup.create(this);
+    var tags = store.getTags();
+    if(tags.length == 0)
+        createTiddlyText(createTiddlyElement(popup,"li"),lingo.popupNone);
+    for(var t=0; t<tags.length; t++)
+        {
+        var theTag = createTiddlyButton(createTiddlyElement(popup,"li"),tags[t][0],lingo.tagTooltip.format([tags[t][0]]),config.macros.tagChooser.onTagClick);
+        theTag.setAttribute("tag",tags[t][0]);
+        theTag.setAttribute("tiddler", this.getAttribute("tiddler"));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if(e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+config.macros.tagChooser.onTagClick = function(e)
+{
+    if(!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(!readOnly)
+        story.setTiddlerTag(title,tag,0);
+    return(false);
+}
+
+config.macros.tagChooser.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(tiddler instanceof Tiddler)
+        {
+        var title = tiddler.title;
+        var lingo = config.views.editor.tagChooser;
+        var btn = createTiddlyButton(place,lingo.text,lingo.tooltip,this.onClick);
+        btn.setAttribute("tiddler", title);
+        }
+}
+
+// Create a toolbar command button
+// place - parent DOM element
+// command - reference to config.commands[] member -or- name of member
+// tiddler - reference to tiddler that toolbar applies to
+// theClass - the class to give the button
+config.macros.toolbar.createCommand = function(place,commandName,tiddler,theClass)
+{
+    if(typeof commandName != "string")
+        {
+        var c = null;
+        for(var t in config.commands)
+            if(config.commands[t] == commandName)
+                c = t;
+        commandName = c;
+        }
+    if((tiddler instanceof Tiddler) && (typeof commandName == "string"))
+        {
+        var title = tiddler.title;
+        var command = config.commands[commandName];
+        var ro = tiddler.isReadOnly();
+        var shadow = store.isShadowTiddler(title) && !store.tiddlerExists(title);
+        var text = ro && command.readOnlyText ? command.readOnlyText : command.text;
+        var tooltip = ro && command.readOnlyTooltip ? command.readOnlyTooltip : command.tooltip;
+        if((!ro || (ro && !command.hideReadOnly)) && !(shadow && command.hideShadow))
+
+            {
+            var btn = createTiddlyButton(null,text,tooltip,this.onClickCommand);
+            btn.setAttribute("commandName", commandName);
+            btn.setAttribute("tiddler", title);
+            if(theClass)
+                addClass(btn,theClass);
+            place.appendChild(btn);
+            }
+        }
+}
+
+config.macros.toolbar.onClickCommand = function(e)
+{
+    if(!e) var e = window.event;
+    var command = config.commands[this.getAttribute("commandName")];
+    return command.handler(e,this,this.getAttribute("tiddler"));
+}
+
+// Invoke the first command encountered from a given place that is tagged with a specified class
+config.macros.toolbar.invokeCommand = function(place,theClass,event)
+{
+    var children = place.getElementsByTagName("a")
+    for(var t=0; t<children.length; t++)
+        {
+        var c = children[t];
+        if(hasClass(c,theClass) && c.getAttribute && c.getAttribute("commandName"))
+            {
+            if(c.onclick instanceof Function)
+                c.onclick.call(c,event);
+            break;
+            }
+        }
+}
+
+config.macros.toolbar.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    for(var t=0; t<params.length; t++)
+        {
+        var c = params[t];
+        var theClass = "";
+        switch(c.substr(0,1))
+            {
+            case "+":
+                theClass = "defaultCommand";
+                c = c.substr(1);
+                break;
+            case "-":
+                theClass = "cancelCommand";
+                c = c.substr(1);
+                break;
+            }
+        if(c in config.commands)
+            this.createCommand(place,c,tiddler,theClass);
+        }
+}
+
+config.macros.plugins.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    var e = createTiddlyElement(place,"div");
+    e.setAttribute("refresh","macro");
+    e.setAttribute("macroName","plugins");
+    e.setAttribute("params",paramString);
+    this.refresh(e,paramString);
+}
+
+config.macros.plugins.refresh = function(place,params)
+{
+    var selectedRows = [];
+    ListView.forEachSelector(place,function(e,rowName) {
+            if(e.checked)
+                selectedRows.push(e.getAttribute("rowName"));
+        });
+    removeChildren(place);
+    params = params.parseParams("anon");
+    var plugins = installedPlugins.slice(0);
+    var t,tiddler,p;
+    var configTiddlers = store.getTaggedTiddlers("systemConfig");
+    for(t=0; t<configTiddlers.length; t++)
+        {
+        tiddler = configTiddlers[t];
+        if(plugins.findByField("title",tiddler.title) == null)
+            {
+            p = getPluginInfo(tiddler);
+            p.executed = false;
+            p.log.splice(0,0,this.skippedText);
+            plugins.push(p);
+            }
+        }
+    for(t=0; t<plugins.length; t++)
+        {
+        var p = plugins[t];
+        p.forced = p.tiddler.isTagged("systemConfigForce");
+        p.disabled = p.tiddler.isTagged("systemConfigDisable");
+        p.Selected = selectedRows.indexOf(plugins[t].title) != -1;
+        }
+    if(plugins.length == 0)
+        createTiddlyElement(place,"em",null,null,this.noPluginText);
+    else
+        ListView.create(place,plugins,this.listViewTemplate,this.onSelectCommand);
+}
+
+config.macros.plugins.onSelectCommand = function(command,rowNames)
+{
+    var t;
+    switch(command)
+        {
+        case "remove":
+            for(t=0; t<rowNames.length; t++)
+                store.setTiddlerTag(rowNames[t],false,"systemConfig");
+            break;
+        case "delete":
+            if(rowNames.length > 0 && confirm(config.macros.plugins.confirmDeleteText.format([rowNames.join(", ")])))
+                {
+                for(t=0; t<rowNames.length; t++)
+                    {
+                    store.removeTiddler(rowNames[t]);
+                    story.closeTiddler(rowNames[t],true,false);
+                    }
+                }
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.refreshDisplay.handler = function(place)
+{
+    createTiddlyButton(place,this.label,this.prompt,this.onClick);
+}
+
+config.macros.refreshDisplay.onClick = function(e)
+{
+    refreshAll();
+    return false;
+}
+
+config.macros.importTiddlers.handler = function(place,macroName,params,wikifier,paramString,tiddler)
+{
+    if(readOnly)
+        {
+        createTiddlyElement(place,"div",null,"marked",this.readOnlyWarning);
+        return;
+        }
+    var importer = createTiddlyElement(null,"div",null,"importTiddler wizard");
+    createTiddlyElement(importer,"h1",null,null,this.wizardTitle);
+    createTiddlyElement(importer,"h2",null,"step1",this.step1);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    createTiddlyText(step,this.step1prompt);
+    var input = createTiddlyElement(null,"input",null,"txtOptionInput");
+    input.type = "text";
+    input.size = 50;
+    step.appendChild(input);
+    importer.inputBox = input;
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFile);
+    var fileInput = createTiddlyElement(null,"input",null,"txtOptionInput");
+    fileInput.type = "file";
+    fileInput.size = 50;
+    fileInput.onchange = this.onBrowseChange;
+    fileInput.onkeyup = this.onBrowseChange;
+    step.appendChild(fileInput);
+    createTiddlyElement(step,"br");
+    createTiddlyText(step,this.step1promptFeeds);
+    var feeds = this.getFeeds([{caption: this.step1feedPrompt, name: ""}]);
+    createTiddlyDropDown(step,this.onFeedChange,feeds);
+    createTiddlyElement(step,"br");
+    createTiddlyButton(step,this.fetchLabel,this.fetchPrompt,this.onFetch,null,null,null);
+        place.appendChild(importer);
+}
+
+config.macros.importTiddlers.getFeeds = function(feeds)
+{
+    var tagged = store.getTaggedTiddlers("contentPublisher","title");
+    for(var t=0; t<tagged.length; t++)
+        feeds.push({caption: tagged[t].title, name: store.getTiddlerSlice(tagged[t].title,"URL")});
+    return feeds;
+}
+
+config.macros.importTiddlers.onFeedChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = this.value;
+    this.selectedIndex = 0;
+}
+
+config.macros.importTiddlers.onBrowseChange = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    importer.inputBox.value = "file://" + this.value;
+}
+
+config.macros.importTiddlers.onFetch = function(e)
+{
+    var importer = findRelated(this,"importTiddler","className","parentNode");
+    var url = importer.inputBox.value;
+    var cutoff = findRelated(importer.firstChild,"step2","className","nextSibling");
+    while(cutoff)
+        {
+        var temp = cutoff.nextSibling;
+        cutoff.parentNode.removeChild(cutoff);
+        cutoff = temp;
+        }
+    createTiddlyElement(importer,"h2",null,"step2",config.macros.importTiddlers.step2);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep",config.macros.importTiddlers.step2Text.format([url]));
+    loadRemoteFile(url,config.macros.importTiddlers.onLoad,importer);
+}
+
+config.macros.importTiddlers.onLoad = function(status,params,responseText,url,xhr)
+{
+    if(!status)
+        {
+        displayMessage(this.fetchError);
+        return;
+        }
+    var importer = params;
+    // Check that the tiddler we're in hasn't been closed - doesn't work on IE
+//  var p = importer;
+//  while(p.parentNode)
+//      p = p.parentNode;
+//  if(!(p instanceof HTMLDocument))
+//      return;
+    // Crack out the content - (should be refactored)
+    var posOpeningDiv = responseText.indexOf(startSaveArea);
+    var limitClosingDiv = responseText.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = responseText.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? responseText.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([url]));
+        return;
+        }
+    var content = "<html><body>" + responseText.substring(posOpeningDiv,posClosingDiv + endSaveArea.length) + "</body></html>";
+    // Create the iframe
+    var iframe = document.createElement("iframe");
+    iframe.style.display = "none";
+    importer.insertBefore(iframe,importer.firstChild);
+    var doc = iframe.document;
+    if(iframe.contentDocument)
+        doc = iframe.contentDocument; // For NS6
+    else if(iframe.contentWindow)
+        doc = iframe.contentWindow.document; // For IE5.5 and IE6
+    // Put the content in the iframe
+    doc.open();
+    doc.writeln(content);
+    doc.close();
+    // Load the content into a TiddlyWiki() object
+    var storeArea = doc.getElementById("storeArea");
+    var importStore = new TiddlyWiki();
+    importStore.loadFromDiv(storeArea,"store");
+    // Get rid of the iframe
+    iframe.parentNode.removeChild(iframe);
+    // Extract data for the listview
+    var tiddlers = [];
+    importStore.forEachTiddler(function(title,tiddler)
+        {
+        var t = {};
+        t.title = title;
+        t.modified = tiddler.modified;
+        t.modifier = tiddler.modifier;
+        t.text = tiddler.text.substr(0,50);
+        t.tags = tiddler.tags;
+        tiddlers.push(t);
+        });
+    // Display the listview
+    createTiddlyElement(importer,"h2",null,"step3",config.macros.importTiddlers.step3);
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    ListView.create(step,tiddlers,config.macros.importTiddlers.listViewTemplate,config.macros.importTiddlers.onSelectCommand);
+    // Save the importer
+    importer.store = importStore;
+}
+
+config.macros.importTiddlers.onSelectCommand = function(listView,command,rowNames)
+{
+    var importer = findRelated(listView,"importTiddler","className","parentNode");
+    switch(command)
+        {
+        case "import":
+            config.macros.importTiddlers.doImport(importer,rowNames);
+            break;
+        }
+    if(config.options.chkAutoSave)
+        saveChanges(true);
+}
+
+config.macros.importTiddlers.doImport = function(importer,rowNames)
+{
+    var theStore = importer.store;
+    var overwrite = new Array();
+    var t;
+    for(t=0; t<rowNames.length; t++)
+        {
+        if(store.tiddlerExists(rowNames[t]))
+            overwrite.push(rowNames[t]);
+    }
+    if(overwrite.length > 0)
+        if(!confirm(this.confirmOverwriteText.format([overwrite.join(", ")])))
+            return;
+    for(t=0; t<rowNames.length; t++)
+        {
+        var inbound = theStore.fetchTiddler(rowNames[t]);
+        store.saveTiddler(inbound.title, inbound.title, inbound.text, inbound.modifier, inbound.modified, inbound.tags);
+        store.fetchTiddler(inbound.title).created = inbound.created;
+        store.notify(rowNames[t],false);
+        }
+    store.notifyAll();
+    store.setDirty(true);
+    createTiddlyElement(importer,"h2",null,"step4",this.step4.format([rowNames.length]));
+    var step = createTiddlyElement(importer,"div",null,"wizardStep");
+    for(t=0; t<rowNames.length; t++)
+        {
+        createTiddlyLink(step,rowNames[t],true);
+        createTiddlyElement(step,"br");
+        }
+    createTiddlyElement(importer,"h2",null,"step5",this.step5);
+}
+// ---------------------------------------------------------------------------------
+// Menu and toolbar commands
+// ---------------------------------------------------------------------------------
+
+config.commands.closeTiddler.handler = function(event,src,title)
+{
+    story.closeTiddler(title,true,event.shiftKey || event.altKey);
+    return false;
+}
+
+config.commands.closeOthers.handler = function(event,src,title)
+{
+    story.closeAllTiddlers(title);
+    return false;
+}
+
+config.commands.editTiddler.handler = function(event,src,title)
+{
+    clearMessage();
+    story.displayTiddler(null,title,DEFAULT_EDIT_TEMPLATE);
+    story.focusTiddler(title,"text");
+    return false;
+}
+
+config.commands.saveTiddler.handler = function(event,src,title)
+{
+    var newTitle = story.saveTiddler(title,event.shiftKey);
+    if(newTitle)
+       story.displayTiddler(null,newTitle);
+    return false;
+}
+
+config.commands.cancelTiddler.handler = function(event,src,title)
+{
+    if(story.hasChanges(title) && !readOnly)
+        if(!confirm(this.warning.format([title])))
+            return false;
+    story.setDirty(title,false);
+    story.displayTiddler(null,title);
+    return false;
+}
+
+config.commands.deleteTiddler.handler = function(event,src,title)
+{
+    var deleteIt = true;
+    if (config.options.chkConfirmDelete)
+        deleteIt = confirm(this.warning.format([title]));
+    if (deleteIt)
+        {
+        store.removeTiddler(title);
+        story.closeTiddler(title,true,event.shiftKey || event.altKey);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        }
+    return false;
+}
+
+config.commands.permalink.handler = function(event,src,title)
+{
+    var t = encodeURIComponent(String.encodeTiddlyLink(title));
+    if(window.location.hash != t)
+        window.location.hash = t;
+    return false;
+}
+
+config.commands.references.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        var references = store.getReferringTiddlers(title);
+        var c = false;
+        for(var r=0; r<references.length; r++)
+            if(references[r].title != title && !references[r].isTagged("excludeLists"))
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),references[r].title,true);
+                c = true;
+                }
+        if(!c)
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),this.popupNone);
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+config.commands.jump.handler = function(event,src,title)
+{
+    var popup = Popup.create(src);
+    if(popup)
+        {
+        story.forEachTiddler(function(title,element) {
+            createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
+            });
+        }
+    Popup.show(popup,false);
+    event.cancelBubble = true;
+    if (event.stopPropagation) event.stopPropagation();
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Tiddler() object
+// ---------------------------------------------------------------------------------
+
+function Tiddler()
+{
+    this.title = null;
+    this.text = null;
+    this.modifier = null;
+    this.modified = new Date();
+    this.created = new Date();
+    this.links = [];
+    this.linksUpdated = false;
+    this.tags = [];
+    return this;
+}
+
+Tiddler.prototype.getLinks = function()
+{
+    if(this.linksUpdated==false)
+        this.changed();
+    return this.links;
+}
+
+// Format the text for storage in an RSS item
+Tiddler.prototype.saveToRss = function(url)
+{
+    var s = [];
+    s.push("<item>");
+    s.push("<title" + ">" + this.title.htmlEncode() + "</title" + ">");
+    s.push("<description>" + wikifyStatic(this.text,null,this).htmlEncode() + "</description>");
+    for(var t=0; t<this.tags.length; t++)
+        s.push("<category>" + this.tags[t] + "</category>");
+    s.push("<link>" + url + "#" + encodeURIComponent(String.encodeTiddlyLink(this.title)) + "</link>");
+    s.push("<pubDate>" + this.modified.toGMTString() + "</pubDate>");
+    s.push("</item>");
+    return(s.join("\n"));
+}
+
+// Change the text and other attributes of a tiddler
+Tiddler.prototype.set = function(title,text,modifier,modified,tags,created,fields)
+{
+    this.assign(title,text,modifier,modified,tags,created,fields);
+    this.changed();
+    return this;
+}
+
+// Change the text and other attributes of a tiddler without triggered a tiddler.changed() call
+Tiddler.prototype.assign = function(title,text,modifier,modified,tags,created,fields)
+{
+    if(title != undefined)
+        this.title = title;
+    if(text != undefined)
+        this.text = text;
+    if(modifier != undefined)
+        this.modifier = modifier;
+    if(modified != undefined)
+        this.modified = modified;
+    if(created != undefined)
+        this.created = created;
+    if(fields != undefined)
+        this.fields = fields;
+    if(tags != undefined)
+        this.tags = (typeof tags == "string") ? tags.readBracketedList() : tags;
+    else if(this.tags == undefined)
+        this.tags = [];
+    return this;
+}
+
+// Get the tags for a tiddler as a string (space delimited, using [[brackets]] for tags containing spaces)
+Tiddler.prototype.getTags = function()
+{
+    return String.encodeTiddlyLinkList(this.tags);
+}
+
+// Test if a tiddler carries a tag
+Tiddler.prototype.isTagged = function(tag)
+{
+    return this.tags.indexOf(tag) != -1;
+}
+
+// Static method to convert "\n" to newlines, "\s" to "\"
+Tiddler.unescapeLineBreaks = function(text)
+{
+    return text ? text.unescapeLineBreaks() : "";
+}
+
+// Convert newlines to "\n", "\" to "\s"
+Tiddler.prototype.escapeLineBreaks = function()
+{
+    return this.text.escapeLineBreaks();
+}
+
+// Updates the secondary information (like links[] array) after a change to a tiddler
+Tiddler.prototype.changed = function()
+{
+    this.links = [];
+    var t = this.autoLinkWikiWords() ? 0 : 1;
+    var tiddlerLinkRegExp = t==0 ? config.textPrimitives.tiddlerAnyLinkRegExp : config.textPrimitives.tiddlerForcedLinkRegExp;
+    tiddlerLinkRegExp.lastIndex = 0;
+    var formatMatch = tiddlerLinkRegExp.exec(this.text);
+    while(formatMatch)
+        {
+        if(t==0 && formatMatch[1] && formatMatch[1] != this.title) // wikiWordLink
+            {
+            if(formatMatch.index > 0)
+                {
+                var preRegExp = new RegExp(config.textPrimitives.unWikiLink+"|"+config.textPrimitives.anyLetter,"mg");
+                preRegExp.lastIndex = formatMatch.index-1;
+                var preMatch = preRegExp.exec(this.text);
+                if(preMatch.index != formatMatch.index-1)
+                    this.links.pushUnique(formatMatch[1]);
+                }
+            else
+                this.links.pushUnique(formatMatch[1]);
+            }
+        else if(formatMatch[2-t] && (store.tiddlerExists(formatMatch[3-t]) || store.isShadowTiddler(formatMatch[3-t]))) // titledBrackettedLink
+            this.links.pushUnique(formatMatch[3-t]);
+        else if(formatMatch[4-t] && formatMatch[4-t] != this.title) // brackettedLink
+            this.links.pushUnique(formatMatch[4-t]);
+        // Do not add link if match urlPattern (formatMatch[5-t])
+        formatMatch = tiddlerLinkRegExp.exec(this.text);
+        }
+    this.linksUpdated = true;
+    return;
+}
+
+Tiddler.prototype.getSubtitle = function()
+{
+    var theModifier = this.modifier;
+    if(!theModifier)
+        theModifier = config.messages.subtitleUnknown;
+    var theModified = this.modified;
+    if(theModified)
+        theModified = theModified.toLocaleString();
+    else
+        theModified = config.messages.subtitleUnknown;
+    return(config.messages.tiddlerLinkTooltip.format([this.title,theModifier,theModified]));
+}
+
+Tiddler.prototype.isReadOnly = function()
+{
+    return readOnly;
+}
+
+Tiddler.prototype.autoLinkWikiWords = function()
+{
+    return !(this.isTagged("systemConfig") || this.isTagged("excludeMissing"));
+}
+
+Tiddler.prototype.generateFingerprint = function()
+{
+    return "0x" + Crypto.hexSha1Str(this.text);
+}
+
+// ---------------------------------------------------------------------------------
+// TiddlyWiki() object contains Tiddler()s
+// ---------------------------------------------------------------------------------
+
+function TiddlyWiki()
+{
+    var tiddlers = {}; // Hashmap by name of tiddlers
+    this.tiddlersUpdated = false;
+    this.namedNotifications = []; // Array of {name:,notify:} of notification functions
+    this.notificationLevel = 0;
+    this.slices = {}; // map tiddlerName->(map sliceName->sliceValue). Lazy.
+    this.clear = function() {
+        tiddlers = {};
+        this.setDirty(false);
+        };
+    this.fetchTiddler = function(title) {
+        return tiddlers[title];
+        };
+    this.deleteTiddler = function(title) {
+        delete this.slices[title];
+        delete tiddlers[title];
+        };
+    this.addTiddler = function(tiddler) {
+        delete this.slices[tiddler.title];
+        tiddlers[tiddler.title] = tiddler;
+        };
+    this.forEachTiddler = function(callback) {
+        for(var t in tiddlers)
+            {
+            var tiddler = tiddlers[t];
+            if(tiddler instanceof Tiddler)
+                callback.call(this,t,tiddler);
+            }
+        };
+}
+
+// Set the dirty flag
+TiddlyWiki.prototype.setDirty = function(dirty)
+{
+    this.dirty = dirty;
+}
+
+TiddlyWiki.prototype.isDirty = function()
+{
+    return this.dirty;
+}
+
+TiddlyWiki.prototype.suspendNotifications = function()
+{
+    this.notificationLevel--;
+}
+
+TiddlyWiki.prototype.resumeNotifications = function()
+{
+    this.notificationLevel++;
+}
+
+// Invoke the notification handlers for a particular tiddler
+TiddlyWiki.prototype.notify = function(title,doBlanket)
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if((n.name == null && doBlanket) || (n.name == title))
+                n.notify(title);
+            }
+}
+
+// Invoke the notification handlers for all tiddlers
+TiddlyWiki.prototype.notifyAll = function()
+{
+    if(!this.notificationLevel)
+        for(var t=0; t<this.namedNotifications.length; t++)
+            {
+            var n = this.namedNotifications[t];
+            if(n.name)
+                n.notify(n.name);
+            }
+}
+
+// Add a notification handler to a tiddler
+TiddlyWiki.prototype.addNotification = function(title,fn)
+{
+    for (var i=0; i<this.namedNotifications.length; i++)
+        if((this.namedNotifications[i].name == title) && (this.namedNotifications[i].notify == fn))
+            return this;
+    this.namedNotifications.push({name: title, notify: fn});
+    return this;
+}
+
+TiddlyWiki.prototype.removeTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        this.deleteTiddler(title);
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.tiddlerExists = function(title)
+{
+    var t = this.fetchTiddler(title);
+    return (t != undefined);
+}
+
+TiddlyWiki.prototype.isShadowTiddler = function(title)
+{
+    return typeof config.shadowTiddlers[title] == "string";
+}
+
+TiddlyWiki.prototype.getTiddler = function(title)
+{
+    var t = this.fetchTiddler(title);
+    if(t != undefined)
+        return t;
+    else
+        return null;
+}
+
+TiddlyWiki.prototype.getTiddlerText = function(title,defaultText)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        return tiddler.text;
+    if(!title)
+        return defaultText;
+    var pos = title.indexOf(config.textPrimitives.sliceSeparator);
+    if(pos != -1)
+        {
+        var slice = this.getTiddlerSlice(title.substr(0,pos),title.substr(pos + config.textPrimitives.sliceSeparator.length));
+        if(slice)
+            return slice;
+        }
+    if(this.isShadowTiddler(title))
+        return config.shadowTiddlers[title];
+    if(defaultText != undefined)
+        return defaultText;
+    return null;
+}
+
+TiddlyWiki.prototype.slicesRE = /(?:[\'\/]*~?(\w+)[\'\/]*\:[\'\/]*\s*(.*?)\s*$)|(?:\|[\'\/]*~?(\w+)\:?[\'\/]*\|\s*(.*?)\s*\|)/gm
+
+// @internal
+TiddlyWiki.prototype.calcAllSlices = function(title)
+{
+    var slices = {};
+    var text = this.getTiddlerText(title,"");
+    this.slicesRE.lastIndex = 0;
+    do
+        {
+            var m = this.slicesRE.exec(text);
+            if (m)
+                {
+                    if (m[1])
+                        slices[m[1]] = m[2];
+                    else
+                        slices[m[3]] = m[4];
+                }
+        }
+    while(m);
+    return slices;
+}
+
+// Returns the slice of text of the given name
+//#
+//# A text slice is a substring in the tiddler's text that is defined
+//# either like this
+//#    aName:  textSlice
+//# or
+//#    |aName:| textSlice |
+//# or
+//#    |aName| textSlice |
+//#
+//# In the text the name (or name:) may be decorated with '' or //. I.e.
+//# this would also a possible text slice:
+//#
+//#    |''aName:''| textSlice |
+//#
+//# @param name should only contain "word characters" (i.e. "a-ZA-Z_0-9")
+//# @return [may be undefined] the (trimmed) text of the specified slice.
+TiddlyWiki.prototype.getTiddlerSlice = function(title,sliceName)
+{
+    var slices = this.slices[title];
+    if (!slices) {
+        slices = this.calcAllSlices(title);
+        this.slices[title] = slices;
+    }
+    return slices[sliceName];
+}
+
+// Build an hashmap of the specified named slices of a tiddler
+TiddlyWiki.prototype.getTiddlerSlices = function(title,sliceNames)
+{
+    var r = {};
+    for(var t=0; t<sliceNames.length; t++)
+        {
+        var slice = this.getTiddlerSlice(title,sliceNames[t]);
+        if(slice)
+            r[sliceNames[t]] = slice;
+        }
+    return r;
+}
+
+TiddlyWiki.prototype.getRecursiveTiddlerText = function(title,defaultText,depth)
+{
+    var bracketRegExp = new RegExp("(?:\\[\\[([^\\]]+)\\]\\])","mg");
+    var text = this.getTiddlerText(title,null);
+    if(text == null)
+        return defaultText;
+    var textOut = [];
+    var lastPos = 0;
+    do {
+        var match = bracketRegExp.exec(text);
+        if(match)
+            {
+            textOut.push(text.substr(lastPos,match.index-lastPos));
+            if(match[1])
+                {
+                if(depth <= 0)
+                    textOut.push(match[1]);
+                else
+                    textOut.push(this.getRecursiveTiddlerText(match[1],"[[" + match[1] + "]]",depth-1));
+                }
+            lastPos = match.index + match[0].length;
+            }
+        else
+            textOut.push(text.substr(lastPos));
+    } while(match);
+    return(textOut.join(""));
+}
+
+TiddlyWiki.prototype.setTiddlerTag = function(title,status,tag)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(tiddler)
+        {
+        var t = tiddler.tags.indexOf(tag);
+        if(t != -1)
+            tiddler.tags.splice(t,1);
+        if(status)
+            tiddler.tags.push(tag);
+        tiddler.changed();
+        this.notify(title,true);
+        this.setDirty(true);
+        }
+}
+
+TiddlyWiki.prototype.saveTiddler = function(title,newTitle,newBody,modifier,modified,tags,fields)
+{
+    var tiddler = this.fetchTiddler(title);
+    var created;
+    if(tiddler)
+        {
+        created = tiddler.created; // Preserve created date
+        this.deleteTiddler(title);
+        }
+    else
+        {
+        tiddler = new Tiddler();
+        created = modified;
+        }
+    tiddler.set(newTitle,newBody,modifier,modified,tags,created,fields);
+    this.addTiddler(tiddler);
+    if(title != newTitle)
+        this.notify(title,true);
+    this.notify(newTitle,true);
+    this.setDirty(true);
+    return tiddler;
+}
+
+TiddlyWiki.prototype.createTiddler = function(title)
+{
+    var tiddler = this.fetchTiddler(title);
+    if(!tiddler)
+        {
+        tiddler = new Tiddler();
+        tiddler.title = title;
+        this.addTiddler(tiddler);
+        this.setDirty(true);
+        }
+    return tiddler;
+}
+
+// Load contents of a tiddlywiki from an HTML DIV
+TiddlyWiki.prototype.loadFromDiv = function(src,idPrefix,noUpdate)
+{
+    this.idPrefix = idPrefix;
+    var storeElem = (typeof src == "string") ? document.getElementById(src) : src;
+    var tiddlers = this.getLoader().loadTiddlers(this,storeElem.childNodes);
+    this.setDirty(false);
+    if(!noUpdate)
+        {
+        for(var i = 0;i<tiddlers.length; i++)
+            tiddlers[i].changed();
+        }
+}
+
+TiddlyWiki.prototype.updateTiddlers = function()
+{
+    this.tiddlersUpdated = true;
+    this.forEachTiddler(function(title,tiddler) {
+        tiddler.changed();
+        });
+}
+
+// Return all tiddlers formatted as an HTML string
+TiddlyWiki.prototype.allTiddlersAsHtml = function()
+{
+    return store.getSaver().externalize(store);
+}
+
+// Return an array of tiddlers matching a search regular expression
+TiddlyWiki.prototype.search = function(searchRegExp,sortField,excludeTag)
+{
+    var candidates = this.reverseLookup("tags",excludeTag,false);
+    var results = [];
+    for(var t=0; t<candidates.length; t++)
+        {
+        if((candidates[t].title.search(searchRegExp) != -1) || (candidates[t].text.search(searchRegExp) != -1))
+            results.push(candidates[t]);
+        }
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return an array of all the tags in use. Each member of the array is another array where [0] is the name of the tag and [1] is the number of occurances
+TiddlyWiki.prototype.getTags = function()
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        for(var g=0; g<tiddler.tags.length; g++)
+            {
+            var tag = tiddler.tags[g];
+            var f = false;
+            for(var c=0; c<results.length; c++)
+                if(results[c][0] == tag)
+                    {
+                    f = true;
+                    results[c][1]++;
+                    }
+            if(!f)
+                results.push([tag,1]);
+            }
+        });
+    results.sort(function(a,b) {return a[0].toLowerCase() < b[0].toLowerCase() ? -1 : (a[0].toLowerCase() == b[0].toLowerCase() ? 0 : +1);});
+    return results;
+}
+
+// Return an array of the tiddlers that are tagged with a given tag
+TiddlyWiki.prototype.getTaggedTiddlers = function(tag,sortField)
+{
+    return this.reverseLookup("tags",tag,true,sortField);
+}
+
+// Return an array of the tiddlers that link to a given tiddler
+TiddlyWiki.prototype.getReferringTiddlers = function(title,unusedParameter,sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    return this.reverseLookup("links",title,true,sortField);
+}
+
+// Return an array of the tiddlers that do or do not have a specified entry in the specified storage array (ie, "links" or "tags")
+// lookupMatch == true to match tiddlers, false to exclude tiddlers
+TiddlyWiki.prototype.reverseLookup = function(lookupField,lookupValue,lookupMatch,sortField)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        var f = !lookupMatch;
+        for(var lookup=0; lookup<tiddler[lookupField].length; lookup++)
+            if(tiddler[lookupField][lookup] == lookupValue)
+                f = lookupMatch;
+        if(f)
+            results.push(tiddler);
+        });
+    if(!sortField)
+        sortField = "title";
+    results.sort(function(a,b) {return a[sortField] < b[sortField] ? -1 : (a[sortField] == b[sortField] ? 0 : +1);});
+    return results;
+}
+
+// Return the tiddlers as a sorted array
+TiddlyWiki.prototype.getTiddlers = function(field,excludeTag)
+{
+    var results = [];
+    this.forEachTiddler(function(title,tiddler) {
+        if(excludeTag == undefined || !tiddler.isTagged(excludeTag))
+            results.push(tiddler);
+        });
+    if(field)
+        results.sort(function(a,b) {return a[field] < b[field] ? -1 : (a[field] == b[field] ? 0 : +1);});
+    return results;
+}
+
+// Return array of names of tiddlers that are referred to but not defined
+TiddlyWiki.prototype.getMissingLinks = function(sortField)
+{
+    if(!this.tiddlersUpdated)
+        this.updateTiddlers();
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        for(var n=0; n<tiddler.links.length;n++)
+            {
+            var link = tiddler.links[n];
+            if(this.fetchTiddler(link) == null && !this.isShadowTiddler(link))
+                results.pushUnique(link);
+            }
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of tiddlers that are defined but not referred to
+TiddlyWiki.prototype.getOrphans = function()
+{
+    var results = [];
+    this.forEachTiddler(function (title,tiddler) {
+        if(this.getReferringTiddlers(title).length == 0 && !tiddler.isTagged("excludeLists"))
+            results.push(title);
+        });
+    results.sort();
+    return results;
+}
+
+// Return an array of names of all the shadow tiddlers
+TiddlyWiki.prototype.getShadowed = function()
+{
+    var results = [];
+    for(var t in config.shadowTiddlers)
+        if(typeof config.shadowTiddlers[t] == "string")
+            results.push(t);
+    results.sort();
+    return results;
+}
+
+// Resolves a Tiddler reference or tiddler title into a Tiddler object, or null if it doesn't exist
+TiddlyWiki.prototype.resolveTiddler = function(tiddler)
+{
+    var t = (typeof tiddler == 'string') ? this.getTiddler(tiddler) : tiddler;
+    return t instanceof Tiddler ? t : null;
+}
+
+TiddlyWiki.prototype.getLoader = function()
+{
+    if (!this.loader)
+        this.loader = new TW21Loader();
+    return this.loader;
+}
+
+TiddlyWiki.prototype.getSaver = function()
+{
+    if (!this.saver)
+        this.saver = new TW21Saver();
+    return this.saver;
+}
+
+// Returns true if path is a valid field name (path),
+// i.e. a sequence of identifiers, separated by '.'
+TiddlyWiki.isValidFieldName = function (name) {
+    var match = /[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*/.exec(name);
+    return match && (match[0] == name);
+}
+
+// Throws an exception when name is not a valid field name.
+TiddlyWiki.checkFieldName = function(name) {
+    if (!TiddlyWiki.isValidFieldName(name))
+        throw config.messages.invalidFieldName.format([name]);
+}
+
+function StringFieldAccess(n, readOnly) {
+    this.set = readOnly
+        ? function(t,v) {if (v != t[n]) throw config.messages.fieldCannotBeChanged.format([n]);}
+        : function(t,v) {if (v != t[n]) {t[n] = v; return true;}};
+    this.get = function(t) {return t[n];};
+}
+
+function DateFieldAccess(n) {
+    this.set = function(t,v) {
+            var d = v instanceof Date ? v : Date.convertFromYYYYMMDDHHMM(v);
+            if (d != t[n]) {
+                t[n] = d; return true;
+            }
+        };
+    this.get = function(t)   {return t[n].convertToYYYYMMDDHHMM();}
+}
+
+function LinksFieldAccess(n) {
+    this.set = function(t,v) {
+            var s = (typeof v == "string") ? v.readBracketedList() : v;
+            if (s.toString() != t[n].toString()) {
+                t[n] = s; return true;
+            }
+        };
+    this.get = function(t)   {return String.encodeTiddlyLinkList(t[n]);}
+}
+
+TiddlyWiki.standardFieldAccess = {
+    // The set functions return true when setting the data has changed the value.
+
+    "title":    new StringFieldAccess("title", true),
+    // Handle the "tiddler" field name as the title
+    "tiddler":  new StringFieldAccess("title", true),
+
+    "text":     new StringFieldAccess("text"),
+    "modifier": new StringFieldAccess("modifier"),
+    "modified": new DateFieldAccess("modified"),
+    "created":  new DateFieldAccess("created"),
+    "tags":     new LinksFieldAccess("tags")
+};
+
+TiddlyWiki.isStandardField = function(name) {
+    return TiddlyWiki.standardFieldAccess[name] != undefined;
+}
+
+// Sets the value of the given field of the tiddler to the value.
+// Setting an ExtendedField's value to null or undefined removes the field.
+// Setting a namespace to undefined removes all fields of that namespace.
+// The fieldName is case-insensitive.
+// All values will be converted to a string value.
+TiddlyWiki.prototype.setValue = function(tiddler, fieldName, value) {
+    TiddlyWiki.checkFieldName(fieldName);
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return;
+
+    fieldName = fieldName.toLowerCase();
+
+    var isRemove = (value === undefined) || (value === null);
+
+    if (!t.fields)
+        t.fields = {};
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        if (isRemove)
+            // don't remove StandardFields
+            return;
+        var h = TiddlyWiki.standardFieldAccess[fieldName];
+        if (!h.set(t, value))
+            return;
+
+    } else {
+        var oldValue = t.fields[fieldName];
+
+        if (isRemove) {
+            if (oldValue !== undefined) {
+                // deletes a single field
+                delete t.fields[fieldName];
+            } else {
+                // no concrete value is defined for the fieldName
+                // so we guess this is a namespace path.
+
+                // delete all fields in a namespace
+                var re = new RegExp('^'+fieldName+'\\.');
+                var dirty = false;
+                for (var n in t.fields) {
+                    if (n.match(re)) {
+                        delete t.fields[n];
+                        dirty = true;
+                    }
+                }
+                if (!dirty)
+                    return
+            }
+
+        } else {
+            // the "normal" set case. value is defined (not null/undefined)
+            // For convenience provide a nicer conversion Date->String
+            value = value instanceof Date
+                ? value.convertToYYYYMMDDHHMMSSMMM()
+                : String(value);
+            if (oldValue == value)
+                return;
+            t.fields[fieldName] = value;
+        }
+    }
+
+    // When we are here the tiddler/store really was changed.
+    this.notify(t.title,true);
+    if (!fieldName.match(/^temp\./))
+        this.setDirty(true);
+}
+
+// Returns the value of the given field of the tiddler.
+// The fieldName is case-insensitive.
+// Will only return String values (or undefined).
+TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    fieldName = fieldName.toLowerCase();
+
+    var accessor = TiddlyWiki.standardFieldAccess[fieldName];
+    if (accessor) {
+        return accessor.get(t);
+    }
+
+    return t.fields ? t.fields[fieldName] : undefined;
+}
+
+// Calls the callback function for every field in the tiddler.
+//
+// When callback function returns a non-false value the iteration stops
+// and that value is returned.
+//
+// The order of the fields is not defined.
+//
+// @param callback a function(tiddler, fieldName, value).
+//
+TiddlyWiki.prototype.forEachField = function(tiddler, callback, onlyExtendedFields) {
+    var t = this.resolveTiddler(tiddler);
+    if (!t)
+        return undefined;
+
+    if (t.fields) {
+        for (var n in t.fields) {
+            var result = callback(t, n, t.fields[n]);
+            if (result)
+                return result;
+        }
+    }
+
+    if (onlyExtendedFields)
+        return undefined;
+
+    for (var n in TiddlyWiki.standardFieldAccess) {
+        if (n == "tiddler")
+            // even though the "title" field can also be referenced through the name "tiddler"
+            // we only visit this field once.
+            continue;
+
+        var result = callback(t, n, TiddlyWiki.standardFieldAccess[n].get(t));
+        if (result)
+            return result;
+    }
+
+    return undefined;
+};
+// ---------------------------------------------------------------------------------
+// Story functions
+// ---------------------------------------------------------------------------------
+
+// A story is a HTML div containing a sequence of tiddlers that can be manipulated
+// container - id of containing element
+// idPrefix - string prefix prepended to title to make ids for tiddlers in this story
+function Story(container,idPrefix)
+{
+    this.container = container;
+    this.idPrefix = idPrefix;
+    this.highlightRegExp = null;
+}
+
+// Iterate through all the tiddlers in a story
+// fn - callback function to be called for each tiddler. Arguments are:
+//      tiddler - reference to Tiddler object
+//      element - reference to tiddler display element
+Story.prototype.forEachTiddler = function(fn)
+{
+    var place = document.getElementById(this.container);
+    if(!place)
+        return;
+    var e = place.firstChild;
+    while(e)
+        {
+        var n = e.nextSibling;
+        var title = e.getAttribute("tiddler");
+        fn.call(this,title,e);
+        e = n;
+        }
+}
+
+// Display several tiddlers given their titles in an array. Parameters same as displayTiddler(), except:
+// titles - array of string titles
+Story.prototype.displayTiddlers = function(srcElement,titles,template,animate,slowly)
+{
+    for(var t = titles.length-1;t>=0;t--)
+        this.displayTiddler(srcElement,titles[t],template,animate,slowly);
+}
+
+// Display a given tiddler with a given template. If the tiddler is already displayed but with a different
+// template, it is switched to the specified template
+// srcElement - reference to element from which this one is being opened -or-
+//              special positions "top", "bottom"
+// title - title of tiddler to display
+// template - the name of the tiddler containing the template -or-
+//            one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE -or-
+//            null or undefined to indicate the current template if there is one, DEFAULT_VIEW_TEMPLATE if not
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.displayTiddler = function(srcElement,title,template,animate,slowly)
+{
+    var place = document.getElementById(this.container);
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        this.refreshTiddler(title,template);
+    else
+        {
+        var before = this.positionTiddler(srcElement);
+        tiddlerElem = this.createTiddler(place,before,title,template);
+        }
+    if(srcElement && typeof srcElement !== "string")
+        {
+        if(anim && config.options.chkAnimate && (animate == undefined || animate == true))
+            anim.startAnimating(new Cascade(title,srcElement,tiddlerElem,slowly),new Scroller(tiddlerElem,slowly));
+        else
+            window.scrollTo(0,ensureVisible(tiddlerElem));
+        }
+}
+
+// Figure out the appropriate position for a newly opened tiddler
+// srcElement - reference to the element containing the link to the tiddler -or-
+//              special positions "top", "bottom"
+// returns - reference to the tiddler that the new one should appear before (null for the bottom of the story)
+Story.prototype.positionTiddler = function(srcElement)
+{
+    var place = document.getElementById(this.container);
+    var before;
+    if(typeof srcElement == "string")
+        {
+        switch(srcElement)
+            {
+            case "top":
+                before = place.firstChild;
+                break;
+            case "bottom":
+                before = null;
+                break;
+            }
+        }
+    else
+        {
+        var after = this.findContainingTiddler(srcElement);
+        if(after == null)
+            before = place.firstChild;
+        else if(after.nextSibling)
+            before = after.nextSibling;
+        else
+            before = null;
+        }
+    return before;
+}
+
+// Create a tiddler frame at the appropriate place in a story column
+// place - reference to parent element
+// before - null, or reference to element before which to insert new tiddler
+// title - title of new tiddler
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+Story.prototype.createTiddler = function(place,before,title,template)
+{
+    var tiddlerElem = createTiddlyElement(null,"div",this.idPrefix + title,"tiddler");
+    tiddlerElem.setAttribute("refresh","tiddler");
+    place.insertBefore(tiddlerElem,before);
+    this.refreshTiddler(title,template);
+    return tiddlerElem;
+}
+
+// Overridable for choosing the name of the template to apply for a tiddler
+Story.prototype.chooseTemplateForTiddler = function(title,template)
+{
+    if(!template)
+        template = DEFAULT_VIEW_TEMPLATE;
+    if(template == DEFAULT_VIEW_TEMPLATE || template == DEFAULT_EDIT_TEMPLATE)
+        template = config.tiddlerTemplates[template];
+    return template;
+}
+
+// Overridable for extracting the text of a template from a tiddler
+Story.prototype.getTemplateForTiddler = function(title,template,tiddler)
+{
+    return store.getRecursiveTiddlerText(template,null,10);
+}
+
+// Apply a template to an existing tiddler if it is not already displayed using that template
+// title - title of tiddler to update
+// template - the name of the tiddler containing the template or one of the constants DEFAULT_VIEW_TEMPLATE and DEFAULT_EDIT_TEMPLATE
+// force - if true, forces the refresh even if the template hasn't changedd
+Story.prototype.refreshTiddler = function(title,template,force)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem)
+        {
+        if(tiddlerElem.getAttribute("dirty") == "true" && !force)
+            return tiddlerElem;
+        template = this.chooseTemplateForTiddler(title,template);
+        var currTemplate = tiddlerElem.getAttribute("template");
+        if((template != currTemplate) || force)
+            {
+            var tiddler = store.getTiddler(title);
+            if(!tiddler)
+                {
+                tiddler = new Tiddler();
+                if(store.isShadowTiddler(title))
+                    tiddler.set(title,store.getTiddlerText(title),config.views.wikified.shadowModifier,version.date,[],version.date);
+                else
+                    {
+                    var text = template=="EditTemplate"
+                                ? config.views.editor.defaultText.format([title])
+                                : config.views.wikified.defaultText.format([title]);
+                    tiddler.set(title,text,config.views.wikified.defaultModifier,version.date,[],version.date);
+                    }
+                }
+            tiddlerElem.setAttribute("tags",tiddler.tags.join(" "));
+            tiddlerElem.setAttribute("tiddler",title);
+            tiddlerElem.setAttribute("template",template);
+            var me = this;
+            tiddlerElem.onmouseover = this.onTiddlerMouseOver;
+            tiddlerElem.onmouseout = this.onTiddlerMouseOut;
+            tiddlerElem.ondblclick = this.onTiddlerDblClick;
+            tiddlerElem[window.event?"onkeydown":"onkeypress"] = this.onTiddlerKeyPress;
+            var html = this.getTemplateForTiddler(title,template,tiddler);
+            tiddlerElem.innerHTML = html;
+            applyHtmlMacros(tiddlerElem,tiddler);
+            if(store.getTaggedTiddlers(title).length > 0)
+                addClass(tiddlerElem,"isTag");
+            else
+                removeClass(tiddlerElem,"isTag");
+            if(!store.tiddlerExists(title))
+                {
+                if(store.isShadowTiddler(title))
+                    addClass(tiddlerElem,"shadow");
+                else
+                    addClass(tiddlerElem,"missing");
+                }
+            else
+                {
+                removeClass(tiddlerElem,"shadow");
+                removeClass(tiddlerElem,"missing");
+                }
+            }
+        }
+    return tiddlerElem;
+}
+
+// Refresh all tiddlers in the Story
+Story.prototype.refreshAllTiddlers = function()
+{
+    var place = document.getElementById(this.container);
+    var e = place.firstChild;
+    if(!e)
+        return;
+    this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+    while((e = e.nextSibling) != null)
+        this.refreshTiddler(e.getAttribute("tiddler"),e.getAttribute("template"),true);
+}
+
+// Default tiddler onmouseover/out event handlers
+Story.prototype.onTiddlerMouseOver = function(e)
+{
+    if(window.addClass instanceof Function)
+        addClass(this,"selected");
+}
+
+Story.prototype.onTiddlerMouseOut = function(e)
+{
+    if(window.removeClass instanceof Function)
+        removeClass(this,"selected");
+}
+
+// Default tiddler ondblclick event handler
+Story.prototype.onTiddlerDblClick = function(e)
+{
+    if(!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    if(theTarget && theTarget.nodeName.toLowerCase() != "input" && theTarget.nodeName.toLowerCase() != "textarea")
+        {
+        if(document.selection && document.selection.empty)
+            document.selection.empty();
+        config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+        e.cancelBubble = true;
+        if (e.stopPropagation) e.stopPropagation();
+        return true;
+        }
+    else
+        return false;
+}
+
+Story.prototype.onTiddlerKeyPress = function(e)
+{
+    if(!e) var e = window.event;
+    clearMessage();
+    var consume = false;
+    var title = this.getAttribute("tiddler");
+    var target = resolveTarget(e);
+    switch(e.keyCode)
+        {
+        case 9: // Tab
+            if(config.options.chkInsertTabs && target.tagName.toLowerCase() == "textarea")
+                {
+                replaceSelection(target,String.fromCharCode(9));
+                consume = true;
+                }
+            if(config.isOpera)
+                {
+                target.onblur = function()
+                    {
+                    this.focus();
+                    this.onblur = null;
+                    }
+                }
+            break;
+        case 13: // Ctrl-Enter
+        case 10: // Ctrl-Enter on IE PC
+        case 77: // Ctrl-Enter is "M" on some platforms
+            if(e.ctrlKey)
+                {
+                blurElement(this);
+                config.macros.toolbar.invokeCommand(this,"defaultCommand",e);
+                consume = true;
+                }
+            break;
+        case 27: // Escape
+            blurElement(this);
+            config.macros.toolbar.invokeCommand(this,"cancelCommand",e);
+            consume = true;
+            break;
+        }
+    e.cancelBubble = consume;
+    if(consume)
+        {
+        if(e.stopPropagation) e.stopPropagation(); // Stop Propagation
+        e.returnValue = true; // Cancel The Event in IE
+        if(e.preventDefault ) e.preventDefault(); // Cancel The Event in Moz
+        }
+    return(!consume);
+};
+
+// Returns the specified field (input or textarea element) in a tiddler, otherwise the first edit field it finds
+// or null if it found no edit field at all
+Story.prototype.getTiddlerField = function(title,field)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    var e = null;
+    if(tiddlerElem != null)
+        {
+        var children = tiddlerElem.getElementsByTagName("*");
+        for (var t=0; t<children.length; t++)
+            {
+            var c = children[t];
+            if(c.tagName.toLowerCase() == "input" || c.tagName.toLowerCase() == "textarea")
+                {
+                if(!e)
+                    e = c;
+                if(c.getAttribute("edit") == field)
+                    e = c;
+                }
+            }
+        }
+    return e;
+}
+
+// Focus a specified tiddler. Attempts to focus the specified field, otherwise the first edit field it finds
+Story.prototype.focusTiddler = function(title,field)
+{
+    var e = this.getTiddlerField(title,field);
+    if(e)
+        {
+        e.focus();
+        e.select();
+        }
+}
+
+// Ensures that a specified tiddler does not have the focus
+Story.prototype.blurTiddler = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null && tiddlerElem.focus && tiddlerElem.blur)
+        {
+        tiddlerElem.focus();
+        tiddlerElem.blur();
+        }
+}
+
+// Adds a specified value to the edit controls (if any) of a particular
+// array-formatted field of a particular tiddler (eg "tags")
+//  title - name of tiddler
+//  tag - value of field, without any [[brackets]]
+//  mode - +1 to add the tag, -1 to remove it, 0 to toggle it
+//  field - name of field (eg "tags")
+Story.prototype.setTiddlerField = function(title,tag,mode,field)
+{
+    var c = story.getTiddlerField(title,field);
+
+    var tags = c.value.readBracketedList();
+    tags.setItem(tag,mode);
+    c.value = String.encodeTiddlyLinkList(tags);
+}
+
+// The same as setTiddlerField but preset to the "tags" field
+Story.prototype.setTiddlerTag = function(title,tag,mode)
+{
+    Story.prototype.setTiddlerField(title,tag,mode,"tags");
+}
+
+// Close a specified tiddler
+// title - name of tiddler to close
+// animate - whether to perform animations
+// slowly - whether to perform animations in slomo
+Story.prototype.closeTiddler = function(title,animate,slowly)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        clearMessage();
+        this.scrubTiddler(tiddlerElem);
+        if(anim && config.options.chkAnimate && animate)
+            anim.startAnimating(new Slider(tiddlerElem,false,slowly,"all"));
+        else
+            tiddlerElem.parentNode.removeChild(tiddlerElem);
+        }
+}
+
+// Scrub IDs from a tiddler. This is so that the 'ghost' of a tiddler while it is being closed
+// does not interfere with things
+// tiddler - reference to the tiddler element
+Story.prototype.scrubTiddler = function(tiddlerElem)
+{
+    tiddlerElem.id = null;
+}
+
+// Set the 'dirty' flag of a tiddler
+// title - title of tiddler to change
+// dirty - new boolean status of flag
+Story.prototype.setDirty = function(title,dirty)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        tiddlerElem.setAttribute("dirty",dirty ? "true" : "false");
+}
+
+// Is a particular tiddler dirty (with unsaved changes)?
+Story.prototype.isDirty = function(title)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        return tiddlerElem.getAttribute("dirty") == "true";
+    return null;
+}
+
+// Determine whether any open tiddler are dirty
+Story.prototype.areAnyDirty = function()
+{
+    var r = false;
+    this.forEachTiddler(function(title,element) {
+        if(this.isDirty(title))
+            r = true;
+        });
+    return r;
+}
+
+// Close all tiddlers in the story
+Story.prototype.closeAllTiddlers = function(exclude)
+{
+    clearMessage();
+    this.forEachTiddler(function(title,element) {
+        if((title != exclude) && element.getAttribute("dirty") != "true")
+            this.closeTiddler(title);
+        });
+    window.scrollTo(0,0);
+}
+
+// Check if there are any tiddlers in the story
+Story.prototype.isEmpty = function()
+{
+    var place = document.getElementById(this.container);
+    return(place && place.firstChild == null);
+}
+
+// Perform a search and display the result
+// text - text to search for
+// useCaseSensitive - true for case sensitive matching
+// useRegExp - true to interpret text as a RegExp
+Story.prototype.search = function(text,useCaseSensitive,useRegExp)
+{
+    this.closeAllTiddlers();
+    highlightHack = new RegExp(useRegExp ?   text : text.escapeRegExp(),useCaseSensitive ? "mg" : "img");
+    var matches = store.search(highlightHack,"title","excludeSearch");
+    var titles = [];
+    for(var t=matches.length-1; t>=0; t--)
+        titles.push(matches[t].title);
+    this.displayTiddlers(null,titles);
+    highlightHack = null;
+    var q = useRegExp ? "/" : "'";
+    if(matches.length > 0)
+        displayMessage(config.macros.search.successMsg.format([titles.length.toString(),q + text + q]));
+    else
+        displayMessage(config.macros.search.failureMsg.format([q + text + q]));
+}
+
+// Determine if the specified element is within a tiddler in this story
+// e - reference to an element
+// returns: reference to a tiddler element or null if none
+Story.prototype.findContainingTiddler = function(e)
+{
+    while(e && !hasClass(e,"tiddler"))
+        e = e.parentNode;
+    return(e);
+}
+
+// Gather any saveable fields from a tiddler element
+// e - reference to an element to scan recursively
+// fields - object to contain gathered field values
+Story.prototype.gatherSaveFields = function(e,fields)
+{
+    if(e && e.getAttribute)
+        {
+        var f = e.getAttribute("edit");
+        if(f)
+            fields[f] = e.value.replace(/\r/mg,"");;
+        if(e.hasChildNodes())
+            {
+            var c = e.childNodes;
+            for(var t=0; t<c.length; t++)
+                this.gatherSaveFields(c[t],fields)
+            }
+        }
+}
+
+// Determine whether a tiddler has any edit fields, and if so if their values have been changed
+// title - name of tiddler
+Story.prototype.hasChanges = function(title)
+{
+    var e = document.getElementById(this.idPrefix + title);
+    if(e != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(e,fields);
+        var tiddler = store.fetchTiddler(title);
+        if (!tiddler)
+            return false;
+        for(var n in fields)
+            if (store.getValue(title,n) != fields[n])
+                return true;
+        }
+    return false;
+}
+
+// Save any open edit fields of a tiddler and updates the display as necessary
+// title - name of tiddler
+// minorUpdate - true if the modified date shouldn't be updated
+// returns: title of saved tiddler, or null if not saved
+Story.prototype.saveTiddler = function(title,minorUpdate)
+{
+    var tiddlerElem = document.getElementById(this.idPrefix + title);
+    if(tiddlerElem != null)
+        {
+        var fields = {};
+        this.gatherSaveFields(tiddlerElem,fields);
+        var newTitle = fields.title ? fields.title : title;
+        if(store.tiddlerExists(newTitle) && newTitle != title)
+            {
+            if(confirm(config.messages.overwriteWarning.format([newTitle.toString()])))
+                this.closeTiddler(newTitle,false,false);
+            else
+                return null;
+            }
+        tiddlerElem.id = this.idPrefix + newTitle;
+        tiddlerElem.setAttribute("tiddler",newTitle);
+        tiddlerElem.setAttribute("template",DEFAULT_VIEW_TEMPLATE);
+        tiddlerElem.setAttribute("dirty","false");
+        if(config.options.chkForceMinorUpdate)
+            minorUpdate = !minorUpdate;
+        var newDate = new Date();
+        store.saveTiddler(title,newTitle,fields.text,config.options.txtUserName,minorUpdate ? undefined : newDate,fields.tags);
+        for (var n in fields)
+            if (!TiddlyWiki.isStandardField(n))
+                store.setValue(newTitle,n,fields[n]);
+        if(config.options.chkAutoSave)
+            saveChanges();
+        return newTitle;
+        }
+    return null;
+}
+
+Story.prototype.permaView = function()
+{
+    var links = [];
+    this.forEachTiddler(function(title,element) {
+        links.push(String.encodeTiddlyLink(title));
+        });
+    var t = encodeURIComponent(links.join(" "));
+    if(t == "")
+        t = "#";
+    if(window.location.hash != t)
+        window.location.hash = t;
+}
+
+// ---------------------------------------------------------------------------------
+// Message area
+// ---------------------------------------------------------------------------------
+
+function getMessageDiv()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(!msgArea)
+        return null;
+    if(!msgArea.hasChildNodes())
+        createTiddlyButton(createTiddlyElement(msgArea,"div",null,"messageToolbar"),
+            config.messages.messageClose.text,
+            config.messages.messageClose.tooltip,
+            clearMessage);
+    msgArea.style.display = "block";
+    return createTiddlyElement(msgArea,"div");
+}
+
+function displayMessage(text,linkText)
+{
+    var e = getMessageDiv();
+    if(!e)
+        {
+        alert(text);
+        return;
+        }
+    if(linkText)
+        {
+        var link = createTiddlyElement(e,"a",null,null,text);
+        link.href = linkText;
+        link.target = "_blank";
+        }
+    else
+        e.appendChild(document.createTextNode(text));
+}
+
+function clearMessage()
+{
+    var msgArea = document.getElementById("messageArea");
+    if(msgArea)
+        {
+        removeChildren(msgArea);
+        msgArea.style.display = "none";
+        }
+    return false;
+}
+
+// ---------------------------------------------------------------------------------
+// Refresh mechanism
+// ---------------------------------------------------------------------------------
+
+config.refreshers = {
+    link: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddlyLink");
+        refreshTiddlyLink(e,title);
+        return true;
+        },
+
+    tiddler: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var template = e.getAttribute("template");
+        if(changeList && changeList.indexOf(title) != -1 && !story.isDirty(title))
+            story.refreshTiddler(title,template,true);
+        else
+            refreshElements(e,changeList);
+        return true;
+        },
+
+    content: function(e,changeList)
+        {
+        var title = e.getAttribute("tiddler");
+        var force = e.getAttribute("force");
+        if(force != null || changeList == null || changeList.indexOf(title) != -1)
+            {
+            removeChildren(e);
+            wikify(store.getTiddlerText(title,title),e);
+            return true;
+            }
+        else
+            return false;
+        },
+
+    macro: function(e,changeList)
+        {
+        var macro = e.getAttribute("macroName");
+        var params = e.getAttribute("params");
+        if(macro)
+            macro = config.macros[macro];
+        if(macro && macro.refresh)
+            macro.refresh(e,params);
+        return true;
+        }
+};
+
+function refreshElements(root,changeList)
+{
+    var nodes = root.childNodes;
+    for(var c=0; c<nodes.length; c++)
+        {
+        var e = nodes[c],type;
+        if(e.getAttribute)
+            type = e.getAttribute("refresh");
+        else
+            type = null;
+        var refresher = config.refreshers[type];
+        var refreshed = false;
+        if(refresher != undefined)
+            refreshed = refresher(e,changeList);
+        if(e.hasChildNodes() && !refreshed)
+            refreshElements(e,changeList);
+        }
+}
+
+function applyHtmlMacros(root,tiddler)
+{
+    var e = root.firstChild;
+    while(e)
+        {
+        var nextChild = e.nextSibling;
+        if(e.getAttribute)
+            {
+            var macro = e.getAttribute("macro");
+            if(macro)
+                {
+                var params = "";
+                var p = macro.indexOf(" ");
+                if(p != -1)
+                    {
+                    params = macro.substr(p+1);
+                    macro = macro.substr(0,p);
+                    }
+                invokeMacro(e,macro,params,null,tiddler);
+                }
+            }
+        if(e.hasChildNodes())
+            applyHtmlMacros(e,tiddler);
+        e = nextChild;
+        }
+}
+
+function refreshPageTemplate(title)
+{
+    var stash = createTiddlyElement(document.body,"div");
+    stash.style.display = "none";
+    var display = document.getElementById("tiddlerDisplay");
+    var nodes,t;
+    if(display)
+        {
+        nodes = display.childNodes;
+        for(t=nodes.length-1; t>=0; t--)
+            stash.appendChild(nodes[t]);
+        }
+    var wrapper = document.getElementById("contentWrapper");
+    if(!title)
+        title = "PageTemplate";
+    var html = store.getRecursiveTiddlerText(title,null,10);
+    wrapper.innerHTML = html;
+    applyHtmlMacros(wrapper);
+    refreshElements(wrapper);
+    display = document.getElementById("tiddlerDisplay");
+    removeChildren(display);
+    if(!display)
+        display = createTiddlyElement(wrapper,"div","tiddlerDisplay");
+    nodes = stash.childNodes;
+    for(t=nodes.length-1; t>=0; t--)
+        display.appendChild(nodes[t]);
+    stash.parentNode.removeChild(stash);
+}
+
+function refreshDisplay(hint)
+{
+    var e = document.getElementById("contentWrapper");
+    if(typeof hint == "string")
+        hint = [hint];
+    refreshElements(e,hint);
+}
+
+function refreshPageTitle()
+{
+    document.title = wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle");
+}
+
+function refreshStyles(title)
+{
+    setStylesheet(title == null ? "" : store.getRecursiveTiddlerText(title,"",10),title);
+}
+
+function refreshColorPalette(title)
+{
+    if(!startingUp)
+        refreshAll();
+}
+
+function refreshAll()
+{
+    refreshPageTemplate();
+    refreshDisplay();
+    refreshStyles("StyleSheetLayout");
+    refreshStyles("StyleSheetColors");
+    refreshStyles("StyleSheet");
+    refreshStyles("StyleSheetPrint");
+}
+
+// ---------------------------------------------------------------------------------
+// Options cookie stuff
+// ---------------------------------------------------------------------------------
+
+function loadOptionsCookie()
+{
+    if(safeMode)
+        return;
+    var cookies = document.cookie.split(";");
+    for(var c=0; c<cookies.length; c++)
+        {
+        var p = cookies[c].indexOf("=");
+        if(p != -1)
+            {
+            var name = cookies[c].substr(0,p).trim();
+            var value = cookies[c].substr(p+1).trim();
+            switch(name.substr(0,3))
+                {
+                case "txt":
+                    config.options[name] = unescape(value);
+                    break;
+                case "chk":
+                    config.options[name] = value == "true";
+                    break;
+                }
+            }
+        }
+}
+
+function saveOptionCookie(name)
+{
+    if(safeMode)
+        return;
+    var c = name + "=";
+    switch(name.substr(0,3))
+        {
+        case "txt":
+            c += escape(config.options[name].toString());
+            break;
+        case "chk":
+            c += config.options[name] ? "true" : "false";
+            break;
+        }
+    c += "; expires=Fri, 1 Jan 2038 12:00:00 UTC; path=/";
+    document.cookie = c;
+}
+
+// ---------------------------------------------------------------------------------
+// Saving
+// ---------------------------------------------------------------------------------
+
+var saveUsingSafari = false;
+
+var startSaveArea = '<div id="' + 'storeArea">'; // Split up into two so that indexOf() of this source doesn't find it
+var endSaveArea = '</d' + 'iv>';
+
+// If there are unsaved changes, force the user to confirm before exitting
+function confirmExit()
+{
+    hadConfirmExit = true;
+    if((store && store.isDirty && store.isDirty()) || (story && story.areAnyDirty && story.areAnyDirty()))
+        return config.messages.confirmExit;
+}
+
+// Give the user a chance to save changes before exitting
+function checkUnsavedChanges()
+{
+    if(store && store.isDirty && store.isDirty() && window.hadConfirmExit === false)
+        {
+        if(confirm(config.messages.unsavedChangesWarning))
+            saveChanges();
+        }
+}
+
+function updateMarkupBlock(s,blockName,tiddlerName)
+{
+    return s.replaceChunk(
+            "<!--%0-START-->".format([blockName]),
+            "<!--%0-END-->".format([blockName]),
+            "\n" + store.getRecursiveTiddlerText(tiddlerName,"") + "\n");
+}
+
+// Save this tiddlywiki with the pending changes
+function saveChanges(onlyIfDirty)
+{
+    if(onlyIfDirty && !store.isDirty())
+        return;
+    clearMessage();
+    // Get the URL of the document
+    var originalPath = document.location.toString();
+    // Check we were loaded from a file URL
+    if(originalPath.substr(0,5) != "file:")
+        {
+        alert(config.messages.notFileUrlError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    var localPath = getLocalPath(originalPath);
+    // Load the original file
+    var original = loadFile(localPath);
+    if(original == null)
+        {
+        alert(config.messages.cantSaveError);
+        if(store.tiddlerExists(config.messages.saveInstructions))
+            story.displayTiddler(null,config.messages.saveInstructions);
+        return;
+        }
+    // Locate the storeArea div's
+    var posOpeningDiv = original.indexOf(startSaveArea);
+    var limitClosingDiv = original.indexOf("<!--POST-BODY-START--"+">");
+    var posClosingDiv = original.lastIndexOf(endSaveArea,limitClosingDiv == -1 ? original.length : limitClosingDiv);
+    if((posOpeningDiv == -1) || (posClosingDiv == -1))
+        {
+        alert(config.messages.invalidFileError.format([localPath]));
+        return;
+        }
+    // Save the backup
+    if(config.options.chkSaveBackups)
+        {
+        var backupPath = getBackupPath(localPath);
+        var backup = saveFile(backupPath,original);
+        if(backup)
+            displayMessage(config.messages.backupSaved,"file://" + backupPath);
+        else
+            alert(config.messages.backupFailed);
+        }
+    // Save Rss
+    if(config.options.chkGenerateAnRssFeed)
+        {
+        var rssPath = localPath.substr(0,localPath.lastIndexOf(".")) + ".xml";
+        var rssSave = saveFile(rssPath,convertUnicodeToUTF8(generateRss()));
+        if(rssSave)
+            displayMessage(config.messages.rssSaved,"file://" + rssPath);
+        else
+            alert(config.messages.rssFailed);
+        }
+    // Save empty template
+    if(config.options.chkSaveEmptyTemplate)
+        {
+        var emptyPath,p;
+        if((p = localPath.lastIndexOf("/")) != -1)
+            emptyPath = localPath.substr(0,p) + "/empty.html";
+        else if((p = localPath.lastIndexOf("\\")) != -1)
+            emptyPath = localPath.substr(0,p) + "\\empty.html";
+        else
+            emptyPath = localPath + ".empty.html";
+        var empty = original.substr(0,posOpeningDiv + startSaveArea.length) + original.substr(posClosingDiv);
+        var emptySave = saveFile(emptyPath,empty);
+        if(emptySave)
+            displayMessage(config.messages.emptySaved,"file://" + emptyPath);
+        else
+            alert(config.messages.emptyFailed);
+        }
+    var save;
+    try
+        {
+        // Save new file
+        var revised = original.substr(0,posOpeningDiv + startSaveArea.length) + "\n" +
+                    convertUnicodeToUTF8(store.allTiddlersAsHtml()) + "\n" +
+                    original.substr(posClosingDiv);
+        var newSiteTitle = convertUnicodeToUTF8((wikifyPlain("SiteTitle") + " - " + wikifyPlain("SiteSubtitle")).htmlEncode());
+        revised = revised.replaceChunk("<title"+">","</title"+">"," " + newSiteTitle + " ");
+        revised = updateMarkupBlock(revised,"PRE-HEAD","MarkupPreHead");
+        revised = updateMarkupBlock(revised,"POST-HEAD","MarkupPostHead");
+        revised = updateMarkupBlock(revised,"PRE-BODY","MarkupPreBody");
+        revised = updateMarkupBlock(revised,"POST-BODY","MarkupPostBody");
+        save = saveFile(localPath,revised);
+        }
+    catch (e)
+        {
+        showException(e);
+        }
+    if(save)
+        {
+        displayMessage(config.messages.mainSaved,"file://" + localPath);
+        store.setDirty(false);
+        }
+    else
+        alert(config.messages.mainFailed);
+}
+
+function getLocalPath(originalPath)
+{
+    // Remove any location or query part of the URL
+    var argPos = originalPath.indexOf("?");
+    if(argPos != -1)
+        originalPath = originalPath.substr(0,argPos);
+    var hashPos = originalPath.indexOf("#");
+    if(hashPos != -1)
+        originalPath = originalPath.substr(0,hashPos);
+    // Convert file://localhost/ to file:///
+    if(originalPath.indexOf("file://localhost/") == 0)
+        originalPath = "file://" + originalPath.substr(16);
+    // Convert to a native file format assuming
+    // "file:///x:/path/path/path..." - pc local file --> "x:\path\path\path..."
+    // "file://///server/share/path/path/path..." - FireFox pc network file --> "\\server\share\path\path\path..."
+    // "file:///path/path/path..." - mac/unix local file --> "/path/path/path..."
+    // "file://server/share/path/path/path..." - pc network file --> "\\server\share\path\path\path..."
+    var localPath;
+    if(originalPath.charAt(9) == ":") // pc local file
+        localPath = unescape(originalPath.substr(8)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file://///") == 0) // FireFox pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(10)).replace(new RegExp("/","g"),"\\");
+    else if(originalPath.indexOf("file:///") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(7));
+    else if(originalPath.indexOf("file:/") == 0) // mac/unix local file
+        localPath = unescape(originalPath.substr(5));
+    else // pc network file
+        localPath = "\\\\" + unescape(originalPath.substr(7)).replace(new RegExp("/","g"),"\\");
+    return localPath;
+}
+
+function getBackupPath(localPath)
+{
+    var backSlash = true;
+    var dirPathPos = localPath.lastIndexOf("\\");
+    if(dirPathPos == -1)
+        {
+        dirPathPos = localPath.lastIndexOf("/");
+        backSlash = false;
+        }
+    var backupFolder = config.options.txtBackupFolder;
+    if(!backupFolder || backupFolder == "")
+        backupFolder = ".";
+    var backupPath = localPath.substr(0,dirPathPos) + (backSlash ? "\\" : "/") + backupFolder + localPath.substr(dirPathPos);
+    backupPath = backupPath.substr(0,backupPath.lastIndexOf(".")) + "." + (new Date()).convertToYYYYMMDDHHMMSSMMM() + ".html";
+    return backupPath;
+}
+
+function generateRss()
+{
+    var s = [];
+    var d = new Date();
+    var u = store.getTiddlerText("SiteUrl");
+    // Assemble the header
+    s.push("<" + "?xml version=\"1.0\"?" + ">");
+    s.push("<rss version=\"2.0\">");
+    s.push("<channel>");
+    s.push("<title" + ">" + wikifyPlain("SiteTitle").htmlEncode() + "</title" + ">");
+    if(u)
+        s.push("<link>" + u.htmlEncode() + "</link>");
+    s.push("<description>" + wikifyPlain("SiteSubtitle").htmlEncode() + "</description>");
+    s.push("<language>en-us</language>");
+    s.push("<copyright>Copyright " + d.getFullYear() + " " + config.options.txtUserName.htmlEncode() + "</copyright>");
+    s.push("<pubDate>" + d.toGMTString() + "</pubDate>");
+    s.push("<lastBuildDate>" + d.toGMTString() + "</lastBuildDate>");
+    s.push("<docs>http://blogs.law.harvard.edu/tech/rss</docs>");
+    s.push("<generator>TiddlyWiki " + version.major + "." + version.minor + "." + version.revision + "</generator>");
+    // The body
+    var tiddlers = store.getTiddlers("modified","excludeLists");
+    var n = config.numRssItems > tiddlers.length ? 0 : tiddlers.length-config.numRssItems;
+    for (var t=tiddlers.length-1; t>=n; t--)
+        s.push(tiddlers[t].saveToRss(u));
+    // And footer
+    s.push("</channel>");
+    s.push("</rss>");
+    // Save it all
+    return s.join("\n");
+}
+
+
+// UTF-8 encoding rules:
+// 0x0000 - 0x007F: 0xxxxxxx
+// 0x0080 - 0x07FF: 110xxxxx 10xxxxxx
+// 0x0800 - 0xFFFF: 1110xxxx 10xxxxxx 10xxxxxx
+
+function convertUTF8ToUnicode(u)
+{
+    if(window.netscape == undefined)
+        return manualConvertUTF8ToUnicode(u);
+    else
+        return mozConvertUTF8ToUnicode(u);
+}
+
+function manualConvertUTF8ToUnicode(utf)
+{
+    var uni = utf;
+    var src = 0;
+    var dst = 0;
+    var b1, b2, b3;
+    var c;
+    while(src < utf.length)
+        {
+        b1 = utf.charCodeAt(src++);
+        if(b1 < 0x80)
+            dst++;
+        else if(b1 < 0xE0)
+            {
+            b2 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0x1F) << 6) | (b2 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+        else
+            {
+            b2 = utf.charCodeAt(src++);
+            b3 = utf.charCodeAt(src++);
+            c = String.fromCharCode(((b1 & 0xF) << 12) | ((b2 & 0x3F) << 6) | (b3 & 0x3F));
+            uni = uni.substring(0,dst++).concat(c,utf.substr(src));
+            }
+    }
+    return(uni);
+}
+
+function mozConvertUTF8ToUnicode(u)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUTF8ToUnicode(u);
+        } // fallback
+    var s = converter.ConvertToUnicode(u);
+    var fin = converter.Finish();
+    return (fin.length > 0) ? s+fin : s;
+}
+
+function convertUnicodeToUTF8(s)
+{
+    if(window.netscape == undefined)
+        return manualConvertUnicodeToUTF8(s);
+    else
+        return mozConvertUnicodeToUTF8(s);
+}
+
+function manualConvertUnicodeToUTF8(s)
+{
+    var re = /[^\u0000-\u007F]/g ;
+    return s.replace(re, function($0) {return("&#" + $0.charCodeAt(0).toString() + ";");})
+}
+
+function mozConvertUnicodeToUTF8(s)
+{
+    try
+        {
+        netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+        var converter = Components.classes["@mozilla.org/intl/scriptableunicodeconverter"].createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
+        converter.charset = "UTF-8";
+        }
+    catch(e)
+        {
+        return manualConvertUnicodeToUTF8(s);
+        } // fallback
+    var u = converter.ConvertFromUnicode(s);
+    var fin = converter.Finish();
+    if(fin.length > 0)
+        return u + fin;
+    else
+        return u;
+}
+
+function saveFile(fileUrl, content)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = ieSaveFile(fileUrl, content);
+    if((r == null) || (r == false))
+        r = javaSaveFile(fileUrl, content);
+    return(r);
+}
+
+function loadFile(fileUrl)
+{
+    var r = null;
+    if((r == null) || (r == false))
+        r = mozillaLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = ieLoadFile(fileUrl);
+    if((r == null) || (r == false))
+        r = javaLoadFile(fileUrl);
+    return(r);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function ieSaveFile(filePath, content)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to save\n\n" + e.toString());
+        return(null);
+        }
+    var file = fso.OpenTextFile(filePath,2,-1,0);
+    file.Write(content);
+    file.Close();
+    return(true);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function ieLoadFile(filePath)
+{
+    try
+        {
+        var fso = new ActiveXObject("Scripting.FileSystemObject");
+        var file = fso.OpenTextFile(filePath,1);
+        var content = file.ReadAll();
+        file.Close();
+        }
+    catch(e)
+        {
+        //alert("Exception while attempting to load\n\n" + e.toString());
+        return(null);
+        }
+    return(content);
+}
+
+// Returns null if it can't do it, false if there's an error, true if it saved OK
+function mozillaSaveFile(filePath, content)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                file.create(0, 0664);
+            var out = Components.classes["@mozilla.org/network/file-output-stream;1"].createInstance(Components.interfaces.nsIFileOutputStream);
+            out.init(file, 0x20 | 0x02, 00004,null);
+            out.write(content, content.length);
+            out.flush();
+            out.close();
+            return(true);
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to save\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+// Returns null if it can't do it, false if there's an error, or a string of the content if successful
+function mozillaLoadFile(filePath)
+{
+    if(window.Components)
+        try
+            {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+            var file = Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
+            file.initWithPath(filePath);
+            if (!file.exists())
+                return(null);
+            var inputStream = Components.classes["@mozilla.org/network/file-input-stream;1"].createInstance(Components.interfaces.nsIFileInputStream);
+            inputStream.init(file, 0x01, 00004, null);
+            var sInputStream = Components.classes["@mozilla.org/scriptableinputstream;1"].createInstance(Components.interfaces.nsIScriptableInputStream);
+            sInputStream.init(inputStream);
+            return(sInputStream.read(sInputStream.available()));
+            }
+        catch(e)
+            {
+            //alert("Exception while attempting to load\n\n" + e);
+            return(false);
+            }
+    return(null);
+}
+
+function javaUrlToFilename(url)
+{
+    var f = "//localhost";
+    if(url.indexOf(f) == 0)
+        return url.substring(f.length);
+    var i = url.indexOf(":");
+    if(i > 0)
+        return url.substring(i-1);
+    return url;
+}
+
+function javaSaveFile(filePath, content)
+{
+    try
+        {
+        if(document.applets["TiddlySaver"])
+            return document.applets["TiddlySaver"].saveFile(javaUrlToFilename(filePath),"UTF-8",content);
+        }
+    catch(e)
+        {
+        }
+    try
+        {
+        var s = new java.io.PrintStream(new java.io.FileOutputStream(javaUrlToFilename(filePath)));
+        s.print(content);
+        s.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return true;
+}
+
+function javaLoadFile(filePath)
+{
+    try
+        {
+    if(document.applets["TiddlySaver"])
+        return String(document.applets["TiddlySaver"].loadFile(javaUrlToFilename(filePath),"UTF-8"));
+        }
+    catch(e)
+        {
+        }
+    var content = [];
+    try
+        {
+        var r = new java.io.BufferedReader(new java.io.FileReader(javaUrlToFilename(filePath)));
+        var line;
+        while ((line = r.readLine()) != null)
+            content.push(new String(line));
+        r.close();
+        }
+    catch(e)
+        {
+        return null;
+        }
+    return content.join("\n");
+}
+
+
+// ---------------------------------------------------------------------------------
+// Remote HTTP requests
+// ---------------------------------------------------------------------------------
+
+// Load a file over http
+//   url - the source url
+//   callback - function to call when there's a response
+//   params - parameter object that gets passed to the callback for storing it's state
+// Return value is the underlying XMLHttpRequest object, or 'null' if there was an error
+// Callback function is called like this:
+//   callback(status,params,responseText,xhr)
+//     status - true if OK, false if error
+//     params - the parameter object provided to loadRemoteFile()
+//     responseText - the text of the file
+//     xhr - the underlying XMLHttpRequest object
+function loadRemoteFile(url,callback,params)
+{
+    // Get an xhr object
+    var x;
+    try
+        {
+        x = new XMLHttpRequest(); // Modern
+        }
+    catch(e)
+        {
+        try
+            {
+            x = new ActiveXObject("Msxml2.XMLHTTP"); // IE 6
+            }
+        catch (e)
+            {
+            return null;
+            }
+        }
+    // Install callback
+    x.onreadystatechange = function()
+        {
+        if (x.readyState == 4)
+            {
+            if ((x.status == 0 || x.status == 200) && callback)
+                {
+                callback(true,params,x.responseText,url,x);
+            }
+            else
+                callback(false,params,null,url,x);
+            }
+        }
+    // Send request
+    if(window.netscape && window.netscape.security && document.location.protocol.indexOf("http") == -1)
+        window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+    try
+        {
+        url = url + (url.indexOf("?") < 0 ? "?" : "&") + "nocache=" + Math.random();
+        x.open("GET",url,true);
+        if (x.overrideMimeType)
+            x.overrideMimeType("text/html");
+        x.send(null);
+        }
+    catch (e)
+        {
+        alert("Error in send " + e);
+        return null;
+        }
+    return x;
+}
+// ---------------------------------------------------------------------------------
+// TiddlyWiki-specific utility functions
+// ---------------------------------------------------------------------------------
+
+function createTiddlyButton(theParent,theText,theTooltip,theAction,theClass,theId,theAccessKey)
+{
+    var theButton = document.createElement("a");
+    if(theAction)
+        {
+        theButton.onclick = theAction;
+        theButton.setAttribute("href","javascript:;");
+        }
+    if(theTooltip)
+        theButton.setAttribute("title",theTooltip);
+    if(theText)
+        theButton.appendChild(document.createTextNode(theText));
+    if(theClass)
+        theButton.className = theClass;
+    else
+        theButton.className = "button";
+    if(theId)
+        theButton.id = theId;
+    if(theParent)
+        theParent.appendChild(theButton);
+    if(theAccessKey)
+        theButton.setAttribute("accessKey",theAccessKey);
+    return(theButton);
+}
+
+function createTiddlyLink(place,title,includeText,theClass,isStatic)
+{
+    var text = includeText ? title : null;
+    var i = getTiddlyLinkInfo(title,theClass)
+    var btn;
+    if(isStatic)
+        btn = createExternalLink(place,"#" + title);
+    else
+        btn = createTiddlyButton(place,text,i.subTitle,onClickTiddlerLink,i.classes);
+    btn.setAttribute("refresh","link");
+    btn.setAttribute("tiddlyLink",title);
+    return(btn);
+}
+
+function refreshTiddlyLink(e,title)
+{
+    var i = getTiddlyLinkInfo(title,e.className);
+    e.className = i.classes;
+    e.title = i.subTitle;
+}
+
+function getTiddlyLinkInfo(title,currClasses)
+{
+    var classes = currClasses ? currClasses.split(" ") : [];
+    classes.pushUnique("tiddlyLink");
+    var tiddler = store.fetchTiddler(title);
+    var subTitle;
+    if(tiddler)
+        {
+        subTitle = tiddler.getSubtitle();
+        classes.pushUnique("tiddlyLinkExisting");
+        classes.remove("tiddlyLinkNonExisting");
+        classes.remove("shadow");
+        }
+    else
+        {
+        classes.remove("tiddlyLinkExisting");
+        classes.pushUnique("tiddlyLinkNonExisting");
+        if(store.isShadowTiddler(title))
+            {
+            subTitle = config.messages.shadowedTiddlerToolTip.format([title]);
+            classes.pushUnique("shadow");
+            }
+        else
+            {
+            subTitle = config.messages.undefinedTiddlerToolTip.format([title]);
+            classes.remove("shadow");
+            }
+        }
+    return {classes: classes.join(" "), subTitle: subTitle};
+}
+
+function createExternalLink(place,url)
+{
+    var theLink = document.createElement("a");
+    theLink.className = "externalLink";
+    theLink.href = url;
+    theLink.title = config.messages.externalLinkTooltip.format([url]);
+    if(config.options.chkOpenInNewWindow)
+        theLink.target = "_blank";
+    place.appendChild(theLink);
+    return(theLink);
+}
+
+// Event handler for clicking on a tiddly link
+function onClickTiddlerLink(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var theLink = theTarget;
+    var title = null;
+    do {
+        title = theLink.getAttribute("tiddlyLink");
+        theLink = theLink.parentNode;
+    } while(title == null && theLink != null);
+    if(title)
+        {
+        var toggling = e.metaKey || e.ctrlKey;
+        if(config.options.chkToggleLinks)
+            toggling = !toggling;
+        var opening;
+        if(toggling && document.getElementById("tiddler" + title))
+            story.closeTiddler(title,true,e.shiftKey || e.altKey);
+        else
+            story.displayTiddler(theTarget,title,null,true,e.shiftKey || e.altKey);
+        }
+    clearMessage();
+    return(false);
+}
+
+// Create a button for a tag with a popup listing all the tiddlers that it tags
+function createTagButton(place,tag,excludeTiddler)
+{
+    var theTag = createTiddlyButton(place,tag,config.views.wikified.tag.tooltip.format([tag]),onClickTag);
+    theTag.setAttribute("tag",tag);
+    if(excludeTiddler)
+        theTag.setAttribute("tiddler",excludeTiddler);
+    return(theTag);
+}
+
+// Event handler for clicking on a tiddler tag
+function onClickTag(e)
+{
+    if (!e) var e = window.event;
+    var theTarget = resolveTarget(e);
+    var popup = Popup.create(this);
+    var tag = this.getAttribute("tag");
+    var title = this.getAttribute("tiddler");
+    if(popup && tag)
+        {
+        var tagged = store.getTaggedTiddlers(tag);
+        var titles = [];
+        var li,r;
+        for(r=0;r<tagged.length;r++)
+            if(tagged[r].title != title)
+                titles.push(tagged[r].title);
+        var lingo = config.views.wikified.tag;
+        if(titles.length > 0)
+            {
+            var openAll = createTiddlyButton(createTiddlyElement(popup,"li"),lingo.openAllText.format([tag]),lingo.openAllTooltip,onClickTagOpenAll);
+            openAll.setAttribute("tag",tag);
+            createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+            for(r=0; r<titles.length; r++)
+                {
+                createTiddlyLink(createTiddlyElement(popup,"li"),titles[r],true);
+                }
+            }
+        else
+            createTiddlyText(createTiddlyElement(popup,"li",null,"disabled"),lingo.popupNone.format([tag]));
+        createTiddlyElement(createTiddlyElement(popup,"li",null,"listBreak"),"div");
+        var h = createTiddlyLink(createTiddlyElement(popup,"li"),tag,false);
+        createTiddlyText(h,lingo.openTag.format([tag]));
+        }
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return(false);
+}
+
+// Event handler for 'open all' on a tiddler popup
+function onClickTagOpenAll(e)
+{
+    if (!e) var e = window.event;
+    var tag = this.getAttribute("tag");
+    var tagged = store.getTaggedTiddlers(tag);
+    var titles = [];
+    for(var t=0; t<tagged.length; t++)
+        titles.push(tagged[t].title);
+    story.displayTiddlers(this,titles);
+    return(false);
+}
+
+function onClickError(e)
+{
+    if (!e) var e = window.event;
+    var popup = Popup.create(this);
+    var lines = this.getAttribute("errorText").split("\n");
+    for(var t=0; t<lines.length; t++)
+        createTiddlyElement(popup,"li",null,null,lines[t]);
+    Popup.show(popup,false);
+    e.cancelBubble = true;
+    if (e.stopPropagation) e.stopPropagation();
+    return false;
+}
+
+function createTiddlyDropDown(place,onchange,options)
+{
+    var sel = createTiddlyElement(place,"select");
+    sel.onchange = onchange;
+    for(var t=0; t<options.length; t++)
+        {
+        var e = createTiddlyElement(sel,"option",null,null,options[t].caption);
+        e.value = options[t].name;
+        }
+}
+
+function createTiddlyError(place,title,text)
+{
+    var btn = createTiddlyButton(place,title,null,onClickError,"errorButton");
+    if (text) btn.setAttribute("errorText",text);
+}
+
+function merge(dst,src,preserveExisting)
+{
+    for (p in src)
+        if (!preserveExisting || dst[p] === undefined)
+            dst[p] = src[p];
+    return dst;
+}
+
+// Returns a string containing the description of an exception, optionally prepended by a message
+function exceptionText(e, message)
+{
+    var s = e.description ? e.description : e.toString();
+    return message ? "%0:\n%1".format([message, s]) : s;
+}
+
+// Displays an alert of an exception description with optional message
+function showException(e, message)
+{
+    alert(exceptionText(e, message));
+}
+
+// ---------------------------------------------------------------------------------
+// Animation engine
+// ---------------------------------------------------------------------------------
+
+function Animator()
+{
+    this.running = 0; // Incremented at start of each animation, decremented afterwards. If zero, the interval timer is disabled
+    this.timerID = 0; // ID of the timer used for animating
+    this.animations = []; // List of animations in progress
+    return this;
+}
+
+// Start animation engine
+Animator.prototype.startAnimating = function() // Variable number of arguments
+{
+    for(var t=0; t<arguments.length; t++)
+        this.animations.push(arguments[t]);
+    if(this.running == 0)
+        {
+        var me = this;
+        this.timerID = window.setInterval(function() {me.doAnimate(me);},5);
+        }
+    this.running += arguments.length;
+}
+
+// Perform an animation engine tick, calling each of the known animation modules
+Animator.prototype.doAnimate = function(me)
+{
+    var a = 0;
+    while(a < me.animations.length)
+        {
+        var animation = me.animations[a];
+        if(animation.tick())
+            a++;
+        else
+            {
+            me.animations.splice(a,1);
+            if(--me.running == 0)
+                window.clearInterval(me.timerID);
+            }
+        }
+}
+
+// Map a 0..1 value to 0..1, but slow down at the start and end
+Animator.slowInSlowOut = function(progress)
+{
+    return(1-((Math.cos(progress * Math.PI)+1)/2));
+}
+
+// ---------------------------------------------------------------------------------
+// Cascade animation
+// ---------------------------------------------------------------------------------
+
+function Cascade(text,startElement,targetElement,slowly)
+{
+    var winWidth = findWindowWidth();
+    var winHeight = findWindowHeight();
+    this.elements = [];
+    this.startElement = startElement;
+    this.startLeft = findPosX(this.startElement);
+    this.startTop = findPosY(this.startElement);
+    this.startWidth = Math.min(this.startElement.offsetWidth,winWidth);
+    this.startHeight = Math.min(this.startElement.offsetHeight,winHeight);
+    this.targetElement = targetElement;
+    targetElement.style.position = "relative";
+    targetElement.style.zIndex = 2;
+    this.targetLeft = findPosX(this.targetElement);
+    this.targetTop = findPosY(this.targetElement);
+    this.targetWidth = Math.min(this.targetElement.offsetWidth,winWidth);
+    this.targetHeight = Math.min(this.targetElement.offsetHeight,winHeight);
+    this.progress = -1;
+    this.steps = slowly ? config.cascadeSlow : config.cascadeFast;
+    this.text = text;
+    this.tick();
+    return this;
+}
+
+Cascade.prototype.tick = function()
+{
+    this.progress++;
+    if(this.progress >= this.steps)
+        {
+        while(this.elements.length > 0)
+            this.removeTail();
+        this.targetElement.style.position = "static";
+        this.targetElement.style.zIndex = "";
+        return false;
+        }
+    else
+        {
+        if(this.elements.length > 0 && this.progress > config.cascadeDepth)
+            this.removeTail();
+        if(this.progress < (this.steps - config.cascadeDepth))
+            {
+            var f = Animator.slowInSlowOut(this.progress/(this.steps - config.cascadeDepth - 1));
+            var e = createTiddlyElement(document.body,"div",null,"cascade",this.text);
+            e.style.zIndex = 1;
+            e.style.left = this.startLeft + (this.targetLeft-this.startLeft) * f + "px";
+            e.style.top = this.startTop + (this.targetTop-this.startTop) * f + "px";
+            e.style.width = this.startWidth + (this.targetWidth-this.startWidth) * f + "px";
+            e.style.height = this.startHeight + (this.targetHeight-this.startHeight) * f + "px";
+            e.style.display = "block";
+            this.elements.push(e);
+            }
+        return true;
+        }
+}
+
+Cascade.prototype.removeTail = function()
+{
+    var e = this.elements[0];
+    e.parentNode.removeChild(e);
+    this.elements.shift();
+}
+
+// ---------------------------------------------------------------------------------
+// Scroller animation
+// ---------------------------------------------------------------------------------
+
+function Scroller(targetElement,slowly)
+{
+    this.targetElement = targetElement;
+    this.startScroll = findScrollY();
+    this.targetScroll = ensureVisible(targetElement);
+    this.progress = 0;
+    this.step = slowly ? config.animSlow : config.animFast;
+    return this;
+}
+
+Scroller.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress > 1)
+        {
+        window.scrollTo(0,this.targetScroll);
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        window.scrollTo(0,this.startScroll + (this.targetScroll-this.startScroll) * f);
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Slider animation
+// ---------------------------------------------------------------------------------
+
+// deleteMode - "none", "all" [delete target element and it's children], [only] "children" [but not the target element]
+function Slider(element,opening,slowly,deleteMode)
+{
+    this.element = element;
+    element.style.display = "block";
+    this.deleteMode = deleteMode;
+    this.element.style.height = "auto";
+    this.realHeight = element.offsetHeight;
+    this.opening = opening;
+    this.step = slowly ? config.animSlow : config.animFast;
+    if(opening)
+        {
+        this.progress = 0;
+        element.style.height = "0px";
+        element.style.display = "block";
+        }
+    else
+        {
+        this.progress = 1;
+        this.step = -this.step;
+        }
+    element.style.overflow = "hidden";
+    return this;
+}
+
+Slider.prototype.stop = function()
+{
+    if(this.opening)
+        {
+        this.element.style.height = "auto";
+        this.element.style.opacity = 1;
+        this.element.style.filter = "alpha(opacity:100)";
+        }
+    else
+        {
+        switch(this.deleteMode)
+            {
+            case "none":
+                this.element.style.display = "none";
+                break;
+            case "all":
+                this.element.parentNode.removeChild(this.element);
+                break;
+            case "children":
+                removeChildren(this.element);
+                break;
+            }
+        }
+}
+
+Slider.prototype.tick = function()
+{
+    this.progress += this.step;
+    if(this.progress < 0 || this.progress > 1)
+        {
+        this.stop();
+        return false;
+        }
+    else
+        {
+        var f = Animator.slowInSlowOut(this.progress);
+        var h = this.realHeight * f;
+        this.element.style.height = h + "px";
+        this.element.style.opacity = f;
+        this.element.style.filter = "alpha(opacity:" + f * 100 +")";
+        return true;
+        }
+}
+
+// ---------------------------------------------------------------------------------
+// Popup menu
+// ---------------------------------------------------------------------------------
+
+var Popup = {
+    stack: [] // Array of objects with members root: and popup:
+    };
+
+Popup.create = function(root)
+{
+    Popup.remove();
+    var popup = createTiddlyElement(document.body,"ol","popup","popup");
+    Popup.stack.push({root: root, popup: popup});
+    return popup;
+}
+
+Popup.onDocumentClick = function(e)
+{
+    if (!e) var e = window.event;
+    var target = resolveTarget(e);
+    if(e.eventPhase == undefined)
+        Popup.remove();
+    else if(e.eventPhase == Event.BUBBLING_PHASE || e.eventPhase == Event.AT_TARGET)
+        Popup.remove();
+    return true;
+}
+
+Popup.show = function(unused,slowly)
+{
+    var curr = Popup.stack[Popup.stack.length-1];
+    var rootLeft = findPosX(curr.root);
+    var rootTop = findPosY(curr.root);
+    var rootHeight = curr.root.offsetHeight;
+    var popupLeft = rootLeft;
+    var popupTop = rootTop + rootHeight;
+    var popupWidth = curr.popup.offsetWidth;
+    var winWidth = findWindowWidth();
+    if(popupLeft + popupWidth > winWidth)
+        popupLeft = winWidth - popupWidth;
+    curr.popup.style.left = popupLeft + "px";
+    curr.popup.style.top = popupTop + "px";
+    curr.popup.style.display = "block";
+    addClass(curr.root,"highlight");
+    if(anim && config.options.chkAnimate)
+        anim.startAnimating(new Scroller(curr.popup,slowly));
+    else
+        window.scrollTo(0,ensureVisible(curr.popup));
+}
+
+Popup.remove = function()
+{
+    if(Popup.stack.length > 0)
+        {
+        Popup.removeFrom(0);
+        }
+}
+
+Popup.removeFrom = function(from)
+{
+    for(var t=Popup.stack.length-1; t>=from; t--)
+        {
+        var p = Popup.stack[t];
+        removeClass(p.root,"highlight");
+        p.popup.parentNode.removeChild(p.popup);
+        }
+    Popup.stack = Popup.stack.slice(0,from);
+}
+
+// ---------------------------------------------------------------------------------
+// ListView gadget
+// ---------------------------------------------------------------------------------
+
+var ListView = {};
+
+// Create a listview
+//   place - where in the DOM tree to insert the listview
+//   listObject - array of objects to be included in the listview
+//   listTemplate - template for the listview
+//   callback - callback for a command being selected
+//   className - optional classname for the <table> element
+ListView.create = function(place,listObject,listTemplate,callback,className)
+{
+    var table = createTiddlyElement(place,"table",null,className ? className : "listView");
+    var thead = createTiddlyElement(table,"thead");
+    var r = createTiddlyElement(thead,"tr");
+    for(var t=0; t<listTemplate.columns.length; t++)
+        {
+        var columnTemplate = listTemplate.columns[t];
+        var c = createTiddlyElement(r,"th");
+        var colType = ListView.columnTypes[columnTemplate.type];
+        if(colType && colType.createHeader)
+            colType.createHeader(c,columnTemplate,t);
+        }
+    var tbody = createTiddlyElement(table,"tbody");
+    for(var rc=0; rc<listObject.length; rc++)
+        {
+        rowObject = listObject[rc];
+        r = createTiddlyElement(tbody,"tr");
+        for(var c=0; c<listTemplate.rowClasses.length; c++)
+            {
+            if(rowObject[listTemplate.rowClasses[c].field])
+                addClass(r,listTemplate.rowClasses[c].className);
+            }
+        rowObject.rowElement = rowObject;
+        rowObject.colElements = {};
+        for(var cc=0; cc<listTemplate.columns.length; cc++)
+            {
+            var c = createTiddlyElement(r,"td");
+            var columnTemplate = listTemplate.columns[cc];
+            var field = columnTemplate.field;
+            var colType = ListView.columnTypes[columnTemplate.type];
+            if(colType && colType.createItem)
+                colType.createItem(c,rowObject,field,columnTemplate,cc,rc);
+            rowObject.colElements[field] = c;
+            }
+        }
+    if(callback && listTemplate.actions)
+        createTiddlyDropDown(place,ListView.getCommandHandler(callback),listTemplate.actions);
+    if(callback && listTemplate.buttons)
+        {
+        for(t=0; t<listTemplate.buttons.length; t++)
+            {
+            var a = listTemplate.buttons[t];
+            if(a && a.name != "")
+                createTiddlyButton(place,a.caption,null,ListView.getCommandHandler(callback,a.name,a.allowEmptySelection));
+            }
+        }
+    return table;
+}
+
+ListView.getCommandHandler = function(callback,name,allowEmptySelection)
+{
+    return function(e)
+        {
+        var view = findRelated(this,"TABLE",null,"previousSibling");
+        var tiddlers = [];
+        ListView.forEachSelector(view,function(e,rowName) {
+                    if(e.checked)
+                        tiddlers.push(rowName);
+                    });
+        if(tiddlers.length == 0 && !allowEmptySelection)
+            alert(config.messages.nothingSelected);
+        else
+            {
+            if(this.nodeName.toLowerCase() == "select")
+                {
+                callback(view,this.value,tiddlers);
+                this.selectedIndex = 0;
+                }
+            else
+                callback(view,name,tiddlers);
+            }
+        };
+}
+
+// Invoke a callback for each selector checkbox in the listview
+//   view - <table> element of listView
+//   callback(checkboxElement,rowName)
+//     where
+//       checkboxElement - DOM element of checkbox
+//       rowName - name of this row as assigned by the column template
+//   result: true if at least one selector was checked
+ListView.forEachSelector = function(view,callback)
+{
+    var checkboxes = view.getElementsByTagName("input");
+    var hadOne = false;
+    for(var t=0; t<checkboxes.length; t++)
+        {
+        var cb = checkboxes[t];
+        if(cb.getAttribute("type") == "checkbox")
+            {
+            var rn = cb.getAttribute("rowName");
+            if(rn)
+                {
+                callback(cb,rn);
+                hadOne = true;
+                }
+            }
+        }
+    return hadOne;
+}
+
+ListView.columnTypes = {};
+
+ListView.columnTypes.String = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyText(place,columnTemplate.title);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v);
+        }
+};
+
+ListView.columnTypes.Date = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                createTiddlyText(place,v.formatString(columnTemplate.dateFormat));
+        }
+};
+
+ListView.columnTypes.StringList = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                for(var t=0; t<v.length; t++)
+                    {
+                    createTiddlyText(place,v[t]);
+                    createTiddlyElement(place,"br");
+                    }
+                }
+        }
+};
+
+ListView.columnTypes.Selector = {
+    createHeader: function(place,columnTemplate,col)
+        {
+            createTiddlyCheckbox(place,null,false,this.onHeaderChange);
+        },
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],null);
+            e.setAttribute("rowName",listObject[columnTemplate.rowName]);
+        },
+    onHeaderChange: function(e)
+        {
+            var state = this.checked;
+            var view = findRelated(this,"TABLE");
+            if(!view)
+                return;
+            ListView.forEachSelector(view,function(e,rowName) {
+                                e.checked = state;
+                            });
+        }
+};
+
+ListView.columnTypes.Tags = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var tags = listObject[field];
+            createTiddlyText(place,String.encodeTiddlyLinkList(tags));
+        }
+};
+
+ListView.columnTypes.Boolean = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            if(listObject[field] == true)
+                createTiddlyText(place,columnTemplate.trueText);
+            if(listObject[field] == false)
+                createTiddlyText(place,columnTemplate.falseText);
+        }
+};
+
+ListView.columnTypes.TagCheckbox = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var e = createTiddlyCheckbox(place,null,listObject[field],this.onChange);
+            e.setAttribute("tiddler",listObject.title);
+            e.setAttribute("tag",columnTemplate.tag);
+        },
+    onChange : function(e)
+        {
+            var tag = this.getAttribute("tag");
+            var tiddler = this.getAttribute("tiddler");
+            store.setTiddlerTag(tiddler,this.checked,tag);
+        }
+};
+
+ListView.columnTypes.TiddlerLink = {
+    createHeader: ListView.columnTypes.String.createHeader,
+    createItem: function(place,listObject,field,columnTemplate,col,row)
+        {
+            var v = listObject[field];
+            if(v != undefined)
+                {
+                var link = createTiddlyLink(place,listObject[columnTemplate.tiddlerLink],false,null);
+                createTiddlyText(link,listObject[field]);
+                }
+        }
+};
+// ---------------------------------------------------------------------------------
+// Augmented methods for the JavaScript Number(), Array(), String() and Date() objects
+// ---------------------------------------------------------------------------------
+
+// Clamp a number to a range
+Number.prototype.clamp = function(min,max)
+{
+    var c = this;
+    if(c < min)
+        c = min;
+    if(c > max)
+        c = max;
+    return c;
+}
+
+// Add indexOf function if browser does not support it
+if(!Array.indexOf) {
+Array.prototype.indexOf = function(item,from)
+{
+    if(!from)
+        from = 0;
+    for(var i=from; i<this.length; i++)
+        if(this[i] === item)
+            return i;
+    return -1;
+}}
+
+// Find an entry in a given field of the members of an array
+Array.prototype.findByField = function(field,value)
+{
+    for(var t=0; t<this.length; t++)
+        if(this[t][field] == value)
+            return t;
+    return null;
+}
+
+// Return whether an entry exists in an array
+Array.prototype.contains = function(item)
+{
+    return this.indexOf(item) != -1;
+};
+
+// Adds, removes or toggles a particular value within an array
+//  value - value to add
+//  mode - +1 to add value, -1 to remove value, 0 to toggle it
+Array.prototype.setItem = function(value,mode)
+{
+    var p = this.indexOf(value);
+    if(mode == 0)
+        mode = (p == -1) ? +1 : -1;
+    if(mode == +1)
+        {
+        if(p == -1)
+            this.push(value);
+        }
+    else if(mode == -1)
+        {
+        if(p != -1)
+            this.splice(p,1);
+        }
+}
+
+// Return whether one of a list of values exists in an array
+Array.prototype.containsAny = function(items)
+{
+    for(var i=0; i<items.length; i++)
+        if (this.indexOf(items[i]) != -1)
+            return true;
+    return false;
+};
+
+// Return whether all of a list of values exists in an array
+Array.prototype.containsAll = function(items)
+{
+    for (var i = 0; i<items.length; i++)
+        if (this.indexOf(items[i]) == -1)
+            return false;
+    return true;
+};
+
+// Push a new value into an array only if it is not already present in the array. If the optional unique parameter is false, it reverts to a normal push
+Array.prototype.pushUnique = function(item,unique)
+{
+    if(unique != undefined && unique == false)
+        this.push(item);
+    else
+        {
+        if(this.indexOf(item) == -1)
+            this.push(item);
+        }
+}
+
+Array.prototype.remove = function(item)
+{
+    var p = this.indexOf(item);
+    if(p != -1)
+        this.splice(p,1);
+}
+
+// Get characters from the right end of a string
+String.prototype.right = function(n)
+{
+    if(n < this.length)
+        return this.slice(this.length-n);
+    else
+        return this;
+}
+
+// Trim whitespace from both ends of a string
+String.prototype.trim = function()
+{
+    return this.replace(/^\s*|\s*$/g,"");
+}
+
+// Convert a string from a CSS style property name to a JavaScript style name ("background-color" -> "backgroundColor")
+String.prototype.unDash = function()
+{
+    var s = this.split("-");
+    if(s.length > 1)
+        for(var t=1; t<s.length; t++)
+            s[t] = s[t].substr(0,1).toUpperCase() + s[t].substr(1);
+    return s.join("");
+}
+
+// Substitute substrings from an array into a format string that includes '%1'-type specifiers
+String.prototype.format = function(substrings)
+{
+    var subRegExp = /(?:%(\d+))/mg;
+    var currPos = 0;
+    var r = [];
+    do {
+        var match = subRegExp.exec(this);
+        if(match && match[1])
+            {
+            if(match.index > currPos)
+                r.push(this.substring(currPos,match.index));
+            r.push(substrings[parseInt(match[1])]);
+            currPos = subRegExp.lastIndex;
+            }
+    } while(match);
+    if(currPos < this.length)
+        r.push(this.substring(currPos,this.length));
+    return r.join("");
+}
+
+// Escape any special RegExp characters with that character preceded by a backslash
+String.prototype.escapeRegExp = function()
+{
+    var s = "\\^$*+?()=!|,{}[].";
+    var c = this;
+    for(var t=0; t<s.length; t++)
+        c = c.replace(new RegExp("\\" + s.substr(t,1),"g"),"\\" + s.substr(t,1));
+    return c;
+}
+
+// Convert "\" to "\s", newlines to "\n" (and remove carriage returns)
+String.prototype.escapeLineBreaks = function()
+{
+    return this.replace(/\\/mg,"\\s").replace(/\n/mg,"\\n").replace(/\r/mg,"");
+}
+
+// Convert "\n" to newlines, "\b" to " ", "\s" to "\" (and remove carriage returns)
+String.prototype.unescapeLineBreaks = function()
+{
+    return this.replace(/\\n/mg,"\n").replace(/\\b/mg," ").replace(/\\s/mg,"\\").replace(/\r/mg,"");
+}
+
+// Convert & to "&amp;", < to "&lt;", > to "&gt;" and " to "&quot;"
+String.prototype.htmlEncode = function()
+{
+    return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
+}
+
+// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+String.prototype.htmlDecode = function()
+{
+    return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+}
+
+// Parse a space-separated string of name:value parameters where:
+//   - the name or the value can be optional (in which case separate defaults are used instead)
+//     - in case of ambiguity, a lone word is taken to be a value
+//     - if 'cascadeDefaults' is set to true, then the defaults are modified by updated by each specified name or value
+//     - name prefixes are not allowed if the 'noNames' parameter is true
+//   - if both the name and value are present they must be separated by a colon
+//   - the name and the value may both be quoted with single- or double-quotes, double-square brackets
+//   - names or values quoted with {{double-curly braces}} are evaluated as a JavaScript expression
+//     - as long as the 'allowEval' parameter is true
+// The result is an array of objects:
+//   result[0] = object with a member for each parameter name, value of that member being an array of values
+//   result[1..n] = one object for each parameter, with 'name' and 'value' members
+String.prototype.parseParams = function(defaultName,defaultValue,allowEval,noNames,cascadeDefaults)
+{
+    var parseToken = function(match,p)
+        {
+        var n;
+        if(match[p]) // Double quoted
+            n = match[p];
+        else if(match[p+1]) // Single quoted
+            n = match[p+1];
+        else if(match[p+2]) // Double-square-bracket quoted
+            n = match[p+2];
+        else if(match[p+3]) // Double-brace quoted
+            try
+                {
+                n = match[p+3];
+                if(allowEval)
+                    n = window.eval(n);
+                }
+            catch(e)
+                {
+                throw "Unable to evaluate {{" + match[p+3] + "}}: " + exceptionText(e);
+                }
+        else if(match[p+4]) // Unquoted
+            n = match[p+4];
+        else if(match[p+5]) // empty quote
+            n = "";
+        return n;
+        };
+    var r = [{}];
+    var dblQuote = "(?:\"((?:(?:\\\\\")|[^\"])+)\")";
+    var sngQuote = "(?:'((?:(?:\\\\\')|[^'])+)')";
+    var dblSquare = "(?:\\[\\[((?:\\s|\\S)*?)\\]\\])";
+    var dblBrace = "(?:\\{\\{((?:\\s|\\S)*?)\\}\\})";
+    var unQuoted = noNames ? "([^\"'\\s]\\S*)" : "([^\"':\\s][^\\s:]*)";
+    var emptyQuote = "((?:\"\")|(?:''))";
+    var skipSpace = "(?:\\s*)";
+    var token = "(?:" + dblQuote + "|" + sngQuote + "|" + dblSquare + "|" + dblBrace + "|" + unQuoted + "|" + emptyQuote + ")";
+    var re = noNames
+        ? new RegExp(token,"mg")
+        : new RegExp(skipSpace + token + skipSpace + "(?:(\\:)" + skipSpace + token + ")?","mg");
+    var params = [];
+    do {
+        var match = re.exec(this);
+        if(match)
+            {
+            var n = parseToken(match,1);
+            if(noNames)
+                r.push({name: "", value: n});
+            else
+                {
+                var v = parseToken(match,8);
+                if(v == null && defaultName)
+                    {
+                    v = n;
+                    n = defaultName;
+                    }
+                else if(v == null && defaultValue)
+                    v = defaultValue;
+                r.push({name: n, value: v});
+                if(cascadeDefaults)
+                    {
+                    defaultName = n;
+                    defaultValue = v;
+                    }
+                }
+            }
+    } while(match);
+    // Summarise parameters into first element
+    for(var t=1; t<r.length; t++)
+        {
+        if(r[0][r[t].name])
+            r[0][r[t].name].push(r[t].value);
+        else
+            r[0][r[t].name] = [r[t].value];
+        }
+    return r;
+}
+
+// Process a string list of macro parameters into an array. Parameters can be quoted with "", '',
+// [[]], {{ }} or left unquoted (and therefore space-separated). Double-braces {{}} results in
+// an *evaluated* parameter: e.g. {{config.options.txtUserName}} results in the current user's name.
+String.prototype.readMacroParams = function()
+{
+    var p = this.parseParams("list",null,true,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.push(p[t].value);
+    return n;
+}
+
+// Process a string list of unique tiddler names into an array. Tiddler names that have spaces in them must be [[bracketed]]
+String.prototype.readBracketedList = function(unique)
+{
+    var p = this.parseParams("list",null,false,true);
+    var n = [];
+    for(var t=1; t<p.length; t++)
+        n.pushUnique(p[t].value,unique);
+    return n;
+}
+
+// Returns array with start and end index of chunk between given start and end marker, or undefined.
+String.prototype.getChunkRange = function(start,end)
+{
+    var s = this.indexOf(start);
+    if(s != -1)
+        {
+        s += start.length;
+        var e = this.indexOf(end,s);
+        if(e != -1)
+            return [s, e];
+        }
+}
+
+// Replace a chunk of a string given start and end markers
+String.prototype.replaceChunk = function(start,end,sub)
+{
+    var r = this.getChunkRange(start,end);
+    return r
+        ? this.substring(0,r[0]) + sub + this.substring(r[1])
+        : this;
+}
+
+// Returns a chunk of a string between start and end markers, or undefined
+String.prototype.getChunk = function(start,end)
+{
+    var r = this.getChunkRange(start,end);
+    if (r)
+        return this.substring(r[0],r[1]);
+}
+
+
+// Static method to bracket a string with double square brackets if it contains a space
+String.encodeTiddlyLink = function(title)
+{
+    if(title.indexOf(" ") == -1)
+        return(title);
+    else
+        return("[[" + title + "]]");
+}
+
+// Static method to encodeTiddlyLink for every item in an array and join them with spaces
+String.encodeTiddlyLinkList = function(list)
+{
+    if(list)
+        {
+        var results = [];
+        for(var t=0; t<list.length; t++)
+            results.push(String.encodeTiddlyLink(list[t]));
+        return results.join(" ");
+        }
+    else
+        return "";
+}
+
+// Static method to left-pad a string with 0s to a certain width
+String.zeroPad = function(n,d)
+{
+    var s = n.toString();
+    if(s.length < d)
+        s = "000000000000000000000000000".substr(0,d-s.length) + s;
+    return(s);
+}
+
+String.prototype.startsWith = function(prefix)
+{
+    return !prefix || this.substring(0,prefix.length) == prefix;
+}
+
+// Returns the first value of the given named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//# @return [may be null/undefined]
+//#
+function getParam(params, name, defaultValue) {
+    if (!params)
+        return defaultValue;
+    var p = params[0][name];
+    return p ? p[0] : defaultValue;
+}
+
+// Returns the first value of the given boolean named parameter.
+//#
+//# @param params
+//#         as returned by parseParams or null/undefined
+//#
+function getFlag(params, name, defaultValue) {
+    return !!getParam(params, name, defaultValue);
+}
+
+// Substitute date components into a string
+Date.prototype.formatString = function(template)
+{
+    var t = template.replace(/0hh12/g,String.zeroPad(this.getHours12(),2));
+    t = t.replace(/hh12/g,this.getHours12());
+    t = t.replace(/0hh/g,String.zeroPad(this.getHours(),2));
+    t = t.replace(/hh/g,this.getHours());
+    t = t.replace(/0mm/g,String.zeroPad(this.getMinutes(),2));
+    t = t.replace(/mm/g,this.getMinutes());
+    t = t.replace(/0ss/g,String.zeroPad(this.getSeconds(),2));
+    t = t.replace(/ss/g,this.getSeconds());
+    t = t.replace(/[ap]m/g,this.getAmPm().toLowerCase());
+    t = t.replace(/[AP]M/g,this.getAmPm().toUpperCase());
+    t = t.replace(/wYYYY/g,this.getYearForWeekNo());
+    t = t.replace(/wYY/g,String.zeroPad(this.getYearForWeekNo()-2000,2));
+    t = t.replace(/YYYY/g,this.getFullYear());
+    t = t.replace(/YY/g,String.zeroPad(this.getFullYear()-2000,2));
+    t = t.replace(/MMM/g,config.messages.dates.months[this.getMonth()]);
+    t = t.replace(/mmm/g,config.messages.dates.shortMonths[this.getMonth()]);
+    t = t.replace(/0MM/g,String.zeroPad(this.getMonth()+1,2));
+    t = t.replace(/MM/g,this.getMonth()+1);
+    t = t.replace(/0WW/g,String.zeroPad(this.getWeek(),2));
+    t = t.replace(/WW/g,this.getWeek());
+    t = t.replace(/DDD/g,config.messages.dates.days[this.getDay()]);
+    t = t.replace(/ddd/g,config.messages.dates.shortDays[this.getDay()]);
+    t = t.replace(/0DD/g,String.zeroPad(this.getDate(),2));
+    t = t.replace(/DDth/g,this.getDate()+this.daySuffix());
+    t = t.replace(/DD/g,this.getDate());
+    return t;
+}
+
+Date.prototype.getWeek = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week to calculate weekNo
+    var n = Math.floor((dt.getTime()-new Date(dt.getFullYear(),0,1)+3600000)/86400000);
+    return Math.floor(n/7)+1;
+}
+
+Date.prototype.getYearForWeekNo = function()
+{
+    var dt = new Date(this.getTime());
+    var d = dt.getDay();
+    if (d==0) d=7;// JavaScript Sun=0, ISO Sun=7
+    dt.setTime(dt.getTime()+(4-d)*86400000);// shift day to Thurs of same week
+    return dt.getFullYear();
+}
+
+Date.prototype.getHours12 = function()
+{
+    var h = this.getHours();
+    return h > 12 ? h-12 : ( h > 0 ? h : 12 );
+}
+
+Date.prototype.getAmPm = function()
+{
+    return this.getHours() >= 12 ? "pm" : "am";
+}
+
+Date.prototype.daySuffix = function()
+{
+    var num = this.getDate();
+    if (num >= 11 && num <= 13) return "th";
+    else if (num.toString().substr(-1)=="1") return "st";
+    else if (num.toString().substr(-1)=="2") return "nd";
+    else if (num.toString().substr(-1)=="3") return "rd";
+    return "th";
+}
+
+// Convert a date to local YYYYMMDDHHMM string format
+Date.prototype.convertToLocalYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getFullYear(),4) + String.zeroPad(this.getMonth()+1,2) + String.zeroPad(this.getDate(),2) + String.zeroPad(this.getHours(),2) + String.zeroPad(this.getMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDDHHMM string format
+Date.prototype.convertToYYYYMMDDHHMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2));
+}
+
+// Convert a date to UTC YYYYMMDD.HHMMSSMMM string format
+Date.prototype.convertToYYYYMMDDHHMMSSMMM = function()
+{
+    return(String.zeroPad(this.getUTCFullYear(),4) + String.zeroPad(this.getUTCMonth()+1,2) + String.zeroPad(this.getUTCDate(),2) + "." + String.zeroPad(this.getUTCHours(),2) + String.zeroPad(this.getUTCMinutes(),2) + String.zeroPad(this.getUTCSeconds(),2) + String.zeroPad(this.getUTCMilliseconds(),4));
+}
+
+// Static method to create a date from a UTC YYYYMMDDHHMM format string
+Date.convertFromYYYYMMDDHHMM = function(d)
+{
+    var theDate = new Date(Date.UTC(parseInt(d.substr(0,4),10),
+                            parseInt(d.substr(4,2),10)-1,
+                            parseInt(d.substr(6,2),10),
+                            parseInt(d.substr(8,2),10),
+                            parseInt(d.substr(10,2),10),0,0));
+    return(theDate);
+}
+
+// ---------------------------------------------------------------------------------
+// Crypto functions and associated conversion routines
+// ---------------------------------------------------------------------------------
+
+// Crypto "namespace"
+function Crypto() {}
+
+// Convert a string to an array of big-endian 32-bit words
+Crypto.strToBe32s = function(str)
+{
+    var be = Array();
+    var len = Math.floor(str.length/4);
+    var i, j;
+    for(i=0, j=0; i<len; i++, j+=4)
+        {
+        be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
+        }
+    while (j<str.length)
+        {
+        be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
+        j++;
+        }
+    return be;
+}
+
+// Convert an array of big-endian 32-bit words to a string
+Crypto.be32sToStr = function(be)
+{
+    var str = "";
+    for(var i=0;i<be.length*32;i+=8)
+        str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
+    return str;
+}
+
+// Convert an array of big-endian 32-bit words to a hex string
+Crypto.be32sToHex = function(be)
+{
+    var hex = "0123456789ABCDEF";
+    var str = "";
+    for(var i=0;i<be.length*4;i++)
+        str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
+    return str;
+}
+
+// Return, in hex, the SHA-1 hash of a string
+Crypto.hexSha1Str = function(str)
+{
+    return Crypto.be32sToHex(Crypto.sha1Str(str));
+}
+
+// Return the SHA-1 hash of a string
+Crypto.sha1Str = function(str)
+{
+    return Crypto.sha1(Crypto.strToBe32s(str),str.length);
+}
+
+// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
+Crypto.sha1 = function(x,blen)
+{
+    // Add 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32 = function(a,b)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Add five 32-bit integers, wrapping at 32 bits
+    //# Uses 16-bit operations internally to work around bugs in some JavaScript interpreters.
+    add32x5 = function(a,b,c,d,e)
+    {
+        var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
+        var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
+        return (msw<<16)|(lsw&0xFFFF);
+    };
+    // Bitwise rotate left a 32-bit integer by 1 bit
+    rol32 = function(n)
+    {
+        return (n>>>31)|(n<<1);
+    };
+
+    var len = blen*8;
+    // Append padding so length in bits is 448 mod 512
+    x[len>>5] |= 0x80 << (24-len%32);
+    // Append length
+    x[((len+64>>9)<<4)+15] = len;
+    var w = Array(80);
+
+    var k1 = 0x5A827999;
+    var k2 = 0x6ED9EBA1;
+    var k3 = 0x8F1BBCDC;
+    var k4 = 0xCA62C1D6;
+
+    var h0 = 0x67452301;
+    var h1 = 0xEFCDAB89;
+    var h2 = 0x98BADCFE;
+    var h3 = 0x10325476;
+    var h4 = 0xC3D2E1F0;
+
+    for(var i=0;i<x.length;i+=16)
+        {
+        var j,t;
+        var a = h0;
+        var b = h1;
+        var c = h2;
+        var d = h3;
+        var e = h4;
+        for(j = 0;j<16;j++)
+            {
+            w[j] = x[i+j];
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=16;j<20;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=20;j<40;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=40;j<60;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+        for(j=60;j<80;j++)
+            {
+            w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
+            t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
+            e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
+            }
+
+        h0 = add32(h0,a);
+        h1 = add32(h1,b);
+        h2 = add32(h2,c);
+        h3 = add32(h3,d);
+        h4 = add32(h4,e);
+        }
+    return Array(h0,h1,h2,h3,h4);
+}
+
+// ---------------------------------------------------------------------------------
+// RGB colour object
+// ---------------------------------------------------------------------------------
+
+// Construct an RGB colour object from a '#rrggbb', '#rgb' or 'rgb(n,n,n)' string or from separate r,g,b values
+function RGB(r,g,b)
+{
+    this.r = 0;
+    this.g = 0;
+    this.b = 0;
+    if(typeof r == "string")
+        {
+        if(r.substr(0,1) == "#")
+            {
+            if(r.length == 7)
+                {
+                this.r = parseInt(r.substr(1,2),16)/255;
+                this.g = parseInt(r.substr(3,2),16)/255;
+                this.b = parseInt(r.substr(5,2),16)/255;
+                }
+            else
+                {
+                this.r = parseInt(r.substr(1,1),16)/15;
+                this.g = parseInt(r.substr(2,1),16)/15;
+                this.b = parseInt(r.substr(3,1),16)/15;
+                }
+            }
+        else
+            {
+            var rgbPattern = /rgb\s*\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*\)/ ;
+            var c = r.match(rgbPattern);
+            if (c)
+                {
+                this.r = parseInt(c[1],10)/255;
+                this.g = parseInt(c[2],10)/255;
+                this.b = parseInt(c[3],10)/255;
+                }
+            }
+        }
+    else
+        {
+        this.r = r;
+        this.g = g;
+        this.b = b;
+        }
+    return this;
+}
+
+// Mixes this colour with another in a specified proportion
+// c = other colour to mix
+// f = 0..1 where 0 is this colour and 1 is the new colour
+// Returns an RGB object
+RGB.prototype.mix = function(c,f)
+{
+    return new RGB(this.r + (c.r-this.r) * f,this.g + (c.g-this.g) * f,this.b + (c.b-this.b) * f);
+}
+
+// Return an rgb colour as a #rrggbb format hex string
+RGB.prototype.toString = function()
+{
+    var r = this.r.clamp(0,1);
+    var g = this.g.clamp(0,1);
+    var b = this.b.clamp(0,1);
+    return("#" + ("0" + Math.floor(r * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(g * 255).toString(16)).right(2) +
+                 ("0" + Math.floor(b * 255).toString(16)).right(2));
+}
+
+// ---------------------------------------------------------------------------------
+// DOM utilities - many derived from www.quirksmode.org
+// ---------------------------------------------------------------------------------
+
+function drawGradient(place,horiz,colours)
+{
+    for(var t=0; t<= 100; t+=2)
+        {
+        var bar = document.createElement("div");
+        place.appendChild(bar);
+        bar.style.position = "absolute";
+        bar.style.left = horiz ? t + "%" : 0;
+        bar.style.top = horiz ? 0 : t + "%";
+        bar.style.width = horiz ? (101-t) + "%" : "100%";
+        bar.style.height = horiz ? "100%" : (101-t) + "%";
+        bar.style.zIndex = -1;
+        var f = t/100;
+        var p = f*(colours.length-1);
+        bar.style.backgroundColor = colours[Math.floor(p)].mix(colours[Math.ceil(p)],p-Math.floor(p)).toString();
+        }
+}
+
+function createTiddlyText(theParent,theText)
+{
+    return theParent.appendChild(document.createTextNode(theText));
+}
+
+function createTiddlyCheckbox(theParent,caption,checked,onChange)
+{
+    var cb = document.createElement("input");
+    cb.setAttribute("type","checkbox");
+    cb.onclick = onChange;
+    theParent.appendChild(cb);
+    cb.checked = checked;
+    cb.className = "chkOptionInput";
+    if(caption)
+        wikify(caption,theParent);
+    return cb;
+}
+
+function createTiddlyElement(theParent,theElement,theID,theClass,theText)
+{
+    var e = document.createElement(theElement);
+    if(theClass != null)
+        e.className = theClass;
+    if(theID != null)
+        e.setAttribute("id",theID);
+    if(theText != null)
+        e.appendChild(document.createTextNode(theText));
+    if(theParent != null)
+        theParent.appendChild(e);
+    return(e);
+}
+
+// Add an event handler
+// Thanks to John Resig, via QuirksMode
+function addEvent(obj,type,fn)
+{
+    if(obj.attachEvent)
+        {
+        obj['e'+type+fn] = fn;
+        obj[type+fn] = function(){obj['e'+type+fn](window.event);}
+        obj.attachEvent('on'+type,obj[type+fn]);
+        }
+    else
+        obj.addEventListener(type,fn,false);
+}
+
+// Remove  an event handler
+// Thanks to John Resig, via QuirksMode
+function removeEvent(obj,type,fn)
+{
+    if(obj.detachEvent)
+        {
+        obj.detachEvent('on'+type,obj[type+fn]);
+        obj[type+fn] = null;
+        }
+    else
+        obj.removeEventListener(type,fn,false);
+}
+
+function addClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    if(currClass.indexOf(theClass) == -1)
+        e.className += " " + theClass;
+}
+
+function removeClass(e,theClass)
+{
+    var currClass = e.className.split(" ");
+    var i = currClass.indexOf(theClass);
+    while(i != -1)
+        {
+        currClass.splice(i,1);
+        i = currClass.indexOf(theClass);
+        }
+    e.className = currClass.join(" ");
+}
+
+function hasClass(e,theClass)
+{
+    if(e.className)
+        {
+        if(e.className.split(" ").indexOf(theClass) != -1)
+            return true;
+        }
+    return false;
+}
+
+// Find the closest relative with a given property value (property defaults to tagName, relative defaults to parentNode)
+function findRelated(e,value,name,relative)
+{
+    name = name ? name : "tagName";
+    relative = relative ? relative : "parentNode";
+    if(name == "className")
+        {
+        while(e && !hasClass(e,value))
+            {
+            e = e[relative];
+            }
+        }
+    else
+        {
+        while(e && e[name] != value)
+            {
+            e = e[relative];
+            }
+        }
+    return e;
+}
+
+// Resolve the target object of an event
+function resolveTarget(e)
+{
+    var obj;
+    if (e.target)
+        obj = e.target;
+    else if (e.srcElement)
+        obj = e.srcElement;
+    if (obj.nodeType == 3) // defeat Safari bug
+        obj = obj.parentNode;
+    return(obj);
+}
+
+// Return the content of an element as plain text with no formatting
+function getPlainText(e)
+{
+    var text = "";
+    if(e.innerText)
+        text = e.innerText;
+    else if(e.textContent)
+        text = e.textContent;
+    return text;
+}
+
+// Get the scroll position for window.scrollTo necessary to scroll a given element into view
+function ensureVisible(e)
+{
+    var posTop = findPosY(e);
+    var posBot = posTop + e.offsetHeight;
+    var winTop = findScrollY();
+    var winHeight = findWindowHeight();
+    var winBot = winTop + winHeight;
+    if(posTop < winTop)
+        return(posTop);
+    else if(posBot > winBot)
+        {
+        if(e.offsetHeight < winHeight)
+            return(posTop - (winHeight - e.offsetHeight));
+        else
+            return(posTop);
+        }
+    else
+        return(winTop);
+}
+
+// Get the current width of the display window
+function findWindowWidth()
+{
+    return(window.innerWidth ? window.innerWidth : document.documentElement.clientWidth);
+}
+
+// Get the current height of the display window
+function findWindowHeight()
+{
+    return(window.innerHeight ? window.innerHeight : document.documentElement.clientHeight);
+}
+
+// Get the current horizontal page scroll position
+function findScrollX()
+{
+    return(window.scrollX ? window.scrollX : document.documentElement.scrollLeft);
+}
+
+// Get the current vertical page scroll position
+function findScrollY()
+{
+    return(window.scrollY ? window.scrollY : document.documentElement.scrollTop);
+}
+
+function findPosX(obj)
+{
+    var curleft = 0;
+    while (obj.offsetParent)
+        {
+        curleft += obj.offsetLeft;
+        obj = obj.offsetParent;
+        }
+    return curleft;
+}
+
+function findPosY(obj)
+{
+    var curtop = 0;
+    while (obj.offsetParent)
+        {
+        curtop += obj.offsetTop;
+        obj = obj.offsetParent;
+        }
+    return curtop;
+}
+
+// Blur a particular element
+function blurElement(e)
+{
+    if(e != null && e.focus && e.blur)
+        {
+        e.focus();
+        e.blur();
+        }
+}
+
+// Create a non-breaking space
+function insertSpacer(place)
+{
+    var e = document.createTextNode(String.fromCharCode(160));
+    if(place)
+        place.appendChild(e);
+    return e;
+}
+
+// Remove all children of a node
+function removeChildren(e)
+{
+    while(e.hasChildNodes())
+        e.removeChild(e.firstChild);
+}
+
+// Add a stylesheet, replacing any previous custom stylesheet
+function setStylesheet(s,id)
+{
+    if(!id)
+        id = "customStyleSheet";
+    var n = document.getElementById(id);
+    if(document.createStyleSheet) // Test for IE's non-standard createStyleSheet method
+        {
+        if(n)
+            n.parentNode.removeChild(n);
+        // This failed without the &nbsp;
+        document.getElementsByTagName("head")[0].insertAdjacentHTML("beforeEnd","&nbsp;<style id='" + id + "'>" + s + "</style>");
+        }
+    else
+        {
+        if(n)
+            n.replaceChild(document.createTextNode(s),n.firstChild);
+        else
+            {
+            var n = document.createElement("style");
+            n.type = "text/css";
+            n.id = id;
+            n.appendChild(document.createTextNode(s));
+            document.getElementsByTagName("head")[0].appendChild(n);
+            }
+        }
+}
+
+// Replace the current selection of a textarea or text input and scroll it into view
+
+function replaceSelection(e,text)
+{
+    if (e.setSelectionRange)
+        {
+        var oldpos = e.selectionStart + 1;
+        e.value = e.value.substr(0,e.selectionStart) + text + e.value.substr(e.selectionStart);
+        e.setSelectionRange( oldpos, oldpos);
+        var linecount = e.value.split('\n').length;
+        var thisline = e.value.substr(0,e.selectionStart).split('\n').length-1;
+        e.scrollTop = Math.floor((thisline-e.rows/2)*e.scrollHeight/linecount);
+        }
+    else if (document.selection)
+        {
+        var range = document.selection.createRange();
+        if (range.parentElement() == e)
+            {
+            var isCollapsed = range.text == "";
+            range.text = text;
+             if (!isCollapsed)
+                {
+                range.moveStart('character', -text.length);
+                range.select();
+                }
+            }
+        }
+}
+
+// Returns the text of the given (text) node, possibly merging subsequent text nodes
+function getNodeText(e)
+{
+    var t = "";
+    while (e && e.nodeName == "#text")
+        {
+        t += e.nodeValue;
+        e = e.nextSibling;
+        }
+    return t;
+}
+//# -------------------------
+//# LoaderBase: A (abstract) storage loader that loads the tiddlers from a list of HTML elements.
+//# The format of the elements is defined by subclasses of this loader through the internalizeTiddler implementation.
+//# Subclasses must implement:
+//#             function getTitle(store, e)
+//#
+//# store must implement:
+//#             function createTiddler(title).
+//#
+
+function LoaderBase()
+{
+}
+
+LoaderBase.prototype.loadTiddler = function(store,e,tiddlers)
+{
+    var title = this.getTitle(store, e);
+    if (title)
+        {
+        var tiddler = store.createTiddler(title);
+        this.internalizeTiddler(store, tiddler, title, e);
+        tiddlers.push(tiddler);
+        }
+}
+
+LoaderBase.prototype.loadTiddlers = function(store,nodes)
+{
+    var tiddlers = [];
+    for (var t = 0; t < nodes.length; t++)
+        {
+        try
+            {
+            this.loadTiddler(store, nodes[t], tiddlers);
+            }
+        catch(e)
+            {
+            showException(e, config.messages.tiddlerLoadError.format([this.getTitle(store, nodes[t])]));
+            }
+        }
+    return tiddlers;
+}
+
+//# -------------------------
+//# SaverBase: a (abstract) storage saver that externalizes all tiddlers into a string,
+//# with every tiddler individually externalized (using this.externalizeTiddler) and joined with newlines
+//# Subclasses must implement:
+//#             function externalizeTiddler(store, tiddler)
+//#
+//# store must implement:
+//#             function getTiddlers(sortByFieldName)
+//#
+
+function SaverBase()
+{
+}
+
+SaverBase.prototype.externalize = function(store)
+{
+    var results = [];
+    var tiddlers = store.getTiddlers("title");
+    for (var t = 0; t < tiddlers.length; t++)
+        results.push(this.externalizeTiddler(store, tiddlers[t]));
+    return results.join("\n");
+}
+//--------------------------------
+// TW21Loader (inherits from LoaderBase)
+
+function TW21Loader() {};
+
+TW21Loader.prototype = new LoaderBase();
+
+TW21Loader.prototype.getTitle = function(store, e) {
+    var title = null;
+    if(e.getAttribute)
+        title = e.getAttribute("tiddler");
+    if(!title && e.id) {
+        var lenPrefix = store.idPrefix.length;
+        if (e.id.substr(0,lenPrefix) == store.idPrefix)
+            title = e.id.substr(lenPrefix);
+    }
+    return title;
+}
+
+TW21Loader.prototype.internalizeTiddler = function(store, tiddler, title, data) {
+    var text = getNodeText(data.firstChild).unescapeLineBreaks();
+    var modifier = data.getAttribute("modifier");
+    var modified = Date.convertFromYYYYMMDDHHMM(data.getAttribute("modified"));
+    var c = data.getAttribute("created");
+    var created = c ? Date.convertFromYYYYMMDDHHMM(c) : modified;
+    var tags = data.getAttribute("tags");
+    var fields = {};
+    var attrs = data.attributes;
+    for(var i = attrs.length-1; i >= 0; i--) {
+        var name = attrs[i].name;
+        if (attrs[i].specified && !TiddlyWiki.isStandardField(name)) {
+            fields[name] = attrs[i].value.unescapeLineBreaks();
+        }
+    }
+    tiddler.assign(title,text,modifier,modified,tags,created, fields);
+    return tiddler;
+};
+
+//--------------------------------
+// TW21Saver (inherits from SaverBase)
+
+function TW21Saver() {};
+
+TW21Saver.prototype = new SaverBase();
+
+TW21Saver.prototype.externalizeTiddler = function(store, tiddler)
+{
+    try {
+        var extendedFieldAttributes = "";
+        store.forEachField(tiddler,
+            function(tiddler, fieldName, value) {
+                // don't store stuff from the temp namespace
+                if (!fieldName.match(/^temp\./))
+                    extendedFieldAttributes += ' %0="%1"'.format([fieldName, value.escapeLineBreaks().htmlEncode()]);
+            }, true);
+        return '<div tiddler="%0" modifier="%1" modified="%2" created="%3" tags="%4"%6>%5</div>'.format([
+                tiddler.title.htmlEncode(),
+                tiddler.modifier.htmlEncode(),
+                tiddler.modified.convertToYYYYMMDDHHMM(),
+                tiddler.created.convertToYYYYMMDDHHMM(),
+                tiddler.getTags().htmlEncode(),
+                tiddler.escapeLineBreaks().htmlEncode(),
+                extendedFieldAttributes
+            ]);
+    } catch (e) {
+        throw exceptionText(e, config.messages.tiddlerSaveError.format([tiddler.title]));
+    }
+}
+
+// ---------------------------------------------------------------------------------
+// Deprecated code
+// ---------------------------------------------------------------------------------
+
+// @Deprecated: Use createElementAndWikify and this.termRegExp instead
+config.formatterHelpers.charFormatHelper = function(w)
+{
+    w.subWikify(createTiddlyElement(w.output,this.element),this.terminator);
+}
+
+// @Deprecated: Use enclosedTextHelper and this.lookaheadRegExp instead
+config.formatterHelpers.monospacedByLineHelper = function(w)
+{
+    var lookaheadRegExp = new RegExp(this.lookahead,"mg");
+    lookaheadRegExp.lastIndex = w.matchStart;
+    var lookaheadMatch = lookaheadRegExp.exec(w.source);
+    if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
+        {
+        var text = lookaheadMatch[1];
+        if(config.browser.isIE)
+            text = text.replace(/\n/g,"\r");
+        createTiddlyElement(w.output,"pre",null,null,text);
+        w.nextMatch = lookaheadRegExp.lastIndex;
+        }
+}
+
+// @Deprecated: Use <br> or <br /> instead of <<br>>
+config.macros.br.handler = function(place)
+{
+    createTiddlyElement(place,"br");
+}
+
+// Find an entry in an array. Returns the array index or null
+// @Deprecated: Use indexOf instead
+Array.prototype.find = function(item)
+{
+    var i = this.indexOf(item);
+    return i == -1 ? null : i;
+}
+
+// Load a tiddler from an HTML DIV. The caller should make sure to later call Tiddler.changed()
+// @Deprecated: Use store.getLoader().internalizeTiddler instead
+Tiddler.prototype.loadFromDiv = function(divRef,title)
+{
+    return store.getLoader().internalizeTiddler(store,this,title,divRef);
+}
+
+// Format the text for storage in an HTML DIV
+// @Deprecated Use store.getSaver().externalizeTiddler instead.
+Tiddler.prototype.saveToDiv = function()
+{
+    return store.getSaver().externalizeTiddler(store,this);
+}
+
+// @Deprecated: Use store.allTiddlersAsHtml() instead
+function allTiddlersAsHtml()
+{
+    return store.allTiddlersAsHtml();
+}
+
+// @Deprecated: Use refreshPageTemplate instead
+function applyPageTemplate(title)
+{
+    refreshPageTemplate(title);
+}
+
+// @Deprecated: Use story.displayTiddlers instead
+function displayTiddlers(srcElement,titles,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddlers(srcElement,titles,template,animate,slowly);
+}
+
+// @Deprecated: Use story.displayTiddler instead
+function displayTiddler(srcElement,title,template,unused1,unused2,animate,slowly)
+{
+    story.displayTiddler(srcElement,title,template,animate,slowly);
+}
+
+// @Deprecated: Use functions on right hand side directly instead
+var createTiddlerPopup = Popup.create;
+var scrollToTiddlerPopup = Popup.show;
+var hideTiddlerPopup = Popup.remove;
+
+// @Deprecated: Use right hand side directly instead
+var regexpBackSlashEn = new RegExp("\\\\n","mg");
+var regexpBackSlash = new RegExp("\\\\","mg");
+var regexpBackSlashEss = new RegExp("\\\\s","mg");
+var regexpNewLine = new RegExp("\n","mg");
+var regexpCarriageReturn = new RegExp("\r","mg");
+// ---------------------------------------------------------------------------------
+// End of scripts
+merge(config.shadowTiddlers,{SiteTitle:'DevFire'});
+merge(config.shadowTiddlers,{MainMenu:"PageTemplate\nStyleSheet\nMainMenu\nDefaultTiddlers"});
+merge(config.shadowTiddlers,{SiteSubtitle:"a theme for ~TiddlyWiki"});
+merge(config.shadowTiddlers,{DefaultTiddlers:"LorumIpsum"});
+merge(config.shadowTiddlers,{LorumIpsum:"Aenean eros arcu, condimentum nec, dapibus ut, tincidunt sit amet, urna. Quisque viverra, eros sed imperdiet iaculis, est risus facilisis quam, id malesuada arcu nulla luctus urna. Nullam et est. Vestibulum velit sem, faucibus cursus, dapibus vestibulum, pellentesque et, urna. Donec luctus. Donec lectus. Aliquam eget eros facilisis tortor feugiat sollicitudin. Integer lobortis vulputate sapien. Sed iaculis erat ac nunc. Etiam eu enim. Mauris ipsum urna, rhoncus at, bibendum sit amet, euismod eget, dolor. Mauris fermentum quam vitae ligula. Vestibulum in libero feugiat justo dictum consectetuer. Vestibulum euismod purus eget elit. Nunc sed massa porta elit bibendum posuere. Nunc pulvinar justo sit amet odio. In sed est. Phasellus ornare elementum nulla. Nulla ipsum neque, cursus a, viverra a, imperdiet at, enim. Quisque facilisis, diam sed accumsan suscipit, odio arcu hendrerit dolor, quis aliquet massa nulla nec sem.\n!heading 1\n!!heading 2\n!!!heading3\n----\n<<tag button>>\nThis is a link to a [[StyleSheet]] tiddler.\n\n> This is a blockquote\n> This is a blockquote\n> This is a blockquote\n|>|>| !This is a header |h\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|\n|column1|column2|column3|\n|row2| row2 |row2|"});
+// ---------------------------------------------------------------------------------
+//]]>
+</script>
+<style type="text/css">
+
+#saveTest {
+    display: none;
+}
+
+.zoomer {
+    display: none;
+}
+
+#messageArea {
+    display: none;
+}
+
+#copyright {
+    display: none;
+}
+
+.popup {
+    position: absolute;
+}
+
+#storeArea {
+    display: none;
+    margin: 4em 10em 3em;
+}
+
+#storeArea div {
+ padding: 0.5em;
+ margin: 1em 0em 0em 0em;
+ border-color: #f0f0f0 #606060 #404040 #d0d0d0;
+ border-style: solid;
+ border-width: 2px;
+ overflow: auto;
+}
+
+#javascriptWarning {
+    width: 100%;
+    text-align: center;
+    font-weight: bold;
+    background-color: #dd1100;
+    color: #fff;
+    padding:1em 0em;
+}
+
+</style>
+<!--POST-HEAD-START-->
+
+<!--POST-HEAD-END-->
+</head>
+<body onload="main();" onunload="if(window.checkUnsavedChanges) checkUnsavedChanges();">
+<!--PRE-BODY-START-->
+
+<!--PRE-BODY-END-->
+    <script type="text/javascript">
+//<![CDATA[
+if (useJavaSaver)
+    document.write("<applet style='position:absolute;left:-1px' name='TiddlySaver' code='TiddlySaver.class' archive='TiddlySaver.jar' width='1' height='1'></applet>");
+//]]>
+    </script>
+    <div id="copyright">
+    Welcome to TiddlyWiki by Jeremy Ruston, Copyright &copy; 2006 Osmosoft Limited
+    </div>
+    <noscript>
+        <div id="javascriptWarning">This page requires JavaScript to function properly</div>
+    </noscript>
+    <div id="saveTest"></div>
+    <div id="contentWrapper"></div>
+    <div id="contentStash"></div>
+    <div id="storeArea">
+<div tiddler="(built-in shadow tiddler)" modifier="axTLS" modified="200702240024" created="200702240024" tags="">changes, notes and errata</div>
+<div tiddler="Cam" modifier="axTLS" modified="200804011313" created="200804011313" tags="">Type the text for 'YourName'</div>
+<div tiddler="Changelog" modifier="axTLS" modified="201407011056" created="200702240022" tags="">@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.2 (2016-12-31)@@\n\n!!__SSL Library__\n* Basic constraint/key usage v3 extensions now supported\n* Test harness must now be run without built-in default cert\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.1 (2016-12-20)@@\n\n!!__SSL Library__\n* X509 State, country and location are now used for verification and display.\n* SNI hostname memory is now managed by the calling application\n* X509 version number is checked before processing v3 extensions.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.1.0 (2016-12-13)@@\n\n!!__SSL Library__\n* SNI added\n* Some non-C sample code updated.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.1 (2016-08-30)@@\n\n!!__SSL Library__\n* ~RC4 only used if ~PKCS12 is used.\n* Buffer sizes tightned up.\n* Buffer check on client handshake due to some incompatibilities.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 2.0.0 (2016-08-17)@@\n\n!!__SSL Library__\n* Support for TLS 1.2\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.4 (2016-07-07)@@\n\n!!__SSL Library__\n* Fixed client certificate issue where there is no client certificate and a certificate verify msg was still being sent.\n* Tag 64-bit constants with "LL" (e.g. keep ~AVR32 gcc happy)\n* Removed ~RC4 from the list of ciphers\n* Can handle chains that are out of order (thanks Paul Johnstone)\n* Removed some printfs in skeleton mode\n* Removed endian.h as it was causing some porting issues\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.3 (2015-04-30)@@\n\n!!__SSL Library__\n* Added named unions to ~SHA512 code as some compilers don't support it\n* Some other porting suggesions from Chris Ghormley\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.2 (2015-03-10)@@\n\n!!__SSL Library__\n* ~SHA384/~SHA512 support added\n* Security issue fixed where a plain text could be injected before the handshake was completed\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.1 (2014-11-19)@@\n\n!!__SSL Library__\n* ~SHA256 support added\n* All padding/separator bytes checked in ~RSA_decrypt()\n* Added check to get_asn1_length() to limit the number of octets and to not allow overflow\n* ~MD2 removed\n* Return code checked for get_random()\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.5.0 (2014-10-31)@@\n\n!!__SSL Library__\n* Fixed array access out of bounds bug in add_cert() (thanks Ole Reinhardt)\n* Fix handling of return values of ~SOCKET_READ in process_sslv23_client_hello() (thanks Ole Reinhardt)\n*  added generalized time for certificates\n* added printf changes from Fabian Frank to stop warnings/errors\n*  Moved setting encryption flags to after handshake completion (thanks Eric Hu)\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.9@@\n\n!!__SSL Library__\n* Fixed issue where the Chrome browser could not connect. This was due to Chrome sending different version numbers in its record header and client hello. ~AxTLS has been modified to use the client hello version as part of ~RFC5246.\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.8@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n\n!!__axhttpd__\n* The password hash broke due to an over zealous buffer overflow check. \n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.6@@\n\n!!__SSL Library__\n* Fixed issue where the stdint typedefs were not imported by default (stdint.h had to be included explicity) (thanks Anthony G. Basile)\n* Fixed RNG initialization issue where client library was performed incorrectly (thanks Gilles Boccon~-Gibod). \n\n!!__axhttpd__\n* Now compiles properly under TCP/IP v6.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.5@@\n\n!!__SSL Library__\n* Fixed possible buffer overflow when doing base64 decoding (thanks Emil Kvarnhammar).\n* Fixed unicode parsing error in certificates (thanks Eric Hu)\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.4@@\n\n!!__axhttpd__\n* Allow other CGI applications (such as PHP) to call HTML files from their command line.\n\n!!__SSL Library__\n* Fixed memory leak with invalid certificates (thanks Jon Trauntvein)\n* Fixed issue with non-blocking client connections not working properly (thanks Richard Titmuss).\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.3@@\n\n!!__SSL Library__\n* axtlswrap compilation error fixed.\n\n!!__axhttpd__\n* added '-w' command-line option to set the webroot directory.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.2@@\n\n!!__SSL Library__\n* bi_export  could have a buffer overrun with incorrect input (thanks Gilles ~Boccon-Gibod - 3334305)\n\n!!__axhttpd__\n* ~RFC1123 time format used in the headers.\n* Expires heading added (current time + ~CONFIG_HTTP_TIMEOUT)\n* UTC/localtime issue with ~If-Modified-Since header.\n\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.1@@\n\n!!__SSL Library__\n* Allow reading of ~PKCS8/12 unencrypted keys in PEM format and mconf will allow the option in server mode (thanks Steve Bennett).\n* Issue where comparing a null and an empty string could return a false positive for cert check (thanks Gilles ~Boccon-Gibod - 3310885).\n* -fPIC added as a Linux compile option.\n\n!!__axhttpd__\n* Killing connections on session timeout is guaranteed.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.4.0@@\n\n!!__SSL Library__\n* TLS v1.1 implemented and is enabled by default.\n* Closure alerts implemented correctly.\n* Fixed issue with ~SSLv23 hello versioning. \n \n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.4@@\n\n!!__SSL Library__\n* SSL 2.0 client hello is turned off by default as per RFC 4346 Appendix E.\n* Client determines the cipher suite selected rather than the server as per RFC 4346 7.4.1.2.\n* Guard against timing HMAC timing attacks as per RFC 4346 6.2.3.2.\n* Fixed ~SOCKET_WRITE buffer issue (thanks  Hardy Griech - 3177419)\n* Fixed variable length MAC issue as used by gnutls.\n* Fixed version issue when TLS &gt;=1.1 is used.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.2@@\n\n!!__SSL Library__\n* Loading of PEM certificate bundles now loads CA certs properly.\n* ssl_client_new() can now be broken up into an ssl_client_new() and successive ssl_read()'s now by setting the ~SSL_CONNECT_IN_PARTS as an option in ssl_ctx_new().\n* Non-blocked mode is now not a requirement but calls may still be blocked.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.1@@\n\n!!__SSL Library__\n* Certificate bundles which contain &quot;invalid&quot; certificates (i.e. invalid digests types etc) are ignored rather than cause failure.\n\n!!__axhttpd__\n* ~HTTPv1.0 packets close a connection upon completion.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.3.0@@\n\n!!__SSL Library__\n* Close notify is now sent as an error code from ssl_read(). Server code should be modified to check for ~SSL_CLOSE_NOTIFY (thanks to Eric Hu - 3132700).\n* regular_square() issue fixed (3078672)\n* partial_multiply() removed and merged with regular_multiply() (3078372).\n* Invalid session id size now returns ~SSL_ERROR_INVALID_SESSION (thanks to Hardy Griech - 3072881)\n* q-dash issue with Barrett reduction fixed (thanks to Hardy Griech - 3079291).\n* PEM file detection now looks for &quot;-BEGIN&quot; in any part of the file rather than at the start (3123838).\n* 8/16/32 bit native int sizes can be selected in configuration.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.7@@\n\n!!__SSL Library__\n* A fix to find_max_exp_index() (thanks to Hardy Griech).\n* Check is made to get_cipher_info() if the appropriate cipher is not found (thanks to Hardy Griech).\n* Extra x509_free() removed from do_client_connect().\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.5@@\n\n!!__SSL Library__\n* The custom RNG updated to use an entropy pool (with better hooks to use counters).\n\n!!__axhttpd__\n* Headers are case insensitive (thanks to Joe Pruett for this and the following).\n* Child zombie issue fixed.\n* EOF on ~POSTs fixed.\n* Expect is ignored.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.4@@\n\n!!__SSL Library__\n* Client renegotiation now results in an error. This is the result of a security flaw described in this paper http://extendedsubset.com/Renegotiating_TLS.pdf, and also is explained in detail here http://www.cupfighter.net/index.php/2009/11/tls-renegotiation-attack/.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.3@@\n\n!!__SSL Library__\n* v3 certificates with ~SANs now supports (thanks to Carsten Sørensen).\n* axtlswrap added - a port of sslwrap (thanks to Steve Bennett)\n\n!!__axhttpd__\n* shutdown() called before socket close in CGI (thanks to Tom Brown)\n* command-line parameters to specify the http/https port.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.2@@\n\n!!__axhttpd__\n* File uploads over 1kB (but under MAXPOSTDATASIZE) are now supported.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.1@@\n\n!!__SSL Library__\n* Certificate verification now works for Firefox.\n* Extended the openssl API.\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.2.0@@\n\n!!__SSL Library__\n* A self-signed certificate will be verified as ok provided that that it is on the certificate authority list.\n* Certificates are not verified when added as certificate authorities (since self-signed and expired certificates can be added to browsers etc)\n\n@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.9@@\n\n!!__SSL Library__\n* Now support MS IIS resource kit certificates (thanks to Carsten Sørensen).\n* Fixed a memory leak when freeing more than one CA certificate.\n* The bigint library had a problem with squaring which affected classical reduction (thanks to Manuel Klimek).\n\n!!__axhttpd__\n* Brought back setuid()/setgid() as an option.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.8@@\n\n!!__SSL Library__\n* Now using a BSD style license.\n* Self-signed certificates can now be automatically generated (the keys still need to be provided).\n* A new API call //ssl_x509_create()// can be used to programatically  create the certificate.\n* Certificate/keys can be loaded automatically given a file location.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.7@@\n\n!!__SSL Library__\n\n* Variable sized session id's is now better handled for session caching. It has meant a new API call //ssl_get_session_id_size()// and a change to //ssl_client_new()// to define the session id size.\n* Muliple records with a single header are now better supported (thanks to Hervé Sibert).\n* ~MD2 added for Verisign root cert verification (thanks to Byron Rakitzis).\n* The ~MD5/~SHA1 digests are calculated incrementally to reduce memory (thanks to Byron Rakitzis).\n* The bigint cache is now cleared regularly to reduce memory.\n\n!!__axhttpd__\n\n* Improved the POST handling (thanks to Christian Melki).\n* CSS files now work properly.\n* Lua's CGI launcher location is configurable.\n* //vfork()// is now used for CGI for performance reasons.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.6@@\n\n!!__SSL Library__\n\n* ~RC4 speed improvements\n* Lua samples/bindings now work properly\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.5@@\n\n!!__SSL Library__\n\n* Session id's can now be variable lengths in server hello messages.\n* 0 length client certificates are now supported.\n* ssl_version() now returns just the version and not the date.\n* ssl_write() was not sending complete packets under load.\n\n!!__axhttpd__\n\n* Completely updated the CGI code.\n* Lua now integrated - Lua scripts and Lua Pages now run.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.4@@\n\n!!__SSL Library__\n\n* Fixed a Win32 crypto library issue with non-Administrator users\n* Removed compiler warnings that showed up in ~FC6.\n* GNU TLS certificates are now accepted.\n* Separated the send/receive headers for HMAC calculations.\n* Fixed a compilation problem with swig/perl/~FC6.\n* Fixed an issue with loading PEM CA certificates.\n\n!!__axhttpd__\n\n* Made //setuid()/setgid()// call an mconf option.\n* Made //chroot()// an mconf option. Default to //chdir()// instead.\n* Removed optional permissions checking.\n\n!@@bgcolor(#ff0000):color(#ffffff):Changes for 1.1.1@@\n\n!!__SSL Library__\n\n* AES should now work on 16bit processors (there was an alignment problem).\n* Various freed objects are cleared before freeing.\n* Header files now installed in ///usr/local/include/axTLS//.\n* -DCYGWIN replaced with -~DCONFIG_PLATFORM_CYGWIN (and the same for Solaris).\n* removed &quot;-noextern&quot; option in Swig. Fixed some other warnings in Win32.\n* SSLCTX changed to ~SSL_CTX (to be consistent with openssl). SSLCTX still exists for backwards compatibility.\n* malloc() and friends call abort() on failure.\n* Fixed a memory leak in directory listings.\n* Added openssl() compatibility functions.\n* Fixed Cygwin 'make install' issue.\n\n!!__axhttpd__\n\n* main.c now becomes axhttpd.c.\n* Header file issue fixed (in mime_types.c).\n* //chroot()// now used for better security.\n* Basic authentication implemented (via .htpasswd).\n* SSL access/denial protection implemented (via .htaccess).\n* Directory access protection implemented (via .htaccess).\n* Can now have more than one CGI file extension in mconf.\n* &quot;~If-Modified-Since&quot; request now handled properly.\n* Performance tweaks to remove //ssl_find()//.</div> <div tiddler="DefaultTiddlers" modifier="axTLS" modified="200702240019" created="200702240019" tags="">[[Read Me]]</div> <div tiddler="License" modifier="axTLS" modified="200804011309" created="200702240022" tags="">axTLS uses a BSD style license:\n\nCopyright (c) 2008, Cameron Rich All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\nRedistributions of source code must retain the above copyright notice, this\nlist of conditions and the following disclaimer. Redistributions in binary\nform must reproduce the above copyright notice, this list of conditions and\nthe following disclaimer in the documentation and/or other materials\nprovided with the distribution. Neither the name of the axTLS Project nor\nthe names of its contributors may be used to endorse or promote products\nderived from this software without specific prior written permission. \n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot;\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH\nDAMAGE.</div> <div tiddler="MainMenu" modifier="axTLS" modified="400702250353" created="200702240021" tags="">[[Read Me]] \n[[Changelog]]\n[[axhttpd]]\n[[License]]</div>
+<div tiddler="PageTemplate" modifier="axTLS" modified="200701122313" created="200701122350" tags="DevFireTheme">&lt;div class='header' macro='gradient vert #390108 #900'&gt;\n&lt;div class='headerShadow'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;div class='headerForeground'&gt;\n&lt;span class='siteTitle' refresh='content' tiddler='SiteTitle'&gt;&lt;/span&gt;&amp;nbsp;\n&lt;span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'&gt;&lt;/span&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='mainMenu'&gt;\n&lt;div refresh='content' tiddler='MainMenu'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='sidebar'&gt;\n&lt;div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'&gt;&lt;/div&gt;\n&lt;div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'&gt;&lt;/div&gt;\n&lt;/div&gt;\n&lt;div id='displayArea'&gt;\n&lt;div id='messageArea'&gt;&lt;/div&gt;\n&lt;div id='tiddlerDisplay'&gt;&lt;/div&gt;\n&lt;/div&gt;</div>
+<div tiddler="Read Me" modifier="axTLS" modified="201405252317" created="200702240020" tags="">!@@bgcolor(#ff0000):color(#ffffff):axTLS Quick Start Guide@@\n\nThis is a guide to get a small SSL web-server up and running quickly.\n\n!!__Introduction__\n\nThe axTLS project is an SSL client/server library using the ~TLSv1 protocol. It is designed to be small and fast, and is suited to embedded projects. A web server is included.\n\nThe basic web server + SSL library is around 60-70kB and is configurable for features or size.\n\n!!__Compilation__\n\nAll platforms require GNU make. This means on Win32 that Cygwin needs to be installed with &quot;make&quot; and various developer options selected.\n\nConfiguration now uses a tool called &quot;mconf&quot; which gives a nice way to configure options (similar to what is used in ~BusyBox and the Linux kernel).\n\nYou should be able to compile axTLS simply by extracting it, change into the extracted directory and typing:\n\n{{indent{{{{&gt;  make}}}\n\nSelect your platform type, save the configuration, exit, and then type &quot;make&quot; again.\n\nIf all goes well, you should end up with an executable called &quot;axhttpd&quot; (or axhttpd.exe) in the //_stage// directory.\n\nTo play with all the various axTLS options, type:\n\n{{indent{{{{&gt;  make menuconfig}}}\n\nSave the new configuration and rebuild.\n\n!!__Running it__\n\nTo run it, go to the //_stage// directory, and type (as superuser):\n\n{{indent{{{{&gt; axhttpd}}}\n\nNote: you may have to set your ~LD_LIBRARY_PATH - e.g. go to //_stage// and type //export ~LD_LIBRARY_PATH=`pwd`//\n\nAnd then point your browser at https://127.0.0.1 And you should see a this html page with a padlock appearing on your browser. or type http://127.0.0.1 to see the same page unencrypted.\n\n!!__The axssl utilities__\n\nThe axssl suite of tools are the SSL test tools in the various language bindings. They are:\n\n* axssl              - C sample\n* axssl.csharp    - C# sample\n* axssl.vbnet      - VB.NET sample\n* axtls.jar           - Java sample\n* axssl.pl           - Perl sample\n* axssl.lua         - Lua sample\n\nAll the tools have identical command-line parameters. e.g. to run something interesting:\n\n{{indent{{{{&gt; axssl s_server -verify -CAfile ../ssl/test/axTLS.ca_x509}}}\n\nand\n\n{{indent{{{{&gt; axssl s_client -cert ../ssl/test/axTLS.x509_1024 -key ../ssl/test/axTLS.key_1024 -reconnect}}}\n\n!!!!C#\n\nIf building under Linux or other non-Win32 platforms, Mono must be installed and the executable is run as:\n\n{{indent{{{{&gt; mono axssl.csharp.exe ...}}}\n\n!!!!Java\n\nThe java version is run as:\n\n{{indent{{{{&gt; java -jar axtls.jar &lt;options&gt;}}}\n\n!!!!Perl\n\n{{indent{{{{&gt; [perl] ./axssl.pl &lt;options&gt;}}}\n\nIf running under Win32, be sure to use the correct version of Perl (i.e. ~ActiveState's version works ok).\n\n!!!!Lua\n\n{{indent{{{{&gt; [lua] ./axssl.lua &lt;options&gt;}}}\n\n!__Known Issues__\n\n* Firefox doesn't handle legacy ~SSLv2 at all well. Disabling ~SSLv2 still initiates a ~SSLv23 handshake (v1.5). And continuous pressing of the &quot;Reload&quot; page instigates a change to ~SSLv3 for some reason (even though the TLS 1.0 option is selected). This will cause a &quot;Firefox and &lt;server&gt; cannot communicate securely because they have no common encryption algorithms&quot; (v1.5), or &quot;Firefox can't connect to &lt;server&gt; because the site uses a security protocol which isn't enabled&quot; (v2.0). See bugzilla issues 343543 and 359484 (Comment #7). It's all broken (hopefully fixed soon).\n* Perl/Java bindings don't work on 64 bit Linux machines. I can't even compile the latest version of Perl on an ~AMD64 box (using ~FC3).\n* Java 1.4 or better is required for the Java interfaces.\n* Processes that fork can't use session resumption unless some form of IPC is used.\n* Ensure libperl.so and libaxtls.so are in the shared library path when running with the perl bindings. A way to do this is with:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=`perl -e 'use Config; print $Config{archlib};'`/CORE:.}}}\n* The lua sample requires the luabit library from http://luaforge.net/projects/bit.\n\n!!!!Win32 issues\n\n* Be careful about doing .NET executions on network drives - .NET complains with security exceptions on the binary. //TODO: Add a manifest file to prevent this.//\n* CGI has been removed from Win32 - it needs a lot more work to get it right.\n* The default Microsoft .NET SDK is v2.0.50727. Download from: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx.\n\n!!!!Solaris issues\n\n* mconf doesn't work well - some manual tweaking is required for string values.\n* GNU make is required and needs to be in $PATH.\n* To get swig's library dependencies to work (and for the C library to be found), I needed to type:\n\n{{indent{{{{&gt; export LD_LIBRARY_PATH=/usr/local/gcc-3.3.1/lib:.}}}\n\n!!!!Cygwin issues\n\n* The bindings all compile but don't run under Cygwin with the exception of Perl. This is due to win32 executables being incompatible with Cygwin libraries.\n\n</div>
+<div tiddler="SiteSubtitle" modifier="axTLS" modified="200702240025" created="200702240025" tags="">changes, notes and errata</div>
+<div tiddler="SiteTitle" modifier="axTLS" modified="200702240023" created="200702240023" tags="">axTLS Embedded SSL</div>
+<div tiddler="SiteUrl" modifier="axTLS" modified="200702240025" created="200702240025" tags="">http://axtls.cerocclub.com.au</div>
+<div tiddler="StyleSheet" modifier="axTLS" modified="200702250600" created="200701122350" tags="DevFireTheme">/***\nhttp://tiddlystyles.com/#theme:DevFire\nAuthor: Clint Checketts\n***/\n\n/*{{{*/\nbody {\nbackground: #000;\n}\n/*}}}*/\n/***\n!Link styles /% ============================================================= %/\n***/\n/*{{{*/\na,\na.button,\n#mainMenu a.button,\n#sidebarOptions .sliderPanel a{\n color: #ffbf00;\n border: 0;\n background: transparent;\n}\n\na:hover,\na.button:hover,\n#mainMenu a.button:hover,\n#sidebarOptions .sliderPanel a:hover\n#sidebarOptions .sliderPanel a:active{\n color: #ff7f00;\n border: 0;\n border-bottom: #ff7f00 1px dashed;\n background: transparent;\n text-decoration: none;\n}\n\n#displayArea .button.highlight{\n color: #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Header styles /% ============================================================= %/\n***/\n/*{{{*/\n.header{\n border-bottom: 2px solid #ffbf00;\n color: #fff;\n}\n\n.headerForeground a {\n color: #fff;\n}\n\n.header a:hover {\n border-bottom: 1px dashed #fff;\n}\n/*}}}*/\n/***\n!Main menu styles /% ============================================================= %/\n***/\n/*{{{*/\n#mainMenu {color: #fff;}\n#mainMenu h1{\n font-size: 1.1em;\n}\n#mainMenu li,#mainMenu ul{\n list-style: none;\n margin: 0;\n padding: 0;\n}\n/*}}}*/\n/***\n!Sidebar styles /% ============================================================= %/\n***/\n/*{{{*/\n#sidebar {\n right: 0;\n color: #fff;\n border: 2px solid #ffbf00;\n border-width: 0 0 2px 2px;\n}\n#sidebarOptions {\n background-color: #4c4c4c;\n padding: 0;\n}\n\n#sidebarOptions a{\n margin: 0;\n color: #ffbf00;\n border: 0;\n}\n#sidebarOptions a:hover {\n color: #4c4c4c;\n background-color: #ffbf00;\n\n}\n\n#sidebarOptions a:active {\n color: #ffbf00;\n background-color: transparent;\n}\n\n#sidebarOptions .sliderPanel {\n background-color: #333;\n margin: 0;\n}\n\n#sidebarTabs {background-color: #4c4c4c;}\n#sidebarTabs .tabSelected {\n padding: 3px 3px;\n cursor: default;\n color: #ffbf00;\n background-color: #666;\n}\n#sidebarTabs .tabUnselected {\n color: #ffbf00;\n background-color: #5f5f5f;\n padding: 0 4px;\n}\n\n#sidebarTabs .tabUnselected:hover,\n#sidebarTabs .tabContents {\n background-color: #666;\n}\n\n.listTitle{color: #FFF;}\n#sidebarTabs .tabContents a{\n color: #ffbf00;\n}\n\n#sidebarTabs .tabContents a:hover{\n color: #ff7f00;\n background: transparent;\n}\n\n#sidebarTabs .txtMoreTab .tabSelected,\n#sidebarTabs .txtMoreTab .tab:hover,\n#sidebarTabs .txtMoreTab .tabContents{\n color: #ffbf00;\n background: #4c4c4c;\n}\n\n#sidebarTabs .txtMoreTab .tabUnselected {\n color: #ffbf00;\n background: #5f5f5f;\n}\n\n.tab.tabSelected, .tab.tabSelected:hover{color: #ffbf00; border: 0; background-color: #4c4c4c;cursor:default;}\n.tab.tabUnselected {background-color: #666;}\n.tab.tabUnselected:hover{color:#ffbf00; border: 0;background-color: #4c4c4c;}\n.tabContents {\n background-color: #4c4c4c;\n border: 0;\n}\n.tabContents .tabContents{background: #666;}\n.tabContents .tabSelected{background: #666;}\n.tabContents .tabUnselected{background: #5f5f5f;}\n.tabContents .tab:hover{background: #666;}\n/*}}}*/\n/***\n!Message area styles /% ============================================================= %/\n***/\n/*{{{*/\n#messageArea {background-color: #666; color: #fff; border: 2px solid #ffbf00;}\n#messageArea a:link, #messageArea a:visited {color: #ffbf00; text-decoration:none;}\n#messageArea a:hover {color: #ff7f00;}\n#messageArea a:active {color: #ff7f00;}\n#messageArea .messageToolbar a{\n border: 1px solid #ffbf00;\n background: #4c4c4c;\n}\n/*}}}*/\n/***\n!Popup styles /% ============================================================= %/\n***/\n/*{{{*/\n.popup {color: #fff; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n.popup li.disabled{color: #fff;}\n.popup a {color: #ffbf00; }\n.popup a:hover { background: transparent; color: #ff7f00; border: 0;}\n.popup hr {color: #ffbf00; background: #ffbf00;}\n/*}}}*/\n/***\n!Tiddler Display styles /% ============================================================= %/\n***/\n/*{{{*/\n.title{color: #fff;}\nh1, h2, h3, h4, h5 {\n color: #fff;\n background-color: transparent;\n border-bottom: 1px solid #333;\n}\n\n.subtitle{\n color: #666;\n}\n\n.viewer {color: #fff; }\n\n.viewer table{background: #666; color: #fff;}\n\n.viewer th {background-color: #996; color: #fff;}\n\n.viewer pre, .viewer code {color: #ddd; background-color: #4c4c4c; border: 1px solid #ffbf00;}\n\n.viewer hr {color: #666;}\n\n.tiddler .button {color: #4c4c4c;}\n.tiddler .button:hover { color: #ffbf00; background-color: #4c4c4c;}\n.tiddler .button:active {color: #ffbf00; background-color: #4c4c4c;}\n\n.toolbar {\n color: #4c4c4c;\n}\n\n.toolbar a.button,\n.toolbar a.button:hover,\n.toolbar a.button:active,\n.editorFooter a{\n border: 0;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.highlight, .marked {\n color: #000;\n background-color: #ffe72f;\n}\n.editorFooter {\n color: #aaa;\n}\n\n.tab{\n-moz-border-radius-topleft: 3px;\n-moz-border-radius-topright: 3px;\n}\n\n.tagging,\n.tagged{\n background: #4c4c4c;\n border: 1px solid #4c4c4c; \n}\n\n.selected .tagging,\n.selected .tagged{\n background-color: #333;\n border: 1px solid #ffbf00;\n}\n\n.tagging .listTitle,\n.tagged .listTitle{\n color: #fff;\n}\n\n.tagging .button,\n.tagged .button{\n color: #ffbf00;\n border: 0;\n padding: 0;\n}\n\n.tagging .button:hover,\n.tagged .button:hover{\nbackground: transparent;\n}\n\n.selected .isTag .tagging.simple,\n.selected .tagged.simple,\n.isTag .tagging.simple,\n.tagged.simple {\n float: none;\n display: inline;\n border: 0;\n background: transparent;\n color: #fff;\n margin: 0;\n}\n\n.cascade {\n background: #4c4c4c;\n color: #ddd;\n border: 1px solid #ffbf00;\n}\n/*}}}*/</div>
+<div tiddler="axhttpd" modifier="axTLS" modified="201106241105" created="200702242231" tags="">axhttpd is a small embedded web server using the axTLS library. It is based originally on the web server written by Doug Currie which is at http://www.hcsw.org/awhttpd.\n\n!@@bgcolor(#ff0000):color(#ffffff):axhttpd Features@@ \n\n!!__Basic Authentication__\n\nBasic Authentication uses a password file called  &quot;.htpasswd&quot;, in the directory to be  protected. This file is formatted as the familiar colon-separated username/encrypted-password pair, records delimited by newlines. The protection does not carry over to subdirectories. The utility program htpasswd is included to help manually edit .htpasswd files.\n\nThe encryption of this password uses a proprietary algorithm due to the dependency of many crypt libraries on DES. An example is in [[/test_dir/no_http|https://localhost/test_dir/no_http]]  (username 'abcd', password is '1234').\n\n//Note: This is an mconf enabled configuration option.//\n\n!!__SSL Protection__\n\nDirectories/files can be accessed using the 'http' or 'https' uri prefix. If normal http access for a directory needs to be disabled, then put &quot;~SSLRequireSSL&quot; into a '.htaccess' file in the directory to be protected. \n\nConversely, use &quot;~SSLDenySSL&quot; to deny access to directories via SSL.\n\nAn example is in [[/test_dir/no_http|http://localhost/test_dir/no_http]] and [[/test_dir/no_ssl|https://localhost/test_dir/no_ssl]].\n\nEntire directories can be denied access with a &quot;Deny all&quot; directive (regardless of SSL or authentication). An example is in [[/test_dir/bin|http://localhost/test_dir/bin]]\n\n!!__CGI__\n\nMost of the CGI 1.1 variables are now placed into the script environment and should work as normal.\n\n!!__Lua and Lua Pages__\n\nThis is a small scripting language gaining popularity in embedded applications due to its small footprint and fast speed.\n\nLua has been incorporated into the build, so simply select it and it will automatically install. Try pointing your browser at [[test_main.html|http://localhost/lua/test_main.html]] to see an example of Lua Pages.\n\n//Note: This is an mconf enabled configuration option.//\n\nThe readline development library may have to be downloaded: //yum install readline-devel//\n\n!!__Directory Listing__\n\nAn mconf option. Allow the files in directories to be displayed. An example is in [[/test_dir|http://localhost/test_dir]]\n\n!!__Other Features__\n\n* Timeout - HTTP 1.1 allows for persistent connections. This is the time allowed for this connection in seconds.\n* Daemon - Puts the process in daemon mode. \n* SSL  session cache size - The size of the session cache (a heavily loaded server should maintain many sessions). A session will save on expensive SSL handshaking.\n\n</div>
+</div>
+<!--POST-BODY-START-->
+
+<!--POST-BODY-END-->
+    </body>
+</html>